Skip to content

Commit 5fa145a

Browse files
EvilBytecodeEvilBytecode
authored
Update README.md
1 parent 45184b4 commit 5fa145a

File tree

1 file changed

+3
-1
lines changed

1 file changed

+3
-1
lines changed

README.md

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,6 @@ By the way, for quick setup, run `install.bat`.
2121
- **VM Artifacts**: Identifies artifacts left behind by virtual machines (VMs), which can indicate the presence of a VM environment.
2222
- **Parallels Check**: Detects Parallels Desktop, a popular virtualization software for macOS, used to run Windows and other guest operating systems.
2323
- **QEMU Detection**: Identifies the presence of QEMU, an open-source machine emulator and virtualizer, which may indicate virtual machine detection.
24-
- **Patching Dll**: Taking Advantage of Binary Image Signature Mitigation Policy to prevent injecting Non-Microsoft Binaries.
2524

2625
### Anti-Debug
2726

@@ -44,6 +43,9 @@ ProcessUtils you probably need for you app
4443
- **Enable All Tokens**: Enable all tokens Windows privileges for current process
4544
- **IsAdmin - Request Admin**: Request admin for current process, and Check if current process is Admin
4645

46+
# Anti-Dll-Injection
47+
- **Patching Dll**: Taking Advantage of Binary Image Signature Mitigation Policy to prevent injecting Non-Microsoft Binaries.
48+
4749
### Quick Nutshell
4850

4951
- Detects most anti-anti-debugging hooking methods on common anti-debugging functions by checking for bad instructions on function addresses (most effective on x64). It also detects user-mode anti-anti-debuggers like ScyllaHide and can detect some sandboxes that use hooking to monitor application behavior/activity (like [Tria.ge](https://tria.ge/)).

0 commit comments

Comments
 (0)