x64dbg
/
TitanEngine
mirror of https://github.com/x64dbg/TitanEngine
1
0
Fork 0
Code Releases Activity

last changes

This commit is contained in:
dreg_fr33project 2014-10-26 02:28:20 +02:00
parent 17b7cb558e
commit 1ef361ba10
5 changed files with 270 additions and 125 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
SDK/C/TitanEngine.h
View File

@ -262,18 +262,18 @@ typedef struct
{ {
BYTE data[10]; BYTE data[10];
int st_value; int st_value;
int tag;
} x87FPURegister_t; } x87FPURegister_t;
typedef struct typedef struct
{ {
DWORD ControlWord; WORD ControlWord;
DWORD StatusWord; WORD StatusWord;
DWORD TagWord; WORD TagWord;
DWORD ErrorOffset; DWORD ErrorOffset;
DWORD ErrorSelector; DWORD ErrorSelector;
DWORD DataOffset; DWORD DataOffset;
DWORD DataSelector; DWORD DataSelector;
x87FPURegister_t x87FPURegister[8];
DWORD Cr0NpxState; DWORD Cr0NpxState;
} x87FPU_t; } x87FPU_t;
@ -314,7 +314,6 @@ typedef struct
BYTE RegisterArea[80]; BYTE RegisterArea[80];
x87FPU_t x87fpu; x87FPU_t x87fpu;
DWORD MxCsr; DWORD MxCsr;
uint64_t mmx[8];
#ifdef _WIN64 #ifdef _WIN64
M128A XmmRegisters[16]; M128A XmmRegisters[16];
#else // x86 #else // x86
@ -765,6 +764,8 @@ __declspec(dllexport) bool TITCALL SetMemoryBPX(ULONG_PTR MemoryStart, SIZE_T Si
__declspec(dllexport) bool TITCALL SetMemoryBPXEx(ULONG_PTR MemoryStart, SIZE_T SizeOfMemory, DWORD BreakPointType, bool RestoreOnHit, LPVOID bpxCallBack); __declspec(dllexport) bool TITCALL SetMemoryBPXEx(ULONG_PTR MemoryStart, SIZE_T SizeOfMemory, DWORD BreakPointType, bool RestoreOnHit, LPVOID bpxCallBack);
__declspec(dllexport) bool TITCALL RemoveMemoryBPX(ULONG_PTR MemoryStart, SIZE_T SizeOfMemory); __declspec(dllexport) bool TITCALL RemoveMemoryBPX(ULONG_PTR MemoryStart, SIZE_T SizeOfMemory);
__declspec(dllexport) bool TITCALL GetContextFPUDataEx(HANDLE hActiveThread, void* FPUSaveArea); __declspec(dllexport) bool TITCALL GetContextFPUDataEx(HANDLE hActiveThread, void* FPUSaveArea);
__declspec(dllexport) void TITCALL Getx87FPURegisters(x87FPURegister_t x87FPURegisters[8], TITAN_ENGINE_CONTEXT_t* titcontext);
__declspec(dllexport) void TITCALL GetMMXRegisters(uint64_t mmx[8], TITAN_ENGINE_CONTEXT_t* titcontext);
__declspec(dllexport) bool TITCALL GetFullContextDataEx(HANDLE hActiveThread, TITAN_ENGINE_CONTEXT_t* titcontext); __declspec(dllexport) bool TITCALL GetFullContextDataEx(HANDLE hActiveThread, TITAN_ENGINE_CONTEXT_t* titcontext);
__declspec(dllexport) ULONG_PTR TITCALL GetContextDataEx(HANDLE hActiveThread, DWORD IndexOfRegister); __declspec(dllexport) ULONG_PTR TITCALL GetContextDataEx(HANDLE hActiveThread, DWORD IndexOfRegister);
__declspec(dllexport) ULONG_PTR TITCALL GetContextData(DWORD IndexOfRegister); __declspec(dllexport) ULONG_PTR TITCALL GetContextData(DWORD IndexOfRegister);

6
TitanEngine/Global.Engine.Threading.h
View File

@ -1,6 +1,12 @@
#ifndef _GLOBAL_ENGINE_THREADING_H #ifndef _GLOBAL_ENGINE_THREADING_H
#define _GLOBAL_ENGINE_THREADING_H #define _GLOBAL_ENGINE_THREADING_H
#define GetSTInTOPStackFromStatusWord(StatusWord) ((StatusWord & 0x3800) >> 11)
#define Getx87r0PositionInRegisterArea(STInTopStack) ((8 - STInTopStack) % 8)
#define Calculatex87registerPositionInRegisterArea(x87r0_position, index) (((x87r0_position + index) % 8))
#define GetRegisterAreaOf87register(register_area, x87r0_position, index) (((char *) register_area) + 10 * Calculatex87registerPositionInRegisterArea(x87r0_position, i) )
#define GetSTValueFromIndex(x87r0_position, index) ((x87r0_position + index) % 8)
enum CriticalSectionLock enum CriticalSectionLock
{ {
LockBreakPointBuffer, LockBreakPointBuffer,

356
TitanEngine/TitanEngine.Debugger.Context.cpp
View File

@ -5,6 +5,39 @@
#include "Global.Handle.h" #include "Global.Handle.h"
#include "Global.Engine.Threading.h" #include "Global.Engine.Threading.h"
__declspec(dllexport) void TITCALL GetMMXRegisters(uint64_t mmx[8], TITAN_ENGINE_CONTEXT_t* titcontext)
{
int STInTopStack = GetSTInTOPStackFromStatusWord(titcontext->x87fpu.StatusWord);
DWORD x87r0_position = Getx87r0PositionInRegisterArea(STInTopStack);
int i;
for(i = 0; i < 8; i++)
mmx[i] = * ((uint64_t*) GetRegisterAreaOf87register(titcontext->RegisterArea, x87r0_position, i));
}
__declspec(dllexport) void TITCALL Getx87FPURegisters(x87FPURegister_t x87FPURegisters[8], TITAN_ENGINE_CONTEXT_t* titcontext)
{
/*
GET Actual TOP register from StatusWord to order the FPUx87registers like in the FPU internal order.
