diff --git a/SDK/C/TitanEngine.h b/SDK/C/TitanEngine.h index f39a1d4..9c8b63a 100644 --- a/SDK/C/TitanEngine.h +++ b/SDK/C/TitanEngine.h @@ -605,8 +605,8 @@ typedef struct typedef struct { - YmmRegister_t Low; //AVX part - YmmRegister_t High; //AVX-512 part + YmmRegister_t Low; //AVX part + YmmRegister_t High; //AVX-512 part } ZmmRegister_t; typedef struct @@ -677,11 +677,11 @@ typedef struct typedef struct { #ifdef _WIN64 - ZmmRegister_t ZmmRegisters[32]; + ZmmRegister_t ZmmRegisters[32]; #else // x86 - ZmmRegister_t ZmmRegisters[8]; + ZmmRegister_t ZmmRegisters[8]; #endif - ULONGLONG Opmask[8]; + ULONGLONG Opmask[8]; } TITAN_ENGINE_CONTEXT_AVX512_t; #ifdef __cplusplus diff --git a/TitanEngine/Global.Debugger.cpp b/TitanEngine/Global.Debugger.cpp index 95d09a4..6d208c0 100644 --- a/TitanEngine/Global.Debugger.cpp +++ b/TitanEngine/Global.Debugger.cpp @@ -46,18 +46,18 @@ CRITICAL_SECTION engineStepActiveCr; DWORD ContextControlFlags = [] { DWORD flags = CONTEXT_CONTROL; - typedef BOOL(WINAPI *type_IsWow64Process2)(HANDLE, USHORT*, USHORT*); + typedef BOOL(WINAPI * type_IsWow64Process2)(HANDLE, USHORT*, USHORT*); auto p_IsWow64Process2 = (type_IsWow64Process2)GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "IsWow64Process2"); - if (p_IsWow64Process2) + if(p_IsWow64Process2) { USHORT processMachine = 0; USHORT nativeMachine = 0; - if (p_IsWow64Process2(GetCurrentProcess(), &processMachine, &nativeMachine)) + if(p_IsWow64Process2(GetCurrentProcess(), &processMachine, &nativeMachine)) { #ifndef IMAGE_FILE_MACHINE_ARM64 #define IMAGE_FILE_MACHINE_ARM64 0xAA64 #endif // IMAGE_FILE_MACHINE_ARM64 - if (nativeMachine == IMAGE_FILE_MACHINE_ARM || nativeMachine == IMAGE_FILE_MACHINE_ARM64) + if(nativeMachine == IMAGE_FILE_MACHINE_ARM || nativeMachine == IMAGE_FILE_MACHINE_ARM64) { flags = CONTEXT_ALL; } diff --git a/TitanEngine/TitanEngine.Breakpoints.cpp b/TitanEngine/TitanEngine.Breakpoints.cpp index be299db..92b25c0 100644 --- a/TitanEngine/TitanEngine.Breakpoints.cpp +++ b/TitanEngine/TitanEngine.Breakpoints.cpp @@ -462,7 +462,7 @@ __declspec(dllexport) bool TITCALL SetMemoryBPXEx(ULONG_PTR MemoryStart, SIZE_T auto bpType = BreakPointBuffer.at(i).BreakPointType; bool isMem = bpType == UE_MEMORY || bpType == UE_MEMORY_READ || bpType == UE_MEMORY_WRITE || bpType == UE_MEMORY_EXECUTE; - if (isMem && bpAddr < (MemoryStart + SizeOfMemory) && bpAddr + bpSize > MemoryStart) + if(isMem && bpAddr < (MemoryStart + SizeOfMemory) && bpAddr + bpSize > MemoryStart) { return false; // the place is taken } diff --git a/TitanEngine/TitanEngine.Debugger.Context.cpp b/TitanEngine/TitanEngine.Debugger.Context.cpp index bcc2d82..6f671b4 100644 --- a/TitanEngine/TitanEngine.Debugger.Context.cpp +++ b/TitanEngine/TitanEngine.Debugger.Context.cpp @@ -1054,195 +1054,203 @@ __declspec(dllexport) bool TITCALL GetAVXContext(HANDLE hActiveThread, TITAN_ENG (1ui64 << (XSTATE_AVX512_ZMM))) #endif -static bool SetAVX512ContextFallbackToAVX(HANDLE hActiveThread, TITAN_ENGINE_CONTEXT_AVX512_t* titcontext) { - // Fall back to using AVX and ignore the rest - TITAN_ENGINE_CONTEXT_t Avx; - memset(&Avx, 0, sizeof(Avx)); - for (int i = 0; i < _countof(Avx.YmmRegisters); i++) { - Avx.YmmRegisters[i] = titcontext->ZmmRegisters[i].Low; - } - return SetAVXContext(hActiveThread, &Avx); +static bool SetAVX512ContextFallbackToAVX(HANDLE hActiveThread, TITAN_ENGINE_CONTEXT_AVX512_t* titcontext) +{ + // Fall back to using AVX and ignore the rest + TITAN_ENGINE_CONTEXT_t Avx; + memset(&Avx, 0, sizeof(Avx)); + for(int i = 0; i < _countof(Avx.YmmRegisters); i++) + { + Avx.YmmRegisters[i] = titcontext->ZmmRegisters[i].Low; + } + return SetAVXContext(hActiveThread, &Avx); } __declspec(dllexport) bool TITCALL SetAVX512Context(HANDLE hActiveThread, TITAN_ENGINE_CONTEXT_AVX512_t* titcontext) { - if (InitXState() == false) - return false; + if(InitXState() == false) + return false; - DWORD64 FeatureMask = _GetEnabledXStateFeatures(); - if ((FeatureMask & XSTATE_MASK_AVX512) == 0) - return SetAVX512ContextFallbackToAVX(hActiveThread, titcontext); + DWORD64 FeatureMask = _GetEnabledXStateFeatures(); + if((FeatureMask & XSTATE_MASK_AVX512) == 0) + return SetAVX512ContextFallbackToAVX(hActiveThread, titcontext); - DWORD ContextSize = 0; - BOOL Success = _InitializeContext(NULL, - CONTEXT_ALL | CONTEXT_XSTATE, - NULL, - &ContextSize); + DWORD ContextSize = 0; + BOOL Success = _InitializeContext(NULL, + CONTEXT_ALL | CONTEXT_XSTATE, + NULL, + &ContextSize); - if ((Success == TRUE) || (GetLastError() != ERROR_INSUFFICIENT_BUFFER)) - return false; + if((Success == TRUE) || (GetLastError() != ERROR_INSUFFICIENT_BUFFER)) + return false; - DynBuf dataBuffer(ContextSize); - PVOID Buffer = dataBuffer.GetPtr(); - if (Buffer == NULL) - return false; + DynBuf dataBuffer(ContextSize); + PVOID Buffer = dataBuffer.GetPtr(); + if(Buffer == NULL) + return false; - PCONTEXT Context; - Success = _InitializeContext(Buffer, - CONTEXT_ALL | CONTEXT_XSTATE, - &Context, - &ContextSize); - if (Success == FALSE) - return false; + PCONTEXT Context; + Success = _InitializeContext(Buffer, + CONTEXT_ALL | CONTEXT_XSTATE, + &Context, + &ContextSize); + if(Success == FALSE) + return false; - if (_SetXStateFeaturesMask(Context, XSTATE_MASK_AVX | XSTATE_MASK_AVX512) == FALSE) - return SetAVX512ContextFallbackToAVX(hActiveThread, titcontext); + if(_SetXStateFeaturesMask(Context, XSTATE_MASK_AVX | XSTATE_MASK_AVX512) == FALSE) + return SetAVX512ContextFallbackToAVX(hActiveThread, titcontext); - if (GetThreadContext(hActiveThread, Context) == FALSE) - return false; + if(GetThreadContext(hActiveThread, Context) == FALSE) + return false; - if (_GetXStateFeaturesMask(Context, &FeatureMask) == FALSE) - return false; + if(_GetXStateFeaturesMask(Context, &FeatureMask) == FALSE) + return false; - DWORD FeatureLengthSse; - DWORD FeatureLengthAvx; - DWORD FeatureLengthAvx512_KMASK; - DWORD FeatureLengthAvx512_ZMM_H; - DWORD FeatureLengthAvx512_ZMM; - XmmRegister_t* Sse = (XmmRegister_t*)_LocateXStateFeature(Context, XSTATE_LEGACY_SSE, &FeatureLengthSse); - XmmRegister_t* Avx = (XmmRegister_t*)_LocateXStateFeature(Context, XSTATE_AVX, &FeatureLengthAvx); - ULONGLONG* Avx512_KMASK = (ULONGLONG*)_LocateXStateFeature(Context, XSTATE_AVX512_KMASK, &FeatureLengthAvx512_KMASK); - ZmmRegister_t* Avx512_ZMM = (ZmmRegister_t *)_LocateXStateFeature(Context, XSTATE_AVX512_ZMM, &FeatureLengthAvx512_ZMM); - YmmRegister_t* Avx512_ZMM_H = (YmmRegister_t *)_LocateXStateFeature(Context, XSTATE_AVX512_ZMM_H, &FeatureLengthAvx512_ZMM_H); + DWORD FeatureLengthSse; + DWORD FeatureLengthAvx; + DWORD FeatureLengthAvx512_KMASK; + DWORD FeatureLengthAvx512_ZMM_H; + DWORD FeatureLengthAvx512_ZMM; + XmmRegister_t* Sse = (XmmRegister_t*)_LocateXStateFeature(Context, XSTATE_LEGACY_SSE, &FeatureLengthSse); + XmmRegister_t* Avx = (XmmRegister_t*)_LocateXStateFeature(Context, XSTATE_AVX, &FeatureLengthAvx); + ULONGLONG* Avx512_KMASK = (ULONGLONG*)_LocateXStateFeature(Context, XSTATE_AVX512_KMASK, &FeatureLengthAvx512_KMASK); + ZmmRegister_t* Avx512_ZMM = (ZmmRegister_t*)_LocateXStateFeature(Context, XSTATE_AVX512_ZMM, &FeatureLengthAvx512_ZMM); + YmmRegister_t* Avx512_ZMM_H = (YmmRegister_t*)_LocateXStateFeature(Context, XSTATE_AVX512_ZMM_H, &FeatureLengthAvx512_ZMM_H); - if (Sse != NULL) //If the feature is unsupported by the processor it will return NULL - { - for (int i = 0; i < MIN(FeatureLengthSse / sizeof(XmmRegister_t), _countof(titcontext->ZmmRegisters)); i++) - Sse[i] = titcontext->ZmmRegisters[i].Low.Low; - } + if(Sse != NULL) //If the feature is unsupported by the processor it will return NULL + { + for(int i = 0; i < MIN(FeatureLengthSse / sizeof(XmmRegister_t), _countof(titcontext->ZmmRegisters)); i++) + Sse[i] = titcontext->ZmmRegisters[i].Low.Low; + } - if (Avx != NULL) //If the feature is unsupported by the processor it will return NULL - { - for (int i = 0; i < MIN(FeatureLengthAvx / sizeof(XmmRegister_t), _countof(titcontext->ZmmRegisters)); i++) - Avx[i] = titcontext->ZmmRegisters[i].Low.High; - } + if(Avx != NULL) //If the feature is unsupported by the processor it will return NULL + { + for(int i = 0; i < MIN(FeatureLengthAvx / sizeof(XmmRegister_t), _countof(titcontext->ZmmRegisters)); i++) + Avx[i] = titcontext->ZmmRegisters[i].Low.High; + } - if (Avx512_ZMM_H != NULL) //If the feature is unsupported by the processor it will return NULL - { - for (int i = 0; i < MIN(FeatureLengthAvx512_ZMM_H / sizeof(YmmRegister_t), _countof(titcontext->ZmmRegisters)); i++) - Avx512_ZMM_H[i] = titcontext->ZmmRegisters[i].High; - } + if(Avx512_ZMM_H != NULL) //If the feature is unsupported by the processor it will return NULL + { + for(int i = 0; i < MIN(FeatureLengthAvx512_ZMM_H / sizeof(YmmRegister_t), _countof(titcontext->ZmmRegisters)); i++) + Avx512_ZMM_H[i] = titcontext->ZmmRegisters[i].High; + } - if (Avx512_ZMM != NULL) //If the feature is unsupported by the processor it will return NULL - { - for (int i = 0; i < MIN(FeatureLengthAvx512_ZMM / sizeof(ZmmRegister_t), _countof(titcontext->ZmmRegisters) - FeatureLengthAvx / sizeof(XmmRegister_t)); i++) - Avx512_ZMM[i] = titcontext->ZmmRegisters[i + FeatureLengthAvx / sizeof(XmmRegister_t)]; - } +#ifdef _WIN64 + if(Avx512_ZMM != NULL) //If the feature is unsupported by the processor it will return NULL + { + for(int i = 0; i < MIN(FeatureLengthAvx512_ZMM / sizeof(ZmmRegister_t), _countof(titcontext->ZmmRegisters) - FeatureLengthAvx / sizeof(XmmRegister_t)); i++) + Avx512_ZMM[i] = titcontext->ZmmRegisters[i + FeatureLengthAvx / sizeof(XmmRegister_t)]; + } +#endif // _WIN64 - if (Avx512_KMASK != NULL) //If