dkrutsko · January 24, 2017 03:42
diff --git a/Antiscan b/Antiscan

 // Link with psapi.lib

 #define NOMINMAX
 #define WIN32_LEAN_AND_MEAN
 #include <Windows.h>
 #include <Psapi.h>

 int main (void)
 {
 	// Allocate some non-physically backed memory
 	auto address = VirtualAlloc (nullptr, 0x1000,
 		MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);

 	while (true)
 	{
 		// Usually performed in some detection thread
 		PSAPI_WORKING_SET_EX_INFORMATION info = { 0 };
 		info.VirtualAddress = address;

 		// Check if our non-physically backed memory is valid
 		auto result = QueryWorkingSetEx (GetCurrentProcess(),
 			&info, sizeof (PSAPI_WORKING_SET_EX_INFORMATION));

 		// Shouldn't happen
 		if (result == FALSE)
 			return 1;

 		// Check if a scan was preformed
 		if (info.VirtualAttributes.Valid)
 			return 2; // Scan detected!!

 		Sleep (50);
 	}

 	return 0;
 }

	// Link with psapi.lib

	#define NOMINMAX
	#define WIN32_LEAN_AND_MEAN
	#include <Windows.h>
	#include <Psapi.h>

	int main (void)
	{
	// Allocate some non-physically backed memory
	auto address = VirtualAlloc (nullptr, 0x1000,
	MEM_RESERVE \| MEM_COMMIT, PAGE_READWRITE);

	while (true)
	{
	// Usually performed in some detection thread
	PSAPI_WORKING_SET_EX_INFORMATION info = { 0 };
	info.VirtualAddress = address;

	// Check if our non-physically backed memory is valid
	auto result = QueryWorkingSetEx (GetCurrentProcess(),
	&info, sizeof (PSAPI_WORKING_SET_EX_INFORMATION));

	// Shouldn't happen
	if (result == FALSE)
	return 1;

	// Check if a scan was preformed
	if (info.VirtualAttributes.Valid)
	return 2; // Scan detected!!

	Sleep (50);
	}

	return 0;
	}