├── $KProtect.sln
├── $KProtect
    ├── $KProtect.vcxproj
    ├── $KProtect.vcxproj.filters
    ├── $KProtect.vcxproj.user
    ├── DriverEntry.c
    ├── Utils
    │   ├── Helper.c
    │   ├── Helper.h
    │   ├── NtDefine.h
    │   ├── NtFunction.h
    │   └── NtStruct.h
    └── runsdvui.cmd
├── $KProtectDemo
    ├── $KProtectDemo.cpp
    ├── $KProtectDemo.h
    ├── $KProtectDemo.vcxproj
    ├── $KProtectDemo.vcxproj.filters
    ├── $KProtectDemo.vcxproj.user
    ├── $KProtectDemoDlg.cpp
    ├── $KProtectDemoDlg.h
    ├── AntiDebug.cpp
    ├── AntiDebug.h
    ├── KProtectDemo.rc
    ├── res
    │   ├── $KProtectDemo.ico
    │   └── KProtectDemo.rc2
    ├── resource.h
    ├── stdafx.cpp
    ├── stdafx.h
    └── targetver.h
└── README.MD


/$KProtect.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio 15
 4 | VisualStudioVersion = 15.0.28307.168
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "$KProtect", "$KProtect\$KProtect.vcxproj", "{C305ECD4-5B2A-4AE2-9A89-974D96349852}"
 7 | EndProject
 8 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "$KProtectDemo", "$KProtectDemo\$KProtectDemo.vcxproj", "{C6ACAB17-D753-4789-9805-B99F029247A7}"
 9 | EndProject
10 | Global
11 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
12 | 		Debug|ARM = Debug|ARM
13 | 		Debug|ARM64 = Debug|ARM64
14 | 		Debug|x64 = Debug|x64
15 | 		Debug|x86 = Debug|x86
16 | 		Release|ARM = Release|ARM
17 | 		Release|ARM64 = Release|ARM64
18 | 		Release|x64 = Release|x64
19 | 		Release|x86 = Release|x86
20 | 	EndGlobalSection
21 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
22 | 		{C305ECD4-5B2A-4AE2-9A89-974D96349852}.Debug|ARM.ActiveCfg = Debug|ARM
23 | 		{C305ECD4-5B2A-4AE2-9A89-974D96349852}.Debug|ARM.Build.0 = Debug|ARM
24 | 		{C305ECD4-5B2A-4AE2-9A89-974D96349852}.Debug|ARM.Deploy.0 = Debug|ARM
25 | 		{C305ECD4-5B2A-4AE2-9A89-974D96349852}.Debug|ARM64.ActiveCfg = Debug|ARM64
26 | 		{C305ECD4-5B2A-4AE2-9A89-974D96349852}.Debug|ARM64.Build.0 = Debug|ARM64
27 | 		{C305ECD4-5B2A-4AE2-9A89-974D96349852}.Debug|ARM64.Deploy.0 = Debug|ARM64
28 | 		{C305ECD4-5B2A-4AE2-9A89-974D96349852}.Debug|x64.ActiveCfg = Debug|x64
29 | 		{C305ECD4-5B2A-4AE2-9A89-974D96349852}.Debug|x64.Build.0 = Debug|x64
30 | 		{C305ECD4-5B2A-4AE2-9A89-974D96349852}.Debug|x64.Deploy.0 = Debug|x64
31 | 		{C305ECD4-5B2A-4AE2-9A89-974D96349852}.Debug|x86.ActiveCfg = Debug|Win32
32 | 		{C305ECD4-5B2A-4AE2-9A89-974D96349852}.Debug|x86.Build.0 = Debug|Win32
33 | 		{C305ECD4-5B2A-4AE2-9A89-974D96349852}.Debug|x86.Deploy.0 = Debug|Win32
34 | 		{C305ECD4-5B2A-4AE2-9A89-974D96349852}.Release|ARM.ActiveCfg = Release|ARM
35 | 		{C305ECD4-5B2A-4AE2-9A89-974D96349852}.Release|ARM.Build.0 = Release|ARM
36 | 		{C305ECD4-5B2A-4AE2-9A89-974D96349852}.Release|ARM.Deploy.0 = Release|ARM
37 | 		{C305ECD4-5B2A-4AE2-9A89-974D96349852}.Release|ARM64.ActiveCfg = Release|ARM64
38 | 		{C305ECD4-5B2A-4AE2-9A89-974D96349852}.Release|ARM64.Build.0 = Release|ARM64
39 | 		{C305ECD4-5B2A-4AE2-9A89-974D96349852}.Release|ARM64.Deploy.0 = Release|ARM64
40 | 		{C305ECD4-5B2A-4AE2-9A89-974D96349852}.Release|x64.ActiveCfg = Release|x64
41 | 		{C305ECD4-5B2A-4AE2-9A89-974D96349852}.Release|x64.Build.0 = Release|x64
42 | 		{C305ECD4-5B2A-4AE2-9A89-974D96349852}.Release|x64.Deploy.0 = Release|x64
43 | 		{C305ECD4-5B2A-4AE2-9A89-974D96349852}.Release|x86.ActiveCfg = Release|Win32
44 | 		{C305ECD4-5B2A-4AE2-9A89-974D96349852}.Release|x86.Build.0 = Release|Win32
45 | 		{C305ECD4-5B2A-4AE2-9A89-974D96349852}.Release|x86.Deploy.0 = Release|Win32
46 | 		{C6ACAB17-D753-4789-9805-B99F029247A7}.Debug|ARM.ActiveCfg = Debug|Win32
47 | 		{C6ACAB17-D753-4789-9805-B99F029247A7}.Debug|ARM64.ActiveCfg = Debug|Win32
48 | 		{C6ACAB17-D753-4789-9805-B99F029247A7}.Debug|x64.ActiveCfg = Debug|x64
49 | 		{C6ACAB17-D753-4789-9805-B99F029247A7}.Debug|x64.Build.0 = Debug|x64
50 | 		{C6ACAB17-D753-4789-9805-B99F029247A7}.Debug|x86.ActiveCfg = Debug|Win32
51 | 		{C6ACAB17-D753-4789-9805-B99F029247A7}.Debug|x86.Build.0 = Debug|Win32
52 | 		{C6ACAB17-D753-4789-9805-B99F029247A7}.Release|ARM.ActiveCfg = Release|Win32
53 | 		{C6ACAB17-D753-4789-9805-B99F029247A7}.Release|ARM64.ActiveCfg = Release|Win32
54 | 		{C6ACAB17-D753-4789-9805-B99F029247A7}.Release|x64.ActiveCfg = Release|x64
55 | 		{C6ACAB17-D753-4789-9805-B99F029247A7}.Release|x64.Build.0 = Release|x64
56 | 		{C6ACAB17-D753-4789-9805-B99F029247A7}.Release|x86.ActiveCfg = Release|Win32
57 | 		{C6ACAB17-D753-4789-9805-B99F029247A7}.Release|x86.Build.0 = Release|Win32
58 | 	EndGlobalSection
59 | 	GlobalSection(SolutionProperties) = preSolution
60 | 		HideSolutionNode = FALSE
61 | 	EndGlobalSection
62 | 	GlobalSection(ExtensibilityGlobals) = postSolution
63 | 		SolutionGuid = {AF3A2022-6821-4C26-A342-28BFC5F2E0F5}
64 | 	EndGlobalSection
65 | EndGlobal
66 | 


