diff --git a/DD.Plugin.CheckHeapMemory/DD.Plugin.CheckHeapMemory.vcxproj b/DD.Plugin.CheckHeapMemory/DD.Plugin.CheckHeapMemory.vcxproj
index cabb2b2..bbd4830 100644
--- a/DD.Plugin.CheckHeapMemory/DD.Plugin.CheckHeapMemory.vcxproj
+++ b/DD.Plugin.CheckHeapMemory/DD.Plugin.CheckHeapMemory.vcxproj
@@ -5,10 +5,18 @@
Debug
Win32
+
+ Debug
+ x64
+
Release
Win32
+
+ Release
+ x64
+
{F712449E-CD06-437F-9419-122EC5FDDE9E}
@@ -21,28 +29,51 @@
true
Unicode
+
+ DynamicLibrary
+ true
+ Unicode
+
DynamicLibrary
false
true
Unicode
+
+ DynamicLibrary
+ false
+ true
+ Unicode
+
+
+
+
+
+
+
true
+
+ true
+
false
+
+ false
+
@@ -50,6 +81,21 @@
Level3
Disabled
WIN32;_DEBUG;_WINDOWS;_USRDLL;DDPLUGINCHECKHEAPMEMORY_EXPORTS;%(PreprocessorDefinitions)
+ MultiThreadedDebugDLL
+
+
+ Windows
+ true
+
+
+
+
+
+
+ Level3
+ Disabled
+ WIN32;_DEBUG;_WINDOWS;_USRDLL;DDPLUGINCHECKHEAPMEMORY_EXPORTS;%(PreprocessorDefinitions)
+ MultiThreadedDebugDLL
Windows
@@ -65,6 +111,25 @@
true
true
WIN32;NDEBUG;_WINDOWS;_USRDLL;DDPLUGINCHECKHEAPMEMORY_EXPORTS;%(PreprocessorDefinitions)
+ MultiThreaded
+
+
+ Windows
+ true
+ true
+ true
+
+
+
+
+ Level3
+
+
+ MaxSpeed
+ true
+ true
+ WIN32;NDEBUG;_WINDOWS;_USRDLL;DDPLUGINCHECKHEAPMEMORY_EXPORTS;%(PreprocessorDefinitions)
+ MultiThreaded
Windows
diff --git a/DD.Plugin.CheckHeapMemory/DLLMain.cpp b/DD.Plugin.CheckHeapMemory/DLLMain.cpp
index 5812654..a06ccdd 100644
--- a/DD.Plugin.CheckHeapMemory/DLLMain.cpp
+++ b/DD.Plugin.CheckHeapMemory/DLLMain.cpp
@@ -9,9 +9,10 @@ __declspec(dllexport) TCHAR* __cdecl PluginName(void)
{
return L"CheckHeapMemory";
}
-__declspec(dllexport) TCHAR* __cdecl PluginVersion(void)
+
+__declspec(dllexport) char* __cdecl PluginVersion(void)
{
- return L"0.1";
+ return __DATE__;
}
__declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void)
@@ -28,40 +29,46 @@ __declspec(dllexport) DWORD __cdecl PluginDebugCheck(int iWinVer)
return -1;
}
- TCHAR *pHeapBuffer = (TCHAR*)HeapAlloc(hHeap,NULL,30),
- *sTemp = (TCHAR*)malloc(4 * sizeof(TCHAR)),
- *sTempCat = (TCHAR*)malloc(16 * sizeof(TCHAR));
+ TCHAR *pHeapBuffer = (TCHAR*)HeapAlloc(hHeap,NULL,30),
+ *sTemp = new TCHAR[4 * sizeof(TCHAR)], //(TCHAR*)malloc(4 * sizeof(TCHAR)),
+ *sTempCat = new TCHAR[20 * sizeof(TCHAR)]; //(TCHAR*)malloc(20 * sizeof(TCHAR));
if(pHeapBuffer == NULL || sTemp == NULL || sTempCat == NULL)
{
sErrorMessage = TEXT("HeapAlloc || malloc: failed to alloc memory");
return -1;
}
- bool bDebugged = false;
- int iHeapCount = 0,
- iHeapCatCount = 0;
+ bool bDebugged = false;
+ int iHeapCount = 0,
+ iHeapCatCount = 0;
- memset(sTempCat,0,16);
+ memset(sTempCat,0,20 * sizeof(TCHAR));
while(!bDebugged && iHeapCount <= 30)
{
- if(iHeapCatCount <= 4)
+ if(iHeapCatCount <= 5)
{
- wsprintf(sTemp,L"%04X",*(pHeapBuffer + iHeapCount));
- if(wcsstr(sTemp,L"ABAB") != NULL || wcsstr(sTemp,L"FEEE") != NULL)
+ swprintf_s(sTemp,4 * sizeof(TCHAR),L"%04X",*(pHeapBuffer + iHeapCount));
+ if(wcsstr(sTemp,L"ABAB") != NULL || wcsstr(sTemp,L"FEEE") != NULL || wcsstr(sTemp,L"FDFD") != NULL)
{
- wcscat(sTempCat,sTemp);
+ wcscat_s(sTempCat,20 * sizeof(TCHAR),sTemp);
iHeapCatCount++;
}
iHeapCount++;
}
else
{
- if(wcsstr(sTempCat,L"FEEEABABABABABABABAB") != NULL)
+ if(wcsstr(sTempCat,L"FDFDFDFDABABABABABABABAB") != NULL)
+ bDebugged = true;
+ else if(wcsstr(sTempCat,L"FEEEABABABABABABABABFEEE") != NULL)
bDebugged = true;
}
}
HeapFree(hHeap,NULL,pHeapBuffer);
+ delete [] sTemp;
+ delete [] sTempCat;
+ //free(sTemp);
+ //free(sTempCat);
HeapDestroy(hHeap);
if(bDebugged)
diff --git a/DD.Plugin.CheckHeapMemory/DLLMain.h b/DD.Plugin.CheckHeapMemory/DLLMain.h
index 35cb823..0dd85d2 100644
--- a/DD.Plugin.CheckHeapMemory/DLLMain.h
+++ b/DD.Plugin.CheckHeapMemory/DLLMain.h
@@ -1,11 +1,12 @@
#include
+#include
#ifdef __cplusplus
extern "C" {
#endif
__declspec(dllexport) TCHAR* __cdecl PluginName(void);
- __declspec(dllexport) TCHAR* __cdecl PluginVersion(void);
+ __declspec(dllexport) char* __cdecl PluginVersion(void);
__declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void);
__declspec(dllexport) DWORD __cdecl PluginDebugCheck(int iWinVer);
diff --git a/DD.Plugin.CheckRemoteDebuggerPresent/DD.Plugin.CheckRemoteDebuggerPresent.vcxproj b/DD.Plugin.CheckRemoteDebuggerPresent/DD.Plugin.CheckRemoteDebuggerPresent.vcxproj
index c98366b..6c34221 100644
--- a/DD.Plugin.CheckRemoteDebuggerPresent/DD.Plugin.CheckRemoteDebuggerPresent.vcxproj
+++ b/DD.Plugin.CheckRemoteDebuggerPresent/DD.Plugin.CheckRemoteDebuggerPresent.vcxproj
@@ -81,6 +81,7 @@
Level3
Disabled
WIN32;_DEBUG;_WINDOWS;_USRDLL;DDPLUGINCHECKREMOTEDEBUGGERPRESENT_EXPORTS;%(PreprocessorDefinitions)
+ MultiThreadedDebugDLL
Windows
diff --git a/DD.Plugin.CheckRemoteDebuggerPresent/DLLMain.cpp b/DD.Plugin.CheckRemoteDebuggerPresent/DLLMain.cpp
index d3fe1b2..c150d72 100644
--- a/DD.Plugin.CheckRemoteDebuggerPresent/DLLMain.cpp
+++ b/DD.Plugin.CheckRemoteDebuggerPresent/DLLMain.cpp
@@ -9,9 +9,9 @@ __declspec(dllexport) TCHAR* __cdecl PluginName(void)
{
return L"CheckRemoteDebuggerPresent";
}
-__declspec(dllexport) TCHAR* __cdecl PluginVersion(void)
+__declspec(dllexport) char* __cdecl PluginVersion(void)
{
- return L"0.1";
+ return __DATE__;
}
__declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void)
diff --git a/DD.Plugin.CheckRemoteDebuggerPresent/DLLMain.h b/DD.Plugin.CheckRemoteDebuggerPresent/DLLMain.h
index 35cb823..c40700a 100644
--- a/DD.Plugin.CheckRemoteDebuggerPresent/DLLMain.h
+++ b/DD.Plugin.CheckRemoteDebuggerPresent/DLLMain.h
@@ -5,7 +5,7 @@ extern "C" {
#endif
__declspec(dllexport) TCHAR* __cdecl PluginName(void);
- __declspec(dllexport) TCHAR* __cdecl PluginVersion(void);
+ __declspec(dllexport) char* __cdecl PluginVersion(void);
__declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void);
__declspec(dllexport) DWORD __cdecl PluginDebugCheck(int iWinVer);
diff --git a/DD.Plugin.DebugObject/DD.Plugin.DebugObject.vcxproj b/DD.Plugin.DebugObject/DD.Plugin.DebugObject.vcxproj
index 3e91d51..104609c 100644
--- a/DD.Plugin.DebugObject/DD.Plugin.DebugObject.vcxproj
+++ b/DD.Plugin.DebugObject/DD.Plugin.DebugObject.vcxproj
@@ -81,6 +81,7 @@
Level3
Disabled
WIN32;_DEBUG;_WINDOWS;_USRDLL;DDPLUGINDEBUGOBJECT_EXPORTS;%(PreprocessorDefinitions)
+ MultiThreadedDebugDLL
Windows
diff --git a/DD.Plugin.DebugObject/DLLMain.cpp b/DD.Plugin.DebugObject/DLLMain.cpp
index b390ab9..171f9d2 100644
--- a/DD.Plugin.DebugObject/DLLMain.cpp
+++ b/DD.Plugin.DebugObject/DLLMain.cpp
@@ -10,9 +10,9 @@ __declspec(dllexport) TCHAR* __cdecl PluginName(void)
return L"DebugObject";
}
-__declspec(dllexport) TCHAR* __cdecl PluginVersion(void)
+__declspec(dllexport) char* __cdecl PluginVersion(void)
{
- return L"0.1";
+ return __DATE__;
}
__declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void)
diff --git a/DD.Plugin.DebugObject/DLLMain.h b/DD.Plugin.DebugObject/DLLMain.h
index 35cb823..c40700a 100644
--- a/DD.Plugin.DebugObject/DLLMain.h
+++ b/DD.Plugin.DebugObject/DLLMain.h
@@ -5,7 +5,7 @@ extern "C" {
#endif
__declspec(dllexport) TCHAR* __cdecl PluginName(void);
- __declspec(dllexport) TCHAR* __cdecl PluginVersion(void);
+ __declspec(dllexport) char* __cdecl PluginVersion(void);
__declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void);
__declspec(dllexport) DWORD __cdecl PluginDebugCheck(int iWinVer);
diff --git a/DD.Plugin.FindBadDrivers/DD.Plugin.FindBadDrivers.vcxproj b/DD.Plugin.FindBadDrivers/DD.Plugin.FindBadDrivers.vcxproj
index dad88c5..49c86e6 100644
--- a/DD.Plugin.FindBadDrivers/DD.Plugin.FindBadDrivers.vcxproj
+++ b/DD.Plugin.FindBadDrivers/DD.Plugin.FindBadDrivers.vcxproj
