mirror of https://github.com/x64dbg/TitanEngine
- more separations
This commit is contained in:
parent
7c33b6de54
commit
381252384f
|
|
@ -1,4 +1,5 @@
|
||||||
#include "stdafx.h"
|
#include "stdafx.h"
|
||||||
|
#include "definitions.h"
|
||||||
#include "Global.Engine.Hash.h"
|
#include "Global.Engine.Hash.h"
|
||||||
|
|
||||||
static unsigned long Crc32Table[256];
|
static unsigned long Crc32Table[256];
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,106 @@
|
||||||
|
#include "stdafx.h"
|
||||||
|
#include "definitions.h"
|
||||||
|
#include "Global.Engine.Hider.h"
|
||||||
|
#include "Global.Engine.h"
|
||||||
|
|
||||||
|
// Global.Engine.Hider.functions:
|
||||||
|
static bool isAtleastVista()
|
||||||
|
{
|
||||||
|
static bool isAtleastVista=false;
|
||||||
|
static bool isSet=false;
|
||||||
|
if(isSet)
|
||||||
|
return isAtleastVista;
|
||||||
|
OSVERSIONINFO versionInfo= {0};
|
||||||
|
versionInfo.dwOSVersionInfoSize=sizeof(OSVERSIONINFO);
|
||||||
|
GetVersionEx(&versionInfo);
|
||||||
|
isAtleastVista=versionInfo.dwMajorVersion >= 6;
|
||||||
|
isSet=true;
|
||||||
|
return isAtleastVista;
|
||||||
|
}
|
||||||
|
|
||||||
|
bool ChangeHideDebuggerState(HANDLE hProcess, DWORD PatchAPILevel, bool Hide)
|
||||||
|
{
|
||||||
|
static ULONG OldHeapFlags=0;
|
||||||
|
static ULONG OldForceFlag=0;
|
||||||
|
ULONG_PTR AddressOfPEB = NULL;
|
||||||
|
ULONG_PTR ueNumberOfBytesRead = NULL;
|
||||||
|
BYTE patchCheckRemoteDebuggerPresent[5] = {0x33, 0xC0, 0xC2, 0x08, 0x00};
|
||||||
|
BYTE patchGetTickCount[3] = {0x33, 0xC0, 0xC3};
|
||||||
|
MEMORY_BASIC_INFORMATION MemInfo;
|
||||||
|
ULONG_PTR APIPatchAddress = NULL;
|
||||||
|
DWORD OldProtect;
|
||||||
|
NTPEB myPEB = {};
|
||||||
|
|
||||||
|
if(hProcess != NULL)
|
||||||
|
{
|
||||||
|
AddressOfPEB = (ULONG_PTR)GetPEBLocation(hProcess);
|
||||||
|
if(ReadProcessMemory(hProcess, (void*)AddressOfPEB, (void*)&myPEB, sizeof NTPEB, &ueNumberOfBytesRead))
|
||||||
|
{
|
||||||
|
if(Hide)
|
||||||
|
{
|
||||||
|
myPEB.BeingDebugged = false;
|
||||||
|
myPEB.NtGlobalFlag = NULL;
|
||||||
|
//Fix heap flags: https://github.com/eschweiler/ProReversing
|
||||||
|
BYTE* Heap=(BYTE*)myPEB.ProcessHeap;
|
||||||
|
|
||||||
|
if(WriteProcessMemory(hProcess, (void*)AddressOfPEB, (void*)&myPEB, sizeof NTPEB, &ueNumberOfBytesRead))
|
||||||
|
{
|
||||||
|
if(PatchAPILevel == UE_HIDE_BASIC)
|
||||||
|
{
|
||||||
|
APIPatchAddress = (ULONG_PTR)EngineGlobalAPIHandler(hProcess, NULL, (ULONG_PTR)GetProcAddress(GetModuleHandleA("kernel32.dll"),"CheckRemoteDebuggerPresent"), NULL, UE_OPTION_IMPORTER_REALIGN_APIADDRESS);
|
||||||
|
VirtualQueryEx(dbgProcessInformation.hProcess, (LPVOID)APIPatchAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
|
||||||
|
OldProtect = MemInfo.Protect;
|
||||||
|
VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)APIPatchAddress, 5, PAGE_EXECUTE_READWRITE, &OldProtect);
|
||||||
|
WriteProcessMemory(hProcess, (LPVOID)(APIPatchAddress), &patchCheckRemoteDebuggerPresent, 5, &ueNumberOfBytesRead);
|
||||||
|
|
||||||
|
APIPatchAddress = (ULONG_PTR)EngineGlobalAPIHandler(hProcess, NULL, (ULONG_PTR)GetProcAddress(GetModuleHandleA("kernel32.dll"),"GetTickCount"), NULL, UE_OPTION_IMPORTER_REALIGN_APIADDRESS);
|
||||||
|
VirtualQueryEx(dbgProcessInformation.hProcess, (LPVOID)APIPatchAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
|
||||||
|
OldProtect = MemInfo.Protect;
|
||||||
|
VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)APIPatchAddress, 3, PAGE_EXECUTE_READWRITE, &OldProtect);
|
||||||
|
WriteProcessMemory(hProcess, (LPVOID)(APIPatchAddress), &patchGetTickCount, 3, &ueNumberOfBytesRead);
|
||||||
|
}
|
||||||
|
return(true);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
myPEB.BeingDebugged = true;
|
||||||
|
if(WriteProcessMemory(hProcess, (void*)AddressOfPEB, (void*)&myPEB, sizeof NTPEB, &ueNumberOfBytesRead))
|
||||||
|
{
|
||||||
|
if(PatchAPILevel == UE_HIDE_BASIC)
|
||||||
|
{
|
||||||
|
APIPatchAddress = (ULONG_PTR)EngineGlobalAPIHandler(hProcess, NULL, (ULONG_PTR)GetProcAddress(GetModuleHandleA("kernel32.dll"),"CheckRemoteDebuggerPresent"), NULL, UE_OPTION_IMPORTER_REALIGN_APIADDRESS);
|
||||||
|
VirtualQueryEx(dbgProcessInformation.hProcess, (LPVOID)APIPatchAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
|
||||||
|
OldProtect = MemInfo.Protect;
|
||||||
|
VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)APIPatchAddress, 5, PAGE_EXECUTE_READWRITE, &OldProtect);
|
||||||
|
WriteProcessMemory(hProcess, (LPVOID)(APIPatchAddress), (void*)GetProcAddress(GetModuleHandleA("kernel32.dll"),"CheckRemoteDebuggerPresent"), 5, &ueNumberOfBytesRead);
|
||||||
|
|
||||||
|
APIPatchAddress = (ULONG_PTR)EngineGlobalAPIHandler(hProcess, NULL, (ULONG_PTR)GetProcAddress(GetModuleHandleA("kernel32.dll"),"GetTickCount"), NULL, UE_OPTION_IMPORTER_REALIGN_APIADDRESS);
|
||||||
|
VirtualQueryEx(dbgProcessInformation.hProcess, (LPVOID)APIPatchAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
|
||||||
|
OldProtect = MemInfo.Protect;
|
||||||
|
VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)APIPatchAddress, 3, PAGE_EXECUTE_READWRITE, &OldProtect);
|
||||||
|
WriteProcessMemory(hProcess, (LPVOID)(APIPatchAddress), (void*)GetProcAddress(GetModuleHandleA("kernel32.dll"),"GetTickCount"), 3, &ueNumberOfBytesRead);
|
||||||
|
}
|
||||||
|
return(true);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
|
@ -0,0 +1,6 @@
|
||||||
|
#ifndef _GLOBAL_ENGINE_HIDER_H
|
||||||
|
#define _GLOBAL_ENGINE_HIDER_H
|
||||||
|
|
||||||
|
bool ChangeHideDebuggerState(HANDLE hProcess, DWORD PatchAPILevel, bool Hide);
|
||||||
|
|
||||||
|
#endif //_GLOBAL_ENGINE_HIDER_H
|
||||||
|
|
@ -21,6 +21,10 @@ HMODULE engineHandle;
|
||||||
bool engineCheckForwarders = true;
|
bool engineCheckForwarders = true;
|
||||||
bool engineAlowModuleLoading = false;
|
bool engineAlowModuleLoading = false;
|
||||||
bool engineCreatePathForFiles = true; // hardcoded
|
bool engineCreatePathForFiles = true; // hardcoded
|
||||||
|
bool engineBackupForCriticalFunctions = true;
|
||||||
|
bool engineResumeProcessIfNoThreadIsActive = false;
|
||||||
|
|
||||||
|
LPVOID engineExitThreadOneShootCallBack = NULL;
|
||||||
|
|
||||||
// Global.Engine.functions:
|
// Global.Engine.functions:
|
||||||
void EngineInit()
|
void EngineInit()
|
||||||
|
|
|
||||||
|
|
@ -10,9 +10,13 @@ extern HMODULE engineHandle;
|
||||||
|
|
||||||
extern bool engineAlowModuleLoading;
|
extern bool engineAlowModuleLoading;
|
||||||
extern bool engineCheckForwarders;
|
extern bool engineCheckForwarders;
|
||||||
|
extern bool engineBackupForCriticalFunctions;
|
||||||
|
extern bool engineResumeProcessIfNoThreadIsActive;
|
||||||
|
|
||||||
extern wchar_t engineSzEngineGarbageFolder[MAX_PATH];
|
extern wchar_t engineSzEngineGarbageFolder[MAX_PATH];
|
||||||
|
|
||||||
|
extern LPVOID engineExitThreadOneShootCallBack;
|
||||||
|
|
||||||
//Global.Engine.Functions
|
//Global.Engine.Functions
|
||||||
void EngineInit();
|
void EngineInit();
|
||||||
bool EngineIsThereFreeHardwareBreakSlot(LPDWORD FreeRegister);
|
bool EngineIsThereFreeHardwareBreakSlot(LPDWORD FreeRegister);
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,5 @@
|
||||||
#include "stdafx.h"
|
#include "stdafx.h"
|
||||||
|
#include "definitions.h"
|
||||||
#include "Global.Handle.h"
|
#include "Global.Handle.h"
|
||||||
|
|
||||||
// Global.Handle.functions:
|
// Global.Handle.functions:
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,23 @@
|
||||||
|
#include "stdafx.h"
|
||||||
|
#include "Global.Realigner.h"
|
||||||
|
|
||||||
|
// Global.Realigner.functions:
|
||||||
|
void SetOverallFileStatus(PFILE_STATUS_INFO myFileInfo, BYTE FiledStatus, bool FiledCritical)
|
||||||
|
{
|
||||||
|
|
||||||
|
if(myFileInfo->OveralEvaluation == UE_RESULT_FILE_OK || myFileInfo->OveralEvaluation == UE_RESULT_FILE_INVALID_BUT_FIXABLE)
|
||||||
|
{
|
||||||
|
if(FiledStatus == UE_FIELD_FIXABLE_CRITICAL || FiledStatus == UE_FIELD_BROKEN_FIXABLE_FOR_STATIC_USE || FiledStatus == UE_FIELD_BROKEN_BUT_CAN_BE_EMULATED)
|
||||||
|
{
|
||||||
|
myFileInfo->OveralEvaluation = UE_RESULT_FILE_INVALID_BUT_FIXABLE;
|
||||||
|
}
|
||||||
|
else if(FiledStatus == UE_FIELD_BROKEN_NON_FIXABLE && FiledCritical == true)
|
||||||
|
{
|
||||||
|
myFileInfo->OveralEvaluation = UE_RESULT_FILE_INVALID_AND_NON_FIXABLE;
|
||||||
|
}
|
||||||
|
else if(FiledStatus == UE_FIELD_BROKEN_FIXABLE_FOR_STATIC_USE)
|
||||||
|
{
|
||||||
|
myFileInfo->OveralEvaluation = UE_RESULT_FILE_INVALID_BUT_FIXABLE;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
@ -0,0 +1,6 @@
|
||||||
|
#ifndef _GLOBAL_REALIGNER_H
|
||||||
|
#define _GLOBAL_REALIGNER_H
|
||||||
|
|
||||||
|
void SetOverallFileStatus(PFILE_STATUS_INFO myFileInfo, BYTE FiledStatus, bool FiledCritical);
|
||||||
|
|
||||||
|
#endif //_GLOBAL_REALIGNER_H
|
||||||
|
|
@ -0,0 +1,5 @@
|
||||||
|
#include "stdafx.h"
|
||||||
|
#include "definitions.h"
|
||||||
|
#include "Global.Threader.h"
|
||||||
|
|
||||||
|
LPVOID hListThread = 0;
|
||||||
|
|
@ -0,0 +1,6 @@
|
||||||
|
#ifndef _GLOBAL_THREADER_H
|
||||||
|
#define _GLOBAL_THREADER_H
|
||||||
|
|
||||||
|
extern LPVOID hListThread;
|
||||||
|
|
||||||
|
#endif //_GLOBAL_THREADER_H
|
||||||
|
|
@ -1,8 +1,7 @@
|
||||||
#include "stdafx.h"
|
#include "stdafx.h"
|
||||||
#include "TitanEngine.Dumper.h"
|
#include "definitions.h"
|
||||||
#include "Global.Engine.h"
|
#include "Global.Engine.h"
|
||||||
#include "Global.Handle.h"
|
#include "Global.Handle.h"
|
||||||
#include "definitions.h"
|
|
||||||
#include <psapi.h>
|
#include <psapi.h>
|
||||||
|
|
||||||
//TitanEngine.Dumper.functions:
|
//TitanEngine.Dumper.functions:
|
||||||
|
|
|
||||||
|
|
@ -1,6 +0,0 @@
|
||||||
#ifndef _TITANENGINE_DUMPER_H
|
|
||||||
#define _TITANENGINE_DUMPER_H
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
#endif //_TITANENGINE_DUMPER_H
|
|
||||||
|
|
@ -0,0 +1,45 @@
|
||||||
|
#include "stdafx.h"
|
||||||
|
#include "definitions.h"
|
||||||
|
#include "Global.Engine.Hider.h"
|
||||||
|
|
||||||
|
// TitanEngine.Hider.functions:
|
||||||
|
__declspec(dllexport) void* TITCALL GetPEBLocation(HANDLE hProcess)
|
||||||
|
{
|
||||||
|
ULONG RequiredLen = NULL;
|
||||||
|
PPROCESS_BASIC_INFORMATION myProcessBasicInformation = (PPROCESS_BASIC_INFORMATION)VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE);
|
||||||
|
if(!myProcessBasicInformation)
|
||||||
|
return 0;
|
||||||
|
#if !defined(_WIN64)
|
||||||
|
typedef NTSTATUS(WINAPI *fZwQueryInformationProcess)(HANDLE ProcessHandle, PROCESSINFOCLASS ProcessInformationClass, PVOID ProcessInformation, ULONG ProcessInformationLength, PULONG ReturnLength);
|
||||||
|
#else
|
||||||
|
typedef NTSTATUS(__fastcall *fZwQueryInformationProcess)(HANDLE ProcessHandle, PROCESSINFOCLASS ProcessInformationClass, PVOID ProcessInformation, ULONG ProcessInformationLength, PULONG ReturnLength);
|
||||||
|
#endif
|
||||||
|
LPVOID ZwQueryInformationProcess = (LPVOID)GetProcAddress(GetModuleHandleA("ntdll.dll"),"ZwQueryInformationProcess");
|
||||||
|
fZwQueryInformationProcess cZwQueryInformationProcess = (fZwQueryInformationProcess)(ZwQueryInformationProcess);
|
||||||
|
|
||||||
|
if(cZwQueryInformationProcess != NULL)
|
||||||
|
{
|
||||||
|
if(cZwQueryInformationProcess(hProcess, ProcessBasicInformation, myProcessBasicInformation, sizeof PROCESS_BASIC_INFORMATION, &RequiredLen) == STATUS_SUCCESS)
|
||||||
|
{
|
||||||
|
return (void*)myProcessBasicInformation->PebBaseAddress;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
