├── DebugFromEntryPoint
    ├── DebugFromEntryPoint.vcxproj.filters
    ├── DebugFromEntryPoint.vcxproj
    └── DebugFromEntryPoint.cpp
├── DebugFromEntryPoint64
    ├── DebugFromEntryPoint64.vcxproj.filters
    └── DebugFromEntryPoint64.vcxproj
├── DebugFromEntryPoint.sln
├── Readme.md
└── .gitignore


/DebugFromEntryPoint/DebugFromEntryPoint.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="ソース ファイル">
 5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
 6 |       <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="ヘッダー ファイル">
 9 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
10 |       <Extensions>h;hh;hpp;hxx;hm;inl;inc;ipp;xsd</Extensions>
11 |     </Filter>
12 |     <Filter Include="リソース ファイル">
13 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
14 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
15 |     </Filter>
16 |   </ItemGroup>
17 |   <ItemGroup>
18 |     <ClCompile Include="DebugFromEntryPoint.cpp">
19 |       <Filter>ソース ファイル</Filter>
20 |     </ClCompile>
21 |   </ItemGroup>
22 | </Project>


--------------------------------------------------------------------------------
/DebugFromEntryPoint64/DebugFromEntryPoint64.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="ソース ファイル">
 5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
 6 |       <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="ヘッダー ファイル">
 9 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
10 |       <Extensions>h;hh;hpp;hxx;hm;inl;inc;ipp;xsd</Extensions>
11 |     </Filter>
12 |     <Filter Include="リソース ファイル">
13 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
14 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
15 |     </Filter>
16 |   </ItemGroup>
17 |   <ItemGroup>
18 |     <ClCompile Include="..\DebugFromEntryPoint\DebugFromEntryPoint.cpp">
19 |       <Filter>ソース ファイル</Filter>
20 |     </ClCompile>
21 |   </ItemGroup>
22 | </Project>


--------------------------------------------------------------------------------
/DebugFromEntryPoint.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio 15
 4 | VisualStudioVersion = 15.0.28307.2017
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "DebugFromEntryPoint", "DebugFromEntryPoint\DebugFromEntryPoint.vcxproj", "{27AB389F-C4A9-4480-A6E6-BE553155AC0A}"
 7 | EndProject
 8 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "DebugFromEntryPoint64", "DebugFromEntryPoint64\DebugFromEntryPoint64.vcxproj", "{F1E8FAC5-6986-4F00-86CD-73E7DD5250D1}"
 9 | EndProject
10 | Global
11 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
12 | 		Debug|x64 = Debug|x64
13 | 		Debug|x86 = Debug|x86
14 | 		Release|x64 = Release|x64
15 | 		Release|x86 = Release|x86
16 | 	EndGlobalSection
17 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
18 | 		{27AB389F-C4A9-4480-A6E6-BE553155AC0A}.Debug|x64.ActiveCfg = Debug|x64
19 | 		{27AB389F-C4A9-4480-A6E6-BE553155AC0A}.Debug|x64.Build.0 = Debug|x64
20 | 		{27AB389F-C4A9-4480-A6E6-BE553155AC0A}.Debug|x86.ActiveCfg = Debug|Win32
21 | 		{27AB389F-C4A9-4480-A6E6-BE553155AC0A}.Debug|x86.Build.0 = Debug|Win32
22 | 		{27AB389F-C4A9-4480-A6E6-BE553155AC0A}.Release|x64.ActiveCfg = Release|Win32
23 | 		{27AB389F-C4A9-4480-A6E6-BE553155AC0A}.Release|x64.Build.0 = Release|Win32
24 | 		{27AB389F-C4A9-4480-A6E6-BE553155AC0A}.Release|x86.ActiveCfg = Release|Win32
25 | 		{27AB389F-C4A9-4480-A6E6-BE553155AC0A}.Release|x86.Build.0 = Release|Win32
26 | 		{F1E8FAC5-6986-4F00-86CD-73E7DD5250D1}.Debug|x64.ActiveCfg = Debug|x64
27 | 		{F1E8FAC5-6986-4F00-86CD-73E7DD5250D1}.Debug|x64.Build.0 = Debug|x64
28 | 		{F1E8FAC5-6986-4F00-86CD-73E7DD5250D1}.Debug|x86.ActiveCfg = Debug|Win32
29 | 		{F1E8FAC5-6986-4F00-86CD-73E7DD5250D1}.Debug|x86.Build.0 = Debug|Win32
30 | 		{F1E8FAC5-6986-4F00-86CD-73E7DD5250D1}.Release|x64.ActiveCfg = Release|x64
31 | 		{F1E8FAC5-6986-4F00-86CD-73E7DD5250D1}.Release|x64.Build.0 = Release|x64
32 | 		{F1E8FAC5-6986-4F00-86CD-73E7DD5250D1}.Release|x86.ActiveCfg = Release|x64
33 | 		{F1E8FAC5-6986-4F00-86CD-73E7DD5250D1}.Release|x86.Build.0 = Release|x64
34 | 	EndGlobalSection
35 | 	GlobalSection(SolutionProperties) = preSolution
36 | 		HideSolutionNode = FALSE
37 | 	EndGlobalSection
38 | 	GlobalSection(ExtensibilityGlobals) = postSolution
39 | 		SolutionGuid = {EAA57F27-BA53-49AA-95B4-1EEE15C1535F}
40 | 	EndGlobalSection
41 | EndGlobal
42 | 


--------------------------------------------------------------------------------
/Readme.md:
--------------------------------------------------------------------------------
 1 | # DebugFromEntryPoint with Cheat Engine
 2 | + this program calls MessageBoxW before target process executes anything
 3 | + if you set BP at MessageBoxW's ret code, you can debug and trace EntryPoint with CE
 4 | + how to use
 5 | 	+ drag and drop PE file to DebugFromEntryPoint.exe
 6 | 	+ set BP at MessageBoxW's ret code by CE
 7 | 	+ Press OK to close MessageBox
 8 | 
 9 | ## Injected code
10 | ### x86 version
