fixed EnumAddedData to work with scylla

2014-01-19 23:41:07 +01:00 · 2014-01-19 23:41:07 +01:00 · 29d9d8ec5f
parent 22cc4da708
commit 29d9d8ec5f
8 changed files with 2233 additions and 2310 deletions
--- a/SDK/CPP/TitanEngine.hpp
+++ b/SDK/CPP/TitanEngine.hpp
@ -1638,11 +1638,13 @@ class ImporterX
    friend class ImporterA;
    friend class ImporterW;

-protected:
+public:

    typedef UE::ImportEnumData ImportEnumData;

-	typedef void (TITCALL *fImportEnumCallBack)(const ImportEnumData* ptrImportEnumData);
+protected:
+
+    typedef void (TITCALL *fImportEnumCallBack)(void* ptrImportEnumData);
    typedef void* (TITCALL *fImportFixCallback)(void* fIATPointer);

    static void Cleanup()
@ -1883,7 +1885,7 @@ public:
    }
 };

-class Importer : ImporterX, ImporterA, ImporterW
+class Importer : public ImporterX, ImporterA, ImporterW
 {
 public:

--- a/TitanEngine/3rdparty-definitions.h
+++ b/TitanEngine/3rdparty-definitions.h
@ -18,6 +18,7 @@ int scylla_fixDump(WCHAR* dumpFile, WCHAR* iatFixFile, WCHAR* sectionName = L".s
 int scylla_fixMappedDump(DWORD_PTR iatVA, DWORD_PTR FileMapVA, HANDLE hFileMap);
 int scylla_getModuleCount();
 int scylla_getImportCount();
+void scylla_enumImportTree(LPVOID enumCallBack);
 #ifdef __cplusplus
 }
 #endif /*__cplusplus*/
--- a/TitanEngine/TitanEngine.cpp
+++ b/TitanEngine/TitanEngine.cpp
@ -19472,86 +19472,7 @@ __declspec(dllexport) void TITCALL ImporterAutoSearchIATEx(DWORD ProcessId, ULON
 }
 __declspec(dllexport) void TITCALL ImporterEnumAddedData(LPVOID EnumCallBack)
 {
-    //TODO scylla enable
-    return;
-    /*
-    int i = 0;
-    int j = 0;
-    int x = 0;
-    bool OrdinalImport;
-    DWORD DLLNumber = NULL;
-    DWORD NumberOfAPIs = NULL;
-    LPVOID NameReadPlace = NULL;
-    ULONG_PTR CurrentAPILocation = NULL;
-    DWORD APINameRelativeOffset = NULL;
-    typedef void(TITCALL *fEnumCallBack)(LPVOID fImportDetail);
-    fEnumCallBack myEnumCallBack = (fEnumCallBack)EnumCallBack;
-    ImportEnumData myImportEnumData;
-    char szOrdinalAPIName[MAX_PATH];
-
-    if(EnumCallBack != NULL && ImporterGetAddedDllCount() > NULL)
-    {
-        DLLNumber = impDLLNumber + 1;
-        while(DLLNumber > NULL)
-        {
-    #if !defined(_WIN64)
-            NameReadPlace = (LPVOID)(impDLLDataList[i][0] + 12);
-    #else
-            NameReadPlace = (LPVOID)(impDLLDataList[i][0] + 20);
-    #endif
-            RtlMoveMemory(&CurrentAPILocation, (LPVOID)(impDLLDataList[i][0]), sizeof ULONG_PTR);
-            RtlMoveMemory(&NumberOfAPIs, (LPVOID)(impDLLDataList[i][0] + 2 * sizeof ULONG_PTR), 4);
-            RtlZeroMemory(&myImportEnumData, sizeof ImportEnumData);
-            myImportEnumData.NumberOfImports = (int)(NumberOfAPIs - 1);
-            myImportEnumData.BaseImportThunk = CurrentAPILocation;
-            myImportEnumData.ImageBase = impImageBase;
-            myImportEnumData.NewDll = true;
-            while(NumberOfAPIs > 1)
-            {
-                RtlMoveMemory(&APINameRelativeOffset, NameReadPlace, 4);
-                myImportEnumData.ImportThunk = CurrentAPILocation;
-                OrdinalImport = false;
-                for(j = 0; j < 1000; j++)
-                {
-                    if(impOrdinalList[j][0] == CurrentAPILocation)
-                    {
-                        OrdinalImport = true;
-                        x = j;
-                        j = 1000;
-                    }
-                    else if(impOrdinalList[j][0] == NULL)
-                    {
-                        j = 1000;
-                    }
-                }
-                if(OrdinalImport)
-                {
-                    wsprintfA(szOrdinalAPIName, "%08X", impOrdinalList[x][1] & IMAGE_ORDINAL_FLAG);
-                    myImportEnumData.APIName = (char*)(szOrdinalAPIName);
-                }
-                else
-                {
-                    myImportEnumData.APIName = (char*)((ULONG_PTR)impDLLStringList[i][0] + APINameRelativeOffset + 2);
-                }
-                myImportEnumData.DLLName = (char*)((ULONG_PTR)impDLLStringList[i][0]);
-                __try
-                {
-                    myEnumCallBack(&myImportEnumData);
-                }
-                __except(EXCEPTION_EXECUTE_HANDLER)
-                {
-                    NumberOfAPIs = 2;
-                }
-                myImportEnumData.NewDll = false;
-                CurrentAPILocation = CurrentAPILocation + sizeof ULONG_PTR;
-                NameReadPlace = (LPVOID)((ULONG_PTR)NameReadPlace + sizeof ULONG_PTR);
-                NumberOfAPIs--;
-            }
-            DLLNumber--;
-            i++;
-        }
-    }
-    */
+    return scylla_enumImportTree(EnumCallBack);
 }
 __declspec(dllexport) long TITCALL ImporterAutoFixIATEx(DWORD ProcessId, char* szDumpedFile, char* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, bool TryAutoFix, bool FixEliminations, LPVOID UnknownPointerFixCallback)
 {
--- a/TitanEngine/scylla_wrapper_x64.lib
+++ b/TitanEngine/scylla_wrapper_x64.lib
--- a/TitanEngine/scylla_wrapper_x86.lib
+++ b/TitanEngine/scylla_wrapper_x86.lib
--- a/TitanEngine/scylla_wrapperd_x64.lib
+++ b/TitanEngine/scylla_wrapperd_x64.lib
--- a/TitanEngine/scylla_wrapperd_x86.lib
+++ b/TitanEngine/scylla_wrapperd_x86.lib
--- a/scylla_integration.txt
+++ b/scylla_integration.txt
@ -17,7 +17,6 @@ AddNewDLL
 AddNewAPI
 AddNewOrdinal
 GetLastAddedDLLName
-EnumAddedData   //useful for investigating complete iat moduleList
 EstimatedSize   
 GetDLLIndexEx 
 GetDLLIndex