x64dbg
/
TitanEngine
mirror of https://github.com/x64dbg/TitanEngine
1
0
Fork 0
Code Releases Activity

more versatile DLL loader extraction

This commit is contained in:
mrexodia 2017-03-14 06:38:05 +01:00
parent 47f481f5d9
commit 0f7e664a4a
No known key found for this signature in database
GPG Key ID: FC89E0AAA0C1AAD8
2 changed files with 30 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
.gitignore vendored
View File

@ -14,6 +14,7 @@ x64/
build/ build/
[Bb]in/ [Bb]in/
[Oo]bj/ [Oo]bj/
.vs/
# Enable "build/" folder in the NuGet Packages folder since NuGet packages use it for MSBuild targets # Enable "build/" folder in the NuGet Packages folder since NuGet packages use it for MSBuild targets
!packages/*/build/ !packages/*/build/
@ -153,8 +154,8 @@ $RECYCLE.BIN/
*.cscope_file_list *.cscope_file_list
*.bmarks *.bmarks
*.depend *.depend
*.layout *.layout
*.orig *.orig
*.cbTemp *.cbTemp
cov-* cov-*
coverity* coverity*

43
TitanEngine/TitanEngine.Debugger.cpp
View File

@ -142,6 +142,29 @@ __declspec(dllexport) void* TITCALL InitDLLDebug(char* szFileName, bool ReserveM
} }
} }
static bool TryExtractDllLoader(bool failedBefore = false)
{
wchar_t* szPath = wcsrchr(szDebuggerName, L'\\');
if(szPath)
szPath[1] = '\0';
wchar_t DLLLoaderName[64] = L"";
#ifdef _WIN64
wsprintfW(DLLLoaderName, L"DLLLoader64_%.4X.exe", GetTickCount() & 0xFFFF);
#else
wsprintfW(DLLLoaderName, L"DLLLoader32_%.4X.exe", GetTickCount() & 0xFFFF);
#endif //_WIN64
lstrcatW(szDebuggerName, DLLLoaderName);
#ifdef _WIN64
if(EngineExtractResource("LOADERX64", szDebuggerName))
#else
if(EngineExtractResource("LOADERX86", szDebuggerName))
#endif //_WIN64
return true;
return !failedBefore &&
GetModuleFileNameW(engineHandle, szDebuggerName, _countof(szDebuggerName)) &&
TryExtractDllLoader(true);
}
__declspec(dllexport) void* TITCALL InitDLLDebugW(wchar_t* szFileName, bool ReserveModuleBase, wchar_t* szCommandLine, wchar_t* szCurrentFolder, LPVOID EntryCallBack) __declspec(dllexport) void* TITCALL InitDLLDebugW(wchar_t* szFileName, bool ReserveModuleBase, wchar_t* szCommandLine, wchar_t* szCurrentFolder, LPVOID EntryCallBack)
{ {
memset(szDebuggerName, 0, sizeof(szDebuggerName)); memset(szDebuggerName, 0, sizeof(szDebuggerName));
@ -152,25 +175,7 @@ __declspec(dllexport) void* TITCALL InitDLLDebugW(wchar_t* szFileName, bool Rese
szFileName = &szBackupDebuggedFileName[0]; szFileName = &szBackupDebuggedFileName[0];
} }
lstrcpyW(szDebuggerName, szFileName); lstrcpyW(szDebuggerName, szFileName);
int i = lstrlenW(szDebuggerName); if(TryExtractDllLoader())
while(szDebuggerName[i] != '\\' && i)
i--;
wchar_t DLLLoaderName[64] = L"";
#ifdef _WIN64
wsprintfW(DLLLoaderName, L"DLLLoader64_%.4X.exe", GetTickCount() & 0xFFFF);
#else
wsprintfW(DLLLoaderName, L"DLLLoader32_%.4X.exe", GetTickCount() & 0xFFFF);
#endif
if(i)
lstrcpyW(szDebuggerName + i + 1, DLLLoaderName);
else
lstrcpyW(szDebuggerName, DLLLoaderName);
#if defined(_WIN64)
if(EngineExtractResource("LOADERX64", szDebuggerName))
#else
if(EngineExtractResource("LOADERX86", szDebuggerName))
#endif
{ {
DebugDebuggingDLL = true; DebugDebuggingDLL = true;
int i = lstrlenW(szFileName); int i = lstrlenW(szFileName);