einkoro/antiDebuggerDefeat

## antiDebuggerDefeat
#include <windows.h>
#include <stdio.h>
#include <psapi.h>

int main( void )
{
	// find the process ID
	HANDLE hProcess = NULL;
	{
		enum
		{
			kMaxProcesses = 1024*16,
			kMaxModules   = 1024
		};
		DWORD processes[ kMaxProcesses ];
		DWORD bytesNeeded;
		if ( !EnumProcesses( processes, sizeof(processes), &bytesNeeded ) )
		{
			return 1;
		}
		const DWORD numProcesses = bytesNeeded / sizeof(DWORD);
		for( DWORD i = 0; i != numProcesses; ++i )
		{
			const DWORD processID = processes[ i ];
			hProcess = OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ | PROCESS_VM_WRITE | PROCESS_VM_OPERATION, FALSE, processID );
			if( hProcess == NULL ) { continue; }
			HMODULE hModules[ kMaxModules ];
			if( EnumProcessModules( hProcess, hModules, sizeof(hModules), &bytesNeeded ) )
			{
				char fileName[ MAX_PATH ];
				if( GetModuleFileNameExA( hProcess, hModules[ 0 ], fileName, sizeof(fileName) ) )
				{
					int len = strlen( fileName );
					if( len > 20 && strstr( fileName+len-20, "\\ClientLauncherG.exe" ) )
					{
						break;
					}
				}
			}
			CloseHandle( hProcess );
			hProcess = NULL;
		}
	}
	if( hProcess == NULL )
	{
		return 1;
	}

	// adjust some memory
	unsigned char buf[6];
	const DWORD addr = 0x00602AB3;

	SIZE_T bytesRead;
	if( ReadProcessMemory( hProcess, (void*)addr, buf, sizeof(buf), &bytesRead ) )
	{
		if( buf[0] == 0x68 && buf[1] == 0x00 && buf[2] == 0x00 && buf[3] == 0x00 && buf[4] == 0x08 && buf[5] == 0x90 )
		{
			printf( "memory was already written.\n" );
		}
		else if( buf[0] == 0xFF && buf[1] == 0xB7 && buf[2] == 0xB0 && buf[3] == 0x41 && buf[4] == 0x00 && buf[5] == 0x00 )
		{
			buf[0] = 0x68; // push immediate 32 bit
			buf[1] = 0x00;
			buf[2] = 0x00;
			buf[3] = 0x00;
			buf[4] = 0x08;
			buf[5] = 0x90; // NOP
			SIZE_T bytesWritten;
			if( WriteProcessMemory( hProcess, (void*)addr, buf, sizeof(buf), &bytesWritten ) )
			{
				printf( "memory written successfully.\n" );
			}
			CloseHandle( hProcess );
			return 0;
		}
	}

	CloseHandle( hProcess );
	return 1;
}
	#include <windows.h>
	#include <stdio.h>
	#include <psapi.h>

	int main( void )
	{
	// find the process ID
	HANDLE hProcess = NULL;
	{
	enum
	{
	kMaxProcesses = 1024*16,
	kMaxModules = 1024
	};
	DWORD processes[ kMaxProcesses ];
	DWORD bytesNeeded;
	if ( !EnumProcesses( processes, sizeof(processes), &bytesNeeded ) )
	{
	return 1;
	}
	const DWORD numProcesses = bytesNeeded / sizeof(DWORD);
	for( DWORD i = 0; i != numProcesses; ++i )
	{
	const DWORD processID = processes[ i ];
	hProcess = OpenProcess( PROCESS_QUERY_INFORMATION \| PROCESS_VM_READ \| PROCESS_VM_WRITE \| PROCESS_VM_OPERATION, FALSE, processID );
	if( hProcess == NULL ) { continue; }
	HMODULE hModules[ kMaxModules ];
	if( EnumProcessModules( hProcess, hModules, sizeof(hModules), &bytesNeeded ) )
	{
	char fileName[ MAX_PATH ];
	if( GetModuleFileNameExA( hProcess, hModules[ 0 ], fileName, sizeof(fileName) ) )
	{
	int len = strlen( fileName );
	if( len > 20 && strstr( fileName+len-20, "\\ClientLauncherG.exe" ) )
	{
	break;
	}
	}
	}
	CloseHandle( hProcess );
	hProcess = NULL;
	}
	}
	if( hProcess == NULL )
	{
	return 1;
	}

	// adjust some memory
	unsigned char buf[6];
	const DWORD addr = 0x00602AB3;

	SIZE_T bytesRead;
	if( ReadProcessMemory( hProcess, (void*)addr, buf, sizeof(buf), &bytesRead ) )
	{
	if( buf[0] == 0x68 && buf[1] == 0x00 && buf[2] == 0x00 && buf[3] == 0x00 && buf[4] == 0x08 && buf[5] == 0x90 )
	{
	printf( "memory was already written.\n" );
	}
	else if( buf[0] == 0xFF && buf[1] == 0xB7 && buf[2] == 0xB0 && buf[3] == 0x41 && buf[4] == 0x00 && buf[5] == 0x00 )
	{
	buf[0] = 0x68; // push immediate 32 bit
	buf[1] = 0x00;
	buf[2] = 0x00;
	buf[3] = 0x00;
	buf[4] = 0x08;
	buf[5] = 0x90; // NOP
	SIZE_T bytesWritten;
	if( WriteProcessMemory( hProcess, (void*)addr, buf, sizeof(buf), &bytesWritten ) )
	{
	printf( "memory written successfully.\n" );
	}
	CloseHandle( hProcess );
	return 0;
	}
	}

	CloseHandle( hProcess );
	return 1;
	}