Add files via upload

BIG UPDATE / ENJOY BLOCKS WHERE YOU CAN MODIFY WHAT TO DO. 
BETTER ERROR HANDLING
CONTROLABLE VERSION

Author: EvilBytecode

AntiDebug/CheckBlacklistedWindowsNames/CheckBlacklistedWindowsNames.go

@@ -1,7 +1,7 @@
-package blacklistcheck
+package CheckBlacklistedWindowsNames
 
 import (
-    "fmt"
+    "log"
     "syscall"
     "unsafe"
 )
@@ -52,7 +52,7 @@ func enumWindowsProc(hwnd syscall.Handle, lParam uintptr) uintptr {
     // Check if the window title contains any blacklisted strings
     for _, blacklisted := range blacklistedWindows {
         if contains(wt, blacklisted) {
-            fmt.Printf("Detected blacklisted window: %s\n", wt)
+            log.Printf("Detected blacklisted window: %s\n", wt)
             // If a blacklisted window is found, terminate the associated process
             proc, _, _ := pop.Call(syscall.PROCESS_TERMINATE, 0, uintptr(pid))
             if proc != 0 {

AntiDebug/InternetCheck/internetcheck.go

@@ -1,17 +1,23 @@
 package InternetCheck
 
 import (
-    "fmt"
-    "net"
-    "os"
+	"log"
+	"net"
+	"errors"
 )
 
-func CheckConnection() {
-    _, err := net.Dial("tcp", "google.com:80")
-    if err == nil {
-        fmt.Println("Debug Check: [!] Internet connection is active.")
-    } else {
-        fmt.Println("Debug Check: INTERNET CONNECTION CHECK FAILED!")
-        os.Exit(-1)
-    }
-}
+func CheckConnection() (bool, error) {
+	conn, err := net.Dial("tcp", "google.com:80")
+	if err != nil {
+		err = errors.New("error checking internet connection: " + err.Error())
+		log.Printf("[DEBUG] Error checking internet connection: %v", err)
+		return false, err
+	}
+	defer func() {
+		if cerr := conn.Close(); cerr != nil {
+			log.Printf("[DEBUG] Error closing connection: %v", cerr)
+		}
+	}()
+
+	return true, nil
+}

AntiDebug/IsDebuggerPresent/isdebuggerpresent.go

@@ -1,27 +1,25 @@
 package IsDebuggerPresent
 
 import (
-    "os"
-    "syscall"
+	"syscall"
 )
 
 var (
-    kernel32DLL = syscall.NewLazyDLL("kernel32.dll")
-    isDebugger  = kernel32DLL.NewProc("IsDebuggerPresent")
+	kernel32DLL = syscall.NewLazyDLL("kernel32.dll")
+	isDebugger  = kernel32DLL.NewProc("IsDebuggerPresent")
 )
 
 // IsDebuggerPresent1 checks if a debugger is present.
 func IsDebuggerPresent1() bool {
-    flag, _, _ := isDebugger.Call()
-    return flag != 0
+	flag, _, _ := isDebugger.Call()
+	return flag != 0
 }
 
-// CheckAndPrint checks if a debugger is present and prints a message.
-func IsDebuggerPresent() {
-    if IsDebuggerPresent1() {
-        println("Debug check: IsDebuggerPresent is present.")
-		os.Exit(-1)
-    } else {
-        println("Debug check: IsDebuggerPresent is not present.")
-    }
+// IsDebuggerPresent checks if a debugger is present and logs the result.
+func IsDebuggerPresent() bool {
+	if IsDebuggerPresent1() {
+		return true
+	} else {
+		return false
+	}
 }

AntiDebug/KillBadProcesses/KillBadProcesses.go

@@ -1,4 +1,4 @@
-package processkiller
+package KillBadProcesses
 
 import (
 	"os/exec"

AntiDebug/ParentAntiDebug/parentantidebug.go

@@ -1,11 +1,12 @@
-package parentantidebug
+package ParentAntiDebug
 
 import (
-	"fmt"
+	"log"
 	"os"
 	"path/filepath"
 	"syscall"
 	"unsafe"
+
 	"golang.org/x/sys/windows"
 )
 
@@ -23,42 +24,69 @@ type ProcessInfo struct {
 }
 
 // NtQueryProc queries process information
-func NtQueryProc(handle syscall.Handle, class uint32, info *ProcessInfo, length uint32) {
-	syscall.Syscall6(ntquery.Addr(), 5, uintptr(handle), uintptr(class), uintptr(unsafe.Pointer(info)), uintptr(length), 0, 0)
+func NtQueryProc(handle syscall.Handle, class uint32, info *ProcessInfo, length uint32) error {
+	r1, _, err := syscall.Syscall6(ntquery.Addr(), 5, uintptr(handle), uintptr(class), uintptr(unsafe.Pointer(info)), uintptr(length), 0, 0)
+	if err != 0 {
+		log.Printf("NtQueryInformationProcess failed: %v", err)
+		return err
+	}
+	if r1 != 0 {
+		log.Printf("NtQueryInformationProcess failed: unexpected return value: %v", r1)
+		return err
+	}
+	return nil
 }
 