@@ -81,6 +81,7 @@
Level3
Disabled
WIN32;_DEBUG;_WINDOWS;_USRDLL;DDPLUGINFINDBADDRIVERS_EXPORTS;%(PreprocessorDefinitions)
+ MultiThreadedDebugDLL
Windows
diff --git a/DD.Plugin.FindBadDrivers/DLLMain.cpp b/DD.Plugin.FindBadDrivers/DLLMain.cpp
index e998baa..7240b2f 100644
--- a/DD.Plugin.FindBadDrivers/DLLMain.cpp
+++ b/DD.Plugin.FindBadDrivers/DLLMain.cpp
@@ -10,9 +10,9 @@ __declspec(dllexport) TCHAR* __cdecl PluginName(void)
return L"BadDriversList";
}
-__declspec(dllexport) TCHAR* __cdecl PluginVersion(void)
+__declspec(dllexport) char* __cdecl PluginVersion(void)
{
- return L"0.1";
+ return __DATE__;
}
__declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void)
diff --git a/DD.Plugin.FindBadDrivers/DLLMain.h b/DD.Plugin.FindBadDrivers/DLLMain.h
index 59c92cb..b66189b 100644
--- a/DD.Plugin.FindBadDrivers/DLLMain.h
+++ b/DD.Plugin.FindBadDrivers/DLLMain.h
@@ -9,7 +9,7 @@ extern "C" {
#endif
__declspec(dllexport) TCHAR* __cdecl PluginName(void);
- __declspec(dllexport) TCHAR* __cdecl PluginVersion(void);
+ __declspec(dllexport) char* __cdecl PluginVersion(void);
__declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void);
__declspec(dllexport) DWORD __cdecl PluginDebugCheck(int iWinVer);
diff --git a/DD.Plugin.FindBadProcesses/DD.Plugin.FindBadProcesses.vcxproj b/DD.Plugin.FindBadProcesses/DD.Plugin.FindBadProcesses.vcxproj
index 870d06f..1c53f38 100644
--- a/DD.Plugin.FindBadProcesses/DD.Plugin.FindBadProcesses.vcxproj
+++ b/DD.Plugin.FindBadProcesses/DD.Plugin.FindBadProcesses.vcxproj
@@ -81,6 +81,7 @@
Level3
Disabled
WIN32;_DEBUG;_WINDOWS;_USRDLL;DDPLUGINFINDBADPROCESSES_EXPORTS;%(PreprocessorDefinitions)
+ MultiThreadedDebugDLL
Windows
diff --git a/DD.Plugin.FindBadProcesses/DLLMain.cpp b/DD.Plugin.FindBadProcesses/DLLMain.cpp
index 482210e..a1964e6 100644
--- a/DD.Plugin.FindBadProcesses/DLLMain.cpp
+++ b/DD.Plugin.FindBadProcesses/DLLMain.cpp
@@ -10,9 +10,9 @@ __declspec(dllexport) TCHAR* __cdecl PluginName(void)
return L"BadProcessList";
}
-__declspec(dllexport) TCHAR* __cdecl PluginVersion(void)
+__declspec(dllexport) char* __cdecl PluginVersion(void)
{
- return L"0.1";
+ return __DATE__;
}
__declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void)
@@ -28,6 +28,7 @@ __declspec(dllexport) DWORD __cdecl PluginDebugCheck(int iWinVer)
vProcList.push_back(L"windbg.exe");
vProcList.push_back(L"devenv.exe");
vProcList.push_back(L"ImmunityDebugger.exe");
+ vProcList.push_back(L"idaq.exe");
HANDLE hProcessSnap = NULL,hProc = NULL;
PROCESSENTRY32W pe32w;
diff --git a/DD.Plugin.FindBadProcesses/DLLMain.h b/DD.Plugin.FindBadProcesses/DLLMain.h
index 2497b62..0633bdf 100644
--- a/DD.Plugin.FindBadProcesses/DLLMain.h
+++ b/DD.Plugin.FindBadProcesses/DLLMain.h
@@ -9,7 +9,7 @@ extern "C" {
#endif
__declspec(dllexport) TCHAR* __cdecl PluginName(void);
- __declspec(dllexport) TCHAR* __cdecl PluginVersion(void);
+ __declspec(dllexport) char* __cdecl PluginVersion(void);
__declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void);
__declspec(dllexport) DWORD __cdecl PluginDebugCheck(int iWinVer);
diff --git a/DD.Plugin.FindBadWindows/DD.Plugin.FindBadWindows.vcxproj b/DD.Plugin.FindBadWindows/DD.Plugin.FindBadWindows.vcxproj
index 5ae0c8c..889a2d1 100644
--- a/DD.Plugin.FindBadWindows/DD.Plugin.FindBadWindows.vcxproj
+++ b/DD.Plugin.FindBadWindows/DD.Plugin.FindBadWindows.vcxproj
@@ -81,6 +81,7 @@
Level3
Disabled
WIN32;_DEBUG;_WINDOWS;_USRDLL;DDPLUGINFINDBADWINDOWS_EXPORTS;%(PreprocessorDefinitions)
+ MultiThreadedDebugDLL
Windows
diff --git a/DD.Plugin.FindBadWindows/DLLMain.cpp b/DD.Plugin.FindBadWindows/DLLMain.cpp
index 14ebdd7..03f2a40 100644
--- a/DD.Plugin.FindBadWindows/DLLMain.cpp
+++ b/DD.Plugin.FindBadWindows/DLLMain.cpp
@@ -10,9 +10,9 @@ __declspec(dllexport) TCHAR* __cdecl PluginName(void)
return L"BadWindowsList";
}
-__declspec(dllexport) TCHAR* __cdecl PluginVersion(void)
+__declspec(dllexport) char* __cdecl PluginVersion(void)
{
- return L"0.1";
+ return __DATE__;
}
__declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void)
@@ -38,7 +38,7 @@ __declspec(dllexport) DWORD __cdecl PluginDebugCheck(int iWinVer)
BOOL CALLBACK EnumWindowsProc(HWND hwnd,LPARAM lParam)
{
vector vWindowList;
- TCHAR* sTitel = (TCHAR*)malloc(255);
+ TCHAR* sTitel = (TCHAR*)malloc(MAX_PATH);
bool* bDebugged = (bool*)lParam;
vWindowList.push_back(L"Immunity Debugger");
@@ -48,8 +48,9 @@ BOOL CALLBACK EnumWindowsProc(HWND hwnd,LPARAM lParam)
vWindowList.push_back(L"PhantOm");
vWindowList.push_back(L"o_O -");
vWindowList.push_back(L"Visual Studio");
+ vWindowList.push_back(L"WinDbgFrameClass");
- GetWindowText(hwnd,sTitel,255);
+ GetWindowText(hwnd,sTitel,MAX_PATH);
for(size_t i = 0;i < vWindowList.size(); i++)
{
diff --git a/DD.Plugin.FindBadWindows/DLLMain.h b/DD.Plugin.FindBadWindows/DLLMain.h
index bc892e8..83d73b5 100644
--- a/DD.Plugin.FindBadWindows/DLLMain.h
+++ b/DD.Plugin.FindBadWindows/DLLMain.h
@@ -8,7 +8,7 @@ extern "C" {
#endif
__declspec(dllexport) TCHAR* __cdecl PluginName(void);
- __declspec(dllexport) TCHAR* __cdecl PluginVersion(void);
+ __declspec(dllexport) char* __cdecl PluginVersion(void);
__declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void);
__declspec(dllexport) DWORD __cdecl PluginDebugCheck(int iWinVer);
diff --git a/DD.Plugin.HardwareBreakpoint/DD.Plugin.HardwareBreakpoint.vcxproj b/DD.Plugin.HardwareBreakpoint/DD.Plugin.HardwareBreakpoint.vcxproj
index 3e69c3b..f1f2fbc 100644
--- a/DD.Plugin.HardwareBreakpoint/DD.Plugin.HardwareBreakpoint.vcxproj
+++ b/DD.Plugin.HardwareBreakpoint/DD.Plugin.HardwareBreakpoint.vcxproj
@@ -81,6 +81,7 @@
Level3
Disabled
WIN32;_DEBUG;_WINDOWS;_USRDLL;DDPLUGINHARDWAREBREAKPOINT_EXPORTS;%(PreprocessorDefinitions)
+ MultiThreadedDebugDLL
Windows
diff --git a/DD.Plugin.HardwareBreakpoint/DLLMain.cpp b/DD.Plugin.HardwareBreakpoint/DLLMain.cpp
index 58ccfa0..619e014 100644
--- a/DD.Plugin.HardwareBreakpoint/DLLMain.cpp
+++ b/DD.Plugin.HardwareBreakpoint/DLLMain.cpp
@@ -10,9 +10,9 @@ __declspec(dllexport) TCHAR* __cdecl PluginName(void)
return L"Hardware Breakpoints";
}
-__declspec(dllexport) TCHAR* __cdecl PluginVersion(void)
+__declspec(dllexport) char* __cdecl PluginVersion(void)
{
- return L"0.1";
+ return __DATE__;
}
__declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void)
diff --git a/DD.Plugin.HardwareBreakpoint/DLLMain.h b/DD.Plugin.HardwareBreakpoint/DLLMain.h
index 35cb823..c40700a 100644
--- a/DD.Plugin.HardwareBreakpoint/DLLMain.h
+++ b/DD.Plugin.HardwareBreakpoint/DLLMain.h
@@ -5,7 +5,7 @@ extern "C" {
#endif
__declspec(dllexport) TCHAR* __cdecl PluginName(void);
- __declspec(dllexport) TCHAR* __cdecl PluginVersion(void);
+ __declspec(dllexport) char* __cdecl PluginVersion(void);
__declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void);
__declspec(dllexport) DWORD __cdecl PluginDebugCheck(int iWinVer);
diff --git a/DD.Plugin.IsDebuggerPresent/DD.Plugin.IsDebuggerPresent.vcxproj b/DD.Plugin.IsDebuggerPresent/DD.Plugin.IsDebuggerPresent.vcxproj
index 652c3a2..d4650cc 100644
--- a/DD.Plugin.IsDebuggerPresent/DD.Plugin.IsDebuggerPresent.vcxproj
+++ b/DD.Plugin.IsDebuggerPresent/DD.Plugin.IsDebuggerPresent.vcxproj
@@ -81,6 +81,7 @@
Level3
Disabled
WIN32;_DEBUG;_WINDOWS;_USRDLL;DDPLUGINISDEBUGGERPRESENT_EXPORTS;%(PreprocessorDefinitions)
+ MultiThreadedDebugDLL
Windows
diff --git a/DD.Plugin.IsDebuggerPresent/DLLMain.cpp b/DD.Plugin.IsDebuggerPresent/DLLMain.cpp
index 3a793de..ba7244f 100644
--- a/DD.Plugin.IsDebuggerPresent/DLLMain.cpp
+++ b/DD.Plugin.IsDebuggerPresent/DLLMain.cpp
@@ -10,9 +10,9 @@ __declspec(dllexport) TCHAR* __cdecl PluginName(void)
