diff --git a/DD.Plugin.CheckRemoteDebuggerPresent/DD.Plugin.CheckRemoteDebuggerPresent.vcxproj b/DD.Plugin.CheckRemoteDebuggerPresent/DD.Plugin.CheckRemoteDebuggerPresent.vcxproj
new file mode 100644
index 0000000..1a93694
--- /dev/null
+++ b/DD.Plugin.CheckRemoteDebuggerPresent/DD.Plugin.CheckRemoteDebuggerPresent.vcxproj
@@ -0,0 +1,146 @@
+
+
+
+
+ Debug
+ Win32
+
+
+ Debug
+ x64
+
+
+ Release
+ Win32
+
+
+ Release
+ x64
+
+
+
+ {55C478DF-FC39-4BB5-A37C-EE81E4BBA12A}
+ Win32Proj
+ DDPluginCheckRemoteDebuggerPresent
+
+
+
+ DynamicLibrary
+ true
+ Unicode
+
+
+ DynamicLibrary
+ true
+ Unicode
+
+
+ DynamicLibrary
+ false
+ true
+ Unicode
+
+
+ DynamicLibrary
+ false
+ true
+ Unicode
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ true
+
+
+ true
+
+
+ false
+
+
+ false
+
+
+
+
+
+ Level3
+ Disabled
+ WIN32;_DEBUG;_WINDOWS;_USRDLL;DDPLUGINCHECKREMOTEDEBUGGERPRESENT_EXPORTS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+
+
+
+
+
+
+ Level3
+ Disabled
+ WIN32;_DEBUG;_WINDOWS;_USRDLL;DDPLUGINCHECKREMOTEDEBUGGERPRESENT_EXPORTS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+
+
+
+
+ Level3
+
+
+ Full
+ true
+ true
+ WIN32;NDEBUG;_WINDOWS;_USRDLL;DDPLUGINCHECKREMOTEDEBUGGERPRESENT_EXPORTS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+ true
+ true
+
+
+
+
+ Level3
+
+
+ MaxSpeed
+ true
+ true
+ WIN32;NDEBUG;_WINDOWS;_USRDLL;DDPLUGINCHECKREMOTEDEBUGGERPRESENT_EXPORTS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+ true
+ true
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/DD.Plugin.CheckRemoteDebuggerPresent/DD.Plugin.CheckRemoteDebuggerPresent.vcxproj.filters b/DD.Plugin.CheckRemoteDebuggerPresent/DD.Plugin.CheckRemoteDebuggerPresent.vcxproj.filters
new file mode 100644
index 0000000..4aa3883
--- /dev/null
+++ b/DD.Plugin.CheckRemoteDebuggerPresent/DD.Plugin.CheckRemoteDebuggerPresent.vcxproj.filters
@@ -0,0 +1,27 @@
+
+
+
+
+ {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
+ cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
+
+
+ {93995380-89BD-4b04-88EB-625FBE52EBFB}
+ h;hpp;hxx;hm;inl;inc;xsd
+
+
+ {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
+ rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
+
+
+
+
+ Quelldateien
+
+
+
+
+ Headerdateien
+
+
+
\ No newline at end of file
diff --git a/DD.Plugin.CheckRemoteDebuggerPresent/DD.Plugin.CheckRemoteDebuggerPresent.vcxproj.user b/DD.Plugin.CheckRemoteDebuggerPresent/DD.Plugin.CheckRemoteDebuggerPresent.vcxproj.user
new file mode 100644
index 0000000..ace9a86
--- /dev/null
+++ b/DD.Plugin.CheckRemoteDebuggerPresent/DD.Plugin.CheckRemoteDebuggerPresent.vcxproj.user
@@ -0,0 +1,3 @@
+
+
+
\ No newline at end of file
diff --git a/DD.Plugin.CheckRemoteDebuggerPresent/DLLMain.cpp b/DD.Plugin.CheckRemoteDebuggerPresent/DLLMain.cpp
new file mode 100644
index 0000000..d02f02d
--- /dev/null
+++ b/DD.Plugin.CheckRemoteDebuggerPresent/DLLMain.cpp
@@ -0,0 +1,30 @@
+#include "DLLMain.h"
+
+BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason,LPVOID lpvReserved)
+{
+ return true;
+}
+
+__declspec(dllexport) TCHAR* __cdecl PluginName(void)
+{
+ return L"CheckRemoteDebuggerPresent";
+}
+__declspec(dllexport) TCHAR* __cdecl PluginVersion(void)
+{
+ return L"0.1";
+}
+
+__declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void)
+{
+ return sErrorMessage;
+}
+
+__declspec(dllexport) DWORD __cdecl PluginDebugCheck(void)
+{
+ BOOL bDebugged = false;
+ CheckRemoteDebuggerPresent(GetCurrentProcess(),&bDebugged);
+ if(bDebugged)
+ return 1;
+ else
+ return 0;
+}
\ No newline at end of file
diff --git a/DD.Plugin.CheckRemoteDebuggerPresent/DLLMain.h b/DD.Plugin.CheckRemoteDebuggerPresent/DLLMain.h
new file mode 100644
index 0000000..c79fc18
--- /dev/null
+++ b/DD.Plugin.CheckRemoteDebuggerPresent/DLLMain.h
@@ -0,0 +1,16 @@
+#include
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+ __declspec(dllexport) TCHAR* __cdecl PluginName(void);
+ __declspec(dllexport) TCHAR* __cdecl PluginVersion(void);
+ __declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void);
+ __declspec(dllexport) DWORD __cdecl PluginDebugCheck(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+TCHAR* sErrorMessage;
\ No newline at end of file
diff --git a/DD.Plugin.DebugObject/DD.Plugin.DebugObject.vcxproj b/DD.Plugin.DebugObject/DD.Plugin.DebugObject.vcxproj
new file mode 100644
index 0000000..e749d16
--- /dev/null
+++ b/DD.Plugin.DebugObject/DD.Plugin.DebugObject.vcxproj
@@ -0,0 +1,146 @@
+
+
+
+
+ Debug
+ Win32
+
+
+ Debug
+ x64
+
+
+ Release
+ Win32
+
+
+ Release
+ x64
+
+
+
+ {3A3E2EE6-1EC5-4FB2-8009-CE4F1F0A5A6A}
+ Win32Proj
+ DDPluginDebugObject
+
+
+
+ DynamicLibrary
+ true
+ Unicode
+
+
+ DynamicLibrary
+ true
+ Unicode
+
+
+ DynamicLibrary
+ false
+ true
+ Unicode
+
+
+ DynamicLibrary
+ false
+ true
+ Unicode
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ true
+
+
+ true
+
+
+ false
+
+
+ false
+
+
+
+
+
+ Level3
+ Disabled
+ WIN32;_DEBUG;_WINDOWS;_USRDLL;DDPLUGINDEBUGOBJECT_EXPORTS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+
+
+
+
+
+
+ Level3
+ Disabled
+ WIN32;_DEBUG;_WINDOWS;_USRDLL;DDPLUGINDEBUGOBJECT_EXPORTS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+
+
+
+
+ Level3
+
+
+ Full
+ true
+ true
+ WIN32;NDEBUG;_WINDOWS;_USRDLL;DDPLUGINDEBUGOBJECT_EXPORTS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+ true
+ true
+
+
+
+
+ Level3
+
+
+ MaxSpeed
+ true
+ true
+ WIN32;NDEBUG;_WINDOWS;_USRDLL;DDPLUGINDEBUGOBJECT_EXPORTS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+ true
+ true
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/DD.Plugin.DebugObject/DD.Plugin.DebugObject.vcxproj.filters b/DD.Plugin.DebugObject/DD.Plugin.DebugObject.vcxproj.filters
new file mode 100644
index 0000000..4aa3883
--- /dev/null
+++ b/DD.Plugin.DebugObject/DD.Plugin.DebugObject.vcxproj.filters
@@ -0,0 +1,27 @@
+
+
+
+
+ {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
+ cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
+
+
+ {93995380-89BD-4b04-88EB-625FBE52EBFB}
+ h;hpp;hxx;hm;inl;inc;xsd
+
+
+ {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
+ rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
+
+
+
+
+ Quelldateien
+
+
+
+
+ Headerdateien
+
+
+
\ No newline at end of file
diff --git a/DD.Plugin.DebugObject/DD.Plugin.DebugObject.vcxproj.user b/DD.Plugin.DebugObject/DD.Plugin.DebugObject.vcxproj.user
new file mode 100644
index 0000000..ace9a86
--- /dev/null
+++ b/DD.Plugin.DebugObject/DD.Plugin.DebugObject.vcxproj.user
@@ -0,0 +1,3 @@
+
+
+
\ No newline at end of file
diff --git a/DD.Plugin.DebugObject/DLLMain.cpp b/DD.Plugin.DebugObject/DLLMain.cpp
new file mode 100644
index 0000000..bb594b7
--- /dev/null
+++ b/DD.Plugin.DebugObject/DLLMain.cpp
@@ -0,0 +1,41 @@
+#include "DLLMain.h"
+
+BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason,LPVOID lpvReserved)
+{
+ return true;
+}
+
+__declspec(dllexport) TCHAR* __cdecl PluginName(void)
+{
+ return L"DebugObject";
+}
+
+__declspec(dllexport) TCHAR* __cdecl PluginVersion(void)
+{
+ return L"0.1";
+}
+
+__declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void)
+{
+ return sErrorMessage;
+}
+
+__declspec(dllexport) DWORD __cdecl PluginDebugCheck(void)
+{
+ typedef NTSTATUS (WINAPI *pNtQueryInformationProcess)(HANDLE,UINT,PVOID,ULONG,PULONG);
+
+ HANDLE hDebugObject = NULL;
+ NTSTATUS Status;
+
+ pNtQueryInformationProcess NtQIP = (pNtQueryInformationProcess)GetProcAddress(GetModuleHandle(L"ntdll.dll"),"NtQueryInformationProcess");
+
+ Status = NtQIP(GetCurrentProcess(),0x1e,&hDebugObject,4,NULL);
+
+ if (Status != 0x00000000)
+ return 0;
+
+ if(hDebugObject)
+ return 1;
+ else
+ return 0;
+}
\ No newline at end of file
diff --git a/DD.Plugin.DebugObject/DLLMain.h b/DD.Plugin.DebugObject/DLLMain.h
new file mode 100644
index 0000000..c79fc18
--- /dev/null
+++ b/DD.Plugin.DebugObject/DLLMain.h
@@ -0,0 +1,16 @@
+#include
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+ __declspec(dllexport) TCHAR* __cdecl PluginName(void);
+ __declspec(dllexport) TCHAR* __cdecl PluginVersion(void);
+ __declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void);
+ __declspec(dllexport) DWORD __cdecl PluginDebugCheck(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+TCHAR* sErrorMessage;
\ No newline at end of file
diff --git a/DD.Plugin.FindBadDrivers/DD.Plugin.FindBadDrivers.vcxproj b/DD.Plugin.FindBadDrivers/DD.Plugin.FindBadDrivers.vcxproj
new file mode 100644
index 0000000..73e8c8f
--- /dev/null
+++ b/DD.Plugin.FindBadDrivers/DD.Plugin.FindBadDrivers.vcxproj
@@ -0,0 +1,87 @@
+
+
+
+
+ Debug
+ Win32
+
+
+ Release
+ Win32
+
+
+
+ {534F66C5-627F-4086-BD7D-D8BA55189E30}
+ Win32Proj
+ DDPluginFindBadDrivers
+
+
+
+ DynamicLibrary
+ true
+ Unicode
+
+
+ DynamicLibrary
+ false
+ true
+ Unicode
+
+
+
+
+
+
+
+
+
+
+
+
+ true
+
+
+ false
+
+
+
+
+
+ Level3
+ Disabled
+ WIN32;_DEBUG;_WINDOWS;_USRDLL;DDPLUGINFINDBADDRIVERS_EXPORTS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+ psapi.lib;%(AdditionalDependencies)
+
+
+
+
+ Level3
+
+
+ Full
+ true
+ true
+ WIN32;NDEBUG;_WINDOWS;_USRDLL;DDPLUGINFINDBADDRIVERS_EXPORTS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+ true
+ true
+ psapi.lib;%(AdditionalDependencies)
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/DD.Plugin.FindBadDrivers/DD.Plugin.FindBadDrivers.vcxproj.filters b/DD.Plugin.FindBadDrivers/DD.Plugin.FindBadDrivers.vcxproj.filters
new file mode 100644
index 0000000..4aa3883
--- /dev/null
+++ b/DD.Plugin.FindBadDrivers/DD.Plugin.FindBadDrivers.vcxproj.filters
@@ -0,0 +1,27 @@
+
+
+
+
+ {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
+ cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
+
+
+ {93995380-89BD-4b04-88EB-625FBE52EBFB}
+ h;hpp;hxx;hm;inl;inc;xsd
+
+
+ {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
+ rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
+
+
+
+
+ Quelldateien
+
+
+
+
+ Headerdateien
+
+
+
\ No newline at end of file
diff --git a/DD.Plugin.FindBadDrivers/DD.Plugin.FindBadDrivers.vcxproj.user b/DD.Plugin.FindBadDrivers/DD.Plugin.FindBadDrivers.vcxproj.user
new file mode 100644
index 0000000..ace9a86
--- /dev/null
+++ b/DD.Plugin.FindBadDrivers/DD.Plugin.FindBadDrivers.vcxproj.user
@@ -0,0 +1,3 @@
+
+
+
\ No newline at end of file
diff --git a/DD.Plugin.FindBadDrivers/DLLMain.cpp b/DD.Plugin.FindBadDrivers/DLLMain.cpp
new file mode 100644
index 0000000..7296e56
--- /dev/null
+++ b/DD.Plugin.FindBadDrivers/DLLMain.cpp
@@ -0,0 +1,49 @@
+#include "DLLMain.h"
+
+BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason,LPVOID lpvReserved)
+{
+ return true;
+}
+
+__declspec(dllexport) TCHAR* __cdecl PluginName(void)
+{
+ return L"BadDriversList";
+}
+
+__declspec(dllexport) TCHAR* __cdecl PluginVersion(void)
+{
+ return L"0.1";
+}
+
+__declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void)
+{
+ return sErrorMessage;
+}
+
+__declspec(dllexport) DWORD __cdecl PluginDebugCheck(void)
+{
+ LPVOID lpDrivers[1024];
+ DWORD cbNeeded = 0;
+ int cDrivers = 0;
+ vector vDriverList;
+
+ vDriverList.push_back(L"olly.sys");
+
+ if(EnumDeviceDrivers(lpDrivers,sizeof(lpDrivers),&cbNeeded) && cbNeeded < sizeof(lpDrivers))
+ {
+ TCHAR szDriver[1024];
+
+ cDrivers = cbNeeded / sizeof(lpDrivers[0]);
+
+ for (int i = 0; i < cDrivers; i++ )
+ {
+ if(GetDeviceDriverBaseName(lpDrivers[i],szDriver,sizeof(szDriver) / sizeof(szDriver[0])))
+ {
+ for(int a = 0;a < vDriverList.size(); a++)
+ if(wcsstr(szDriver,vDriverList[a].c_str()) != NULL)
+ return 1;
+ }
+ }
+ }
+ return 0;
+}
\ No newline at end of file
diff --git a/DD.Plugin.FindBadDrivers/DLLMain.h b/DD.Plugin.FindBadDrivers/DLLMain.h
new file mode 100644
index 0000000..2ae0680
--- /dev/null
+++ b/DD.Plugin.FindBadDrivers/DLLMain.h
@@ -0,0 +1,22 @@
+#include
+#include
+#include
+
+using namespace std;
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+ __declspec(dllexport) TCHAR* __cdecl PluginName(void);
+ __declspec(dllexport) TCHAR* __cdecl PluginVersion(void);
+ __declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void);
+ __declspec(dllexport) DWORD __cdecl PluginDebugCheck(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+BOOL CALLBACK EnumWindowsProc(HWND hwnd,LPARAM lParam);