The TOP field (bits 13-11) is where the FPU keeps track of which of its 80-bit registers is at the TOP.
The register number for the FPU's internal numbering system of the 80-bit registers would be displayed in that field.
When the programmer specifies one of the FPU 80-bit registers ST(x) in an instruction, the FPU adds (modulo 8) the ST number
supplied to the value in this TOP field to determine in which of its registers the required data is located.
*/
int STInTopStack = GetSTInTOPStackFromStatusWord(titcontext->x87fpu.StatusWord);
DWORD x87r0_position = Getx87r0PositionInRegisterArea(STInTopStack);
int i;
for(i = 0; i < 8; i++)
{
memcpy(x87FPURegisters[i].data, GetRegisterAreaOf87register(titcontext->RegisterArea, x87r0_position, i), 10);
x87FPURegisters[i].st_value = GetSTValueFromIndex(x87r0_position, i);
x87FPURegisters[i].tag = (int)((titcontext->x87fpu.TagWord >> (i * 2)) & 0x3);
}
}
__declspec(dllexport) bool TITCALL GetContextFPUDataEx(HANDLE hActiveThread, void* FPUSaveArea) __declspec(dllexport) bool TITCALL GetContextFPUDataEx(HANDLE hActiveThread, void* FPUSaveArea)
{ {
if(FPUSaveArea) if(FPUSaveArea)
@ -32,24 +65,135 @@ __declspec(dllexport) bool TITCALL GetContextFPUDataEx(HANDLE hActiveThread, voi
return false; return false;
} }
__declspec(dllexport) bool TITCALL GetFullContextDataEx(HANDLE hActiveThread, TITAN_ENGINE_CONTEXT_t* titcontext)
__declspec(dllexport) bool TITCALL _SetFullContextDataEx(HANDLE hActiveThread, TITAN_ENGINE_CONTEXT_t* titcontext)
{ {
ULONG_PTR retValue = 0;
CONTEXT DBGContext; CONTEXT DBGContext;
memset(&DBGContext, 0, sizeof(CONTEXT));
DBGContext.ContextFlags = CONTEXT_ALL | CONTEXT_FLOATING_POINT | CONTEXT_EXTENDED_REGISTERS;
int i; int i;
if(SuspendThread(hActiveThread) == (DWORD) - 1) memset(&DBGContext, 0, sizeof(DBGContext));
return false;
DBGContext.ContextFlags = CONTEXT_ALL | CONTEXT_FLOATING_POINT | CONTEXT_EXTENDED_REGISTERS;
if(!GetThreadContext(hActiveThread, &DBGContext)) if(!GetThreadContext(hActiveThread, &DBGContext))
{ {
ResumeThread(hActiveThread); ResumeThread(hActiveThread);
return false; return false;
} }
DBGContext.EFlags = titcontext->eflags;
DBGContext.Dr0 = titcontext->dr0;
DBGContext.Dr1 = titcontext->dr1;
DBGContext.Dr2 = titcontext->dr2;
DBGContext.Dr3 = titcontext->dr3;
DBGContext.Dr6 = titcontext->dr6;
DBGContext.Dr7 = titcontext->dr7;
DBGContext.SegGs = titcontext->gs;
DBGContext.SegFs = titcontext->fs;
DBGContext.SegEs = titcontext->es;
DBGContext.SegDs = titcontext->ds;
DBGContext.SegCs = titcontext->cs;
DBGContext.SegSs = titcontext->ss;
#ifdef _WIN64 //x64
DBGContext.Rax = titcontext->cax;
DBGContext.Rbx = titcontext->cbx;
DBGContext.Rcx = titcontext->ccx;
DBGContext.Rdx = titcontext->cdx;
DBGContext.Rdi = titcontext->cdi;
DBGContext.Rsi = titcontext->csi;
DBGContext.Rbp = titcontext->cbp;
DBGContext.Rsp = titcontext->csp;
DBGContext.Rip = titcontext->cip;
DBGContext.R8 = titcontext->r8;
DBGContext.R9 = titcontext->r9;
DBGContext.R10 = titcontext->r10;
DBGContext.R11 = titcontext->r11;
DBGContext.R12 = titcontext->r12;
DBGContext.R13 = titcontext->r13;
DBGContext.R14 = titcontext->r14;
DBGContext.R15 = titcontext->r15;
DBGContext.FltSave.ControlWord = titcontext->x87fpu.ControlWord;
DBGContext.FltSave.StatusWord = titcontext->x87fpu.StatusWord;
memcpy(& (DBGContext.FltSave.TagWord), & (titcontext->x87fpu.TagWord), sizeof(titcontext->x87fpu.TagWord));
#ifdef _WIN64
#define WIN64_CASTDWORDTOWORD (WORD)
#else
#define WIN64_CASTDWORDTOWORD (DWORD)
#endif
DBGContext.FltSave.ErrorSelector = WIN64_CASTDWORDTOWORD titcontext->x87fpu.ErrorSelector;
DBGContext.FltSave.ErrorOffset = titcontext->x87fpu.ErrorOffset;
DBGContext.FltSave.DataSelector = WIN64_CASTDWORDTOWORD titcontext->x87fpu.DataSelector;
DBGContext.FltSave.DataOffset = titcontext->x87fpu.DataOffset;
