From c2d8b2f7ec9c016fabf7de241cf3265503a2494b Mon Sep 17 00:00:00 2001
From: khz-pc <khz-pc@qq.com>
Date: Tue, 5 Feb 2019 00:59:52 +0800
Subject: [PATCH] =?UTF-8?q?dll=E9=9A=90=E8=97=8F=E6=B3=A8=E5=85=A5?=
 =?UTF-8?q?=E7=A4=BA=E4=BE=8B=E4=BB=A3=E7=A0=81?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../MyScyllaHide/HelloDll/HelloDll.cpp        | Bin 0 -> 384 bytes
 .../MyScyllaHide/HelloDll/HelloDll.vcxproj    | 167 +++++++
 .../HelloDll/HelloDll.vcxproj.filters         |  36 ++
 .../MyScyllaHide/HelloDll/dllmain.cpp         | Bin 0 -> 1400 bytes
 .../MyScyllaHide/HelloDll/stdafx.cpp          | Bin 0 -> 44 bytes
 .../ScyllaHide/MyScyllaHide/HelloDll/stdafx.h | Bin 0 -> 480 bytes
 .../MyScyllaHide/HelloDll/targetver.h         | Bin 0 -> 368 bytes
 .../MyScyllaHide/MyTestAntiDebuger.sln        |  10 +
 .../MyTestAntiDebuger/DynamicMapping.cpp      | 421 ++++++++++++++++++
 .../MyTestAntiDebuger/DynamicMapping.h        |  46 ++
 .../MyTestAntiDebuger/MyTestAntiDebuger.cpp   | Bin 556 -> 12670 bytes
 .../MyTestAntiDebuger.vcxproj                 |   2 +
 .../MyTestAntiDebuger.vcxproj.filters         |   6 +
 13 files changed, 688 insertions(+)
 create mode 100644 course/ScyllaHide/MyScyllaHide/HelloDll/HelloDll.cpp
 create mode 100644 course/ScyllaHide/MyScyllaHide/HelloDll/HelloDll.vcxproj
 create mode 100644 course/ScyllaHide/MyScyllaHide/HelloDll/HelloDll.vcxproj.filters
 create mode 100644 course/ScyllaHide/MyScyllaHide/HelloDll/dllmain.cpp
 create mode 100644 course/ScyllaHide/MyScyllaHide/HelloDll/stdafx.cpp
 create mode 100644 course/ScyllaHide/MyScyllaHide/HelloDll/stdafx.h
 create mode 100644 course/ScyllaHide/MyScyllaHide/HelloDll/targetver.h
 create mode 100644 course/ScyllaHide/MyScyllaHide/MyTestAntiDebuger/DynamicMapping.cpp
 create mode 100644 course/ScyllaHide/MyScyllaHide/MyTestAntiDebuger/DynamicMapping.h

diff --git a/course/ScyllaHide/MyScyllaHide/HelloDll/HelloDll.cpp b/course/ScyllaHide/MyScyllaHide/HelloDll/HelloDll.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..3caf65b49e5cb7686723e6985475e6ced8a1df27
GIT binary patch
literal 384
zcmY+9!Ak;R5XB!Jlm3T~x~vdx=Q^b&E~%yDAp}KgOF?vTRn+j-y-O$m)JW?$A1orn
zw=?r*-kZ07`%s~rs){utCc5>xs23%K(-m*qi5iYcjd1$z2J`&-tNXe5?ff)%%_PoU
zp6UdhP?qhTYp5|ABhB@Sw$qtX&8Yi&(^5qZK(cMiJ;FAPlXBUr0K{CyFcQ2?Q7EA0
zw4fU@b-K}`BHgK>C$;np5_5UR?h1av-}vxf<5?Vc8Cr*z5`Dc>mC#?J9iZFx|9t_|
jJXW|?<DS(Atj%5-2az7AvRNIS9>_gDu8%xye7Dg*&*427

literal 0
HcmV?d00001

diff --git a/course/ScyllaHide/MyScyllaHide/HelloDll/HelloDll.vcxproj b/course/ScyllaHide/MyScyllaHide/HelloDll/HelloDll.vcxproj
new file mode 100644
index 0000000..b8dc250
--- /dev/null
+++ b/course/ScyllaHide/MyScyllaHide/HelloDll/HelloDll.vcxproj
@@ -0,0 +1,167 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <VCProjectVersion>15.0</VCProjectVersion>
+    <ProjectGuid>{43602D74-7A62-40EC-B920-EB1CF80EAEA8}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>HelloDll</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17134.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="Shared">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;NDEBUG;HELLODLL_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+    </ClCompile>
+    <Link>
+      <SubSystem>Windows</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;_DEBUG;HELLODLL_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+    </ClCompile>
+    <Link>
+      <SubSystem>Windows</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>_DEBUG;HELLODLL_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+    </ClCompile>
+    <Link>
+      <SubSystem>Windows</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>NDEBUG;HELLODLL_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+    </ClCompile>
+    <Link>
+      <SubSystem>Windows</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClInclude Include="stdafx.h" />
+    <ClInclude Include="targetver.h" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="dllmain.cpp" />
+    <ClCompile Include="HelloDll.cpp" />
+    <ClCompile Include="stdafx.cpp">
+      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>
+      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
+      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Create</PrecompiledHeader>
+      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Create</PrecompiledHeader>
+    </ClCompile>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/course/ScyllaHide/MyScyllaHide/HelloDll/HelloDll.vcxproj.filters b/course/ScyllaHide/MyScyllaHide/HelloDll/HelloDll.vcxproj.filters
new file mode 100644
index 0000000..e329570
--- /dev/null
+++ b/course/ScyllaHide/MyScyllaHide/HelloDll/HelloDll.vcxproj.filters
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="源文件">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="头文件">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;ipp;xsd</Extensions>
+    </Filter>
+    <Filter Include="资源文件">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="stdafx.h">
+      <Filter>头文件</Filter>
+    </ClInclude>
+    <ClInclude Include="targetver.h">
+      <Filter>头文件</Filter>
+    </ClInclude>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="stdafx.cpp">
+      <Filter>源文件</Filter>
+    </ClCompile>
+    <ClCompile Include="HelloDll.cpp">
+      <Filter>源文件</Filter>
+    </ClCompile>
+    <ClCompile Include="dllmain.cpp">
+      <Filter>源文件</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/course/ScyllaHide/MyScyllaHide/HelloDll/dllmain.cpp b/course/ScyllaHide/MyScyllaHide/HelloDll/dllmain.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..dd1cc22b203606b967b9e182a0c9659d83d3eb00
GIT binary patch
literal 1400
zcmbu8PiqrV6vYo+TDle74RsSiI^v&#b(NZ812xrY(jtY1CYhMfBn>l}D2j;St_wH1
z@tgQD{0x2oH!j8Yci&`a$No!|%P{la+<VSF=iPVs$CocpE%k`LcGcBD3u<aecv|B5
zx?Qe#Drt@I^m(U{%)a@w^Kl$L|FQ9HICE!C*L2g>HNi;03dx&StP$V4YU?$K9d<0!
