-
Notifications
You must be signed in to change notification settings - Fork 46
/
Copy pathPreventions.hpp
61 lines (44 loc) · 2.53 KB
/
Preventions.hpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
//By AlSch092 @github
#pragma once
#include "Process/Process.hpp"
#include "Process/Exports.hpp"
#include "AntiTamper/remap.hpp"
#include "Obscure/Obfuscation.hpp"
#include "Common/Error.hpp"
#include "Common/Utility.hpp"
#include "Common/Globals.hpp"
#include "Common/Settings.hpp"
#include "AntiTamper/Integrity.hpp"
class Preventions final
{
public:
Preventions(shared_ptr<Settings> config, bool preventingThreads, shared_ptr<Integrity> integrityChecker) : IsPreventingThreadCreation(preventingThreads), integrityChecker(integrityChecker), Config(config)
{
}
Preventions(Preventions&&) = delete; //delete move constructr
Preventions& operator=(Preventions&&) noexcept = default; //delete move assignment operator
Preventions(const Preventions&) = delete; //delete copy constructor
Preventions& operator=(const Preventions&) = delete; //delete assignment operator
Preventions operator+(Preventions& other) = delete; //delete all arithmetic operators, unnecessary for context
Preventions operator-(Preventions& other) = delete;
Preventions operator*(Preventions& other) = delete;
Preventions operator/(Preventions& other) = delete;
void SetThreadCreationPrevention(bool onoff) { this->IsPreventingThreadCreation = onoff; }
bool IsPreventingThreads() const { return this->IsPreventingThreadCreation; }
Error DeployBarrier(); //activate all protections
static bool RemapProgramSections();
static bool PreventDllInjection(); //experimental, gives warning messagebox
static bool PreventShellcodeThreads(); //experimental, gives warning messagebox
static bool StopAPCInjection(); //patch over ntdll.Ordinal8
#if _WIN32_WINNT >= 0x0602
static void EnableProcessMitigations(bool useDEP, bool useASLR, bool useDynamicCode, bool useStrictHandles, bool useSystemCallDisable); //interesting technique which uses the loader & system to block certain types of attacks, such as unsigned modules being injected
#endif
static BYTE* SpoofPEB(); //not advisable to use this currently
static bool StopMultipleProcessInstances(); //stop multi-boxing via shared memory
bool RandomizeModuleName(); //uses OriginalModuleName member, thus is not static
private:
const wstring OriginalModuleName = L"UltimateAnticheat.exe"; //since we rename the module in the process context to something random, store the original
bool IsPreventingThreadCreation; //used in TLS callback if we want to supress or track new threads
shared_ptr<Integrity> integrityChecker = nullptr;
shared_ptr<Settings> Config = nullptr;
};