// Skip titcontext->x87fpu.Cr0NpxState
DBGContext.FltSave.MxCsr = titcontext->MxCsr;
for(i = 0; i < 8; i++)
memcpy(& DBGContext.FltSave.FloatRegisters[i], &(titcontext->RegisterArea[i * 10]), 10);
for(i = 0; i < 16; i++)
memcpy(& (DBGContext.FltSave.XmmRegisters[i]), & (titcontext->XmmRegisters[i]), 16);
#else //x86
DBGContext.Eax = titcontext->cax;
DBGContext.Ebx = titcontext->cbx;
DBGContext.Ecx = titcontext->ccx;
DBGContext.Edx = titcontext->cdx;
DBGContext.Edi = titcontext->cdi;
DBGContext.Esi = titcontext->csi;
DBGContext.Ebp = titcontext->cbp;
DBGContext.Esp = titcontext->csp;
DBGContext.Eip = titcontext->cip;
DBGContext.FloatSave.ControlWord = titcontext->x87fpu.ControlWord;
DBGContext.FloatSave.StatusWord = titcontext->x87fpu.StatusWord;
DBGContext.FloatSave.TagWord = titcontext->x87fpu.TagWord;
DBGContext.FloatSave.ErrorSelector = titcontext->x87fpu.ErrorSelector;
DBGContext.FloatSave.ErrorOffset = titcontext->x87fpu.ErrorOffset;
DBGContext.FloatSave.DataSelector = titcontext->x87fpu.DataSelector;
DBGContext.FloatSave.DataOffset = titcontext->x87fpu.DataOffset;
DBGContext.FloatSave.Cr0NpxState = titcontext->x87fpu.Cr0NpxState;
memcpy(DBGContext.FloatSave.RegisterArea, titcontext->RegisterArea, 80);
// MXCSR ExtendedRegisters[24]
memcpy(& (DBGContext.ExtendedRegisters[24]), & titcontext->MxCsr, sizeof(titcontext->MxCsr));
// for x86 copy the 8 Xmm Registers from ExtendedRegisters[(10+n)*16]; (n is the index of the xmm register) to the XMM register
for(i = 0; i < 8; i++)
memcpy(& DBGContext.ExtendedRegisters[(10 + i) * 16], &(titcontext->XmmRegisters[i]), 16);
#endif
return SetThreadContext(hActiveThread, & DBGContext) ? true : false;
}
__declspec(dllexport) bool TITCALL SetFullContextDataEx(HANDLE hActiveThread, TITAN_ENGINE_CONTEXT_t* titcontext)
{
bool returnf;
if(SuspendThread(hActiveThread) == (DWORD) - 1)
return false;
returnf = _SetFullContextDataEx(hActiveThread, titcontext);
ResumeThread(hActiveThread); ResumeThread(hActiveThread);
return returnf;
}
__declspec(dllexport) bool TITCALL _GetFullContextDataEx(HANDLE hActiveThread, TITAN_ENGINE_CONTEXT_t* titcontext)
{
CONTEXT DBGContext;
int i;
memset(&DBGContext, 0, sizeof(CONTEXT));
DBGContext.ContextFlags = CONTEXT_ALL | CONTEXT_FLOATING_POINT | CONTEXT_EXTENDED_REGISTERS;
if(!GetThreadContext(hActiveThread, &DBGContext))
return false;
titcontext->eflags = DBGContext.EFlags; titcontext->eflags = DBGContext.EFlags;
titcontext->dr0 = DBGContext.Dr0; titcontext->dr0 = DBGContext.Dr0;
titcontext->dr1 = DBGContext.Dr1; titcontext->dr1 = DBGContext.Dr1;
@ -85,7 +229,7 @@ __declspec(dllexport) bool TITCALL GetFullContextDataEx(HANDLE hActiveThread, TI
titcontext->x87fpu.ControlWord = DBGContext.FltSave.ControlWord; titcontext->x87fpu.ControlWord = DBGContext.FltSave.ControlWord;
titcontext->x87fpu.StatusWord = DBGContext.FltSave.StatusWord; titcontext->x87fpu.StatusWord = DBGContext.FltSave.StatusWord;
titcontext->x87fpu.TagWord = DBGContext.FltSave.TagWord; memcpy(& (titcontext->x87fpu.TagWord), & (DBGContext.FltSave.TagWord), sizeof(titcontext->x87fpu.TagWord));
titcontext->x87fpu.ErrorSelector = DBGContext.FltSave.ErrorSelector; titcontext->x87fpu.ErrorSelector = DBGContext.FltSave.ErrorSelector;
titcontext->x87fpu.ErrorOffset = DBGContext.FltSave.ErrorOffset; titcontext->x87fpu.ErrorOffset = DBGContext.FltSave.ErrorOffset;
titcontext->x87fpu.DataSelector = DBGContext.FltSave.DataSelector; titcontext->x87fpu.DataSelector = DBGContext.FltSave.DataSelector;
@ -97,7 +241,7 @@ __declspec(dllexport) bool TITCALL GetFullContextDataEx(HANDLE hActiveThread, TI
memcpy(&(titcontext->RegisterArea[i * 10]), & DBGContext.FltSave.FloatRegisters[i], 10); memcpy(&(titcontext->RegisterArea[i * 10]), & DBGContext.FltSave.FloatRegisters[i], 10);
