diff --git a/Release/x32/TitanEngine.dll b/Release/x32/TitanEngine.dll index 5e4c6b5..5b7a5f7 100644 Binary files a/Release/x32/TitanEngine.dll and b/Release/x32/TitanEngine.dll differ diff --git a/Release/x32/TitanEngine.exp b/Release/x32/TitanEngine.exp index e45c0f0..d710098 100644 Binary files a/Release/x32/TitanEngine.exp and b/Release/x32/TitanEngine.exp differ diff --git a/Release/x32/TitanEngine.lib b/Release/x32/TitanEngine.lib index 43446ff..59d60ee 100644 Binary files a/Release/x32/TitanEngine.lib and b/Release/x32/TitanEngine.lib differ diff --git a/Release/x64/TitanEngine.dll b/Release/x64/TitanEngine.dll index fe05f20..ca11f2a 100644 Binary files a/Release/x64/TitanEngine.dll and b/Release/x64/TitanEngine.dll differ diff --git a/Release/x64/TitanEngine.exp b/Release/x64/TitanEngine.exp index 4ec175e..895c4cd 100644 Binary files a/Release/x64/TitanEngine.exp and b/Release/x64/TitanEngine.exp differ diff --git a/Release/x64/TitanEngine.lib b/Release/x64/TitanEngine.lib index 608ad04..3d8ed8c 100644 Binary files a/Release/x64/TitanEngine.lib and b/Release/x64/TitanEngine.lib differ diff --git a/SDK/C/TitanEngine.h b/SDK/C/TitanEngine.h index 4e84cb6..9e256df 100644 --- a/SDK/C/TitanEngine.h +++ b/SDK/C/TitanEngine.h @@ -17,6 +17,7 @@ #define UE_ACCESS_WRITE 1 #define UE_ACCESS_ALL 2 +#define UE_HIDE_PEBONLY 0 #define UE_HIDE_BASIC 1 #define UE_PLUGIN_CALL_REASON_PREDEBUG 1 diff --git a/SDK/CPP/TitanEngine.h b/SDK/CPP/TitanEngine.h index bb6da66..47cd4f1 100644 --- a/SDK/CPP/TitanEngine.h +++ b/SDK/CPP/TitanEngine.h @@ -17,6 +17,7 @@ const BYTE UE_ACCESS_READ = 0; const BYTE UE_ACCESS_WRITE = 1; const BYTE UE_ACCESS_ALL = 2; +const BYTE UE_HIDE_PEBONLY = 0; const BYTE UE_HIDE_BASIC = 1; const BYTE UE_PLUGIN_CALL_REASON_PREDEBUG = 1; diff --git a/TitanEngine/TitanEngine.cpp b/TitanEngine/TitanEngine.cpp index 7c9325b..2026d0b 100644 --- a/TitanEngine/TitanEngine.cpp +++ b/TitanEngine/TitanEngine.cpp @@ -10439,7 +10439,6 @@ __declspec(dllexport) bool TITCALL IsFileDLLW(wchar_t* szFileName, ULONG_PTR Fil // Global.Engine.Hider.functions: bool ChangeHideDebuggerState(HANDLE hProcess, DWORD PatchAPILevel, bool Hide) { - ULONG_PTR AddressOfPEB = NULL; ULONG_PTR ueNumberOfBytesRead = NULL; BYTE patchCheckRemoteDebuggerPresent[5] = {0x33, 0xC0, 0xC2, 0x08, 0x00}; @@ -10460,7 +10459,7 @@ bool ChangeHideDebuggerState(HANDLE hProcess, DWORD PatchAPILevel, bool Hide) myPEB.NtGlobalFlag = NULL; if(WriteProcessMemory(hProcess, (void*)AddressOfPEB, (void*)&myPEB, sizeof NTPEB, &ueNumberOfBytesRead)) { - if(PatchAPILevel >= 1) + if(PatchAPILevel == UE_HIDE_BASIC) { APIPatchAddress = (ULONG_PTR)EngineGlobalAPIHandler(hProcess, NULL, (ULONG_PTR)GetProcAddress(GetModuleHandleA("kernel32.dll"),"CheckRemoteDebuggerPresent"), NULL, UE_OPTION_IMPORTER_REALIGN_APIADDRESS); VirtualQueryEx(dbgProcessInformation.hProcess, (LPVOID)APIPatchAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); @@ -10486,7 +10485,7 @@ bool ChangeHideDebuggerState(HANDLE hProcess, DWORD PatchAPILevel, bool Hide) myPEB.BeingDebugged = true; if(WriteProcessMemory(hProcess, (void*)AddressOfPEB, (void*)&myPEB, sizeof NTPEB, &ueNumberOfBytesRead)) { - if(PatchAPILevel >= 1) + if(PatchAPILevel == UE_HIDE_BASIC) { APIPatchAddress = (ULONG_PTR)EngineGlobalAPIHandler(hProcess, NULL, (ULONG_PTR)GetProcAddress(GetModuleHandleA("kernel32.dll"),"CheckRemoteDebuggerPresent"), NULL, UE_OPTION_IMPORTER_REALIGN_APIADDRESS); VirtualQueryEx(dbgProcessInformation.hProcess, (LPVOID)APIPatchAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); diff --git a/readme.txt b/readme.txt index 5f67952..1ab4650 100644 --- a/readme.txt +++ b/readme.txt @@ -14,3 +14,5 @@ The following things have been fixed/added (list might be incomplete): - supports multiple calling conventions (including the callbacks) - MinGW import libraries - fixed exception handling + +NOTE: LUA, Python, MASM and Delphi might not work correctly. \ No newline at end of file