添加项目文件。

2026-01-28 03:54:37 +08:00 · 2022-03-01 10:32:33 +08:00
parent 5423a1b177
commit 818105040a
26 changed files with 2232 additions and 0 deletions
--- a/AntiScreenCap.sln
+++ b/AntiScreenCap.sln
@@ -0,0 +1,61 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 16
+VisualStudioVersion = 16.0.31702.278
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "RtlHide", "RtlHook\RtlHook.vcxproj", "{E91231DC-E9CF-4E12-B0E4-A0C63F7A7E69}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Hide", "Hide\Hide.vcxproj", "{F161A811-6CDA-44DA-8A9E-E463E92A4B80}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "UnHide", "UnHide\UnHide.vcxproj", "{3566D20B-6C53-4B3B-BC9C-A252486789D5}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "AntiScreenCap", "AntiScreenCap\AntiScreenCap.vcxproj", "{EC0D81D9-E367-4307-925F-2CF1149B5E57}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|x64 = Debug|x64
+		Debug|x86 = Debug|x86
+		Release|x64 = Release|x64
+		Release|x86 = Release|x86
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{E91231DC-E9CF-4E12-B0E4-A0C63F7A7E69}.Debug|x64.ActiveCfg = Debug|x64
+		{E91231DC-E9CF-4E12-B0E4-A0C63F7A7E69}.Debug|x64.Build.0 = Debug|x64
+		{E91231DC-E9CF-4E12-B0E4-A0C63F7A7E69}.Debug|x86.ActiveCfg = Debug|Win32
+		{E91231DC-E9CF-4E12-B0E4-A0C63F7A7E69}.Debug|x86.Build.0 = Debug|Win32
+		{E91231DC-E9CF-4E12-B0E4-A0C63F7A7E69}.Release|x64.ActiveCfg = Release|x64
+		{E91231DC-E9CF-4E12-B0E4-A0C63F7A7E69}.Release|x64.Build.0 = Release|x64
+		{E91231DC-E9CF-4E12-B0E4-A0C63F7A7E69}.Release|x86.ActiveCfg = Release|Win32
+		{E91231DC-E9CF-4E12-B0E4-A0C63F7A7E69}.Release|x86.Build.0 = Release|Win32
+		{F161A811-6CDA-44DA-8A9E-E463E92A4B80}.Debug|x64.ActiveCfg = Debug|x64
+		{F161A811-6CDA-44DA-8A9E-E463E92A4B80}.Debug|x64.Build.0 = Debug|x64
+		{F161A811-6CDA-44DA-8A9E-E463E92A4B80}.Debug|x86.ActiveCfg = Debug|Win32
+		{F161A811-6CDA-44DA-8A9E-E463E92A4B80}.Debug|x86.Build.0 = Debug|Win32
+		{F161A811-6CDA-44DA-8A9E-E463E92A4B80}.Release|x64.ActiveCfg = Release|x64
+		{F161A811-6CDA-44DA-8A9E-E463E92A4B80}.Release|x64.Build.0 = Release|x64
+		{F161A811-6CDA-44DA-8A9E-E463E92A4B80}.Release|x86.ActiveCfg = Release|Win32
+		{F161A811-6CDA-44DA-8A9E-E463E92A4B80}.Release|x86.Build.0 = Release|Win32
+		{3566D20B-6C53-4B3B-BC9C-A252486789D5}.Debug|x64.ActiveCfg = Debug|x64
+		{3566D20B-6C53-4B3B-BC9C-A252486789D5}.Debug|x64.Build.0 = Debug|x64
+		{3566D20B-6C53-4B3B-BC9C-A252486789D5}.Debug|x86.ActiveCfg = Debug|Win32
+		{3566D20B-6C53-4B3B-BC9C-A252486789D5}.Debug|x86.Build.0 = Debug|Win32
+		{3566D20B-6C53-4B3B-BC9C-A252486789D5}.Release|x64.ActiveCfg = Release|x64
+		{3566D20B-6C53-4B3B-BC9C-A252486789D5}.Release|x64.Build.0 = Release|x64
+		{3566D20B-6C53-4B3B-BC9C-A252486789D5}.Release|x86.ActiveCfg = Release|Win32
+		{3566D20B-6C53-4B3B-BC9C-A252486789D5}.Release|x86.Build.0 = Release|Win32
+		{EC0D81D9-E367-4307-925F-2CF1149B5E57}.Debug|x64.ActiveCfg = Debug|x64
+		{EC0D81D9-E367-4307-925F-2CF1149B5E57}.Debug|x64.Build.0 = Debug|x64
+		{EC0D81D9-E367-4307-925F-2CF1149B5E57}.Debug|x86.ActiveCfg = Debug|Win32
+		{EC0D81D9-E367-4307-925F-2CF1149B5E57}.Debug|x86.Build.0 = Debug|Win32
+		{EC0D81D9-E367-4307-925F-2CF1149B5E57}.Release|x64.ActiveCfg = Release|x64
+		{EC0D81D9-E367-4307-925F-2CF1149B5E57}.Release|x64.Build.0 = Release|x64
+		{EC0D81D9-E367-4307-925F-2CF1149B5E57}.Release|x86.ActiveCfg = Release|Win32
+		{EC0D81D9-E367-4307-925F-2CF1149B5E57}.Release|x86.Build.0 = Release|Win32
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {E247D6A1-AC01-4A26-AF82-761EF98FF9E1}
+	EndGlobalSection
+EndGlobal
--- a/AntiScreenCap/AntiScreenCap.vcxproj
+++ b/AntiScreenCap/AntiScreenCap.vcxproj
@@ -0,0 +1,156 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="hook_current.h" />
+    <ClInclude Include="main.h" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="hook_current.cpp" />
+    <ClCompile Include="main.cpp" />
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <VCProjectVersion>16.0</VCProjectVersion>
+    <Keyword>Win32Proj</Keyword>
+    <ProjectGuid>{ec0d81d9-e367-4307-925f-2cf1149b5e57}</ProjectGuid>
+    <RootNamespace>AntiScreenCap</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v142</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v142</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v142</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v142</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="Shared">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(PlatformTarget)\$(Configuration)\</OutDir>
+    <TargetName>$(ProjectName)32</TargetName>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <LanguageStandard>stdcpp17</LanguageStandard>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <LanguageStandard>stdcpp17</LanguageStandard>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
--- a/AntiScreenCap/AntiScreenCap.vcxproj.filters
+++ b/AntiScreenCap/AntiScreenCap.vcxproj.filters
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="源文件">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="头文件">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions>
+    </Filter>
+    <Filter Include="资源文件">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="hook_current.h">
+      <Filter>头文件</Filter>
+    </ClInclude>
+    <ClInclude Include="main.h">
+      <Filter>头文件</Filter>
+    </ClInclude>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="hook_current.cpp">
+      <Filter>源文件</Filter>
+    </ClCompile>
+    <ClCompile Include="main.cpp">
+      <Filter>源文件</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
--- a/AntiScreenCap/hook_current.cpp
+++ b/AntiScreenCap/hook_current.cpp
@@ -0,0 +1,411 @@
+#define _CRT_SECURE_NO_WARNINGS
+
+#include "main.h"
+#include "hook_current.h"
+#include <iostream>
+#include <string>
+#include <vector>
+#include <Windows.h>
+#include <psapi.h>
+#include <Shlwapi.h>
+#include <tchar.h>
+#include <unordered_map>
+#include <list>
+#include <Winternl.h>
+
+#pragma comment(lib,"shlwapi.lib")
+using namespace std;
+
+bool Is64BitOS()
+{
+	SYSTEM_INFO sysInfo = { 0 };
+	GetNativeSystemInfo(&sysInfo);
+	if (sysInfo.wProcessorArchitecture == PROCESSOR_ARCHITECTURE_IA64
+		|| sysInfo.wProcessorArchitecture == PROCESSOR_ARCHITECTURE_AMD64)
+	{
+		return true;
+	}
+	return false;
+}
+bool is64BitOS = Is64BitOS();
+
+string getProcNameByHandle(HANDLE hProcess)
+{
+	char exeName[MAX_PATH] = { 0 };
+	if (GetModuleFileNameExA(hProcess, NULL, exeName, MAX_PATH))
+	{
+		PathStripPathA(exeName);
+		return exeName;
+	}
+	Log(LogLevel::LOG_WARN, __LINE__, "getProcNameByHandle GetModuleFileNameExA Error: %d", GetLastError());
+	return {};
+}
+
+unordered_map<DWORD, string> getSuspendProcess()
+{
+	unordered_map<DWORD, string> suspendProcess;
+	typedef NTSTATUS(NTAPI* pfnNtQuerySystemInformation)(
+		IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
+		OUT PVOID SystemInformation,
+		IN ULONG SystemInformationLength,
+		OUT PULONG ReturnLength OPTIONAL
+		);
+	pfnNtQuerySystemInformation NtQuerySystemInformation = (pfnNtQuerySystemInformation)GetProcAddress(LoadLibrary(L"ntdll.dll"), "NtQuerySystemInformation");
+
+	LPVOID dwBufferProcess = 0;         //<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݵĻ<DDB5><C4BB><EFBFBD><EFBFBD><EFBFBD>
+	DWORD dwBufferProcessSize = 0;      //<2F><>Ҫ<EFBFBD><D2AA><EFBFBD>յ<EFBFBD><D5B5><EFBFBD><EFBFBD>ݵĻ<DDB5><C4BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>С
+	NtQuerySystemInformation(SystemProcessInformation, NULL, 0, &dwBufferProcessSize);