11 | + x86 process needs to hold initial eax and ebx to inject code before executing EntryPoint
12 | ```x86asm
13 | 01100000 - 50                    - push eax
14 | 01100001 - 53                    - push ebx
15 | 01100002 - 68 35001001           - push 01100035 { ("user32.dll") }
16 | 01100007 - FF 15 29001001        - call dword ptr [01100029] { ->KERNEL32.LoadLibraryW }
17 | 0110000D - 6A 00                 - push 00 { 0 }
18 | 0110000F - 68 35011001           - push 01100135 { ("DebugFromEntryPoint") }
19 | 01100014 - 68 35021001           - push 01100235 { ("Please set BP at ret code of Me") }
20 | 01100019 - 6A 00                 - push 00 { 0 }
21 | 0110001B - FF 15 2D001001        - call dword ptr [0110002D] { ->USER32.MessageBoxW }
22 | 01100021 - 5B                    - pop ebx
23 | 01100022 - 58                    - pop eax
24 | 01100023 - FF 25 31001001        - jmp dword ptr [01100031] { ->ntdll.RtlUserThreadStart }
25 | ```
26 | 
27 | ### x64 version
28 | ```x86asm
29 | 1C761550000 - 50                    - push rax
30 | 1C761550001 - 53                    - push rbx
31 | 1C761550002 - 51                    - push rcx
32 | 1C761550003 - 52                    - push rdx
33 | 1C761550004 - 56                    - push rsi
34 | 1C761550005 - 57                    - push rdi
35 | 1C761550006 - 55                    - push rbp
36 | 1C761550007 - 41 50                 - push r8
37 | 1C761550009 - 41 51                 - push r9
38 | 1C76155000B - 41 52                 - push r10
39 | 1C76155000D - 41 53                 - push r11
40 | 1C76155000F - 41 54                 - push r12
41 | 1C761550011 - 41 55                 - push r13
42 | 1C761550013 - 41 56                 - push r14
43 | 1C761550015 - 41 57                 - push r15
44 | 1C761550017 - 48 83 EC 30           - sub rsp,30 { 48 }
45 | 1C76155001B - 48 8D 0D 59000000     - lea rcx,[1C76155007B] { ("user32.dll") }
46 | 1C761550022 - FF 15 3B000000        - call qword ptr [1C761550063] { ->KERNEL32.LoadLibraryW }
47 | 1C761550028 - 4D 31 C9              - xor r9,r9
48 | 1C76155002B - 4C 8D 05 49010000     - lea r8,[1C76155017B] { ("DebugFromEntryPoint") }
49 | 1C761550032 - 48 8D 15 42020000     - lea rdx,[1C76155027B] { ("Please set BP at ret code of Me") }
50 | 1C761550039 - 48 31 C9              - xor rcx,rcx
51 | 1C76155003C - FF 15 29000000        - call qword ptr [1C76155006B] { ->USER32.MessageBoxW }
52 | 1C761550042 - 48 83 C4 30           - add rsp,30 { 48 }
53 | 1C761550046 - 41 5F                 - pop r15
54 | 1C761550048 - 41 5E                 - pop r14
55 | 1C76155004A - 41 5D                 - pop r13
56 | 1C76155004C - 41 5C                 - pop r12
57 | 1C76155004E - 41 5B                 - pop r11
58 | 1C761550050 - 41 5A                 - pop r10
59 | 1C761550052 - 41 59                 - pop r9
60 | 1C761550054 - 41 58                 - pop r8
61 | 1C761550056 - 5D                    - pop rbp
62 | 1C761550057 - 5F                    - pop rdi
63 | 1C761550058 - 5E                    - pop rsi
64 | 1C761550059 - 5A                    - pop rdx
65 | 1C76155005A - 59                    - pop rcx
66 | 1C76155005B - 5B                    - pop rbx
67 | 1C76155005C - 58                    - pop rax
68 | 1C76155005D - FF 25 10000000        - jmp qword ptr [1C761550073] { ->ntdll.RtlUserThreadStart }
69 | ```


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
  1 | ## Ignore Visual Studio temporary files, build results, and
  2 | ## files generated by popular Visual Studio add-ons.
  3 | ##
  4 | ## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore
  5 | 
  6 | # User-specific files
  7 | *.rsuser
  8 | *.suo
  9 | *.user
 10 | *.userosscache
 11 | *.sln.docstates
 12 | 
 13 | # User-specific files (MonoDevelop/Xamarin Studio)
 14 | *.userprefs
 15 | 
 16 | # Mono auto generated files
 17 | mono_crash.*
 18 | 
 19 | # Build results
 20 | [Dd]ebug/
 21 | [Dd]ebugPublic/
 22 | [Rr]elease/
 23 | [Rr]eleases/
 24 | x64/
 25 | x86/
 26 | [Aa][Rr][Mm]/
 27 | [Aa][Rr][Mm]64/
 28 | bld/
 29 | [Bb]in/
 30 | [Oo]bj/
 31 | [Ll]og/
 32 | [Ll]ogs/
 33 | 
 34 | # Visual Studio 2015/2017 cache/options directory
 35 | .vs/
 36 | # Uncomment if you have tasks that create the project's static files in wwwroot
 37 | #wwwroot/
 38 | 
 39 | # Visual Studio 2017 auto generated files
 40 | Generated\ Files/
 41 | 
 42 | # MSTest test Results
 43 | [Tt]est[Rr]esult*/
 44 | [Bb]uild[Ll]og.*
 45 | 
 46 | # NUnit
 47 | *.VisualState.xml
 48 | TestResult.xml
 49 | nunit-*.xml
 50 | 
 51 | # Build Results of an ATL Project
 52 | [Dd]ebugPS/
 53 | [Rr]eleasePS/
 54 | dlldata.c
 55 | 
 56 | # Benchmark Results
 57 | BenchmarkDotNet.Artifacts/
 58 | 
 59 | # .NET Core
 60 | project.lock.json
 61 | project.fragment.lock.json
 62 | artifacts/
 63 | 
 64 | # StyleCop
 65 | StyleCopReport.xml
 66 | 
 67 | # Files built by Visual Studio
 68 | *_i.c
 69 | *_p.c
 70 | *_h.h
 71 | *.ilk
 72 | *.meta
 73 | *.obj
