├── AntiDebug ├── CheckBlacklistedWindowsNames.py ├── CheckInternetConnection.py ├── ComputerUptime.py ├── IsDebuggerPresent.py ├── KillBadProcesses.py ├── ParentAntiDebug.py └── RemoteDebugger.py ├── AntiVirtulization ├── KVMCheck.py ├── MonitorMetrics.py ├── ParallelsCheck.py ├── QEMUCheck.py ├── RecentFileActivity.py ├── TriageCheck.py ├── USBCheck.py ├── UsernameCheck.py ├── VMArtifacts.py ├── VMWareDetection.py └── VirtualboxDetection.py ├── CriticalProcess └── SetProcessIsCritical.py ├── LICENSE ├── PyDefender.png ├── README.md └── main.py /AntiDebug/CheckBlacklistedWindowsNames.py: -------------------------------------------------------------------------------- 1 | import ctypes 2 | 3 | def CheckTitles(): 4 | user32 = ctypes.windll.user32 5 | EnumWindows = user32.EnumWindows 6 | EnumWindowsProc = ctypes.WINFUNCTYPE(ctypes.c_bool, ctypes.POINTER(ctypes.c_int), ctypes.POINTER(ctypes.c_int)) 7 | GetWindowText = user32.GetWindowTextW 8 | GetWindowTextLength = user32.GetWindowTextLengthW 9 | IsWindowVisible = user32.IsWindowVisible 10 | 11 | forbidden_titles = { 12 | "proxifier", "graywolf", "extremedumper", "zed", "exeinfope", "dnspy", 13 | "titanHide", "ilspy", "titanhide", "x32dbg", "codecracker", "simpleassembly", 14 | "process hacker 2", "pc-ret", "http debugger", "Centos", "process monitor", 15 | "debug", "ILSpy", "reverse", "simpleassemblyexplorer", "process", "de4dotmodded", 16 | "dojandqwklndoqwd-x86", "sharpod", "folderchangesview", "fiddler", "die", "pizza", 17 | "crack", "strongod", "ida -", "brute", "dump", "StringDecryptor", "wireshark", 18 | "debugger", "httpdebugger", "gdb", "kdb", "x64_dbg", "windbg", "x64netdumper", 19 | "petools", "scyllahide", "megadumper", "reversal", "ksdumper v1.1 - by equifox", 20 | "dbgclr", "HxD", "monitor", "peek", "ollydbg", "ksdumper", "http", "wpe pro", "dbg", 21 | "httpanalyzer", "httpdebug", "PhantOm", "kgdb", "james", "x32_dbg", "proxy", "phantom", 22 | "mdbg", "WPE PRO", "system explorer", "de4dot", "X64NetDumper", "protection_id", 23 | "charles", "systemexplorer", "pepper", "hxd", "procmon64", "MegaDumper", "ghidra", "xd", 24 | "0harmony", "dojandqwklndoqwd", "hacker", "process hacker", "SAE", "mdb", "checker", 25 | "harmony", "Protection_ID", "PETools", "scyllaHide", "x96dbg", "systemexplorerservice", 26 | "folder", "mitmproxy", "dbx", "sniffer", "Process Hacker", "Process Explorer", 27 | "Sysinternals", "www.sysinternals.com", "binary ninja" 28 | } 29 | 30 | 31 | def foreach_window(hwnd, lParam): 32 | length = GetWindowTextLength(hwnd) 33 | buff = ctypes.create_unicode_buffer(length + 1) 34 | GetWindowText(hwnd, buff, length + 1) 35 | title = buff.value 36 | 37 | if IsWindowVisible(hwnd) and title.lower() in forbidden_titles: 38 | return True 39 | return False 40 | 41 | found_forbidden = EnumWindows(EnumWindowsProc(foreach_window), 0) 42 | return found_forbidden 43 | -------------------------------------------------------------------------------- /AntiDebug/CheckInternetConnection.py: -------------------------------------------------------------------------------- 1 | import socket 2 | 3 | def check_connection(): 4 | try: 5 | socket.create_connection(("google.com", 80), timeout=5) 6 | return True, None 7 | except socket.error as ex: 8 | error_message = f"Error checking internet connection: {ex}" 9 | print(f"[DEBUG] {error_message}") 10 | return False, Exception(error_message) -------------------------------------------------------------------------------- /AntiDebug/ComputerUptime.py: -------------------------------------------------------------------------------- 1 | import ctypes 2 | 3 | kernel32 = ctypes.windll.kernel32 4 | getTickCount = kernel32.GetTickCount 5 | getTickCount.restype = ctypes.c_ulong 6 | 7 | def GetUptimeInSeconds(): 