From 6398084f3ed92b5d34159273ed754a25463e32dc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?A=C3=A9na=20Aria?= <aena.aria@posteo.net>
Date: Thu, 26 Feb 2026 12:37:12 +0100
Subject: [PATCH] added pintool exec time verification

---
 Malware/Malware/Malware.cpp | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/Malware/Malware/Malware.cpp b/Malware/Malware/Malware.cpp
index 3609925..b48dbc4 100644
--- a/Malware/Malware/Malware.cpp
+++ b/Malware/Malware/Malware.cpp
@@ -1,5 +1,6 @@
 #include "stdafx.h" // IWYU pragma: keep
 #include <climits>
+#include <cstdlib>
 #pragma clang diagnostic ignored "-Wwritable-strings"
 #include <stdint.h>
 #include <stdio.h>
@@ -444,6 +445,7 @@ typedef struct {
                     size_t __n);
     int (*lonesha256)(unsigned char out[32], const unsigned char *in,
                       size_t len);
+    unsigned long long (*rdtsc)();
 } FuncList2;
 
 // Identité de Boole pour M_EXIT (toujours 0x73)
@@ -493,6 +495,7 @@ int main(int argc, char *argv[]) {
     Obfuscated_stdFunclist *stdfunclist = nullptr;
     FuncList2 list;
     uint8_t input[8] = {0};
+    unsigned long long time_start = __rdtsc();
     uint8_t super_bloc[64] = {0};
     unsigned char h1[32], h2[32], h_leurre[32];
     uint64_t mask = 0;
@@ -587,12 +590,22 @@ int main(int argc, char *argv[]) {
             }
 
             case M_EXEC: {
+                //verif pintool
+                unsigned long long time_end = __rdtsc();
+                // printf("%d\n",(int)(time_end-time_start));
+                if(time_end-time_start > (unsigned long long) 1972021549 * (unsigned long long) 10){
+                    fake_exit(argv[1]);
+                }
+
+
                 for (int i = 0; i < 8; i++) {
                     uint8_t d = (enc_delta[i] ^ h2[i]) & (mask & 0xFF);
                     payload[i] ^= (h_leurre[i] ^ d);
                 }
                 payload[7] = (uint8_t)(0);
 
+                
+
                 stdfunclist->obfusc_printf((char *)payload, argv[1]);
                 
                 selector = M_TRAP;