diff --git a/CcMainDll/.vs/CcMainDll/v15/.suo b/CcMainDll/.vs/CcMainDll/v15/.suo
index cd3911a..08f92a0 100644
Binary files a/CcMainDll/.vs/CcMainDll/v15/.suo and b/CcMainDll/.vs/CcMainDll/v15/.suo differ
diff --git a/CcMainDll/.vs/CcMainDll/v15/Solution.VC.db-shm b/CcMainDll/.vs/CcMainDll/v15/Solution.VC.db-shm
deleted file mode 100644
index 45dbd12..0000000
Binary files a/CcMainDll/.vs/CcMainDll/v15/Solution.VC.db-shm and /dev/null differ
diff --git a/CcMainDll/.vs/CcMainDll/v15/Solution.VC.db-wal b/CcMainDll/.vs/CcMainDll/v15/Solution.VC.db-wal
deleted file mode 100644
index 1b5e0e3..0000000
Binary files a/CcMainDll/.vs/CcMainDll/v15/Solution.VC.db-wal and /dev/null differ
diff --git a/CcMainDll/CcMainDll/common/ShellManager.cpp b/CcMainDll/CcMainDll/common/ShellManager.cpp
index 160b9bd..363d2e1 100644
--- a/CcMainDll/CcMainDll/common/ShellManager.cpp
+++ b/CcMainDll/CcMainDll/common/ShellManager.cpp
@@ -26,7 +26,12 @@ CShellManager::CShellManager(CClientSocket *pClient):CManager(pClient)
 
 
 	//创建管道，管道用于获取cmd的数据信息
-    if(!CreatePipe(&m_hReadPipeHandle, &m_hWritePipeShell, &sa, 0))
+    if(!CreatePipe(
+		&m_hReadPipeHandle,	// __out 读取句柄
+		&m_hWritePipeShell,	// __out 写入句柄
+		&sa,				// __in SECURITY_ATTRIBUTES结构体指针 加测返回的句柄是否能够被子进程继承，为NULL不能继承 匿名管道必须有这个结构体
+		0					// 缓冲区大小，参数为0时使用默认大小
+	))
 	{
 		if(m_hReadPipeHandle != NULL)	CloseHandle(m_hReadPipeHandle);
 		if(m_hWritePipeShell != NULL)	CloseHandle(m_hWritePipeShell);
diff --git a/ghostAnalyze2.emmx b/ghostAnalyze2.emmx
index 97a345d..3447146 100644
Binary files a/ghostAnalyze2.emmx and b/ghostAnalyze2.emmx differ
diff --git a/readme/gh0stAnalyze.png b/readme/gh0stAnalyze.png
index 1f40829..e7c9c56 100644
Binary files a/readme/gh0stAnalyze.png and b/readme/gh0stAnalyze.png differ
diff --git a/readme/_DCM{C]E(C3K3_))LIF%S_V.png b/readme/help.png
similarity index 100%
rename from readme/_DCM{C]E(C3K3_))LIF%S_V.png
rename to readme/help.png