+	dwBufferProcess = new BYTE[dwBufferProcessSize + 0x10000]();    //Ϊ<>˷<EFBFBD>ֹ<EFBFBD><D6B9><EFBFBD><EFBFBD>/<2F>߳<EFBFBD><DFB3><EFBFBD>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD>ͻ<EFBFBD>䣬<EFBFBD><E4A3AC><EFBFBD><EFBFBD><EFBFBD><EFBFBD>0x10000<30>ڴ<EFBFBD>(64K)
+	LPVOID dwOldBufferProcess = dwBufferProcess;                    //<2F><><EFBFBD>滺<EFBFBD><E6BBBA><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ַ                                       
+	NtQuerySystemInformation(SystemProcessInformation, dwBufferProcess, dwBufferProcessSize + 0x10000, &dwBufferProcessSize);
+
+	while (TRUE)
+	{
+		LPVOID dwAddress = dwBufferProcess;
+		dwBufferProcess = (BYTE*)dwBufferProcess + sizeof(SYSTEM_PROCESS_INFORMATION);
+		PSYSTEM_PROCESS_INFORMATION processInfo = (PSYSTEM_PROCESS_INFORMATION)dwAddress;
+
+		int suspendThreads = 0;
+		for (DWORD i = 0; i < processInfo->NumberOfThreads; i++)
+		{
+			//<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>״̬<D7B4>͵<EFBFBD><CDB5>´<EFBFBD>״̬<D7B4><CCAC>ԭ<EFBFBD><D4AD>
+			if (((SYSTEM_THREAD_INFORMATION*)dwBufferProcess)->ThreadState == 5 && ((SYSTEM_THREAD_INFORMATION*)dwBufferProcess)->WaitReason == 5)
+			{
+				suspendThreads++;
+			}
+			dwBufferProcess = (BYTE*)dwBufferProcess + sizeof(SYSTEM_THREAD_INFORMATION);                  //ָ<><D6B8><EFBFBD>˽<EFBFBD><CBBD>̵<EFBFBD><CCB5><EFBFBD>һ<EFBFBD><D2BB><EFBFBD>߳̽ṹ	
+		}
+		if (suspendThreads == processInfo->NumberOfThreads)
+		{
+			wstring wstrName{ processInfo->ImageName.Buffer };
+			suspendProcess[(DWORD)(processInfo->UniqueProcessId)] = string(wstrName.begin(), wstrName.end());
+		}
+		dwBufferProcess = ((BYTE*)dwAddress + ((SYSTEM_PROCESS_INFORMATION*)dwAddress)->NextEntryOffset);				//ָ<><D6B8><EFBFBD><EFBFBD>һ<EFBFBD><D2BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+		if (((SYSTEM_PROCESS_INFORMATION*)dwAddress)->NextEntryOffset == 0)							//<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɽ<EFBFBD><C9BD><EFBFBD>
+			break;
+	}
+	delete[] dwOldBufferProcess;      //<2F>ͷ<EFBFBD><CDB7>ڴ<EFBFBD>    
+	return suspendProcess;
+}
+
+struct ProcessInfo
+{
+	string name;
+	bool isSuspend;
+};
+
+unordered_map<DWORD, ProcessInfo> getProcessInfo()
+{
+	unordered_map<DWORD, ProcessInfo> processInfoMap;
+	typedef NTSTATUS(NTAPI* pfnNtQuerySystemInformation)(
+		IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
+		OUT PVOID SystemInformation,
+		IN ULONG SystemInformationLength,
+		OUT PULONG ReturnLength OPTIONAL
+		);
+	pfnNtQuerySystemInformation NtQuerySystemInformation = (pfnNtQuerySystemInformation)GetProcAddress(LoadLibrary(L"ntdll.dll"), "NtQuerySystemInformation");
+
+	LPVOID dwBufferProcess = 0;         //<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݵĻ<DDB5><C4BB><EFBFBD><EFBFBD><EFBFBD>
+	DWORD dwBufferProcessSize = 0;      //<2F><>Ҫ<EFBFBD><D2AA><EFBFBD>յ<EFBFBD><D5B5><EFBFBD><EFBFBD>ݵĻ<DDB5><C4BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>С
+	NtQuerySystemInformation(SystemProcessInformation, NULL, 0, &dwBufferProcessSize);
+	dwBufferProcess = new BYTE[dwBufferProcessSize + 0x10000]();    //Ϊ<>˷<EFBFBD>ֹ<EFBFBD><D6B9><EFBFBD><EFBFBD>/<2F>߳<EFBFBD><DFB3><EFBFBD>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD>ͻ<EFBFBD>䣬<EFBFBD><E4A3AC><EFBFBD><EFBFBD><EFBFBD><EFBFBD>0x10000<30>ڴ<EFBFBD>(64K)
+	LPVOID dwOldBufferProcess = dwBufferProcess;                    //<2F><><EFBFBD>滺<EFBFBD><E6BBBA><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ַ                                       
+	NtQuerySystemInformation(SystemProcessInformation, dwBufferProcess, dwBufferProcessSize + 0x10000, &dwBufferProcessSize);
+
+	while (TRUE)
+	{
+		LPVOID dwAddress = dwBufferProcess;
+		dwBufferProcess = (BYTE*)dwBufferProcess + sizeof(SYSTEM_PROCESS_INFORMATION);
+		PSYSTEM_PROCESS_INFORMATION processInfo = (PSYSTEM_PROCESS_INFORMATION)dwAddress;
+		
+		int suspendThreads = 0;
+		for (DWORD i = 0; i < processInfo->NumberOfThreads; i++)
+		{
+			//<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>״̬<D7B4>͵<EFBFBD><CDB5>´<EFBFBD>״̬<D7B4><CCAC>ԭ<EFBFBD><D4AD>
+			if (((SYSTEM_THREAD_INFORMATION*)dwBufferProcess)->ThreadState == 5 && ((SYSTEM_THREAD_INFORMATION*)dwBufferProcess)->WaitReason == 5)
+			{
+				suspendThreads++;
+			}
+			dwBufferProcess = (BYTE*)dwBufferProcess + sizeof(SYSTEM_THREAD_INFORMATION);                  //ָ<><D6B8><EFBFBD>˽<EFBFBD><CBBD>̵<EFBFBD><CCB5><EFBFBD>һ<EFBFBD><D2BB><EFBFBD>߳̽ṹ	
+		}
+
+		if ((DWORD)(processInfo->UniqueProcessId) > 0)
+		{
+			wstring	wstrName = processInfo->ImageName.Buffer;
+			bool isSuspend = (suspendThreads == processInfo->NumberOfThreads);
+			processInfoMap[(DWORD)(processInfo->UniqueProcessId)] = { string(wstrName.begin(), wstrName.end()), isSuspend };
+		}
+
+		dwBufferProcess = ((BYTE*)dwAddress + ((SYSTEM_PROCESS_INFORMATION*)dwAddress)->NextEntryOffset);				//ָ<><D6B8><EFBFBD><EFBFBD>һ<EFBFBD><D2BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+		if (((SYSTEM_PROCESS_INFORMATION*)dwAddress)->NextEntryOffset == 0)							//<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɽ<EFBFBD><C9BD><EFBFBD>
+			break;
+	}
+	delete[] dwOldBufferProcess;      //<2F>ͷ<EFBFBD><CDB7>ڴ<EFBFBD>    
+	return processInfoMap;
+}
+
+bool ZwCreateThreadExInjectDll(HANDLE hProcess, const wchar_t* pszDllFileName)
+{
+	int pathSize = (wcslen(pszDllFileName) + 1) * sizeof(wchar_t);
+
+	// 2.<2E><>Ŀ<EFBFBD><C4BF><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ռ<EFBFBD>
+	LPVOID lpPathAddr = VirtualAllocEx(hProcess, 0, pathSize, MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
+	if (NULL == lpPathAddr)
+	{
+		Log(LogLevel::LOG_ERROR, __LINE__, "<EFBFBD><EFBFBD>Ŀ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ռ<EFBFBD>ʧ<EFBFBD>ܣ<EFBFBD><EFBFBD><EFBFBD>%d", GetLastError());
+		CloseHandle(hProcess);
+		return false;
+	}
+	// 3.<2E><>Ŀ<EFBFBD><C4BF><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>д<EFBFBD><D0B4>Dll·<6C><C2B7>
+	if (FALSE == WriteProcessMemory(hProcess, lpPathAddr, pszDllFileName, pathSize, NULL)) // ʵ<><CAB5>д<EFBFBD><D0B4><EFBFBD><EFBFBD>С
+	{
+		Log(LogLevel::LOG_ERROR, __LINE__, "<EFBFBD><EFBFBD>Ŀ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>д<EFBFBD><EFBFBD>Dll·<EFBFBD><EFBFBD>ʧ<EFBFBD>ܣ<EFBFBD><EFBFBD><EFBFBD>%d", GetLastError());
+		CloseHandle(hProcess);
+		return false;
+	}
+	// 4.<2E><><EFBFBD><EFBFBD>ntdll.dll
+	HMODULE hNtdll = LoadLibraryW(L"ntdll.dll");
+	if (NULL == hNtdll)
+	{
+		Log(LogLevel::LOG_ERROR, __LINE__, "<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ntdll.dllʧ<6C>ܣ<EFBFBD><DCA3><EFBFBD>%d", GetLastError());
+		CloseHandle(hProcess);
+		return false;
+	}
+	// 5.<2E><>ȡLoadLibraryA<79>ĺ<EFBFBD><C4BA><EFBFBD><EFBFBD><EFBFBD>ַ
+	// FARPROC<4F><43><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ӧ32λ<32><CEBB>64λ
+	HMODULE hmKernel32 = LoadLibrary(_T("Kernel32.dll"));
+	if (NULL == hmKernel32)
+	{
+		Log(LogLevel::LOG_ERROR, __LINE__, "<EFBFBD><EFBFBD><EFBFBD><EFBFBD>Kernel32.dllʧ<6C>ܣ<EFBFBD><DCA3><EFBFBD>%d", GetLastError());
+		CloseHandle(hProcess);
+		return false;
+	}
+	FARPROC pFuncProcAddr = GetProcAddress(hmKernel32, "LoadLibraryW");
+	if (NULL == pFuncProcAddr)
+	{
+		Log(LogLevel::LOG_ERROR, __LINE__, "<EFBFBD><EFBFBD>ȡLoadLibrary<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ַʧ<EFBFBD>ܣ<EFBFBD><EFBFBD><EFBFBD>%d", GetLastError());
+		CloseHandle(hProcess);
+		return false;
+	}
+	// 6.<2E><>ȡZwCreateThreadEx<45><78><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ַ,<2C>ú<EFBFBD><C3BA><EFBFBD><EFBFBD><EFBFBD>32λ<32><CEBB>64λ<34><CEBB>ԭ<EFBFBD>Ͳ<EFBFBD>ͬ
