├── README.md
├── license.txt
├── malm.exe.manifest
├── malm.ncb
├── malm.sln
├── malm.suo
└── malm
    ├── Debug
        ├── BuildLog.htm
        ├── heap.obj
        ├── i_heap.obj
        ├── i_module.obj
        ├── i_process.obj
        ├── i_system.obj
        ├── malm.exe.embed.manifest
        ├── malm.exe.embed.manifest.res
        ├── malm.exe.intermediate.manifest
        ├── malm.obj
        ├── malm.pch
        ├── malm.res
        ├── module.obj
        ├── mt.dep
        ├── process.obj
        ├── stdafx.obj
        ├── system.obj
        ├── vc90.idb
        └── vc90.pdb
    ├── DynArray.h
    ├── ReadMe.txt
    ├── Release
        ├── BuildLog.htm
        ├── i_ext_tool.obj
        ├── i_heap.obj
        ├── i_module.obj
        ├── i_process.obj
        ├── i_system.obj
        ├── malm.exe.intermediate.manifest
        ├── malm.obj
        ├── malm.pch
        ├── malm.res
        ├── mt.dep
        ├── stdafx.obj
        ├── vc90.idb
        └── vc90.pdb
    ├── i_ext_tool.cpp
    ├── i_ext_tool.h
    ├── i_heap.cpp
    ├── i_heap.h
    ├── i_module.cpp
    ├── i_module.h
    ├── i_process.cpp
    ├── i_process.h
    ├── i_system.cpp
    ├── i_system.h
    ├── malm.cpp
    ├── malm.rc
    ├── malm.vcproj
    ├── malm.vcproj.glmcdona-PC.glmcdona.user
    ├── malm_manifest.txt
    ├── resource.h
    ├── stdafx.cpp
    ├── stdafx.h
    ├── targetver.h
    └── x64
        ├── Debug
            ├── BuildLog.htm
            ├── i_heap.obj
            ├── i_module.obj
            ├── i_process.obj
            ├── i_system.obj
            ├── malm.exe.embed.manifest
            ├── malm.exe.embed.manifest.res
            ├── malm.exe.intermediate.manifest
            ├── malm.obj
            ├── malm.pch
            ├── malm.res
            ├── mt.dep
            ├── stdafx.obj
            ├── vc90.idb
            └── vc90.pdb
        └── Release
            ├── BuildLog.htm
            ├── i_ext_tool.obj
            ├── i_heap.obj
            ├── i_module.obj
            ├── i_process.obj
            ├── i_system.obj
            ├── malm.exe.intermediate.manifest
            ├── malm.obj
            ├── malm.pch
            ├── malm.res
            ├── mt.dep
            ├── stdafx.obj
            ├── vc90.idb
            └── vc90.pdb


/README.md:
--------------------------------------------------------------------------------
 1 | # MALM: Malware Monitor
 2 | MALM is a Windows x86 and x64 compatible tool that records new processes, new modules loaded by existing processes, and new executable heaps in existing processes. Run this prior to running the malware sample. malm will log changes it has found, and upon closing (CTRL-C) this tool will print a final report of the state change from the beginning to the end. This tool is quite useful for monitoring where malware resides after execution. This tool is based upon snapshots,so it can miss processes, modules, or heaps that exist for only a short period of time.
 3 | 
 4 | I am maintaining a public binary release download page for this project at:
 5 |   http://split-code.com/malm-malware-monitor.html
 6 | 
 7 | 
 8 | ## Flags
 9 | The command-line flags for MALM are as follows:
10 | 
11 |    -q: quick mode.
12 |         Only generates final report, instead of continually taking snapshots and printing the incremental reports.
13 | 
14 |    -t [seconds]: time limit.
15 |         Quit and generate final report after the specified number of
16 | 
17 | 		
18 | ## Example Usage
19 | 1. Run cmd.exe as Administrator.
20 | 2. In cmd.exe, run MALM.
21 | 3. Execute the malware sample to monitor.
22 | 4. Wait for the malware sample to infect your system. MALM will be printing the incremental reports in cmd.exe.
23 | 5. In cmd.exe, press CTRL-C. The final report will be printed at this time.	
24 | 
25 | 
26 | ## Example Output
27 | The following is a recording when running a live malware sample that allocates executable heaps in the existing svchost.exe process, and copies itself into it. The final report was triggered by a CTRL-C keyboard command. Take appropriate precautions when handling computer viruses - this tool simply monitors the system and does not prevent infection.
28 | 
29 | 	PID 690,7.exe: New process.
30 | 	PID 690,7.exe: No longer accessible from current process security token.
31 | 	PID 690,7.exe: Terminated.
32 | 	PID 3DC,svchost.exe: New executable heap at 0x7A0000
33 | 	PID 3DC,svchost.exe: New executable heap at 0x7A1000
34 | 	PID 3DC,svchost.exe: New executable heap at 0x7A3000
35 | 	PID 3DC,svchost.exe: New executable heap at 0x7A6000
36 | 	PID 3DC,svchost.exe: New executable heap at 0x7A8000
37 | 	PID 3DC,svchost.exe: New executable heap at 0x7B2000
38 | 	PID 3DC,svchost.exe: New executable heap at 0x7B3000
39 | 	PID 3DC,svchost.exe: New executable heap at 0x7B6000
40 | 	
41 | 	Final report of final state versus starting state.
42 | 	--- PID 3DC,svchost.exe ---
43 | 	new exec heap: 7A0000
44 | 	new exec heap: 7A1000
45 | 	new exec heap: 7A3000
46 | 	new exec heap: 7A6000
47 | 	new exec heap: 7A8000
48 | 	new exec heap: 7B2000
49 | 	new exec heap: 7B3000
50 | 	new exec heap: 7B6000
51 | 
52 | 
53 | ## Contributing
54 | Contributions are welcome. Some possible contribution directions are as follows:
55 | * Upgrade the i_module comparer to return 'False' when the code at the module entry point has changed, or if the PE header has changed. Some malware gut out existing modules in memory and replace the code with their malware. In this scenario, this tool may not register the hidden location of the malware within the legitimate previously-loaded module.
56 | * Kernel address-space executable region monitoring.
57 | * Maybe add filesystem and registry change monitoring with a flag.
58 | * Anything else you can think of.
59 | 
60 | 
61 | ## License
62 | Copyright 2012 Geoff McDonald, and other contributors.
63 | http://split-code.com/
64 | 
65 | Permission is hereby granted, free of charge, to any person obtaining
66 | a copy of this software and associated documentation files (the
67 | "Software"), to deal in the Software without restriction, including
68 | without limitation the rights to use, copy, modify, merge, publish,
69 | distribute, sublicense, and/or sell copies of the Software, and to
70 | permit persons to whom the Software is furnished to do so, subject to
71 | the following conditions:
72 | 
73 | The above copyright notice and this permission notice shall be
74 | included in all copies or substantial portions of the Software.
75 | 
76 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
77 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
78 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
79 | NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
80 | LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
81 | OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
82 | WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
83 | 
84 | 
85 | 


--------------------------------------------------------------------------------
/license.txt:
--------------------------------------------------------------------------------
 1 | Copyright (c) 2013, Geoff McDonald
 2 | All rights reserved.
 3 | 
 4 | Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
 5 | * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
 6 | * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
 7 | * Neither the name split-code nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
 8 | 
 9 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
10 | 


--------------------------------------------------------------------------------
/malm.exe.manifest:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/glmcdona/MALM/7f2bc21a70031ccfb7ee69bba09078bc785b417c/malm.exe.manifest


--------------------------------------------------------------------------------
/malm.ncb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/glmcdona/MALM/7f2bc21a70031ccfb7ee69bba09078bc785b417c/malm.ncb


--------------------------------------------------------------------------------
/malm.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 10.00
 3 | # Visual Studio 2008
 4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "malm", "malm\malm.vcproj", "{C86D127A-FD16-4A66-AD3C-3858F701F948}"
 5 | EndProject
 6 | Global
 7 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 8 | 		Debug|Win32 = Debug|Win32
 9 | 		Debug|x64 = Debug|x64
10 | 		Release|Win32 = Release|Win32
11 | 		Release|x64 = Release|x64
12 | 	EndGlobalSection
13 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
14 | 		{C86D127A-FD16-4A66-AD3C-3858F701F948}.Debug|Win32.ActiveCfg = Debug|Win32
15 | 		{C86D127A-FD16-4A66-AD3C-3858F701F948}.Debug|Win32.Build.0 = Debug|Win32
16 | 		{C86D127A-FD16-4A66-AD3C-3858F701F948}.Debug|x64.ActiveCfg = Debug|x64
17 | 		{C86D127A-FD16-4A66-AD3C-3858F701F948}.Debug|x64.Build.0 = Debug|x64
18 | 		{C86D127A-FD16-4A66-AD3C-3858F701F948}.Release|Win32.ActiveCfg = Release|Win32
19 | 		{C86D127A-FD16-4A66-AD3C-3858F701F948}.Release|Win32.Build.0 = Release|Win32
20 | 		{C86D127A-FD16-4A66-AD3C-3858F701F948}.Release|x64.ActiveCfg = Release|x64
21 | 		{C86D127A-FD16-4A66-AD3C-3858F701F948}.Release|x64.Build.0 = Release|x64
22 | 	EndGlobalSection
23 | 	GlobalSection(SolutionProperties) = preSolution
24 | 		HideSolutionNode = FALSE
25 | 	EndGlobalSection
26 | EndGlobal
27 | 


--------------------------------------------------------------------------------
/malm.suo:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/glmcdona/MALM/7f2bc21a70031ccfb7ee69bba09078bc785b417c/malm.suo


--------------------------------------------------------------------------------
/malm/Debug/BuildLog.htm:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/glmcdona/MALM/7f2bc21a70031ccfb7ee69bba09078bc785b417c/malm/Debug/BuildLog.htm


--------------------------------------------------------------------------------
/malm/Debug/heap.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/glmcdona/MALM/7f2bc21a70031ccfb7ee69bba09078bc785b417c/malm/Debug/heap.obj


--------------------------------------------------------------------------------
/malm/Debug/i_heap.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/glmcdona/MALM/7f2bc21a70031ccfb7ee69bba09078bc785b417c/malm/Debug/i_heap.obj


--------------------------------------------------------------------------------
/malm/Debug/i_module.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/glmcdona/MALM/7f2bc21a70031ccfb7ee69bba09078bc785b417c/malm/Debug/i_module.obj


--------------------------------------------------------------------------------
/malm/Debug/i_process.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/glmcdona/MALM/7f2bc21a70031ccfb7ee69bba09078bc785b417c/malm/Debug/i_process.obj


--------------------------------------------------------------------------------
/malm/Debug/i_system.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/glmcdona/MALM/7f2bc21a70031ccfb7ee69bba09078bc785b417c/malm/Debug/i_system.obj


--------------------------------------------------------------------------------
/malm/Debug/malm.exe.embed.manifest:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
 2 | <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
 3 |   <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
 4 |     <security>
 5 |       <requestedPrivileges>
 6 |         <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
 7 |       </requestedPrivileges>
 8 |     </security>
 9 |   </trustInfo>
10 |   <dependency>
11 |     <dependentAssembly>
12 |       <assemblyIdentity type="win32" name="Microsoft.VC90.DebugCRT" version="9.0.21022.8" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity>
13 |     </dependentAssembly>
14 |   </dependency>
15 | </assembly>


--------------------------------------------------------------------------------
/malm/Debug/malm.exe.embed.manifest.res:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/glmcdona/MALM/7f2bc21a70031ccfb7ee69bba09078bc785b417c/malm/Debug/malm.exe.embed.manifest.res


--------------------------------------------------------------------------------
/malm/Debug/malm.exe.intermediate.manifest:
--------------------------------------------------------------------------------
 1 | <?xml version='1.0' encoding='UTF-8' standalone='yes'?>
 2 | <assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
 3 |   <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
 4 |     <security>
 5 |       <requestedPrivileges>
 6 |         <requestedExecutionLevel level='asInvoker' uiAccess='false' />
 7 |       </requestedPrivileges>
 8 |     </security>
 9 |   </trustInfo>
10 |   <dependency>
11 |     <dependentAssembly>
12 |       <assemblyIdentity type='win32' name='Microsoft.VC90.DebugCRT' version='9.0.21022.8' processorArchitecture='x86' publicKeyToken='1fc8b3b9a1e18e3b' />
13 |     </dependentAssembly>
14 |   </dependency>
15 | </assembly>
16 | 


--------------------------------------------------------------------------------
/malm/Debug/malm.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/glmcdona/MALM/7f2bc21a70031ccfb7ee69bba09078bc785b417c/malm/Debug/malm.obj


--------------------------------------------------------------------------------
/malm/Debug/malm.pch:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/glmcdona/MALM/7f2bc21a70031ccfb7ee69bba09078bc785b417c/malm/Debug/malm.pch


--------------------------------------------------------------------------------
/malm/Debug/malm.res:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/glmcdona/MALM/7f2bc21a70031ccfb7ee69bba09078bc785b417c/malm/Debug/malm.res


--------------------------------------------------------------------------------
/malm/Debug/module.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/glmcdona/MALM/7f2bc21a70031ccfb7ee69bba09078bc785b417c/malm/Debug/module.obj


--------------------------------------------------------------------------------
/malm/Debug/mt.dep:
--------------------------------------------------------------------------------
1 | Manifest resource last updated at 21:48:31.21 on Sun 08/12/2012 
2 | 


--------------------------------------------------------------------------------
/malm/Debug/process.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/glmcdona/MALM/7f2bc21a70031ccfb7ee69bba09078bc785b417c/malm/Debug/process.obj


--------------------------------------------------------------------------------
/malm/Debug/stdafx.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/glmcdona/MALM/7f2bc21a70031ccfb7ee69bba09078bc785b417c/malm/Debug/stdafx.obj


--------------------------------------------------------------------------------
/malm/Debug/system.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/glmcdona/MALM/7f2bc21a70031ccfb7ee69bba09078bc785b417c/malm/Debug/system.obj


--------------------------------------------------------------------------------
/malm/Debug/vc90.idb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/glmcdona/MALM/7f2bc21a70031ccfb7ee69bba09078bc785b417c/malm/Debug/vc90.idb


--------------------------------------------------------------------------------
/malm/Debug/vc90.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/glmcdona/MALM/7f2bc21a70031ccfb7ee69bba09078bc785b417c/malm/Debug/vc90.pdb


--------------------------------------------------------------------------------
/malm/DynArray.h:
--------------------------------------------------------------------------------
  1 | //////////////////////////////////////////////////////////////////////
  2 | // DynArray.h: interface&implementation for the DynArray class
  3 | //////////////////////////////////////////////////////////////////////
  4 | 
  5 | #ifndef _AE_DYNARRAY_H_INCLUDED_
  6 | #define _AE_DYNARRAY_H_INCLUDED_
  7 | 
  8 | #include <cstdlib>
  9 | 
 10 | template<class el>
 11 | class DynArray
 12 | {
 13 | public:
 14 |     DynArray(); // constructor 
 15 |     DynArray(const DynArray &a); // copy constructor 
 16 |     ~DynArray(); // distructor 
 17 |     DynArray& operator = (const DynArray &a); // assignment operator 
 18 | 
 19 |     el& operator [] (unsigned int index); // get array item 
 20 |     void Add(const el &item); // Add item to the end of array 
 21 | 
 22 |     unsigned int GetSize(); // get size of array (elements)
 23 |     void SetSize(unsigned int newsize); // set size of array (elements)
 24 |     void Clear(); // clear array
 25 |     void Delete(unsigned int pos); // delete array item 
 26 | 	void* getptr(); // get void* pointer to array data
 27 | 
 28 |     enum exception { MEMFAIL }; // exception enum 
 29 | 	
 30 | private:
 31 |     el *array; // pointer for array's memory 
 32 |     unsigned int size; // size of array (elemets)
 33 |     unsigned int realsize; // actual size of allocated memory  
 34 | 
 35 | 	const static int dyn_array_step = 128; // initial size of array memory (elements)
 36 | 	const static int dyn_array_mult = 2; // multiplier (enlarge array memory 
 37 | 										 // dyn_array_mult times  )
 38 | };
 39 | 
 40 | //////////////////////////////////////////////////////////////////////
 41 | 
 42 | template <class el>
 43 | DynArray<el>::DynArray()
 44 | {
 45 |     realsize = dyn_array_step; // First, allocate step 
 46 | 							   // for dyn_array_step items
 47 |     size = 0;
 48 |     array = (el *)malloc(realsize*sizeof(el));
 49 | 
 50 |     if (array == NULL)
 51 | 		throw MEMFAIL;
 52 | }
 53 | 
 54 | 
 55 | template <class el>
 56 | DynArray<el>::~DynArray()
 57 | {
 58 |     if (array)
 59 |     {
 60 |     	free(array);
 61 |     	array = NULL;
 62 |     }
 63 | }
 64 | 
 65 | 
 66 | template <class el>
 67 | DynArray<el>::DynArray(const DynArray &a)
 68 | {
 69 |     array = (el *)malloc(sizeof(el)*a.realsize);
 70 |     if (array == NULL)
 71 | 		throw MEMFAIL;
 72 | 
 73 |     memcpy(array, a.array, sizeof(el)*a.realsize);
 74 |     realsize = a.realsize;
 75 |     size = a.size;
 76 | }
 77 | 
 78 | 
 79 | template <class el>
 80 | DynArray<el>& DynArray<el>::operator = (const DynArray &a)
 81 | {
 82 |     if (this == &a) // in case somebody tries assign array to itself 
 83 | 		return *this;
 84 | 
 85 | 	if (a.size == 0) // is other array is empty -- clear this array 
 86 | 		Clear();
 87 | 
 88 | 	SetSize(a.size); // set size 
 89 | 
 90 |     memcpy(array, a.array, sizeof(el)*a.size);
 91 | 
 92 |     return *this;
 93 | }
 94 | 
 95 | template <class el>
 96 | unsigned int DynArray<el>::GetSize()
 97 | {
 98 |     return size; // simply return size
 99 | }
100 | 
101 | 
102 | template <class el>
103 | void DynArray<el>::SetSize(unsigned int newsize)
104 | {
105 |     size = newsize;
106 | 
107 | 	if (size != 0)
108 | 	{
109 | 		// change array memory size 
110 | 		// if new size is larger than current 
111 | 		// or new size is less then half of the current 
112 | 		if ((size > realsize) || (size < realsize/2))
113 | 		{
114 | 	    	realsize = size;
115 | 	    	array = (el *)realloc(array, sizeof(el)*size);
116 | 
117 | 			if (array == NULL)
118 | 				throw MEMFAIL;
119 | 		}
120 | 	}
121 | 	else
122 | 		Clear();
123 | }
124 | 
125 | template <class el>
126 | void DynArray<el>::Delete(unsigned int pos)
127 | {
128 | 	if (size == 1) // If array has only one element 
129 | 		Clear(); // than we clear it, since it will be deleted 
130 | 	else
131 | 	{
132 | 		// otherwise, shift array elements 
133 | 		for(unsigned int i=pos; i<size-1; i++) 
134 | 			array[i] = array[i+1];
135 | 
136 | 		// decrease array size
137 | 		size--;
138 | 	}
139 | }
140 | 
141 | template <class el>
142 | void DynArray<el>::Clear() // clear array memory 
143 | {
144 |     size = 0; 
145 | 	array = (el *)realloc(array, sizeof(el)*dyn_array_step); 
146 | 				  // set initial memory size again 
147 | 	realsize = dyn_array_step;
148 | }
149 | 
150 | template <class el>
151 | void* DynArray<el>::getptr()
152 | {
153 |     return array; // return void* pointer 
154 | }
155 | 
156 | template <class el>
157 | el& DynArray<el>::operator [] (unsigned int index)
158 | {
159 |     return array[index]; // return array element 
160 | }
161 | 
162 | template <class el>
163 | void DynArray<el>::Add(const el &item)
164 | {
165 |     size++;
166 | 
167 |     if (size > realsize)
168 |     {
169 | 		realsize *= dyn_array_mult;
170 | 		
171 | 		array = (el *)realloc(array, sizeof(el)*realsize);
172 | 
173 | 		if (array == NULL)
174 | 			throw MEMFAIL;
175 |     }
176 | 
177 | 	array[size-1] = item;
178 | }
179 | 
180 | #endif // ifndef _AE_DYNARRAY_H_INCLUDED_


--------------------------------------------------------------------------------
/malm/ReadMe.txt:
--------------------------------------------------------------------------------
 1 | ========================================================================
 2 |     CONSOLE APPLICATION : malm Project Overview
 3 | ========================================================================
 4 | 
 5 | AppWizard has created this malm application for you.
 6 | 
 7 | This file contains a summary of what you will find in each of the files that
 8 | make up your malm application.
 9 | 
10 | 
11 | malm.vcproj
12 |     This is the main project file for VC++ projects generated using an Application Wizard.
13 |     It contains information about the version of Visual C++ that generated the file, and
14 |     information about the platforms, configurations, and project features selected with the
15 |     Application Wizard.
16 | 
17 | malm.cpp
18 |     This is the main application source file.
19 | 
20 | /////////////////////////////////////////////////////////////////////////////
21 | Other standard files:
22 | 
23 | StdAfx.h, StdAfx.cpp
24 |     These files are used to build a precompiled header (PCH) file
25 |     named malm.pch and a precompiled types file named StdAfx.obj.
26 | 
27 | /////////////////////////////////////////////////////////////////////////////
28 | Other notes:
29 | 
30 | AppWizard uses "TODO:" comments to indicate parts of the source code you
31 | should add to or customize.
32 | 
33 | /////////////////////////////////////////////////////////////////////////////
34 | 


--------------------------------------------------------------------------------
/malm/Release/BuildLog.htm:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/glmcdona/MALM/7f2bc21a70031ccfb7ee69bba09078bc785b417c/malm/Release/BuildLog.htm


--------------------------------------------------------------------------------
/malm/Release/i_ext_tool.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/glmcdona/MALM/7f2bc21a70031ccfb7ee69bba09078bc785b417c/malm/Release/i_ext_tool.obj


--------------------------------------------------------------------------------
/malm/Release/i_heap.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/glmcdona/MALM/7f2bc21a70031ccfb7ee69bba09078bc785b417c/malm/Release/i_heap.obj


--------------------------------------------------------------------------------
/malm/Release/i_module.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/glmcdona/MALM/7f2bc21a70031ccfb7ee69bba09078bc785b417c/malm/Release/i_module.obj


--------------------------------------------------------------------------------
/malm/Release/i_process.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/glmcdona/MALM/7f2bc21a70031ccfb7ee69bba09078bc785b417c/malm/Release/i_process.obj


--------------------------------------------------------------------------------
/malm/Release/i_system.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/glmcdona/MALM/7f2bc21a70031ccfb7ee69bba09078bc785b417c/malm/Release/i_system.obj


