- updated readme (basically it says: LUA, Python and MASM are not tested with these updates)

- re-added UE_HIDE_PEBONLY (thanks to cypherpunk for the report)
2013-10-13 23:39:06 +02:00 · 2013-10-13 23:39:06 +02:00 · 0a2d5747b6
parent 071841d3da
commit 0a2d5747b6
10 changed files with 6 additions and 3 deletions
--- a/Release/x32/TitanEngine.dll
+++ b/Release/x32/TitanEngine.dll
--- a/Release/x32/TitanEngine.exp
+++ b/Release/x32/TitanEngine.exp
--- a/Release/x32/TitanEngine.lib
+++ b/Release/x32/TitanEngine.lib
--- a/Release/x64/TitanEngine.dll
+++ b/Release/x64/TitanEngine.dll
--- a/Release/x64/TitanEngine.exp
+++ b/Release/x64/TitanEngine.exp
--- a/Release/x64/TitanEngine.lib
+++ b/Release/x64/TitanEngine.lib
--- a/SDK/C/TitanEngine.h
+++ b/SDK/C/TitanEngine.h
@ -17,6 +17,7 @@
 #define UE_ACCESS_WRITE 1
 #define UE_ACCESS_ALL 2
 #define UE_HIDE_PEBONLY 0
 #define UE_HIDE_BASIC 1
 #define UE_PLUGIN_CALL_REASON_PREDEBUG 1
--- a/SDK/CPP/TitanEngine.h
+++ b/SDK/CPP/TitanEngine.h
@ -17,6 +17,7 @@ const BYTE UE_ACCESS_READ = 0;
 const BYTE UE_ACCESS_WRITE = 1;
 const BYTE UE_ACCESS_ALL = 2;
 const BYTE UE_HIDE_PEBONLY = 0;
 const BYTE UE_HIDE_BASIC = 1;
 const BYTE UE_PLUGIN_CALL_REASON_PREDEBUG = 1;
--- a/TitanEngine/TitanEngine.cpp
+++ b/TitanEngine/TitanEngine.cpp
@ -10439,7 +10439,6 @@ __declspec(dllexport) bool TITCALL IsFileDLLW(wchar_t* szFileName, ULONG_PTR Fil
 // Global.Engine.Hider.functions:
 bool ChangeHideDebuggerState(HANDLE hProcess, DWORD PatchAPILevel, bool Hide)
 {
    ULONG_PTR AddressOfPEB = NULL;
    ULONG_PTR ueNumberOfBytesRead = NULL;
    BYTE patchCheckRemoteDebuggerPresent[5] = {0x33, 0xC0, 0xC2, 0x08, 0x00};
@ -10460,7 +10459,7 @@ bool ChangeHideDebuggerState(HANDLE hProcess, DWORD PatchAPILevel, bool Hide)
                myPEB.NtGlobalFlag = NULL;
                if(WriteProcessMemory(hProcess, (void*)AddressOfPEB, (void*)&myPEB, sizeof NTPEB, &ueNumberOfBytesRead))
                {
-                    if(PatchAPILevel >= 1)
+                    if(PatchAPILevel == UE_HIDE_BASIC)
                    {
                        APIPatchAddress = (ULONG_PTR)EngineGlobalAPIHandler(hProcess, NULL, (ULONG_PTR)GetProcAddress(GetModuleHandleA("kernel32.dll"),"CheckRemoteDebuggerPresent"), NULL, UE_OPTION_IMPORTER_REALIGN_APIADDRESS);
                        VirtualQueryEx(dbgProcessInformation.hProcess, (LPVOID)APIPatchAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
@ -10486,7 +10485,7 @@ bool ChangeHideDebuggerState(HANDLE hProcess, DWORD PatchAPILevel, bool Hide)
                myPEB.BeingDebugged = true;
                if(WriteProcessMemory(hProcess, (void*)AddressOfPEB, (void*)&myPEB, sizeof NTPEB, &ueNumberOfBytesRead))
                {
-                    if(PatchAPILevel >= 1)
+                    if(PatchAPILevel == UE_HIDE_BASIC)
                    {
                        APIPatchAddress = (ULONG_PTR)EngineGlobalAPIHandler(hProcess, NULL, (ULONG_PTR)GetProcAddress(GetModuleHandleA("kernel32.dll"),"CheckRemoteDebuggerPresent"), NULL, UE_OPTION_IMPORTER_REALIGN_APIADDRESS);
                        VirtualQueryEx(dbgProcessInformation.hProcess, (LPVOID)APIPatchAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
--- a/readme.txt
+++ b/readme.txt
@ -14,3 +14,5 @@ The following things have been fixed/added (list might be incomplete):
 - supports multiple calling conventions (including the callbacks)
 - MinGW import libraries
 - fixed exception handling
 NOTE: LUA, Python, MASM and Delphi might not work correctly.