+	// _WIN64<36><34><EFBFBD><EFBFBD><EFBFBD>жϱ<D0B6><CFB1>뻷<EFBFBD><EBBBB7><EFBFBD><EFBFBD>_WIN32<33><32><EFBFBD><EFBFBD><EFBFBD>ж<EFBFBD><D0B6>Ƿ<EFBFBD><C7B7><EFBFBD>Windowsϵͳ
+#ifdef _WIN64
+	typedef DWORD(WINAPI* typedef_ZwCreateThreadEx)(
+		PHANDLE ThreadHandle,
+		ACCESS_MASK DesiredAccess,
+		LPVOID ObjectAttributes,
+		HANDLE ProcessHandle,
+		LPTHREAD_START_ROUTINE lpStartAddress,
+		LPVOID lpParameter,
+		ULONG CreateThreadFlags,
+		SIZE_T ZeroBits,
+		SIZE_T StackSize,
+		SIZE_T MaximumStackSize,
+		LPVOID pUnkown
+		);
+#else
+	typedef DWORD(WINAPI* typedef_ZwCreateThreadEx)(
+		PHANDLE ThreadHandle,
+		ACCESS_MASK DesiredAccess,
+		LPVOID ObjectAttributes,
+		HANDLE ProcessHandle,
+		LPTHREAD_START_ROUTINE lpStartAddress,
+		LPVOID lpParameter,
+		BOOL CreateSuspended,
+		DWORD dwStackSize,
+		DWORD dw1,
+		DWORD dw2,
+		LPVOID pUnkown
+		);
+#endif 
+	typedef_ZwCreateThreadEx ZwCreateThreadEx = (typedef_ZwCreateThreadEx)GetProcAddress(hNtdll, "ZwCreateThreadEx");
+	if (NULL == ZwCreateThreadEx)
+	{
+		Log(LogLevel::LOG_ERROR, __LINE__, "<EFBFBD><EFBFBD>ȡZwCreateThreadEx<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ַʧ<EFBFBD>ܣ<EFBFBD><EFBFBD><EFBFBD>%d", GetLastError());
+		CloseHandle(hProcess);
+		return false;
+	}
+	// 7.<2E><>Ŀ<EFBFBD><C4BF><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>д<EFBFBD><D0B4><EFBFBD>Զ<EFBFBD>߳<EFBFBD>
+	HANDLE hRemoteThread = NULL;
+	DWORD dwStatus = ZwCreateThreadEx(&hRemoteThread, PROCESS_ALL_ACCESS, NULL,
+		hProcess, (LPTHREAD_START_ROUTINE)pFuncProcAddr, lpPathAddr, 0, 0, 0, 0, NULL);
+	if (NULL == hRemoteThread)
+	{
+		Log(LogLevel::LOG_ERROR, __LINE__, "Ŀ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>д<EFBFBD><EFBFBD><EFBFBD><EFBFBD>߳<EFBFBD>ʧ<EFBFBD>ܣ<EFBFBD><EFBFBD><EFBFBD>%d", GetLastError());
+		CloseHandle(hProcess);
+		return false;
+	}
+	// 8.<2E>ȴ<EFBFBD><C8B4>߳̽<DFB3><CCBD><EFBFBD>
+	DWORD reason = WaitForSingleObject(hRemoteThread, INFINITE);
+	/*if (reason == WAIT_TIMEOUT)
+	{
+		if (string name = getProcNameByHandle(hProcess); !name.empty())
+			Log(LogLevel::LOG_WARN, __LINE__, "WaitForRemoteThreadExit TIMEOUT(2s), Process May Be Suspend: %s", name.c_str());
+		else
+			Log(LogLevel::LOG_WARN, __LINE__, "WaitForRemoteThreadExit TIMEOUT(2s), Process May Be Suspend: %d", GetProcessId(hProcess));
+	}*/
+	// 9.<2E><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+	VirtualFreeEx(hProcess, lpPathAddr, 0, MEM_RELEASE); //MEM_RELEASE
+	CloseHandle(hRemoteThread);
+	CloseHandle(hProcess);
+	FreeLibrary(hNtdll);
+	return true;
+}
+
+//bool HookCurWindow(const std::wstring& dllPath)
+//{
+//	Log(LogLevel::LOG_INFO, __LINE__, ">>>>>>>>>>>>>>>>HOOK CURRENT WINDOWS<<<<<<<<<<<<<<<<");
+//	std::wstring DllPath{ getFullFilePath(dllPath) };
+//	COND_LOG_RET(!DllPath.empty(), __LINE__, "DllPath.empty(): %d", GetLastError(), false);
+//
+//	unordered_map<DWORD, ProcessInfo> processInfoMap = getProcessInfo();
+//	for (auto i : processInfoMap)
+//	{
+//		Log(LogLevel::LOG_INFO, __LINE__, "Ready To Inject: %s", i.second.name.c_str());
+//		if (i.second.isSuspend)
+//		{
+//			Log(LogLevel::LOG_WARN, __LINE__, "This is a suspend process: %s", i.second.name.c_str());
+//			continue;
+//		}
+//		// 1.<2E><><EFBFBD><EFBFBD>Ŀ<EFBFBD><C4BF><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD>ø߼<C3B8><DFBC><EFBFBD>OpenProcess API, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>CSRSS<53><53><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+//		HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, i.first);
+//		if (hProcess) {
+//			BOOL procIs32bit;
+//			/*64-bit process on 64-bit Windows : FALSE
+//			32-bit process on 64-bit Windows : TRUE
+//			32-bit process on 32-bit Windows : FALSE*/
+//			if (IsWow64Process(hProcess, &procIs32bit)) {
+//#ifdef _WIN64
+//				if (!procIs32bit && is64BitOS) {
+//					if (ZwCreateThreadExInjectDll(hProcess, DllPath.c_str())) {
+//						Log(LogLevel::LOG_INFO, __LINE__, "Hook Window Success: %s", i.second.name.c_str());
+//					}
+//					else {
+//						Log(LogLevel::LOG_WARN, __LINE__, "Hook Window Failed: %s", i.second.name.c_str());
+//					}
+//				}
+//				else {
+//					Log(LogLevel::LOG_WARN, __LINE__, "It's a 32 app: %s", i.second.name.c_str());
+//				}
+//#else
+//				if (procIs32bit || (!procIs32bit && !is64BitOS)) {
+//					if (ZwCreateThreadExInjectDll(hProcess, DllPath.c_str())) {
+//						Log(LogLevel::LOG_INFO, __LINE__, "Hook Window Success: %s", i.second.name.c_str());
+//					}
+//					else {
+//						Log(LogLevel::LOG_WARN, __LINE__, "Hook Window Failed: %s", i.second.name.c_str());
+//					}
+//				}
+//				else {
+//					Log(LogLevel::LOG_WARN, __LINE__, "It's a 64 app: %s", i.second.name.c_str());
+//				}
+//#endif
+//			}
+//			else {
+//				Log(LogLevel::LOG_ERROR, __LINE__, "<22>ж<EFBFBD>Ŀ<EFBFBD><C4BF><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ƿ<EFBFBD><C7B7><EFBFBD>64λϵͳ<CFB5>е<EFBFBD>32λ<32><CEBB><EFBFBD><EFBFBD>ʧ<EFBFBD><CAA7>: %d", GetLastError());
+//				continue;
+//			}
+//		}
+//		else {
+//			Log(LogLevel::LOG_WARN, __LINE__, "<22><><EFBFBD><EFBFBD>Ŀ<EFBFBD><C4BF><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: %s, ʧ<><CAA7>: %d", i.second.name.c_str(), GetLastError());
+//			continue;
+//		}
+//	}
+//	Log(LogLevel::LOG_INFO, __LINE__, ">>>>>>>>>>>>>>>>HOOK CURRENT WINDOW END<<<<<<<<<<<<<<<<<<");
+//	return true;
+//}
+
+bool HookCurWindow(const std::wstring& dllPath)
+{
+	Log(LogLevel::LOG_INFO, __LINE__, ">>>>>>>>>>>>>>>>HOOK CURRENT WINDOWS<<<<<<<<<<<<<<<<");
+	std::wstring DllPath{ getFullFilePath(dllPath) };
+	COND_LOG_RET(!DllPath.empty(), __LINE__, "DllPath.empty(): %d", GetLastError(), false);
+	
+	unordered_map<DWORD, string> suspendProc = getSuspendProcess();
+	for (auto i : suspendProc)
+	{
+		Log(LogLevel::LOG_INFO, __LINE__, "suspend process: %s", i.second.c_str());
+	}
+	unordered_map<DWORD, char> tryHookedProc;//<2F><><EFBFBD><EFBFBD>ע<EFBFBD><D7A2><EFBFBD><EFBFBD><EFBFBD><EFBFBD>PID
+	vector<string> goodHookedProc;//<2F><><EFBFBD>ɹ<EFBFBD>hook<6F>Ľ<EFBFBD><C4BD><EFBFBD><EFBFBD><EFBFBD>
+	HWND windowHandle = NULL;
+	do {
+		windowHandle = FindWindowEx(NULL, windowHandle, NULL, NULL);
+		DWORD dwPid;
+		if (GetWindowThreadProcessId(windowHandle, &dwPid)) {
+			if (tryHookedProc.find(dwPid) == tryHookedProc.end()) {
+				tryHookedProc[dwPid] = 1;
+				
+				if (suspendProc.find(dwPid) != suspendProc.end())
+				{
+					Log(LogLevel::LOG_WARN, __LINE__, "This is a suspend process: %s", suspendProc[dwPid].c_str());
+					continue;
+				}
+				// 0.<2E><>Ȩ
+				// 1.<2E><><EFBFBD><EFBFBD>Ŀ<EFBFBD><C4BF><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20>ø߼<C3B8><DFBC><EFBFBD>OpenProcess API
+				HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwPid);
+				if (hProcess) {
+					string exeName = getProcNameByHandle(hProcess);
+					exeName = (!exeName.empty() ? exeName : "Unknow ProcName");
+					
+					BOOL procIs32bit;
+					/*64-bit process on 64-bit Windows : FALSE
+					32-bit process on 64-bit Windows : TRUE
+					32-bit process on 32-bit Windows : FALSE*/
+					if (IsWow64Process(hProcess, &procIs32bit)) {
+#ifdef _WIN64
+						if (!procIs32bit && is64BitOS) {
+							if (ZwCreateThreadExInjectDll(hProcess, DllPath.c_str())) {
+								Log(LogLevel::LOG_INFO, __LINE__, "Hook Window For: %s", exeName.c_str());
+								goodHookedProc.push_back(exeName);
+							}
+							else
+								Log(LogLevel::LOG_WARN, __LINE__, "Hook Window Failed: %s", exeName.c_str());
+						}
+						else {
+							Log(LogLevel::LOG_WARN, __LINE__, "It's a 32 app: %s", exeName.c_str());
+						}
+#else