--------------------------------------------------------------------------------
/malm/Release/malm.exe.intermediate.manifest:
--------------------------------------------------------------------------------
 1 | <?xml version='1.0' encoding='UTF-8' standalone='yes'?>
 2 | <assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
 3 |   <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
 4 |     <security>
 5 |       <requestedPrivileges>
 6 |         <requestedExecutionLevel level='asInvoker' uiAccess='false' />
 7 |       </requestedPrivileges>
 8 |     </security>
 9 |   </trustInfo>
10 |   <dependency>
11 |     <dependentAssembly>
12 |       <assemblyIdentity type='win32' name='Microsoft.VC90.CRT' version='9.0.21022.8' processorArchitecture='x86' publicKeyToken='1fc8b3b9a1e18e3b' />
13 |     </dependentAssembly>
14 |   </dependency>
15 | </assembly>
16 | 


--------------------------------------------------------------------------------
/malm/Release/malm.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/glmcdona/MALM/7f2bc21a70031ccfb7ee69bba09078bc785b417c/malm/Release/malm.obj


--------------------------------------------------------------------------------
/malm/Release/malm.pch:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/glmcdona/MALM/7f2bc21a70031ccfb7ee69bba09078bc785b417c/malm/Release/malm.pch


--------------------------------------------------------------------------------
/malm/Release/malm.res:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/glmcdona/MALM/7f2bc21a70031ccfb7ee69bba09078bc785b417c/malm/Release/malm.res


--------------------------------------------------------------------------------
/malm/Release/mt.dep:
--------------------------------------------------------------------------------
1 | Manifest resource last updated at 12:46:00.99 on Sun 12/16/2012 
2 | 


--------------------------------------------------------------------------------
/malm/Release/stdafx.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/glmcdona/MALM/7f2bc21a70031ccfb7ee69bba09078bc785b417c/malm/Release/stdafx.obj


--------------------------------------------------------------------------------
/malm/Release/vc90.idb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/glmcdona/MALM/7f2bc21a70031ccfb7ee69bba09078bc785b417c/malm/Release/vc90.idb


--------------------------------------------------------------------------------
/malm/Release/vc90.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/glmcdona/MALM/7f2bc21a70031ccfb7ee69bba09078bc785b417c/malm/Release/vc90.pdb


--------------------------------------------------------------------------------
/malm/i_ext_tool.cpp:
--------------------------------------------------------------------------------
 1 | #include "StdAfx.h"
 2 | #include "i_ext_tool.h"
 3 | 
 4 | string i_ext_tool::compare( i_ext_tool other )
 5 | {
 6 | 	// Compare and print the difference
 7 | 	return "";
 8 | }
 9 | 
10 | string i_ext_tool::readOutput(HANDLE g_hChildStd_OUT_Rd)
11 | {
12 | 	DWORD dwRead, dwWritten; 
13 | 	CHAR chBuf[BUFSIZE]; 
14 | 	BOOL bSuccess = FALSE;
15 | 	string result = "";
16 | 	for (;;) 
17 | 	{ 
18 | 		bSuccess = ReadFile( g_hChildStd_OUT_Rd, chBuf, BUFSIZE, &dwRead, NULL);
19 | 		if( ! bSuccess || dwRead == 0 ) break; 
20 | 		result = result.append( chBuf );
21 | 	} 
22 | 	return "";
23 | }
24 | 
25 | i_ext_tool::i_ext_tool(LPWSTR command, LPCTSTR description)
26 | {
27 | 	PROCESS_INFORMATION piProcInfo; 
28 | 	STARTUPINFO siStartInfo;
29 | 	BOOL bSuccess = FALSE;
30 | 	SECURITY_ATTRIBUTES saAttr; 
31 | 	HANDLE g_hChildStd_IN_Rd = NULL;
32 | 	HANDLE g_hChildStd_IN_Wr = NULL;
33 | 	HANDLE g_hChildStd_OUT_Rd = NULL;
34 | 	HANDLE g_hChildStd_OUT_Wr = NULL;
35 | 		
36 | 	// Set the bInheritHandle flag so pipe handles are inherited. 
37 | 	saAttr.nLength = sizeof(SECURITY_ATTRIBUTES); 
38 | 	saAttr.bInheritHandle = TRUE; 
39 | 	saAttr.lpSecurityDescriptor = NULL; 
40 | 
41 | 	// Create a pipe for the child process's STDOUT. 
42 | 	if ( ! CreatePipe(&g_hChildStd_OUT_Rd, &g_hChildStd_OUT_Wr, &saAttr, 0) ) 
43 | 		printf("Failed to create pipe for %S.", command);
44 | 
45 | 	// Ensure the read handle to the pipe for STDOUT is not inherited.
46 | 	if ( ! SetHandleInformation(g_hChildStd_OUT_Rd, HANDLE_FLAG_INHERIT, 0) )
47 | 		printf("Failed to set handle information for %S.", command);
48 |  
49 | 	// Set up members of the PROCESS_INFORMATION structure. 
50 | 	ZeroMemory( &piProcInfo, sizeof(PROCESS_INFORMATION) );
51 |  
52 | 	// Set up members of the STARTUPINFO structure. 
53 | 	// This structure specifies the STDIN and STDOUT handles for redirection.
54 | 	ZeroMemory( &siStartInfo, sizeof(STARTUPINFO) );
55 | 	siStartInfo.cb = sizeof(STARTUPINFO); 
56 | 	siStartInfo.hStdError = g_hChildStd_OUT_Wr;
57 | 	siStartInfo.hStdOutput = g_hChildStd_OUT_Wr;
58 | 	siStartInfo.dwFlags |= STARTF_USESTDHANDLES;
59 |  
60 | 	// Create the child process. 
61 | 	bSuccess = CreateProcess(NULL, 
62 | 		command,	  // command line 
63 | 		NULL,			 // process security attributes 
64 | 		NULL,			 // primary thread security attributes 
65 | 		TRUE,			 // handles are inherited 
66 | 		0,				 // creation flags 
67 | 		NULL,			 // use parent's environment 
68 | 		NULL,			 // use parent's current directory 
69 | 		&siStartInfo,  // STARTUPINFO pointer 
70 | 		&piProcInfo);  // receives PROCESS_INFORMATION 
71 | 	
72 | 	// If an error occurs, exit the application. 
73 | 	if ( ! bSuccess ) 
74 | 		// Failed
75 | 		printf("Failed to launch %S.", command);
76 | 	else 
77 | 	{
78 | 		// Wait until the child processes closes
79 | 		WaitForSingleObject(piProcInfo.hProcess, INFINITE);
80 | 
81 | 		// Read the output from the process
82 | 		output = this->readOutput(g_hChildStd_OUT_Rd);
83 | 
84 | 		cout << output;
85 | 
86 | 		CloseHandle(piProcInfo.hProcess);
87 | 		CloseHandle(piProcInfo.hThread);
88 | 	}
89 | }
90 | 
91 | i_ext_tool::~i_ext_tool(void)
92 | {
93 | }
94 | 


--------------------------------------------------------------------------------
/malm/i_ext_tool.h:
--------------------------------------------------------------------------------
 1 | #pragma once
 2 | #include "windows.h"
 3 | #include <string>
 4 | #include "DynArray.h"
 5 | #include <iostream>
 6 | #include <vector>
 7 | using namespace std;
 8 | #define BUFSIZE 10000
 9 | 
10 | class i_ext_tool
11 | {
12 | public:
13 | 	string output;
14 | 	string description;
15 | 	i_ext_tool(LPWSTR command, LPCTSTR description);
16 | 	~i_ext_tool(void);
17 | 	string readOutput(HANDLE g_hChildStd_OUT_Rd);
18 | 	string compare( i_ext_tool other );
19 | };
20 | 


--------------------------------------------------------------------------------
/malm/i_heap.cpp:
--------------------------------------------------------------------------------
 1 | #include "StdAfx.h"
 2 | #include "i_heap.h"
 3 | 
 4 | bool operator== (i_heap &heap1, i_heap &heap2)
 5 | {
 6 | 	return (heap1.heapDetails.AllocationBase == heap2.heapDetails.AllocationBase)
 7 | 		&&  (heap1.heapDetails.RegionSize == heap2.heapDetails.RegionSize);
 8 | }
 9 | 
10 | i_heap::i_heap(MEMORY_BASIC_INFORMATION details)
11 | {
12 | 	this->heapDetails = details;
13 | }
14 | 
15 | i_heap::~i_heap(void)
16 | {
17 | }
18 | 


--------------------------------------------------------------------------------
/malm/i_heap.h:
--------------------------------------------------------------------------------
 1 | #pragma once
 2 | #include <windows.h>
 3 | #include <tlhelp32.h>
 4 | #include <iostream>	
 5 | #include <string>
 6 | #include "DynArray.h"
 7 | 
 8 | class i_heap
 9 | {
10 | public:
11 | 	MEMORY_BASIC_INFORMATION heapDetails;
12 | 	i_heap(MEMORY_BASIC_INFORMATION details);
13 | 	~i_heap(void);
14 | 
15 | 	friend bool operator== (i_heap &heap1, i_heap &heap2);
16 | };
17 | 


--------------------------------------------------------------------------------
/malm/i_module.cpp:
--------------------------------------------------------------------------------
 1 | #include "StdAfx.h"
 2 | #include "i_module.h"
 3 | 
 4 | bool i_module::operator== (const i_module &other) const
 5 | {
 6 | 	return this->moduleDetails.hModule == other.moduleDetails.hModule;
 7 | }
 8 | 
 9 | i_module::i_module(MODULEENTRY32W details)
10 | {
11 | 	moduleDetails = details;
12 | }
13 | 
14 | i_module::~i_module(void)
15 | {
16 | }
17 | 


--------------------------------------------------------------------------------
/malm/i_module.h:
--------------------------------------------------------------------------------
 1 | #pragma once
 2 | #include <windows.h>
 3 | #include <tlhelp32.h>
 4 | #include <iostream>	
 5 | #include <string>
 6 | #include "DynArray.h"
 7 | 
 8 | class i_module
 9 | {
10 | public:
11 | 	MODULEENTRY32W moduleDetails;
12 | 	i_module(MODULEENTRY32W details);
13 | 	~i_module(void);
14 | 	bool operator== (const i_module &other) const;
15 | };
16 | 


