(C++) Integrity dynamic link library made in C++ that you can export to C#

Related tags

Miscellaneous C-Integrity-Library
Overview

C-Integrity-Library

(C++) Integrity dynamic link library made in C++ that can export to C#

C# Exports

[DllImport("Exports.dll")]
public static extern bool DebuggerPresent_1();
[DllImport("Exports.dll")]
public static extern bool DebuggerPresent_2();
[DllImport("Exports.dll")]
public static extern bool DebuggerPresent_3();
[DllImport("Exports.dll")]
public static extern bool DebuggerPresent_4();
[DllImport("Exports.dll")]
public static extern int GetProcessIntegrityHash();
[DllImport("Exports.dll")]
public static extern void OverwriteLoadLibraries(bool TerminateOnInjection);
[DllImport("Exports.dll")]
public static extern void DebuggerBreaker();
[DllImport("Exports.dll")]
public static extern void AttatchDebugger(UInt32 ProcessID);
[DllImport("Exports.dll")]
public static extern void DetatchDebugger(UInt32 ProcessID);

C++ Functions

DebuggerPresent_1 Return Type: bool
Description: Returns IsDebuggerPresent()
DebuggerPresent_2 Return Type: bool
Description: Returns the out value of argument 2 from CheckRemoteDebuggerPresent
DebuggerPresent_3 Return Type: bool
Description: Returns the offset 2h of the PEB using C++ assembly inlining
DebuggerPresent_4 Return Type: bool
Description: Returns true if the program throws an exception when trying to close an invalid handle
GetProcessIntegrityHash Return Type: int
Description: Returns the summed value of all enumerated DLL optional header checksums in the process
OverwriteLoadLibraries Return Type: void
Description: Overwrites LoadLibraryExW and LoadLibraryExA effectively making the average injector useless
Paramaters: bool TerminateOnInjection
DebuggerBreaker Return Type: void
Description: Sets a breakpoint for any active debugger
GetHandlesCount Return Type: int
Description: Returns the number of handles to the application

Usage Pseudocode

print(DebuggerPresent_1()) -- true/false
print(DebuggerPresent_2()) -- true/false
print(DebuggerPresent_3()) -- true/false
print(DebuggerPresent_4()) -- true/false
 
OverwriteLoadLibraries(true) -- overwrites LoadLibraryExW and LoadLibraryExA

while true do 
    DebuggerBreaker() -- sets looping annoying breakpoint
    
    integrityHash = GetProcessIntegrityHash() -- set integrity hash
    handleCount = GetHandlesCount(); -- set handlecount
 
    Sleep(1000) -- 100-1000ms works well
    
    if integrityHash != GetProcessIntegrityHash() then -- verify integrity hash 1 second ago matches current integrity hash
        print("Tamper Detected")
    end
    
    if handleCount != GetHandlesCount() then -- verifies no new handles have been opened to the process
        print("Tamper Detected")
    end
    
    -- please note that checking the handle count in a faster loop would be better but this is psuedocode
end

Todo

  • Add More Debugger Present Checks
  • Detail The C++ Code
  • DLL Integrity Check
  • Find More Debug Detection Methods
  • Find New Ways To Break Debuggers
  • Function Integrity Checks
  • VirtualProtect attack protections
  • Fix Termination Assembly
  • VM Detection
You might also like...
The pico can be used to program other devices. Raspberry pi made such an effort. However there is no board yet, that is open-source and can be used with OpenOCD as a general-purpose programmer
The pico can be used to program other devices. Raspberry pi made such an effort. However there is no board yet, that is open-source and can be used with OpenOCD as a general-purpose programmer

pico-probe-programmer The pico can be used to program other devices. Raspberry pi made such an effort. However there is no board yet, that is open-sou

martijn 22 Oct 15, 2022
An embedded CAN bus sniffer which is able to monitor any of the vehicle internal CAN bus and perform some action by triggering new CAN messages.
An embedded CAN bus sniffer which is able to monitor any of the vehicle internal CAN bus and perform some action by triggering new CAN messages.

An embedded CAN bus sniffer which is able to monitor any of the vehicle internal CAN bus and perform some action by triggering new CAN messages. In this way certain vehicle functionality can be triggered by responding to custom steering wheel button events, or use the vehicle virtual cockpit to display OBD-PIDs values instead of relying on an external display to present new information to the user

null 18 Dec 28, 2022
Some hypervisor research notes. There is also a useful exploit template that you can use to verify / falsify any assumptions you may make while auditing code, and for exploit development.