--------------------------------------------------------------------------------
/$KProtect/$KProtect.vcxproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup Label="ProjectConfigurations">
  4 |     <ProjectConfiguration Include="Debug|Win32">
  5 |       <Configuration>Debug</Configuration>
  6 |       <Platform>Win32</Platform>
  7 |     </ProjectConfiguration>
  8 |     <ProjectConfiguration Include="Release|Win32">
  9 |       <Configuration>Release</Configuration>
 10 |       <Platform>Win32</Platform>
 11 |     </ProjectConfiguration>
 12 |     <ProjectConfiguration Include="Debug|x64">
 13 |       <Configuration>Debug</Configuration>
 14 |       <Platform>x64</Platform>
 15 |     </ProjectConfiguration>
 16 |     <ProjectConfiguration Include="Release|x64">
 17 |       <Configuration>Release</Configuration>
 18 |       <Platform>x64</Platform>
 19 |     </ProjectConfiguration>
 20 |     <ProjectConfiguration Include="Debug|ARM">
 21 |       <Configuration>Debug</Configuration>
 22 |       <Platform>ARM</Platform>
 23 |     </ProjectConfiguration>
 24 |     <ProjectConfiguration Include="Release|ARM">
 25 |       <Configuration>Release</Configuration>
 26 |       <Platform>ARM</Platform>
 27 |     </ProjectConfiguration>
 28 |     <ProjectConfiguration Include="Debug|ARM64">
 29 |       <Configuration>Debug</Configuration>
 30 |       <Platform>ARM64</Platform>
 31 |     </ProjectConfiguration>
 32 |     <ProjectConfiguration Include="Release|ARM64">
 33 |       <Configuration>Release</Configuration>
 34 |       <Platform>ARM64</Platform>
 35 |     </ProjectConfiguration>
 36 |   </ItemGroup>
 37 |   <PropertyGroup Label="Globals">
 38 |     <ProjectGuid>{C305ECD4-5B2A-4AE2-9A89-974D96349852}</ProjectGuid>
 39 |     <TemplateGuid>{dd38f7fc-d7bd-488b-9242-7d8754cde80d}</TemplateGuid>
 40 |     <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
 41 |     <MinimumVisualStudioVersion>12.0</MinimumVisualStudioVersion>
 42 |     <Configuration>Debug</Configuration>
 43 |     <Platform Condition="'$(Platform)' == ''">Win32</Platform>
 44 |     <RootNamespace>__KProtect</RootNamespace>
 45 |     <WindowsTargetPlatformVersion>10.0.16299.0</WindowsTargetPlatformVersion>
 46 |   </PropertyGroup>
 47 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
 48 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
 49 |     <TargetVersion>Windows10</TargetVersion>
 50 |     <UseDebugLibraries>true</UseDebugLibraries>
 51 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
 52 |     <ConfigurationType>Driver</ConfigurationType>
 53 |     <DriverType>WDM</DriverType>
 54 |   </PropertyGroup>
 55 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
 56 |     <TargetVersion>Windows10</TargetVersion>
 57 |     <UseDebugLibraries>false</UseDebugLibraries>
 58 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
 59 |     <ConfigurationType>Driver</ConfigurationType>
 60 |     <DriverType>WDM</DriverType>
 61 |   </PropertyGroup>
 62 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
 63 |     <TargetVersion>Windows7</TargetVersion>
 64 |     <UseDebugLibraries>true</UseDebugLibraries>
 65 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
 66 |     <ConfigurationType>Driver</ConfigurationType>
 67 |     <DriverType>WDM</DriverType>
 68 |   </PropertyGroup>
 69 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
 70 |     <TargetVersion>Windows10</TargetVersion>
 71 |     <UseDebugLibraries>false</UseDebugLibraries>
 72 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
 73 |     <ConfigurationType>Driver</ConfigurationType>
 74 |     <DriverType>WDM</DriverType>
 75 |   </PropertyGroup>
 76 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'" Label="Configuration">
 77 |     <TargetVersion>Windows10</TargetVersion>
 78 |     <UseDebugLibraries>true</UseDebugLibraries>
 79 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
 80 |     <ConfigurationType>Driver</ConfigurationType>
 81 |     <DriverType>WDM</DriverType>
 82 |   </PropertyGroup>
 83 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" Label="Configuration">
 84 |     <TargetVersion>Windows10</TargetVersion>
 85 |     <UseDebugLibraries>false</UseDebugLibraries>
 86 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
 87 |     <ConfigurationType>Driver</ConfigurationType>
 88 |     <DriverType>WDM</DriverType>
 89 |   </PropertyGroup>
 90 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
 91 |     <TargetVersion>Windows10</TargetVersion>
 92 |     <UseDebugLibraries>true</UseDebugLibraries>
 93 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
 94 |     <ConfigurationType>Driver</ConfigurationType>
 95 |     <DriverType>WDM</DriverType>
 96 |   </PropertyGroup>
 97 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
 98 |     <TargetVersion>Windows10</TargetVersion>
 99 |     <UseDebugLibraries>false</UseDebugLibraries>
100 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
101 |     <ConfigurationType>Driver</ConfigurationType>
102 |     <DriverType>WDM</DriverType>
103 |   </PropertyGroup>
104 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
105 |   <ImportGroup Label="ExtensionSettings">
106 |   </ImportGroup>
107 |   <ImportGroup Label="PropertySheets">
108 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
109 |   </ImportGroup>
110 |   <PropertyGroup Label="UserMacros" />
111 |   <PropertyGroup />
112 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
113 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
114 |     <IncludePath>.\Utils;$(IncludePath)</IncludePath>
115 |   </PropertyGroup>
116 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
117 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
118 |   </PropertyGroup>
119 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
120 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
121 |     <EnableInf2cat>false</EnableInf2cat>
122 |     <IncludePath>.\Utils;$(IncludePath)</IncludePath>
123 |   </PropertyGroup>
124 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
125 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
126 |   </PropertyGroup>
127 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">
128 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
129 |   </PropertyGroup>
130 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">
131 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
132 |   </PropertyGroup>
133 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
134 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
135 |   </PropertyGroup>
136 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
137 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
138 |   </PropertyGroup>
139 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
140 |     <ClCompile>
141 |       <WarningLevel>Level3</WarningLevel>
142 |     </ClCompile>
143 |   </ItemDefinitionGroup>
144 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
145 |     <ClCompile>
146 |       <TreatWarningAsError>false</TreatWarningAsError>
147 |     </ClCompile>
148 |   </ItemDefinitionGroup>
149 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
150 |     <ClCompile>
151 |       <TreatWarningAsError>false</TreatWarningAsError>
152 |     </ClCompile>
153 |   </ItemDefinitionGroup>
154 |   <ItemGroup>
155 |     <FilesToPackage Include="$(TargetPath)" />
156 |   </ItemGroup>
157 |   <ItemGroup>
158 |     <ClCompile Include="DriverEntry.c" />
159 |     <ClCompile Include="Utils\Helper.c" />
160 |   </ItemGroup>
161 |   <ItemGroup>
162 |     <ClInclude Include="Utils\Helper.h" />
163 |     <ClInclude Include="Utils\NtDefine.h" />
164 |     <ClInclude Include="Utils\NtFunction.h" />
165 |     <ClInclude Include="Utils\NtStruct.h" />
166 |   </ItemGroup>
167 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
168 |   <ImportGroup Label="ExtensionTargets">
169 |   </ImportGroup>
170 | </Project>


