{"id":13574764,"url":"https://github.com/EvilBytecode/GoDefender","last_synced_at":"2025-04-04T18:32:00.745Z","repository":{"id":242715351,"uuid":"810140137","full_name":"EvilBytecode/GoDefender","owner":"EvilBytecode","description":"Anti Virtulization, Anti Debugging, AntiVM, Anti Virtual Machine, Anti Debug, Anti Sandboxie, Anti Sandbox, VM Detect package. Windows ONLY.","archived":false,"fork":false,"pushed_at":"2025-03-22T15:27:07.000Z","size":950,"stargazers_count":604,"open_issues_count":3,"forks_count":61,"subscribers_count":11,"default_branch":"main","last_synced_at":"2025-03-31T18:14:48.344Z","etag":null,"topics":["anti-cracking","anti-debug","anti-vm","debugger","debugging","malware","protection","reverse-engineering"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"unlicense","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/EvilBytecode.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-06-04T06:02:06.000Z","updated_at":"2025-03-30T06:58:49.000Z","dependencies_parsed_at":"2024-06-11T07:10:35.086Z","dependency_job_id":"9c3b4882-9d7d-4ca8-a4c5-2442012f16ad","html_url":"https://github.com/EvilBytecode/GoDefender","commit_stats":null,"previous_names":["evilbytecode/godefender"],"tags_count":12,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EvilBytecode%2FGoDefender","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EvilBytecode%2FGoDefender/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EvilBytecode%2FGoDefender/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EvilBytecode%2FGoDefender/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/EvilBytecode","download_url":"https://codeload.github.com/EvilBytecode/GoDefender/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247229624,"owners_count":20905088,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["anti-cracking","anti-debug","anti-vm","debugger","debugging","malware","protection","reverse-engineering"],"created_at":"2024-08-01T15:00:54.485Z","updated_at":"2025-04-04T18:32:00.738Z","avatar_url":"https://github.com/EvilBytecode.png","language":"Go","readme":"# Go Defender\n![Go Defender](GoDefenderLogo.png)\n\n## GoDefender\n\nThis Go package provides functionality to detect and defend against various forms of debugging tools and virtualization environments.\nBy the way, for quick setup, run `install.bat`.\n\n### Anti-Virtualization\n\n- **Triage Detection**: Detects if the system is running in a triage or analysis environment.\n- **Monitor Metrics**: Monitors system metrics to identify abnormal behavior indicative of virtualization.\n- **VirtualBox Detection**: Detects the presence of Oracle VirtualBox.\n- **VMware Detection**: Detects the presence of VMware virtualization software.\n- **KVM Check**: Checks for Kernel-based Virtual Machine (KVM) hypervisor.\n- **Username Check**: Verifies if the current user is a default virtualization user.\n- **Recent User Activity**: Checks user activity; if there are fewer than 20 files, it exits.\n- **USB Mount**: Checks if a USB was ever plugged into the computer before.\n- **VM Artifacts**: Identifies artifacts left behind by virtual machines (VMs), which can indicate the presence of a VM environment.\n- **Parallels Check**: Detects Parallels Desktop, a popular virtualization software for macOS, used to run Windows and other guest operating systems.\n- **QEMU Detection**: Identifies the presence of QEMU, an open-source machine emulator and virtualizer, which may indicate virtual machine detection.\n\n### Anti-Debug\n\nThis module includes functions to detect and prevent debugging and analysis of the running process.\n\n- **IsDebuggerPresent**: Checks if a debugger is currently attached to the process.\n- **Remote Debugger**: Detects if a remote debugger is connected to the process.\n- **PC Uptime**: Monitors system uptime to detect debugging attempts based on system restarts.\n- **Check Blacklisted Windows Names**: Verifies if the process name matches any blacklisted names commonly used by debuggers.\n- **Running Processes**: Retrieves a list of running processes and identifies potential malicious ones.\n- **Parent Anti-Debug**: Detects if the parent process is attempting to debug the current process.\n- **Check for bad Processes**: if detected on the system, do something based on your option (bool).\n- **Detects Usermode AntiAntiDebuggers**: Detects user-mode anti-anti-debuggers like ScyllaHide (BASIC / VMP Plugin).\n- **Internet Connection Check**: Checks if an internet connection is present.\n\n### ProcessUtils\nProcessUtils you probably need for you app\n- **Critical Process**: Implements functionality to manage critical processes essential for system operation.\n- **Set Runtime**: Set the app runtime to specified one: ```MacOS,Linux,Windows```\n- **Enable All Tokens**: Enable all tokens Windows privileges for current process\n- **IsAdmin - Request Admin**: Request admin for current process, and Check if current process is Admin\n\n# Anti-Dll-Injection\n- **Patching Dll**: Taking Advantage of Binary Image Signature Mitigation Policy to prevent injecting Non-Microsoft Binaries.\n\n### Quick Nutshell\n\n- Detects most anti-anti-debugging hooking methods on common anti-debugging functions by checking for bad instructions on function addresses (most effective on x64). It also detects user-mode anti-anti-debuggers like ScyllaHide and can detect some sandboxes that use hooking to monitor application behavior/activity (like [Tria.ge](https://tria.ge/)).\n\n## Credits\n\n- https://github.com/AdvDebug : Inspired me to start making this package. Without him, it wouldn't be here. Check out his GitHub.\n- https://github.com/MmCopyMemory : Provided ideas and much more. Check out his GitHub.\n- https://github.com/bytepulze : Help With Errors/Fixes, Check Out His Github\n- I made this because I noticed someone was trying to crack or analyze my other Go programs. Previously, I had many lines of anti-debugging code (I coded lazily and put everything into one), so I wanted to create something quick and reliable that would make a reverse engineer's life harder. Thus, I made GoDefender.\n\n","funding_links":[],"categories":["Go"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FEvilBytecode%2FGoDefender","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FEvilBytecode%2FGoDefender","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FEvilBytecode%2FGoDefender/lists"}