diff --git a/README.md b/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..41a698524fd9a7f4db9a3ed0dfb01b66f8431d7e
--- /dev/null
+++ b/README.md
@@ -0,0 +1 @@
+å¹²å•¥å•¥ä¸è¡Œ æ‘¸é±¼ç¬¬ä¸€å ä¸Šç­æ— èŠå†™è¿™çŽ©
\ No newline at end of file
diff --git a/SuperKernelHacking.sln b/SuperKernelHacking.sln
index 7e64dacdf6ff82ecd114d3013690a528622286b8..cb495c44602e6aa7a006c31eab97552d3efc847e 100644
--- a/SuperKernelHacking.sln
+++ b/SuperKernelHacking.sln
@@ -5,6 +5,8 @@ VisualStudioVersion = 15.0.28307.1800
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "SuperKernelHacking", "SuperKernelHacking\SuperKernelHacking.vcxproj", "{E16FE8D6-4E16-4B1D-BBAF-F6A032CF8846}"
 EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "SuperKernelHackingClentDemo", "SuperKernelHackingClentDemo\SuperKernelHackingClentDemo.vcxproj", "{B3E34474-8754-4D2D-A44D-C985B7D3CBF0}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|ARM = Debug|ARM
@@ -41,6 +43,18 @@ Global
 		{E16FE8D6-4E16-4B1D-BBAF-F6A032CF8846}.Release|x86.ActiveCfg = Release|Win32
 		{E16FE8D6-4E16-4B1D-BBAF-F6A032CF8846}.Release|x86.Build.0 = Release|Win32
 		{E16FE8D6-4E16-4B1D-BBAF-F6A032CF8846}.Release|x86.Deploy.0 = Release|Win32
+		{B3E34474-8754-4D2D-A44D-C985B7D3CBF0}.Debug|ARM.ActiveCfg = Debug|Win32
+		{B3E34474-8754-4D2D-A44D-C985B7D3CBF0}.Debug|ARM64.ActiveCfg = Debug|Win32
+		{B3E34474-8754-4D2D-A44D-C985B7D3CBF0}.Debug|x64.ActiveCfg = Debug|x64
+		{B3E34474-8754-4D2D-A44D-C985B7D3CBF0}.Debug|x64.Build.0 = Debug|x64
+		{B3E34474-8754-4D2D-A44D-C985B7D3CBF0}.Debug|x86.ActiveCfg = Debug|Win32
+		{B3E34474-8754-4D2D-A44D-C985B7D3CBF0}.Debug|x86.Build.0 = Debug|Win32
+		{B3E34474-8754-4D2D-A44D-C985B7D3CBF0}.Release|ARM.ActiveCfg = Release|Win32
+		{B3E34474-8754-4D2D-A44D-C985B7D3CBF0}.Release|ARM64.ActiveCfg = Release|Win32
+		{B3E34474-8754-4D2D-A44D-C985B7D3CBF0}.Release|x64.ActiveCfg = Release|x64
+		{B3E34474-8754-4D2D-A44D-C985B7D3CBF0}.Release|x64.Build.0 = Release|x64
+		{B3E34474-8754-4D2D-A44D-C985B7D3CBF0}.Release|x86.ActiveCfg = Release|Win32
+		{B3E34474-8754-4D2D-A44D-C985B7D3CBF0}.Release|x86.Build.0 = Release|Win32
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
diff --git a/SuperKernelHacking/DriverMaim.c b/SuperKernelHacking/DriverMaim.c
index b38064ff1743ab5f07ede6845b80e41dc6eee7e2..3a7e14529ae332629102cf47a99010a284eb2f39 100644
--- a/SuperKernelHacking/DriverMaim.c
+++ b/SuperKernelHacking/DriverMaim.c
@@ -2,6 +2,7 @@
 #include "EnumeProcess.h"
 #include "Log.h"
 
+KernelOffset g_OffsetData;
  
 
 
@@ -18,8 +19,29 @@ NTSTATUS  SkExtraDispatch(PDEVICE_OBJECT pDevObj, PIRP pIrp)
 	return STATUS_SUCCESS;
 }
 
+BOOLEAN SkIoGetProcessList(_Outptr_ PVOID Buffer)
+{
+	if (*(ULONG64 *)Buffer == 0)
+	{
+		return FALSE;
+	}
+
+	__try
+	{
+		ProbeForWrite((PVOID)(*(ULONG64 *)Buffer), sizeof(ULONG64), 1);
+		*(ULONG64 *)(*(ULONG64 *)Buffer) = (ULONG64)SkEnumeProcess();
+	}
+	__except (1)
+	{
+		return FALSE;
+	}
+
+	return TRUE;
+}
+
 NTSTATUS SkDispatch(PDEVICE_OBJECT pDevObj, PIRP pIrp)
 {
+ 
 	NTSTATUS Status = STATUS_SUCCESS;
 	PIO_STACK_LOCATION psl = IoGetCurrentIrpStackLocation(pIrp);
 	ULONG Code = psl->Parameters.DeviceIoControl.IoControlCode;
@@ -27,46 +49,63 @@ NTSTATUS SkDispatch(PDEVICE_OBJECT pDevObj, PIRP pIrp)
 
 	switch (Code)
 	{
-	case GET_PROCESS_LIST:
+	case GET_PROCESS_LIST:SkIoGetProcessList(Buffer); break;
+
+
+	}
+
+
+	pIrp->IoStatus.Status = STATUS_SUCCESS;
+	IoCompleteRequest(pIrp, IO_NO_INCREMENT);
+	return STATUS_SUCCESS;
+}
+
+NTSTATUS SkInitializationData(PKernelOffset Data)
+{
+	RTL_OSVERSIONINFOW Version = { 0 };
+	Version.dwOSVersionInfoSize = sizeof(Version);
+	RtlGetVersion(&Version);
+
+	if (Version.dwBuildNumber < 17134)
 	{
-		if (*(ULONG64 *)Buffer == 0)
-		{
-			break;
-		}
+		return STATUS_NOT_FOUND;
+	}
 
