diff --git a/Methods/MethodWireShark.h b/Methods/MethodWireShark.h new file mode 100644 index 0000000..e1f8ba6 --- /dev/null +++ b/Methods/MethodWireShark.h @@ -0,0 +1,109 @@ +#pragma once + +#include +#include +#include +#include + +class DriverDetector { +private: + + SC_HANDLE scManager; + +public: + + DriverDetector() { + scManager = OpenSCManager( + nullptr, + nullptr, + SC_MANAGER_ENUMERATE_SERVICE + ); + } + + ~DriverDetector() { + if (scManager) { + CloseServiceHandle(scManager); + } + } + + bool isDriverRunning(const std::string& driverName) const { + SC_HANDLE serviceHandle = OpenServiceA( + scManager, + driverName.c_str(), + SERVICE_QUERY_STATUS + ); + + if (serviceHandle == nullptr) { + return false; + } + + SERVICE_STATUS_PROCESS statusBuffer; + DWORD bytesNeeded; + bool isRunning = false; + + if (QueryServiceStatusEx( + serviceHandle, + SC_STATUS_PROCESS_INFO, + reinterpret_cast(&statusBuffer), + sizeof(SERVICE_STATUS_PROCESS), + &bytesNeeded)) { + + isRunning = (statusBuffer.dwCurrentState == SERVICE_RUNNING); + } + + CloseServiceHandle(serviceHandle); + return isRunning; + } + + bool stopDriver(const std::string& driverName) const { + SC_HANDLE serviceHandle = OpenServiceA( + scManager, + driverName.c_str(), + SERVICE_STOP + ); + + if (serviceHandle == nullptr) { + return false; + } + + SERVICE_STATUS status; + bool success = ControlService( + serviceHandle, + SERVICE_CONTROL_STOP, + &status + ); + + CloseServiceHandle(serviceHandle); + return success; + } +}; + +// Usage example +bool MethodWireShark() { + DriverDetector detector; + + // Check for specific driver (In our case WireShark) + std::string targetDriver = "npcap"; + + if (detector.isDriverRunning(targetDriver)) { + std::cout << "The target driver was found!" << std::endl; + + // Stop the driver * REQUIRES ADMINISTRATOR PRIVILEGES * + /* + if (detector.stopDriver(targetDriver)) { + std::cout << "Stopped driver: " << targetDriver << std::endl; + } + else + { + std::cerr << "Failed to stop driver: " << targetDriver << std::endl; + } + */ + + return true; + } + else + { + std::cout << "The target driver was not found." << std::endl; + return false; + } +} diff --git a/anti-debugging.cpp b/anti-debugging.cpp index 1180156..d6e56e4 100644 --- a/anti-debugging.cpp +++ b/anti-debugging.cpp @@ -21,6 +21,7 @@ #include "Methods/MethodQPC.h" #include "Methods/MethodHeapFlag.h" #include "Methods/MethodLFH.h" +#include "Methods/MethodWireShark.h" LRESULT CALLBACK WindowProcedure( HWND, UINT, WPARAM, LPARAM ); void AddMenus( HWND hWnd ); @@ -168,6 +169,7 @@ void AddControls( HWND hWnd ) { AddMethod( MethodGetLocalTime, "GetLocalTime Detection"); AddMethod( MethodGetTickCount, "GetTickCount Detection"); AddMethod(MethodQPC, "QueryPerformanceCounter Detection"); + AddMethod(MethodWireShark, "WireShark Detection"); hLogo = CreateWindowA( "static", NULL, WS_VISIBLE | WS_CHILD | SS_BITMAP, -10, 0, 100, 100, hWnd, NULL, NULL, NULL ); SendMessageA( hLogo, STM_SETIMAGE, IMAGE_BITMAP, ( LPARAM )hLogoImage );