return L"IsDebuggerPresent";
}
-__declspec(dllexport) TCHAR* __cdecl PluginVersion(void)
+__declspec(dllexport) char* __cdecl PluginVersion(void)
{
- return L"0.1";
+ return __DATE__;
}
__declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void)
diff --git a/DD.Plugin.IsDebuggerPresent/DLLMain.h b/DD.Plugin.IsDebuggerPresent/DLLMain.h
index 35cb823..c40700a 100644
--- a/DD.Plugin.IsDebuggerPresent/DLLMain.h
+++ b/DD.Plugin.IsDebuggerPresent/DLLMain.h
@@ -5,7 +5,7 @@ extern "C" {
#endif
__declspec(dllexport) TCHAR* __cdecl PluginName(void);
- __declspec(dllexport) TCHAR* __cdecl PluginVersion(void);
+ __declspec(dllexport) char* __cdecl PluginVersion(void);
__declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void);
__declspec(dllexport) DWORD __cdecl PluginDebugCheck(int iWinVer);
diff --git a/DD.Plugin.MemoryBreakpoint/DD.Plugin.MemoryBreakpoint.vcxproj b/DD.Plugin.MemoryBreakpoint/DD.Plugin.MemoryBreakpoint.vcxproj
index a3a11a8..c861d28 100644
--- a/DD.Plugin.MemoryBreakpoint/DD.Plugin.MemoryBreakpoint.vcxproj
+++ b/DD.Plugin.MemoryBreakpoint/DD.Plugin.MemoryBreakpoint.vcxproj
@@ -81,6 +81,7 @@
Level3
Disabled
WIN32;_DEBUG;_WINDOWS;_USRDLL;DDPLUGINMEMORYBREAKPOINT_EXPORTS;%(PreprocessorDefinitions)
+ MultiThreadedDebugDLL
Windows
diff --git a/DD.Plugin.MemoryBreakpoint/DLLMain.cpp b/DD.Plugin.MemoryBreakpoint/DLLMain.cpp
index 033c351..4f8b4f6 100644
--- a/DD.Plugin.MemoryBreakpoint/DLLMain.cpp
+++ b/DD.Plugin.MemoryBreakpoint/DLLMain.cpp
@@ -10,9 +10,9 @@ __declspec(dllexport) TCHAR* __cdecl PluginName(void)
return L"PageGuard Check";
}
-__declspec(dllexport) TCHAR* __cdecl PluginVersion(void)
+__declspec(dllexport) char* __cdecl PluginVersion(void)
{
- return L"0.1";
+ return __DATE__;
}
__declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void)
diff --git a/DD.Plugin.MemoryBreakpoint/DLLMain.h b/DD.Plugin.MemoryBreakpoint/DLLMain.h
index 35cb823..c40700a 100644
--- a/DD.Plugin.MemoryBreakpoint/DLLMain.h
+++ b/DD.Plugin.MemoryBreakpoint/DLLMain.h
@@ -5,7 +5,7 @@ extern "C" {
#endif
__declspec(dllexport) TCHAR* __cdecl PluginName(void);
- __declspec(dllexport) TCHAR* __cdecl PluginVersion(void);
+ __declspec(dllexport) char* __cdecl PluginVersion(void);
__declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void);
__declspec(dllexport) DWORD __cdecl PluginDebugCheck(int iWinVer);
diff --git a/DD.Plugin.NTQuerySystemInformation/DD.Plugin.NTQuerySystemInformation.vcxproj b/DD.Plugin.NTQuerySystemInformation/DD.Plugin.NTQuerySystemInformation.vcxproj
new file mode 100644
index 0000000..8a8b607
--- /dev/null
+++ b/DD.Plugin.NTQuerySystemInformation/DD.Plugin.NTQuerySystemInformation.vcxproj
@@ -0,0 +1,150 @@
+
+
+
+
+ Debug
+ Win32
+
+
+ Debug
+ x64
+
+
+ Release
+ Win32
+
+
+ Release
+ x64
+
+
+
+
+
+
+
+
+
+ {67BD4A1D-F977-40A0-A897-177F181D4528}
+ Win32Proj
+ DDPluginNTQuerySystemInformation
+
+
+
+ DynamicLibrary
+ true
+ Unicode
+
+
+ DynamicLibrary
+ true
+ Unicode
+
+
+ DynamicLibrary
+ false
+ true
+ Unicode
+
+
+ DynamicLibrary
+ false
+ true
+ Unicode
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ true
+
+
+ true
+
+
+ false
+
+
+ false
+
+
+
+
+
+ Level3
+ Disabled
+ WIN32;_DEBUG;_WINDOWS;_USRDLL;DDPLUGINNTQUERYSYSTEMINFORMATION_EXPORTS;%(PreprocessorDefinitions)
+ MultiThreadedDebugDLL
+
+
+ Windows
+ true
+
+
+
+
+
+
+ Level3
+ Disabled
+ WIN32;_DEBUG;_WINDOWS;_USRDLL;DDPLUGINNTQUERYSYSTEMINFORMATION_EXPORTS;%(PreprocessorDefinitions)
+ MultiThreadedDebugDLL
+
+
+ Windows
+ true
+
+
+
+
+ Level3
+
+
+ MaxSpeed
+ true
+ true
+ WIN32;NDEBUG;_WINDOWS;_USRDLL;DDPLUGINNTQUERYSYSTEMINFORMATION_EXPORTS;%(PreprocessorDefinitions)
+ MultiThreaded
+
+
+ Windows
+ true
+ true
+ true
+
+
+
+
+ Level3
+
+
+ MaxSpeed
+ true
+ true
+ WIN32;NDEBUG;_WINDOWS;_USRDLL;DDPLUGINNTQUERYSYSTEMINFORMATION_EXPORTS;%(PreprocessorDefinitions)
+ MultiThreaded
+
+
+ Windows
+ true
+ true
+ true
+
+
+
+
+
+
\ No newline at end of file
diff --git a/DD.Plugin.NTQuerySystemInformation/DD.Plugin.NTQuerySystemInformation.vcxproj.filters b/DD.Plugin.NTQuerySystemInformation/DD.Plugin.NTQuerySystemInformation.vcxproj.filters
new file mode 100644
index 0000000..f980685
--- /dev/null
+++ b/DD.Plugin.NTQuerySystemInformation/DD.Plugin.NTQuerySystemInformation.vcxproj.filters
@@ -0,0 +1,27 @@
+
+
+
+
+ {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
+ cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
+
+
+ {93995380-89BD-4b04-88EB-625FBE52EBFB}
+ h;hpp;hxx;hm;inl;inc;xsd
+
+
+ {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
+ rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
+
+
+
+
+ Headerdateien
+
+
+
+
+ Quelldateien
+
+
+
\ No newline at end of file
diff --git a/DD.Plugin.NTQuerySystemInformation/DLLMain.cpp b/DD.Plugin.NTQuerySystemInformation/DLLMain.cpp
new file mode 100644
index 0000000..681da7c
--- /dev/null
+++ b/DD.Plugin.NTQuerySystemInformation/DLLMain.cpp
@@ -0,0 +1,69 @@
+#include "DLLMain.h"
+
+BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason,LPVOID lpvReserved)
+{
+ return true;
+}
+
+__declspec(dllexport) TCHAR* __cdecl PluginName(void)
+{
+ return L"NtQuerySystemInformation";
+}
+
+__declspec(dllexport) char* __cdecl PluginVersion(void)
+{
+ return __DATE__;
+}
+
+__declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void)
+{
+ return sErrorMessage;
+}
+
+__declspec(dllexport) DWORD __cdecl PluginDebugCheck(int iWinVer)
+{
+ if(iWinVer >= 0 && iWinVer < 2)
+ {
+ typedef NTSTATUS (WINAPI *pNtQuerySystemInformation)(ULONG, PVOID, ULONG, PULONG);
+
+ typedef struct _SYSTEM_KERNEL_DEBUGGER_INFORMATION
+ {
+ bool DebuggerEnabled;
+ bool DebuggerNotPresent;
+ } SYSTEM_KERNEL_DEBUGGER_INFORMATION, *PSYSTEM_KERNEL_DEBUGGER_INFORMATION;
+
+ NTSTATUS Status = 0;
+ SYSTEM_KERNEL_DEBUGGER_INFORMATION DebuggerInfo;
+
+ HMODULE hNTDLL = GetModuleHandle(L"ntdll.dll");
+ if(hNTDLL == INVALID_HANDLE_VALUE)
+ {
+ sErrorMessage = TEXT("Failed to load ntdll");
+ return -1;
+ }
+
+ pNtQuerySystemInformation NtQSI = (pNtQuerySystemInformation)GetProcAddress(hNTDLL,"NtQuerySystemInformation");
+ if(NtQSI == NULL)
+ {
+ sErrorMessage = TEXT("Failed to load NtQuerySystemInformation");
+ return -1;
+ }
+
+ Status = NtQSI(0x23,(PVOID)&DebuggerInfo,sizeof(DebuggerInfo),NULL);
+ if (Status != 0x00000000)
+ {
+ sErrorMessage = TEXT("Error in NtQuerySystemInformation");
+ return -1;
+ }
+
+ if(DebuggerInfo.DebuggerNotPresent == false || DebuggerInfo.DebuggerEnabled == true)
+ return 1;
+ else
+ return 0;
+ }
+ else
+ {
+ sErrorMessage = TEXT("Only <= WinXP");
+ return -1;
+ }
+}
\ No newline at end of file
diff --git a/DD.Plugin.NTQuerySystemInformation/DLLMain.h b/DD.Plugin.NTQuerySystemInformation/DLLMain.h
new file mode 100644
index 0000000..c40700a
--- /dev/null
+++ b/DD.Plugin.NTQuerySystemInformation/DLLMain.h
@@ -0,0 +1,16 @@
+#include
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+ __declspec(dllexport) TCHAR* __cdecl PluginName(void);
+ __declspec(dllexport) char* __cdecl PluginVersion(void);
+ __declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void);
+ __declspec(dllexport) DWORD __cdecl PluginDebugCheck(int iWinVer);
+
+#ifdef __cplusplus
+}
+#endif
+
+TCHAR* sErrorMessage;
\ No newline at end of file
diff --git a/DD.Plugin.NTYieldExecution/DD.Plugin.NTYieldExecution.vcxproj b/DD.Plugin.NTYieldExecution/DD.Plugin.NTYieldExecution.vcxproj
index 3a707e5..cf689e6 100644
--- a/DD.Plugin.NTYieldExecution/DD.Plugin.NTYieldExecution.vcxproj
+++ b/DD.Plugin.NTYieldExecution/DD.Plugin.NTYieldExecution.vcxproj
@@ -66,6 +66,7 @@
Level3
Disabled
