└── Protection.hpp


/Protection.hpp:
--------------------------------------------------------------------------------
  1 | //Pre-code user set-up:
  2 | bool AntiDebugB = true;
  3 | bool AntiDumpB = true;
  4 | bool TracesB = false;
  5 | bool BSODB = false;
  6 | bool KillTasksB = true;
  7 | bool NativeDebuggerProtection = true; //should be toggled off if you are debugging it using VS
  8 | 
  9 | #define _CRT_SECURE_NO_DEPRECATE //for fopen
 10 | 
 11 | 
 12 | #include <Windows.h>
 13 | #include <iostream>
 14 | #include <tlhelp32.h>
 15 | #include <fstream>
 16 | #include <filesystem>
 17 | #include <direct.h>
 18 | 
 19 | using namespace std;
 20 | // version: 0.1
 21 | // Made by lhaasper 
 22 | // github.com/lhaasper
 23 | 
 24 | 
 25 | void Protect()
 26 | {
 27 | 	std::thread anti(Protecion);
 28 | }
 29 | 
 30 | 
 31 | 
 32 | void detect(std::string msg)
 33 | {
 34 | 	if (TracesB) 
 35 | 	{
 36 | 		std::ofstream Trace01;
 37 | 		Trace01.open("C:\\Program Files\\Win32Log.txt");
 38 | 		Trace01 << "windows";
 39 | 		Trace01.close();
 40 | 	}
 41 | 	std::ofstream outfile("Error.txt");
 42 | 	outfile << "Detected: " + msg << std::endl;
 43 | 	outfile.close();
 44 | 	exit(1337);
 45 | }
 46 | 
 47 | 
 48 | 
 49 | bool isProcessRunning(const wchar_t* processName)
 50 | {
 51 | 	bool exists = false;
 52 | 	PROCESSENTRY32 entry;
 53 | 	entry.dwSize = sizeof(PROCESSENTRY32);
 54 | 
 55 | 	HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL);
 56 | 
 57 | 	if (Process32First(snapshot, &entry))
 58 | 		while (Process32Next(snapshot, &entry)) {
 59 | 
 60 | 
 61 | 			if (!_wcsicmp(entry.szExeFile, processName))
 62 | 				exists = true;
 63 | 		}
 64 | 
 65 | 	CloseHandle(snapshot);
 66 | 	return exists;
 67 | }
 68 | 
 69 | void exedetect()
 70 | {
 71 | 	
 72 | 
 73 | 		if (isProcessRunning((L"KsDumperClient.exe")))
 74 | 		{
 75 | 			detect("KsDumper");
 76 | 		}
 77 | 		else if (isProcessRunning((L"HTTPDebuggerUI.exe")))
 78 | 		{
 79 | 			detect("HttpDebuggerPro");
 80 | 		}
 81 | 		else if (isProcessRunning((L"HTTPDebuggerSvc.exe")))
 82 | 		{
 83 | 			detect("HttpDebuggerPro - Service");
 84 | 		}
 85 | 		else if (isProcessRunning((L"FolderChangesView.exe")))
 86 | 		{
 87 | 			detect("FolderChangesView");
 88 | 		}
 89 | 		else if (isProcessRunning((L"ProcessHacker.exe")))
 90 | 		{
 91 | 			detect("Process Hacker");
 92 | 		}
 93 | 		else if (isProcessRunning((L"procmon.exe")))
 94 | 		{
 95 | 			detect("Process Monitor");
 96 | 		}
 97 | 		else if (isProcessRunning((L"idaq.exe")))
 98 | 		{
 99 | 			detect("IDA");
100 | 		}
101 | 		else if (isProcessRunning((L"idaq64.exe")))
102 | 		{
103 | 			detect("IDA");
104 | 		}
105 | 		else if (isProcessRunning((L"Wireshark.exe")))
106 | 		{
107 | 			detect("Wireshark");
108 | 		}
109 | 		else if (isProcessRunning((L"Fiddler.exe")))
110 | 		{
111 | 			detect("Fiddler");
112 | 		}
113 | 		else if (isProcessRunning((L"Xenos64.exe")))
