A.R.F v2.0 – Documentation Updates

Posted in A.R.F Project News on October 28th, 2012 by kyREcon

Minor updates in the documentation part.

Click here to view the changes, or click here to get again the full project with the updated files.



A.R.F v2.0 Released!

Posted in A.R.F Project News, Blog News on October 26th, 2012 by kyREcon

Finally, the release moment of the A.R.F v2.0 has arrived. It is not easy to find time these days to update a project and its documentation etc..etc..
This release contains some extra interesting methods dedicated to VM, SandBox, and Process Spy monitoring tools detection.

I am still considering adding some extra stuff and release v2.1 as soon as possible…,but in the meantime if you want to download A.R.F v2.0 just click –> here… :O)



A.R.F v2.0 – News #2

Posted in A.R.F Project News on October 23rd, 2012 by kyREcon

I have started updating the documentation for the A.R.F v2.0 and also testing a few methods.

Today I added an extra generic method that aims to detect all process monitoring tools which work through dll injection into the target process.

The release date for the A.R.F v2.0 is getting really close…



A.R.F v2.0 – Preview (x86) –

Posted in A.R.F Project News on August 4th, 2012 by kyREcon

New detection methods are constantly being added to the A.R.F Project, which include popular VMs detection, the famous SandBoxie, SpyStudio, and API Monitor, bringing now the total number of Anti-Reversing methods to 31, and counting…

More methods are going to be added before the official release of the A.R.F v2.0, and I am also planning major changes to existing ones which will make the code much stealthier from the reversing point of view.

The release of A.R.F v2.0 might take a little bit longer than expected, but you can bet that your patience will be rewarded.

I decided to release a compiled executable, that includes some of the new methods added, but not the updates to the existing ones.

Download: A.R.F v2.0 – Preview (x86) –


A.R.F v2.0 – News #1

Posted in A.R.F Project News on July 9th, 2012 by kyREcon

***The following methods are not available for download yet.***

New methods added in:

SehDbgDetection Class
HardwareBreakPointDetection class

New Class added:

VirtualMachineDetection – Currently includes 6 new methods (2 for each) to detect VirtualPC, VMWare, and VirtualBOX. More methods are being developped to detect these 3 popular VMs.

What’s next…

Detecting SandBoxes. – Currently one method has been tested for the well-known SandBoxie, and more research is coming for other popular SandBoxes.