admin/awesome_anti_virus_engine
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

按照样本优化了一下

Browse Source
This commit is contained in:
Huoji's
2025-04-23 03:48:16 +08:00
parent 8cfd24ab43
commit 785f0da7fe
11 changed files with 747 additions and 329 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
ai_anti_malware/native_struct.h
View File

@@ -221,11 +221,27 @@ typedef struct _LDR_DATA_TABLE_ENTRY {
};
};
} LDR_DATA_TABLE_ENTRY, *PLDR_DATA_TABLE_ENTRY;
//0x18 bytes (sizeof)
struct _CURDIR
{
struct _UNICODE_STRING DosPath; //0x0
VOID* Handle; //0x10
};
typedef struct _RTL_USER_PROCESS_PARAMETERS {
BYTE Reserved1[16];
PVOID Reserved2[10];
UNICODE_STRING ImagePathName;
UNICODE_STRING CommandLine;
ULONG MaximumLength; //0x0
ULONG Length; //0x4
ULONG Flags; //0x8
ULONG DebugFlags; //0xc
VOID* ConsoleHandle; //0x10
ULONG ConsoleFlags; //0x18
VOID* StandardInput; //0x20
VOID* StandardOutput; //0x28
VOID* StandardError; //0x30
struct _CURDIR CurrentDirectory; //0x38
struct _UNICODE_STRING DllPath; //0x50
struct _UNICODE_STRING ImagePathName; //0x60
struct _UNICODE_STRING CommandLine; //0x70
VOID* Environment; //0x80
} RTL_USER_PROCESS_PARAMETERS, *PRTL_USER_PROCESS_PARAMETERS;
typedef struct _BASE_RELOCATION_ENTRY {
@@ -1019,7 +1035,7 @@ struct struct_handle_table {
char name[MAX_PATH]; // 名称
};
struct struct_moudle {
char name[MAX_PATH];
std::string name;
uint64_t entry;
uint64_t base;
uint64_t size;