Merged in Mattiwatti/titanengine/native-debug-init (pull request #12)

Add InitNativeDebug API

SDK/C/TitanEngine.h

@@ -823,6 +823,8 @@ __declspec(dllexport) long TITCALL LengthDisassembleEx(HANDLE hProcess, LPVOID D
 __declspec(dllexport) long TITCALL LengthDisassemble(LPVOID DisassmAddress);
 __declspec(dllexport) void* TITCALL InitDebug(char* szFileName, char* szCommandLine, char* szCurrentFolder);
 __declspec(dllexport) void* TITCALL InitDebugW(const wchar_t* szFileName, const wchar_t* szCommandLine, const wchar_t* szCurrentFolder);
+__declspec(dllexport) void* TITCALL InitNativeDebug(char* szFileName, char* szCommandLine, char* szCurrentFolder);
+__declspec(dllexport) void* TITCALL InitNativeDebugW(const wchar_t* szFileName, const wchar_t* szCommandLine, const wchar_t* szCurrentFolder);
 __declspec(dllexport) void* TITCALL InitDebugEx(const char* szFileName, const char* szCommandLine, const char* szCurrentFolder, LPVOID EntryCallBack);
 __declspec(dllexport) void* TITCALL InitDebugExW(const wchar_t* szFileName, const wchar_t* szCommandLine, const wchar_t* szCurrentFolder, LPVOID EntryCallBack);
 __declspec(dllexport) void* TITCALL InitDLLDebug(const char* szFileName, bool ReserveModuleBase, const char* szCommandLine, const char* szCurrentFolder, LPVOID EntryCallBack);

SDK/CPP/TitanEngine.h

@@ -677,6 +677,8 @@ __declspec(dllimport) long TITCALL LengthDisassembleEx(HANDLE hProcess, LPVOID D
 __declspec(dllimport) long TITCALL LengthDisassemble(LPVOID DisassmAddress);
 __declspec(dllimport) void* TITCALL InitDebug(char* szFileName, char* szCommandLine, char* szCurrentFolder);
 __declspec(dllimport) void* TITCALL InitDebugW(wchar_t* szFileName, wchar_t* szCommandLine, wchar_t* szCurrentFolder);
+__declspec(dllimport) void* TITCALL InitNativeDebug(char* szFileName, char* szCommandLine, char* szCurrentFolder);
+__declspec(dllimport) void* TITCALL InitNativeDebugW(wchar_t* szFileName, wchar_t* szCommandLine, wchar_t* szCurrentFolder);
 __declspec(dllimport) void* TITCALL InitDebugEx(char* szFileName, char* szCommandLine, char* szCurrentFolder, LPVOID EntryCallBack);
 __declspec(dllimport) void* TITCALL InitDebugExW(wchar_t* szFileName, wchar_t* szCommandLine, wchar_t* szCurrentFolder, LPVOID EntryCallBack);
 __declspec(dllimport) void* TITCALL InitDLLDebug(char* szFileName, bool ReserveModuleBase, char* szCommandLine, char* szCurrentFolder, LPVOID EntryCallBack);

SDK/CPP/TitanEngine.hpp

@@ -1491,6 +1491,10 @@ public:
     {
         return (const PROCESS_INFORMATION*)UE::InitDebug((char*)szFileName, (char*)szCommandLine, (char*)szCurrentFolder);
     }
+    static const PROCESS_INFORMATION* InitNativeDebug(const char* szFileName, const char* szCommandLine, const char* szCurrentFolder)
+    {
+        return (const PROCESS_INFORMATION*)UE::InitNativeDebug((char*)szFileName, (char*)szCommandLine, (char*)szCurrentFolder);
+    }
     static const PROCESS_INFORMATION* InitDebugEx(const char* szFileName, const char* szCommandLine, const char* szCurrentFolder, DebuggerX::fBreakPointCallback EntryCallBack)
     {
         return (const PROCESS_INFORMATION*)UE::InitDebugEx((char*)szFileName, (char*)szCommandLine, (char*)szCurrentFolder, (void*)EntryCallBack);
@@ -1513,6 +1517,10 @@ public:
     {
         return (const PROCESS_INFORMATION*)UE::InitDebugW((wchar_t*)szFileName, (wchar_t*)szCommandLine, (wchar_t*)szCurrentFolder);
     }
+    static const PROCESS_INFORMATION* InitNativeDebug(const wchar_t* szFileName, const wchar_t* szCommandLine, const wchar_t* szCurrentFolder)
+    {
+        return (const PROCESS_INFORMATION*)UE::InitNativeDebugW((wchar_t*)szFileName, (wchar_t*)szCommandLine, (wchar_t*)szCurrentFolder);
+    }
     static const PROCESS_INFORMATION* InitDebugEx(const wchar_t* szFileName, const wchar_t* szCommandLine, const wchar_t* szCurrentFolder, DebuggerX::fBreakPointCallback EntryCallBack)
     {
         return (const PROCESS_INFORMATION*)UE::InitDebugExW((wchar_t*)szFileName, (wchar_t*)szCommandLine, (wchar_t*)szCurrentFolder, (void*)EntryCallBack);