if(cZwQueryInformationProcess(hProcess, ProcessBasicInformation, myProcessBasicInformation, RequiredLen, &RequiredLen) == STATUS_SUCCESS)
|
||||||
|
{
|
||||||
|
return (void*)myProcessBasicInformation->PebBaseAddress;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
__declspec(dllexport) bool TITCALL HideDebugger(HANDLE hProcess, DWORD PatchAPILevel)
|
||||||
|
{
|
||||||
|
return ChangeHideDebuggerState(hProcess, PatchAPILevel, true);
|
||||||
|
}
|
||||||
|
|
||||||
|
__declspec(dllexport) bool TITCALL UnHideDebugger(HANDLE hProcess, DWORD PatchAPILevel)
|
||||||
|
{
|
||||||
|
return ChangeHideDebuggerState(hProcess, PatchAPILevel, false);
|
||||||
|
}
|
||||||
|
|
@ -0,0 +1,554 @@
|
||||||
|
#include "stdafx.h"
|
||||||
|
#include "definitions.h"
|
||||||
|
#include "Global.Engine.h"
|
||||||
|
|
||||||
|
__declspec(dllexport) long TITCALL GetPE32SectionNumberFromVA(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert)
|
||||||
|
{
|
||||||
|
|
||||||
|
PIMAGE_DOS_HEADER DOSHeader;
|
||||||
|
PIMAGE_NT_HEADERS32 PEHeader32;
|
||||||
|
PIMAGE_NT_HEADERS64 PEHeader64;
|
||||||
|
PIMAGE_SECTION_HEADER PESections;
|
||||||
|
ULONG_PTR FoundInSection = -1;
|
||||||
|
DWORD SectionNumber = 0;
|
||||||
|
DWORD ConvertAddress = 0;
|
||||||
|
BOOL FileIs64;
|
||||||
|
|
||||||
|
if(FileMapVA != NULL)
|
||||||
|
{
|
||||||
|
DOSHeader = (PIMAGE_DOS_HEADER)FileMapVA;
|
||||||
|
if(EngineValidateHeader(FileMapVA, NULL, NULL, DOSHeader, true))
|
||||||
|
{
|
||||||
|
PEHeader32 = (PIMAGE_NT_HEADERS32)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
|
||||||
|
PEHeader64 = (PIMAGE_NT_HEADERS64)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
|
||||||
|
if(PEHeader32->OptionalHeader.Magic == 0x10B)
|
||||||
|
{
|
||||||
|
FileIs64 = false;
|
||||||
|
}
|
||||||
|
else if(PEHeader32->OptionalHeader.Magic == 0x20B)
|
||||||
|
{
|
||||||
|
FileIs64 = true;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return(-2);
|
||||||
|
}
|
||||||
|
if(!FileIs64)
|
||||||
|
{
|
||||||
|
__try
|
||||||
|
{
|
||||||
|
ConvertAddress = (DWORD)((DWORD)AddressToConvert - PEHeader32->OptionalHeader.ImageBase);
|
||||||
|
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PEHeader32 + PEHeader32->FileHeader.SizeOfOptionalHeader + sizeof(IMAGE_FILE_HEADER) + 4);
|
||||||
|
SectionNumber = PEHeader32->FileHeader.NumberOfSections;
|
||||||
|
while(SectionNumber > 0)
|
||||||
|
{
|
||||||
|
if(PESections->VirtualAddress <= ConvertAddress && ConvertAddress < PESections->VirtualAddress + PESections->Misc.VirtualSize)
|
||||||
|
{
|
||||||
|
FoundInSection = PEHeader32->FileHeader.NumberOfSections - SectionNumber;
|
||||||
|
}
|
||||||
|
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + IMAGE_SIZEOF_SECTION_HEADER);
|
||||||
|
SectionNumber--;
|
||||||
|
}
|
||||||
|
return((DWORD)FoundInSection);
|
||||||
|
}
|
||||||
|
__except(EXCEPTION_EXECUTE_HANDLER)
|
||||||
|
{
|
||||||
|
return(-2);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
__try
|
||||||
|
{
|
||||||
|
ConvertAddress = (DWORD)(AddressToConvert - PEHeader64->OptionalHeader.ImageBase);
|
||||||
|
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PEHeader64 + PEHeader64->FileHeader.SizeOfOptionalHeader + sizeof(IMAGE_FILE_HEADER) + 4);
|
||||||
|
SectionNumber = PEHeader64->FileHeader.NumberOfSections;
|
||||||
|
while(SectionNumber > 0)
|
||||||
|
{
|
||||||
|
if(PESections->VirtualAddress <= ConvertAddress && ConvertAddress < PESections->VirtualAddress + PESections->Misc.VirtualSize)
|
||||||
|
{
|
||||||
|
FoundInSection = PEHeader64->FileHeader.NumberOfSections - SectionNumber;
|
||||||
|
}
|
||||||
|
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + IMAGE_SIZEOF_SECTION_HEADER);
|
||||||
|
SectionNumber--;
|
||||||
|
}
|
||||||
|
return((DWORD)FoundInSection);
|
||||||
|
}
|
||||||
|
__except(EXCEPTION_EXECUTE_HANDLER)
|
||||||
|
{
|
||||||
|
return(-2);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return(-2);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return(-2);
|
||||||
|
}
|
||||||
|
__declspec(dllexport) long long TITCALL ConvertVAtoFileOffset(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType)
|
||||||
|
{
|
||||||
|
|
||||||
|
PIMAGE_DOS_HEADER DOSHeader;
|
||||||
|
PIMAGE_NT_HEADERS32 PEHeader32;
|
||||||
|
PIMAGE_NT_HEADERS64 PEHeader64;
|
||||||
|
PIMAGE_SECTION_HEADER PESections;
|
||||||
|
DWORD SectionNumber = 0;
|
||||||
|
ULONG_PTR ConvertedAddress = 0;
|
||||||
|
ULONG_PTR ConvertAddress = 0;
|
||||||
|
BOOL FileIs64;
|
||||||
|
|
||||||
|
if(FileMapVA != NULL)
|
||||||
|
{
|
||||||
|
DOSHeader = (PIMAGE_DOS_HEADER)FileMapVA;
|
||||||
|
if(EngineValidateHeader(FileMapVA, NULL, NULL, DOSHeader, true))
|
||||||
|
{
|
||||||
|
PEHeader32 = (PIMAGE_NT_HEADERS32)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
|
||||||
|
PEHeader64 = (PIMAGE_NT_HEADERS64)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
|
||||||
|
if(PEHeader32->OptionalHeader.Magic == 0x10B)
|
||||||
|
{
|
||||||
|
FileIs64 = false;
|
||||||
|
}
|
||||||
|
else if(PEHeader32->OptionalHeader.Magic == 0x20B)
|
||||||
|
{
|
||||||
|
FileIs64 = true;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return(0);
|
||||||
|
}
|
||||||
|
if(!FileIs64)
|
||||||
|
{
|
||||||
|
ConvertAddress = (DWORD)((DWORD)AddressToConvert - PEHeader32->OptionalHeader.ImageBase);
|
||||||
|
if(ConvertAddress < PEHeader32->OptionalHeader.SectionAlignment)
|
||||||
|
{
|
||||||
|
ConvertedAddress = ConvertAddress;
|
||||||
|
}
|
||||||
|
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PEHeader32 + PEHeader32->FileHeader.SizeOfOptionalHeader + sizeof(IMAGE_FILE_HEADER) + 4);
|
||||||
|
SectionNumber = PEHeader32->FileHeader.NumberOfSections;
|
||||||
|
__try
|
||||||
|
{
|
||||||
|
while(SectionNumber > 0)
|
||||||
|
{
|
||||||
|
if(PESections->VirtualAddress <= ConvertAddress && ConvertAddress <= PESections->VirtualAddress + PESections->Misc.VirtualSize)
|
||||||
|
{
|
||||||
|
if(ConvertAddress - PESections->VirtualAddress <= PESections->SizeOfRawData)
|
||||||
|
{
|
||||||
|
ConvertedAddress = PESections->PointerToRawData + (ConvertAddress - PESections->VirtualAddress);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + IMAGE_SIZEOF_SECTION_HEADER);
|
||||||
|
SectionNumber--;
|
||||||
|
}
|
||||||
|
if(ReturnType)
|
||||||
|
{
|
||||||
|
if(ConvertedAddress != NULL)
|
||||||
|
{
|
||||||
|
ConvertedAddress = ConvertedAddress + FileMapVA;
|
||||||
|
}
|
||||||
|
else if(ConvertAddress == NULL)
|
||||||
|
{
|
||||||
|
ConvertedAddress = FileMapVA;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return(ConvertedAddress);
|
||||||
|
}
|
||||||
|
__except(EXCEPTION_EXECUTE_HANDLER)
|
||||||
|
{
|
||||||
|
return(0);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
ConvertAddress = (DWORD)(AddressToConvert - PEHeader64->OptionalHeader.ImageBase);
|
||||||
|
if(ConvertAddress < PEHeader64->OptionalHeader.SectionAlignment)
|
||||||
|
{
|
||||||
|
ConvertedAddress = ConvertAddress;
|
||||||
|
}
|
||||||
|
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PEHeader64 + PEHeader64->FileHeader.SizeOfOptionalHeader + sizeof(IMAGE_FILE_HEADER) + 4);
|
||||||
|
SectionNumber = PEHeader64->FileHeader.NumberOfSections;
|
||||||
|
__try
|
||||||
|
{
|
||||||
|
while(SectionNumber > 0)
|
||||||
|
{
|
||||||
|
if(PESections->VirtualAddress <= ConvertAddress && ConvertAddress <= PESections->VirtualAddress + PESections->Misc.VirtualSize)
|
||||||
|
{
|
||||||
|
if(ConvertAddress - PESections->VirtualAddress <= PESections->SizeOfRawData)
|
||||||
|
{
|
||||||
|
ConvertedAddress = PESections->PointerToRawData + (ConvertAddress - PESections->VirtualAddress);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + IMAGE_SIZEOF_SECTION_HEADER);
|
||||||
|
SectionNumber--;
|
||||||
|
}
|
||||||
|
if(ReturnType)
|
||||||
|
{
|
||||||
|
if(ConvertedAddress != NULL)
|
||||||
|
{
|
||||||
|
ConvertedAddress = ConvertedAddress + FileMapVA;
|
||||||
|
}
|
||||||
|
else if(ConvertAddress == NULL)
|
||||||
|
{
|
||||||
|
ConvertedAddress = FileMapVA;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return(ConvertedAddress);
|
||||||
|
}
|
||||||
|
__except(EXCEPTION_EXECUTE_HANDLER)
|
||||||
|
{
|
||||||
|
return(0);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return(0);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return(0);
|
||||||
|
}
|
||||||
|
__declspec(dllexport) long long TITCALL ConvertVAtoFileOffsetEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool AddressIsRVA, bool ReturnType)
|
||||||
|
{
|
||||||
|
|
||||||
|
PIMAGE_DOS_HEADER DOSHeader;
|
||||||
|
PIMAGE_NT_HEADERS32 PEHeader32;
|
||||||
|
PIMAGE_NT_HEADERS64 PEHeader64;
|
||||||
|
PIMAGE_SECTION_HEADER PESections;
|
||||||
|
DWORD SectionNumber = 0;
|
||||||
|
ULONG_PTR ConvertedAddress = 0;
|
||||||
|
ULONG_PTR ConvertAddress = 0;
|
||||||
|
BOOL FileIs64;
|
||||||
|
|
||||||
|
if(FileMapVA != NULL)
|
||||||
|
{
|
||||||
|
DOSHeader = (PIMAGE_DOS_HEADER)FileMapVA;
|
||||||
|
if(EngineValidateHeader(FileMapVA, NULL, NULL, DOSHeader, true))
|
||||||
|
{
|
||||||
|
PEHeader32 = (PIMAGE_NT_HEADERS32)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
|
||||||
|
PEHeader64 = (PIMAGE_NT_HEADERS64)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
|
||||||
|
if(PEHeader32->OptionalHeader.Magic == 0x10B)
|
||||||
|
{
|
||||||
|
FileIs64 = false;
|
||||||
|
}
|
||||||
|
else if(PEHeader32->OptionalHeader.Magic == 0x20B)
|
||||||
|
{
|
||||||
|
FileIs64 = true;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return(0);
|
||||||
|
}
|
||||||
|
if(!FileIs64)
|
||||||
|
{
|
||||||
|
if(!AddressIsRVA)
|
||||||
|
{
|
||||||
|
if(ImageBase == NULL)
|
||||||
|
{
|
||||||
|
ConvertAddress = (DWORD)((DWORD)AddressToConvert - PEHeader32->OptionalHeader.ImageBase);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
ConvertAddress = (DWORD)((DWORD)AddressToConvert - ImageBase);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
ConvertAddress = (DWORD)AddressToConvert;
|
||||||
|
}
|
||||||
|
if(ConvertAddress < PEHeader32->OptionalHeader.SectionAlignment)
|
||||||
|
{
|
||||||
|
ConvertedAddress = ConvertAddress;
|
||||||
|
}
|
||||||
|
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PEHeader32 + PEHeader32->FileHeader.SizeOfOptionalHeader + sizeof(IMAGE_FILE_HEADER) + 4);
|
||||||
|
SectionNumber = PEHeader32->FileHeader.NumberOfSections;
|
||||||
|
__try
|
||||||
|
{
|
||||||
|
while(SectionNumber > 0)
|
||||||
|
{
|
||||||
|
if(PESections->VirtualAddress <= ConvertAddress && ConvertAddress <= PESections->VirtualAddress + PESections->Misc.VirtualSize)
|
||||||
|
{
|
||||||
|
if(ConvertAddress - PESections->VirtualAddress <= PESections->SizeOfRawData)
|
||||||
|
{
|
||||||
|
ConvertedAddress = PESections->PointerToRawData + (ConvertAddress - PESections->VirtualAddress);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + IMAGE_SIZEOF_SECTION_HEADER);
|
||||||
|
SectionNumber--;
|
||||||
|
}
|
||||||
|
if(ReturnType)
|
||||||
|
{
|
||||||
|
if(ConvertedAddress != NULL)
|
||||||
|
{
|
||||||
|
ConvertedAddress = ConvertedAddress + FileMapVA;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if(ReturnType)
|
||||||
|
{
|
||||||
|
if(ConvertedAddress >= FileMapVA && ConvertedAddress <= FileMapVA + FileSize)
|
||||||
|
{
|
||||||
|
return((ULONG_PTR)ConvertedAddress);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return(NULL);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
if(ConvertedAddress > NULL && ConvertedAddress <= FileSize)
|
||||||
|
{
|
||||||
|