8 | uptime = getTickCount() 9 | return int(uptime / 1000) 10 | 11 | def CheckUptime(durationInSeconds): 12 | uptime = GetUptimeInSeconds() 13 | if uptime < durationInSeconds: 14 | return True, None 15 | else: 16 | return False, None 17 | -------------------------------------------------------------------------------- /AntiDebug/IsDebuggerPresent.py: -------------------------------------------------------------------------------- 1 | import ctypes 2 | 3 | kernel32 = ctypes.windll.kernel32 4 | 5 | def is_debugger_present(): 6 | return kernel32.IsDebuggerPresent() != 0 -------------------------------------------------------------------------------- /AntiDebug/KillBadProcesses.py: -------------------------------------------------------------------------------- 1 | import subprocess 2 | 3 | def KillBadProcesses(): 4 | processes_to_kill = [ 5 | "taskmgr.exe", "process.exe", "processhacker.exe", "ksdumper.exe", "fiddler.exe", 6 | "httpdebuggerui.exe", "wireshark.exe", "httpanalyzerv7.exe", "fiddler.exe", "decoder.exe", 7 | "regedit.exe", "procexp.exe", "dnspy.exe", "vboxservice.exe", "burpsuit.exe", 8 | "DbgX.Shell.exe", "ILSpy.exe", "ollydbg.exe", "x32dbg.exe", "x64dbg.exe", "gdb.exe", 9 | "idaq.exe", "idag.exe", "idaw.exe", "ida64.exe", "idag64.exe", "idaw64.exe", 10 | "idaq64.exe", "windbg.exe", "ollydbg.exe", "immunitydebugger.exe", "windasm.exe" 11 | ] 12 | 13 | for process in processes_to_kill: 14 | subprocess.run(["taskkill", "/F", "/IM", process], stdout=subprocess.PIPE, stderr=subprocess.PIPE) -------------------------------------------------------------------------------- /AntiDebug/ParentAntiDebug.py: -------------------------------------------------------------------------------- 1 | import ctypes,os,pathlib,sys 2 | 3 | PROCESS_QUERY_INFORMATION = 0x0400 4 | MAX_PATH = 260 5 | 6 | class PROCESS_BASIC_INFORMATION(ctypes.Structure): 7 | _fields_ = [ 8 | ("Reserved1", ctypes.c_void_p), 9 | ("PebBaseAddress", ctypes.c_void_p), 10 | ("Reserved2", ctypes.c_void_p * 2), 11 | ("UniqueProcessId", ctypes.c_ulong), 12 | ("InheritedFromUniqueProcessId", ctypes.c_void_p) 13 | ] 14 | 15 | ntdll = ctypes.WinDLL("ntdll.dll") 16 | ntquery = ntdll.NtQueryInformationProcess 17 | ntquery.argtypes = [ctypes.c_void_p, ctypes.c_uint32, ctypes.POINTER(PROCESS_BASIC_INFORMATION), ctypes.c_uint32, ctypes.POINTER(ctypes.c_uint32)] 18 | 19 | def NtQueryProc(handle, class_type): 20 | proc_basic_info = PROCESS_BASIC_INFORMATION() 21 | return_length = ctypes.c_uint32() 22 | status = ntquery(handle, class_type, ctypes.byref(proc_basic_info), ctypes.sizeof(proc_basic_info), ctypes.byref(return_length)) 23 | if status != 0x0: 24 | raise ctypes.WinError(ctypes.get_last_error()) 25 | return proc_basic_info 26 | 27 | def QueryImageName(handle): 28 | name_buffer = ctypes.create_unicode_buffer(MAX_PATH) 29 | size = ctypes.c_uint32(MAX_PATH) 30 | if not ctypes.windll.kernel32.QueryFullProcessImageNameW(handle, 0, name_buffer, ctypes.byref(size)): 31 | raise ctypes.WinError(ctypes.get_last_error()) 32 | return name_buffer.value 33 | 34 | def CurrentProcName(): 35 | return pathlib.Path(os.path.abspath(sys.argv[0])).name 36 | 37 | def ParentAntiDebug(): 38 | try: 39 | current_process = ctypes.windll.kernel32.GetCurrentProcess() 40 | proc_info = NtQueryProc(current_process, 0) 41 | parent_process = ctypes.windll.kernel32.OpenProcess(PROCESS_QUERY_INFORMATION, False, proc_info.InheritedFromUniqueProcessId) 42 | if not parent_process: 43 | raise ctypes.WinError(ctypes.get_last_error()) 44 | parent_process_name = QueryImageName(parent_process) 45 | ctypes.windll.kernel32.CloseHandle(parent_process) 46 | if not (parent_process_name.endswith("explorer.exe") or parent_process_name.endswith("cmd.exe")): 47 | return True 48 | else: 