SDK/Delphi/TitanEngine.pas

@@ -507,6 +507,7 @@ const
   function LengthDisassembleEx(hProcess:THandle; DisassmAddress:Pointer):LongInt; stdcall;  external 'TitanEngine.dll' name 'LengthDisassembleEx';
   function LengthDisassemble(DisassmAddress:Pointer):LongInt; stdcall;  external 'TitanEngine.dll' name 'LengthDisassemble';
   function InitDebug(szFileName,szCommandLine,szCurrentFolder:PAnsiChar): Pointer; stdcall; external 'TitanEngine.dll' name 'InitDebug';
+  function InitNativeDebug(szFileName,szCommandLine,szCurrentFolder:PAnsiChar): Pointer; stdcall; external 'TitanEngine.dll' name 'InitNonWin32Debug';
   function InitDebugEx(szFileName,szCommandLine,szCurrentFolder:PAnsiChar; EntryCallBack:Pointer): Pointer; stdcall; external 'TitanEngine.dll' name 'InitDebugEx';
   function InitDLLDebug(szFileName:PAnsiChar; ReserveModuleBase:boolean; szCommandLine,szCurrentFolder:PAnsiChar; EntryCallBack:Pointer): Pointer; stdcall; external 'TitanEngine.dll' name 'InitDLLDebug';
   function StopDebug(): Boolean; stdcall; external 'TitanEngine.dll' name 'StopDebug';

SDK/LUA/TitanEngine.lua

@@ -783,6 +783,9 @@ PROCESS_INFORMATION = alien.defstruct{
 -- __declspec(dllexport) void* __stdcall InitDebug(char* szFileName, char* szCommandLine, char* szCurrentFolder);
 	TitanEngine.InitDebug:types {"string","string","string",abi="stdcall",ret="pointer"}
 	TE_InitDebug = TitanEngine.InitDebug
+-- __declspec(dllexport) void* __stdcall InitNativeDebug(char* szFileName, char* szCommandLine, char* szCurrentFolder);
+	TitanEngine.InitNativeDebug:types {"string","string","string",abi="stdcall",ret="pointer"}
+	InitNativeDebug = TitanEngine.InitNativeDebug
 -- __declspec(dllexport) void* __stdcall InitDebugEx(char* szFileName, char* szCommandLine, char* szCurrentFolder, LPVOID EntryCallBack);
 	TitanEngine.InitDebugEx:types {"string","string","string","callback",abi="stdcall",ret="pointer"}
 	TE_InitDebugEx = TitanEngine.InitDebugEx

SDK/MASM/TitanEngine.INC

@@ -560,6 +560,8 @@ LengthDisassembleEx proto stdcall :HANDLE, :LPVOID
 LengthDisassemble proto stdcall :LPVOID
 InitDebug proto stdcall :ptr SBYTE, :ptr SBYTE, :ptr SBYTE
 InitDebugW proto stdcall :ptr WORD, :ptr WORD, :ptr WORD
+InitNativeDebug proto stdcall :ptr SBYTE, :ptr SBYTE, :ptr SBYTE
+InitNativeDebugW proto stdcall :ptr WORD, :ptr WORD, :ptr WORD
 InitDebugEx proto stdcall :ptr SBYTE, :ptr SBYTE, :ptr SBYTE, :LPVOID
 InitDebugExW proto stdcall :ptr WORD, :ptr WORD, :ptr WORD, :LPVOID
 InitDLLDebug proto stdcall :ptr SBYTE, :bool, :ptr SBYTE, :ptr SBYTE, :LPVOID