return((ULONG_PTR)ConvertedAddress);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return(NULL);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
__except(EXCEPTION_EXECUTE_HANDLER)
|
||||||
|
{
|
||||||
|
return(NULL);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
if(!AddressIsRVA)
|
||||||
|
{
|
||||||
|
if(ImageBase == NULL)
|
||||||
|
{
|
||||||
|
ConvertAddress = (DWORD)(AddressToConvert - PEHeader64->OptionalHeader.ImageBase);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
ConvertAddress = (DWORD)(AddressToConvert - ImageBase);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
ConvertAddress = (DWORD)AddressToConvert;
|
||||||
|
}
|
||||||
|
if(ConvertAddress < PEHeader64->OptionalHeader.SectionAlignment)
|
||||||
|
{
|
||||||
|
ConvertedAddress = ConvertAddress;
|
||||||
|
}
|
||||||
|
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PEHeader64 + PEHeader64->FileHeader.SizeOfOptionalHeader + sizeof(IMAGE_FILE_HEADER) + 4);
|
||||||
|
SectionNumber = PEHeader64->FileHeader.NumberOfSections;
|
||||||
|
__try
|
||||||
|
{
|
||||||
|
while(SectionNumber > 0)
|
||||||
|
{
|
||||||
|
if(PESections->VirtualAddress <= ConvertAddress && ConvertAddress <= PESections->VirtualAddress + PESections->Misc.VirtualSize)
|
||||||
|
{
|
||||||
|
if(ConvertAddress - PESections->VirtualAddress <= PESections->SizeOfRawData)
|
||||||
|
{
|
||||||
|
ConvertedAddress = PESections->PointerToRawData + (ConvertAddress - PESections->VirtualAddress);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + IMAGE_SIZEOF_SECTION_HEADER);
|
||||||
|
SectionNumber--;
|
||||||
|
}
|
||||||
|
if(ReturnType)
|
||||||
|
{
|
||||||
|
if(ConvertedAddress != NULL)
|
||||||
|
{
|
||||||
|
ConvertedAddress = ConvertedAddress + FileMapVA;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if(ReturnType)
|
||||||
|
{
|
||||||
|
if(ConvertedAddress >= FileMapVA && ConvertedAddress <= FileMapVA + FileSize)
|
||||||
|
{
|
||||||
|
return((ULONG_PTR)ConvertedAddress);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return(NULL);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
if(ConvertedAddress > NULL && ConvertedAddress <= FileSize)
|
||||||
|
{
|
||||||
|
return((ULONG_PTR)ConvertedAddress);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return(NULL);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
__except(EXCEPTION_EXECUTE_HANDLER)
|
||||||
|
{
|
||||||
|
return(NULL);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return(0);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return(0);
|
||||||
|
}
|
||||||
|
__declspec(dllexport) long long TITCALL ConvertFileOffsetToVA(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType)
|
||||||
|
{
|
||||||
|
|
||||||
|
PIMAGE_DOS_HEADER DOSHeader;
|
||||||
|
PIMAGE_NT_HEADERS32 PEHeader32;
|
||||||
|
PIMAGE_NT_HEADERS64 PEHeader64;
|
||||||
|
PIMAGE_SECTION_HEADER PESections;
|
||||||
|
DWORD SectionNumber = 0;
|
||||||
|
ULONG_PTR ConvertedAddress = 0;
|
||||||
|
ULONG_PTR ConvertAddress = 0;
|
||||||
|
BOOL FileIs64;
|
||||||
|
|
||||||
|
if(FileMapVA != NULL)
|
||||||
|
{
|
||||||
|
DOSHeader = (PIMAGE_DOS_HEADER)FileMapVA;
|
||||||
|
if(EngineValidateHeader(FileMapVA, NULL, NULL, DOSHeader, true))
|
||||||
|
{
|
||||||
|
PEHeader32 = (PIMAGE_NT_HEADERS32)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
|
||||||
|
PEHeader64 = (PIMAGE_NT_HEADERS64)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
|
||||||
|
if(PEHeader32->OptionalHeader.Magic == 0x10B)
|
||||||
|
{
|
||||||
|
FileIs64 = false;
|
||||||
|
}
|
||||||
|
else if(PEHeader32->OptionalHeader.Magic == 0x20B)
|
||||||
|
{
|
||||||
|
FileIs64 = true;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return(0);
|
||||||
|
}
|
||||||
|
if(!FileIs64)
|
||||||
|
{
|
||||||
|
ConvertAddress = (DWORD)((DWORD)AddressToConvert - FileMapVA);
|
||||||
|
if(ConvertAddress < PEHeader32->OptionalHeader.FileAlignment)
|
||||||
|
{
|
||||||
|
ConvertedAddress = ConvertAddress;
|
||||||
|
}
|
||||||
|
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PEHeader32 + PEHeader32->FileHeader.SizeOfOptionalHeader + sizeof(IMAGE_FILE_HEADER) + 4);
|
||||||
|
SectionNumber = PEHeader32->FileHeader.NumberOfSections;
|
||||||
|
__try
|
||||||
|
{
|
||||||
|
while(SectionNumber > 0)
|
||||||
|
{
|
||||||
|
if(PESections->PointerToRawData <= ConvertAddress && ConvertAddress <= PESections->PointerToRawData + PESections->SizeOfRawData)
|
||||||
|
{
|
||||||
|
ConvertedAddress = PESections->VirtualAddress + (ConvertAddress - PESections->PointerToRawData);
|
||||||
|
}
|
||||||
|
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + IMAGE_SIZEOF_SECTION_HEADER);
|
||||||
|
SectionNumber--;
|
||||||
|
}
|
||||||
|
if(ReturnType)
|
||||||
|
{
|
||||||
|
if(ConvertedAddress != NULL)
|
||||||
|
{
|
||||||
|
ConvertedAddress = ConvertedAddress + PEHeader32->OptionalHeader.ImageBase;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else if(ConvertAddress == NULL)
|
||||||
|
{
|
||||||
|
ConvertedAddress = PEHeader32->OptionalHeader.ImageBase;
|
||||||
|
}
|
||||||
|
return(ConvertedAddress);
|
||||||
|
}
|
||||||
|
__except(EXCEPTION_EXECUTE_HANDLER)
|
||||||
|
{
|
||||||
|
return(0);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
ConvertAddress = (DWORD)(AddressToConvert - FileMapVA);
|
||||||
|
if(ConvertAddress < PEHeader64->OptionalHeader.FileAlignment)
|
||||||
|
{
|
||||||
|
ConvertedAddress = ConvertAddress;
|
||||||
|
}
|
||||||
|
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PEHeader64 + PEHeader64->FileHeader.SizeOfOptionalHeader + sizeof(IMAGE_FILE_HEADER) + 4);
|
||||||
|
SectionNumber = PEHeader64->FileHeader.NumberOfSections;
|
||||||
|
__try
|
||||||
|
{
|
||||||
|
while(SectionNumber > 0)
|
||||||
|
{
|
||||||
|
if(PESections->PointerToRawData <= ConvertAddress && ConvertAddress <= PESections->PointerToRawData + PESections->SizeOfRawData)
|
||||||
|
{
|
||||||
|
ConvertedAddress = PESections->VirtualAddress + (ConvertAddress - PESections->PointerToRawData);
|
||||||
|
}
|
||||||
|
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + IMAGE_SIZEOF_SECTION_HEADER);
|
||||||
|
SectionNumber--;
|
||||||
|
}
|
||||||
|
if(ReturnType)
|
||||||
|
{
|
||||||
|
if(ConvertedAddress != NULL)
|
||||||
|
{
|
||||||
|
ConvertedAddress = ConvertedAddress + (ULONG_PTR)PEHeader64->OptionalHeader.ImageBase;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else if(ConvertAddress == NULL)
|
||||||
|
{
|
||||||
|
ConvertedAddress = (ULONG_PTR)PEHeader64->OptionalHeader.ImageBase;
|
||||||
|
}
|
||||||
|
return(ConvertedAddress);
|
||||||
|
}
|
||||||
|
__except(EXCEPTION_EXECUTE_HANDLER)
|
||||||
|
{
|
||||||
|
return(0);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return(0);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return(0);
|
||||||
|
}
|
||||||
|
__declspec(dllexport) long long TITCALL ConvertFileOffsetToVAEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool ReturnType)
|
||||||
|
{
|
||||||
|
|
||||||
|
ULONG_PTR ConvertedAddress = NULL;
|
||||||
|
DWORD cnvSectionAlignment = NULL;
|
||||||
|
ULONG_PTR cnvImageBase = NULL;
|
||||||
|
DWORD cnvSizeOfImage = NULL;
|
||||||
|
|
||||||
|
if(FileMapVA != NULL)
|
||||||
|
{
|
||||||
|
if(ImageBase == NULL)
|
||||||
|
{
|
||||||
|
cnvImageBase = (ULONG_PTR)GetPE32DataFromMappedFile(FileMapVA, NULL, UE_IMAGEBASE);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
cnvImageBase = ImageBase;
|
||||||
|
}
|
||||||
|
cnvSizeOfImage = (DWORD)GetPE32DataFromMappedFile(FileMapVA, NULL, UE_SIZEOFIMAGE);
|
||||||
|
cnvSectionAlignment = (DWORD)GetPE32DataFromMappedFile(FileMapVA, NULL, UE_SECTIONALIGNMENT);
|
||||||
|
ConvertedAddress = (ULONG_PTR)ConvertFileOffsetToVA(FileMapVA, AddressToConvert, ReturnType);
|
||||||
|
if(ReturnType)
|
||||||
|
{
|
||||||
|
if(ConvertedAddress >= cnvImageBase + cnvSectionAlignment && ConvertedAddress <= cnvImageBase + cnvSizeOfImage)
|
||||||
|
{
|
||||||
|
return((ULONG_PTR)ConvertedAddress);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return(NULL);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
if(ConvertedAddress >= cnvSectionAlignment && ConvertedAddress <= cnvSizeOfImage)
|
||||||
|
{
|
||||||
|
return((ULONG_PTR)ConvertedAddress);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return(NULL);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return(NULL);
|
||||||
|
}
|
||||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
|
|
@ -0,0 +1,412 @@
|
||||||
|
#include "stdafx.h"
|
||||||
|
#include "definitions.h"
|
||||||
|
#include "Global.Handle.h"
|
||||||
|
#include "Global.Mapping.h"
|
||||||
|
#include "Global.Engine.h"
|
||||||
|
|
||||||
|
static char* szSharedOverlay = 0;
|
||||||
|
static wchar_t* szSharedOverlayW = 0;
|
||||||
|
|
||||||
|
__declspec(dllexport) bool TITCALL FindOverlay(char* szFileName, LPDWORD OverlayStart, LPDWORD OverlaySize)
|
||||||
|
{
|
||||||
|
|
||||||
|
wchar_t uniFileName[MAX_PATH] = {};
|
||||||
|
|
||||||
|
if(szFileName != NULL)
|
||||||
|
{
|
||||||
|
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
|
||||||
|
return(FindOverlayW(uniFileName, OverlayStart, OverlaySize));
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
__declspec(dllexport) bool TITCALL FindOverlayW(wchar_t* szFileName, LPDWORD OverlayStart, LPDWORD OverlaySize)
|
||||||
|
{
|
||||||
|
|
||||||
|
PIMAGE_DOS_HEADER DOSHeader;
|
||||||
|
PIMAGE_NT_HEADERS32 PEHeader32;
|
||||||
|
PIMAGE_NT_HEADERS64 PEHeader64;
|
||||||
|
PIMAGE_SECTION_HEADER PESections;
|
||||||
|
DWORD SectionNumber = 0;
|
||||||
|
DWORD SectionRawOffset = 0;
|
||||||
|
DWORD SectionRawSize = 0;
|
||||||
|
BOOL FileIs64;
|
||||||
|
HANDLE FileHandle;
|
||||||
|
DWORD FileSize;
|
||||||
|
HANDLE FileMap;
|
||||||
|
ULONG_PTR FileMapVA;
|
||||||
|
|
||||||
|
if(MapFileExW(szFileName, UE_ACCESS_READ, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL))
|
||||||
|
{
|
||||||
|
DOSHeader = (PIMAGE_DOS_HEADER)FileMapVA;
|
||||||
|
if(EngineValidateHeader(FileMapVA, FileHandle, NULL, DOSHeader, true))
|
||||||
|
{
|
||||||
|
PEHeader32 = (PIMAGE_NT_HEADERS32)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
|
||||||
|
PEHeader64 = (PIMAGE_NT_HEADERS64)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
|
||||||
|
if(PEHeader32->OptionalHeader.Magic == 0x10B)
|
||||||
|
{
|
||||||
|
FileIs64 = false;
|
||||||
|
}
|
||||||
|
else if(PEHeader32->OptionalHeader.Magic == 0x20B)
|
||||||
|
{
|
||||||
|
FileIs64 = true;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
if(!FileIs64)
|
||||||
|
{
|
||||||
|
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PEHeader32 + PEHeader32->FileHeader.SizeOfOptionalHeader + sizeof(IMAGE_FILE_HEADER) + 4);
|
||||||
|
SectionNumber = PEHeader32->FileHeader.NumberOfSections;
|
||||||
|
__try
|
||||||
|
{
|
||||||
|
while(SectionNumber > 0)
|
||||||
|
{
|
||||||
|
if(PESections->PointerToRawData >= SectionRawOffset)
|
||||||
|
{
|
||||||
|
if(PESections->SizeOfRawData != NULL || (SectionRawOffset != PESections->PointerToRawData))
|
||||||
|
{
|
||||||
|
SectionRawSize = PESections->SizeOfRawData;
|
||||||
|
}
|
||||||
|
SectionRawOffset = PESections->PointerToRawData;
|
||||||
|
}
|
||||||
|
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + IMAGE_SIZEOF_SECTION_HEADER);
|
||||||
|
SectionNumber--;
|
||||||
|
}
|
||||||
|
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
|
||||||
|
if(SectionRawOffset + SectionRawSize < FileSize)
|
||||||
|
{
|
||||||
|
if(OverlayStart != NULL && OverlaySize != NULL)
|
||||||
|
{
|
||||||
|