for(i = 0; i < 16; i++) for(i = 0; i < 16; i++)
memcpy(& (titcontext->XmmRegisters[i]), & (DBGContext.FltSave.XmmRegisters[i]), sizeof(*titcontext->XmmRegisters)); memcpy(& (titcontext->XmmRegisters[i]), & (DBGContext.FltSave.XmmRegisters[i]), 16);
#else //x86 #else //x86
titcontext->cax = DBGContext.Eax; titcontext->cax = DBGContext.Eax;
@ -110,9 +254,9 @@ __declspec(dllexport) bool TITCALL GetFullContextDataEx(HANDLE hActiveThread, TI
titcontext->csp = DBGContext.Esp; titcontext->csp = DBGContext.Esp;
titcontext->cip = DBGContext.Eip; titcontext->cip = DBGContext.Eip;
titcontext->x87fpu.ControlWord = DBGContext.FloatSave.ControlWord; titcontext->x87fpu.ControlWord = (WORD) DBGContext.FloatSave.ControlWord;
titcontext->x87fpu.StatusWord = DBGContext.FloatSave.StatusWord; titcontext->x87fpu.StatusWord = (WORD) DBGContext.FloatSave.StatusWord;
titcontext->x87fpu.TagWord = DBGContext.FloatSave.TagWord; titcontext->x87fpu.TagWord = (WORD) DBGContext.FloatSave.TagWord;
titcontext->x87fpu.ErrorSelector = DBGContext.FloatSave.ErrorSelector; titcontext->x87fpu.ErrorSelector = DBGContext.FloatSave.ErrorSelector;
titcontext->x87fpu.ErrorOffset = DBGContext.FloatSave.ErrorOffset; titcontext->x87fpu.ErrorOffset = DBGContext.FloatSave.ErrorOffset;
titcontext->x87fpu.DataSelector = DBGContext.FloatSave.DataSelector; titcontext->x87fpu.DataSelector = DBGContext.FloatSave.DataSelector;
@ -122,43 +266,28 @@ __declspec(dllexport) bool TITCALL GetFullContextDataEx(HANDLE hActiveThread, TI
memcpy(titcontext->RegisterArea, DBGContext.FloatSave.RegisterArea, 80); memcpy(titcontext->RegisterArea, DBGContext.FloatSave.RegisterArea, 80);
// MXCSR ExtendedRegisters[24] // MXCSR ExtendedRegisters[24]
titcontext->MxCsr = DBGContext.ExtendedRegisters[24]; memcpy(& (titcontext->MxCsr), & (DBGContext.ExtendedRegisters[24]), sizeof(titcontext->MxCsr));
// for x86 copy the 8 Xmm Registers from ExtendedRegisters[(10+n)*16]; (n is the index of the xmm register) to the XMM register // for x86 copy the 8 Xmm Registers from ExtendedRegisters[(10+n)*16]; (n is the index of the xmm register) to the XMM register
for(i = 0; i < 8; i++) for(i = 0; i < 8; i++)
memcpy(& (titcontext->XmmRegisters[i]), & DBGContext.ExtendedRegisters[(10 + i) * 16], sizeof(*titcontext->XmmRegisters)); memcpy(&(titcontext->XmmRegisters[i]), & DBGContext.ExtendedRegisters[(10 + i) * 16], 16);
#endif #endif
#define GetSTInTOPStackFromStatusWord(StatusWord) ((StatusWord & 0x3800) >> 11) return true;
#define Getx87r0PositionInRegisterArea(STInTopStack) ((8 - STInTopStack) % 8)
#define Calculatex87registerPositionInRegisterArea(x87r0_position, index) (((x87r0_position + index) % 8))
#define GetRegisterAreaOf87register(register_area, x87r0_position, index) (((char *) register_area) + 10 * Calculatex87registerPositionInRegisterArea(x87r0_position, i) )
#define GetSTValueFromIndex(x87r0_position, index) ((x87r0_position + index) % 8)
int STInTopStack = GetSTInTOPStackFromStatusWord(titcontext->x87fpu.StatusWord);
DWORD x87r0_position = Getx87r0PositionInRegisterArea(STInTopStack);
for(i = 0; i < 8; i++)
titcontext->mmx[i] = * ((int64_t*) GetRegisterAreaOf87register(titcontext->RegisterArea, x87r0_position, i));
/*
GET Actual TOP register from StatusWord to order the FPUx87registers like in the FPU internal order.
The TOP field (bits 13-11) is where the FPU keeps track of which of its 80-bit registers is at the TOP.
The register number for the FPU's internal numbering system of the 80-bit registers would be displayed in that field.
When the programmer specifies one of the FPU 80-bit registers ST(x) in an instruction, the FPU adds (modulo 8) the ST number
supplied to the value in this TOP field to determine in which of its registers the required data is located.
