-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathcRainDear.cpp
42 lines (34 loc) · 902 Bytes
/
cRainDear.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
#include "cRainDear.h"
cRainDear::cRainDear()
{
_pLogger = cLogger::Get();
_pKernal = cKernal::Get();
_pMemory = cMemory::Get();
}
cRainDear::~cRainDear()
{
}
cPortableExecutable_t cRainDear::CreatePEParser(const std::string imagePath)
{
return std::make_shared<cPortableExecutable>(imagePath);
}
cKernal_t cRainDear::GetKernalInterface()
{
return _pKernal;
}
cMemory_t cRainDear::GetMemoryInterface()
{
return _pMemory;
}
void cRainDear::DisableAntiDebugger()
{
if (!_pMemory->IsProcessAttatched())
{
_pLogger->PrintVar("No process attatched to disable anti-debugger", true);
return;
}
void* pebTable = _pKernal->GetPEBFromHandle(_pMemory->GetCurrentProcessHandle());
// 0x2 is PEB's isBeingDebugged flag which we set to 0 to bypass IsDebuggerPresent()
_pMemory->WriteMemory<char>(reinterpret_cast<char*>(pebTable) + 0x2, 0);
_pLogger->PrintVar("Anti-debugger successful");
}