■ ■ ■ ■ ■ ■
SearchAvailableExe/SearchAvailableExe.cpp
| skipped 148 lines |
| 149 | 149 | | } |
| 150 | 150 | | |
| 151 | 151 | | int main(int argc, char* argv[]) { |
| 152 | | - | |
| | 152 | + | //处理传入的参数 |
| 153 | 153 | | memset(&c, 0, sizeof(c)); |
| 154 | 154 | | |
| 155 | 155 | | c.dllCount = 1; |
| skipped 18 lines |
| 174 | 174 | | } |
| 175 | 175 | | output = &outputFile; |
| 176 | 176 | | } |
| 177 | | - | |
| | 177 | + | //第一步:多线程递归遍历指定目录,筛选出带有签名的可执行文件,并获取可能需要加载dll信息等 |
| 178 | 178 | | if (c.input[0] == 0) { |
| 179 | 179 | | for (char drive = 'A'; drive <= 'Z'; ++drive) { |
| 180 | 180 | | wstring rootDirectory = wstring(1, drive) + L":"; |
| skipped 3 lines |
| 184 | 184 | | else { |
| 185 | 185 | | ListExecutableFiles(ConvertToWideString(c.input)); |
| 186 | 186 | | } |
| 187 | | - | |
| | 187 | + | //对遍历的结果排序 |
| 188 | 188 | | sort(results.begin(), results.end(), compare); |
| 189 | 189 | | |
| | 190 | + | //根据指定条件对结果过滤 |
| 190 | 191 | | results.erase(std::remove_if(results.begin(), results.end(), isUnwanted), results.end()); |
| 191 | 192 | | |
| | 193 | + | //创建线程,监听第二步运行时的报错弹窗,及时关闭 |
| 192 | 194 | | HANDLE hThread = CreateThread(NULL, 0, MonitorThread, NULL, 0, NULL); |
| 193 | 195 | | |
| 194 | | - | //运行目标程序,判断是否会加载hook的dll |
| | 196 | + | //第二步:多线程运行找到的白程序,判断是否会加载被hook的dll,并进行上线测试 |
| 195 | 197 | | std::vector<std::thread> threads; |
| 196 | 198 | | for (const auto& result : results) { |
| 197 | 199 | | threads.push_back(std::thread(RunPE, result)); |
| skipped 3 lines |
| 201 | 203 | | |
| 202 | 204 | | TerminateThread(hThread, 0); |
| 203 | 205 | | |
| | 206 | + | //对结果进行过滤,去除不满足条件的白程序 |
| 204 | 207 | | results.erase(std::remove_if(results.begin(), results.end(), isAvailable), results.end()); |
| 205 | 208 | | |
| 206 | 209 | | *output << "找到可利用白文件:" << results.size() << "个" << endl; |
| skipped 39 lines |