+						if (procIs32bit || (!procIs32bit && !is64BitOS)) {
+							Log(LogLevel::LOG_INFO, __LINE__, "ready inject: %s", exeName.c_str());
+							if (ZwCreateThreadExInjectDll(hProcess, DllPath.c_str())) {
+								Log(LogLevel::LOG_INFO, __LINE__, "Hook Window For: %s", exeName.c_str());
+								goodHookedProc.push_back(exeName);
+							}
+							else
+								Log(LogLevel::LOG_WARN, __LINE__, "Hook Window Failed: %s", exeName.c_str());
+						}
+						else {
+							Log(LogLevel::LOG_WARN, __LINE__, "It's a 64 app: %s", exeName.c_str());
+						}
+#endif
+						
+					}
+					else {
+						Log(LogLevel::LOG_ERROR, __LINE__, "<EFBFBD>ж<EFBFBD>Ŀ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ƿ<EFBFBD><EFBFBD><EFBFBD>64λϵͳ<EFBFBD>е<EFBFBD>32λ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʧ<EFBFBD><EFBFBD>: %d", GetLastError());
+						continue;
+					}
+				}
+				else {
+					Log(LogLevel::LOG_WARN, __LINE__, "<EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ŀ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: %d, ʧ<><CAA7>: %d", dwPid, GetLastError());
+					continue;
+				}
+			}
+			else {
+				//cout << "<22><>ע<EFBFBD><D7A2><EFBFBD><EFBFBD>" << endl;
+				continue;
+			}
+		}
+		else {
+			Log(LogLevel::LOG_WARN, __LINE__, "GetWindowThreadProcessId Error<6F><72>%d, HWND: %x", GetLastError(), windowHandle);
+		}
+	} while (windowHandle);
+	//Summary
+	Log(LogLevel::LOG_INFO, __LINE__, ">>>>>>>>>>>>>>>>HOOK CURRENT WINDOW END<<<<<<<<<<<<<<<<<<");
+	Log(LogLevel::LOG_INFO, __LINE__, "Summary:");
+	for (auto& i : goodHookedProc)
+	{
+		Log(LogLevel::LOG_INFO, __LINE__, i.c_str());
+	}
+	return true;
+}
--- a/AntiScreenCap/hook_current.h
+++ b/AntiScreenCap/hook_current.h
@@ -0,0 +1,7 @@
+#pragma once
+#include <Windows.h>
+#include <string>
+
+bool Is64BitOS();
+bool ZwCreateThreadExInjectDll(HANDLE hProcess, const wchar_t* pszDllFileName);
+bool HookCurWindow(const std::wstring& dllPath);
--- a/AntiScreenCap/main.cpp
+++ b/AntiScreenCap/main.cpp
@@ -0,0 +1,438 @@
+#define _CRT_SECURE_NO_WARNINGS
+
+#include "hook_current.h"
+#include "main.h"
+#include <windows.h>
+#include <tchar.h>
+#include <iostream>
+#include <string>
+#include <Shlwapi.h>
+#pragma comment(lib,"shlwapi.lib")
+using namespace std;
+
+typedef BOOL(WINAPI* pfnSetHook) (BOOL);
+pfnSetHook SetHook = NULL;
+
+const int FILEMAP_BUF = 64;
+const int LOG_SIZE = 512;
+
+//for ipc
+char* pBuf;
+HANDLE hServerEvent, hClientEvent, hFileMap;
+//for save console origin color
+WORD wOldColorAttrs;
+
+
+#ifdef _WIN64
+const std::wstring hideDllName{ L"Hide.dll" };
+const std::wstring unhideDllName{ L"Unhide.dll" };
+const std::wstring RtlHideDllName{L"RtlHide.dll"};
+#else
+const std::wstring hideDllName{ L"Hide32.dll" };
+const std::wstring unhideDllName{ L"Unhide32.dll" };
+const std::wstring RtlHideDllName{ L"RtlHide32.dll" };
+#endif
+
+//添加MessageBoxTimeout支持
+typedef int (WINAPI *MessageBoxTimeoutA)(IN HWND hWnd, IN LPCSTR lpText, IN LPCSTR lpCaption, IN UINT uType, IN WORD wLanguageId, IN DWORD dwMilliseconds);
+typedef int (WINAPI *MessageBoxTimeoutW)(IN HWND hWnd, IN LPCWSTR lpText, IN LPCWSTR lpCaption, IN UINT uType, IN WORD wLanguageId, IN DWORD dwMilliseconds);
+
+HMODULE hUser32 = LoadLibraryA("user32.dll");
+#ifdef UNICODE
+#define MessageBoxTimeout ((MessageBoxTimeoutW)(GetProcAddress(hUser32, "MessageBoxTimeoutW")))
+#else
+#define MessageBoxTimeout ((MessageBoxTimeoutA)(GetProcAddress(hUser32, "MessageBoxTimeoutA")))
+#endif
+
+BOOL WINAPI ConsoleHandler(DWORD CEvent)
+{
+    switch (CEvent)
+    {
+    case CTRL_CLOSE_EVENT://close消息有限时机制
+        HookRtlWindow(false);
+        MessageBoxTimeout(NULL, L"关闭实时窗口注入", L"step 1", MB_OK, 0, 1000);//MessageBox(NULL, L"关闭实时窗口注入", L"step 1", MB_OK);
+        Sleep(1500);
+        HookCurWindow(unhideDllName);
+        MessageBox(NULL, L"还原当前所有窗口", L"step 2", MB_OK);//MessageBoxTimeout(NULL, L"还原当前所有窗口", L"step 2", MB_OK, 0, 1500);
+        break;
+    case CTRL_C_EVENT:
+        ShowWindow(GetConsoleWindow(), SW_HIDE);
+        break; 
+    case CTRL_BREAK_EVENT:
+    case CTRL_LOGOFF_EVENT:
+    case CTRL_SHUTDOWN_EVENT: 
+    default:
+        return FALSE;
+    }
+    return TRUE;
+}
+
+bool SetPrivilege()
+{
+    HANDLE hToken;
+    TOKEN_PRIVILEGES NewState;
+    LUID luidPrivilegeLUID;
+    if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken) || !LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &luidPrivilegeLUID))
+    {
+        Log(LogLevel::LOG_WARN, __LINE__, "SetPrivilege Error: %d", GetLastError());
+        return false;
+    }
+    NewState.PrivilegeCount = 1;
+    NewState.Privileges[0].Luid = luidPrivilegeLUID;
+    NewState.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
+    if (!AdjustTokenPrivileges(hToken, FALSE, &NewState, NULL, NULL, NULL))
+    {
+        Log(LogLevel::LOG_WARN, __LINE__, "AdjustTokenPrivilege Error: %d", GetLastError());
+        return false;
+    }
+    return true;
+}
+
+bool initFoundSet()
+{
+    SetPrivilege();
+
+    CONSOLE_SCREEN_BUFFER_INFO csbiInfo;
+    HANDLE hStd = GetStdHandle(STD_OUTPUT_HANDLE);
+    HANDLE_LOG_RET(hStd, __LINE__, "GetStdHandle: %x", hStd, false);
+    COND_LOG_RET(GetConsoleScreenBufferInfo(hStd, &csbiInfo), __LINE__, "GetConsoleScreenBufferInfo: %x", csbiInfo.wAttributes, false);
+    wOldColorAttrs = csbiInfo.wAttributes;
+
+    COND_LOG_RET(SetConsoleCtrlHandler((PHANDLER_ROUTINE)ConsoleHandler, TRUE), __LINE__, "SetConsoleCtrlHandler: %x", ConsoleHandler, false);
+    return true;
+}
+
+void SetConsoleColor(WORD wAttributes)
+{
+    HANDLE hCon = GetStdHandle(STD_OUTPUT_HANDLE); //获取缓冲区句柄
+    if (wAttributes == 0)
+        SetConsoleTextAttribute(hCon, wOldColorAttrs);
+    else
+        SetConsoleTextAttribute(hCon, wAttributes); 
+}
+
+void Log(LogLevel level, int line, const char* format, ...)
+{
+    char msg[LOG_SIZE] = {0};
+
+    va_list ap;
+    int ret = -1;
+    va_start(ap, format);
+    ret = vsprintf(msg, format, ap);
+    va_end(ap);
+
+    switch (level)
+    {
+    case LogLevel::LOG_INFO:
+        cout << msg << endl;
+        break;
+    case LogLevel::LOG_WARN:
+        SetConsoleColor(FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_INTENSITY);
+        cout << "[Line " << line << "]  " << msg << endl;
+        SetConsoleColor(0);
+        break;
+    case LogLevel::LOG_ERROR:
+        SetConsoleColor(FOREGROUND_RED | FOREGROUND_INTENSITY);
+        cout << "[Line " << line << "]  " << msg << endl;
+        SetConsoleColor(0);
+        break;
+    
+    default:
+        SetConsoleColor(FOREGROUND_BLUE | FOREGROUND_INTENSITY);
+        cout << "No this LOG_LEVEL" << endl;
+        SetConsoleColor(0);
+        break;
+    }
+}
+
+//bool Exec(const wstring& fullPath, const wstring& param, DWORD dwMilliseconds)
+//{
+//    SHELLEXECUTEINFO ShExecInfo = { 0 };
+//    {
+//        ShExecInfo.fMask = SEE_MASK_NOCLOSEPROCESS | SEE_MASK_FLAG_NO_UI | SEE_MASK_NO_CONSOLE;
+//        ShExecInfo.cbSize = sizeof(SHELLEXECUTEINFO);							//结构大小
+//        ShExecInfo.lpVerb = _T("runas");										//指定该函数的执行动作，以管理员方式运行
+//        ShExecInfo.nShow = SW_HIDE;												//隐藏窗口
+//        ShExecInfo.lpFile = fullPath.c_str();											//卸载程序路径
+//        ShExecInfo.lpParameters = param.c_str();										//卸载程序参数
+//    }
+//    if (ShellExecuteEx(&ShExecInfo))
+//    {
+//        if (ShExecInfo.hProcess)
+//        {
+//            switch (WaitForSingleObject(ShExecInfo.hProcess, dwMilliseconds))
+//            {
+//            case WAIT_OBJECT_0:		//The state of the specified object is signaled.
