• ¡Welcome to Square Theme!
  • This news are in header template.
  • Please ignore this message.
مهمان عزیز خوش‌آمدید. ورود عضــویت


امتیاز موضوع:
  • 31 رای - 2.84 میانگین
  • 1
  • 2
  • 3
  • 4
  • 5
Title: [UNIT] SAD (Simple Anti Debug) Magic_h2001
حالت خطی
#1
کد:
unit AntiDbg;
{
very simple AntiDebug Unit for Delphi
can detect most debuggers:
OllyDBG,Immunity Debugger,WinDbg,W32DAsm,IDA,....
SoftICE,Syser,TRW,TWX

Tested on Win9x-Me-2k-XP-2k3-Vista

Coded by: Magic_h2001

magic_h2001@yahoo.com
http://magic.shabgard.org

just for fun ;)
}

interface

uses Windows,SysUtils,TlHelp32;

function IsDBG:Boolean;

implementation

var
Found:Boolean=False;
hSnapmod: THANDLE;
ModInfo: MODULEENTRY32;
hSnap: THANDLE;
ProcessInfo: PROCESSENTRY32;
ProcID:DWORD;
Tm1,Tm2:Int64;

function IsDebuggerPresent():BOOL; stdcall;external 'kernel32.dll' name 'IsDebuggerPresent';

function GetSys:string;
var
  Gsys : array[0..MAX_PATH] of Char;
begin
  GetSystemDirectory(Gsys,MAX_PATH);
  Result:=Gsys;
  if length(Result)>0 then
  if Result[length(Result)]<>'\' then Result:=Result+'\';
end;

function UpCaseStr(S:string):String;
var i:integer;
begin
  Result:=s;
  if s='' then exit;
  for i:=1 to length(s) do
    Result[i]:=upcase(Result[i]);
end;

function RDTSC: Int64; assembler;
asm
  PUSH EDI
  PUSH EDI
  PUSH EDI
  PUSH EDI
  DB 0fh ,031h
  POP EDI
  POP EDI
  POP EDI
  POP EDI
end;

function IsRing0DBG(S:string): boolean;
var hFile: Thandle;
begin
  Result := False;
  hFile := CreateFileA(Pchar(S), GENERIC_READ or GENERIC_WRITE,
    0, nil, OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL, 0);
  if( hFile <> INVALID_HANDLE_VALUE ) then begin
    CloseHandle(hFile);
    Result := TRUE;
  end;
end;

function IsDBG:Boolean;
var i: Integer;
begin
  Tm1:=RDTSC;
  for i:=0 to 255 do
    OutputDebugStringA('kernel32.dll');
  Tm2:=RDTSC-Tm1;
  if Tm2<9999 then Found:=True;
  if Tm2>299999999 then Found:=True;
  hSnap:=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
  ProcessInfo.dwSize:=sizeof(PROCESSENTRY32);
  Process32First(hSnap,ProcessInfo);
  repeat
   if Pos('OLLYDBG',UpCaseStr(ProcessInfo.szExeFile))<>0 then Found:=True;
   if Pos('DBG',UpCaseStr(ProcessInfo.szExeFile))<>0 then Found:=True;
   if Pos('DEBUG',UpCaseStr(ProcessInfo.szExeFile))<>0 then Found:=True;
   if Pos('IDAG',UpCaseStr(ProcessInfo.szExeFile))<>0 then Found:=True;
   if Pos('W32DSM',UpCaseStr(ProcessInfo.szExeFile))<>0 then Found:=True;
   ProcID:=ProcessInfo.th32ProcessID;
   hSnapMod:=CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,ProcID);
   ModInfo.dwSize:=sizeof(MODULEENTRY32);
   Module32First(hSnapMod,ModInfo);
   repeat
    if Pos('OLLYDBG',UpCaseStr(ModInfo.szExePath))<>0 then Found:=True;
    if Pos('W32DSM',UpCaseStr(ModInfo.szExePath))<>0 then Found:=True;
   until (not Module32Next(hSnapMod,ModInfo));
   CloseHandle(hSnapMod);
  until (not Process32Next(hSnap,ProcessInfo));
  CloseHandle(hSnap);
  if FileExists(GetSys+'drivers\sice.sys') then Found:=True;
  if FileExists(GetSys+'drivers\ntice.sys') then Found:=True;
  if FileExists(GetSys+'drivers\syser.sys') then Found:=True;
  if FileExists(GetSys+'drivers\winice.sys') then Found:=True;
  if FileExists(GetSys+'drivers\sice.vxd') then Found:=True;
  if FileExists(GetSys+'drivers\winice.vxd') then Found:=True;
  if FileExists(GetSys+'winice.vxd') then Found:=True;
  if FileExists(GetSys+'vmm32\winice.vxd') then Found:=True;
  if FileExists(GetSys+'sice.vxd') then Found:=True;
  if FileExists(GetSys+'vmm32\sice.vxd') then Found:=True;
  if IsDebuggerPresent then Found:=True;
  if IsRing0DBG('\\.\SICE') then Found:=True;
  if IsRing0DBG('\\.\SIWVID') then Found:=True;
  if IsRing0DBG('\\.\NTICE') then Found:=True;
  if IsRing0DBG('\\.\TRW') then Found:=True;
  if IsRing0DBG('\\.\TWX') then Found:=True;
  if IsRing0DBG('\\.\ICEEXT') then Found:=True;
  if IsRing0DBG('\\.\SYSER') then Found:=True;
  Result:=Found;
end;

end.
گروه دور همی پارسی کدرز
https://t.me/joinchat/GxVRww3ykLynHFsdCvb7eg
 
پاسخ
  


پیام‌های این موضوع
[UNIT] SAD (Simple Anti Debug) Magic_h2001 - توسط Amin_Mansouri - 10-18-2011، 01:25 AM

موضوعات مشابه ...
موضوع نویسنده پاسخ بازدید آخرین ارسال
  [Delphi] Simple Code Virtualization (Virtual Machine / Emulator) Amin_Mansouri 1 5,558 03-15-2013، 01:35 AM
آخرین ارسال: Saeed7007
  Anti Norman Online SandBox Amin_Mansouri 0 4,431 10-18-2011، 03:39 AM
آخرین ارسال: Amin_Mansouri
  DELPHI OutputDebugStringA Anti Emulator ShellCode Amin_Mansouri 0 4,477 10-17-2011، 11:00 PM
آخرین ارسال: Amin_Mansouri
  [Snip] Another anti debugger procedure Amin_Mansouri 0 4,274 10-17-2011، 08:19 PM
آخرین ارسال: Amin_Mansouri
  [DELPHI]Anti JoeBox, CwSandbox, Anubis Amin_Mansouri 0 4,687 10-16-2011، 09:25 PM
آخرین ارسال: Amin_Mansouri
  [DELPHI]Anti ThreatExpert Amin_Mansouri 0 4,134 10-16-2011، 08:20 PM
آخرین ارسال: Amin_Mansouri
  Delphi Anti Virtual PC/VMware Amin_Mansouri 0 4,459 09-22-2011، 12:39 AM
آخرین ارسال: Amin_Mansouri

پرش به انجمن:


Browsing: 2 مهمان