 74 | *.iobj
 75 | *.pch
 76 | *.pdb
 77 | *.ipdb
 78 | *.pgc
 79 | *.pgd
 80 | *.rsp
 81 | *.sbr
 82 | *.tlb
 83 | *.tli
 84 | *.tlh
 85 | *.tmp
 86 | *.tmp_proj
 87 | *_wpftmp.csproj
 88 | *.log
 89 | *.vspscc
 90 | *.vssscc
 91 | .builds
 92 | *.pidb
 93 | *.svclog
 94 | *.scc
 95 | 
 96 | # Chutzpah Test files
 97 | _Chutzpah*
 98 | 
 99 | # Visual C++ cache files
100 | ipch/
101 | *.aps
102 | *.ncb
103 | *.opendb
104 | *.opensdf
105 | *.sdf
106 | *.cachefile
107 | *.VC.db
108 | *.VC.VC.opendb
109 | 
110 | # Visual Studio profiler
111 | *.psess
112 | *.vsp
113 | *.vspx
114 | *.sap
115 | 
116 | # Visual Studio Trace Files
117 | *.e2e
118 | 
119 | # TFS 2012 Local Workspace
120 | $tf/
121 | 
122 | # Guidance Automation Toolkit
123 | *.gpState
124 | 
125 | # ReSharper is a .NET coding add-in
126 | _ReSharper*/
127 | *.[Rr]e[Ss]harper
128 | *.DotSettings.user
129 | 
130 | # TeamCity is a build add-in
131 | _TeamCity*
132 | 
133 | # DotCover is a Code Coverage Tool
134 | *.dotCover
135 | 
136 | # AxoCover is a Code Coverage Tool
137 | .axoCover/*
138 | !.axoCover/settings.json
139 | 
140 | # Visual Studio code coverage results
141 | *.coverage
142 | *.coveragexml
143 | 
144 | # NCrunch
145 | _NCrunch_*
146 | .*crunch*.local.xml
147 | nCrunchTemp_*
148 | 
149 | # MightyMoose
150 | *.mm.*
151 | AutoTest.Net/
152 | 
153 | # Web workbench (sass)
154 | .sass-cache/
155 | 
156 | # Installshield output folder
157 | [Ee]xpress/
158 | 
159 | # DocProject is a documentation generator add-in
160 | DocProject/buildhelp/
161 | DocProject/Help/*.HxT
162 | DocProject/Help/*.HxC
163 | DocProject/Help/*.hhc
164 | DocProject/Help/*.hhk
165 | DocProject/Help/*.hhp
166 | DocProject/Help/Html2
167 | DocProject/Help/html
168 | 
169 | # Click-Once directory
170 | publish/
171 | 
172 | # Publish Web Output
173 | *.[Pp]ublish.xml
174 | *.azurePubxml
175 | # Note: Comment the next line if you want to checkin your web deploy settings,
176 | # but database connection strings (with potential passwords) will be unencrypted
177 | *.pubxml
178 | *.publishproj
179 | 
180 | # Microsoft Azure Web App publish settings. Comment the next line if you want to
181 | # checkin your Azure Web App publish settings, but sensitive information contained
182 | # in these scripts will be unencrypted
183 | PublishScripts/
184 | 
185 | # NuGet Packages
186 | *.nupkg
187 | # NuGet Symbol Packages
188 | *.snupkg
189 | # The packages folder can be ignored because of Package Restore
190 | **/[Pp]ackages/*
191 | # except build/, which is used as an MSBuild target.
192 | !**/[Pp]ackages/build/
193 | # Uncomment if necessary however generally it will be regenerated when needed
194 | #!**/[Pp]ackages/repositories.config
195 | # NuGet v3's project.json files produces more ignorable files
196 | *.nuget.props
197 | *.nuget.targets
198 | 
199 | # Microsoft Azure Build Output
200 | csx/
201 | *.build.csdef
202 | 
203 | # Microsoft Azure Emulator
204 | ecf/
205 | rcf/
206 | 
207 | # Windows Store app package directories and files
208 | AppPackages/
209 | BundleArtifacts/
210 | Package.StoreAssociation.xml
211 | _pkginfo.txt
212 | *.appx
213 | *.appxbundle
214 | *.appxupload
215 | 
216 | # Visual Studio cache files
217 | # files ending in .cache can be ignored
218 | *.[Cc]ache
219 | # but keep track of directories ending in .cache
220 | !?*.[Cc]ache/
221 | 
222 | # Others
223 | ClientBin/
224 | ~$*
225 | *~
226 | *.dbmdl
227 | *.dbproj.schemaview
228 | *.jfm
229 | *.pfx
230 | *.publishsettings
231 | orleans.codegen.cs
232 | 
233 | # Including strong name files can present a security risk
234 | # (https://github.com/github/gitignore/pull/2483#issue-259490424)
235 | #*.snk
236 | 
237 | # Since there are multiple workflows, uncomment next line to ignore bower_components
238 | # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
239 | #bower_components/
240 | 
241 | # RIA/Silverlight projects
242 | Generated_Code/
243 | 
244 | # Backup & report files from converting an old project file
245 | # to a newer Visual Studio version. Backup files are not needed,
246 | # because we have git ;-)
247 | _UpgradeReport_Files/
248 | Backup*/
249 | UpgradeLog*.XML
250 | UpgradeLog*.htm
251 | ServiceFabricBackup/
252 | *.rptproj.bak
253 | 
254 | # SQL Server files
255 | *.mdf
256 | *.ldf
257 | *.ndf
258 | 
259 | # Business Intelligence projects
260 | *.rdl.data
261 | *.bim.layout
262 | *.bim_*.settings
263 | *.rptproj.rsuser
264 | *- [Bb]ackup.rdl
265 | *- [Bb]ackup ([0-9]).rdl
266 | *- [Bb]ackup ([0-9][0-9]).rdl
267 | 
268 | # Microsoft Fakes
269 | FakesAssemblies/
270 | 
271 | # GhostDoc plugin setting file
272 | *.GhostDoc.xml
273 | 
274 | # Node.js Tools for Visual Studio
275 | .ntvs_analysis.dat
276 | node_modules/
277 | 
278 | # Visual Studio 6 build log
279 | *.plg
280 | 
281 | # Visual Studio 6 workspace options file
282 | *.opt
283 | 
284 | # Visual Studio 6 auto-generated workspace file (contains which files were open etc.)
