Code:
format PE DLL
entry DllMain
include 'win32a.inc'
struct PROCESS_MEMORY_COUNTERS
cb dd ?
PageFaultCount dd ?
PeakWorkingSetSize dd ?
WorkingSetSize dd ?
QuotaPeakPagedPoolUsage dd ?
QuotaPagedPoolUsage dd ?
QuotaPeakNonPagedPoolUsage dd ?
QuotaNonPagedPoolUsage dd ?
PagefileUsage dd ?
PeakPagefileUsage dd ?
ends
section '.text' code readable executable
proc PoliceMemory param
local lpMemInfo PROCESS_MEMORY_COUNTERS
invoke GetCurrentProcess
mov edi, eax
lea esi, [lpMemInfo]
mov dword [esi], sizeof.PROCESS_MEMORY_COUNTERS
.loop:
invoke K32GetProcessMemoryInfo, edi, esi, sizeof.PROCESS_MEMORY_COUNTERS
test eax, eax
jz .done
cmp [esi + PROCESS_MEMORY_COUNTERS.WorkingSetSize], 0x4000000
jbe .done
invoke SetProcessWorkingSetSize, edi, -1, -1
.done:
invoke Sleep, 5000
jmp .loop
endp
proc DllMain hModule, fdwReason, lpvReserved
cmp [fdwReason], DLL_PROCESS_ATTACH
jnz .done
invoke CreateThread, 0, 0, PoliceMemory, 0, 0, 0
test eax, eax
jz .done
invoke CloseHandle, eax
invoke DisableThreadLibraryCalls, [hModule]
.done:
mov eax, TRUE
ret
endp
section '.idata' import data readable writeable
library kernel, 'kernel32.dll'
import kernel, \
K32GetProcessMemoryInfo, 'K32GetProcessMemoryInfo', \
DisableThreadLibraryCalls, 'DisableThreadLibraryCalls', \
CreateThread, 'CreateThread', \
SetProcessWorkingSetSize, 'SetProcessWorkingSetSize', \
GetCurrentProcess, 'GetCurrentProcess', \
Sleep, 'Sleep', \
CloseHandle, 'CloseHandle'
section '.reloc' fixups data readable discardable
Virus Scans: