From 7fb828a71d68b2e602b2658b5b7c892d498ce8bb Mon Sep 17 00:00:00 2001
From: vxunderground <57078196+vxunderground@users.noreply.github.com>
Date: Thu, 1 Jul 2021 07:57:50 -0500
Subject: [PATCH] Create WriteWatchVirtualAllocIsDebuggerPresent.c

---
 .../WriteWatchVirtualAllocIsDebuggerPresent.c | 33 +++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 Anti Debug/WriteWatchVirtualAllocIsDebuggerPresent.c

diff --git a/Anti Debug/WriteWatchVirtualAllocIsDebuggerPresent.c b/Anti Debug/WriteWatchVirtualAllocIsDebuggerPresent.c
new file mode 100644
index 0000000..5ccf6db
--- /dev/null
+++ b/Anti Debug/WriteWatchVirtualAllocIsDebuggerPresent.c	
@@ -0,0 +1,33 @@
+BOOL WriteWatchVirtualAllocIsDebuggerPresent(VOID)
+{
+	ULONG_PTR Count = NULL;
+	DWORD Granularity = 0;
+	BOOL bFlag = FALSE;
+	PVOID Address = NULL;
+	PINT Buffer = NULL;
+
+	Address = VirtualAlloc(NULL, (4096 * sizeof(PVOID)), MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
+	if (Address == NULL)
+		return FALSE;
+
+	Buffer = (PINT)VirtualAlloc(NULL, (4096 * 4096), MEM_RESERVE | MEM_COMMIT | MEM_WRITE_WATCH, PAGE_READWRITE);
+	if (Buffer == NULL)
+		goto EXIT_ROUTINE;
+
+	Buffer[0] = IsBeingDebuggedAlt();
+	Count = 4096;
+
+	if (GetWriteWatch(0, Buffer, 4096, Address, &Count, &Granularity) != ERROR_SUCCESS)
+		bFlag = (Count != 1) | (Buffer[0] == TRUE);
+
+
+EXIT_ROUTINE:
+
+	if (Buffer)
+		VirtualFree(Buffer, 0, MEM_RELEASE);
+
+	if (Address)
+		VirtualFree(Address, 0, MEM_RELEASE);
+
+	return bFlag;
+}