Home

Awesome

Avanguard

The Win32 Anti-Intrusion Library

This library prevents some of injection techniques, debugging and static analyzing.

Both x32 and x64 supports and includes:

Using

All you need is to load Avanguard.dll as soon as possible.
It collects all information about consistence of process, sets up the memory, threads, APCs and modules filters and starts up the protection.

You can use the AvnApi in C++ or any other native language using this code:

#include "AvnApi.h"

HMODULE hAvn = GetModuleHandle(L"Avanguard.dll");
PAVN_API AvnApi = *(PAVN_API*)GetProcAddress(hAvn, "Stub");

AvnApi->Lock();
BOOL IsModuleValid = AvnApi->AvnIsModuleValid(hAvn);
// ... Other AvnApi calls ...
AvnApi->Unlock();

If you use the self-modification of modules in your code, you should use this snippet:

AvnApi->Lock();
// ... Module modification ...
AvnApi->AvnRehashModule(hChangedModule);
AvnApi->Unlock();

You should always use the Lock()/Unlock() to AvnApi calls!

Java bindings:

public class Main {
    public static void main(String[] args) {
        AvnBind.avnRegisterThreatNotifier((int threatType) -> {
            System.out.println("Threat " + AvnBind.ThreatType.getThreat(threatType).name());
            return true;
        });

        AvnBind.avnEliminateThreat(AvnBind.ThreatType.UNKNOWN_APC_DESTINATION.getValue());

        AvnBind.avnRegisterThreatNotifier(null);
        AvnBind.avnEliminateThreat(AvnBind.ThreatType.UNKNOWN_APC_DESTINATION.getValue());
    }
}

Note, that you shall not rename the package name!

C# bindings:

using ...;
using AvnApi;

namespace AvnSample
{
    class Program
    {
        static void Main(string[] args)
        {
            AvnApi.AvnApi.Load(@"Avanguard.dll");
            AvnApi.AvnApi.API.AvnStart();
            while (true) ;
        }
    }
}