private static void StartScyllaDide(int proccessId, DbgManager dbgManager, DbgMessageEventArgs mesage)
{
switch (mesage.Kind)
{
case DbgMessageKind.ProcessCreated:
string currentDirectory = System.Environment.CurrentDirectory;
ScyllaHideInit(currentDirectory);
MyLogger.Instance.WriteLine(TextColor.Red, $"InitScyllaHide");
DbgMessageProcessCreatedEventArgs processCreated = (DbgMessageProcessCreatedEventArgs)mesage;
ScyllaHideDebugLoop(1, (int)proccessId, true, false);
ScyllaHideDebugLoop(3, (int)proccessId);
MyLogger.Instance.WriteLine(TextColor.Red, $"PointerSize = {processCreated.Process.PointerSize}");
break;
case DbgMessageKind.ModuleLoaded:
DbgMessageModuleLoadedEventArgs moduleLoaded = (DbgMessageModuleLoadedEventArgs)mesage;
string filename = moduleLoaded.Module.Filename;
if (filename.Contains(".dll"))
{
bool IsNtDLL = filename.Contains("ntdll.dll");
ScyllaHideDebugLoop(2, (int)proccessId, false, IsNtDLL);
MyLogger.Instance.WriteLine(TextColor.Red, $"Scylla Hide dll loaded ");
}
break;
case DbgMessageKind.BoundBreakpoint:
ScyllaHideDebugLoop(3, (int)proccessId);
MyLogger.Instance.WriteLine(TextColor.Red, $"Scylla Hide Breakpoint");
break;
default:
ScyllaHideDebugLoop(0, (int)proccessId);
MyLogger.Instance.WriteLine(TextColor.Red, $"Scylla Hide otherDebug message");
break;
}
}
private static void MessageFromDbg(DbgManager dbgManager, DbgMessageEventArgs message)
{
MyLogger.Instance.WriteLine($"We have message type {message.Kind.ToString()}");
if (message.Kind == DbgMessageKind.ModuleLoaded)
{
DbgMessageModuleLoadedEventArgs moduleLoaded = (DbgMessageModuleLoadedEventArgs)message;
MyLogger.Instance.WriteLine($"ModuleLoaded: {moduleLoaded.Module.Filename}");
}
if (!Instance.ProgrammSettings.IsEnabledOption)
{
return;
}
if (dbgManager.Processes.Length > 0)
{
for (int i = 0; i < dbgManager.Processes.Length; i++)
{
int pid = dbgManager.Processes[i].Id;
StartScyllaDide(pid, dbgManager, message);
MyLogger.Instance.WriteLine(TextColor.Red, $"PointerSize = {dbgManager.Processes[i].PointerSize}");
}
}
}