49 | return False 50 | except Exception as e: 51 | print(f"Error: {e}") 52 | return False -------------------------------------------------------------------------------- /AntiDebug/RemoteDebugger.py: -------------------------------------------------------------------------------- 1 | import ctypes 2 | 3 | kernel32 = ctypes.windll.kernel32 4 | 5 | def CheckRemoteDebugger(): 6 | process_handle = kernel32.GetCurrentProcess() 7 | is_debugger_detected = ctypes.c_int(0) 8 | kernel32.CheckRemoteDebuggerPresent(process_handle, ctypes.byref(is_debugger_detected)) 9 | return is_debugger_detected.value != 0 -------------------------------------------------------------------------------- /AntiVirtulization/KVMCheck.py: -------------------------------------------------------------------------------- 1 | import os 2 | import glob 3 | 4 | def CheckForKVM(): 5 | bad_drivers_list = ["balloon.sys", "netkvm.sys", "vioinput*", "viofs.sys", "vioser.sys"] 6 | system32_folder = os.path.join(os.getenv("SystemRoot", ""), "System32") 7 | 8 | for driver in bad_drivers_list: 9 | files = glob.glob(os.path.join(system32_folder, driver)) 10 | if files: 11 | return True, None 12 | 13 | return False, None 14 | -------------------------------------------------------------------------------- /AntiVirtulization/MonitorMetrics.py: -------------------------------------------------------------------------------- 1 | import ctypes 2 | 3 | def IsScreenSmall(): 4 | try: 5 | user32 = ctypes.windll.user32 6 | width = user32.GetSystemMetrics(0) 7 | height = user32.GetSystemMetrics(1) 8 | 9 | is_small = width < 800 or height < 600 10 | return is_small, None 11 | except Exception as e: 12 | return False, f"Error checking screen size: {e}" 13 | -------------------------------------------------------------------------------- /AntiVirtulization/ParallelsCheck.py: -------------------------------------------------------------------------------- 1 | import os 2 | import glob 3 | 4 | def CheckForParallels(): 5 | parallels_drivers = ["prl_sf", "prl_tg", "prl_eth"] 6 | sys32_folder = os.path.join(os.getenv("SystemRoot", ""), "System32") 7 | 8 | try: 9 | files = os.listdir(sys32_folder) 10 | for file in files: 11 | for driver in parallels_drivers: 12 | if driver in file.lower(): 13 | return True, None 14 | except Exception as e: 15 | return False, f"Error accessing System32 directory: {e}" 16 | 17 | return False, None 18 | -------------------------------------------------------------------------------- /AntiVirtulization/QEMUCheck.py: -------------------------------------------------------------------------------- 1 | import os 2 | 3 | def CheckForQEMU(): 4 | qemu_drivers = ["qemu-ga", "qemuwmi"] 5 | sys32 = os.path.join(os.getenv("SystemRoot", ""), "System32") 6 | 7 | try: 8 | detected_drivers = [] 9 | files = os.listdir(sys32) 10 | for file in files: 11 | for driver in qemu_drivers: 12 | if driver in file.lower(): 13 | detected_drivers.append(driver) 14 | if detected_drivers: 15 | return True, detected_drivers 16 | else: 17 | return False, None 18 | except Exception as e: 19 | return False, f"Error accessing System32 directory: {e}" 20 | 21 | return False, None 22 | -------------------------------------------------------------------------------- /AntiVirtulization/RecentFileActivity.py: -------------------------------------------------------------------------------- 1 | import os 2 | 3 | def RecentFileActivityCheck(): 4 | try: 5 | recdir = os.path.join(os.getenv('APPDATA'), 'microsoft', 'windows', 'recent') 6 | files = os.listdir(recdir) 7 | if len(files) < 20: 8 | return True, None 9 | except Exception as e: 10 | return False, f"Debug Check: Error reading recent file activity directory: {e}" 11 | 12 | return False, None 13 | -------------------------------------------------------------------------------- /AntiVirtulization/TriageCheck.py: -------------------------------------------------------------------------------- 1 | import subprocess 2 | 3 | def TriageCheck(): 4 | try: 5 | result = subprocess.check_output(['wmic', 'diskdrive', 'get', 'model'], text=True) 6 | if "DADY HARDDISK" in result or "QEMU HARDDISK" in result: 7 | return True 8 | except subprocess.CalledProcessError as e: 9 | print(f"Error running wmic command: {e}") 10 | return False 11 | 12 | return False 13 | -------------------------------------------------------------------------------- /AntiVirtulization/USBCheck.py: -------------------------------------------------------------------------------- 1 | import subprocess 2 | 3 | def PluggedIn(): 4 | try: 5 | usbcheckcmd = subprocess.Popen(['reg', 'query', 'HKLM\\SYSTEM\\ControlSet001\\Enum\\USBSTOR'], stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE) 6 | outputusb, err = usbcheckcmd.communicate() 7 | if err: 8 | return False 9 | 10 | usblines = outputusb.decode('utf-8').split("\n") 11 | pluggedusb = 0 12 | for line in usblines: 13 | if line.strip().startswith("HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Enum\\USBSTOR"): 14 | pluggedusb += 1 15 | 16 | if pluggedusb > 0: 17 | return True 18 | else: 19 | return False 20 | 21 | except Exception as e: 22 | print(f"Debug Check: Error running reg query command: {e}") 23 | return False 24 | -------------------------------------------------------------------------------- /AntiVirtulization/UsernameCheck.py: -------------------------------------------------------------------------------- 1 | import os 2 | 3 | def CheckForBlacklistedNames(): 4 | blacklisted_names = ["johnson", "miller", "malware", "maltest", "currentuser", "sandbox", "virus", "john doe", "test user", "sand box", "wdagutilityaccount"] 5 | current_username = os.getenv("USERNAME", "").lower() 6 | 7 | if current_username in blacklisted_names: 8 | return True 9 | else: 10 | return False 11 | -------------------------------------------------------------------------------- /AntiVirtulization/VMArtifacts.py: -------------------------------------------------------------------------------- 1 | import os 2 | import glob 3 | 4 | def VMArtifactsDetect(): 5 | bad_file_names = ["VBoxMouse.sys", "VBoxGuest.sys", "VBoxSF.sys", "VBoxVideo.sys", "vmmouse.sys", "vboxogl.dll"] 6 | bad_dirs = [r'C:\Program Files\VMware', r'C:\Program Files\oracle\virtualbox guest additions'] 7 | 8 | system32_folder = os.getenv("SystemRoot", "") + r'\System32' 9 | try: 10 | files = glob.glob(os.path.join(system32_folder, "*")) 11 | except Exception as e: 12 | print(f"Error accessing System32 folder: {e}") 13 | return False 14 | 15 | badfileslower = [name.lower() for name in bad_file_names] 16 | 17 | for file_path in files: 18 | file_name = os.path.basename(file_path).lower() 19 | if file_name in badfileslower: 20 | return True 21 | 22 | bad_dirs_lower = [dir.lower() for dir in bad_dirs] 23 | 24 | for bad_dir in bad_dirs_lower: 25 | if os.path.exists(bad_dir): 26 | return True 27 | 28 | return False 29 | -------------------------------------------------------------------------------- /AntiVirtulization/VMWareDetection.py: -------------------------------------------------------------------------------- 1 | import subprocess 2 | 3 | def GraphicsCardCheck(): 4 | try: 5 | cmd = subprocess.Popen(['wmic', 'path', 'win32_VideoController', 'get', 'name'], stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True) 6 | gpu_output, err = cmd.communicate() 7 | 8 | if err: 9 | print(f"Error executing command: {err.decode('utf-8').strip()}") 10 | return False 11 | 12 | if b"vmware" in gpu_output.lower(): 13 | return True 14 | else: 15 | return