zo|JQ*s-Yq>UOHwE)_uPE)DNgFfM(t7v5s`xVgBC!^}*N+TP3Y%Sv5V;Y~}j<?*})&
z{5&|u?odAhJw}1Cy>hXjvF?Iq{iIwzS-$RRk$9koy6^fkHEpM(4Qn0k8CR<H@~#_`
ze*1JVhAV=n1*<7);KZ#7&-6$sO5&X9I*<MjFS(#A^S|Xhm{xE8lzjZEsH#9O@V|uW
zo}Nx-E7NYs%UUOFs)~B1@`);&x06)`a#q1uXTL_p3hNH*efmtu4Ds6#y(>jYTObBt
zTAkt4IjN9NV~_`|+Pov)P4=vxe_>fe+a^3^$J1jf12|%yh}j5HaJA0U*?F6*ika^&
zGuFfvkDD`%mJ}y*ERSb;t;6iz*U=E5;W5r{5Oq$hN)*{y<&4i#(3p6+r$@Q}r?IPG
y1Rxi2=py9HD(#-0-P7sHzxAA7n>lozo_9HQHa{c$kC-3N-GLfir4FQ-=G75TJ<O2+

literal 0
HcmV?d00001

diff --git a/course/ScyllaHide/MyScyllaHide/HelloDll/stdafx.cpp b/course/ScyllaHide/MyScyllaHide/HelloDll/stdafx.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..08343afdf790eaa4524432ba7b0c3ddc395ee814
GIT binary patch
literal 44
xcmezWPnjW;A&()MA%~%qA%!88L4iSup_rir$WCNPW2j)zW5@uC@G@{Q008!y2%rD}

literal 0
HcmV?d00001

diff --git a/course/ScyllaHide/MyScyllaHide/HelloDll/stdafx.h b/course/ScyllaHide/MyScyllaHide/HelloDll/stdafx.h
new file mode 100644
index 0000000000000000000000000000000000000000..7e9fc4950f6ddf3706a0ccf9040354313fad6c66
GIT binary patch
literal 480
zcmezWPoF`bL4l!|p@boYA(0`Cp@Kn=A%npRD8`;~Ebw>D{W{iQ?U44=Z+<OhFc!~$
zUIs3pK9EkaB>lAWbrx~;{u-rj{=9w`abMCbQ(MXqDk^8ZE2}J;6^+mjlLOHptjtir
zPz1C+ogo)UDlp_T<S`^Oq=Mxj@|j?f9EMV$D^r0glz{F{1nNl#@=6%WfMgNa-AYJ$
zKq}K1KsrG>!Wldn{1}WGj2Pk>d>C9A9D%%eFzEuMeW4->K$X}b#JA`CKqi6AOaZ#G
z92jm23?`AF(9!jql$<iHF<meQ6cR0Et${nEVgAIW2fN>FfaW6G0E!PgxW7Pp5aw!x
hr)0B4ipFb{a#!`oF-&jlY$+=XyynNAVG;>a1pvGWW1|27

literal 0
HcmV?d00001

diff --git a/course/ScyllaHide/MyScyllaHide/HelloDll/targetver.h b/course/ScyllaHide/MyScyllaHide/HelloDll/targetver.h
new file mode 100644
index 0000000000000000000000000000000000000000..7f8bdf09a6d7392ba6d17f1672874cb1e1eec24f
GIT binary patch
literal 368
zcmezWPnn^Bp@<=oA)O%?NGdSoGvqNOGo&)`GH`*hK7&3`lr{KGk^)08gA0Q<5QE4t
zpqe5EJ%$XREL+U1XivZQ!5XD4Wen*zW_c9pq_>nQFoZK?0!>Q+npw_J3{+Pf_aT_c
z0M+EC$T{haomPHN{d|LP>5(rLNSYF-QOaG_AIJ0mdpE>25Yr)ULb!(Ke_0&J28g@a
zViXwSf$s2R@MAD$FoLuF7(#&V>5tymomX$=*Vw6_%9z|z267+If3rfqklsLiK1TRK
Z8SKMkh8%`cpg&WAX4>EgB|C6v0ssTXQbPa$

literal 0
HcmV?d00001

diff --git a/course/ScyllaHide/MyScyllaHide/MyTestAntiDebuger.sln b/course/ScyllaHide/MyScyllaHide/MyTestAntiDebuger.sln
index ccf9c5d..969c81f 100644
--- a/course/ScyllaHide/MyScyllaHide/MyTestAntiDebuger.sln
+++ b/course/ScyllaHide/MyScyllaHide/MyTestAntiDebuger.sln
@@ -5,6 +5,8 @@ VisualStudioVersion = 15.0.27703.2042
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "MyTestAntiDebuger", "MyTestAntiDebuger\MyTestAntiDebuger.vcxproj", "{DD451A89-40FF-4B1A-930C-7606AA87ABFE}"
 EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "HelloDll", "HelloDll\HelloDll.vcxproj", "{43602D74-7A62-40EC-B920-EB1CF80EAEA8}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|x64 = Debug|x64
@@ -21,6 +23,14 @@ Global
 		{DD451A89-40FF-4B1A-930C-7606AA87ABFE}.Release|x64.Build.0 = Release|x64
 		{DD451A89-40FF-4B1A-930C-7606AA87ABFE}.Release|x86.ActiveCfg = Release|Win32
 		{DD451A89-40FF-4B1A-930C-7606AA87ABFE}.Release|x86.Build.0 = Release|Win32
+		{43602D74-7A62-40EC-B920-EB1CF80EAEA8}.Debug|x64.ActiveCfg = Debug|x64
+		{43602D74-7A62-40EC-B920-EB1CF80EAEA8}.Debug|x64.Build.0 = Debug|x64
+		{43602D74-7A62-40EC-B920-EB1CF80EAEA8}.Debug|x86.ActiveCfg = Debug|Win32
+		{43602D74-7A62-40EC-B920-EB1CF80EAEA8}.Debug|x86.Build.0 = Debug|Win32
+		{43602D74-7A62-40EC-B920-EB1CF80EAEA8}.Release|x64.ActiveCfg = Release|x64
+		{43602D74-7A62-40EC-B920-EB1CF80EAEA8}.Release|x64.Build.0 = Release|x64
+		{43602D74-7A62-40EC-B920-EB1CF80EAEA8}.Release|x86.ActiveCfg = Release|Win32
+		{43602D74-7A62-40EC-B920-EB1CF80EAEA8}.Release|x86.Build.0 = Release|Win32
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
diff --git a/course/ScyllaHide/MyScyllaHide/MyTestAntiDebuger/DynamicMapping.cpp b/course/ScyllaHide/MyScyllaHide/MyTestAntiDebuger/DynamicMapping.cpp
new file mode 100644
index 0000000..8fbeef7
--- /dev/null
+++ b/course/ScyllaHide/MyScyllaHide/MyTestAntiDebuger/DynamicMapping.cpp
@@ -0,0 +1,421 @@
+#include "stdafx.h"
+#include "DynamicMapping.h"
+#include <Psapi.h>
+// #include <ntdll/ntdll.h>
+
+#pragma comment(lib, "psapi.lib")
+
+LPVOID MapModuleToProcess(HANDLE hProcess, BYTE * dllMemory, bool wipeHeaders)
+{
+    PIMAGE_DOS_HEADER pDosHeader = (PIMAGE_DOS_HEADER)dllMemory;