--------------------------------------------------------------------------------
/$KProtect/$KProtect.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="Source Files">
 5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
 6 |       <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="Header Files">
 9 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
10 |       <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
11 |     </Filter>
12 |     <Filter Include="Resource Files">
13 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
14 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
15 |     </Filter>
16 |     <Filter Include="Driver Files">
17 |       <UniqueIdentifier>{8E41214B-6785-4CFE-B992-037D68949A14}</UniqueIdentifier>
18 |       <Extensions>inf;inv;inx;mof;mc;</Extensions>
19 |     </Filter>
20 |     <Filter Include="Utils">
21 |       <UniqueIdentifier>{102d93fb-34e3-4dc8-897d-15c89bf00886}</UniqueIdentifier>
22 |     </Filter>
23 |   </ItemGroup>
24 |   <ItemGroup>
25 |     <ClCompile Include="Utils\Helper.c">
26 |       <Filter>Utils</Filter>
27 |     </ClCompile>
28 |     <ClCompile Include="DriverEntry.c">
29 |       <Filter>Source Files</Filter>
30 |     </ClCompile>
31 |   </ItemGroup>
32 |   <ItemGroup>
33 |     <ClInclude Include="Utils\Helper.h">
34 |       <Filter>Utils</Filter>
35 |     </ClInclude>
36 |     <ClInclude Include="Utils\NtDefine.h">
37 |       <Filter>Utils</Filter>
38 |     </ClInclude>
39 |     <ClInclude Include="Utils\NtFunction.h">
40 |       <Filter>Utils</Filter>
41 |     </ClInclude>
42 |     <ClInclude Include="Utils\NtStruct.h">
43 |       <Filter>Utils</Filter>
44 |     </ClInclude>
45 |   </ItemGroup>
46 | </Project>


--------------------------------------------------------------------------------
/$KProtect/$KProtect.vcxproj.user:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="utf-8"?>
2 | <Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
3 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
4 |     <SignMode>Off</SignMode>
5 |   </PropertyGroup>
6 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
7 |     <DbgengKernelMachineName>Win7Ent</DbgengKernelMachineName>
8 |   </PropertyGroup>
9 | </Project>


--------------------------------------------------------------------------------
/$KProtect/DriverEntry.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wanttobeno/KProtect/daae9569cf405200a837f894140b281daa3f6097/$KProtect/DriverEntry.c


--------------------------------------------------------------------------------
/$KProtect/Utils/Helper.c:
--------------------------------------------------------------------------------
 1 | #include "Helper.h"
 2 | 
 3 | unsigned char* FindPattern(const unsigned char* haystack, size_t hlen,
 4 | 	const unsigned char* needle, const char* mask)
 5 | {
 6 | 	size_t scan, nlen = strlen(mask);
 7 | 	size_t bad_char_skip[256];
 8 | 
 9 | 	for (scan = 0; scan < 256; scan++)
10 | 		bad_char_skip[scan] = nlen;
11 | 
12 | 	size_t last = nlen - 1;
13 | 
14 | 	for (scan = 0; scan < last; scan++)
15 | 		if (mask[scan] != '?')
16 | 			bad_char_skip[needle[scan]] = last - scan;
17 | 
18 | 	while (hlen >= nlen)
19 | 	{
20 | 		for (scan = last; mask[scan] == '?' || haystack[scan] == needle[scan]; scan--)
21 | 			if (scan == 0)
22 | 				return (unsigned char*)haystack;
23 | 
24 | 		hlen -= bad_char_skip[haystack[last]];
25 | 		haystack += bad_char_skip[haystack[last]];
26 | 	}
27 | 
28 | 	return 0;
29 | }
30 | 
31 | 
32 | 
33 | 


--------------------------------------------------------------------------------
/$KProtect/Utils/Helper.h:
--------------------------------------------------------------------------------
 1 | #ifndef Helper_h__
 2 | #define Helper_h__
 3 | 
 4 | #include <crtdefs.h>
 5 | 
 6 | // http://www.d3scene.com/forum/development/79766-c-c-faster-findpattern-function-tutorial.html
 7 | unsigned char* FindPattern(const unsigned char* haystack, size_t hlen,
 8 | 	const unsigned char* needle, const char* mask);
 9 | 
10 | 
11 | 
12 | #endif // Helper_h__


--------------------------------------------------------------------------------
/$KProtect/Utils/NtDefine.h:
--------------------------------------------------------------------------------
 1 | #ifndef NTDEFINE_H__
 2 | #define NTDEFINE_H__  1
 3 | 
 4 | typedef long LONG;
 5 | typedef unsigned char  BOOL, *PBOOL;
 6 | typedef unsigned char  BYTE, *PBYTE;
 7 | typedef unsigned long  DWORD, *PDWORD;
 8 | typedef unsigned short WORD, *PWORD;
 9 | 
10 | //typedef void  *HMODULE;
11 | typedef long NTSTATUS, *PNTSTATUS;
12 | typedef unsigned long DWORD;
13 | typedef DWORD * PDWORD;
14 | typedef unsigned long ULONG;
15 | //typedef unsigned long ULONG_PTR;
16 | typedef ULONG *PULONG;
17 | typedef unsigned short WORD;
18 | typedef unsigned char BYTE;
19 | typedef unsigned char UCHAR;
20 | typedef unsigned short USHORT;
21 | typedef void *PVOID;
22 | typedef BYTE BOOLEAN;
23 | 
24 | 
25 | 
26 | #endif //NTDEFINE_H__


--------------------------------------------------------------------------------
/$KProtect/Utils/NtFunction.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wanttobeno/KProtect/daae9569cf405200a837f894140b281daa3f6097/$KProtect/Utils/NtFunction.h