+
+TCHAR* sErrorMessage;
\ No newline at end of file
diff --git a/DD.Plugin.FindBadProcesses/DD.Plugin.FindBadProcesses.vcxproj b/DD.Plugin.FindBadProcesses/DD.Plugin.FindBadProcesses.vcxproj
new file mode 100644
index 0000000..7641490
--- /dev/null
+++ b/DD.Plugin.FindBadProcesses/DD.Plugin.FindBadProcesses.vcxproj
@@ -0,0 +1,85 @@
+
+
+
+
+ Debug
+ Win32
+
+
+ Release
+ Win32
+
+
+
+ {FC1FB81C-8272-4B79-B807-1331335DFA0A}
+ Win32Proj
+ DDPluginFindBadProcesses
+
+
+
+ DynamicLibrary
+ true
+ Unicode
+
+
+ DynamicLibrary
+ false
+ true
+ Unicode
+
+
+
+
+
+
+
+
+
+
+
+
+ true
+
+
+ false
+
+
+
+
+
+ Level3
+ Disabled
+ WIN32;_DEBUG;_WINDOWS;_USRDLL;DDPLUGINFINDBADPROCESSES_EXPORTS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+
+
+
+
+ Level3
+
+
+ Full
+ true
+ true
+ WIN32;NDEBUG;_WINDOWS;_USRDLL;DDPLUGINFINDBADPROCESSES_EXPORTS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+ true
+ true
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/DD.Plugin.FindBadProcesses/DD.Plugin.FindBadProcesses.vcxproj.filters b/DD.Plugin.FindBadProcesses/DD.Plugin.FindBadProcesses.vcxproj.filters
new file mode 100644
index 0000000..4aa3883
--- /dev/null
+++ b/DD.Plugin.FindBadProcesses/DD.Plugin.FindBadProcesses.vcxproj.filters
@@ -0,0 +1,27 @@
+
+
+
+
+ {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
+ cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
+
+
+ {93995380-89BD-4b04-88EB-625FBE52EBFB}
+ h;hpp;hxx;hm;inl;inc;xsd
+
+
+ {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
+ rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
+
+
+
+
+ Quelldateien
+
+
+
+
+ Headerdateien
+
+
+
\ No newline at end of file
diff --git a/DD.Plugin.FindBadProcesses/DD.Plugin.FindBadProcesses.vcxproj.user b/DD.Plugin.FindBadProcesses/DD.Plugin.FindBadProcesses.vcxproj.user
new file mode 100644
index 0000000..ace9a86
--- /dev/null
+++ b/DD.Plugin.FindBadProcesses/DD.Plugin.FindBadProcesses.vcxproj.user
@@ -0,0 +1,3 @@
+
+
+
\ No newline at end of file
diff --git a/DD.Plugin.FindBadProcesses/DLLMain.cpp b/DD.Plugin.FindBadProcesses/DLLMain.cpp
new file mode 100644
index 0000000..13e0a28
--- /dev/null
+++ b/DD.Plugin.FindBadProcesses/DLLMain.cpp
@@ -0,0 +1,56 @@
+#include "DLLMain.h"
+
+BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason,LPVOID lpvReserved)
+{
+ return true;
+}
+
+__declspec(dllexport) TCHAR* __cdecl PluginName(void)
+{
+ return L"BadProcessList";
+}
+
+__declspec(dllexport) TCHAR* __cdecl PluginVersion(void)
+{
+ return L"0.1";
+}
+
+__declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void)
+{
+ return sErrorMessage;
+}
+
+__declspec(dllexport) DWORD __cdecl PluginDebugCheck(void)
+{
+ vector vProcList;
+
+ vProcList.push_back(L"ollydbg.exe");
+ vProcList.push_back(L"windbg.exe");
+ vProcList.push_back(L"devenv.exe");
+ vProcList.push_back(L"ImmunityDebugger.exe");
+
+ HANDLE hProcessSnap = NULL,hProc = NULL;
+ PROCESSENTRY32W pe32w;
+ bool bDebugged = false;
+
+ hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
+ if(hProcessSnap != INVALID_HANDLE_VALUE)
+ {
+ pe32w.dwSize = sizeof(PROCESSENTRY32W);
+ if(Process32First(hProcessSnap,&pe32w))
+ {
+ do
+ {
+ for(int i = 0; i < vProcList.size(); i++)
+ if(wcsstr(wcsupr(pe32w.szExeFile),wcsupr((TCHAR*)vProcList[i].c_str())) != NULL)
+ bDebugged = true;
+ } while(Process32Next(hProcessSnap,&pe32w));
+ }
+ CloseHandle(hProcessSnap);
+ }
+
+ if(bDebugged)
+ return 1;
+ else
+ return 0;
+}
\ No newline at end of file
diff --git a/DD.Plugin.FindBadProcesses/DLLMain.h b/DD.Plugin.FindBadProcesses/DLLMain.h
new file mode 100644
index 0000000..fc1e430
--- /dev/null
+++ b/DD.Plugin.FindBadProcesses/DLLMain.h
@@ -0,0 +1,20 @@
+#include
+#include
+#include
+
+using namespace std;
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+ __declspec(dllexport) TCHAR* __cdecl PluginName(void);
+ __declspec(dllexport) TCHAR* __cdecl PluginVersion(void);
+ __declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void);
+ __declspec(dllexport) DWORD __cdecl PluginDebugCheck(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+TCHAR* sErrorMessage;
\ No newline at end of file
diff --git a/DD.Plugin.FindBadWindows/DD.Plugin.FindBadWindows.vcxproj b/DD.Plugin.FindBadWindows/DD.Plugin.FindBadWindows.vcxproj
new file mode 100644
index 0000000..c11bcaa
--- /dev/null
+++ b/DD.Plugin.FindBadWindows/DD.Plugin.FindBadWindows.vcxproj
@@ -0,0 +1,85 @@
+
+
+
+
+ Debug
+ Win32
+
+
+ Release
+ Win32
+
+
+
+ {83557B77-5625-49F4-B246-BD7BBDB78687}
+ Win32Proj
+ DDPluginFindBadWindows
+
+
+
+ DynamicLibrary
+ true
+ Unicode
+
+
+ DynamicLibrary
+ false
+ true
+ Unicode
+
+
+
+
+
+
+
+
+
+
+
+
+ true
+
+
+ false
+
+
+
+
+
+ Level3
+ Disabled
+ WIN32;_DEBUG;_WINDOWS;_USRDLL;DDPLUGINFINDBADWINDOWS_EXPORTS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+
+
+
+
+ Level3
+
+
+ Full
+ true
+ true
+ WIN32;NDEBUG;_WINDOWS;_USRDLL;DDPLUGINFINDBADWINDOWS_EXPORTS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+ true
+ true
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/DD.Plugin.FindBadWindows/DD.Plugin.FindBadWindows.vcxproj.filters b/DD.Plugin.FindBadWindows/DD.Plugin.FindBadWindows.vcxproj.filters
new file mode 100644
index 0000000..f980685
--- /dev/null
+++ b/DD.Plugin.FindBadWindows/DD.Plugin.FindBadWindows.vcxproj.filters
@@ -0,0 +1,27 @@
+
+
+
+
+ {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
+ cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
+
+
+ {93995380-89BD-4b04-88EB-625FBE52EBFB}
+ h;hpp;hxx;hm;inl;inc;xsd
+
+
+ {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
+ rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
+
+
+
+
+ Headerdateien
+
+
+
+
+ Quelldateien
+
+
+
\ No newline at end of file
diff --git a/DD.Plugin.FindBadWindows/DD.Plugin.FindBadWindows.vcxproj.user b/DD.Plugin.FindBadWindows/DD.Plugin.FindBadWindows.vcxproj.user
new file mode 100644
index 0000000..ace9a86
--- /dev/null
+++ b/DD.Plugin.FindBadWindows/DD.Plugin.FindBadWindows.vcxproj.user
@@ -0,0 +1,3 @@
+
+
+
\ No newline at end of file
diff --git a/DD.Plugin.FindBadWindows/DLLMain.cpp b/DD.Plugin.FindBadWindows/DLLMain.cpp
new file mode 100644
index 0000000..364a544
--- /dev/null
+++ b/DD.Plugin.FindBadWindows/DLLMain.cpp
@@ -0,0 +1,53 @@
+#include "DLLMain.h"
+
+BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason,LPVOID lpvReserved)
+{
+ return true;
+}
+
+__declspec(dllexport) TCHAR* __cdecl PluginName(void)
+{
+ return L"BadWindowsList";
+}
+
+__declspec(dllexport) TCHAR* __cdecl PluginVersion(void)
+{
+ return L"0.1";
+}
+
+__declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void)
+{
+ return sErrorMessage;
+}
+
+__declspec(dllexport) DWORD __cdecl PluginDebugCheck(void)
+{
+ bool bDebugged = false;
+ EnumWindows(EnumWindowsProc,(LPARAM)&bDebugged);
+ if(bDebugged)
+ return 1;
+ else
+ return 0;
+}
+
+BOOL CALLBACK EnumWindowsProc(HWND hwnd,LPARAM lParam)
+{
+ vector vWindowList;
+ TCHAR* sTitel = (TCHAR*)malloc(255);
+ bool* bDebugged = (bool*)lParam;
+
+ vWindowList.push_back(L"Immunity Debugger");
+ vWindowList.push_back(L"Debug");
+ vWindowList.push_back(L"Olly");
+ vWindowList.push_back(L"- [CPU]");
+
+ GetWindowText(hwnd,sTitel,255);
+
+ for(int i = 0;i < vWindowList.size(); i++)
+ {
+ if(wcsstr(sTitel,vWindowList[i].c_str()))
+ *bDebugged = true;
+ }
+ free(sTitel);
+ return true;
+}
\ No newline at end of file
diff --git a/DD.Plugin.FindBadWindows/DLLMain.h b/DD.Plugin.FindBadWindows/DLLMain.h
new file mode 100644
index 0000000..8b0f715
--- /dev/null
+++ b/DD.Plugin.FindBadWindows/DLLMain.h
@@ -0,0 +1,21 @@
+#include
+#include
+
+using namespace std;
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+ __declspec(dllexport) TCHAR* __cdecl PluginName(void);
+ __declspec(dllexport) TCHAR* __cdecl PluginVersion(void);
+ __declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void);
+ __declspec(dllexport) DWORD __cdecl PluginDebugCheck(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+BOOL CALLBACK EnumWindowsProc(HWND hwnd,LPARAM lParam);
+
+TCHAR* sErrorMessage;
\ No newline at end of file
diff --git a/DD.Plugin.HardwareBreakpoint/DD.Plugin.HardwareBreakpoint.vcxproj b/DD.Plugin.HardwareBreakpoint/DD.Plugin.HardwareBreakpoint.vcxproj
new file mode 100644
index 0000000..fee36ee
--- /dev/null
+++ b/DD.Plugin.HardwareBreakpoint/DD.Plugin.HardwareBreakpoint.vcxproj
@@ -0,0 +1,146 @@
+
+
+
+
+ Debug
+ Win32
+
+
+ Debug
+ x64
+
+
+ Release
+ Win32
+
+
+ Release
+ x64
+
+
+
+ {A2F953E5-622D-4302-A630-E4E4D5988C60}
+ Win32Proj
+ DDPluginHardwareBreakpoint
+
+
+
+ DynamicLibrary
+ true
+ Unicode
+
+
+ DynamicLibrary
+ true
+ Unicode
+
+
+ DynamicLibrary
+ false
+ true
+ Unicode
+
+
+ DynamicLibrary
+ false
+ true
+ Unicode
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ true
+
+
+ true
+
+
+ false
+
+
+ false
+
+
+
+
+
+ Level3
+ Disabled
+ WIN32;_DEBUG;_WINDOWS;_USRDLL;DDPLUGINHARDWAREBREAKPOINT_EXPORTS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+
+
+
+
+
+
+ Level3
+ Disabled
+ WIN32;_DEBUG;_WINDOWS;_USRDLL;DDPLUGINHARDWAREBREAKPOINT_EXPORTS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+
+
+
+
+ Level3
+
+
+ Full
+ true
+ true
+ WIN32;NDEBUG;_WINDOWS;_USRDLL;DDPLUGINHARDWAREBREAKPOINT_EXPORTS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+ true
+ true
+
+
+
+
+ Level3
+
+
+ MaxSpeed
+ true
+ true
+ WIN32;NDEBUG;_WINDOWS;_USRDLL;DDPLUGINHARDWAREBREAKPOINT_EXPORTS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+ true
+ true
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/DD.Plugin.HardwareBreakpoint/DD.Plugin.HardwareBreakpoint.vcxproj.filters b/DD.Plugin.HardwareBreakpoint/DD.Plugin.HardwareBreakpoint.vcxproj.filters
new file mode 100644
index 0000000..4aa3883
--- /dev/null
+++ b/DD.Plugin.HardwareBreakpoint/DD.Plugin.HardwareBreakpoint.vcxproj.filters
@@ -0,0 +1,27 @@
+
+
+
+
+ {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
+ cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
+
+
+ {93995380-89BD-4b04-88EB-625FBE52EBFB}
+ h;hpp;hxx;hm;inl;inc;xsd
+
+
+ {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
+ rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
+
+
+
+
+ Quelldateien
+
+
+
+
+ Headerdateien
+
+
+
\ No newline at end of file
diff --git a/DD.Plugin.HardwareBreakpoint/DD.Plugin.HardwareBreakpoint.vcxproj.user b/DD.Plugin.HardwareBreakpoint/DD.Plugin.HardwareBreakpoint.vcxproj.user
new file mode 100644
index 0000000..ace9a86
--- /dev/null
+++ b/DD.Plugin.HardwareBreakpoint/DD.Plugin.HardwareBreakpoint.vcxproj.user
@@ -0,0 +1,3 @@
+
+
+
\ No newline at end of file
diff --git a/DD.Plugin.HardwareBreakpoint/DLLMain.cpp b/DD.Plugin.HardwareBreakpoint/DLLMain.cpp
new file mode 100644
index 0000000..dcfdca8
--- /dev/null
+++ b/DD.Plugin.HardwareBreakpoint/DLLMain.cpp
@@ -0,0 +1,47 @@
+#include "DLLMain.h"
+
+BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason,LPVOID lpvReserved)
+{
+ return true;
+}
+
+__declspec(dllexport) TCHAR* __cdecl PluginName(void)
+{
+ return L"Hardware Breakpoints";
+}
+
+__declspec(dllexport) TCHAR* __cdecl PluginVersion(void)
+{
+ return L"0.1";
+}
+
+__declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void)
+{
+ return sErrorMessage;
+}
+
+__declspec(dllexport) DWORD __cdecl PluginDebugCheck(void)
+{
+ HANDLE hThread = GetCurrentThread();
+ CONTEXT cTT;
+ bool bDebugged = false;
+
+ ZeroMemory(&cTT,sizeof(CONTEXT));
+ cTT.ContextFlags = CONTEXT_ALL;
+
+ GetThreadContext(hThread,&cTT);
+
+ if(cTT.Dr0 != NULL)
+ bDebugged = true;
+ if(cTT.Dr1 != NULL)
+ bDebugged = true;
+ if(cTT.Dr2 != NULL)
+ bDebugged = true;
+ if(cTT.Dr3 != NULL)
+ bDebugged = true;
+
+ if(bDebugged)
+ return 1;
+ else
+ return 0;
+}
\ No newline at end of file
diff --git a/DD.Plugin.HardwareBreakpoint/DLLMain.h b/DD.Plugin.HardwareBreakpoint/DLLMain.h
new file mode 100644
index 0000000..c79fc18
--- /dev/null
+++ b/DD.Plugin.HardwareBreakpoint/DLLMain.h
@@ -0,0 +1,16 @@
+#include
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+ __declspec(dllexport) TCHAR* __cdecl PluginName(void);
+ __declspec(dllexport) TCHAR* __cdecl PluginVersion(void);
