[Quick Fix] Bloquear Etermgr

**[Admin] tierrilopes** · September 30, 2016 at 05:17 PM

Primeiramente, o binário disponibilizado aqui no fórum já bloqueia por defeito este unpacker.

Como medida adicional podem terminar o processo.

O processo adquire sempre um de dois nomes:

cmd.exe
conhost.exe

Não lhe é possível modificar esse valores para outros, por isso em combinação com o binário aqui disponibilizado isto chega para o bloquear.

Ir até ao ao ficheiro UserInterface/Locale.cpp:

Adicionar este include debaixo dos outros:

#include <tlhelp32.h>

Debaixo do include adicionado, colocar o seguinte código:

void TerminateProc_Func(char* ProcName){

PROCESSENTRY32 pe32;

HANDLE hSnapshot = NULL;

pe32.dwSize = sizeof(PROCESSENTRY32);

hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);

if (Process32First(hSnapshot, &pe32)){

do{

if (strcmp(pe32.szExeFile, ProcName) == 0)

{

HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pe32.th32ProcessID);

TerminateProcess(hProcess, NULL);

}

} while (Process32Next(hSnapshot, &pe32));

}

if (hSnapshot != INVALID_HANDLE_VALUE)

CloseHandle(hSnapshot);

}

void TerminateProc(){

TerminateProc_Func("cmd.exe");

TerminateProc_Func("conhost.exe");

}

void Terminate_Scan(){

again:

TerminateProc();

Sleep(5000);

goto again; }

Procurar por:

void LocaleService_LoadConfig (const char *fileName)

{

Adicionar debaixo:

CreateThread(NULL, NULL, LPTHREAD_START_ROUTINE(Terminate_Scan), NULL, 0, 0);

NOTA: Caso utilizem um platform toolset com _xp, ao detectar o unpacker o cliente poderá não responder e encerrar-se. Para tal uma solução:

Solução (mudar toolset):

Selecionar todos os projectos no visual studio
Clique lado direito
Properties
Configuration Properties
General
Em Platform Toolset selecionar Visual Studio 2013 (v120)
Clique lado direito no projecto e Rebuild All

**theoden1** · December 24, 2017 at 05:51 PM

Olá quando eu quiser desligar, está fora:::1>..\..\source\UserInterface\Locale.cpp(38): error C2065: 'Terminate_Scan' : undeclared identifier
1>..\..\source\UserInterface\Locale.cpp(38): error C2660: 'CreateThread' : function does not take 5 arguments

??

**[Admin] tierrilopes** · December 24, 2017 at 10:01 PM

Olá, só tens de seguir os passos exatamente como estão descritos.

**theoden1** · December 24, 2017 at 11:45 PM

Locale.cpp

Você não poderia me colocar porque, de qualquer forma, estou tentando não ter sucesso:?

**[Admin] tierrilopes** · December 25, 2017 at 04:17 PM

I can write it in english to be easier without translate:

Go to file UserInterface/Locale.cpp

Under the other includes add this:

#include <tlhelp32.h>

Under the include you just added, paste this code:

void TerminateProc_Func(char* ProcName){

PROCESSENTRY32 pe32;

HANDLE hSnapshot = NULL;

pe32.dwSize = sizeof(PROCESSENTRY32);

hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);

if (Process32First(hSnapshot, &pe32)){

do{

if (strcmp(pe32.szExeFile, ProcName) == 0)

{

HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pe32.th32ProcessID);

TerminateProcess(hProcess, NULL);

}

} while (Process32Next(hSnapshot, &pe32));

}

if (hSnapshot != INVALID_HANDLE_VALUE)

CloseHandle(hSnapshot);

}

void TerminateProc(){

TerminateProc_Func("cmd.exe");

TerminateProc_Func("conhost.exe");

}

void Terminate_Scan(){

again:

TerminateProc();

Sleep(5000);

goto again; }

Look for:

void LocaleService_LoadConfig (const char *fileName)

{

Add this bellow:

CreateThread(NULL, NULL, LPTHREAD_START_ROUTINE(Terminate_Scan), NULL, 0, 0);

Follow the tutorial just as it is described and you cant have errors on it, just follow EXACTLY as it is described.

I wont do it for you as tutorial exists for a reason.

**theoden1** · December 25, 2017 at 05:12 PM

Same mistake please check out what's in it

Locale.cpp

**[Admin] tierrilopes** · December 25, 2017 at 05:18 PM

You're not understanding the tutorial properly, read this part again:

« Under the include you just added, paste this code: »

You're placing the code at end of the file, when you need to add it just after the include you added on the file.

Otherwise you will have that error, because you're calling a function before it was declared

**theoden1** · December 25, 2017 at 05:38 PM

Anyway I try not to succeed please help me

**[Admin] tierrilopes** · December 25, 2017 at 05:54 PM

Sorry but no. I gave you all the information you need to fix the error, if i do it for you and it happens again you wont know what to do.

**theoden1** · December 25, 2017 at 06:06 PM

**[Admin] tierrilopes** · December 27, 2017 at 04:15 AM

On 25/12/2017 at 6:06 PM, theoden1 said:

You didnt replied so i guess you couldnt fix the issue.

The problem was that you were calling the function before defining it first.

In the tutorial i say to add the code after the "include", at the begining of the file, but you probably misread and added it at the bottom of the page.

In attachment its your fixed file, please compare both to understand what you did wrong.

Regards

Locale.cpp

**AprendizM2** · March 24, 2018 at 07:08 PM

posso adcionar outras extensoes aqui ?

void TerminateProc(){

TerminateProc_Func("cmd.exe");

TerminateProc_Func("conhost.exe");

}

Sign In

[Quick Fix] Bloquear Etermgr

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Create an account or sign in to comment

Create an account

Sign in