mirror of https://github.com/x64dbg/TitanEngine
custom section name support
This commit is contained in:
cypherpunk
parent
86abf46dbe
commit
2c1639d6cc
|
|
@ -755,7 +755,7 @@ __declspec(dllexport) void TITCALL ImporterMoveIAT();
|
||||||
__declspec(dllexport) bool TITCALL ImporterExportIAT(ULONG_PTR StorePlace, ULONG_PTR FileMapVA);
|
__declspec(dllexport) bool TITCALL ImporterExportIAT(ULONG_PTR StorePlace, ULONG_PTR FileMapVA);
|
||||||
__declspec(dllexport) long TITCALL ImporterEstimatedSize();
|
__declspec(dllexport) long TITCALL ImporterEstimatedSize();
|
||||||
__declspec(dllexport) bool TITCALL ImporterExportIATEx(char* szDumpFileName, char* szExportFileName, char* szSectionName);
|
__declspec(dllexport) bool TITCALL ImporterExportIATEx(char* szDumpFileName, char* szExportFileName, char* szSectionName);
|
||||||
__declspec(dllexport) bool TITCALL ImporterExportIATExW(wchar_t* szDumpFileName, wchar_t* szExportFileName, char* szSectionName);
|
__declspec(dllexport) bool TITCALL ImporterExportIATExW(wchar_t* szDumpFileName, wchar_t* szExportFileName, wchar_t* szSectionName = L".RL!TEv2");
|
||||||
__declspec(dllexport) long long TITCALL ImporterFindAPIWriteLocation(char* szAPIName);
|
__declspec(dllexport) long long TITCALL ImporterFindAPIWriteLocation(char* szAPIName);
|
||||||
__declspec(dllexport) long long TITCALL ImporterFindOrdinalAPIWriteLocation(ULONG_PTR OrdinalNumber);
|
__declspec(dllexport) long long TITCALL ImporterFindOrdinalAPIWriteLocation(ULONG_PTR OrdinalNumber);
|
||||||
__declspec(dllexport) long long TITCALL ImporterFindAPIByWriteLocation(ULONG_PTR APIWriteLocation);
|
__declspec(dllexport) long long TITCALL ImporterFindAPIByWriteLocation(ULONG_PTR APIWriteLocation);
|
||||||
|
|
@ -793,7 +793,7 @@ __declspec(dllexport) void TITCALL ImporterAutoSearchIATW(DWORD ProcessIds, wcha
|
||||||
__declspec(dllexport) void TITCALL ImporterAutoSearchIATEx(DWORD ProcessId, ULONG_PTR ImageBase, ULONG_PTR SearchStart, LPVOID pIATStart, LPVOID pIATSize);
|
__declspec(dllexport) void TITCALL ImporterAutoSearchIATEx(DWORD ProcessId, ULONG_PTR ImageBase, ULONG_PTR SearchStart, LPVOID pIATStart, LPVOID pIATSize);
|
||||||
__declspec(dllexport) void TITCALL ImporterEnumAddedData(LPVOID EnumCallBack);
|
__declspec(dllexport) void TITCALL ImporterEnumAddedData(LPVOID EnumCallBack);
|
||||||
__declspec(dllexport) long TITCALL ImporterAutoFixIATEx(DWORD ProcessId, char* szDumpedFile, char* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, bool TryAutoFix, bool FixEliminations, LPVOID UnknownPointerFixCallback);
|
__declspec(dllexport) long TITCALL ImporterAutoFixIATEx(DWORD ProcessId, char* szDumpedFile, char* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, bool TryAutoFix, bool FixEliminations, LPVOID UnknownPointerFixCallback);
|
||||||
__declspec(dllexport) long TITCALL ImporterAutoFixIATExW(DWORD ProcessId, wchar_t* szDumpedFile, char* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, bool TryAutoFix, bool FixEliminations, LPVOID UnknownPointerFixCallback);
|
__declspec(dllexport) long TITCALL ImporterAutoFixIATExW(DWORD ProcessId, wchar_t* szDumpedFile, wchar_t* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, bool TryAutoFix, bool FixEliminations, LPVOID UnknownPointerFixCallback);
|
||||||
__declspec(dllexport) long TITCALL ImporterAutoFixIAT(DWORD ProcessId, char* szDumpedFile, ULONG_PTR SearchStart);
|
__declspec(dllexport) long TITCALL ImporterAutoFixIAT(DWORD ProcessId, char* szDumpedFile, ULONG_PTR SearchStart);
|
||||||
__declspec(dllexport) long TITCALL ImporterAutoFixIATW(DWORD ProcessId, wchar_t* szDumpedFile, ULONG_PTR SearchStart);
|
__declspec(dllexport) long TITCALL ImporterAutoFixIATW(DWORD ProcessId, wchar_t* szDumpedFile, ULONG_PTR SearchStart);
|
