fixed EnumAddedData to work with scylla

2014-01-19 23:41:07 +01:00 · 2014-01-19 23:41:07 +01:00 · 29d9d8ec5f
parent 22cc4da708
commit 29d9d8ec5f
8 changed files with 2233 additions and 2310 deletions
--- a/SDK/CPP/TitanEngine.hpp
+++ b/SDK/CPP/TitanEngine.hpp
--- a/TitanEngine/3rdparty-definitions.h
+++ b/TitanEngine/3rdparty-definitions.h
@ -18,6 +18,7 @@ int scylla_fixDump(WCHAR* dumpFile, WCHAR* iatFixFile, WCHAR* sectionName = L".s
 int scylla_fixMappedDump(DWORD_PTR iatVA, DWORD_PTR FileMapVA, HANDLE hFileMap);
 int scylla_getModuleCount();
 int scylla_getImportCount();
 void scylla_enumImportTree(LPVOID enumCallBack);
 #ifdef __cplusplus
 }
 #endif /*__cplusplus*/
--- a/TitanEngine/TitanEngine.cpp
+++ b/TitanEngine/TitanEngine.cpp
@ -19472,86 +19472,7 @@ __declspec(dllexport) void TITCALL ImporterAutoSearchIATEx(DWORD ProcessId, ULON
 }
 __declspec(dllexport) void TITCALL ImporterEnumAddedData(LPVOID EnumCallBack)
 {
-    //TODO scylla enable
+    return scylla_enumImportTree(EnumCallBack);
    return;
    /*
    int i = 0;
    int j = 0;
    int x = 0;
    bool OrdinalImport;
    DWORD DLLNumber = NULL;
    DWORD NumberOfAPIs = NULL;
    LPVOID NameReadPlace = NULL;
    ULONG_PTR CurrentAPILocation = NULL;
    DWORD APINameRelativeOffset = NULL;
    typedef void(TITCALL *fEnumCallBack)(LPVOID fImportDetail);
    fEnumCallBack myEnumCallBack = (fEnumCallBack)EnumCallBack;
    ImportEnumData myImportEnumData;
    char szOrdinalAPIName[MAX_PATH];
    if(EnumCallBack != NULL && ImporterGetAddedDllCount() > NULL)
    {
        DLLNumber = impDLLNumber + 1;
        while(DLLNumber > NULL)
        {
    #if !defined(_WIN64)
            NameReadPlace = (LPVOID)(impDLLDataList[i][0] + 12);
    #else
            NameReadPlace = (LPVOID)(impDLLDataList[i][0] + 20);
    #endif
            RtlMoveMemory(&CurrentAPILocation, (LPVOID)(impDLLDataList[i][0]), sizeof ULONG_PTR);
            RtlMoveMemory(&NumberOfAPIs, (LPVOID)(impDLLDataList[i][0] + 2 * sizeof ULONG_PTR), 4);
            RtlZeroMemory(&myImportEnumData, sizeof ImportEnumData);
            myImportEnumData.NumberOfImports = (int)(NumberOfAPIs - 1);
            myImportEnumData.BaseImportThunk = CurrentAPILocation;
            myImportEnumData.ImageBase = impImageBase;
            myImportEnumData.NewDll = true;
            while(NumberOfAPIs > 1)
            {
                RtlMoveMemory(&APINameRelativeOffset, NameReadPlace, 4);
                myImportEnumData.ImportThunk = CurrentAPILocation;
                OrdinalImport = false;
                for(j = 0; j < 1000; j++)
                {
                    if(impOrdinalList[j][0] == CurrentAPILocation)
                    {
                        OrdinalImport = true;
                        x = j;
                        j = 1000;
                    }
                    else if(impOrdinalList[j][0] == NULL)
                    {
                        j = 1000;
                    }
                }
                if(OrdinalImport)
                {
                    wsprintfA(szOrdinalAPIName, "%08X", impOrdinalList[x][1] & IMAGE_ORDINAL_FLAG);
                    myImportEnumData.APIName = (char*)(szOrdinalAPIName);
                }
                else
                {
                    myImportEnumData.APIName = (char*)((ULONG_PTR)impDLLStringList[i][0] + APINameRelativeOffset + 2);
                }
                myImportEnumData.DLLName = (char*)((ULONG_PTR)impDLLStringList[i][0]);
                __try
                {
                    myEnumCallBack(&myImportEnumData);
                }
                __except(EXCEPTION_EXECUTE_HANDLER)
                {
                    NumberOfAPIs = 2;
                }
                myImportEnumData.NewDll = false;
                CurrentAPILocation = CurrentAPILocation + sizeof ULONG_PTR;
                NameReadPlace = (LPVOID)((ULONG_PTR)NameReadPlace + sizeof ULONG_PTR);
                NumberOfAPIs--;
            }
            DLLNumber--;
            i++;
        }
    }
    */
 }
 __declspec(dllexport) long TITCALL ImporterAutoFixIATEx(DWORD ProcessId, char* szDumpedFile, char* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, bool TryAutoFix, bool FixEliminations, LPVOID UnknownPointerFixCallback)
 {
--- a/TitanEngine/scylla_wrapper_x64.lib
+++ b/TitanEngine/scylla_wrapper_x64.lib
--- a/TitanEngine/scylla_wrapper_x86.lib
+++ b/TitanEngine/scylla_wrapper_x86.lib
--- a/TitanEngine/scylla_wrapperd_x64.lib
+++ b/TitanEngine/scylla_wrapperd_x64.lib
--- a/TitanEngine/scylla_wrapperd_x86.lib
+++ b/TitanEngine/scylla_wrapperd_x86.lib
--- a/scylla_integration.txt
+++ b/scylla_integration.txt
@ -17,7 +17,6 @@ AddNewDLL
 AddNewAPI
 AddNewOrdinal
 GetLastAddedDLLName
 EnumAddedData   //useful for investigating complete iat moduleList
 EstimatedSize   
 GetDLLIndexEx 
 GetDLLIndex