+ __declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void);
+ __declspec(dllexport) DWORD __cdecl PluginDebugCheck(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+TCHAR* sErrorMessage;
\ No newline at end of file
diff --git a/DD.Plugin.IsDebuggerPresent/DD.Plugin.IsDebuggerPresent.vcxproj b/DD.Plugin.IsDebuggerPresent/DD.Plugin.IsDebuggerPresent.vcxproj
new file mode 100644
index 0000000..dc14963
--- /dev/null
+++ b/DD.Plugin.IsDebuggerPresent/DD.Plugin.IsDebuggerPresent.vcxproj
@@ -0,0 +1,146 @@
+
+
+
+
+ Debug
+ Win32
+
+
+ Debug
+ x64
+
+
+ Release
+ Win32
+
+
+ Release
+ x64
+
+
+
+ {88549293-AA98-4E27-AA04-2696AAD141FB}
+ Win32Proj
+ DDPluginIsDebuggerPresent
+
+
+
+ DynamicLibrary
+ true
+ Unicode
+
+
+ DynamicLibrary
+ true
+ Unicode
+
+
+ DynamicLibrary
+ false
+ true
+ Unicode
+
+
+ DynamicLibrary
+ false
+ true
+ Unicode
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ true
+
+
+ true
+
+
+ false
+
+
+ false
+
+
+
+
+
+ Level3
+ Disabled
+ WIN32;_DEBUG;_WINDOWS;_USRDLL;DDPLUGINISDEBUGGERPRESENT_EXPORTS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+
+
+
+
+
+
+ Level3
+ Disabled
+ WIN32;_DEBUG;_WINDOWS;_USRDLL;DDPLUGINISDEBUGGERPRESENT_EXPORTS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+
+
+
+
+ Level3
+
+
+ Full
+ true
+ true
+ WIN32;NDEBUG;_WINDOWS;_USRDLL;DDPLUGINISDEBUGGERPRESENT_EXPORTS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+ true
+ true
+
+
+
+
+ Level3
+
+
+ MaxSpeed
+ true
+ true
+ WIN32;NDEBUG;_WINDOWS;_USRDLL;DDPLUGINISDEBUGGERPRESENT_EXPORTS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+ true
+ true
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/DD.Plugin.IsDebuggerPresent/DD.Plugin.IsDebuggerPresent.vcxproj.filters b/DD.Plugin.IsDebuggerPresent/DD.Plugin.IsDebuggerPresent.vcxproj.filters
new file mode 100644
index 0000000..4aa3883
--- /dev/null
+++ b/DD.Plugin.IsDebuggerPresent/DD.Plugin.IsDebuggerPresent.vcxproj.filters
@@ -0,0 +1,27 @@
+
+
+
+
+ {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
+ cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
+
+
+ {93995380-89BD-4b04-88EB-625FBE52EBFB}
+ h;hpp;hxx;hm;inl;inc;xsd
+
+
+ {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
+ rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
+
+
+
+
+ Quelldateien
+
+
+
+
+ Headerdateien
+
+
+
\ No newline at end of file
diff --git a/DD.Plugin.IsDebuggerPresent/DD.Plugin.IsDebuggerPresent.vcxproj.user b/DD.Plugin.IsDebuggerPresent/DD.Plugin.IsDebuggerPresent.vcxproj.user
new file mode 100644
index 0000000..ace9a86
--- /dev/null
+++ b/DD.Plugin.IsDebuggerPresent/DD.Plugin.IsDebuggerPresent.vcxproj.user
@@ -0,0 +1,3 @@
+
+
+
\ No newline at end of file
diff --git a/DD.Plugin.IsDebuggerPresent/DLLMain.cpp b/DD.Plugin.IsDebuggerPresent/DLLMain.cpp
new file mode 100644
index 0000000..27eea3d
--- /dev/null
+++ b/DD.Plugin.IsDebuggerPresent/DLLMain.cpp
@@ -0,0 +1,29 @@
+#include "DLLMain.h"
+
+BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason,LPVOID lpvReserved)
+{
+ return true;
+}
+
+__declspec(dllexport) TCHAR* __cdecl PluginName(void)
+{
+ return L"IsDebuggerPresent";
+}
+
+__declspec(dllexport) TCHAR* __cdecl PluginVersion(void)
+{
+ return L"0.1";
+}
+
+__declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void)
+{
+ return sErrorMessage;
+}
+
+__declspec(dllexport) DWORD __cdecl PluginDebugCheck(void)
+{
+ if(IsDebuggerPresent())
+ return 1;
+ else
+ return 0;
+}
\ No newline at end of file
diff --git a/DD.Plugin.IsDebuggerPresent/DLLMain.h b/DD.Plugin.IsDebuggerPresent/DLLMain.h
new file mode 100644
index 0000000..c79fc18
--- /dev/null
+++ b/DD.Plugin.IsDebuggerPresent/DLLMain.h
@@ -0,0 +1,16 @@
+#include
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+ __declspec(dllexport) TCHAR* __cdecl PluginName(void);
+ __declspec(dllexport) TCHAR* __cdecl PluginVersion(void);
+ __declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void);
+ __declspec(dllexport) DWORD __cdecl PluginDebugCheck(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+TCHAR* sErrorMessage;
\ No newline at end of file
diff --git a/DD.Plugin.MemoryBreakpoint/DD.Plugin.MemoryBreakpoint.vcxproj b/DD.Plugin.MemoryBreakpoint/DD.Plugin.MemoryBreakpoint.vcxproj
new file mode 100644
index 0000000..038df81
--- /dev/null
+++ b/DD.Plugin.MemoryBreakpoint/DD.Plugin.MemoryBreakpoint.vcxproj
@@ -0,0 +1,146 @@
+
+
+
+
+ Debug
+ Win32
+
+
+ Debug
+ x64
+
+
+ Release
+ Win32
+
+
+ Release
+ x64
+
+
+
+ {81A1BF40-3F97-43E2-B84A-6D787278900F}
+ Win32Proj
+ DDPluginMemoryBreakpoint
+
+
+
+ DynamicLibrary
+ true
+ Unicode
+
+
+ DynamicLibrary
+ true
+ Unicode
+
+
+ DynamicLibrary
+ false
+ true
+ Unicode
+
+
+ DynamicLibrary
+ false
+ true
+ Unicode
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ true
+
+
+ true
+
+
+ false
+
+
+ false
+
+
+
+
+
+ Level3
+ Disabled
+ WIN32;_DEBUG;_WINDOWS;_USRDLL;DDPLUGINMEMORYBREAKPOINT_EXPORTS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+
+
+
+
+
+
+ Level3
+ Disabled
+ WIN32;_DEBUG;_WINDOWS;_USRDLL;DDPLUGINMEMORYBREAKPOINT_EXPORTS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+
+
+
+
+ Level3
+
+
+ Full
+ true
+ true
+ WIN32;NDEBUG;_WINDOWS;_USRDLL;DDPLUGINMEMORYBREAKPOINT_EXPORTS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+ true
+ true
+
+
+
+
+ Level3
+
+
+ MaxSpeed
+ true
+ true
+ WIN32;NDEBUG;_WINDOWS;_USRDLL;DDPLUGINMEMORYBREAKPOINT_EXPORTS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+ true
+ true
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/DD.Plugin.MemoryBreakpoint/DD.Plugin.MemoryBreakpoint.vcxproj.filters b/DD.Plugin.MemoryBreakpoint/DD.Plugin.MemoryBreakpoint.vcxproj.filters
new file mode 100644
index 0000000..4aa3883
--- /dev/null
+++ b/DD.Plugin.MemoryBreakpoint/DD.Plugin.MemoryBreakpoint.vcxproj.filters
@@ -0,0 +1,27 @@
+
+
+
+
+ {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
+ cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
+
+
+ {93995380-89BD-4b04-88EB-625FBE52EBFB}
+ h;hpp;hxx;hm;inl;inc;xsd
+
+
+ {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
+ rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
+
+
+
+
+ Quelldateien
+
+
+
+
+ Headerdateien
+
+
+
\ No newline at end of file
diff --git a/DD.Plugin.MemoryBreakpoint/DD.Plugin.MemoryBreakpoint.vcxproj.user b/DD.Plugin.MemoryBreakpoint/DD.Plugin.MemoryBreakpoint.vcxproj.user
new file mode 100644
index 0000000..ace9a86
--- /dev/null
+++ b/DD.Plugin.MemoryBreakpoint/DD.Plugin.MemoryBreakpoint.vcxproj.user
@@ -0,0 +1,3 @@
+
+
+
\ No newline at end of file
diff --git a/DD.Plugin.MemoryBreakpoint/DLLMain.cpp b/DD.Plugin.MemoryBreakpoint/DLLMain.cpp
new file mode 100644
index 0000000..679c011
--- /dev/null
+++ b/DD.Plugin.MemoryBreakpoint/DLLMain.cpp
@@ -0,0 +1,65 @@
+#include "DLLMain.h"
+
+BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason,LPVOID lpvReserved)
+{
+ return true;
+}
+
+__declspec(dllexport) TCHAR* __cdecl PluginName(void)
+{
+ return L"PageGuard Check";
+}
+
+__declspec(dllexport) TCHAR* __cdecl PluginVersion(void)
+{
+ return L"0.1";
+}
+
+__declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void)
+{
+ return sErrorMessage;
+}
+
+__declspec(dllexport) DWORD __cdecl PluginDebugCheck(void)
+{
+ unsigned char *pMem = NULL;
+ SYSTEM_INFO sysinfo = {0};
+ DWORD OldProtect = 0;
+ void *pAllocation = NULL;
+
+ GetSystemInfo(&sysinfo);
+
+ pAllocation = VirtualAlloc(NULL,sysinfo.dwPageSize,MEM_COMMIT | MEM_RESERVE,PAGE_EXECUTE_READWRITE);
+
+ if (pAllocation == NULL)
+ {
+ sErrorMessage = (TCHAR*)malloc(255);
+ wsprintf(sErrorMessage,L"%s","Alloc failed!");
+ return -1;
+ }
+
+ pMem = (unsigned char*)pAllocation;
+ *pMem = 0xc3; // ret
+
+ if (VirtualProtect(pAllocation, sysinfo.dwPageSize,PAGE_EXECUTE_READWRITE | PAGE_GUARD,&OldProtect) == 0)
+ return false;
+
+ __try
+ {
+ __asm
+ {
+ mov eax, pAllocation
+ push MemBpBeingDebugged
+ jmp eax
+ }
+ }
+ __except(EXCEPTION_EXECUTE_HANDLER)
+ {
+ VirtualFree(pAllocation, NULL, MEM_RELEASE);
+ return 0;
+ }
+
+ __asm{MemBpBeingDebugged:}
+ VirtualFree(pAllocation, NULL, MEM_RELEASE);
+ return 1;
+}
\ No newline at end of file
diff --git a/DD.Plugin.MemoryBreakpoint/DLLMain.h b/DD.Plugin.MemoryBreakpoint/DLLMain.h
new file mode 100644
index 0000000..c79fc18
--- /dev/null
+++ b/DD.Plugin.MemoryBreakpoint/DLLMain.h
@@ -0,0 +1,16 @@
+#include
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+ __declspec(dllexport) TCHAR* __cdecl PluginName(void);
+ __declspec(dllexport) TCHAR* __cdecl PluginVersion(void);
+ __declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void);
+ __declspec(dllexport) DWORD __cdecl PluginDebugCheck(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+TCHAR* sErrorMessage;
\ No newline at end of file
diff --git a/DD.Plugin.OpenCSRSS/DD.Plugin.OpenCSRSS.vcxproj b/DD.Plugin.OpenCSRSS/DD.Plugin.OpenCSRSS.vcxproj
new file mode 100644
index 0000000..bcd3c28
--- /dev/null
+++ b/DD.Plugin.OpenCSRSS/DD.Plugin.OpenCSRSS.vcxproj
@@ -0,0 +1,146 @@
+
+
+
+
+ Debug
+ Win32
+
+
+ Debug
+ x64
+
+
+ Release
+ Win32
+
+
+ Release
+ x64
+
+
+
+ {37FD77D1-5F5E-4132-A320-41D97D091F42}
+ Win32Proj
+ DDPluginOpenCSRSS
+
+
+
+ DynamicLibrary
+ true
+ Unicode
+
+
+ DynamicLibrary
+ true
+ Unicode
+
+
+ DynamicLibrary
+ false
+ true
+ Unicode
+
+
+ DynamicLibrary
+ false
+ true
+ Unicode
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ true
+
+
+ true
+
+
+ false
+
+
+ false
+
+
+
+
+
+ Level3
+ Disabled
+ WIN32;_DEBUG;_WINDOWS;_USRDLL;DDPLUGINOPENCSRSS_EXPORTS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+
+
+
+
+
+
+ Level3
+ Disabled
+ WIN32;_DEBUG;_WINDOWS;_USRDLL;DDPLUGINOPENCSRSS_EXPORTS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+
+
+
+
+ Level3
+
+
+ Full
+ true
+ true
+ WIN32;NDEBUG;_WINDOWS;_USRDLL;DDPLUGINOPENCSRSS_EXPORTS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+ true
+ true
+
+
+
+
+ Level3
+
+
+ MaxSpeed
+ true
+ true
+ WIN32;NDEBUG;_WINDOWS;_USRDLL;DDPLUGINOPENCSRSS_EXPORTS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+ true
+ true
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/DD.Plugin.OpenCSRSS/DD.Plugin.OpenCSRSS.vcxproj.filters b/DD.Plugin.OpenCSRSS/DD.Plugin.OpenCSRSS.vcxproj.filters
new file mode 100644
index 0000000..4aa3883
--- /dev/null
+++ b/DD.Plugin.OpenCSRSS/DD.Plugin.OpenCSRSS.vcxproj.filters
@@ -0,0 +1,27 @@
+
+
+
+
+ {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
+ cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
+
+
+ {93995380-89BD-4b04-88EB-625FBE52EBFB}
+ h;hpp;hxx;hm;inl;inc;xsd
+
+
+ {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
+ rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
+
+
+
+
+ Quelldateien
+
+
+
+
+ Headerdateien
+
+
+
\ No newline at end of file
diff --git a/DD.Plugin.OpenCSRSS/DD.Plugin.OpenCSRSS.vcxproj.user b/DD.Plugin.OpenCSRSS/DD.Plugin.OpenCSRSS.vcxproj.user
new file mode 100644
index 0000000..ace9a86
--- /dev/null
+++ b/DD.Plugin.OpenCSRSS/DD.Plugin.OpenCSRSS.vcxproj.user
@@ -0,0 +1,3 @@
+
+
+
\ No newline at end of file
diff --git a/DD.Plugin.OpenCSRSS/DLLMain.cpp b/DD.Plugin.OpenCSRSS/DLLMain.cpp
new file mode 100644
index 0000000..9dc6274
--- /dev/null
+++ b/DD.Plugin.OpenCSRSS/DLLMain.cpp
@@ -0,0 +1,52 @@
+#include "DLLMain.h"
+
+BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason,LPVOID lpvReserved)
+{
+ return true;
+}
+
+__declspec(dllexport) TCHAR* __cdecl PluginName(void)
+{
+ return L"Open CSRSS Process";
+}
+
+__declspec(dllexport) TCHAR* __cdecl PluginVersion(void)
+{
+ return L"0.1";
+}
+
+__declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void)
+{
+ return sErrorMessage;
+}
+
+__declspec(dllexport) DWORD __cdecl PluginDebugCheck(void)
+{
+ HANDLE hProcessSnap = NULL,hProc = NULL;
+ PROCESSENTRY32W pe32w;
+ bool bDebugged = false;
+
+ hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
+ if(hProcessSnap != INVALID_HANDLE_VALUE)
+ {
+ pe32w.dwSize = sizeof(PROCESSENTRY32W);
+ if(Process32First(hProcessSnap,&pe32w))
+ {
+ do
+ {
+ if(wcsstr(pe32w.szExeFile,L"csrss.exe") != NULL)
+ {
+ hProc = OpenProcess(PROCESS_ALL_ACCESS,false,pe32w.th32ProcessID);
+
+ if(hProc != INVALID_HANDLE_VALUE)
