static void Main(string[] args)
{
AppDomain.CurrentDomain.ProcessExit += AppDomain_ProcessExit;
using (var textWriter = new StreamWriter(@"D:\test.txt"))
{
foreach (var arg in args)
{
textWriter.WriteLine(arg);
}
}
try
{
if (args[0] == "-p")
{
_process = NtProcess.Open(int.Parse(args[1]), ProcessAccessRights.MaximumAllowed);
_waitHandle = new IntPtr(long.Parse(args[3]));
}
else
{
var config = new NtProcessCreateConfig();
config.InitFlags |= ProcessCreateInitFlag.IFEOSkipDebugger;
config.ThreadFlags |= ThreadCreateFlags.Suspended;
var path = NtFileUtils.DosFileNameToNt(args[0]);
config.ConfigImagePath = path;
var result = NtProcess.Create(config);
_process = result.Process;
_thread = result.Thread;
}
while (true)
{
bool beingDebugged;
if (_process.Wow64)
{
PartialPeb32 peb = (PartialPeb32)_process.GetPeb();
beingDebugged = peb.BeingDebugged == 1;
}
else
{
PartialPeb peb = (PartialPeb)_process.GetPeb();
beingDebugged = peb.BeingDebugged == 1;
}
if (beingDebugged)
{
break;
}
Thread.Sleep(100);
}
if (_thread != null)
{
_thread.Resume();
}
if (_waitHandle != IntPtr.Zero)
{
SetEvent(_waitHandle);
}
}
finally
{
cleanUp(false);
}
}