-		__try
-		{
-			*(ULONG64 *)(*(ULONG64 *)Buffer) = (ULONG64)SkEnumeProcess();
-		}
-		__except (1)
+	Data->SystemEprocess = IoGetCurrentProcess();
+	//KiProcessList
+	{
+		switch (Version.dwBuildNumber)
 		{
-			Status = STATUS_UNSUCCESSFUL;
-			goto $EXIT;
+
+		case 17134: Data->KiProcessList = 0x0240; break;
+		case 17763: Data->KiProcessList = 0x0240; break;
+		case 18362:Data->KiProcessList = 0x0248; break;
+		case 18363:Data->KiProcessList = 0x0248; break;
+		default:Data->KiProcessList = 0x350; break;
+
 		}
-		break;
 	}
 
 
-	default:
-		break;
-	}
 
-$EXIT:
-	pIrp->IoStatus.Information = psl->Parameters.DeviceIoControl.OutputBufferLength;
-	pIrp->IoStatus.Status = Status;
-	IoCompleteRequest(pIrp, IO_NO_INCREMENT);
 	return STATUS_SUCCESS;
-}
-
 
+}
+ 
 NTSTATUS DriverEntry(_In_ PDRIVER_OBJECT DriverObject, _In_ PUNICODE_STRING RegisterPath)
 {
 	PDEVICE_OBJECT  DeviceObject  = NULL;
 
 	NTSTATUS		Status = STATUS_SUCCESS;
 
+	Status = SkInitializationData(&g_OffsetData);
+	if (!NT_SUCCESS(Status)) {
+		return Status;
+	}
+
 	SkInitDispatch(DriverObject, SkDispatch, SkExtraDispatch);
 
+
 	Status = SKIoCreateDevice(DriverObject, &DeviceObject);
 	if (!NT_SUCCESS(Status)){
 		return Status;
@@ -79,6 +118,22 @@ NTSTATUS DriverEntry(_In_ PDRIVER_OBJECT DriverObject, _In_ PUNICODE_STRING Regi
 
  
 
+	//²âÊÔ²ÎÊý×¨ÓÃÀ¨ºÅ
+	{
+		/*
+		 PROCESS ffff9e09a337c080
+		 SessionId: 1  Cid: 03b0    Peb: 12e95bc000  ParentCid: 0224
+		 DirBase: 309a0000  ObjectTable: ffffb3838fc0b5c0  HandleCount: 701.
+		Image: dwm.exe
+		 ´ËÐÅÏ¢Îª1803ÐéÄâ»úµÄ
+		*/
+
+		KeAttachProcess((PEPROCESS)0Xffff9e09a337c080);
+		SkEnumeProcess();
+		KeDetachProcess();
+	}
+
+
 	DriverObject->DriverUnload = UnLoadDriver;
  
 	OUTDEBUGINFO("Ö´ÐÐÍê³É.Çý¶¯¼ÓÔØ³É¹¦");
diff --git a/SuperKernelHacking/EnumeProcess.c b/SuperKernelHacking/EnumeProcess.c
index ab2e7354a0f961d398fddc77f2d145d7dd92ac2b..d0c658ebe5e9f21965598f079eabd65af139ef4c 100644
--- a/SuperKernelHacking/EnumeProcess.c
+++ b/SuperKernelHacking/EnumeProcess.c
@@ -6,6 +6,21 @@
 
 #define FAKER_PROCESS_NAME 4
  
+
+/*
+ SkAllocProcessImageStringMemory:ÉêÇëÓÃÓÚ´æ·Å½ø³ÌÂ·¾¶£¬½ø³ÌÃûµÈÄÚ´æ
+*/
+PVOID SkAllocProcessImageStringMemory()
+{
+	return SkUserAllocExecuteMemory(PATH_MAX);
+}
+
+NTSTATUS SkFreeProcessImageStringMemory(PVOID Address)
+{
+	RtlZeroMemory(Address, PATH_MAX);
+	return SkFreeUserMemory(Address,PATH_MAX,(HANDLE)-1);
+}
+
 /*
   SkAddProcessChain:Ìí¼Ó½ø³ÌÁ´±í
   ²ÎÊý1:Á´±íÍ·
@@ -51,26 +66,116 @@ void SKFreeProcessChainNode(PSkProcessChain ProcessChainNode)
 	{
 		if (ProcessChainNode->ImageFileName)
 		{
+			SkFreeProcessImageStringMemory(ProcessChainNode->ImageFileName);
+		}
 
