Skip to content

M
MyOpen

夜猫逐梦 / MyOpen

通知 2
Star 0
Fork 1
M
MyOpen
提交 96a9f964 编写于 作者: K khz_df
浏览文件
操作

【各种反调试技术原理与实例 VC版】https://github.com/wanttobeno/AntiDebuggers... 

【各种反调试技术原理与实例 VC版】https://github.com/wanttobeno/AntiDebuggershttps://bbs.pediy.com/thread-114767.htm
上级 98e52679
展开全部 隐藏空白更改
内联 并排
Showing with 2195 addition and 0 deletion
.gitignore 0 → 100644
浏览文件 @ 96a9f964
# Prerequisites
*.d
# Compiled Object files
*.slo
*.lo
*.o
*.obj
# Precompiled Headers
*.gch
*.pch
# Compiled Dynamic libraries
*.so
*.dylib
*.dll
# Fortran module files
*.mod
*.smod
# Compiled Static libraries
*.lai
*.la
*.a
*.lib
# Executables
*.exe
*.out
*.app
#过滤数据库文件、sln解决方案文件、配置文件
*.suo
*.user
*.sdf
*.mdb
*.ldb
*.config
*.pdb
*.ilk
*.ipdb
*.iobj
*.aps
*.opensdf
*.exp
#过滤文件夹Debug,Release,obj
.vs/
.bak/
ipch/
Debug/
Debug_cef/
Release/
obj/
AutoLogin_VS2012/bin/bin.rar
Heart/Tangram/SHARE
course/ScyllaHide/DetectOD/About.cpp 0 → 100644
浏览文件 @ 96a9f964
// About.cpp : implementation file
//
#include "stdafx.h"
#include "DetectOD.h"
#include "About.h"
#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endif
/////////////////////////////////////////////////////////////////////////////
// CAbout dialog
CAbout::CAbout(CWnd* pParent /*=NULL*/)
: CDialog(CAbout::IDD, pParent)
{
//{{AFX_DATA_INIT(CAbout)
// NOTE: the ClassWizard will add member initialization here
//}}AFX_DATA_INIT
}
void CAbout::DoDataExchange(CDataExchange* pDX)
{
CDialog::DoDataExchange(pDX);
//{{AFX_DATA_MAP(CAbout)
// NOTE: the ClassWizard will add DDX and DDV calls here
//}}AFX_DATA_MAP
}
BEGIN_MESSAGE_MAP(CAbout, CDialog)
//{{AFX_MSG_MAP(CAbout)
// NOTE: the ClassWizard will add message map macros here
//}}AFX_MSG_MAP
END_MESSAGE_MAP()
/////////////////////////////////////////////////////////////////////////////
// CAbout message handlers
course/ScyllaHide/DetectOD/About.h 0 → 100644
浏览文件 @ 96a9f964
#if !defined(AFX_ABOUT_H__E6A0B5AD_AEAB_4C62_B057_2E9C36D008CF__INCLUDED_)
#define AFX_ABOUT_H__E6A0B5AD_AEAB_4C62_B057_2E9C36D008CF__INCLUDED_
#if _MSC_VER > 1000
#pragma once
#endif // _MSC_VER > 1000
// About.h : header file
//
/////////////////////////////////////////////////////////////////////////////
// CAbout dialog
class CAbout : public CDialog
{
// Construction
public:
CAbout(CWnd* pParent = NULL); // standard constructor
// Dialog Data
//{{AFX_DATA(CAbout)
enum { IDD = IDD_DETECTOD_DIALOG };
// NOTE: the ClassWizard will add data members here
//}}AFX_DATA
// Overrides
// ClassWizard generated virtual function overrides
//{{AFX_VIRTUAL(CAbout)
protected:
virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV support
//}}AFX_VIRTUAL
// Implementation
protected:
// Generated message map functions
//{{AFX_MSG(CAbout)
// NOTE: the ClassWizard will add member functions here
//}}AFX_MSG
DECLARE_MESSAGE_MAP()
};
//{{AFX_INSERT_LOCATION}}
// Microsoft Visual C++ will insert additional declarations immediately before the previous line.
#endif // !defined(AFX_ABOUT_H__E6A0B5AD_AEAB_4C62_B057_2E9C36D008CF__INCLUDED_)
course/ScyllaHide/DetectOD/DetectOD.cpp 0 → 100644
浏览文件 @ 96a9f964
// DetectOD.cpp : Defines the class behaviors for the application.
//
#include "stdafx.h"
#include "DetectOD.h"
#include "DetectODDlg.h"
#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endif
/////////////////////////////////////////////////////////////////////////////
// CDetectODApp
BEGIN_MESSAGE_MAP(CDetectODApp, CWinApp)
//{{AFX_MSG_MAP(CDetectODApp)
// NOTE - the ClassWizard will add and remove mapping macros here.