*OverlayStart = (DWORD)(SectionRawOffset + SectionRawSize);
|
||||||
|
*OverlaySize = (DWORD)(FileSize - SectionRawOffset - SectionRawSize);
|
||||||
|
}
|
||||||
|
return(true);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
__except(EXCEPTION_EXECUTE_HANDLER)
|
||||||
|
{
|
||||||
|
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PEHeader64 + PEHeader64->FileHeader.SizeOfOptionalHeader + sizeof(IMAGE_FILE_HEADER) + 4);
|
||||||
|
SectionNumber = PEHeader64->FileHeader.NumberOfSections;
|
||||||
|
__try
|
||||||
|
{
|
||||||
|
while(SectionNumber > 0)
|
||||||
|
{
|
||||||
|
if(PESections->PointerToRawData >= SectionRawOffset)
|
||||||
|
{
|
||||||
|
if(PESections->SizeOfRawData != NULL || (SectionRawOffset != PESections->PointerToRawData))
|
||||||
|
{
|
||||||
|
SectionRawSize = PESections->SizeOfRawData;
|
||||||
|
}
|
||||||
|
SectionRawOffset = PESections->PointerToRawData;
|
||||||
|
}
|
||||||
|
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + IMAGE_SIZEOF_SECTION_HEADER);
|
||||||
|
SectionNumber--;
|
||||||
|
}
|
||||||
|
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
|
||||||
|
if(SectionRawOffset + SectionRawSize < FileSize)
|
||||||
|
{
|
||||||
|
if(OverlayStart != NULL && OverlaySize != NULL)
|
||||||
|
{
|
||||||
|
*OverlayStart = (DWORD)(SectionRawOffset + SectionRawSize);
|
||||||
|
*OverlaySize = (DWORD)(FileSize - SectionRawOffset - SectionRawSize);
|
||||||
|
}
|
||||||
|
return(true);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
__except(EXCEPTION_EXECUTE_HANDLER)
|
||||||
|
{
|
||||||
|
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
__declspec(dllexport) bool TITCALL ExtractOverlay(char* szFileName, char* szExtactedFileName)
|
||||||
|
{
|
||||||
|
|
||||||
|
wchar_t uniFileName[MAX_PATH] = {};
|
||||||
|
wchar_t uniExtactedFileName[MAX_PATH] = {};
|
||||||
|
|
||||||
|
if(szFileName != NULL && szExtactedFileName != NULL)
|
||||||
|
{
|
||||||
|
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
|
||||||
|
MultiByteToWideChar(CP_ACP, NULL, szExtactedFileName, lstrlenA(szExtactedFileName)+1, uniExtactedFileName, sizeof(uniExtactedFileName)/(sizeof(uniExtactedFileName[0])));
|
||||||
|
return(ExtractOverlayW(uniFileName, uniExtactedFileName));
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
__declspec(dllexport) bool TITCALL ExtractOverlayW(wchar_t* szFileName, wchar_t* szExtactedFileName)
|
||||||
|
{
|
||||||
|
|
||||||
|
HANDLE hFile = 0;
|
||||||
|
HANDLE hFileWrite = 0;
|
||||||
|
BOOL Return = false;
|
||||||
|
DWORD OverlayStart = 0;
|
||||||
|
DWORD OverlaySize = 0;
|
||||||
|
DWORD ueNumberOfBytesRead = 0;
|
||||||
|
LPVOID ueReadBuffer = VirtualAlloc(NULL, 0x2000, MEM_COMMIT, PAGE_READWRITE);
|
||||||
|
|
||||||
|
Return = FindOverlayW(szFileName, &OverlayStart, &OverlaySize);
|
||||||
|
if(Return)
|
||||||
|
{
|
||||||
|
hFile = CreateFileW(szFileName, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
|
||||||
|
if(hFile != INVALID_HANDLE_VALUE)
|
||||||
|
{
|
||||||
|
if(EngineCreatePathForFileW(szExtactedFileName))
|
||||||
|
{
|
||||||
|
hFileWrite = CreateFileW(szExtactedFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
|
||||||
|
if(hFileWrite != INVALID_HANDLE_VALUE)
|
||||||
|
{
|
||||||
|
SetFilePointer(hFile, OverlayStart, NULL, FILE_BEGIN);
|
||||||
|
while(OverlaySize > 0)
|
||||||
|
{
|
||||||
|
RtlZeroMemory(ueReadBuffer, 0x2000);
|
||||||
|
|
||||||
|
if(OverlaySize > 0x1000)
|
||||||
|
{
|
||||||
|
if(ReadFile(hFile, ueReadBuffer, 0x1000, &ueNumberOfBytesRead, NULL))
|
||||||
|
{
|
||||||
|
if(!WriteFile(hFileWrite, ueReadBuffer, 0x1000, &ueNumberOfBytesRead, NULL))
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
OverlaySize = OverlaySize - 0x1000;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
if(ReadFile(hFile, ueReadBuffer, OverlaySize, &ueNumberOfBytesRead, NULL))
|
||||||
|
{
|
||||||
|
if(!WriteFile(hFileWrite, ueReadBuffer, OverlaySize, &ueNumberOfBytesRead, NULL))
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
OverlaySize = 0;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
|
||||||
|
EngineCloseHandle(hFile);
|
||||||
|
EngineCloseHandle(hFileWrite);
|
||||||
|
return(true);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
|
||||||
|
EngineCloseHandle(hFile);
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
__declspec(dllexport) bool TITCALL AddOverlay(char* szFileName, char* szOverlayFileName)
|
||||||
|
{
|
||||||
|
|
||||||
|
wchar_t uniFileName[MAX_PATH] = {};
|
||||||
|
wchar_t uniOverlayFileName[MAX_PATH] = {};
|
||||||
|
|
||||||
|
if(szFileName != NULL && szOverlayFileName != NULL)
|
||||||
|
{
|
||||||
|
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
|
||||||
|
MultiByteToWideChar(CP_ACP, NULL, szOverlayFileName, lstrlenA(szOverlayFileName)+1, uniOverlayFileName, sizeof(uniOverlayFileName)/(sizeof(uniOverlayFileName[0])));
|
||||||
|
return(AddOverlayW(uniFileName, uniOverlayFileName));
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
__declspec(dllexport) bool TITCALL AddOverlayW(wchar_t* szFileName, wchar_t* szOverlayFileName)
|
||||||
|
{
|
||||||
|
|
||||||
|
HANDLE hFile = 0;
|
||||||
|
HANDLE hFileRead = 0;
|
||||||
|
DWORD FileSize = 0;
|
||||||
|
DWORD OverlaySize = 0;
|
||||||
|
ULONG_PTR ueNumberOfBytesRead = 0;
|
||||||
|
DWORD uedNumberOfBytesRead = 0;
|
||||||
|
LPVOID ueReadBuffer = VirtualAlloc(NULL, 0x2000, MEM_COMMIT, PAGE_READWRITE);
|
||||||
|
|
||||||
|
hFile = CreateFileW(szFileName, GENERIC_READ+GENERIC_WRITE, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
|
||||||
|
if(hFile != INVALID_HANDLE_VALUE)
|
||||||
|
{
|
||||||
|
hFileRead = CreateFileW(szOverlayFileName, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
|
||||||
|
if(hFileRead != INVALID_HANDLE_VALUE)
|
||||||
|
{
|
||||||
|
FileSize = GetFileSize(hFile, NULL);
|
||||||
|
OverlaySize = GetFileSize(hFileRead, NULL);
|
||||||
|
SetFilePointer(hFile, FileSize, NULL, FILE_BEGIN);
|
||||||
|
while(OverlaySize > 0)
|
||||||
|
{
|
||||||
|
RtlZeroMemory(ueReadBuffer, 0x2000);
|
||||||
|
|
||||||
|
if(OverlaySize > 0x1000)
|
||||||
|
{
|
||||||
|
if(ReadFile(hFileRead, ueReadBuffer, 0x1000, &uedNumberOfBytesRead, NULL))
|
||||||
|
{
|
||||||
|
if(!WriteFile(hFile, ueReadBuffer, 0x1000, &uedNumberOfBytesRead, NULL))
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
OverlaySize = OverlaySize - 0x1000;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
if(ReadFile(hFileRead, ueReadBuffer, OverlaySize, &uedNumberOfBytesRead, NULL))
|
||||||
|
{
|
||||||
|
if(!WriteFile(hFile, ueReadBuffer, OverlaySize, &uedNumberOfBytesRead, NULL))
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
OverlaySize = 0;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
EngineCloseHandle(hFile);
|
||||||
|
EngineCloseHandle(hFileRead);
|
||||||
|
return(true);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
EngineCloseHandle(hFile);
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
__declspec(dllexport) bool TITCALL CopyOverlay(char* szInFileName, char* szOutFileName)
|
||||||
|
{
|
||||||
|
|
||||||
|
wchar_t uniInFileName[MAX_PATH] = {};
|
||||||
|
wchar_t uniOutFileName[MAX_PATH] = {};
|
||||||
|
|
||||||
|
if(szInFileName != NULL && szOutFileName != NULL)
|
||||||
|
{
|
||||||
|
MultiByteToWideChar(CP_ACP, NULL, szInFileName, lstrlenA(szInFileName)+1, uniInFileName, sizeof(uniInFileName)/(sizeof(uniInFileName[0])));
|
||||||
|
MultiByteToWideChar(CP_ACP, NULL, szOutFileName, lstrlenA(szOutFileName)+1, uniOutFileName, sizeof(uniOutFileName)/(sizeof(uniOutFileName[0])));
|
||||||
|
return(CopyOverlayW(uniInFileName, uniOutFileName));
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
__declspec(dllexport) bool TITCALL CopyOverlayW(wchar_t* szInFileName, wchar_t* szOutFileName)
|
||||||
|
{
|
||||||
|
|
||||||
|
wchar_t szTempName[MAX_PATH] = {};
|
||||||
|
wchar_t szTempFolder[MAX_PATH] = {};
|
||||||
|
|
||||||
|
if(GetTempPathW(MAX_PATH, szTempFolder) < MAX_PATH)
|
||||||
|
{
|
||||||
|
if(GetTempFileNameW(szTempFolder, L"OverlayTemp", GetTickCount() + 101, szTempName))
|
||||||
|
{
|
||||||
|
if(ExtractOverlayW(szInFileName, szTempName))
|
||||||
|
{
|
||||||
|
AddOverlayW(szOutFileName, szTempName);
|
||||||
|
DeleteFileW(szTempName);
|
||||||
|
return(true);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
__declspec(dllexport) bool TITCALL RemoveOverlay(char* szFileName)
|
||||||
|
{
|
||||||
|
|
||||||
|
wchar_t uniFileName[MAX_PATH] = {};
|
||||||
|
|
||||||
|
if(szFileName != NULL)
|
||||||
|
{
|
||||||
|
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
|
||||||
|
return(RemoveOverlayW(uniFileName));
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
__declspec(dllexport) bool TITCALL RemoveOverlayW(wchar_t* szFileName)
|
||||||
|
{
|
||||||
|
|
||||||
|
HANDLE FileHandle;
|
||||||
|
DWORD FileSize;
|
||||||
|
HANDLE FileMap;
|
||||||
|
ULONG_PTR FileMapVA;
|
||||||
|
DWORD OverlayStart = 0;
|
||||||
|
DWORD OverlaySize = 0;
|
||||||
|
|
||||||
|
if(FindOverlayW(szFileName, &OverlayStart, &OverlaySize))
|
||||||
|
{
|
||||||
|
if(MapFileExW(szFileName, UE_ACCESS_ALL, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL))
|
||||||
|
{
|
||||||
|
FileSize = FileSize - OverlaySize;
|
||||||
|
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
|
||||||
|
return(true);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
|
||||||
|
__declspec(dllexport) void TITCALL SetSharedOverlay(char* szFileName)
|
||||||
|
{
|
||||||
|
szSharedOverlay = szFileName;
|
||||||
|
}
|
||||||
|
__declspec(dllexport) void TITCALL SetSharedOverlayW(wchar_t* szFileName)
|
||||||
|
{
|
||||||
|
szSharedOverlayW = szFileName;
|
||||||
|
}
|
||||||
|
__declspec(dllexport) char* TITCALL GetSharedOverlay()
|
||||||
|
{
|
||||||
|
return(szSharedOverlay);
|
||||||
|
}
|
||||||
|
__declspec(dllexport) wchar_t* TITCALL GetSharedOverlayW()
|
||||||
|
{
|
||||||
|
return(szSharedOverlayW);
|
||||||
|
}
|
||||||
File diff suppressed because it is too large
Load Diff
|
|
@ -0,0 +1,171 @@
|
||||||
|
#include "stdafx.h"
|
||||||
|
#include "definitions.h"
|
||||||
|
#include "Global.Handle.h"
|
||||||
|
#include "Global.Engine.h"
|
||||||
|
|
||||||
|
__declspec(dllexport) bool TITCALL PastePEHeader(HANDLE hProcess, LPVOID ImageBase, char* szDebuggedFileName)
|
||||||
|
{
|
||||||
|
|
||||||
|
wchar_t uniDebuggedFileName[MAX_PATH] = {};
|
||||||
|
|
||||||
|
if(szDebuggedFileName != NULL)
|
||||||
|
{
|
||||||
|
MultiByteToWideChar(CP_ACP, NULL, szDebuggedFileName, lstrlenA(szDebuggedFileName)+1, uniDebuggedFileName, sizeof(uniDebuggedFileName)/(sizeof(uniDebuggedFileName[0])));
|
||||||
|
return(PastePEHeaderW(hProcess, ImageBase, uniDebuggedFileName));
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
__declspec(dllexport) bool TITCALL PastePEHeaderW(HANDLE hProcess, LPVOID ImageBase, wchar_t* szDebuggedFileName)
|
||||||
|
{
|
||||||
|
|
||||||
|
PIMAGE_DOS_HEADER DOSHeader;
|
||||||
|
PIMAGE_NT_HEADERS32 PEHeader32;
|
||||||
|
IMAGE_NT_HEADERS32 RemotePEHeader32;
|
||||||
|
PIMAGE_NT_HEADERS64 PEHeader64;
|
||||||
|
IMAGE_NT_HEADERS64 RemotePEHeader64;
|
||||||
|
ULONG_PTR ueNumberOfBytesRead = 0;
|
||||||
|
DWORD uedNumberOfBytesRead = 0;
|
||||||
|
DWORD FileSize = 0;
|
||||||
|
DWORD PEHeaderSize = 0;
|
||||||
|
ULONG_PTR dwImageBase = (ULONG_PTR)ImageBase;
|
||||||
|
BOOL FileIs64 = false;
|
||||||
|
HANDLE hFile = 0;
|
||||||
|
SIZE_T CalculatedHeaderSize = NULL;
|
||||||
|
LPVOID ueReadBuffer = VirtualAlloc(NULL, 0x2000, MEM_COMMIT, PAGE_READWRITE);
|
||||||
|
DWORD OldProtect = PAGE_READWRITE;