+		if (ProcessChainNode->ImageFilePath)
+		{
+			SkFreeProcessImageStringMemory(ProcessChainNode->ImageFilePath);
 		}
+
+		
+		SkFreeUserMemory(ProcessChainNode, sizeof(SkProcessChain), (HANDLE)-1);
+		ProcessChainNode = NULL;
 	}
 
 	return;
 }
 
+
 /*
- SkAllocProcessImageStringMemory:ÉêÇëÓÃÓÚ´æ·Å½ø³ÌÂ·¾¶£¬½ø³ÌÃûµÈÄÚ´æ
+  SkCheckProcessHide_0:Í¨¹ýZwQuerySystemInformationÀ´²éÕÒ½ø³Ì
 */
-PVOID SkAllocProcessImageStringMemory()
+ULONG64  SkCheckProcessHide_0(HANDLE ProcessId)
 {
-	return SkUserAllocExecuteMemory(PATH_MAX);
+	UNICODE_STRING		TagName = { 0 };
+
+	PVOID				pBuffer = NULL;
+
+	ULONG				buffer_size = 0;
+
+	NTSTATUS Status = ZwQuerySystemInformation(SystemProcessInformation, pBuffer, 0, &buffer_size);
+
+	while (Status == STATUS_INFO_LENGTH_MISMATCH)
+	{
+		if (pBuffer)
+		{
+			ExFreePoolWithTag(pBuffer, 0);
+		}
+
+		pBuffer = ExAllocatePool(NonPagedPool, buffer_size);
+
+		Status = ZwQuerySystemInformation(SystemProcessInformation, pBuffer, buffer_size, &buffer_size);
+	}
+
+	PSYSTEM_PROCESS_INFORMATION	ProcessInformation = (PSYSTEM_PROCESS_INFORMATION)pBuffer;
+
+	for (;;)
+	{
+		if (ProcessInformation->ProcessId == ProcessId)
+		{
+			ExFreePoolWithTag(pBuffer, 0);
+			return 0;
+		}
+
+		if (ProcessInformation->NextEntryOffset == 0)
+			break;
+
+		ProcessInformation = (PSYSTEM_PROCESS_INFORMATION)(((PUCHAR)ProcessInformation) + ProcessInformation->NextEntryOffset);
+	}
+
+	return 1;
 }
+
+
+/*
+  ±éÀúKiProcessListÈ¡EPROCESS
+  Eprocess->Kprcess->KiProcessList Õâ¸öÊÇPG±£´æµÄ½ø³ÌÁ´±í Ö±½Ó±éÀúÕâÀï µ±È»Ò»°ãÇé¿ö¶ÏÁ´ ÈË¼ÒÕâÀïÒ²¶ÏÁË
+  ÎªÁË´Õ´úÂë ¼ÒÉÏÈ¥
+  ²ÎÊý1:´ý²éÕÒµÄEPROCESS
+*/
+ULONG64  SkCheckProcessHide_1(PEPROCESS Eprocess)
+{
+	PEPROCESS  GurrentProcess = g_OffsetData.SystemEprocess;
+
+	PEPROCESS  TagEprocess = NULL;
+
+	PLIST_ENTRY KiProcessList = (PLIST_ENTRY)(((ULONG64)GurrentProcess + g_OffsetData.KiProcessList));
+
+	PLIST_ENTRY pNextLinks = KiProcessList;
+
+
+	do
+	{
+		if (MmIsAddressValid(pNextLinks) == FALSE || pNextLinks == NULL)
+		{
+			break;
+		}
+
+		TagEprocess = (PEPROCESS)((ULONG64)pNextLinks - g_OffsetData.KiProcessList);
+		if (TagEprocess == Eprocess)
+		{
+			return 0;
+		}
+
+
+		pNextLinks = pNextLinks->Flink;
+	} while (pNextLinks->Flink != KiProcessList->Flink);
+
+ 
+	return 1;
+}
+
+
+
+
 /*
    ProcessChainDataInput:¸øProcessChain½á¹¹³ÉÔ±Ð´ÈëÊý¾Ý
    ²ÎÊý1:ProcessChainÖ¸Õë
-   ²ÎÊý2:½ø³ÌµÄ_EPROCESS
+   ²ÎÊý2:½ø³ÌµÄ
+   _EPROCESS
 */
-BOOLEAN SkProcessChainDataInput(_In_ PSkProcessChain ProcessChain, _In_ PEPROCESS Eprocess)
+BOOLEAN SkProcessChainDataInput(_In_ PSkProcessChain ProcessChain, _In_ PEPROCESS Eprocess,_In_ BOOLEAN IsHide)
 {
 	BOOLEAN		nRet = TRUE;
 
@@ -82,9 +187,21 @@ BOOLEAN SkProcessChainDataInput(_In_ PSkProcessChain ProcessChain, _In_ PEPROCES
 	}
 
 	ProcessChain->Eprocess = (ULONG64)Eprocess;
-	ProcessChain->IsHideProcess = FALSE;
 	ProcessChain->InheritedFromUniqueProcessId = (ULONG64)PsGetProcessInheritedFromUniqueProcessId(Eprocess);
 	ProcessChain->UniqueProcessId = (ULONG64)PsGetProcessId(Eprocess);
+	ProcessChain->CreateTime = PsGetProcessCreateTimeQuadPart(Eprocess);
+	{
+		if (IsHide == FALSE)
+		{
+			ProcessChain->IsHideProcess = SkCheckProcessHide_0((HANDLE)ProcessChain->UniqueProcessId);
+			ProcessChain->IsHideProcess = SkCheckProcessHide_1(Eprocess);
+		}
+		else
+		{
+			ProcessChain->IsHideProcess = TRUE;
+		}
+	}
+
 
