DotGuard 2.0.0

DotGuard V2 - Advanced .NET Framework Protection Library

DotGuard V2 is a comprehensive, modular, and extensible security library for .NET Framework applications (4.6.1, 4.7.2, 4.8). It provides advanced, multi-vector protection against reverse engineering, debugging, tampering, injection, and modern analysis/evasion techniques.

🛡️ Complete Protection Suite

Core Protections (All Advanced)

• Anti-Debug: Managed, native, kernel, timing, and hardware breakpoint detection
• Anti-Tamper: File hash, cryptographic signature, and memory integrity checks
• Anti-Injection: DLL injection, reflective injection, process hollowing, shellcode, memory region scan
• Anti-Memory Edit: Memory editors, patchers, WriteProcessMemory, critical region monitoring
• Anti-Virtualization: VM MAC, drivers, processes, registry, timing
• Anti-Sandbox: Sandbox processes, files, registry, timing
• Anti-Timing Attack: Sleep drift, CPU throttling, time dilation, behavioral analysis
• Anti-Dump: Dump tools, suspicious process access, dump attempt blocking
• Anti-Deobfuscation: Tools, modules, files, env vars, registry, behavioral
• Anti-Hooking: IAT/EAT, inline patching, suspicious modules
• Anti-Hollowing: Parent spoofing, memory/PE checks
• Anti-Emulation: Timing, process, artifact checks

Detailed Descriptions

• Anti-Debug: Detects .NET and native debuggers, process flags, timing anomalies, and hardware breakpoints.
• Anti-Tamper: Verifies assembly and resource integrity, validates code and signatures, detects multi-layer tampering.
• Anti-Injection: Detects injected modules, process modifications, API hooks, and memory injection artifacts.
• Anti-Memory Edit: Detects memory editors, monitors process memory, targets tools like Cheat Engine, validates memory regions.
• Anti-Dump: Prevents process dumps, protects memory, detects dump tools, blocks static analysis.
• Anti-Virtualization: Detects VMs, hypervisors, virtualization artifacts, and hardware virtualization.
• Anti-Sandbox: Detects sandboxed/automated environments, analysis tools, and environment anomalies.
• Anti-Hooking: Detects API/function hooks, monitors call stacks, identifies hook tools.
• Anti-Hollowing: Detects process hollowing, code injection, memory hollowing, and manipulation.
• Anti-Emulation: Detects emulators, timing anomalies, emulator artifacts, and performance issues.
• Anti-Deobfuscation: Detects deobfuscation/IL analysis tools, decompilers, and code analysis attempts.
• Anti-Timing Attack: Prevents timing-based attacks, monitors execution time, detects anomalies.

Super Wild Advanced Protections

• Anti-Screenshot: Detects screen capture tools and APIs
• Anti-Clipboard Hijack: Monitors clipboard for hijack attempts
• Anti-Keylogger: Detects keylogger processes and global hooks
• Anti-RAT: Detects RATs and suspicious remote connections
• Anti-Process Injection: Advanced process injection techniques
• Anti-Memory Dump Tools: Forensic/dump tool detection
• Anti-Deep API Hooking: Inline, IAT/EAT, userland/kernel hooks
• Anti-Deep VM: Advanced VM artifacts, evasion
• Anti-Network Sniffer: Wireshark, Fiddler, etc.
• Anti-Proxy/VPN: Detects proxy/VPN usage
• Anti-Remote Desktop: Detects RDP sessions
• Anti-File System Monitor: ProcMon, Sysmon, etc.
• Anti-Registry Monitor: Registry monitoring tools
• Anti-Cloud Sandbox: VirusTotal, Any.Run, Hybrid Analysis
• Anti-Process Doppelgänging: Doppelgänging/hollowing variants
• Anti-Token Manipulation: Suspicious token changes
• Anti-Parent PID Spoofing: Parent process spoofing
• Anti-EnvVar Tampering: Suspicious environment variable changes
• Anti-Fileless Malware: In-memory malware/scripts
• Anti-Reflective DLL Injection: Memory scan for reflective DLLs

🏗️ Architecture Features

• Plugin-Based: Extensible via IProtection interface, dynamic registration, priority-based execution.
• Advanced Configuration: Runtime updates, validation, context-aware settings.
• Logging System: Encrypted, rotating logs, multiple log levels, security violation logging.
• Performance Monitoring: Real-time stats, adaptive scanning, resource usage tracking.
• Caching: Smart cache management, memory optimization, automatic cleanup.