285 | *.vbw
286 | 
287 | # Visual Studio LightSwitch build output
288 | **/*.HTMLClient/GeneratedArtifacts
289 | **/*.DesktopClient/GeneratedArtifacts
290 | **/*.DesktopClient/ModelManifest.xml
291 | **/*.Server/GeneratedArtifacts
292 | **/*.Server/ModelManifest.xml
293 | _Pvt_Extensions
294 | 
295 | # Paket dependency manager
296 | .paket/paket.exe
297 | paket-files/
298 | 
299 | # FAKE - F# Make
300 | .fake/
301 | 
302 | # CodeRush personal settings
303 | .cr/personal
304 | 
305 | # Python Tools for Visual Studio (PTVS)
306 | __pycache__/
307 | *.pyc
308 | 
309 | # Cake - Uncomment if you are using it
310 | # tools/**
311 | # !tools/packages.config
312 | 
313 | # Tabs Studio
314 | *.tss
315 | 
316 | # Telerik's JustMock configuration file
317 | *.jmconfig
318 | 
319 | # BizTalk build output
320 | *.btp.cs
321 | *.btm.cs
322 | *.odx.cs
323 | *.xsd.cs
324 | 
325 | # OpenCover UI analysis results
326 | OpenCover/
327 | 
328 | # Azure Stream Analytics local run output
329 | ASALocalRun/
330 | 
331 | # MSBuild Binary and Structured Log
332 | *.binlog
333 | 
334 | # NVidia Nsight GPU debugger configuration file
335 | *.nvuser
336 | 
337 | # MFractors (Xamarin productivity tool) working folder
338 | .mfractor/
339 | 
340 | # Local History for Visual Studio
341 | .localhistory/
342 | 
343 | # BeatPulse healthcheck temp database
344 | healthchecksdb
345 | 
346 | # Backup folder for Package Reference Convert tool in Visual Studio 2017
347 | MigrationBackup/
348 | 
349 | # Ionide (cross platform F# VS Code tools) working folder
350 | .ionide/
351 | 
352 | # MyLib
353 | Share/


--------------------------------------------------------------------------------
/DebugFromEntryPoint/DebugFromEntryPoint.vcxproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup Label="ProjectConfigurations">
  4 |     <ProjectConfiguration Include="Debug|Win32">
  5 |       <Configuration>Debug</Configuration>
  6 |       <Platform>Win32</Platform>
  7 |     </ProjectConfiguration>
  8 |     <ProjectConfiguration Include="Release|Win32">
  9 |       <Configuration>Release</Configuration>
 10 |       <Platform>Win32</Platform>
 11 |     </ProjectConfiguration>
 12 |     <ProjectConfiguration Include="Debug|x64">
 13 |       <Configuration>Debug</Configuration>
 14 |       <Platform>x64</Platform>
 15 |     </ProjectConfiguration>
 16 |     <ProjectConfiguration Include="Release|x64">
 17 |       <Configuration>Release</Configuration>
 18 |       <Platform>x64</Platform>
 19 |     </ProjectConfiguration>
 20 |   </ItemGroup>
 21 |   <PropertyGroup Label="Globals">
 22 |     <VCProjectVersion>15.0</VCProjectVersion>
 23 |     <ProjectGuid>{27AB389F-C4A9-4480-A6E6-BE553155AC0A}</ProjectGuid>
 24 |     <Keyword>Win32Proj</Keyword>
 25 |     <RootNamespace>DebugFromEntryPoint</RootNamespace>
 26 |     <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
 27 |   </PropertyGroup>
 28 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
 29 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
 30 |     <ConfigurationType>Application</ConfigurationType>
 31 |     <UseDebugLibraries>true</UseDebugLibraries>
 32 |     <PlatformToolset>v141</PlatformToolset>
 33 |     <CharacterSet>Unicode</CharacterSet>
 34 |   </PropertyGroup>
 35 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
 36 |     <ConfigurationType>Application</ConfigurationType>
 37 |     <UseDebugLibraries>false</UseDebugLibraries>
 38 |     <PlatformToolset>v141</PlatformToolset>
 39 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 40 |     <CharacterSet>Unicode</CharacterSet>
 41 |   </PropertyGroup>
 42 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
 43 |     <ConfigurationType>Application</ConfigurationType>
 44 |     <UseDebugLibraries>true</UseDebugLibraries>
 45 |     <PlatformToolset>v141</PlatformToolset>
 46 |     <CharacterSet>Unicode</CharacterSet>
 47 |   </PropertyGroup>
 48 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
 49 |     <ConfigurationType>Application</ConfigurationType>
 50 |     <UseDebugLibraries>false</UseDebugLibraries>
 51 |     <PlatformToolset>v141</PlatformToolset>
 52 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 53 |     <CharacterSet>Unicode</CharacterSet>
 54 |   </PropertyGroup>
 55 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
 56 |   <ImportGroup Label="ExtensionSettings">
 57 |   </ImportGroup>
 58 |   <ImportGroup Label="Shared">
 59 |   </ImportGroup>
 60 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 61 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 62 |   </ImportGroup>
 63 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 64 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 65 |   </ImportGroup>
 66 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 67 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 68 |   </ImportGroup>
 69 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 70 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 71 |   </ImportGroup>
 72 |   <PropertyGroup Label="UserMacros" />
 73 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 74 |     <LinkIncremental>true</LinkIncremental>
 75 |   </PropertyGroup>