 	{
 		POBJECT_NAME_INFORMATION Info = SkGetProcessImagePathNameByPNI(Eprocess);
@@ -118,14 +235,18 @@ BOOLEAN SkProcessChainDataInput(_In_ PSkProcessChain ProcessChain, _In_ PEPROCES
 
 			if (!SkGetProcessImageNameByAPI_0(Eprocess, ProcessChain->ImageFilePath))
 			{
-				ProcessChain->IsHideProcess = FAKER_PROCESS_NAME;
-				ProcessChain->Type = FAKER_PROCESS_NAME;
+	           //¼ÌÐø»ñÈ¡
+			}else
+			{
+				nRet = TRUE;
+				return nRet;
 			}
 		}
 	}
  
 
 	{
+
 		ProcessChain->ImageFileName = SkAllocProcessImageStringMemory(PATH_MAX);
 		if (ProcessChain->ImageFileName)
 		{
@@ -133,8 +254,7 @@ BOOLEAN SkProcessChainDataInput(_In_ PSkProcessChain ProcessChain, _In_ PEPROCES
 			{
 				if (!SkGetProcessImageNameByAPI_0(Eprocess, ProcessChain->ImageFileName))
 				{
-					ProcessChain->IsHideProcess = 1;
-					ProcessChain->Type = FAKER_PROCESS_NAME;
+					//¼ÌÐø»ñÈ¡
 				}
 			}
 		 
@@ -145,7 +265,7 @@ BOOLEAN SkProcessChainDataInput(_In_ PSkProcessChain ProcessChain, _In_ PEPROCES
 	return nRet;
 }
 
-
+ 
 PSkProcessChain SKEnumeProcessByPsLookupProcessByProcessId()
 {
 	NTSTATUS         Status   = STATUS_SUCCESS;
@@ -164,15 +284,17 @@ PSkProcessChain SKEnumeProcessByPsLookupProcessByProcessId()
 
 	for (ULONG64 Index = 0; Index < MAX_PROCESS_ID; Index = Index + 4)
 	{
+	 
 		Status = PsLookupProcessByProcessId((HANDLE)Index, &Eprocess);
 		if (NT_SUCCESS(Status))
 		{
 			if (PsGetProcessExitStatus(Eprocess) == STATUS_PENDING)
 			{
+
 				if (First == NULL)
 				{
 					First = ProcessChain;
-					SkProcessChainDataInput(First, Eprocess);
+					SkProcessChainDataInput(First, Eprocess,FALSE);
 					ObDereferenceObject(Eprocess);
 					continue;
 				}
@@ -180,12 +302,9 @@ PSkProcessChain SKEnumeProcessByPsLookupProcessByProcessId()
 				PSkProcessChain Node = SkCreatProcessChain();
 				if (Node != NULL)
 				{
-					if (!SkProcessChainDataInput(Node, Eprocess))
+					if (!SkProcessChainDataInput(Node, Eprocess,FALSE))
 					{
-						/*
-						  ¶à´ËÒ»¾ÙµÄÅÐ¶Ï ºóÃæÀïÃæ¿ÉÒÔ¼ÓÅÐ¶Ï ÅÐ¶ÏÊÇ²»ÊÇÆæÆæ¹Ö¹ÖµÄ¶«Î÷ºÙºÙ
-						*/
- 
+						SKFreeProcessChainNode(Node);
 						ObDereferenceObject(Eprocess);
 						continue;
 					}
@@ -215,56 +334,83 @@ PSkProcessChain SKEnumeProcessByPsLookupProcessByProcessId()
 }
 
 
-PSkProcessChain SKEnumeProcessByAPI_0()
-{
-	PVOID   Buffer = NULL;
-
-	ULONG   BufferSize = 0;
-
-	PSYSTEM_PROCESS_INFORMATION	ProcessInformation = NULL;
 
-	NTSTATUS Status = ZwQuerySystemInformation(SystemProcessInformation, Buffer, 0, &BufferSize);
-	 
-	PSkProcessChain  ProcessChain = SkCreatProcessChain();
-
-	Buffer = ExAllocatePool(NonPagedPool, BufferSize);
-	if (!Buffer)
-	{
-		RtlZeroMemory(Buffer, BufferSize);
-	}
-
-	while (Status == STATUS_INFO_LENGTH_MISMATCH)
+/*
+   SkFindEProcess£º²éÕÒ½ø³ÌÁ´±íµÄEPROCESSÊÇ·ñ´æÔÚ
+*/
+BOOLEAN SkFindEProcess(PEPROCESS Eprocess, PSkProcessChain ListHead)
+{
+	BOOLEAN IsFind = FALSE;
+	PSkProcessChain Entry = ListHead;
+	while (Entry != NULL)
 	{
-		if (Buffer)
+		if (Entry->Eprocess == (ULONG64)Eprocess)
 		{
-			ExFreePool(Buffer);
+			IsFind = TRUE;
+			return IsFind;
 		}
 
-		Buffer = ExAllocatePool(NonPagedPool, BufferSize);
+		Entry = Entry->Next;
+	}
 