SDK/Python/TitanEngine.py

@@ -648,6 +648,8 @@ TE.ThreaderGetThreadInfo.restype = POINTER(THREAD_ITEM_DATA)
 
 TE.InitDebug.restype = POINTER(PROCESS_INFORMATION)
 TE.InitDebugW.restype = POINTER(PROCESS_INFORMATION)
+TE.InitNativeDebug.restype = POINTER(PROCESS_INFORMATION)
+TE.InitNativeDebugW.restype = POINTER(PROCESS_INFORMATION)
 TE.InitDebugEx.restype = POINTER(PROCESS_INFORMATION)
 TE.InitDebugExW.restype = POINTER(PROCESS_INFORMATION)
 TE.InitDLLDebug.restype = POINTER(PROCESS_INFORMATION)

TitanEngine/TitanEngine.Debugger.cpp

@@ -99,6 +99,307 @@ __declspec(dllexport) void* TITCALL InitDebugW(wchar_t* szFileName, wchar_t* szC
     }
 }
 
+__declspec(dllexport) void* TITCALL InitNativeDebug(char* szFileName, char* szCommandLine, char* szCurrentFolder)
+{
+    wchar_t* PtrUniFileName = NULL;
+    wchar_t uniFileName[MAX_PATH] = {};
+    wchar_t* PtrUniCommandLine = NULL;
+    wchar_t uniCommandLine[MAX_PATH] = {};
+    wchar_t* PtrUniCurrentFolder = NULL;
+    wchar_t uniCurrentFolder[MAX_PATH] = {};
+
+    if(szFileName != NULL)
+    {
+        MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
+        MultiByteToWideChar(CP_ACP, NULL, szCommandLine, lstrlenA(szCommandLine) + 1, uniCommandLine, sizeof(uniCommandLine) / (sizeof(uniCommandLine[0])));
+        MultiByteToWideChar(CP_ACP, NULL, szCurrentFolder, lstrlenA(szCurrentFolder) + 1, uniCurrentFolder, sizeof(uniCurrentFolder) / (sizeof(uniCurrentFolder[0])));
+        if(szFileName != NULL)
+        {
+            PtrUniFileName = &uniFileName[0];
+        }
+        if(szCommandLine != NULL)
+        {
+            PtrUniCommandLine = &uniCommandLine[0];
+        }
+        if(szCurrentFolder != NULL)
+        {
+            PtrUniCurrentFolder = &uniCurrentFolder[0];
+        }
+        return(InitNativeDebugW(PtrUniFileName, PtrUniCommandLine, PtrUniCurrentFolder));
+    }
+    else
+    {
+        return NULL;
+    }
+}
+
+__declspec(dllexport) void* TITCALL InitNativeDebugW(wchar_t* szFileName, wchar_t* szCommandLine, wchar_t* szCurrentFolder)
+{
+    typedef
+    NTSTATUS
+    (NTAPI *
+     t_RtlCreateProcessParametersEx)(
+         _Out_ PRTL_USER_PROCESS_PARAMETERS * pProcessParameters,
+         _In_ PUNICODE_STRING ImagePathName,
+         _In_opt_ PUNICODE_STRING DllPath,
+         _In_opt_ PUNICODE_STRING CurrentDirectory,
+         _In_opt_ PUNICODE_STRING CommandLine,
+         _In_opt_ PVOID Environment,
+         _In_opt_ PUNICODE_STRING WindowTitle,
+         _In_opt_ PUNICODE_STRING DesktopInfo,
+         _In_opt_ PUNICODE_STRING ShellInfo,
+         _In_opt_ PUNICODE_STRING RuntimeData,
+         _In_ ULONG Flags
+     );
+
+    typedef
+    NTSTATUS
+    (NTAPI *
+     t_NtCreateUserProcess)(
+         _Out_ PHANDLE ProcessHandle,
+         _Out_ PHANDLE ThreadHandle,
+         _In_ ACCESS_MASK ProcessDesiredAccess,
+         _In_ ACCESS_MASK ThreadDesiredAccess,
+         _In_opt_ POBJECT_ATTRIBUTES ProcessObjectAttributes,
+         _In_opt_ POBJECT_ATTRIBUTES ThreadObjectAttributes,
+         _In_ ULONG ProcessFlags,
+         _In_ ULONG ThreadFlags,
+         _In_ PRTL_USER_PROCESS_PARAMETERS ProcessParameters,
+         _Inout_ PPS_CREATE_INFO CreateInfo,
+         _In_ PPS_ATTRIBUTE_LIST AttributeList
+     );
+
+    HMODULE Ntdll = GetModuleHandleW(L"ntdll.dll");
