Clear demo

src/analyzer/main.cpp

@@ -86,32 +86,42 @@ namespace
 			}
 		});
 
-		/*win_emu.add_syscall_hook([&]
+		win_emu.add_syscall_hook([&]
 		{
+			// Read syscall id and name
+
 			const auto syscall_id = win_emu.emu().reg(x64_register::eax);
 			const auto syscall_name = win_emu.dispatcher().get_syscall_name(syscall_id);
 
+
+			// Check if desired syscall
+
 			if (syscall_name != "NtQueryInformationProcess")
 			{
 				return instruction_hook_continuation::run_instruction;
 			}
 
+			// Check if image file name is read
+
 			const auto info_class = win_emu.emu().reg(x64_register::rdx);
 			if (info_class != ProcessImageFileNameWin32)
 			{
 				return instruction_hook_continuation::run_instruction;
 			}
 
+			// Patch result and feed expected filename
+
 			win_emu.logger.print(color::pink, "Patching NtQueryInformationProcess...\n");
 
 			const auto data = win_emu.emu().reg(x64_register::r8);
 
 			emulator_allocator data_allocator{win_emu.emu(), data, 0x100};
-			data_allocator.make_unicode_string(
-				L"C:\\Users\\mauri\\source\\repos\\lul\\x64\\Release\\lul.exe");
+			data_allocator.make_unicode_string(L"C:\\Users\\Maurice\\Desktop\\protected.exe");
+
 			win_emu.emu().reg(x64_register::rax, STATUS_SUCCESS);
+
 			return instruction_hook_continuation::skip_instruction;
-		});*/
+		});
 
 		run_emulation(win_emu);
 	}