-		Status = ZwQuerySystemInformation(SystemProcessInformation, Buffer, BufferSize, &BufferSize);
+ 
 
-	}
+	return IsFind;
+}
 
-	ProcessInformation = (PSYSTEM_PROCESS_INFORMATION)Buffer;
+/*
+ SKFindHideProcessByThread Í¨¹ýÏß³Ì²éÕÒÒþ²Ø½ø³Ì£¬È»ºó¸üÐÂ½ø³ÌÁ´±í,Ïß³ÌÒ»°ãÇé¿öÎÞ·¨Ôì¼Ù£¬ÒòÎªCPUµ÷¶ÈµÄÊÇÏß³Ì,
+ Èç¹û¸ÄTHREAD->Process Ïß³ÌËùÊô½ø³Ì Ò»°ã½ø³Ì¿ÉÒÔ µ«ÊÇ ÄãÎÞ·¨ÐÞ¸ÄAPC_STATE->Process ÕâÀïÊÇÏß³ÌÔËÐÐ»·¾³£¬Äã¸ÄÁË100%Õ¨
+ ³ýÁËÄãÅ£±Æ ÖØÐ´ÇÐ»»Âß¼­ ËùÒÔÔÚ¼ÓÒ»¸öÅÐ¶Ï if(ETHREAD->Process != ETHREAD->Kehtread->APC_STATE->Process)Èç¹û²»µÈÓÚ
+ ÄãËûÂèµÄ¾ÍÊÇ²»Õý³£ ¶ÍÁ¶ÁË Õ¢×Ü
+ ²ÎÊý1:ÏÖ´æÔÚµÄ½ø³ÌÁ´±í
+ ·µ»Ø:¸üÐÂºóµÄÁ´±í
+*/
+PSkProcessChain SKFindHideProcessByThread(PSkProcessChain ProcessChain)
+{
+	PETHREAD	    TempThread = NULL;
+	PSkProcessChain  Temp = ProcessChain;
+	while (Temp->Next != NULL)
+	{
+		Temp = Temp->Next;
+	}
 
-	for (;;)
+	for (ULONG64 Index = 0; Index < MAX_PROCESS_ID; Index = Index + 4)
 	{
-		if (ProcessInformation->NextEntryOffset == 0)
-			break;
+		if (NT_SUCCESS(PsLookupThreadByThreadId((HANDLE)Index, &TempThread)))
+		{
+			if (!PsIsThreadTerminating(TempThread))
+			{
+				if (!SkFindEProcess(PsGetThreadProcess(TempThread), ProcessChain))
+				{
+					PSkProcessChain Entry = SkCreatProcessChain();
+					if (Entry)
+					{
+						SkProcessChainDataInput(Entry, (PEPROCESS)PsGetThreadProcess(TempThread), TRUE);
+						Temp->Next = Entry;
+						Temp = Entry;
+						OUTDEBUGINFO("Òþ²Ø½ø³Ì %ws %p %ws", Temp->ImageFileName, PsGetThreadProcess(TempThread), Temp->ImageFilePath);
+					}
+				}
+			}
 
+			ObDereferenceObject(TempThread);
+		}
 	}
-
 	return ProcessChain;
 }
 
 
-
 PSkProcessChain SkEnumeProcess()
 {
+
 	PSkProcessChain  ProcessChain = NULL;
-	 
-	ProcessChain = SKEnumeProcessByPsLookupProcessByProcessId();
+
+	PSkProcessChain  ProcessChainAPI = NULL;
+
+	ProcessChain =   SKEnumeProcessByPsLookupProcessByProcessId();
+
+	ProcessChain =   SKFindHideProcessByThread(ProcessChain);
 
 	return ProcessChain;
 }
diff --git a/SuperKernelHacking/EnumeProcess.h b/SuperKernelHacking/EnumeProcess.h
index 608b02402ee3d263aa9ad2f2454abe8abb6e1146..85d04031126c17a83c5dcbec4f7e47ec9415f6d3 100644
--- a/SuperKernelHacking/EnumeProcess.h
+++ b/SuperKernelHacking/EnumeProcess.h
@@ -34,12 +34,12 @@ typedef struct _SkProcessChain
 	/*½ø³ÌÂ·¾¶*/
 	PVOID ImageFilePath;
 
+	/*´´½¨Ê±¼ä*/
+	LONG64 CreateTime;
+
 	/*Òþ²Ø½ø³Ì*/
 	ULONG64 IsHideProcess;
 
-	/*Òþ²Ø·½Ê½  1Îª¾ä±ú±í¶ÏÁ´ 2ÎªEPROCESS¶ÏÁ´  3ÎªÏß³Ì´Û¸ÄËùÊô  4ÎªÐÞ¸Ä½ø³ÌÃû*/
-	ULONG64 Type;
-
 	struct _SkProcessChain *Next;
 }SkProcessChain, *PSkProcessChain;
 
@@ -52,16 +52,6 @@ typedef struct _SkProcessChain
 PSkProcessChain SKEnumeProcessByPsLookupProcessByProcessId();
 
