Rebase user dll VAs from host to remote.

.gitignore

@@ -263,3 +263,16 @@ $RECYCLE.BIN/
 
 # Mac crap
 .DS_Store
+/ScyllaTest/ScyllaTest.vcxproj
+/ScyllaHideX64DBGPlugin/ScyllaHideX64DBGPlugin.vcxproj
+/ScyllaHideTEPlugin/ScyllaHideTEPlugin.vcxproj
+/ScyllaHideOlly2Plugin/ScyllaHideOlly2Plugin.vcxproj
+/ScyllaHideOlly1Plugin/ScyllaHideOlly1Plugin.vcxproj
+/ScyllaHideIDAServer/ScyllaHideIDAServer.vcxproj
+/ScyllaHideIDAProPlugin/ScyllaHideIDAProPlugin.vcxproj
+/ScyllaHideGenericPlugin/ScyllaHideGenericPlugin.vcxproj
+/Scylla/Scylla.vcxproj
+/SCMRevGen/SCMRevGen.vcxproj
+/InjectorCLI/InjectorCLI.vcxproj
+/HookLibrary/HookLibrary.vcxproj
+/3rdparty/distorm/distorm.vcxproj

3rdparty/distorm/distorm.vcxproj

@@ -29,7 +29,7 @@
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
     <UseDebugLibraries>true</UseDebugLibraries>
-    <PlatformToolset>v142</PlatformToolset>
+    <PlatformToolset>v143</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <SpectreMitigation>false</SpectreMitigation>
     <VcpkgEnabled>false</VcpkgEnabled>
@@ -38,7 +38,7 @@
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
     <UseDebugLibraries>true</UseDebugLibraries>
-    <PlatformToolset>v142</PlatformToolset>
+    <PlatformToolset>v143</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <SpectreMitigation>false</SpectreMitigation>
     <VcpkgEnabled>false</VcpkgEnabled>
@@ -47,7 +47,7 @@
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
     <UseDebugLibraries>false</UseDebugLibraries>
-    <PlatformToolset>v142</PlatformToolset>
+    <PlatformToolset>v143</PlatformToolset>
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <CharacterSet>Unicode</CharacterSet>
     <SpectreMitigation>false</SpectreMitigation>
@@ -57,7 +57,7 @@
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
     <UseDebugLibraries>false</UseDebugLibraries>
-    <PlatformToolset>v142</PlatformToolset>
+    <PlatformToolset>v143</PlatformToolset>
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <SpectreMitigation>false</SpectreMitigation>
     <VcpkgEnabled>false</VcpkgEnabled>

HookLibrary/HookLibrary.vcxproj

@@ -29,7 +29,7 @@
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>DynamicLibrary</ConfigurationType>
     <UseDebugLibraries>true</UseDebugLibraries>
-    <PlatformToolset>v142</PlatformToolset>
+    <PlatformToolset>v143</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <SpectreMitigation>false</SpectreMitigation>
     <VcpkgEnabled>false</VcpkgEnabled>
@@ -38,7 +38,7 @@
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
     <ConfigurationType>DynamicLibrary</ConfigurationType>
     <UseDebugLibraries>true</UseDebugLibraries>
-    <PlatformToolset>v142</PlatformToolset>
+    <PlatformToolset>v143</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <SpectreMitigation>false</SpectreMitigation>
     <VcpkgEnabled>false</VcpkgEnabled>
@@ -47,7 +47,7 @@
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
     <ConfigurationType>DynamicLibrary</ConfigurationType>
     <UseDebugLibraries>false</UseDebugLibraries>
-    <PlatformToolset>v142</PlatformToolset>
+    <PlatformToolset>v143</PlatformToolset>
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <CharacterSet>Unicode</CharacterSet>
     <SpectreMitigation>false</SpectreMitigation>
@@ -57,7 +57,7 @@
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
     <ConfigurationType>DynamicLibrary</ConfigurationType>
     <UseDebugLibraries>false</UseDebugLibraries>
-    <PlatformToolset>v142</PlatformToolset>
+    <PlatformToolset>v143</PlatformToolset>
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <CharacterSet>Unicode</CharacterSet>
     <SpectreMitigation>false</SpectreMitigation>