+ {
+ bDebugged = true;
+ CloseHandle(hProc);
+ }
+ }
+ } while(Process32Next(hProcessSnap,&pe32w));
+ }
+ CloseHandle(hProcessSnap);
+ }
+ return bDebugged;
+}
\ No newline at end of file
diff --git a/DD.Plugin.OpenCSRSS/DLLMain.h b/DD.Plugin.OpenCSRSS/DLLMain.h
new file mode 100644
index 0000000..7c7ddcd
--- /dev/null
+++ b/DD.Plugin.OpenCSRSS/DLLMain.h
@@ -0,0 +1,17 @@
+#include
+#include
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+ __declspec(dllexport) TCHAR* __cdecl PluginName(void);
+ __declspec(dllexport) TCHAR* __cdecl PluginVersion(void);
+ __declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void);
+ __declspec(dllexport) DWORD __cdecl PluginDebugCheck(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+TCHAR* sErrorMessage;
\ No newline at end of file
diff --git a/DD.Plugin.OutputDebugString/DD.Plugin.OutputDebugString.vcxproj b/DD.Plugin.OutputDebugString/DD.Plugin.OutputDebugString.vcxproj
new file mode 100644
index 0000000..44fc5b0
--- /dev/null
+++ b/DD.Plugin.OutputDebugString/DD.Plugin.OutputDebugString.vcxproj
@@ -0,0 +1,146 @@
+
+
+
+
+ Debug
+ Win32
+
+
+ Debug
+ x64
+
+
+ Release
+ Win32
+
+
+ Release
+ x64
+
+
+
+ {7877EF61-890C-4190-B60B-369E1C703BB4}
+ Win32Proj
+ DDPluginOutputDebugString
+
+
+
+ DynamicLibrary
+ true
+ Unicode
+
+
+ DynamicLibrary
+ true
+ Unicode
+
+
+ DynamicLibrary
+ false
+ true
+ Unicode
+
+
+ DynamicLibrary
+ false
+ true
+ Unicode
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ true
+
+
+ true
+
+
+ false
+
+
+ false
+
+
+
+
+
+ Level3
+ Disabled
+ WIN32;_DEBUG;_WINDOWS;_USRDLL;DDPLUGINOUTPUTDEBUGSTRING_EXPORTS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+
+
+
+
+
+
+ Level3
+ Disabled
+ WIN32;_DEBUG;_WINDOWS;_USRDLL;DDPLUGINOUTPUTDEBUGSTRING_EXPORTS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+
+
+
+
+ Level3
+
+
+ Full
+ true
+ true
+ WIN32;NDEBUG;_WINDOWS;_USRDLL;DDPLUGINOUTPUTDEBUGSTRING_EXPORTS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+ true
+ true
+
+
+
+
+ Level3
+
+
+ MaxSpeed
+ true
+ true
+ WIN32;NDEBUG;_WINDOWS;_USRDLL;DDPLUGINOUTPUTDEBUGSTRING_EXPORTS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+ true
+ true
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/DD.Plugin.OutputDebugString/DD.Plugin.OutputDebugString.vcxproj.filters b/DD.Plugin.OutputDebugString/DD.Plugin.OutputDebugString.vcxproj.filters
new file mode 100644
index 0000000..4aa3883
--- /dev/null
+++ b/DD.Plugin.OutputDebugString/DD.Plugin.OutputDebugString.vcxproj.filters
@@ -0,0 +1,27 @@
+
+
+
+
+ {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
+ cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
+
+
+ {93995380-89BD-4b04-88EB-625FBE52EBFB}
+ h;hpp;hxx;hm;inl;inc;xsd
+
+
+ {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
+ rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
+
+
+
+
+ Quelldateien
+
+
+
+
+ Headerdateien
+
+
+
\ No newline at end of file
diff --git a/DD.Plugin.OutputDebugString/DD.Plugin.OutputDebugString.vcxproj.user b/DD.Plugin.OutputDebugString/DD.Plugin.OutputDebugString.vcxproj.user
new file mode 100644
index 0000000..ace9a86
--- /dev/null
+++ b/DD.Plugin.OutputDebugString/DD.Plugin.OutputDebugString.vcxproj.user
@@ -0,0 +1,3 @@
+
+
+
\ No newline at end of file
diff --git a/DD.Plugin.OutputDebugString/DLLMain.cpp b/DD.Plugin.OutputDebugString/DLLMain.cpp
new file mode 100644
index 0000000..fe2fc8a
--- /dev/null
+++ b/DD.Plugin.OutputDebugString/DLLMain.cpp
@@ -0,0 +1,40 @@
+#include "DLLMain.h"
+
+BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason,LPVOID lpvReserved)
+{
+ return true;
+}
+
+__declspec(dllexport) TCHAR* __cdecl PluginName(void)
+{
+ return L"OutputDebugString";
+}
+
+__declspec(dllexport) TCHAR* __cdecl PluginVersion(void)
+{
+ return L"0.1";
+}
+
+__declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void)
+{
+ return sErrorMessage;
+}
+
+__declspec(dllexport) DWORD __cdecl PluginDebugCheck(void)
+{
+ char szMessage[] = "DebugCheck";
+
+ __asm
+ {
+ xor eax,eax
+ lea ebx, szMessage
+ push ebx
+ call dword ptr OutputDebugStringA
+ cmp eax,1
+ ja DebuggerFound
+ }
+ return 0;
+
+ __asm{DebuggerFound:}
+ return 1;
+}
\ No newline at end of file
diff --git a/DD.Plugin.OutputDebugString/DLLMain.h b/DD.Plugin.OutputDebugString/DLLMain.h
new file mode 100644
index 0000000..c79fc18
--- /dev/null
+++ b/DD.Plugin.OutputDebugString/DLLMain.h
@@ -0,0 +1,16 @@
+#include
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+ __declspec(dllexport) TCHAR* __cdecl PluginName(void);
+ __declspec(dllexport) TCHAR* __cdecl PluginVersion(void);
+ __declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void);
+ __declspec(dllexport) DWORD __cdecl PluginDebugCheck(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+TCHAR* sErrorMessage;
\ No newline at end of file
diff --git a/DD.Plugin.PEBDebugFlag/DD.Plugin.PEBDebugFlag.vcxproj b/DD.Plugin.PEBDebugFlag/DD.Plugin.PEBDebugFlag.vcxproj
new file mode 100644
index 0000000..f2d535d
--- /dev/null
+++ b/DD.Plugin.PEBDebugFlag/DD.Plugin.PEBDebugFlag.vcxproj
@@ -0,0 +1,146 @@
+
+
+
+
+ Debug
+ Win32
+
+
+ Debug
+ x64
+
+
+ Release
+ Win32
+
+
+ Release
+ x64
+
+
+
+ {35074703-DCA4-4085-8D5B-548E87B1A6B1}
+ Win32Proj
+ DDPluginPEBDebugFlag
+
+
+
+ DynamicLibrary
+ true
+ Unicode
+
+
+ DynamicLibrary
+ true
+ Unicode
+
+
+ DynamicLibrary
+ false
+ true
+ Unicode
+
+
+ DynamicLibrary
+ false
+ true
+ Unicode
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ true
+
+
+ true
+
+
+ false
+
+
+ false
+
+
+
+
+
+ Level3
+ Disabled
+ WIN32;_DEBUG;_WINDOWS;_USRDLL;DDPLUGINPEBDEBUGFLAG_EXPORTS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+
+
+
+
+
+
+ Level3
+ Disabled
+ WIN32;_DEBUG;_WINDOWS;_USRDLL;DDPLUGINPEBDEBUGFLAG_EXPORTS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+
+
+
+
+ Level3
+
+
+ Full
+ true
+ true
+ WIN32;NDEBUG;_WINDOWS;_USRDLL;DDPLUGINPEBDEBUGFLAG_EXPORTS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+ true
+ true
+
+
+
+
+ Level3
+
+
+ MaxSpeed
+ true
+ true
+ WIN32;NDEBUG;_WINDOWS;_USRDLL;DDPLUGINPEBDEBUGFLAG_EXPORTS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+ true
+ true
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/DD.Plugin.PEBDebugFlag/DD.Plugin.PEBDebugFlag.vcxproj.filters b/DD.Plugin.PEBDebugFlag/DD.Plugin.PEBDebugFlag.vcxproj.filters
new file mode 100644
index 0000000..4aa3883
--- /dev/null
+++ b/DD.Plugin.PEBDebugFlag/DD.Plugin.PEBDebugFlag.vcxproj.filters
@@ -0,0 +1,27 @@
+
+
+
+
+ {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
+ cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
+
+
+ {93995380-89BD-4b04-88EB-625FBE52EBFB}
+ h;hpp;hxx;hm;inl;inc;xsd
+
+
+ {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
+ rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
+
+
+
+
+ Quelldateien
+
+
+
+
+ Headerdateien
+
+
+
\ No newline at end of file
diff --git a/DD.Plugin.PEBDebugFlag/DD.Plugin.PEBDebugFlag.vcxproj.user b/DD.Plugin.PEBDebugFlag/DD.Plugin.PEBDebugFlag.vcxproj.user
new file mode 100644
index 0000000..ace9a86
--- /dev/null
+++ b/DD.Plugin.PEBDebugFlag/DD.Plugin.PEBDebugFlag.vcxproj.user
@@ -0,0 +1,3 @@
+
+
+
\ No newline at end of file
diff --git a/DD.Plugin.PEBDebugFlag/DLLMain.cpp b/DD.Plugin.PEBDebugFlag/DLLMain.cpp
new file mode 100644
index 0000000..e9c5b9b
--- /dev/null
+++ b/DD.Plugin.PEBDebugFlag/DLLMain.cpp
@@ -0,0 +1,55 @@
+#include "DLLMain.h"
+
+BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason,LPVOID lpvReserved)
+{
+ return true;
+}
+
+__declspec(dllexport) TCHAR* __cdecl PluginName(void)
+{
+ return L"PEBDebugFlag";
+}
+
+__declspec(dllexport) TCHAR* __cdecl PluginVersion(void)
+{
+ return L"0.1";
+}
+
+__declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void)
+{
+ return sErrorMessage;
+}
+
+__declspec(dllexport) DWORD __cdecl PluginDebugCheck(void)
+{
+ __asm
+ {
+ mov eax, fs:[18h] ;TEB
+ mov eax, [eax + 30h] ;PEB
+ movzx eax, [eax + 2h] ;BeingDebugged
+ cmp eax, 1h
+ je DebuggerDetected
+ }
+
+ return 0;
+ __asm{DebuggerDetected:}
+ return 1;
+
+ //PROCESS_BASIC_INFORMATION pPBI;
+ //HANDLE hDebugObject = NULL;
+ //NTSTATUS Status;
+ //typedef NTSTATUS (WINAPI *pNtQueryInformationProcess)(HANDLE,UINT,PVOID,ULONG,PULONG);
+
+ //pNtQueryInformationProcess NtQIP = (pNtQueryInformationProcess)GetProcAddress(GetModuleHandle(L"ntdll.dll"),"NtQueryInformationProcess");
+
+ //Status = NtQIP(GetCurrentProcess(),0,&pPBI,sizeof(PROCESS_BASIC_INFORMATION),NULL);
+
+ //if (Status == 0x00000000)
+ //{
+ // if(pPBI.PebBaseAddress->BeingDebugged == 1)
+ // return true;
+ // else
+ // return false;
+ //}
+ //return false;
+}
\ No newline at end of file
diff --git a/DD.Plugin.PEBDebugFlag/DLLMain.h b/DD.Plugin.PEBDebugFlag/DLLMain.h
new file mode 100644
index 0000000..c79fc18
--- /dev/null
+++ b/DD.Plugin.PEBDebugFlag/DLLMain.h
@@ -0,0 +1,16 @@
+#include
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+ __declspec(dllexport) TCHAR* __cdecl PluginName(void);
+ __declspec(dllexport) TCHAR* __cdecl PluginVersion(void);
+ __declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void);
+ __declspec(dllexport) DWORD __cdecl PluginDebugCheck(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+TCHAR* sErrorMessage;
\ No newline at end of file
diff --git a/DD.Plugin.PEBGlobalFlags/DD.Plugin.PEBGlobalFlags.vcxproj b/DD.Plugin.PEBGlobalFlags/DD.Plugin.PEBGlobalFlags.vcxproj
new file mode 100644
index 0000000..a69baf1
--- /dev/null
+++ b/DD.Plugin.PEBGlobalFlags/DD.Plugin.PEBGlobalFlags.vcxproj
@@ -0,0 +1,146 @@
+
+
+
+
+ Debug
+ Win32
+
+
+ Debug
+ x64
+
+
+ Release
+ Win32
+
+
+ Release
+ x64
+
+
+
+ {CD4B8AE6-D5A3-4336-B430-09BCEAF874FE}
+ Win32Proj
+ DDPluginPEBGlobalFlags
+
+
+
+ DynamicLibrary
+ true
+ Unicode
+
+
+ DynamicLibrary
+ true
+ Unicode
+
+
+ DynamicLibrary
+ false
+ true
+ Unicode
+
+
+ DynamicLibrary
+ false
+ true
+ Unicode
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ true
+
+
+ true
+
+
+ false
+
+
+ false
+
+
+
+
+
+ Level3
+ Disabled
+ WIN32;_DEBUG;_WINDOWS;_USRDLL;DDPLUGINPEBGLOBALFLAGS_EXPORTS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+
+
+
+
+
+
+ Level3
+ Disabled
+ WIN32;_DEBUG;_WINDOWS;_USRDLL;DDPLUGINPEBGLOBALFLAGS_EXPORTS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+
+
+
+
+ Level3
+
+
+ Full
+ true
+ true
+ WIN32;NDEBUG;_WINDOWS;_USRDLL;DDPLUGINPEBGLOBALFLAGS_EXPORTS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+ true
+ true
+
+
+
+
+ Level3
+
+
+ MaxSpeed
+ true
+ true
+ WIN32;NDEBUG;_WINDOWS;_USRDLL;DDPLUGINPEBGLOBALFLAGS_EXPORTS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+ true
+ true
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/DD.Plugin.PEBGlobalFlags/DD.Plugin.PEBGlobalFlags.vcxproj.filters b/DD.Plugin.PEBGlobalFlags/DD.Plugin.PEBGlobalFlags.vcxproj.filters
new file mode 100644
index 0000000..4aa3883
--- /dev/null
+++ b/DD.Plugin.PEBGlobalFlags/DD.Plugin.PEBGlobalFlags.vcxproj.filters
@@ -0,0 +1,27 @@
+
+
+
+
+ {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
+ cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
+
+
+ {93995380-89BD-4b04-88EB-625FBE52EBFB}
+ h;hpp;hxx;hm;inl;inc;xsd
+
+
+ {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
+ rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
+
+
+
+
+ Quelldateien
+
+
+
+
+ Headerdateien
+
+
+
\ No newline at end of file
diff --git a/DD.Plugin.PEBGlobalFlags/DD.Plugin.PEBGlobalFlags.vcxproj.user b/DD.Plugin.PEBGlobalFlags/DD.Plugin.PEBGlobalFlags.vcxproj.user
new file mode 100644
index 0000000..ace9a86
--- /dev/null
+++ b/DD.Plugin.PEBGlobalFlags/DD.Plugin.PEBGlobalFlags.vcxproj.user
@@ -0,0 +1,3 @@
+
+
+
\ No newline at end of file
diff --git a/DD.Plugin.PEBGlobalFlags/DLLMain.cpp b/DD.Plugin.PEBGlobalFlags/DLLMain.cpp
new file mode 100644
index 0000000..e6d6561
--- /dev/null
+++ b/DD.Plugin.PEBGlobalFlags/DLLMain.cpp
@@ -0,0 +1,57 @@
+#include "DLLMain.h"
+
+BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason,LPVOID lpvReserved)
+{
+ return true;
+}
+
+__declspec(dllexport) TCHAR* __cdecl PluginName(void)
+{
+ return L"PEBGlobalFlag";
+}
+
+__declspec(dllexport) TCHAR* __cdecl PluginVersion(void)
+{
+ return L"0.1";
+}
+
+__declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void)
+{
+ return sErrorMessage;
+}
+
+__declspec(dllexport) DWORD __cdecl PluginDebugCheck(void)
+{
+ __asm
+ {
+ mov eax, fs:[18h] ;TEB
+ mov eax, [eax + 30h] ;PEB
+ mov eax, [eax + 68h] ;NtGlobalFlag
+ cmp eax,70h
+ je DebuggerDetected
+ }
+
+ return 0;
+ __asm{DebuggerDetected:}
+ return 1;
+
+ //PROCESS_BASIC_INFORMATION pPBI;
+ //HANDLE hDebugObject = NULL;
+ //NTSTATUS Status;
+ //typedef NTSTATUS (WINAPI *pNtQueryInformationProcess)(HANDLE,UINT,PVOID,ULONG,PULONG);
+
+ //pNtQueryInformationProcess NtQIP = (pNtQueryInformationProcess)GetProcAddress(GetModuleHandle(L"ntdll.dll"),"NtQueryInformationProcess");
+
+ //Status = NtQIP(GetCurrentProcess(),0,&pPBI,sizeof(PROCESS_BASIC_INFORMATION),NULL);
+
+ //if (Status == 0x00000000)
+ //{
+ // char* voFlag = (char*)pPBI.PebBaseAddress + 0x68;
+
+ // if(*voFlag == 0x70)
+ // return true;
+ // else
+ // return false;
+ //}
+ //return false;
+}
\ No newline at end of file
diff --git a/DD.Plugin.PEBGlobalFlags/DLLMain.h b/DD.Plugin.PEBGlobalFlags/DLLMain.h
new file mode 100644
index 0000000..c79fc18
--- /dev/null
+++ b/DD.Plugin.PEBGlobalFlags/DLLMain.h
@@ -0,0 +1,16 @@
+#include
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+ __declspec(dllexport) TCHAR* __cdecl PluginName(void);
+ __declspec(dllexport) TCHAR* __cdecl PluginVersion(void);
+ __declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void);
+ __declspec(dllexport) DWORD __cdecl PluginDebugCheck(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+TCHAR* sErrorMessage;
\ No newline at end of file
diff --git a/DD.Plugin.PEBProcHeapFlag/DD.Plugin.PEBProcHeapFlag.vcxproj b/DD.Plugin.PEBProcHeapFlag/DD.Plugin.PEBProcHeapFlag.vcxproj
new file mode 100644
index 0000000..ba59044
--- /dev/null
+++ b/DD.Plugin.PEBProcHeapFlag/DD.Plugin.PEBProcHeapFlag.vcxproj
@@ -0,0 +1,146 @@
+
+
+
+
+ Debug
+ Win32
+
+
+ Debug
+ x64
+
+
+ Release
+ Win32
+
+
+ Release
+ x64
+
+
+
+ {B0370AE7-386D-46AF-AABB-34E5784944FA}
+ Win32Proj
+ DDPluginPEBProcHeapFlag
+
+
+
+ DynamicLibrary
+ true
+ Unicode
+
+
+ DynamicLibrary
+ true
+ Unicode
+
+
+ DynamicLibrary
+ false
+ true
+ Unicode
+
+
+ DynamicLibrary
+ false
+ true
+ Unicode
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ true
+
+
+ true
+
+
+ false
+
+
+ false
+
+
+
+
+
+ Level3
+ Disabled
+ WIN32;_DEBUG;_WINDOWS;_USRDLL;DDPLUGINPEBPROCHEAPFLAG_EXPORTS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+
+
+
+
+
+
+ Level3
+ Disabled
+ WIN32;_DEBUG;_WINDOWS;_USRDLL;DDPLUGINPEBPROCHEAPFLAG_EXPORTS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+
+
+
+
+ Level3
+
+
+ Full
+ true
+ true
+ WIN32;NDEBUG;_WINDOWS;_USRDLL;DDPLUGINPEBPROCHEAPFLAG_EXPORTS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+ true
+ true
+
+
+
+
+ Level3
+
+
+ MaxSpeed
+ true
+ true
+ WIN32;NDEBUG;_WINDOWS;_USRDLL;DDPLUGINPEBPROCHEAPFLAG_EXPORTS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+ true
+ true
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/DD.Plugin.PEBProcHeapFlag/DD.Plugin.PEBProcHeapFlag.vcxproj.filters b/DD.Plugin.PEBProcHeapFlag/DD.Plugin.PEBProcHeapFlag.vcxproj.filters
new file mode 100644
index 0000000..4aa3883
--- /dev/null
+++ b/DD.Plugin.PEBProcHeapFlag/DD.Plugin.PEBProcHeapFlag.vcxproj.filters
@@ -0,0 +1,27 @@
+
+
+
+
+ {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
+ cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
+
+
+ {93995380-89BD-4b04-88EB-625FBE52EBFB}
+ h;hpp;hxx;hm;inl;inc;xsd
+
+
+ {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
+ rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
+
+
+
+
+ Quelldateien
+
+
+
+
+ Headerdateien
+
+
+
\ No newline at end of file
diff --git a/DD.Plugin.PEBProcHeapFlag/DD.Plugin.PEBProcHeapFlag.vcxproj.user b/DD.Plugin.PEBProcHeapFlag/DD.Plugin.PEBProcHeapFlag.vcxproj.user
new file mode 100644
index 0000000..ace9a86
--- /dev/null
+++ b/DD.Plugin.PEBProcHeapFlag/DD.Plugin.PEBProcHeapFlag.vcxproj.user
@@ -0,0 +1,3 @@
+
+
+
\ No newline at end of file
diff --git a/DD.Plugin.PEBProcHeapFlag/DLLMain.cpp b/DD.Plugin.PEBProcHeapFlag/DLLMain.cpp
new file mode 100644
index 0000000..a01d4e4
--- /dev/null
+++ b/DD.Plugin.PEBProcHeapFlag/DLLMain.cpp
@@ -0,0 +1,78 @@
+#include "DLLMain.h"
+
+BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason,LPVOID lpvReserved)
+{
+ return true;
+}
+
+__declspec(dllexport) TCHAR* __cdecl PluginName(void)
+{
+ return L"PEBProcHeapFlag";
+}
+
+__declspec(dllexport) TCHAR* __cdecl PluginVersion(void)
+{
+ return L"0.1";
+}
+
+__declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void)
+{
+ return sErrorMessage;
+}
+
+__declspec(dllexport) DWORD __cdecl PluginDebugCheck(void)
+{
+ if(GetWinVersion() == 3)
+ {
+ __asm
+ {
+ mov eax, fs:[18h] ;TEB
+ mov eax, [eax + 30h] ;PEB
+ mov eax, [eax + 18h] ;process heap
+ cmp [eax + 44h],0 ;heap force flags //seems changed on win7 xp = 10h
+ jne DebuggerDetected
+ }
+ }
+ else if (GetWinVersion() < 3)
+ {
+ __asm
+ {
+ mov eax, fs:[18h] ;TEB
+ mov eax, [eax + 30h] ;PEB
+ mov eax, [eax + 18h] ;process heap
+ cmp [eax + 10h],0 ;heap force flags //seems changed on win7 xp = 10h
+ jne DebuggerDetected
+ }
+ }
+ return 0;
+ __asm{DebuggerDetected:}
+ return 1;
+}
+
+int GetWinVersion()
+{
+ OSVERSIONINFO osVerInfo;
+ OSVERSIONINFOEX osVerEx;
+
+ ZeroMemory(&osVerInfo,sizeof(OSVERSIONINFO));
+ ZeroMemory(&osVerEx,sizeof(OSVERSIONINFOEX));
+ osVerInfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
+ osVerEx.dwOSVersionInfoSize = sizeof(OSVERSIONINFOEX);
+
+ GetVersionEx(&osVerInfo);
+ GetVersionEx((OSVERSIONINFO*)&osVerEx);
+
+ if(osVerInfo.dwMajorVersion == 5 && osVerInfo.dwMinorVersion == 0 )
+ return 0;//WIN_2000;
+
+ if(osVerInfo.dwMajorVersion == 5 && osVerInfo.dwMinorVersion == 1 )
+ return 1;//WIN_XP;
+
+ if(osVerInfo.dwMajorVersion == 6 && osVerInfo.dwMinorVersion == 0 && osVerEx.wProductType == VER_NT_WORKSTATION )
+ return 2;//WIN_VISTA;
+
+ if(osVerInfo.dwMajorVersion == 6 && osVerInfo.dwMinorVersion == 1 && osVerEx.wProductType == VER_NT_WORKSTATION )
+ return 3;//WIN_7;
+
+ return -1;
+}
\ No newline at end of file
diff --git a/DD.Plugin.PEBProcHeapFlag/DLLMain.h b/DD.Plugin.PEBProcHeapFlag/DLLMain.h
new file mode 100644
index 0000000..38032b1
--- /dev/null
+++ b/DD.Plugin.PEBProcHeapFlag/DLLMain.h
@@ -0,0 +1,18 @@
+#include
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+ __declspec(dllexport) TCHAR* __cdecl PluginName(void);
+ __declspec(dllexport) TCHAR* __cdecl PluginVersion(void);
+ __declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void);
+ __declspec(dllexport) DWORD __cdecl PluginDebugCheck(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+int GetWinVersion();
+
+TCHAR* sErrorMessage;
\ No newline at end of file
diff --git a/DD.Plugin.ParentProcess/DD.Plugin.ParentProcess.vcxproj b/DD.Plugin.ParentProcess/DD.Plugin.ParentProcess.vcxproj
new file mode 100644
index 0000000..f26440c
--- /dev/null
+++ b/DD.Plugin.ParentProcess/DD.Plugin.ParentProcess.vcxproj
@@ -0,0 +1,146 @@
+
+
+
+
+ Debug
+ Win32
+
+
+ Debug
+ x64
+
+
+ Release
+ Win32
+
+
+ Release
+ x64
+
+
+
+ {1B5C3EB4-63B2-4314-91FE-BC69537262A8}
+ Win32Proj
+ DDPluginParentProcess
+
+
+
+ DynamicLibrary
+ true
+ Unicode
+
+
+ DynamicLibrary
+ true
+ Unicode
+
+
+ DynamicLibrary
+ false
+ true
+ Unicode
+
+
+ DynamicLibrary
+ false
+ true
+ Unicode
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ true
+
+
+ true
+
+
+ false
+
+
+ false
+
+
+
+
+
+ Level3
+ Disabled
+ WIN32;_DEBUG;_WINDOWS;_USRDLL;DDPLUGINPARENTPROCESS_EXPORTS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+
+
+
+
+
+
+ Level3
+ Disabled
+ WIN32;_DEBUG;_WINDOWS;_USRDLL;DDPLUGINPARENTPROCESS_EXPORTS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+
+
+
+
+ Level3
+
+
+ Full
+ true
+ true
+ WIN32;NDEBUG;_WINDOWS;_USRDLL;DDPLUGINPARENTPROCESS_EXPORTS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+ true
+ true
+
+
+
+
+ Level3
+
+
+ MaxSpeed
+ true
+ true
+ WIN32;NDEBUG;_WINDOWS;_USRDLL;DDPLUGINPARENTPROCESS_EXPORTS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+ true
+ true
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/DD.Plugin.ParentProcess/DD.Plugin.ParentProcess.vcxproj.filters b/DD.Plugin.ParentProcess/DD.Plugin.ParentProcess.vcxproj.filters
new file mode 100644
index 0000000..4aa3883
--- /dev/null
+++ b/DD.Plugin.ParentProcess/DD.Plugin.ParentProcess.vcxproj.filters
@@ -0,0 +1,27 @@
+
+
+
+
+ {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
+ cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
+
+
+ {93995380-89BD-4b04-88EB-625FBE52EBFB}
+ h;hpp;hxx;hm;inl;inc;xsd
+
+
+ {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
+ rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
+
+
+
+
+ Quelldateien
+
+
+
+
+ Headerdateien
+
+
+
\ No newline at end of file
diff --git a/DD.Plugin.ParentProcess/DD.Plugin.ParentProcess.vcxproj.user b/DD.Plugin.ParentProcess/DD.Plugin.ParentProcess.vcxproj.user
new file mode 100644
index 0000000..ace9a86
--- /dev/null
+++ b/DD.Plugin.ParentProcess/DD.Plugin.ParentProcess.vcxproj.user
@@ -0,0 +1,3 @@
+
+
+
\ No newline at end of file
diff --git a/DD.Plugin.ParentProcess/DLLMain.cpp b/DD.Plugin.ParentProcess/DLLMain.cpp
new file mode 100644
index 0000000..2e6d348
--- /dev/null
+++ b/DD.Plugin.ParentProcess/DLLMain.cpp
@@ -0,0 +1,50 @@
+#include "DLLMain.h"
+
+BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason,LPVOID lpvReserved)
+{
+ return true;
+}
+
+__declspec(dllexport) TCHAR* __cdecl PluginName(void)
+{
+ return L"ParentProcess";
+}
+
+__declspec(dllexport) TCHAR* __cdecl PluginVersion(void)
+{
+ return L"0.1";
+}
+
+__declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void)
+{
+ return sErrorMessage;
+}
+
+__declspec(dllexport) DWORD __cdecl PluginDebugCheck(void)
+{
+ HANDLE hProcessSnap = NULL,hProc = NULL;
+ PROCESSENTRY32W pe32w;
+ DWORD dwThis = 0,dwExplorer = 0;
+
+ hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
+ if(hProcessSnap != INVALID_HANDLE_VALUE)
+ {
+ pe32w.dwSize = sizeof(PROCESSENTRY32W);
+ if(Process32First(hProcessSnap,&pe32w))
+ {
+ do
+ {
+ if(wcsstr(pe32w.szExeFile,L"explorer.exe") != NULL)
+ dwExplorer = pe32w.th32ProcessID;
+ else if(pe32w.th32ProcessID == GetCurrentProcessId())
+ dwThis = pe32w.th32ParentProcessID;
+ } while(Process32Next(hProcessSnap,&pe32w));
+ }
+ CloseHandle(hProcessSnap);
+ }
+
+ if(dwThis == dwExplorer)
+ return 0;
+ else
+ return 1;
+}
\ No newline at end of file
diff --git a/DD.Plugin.ParentProcess/DLLMain.h b/DD.Plugin.ParentProcess/DLLMain.h
new file mode 100644
index 0000000..eca1609
--- /dev/null
+++ b/DD.Plugin.ParentProcess/DLLMain.h
@@ -0,0 +1,17 @@
+#include
+#include
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+ __declspec(dllexport) TCHAR* __cdecl PluginName(void);
+ __declspec(dllexport) TCHAR* __cdecl PluginVersion(void);
+ __declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void);
+ __declspec(dllexport) DWORD __cdecl PluginDebugCheck(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+TCHAR* sErrorMessage;
\ No newline at end of file
diff --git a/DD.Plugin.ProcessDebugFlag/DD.Plugin.ProcessDebugFlag.vcxproj b/DD.Plugin.ProcessDebugFlag/DD.Plugin.ProcessDebugFlag.vcxproj
new file mode 100644
index 0000000..04e6af6
--- /dev/null
+++ b/DD.Plugin.ProcessDebugFlag/DD.Plugin.ProcessDebugFlag.vcxproj
@@ -0,0 +1,146 @@
+
+
+
+
+ Debug
+ Win32
+
+
+ Debug
+ x64
+
+
+ Release
+ Win32
+
+
+ Release
+ x64
+
+
+
+ {DE1B58DE-B1C1-41CC-8E00-DA072EAB1066}
+ Win32Proj
+ DDPluginProcessDebugFlag
+
+
+
+ DynamicLibrary
+ true
+ Unicode
+
+
+ DynamicLibrary
+ true
+ Unicode
+
+
+ DynamicLibrary
+ false
+ true
+ Unicode
+
+
+ DynamicLibrary
+ false
+ true
+ Unicode
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ true
+
+
+ true
+
+
+ false
+
+
+ false
+
+
+
+
+
+ Level3
+ Disabled
+ WIN32;_DEBUG;_WINDOWS;_USRDLL;DDPLUGINPROCESSDEBUGFLAG_EXPORTS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+
+
+
+
+
+
+ Level3
+ Disabled
+ WIN32;_DEBUG;_WINDOWS;_USRDLL;DDPLUGINPROCESSDEBUGFLAG_EXPORTS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+
