AntiCrack-DotNet

Added some new important features for anti-injection.

• Added the option to change the PE info of a module in runtime, including AddressOfEntryPoint, SizeOfImage, NumberOfSections, Image Magic, etc. which would prevent runtime info lookups, dumping, and modifications.

• Added a way to change the image magic of the CLR to prevent info lookups which can make other external processes see the assemblies that exist in the process by using the debugger export table, but now external processes think that it doesn't exist, which makes us hide our assemblies.

• some code improvements.

AntiCrack-DotNet

in this new release a plenty of changes and new features has been added.

general changes:

• improved the operation result displaying in the console.
• added args support in which you can disable the checks of certain sections and use only the ones you need (example of arguments: --disable-antidebug, --disable-hooks, --disable-otherdetections, etc)
• implemented a way to get the export address of a function directly without the need of using GetProcAddress or similar functions, which the functions that used GetProcAddress or similar is now replaced with this.
• now it calls some functions using .NET internal functions directly to avoid hooks.
• added a new "Hooks" section which will hook .NET/WinAPI functions in runtime to avoid malicious actions on the process, for now i only implemented a hook that prevents getting functions pointer (Method.MethodHandle.GetFunctionsPointer()) unless whitelisted, more to come soon.
• overall code improvements.

Syscall changes:

• Now we properly free the code and properly handle the code.
• Added common syscall numbers which is used across multiple platforms if it couldn't find the syscall number based on your build number.

Anti-Debug changes:

• Added PEB.BeingDebugged check.
• Added PEB.NtGlobalFlag check.

Anti-Virtualization Changes:

• Added AVX x64/x86 instructions check to see if we are in an emulator.
• Added the x64/x86 RDRAND instruction check to see if it's properly implemented which could indicate an emulator.
• Added flags manipulation (for x64 and x86) checks to see if it's correctly handled.

Anti dll injection (now changed to Anti-Injection) changes:

• Added a check to check for injected threads in the process.
• Added a way to change any module name (the tool only changes the main module of the process) and base address at runtime using PEB to prevent injections, etc.
• Added a way to check for suspicious image base address to check for process hollowing.

Other Detections Changes:

• Improved the check to see if the tool is invoked by another assembly by executing internal .NET functions directly and resisting hooking.
• Fixed a bug in the secure-boot check.

Hooks Detection Changes:

• Added a basic check to check for stealthy page guard hooking.

AntiCrack-DotNet

This is kinda of a late update, but here we are, with some bug fixes, improvments, etc.

• Fixed a bug in Setting DLL Policy Mitigation.
• Added initial syscall support for some anti debugging options (not all of them yet) to avoid some anti-anti-debuggers and other hooking solutions like scyllahide.
• Added calls that would make it harder for harmony hooks to detect like Marshal.Copy, etc.
• Removed LoadLibraryA/LoadLibraryW Patching as it is useless for production apps.
• Fixed a bug in hardware breakpoints detection.
• overall improvements and bug fixes.

AntiCrack-DotNet

Improved CLR Functions hooks detection.

AntiCrack-DotNet

some code improvements and any.run detection by LimerBoy.

AntiCrack-DotNet

some changes made in the console ui and some added features.

Features Added:

• Detection for Triage. (thanks to 1)
• Detection for Parallels (thanks to 1)
• Detection for Qemu. (thanks to 1)
• Detection for Virtualization-Based Security. (thanks to 1)
• Detection for Memory Integrity Protection. (thanks to 1)
• Detection for Invoked Assembly.
• Detection for CLR Functions Hooking.

Improvements:

• Improved Console UI. (thanks to 1)
• General Code Improvements. (thanks to 1)
• WinAPI hooking detection improvements.

AntiCrack-DotNet

New Features:

• Added NtSetDebugFilterState check
• Added Page Guard breakpoints detection
• Added a check for devices created by sandboxes or VMs
• Added a check for injected libraries by adding dll path whitelisting check
• Added secure boot detection

Improved:

• improved hooking detection
• some optimizations

AntiCrack-DotNet

New Features:

• Added a Detection to check if Kernel Debugging Enabled on the system.

Improvements:

• Improved Hooks Detection Code by replacing it's WinAPI calls with a lower-level ones and adding kernelbase.dll module.

AntiCrack-DotNet

Improved Hooks Detection

AntiCrack-DotNet

new Anti-Debugging Methods:

• Parent Process Name Checking.

• GetForegroundWindow.

• Now CloseHandle are replaced with NtClose and it's now in two categories: Invalid Handle, Protected Handle.

• Added Patching DbgBreakPoint for Anti-Debugging Attach.

new Anti-Virtualization Methods:

• Checking For Known Bad VM File Locations.

• Checking For Known Bad Process Names.

• Checking For Ports on the system.

New Detection Categories Added:

• Hooks Detection (Checking for hooks on common anti-debugging functions)

• Other Detections (checks if unsigned/test-signed drivers are allowed to load)

this release also contains a console output improvements.