Como lo prometido es deuda aqui van los codigos:
Código
#ifndef __ClsAntiDebug__ #define __ClsAntiDebug__ #include <windows.h> #include <tlhelp32.h> class ClsAntiDebug { private: bool Debugged; public: ClsAntiDebug(); void __declspec() PEBDebug(); void __declspec() NTGlobalDebug(); void __declspec() DebuggerActive(); void __declspec() TimeStamp(int time, void *func); void Protect(void *func); bool IsDebugged(); }; #endif
Aqui debajo estan las declaraciones de los metodos en la clase:
Código
#include "AntiDebug.h" ClsAntiDebug::ClsAntiDebug() { this->Debugged=false; } bool ClsAntiDebug::IsDebugged() { return this->Debugged; } void __declspec() ClsAntiDebug::PEBDebug() { __asm { _PEBLoop: push 500 call dword ptr ds:[Sleep] xor edx, edx mov dl,0x30 mov esi, fs:[edx] movzx eax, byte ptr[esi+2] dec eax jne _PEBLoop inc eax } this->Debugged = true; } void __declspec() ClsAntiDebug::NTGlobalDebug() { __asm { _NTLoop: push 500 call dword ptr ds:[Sleep] xor edx, edx mov dl,0x30 mov esi, fs:[edx] movzx eax, byte ptr[esi+0x68] and eax,eax je _NTLoop xor eax,eax inc eax } this->Debugged = true; } void __declspec() ClsAntiDebug::DebuggerActive() { HANDLE hProcSnap; PROCESSENTRY32 pProcess; LPTSTR Exename; int strlength; int deb[3]={18416231/*IDA Pro*/,997340682/*W32DASM*/,1853255255/*OllyDbg*/}; int i; do { hProcSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0); pProcess.dwSize = sizeof(PROCESSENTRY32); Process32First(hProcSnap,&pProcess); do { strlength = strlen(pProcess.szExeFile); __asm { lea eax,[pProcess.szExeFile] mov ecx,dword ptr[strlength] xor edx,edx xor edi, edi push edi gethash: pop edi xor dl, byte ptr[eax+edi] rol edx,8 inc edi push edi xor edi,ecx jne gethash mov [strlength],edx/*We don't need strlength, so we recycle to get The Hash on Int Variable*/ pop edi } for(i=0;i<3;i++)if (strlength==deb[i]) { this->Debugged = true; __asm{jmp ___end} } }while(Process32Next(hProcSnap,&pProcess)); Sleep(500); }while(1); __asm {___end:} } void __declspec() ClsAntiDebug::Protect(void *func) { do { switch(GetTickCount()%4) { case 0:this->PEBDebug();break; case 1:this->NTGlobalDebug();break; case 2:this->DebuggerActive();break; }; if (this->Debugged) { __asm { call [func] } } Sleep(500); }while(1); } void __declspec() ClsAntiDebug::TimeStamp(int time,void *func) { __asm { rdtsc mov ebx,eax call [func] rdtsc sub eax, ebx cmp eax, [time] jna ___rtend } this->Debugged = true; __asm{___rtend: } }
Aqui tenemos una muestra de como utilizar la clase:
Código
#pragma comment(linker,"/ENTRY:main") #include "AntiDebug.h" void CALLBACK HolaMundo() { int i; i++; i++; } int __declspec() main() { ClsAntiDebug *Debugger=new(ClsAntiDebug); Debugger->TimeStamp(200,HolaMundo); if (Debugger->IsDebugged())MessageBox(0,"Hola","Mundo",0); Debugger->Protect(HolaMundo); return 0; }