+
+
+
+ Level3
+
+
+ Full
+ true
+ true
+ WIN32;NDEBUG;_WINDOWS;_USRDLL;DDPLUGINPROCESSDEBUGFLAG_EXPORTS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+ true
+ true
+
+
+
+
+ Level3
+
+
+ MaxSpeed
+ true
+ true
+ WIN32;NDEBUG;_WINDOWS;_USRDLL;DDPLUGINPROCESSDEBUGFLAG_EXPORTS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+ true
+ true
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/DD.Plugin.ProcessDebugFlag/DD.Plugin.ProcessDebugFlag.vcxproj.filters b/DD.Plugin.ProcessDebugFlag/DD.Plugin.ProcessDebugFlag.vcxproj.filters
new file mode 100644
index 0000000..4aa3883
--- /dev/null
+++ b/DD.Plugin.ProcessDebugFlag/DD.Plugin.ProcessDebugFlag.vcxproj.filters
@@ -0,0 +1,27 @@
+
+
+
+
+ {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
+ cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
+
+
+ {93995380-89BD-4b04-88EB-625FBE52EBFB}
+ h;hpp;hxx;hm;inl;inc;xsd
+
+
+ {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
+ rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
+
+
+
+
+ Quelldateien
+
+
+
+
+ Headerdateien
+
+
+
\ No newline at end of file
diff --git a/DD.Plugin.ProcessDebugFlag/DD.Plugin.ProcessDebugFlag.vcxproj.user b/DD.Plugin.ProcessDebugFlag/DD.Plugin.ProcessDebugFlag.vcxproj.user
new file mode 100644
index 0000000..ace9a86
--- /dev/null
+++ b/DD.Plugin.ProcessDebugFlag/DD.Plugin.ProcessDebugFlag.vcxproj.user
@@ -0,0 +1,3 @@
+
+
+
\ No newline at end of file
diff --git a/DD.Plugin.ProcessDebugFlag/DLLMain.cpp b/DD.Plugin.ProcessDebugFlag/DLLMain.cpp
new file mode 100644
index 0000000..258652f
--- /dev/null
+++ b/DD.Plugin.ProcessDebugFlag/DLLMain.cpp
@@ -0,0 +1,45 @@
+#include "DLLMain.h"
+
+BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason,LPVOID lpvReserved)
+{
+ return true;
+}
+
+__declspec(dllexport) TCHAR* __cdecl PluginName(void)
+{
+ return L"ProcessDebugFlags";
+}
+
+__declspec(dllexport) TCHAR* __cdecl PluginVersion(void)
+{
+ return L"0.1";
+}
+
+__declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void)
+{
+ return sErrorMessage;
+}
+
+__declspec(dllexport) DWORD __cdecl PluginDebugCheck(void)
+{
+ typedef NTSTATUS (WINAPI *pNtQueryInformationProcess)(HANDLE ,UINT ,PVOID ,ULONG , PULONG);
+
+ DWORD NoDebugInherit = 0;
+ NTSTATUS Status;
+
+ pNtQueryInformationProcess NtQIP = (pNtQueryInformationProcess)GetProcAddress(GetModuleHandle(L"ntdll.dll"),"NtQueryInformationProcess");
+
+ Status = NtQIP(GetCurrentProcess(),0x1f,&NoDebugInherit,4,NULL);
+
+ if (Status != 0x00000000)
+ {
+ sErrorMessage = (TCHAR*)malloc(255);
+ wsprintf(sErrorMessage,L"0x%08",Status);
+ return -1;
+ }
+
+ if(NoDebugInherit == FALSE)
+ return 1;
+ else
+ return 0;
+}
\ No newline at end of file
diff --git a/DD.Plugin.ProcessDebugFlag/DLLMain.h b/DD.Plugin.ProcessDebugFlag/DLLMain.h
new file mode 100644
index 0000000..c79fc18
--- /dev/null
+++ b/DD.Plugin.ProcessDebugFlag/DLLMain.h
@@ -0,0 +1,16 @@
+#include
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+ __declspec(dllexport) TCHAR* __cdecl PluginName(void);
+ __declspec(dllexport) TCHAR* __cdecl PluginVersion(void);
+ __declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void);
+ __declspec(dllexport) DWORD __cdecl PluginDebugCheck(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+TCHAR* sErrorMessage;
\ No newline at end of file
diff --git a/DD.Plugin.UnhandledException/DD.Plugin.UnhandledException.vcxproj b/DD.Plugin.UnhandledException/DD.Plugin.UnhandledException.vcxproj
new file mode 100644
index 0000000..6def374
--- /dev/null
+++ b/DD.Plugin.UnhandledException/DD.Plugin.UnhandledException.vcxproj
@@ -0,0 +1,146 @@
+
+
+
+
+ Debug
+ Win32
+
+
+ Debug
+ x64
+
+
+ Release
+ Win32
+
+
+ Release
+ x64
+
+
+
+ {565AFF97-5D1F-43EB-A6CE-DA997EF70D50}
+ Win32Proj
+ DDPluginUnhandledException
+
+
+
+ DynamicLibrary
+ true
+ Unicode
+
+
+ DynamicLibrary
+ true
+ Unicode
+
+
+ DynamicLibrary
+ false
+ true
+ Unicode
+
+
+ DynamicLibrary
+ false
+ true
+ Unicode
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ true
+
+
+ true
+
+
+ false
+
+
+ false
+
+
+
+
+
+ Level3
+ Disabled
+ WIN32;_DEBUG;_WINDOWS;_USRDLL;DDPLUGINUNHANDLEDEXCEPTION_EXPORTS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+
+
+
+
+
+
+ Level3
+ Disabled
+ WIN32;_DEBUG;_WINDOWS;_USRDLL;DDPLUGINUNHANDLEDEXCEPTION_EXPORTS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+
+
+
+
+ Level3
+
+
+ Full
+ true
+ true
+ WIN32;NDEBUG;_WINDOWS;_USRDLL;DDPLUGINUNHANDLEDEXCEPTION_EXPORTS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+ true
+ true
+
+
+
+
+ Level3
+
+
+ MaxSpeed
+ true
+ true
+ WIN32;NDEBUG;_WINDOWS;_USRDLL;DDPLUGINUNHANDLEDEXCEPTION_EXPORTS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+ true
+ true
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/DD.Plugin.UnhandledException/DD.Plugin.UnhandledException.vcxproj.filters b/DD.Plugin.UnhandledException/DD.Plugin.UnhandledException.vcxproj.filters
new file mode 100644
index 0000000..4aa3883
--- /dev/null
+++ b/DD.Plugin.UnhandledException/DD.Plugin.UnhandledException.vcxproj.filters
@@ -0,0 +1,27 @@
+
+
+
+
+ {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
+ cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
+
+
+ {93995380-89BD-4b04-88EB-625FBE52EBFB}
+ h;hpp;hxx;hm;inl;inc;xsd
+
+
+ {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
+ rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
+
+
+
+
+ Quelldateien
+
+
+
+
+ Headerdateien
+
+
+
\ No newline at end of file
diff --git a/DD.Plugin.UnhandledException/DD.Plugin.UnhandledException.vcxproj.user b/DD.Plugin.UnhandledException/DD.Plugin.UnhandledException.vcxproj.user
new file mode 100644
index 0000000..ace9a86
--- /dev/null
+++ b/DD.Plugin.UnhandledException/DD.Plugin.UnhandledException.vcxproj.user
@@ -0,0 +1,3 @@
+
+
+
\ No newline at end of file
diff --git a/DD.Plugin.UnhandledException/DLLMain.cpp b/DD.Plugin.UnhandledException/DLLMain.cpp
new file mode 100644
index 0000000..ca4fc88
--- /dev/null
+++ b/DD.Plugin.UnhandledException/DLLMain.cpp
@@ -0,0 +1,42 @@
+#include "DLLMain.h"
+
+BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason,LPVOID lpvReserved)
+{
+ return true;
+}
+
+__declspec(dllexport) TCHAR* __cdecl PluginName(void)
+{
+ return L"Unhandled Exception";
+}
+
+__declspec(dllexport) TCHAR* __cdecl PluginVersion(void)
+{
+ return L"0.1";
+}
+
+__declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void)
+{
+ return sErrorMessage;
+}
+
+__declspec(dllexport) DWORD __cdecl PluginDebugCheck(void)
+{
+ SetUnhandledExceptionFilter(UnhandledExcepFilter);
+ __asm
+ {
+ xor eax, eax
+ div eax
+ }
+
+ return 0;
+}
+
+LONG WINAPI UnhandledExcepFilter(PEXCEPTION_POINTERS pExcepPointers)
+{
+ SetUnhandledExceptionFilter((LPTOP_LEVEL_EXCEPTION_FILTER)pExcepPointers->ContextRecord->Eax);
+
+ pExcepPointers->ContextRecord->Eip += 2;
+
+ return EXCEPTION_CONTINUE_EXECUTION;
+}
diff --git a/DD.Plugin.UnhandledException/DLLMain.h b/DD.Plugin.UnhandledException/DLLMain.h
new file mode 100644
index 0000000..1f4b36c
--- /dev/null
+++ b/DD.Plugin.UnhandledException/DLLMain.h
@@ -0,0 +1,18 @@
+#include
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+ __declspec(dllexport) TCHAR* __cdecl PluginName(void);
+ __declspec(dllexport) TCHAR* __cdecl PluginVersion(void);
+ __declspec(dllexport) TCHAR* __cdecl PluginErrorMessage(void);
+ __declspec(dllexport) DWORD __cdecl PluginDebugCheck(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+LONG WINAPI UnhandledExcepFilter(PEXCEPTION_POINTERS pExcepPointers);
+
+TCHAR* sErrorMessage;
\ No newline at end of file
diff --git a/DebugDetector.sln b/DebugDetector.sln
new file mode 100644
index 0000000..75dc315
--- /dev/null
+++ b/DebugDetector.sln
@@ -0,0 +1,185 @@
+
+Microsoft Visual Studio Solution File, Format Version 11.00
+# Visual Studio 2010
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "DebugDetector", "DebugDetector\DebugDetector.vcxproj", "{290D1AC8-C7F5-43F9-977F-E78B8FA59E5D}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "DD.Plugin.IsDebuggerPresent", "DD.Plugin.IsDebuggerPresent\DD.Plugin.IsDebuggerPresent.vcxproj", "{88549293-AA98-4E27-AA04-2696AAD141FB}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "DD.Plugin.CheckRemoteDebuggerPresent", "DD.Plugin.CheckRemoteDebuggerPresent\DD.Plugin.CheckRemoteDebuggerPresent.vcxproj", "{55C478DF-FC39-4BB5-A37C-EE81E4BBA12A}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "DD.Plugin.OutputDebugString", "DD.Plugin.OutputDebugString\DD.Plugin.OutputDebugString.vcxproj", "{7877EF61-890C-4190-B60B-369E1C703BB4}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "DD.Plugin.OpenCSRSS", "DD.Plugin.OpenCSRSS\DD.Plugin.OpenCSRSS.vcxproj", "{37FD77D1-5F5E-4132-A320-41D97D091F42}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "DD.Plugin.MemoryBreakpoint", "DD.Plugin.MemoryBreakpoint\DD.Plugin.MemoryBreakpoint.vcxproj", "{81A1BF40-3F97-43E2-B84A-6D787278900F}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "DD.Plugin.HardwareBreakpoint", "DD.Plugin.HardwareBreakpoint\DD.Plugin.HardwareBreakpoint.vcxproj", "{A2F953E5-622D-4302-A630-E4E4D5988C60}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "DD.Plugin.ProcessDebugFlag", "DD.Plugin.ProcessDebugFlag\DD.Plugin.ProcessDebugFlag.vcxproj", "{DE1B58DE-B1C1-41CC-8E00-DA072EAB1066}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "DD.Plugin.DebugObject", "DD.Plugin.DebugObject\DD.Plugin.DebugObject.vcxproj", "{3A3E2EE6-1EC5-4FB2-8009-CE4F1F0A5A6A}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "DD.Plugin.ParentProcess", "DD.Plugin.ParentProcess\DD.Plugin.ParentProcess.vcxproj", "{1B5C3EB4-63B2-4314-91FE-BC69537262A8}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "DD.Plugin.UnhandledException", "DD.Plugin.UnhandledException\DD.Plugin.UnhandledException.vcxproj", "{565AFF97-5D1F-43EB-A6CE-DA997EF70D50}"
+EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{A696071B-0766-46BC-94CE-929530321D6F}"
+ ProjectSection(SolutionItems) = preProject
+ ReadMe.txt = ReadMe.txt
+ EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "DD.Plugin.PEBDebugFlag", "DD.Plugin.PEBDebugFlag\DD.Plugin.PEBDebugFlag.vcxproj", "{35074703-DCA4-4085-8D5B-548E87B1A6B1}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "DD.Plugin.PEBGlobalFlags", "DD.Plugin.PEBGlobalFlags\DD.Plugin.PEBGlobalFlags.vcxproj", "{CD4B8AE6-D5A3-4336-B430-09BCEAF874FE}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "DD.Plugin.PEBProcHeapFlag", "DD.Plugin.PEBProcHeapFlag\DD.Plugin.PEBProcHeapFlag.vcxproj", "{B0370AE7-386D-46AF-AABB-34E5784944FA}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "DD.Plugin.FindBadProcesses", "DD.Plugin.FindBadProcesses\DD.Plugin.FindBadProcesses.vcxproj", "{FC1FB81C-8272-4B79-B807-1331335DFA0A}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "DD.Plugin.FindBadWindows", "DD.Plugin.FindBadWindows\DD.Plugin.FindBadWindows.vcxproj", "{83557B77-5625-49F4-B246-BD7BBDB78687}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "DD.Plugin.FindBadDrivers", "DD.Plugin.FindBadDrivers\DD.Plugin.FindBadDrivers.vcxproj", "{534F66C5-627F-4086-BD7D-D8BA55189E30}"
+EndProject
+Global
+ GlobalSection(SolutionConfigurationPlatforms) = preSolution
+ Debug|Win32 = Debug|Win32
+ Debug|x64 = Debug|x64
+ Release|Win32 = Release|Win32
+ Release|x64 = Release|x64
+ EndGlobalSection
+ GlobalSection(ProjectConfigurationPlatforms) = postSolution
+ {290D1AC8-C7F5-43F9-977F-E78B8FA59E5D}.Debug|Win32.ActiveCfg = Debug|Win32
+ {290D1AC8-C7F5-43F9-977F-E78B8FA59E5D}.Debug|Win32.Build.0 = Debug|Win32
+ {290D1AC8-C7F5-43F9-977F-E78B8FA59E5D}.Debug|x64.ActiveCfg = Debug|x64
+ {290D1AC8-C7F5-43F9-977F-E78B8FA59E5D}.Debug|x64.Build.0 = Debug|x64
+ {290D1AC8-C7F5-43F9-977F-E78B8FA59E5D}.Release|Win32.ActiveCfg = Release|Win32
+ {290D1AC8-C7F5-43F9-977F-E78B8FA59E5D}.Release|Win32.Build.0 = Release|Win32
+ {290D1AC8-C7F5-43F9-977F-E78B8FA59E5D}.Release|x64.ActiveCfg = Release|x64
+ {290D1AC8-C7F5-43F9-977F-E78B8FA59E5D}.Release|x64.Build.0 = Release|x64
+ {88549293-AA98-4E27-AA04-2696AAD141FB}.Debug|Win32.ActiveCfg = Debug|Win32
+ {88549293-AA98-4E27-AA04-2696AAD141FB}.Debug|Win32.Build.0 = Debug|Win32