+//                LogW(LogLevel::LOG_INFO, __LINE__, L"执行程序%s成功", fullPath);
+//                return true;
+//            case WAIT_TIMEOUT:		//The time-out interval elapsed, and the object's state is nonsignaled.
+//                LogW(LogLevel::LOG_ERROR, __LINE__, L"执行程序%s超时", fullPath);
+//                break;
+//            case WAIT_FAILED:		//Waiting on an invalid handle causes WaitForSingleObject to return WAIT_FAILED.
+//                LogW(LogLevel::LOG_ERROR, __LINE__, L"执行程序%s错误: %d", fullPath, GetLastError());
+//                break;
+//            }
+//        }
+//        else
+//        {
+//            LogW(LogLevel::LOG_ERROR, __LINE__, L"执行程序%s句柄异常: %d", fullPath, GetLastError());
+//        }
+//    }
+//    else
+//    {
+//        LogW(LogLevel::LOG_ERROR, __LINE__, L"执行程序%s失败: %d", fullPath, GetLastError());
+//    }
+//    return false;
+//}
+
+bool FileExists(std::wstring& filePath)
+{
+    DWORD dwAttrib = GetFileAttributes(filePath.c_str());
+    return (dwAttrib != INVALID_FILE_ATTRIBUTES &&
+        !(dwAttrib & FILE_ATTRIBUTE_DIRECTORY));
+}
+
+std::wstring getFullFilePath(const std::wstring& filename) {
+    wchar_t fullPath[MAX_PATH] = {0};
+    GetModuleFileName(NULL, fullPath, MAX_PATH);
+    PathRemoveFileSpec(fullPath);
+    PathAppend(fullPath, filename.c_str());
+    std::wstring strFullPath{ fullPath };
+    COND_LOG_RET(FileExists(strFullPath), __LINE__, "FileExists: %S", strFullPath.c_str(), std::wstring{});
+    return strFullPath;
+};
+
+bool HookRtlWindow(bool hook)
+{
+    if (HMODULE RtlHideDll = LoadLibrary(RtlHideDllName.c_str()); RtlHideDll)
+    {
+#ifdef _WIN64
+        SetHook = (pfnSetHook)GetProcAddress(RtlHideDll, "SetHook");
+#else
+        SetHook = (pfnSetHook)GetProcAddress(RtlHideDll, "_SetHook@4");
+#endif
+        if (SetHook)
+        {
+            if (hook)
+            {
+                if (SetHook(TRUE))
+                {
+                    Log(LogLevel::LOG_INFO, __LINE__, "Set Hook Success");
+                    return true;
+                }
+                else
+                {
+                    Log(LogLevel::LOG_ERROR, __LINE__, "Set Hook Error. See More in DebugView");
+                }
+            }
+            else
+            {
+                if (SetHook(FALSE))
+                {
+                    Log(LogLevel::LOG_INFO, __LINE__, "Set Unhook Success");
+                    return true;
+                }
+                else
+                {
+                    Log(LogLevel::LOG_ERROR, __LINE__, "Set Unhook Error. See More in DebugView");
+                }
+            }
+            
+        }
+        else
+        {
+            Log(LogLevel::LOG_ERROR, __LINE__, "GetProcAddress SetHook Error: %d", GetLastError());
+        }
+    }
+    else
+    {
+        Log(LogLevel::LOG_ERROR, __LINE__, "LoadLibrary %S Error: %d", RtlHideDllName.c_str(), GetLastError());
+    }
+    return false;
+}
+
+struct HandleName
+{
+    HANDLE handle;
+    string name;
+};
+struct ShareMemory {
+    HANDLE hFileMap;
+    char* pShareBuf;
+    void clear() {
+        if (pShareBuf) UnmapViewOfFile(pShareBuf);
+        CloseHandle(hFileMap);
+    }
+};
+struct IPC {
+    IPC(string fullName, int bufSize = 32, DWORD ms = 5000) :
+        sFullExeName(fullName), iBufSize(bufSize), dwMilliseconds(ms) {}
+    void clear() {
+        fileMap.clear();
+        CloseHandle(serverEvent.handle);
+        CloseHandle(clientEvent.handle);
+    }
+    const string sFullExeName;
+    HandleName serverEvent, clientEvent;
+    //HandleName fileMap;
+    ShareMemory fileMap;
+    DWORD dwMilliseconds;
+    const int iBufSize;
+    string sCmd;
+};
+
+bool __SetEvent(HANDLE hEvent)
+{
+    return SetEvent(hEvent);
+}
+bool __SetEvent(const string& eventName)
+{
+    HANDLE hEvent = OpenEventA(SYNCHRONIZE, FALSE, eventName.c_str());
+    return hEvent && __SetEvent(hEvent);
+}
+bool __GetEvent(HANDLE hEvent, DWORD dwMilliseconds)
+{
+    switch (WaitForSingleObject(hEvent, dwMilliseconds))					//同步等待事件受信
+    {
+    case WAIT_OBJECT_0:		//The state of the specified object is signaled.
+        Log(LogLevel::LOG_INFO, __LINE__, "等待事件受信成功(lim:%dms): %x", dwMilliseconds, hEvent);
+        return true;
+    case WAIT_TIMEOUT:		//The time-out interval elapsed, and the object's state is nonsignaled.
+        Log(LogLevel::LOG_INFO, __LINE__, "等待事件受信超时(lim:%dms): %x", dwMilliseconds, hEvent);
+        return false;
+    case WAIT_FAILED:		//Waiting on an invalid handle causes WaitForSingleObject to return WAIT_FAILED.
+        Log(LogLevel::LOG_INFO, __LINE__, "等待事件受信失败: %d", GetLastError());
+        return false;
+    default:
+        break;
+    }
+    return false;
+}
+bool __GetEvent(const string& eventName, DWORD dwMilliseconds)
+{
+    HANDLE hEvent = OpenEventA(SYNCHRONIZE, FALSE, eventName.c_str());
+    return hEvent && __GetEvent(hEvent, dwMilliseconds);
+}
+
+HANDLE CreateGlobalEvent(string& eventName)
+{
+    SECURITY_ATTRIBUTES sa;
+    sa.bInheritHandle = FALSE;
+    sa.lpSecurityDescriptor = NULL;
+    sa.nLength = sizeof(sa);
+    if (eventName.find("Global\\") == eventName.npos)
+    {
+        eventName = "Global\\" + eventName;
+    }
+    return CreateEventA(&sa, FALSE, FALSE, eventName.c_str());
+}
+
+HANDLE CreateGlobalFileMap(string& fileMapName)
+{
+    if (fileMapName.find("Global\\") == fileMapName.npos)
+    {
+        fileMapName = "Global\\" + fileMapName;
+    }
+    return CreateFileMappingA(
+        INVALID_HANDLE_VALUE,   //物理文件句柄，设为INVALID_HANDLE_VALUE（无效句柄）以创建一个进程间共享的对象
+        NULL,				    //默认安全级别
+        PAGE_READWRITE,         //权限可读可写
+        0,						//高位文件大小
+        FILEMAP_BUF,			//低位文件大小
+        fileMapName.c_str()		//共享内存名
+    );
+}
+
+bool initIPCEnvironment()
+{
+    string baseName = to_string(GetCurrentProcessId());
+    string serverEventName = baseName + "-ServerEvent";
+    string clientEventName = baseName + "-ClientEvent";
+    string fileMapName = baseName + "-FileMap";
+    //服务端信号
+    hServerEvent = CreateGlobalEvent(serverEventName);
+    COND_LOG_RET(hServerEvent, __LINE__, "CreateGlobalEvent: %s", serverEventName.c_str(), 1);
+    //客户端信号
+    hClientEvent = CreateGlobalEvent(clientEventName);
+    COND_LOG_RET(hClientEvent, __LINE__, "CreateGlobalEvent: %s", clientEventName.c_str(), 1);
+
+    //1.创建共享文件句柄 hMapFile，CreateFileMapping()函数创建一个文件映射内核对象
+    hFileMap = CreateGlobalFileMap(fileMapName);
+    COND_LOG_RET(hFileMap, __LINE__, "CreateGlobalFileMap: %s", fileMapName.c_str(), 1);
+
+    //2.获取指向文件视图的指针 pBuf，MapViewOfFile()函数负责把文件数据映射到进程的地址空间
+    pBuf = (char*)MapViewOfFile(hFileMap, FILE_MAP_ALL_ACCESS, 0, 0, FILEMAP_BUF);
+    COND_LOG_RET(pBuf, __LINE__, "MapViewOfFile: %x", pBuf, 1);
+
+    /*strcpy_s(pBuf, FILEMAP_BUF, "hello");
+    COND_LOG_RET(SetEvent(hServerEvent), __LINE__, "SetEvent: %s", serverEventName.c_str(), 1);*/
+
+    return true;
+}
+
+int main()
+{
+    COND_LOG_RET(initFoundSet(), __LINE__, "initFoundSet()(ZeroSuccess): %d", GetLastError(), 1);
+
+    COND_LOG_RET(initIPCEnvironment(), __LINE__, "initIPCEnvironment()(ZeroSuccess): %d", GetLastError(), 1);
+    
+    COND_LOG_RET(HookCurWindow(hideDllName), __LINE__, "HookCurWindow(hideDllName)(ZeroSuccess): %d", GetLastError(), 1);
+
+    COND_LOG_RET(HookRtlWindow(true), __LINE__, "HookRtlWindow(true)(ZeroSuccess): %d", GetLastError(), 1);
+    
+    strcpy_s(pBuf, FILEMAP_BUF, "hello");
+    COND_LOG_RET(SetEvent(hServerEvent), __LINE__, "SetEvent: %x", hServerEvent, 1);
+
+    Log(LogLevel::LOG_INFO, __LINE__, "主线程开始监听与Service通信...");
+
+    while (1)
+    {
+        __GetEvent(hClientEvent, INFINITE);