 // QueryImageName retrieves the full image name of the process
-func QueryImageName(handle syscall.Handle, flags uint32, nameBuffer []uint16, size *uint32) {
-	windows.QueryFullProcessImageName(windows.Handle(handle), flags, &nameBuffer[0], size)
+func QueryImageName(handle syscall.Handle, flags uint32, nameBuffer []uint16, size *uint32) error {
+	err := windows.QueryFullProcessImageName(windows.Handle(handle), flags, &nameBuffer[0], size)
+	if err != nil {
+		log.Printf("QueryFullProcessImageName failed: %v", err)
+		return err
+	}
+	return nil
 }
 
 // CurrentProcName returns the name of the current executable
-func CurrentProcName() string {
-	exePath, _ := os.Executable()
-	return filepath.Base(exePath)
+func CurrentProcName() (string, error) {
+	exePath, err := os.Executable()
+	if err != nil {
+		log.Printf("os.Executable failed: %v", err)
+		return "", err
+	}
+	return filepath.Base(exePath), nil
 }
 
-// ParentAntiDebug checks the parent process and exits if it's not explorer.exe or cmd.exe
-func ParentAntiDebug() {
+// ParentAntiDebug checks the parent process if it's explorer.exe or cmd.exe
+func ParentAntiDebug() bool {
 	const ProcInfo = 0
 	var p ProcessInfo
-	NtQueryProc(syscall.Handle(windows.CurrentProcess()), ProcInfo, &p, uint32(unsafe.Sizeof(p)))
+	if err := NtQueryProc(syscall.Handle(windows.CurrentProcess()), ProcInfo, &p, uint32(unsafe.Sizeof(p))); err != nil {
+		log.Printf("Error querying process information: %v", err)
+		return false
+	}
 	par := int32(p.InheritedFromPID)
 	if par == 0 {
-		return
+		return false
+	}
+	handle, err := syscall.OpenProcess(syscall.PROCESS_QUERY_INFORMATION, false, uint32(par))
+	if err != nil {
+		log.Printf("Error opening process handle: %v", err)
+		return false
 	}
-	handle, _ := syscall.OpenProcess(syscall.PROCESS_QUERY_INFORMATION, false, uint32(par))
 	defer syscall.CloseHandle(handle)
+
 	buff13 := make([]uint16, windows.MAX_PATH)
 	size := uint32(len(buff13))
-	QueryImageName(handle, 0, buff13, &size)
-	pa1231 := syscall.UTF16ToString(buff13[:size])
-	parname := filepath.Base(pa1231)
+	if err := QueryImageName(handle, 0, buff13, &size); err != nil {
+		log.Printf("Error querying image name: %v", err)
+		return false
+	}
+	parname := filepath.Base(syscall.UTF16ToString(buff13[:size]))
 
 	if parname != "explorer.exe" && parname != "cmd.exe" {
-		fmt.Printf("Debug Check: Parent process (%s) is not in the whitelist\n", parname)
-		os.Exit(-1)
+		return true
 	} else {
-		fmt.Printf("Debug Check: Parent process (%s) is in the whitelist\n", parname)
+		return false
 	}
 }

AntiDebug/RemoteDebugger/RemoteDebugger.go

@@ -1,25 +1,29 @@
-package remotedebuggercheck
+package RemoteDebugger
 
 import (
-	"fmt"
-	"os"
 	"syscall"
 	"unsafe"
 )
 
 var (
-	mk32  = syscall.NewLazyDLL("kernel32.dll")
-	crdp  = mk32.NewProc("CheckRemoteDebuggerPresent")
+	mk32 = syscall.NewLazyDLL("kernel32.dll")
+	crdp = mk32.NewProc("CheckRemoteDebuggerPresent")
 )
 
 // RemoteDebugger checks for the presence of a remote debugger.
-func RemoteDebugger() {
+func RemoteDebugger() (bool, error) {
 	var isremdebpres bool
-	crdp.Call(^uintptr(0), uintptr(unsafe.Pointer(&isremdebpres)))
+	r1, _, err := crdp.Call(^uintptr(0), uintptr(unsafe.Pointer(&isremdebpres)))
+	if r1 == 0 {
+		return false, nil
+	}
+	if err != nil {
+		return false, err
+	}
+
 	if isremdebpres {
-		fmt.Println("Debug check: Remote debugger detected.")
-		os.Exit(-1)
+		return true, nil
 	} else {
-		fmt.Println("Debug check: Remote debugger is not present.")
+		return false, nil
 	}
 }