 
-
-/*
- SKEnumeProcessByAPI_0:Í¨¹ýZwQuerySystemInformationÀ´»ñÈ¡½ø³Ì ×¢:ÈÎÎñ¹ÜÀíÆ÷Ê¹ÓÃµÄ¾ÍÊÇÕâ¸ö
- ·µ»ØÖµ:·µ»ØËùÓÐÒÑÕÒµ½µÄ½ø³Ì,´æ·ÅÔÚSkPProcessChainÁ´±íÀï
- ±¸×¢:PSkProcessChainÐèÒª×ÔÐÐÊÍ·Å ÔÚ²»Ê¹ÓÃÊ±
-*/
-PSkProcessChain SKEnumeProcessByAPI_0();
-
-
-
 /*
  SkEnumeProcess:Ã¶¾ÙÏµÍ³ËùÓÐ½ø³Ì
  ·µ»ØÖµ:·µ»ØËùÓÐÒÑÕÒµ½µÄ½ø³Ì,´æ·ÅÔÚSkPProcessChainÁ´±íÀï
diff --git a/SuperKernelHacking/Log.h b/SuperKernelHacking/Log.h
index edf7c21daa913378439d14e7d9a135c089dffb2f..66b7e2674f875784d3f348ae17b216142272c8cd 100644
--- a/SuperKernelHacking/Log.h
+++ b/SuperKernelHacking/Log.h
@@ -228,3 +228,12 @@ typedef struct _SYSTEM_PROCESS_INFORMATION {
 	IO_COUNTERS             IoCounters;
 	SYSTEM_THREADS           Threads;
 } SYSTEM_PROCESS_INFORMATION, *PSYSTEM_PROCESS_INFORMATION;
+
+
+typedef struct _KernelOffset
+{
+	ULONG64  KiProcessList;
+	PEPROCESS SystemEprocess;
+}KernelOffset,*PKernelOffset;
+
+extern KernelOffset g_OffsetData;
\ No newline at end of file
diff --git a/SuperKernelHacking/ProcessAllocMemory.c b/SuperKernelHacking/ProcessAllocMemory.c
index d7ab94f02596fb28aa065d4e2270c87f6b3cb2da..e26284b714a4c19ddd6871aed74303a82539456e 100644
--- a/SuperKernelHacking/ProcessAllocMemory.c
+++ b/SuperKernelHacking/ProcessAllocMemory.c
@@ -40,4 +40,17 @@ PVOID SkUserAllocExecuteMemory(SIZE_T Size)
 {
 
 	return SkUserVirtualAlloc(NULL, Size, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
-}
\ No newline at end of file
+}
+
+NTSTATUS SkFreeUserMemory(PVOID BaseAddress, SIZE_T Size, HANDLE ProcessHandle)
+{
+	NTSTATUS Status = STATUS_MEMORY_NOT_ALLOCATED;
+
+	if (BaseAddress != NULL)
+	{
+		RtlZeroMemory(BaseAddress, Size);
+		Status = NtFreeVirtualMemory(ProcessHandle, &BaseAddress, &Size, MEM_DECOMMIT | MEM_RELEASE);
+	}
+
+	return Status;
+}
diff --git a/SuperKernelHacking/ProcessAllocMemory.h b/SuperKernelHacking/ProcessAllocMemory.h
index 1cdb20e7864cdfdbe040bbcd0e6a9b97fccb5ee7..42a8bcbc0269f26c175c4e77ca5946e2b767dc76 100644
--- a/SuperKernelHacking/ProcessAllocMemory.h
+++ b/SuperKernelHacking/ProcessAllocMemory.h
@@ -5,4 +5,6 @@ PVOID     SkUserVirtualAllocEx(_In_ HANDLE hProcess, _In_ PVOID lpAddress, _In_
 
 PVOID	  SkUserVirtualAlloc(_In_ PVOID lpAddress, _In_ SIZE_T dwSize, _In_ DWORD flAllocationType, _In_ DWORD flProtect);
 
-PVOID	  SkUserAllocExecuteMemory(_In_ SIZE_T Size);
\ No newline at end of file
+PVOID	  SkUserAllocExecuteMemory(_In_ SIZE_T Size);
+
+NTSTATUS  SkFreeUserMemory(PVOID BaseAddress, SIZE_T Size, HANDLE ProcessHandle);
\ No newline at end of file
diff --git a/SuperKernelHacking/ProcessFile.c b/SuperKernelHacking/ProcessFile.c
index 27c0f2ad223431c4c37144aa0df262ef50cdcc79..3d87d01a87a55ea834fa19547e47d5e33cb89f05 100644
--- a/SuperKernelHacking/ProcessFile.c
+++ b/SuperKernelHacking/ProcessFile.c
@@ -67,6 +67,9 @@ POBJECT_NAME_INFORMATION SkGetProcessImagePathNameByPNI(_In_ PEPROCESS Eprocess)
 	return NULL;
 }
 
+/*
+  Õâ¸öÍæÒâÒªÉÏËø ÍµÀÁ·Å×ÅÀï ºóÃæÔÙËµ
+*/
 NTSTATUS SkGetProcessImageNameByPEB(PEPROCESS Eprocess, PVOID ImageName)
 {
 	BOOLEAN     IsAttch = FALSE;
@@ -75,8 +78,11 @@ NTSTATUS SkGetProcessImageNameByPEB(PEPROCESS Eprocess, PVOID ImageName)
 
 	KAPC_STATE  ApcState;
 
+	LARGE_INTEGER time = { 0 };
+
 	PVOID       TmpName = ExAllocatePool(NonPagedPool,PATH_MAX);
 
