AntiCrack-DotNet

in this new release a plenty of changes and new features has been added.

general changes:

• improved the operation result displaying in the console.
• added args support in which you can disable the checks of certain sections and use only the ones you need (example of arguments: --disable-antidebug, --disable-hooks, --disable-otherdetections, etc)
• implemented a way to get the export address of a function directly without the need of using GetProcAddress or similar functions, which the functions that used GetProcAddress or similar is now replaced with this.
• now it calls some functions using .NET internal functions directly to avoid hooks.
• added a new "Hooks" section which will hook .NET/WinAPI functions in runtime to avoid malicious actions on the process, for now i only implemented a hook that prevents getting functions pointer (Method.MethodHandle.GetFunctionsPointer()) unless whitelisted, more to come soon.
• overall code improvements.

Syscall changes:

• Now we properly free the code and properly handle the code.
• Added common syscall numbers which is used across multiple platforms if it couldn't find the syscall number based on your build number.

Anti-Debug changes:

• Added PEB.BeingDebugged check.
• Added PEB.NtGlobalFlag check.

Anti-Virtualization Changes:

• Added AVX x64/x86 instructions check to see if we are in an emulator.
• Added the x64/x86 RDRAND instruction check to see if it's properly implemented which could indicate an emulator.
• Added flags manipulation (for x64 and x86) checks to see if it's correctly handled.

Anti dll injection (now changed to Anti-Injection) changes:

• Added a check to check for injected threads in the process.
• Added a way to change any module name (the tool only changes the main module of the process) and base address at runtime using PEB to prevent injections, etc.
• Added a way to check for suspicious image base address to check for process hollowing.

Other Detections Changes:

• Improved the check to see if the tool is invoked by another assembly by executing internal .NET functions directly and resisting hooking.
• Fixed a bug in the secure-boot check.

Hooks Detection Changes:

• Added a basic check to check for stealthy page guard hooking.

AntiCrack-DotNet

This is kinda of a late update, but here we are, with some bug fixes, improvments, etc.

• Fixed a bug in Setting DLL Policy Mitigation.
• Added initial syscall support for some anti debugging options (not all of them yet) to avoid some anti-anti-debuggers and other hooking solutions like scyllahide.
• Added calls that would make it harder for harmony hooks to detect like Marshal.Copy, etc.
• Removed LoadLibraryA/LoadLibraryW Patching as it is useless for production apps.
• Fixed a bug in hardware breakpoints detection.
• overall improvements and bug fixes.

AntiCrack-DotNet

Improved CLR Functions hooks detection.

AntiCrack-DotNet

some code improvements and any.run detection by LimerBoy.

AntiCrack-DotNet

some changes made in the console ui and some added features.

Features Added:

• Detection for Triage. (thanks to 1)
• Detection for Parallels (thanks to 1)
• Detection for Qemu. (thanks to 1)
• Detection for Virtualization-Based Security. (thanks to 1)
• Detection for Memory Integrity Protection. (thanks to 1)
• Detection for Invoked Assembly.
• Detection for CLR Functions Hooking.

Improvements:

• Improved Console UI. (thanks to 1)
• General Code Improvements. (thanks to 1)
• WinAPI hooking detection improvements.

AntiCrack-DotNet

New Features:

• Added NtSetDebugFilterState check
• Added Page Guard breakpoints detection
• Added a check for devices created by sandboxes or VMs
• Added a check for injected libraries by adding dll path whitelisting check
• Added secure boot detection

Improved:

• improved hooking detection
• some optimizations

AntiCrack-DotNet

New Features:

• Added a Detection to check if Kernel Debugging Enabled on the system.

Improvements:

• Improved Hooks Detection Code by replacing it's WinAPI calls with a lower-level ones and adding kernelbase.dll module.

AntiCrack-DotNet

Improved Hooks Detection

AntiCrack-DotNet

new Anti-Debugging Methods:

• Parent Process Name Checking.

• GetForegroundWindow.

• Now CloseHandle are replaced with NtClose and it's now in two categories: Invalid Handle, Protected Handle.

• Added Patching DbgBreakPoint for Anti-Debugging Attach.

new Anti-Virtualization Methods:

• Checking For Known Bad VM File Locations.

• Checking For Known Bad Process Names.

• Checking For Ports on the system.

New Detection Categories Added:

• Hooks Detection (Checking for hooks on common anti-debugging functions)

• Other Detections (checks if unsigned/test-signed drivers are allowed to load)

this release also contains a console output improvements.

AntiCrack-DotNet

Anti-Debugging: Added Hardware Breakpoints Detection, Replacing CheckRemoteDebuggerPresent with NtQueryInformationProcessCheck with 3 other checks: ProcessDebugFlags, ProcessDebugPort, ProcessDebugObjectHandle.

Anti-Dll Injection: Taking Advantage of Binary Image Mitigation Policy to prevent injecting Non-Microsoft Binaries.