From e57c08e06706d54fbb288867dce7745f78917a36 Mon Sep 17 00:00:00 2001 From: hasherezade Date: Sun, 1 Sep 2024 11:07:34 -0700 Subject: [PATCH] [FEATURE] ThreadScanner: break on first shellcode. Skip .NET --- scanners/thread_scanner.cpp | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/scanners/thread_scanner.cpp b/scanners/thread_scanner.cpp index eb4ef78c6..df7135ef1 100644 --- a/scanners/thread_scanner.cpp +++ b/scanners/thread_scanner.cpp @@ -128,7 +128,8 @@ size_t pesieve::ThreadScanner::analyzeStackFrames(IN const std::vectorgetModName() : ""; if (mod_name.length() == 0) { - if (cDetails.is_managed) { -#ifdef _SHOW_THREAD_INFO - std::cout << "\t" << std::hex << next_return << " <=== .NET JIT\n"; -#endif //_SHOW_THREAD_INFO - } - else { + if (!cDetails.is_managed) { has_shellcode = is_curr_shc = true; #ifdef _SHOW_THREAD_INFO std::cout << "\t" << std::hex << next_return << " <=== SHELLCODE\n"; +#endif //_SHOW_THREAD_INFO + } else { +#ifdef _SHOW_THREAD_INFO + std::cout << "\t" << std::hex << next_return << " <=== .NET JIT\n"; #endif //_SHOW_THREAD_INFO } }