+    t_RtlCreateProcessParametersEx fnRtlCreateProcessParametersEx =
+        (t_RtlCreateProcessParametersEx)GetProcAddress(Ntdll, "RtlCreateProcessParametersEx");
+    t_NtCreateUserProcess fnNtCreateUserProcess =
+        (t_NtCreateUserProcess)GetProcAddress(Ntdll, "NtCreateUserProcess");
+
+    // NtCreateUserProcess requires Vista or higher
+    if(fnRtlCreateProcessParametersEx == NULL || fnNtCreateUserProcess == NULL)
+    {
+        RtlSetLastWin32Error(ERROR_NOT_SUPPORTED);
+        return NULL;
+    }
+
+    RtlZeroMemory(&dbgProcessInformation, sizeof(PROCESS_INFORMATION));
+    HANDLE ProcessHandle = NULL, ThreadHandle = NULL;
+    UNICODE_STRING CommandLine = { 0 };
+    PUNICODE_STRING PtrCurrentDirectory = NULL;
+
+    // Convert the application path to its NT equivalent
+    UNICODE_STRING ImagePath, NtImagePath;
+    RtlInitUnicodeString(&ImagePath, szFileName);
+    if(!RtlDosPathNameToNtPathName_U(ImagePath.Buffer,
+                                     &NtImagePath,
+                                     NULL,
+                                     NULL))
+    {
+        RtlSetLastWin32Error(ERROR_PATH_NOT_FOUND);
+        return NULL;
+    }
+
+    // Enable SE_DEBUG if needed
+    const LONG SE_DEBUG_PRIVILEGE = 20L;
+    BOOLEAN SeDebugWasEnabled = FALSE;
+    NTSTATUS Status = STATUS_SUCCESS;
+    if(engineEnableDebugPrivilege)
+    {
+        Status = RtlAdjustPrivilege(SE_DEBUG_PRIVILEGE,
+                                    TRUE,
+                                    FALSE,
+                                    &SeDebugWasEnabled);
+        DebugRemoveDebugPrivilege = true;
+    }
+    if(!NT_SUCCESS(Status))
+        goto finished;
+
+    // Convert command line and directory to UNICODE_STRING if present
+    SIZE_T ArgumentsLength = szCommandLine != NULL ? lstrlenW(szCommandLine) : 0;
+    SIZE_T BufferSize = ImagePath.Length + ((ArgumentsLength + 4) * sizeof(wchar_t));
+    CommandLine.Buffer = (PWSTR)RtlAllocateHeap(RtlProcessHeap(), HEAP_ZERO_MEMORY, BufferSize * 10);
+    CommandLine.MaximumLength = (USHORT)BufferSize;
+    RtlAppendUnicodeToString(&CommandLine, L"\"");
+    RtlAppendUnicodeStringToString(&CommandLine, &ImagePath);
+    RtlAppendUnicodeToString(&CommandLine, L"\"");
+    if(ArgumentsLength > 0)
+    {
+        RtlAppendUnicodeToString(&CommandLine, L" ");
+        RtlAppendUnicodeToString(&CommandLine, szCommandLine);
+    }
+
+    if(szCurrentFolder != NULL && lstrlenW(szCurrentFolder) > 0)
+    {
+        UNICODE_STRING WorkingDirectory;
+        RtlInitUnicodeString(&WorkingDirectory, szCurrentFolder);
+        PtrCurrentDirectory = &WorkingDirectory;
+    }
+
+    // Create the process parameter block
+    PRTL_USER_PROCESS_PARAMETERS ProcessParameters = NULL;
+    PRTL_USER_PROCESS_PARAMETERS OwnParameters = NtCurrentPeb()->ProcessParameters;
+    Status = fnRtlCreateProcessParametersEx(&ProcessParameters,
+                                            &ImagePath,
+                                            NULL,                        // Create a new DLL path
+                                            PtrCurrentDirectory,
+                                            &CommandLine,
+                                            NULL,                        // If null, a new environment will be created
+                                            &ImagePath,                  // Window title is the exe path - needed for console apps