*/
/*
int STInTopStack = GetSTInTOPStackFromStatusWord(titcontext->x87fpu.StatusWord);
DWORD x87r0_position = Getx87r0PositionInRegisterArea(STInTopStack);
*/
for(i = 0; i < 8; i++)
{
memcpy(titcontext->x87fpu.x87FPURegister[i].data, GetRegisterAreaOf87register(titcontext->RegisterArea, x87r0_position, i), 10);
titcontext->x87fpu.x87FPURegister[i].st_value = GetSTValueFromIndex(x87r0_position, i);
} }
return true; __declspec(dllexport) bool TITCALL GetFullContextDataEx(HANDLE hActiveThread, TITAN_ENGINE_CONTEXT_t* titcontext)
{
bool returnf;
if(SuspendThread(hActiveThread) == (DWORD) - 1)
return false;
returnf = _GetFullContextDataEx(hActiveThread, titcontext);
ResumeThread(hActiveThread);
return returnf;
} }
__declspec(dllexport) ULONG_PTR TITCALL GetContextDataEx(HANDLE hActiveThread, DWORD IndexOfRegister) __declspec(dllexport) ULONG_PTR TITCALL GetContextDataEx(HANDLE hActiveThread, DWORD IndexOfRegister)
@ -166,6 +295,7 @@ __declspec(dllexport) ULONG_PTR TITCALL GetContextDataEx(HANDLE hActiveThread, D
ULONG_PTR retValue = 0; ULONG_PTR retValue = 0;
CONTEXT DBGContext; CONTEXT DBGContext;
memset(&DBGContext, 0, sizeof(CONTEXT)); memset(&DBGContext, 0, sizeof(CONTEXT));
DBGContext.ContextFlags = CONTEXT_ALL; DBGContext.ContextFlags = CONTEXT_ALL;
if(SuspendThread(hActiveThread) == (DWORD) - 1) if(SuspendThread(hActiveThread) == (DWORD) - 1)
@ -441,14 +571,15 @@ __declspec(dllexport) bool TITCALL SetContextFPUDataEx(HANDLE hActiveThread, voi
__declspec(dllexport) bool TITCALL SetContextDataEx(HANDLE hActiveThread, DWORD IndexOfRegister, ULONG_PTR NewRegisterValue) __declspec(dllexport) bool TITCALL SetContextDataEx(HANDLE hActiveThread, DWORD IndexOfRegister, ULONG_PTR NewRegisterValue)
{ {
CONTEXT DBGContext; TITAN_ENGINE_CONTEXT_t titcontext;
memset(&DBGContext, 0, sizeof(CONTEXT)); bool returnf;
DBGContext.ContextFlags = CONTEXT_ALL;
if(SuspendThread(hActiveThread) == (DWORD) - 1) if(SuspendThread(hActiveThread) == (DWORD) - 1)
return false; return false;
if(!GetThreadContext(hActiveThread, &DBGContext)) memset(&titcontext, 0, sizeof(titcontext));
if(! _GetFullContextDataEx(hActiveThread, & titcontext))
{ {
ResumeThread(hActiveThread); ResumeThread(hActiveThread);
return false; return false;
@ -457,230 +588,230 @@ __declspec(dllexport) bool TITCALL SetContextDataEx(HANDLE hActiveThread, DWORD
#ifdef _WIN64 //x64 #ifdef _WIN64 //x64
if(IndexOfRegister == UE_EAX) if(IndexOfRegister == UE_EAX)
{ {
NewRegisterValue = DBGContext.Rax - (DWORD)DBGContext.Rax + NewRegisterValue; NewRegisterValue = titcontext.cax - (DWORD)titcontext.cax + NewRegisterValue;
DBGContext.Rax = NewRegisterValue; titcontext.cax = NewRegisterValue;
} }
else if(IndexOfRegister == UE_EBX) else if(IndexOfRegister == UE_EBX)
{ {
NewRegisterValue = DBGContext.Rbx - (DWORD)DBGContext.Rbx + NewRegisterValue; NewRegisterValue = titcontext.cbx - (DWORD)titcontext.cbx + NewRegisterValue;
DBGContext.Rbx = NewRegisterValue; titcontext.cbx = NewRegisterValue;
} }
else if(IndexOfRegister == UE_ECX) else if(IndexOfRegister == UE_ECX)
{ {
NewRegisterValue = DBGContext.Rcx - (DWORD)DBGContext.Rcx + NewRegisterValue; NewRegisterValue = titcontext.ccx - (DWORD)titcontext.ccx + NewRegisterValue;
DBGContext.Rcx = NewRegisterValue; titcontext.ccx = NewRegisterValue;
} }
else if(IndexOfRegister == UE_EDX) else if(IndexOfRegister == UE_EDX)
{ {
NewRegisterValue = DBGContext.Rdx - (DWORD)DBGContext.Rdx + NewRegisterValue; NewRegisterValue = titcontext.cdx - (DWORD)titcontext.cdx + NewRegisterValue;
DBGContext.Rdx = NewRegisterValue; titcontext.cdx = NewRegisterValue;
} }
else if(IndexOfRegister == UE_EDI) else if(IndexOfRegister == UE_EDI)
{ {
NewRegisterValue = DBGContext.Rdi - (DWORD)DBGContext.Rdi + NewRegisterValue; NewRegisterValue = titcontext.cdi - (DWORD)titcontext.cdi + NewRegisterValue;
