Gonzalez Posted September 11, 2009 Report Posted September 11, 2009 ; ================================================================; [ Anti-Wireshark ]; Coded by Armaked0n of Macedonian Forces; ----------------------------------------------------------------; Greetz: Darkness.MKD, Darker, Bra1n1aC, KnOppIx, Outlaw, Vertigo; ================================================================.386.model flat, stdcall option casemap : none include windows.inc include kernel32.inc include user32.inc includelib kernel32.lib includelib user32.lib.data szWiresharkWinText CHAR 'The Wireshark Network Analyzer', NULL szWiresharkWinClass CHAR 'gdkWindowToplevel', NULL.code Start proc push TRUE call AntiWireshark push NULL call ExitProcess Start endp ; ================================================================================== ; AntiWireshark -> anti Wireshark procedure ; ---------------------------------------------------------------------------------- ; BOOL bKillWireshark ; Specifies whether the function should kill Wireshark if detected. TRUE specifies ; that this should be done, FALSE that the program should exit. ; ================================================================================== AntiWireshark proc bKillWireshark : BOOL push offset szWiresharkWinText push offset szWiresharkWinClass call FindWindow cmp eax, NULL jne @wireshark_detected ret @wireshark_detected: cmp dword ptr [bKillWireshark], FALSE jne @kill_wireshark push NULL call ExitProcess @kill_wireshark: push NULL push NULL push WM_CLOSE push eax call SendMessage ret AntiWireshark endpend Start Quote
