From 247f643cac6b73a689661af7f059323c0a354544 Mon Sep 17 00:00:00 2001 From: Sandor Nemes Date: Mon, 23 Sep 2019 12:01:14 +0200 Subject: [PATCH] Updated Python bindings --- SDK/Python/TitanEngine.py | 1459 +++++++++++++++++++++++++++---------- 1 file changed, 1092 insertions(+), 367 deletions(-) diff --git a/SDK/Python/TitanEngine.py b/SDK/Python/TitanEngine.py index cf7139b..7af5bc6 100644 --- a/SDK/Python/TitanEngine.py +++ b/SDK/Python/TitanEngine.py @@ -1,19 +1,55 @@ - +# -*- coding: utf-8 -*- +import sys from ctypes import * +from ctypes.wintypes import * + +_WIN64 = sys.maxsize > 0x7fffffff +LONGLONG = c_longlong +ULONGLONG = c_ulonglong +DWORD64 = c_ulonglong +ULONG_PTR = POINTER(ULONG) +SIZE_T = ULONG_PTR +LPDWORD = POINTER(DWORD) +PULONG_PTR = POINTER(ULONG_PTR) +PBYTE = POINTER(BYTE) +LPBYTE = POINTER(BYTE) +DWORD_PTR = POINTER(DWORD) +LPHANDLE = POINTER(HANDLE) +PVOID = c_void_p +LPTHREAD_START_ROUTINE = c_void_p TE = windll.LoadLibrary("TitanEngine.dll") -# check widechar, x64 +# Global.Constant.Structure.Declaration: +# Engine.External: +UE_STRUCT_PE32STRUCT = 1 +UE_STRUCT_PE64STRUCT = 2 +UE_STRUCT_PESTRUCT = 3 +UE_STRUCT_IMPORTENUMDATA = 4 +UE_STRUCT_THREAD_ITEM_DATA = 5 +UE_STRUCT_LIBRARY_ITEM_DATA = 6 +UE_STRUCT_LIBRARY_ITEM_DATAW = 7 +UE_STRUCT_PROCESS_ITEM_DATA = 8 +UE_STRUCT_HANDLERARRAY = 9 +UE_STRUCT_PLUGININFORMATION = 10 +UE_STRUCT_HOOK_ENTRY = 11 +UE_STRUCT_FILE_STATUS_INFO = 12 +UE_STRUCT_FILE_FIX_INFO = 13 +UE_STRUCT_X87FPUREGISTER = 14 +UE_STRUCT_X87FPU = 15 +UE_STRUCT_TITAN_ENGINE_CONTEXT = 16 UE_ACCESS_READ = 0 UE_ACCESS_WRITE = 1 UE_ACCESS_ALL = 2 +UE_HIDE_PEBONLY = 0 UE_HIDE_BASIC = 1 UE_PLUGIN_CALL_REASON_PREDEBUG = 1 UE_PLUGIN_CALL_REASON_EXCEPTION = 2 UE_PLUGIN_CALL_REASON_POSTDEBUG = 3 +UE_PLUGIN_CALL_REASON_UNHANDLEDEXCEPTION = 4 TEE_HOOK_NRM_JUMP = 1 TEE_HOOK_NRM_CALL = 3 @@ -80,12 +116,18 @@ UE_CHECKSUM = 19 UE_SUBSYSTEM = 20 UE_CHARACTERISTICS = 21 UE_NUMBEROFRVAANDSIZES = 22 -UE_SECTIONNAME = 23 -UE_SECTIONVIRTUALOFFSET = 24 -UE_SECTIONVIRTUALSIZE = 25 -UE_SECTIONRAWOFFSET = 26 -UE_SECTIONRAWSIZE = 27 -UE_SECTIONFLAGS = 28 +UE_BASEOFCODE = 23 +UE_BASEOFDATA = 24 +UE_DLLCHARACTERISTICS = 25 +# leaving some enum space here for future additions +UE_SECTIONNAME = 40 +UE_SECTIONVIRTUALOFFSET = 41 +UE_SECTIONVIRTUALSIZE = 42 +UE_SECTIONRAWOFFSET = 43 +UE_SECTIONRAWSIZE = 44 +UE_SECTIONFLAGS = 45 + +UE_VANOTFOUND = -2 UE_CH_BREAKPOINT = 1 UE_CH_SINGLESTEP = 2 @@ -144,6 +186,7 @@ UE_HARDWARE_READWRITE = 6 UE_HARDWARE_SIZE_1 = 7 UE_HARDWARE_SIZE_2 = 8 UE_HARDWARE_SIZE_4 = 9 +UE_HARDWARE_SIZE_8 = 10 UE_ON_LIB_LOAD = 1 UE_ON_LIB_UNLOAD = 2 @@ -213,147 +256,254 @@ UE_R15 = 34 UE_CIP = 35 UE_CSP = 36 +if _WIN64: + UE_CFLAGS = UE_RFLAGS +else: + UE_CFLAGS = UE_EFLAGS + +UE_SEG_GS = 37 +UE_SEG_FS = 38 +UE_SEG_ES = 39 +UE_SEG_DS = 40 +UE_SEG_CS = 41 +UE_SEG_SS = 42 +UE_x87_r0 = 43 +UE_x87_r1 = 44 +UE_x87_r2 = 45 +UE_x87_r3 = 46 +UE_x87_r4 = 47 +UE_x87_r5 = 48 +UE_x87_r6 = 49 +UE_x87_r7 = 50 +UE_X87_STATUSWORD = 51 +UE_X87_CONTROLWORD = 52 +UE_X87_TAGWORD = 53 +UE_MXCSR = 54 +UE_MMX0 = 55 +UE_MMX1 = 56 +UE_MMX2 = 57 +UE_MMX3 = 58 +UE_MMX4 = 59 +UE_MMX5 = 60 +UE_MMX6 = 61 +UE_MMX7 = 62 +UE_XMM0 = 63 +UE_XMM1 = 64 +UE_XMM2 = 65 +UE_XMM3 = 66 +UE_XMM4 = 67 +UE_XMM5 = 68 +UE_XMM6 = 69 +UE_XMM7 = 70 +UE_XMM8 = 71 +UE_XMM9 = 72 +UE_XMM10 = 73 +UE_XMM11 = 74 +UE_XMM12 = 75 +UE_XMM13 = 76 +UE_XMM14 = 77 +UE_XMM15 = 78 +UE_x87_ST0 = 79 +UE_x87_ST1 = 80 +UE_x87_ST2 = 81 +UE_x87_ST3 = 82 +UE_x87_ST4 = 83 +UE_x87_ST5 = 84 +UE_x87_ST6 = 85 +UE_x87_ST7 = 86 +UE_YMM0 = 87 +UE_YMM1 = 88 +UE_YMM2 = 89 +UE_YMM3 = 90 +UE_YMM4 = 91 +UE_YMM5 = 92 +UE_YMM6 = 93 +UE_YMM7 = 94 +UE_YMM8 = 95 +UE_YMM9 = 96 +UE_YMM10 = 97 +UE_YMM11 = 98 +UE_YMM12 = 99 +UE_YMM13 = 100 +UE_YMM14 = 101 +UE_YMM15 = 102 + +CONTEXT_EXTENDED_REGISTERS = 0 + + class PE32Struct(Structure): - _pack_ = 1 - _fields_ = [ ("PE32Offset", c_ulong), - ("ImageBase", c_ulong), - ("OriginalEntryPoint", c_ulong), - ("NtSizeOfImage", c_ulong), - ("NtSizeOfHeaders", c_ulong), - ("SizeOfOptionalHeaders", c_ushort), - ("FileAlignment", c_ulong), - ("SectionAligment", c_ulong), - ("ImportTableAddress", c_ulong), - ("ImportTableSize", c_ulong), - ("ResourceTableAddress", c_ulong), - ("ResourceTableSize", c_ulong), - ("ExportTableAddress", c_ulong), - ("ExportTableSize", c_ulong), - ("TLSTableAddress", c_ulong), - ("TLSTableSize", c_ulong), - ("RelocationTableAddress", c_ulong), - ("RelocationTableSize", c_ulong), - ("TimeDateStamp", c_ulong), - ("SectionNumber", c_ushort), - ("CheckSum", c_ulong), - ("SubSystem", c_ushort), - ("Characteristics", c_ushort), - ("NumberOfRvaAndSizes", c_ulong) ] + _pack_ = 1 + _fields_ = [ + ("PE32Offset", DWORD), + ("ImageBase", DWORD), + ("OriginalEntryPoint", DWORD), + ("NtSizeOfImage", DWORD), + ("NtSizeOfHeaders", DWORD), + ("SizeOfOptionalHeaders", WORD), + ("FileAlignment", DWORD), + ("SectionAligment", DWORD), + ("ImportTableAddress", DWORD), + ("ImportTableSize", DWORD), + ("ResourceTableAddress", DWORD), + ("ResourceTableSize", DWORD), + ("ExportTableAddress", DWORD), + ("ExportTableSize", DWORD), + ("TLSTableAddress", DWORD), + ("TLSTableSize", DWORD), + ("RelocationTableAddress", DWORD), + ("RelocationTableSize", DWORD), + ("TimeDateStamp", DWORD), + ("SectionNumber", WORD), + ("CheckSum", DWORD), + ("SubSystem", WORD), + ("Characteristics", WORD), + ("NumberOfRvaAndSizes", DWORD) + ] class PE64Struct(Structure): - _pack_ = 1 - _fields_ = [ ("PE64Offset", c_ulong), - ("ImageBase", c_ulonglong), - ("OriginalEntryPoint", c_ulong), - ("NtSizeOfImage", c_ulong), - ("NtSizeOfHeaders", c_ulong), - ("SizeOfOptionalHeaders", c_ushort), - ("FileAlignment", c_ulong), - ("SectionAligment", c_ulong), - ("ImportTableAddress", c_ulong), - ("ImportTableSize", c_ulong), - ("ResourceTableAddress", c_ulong), - ("ResourceTableSize", c_ulong), - ("ExportTableAddress", c_ulong), - ("ExportTableSize", c_ulong), - ("TLSTableAddress", c_ulong), - ("TLSTableSize", c_ulong), - ("RelocationTableAddress", c_ulong), - ("RelocationTableSize", c_ulong), - ("TimeDateStamp", c_ulong), - ("SectionNumber", c_ushort), - ("CheckSum", c_ulong), - ("SubSystem", c_ushort), - ("Characteristics", c_ushort), - ("NumberOfRvaAndSizes", c_ulong) ] + _pack_ = 1 + _fields_ = [ + ("PE64Offset", DWORD), + ("ImageBase", DWORD64), + ("OriginalEntryPoint", DWORD), + ("NtSizeOfImage", DWORD), + ("NtSizeOfHeaders", DWORD), + ("SizeOfOptionalHeaders", WORD), + ("FileAlignment", DWORD), + ("SectionAligment", DWORD), + ("ImportTableAddress", DWORD), + ("ImportTableSize", DWORD), + ("ResourceTableAddress", DWORD), + ("ResourceTableSize", DWORD), + ("ExportTableAddress", DWORD), + ("ExportTableSize", DWORD), + ("TLSTableAddress", DWORD), + ("TLSTableSize", DWORD), + ("RelocationTableAddress", DWORD), + ("RelocationTableSize", DWORD), + ("TimeDateStamp", DWORD), + ("SectionNumber", WORD), + ("CheckSum", DWORD), + ("SubSystem", WORD), + ("Characteristics", WORD), + ("NumberOfRvaAndSizes", DWORD) + ] + +if _WIN64: + PEStruct = PE64Struct +else: + PEStruct = PE32Struct class ImportEnumData(Structure): - _pack_ = 1 - _fields_ = [ ("NewDll", c_bool), - ("NumberOfImports", c_int), - ("ImageBase", c_ulong), - ("BaseImportThunk", c_ulong), - ("ImportThunk", c_ulong), - ("APIName", c_char_p), - ("DLLName", c_char_p) ] + _pack_ = 1 + _fields_ = [ + ("NewDll", c_bool), + ("NumberOfImports", c_int), + ("ImageBase", ULONG_PTR), + ("BaseImportThunk", ULONG_PTR), + ("ImportThunk", ULONG_PTR), + ("APIName", c_char_p), + ("DLLName", c_char_p) + ] class THREAD_ITEM_DATA(Structure): - _pack_ = 1 - _fields_ = [ ("hThread", c_void_p), - ("dwThreadId", c_ulong), - ("ThreadStartAddress", c_void_p), - ("ThreadLocalBase", c_void_p) ] - -MAX_PATH = 260 + _pack_ = 1 + _fields_ = [ + ("hThread", HANDLE), + ("dwThreadId", DWORD), + ("ThreadStartAddress", c_void_p), + ("ThreadLocalBase", c_void_p), + ("TebAddress", c_void_p), + ("WaitTime", ULONG), + ("Priority", LONG), + ("BasePriority", LONG), + ("ContextSwitches", ULONG), + ("ThreadState", ULONG), + ("WaitReason", ULONG) + ] class LIBRARY_ITEM_DATA(Structure): - _pack_ = 1 - _fields_ = [ ("hFile", c_void_p), - ("BaseOfDll", c_void_p), - ("hFileMapping", c_void_p), - ("hFileMappingView", c_void_p), - ("szLibraryPath", c_char * MAX_PATH), - ("szLibraryName", c_char * MAX_PATH) ] + _pack_ = 1 + _fields_ = [ + ("hFile", HANDLE), + ("BaseOfDll", c_void_p), + ("hFileMapping", HANDLE), + ("hFileMappingView", c_void_p), + ("szLibraryPath", c_char * MAX_PATH), + ("szLibraryName", c_char * MAX_PATH) + ] class LIBRARY_ITEM_DATAW(Structure): - _pack_ = 1 - _fields_ = [ ("hFile", c_void_p), - ("BaseOfDll", c_void_p), - ("hFileMapping", c_void_p), - ("hFileMappingView", c_void_p), - ("szLibraryPath", c_wchar * MAX_PATH), - ("szLibraryName", c_wchar * MAX_PATH) ] + _pack_ = 1 + _fields_ = [ + ("hFile", HANDLE), + ("BaseOfDll", c_void_p), + ("hFileMapping", HANDLE), + ("hFileMappingView", c_void_p), + ("szLibraryPath", c_wchar * MAX_PATH), + ("szLibraryName", c_wchar * MAX_PATH) + ] class PROCESS_ITEM_DATA(Structure): - _pack_ = 1 - _fields_ = [ ("hProcess", c_void_p), - ("dwProcessId", c_ulong), - ("hThread", c_void_p), - ("dwThreadId", c_ulong), - ("hFile", c_void_p), - ("BaseOfImage", c_void_p), - ("ThreadStartAddress", c_void_p), - ("ThreadLocalBase", c_void_p) ] + _pack_ = 1 + _fields_ = [ + ("hProcess", HANDLE), + ("dwProcessId", DWORD), + ("hThread", HANDLE), + ("dwThreadId", DWORD), + ("hFile", HANDLE), + ("BaseOfImage", c_void_p), + ("ThreadStartAddress", c_void_p), + ("ThreadLocalBase", c_void_p) + ] class HandlerArray(Structure): - _pack_ = 1 - _fields_ = [ ("ProcessId", c_ulong), - ("hHandle", c_void_p) ] + _pack_ = 1 + _fields_ = [ + ("ProcessId", ULONG), + ("hHandle", HANDLE) + ] class PluginInformation(Structure): - _pack_ = 1 - _fields_ = [ ("PluginName", c_char * 64), - ("PluginMajorVersion", c_ulong), - ("PluginMinorVersion", c_ulong), - ("PluginBaseAddress", c_void_p), - ("TitanDebuggingCallBack", c_void_p), - ("TitanRegisterPlugin", c_void_p), - ("TitanReleasePlugin", c_void_p), - ("TitanResetPlugin", c_void_p), - ("PluginDisabled", c_bool) ] + _pack_ = 1 + _fields_ = [ + ("PluginName", c_char * 64), + ("PluginMajorVersion", DWORD), + ("PluginMinorVersion", DWORD), + ("PluginBaseAddress", HMODULE), + ("TitanDebuggingCallBack", c_void_p), + ("TitanRegisterPlugin", c_void_p), + ("TitanReleasePlugin", c_void_p), + ("TitanResetPlugin", c_void_p), + ("PluginDisabled", c_bool) + ] TEE_MAXIMUM_HOOK_SIZE = 14 TEE_MAXIMUM_HOOK_RELOCS = 7 -TEE_MAXIMUM_HOOK_INSERT_SIZE = 5 -TEE_MAXIMUM_HOOK_INSERT_SIZE64 = 14 +if _WIN64: + TEE_MAXIMUM_HOOK_INSERT_SIZE = 14 +else: + TEE_MAXIMUM_HOOK_INSERT_SIZE = 5 class HOOK_ENTRY(Structure): - _pack_ = 1 - _fields_ = [ ("IATHook", c_bool), - ("HookType", c_ubyte), - ("HookSize", c_ulong), - ("HookAddress", c_void_p), - ("RedirectionAddress", c_void_p), - ("HookBytes", c_ubyte * TEE_MAXIMUM_HOOK_SIZE), - ("OriginalBytes", c_ubyte * TEE_MAXIMUM_HOOK_SIZE), - ("IATHookModuleBase", c_void_p), - ("IATHookNameHash", c_ulong), - ("HookIsEnabled", c_bool), - ("HookIsRemote", c_bool), - ("PatchedEntry", c_void_p), - ("RelocationInfo", c_ulong * TEE_MAXIMUM_HOOK_RELOCS), - ("RelocationCount", c_int) ] + _pack_ = 1 + _fields_ = [ + ("IATHook", c_bool), + ("HookType", BYTE), + ("HookSize", DWORD), + ("HookAddress", c_void_p), + ("RedirectionAddress", c_void_p), + ("HookBytes", BYTE * TEE_MAXIMUM_HOOK_SIZE), + ("OriginalBytes", BYTE * TEE_MAXIMUM_HOOK_SIZE), + ("IATHookModuleBase", c_void_p), + ("IATHookNameHash", DWORD), + ("HookIsEnabled", c_bool), + ("HookIsRemote", c_bool), + ("PatchedEntry", c_void_p), + ("RelocationInfo", DWORD * TEE_MAXIMUM_HOOK_RELOCS), + ("RelocationCount", c_int) + ] UE_DEPTH_SURFACE = 0 UE_DEPTH_DEEP = 1 @@ -382,292 +532,867 @@ UE_RESULT_FILE_INVALID_AND_NON_FIXABLE = 12 UE_RESULT_FILE_INVALID_FORMAT = 13 class FILE_STATUS_INFO(Structure): - _pack_ = 1 - _fields_ = [ ("OveralEvaluation", c_ubyte), - ("EvaluationTerminatedByException", c_bool), - ("FileIs64Bit", c_bool), - ("FileIsDLL", c_bool), - ("FileIsConsole", c_bool), - ("MissingDependencies", c_bool), - ("MissingDeclaredAPIs", c_bool), - ("SignatureMZ", c_ubyte), - ("SignaturePE", c_ubyte), - ("EntryPoint", c_ubyte), - ("ImageBase", c_ubyte), - ("SizeOfImage", c_ubyte), - ("FileAlignment", c_ubyte), - ("SectionAlignment", c_ubyte), - ("ExportTable", c_ubyte), - ("RelocationTable", c_ubyte), - ("ImportTable", c_ubyte), - ("ImportTableSection", c_ubyte), - ("ImportTableData", c_ubyte), - ("IATTable", c_ubyte), - ("TLSTable", c_ubyte), - ("LoadConfigTable", c_ubyte), - ("BoundImportTable", c_ubyte), - ("COMHeaderTable", c_ubyte), - ("ResourceTable", c_ubyte), - ("ResourceData", c_ubyte), - ("SectionTable", c_ubyte) ] + _pack_ = 1 + _fields_ = [ + ("OveralEvaluation", BYTE), + ("EvaluationTerminatedByException", c_bool), + ("FileIs64Bit", c_bool), + ("FileIsDLL", c_bool), + ("FileIsConsole", c_bool), + ("MissingDependencies", c_bool), + ("MissingDeclaredAPIs", c_bool), + ("SignatureMZ", BYTE), + ("SignaturePE", BYTE), + ("EntryPoint", BYTE), + ("ImageBase", BYTE), + ("SizeOfImage", BYTE), + ("FileAlignment", BYTE), + ("SectionAlignment", BYTE), + ("ExportTable", BYTE), + ("RelocationTable", BYTE), + ("ImportTable", BYTE), + ("ImportTableSection", BYTE), + ("ImportTableData", BYTE), + ("IATTable", BYTE), + ("TLSTable", BYTE), + ("LoadConfigTable", BYTE), + ("BoundImportTable", BYTE), + ("COMHeaderTable", BYTE), + ("ResourceTable", BYTE), + ("ResourceData", BYTE), + ("SectionTable", BYTE) + ] class FILE_FIX_INFO(Structure): - _pack_ = 1 - _fields_ = [ ("OveralEvaluation", c_ubyte), - ("FixingTerminatedByException", c_bool), - ("FileFixPerformed", c_bool), - ("StrippedRelocation", c_bool), - ("DontFixRelocations", c_bool), - ("OriginalRelocationTableAddress", c_ulong), - ("OriginalRelocationTableSize", c_ulong), - ("StrippedExports", c_bool), - ("DontFixExports", c_bool), - ("OriginalExportTableAddress", c_ulong), - ("OriginalExportTableSize", c_ulong), - ("StrippedResources", c_bool), - ("DontFixResources", c_bool), - ("OriginalResourceTableAddress", c_ulong), - ("OriginalResourceTableSize", c_ulong), - ("StrippedTLS", c_bool), - ("DontFixTLS", c_bool), - ("OriginalTLSTableAddress", c_ulong), - ("OriginalTLSTableSize", c_ulong), - ("StrippedLoadConfig", c_bool), - ("DontFixLoadConfig", c_bool), - ("OriginalLoadConfigTableAddress", c_ulong), - ("OriginalLoadConfigTableSize", c_ulong), - ("StrippedBoundImports", c_bool), - ("DontFixBoundImports", c_bool), - ("OriginalBoundImportTableAddress", c_ulong), - ("OriginalBoundImportTableSize", c_ulong), - ("StrippedIAT", c_bool), - ("DontFixIAT", c_bool), - ("OriginalImportAddressTableAddress", c_ulong), - ("OriginalImportAddressTableSize", c_ulong), - ("StrippedCOM", c_bool), - ("DontFixCOM", c_bool), - ("OriginalCOMTableAddress", c_ulong), - ("OriginalCOMTableSize", c_ulong) ] + _pack_ = 1 + _fields_ = [ + ("OveralEvaluation", BYTE), + ("FixingTerminatedByException", c_bool), + ("FileFixPerformed", c_bool), + ("StrippedRelocation", c_bool), + ("DontFixRelocations", c_bool), + ("OriginalRelocationTableAddress", DWORD), + ("OriginalRelocationTableSize", DWORD), + ("StrippedExports", c_bool), + ("DontFixExports", c_bool), + ("OriginalExportTableAddress", DWORD), + ("OriginalExportTableSize", DWORD), + ("StrippedResources", c_bool), + ("DontFixResources", c_bool), + ("OriginalResourceTableAddress", DWORD), + ("OriginalResourceTableSize", DWORD), + ("StrippedTLS", c_bool), + ("DontFixTLS", c_bool), + ("OriginalTLSTableAddress", DWORD), + ("OriginalTLSTableSize", DWORD), + ("StrippedLoadConfig", c_bool), + ("DontFixLoadConfig", c_bool), + ("OriginalLoadConfigTableAddress", DWORD), + ("OriginalLoadConfigTableSize", DWORD), + ("StrippedBoundImports", c_bool), + ("DontFixBoundImports", c_bool), + ("OriginalBoundImportTableAddress", DWORD), + ("OriginalBoundImportTableSize", DWORD), + ("StrippedIAT", c_bool), + ("DontFixIAT", c_bool), + ("OriginalImportAddressTableAddress", DWORD), + ("OriginalImportAddressTableSize", DWORD), + ("StrippedCOM", c_bool), + ("DontFixCOM", c_bool), + ("OriginalCOMTableAddress", DWORD), + ("OriginalCOMTableSize", DWORD) + ] + +class XmmRegister_t(Structure): + _pack_ = 1 + _fields_ = [ + ("Low", ULONGLONG), + ("High", LONGLONG) + ] + +class YmmRegister_t(Structure): + _pack_ = 1 + _fields_ = [ + ("Low", XmmRegister_t), + ("High", XmmRegister_t) + ] + +class x87FPURegister_t(Structure): + _pack_ = 1 + _fields_ = [ + ("data", BYTE * 10), + ("st_value", c_int), + ("tag", c_int) + ] + +class x87FPU_t(Structure): + _pack_ = 1 + _fields_ = [ + ("ControlWord", WORD), + ("StatusWord", WORD), + ("TagWord", WORD), + ("ErrorOffset", DWORD), + ("ErrorSelector", DWORD), + ("DataOffset", DWORD), + ("DataSelector", DWORD), + ("Cr0NpxState", DWORD) + ] + +class TITAN_ENGINE_CONTEXT32_t(Structure): + _pack_ = 1 + _fields_ = [ + ("cax", ULONG_PTR), + ("ccx", ULONG_PTR), + ("cdx", ULONG_PTR), + ("cbx", ULONG_PTR), + ("csp", ULONG_PTR), + ("cbp", ULONG_PTR), + ("csi", ULONG_PTR), + ("cdi", ULONG_PTR), + ("cip", ULONG_PTR), + ("eflags", ULONG_PTR), + ("gs", c_ushort), + ("fs", c_ushort), + ("es", c_ushort), + ("ds", c_ushort), + ("cs", c_ushort), + ("ss", c_ushort), + ("dr0", ULONG_PTR), + ("dr1", ULONG_PTR), + ("dr2", ULONG_PTR), + ("dr3", ULONG_PTR), + ("dr4", ULONG_PTR), + ("dr5", ULONG_PTR), + ("dr6", ULONG_PTR), + ("dr7", ULONG_PTR), + ("RegisterArea", BYTE * 80), + ("x87fpu", x87FPU_t), + ("MxCsr", DWORD), + ("XmmRegisters", XmmRegister_t * 8), + ("YmmRegisters", YmmRegister_t * 8) + ] + +class TITAN_ENGINE_CONTEXT64_t(Structure): + _pack_ = 1 + _fields_ = [ + ("cax", ULONG_PTR), + ("ccx", ULONG_PTR), + ("cdx", ULONG_PTR), + ("cbx", ULONG_PTR), + ("csp", ULONG_PTR), + ("cbp", ULONG_PTR), + ("csi", ULONG_PTR), + ("cdi", ULONG_PTR), + ("r8", ULONG_PTR), + ("r9", ULONG_PTR), + ("r10", ULONG_PTR), + ("r11", ULONG_PTR), + ("r12", ULONG_PTR), + ("r13", ULONG_PTR), + ("r14", ULONG_PTR), + ("r15", ULONG_PTR), + ("cip", ULONG_PTR), + ("eflags", ULONG_PTR), + ("gs", c_ushort), + ("fs", c_ushort), + ("es", c_ushort), + ("ds", c_ushort), + ("cs", c_ushort), + ("ss", c_ushort), + ("dr0", ULONG_PTR), + ("dr1", ULONG_PTR), + ("dr2", ULONG_PTR), + ("dr3", ULONG_PTR), + ("dr4", ULONG_PTR), + ("dr5", ULONG_PTR), + ("dr6", ULONG_PTR), + ("dr7", ULONG_PTR), + ("RegisterArea", BYTE * 80), + ("x87fpu", x87FPU_t), + ("MxCsr", DWORD), + ("XmmRegisters", XmmRegister_t * 16), + ("YmmRegisters", YmmRegister_t * 16) + ] + +if _WIN64: + TITAN_ENGINE_CONTEXT_t = TITAN_ENGINE_CONTEXT64_t +else: + TITAN_ENGINE_CONTEXT_t = TITAN_ENGINE_CONTEXT32_t class PROCESS_INFORMATION(Structure): - _pack_ = 1 - _fields_ = [ ("hProcess", c_void_p), - ("hThread", c_void_p), - ("dwProcessId", c_ulong), - ("dwThreadId", c_ulong) ] + _pack_ = 1 + _fields_ = [ + ("hProcess", HANDLE), + ("hThread", HANDLE), + ("dwProcessId", DWORD), + ("dwThreadId", DWORD) + ] EXCEPTION_MAXIMUM_PARAMETERS = 15 class EXCEPTION_RECORD(Structure): - _pack_ = 1 - pass + _pack_ = 1 -EXCEPTION_RECORD._fields_ = [ ("ExceptionCode", c_ulong), - ("ExceptionFlags", c_ulong), - ("ExceptionRecord", POINTER(EXCEPTION_RECORD)), - ("ExceptionAddress", c_void_p), - ("NumberParameters", c_ulong), - ("ExceptionInformation", c_ulong * EXCEPTION_MAXIMUM_PARAMETERS) ] +EXCEPTION_RECORD._fields_ = [ + ("ExceptionCode", DWORD), + ("ExceptionFlags", DWORD), + ("ExceptionRecord", POINTER(EXCEPTION_RECORD)), + ("ExceptionAddress", PVOID), + ("NumberParameters", DWORD), + ("ExceptionInformation", ULONG_PTR * EXCEPTION_MAXIMUM_PARAMETERS) +] class EXCEPTION_DEBUG_INFO(Structure): - _pack_ = 1 - _fields_ = [ ("ExceptionRecord", EXCEPTION_RECORD), - ("dwFirstChance", c_ulong) ] + _pack_ = 1 + _fields_ = [ + ("ExceptionRecord", EXCEPTION_RECORD), + ("dwFirstChance", DWORD) + ] class CREATE_THREAD_DEBUG_INFO(Structure): - _pack_ = 1 - _fields_ = [ ("hThread", c_void_p), - ("lpThreadLocalBase", c_void_p), - ("lpStartAddress", c_void_p) ] + _pack_ = 1 + _fields_ = [ + ("hThread", HANDLE), + ("lpThreadLocalBase", LPVOID), + ("lpStartAddress", LPTHREAD_START_ROUTINE) + ] class CREATE_PROCESS_DEBUG_INFO(Structure): - _pack_ = 1 - _fields_ = [ ("hFile", c_void_p), - ("hProcess", c_void_p), - ("hThread", c_void_p), - ("dwDebugInfoFileOffset", c_ulong), - ("nDebugInfoSize", c_ulong), - ("lpThreadLocalBase", c_void_p), - ("lpStartAddress", c_void_p), - ("lpImageName", c_void_p), - ("fUnicode", c_ushort) ] + _pack_ = 1 + _fields_ = [ + ("hFile", HANDLE), + ("hProcess", HANDLE), + ("hThread", HANDLE), + ("lpBaseOfImage", LPVOID), + ("dwDebugInfoFileOffset", DWORD), + ("nDebugInfoSize", DWORD), + ("lpThreadLocalBase", LPVOID), + ("lpStartAddress", LPTHREAD_START_ROUTINE), + ("lpImageName", LPVOID), + ("fUnicode", WORD) + ] class EXIT_THREAD_DEBUG_INFO(Structure): - _pack_ = 1 - _fields_ = [ ("dwExitCode", c_ulong) ] + _pack_ = 1 + _fields_ = [ + ("dwExitCode", DWORD) + ] class EXIT_PROCESS_DEBUG_INFO(Structure): - _pack_ = 1 - _fields_ = [ ("dwExitCode", c_ulong) ] + _pack_ = 1 + _fields_ = [ + ("dwExitCode", DWORD) + ] class LOAD_DLL_DEBUG_INFO(Structure): - _pack_ = 1 - _fields_ = [ ("hFile", c_void_p), - ("lpBaseOfDll", c_void_p), - ("dwDebugInfoFileOffset", c_ulong), - ("nDebugInfoSize", c_ulong), - ("lpImageName", c_void_p), - ("fUnicode", c_ushort) ] + _pack_ = 1 + _fields_ = [ + ("hFile", HANDLE), + ("lpBaseOfDll", LPVOID), + ("dwDebugInfoFileOffset", DWORD), + ("nDebugInfoSize", DWORD), + ("lpImageName", LPVOID), + ("fUnicode", WORD) + ] class UNLOAD_DLL_DEBUG_INFO(Structure): - _pack_ = 1 - _fields_ = [ ("lpBaseOfDll", c_void_p) ] + _pack_ = 1 + _fields_ = [ + ("lpBaseOfDll", LPVOID) + ] class OUTPUT_DEBUG_STRING_INFO(Structure): - _pack_ = 1 - _fields_ = [ ("lpDebugStringData", c_char_p), - ("fUnicode", c_ushort), - ("nDebugStringLength", c_ushort) ] + _pack_ = 1 + _fields_ = [ + ("lpDebugStringData", LPSTR), + ("fUnicode", WORD), + ("nDebugStringLength", WORD) + ] class RIP_INFO(Structure): - _pack_ = 1 - _fields_ = [ ("dwError", c_ulong), - ("dwType", c_ulong) ] + _pack_ = 1 + _fields_ = [ + ("dwError", DWORD), + ("dwType", DWORD) + ] class _U(Union): - _pack_ = 1 - _fields_ = [ ("Exception", EXCEPTION_DEBUG_INFO), - ("CreateThread", CREATE_THREAD_DEBUG_INFO), - ("CreateProcessInfo", CREATE_PROCESS_DEBUG_INFO), - ("ExitThread", EXIT_THREAD_DEBUG_INFO), - ("ExitProcess", EXIT_PROCESS_DEBUG_INFO), - ("LoadDll", LOAD_DLL_DEBUG_INFO), - ("UnloadDll", UNLOAD_DLL_DEBUG_INFO), - ("DebugString", OUTPUT_DEBUG_STRING_INFO), - ("RipInfo", RIP_INFO) ] + _pack_ = 1 + _fields_ = [ + ("Exception", EXCEPTION_DEBUG_INFO), + ("CreateThread", CREATE_THREAD_DEBUG_INFO), + ("CreateProcessInfo", CREATE_PROCESS_DEBUG_INFO), + ("ExitThread", EXIT_THREAD_DEBUG_INFO), + ("ExitProcess", EXIT_PROCESS_DEBUG_INFO), + ("LoadDll", LOAD_DLL_DEBUG_INFO), + ("UnloadDll", UNLOAD_DLL_DEBUG_INFO), + ("DebugString", OUTPUT_DEBUG_STRING_INFO), + ("RipInfo", RIP_INFO) + ] class DEBUG_EVENT(Structure): - _pack_ = 1 + _pack_ = 1 _anonymous_ = ("u",) - _fields_ = [ ("dwDebugEventCode", c_ulong), - ("dwProcessId", c_ulong), - ("dwThreadId", c_ulong), - ("u", _U) ] + _fields_ = [ + ("dwDebugEventCode", DWORD), + ("dwProcessId", DWORD), + ("dwThreadId", DWORD), + ("u", _U) + ] class STARTUPINFOW(Structure): - _pack_ = 1 - _fields_ = [ ("cb", c_ulong), - ("lpReserved", c_wchar_p), - ("lpDesktop", c_wchar_p), - ("lpTitle", c_wchar_p), - ("dwX", c_ulong), - ("dwY", c_ulong), - ("dwXSize", c_ulong), - ("dwYSize", c_ulong), - ("dwXCountChars", c_ulong), - ("dwYCountChars", c_ulong), - ("dwFillAttribute", c_ulong), - ("dwFlags", c_ulong), - ("wShowWindow", c_ushort), - ("cbReserved2", c_ushort), - ("lpReserved2", POINTER(c_ubyte)), - ("hStdInput", c_void_p), - ("hStdOutput", c_void_p), - ("hStdError", c_void_p) ] + _pack_ = 1 + _fields_ = [ + ("cb", DWORD), + ("lpReserved", LPWSTR), + ("lpDesktop", LPWSTR), + ("lpTitle", LPWSTR), + ("dwX", DWORD), + ("dwY", DWORD), + ("dwXSize", DWORD), + ("dwYSize", DWORD), + ("dwXCountChars", DWORD), + ("dwYCountChars", DWORD), + ("dwFillAttribute", DWORD), + ("dwFlags", DWORD), + ("wShowWindow", WORD), + ("cbReserved2", WORD), + ("lpReserved2", LPBYTE), + ("hStdInput", HANDLE), + ("hStdOutput", HANDLE), + ("hStdError", HANDLE) + ] -fImportEnum = WINFUNCTYPE(None, POINTER(ImportEnumData)) -fImportFix = WINFUNCTYPE(None, c_void_p) -fResourceEnum = WINFUNCTYPE(None, c_wchar_p, c_ulong, c_wchar_p, c_ulong, c_ulong, c_ulong, c_ulong) -fThreadEnum = WINFUNCTYPE(None, POINTER(THREAD_ITEM_DATA)) -fThreadExit = WINFUNCTYPE(None, POINTER(EXIT_THREAD_DEBUG_INFO)) -fBreakPoint = WINFUNCTYPE(None) -fCustomHandler = WINFUNCTYPE(None, c_void_p) +fImportEnum = WINFUNCTYPE(None, POINTER(ImportEnumData)) +fImportFix = WINFUNCTYPE(c_void_p, c_void_p) +fResourceEnum = WINFUNCTYPE(None, c_wchar_p, DWORD, c_wchar_p, DWORD, DWORD, DWORD, DWORD) +fThreadEnum = WINFUNCTYPE(None, POINTER(THREAD_ITEM_DATA)) +fThreadExit = WINFUNCTYPE(None, POINTER(EXIT_THREAD_DEBUG_INFO)) +fBreakPoint = WINFUNCTYPE(None) +fCustomHandler = WINFUNCTYPE(None, c_void_p) fLibraryBreakPoint = WINFUNCTYPE(None, POINTER(LOAD_DLL_DEBUG_INFO)) -fLibraryEnum = WINFUNCTYPE(None, POINTER(LIBRARY_ITEM_DATA)) -fLibraryEnumW = WINFUNCTYPE(None, POINTER(LIBRARY_ITEM_DATAW)) -fHookEnum = WINFUNCTYPE(c_bool, POINTER(HOOK_ENTRY), c_void_p, POINTER(LIBRARY_ITEM_DATA), c_ulong) -fProcessWithLibraryEnum = WINFUNCTYPE(None, c_ulong, c_void_p) -fStaticDecrypt = WINFUNCTYPE(c_bool, c_void_p, c_ulong) -fInitializeDbg = WINFUNCTYPE(None, c_char_p, c_ubyte, c_ubyte) +fLibraryEnum = WINFUNCTYPE(None, POINTER(LIBRARY_ITEM_DATA)) +fLibraryEnumW = WINFUNCTYPE(None, POINTER(LIBRARY_ITEM_DATAW)) +fHookEnum = WINFUNCTYPE(c_bool, POINTER(HOOK_ENTRY), c_void_p, POINTER(LIBRARY_ITEM_DATA), DWORD) +fProcessWithLibraryEnum = WINFUNCTYPE(None, DWORD, HMODULE) +fStaticDecrypt = WINFUNCTYPE(c_bool, c_void_p, c_long) +fInitializeDbg = WINFUNCTYPE(None, c_char_p, c_ubyte, c_ubyte) -TE.GetPE32DataFromMappedFile.restype = c_ulonglong -TE.GetPE32Data.restype = c_ulonglong -TE.GetPE32DataW.restype = c_ulonglong -TE.ConvertVAtoFileOffset.restype = c_ulonglong -TE.ConvertVAtoFileOffsetEx.restype = c_ulonglong -TE.ConvertFileOffsetToVA.restype = c_ulonglong -TE.ConvertFileOffsetToVAEx.restype = c_ulonglong -TE.ResourcerLoadFileForResourceUse.restype = c_ulonglong -TE.ResourcerLoadFileForResourceUseW.restype = c_ulonglong -TE.ThreaderCreateRemoteThread.restype = c_ulonglong -TE.ThreaderCreateRemoteThreadEx.restype = c_ulonglong -TE.ThreaderGetOpenHandleForThread.restype = c_ulonglong -TE.GetContextDataEx.restype = c_ulonglong -TE.GetContextData.restype = c_ulonglong -TE.FindEx.restype = c_ulonglong -TE.Find.restype = c_ulonglong -TE.GetDebuggedDLLBaseAddress.restype = c_ulonglong -TE.GetDebuggedFileBaseAddress.restype = c_ulonglong -TE.GetFunctionParameter.restype = c_ulonglong -TE.GetJumpDestinationEx.restype = c_ulonglong -TE.GetJumpDestination.restype = c_ulonglong -TE.ImporterGetCurrentDelta.restype = c_ulonglong -TE.ImporterFindAPIWriteLocation.restype = c_ulonglong -TE.ImporterFindOrdinalAPIWriteLocation.restype = c_ulonglong -TE.ImporterFindAPIByWriteLocation.restype = c_ulonglong -TE.ImporterFindDLLByWriteLocation.restype = c_ulonglong -TE.ImporterGetAPIOrdinalNumber.restype = c_ulonglong -TE.ImporterGetRemoteAPIAddress.restype = c_ulonglong -TE.ImporterGetRemoteAPIAddressEx.restype = c_ulonglong -TE.ImporterGetLocalAPIAddress.restype = c_ulonglong -TE.ImporterGetAPIOrdinalNumberFromDebugee.restype = c_ulonglong -TE.ImporterGetRemoteDLLBase.restype = c_ulonglong -TE.ImporterGetForwardedAPIOrdinalNumber.restype = c_ulonglong -TE.ImporterGetNearestAPIAddress.restype = c_ulonglong -TE.TracerLevel1.restype = c_ulonglong -TE.HashTracerLevel1.restype = c_ulonglong -TE.TracerFixKnownRedirection.restype = c_ulonglong -TE.HandlerGetHandleDetails.restype = c_ulonglong -TE.HandlerGetOpenMutexHandle.restype = c_ulonglong -TE.HandlerGetOpenMutexHandleW.restype = c_ulonglong +# Global.Function.Declaration: +# TitanEngine.Dumper.functions: +DumpProcess = WINFUNCTYPE(c_bool, HANDLE, LPVOID, c_char_p, ULONG_PTR)(TE.DumpProcess) +DumpProcessW = WINFUNCTYPE(c_bool, HANDLE, LPVOID, c_wchar_p, ULONG_PTR)(TE.DumpProcessW) +DumpProcessEx = WINFUNCTYPE(c_bool, DWORD, LPVOID, c_char_p, ULONG_PTR)(TE.DumpProcessEx) +DumpProcessExW = WINFUNCTYPE(c_bool, DWORD, LPVOID, c_wchar_p, ULONG_PTR)(TE.DumpProcessExW) +DumpMemory = WINFUNCTYPE(c_bool, HANDLE, LPVOID, ULONG_PTR, c_char_p)(TE.DumpMemory) +DumpMemoryW = WINFUNCTYPE(c_bool, HANDLE, LPVOID, ULONG_PTR, c_wchar_p)(TE.DumpMemoryW) +DumpMemoryEx = WINFUNCTYPE(c_bool, DWORD, LPVOID, ULONG_PTR, c_char_p)(TE.DumpMemoryEx) +DumpMemoryExW = WINFUNCTYPE(c_bool, DWORD, LPVOID, ULONG_PTR, c_wchar_p)(TE.DumpMemoryExW) +DumpRegions = WINFUNCTYPE(c_bool, HANDLE, c_char_p, c_bool)(TE.DumpRegions) +DumpRegionsW = WINFUNCTYPE(c_bool, HANDLE, c_wchar_p, c_bool)(TE.DumpRegionsW) +DumpRegionsEx = WINFUNCTYPE(c_bool, DWORD, c_char_p, c_bool)(TE.DumpRegionsEx) +DumpRegionsExW = WINFUNCTYPE(c_bool, DWORD, c_wchar_p, c_bool)(TE.DumpRegionsExW) +DumpModule = WINFUNCTYPE(c_bool, HANDLE, LPVOID, c_char_p)(TE.DumpModule) +DumpModuleW = WINFUNCTYPE(c_bool, HANDLE, LPVOID, c_wchar_p)(TE.DumpModuleW) +DumpModuleEx = WINFUNCTYPE(c_bool, DWORD, LPVOID, c_char_p)(TE.DumpModuleEx) +DumpModuleExW = WINFUNCTYPE(c_bool, DWORD, LPVOID, c_wchar_p)(TE.DumpModuleExW) +PastePEHeader = WINFUNCTYPE(c_bool, HANDLE, LPVOID, c_char_p)(TE.PastePEHeader) +PastePEHeaderW = WINFUNCTYPE(c_bool, HANDLE, LPVOID, c_wchar_p)(TE.PastePEHeaderW) +ExtractSection = WINFUNCTYPE(c_bool, c_char_p, c_char_p, DWORD)(TE.ExtractSection) +ExtractSectionW = WINFUNCTYPE(c_bool, c_wchar_p, c_wchar_p, DWORD)(TE.ExtractSectionW) +ResortFileSections = WINFUNCTYPE(c_bool, c_char_p)(TE.ResortFileSections) +ResortFileSectionsW = WINFUNCTYPE(c_bool, c_wchar_p)(TE.ResortFileSectionsW) +FindOverlay = WINFUNCTYPE(c_bool, c_char_p, LPDWORD, LPDWORD)(TE.FindOverlay) +FindOverlayW = WINFUNCTYPE(c_bool, c_wchar_p, LPDWORD, LPDWORD)(TE.FindOverlayW) +ExtractOverlay = WINFUNCTYPE(c_bool, c_char_p, c_char_p)(TE.ExtractOverlay) +ExtractOverlayW = WINFUNCTYPE(c_bool, c_wchar_p, c_wchar_p)(TE.ExtractOverlayW) +AddOverlay = WINFUNCTYPE(c_bool, c_char_p, c_char_p)(TE.AddOverlay) +AddOverlayW = WINFUNCTYPE(c_bool, c_wchar_p, c_wchar_p)(TE.AddOverlayW) +CopyOverlay = WINFUNCTYPE(c_bool, c_char_p, c_char_p)(TE.CopyOverlay) +CopyOverlayW = WINFUNCTYPE(c_bool, c_wchar_p, c_wchar_p)(TE.CopyOverlayW) +RemoveOverlay = WINFUNCTYPE(c_bool, c_char_p)(TE.RemoveOverlay) +RemoveOverlayW = WINFUNCTYPE(c_bool, c_wchar_p)(TE.RemoveOverlayW) +MakeAllSectionsRWE = WINFUNCTYPE(c_bool, c_char_p)(TE.MakeAllSectionsRWE) +MakeAllSectionsRWEW = WINFUNCTYPE(c_bool, c_wchar_p)(TE.MakeAllSectionsRWEW) +AddNewSectionEx = WINFUNCTYPE(c_long, c_char_p, c_char_p, DWORD, DWORD, LPVOID, DWORD)(TE.AddNewSectionEx) +AddNewSectionExW = WINFUNCTYPE(c_long, c_wchar_p, c_char_p, DWORD, DWORD, LPVOID, DWORD)(TE.AddNewSectionExW) +AddNewSection = WINFUNCTYPE(c_long, c_char_p, c_char_p, DWORD)(TE.AddNewSection) +AddNewSectionW = WINFUNCTYPE(c_long, c_wchar_p, c_char_p, DWORD)(TE.AddNewSectionW) +ResizeLastSection = WINFUNCTYPE(c_bool, c_char_p, DWORD, c_bool)(TE.ResizeLastSection) +ResizeLastSectionW = WINFUNCTYPE(c_bool, c_wchar_p, DWORD, c_bool)(TE.ResizeLastSectionW) +SetSharedOverlay = WINFUNCTYPE(None, c_char_p)(TE.SetSharedOverlay) +SetSharedOverlayW = WINFUNCTYPE(None, c_wchar_p)(TE.SetSharedOverlayW) +GetSharedOverlay = WINFUNCTYPE(c_char_p)(TE.GetSharedOverlay) +GetSharedOverlayW = WINFUNCTYPE(c_wchar_p)(TE.GetSharedOverlayW) +DeleteLastSection = WINFUNCTYPE(c_bool, c_char_p)(TE.DeleteLastSection) +DeleteLastSectionW = WINFUNCTYPE(c_bool, c_wchar_p)(TE.DeleteLastSectionW) +DeleteLastSectionEx = WINFUNCTYPE(c_bool, c_char_p, DWORD)(TE.DeleteLastSectionEx) +DeleteLastSectionExW = WINFUNCTYPE(c_bool, c_wchar_p, DWORD)(TE.DeleteLastSectionExW) +GetPE32DataFromMappedFile = WINFUNCTYPE(c_void_p, ULONG_PTR, DWORD, DWORD)(TE.GetPE32DataFromMappedFile) +GetPE32DataFromMappedFile.restype = ULONG_PTR +GetPE32Data = WINFUNCTYPE(c_void_p, c_char_p, DWORD, DWORD)(TE.GetPE32Data) +GetPE32Data.restype = ULONG_PTR +GetPE32DataW = WINFUNCTYPE(c_void_p, c_wchar_p, DWORD, DWORD)(TE.GetPE32DataW) +GetPE32DataW.restype = ULONG_PTR +GetPE32DataFromMappedFileEx = WINFUNCTYPE(c_bool, ULONG_PTR, LPVOID)(TE.GetPE32DataFromMappedFileEx) +GetPE32DataEx = WINFUNCTYPE(c_bool, c_char_p, LPVOID)(TE.GetPE32DataEx) +GetPE32DataExW = WINFUNCTYPE(c_bool, c_wchar_p, LPVOID)(TE.GetPE32DataExW) +SetPE32DataForMappedFile = WINFUNCTYPE(c_bool, ULONG_PTR, DWORD, DWORD, ULONG_PTR)(TE.SetPE32DataForMappedFile) +SetPE32Data = WINFUNCTYPE(c_bool, c_char_p, DWORD, DWORD, ULONG_PTR)(TE.SetPE32Data) +SetPE32DataW = WINFUNCTYPE(c_bool, c_wchar_p, DWORD, DWORD, ULONG_PTR)(TE.SetPE32DataW) +SetPE32DataForMappedFileEx = WINFUNCTYPE(c_bool, ULONG_PTR, LPVOID)(TE.SetPE32DataForMappedFileEx) +SetPE32DataEx = WINFUNCTYPE(c_bool, c_char_p, LPVOID)(TE.SetPE32DataEx) +SetPE32DataExW = WINFUNCTYPE(c_bool, c_wchar_p, LPVOID)(TE.SetPE32DataExW) +GetPE32SectionNumberFromVA = WINFUNCTYPE(c_long, ULONG_PTR, ULONG_PTR)(TE.GetPE32SectionNumberFromVA) +ConvertVAtoFileOffset = WINFUNCTYPE(c_void_p, ULONG_PTR, ULONG_PTR, c_bool)(TE.ConvertVAtoFileOffset) +ConvertVAtoFileOffset.restype = ULONG_PTR +ConvertVAtoFileOffsetEx = WINFUNCTYPE(c_void_p, ULONG_PTR, DWORD, ULONG_PTR, ULONG_PTR, c_bool, c_bool)(TE.ConvertVAtoFileOffsetEx) +ConvertVAtoFileOffsetEx.restype = ULONG_PTR +ConvertFileOffsetToVA = WINFUNCTYPE(c_void_p, ULONG_PTR, ULONG_PTR, c_bool)(TE.ConvertFileOffsetToVA) +ConvertFileOffsetToVA.restype = ULONG_PTR +ConvertFileOffsetToVAEx = WINFUNCTYPE(c_void_p, ULONG_PTR, DWORD, ULONG_PTR, ULONG_PTR, c_bool)(TE.ConvertFileOffsetToVAEx) +ConvertFileOffsetToVAEx.restype = ULONG_PTR +MemoryReadSafe = WINFUNCTYPE(c_bool, HANDLE, LPVOID, LPVOID, SIZE_T, POINTER(SIZE_T))(TE.MemoryReadSafe) +MemoryWriteSafe = WINFUNCTYPE(c_bool, HANDLE, LPVOID, LPCVOID, SIZE_T, POINTER(SIZE_T))(TE.MemoryWriteSafe) -TE.GetSharedOverlay.restype = c_char_p -TE.StaticDisassembleEx.restype = c_char_p -TE.StaticDisassemble.restype = c_char_p -TE.DisassembleEx.restype = c_char_p -TE.Disassemble.restype = c_char_p -TE.ImporterGetLastAddedDLLName.restype = c_char_p -TE.ImporterGetDLLName.restype = c_char_p -TE.ImporterGetAPIName.restype = c_char_p -TE.ImporterGetAPINameEx.restype = c_char_p -TE.ImporterGetDLLNameFromDebugee.restype = c_char_p -TE.ImporterGetAPINameFromDebugee.restype = c_char_p -TE.ImporterGetForwardedAPIName.restype = c_char_p -TE.ImporterGetForwardedDLLName.restype = c_char_p -TE.ImporterGetNearestAPIName.restype = c_char_p -TE.TranslateNativeName.restype = c_char_p -TE.HandlerGetHandleName.restype = c_char_p +# TitanEngine.Realigner.functions: +FixHeaderCheckSum = WINFUNCTYPE(c_bool, c_char_p)(TE.FixHeaderCheckSum) +FixHeaderCheckSumW = WINFUNCTYPE(c_bool, c_wchar_p)(TE.FixHeaderCheckSumW) +RealignPE = WINFUNCTYPE(c_long, ULONG_PTR, DWORD, DWORD)(TE.RealignPE) +RealignPEEx = WINFUNCTYPE(c_long, c_char_p, DWORD, DWORD)(TE.RealignPEEx) +RealignPEExW = WINFUNCTYPE(c_long, c_wchar_p, DWORD, DWORD)(TE.RealignPEExW) +WipeSection = WINFUNCTYPE(c_bool, c_char_p, c_int, c_bool)(TE.WipeSection) +WipeSectionW = WINFUNCTYPE(c_bool, c_wchar_p, c_int, c_bool)(TE.WipeSectionW) +IsPE32FileValidEx = WINFUNCTYPE(c_bool, c_char_p, DWORD, LPVOID)(TE.IsPE32FileValidEx) +IsPE32FileValidExW = WINFUNCTYPE(c_bool, c_wchar_p, DWORD, LPVOID)(TE.IsPE32FileValidExW) +FixBrokenPE32FileEx = WINFUNCTYPE(c_bool, c_char_p, LPVOID, LPVOID)(TE.FixBrokenPE32FileEx) +FixBrokenPE32FileExW = WINFUNCTYPE(c_bool, c_wchar_p, LPVOID, LPVOID)(TE.FixBrokenPE32FileExW) +IsFileDLL = WINFUNCTYPE(c_bool, c_char_p, ULONG_PTR)(TE.IsFileDLL) +IsFileDLLW = WINFUNCTYPE(c_bool, c_wchar_p, ULONG_PTR)(TE.IsFileDLLW) -TE.GetSharedOverlayW.restype = c_wchar_p -TE.TranslateNativeNameW.restype = c_wchar_p -TE.HandlerGetHandleNameW.restype = c_wchar_p +# TitanEngine.Hider.functions: +GetPEBLocation = WINFUNCTYPE(c_void_p, HANDLE)(TE.GetPEBLocation) +GetPEBLocation64 = WINFUNCTYPE(c_void_p, HANDLE)(TE.GetPEBLocation64) +GetTEBLocation = WINFUNCTYPE(c_void_p, HANDLE)(TE.GetTEBLocation) +GetTEBLocation64 = WINFUNCTYPE(c_void_p, HANDLE)(TE.GetTEBLocation64) +HideDebugger = WINFUNCTYPE(c_bool, HANDLE, DWORD)(TE.HideDebugger) +UnHideDebugger = WINFUNCTYPE(c_bool, HANDLE, DWORD)(TE.UnHideDebugger) -TE.GetPEBLocation.restype = c_void_p -TE.GetPEBLocation64.restype = c_void_p +# TitanEngine.Relocater.functions: +RelocaterCleanup = WINFUNCTYPE(None)(TE.RelocaterCleanup) +RelocaterInit = WINFUNCTYPE(None, DWORD, ULONG_PTR, ULONG_PTR)(TE.RelocaterInit) +RelocaterAddNewRelocation = WINFUNCTYPE(None, HANDLE, ULONG_PTR, DWORD)(TE.RelocaterAddNewRelocation) +RelocaterEstimatedSize = WINFUNCTYPE(c_long)(TE.RelocaterEstimatedSize) +RelocaterExportRelocation = WINFUNCTYPE(c_bool, ULONG_PTR, DWORD, ULONG_PTR)(TE.RelocaterExportRelocation) +RelocaterExportRelocationEx = WINFUNCTYPE(c_bool, c_char_p, c_char_p)(TE.RelocaterExportRelocationEx) +RelocaterExportRelocationExW = WINFUNCTYPE(c_bool, c_wchar_p, c_char_p)(TE.RelocaterExportRelocationExW) +RelocaterGrabRelocationTable = WINFUNCTYPE(c_bool, HANDLE, ULONG_PTR, DWORD)(TE.RelocaterGrabRelocationTable) +RelocaterGrabRelocationTableEx = WINFUNCTYPE(c_bool, HANDLE, ULONG_PTR, ULONG_PTR, DWORD)(TE.RelocaterGrabRelocationTableEx) +RelocaterMakeSnapshot = WINFUNCTYPE(c_bool, HANDLE, c_char_p, LPVOID, ULONG_PTR)(TE.RelocaterMakeSnapshot) +RelocaterMakeSnapshotW = WINFUNCTYPE(c_bool, HANDLE, c_wchar_p, LPVOID, ULONG_PTR)(TE.RelocaterMakeSnapshotW) +RelocaterCompareTwoSnapshots = WINFUNCTYPE(c_bool, HANDLE, ULONG_PTR, ULONG_PTR, c_char_p, c_char_p, ULONG_PTR)(TE.RelocaterCompareTwoSnapshots) +RelocaterCompareTwoSnapshotsW = WINFUNCTYPE(c_bool, HANDLE, ULONG_PTR, ULONG_PTR, c_wchar_p, c_wchar_p, ULONG_PTR)(TE.RelocaterCompareTwoSnapshotsW) +RelocaterChangeFileBase = WINFUNCTYPE(c_bool, c_char_p, ULONG_PTR)(TE.RelocaterChangeFileBase) +RelocaterChangeFileBaseW = WINFUNCTYPE(c_bool, c_wchar_p, ULONG_PTR)(TE.RelocaterChangeFileBaseW) +RelocaterRelocateMemoryBlock = WINFUNCTYPE(c_bool, ULONG_PTR, ULONG_PTR, c_void_p, DWORD, ULONG_PTR, ULONG_PTR)(TE.RelocaterRelocateMemoryBlock) +RelocaterWipeRelocationTable = WINFUNCTYPE(c_bool, c_char_p)(TE.RelocaterWipeRelocationTable) +RelocaterWipeRelocationTableW = WINFUNCTYPE(c_bool, c_wchar_p)(TE.RelocaterWipeRelocationTableW) -TE.ThreaderGetThreadInfo.restype = POINTER(THREAD_ITEM_DATA) +# TitanEngine.Resourcer.functions: +ResourcerLoadFileForResourceUse = WINFUNCTYPE(c_void_p, c_char_p)(TE.ResourcerLoadFileForResourceUse) +ResourcerLoadFileForResourceUse.restype = ULONG_PTR +ResourcerLoadFileForResourceUseW = WINFUNCTYPE(c_void_p, c_wchar_p)(TE.ResourcerLoadFileForResourceUseW) +ResourcerLoadFileForResourceUseW.restype = ULONG_PTR +ResourcerFreeLoadedFile = WINFUNCTYPE(c_bool, LPVOID)(TE.ResourcerFreeLoadedFile) +ResourcerExtractResourceFromFileEx = WINFUNCTYPE(c_bool, HMODULE, c_char_p, c_char_p, c_char_p)(TE.ResourcerExtractResourceFromFileEx) +ResourcerExtractResourceFromFile = WINFUNCTYPE(c_bool, c_char_p, c_char_p, c_char_p, c_char_p)(TE.ResourcerExtractResourceFromFile) +ResourcerExtractResourceFromFileW = WINFUNCTYPE(c_bool, c_wchar_p, c_char_p, c_char_p, c_char_p)(TE.ResourcerExtractResourceFromFileW) +ResourcerFindResource = WINFUNCTYPE(c_bool, c_char_p, c_char_p, DWORD, c_char_p, DWORD, DWORD, PULONG_PTR, LPDWORD)(TE.ResourcerFindResource) +ResourcerFindResourceW = WINFUNCTYPE(c_bool, c_wchar_p, c_wchar_p, DWORD, c_wchar_p, DWORD, DWORD, PULONG_PTR, LPDWORD)(TE.ResourcerFindResourceW) +ResourcerFindResourceEx = WINFUNCTYPE(c_bool, ULONG_PTR, DWORD, c_wchar_p, DWORD, c_wchar_p, DWORD, DWORD, PULONG_PTR, LPDWORD)(TE.ResourcerFindResourceEx) +ResourcerEnumerateResource = WINFUNCTYPE(None, c_char_p, c_void_p)(TE.ResourcerEnumerateResource) +ResourcerEnumerateResourceW = WINFUNCTYPE(None, c_wchar_p, c_void_p)(TE.ResourcerEnumerateResourceW) +ResourcerEnumerateResourceEx = WINFUNCTYPE(None, ULONG_PTR, DWORD, c_void_p)(TE.ResourcerEnumerateResourceEx) -TE.InitDebug.restype = POINTER(PROCESS_INFORMATION) -TE.InitDebugW.restype = POINTER(PROCESS_INFORMATION) -TE.InitNativeDebug.restype = POINTER(PROCESS_INFORMATION) -TE.InitNativeDebugW.restype = POINTER(PROCESS_INFORMATION) -TE.InitDebugEx.restype = POINTER(PROCESS_INFORMATION) -TE.InitDebugExW.restype = POINTER(PROCESS_INFORMATION) -TE.InitDLLDebug.restype = POINTER(PROCESS_INFORMATION) -TE.InitDLLDebugW.restype = POINTER(PROCESS_INFORMATION) +# TitanEngine.Threader.functions: +ThreaderImportRunningThreadData = WINFUNCTYPE(c_bool, DWORD)(TE.ThreaderImportRunningThreadData) +ThreaderGetThreadInfo = WINFUNCTYPE(c_void_p, HANDLE, DWORD)(TE.ThreaderGetThreadInfo) +ThreaderGetThreadInfo.restype = POINTER(THREAD_ITEM_DATA) +ThreaderEnumThreadInfo = WINFUNCTYPE(None, c_void_p)(TE.ThreaderEnumThreadInfo) +ThreaderPauseThread = WINFUNCTYPE(c_bool, HANDLE)(TE.ThreaderPauseThread) +ThreaderResumeThread = WINFUNCTYPE(c_bool, HANDLE)(TE.ThreaderResumeThread) +ThreaderTerminateThread = WINFUNCTYPE(c_bool, HANDLE, DWORD)(TE.ThreaderTerminateThread) +ThreaderPauseAllThreads = WINFUNCTYPE(c_bool, c_bool)(TE.ThreaderPauseAllThreads) +ThreaderResumeAllThreads = WINFUNCTYPE(c_bool, c_bool)(TE.ThreaderResumeAllThreads) +ThreaderPauseProcess = WINFUNCTYPE(c_bool)(TE.ThreaderPauseProcess) +ThreaderResumeProcess = WINFUNCTYPE(c_bool)(TE.ThreaderResumeProcess) +ThreaderCreateRemoteThread = WINFUNCTYPE(c_void_p, ULONG_PTR, c_bool, LPVOID, LPDWORD)(TE.ThreaderCreateRemoteThread) +ThreaderCreateRemoteThread.restype = ULONG_PTR +ThreaderInjectAndExecuteCode = WINFUNCTYPE(c_bool, LPVOID, DWORD, DWORD)(TE.ThreaderInjectAndExecuteCode) +ThreaderCreateRemoteThreadEx = WINFUNCTYPE(c_void_p, HANDLE, ULONG_PTR, c_bool, LPVOID, LPDWORD)(TE.ThreaderCreateRemoteThreadEx) +ThreaderCreateRemoteThreadEx.restype = ULONG_PTR +ThreaderInjectAndExecuteCodeEx = WINFUNCTYPE(c_bool, HANDLE, LPVOID, DWORD, DWORD)(TE.ThreaderInjectAndExecuteCodeEx) +ThreaderSetCallBackForNextExitThreadEvent = WINFUNCTYPE(None, LPVOID)(TE.ThreaderSetCallBackForNextExitThreadEvent) +ThreaderIsThreadStillRunning = WINFUNCTYPE(c_bool, HANDLE)(TE.ThreaderIsThreadStillRunning) +ThreaderIsThreadActive = WINFUNCTYPE(c_bool, HANDLE)(TE.ThreaderIsThreadActive) +ThreaderIsAnyThreadActive = WINFUNCTYPE(c_bool)(TE.ThreaderIsAnyThreadActive) +ThreaderExecuteOnlyInjectedThreads = WINFUNCTYPE(c_bool)(TE.ThreaderExecuteOnlyInjectedThreads) +ThreaderGetOpenHandleForThread = WINFUNCTYPE(c_void_p, DWORD)(TE.ThreaderGetOpenHandleForThread) +ThreaderGetOpenHandleForThread.restype = ULONG_PTR +ThreaderIsExceptionInMainThread = WINFUNCTYPE(c_bool)(TE.ThreaderIsExceptionInMainThread) -TE.GetDebugData.restype = POINTER(DEBUG_EVENT) -TE.GetTerminationData.restype = POINTER(DEBUG_EVENT) +# TitanEngine.Debugger.functions: +StaticDisassembleEx = WINFUNCTYPE(c_void_p, ULONG_PTR, LPVOID)(TE.StaticDisassembleEx) +StaticDisassemble = WINFUNCTYPE(c_void_p, LPVOID)(TE.StaticDisassemble) +DisassembleEx = WINFUNCTYPE(c_void_p, HANDLE, LPVOID, c_bool)(TE.DisassembleEx) +Disassemble = WINFUNCTYPE(c_void_p, LPVOID)(TE.Disassemble) +StaticLengthDisassemble = WINFUNCTYPE(c_long, LPVOID)(TE.StaticLengthDisassemble) +LengthDisassembleEx = WINFUNCTYPE(c_long, HANDLE, LPVOID)(TE.LengthDisassembleEx) +LengthDisassemble = WINFUNCTYPE(c_long, LPVOID)(TE.LengthDisassemble) +InitDebug = WINFUNCTYPE(c_void_p, c_char_p, c_char_p, c_char_p)(TE.InitDebug) +InitDebug.restype = POINTER(PROCESS_INFORMATION) +InitDebugW = WINFUNCTYPE(c_void_p, c_wchar_p, c_wchar_p, c_wchar_p)(TE.InitDebugW) +InitDebugW.restype = POINTER(PROCESS_INFORMATION) +InitNativeDebug = WINFUNCTYPE(c_void_p, c_char_p, c_char_p, c_char_p)(TE.InitNativeDebug) +InitNativeDebug.restype = POINTER(PROCESS_INFORMATION) +InitNativeDebugW = WINFUNCTYPE(c_void_p, c_wchar_p, c_wchar_p, c_wchar_p)(TE.InitNativeDebugW) +InitNativeDebugW.restype = POINTER(PROCESS_INFORMATION) +InitDebugEx = WINFUNCTYPE(c_void_p, c_char_p, c_char_p, c_char_p, LPVOID)(TE.InitDebugEx) +InitDebugEx.restype = POINTER(PROCESS_INFORMATION) +InitDebugExW = WINFUNCTYPE(c_void_p, c_wchar_p, c_wchar_p, c_wchar_p, LPVOID)(TE.InitDebugExW) +InitDebugExW.restype = POINTER(PROCESS_INFORMATION) +InitDLLDebug = WINFUNCTYPE(c_void_p, c_char_p, c_bool, c_char_p, c_char_p, LPVOID)(TE.InitDLLDebug) +InitDLLDebug.restype = POINTER(PROCESS_INFORMATION) +InitDLLDebugW = WINFUNCTYPE(c_void_p, c_wchar_p, c_bool, c_wchar_p, c_wchar_p, LPVOID)(TE.InitDLLDebugW) +InitDLLDebugW.restype = POINTER(PROCESS_INFORMATION) +StopDebug = WINFUNCTYPE(c_bool)(TE.StopDebug) +SetBPXOptions = WINFUNCTYPE(None, c_long)(TE.SetBPXOptions) +IsBPXEnabled = WINFUNCTYPE(c_bool, ULONG_PTR)(TE.IsBPXEnabled) +EnableBPX = WINFUNCTYPE(c_bool, ULONG_PTR)(TE.EnableBPX) +DisableBPX = WINFUNCTYPE(c_bool, ULONG_PTR)(TE.DisableBPX) +SetBPX = WINFUNCTYPE(c_bool, ULONG_PTR, DWORD, LPVOID)(TE.SetBPX) +DeleteBPX = WINFUNCTYPE(c_bool, ULONG_PTR)(TE.DeleteBPX) +SafeDeleteBPX = WINFUNCTYPE(c_bool, ULONG_PTR)(TE.SafeDeleteBPX) +SetAPIBreakPoint = WINFUNCTYPE(c_bool, c_char_p, c_char_p, DWORD, DWORD, LPVOID)(TE.SetAPIBreakPoint) +DeleteAPIBreakPoint = WINFUNCTYPE(c_bool, c_char_p, c_char_p, DWORD)(TE.DeleteAPIBreakPoint) +SafeDeleteAPIBreakPoint = WINFUNCTYPE(c_bool, c_char_p, c_char_p, DWORD)(TE.SafeDeleteAPIBreakPoint) +SetMemoryBPX = WINFUNCTYPE(c_bool, ULONG_PTR, SIZE_T, LPVOID)(TE.SetMemoryBPX) +SetMemoryBPXEx = WINFUNCTYPE(c_bool, ULONG_PTR, SIZE_T, DWORD, c_bool, LPVOID)(TE.SetMemoryBPXEx) +RemoveMemoryBPX = WINFUNCTYPE(c_bool, ULONG_PTR, SIZE_T)(TE.RemoveMemoryBPX) +GetContextFPUDataEx = WINFUNCTYPE(c_bool, HANDLE, c_void_p)(TE.GetContextFPUDataEx) +Getx87FPURegisters = WINFUNCTYPE(None, x87FPURegister_t, POINTER(TITAN_ENGINE_CONTEXT_t))(TE.Getx87FPURegisters) +GetMMXRegisters = WINFUNCTYPE(None, c_ulonglong, POINTER(TITAN_ENGINE_CONTEXT_t))(TE.GetMMXRegisters) +GetFullContextDataEx = WINFUNCTYPE(c_bool, HANDLE, POINTER(TITAN_ENGINE_CONTEXT_t))(TE.GetFullContextDataEx) +SetFullContextDataEx = WINFUNCTYPE(c_bool, HANDLE, POINTER(TITAN_ENGINE_CONTEXT_t))(TE.SetFullContextDataEx) +GetContextDataEx = WINFUNCTYPE(c_void_p, HANDLE, DWORD)(TE.GetContextDataEx) +GetContextDataEx.restype = ULONG_PTR +GetContextData = WINFUNCTYPE(c_void_p, DWORD)(TE.GetContextData) +GetContextData.restype = ULONG_PTR +SetContextFPUDataEx = WINFUNCTYPE(c_bool, HANDLE, c_void_p)(TE.SetContextFPUDataEx) +SetContextDataEx = WINFUNCTYPE(c_bool, HANDLE, DWORD, ULONG_PTR)(TE.SetContextDataEx) +SetContextData = WINFUNCTYPE(c_bool, DWORD, ULONG_PTR)(TE.SetContextData) +GetAVXContext = WINFUNCTYPE(c_bool, HANDLE, POINTER(TITAN_ENGINE_CONTEXT_t))(TE.GetAVXContext) +SetAVXContext = WINFUNCTYPE(c_bool, HANDLE, POINTER(TITAN_ENGINE_CONTEXT_t))(TE.SetAVXContext) +ClearExceptionNumber = WINFUNCTYPE(None)(TE.ClearExceptionNumber) +CurrentExceptionNumber = WINFUNCTYPE(c_long)(TE.CurrentExceptionNumber) +MatchPatternEx = WINFUNCTYPE(c_bool, HANDLE, c_void_p, c_int, c_void_p, c_int, PBYTE)(TE.MatchPatternEx) +MatchPattern = WINFUNCTYPE(c_bool, c_void_p, c_int, c_void_p, c_int, PBYTE)(TE.MatchPattern) +FindEx = WINFUNCTYPE(c_void_p, HANDLE, LPVOID, DWORD, LPVOID, DWORD, LPBYTE)(TE.FindEx) +FindEx.restype = ULONG_PTR +FillEx = WINFUNCTYPE(c_bool, HANDLE, LPVOID, DWORD, PBYTE)(TE.FillEx) +Fill = WINFUNCTYPE(c_bool, LPVOID, DWORD, PBYTE)(TE.Fill) +PatchEx = WINFUNCTYPE(c_bool, HANDLE, LPVOID, DWORD, LPVOID, DWORD, c_bool, c_bool)(TE.PatchEx) +Patch = WINFUNCTYPE(c_bool, LPVOID, DWORD, LPVOID, DWORD, c_bool, c_bool)(TE.Patch) +ReplaceEx = WINFUNCTYPE(c_bool, HANDLE, LPVOID, DWORD, LPVOID, DWORD, DWORD, LPVOID, DWORD, PBYTE)(TE.ReplaceEx) +Replace = WINFUNCTYPE(c_bool, LPVOID, DWORD, LPVOID, DWORD, DWORD, LPVOID, DWORD, PBYTE)(TE.Replace) +GetDebugData = WINFUNCTYPE(c_void_p)(TE.GetDebugData) +GetDebugData.restype = POINTER(DEBUG_EVENT) +GetTerminationData = WINFUNCTYPE(c_void_p)(TE.GetTerminationData) +GetTerminationData.restype = POINTER(DEBUG_EVENT) +GetExitCode = WINFUNCTYPE(c_long)(TE.GetExitCode) +GetDebuggedDLLBaseAddress = WINFUNCTYPE(c_void_p)(TE.GetDebuggedDLLBaseAddress) +GetDebuggedDLLBaseAddress.restype = ULONG_PTR +GetDebuggedFileBaseAddress = WINFUNCTYPE(c_void_p)(TE.GetDebuggedFileBaseAddress) +GetDebuggedFileBaseAddress.restype = ULONG_PTR +GetRemoteString = WINFUNCTYPE(c_bool, HANDLE, LPVOID, LPVOID, c_int)(TE.GetRemoteString) +GetFunctionParameter = WINFUNCTYPE(c_void_p, HANDLE, DWORD, DWORD, DWORD)(TE.GetFunctionParameter) +GetFunctionParameter.restype = ULONG_PTR +GetJumpDestinationEx = WINFUNCTYPE(c_void_p, HANDLE, ULONG_PTR, c_bool)(TE.GetJumpDestinationEx) +GetJumpDestinationEx.restype = ULONG_PTR +GetJumpDestination = WINFUNCTYPE(c_void_p, HANDLE, ULONG_PTR)(TE.GetJumpDestination) +GetJumpDestination.restype = ULONG_PTR +IsJumpGoingToExecuteEx = WINFUNCTYPE(c_bool, HANDLE, HANDLE, ULONG_PTR, ULONG_PTR)(TE.IsJumpGoingToExecuteEx) +IsJumpGoingToExecute = WINFUNCTYPE(c_bool)(TE.IsJumpGoingToExecute) +SetCustomHandler = WINFUNCTYPE(None, DWORD, LPVOID)(TE.SetCustomHandler) +ForceClose = WINFUNCTYPE(None)(TE.ForceClose) +StepInto = WINFUNCTYPE(None, LPVOID)(TE.StepInto) +StepOver = WINFUNCTYPE(None, LPVOID)(TE.StepOver) +StepOut = WINFUNCTYPE(None, LPVOID, c_bool)(TE.StepOut) +SingleStep = WINFUNCTYPE(None, DWORD, LPVOID)(TE.SingleStep) +GetUnusedHardwareBreakPointRegister = WINFUNCTYPE(c_bool, LPDWORD)(TE.GetUnusedHardwareBreakPointRegister) +SetHardwareBreakPointEx = WINFUNCTYPE(c_bool, HANDLE, ULONG_PTR, DWORD, DWORD, DWORD, LPVOID, LPDWORD)(TE.SetHardwareBreakPointEx) +SetHardwareBreakPoint = WINFUNCTYPE(c_bool, ULONG_PTR, DWORD, DWORD, DWORD, LPVOID)(TE.SetHardwareBreakPoint) +DeleteHardwareBreakPoint = WINFUNCTYPE(c_bool, DWORD)(TE.DeleteHardwareBreakPoint) +RemoveAllBreakPoints = WINFUNCTYPE(c_bool, DWORD)(TE.RemoveAllBreakPoints) +TitanGetProcessInformation = WINFUNCTYPE(c_void_p)(TE.TitanGetProcessInformation) +TitanGetProcessInformation.restype = POINTER(PROCESS_INFORMATION) +TitanGetStartupInformation = WINFUNCTYPE(c_void_p)(TE.TitanGetStartupInformation) +TitanGetStartupInformation.restype = POINTER(STARTUPINFOW) +DebugLoop = WINFUNCTYPE(None)(TE.DebugLoop) +SetDebugLoopTimeOut = WINFUNCTYPE(None, DWORD)(TE.SetDebugLoopTimeOut) +SetNextDbgContinueStatus = WINFUNCTYPE(None, DWORD)(TE.SetNextDbgContinueStatus) +AttachDebugger = WINFUNCTYPE(c_bool, DWORD, c_bool, LPVOID, LPVOID)(TE.AttachDebugger) +DetachDebugger = WINFUNCTYPE(c_bool, DWORD)(TE.DetachDebugger) +DetachDebuggerEx = WINFUNCTYPE(c_bool, DWORD)(TE.DetachDebuggerEx) +DebugLoopEx = WINFUNCTYPE(None, DWORD)(TE.DebugLoopEx) +AutoDebugEx = WINFUNCTYPE(None, c_char_p, c_bool, c_char_p, c_char_p, DWORD, LPVOID)(TE.AutoDebugEx) +AutoDebugExW = WINFUNCTYPE(None, c_wchar_p, c_bool, c_wchar_p, c_wchar_p, DWORD, LPVOID)(TE.AutoDebugExW) +IsFileBeingDebugged = WINFUNCTYPE(c_bool)(TE.IsFileBeingDebugged) +SetErrorModel = WINFUNCTYPE(None, c_bool)(TE.SetErrorModel) -TE.GetProcessInformation.restype = POINTER(PROCESS_INFORMATION) -TE.GetStartupInformation.restype = POINTER(STARTUPINFOW) +# TitanEngine.FindOEP.functions: +FindOEPInit = WINFUNCTYPE(None)(TE.FindOEPInit) +FindOEPGenerically = WINFUNCTYPE(c_bool, c_char_p, LPVOID, LPVOID)(TE.FindOEPGenerically) +FindOEPGenericallyW = WINFUNCTYPE(c_bool, c_wchar_p, LPVOID, LPVOID)(TE.FindOEPGenericallyW) -TE.LibrarianGetLibraryInfo.restype = POINTER(LIBRARY_ITEM_DATA) -TE.LibrarianGetLibraryInfoEx.restype = POINTER(LIBRARY_ITEM_DATA) +# TitanEngine.Importer.functions: +ImporterAddNewDll = WINFUNCTYPE(None, c_char_p, ULONG_PTR)(TE.ImporterAddNewDll) +ImporterAddNewAPI = WINFUNCTYPE(None, c_char_p, ULONG_PTR)(TE.ImporterAddNewAPI) +ImporterAddNewOrdinalAPI = WINFUNCTYPE(None, ULONG_PTR, ULONG_PTR)(TE.ImporterAddNewOrdinalAPI) +ImporterGetAddedDllCount = WINFUNCTYPE(c_long)(TE.ImporterGetAddedDllCount) +ImporterGetAddedAPICount = WINFUNCTYPE(c_long)(TE.ImporterGetAddedAPICount) +ImporterExportIAT = WINFUNCTYPE(c_bool, ULONG_PTR, ULONG_PTR, HANDLE)(TE.ImporterExportIAT) +ImporterEstimatedSize = WINFUNCTYPE(c_long)(TE.ImporterEstimatedSize) +ImporterExportIATEx = WINFUNCTYPE(c_bool, c_char_p, c_char_p, c_char_p)(TE.ImporterExportIATEx) +ImporterExportIATExW = WINFUNCTYPE(c_bool, c_wchar_p, c_wchar_p, c_wchar_p)(TE.ImporterExportIATExW) +ImporterFindAPIWriteLocation = WINFUNCTYPE(c_void_p, c_char_p)(TE.ImporterFindAPIWriteLocation) +ImporterFindAPIWriteLocation.restype = ULONG_PTR +ImporterFindOrdinalAPIWriteLocation = WINFUNCTYPE(c_void_p, ULONG_PTR)(TE.ImporterFindOrdinalAPIWriteLocation) +ImporterFindOrdinalAPIWriteLocation.restype = ULONG_PTR +ImporterFindAPIByWriteLocation = WINFUNCTYPE(c_void_p, ULONG_PTR)(TE.ImporterFindAPIByWriteLocation) +ImporterFindAPIByWriteLocation.restype = ULONG_PTR +ImporterFindDLLByWriteLocation = WINFUNCTYPE(c_void_p, ULONG_PTR)(TE.ImporterFindDLLByWriteLocation) +ImporterFindDLLByWriteLocation.restype = ULONG_PTR +ImporterGetDLLName = WINFUNCTYPE(c_void_p, ULONG_PTR)(TE.ImporterGetDLLName) +ImporterGetDLLNameW = WINFUNCTYPE(c_void_p, ULONG_PTR)(TE.ImporterGetDLLNameW) +ImporterGetAPIName = WINFUNCTYPE(c_void_p, ULONG_PTR)(TE.ImporterGetAPIName) +ImporterGetAPIOrdinalNumber = WINFUNCTYPE(c_void_p, ULONG_PTR)(TE.ImporterGetAPIOrdinalNumber) +ImporterGetAPIOrdinalNumber.restype = ULONG_PTR +ImporterGetAPINameEx = WINFUNCTYPE(c_void_p, ULONG_PTR, ULONG_PTR)(TE.ImporterGetAPINameEx) +ImporterGetRemoteAPIAddress = WINFUNCTYPE(c_void_p, HANDLE, ULONG_PTR)(TE.ImporterGetRemoteAPIAddress) +ImporterGetRemoteAPIAddress.restype = ULONG_PTR +ImporterGetRemoteAPIAddressEx = WINFUNCTYPE(c_void_p, c_char_p, c_char_p)(TE.ImporterGetRemoteAPIAddressEx) +ImporterGetRemoteAPIAddressEx.restype = ULONG_PTR +ImporterGetLocalAPIAddress = WINFUNCTYPE(c_void_p, HANDLE, ULONG_PTR)(TE.ImporterGetLocalAPIAddress) +ImporterGetLocalAPIAddress.restype = ULONG_PTR +ImporterGetDLLNameFromDebugee = WINFUNCTYPE(c_void_p, HANDLE, ULONG_PTR)(TE.ImporterGetDLLNameFromDebugee) +ImporterGetDLLNameFromDebugeeW = WINFUNCTYPE(c_void_p, HANDLE, ULONG_PTR)(TE.ImporterGetDLLNameFromDebugeeW) +ImporterGetAPINameFromDebugee = WINFUNCTYPE(c_void_p, HANDLE, ULONG_PTR)(TE.ImporterGetAPINameFromDebugee) +ImporterGetAPIOrdinalNumberFromDebugee = WINFUNCTYPE(c_void_p, HANDLE, ULONG_PTR)(TE.ImporterGetAPIOrdinalNumberFromDebugee) +ImporterGetAPIOrdinalNumberFromDebugee.restype = ULONG_PTR +ImporterGetDLLIndexEx = WINFUNCTYPE(c_long, ULONG_PTR, ULONG_PTR)(TE.ImporterGetDLLIndexEx) +ImporterGetDLLIndex = WINFUNCTYPE(c_long, HANDLE, ULONG_PTR, ULONG_PTR)(TE.ImporterGetDLLIndex) +ImporterGetRemoteDLLBase = WINFUNCTYPE(c_void_p, HANDLE, HMODULE)(TE.ImporterGetRemoteDLLBase) +ImporterGetRemoteDLLBase.restype = ULONG_PTR +ImporterGetRemoteDLLBaseEx = WINFUNCTYPE(c_void_p, HANDLE, c_char_p)(TE.ImporterGetRemoteDLLBaseEx) +ImporterGetRemoteDLLBaseEx.restype = ULONG_PTR +ImporterGetRemoteDLLBaseExW = WINFUNCTYPE(c_void_p, HANDLE, c_wchar_p)(TE.ImporterGetRemoteDLLBaseExW) +ImporterIsForwardedAPI = WINFUNCTYPE(c_bool, HANDLE, ULONG_PTR)(TE.ImporterIsForwardedAPI) +ImporterGetForwardedAPIName = WINFUNCTYPE(c_void_p, HANDLE, ULONG_PTR)(TE.ImporterGetForwardedAPIName) +ImporterGetForwardedDLLName = WINFUNCTYPE(c_void_p, HANDLE, ULONG_PTR)(TE.ImporterGetForwardedDLLName) +ImporterGetForwardedDLLIndex = WINFUNCTYPE(c_long, HANDLE, ULONG_PTR, ULONG_PTR)(TE.ImporterGetForwardedDLLIndex) +ImporterGetForwardedAPIOrdinalNumber = WINFUNCTYPE(c_void_p, HANDLE, ULONG_PTR)(TE.ImporterGetForwardedAPIOrdinalNumber) +ImporterGetForwardedAPIOrdinalNumber.restype = ULONG_PTR +ImporterGetNearestAPIAddress = WINFUNCTYPE(c_void_p, HANDLE, ULONG_PTR)(TE.ImporterGetNearestAPIAddress) +ImporterGetNearestAPIAddress.restype = ULONG_PTR +ImporterGetNearestAPIName = WINFUNCTYPE(c_void_p, HANDLE, ULONG_PTR)(TE.ImporterGetNearestAPIName) +ImporterCopyOriginalIAT = WINFUNCTYPE(c_bool, c_char_p, c_char_p)(TE.ImporterCopyOriginalIAT) +ImporterCopyOriginalIATW = WINFUNCTYPE(c_bool, c_wchar_p, c_wchar_p)(TE.ImporterCopyOriginalIATW) +ImporterLoadImportTable = WINFUNCTYPE(c_bool, c_char_p)(TE.ImporterLoadImportTable) +ImporterLoadImportTableW = WINFUNCTYPE(c_bool, c_wchar_p)(TE.ImporterLoadImportTableW) +ImporterMoveOriginalIAT = WINFUNCTYPE(c_bool, c_char_p, c_char_p, c_char_p)(TE.ImporterMoveOriginalIAT) +ImporterMoveOriginalIATW = WINFUNCTYPE(c_bool, c_wchar_p, c_wchar_p, c_char_p)(TE.ImporterMoveOriginalIATW) +ImporterAutoSearchIAT = WINFUNCTYPE(None, DWORD, c_char_p, ULONG_PTR, LPVOID, LPVOID)(TE.ImporterAutoSearchIAT) +ImporterAutoSearchIATW = WINFUNCTYPE(None, DWORD, c_wchar_p, ULONG_PTR, LPVOID, LPVOID)(TE.ImporterAutoSearchIATW) +ImporterAutoSearchIATEx = WINFUNCTYPE(None, DWORD, ULONG_PTR, ULONG_PTR, LPVOID, LPVOID)(TE.ImporterAutoSearchIATEx) +ImporterEnumAddedData = WINFUNCTYPE(None, LPVOID)(TE.ImporterEnumAddedData) +ImporterAutoFixIATEx = WINFUNCTYPE(c_long, DWORD, c_char_p, c_char_p, c_bool, c_bool, ULONG_PTR, ULONG_PTR, ULONG_PTR, c_bool, c_bool, LPVOID)(TE.ImporterAutoFixIATEx) +ImporterAutoFixIATExW = WINFUNCTYPE(c_long, DWORD, c_wchar_p, c_wchar_p, c_bool, c_bool, ULONG_PTR, ULONG_PTR, ULONG_PTR, c_bool, c_bool, LPVOID)(TE.ImporterAutoFixIATExW) +ImporterAutoFixIAT = WINFUNCTYPE(c_long, DWORD, c_char_p, ULONG_PTR)(TE.ImporterAutoFixIAT) +ImporterAutoFixIATW = WINFUNCTYPE(c_long, DWORD, c_wchar_p, ULONG_PTR)(TE.ImporterAutoFixIATW) +ImporterDeleteAPI = WINFUNCTYPE(c_bool, DWORD_PTR)(TE.ImporterDeleteAPI) -TE.LibrarianGetLibraryInfoW.restype = POINTER(LIBRARY_ITEM_DATAW) -TE.LibrarianGetLibraryInfoExW.restype = POINTER(LIBRARY_ITEM_DATAW) +# Global.Engine.Hook.functions: +HooksSafeTransitionEx = WINFUNCTYPE(c_bool, LPVOID, c_int, c_bool)(TE.HooksSafeTransitionEx) +HooksSafeTransition = WINFUNCTYPE(c_bool, LPVOID, c_bool)(TE.HooksSafeTransition) +HooksIsAddressRedirected = WINFUNCTYPE(c_bool, LPVOID)(TE.HooksIsAddressRedirected) +HooksGetTrampolineAddress = WINFUNCTYPE(c_void_p, LPVOID)(TE.HooksGetTrampolineAddress) +HooksGetHookEntryDetails = WINFUNCTYPE(c_void_p, LPVOID)(TE.HooksGetHookEntryDetails) +HooksGetHookEntryDetails.restype = POINTER(HOOK_ENTRY) +HooksInsertNewRedirection = WINFUNCTYPE(c_bool, LPVOID, LPVOID, c_int)(TE.HooksInsertNewRedirection) +HooksInsertNewIATRedirectionEx = WINFUNCTYPE(c_bool, ULONG_PTR, ULONG_PTR, c_char_p, LPVOID)(TE.HooksInsertNewIATRedirectionEx) +HooksInsertNewIATRedirection = WINFUNCTYPE(c_bool, c_char_p, c_char_p, LPVOID)(TE.HooksInsertNewIATRedirection) +HooksRemoveRedirection = WINFUNCTYPE(c_bool, LPVOID, c_bool)(TE.HooksRemoveRedirection) +HooksRemoveRedirectionsForModule = WINFUNCTYPE(c_bool, HMODULE)(TE.HooksRemoveRedirectionsForModule) +HooksRemoveIATRedirection = WINFUNCTYPE(c_bool, c_char_p, c_char_p, c_bool)(TE.HooksRemoveIATRedirection) +HooksDisableRedirection = WINFUNCTYPE(c_bool, LPVOID, c_bool)(TE.HooksDisableRedirection) +HooksDisableRedirectionsForModule = WINFUNCTYPE(c_bool, HMODULE)(TE.HooksDisableRedirectionsForModule) +HooksDisableIATRedirection = WINFUNCTYPE(c_bool, c_char_p, c_char_p, c_bool)(TE.HooksDisableIATRedirection) +HooksEnableRedirection = WINFUNCTYPE(c_bool, LPVOID, c_bool)(TE.HooksEnableRedirection) +HooksEnableRedirectionsForModule = WINFUNCTYPE(c_bool, HMODULE)(TE.HooksEnableRedirectionsForModule) +HooksEnableIATRedirection = WINFUNCTYPE(c_bool, c_char_p, c_char_p, c_bool)(TE.HooksEnableIATRedirection) +HooksScanModuleMemory = WINFUNCTYPE(None, HMODULE, LPVOID)(TE.HooksScanModuleMemory) +HooksScanEntireProcessMemory = WINFUNCTYPE(None, LPVOID)(TE.HooksScanEntireProcessMemory) +HooksScanEntireProcessMemoryEx = WINFUNCTYPE(None)(TE.HooksScanEntireProcessMemoryEx) -TE.HooksGetHookEntryDetails.restype = POINTER(HOOK_ENTRY) +# TitanEngine.Tracer.functions: +TracerInit = WINFUNCTYPE(None)(TE.TracerInit) +TracerLevel1 = WINFUNCTYPE(c_void_p, HANDLE, ULONG_PTR)(TE.TracerLevel1) +TracerLevel1.restype = ULONG_PTR +HashTracerLevel1 = WINFUNCTYPE(c_void_p, HANDLE, ULONG_PTR, DWORD)(TE.HashTracerLevel1) +HashTracerLevel1.restype = ULONG_PTR +TracerDetectRedirection = WINFUNCTYPE(c_long, HANDLE, ULONG_PTR)(TE.TracerDetectRedirection) +TracerFixKnownRedirection = WINFUNCTYPE(c_void_p, HANDLE, ULONG_PTR, DWORD)(TE.TracerFixKnownRedirection) +TracerFixKnownRedirection.restype = ULONG_PTR +TracerFixRedirectionViaImpRecPlugin = WINFUNCTYPE(c_long, HANDLE, c_char_p, ULONG_PTR)(TE.TracerFixRedirectionViaImpRecPlugin) -TE.ExtensionManagerGetPluginInfo.restype = POINTER(PluginInformation) \ No newline at end of file +# TitanEngine.Exporter.functions: +ExporterCleanup = WINFUNCTYPE(None)(TE.ExporterCleanup) +ExporterSetImageBase = WINFUNCTYPE(None, ULONG_PTR)(TE.ExporterSetImageBase) +ExporterInit = WINFUNCTYPE(None, DWORD, ULONG_PTR, DWORD, c_char_p)(TE.ExporterInit) +ExporterAddNewExport = WINFUNCTYPE(c_bool, c_char_p, DWORD)(TE.ExporterAddNewExport) +ExporterAddNewOrdinalExport = WINFUNCTYPE(c_bool, DWORD, DWORD)(TE.ExporterAddNewOrdinalExport) +ExporterGetAddedExportCount = WINFUNCTYPE(c_long)(TE.ExporterGetAddedExportCount) +ExporterEstimatedSize = WINFUNCTYPE(c_long)(TE.ExporterEstimatedSize) +ExporterBuildExportTable = WINFUNCTYPE(c_bool, ULONG_PTR, ULONG_PTR)(TE.ExporterBuildExportTable) +ExporterBuildExportTableEx = WINFUNCTYPE(c_bool, c_char_p, c_char_p)(TE.ExporterBuildExportTableEx) +ExporterBuildExportTableExW = WINFUNCTYPE(c_bool, c_wchar_p, c_char_p)(TE.ExporterBuildExportTableExW) +ExporterLoadExportTable = WINFUNCTYPE(c_bool, c_char_p)(TE.ExporterLoadExportTable) +ExporterLoadExportTableW = WINFUNCTYPE(c_bool, c_wchar_p)(TE.ExporterLoadExportTableW) + +# TitanEngine.Librarian.functions: +LibrarianSetBreakPoint = WINFUNCTYPE(c_bool, c_char_p, DWORD, c_bool, LPVOID)(TE.LibrarianSetBreakPoint) +LibrarianRemoveBreakPoint = WINFUNCTYPE(c_bool, c_char_p, DWORD)(TE.LibrarianRemoveBreakPoint) +LibrarianGetLibraryInfo = WINFUNCTYPE(c_void_p, c_char_p)(TE.LibrarianGetLibraryInfo) +LibrarianGetLibraryInfo.restype = POINTER(LIBRARY_ITEM_DATA) +LibrarianGetLibraryInfoW = WINFUNCTYPE(c_void_p, c_wchar_p)(TE.LibrarianGetLibraryInfoW) +LibrarianGetLibraryInfoW.restype = POINTER(LIBRARY_ITEM_DATAW) +LibrarianGetLibraryInfoEx = WINFUNCTYPE(c_void_p, c_void_p)(TE.LibrarianGetLibraryInfoEx) +LibrarianGetLibraryInfoEx.restype = POINTER(LIBRARY_ITEM_DATA) +LibrarianGetLibraryInfoExW = WINFUNCTYPE(c_void_p, c_void_p)(TE.LibrarianGetLibraryInfoExW) +LibrarianGetLibraryInfoExW.restype = POINTER(LIBRARY_ITEM_DATAW) +LibrarianEnumLibraryInfo = WINFUNCTYPE(None, c_void_p)(TE.LibrarianEnumLibraryInfo) +LibrarianEnumLibraryInfoW = WINFUNCTYPE(None, c_void_p)(TE.LibrarianEnumLibraryInfoW) + +# TitanEngine.Process.functions: +GetActiveProcessId = WINFUNCTYPE(c_long, c_char_p)(TE.GetActiveProcessId) +GetActiveProcessIdW = WINFUNCTYPE(c_long, c_wchar_p)(TE.GetActiveProcessIdW) +EnumProcessesWithLibrary = WINFUNCTYPE(None, c_char_p, c_void_p)(TE.EnumProcessesWithLibrary) +TitanOpenProcess = WINFUNCTYPE(HANDLE, DWORD, c_bool, DWORD)(TE.TitanOpenProcess) +TitanOpenThread = WINFUNCTYPE(HANDLE, DWORD, c_bool, DWORD)(TE.TitanOpenThread) + +# TitanEngine.TLSFixer.functions: +TLSBreakOnCallBack = WINFUNCTYPE(c_bool, LPVOID, DWORD, LPVOID)(TE.TLSBreakOnCallBack) +TLSGrabCallBackData = WINFUNCTYPE(c_bool, c_char_p, LPVOID, LPDWORD)(TE.TLSGrabCallBackData) +TLSGrabCallBackDataW = WINFUNCTYPE(c_bool, c_wchar_p, LPVOID, LPDWORD)(TE.TLSGrabCallBackDataW) +TLSBreakOnCallBackEx = WINFUNCTYPE(c_bool, c_char_p, LPVOID)(TE.TLSBreakOnCallBackEx) +TLSBreakOnCallBackExW = WINFUNCTYPE(c_bool, c_wchar_p, LPVOID)(TE.TLSBreakOnCallBackExW) +TLSRemoveCallback = WINFUNCTYPE(c_bool, c_char_p)(TE.TLSRemoveCallback) +TLSRemoveCallbackW = WINFUNCTYPE(c_bool, c_wchar_p)(TE.TLSRemoveCallbackW) +TLSRemoveTable = WINFUNCTYPE(c_bool, c_char_p)(TE.TLSRemoveTable) +TLSRemoveTableW = WINFUNCTYPE(c_bool, c_wchar_p)(TE.TLSRemoveTableW) +TLSBackupData = WINFUNCTYPE(c_bool, c_char_p)(TE.TLSBackupData) +TLSBackupDataW = WINFUNCTYPE(c_bool, c_wchar_p)(TE.TLSBackupDataW) +TLSRestoreData = WINFUNCTYPE(c_bool)(TE.TLSRestoreData) +TLSBuildNewTable = WINFUNCTYPE(c_bool, ULONG_PTR, ULONG_PTR, ULONG_PTR, LPVOID, DWORD)(TE.TLSBuildNewTable) +TLSBuildNewTableEx = WINFUNCTYPE(c_bool, c_char_p, c_char_p, LPVOID, DWORD)(TE.TLSBuildNewTableEx) +TLSBuildNewTableExW = WINFUNCTYPE(c_bool, c_wchar_p, c_char_p, LPVOID, DWORD)(TE.TLSBuildNewTableExW) + +# TitanEngine.TranslateName.functions: +TranslateNativeName = WINFUNCTYPE(c_void_p, c_char_p)(TE.TranslateNativeName) +TranslateNativeNameW = WINFUNCTYPE(c_void_p, c_wchar_p)(TE.TranslateNativeNameW) + +# TitanEngine.Handler.functions: +HandlerGetActiveHandleCount = WINFUNCTYPE(c_long, DWORD)(TE.HandlerGetActiveHandleCount) +HandlerIsHandleOpen = WINFUNCTYPE(c_bool, DWORD, HANDLE)(TE.HandlerIsHandleOpen) +HandlerGetHandleName = WINFUNCTYPE(c_void_p, HANDLE, DWORD, HANDLE, c_bool)(TE.HandlerGetHandleName) +HandlerGetHandleNameW = WINFUNCTYPE(c_void_p, HANDLE, DWORD, HANDLE, c_bool)(TE.HandlerGetHandleNameW) +HandlerEnumerateOpenHandles = WINFUNCTYPE(c_long, DWORD, LPVOID, DWORD)(TE.HandlerEnumerateOpenHandles) +HandlerGetHandleDetails = WINFUNCTYPE(c_void_p, HANDLE, DWORD, HANDLE, DWORD)(TE.HandlerGetHandleDetails) +HandlerGetHandleDetails.restype = ULONG_PTR +HandlerCloseRemoteHandle = WINFUNCTYPE(c_bool, HANDLE, HANDLE)(TE.HandlerCloseRemoteHandle) +HandlerEnumerateLockHandles = WINFUNCTYPE(c_long, c_char_p, c_bool, c_bool, LPVOID, DWORD)(TE.HandlerEnumerateLockHandles) +HandlerEnumerateLockHandlesW = WINFUNCTYPE(c_long, c_wchar_p, c_bool, c_bool, LPVOID, DWORD)(TE.HandlerEnumerateLockHandlesW) +HandlerCloseAllLockHandles = WINFUNCTYPE(c_bool, c_char_p, c_bool, c_bool)(TE.HandlerCloseAllLockHandles) +HandlerCloseAllLockHandlesW = WINFUNCTYPE(c_bool, c_wchar_p, c_bool, c_bool)(TE.HandlerCloseAllLockHandlesW) +HandlerIsFileLocked = WINFUNCTYPE(c_bool, c_char_p, c_bool, c_bool)(TE.HandlerIsFileLocked) +HandlerIsFileLockedW = WINFUNCTYPE(c_bool, c_wchar_p, c_bool, c_bool)(TE.HandlerIsFileLockedW) + +# TitanEngine.Handler[Mutex].functions: +HandlerEnumerateOpenMutexes = WINFUNCTYPE(c_long, HANDLE, DWORD, LPVOID, DWORD)(TE.HandlerEnumerateOpenMutexes) +HandlerGetOpenMutexHandle = WINFUNCTYPE(c_void_p, HANDLE, DWORD, c_char_p)(TE.HandlerGetOpenMutexHandle) +HandlerGetOpenMutexHandle.restype = ULONG_PTR +HandlerGetOpenMutexHandleW = WINFUNCTYPE(c_void_p, HANDLE, DWORD, c_wchar_p)(TE.HandlerGetOpenMutexHandleW) +HandlerGetOpenMutexHandleW.restype = ULONG_PTR +HandlerGetProcessIdWhichCreatedMutex = WINFUNCTYPE(c_long, c_char_p)(TE.HandlerGetProcessIdWhichCreatedMutex) +HandlerGetProcessIdWhichCreatedMutexW = WINFUNCTYPE(c_long, c_wchar_p)(TE.HandlerGetProcessIdWhichCreatedMutexW) + +# TitanEngine.Injector.functions: +RemoteLoadLibrary = WINFUNCTYPE(c_bool, HANDLE, c_char_p, c_bool)(TE.RemoteLoadLibrary) +RemoteLoadLibraryW = WINFUNCTYPE(c_bool, HANDLE, c_wchar_p, c_bool)(TE.RemoteLoadLibraryW) +RemoteFreeLibrary = WINFUNCTYPE(c_bool, HANDLE, HMODULE, c_char_p, c_bool)(TE.RemoteFreeLibrary) +RemoteFreeLibraryW = WINFUNCTYPE(c_bool, HANDLE, HMODULE, c_wchar_p, c_bool)(TE.RemoteFreeLibraryW) +RemoteExitProcess = WINFUNCTYPE(c_bool, HANDLE, DWORD)(TE.RemoteExitProcess) + +# TitanEngine.StaticUnpacker.functions: +StaticFileLoad = WINFUNCTYPE(c_bool, c_char_p, DWORD, c_bool, LPHANDLE, LPDWORD, LPHANDLE, PULONG_PTR)(TE.StaticFileLoad) +StaticFileLoadW = WINFUNCTYPE(c_bool, c_wchar_p, DWORD, c_bool, LPHANDLE, LPDWORD, LPHANDLE, PULONG_PTR)(TE.StaticFileLoadW) +StaticFileUnload = WINFUNCTYPE(c_bool, c_char_p, c_bool, HANDLE, DWORD, HANDLE, ULONG_PTR)(TE.StaticFileUnload) +StaticFileUnloadW = WINFUNCTYPE(c_bool, c_wchar_p, c_bool, HANDLE, DWORD, HANDLE, ULONG_PTR)(TE.StaticFileUnloadW) +StaticFileOpen = WINFUNCTYPE(c_bool, c_char_p, DWORD, LPHANDLE, LPDWORD, LPDWORD)(TE.StaticFileOpen) +StaticFileOpenW = WINFUNCTYPE(c_bool, c_wchar_p, DWORD, LPHANDLE, LPDWORD, LPDWORD)(TE.StaticFileOpenW) +StaticFileGetContent = WINFUNCTYPE(c_bool, HANDLE, DWORD, LPDWORD, c_void_p, DWORD)(TE.StaticFileGetContent) +StaticFileClose = WINFUNCTYPE(None, HANDLE)(TE.StaticFileClose) +StaticMemoryDecrypt = WINFUNCTYPE(None, LPVOID, DWORD, DWORD, DWORD, ULONG_PTR)(TE.StaticMemoryDecrypt) +StaticMemoryDecryptEx = WINFUNCTYPE(None, LPVOID, DWORD, DWORD, c_void_p)(TE.StaticMemoryDecryptEx) +StaticMemoryDecryptSpecial = WINFUNCTYPE(None, LPVOID, DWORD, DWORD, DWORD, c_void_p)(TE.StaticMemoryDecryptSpecial) +StaticSectionDecrypt = WINFUNCTYPE(None, ULONG_PTR, DWORD, c_bool, DWORD, DWORD, ULONG_PTR)(TE.StaticSectionDecrypt) +StaticMemoryDecompress = WINFUNCTYPE(c_bool, c_void_p, DWORD, c_void_p, DWORD, c_int)(TE.StaticMemoryDecompress) +StaticRawMemoryCopy = WINFUNCTYPE(c_bool, HANDLE, ULONG_PTR, ULONG_PTR, DWORD, c_bool, c_char_p)(TE.StaticRawMemoryCopy) +StaticRawMemoryCopyW = WINFUNCTYPE(c_bool, HANDLE, ULONG_PTR, ULONG_PTR, DWORD, c_bool, c_wchar_p)(TE.StaticRawMemoryCopyW) +StaticRawMemoryCopyEx = WINFUNCTYPE(c_bool, HANDLE, DWORD, DWORD, c_char_p)(TE.StaticRawMemoryCopyEx) +StaticRawMemoryCopyExW = WINFUNCTYPE(c_bool, HANDLE, DWORD, DWORD, c_wchar_p)(TE.StaticRawMemoryCopyExW) +StaticRawMemoryCopyEx64 = WINFUNCTYPE(c_bool, HANDLE, DWORD64, DWORD64, c_char_p)(TE.StaticRawMemoryCopyEx64) +StaticRawMemoryCopyEx64W = WINFUNCTYPE(c_bool, HANDLE, DWORD64, DWORD64, c_wchar_p)(TE.StaticRawMemoryCopyEx64W) +StaticHashMemory = WINFUNCTYPE(c_bool, c_void_p, DWORD, c_void_p, c_bool, c_int)(TE.StaticHashMemory) +StaticHashFileW = WINFUNCTYPE(c_bool, c_wchar_p, c_char_p, c_bool, c_int)(TE.StaticHashFileW) +StaticHashFile = WINFUNCTYPE(c_bool, c_char_p, c_char_p, c_bool, c_int)(TE.StaticHashFile) + +# TitanEngine.Engine.functions: +EngineUnpackerInitialize = WINFUNCTYPE(None, c_char_p, c_char_p, c_bool, c_bool, c_bool, c_void_p)(TE.EngineUnpackerInitialize) +EngineUnpackerInitializeW = WINFUNCTYPE(None, c_wchar_p, c_wchar_p, c_bool, c_bool, c_bool, c_void_p)(TE.EngineUnpackerInitializeW) +EngineUnpackerSetBreakCondition = WINFUNCTYPE(c_bool, c_void_p, DWORD, c_void_p, DWORD, DWORD, ULONG_PTR, c_bool, DWORD, DWORD)(TE.EngineUnpackerSetBreakCondition) +EngineUnpackerSetEntryPointAddress = WINFUNCTYPE(None, ULONG_PTR)(TE.EngineUnpackerSetEntryPointAddress) +EngineUnpackerFinalizeUnpacking = WINFUNCTYPE(None)(TE.EngineUnpackerFinalizeUnpacking) + +# TitanEngine.Engine.functions: +SetEngineVariable = WINFUNCTYPE(None, DWORD, c_bool)(TE.SetEngineVariable) +EngineCreateMissingDependencies = WINFUNCTYPE(c_bool, c_char_p, c_char_p, c_bool)(TE.EngineCreateMissingDependencies) +EngineCreateMissingDependenciesW = WINFUNCTYPE(c_bool, c_wchar_p, c_wchar_p, c_bool)(TE.EngineCreateMissingDependenciesW) +EngineFakeMissingDependencies = WINFUNCTYPE(c_bool, HANDLE)(TE.EngineFakeMissingDependencies) +EngineDeleteCreatedDependencies = WINFUNCTYPE(c_bool)(TE.EngineDeleteCreatedDependencies) +EngineCreateUnpackerWindow = WINFUNCTYPE(c_bool, c_char_p, c_char_p, c_char_p, c_char_p, c_void_p)(TE.EngineCreateUnpackerWindow) +EngineAddUnpackerWindowLogMessage = WINFUNCTYPE(None, c_char_p)(TE.EngineAddUnpackerWindowLogMessage) +EngineCheckStructAlignment = WINFUNCTYPE(c_bool, DWORD, ULONG_PTR)(TE.EngineCheckStructAlignment) + +# Global.Engine.Extension.Functions: +ExtensionManagerIsPluginLoaded = WINFUNCTYPE(c_bool, c_char_p)(TE.ExtensionManagerIsPluginLoaded) +ExtensionManagerIsPluginEnabled = WINFUNCTYPE(c_bool, c_char_p)(TE.ExtensionManagerIsPluginEnabled) +ExtensionManagerDisableAllPlugins = WINFUNCTYPE(c_bool)(TE.ExtensionManagerDisableAllPlugins) +ExtensionManagerDisablePlugin = WINFUNCTYPE(c_bool, c_char_p)(TE.ExtensionManagerDisablePlugin) +ExtensionManagerEnableAllPlugins = WINFUNCTYPE(c_bool)(TE.ExtensionManagerEnableAllPlugins) +ExtensionManagerEnablePlugin = WINFUNCTYPE(c_bool, c_char_p)(TE.ExtensionManagerEnablePlugin) +ExtensionManagerUnloadAllPlugins = WINFUNCTYPE(c_bool)(TE.ExtensionManagerUnloadAllPlugins) +ExtensionManagerUnloadPlugin = WINFUNCTYPE(c_bool, c_char_p)(TE.ExtensionManagerUnloadPlugin) +ExtensionManagerGetPluginInfo = WINFUNCTYPE(c_void_p, c_char_p)(TE.ExtensionManagerGetPluginInfo) +ExtensionManagerGetPluginInfo.restype = POINTER(PluginInformation)