+ MultiThreadedDebugDLL
true
diff --git a/DD.Plugin.NTYieldExecution/DLLMain.cpp b/DD.Plugin.NTYieldExecution/DLLMain.cpp
index e29f84e..d89eb6f 100644
--- a/DD.Plugin.NTYieldExecution/DLLMain.cpp
+++ b/DD.Plugin.NTYieldExecution/DLLMain.cpp
@@ -10,9 +10,9 @@ __declspec(dllexport) TCHAR* __cdecl PluginName(void)
return L"NtYieldExecution";
}
-__declspec(dllexport) TCHAR* __cdecl PluginVersion(void)
+__declspec(dllexport) char* __cdecl PluginVersion(void)
{
- return L"0.1";
+ return __DATE__;
}
__declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void)
diff --git a/DD.Plugin.NTYieldExecution/DLLMain.h b/DD.Plugin.NTYieldExecution/DLLMain.h
index 22db708..5813ec4 100644
--- a/DD.Plugin.NTYieldExecution/DLLMain.h
+++ b/DD.Plugin.NTYieldExecution/DLLMain.h
@@ -7,7 +7,7 @@ extern "C" {
#endif
__declspec(dllexport) TCHAR* __cdecl PluginName(void);
- __declspec(dllexport) TCHAR* __cdecl PluginVersion(void);
+ __declspec(dllexport) char* __cdecl PluginVersion(void);
__declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void);
__declspec(dllexport) DWORD __cdecl PluginDebugCheck(int iWinVer);
diff --git a/DD.Plugin.NtSetDebugFilterState/DD.Plugin.NtSetDebugFilterState.vcxproj b/DD.Plugin.NtSetDebugFilterState/DD.Plugin.NtSetDebugFilterState.vcxproj
new file mode 100644
index 0000000..71c1e54
--- /dev/null
+++ b/DD.Plugin.NtSetDebugFilterState/DD.Plugin.NtSetDebugFilterState.vcxproj
@@ -0,0 +1,150 @@
+
+
+
+
+ Debug
+ Win32
+
+
+ Debug
+ x64
+
+
+ Release
+ Win32
+
+
+ Release
+ x64
+
+
+
+ {B094B4EA-8DB0-4C43-BFA0-BA588C1039AF}
+ Win32Proj
+ DDPluginNtSetDebugFilterState
+
+
+
+ DynamicLibrary
+ true
+ Unicode
+
+
+ DynamicLibrary
+ true
+ Unicode
+
+
+ DynamicLibrary
+ false
+ true
+ Unicode
+
+
+ DynamicLibrary
+ false
+ true
+ Unicode
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ true
+
+
+ true
+
+
+ false
+
+
+ false
+
+
+
+
+
+ Level3
+ Disabled
+ WIN32;_DEBUG;_WINDOWS;_USRDLL;DDPLUGINNTSETDEBUGFILTERSTATE_EXPORTS;%(PreprocessorDefinitions)
+ MultiThreadedDebugDLL
+
+
+ Windows
+ true
+
+
+
+
+
+
+ Level3
+ Disabled
+ WIN32;_DEBUG;_WINDOWS;_USRDLL;DDPLUGINNTSETDEBUGFILTERSTATE_EXPORTS;%(PreprocessorDefinitions)
+ MultiThreadedDebugDLL
+
+
+ Windows
+ true
+
+
+
+
+ Level3
+
+
+ MaxSpeed
+ true
+ true
+ WIN32;NDEBUG;_WINDOWS;_USRDLL;DDPLUGINNTSETDEBUGFILTERSTATE_EXPORTS;%(PreprocessorDefinitions)
+ MultiThreaded
+
+
+ Windows
+ true
+ true
+ true
+
+
+
+
+ Level3
+
+
+ MaxSpeed
+ true
+ true
+ WIN32;NDEBUG;_WINDOWS;_USRDLL;DDPLUGINNTSETDEBUGFILTERSTATE_EXPORTS;%(PreprocessorDefinitions)
+ MultiThreaded
+
+
+ Windows
+ true
+ true
+ true
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/DD.Plugin.NtSetDebugFilterState/DD.Plugin.NtSetDebugFilterState.vcxproj.filters b/DD.Plugin.NtSetDebugFilterState/DD.Plugin.NtSetDebugFilterState.vcxproj.filters
new file mode 100644
index 0000000..4aa3883
--- /dev/null
+++ b/DD.Plugin.NtSetDebugFilterState/DD.Plugin.NtSetDebugFilterState.vcxproj.filters
@@ -0,0 +1,27 @@
+
+
+
+
+ {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
+ cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
+
+
+ {93995380-89BD-4b04-88EB-625FBE52EBFB}
+ h;hpp;hxx;hm;inl;inc;xsd
+
+
+ {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
+ rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
+
+
+
+
+ Quelldateien
+
+
+
+
+ Headerdateien
+
+
+
\ No newline at end of file
diff --git a/DD.Plugin.NtSetDebugFilterState/DLLMain.cpp b/DD.Plugin.NtSetDebugFilterState/DLLMain.cpp
new file mode 100644
index 0000000..419db0a
--- /dev/null
+++ b/DD.Plugin.NtSetDebugFilterState/DLLMain.cpp
@@ -0,0 +1,49 @@
+#include "DLLMain.h"
+
+BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason,LPVOID lpvReserved)
+{
+ return true;
+}
+
+__declspec(dllexport) TCHAR* __cdecl PluginName(void)
+{
+ return L"NtSetDebugFilterState";
+}
+
+__declspec(dllexport) char* __cdecl PluginVersion(void)
+{
+ return __DATE__;
+}
+
+__declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void)
+{
+ return sErrorMessage;
+}
+
+__declspec(dllexport) DWORD __cdecl PluginDebugCheck(int iWinVer)
+{
+ typedef NTSTATUS (WINAPI *pNtSetDebugFilterState)(DWORD,DWORD,bool);
+
+ DWORD NoDebugInherit = 0;
+ NTSTATUS Status = 0;
+
+ HMODULE hNTDLL = GetModuleHandle(L"ntdll.dll");
+ if(hNTDLL == INVALID_HANDLE_VALUE)
+ {
+ sErrorMessage = TEXT("Failed to load ntdll");
+ return -1;
+ }
+
+ pNtSetDebugFilterState NtSDFS = (pNtSetDebugFilterState)GetProcAddress(hNTDLL,"NtSetDebugFilterState");
+ if(NtSDFS == NULL)
+ {
+ sErrorMessage = TEXT("Failed to load NtQueryInformationProcess");
+ return -1;
+ }
+
+ Status = NtSDFS(0,0,true);
+ if (Status == 0x00000000L)
+ return 1;
+ else
+ return 0;
+}
\ No newline at end of file
diff --git a/DD.Plugin.NtSetDebugFilterState/DLLMain.h b/DD.Plugin.NtSetDebugFilterState/DLLMain.h
new file mode 100644
index 0000000..c40700a
--- /dev/null
+++ b/DD.Plugin.NtSetDebugFilterState/DLLMain.h
@@ -0,0 +1,16 @@
+#include
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+ __declspec(dllexport) TCHAR* __cdecl PluginName(void);
+ __declspec(dllexport) char* __cdecl PluginVersion(void);
+ __declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void);
+ __declspec(dllexport) DWORD __cdecl PluginDebugCheck(int iWinVer);
+
+#ifdef __cplusplus
+}
+#endif
+
+TCHAR* sErrorMessage;
\ No newline at end of file
diff --git a/DD.Plugin.OpenCSRSS/DD.Plugin.OpenCSRSS.vcxproj b/DD.Plugin.OpenCSRSS/DD.Plugin.OpenCSRSS.vcxproj
index 7cf8f6f..1614079 100644
--- a/DD.Plugin.OpenCSRSS/DD.Plugin.OpenCSRSS.vcxproj
+++ b/DD.Plugin.OpenCSRSS/DD.Plugin.OpenCSRSS.vcxproj
@@ -81,6 +81,7 @@
Level3
Disabled
WIN32;_DEBUG;_WINDOWS;_USRDLL;DDPLUGINOPENCSRSS_EXPORTS;%(PreprocessorDefinitions)
+ MultiThreadedDebugDLL
Windows
diff --git a/DD.Plugin.OpenCSRSS/DLLMain.cpp b/DD.Plugin.OpenCSRSS/DLLMain.cpp
index 4c1620c..370f8a3 100644
--- a/DD.Plugin.OpenCSRSS/DLLMain.cpp
+++ b/DD.Plugin.OpenCSRSS/DLLMain.cpp
@@ -10,9 +10,9 @@ __declspec(dllexport) TCHAR* __cdecl PluginName(void)
return L"Open CSRSS Process";
}
-__declspec(dllexport) TCHAR* __cdecl PluginVersion(void)
+__declspec(dllexport) char* __cdecl PluginVersion(void)
{
- return L"0.1";
+ return __DATE__;
}
__declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void)
diff --git a/DD.Plugin.OpenCSRSS/DLLMain.h b/DD.Plugin.OpenCSRSS/DLLMain.h
index 4d6e783..7962f2c 100644
--- a/DD.Plugin.OpenCSRSS/DLLMain.h
+++ b/DD.Plugin.OpenCSRSS/DLLMain.h
@@ -6,7 +6,7 @@ extern "C" {
#endif
__declspec(dllexport) TCHAR* __cdecl PluginName(void);
- __declspec(dllexport) TCHAR* __cdecl PluginVersion(void);
+ __declspec(dllexport) char* __cdecl PluginVersion(void);
__declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void);
__declspec(dllexport) DWORD __cdecl PluginDebugCheck(int iWinVer);
diff --git a/DD.Plugin.OutputDebugString/DD.Plugin.OutputDebugString.vcxproj b/DD.Plugin.OutputDebugString/DD.Plugin.OutputDebugString.vcxproj
index 044b2d0..ea15fe5 100644
--- a/DD.Plugin.OutputDebugString/DD.Plugin.OutputDebugString.vcxproj
+++ b/DD.Plugin.OutputDebugString/DD.Plugin.OutputDebugString.vcxproj
@@ -81,6 +81,7 @@
Level3
Disabled
WIN32;_DEBUG;_WINDOWS;_USRDLL;DDPLUGINOUTPUTDEBUGSTRING_EXPORTS;%(PreprocessorDefinitions)
+ MultiThreadedDebugDLL
Windows
diff --git a/DD.Plugin.OutputDebugString/DLLMain.cpp b/DD.Plugin.OutputDebugString/DLLMain.cpp
index 15c2900..b38386b 100644
--- a/DD.Plugin.OutputDebugString/DLLMain.cpp
+++ b/DD.Plugin.OutputDebugString/DLLMain.cpp
@@ -10,9 +10,9 @@ __declspec(dllexport) TCHAR* __cdecl PluginName(void)
return L"OutputDebugString";
}