+                                            &OwnParameters->DesktopInfo, // Copy our desktop name
+                                            NULL,
+                                            NULL,
+                                            RTL_USER_PROCESS_PARAMETERS_NORMALIZED);
+    if(!NT_SUCCESS(Status))
+        goto finished;
+
+    // Clear the current directory because we're not inheriting handles
+    ProcessParameters->CurrentDirectory.Handle = NULL;
+
+    // Default to CREATE_NEW_CONSOLE behaviour
+    ProcessParameters->ConsoleHandle = HANDLE_CREATE_NEW_CONSOLE;
+    ProcessParameters->ShowWindowFlags = STARTF_USESHOWWINDOW | SW_SHOWDEFAULT;
+
+    // Create a debug port object
+    OBJECT_ATTRIBUTES ObjectAttributes;
+    InitializeObjectAttributes(&ObjectAttributes, NULL, 0, NULL, NULL);
+    HANDLE DebugPort = NULL;
+    Status = NtCreateDebugObject(&DebugPort,
+                                 DEBUG_ALL_ACCESS,
+                                 &ObjectAttributes,
+                                 DEBUG_KILL_ON_CLOSE);
+    if(!NT_SUCCESS(Status))
+    {
+        RtlDestroyProcessParameters(ProcessParameters);
+        goto finished;
+    }
+
+    // Store the debug port handle in our TEB. The kernel uses this field
+    NtCurrentTeb()->DbgSsReserved[1] = DebugPort;
+
+    // Initialize the PS_CREATE_INFO structure
+    PS_CREATE_INFO CreateInfo;
+    RtlZeroMemory(&CreateInfo, sizeof(CreateInfo));
+    CreateInfo.Size = sizeof(CreateInfo);
+    CreateInfo.State = PsCreateInitialState;
+    CreateInfo.InitState.u1.s1.WriteOutputOnExit = TRUE;
+    CreateInfo.InitState.u1.s1.DetectManifest = TRUE;
+    CreateInfo.InitState.u1.s1.ProhibitedImageCharacteristics = 0; // Normally: IMAGE_FILE_DLL (disallow executing DLLs)
+    CreateInfo.InitState.AdditionalFileAccess = FILE_READ_ATTRIBUTES | FILE_READ_DATA;
+
+    // Initialize the PS_ATTRIBUTE_LIST that contains the process creation attributes
+    const SIZE_T NumAttributes = 3;
+    const SIZE_T AttributesSize = sizeof(SIZE_T) + NumAttributes * sizeof(PS_ATTRIBUTE);
+    PPS_ATTRIBUTE_LIST AttributeList = reinterpret_cast<PPS_ATTRIBUTE_LIST>(
+                                           RtlAllocateHeap(RtlProcessHeap(),
+                                                   HEAP_ZERO_MEMORY, // Not optional
+                                                   AttributesSize));
+    AttributeList->TotalLength = AttributesSize;
+
+    // In: NT style absolute image path. This is the only required attribute
+    ULONG N = 0;
+    AttributeList->Attributes[N].Attribute = PS_ATTRIBUTE_IMAGE_NAME;
+    AttributeList->Attributes[N].Size = NtImagePath.Length;
+    AttributeList->Attributes[N].Value = reinterpret_cast<ULONG_PTR>(NtImagePath.Buffer);
+
+    // In: debug port
+    N++;
+    AttributeList->Attributes[N].Attribute = PS_ATTRIBUTE_DEBUG_PORT;
+    AttributeList->Attributes[N].Size = sizeof(HANDLE);
+    AttributeList->Attributes[N].Value = reinterpret_cast<ULONG_PTR>(DebugPort);
+
+    // Out: client ID
+    N++;
+    CLIENT_ID Cid;
+    PCLIENT_ID ClientId = &Cid;
+    AttributeList->Attributes[N].Attribute = PS_ATTRIBUTE_CLIENT_ID;
+    AttributeList->Attributes[N].Size = sizeof(CLIENT_ID);
+    AttributeList->Attributes[N].Value = reinterpret_cast<ULONG_PTR>(ClientId);