 76 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 77 |     <LinkIncremental>true</LinkIncremental>
 78 |   </PropertyGroup>
 79 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 80 |     <LinkIncremental>false</LinkIncremental>
 81 |   </PropertyGroup>
 82 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 83 |     <LinkIncremental>false</LinkIncremental>
 84 |   </PropertyGroup>
 85 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 86 |     <ClCompile>
 87 |       <WarningLevel>Level3</WarningLevel>
 88 |       <Optimization>Disabled</Optimization>
 89 |       <SDLCheck>true</SDLCheck>
 90 |       <PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
 91 |       <ConformanceMode>true</ConformanceMode>
 92 |     </ClCompile>
 93 |     <Link>
 94 |       <SubSystem>Windows</SubSystem>
 95 |       <GenerateDebugInformation>true</GenerateDebugInformation>
 96 |     </Link>
 97 |   </ItemDefinitionGroup>
 98 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 99 |     <ClCompile>
100 |       <WarningLevel>Level3</WarningLevel>
101 |       <Optimization>Disabled</Optimization>
102 |       <SDLCheck>true</SDLCheck>
103 |       <PreprocessorDefinitions>_DEBUG;_WINDOWS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
104 |       <ConformanceMode>true</ConformanceMode>
105 |     </ClCompile>
106 |     <Link>
107 |       <SubSystem>Windows</SubSystem>
108 |       <GenerateDebugInformation>true</GenerateDebugInformation>
109 |     </Link>
110 |   </ItemDefinitionGroup>
111 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
112 |     <ClCompile>
113 |       <WarningLevel>Level3</WarningLevel>
114 |       <Optimization>MaxSpeed</Optimization>
115 |       <FunctionLevelLinking>true</FunctionLevelLinking>
116 |       <IntrinsicFunctions>true</IntrinsicFunctions>
117 |       <SDLCheck>true</SDLCheck>
118 |       <PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
119 |       <ConformanceMode>true</ConformanceMode>
120 |       <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
121 |     </ClCompile>
122 |     <Link>
123 |       <SubSystem>Windows</SubSystem>
124 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
125 |       <OptimizeReferences>true</OptimizeReferences>
126 |       <GenerateDebugInformation>true</GenerateDebugInformation>
127 |       <UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
128 |     </Link>
129 |   </ItemDefinitionGroup>
130 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
131 |     <ClCompile>
132 |       <WarningLevel>Level3</WarningLevel>
133 |       <Optimization>MaxSpeed</Optimization>
134 |       <FunctionLevelLinking>true</FunctionLevelLinking>
135 |       <IntrinsicFunctions>true</IntrinsicFunctions>
136 |       <SDLCheck>true</SDLCheck>
137 |       <PreprocessorDefinitions>NDEBUG;_WINDOWS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
138 |       <ConformanceMode>true</ConformanceMode>
139 |     </ClCompile>
140 |     <Link>
141 |       <SubSystem>Windows</SubSystem>
142 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
143 |       <OptimizeReferences>true</OptimizeReferences>
144 |       <GenerateDebugInformation>true</GenerateDebugInformation>
145 |     </Link>
146 |   </ItemDefinitionGroup>
147 |   <ItemGroup>
148 |     <ClCompile Include="DebugFromEntryPoint.cpp" />
149 |   </ItemGroup>
150 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
151 |   <ImportGroup Label="ExtensionTargets">
152 |   </ImportGroup>
153 | </Project>


--------------------------------------------------------------------------------
/DebugFromEntryPoint64/DebugFromEntryPoint64.vcxproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup Label="ProjectConfigurations">
  4 |     <ProjectConfiguration Include="Debug|Win32">
  5 |       <Configuration>Debug</Configuration>
  6 |       <Platform>Win32</Platform>
  7 |     </ProjectConfiguration>
  8 |     <ProjectConfiguration Include="Release|Win32">
  9 |       <Configuration>Release</Configuration>
 10 |       <Platform>Win32</Platform>
 11 |     </ProjectConfiguration>
 12 |     <ProjectConfiguration Include="Debug|x64">
 13 |       <Configuration>Debug</Configuration>
 14 |       <Platform>x64</Platform>
 15 |     </ProjectConfiguration>
 16 |     <ProjectConfiguration Include="Release|x64">
 17 |       <Configuration>Release</Configuration>
 18 |       <Platform>x64</Platform>
 19 |     </ProjectConfiguration>
 20 |   </ItemGroup>
 21 |   <PropertyGroup Label="Globals">
 22 |     <VCProjectVersion>15.0</VCProjectVersion>
 23 |     <ProjectGuid>{F1E8FAC5-6986-4F00-86CD-73E7DD5250D1}</ProjectGuid>
 24 |     <Keyword>Win32Proj</Keyword>
 25 |     <RootNamespace>DebugFromEntryPoint64</RootNamespace>
 26 |     <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
 27 |   </PropertyGroup>
 28 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
 29 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
 30 |     <ConfigurationType>Application</ConfigurationType>
 31 |     <UseDebugLibraries>true</UseDebugLibraries>
 32 |     <PlatformToolset>v141</PlatformToolset>
 33 |     <CharacterSet>Unicode</CharacterSet>
 34 |   </PropertyGroup>
 35 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
