c# protection system

[laurens]

Glider is using shadow driver to protect there glider,

but does anyone know a good protection system for c#?
like a sort encryption in memory?

or just something like what Shadow driver does

or if you got tips please post it

[Apoc]

Glider is using shadow driver to protect there glider,

but does anyone know a good protection system for c#?
like a sort encryption in memory?

or just something like what Shadow driver does

or if you got tips please post it

The shadow driver is basically a rootkit. (If not an actual rootkit)

This is not something that can easily be done with C#. (Note, I said easily)

And you can try using CryptoStreams to help you out.

[laurens]

Thanks for that,

It could be usefull

but still this encrypt variables, but when you need to read it it get changed back, so probally they could detect it but thanks for the tip

[nanidin]

Check out the book "Rootkits: Subverting the Windows Kernel". Pretty much any weaponsgrade protection you use is not going to be doable in c#. You're looking at writing device drivers in plain C with lots of poorly documented (or not documented at all!) structs and functions.

[Apoc]

Check out the book "Rootkits: Subverting the Windows Kernel". Pretty much any weaponsgrade protection you use is not going to be doable in c#. You're looking at writing device drivers in plain C with lots of poorly documented (or not documented at all!) structs and functions.

Actually not true. It's just harder. PInvokes allow you to go down to kernel level, as well as quite a few other methods. But using low level languages (C/C++) makes it alot easier.

[nanidin]

Actually not true. It's just harder. PInvokes allow you to go down to kernel level, as well as quite a few other methods. But using low level languages (C/C++) makes it alot easier.

Does it work as a callgate? I don't know much about c#, I messed around with the wow# source a bit but never made an effort to learn it or .net

[laurens]

But i was wondering,

lets say i'm making a bot where does warden look at?

what does it try to read in the memory because memory reading is allowed though?

if i got another program with memory reading i get banned?


Want to make a bot but only for costum use not for releasing well atleast not yet

[Cypher]

Actually not true. It's just harder. PInvokes allow you to go down to kernel level, as well as quite a few other methods. But using low level languages (C/C++) makes it alot easier.

Yes but you can't run managed code as a driver. You can call APIs but you can't register your module into the windows kernel and hook the Ring0 functions needed to create a successful driver.

Calling APIs is different to running as a driver. (The whole point of running as a driver is that you get access to the kernel, you can't access the APIs you need from usermode so PInvoke won't help you.)

[Cypher]

But i was wondering,

lets say i'm making a bot where does warden look at?

what does it try to read in the memory because memory reading is allowed though?

if i got another program with memory reading i get banned?


Want to make a bot but only for costum use not for releasing well atleast not yet

Currently warden looks inside its own memory space for changes that shouldn't be there. It doesn't enumerate windows or processes like it used to AFAIK.

If your program is just reading memory you should be safe. And if you keep it private then you'll have nothing to worry about.