diff --git a/SDK/C/TitanEngine.h b/SDK/C/TitanEngine.h index 04188f8..00c0e58 100644 --- a/SDK/C/TitanEngine.h +++ b/SDK/C/TitanEngine.h @@ -796,6 +796,7 @@ __declspec(dllexport) long TITCALL ImporterAutoFixIATEx(DWORD ProcessId, char* s __declspec(dllexport) long TITCALL ImporterAutoFixIATExW(DWORD ProcessId, wchar_t* szDumpedFile, wchar_t* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, bool TryAutoFix, bool FixEliminations, LPVOID UnknownPointerFixCallback); __declspec(dllexport) long TITCALL ImporterAutoFixIAT(DWORD ProcessId, char* szDumpedFile, ULONG_PTR SearchStart); __declspec(dllexport) long TITCALL ImporterAutoFixIATW(DWORD ProcessId, wchar_t* szDumpedFile, ULONG_PTR SearchStart); +__declspec(dllexport) bool TITCALL ImporterDeleteAPI(DWORD_PTR apiAddr); // Global.Engine.Hook.functions: __declspec(dllexport) bool TITCALL HooksSafeTransitionEx(LPVOID HookAddressArray, int NumberOfHooks, bool TransitionStart); __declspec(dllexport) bool TITCALL HooksSafeTransition(LPVOID HookAddress, bool TransitionStart); diff --git a/SDK/CPP/TitanEngine.h b/SDK/CPP/TitanEngine.h index f2f1b5b..360e117 100644 --- a/SDK/CPP/TitanEngine.h +++ b/SDK/CPP/TitanEngine.h @@ -794,6 +794,7 @@ __declspec(dllimport) long TITCALL ImporterAutoFixIATEx(DWORD ProcessId, char* s __declspec(dllimport) long TITCALL ImporterAutoFixIATExW(DWORD ProcessId, wchar_t* szDumpedFile, char* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, bool TryAutoFix, bool FixEliminations, LPVOID UnknownPointerFixCallback); __declspec(dllimport) long TITCALL ImporterAutoFixIAT(DWORD ProcessId, char* szDumpedFile, ULONG_PTR SearchStart); __declspec(dllimport) long TITCALL ImporterAutoFixIATW(DWORD ProcessId, wchar_t* szDumpedFile, ULONG_PTR SearchStart); +__declspec(dllimport) bool TITCALL ImporterDeleteAPI(DWORD_PTR apiAddr); // Global.Engine.Hook.functions: __declspec(dllimport) bool TITCALL HooksSafeTransitionEx(LPVOID HookAddressArray, int NumberOfHooks, bool TransitionStart); __declspec(dllimport) bool TITCALL HooksSafeTransition(LPVOID HookAddress, bool TransitionStart); diff --git a/SDK/CPP/TitanEngine.hpp b/SDK/CPP/TitanEngine.hpp index 822ac2f..bf50761 100644 --- a/SDK/CPP/TitanEngine.hpp +++ b/SDK/CPP/TitanEngine.hpp @@ -1809,6 +1809,10 @@ protected: { UE::ImporterEnumAddedData((void*)EnumCallBack); } + static bool DeleteAPI(DWORD_PTR apiAddr) + { + return UE::ImporterDeleteAPI(apiAddr); + } }; class ImporterA @@ -1937,6 +1941,7 @@ public: using ImporterW::AutoSearchIAT; using ImporterX::AutoSearchIATEx; using ImporterX::EnumAddedData; + using ImporterX::DeleteAPI; using ImporterA::AutoFixIATEx; using ImporterW::AutoFixIATEx; using ImporterA::AutoFixIAT; diff --git a/TitanEngine/3rdparty-definitions.h b/TitanEngine/3rdparty-definitions.h index 86148d7..0f40b28 100644 --- a/TitanEngine/3rdparty-definitions.h +++ b/TitanEngine/3rdparty-definitions.h @@ -13,6 +13,7 @@ extern "C" { int scylla_searchIAT(DWORD pid, DWORD_PTR &iatStart, DWORD &iatSize, DWORD_PTR searchStart, bool advancedSearch); int scylla_getImports(DWORD_PTR iatAddr, DWORD iatSize, DWORD pid, LPVOID invalidImportCallback = NULL); bool scylla_importsValid(); +bool scylla_cutImport(DWORD_PTR apiAddr); int scylla_fixDump(WCHAR* dumpFile, WCHAR* iatFixFile, WCHAR* sectionName = L".scy"); int scylla_fixMappedDump(DWORD_PTR iatVA, DWORD_PTR FileMapVA, HANDLE hFileMap); #ifdef __cplusplus diff --git a/TitanEngine/TitanEngine.cpp b/TitanEngine/TitanEngine.cpp index 2fa4916..c227a68 100644 --- a/TitanEngine/TitanEngine.cpp +++ b/TitanEngine/TitanEngine.cpp @@ -19595,7 +19595,6 @@ __declspec(dllexport) long TITCALL ImporterAutoFixIATExW(DWORD ProcessId, wchar_ scylla_getImports(iatStart, iatSize, ProcessId, UnknownPointerFixCallback); if(!scylla_importsValid()) { - //TODO call UnknownPointerFixCallback for every bad import, scylla_wrapper needs to be enhanced tho return (0x405); } @@ -19628,6 +19627,10 @@ __declspec(dllexport) long TITCALL ImporterAutoFixIATW(DWORD ProcessId, wchar_t* { return(ImporterAutoFixIATExW(ProcessId, szDumpedFile, L".RL!TEv2", false, false, NULL, NULL, SearchStart, false, false, NULL)); } +__declspec(dllexport) bool TITCALL ImporterDeleteAPI(DWORD_PTR apiAddr) +{ + return scylla_cutImport(apiAddr); +} // Internal.Engine.Hook.functions: bool ProcessHookScanAddNewHook(PHOOK_ENTRY HookDetails, void* ptrOriginalInstructions, PLIBRARY_ITEM_DATAW ModuleInformation, DWORD SizeOfImage) { diff --git a/TitanEngine/definitions.h b/TitanEngine/definitions.h index 3148be3..8a13af7 100644 --- a/TitanEngine/definitions.h +++ b/TitanEngine/definitions.h @@ -295,6 +295,7 @@ __declspec(dllexport) long TITCALL ImporterAutoFixIATEx(DWORD ProcessId, char* s __declspec(dllexport) long TITCALL ImporterAutoFixIATExW(DWORD ProcessId, wchar_t* szDumpedFile, wchar_t* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, bool TryAutoFix, bool FixEliminations, LPVOID UnknownPointerFixCallback); __declspec(dllexport) long TITCALL ImporterAutoFixIAT(DWORD ProcessId, char* szDumpedFile, ULONG_PTR SearchStart); __declspec(dllexport) long TITCALL ImporterAutoFixIATW(DWORD ProcessId, wchar_t* szDumpedFile, ULONG_PTR SearchStart); +__declspec(dllexport) bool TITCALL ImporterDeleteAPI(DWORD_PTR apiAddr); // Global.Engine.Hook.functions: __declspec(dllexport) bool TITCALL HooksSafeTransitionEx(LPVOID HookAddressArray, int NumberOfHooks, bool TransitionStart); __declspec(dllexport) bool TITCALL HooksSafeTransition(LPVOID HookAddress, bool TransitionStart); diff --git a/TitanEngine/scylla_wrapper_x86.lib b/TitanEngine/scylla_wrapper_x86.lib index e703b17..8f511b9 100644 Binary files a/TitanEngine/scylla_wrapper_x86.lib and b/TitanEngine/scylla_wrapper_x86.lib differ diff --git a/TitanEngine/scylla_wrapperd_x86.lib b/TitanEngine/scylla_wrapperd_x86.lib index cddbe7f..6ba4ae8 100644 Binary files a/TitanEngine/scylla_wrapperd_x86.lib and b/TitanEngine/scylla_wrapperd_x86.lib differ