|
||||||
|
|
||||||
|
hFile = CreateFileW(szDebuggedFileName, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
|
||||||
|
if(hFile != INVALID_HANDLE_VALUE)
|
||||||
|
{
|
||||||
|
FileSize = GetFileSize(hFile, NULL);
|
||||||
|
if(FileSize < 0x1000)
|
||||||
|
{
|
||||||
|
if(!ReadFile(hFile, ueReadBuffer, FileSize, &uedNumberOfBytesRead, NULL))
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
if(!ReadFile(hFile, ueReadBuffer, 0x1000, &uedNumberOfBytesRead, NULL))
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
if(FileSize > 0x200)
|
||||||
|
{
|
||||||
|
DOSHeader = (PIMAGE_DOS_HEADER)ueReadBuffer;
|
||||||
|
if(EngineValidateHeader((ULONG_PTR)ueReadBuffer, hProcess, ImageBase, DOSHeader, false))
|
||||||
|
{
|
||||||
|
PEHeader32 = (PIMAGE_NT_HEADERS32)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
|
||||||
|
PEHeader64 = (PIMAGE_NT_HEADERS64)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
|
||||||
|
CalculatedHeaderSize = DOSHeader->e_lfanew + sizeof IMAGE_DOS_HEADER + sizeof IMAGE_NT_HEADERS64;
|
||||||
|
if(CalculatedHeaderSize > 0x1000)
|
||||||
|
{
|
||||||
|
SetFilePointer(hFile, NULL, NULL, FILE_BEGIN);
|
||||||
|
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
|
||||||
|
ueReadBuffer = VirtualAlloc(NULL, CalculatedHeaderSize, MEM_COMMIT, PAGE_READWRITE);
|
||||||
|
if(!ReadFile(hFile, ueReadBuffer, (DWORD)CalculatedHeaderSize, &uedNumberOfBytesRead, NULL))
|
||||||
|
{
|
||||||
|
EngineCloseHandle(hFile);
|
||||||
|
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if(PEHeader32->OptionalHeader.Magic == 0x10B)
|
||||||
|
{
|
||||||
|
if(ReadProcessMemory(hProcess, (LPVOID)((ULONG_PTR)ImageBase + DOSHeader->e_lfanew), &RemotePEHeader32, sizeof IMAGE_NT_HEADERS32, &ueNumberOfBytesRead))
|
||||||
|
{
|
||||||
|
PEHeaderSize = PEHeader32->FileHeader.NumberOfSections * IMAGE_SIZEOF_SECTION_HEADER + PEHeader32->FileHeader.SizeOfOptionalHeader + sizeof(IMAGE_FILE_HEADER) + 4;
|
||||||
|
FileIs64 = false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else if(PEHeader32->OptionalHeader.Magic == 0x20B)
|
||||||
|
{
|
||||||
|
if(ReadProcessMemory(hProcess, (LPVOID)((ULONG_PTR)ImageBase + DOSHeader->e_lfanew), &RemotePEHeader64, sizeof IMAGE_NT_HEADERS32, &ueNumberOfBytesRead))
|
||||||
|
{
|
||||||
|
PEHeaderSize = PEHeader64->FileHeader.NumberOfSections * IMAGE_SIZEOF_SECTION_HEADER + PEHeader64->FileHeader.SizeOfOptionalHeader + sizeof(IMAGE_FILE_HEADER) + 4;
|
||||||
|
FileIs64 = true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
EngineCloseHandle(hFile);
|
||||||
|
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
if(!FileIs64)
|
||||||
|
{
|
||||||
|
PEHeader32->OptionalHeader.ImageBase = (DWORD)(dwImageBase);
|
||||||
|
if(VirtualProtectEx(hProcess, ImageBase, PEHeaderSize, PAGE_READWRITE, &OldProtect))
|
||||||
|
{
|
||||||
|
if(WriteProcessMemory(hProcess, ImageBase, ueReadBuffer, PEHeaderSize, &ueNumberOfBytesRead))
|
||||||
|
{
|
||||||
|
EngineCloseHandle(hFile);
|
||||||
|
VirtualProtectEx(hProcess, ImageBase, PEHeaderSize, OldProtect, &OldProtect);
|
||||||
|
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
|
||||||
|
return(true);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
EngineCloseHandle(hFile);
|
||||||
|
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
EngineCloseHandle(hFile);
|
||||||
|
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
PEHeader64->OptionalHeader.ImageBase = dwImageBase;
|
||||||
|
if(VirtualProtectEx(hProcess, ImageBase, PEHeaderSize, PAGE_READWRITE, &OldProtect))
|
||||||
|
{
|
||||||
|
if(WriteProcessMemory(hProcess, ImageBase, ueReadBuffer, PEHeaderSize, &ueNumberOfBytesRead))
|
||||||
|
{
|
||||||
|
EngineCloseHandle(hFile);
|
||||||
|
VirtualProtectEx(hProcess, ImageBase, PEHeaderSize, OldProtect, &OldProtect);
|
||||||
|
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
|
||||||
|
return(true);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
EngineCloseHandle(hFile);
|
||||||
|
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
EngineCloseHandle(hFile);
|
||||||
|
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
EngineCloseHandle(hFile);
|
||||||
|
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
EngineCloseHandle(hFile);
|
||||||
|
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
EngineCloseHandle(hFile);
|
||||||
|
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
|
@ -0,0 +1,474 @@
|
||||||
|
#include "stdafx.h"
|
||||||
|
#include "definitions.h"
|
||||||
|
#include "Global.Engine.h"
|
||||||
|
#include "Global.Mapping.h"
|
||||||
|
#include <imagehlp.h>
|
||||||
|
|
||||||
|
// TitanEngine.Realigner.functions:
|
||||||
|
__declspec(dllexport) bool TITCALL FixHeaderCheckSum(char* szFileName)
|
||||||
|
{
|
||||||
|
|
||||||
|
DWORD HeaderSum = NULL;
|
||||||
|
DWORD CheckSum = NULL;
|
||||||
|
|
||||||
|
if(MapFileAndCheckSumA(szFileName, &HeaderSum, &CheckSum) == NULL)
|
||||||
|
{
|
||||||
|
SetPE32Data(szFileName, NULL, UE_CHECKSUM, (ULONG_PTR)CheckSum);
|
||||||
|
return(true);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
__declspec(dllexport) bool TITCALL FixHeaderCheckSumW(wchar_t* szFileName)
|
||||||
|
{
|
||||||
|
|
||||||
|
DWORD HeaderSum = NULL;
|
||||||
|
DWORD CheckSum = NULL;
|
||||||
|
|
||||||
|
if(MapFileAndCheckSumW(szFileName, &HeaderSum, &CheckSum) == NULL)
|
||||||
|
{
|
||||||
|
SetPE32DataW(szFileName, NULL, UE_CHECKSUM, (ULONG_PTR)CheckSum);
|
||||||
|
return(true);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
__declspec(dllexport) long TITCALL RealignPE(ULONG_PTR FileMapVA, DWORD FileSize, DWORD RealingMode)
|
||||||
|
{
|
||||||
|
|
||||||
|
PIMAGE_DOS_HEADER DOSHeader;
|
||||||
|
PIMAGE_NT_HEADERS32 PEHeader32;
|
||||||
|
PIMAGE_NT_HEADERS64 PEHeader64;
|
||||||
|
PIMAGE_SECTION_HEADER PESections;
|
||||||
|
DWORD NewVirtualSectionSize = 0;
|
||||||
|
DWORD NewSectionRawPointer = 0;
|
||||||
|
DWORD OldSectionDataRawPtr = 0;
|
||||||
|
DWORD OldSectionDataPtr = 0;
|
||||||
|
DWORD SectionDataPtr = 0;
|
||||||
|
DWORD SectionNumber = 0;
|
||||||
|
DWORD CurrentSection = 0;
|
||||||
|
DWORD FileAlignment = 0;
|
||||||
|
BOOL FileIs64;
|
||||||
|
|
||||||
|
if(FileMapVA != NULL)
|
||||||
|
{
|
||||||
|
DOSHeader = (PIMAGE_DOS_HEADER)FileMapVA;
|
||||||
|
if(EngineValidateHeader(FileMapVA, NULL, NULL, DOSHeader, true))
|
||||||
|
{
|
||||||
|
PEHeader32 = (PIMAGE_NT_HEADERS32)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
|
||||||
|
PEHeader64 = (PIMAGE_NT_HEADERS64)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
|
||||||
|
if(PEHeader32->OptionalHeader.Magic == 0x10B)
|
||||||
|
{
|
||||||
|
FileIs64 = false;
|
||||||
|
}
|
||||||
|
else if(PEHeader32->OptionalHeader.Magic == 0x20B)
|
||||||
|
{
|
||||||
|
FileIs64 = true;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return(-1);
|
||||||
|
}
|
||||||
|
if(!FileIs64)
|
||||||
|
{
|
||||||
|
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PEHeader32 + PEHeader32->FileHeader.SizeOfOptionalHeader + sizeof(IMAGE_FILE_HEADER) + 4);
|
||||||
|
SectionNumber = PEHeader32->FileHeader.NumberOfSections;
|
||||||
|
FileAlignment = PEHeader32->OptionalHeader.FileAlignment;
|
||||||
|
if(FileAlignment == 0x1000)
|
||||||
|
{
|
||||||
|
FileAlignment = 0x200;
|
||||||
|
}
|
||||||
|
__try
|
||||||
|
{
|
||||||
|
PEHeader32->OptionalHeader.FileAlignment = FileAlignment;
|
||||||
|
while(SectionNumber > 0)
|
||||||
|
{
|
||||||
|
SectionDataPtr = PESections->PointerToRawData + PESections->SizeOfRawData;
|
||||||
|
if(PESections->SizeOfRawData > NULL)
|
||||||
|
{
|
||||||
|
SectionDataPtr--;
|
||||||
|
while(*(PUCHAR)(FileMapVA + SectionDataPtr) == 0x00 && SectionDataPtr > PESections->PointerToRawData)
|
||||||
|
{
|
||||||
|
SectionDataPtr--;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
SectionDataPtr = SectionDataPtr - PESections->PointerToRawData;
|
||||||
|
OldSectionDataPtr = SectionDataPtr;
|
||||||
|
SectionDataPtr = (SectionDataPtr / FileAlignment) * FileAlignment;
|
||||||
|
if(SectionDataPtr < OldSectionDataPtr)
|
||||||
|
{
|
||||||
|
SectionDataPtr = SectionDataPtr + FileAlignment;
|
||||||
|
}
|
||||||
|
if(CurrentSection == NULL)
|
||||||
|
{
|
||||||
|
PEHeader32->OptionalHeader.SizeOfHeaders = PESections->PointerToRawData;
|
||||||
|
PEHeader32->OptionalHeader.SectionAlignment = PESections->VirtualAddress;
|
||||||
|
PESections->SizeOfRawData = SectionDataPtr;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
OldSectionDataRawPtr = PESections->PointerToRawData;
|
||||||
|
PESections->SizeOfRawData = SectionDataPtr;
|
||||||
|
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections - IMAGE_SIZEOF_SECTION_HEADER);
|
||||||
|
NewSectionRawPointer = PESections->PointerToRawData + PESections->SizeOfRawData;
|
||||||
|
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + IMAGE_SIZEOF_SECTION_HEADER);
|
||||||
|
PESections->PointerToRawData = NewSectionRawPointer;
|
||||||
|
RtlMoveMemory((LPVOID)((ULONG_PTR)FileMapVA + NewSectionRawPointer), (LPVOID)((ULONG_PTR)FileMapVA + OldSectionDataRawPtr), SectionDataPtr);
|
||||||
|
}
|
||||||
|
NewVirtualSectionSize = (PESections->Misc.VirtualSize / PEHeader32->OptionalHeader.SectionAlignment) * PEHeader32->OptionalHeader.SectionAlignment;
|
||||||
|
if(NewVirtualSectionSize < PESections->Misc.VirtualSize)
|
||||||
|
{
|
||||||
|
NewVirtualSectionSize = NewVirtualSectionSize + PEHeader32->OptionalHeader.SectionAlignment;
|
||||||
|
}
|
||||||
|
PESections->Misc.VirtualSize = NewVirtualSectionSize;
|
||||||
|
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + IMAGE_SIZEOF_SECTION_HEADER);
|
||||||
|
CurrentSection++;
|
||||||
|
SectionNumber--;
|
||||||
|
}
|
||||||
|
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections - IMAGE_SIZEOF_SECTION_HEADER);
|
||||||
|
return(PESections->PointerToRawData + PESections->SizeOfRawData);
|
||||||
|
}
|
||||||
|
__except(EXCEPTION_EXECUTE_HANDLER)
|
||||||
|
{
|
||||||
|
return(-1);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PEHeader64 + PEHeader64->FileHeader.SizeOfOptionalHeader + sizeof(IMAGE_FILE_HEADER) + 4);
|
||||||
|
SectionNumber = PEHeader64->FileHeader.NumberOfSections;
|
||||||
|
FileAlignment = PEHeader64->OptionalHeader.FileAlignment;
|
||||||
|
if(FileAlignment == 0x1000)
|
||||||
|
{
|
||||||
|
FileAlignment = 0x200;
|
||||||
|
}
|
||||||
|
__try
|
||||||
|
{
|
||||||
|
PEHeader64->OptionalHeader.FileAlignment = FileAlignment;
|
||||||
|
while(SectionNumber > 0)
|
||||||
|
{
|
||||||
|
SectionDataPtr = PESections->PointerToRawData + PESections->SizeOfRawData;
|
||||||
|
if(PESections->SizeOfRawData > NULL)
|
||||||
|
{
|
||||||
|
SectionDataPtr--;
|
||||||
|
while(*(PUCHAR)(FileMapVA + SectionDataPtr) == 0x00 && SectionDataPtr > PESections->PointerToRawData)
|
||||||
|
{
|
||||||
|
SectionDataPtr--;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
SectionDataPtr = SectionDataPtr - PESections->PointerToRawData;
|
||||||
|
OldSectionDataPtr = SectionDataPtr;
|
||||||
|
SectionDataPtr = (SectionDataPtr / FileAlignment) * FileAlignment;
|
||||||
|
if(SectionDataPtr < OldSectionDataPtr)
|
||||||
|
{
|
||||||
|
SectionDataPtr = SectionDataPtr + FileAlignment;
|
||||||
|
}
|
||||||
|
if(CurrentSection == NULL)
|
||||||
|
{
|
||||||
|
PEHeader64->OptionalHeader.SizeOfHeaders = PESections->PointerToRawData;
|
||||||
|
PEHeader64->OptionalHeader.SectionAlignment = PESections->VirtualAddress;
|
||||||
|
PESections->SizeOfRawData = SectionDataPtr;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