DBGContext.Rdi = NewRegisterValue; titcontext.cdi = NewRegisterValue;
} }
else if(IndexOfRegister == UE_ESI) else if(IndexOfRegister == UE_ESI)
{ {
NewRegisterValue = DBGContext.Rsi - (DWORD)DBGContext.Rsi + NewRegisterValue; NewRegisterValue = titcontext.csi - (DWORD)titcontext.csi + NewRegisterValue;
DBGContext.Rsi = NewRegisterValue; titcontext.csi = NewRegisterValue;
} }
else if(IndexOfRegister == UE_EBP) else if(IndexOfRegister == UE_EBP)
{ {
NewRegisterValue = DBGContext.Rbp - (DWORD)DBGContext.Rbp + NewRegisterValue; NewRegisterValue = titcontext.cbp - (DWORD)titcontext.cbp + NewRegisterValue;
DBGContext.Rbp = NewRegisterValue; titcontext.cbp = NewRegisterValue;
} }
else if(IndexOfRegister == UE_ESP) else if(IndexOfRegister == UE_ESP)
{ {
NewRegisterValue = DBGContext.Rsp - (DWORD)DBGContext.Rsp + NewRegisterValue; NewRegisterValue = titcontext.csp - (DWORD)titcontext.csp + NewRegisterValue;
DBGContext.Rsp = NewRegisterValue; titcontext.csp = NewRegisterValue;
} }
else if(IndexOfRegister == UE_EIP) else if(IndexOfRegister == UE_EIP)
{ {
NewRegisterValue = DBGContext.Rip - (DWORD)DBGContext.Rip + NewRegisterValue; NewRegisterValue = titcontext.cip - (DWORD)titcontext.cip + NewRegisterValue;
DBGContext.Rip = NewRegisterValue; titcontext.cip = NewRegisterValue;
} }
else if(IndexOfRegister == UE_EFLAGS) else if(IndexOfRegister == UE_EFLAGS)
{ {
DBGContext.EFlags = (DWORD)NewRegisterValue; titcontext.eflags = (DWORD)NewRegisterValue;
} }
else if(IndexOfRegister == UE_RAX) else if(IndexOfRegister == UE_RAX)
{ {
DBGContext.Rax = NewRegisterValue; titcontext.cax = NewRegisterValue;
} }
else if(IndexOfRegister == UE_RBX) else if(IndexOfRegister == UE_RBX)
{ {
DBGContext.Rbx = NewRegisterValue; titcontext.cbx = NewRegisterValue;
} }
else if(IndexOfRegister == UE_RCX) else if(IndexOfRegister == UE_RCX)
{ {
DBGContext.Rcx = NewRegisterValue; titcontext.ccx = NewRegisterValue;
} }
else if(IndexOfRegister == UE_RDX) else if(IndexOfRegister == UE_RDX)
{ {
DBGContext.Rdx = NewRegisterValue; titcontext.cdx = NewRegisterValue;
} }
else if(IndexOfRegister == UE_RDI) else if(IndexOfRegister == UE_RDI)
{ {
DBGContext.Rdi = NewRegisterValue; titcontext.cdi = NewRegisterValue;
} }
else if(IndexOfRegister == UE_RSI) else if(IndexOfRegister == UE_RSI)
{ {
DBGContext.Rsi = NewRegisterValue; titcontext.csi = NewRegisterValue;
} }
else if(IndexOfRegister == UE_RBP) else if(IndexOfRegister == UE_RBP)
{ {
DBGContext.Rbp = NewRegisterValue; titcontext.cbp = NewRegisterValue;
} }
else if(IndexOfRegister == UE_RSP) else if(IndexOfRegister == UE_RSP)
{ {
DBGContext.Rsp = NewRegisterValue; titcontext.csp = NewRegisterValue;
} }
else if(IndexOfRegister == UE_RIP) else if(IndexOfRegister == UE_RIP)
{ {
DBGContext.Rip = NewRegisterValue; titcontext.cip = NewRegisterValue;
} }
else if(IndexOfRegister == UE_RFLAGS) else if(IndexOfRegister == UE_RFLAGS)
{ {
DBGContext.EFlags = (DWORD)NewRegisterValue; titcontext.eflags = (unsigned int) NewRegisterValue;
} }
else if(IndexOfRegister == UE_R8) else if(IndexOfRegister == UE_R8)
{ {
DBGContext.R8 = NewRegisterValue; titcontext.r8 = NewRegisterValue;
} }
else if(IndexOfRegister == UE_R9) else if(IndexOfRegister == UE_R9)
{ {
DBGContext.R9 = NewRegisterValue; titcontext.r9 = NewRegisterValue;
} }
else if(IndexOfRegister == UE_R10) else if(IndexOfRegister == UE_R10)
{ {
DBGContext.R10 = NewRegisterValue; titcontext.r10 = NewRegisterValue;
} }
else if(IndexOfRegister == UE_R11) else if(IndexOfRegister == UE_R11)
{ {
DBGContext.R11 = NewRegisterValue; titcontext.r11 = NewRegisterValue;
} }
else if(IndexOfRegister == UE_R12) else if(IndexOfRegister == UE_R12)
{ {
DBGContext.R12 = NewRegisterValue; titcontext.r12 = NewRegisterValue;
} }
else if(IndexOfRegister == UE_R13) else if(IndexOfRegister == UE_R13)
{ {
DBGContext.R13 = NewRegisterValue; titcontext.r13 = NewRegisterValue;
} }
