diff --git a/SDK/C/TitanEngine.h b/SDK/C/TitanEngine.h index 217c653..319c809 100644 --- a/SDK/C/TitanEngine.h +++ b/SDK/C/TitanEngine.h @@ -123,6 +123,7 @@ #define UE_CH_ALLEVENTS 22 #define UE_CH_SYSTEMBREAKPOINT 23 #define UE_CH_UNHANDLEDEXCEPTION 24 +#define UE_CH_RIPEVENT 25 #define UE_OPTION_HANDLER_RETURN_HANDLECOUNT 1 #define UE_OPTION_HANDLER_RETURN_ACCESS 2 diff --git a/SDK/CPP/TitanEngine.h b/SDK/CPP/TitanEngine.h index 3fd14f9..5098e5c 100644 --- a/SDK/CPP/TitanEngine.h +++ b/SDK/CPP/TitanEngine.h @@ -123,6 +123,7 @@ const BYTE UE_CH_AFTEREXCEPTIONPROCESSING = 21; const BYTE UE_CH_ALLEVENTS = 22; const BYTE UE_CH_SYSTEMBREAKPOINT = 23; const BYTE UE_CH_UNHANDLEDEXCEPTION = 24; +const BYTE UE_CH_RIPEVENT = 25; const BYTE UE_OPTION_HANDLER_RETURN_HANDLECOUNT = 1; const BYTE UE_OPTION_HANDLER_RETURN_ACCESS = 2; diff --git a/SDK/CPP/TitanEngine.hpp b/SDK/CPP/TitanEngine.hpp index ac99ede..633e339 100644 --- a/SDK/CPP/TitanEngine.hpp +++ b/SDK/CPP/TitanEngine.hpp @@ -169,7 +169,8 @@ enum eCustomException : DWORD UE_CH_AFTEREXCEPTIONPROCESSING = UE::UE_CH_AFTEREXCEPTIONPROCESSING, UE_CH_ALLEVENTS = UE::UE_CH_ALLEVENTS, UE_CH_SYSTEMBREAKPOINT = UE::UE_CH_SYSTEMBREAKPOINT, - UE_CH_UNHANDLEDEXCEPTION = UE::UE_CH_UNHANDLEDEXCEPTION + UE_CH_UNHANDLEDEXCEPTION = UE::UE_CH_UNHANDLEDEXCEPTION, + UE_CH_RIPEVENT = UE::UE_CH_RIPEVENT }; enum eHandlerReturnType : DWORD diff --git a/SDK/Delphi/TitanEngine.pas b/SDK/Delphi/TitanEngine.pas index 83560e3..88ae867 100644 --- a/SDK/Delphi/TitanEngine.pas +++ b/SDK/Delphi/TitanEngine.pas @@ -258,10 +258,11 @@ const UE_CH_LOADDLL = 18; UE_CH_UNLOADDLL = 19; UE_CH_OUTPUTDEBUGSTRING = 20; - UE_CH_AFTEREXCEPTIONPROCESSING = 21; - UE_CH_ALLEVENTS = 22; - UE_CH_SYSTEMBREAKPOINT = 23; - UE_CH_UNHANDLEDEXCEPTION = 24; + UE_CH_AFTEREXCEPTIONPROCESSING = 21; + UE_CH_ALLEVENTS = 22; + UE_CH_SYSTEMBREAKPOINT = 23; + UE_CH_UNHANDLEDEXCEPTION = 24; + UE_CH_RIPEVENT = 25 UE_FUNCTION_STDCALL = 1; UE_FUNCTION_CCALL = 2; diff --git a/SDK/LUA/TitanEngine.lua b/SDK/LUA/TitanEngine.lua index ec36794..f11af86 100644 --- a/SDK/LUA/TitanEngine.lua +++ b/SDK/LUA/TitanEngine.lua @@ -118,6 +118,7 @@ UE_CH_AFTEREXCEPTIONPROCESSING = 21 UE_CH_ALLEVENTS = 22 UE_CH_SYSTEMBREAKPOINT = 23 UE_CH_UNHANDLEDEXCEPTION = 24 +UE_CH_RIPEVENT = 25 UE_OPTION_HANDLER_RETURN_HANDLECOUNT = 1 UE_OPTION_HANDLER_RETURN_ACCESS = 2 diff --git a/SDK/MASM/TitanEngine.INC b/SDK/MASM/TitanEngine.INC index 9a1859c..1eccc4e 100644 --- a/SDK/MASM/TitanEngine.INC +++ b/SDK/MASM/TitanEngine.INC @@ -96,6 +96,7 @@ UE_CH_AFTEREXCEPTIONPROCESSING EQU 21 UE_CH_ALLEVENTS EQU 22 UE_CH_SYSTEMBREAKPOINT EQU 23 UE_CH_UNHANDLEDEXCEPTION EQU 24 +UE_CH_RIPEVENT EQU 25 UE_OPTION_HANDLER_RETURN_HANDLECOUNT EQU 1 UE_OPTION_HANDLER_RETURN_ACCESS EQU 2 diff --git a/SDK/Python/TitanEngine.py b/SDK/Python/TitanEngine.py index 79b0ef1..b028592 100644 --- a/SDK/Python/TitanEngine.py +++ b/SDK/Python/TitanEngine.py @@ -109,6 +109,7 @@ UE_CH_AFTEREXCEPTIONPROCESSING = 21 UE_CH_ALLEVENTS = 22 UE_CH_SYSTEMBREAKPOINT = 23 UE_CH_UNHANDLEDEXCEPTION = 24 +UE_CH_RIPEVENT = 25 UE_OPTION_HANDLER_RETURN_HANDLECOUNT = 1 UE_OPTION_HANDLER_RETURN_ACCESS = 2 diff --git a/TitanEngine/TitanEngine.cpp b/TitanEngine/TitanEngine.cpp index 3e2fc0f..b479b20 100644 --- a/TitanEngine/TitanEngine.cpp +++ b/TitanEngine/TitanEngine.cpp @@ -15551,6 +15551,10 @@ __declspec(dllexport) void TITCALL SetCustomHandler(DWORD ExceptionId, LPVOID Ca { DBGCustomHandler->chUnhandledException = (ULONG_PTR)CallBack; } + else if(ExceptionId == UE_CH_RIPEVENT) + { + DBGCustomHandler->chRipEvent = (ULONG_PTR)CallBack; + } else if(ExceptionId == UE_CH_ALLEVENTS) { DBGCustomHandler->chEverythingElse = (ULONG_PTR)CallBack; @@ -15562,6 +15566,7 @@ __declspec(dllexport) void TITCALL SetCustomHandler(DWORD ExceptionId, LPVOID Ca DBGCustomHandler->chUnloadDll = (ULONG_PTR)CallBack; DBGCustomHandler->chOutputDebugString = (ULONG_PTR)CallBack; DBGCustomHandler->chSystemBreakpoint = (ULONG_PTR)CallBack; + DBGCustomHandler->chRipEvent = (ULONG_PTR)CallBack; } } __declspec(dllexport) void TITCALL ForceClose() @@ -16761,8 +16766,7 @@ __declspec(dllexport) void TITCALL DebugLoop() case EXCEPTION_DEBUG_EVENT: { DBGCode = DBG_EXCEPTION_NOT_HANDLED; //let the debuggee handle exceptions per default - printf("Exception: 0x%X\n", DBGEvent.u.Exception.ExceptionRecord.ExceptionCode); - //NOTE: useless callback? + if(DBGCustomHandler->chEverythingElse != NULL) { myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chEverythingElse); @@ -16790,7 +16794,6 @@ __declspec(dllexport) void TITCALL DebugLoop() } //handle different exception codes - switch(DBGEvent.u.Exception.ExceptionRecord.ExceptionCode) { case STATUS_BREAKPOINT: @@ -17944,7 +17947,19 @@ __declspec(dllexport) void TITCALL DebugLoop() case RIP_EVENT: { DBGCode = DBG_EXCEPTION_NOT_HANDLED; //fix an anti-debug trick - //TODO: RIP event + //system breakpoint callback + if(DBGCustomHandler->chRipEvent != NULL) + { + myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chRipEvent); + __try + { + myCustomHandler(&DBGEvent); + } + __except(EXCEPTION_EXECUTE_HANDLER) + { + DBGCustomHandler->chSystemBreakpoint = NULL; + } + } } break; } diff --git a/TitanEngine/stdafx.h b/TitanEngine/stdafx.h index e349ca5..20ad66e 100644 --- a/TitanEngine/stdafx.h +++ b/TitanEngine/stdafx.h @@ -198,6 +198,7 @@ typedef struct ULONG_PTR chAfterException; ULONG_PTR chSystemBreakpoint; ULONG_PTR chUnhandledException; + ULONG_PTR chRipEvent; } CustomHandler, *PCustomHandler; typedef struct @@ -428,6 +429,7 @@ typedef struct HOOK_ENTRY #define UE_CH_ALLEVENTS 22 #define UE_CH_SYSTEMBREAKPOINT 23 #define UE_CH_UNHANDLEDEXCEPTION 24 +#define UE_CH_RIPEVENT 25 #define UE_OPTION_HANDLER_RETURN_HANDLECOUNT 1 #define UE_OPTION_HANDLER_RETURN_ACCESS 2