AntiDebug/RunningProcesses/RunningProcesses.go

@@ -1,33 +1,37 @@
-// runningprocesses.go
-package runningprocesses
+package RunningProcesses
 
 import (
-    "fmt"
-    "os"
-    "syscall"
-    "unsafe"
+	"log"
+	"syscall"
+	"unsafe"
 )
 
 var (
-    kernel32DLL = syscall.NewLazyDLL("kernel32.dll")
-    pep         = kernel32DLL.NewProc("K32EnumProcesses")
+	kernel32DLL = syscall.NewLazyDLL("kernel32.dll")
+	enumProcesses         = kernel32DLL.NewProc("K32EnumProcesses")
 )
 
 // GetRunningProcessesCount returns the number of currently running processes.
-func GetRunningProcessesCount() int {
-    var ids [1024]uint32
-    var needed uint32
-    pep.Call(uintptr(unsafe.Pointer(&ids)), uintptr(len(ids)), uintptr(unsafe.Pointer(&needed)))
-    return int(needed / 4)
+func GetRunningProcessesCount() (int, error) {
+	var ids [1024]uint32
+	var needed uint32
+	r1, _, err := enumProcesses.Call(uintptr(unsafe.Pointer(&ids)), uintptr(len(ids)), uintptr(unsafe.Pointer(&needed)))
+	if r1 == 0 {
+		log.Printf("K32EnumProcesses failed: %v", err)
+		return 0, nil
+	}
+	return int(needed / 4), nil
 }
 
 // CheckRunningProcessesCount checks if the number of currently running processes is less than a specified count.
-func CheckRunningProcessesCount(count int) {
-    processesCount := GetRunningProcessesCount()
-    //fmt.Printf("Number of running processes: %d\n", processesCount)
-    if processesCount < count {
-        fmt.Println("Number of running processes is less than the specified count. Exiting.")
-        os.Exit(-1)
-    }
-    fmt.Println("Debug Check: Number of running processes is greater than or equal to the specified count. Continuing.")
+func CheckRunningProcessesCount(count int) (bool, error) {
+	processesCount, err := GetRunningProcessesCount()
+	if err != nil {
+		return false, err
+	}
+
+	if processesCount < count {
+		return true, nil
+	}
+	return false, nil
 }

AntiDebug/UserAntiAntiDebug/HooksDetection.go

@@ -1,7 +1,7 @@
-package userantiantidebug
+package HooksDetection
 
 import (
-	"fmt"
+	"log"
 	"syscall"
 	"unsafe"
 )
@@ -144,5 +144,5 @@ func DetectHooksOnCommonWinAPIFunctions(moduleName string, functions []string) b
 }
 
 func AntiAntiDebug() {
-	fmt.Println("Detecting Hooks on Common WinAPI Functions by checking for Bad Instructions on Functions Addresses (Most Effective on x64): ", DetectHooksOnCommonWinAPIFunctions("", nil))
+	log.Println("Detecting Hooks on Common WinAPI Functions by checking for Bad Instructions on Functions Addresses (Most Effective on x64): ", DetectHooksOnCommonWinAPIFunctions("", nil))
 }

AntiDebug/pcuptime/pcuptime.go

@@ -1,9 +1,6 @@
-// pcuptime.go
 package pcuptime
 
 import (
-    "fmt"
-    "os"
     "syscall"
 )
 
@@ -12,19 +9,25 @@ var (
     getTickCount = kernel32DLL.NewProc("GetTickCount")
 )
 
-// GetUptimeInSeconds returns the system uptime in seconds, predefined one is 1200 which is 20mins.
-func GetUptimeInSeconds() int {
-    uptime, _, _ := getTickCount.Call()
-    return int(uptime / 1000)
+// GetUptimeInSeconds returns the system uptime in seconds.
+func GetUptimeInSeconds() (int, error) {
+    uptime, _, err := getTickCount.Call()
+    if err != nil && err.Error() != "The operation completed successfully." {
+        return 0, err
+    }
+    return int(uptime / 1000), nil
 }
 
-// CheckUptime checks if the system uptime is less than a specified duration in seconds and prints a message.
-func CheckUptime(durationInSeconds int) {
-    uptime := GetUptimeInSeconds()
+// CheckUptime checks if the system uptime is less than a specified duration in seconds.
+func CheckUptime(durationInSeconds int) (bool, error) {
+    uptime, err := GetUptimeInSeconds()
+    if err != nil {
+        return false, err
+    }
+
     if uptime < durationInSeconds {
-        fmt.Println("Debug Check: System uptime is less than the specified duration.")
-        os.Exit(-1)
+        return true, nil
     } else {
-        fmt.Println("Debug Check: System uptime is greater than or equal to the specified duration.")
+        return false, nil
     }
 }