else if(IndexOfRegister == UE_R14) else if(IndexOfRegister == UE_R14)
{ {
DBGContext.R14 = NewRegisterValue; titcontext.r14 = NewRegisterValue;
} }
else if(IndexOfRegister == UE_R15) else if(IndexOfRegister == UE_R15)
{ {
DBGContext.R15 = NewRegisterValue; titcontext.r15 = NewRegisterValue;
} }
else if(IndexOfRegister == UE_CIP) else if(IndexOfRegister == UE_CIP)
{ {
DBGContext.Rip = NewRegisterValue; titcontext.cip = NewRegisterValue;
} }
else if(IndexOfRegister == UE_CSP) else if(IndexOfRegister == UE_CSP)
{ {
DBGContext.Rsp = NewRegisterValue; titcontext.csp = NewRegisterValue;
} }
#else //x86 #else //x86
if(IndexOfRegister == UE_EAX) if(IndexOfRegister == UE_EAX)
{ {
DBGContext.Eax = NewRegisterValue; titcontext.cax = NewRegisterValue;
} }
else if(IndexOfRegister == UE_EBX) else if(IndexOfRegister == UE_EBX)
{ {
DBGContext.Ebx = NewRegisterValue; titcontext.cbx = NewRegisterValue;
} }
else if(IndexOfRegister == UE_ECX) else if(IndexOfRegister == UE_ECX)
{ {
DBGContext.Ecx = NewRegisterValue; titcontext.ccx = NewRegisterValue;
} }
else if(IndexOfRegister == UE_EDX) else if(IndexOfRegister == UE_EDX)
{ {
DBGContext.Edx = NewRegisterValue; titcontext.cdx = NewRegisterValue;
} }
else if(IndexOfRegister == UE_EDI) else if(IndexOfRegister == UE_EDI)
{ {
DBGContext.Edi = NewRegisterValue; titcontext.cdi = NewRegisterValue;
} }
else if(IndexOfRegister == UE_ESI) else if(IndexOfRegister == UE_ESI)
{ {
DBGContext.Esi = NewRegisterValue; titcontext.csi = NewRegisterValue;
} }
else if(IndexOfRegister == UE_EBP) else if(IndexOfRegister == UE_EBP)
{ {
DBGContext.Ebp = NewRegisterValue; titcontext.cbp = NewRegisterValue;
} }
else if(IndexOfRegister == UE_ESP) else if(IndexOfRegister == UE_ESP)
{ {
DBGContext.Esp = NewRegisterValue; titcontext.csp = NewRegisterValue;
} }
else if(IndexOfRegister == UE_EIP) else if(IndexOfRegister == UE_EIP)
{ {
DBGContext.Eip = NewRegisterValue; titcontext.cip = NewRegisterValue;
} }
else if(IndexOfRegister == UE_EFLAGS) else if(IndexOfRegister == UE_EFLAGS)
{ {
DBGContext.EFlags = NewRegisterValue; titcontext.eflags = NewRegisterValue;
} }
else if(IndexOfRegister == UE_CIP) else if(IndexOfRegister == UE_CIP)
{ {
DBGContext.Eip = NewRegisterValue; titcontext.cip = NewRegisterValue;
} }
else if(IndexOfRegister == UE_CSP) else if(IndexOfRegister == UE_CSP)
{ {
DBGContext.Esp = NewRegisterValue; titcontext.csp = NewRegisterValue;
} }
#endif #endif
else if(IndexOfRegister == UE_DR0) else if(IndexOfRegister == UE_DR0)
{ {
DBGContext.Dr0 = NewRegisterValue; titcontext.dr0 = NewRegisterValue;
} }
else if(IndexOfRegister == UE_DR1) else if(IndexOfRegister == UE_DR1)
{ {
DBGContext.Dr1 = NewRegisterValue; titcontext.dr1 = NewRegisterValue;
} }
else if(IndexOfRegister == UE_DR2) else if(IndexOfRegister == UE_DR2)
{ {
DBGContext.Dr2 = NewRegisterValue; titcontext.dr2 = NewRegisterValue;
} }
else if(IndexOfRegister == UE_DR3) else if(IndexOfRegister == UE_DR3)
{ {
DBGContext.Dr3 = NewRegisterValue; titcontext.dr3 = NewRegisterValue;
} }
else if(IndexOfRegister == UE_DR6) else if(IndexOfRegister == UE_DR6)
{ {
DBGContext.Dr6 = NewRegisterValue; titcontext.dr6 = NewRegisterValue;
} }
else if(IndexOfRegister == UE_DR7) else if(IndexOfRegister == UE_DR7)
{ {
DBGContext.Dr7 = NewRegisterValue; titcontext.dr7 = NewRegisterValue;
} }
else if(IndexOfRegister == UE_SEG_GS) else if(IndexOfRegister == UE_SEG_GS)
{ {
DBGContext.SegGs = (WORD)NewRegisterValue; titcontext.gs = (unsigned short)NewRegisterValue;
} }
else if(IndexOfRegister == UE_SEG_FS) else if(IndexOfRegister == UE_SEG_FS)
{ {
DBGContext.SegFs = (WORD)NewRegisterValue; titcontext.fs = (unsigned short)NewRegisterValue;
} }
else if(IndexOfRegister == UE_SEG_ES) else if(IndexOfRegister == UE_SEG_ES)
{ {
DBGContext.SegEs = (WORD)NewRegisterValue; titcontext.es = (unsigned short)NewRegisterValue;
} }