-__declspec(dllexport) TCHAR* __cdecl PluginVersion(void)
+__declspec(dllexport) char* __cdecl PluginVersion(void)
{
- return L"0.1";
+ return __DATE__;
}
__declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void)
diff --git a/DD.Plugin.OutputDebugString/DLLMain.h b/DD.Plugin.OutputDebugString/DLLMain.h
index 35cb823..c40700a 100644
--- a/DD.Plugin.OutputDebugString/DLLMain.h
+++ b/DD.Plugin.OutputDebugString/DLLMain.h
@@ -5,7 +5,7 @@ extern "C" {
#endif
__declspec(dllexport) TCHAR* __cdecl PluginName(void);
- __declspec(dllexport) TCHAR* __cdecl PluginVersion(void);
+ __declspec(dllexport) char* __cdecl PluginVersion(void);
__declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void);
__declspec(dllexport) DWORD __cdecl PluginDebugCheck(int iWinVer);
diff --git a/DD.Plugin.PEBDebugFlag/DD.Plugin.PEBDebugFlag.vcxproj b/DD.Plugin.PEBDebugFlag/DD.Plugin.PEBDebugFlag.vcxproj
index a0f61df..34a200c 100644
--- a/DD.Plugin.PEBDebugFlag/DD.Plugin.PEBDebugFlag.vcxproj
+++ b/DD.Plugin.PEBDebugFlag/DD.Plugin.PEBDebugFlag.vcxproj
@@ -81,6 +81,7 @@
Level3
Disabled
WIN32;_DEBUG;_WINDOWS;_USRDLL;DDPLUGINPEBDEBUGFLAG_EXPORTS;%(PreprocessorDefinitions)
+ MultiThreadedDebugDLL
Windows
diff --git a/DD.Plugin.PEBDebugFlag/DLLMain.cpp b/DD.Plugin.PEBDebugFlag/DLLMain.cpp
index 00ff0a1..6f36670 100644
--- a/DD.Plugin.PEBDebugFlag/DLLMain.cpp
+++ b/DD.Plugin.PEBDebugFlag/DLLMain.cpp
@@ -10,9 +10,9 @@ __declspec(dllexport) TCHAR* __cdecl PluginName(void)
return L"PEBDebugFlag";
}
-__declspec(dllexport) TCHAR* __cdecl PluginVersion(void)
+__declspec(dllexport) char* __cdecl PluginVersion(void)
{
- return L"0.1";
+ return __DATE__;
}
__declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void)
diff --git a/DD.Plugin.PEBDebugFlag/DLLMain.h b/DD.Plugin.PEBDebugFlag/DLLMain.h
index 35cb823..c40700a 100644
--- a/DD.Plugin.PEBDebugFlag/DLLMain.h
+++ b/DD.Plugin.PEBDebugFlag/DLLMain.h
@@ -5,7 +5,7 @@ extern "C" {
#endif
__declspec(dllexport) TCHAR* __cdecl PluginName(void);
- __declspec(dllexport) TCHAR* __cdecl PluginVersion(void);
+ __declspec(dllexport) char* __cdecl PluginVersion(void);
__declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void);
__declspec(dllexport) DWORD __cdecl PluginDebugCheck(int iWinVer);
diff --git a/DD.Plugin.PEBGlobalFlags/DD.Plugin.PEBGlobalFlags.vcxproj b/DD.Plugin.PEBGlobalFlags/DD.Plugin.PEBGlobalFlags.vcxproj
index 82122aa..a382fe2 100644
--- a/DD.Plugin.PEBGlobalFlags/DD.Plugin.PEBGlobalFlags.vcxproj
+++ b/DD.Plugin.PEBGlobalFlags/DD.Plugin.PEBGlobalFlags.vcxproj
@@ -81,6 +81,7 @@
Level3
Disabled
WIN32;_DEBUG;_WINDOWS;_USRDLL;DDPLUGINPEBGLOBALFLAGS_EXPORTS;%(PreprocessorDefinitions)
+ MultiThreadedDebugDLL
Windows
diff --git a/DD.Plugin.PEBGlobalFlags/DLLMain.cpp b/DD.Plugin.PEBGlobalFlags/DLLMain.cpp
index e78d300..dfe0c8a 100644
--- a/DD.Plugin.PEBGlobalFlags/DLLMain.cpp
+++ b/DD.Plugin.PEBGlobalFlags/DLLMain.cpp
@@ -10,9 +10,9 @@ __declspec(dllexport) TCHAR* __cdecl PluginName(void)
return L"PEBGlobalFlag";
}
-__declspec(dllexport) TCHAR* __cdecl PluginVersion(void)
+__declspec(dllexport) char* __cdecl PluginVersion(void)
{
- return L"0.1";
+ return __DATE__;
}
__declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void)
@@ -30,7 +30,7 @@ __declspec(dllexport) DWORD __cdecl PluginDebugCheck(int iWinVer)
cmp eax,70h
je DebuggerDetected
}
-
+
return 0;
__asm{DebuggerDetected:}
return 1;
diff --git a/DD.Plugin.PEBGlobalFlags/DLLMain.h b/DD.Plugin.PEBGlobalFlags/DLLMain.h
index 35cb823..c40700a 100644
--- a/DD.Plugin.PEBGlobalFlags/DLLMain.h
+++ b/DD.Plugin.PEBGlobalFlags/DLLMain.h
@@ -5,7 +5,7 @@ extern "C" {
#endif
__declspec(dllexport) TCHAR* __cdecl PluginName(void);
- __declspec(dllexport) TCHAR* __cdecl PluginVersion(void);
+ __declspec(dllexport) char* __cdecl PluginVersion(void);
__declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void);
__declspec(dllexport) DWORD __cdecl PluginDebugCheck(int iWinVer);
diff --git a/DD.Plugin.PEBProcHeapFlag/DD.Plugin.PEBProcHeapFlag.vcxproj b/DD.Plugin.PEBProcHeapFlag/DD.Plugin.PEBProcHeapFlag.vcxproj
index ca21af6..f1f4b19 100644
--- a/DD.Plugin.PEBProcHeapFlag/DD.Plugin.PEBProcHeapFlag.vcxproj
+++ b/DD.Plugin.PEBProcHeapFlag/DD.Plugin.PEBProcHeapFlag.vcxproj
@@ -81,6 +81,7 @@
Level3
Disabled
WIN32;_DEBUG;_WINDOWS;_USRDLL;DDPLUGINPEBPROCHEAPFLAG_EXPORTS;%(PreprocessorDefinitions)
+ MultiThreadedDebugDLL
Windows
diff --git a/DD.Plugin.PEBProcHeapFlag/DLLMain.cpp b/DD.Plugin.PEBProcHeapFlag/DLLMain.cpp
index bf60536..a9cfc11 100644
--- a/DD.Plugin.PEBProcHeapFlag/DLLMain.cpp
+++ b/DD.Plugin.PEBProcHeapFlag/DLLMain.cpp
@@ -10,9 +10,9 @@ __declspec(dllexport) TCHAR* __cdecl PluginName(void)
return L"PEBProcHeapFlag";
}
-__declspec(dllexport) TCHAR* __cdecl PluginVersion(void)
+__declspec(dllexport) char* __cdecl PluginVersion(void)
{
- return L"0.1";
+ return __DATE__;
}
__declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void)
diff --git a/DD.Plugin.PEBProcHeapFlag/DLLMain.h b/DD.Plugin.PEBProcHeapFlag/DLLMain.h
index aeb2126..c299bcf 100644
--- a/DD.Plugin.PEBProcHeapFlag/DLLMain.h
+++ b/DD.Plugin.PEBProcHeapFlag/DLLMain.h
@@ -5,7 +5,7 @@ extern "C" {
#endif
__declspec(dllexport) TCHAR* __cdecl PluginName(void);
- __declspec(dllexport) TCHAR* __cdecl PluginVersion(void);
+ __declspec(dllexport) char* __cdecl PluginVersion(void);
__declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void);
__declspec(dllexport) DWORD __cdecl PluginDebugCheck(int iWinVer);
diff --git a/DD.Plugin.ParentProcess/DD.Plugin.ParentProcess.vcxproj b/DD.Plugin.ParentProcess/DD.Plugin.ParentProcess.vcxproj
index 878f9d3..dd9f36a 100644
--- a/DD.Plugin.ParentProcess/DD.Plugin.ParentProcess.vcxproj
+++ b/DD.Plugin.ParentProcess/DD.Plugin.ParentProcess.vcxproj
@@ -81,6 +81,7 @@
Level3
Disabled
WIN32;_DEBUG;_WINDOWS;_USRDLL;DDPLUGINPARENTPROCESS_EXPORTS;%(PreprocessorDefinitions)
+ MultiThreadedDebugDLL
Windows
diff --git a/DD.Plugin.ParentProcess/DLLMain.cpp b/DD.Plugin.ParentProcess/DLLMain.cpp
index 26f989a..9b420b5 100644
--- a/DD.Plugin.ParentProcess/DLLMain.cpp
+++ b/DD.Plugin.ParentProcess/DLLMain.cpp
@@ -10,9 +10,9 @@ __declspec(dllexport) TCHAR* __cdecl PluginName(void)
return L"ParentProcess";
}
-__declspec(dllexport) TCHAR* __cdecl PluginVersion(void)
+__declspec(dllexport) char* __cdecl PluginVersion(void)
{
- return L"0.1";
+ return __DATE__;
}
__declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void)
diff --git a/DD.Plugin.ParentProcess/DLLMain.h b/DD.Plugin.ParentProcess/DLLMain.h
index 8dce9d1..be677bb 100644
--- a/DD.Plugin.ParentProcess/DLLMain.h
+++ b/DD.Plugin.ParentProcess/DLLMain.h
@@ -6,7 +6,7 @@ extern "C" {
#endif
__declspec(dllexport) TCHAR* __cdecl PluginName(void);
- __declspec(dllexport) TCHAR* __cdecl PluginVersion(void);
+ __declspec(dllexport) char* __cdecl PluginVersion(void);
__declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void);
__declspec(dllexport) DWORD __cdecl PluginDebugCheck(int iWinVer);
diff --git a/DD.Plugin.ProcessDebugFlag/DD.Plugin.ProcessDebugFlag.vcxproj b/DD.Plugin.ProcessDebugFlag/DD.Plugin.ProcessDebugFlag.vcxproj
index 150f3a2..b8e5abe 100644
--- a/DD.Plugin.ProcessDebugFlag/DD.Plugin.ProcessDebugFlag.vcxproj
+++ b/DD.Plugin.ProcessDebugFlag/DD.Plugin.ProcessDebugFlag.vcxproj
@@ -81,6 +81,7 @@
Level3
Disabled
WIN32;_DEBUG;_WINDOWS;_USRDLL;DDPLUGINPROCESSDEBUGFLAG_EXPORTS;%(PreprocessorDefinitions)
+ MultiThreadedDebugDLL
Windows
diff --git a/DD.Plugin.ProcessDebugFlag/DLLMain.cpp b/DD.Plugin.ProcessDebugFlag/DLLMain.cpp
index df7cd09..a9b053e 100644
--- a/DD.Plugin.ProcessDebugFlag/DLLMain.cpp
