diff --git a/SDK/C/TitanEngine.h b/SDK/C/TitanEngine.h index 326f318..9c65784 100644 --- a/SDK/C/TitanEngine.h +++ b/SDK/C/TitanEngine.h @@ -755,7 +755,7 @@ __declspec(dllexport) void TITCALL ImporterMoveIAT(); __declspec(dllexport) bool TITCALL ImporterExportIAT(ULONG_PTR StorePlace, ULONG_PTR FileMapVA); __declspec(dllexport) long TITCALL ImporterEstimatedSize(); __declspec(dllexport) bool TITCALL ImporterExportIATEx(char* szDumpFileName, char* szExportFileName, char* szSectionName); -__declspec(dllexport) bool TITCALL ImporterExportIATExW(wchar_t* szDumpFileName, wchar_t* szExportFileName, char* szSectionName); +__declspec(dllexport) bool TITCALL ImporterExportIATExW(wchar_t* szDumpFileName, wchar_t* szExportFileName, wchar_t* szSectionName = L".RL!TEv2"); __declspec(dllexport) long long TITCALL ImporterFindAPIWriteLocation(char* szAPIName); __declspec(dllexport) long long TITCALL ImporterFindOrdinalAPIWriteLocation(ULONG_PTR OrdinalNumber); __declspec(dllexport) long long TITCALL ImporterFindAPIByWriteLocation(ULONG_PTR APIWriteLocation); @@ -793,7 +793,7 @@ __declspec(dllexport) void TITCALL ImporterAutoSearchIATW(DWORD ProcessIds, wcha __declspec(dllexport) void TITCALL ImporterAutoSearchIATEx(DWORD ProcessId, ULONG_PTR ImageBase, ULONG_PTR SearchStart, LPVOID pIATStart, LPVOID pIATSize); __declspec(dllexport) void TITCALL ImporterEnumAddedData(LPVOID EnumCallBack); __declspec(dllexport) long TITCALL ImporterAutoFixIATEx(DWORD ProcessId, char* szDumpedFile, char* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, bool TryAutoFix, bool FixEliminations, LPVOID UnknownPointerFixCallback); -__declspec(dllexport) long TITCALL ImporterAutoFixIATExW(DWORD ProcessId, wchar_t* szDumpedFile, char* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, bool TryAutoFix, bool FixEliminations, LPVOID UnknownPointerFixCallback); +__declspec(dllexport) long TITCALL ImporterAutoFixIATExW(DWORD ProcessId, wchar_t* szDumpedFile, wchar_t* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, bool TryAutoFix, bool FixEliminations, LPVOID UnknownPointerFixCallback); __declspec(dllexport) long TITCALL ImporterAutoFixIAT(DWORD ProcessId, char* szDumpedFile, ULONG_PTR SearchStart); __declspec(dllexport) long TITCALL ImporterAutoFixIATW(DWORD ProcessId, wchar_t* szDumpedFile, ULONG_PTR SearchStart); // Global.Engine.Hook.functions: diff --git a/SDK/CPP/TitanEngine.h b/SDK/CPP/TitanEngine.h index ab98a65..a5f5778 100644 --- a/SDK/CPP/TitanEngine.h +++ b/SDK/CPP/TitanEngine.h @@ -754,7 +754,7 @@ __declspec(dllimport) void TITCALL ImporterMoveIAT(); __declspec(dllimport) bool TITCALL ImporterExportIAT(ULONG_PTR StorePlace, ULONG_PTR FileMapVA); __declspec(dllimport) long TITCALL ImporterEstimatedSize(); __declspec(dllimport) bool TITCALL ImporterExportIATEx(char* szDumpFileName, char* szExportFileName, char* szSectionName); -__declspec(dllimport) bool TITCALL ImporterExportIATExW(wchar_t* szDumpFileName, wchar_t* szExportFileName, char* szSectionName); +__declspec(dllimport) bool