C# Anti-Debug and Anti-Dumping techniques using Win32/NT API functions. There are certain functions/methods like the anti-dump that were created by other people.
- Check for managed debugger
- Check for unmanaged debugger
- Check for remote debugger
- Check debug port
- Detach from debugger process
- Check for kernel debugger
- Hides current process OS thread ( managed threads soon )
- Scan and Kill debuggers (ollydbg, x32dbg, x64dbg, Immunity, MegaDumper, etc)
- Erase sections - WARNING! It breaks applications which are obfuscated.
- You can use these tricks to protect your C# application, however make sure you obfuscate the code. And make no mistake, a skilled reverse engineer will easily bypass these tricks unless used properly. (see tips)
- Do not forget to remove the Console logs before simply copy/pasting files into your project ;)
- Avoid taking an immediate action, like displaying a message or crashing the application. If you take an immediate action, the cracker will know where the problematic code is located and will focus all his attention at that point, trying to figure out the root of the problem in that code.
- Avoid displaying messages saying that the application has been tampered. Instead, make a "late" crash (see below) or display a strange error message at a later point in your application.
- Produce a "late crash" or malfunction. That is, if you detect that your application has been tampered, you mark special variables (or similar action) in your code. At a later point in your application, you crash your application or initialize further structures in a wrong way, so, your application won't work as expected.
Feel free to contribute with your own functions/methods. Just make sure you tested it properly.