TheMida uses RAW of kernel32.dll, user32.dll and advapi32.dll to stop, disable breakpoints in APIs while TheMida layer is executing. To be able to break on APIs we have to add one extra layer between TheMida code and API, which will allow us to easily break on APIs from k32 and advapi32.dll
One good way it to use PEB dll hooking, combined with rebased fake DLLs on disk.
This is exactly what this code is doing:
1. fakes kernel32.dll and advapi32.dll 2. fakes disk i/o for kernel32.dll and advapi32.dll so those will read fake data and in such way we may set breaks on APIs.
Tool comes in 2 versions: - one allows debugger to be attached by generating int 3h before loader jmp to entrypoint requires i3here on or bpint 3 - second simply loads application w/o generating int 3h, have no idea why this could be useful, but here it is anyway