+    PIMAGE_NT_HEADERS pNtHeader = (PIMAGE_NT_HEADERS)((DWORD_PTR)pDosHeader + pDosHeader->e_lfanew);
+    PIMAGE_SECTION_HEADER pSecHeader = IMAGE_FIRST_SECTION(pNtHeader);
+
+    if (pDosHeader->e_magic != IMAGE_DOS_SIGNATURE || pNtHeader->Signature != IMAGE_NT_SIGNATURE)
+    {
+        return nullptr;
+    }
+
+    IMAGE_DATA_DIRECTORY relocDir = pNtHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC];
+    bool relocatable = (pNtHeader->OptionalHeader.DllCharacteristics & IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE) != 0;
+    bool hasRelocDir = pNtHeader->OptionalHeader.NumberOfRvaAndSizes >= IMAGE_DIRECTORY_ENTRY_BASERELOC && relocDir.VirtualAddress > 0 && relocDir.Size > 0;
+    if (!hasRelocDir && (pNtHeader->FileHeader.Characteristics & IMAGE_FILE_RELOCS_STRIPPED)) // A relocation dir is optional, but it must not have been stripped
+    {
+        return nullptr;
+    }
+
+    ULONG_PTR headersBase = pNtHeader->OptionalHeader.ImageBase;
+    LPVOID preferredBase = relocatable ? nullptr : (LPVOID)headersBase;
+    LPVOID imageRemote = VirtualAllocEx(hProcess, preferredBase, pNtHeader->OptionalHeader.SizeOfImage, MEM_RESERVE | MEM_COMMIT, PAGE_EXECUTE_READWRITE);
+    LPVOID imageLocal = VirtualAlloc(nullptr, pNtHeader->OptionalHeader.SizeOfImage, MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
+
+    if (!imageLocal || !imageRemote)
+    {
+        return nullptr;
+    }
+
+    // Update the headers to the relocated image base
+    if (relocatable && (ULONG_PTR)imageRemote != pNtHeader->OptionalHeader.ImageBase)
+        pNtHeader->OptionalHeader.ImageBase = (ULONG_PTR)imageRemote;
+
+    memcpy((LPVOID)imageLocal, (LPVOID)pDosHeader, pNtHeader->OptionalHeader.SizeOfHeaders);
+
+    SIZE_T imageSize = pNtHeader->OptionalHeader.SizeOfImage;
+    for (WORD i = 0; i < pNtHeader->FileHeader.NumberOfSections; i++)
+    {
+        if (hasRelocDir && i == pNtHeader->FileHeader.NumberOfSections - 1 &&
+            pSecHeader->VirtualAddress == relocDir.VirtualAddress && (pSecHeader->Characteristics & IMAGE_SCN_MEM_DISCARDABLE))
+            imageSize = pSecHeader->VirtualAddress; // Limit the maximum VA to copy to the process to exclude .reloc if it is the last section
+
+        memcpy((LPVOID)((DWORD_PTR)imageLocal + pSecHeader->VirtualAddress), (LPVOID)((DWORD_PTR)pDosHeader + pSecHeader->PointerToRawData), pSecHeader->SizeOfRawData);
+        pSecHeader++;
+    }
+
+    if (hasRelocDir)
+    {
+        DWORD_PTR dwDelta = (DWORD_PTR)imageRemote - headersBase;
+        DoBaseRelocation(
+            (PIMAGE_BASE_RELOCATION)((DWORD_PTR)imageLocal + relocDir.VirtualAddress),
+            (DWORD_PTR)imageLocal,
+            dwDelta);
+    }
+
+    ResolveImports((PIMAGE_IMPORT_DESCRIPTOR)((DWORD_PTR)imageLocal + pNtHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress), (DWORD_PTR)imageLocal);
+
+    SIZE_T skipBytes = wipeHeaders ? pNtHeader->OptionalHeader.SizeOfHeaders : 0;
+    if (WriteProcessMemory(hProcess, (PVOID)((ULONG_PTR)imageRemote + skipBytes), (PVOID)((ULONG_PTR)imageLocal + skipBytes),
+        imageSize - skipBytes, nullptr))
+    {
+        VirtualFree(imageLocal, 0, MEM_RELEASE);
+    }
+    else
+    {
+        VirtualFree(imageLocal, 0, MEM_RELEASE);
+        VirtualFreeEx(hProcess, imageRemote, 0, MEM_RELEASE);
+        imageRemote = nullptr;
+    }
+    return imageRemote;
+}
+
+bool ResolveImports(PIMAGE_IMPORT_DESCRIPTOR pImport, DWORD_PTR module)
+{
+    PIMAGE_THUNK_DATA thunkRef;
+    PIMAGE_THUNK_DATA funcRef;
+
+    while (pImport->FirstThunk)
+    {
+        char * moduleName = (char *)(module + pImport->Name);
+
+        HMODULE hModule = GetModuleHandleA(moduleName);
+
+        if (!hModule)
+        {
+            hModule = LoadLibraryA(moduleName);
+            if (!hModule)
+            {
+                return false;
+            }
+        }
+
+        funcRef = (PIMAGE_THUNK_DATA)(module + pImport->FirstThunk);
+        if (pImport->OriginalFirstThunk)
+        {
+            thunkRef = (PIMAGE_THUNK_DATA)(module + pImport->OriginalFirstThunk);
+        }
+        else
+        {
+            thunkRef = (PIMAGE_THUNK_DATA)(module + pImport->FirstThunk);
+        }
+
+        while (thunkRef->u1.Function)
+        {
+            if (IMAGE_SNAP_BY_ORDINAL(thunkRef->u1.Function))
+            {
