Easy language implements anti-OD debugging repeatedly attached code

.Version 2
.DLLOrder ZwQueryInformationProcess, Integer type, ""
   . Parameters ProcessHandle, integer type
   . Parameters ProcessInformationClass, integer type
   . Parameters ProcessInformation, PROCESS_BASIC_INFORMATION
   . Parameters ProcessInformationLength, integer type
   . Parameters ReturnLength, integer type, address
 .DLL command OpenProcess, integer type, "", "OpenProcess"
   . Parameters dwDesiredAccess, integer type
   . Parameters bInheritHandle, integer type
   . Parameters dwProcessId, integer type
 .DLL command CloseHandle, integer type, "CloseHandle"
   . Parameters hwnd, integer type
 .DLL command GetProcessImageFileNameA, , "", "GetProcessImageFileNameA"
   . Parameters ProcessHandle, integer type
   . Parameter lpFilename, text type
   . Parameter nSize, integer type
 .DLL command modify virtual protection, integer type, "kernel32", "VirtualProtect", , Modify virtual protection
   . Parameters lpAddress, integer type
   . Parameters dwSize, integer type
   . Parameters flNewProtect, integer type
   . Parameters lpflOldProtect, integer type, address
 .DLL command to get the function address, integer type, "kernel32", "GetProcAddress", , Return the function address
   . Parameters Module Handle, Integer
   . Parameters Function name, text type
 .DLL command to take module handle, integer type, "kernel32", "GetModuleHandleA", , Get the module handle of an application or dynamic link library. If the execution is successful, the module handle is returned. Zero indicates failure. GetLastError will be set
   . Parameters Module name, text type, , specifies the module name, which is usually the same name as the module's file name.  For example, the module file name of the program is called NOTEPAD;
 .DLL command _enumeration window, logical type, "EnumWindows"
   . Parameters Enumeration Process, Subroutine Pointer
   . Parameter Parameter, integer type
 .DLL command _Whether the window is visible, logical, , "IsWindowVisible", , determine whether the window is visible. If the window is visible, return TRUE (non-zero)
   . Parameters window handle, integer type, handle of the window to be tested
 .DLL command GetWindowText, integer type, "GetWindowTextA"
   . Parameter handle, integer type, handle to the window where you want to get the text
   . Parameters Text, text type, , a predefined buffer with at least cch+1 character size; loaded with the text in the same window
   . Parameters text length, integer type, , lp buffer length;
 .DLL command GetClassName, integer type, "GetClassNameA"
   . Parameter handle, integer type, handle to the window where the class name is to obtain
   . Parameters Text, text type, , buffer loaded with the same class name.  At least nMaxCount + 1 character must be assigned in advance
   . Parameters Text length, integer type, , buffer length provided by lpClassName;
 .DLL command _Get window process ID, integer type, "GetWindowThreadProcessId", , Gets a thread and process identifier associated with the specified window
  .parameter Window handle, Integer type, , hwnd，指定Window handle
  .parameter Process Identifier, Integer type, Transfer address, lpdwProcessId，Specify a variable，Identifier for loading a process that has that window

.Version 2
.Data Type PROCESS_BASIC_INFORMATION
  .member ExitStatus, Integer type
  .member PebBaseAddress, Integer type
  .member AffinityMask, Integer type
  .member BasePriority, Integer type
  .member UniqueProcessId, Integer type
  .member InheritedFromUniqueProcessId, Integer type
.Data Type Window information type, , Enumerate window information
  .member Window handle, Integer type, Transfer address
  .member processID, Integer type, Transfer address
  .member ThreadID, Integer type, Transfer address
  .member Window class name, Text type
  .member Window title, Text type