the feature is unsupported by the processor it will return NULL - { - for (int i = 0; i < MIN(FeatureLengthAvx512_KMASK / sizeof(ULONGLONG), _countof(titcontext->Opmask)); i++) - Avx512_KMASK[i] = titcontext->Opmask[i]; - } + if(Avx512_KMASK != NULL) //If the feature is unsupported by the processor it will return NULL + { + for(int i = 0; i < MIN(FeatureLengthAvx512_KMASK / sizeof(ULONGLONG), _countof(titcontext->Opmask)); i++) + Avx512_KMASK[i] = titcontext->Opmask[i]; + } - return (SetThreadContext(hActiveThread, Context) == TRUE); + return (SetThreadContext(hActiveThread, Context) == TRUE); } static bool GetAVX512ContextFallbackToAVX(HANDLE hActiveThread, TITAN_ENGINE_CONTEXT_AVX512_t* titcontext) { - // Fall back to using AVX and fill the rest with 0 - TITAN_ENGINE_CONTEXT_t Avx; - memset(titcontext, 0, sizeof(*titcontext)); - if (GetAVXContext(hActiveThread, &Avx)) { - for (int i = 0; i < _countof(Avx.YmmRegisters); i++) - titcontext->ZmmRegisters[i].Low = Avx.YmmRegisters[i]; - return true; - } - else { - return false; - } + // Fall back to using AVX and fill the rest with 0 + TITAN_ENGINE_CONTEXT_t Avx; + memset(titcontext, 0, sizeof(*titcontext)); + if(GetAVXContext(hActiveThread, &Avx)) + { + for(int i = 0; i < _countof(Avx.YmmRegisters); i++) + titcontext->ZmmRegisters[i].Low = Avx.YmmRegisters[i]; + return true; + } + else + { + return false; + } } __declspec(dllexport) bool TITCALL GetAVX512Context(HANDLE hActiveThread, TITAN_ENGINE_CONTEXT_AVX512_t* titcontext) { - if (InitXState() == false) - return false; + if(InitXState() == false) + return false; - DWORD64 FeatureMask = _GetEnabledXStateFeatures(); - if ((FeatureMask & XSTATE_MASK_AVX512) == 0) //XSTATE_MASK_AVX512 - return GetAVX512ContextFallbackToAVX(hActiveThread, titcontext); + DWORD64 FeatureMask = _GetEnabledXStateFeatures(); + if((FeatureMask & XSTATE_MASK_AVX512) == 0) //XSTATE_MASK_AVX512 + return GetAVX512ContextFallbackToAVX(hActiveThread, titcontext); - DWORD ContextSize = 0; - BOOL Success = _InitializeContext(NULL, - CONTEXT_ALL | CONTEXT_XSTATE, - NULL, - &ContextSize); + DWORD ContextSize = 0; + BOOL Success = _InitializeContext(NULL, + CONTEXT_ALL | CONTEXT_XSTATE, + NULL, + &ContextSize); - if ((Success == TRUE) || (GetLastError() != ERROR_INSUFFICIENT_BUFFER)) - return false; + if((Success == TRUE) || (GetLastError() != ERROR_INSUFFICIENT_BUFFER)) + return false; - DynBuf dataBuffer(ContextSize); - PVOID Buffer = dataBuffer.GetPtr(); - if (Buffer == NULL) - return false; + DynBuf dataBuffer(ContextSize); + PVOID Buffer = dataBuffer.GetPtr(); + if(Buffer == NULL) + return false; - PCONTEXT Context; - Success = _InitializeContext(Buffer, - CONTEXT_ALL | CONTEXT_XSTATE, - &Context, - &ContextSize); - if (Success == FALSE) - return false; + PCONTEXT Context; + Success = _InitializeContext(Buffer, + CONTEXT_ALL | CONTEXT_XSTATE, + &Context, + &ContextSize); + if(Success == FALSE) + return false; - if (_SetXStateFeaturesMask(Context, XSTATE_MASK_AVX | XSTATE_MASK_AVX512) == FALSE) - return GetAVX512ContextFallbackToAVX(hActiveThread, titcontext); + if(_SetXStateFeaturesMask(Context, XSTATE_MASK_AVX | XSTATE_MASK_AVX512) == FALSE) + return