--------------------------------------------------------------------------------
/malm/i_process.cpp:
--------------------------------------------------------------------------------
  1 | #include "StdAfx.h"
  2 | #include "i_process.h"
  3 | 
  4 | bool IsWin64(HANDLE process)
  5 | {
  6 |     BOOL retVal;
  7 |     return IsWow64Process(process, &retVal) && retVal;
  8 | }
  9 | 
 10 | bool i_process::operator== (const i_process &other) const
 11 | {
 12 | 	return (this->processDetails.th32ProcessID == other.processDetails.th32ProcessID);
 13 | }
 14 | 
 15 | void i_process::printIncrementalReport(i_process* oldProcessSnapshot)
 16 | {
 17 | 	if( !(this->failed || oldProcessSnapshot->failed) )
 18 | 	{
 19 | 		// Print any new executable heaps or new loaded modules.
 20 | 		
 21 | 		// Print new modules
 22 | 		for(int i = 0; i < this->modules.GetSize(); i++ )
 23 | 		{
 24 | 			// See if this executable heap existed in the previous snapshot
 25 | 			bool changedOrNew = true;
 26 | 			for( int j = 0; j < oldProcessSnapshot->modules.GetSize(); j++ )
 27 | 			{
 28 | 				if( *oldProcessSnapshot->modules[j] ==  *this->modules[i] )
 29 | 				{
 30 | 					changedOrNew = false;
 31 | 					break;
 32 | 				}
 33 | 			}
 34 | 
 35 | 			// Print this executable heap if it changed
 36 | 			if( changedOrNew )
 37 | 			{
 38 | 				printf("PID %X,%S: Loaded module %S at 0x%llX\n",
 39 | 					this->processDetails.th32ProcessID,
 40 | 					this->processDetails.szExeFile,
 41 | 					this->modules[i]->moduleDetails.szModule,
 42 | 					(unsigned long long int) this->modules[i]->moduleDetails.hModule );
 43 | 			}
 44 | 		}
 45 | 
 46 | 		// Print unloaded modules
 47 | 		for( int j = 0; j < oldProcessSnapshot->modules.GetSize(); j++ )
 48 | 		{
 49 | 			// See if this module exists only in the old snapshot
 50 | 			bool existsOnlyInOld = true;
 51 | 			for(int i = 0; i < this->modules.GetSize(); i++ )
 52 | 			{
 53 | 				if( *oldProcessSnapshot->modules[j] ==  *this->modules[i] )
 54 | 				{
 55 | 					existsOnlyInOld = false;
 56 | 					break;
 57 | 				}
 58 | 			}
 59 | 
 60 | 			// Print this module, since it has been unloaded
 61 | 			if( existsOnlyInOld )
 62 | 			{
 63 | 				printf("PID %X,%S: Unloaded module %S\n",
 64 | 					this->processDetails.th32ProcessID,
 65 | 					this->processDetails.szExeFile,
 66 | 					oldProcessSnapshot->modules[j]->moduleDetails.szModule );
 67 | 			}
 68 | 		}
 69 | 
 70 | 		// Check to see if there are any new executable heaps
 71 | 		for(int i = 0; i < this->heaps.GetSize(); i++ )
 72 | 		{
 73 | 			// See if this executable heap existed in the previous snapshot
 74 | 			bool changedOrNew = true;
 75 | 			for( int j = 0; j < oldProcessSnapshot->heaps.GetSize(); j++ )
 76 | 			{
 77 | 				if( *oldProcessSnapshot->heaps[j] ==  *this->heaps[i] )
 78 | 				{
 79 | 					changedOrNew = false;
 80 | 					break;
 81 | 				}
 82 | 			}
 83 | 
 84 | 			// Print this executable heap if it changed
 85 | 			if( changedOrNew )
 86 | 			{
 87 | 				printf("PID %X,%S: New executable heap at 0x%llX\n",
 88 | 					this->processDetails.th32ProcessID,
 89 | 					this->processDetails.szExeFile,
 90 | 					(unsigned long long int) this->heaps[i]->heapDetails.BaseAddress );
 91 | 			}
 92 | 		}
 93 | 	}else{
 94 | 		// Accessing at least of the processes failed
 95 | 		if( this->failed && !oldProcessSnapshot->failed )
 96 | 		{
 97 | 			// The process is no longer accessible from our security level
 98 | 			printf("PID %X,%S: No longer accessible from current process security token.\n",
 99 | 					this->processDetails.th32ProcessID,
100 | 					this->processDetails.szExeFile );
101 | 		}else if( !this->failed && oldProcessSnapshot->failed )
102 | 		{
103 | 			// The process is now accessible, but was not previously
104 | 			printf("PID %X,%S: Has now become accesible from current process security token.\n",
105 | 					this->processDetails.th32ProcessID,
106 | 					this->processDetails.szExeFile );
107 | 		}
108 | 	}
109 | }
110 | 
111 | void i_process::printFinalReport(i_process* oldProcessSnapshot)
112 | {
113 | 	if( !(this->failed || oldProcessSnapshot->failed) )
114 | 	{
115 | 		// Print any new executable heaps or new loaded modules.
116 | 		char* changedString = new char[0x3000];
117 | 		changedString[0] = 0;
118 | 		
119 | 		// Print new modules
120 | 		for(int i = 0; i < this->modules.GetSize(); i++ )
121 | 		{
122 | 			// See if this executable heap existed in the previous snapshot
123 | 			bool changedOrNew = true;
124 | 			for( int j = 0; j < oldProcessSnapshot->modules.GetSize(); j++ )
125 | 			{
126 | 				if( *oldProcessSnapshot->modules[j] ==  *this->modules[i] )
127 | 				{
128 | 					changedOrNew = false;
129 | 					break;
130 | 				}
131 | 			}
132 | 
133 | 			// Print this module if it changed
134 | 			if( changedOrNew )
135 | 			{
136 | 				if( strlen( changedString ) < 0x2000 )
137 | 					sprintf( changedString, "%sloaded module %S at %llX\n", changedString,
138 | 					this->modules[i]->moduleDetails.szModule,
139 | 					(unsigned long long int) this->modules[i]->moduleDetails.hModule);
140 | 			}
141 | 		}
142 | 
143 | 		
144 | 
145 | 		// Check to see if there are any new executable heaps
146 | 		for(int i = 0; i < this->heaps.GetSize(); i++ )
147 | 		{
148 | 			// See if this executable heap existed in the previous snapshot
149 | 			bool changedOrNew = true;
150 | 			for( int j = 0; j < oldProcessSnapshot->heaps.GetSize(); j++ )
151 | 			{
152 | 				if( *oldProcessSnapshot->heaps[j] ==  *this->heaps[i] )
153 | 				{
154 | 					changedOrNew = false;
155 | 					break;
156 | 				}
157 | 			}
158 | 
159 | 			// Print this executable heap if it changed
160 | 			if( changedOrNew )
161 | 			{
162 | 				if( strlen( changedString ) < 0x2000 )
163 | 					sprintf( changedString, "%snew exec heap: %llX\n", changedString,
164 | 					(unsigned long long int) this->heaps[i]->heapDetails.BaseAddress);
165 | 			}
166 | 		}
167 | 
168 | 		
169 | 		if( strlen( changedString ) > 0 )
170 | 			// Print the results
171 | 			printf("--- PID %X,%S ---\n%s\n\n",
172 | 					this->processDetails.th32ProcessID,
173 | 					this->processDetails.szExeFile,
174 | 					changedString);
175 | 	}else{
176 | 		// Accessing at least of the processes failed
177 | 		if( this->failed && !oldProcessSnapshot->failed )
178 | 		{
179 | 			// The process is no longer accessible from our security level
180 | 			printf("--- PID %X,%S ---\nNo longer accessible from current process security token.\n\n",
181 | 					this->processDetails.th32ProcessID,
182 | 					this->processDetails.szExeFile );
183 | 		}else if( !this->failed && oldProcessSnapshot->failed )
184 | 		{
185 | 			// The process is now accessible, but was not previously
186 | 			printf("--- PID %X,%S ---\nHas now become accesible from current process security token.\n\n",
187 | 					this->processDetails.th32ProcessID,
188 | 					this->processDetails.szExeFile );
189 | 		}
190 | 	}
191 | }
192 | 
193 | i_process::i_process(PROCESSENTRY32* details)
194 | {
195 | 	processDetails = *details;
196 | 
197 | 	// Take note of all the PAGE_EXECUTE i_heaps and i_modules.
198 | 	
199 | 	// Take a i_process snapshot
200 | 	HANDLE hSnapshot=CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, details->th32ProcessID);
201 | 	if ( hSnapshot == INVALID_HANDLE_VALUE )
202 | 	{
203 | 		//printf ("WARNING: Could not gather process information for process \"%S\" pid 0x%X, error code (%d).\n", details->szExeFile, details->th32ProcessID, GetLastError());
204 | 		failed = true;
205 | 		return;
206 | 	}
207 | 	failed = false;
208 | 
209 | 	// Generate i_module list
210 | 	this->generateModuleList(hSnapshot);
211 | 
212 | 	// Open the process to generate a heap map
213 | 	HANDLE ph = OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, false, details->th32ProcessID);
214 | 	if( ph != NULL )
215 | 	{
216 | 		// Generate i_heap list
217 | 		this->generateHeapList(ph);
218 | 	}else{
219 | 		failed = true;
220 | 	}
221 | 
222 | 	// Cleanup
223 | 	CloseHandle( hSnapshot );
224 | }
225 | 
226 | void i_process::generateModuleList(HANDLE hSnapshot)
227 | {
228 | 	MODULEENTRY32 tmpModule;
229 | 	tmpModule.dwSize = sizeof(MODULEENTRY32);
230 | 	if( Module32First(hSnapshot, &tmpModule) )
231 | 	{
232 | 		// Add this i_module to our array
233 | 		tmpModule.dwSize = sizeof(MODULEENTRY32);
234 | 		modules.Add(new i_module(tmpModule));
235 | 
236 | 		while(Module32Next(hSnapshot,&tmpModule))
237 | 		{
238 | 			// Add this i_module to our array
239 | 			modules.Add(new i_module(tmpModule));
240 | 			tmpModule.dwSize = sizeof(MODULEENTRY32);
241 | 		}
242 | 	}
243 | }
244 | 
245 | void i_process::generateHeapList(HANDLE ph)
246 | {
247 | 	// Set the max address of the target process
248 | 	__int64 maxAddress = 0;
249 | 	maxAddress = 0x7ffffffffff; // Not a problem for 32bit targets
250 | 
251 |     // Walk the process heaps
252 |     __int64 address = 0;
253 |     MEMORY_BASIC_INFORMATION mbi;
254 | 	
255 |     while (address < maxAddress)
256 |     {
257 |         // Load this heap information
258 |         __int64 blockSize = VirtualQueryEx(ph, (LPCVOID) address, &mbi, sizeof(MEMORY_BASIC_INFORMATION));
259 | 		__int64 newAddress = (__int64)mbi.BaseAddress + (__int64)mbi.RegionSize + 1;
260 | 		if( newAddress <= address )
261 | 			break;
262 | 		address = newAddress;
263 | 
264 |         // Add this heap information
265 | 		if( (mbi.Protect & (PAGE_EXECUTE | PAGE_EXECUTE_READ | PAGE_EXECUTE_READWRITE | PAGE_EXECUTE_WRITECOPY))
266 | 			&& !(mbi.Protect & (PAGE_NOACCESS | PAGE_GUARD)) )
267 | 			heaps.Add(new i_heap(mbi));
268 |     }
269 | }
270 | 
271 | i_process::~i_process(void)
272 | {
273 | 	// Clean up the processes
274 | 	for( int i = 0; i < heaps.GetSize(); i++ )
275 | 	{
276 | 		delete heaps[i];
277 | 	}
278 | 	for( int i = 0; i < modules.GetSize(); i++ )
279 | 	{
280 | 		delete modules[i];
281 | 	}
282 | 
283 | 	heaps.Clear();
284 | 	modules.Clear();
285 | }
286 | 


--------------------------------------------------------------------------------
/malm/i_process.h:
--------------------------------------------------------------------------------
 1 | #pragma once
 2 | #include <windows.h>
 3 | #include <tlhelp32.h>
 4 | #include <iostream>	
 5 | #include <string>
 6 | #include "DynArray.h"
 7 | #include "i_heap.h"
 8 | #include "i_module.h"
 9 | using namespace std;
10 | 
11 | class i_process
12 | {
13 | 	DynArray<i_heap*> heaps;
14 | 	DynArray<i_module*> modules;
15 | 	
16 | 
17 | 	void generateModuleList(HANDLE hSnapshot);
18 | 	void generateHeapList(HANDLE hSnapshot);
19 | public:
20 | 	bool failed;
21 | 	PROCESSENTRY32 processDetails;
22 | 	i_process(PROCESSENTRY32* details);
23 | 	~i_process(void);
24 | 	void printIncrementalReport(i_process* oldProcessSnapshot);
25 | 	void printFinalReport(i_process* oldProcessSnapshot);
26 | 	bool operator== (const i_process &other) const;
27 | };
28 | 