.Version 2
.Support library eAPI
.Support library spec
.Assembly 窗口Assembly1
.Assembly变量 addr, Integer type
.Assembly变量 dadt, Byte set
.Assembly变量 Current window information, Window information type, , "16"
.Subprogram __Start the window_Created
oppositeODdebug ()
oppositeODAttached ()
.Subprogram oppositeODdebug, , , Get the operating environment
.Local variables Path, Text type
.Local variables hProcess, Integer type
.Local variables Info, PROCESS_BASIC_INFORMATION
.Local variables file name, Text type
ZwQueryInformationProcess (-1, 0, Info, 24, 0)
hProcess ＝ OpenProcess (1040, 0, )
Path ＝ Take blank text (4096)
GetProcessImageFileNameA (hProcess, Path, 4096)
CloseHandle (hProcess)
file name ＝ Take the text to the right (Path, Take text length (Path) － Find text (Path, “\”, , Fake))
oppositeODAttached ()
.If true (file name ≠ “”)
  Information box (“Illegal operation environment”, #Error icon, )  addr ＝ Get the function address (Get the module handle (“”), “DbgBreakPoint”)
  Terminate the process (Take the handle2 ())
  End yourself ()
.If true结束
.Subprogram oppositeODAttached, , , hook
.Local variables 写入Byte set, Byte set
.Local variables t
.If true (addr ＝ 0)
  addr ＝ Get the function address (Get the module handle (“”), “DbgBreakPoint”)
  Modify virtual protection (addr, 8, 64, 0)
.If true结束
dadt ＝ 指针到Byte set (addr, 8)
t ＝ PickSubprogram真实地址 (&DbgBreakPoint) － addr － 5
写入Byte set ＝ { 233 } ＋ 到Byte set (t)
Write to memory (写入Byte set, addr, 8)
.Subprogram DbgBreakPoint, Integer type, , quilthook
.Local variables 写入Byte set, Byte set
.Local variables t
.Local variables ret, Integer type
.If true (PickByte set长度 (dadt) ＞ 0)
  Write to memory (dadt, addr, )
.If true结束
Terminate the process (Take the handle2 ())
End yourself ()
t ＝ PickSubprogram真实地址 (&DbgBreakPoint) － addr － 5
写入Byte set ＝ { 233 } ＋ 到Byte set (t)
Write to memory (写入Byte set, addr, 8)
return (ret)
.Subprogram Take the handle2, Integer type
.Local variables Window list, Window information type, , "0"
.Local variables i, Integer type
.Cycle first (Enumerate window information (Window list), i)
  .If true (Find text (Window list [i].Window title, “[LCG”, , Fake) ≠ -1) ' PickODFeature Code,Add and encrypt it yourself later
    return (Window list [i].processID)
  .If true结束
.Calculate the cycle ()
return (-1)
.Subprogram Enumerate window information, Integer type
.parameter Temporary window information, Window information type, Array, 枚举出来的窗口信息Array
_Enumeration window (&Window information callback function, 0)
Temporary window information ＝ Current window information
清除Array (Current window information)
return (PickArray成员数 (Temporary window information))
.Subprogram Window information callback function
.parameter hwd, Integer type
.Local variables Window title, Text type
.Local variables Window class name, Text type
.Local variables Bureau_processID, Integer type
.Local variables ThreadID, Integer type
.Local variables Temporary window information, Window information type
.If true (_Is the window visible? (hwd))
  Window title ＝ Take blank text (256)
  Window class name ＝ Take blank text (256)
  GetWindowText (hwd, Window title, 255)
  GetClassName (hwd, Window class name, 255)
  ThreadID ＝ _Pick窗口processID (hwd, Bureau_processID)
  Temporary window information.processID ＝ Bureau_processID
  Temporary window information.ThreadID ＝ ThreadID
  Temporary window information.Window handle ＝ hwd
  Temporary window information.Window class name ＝ Window class name
  Temporary window information.Window title ＝ Window title
  Join a member (Current window information, Temporary window information)
.If true结束
.Subprogram PickSubprogram真实地址, Integer type
.parameter Subprogram指针, Subprogram指针
Put code ({ 83, 81, 139, 69, 8, 64, 139, 8, 128, 249, 232, 117, 248, 139, 72, 1, 141, 92, 8, 5, 139, 11, 193, 225, 8, 129, 249, 0, 85, 139, 236, 141, 64, 4, 117, 225, 139, 195, 89, 91, 201, 194, 4, 0 })
return (0)
.Subprogram End yourself, , , Pick模块所在process,Then kill it
.Local variables a, Integer type, , , ebp-4
.Local variables b, Integer type, , , ebp-8
a ＝ Apply for memory (512, Fake) ＋ 100 ＋ 512 ＋ 10000
b ＝ addr ＋ 10000
Write to memory (-277, a, )
Put code ({ 139, 69, 248, 45, 16, 39, 0, 0, 139, 125, 252, 51, 201, 51, 237, 51, 246, 51, 210, 51, 219, 129, 239, 16, 39, 0, 0, 139, 231, 131, 196, 100, 106, 0, 106, 255, 129, 239, 0, 2, 0, 0, 87, 51, 255, 106, 0, 137, 4, 36, 195 })