GetAVX512ContextFallbackToAVX(hActiveThread, titcontext); - if (GetThreadContext(hActiveThread, Context) == FALSE) - return false; + if(GetThreadContext(hActiveThread, Context) == FALSE) + return false; - if (_GetXStateFeaturesMask(Context, &FeatureMask) == FALSE) - return false; + if(_GetXStateFeaturesMask(Context, &FeatureMask) == FALSE) + return false; - DWORD FeatureLengthSse; - DWORD FeatureLengthAvx; - DWORD FeatureLengthAvx512_KMASK; - DWORD FeatureLengthAvx512_ZMM_H; - DWORD FeatureLengthAvx512_ZMM; - XmmRegister_t* Sse = (XmmRegister_t*)_LocateXStateFeature(Context, XSTATE_LEGACY_SSE, &FeatureLengthSse); - XmmRegister_t* Avx = (XmmRegister_t*)_LocateXStateFeature(Context, XSTATE_AVX, &FeatureLengthAvx); - ULONGLONG* Avx512_KMASK = (ULONGLONG*)_LocateXStateFeature(Context, XSTATE_AVX512_KMASK, &FeatureLengthAvx512_KMASK); - ZmmRegister_t* Avx512_ZMM = (ZmmRegister_t *)_LocateXStateFeature(Context, XSTATE_AVX512_ZMM, &FeatureLengthAvx512_ZMM); - YmmRegister_t* Avx512_ZMM_H = (YmmRegister_t *)_LocateXStateFeature(Context, XSTATE_AVX512_ZMM_H, &FeatureLengthAvx512_ZMM_H); + DWORD FeatureLengthSse; + DWORD FeatureLengthAvx; + DWORD FeatureLengthAvx512_KMASK; + DWORD FeatureLengthAvx512_ZMM_H; + DWORD FeatureLengthAvx512_ZMM; + XmmRegister_t* Sse = (XmmRegister_t*)_LocateXStateFeature(Context, XSTATE_LEGACY_SSE, &FeatureLengthSse); + XmmRegister_t* Avx = (XmmRegister_t*)_LocateXStateFeature(Context, XSTATE_AVX, &FeatureLengthAvx); + ULONGLONG* Avx512_KMASK = (ULONGLONG*)_LocateXStateFeature(Context, XSTATE_AVX512_KMASK, &FeatureLengthAvx512_KMASK); + ZmmRegister_t* Avx512_ZMM = (ZmmRegister_t*)_LocateXStateFeature(Context, XSTATE_AVX512_ZMM, &FeatureLengthAvx512_ZMM); + YmmRegister_t* Avx512_ZMM_H = (YmmRegister_t*)_LocateXStateFeature(Context, XSTATE_AVX512_ZMM_H, &FeatureLengthAvx512_ZMM_H); - if (Sse != NULL) //If the feature is unsupported by the processor it will return NULL - { - for (int i = 0; i < MIN(FeatureLengthSse / sizeof(XmmRegister_t), _countof(titcontext->ZmmRegisters)); i++) - titcontext->ZmmRegisters[i].Low.Low = Sse[i]; - } + if(Sse != NULL) //If the feature is unsupported by the processor it will return NULL + { + for(int i = 0; i < MIN(FeatureLengthSse / sizeof(XmmRegister_t), _countof(titcontext->ZmmRegisters)); i++) + titcontext->ZmmRegisters[i].Low.Low = Sse[i]; + } - if (Avx != NULL) //If the feature is unsupported by the processor it will return NULL - { - for (int i = 0; i < MIN(FeatureLengthAvx / sizeof(XmmRegister_t), _countof(titcontext->ZmmRegisters)); i++) - titcontext->ZmmRegisters[i].Low.High = Avx[i]; - } + if(Avx != NULL) //If the feature is unsupported by the processor it will return NULL + { + for(int i = 0; i < MIN(FeatureLengthAvx / sizeof(XmmRegister_t), _countof(titcontext->ZmmRegisters)); i++) + titcontext->ZmmRegisters[i].Low.High = Avx[i]; + } - if (Avx512_ZMM_H != NULL) //If the feature is unsupported by the processor it will return NULL - { - for (int i = 0; i < MIN(FeatureLengthAvx512_ZMM_H / sizeof(YmmRegister_t), _countof(titcontext->ZmmRegisters)); i++) - titcontext->ZmmRegisters[i].High = Avx512_ZMM_H[i]; - } + if(Avx512_ZMM_H != NULL) //If the feature is unsupported by the processor it will return NULL + { + for(int