+        if (pBuf)
+        {
+            Log(LogLevel::LOG_INFO, __LINE__, "收到控制信息: %s", pBuf);
+            if (string(pBuf) == "stop")
+            {
+                break;
+            }
+            else if (string(pBuf) == "debug")//显示本身控制台程序
+            {
+                ShowWindow(GetConsoleWindow(), SW_SHOWNA);
+                /*DWORD lasterror = GetLastError();
+                auto getLogDir = []() ->string {
+                    char dir[MAX_PATH];
+                    GetModuleFileNameA(NULL, dir, MAX_PATH);
+                    PathRemoveFileSpecA(dir);
+#ifdef _WIN64
+                    PathAppendA(dir, "log.txt");
+#else
+                    PathAppendA(dir, "log32.txt");
+#endif
+                    return string{ dir };
+                };
+                auto dir = getLogDir();
+                if (!dir.empty())
+                {
+                    FILE* fp = NULL;
+                    if ((fp = fopen(dir.c_str(), "a+")) != NULL)
+                    {
+                        fprintf(fp, "ShowWindow %x ret[%d]: %d\n", (DWORD)consoleWindow, lasterror, ret);
+                        fclose(fp);
+                    }
+                    
+                }*/
+                __SetEvent(hServerEvent);
+            }
+        }
+    }
+    COND_LOG_RET(HookRtlWindow(false), __LINE__, "HookRtlWindow(false)(ZeroSuccess): %d", GetLastError(), 1);
+    Sleep(1500);
+    COND_LOG_RET(HookCurWindow(unhideDllName), __LINE__, "HookCurWindow(unhideDllName)(ZeroSuccess): %d", GetLastError(), 1);
+    __SetEvent(hServerEvent);
+    //释放资源
+    CloseHandle(hServerEvent);
+    CloseHandle(hClientEvent);
+    if (pBuf) UnmapViewOfFile(pBuf);
+    CloseHandle(hFileMap);
+    return 0;
+}
--- a/AntiScreenCap/main.h
+++ b/AntiScreenCap/main.h
@@ -0,0 +1,66 @@
+#pragma once
+#include <iostream>
+#include <vector>
+#include <string>
+#include <Windows.h>
+#include <tlhelp32.h>
+using namespace std;
+enum class LogLevel
+{
+    LOG_INFO,
+    LOG_WARN,
+    LOG_ERROR,
+};
+
+
+void Log(LogLevel level, int line, const char* format, ...);
+//void LogW(LogLevel level, int line, const wchar_t* format, ...);
+
+#define COND_LOG_RET(cond, line, formatInfo, msgInfo, code)    \
+if (cond)Log(LogLevel::LOG_INFO, line, formatInfo, msgInfo);    \
+else{   \
+    Log(LogLevel::LOG_ERROR, line, (string(formatInfo) + ", Error: %d").c_str(), msgInfo, GetLastError());    \
+    return code;   \
+}
+
+#define HANDLE_LOG_RET(handle, line, formatInfo, msgInfo, code)    \
+if (handle != INVALID_HANDLE_VALUE && handle != NULL)Log(LogLevel::LOG_INFO, line, formatInfo, msgInfo);    \
+else{   \
+    Log(LogLevel::LOG_ERROR, line, (string(formatInfo) + ", Error: %d").c_str(), msgInfo, GetLastError());    \
+    return code;   \
+}
+
+bool FileExists(std::wstring& filePath);
+
+std::wstring getFullFilePath(const std::wstring& filename);
+
+bool HookRtlWindow(bool hook);
+
+//std::string getProcNameById(DWORD pid)
+//{
+//    PROCESSENTRY32 pe32;
+//    // <20><>ʹ<EFBFBD><CAB9><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ṹ֮ǰ<D6AE><C7B0><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ĵ<EFBFBD>С
+//    pe32.dwSize = sizeof(PROCESSENTRY32);
+//    // <20><>ϵͳ<CFB5>ڵ<EFBFBD><DAB5><EFBFBD><EFBFBD>н<EFBFBD><D0BD><EFBFBD><EFBFBD><EFBFBD>һ<EFBFBD><D2BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+//    HANDLE hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
+//    if (hProcessSnap == INVALID_HANDLE_VALUE)
+//    {
+//        Log(LogLevel::LOG_ERROR, __LINE__, "CreateToolhelp32Snapshot<6F><74><EFBFBD><EFBFBD>ʧ<EFBFBD>ܣ<EFBFBD>: %d", GetLastError());
+//        return std::string{};
+//    }
+//    // <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>̿<EFBFBD><CCBF>գ<EFBFBD><D5A3><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʾÿ<CABE><C3BF><EFBFBD><EFBFBD><EFBFBD>̵<EFBFBD><CCB5><EFBFBD>Ϣ
+//    BOOL bMore = Process32First(hProcessSnap, &pe32);
+//    while (bMore)
+//    {
+//        if (pe32.th32ProcessID == pid)
+//        {
+//            std::wstring exeName = std::wstring(pe32.szExeFile);
+//            CloseHandle(hProcessSnap);
+//            return std::string(exeName.begin(), exeName.end());
+//        }
+//        bMore = Process32Next(hProcessSnap, &pe32);
+//    }
+//    // <20><>Ҫ<EFBFBD><D2AA><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>snapshot<6F><74><EFBFBD><EFBFBD>
+//    CloseHandle(hProcessSnap);
+//    return std::string{};
+//}
--- a/Hide/Hide.vcxproj
+++ b/Hide/Hide.vcxproj
@@ -0,0 +1,172 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <VCProjectVersion>16.0</VCProjectVersion>
+    <Keyword>Win32Proj</Keyword>
+    <ProjectGuid>{f161a811-6cda-44da-8a9e-e463e92a4b80}</ProjectGuid>
+    <RootNamespace>Hide</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v142</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v142</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v142</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v142</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="Shared">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+    <TargetName>$(ProjectName)32</TargetName>
+    <OutDir>$(SolutionDir)$(PlatformTarget)\$(Configuration)\</OutDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;_DEBUG;HIDE_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
+    </ClCompile>
+    <Link>
+      <SubSystem>Windows</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableUAC>false</EnableUAC>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;NDEBUG;HIDE_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
+    </ClCompile>
+    <Link>
+      <SubSystem>Windows</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableUAC>false</EnableUAC>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>_DEBUG;HIDE_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
+    </ClCompile>
+    <Link>
+      <SubSystem>Windows</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableUAC>false</EnableUAC>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>NDEBUG;HIDE_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
+    </ClCompile>
+    <Link>
+      <SubSystem>Windows</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableUAC>false</EnableUAC>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClInclude Include="framework.h" />
+    <ClInclude Include="pch.h" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="dllmain.cpp" />
+    <ClCompile Include="pch.cpp">
+      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>
+      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
+      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Create</PrecompiledHeader>
+      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Create</PrecompiledHeader>
+    </ClCompile>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
--- a/Hide/Hide.vcxproj.filters
+++ b/Hide/Hide.vcxproj.filters
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="源文件">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="头文件">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions>
+    </Filter>
+    <Filter Include="资源文件">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="framework.h">
+      <Filter>头文件</Filter>
+    </ClInclude>
+    <ClInclude Include="pch.h">
+      <Filter>头文件</Filter>
+    </ClInclude>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="dllmain.cpp">
+      <Filter>源文件</Filter>
+    </ClCompile>
+    <ClCompile Include="pch.cpp">
+      <Filter>源文件</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
--- a/Hide/dllmain.cpp
+++ b/Hide/dllmain.cpp
@@ -0,0 +1,113 @@
+// dllmain.cpp : Defines the entry point for the DLL application.