TITCALL ImporterExportIATExW(wchar_t* szDumpFileName, wchar_t* szExportFileName, wchar_t* szSectionName = L".RL!TEv2"); __declspec(dllimport) long long TITCALL ImporterFindAPIWriteLocation(char* szAPIName); __declspec(dllimport) long long TITCALL ImporterFindOrdinalAPIWriteLocation(ULONG_PTR OrdinalNumber); __declspec(dllimport) long long TITCALL ImporterFindAPIByWriteLocation(ULONG_PTR APIWriteLocation); diff --git a/SDK/CPP/TitanEngine.hpp b/SDK/CPP/TitanEngine.hpp index af67c0e..62bd58c 100644 --- a/SDK/CPP/TitanEngine.hpp +++ b/SDK/CPP/TitanEngine.hpp @@ -1849,9 +1849,9 @@ class ImporterW { public: - static bool ExportIATEx(const wchar_t* szDumpFileName, const wchar_t* szExportFileName, const char* szSectionName) + static bool ExportIATEx(const wchar_t* szDumpFileName, const wchar_t* szExportFileName, const wchar_t* szSectionName) { - return UE::ImporterExportIATExW((wchar_t*)szDumpFileName, (wchar_t*)szExportFileName, (char*)szSectionName); + return UE::ImporterExportIATExW((wchar_t*)szDumpFileName, (wchar_t*)szExportFileName, (wchar_t*)szSectionName); } static bool CopyOriginalIAT(const wchar_t* szOriginalFile, const wchar_t* szDumpFile) { diff --git a/TitanEngine/3rdparty-definitions.h b/TitanEngine/3rdparty-definitions.h index 25b267b..a8ecb09 100644 --- a/TitanEngine/3rdparty-definitions.h +++ b/TitanEngine/3rdparty-definitions.h @@ -14,7 +14,7 @@ extern "C" { int scylla_searchIAT(DWORD pid, DWORD_PTR &iatStart, DWORD &iatSize, DWORD_PTR searchStart, bool advancedSearch); int scylla_getImports(DWORD_PTR iatAddr, DWORD iatSize, DWORD pid); bool scylla_importsValid(); -int scylla_fixDump(WCHAR* dumpFile, WCHAR* iatFixFile); +int scylla_fixDump(WCHAR* dumpFile, WCHAR* iatFixFile, WCHAR* sectionName = L".scy"); #ifdef __cplusplus } #endif /*__cplusplus*/ diff --git a/TitanEngine/TitanEngine.cpp b/TitanEngine/TitanEngine.cpp index fdecfe0..da29b9e 100644 --- a/TitanEngine/TitanEngine.cpp +++ b/TitanEngine/TitanEngine.cpp @@ -24,8 +24,8 @@ #include "3rdparty-definitions.h" #define TE_VER_MAJOR 2 -#define TE_VER_MIDDLE 0 -#define TE_VER_MINOR 3 +#define TE_VER_MIDDLE 1 +#define TE_VER_MINOR 0 /*#pragma comment(linker, "/manifestdependency:\"type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0'" \ "processorArchitecture='x86' publicKeyToken='6595b64144ccf1df' language='*'\"")*/ @@ -18733,21 +18733,23 @@ __declspec(dllexport) bool TITCALL ImporterExportIATEx(char* szDumpFileName, cha wchar_t uniExportFileName[MAX_PATH] = {}; wchar_t uniDumpFileName[MAX_PATH] = {}; + wchar_t uniSectionName[MAX_PATH] = {}; if(szExportFileName != NULL && szDumpFileName != NULL) { MultiByteToWideChar(CP_ACP, NULL, szExportFileName, lstrlenA(szExportFileName)+1, uniExportFileName, sizeof(uniExportFileName)/(sizeof(uniExportFileName[0]))); MultiByteToWideChar(CP_ACP, NULL, szDumpFileName, lstrlenA(szDumpFileName)+1, uniDumpFileName, sizeof(uniDumpFileName)/(sizeof(uniDumpFileName[0]))); - return(ImporterExportIATExW(uniDumpFileName, uniExportFileName, szSectionName)); + MultiByteToWideChar(CP_ACP, NULL, szSectionName, lstrlenA(szSectionName)+1, uniSectionName, sizeof(uniSectionName)/(sizeof(uniSectionName[0]))); + return(ImporterExportIATExW(uniDumpFileName, uniExportFileName, uniSectionName)); } else { return(false); } } -__declspec(dllexport) bool TITCALL ImporterExportIATExW(wchar_t* szDumpFileName, wchar_t* szExportFileName, char* szSectionName) +__declspec(dllexport) bool TITCALL ImporterExportIATExW(wchar_t* szDumpFileName, wchar_t* szExportFileName, wchar_t* szSectionName) { - if(scylla_fixDump(szDumpFileName, szExportFileName) != SCY_ERROR_SUCCESS) { + if(scylla_fixDump(szDumpFileName, szExportFileName, szSectionName) != SCY_ERROR_SUCCESS) { return false; } @@ -19527,18 +19529,20 @@ __declspec(dllexport) long TITCALL ImporterAutoFixIATEx(DWORD ProcessId, char* s { wchar_t uniDumpedFile[MAX_PATH] = {}; + wchar_t uniSectionName[MAX_PATH] = {}; if(szDumpedFile != NULL) { MultiByteToWideChar(CP_ACP, NULL, szDumpedFile, lstrlenA(szDumpedFile)+1, uniDumpedFile, sizeof(uniDumpedFile)/(sizeof(uniDumpedFile[0]))); - return(ImporterAutoFixIATExW(ProcessId, uniDumpedFile, szSectionName, DumpRunningProcess, RealignFile, EntryPointAddress, ImageBase, SearchStart, TryAutoFix, FixEliminations, UnknownPointerFixCallback)); + MultiByteToWideChar(CP_ACP, NULL, szSectionName, lstrlenA(szSectionName)+1, uniSectionName, sizeof(uniSectionName)/(sizeof(uniSectionName[0]))); + return(ImporterAutoFixIATExW(ProcessId, uniDumpedFile, uniSectionName, DumpRunningProcess, RealignFile, EntryPointAddress, ImageBase, SearchStart, TryAutoFix, FixEliminations, UnknownPointerFixCallback)); } else { return(NULL); // Critical error! *just to be safe, but it should never happen! } } -__declspec(dllexport) long TITCALL ImporterAutoFixIATExW(DWORD ProcessId, wchar_t* szDumpedFile, char* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, bool TryAutoFix, bool FixEliminations, LPVOID UnknownPointerFixCallback) +__declspec(dllexport) long TITCALL ImporterAutoFixIATExW(DWORD ProcessId, wchar_t* szDumpedFile, wchar_t* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, bool TryAutoFix, bool FixEliminations, LPVOID UnknownPointerFixCallback) { HANDLE FileHandle; DWORD FileSize; @@ -19589,7 +19593,7 @@ __declspec(dllexport) long TITCALL ImporterAutoFixIATExW(DWORD ProcessId, wchar_ return (0x405); } - ret = scylla_fixDump(szDumpedFile, IatFixFileName); + ret = scylla_fixDump(szDumpedFile, IatFixFileName, szSectionName); if(ret == SCY_ERROR_IATWRITE) { return (0x407); @@ -19616,7 +19620,7 @@ __declspec(dllexport) long TITCALL ImporterAutoFixIAT(DWORD ProcessId, char* szD } __declspec(dllexport) long TITCALL ImporterAutoFixIATW(DWORD ProcessId, wchar_t* szDumpedFile, ULONG_PTR SearchStart) { - return(ImporterAutoFixIATExW(ProcessId, szDumpedFile, ".RL!TEv2", false, false, NULL, NULL, SearchStart, false, false, NULL)); + return(ImporterAutoFixIATExW(ProcessId, szDumpedFile, L".RL!TEv2", false, false, NULL, NULL, SearchStart, false, false, NULL)); } // Internal.Engine.Hook.functions: bool ProcessHookScanAddNewHook(PHOOK_ENTRY HookDetails, void* ptrOriginalInstructions, PLIBRARY_ITEM_DATAW ModuleInformation, DWORD SizeOfImage) diff --git a/TitanEngine/definitions.h b/TitanEngine/definitions.h index a28e1a3..7d3150a 100644 --- a/TitanEngine/definitions.h +++ b/TitanEngine/definitions.h @@ -254,7 +254,7 @@ __declspec(dllexport) void TITCALL ImporterMoveIAT(); __declspec(dllexport) bool TITCALL ImporterExportIAT(ULONG_PTR StorePlace, ULONG_PTR FileMapVA); __declspec(dllexport) long TITCALL ImporterEstimatedSize(); __declspec(dllexport) bool TITCALL ImporterExportIATEx(char* szDumpFileName, char* szExportFileName, char* szSectionName); -__declspec(dllexport) bool TITCALL ImporterExportIATExW(wchar_t* szDumpFileName, wchar_t* szExportFileName, char* szSectionName); +__declspec(dllexport) bool TITCALL ImporterExportIATExW(wchar_t* szDumpFileName, wchar_t* szExportFileName, wchar_t* szSectionName = L".RL!TEv2"); __declspec(dllexport) long long TITCALL ImporterFindAPIWriteLocation(char* szAPIName); __declspec(dllexport) long long TITCALL ImporterFindOrdinalAPIWriteLocation(ULONG_PTR OrdinalNumber); __declspec(dllexport) long long TITCALL ImporterFindAPIByWriteLocation(ULONG_PTR APIWriteLocation); @@ -292,7 +292,7 @@ __declspec(dllexport) void TITCALL ImporterAutoSearchIATW(DWORD ProcessIds, wcha __declspec(dllexport) void TITCALL ImporterAutoSearchIATEx(DWORD ProcessId, ULONG_PTR ImageBase, ULONG_PTR SearchStart, LPVOID pIATStart, LPVOID pIATSize); __declspec(dllexport) void TITCALL ImporterEnumAddedData(LPVOID EnumCallBack); __declspec(dllexport) long TITCALL ImporterAutoFixIATEx(DWORD ProcessId, char* szDumpedFile, char* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, bool TryAutoFix, bool FixEliminations, LPVOID UnknownPointerFixCallback); -__declspec(dllexport) long TITCALL ImporterAutoFixIATExW(DWORD ProcessId, wchar_t* szDumpedFile, char* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, bool TryAutoFix, bool FixEliminations, LPVOID UnknownPointerFixCallback); +__declspec(dllexport) long TITCALL ImporterAutoFixIATExW(DWORD ProcessId, wchar_t* szDumpedFile, wchar_t* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, bool TryAutoFix, bool FixEliminations, LPVOID UnknownPointerFixCallback); __declspec(dllexport) long TITCALL ImporterAutoFixIAT(DWORD ProcessId, char* szDumpedFile, ULONG_PTR SearchStart); __declspec(dllexport) long TITCALL ImporterAutoFixIATW(DWORD ProcessId, wchar_t* szDumpedFile, ULONG_PTR SearchStart); // Global.Engine.Hook.functions: diff --git a/TitanEngine/scylla_wrapper_x86.lib b/TitanEngine/scylla_wrapper_x86.lib index f3ccee5..d874b6c 100644 Binary files a/TitanEngine/scylla_wrapper_x86.lib and b/TitanEngine/scylla_wrapper_x86.lib differ diff --git a/TitanEngine/scylla_wrapperd_x86.lib b/TitanEngine/scylla_wrapperd_x86.lib index 38308cf..c2927af 100644 Binary files a/TitanEngine/scylla_wrapperd_x86.lib and b/TitanEngine/scylla_wrapperd_x86.lib differ