├── AntiDebug.cs
└── README.md


/AntiDebug.cs:
--------------------------------------------------------------------------------
 1 | using System;
 2 | using System.Diagnostics;
 3 | using System.Runtime.InteropServices;
 4 | using System.Windows.Forms;
 5 | 
 6 | namespace AntiDBG
 7 | {
 8 |     /*
 9 |      *    | Author : Arsium 
10 |      *    | Sources : 
11 |      *    
12 |      *    https://www.geoffchappell.com/studies/windows/km/ntoskrnl/api/ps/psquery/class.htm
13 |      *    https://www.pinvoke.net/default.aspx/ntdll/PROCESSINFOCLASS.html
14 |      *    http://undocumented.ntinternals.net/index.html?page=UserMode%2FUndocumented%20Functions%2FNT%20Objects%2FThread%2FTHREAD_INFORMATION_CLASS.html
15 |      *    https://ntquery.wordpress.com/2014/03/29/anti-debug-ntsetinformationthread/
16 |      *    
17 |      *    | Note : The value are in hexadecimal , I've translated to decimal.
18 |      *    
19 |      */
20 | 
21 |     public class AntiDebug
22 |     {
23 |         [DllImport("kernel32.dll",SetLastError = true)]
24 |         [return: MarshalAs(UnmanagedType.Bool)]
25 |         private static extern bool CheckRemoteDebuggerPresent(IntPtr ProcHHandle, out bool dwReason);
26 |         
27 |         [DllImport("Ntdll.dll",SetLastError =true)]
28 |         private static extern uint NtSetInformationThread(IntPtr hThread, int ThreadInformationClass, IntPtr ThreadInformation, uint ThreadInformationLength);
29 |         
30 |         [DllImport("Kernel32.dll",SetLastError = true)]
31 |         private static extern  IntPtr GetCurrentThread();
32 | 
33 |         public static void firsTech()
34 |         {
35 |             bool checkDebug;
36 | 
37 |             CheckRemoteDebuggerPresent(Process.GetCurrentProcess().Handle, out checkDebug);
38 | 
39 |             if (checkDebug)
40 |                     //MessageBox.Show("Stop Debugging !");
41 |                 return;
42 |                 
43 |         }
44 |         public static uint secondTech()
45 |         {
46 |             uint Status;
47 | 
48 |             Status = NtSetInformationThread(GetCurrentThread(), 17, IntPtr.Zero, 0);
49 | 
50 |             if (Status != 0)
51 |             {
52 | 
53 |                 string errorMsg = String.Format("Error with NtSetInformationThread : 0x{0:x} n", Status);
54 |                 //MessageBox.Show(errorMsg);
55 |                 return 0;
56 |             }
57 | 
58 |             //MessageBox.Show("Hide from Debug is activated !");  //NTStatus = 0 : Success
59 | 
60 |             return 0;
61 |         }
62 | 
63 |     }
64 | }
65 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # AntiDebug
2 | Anti-Debug methods with C#
3 | 


--------------------------------------------------------------------------------