 36 |     <ConfigurationType>Application</ConfigurationType>
 37 |     <UseDebugLibraries>false</UseDebugLibraries>
 38 |     <PlatformToolset>v141</PlatformToolset>
 39 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 40 |     <CharacterSet>Unicode</CharacterSet>
 41 |   </PropertyGroup>
 42 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
 43 |     <ConfigurationType>Application</ConfigurationType>
 44 |     <UseDebugLibraries>true</UseDebugLibraries>
 45 |     <PlatformToolset>v141</PlatformToolset>
 46 |     <CharacterSet>Unicode</CharacterSet>
 47 |   </PropertyGroup>
 48 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
 49 |     <ConfigurationType>Application</ConfigurationType>
 50 |     <UseDebugLibraries>false</UseDebugLibraries>
 51 |     <PlatformToolset>v141</PlatformToolset>
 52 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 53 |     <CharacterSet>Unicode</CharacterSet>
 54 |   </PropertyGroup>
 55 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
 56 |   <ImportGroup Label="ExtensionSettings">
 57 |   </ImportGroup>
 58 |   <ImportGroup Label="Shared">
 59 |   </ImportGroup>
 60 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 61 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 62 |   </ImportGroup>
 63 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 64 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 65 |   </ImportGroup>
 66 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 67 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 68 |   </ImportGroup>
 69 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 70 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 71 |   </ImportGroup>
 72 |   <PropertyGroup Label="UserMacros" />
 73 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 74 |     <LinkIncremental>false</LinkIncremental>
 75 |   </PropertyGroup>
 76 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 77 |     <LinkIncremental>true</LinkIncremental>
 78 |   </PropertyGroup>
 79 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 80 |     <LinkIncremental>true</LinkIncremental>
 81 |   </PropertyGroup>
 82 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 83 |     <LinkIncremental>false</LinkIncremental>
 84 |     <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
 85 |   </PropertyGroup>
 86 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 87 |     <ClCompile>
 88 |       <WarningLevel>Level3</WarningLevel>
 89 |       <Optimization>MaxSpeed</Optimization>
 90 |       <FunctionLevelLinking>true</FunctionLevelLinking>
 91 |       <IntrinsicFunctions>true</IntrinsicFunctions>
 92 |       <SDLCheck>true</SDLCheck>
 93 |       <PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
 94 |       <ConformanceMode>true</ConformanceMode>
 95 |     </ClCompile>
 96 |     <Link>
 97 |       <SubSystem>Windows</SubSystem>
 98 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
 99 |       <OptimizeReferences>true</OptimizeReferences>
100 |       <GenerateDebugInformation>true</GenerateDebugInformation>
101 |     </Link>
102 |   </ItemDefinitionGroup>
103 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
104 |     <ClCompile>
105 |       <WarningLevel>Level3</WarningLevel>
106 |       <Optimization>Disabled</Optimization>
107 |       <SDLCheck>true</SDLCheck>
108 |       <PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
109 |       <ConformanceMode>true</ConformanceMode>
110 |     </ClCompile>
111 |     <Link>
112 |       <SubSystem>Windows</SubSystem>
113 |       <GenerateDebugInformation>true</GenerateDebugInformation>
114 |     </Link>
115 |   </ItemDefinitionGroup>
116 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
117 |     <ClCompile>
118 |       <WarningLevel>Level3</WarningLevel>
119 |       <Optimization>Disabled</Optimization>
120 |       <SDLCheck>true</SDLCheck>
121 |       <PreprocessorDefinitions>_DEBUG;_WINDOWS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
122 |       <ConformanceMode>true</ConformanceMode>
123 |     </ClCompile>
124 |     <Link>
125 |       <SubSystem>Windows</SubSystem>
126 |       <GenerateDebugInformation>true</GenerateDebugInformation>
127 |     </Link>
128 |   </ItemDefinitionGroup>
129 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
130 |     <ClCompile>
131 |       <WarningLevel>Level3</WarningLevel>
132 |       <Optimization>MaxSpeed</Optimization>
133 |       <FunctionLevelLinking>true</FunctionLevelLinking>
134 |       <IntrinsicFunctions>true</IntrinsicFunctions>
135 |       <SDLCheck>true</SDLCheck>
136 |       <PreprocessorDefinitions>NDEBUG;_WINDOWS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
137 |       <ConformanceMode>true</ConformanceMode>
138 |       <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
139 |     </ClCompile>
140 |     <Link>
141 |       <SubSystem>Windows</SubSystem>
142 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
143 |       <OptimizeReferences>true</OptimizeReferences>
144 |       <GenerateDebugInformation>true</GenerateDebugInformation>
145 |       <UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
146 |     </Link>
147 |   </ItemDefinitionGroup>
148 |   <ItemGroup>
149 |     <ClCompile Include="..\DebugFromEntryPoint\DebugFromEntryPoint.cpp" />