+                funcRef->u1.Function = (DWORD_PTR)GetProcAddress(hModule, (LPCSTR)IMAGE_ORDINAL(thunkRef->u1.Ordinal));
+            }
+            else
+            {
+                PIMAGE_IMPORT_BY_NAME thunkData = (PIMAGE_IMPORT_BY_NAME)(module + thunkRef->u1.AddressOfData);
+                funcRef->u1.Function = (DWORD_PTR)GetProcAddress(hModule, (LPCSTR)thunkData->Name);
+            }
+
+            if (!funcRef->u1.Function)
+            {
+                MessageBoxA(0, "Function not resolved", moduleName, 0);
+                return false;
+            }
+
+            thunkRef++;
+            funcRef++;
+        }
+
+        pImport++;
+    }
+
+    return true;
+}
+
+void DoBaseRelocation(PIMAGE_BASE_RELOCATION relocation, DWORD_PTR memory, DWORD_PTR dwDelta)
+{
+    DWORD_PTR * patchAddress;
+    WORD type, offset;
+
+    while (relocation->VirtualAddress)
+    {
+        PBYTE dest = (PBYTE)(memory + relocation->VirtualAddress);
+        DWORD count = (relocation->SizeOfBlock - sizeof(IMAGE_BASE_RELOCATION)) / sizeof(WORD);
+        WORD * relocInfo = (WORD *)((DWORD_PTR)relocation + sizeof(IMAGE_BASE_RELOCATION));
+
+        for (DWORD i = 0; i < count; i++)
+        {
+            type = relocInfo[i] >> 12;
+            offset = relocInfo[i] & 0xfff;
+
+            switch (type)
+            {
+            case IMAGE_REL_BASED_ABSOLUTE:
+                break;
+            case IMAGE_REL_BASED_HIGHLOW:
+            case IMAGE_REL_BASED_DIR64:
+                patchAddress = (DWORD_PTR *)(dest + offset);
+                *patchAddress += dwDelta;
+                break;
+            default:
+                break;
+            }
+        }
+
+        relocation = (PIMAGE_BASE_RELOCATION)((DWORD_PTR)relocation + relocation->SizeOfBlock);
+    }
+}
+
+DWORD RVAToOffset(PIMAGE_NT_HEADERS pNtHdr, DWORD dwRVA)
+{
+    PIMAGE_SECTION_HEADER pSectionHdr = IMAGE_FIRST_SECTION(pNtHdr);
+
+    for (WORD i = 0; i < pNtHdr->FileHeader.NumberOfSections; i++)
+    {
+        if (pSectionHdr->VirtualAddress <= dwRVA)
+        {
+            if ((pSectionHdr->VirtualAddress + pSectionHdr->Misc.VirtualSize) > dwRVA)
+            {
+                dwRVA -= pSectionHdr->VirtualAddress;
+                dwRVA += pSectionHdr->PointerToRawData;
+
+                return (dwRVA);
+            }
+
+        }
+        pSectionHdr++;
+    }
+
+    return (0);
+}
+
+DWORD GetDllFunctionAddressRVA(BYTE * dllMemory, LPCSTR apiName)
+{
+    PIMAGE_DOS_HEADER pDosHeader = (PIMAGE_DOS_HEADER)dllMemory;
+    PIMAGE_NT_HEADERS pNtHeader = (PIMAGE_NT_HEADERS)((DWORD_PTR)pDosHeader + pDosHeader->e_lfanew);
+    PIMAGE_EXPORT_DIRECTORY pExportDir;
+
+    DWORD exportDirRVA = pNtHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress;
+    if (exportDirRVA == 0)
+    {
+        return 0;
+    }
+    DWORD exportDirOffset = RVAToOffset(pNtHeader, exportDirRVA);
+
+    pExportDir = (PIMAGE_EXPORT_DIRECTORY)((DWORD_PTR)dllMemory + exportDirOffset);
+
+    DWORD * addressOfFunctionsArray = (DWORD *)((DWORD)pExportDir->AddressOfFunctions - exportDirRVA + (DWORD_PTR)pExportDir);
+    DWORD * addressOfNamesArray = (DWORD *)((DWORD)pExportDir->AddressOfNames - exportDirRVA + (DWORD_PTR)pExportDir);
+    WORD * addressOfNameOrdinalsArray = (WORD *)((DWORD)pExportDir->AddressOfNameOrdinals - exportDirRVA + (DWORD_PTR)pExportDir);
+
+    for (DWORD i = 0; i < pExportDir->NumberOfNames; i++)
+    {
+        char * functionName = (char*)(addressOfNamesArray[i] - exportDirRVA + (DWORD_PTR)pExportDir);
+
+        if (!_stricmp(functionName, apiName))
+        {
+            return addressOfFunctionsArray[addressOfNameOrdinalsArray[i]];
+        }
+    }
+
+    return 0;
+}
+
+HMODULE GetModuleBaseRemote(HANDLE hProcess, const wchar_t* szDLLName)
+{
+    DWORD cbNeeded = 0;
+    wchar_t szModuleName[MAX_PATH] = { 0 };
+    if (EnumProcessModules(hProcess, 0, 0, &cbNeeded))
+    {
+        HMODULE* hMods = (HMODULE*)malloc(cbNeeded*sizeof(HMODULE));
+        if (EnumProcessModules(hProcess, hMods, cbNeeded, &cbNeeded))
+        {
+            for (unsigned int i = 0; i < cbNeeded / sizeof(HMODULE); i++)
+            {
+                szModuleName[0] = 0;
+                if (GetModuleFileNameExW(hProcess, hMods[i], szModuleName, _countof(szModuleName)))
+                {
