public sealed class AntiDebugAnalyzer : IPeAnalyzer
{
    public string Name => nameof(AntiDebugAnalyzer);

    public Task<IReadOnlyList<AnalysisFinding>> AnalyzeAsync(PeImageInfo peInfo, CancellationToken cancellationToken)
    {
        var findings = new List<AnalysisFinding>();

        foreach (var import in peInfo.Imports)
        {
            foreach (var function in import.Functions)
            {
                var name = function.Name ?? string.Empty;
                if (name.Contains("IsDebuggerPresent") ||
                    name.Contains("CheckRemoteDebuggerPresent") ||
                    name.Contains("OutputDebugString") ||
                    name.Contains("NtQueryInformationProcess") ||
                    name.Contains("GetTickCount"))
                {
                    findings.Add(new AnalysisFinding(
                        Name,
                        FindingSeverity.Suspicious,
                        "Anti-debug API detected",
                        $"{import.DllName}!{name} suggests debugger evasion."));
                }
            }
        }

        return Task.FromResult((IReadOnlyList<AnalysisFinding>)findings);
    }
}