// DO NOT EDIT what you see in these blocks of generated code!
//}}AFX_MSG
ON_COMMAND(ID_HELP, CWinApp::OnHelp)
END_MESSAGE_MAP()
/////////////////////////////////////////////////////////////////////////////
// CDetectODApp construction
CDetectODApp::CDetectODApp()
{
// TODO: add construction code here,
// Place all significant initialization in InitInstance
}
/////////////////////////////////////////////////////////////////////////////
// The one and only CDetectODApp object
CDetectODApp theApp;
/////////////////////////////////////////////////////////////////////////////
// CDetectODApp initialization
BOOL CDetectODApp::InitInstance()
{
AfxEnableControlContainer();
// Standard initialization
// If you are not using these features and wish to reduce the size
// of your final executable, you should remove from the following
// the specific initialization routines you do not need.
#ifdef _AFXDLL
Enable3dControls(); // Call this when using MFC in a shared DLL
#else
Enable3dControlsStatic(); // Call this when linking to MFC statically
#endif
CDetectODDlg dlg;
m_pMainWnd = &dlg;
int nResponse = dlg.DoModal();
if (nResponse == IDOK)
{
// TODO: Place code here to handle when the dialog is
// dismissed with OK
}
else if (nResponse == IDCANCEL)
{
// TODO: Place code here to handle when the dialog is
// dismissed with Cancel
}
// Since the dialog has been closed, return FALSE so that we exit the
// application, rather than start the application's message pump.
return FALSE;
}
course/ScyllaHide/DetectOD/DetectOD.h 0 → 100644
浏览文件 @ 96a9f964
// DetectOD.h : main header file for the DETECTOD application
//
#if !defined(AFX_DETECTOD_H__D2C4A318_F732_4AD0_B210_EF118C7FAC21__INCLUDED_)
#define AFX_DETECTOD_H__D2C4A318_F732_4AD0_B210_EF118C7FAC21__INCLUDED_
#if _MSC_VER > 1000
#pragma once
#endif // _MSC_VER > 1000
#ifndef __AFXWIN_H__
#error include 'stdafx.h' before including this file for PCH
#endif
#include "resource.h" // main symbols
/////////////////////////////////////////////////////////////////////////////
// CDetectODApp:
// See DetectOD.cpp for the implementation of this class
//
class CDetectODApp : public CWinApp
{
public:
CDetectODApp();
// Overrides
// ClassWizard generated virtual function overrides
//{{AFX_VIRTUAL(CDetectODApp)
public:
virtual BOOL InitInstance();
//}}AFX_VIRTUAL
// Implementation
//{{AFX_MSG(CDetectODApp)
// NOTE - the ClassWizard will add and remove member functions here.
// DO NOT EDIT what you see in these blocks of generated code !
//}}AFX_MSG
DECLARE_MESSAGE_MAP()
};
/////////////////////////////////////////////////////////////////////////////
//{{AFX_INSERT_LOCATION}}
// Microsoft Visual C++ will insert additional declarations immediately before the previous line.
#endif // !defined(AFX_DETECTOD_H__D2C4A318_F732_4AD0_B210_EF118C7FAC21__INCLUDED_)
course/ScyllaHide/DetectOD/DetectOD.rc 0 → 100644
浏览文件 @ 96a9f964
//Microsoft Developer Studio generated resource script.
//
#include "resource.h"
#define APSTUDIO_READONLY_SYMBOLS
/////////////////////////////////////////////////////////////////////////////
//
// Generated from the TEXTINCLUDE 2 resource.
//
#include "afxres.h"
/////////////////////////////////////////////////////////////////////////////
#undef APSTUDIO_READONLY_SYMBOLS
/////////////////////////////////////////////////////////////////////////////
// Chinese (中国) resources
#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_CHS)
#ifdef _WIN32
LANGUAGE LANG_CHINESE, SUBLANG_CHINESE_SIMPLIFIED
#pragma code_page(936)
#endif //_WIN32
#ifdef APSTUDIO_INVOKED
/////////////////////////////////////////////////////////////////////////////
//
// TEXTINCLUDE
//
1 TEXTINCLUDE DISCARDABLE
BEGIN
"resource.h\0"
END
2 TEXTINCLUDE DISCARDABLE
BEGIN
"#include ""afxres.h""\r\n"
"\0"
END
3 TEXTINCLUDE DISCARDABLE
BEGIN
"#define _AFX_NO_SPLITTER_RESOURCES\r\n"
"#define _AFX_NO_OLE_RESOURCES\r\n"
"#define _AFX_NO_TRACKER_RESOURCES\r\n"
"#define _AFX_NO_PROPERTY_RESOURCES\r\n"
"\r\n"
"#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_CHS)\r\n"
"#ifdef _WIN32\r\n"
"LANGUAGE 4, 2\r\n"
"#pragma code_page(936)\r\n"
"#endif //_WIN32\r\n"
"#include ""res\\DetectOD.rc2"" // non-Microsoft Visual C++ edited resources\r\n"
"#include ""l.chs\\afxres.rc"" // Standard components\r\n"
"#endif\r\n"
"\0"
END
#endif // APSTUDIO_INVOKED
/////////////////////////////////////////////////////////////////////////////
//
// Icon
//
// Icon with lowest ID value placed first to ensure application icon
// remains consistent on all systems.