+                    wchar_t* dllName = wcsrchr(szModuleName, L'\\');
+                    if (dllName)
+                    {
+                        dllName++;
+                        if (!_wcsicmp(dllName, szDLLName))
+                        {
+                            return hMods[i];
+                        }
+                    }
+                }
+            }
+        }
+        free(hMods);
+    }
+    return 0;
+}
+/*
+DWORD StartDllInitFunction(HANDLE hProcess, DWORD_PTR functionAddress, LPVOID imageBase)
+{
+    NTSTATUS ntStat = 0;
+    DWORD dwExit = 0;
+    HANDLE hThread = 0;
+    t_NtCreateThreadEx _NtCreateThreadEx = (t_NtCreateThreadEx)GetProcAddress(GetModuleHandleW(L"ntdll.dll"), "NtCreateThreadEx");
+
+
+    //	if (_NtCreateThreadEx)
+    //	{
+    //#define THREAD_ALL_ACCESS_VISTA         (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | \
+    //	0xFFFF)
+    //		ntStat = _NtCreateThreadEx(&hThread, THREAD_ALL_ACCESS_VISTA, 0, hProcess, (LPTHREAD_START_ROUTINE)functionAddress, imageBase, THREAD_CREATE_FLAGS_CREATE_SUSPENDED, 0, 0, 0, 0);
+    //	}
+    //	else
+    {
+        hThread = CreateRemoteThread(hProcess, 0, 0, (LPTHREAD_START_ROUTINE)functionAddress, imageBase, CREATE_SUSPENDED, 0);
+    }
+
+    if (hThread)
+    {
+        ntStat = NtSetInformationThread(hThread, ThreadHideFromDebugger, 0, 0);
+
+        //SkipThreadAttach(hProcess, hThread);
+
+        ResumeThread(hThread);
+
+        WaitForSingleObject(hThread, INFINITE);
+        GetExitCodeThread(hThread, &dwExit);
+
+        CloseHandle(hThread);
+        return dwExit;
+    }
+
+    return -1;
+}
+
+bool SkipThreadAttach(HANDLE hProcess, HANDLE hThread)
+{
+    USHORT tebFlags = 0;
+    THREAD_BASIC_INFORMATION tbi = { 0 };
+    if (NtQueryInformationThread(hThread, ThreadBasicInformation, &tbi, sizeof(THREAD_BASIC_INFORMATION), 0) >= 0)
+    {
+        DWORD_PTR tebAddress = (DWORD_PTR)tbi.TebBaseAddress;
+
+        DWORD_PTR tebFlagAddress = tebAddress + TEB_OFFSET_SAME_TEB_FLAGS;
+
+        if (ReadProcessMemory(hProcess, (void*)tebFlagAddress, &tebFlags, sizeof(USHORT), 0))
+        {
+            SameTebFlags * structFlags = (SameTebFlags *)&tebFlags;
+            structFlags->DbgSkipThreadAttach = TRUE;
+            return !!WriteProcessMemory(hProcess, (void*)tebFlagAddress, &tebFlags, sizeof(USHORT), 0);
+        }
+    }
+
+    return false;
+}
+
+bool StartSystemBreakpointInjection(DWORD threadid, HANDLE hProcess, DWORD_PTR functionAddress, LPVOID imageBase)
+{
+    CONTEXT ctx = { 0 };
+    BYTE injectStub[500] = { 0 };
+    ctx.ContextFlags = CONTEXT_CONTROL;
+
+    HANDLE hThread = OpenThread(THREAD_ALL_ACCESS, 0, threadid);
+    //wsprintfA(text, "%X %X", hThread, threadi);
+    //MessageBoxA(0,text,"StartSystemBreakpointInjection",0);
+
+    if (hThread && (NtGetContextThread(hThread, &ctx) >= 0))
+    {
+        //wsprintfA(text, "%X", ctx.Eip);
+        //MessageBoxA(0,text,"NtGetContextThread",0);
+
+        LPVOID memory = VirtualAllocEx(hProcess, 0, GetInjectStubSize(), MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
+        if (memory)
+        {
+            //wsprintfA(text, "%X", memory);
+            //MessageBoxA(0, text, text, 0);
+#ifdef _WIN64 //x64
+            PrepareInjectStub((DWORD_PTR)memory, (DWORD_PTR)imageBase, ctx.Rip, functionAddress, injectStub);
+#else //x64
+            PrepareInjectStub((DWORD_PTR)memory, (DWORD_PTR)imageBase, ctx.Eip, functionAddress, injectStub);
+#endif //_WIN64
+            if (WriteProcessMemory(hProcess, memory, injectStub, GetInjectStubSize(), 0))
+            {
+#ifdef _WIN64 //x64
+                ctx.Rip = (DWORD_PTR)memory;
+#else //x64
+                ctx.Eip = (DWORD_PTR)memory;
+#endif //_WIN64
+                return (NtSetContextThread(hThread, &ctx) >= 0);
+            }
+
+        }
+    }
+    CloseHandle(hThread);
+    return false;
+}
+*/
+#ifndef _WIN64
+//32bit
+BYTE pushad = 0x60;//PUSHAD
+BYTE popad = 0x61;//POPAD
+BYTE pushDword[] = { 0x68, 0x00, 0x00, 0x00, 0x00 };
+BYTE callDword[] = { 0xE8, 0x00, 0x00, 0x00, 0x00 };
+BYTE jmpDword[] = { 0xE9, 0x00, 0x00, 0x00, 0x00 };
+
+int GetInjectStubSize()
+{
+    return sizeof(pushDword) + sizeof(callDword) + sizeof(jmpDword) + 2;
+}
+
+void PrepareInjectStub(DWORD memoryAddress, DWORD dllImageBase, DWORD systemBreakpointContinue, DWORD dllInitAddress, BYTE * result)
