📄 antitrack.cpp
字号:
#include "AntiTrack.h"
#include <afxwin.h>
#include "Nb30.h"
/*
//启动检测代码
*/
//CAntiStartup theAnti;
//反调试
//
bool AntiDebug()
{
//normal DETECT
if(IsDebuggerPresent()){
exit(0);
}
HANDLE h;
//detect ICEDUMP
h=CreateFile("\\.\ICEDUMP",FILE_SHARE_READ/*GENERIC_READ*/,0,0,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0);
//0,0,0,CREATE_NEW,0,0);
if (h!=INVALID_HANDLE_VALUE){
exit(0);
}
//detect SoftICE
Anti_SoftICE();
//detect Reg and File
Anti_Spy();
//detect TRW
h=CreateFile("\\.\TRW",FILE_SHARE_READ/*GENERIC_READ*/,0,0,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0);
//0,0,0,CREATE_NEW,0,0);
if (h!=INVALID_HANDLE_VALUE){
exit(0);
}
h=CreateFile("\\.\TRWDEBUG",FILE_SHARE_READ/*GENERIC_READ*/,0,0,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0);
//0,0,0,CREATE_NEW,0,0);
if (h!=INVALID_HANDLE_VALUE){
exit(0);
}
h=CreateFile("\\.\W32Dasm",FILE_SHARE_READ/*GENERIC_READ*/,0,0,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0);
//0,0,0,CREATE_NEW,0,0);
if (h!=INVALID_HANDLE_VALUE){
exit(0);
}
Anti_DeDe();
return true;
}
inline void Anti_SoftICE()
{
HANDLE h;
//detect softice
h=CreateFile("\\\\.\\SICE",FILE_SHARE_READ/*GENERIC_READ*/,0,0,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0);
if (h!=INVALID_HANDLE_VALUE){
exit(0);
}
h=CreateFile("\\\\.\\SIWDEBUG",FILE_SHARE_READ/*GENERIC_READ*/,0,0,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0);
//0,0,0,CREATE_NEW,0,0);
if (h!=INVALID_HANDLE_VALUE){
exit(0);
}
h=CreateFile("\\\\.\\NTICE",FILE_SHARE_READ/*GENERIC_READ*/,0,0,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0);
//0,0,0,CREATE_NEW,0,0);
if (h!=INVALID_HANDLE_VALUE){
exit(0);
}
//in NT
h=CreateFile("\\\\.\\SICE",FILE_SHARE_READ/*GENERIC_READ*/,0,0,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0);
//0,0,0,CREATE_NEW,0,0);
if (h!=INVALID_HANDLE_VALUE){
exit(0);
}
//in NT
h=CreateFile("\\\\.\\SIWVID",FILE_SHARE_READ/*GENERIC_READ*/,0,0,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0);
//0,0,0,CREATE_NEW,0,0);
if (h!=INVALID_HANDLE_VALUE){
exit(0);
}
DetectSoftICEwithRegister();
//END DETECT SOFTICE
}
inline void Anti_Spy()
{
//detect REGMON in win2000/xp
HWND hWnd = FindWindow("RegmonClass",NULL);
if (hWnd)
exit(0);
hWnd = FindWindow(NULL,"Registry Monitor - Sysinternals: www.sysinternals.com");
if (hWnd)
exit(0);
HANDLE h;
//detect REGMON in win9x/NT
h=CreateFile("\\.\REGVXD",FILE_SHARE_READ/*GENERIC_READ*/,0,0,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0);
//0,0,0,CREATE_NEW,0,0);
if (h!=INVALID_HANDLE_VALUE){
exit(0);
}
//detect filemon in windows 9x/NT
h=CreateFile("\\.\FILEVXD",FILE_SHARE_READ/*GENERIC_READ*/,0,0,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0);
//0,0,0,CREATE_NEW,0,0);
if (h!=INVALID_HANDLE_VALUE){
exit(0);
}
//detect filemon in windows 2000/XP
hWnd = FindWindow(NULL,"File Monitor - Sysinternals: www.sysinternals.com");
if (hWnd)
exit(0);
//detect softsnoop in windows 9x/NT
h=CreateFile("\\.\[SoftSnoop 1.3]by yoda/f2f",FILE_SHARE_READ/*GENERIC_READ*/,0,0,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0);
//0,0,0,CREATE_NEW,0,0);
if (h!=INVALID_HANDLE_VALUE){
exit(0);
}
//detect Softsnoop in windows 2000/XP
hWnd = FindWindow(NULL,"[SoftSnoop 1.3]by yoda/f2f");
if (hWnd)
exit(0);
}
inline void Anti_DeDe()
{
HWND hWnd = FindWindow("DeDe",NULL);
if (hWnd)
exit(0);
HANDLE h;
//detect REGMON in win9x/NT
h=CreateFile("\\.\DeDe",FILE_SHARE_READ/*GENERIC_READ*/,0,0,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0);
//0,0,0,CREATE_NEW,0,0);
if (h!=INVALID_HANDLE_VALUE){
exit(0);
}
}
//使用寄存器检测SoftIC
inline void DetectSoftICEwithRegister()
{
__asm {
PUSHFD
or DWORD PTR[ESP],00000100
POPFD
}
}
bool DetectKernelModeDebug()
{
/*NTQUERYSYSTEMINFORMATION NtQuerySystemInformation;
__try
{
HMODULE hNtDll = LoadLibrary("NtDll.dll");
if (hNtDll == NULL)
{
LogFile("LoadLibrary Error: %d\n", GetLastError());
__leave;
}
NtQuerySystemInformation = (NTQUERYSYSTEMINFORMATION)GetProcAddress(hNtDll,"NtQuerySystemInformation");
if(NtQuerySystemInformation == NULL)
{
LogFile("GetProcAddress for NtQuerySystemInformation Error: %d\n", GetLastError());
__leave;
}
*/
return true;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -