#include <windows.h>
#include <iostream>
#include <winternl.h>
#include <tlhelp32.h>

typedef struct _PROCESS_BASIC_INFORMATION {
    ULONG Reserved;
    ULONG PebBaseAddress;
    ULONG AffinityMask;
    ULONG BasePriority;
    ULONG UniqueProcessId;
    ULONG InheritedFromUniqueProcessId;
} PROCESS_BASIC_INFORMATION;

typedef enum _PROCESSINFOCLASS {
    ProcessBasicInformation = 0
} PROCESSINFOCLASS;

typedef NTSTATUS(WINAPI* pNtQueryInformationProcess)(HANDLE, PROCESSINFOCLASS, PVOID, ULONG, PULONG);

// PID'ye göre işlemi bulmak
DWORD GetProcessIdByName(const std::wstring& processName) {
    PROCESSENTRY32 pe32;
    HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);

    if (hSnapshot == INVALID_HANDLE_VALUE) {
        return 0;
    }

    pe32.dwSize = sizeof(PROCESSENTRY32);

    if (Process32First(hSnapshot, &pe32)) {
        do {
            if (processName == pe32.szExeFile) {
                CloseHandle(hSnapshot);
                return pe32.th32ProcessID;
            }
        } while (Process32Next(hSnapshot, &pe32));
    }

    CloseHandle(hSnapshot);
    return 0; // Process bulunamadı
}

// Debugger flag'ını devre dışı bırakma
void DisableAntiDebuggerFlag(DWORD pid)
{
    HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
    if (hProcess == NULL) {
        std::cerr << "Process can't be opened." << std::endl;
        return;
    }

    HMODULE hNtDll = GetModuleHandle(L"ntdll.dll");
    pNtQueryInformationProcess NtQueryInformationProcess = (pNtQueryInformationProcess)GetProcAddress(hNtDll, "NtQueryInformationProcess");

    if (NtQueryInformationProcess)
    {
        PROCESS_BASIC_INFORMATION pbi;
        ULONG len;

        if (NT_SUCCESS(NtQueryInformationProcess(hProcess, ProcessBasicInformation, &pbi, sizeof(pbi), &len)))
        {
            // PEB base address
            DWORD_PTR* pPeb = (DWORD_PTR*)pbi.PebBaseAddress;
            if (pPeb)
            {
                // PEB içindeki "BeingDebugged" bayrağını sıfırlıyoruz
                *(BYTE*)(pPeb + 2) = 0;  // "BeingDebugged" bayrağını sıfırla
                std::cout << "Anti-debugger flag (BeingDebugged) disabled." << std::endl;
            }
        }
    }

    CloseHandle(hProcess);
}

int main()
{
    std::wcout << L"Debugging devre dışı bırakılacak işlemin adını veya PID'sini girin: ";
    std::wstring processName;
    std::getline(std::wcin, processName);

    // PID al
    DWORD pid = GetProcessIdByName(processName);
    if (pid == 0) {
        std::wcout << L"Process bulunamadı." << std::endl;
        return 1;
    }

    std::wcout << L"PID: " << pid << L" işlemine anti-debugger flag'ı devre dışı bırakılacak." << std::endl;

    // Anti-debugger flag'ını devre dışı bırak
    DisableAntiDebuggerFlag(pid);

    return 0;
}