||||||
// Global.Engine.Hook.functions:
|
// Global.Engine.Hook.functions:
|
||||||
|
|
|
||||||
|
|
@ -754,7 +754,7 @@ __declspec(dllimport) void TITCALL ImporterMoveIAT();
|
||||||
__declspec(dllimport) bool TITCALL ImporterExportIAT(ULONG_PTR StorePlace, ULONG_PTR FileMapVA);
|
__declspec(dllimport) bool TITCALL ImporterExportIAT(ULONG_PTR StorePlace, ULONG_PTR FileMapVA);
|
||||||
__declspec(dllimport) long TITCALL ImporterEstimatedSize();
|
__declspec(dllimport) long TITCALL ImporterEstimatedSize();
|
||||||
__declspec(dllimport) bool TITCALL ImporterExportIATEx(char* szDumpFileName, char* szExportFileName, char* szSectionName);
|
__declspec(dllimport) bool TITCALL ImporterExportIATEx(char* szDumpFileName, char* szExportFileName, char* szSectionName);
|
||||||
__declspec(dllimport) bool TITCALL ImporterExportIATExW(wchar_t* szDumpFileName, wchar_t* szExportFileName, char* szSectionName);
|
__declspec(dllimport) bool TITCALL ImporterExportIATExW(wchar_t* szDumpFileName, wchar_t* szExportFileName, wchar_t* szSectionName = L".RL!TEv2");
|
||||||
__declspec(dllimport) long long TITCALL ImporterFindAPIWriteLocation(char* szAPIName);
|
__declspec(dllimport) long long TITCALL ImporterFindAPIWriteLocation(char* szAPIName);
|
||||||
__declspec(dllimport) long long TITCALL ImporterFindOrdinalAPIWriteLocation(ULONG_PTR OrdinalNumber);
|
__declspec(dllimport) long long TITCALL ImporterFindOrdinalAPIWriteLocation(ULONG_PTR OrdinalNumber);
|
||||||
__declspec(dllimport) long long TITCALL ImporterFindAPIByWriteLocation(ULONG_PTR APIWriteLocation);
|
__declspec(dllimport) long long TITCALL ImporterFindAPIByWriteLocation(ULONG_PTR APIWriteLocation);
|
||||||
|
|
|
||||||
|
|
@ -1849,9 +1849,9 @@ class ImporterW
|
||||||
{
|
{
|
||||||
public:
|
public:
|
||||||
|
|
||||||
static bool ExportIATEx(const wchar_t* szDumpFileName, const wchar_t* szExportFileName, const char* szSectionName)
|
static bool ExportIATEx(const wchar_t* szDumpFileName, const wchar_t* szExportFileName, const wchar_t* szSectionName)
|
||||||
{
|
{
|
||||||
return UE::ImporterExportIATExW((wchar_t*)szDumpFileName, (wchar_t*)szExportFileName, (char*)szSectionName);
|
return UE::ImporterExportIATExW((wchar_t*)szDumpFileName, (wchar_t*)szExportFileName, (wchar_t*)szSectionName);
|
||||||
}
|
}
|
||||||
static bool CopyOriginalIAT(const wchar_t* szOriginalFile, const wchar_t* szDumpFile)
|
static bool CopyOriginalIAT(const wchar_t* szOriginalFile, const wchar_t* szDumpFile)
|
||||||
{
|
{
|
||||||
|
|
|
||||||
|
|
@ -14,7 +14,7 @@ extern "C" {
|
||||||
int scylla_searchIAT(DWORD pid, DWORD_PTR &iatStart, DWORD &iatSize, DWORD_PTR searchStart, bool advancedSearch);
|
int scylla_searchIAT(DWORD pid, DWORD_PTR &iatStart, DWORD &iatSize, DWORD_PTR searchStart, bool advancedSearch);
|
||||||
int scylla_getImports(DWORD_PTR iatAddr, DWORD iatSize, DWORD pid);
|
int scylla_getImports(DWORD_PTR iatAddr, DWORD iatSize, DWORD pid);
|
||||||
bool scylla_importsValid();
|
bool scylla_importsValid();
|
||||||
int scylla_fixDump(WCHAR* dumpFile, WCHAR* iatFixFile);
|
int scylla_fixDump(WCHAR* dumpFile, WCHAR* iatFixFile, WCHAR* sectionName = L".scy");
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
}
|
}
|
||||||
#endif /*__cplusplus*/
|
#endif /*__cplusplus*/
|
||||||
|
|
|
||||||
|
|
@ -24,8 +24,8 @@
|
||||||
#include "3rdparty-definitions.h"
|
#include "3rdparty-definitions.h"
|
||||||
|
|
||||||
#define TE_VER_MAJOR 2
|
#define TE_VER_MAJOR 2
|
||||||
#define TE_VER_MIDDLE 0
|
#define TE_VER_MIDDLE 1
|
||||||
#define TE_VER_MINOR 3
|
#define TE_VER_MINOR 0
|
||||||
|
|
||||||
/*#pragma comment(linker, "/manifestdependency:\"type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0'" \
|