+ {88549293-AA98-4E27-AA04-2696AAD141FB}.Debug|x64.ActiveCfg = Debug|x64
+ {88549293-AA98-4E27-AA04-2696AAD141FB}.Debug|x64.Build.0 = Debug|x64
+ {88549293-AA98-4E27-AA04-2696AAD141FB}.Release|Win32.ActiveCfg = Release|Win32
+ {88549293-AA98-4E27-AA04-2696AAD141FB}.Release|Win32.Build.0 = Release|Win32
+ {88549293-AA98-4E27-AA04-2696AAD141FB}.Release|x64.ActiveCfg = Release|x64
+ {88549293-AA98-4E27-AA04-2696AAD141FB}.Release|x64.Build.0 = Release|x64
+ {55C478DF-FC39-4BB5-A37C-EE81E4BBA12A}.Debug|Win32.ActiveCfg = Debug|Win32
+ {55C478DF-FC39-4BB5-A37C-EE81E4BBA12A}.Debug|Win32.Build.0 = Debug|Win32
+ {55C478DF-FC39-4BB5-A37C-EE81E4BBA12A}.Debug|x64.ActiveCfg = Debug|x64
+ {55C478DF-FC39-4BB5-A37C-EE81E4BBA12A}.Debug|x64.Build.0 = Debug|x64
+ {55C478DF-FC39-4BB5-A37C-EE81E4BBA12A}.Release|Win32.ActiveCfg = Release|Win32
+ {55C478DF-FC39-4BB5-A37C-EE81E4BBA12A}.Release|Win32.Build.0 = Release|Win32
+ {55C478DF-FC39-4BB5-A37C-EE81E4BBA12A}.Release|x64.ActiveCfg = Release|x64
+ {55C478DF-FC39-4BB5-A37C-EE81E4BBA12A}.Release|x64.Build.0 = Release|x64
+ {7877EF61-890C-4190-B60B-369E1C703BB4}.Debug|Win32.ActiveCfg = Debug|Win32
+ {7877EF61-890C-4190-B60B-369E1C703BB4}.Debug|Win32.Build.0 = Debug|Win32
+ {7877EF61-890C-4190-B60B-369E1C703BB4}.Debug|x64.ActiveCfg = Debug|x64
+ {7877EF61-890C-4190-B60B-369E1C703BB4}.Debug|x64.Build.0 = Debug|x64
+ {7877EF61-890C-4190-B60B-369E1C703BB4}.Release|Win32.ActiveCfg = Release|Win32
+ {7877EF61-890C-4190-B60B-369E1C703BB4}.Release|Win32.Build.0 = Release|Win32
+ {7877EF61-890C-4190-B60B-369E1C703BB4}.Release|x64.ActiveCfg = Release|x64
+ {7877EF61-890C-4190-B60B-369E1C703BB4}.Release|x64.Build.0 = Release|x64
+ {37FD77D1-5F5E-4132-A320-41D97D091F42}.Debug|Win32.ActiveCfg = Debug|Win32
+ {37FD77D1-5F5E-4132-A320-41D97D091F42}.Debug|Win32.Build.0 = Debug|Win32
+ {37FD77D1-5F5E-4132-A320-41D97D091F42}.Debug|x64.ActiveCfg = Debug|x64
+ {37FD77D1-5F5E-4132-A320-41D97D091F42}.Debug|x64.Build.0 = Debug|x64
+ {37FD77D1-5F5E-4132-A320-41D97D091F42}.Release|Win32.ActiveCfg = Release|Win32
+ {37FD77D1-5F5E-4132-A320-41D97D091F42}.Release|Win32.Build.0 = Release|Win32
+ {37FD77D1-5F5E-4132-A320-41D97D091F42}.Release|x64.ActiveCfg = Release|x64
+ {37FD77D1-5F5E-4132-A320-41D97D091F42}.Release|x64.Build.0 = Release|x64
+ {81A1BF40-3F97-43E2-B84A-6D787278900F}.Debug|Win32.ActiveCfg = Debug|Win32
+ {81A1BF40-3F97-43E2-B84A-6D787278900F}.Debug|Win32.Build.0 = Debug|Win32
+ {81A1BF40-3F97-43E2-B84A-6D787278900F}.Debug|x64.ActiveCfg = Debug|x64
+ {81A1BF40-3F97-43E2-B84A-6D787278900F}.Debug|x64.Build.0 = Debug|x64
+ {81A1BF40-3F97-43E2-B84A-6D787278900F}.Release|Win32.ActiveCfg = Release|Win32
+ {81A1BF40-3F97-43E2-B84A-6D787278900F}.Release|Win32.Build.0 = Release|Win32
+ {81A1BF40-3F97-43E2-B84A-6D787278900F}.Release|x64.ActiveCfg = Release|x64
+ {81A1BF40-3F97-43E2-B84A-6D787278900F}.Release|x64.Build.0 = Release|x64
+ {A2F953E5-622D-4302-A630-E4E4D5988C60}.Debug|Win32.ActiveCfg = Debug|Win32
+ {A2F953E5-622D-4302-A630-E4E4D5988C60}.Debug|Win32.Build.0 = Debug|Win32
+ {A2F953E5-622D-4302-A630-E4E4D5988C60}.Debug|x64.ActiveCfg = Debug|x64
+ {A2F953E5-622D-4302-A630-E4E4D5988C60}.Debug|x64.Build.0 = Debug|x64
+ {A2F953E5-622D-4302-A630-E4E4D5988C60}.Release|Win32.ActiveCfg = Release|Win32
+ {A2F953E5-622D-4302-A630-E4E4D5988C60}.Release|Win32.Build.0 = Release|Win32
+ {A2F953E5-622D-4302-A630-E4E4D5988C60}.Release|x64.ActiveCfg = Release|x64
+ {A2F953E5-622D-4302-A630-E4E4D5988C60}.Release|x64.Build.0 = Release|x64
+ {DE1B58DE-B1C1-41CC-8E00-DA072EAB1066}.Debug|Win32.ActiveCfg = Debug|Win32
+ {DE1B58DE-B1C1-41CC-8E00-DA072EAB1066}.Debug|Win32.Build.0 = Debug|Win32
+ {DE1B58DE-B1C1-41CC-8E00-DA072EAB1066}.Debug|x64.ActiveCfg = Debug|x64
+ {DE1B58DE-B1C1-41CC-8E00-DA072EAB1066}.Debug|x64.Build.0 = Debug|x64
+ {DE1B58DE-B1C1-41CC-8E00-DA072EAB1066}.Release|Win32.ActiveCfg = Release|Win32
+ {DE1B58DE-B1C1-41CC-8E00-DA072EAB1066}.Release|Win32.Build.0 = Release|Win32
+ {DE1B58DE-B1C1-41CC-8E00-DA072EAB1066}.Release|x64.ActiveCfg = Release|x64
+ {DE1B58DE-B1C1-41CC-8E00-DA072EAB1066}.Release|x64.Build.0 = Release|x64
+ {3A3E2EE6-1EC5-4FB2-8009-CE4F1F0A5A6A}.Debug|Win32.ActiveCfg = Debug|Win32
+ {3A3E2EE6-1EC5-4FB2-8009-CE4F1F0A5A6A}.Debug|Win32.Build.0 = Debug|Win32
+ {3A3E2EE6-1EC5-4FB2-8009-CE4F1F0A5A6A}.Debug|x64.ActiveCfg = Debug|x64
+ {3A3E2EE6-1EC5-4FB2-8009-CE4F1F0A5A6A}.Debug|x64.Build.0 = Debug|x64
+ {3A3E2EE6-1EC5-4FB2-8009-CE4F1F0A5A6A}.Release|Win32.ActiveCfg = Release|Win32
+ {3A3E2EE6-1EC5-4FB2-8009-CE4F1F0A5A6A}.Release|Win32.Build.0 = Release|Win32
+ {3A3E2EE6-1EC5-4FB2-8009-CE4F1F0A5A6A}.Release|x64.ActiveCfg = Release|x64
+ {3A3E2EE6-1EC5-4FB2-8009-CE4F1F0A5A6A}.Release|x64.Build.0 = Release|x64
+ {1B5C3EB4-63B2-4314-91FE-BC69537262A8}.Debug|Win32.ActiveCfg = Debug|Win32
+ {1B5C3EB4-63B2-4314-91FE-BC69537262A8}.Debug|Win32.Build.0 = Debug|Win32
+ {1B5C3EB4-63B2-4314-91FE-BC69537262A8}.Debug|x64.ActiveCfg = Debug|x64
+ {1B5C3EB4-63B2-4314-91FE-BC69537262A8}.Debug|x64.Build.0 = Debug|x64
+ {1B5C3EB4-63B2-4314-91FE-BC69537262A8}.Release|Win32.ActiveCfg = Release|Win32
+ {1B5C3EB4-63B2-4314-91FE-BC69537262A8}.Release|Win32.Build.0 = Release|Win32
+ {1B5C3EB4-63B2-4314-91FE-BC69537262A8}.Release|x64.ActiveCfg = Release|x64
+ {1B5C3EB4-63B2-4314-91FE-BC69537262A8}.Release|x64.Build.0 = Release|x64
+ {565AFF97-5D1F-43EB-A6CE-DA997EF70D50}.Debug|Win32.ActiveCfg = Debug|Win32
+ {565AFF97-5D1F-43EB-A6CE-DA997EF70D50}.Debug|Win32.Build.0 = Debug|Win32
+ {565AFF97-5D1F-43EB-A6CE-DA997EF70D50}.Debug|x64.ActiveCfg = Debug|x64
+ {565AFF97-5D1F-43EB-A6CE-DA997EF70D50}.Debug|x64.Build.0 = Debug|x64
+ {565AFF97-5D1F-43EB-A6CE-DA997EF70D50}.Release|Win32.ActiveCfg = Release|Win32
+ {565AFF97-5D1F-43EB-A6CE-DA997EF70D50}.Release|Win32.Build.0 = Release|Win32
+ {565AFF97-5D1F-43EB-A6CE-DA997EF70D50}.Release|x64.ActiveCfg = Release|x64
+ {565AFF97-5D1F-43EB-A6CE-DA997EF70D50}.Release|x64.Build.0 = Release|x64
+ {35074703-DCA4-4085-8D5B-548E87B1A6B1}.Debug|Win32.ActiveCfg = Debug|Win32
+ {35074703-DCA4-4085-8D5B-548E87B1A6B1}.Debug|Win32.Build.0 = Debug|Win32
+ {35074703-DCA4-4085-8D5B-548E87B1A6B1}.Debug|x64.ActiveCfg = Debug|x64
+ {35074703-DCA4-4085-8D5B-548E87B1A6B1}.Debug|x64.Build.0 = Debug|x64
+ {35074703-DCA4-4085-8D5B-548E87B1A6B1}.Release|Win32.ActiveCfg = Release|Win32
+ {35074703-DCA4-4085-8D5B-548E87B1A6B1}.Release|Win32.Build.0 = Release|Win32
+ {35074703-DCA4-4085-8D5B-548E87B1A6B1}.Release|x64.ActiveCfg = Release|x64
+ {35074703-DCA4-4085-8D5B-548E87B1A6B1}.Release|x64.Build.0 = Release|x64
+ {CD4B8AE6-D5A3-4336-B430-09BCEAF874FE}.Debug|Win32.ActiveCfg = Debug|Win32
+ {CD4B8AE6-D5A3-4336-B430-09BCEAF874FE}.Debug|Win32.Build.0 = Debug|Win32
+ {CD4B8AE6-D5A3-4336-B430-09BCEAF874FE}.Debug|x64.ActiveCfg = Debug|x64
+ {CD4B8AE6-D5A3-4336-B430-09BCEAF874FE}.Debug|x64.Build.0 = Debug|x64
+ {CD4B8AE6-D5A3-4336-B430-09BCEAF874FE}.Release|Win32.ActiveCfg = Release|Win32
+ {CD4B8AE6-D5A3-4336-B430-09BCEAF874FE}.Release|Win32.Build.0 = Release|Win32
+ {CD4B8AE6-D5A3-4336-B430-09BCEAF874FE}.Release|x64.ActiveCfg = Release|x64
+ {CD4B8AE6-D5A3-4336-B430-09BCEAF874FE}.Release|x64.Build.0 = Release|x64
+ {B0370AE7-386D-46AF-AABB-34E5784944FA}.Debug|Win32.ActiveCfg = Debug|Win32
+ {B0370AE7-386D-46AF-AABB-34E5784944FA}.Debug|Win32.Build.0 = Debug|Win32
+ {B0370AE7-386D-46AF-AABB-34E5784944FA}.Debug|x64.ActiveCfg = Debug|x64
+ {B0370AE7-386D-46AF-AABB-34E5784944FA}.Debug|x64.Build.0 = Debug|x64
+ {B0370AE7-386D-46AF-AABB-34E5784944FA}.Release|Win32.ActiveCfg = Release|Win32
+ {B0370AE7-386D-46AF-AABB-34E5784944FA}.Release|Win32.Build.0 = Release|Win32
+ {B0370AE7-386D-46AF-AABB-34E5784944FA}.Release|x64.ActiveCfg = Release|x64
+ {B0370AE7-386D-46AF-AABB-34E5784944FA}.Release|x64.Build.0 = Release|x64
+ {FC1FB81C-8272-4B79-B807-1331335DFA0A}.Debug|Win32.ActiveCfg = Debug|Win32
+ {FC1FB81C-8272-4B79-B807-1331335DFA0A}.Debug|Win32.Build.0 = Debug|Win32
+ {FC1FB81C-8272-4B79-B807-1331335DFA0A}.Debug|x64.ActiveCfg = Debug|Win32
+ {FC1FB81C-8272-4B79-B807-1331335DFA0A}.Release|Win32.ActiveCfg = Release|Win32
+ {FC1FB81C-8272-4B79-B807-1331335DFA0A}.Release|Win32.Build.0 = Release|Win32
+ {FC1FB81C-8272-4B79-B807-1331335DFA0A}.Release|x64.ActiveCfg = Release|Win32
+ {83557B77-5625-49F4-B246-BD7BBDB78687}.Debug|Win32.ActiveCfg = Debug|Win32
+ {83557B77-5625-49F4-B246-BD7BBDB78687}.Debug|Win32.Build.0 = Debug|Win32
+ {83557B77-5625-49F4-B246-BD7BBDB78687}.Debug|x64.ActiveCfg = Debug|Win32
+ {83557B77-5625-49F4-B246-BD7BBDB78687}.Release|Win32.ActiveCfg = Release|Win32
+ {83557B77-5625-49F4-B246-BD7BBDB78687}.Release|Win32.Build.0 = Release|Win32
+ {83557B77-5625-49F4-B246-BD7BBDB78687}.Release|x64.ActiveCfg = Release|Win32
+ {534F66C5-627F-4086-BD7D-D8BA55189E30}.Debug|Win32.ActiveCfg = Debug|Win32
+ {534F66C5-627F-4086-BD7D-D8BA55189E30}.Debug|Win32.Build.0 = Debug|Win32
+ {534F66C5-627F-4086-BD7D-D8BA55189E30}.Debug|x64.ActiveCfg = Debug|Win32
+ {534F66C5-627F-4086-BD7D-D8BA55189E30}.Release|Win32.ActiveCfg = Release|Win32
+ {534F66C5-627F-4086-BD7D-D8BA55189E30}.Release|Win32.Build.0 = Release|Win32
+ {534F66C5-627F-4086-BD7D-D8BA55189E30}.Release|x64.ActiveCfg = Release|Win32
+ EndGlobalSection
+ GlobalSection(SolutionProperties) = preSolution
+ HideSolutionNode = FALSE
+ EndGlobalSection
+EndGlobal
diff --git a/DebugDetector.suo b/DebugDetector.suo
new file mode 100644
index 0000000..74bfb86
Binary files /dev/null and b/DebugDetector.suo differ
diff --git a/DebugDetector/DDMain.cpp b/DebugDetector/DDMain.cpp
new file mode 100644
index 0000000..24d6ae4
--- /dev/null
+++ b/DebugDetector/DDMain.cpp
@@ -0,0 +1,162 @@
+#include "DDMain.h"
+
+INT WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance,LPSTR lpCmdLine, int nCmdShow)
+{
+ DialogBox(hInstance,MAKEINTRESOURCE(IDD_MAINFRAME),NULL,reinterpret_cast(MainDLGProc));
+ return false;
+}
+
+LRESULT CALLBACK MainDLGProc(HWND hWndDlg, UINT Msg, WPARAM wParam, LPARAM lParam)
+{
+ hwDlgMainFrame = hWndDlg;
+ switch(Msg)
+ {
+ case WM_INITDIALOG:
+ {
+ LVCOLUMN LvCol;
+ HWND hwPluginList = GetDlgItem(hwDlgMainFrame,IDC_PLUGINS);
+ SendMessage(hwPluginList,LVM_SETEXTENDEDLISTVIEWSTYLE,0,LVS_EX_FULLROWSELECT | LVS_EX_GRIDLINES);
+
+ memset(&LvCol,0,sizeof(LvCol));
+ LvCol.mask=LVCF_TEXT|LVCF_WIDTH|LVCF_SUBITEM;
+ LvCol.pszText = L"Name";
+ LvCol.cx = 0x100;
+ SendMessage(hwPluginList,LVM_INSERTCOLUMN,0,(LPARAM)&LvCol);
+ LvCol.pszText = L"Version";
+ LvCol.cx = 0x30;
+ SendMessage(hwPluginList,LVM_INSERTCOLUMN,1,(LPARAM)&LvCol);
+ LvCol.pszText = L"Debugged";
+ LvCol.cx = 0x40;
+ SendMessage(hwPluginList,LVM_INSERTCOLUMN,2,(LPARAM)&LvCol);
+ LvCol.pszText = L"ErrorMessage";
+ LvCol.cx = 0x80;
+ SendMessage(hwPluginList,LVM_INSERTCOLUMN,3,(LPARAM)&LvCol);
+
+ if(!LoadPlugins())
+ {
+ MessageBox(hwDlgMainFrame,L"No Plugins found!",L"Debug Detector",MB_OK);
+ EndDialog(hwDlgMainFrame,0);
+ }
+ else
+ {
+ ExecutePlugins();
+ TCHAR* sTemp = (TCHAR*)malloc(255);
+ swprintf(sTemp,L"DebugCheck: loaded %d Plugins! - %d of %d detections - ratio: %0.2f %%",
+ vPluginList.size(),
+ iDetectNum,
+ vPluginList.size(),
+ ((iDetectNum* 1.0 / vPluginList.size() * 1.0) * 100));
+
+ SetWindowTextW(GetDlgItem(hwDlgMainFrame,IDC_STATE),sTemp);
+ free(sTemp);
+ }
+ return true;
+ }
+ case WM_CLOSE:
+ {
+ EndDialog(hwDlgMainFrame,0);
+ return true;
+ }
+ }
+ return false;
+}
+
+bool LoadPlugins()
+{
+ WIN32_FIND_DATA FindDataw32;
+ HANDLE hFind = INVALID_HANDLE_VALUE;
+
+ TCHAR* szCurDir = (TCHAR*)malloc(MAX_PATH);
+ GetCurrentDirectory(MAX_PATH,szCurDir);
+ wcscat(szCurDir,L"\\*");
+
+ hFind = FindFirstFile(szCurDir,&FindDataw32);
+
+ if (INVALID_HANDLE_VALUE == hFind)
+ return false;
+
+ do
+ {
+ if (!(FindDataw32.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY))
+ {
+ if(wcsstr(FindDataw32.cFileName,L".dll") != NULL)
+ {
+ HMODULE hPlugin = LoadLibrary(FindDataw32.cFileName);
+
+ if(hPlugin != NULL)
+ {
+ srcPlugin newPlugin;
+ newPlugin.dwVersion = (DWORD)GetProcAddress(hPlugin,"PluginVersion");
+ newPlugin.dwName = (DWORD)GetProcAddress(hPlugin,"PluginName");
+ newPlugin.dwDebugCheck = (DWORD)GetProcAddress(hPlugin,"PluginDebugCheck");