+{
+    DWORD * temp = (DWORD *)&pushDword[1];
+    *temp = dllImageBase;
+
+    temp = (DWORD *)&callDword[1];
+    *temp = (DWORD)(dllInitAddress - (memoryAddress + sizeof(pushDword) + 1) - 5);
+
+    temp = (DWORD *)&jmpDword[1];
+    *temp = (DWORD)(systemBreakpointContinue - (memoryAddress + sizeof(pushDword) + sizeof(callDword) + 2) - 5);
+
+    result[0] = pushad;
+    memcpy(result + 1, pushDword, sizeof(pushDword));
+    memcpy(result + 1 + sizeof(pushDword), callDword, sizeof(callDword));
+    memcpy(result + 1 + sizeof(pushDword) + sizeof(callDword), &popad, 1);
+    memcpy(result + 1 + sizeof(pushDword) + sizeof(callDword) + 1, jmpDword, sizeof(jmpDword));
+
+}
+#else
+//64bit
+BYTE movRcx[] = { 0x48, 0xB9, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
+BYTE callQword[] = { 0xFF, 0x15, 0x00, 0x00, 0x00, 0x00 }; //dll init
+BYTE jmpQword[] = { 0xFF, 0x25, 0x00, 0x00, 0x00, 0x00 };
+BYTE addressTable[8 * 2] = { 0 };
+
+int GetInjectStubSize()
+{
+    return sizeof(movRcx)+sizeof(callQword)+sizeof(jmpQword)+sizeof(addressTable);
+}
+
+void PrepareInjectStub(DWORD_PTR memoryAddress, DWORD_PTR dllImageBase, DWORD_PTR systemBreakpointContinue, DWORD_PTR dllInitAddress, BYTE * result)
+{
+    DWORD_PTR * temp = (DWORD_PTR *)&movRcx[2];
+    *temp = dllImageBase;
+
+    temp = (DWORD_PTR *)addressTable;
+    *temp = dllInitAddress;
+    temp++;
+    *temp = systemBreakpointContinue;
+
+    DWORD * tempDw = (DWORD*)&callQword[2];
+    *tempDw = sizeof(jmpQword);
+
+    tempDw = (DWORD*)&jmpQword[2];
+    *tempDw = sizeof(DWORD_PTR);
+
+    memcpy(result, movRcx, sizeof(movRcx));
+    memcpy(result + sizeof(movRcx), callQword, sizeof(callQword));
+    memcpy(result + sizeof(movRcx)+sizeof(callQword), jmpQword, sizeof(jmpQword));
+    memcpy(result + sizeof(movRcx)+sizeof(callQword)+sizeof(jmpQword), addressTable, sizeof(addressTable));
+}
+#endif
diff --git a/course/ScyllaHide/MyScyllaHide/MyTestAntiDebuger/DynamicMapping.h b/course/ScyllaHide/MyScyllaHide/MyTestAntiDebuger/DynamicMapping.h
new file mode 100644
index 0000000..7089b54
--- /dev/null
+++ b/course/ScyllaHide/MyScyllaHide/MyTestAntiDebuger/DynamicMapping.h
@@ -0,0 +1,46 @@
+#pragma once
+
+#include <windows.h>
+
+typedef struct _SameTebFlags
+{
+    union
+    {
+        struct
+        {
+            USHORT DbgSafeThunkCall : 1;
+            USHORT DbgInDebugPrint : 1;
+            USHORT DbgHasFiberData : 1;
+            USHORT DbgSkipThreadAttach : 1;
+            USHORT DbgWerInShipAssertCode : 1;
+            USHORT DbgIssuedInitialBp : 1;
+            USHORT DbgClonedThread : 1;
+            USHORT SpareSameTebBits : 9;
+        };
+        USHORT SameTebFlags;
+    };
+} SameTebFlags;
+
+#ifdef _WIN64
+#define TEB_OFFSET_SAME_TEB_FLAGS 0x17EE
+#else
+#define TEB_OFFSET_SAME_TEB_FLAGS 0xFCA
+#endif
+
+LPVOID MapModuleToProcess(HANDLE hProcess, BYTE * dllMemory, bool wipeHeaders);
+void DoBaseRelocation(PIMAGE_BASE_RELOCATION relocation, DWORD_PTR memory, DWORD_PTR dwDelta);
+DWORD GetDllFunctionAddressRVA(BYTE * dllMemory, LPCSTR apiName);
+DWORD RVAToOffset(PIMAGE_NT_HEADERS pNtHdr, DWORD dwRVA);
+HMODULE GetModuleBaseRemote(HANDLE hProcess, const wchar_t* szDLLName);
+DWORD StartDllInitFunction(HANDLE hProcess, DWORD_PTR functionAddress, LPVOID imageBase);
+bool SkipThreadAttach(HANDLE hProcess, HANDLE hThread);
+bool ResolveImports(PIMAGE_IMPORT_DESCRIPTOR pImport, DWORD_PTR module);
+
+bool StartSystemBreakpointInjection(DWORD threadi, HANDLE hProcess, DWORD_PTR functionAddress, LPVOID imageBase);
+#ifndef _WIN64
+int GetInjectStubSize();
+void PrepareInjectStub(DWORD memoryAddress, DWORD dllImageBase, DWORD systemBreakpointContinue, DWORD dllInitAddress, BYTE * result);
+#else
+int GetInjectStubSize();
+void PrepareInjectStub(DWORD_PTR memoryAddress, DWORD_PTR dllImageBase, DWORD_PTR systemBreakpointContinue, DWORD_PTR dllInitAddress, BYTE * result);
+#endif
diff --git a/course/ScyllaHide/MyScyllaHide/MyTestAntiDebuger/MyTestAntiDebuger.cpp b/course/ScyllaHide/MyScyllaHide/MyTestAntiDebuger/MyTestAntiDebuger.cpp
index bd4079e33351262e81a69629b89181a3259bdc6c..377a54334affe8a695464e649409c03d90b91b0c 100644
GIT binary patch
literal 12670
zcmeHO+iqLO6&>U)F8U9Y0vnW@*p>_Qp-BVCx>!mSQ6Xh3M%oCnL|JMS(GY3NO5(S?
