diff --git a/AntiCrack-DotNet/AntiDebug.cs b/AntiCrack-DotNet/AntiDebug.cs index eb1109e..1b8b559 100644 --- a/AntiCrack-DotNet/AntiDebug.cs +++ b/AntiCrack-DotNet/AntiDebug.cs @@ -6,7 +6,6 @@ using System.Diagnostics; using System.IO; using System.Threading; -using static System.Net.WebRequestMethods; using System.Windows.Forms; using System.ServiceProcess; using System.Runtime.CompilerServices; @@ -91,7 +90,7 @@ class AntiDebug private static extern bool VirtualProtect(IntPtr lpAddress, uint dwSize, uint flNewProtect, out uint lpflOldProtect); [DllImport("kernelbase.dll", SetLastError = true)] - private static extern bool VirtualFree(IntPtr lpAddress, uint dwSize,uint dwFreeType); + private static extern bool VirtualFree(IntPtr lpAddress, uint dwSize, uint dwFreeType); public static bool NtCloseAntiDebug_InvalidHandle() { @@ -345,7 +344,7 @@ public static bool ParentProcessAntiDebug() } } } - catch{}; + catch { } return false; } @@ -371,7 +370,7 @@ public static bool PageGuardAntiDebug() { memset(AllocatedSpace, 1, 0xC3); uint OldProtect = 0; - if(VirtualProtect(AllocatedSpace, SysInfo.PageSize, PAGE_EXECUTE_READWRITE | PAGE_GUARD, out OldProtect)) + if (VirtualProtect(AllocatedSpace, SysInfo.PageSize, PAGE_EXECUTE_READWRITE | PAGE_GUARD, out OldProtect)) { try { @@ -390,4 +389,4 @@ public static bool PageGuardAntiDebug() return false; } } -} \ No newline at end of file +} diff --git a/AntiCrack-DotNet/AntiDllInjection.cs b/AntiCrack-DotNet/AntiDllInjection.cs index 1b9eea1..8883a61 100644 --- a/AntiCrack-DotNet/AntiDllInjection.cs +++ b/AntiCrack-DotNet/AntiDllInjection.cs @@ -66,10 +66,20 @@ public static bool IsInjectedLibrary() if (!FileName.StartsWith(Windows) && !FileName.StartsWith(ProgramData)) IsMalicious = true; - if (FileName.StartsWith(Environment.CurrentDirectory.ToLower())) //for compatibility + if (FileName.StartsWith(Environment.CurrentDirectory.ToLower())) IsMalicious = false; } return IsMalicious; } + public static string SetDllLoadPolicy() + { + Structs.PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY policy = new Structs.PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY + { + MicrosoftSignedOnly = 1 + }; + if (SetProcessMitigationPolicy(0x10, ref policy, Marshal.SizeOf(policy))) + return "Success"; + return "Failed"; + } } -} \ No newline at end of file +} diff --git a/AntiCrack-DotNet/AntiVirtualization.cs b/AntiCrack-DotNet/AntiVirtualization.cs index 732f472..3273160 100644 --- a/AntiCrack-DotNet/AntiVirtualization.cs +++ b/AntiCrack-DotNet/AntiVirtualization.cs @@ -213,7 +213,7 @@ public static bool PortConnectionAntiVM() return false; } - public static void CrashingSandboxie() //Only use if running as x86 + public static void CrashingSandboxie() { if (!Environment.Is64BitProcess) { @@ -265,5 +265,38 @@ public static bool CheckDevices() } return false; } + public static bool CheckForParallels() + { + string[] BadDriversList = { "prl_sf", "prl_tg", "prl_eth" }; + foreach (string Drivers in Directory.GetFiles(Environment.GetFolderPath(Environment.SpecialFolder.System), "*")) + { + foreach (string BadDrivers in BadDriversList) + { + if (Drivers.Contains(BadDrivers)) + { + return true; + } + } + } + + return false; + } + + public static bool CheckForQemu() + { + string[] BadDriversList = { "qemu-ga", "qemuwmi" }; + foreach (string Drivers in Directory.GetFiles(Environment.GetFolderPath(Environment.SpecialFolder.System), "*")) + { + foreach (string BadDrivers in BadDriversList) + { + if (Drivers.Contains(BadDrivers)) + { + return true; + } + } + } + + return false; + } } -} \ No newline at end of file +} diff --git a/AntiCrack-DotNet/HooksDetection.cs b/AntiCrack-DotNet/HooksDetection.cs index ac14a6d..8536c7f 100644 --- a/AntiCrack-DotNet/HooksDetection.cs +++ b/AntiCrack-DotNet/HooksDetection.cs @@ -37,7 +37,7 @@ private static IntPtr LowLevelGetModuleHandle(string Library) LdrGetDllHandleEx(0, null, null, UnicodeString, ref hModule); return hModule; } - + private static IntPtr LowLevelGetProcAddress(IntPtr hModule, string Function) { if (IntPtr.Size == 4) @@ -195,5 +195,29 @@ public static bool DetectHooksOnCommonWinAPIFunctions(string ModuleName, string[ } return false; } + + // Additional detection method + public static bool DetectInlineHooks(string moduleName, string[] functions) + { + if (moduleName != null && functions != null) + { + try + { + foreach (string function in functions) + { + IntPtr moduleHandle = LowLevelGetModuleHandle(moduleName); + IntPtr functionHandle = LowLevelGetProcAddress(moduleHandle, function); + byte[] functionBytes = new byte[1]; + Marshal.Copy(functionHandle, functionBytes, 0, 1); + if (functionBytes[0] == 0xCC || functionBytes[0] == 0xE9) + { + return true; + } + } + } + catch { } + } + return false; + } } -} \ No newline at end of file +} diff --git a/AntiCrack-DotNet/OtherChecks.cs b/AntiCrack-DotNet/OtherChecks.cs index 4d2411d..2cdd333 100644 --- a/AntiCrack-DotNet/OtherChecks.cs +++ b/AntiCrack-DotNet/OtherChecks.cs @@ -1,9 +1,6 @@ using System; -using System.Collections.Generic; -using System.Linq; -using System.Text; -using System.Threading.Tasks; using System.Runtime.InteropServices; +using Microsoft.Win32; namespace AntiCrack_DotNet { @@ -41,7 +38,7 @@ public static bool IsTestSignedDriversAllowed() Structs.SYSTEM_CODEINTEGRITY_INFORMATION CodeIntegrityInfo = new Structs.SYSTEM_CODEINTEGRITY_INFORMATION(); CodeIntegrityInfo.Length = (uint)Marshal.SizeOf(typeof(Structs.SYSTEM_CODEINTEGRITY_INFORMATION)); uint ReturnLength = 0; - if(NtQuerySystemInformation(SystemCodeIntegrityInformation, ref CodeIntegrityInfo, (uint)Marshal.SizeOf(CodeIntegrityInfo), out ReturnLength) >= 0 && ReturnLength == (uint)Marshal.SizeOf(CodeIntegrityInfo)) + if (NtQuerySystemInformation(SystemCodeIntegrityInformation, ref CodeIntegrityInfo, (uint)Marshal.SizeOf(CodeIntegrityInfo), out ReturnLength) >= 0 && ReturnLength == (uint)Marshal.SizeOf(CodeIntegrityInfo)) { uint CODEINTEGRITY_OPTION_TESTSIGN = 0x02; if ((CodeIntegrityInfo.CodeIntegrityOptions & CODEINTEGRITY_OPTION_TESTSIGN) == CODEINTEGRITY_OPTION_TESTSIGN) @@ -85,5 +82,50 @@ public static bool IsSecureBootEnabled() } return false; } + public static bool IsVirtualizationBasedSecurityEnabled() + { + try + { + using (var searcher = new System.Management.ManagementObjectSearcher(@"root\cimv2\Security\MicrosoftVolumeEncryption", "SELECT * FROM Win32_EncryptableVolume WHERE DriveLetter = C:")) + { + foreach (var obj in searcher.Get()) + { + var protectionStatus = (uint)obj["ProtectionStatus"]; + if (protectionStatus == 1) + { + return true; + } + } + } + } + catch + { + return false; + } + return false; + } + + public static bool IsMemoryIntegrityEnabled() + { + try + { + using (RegistryKey key = Registry.LocalMachine.OpenSubKey(@"SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity")) + { + if (key != null) + { + object value = key.GetValue("Enabled"); + if (value != null && (int)value == 1) + { + return true; + } + } + } + } + catch + { + return false; + } + return false; + } } -} \ No newline at end of file +} diff --git a/AntiCrack-DotNet/Program.cs b/AntiCrack-DotNet/Program.cs index a0bb413..a35c4f3 100644 --- a/AntiCrack-DotNet/Program.cs +++ b/AntiCrack-DotNet/Program.cs @@ -8,138 +8,162 @@ namespace AntiCrack_DotNet { class Program { - public static void DisplayCheckResult(string Text, bool Result) + private class ConsoleConfig { - if (Result == true) + public static void SetDefaultColors() { - Console.Write(Text); - Console.ForegroundColor = ConsoleColor.DarkRed; - Console.Write("[Bad]\n\n"); + Console.BackgroundColor = ConsoleColor.Black; Console.ForegroundColor = ConsoleColor.White; + Console.Clear(); } - else + + public static void SetTitle(string title) + { + Console.Title = title; + } + + public static void DisplayHeader(string header) { - Console.Write(Text); - Console.ForegroundColor = ConsoleColor.DarkGreen; - Console.Write("[Good]\n\n"); + Console.ForegroundColor = ConsoleColor.Cyan; + Console.WriteLine($"\n------ {header} ------\n"); Console.ForegroundColor = ConsoleColor.White; } - } - public static void DisplayCheckResult(string Text, string Result) - { - if (Result == "[Bad]" || Result == "Failed") + public static void DisplayFooter() { - Console.Write(Text); - Console.ForegroundColor = ConsoleColor.DarkRed; - Console.Write($"{Result}\n\n"); + Console.ForegroundColor = ConsoleColor.Cyan; + Console.WriteLine("---------------------------------------------------------\n"); Console.ForegroundColor = ConsoleColor.White; } - else if (Result == "Skipped") + + public static void DisplayResult(string text, bool result, string info = "") { - Console.Write(Text); - Console.ForegroundColor = ConsoleColor.DarkYellow; - Console.Write($"[{Result}]\n\n"); + Console.Write(text); + if (result) + { + Console.ForegroundColor = ConsoleColor.Red; + Console.Write("[Bad] "); + } + else + { + Console.ForegroundColor = ConsoleColor.Green; + Console.Write("[Good] "); + } + Console.ForegroundColor = ConsoleColor.Gray; + Console.WriteLine(info); Console.ForegroundColor = ConsoleColor.White; } - else + + public static void DisplayResult(string text, string result, string info = "") { - Console.Write(Text); - Console.ForegroundColor = ConsoleColor.DarkGreen; - Console.Write($"{Result}\n\n"); + Console.Write(text); + switch (result) + { + case "[Bad]": + case "Failed": + Console.ForegroundColor = ConsoleColor.Red; + break; + case "Skipped": + Console.ForegroundColor = ConsoleColor.Yellow; + break; + default: + Console.ForegroundColor = ConsoleColor.Green; + break; + } + Console.WriteLine($"{result} {info}"); Console.ForegroundColor = ConsoleColor.White; } } private static void ExecuteAntiDebuggingTricks() { - Console.WriteLine("----------------------------------Executing Anti Debugging Tricks-------------------------------------------------------"); - DisplayCheckResult("GetForegroundWindow (Looking For Bad Active Debugger Window): ", AntiDebug.GetForegroundWindowAntiDebug()); - DisplayCheckResult("Debugger.IsAttached: ", AntiDebug.DebuggerIsAttached()); - DisplayCheckResult("Hide Threads From Debugger..... ", AntiDebug.HideThreadsAntiDebug()); - DisplayCheckResult("IsDebuggerPresent: ", AntiDebug.IsDebuggerPresentCheck()); - DisplayCheckResult("NtSetDebugFilterState Check: ", AntiDebug.NtSetDebugFilterStateAntiDebug()); - DisplayCheckResult("Page Guard Breakpoints Detection Check: ", AntiDebug.PageGuardAntiDebug()); - DisplayCheckResult("NtQueryInformationProcess ProcessDebugFlags: ", AntiDebug.NtQueryInformationProcessCheck_ProcessDebugFlags()); - DisplayCheckResult("NtQueryInformationProcess ProcessDebugPort: ", AntiDebug.NtQueryInformationProcessCheck_ProcessDebugPort()); - DisplayCheckResult("NtQueryInformationProcess ProcessDebugObjectHandle: ", AntiDebug.NtQueryInformationProcessCheck_ProcessDebugObjectHandle()); - DisplayCheckResult("NtClose (Invalid Handle): ", AntiDebug.NtCloseAntiDebug_InvalidHandle()); - DisplayCheckResult("NtClose (Protected Handle): ", AntiDebug.NtCloseAntiDebug_ProtectedHandle()); - DisplayCheckResult("Parent Process (Checking if the parent process are cmd.exe or explorer.exe): ", AntiDebug.ParentProcessAntiDebug()); - DisplayCheckResult("Hardware Registers Breakpoints Detection: ", AntiDebug.HardwareRegistersBreakpointsDetection()); - DisplayCheckResult("FindWindow (Looking For Bad Debugger Windows): ", AntiDebug.FindWindowAntiDebug()); - DisplayCheckResult("GetTickCount Anti Debug: ", "Skipped"); //it's unreliable for real anti-debug use - DisplayCheckResult("OutputDebugString Anti Debug: ", "Skipped"); //it's unreliable for real anti-debug use - DisplayCheckResult("Trying To Crash Non-Managed Debuggers with a Debugger Breakpoint..... ", "Skipped"); - //AntiDebug.DebugBreakAntiDebug(); //Not that useful, easily bypassable, and delays execution. - Console.Write("Executing OllyDbg Format String Exploit.....\n\n"); + ConsoleConfig.DisplayHeader("Executing Anti Debugging Tricks"); + ConsoleConfig.DisplayResult("GetForegroundWindow (Looking For Bad Active Debugger Window): ", AntiDebug.GetForegroundWindowAntiDebug(), "Checks if a debugger window is in the foreground."); + ConsoleConfig.DisplayResult("Debugger.IsAttached: ", AntiDebug.DebuggerIsAttached(), "Checks if a managed debugger is attached."); + ConsoleConfig.DisplayResult("Hide Threads From Debugger..... ", AntiDebug.HideThreadsAntiDebug(), "Attempts to hide threads from the debugger."); + ConsoleConfig.DisplayResult("IsDebuggerPresent: ", AntiDebug.IsDebuggerPresentCheck(), "Checks if a debugger is present."); + ConsoleConfig.DisplayResult("NtSetDebugFilterState Check: ", AntiDebug.NtSetDebugFilterStateAntiDebug(), "Sets the debug filter state."); + ConsoleConfig.DisplayResult("Page Guard Breakpoints Detection Check: ", AntiDebug.PageGuardAntiDebug(), "Detects page guard breakpoints."); + ConsoleConfig.DisplayResult("NtQueryInformationProcess ProcessDebugFlags: ", AntiDebug.NtQueryInformationProcessCheck_ProcessDebugFlags(), "Queries process debug flags."); + ConsoleConfig.DisplayResult("NtQueryInformationProcess ProcessDebugPort: ", AntiDebug.NtQueryInformationProcessCheck_ProcessDebugPort(), "Queries process debug port."); + ConsoleConfig.DisplayResult("NtQueryInformationProcess ProcessDebugObjectHandle: ", AntiDebug.NtQueryInformationProcessCheck_ProcessDebugObjectHandle(), "Queries process debug object handle."); + ConsoleConfig.DisplayResult("NtClose (Invalid Handle): ", AntiDebug.NtCloseAntiDebug_InvalidHandle(), "Tests NtClose with an invalid handle."); + ConsoleConfig.DisplayResult("NtClose (Protected Handle): ", AntiDebug.NtCloseAntiDebug_ProtectedHandle(), "Tests NtClose with a protected handle."); + ConsoleConfig.DisplayResult("Parent Process (Checking if the parent process is cmd.exe or explorer.exe): ", AntiDebug.ParentProcessAntiDebug(), "Checks if the parent process is a known process."); + ConsoleConfig.DisplayResult("Hardware Registers Breakpoints Detection: ", AntiDebug.HardwareRegistersBreakpointsDetection(), "Detects hardware register breakpoints."); + ConsoleConfig.DisplayResult("FindWindow (Looking For Bad Debugger Windows): ", AntiDebug.FindWindowAntiDebug(), "Finds windows with debugger-related titles."); + ConsoleConfig.DisplayResult("GetTickCount Anti Debug: ", "Skipped", "Unreliable for real anti-debug use."); + ConsoleConfig.DisplayResult("OutputDebugString Anti Debug: ", "Skipped", "Unreliable for real anti-debug use."); + ConsoleConfig.DisplayResult("Trying