+
+    // Set process and thread flags
+    ULONG NtProcessFlags = PROCESS_CREATE_FLAGS_NO_DEBUG_INHERIT; // Same as DEBUG_ONLY_THIS_PROCESS. DEBUG_PROCESS is implied by the debug port
+    ULONG NtThreadFlags = THREAD_CREATE_FLAGS_CREATE_SUSPENDED; // Always set this, because we need to do some bookkeeping before resuming
+
+    // Create the process
+    Status = fnNtCreateUserProcess(&ProcessHandle,
+                                   &ThreadHandle,
+                                   MAXIMUM_ALLOWED,
+                                   MAXIMUM_ALLOWED,
+                                   NULL,
+                                   NULL,
+                                   NtProcessFlags,
+                                   NtThreadFlags,
+                                   ProcessParameters,
+                                   &CreateInfo,
+                                   AttributeList);
+
+    RtlFreeHeap(RtlProcessHeap(), 0, AttributeList);
+    RtlDestroyProcessParameters(ProcessParameters);
+
+    if(!NT_SUCCESS(Status))
+        goto finished;
+
+    // Success. Convert what we got back to a PROCESS_INFORMATION structure
+    dbgProcessInformation.hProcess = ProcessHandle;
+    dbgProcessInformation.hThread = ThreadHandle;
+    dbgProcessInformation.dwProcessId = HandleToULong(ClientId->UniqueProcess);
+    dbgProcessInformation.dwThreadId = HandleToULong(ClientId->UniqueThread);
+
+finished:
+    RtlFreeHeap(RtlProcessHeap(), 0, NtImagePath.Buffer);
+
+    if(CommandLine.Buffer != NULL)
+        RtlFreeHeap(RtlProcessHeap(), 0, CommandLine.Buffer);
+
+    if(ProcessHandle != NULL)
+    {
+        // Close the file and section handles we got back from the kernel
+        NtClose(CreateInfo.SuccessState.FileHandle);
+        NtClose(CreateInfo.SuccessState.SectionHandle);
+
+        // If we failed, terminate the process
+        if(!NT_SUCCESS(Status))
+        {
+            BOOLEAN CloseDebugPort = DebugPort != NULL &&
+                                     ((NtThreadFlags & PROCESS_CREATE_FLAGS_NO_DEBUG_INHERIT) != 0);
+
+            if(CloseDebugPort)
+            {
+                NtRemoveProcessDebug(ProcessHandle, DebugPort);
+                NtClose(DebugPort);
+                NtCurrentTeb()->DbgSsReserved[1] = NULL;
+            }
+
+            NtTerminateProcess(ProcessHandle, Status);
+        }
+        else
+        {
+            // Otherwise resume the process now
+            NtResumeThread(ThreadHandle, NULL);
+        }
+    }
+
+    // Release SE_DEBUG if we acquired it previously
+    if(engineEnableDebugPrivilege && !SeDebugWasEnabled)
+        RtlAdjustPrivilege(SE_DEBUG_PRIVILEGE,
+                           FALSE,
+                           FALSE,
+                           &SeDebugWasEnabled);
+
+    if(!NT_SUCCESS(Status))
+    {
+        // Set error status
+        ULONG Win32Error = RtlNtStatusToDosError(Status);
+        RtlSetLastWin32Error(Win32Error);
+        DebugRemoveDebugPrivilege = false;
+        return NULL;
+    }
+
+    DebugAttachedToProcess = false;
+    DebugAttachedProcessCallBack = NULL;
+
+    return &dbgProcessInformation;
+}
+
 __declspec(dllexport) void* TITCALL InitDebugEx(char* szFileName, char* szCommandLine, char* szCurrentFolder, LPVOID EntryCallBack)
 {
     DebugExeFileEntryPointCallBack = EntryCallBack;