OldSectionDataRawPtr = PESections->PointerToRawData;
|
||||||
|
PESections->SizeOfRawData = SectionDataPtr;
|
||||||
|
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections - IMAGE_SIZEOF_SECTION_HEADER);
|
||||||
|
NewSectionRawPointer = PESections->PointerToRawData + PESections->SizeOfRawData;
|
||||||
|
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + IMAGE_SIZEOF_SECTION_HEADER);
|
||||||
|
PESections->PointerToRawData = NewSectionRawPointer;
|
||||||
|
RtlMoveMemory((LPVOID)((ULONG_PTR)FileMapVA + NewSectionRawPointer), (LPVOID)((ULONG_PTR)FileMapVA + OldSectionDataRawPtr), SectionDataPtr);
|
||||||
|
}
|
||||||
|
NewVirtualSectionSize = (PESections->Misc.VirtualSize / PEHeader64->OptionalHeader.SectionAlignment) * PEHeader64->OptionalHeader.SectionAlignment;
|
||||||
|
if(NewVirtualSectionSize < PESections->Misc.VirtualSize)
|
||||||
|
{
|
||||||
|
NewVirtualSectionSize = NewVirtualSectionSize + PEHeader64->OptionalHeader.SectionAlignment;
|
||||||
|
}
|
||||||
|
PESections->Misc.VirtualSize = NewVirtualSectionSize;
|
||||||
|
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + IMAGE_SIZEOF_SECTION_HEADER);
|
||||||
|
CurrentSection++;
|
||||||
|
SectionNumber--;
|
||||||
|
}
|
||||||
|
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections - IMAGE_SIZEOF_SECTION_HEADER);
|
||||||
|
return(PESections->PointerToRawData + PESections->SizeOfRawData);
|
||||||
|
}
|
||||||
|
__except(EXCEPTION_EXECUTE_HANDLER)
|
||||||
|
{
|
||||||
|
return(-1);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return(-1);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return(-1);
|
||||||
|
}
|
||||||
|
__declspec(dllexport) long TITCALL RealignPEEx(char* szFileName, DWORD RealingFileSize, DWORD ForcedFileAlignment)
|
||||||
|
{
|
||||||
|
|
||||||
|
wchar_t uniFileName[MAX_PATH] = {};
|
||||||
|
|
||||||
|
if(szFileName != NULL)
|
||||||
|
{
|
||||||
|
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
|
||||||
|
return(RealignPEExW(uniFileName, RealingFileSize, ForcedFileAlignment));
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return(-1);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
__declspec(dllexport) long TITCALL RealignPEExW(wchar_t* szFileName, DWORD RealingFileSize, DWORD ForcedFileAlignment)
|
||||||
|
{
|
||||||
|
|
||||||
|
wchar_t szBackupFile[MAX_PATH] = {};
|
||||||
|
wchar_t szBackupItem[MAX_PATH] = {};
|
||||||
|
PIMAGE_DOS_HEADER DOSHeader;
|
||||||
|
PIMAGE_NT_HEADERS32 PEHeader32;
|
||||||
|
PIMAGE_NT_HEADERS64 PEHeader64;
|
||||||
|
PIMAGE_SECTION_HEADER PESections;
|
||||||
|
DWORD NewVirtualSectionSize = 0;
|
||||||
|
DWORD NewSectionRawPointer = 0;
|
||||||
|
DWORD OldSectionDataRawPtr = 0;
|
||||||
|
DWORD OldSectionDataPtr = 0;
|
||||||
|
DWORD SectionDataPtr = 0;
|
||||||
|
DWORD SectionNumber = 0;
|
||||||
|
DWORD CurrentSection = 0;
|
||||||
|
BOOL FileIs64;
|
||||||
|
HANDLE FileHandle;
|
||||||
|
DWORD FileSize;
|
||||||
|
HANDLE FileMap;
|
||||||
|
ULONG_PTR FileMapVA;
|
||||||
|
|
||||||
|
if(engineBackupForCriticalFunctions && CreateGarbageItem(&szBackupItem, sizeof szBackupItem))
|
||||||
|
{
|
||||||
|
if(!FillGarbageItem(szBackupItem, szFileName, &szBackupFile, sizeof szBackupItem))
|
||||||
|
{
|
||||||
|
RtlZeroMemory(&szBackupItem, sizeof szBackupItem);
|
||||||
|
lstrcpyW(szBackupFile, szFileName);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
RtlZeroMemory(&szBackupItem, sizeof szBackupItem);
|
||||||
|
lstrcpyW(szBackupFile, szFileName);
|
||||||
|
}
|
||||||
|
if(MapFileExW(szBackupFile, UE_ACCESS_ALL, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL))
|
||||||
|
{
|
||||||
|
DOSHeader = (PIMAGE_DOS_HEADER)FileMapVA;
|
||||||
|
if(EngineValidateHeader(FileMapVA, FileHandle, NULL, DOSHeader, true))
|
||||||
|
{
|
||||||
|
PEHeader32 = (PIMAGE_NT_HEADERS32)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
|
||||||
|
PEHeader64 = (PIMAGE_NT_HEADERS64)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
|
||||||
|
if(PEHeader32->OptionalHeader.Magic == 0x10B)
|
||||||
|
{
|
||||||
|
FileIs64 = false;
|
||||||
|
}
|
||||||
|
else if(PEHeader32->OptionalHeader.Magic == 0x20B)
|
||||||
|
{
|
||||||
|
FileIs64 = true;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
|
||||||
|
RemoveGarbageItem(szBackupItem, true);
|
||||||
|
return(-1);
|
||||||
|
}
|
||||||
|
if(!FileIs64)
|
||||||
|
{
|
||||||
|
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PEHeader32 + PEHeader32->FileHeader.SizeOfOptionalHeader + sizeof(IMAGE_FILE_HEADER) + 4);
|
||||||
|
SectionNumber = PEHeader32->FileHeader.NumberOfSections;
|
||||||
|
if(ForcedFileAlignment == 0x0)
|
||||||
|
{
|
||||||
|
ForcedFileAlignment = 0x200;
|
||||||
|
}
|
||||||
|
__try
|
||||||
|
{
|
||||||
|
PEHeader32->OptionalHeader.FileAlignment = ForcedFileAlignment;
|
||||||
|
while(SectionNumber > 0)
|
||||||
|
{
|
||||||
|
SectionDataPtr = PESections->PointerToRawData + PESections->SizeOfRawData;
|
||||||
|
if(PESections->SizeOfRawData > NULL)
|
||||||
|
{
|
||||||
|
SectionDataPtr--;
|
||||||
|
while(*(PUCHAR)(FileMapVA + SectionDataPtr) == 0x00 && SectionDataPtr > PESections->PointerToRawData)
|
||||||
|
{
|
||||||
|
SectionDataPtr--;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
SectionDataPtr = SectionDataPtr - PESections->PointerToRawData;
|
||||||
|
OldSectionDataPtr = SectionDataPtr;
|
||||||
|
SectionDataPtr = (SectionDataPtr / ForcedFileAlignment) * ForcedFileAlignment;
|
||||||
|
if(SectionDataPtr < OldSectionDataPtr)
|
||||||
|
{
|
||||||
|
SectionDataPtr = SectionDataPtr + ForcedFileAlignment;
|
||||||
|
}
|
||||||
|
if(CurrentSection == NULL)
|
||||||
|
{
|
||||||
|
PEHeader32->OptionalHeader.SizeOfHeaders = PESections->PointerToRawData;
|
||||||
|
PEHeader32->OptionalHeader.SectionAlignment = PESections->VirtualAddress;
|
||||||
|
PESections->SizeOfRawData = SectionDataPtr;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
OldSectionDataRawPtr = PESections->PointerToRawData;
|
||||||
|
PESections->SizeOfRawData = SectionDataPtr;
|
||||||
|
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections - IMAGE_SIZEOF_SECTION_HEADER);
|
||||||
|
NewSectionRawPointer = PESections->PointerToRawData + PESections->SizeOfRawData;
|
||||||
|
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + IMAGE_SIZEOF_SECTION_HEADER);
|
||||||
|
PESections->PointerToRawData = NewSectionRawPointer;
|
||||||
|
RtlMoveMemory((LPVOID)((ULONG_PTR)FileMapVA + NewSectionRawPointer), (LPVOID)((ULONG_PTR)FileMapVA + OldSectionDataRawPtr), SectionDataPtr);
|
||||||
|
}
|
||||||
|
NewVirtualSectionSize = (PESections->Misc.VirtualSize / PEHeader32->OptionalHeader.SectionAlignment) * PEHeader32->OptionalHeader.SectionAlignment;
|
||||||
|
if(NewVirtualSectionSize < PESections->Misc.VirtualSize)
|
||||||
|
{
|
||||||
|
NewVirtualSectionSize = NewVirtualSectionSize + PEHeader32->OptionalHeader.SectionAlignment;
|
||||||
|
}
|
||||||
|
PESections->Misc.VirtualSize = NewVirtualSectionSize;
|
||||||
|
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + IMAGE_SIZEOF_SECTION_HEADER);
|
||||||
|
CurrentSection++;
|
||||||
|
SectionNumber--;
|
||||||
|
}
|
||||||
|
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections - IMAGE_SIZEOF_SECTION_HEADER);
|
||||||
|
if(RealingFileSize == NULL)
|
||||||
|
{
|
||||||
|
FileSize = PESections->PointerToRawData + PESections->SizeOfRawData;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
FileSize = RealingFileSize;
|
||||||
|
}
|
||||||
|
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
|
||||||
|
if(szBackupItem[0] != NULL)
|
||||||
|
{
|
||||||
|
if(CopyFileW(szBackupFile, szFileName, false))
|
||||||
|
{
|
||||||
|
RemoveGarbageItem(szBackupItem, true);
|
||||||
|
return(FileSize);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
RemoveGarbageItem(szBackupItem, true);
|
||||||
|
return(-1);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return(FileSize);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
__except(EXCEPTION_EXECUTE_HANDLER)
|
||||||
|
{
|
||||||
|
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
|
||||||
|
RemoveGarbageItem(szBackupItem, true);
|
||||||
|
return(-1);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PEHeader64 + PEHeader64->FileHeader.SizeOfOptionalHeader + sizeof(IMAGE_FILE_HEADER) + 4);
|
||||||
|
SectionNumber = PEHeader64->FileHeader.NumberOfSections;
|
||||||
|
if(ForcedFileAlignment == 0x0)
|
||||||
|
{
|
||||||
|
ForcedFileAlignment = 0x200;
|
||||||
|
}
|
||||||
|
__try
|
||||||
|
{
|
||||||
|
PEHeader64->OptionalHeader.FileAlignment = ForcedFileAlignment;
|
||||||
|
while(SectionNumber > 0)
|
||||||
|
{
|
||||||
|
SectionDataPtr = PESections->PointerToRawData + PESections->SizeOfRawData;
|
||||||
|
if(PESections->SizeOfRawData > NULL)
|
||||||
|
{
|
||||||
|
SectionDataPtr--;
|
||||||
|
while(*(PUCHAR)(FileMapVA + SectionDataPtr) == 0x00 && SectionDataPtr > PESections->PointerToRawData)
|
||||||
|
{
|
||||||
|
SectionDataPtr--;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
SectionDataPtr = SectionDataPtr - PESections->PointerToRawData;
|
||||||
|
OldSectionDataPtr = SectionDataPtr;
|
||||||
|
SectionDataPtr = (SectionDataPtr / ForcedFileAlignment) * ForcedFileAlignment;
|
||||||
|
if(SectionDataPtr < OldSectionDataPtr)
|
||||||
|
{
|
||||||
|
SectionDataPtr = SectionDataPtr + ForcedFileAlignment;
|
||||||
|
}
|
||||||
|
if(CurrentSection == NULL)
|
||||||
|
{
|
||||||
|
PEHeader64->OptionalHeader.SizeOfHeaders = PESections->PointerToRawData;
|
||||||
|
PEHeader64->OptionalHeader.SectionAlignment = PESections->VirtualAddress;
|
||||||
|
PESections->SizeOfRawData = SectionDataPtr;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
OldSectionDataRawPtr = PESections->PointerToRawData;
|
||||||
|
PESections->SizeOfRawData = SectionDataPtr;
|
||||||
|
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections - IMAGE_SIZEOF_SECTION_HEADER);
|
||||||
|
NewSectionRawPointer = PESections->PointerToRawData + PESections->SizeOfRawData;
|
||||||
|
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + IMAGE_SIZEOF_SECTION_HEADER);
|
||||||
|
PESections->PointerToRawData = NewSectionRawPointer;
|
||||||
|
RtlMoveMemory((LPVOID)((ULONG_PTR)FileMapVA + NewSectionRawPointer), (LPVOID)((ULONG_PTR)FileMapVA + OldSectionDataRawPtr), SectionDataPtr);
|
||||||
|
}
|
||||||
|
NewVirtualSectionSize = (PESections->Misc.VirtualSize / PEHeader64->OptionalHeader.SectionAlignment) * PEHeader64->OptionalHeader.SectionAlignment;
|
||||||
|
if(NewVirtualSectionSize < PESections->Misc.VirtualSize)
|
||||||
|
{
|
||||||
|
NewVirtualSectionSize = NewVirtualSectionSize + PEHeader64->OptionalHeader.SectionAlignment;
|
||||||
|
}
|
||||||
|
PESections->Misc.VirtualSize = NewVirtualSectionSize;
|
||||||
|
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + IMAGE_SIZEOF_SECTION_HEADER);
|
||||||
|
CurrentSection++;
|
||||||
|
SectionNumber--;
|
||||||
|
}
|
||||||
|
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections - IMAGE_SIZEOF_SECTION_HEADER);
|
||||||
|
if(RealingFileSize == NULL)
|
||||||
|
{
|
||||||
|
FileSize = PESections->PointerToRawData + PESections->SizeOfRawData;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
FileSize = RealingFileSize;
|
||||||
|
}
|
||||||
|
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
|
||||||
|
if(szBackupItem[0] != NULL)
|
||||||
|
{
|
||||||
|
if(CopyFileW(szBackupFile, szFileName, false))
|
||||||
|
{
|
||||||
|
RemoveGarbageItem(szBackupItem, true);
|
||||||
|
return(FileSize);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
