mambda was picky about inline asm lol

Author: Ricardonacif

.vs/anti-debugging/v16/.suo

@@ -3,14 +3,7 @@
 
 // only works on 32bit applications. Will add 64bit support later. See https://anti-reversing.com/Downloads/Anti-Reversing/The_Ultimate_Anti-Reversing_Reference.pdf page 5
 bool MethodNtGlobalFlag() {
-    int tmp = NULL;
-    __asm
-    {
-        mov eax, fs:[0x30]
-        mov eax, [eax+0x68]
-        and al, 0x70
-        mov tmp, eax
-    }
-
-    return tmp == 0x70;
+    auto peb = (char*) __readfsdword(0x30);
+    auto ntGlobalFlag = *(peb + 0x68);
+    return ( (ntGlobalFlag & 0x70) == 0x70);
 }

Methods/MethodNtGlobalFlag.h

@@ -6,15 +6,8 @@
 PPEB getPeb(void);
 
 bool MethodPEBBeingDebugged() {
-    // define our vars
-    PPEB pPeb = NULL;
-    bool dBug;
-
-    pPeb = getPeb();
-    std::cout << "ALALOELE PEB->>> " << pPeb << std::endl;
-
-    dBug = pPeb->BeingDebugged;
-    return dBug;
+    auto peb = (char*) __readfsdword(0x30);
+    return *(peb+0x2);
 }
 
 PPEB getPeb() {

Methods/MethodPEBBeingDebugged.h

@@ -0,0 +1,71 @@
+// Microsoft Visual C++ generated resource script.
+//
+#include "resource.h"
+
+#define APSTUDIO_READONLY_SYMBOLS
+/////////////////////////////////////////////////////////////////////////////
+//
+// Generated from the TEXTINCLUDE 2 resource.
+//
+#include "winres.h"
+
+/////////////////////////////////////////////////////////////////////////////
+#undef APSTUDIO_READONLY_SYMBOLS
+
+/////////////////////////////////////////////////////////////////////////////
+// English (United States) resources
+
+#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_ENU)
+LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
+#pragma code_page(1252)
+
+#ifdef APSTUDIO_INVOKED
+/////////////////////////////////////////////////////////////////////////////
+//
+// TEXTINCLUDE
+//
+
+1 TEXTINCLUDE 
+BEGIN
+    "resource.h\0"
+END
+
+2 TEXTINCLUDE 
+BEGIN
+    "#include ""winres.h""\r\n"
+    "\0"
+END
+
+3 TEXTINCLUDE 
+BEGIN
+    "\r\n"
+    "\0"
+END
+
+#endif    // APSTUDIO_INVOKED
+
+
+/////////////////////////////////////////////////////////////////////////////
+//
+// Icon
+//
+
+// Icon with lowest ID value placed first to ensure application icon
+// remains consistent on all systems.
+IDI_ICON1               ICON                    "gh.ico"
+
+#endif    // English (United States) resources
+/////////////////////////////////////////////////////////////////////////////
+
+
+
+#ifndef APSTUDIO_INVOKED
+/////////////////////////////////////////////////////////////////////////////
+//
+// Generated from the TEXTINCLUDE 3 resource.
+//
+
+
+/////////////////////////////////////////////////////////////////////////////
+#endif    // not APSTUDIO_INVOKED
+

anti-debugging.rc

@@ -153,6 +153,14 @@
   <ItemGroup>
     <ClInclude Include="AntiDebugMethod.h" />
     <ClInclude Include="MethodFunctions.h" />
+    <ClInclude Include="resource.h" />
+  </ItemGroup>
+  <ItemGroup>
+    <ResourceCompile Include="anti-debugging.rc" />
+  </ItemGroup>
+  <ItemGroup>
+    <Image Include="gh.ico" />
+    <Image Include="icon1.ico" />
   </ItemGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
   <ImportGroup Label="ExtensionTargets">

anti-debugging.vcxproj

@@ -29,5 +29,21 @@
     <ClInclude Include="MethodFunctions.h">
       <Filter>Header Files</Filter>
     </ClInclude>
+    <ClInclude Include="resource.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+  </ItemGroup>
+  <ItemGroup>
+    <ResourceCompile Include="anti-debugging.rc">
+      <Filter>Resource Files</Filter>
+    </ResourceCompile>
+  </ItemGroup>
+  <ItemGroup>
+    <Image Include="icon1.ico">
+      <Filter>Resource Files</Filter>
+    </Image>
+    <Image Include="gh.ico">
+      <Filter>Resource Files</Filter>
+    </Image>
   </ItemGroup>
 </Project>

anti-debugging.vcxproj.filters

@@ -0,0 +1,16 @@
+//{{NO_DEPENDENCIES}}
+// Microsoft Visual C++ generated include file.
+// Used by anti-debugging.rc
+//
+#define IDI_ICON1                       102
+
+// Next default values for new objects
+// 
+#ifdef APSTUDIO_INVOKED
+#ifndef APSTUDIO_READONLY_SYMBOLS
+#define _APS_NEXT_RESOURCE_VALUE        103
+#define _APS_NEXT_COMMAND_VALUE         40001
+#define _APS_NEXT_CONTROL_VALUE         1001
+#define _APS_NEXT_SYMED_VALUE           101
+#endif
+#endif