Added new anti-emulation trick

Added a method that detects emulation by comparing the values "InterruptTime" and "SystemTime" after 1 second of getting their original values. since the OS updates them regularly, if they are not updated after this 1 second then the values are static which means that we are in an emulator.

Author: AdvDebug

AntiCrack-DotNet/AntiVirtualization.cs

@@ -8,6 +8,7 @@
 using Microsoft.Win32;
 using static AntiCrack_DotNet.Utils;
 using static AntiCrack_DotNet.Delegates;
+using System.Linq;
 
 namespace AntiCrack_DotNet
 {
@@ -525,6 +526,35 @@ public static bool FlagsManipulationInstructions()
                     return false;
                 }
             }
+
+            /// <summary>
+            /// Checks for the KUSER_SHARED_DATA "InterruptTime" and "SystemTime" values which many emulators don't update regularly.
+            /// </summary>
+            /// <returns>returns true if the values are static which indicates an emulator, otherwise false.</returns>
+            public static bool IsKUserSharedDataTimeStatic()
+            {
+                byte[] Old = new byte[8];
+                byte[] Current = new byte[8];
+                IntPtr InterruptTime = new IntPtr(0x7FFE0008);
+                IntPtr SystemTime = new IntPtr(0x7FFE0014);
+                Utils.CopyMem(Old, InterruptTime, false);
+                Thread.Sleep(1000);
+                Utils.CopyMem(Current, InterruptTime, false);
+                if(Old.SequenceEqual(Current))
+                {
+                    return true;
+                }
+
+                Utils.CopyMem(Old, SystemTime, false);
+                Thread.Sleep(1000);
+                Utils.CopyMem(Current, SystemTime, false);
+
+                if (Old.SequenceEqual(Current))
+                {
+                    return true;
+                }
+                return false;
+            }
         }
     }
 }