Skip to content

Commit 638e207

Browse files
forentfrapsforentfraps
committed
readable output
1 parent 8152f0a commit 638e207

File tree

1 file changed

+8
-4
lines changed

1 file changed

+8
-4
lines changed

main.c

Lines changed: 8 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -192,11 +192,11 @@ int compare_text_ntdll64(unsigned char *stock_ntdll, int stock_size,
192192
int bad_byte = 0;
193193
for (int i = 0; i < process_size; ++i) {
194194
if (stock_ntdll[i] != process_ntdll[i]) {
195-
printf("Byte %d\n", i);
195+
// printf("Byte %d\n", i);
196196
bad_byte++;
197197
}
198198
}
199-
printf("The amount of funny bytes %d \n", bad_byte);
199+
// printf("The amount of funny bytes %d \n", bad_byte);
200200
return bad_byte;
201201
}
202202
int iterate_processes(unsigned char *stock_text, int stock_size) {
@@ -216,25 +216,29 @@ int iterate_processes(unsigned char *stock_text, int stock_size) {
216216
CloseHandle(hSnapshot);
217217
return 1;
218218
}
219-
219+
int funny_process_counter = 0;
220+
int usermod_process = 0;
220221
do {
221222
// printf("Process ID: %lu\n", pe32.th32ProcessID);
222223

223224
HANDLE hProcess = OpenProcess(PROCESS_VM_READ, FALSE, pe32.th32ProcessID);
224225
if (parse_process_ntdll64(hProcess, &process_text, &process_size)) {
225226
continue;
226227
}
227-
228+
usermod_process++;
228229
if (compare_text_ntdll64(stock_text, stock_size, process_text,
229230
process_size)) {
230231

231232
printf("Process %lu is funny\n", pe32.th32ProcessID);
233+
funny_process_counter++;
232234
}
233235
HeapFree(GetProcessHeap(), 0, process_text);
234236

235237
} while (Process32Next(hSnapshot, &pe32));
236238

237239
CloseHandle(hSnapshot);
240+
printf("Total funny process: %d out of %d\n", funny_process_counter,
241+
usermod_process);
238242
return 0;
239243
}
240244
int main() {

0 commit comments

Comments
 (0)