z=Os`1fqp~3r$3M{XuH;IF3yE>4v%C9$U{KL=Qd~0-fLfH&+-5Md)M7{E%%wbbUUu^
zhHm7R+!_8oaVxlf>Rz~KIG(#Z?!Z0A@2?pB^OqZ2|2p_f_m|#JU$tNS;oBd-`r&2&
z^Z)ez{rsJKe{?rM@vh^MfA4|P8Qwhwr9)6^xp_a!q1$&y?iJ`B<4$?xM{d`@edq@6
z0&j8b$CYDyczTL)`{43q#@HQ<Tn9I&82e{;zjpLIkhp{l`|caiJpfjmfpeSzo4~&$
zehO{}pxp9u?gP7#+rZd=V!i{9>;PBWxIe%(F(0}%xLI;rm}%3k;?3ji`TMx{z&(ME
z`1CgZ4l%<ic<F<y0cc&i1&_>k{@)fx@V5y%k6j1zui)x@JbHxV2HxBEx_yA-5O-Sc
zZ}>CmJ_F4|XzUdCcW|C_TjFn;BXT{$tS>-i!F`x;b^`6UAa^}aCX=K|Wz*fez=PQ9
zTE{hLh#0Md|AG4&2=HnJ(vI-gE@FHOi0t9XA$~c>qD$*ufn|1F*P}{1H~~$gzXoY(
z?@OKrrK5hk?j`0lgdgHwKAQeUtH|Gaj5}>m%5_a-=e<>hndd7xj=4Q9qLI)0Yj9iE
zL*TlkLs?1B>x`ZxD&~D<Etc_WM_Sv1Mejf>3p4F6wLsZG*%I|sT<?N9_0!M%C-&O1
z1ntCg7hnTr?ysWFKY4!(w$K~{T3hTHydFZbZz0(Le$43A!S7S}4kOs6KP~~`B_Pbv
z_i!vDDa`5-)u`O}`p6(eco}?Hc3}())?z-%=*v;^O?g`t_GPTE;^%LM^{kj^kyQCc
z*i;>fnJlt|7ZD5kTZLD2eQetUj*o!sGICB2Khs~yOY@mIV>5kTAdk{VSaHyfHpfvd
z&6Tva7l^6KmPbA_(XK)kdpgNtH$n67pg8X>uNjuP1o<^3dR@#irID;Fm{H#@R^;Jb
z)Hlr#I|3fee|`7`k&@<HKvBMO6VK?IuiQ=dMI$stMgA63j_<u~)SDp5IY+RJbLc+Q
z9p)>!mULaO(<XYnzMZc{8X~^~aD6e!7_0%UZc(krqtz~E-BtBTy=<>hEm?J*j*Aga
zk)$P=JsXy<QET1Es?jd6-v@tIb6L%pW;t5j8N6ZyDR&W5Snqam&RUlB*txGo8Kcc=
zx4o>#h&neAOG0&**U1|HVKgS>IAV4IUN12RD>3m|HCohq;DXsL9;f=79BbS*=$_-6
zG4!4v9XLInjI!s;7)g}KiQeBu%&U{0{`C;?cME@AM7w2V)-KMMkZ1X94fnWWV5~Mo
zd9D#H_kHD<T~Cke3DVg@q-Wmdc?Z=BXWYZTUx0oOd3*!c5B<}7<9}&=L009LSmrs8
z3g2WEy9pXApc(6LZ~WvDW}=>Dk>5q<x+lb>nYfnDpE0lNUMyY8vnY#qy%A>k7#y*3
z37qMj5{G&wI<alEC;oC9^bTMJtmwJ^Yfm^0^Rjwa^f)hKbd0m+&@t!T<}7inH|jXo
z7*U;rjii2^Bb(Q$sqAK<=FgIj_ij~qWvZ(>Da2_LX*Bl8`(HmoTxiuHthaScC5$~^
zBdU%TH|w6}&-g}uZ`s=otBZA5(HW3rj*s<{T1+}CBT&eZsVqdn@*#6Uvo1zlDW`FK
z8xhnhkGjZjE42{oIdhs(10Up_b>Jx^Fx>OZ6z8xw&P?}H?EMaEsXj2wyBpiE`_829
z-NTthR7T4^M8oy*HG3+Iu=)7M=%Vb6<7gMLkMXmEI9NA2joD?2A!e5;eU2#3Jn;mx
zGw!Zo)-HGn9MHoog2!3MbVa*~5mXe&dp+qoF4dN-Rk^aNS7rF;(S@C+v}(xhBjr%D
ziBlULQ%HH$_%hFWI&EjHTAKFpa<qteiLbIG;vvMU=I@qk*}59G9*5FOW7)@?Gw6vv
zNTgWxwXk-xD6cy98$3~8vW3;fFj|o{(`i|n>gbpHaBj;fwGt*}EM{Xc7{`#7UzdfB
zE@MuJ&&1#`!eF-dg-9%$Ale~z$5v{#6yAvIU+Xre=xl%&*2G)jkeX`yHDOhC&h=)H
zOYfLxrKr`%+#Vt=JLl&6aWzc8XUF^)yr?6u(L=uu8i7Z~UH0miQIWFV-9lX3&SI~{
zH)+2~G}AofidB5`dNrn=;!xHY*9Y-CL0=l5Mt#=c>`^}PQq#Wr{w$@UyLX_|3!q}_
z7Q=WrzOo)&9rZfI=Cb@q9k6mZ_p7<-9-0uPE^bY@&ij95#7h3QikWDETxW4FYJ{J4
ze=Y79AG!b4uaTR^5y>Kaq$wR!pPa4X*fY6<#Mr5|BW)wL5AJ%!*JZ?%`{v*i7w}{1
z`~Y7493B&FV~Ex4D*8NO<w@;SdG>X(W-LvZcLeXHz2xy{CG!R0spC^<o4Mudig9T?