IDR_MAINFRAME ICON DISCARDABLE "res\\DetectOD.ico"
IDI_DOG ICON DISCARDABLE "res\\dog.ico"
IDI_ICON2 ICON DISCARDABLE "res\\home.ico"
/////////////////////////////////////////////////////////////////////////////
//
// Dialog
//
IDD_ABOUTBOX DIALOG DISCARDABLE 0, 0, 235, 55
STYLE DS_MODALFRAME | WS_POPUP | WS_CAPTION | WS_SYSMENU
CAPTION "关于 反调试实例"
FONT 9, "宋体"
BEGIN
ICON IDI_ICON2,IDC_MYICON,11,16,20,20,SS_NOTIFY
LTEXT "官方网站:写意互联网",IDC_COMEON,56,31,88,8,SS_NOTIFY |
NOT WS_GROUP
DEFPUSHBUTTON "确定",IDOK,178,7,50,14,WS_GROUP
CTEXT "http://ucooper.com",IDC_MYPAGE,40,17,106,8,SS_NOTIFY
END
IDD_DETECTOD_DIALOG DIALOGEX 0, 0, 443, 200
STYLE DS_MODALFRAME | WS_MINIMIZEBOX | WS_POPUP | WS_VISIBLE | WS_CAPTION |
WS_SYSMENU
EXSTYLE WS_EX_APPWINDOW
CAPTION "反调试实例 写意互联网 ucooper.com"
FONT 9, "宋体"
BEGIN
DEFPUSHBUTTON "关 闭(&C)",IDOK,375,18,61,18
PUSHBUTTON "窗口类名",IDC_WNDCLS,13,6,46,18
PUSHBUTTON "IsDebuggerPresent",IDC_ISDEBUGGERPRESENT,13,31,97,18
PUSHBUTTON "EnumWindow",IDC_ENUMWINDOW,63,6,47,18
PUSHBUTTON "枚举进程",IDC_EnumProcess,13,55,96,18
PUSHBUTTON "父进程Explorer",IDC_Explorer,13,79,96,18
PUSHBUTTON "GetTickCount",IDC_GetTickCount,13,103,96,18
PUSHBUTTON "GetStartupInfo",IDC_GetStartupInfo,13,127,96,18
PUSHBUTTON "PebFlags",IDC_PEBFLAGS,13,151,97,18
PUSHBUTTON "CheckRemoteDebuggerPresent",
IDC_CHECKREMOTEDEBUGGERPRESENT,7,175,109,18
PUSHBUTTON "ZwQueryInformationProcess",
IDC_ZwQueryInformationProcess,127,6,109,18
PUSHBUTTON "SetUnhandledExceptionFilter",
IDC_SetUnhandledExceptionFilter,127,175,109,18
PUSHBUTTON "SeDebugPrivilege",IDC_SeDebugPrivilege,127,31,109,18
PUSHBUTTON "NTQueryObject",IDC_NTQueryObject,127,55,109,18
PUSHBUTTON "断点检测",IDC_DectectBreakpoints,127,79,109,18
PUSHBUTTON "函数断点检测",IDC_DectectFuncBreakpoints,127,103,109,18
PUSHBUTTON "BlockInput",IDC_BlockInput,127,151,109,18
PUSHBUTTON "CheckSum",IDC_CHECKSUM,127,127,109,18
PUSHBUTTON "EnableWindow",IDC_EnableWindow,253,6,109,18
PUSHBUTTON "ZwSetInformationThread",IDC_ZwSetInformationThread,253,
31,109,18
PUSHBUTTON "OutputDebugString",IDC_OutputDebugString,253,55,109,18
PUSHBUTTON "GetEntryPoint",IDC_GetEntryPoint,253,152,109,18
PUSHBUTTON "单步异常",IDC_TrapFlag,253,80,109,18
PUSHBUTTON "保护页Guard Pages",IDC_GuardPages,253,103,109,18
PUSHBUTTON "HardwareBreakpoint",IDC_HARDWAREBREAKPOINT,253,127,109,
18
PUSHBUTTON "关 于(&A)",IDC_ABOUT,375,47,61,18
CTEXT "支持我,请访问我的个人站点 www.ucooper.com",IDC_MYPAGE2,
257,183,183,10,SS_NOTIFY
END
#ifndef _MAC
/////////////////////////////////////////////////////////////////////////////
//
// Version
//
VS_VERSION_INFO VERSIONINFO
FILEVERSION 1,0,0,1
PRODUCTVERSION 1,0,0,1
FILEFLAGSMASK 0x3fL
#ifdef _DEBUG
FILEFLAGS 0x1L
#else
FILEFLAGS 0x0L
#endif
FILEOS 0x4L
FILETYPE 0x1L
FILESUBTYPE 0x0L
BEGIN
BLOCK "StringFileInfo"
BEGIN
BLOCK "080404B0"
BEGIN
VALUE "CompanyName", "\0"
VALUE "FileDescription", "DetectOD Microsoft 基础类应用程序\0"
VALUE "FileVersion", "1, 0, 0, 1\0"
VALUE "InternalName", "DetectOD\0"
VALUE "LegalCopyright", "版权所有 (C) 2010\0"
VALUE "LegalTrademarks", "\0"
VALUE "OriginalFilename", "DetectOD.EXE\0"
VALUE "ProductName", "DetectOD 应用程序\0"
VALUE "ProductVersion", "1, 0, 0, 1\0"
END
END
BLOCK "VarFileInfo"
BEGIN
VALUE "Translation", 0x804, 1200
END
END
#endif // !_MAC
/////////////////////////////////////////////////////////////////////////////
//
// DESIGNINFO
//
#ifdef APSTUDIO_INVOKED
GUIDELINES DESIGNINFO DISCARDABLE
BEGIN
IDD_ABOUTBOX, DIALOG
BEGIN
LEFTMARGIN, 7
RIGHTMARGIN, 228
TOPMARGIN, 7
BOTTOMMARGIN, 48
END
IDD_DETECTOD_DIALOG, DIALOG
BEGIN
LEFTMARGIN, 7
RIGHTMARGIN, 436
TOPMARGIN, 6
BOTTOMMARGIN, 193
END
END
#endif // APSTUDIO_INVOKED
/////////////////////////////////////////////////////////////////////////////
//
// String Table
//
STRINGTABLE DISCARDABLE
BEGIN
IDS_ABOUTBOX "关于 DetectOD(&A)..."
END
#endif // Chinese (中国) resources