InjectorCLI/CliMain.cpp

@@ -58,7 +58,6 @@ int wmain(int argc, wchar_t* argv[])
     g_log.SetLogCb(scl::Logger::Info, LogCallback);
     g_log.SetLogCb(scl::Logger::Error, LogCallback);
 
-    ReadNtApiInformation(&g_hdd);
     SetDebugPrivileges();
     //ChangeBadWindowText();
     g_settings.Load(g_scyllaHideIniPath.c_str());
@@ -102,6 +101,7 @@ int wmain(int argc, wchar_t* argv[])
 
     if (targetPid && dllPath)
     {
+        ReadNtApiInformation(&g_hdd, targetPid);
         wprintf(L"\nPID\t: %d 0x%X\nDLL Path: %s\n\n", targetPid, targetPid, dllPath);
         if (!startInjection(targetPid, dllPath))
             result = 1; // failure

InjectorCLI/InjectorCLI.vcxproj

@@ -29,7 +29,7 @@
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>true</UseDebugLibraries>
-    <PlatformToolset>v142</PlatformToolset>
+    <PlatformToolset>v143</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <SpectreMitigation>false</SpectreMitigation>
     <VcpkgEnabled>false</VcpkgEnabled>
@@ -38,7 +38,7 @@
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>true</UseDebugLibraries>
-    <PlatformToolset>v142</PlatformToolset>
+    <PlatformToolset>v143</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <SpectreMitigation>false</SpectreMitigation>
     <VcpkgEnabled>false</VcpkgEnabled>
@@ -47,7 +47,7 @@
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>false</UseDebugLibraries>
-    <PlatformToolset>v142</PlatformToolset>
+    <PlatformToolset>v143</PlatformToolset>
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <CharacterSet>Unicode</CharacterSet>
     <SpectreMitigation>false</SpectreMitigation>
@@ -57,7 +57,7 @@
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>false</UseDebugLibraries>
-    <PlatformToolset>v142</PlatformToolset>
+    <PlatformToolset>v143</PlatformToolset>
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <CharacterSet>Unicode</CharacterSet>
     <SpectreMitigation>false</SpectreMitigation>

PluginGeneric/Injector.cpp

@@ -26,7 +26,7 @@ BYTE* RemoteBreakinPatch;
 BYTE OllyRemoteBreakInReplacement[8];
 HANDLE hDebuggee;
 
-void ReadNtApiInformation(HOOK_DLL_DATA *hdd)
+void ReadNtApiInformation(HOOK_DLL_DATA *hdd, DWORD targetPid)
 {
     scl::User32Loader user32Loader;
     if (!user32Loader.FindSyscalls({
@@ -37,7 +37,7 @@ void ReadNtApiInformation(HOOK_DLL_DATA *hdd)
         "NtUserGetForegroundWindow",
         "NtUserGetClassName",
         "NtUserInternalGetWindowText",
-        "NtUserGetThreadState" }))
+        "NtUserGetThreadState" }, targetPid))
     {
         g_log.LogError(L"Failed to find user32.dll/win32u.dll syscalls!");
         return;

PluginGeneric/Injector.h

@@ -27,7 +27,7 @@ typedef struct _PROCESS_SUSPEND_INFO
     PTHREAD_SUSPEND_INFO ThreadSuspendInfo; // THREAD_SUSPEND_INFO[NumThreads]
 } PROCESS_SUSPEND_INFO, *PPROCESS_SUSPEND_INFO;
 
-void ReadNtApiInformation(HOOK_DLL_DATA *hdd);
+void ReadNtApiInformation(HOOK_DLL_DATA *hdd, DWORD ProcessId);
 
 void InstallAntiAttachHook();
 void startInjectionProcess(HANDLE hProcess, HOOK_DLL_DATA *hdd, BYTE * dllMemory, bool newProcess);

SCMRevGen/SCMRevGen.vcxproj

@@ -28,7 +28,7 @@
   <PropertyGroup Label="Configuration">
     <ConfigurationType>Utility</ConfigurationType>
     <UseDebugLibraries>false</UseDebugLibraries>
-    <PlatformToolset>v142</PlatformToolset>
+    <PlatformToolset>v143</PlatformToolset>
     <SpectreMitigation>false</SpectreMitigation>
     <VcpkgEnabled>false</VcpkgEnabled>
     <VCToolsVersion Condition="'$(USE_XP_TOOLCHAIN)'!=''">14.27.29110</VCToolsVersion>

