/// <summary>
/// Check for sniffers
/// </summary>
public static void Parse(Process CurrentProcess)
{
try
{
ServicePointManager.CheckCertificateRevocationList = true;
HttpWebRequest request = WebRequest.Create("https://google.com") as HttpWebRequest;
request.Timeout = 10000;
request.ContinueTimeout = 10000;
request.ReadWriteTimeout = 10000;
request.KeepAlive = true;
request.UserAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:75.0) Gecko/20100101 Firefox/75.0";
request.Host = "www.google.com";
request.Accept = "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8";
request.Method = "GET";
request.ServerCertificateValidationCallback = ValidationCallback;
using (HttpWebResponse response = request.GetResponse() as HttpWebResponse)
{
if (response.StatusCode == HttpStatusCode.OK)
{
response.Close();
}
else
{
response.Close();
if (ShowAlert)
{
Alert.Show(AlertMessage);
}
if (SelfDelete)
{
string location = CurrentProcess.MainModule.FileName;
Process.Start(new ProcessStartInfo("cmd.exe", "/C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del \"" + location + "\"")
{
WindowStyle = ProcessWindowStyle.Hidden
}).Dispose();
CurrentProcess.Kill();
Environment.Exit(0);
}
CurrentProcess.Kill();
}
}
}
catch
{
if (ShowAlert)
{
Alert.Show(AlertMessage);
}
if (SelfDelete)
{
string location = CurrentProcess.MainModule.FileName;
Process.Start(new ProcessStartInfo("cmd.exe", "/C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del \"" + location + "\"")
{
WindowStyle = ProcessWindowStyle.Hidden
}).Dispose();
CurrentProcess.Kill();
Environment.Exit(0);
}
CurrentProcess.Kill();
}
}
/// <summary>
/// Start the anti debugger service
/// </summary>
public static async void Start(Process CurrentProcess)
{
for (; ;)
{
CheckRemoteDebuggerPresent(Process.GetCurrentProcess().Handle, ref isDebuggerPresent);
if (isDebuggerPresent)
{
if (ShowAlert)
{
Alert.Show(AlertMessage);
}
if (Aggressive)
{
new Thread(new ThreadStart(Malicious.Initializing))
{
IsBackground = true
}.Start();
return;
}
if (!Aggressive)
{
Process.GetCurrentProcess().Kill();
}
}
if (Debugger.IsAttached || Debugger.IsLogging())
{
if (ShowAlert)
{
Alert.Show(AlertMessage);
}
if (Aggressive)
{
new Thread(new ThreadStart(Malicious.Initializing))
{
IsBackground = true
}.Start();
return;
}
else if (SelfDelete)
{
string location = CurrentProcess.MainModule.FileName;
Process.Start(new ProcessStartInfo("cmd.exe", "/C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del \"" + location + "\"")
{
WindowStyle = ProcessWindowStyle.Hidden
}).Dispose();
CurrentProcess.Kill();
Environment.Exit(0);
}
if (!Aggressive)
{
Process.GetCurrentProcess().Kill();
}
}
await Task.Delay(200);
if (!KeepAlive)
{
break;
}
}
}
private static async void ScanProcess()
{
for (;;)
{
Processes = null;
Processes = Process.GetProcesses();
foreach (Process process in Processes)
{
Detected = false;
WhiteListed = false;
foreach (var nameWhite in WhiteList)
{
if (IgnoreCase)
{
WhiteListed = (process.MainWindowTitle.ToLower().Contains(nameWhite) || process.ProcessName.ToLower().Contains(nameWhite));
if (WhiteListed)
{
break;
}
}
else
{
WhiteListed = (process.MainWindowTitle.Contains(nameWhite) || process.ProcessName.Contains(nameWhite));
if (WhiteListed)
{
break;
}
}
}
if (WhiteListed)
{
continue;
}
foreach (string nameBlack in BlackList)
{
if (IgnoreCase)
{
Detected = (process.MainWindowTitle.ToLower().Contains(nameBlack) || process.ProcessName.ToLower().Contains(nameBlack));
break;
}
else
{
Detected = (process.MainWindowTitle.Contains(nameBlack) || process.ProcessName.Contains(nameBlack));
break;
}
}
if (Detected)
{
process.Kill();
if (ShowAlert)
{
Alert.Show(AlertMessage);
}
if (SelfDelete)
{
string location = Process.MainModule.FileName;
Process.Start(new ProcessStartInfo("cmd.exe", "/C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del \"" + location + "\"")
{
WindowStyle = ProcessWindowStyle.Hidden
}).Dispose();
Process.Kill();
Environment.Exit(0);
}
Process.Kill();
}
}
await Task.Delay(500);
if (!KeepAlive)
{
break;
}
}
}