--------------------------------------------------------------------------------
/$KProtect/Utils/NtStruct.h:
--------------------------------------------------------------------------------
  1 | #ifndef NTSTRUCT_H__
  2 | #define NTSTRUCT_H__ 1
  3 | #include <ntdef.h>
  4 | #include <ntifs.h>
  5 | 
  6 | NTSTATUS ZwQuerySystemInformation(
  7 | 	ULONG SystemClass,
  8 | 	PVOID SystemInformation,
  9 | 	ULONG SystemInformationLength,
 10 | 	PULONG RetLength
 11 | );
 12 | 
 13 | typedef struct _SYSTEM_THREADS
 14 | {
 15 | 	LARGE_INTEGER  KernelTime;
 16 | 	LARGE_INTEGER  UserTime;
 17 | 	LARGE_INTEGER  CreateTime;
 18 | 	ULONG    WaitTime;
 19 | 	PVOID    StartAddress;
 20 | 	CLIENT_ID   ClientID;
 21 | 	KPRIORITY   Priority;
 22 | 	KPRIORITY   BasePriority;
 23 | 	ULONG    ContextSwitchCount;
 24 | 	ULONG    ThreadState;
 25 | 	KWAIT_REASON  WaitReason;
 26 | 	ULONG    Reserved; //Add
 27 | }SYSTEM_THREADS, *PSYSTEM_THREADS;
 28 | 
 29 | typedef struct _SYSTEM_PROCESS_INFORMATION {
 30 | 	ULONG                   NextEntryOffset;
 31 | 	ULONG                   NumberOfThreads;
 32 | 	LARGE_INTEGER           Reserved[3];
 33 | 	LARGE_INTEGER           CreateTime;
 34 | 	LARGE_INTEGER           UserTime;
 35 | 	LARGE_INTEGER           KernelTime;
 36 | 	UNICODE_STRING          ImageName;
 37 | 	KPRIORITY               BasePriority;
 38 | 	HANDLE                  ProcessId;
 39 | 	HANDLE                  InheritedFromProcessId;
 40 | 	ULONG                   HandleCount;
 41 | 	ULONG                   Reserved2[2];
 42 | 	ULONG                   PrivatePageCount;
 43 | 	VM_COUNTERS             VirtualMemoryCounters;
 44 | 	IO_COUNTERS             IoCounters;
 45 | 	SYSTEM_THREADS           Threads[0];
 46 | } SYSTEM_PROCESS_INFORMATION, *PSYSTEM_PROCESS_INFORMATION;
 47 | 
 48 | typedef struct _OBJECT_TYPE_INITIALIZER {
 49 | 	USHORT Length;
 50 | 	BOOLEAN UseDefaultObject;
 51 | 	BOOLEAN CaseInsensitive;
 52 | 	ULONG InvalidAttributes;
 53 | 	GENERIC_MAPPING GenericMapping;
 54 | 	ULONG ValidAccessMask;
 55 | 	BOOLEAN SecurityRequired;
 56 | 	BOOLEAN MaintainHandleCount;
 57 | 	BOOLEAN MaintainTypeList;
 58 | 	POOL_TYPE PoolType;
 59 | 	ULONG DefaultPagedPoolCharge;
 60 | 	ULONG DefaultNonPagedPoolCharge;
 61 | 	PVOID DumpProcedure;
 62 | 	PVOID OpenProcedure;
 63 | 	PVOID CloseProcedure;
 64 | 	PVOID DeleteProcedure;
 65 | 	PVOID ParseProcedure;
 66 | 	PVOID SecurityProcedure;
 67 | 	PVOID QueryNameProcedure;
 68 | 	PVOID OkayToCloseProcedure;
 69 | } OBJECT_TYPE_INITIALIZER, *POBJECT_TYPE_INITIALIZER;
 70 | 
 71 | 
 72 | typedef struct _OBJECT_TYPE {
 73 | 	ERESOURCE Mutex;
 74 | 	LIST_ENTRY TypeList;
 75 | 	UNICODE_STRING Name;            // Copy from object header for convenience
 76 | 	PVOID DefaultObject;
 77 | 	ULONG Index;
 78 | 	ULONG TotalNumberOfObjects;
 79 | 	ULONG TotalNumberOfHandles;
 80 | 	ULONG HighWaterNumberOfObjects;
 81 | 	ULONG HighWaterNumberOfHandles;
 82 | 	OBJECT_TYPE_INITIALIZER TypeInfo;
 83 | 	ULONG Key;
 84 | 	ERESOURCE ObjectLocks[4];
 85 | } OBJECT_TYPE, *POBJECT_TYPE;
 86 | 
 87 | struct _ACTIVATION_CONTEXT;
 88 | 
 89 | typedef struct _LDR_DATA_TABLE_ENTRY
 90 | {
 91 | 	LIST_ENTRY InLoadOrderLinks;
 92 | 	LIST_ENTRY InMemoryOrderLinks;
 93 | 	LIST_ENTRY InInitializationOrderLinks;
 94 | 	PVOID DllBase;
 95 | 	PVOID EntryPoint;
 96 | 	ULONG SizeOfImage;
 97 | 	UNICODE_STRING FullDllName;
 98 | 	UNICODE_STRING BaseDllName;
 99 | 	ULONG Flags;
100 | 	WORD LoadCount;
101 | 	WORD TlsIndex;
102 | 	union
103 | 	{
104 | 		LIST_ENTRY HashLinks;
105 | 		struct
106 | 		{
107 | 			PVOID SectionPointer;
108 | 			ULONG CheckSum;
109 | 		};
110 | 	};
111 | 	union
112 | 	{
113 | 		ULONG TimeDateStamp;
114 | 		PVOID LoadedImports;
115 | 	};
116 | 	struct _ACTIVATION_CONTEXT * EntryPointActivationContext;
117 | 	PVOID PatchInformation;
118 | 	LIST_ENTRY ForwarderLinks;
119 | 	LIST_ENTRY ServiceTagLinks;
120 | 	LIST_ENTRY StaticLinks;
121 | } LDR_DATA_TABLE_ENTRY, *PLDR_DATA_TABLE_ENTRY;
122 | 
123 | 
124 | #endif // NTSTRUCT_H__


--------------------------------------------------------------------------------
/$KProtect/runsdvui.cmd:
--------------------------------------------------------------------------------
1 | cd /d "D:\搜狗高速下载\$KProtect\$KProtect" &msbuild "$KProtect.vcxproj" /t:sdvViewer /p:configuration="Debug" /p:platform=Win32
2 | exit %errorlevel% 


--------------------------------------------------------------------------------
/$KProtectDemo/$KProtectDemo.cpp:
--------------------------------------------------------------------------------
  1 | 
  2 | // $KProtectDemo.cpp: 定义应用程序的类行为。
  3 | //
  4 | 
  5 | #include "stdafx.h"
  6 | #include "$KProtectDemo.h"
  7 | #include "$KProtectDemoDlg.h"
  8 | 
  9 | #ifdef _DEBUG
 10 | #define new DEBUG_NEW
 11 | #endif
 12 | 
 13 | 
 14 | // CKProtectDemoApp
 15 | 
 16 | BEGIN_MESSAGE_MAP(CKProtectDemoApp, CWinApp)
 17 | 	ON_COMMAND(ID_HELP, &CWinApp::OnHelp)
 18 | END_MESSAGE_MAP()
 19 | 
 20 | 
 21 | // CKProtectDemoApp 构造
 22 | 
 23 | CKProtectDemoApp::CKProtectDemoApp()
 24 | {
 25 | 	// 支持重新启动管理器
 26 | 	m_dwRestartManagerSupportFlags = AFX_RESTART_MANAGER_SUPPORT_RESTART;
 27 | 
 28 | 	// TODO: 在此处添加构造代码，
 29 | 	// 将所有重要的初始化放置在 InitInstance 中
 30 | }
 31 | 
 32 | 
 33 | // 唯一的 CKProtectDemoApp 对象
 34 | 
 35 | CKProtectDemoApp theApp;
 36 | 
 37 | 
 38 | // CKProtectDemoApp 初始化
 39 | 
 40 | BOOL CKProtectDemoApp::InitInstance()
 41 | {
 42 | 	// 如果一个运行在 Windows XP 上的应用程序清单指定要
 43 | 	// 使用 ComCtl32.dll 版本 6 或更高版本来启用可视化方式，
 44 | 	//则需要 InitCommonControlsEx()。  否则，将无法创建窗口。
 45 | 	INITCOMMONCONTROLSEX InitCtrls;
 46 | 	InitCtrls.dwSize = sizeof(InitCtrls);
 47 | 	// 将它设置为包括所有要在应用程序中使用的
 48 | 	// 公共控件类。
 49 | 	InitCtrls.dwICC = ICC_WIN95_CLASSES;
 50 | 	InitCommonControlsEx(&InitCtrls);
 51 | 
 52 | 	CWinApp::InitInstance();
 53 | 
 54 | 
 55 | 	AfxEnableControlContainer();
 56 | 
 57 | 	// 创建 shell 管理器，以防对话框包含
 58 | 	// 任何 shell 树视图控件或 shell 列表视图控件。
 59 | 	CShellManager *pShellManager = new CShellManager;
 60 | 
 61 | 	// 激活“Windows Native”视觉管理器，以便在 MFC 控件中启用主题
 62 | 	CMFCVisualManager::SetDefaultManager(RUNTIME_CLASS(CMFCVisualManagerWindows));
 63 | 
 64 | 	// 标准初始化
 65 | 	// 如果未使用这些功能并希望减小
 66 | 	// 最终可执行文件的大小，则应移除下列
 67 | 	// 不需要的特定初始化例程
 68 | 	// 更改用于存储设置的注册表项
 69 | 	// TODO: 应适当修改该字符串，
 70 | 	// 例如修改为公司或组织名
 71 | 	SetRegistryKey(_T("应用程序向导生成的本地应用程序"));
 72 | 
 73 | 	CKProtectDemoDlg dlg;
 74 | 	m_pMainWnd = &dlg;
 75 | 	INT_PTR nResponse = dlg.DoModal();
 76 | 	if (nResponse == IDOK)
 77 | 	{
 78 | 		// TODO: 在此放置处理何时用
 79 | 		//  “确定”来关闭对话框的代码
 80 | 	}
 81 | 	else if (nResponse == IDCANCEL)
 82 | 	{
 83 | 		// TODO: 在此放置处理何时用
 84 | 		//  “取消”来关闭对话框的代码
 85 | 	}
 86 | 	else if (nResponse == -1)
 87 | 	{
 88 | 		TRACE(traceAppMsg, 0, "警告: 对话框创建失败，应用程序将意外终止。\n");
 89 | 		TRACE(traceAppMsg, 0, "警告: 如果您在对话框上使用 MFC 控件，则无法 #define _AFX_NO_MFC_CONTROLS_IN_DIALOGS。\n");
 90 | 	}
 91 | 
 92 | 	// 删除上面创建的 shell 管理器。
 93 | 	if (pShellManager != nullptr)
 94 | 	{
 95 | 		delete pShellManager;
 96 | 	}
 97 | 
 98 | #if !defined(_AFXDLL) && !defined(_AFX_NO_MFC_CONTROLS_IN_DIALOGS)
 99 | 	ControlBarCleanUp();
100 | #endif
101 | 
102 | 	// 由于对话框已关闭，所以将返回 FALSE 以便退出应用程序，
103 | 	//  而不是启动应用程序的消息泵。
104 | 	return FALSE;
105 | }
106 | 
107 | 


