C# Project contains a plenty of Advanced Anti-Debugging, Anti-Virtualization, Anti Dll-Injection and Anti-Hooking Techniques.
New Features:
Improved:
New Features:
Improvements:
Improved Hooks Detection
new Anti-Debugging Methods:
Parent Process Name Checking.
GetForegroundWindow.
Now CloseHandle are replaced with NtClose and it's now in two categories: Invalid Handle, Protected Handle.
Added Patching DbgBreakPoint for Anti-Debugging Attach.
new Anti-Virtualization Methods:
Checking For Known Bad VM File Locations.
Checking For Known Bad Process Names.
Checking For Ports on the system.
New Detection Categories Added:
Hooks Detection (Checking for hooks on common anti-debugging functions)
Other Detections (checks if unsigned/test-signed drivers are allowed to load)
this release also contains a console output improvements.
Anti-Debugging: Added Hardware Breakpoints Detection, Replacing CheckRemoteDebuggerPresent with NtQueryInformationProcessCheck with 3 other checks: ProcessDebugFlags, ProcessDebugPort, ProcessDebugObjectHandle.
Anti-Dll Injection: Taking Advantage of Binary Image Mitigation Policy to prevent injecting Non-Microsoft Binaries.
First Release.