/////////////////////////////////////////////////////////////////////////////
#ifndef APSTUDIO_INVOKED
/////////////////////////////////////////////////////////////////////////////
//
// Generated from the TEXTINCLUDE 3 resource.
//
#define _AFX_NO_SPLITTER_RESOURCES
#define _AFX_NO_OLE_RESOURCES
#define _AFX_NO_TRACKER_RESOURCES
#define _AFX_NO_PROPERTY_RESOURCES
#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_CHS)
#ifdef _WIN32
LANGUAGE 4, 2
#pragma code_page(936)
#endif //_WIN32
#include "res\DetectOD.rc2" // non-Microsoft Visual C++ edited resources
#include "l.chs\afxres.rc" // Standard components
#endif
/////////////////////////////////////////////////////////////////////////////
#endif // not APSTUDIO_INVOKED
course/ScyllaHide/DetectOD/DetectOD.sln 0 → 100644
浏览文件 @ 96a9f964

Microsoft Visual Studio Solution File, Format Version 12.00
# Visual Studio 2012
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "DetectOD", "DetectOD.vcxproj", "{0CD6F28B-6A93-42AB-A435-46223134EB03}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Win32 = Debug|Win32
Release|Win32 = Release|Win32
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{0CD6F28B-6A93-42AB-A435-46223134EB03}.Debug|Win32.ActiveCfg = Debug|Win32
{0CD6F28B-6A93-42AB-A435-46223134EB03}.Debug|Win32.Build.0 = Debug|Win32
{0CD6F28B-6A93-42AB-A435-46223134EB03}.Release|Win32.ActiveCfg = Release|Win32
{0CD6F28B-6A93-42AB-A435-46223134EB03}.Release|Win32.Build.0 = Release|Win32
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
course/ScyllaHide/DetectOD/DetectOD.vcxproj 0 → 100644
浏览文件 @ 96a9f964
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Debug|Win32">
<Configuration>Debug</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
</ItemGroup>
<PropertyGroup Label="Globals">
<SccProjectName />
<SccLocalPath />
<Keyword>MFCProj</Keyword>
<ProjectGuid>{0CD6F28B-6A93-42AB-A435-46223134EB03}</ProjectGuid>
<WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<PlatformToolset>v141</PlatformToolset>
<UseOfMfc>Dynamic</UseOfMfc>
<CharacterSet>MultiByte</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<PlatformToolset>v141</PlatformToolset>
<UseOfMfc>Dynamic</UseOfMfc>
<CharacterSet>MultiByte</CharacterSet>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
</ImportGroup>
<ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
<Import Project="$(VCTargetsPath)Microsoft.Cpp.UpgradeFromVC60.props" />
</ImportGroup>
<ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
<Import Project="$(VCTargetsPath)Microsoft.Cpp.UpgradeFromVC60.props" />
</ImportGroup>
<PropertyGroup Label="UserMacros" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<OutDir>.\Debug\</OutDir>
<IntDir>.\Debug\</IntDir>
<LinkIncremental>true</LinkIncremental>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<OutDir>.\Release\</OutDir>
<IntDir>.\Release\</IntDir>
<LinkIncremental>false</LinkIncremental>
</PropertyGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<ClCompile>
<RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
<InlineFunctionExpansion>Default</InlineFunctionExpansion>
<FunctionLevelLinking>true</FunctionLevelLinking>
<Optimization>Disabled</Optimization>
<SuppressStartupBanner>true</SuppressStartupBanner>
<WarningLevel>TurnOffAllWarnings</WarningLevel>
<TreatWarningAsError>true</TreatWarningAsError>
<MinimalRebuild>true</MinimalRebuild>
<DebugInformationFormat>EditAndContinue</DebugInformationFormat>
<PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<AssemblerListingLocation>.\Debug\</AssemblerListingLocation>
<BrowseInformation>true</BrowseInformation>
<PrecompiledHeaderOutputFile>.\Debug\DetectOD.pch</PrecompiledHeaderOutputFile>
<PrecompiledHeader>Use</PrecompiledHeader>
<PrecompiledHeaderFile>stdafx.h</PrecompiledHeaderFile>
<ObjectFileName>.\Debug\</ObjectFileName>
