fixed EnumAddedData to work with scylla

SDK/CPP/TitanEngine.hpp

@@ -4,7 +4,7 @@
 #define TITCALL
 
 #if _MSC_VER > 1000
-    #pragma once
+#pragma once
 #endif
 
 namespace TE
@@ -14,11 +14,11 @@ namespace TE
 
 namespace UE
 {
-	#ifdef TITANENGINE
+#ifdef TITANENGINE
-		#undef TITANENGINE
+#undef TITANENGINE
-	#endif
+#endif
 
-	#include "TitanEngine.h"
+#include "TitanEngine.h"
 }
 
 // ----
@@ -691,11 +691,11 @@ public:
     using DumperW::ResizeLastSection;
     using DumperA::SetSharedOverlay;
     using DumperW::SetSharedOverlay;
-	#ifndef UNICODE
+#ifndef UNICODE
     using DumperA::GetSharedOverlay;
-	#else
+#else
     using DumperW::GetSharedOverlay;
-	#endif
+#endif
     using DumperA::DeleteLastSection;
     using DumperW::DeleteLastSection;
     using DumperA::DeleteLastSectionEx;
@@ -1248,11 +1248,11 @@ protected:
     {
         return UE::RemoveMemoryBPX(MemoryStart, SizeOfMemory);
     }
-	#ifdef _WIN64
+#ifdef _WIN64
     static bool GetContextFPUDataEx(HANDLE hActiveThread, XMM_SAVE_AREA32* FPUSaveArea)
-	#else
+#else
     static bool GetContextFPUDataEx(HANDLE hActiveThread, FLOATING_SAVE_AREA* FPUSaveArea)
-	#endif
+#endif
     {
         return UE::GetContextFPUDataEx(hActiveThread, FPUSaveArea);
     }
@@ -1264,11 +1264,11 @@ protected:
     {
         return UE::GetContextData(IndexOfRegister);
     }
-	#ifdef _WIN64
+#ifdef _WIN64
     static bool SetContextFPUDataEx(HANDLE hActiveThread, const XMM_SAVE_AREA32* FPUSaveArea)
-	#else
+#else
     static bool SetContextFPUDataEx(HANDLE hActiveThread, const FLOATING_SAVE_AREA* FPUSaveArea)
-	#endif
+#endif
     {
         return UE::SetContextFPUDataEx(hActiveThread, (void*)FPUSaveArea);
     }
@@ -1638,11 +1638,13 @@ class ImporterX
     friend class ImporterA;
     friend class ImporterW;
 
-protected:
+public:
 
     typedef UE::ImportEnumData ImportEnumData;
 
-	typedef void (TITCALL *fImportEnumCallBack)(const ImportEnumData* ptrImportEnumData);
+protected:
+
+    typedef void (TITCALL *fImportEnumCallBack)(void* ptrImportEnumData);
     typedef void* (TITCALL *fImportFixCallback)(void* fIATPointer);
 
     static void Cleanup()
@@ -1883,7 +1885,7 @@ public:
     }
 };
 
-class Importer : ImporterX, ImporterA, ImporterW
+class Importer : public ImporterX, ImporterA, ImporterW
 {
 public:
 
@@ -2014,28 +2016,28 @@ class Librarian : LibrarianX, LibrarianA, LibrarianW
 {
 public:
 
-	#ifndef UNICODE
+#ifndef UNICODE
     typedef LibrarianA::LIBRARY_ITEM_DATA LIBRARY_ITEM_DATA;
-	#else
+#else
     typedef LibrarianW::LIBRARY_ITEM_DATA LIBRARY_ITEM_DATA;
-	#endif
+#endif
 
     using LibrarianX::fLibraryBreakPointCallback;
-	#ifndef UNICODE
+#ifndef UNICODE
     typedef LibrarianA::fLibraryEnumCallback fLibraryEnumCallback;
-	#else
+#else
     typedef LibrarianW::fLibraryEnumCallback fLibraryEnumCallback;
-	#endif
+#endif
 
     using LibrarianX::SetBreakPoint;
     using LibrarianX::RemoveBreakPoint;
     using LibrarianA::GetLibraryInfo;
     using LibrarianW::GetLibraryInfo;
-	#ifndef UNICODE
+#ifndef UNICODE
     using LibrarianA::GetLibraryInfoEx;
-	#else
+#else
     using LibrarianW::GetLibraryInfoEx;
-	#endif
+#endif
     using LibrarianA::EnumLibraryInfo;
     using LibrarianW::EnumLibraryInfo;
 };
@@ -2528,11 +2530,11 @@ public:
 
     using HandlerX::GetActiveHandleCount;
     using HandlerX::IsHandleOpen;
-	#ifndef UNICODE
+#ifndef UNICODE
     using HandlerA::GetHandleName;
-	#else
+#else
     using HandlerW::GetHandleName;
-	#endif
+#endif
     using HandlerX::EnumerateOpenHandles;
     using HandlerX::GetHandleDetails;
     using HandlerX::CloseRemoteHandle;

TitanEngine/3rdparty-definitions.h

@@ -18,6 +18,7 @@ int scylla_fixDump(WCHAR* dumpFile, WCHAR* iatFixFile, WCHAR* sectionName = L".s
 int scylla_fixMappedDump(DWORD_PTR iatVA, DWORD_PTR FileMapVA, HANDLE hFileMap);
 int scylla_getModuleCount();
 int scylla_getImportCount();
+void scylla_enumImportTree(LPVOID enumCallBack);
 #ifdef __cplusplus
 }
 #endif /*__cplusplus*/

TitanEngine/TitanEngine.cpp

@@ -19472,86 +19472,7 @@ __declspec(dllexport) void TITCALL ImporterAutoSearchIATEx(DWORD ProcessId, ULON
 }
 __declspec(dllexport) void TITCALL ImporterEnumAddedData(LPVOID EnumCallBack)
 {
-    //TODO scylla enable
+    return scylla_enumImportTree(EnumCallBack);
-    return;
-    /*
-    int i = 0;
-    int j = 0;
-    int x = 0;
-    bool OrdinalImport;
-    DWORD DLLNumber = NULL;
-    DWORD NumberOfAPIs = NULL;
-    LPVOID NameReadPlace = NULL;
-    ULONG_PTR CurrentAPILocation = NULL;
-    DWORD APINameRelativeOffset = NULL;
-    typedef void(TITCALL *fEnumCallBack)(LPVOID fImportDetail);
-    fEnumCallBack myEnumCallBack = (fEnumCallBack)EnumCallBack;
-    ImportEnumData myImportEnumData;
-    char szOrdinalAPIName[MAX_PATH];
-
-    if(EnumCallBack != NULL && ImporterGetAddedDllCount() > NULL)
-    {
-        DLLNumber = impDLLNumber + 1;
-        while(DLLNumber > NULL)
-        {
-    #if !defined(_WIN64)
-            NameReadPlace = (LPVOID)(impDLLDataList[i][0] + 12);
-    #else
-            NameReadPlace = (LPVOID)(impDLLDataList[i][0] + 20);
-    #endif
-            RtlMoveMemory(&CurrentAPILocation, (LPVOID)(impDLLDataList[i][0]), sizeof ULONG_PTR);
-            RtlMoveMemory(&NumberOfAPIs, (LPVOID)(impDLLDataList[i][0] + 2 * sizeof ULONG_PTR), 4);
-            RtlZeroMemory(&myImportEnumData, sizeof ImportEnumData);
-            myImportEnumData.NumberOfImports = (int)(NumberOfAPIs - 1);
-            myImportEnumData.BaseImportThunk = CurrentAPILocation;
-            myImportEnumData.ImageBase = impImageBase;
-            myImportEnumData.NewDll = true;
-            while(NumberOfAPIs > 1)
-            {
-                RtlMoveMemory(&APINameRelativeOffset, NameReadPlace, 4);
-                myImportEnumData.ImportThunk = CurrentAPILocation;
-                OrdinalImport = false;
-                for(j = 0; j < 1000; j++)
-                {
-                    if(impOrdinalList[j][0] == CurrentAPILocation)
-                    {
-                        OrdinalImport = true;
-                        x = j;
-                        j = 1000;
-                    }
-                    else if(impOrdinalList[j][0] == NULL)
-                    {
-                        j = 1000;
-                    }
-                }
-                if(OrdinalImport)
-                {
-                    wsprintfA(szOrdinalAPIName, "%08X", impOrdinalList[x][1] & IMAGE_ORDINAL_FLAG);
-                    myImportEnumData.APIName = (char*)(szOrdinalAPIName);
-                }
-                else
-                {
-                    myImportEnumData.APIName = (char*)((ULONG_PTR)impDLLStringList[i][0] + APINameRelativeOffset + 2);
-                }
-                myImportEnumData.DLLName = (char*)((ULONG_PTR)impDLLStringList[i][0]);
-                __try
-                {
-                    myEnumCallBack(&myImportEnumData);
-                }
-                __except(EXCEPTION_EXECUTE_HANDLER)
-                {
-                    NumberOfAPIs = 2;
-                }
-                myImportEnumData.NewDll = false;
-                CurrentAPILocation = CurrentAPILocation + sizeof ULONG_PTR;
-                NameReadPlace = (LPVOID)((ULONG_PTR)NameReadPlace + sizeof ULONG_PTR);
-                NumberOfAPIs--;
-            }
-            DLLNumber--;
-            i++;
-        }
-    }
-    */
 }
 __declspec(dllexport) long TITCALL ImporterAutoFixIATEx(DWORD ProcessId, char* szDumpedFile, char* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, bool TryAutoFix, bool FixEliminations, LPVOID UnknownPointerFixCallback)
 {

scylla_integration.txt

@@ -17,7 +17,6 @@ AddNewDLL
 AddNewAPI
 AddNewOrdinal
 GetLastAddedDLLName
-EnumAddedData   //useful for investigating complete iat moduleList
 EstimatedSize   
 GetDLLIndexEx 
 GetDLLIndex