+ newPlugin.dwErrorMessage = (DWORD)GetProcAddress(hPlugin,"PluginErrorMessage");
+ newPlugin.hPlugin = hPlugin;
+
+ if(newPlugin.dwDebugCheck != NULL && newPlugin.dwName != NULL && newPlugin.dwVersion != NULL && newPlugin.dwErrorMessage != NULL)
+ vPluginList.push_back(newPlugin);
+ else
+ FreeLibrary(hPlugin);
+ }
+ }
+ }
+ }
+ while (FindNextFile(hFind,&FindDataw32) != 0);
+
+ free(szCurDir);
+ if(vPluginList.size() > 0)
+ return true;
+ else
+ return false;
+}
+
+bool ExecutePlugins()
+{
+ for(int i = 0; i < vPluginList.size(); i++)
+ {
+ PluginName newPluginName = (PluginName)vPluginList[i].dwName;
+ PluginVersion newPluginVersion = (PluginVersion)vPluginList[i].dwVersion;
+ PluginDebugCheck newPluginDebugCheck = (PluginDebugCheck)vPluginList[i].dwDebugCheck;
+ PluginErrorMessage newPluginErrorMessage = (PluginErrorMessage)vPluginList[i].dwErrorMessage;
+
+ LVITEM LvItem;
+ TCHAR* sTemp = (TCHAR*)malloc(255);
+ HWND hwPluginList = GetDlgItem(hwDlgMainFrame,IDC_PLUGINS);
+ int itemIndex = SendMessage(hwPluginList,LVM_GETITEMCOUNT,0,0);
+
+ memset(&LvItem,0,sizeof(LvItem));
+ wsprintf(sTemp,L"%s",newPluginName());
+ LvItem.mask = LVIF_TEXT;
+ LvItem.cchTextMax = 255;
+ LvItem.iItem = itemIndex;
+ LvItem.iSubItem = 0;
+ LvItem.pszText = sTemp;
+ SendMessage(hwPluginList,LVM_INSERTITEM,0,(LPARAM)&LvItem);
+
+ wsprintf(sTemp,L"%s",newPluginVersion());
+ LvItem.iSubItem = 1;
+ SendMessage(hwPluginList,LVM_SETITEM,0,(LPARAM)&LvItem);
+
+ memset(sTemp,0,255);
+ switch(newPluginDebugCheck())
+ {
+ case 0:
+ wsprintf(sTemp,L"%s",L"FALSE");
+ break;
+ case 1:
+ wsprintf(sTemp,L"%s",L"TRUE");
+ iDetectNum++;
+ break;
+ case -1:
+ wsprintf(sTemp,L"%s",newPluginErrorMessage());
+ LvItem.iSubItem = 3;
+ SendMessage(hwPluginList,LVM_SETITEM,0,(LPARAM)&LvItem);
+ break;
+ }
+
+ LvItem.iSubItem = 2;
+ SendMessage(hwPluginList,LVM_SETITEM,0,(LPARAM)&LvItem);
+
+ free(sTemp);
+ }
+ return true;
+}
\ No newline at end of file
diff --git a/DebugDetector/DDMain.h b/DebugDetector/DDMain.h
new file mode 100644
index 0000000..fb078c5
--- /dev/null
+++ b/DebugDetector/DDMain.h
@@ -0,0 +1,33 @@
+#include
+#include
+#include
+#include
+#include "resource.h"
+
+using namespace std;
+
+struct srcPlugin
+{
+ DWORD dwName;
+ DWORD dwVersion;
+ DWORD dwDebugCheck;
+ DWORD dwErrorMessage;
+ HMODULE hPlugin;
+};
+
+LRESULT CALLBACK MainDLGProc(HWND hWndDlg, UINT Msg, WPARAM wParam, LPARAM lParam);
+
+bool LoadPlugins();
+bool ExecutePlugins();
+
+typedef TCHAR* (*PluginVersion)(void);
+typedef TCHAR* (*PluginName)(void);
+typedef TCHAR* (*PluginErrorMessage)(void);
+typedef bool (*PluginDebugCheck)(void);
+
+
+HWND hwDlgMainFrame = NULL;
+
+int iDetectNum = 0;
+
+vector vPluginList;
\ No newline at end of file
diff --git a/DebugDetector/DebugDetector.aps b/DebugDetector/DebugDetector.aps
new file mode 100644
index 0000000..a48e029
Binary files /dev/null and b/DebugDetector/DebugDetector.aps differ
diff --git a/DebugDetector/DebugDetector.rc b/DebugDetector/DebugDetector.rc
new file mode 100644
index 0000000..7a9e16a
Binary files /dev/null and b/DebugDetector/DebugDetector.rc differ
diff --git a/DebugDetector/DebugDetector.vcxproj b/DebugDetector/DebugDetector.vcxproj
new file mode 100644
index 0000000..a0a58ff
--- /dev/null
+++ b/DebugDetector/DebugDetector.vcxproj
@@ -0,0 +1,150 @@
+
+
+
+
+ Debug
+ Win32
+
+
+ Debug
+ x64
+
+
+ Release
+ Win32
+
+
+ Release
+ x64
+
+
+
+ {290D1AC8-C7F5-43F9-977F-E78B8FA59E5D}
+ Win32Proj
+ DebugDetector
+
+
+
+ Application
+ true
+ Unicode
+
+
+ Application
+ true
+ Unicode
+
+
+ Application
+ false
+ true
+ Unicode
+
+
+ Application
+ false
+ true
+ Unicode
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ true
+
+
+ true
+
+
+ false
+
+
+ false
+
+
+
+
+
+ Level3
+ Disabled
+ WIN32;_DEBUG;_WINDOWS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+
+
+
+
+
+
+ Level3
+ Disabled
+ WIN32;_DEBUG;_WINDOWS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+
+
+
+
+ Level3
+
+
+ Full
+ true
+ true
+ WIN32;NDEBUG;_WINDOWS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+ true
+ true
+
+
+
+
+ Level3
+
+
+ MaxSpeed
+ true
+ true
+ WIN32;NDEBUG;_WINDOWS;%(PreprocessorDefinitions)
+
+
+ Windows
+ true
+ true
+ true
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/DebugDetector/DebugDetector.vcxproj.filters b/DebugDetector/DebugDetector.vcxproj.filters
new file mode 100644
index 0000000..1b8bf49
--- /dev/null
+++ b/DebugDetector/DebugDetector.vcxproj.filters
@@ -0,0 +1,35 @@
+
+
+
+
+ {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
+ cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
+
+
+ {93995380-89BD-4b04-88EB-625FBE52EBFB}
+ h;hpp;hxx;hm;inl;inc;xsd
+
+
+ {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
+ rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
+
+
+
+
+ Quelldateien
+
+
+
+
+ Headerdateien
+
+
+ Headerdateien
+
+
+
+
+ Ressourcendateien
+
+
+
\ No newline at end of file
diff --git a/DebugDetector/DebugDetector.vcxproj.user b/DebugDetector/DebugDetector.vcxproj.user
new file mode 100644
index 0000000..ace9a86
--- /dev/null
+++ b/DebugDetector/DebugDetector.vcxproj.user
@@ -0,0 +1,3 @@
+
+
+
\ No newline at end of file
diff --git a/DebugDetector/resource.h b/DebugDetector/resource.h
new file mode 100644
index 0000000..45f0d37
Binary files /dev/null and b/DebugDetector/resource.h differ
diff --git a/ReadMe.txt b/ReadMe.txt
new file mode 100644
index 0000000..7f5347c
--- /dev/null
+++ b/ReadMe.txt
@@ -0,0 +1,75 @@
+Name : DD - DebugDetector
+Version : 0.1
+Coded by : Zer0Flag
+Coded in : C++ / inline asm
+Date : 08.07.2012
+
+Notes : - This tool should help to test if your debugger is invisible against the targets
+ Maybe some can learn something about the anti debug techniques while browsing the source
+ Ofcourse the most things are easy to bypass but you should see what you need to fix in your debugger
+
+ - If you have some ideas, other techniques (no time related things currently) or other suggestions than
+ feel free to contact me!
+
+Contact : zer0fl4g@gmail.com
+ irc.rizion.net / irc.freenode.de / irc.seilen.de
+
+Ideas &
+Techniques &
+collected Links : http://www.codeproject.com/Articles/30815/An-Anti-Reverse-Engineering-Guide
+ http://www.veracode.com/images/pdf/whitepaper_antidebugging.pdf
+ http://spareclockcycles.org/2012/02/14/stack-necromancy-defeating-debuggers-by-raising-the-dead/
+ http://www.symantec.com/connect/articles/windows-anti-debug-reference
+ http://tuts4you.com/download.php?view.3260
+
+Legend : + = done;
+ * = fix it;
+ - = not done yet;
+ ! = optional;
+ -- = comment;
+
+ToDo : - Add more Plugins
+ - Add color incase of debug detection
+
+Features : + Plugin Interface
+ + simple to use
+ + error messages
+ + Show percentage of detection
+ ! x64 support (inline asm needs to be ported to C++ cause visualstudio doesn´t support inline asm in x64 mode
+ the other modules should work more or less)
+ + 16 Plugins
+ + DebugObject
+ -- Using NtQueryInformationProcess to see if there are Debugging Objects for our process
+ + CheckRemoteDebuggerPresent
+ -- simple api which checks if a debugger is present
+ + HardwareBreakpoint
+ -- checking the current thread for breakpoints in CONTEXT.dr0 - .dr3
+ + IsDebuggerPresent
+ -- simple api which checks if a debugger is present
+ + MemoryBreakpoint
+ -- places a page guard and in case there is no exception we know that we are debugged
+ + OpenCSRSS (doesn´t work anymore ?)
+ -- Opens a handle for csrss , should not be able to without DebuggingFlag
+ + OutputDebugString
+ -- if eax == 1 we are in normal mode. else offset of string is found in eax
+ + ParentProcess
+ -- normaly we run with explorer.exe as parent
+ + ProcessDebugFlags
+ -- uses NtQueryInformationProcess to check if our process has debugflags
+ + Unhandled Exception
+ -- raises a division by 0 exception and in case we are not debugged everything wents
+ good since we capture the exception
+ ! add few more exceptions
+ + PEB.BeingDebugged
+ -- Checks the Process Enviroment Block if the debugbit is set
+ + PEB.GlobalFlags
+ -- checks if flag is set in PEB (FLG_HEAP_ENABLE_TAIL_CHECK && FLG_HEAP_ENABLE_FREE_CHECK &&
+ FLG_HEAP_VALIDATE_PARAMETERS)
+ + PEB.ProcHeapFlag
+ -- checks if the ForceFlag is set in the PEB
+ + FindBadProcesses
+ -- enums the process list and checks if given processes are running
+ + FindBadWindows
+ -- enums the window list and checks if given windows are found
+ + FindBadDrivers
+ -- enums the driver list and checks if given drivers are found
\ No newline at end of file
diff --git a/Release/DD.Plugin.CheckRemoteDebuggerPresent.dll b/Release/DD.Plugin.CheckRemoteDebuggerPresent.dll
new file mode 100644
index 0000000..7325552
Binary files /dev/null and b/Release/DD.Plugin.CheckRemoteDebuggerPresent.dll differ
diff --git a/Release/DD.Plugin.DebugObject.dll b/Release/DD.Plugin.DebugObject.dll
new file mode 100644
index 0000000..b2813e4
Binary files /dev/null and b/Release/DD.Plugin.DebugObject.dll differ
diff --git a/Release/DD.Plugin.FindBadDrivers.dll b/Release/DD.Plugin.FindBadDrivers.dll
new file mode 100644
index 0000000..23dae31
Binary files /dev/null and b/Release/DD.Plugin.FindBadDrivers.dll differ
diff --git a/Release/DD.Plugin.FindBadProcesses.dll b/Release/DD.Plugin.FindBadProcesses.dll
new file mode 100644
index 0000000..d2af043
Binary files /dev/null and b/Release/DD.Plugin.FindBadProcesses.dll differ
diff --git a/Release/DD.Plugin.FindBadWindows.dll b/Release/DD.Plugin.FindBadWindows.dll
new file mode 100644
index 0000000..bff62ce
Binary files /dev/null and b/Release/DD.Plugin.FindBadWindows.dll differ
diff --git a/Release/DD.Plugin.HardwareBreakpoint.dll b/Release/DD.Plugin.HardwareBreakpoint.dll
new file mode 100644
index 0000000..a4e84a1
Binary files /dev/null and b/Release/DD.Plugin.HardwareBreakpoint.dll differ
diff --git a/Release/DD.Plugin.IsDebuggerPresent.dll b/Release/DD.Plugin.IsDebuggerPresent.dll
new file mode 100644
index 0000000..b40b458
Binary files /dev/null and b/Release/DD.Plugin.IsDebuggerPresent.dll differ
diff --git a/Release/DD.Plugin.MemoryBreakpoint.dll b/Release/DD.Plugin.MemoryBreakpoint.dll
new file mode 100644
index 0000000..9b6e90d
Binary files /dev/null and b/Release/DD.Plugin.MemoryBreakpoint.dll differ
diff --git a/Release/DD.Plugin.OpenCSRSS.dll b/Release/DD.Plugin.OpenCSRSS.dll
new file mode 100644
index 0000000..ce8baf1
Binary files /dev/null and b/Release/DD.Plugin.OpenCSRSS.dll differ
diff --git a/Release/DD.Plugin.OutputDebugString.dll b/Release/DD.Plugin.OutputDebugString.dll
new file mode 100644
index 0000000..2127955
Binary files /dev/null and b/Release/DD.Plugin.OutputDebugString.dll differ
diff --git a/Release/DD.Plugin.PEBDebugFlag.dll b/Release/DD.Plugin.PEBDebugFlag.dll
new file mode 100644
index 0000000..a754c43
Binary files /dev/null and b/Release/DD.Plugin.PEBDebugFlag.dll differ
diff --git a/Release/DD.Plugin.PEBGlobalFlags.dll b/Release/DD.Plugin.PEBGlobalFlags.dll
new file mode 100644
index 0000000..4ba67a2
Binary files /dev/null and b/Release/DD.Plugin.PEBGlobalFlags.dll differ
diff --git a/Release/DD.Plugin.PEBProcHeapFlag.dll b/Release/DD.Plugin.PEBProcHeapFlag.dll
new file mode 100644
index 0000000..9f4cd04
Binary files /dev/null and b/Release/DD.Plugin.PEBProcHeapFlag.dll differ
diff --git a/Release/DD.Plugin.ParentProcess.dll b/Release/DD.Plugin.ParentProcess.dll
new file mode 100644
index 0000000..83b08fe
Binary files /dev/null and b/Release/DD.Plugin.ParentProcess.dll differ
diff --git a/Release/DD.Plugin.ProcessDebugFlag.dll b/Release/DD.Plugin.ProcessDebugFlag.dll
new file mode 100644
index 0000000..b36e6d7
Binary files /dev/null and b/Release/DD.Plugin.ProcessDebugFlag.dll differ
diff --git a/Release/DD.Plugin.UnhandledException.dll b/Release/DD.Plugin.UnhandledException.dll
new file mode 100644
index 0000000..5b8eaa9
Binary files /dev/null and b/Release/DD.Plugin.UnhandledException.dll differ
diff --git a/Release/DebugDetector.exe b/Release/DebugDetector.exe
new file mode 100644
index 0000000..1c22ba4
Binary files /dev/null and b/Release/DebugDetector.exe differ