114 | 		{
115 | 			detect("Xenos");
116 | 		}
117 | 		else if (isProcessRunning((L"Cheat Engine.exe")))
118 | 		{
119 | 			detect("Cheat Engine");
120 | 		}
121 | 		else if (isProcessRunning((L"HTTP Debugger Windows Service (32 bit).exe")))
122 | 		{
123 | 			detect("HTTP Debugger - Service (2)");
124 | 		}
125 | 		else if (isProcessRunning((L"KsDumper.exe")))
126 | 		{
127 | 			detect("KSDumper");
128 | 		}
129 | 		else if (isProcessRunning((L"x64dbg.exe")))
130 | 		{
131 | 			detect("x64dbg");
132 | 		}
133 | 
134 |     
135 | }
136 | 
137 | 
138 | void KillDebuggers()
139 | {
140 | 	
141 | 	system("taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1");
142 | 	system("taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1");
143 | 	system("sc stop HTTPDebuggerPro >nul 2>&1");
144 | 	system("taskkill /FI \"IMAGENAME eq cheatengine*\" /IM * /F /T >nul 2>&1");
145 | 	system("taskkill /FI \"IMAGENAME eq httpdebugger*\" /IM * /F /T >nul 2>&1");
146 | 	system("taskkill /FI \"IMAGENAME eq processhacker*\" /IM * /F /T >nul 2>&1");
147 | 	system("taskkill /FI \"IMAGENAME eq fiddler*\" /IM * /F /T >nul 2>&1");
148 | 	system("taskkill /FI \"IMAGENAME eq wireshark*\" /IM * /F /T >nul 2>&1");
149 | 	system("taskkill /FI \"IMAGENAME eq rawshark*\" /IM * /F /T >nul 2>&1");
150 | 	system("taskkill /FI \"IMAGENAME eq charles*\" /IM * /F /T >nul 2>&1");
151 | 	system("taskkill /FI \"IMAGENAME eq cheatengine*\" /IM * /F /T >nul 2>&1");
152 | 	system("taskkill /FI \"IMAGENAME eq ida*\" /IM * /F /T >nul 2>&1");
153 | 	system("taskkill /FI \"IMAGENAME eq httpdebugger*\" /IM * /F /T >nul 2>&1");
154 | 	system("taskkill /FI \"IMAGENAME eq processhacker*\" /IM * /F /T >nul 2>&1");
155 | 	system("sc stop HTTPDebuggerPro >nul 2>&1");
156 | 	system("sc stop KProcessHacker3 >nul 2>&1");
157 | 	system("sc stop KProcessHacker2 >nul 2>&1");
158 | 	system("sc stop KProcessHacker1 >nul 2>&1");
159 | 	system("sc stop wireshark >nul 2>&1");
160 | 	system("sc stop npf >nul 2>&1");
161 | }
162 | 
163 | void DetectNativeDebugger() 
164 | {
165 | 	if (IsDebuggerPresent()) 
166 | 	{
167 | 		detect("Native debugger (IsDebuggerPresent returned true)");
168 | 	}
169 | }
170 | 
171 | void AntiDump() {
172 | 	
173 | }
174 | 
175 | 
176 | 
177 | 
178 | 
179 | void Protecion()
180 | {
181 | 	while (true)
182 | 	{
183 | 		FILE* file;
184 | 		if (file = fopen("C:\\Program Files\\Win32Log.txt", "r")) {
185 | 			fclose(file);
186 | 			//trace exists (user is banned)
187 | 			detect("User is banned (7)");
188 | 		}
189 | 
190 | 		if (AntiDebugB) 
191 | 		{
192 | 			exedetect();
193 | 		}
194 | 		else if (AntiDumpB)
195 | 		{
196 | 			//todo
197 | 		}
198 | 		else if (KillTasksB) 
199 | 		{
200 | 			KillDebuggers();
201 | 		}
202 | 		else if (NativeDebuggerProtection)
203 | 		{
204 | 			DetectNativeDebugger();
205 | 		}
206 | 	}
207 | }
208 | 


--------------------------------------------------------------------------------