private static void StartScyllaDide(int proccessId, DbgManager dbgManager, DbgMessageEventArgs mesage)
{
switch (mesage.Kind)
{
case DbgMessageKind.ProcessCreated:
string currentDirectory = System.Environment.CurrentDirectory;
ScyllaHideInit(currentDirectory);
MyLogger.Instance.WriteLine(TextColor.Red, $"InitScyllaHide");
DbgMessageProcessCreatedEventArgs processCreated = (DbgMessageProcessCreatedEventArgs)mesage;
ScyllaHideDebugLoop(1, (int)proccessId, true, false);
ScyllaHideDebugLoop(3, (int)proccessId);
MyLogger.Instance.WriteLine(TextColor.Red, $"PointerSize = {processCreated.Process.PointerSize}");
break;
case DbgMessageKind.ModuleLoaded:
DbgMessageModuleLoadedEventArgs moduleLoaded = (DbgMessageModuleLoadedEventArgs)mesage;
string filename = moduleLoaded.Module.Filename;
if (filename.Contains(".dll"))
{
bool IsNtDLL = filename.Contains("ntdll.dll");
ScyllaHideDebugLoop(2, (int)proccessId, false, IsNtDLL);
MyLogger.Instance.WriteLine(TextColor.Red, $"Scylla Hide dll loaded ");
}
break;
case DbgMessageKind.BoundBreakpoint:
ScyllaHideDebugLoop(3, (int)proccessId);
MyLogger.Instance.WriteLine(TextColor.Red, $"Scylla Hide Breakpoint");
break;
default:
ScyllaHideDebugLoop(0, (int)proccessId);
MyLogger.Instance.WriteLine(TextColor.Red, $"Scylla Hide otherDebug message");
break;
}
}
void DbgManager_MessageProcessCreated(object?sender, DbgMessageProcessCreatedEventArgs e) => HookFuncs(e.Process);