--------------------------------------------------------------------------------
/malm/i_system.cpp:
--------------------------------------------------------------------------------
  1 | #include "StdAfx.h"
  2 | #include "i_system.h"
  3 | 
  4 | 
  5 | void i_system::printIncrementalReport(i_system* oldSystemSnapshot)
  6 | {
  7 | 	// Print any closed processes
  8 | 	for(int i = 0; i < oldSystemSnapshot->processes.GetSize(); i++ )
  9 | 	{
 10 | 		// See if this process existed in the previous snapshot
 11 | 		bool closedProcess = true;
 12 | 		for( int j = 0; j < this->processes.GetSize(); j++ )
 13 | 		{
 14 | 			if( *oldSystemSnapshot->processes[i] ==  *this->processes[j] )
 15 | 			{
 16 | 				closedProcess = false;
 17 | 				break;
 18 | 			}
 19 | 		}
 20 | 		if( closedProcess )
 21 | 		{
 22 | 			// Print this as a new process udpate
 23 | 			printf("PID %X,%S: Terminated.\n",
 24 | 				oldSystemSnapshot->processes[i]->processDetails.th32ProcessID,
 25 | 				oldSystemSnapshot->processes[i]->processDetails.szExeFile );
 26 | 		}
 27 | 	}
 28 | 
 29 | 	// Check to see if there are any new processes
 30 | 	for(int i = 0; i < this->processes.GetSize(); i++ )
 31 | 	{
 32 | 		// See if this process existed in the previous snapshot
 33 | 		bool newProcess = true;
 34 | 		int j = 0;
 35 | 		for( j = 0; j < oldSystemSnapshot->processes.GetSize(); j++ )
 36 | 		{
 37 | 			if( *oldSystemSnapshot->processes[j] ==  *this->processes[i] )
 38 | 			{
 39 | 				newProcess = false;
 40 | 				break;
 41 | 			}
 42 | 		}
 43 | 
 44 | 		if( newProcess )
 45 | 		{
 46 | 			// Print this as a new process udpate
 47 | 			printf("PID %X,%S: New process.\n",
 48 | 				this->processes[i]->processDetails.th32ProcessID,
 49 | 				this->processes[i]->processDetails.szExeFile );
 50 | 		}else{
 51 | 			// Check for changes in this process
 52 | 			this->processes[i]->printIncrementalReport(oldSystemSnapshot->processes[j]);
 53 | 		}
 54 | 
 55 | 	}
 56 | }
 57 | 
 58 | void i_system::printFinalReport(i_system* oldSystemSnapshot)
 59 | {
 60 | 	// Check to see if there are any new processes
 61 | 	for(int i = 0; i < this->processes.GetSize(); i++ )
 62 | 	{
 63 | 		// See if this process existed in the previous snapshot
 64 | 		bool newProcess = true;
 65 | 		int j = 0;
 66 | 		for( j = 0; j < oldSystemSnapshot->processes.GetSize(); j++ )
 67 | 		{
 68 | 			if( *oldSystemSnapshot->processes[j] ==  *this->processes[i] )
 69 | 			{
 70 | 				newProcess = false;
 71 | 				break;
 72 | 			}
 73 | 		}
 74 | 
 75 | 		if( newProcess )
 76 | 		{
 77 | 			// Print this as a new process udpate
 78 | 			printf("--- PID %X,%S ---\nNew Process.\n\n",
 79 | 					this->processes[i]->processDetails.th32ProcessID,
 80 | 					this->processes[i]->processDetails.szExeFile );
 81 | 		}else{
 82 | 			// Check for changes in this process
 83 | 			this->processes[i]->printFinalReport(oldSystemSnapshot->processes[j]);
 84 | 		}
 85 | 
 86 | 	}
 87 | }
 88 | 
 89 | i_system::i_system(bool fullSnapshot)
 90 | {
 91 | 	// Take an i_system snapshot
 92 | 	HANDLE hSnapShot=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
 93 | 	
 94 | 	if( hSnapShot != INVALID_HANDLE_VALUE )
 95 | 	{
 96 | 		// Handle the first i_process
 97 | 		PROCESSENTRY32 tmpProcess;
 98 | 		tmpProcess.dwSize = sizeof(PROCESSENTRY32);
 99 | 		processes.Clear();
100 | 		int result;
101 | 		if( (result = Process32First(hSnapShot, &tmpProcess)) )
102 | 		{
103 | 			// Add this i_process to our array
104 | 			if( result == TRUE )
105 | 				processes.Add(new i_process(&tmpProcess));
106 | 
107 | 			while( (result = Process32Next(hSnapShot, &tmpProcess)) )
108 | 			{
109 | 				if( result == TRUE )
110 | 					// Add this i_process to our array
111 | 					processes.Add(new i_process(&tmpProcess));
112 | 			}
113 | 		}
114 | 
115 | 		// Cleanup the handle
116 | 		CloseHandle( hSnapShot );
117 | 	}
118 | }
119 | 
120 | i_system::~i_system(void)
121 | {
122 | 	// Clean up the processes
123 | 	for( int i = 0; i < processes.GetSize(); i++ )
124 | 	{
125 | 		delete processes[i];
126 | 	}
127 | 
128 | 	processes.Clear();
129 | }
130 | 


--------------------------------------------------------------------------------
/malm/i_system.h:
--------------------------------------------------------------------------------
 1 | #pragma once
 2 | #include <windows.h>
 3 | #include <tlhelp32.h>
 4 | #include <iostream>	
 5 | #include <string>
 6 | #include "i_process.h"
 7 | #include "DynArray.h"
 8 | using namespace std;
 9 | 
10 | 
11 | class i_system
12 | {
13 | 	
14 | 	
15 | public:
16 | 	// Full report specific information
17 | 	bool isFullReport;
18 | 	
19 | 	// The list of i_process information
20 | 	DynArray<i_process*> processes;
21 | 	i_system(bool fullSnapshot);
22 | 	~i_system(void);
23 | 	void printIncrementalReport(i_system* oldSystemSnapshot);
24 | 	void printFinalReport(i_system* oldSystemSnapshot);
25 | 
26 | };
27 | 


--------------------------------------------------------------------------------
/malm/malm.cpp:
--------------------------------------------------------------------------------
  1 | // malm.cpp : Defines the entry point for the console application.
  2 | //
  3 | 
  4 | #include "stdafx.h"
  5 | #include "i_system.h"
  6 | #include <signal.h>
  7 | #include <cstdlib>
  8 | #include <stdio.h>
  9 | #include <time.h>
 10 | using namespace std;
 11 | 
 12 | i_system* startSnapshot;
 13 | 
 14 | BOOL Is64BitWindows()
 15 | {
 16 | 	#if defined(_WIN64)
 17 | 		return TRUE;  // 64-bit programs run only on Win64
 18 | 	#elif defined(_WIN32)
 19 | 		// 32-bit programs run on both 32-bit and 64-bit Windows
 20 | 		// so must sniff
 21 | 		BOOL f64 = FALSE;
 22 | 		return IsWow64Process(GetCurrentProcess(), &f64) && f64;
 23 | 	#else
 24 | 		return FALSE; // Win64 does not support Win16
 25 | 	#endif
 26 | }
 27 | 
 28 | bool isElevated(HANDLE h_Process)
 29 | {
 30 | 	HANDLE h_Token;
 31 | 	TOKEN_ELEVATION t_TokenElevation;
 32 |     TOKEN_ELEVATION_TYPE e_ElevationType;
 33 | 	DWORD dw_TokenLength;
 34 | 	
 35 | 	if( OpenProcessToken(h_Process, TOKEN_READ | TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES , &h_Token) )
 36 | 	{
 37 | 		if(GetTokenInformation(h_Token,TokenElevation,&t_TokenElevation,sizeof(t_TokenElevation),&dw_TokenLength))
 38 | 		{
 39 | 			if(t_TokenElevation.TokenIsElevated != 0)
 40 | 			{
 41 | 				if(GetTokenInformation(h_Token,TokenElevationType,&e_ElevationType,sizeof(e_ElevationType),&dw_TokenLength))
 42 | 				{
 43 | 					if(e_ElevationType == TokenElevationTypeFull || e_ElevationType == TokenElevationTypeDefault)
 44 | 					{
 45 | 						return true;
 46 | 					}
 47 | 				}
 48 | 			}
 49 | 		}
 50 | 	}
 51 | 
 52 |     return false;
 53 | }
 54 | 
 55 | bool getMaximumPrivileges(HANDLE h_Process)
 56 | {
 57 | 	HANDLE h_Token;
 58 | 	DWORD dw_TokenLength;
 59 | 	if( OpenProcessToken(h_Process, TOKEN_READ | TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES , &h_Token) )
 60 | 	{
 61 | 		// Read the old token privileges
 62 | 		TOKEN_PRIVILEGES* privilages = new TOKEN_PRIVILEGES[100];
 63 | 		if( GetTokenInformation(h_Token, TokenPrivileges, privilages,sizeof(TOKEN_PRIVILEGES)*100,&dw_TokenLength) )
 64 | 		{
 65 | 			// Enable all privileges
 66 | 			for( int i = 0; i < privilages->PrivilegeCount; i++ )
 67 | 			{
 68 | 				privilages->Privileges[i].Attributes = SE_PRIVILEGE_ENABLED;
 69 | 			}
 70 | 			
 71 | 			// Adjust the privilges
 72 | 			if(AdjustTokenPrivileges( h_Token, false, privilages, sizeof(TOKEN_PRIVILEGES)*100, NULL, NULL  ))
 73 | 			{
 74 | 				delete[] privilages;
 75 | 				return true;
 76 | 			}
 77 | 		}
 78 | 		delete[] privilages;
 79 | 	}
 80 | 	return false;
 81 | }
 82 | 
 83 | void printFinalReport()
 84 | {
 85 | 	// We need to print the final report on the changes
 86 | 	printf("\n\nFinal report of final state versus starting state:\n");
 87 | 
 88 | 	// Take a new snapshot
 89 | 	i_system* currentSnapshot = new i_system(true);
 90 | 	
 91 | 	// Print the final report
 92 | 	currentSnapshot->printFinalReport( startSnapshot );
 93 | }
 94 | 
 95 | BOOL WINAPI ConsoleHandler(DWORD CEvent)
 96 | {
 97 |     char mesg[128];
 98 | 
 99 |     switch(CEvent)
100 |     {
101 |     case CTRL_C_EVENT:
102 | 	case CTRL_BREAK_EVENT:
103 | 	case CTRL_CLOSE_EVENT:
104 | 		printFinalReport();
105 | 		exit(0);
106 |         break;
107 | 
108 |     }
109 |     return TRUE;
110 | }
111 | 
112 | int _tmain(int argc, _TCHAR* argv[])
113 | {
114 | 	// Disable buffering
115 | 	setbuf(stdout, NULL);
116 | 
117 | 	// Print the intro
118 | 	printf("MALM v1.2 Flags\n\
119 |    -q: quick mode. Only generates final report.\n\
120 |    -t [seconds]: Quit and generate final report after the specified number of seconds.\n\n\
121 |    \
122 | Welcome to malm v1.2: malware monitor\n\
123 | \tby Geoff McDonald\n\
124 | \thttp://www.split-code.com/\n\n\
125 | This is a Windows x86 and x64 compatible tool that records new processes, new modules loaded by existing processes, and new executable heaps in existing processes. Run this prior to running the malware sample. malm will log changes it has found, and upon closing (CTRL-C) this tool will print a final report of the state change from the beginning to the end. This tool is quite useful for monitoring where malware is residing after execution. This tool is based upon snapshots, so it can miss processes, modules, or heaps that exist for only a short period of time.\n\n");
126 | 
127 | 	// Read in the command-line arguments
128 | 	int numSeconds = 0;
129 | 	bool quickMode = false;
130 | 	for( int i = 0; i < argc; i++ )
131 | 	{
132 | 		if( wcscmp(argv[i],L"-q") == 0 )
133 | 			quickMode = true;
134 | 		if( wcscmp(argv[i],L"-t") == 0 && i < argc - 1 )
135 | 		{
136 | 			// Parse the number of seconds to quit after
137 | 			numSeconds = _wtoi(argv[i+1]); // Returns 0 if it cannot parse it. No problem here.
138 | 		}
139 | 	}
140 | 	if( quickMode )
141 | 		printf("Quick mode enabled.\n\n");
142 | 	if( numSeconds > 0 )
143 | 		printf("Automatically quitting and generating final report in %i seconds.\n\n", numSeconds);
144 | 
145 | 	// Warn if the process was not run as administrator
146 | 	HANDLE h_Process = GetCurrentProcess();
147 | 	if( !isElevated(h_Process) )
148 | 	{
149 | 		printf("WARNING: This tool should be run with administrator rights to properly monitor all processes.\n\n");
150 | 	}
151 | 
152 | 	// Request maximum thread token privileges
153 | 	if( !getMaximumPrivileges(h_Process) )
154 | 	{
155 | 		printf("WARNING: Failed to adjust token privileges. This will likely result in missing the monitoring of some processes due to insufficient privileges.\n\n");
156 | 	}
157 | 
158 | 	// Warn if running in 32 bit mode on a 64 bit OS
159 | 	if( Is64BitWindows() && sizeof(void*) == 4 )
160 | 	{
161 | 		printf("WARNING: To properly monitor all processes on a 64 bit Windows version, the malm64 version of this tool should be used. Currently malm is running as a 32bit process under a 64bit operating system.\n\n");
162 | 	}
163 | 	
164 | 	// Register the quit handler
165 | 	if (SetConsoleCtrlHandler((PHANDLER_ROUTINE)ConsoleHandler,TRUE)==FALSE)
166 | 	{
167 | 		// unable to install handler... 
168 | 		// display message to the user
169 | 		printf("WARNING: Unable to install keyboard handler. This means that the final report will not be generated upon exiting.\n");
170 | 	}
171 | 
172 | 	// Take an initial i_system snapshot
173 | 	startSnapshot = new i_system(true);
174 | 	i_system* lastSnapshot = new i_system(false);
175 | 
176 | 	// Begin monitoring for changes
177 | 	printf("Recording changes...\n\n");
178 | 	time_t startTime = time (NULL);
179 | 	while( true )
180 | 	{
181 | 
182 | 		if( !quickMode )
183 | 		{
184 | 			i_system* currentSnapshot = new i_system(false);
185 | 
186 | 			// Print changes
187 | 			currentSnapshot->printIncrementalReport(lastSnapshot);
188 | 
189 | 			// Delete and replace last snapshot
190 | 			delete lastSnapshot;
191 | 			lastSnapshot = currentSnapshot;
192 | 		}
193 | 		Sleep(10);
194 | 
195 | 		if( numSeconds > 0 )
196 | 		{
197 | 			// Check to see if we are out of time
198 | 			if( time(NULL) - startTime > numSeconds )
199 | 			{
200 | 				// Finished, generate final report and quit
201 | 				printFinalReport();
202 | 				return 0;
203 | 			}
204 | 		}
205 | 	}
206 | 	return 0;
207 | }
208 | 
209 | 


