From 0daef361a509b087fa9b6b7cd83de64a42f5d4aa Mon Sep 17 00:00:00 2001
From: momo5502 <mauriceheumann@gmail.com>
Date: Tue, 1 Oct 2024 11:43:53 +0200
Subject: [PATCH] Clear demo

---
 src/analyzer/main.cpp | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/src/analyzer/main.cpp b/src/analyzer/main.cpp
index a651b495..bbb56e02 100644
--- a/src/analyzer/main.cpp
+++ b/src/analyzer/main.cpp
@@ -86,32 +86,42 @@ namespace
 			}
 		});
 
-		/*win_emu.add_syscall_hook([&]
+		win_emu.add_syscall_hook([&]
 		{
+			// Read syscall id and name
+
 			const auto syscall_id = win_emu.emu().reg(x64_register::eax);
 			const auto syscall_name = win_emu.dispatcher().get_syscall_name(syscall_id);
 
+
+			// Check if desired syscall
+
 			if (syscall_name != "NtQueryInformationProcess")
 			{
 				return instruction_hook_continuation::run_instruction;
 			}
 
+			// Check if image file name is read
+
 			const auto info_class = win_emu.emu().reg(x64_register::rdx);
 			if (info_class != ProcessImageFileNameWin32)
 			{
 				return instruction_hook_continuation::run_instruction;
 			}
 
+			// Patch result and feed expected filename
+
 			win_emu.logger.print(color::pink, "Patching NtQueryInformationProcess...\n");
 
 			const auto data = win_emu.emu().reg(x64_register::r8);
 
 			emulator_allocator data_allocator{win_emu.emu(), data, 0x100};
-			data_allocator.make_unicode_string(
-				L"C:\\Users\\mauri\\source\\repos\\lul\\x64\\Release\\lul.exe");
+			data_allocator.make_unicode_string(L"C:\\Users\\Maurice\\Desktop\\protected.exe");
+
 			win_emu.emu().reg(x64_register::rax, STATUS_SUCCESS);
+
 			return instruction_hook_continuation::skip_instruction;
-		});*/
+		});
 
 		run_emulation(win_emu);
 	}