i = 0; i < MIN(FeatureLengthAvx512_ZMM_H / sizeof(YmmRegister_t), _countof(titcontext->ZmmRegisters)); i++) + titcontext->ZmmRegisters[i].High = Avx512_ZMM_H[i]; + } - if (Avx512_ZMM != NULL) //If the feature is unsupported by the processor it will return NULL - { - for (int i = 0; i < MIN(FeatureLengthAvx512_ZMM / sizeof(ZmmRegister_t), _countof(titcontext->ZmmRegisters) - FeatureLengthAvx / sizeof(XmmRegister_t)); i++) - titcontext->ZmmRegisters[i + FeatureLengthAvx / sizeof(XmmRegister_t)] = Avx512_ZMM[i]; - } +#ifdef _WIN64 + if(Avx512_ZMM != NULL) //If the feature is unsupported by the processor it will return NULL + { + for(int i = 0; i < MIN(FeatureLengthAvx512_ZMM / sizeof(ZmmRegister_t), _countof(titcontext->ZmmRegisters) - FeatureLengthAvx / sizeof(XmmRegister_t)); i++) + titcontext->ZmmRegisters[i + FeatureLengthAvx / sizeof(XmmRegister_t)] = Avx512_ZMM[i]; + } +#endif // _WIN64 - if (Avx512_KMASK != NULL) //If the feature is unsupported by the processor it will return NULL - { - for (int i = 0; i < MIN(FeatureLengthAvx512_KMASK / sizeof(ULONGLONG), _countof(titcontext->Opmask)); i++) - titcontext->Opmask[i] = Avx512_KMASK[i]; - } + if(Avx512_KMASK != NULL) //If the feature is unsupported by the processor it will return NULL + { + for(int i = 0; i < MIN(FeatureLengthAvx512_KMASK / sizeof(ULONGLONG), _countof(titcontext->Opmask)); i++) + titcontext->Opmask[i] = Avx512_KMASK[i]; + } - return true; + return true; } diff --git a/TitanEngine/TitanEngine.Debugger.Control.cpp b/TitanEngine/TitanEngine.Debugger.Control.cpp index 3ee04fa..9807b66 100644 --- a/TitanEngine/TitanEngine.Debugger.Control.cpp +++ b/TitanEngine/TitanEngine.Debugger.Control.cpp @@ -38,15 +38,15 @@ __declspec(dllexport) void TITCALL ForceClose() __declspec(dllexport) void TITCALL StepInto(LPVOID StepCallBack) { EnterCriticalSection(&engineStepActiveCr); - if (!engineStepActive) + if(!engineStepActive) { ULONG_PTR ueCurrentPosition = GetContextData(UE_CIP); unsigned char instr[16]; MemoryReadSafe(dbgProcessInformation.hProcess, (void*)ueCurrentPosition, instr, sizeof(instr), 0); char* DisassembledString = (char*)StaticDisassembleEx(ueCurrentPosition, (LPVOID)instr); - if (strstr(DisassembledString, "PUSHF")) + if(strstr(DisassembledString, "PUSHF")) StepOver(StepCallBack); - else if (strstr(DisassembledString, "POP SS") || strstr(DisassembledString, "MOV SS")) //prevent the 'PUSH SS', 'POP SS' step trick + else if(strstr(DisassembledString, "POP SS") || strstr(DisassembledString, "MOV SS")) //prevent the 'PUSH SS', 'POP SS' step trick { ueCurrentPosition += StaticLengthDisassemble((void*)instr); SetBPX(ueCurrentPosition, UE_BREAKPOINT_TYPE_INT3 + UE_SINGLESHOOT, StepCallBack); diff --git a/TitanEngine/TitanEngine.Debugger.DebugLoop.cpp b/TitanEngine/TitanEngine.Debugger.DebugLoop.cpp index 1c8d78c..8ae71e2 100644 --- a/TitanEngine/TitanEngine.Debugger.DebugLoop.cpp +++ b/TitanEngine/TitanEngine.Debugger.DebugLoop.cpp @@ -16,12 +16,12 @@ static void engineStep() { EnterCriticalSection(&engineStepActiveCr); - if (engineStepActive) + if(engineStepActive) { DBGCode = DBG_CONTINUE; - if (engineStepCount == 0) + if(engineStepCount == 0) { - typedef