TitanEngine/TitanEngine.Handler.cpp

@@ -189,7 +189,7 @@ __declspec(dllexport) ULONG_PTR TITCALL HandlerGetHandleDetails(HANDLE hProcess,
     OBJECT_BASIC_INFORMATION ObjectBasicInfo;
     char HandleFullData[0x1000] = {0};
     LPVOID HandleNameData = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE);
-    PPUBLIC_OBJECT_TYPE_INFORMATION pObjectTypeInfo = (PPUBLIC_OBJECT_TYPE_INFORMATION)HandleFullData;
+    POBJECT_TYPE_INFORMATION pObjectTypeInfo = (POBJECT_TYPE_INFORMATION)HandleFullData;
     bool DontFreeStringMemory = false;
     ULONG_PTR ReturnData = NULL;
 
@@ -608,7 +608,7 @@ __declspec(dllexport) long TITCALL HandlerEnumerateOpenMutexes(HANDLE hProcess,
     char HandleFullData[0x1000] = {0};
     char HandleNameDataB[0x1000] = {0};
     LPVOID HandleNameData = HandleNameDataB;
-    PPUBLIC_OBJECT_TYPE_INFORMATION pObjectTypeInfo = (PPUBLIC_OBJECT_TYPE_INFORMATION)HandleFullData;
+    POBJECT_TYPE_INFORMATION pObjectTypeInfo = (POBJECT_TYPE_INFORMATION)HandleFullData;
 
     DynBuf hinfo;
     if(!NtQuerySysHandleInfo(hinfo))
@@ -725,7 +725,7 @@ __declspec(dllexport) long TITCALL HandlerGetProcessIdWhichCreatedMutexW(wchar_t
     PNTDLL_QUERY_HANDLE_INFO HandleInfo;
     char HandleFullData[0x1000] = {0};
     char HandleNameData[0x1000] = {0};
-    PPUBLIC_OBJECT_TYPE_INFORMATION pObjectTypeInfo = (PPUBLIC_OBJECT_TYPE_INFORMATION)HandleFullData;
+    POBJECT_TYPE_INFORMATION pObjectTypeInfo = (POBJECT_TYPE_INFORMATION)HandleFullData;
     char ObjectNameInfo[0x2000] = {0};
     POBJECT_NAME_INFORMATION pObjectNameInfo = (POBJECT_NAME_INFORMATION)ObjectNameInfo;
     wchar_t RealMutexName[512] = L"\\BaseNamedObjects\\";

TitanEngine/TitanEngine.def

@@ -82,6 +82,8 @@ FixHeaderCheckSum
 FixHeaderCheckSumW
 InitDebug
 InitDebugW
+InitNativeDebug
+InitNativeDebugW
 InitDebugEx
 InitDebugExW
 InitDLLDebug