--------------------------------------------------------------------------------
/malm/malm.rc:
--------------------------------------------------------------------------------
 1 | /*#include <winuser.h>
 2 | #define IDR_MANIFEST 1 // 2 for a DLL
 3 | // C:\src\App>rc.exe UacManifest.rc
 4 | IDR_MANIFEST RT_MANIFEST MOVEABLE PURE
 5 | {
 6 |     "<assembly xmlns=""urn:schemas-microsoft-com:asm.v1"" manifestVersion=""1.0"">
 7 |        <asmv3:trustInfo xmlns:asmv3=""urn:schemas-microsoft-com:asm.v3"">
 8 |          <asmv3:security>
 9 |            <asmv3:requestedPrivileges>
10 |              <asmv3:requestedExecutionLevel
11 |                level=""asInvoker""
12 |                uiAccess=""false"" />
13 |            </asmv3:requestedPrivileges>
14 |          </asmv3:security>
15 |        </asmv3:trustInfo>
16 |      </assembly>"
17 | }*/


--------------------------------------------------------------------------------
/malm/malm.vcproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="Windows-1252"?>
  2 | <VisualStudioProject
  3 | 	ProjectType="Visual C++"
  4 | 	Version="9.00"
  5 | 	Name="malm"
  6 | 	ProjectGUID="{C86D127A-FD16-4A66-AD3C-3858F701F948}"
  7 | 	RootNamespace="malm"
  8 | 	Keyword="Win32Proj"
  9 | 	TargetFrameworkVersion="196613"
 10 | 	>
 11 | 	<Platforms>
 12 | 		<Platform
 13 | 			Name="Win32"
 14 | 		/>
 15 | 		<Platform
 16 | 			Name="x64"
 17 | 		/>
 18 | 	</Platforms>
 19 | 	<ToolFiles>
 20 | 	</ToolFiles>
 21 | 	<Configurations>
 22 | 		<Configuration
 23 | 			Name="Debug|Win32"
 24 | 			OutputDirectory="$(SolutionDir)$(ConfigurationName)"
 25 | 			IntermediateDirectory="$(ConfigurationName)"
 26 | 			ConfigurationType="1"
 27 | 			CharacterSet="1"
 28 | 			>
 29 | 			<Tool
 30 | 				Name="VCPreBuildEventTool"
 31 | 			/>
 32 | 			<Tool
 33 | 				Name="VCCustomBuildTool"
 34 | 			/>
 35 | 			<Tool
 36 | 				Name="VCXMLDataGeneratorTool"
 37 | 			/>
 38 | 			<Tool
 39 | 				Name="VCWebServiceProxyGeneratorTool"
 40 | 			/>
 41 | 			<Tool
 42 | 				Name="VCMIDLTool"
 43 | 			/>
 44 | 			<Tool
 45 | 				Name="VCCLCompilerTool"
 46 | 				Optimization="0"
 47 | 				PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE"
 48 | 				MinimalRebuild="true"
 49 | 				BasicRuntimeChecks="3"
 50 | 				RuntimeLibrary="3"
 51 | 				UsePrecompiledHeader="2"
 52 | 				WarningLevel="3"
 53 | 				DebugInformationFormat="4"
 54 | 			/>
 55 | 			<Tool
 56 | 				Name="VCManagedResourceCompilerTool"
 57 | 			/>
 58 | 			<Tool
 59 | 				Name="VCResourceCompilerTool"
 60 | 			/>
 61 | 			<Tool
 62 | 				Name="VCPreLinkEventTool"
 63 | 			/>
 64 | 			<Tool
 65 | 				Name="VCLinkerTool"
 66 | 				LinkIncremental="2"
 67 | 				GenerateDebugInformation="true"
 68 | 				SubSystem="1"
 69 | 				TargetMachine="1"
 70 | 			/>
 71 | 			<Tool
 72 | 				Name="VCALinkTool"
 73 | 			/>
 74 | 			<Tool
 75 | 				Name="VCManifestTool"
 76 | 			/>
 77 | 			<Tool
 78 | 				Name="VCXDCMakeTool"
 79 | 			/>
 80 | 			<Tool
 81 | 				Name="VCBscMakeTool"
 82 | 			/>
 83 | 			<Tool
 84 | 				Name="VCFxCopTool"
 85 | 			/>
 86 | 			<Tool
 87 | 				Name="VCAppVerifierTool"
 88 | 			/>
 89 | 			<Tool
 90 | 				Name="VCPostBuildEventTool"
 91 | 			/>
 92 | 		</Configuration>
 93 | 		<Configuration
 94 | 			Name="Debug|x64"
 95 | 			OutputDirectory="$(SolutionDir)$(PlatformName)\$(ConfigurationName)"
 96 | 			IntermediateDirectory="$(PlatformName)\$(ConfigurationName)"
 97 | 			ConfigurationType="1"
 98 | 			CharacterSet="1"
 99 | 			>
100 | 			<Tool
101 | 				Name="VCPreBuildEventTool"
102 | 				CommandLine=""
103 | 			/>
104 | 			<Tool
105 | 				Name="VCCustomBuildTool"
106 | 			/>
107 | 			<Tool
108 | 				Name="VCXMLDataGeneratorTool"
109 | 			/>
110 | 			<Tool
111 | 				Name="VCWebServiceProxyGeneratorTool"
112 | 			/>
113 | 			<Tool
114 | 				Name="VCMIDLTool"
115 | 				TargetEnvironment="3"
116 | 			/>
117 | 			<Tool
118 | 				Name="VCCLCompilerTool"
119 | 				Optimization="0"
120 | 				PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE"
121 | 				MinimalRebuild="true"
122 | 				BasicRuntimeChecks="3"
123 | 				RuntimeLibrary="3"
124 | 				UsePrecompiledHeader="2"
125 | 				WarningLevel="3"
126 | 				DebugInformationFormat="3"
127 | 			/>
128 | 			<Tool
129 | 				Name="VCManagedResourceCompilerTool"
130 | 			/>
131 | 			<Tool
132 | 				Name="VCResourceCompilerTool"
133 | 			/>
134 | 			<Tool
135 | 				Name="VCPreLinkEventTool"
136 | 			/>
137 | 			<Tool
138 | 				Name="VCLinkerTool"
139 | 				LinkIncremental="2"
140 | 				GenerateDebugInformation="true"
141 | 				SubSystem="1"
142 | 				TargetMachine="17"
143 | 			/>
144 | 			<Tool
145 | 				Name="VCALinkTool"
146 | 			/>
147 | 			<Tool
148 | 				Name="VCManifestTool"
149 | 			/>
150 | 			<Tool
151 | 				Name="VCXDCMakeTool"
152 | 			/>
153 | 			<Tool
154 | 				Name="VCBscMakeTool"
155 | 			/>
156 | 			<Tool
157 | 				Name="VCFxCopTool"
158 | 			/>
159 | 			<Tool
160 | 				Name="VCAppVerifierTool"
161 | 			/>
162 | 			<Tool
163 | 				Name="VCPostBuildEventTool"
164 | 			/>
165 | 		</Configuration>
166 | 		<Configuration
167 | 			Name="Release|Win32"
168 | 			OutputDirectory="$(SolutionDir)$(ConfigurationName)"
169 | 			IntermediateDirectory="$(ConfigurationName)"
170 | 			ConfigurationType="1"
171 | 			CharacterSet="1"
172 | 			WholeProgramOptimization="0"
173 | 			>
174 | 			<Tool
175 | 				Name="VCPreBuildEventTool"
176 | 			/>
177 | 			<Tool
178 | 				Name="VCCustomBuildTool"
179 | 			/>
180 | 			<Tool
181 | 				Name="VCXMLDataGeneratorTool"
182 | 			/>
183 | 			<Tool
184 | 				Name="VCWebServiceProxyGeneratorTool"
185 | 			/>
186 | 			<Tool
187 | 				Name="VCMIDLTool"
188 | 			/>
189 | 			<Tool
190 | 				Name="VCCLCompilerTool"
191 | 				Optimization="2"
192 | 				EnableIntrinsicFunctions="true"
193 | 				FavorSizeOrSpeed="1"
194 | 				PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE"
195 | 				RuntimeLibrary="2"
196 | 				EnableFunctionLevelLinking="true"
197 | 				UsePrecompiledHeader="2"
198 | 				WarningLevel="3"
199 | 				DebugInformationFormat="3"
200 | 			/>
201 | 			<Tool
202 | 				Name="VCManagedResourceCompilerTool"
203 | 			/>
204 | 			<Tool
205 | 				Name="VCResourceCompilerTool"
206 | 			/>
207 | 			<Tool
208 | 				Name="VCPreLinkEventTool"
209 | 			/>
210 | 			<Tool
211 | 				Name="VCLinkerTool"
212 | 				LinkIncremental="1"
213 | 				GenerateDebugInformation="true"
214 | 				SubSystem="1"
215 | 				OptimizeReferences="2"
216 | 				EnableCOMDATFolding="2"
217 | 				TargetMachine="1"
218 | 			/>
219 | 			<Tool
220 | 				Name="VCALinkTool"
221 | 			/>
222 | 			<Tool
223 | 				Name="VCManifestTool"
224 | 			/>
225 | 			<Tool
226 | 				Name="VCXDCMakeTool"
227 | 			/>
228 | 			<Tool
229 | 				Name="VCBscMakeTool"
230 | 			/>
231 | 			<Tool
232 | 				Name="VCFxCopTool"
233 | 			/>
234 | 			<Tool
235 | 				Name="VCAppVerifierTool"
236 | 			/>
237 | 			<Tool
238 | 				Name="VCPostBuildEventTool"
239 | 			/>
240 | 		</Configuration>
241 | 		<Configuration
242 | 			Name="Release|x64"
243 | 			OutputDirectory="$(SolutionDir)$(PlatformName)\$(ConfigurationName)"
244 | 			IntermediateDirectory="$(PlatformName)\$(ConfigurationName)"
245 | 			ConfigurationType="1"
246 | 			CharacterSet="1"
247 | 			WholeProgramOptimization="1"
248 | 			>
249 | 			<Tool
250 | 				Name="VCPreBuildEventTool"
251 | 			/>
252 | 			<Tool
253 | 				Name="VCCustomBuildTool"
254 | 			/>
255 | 			<Tool
256 | 				Name="VCXMLDataGeneratorTool"
257 | 			/>
258 | 			<Tool
259 | 				Name="VCWebServiceProxyGeneratorTool"
260 | 			/>
261 | 			<Tool
262 | 				Name="VCMIDLTool"
263 | 				TargetEnvironment="3"
264 | 			/>
265 | 			<Tool
266 | 				Name="VCCLCompilerTool"
267 | 				Optimization="2"