150 |   </ItemGroup>
151 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
152 |   <ImportGroup Label="ExtensionTargets">
153 |   </ImportGroup>
154 | </Project>


--------------------------------------------------------------------------------
/DebugFromEntryPoint/DebugFromEntryPoint.cpp:
--------------------------------------------------------------------------------
  1 | #include<Windows.h>
  2 | #include<string>
  3 | 
  4 | #define TOOL_NAME L"DebugFromEntryPoint"
  5 | 
  6 | #pragma pack(push, 1)
  7 | typedef struct {
  8 | #ifdef _WIN64
  9 | 	BYTE push[7];
 10 | 	WORD push_sub[8];
 11 | 	DWORD sub_rsp;
 12 | 	BYTE loadlib_arg_1[7];
 13 | 	BYTE loadlib_call_qword_ptr[6];
 14 | 	BYTE msgbox_arg_4[3];
 15 | 	BYTE msgbox_arg_3[7];
 16 | 	BYTE msgbox_arg_2[7];
 17 | 	BYTE msgbox_arg_1[3];
 18 | 	BYTE msgbox_call_qword_ptr[6];
 19 | 	DWORD add_rsp;
 20 | 	WORD pop_sub[8];
 21 | 	BYTE pop[7];
 22 | 	BYTE jmp_qword_ptr[6];
 23 | #else
 24 | 	BYTE push[2];
 25 | 	BYTE loadlibrary_arg_1[5];
 26 | 	BYTE loadlib_call_dword_ptr[6];
 27 | 	BYTE msgbox_arg_4[2];
 28 | 	BYTE msgbox_arg_3[5];
 29 | 	BYTE msgbox_arg_2[5];
 30 | 	BYTE msgbox_arg_1[2];
 31 | 	BYTE msgbox_call_dword_ptr[6];
 32 | 	BYTE pop[2];
 33 | 	BYTE jmp_dword_ptr[6];
 34 | #endif
 35 | 	ULONG_PTR address_LoadLibraryW;
 36 | 	ULONG_PTR address_MessageBoxW;
 37 | 	ULONG_PTR address_EntryPoint;
 38 | 	WCHAR loadlib_path[128];
 39 | 	WCHAR msgbox_title[128];
 40 | 	WCHAR msgbox_msg[128];
 41 | } DebugEntryPoint;
 42 | #pragma pack(pop)
 43 | 
 44 | 
 45 | class DebugFromEntryPointInjector {
 46 | private:
 47 | 	PROCESS_INFORMATION target_pi;
 48 | 	std::wstring target_path;
 49 | 	HANDLE process_handle;
 50 | 	HANDLE main_thread_handle;
 51 | 	bool is_successed;
 52 | 
 53 | public:
 54 | 	DebugFromEntryPointInjector(std::wstring wTargetPath);
 55 | 	~DebugFromEntryPointInjector();
 56 | 	bool Run(std::wstring wCmdLine = L"");
 57 | };
 58 | 
 59 | DebugFromEntryPointInjector::DebugFromEntryPointInjector(std::wstring wTargetPath) {
 60 | 	target_path = wTargetPath;
 61 | 	process_handle = NULL;
 62 | 	main_thread_handle = NULL;
 63 | 	is_successed = false;
 64 | 	memset(&target_pi, 0, sizeof(target_pi));
 65 | };
 66 | 
 67 | DebugFromEntryPointInjector::~DebugFromEntryPointInjector() {
 68 | 	if (main_thread_handle) {
 69 | 		if (is_successed) {
 70 | 			ResumeThread(main_thread_handle);
 71 | 		}
 72 | 		CloseHandle(main_thread_handle);
 73 | 	}
 74 | 	if (process_handle) {
 75 | 		if (!is_successed) {
 76 | 			TerminateProcess(process_handle, 0xDEAD);
 77 | 		}
 78 | 		CloseHandle(process_handle);
 79 | 	}
 80 | }
 81 | 
 82 | bool DebugFromEntryPointInjector::Run(std::wstring wCmdLine) {
 83 | 	STARTUPINFO si;
 84 | 	PROCESS_INFORMATION pi;
 85 | 
 86 | 	memset(&si, 0, sizeof(si));
 87 | 	memset(&pi, 0, sizeof(pi));
 88 | 	si.cb = sizeof(si);
 89 | 
 90 | 	std::wstring wDir = target_path;
 91 | 	size_t pos_last_backslash = wDir.rfind(L'\\');
 92 | 	if (pos_last_backslash != std::wstring::npos) {
 93 | 		wDir.erase(wDir.begin() + pos_last_backslash + 1, wDir.end());
 94 | 		if (wCmdLine.length()) {
 95 | 			if (!CreateProcessW(target_path.c_str(), (LPWSTR)wCmdLine.c_str(), 0, 0, FALSE, CREATE_SUSPENDED, 0, wDir.c_str(), &si, &pi)) {
 96 | 				return false;
 97 | 			}
 98 | 		}
 99 | 		else {
100 | 			if (!CreateProcessW(target_path.c_str(), 0, 0, 0, FALSE, CREATE_SUSPENDED, 0, wDir.c_str(), &si, &pi)) {
101 | 				return false;
102 | 			}
103 | 		}
104 | 	}
105 | 	else {
106 | 		if (wCmdLine.length()) {
107 | 			if (!CreateProcessW(target_path.c_str(), (LPWSTR)wCmdLine.c_str(), 0, 0, FALSE, CREATE_SUSPENDED, 0, 0, &si, &pi)) {
108 | 				return false;
109 | 			}
110 | 		}
111 | 		else {
112 | 			if (!CreateProcessW(target_path.c_str(), 0, 0, 0, FALSE, CREATE_SUSPENDED, 0, 0, &si, &pi)) {
113 | 				return false;
114 | 			}
115 | 		}
116 | 	}
117 | 
118 | 	process_handle = pi.hProcess;
119 | 	main_thread_handle = pi.hThread;
120 | 
121 | 	// Process
122 | 	HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pi.dwProcessId);
123 | 	if (!hProcess) {
124 | 		return false;
125 | 	}
126 | 
127 | 	CloseHandle(process_handle);
128 | 	process_handle = hProcess;
129 | 
130 | 	// Thread
131 | 	HANDLE hThread = OpenThread(THREAD_ALL_ACCESS, FALSE, pi.dwThreadId);
132 | 	if (!hThread) {
133 | 		return false;
134 | 	}
135 | 
136 | 	CloseHandle(main_thread_handle);
137 | 	main_thread_handle = hThread;
138 | 
139 | 	CONTEXT ct;
140 | 	memset(&ct, 0, sizeof(ct));
141 | 	ct.ContextFlags = CONTEXT_ALL;
142 | 	if (!GetThreadContext(main_thread_handle, &ct)) {
143 | 		return false;
144 | 	}
145 | 
146 | 	void *vCode = VirtualAllocEx(process_handle, NULL, 0x1000, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
147 | 	if (!vCode) {
148 | 		return false;
149 | 	}
150 | 
151 | 	DebugEntryPoint v = { 0 };
152 | 
153 | 	wcscpy_s(v.loadlib_path, L"user32.dll");
154 | 	wcscpy_s(v.msgbox_title, TOOL_NAME);
155 | 	wcscpy_s(v.msgbox_msg, L"Please set BP at ret code of MessageBoxW API");
156 | 
157 | 	v.address_LoadLibraryW = (ULONG_PTR)LoadLibraryW;
158 | 	v.address_MessageBoxW = (ULONG_PTR)MessageBoxW;
159 | #ifdef _WIN64