False 16 | 17 | except Exception as e: 18 | print(f"Error in GraphicsCardCheck: {e}") 19 | return False 20 | -------------------------------------------------------------------------------- /AntiVirtulization/VirtualboxDetection.py: -------------------------------------------------------------------------------- 1 | import subprocess 2 | 3 | def GraphicsCardCheck(): 4 | try: 5 | cmd = subprocess.Popen(['wmic', 'path', 'win32_VideoController', 'get', 'name'], stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True) 6 | gpu_output, err = cmd.communicate() 7 | 8 | if err: 9 | print(f"Error executing command: {err.decode('utf-8').strip()}") 10 | return False 11 | 12 | if b"virtualbox" in gpu_output.lower(): 13 | return True 14 | else: 15 | return False 16 | 17 | except Exception as e: 18 | print(f"Error in GraphicsCardCheck: {e}") 19 | return False 20 | -------------------------------------------------------------------------------- /CriticalProcess/SetProcessIsCritical.py: -------------------------------------------------------------------------------- 1 | import ctypes 2 | 3 | def set_process_critical(): 4 | is_admin = ctypes.windll.shell32.IsUserAnAdmin() != 0 5 | if is_admin == True: 6 | ctypes.windll.ntdll.RtlAdjustPrivilege(20, 1, 0, ctypes.byref(ctypes.c_bool())) 7 | ctypes.windll.ntdll.RtlSetProcessIsCritical(1, 0, 0) == 0 8 | return True 9 | else: 10 | return False -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2025 EvilBytecode 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to use the Software for educational and authorized cybersecurity research purposes only, subject to the following conditions: 7 | 8 | The above copyright notice, this permission notice, and the following disclaimer shall be included in all copies or substantial portions of the Software. 9 | 10 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 11 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS (INCLUDING EvilBytecode) BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, 12 | WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE, COPYING, DOWNLOADING, OR OTHER DEALINGS IN THE SOFTWARE. 13 | 14 | DISCLAIMER: I, EvilBytecode, release this project strictly for educational, academic, and authorized cybersecurity research purposes. 15 | By accessing, downloading, copying, using, or modifying this software, you agree to these terms. 16 | You must obtain explicit written permission from system owners before conducting any testing using this software. 17 | Unauthorized use, distribution, or deployment of this software against any third party, device, network, or system without prior consent is strictly forbidden and illegal. 18 | I, EvilBytecode, disclaim all responsibility, liability, or consequences arising from any misuse, illegal activities, damages, or losses resulting from this software. -------------------------------------------------------------------------------- /PyDefender.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/PyDefender/0ff55e77f8d5904fd4dbf2301fb227c3ec0a6f06/PyDefender.png -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # PyDefender 2 | ## Telegram: 3 | - https://t.me/ebytelabs 4 | - This Python code provides functionality to detect and defend against various forms of debugging tools and virtualization environments. 5 | 6 | ![PyDefender](PyDefender.png) 7 | 8 | ### Anti-Virtualization 9 | 10 | - **Triage Detection**: Detects if the system is running in a triage or analysis environment. 11 | - **Monitor Metrics**: Monitors system metrics to identify abnormal behavior indicative of virtualization. 12 | - **VirtualBox Detection**: Detects the presence of Oracle VirtualBox. 13 | - **VMware Detection**: Detects the presence of VMware virtualization software. 