--------------------------------------------------------------------------------
/$KProtectDemo/$KProtectDemo.h:
--------------------------------------------------------------------------------
 1 | 
 2 | // $KProtectDemo.h: PROJECT_NAME 应用程序的主头文件
 3 | //
 4 | 
 5 | #pragma once
 6 | 
 7 | #ifndef __AFXWIN_H__
 8 | 	#error "在包含此文件之前包含“stdafx.h”以生成 PCH 文件"
 9 | #endif
10 | 
11 | #include "resource.h"		// 主符号
12 | 
13 | 
14 | // CKProtectDemoApp:
15 | // 有关此类的实现，请参阅 $KProtectDemo.cpp
16 | //
17 | 
18 | class CKProtectDemoApp : public CWinApp
19 | {
20 | public:
21 | 	CKProtectDemoApp();
22 | 
23 | // 重写
24 | public:
25 | 	virtual BOOL InitInstance();
26 | 
27 | // 实现
28 | 
29 | 	DECLARE_MESSAGE_MAP()
30 | };
31 | 
32 | extern CKProtectDemoApp theApp;
33 | 


--------------------------------------------------------------------------------
/$KProtectDemo/$KProtectDemo.vcxproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup Label="ProjectConfigurations">
  4 |     <ProjectConfiguration Include="Debug|Win32">
  5 |       <Configuration>Debug</Configuration>
  6 |       <Platform>Win32</Platform>
  7 |     </ProjectConfiguration>
  8 |     <ProjectConfiguration Include="Release|Win32">
  9 |       <Configuration>Release</Configuration>
 10 |       <Platform>Win32</Platform>
 11 |     </ProjectConfiguration>
 12 |     <ProjectConfiguration Include="Debug|x64">
 13 |       <Configuration>Debug</Configuration>
 14 |       <Platform>x64</Platform>
 15 |     </ProjectConfiguration>
 16 |     <ProjectConfiguration Include="Release|x64">
 17 |       <Configuration>Release</Configuration>
 18 |       <Platform>x64</Platform>
 19 |     </ProjectConfiguration>
 20 |   </ItemGroup>
 21 |   <PropertyGroup Label="Globals">
 22 |     <VCProjectVersion>15.0</VCProjectVersion>
 23 |     <ProjectGuid>{C6ACAB17-D753-4789-9805-B99F029247A7}</ProjectGuid>
 24 |     <Keyword>MFCProj</Keyword>
 25 |     <RootNamespace>KProtectDemo</RootNamespace>
 26 |     <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
 27 |   </PropertyGroup>
 28 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
 29 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
 30 |     <ConfigurationType>Application</ConfigurationType>
 31 |     <UseDebugLibraries>true</UseDebugLibraries>
 32 |     <PlatformToolset>v141</PlatformToolset>
 33 |     <CharacterSet>Unicode</CharacterSet>
 34 |     <UseOfMfc>Static</UseOfMfc>
 35 |   </PropertyGroup>
 36 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
 37 |     <ConfigurationType>Application</ConfigurationType>
 38 |     <UseDebugLibraries>false</UseDebugLibraries>
 39 |     <PlatformToolset>v141</PlatformToolset>
 40 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 41 |     <CharacterSet>Unicode</CharacterSet>
 42 |     <UseOfMfc>Static</UseOfMfc>
 43 |   </PropertyGroup>
 44 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
 45 |     <ConfigurationType>Application</ConfigurationType>
 46 |     <UseDebugLibraries>true</UseDebugLibraries>
 47 |     <PlatformToolset>v141</PlatformToolset>
 48 |     <CharacterSet>Unicode</CharacterSet>
 49 |     <UseOfMfc>Static</UseOfMfc>
 50 |   </PropertyGroup>
 51 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
 52 |     <ConfigurationType>Application</ConfigurationType>
 53 |     <UseDebugLibraries>false</UseDebugLibraries>
 54 |     <PlatformToolset>v141</PlatformToolset>
 55 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 56 |     <CharacterSet>Unicode</CharacterSet>
 57 |     <UseOfMfc>Static</UseOfMfc>
 58 |   </PropertyGroup>
 59 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
 60 |   <ImportGroup Label="ExtensionSettings">
 61 |   </ImportGroup>
 62 |   <ImportGroup Label="Shared">
 63 |   </ImportGroup>
 64 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 65 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 66 |   </ImportGroup>
 67 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 68 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 69 |   </ImportGroup>
 70 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 71 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 72 |   </ImportGroup>
 73 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 74 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 75 |   </ImportGroup>
 76 |   <PropertyGroup Label="UserMacros" />
 77 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 78 |     <LinkIncremental>true</LinkIncremental>
 79 |     <TargetName>$KDemo</TargetName>
 80 |   </PropertyGroup>
 81 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 82 |     <LinkIncremental>true</LinkIncremental>
 83 |   </PropertyGroup>
 84 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 85 |     <LinkIncremental>false</LinkIncremental>
 86 |   </PropertyGroup>
 87 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 88 |     <LinkIncremental>false</LinkIncremental>
 89 |   </PropertyGroup>
 90 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 91 |     <ClCompile>
 92 |       <PrecompiledHeader>Use</PrecompiledHeader>
 93 |       <WarningLevel>Level3</WarningLevel>
 94 |       <Optimization>Disabled</Optimization>
 95 |       <SDLCheck>true</SDLCheck>
 96 |       <PreprocessorDefinitions>_WINDOWS;_DEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
 97 |     </ClCompile>
 98 |     <Link>
 99 |       <SubSystem>Windows</SubSystem>
100 |     </Link>
101 |     <Midl>
102 |       <MkTypLibCompatible>false</MkTypLibCompatible>
103 |       <ValidateAllParameters>true</ValidateAllParameters>
104 |       <PreprocessorDefinitions>_DEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
105 |     </Midl>
106 |     <ResourceCompile>
107 |       <Culture>0x0804</Culture>
108 |       <PreprocessorDefinitions>_DEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
109 |       <AdditionalIncludeDirectories>$(IntDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
110 |     </ResourceCompile>
111 |   </ItemDefinitionGroup>
112 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
113 |     <ClCompile>
114 |       <PrecompiledHeader>Use</PrecompiledHeader>
115 |       <WarningLevel>Level3</WarningLevel>
116 |       <Optimization>Disabled</Optimization>
117 |       <SDLCheck>true</SDLCheck>
118 |       <PreprocessorDefinitions>WIN32;_WINDOWS;_DEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
119 |     </ClCompile>
120 |     <Link>
121 |       <SubSystem>Windows</SubSystem>
122 |     </Link>
123 |     <Midl>
124 |       <MkTypLibCompatible>false</MkTypLibCompatible>
125 |       <ValidateAllParameters>true</ValidateAllParameters>
126 |       <PreprocessorDefinitions>_DEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
127 |     </Midl>
128 |     <ResourceCompile>
129 |       <Culture>0x0804</Culture>
130 |       <PreprocessorDefinitions>_DEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
131 |       <AdditionalIncludeDirectories>$(IntDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
132 |     </ResourceCompile>
133 |   </ItemDefinitionGroup>
134 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
135 |     <ClCompile>
136 |       <PrecompiledHeader>Use</PrecompiledHeader>
137 |       <WarningLevel>Level3</WarningLevel>
138 |       <Optimization>MaxSpeed</Optimization>
139 |       <FunctionLevelLinking>true</FunctionLevelLinking>
140 |       <IntrinsicFunctions>true</IntrinsicFunctions>
141 |       <SDLCheck>true</SDLCheck>
142 |       <PreprocessorDefinitions>WIN32;_WINDOWS;NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
143 |     </ClCompile>
144 |     <Link>
145 |       <SubSystem>Windows</SubSystem>
146 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
147 |       <OptimizeReferences>true</OptimizeReferences>
148 |     </Link>
149 |     <Midl>
150 |       <MkTypLibCompatible>false</MkTypLibCompatible>
151 |       <ValidateAllParameters>true</ValidateAllParameters>
152 |       <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
153 |     </Midl>
154 |     <ResourceCompile>
155 |       <Culture>0x0804</Culture>
156 |       <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
157 |       <AdditionalIncludeDirectories>$(IntDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
158 |     </ResourceCompile>
159 |   </ItemDefinitionGroup>
160 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
161 |     <ClCompile>
162 |       <PrecompiledHeader>Use</PrecompiledHeader>
163 |       <WarningLevel>Level3</WarningLevel>
164 |       <Optimization>MaxSpeed</Optimization>
165 |       <FunctionLevelLinking>true</FunctionLevelLinking>
166 |       <IntrinsicFunctions>true</IntrinsicFunctions>
167 |       <SDLCheck>true</SDLCheck>
168 |       <PreprocessorDefinitions>_WINDOWS;NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
169 |     </ClCompile>
170 |     <Link>
171 |       <SubSystem>Windows</SubSystem>
172 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
173 |       <OptimizeReferences>true</OptimizeReferences>
174 |     </Link>
175 |     <Midl>
176 |       <MkTypLibCompatible>false</MkTypLibCompatible>
177 |       <ValidateAllParameters>true</ValidateAllParameters>
178 |       <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
179 |     </Midl>
180 |     <ResourceCompile>
181 |       <Culture>0x0804</Culture>
182 |       <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
183 |       <AdditionalIncludeDirectories>$(IntDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
184 |     </ResourceCompile>
185 |   </ItemDefinitionGroup>
186 |   <ItemGroup>
187 |     <ClInclude Include="$KProtectDemo.h" />
188 |     <ClInclude Include="$KProtectDemoDlg.h" />
189 |     <ClInclude Include="AntiDebug.h" />
190 |     <ClInclude Include="Resource.h" />
191 |     <ClInclude Include="stdafx.h" />
192 |     <ClInclude Include="targetver.h" />
193 |   </ItemGroup>
194 |   <ItemGroup>
195 |     <ClCompile Include="$KProtectDemo.cpp" />
196 |     <ClCompile Include="$KProtectDemoDlg.cpp" />
197 |     <ClCompile Include="AntiDebug.cpp" />
198 |     <ClCompile Include="stdafx.cpp">
199 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Create</PrecompiledHeader>
200 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
201 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>
202 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Create</PrecompiledHeader>
203 |     </ClCompile>
204 |   </ItemGroup>
205 |   <ItemGroup>
206 |     <ResourceCompile Include="KProtectDemo.rc" />
207 |   </ItemGroup>
208 |   <ItemGroup>
209 |     <None Include="res\KProtectDemo.rc2" />
210 |   </ItemGroup>
211 |   <ItemGroup>
212 |     <Image Include="res\$KProtectDemo.ico" />
213 |   </ItemGroup>
214 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
215 |   <ImportGroup Label="ExtensionTargets">
216 |   </ImportGroup>
217 | </Project>