else if(IndexOfRegister == UE_SEG_DS) else if(IndexOfRegister == UE_SEG_DS)
{ {
DBGContext.SegDs = (WORD)NewRegisterValue; titcontext.ds = (unsigned short)NewRegisterValue;
} }
else if(IndexOfRegister == UE_SEG_CS) else if(IndexOfRegister == UE_SEG_CS)
{ {
DBGContext.SegCs = (WORD)NewRegisterValue; titcontext.cs = (unsigned short)NewRegisterValue;
} }
else if(IndexOfRegister == UE_SEG_SS) else if(IndexOfRegister == UE_SEG_SS)
{ {
DBGContext.SegSs = (WORD)NewRegisterValue; titcontext.ss = (unsigned short)NewRegisterValue;
} }
else else
{ {
@ -688,14 +819,11 @@ __declspec(dllexport) bool TITCALL SetContextDataEx(HANDLE hActiveThread, DWORD
return false; return false;
} }
if(SetThreadContext(hActiveThread, &DBGContext)) returnf = _SetFullContextDataEx(hActiveThread, &titcontext);
{
ResumeThread(hActiveThread);
return true;
}
ResumeThread(hActiveThread); ResumeThread(hActiveThread);
return false;
return returnf;
} }
__declspec(dllexport) bool TITCALL SetContextData(DWORD IndexOfRegister, ULONG_PTR NewRegisterValue) __declspec(dllexport) bool TITCALL SetContextData(DWORD IndexOfRegister, ULONG_PTR NewRegisterValue)

2
TitanEngine/definitions.h
View File

@ -180,6 +180,8 @@ __declspec(dllexport) bool TITCALL SetMemoryBPXEx(ULONG_PTR MemoryStart, SIZE_T
__declspec(dllexport) bool TITCALL RemoveMemoryBPX(ULONG_PTR MemoryStart, SIZE_T SizeOfMemory); __declspec(dllexport) bool TITCALL RemoveMemoryBPX(ULONG_PTR MemoryStart, SIZE_T SizeOfMemory);
__declspec(dllexport) bool TITCALL GetContextFPUDataEx(HANDLE hActiveThread, void* FPUSaveArea); __declspec(dllexport) bool TITCALL GetContextFPUDataEx(HANDLE hActiveThread, void* FPUSaveArea);
__declspec(dllexport) bool TITCALL GetFullContextDataEx(HANDLE hActiveThread, TITAN_ENGINE_CONTEXT_t* titcontext); __declspec(dllexport) bool TITCALL GetFullContextDataEx(HANDLE hActiveThread, TITAN_ENGINE_CONTEXT_t* titcontext);
__declspec(dllexport) void TITCALL Getx87FPURegisters(x87FPURegister_t x87FPURegisters[8], TITAN_ENGINE_CONTEXT_t* titcontext);
__declspec(dllexport) void TITCALL GetMMXRegisters(uint64_t mmx[8], TITAN_ENGINE_CONTEXT_t* titcontext);
__declspec(dllexport) ULONG_PTR TITCALL GetContextDataEx(HANDLE hActiveThread, DWORD IndexOfRegister); __declspec(dllexport) ULONG_PTR TITCALL GetContextDataEx(HANDLE hActiveThread, DWORD IndexOfRegister);
__declspec(dllexport) ULONG_PTR TITCALL GetContextData(DWORD IndexOfRegister); __declspec(dllexport) ULONG_PTR TITCALL GetContextData(DWORD IndexOfRegister);
__declspec(dllexport) bool TITCALL SetContextFPUDataEx(HANDLE hActiveThread, void* FPUSaveArea); __declspec(dllexport) bool TITCALL SetContextFPUDataEx(HANDLE hActiveThread, void* FPUSaveArea);

18
TitanEngine/stdafx.h
View File

@ -94,18 +94,18 @@ typedef struct
{ {
BYTE data[10]; BYTE data[10];
int st_value; int st_value;
int tag;
} x87FPURegister_t; } x87FPURegister_t;
typedef struct typedef struct
{ {
DWORD ControlWord; WORD ControlWord;
DWORD StatusWord; WORD StatusWord;
DWORD TagWord; WORD TagWord;
DWORD ErrorOffset; DWORD ErrorOffset;
DWORD ErrorSelector; DWORD ErrorSelector;
DWORD DataOffset; DWORD DataOffset;
DWORD DataSelector; DWORD DataSelector;
x87FPURegister_t x87FPURegister[8];
DWORD Cr0NpxState; DWORD Cr0NpxState;
} x87FPU_t; } x87FPU_t;
@ -146,7 +146,6 @@ typedef struct
BYTE RegisterArea[80]; BYTE RegisterArea[80];
x87FPU_t x87fpu; x87FPU_t x87fpu;
DWORD MxCsr; DWORD MxCsr;
uint64_t mmx[8];
#ifdef _WIN64 #ifdef _WIN64
M128A XmmRegisters[16]; M128A XmmRegisters[16];
#else // x86 #else // x86
@ -621,6 +620,15 @@ typedef struct
#define UE_SEG_CS 41 #define UE_SEG_CS 41
#define UE_SEG_SS 42 #define UE_SEG_SS 42
#define UE_x87_r0 43
#define UE_x87_r1 44
#define UE_x87_r2 45
#define UE_x87_r3 46
#define UE_x87_r4 47
#define UE_x87_r5 48
#define UE_x87_r6 49
#define UE_x87_r7 50
typedef struct typedef struct
{ {
DWORD PE32Offset; DWORD PE32Offset;