14 | - **KVM Check**: Checks for Kernel-based Virtual Machine (KVM) hypervisor. 15 | - **Username Check**: Verifies if the current user is a default virtualization user. 16 | - **Recent User Activity**: Checks user activity; if there are fewer than 20 files, it exits. 17 | - **USB Mount**: Checks if a USB was ever plugged into the computer before. 18 | - **QEMU Detection**: Identifies the presence of QEMU virtualization. 19 | - **Parallels Check**: Detects the use of Parallels virtualization software. 20 | - **VM Artifacts**: Searches for common artifacts indicating a virtual machine environment. 21 | 22 | ### Anti-Debug 23 | 24 | - **IsDebuggerPresent**: Checks if a debugger is currently attached to the process. 25 | - **Remote Debugger**: Detects if a remote debugger is connected to the process. 26 | - **PC Uptime**: Monitors system uptime to detect debugging attempts based on system restarts. 27 | - **Check Blacklisted Windows Names**: Verifies if the process name matches any blacklisted names commonly used by debuggers. 28 | - **Running Processes**: Retrieves a list of running processes and identifies potential malicious ones. 29 | - **Parent Anti-Debug**: Detects if the parent process is attempting to debug the current process. 30 | - **Kill Bad Processes**: Terminates known malicious processes detected on the system. 31 | - **Internet Connection Check**: Checks if an internet connection is present. 32 | 33 | ### Process 34 | - **Critical Process**: Sets Process as critical 35 | 36 | ### Quick Nutshell 37 | - PyDefender provides comprehensive anti-virtualization and anti-debugging measures to enhance program security by detecting and countering various forms of virtualization and debugging activities. 38 | 39 | 40 | ## License 41 | This project is licensed under the MIT License. See the LICENSE file for details. 42 | -------------------------------------------------------------------------------- /main.py: -------------------------------------------------------------------------------- 1 | ## ANTI DEBUGGING 2 | from AntiDebug.CheckBlacklistedWindowsNames import CheckTitles 3 | from AntiDebug.CheckInternetConnection import check_connection 4 | from AntiDebug.IsDebuggerPresent import is_debugger_present 5 | from AntiDebug.RemoteDebugger import CheckRemoteDebugger 6 | from AntiDebug.KillBadProcesses import KillBadProcesses 7 | from AntiDebug.ParentAntiDebug import ParentAntiDebug 8 | from AntiDebug.ComputerUptime import CheckUptime 9 | ## ANTI VIRTULIZATION 10 | from AntiVirtulization.TriageCheck import TriageCheck 11 | from AntiVirtulization.USBCheck import PluggedIn 12 | from AntiVirtulization.UsernameCheck import CheckForBlacklistedNames 13 | from AntiVirtulization.VMArtifacts import VMArtifactsDetect 14 | from AntiVirtulization.VMWareDetection import GraphicsCardCheck as VMWareGraphicsCardCheck 15 | from AntiVirtulization.VirtualboxDetection import GraphicsCardCheck as VirtualboxGraphicsCardCheck 16 | from AntiVirtulization.QEMUCheck import CheckForQEMU 17 | from AntiVirtulization.ParallelsCheck import CheckForParallels 18 | from AntiVirtulization.MonitorMetrics import IsScreenSmall 19 | from AntiVirtulization.KVMCheck import CheckForKVM 20 | from AntiVirtulization.RecentFileActivity import RecentFileActivityCheck 21 | 22 | ## Program Utilities 23 | from CriticalProcess.SetProcessIsCritical import set_process_critical 24 | 25 | def main(): 26 | ## ANTI VIRTULIZATION CHECKS ARE BELOW 27 | triage_result = TriageCheck() 28 | if triage_result: 29 | print("[DEBUG CHECK] Triage was detected") 30 | else: 31 | print("[DEBUG CHECK] Triage Wasnt Detected.") 32 | 33 | rec_file_result, _ = RecentFileActivityCheck() 34 | if rec_file_result: 35 | print("[DEBUG CHECK] Recent File Activity was detected.") 