Skip to content
/ memoryscanner Public

libyara self-process memory scanner DLL (sample)

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

pyperanger/memoryscanner

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits

.gitignore

.gitignore

 
 

Output.PNG

Output.PNG

 
 

README.md

README.md

 
 

dllmain.cpp

dllmain.cpp

 
 

framework.h

framework.h

 
 

memoryscanner.sln

memoryscanner.sln

 
 

memoryscanner.vcxproj

memoryscanner.vcxproj

 
 

memoryscanner.vcxproj.filters

memoryscanner.vcxproj.filters

 
 

pch.cpp

pch.cpp

 
 

pch.h

pch.h

 
 

Repository files navigation

Example project that serves as a proof of concept of a DLL that can scan the process that loaded it with Yara rules(libyara), without generating redundant false positives. It is worth mentioning that in the current version STACK/HEAP regions are not analyzed (but you can add this whenever you want by changing line #125(entrypoint anddress) to zero.

This can be useful for process protection projects that are targets of changes in memory region (in runtime, ex: cheat, stealers, mods, etc) of libraries or starting from binary base anddress. In this example code, I put a code block that inside the DLL that inject the malicious ascii string in the process with VirtualProtectEx and WriteProcessMemory.

To run this sample you just need to load the DLL with LoadLibrary call and the scanner will start immediate in another thread.

HINSTANCE hProc = LoadLibrary(".\\memoryscanner.dll");

About

libyara self-process memory scanner DLL (sample)

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages