hider bugfix

2014-03-05 11:15:54 +01:00 · 2014-03-05 11:15:54 +01:00 · 23b12636c2
parent 87e9e7c461
commit 23b12636c2
3 changed files with 11 additions and 6 deletions
--- a/TitanEngine/Global.Engine.Hider.cpp
+++ b/TitanEngine/Global.Engine.Hider.cpp
@ -50,10 +50,10 @@ static void FixAntidebugApiInProcess(HANDLE hProcess, bool Hide, bool x64)
        0x33, 0xC0, //XOR EAX,EAX
        0xC3        //RETN
    };
-    const BYTE patchCheckRemoteDebuggerPresent64[6] =
+    const BYTE patchCheckRemoteDebuggerPresent64[4] =
    {
        0x48, 0x31, 0xC0, //XOR RAX,RAX
-        0xC2, 0x08, 0x00  //RETN 0x8
+        0xC3  //RETN
    };
    const BYTE patchGetTickCount64[4] =
    {
--- a/TitanEngine/TitanEngine.Hider.cpp
+++ b/TitanEngine/TitanEngine.Hider.cpp
@ -41,8 +41,11 @@ __declspec(dllexport) void* TITCALL GetPEBLocation64(HANDLE hProcess)
    {
        //Only WOW64 processes have 2 PEBs
        DWORD peb32 = (DWORD)GetPEBLocation(hProcess);
-        peb32 += 0x1000; //PEB64 after PEB32
-        return (void *)peb32;
+		if (peb32)
+		{
+			peb32 += 0x1000; //PEB64 after PEB32
+			return (void *)peb32;
+		}
    }
 #endif //_WIN64
    return 0;
--- a/TitanEngine/stdafx.h
+++ b/TitanEngine/stdafx.h
@ -927,7 +927,9 @@ struct _PEB_T
    DWORD NumberOfHeaps;
    DWORD MaximumNumberOfHeaps;
    T ProcessHeaps;
-    T GdiSharedHandleTable;
+
+//FULL PEB not needed
+	/*    T GdiSharedHandleTable;
    T ProcessStarterHelper;
    T GdiDCAttributeList;
    T LoaderLock;
@ -958,7 +960,7 @@ struct _PEB_T
    T ProcessAssemblyStorageMap;
    T SystemDefaultActivationContextData;
    T SystemAssemblyStorageMap;
-    T MinimumStackCommit;
+    T MinimumStackCommit;*/
 };

 typedef _PEB_T<DWORD, DWORD64, 34> PEB32;