Scylla/Scylla.vcxproj

@@ -57,7 +57,7 @@
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
     <UseDebugLibraries>true</UseDebugLibraries>
-    <PlatformToolset>v142</PlatformToolset>
+    <PlatformToolset>v143</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <SpectreMitigation>false</SpectreMitigation>
     <VcpkgEnabled>false</VcpkgEnabled>
@@ -66,7 +66,7 @@
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
     <UseDebugLibraries>true</UseDebugLibraries>
-    <PlatformToolset>v142</PlatformToolset>
+    <PlatformToolset>v143</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <SpectreMitigation>false</SpectreMitigation>
     <VcpkgEnabled>false</VcpkgEnabled>
@@ -75,7 +75,7 @@
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
     <UseDebugLibraries>false</UseDebugLibraries>
-    <PlatformToolset>v142</PlatformToolset>
+    <PlatformToolset>v143</PlatformToolset>
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <CharacterSet>Unicode</CharacterSet>
     <SpectreMitigation>false</SpectreMitigation>
@@ -85,7 +85,7 @@
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
     <UseDebugLibraries>false</UseDebugLibraries>
-    <PlatformToolset>v142</PlatformToolset>
+    <PlatformToolset>v143</PlatformToolset>
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <CharacterSet>Unicode</CharacterSet>
     <SpectreMitigation>false</SpectreMitigation>

Scylla/User32Loader.cpp

@@ -2,6 +2,7 @@
 #include "Win32kSyscalls.h"
 #include "Scylla/OsInfo.h"
 #include "Scylla/Logger.h"
+#include "InjectorCLI/DynamicMapping.h"
 
 extern scl::Logger g_log;
 
@@ -21,7 +22,7 @@ scl::User32Loader::~User32Loader()
 }
 
 // Finds the requested user32/win32u syscalls by name for later retrieval with GetUserSyscallVa
-bool scl::User32Loader::FindSyscalls(const std::vector<std::string>& syscallNames)
+bool scl::User32Loader::FindSyscalls(const std::vector<std::string>& syscallNames, DWORD targetPid)
 {
 	if (Win32kUserDll == nullptr) // Failed to load user32.dll or win32u.dll
 		return false;
@@ -30,10 +31,15 @@ bool scl::User32Loader::FindSyscalls(const std::vector<std::string>& syscallName
 
 	if (OsBuildNumber >= 14393)
 	{
+
+        HANDLE hProcess = OpenProcess(PROCESS_SUSPEND_RESUME | PROCESS_VM_OPERATION | PROCESS_VM_READ | PROCESS_VM_WRITE | PROCESS_QUERY_INFORMATION | PROCESS_SET_INFORMATION, 0, targetPid);
+        HMODULE remoteBase = GetModuleBaseRemote(hProcess, L"win32u.dll");
+        CloseHandle(hProcess);
+
 		// On >= 10.0.14393.0 we can simply get the VAs from win32u.dll
 		for (const auto& syscallName : syscallNames)
 		{
-			const ULONG_PTR syscallAddress = (ULONG_PTR)GetProcAddress((HMODULE)Win32kUserDll, syscallName.c_str());
+			const ULONG_PTR syscallAddress = (ULONG_PTR)GetProcAddress((HMODULE)Win32kUserDll, syscallName.c_str()) - (ULONG_PTR)Win32kUserDll + (ULONG_PTR)remoteBase;
 			if (syscallAddress == 0)
 				return false;
 			FunctionNamesAndVas[syscallName] = syscallAddress;
@@ -51,11 +57,15 @@ bool scl::User32Loader::FindSyscalls(const std::vector<std::string>& syscallName
 		functionNamesAndSyscallNums[syscallName] = (ULONG_PTR)syscallNum;
 	}
 