160 | 	v.address_EntryPoint = (ULONG_PTR)ct.Rip;
161 | 	ct.Rip = (ULONG_PTR)vCode;
162 | 	// push reg
163 | 	v.push[0] = 0x50;
164 | 	v.push[1] = 0x53;
165 | 	v.push[2] = 0x51;
166 | 	v.push[3] = 0x52;
167 | 	v.push[4] = 0x56;
168 | 	v.push[5] = 0x57;
169 | 	v.push[6] = 0x55;
170 | 	v.push_sub[0] = 0x5041;
171 | 	v.push_sub[1] = 0x5141;
172 | 	v.push_sub[2] = 0x5241;
173 | 	v.push_sub[3] = 0x5341;
174 | 	v.push_sub[4] = 0x5441;
175 | 	v.push_sub[5] = 0x5541;
176 | 	v.push_sub[6] = 0x5641;
177 | 	v.push_sub[7] = 0x5741;
178 | 	// sub rsp,0x30
179 | 	v.sub_rsp = 0x30EC8348;
180 | 	// LoadLibraryW(L"user32.dll");
181 | 	v.loadlib_arg_1[0] = 0x48;
182 | 	v.loadlib_arg_1[1] = 0x8D;
183 | 	v.loadlib_arg_1[2] = 0x0D;
184 | 	*(signed long int *)&v.loadlib_arg_1[3] = (signed long int)((ULONG_PTR)&v.loadlib_path - (ULONG_PTR)&v.loadlib_arg_1[0] - 0x07);
185 | 	v.loadlib_call_qword_ptr[0] = 0xFF;
186 | 	v.loadlib_call_qword_ptr[1] = 0x15;
187 | 	*(signed long int *)&v.loadlib_call_qword_ptr[2] = (signed long int)((ULONG_PTR)&v.address_LoadLibraryW - (ULONG_PTR)&v.loadlib_call_qword_ptr[0] - 0x06);
188 | 	// MessageBoxW(NULL, L"DebugFromEntryPoint", L"Please set BP at ret code of MessageBoxW API", MB_OK);
189 | 	v.msgbox_arg_4[0] = 0x4D;
190 | 	v.msgbox_arg_4[1] = 0x31;
191 | 	v.msgbox_arg_4[2] = 0xC9;
192 | 	v.msgbox_arg_3[0] = 0x4C;
193 | 	v.msgbox_arg_3[1] = 0x8D;
194 | 	v.msgbox_arg_3[2] = 0x05;
195 | 	*(signed long int *)&v.msgbox_arg_3[3] = (signed long int)((ULONG_PTR)&v.msgbox_title - (ULONG_PTR)&v.msgbox_arg_3[0] - 0x07);
196 | 	v.msgbox_arg_2[0] = 0x48;
197 | 	v.msgbox_arg_2[1] = 0x8D;
198 | 	v.msgbox_arg_2[2] = 0x15;
199 | 	*(signed long int *)&v.msgbox_arg_2[3] = (signed long int)((ULONG_PTR)&v.msgbox_msg - (ULONG_PTR)&v.msgbox_arg_2[0] - 0x07);
200 | 	v.msgbox_arg_1[0] = 0x48;
201 | 	v.msgbox_arg_1[1] = 0x31;
202 | 	v.msgbox_arg_1[2] = 0xC9;
203 | 	v.msgbox_call_qword_ptr[0] = 0xFF;
204 | 	v.msgbox_call_qword_ptr[1] = 0x15;
205 | 	*(signed long int *)&v.msgbox_call_qword_ptr[2] = (signed long int)((ULONG_PTR)&v.address_MessageBoxW - (ULONG_PTR)&v.msgbox_call_qword_ptr[0] - 0x06);
206 | 	// add rsp,0x30
207 | 	v.add_rsp = 0x30C48348;
208 | 	// pop reg
209 | 	v.pop_sub[0] = 0x5F41;
210 | 	v.pop_sub[1] = 0x5E41;
211 | 	v.pop_sub[2] = 0x5D41;
212 | 	v.pop_sub[3] = 0x5C41;
213 | 	v.pop_sub[4] = 0x5B41;
214 | 	v.pop_sub[5] = 0x5A41;
215 | 	v.pop_sub[6] = 0x5941;
216 | 	v.pop_sub[7] = 0x5841;
217 | 	v.pop[0x00] = 0x5D;
218 | 	v.pop[0x01] = 0x5F;
219 | 	v.pop[0x02] = 0x5E;
220 | 	v.pop[0x03] = 0x5A;
221 | 	v.pop[0x04] = 0x59;
222 | 	v.pop[0x05] = 0x5B;
223 | 	v.pop[0x06] = 0x58;
224 | 	// jmp EntryPoint
225 | 	v.jmp_qword_ptr[0] = 0xFF;
226 | 	v.jmp_qword_ptr[1] = 0x25;
227 | 	*(signed long int *)&v.jmp_qword_ptr[2] = (signed long int)((ULONG_PTR)&v.address_EntryPoint - (ULONG_PTR)&v.jmp_qword_ptr[0] - 0x06);
228 | #else
229 | 	// x86plz
230 | 	v.address_EntryPoint = (ULONG_PTR)ct.Eip;
231 | 	ct.Eip = (ULONG_PTR)vCode;
232 | 	// push reg
233 | 	v.push[0] = 0x50;
234 | 	v.push[1] = 0x53;
235 | 	// LoadLibraryW(L"user32.dll");
236 | 	v.loadlibrary_arg_1[0] = 0x68;
237 | 	*(ULONG_PTR *)&v.loadlibrary_arg_1[1] = (ULONG_PTR)&v.loadlib_path - (ULONG_PTR)&v + (ULONG_PTR)vCode;
238 | 	v.loadlib_call_dword_ptr[0] = 0xFF;
239 | 	v.loadlib_call_dword_ptr[1] = 0x15;
240 | 	*(ULONG_PTR *)&v.loadlib_call_dword_ptr[2] = (ULONG_PTR)&v.address_LoadLibraryW - (ULONG_PTR)&v +(ULONG_PTR)vCode;
241 | 	// MessageBoxW(NULL, L"DebugFromEntryPoint", L"Please set BP at ret code of MessageBoxW API", MB_OK);
242 | 	v.msgbox_arg_4[0] = 0x6A;
243 | 	v.msgbox_arg_4[1] = 0x00;
244 | 	v.msgbox_arg_3[0] = 0x68;
245 | 	*(ULONG_PTR *)&v.msgbox_arg_3[1] = (ULONG_PTR)&v.msgbox_title - (ULONG_PTR)&v + (ULONG_PTR)vCode;
246 | 	v.msgbox_arg_2[0] = 0x68;
247 | 	*(ULONG_PTR *)&v.msgbox_arg_2[1] = (ULONG_PTR)&v.msgbox_msg - (ULONG_PTR)&v + (ULONG_PTR)vCode;
248 | 	v.msgbox_arg_1[0] = 0x6A;
249 | 	v.msgbox_arg_1[1] = 0x00;
250 | 	v.msgbox_call_dword_ptr[0] = 0xFF;
251 | 	v.msgbox_call_dword_ptr[1] = 0x15;
252 | 	*(ULONG_PTR *)&v.msgbox_call_dword_ptr[2] = (ULONG_PTR)&v.address_MessageBoxW - (ULONG_PTR)&v + (ULONG_PTR)vCode;
253 | 	// pop reg
254 | 	v.pop[0] = 0x5B;
255 | 	v.pop[1] = 0x58;
256 | 	// jmp EntryPoint
257 | 	v.jmp_dword_ptr[0] = 0xFF;
258 | 	v.jmp_dword_ptr[1] = 0x25;
259 | 	*(ULONG_PTR *)&v.jmp_dword_ptr[2] = (ULONG_PTR)&v.address_EntryPoint - (ULONG_PTR)&v + (ULONG_PTR)vCode;
260 | #endif
261 | 
262 | 	SIZE_T bw;
263 | 	if (!WriteProcessMemory(process_handle, vCode, (void *)&v, sizeof(v), &bw)) {
264 | 		return false;
265 | 	}
266 | 
267 | 	if (!SetThreadContext(main_thread_handle, &ct)) {
268 | 		return false;
269 | 	}
270 | 
271 | 	is_successed = true;
272 | 	return true;
273 | }
274 | 
275 | int WINAPI wWinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPWSTR lpCmdLine, int nCmdShow) {
276 | 
277 | 	if (__argc < 2) {
278 | 		MessageBoxW(NULL, L"Please check target exe file path", TOOL_NAME, MB_OK);
279 | 	}
280 | 	else {
281 | 		DebugFromEntryPointInjector injector(__wargv[1]);
282 | 		injector.Run();
283 | 	}
284 | 
285 | 	return 0;
286 | }


--------------------------------------------------------------------------------