--------------------------------------------------------------------------------
/$KProtectDemo/$KProtectDemo.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="源文件">
 5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
 6 |       <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="头文件">
 9 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
10 |       <Extensions>h;hh;hpp;hxx;hm;inl;inc;ipp;xsd</Extensions>
11 |     </Filter>
12 |     <Filter Include="资源文件">
13 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
14 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
15 |     </Filter>
16 |   </ItemGroup>
17 |   <ItemGroup>
18 |     <ClInclude Include="$KProtectDemo.h">
19 |       <Filter>头文件</Filter>
20 |     </ClInclude>
21 |     <ClInclude Include="$KProtectDemoDlg.h">
22 |       <Filter>头文件</Filter>
23 |     </ClInclude>
24 |     <ClInclude Include="stdafx.h">
25 |       <Filter>头文件</Filter>
26 |     </ClInclude>
27 |     <ClInclude Include="targetver.h">
28 |       <Filter>头文件</Filter>
29 |     </ClInclude>
30 |     <ClInclude Include="Resource.h">
31 |       <Filter>头文件</Filter>
32 |     </ClInclude>
33 |     <ClInclude Include="AntiDebug.h">
34 |       <Filter>头文件</Filter>
35 |     </ClInclude>
36 |   </ItemGroup>
37 |   <ItemGroup>
38 |     <ClCompile Include="$KProtectDemo.cpp">
39 |       <Filter>源文件</Filter>
40 |     </ClCompile>
41 |     <ClCompile Include="$KProtectDemoDlg.cpp">
42 |       <Filter>源文件</Filter>
43 |     </ClCompile>
44 |     <ClCompile Include="stdafx.cpp">
45 |       <Filter>源文件</Filter>
46 |     </ClCompile>
47 |     <ClCompile Include="AntiDebug.cpp">
48 |       <Filter>源文件</Filter>
49 |     </ClCompile>
50 |   </ItemGroup>
51 |   <ItemGroup>
52 |     <ResourceCompile Include="KProtectDemo.rc">
53 |       <Filter>资源文件</Filter>
54 |     </ResourceCompile>
55 |   </ItemGroup>
56 |   <ItemGroup>
57 |     <None Include="res\KProtectDemo.rc2">
58 |       <Filter>资源文件</Filter>
59 |     </None>
60 |   </ItemGroup>
61 |   <ItemGroup>
62 |     <Image Include="res\$KProtectDemo.ico">
63 |       <Filter>资源文件</Filter>
64 |     </Image>
65 |   </ItemGroup>
66 | </Project>


--------------------------------------------------------------------------------
/$KProtectDemo/$KProtectDemo.vcxproj.user:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="utf-8"?>
2 | <Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
3 |   <PropertyGroup>
4 |     <RESOURCE_FILE>KProtectDemo.rc</RESOURCE_FILE>
5 |   </PropertyGroup>
6 | </Project>