<ProgramDataBaseFileName>.\Debug\</ProgramDataBaseFileName>
<BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
</ClCompile>
<Midl>
<SuppressStartupBanner>true</SuppressStartupBanner>
<PreprocessorDefinitions>_DEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<TypeLibraryName>.\Debug\DetectOD.tlb</TypeLibraryName>
<MkTypLibCompatible>true</MkTypLibCompatible>
<TargetEnvironment>Win32</TargetEnvironment>
</Midl>
<ResourceCompile>
<Culture>0x0804</Culture>
<PreprocessorDefinitions>_DEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
</ResourceCompile>
<Bscmake>
<SuppressStartupBanner>true</SuppressStartupBanner>
<OutputFile>.\Debug\DetectOD.bsc</OutputFile>
</Bscmake>
<Link>
<SuppressStartupBanner>true</SuppressStartupBanner>
<GenerateDebugInformation>true</GenerateDebugInformation>
<SubSystem>Windows</SubSystem>
<OutputFile>.\Debug\DetectOD.exe</OutputFile>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<ClCompile>
<RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
<InlineFunctionExpansion>Default</InlineFunctionExpansion>
<FunctionLevelLinking>false</FunctionLevelLinking>
<Optimization>Disabled</Optimization>
<SuppressStartupBanner>true</SuppressStartupBanner>
<WarningLevel>Level3</WarningLevel>
<PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<AssemblerListingLocation>.\Release\</AssemblerListingLocation>
<PrecompiledHeaderOutputFile>.\Release\DetectOD.pch</PrecompiledHeaderOutputFile>
<PrecompiledHeader>Use</PrecompiledHeader>
<PrecompiledHeaderFile>stdafx.h</PrecompiledHeaderFile>
<ObjectFileName>.\Release\</ObjectFileName>
<ProgramDataBaseFileName>.\Release\</ProgramDataBaseFileName>
</ClCompile>
<Midl>
<SuppressStartupBanner>true</SuppressStartupBanner>
<PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<TypeLibraryName>.\Release\DetectOD.tlb</TypeLibraryName>
<MkTypLibCompatible>true</MkTypLibCompatible>
<TargetEnvironment>Win32</TargetEnvironment>
</Midl>
<ResourceCompile>
<Culture>0x0804</Culture>
<PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
</ResourceCompile>
<Bscmake>
<SuppressStartupBanner>true</SuppressStartupBanner>
<OutputFile>.\Release\DetectOD.bsc</OutputFile>
</Bscmake>
<Link>
<SuppressStartupBanner>true</SuppressStartupBanner>
<SubSystem>Windows</SubSystem>
<OutputFile>.\Release\DetectOD.exe</OutputFile>
</Link>
</ItemDefinitionGroup>
<ItemGroup>
<ClCompile Include="DetectOD.cpp" />
<ClCompile Include="DetectODDlg.cpp" />
<ClCompile Include="StdAfx.cpp">
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
<PrecompiledHeaderFile Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">stdafx.h</PrecompiledHeaderFile>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>
<PrecompiledHeaderFile Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">stdafx.h</PrecompiledHeaderFile>
</ClCompile>
</ItemGroup>
<ItemGroup>
<ResourceCompile Include="DetectOD.rc" />
</ItemGroup>
<ItemGroup>
<ClInclude Include="DetectOD.h" />
<ClInclude Include="DetectODDlg.h" />
<ClInclude Include="Resource.h" />
<ClInclude Include="StdAfx.h" />
</ItemGroup>
<ItemGroup>
<Image Include="res\DetectOD.ico" />
<Image Include="res\dog.ico" />
<Image Include="res\home.ico" />
<Image Include="res\User.ico" />
</ItemGroup>
<ItemGroup>
<CustomBuild Include="res\DetectOD.rc2" />
</ItemGroup>
<ItemGroup>
<Text Include="ReadMe.txt" />
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
</ImportGroup>
</Project>
\ No newline at end of file
course/ScyllaHide/DetectOD/DetectOD.vcxproj.filters 0 → 100644
浏览文件 @ 96a9f964
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup>
<Filter Include="Source Files">
<UniqueIdentifier>{482dc496-684c-4bef-b2aa-7fe4a3c1f3b9}</UniqueIdentifier>
<Extensions>cpp;c;cxx;rc;def;r;odl;idl;hpj;bat</Extensions>
</Filter>
<Filter Include="Header Files">
<UniqueIdentifier>{8240ba4f-278d-4fef-b682-382d3baf9fd9}</UniqueIdentifier>
