Anti-WriteProcessMemory hook plugin for Enigma Protector with Full Source and Binary

Anti-WriteProcessMemory hook plugin for Enigma Protector with Full Source and Binary

Anti-WriteProcessMemory hook plugin for Enigma Protector with Full Source and Binary
Anti-WriteProcessMemory hook plugin for Enigma Protector with Full Source and Binary


This plugin checks if the WriteProcessMemory Windows API is hooked by anyone. It will work in future versions! It simply checks if the fisrt byte of WriteProcessMemory is a jmp instruction. If WriteProcessMemory function is hooked then application is terminating without any messages.

This plugin allows to avoid injecting into your application of any tools that hook WriteProcessMemory Windows API. WriteProcessMemory API is using for writing any data to the "remote" process, remote mean any executed process that has enough privileges.

Why it is dangerous to work with hooked WriteProcessMemory? If any application hooks WriteProcessMemory function of your application, it may get access of the data that you are working with, for example, I noticed that there are such tools on the net that allows to get data that your application is writing to other properties.

Plugin installation:
- extract file writeprocessmemoryinject.dll from WriteProcessMemory_Inject_bin.zip archive into The Enigma Protector\Plugins folder,
- open Enigma,
- go to Miscellaneous-Pluigns panel,
- you should see new plugin in the list, enable it and protect your file.

Only for V.I.P
Warning! You are not allowed to view this text.


Information
Users of Guests are not allowed to comment this publication.