Neler yeni

C# Anti Suspend

fr3dofficial

fr3dofficial

TG: fr3dofficial
Gold Üye
Katılım
16 May 2022
Mesajlar
182
Beğeniler
100
Garanti yöntem olmasada orta düzey koruma sağlar. Kernel driver ile bypass edilebilir.


Ne işe yarar?
Process Handle koruması sağlar. Suspend, terminate gibi işlemler Handle üzerinden yapıldığı için uygulamanız suspend edilemez.

Thread Check sistemi ile threadlerin durumunu kontrol eder. Suspend durumunda programı kapatır veya istediğiniz şeyi yaptırabilirsiniz.

C#: 
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.Threading;

namespace AntiSuspend
{
    class Program
    {
        [DllImport("kernel32.dll", SetLastError = true)]
        static extern bool SetHandleInformation(IntPtr hObject, int dwMask, int dwFlags);

        [DllImport("ntdll.dll")]
        private static extern int NtQueryInformationThread(IntPtr threadHandle, int threadInformationClass, IntPtr threadInformation, int threadInformationLength, IntPtr returnLength);

        [DllImport("kernel32.dll", SetLastError = true)]
        private static extern IntPtr OpenThread(uint dwDesiredAccess, bool bInheritHandle, uint dwThreadId);

        [DllImport("kernel32.dll", SetLastError = true)]
        private static extern bool CloseHandle(IntPtr hObject);

        [DllImport("ntdll.dll", SetLastError = true)]
        private static extern uint NtSuspendThread(IntPtr threadHandle);

        [DllImport("ntdll.dll", SetLastError = true)]
        private static extern uint NtResumeThread(IntPtr threadHandle);

        private const int HANDLE_FLAG_PROTECT_FROM_CLOSE = 0x02;
        private const int THREAD_SUSPEND_RESUME = 0x0002;
        private const int THREAD_QUERY_INFORMATION = 0x0040;

        static void Main(string[] args)
        {
            ProtectProcessHandle();
            new Thread(MonitorThreads).Start();

            while (true)
            {
                Thread.Sleep(1000);
            }
        }

        private static void ProtectProcessHandle()
        {
            IntPtr handle = Process.GetCurrentProcess().Handle;
            SetHandleInformation(handle, HANDLE_FLAG_PROTECT_FROM_CLOSE, HANDLE_FLAG_PROTECT_FROM_CLOSE);
        }

        private static void MonitorThreads()
        {
            while (true)
            {
                foreach (ProcessThread thread in Process.GetCurrentProcess().Threads)
                {
                    IntPtr threadHandle = OpenThread(THREAD_SUSPEND_RESUME | THREAD_QUERY_INFORMATION, false, (uint)thread.Id);

                    if (threadHandle != IntPtr.Zero)
                    {
                        int isSuspended = IsThreadSuspended(threadHandle);
                        CloseHandle(threadHandle);

                        if (isSuspended == 1)
                        {
                            Environment.Exit(1);
                        }
                    }
                }
                Thread.Sleep(500);
            }
        }

        private static int IsThreadSuspended(IntPtr threadHandle)
        {
            uint suspendCount = NtSuspendThread(threadHandle);
            NtResumeThread(threadHandle);
            return suspendCount > 0 ? 1 : 0;
        }
    }
}
 
Cevap yazmak için giriş yap yada kayıt ol.

  Şuanda konuyu görüntüleyen kullanıcılar

Toplam: 2 (Kullanıcı: 0, ziyaretçi: 2)

Üst Alt