Awesome
Memory integrity check
Retrieve all non-writable sections with IMAGE_SCN_MEM_WRITE
flag in specified module then hash original bytes of section via CRC32 instruction
Repeat steps in loop and compare new bytes of section via integrity::check::compare_checksums
Example for usage
std::int32_t main(int, char **)
{
integrity::check check = integrity::check();
while (true)
{
const std::vector<integrity::check::section> §ions = check.compare_checksums(check.retrieve_sections());
if (!sections.size())
std::cout << "all sections are good" << std::endl;
for (const integrity::check::section §ion : sections)
std::cout << section.name << " section has been changed" << std::endl;
std::this_thread::sleep_for(500ms);
}
return EXIT_SUCCESS;
}