AntiCrack DotNet Versions Save

New Features:

• Added NtSetDebugFilterState check
• Added Page Guard breakpoints detection
• Added a check for devices created by sandboxes or VMs
• Added a check for injected libraries by adding dll path whitelisting check
• Added secure boot detection

Improved:

• improved hooking detection
• some optimizations

New Features:

• Added a Detection to check if Kernel Debugging Enabled on the system.

Improvements:

• Improved Hooks Detection Code by replacing it's WinAPI calls with a lower-level ones and adding kernelbase.dll module.

Improved Hooks Detection

new Anti-Debugging Methods:

• Parent Process Name Checking.

• GetForegroundWindow.

• Now CloseHandle are replaced with NtClose and it's now in two categories: Invalid Handle, Protected Handle.

• Added Patching DbgBreakPoint for Anti-Debugging Attach.

new Anti-Virtualization Methods:

• Checking For Known Bad VM File Locations.

• Checking For Known Bad Process Names.

• Checking For Ports on the system.

New Detection Categories Added:

• Hooks Detection (Checking for hooks on common anti-debugging functions)

• Other Detections (checks if unsigned/test-signed drivers are allowed to load)

this release also contains a console output improvements.

Anti-Debugging: Added Hardware Breakpoints Detection, Replacing CheckRemoteDebuggerPresent with NtQueryInformationProcessCheck with 3 other checks: ProcessDebugFlags, ProcessDebugPort, ProcessDebugObjectHandle.

Anti-Dll Injection: Taking Advantage of Binary Image Mitigation Policy to prevent injecting Non-Microsoft Binaries.

First Release.