+    HANDLE hProcess = OpenProcess(PROCESS_SUSPEND_RESUME | PROCESS_VM_OPERATION | PROCESS_VM_READ | PROCESS_VM_WRITE | PROCESS_QUERY_INFORMATION | PROCESS_SET_INFORMATION, 0, targetPid);
+    HMODULE remoteBase = GetModuleBaseRemote(hProcess, L"user32.dll");
+    CloseHandle(hProcess);
+
 	// Find the VAs of the functions we want
 	for (const auto& function : functionNamesAndSyscallNums)
 	{
 		const std::string syscallName = function.first;
-		const ULONG_PTR syscallAddress = FindSyscallByIndex((ULONG)function.second);
+		const ULONG_PTR syscallAddress = FindSyscallByIndex((ULONG)function.second) - (ULONG_PTR)Win32kUserDll + (ULONG_PTR)remoteBase;
 		if (syscallAddress != 0)
 		{
 			FunctionNamesAndVas[syscallName] = syscallAddress;
@@ -69,7 +79,7 @@ bool scl::User32Loader::FindSyscalls(const std::vector<std::string>& syscallName
 	}
 
 	// Sanity check the NtUserBlockInput VA as this is an exported syscall
-	const ULONG_PTR BlockInputVa = (ULONG_PTR)GetProcAddress((HMODULE)Win32kUserDll, "BlockInput");
+	const ULONG_PTR BlockInputVa = (ULONG_PTR)GetProcAddress((HMODULE)Win32kUserDll, "BlockInput") - (ULONG_PTR)Win32kUserDll + (ULONG_PTR)remoteBase;
 	if (BlockInputVa == 0)
 		return false;
 	const bool check = GetUserSyscallVa("NtUserBlockInput") == BlockInputVa;

Scylla/User32Loader.h

@@ -13,7 +13,7 @@ namespace scl
 		User32Loader();
 		~User32Loader();
 
-		bool FindSyscalls(const std::vector<std::string>& syscallNames);
+		bool FindSyscalls(const std::vector<std::string>& syscallNames, DWORD targetPid);
 
 		ULONG_PTR GetUserSyscallVa(const std::string& functionName) const { return FunctionNamesAndVas.at(functionName); }
 		LONG GetUserSyscallIndex(const std::string& functionName) const;

ScyllaHideGenericPlugin/ScyllaHideGenericPlugin.cpp

@@ -111,7 +111,7 @@ DLL_EXPORT void ScyllaHideDebugLoop(const DEBUG_EVENT* DebugEvent)
         {
             if (!status.bHooked)
             {
-                ReadNtApiInformation(&g_hdd);
+                ReadNtApiInformation(&g_hdd, status.ProcessId);
 
                 status.bHooked = true;
                 startInjection(status.ProcessId, &g_hdd, g_scyllaHideDllPath.c_str(), true);

ScyllaHideGenericPlugin/ScyllaHideGenericPlugin.vcxproj

@@ -30,7 +30,7 @@
     <ConfigurationType>DynamicLibrary</ConfigurationType>
     <UseDebugLibraries>true</UseDebugLibraries>
     <CharacterSet>Unicode</CharacterSet>
-    <PlatformToolset>v142</PlatformToolset>
+    <PlatformToolset>v143</PlatformToolset>
     <SpectreMitigation>false</SpectreMitigation>
     <VcpkgEnabled>false</VcpkgEnabled>
     <VCToolsVersion Condition="'$(USE_XP_TOOLCHAIN)'!=''">14.27.29110</VCToolsVersion>
@@ -39,7 +39,7 @@
     <ConfigurationType>DynamicLibrary</ConfigurationType>
     <UseDebugLibraries>true</UseDebugLibraries>
     <CharacterSet>Unicode</CharacterSet>
-    <PlatformToolset>v142</PlatformToolset>
+    <PlatformToolset>v143</PlatformToolset>
     <SpectreMitigation>false</SpectreMitigation>
     <VcpkgEnabled>false</VcpkgEnabled>
     <VCToolsVersion Condition="'$(USE_XP_TOOLCHAIN)'!=''">14.27.29110</VCToolsVersion>
@@ -49,7 +49,7 @@
     <UseDebugLibraries>false</UseDebugLibraries>
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <CharacterSet>Unicode</CharacterSet>
-    <PlatformToolset>v142</PlatformToolset>
+    <PlatformToolset>v143</PlatformToolset>
     <SpectreMitigation>false</SpectreMitigation>
     <VcpkgEnabled>false</VcpkgEnabled>
     <VCToolsVersion Condition="'$(USE_XP_TOOLCHAIN)'!=''">14.27.29110</VCToolsVersion>
@@ -59,7 +59,7 @@
     <UseDebugLibraries>false</UseDebugLibraries>
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <CharacterSet>Unicode</CharacterSet>
-    <PlatformToolset>v142</PlatformToolset>
+    <PlatformToolset>v143</PlatformToolset>
     <SpectreMitigation>false</SpectreMitigation>
     <VcpkgEnabled>false</VcpkgEnabled>
     <VCToolsVersion Condition="'$(USE_XP_TOOLCHAIN)'!=''">14.27.29110</VCToolsVersion>

