hider bugfix

TitanEngine/Global.Engine.Hider.cpp

@@ -50,10 +50,10 @@ static void FixAntidebugApiInProcess(HANDLE hProcess, bool Hide, bool x64)
         0x33, 0xC0, //XOR EAX,EAX
         0xC3        //RETN
     };
-    const BYTE patchCheckRemoteDebuggerPresent64[6] =
+    const BYTE patchCheckRemoteDebuggerPresent64[4] =
     {
         0x48, 0x31, 0xC0, //XOR RAX,RAX
-        0xC2, 0x08, 0x00  //RETN 0x8
+        0xC3  //RETN
     };
     const BYTE patchGetTickCount64[4] =
     {

TitanEngine/TitanEngine.Hider.cpp

@@ -41,9 +41,12 @@ __declspec(dllexport) void* TITCALL GetPEBLocation64(HANDLE hProcess)
     {
         //Only WOW64 processes have 2 PEBs
         DWORD peb32 = (DWORD)GetPEBLocation(hProcess);
+		if (peb32)
+		{
 			peb32 += 0x1000; //PEB64 after PEB32
 			return (void *)peb32;
 		}
+    }
 #endif //_WIN64
     return 0;
 }

TitanEngine/stdafx.h

@@ -927,7 +927,9 @@ struct _PEB_T
     DWORD NumberOfHeaps;
     DWORD MaximumNumberOfHeaps;
     T ProcessHeaps;
-    T GdiSharedHandleTable;
+
+//FULL PEB not needed
+	/*    T GdiSharedHandleTable;
     T ProcessStarterHelper;
     T GdiDCAttributeList;
     T LoaderLock;
@@ -958,7 +960,7 @@ struct _PEB_T
     T ProcessAssemblyStorageMap;
     T SystemDefaultActivationContextData;
     T SystemAssemblyStorageMap;
-    T MinimumStackCommit;
+    T MinimumStackCommit;*/
 };
 
 typedef _PEB_T<DWORD, DWORD64, 34> PEB32;