+++ b/DD.Plugin.ProcessDebugFlag/DLLMain.cpp
@@ -10,9 +10,9 @@ __declspec(dllexport) TCHAR* __cdecl PluginName(void)
return L"ProcessDebugFlags";
}
-__declspec(dllexport) TCHAR* __cdecl PluginVersion(void)
+__declspec(dllexport) char* __cdecl PluginVersion(void)
{
- return L"0.1";
+ return __DATE__;
}
__declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void)
@@ -44,8 +44,7 @@ __declspec(dllexport) DWORD __cdecl PluginDebugCheck(int iWinVer)
Status = NtQIP(GetCurrentProcess(),0x1f,&NoDebugInherit,4,NULL);
if (Status != 0x00000000)
{
- sErrorMessage = (TCHAR*)malloc(255);
- wsprintf(sErrorMessage,L"0x%08",Status);
+ sErrorMessage = TEXT("Error in NtQueryInformationProcess");
return -1;
}
diff --git a/DD.Plugin.ProcessDebugFlag/DLLMain.h b/DD.Plugin.ProcessDebugFlag/DLLMain.h
index 35cb823..c40700a 100644
--- a/DD.Plugin.ProcessDebugFlag/DLLMain.h
+++ b/DD.Plugin.ProcessDebugFlag/DLLMain.h
@@ -5,7 +5,7 @@ extern "C" {
#endif
__declspec(dllexport) TCHAR* __cdecl PluginName(void);
- __declspec(dllexport) TCHAR* __cdecl PluginVersion(void);
+ __declspec(dllexport) char* __cdecl PluginVersion(void);
__declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void);
__declspec(dllexport) DWORD __cdecl PluginDebugCheck(int iWinVer);
diff --git a/DD.Plugin.UnhandledException/DD.Plugin.UnhandledException.vcxproj b/DD.Plugin.UnhandledException/DD.Plugin.UnhandledException.vcxproj
index 52659e4..8e23a85 100644
--- a/DD.Plugin.UnhandledException/DD.Plugin.UnhandledException.vcxproj
+++ b/DD.Plugin.UnhandledException/DD.Plugin.UnhandledException.vcxproj
@@ -81,6 +81,7 @@
Level3
Disabled
WIN32;_DEBUG;_WINDOWS;_USRDLL;DDPLUGINUNHANDLEDEXCEPTION_EXPORTS;%(PreprocessorDefinitions)
+ MultiThreadedDebugDLL
Windows
diff --git a/DD.Plugin.UnhandledException/DLLMain.cpp b/DD.Plugin.UnhandledException/DLLMain.cpp
index 033a1b6..73d9ca1 100644
--- a/DD.Plugin.UnhandledException/DLLMain.cpp
+++ b/DD.Plugin.UnhandledException/DLLMain.cpp
@@ -10,9 +10,9 @@ __declspec(dllexport) TCHAR* __cdecl PluginName(void)
return L"Unhandled Exception";
}
-__declspec(dllexport) TCHAR* __cdecl PluginVersion(void)
+__declspec(dllexport) char* __cdecl PluginVersion(void)
{
- return L"0.1";
+ return __DATE__;
}
__declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void)
diff --git a/DD.Plugin.UnhandledException/DLLMain.h b/DD.Plugin.UnhandledException/DLLMain.h
index 49d13e2..20527e9 100644
--- a/DD.Plugin.UnhandledException/DLLMain.h
+++ b/DD.Plugin.UnhandledException/DLLMain.h
@@ -5,7 +5,7 @@ extern "C" {
#endif
__declspec(dllexport) TCHAR* __cdecl PluginName(void);
- __declspec(dllexport) TCHAR* __cdecl PluginVersion(void);
+ __declspec(dllexport) char* __cdecl PluginVersion(void);
__declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void);
__declspec(dllexport) DWORD __cdecl PluginDebugCheck(int iWinVer);
diff --git a/DebugDetector.sln b/DebugDetector.sln
index a15f496..577ed4d 100644
--- a/DebugDetector.sln
+++ b/DebugDetector.sln
@@ -44,6 +44,10 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "DD.Plugin.NTYieldExecution"
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "DD.Plugin.CheckHeapMemory", "DD.Plugin.CheckHeapMemory\DD.Plugin.CheckHeapMemory.vcxproj", "{F712449E-CD06-437F-9419-122EC5FDDE9E}"
EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "DD.Plugin.NtSetDebugFilterState", "DD.Plugin.NtSetDebugFilterState\DD.Plugin.NtSetDebugFilterState.vcxproj", "{B094B4EA-8DB0-4C43-BFA0-BA588C1039AF}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "DD.Plugin.NTQuerySystemInformation", "DD.Plugin.NTQuerySystemInformation\DD.Plugin.NTQuerySystemInformation.vcxproj", "{67BD4A1D-F977-40A0-A897-177F181D4528}"
+EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Win32 = Debug|Win32
@@ -154,42 +158,57 @@ Global
{B0370AE7-386D-46AF-AABB-34E5784944FA}.Release|x64.ActiveCfg = Release|x64
{FC1FB81C-8272-4B79-B807-1331335DFA0A}.Debug|Win32.ActiveCfg = Debug|Win32
{FC1FB81C-8272-4B79-B807-1331335DFA0A}.Debug|Win32.Build.0 = Debug|Win32
- {FC1FB81C-8272-4B79-B807-1331335DFA0A}.Debug|x64.ActiveCfg = Debug|Win32
- {FC1FB81C-8272-4B79-B807-1331335DFA0A}.Debug|x64.Build.0 = Debug|Win32
+ {FC1FB81C-8272-4B79-B807-1331335DFA0A}.Debug|x64.ActiveCfg = Debug|x64
+ {FC1FB81C-8272-4B79-B807-1331335DFA0A}.Debug|x64.Build.0 = Debug|x64
{FC1FB81C-8272-4B79-B807-1331335DFA0A}.Release|Win32.ActiveCfg = Release|Win32
{FC1FB81C-8272-4B79-B807-1331335DFA0A}.Release|Win32.Build.0 = Release|Win32
{FC1FB81C-8272-4B79-B807-1331335DFA0A}.Release|x64.ActiveCfg = Release|x64
{FC1FB81C-8272-4B79-B807-1331335DFA0A}.Release|x64.Build.0 = Release|x64
{83557B77-5625-49F4-B246-BD7BBDB78687}.Debug|Win32.ActiveCfg = Debug|Win32
{83557B77-5625-49F4-B246-BD7BBDB78687}.Debug|Win32.Build.0 = Debug|Win32
- {83557B77-5625-49F4-B246-BD7BBDB78687}.Debug|x64.ActiveCfg = Debug|Win32
- {83557B77-5625-49F4-B246-BD7BBDB78687}.Debug|x64.Build.0 = Debug|Win32
+ {83557B77-5625-49F4-B246-BD7BBDB78687}.Debug|x64.ActiveCfg = Debug|x64
+ {83557B77-5625-49F4-B246-BD7BBDB78687}.Debug|x64.Build.0 = Debug|x64
{83557B77-5625-49F4-B246-BD7BBDB78687}.Release|Win32.ActiveCfg = Release|Win32
{83557B77-5625-49F4-B246-BD7BBDB78687}.Release|Win32.Build.0 = Release|Win32
{83557B77-5625-49F4-B246-BD7BBDB78687}.Release|x64.ActiveCfg = Release|x64
{83557B77-5625-49F4-B246-BD7BBDB78687}.Release|x64.Build.0 = Release|x64
{534F66C5-627F-4086-BD7D-D8BA55189E30}.Debug|Win32.ActiveCfg = Debug|Win32
{534F66C5-627F-4086-BD7D-D8BA55189E30}.Debug|Win32.Build.0 = Debug|Win32
- {534F66C5-627F-4086-BD7D-D8BA55189E30}.Debug|x64.ActiveCfg = Debug|Win32
- {534F66C5-627F-4086-BD7D-D8BA55189E30}.Debug|x64.Build.0 = Debug|Win32
+ {534F66C5-627F-4086-BD7D-D8BA55189E30}.Debug|x64.ActiveCfg = Debug|x64
+ {534F66C5-627F-4086-BD7D-D8BA55189E30}.Debug|x64.Build.0 = Debug|x64
{534F66C5-627F-4086-BD7D-D8BA55189E30}.Release|Win32.ActiveCfg = Release|Win32
{534F66C5-627F-4086-BD7D-D8BA55189E30}.Release|Win32.Build.0 = Release|Win32
{534F66C5-627F-4086-BD7D-D8BA55189E30}.Release|x64.ActiveCfg = Release|x64
{534F66C5-627F-4086-BD7D-D8BA55189E30}.Release|x64.Build.0 = Release|x64
{8DC5BDB7-BA6F-4495-854F-716F9744D32F}.Debug|Win32.ActiveCfg = Debug|Win32
{8DC5BDB7-BA6F-4495-854F-716F9744D32F}.Debug|Win32.Build.0 = Debug|Win32
- {8DC5BDB7-BA6F-4495-854F-716F9744D32F}.Debug|x64.ActiveCfg = Debug|Win32
- {8DC5BDB7-BA6F-4495-854F-716F9744D32F}.Debug|x64.Build.0 = Debug|Win32
+ {8DC5BDB7-BA6F-4495-854F-716F9744D32F}.Debug|x64.ActiveCfg = Debug|x64
+ {8DC5BDB7-BA6F-4495-854F-716F9744D32F}.Debug|x64.Build.0 = Debug|x64
{8DC5BDB7-BA6F-4495-854F-716F9744D32F}.Release|Win32.ActiveCfg = Release|Win32
{8DC5BDB7-BA6F-4495-854F-716F9744D32F}.Release|Win32.Build.0 = Release|Win32
{8DC5BDB7-BA6F-4495-854F-716F9744D32F}.Release|x64.ActiveCfg = Release|x64
{8DC5BDB7-BA6F-4495-854F-716F9744D32F}.Release|x64.Build.0 = Release|x64
{F712449E-CD06-437F-9419-122EC5FDDE9E}.Debug|Win32.ActiveCfg = Debug|Win32
{F712449E-CD06-437F-9419-122EC5FDDE9E}.Debug|Win32.Build.0 = Debug|Win32
- {F712449E-CD06-437F-9419-122EC5FDDE9E}.Debug|x64.ActiveCfg = Debug|Win32
+ {F712449E-CD06-437F-9419-122EC5FDDE9E}.Debug|x64.ActiveCfg = Debug|x64
+ {F712449E-CD06-437F-9419-122EC5FDDE9E}.Debug|x64.Build.0 = Debug|x64
{F712449E-CD06-437F-9419-122EC5FDDE9E}.Release|Win32.ActiveCfg = Release|Win32
{F712449E-CD06-437F-9419-122EC5FDDE9E}.Release|Win32.Build.0 = Release|Win32
{F712449E-CD06-437F-9419-122EC5FDDE9E}.Release|x64.ActiveCfg = Release|Win32
+ {B094B4EA-8DB0-4C43-BFA0-BA588C1039AF}.Debug|Win32.ActiveCfg = Debug|Win32
+ {B094B4EA-8DB0-4C43-BFA0-BA588C1039AF}.Debug|Win32.Build.0 = Debug|Win32
