#include <stdio.h>
#include <windows.h>

#define OneByteLength		00
#define TwoByteLength		01
#define FourByteLength		3
#define BreakOnExec		0
#define BreakOnWrite		1
#define BreakOnAccess		3
#define GlobalFlag		2
#define LocalFlag		1
#define	SetDR7Flag(size, type, flag, HBPnum)(((size << 2 | type) << (HBPnum * 4 + 16)) | (flag << (HBPnum*2)))

#define CONTEXT_ALL (CONTEXT_CONTROL | CONTEXT_INTEGER | CONTEXT_SEGMENTS | CONTEXT_FLOATING_POINT | CONTEXT_DEBUG_REGISTERS)

#define NTSTATUS ULONG

char	*sig = "\xEB\x04\x40\x30\x2e\x31\x60";
DWORD	BreakAndNbStep(DWORD addr, HANDLE hThread, int nb_step, CONTEXT *Context, DWORD Flag,
		       DEBUG_EVENT *debug_event);
PCHAR	DumpProcess(HANDLE hProcess,char *BaseAddress, DWORD *size);
void	RebuildDump(char *Dump, DWORD new_oep);
DWORD	disable_isdebugerpresent(HANDLE hProcess);
int	check_signature(PIMAGE_NT_HEADERS pPE, PIMAGE_SECTION_HEADER pSection, char *mapping);

typedef void** PPVOID;

typedef struct _UNICODE_STRING
{
  WORD Length;
  WORD MaximumLength;
  WORD * Buffer;
} UNICODE_STRING, *PUNICODE_STRING;

typedef struct _LDR_DATA_TABLE_ENTRY
{
  LIST_ENTRY InLoadOrderLinks;
  LIST_ENTRY InMemoryOrderLinks;
  LIST_ENTRY InInitializationOrderLinks;
  PVOID DllBase;
  PVOID EntryPoint;
  ULONG SizeOfImage;
  UNICODE_STRING FullDllName;
  UNICODE_STRING BaseDllName;
  ULONG Flags;
  WORD LoadCount;
  WORD TlsIndex;
  union
  {
    LIST_ENTRY HashLinks;
    struct
    {
      PVOID SectionPointer;
      ULONG CheckSum;
    };
  };
  union
  {
    ULONG TimeDateStamp;
    PVOID LoadedImports;
  };
  DWORD EntryPointActivationContext;
  PVOID PatchInformation;
  LIST_ENTRY ForwarderLinks;
  LIST_ENTRY ServiceTagLinks;
  LIST_ENTRY StaticLinks;
} LDR_DATA_TABLE_ENTRY, *PLDR_DATA_TABLE_ENTRY;


typedef struct _PEB_LDR_DATA {
  ULONG Length;
  BOOLEAN Initialized;
  PVOID SsHandle;
  LIST_ENTRY InLoadOrderModuleList;
  LIST_ENTRY InMemoryOrderModuleList;
  LIST_ENTRY InInitializationOrderModuleList;
} PEB_LDR_DATA, *PPEB_LDR_DATA;


typedef struct _PEB
{
  BOOLEAN InheritedAddressSpace;
  BOOLEAN ReadImageFileExecOptions;
  BOOLEAN BeingDebugged;
  BOOLEAN Spare;
  HANDLE Mutant;
  PVOID ImageBaseAddress;
  PPEB_LDR_DATA LoaderData;
  DWORD ProcessParameters;
  PVOID SubSystemData;
  PVOID ProcessHeap;
  PVOID FastPebLock;
  DWORD FastPebLockRoutine;
  DWORD FastPebUnlockRoutine;
  ULONG EnvironmentUpdateCount;
  PPVOID KernelCallbackTable;
  PVOID EventLogSection;
  PVOID EventLog;
  DWORD FreeList;
  ULONG TlsExpansionCounter;
  PVOID TlsBitmap;
  ULONG TlsBitmapBits[0x2];
  PVOID ReadOnlySharedMemoryBase;
  PVOID ReadOnlySharedMemoryHeap;
  PPVOID ReadOnlyStaticServerData;
  PVOID AnsiCodePageData;
  PVOID OemCodePageData;
  PVOID UnicodeCaseTableData;
  ULONG NumberOfProcessors;
  ULONG NtGlobalFlag;
  BYTE Spare2[0x4];
  LARGE_INTEGER CriticalSectionTimeout;
  ULONG HeapSegmentReserve;
  ULONG HeapSegmentCommit;
  ULONG HeapDeCommitTotalFreeThreshold;
  ULONG HeapDeCommitFreeBlockThreshold;
  ULONG NumberOfHeaps;
  ULONG MaximumNumberOfHeaps;
  PPVOID *ProcessHeaps;
  PVOID GdiSharedHandleTable;
  PVOID ProcessStarterHelper;
  PVOID GdiDCAttributeList;
  PVOID LoaderLock;
  ULONG OSMajorVersion;
  ULONG OSMinorVersion;
  ULONG OSBuildNumber;
  ULONG OSPlatformId;
  ULONG ImageSubSystem;
  ULONG ImageSubSystemMajorVersion;
  ULONG ImageSubSystemMinorVersion;
  ULONG GdiHandleBuffer[0x22];
  ULONG PostProcessInitRoutine;
  ULONG TlsExpansionBitmap;
  BYTE TlsExpansionBitmapBits[0x80];
  ULONG SessionId;
} PEB, *PPEB;


typedef struct _PROCESS_BASIC_INFORMATION {
        long 	ExitStatus;
        PPEB 	PebBaseAddress;
        unsigned long 	AffinityMask;
        long 	BasePriority;
        unsigned long 	UniqueProcessId;
        unsigned long 	InheritedFromUniqueProcessId;
}PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION;

typedef enum _PROCESSINFOCLASS {
	ProcessBasicInformation = 0
} PROCESSINFOCLASS;

typedef ULONG (NTAPI *lpfNtQueryInformationProcess)(HANDLE, PROCESSINFOCLASS, PVOID, ULONG, PULONG);