Parsi Coders
[C#][Snippets] Anti-WPE, Wireshark, Sandboxie, Emulation - نسخه قابل چاپ

+- Parsi Coders (http://parsicoders.com)
+-- انجمن: Cracking / Anti Crack (http://parsicoders.com/forumdisplay.php?fid=75)
+--- انجمن: Anti Debug (http://parsicoders.com/forumdisplay.php?fid=76)
+--- موضوع: [C#][Snippets] Anti-WPE, Wireshark, Sandboxie, Emulation (/showthread.php?tid=910)

[C#][Snippets] Anti-WPE, Wireshark, Sandboxie, Emulation - Amin_Mansouri - 09-22-2011

Anti-Sandboxie:

Code:
کد:
[DllImport("kernel32.dll")]
public static extern IntPtr GetModuleHandle(string lpModuleName);

private void DetectSandboxie()
{
    if (GetModuleHandle("SbieDll.dll").ToInt32() != 0)
    {
        // Sandboxie Detected
        // Code Here
    }
}

Anti-Emulation:

Code:
کد:
private void DetectEmulation()
{
    long tickCount = Environment.TickCount;
    Thread.Sleep(500);
    long tickCount2 = Environment.TickCount;
    if (((tickCount2 - tickCount) < 500L))
    {
         // Emulation Detected
         // Code Here
    }
}

Anti-Wireshark:

Code:
کد:
private void DetectWireshark()
{
    Process[] ProcessList = Process.GetProcesses();
    foreach (Process proc in ProcessList)
    {
         if (proc.MainWindowTitle.Equals("The Wireshark Network Analyzer"))
         {
              // Wireshark Detected
              // Code Here
         }
    }
}

Anti-WPE:

Code:
کد:
private void DetectWPE()
{
    Process[] ProcessList = Process.GetProcesses();
    foreach (Process proc in ProcessList)
    {
         if (proc.MainWindowTitle.Equals("WPE PRO"))
         {
              // WPE Detected
              // Code Here
         }
    }
}


RE: [C#][Snippets] Anti-WPE, Wireshark, Sandboxie, Emulation - MBlackHat - 02-19-2015

با سلام خدمت اساتید محترم
این قسمت ارور میده علتش چیه؟
DllImport
به این صورت در کلاس قرار دادم
کد پی‌اچ‌پی:
using System;
using System.Collections.Generic;
using System.Text;

namespace pop
{
    class Class2
    {
        [DllImport("kernel32.dll")]
        public static extern IntPtr GetModuleHandle(string lpModuleName);

        private void DetectSandboxie()
        {
            if (GetModuleHandle("SbieDll.dll").ToInt32() != 0)
            {
                // Sandboxie Detected
                // Code Here
            }
        }
    }