+#include "pch.h"
+#include <Windows.h>
+#include <stdio.h>
+#include <iostream>
+#include <string>
+#include <Shlwapi.h>
+#pragma comment(lib,"shlwapi.lib")
+using namespace std;
+
+void OutputErrorString(const char* text, const char* file, int line)
+{
+	char msg[512] = {0};
+	sprintf(msg, "[%s:%d] %s:%d", file, line, text, GetLastError());
+	OutputDebugStringA(msg);
+}
+
+string getProcName()
+{
+	char szProcName[MAX_PATH] = {0};
+	if (GetModuleFileNameA(NULL, szProcName, MAX_PATH))
+	{
+		PathStripPathA(szProcName);
+		return szProcName;
+	}
+	else
+	{
+		OutputErrorString("GetModuleFileNameA failed", __FILE__, __LINE__);
+	}
+	return string{"false"};
+}
+string procName = getProcName();
+BOOL CALLBACK lpEnumFunc(HWND hwnd, LPARAM lParam)
+{
+	DWORD  processId;
+	GetWindowThreadProcessId(hwnd, &processId);
+	if (processId == GetCurrentProcessId())
+	{
+		if ((GetWindowLong(hwnd, GWL_STYLE) & WS_VISIBLE) == WS_VISIBLE && SetWindowDisplayAffinity(hwnd, WDA_MONITOR))
+		{
+			//获取窗口标题
+			char title[MAX_PATH] = { 0 };
+			GetWindowTextA(hwnd, title, MAX_PATH);
+
+			//判断最小化
+			RECT rect;
+			bool haveRect = false, isMinimized = false;
+			if (GetClientRect(hwnd, &rect))
+			{
+				haveRect = (rect.right - rect.left > 0) && (rect.bottom - rect.top > 0);
+				isMinimized = !haveRect;
+			}
+
+			//summary
+			char summary[512] = { 0 };
+			sprintf(summary, "进程名:%s, 窗口句柄:%x, 标题:%s, 最小化:%d, 状态:显示", procName.c_str(), (DWORD)hwnd, title, isMinimized);//bool isMinimized不能转成%s
+			OutputDebugStringA(summary);
+		}
+	}
+	return TRUE;
+}
+
+void setDAForWindows() {
+	string procName = getProcName();
+
+	HWND windowHandle = NULL;
+	do {
+		windowHandle = FindWindowEx(NULL, windowHandle, NULL, NULL);
+		if ((GetWindowLong(windowHandle, GWL_STYLE) & WS_VISIBLE) == WS_VISIBLE && SetWindowDisplayAffinity(windowHandle, WDA_MONITOR))
+		{
+			//获取窗口标题
+			char title[MAX_PATH] = { 0 };
+			GetWindowTextA(windowHandle, title, MAX_PATH);
+
+			//判断最小化
+			RECT rect;
+			bool haveRect = false, isMinimized = false;
+			if (GetClientRect(windowHandle, &rect))
+			{
+				haveRect = (rect.right - rect.left > 0) && (rect.bottom - rect.top > 0);
+				isMinimized = !haveRect;
+			}
+
+			//summary
+			char summary[512] = { 0 };
+			sprintf(summary, "进程名:%s, 窗口句柄:%x, 标题:%s, 最小化:%d, 状态:隐藏", procName.c_str(), windowHandle, title, isMinimized);//bool isMinimized不能转成%s
+			OutputDebugStringA(summary);
+		}
+
+	} while (windowHandle);
+}
+
+BOOL APIENTRY DllMain( HMODULE hModule,
+                       DWORD  ul_reason_for_call,
+                       LPVOID lpReserved
+                     )
+{
+	switch (ul_reason_for_call)
+	{
+	case DLL_PROCESS_ATTACH:
+		OutputDebugStringA(("----------------Enter " + getProcName() + " ----------------").c_str());
+		setDAForWindows();
+		//EnumWindows(lpEnumFunc, NULL);
+		break;
+	case DLL_THREAD_ATTACH:
+	case DLL_THREAD_DETACH:
+	case DLL_PROCESS_DETACH:
+		OutputDebugStringA(("----------------Leave " + getProcName() + " ----------------").c_str());
+		break;
+	}
+	return FALSE;
+}
+
--- a/Hide/framework.h
+++ b/Hide/framework.h
@@ -0,0 +1,5 @@
+#pragma once
+
+#define WIN32_LEAN_AND_MEAN             // 从 Windows 头文件中排除极少使用的内容
+// Windows 头文件
+#include <windows.h>
--- a/Hide/pch.cpp
+++ b/Hide/pch.cpp
@@ -0,0 +1,5 @@
+// pch.cpp: 与预编译标头对应的源文件
+
+#include "pch.h"
+
+// 当使用预编译的头时，需要使用此源文件，编译才能成功。
--- a/Hide/pch.h
+++ b/Hide/pch.h
@@ -0,0 +1,13 @@
+// pch.h: 这是预编译标头文件。
+// 下方列出的文件仅编译一次，提高了将来生成的生成性能。
+// 这还将影响 IntelliSense 性能，包括代码完成和许多代码浏览功能。
+// 但是，如果此处列出的文件中的任何一个在生成之间有更新，它们全部都将被重新编译。
+// 请勿在此处添加要频繁更新的文件，这将使得性能优势无效。
+
+#ifndef PCH_H
+#define PCH_H
+#define _CRT_SECURE_NO_WARNINGS
+// 添加要在此处预编译的标头
+#include "framework.h"
+
+#endif //PCH_H
--- a/RtlHook/RtlHook.vcxproj
+++ b/RtlHook/RtlHook.vcxproj
@@ -0,0 +1,174 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <VCProjectVersion>16.0</VCProjectVersion>
+    <Keyword>Win32Proj</Keyword>
+    <ProjectGuid>{e91231dc-e9cf-4e12-b0e4-a0c63f7a7e69}</ProjectGuid>
+    <RootNamespace>RtlHook</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
+    <ProjectName>RtlHide</ProjectName>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v142</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v142</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v142</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v142</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="Shared">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+    <TargetName>$(ProjectName)32</TargetName>
+    <OutDir>$(SolutionDir)$(PlatformTarget)\$(Configuration)\</OutDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;_DEBUG;RTLHOOK_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
+    </ClCompile>
+    <Link>
+      <SubSystem>Windows</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableUAC>false</EnableUAC>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;NDEBUG;RTLHOOK_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
+    </ClCompile>
+    <Link>
+      <SubSystem>Windows</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableUAC>false</EnableUAC>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>_DEBUG;RTLHOOK_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
+    </ClCompile>
+    <Link>
+      <SubSystem>Windows</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableUAC>false</EnableUAC>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>NDEBUG;RTLHOOK_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
+    </ClCompile>
+    <Link>
+      <SubSystem>Windows</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableUAC>false</EnableUAC>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClInclude Include="dllmain.h" />
+    <ClInclude Include="framework.h" />
+    <ClInclude Include="pch.h" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="dllmain.cpp" />
+    <ClCompile Include="pch.cpp">
+      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>
+      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
+      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Create</PrecompiledHeader>
+      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Create</PrecompiledHeader>
+    </ClCompile>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
--- a/RtlHook/RtlHook.vcxproj.filters
+++ b/RtlHook/RtlHook.vcxproj.filters
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="源文件">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="头文件">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions>
+    </Filter>
+    <Filter Include="资源文件">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="framework.h">
+      <Filter>头文件</Filter>
+    </ClInclude>
+    <ClInclude Include="pch.h">
+      <Filter>头文件</Filter>
+    </ClInclude>
+    <ClInclude Include="dllmain.h">
+      <Filter>头文件</Filter>
+    </ClInclude>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="dllmain.cpp">
+      <Filter>源文件</Filter>
+    </ClCompile>
+    <ClCompile Include="pch.cpp">
+      <Filter>源文件</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
--- a/RtlHook/dllmain.cpp
+++ b/RtlHook/dllmain.cpp
@@ -0,0 +1,135 @@
+#include "pch.h"
+#include "dllmain.h"
+#include <iostream>
+#include <string>
+#include <unordered_map>
+#include <Shlwapi.h>
+#pragma comment(lib,"shlwapi.lib")
+using namespace std;
+
+void OutputErrorString(const char* text, const char* file, int line)
+{
+    char msg[512] = { 0 };
+    sprintf(msg, "[%s:%d] %s:%d", file, line, text, GetLastError());
+    OutputDebugStringA(msg);
+}
+
+string getProcName()
+{
+    char szProcName[MAX_PATH] = { 0 };
+    if (GetModuleFileNameA(NULL, szProcName, MAX_PATH))
+    {
+        PathStripPathA(szProcName);
+        return szProcName;
+    }
+    else
+    {
+        OutputErrorString("GetModuleFileNameA failed", __FILE__, __LINE__);
+    }
+    return string{ "false" };
+}
+
+string procName = getProcName();
+
+unordered_map<HWND, char> hastryHookedProc;
+
+LRESULT CALLBACK HookProc(int nCode, WPARAM wParam, LPARAM lParam)
+{
+    // 一般来说，所有运行的进程(有窗口过程的)都会加载这个钩子过程了
+    CWPSTRUCT* pCwp = reinterpret_cast<CWPSTRUCT*>(lParam);
+    switch (pCwp->message)
+    {
+    case WM_CREATE:
+    {
+        if (hastryHookedProc.find(pCwp->hwnd) == hastryHookedProc.end())
+        {
+            if (SetWindowDisplayAffinity(pCwp->hwnd, WDA_MONITOR))
+            {
+                char title[MAX_PATH] = { 0 };
+                GetWindowTextA(pCwp->hwnd, title, MAX_PATH);
+                char msg[512] = { 0 };
+                if (title[0] != '\0')
+                    sprintf(msg, "WM_CREATE[%s]:%s", procName.c_str(), title);
+                else
+                    sprintf(msg, "WM_CREATE[%s]:%s", procName.c_str(), "NoTitle");
+                OutputDebugStringA(msg);
+            }
+            hastryHookedProc[pCwp->hwnd] = 1;
+        }
+        break;
+    }
+    case WM_SHOWWINDOW:
+    {
+        if (hastryHookedProc.find(pCwp->hwnd) == hastryHookedProc.end())
+        {
+            if (SetWindowDisplayAffinity(pCwp->hwnd, WDA_MONITOR))
+            {
+                char title[MAX_PATH] = { 0 };
+                GetWindowTextA(pCwp->hwnd, title, MAX_PATH);
+                char msg[512] = { 0 };
+                if (title[0] != '\0')
+                    sprintf(msg, "WM_SHOWWINDOW[%s]:%s", procName.c_str(), title);
+                else
+                    sprintf(msg, "WM_SHOWWINDOW[%s]:%s", procName.c_str(), "NoTitle");
