Merge pull request #5 from EvilBytecode/main

AdvDebug · web-flow · commit e3930b0d5ba2 · 2024-06-06T21:24:42.000+03:00
Update (TRIAGE DETECTION)
diff --git a/AntiCrack-DotNet/AntiVirtualization.cs b/AntiCrack-DotNet/AntiVirtualization.cs
@@ -282,6 +282,22 @@ public static bool CheckForParallels()
             return false;
         }
 
+        public static bool TriageCheck()
+        {
+            using (var searcher = new ManagementObjectSearcher("SELECT * FROM Win32_DiskDrive"))
+            {
+                foreach (var item in searcher.Get())
+                {
+                    string model = item["Model"].ToString();
+                    if (model.Contains("DADY HARDDISK") || model.Contains("QEMU HARDDISK"))
+                    {
+                        return true;
+                    }
+                }
+            }
+            return false;
+        }
+
         public static bool CheckForQemu()
         {
             string[] BadDriversList = { "qemu-ga", "qemuwmi" };
diff --git a/AntiCrack-DotNet/Program.cs b/AntiCrack-DotNet/Program.cs
@@ -104,6 +104,7 @@ private static void ExecuteAntiDebuggingTricks()
         private static void ExecuteAntiVirtualizationTricks()
         {
             ConsoleConfig.DisplayHeader("Executing Anti Virtualization Tricks");
+            ConsoleConfig.DisplayResult("Checking For Triage: ", AntiVirtualization.TriageCheck(), "Checks if Triage is present through disk.");
             ConsoleConfig.DisplayResult("Checking For Sandboxie Module in Current Process: ", AntiVirtualization.IsSandboxiePresent(), "Checks if Sandboxie is present.");
             ConsoleConfig.DisplayResult("Checking For Comodo Sandbox Module in Current Process: ", AntiVirtualization.IsComodoSandboxPresent(), "Checks if Comodo Sandbox is present.");
             ConsoleConfig.DisplayResult("Checking For Cuckoo Sandbox Module in Current Process: ", AntiVirtualization.IsCuckooSandboxPresent(), "Checks if Cuckoo Sandbox is present.");

Original file line number	Diff line number	Diff line change
`@@ -104,6 +104,7 @@ private static void ExecuteAntiDebuggingTricks()`
`104`	`104`	`private static void ExecuteAntiVirtualizationTricks()`
`105`	`105`	`{`
`106`	`106`	`ConsoleConfig.DisplayHeader("Executing Anti Virtualization Tricks");`
	`107`	`+ ConsoleConfig.DisplayResult("Checking For Triage: ", AntiVirtualization.TriageCheck(), "Checks if Triage is present through disk.");`
`107`	`108`	`ConsoleConfig.DisplayResult("Checking For Sandboxie Module in Current Process: ", AntiVirtualization.IsSandboxiePresent(), "Checks if Sandboxie is present.");`
`108`	`109`	`ConsoleConfig.DisplayResult("Checking For Comodo Sandbox Module in Current Process: ", AntiVirtualization.IsComodoSandboxPresent(), "Checks if Comodo Sandbox is present.");`
`109`	`110`	`ConsoleConfig.DisplayResult("Checking For Cuckoo Sandbox Module in Current Process: ", AntiVirtualization.IsCuckooSandboxPresent(), "Checks if Cuckoo Sandbox is present.");`