ScyllaHideIDAProPlugin/ScyllaHideIDAProPlugin.vcxproj

@@ -22,7 +22,7 @@
     <ConfigurationType>DynamicLibrary</ConfigurationType>
     <UseDebugLibraries>true</UseDebugLibraries>
     <CharacterSet>Unicode</CharacterSet>
-    <PlatformToolset>v142</PlatformToolset>
+    <PlatformToolset>v143</PlatformToolset>
     <SpectreMitigation>false</SpectreMitigation>
     <VcpkgEnabled>false</VcpkgEnabled>
     <VCToolsVersion Condition="'$(USE_XP_TOOLCHAIN)'!=''">14.27.29110</VCToolsVersion>
@@ -32,7 +32,7 @@
     <UseDebugLibraries>false</UseDebugLibraries>
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <CharacterSet>Unicode</CharacterSet>
-    <PlatformToolset>v142</PlatformToolset>
+    <PlatformToolset>v143</PlatformToolset>
     <SpectreMitigation>false</SpectreMitigation>
     <VcpkgEnabled>false</VcpkgEnabled>
     <VCToolsVersion Condition="'$(USE_XP_TOOLCHAIN)'!=''">14.27.29110</VCToolsVersion>

ScyllaHideIDAServer/ScyllaHideIDAServer.vcxproj

@@ -30,7 +30,7 @@
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>true</UseDebugLibraries>
     <CharacterSet>Unicode</CharacterSet>
-    <PlatformToolset>v142</PlatformToolset>
+    <PlatformToolset>v143</PlatformToolset>
     <SpectreMitigation>false</SpectreMitigation>
     <VcpkgEnabled>false</VcpkgEnabled>
     <VCToolsVersion Condition="'$(USE_XP_TOOLCHAIN)'!=''">14.27.29110</VCToolsVersion>
@@ -39,7 +39,7 @@
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>true</UseDebugLibraries>
     <CharacterSet>Unicode</CharacterSet>
-    <PlatformToolset>v142</PlatformToolset>
+    <PlatformToolset>v143</PlatformToolset>
     <SpectreMitigation>false</SpectreMitigation>
     <VcpkgEnabled>false</VcpkgEnabled>
     <VCToolsVersion Condition="'$(USE_XP_TOOLCHAIN)'!=''">14.27.29110</VCToolsVersion>
@@ -49,7 +49,7 @@
     <UseDebugLibraries>false</UseDebugLibraries>
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <CharacterSet>Unicode</CharacterSet>
-    <PlatformToolset>v142</PlatformToolset>
+    <PlatformToolset>v143</PlatformToolset>
     <SpectreMitigation>false</SpectreMitigation>
     <VcpkgEnabled>false</VcpkgEnabled>
     <VCToolsVersion Condition="'$(USE_XP_TOOLCHAIN)'!=''">14.27.29110</VCToolsVersion>
@@ -59,7 +59,7 @@
     <UseDebugLibraries>false</UseDebugLibraries>
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <CharacterSet>Unicode</CharacterSet>
-    <PlatformToolset>v142</PlatformToolset>
+    <PlatformToolset>v143</PlatformToolset>
     <SpectreMitigation>false</SpectreMitigation>
     <VcpkgEnabled>false</VcpkgEnabled>
     <VCToolsVersion Condition="'$(USE_XP_TOOLCHAIN)'!=''">14.27.29110</VCToolsVersion>

ScyllaHideOlly1Plugin/ScyllaHideOlly1Plugin.cpp

@@ -487,7 +487,7 @@ extern "C" void DLL_EXPORT _ODBG_Pluginmainloop(DEBUG_EVENT *debugevent)
         {
             if (!bHooked)
             {
-                ReadNtApiInformation(&g_hdd);
+                ReadNtApiInformation(&g_hdd,ProcessId);
 
                 bHooked = true;
                 startInjection(ProcessId, &g_hdd, g_scyllaHideDllPath.c_str(), true);