⚙️ Configuration

All protections are toggleable via DotGuardConfig. Example:

var config = new DotGuardConfig
{
    // Core protections
    EnableAntiDebug = true,
    EnableAntiTamper = true,
    EnableAntiInjection = true,
    EnableAntiMemoryEdit = true,
    EnableAntiVirtualization = true,
    EnableAntiSandbox = true,
    EnableAntiTimingAttack = true,
    EnableAntiDump = true,
    EnableAntiDeobfuscation = true,
    EnableAntiHooking = true,
    EnableAntiHollowing = true,
    EnableAntiEmulation = true,
    // Advanced protections
    EnableAntiScreenshot = true,
    EnableAntiClipboardHijack = true,
    EnableAntiKeylogger = true,
    EnableAntiRAT = true,
    EnableAntiProcessInjection = true,
    EnableAntiMemoryDumpTools = true,
    EnableAntiDeepApiHooking = true,
    EnableAntiDeepVM = true,
    EnableAntiNetworkSniffer = true,
    EnableAntiProxyVPN = true,
    EnableAntiRemoteDesktop = true,
    EnableAntiFileSystemMonitor = true,
    EnableAntiRegistryMonitor = true,
    EnableAntiCloudSandbox = true,
    EnableAntiProcessDoppelganging = true,
    EnableAntiTokenManipulation = true,
    EnableAntiParentPidSpoofing = true,
    EnableAntiEnvVarTampering = true,
    EnableAntiFilelessMalware = true,
    EnableAntiReflectiveDllInjection = true,
    // Logging and reporting
    MinimumLogLevel = LogLevel.Info,
    EnableConsoleLogging = true,
    EnableFileLogging = true,
    EnableEncryptedLogging = true,
    DiscordWebhookUrl = "YOUR_DISCORD_WEBHOOK_URL",
    ViolationMessage = "🚨 Security Alert: Unauthorized activity detected!",
    EnableUserFeedback = true,
    // ...other options...
};

🚀 Usage Examples

Minimal Console Integration

using DotGuard.Core;
var config = new DotGuardConfig { EnableAntiDebug = true, /* ... */ };
GuardEngine.Initialize(config);

WinForms Integration

public partial class MainForm : Form
{
    public MainForm()
    {
        InitializeComponent();
        var config = new DotGuardConfig { /* ... */ };
        GuardEngine.Initialize(config);
    }
    protected override void OnFormClosing(FormClosingEventArgs e)
    {
        // Optionally stop DotGuard
        // GuardEngine.StopAsync().Wait();
        base.OnFormClosing(e);
    }
}

Advanced Usage

• Subscribe to GuardEngine.ViolationDetected for custom handling
• Use GuardEngine.StopAsync() on shutdown
• Monitor status with GuardEngine.GetStatistics()

Custom Protection Plugin

public class CustomProtection : IProtection
{
    public string Id => "custom-protection";
    public string Name => "Custom Protection";
    public string Description => "Custom security protection";
    public int Priority => 10;
    public bool IsEnabled { get; private set; } = true;
    public void Initialize(ProtectionConfig config) { /* ... */ }
    public async Task<ProtectionResult> CheckAsync(ProtectionContext context)
    {
        // Custom logic
        return ProtectionResult.Success();
    }
    public void Dispose() { /* ... */ }
}

📝 Changelog

• All protections upgraded to advanced, multi-vector, stealthy detection
• 20+ new advanced protections added
• Configurable, modular, and extensible architecture
• Full event and logging system
• Example usage and config included

💡 Tips

• Enable only the protections you need for your scenario
• For maximum stealth, randomize scan intervals and enable all advanced modules
• For production, set all protections to true and provide a valid Discord webhook

📢 Need Help?

Open an issue or contact the maintainer for support, feature requests, or integration help.