To Crash Non-Managed Debuggers with a Debugger Breakpoint..... ", "Skipped"); + Console.WriteLine("Executing OllyDbg Format String Exploit....."); AntiDebug.OllyDbgFormatStringExploit(); - DisplayCheckResult("Patching DbgUiRemoteBreakin and DbgBreakPoint To Prevent Debugger Attaching..... ", AntiDebug.AntiDebugAttach()); - Console.WriteLine("------------------------------------------------------------------------------------------------------------------------\n\n"); + ConsoleConfig.DisplayResult("Patching DbgUiRemoteBreakin and DbgBreakPoint To Prevent Debugger Attaching..... ", AntiDebug.AntiDebugAttach(), "Patches functions to prevent debugger attaching."); + ConsoleConfig.DisplayFooter(); } private static void ExecuteAntiVirtualizationTricks() { - Console.WriteLine("----------------------------------Executing Anti Virtualization Tricks--------------------------------------------------"); - DisplayCheckResult("Checking For Sandboxie Module in Current Process: ", AntiVirtualization.IsSandboxiePresent()); - DisplayCheckResult("Checking For Comodo Sandbox Module in Current Process: ", AntiVirtualization.IsComodoSandboxPresent()); - DisplayCheckResult("Checking For Cuckoo Sandbox Module in Current Process: ", AntiVirtualization.IsCuckooSandboxPresent()); - DisplayCheckResult("Checking For Qihoo360 Sandbox Module in Current Process: ", AntiVirtualization.IsQihoo360SandboxPresent()); - DisplayCheckResult("Checking If The Program are Emulated: ", AntiVirtualization.IsEmulationPresent()); - DisplayCheckResult("Checking For Blacklisted Usernames: ", AntiVirtualization.CheckForBlacklistedNames()); - DisplayCheckResult("Checking if the Program are running under wine using dll exports detection: ", AntiVirtualization.IsWinePresent()); - DisplayCheckResult("Checking For VirtualBox and VMware: ", AntiVirtualization.CheckForVMwareAndVirtualBox()); - DisplayCheckResult("Checking For KVM: ", AntiVirtualization.CheckForKVM()); - DisplayCheckResult("Checking For HyperV: ", AntiVirtualization.CheckForHyperV()); - DisplayCheckResult("Checking For Known Bad VM File Locations: ", AntiVirtualization.BadVMFilesDetection()); - DisplayCheckResult("Checking For Known Bad Process Names: ", AntiVirtualization.BadVMProcessNames()); - DisplayCheckResult("Checking For Ports (useful to detect VMs which have no ports connected): ", AntiVirtualization.PortConnectionAntiVM()); - Console.Write("Trying To Crash Sandboxie if Present......\n\n"); - DisplayCheckResult("Checking for devices created by VMs or Sandboxes: ", AntiVirtualization.CheckDevices()); + ConsoleConfig.DisplayHeader("Executing Anti Virtualization Tricks"); + ConsoleConfig.DisplayResult("Checking For Sandboxie Module in Current Process: ", AntiVirtualization.IsSandboxiePresent(), "Checks if Sandboxie is present."); + ConsoleConfig.DisplayResult("Checking For Comodo Sandbox Module in Current Process: ", AntiVirtualization.IsComodoSandboxPresent(), "Checks if Comodo Sandbox is present."); + ConsoleConfig.DisplayResult("Checking For Cuckoo Sandbox Module in Current Process: ", AntiVirtualization.IsCuckooSandboxPresent(), "Checks if Cuckoo Sandbox is present."); + ConsoleConfig.DisplayResult("Checking For Qihoo360 Sandbox Module in Current Process: ", AntiVirtualization.IsQihoo360SandboxPresent(), "Checks if Qihoo360 Sandbox is present."); + ConsoleConfig.DisplayResult("Checking If The Program is Emulated: ", AntiVirtualization.IsEmulationPresent(), "Checks if the program is emulated."); + ConsoleConfig.DisplayResult("Checking For Blacklisted Usernames: ", AntiVirtualization.CheckForBlacklistedNames(), "Checks