RemoveGarbageItem(szBackupItem, true);
|
||||||
|
return(-1);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return(FileSize);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
__except(EXCEPTION_EXECUTE_HANDLER)
|
||||||
|
{
|
||||||
|
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
|
||||||
|
RemoveGarbageItem(szBackupItem, true);
|
||||||
|
return(-1);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
|
||||||
|
RemoveGarbageItem(szBackupItem, true);
|
||||||
|
return(-1);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
|
||||||
|
RemoveGarbageItem(szBackupItem, true);
|
||||||
|
return(-1);
|
||||||
|
}
|
||||||
|
|
@ -0,0 +1,787 @@
|
||||||
|
#include "stdafx.h"
|
||||||
|
#include "definitions.h"
|
||||||
|
#include "Global.Mapping.h"
|
||||||
|
#include "Global.Engine.h"
|
||||||
|
|
||||||
|
static LPVOID RelocationData = NULL;
|
||||||
|
LPVOID RelocationLastPage = NULL;
|
||||||
|
LPVOID RelocationStartPosition = NULL;
|
||||||
|
LPVOID RelocationWritePosition = NULL;
|
||||||
|
ULONG_PTR RelocationOldImageBase;
|
||||||
|
ULONG_PTR RelocationNewImageBase;
|
||||||
|
|
||||||
|
// TitanEngine.Relocater.functions:
|
||||||
|
__declspec(dllexport) void TITCALL RelocaterCleanup()
|
||||||
|
{
|
||||||
|
|
||||||
|
if(RelocationData != NULL)
|
||||||
|
{
|
||||||
|
VirtualFree(RelocationData, NULL, MEM_RELEASE);
|
||||||
|
RelocationLastPage = NULL;
|
||||||
|
RelocationStartPosition = NULL;
|
||||||
|
RelocationWritePosition = NULL;
|
||||||
|
RelocationOldImageBase = NULL;
|
||||||
|
RelocationNewImageBase = NULL;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
__declspec(dllexport) void TITCALL RelocaterInit(DWORD MemorySize, ULONG_PTR OldImageBase, ULONG_PTR NewImageBase)
|
||||||
|
{
|
||||||
|
|
||||||
|
if(RelocationData != NULL)
|
||||||
|
{
|
||||||
|
VirtualFree(RelocationData, NULL, MEM_RELEASE);
|
||||||
|
}
|
||||||
|
RelocationData = VirtualAlloc(NULL, MemorySize, MEM_COMMIT, PAGE_READWRITE);
|
||||||
|
RelocationLastPage = NULL;
|
||||||
|
RelocationStartPosition = RelocationData;
|
||||||
|
RelocationWritePosition = (LPVOID)((ULONG_PTR)RelocationData + 8);
|
||||||
|
RelocationOldImageBase = OldImageBase;
|
||||||
|
RelocationNewImageBase = NewImageBase;
|
||||||
|
}
|
||||||
|
__declspec(dllexport) void TITCALL RelocaterAddNewRelocation(HANDLE hProcess, ULONG_PTR RelocateAddress, DWORD RelocateState)
|
||||||
|
{
|
||||||
|
|
||||||
|
MEMORY_BASIC_INFORMATION MemInfo;
|
||||||
|
DWORD CompareDummy = NULL;
|
||||||
|
DWORD CopyDummy = NULL;
|
||||||
|
|
||||||
|
VirtualQueryEx(hProcess, (LPVOID)RelocateAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
|
||||||
|
if(MemInfo.BaseAddress != RelocationLastPage || RelocationLastPage == NULL)
|
||||||
|
{
|
||||||
|
RelocationLastPage = MemInfo.BaseAddress;
|
||||||
|
if(memcmp(RelocationStartPosition, &CompareDummy, 4) == NULL)
|
||||||
|
{
|
||||||
|
CopyDummy = (DWORD)((ULONG_PTR)MemInfo.BaseAddress - (ULONG_PTR)RelocationNewImageBase);
|
||||||
|
RtlMoveMemory(RelocationStartPosition, &CopyDummy, 4);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
CopyDummy = (DWORD)((ULONG_PTR)RelocationWritePosition - (ULONG_PTR)RelocationStartPosition);
|
||||||
|
if(CopyDummy % 4 == NULL)
|
||||||
|
{
|
||||||
|
RtlMoveMemory((LPVOID)((ULONG_PTR)RelocationStartPosition + 4), &CopyDummy, 4);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
RelocationWritePosition = (LPVOID)((ULONG_PTR)RelocationWritePosition + 2);
|
||||||
|
CopyDummy = (DWORD)((ULONG_PTR)RelocationWritePosition - (ULONG_PTR)RelocationStartPosition);
|
||||||
|
if(CopyDummy % 4 == NULL)
|
||||||
|
{
|
||||||
|
RtlMoveMemory((LPVOID)((ULONG_PTR)RelocationStartPosition + 4), &CopyDummy, 4);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
RelocationWritePosition = (LPVOID)((ULONG_PTR)RelocationWritePosition + 2);
|
||||||
|
CopyDummy = (DWORD)((ULONG_PTR)RelocationWritePosition - (ULONG_PTR)RelocationStartPosition);
|
||||||
|
RtlMoveMemory((LPVOID)((ULONG_PTR)RelocationStartPosition + 4), &CopyDummy, 4);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
RelocationStartPosition = RelocationWritePosition;
|
||||||
|
CopyDummy = (DWORD)((ULONG_PTR)RelocationLastPage - (ULONG_PTR)RelocationNewImageBase);
|
||||||
|
RtlMoveMemory(RelocationWritePosition, &CopyDummy, 4);
|
||||||
|
RelocationWritePosition = (LPVOID)((ULONG_PTR)RelocationWritePosition + 8);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#if !defined(_WIN64)
|
||||||
|
CopyDummy = (DWORD)((RelocateAddress - (ULONG_PTR)RelocationLastPage) ^ 0x3000);
|
||||||
|
#else
|
||||||
|
CopyDummy = (DWORD)((RelocateAddress - (ULONG_PTR)RelocationLastPage) ^ 0x8000);
|
||||||
|
#endif
|
||||||
|
RtlMoveMemory(RelocationWritePosition, &CopyDummy, 2);
|
||||||
|
RelocationWritePosition = (LPVOID)((ULONG_PTR)RelocationWritePosition + 2);
|
||||||
|
}
|
||||||
|
__declspec(dllexport) long TITCALL RelocaterEstimatedSize()
|
||||||
|
{
|
||||||
|
return((DWORD)((ULONG_PTR)RelocationWritePosition - (ULONG_PTR)RelocationData + 8));
|
||||||
|
}
|
||||||
|
__declspec(dllexport) bool TITCALL RelocaterExportRelocation(ULONG_PTR StorePlace, DWORD StorePlaceRVA, ULONG_PTR FileMapVA)
|
||||||
|
{
|
||||||
|
|
||||||
|
PIMAGE_DOS_HEADER DOSHeader;
|
||||||
|
PIMAGE_NT_HEADERS32 PEHeader32;
|
||||||
|
PIMAGE_NT_HEADERS64 PEHeader64;
|
||||||
|
BOOL FileIs64 = false;
|
||||||
|
DWORD CopyDummy = NULL;
|
||||||
|
|
||||||
|
__try
|
||||||
|
{
|
||||||
|
if((ULONG_PTR)RelocationStartPosition != -1)
|
||||||
|
{
|
||||||
|
CopyDummy = (DWORD)((ULONG_PTR)RelocationWritePosition - (ULONG_PTR)RelocationStartPosition);
|
||||||
|
if(CopyDummy % 4 == NULL)
|
||||||
|
{
|
||||||
|
RtlMoveMemory((LPVOID)((ULONG_PTR)RelocationStartPosition + 4), &CopyDummy, 4);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
RelocationWritePosition = (LPVOID)((ULONG_PTR)RelocationWritePosition + 2);
|
||||||
|
CopyDummy = (DWORD)((ULONG_PTR)RelocationWritePosition - (ULONG_PTR)RelocationStartPosition);
|
||||||
|
if(CopyDummy % 4 == NULL)
|
||||||
|
{
|
||||||
|
RtlMoveMemory((LPVOID)((ULONG_PTR)RelocationStartPosition + 4), &CopyDummy, 4);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
RelocationWritePosition = (LPVOID)((ULONG_PTR)RelocationWritePosition + 2);
|
||||||
|
CopyDummy = (DWORD)((ULONG_PTR)RelocationWritePosition - (ULONG_PTR)RelocationStartPosition);
|
||||||
|
RtlMoveMemory((LPVOID)((ULONG_PTR)RelocationStartPosition + 4), &CopyDummy, 4);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
RtlMoveMemory((LPVOID)StorePlace, RelocationData, (DWORD)((ULONG_PTR)RelocationWritePosition - (ULONG_PTR)RelocationData));
|
||||||
|
VirtualFree(RelocationData, NULL, MEM_RELEASE);
|
||||||
|
}
|
||||||
|
__except(EXCEPTION_EXECUTE_HANDLER)
|
||||||
|
{
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
|
||||||
|
DOSHeader = (PIMAGE_DOS_HEADER)FileMapVA;
|
||||||
|
if(EngineValidateHeader(FileMapVA, NULL, NULL, DOSHeader, true))
|
||||||
|
{
|
||||||
|
PEHeader32 = (PIMAGE_NT_HEADERS32)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
|
||||||
|
PEHeader64 = (PIMAGE_NT_HEADERS64)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
|
||||||
|
if(PEHeader32->OptionalHeader.Magic == 0x10B)
|
||||||
|
{
|
||||||
|
FileIs64 = false;
|
||||||
|
}
|
||||||
|
else if(PEHeader32->OptionalHeader.Magic == 0x20B)
|
||||||
|
{
|
||||||
|
FileIs64 = true;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
RelocationData = NULL;
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
if(!FileIs64)
|
||||||
|
{
|
||||||
|
PEHeader32->OptionalHeader.ImageBase = (DWORD)RelocationNewImageBase;
|
||||||
|
PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress = StorePlaceRVA;
|
||||||
|
PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size = (DWORD)((ULONG_PTR)RelocationWritePosition - (ULONG_PTR)RelocationData);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
PEHeader64->OptionalHeader.ImageBase = (ULONG_PTR)RelocationNewImageBase;
|
||||||
|
PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress = StorePlaceRVA;
|
||||||
|
PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size = (DWORD)((ULONG_PTR)RelocationWritePosition - (ULONG_PTR)RelocationData);
|
||||||
|
}
|
||||||
|
RelocationData = NULL;
|
||||||
|
return(true);
|
||||||
|
}
|
||||||
|
RelocationData = NULL;
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
__declspec(dllexport) bool TITCALL RelocaterExportRelocationEx(char* szFileName, char* szSectionName)
|
||||||
|
{
|
||||||
|
|
||||||
|
wchar_t uniFileName[MAX_PATH] = {};
|
||||||
|
|
||||||
|
if(szFileName != NULL)
|
||||||
|
{
|
||||||
|
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
|
||||||
|
return(RelocaterExportRelocationExW(uniFileName, szSectionName));
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
__declspec(dllexport) bool TITCALL RelocaterExportRelocationExW(wchar_t* szFileName, char* szSectionName)
|
||||||
|
{
|
||||||
|
|
||||||
|
HANDLE FileHandle;
|
||||||
|
DWORD FileSize;
|
||||||
|
HANDLE FileMap;
|
||||||
|
ULONG_PTR FileMapVA;
|
||||||
|
DWORD NewSectionVO = NULL;
|
||||||
|
DWORD NewSectionFO = NULL;
|
||||||
|
bool ReturnValue = false;
|
||||||
|
|
||||||
|
if(RelocaterEstimatedSize() > NULL)
|
||||||
|
{
|
||||||
|
NewSectionVO = AddNewSectionW(szFileName, szSectionName, RelocaterEstimatedSize());
|
||||||
|
if(MapFileExW(szFileName, UE_ACCESS_ALL, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL))
|
||||||
|
{
|
||||||
|
NewSectionFO = (DWORD)ConvertVAtoFileOffset(FileMapVA, NewSectionVO + (ULONG_PTR)GetPE32DataFromMappedFile(FileMapVA, NULL, UE_IMAGEBASE), true);
|
||||||
|
ReturnValue = RelocaterExportRelocation(NewSectionFO, NewSectionVO, FileMapVA);
|
||||||
|
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
|
||||||
|
if(ReturnValue)
|
||||||
|
{
|
||||||
|
return(true);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
__declspec(dllexport) bool TITCALL RelocaterGrabRelocationTable(HANDLE hProcess, ULONG_PTR MemoryStart, DWORD MemorySize)
|
||||||
|
{
|
||||||
|
|
||||||
|
MEMORY_BASIC_INFORMATION MemInfo;
|
||||||
|
ULONG_PTR ueNumberOfBytesRead = NULL;
|
||||||
|
DWORD OldProtect;
|
||||||
|
|
||||||
|
if(RelocationData != NULL)
|
||||||
|
{
|
||||||
|
VirtualQueryEx(hProcess, (LPVOID)MemoryStart, &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
|
||||||
|
OldProtect = MemInfo.Protect;
|
||||||
|
VirtualProtectEx(hProcess, (LPVOID)MemoryStart, MemorySize, PAGE_EXECUTE_READWRITE, &OldProtect);
|
||||||
|
if(ReadProcessMemory(hProcess, (LPVOID)MemoryStart, RelocationData, MemorySize, &ueNumberOfBytesRead))
|
||||||
|
{
|
||||||
|
RelocationWritePosition = (LPVOID)((ULONG_PTR)RelocationData + MemorySize);
|
||||||
|
RelocationStartPosition = (LPVOID)(-1);
|
||||||
|
return(true);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
__declspec(dllexport) bool TITCALL RelocaterGrabRelocationTableEx(HANDLE hProcess, ULONG_PTR MemoryStart, ULONG_PTR MemorySize, DWORD NtSizeOfImage)
|
||||||
|
{
|
||||||
|
|
||||||
|
MEMORY_BASIC_INFORMATION MemInfo;
|
||||||
|
LPVOID ReadMemoryStorage = NULL;
|
||||||
|
LPVOID mReadMemoryStorage = NULL;
|
||||||
|
ULONG_PTR ueNumberOfBytesRead = NULL;
|
||||||
|
DWORD CompareDummy = NULL;
|
||||||
|
DWORD RelocationBase = NULL;
|
||||||
|
DWORD RelocationSize = NULL;
|
||||||
|
DWORD OldProtect;
|
||||||
|
|
||||||
|
if(RelocationData != NULL)
|
||||||
|
{
|
||||||
|
VirtualQueryEx(hProcess, (LPVOID)MemoryStart, &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
|
||||||
|
OldProtect = MemInfo.Protect;