268 | 				EnableIntrinsicFunctions="true"
269 | 				PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE"
270 | 				RuntimeLibrary="2"
271 | 				EnableFunctionLevelLinking="true"
272 | 				UsePrecompiledHeader="2"
273 | 				WarningLevel="3"
274 | 				DebugInformationFormat="3"
275 | 			/>
276 | 			<Tool
277 | 				Name="VCManagedResourceCompilerTool"
278 | 			/>
279 | 			<Tool
280 | 				Name="VCResourceCompilerTool"
281 | 			/>
282 | 			<Tool
283 | 				Name="VCPreLinkEventTool"
284 | 			/>
285 | 			<Tool
286 | 				Name="VCLinkerTool"
287 | 				LinkIncremental="1"
288 | 				GenerateDebugInformation="true"
289 | 				SubSystem="1"
290 | 				OptimizeReferences="2"
291 | 				EnableCOMDATFolding="2"
292 | 				TargetMachine="17"
293 | 			/>
294 | 			<Tool
295 | 				Name="VCALinkTool"
296 | 			/>
297 | 			<Tool
298 | 				Name="VCManifestTool"
299 | 			/>
300 | 			<Tool
301 | 				Name="VCXDCMakeTool"
302 | 			/>
303 | 			<Tool
304 | 				Name="VCBscMakeTool"
305 | 			/>
306 | 			<Tool
307 | 				Name="VCFxCopTool"
308 | 			/>
309 | 			<Tool
310 | 				Name="VCAppVerifierTool"
311 | 			/>
312 | 			<Tool
313 | 				Name="VCPostBuildEventTool"
314 | 			/>
315 | 		</Configuration>
316 | 	</Configurations>
317 | 	<References>
318 | 	</References>
319 | 	<Files>
320 | 		<Filter
321 | 			Name="Source Files"
322 | 			Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"
323 | 			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
324 | 			>
325 | 			<File
326 | 				RelativePath=".\i_ext_tool.cpp"
327 | 				>
328 | 			</File>
329 | 			<File
330 | 				RelativePath=".\i_heap.cpp"
331 | 				>
332 | 			</File>
333 | 			<File
334 | 				RelativePath=".\i_module.cpp"
335 | 				>
336 | 			</File>
337 | 			<File
338 | 				RelativePath=".\i_process.cpp"
339 | 				>
340 | 			</File>
341 | 			<File
342 | 				RelativePath=".\i_system.cpp"
343 | 				>
344 | 			</File>
345 | 			<File
346 | 				RelativePath=".\malm.cpp"
347 | 				>
348 | 			</File>
349 | 			<File
350 | 				RelativePath=".\stdafx.cpp"
351 | 				>
352 | 				<FileConfiguration
353 | 					Name="Debug|Win32"
354 | 					>
355 | 					<Tool
356 | 						Name="VCCLCompilerTool"
357 | 						UsePrecompiledHeader="1"
358 | 					/>
359 | 				</FileConfiguration>
360 | 				<FileConfiguration
361 | 					Name="Debug|x64"
362 | 					>
363 | 					<Tool
364 | 						Name="VCCLCompilerTool"
365 | 						UsePrecompiledHeader="1"
366 | 					/>
367 | 				</FileConfiguration>
368 | 				<FileConfiguration
369 | 					Name="Release|Win32"
370 | 					>
371 | 					<Tool
372 | 						Name="VCCLCompilerTool"
373 | 						UsePrecompiledHeader="1"
374 | 					/>
375 | 				</FileConfiguration>
376 | 				<FileConfiguration
377 | 					Name="Release|x64"
378 | 					>
379 | 					<Tool
380 | 						Name="VCCLCompilerTool"
381 | 						UsePrecompiledHeader="1"
382 | 					/>
383 | 				</FileConfiguration>
384 | 			</File>
385 | 		</Filter>
386 | 		<Filter
387 | 			Name="Header Files"
388 | 			Filter="h;hpp;hxx;hm;inl;inc;xsd"
389 | 			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
390 | 			>
391 | 			<File
392 | 				RelativePath=".\DynArray.h"
393 | 				>
394 | 			</File>
395 | 			<File
396 | 				RelativePath=".\i_ext_tool.h"
397 | 				>
398 | 			</File>
399 | 			<File
400 | 				RelativePath=".\i_heap.h"
401 | 				>
402 | 			</File>
403 | 			<File
404 | 				RelativePath=".\i_module.h"
405 | 				>
406 | 			</File>
407 | 			<File
408 | 				RelativePath=".\i_process.h"
409 | 				>
410 | 			</File>
411 | 			<File
412 | 				RelativePath=".\i_system.h"
413 | 				>
414 | 			</File>
415 | 			<File
416 | 				RelativePath=".\resource.h"
417 | 				>
418 | 			</File>
419 | 			<File
420 | 				RelativePath=".\stdafx.h"
421 | 				>
422 | 			</File>
423 | 			<File
424 | 				RelativePath=".\targetver.h"
425 | 				>
426 | 			</File>
427 | 		</Filter>
428 | 		<Filter
429 | 			Name="Resource Files"
430 | 			Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"
431 | 			UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"
432 | 			>
433 | 			<File
434 | 				RelativePath=".\malm.rc"
435 | 				>
436 | 			</File>
437 | 		</Filter>
438 | 		<File
439 | 			RelativePath=".\ReadMe.txt"
440 | 			>
441 | 		</File>
442 | 	</Files>
443 | 	<Globals>
444 | 	</Globals>
445 | </VisualStudioProject>
446 | 


--------------------------------------------------------------------------------
/malm/malm.vcproj.glmcdona-PC.glmcdona.user:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="Windows-1252"?>
  2 | <VisualStudioUserFile
  3 | 	ProjectType="Visual C++"
  4 | 	Version="9.00"
  5 | 	ShowAllFiles="false"
  6 | 	>
  7 | 	<Configurations>
  8 | 		<Configuration
  9 | 			Name="Debug|Win32"
 10 | 			>
 11 | 			<DebugSettings
 12 | 				Command="$(TargetPath)"
 13 | 				WorkingDirectory=""
 14 | 				CommandArguments=""
 15 | 				Attach="false"
 16 | 				DebuggerType="3"
 17 | 				Remote="1"
 18 | 				RemoteMachine="GLMCDONA-PC"
 19 | 				RemoteCommand=""
 20 | 				HttpUrl=""
 21 | 				PDBPath=""
 22 | 				SQLDebugging=""
 23 | 				Environment=""
 24 | 				EnvironmentMerge="true"
 25 | 				DebuggerFlavor=""
 26 | 				MPIRunCommand=""
 27 | 				MPIRunArguments=""
 28 | 				MPIRunWorkingDirectory=""
 29 | 				ApplicationCommand=""
 30 | 				ApplicationArguments=""
 31 | 				ShimCommand=""
 32 | 				MPIAcceptMode=""
 33 | 				MPIAcceptFilter=""
 34 | 			/>
 35 | 		</Configuration>
 36 | 		<Configuration
 37 | 			Name="Debug|x64"
 38 | 			>
 39 | 			<DebugSettings
 40 | 				Command="$(TargetPath)"
 41 | 				WorkingDirectory=""
 42 | 				CommandArguments=""
 43 | 				Attach="false"
 44 | 				DebuggerType="3"
 45 | 				Remote="1"
 46 | 				RemoteMachine="GLMCDONA-PC"
 47 | 				RemoteCommand=""
 48 | 				HttpUrl=""
 49 | 				PDBPath=""
 50 | 				SQLDebugging=""
 51 | 				Environment=""
 52 | 				EnvironmentMerge="true"
 53 | 				DebuggerFlavor=""
 54 | 				MPIRunCommand=""
 55 | 				MPIRunArguments=""
 56 | 				MPIRunWorkingDirectory=""
 57 | 				ApplicationCommand=""
 58 | 				ApplicationArguments=""
 59 | 				ShimCommand=""
 60 | 				MPIAcceptMode=""
 61 | 				MPIAcceptFilter=""
 62 | 			/>
 63 | 		</Configuration>
 64 | 		<Configuration
 65 | 			Name="Release|Win32"
 66 | 			>
 67 | 			<DebugSettings
 68 | 				Command="$(TargetPath)"
 69 | 				WorkingDirectory=""
 70 | 				CommandArguments=""
 71 | 				Attach="false"
 72 | 				DebuggerType="3"
 73 | 				Remote="1"
 74 | 				RemoteMachine="GLMCDONA-PC"
 75 | 				RemoteCommand=""
 76 | 				HttpUrl=""
 77 | 				PDBPath=""
 78 | 				SQLDebugging=""
 79 | 				Environment=""
 80 | 				EnvironmentMerge="true"
 81 | 				DebuggerFlavor=""
 82 | 				MPIRunCommand=""
 83 | 				MPIRunArguments=""
 84 | 				MPIRunWorkingDirectory=""
 85 | 				ApplicationCommand=""
 86 | 				ApplicationArguments=""
 87 | 				ShimCommand=""
 88 | 				MPIAcceptMode=""
 89 | 				MPIAcceptFilter=""
 90 | 			/>
 91 | 		</Configuration>
 92 | 		<Configuration
 93 | 			Name="Release|x64"
 94 | 			>
 95 | 			<DebugSettings
 96 | 				Command="$(TargetPath)"
 97 | 				WorkingDirectory=""
 98 | 				CommandArguments=""
 99 | 				Attach="false"
100 | 				DebuggerType="3"
101 | 				Remote="1"
102 | 				RemoteMachine="GLMCDONA-PC"
103 | 				RemoteCommand=""
104 | 				HttpUrl=""
105 | 				PDBPath=""
106 | 				SQLDebugging=""
107 | 				Environment=""
108 | 				EnvironmentMerge="true"
109 | 				DebuggerFlavor=""
110 | 				MPIRunCommand=""
111 | 				MPIRunArguments=""
112 | 				MPIRunWorkingDirectory=""
113 | 				ApplicationCommand=""
114 | 				ApplicationArguments=""
115 | 				ShimCommand=""
116 | 				MPIAcceptMode=""
117 | 				MPIAcceptFilter=""
118 | 			/>
119 | 		</Configuration>
120 | 	</Configurations>
121 | </VisualStudioUserFile>
122 | 