void(TITCALL* fCustomBreakPoint)(void); + typedef void(TITCALL * fCustomBreakPoint)(void); auto cbStep = fCustomBreakPoint(engineStepCallBack); engineStepActive = false; engineStepCallBack = NULL; @@ -537,7 +537,7 @@ __declspec(dllexport) void TITCALL DebugLoop() CONTEXT myDBGContext; myDBGContext.ContextFlags = ContextControlFlags; GetThreadContext(hActiveThread, &myDBGContext); - if (FoundBreakPoint.BreakPointType != UE_SINGLESHOOT) + if(FoundBreakPoint.BreakPointType != UE_SINGLESHOOT) { myDBGContext.EFlags |= UE_TRAP_FLAG; synchronizedStep = true; @@ -1104,7 +1104,7 @@ __declspec(dllexport) void TITCALL DebugLoop() CONTEXT myDBGContext; myDBGContext.ContextFlags = ContextControlFlags; GetThreadContext(hActiveThread, &myDBGContext); - if (FoundBreakPoint.BreakPointType != UE_SINGLESHOOT) + if(FoundBreakPoint.BreakPointType != UE_SINGLESHOOT) { myDBGContext.EFlags |= UE_TRAP_FLAG; synchronizedStep = true; @@ -1285,10 +1285,10 @@ __declspec(dllexport) void TITCALL DebugLoop() continue; // Check if the thread is already suspended - if (SuspendedThreads.count(Thread.dwThreadId) != 0) + if(SuspendedThreads.count(Thread.dwThreadId) != 0) continue; - if (SuspendThread(Thread.hThread) != -1) + if(SuspendThread(Thread.hThread) != -1) SuspendedThreads.emplace(Thread.dwThreadId, Thread); } } diff --git a/TitanEngine/TitanEngine.Debugger.cpp b/TitanEngine/TitanEngine.Debugger.cpp index 57cfa25..cc439f5 100644 --- a/TitanEngine/TitanEngine.Debugger.cpp +++ b/TitanEngine/TitanEngine.Debugger.cpp @@ -156,31 +156,31 @@ static bool HollowProcessWithoutASLR(const wchar_t* szFileName, PROCESS_INFORMAT { bool success = false; auto hFile = CreateFileW(szFileName, GENERIC_READ, FILE_SHARE_READ, nullptr, OPEN_EXISTING, 0, nullptr); - if (hFile != INVALID_HANDLE_VALUE) + if(hFile != INVALID_HANDLE_VALUE) { // Retrieve image base and entry point DebugModuleImageBase = GetPE32DataW(szFileName, 0, UE_IMAGEBASE); DebugModuleEntryPoint = GetPE32DataW(szFileName, 0, UE_OEP); auto hMapping = CreateFileMappingW(hFile, nullptr, SEC_IMAGE | PAGE_READONLY, 0, 0, nullptr); - if (hMapping) + if(hMapping) { CONTEXT ctx; ctx.ContextFlags = CONTEXT_ALL; - if (GetThreadContext(pi.hThread, &ctx)) + if(GetThreadContext(pi.hThread, &ctx)) { PVOID imageBase; // TODO: support wow64 processes #ifdef _WIN64 - auto& pebRegister = ctx.Rdx; - auto& entryPointRegister = ctx.Rcx; + auto & pebRegister = ctx.Rdx; + auto & entryPointRegister = ctx.Rcx; #else - auto& pebRegister = ctx.Ebx; - auto& entryPointRegister = ctx.Eax; + auto & pebRegister = ctx.Ebx; + auto & entryPointRegister = ctx.Eax; #endif // _WIN64 - if (ReadProcessMemory(pi.hProcess, (char*)pebRegister + offsetof(PEB, ImageBaseAddress), &imageBase, sizeof(PVOID), nullptr)) + if(ReadProcessMemory(pi.hProcess, (char*)pebRegister + offsetof(PEB, ImageBaseAddress), &imageBase, sizeof(PVOID), nullptr)) { - if (ULONG_PTR(imageBase) == DebugModuleImageBase) + if(ULONG_PTR(imageBase) == DebugModuleImageBase) { // Already at the right base success = true; @@ -188,32 +188,32 @@ static bool HollowProcessWithoutASLR(const wchar_t* szFileName, PROCESS_INFORMAT else { auto status = NtUnmapViewOfSection(pi.hProcess, imageBase); - if (status == STATUS_SUCCESS) + if(status == STATUS_SUCCESS) { SIZE_T viewSize = 0; imageBase = PVOID(DebugModuleImageBase); status = NtMapViewOfSection(hMapping, pi.hProcess, &imageBase, 0, 0, nullptr, &viewSize, ViewUnmap, 0, PAGE_READONLY); - if (status == STATUS_CONFLICTING_ADDRESSES) + if(status == STATUS_CONFLICTING_ADDRESSES) { // Remap in a random location (otherwise the process will crash) imageBase = 0; status = NtMapViewOfSection(hMapping, pi.hProcess, &imageBase, 0, 0, nullptr, &viewSize, ViewUnmap, 0, PAGE_READONLY); } - if (status == STATUS_SUCCESS || status == STATUS_IMAGE_NOT_AT_BASE) + if(status == STATUS_SUCCESS || status == STATUS_IMAGE_NOT_AT_BASE) { auto pebOk = WriteProcessMemory(pi.hProcess, (char*)pebRegister + offsetof(PEB, ImageBaseAddress), &imageBase, sizeof(PVOID), nullptr); auto relocatedOk = RelocateImage(pi.hProcess, imageBase, viewSize); - if (pebOk && relocatedOk) + if(pebOk && relocatedOk) { auto expectedBase = DebugModuleImageBase == ULONG_PTR(imageBase); DebugModuleImageBase = ULONG_PTR(imageBase); entryPointRegister = DebugModuleImageBase + DebugModuleEntryPoint; - if (SetThreadContext(pi.hThread, &ctx)) + if(SetThreadContext(pi.hThread, &ctx)) { success = expectedBase; #ifndef _WIN64 // For Wow64 processes, also adjust the 64-bit PEB - if (IsThisProcessWow64() && !WriteProcessMemory(pi.hProcess, (char*)pebRegister - 0x1000 + 0x10, &imageBase, sizeof(PVOID), nullptr)) + if(IsThisProcessWow64() && !WriteProcessMemory(pi.hProcess, (char*)pebRegister - 0x1000 + 0x10, &imageBase, sizeof(PVOID), nullptr)) success = false; #endif // _WIN64 } @@ -286,11 +286,11 @@ retry_no_aslr: { if(engineDisableAslr) { - if (!HollowProcessWithoutASLR(szFileName, dbgProcessInformation)) + if(!HollowProcessWithoutASLR(szFileName, dbgProcessInformation)) { TerminateThread(dbgProcessInformation.hThread, STATUS_CONFLICTING_ADDRESSES); TerminateProcess(dbgProcessInformation.hProcess, STATUS_CONFLICTING_ADDRESSES); - if (retries++ < 10) + if(retries++ < 10) goto retry_no_aslr; memset(&dbgProcessInformation, 0, sizeof(PROCESS_INFORMATION)); return nullptr; diff --git a/TitanEngine/TitanEngine.Engine.cpp b/TitanEngine/TitanEngine.Engine.cpp index 62bbc4f..e75ec8b 100644 --- a/TitanEngine/TitanEngine.Engine.cpp +++ b/TitanEngine/TitanEngine.Engine.cpp @@ -51,7 +51,7 @@ __declspec(dllexport) void TITCALL SetEngineVariable(DWORD VariableId, bool Vari { engineDisableAslr = VariableSet; } - else if (VariableId == UE_ENGINE_SAFE_STEP) + else if(VariableId == UE_ENGINE_SAFE_STEP) { engineSafeStep = VariableSet; } diff --git a/TitanEngine/stdafx.h b/TitanEngine/stdafx.h index a2a67c1..ec53d5d 100644 --- a/TitanEngine/stdafx.h +++ b/TitanEngine/stdafx.h @@ -127,8 +127,8 @@ typedef struct typedef struct { - YmmRegister_t Low; //AVX part - YmmRegister_t High; //AVX-512 part + YmmRegister_t Low; //AVX part + YmmRegister_t High; //AVX-512 part } ZmmRegister_t; typedef struct @@ -199,11 +199,11 @@ typedef struct typedef struct { #ifdef _WIN64 - ZmmRegister_t ZmmRegisters[32]; + ZmmRegister_t ZmmRegisters[32]; #else // x86 - ZmmRegister_t ZmmRegisters[8]; + ZmmRegister_t ZmmRegisters[8]; #endif - ULONGLONG Opmask[8]; + ULONGLONG Opmask[8]; } TITAN_ENGINE_CONTEXT_AVX512_t; typedef struct