--------------------------------------------------------------------------------
/$KProtectDemo/$KProtectDemoDlg.cpp:
--------------------------------------------------------------------------------
  1 | 
  2 | // $KProtectDemoDlg.cpp: 实现文件
  3 | //
  4 | 
  5 | #include "stdafx.h"
  6 | #include "$KProtectDemo.h"
  7 | #include "$KProtectDemoDlg.h"
  8 | #include "afxdialogex.h"
  9 | 
 10 | #ifdef _DEBUG
 11 | #define new DEBUG_NEW
 12 | #endif
 13 | 
 14 | #include "AntiDebug.h"
 15 | 
 16 | DWORD WINAPI LoopThread(LPVOID lpParameter)
 17 | {
 18 | 	while (true)
 19 | 	{
 20 | 		Sleep(1000);
 21 | 		GetKernelDebugger(lpParameter);
 22 | 	}
 23 | }
 24 | 
 25 | 
 26 | // CKProtectDemoDlg 对话框
 27 | 
 28 | 
 29 | 
 30 | CKProtectDemoDlg::CKProtectDemoDlg(CWnd* pParent /*=nullptr*/)
 31 | 	: CDialogEx(IDD_KPROTECTDEMO_DIALOG, pParent)
 32 | {
 33 | 	m_hIcon = AfxGetApp()->LoadIcon(IDR_MAINFRAME);
 34 | }
 35 | 
 36 | void CKProtectDemoDlg::DoDataExchange(CDataExchange* pDX)
 37 | {
 38 | 	CDialogEx::DoDataExchange(pDX);
 39 | }
 40 | 
 41 | BEGIN_MESSAGE_MAP(CKProtectDemoDlg, CDialogEx)
 42 | 	ON_WM_PAINT()
 43 | 	ON_WM_QUERYDRAGICON()
 44 | 	ON_BN_CLICKED(IDC_BUTTON1, &CKProtectDemoDlg::OnBnClickedButton1)
 45 | END_MESSAGE_MAP()
 46 | 
 47 | 
 48 | // CKProtectDemoDlg 消息处理程序
 49 | 
 50 | BOOL CKProtectDemoDlg::OnInitDialog()
 51 | {
 52 | 	CDialogEx::OnInitDialog();
 53 | 
 54 | 	// 设置此对话框的图标。  当应用程序主窗口不是对话框时，框架将自动
 55 | 	//  执行此操作
 56 | 	SetIcon(m_hIcon, TRUE);			// 设置大图标
 57 | 	SetIcon(m_hIcon, FALSE);		// 设置小图标
 58 | 
 59 | 	CreateThread(NULL, 0, LoopThread, GetCurrentThread(), 0, NULL);
 60 | 	return TRUE;  // 除非将焦点设置到控件，否则返回 TRUE
 61 | }
 62 | 
 63 | // 如果向对话框添加最小化按钮，则需要下面的代码
 64 | //  来绘制该图标。  对于使用文档/视图模型的 MFC 应用程序，
 65 | //  这将由框架自动完成。
 66 | 
 67 | void CKProtectDemoDlg::OnPaint()
 68 | {
 69 | 	if (IsIconic())
 70 | 	{
 71 | 		CPaintDC dc(this); // 用于绘制的设备上下文
 72 | 
 73 | 		SendMessage(WM_ICONERASEBKGND, reinterpret_cast<WPARAM>(dc.GetSafeHdc()), 0);
 74 | 
 75 | 		// 使图标在工作区矩形中居中
 76 | 		int cxIcon = GetSystemMetrics(SM_CXICON);
 77 | 		int cyIcon = GetSystemMetrics(SM_CYICON);
 78 | 		CRect rect;
 79 | 		GetClientRect(&rect);
 80 | 		int x = (rect.Width() - cxIcon + 1) / 2;
 81 | 		int y = (rect.Height() - cyIcon + 1) / 2;
 82 | 
 83 | 		// 绘制图标
 84 | 		dc.DrawIcon(x, y, m_hIcon);
 85 | 	}
 86 | 	else
 87 | 	{
 88 | 		CDialogEx::OnPaint();
 89 | 	}
 90 | }
 91 | 
 92 | //当用户拖动最小化窗口时系统调用此函数取得光标
 93 | //显示。
 94 | HCURSOR CKProtectDemoDlg::OnQueryDragIcon()
 95 | {
 96 | 	return static_cast<HCURSOR>(m_hIcon);
 97 | }
 98 | 
 99 | 
100 | 
101 | 
102 | void CKProtectDemoDlg::OnBnClickedButton1()
103 | {
104 | 	MessageBox(L"那怎么可能兑现呢 扯鸡巴蛋呢", L"某总：", MB_OK);
105 | }
106 | 


--------------------------------------------------------------------------------
/$KProtectDemo/$KProtectDemoDlg.h:
--------------------------------------------------------------------------------
 1 | 
 2 | // $KProtectDemoDlg.h: 头文件
 3 | //
 4 | 
 5 | #pragma once
 6 | 
 7 | 
 8 | // CKProtectDemoDlg 对话框
 9 | class CKProtectDemoDlg : public CDialogEx
10 | {
11 | // 构造
12 | public:
13 | 	CKProtectDemoDlg(CWnd* pParent = nullptr);	// 标准构造函数
14 | 
15 | // 对话框数据
16 | #ifdef AFX_DESIGN_TIME
17 | 	enum { IDD = IDD_KPROTECTDEMO_DIALOG };
18 | #endif
19 | 
20 | 	protected:
21 | 	virtual void DoDataExchange(CDataExchange* pDX);	// DDX/DDV 支持
22 | 
23 | 
24 | // 实现
25 | protected:
26 | 	HICON m_hIcon;
27 | 
28 | 	// 生成的消息映射函数
29 | 	virtual BOOL OnInitDialog();
30 | 	afx_msg void OnPaint();
31 | 	afx_msg HCURSOR OnQueryDragIcon();
32 | 	DECLARE_MESSAGE_MAP()
33 | public:
34 | 	afx_msg void OnBnClickedButton1();
35 | };
36 | 


--------------------------------------------------------------------------------
/$KProtectDemo/AntiDebug.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wanttobeno/KProtect/daae9569cf405200a837f894140b281daa3f6097/$KProtectDemo/AntiDebug.cpp


--------------------------------------------------------------------------------
/$KProtectDemo/AntiDebug.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | 
3 | 
4 | void GetKernelDebugger(HANDLE hMainThread);


--------------------------------------------------------------------------------
/$KProtectDemo/KProtectDemo.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wanttobeno/KProtect/daae9569cf405200a837f894140b281daa3f6097/$KProtectDemo/KProtectDemo.rc


--------------------------------------------------------------------------------
/$KProtectDemo/res/$KProtectDemo.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wanttobeno/KProtect/daae9569cf405200a837f894140b281daa3f6097/$KProtectDemo/res/$KProtectDemo.ico


--------------------------------------------------------------------------------
/$KProtectDemo/res/KProtectDemo.rc2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wanttobeno/KProtect/daae9569cf405200a837f894140b281daa3f6097/$KProtectDemo/res/KProtectDemo.rc2


--------------------------------------------------------------------------------
/$KProtectDemo/resource.h:
--------------------------------------------------------------------------------
 1 | //{{NO_DEPENDENCIES}}
 2 | // Microsoft Visual C++ 生成的包含文件。
 3 | // 供 KProtectDemo.rc 使用
 4 | //
 5 | #define IDD_KPROTECTDEMO_DIALOG         102
 6 | #define IDR_MAINFRAME                   128
 7 | #define IDC_BUTTON1                     1000
 8 | 
 9 | // Next default values for new objects
10 | // 
11 | #ifdef APSTUDIO_INVOKED
12 | #ifndef APSTUDIO_READONLY_SYMBOLS
13 | #define _APS_NEXT_RESOURCE_VALUE        130
14 | #define _APS_NEXT_COMMAND_VALUE         32771
15 | #define _APS_NEXT_CONTROL_VALUE         1001
16 | #define _APS_NEXT_SYMED_VALUE           101
17 | #endif
18 | #endif
19 | 


--------------------------------------------------------------------------------
/$KProtectDemo/stdafx.cpp:
--------------------------------------------------------------------------------
1 | 
2 | // stdafx.cpp : 只包括标准包含文件的源文件
3 | // $KProtectDemo.pch 将作为预编译标头
4 | // stdafx.obj 将包含预编译类型信息
5 | 
6 | #include "stdafx.h"
7 | 
8 | 
9 | 