+	time.QuadPart = -250ll * 10 * 1000;
 	if (TmpName == NULL)
 	{
 		ERRORLOG(0xc0000005, L"ÉêÇëÄÚ´æÊ§°Ü");
@@ -89,14 +95,16 @@ NTSTATUS SkGetProcessImageNameByPEB(PEPROCESS Eprocess, PVOID ImageName)
 		ERRORLOG(0xc0000005, L"»º³åÇø´íÎóÖ¸Õë");
 		return Status;
 	}
-
  
-	if (Eprocess != PsGetCurrentProcess())
+   
+	if (Eprocess != PsGetThreadProcess(PsGetCurrentThread()))
 	{
+
 		KeStackAttachProcess(Eprocess, &ApcState);
 		IsAttch = TRUE;
 	}
 
+
 	RtlZeroMemory(TmpName, PATH_MAX);
  
 	if (PsGetProcessWow64Process(Eprocess) == NULL)
@@ -104,10 +112,23 @@ NTSTATUS SkGetProcessImageNameByPEB(PEPROCESS Eprocess, PVOID ImageName)
 		//64Î»
 
 		PPEB Peb = PsGetProcessPeb(Eprocess);
+
 		if (Peb)
 		{
+		
+	 
+			if (Peb->Ldr == NULL)
+			{
+ 
+				KeUnstackDetachProcess(&ApcState);
+				return Status;
+			}
+
 			PLIST_ENTRY pListEntry = Peb->Ldr->InLoadOrderModuleList.Flink;
+		
 			PLDR_DATA_TABLE_ENTRY pEntry = CONTAINING_RECORD(pListEntry, LDR_DATA_TABLE_ENTRY, InLoadOrderLinks);
+
+
 			__try
 			{
 				RtlCopyMemory(TmpName, (PVOID)pEntry->BaseDllName.Buffer, pEntry->BaseDllName.Length);
@@ -122,10 +143,19 @@ NTSTATUS SkGetProcessImageNameByPEB(PEPROCESS Eprocess, PVOID ImageName)
 	}
 	else
 	{
+	
 		//32Î»
 		PPEB32 pPeb32 = (PPEB32)PsGetProcessWow64Process(Eprocess);
 		if (pPeb32)
 		{
+
+			if (pPeb32->Ldr == 0)
+			{
+				/*É¶Çé¿ö....¿ÉÄÜÊÇ½ø³ÌÍË³ö¹ý³ÌÖÐ*/
+				KeUnstackDetachProcess(&ApcState);
+				return Status;
+			}
+
 			PLIST_ENTRY32 pListEntry = (PLIST_ENTRY32)((PPEB_LDR_DATA32)pPeb32->Ldr)->InLoadOrderModuleList.Flink;
 			PLDR_DATA_TABLE_ENTRY32 pEntry = CONTAINING_RECORD(pListEntry, LDR_DATA_TABLE_ENTRY32, InLoadOrderLinks);
 			__try
@@ -144,6 +174,7 @@ NTSTATUS SkGetProcessImageNameByPEB(PEPROCESS Eprocess, PVOID ImageName)
 