<Extensions>h;hpp;hxx;hm;inl</Extensions>
</Filter>
<Filter Include="Resource Files">
<UniqueIdentifier>{235672e2-eb7d-4e1d-bddc-f8475e3f06a2}</UniqueIdentifier>
<Extensions>ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe</Extensions>
</Filter>
</ItemGroup>
<ItemGroup>
<ClCompile Include="DetectOD.cpp">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="DetectODDlg.cpp">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="StdAfx.cpp">
<Filter>Source Files</Filter>
</ClCompile>
</ItemGroup>
<ItemGroup>
<ResourceCompile Include="DetectOD.rc">
<Filter>Source Files</Filter>
</ResourceCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="DetectOD.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="DetectODDlg.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="Resource.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="StdAfx.h">
<Filter>Header Files</Filter>
</ClInclude>
</ItemGroup>
<ItemGroup>
<Image Include="res\DetectOD.ico">
<Filter>Resource Files</Filter>
</Image>
<Image Include="res\dog.ico">
<Filter>Resource Files</Filter>
</Image>
<Image Include="res\home.ico">
<Filter>Resource Files</Filter>
</Image>
<Image Include="res\User.ico">
<Filter>Resource Files</Filter>
</Image>
</ItemGroup>
<ItemGroup>
<Text Include="ReadMe.txt" />
</ItemGroup>
<ItemGroup>
<CustomBuild Include="res\DetectOD.rc2">
<Filter>Resource Files</Filter>
</CustomBuild>
</ItemGroup>
</Project>
\ No newline at end of file
course/ScyllaHide/DetectOD/DetectODDlg.cpp 0 → 100644
浏览文件 @ 96a9f964
此差异已折叠。
course/ScyllaHide/DetectOD/DetectODDlg.h 0 → 100644
浏览文件 @ 96a9f964
// DetectODDlg.h : header file
//
#if !defined(AFX_DETECTODDLG_H__878B65B9_998E_4718_93F3_D147DB13A90D__INCLUDED_)
#define AFX_DETECTODDLG_H__878B65B9_998E_4718_93F3_D147DB13A90D__INCLUDED_
#if _MSC_VER > 1000
#pragma once
#endif // _MSC_VER > 1000
/////////////////////////////////////////////////////////////////////////////
// CDetectODDlg dialog
class CDetectODDlg : public CDialog
{
// Construction
public:
CDetectODDlg(CWnd* pParent = NULL); // standard constructor
// Dialog Data
//{{AFX_DATA(CDetectODDlg)
enum { IDD = IDD_DETECTOD_DIALOG };
// NOTE: the ClassWizard will add data members here
//}}AFX_DATA
// ClassWizard generated virtual function overrides
//{{AFX_VIRTUAL(CDetectODDlg)
protected:
virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV support
//}}AFX_VIRTUAL
// Implementation
protected:
HICON m_hIcon;
// Generated message map functions
//{{AFX_MSG(CDetectODDlg)
virtual BOOL OnInitDialog();
afx_msg void OnSysCommand(UINT nID, LPARAM lParam);
afx_msg void OnPaint();
afx_msg HCURSOR OnQueryDragIcon();
afx_msg void OnWndcls();
afx_msg void OnTest();
afx_msg void OnIsdebuggerpresent();
afx_msg void OnEnumwindow();
afx_msg void OnEnumProcess();
afx_msg void OnExplorer();
afx_msg void OnGetTickCount();
afx_msg void OnGetStartupInfo();
afx_msg void OnPebflags();
afx_msg void OnCheckremotedebuggerpresent();
afx_msg void OnZwqueryinfomationprocess();
afx_msg void OnSetUnhandledExceptionFilter();
afx_msg void OnZwQueryInformationProcess();
afx_msg void OnSeDebugPrivilege();
afx_msg void OnNTQueryObject();
afx_msg void OnDectectBreakpoints();
afx_msg void OnDectectFuncBreakpoints();
afx_msg void OnBlockInput();
afx_msg void OnChecksum();
afx_msg void OnEnableWindow();
afx_msg void OnZwSetInformationThread();
afx_msg void OnOutputDebugString();
afx_msg void OnGetEntryPoint();
afx_msg void OnButton1();
afx_msg void OnButton2();
afx_msg void OnTrapFlag();
afx_msg void OnGuardPages();
afx_msg void OnHardwarebreakpoint();
virtual void OnCancel();
afx_msg void OnAbout();
virtual void OnOK();
afx_msg void OnMypage2();
//}}AFX_MSG
DECLARE_MESSAGE_MAP()
};
//{{AFX_INSERT_LOCATION}}
// Microsoft Visual C++ will insert additional declarations immediately before the previous line.