if the username is blacklisted."); + ConsoleConfig.DisplayResult("Checking if the Program is running under wine using dll exports detection: ", AntiVirtualization.IsWinePresent(), "Checks if the program is running under Wine."); + ConsoleConfig.DisplayResult("Checking For VirtualBox and VMware: ", AntiVirtualization.CheckForVMwareAndVirtualBox(), "Checks if the program is running in VirtualBox or VMware."); + ConsoleConfig.DisplayResult("Checking For KVM: ", AntiVirtualization.CheckForKVM(), "Checks if the program is running in KVM."); + ConsoleConfig.DisplayResult("Checking For HyperV: ", AntiVirtualization.CheckForHyperV(), "Checks if the program is running in HyperV."); + ConsoleConfig.DisplayResult("Checking For Known Bad VM File Locations: ", AntiVirtualization.BadVMFilesDetection(), "Detects known bad VM file locations."); + ConsoleConfig.DisplayResult("Checking For Known Bad Process Names: ", AntiVirtualization.BadVMProcessNames(), "Detects known bad VM process names."); + ConsoleConfig.DisplayResult("Checking For Ports (useful to detect VMs which have no ports connected): ", AntiVirtualization.PortConnectionAntiVM(), "Checks for VM port connections."); + Console.WriteLine("Trying To Crash Sandboxie if Present......"); + ConsoleConfig.DisplayResult("Checking for devices created by VMs or Sandboxes: ", AntiVirtualization.CheckDevices(), "Checks for VM or sandbox devices."); AntiVirtualization.CrashingSandboxie(); - Console.WriteLine("------------------------------------------------------------------------------------------------------------------------\n\n"); + ConsoleConfig.DisplayFooter(); } private static void ExecuteAntiDllInjectionTricks() { - Console.WriteLine("----------------------------------Executing Anti Dll Injection Tricks---------------------------------------------------"); - DisplayCheckResult("Patching and Changing LoadLibraryA Page Protection To Prevent Dll Injection..... ", AntiDllInjection.PatchLoadLibraryA()); - DisplayCheckResult("Patching and Changing LoadLibraryW Page Protection Prevent Dll Injection..... ", AntiDllInjection.PatchLoadLibraryW()); - DisplayCheckResult("Taking Advantage of Binary Image Signature Mitigation Policy to Prevent Non-Microsoft Binaries From Being Injected..... ", AntiDllInjection.BinaryImageSignatureMitigationAntiDllInjection()); - DisplayCheckResult("Checking if any injected libraries are present (simple dlls path whitelist check): ", AntiDllInjection.IsInjectedLibrary()); - Console.WriteLine("------------------------------------------------------------------------------------------------------------------------\n\n"); + ConsoleConfig.DisplayHeader("Executing Anti DLL Injection Tricks"); + ConsoleConfig.DisplayResult("Patching and Changing LoadLibraryA Page Protection To Prevent DLL Injection..... ", AntiDllInjection.PatchLoadLibraryA(), "Patches LoadLibraryA to prevent DLL injection."); + ConsoleConfig.DisplayResult("Patching and Changing LoadLibraryW Page Protection To Prevent DLL Injection..... ", AntiDllInjection.PatchLoadLibraryW(), "Patches LoadLibraryW to prevent DLL injection."); + ConsoleConfig.DisplayResult("Taking Advantage of Binary Image Signature Mitigation Policy to Prevent Non-Microsoft Binaries From Being Injected..... ", AntiDllInjection.BinaryImageSignatureMitigationAntiDllInjection(), "Enforces binary image signature mitigation policy."); + ConsoleConfig.DisplayResult("Checking if any injected libraries are present (simple DLL path whitelist check): ", AntiDllInjection.IsInjectedLibrary(), "Checks for injected libraries."); + ConsoleConfig.DisplayFooter(); } private