+ {B094B4EA-8DB0-4C43-BFA0-BA588C1039AF}.Debug|x64.ActiveCfg = Debug|x64
+ {B094B4EA-8DB0-4C43-BFA0-BA588C1039AF}.Debug|x64.Build.0 = Debug|x64
+ {B094B4EA-8DB0-4C43-BFA0-BA588C1039AF}.Release|Win32.ActiveCfg = Release|Win32
+ {B094B4EA-8DB0-4C43-BFA0-BA588C1039AF}.Release|Win32.Build.0 = Release|Win32
+ {B094B4EA-8DB0-4C43-BFA0-BA588C1039AF}.Release|x64.ActiveCfg = Release|Win32
+ {67BD4A1D-F977-40A0-A897-177F181D4528}.Debug|Win32.ActiveCfg = Debug|Win32
+ {67BD4A1D-F977-40A0-A897-177F181D4528}.Debug|Win32.Build.0 = Debug|Win32
+ {67BD4A1D-F977-40A0-A897-177F181D4528}.Debug|x64.ActiveCfg = Debug|x64
+ {67BD4A1D-F977-40A0-A897-177F181D4528}.Debug|x64.Build.0 = Debug|x64
+ {67BD4A1D-F977-40A0-A897-177F181D4528}.Release|Win32.ActiveCfg = Release|Win32
+ {67BD4A1D-F977-40A0-A897-177F181D4528}.Release|Win32.Build.0 = Release|Win32
+ {67BD4A1D-F977-40A0-A897-177F181D4528}.Release|x64.ActiveCfg = Release|Win32
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
diff --git a/DebugDetector.suo b/DebugDetector.suo
index 2d17a49..f3993a0 100644
Binary files a/DebugDetector.suo and b/DebugDetector.suo differ
diff --git a/DebugDetector/DDMain.cpp b/DebugDetector/DDMain.cpp
index 2a8b24d..9634439 100644
--- a/DebugDetector/DDMain.cpp
+++ b/DebugDetector/DDMain.cpp
@@ -3,11 +3,13 @@
INT WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance,LPSTR lpCmdLine, int nCmdShow)
{
INITCOMMONCONTROLSEX icx;
- icx.dwSize=sizeof(icx);
- icx.dwICC=ICC_LISTVIEW_CLASSES;
+ icx.dwSize = sizeof(icx);
+ icx.dwICC = ICC_LISTVIEW_CLASSES;
InitCommonControlsEx(&icx);
DialogBox(hInstance,MAKEINTRESOURCE(IDD_MAINFRAME),hwDlgMainFrame,reinterpret_cast(MainDLGProc));
+
+ _CrtDumpMemoryLeaks();
return false;
}
@@ -28,13 +30,13 @@ LRESULT CALLBACK MainDLGProc(HWND hWndDlg, UINT Msg, WPARAM wParam, LPARAM lPara
LvCol.cx = 0x100;
SendMessage(hwPluginList,LVM_INSERTCOLUMN,0,(LPARAM)&LvCol);
LvCol.pszText = L"Version";
- LvCol.cx = 0x30;
+ LvCol.cx = 0x45;
SendMessage(hwPluginList,LVM_INSERTCOLUMN,1,(LPARAM)&LvCol);
LvCol.pszText = L"Debugged";
LvCol.cx = 0x40;
SendMessage(hwPluginList,LVM_INSERTCOLUMN,2,(LPARAM)&LvCol);
LvCol.pszText = L"ErrorMessage";
- LvCol.cx = 0x80;
+ LvCol.cx = 0x99;
SendMessage(hwPluginList,LVM_INSERTCOLUMN,3,(LPARAM)&LvCol);
if(!LoadPlugins())
@@ -45,12 +47,12 @@ LRESULT CALLBACK MainDLGProc(HWND hWndDlg, UINT Msg, WPARAM wParam, LPARAM lPara
else
{
ExecutePlugins();
- TCHAR* sTemp = (TCHAR*)malloc(255);
- swprintf(sTemp,L"Debug Detector: loaded %d Plugins! - %d of %d detections - ratio: %0.2f %%",
+ TCHAR* sTemp = (TCHAR*)malloc(MAX_PATH * sizeof(TCHAR));
+ swprintf_s(sTemp,MAX_PATH,L"Debug Detector: loaded %d Plugins! - %d of %d detections - ratio: %0.3f %%",
vPluginList.size(),
iDetectNum,
vPluginList.size(),
- ((iDetectNum* 1.0 / vPluginList.size() * 1.0) * 100));
+ ((iDetectNum * 1.0 / vPluginList.size() * 1.0) * 100));
SetWindowTextW(GetDlgItem(hwDlgMainFrame,IDC_STATE),sTemp);
free(sTemp);
@@ -61,7 +63,7 @@ LRESULT CALLBACK MainDLGProc(HWND hWndDlg, UINT Msg, WPARAM wParam, LPARAM lPara
{
if(((LPNMHDR)lParam)->code == NM_CUSTOMDRAW)
{
- SetWindowLong(hwDlgMainFrame,DWL_MSGRESULT,(LONG)DrawDetectionColor(lParam));
+ SetWindowLong(hwDlgMainFrame,0,(LONG)DrawDetectionColor(lParam));
}
return true;
}
@@ -78,10 +80,10 @@ bool LoadPlugins()
{
WIN32_FIND_DATA FindDataw32;
HANDLE hFind = INVALID_HANDLE_VALUE;
-
TCHAR* szCurDir = (TCHAR*)malloc(MAX_PATH);
+
GetCurrentDirectory(MAX_PATH,szCurDir);
- wcscat(szCurDir,L"\\*");
+ wcscat_s(szCurDir,MAX_PATH / sizeof(TCHAR),L"\\*");
hFind = FindFirstFile(szCurDir,&FindDataw32);
@@ -124,7 +126,12 @@ bool LoadPlugins()
bool ExecutePlugins()
{
- int iWinVer = GetWinVersion();
+ LVITEM LvItem;
+ TCHAR* sTemp = (TCHAR*)malloc(MAX_PATH * sizeof(TCHAR));
+ HWND hwPluginList = GetDlgItem(hwDlgMainFrame,IDC_PLUGINS);
+ int iWinVer = GetWinVersion(),
+ itemIndex = 0;
+
for(size_t i = 0; i < vPluginList.size(); i++)
{
PluginName newPluginName = (PluginName)vPluginList[i].dwName;
@@ -132,46 +139,42 @@ bool ExecutePlugins()
PluginDebugCheck newPluginDebugCheck = (PluginDebugCheck)vPluginList[i].dwDebugCheck;
PluginErrorMessage newPluginErrorMessage = (PluginErrorMessage)vPluginList[i].dwErrorMessage;
- LVITEM LvItem;
- TCHAR* sTemp = (TCHAR*)malloc(255);
- HWND hwPluginList = GetDlgItem(hwDlgMainFrame,IDC_PLUGINS);
- int itemIndex = SendMessage(hwPluginList,LVM_GETITEMCOUNT,0,0);
+ itemIndex = SendMessage(hwPluginList,LVM_GETITEMCOUNT,0,0);
memset(&LvItem,0,sizeof(LvItem));
- wsprintf(sTemp,L"%s",newPluginName());
+ swprintf_s(sTemp,MAX_PATH,L"%s",newPluginName());
LvItem.mask = LVIF_TEXT;
- LvItem.cchTextMax = 255;
+ LvItem.cchTextMax = MAX_PATH * sizeof(TCHAR);
LvItem.iItem = itemIndex;
LvItem.iSubItem = 0;
LvItem.pszText = sTemp;
SendMessage(hwPluginList,LVM_INSERTITEM,0,(LPARAM)&LvItem);
- wsprintf(sTemp,L"%s",newPluginVersion());
+ swprintf_s(sTemp,MAX_PATH,L"%S",newPluginVersion());
LvItem.iSubItem = 1;
SendMessage(hwPluginList,LVM_SETITEM,0,(LPARAM)&LvItem);
- memset(sTemp,0,255);
switch(newPluginDebugCheck(iWinVer))
{
case 0:
- wsprintf(sTemp,L"%s",L"FALSE");
+ swprintf_s(sTemp,MAX_PATH,L"%s",L"FALSE");
break;
case 1:
- wsprintf(sTemp,L"%s",L"TRUE");
+ swprintf_s(sTemp,MAX_PATH,L"%s",L"TRUE");
iDetectNum++;
break;
case -1:
- wsprintf(sTemp,L"%s",newPluginErrorMessage());
+ swprintf_s(sTemp,MAX_PATH,L"%s",newPluginErrorMessage());
LvItem.iSubItem = 3;
SendMessage(hwPluginList,LVM_SETITEM,0,(LPARAM)&LvItem);
+ memset(sTemp,0,MAX_PATH * sizeof(TCHAR));
break;
}
LvItem.iSubItem = 2;
SendMessage(hwPluginList,LVM_SETITEM,0,(LPARAM)&LvItem);
-
- free(sTemp);
}
+ free(sTemp);
return true;
}
@@ -190,15 +193,14 @@ int GetWinVersion()
if(osVerInfo.dwMajorVersion == 5 && osVerInfo.dwMinorVersion == 0 )
return 0;//WIN_2000;
-
if(osVerInfo.dwMajorVersion == 5 && osVerInfo.dwMinorVersion == 1 )
return 1;//WIN_XP;
-
if(osVerInfo.dwMajorVersion == 6 && osVerInfo.dwMinorVersion == 0 && osVerEx.wProductType == VER_NT_WORKSTATION )
return 2;//WIN_VISTA;
-
if(osVerInfo.dwMajorVersion == 6 && osVerInfo.dwMinorVersion == 1 && osVerEx.wProductType == VER_NT_WORKSTATION )
return 3;//WIN_7;
+ if(osVerInfo.dwMajorVersion == 6 && osVerInfo.dwMinorVersion == 2 && osVerEx.wProductType == VER_NT_WORKSTATION )
+ return 4;//WIN_8
return -1;
}
@@ -213,8 +215,8 @@ LRESULT DrawDetectionColor(LPARAM lParam)
case CDDS_ITEMPREPAINT:
{
- TCHAR* sTemp = (TCHAR*)malloc(255);
- ListView_GetItemText(GetDlgItem(hwDlgMainFrame,IDC_PLUGINS),(int)nmlvCustDraw->nmcd.dwItemSpec,2,sTemp,255);
+ TCHAR* sTemp = (TCHAR*)malloc(MAX_PATH);
+ ListView_GetItemText(GetDlgItem(hwDlgMainFrame,IDC_PLUGINS),(int)nmlvCustDraw->nmcd.dwItemSpec,2,sTemp,MAX_PATH);
if (wcsstr(sTemp,L"TRUE") != NULL)
{
diff --git a/DebugDetector/DDMain.h b/DebugDetector/DDMain.h
index ab6cad9..a684429 100644
--- a/DebugDetector/DDMain.h
+++ b/DebugDetector/DDMain.h
@@ -2,8 +2,15 @@
#include
#include
#include
-#include "resource.h"
#include
+#include "resource.h"
+
+// Leak detection
+//#include
+//#include
+//
+//#define _CRTDBG_MAP_ALLOC
+// Leak detection
using namespace std;
@@ -17,20 +24,18 @@ struct srcPlugin
};
LRESULT CALLBACK MainDLGProc(HWND hWndDlg, UINT Msg, WPARAM wParam, LPARAM lParam);
+LRESULT DrawDetectionColor(LPARAM lParam);
bool LoadPlugins();
bool ExecutePlugins();
int GetWinVersion();
-LRESULT DrawDetectionColor(LPARAM lParam);
-
-typedef TCHAR* (*PluginVersion)(void);
+typedef char* (*PluginVersion)(void);
typedef TCHAR* (*PluginName)(void);
typedef TCHAR* (*PluginErrorMessage)(void);
typedef DWORD (*PluginDebugCheck)(int iWinVers);
-
HWND hwDlgMainFrame = NULL;
