Hey there, i’ve been lurking around this forum for a long time, decided to do something funny and help yall out. Was bored lately, so i put together an Anydesk incoming connection ID grabber, it pretty much messes with the Anydesk’s specific window memory. Why would you use this piece of software? Well, mainly because i thought of another potential method for ‘reversing’ the connections with Anydesk to the scammers themselves within 2-3 seconds after they send you the request of connection.
How would ‘reversing’ the connection work?
As soon as the scammer sends you the request, my C++ program (compiled for Windows, working with Windows.h API) would scan for the incoming Anydesk window, follow a pointer to a memory address within the window’s process, then simply grab the value and copy it to your clipboard automatically. If you have a clipboard share between VM and the Host machine, you can get it passed into your different machine if needed to reverse the connection or do it from your main PC even.
As soon as it does that, and when the incoming connection is detected, it closes itself and you can quickly paste their ID into your AnyDesk to request a connection from them instead. It happens to be so fast, that you could do this in an instant.
I am planning on updating the software if the offsets/memory address changes manually, because i am too lazy to implement a pattern scanner for the specific function/memory address within the memory itself.
How to know, if this is not malware? Well, i am adding a .pdb file & CheatEngine table for the memory addresses, both of them allows you understand the layout of the processes memory and to load in the Program Debug Database and reverse-engineer the .exe file into IDA / Ghidra, so you can trace/analyze it’s exact executable logic, its fairly simple. It uses Windows.h’s RPM and WPM (Read/WriteProcessMemory), which should generally be raising flags in some antiviruses, but its completely normal.
Source code including project files, reuse it however you want.
https://github.com/someoneidk0xfffffffff/anydesk_id_SB
Download from Github releases:
You can ask me about anything on my discord: wielkiryba015