+                OutputDebugStringA(msg);
+            }
+            hastryHookedProc[pCwp->hwnd] = 1;
+        }
+        break;
+    }
+    /*case WM_CLOSE:
+    {
+        char title[MAX_PATH] = { 0 };
+        GetWindowTextA(pCwp->hwnd, title, MAX_PATH);
+        OutputDebugStringA((string(pname) + title + " close").c_str());
+        break;
+    }*/
+    
+    default:
+        break;
+    }
+    return CallNextHookEx(hHook, nCode, wParam, lParam);
+}
+
+EXPORT BOOL WINAPI SetHook(BOOL isInstall)
+{
+    if (isInstall)
+    {
+        hHook = SetWindowsHookEx(WH_CALLWNDPROC, HookProc, hInstance, 0);
+        if (hHook) OutputDebugStringA("SetWindowsHookEx Success");
+        return hHook != NULL;
+    }
+    else
+    {
+        if (UnhookWindowsHookEx(hHook))
+        {
+            OutputDebugStringA("UnhookWindowsHookEx Success");
+            hHook = NULL;
+            hInstance = NULL;
+            return TRUE;
+        }
+    }
+    return FALSE;
+}
+
+
+BOOL APIENTRY DllMain(HMODULE hModule,
+    DWORD  ul_reason_for_call,
+    LPVOID lpReserved
+)
+{
+    switch (ul_reason_for_call)
+    {
+    case DLL_PROCESS_ATTACH:
+        //OutputDebugStringA(("进入:" + procName).c_str());
+        hInstance = (HINSTANCE)hModule;
+        break;
+    case DLL_THREAD_ATTACH:
+    case DLL_THREAD_DETACH:
+    case DLL_PROCESS_DETACH:
+        //OutputDebugStringA(("离开:" + procName).c_str());
+        break;
+    }
+    return TRUE;
+}
+
--- a/RtlHook/dllmain.h
+++ b/RtlHook/dllmain.h
@@ -0,0 +1,11 @@
+#pragma once
+#include <windows.h>
+#define EXPORT extern "C" __declspec(dllexport)
+
+#pragma data_seg ("shared")
+HHOOK hHook = NULL;
+HINSTANCE hInstance = NULL;
+#pragma data_seg ()
+#pragma comment (linker, "/section:shared,rws")
+
+EXPORT BOOL WINAPI SetHook(BOOL isInstall);
--- a/RtlHook/framework.h
+++ b/RtlHook/framework.h
@@ -0,0 +1,5 @@
+#pragma once
+
+#define WIN32_LEAN_AND_MEAN             // 从 Windows 头文件中排除极少使用的内容
+// Windows 头文件
+#include <windows.h>
--- a/RtlHook/pch.cpp
+++ b/RtlHook/pch.cpp
@@ -0,0 +1,5 @@
+// pch.cpp: 与预编译标头对应的源文件
+
+#include "pch.h"
+
+// 当使用预编译的头时，需要使用此源文件，编译才能成功。
--- a/RtlHook/pch.h
+++ b/RtlHook/pch.h
@@ -0,0 +1,13 @@
+// pch.h: 这是预编译标头文件。
+// 下方列出的文件仅编译一次，提高了将来生成的生成性能。
+// 这还将影响 IntelliSense 性能，包括代码完成和许多代码浏览功能。
+// 但是，如果此处列出的文件中的任何一个在生成之间有更新，它们全部都将被重新编译。
+// 请勿在此处添加要频繁更新的文件，这将使得性能优势无效。
+
+#ifndef PCH_H
+#define PCH_H
+#define _CRT_SECURE_NO_WARNINGS
+// 添加要在此处预编译的标头
+#include "framework.h"
+
+#endif //PCH_H
--- a/UnHide/UnHide.vcxproj
+++ b/UnHide/UnHide.vcxproj
@@ -0,0 +1,171 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <VCProjectVersion>16.0</VCProjectVersion>
+    <Keyword>Win32Proj</Keyword>
+    <ProjectGuid>{3566d20b-6c53-4b3b-bc9c-a252486789d5}</ProjectGuid>
+    <RootNamespace>UnHide</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v142</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v142</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v142</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v142</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="Shared">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+    <TargetName>$(ProjectName)32</TargetName>
+    <OutDir>$(SolutionDir)$(PlatformTarget)\$(Configuration)\</OutDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;_DEBUG;UNHIDE_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
+    </ClCompile>
+    <Link>
+      <SubSystem>Windows</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableUAC>false</EnableUAC>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;NDEBUG;UNHIDE_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
+    </ClCompile>
+    <Link>
+      <SubSystem>Windows</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableUAC>false</EnableUAC>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>_DEBUG;UNHIDE_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
+    </ClCompile>
+    <Link>
+      <SubSystem>Windows</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableUAC>false</EnableUAC>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>NDEBUG;UNHIDE_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
+    </ClCompile>
+    <Link>
+      <SubSystem>Windows</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableUAC>false</EnableUAC>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClInclude Include="framework.h" />
+    <ClInclude Include="pch.h" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="dllmain.cpp" />
+    <ClCompile Include="pch.cpp">
+      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>
+      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
+      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Create</PrecompiledHeader>
+      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Create</PrecompiledHeader>
+    </ClCompile>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
--- a/UnHide/UnHide.vcxproj.filters
+++ b/UnHide/UnHide.vcxproj.filters
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="源文件">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="头文件">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions>
+    </Filter>
+    <Filter Include="资源文件">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="framework.h">
+      <Filter>头文件</Filter>
+    </ClInclude>
+    <ClInclude Include="pch.h">
+      <Filter>头文件</Filter>
+    </ClInclude>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="dllmain.cpp">
+      <Filter>源文件</Filter>
+    </ClCompile>
+    <ClCompile Include="pch.cpp">
+      <Filter>源文件</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
--- a/UnHide/dllmain.cpp
+++ b/UnHide/dllmain.cpp
@@ -0,0 +1,113 @@
+// dllmain.cpp : Defines the entry point for the DLL application.
+#include "pch.h"
+#include <Windows.h>
+#include <stdio.h>
+#include <iostream>
+#include <string>
+#include <Shlwapi.h>
+#pragma comment(lib,"shlwapi.lib")
+using namespace std;
+
+void OutputErrorString(const char* text, const char* file, int line)
+{
+	char msg[512] = { 0 };
+	sprintf(msg, "[%s:%d] %s:%d", file, line, text, GetLastError());
+	OutputDebugStringA(msg);
+}
+
+string getProcName()
+{
+	char szProcName[MAX_PATH] = { 0 };
+	if (GetModuleFileNameA(NULL, szProcName, MAX_PATH))
+	{
+		PathStripPathA(szProcName);
+		return szProcName;
+	}
+	else
+	{
+		OutputErrorString("GetModuleFileNameA failed", __FILE__, __LINE__);
+	}
+	return string{ "false" };
+}
+string procName = getProcName();
+BOOL CALLBACK lpEnumFunc(HWND hwnd, LPARAM lParam)
+{
+	DWORD  processId;
+	GetWindowThreadProcessId(hwnd, &processId);
+	if (processId == GetCurrentProcessId())
+	{
+		if ((GetWindowLong(hwnd, GWL_STYLE) & WS_VISIBLE) == WS_VISIBLE && SetWindowDisplayAffinity(hwnd, WDA_NONE))
+		{
+			//获取窗口标题
+			char title[MAX_PATH] = { 0 };
+			GetWindowTextA(hwnd, title, MAX_PATH);
+
+			//判断最小化
+			RECT rect;
+			bool haveRect = false, isMinimized = false;
+			if (GetClientRect(hwnd, &rect))
+			{
+				haveRect = (rect.right - rect.left > 0) && (rect.bottom - rect.top > 0);
+				isMinimized = !haveRect;
+			}
+
+			//summary
+			char summary[512] = { 0 };
+			sprintf(summary, "进程名:%s, 窗口句柄:%x, 标题:%s, 最小化:%d, 状态:显示", procName.c_str(), (DWORD)hwnd, title, isMinimized);//bool isMinimized不能转成%s
+			OutputDebugStringA(summary);
+		}
+	}
+	return TRUE;
+}
+
+void setDAForWindows() {
+	string procName = getProcName();
+
+	HWND windowHandle = NULL;
+	do {
+		windowHandle = FindWindowEx(NULL, windowHandle, NULL, NULL);
+		if ((GetWindowLong(windowHandle, GWL_STYLE) & WS_VISIBLE) == WS_VISIBLE && SetWindowDisplayAffinity(windowHandle, WDA_NONE))
+		{
+			//获取窗口标题
+			char title[MAX_PATH] = { 0 };
+			GetWindowTextA(windowHandle, title, MAX_PATH);
+
+			//判断最小化
+			RECT rect;
+			bool haveRect = false, isMinimized = false;
+			if (GetClientRect(windowHandle, &rect))
+			{
+				haveRect = (rect.right - rect.left > 0) && (rect.bottom - rect.top > 0);
+				isMinimized = !haveRect;
+			}
+		
+			//summary
+			char summary[512] = { 0 };
+			sprintf(summary, "进程名:%s, 窗口句柄:%x, 标题:%s, 最小化:%d, 状态:显示", procName.c_str(), windowHandle, title, isMinimized);//bool isMinimized不能转成%s
+			OutputDebugStringA(summary);
+		}
+
+	} while (windowHandle);
+}
+
+BOOL APIENTRY DllMain( HMODULE hModule,
+                       DWORD  ul_reason_for_call,
+                       LPVOID lpReserved
+                     )
+{
+	switch (ul_reason_for_call)
+	{
+	case DLL_PROCESS_ATTACH:
+		OutputDebugStringA(("----------------Enter " + getProcName() + " ----------------").c_str());
+		setDAForWindows();
+		//EnumWindows(lpEnumFunc, NULL);
+		break;
+	case DLL_THREAD_ATTACH:
+	case DLL_THREAD_DETACH:
+	case DLL_PROCESS_DETACH:
+		OutputDebugStringA(("----------------Leave " + getProcName() + " ----------------").c_str());
+		break;
+	}
+    return FALSE;
+}
+
--- a/UnHide/framework.h
+++ b/UnHide/framework.h
@@ -0,0 +1,5 @@
+#pragma once
+
+#define WIN32_LEAN_AND_MEAN             // 从 Windows 头文件中排除极少使用的内容
+// Windows 头文件
+#include <windows.h>
--- a/UnHide/pch.cpp
+++ b/UnHide/pch.cpp
@@ -0,0 +1,5 @@
+// pch.cpp: 与预编译标头对应的源文件
+
+#include "pch.h"
+
+// 当使用预编译的头时，需要使用此源文件，编译才能成功。
--- a/UnHide/pch.h
+++ b/UnHide/pch.h
@@ -0,0 +1,13 @@
+// pch.h: 这是预编译标头文件。
+// 下方列出的文件仅编译一次，提高了将来生成的生成性能。
+// 这还将影响 IntelliSense 性能，包括代码完成和许多代码浏览功能。
+// 但是，如果此处列出的文件中的任何一个在生成之间有更新，它们全部都将被重新编译。
+// 请勿在此处添加要频繁更新的文件，这将使得性能优势无效。
+
+#ifndef PCH_H
+#define PCH_H
+#define _CRT_SECURE_NO_WARNINGS
+// 添加要在此处预编译的标头
+#include "framework.h"
+
+#endif //PCH_H