Skip to content

AntiCrack-DotNet

Latest
Latest
Compare
Choose a tag to compare
@AdvDebug AdvDebug released this 07 Jan 19:10
· 11 commits to main since this release
AntiCrackDotNet_1.2.8
bbd8159
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

in this new release a plenty of changes and new features has been added.

general changes:

  • improved the operation result displaying in the console.
  • added args support in which you can disable the checks of certain sections and use only the ones you need (example of arguments: --disable-antidebug, --disable-hooks, --disable-otherdetections, etc)
  • implemented a way to get the export address of a function directly without the need of using GetProcAddress or similar functions, which the functions that used GetProcAddress or similar is now replaced with this.
  • now it calls some functions using .NET internal functions directly to avoid hooks.
  • added a new "Hooks" section which will hook .NET/WinAPI functions in runtime to avoid malicious actions on the process, for now i only implemented a hook that prevents getting functions pointer (Method.MethodHandle.GetFunctionsPointer()) unless whitelisted, more to come soon.
  • overall code improvements.

Syscall changes:

  • Now we properly free the code and properly handle the code.
  • Added common syscall numbers which is used across multiple platforms if it couldn't find the syscall number based on your build number.

Anti-Debug changes:

  • Added PEB.BeingDebugged check.
  • Added PEB.NtGlobalFlag check.

Anti-Virtualization Changes:

  • Added AVX x64/x86 instructions check to see if we are in an emulator.
  • Added the x64/x86 RDRAND instruction check to see if it's properly implemented which could indicate an emulator.
  • Added flags manipulation (for x64 and x86) checks to see if it's correctly handled.

Anti dll injection (now changed to Anti-Injection) changes:

  • Added a check to check for injected threads in the process.
  • Added a way to change any module name (the tool only changes the main module of the process) and base address at runtime using PEB to prevent injections, etc.
  • Added a way to check for suspicious image base address to check for process hollowing.

Other Detections Changes:

  • Improved the check to see if the tool is invoked by another assembly by executing internal .NET functions directly and resisting hooking.
  • Fixed a bug in the secure-boot check.

Hooks Detection Changes:

  • Added a basic check to check for stealthy page guard hooking.
Assets 3
Loading