- 论坛徽章:
- 0
|
注册这么久,总不发个帖子,不合适。混个积分,不介意吧
#!perl -w
#可能不能检测到所有注入方式,但常见的都是此类
#
use Win32::ToolHelp;
print "\t\t\tDLL inject Checker\n\t\t\tBy Xti9er\n","-"x75,"\n";
my @ps = Win32::ToolHelp::GetProcesses();
foreach my $p (@ps)
{
next if $$p[1]==$$;
my @ms = Win32::ToolHelp::GetProcessModules($$p[1]);
foreach my $m (@ms)
{
next if $$m[8]=~/socket.dll$|ws03res.dll$/i; #过滤掉一些自身的文件和某些系统文件
print "[!] DLL Inject: $$m[8] -> $$p[8] \n" if sprintf("%x",$$m[4]) eq 10000000 ;
}
}
print "-"x75,"\n"; |
[ 本帖最后由 xti9er 于 2009-4-9 11:25 编辑 ] |
|