ze+^kKFq3jnJDZOjY=Pb@Sk6`K)jTcM!JFDmYA=SF&0-SWDC|+N13;@!_h>rExvPk%
z>_1#W-huZC$~UX_;<_qcH*F*4u|{N{f&KfAkFV>vVwZvSBrRnHGYrSpN_=O%vjE%9
zcdg=eR!V`9j=g~}XV1^N1^LWF@;OUyRPU1n{<*f+)d$#3?ql9lV98wFhZWJ&!>TLS
z7y02^TsdeLfopm0C9@K;o$_Xyvh@~wY3%Igd$rudAWg1zj)6Y0<UU5)8E>+0+<g7T
zn9#&}ek=T1oJ#k&o8lHn;^}IPNHoVS_o$R3+7N4D>ND(DXxE*79P5?+dee5A859|3
z>BrvcdfTb%$JSTj^_85>@%!r8s*(ED^BlZ4&3<WijU%yioJJk%E9+U>&r$ZDj<s?3
ztZI(yTjksSN+fi0()cT>CFga0DMmvyiAsp{x~pS|585Z^9@=!iHD9<|hAwG~*`S&m
z$zS52B%7otX<pBCEJ-R3xrfNzG}fr4xm)hKJKfcB&ycVjBOa@c{91>7bbg1m>5q)1
zM>w;+WcwPyR&}4Cx>%m{;`kjKbA|PFDCINUVXmc(SyzL5H7(RX+`r%oo@>`|J~!TB
zF5$xbkz%M7M7543V;*~V5}v4uc<szcFF%e)PS?5QDc<La&#jLicQ(1g=Jy+2UzxEV
z`p9F)ov2XTnSGG*bv={sru|iZb<ji1<ocKOr|oocABL78l&X&Mlw)ukbXn&kqC{V5
zW_5alHE}!(qvA8a{v!JE6KP*>&N@=7>~*s{6Vs`pI~y0xSiORY=V^v@X@5fV=%`-X
zY!0uE|C@RL8nk6AMy|qb|2=ei^H{+Cojl&6{U+Y$_|Ttd!$zBGx(>V2v(mk4Y-eNn
z_Oavlq>PX!uv+`Fv<3g*SDx(u3OkF6VaLZ-zp@q`V`+IFtcP(X?Sd-$U8S~WBnkaD
zMt?^73(q;P+CJ~`o_(2c;CEx$Utw4G99d`Nzg)1VFWr~!AJ9BI1!<Rt9Tua`ubbw<
zJ7?l5u{D|N&bTj}TaF@`IB2<#d>+0(o=I4xGwN=N)73gt)9azQ%1Nu)>0WZcWYMFN
zYFJX0=dfN_ULnUFn5)Q_M)Tm?8_+_&j-KX+nJLI}zaR_Od8{ayDcL1SZQC$QDWq7i
z{%EqsFY}hpmRnD5dE6!5$5+Vw&YS*8tE{rTvhBoLNV{#}8}E2b*)AWTlIWmTvx*_z
z&)q<r2><JVtE+Rrc496x&tZg3F_b;z@=}JBIwQCwR>h(bq8jrr$~{z=ef-!_T?F5^
V@wbRwRQ~jy#-@GAGL9kc{2w^9+N=No

delta 45
rcmeyDw1#EE4n<xDE(Q?JWXNMEVNhVmWk>|GH5fF(;?<kA4T2c~?cxai

diff --git a/course/ScyllaHide/MyScyllaHide/MyTestAntiDebuger/MyTestAntiDebuger.vcxproj b/course/ScyllaHide/MyScyllaHide/MyTestAntiDebuger/MyTestAntiDebuger.vcxproj
index e420681..4184cdf 100644
--- a/course/ScyllaHide/MyScyllaHide/MyTestAntiDebuger/MyTestAntiDebuger.vcxproj
+++ b/course/ScyllaHide/MyScyllaHide/MyTestAntiDebuger/MyTestAntiDebuger.vcxproj
@@ -149,10 +149,12 @@
     </Link>
   </ItemDefinitionGroup>
   <ItemGroup>
+    <ClInclude Include="DynamicMapping.h" />
     <ClInclude Include="stdafx.h" />
     <ClInclude Include="targetver.h" />
   </ItemGroup>
   <ItemGroup>
+    <ClCompile Include="DynamicMapping.cpp" />
     <ClCompile Include="MyTestAntiDebuger.cpp" />
     <ClCompile Include="stdafx.cpp">
       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
diff --git a/course/ScyllaHide/MyScyllaHide/MyTestAntiDebuger/MyTestAntiDebuger.vcxproj.filters b/course/ScyllaHide/MyScyllaHide/MyTestAntiDebuger/MyTestAntiDebuger.vcxproj.filters
index 319be58..0aa087f 100644
--- a/course/ScyllaHide/MyScyllaHide/MyTestAntiDebuger/MyTestAntiDebuger.vcxproj.filters
+++ b/course/ScyllaHide/MyScyllaHide/MyTestAntiDebuger/MyTestAntiDebuger.vcxproj.filters
@@ -21,6 +21,9 @@
     <ClInclude Include="targetver.h">
       <Filter>头文件</Filter>
     </ClInclude>
+    <ClInclude Include="DynamicMapping.h">
+      <Filter>头文件</Filter>
+    </ClInclude>
   </ItemGroup>
   <ItemGroup>
     <ClCompile Include="stdafx.cpp">
@@ -29,5 +32,8 @@
     <ClCompile Include="MyTestAntiDebuger.cpp">
       <Filter>源文件</Filter>
     </ClCompile>
+    <ClCompile Include="DynamicMapping.cpp">
+      <Filter>源文件</Filter>
+    </ClCompile>
   </ItemGroup>
 </Project>
\ No newline at end of file
-- 
GitLab