36 | else: 37 | print("[DEBUG CHECK] No recent file activity detected.") 38 | 39 | usb_result = PluggedIn() 40 | if usb_result: 41 | print("[DEBUG CHECK] USB devices were plugged in.") 42 | else: 43 | print("[DEBUG CHECK] No USB devices were plugged in.") 44 | 45 | username_result = CheckForBlacklistedNames() 46 | if username_result: 47 | print("[DEBUG CHECK] Current username is blacklisted.") 48 | else: 49 | print("[DEBUG CHECK] Current username is not blacklisted.") 50 | 51 | vm_result = VMArtifactsDetect() 52 | if vm_result: 53 | print("[DEBUG CHECK] VM artifacts detected.") 54 | else: 55 | print("[DEBUG CHECK] No VM artifacts detected.") 56 | 57 | vmware_result = VMWareGraphicsCardCheck() 58 | if vmware_result: 59 | print("[DEBUG CHECK] VMware graphics card detected.") 60 | else: 61 | print("[DEBUG CHECK] No VMware graphics card detected.") 62 | 63 | virtualbox_result = VirtualboxGraphicsCardCheck() 64 | if virtualbox_result: 65 | print("[DEBUG CHECK] VirtualBox graphics card detected.") 66 | else: 67 | print("[DEBUG CHECK] No VirtualBox graphics card detected.") 68 | 69 | qemu_result, qemu_drivers = CheckForQEMU() 70 | if qemu_result: 71 | print(f"[DEBUG CHECK] QEMU components detected: {', '.join(qemu_drivers)}") 72 | else: 73 | print("[DEBUG CHECK] No QEMU components detected.") 74 | 75 | parallels_result, _ = CheckForParallels() 76 | if parallels_result: 77 | print("[DEBUG CHECK] Parallels components detected.") 78 | else: 79 | print("[DEBUG CHECK] No Parallels components detected.") 80 | 81 | screen_small_result, _ = IsScreenSmall() 82 | if screen_small_result: 83 | print("[DEBUG CHECK] Screen size is considered small.") 84 | else: 85 | print("[DEBUG CHECK] Screen size is not considered small.") 86 | 87 | kvm_result, _ = CheckForKVM() 88 | if kvm_result: 89 | print("[DEBUG CHECK] KVM components detected.") 90 | else: 91 | print("[DEBUG CHECK] No KVM components detected.") 92 | 93 | if set_process_critical(): 94 | print("[DEBUG CHECK] Process set as critical.") 95 | else: 96 | print("[DEBUG CHECK] Failed to set process as critical, admin permissions arent present.") 97 | 98 | 99 | 100 | 101 | # ANTI DEBUGGING TECHNIQUES ARE BELOW 102 | if CheckTitles(): # Call CheckTitles directly 103 | print("[DEBUG CHECK] Blacklisted Windows Name detected.") 104 | else: 105 | print("[DEBUG CHECK] No Presence Of Blacklisted Window Name.") 106 | 107 | connected, error = check_connection() 108 | if connected: 109 | print("[DEBUG CHECK] Internet connection is available.") 110 | else: 111 | print(f"[DEBUG CHECK] Internet connection check failed. Error: {error}") 112 | 113 | if is_debugger_present(): 114 | print("[DEBUG CHECK] IsDebuggerPresent is present.") 115 | else: 116 | print("[DEBUG CHECK] IsDebuggerPresent is not present.") 117 | 118 | if CheckRemoteDebugger(): 119 | print("[DEBUG CHECK] RemoteDebugger is present.") 120 | else: 121 | print("[DEBUG CHECK] RemoteDebugger is not present.") 122 | 123 | 124 | if ParentAntiDebug(): 125 | print("[DEBUG CHECK] Parent process is not explorer.exe or cmd.exe") 126 | else: 127 | print("[DEBUG CHECK] Parent process is explorer.exe or cmd.exe") 128 | 129 | duration = 1200 # Check if uptime is less than 20 minutes (1200 seconds) 130 | is_less_than_duration, error = CheckUptime(duration) 131 | if error: 132 | print(f"[DEBUG CHECK] Error occurred: {error}") 133 | else: 134 | if is_less_than_duration: 135 | print(f"[DEBUG CHECK] System uptime is less than {duration} seconds.") 136 | else: 137 | print(f"[DEBUG CHECK] System uptime is equal to or greater than {duration} seconds.") 138 | 139 | KillBadProcesses() 140 | 141 | if __name__ == "__main__": 142 | main() 143 | input() --------------------------------------------------------------------------------