HackDetect

Public Const GENERIC_WRITE = &H40000000
Public Const GENERIC_READ = &H80000000
Public Const FILE_SHARE_READ = &H1
Public Const FILE_SHARE_WRITE = &H2
Public Const OPEN_EXISTING = 3
Public Const FILE_ATTRIBUTE_NORMAL = &H80
Public Const EXCEPTION_ACCESS_VIOLATION = &HC0000005

Public Sub HackerScan()
  Dim hFile As Long, retVal As Long
  Dim sRegMonClass As String, sFileMonClass As String
 '\\We break up the class names to avoid detection in a hex editor
  sRegMonClass = "R" & "e" & "g" & "m" & "o" & "n" & _
                 "C" & "l" & "a" & "s" & "s"
  sFileMonClass = "F" & "i" & "l" & "e" & "M" & "o" & _
                 "n" & "C" & "l" & "a" & "s" & "s"
 '\\See if RegMon or FileMon are running
  Select Case True
      Case FindWindow(sRegMonClass, vbNullString) <> 0
     'Regmon is running...throw an access violation
      RaiseException EXCEPTION_ACCESS_VIOLATION, 0, 0, 0
      Case FindWindow(sFileMonClass, vbNullString) <> 0
     'FileMon is running...throw an access violation
      RaiseException EXCEPTION_ACCESS_VIOLATION, 0, 0, 0
  End Select
 '\\So far so good...check for SoftICE in memory
  hFile = CreateFile("\\.\SICE", GENERIC_WRITE Or GENERIC_READ, _
          FILE_SHARE_READ Or FILE_SHARE_WRITE, 0, OPEN_EXISTING, _
          FILE_ATTRIBUTE_NORMAL, 0)
  If hFile <> -1 Then
    'SoftICE is detected.
     retVal = CloseHandle(hFile) ' Close the file handle
     RaiseException EXCEPTION_ACCESS_VIOLATION, 0, 0, 0
  Else
    'SoftICE is not found for windows 9x, check for NT.
    hFile = CreateFile("\\.\NTICE", GENERIC_WRITE Or GENERIC_READ, _
            FILE_SHARE_READ Or FILE_SHARE_WRITE, 0, OPEN_EXISTING, _
            FILE_ATTRIBUTE_NORMAL, 0)
    If hFile <> -1 Then
      'SoftICE is detected.
       retVal = CloseHandle(hFile) ' Close the file handle
       RaiseException EXCEPTION_ACCESS_VIOLATION, 0, 0, 0
    End If
End If
End Sub

Public Declare Function FindWindow Lib "user32" _
Alias "FindWindowA" (ByVal lpClassName As String, _
ByVal lpWindowName As String) As Long
Public Declare Sub RaiseException Lib "kernel32" _
Alias "RaiseException" (ByVal dwExceptionCode As Long, _
ByVal dwExceptionFlags As Long, _
ByVal nNumberOfArguments As Long, lpArguments As Long)
Public Declare Function CreateFile Lib "kernel32" _
Alias "CreateFileA" (ByVal lpFileName As String, _
ByVal dwDesiredAccess As Long, ByVal dwShareMode As Long, _
lpSecurityAttributes As ANY, _
ByVal dwCreationDisposition As Long, _
ByVal dwFlagsAndAttributes As Long, _
ByVal hTemplateFile As Long) As Long
Public Declare Function CloseHandle Lib "kernel32" _
Alias "CloseHandle" (ByVal hObject As Long) As Long

Public Const GENERIC_WRITE = &H40000000
Public Const GENERIC_READ = &H80000000
Public Const FILE_SHARE_READ = &H1
Public Const FILE_SHARE_WRITE = &H2
Public Const OPEN_EXISTING = 3
Public Const FILE_ATTRIBUTE_NORMAL = &H80
Public Const EXCEPTION_ACCESS_VIOLATION = &HC0000005

Public Sub HackerScan()
Dim hFile As Long, retVal As Long
Dim sRegMonClass As String, sFileMonClass As String
'\\We break up the class names to avoid detection in a hex editor

sRegMonClass = "R" & "e" & "g" & "m" & "o" & "n" & _
"C" & "l" & "a" & "s" & "s"
sFileMonClass = "F" & "i" & "l" & "e" & "M" & "o" & _
"n" & "C" & "l" & "a" & "s" & "s"
'\\See if RegMon or FileMon are running

Select Case True
Case FindWindow(sRegMonClass, vbNullString) <> 0
'Regmon is running...throw an access violation

RaiseException EXCEPTION_ACCESS_VIOLATION, 0, 0, 0
Case FindWindow(sFileMonClass, vbNullString) <> 0
'FileMon is running...throw an access violation

RaiseException EXCEPTION_ACCESS_VIOLATION, 0, 0, 0
End Select
'\\So far so good...check for SoftICE in memory

hFile = CreateFile("\\.\SICE", GENERIC_WRITE Or GENERIC_READ, _
FILE_SHARE_READ Or FILE_SHARE_WRITE, 0, OPEN_EXISTING, _
FILE_ATTRIBUTE_NORMAL, 0)
If hFile <> -1 Then
'SoftICE is detected.

retVal = CloseHandle(hFile) ' Close the file handle
RaiseException EXCEPTION_ACCESS_VIOLATION, 0, 0, 0
Else
'SoftICE is not found for windows 9x, check for NT.

hFile = CreateFile("\\.\NTICE", GENERIC_WRITE Or GENERIC_READ, _
FILE_SHARE_READ Or FILE_SHARE_WRITE, 0, OPEN_EXISTING, _
FILE_ATTRIBUTE_NORMAL, 0)
If hFile <> -1 Then
'SoftICE is detected.

retVal = CloseHandle(hFile) ' Close the file handle
RaiseException EXCEPTION_ACCESS_VIOLATION, 0, 0, 0
End If
End If
End Sub