Bypass (suspender) src

#include <NomadMemory.au3>
#include <Array.au3>
#include <Memory.au3>
#include <File.au3>


Call("monster2")

Func monster2()
   
    $list1 = ProcessList()
    $msg1 = _arrayfindall($list1, "Dekaron.exe", 1, $list1[0][0])
    If @error = 6 Then
        Call("monster")
    EndIf
    For $z = 1 To 1
        $listdone1 = _arraycombinations($msg1, $z, "")
    Next
    While 1
        $list = ProcessList()
        $msg = _arrayfindall($list, "Dekaron.exe", 1, $list[0][0])
        For $i = 1 To 1
            $listdone = _arraycombinations($msg, $i, "")
        Next
        If $listdone[0] > $listdone1[0] Then
            $x = $list[$listdone[$listdone[0]]][1]
            While 1
                $handle = _memoryopen($x)
                $test = _memoryread(0x009807AE, $handle, "byte")
                If $test = 204 Then
                    _processsuspend($x)
                    _processsuspend("xxd.xem")
                    _processsuspend("x3.xem")
                    _processsuspend("xmag.xem")
                    _processsuspend("vtany.sys")
                    _memoryclose($handle)
                    Sleep(10)
                    _filewritetoline("PID.txt", 4, $x, 0)
                    MSGBOX ( 44096 , "DEKARON" , "ACTIVE HACKS THEN PRESS OK" ) 
                    _processresume($x)
                    _processresume("xxd.xem")
                    _processresume("x3.xem")
                    _processresume("xnag.xem")
                    Exit 
                EndIf
            WEnd
        EndIf
    WEnd
EndFunc

Func monster()
    While 1
       sleep(100)
        If ProcessExists("Dekaron.exe") Then
            $proces_id = ProcessExists("Dekaron.exe")
            $handle = _memoryopen($proces_id)
            $test = _memoryread(0x009807AE, $handle, "byte")
            If $test = 204 Then
                _processsuspend($proces_id)
                _processsuspend("xxd.xem")
                _processsuspend("x3.xem")
                _processsuspend("xmag.xem")
                _processsuspend("vtany.sys")
                _memoryclose($handle)
                Sleep(10)
                _filewritetoline("PID.txt", 4, $proces_id, 0)
                MSGBOX ( 44096 , "DEKARON" , "ACTIVE HACKS THEN PRESS OK" ) 
                _processresume($proces_id)
                _processresume("xxd.xem")
                _processresume("x3.xem")
                _processresume("xnag.xem")
                Exit 
            EndIf
        EndIf
    WEnd
EndFunc

Func _memorywritemod($adress, $handle, $data)
    $count = StringSplit($data, " ")
    For $i = 0 To Binary($count[0] - 1) Step 1
        $hexcount = "0x" & $count[$i + 1]
        _memorywrite($adress + $i, $handle, Binary($hexcount), "byte")
    Next
EndFunc

Func _processsuspend($processid)
    If $processid Then
        $ai_handle = DllCall("kernel32.dll", "int", "OpenProcess", "int", 2035711, "int", False, "int", $processid)
        $i_sucess = DllCall("ntdll.dll", "int", "NtSuspendProcess", "int", $ai_handle[0])
        DllCall("kernel32.dll", "ptr", "CloseHandle", "ptr", $ai_handle)
        If IsArray($i_sucess) Then
            Return 1
        Else
            SetError(1)
            Return 0
        EndIf
    Else
        SetError(2)
        Return 0
    EndIf
EndFunc

Func _processresume($processid)
    If $processid Then
        $ai_handle = DllCall("kernel32.dll", "int", "OpenProcess", "int", 2035711, "int", False, "int", $processid)
        $i_sucess = DllCall("ntdll.dll", "int", "NtResumeProcess", "int", $ai_handle[0])
        DllCall("kernel32.dll", "ptr", "CloseHandle", "ptr", $ai_handle)
        If IsArray($i_sucess) Then
            Return 1
        Else
            SetError(1)
            Return 0
        EndIf
    Else
        SetError(2)
        Return 0
    EndIf
EndFunc