/*#pragma comment(linker, "/manifestdependency:\"type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0'" \
|
||||||
"processorArchitecture='x86' publicKeyToken='6595b64144ccf1df' language='*'\"")*/
|
"processorArchitecture='x86' publicKeyToken='6595b64144ccf1df' language='*'\"")*/
|
||||||
|
|
@ -18733,21 +18733,23 @@ __declspec(dllexport) bool TITCALL ImporterExportIATEx(char* szDumpFileName, cha
|
||||||
|
|
||||||
wchar_t uniExportFileName[MAX_PATH] = {};
|
wchar_t uniExportFileName[MAX_PATH] = {};
|
||||||
wchar_t uniDumpFileName[MAX_PATH] = {};
|
wchar_t uniDumpFileName[MAX_PATH] = {};
|
||||||
|
wchar_t uniSectionName[MAX_PATH] = {};
|
||||||
|
|
||||||
if(szExportFileName != NULL && szDumpFileName != NULL)
|
if(szExportFileName != NULL && szDumpFileName != NULL)
|
||||||
{
|
{
|
||||||
MultiByteToWideChar(CP_ACP, NULL, szExportFileName, lstrlenA(szExportFileName)+1, uniExportFileName, sizeof(uniExportFileName)/(sizeof(uniExportFileName[0])));
|
MultiByteToWideChar(CP_ACP, NULL, szExportFileName, lstrlenA(szExportFileName)+1, uniExportFileName, sizeof(uniExportFileName)/(sizeof(uniExportFileName[0])));
|
||||||
MultiByteToWideChar(CP_ACP, NULL, szDumpFileName, lstrlenA(szDumpFileName)+1, uniDumpFileName, sizeof(uniDumpFileName)/(sizeof(uniDumpFileName[0])));
|
MultiByteToWideChar(CP_ACP, NULL, szDumpFileName, lstrlenA(szDumpFileName)+1, uniDumpFileName, sizeof(uniDumpFileName)/(sizeof(uniDumpFileName[0])));
|
||||||
return(ImporterExportIATExW(uniDumpFileName, uniExportFileName, szSectionName));
|
MultiByteToWideChar(CP_ACP, NULL, szSectionName, lstrlenA(szSectionName)+1, uniSectionName, sizeof(uniSectionName)/(sizeof(uniSectionName[0])));
|
||||||
|
return(ImporterExportIATExW(uniDumpFileName, uniExportFileName, uniSectionName));
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
return(false);
|
return(false);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
__declspec(dllexport) bool TITCALL ImporterExportIATExW(wchar_t* szDumpFileName, wchar_t* szExportFileName, char* szSectionName)
|
__declspec(dllexport) bool TITCALL ImporterExportIATExW(wchar_t* szDumpFileName, wchar_t* szExportFileName, wchar_t* szSectionName)
|
||||||
{
|
{
|
||||||
if(scylla_fixDump(szDumpFileName, szExportFileName) != SCY_ERROR_SUCCESS) {
|
if(scylla_fixDump(szDumpFileName, szExportFileName, szSectionName) != SCY_ERROR_SUCCESS) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -19527,18 +19529,20 @@ __declspec(dllexport) long TITCALL ImporterAutoFixIATEx(DWORD ProcessId, char* s
|
||||||
{
|
{
|
||||||
|
|
||||||
wchar_t uniDumpedFile[MAX_PATH] = {};
|
wchar_t uniDumpedFile[MAX_PATH] = {};
|
||||||
|
wchar_t uniSectionName[MAX_PATH] = {};
|
||||||
|
|
||||||
if(szDumpedFile != NULL)
|
if(szDumpedFile != NULL)
|
||||||
{
|
{
|
||||||
MultiByteToWideChar(CP_ACP, NULL, szDumpedFile, lstrlenA(szDumpedFile)+1, uniDumpedFile, sizeof(uniDumpedFile)/(sizeof(uniDumpedFile[0])));
|
MultiByteToWideChar(CP_ACP, NULL, szDumpedFile, lstrlenA(szDumpedFile)+1, uniDumpedFile, sizeof(uniDumpedFile)/(sizeof(uniDumpedFile[0])));
|
||||||
return(ImporterAutoFixIATExW(ProcessId, uniDumpedFile, szSectionName, DumpRunningProcess, RealignFile, EntryPointAddress, ImageBase, SearchStart, TryAutoFix, FixEliminations, UnknownPointerFixCallback));
|
MultiByteToWideChar(CP_ACP, NULL, szSectionName, lstrlenA(szSectionName)+1, uniSectionName, sizeof(uniSectionName)/(sizeof(uniSectionName[0])));
|
||||||
|
return(ImporterAutoFixIATExW(ProcessId, uniDumpedFile, uniSectionName, DumpRunningProcess, RealignFile, EntryPointAddress, ImageBase, SearchStart, TryAutoFix, FixEliminations, UnknownPointerFixCallback));
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
return(NULL); // Critical error! *just to be safe, but it should never happen!