 	if (IsAttch)
 	{
+
 		KeUnstackDetachProcess(&ApcState);
 	}
 
diff --git a/SuperKernelHacking/ProcessFile.h b/SuperKernelHacking/ProcessFile.h
index 50e99e29251ae55a24c0c072fa26b182da5ced05..e1f72ee6eee6bf46ff6aa57123a76afcbf6f9cad 100644
--- a/SuperKernelHacking/ProcessFile.h
+++ b/SuperKernelHacking/ProcessFile.h
@@ -141,4 +141,6 @@ POBJECT_NAME_INFORMATION  SkGetProcessImagePathNameByPNI(_In_ PEPROCESS Eprocess
    ²ÎÊý1:½ø³ÌEPROCESS
    ²ÎÊý2:ÓÃÓÚ½ÓÊÕ½ø³ÌÃûµÄÖ¸Õë
 */
-NTSTATUS SkGetProcessImageNameByPEB(_In_ PEPROCESS Eprocess,_Inout_ PVOID ImageName);
\ No newline at end of file
+NTSTATUS SkGetProcessImageNameByPEB(_In_ PEPROCESS Eprocess,_Inout_ PVOID ImageName);
+
+ 
\ No newline at end of file
diff --git a/SuperKernelHackingClentDemo/SuperKernelHackingClentDemo.cpp b/SuperKernelHackingClentDemo/SuperKernelHackingClentDemo.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..0393731e00658814cb4b8629f8f9de85785d74b4
--- /dev/null
+++ b/SuperKernelHackingClentDemo/SuperKernelHackingClentDemo.cpp
@@ -0,0 +1,107 @@
+ï»¿// SuperKernelHackingClentDemo.cpp : æ­¤æ–‡ä»¶åŒ…å« "main" å‡½æ•°ã€‚ç¨‹åºæ‰§è¡Œå°†åœ¨æ­¤å¤„å¼€å§‹å¹¶ç»“æŸã€‚
+//
+
+#include <iostream>
+#include<windows.h>
+#include <winioctl.h>
+
+#define DEVICE_NAME  L"\\Device\\SuperKernelHacking"
+#define LINK_NAME    L"\\??\\SuperKernelHacking"
+
+#define  BASE_CODE  0x800
+
+#define GET_PROCESS_LIST CTL_CODE(FILE_DEVICE_UNKNOWN, BASE_CODE + 0X100, METHOD_IN_DIRECT, FILE_ANY_ACCESS)
+
+
+typedef struct _SkProcessChain
+{
+	/*è¿›ç¨‹PID*/
+	ULONG64 UniqueProcessId;
+
+	/*çˆ¶è¿›ç¨‹PID*/
+	ULONG64 InheritedFromUniqueProcessId;
+
+	/*è¿›ç¨‹EPROCESS*/
+	ULONG64 Eprocess;
+
+	/*è¿›ç¨‹å*/
+	PVOID ImageFileName;
+
+	/*è¿›ç¨‹è·¯å¾„*/
+	PVOID ImageFilePath;
+
+	/*åˆ›å»ºæ—¶é—´*/
+	LONG64 CreateTime;
+
+	/*éšè—è¿›ç¨‹*/
+	ULONG64 IsHideProcess;
+
+	struct _SkProcessChain *Next;
+}SkProcessChain, *PSkProcessChain;
+
+class Drv
+{
+public:
+	Drv();
+public:
+	PVOID GetProcessList();
+private:
+	HANDLE m_DeviceHandle;
+};
+
+
+int main()
+{
+	Drv Test;
+	PSkProcessChain ProcessList = (PSkProcessChain)Test.GetProcessList();
+	while (ProcessList != NULL)
+	{
+		printf("CreateTime = %p\n", ProcessList->CreateTime);
+		printf("EPROCESS = %p\n", ProcessList->Eprocess);
+		printf("ImageFileName = %ws\n", ProcessList->ImageFileName);
+		printf("ImageFilePath = %ws\n", ProcessList->ImageFilePath);
+		printf("InheritedFromUniqueProcessId = %d\n", ProcessList->InheritedFromUniqueProcessId);
+		printf("Hide = %d\n", ProcessList->IsHideProcess);
+		printf("UniqueProcessId = %d\n", ProcessList->UniqueProcessId);
+		printf("-------------------------\n");
+		ProcessList = ProcessList->Next;
+	}
+
+	while (1) Sleep(1000);
+}
+
+Drv::Drv()
+{
+	m_DeviceHandle = CreateFileW(LINK_NAME,
+		GENERIC_READ | GENERIC_WRITE,
+		0,
+		NULL,
+		OPEN_EXISTING,
+		0,
+		NULL
+	);
+
+	if (m_DeviceHandle == INVALID_HANDLE_VALUE)
+	{
+		MessageBoxA(0, "åŠ è½½é©±åŠ¨å¤±è´¥\n", "OAA_AM_SB", 0);
+		exit(0);
+	}
+}
+
+PVOID Drv::GetProcessList()
+{
+	/*è¿”å›žçš„æ˜¯ä¸€ä¸ªæŒ‡é’ˆå­˜æ”¾åœ¨Infoé‡Œæ‰€ä»¥è¿™é‡Œè¦ä¼ å…¥infoçš„åœ°å€*/
+	ULONG64 Info = 0;
+	ULONG64 Buffer = (ULONG64)&Info;
+	DWORD   dwRet = 0;
+	BOOL Status = DeviceIoControl(m_DeviceHandle,
+		GET_PROCESS_LIST,
+		&Buffer,
+		sizeof(ULONG64),
+		NULL,
+		NULL,
+		&dwRet,
+		NULL
+	);
+	return (PVOID)Info;
+}
diff --git a/SuperKernelHackingClentDemo/SuperKernelHackingClentDemo.vcxproj b/SuperKernelHackingClentDemo/SuperKernelHackingClentDemo.vcxproj
new file mode 100644
index 0000000000000000000000000000000000000000..28186fe8e351698790959e7a01a47f22ce0745e8
--- /dev/null
+++ b/SuperKernelHackingClentDemo/SuperKernelHackingClentDemo.vcxproj
@@ -0,0 +1,163 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <VCProjectVersion>15.0</VCProjectVersion>
+    <ProjectGuid>{B3E34474-8754-4D2D-A44D-C985B7D3CBF0}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>SuperKernelHackingClentDemo</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.19041.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <UseOfMfc>Static</UseOfMfc>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+    <UseOfMfc>Static</UseOfMfc>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="Shared">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <AdditionalDependencies>User32.lib</AdditionalDependencies>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <AdditionalDependencies>User32.lib</AdditionalDependencies>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="SuperKernelHackingClentDemo.cpp" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/SuperKernelHackingClentDemo/SuperKernelHackingClentDemo.vcxproj.filters b/SuperKernelHackingClentDemo/SuperKernelHackingClentDemo.vcxproj.filters
new file mode 100644
index 0000000000000000000000000000000000000000..9572a8490a1490b1b5bda78cb48a5d194ef9447e
--- /dev/null
+++ b/SuperKernelHackingClentDemo/SuperKernelHackingClentDemo.vcxproj.filters
@@ -0,0 +1,22 @@
+ï»¿<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="æºæ–‡ä»¶">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="å¤´æ–‡ä»¶">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;ipp;xsd</Extensions>
+    </Filter>
+    <Filter Include="èµ„æºæ–‡ä»¶">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="SuperKernelHackingClentDemo.cpp">
+      <Filter>æºæ–‡ä»¶</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file