static void ExecuteOtherDetectionTricks() { - Console.WriteLine("----------------------------------Executing Other Detection Tricks-----------------------------------------------------\n"); - DisplayCheckResult("Detecting if Unsigned Drivers are Allowed to Load: ", OtherChecks.IsUnsignedDriversAllowed()); - DisplayCheckResult("Detecting if Test-Signed Drivers are Allowed to Load: ", OtherChecks.IsTestSignedDriversAllowed()); - DisplayCheckResult("Detecting if Kernel Debugging are Enabled on the System: ", OtherChecks.IsKernelDebuggingEnabled()); - DisplayCheckResult("Detecting if Secure Boot are Enabled on the System: ", OtherChecks.IsSecureBootEnabled()); - Console.WriteLine("------------------------------------------------------------------------------------------------------------------------\n\n"); + ConsoleConfig.DisplayHeader("Executing Other Detection Tricks"); + ConsoleConfig.DisplayResult("Detecting if Unsigned Drivers are Allowed to Load: ", OtherChecks.IsUnsignedDriversAllowed(), "Checks if unsigned drivers are allowed."); + ConsoleConfig.DisplayResult("Detecting if Test-Signed Drivers are Allowed to Load: ", OtherChecks.IsTestSignedDriversAllowed(), "Checks if test-signed drivers are allowed."); + ConsoleConfig.DisplayResult("Detecting if Kernel Debugging is Enabled on the System: ", OtherChecks.IsKernelDebuggingEnabled(), "Checks if kernel debugging is enabled."); + ConsoleConfig.DisplayResult("Detecting if Secure Boot is Enabled on the System: ", OtherChecks.IsSecureBootEnabled(), "Checks if secure boot is enabled."); + ConsoleConfig.DisplayFooter(); } private static void ExecuteHooksDetectionTricks() { - Console.WriteLine("----------------------------------Executing Hooks Detection Tricks------------------------------------------------------"); - DisplayCheckResult("Detecting Hooks on Common WinAPI Functions by checking for Bad Instructions on Functions Addresses (Most Effective on x64): ", HooksDetection.DetectHooksOnCommonWinAPIFunctions(null, null)); - Console.WriteLine("------------------------------------------------------------------------------------------------------------------------\n\n"); + ConsoleConfig.DisplayHeader("Executing Hooks Detection Tricks"); + ConsoleConfig.DisplayResult("Detecting Hooks on Common WinAPI Functions by checking for Bad Instructions on Functions Addresses (Most Effective on x64): ", HooksDetection.DetectHooksOnCommonWinAPIFunctions(null, null), "Detects hooks on common WinAPI functions."); + ConsoleConfig.DisplayFooter(); } static void Main(string[] args) { - Console.Title = "AntiCrack DotNet"; - Console.ForegroundColor = ConsoleColor.White; - for (;;) + ConsoleConfig.SetDefaultColors(); + ConsoleConfig.SetTitle("AntiCrack DotNet"); + while (true) { ExecuteAntiDebuggingTricks(); ExecuteAntiVirtualizationTricks(); ExecuteAntiDllInjectionTricks(); ExecuteOtherDetectionTricks(); ExecuteHooksDetectionTricks(); + Console.WriteLine("Press Enter to run again or Ctrl+C to exit..."); Console.ReadLine(); } } } -} \ No newline at end of file +} diff --git a/AntiCrack-DotNet/Structs.cs b/AntiCrack-DotNet/Structs.cs index 339b4a3..2e2e59c 100644 --- a/AntiCrack-DotNet/Structs.cs +++ b/AntiCrack-DotNet/Structs.cs @@ -95,11 +95,11 @@ public struct SYSTEM_INFO public IntPtr MinimumApplicationAddress; public IntPtr MaximumApplicationAddress; public IntPtr ActiveProcessorMask; - public uint AumberOfProcessors; + public uint NumberOfProcessors; public uint ProcessorType; public uint AllocationGranularity; public ushort ProcessorLevel; public ushort ProcessorRevision; } } -} \ No newline at end of file +}