TitanEngine/TitanEngine.vcxproj

@@ -107,7 +107,7 @@
       <IntrinsicFunctions>true</IntrinsicFunctions>
     </ClCompile>
     <Link>
-      <AdditionalDependencies>$(ProjectDir)scylla_wrapper_x86.lib;$(ProjectDir)distorm_x86.lib;Imagehlp.lib;psapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalDependencies>$(ProjectDir)ntdll_x86.lib;$(ProjectDir)scylla_wrapper_x86.lib;$(ProjectDir)distorm_x86.lib;Imagehlp.lib;psapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
       <ModuleDefinitionFile>$(ProjectDir)TitanEngine.def</ModuleDefinitionFile>
       <GenerateDebugInformation>true</GenerateDebugInformation>
       <LinkTimeCodeGeneration>UseLinkTimeCodeGeneration</LinkTimeCodeGeneration>
@@ -136,7 +136,7 @@
       <ExceptionHandling>Sync</ExceptionHandling>
     </ClCompile>
     <Link>
-      <AdditionalDependencies>$(ProjectDir)scylla_wrapper_x86.lib;$(ProjectDir)distorm_x86.lib;Imagehlp.lib;psapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalDependencies>$(ProjectDir)ntdll_x86.lib;$(ProjectDir)scylla_wrapper_x86.lib;$(ProjectDir)distorm_x86.lib;Imagehlp.lib;psapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
       <ModuleDefinitionFile>$(ProjectDir)TitanEngine.def</ModuleDefinitionFile>
       <GenerateDebugInformation>true</GenerateDebugInformation>
       <LinkTimeCodeGeneration>UseLinkTimeCodeGeneration</LinkTimeCodeGeneration>
@@ -165,7 +165,7 @@
       <IntrinsicFunctions>true</IntrinsicFunctions>
     </ClCompile>
     <Link>
-      <AdditionalDependencies>$(ProjectDir)scylla_wrapper_x64.lib;$(ProjectDir)distorm_x64.lib;Imagehlp.lib;psapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalDependencies>$(ProjectDir)ntdll_x64.lib;$(ProjectDir)scylla_wrapper_x64.lib;$(ProjectDir)distorm_x64.lib;Imagehlp.lib;psapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
       <OutputFile>$(OutDir)TitanEngine.dll</OutputFile>
       <IgnoreAllDefaultLibraries>false</IgnoreAllDefaultLibraries>
       <ModuleDefinitionFile>$(ProjectDir)TitanEngine.def</ModuleDefinitionFile>
@@ -203,7 +203,7 @@
       <ExceptionHandling>false</ExceptionHandling>
     </ClCompile>
     <Link>
-      <AdditionalDependencies>$(ProjectDir)scylla_wrapper_x64.lib;$(ProjectDir)distorm_x64.lib;Imagehlp.lib;psapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalDependencies>$(ProjectDir)ntdll_x64.lib;$(ProjectDir)scylla_wrapper_x64.lib;$(ProjectDir)distorm_x64.lib;Imagehlp.lib;psapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
       <OutputFile>$(OutDir)TitanEngine.dll</OutputFile>
       <IgnoreAllDefaultLibraries>false</IgnoreAllDefaultLibraries>
       <ModuleDefinitionFile>$(ProjectDir)TitanEngine.def</ModuleDefinitionFile>

TitanEngine/definitions.h

@@ -160,6 +160,8 @@ __declspec(dllexport) long TITCALL LengthDisassembleEx(HANDLE hProcess, LPVOID D
 __declspec(dllexport) long TITCALL LengthDisassemble(LPVOID DisassmAddress);
 __declspec(dllexport) void* TITCALL InitDebug(char* szFileName, char* szCommandLine, char* szCurrentFolder);
 __declspec(dllexport) void* TITCALL InitDebugW(wchar_t* szFileName, wchar_t* szCommandLine, wchar_t* szCurrentFolder);
+__declspec(dllexport) void* TITCALL InitNativeDebug(char* szFileName, char* szCommandLine, char* szCurrentFolder);
+__declspec(dllexport) void* TITCALL InitNativeDebugW(wchar_t* szFileName, wchar_t* szCommandLine, wchar_t* szCurrentFolder);
 __declspec(dllexport) void* TITCALL InitDebugEx(char* szFileName, char* szCommandLine, char* szCurrentFolder, LPVOID EntryCallBack);
 __declspec(dllexport) void* TITCALL InitDebugExW(wchar_t* szFileName, wchar_t* szCommandLine, wchar_t* szCurrentFolder, LPVOID EntryCallBack);
 __declspec(dllexport) void* TITCALL InitDLLDebug(char* szFileName, bool ReserveModuleBase, char* szCommandLine, char* szCurrentFolder, LPVOID EntryCallBack);

TitanEngine/stdafx.h

@@ -12,6 +12,10 @@
 
 #define WIN32_LEAN_AND_MEAN             // Exclude rarely-used stuff from Windows headers
 
+// Allow including Windows.h without bringing in a redefined and outdated subset of NTSTATUSes.
+// To get NTSTATUS defines, #undef WIN32_NO_STATUS after Windows.h and then #include <ntstatus.h>
+#define WIN32_NO_STATUS
+
 // Windows Header Files:
 #include <windows.h>