--------------------------------------------------------------------------------
/malm/malm_manifest.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/glmcdona/MALM/7f2bc21a70031ccfb7ee69bba09078bc785b417c/malm/malm_manifest.txt


--------------------------------------------------------------------------------
/malm/resource.h:
--------------------------------------------------------------------------------
 1 | //{{NO_DEPENDENCIES}}
 2 | // Microsoft Visual C++ generated include file.
 3 | // Used by malm.rc
 4 | 
 5 | // Next default values for new objects
 6 | // 
 7 | #ifdef APSTUDIO_INVOKED
 8 | #ifndef APSTUDIO_READONLY_SYMBOLS
 9 | #define _APS_NEXT_RESOURCE_VALUE        101
10 | #define _APS_NEXT_COMMAND_VALUE         40001
11 | #define _APS_NEXT_CONTROL_VALUE         1001
12 | #define _APS_NEXT_SYMED_VALUE           101
13 | #endif
14 | #endif
15 | 


--------------------------------------------------------------------------------
/malm/stdafx.cpp:
--------------------------------------------------------------------------------
1 | // stdafx.cpp : source file that includes just the standard includes
2 | // malm.pch will be the pre-compiled header
3 | // stdafx.obj will contain the pre-compiled type information
4 | 
5 | #include "stdafx.h"
6 | 
7 | // TODO: reference any additional headers you need in STDAFX.H
8 | // and not in this file
9 | 


--------------------------------------------------------------------------------
/malm/stdafx.h:
--------------------------------------------------------------------------------
 1 | // stdafx.h : include file for standard i_system include files,
 2 | // or project specific include files that are used frequently, but
 3 | // are changed infrequently
 4 | //
 5 | 
 6 | #pragma once
 7 | 
 8 | #include "targetver.h"
 9 | 
10 | #include <stdio.h>
11 | #include <tchar.h>
12 | 
13 | 
14 | 
15 | // TODO: reference additional headers your program requires here
16 | 


--------------------------------------------------------------------------------
/malm/targetver.h:
--------------------------------------------------------------------------------
 1 | #pragma once
 2 | 
 3 | // The following macros define the minimum required platform.  The minimum required platform
 4 | // is the earliest version of Windows, Internet Explorer etc. that has the necessary features to run 
 5 | // your application.  The macros work by enabling all features available on platform versions up to and 
 6 | // including the version specified.
 7 | 
 8 | // Modify the following defines if you have to target a platform prior to the ones specified below.
 9 | // Refer to MSDN for the latest info on corresponding values for different platforms.
10 | #ifndef _WIN32_WINNT            // Specifies that the minimum required platform is Windows Vista.
11 | #define _WIN32_WINNT 0x0600     // Change this to the appropriate value to target other versions of Windows.
12 | #endif
13 | 
14 | 


--------------------------------------------------------------------------------
/malm/x64/Debug/BuildLog.htm:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/glmcdona/MALM/7f2bc21a70031ccfb7ee69bba09078bc785b417c/malm/x64/Debug/BuildLog.htm


--------------------------------------------------------------------------------
/malm/x64/Debug/i_heap.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/glmcdona/MALM/7f2bc21a70031ccfb7ee69bba09078bc785b417c/malm/x64/Debug/i_heap.obj


--------------------------------------------------------------------------------
/malm/x64/Debug/i_module.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/glmcdona/MALM/7f2bc21a70031ccfb7ee69bba09078bc785b417c/malm/x64/Debug/i_module.obj


--------------------------------------------------------------------------------
/malm/x64/Debug/i_process.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/glmcdona/MALM/7f2bc21a70031ccfb7ee69bba09078bc785b417c/malm/x64/Debug/i_process.obj


--------------------------------------------------------------------------------
/malm/x64/Debug/i_system.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/glmcdona/MALM/7f2bc21a70031ccfb7ee69bba09078bc785b417c/malm/x64/Debug/i_system.obj


--------------------------------------------------------------------------------
/malm/x64/Debug/malm.exe.embed.manifest:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
 2 | <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
 3 |   <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
 4 |     <security>
 5 |       <requestedPrivileges>
 6 |         <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
 7 |       </requestedPrivileges>
 8 |     </security>
 9 |   </trustInfo>
10 |   <dependency>
11 |     <dependentAssembly>
12 |       <assemblyIdentity type="win32" name="Microsoft.VC90.DebugCRT" version="9.0.21022.8" processorArchitecture="amd64" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity>
13 |     </dependentAssembly>
14 |   </dependency>
15 | </assembly>


--------------------------------------------------------------------------------
/malm/x64/Debug/malm.exe.embed.manifest.res:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/glmcdona/MALM/7f2bc21a70031ccfb7ee69bba09078bc785b417c/malm/x64/Debug/malm.exe.embed.manifest.res


--------------------------------------------------------------------------------
/malm/x64/Debug/malm.exe.intermediate.manifest:
--------------------------------------------------------------------------------
 1 | <?xml version='1.0' encoding='UTF-8' standalone='yes'?>
 2 | <assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
 3 |   <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
 4 |     <security>
 5 |       <requestedPrivileges>
 6 |         <requestedExecutionLevel level='asInvoker' uiAccess='false' />
 7 |       </requestedPrivileges>
 8 |     </security>
 9 |   </trustInfo>
10 |   <dependency>
11 |     <dependentAssembly>
12 |       <assemblyIdentity type='win32' name='Microsoft.VC90.DebugCRT' version='9.0.21022.8' processorArchitecture='amd64' publicKeyToken='1fc8b3b9a1e18e3b' />
13 |     </dependentAssembly>
14 |   </dependency>
15 | </assembly>
16 | 


--------------------------------------------------------------------------------
/malm/x64/Debug/malm.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/glmcdona/MALM/7f2bc21a70031ccfb7ee69bba09078bc785b417c/malm/x64/Debug/malm.obj


--------------------------------------------------------------------------------
/malm/x64/Debug/malm.pch:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/glmcdona/MALM/7f2bc21a70031ccfb7ee69bba09078bc785b417c/malm/x64/Debug/malm.pch


--------------------------------------------------------------------------------
/malm/x64/Debug/malm.res:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/glmcdona/MALM/7f2bc21a70031ccfb7ee69bba09078bc785b417c/malm/x64/Debug/malm.res


--------------------------------------------------------------------------------
/malm/x64/Debug/mt.dep:
--------------------------------------------------------------------------------
1 | Manifest resource last updated at 21:44:21.45 on Sun 08/12/2012 
2 | 


--------------------------------------------------------------------------------
/malm/x64/Debug/stdafx.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/glmcdona/MALM/7f2bc21a70031ccfb7ee69bba09078bc785b417c/malm/x64/Debug/stdafx.obj


--------------------------------------------------------------------------------
/malm/x64/Debug/vc90.idb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/glmcdona/MALM/7f2bc21a70031ccfb7ee69bba09078bc785b417c/malm/x64/Debug/vc90.idb


--------------------------------------------------------------------------------
/malm/x64/Debug/vc90.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/glmcdona/MALM/7f2bc21a70031ccfb7ee69bba09078bc785b417c/malm/x64/Debug/vc90.pdb


--------------------------------------------------------------------------------
/malm/x64/Release/BuildLog.htm:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/glmcdona/MALM/7f2bc21a70031ccfb7ee69bba09078bc785b417c/malm/x64/Release/BuildLog.htm


--------------------------------------------------------------------------------
/malm/x64/Release/i_ext_tool.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/glmcdona/MALM/7f2bc21a70031ccfb7ee69bba09078bc785b417c/malm/x64/Release/i_ext_tool.obj


--------------------------------------------------------------------------------
/malm/x64/Release/i_heap.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/glmcdona/MALM/7f2bc21a70031ccfb7ee69bba09078bc785b417c/malm/x64/Release/i_heap.obj


--------------------------------------------------------------------------------
/malm/x64/Release/i_module.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/glmcdona/MALM/7f2bc21a70031ccfb7ee69bba09078bc785b417c/malm/x64/Release/i_module.obj


--------------------------------------------------------------------------------
/malm/x64/Release/i_process.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/glmcdona/MALM/7f2bc21a70031ccfb7ee69bba09078bc785b417c/malm/x64/Release/i_process.obj


--------------------------------------------------------------------------------
/malm/x64/Release/i_system.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/glmcdona/MALM/7f2bc21a70031ccfb7ee69bba09078bc785b417c/malm/x64/Release/i_system.obj


--------------------------------------------------------------------------------
/malm/x64/Release/malm.exe.intermediate.manifest:
--------------------------------------------------------------------------------
 1 | <?xml version='1.0' encoding='UTF-8' standalone='yes'?>
 2 | <assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
 3 |   <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
 4 |     <security>
 5 |       <requestedPrivileges>
 6 |         <requestedExecutionLevel level='asInvoker' uiAccess='false' />
 7 |       </requestedPrivileges>
 8 |     </security>
 9 |   </trustInfo>
10 |   <dependency>
11 |     <dependentAssembly>
12 |       <assemblyIdentity type='win32' name='Microsoft.VC90.CRT' version='9.0.21022.8' processorArchitecture='amd64' publicKeyToken='1fc8b3b9a1e18e3b' />
13 |     </dependentAssembly>
14 |   </dependency>
15 | </assembly>
16 | 


--------------------------------------------------------------------------------
/malm/x64/Release/malm.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/glmcdona/MALM/7f2bc21a70031ccfb7ee69bba09078bc785b417c/malm/x64/Release/malm.obj


--------------------------------------------------------------------------------
/malm/x64/Release/malm.pch:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/glmcdona/MALM/7f2bc21a70031ccfb7ee69bba09078bc785b417c/malm/x64/Release/malm.pch


--------------------------------------------------------------------------------
/malm/x64/Release/malm.res:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/glmcdona/MALM/7f2bc21a70031ccfb7ee69bba09078bc785b417c/malm/x64/Release/malm.res


--------------------------------------------------------------------------------
/malm/x64/Release/mt.dep:
--------------------------------------------------------------------------------
1 | Manifest resource last updated at 12:46:06.52 on Sun 12/16/2012 
2 | 


--------------------------------------------------------------------------------
/malm/x64/Release/stdafx.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/glmcdona/MALM/7f2bc21a70031ccfb7ee69bba09078bc785b417c/malm/x64/Release/stdafx.obj


--------------------------------------------------------------------------------
/malm/x64/Release/vc90.idb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/glmcdona/MALM/7f2bc21a70031ccfb7ee69bba09078bc785b417c/malm/x64/Release/vc90.idb


--------------------------------------------------------------------------------
/malm/x64/Release/vc90.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/glmcdona/MALM/7f2bc21a70031ccfb7ee69bba09078bc785b417c/malm/x64/Release/vc90.pdb


--------------------------------------------------------------------------------