|
return(NULL); // Critical error! *just to be safe, but it should never happen!
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
__declspec(dllexport) long TITCALL ImporterAutoFixIATExW(DWORD ProcessId, wchar_t* szDumpedFile, char* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, bool TryAutoFix, bool FixEliminations, LPVOID UnknownPointerFixCallback)
|
__declspec(dllexport) long TITCALL ImporterAutoFixIATExW(DWORD ProcessId, wchar_t* szDumpedFile, wchar_t* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, bool TryAutoFix, bool FixEliminations, LPVOID UnknownPointerFixCallback)
|
||||||
{
|
{
|
||||||
HANDLE FileHandle;
|
HANDLE FileHandle;
|
||||||
DWORD FileSize;
|
DWORD FileSize;
|
||||||
|
|
@ -19589,7 +19593,7 @@ __declspec(dllexport) long TITCALL ImporterAutoFixIATExW(DWORD ProcessId, wchar_
|
||||||
return (0x405);
|
return (0x405);
|
||||||
}
|
}
|
||||||
|
|
||||||
ret = scylla_fixDump(szDumpedFile, IatFixFileName);
|
ret = scylla_fixDump(szDumpedFile, IatFixFileName, szSectionName);
|
||||||
|
|
||||||
if(ret == SCY_ERROR_IATWRITE) {
|
if(ret == SCY_ERROR_IATWRITE) {
|
||||||
return (0x407);
|
return (0x407);
|
||||||
|
|
@ -19616,7 +19620,7 @@ __declspec(dllexport) long TITCALL ImporterAutoFixIAT(DWORD ProcessId, char* szD
|
||||||
}
|
}
|
||||||
__declspec(dllexport) long TITCALL ImporterAutoFixIATW(DWORD ProcessId, wchar_t* szDumpedFile, ULONG_PTR SearchStart)
|
__declspec(dllexport) long TITCALL ImporterAutoFixIATW(DWORD ProcessId, wchar_t* szDumpedFile, ULONG_PTR SearchStart)
|
||||||
{
|
{
|
||||||
return(ImporterAutoFixIATExW(ProcessId, szDumpedFile, ".RL!TEv2", false, false, NULL, NULL, SearchStart, false, false, NULL));
|
return(ImporterAutoFixIATExW(ProcessId, szDumpedFile, L".RL!TEv2", false, false, NULL, NULL, SearchStart, false, false, NULL));
|
||||||
}
|
}
|
||||||
// Internal.Engine.Hook.functions:
|
// Internal.Engine.Hook.functions:
|
||||||
bool ProcessHookScanAddNewHook(PHOOK_ENTRY HookDetails, void* ptrOriginalInstructions, PLIBRARY_ITEM_DATAW ModuleInformation, DWORD SizeOfImage)
|
bool ProcessHookScanAddNewHook(PHOOK_ENTRY HookDetails, void* ptrOriginalInstructions, PLIBRARY_ITEM_DATAW ModuleInformation, DWORD SizeOfImage)
|
||||||
|
|
|
||||||
|
|
@ -254,7 +254,7 @@ __declspec(dllexport) void TITCALL ImporterMoveIAT();
|
||||||
__declspec(dllexport) bool TITCALL ImporterExportIAT(ULONG_PTR StorePlace, ULONG_PTR FileMapVA);
|
__declspec(dllexport) bool TITCALL ImporterExportIAT(ULONG_PTR StorePlace, ULONG_PTR FileMapVA);
|
||||||
__declspec(dllexport) long TITCALL ImporterEstimatedSize();
|
__declspec(dllexport) long TITCALL ImporterEstimatedSize();
|
||||||
__declspec(dllexport) bool TITCALL ImporterExportIATEx(char* szDumpFileName, char* szExportFileName, char* szSectionName);
|
__declspec(dllexport) bool TITCALL ImporterExportIATEx(char* szDumpFileName, char* szExportFileName, char* szSectionName);
|
||||||
__declspec(dllexport) bool TITCALL ImporterExportIATExW(wchar_t* szDumpFileName, wchar_t* szExportFileName, char* szSectionName);
|