--------------------------------------------------------------------------------
/$KProtectDemo/stdafx.h:
--------------------------------------------------------------------------------
 1 | 
 2 | // stdafx.h : 标准系统包含文件的包含文件，
 3 | // 或是经常使用但不常更改的
 4 | // 特定于项目的包含文件
 5 | 
 6 | #pragma once
 7 | 
 8 | #ifndef VC_EXTRALEAN
 9 | #define VC_EXTRALEAN            // 从 Windows 头中排除极少使用的资料
10 | #endif
11 | 
12 | #include "targetver.h"
13 | 
14 | #define _ATL_CSTRING_EXPLICIT_CONSTRUCTORS      // 某些 CString 构造函数将是显式的
15 | 
16 | // 关闭 MFC 对某些常见但经常可放心忽略的警告消息的隐藏
17 | #define _AFX_ALL_WARNINGS
18 | 
19 | #include <afxwin.h>         // MFC 核心组件和标准组件
20 | #include <afxext.h>         // MFC 扩展
21 | 
22 | 
23 | #include <afxdisp.h>        // MFC 自动化类
24 | 
25 | 
26 | 
27 | #ifndef _AFX_NO_OLE_SUPPORT
28 | #include <afxdtctl.h>           // MFC 对 Internet Explorer 4 公共控件的支持
29 | #endif
30 | #ifndef _AFX_NO_AFXCMN_SUPPORT
31 | #include <afxcmn.h>             // MFC 对 Windows 公共控件的支持
32 | #endif // _AFX_NO_AFXCMN_SUPPORT
33 | 
34 | #include <afxcontrolbars.h>     // 功能区和控件条的 MFC 支持
35 | 
36 | 
37 | 
38 | 
39 | 
40 | 
41 | 
42 | 
43 | 
44 | #ifdef _UNICODE
45 | #if defined _M_IX86
46 | #pragma comment(linker,"/manifestdependency:\"type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='x86' publicKeyToken='6595b64144ccf1df' language='*'\"")
47 | #elif defined _M_X64
48 | #pragma comment(linker,"/manifestdependency:\"type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='amd64' publicKeyToken='6595b64144ccf1df' language='*'\"")
49 | #else
50 | #pragma comment(linker,"/manifestdependency:\"type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='*' publicKeyToken='6595b64144ccf1df' language='*'\"")
51 | #endif
52 | #endif
53 | 
54 | 
55 | 


--------------------------------------------------------------------------------
/$KProtectDemo/targetver.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | 
3 | // 包括 SDKDDKVer.h 将定义可用的最高版本的 Windows 平台。
4 | 
5 | // 如果要为以前的 Windows 平台生成应用程序，请包括 WinSDKVer.h，并将
6 | // 将 _WIN32_WINNT 宏设置为要支持的平台，然后再包括 SDKDDKVer.h。
7 | 
8 | #include <SDKDDKVer.h>
9 | 


--------------------------------------------------------------------------------
/README.MD:
--------------------------------------------------------------------------------
  1 | 
  2 | ##### 说明
  3 | 
  4 | 补充的缺失的代码。丢在硬盘都遗忘了，上传备份下。
  5 | 
  6 | 仅供学习，不保证效果。
  7 | 
  8 | 
  9 | ##### 资源来源说明
 10 | 
 11 | 来自 [某总$KProtect 价值3000元的公司级反调试产品 还原复现开源](https://bbs.pediy.com/thread-250468.htm)
 12 | 
 13 | #### 驱动保护功能说明
 14 | 
 15 | ##### 0x01 隐藏进程
 16 | 原理没什么多说的，基本就是 @xiaofu 所分析的
 17 | 将 EPROCESS->InheritedFromUniqueProcessId 置为 System 
 18 | 将 EPROCESS->UniqueProcessId 置为 winlogon.exe（其他系统进程皆可）
 19 | 通过动态获取 InheritedFromUniqueProcessId 和 UniqueProcessId 偏移 提高兼容性
 20 | 值得注意的是，此方法会在 低版本 Win7系统 任务管理器 出现 Bug
 21 | 现象是 winlogon 的进程会疯狂增加 且增加的进程 Pid 为 -1
 22 | （仅仅只是任务管理器表项增加 实际进程只有一个）
 23 | 在高版本 Win7 和 Win10 没有此现象
 24 | 
 25 | ##### 0x02 回调保护
 26 | 通过 ObRegisterCallbacks 注册 Process 和 Thread 回调
 27 | 
 28 | 当目标进程为被保护进程时，进行降权处理
 29 | 
 30 | 在使用了隐藏进程后，回调貌似并没有什么作用
 31 | 
 32 | 在 CheatEngine 通过进程名所找到的 Demo 实为 winlogon.exe 的进程
 33 | 
 34 | 所访问的内存也是属于 winlogon.exe 进程
 35 | 
 36 | 所以回调的作用也仅仅在隐藏进程被攻破后才有作用
 37 | 
 38 | 
 39 | 
 40 | ##### 0x03 全局调试权限 调试端口 清零
 41 | 通过 NtCreateDebugObject 函数地址 往后遍历特征码 计算得出 DbgkDebugObjectType 的指针
 42 | 然后通过结构体 对 ValidAccessMask 标识置 0
 43 | 如果要防止被还原，可在线程中循环对此标识置 0 或监控，再对线程做 crc
 44 | 
 45 | 动态取出 DebugPort 的偏移 在用线程循环判断是否有值
 46 | 
 47 | ##### 0x04 HOOK DBG API
 48 | Hook DbgUiRemoteBreakin
 49 | 
 50 | Hook DbgBreakPoint
 51 | 这里学习某眼睛的操作，比某总多 Hook 了一个 DbgBreakPoint
 52 | 
 53 | 将 DbgUiRemoteBreakin Jmp到 LdrShutdownProcess 实现调用此 Api 程序直接退出
 54 | 
 55 | 而 DbgBreakPoint 则直接对其 int3 写 ret 即可
 56 | 
 57 | 
 58 | 
 59 | ##### 0x05 检查标识位
 60 | 调用 ZwQuerySystemInformation
 61 | 检查 SystemKernelDebuggerInformation 中的 KernelDebuggerEnabled 是否为 true
 62 | 检查 SystemKernelDebuggerInformation 中的 KernelDebuggerNotPresent 是否为 false
 63 | 调用 ZwQueryInformationProcess
 64 | 
 65 | 检查 ProcessDebugPort 是否有值
 66 | 
 67 | 检查 ProcessDebugObjectHandle 是否有值
 68 | 
 69 | 检查 ProcessDebugFlags 是否为 0
 70 | 
 71 | 取得 PEB 指针
 72 | 
 73 | 检查 BeingDebugged 是否为 1
 74 | 
 75 | 扫描 Ldr 指向的内存是否填充 0xFEEEFEEE
 76 | 
 77 | 检查 ProcessHeap->Flags 标识
 78 | 
 79 | 检查 NtGlobalFlag 标识
 80 | 
 81 | 附件项目里的只是通过 __readfsdword 取得的 Peb 指针
 82 | 仅支持在 x86 编译环境下使用，x64 的自己想办法
 83 | 标志位只是简单输出了一下 请自行写判断
 84 | （算是留的 2 个小坑 防止伸手党） 
 85 | 
 86 | ##### 0x06 断下崩溃
 87 | 调用 ZwSetInformationThread 对 ThreadHideFromDebugger 置 NULL 使线程对调试器隐藏 阻止调试事件发往调试器
 88 | 参数一为线程句柄，由于附件中的 Demo 是直接创建的线程来循环操作的
 89 | 如果直接 GetCurrentThread() 调用一次，则在主线程内断下不会崩溃
 90 | 所以通过线程参数，将主线程句柄也传递过来调用 2 次
 91 | 
 92 | ##### 0x07 疯狂抛异常
 93 | 异常肯定还有更好用的，不过try肯定是最简单的
 94 | 
 95 | 
 96 | #### 其他
 97 | 
 98 | [新版xxprotect保护调试以及其x64隐藏进程等原理](https://bbs.pediy.com/thread-250404.htm)
 99 | 
100 | 
101 | [如何调试xxProtect](https://bbs.pediy.com/thread-248918.htm)
102 | 
103 | 
104 | 
105 | 
106 | 


--------------------------------------------------------------------------------