مشكل Anti-Attach متع تنقيح الملف

[the9am3]

وعليكم السلام ... 
سوال انت بوناصر اذا هو ليش ماتنشر مواضيعك ودروسك  هنا بس تنشرها بمنتديات الاجنبية ؟

https://github.com/VenTaz/Themidie
 

 
Anti Attach, Anti Anti AttachDebugger attach process with 
[code]
DebugActiveProcess
[/code]
 api.DebugActiveProcess(pid);

DEBUG_EVENT dbgEvent;
BOOL dbgContinue = True;

while (dbgContinue) {
    if (FALSE == WaitForDebugEvent(&dbgEvent, 100)) {
        continue;
    }

    ...
}It creates a thread in debuggee, then it calls 
[code]
DbgUiRemoteBreakin()
[/code]
 to debug process.//AntiAttach
__declspec(naked) void AntiAttach() {
    __asm {
		jmp ExitProcess
	}
}

//main
HANDLE hProcess = GetCurrentProcess();

HMODULE hMod = GetModuleHandleW(L"ntdll.dll");
FARPROC func_DbgUiRemoteBreakin = GetProcAddress(hMod, "DbgUiRemoteBreakin");

WriteProcessMemory(hProcess, func_DbgUiRemoteBreakin, AntiAttach, 6, NULL);Anti-Attacher hooks 
[code]
DbgUiRemoteBreakin
[/code]
 and redirects it to 
[code]
ExitProcess
[/code]
. AntiAnti-Attacher releases the hooked function.