__declspec(dllexport) bool TITCALL ImporterExportIATExW(wchar_t* szDumpFileName, wchar_t* szExportFileName, wchar_t* szSectionName = L".RL!TEv2");
|
||||||
__declspec(dllexport) long long TITCALL ImporterFindAPIWriteLocation(char* szAPIName);
|
__declspec(dllexport) long long TITCALL ImporterFindAPIWriteLocation(char* szAPIName);
|
||||||
__declspec(dllexport) long long TITCALL ImporterFindOrdinalAPIWriteLocation(ULONG_PTR OrdinalNumber);
|
__declspec(dllexport) long long TITCALL ImporterFindOrdinalAPIWriteLocation(ULONG_PTR OrdinalNumber);
|
||||||
__declspec(dllexport) long long TITCALL ImporterFindAPIByWriteLocation(ULONG_PTR APIWriteLocation);
|
__declspec(dllexport) long long TITCALL ImporterFindAPIByWriteLocation(ULONG_PTR APIWriteLocation);
|
||||||
|
|
@ -292,7 +292,7 @@ __declspec(dllexport) void TITCALL ImporterAutoSearchIATW(DWORD ProcessIds, wcha
|
||||||
__declspec(dllexport) void TITCALL ImporterAutoSearchIATEx(DWORD ProcessId, ULONG_PTR ImageBase, ULONG_PTR SearchStart, LPVOID pIATStart, LPVOID pIATSize);
|
__declspec(dllexport) void TITCALL ImporterAutoSearchIATEx(DWORD ProcessId, ULONG_PTR ImageBase, ULONG_PTR SearchStart, LPVOID pIATStart, LPVOID pIATSize);
|
||||||
__declspec(dllexport) void TITCALL ImporterEnumAddedData(LPVOID EnumCallBack);
|
__declspec(dllexport) void TITCALL ImporterEnumAddedData(LPVOID EnumCallBack);
|
||||||
__declspec(dllexport) long TITCALL ImporterAutoFixIATEx(DWORD ProcessId, char* szDumpedFile, char* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, bool TryAutoFix, bool FixEliminations, LPVOID UnknownPointerFixCallback);
|
__declspec(dllexport) long TITCALL ImporterAutoFixIATEx(DWORD ProcessId, char* szDumpedFile, char* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, bool TryAutoFix, bool FixEliminations, LPVOID UnknownPointerFixCallback);
|
||||||
__declspec(dllexport) long TITCALL ImporterAutoFixIATExW(DWORD ProcessId, wchar_t* szDumpedFile, char* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, bool TryAutoFix, bool FixEliminations, LPVOID UnknownPointerFixCallback);
|
__declspec(dllexport) long TITCALL ImporterAutoFixIATExW(DWORD ProcessId, wchar_t* szDumpedFile, wchar_t* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, bool TryAutoFix, bool FixEliminations, LPVOID UnknownPointerFixCallback);
|
||||||
__declspec(dllexport) long TITCALL ImporterAutoFixIAT(DWORD ProcessId, char* szDumpedFile, ULONG_PTR SearchStart);
|
__declspec(dllexport) long TITCALL ImporterAutoFixIAT(DWORD ProcessId, char* szDumpedFile, ULONG_PTR SearchStart);
|
||||||
__declspec(dllexport) long TITCALL ImporterAutoFixIATW(DWORD ProcessId, wchar_t* szDumpedFile, ULONG_PTR SearchStart);
|
__declspec(dllexport) long TITCALL ImporterAutoFixIATW(DWORD ProcessId, wchar_t* szDumpedFile, ULONG_PTR SearchStart);
|
||||||
// Global.Engine.Hook.functions:
|
// Global.Engine.Hook.functions:
|
||||||
|
|
|
||||||
Binary file not shown.
Binary file not shown.
Loading…
Reference in New Issue