Skip to content

Latest commit

 

History

History
53 lines (49 loc) · 3.12 KB

CHANGELOG.md

File metadata and controls

53 lines (49 loc) · 3.12 KB
Raw

0.75

  • Fixed a typo in API data structure and move print_os() after API initialization thanks to @hzqst
  • Added page exception breakpoint anti-debug check (mainly focused on Cheat Engine)
  • Added checks for power capabilities (GetPwrCapabilities)
  • Added CreateWaitableTimer and CreateTimerQueueTimer timing attack checks
  • Added Comodo sandbox checks thanks to @kaganisildak
  • Added Hybrid Analysis sandbox checks thanks to @kaganisildak
  • Improved TLS callback checks (no longer requires user interaction)
  • Improved check text output so that it displays the it before the check completes
  • Improved ThreadHideFromDebugger check
  • Improved disk size IOCTL checks
  • Improved reporting of timing checks
  • Overhauled the code to use precompiled headers
  • Added a standardised way to load and check APIs that aren't always available
  • Fixed a bug that caused TLS callbacks to not always work
  • Fixed a bug which resulted in a crash when RtlGetVersion was not available
  • Fixed a string formatting bug in the Xen VM checks
  • Fixed a bug where disk size was not read properly in the disk size WMI check
  • Fixed a bug where the locky timer trick never worked

0.74

  • Added qemu process check (qemu-ga.exe) thanks to @kaganisildak.
  • Added checks for system firmware tables (SMBIOS and ACPI for QEMU).
  • Added checks for Hyper-V/Virtual-PC anti-VM (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Virtual Machine\Guest\Parameters)
  • Added checks for multiple virtualization vendors using WMI (Select SerialNumber from Win32_BIOS).
  • Added checks for multiple virtualization vendors using WMI (Select Model/Manufacturer from Win32_ComputerSystem).
  • Added checks for MAC address for Xen, Parallels.
  • Added checks for ProcessorId using WMI (Select ProcessorId from Win32_Process).
  • Added checks for current CPU temperature using WMI (Select CurrentTemperature from MSAcpi_ThermalZoneTemperature).

0.73

  • Bug fix: GetSystemFirmwareTable should take resultBufferSize as an argument for the second call.
  • Bug fix: nullref exception in timing.cpp.
  • New: Add more checks for VMware related processes.
  • New: Add more checks for VMware related files.
  • New: Add more checks for VMWare related registry: SYSTEM\ControlSet001\Control\SystemInformation.
  • New: Add more checks for system firmware tables (SMBIOS and ACPI for VMware).
  • New: Add more loaded dlls check inside process context: avghookx.dll, avghooka.dll, snxhk.dll.
  • New: Add write watch debugger detection.
  • New: Add service anti-VM checks.
  • New: Add checks for VM related services.
  • Enhancement: add some macros to enable/disable a particular category of checks to easy debugging.

0.72

  • Bug fix: PEB offset in NumberOfProcessors() thanks to @Nxgr.
  • Bug fix: array with duplicate strings in process_tools check thanks to @stxletto.
  • Bug fix: ascii_to_wide_str() wrong argument thanks to @stxletto.

0.71

  • New: Add kernel debugger check using the KUSER_SHARED_DATA struct.
  • New: Add kernel debugger check using NtQuerySystemInformation with SystemKernelDebuggerInformation.
  • New: Added process job anti-debug check.
  • New: Added system firmware tables with GetSystemFirmwareTable (SMBIOS and ACPI for VirtualBox).