#endif // !defined(AFX_DETECTODDLG_H__878B65B9_998E_4718_93F3_D147DB13A90D__INCLUDED_)
course/ScyllaHide/DetectOD/ReadMe.txt 0 → 100644
浏览文件 @ 96a9f964
========================================================================
MICROSOFT FOUNDATION CLASS LIBRARY : DetectOD
========================================================================
AppWizard has created this DetectOD application for you. This application
not only demonstrates the basics of using the Microsoft Foundation classes
but is also a starting point for writing your application.
This file contains a summary of what you will find in each of the files that
make up your DetectOD application.
DetectOD.dsp
This file (the project file) contains information at the project level and
is used to build a single project or subproject. Other users can share the
project (.dsp) file, but they should export the makefiles locally.
DetectOD.h
This is the main header file for the application. It includes other
project specific headers (including Resource.h) and declares the
CDetectODApp application class.
DetectOD.cpp
This is the main application source file that contains the application
class CDetectODApp.
DetectOD.rc
This is a listing of all of the Microsoft Windows resources that the
program uses. It includes the icons, bitmaps, and cursors that are stored
in the RES subdirectory. This file can be directly edited in Microsoft
Visual C++.
DetectOD.clw
This file contains information used by ClassWizard to edit existing
classes or add new classes. ClassWizard also uses this file to store
information needed to create and edit message maps and dialog data
maps and to create prototype member functions.
res\DetectOD.ico
This is an icon file, which is used as the application's icon. This
icon is included by the main resource file DetectOD.rc.
res\DetectOD.rc2
This file contains resources that are not edited by Microsoft
Visual C++. You should place all resources not editable by
the resource editor in this file.
/////////////////////////////////////////////////////////////////////////////
AppWizard creates one dialog class:
DetectODDlg.h, DetectODDlg.cpp - the dialog
These files contain your CDetectODDlg class. This class defines
the behavior of your application's main dialog. The dialog's
template is in DetectOD.rc, which can be edited in Microsoft
Visual C++.
/////////////////////////////////////////////////////////////////////////////
Other standard files:
StdAfx.h, StdAfx.cpp
These files are used to build a precompiled header (PCH) file
named DetectOD.pch and a precompiled types file named StdAfx.obj.
Resource.h
This is the standard header file, which defines new resource IDs.
Microsoft Visual C++ reads and updates this file.
/////////////////////////////////////////////////////////////////////////////
Other notes:
AppWizard uses "TODO:" to indicate parts of the source code you
should add to or customize.
If your application uses MFC in a shared DLL, and your application is
in a language other than the operating system's current language, you
will need to copy the corresponding localized resources MFC42XXX.DLL
from the Microsoft Visual C++ CD-ROM onto the system or system32 directory,
and rename it to be MFCLOC.DLL. ("XXX" stands for the language abbreviation.
For example, MFC42DEU.DLL contains resources translated to German.) If you
don't do this, some of the UI elements of your application will remain in the
language of the operating system.