int iDetectNum = 0;
diff --git a/DebugDetector/DebugDetector.aps b/DebugDetector/DebugDetector.aps
index 1177940..d753fae 100644
Binary files a/DebugDetector/DebugDetector.aps and b/DebugDetector/DebugDetector.aps differ
diff --git a/DebugDetector/DebugDetector.rc b/DebugDetector/DebugDetector.rc
index c22e159..d63b21a 100644
Binary files a/DebugDetector/DebugDetector.rc and b/DebugDetector/DebugDetector.rc differ
diff --git a/DebugDetector/DebugDetector.vcxproj b/DebugDetector/DebugDetector.vcxproj
index 5472167..2de37df 100644
--- a/DebugDetector/DebugDetector.vcxproj
+++ b/DebugDetector/DebugDetector.vcxproj
@@ -81,7 +81,7 @@
Level3
Disabled
WIN32;_DEBUG;_WINDOWS;%(PreprocessorDefinitions)
- MultiThreadedDebug
+ MultiThreadedDebugDLL
Windows
diff --git a/README.md b/README.md
index 7327caa..af22369 100644
--- a/README.md
+++ b/README.md
@@ -16,15 +16,22 @@ DD - DebugDetector
* [Tuts4You](http://tuts4you.com/download.php?view.3260)
###ToDo
-+ Add more Plugins
-+ Add bad driver names
-+ Add custom window titel depending on detection
++ add more Plugins
++ add bad driver names
+ fix x64 support
+ + remove as much inline asm as possible
++ fix more memory leaks
-###Changelog v0.2
+####Changelog until now
++ added NtQuerySystemInformation
++ added NtSetDebugFilterState
++ fixed small memory leaks
++ changed version numbers (automatic set to build date of plugins)
+
+####Changelog v0.2
+ added color on detection
-+ added better error reporting on plugins
-+ added OSVersion parameter to plugins
++ added better error reporting by plugins
++ added OSVersion as parameter to plugins
+ added NtYieldExecution plugin (by Aguila)
+ added CheckHeapMemory plugin
+ added some new windows to the FindBadWindow plugin
@@ -35,7 +42,7 @@ DD - DebugDetector
+ simple to use
+ error messages
+ Show percentage of detection
-+ 18 Plugins
++ 20 Plugins
+ DebugObject
+ Using NtQueryInformationProcess to see if there are Debugging Objects for our process
+ CheckRemoteDebuggerPresent
@@ -71,4 +78,8 @@ DD - DebugDetector
+ NtYieldExecution (by Aguila)
+ NtYieldExecution returns STATUS_NO_YIELD_PERFORMED if there is no other thread ( e.g debugger) but often fails if the system is overloaded and doesn´t allow a switch (not a good method)
+ CheckHeapMemory
- + allocs memory in the heap and checks if FEEEABABABABABABABAB (exists only on debug mode as overflow detection) is there
\ No newline at end of file
+ + allocs memory in the heap and checks if FEEEABABABABABABABABFEEE (exists only on debug mode as overflow detection) is there
+ + NTSetDebugFilterState
+ + Uses the return value of the ntdll api "NtSetDebugFilterState" to check if the target is running under a debugger
+ + NTQuerySystemInformation
+ + Uses the NtQuerySystemInformation API to check if the target is running under a debugger
\ No newline at end of file
diff --git a/Release/DD.Plugin.CheckHeapMemory.dll b/Release/DD.Plugin.CheckHeapMemory.dll
index 696480c..2f2eb0c 100644
Binary files a/Release/DD.Plugin.CheckHeapMemory.dll and b/Release/DD.Plugin.CheckHeapMemory.dll differ
diff --git a/Release/DD.Plugin.CheckRemoteDebuggerPresent.dll b/Release/DD.Plugin.CheckRemoteDebuggerPresent.dll
index fad31cd..d774e68 100644
Binary files a/Release/DD.Plugin.CheckRemoteDebuggerPresent.dll and b/Release/DD.Plugin.CheckRemoteDebuggerPresent.dll differ
diff --git a/Release/DD.Plugin.DebugObject.dll b/Release/DD.Plugin.DebugObject.dll
index 8f67d82..3dd2a5a 100644
Binary files a/Release/DD.Plugin.DebugObject.dll and b/Release/DD.Plugin.DebugObject.dll differ
diff --git a/Release/DD.Plugin.FindBadDrivers.dll b/Release/DD.Plugin.FindBadDrivers.dll
index e641c24..a6df166 100644
Binary files a/Release/DD.Plugin.FindBadDrivers.dll and b/Release/DD.Plugin.FindBadDrivers.dll differ
diff --git a/Release/DD.Plugin.FindBadProcesses.dll b/Release/DD.Plugin.FindBadProcesses.dll
index 6681d34..cc220d8 100644
Binary files a/Release/DD.Plugin.FindBadProcesses.dll and b/Release/DD.Plugin.FindBadProcesses.dll differ
diff --git a/Release/DD.Plugin.FindBadWindows.dll b/Release/DD.Plugin.FindBadWindows.dll
index efdb1b7..f98fc93 100644
Binary files a/Release/DD.Plugin.FindBadWindows.dll and b/Release/DD.Plugin.FindBadWindows.dll differ
diff --git a/Release/DD.Plugin.HardwareBreakpoint.dll b/Release/DD.Plugin.HardwareBreakpoint.dll
index 7a019e8..27a3c99 100644
Binary files a/Release/DD.Plugin.HardwareBreakpoint.dll and b/Release/DD.Plugin.HardwareBreakpoint.dll differ
diff --git a/Release/DD.Plugin.IsDebuggerPresent.dll b/Release/DD.Plugin.IsDebuggerPresent.dll
index b224fc5..e61a843 100644
Binary files a/Release/DD.Plugin.IsDebuggerPresent.dll and b/Release/DD.Plugin.IsDebuggerPresent.dll differ
diff --git a/Release/DD.Plugin.MemoryBreakpoint.dll b/Release/DD.Plugin.MemoryBreakpoint.dll
index 142c794..6161d08 100644
Binary files a/Release/DD.Plugin.MemoryBreakpoint.dll and b/Release/DD.Plugin.MemoryBreakpoint.dll differ
diff --git a/Release/DD.Plugin.NTQuerySystemInformation.dll b/Release/DD.Plugin.NTQuerySystemInformation.dll
new file mode 100644
index 0000000..700baf2
Binary files /dev/null and b/Release/DD.Plugin.NTQuerySystemInformation.dll differ
diff --git a/Release/DD.Plugin.NTYieldExecution.dll b/Release/DD.Plugin.NTYieldExecution.dll
index b649c91..f7d592d 100644
Binary files a/Release/DD.Plugin.NTYieldExecution.dll and b/Release/DD.Plugin.NTYieldExecution.dll differ
diff --git a/Release/DD.Plugin.NtSetDebugFilterState.dll b/Release/DD.Plugin.NtSetDebugFilterState.dll
new file mode 100644
index 0000000..3bddcb5
Binary files /dev/null and b/Release/DD.Plugin.NtSetDebugFilterState.dll differ
diff --git a/Release/DD.Plugin.OpenCSRSS.dll b/Release/DD.Plugin.OpenCSRSS.dll
index 7a15dc1..37a12c1 100644
Binary files a/Release/DD.Plugin.OpenCSRSS.dll and b/Release/DD.Plugin.OpenCSRSS.dll differ
diff --git a/Release/DD.Plugin.OutputDebugString.dll b/Release/DD.Plugin.OutputDebugString.dll
index ca5a8ce..56e54c5 100644
Binary files a/Release/DD.Plugin.OutputDebugString.dll and b/Release/DD.Plugin.OutputDebugString.dll differ
diff --git a/Release/DD.Plugin.PEBDebugFlag.dll b/Release/DD.Plugin.PEBDebugFlag.dll
index 037053c..623ea25 100644
Binary files a/Release/DD.Plugin.PEBDebugFlag.dll and b/Release/DD.Plugin.PEBDebugFlag.dll differ
diff --git a/Release/DD.Plugin.PEBGlobalFlags.dll b/Release/DD.Plugin.PEBGlobalFlags.dll
index 47ab328..a995e6e 100644
Binary files a/Release/DD.Plugin.PEBGlobalFlags.dll and b/Release/DD.Plugin.PEBGlobalFlags.dll differ
diff --git a/Release/DD.Plugin.PEBProcHeapFlag.dll b/Release/DD.Plugin.PEBProcHeapFlag.dll
index 89f800c..2fec3e1 100644
Binary files a/Release/DD.Plugin.PEBProcHeapFlag.dll and b/Release/DD.Plugin.PEBProcHeapFlag.dll differ
diff --git a/Release/DD.Plugin.ParentProcess.dll b/Release/DD.Plugin.ParentProcess.dll
index 0d2c0e4..e22cff7 100644
Binary files a/Release/DD.Plugin.ParentProcess.dll and b/Release/DD.Plugin.ParentProcess.dll differ
diff --git a/Release/DD.Plugin.ProcessDebugFlag.dll b/Release/DD.Plugin.ProcessDebugFlag.dll
index bab939c..e15ac61 100644
Binary files a/Release/DD.Plugin.ProcessDebugFlag.dll and b/Release/DD.Plugin.ProcessDebugFlag.dll differ
diff --git a/Release/DD.Plugin.UnhandledException.dll b/Release/DD.Plugin.UnhandledException.dll
index 6ebff3d..17531a5 100644
Binary files a/Release/DD.Plugin.UnhandledException.dll and b/Release/DD.Plugin.UnhandledException.dll differ
diff --git a/Release/DebugDetector.exe b/Release/DebugDetector.exe
index 4a3abe8..5caa4af 100644
Binary files a/Release/DebugDetector.exe and b/Release/DebugDetector.exe differ