Introduction Over the past few weeks, I've been doing some hypervisor research here and there, with most of my focus being on PCI device emulation cod

Faith 130 Nov 18, 2022
A gdnative plugin for Godot's UWP export to add xbox live integration

GodotXbox Current instructions for setting up DLL, steps to setup project for contributing/modifying are coming soon. It should be noted that Godot's

Cregg Hancock 37 Oct 31, 2022
📃 Export WeChat chat histories to HTML files.
📃 Export WeChat chat histories to HTML files.

wechat-export Export WeChat chat histories to HTML files. Preview This script generates a HTML file for each contact's chat history. Currently it supp

Zihua Li 607 Dec 15, 2022
Pure Data patch export to lv2 plugin using heavy compiler + dpf example
Pure Data patch export to lv2 plugin using heavy compiler + dpf example

Pure Data patch export to lv2 plugin using heavy compiler + dpf example Work in progress - Takes an audio input and writes to a 0.5 seconds buffers. 4

Qwrtst 3 Dec 27, 2022
Get air quality & CO2 data from SM300D2 & Senseair S8 with ESP32, and export as OpenMetrics (Prometheus exporter) via WiFi.

ESP Air Sensor Get air quality & CO2 data from SM300D2 & Senseair S8 with ESP32, and export as OpenMetrics (Prometheus exporter) via WiFi. I used to h

Shell Chen 4 Feb 6, 2022
A blender import/export system for Defold

defold-blender-export A blender import/export system for Defold Setup Notes There are no exhaustive documents for this tool yet. Its just not complete

David Lannan 27 Dec 30, 2022
a convergence of ideas. read-only fossil export

MNOLTH A convergence of ideas. Mnolth is the core environment I use for composing computer music, as well as the multimedia that occasionally accomp

Paul Batchelor 4 Apr 18, 2022
Releases(v1.1)
Owner
👋 16 year old reverse engineer learning C++ and C#. Please note when viewing my contributions, most of my repositories are private.
null
GitHub
Collection of DLL function export forwards for DLL export function proxying

dll-exports Collection of DLL function export forwards for DLL export function proxying. Typical usecase is for backdooring applications for persisten

Magnus Stubman 58 Dec 6, 2022
🎮 Plants vs. Zombies multiplayer battle, developed via reverse engineering, inline hook and dynamic-link library injection. Two online players defend and attack as the plant side and zombie side respectively.

Plants vs. Zombies Online Battle This project has two original repositories: https://github.com/czs108/Plants-vs.-Zombies-Online-Battle https://github

Liugw 71 Oct 14, 2021
The dynamic-link-library of DiscordCoreAPI.

The dynamic-link-library of DiscordCoreAPI.

RealTimeChris 3 Feb 8, 2022
Had a tough time playing Microsoft Wordament ? Well WORDament_Solver has your back. It suggests you meaningful words you can use while playing the game and help you top the leaderboard.

WORDament_Solver Had a tough time playing Microsoft Wordament ? Well WORDament_Solver has your back. It suggests you meaningful words you can use whil

Tushar Agarwal 3 Aug 19, 2021
Unix pager (with very rich functionality) designed for work with tables. Designed for PostgreSQL, but MySQL is supported too. Works well with pgcli too. Can be used as CSV or TSV viewer too. It supports searching, selecting rows, columns, or block and export selected area to clipboard.

Unix pager (with very rich functionality) designed for work with tables. Designed for PostgreSQL, but MySQL is supported too. Works well with pgcli too. Can be used as CSV or TSV viewer too. It supports searching, selecting rows, columns, or block and export selected area to clipboard.

Pavel Stehule 1.9k Jan 4, 2023
Ios-malicious-bithunter - iOS Malicious Bit Hunter is a malicious plug-in detection engine for iOS applications. It can analyze the head of the macho file of the injected dylib dynamic library based on runtime. If you are interested in other programs of the author, please visit https://github.com/SecurityLife

iOS Malicious Bit Hunter Abstract iOS Malicious Bit Hunter is a malicious plug-in detection engine for iOS applications. It can analyze the head of th

Alipay 70 Sep 12, 2022
osu!auth integrity check bypass

Note This is for research purposes only! I'm releasing this to help improve osu's anticheat solution. if you'd like to contact me, please do so on dis

hoshikuzu 10 Oct 26, 2021
Auto updating integrity check bypass for Roblox

auto-updating-memcheck Auto updating integrity check bypass for Roblox Before you use Put the "zylib" folder in your include directory Place the "util

Jayden 7 Nov 4, 2022
A small prototype for a Nano & Banano ATM. Payouts in physical euro coins, made with ESP32 and Lego bricks. Link to reddit post: https://www.reddit.com/r/nanocurrency/comments/pssu65/i_built_a_prototype_for_a_nano_banano_atm_payouts

ESP32 NANO & BANANO ATM A small prototype for a Nano & Banano ATM. Payouts in physical euro coins, made with ESP32 and Lego bricks. Link to reddit pos

null 3 Jan 19, 2022
The Express LRS Handset project is first and foremost an experimental test bed for pushing the envelope with what can be done with the ELRS radio link

The Express LRS Handset project is first and foremost an experimental test bed for pushing the envelope with what can be done with the ELRS radio link

ExpressLRS 25 Dec 10, 2022