/////////////////////////////////////////////////////////////////////////////
course/ScyllaHide/DetectOD/StdAfx.cpp 0 → 100644
浏览文件 @ 96a9f964
// stdafx.cpp : source file that includes just the standard includes
// DetectOD.pch will be the pre-compiled header
// stdafx.obj will contain the pre-compiled type information
#include "stdafx.h"
course/ScyllaHide/DetectOD/StdAfx.h 0 → 100644
浏览文件 @ 96a9f964
// stdafx.h : include file for standard system include files,
// or project specific include files that are used frequently, but
// are changed infrequently
//
#if !defined(AFX_STDAFX_H__1D6A253C_B6C7_47CB_B730_6447CAF4FA7B__INCLUDED_)
#define AFX_STDAFX_H__1D6A253C_B6C7_47CB_B730_6447CAF4FA7B__INCLUDED_
#if _MSC_VER > 1000
#pragma once
#endif // _MSC_VER > 1000
#define VC_EXTRALEAN // Exclude rarely-used stuff from Windows headers
#include <afxwin.h> // MFC core and standard components
#include <afxext.h> // MFC extensions
#include <afxdisp.h> // MFC Automation classes
#include <afxdtctl.h> // MFC support for Internet Explorer 4 Common Controls
#ifndef _AFX_NO_AFXCMN_SUPPORT
#include <afxcmn.h> // MFC support for Windows Common Controls
#endif // _AFX_NO_AFXCMN_SUPPORT
//{{AFX_INSERT_LOCATION}}
// Microsoft Visual C++ will insert additional declarations immediately before the previous line.
#endif // !defined(AFX_STDAFX_H__1D6A253C_B6C7_47CB_B730_6447CAF4FA7B__INCLUDED_)
course/ScyllaHide/DetectOD/res/DetectOD.rc2 0 → 100644
浏览文件 @ 96a9f964
//
// DETECTOD.RC2 - resources Microsoft Visual C++ does not edit directly
//
#ifdef APSTUDIO_INVOKED
#error this file is not editable by Microsoft Visual C++
#endif //APSTUDIO_INVOKED
/////////////////////////////////////////////////////////////////////////////
// Add manually edited resources here...
/////////////////////////////////////////////////////////////////////////////
course/ScyllaHide/DetectOD/resource.h 0 → 100644
浏览文件 @ 96a9f964
//{{NO_DEPENDENCIES}}
// Microsoft Developer Studio generated include file.
// Used by DetectOD.rc
//
#define IDC_ABOUT 3
#define IDM_ABOUTBOX 0x0010
#define IDD_ABOUTBOX 100
#define IDS_ABOUTBOX 101
#define IDD_DETECTOD_DIALOG 102
#define IDR_MAINFRAME 128
#define IDI_DOG 129
#define IDI_ICON2 133
#define IDC_WNDCLS 1000
#define IDC_ISDEBUGGERPRESENT 1002
#define IDC_ENUMWINDOW 1003
#define IDC_EnumProcess 1004
#define IDC_Explorer 1005
#define IDC_GetTickCount 1006
#define IDC_GetStartupInfo 1007
#define IDC_PEBFLAGS 1008
#define IDC_CHECKREMOTEDEBUGGERPRESENT 1009
#define IDC_ZwQueryInformationProcess 1010
#define IDC_SetUnhandledExceptionFilter 1014
#define IDC_MYPAGE 1014
#define IDC_SeDebugPrivilege 1015
#define IDC_COMEON 1015
#define IDC_MYICON 1016
#define IDC_MYPAGE2 1016
#define IDC_NTQueryObject 1017
#define IDC_DectectBreakpoints 1018
#define IDC_DectectFuncBreakpoints 1019
#define IDC_BlockInput 1020
#define IDC_CHECKSUM 1021
#define IDC_EnableWindow 1022
#define IDC_ZwSetInformationThread 1023
#define IDC_OutputDebugString 1024
#define IDC_GetEntryPoint 1025
#define IDC_TrapFlag 1026
#define IDC_GuardPages 1027
#define IDC_HARDWAREBREAKPOINT 1028
// Next default values for new objects
//
#ifdef APSTUDIO_INVOKED
#ifndef APSTUDIO_READONLY_SYMBOLS
#define _APS_NEXT_RESOURCE_VALUE 134
#define _APS_NEXT_COMMAND_VALUE 32771
#define _APS_NEXT_CONTROL_VALUE 1017
#define _APS_NEXT_SYMED_VALUE 101
#endif
#endif
course/ScyllaHide/DetectOD/tlssup.c 0 → 100644
浏览文件 @ 96a9f964
// tlssup.cļ룺
#include <windows.h>
#include <winnt.h>
int _tls_index=0;
#pragma data_seg(".tls")
int _tls_start=0;
#pragma data_seg(".tls$ZZZ")
int _tls_end=0;
#pragma data_seg(".CRT$XLA")
int __xl_a=0;
#pragma data_seg(".CRT$XLZ")
int __xl_z=0;
#pragma data_seg(".rdata$T")
extern PIMAGE_TLS_CALLBACK my_tls_callbacktbl[];
IMAGE_TLS_DIRECTORY32 _tls_used={(DWORD)&_tls_start,(DWORD)&_tls_end,(DWORD)&_tls_index,(DWORD)my_tls_callbacktbl,0,0};
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册