|
||||||
|
VirtualQueryEx(hProcess, (LPVOID)MemInfo.BaseAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
|
||||||
|
if(MemInfo.RegionSize < MemorySize || MemorySize == NULL)
|
||||||
|
{
|
||||||
|
MemorySize = MemInfo.RegionSize;
|
||||||
|
}
|
||||||
|
VirtualProtectEx(hProcess, (LPVOID)MemoryStart, MemorySize, PAGE_EXECUTE_READWRITE, &OldProtect);
|
||||||
|
ReadMemoryStorage = VirtualAlloc(NULL, MemorySize, MEM_COMMIT, PAGE_READWRITE);
|
||||||
|
mReadMemoryStorage = ReadMemoryStorage;
|
||||||
|
if(ReadProcessMemory(hProcess, (LPVOID)MemoryStart, ReadMemoryStorage, MemorySize, &ueNumberOfBytesRead))
|
||||||
|
{
|
||||||
|
RtlMoveMemory(&RelocationBase, ReadMemoryStorage, 4);
|
||||||
|
RtlMoveMemory(&RelocationSize, (LPVOID)((ULONG_PTR)ReadMemoryStorage + 4), 4);
|
||||||
|
while(memcmp(ReadMemoryStorage, &CompareDummy, 4) != NULL && RelocationBase < NtSizeOfImage && RelocationSize < 0x2000)
|
||||||
|
{
|
||||||
|
ReadMemoryStorage = (LPVOID)((ULONG_PTR)ReadMemoryStorage + RelocationSize);
|
||||||
|
RtlMoveMemory(&RelocationBase, ReadMemoryStorage, 4);
|
||||||
|
RtlMoveMemory(&RelocationSize, (LPVOID)((ULONG_PTR)ReadMemoryStorage + 4), 4);
|
||||||
|
}
|
||||||
|
VirtualFree(mReadMemoryStorage, NULL, MEM_RELEASE);
|
||||||
|
return(RelocaterGrabRelocationTable(hProcess, MemoryStart, (DWORD)((ULONG_PTR)ReadMemoryStorage - (ULONG_PTR)mReadMemoryStorage)));
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
VirtualFree(ReadMemoryStorage, NULL, MEM_RELEASE);
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
|
||||||
|
__declspec(dllexport) bool TITCALL RelocaterMakeSnapshot(HANDLE hProcess, char* szSaveFileName, LPVOID MemoryStart, ULONG_PTR MemorySize)
|
||||||
|
{
|
||||||
|
return(DumpMemory(hProcess, MemoryStart, MemorySize, szSaveFileName));
|
||||||
|
}
|
||||||
|
__declspec(dllexport) bool TITCALL RelocaterMakeSnapshotW(HANDLE hProcess, wchar_t* szSaveFileName, LPVOID MemoryStart, ULONG_PTR MemorySize)
|
||||||
|
{
|
||||||
|
return(DumpMemoryW(hProcess, MemoryStart, MemorySize, szSaveFileName));
|
||||||
|
}
|
||||||
|
__declspec(dllexport) bool TITCALL RelocaterCompareTwoSnapshots(HANDLE hProcess, ULONG_PTR LoadedImageBase, ULONG_PTR NtSizeOfImage, char* szDumpFile1, char* szDumpFile2, ULONG_PTR MemStart)
|
||||||
|
{
|
||||||
|
|
||||||
|
wchar_t uniDumpFile1[MAX_PATH] = {};
|
||||||
|
wchar_t uniDumpFile2[MAX_PATH] = {};
|
||||||
|
|
||||||
|
if(szDumpFile1 != NULL && szDumpFile2 != NULL)
|
||||||
|
{
|
||||||
|
MultiByteToWideChar(CP_ACP, NULL, szDumpFile1, lstrlenA(szDumpFile1)+1, uniDumpFile1, sizeof(uniDumpFile1)/(sizeof(uniDumpFile1[0])));
|
||||||
|
MultiByteToWideChar(CP_ACP, NULL, szDumpFile2, lstrlenA(szDumpFile2)+1, uniDumpFile2, sizeof(uniDumpFile2)/(sizeof(uniDumpFile2[0])));
|
||||||
|
return(RelocaterCompareTwoSnapshotsW(hProcess, LoadedImageBase, NtSizeOfImage, uniDumpFile1, uniDumpFile2, MemStart));
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
__declspec(dllexport) bool TITCALL RelocaterCompareTwoSnapshotsW(HANDLE hProcess, ULONG_PTR LoadedImageBase, ULONG_PTR NtSizeOfImage, wchar_t* szDumpFile1, wchar_t* szDumpFile2, ULONG_PTR MemStart)
|
||||||
|
{
|
||||||
|
|
||||||
|
int i = NULL;
|
||||||
|
ULONG_PTR DeltaByte = NULL;
|
||||||
|
int RelativeBase = NULL;
|
||||||
|
ULONG_PTR ReadData = NULL;
|
||||||
|
HANDLE FileHandle1;
|
||||||
|
DWORD FileSize1;
|
||||||
|
HANDLE FileMap1;
|
||||||
|
ULONG_PTR FileMapVA1;
|
||||||
|
HANDLE FileHandle2;
|
||||||
|
DWORD FileSize2;
|
||||||
|
HANDLE FileMap2;
|
||||||
|
ULONG_PTR FileMapVA2;
|
||||||
|
DWORD SearchSize;
|
||||||
|
LPVOID Search1;
|
||||||
|
LPVOID Search2;
|
||||||
|
DWORD bkSearchSize;
|
||||||
|
LPVOID bkSearch1;
|
||||||
|
LPVOID bkSearch2;
|
||||||
|
|
||||||
|
if(MapFileExW(szDumpFile1, UE_ACCESS_READ, &FileHandle1, &FileSize1, &FileMap1, &FileMapVA1, NULL))
|
||||||
|
{
|
||||||
|
if(MapFileExW(szDumpFile2, UE_ACCESS_READ, &FileHandle2, &FileSize2, &FileMap2, &FileMapVA2, NULL))
|
||||||
|
{
|
||||||
|
if(RelocationOldImageBase != NULL && RelocationNewImageBase != NULL && RelocationOldImageBase != RelocationNewImageBase)
|
||||||
|
{
|
||||||
|
__try
|
||||||
|
{
|
||||||
|
if(RelocationOldImageBase > RelocationNewImageBase)
|
||||||
|
{
|
||||||
|
DeltaByte = (ULONG_PTR)((ULONG_PTR)RelocationOldImageBase - (ULONG_PTR)RelocationNewImageBase);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
DeltaByte = (ULONG_PTR)((ULONG_PTR)RelocationNewImageBase - (ULONG_PTR)RelocationOldImageBase);
|
||||||
|
}
|
||||||
|
while((BYTE)DeltaByte == NULL)
|
||||||
|
{
|
||||||
|
DeltaByte = DeltaByte / 0x10;
|
||||||
|
i++;
|
||||||
|
}
|
||||||
|
DeltaByte = i - 1;
|
||||||
|
Search1 = (LPVOID)FileMapVA1;
|
||||||
|
Search2 = (LPVOID)FileMapVA2;
|
||||||
|
NtSizeOfImage = NtSizeOfImage + LoadedImageBase;
|
||||||
|
SearchSize = FileSize2;
|
||||||
|
SearchSize--;
|
||||||
|
while((int)SearchSize > NULL)
|
||||||
|
{
|
||||||
|
if(memcmp(Search1, Search2, 1) != 0)
|
||||||
|
{
|
||||||
|
i = sizeof HANDLE;
|
||||||
|
RelativeBase = NULL;
|
||||||
|
bkSearch1 = Search1;
|
||||||
|
bkSearch2 = Search2;
|
||||||
|
bkSearchSize = SearchSize;
|
||||||
|
if(Search1 >= (void*)((ULONG_PTR)FileMapVA1 + DeltaByte))
|
||||||
|
{
|
||||||
|
Search1 = (LPVOID)((ULONG_PTR)Search1 - DeltaByte);
|
||||||
|
Search2 = (LPVOID)((ULONG_PTR)Search2 - DeltaByte);
|
||||||
|
SearchSize = SearchSize + (DWORD)DeltaByte;
|
||||||
|
}
|
||||||
|
while(i > NULL && RelativeBase == NULL)
|
||||||
|
{
|
||||||
|
RtlMoveMemory(&ReadData, Search2, sizeof HANDLE);
|
||||||
|
if(ReadData >= LoadedImageBase && ReadData <= NtSizeOfImage)
|
||||||
|
{
|
||||||
|
RelativeBase++;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
Search1 = (LPVOID)((ULONG_PTR)Search1 + 1);
|
||||||
|
Search2 = (LPVOID)((ULONG_PTR)Search2 + 1);
|
||||||
|
SearchSize = SearchSize - 1;
|
||||||
|
i--;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if(RelativeBase == NULL)
|
||||||
|
{
|
||||||
|
Search1 = bkSearch1;
|
||||||
|
Search2 = bkSearch2;
|
||||||
|
SearchSize = bkSearchSize;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
RelocaterAddNewRelocation(hProcess, MemStart + ((ULONG_PTR)Search2 - (ULONG_PTR)FileMapVA2), NULL);
|
||||||
|
Search1 = (LPVOID)((ULONG_PTR)Search1 + sizeof HANDLE - 1);
|
||||||
|
Search2 = (LPVOID)((ULONG_PTR)Search2 + sizeof HANDLE - 1);
|
||||||
|
SearchSize = SearchSize - sizeof HANDLE + 1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
Search1 = (LPVOID)((ULONG_PTR)Search1 + 1);
|
||||||
|
Search2 = (LPVOID)((ULONG_PTR)Search2 + 1);
|
||||||
|
SearchSize = SearchSize - 1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
__except(EXCEPTION_EXECUTE_HANDLER)
|
||||||
|
{
|
||||||
|
RelocaterCleanup();
|
||||||
|
UnMapFileEx(FileHandle2, FileSize2, FileMap2, FileMapVA2);
|
||||||
|
UnMapFileEx(FileHandle1, FileSize1, FileMap1, FileMapVA1);
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
UnMapFileEx(FileHandle2, FileSize2, FileMap2, FileMapVA2);
|
||||||
|
}
|
||||||
|
UnMapFileEx(FileHandle1, FileSize1, FileMap1, FileMapVA1);
|
||||||
|
return(true);
|
||||||
|
}
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
__declspec(dllexport) bool TITCALL RelocaterChangeFileBase(char* szFileName, ULONG_PTR NewImageBase)
|
||||||
|
{
|
||||||
|
|
||||||
|
wchar_t uniFileName[MAX_PATH] = {};
|
||||||
|
|
||||||
|
if(szFileName != NULL)
|
||||||
|
{
|
||||||
|
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
|
||||||
|
return(RelocaterChangeFileBaseW(uniFileName, NewImageBase));
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
__declspec(dllexport) bool TITCALL RelocaterChangeFileBaseW(wchar_t* szFileName, ULONG_PTR NewImageBase)
|
||||||
|
{
|
||||||
|
|
||||||
|
DWORD RelocSize;
|
||||||
|
ULONG_PTR RelocData;
|
||||||
|
PIMAGE_DOS_HEADER DOSHeader;
|
||||||
|
PIMAGE_NT_HEADERS32 PEHeader32;
|
||||||
|
PIMAGE_NT_HEADERS64 PEHeader64;
|
||||||
|
BOOL FileIs64;
|
||||||
|
HANDLE FileHandle;
|
||||||
|
DWORD FileSize;
|
||||||
|
HANDLE FileMap;
|
||||||
|
ULONG_PTR FileMapVA;
|
||||||
|
DWORD CompareDummy = NULL;
|
||||||
|
DWORD RelocDelta = NULL;
|
||||||
|
DWORD RelocDeltaSize = NULL;
|
||||||
|
WORD RelocAddressData = NULL;
|
||||||
|
ULONG_PTR RelocWriteAddress = NULL;
|
||||||
|
ULONG_PTR RelocWriteData = NULL;
|
||||||
|
DWORD64 RelocWriteData64 = NULL;
|
||||||
|
wchar_t szBackupFile[MAX_PATH] = {};
|
||||||
|
wchar_t szBackupItem[MAX_PATH] = {};
|
||||||
|
|
||||||
|
if(engineBackupForCriticalFunctions && CreateGarbageItem(&szBackupItem, sizeof szBackupItem))
|
||||||
|
{
|
||||||
|
if(!FillGarbageItem(szBackupItem, szFileName, &szBackupFile, sizeof szBackupItem))
|
||||||
|
{
|
||||||
|
RtlZeroMemory(&szBackupItem, sizeof szBackupItem);
|
||||||
|
lstrcpyW(szBackupFile, szFileName);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
RtlZeroMemory(&szBackupItem, sizeof szBackupItem);
|
||||||
|
lstrcpyW(szBackupFile, szFileName);
|
||||||
|
}
|
||||||
|
if(MapFileExW(szBackupFile, UE_ACCESS_ALL, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL))
|
||||||
|
{
|
||||||
|
DOSHeader = (PIMAGE_DOS_HEADER)FileMapVA;
|
||||||
|
if(EngineValidateHeader(FileMapVA, FileHandle, NULL, DOSHeader, true))
|
||||||
|
{
|
||||||
|
PEHeader32 = (PIMAGE_NT_HEADERS32)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
|
||||||
|
PEHeader64 = (PIMAGE_NT_HEADERS64)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
|
||||||
|
if(PEHeader32->OptionalHeader.Magic == 0x10B)
|
||||||
|
{
|
||||||
|
FileIs64 = false;
|
||||||
|
}
|
||||||
|
else if(PEHeader32->OptionalHeader.Magic == 0x20B)
|
||||||
|
{
|
||||||
|
FileIs64 = true;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
|
||||||
|
RemoveGarbageItem(szBackupItem, true);
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
if(!FileIs64)
|
||||||
|
{
|
||||||
|
if(PEHeader32->OptionalHeader.ImageBase == (DWORD)NewImageBase)
|
||||||
|
{
|
||||||
|
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
|
||||||
|
RemoveGarbageItem(szBackupItem, true);
|
||||||
|
return(true);
|
||||||
|
}
|
||||||
|
RelocData = (ULONG_PTR)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)(PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress + PEHeader32->OptionalHeader.ImageBase), true);
|
||||||
|
RelocSize = PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
if((ULONG_PTR)PEHeader64->OptionalHeader.ImageBase == NewImageBase)
|
||||||
|
{
|
||||||
|
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
|
||||||
|
RemoveGarbageItem(szBackupItem, true);
|
||||||
|
return(true);
|
||||||
|
}
|
||||||
|
RelocData = (ULONG_PTR)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)(PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress + PEHeader64->OptionalHeader.ImageBase), true);
|
||||||
|
RelocSize = PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size;
|
||||||
|
}
|
||||||
|
__try
|
||||||
|
{
|
||||||
|
while(memcmp((LPVOID)RelocData, &CompareDummy, 4))
|
||||||
|
{
|
||||||
|
RtlMoveMemory(&RelocDelta, (LPVOID)RelocData, 4);
|
||||||
|
RtlMoveMemory(&RelocDeltaSize, (LPVOID)((ULONG_PTR)RelocData + 4), 4);
|
||||||
|
RelocDeltaSize = RelocDeltaSize - 8;
|
||||||
|
RelocData = RelocData + 8;
|
||||||
|
while(RelocDeltaSize > NULL)
|
||||||
|
{
|
||||||
|
RtlMoveMemory(&RelocAddressData, (LPVOID)RelocData, 2);
|
||||||
|
if(RelocAddressData != NULL)
|
||||||
|
{
|
||||||
|
if(RelocAddressData & 0x8000)
|
||||||
|
{
|
||||||
|
RelocAddressData = RelocAddressData ^ 0x8000;
|
||||||
|
RelocWriteAddress = (ULONG_PTR)(RelocAddressData + RelocDelta);
|
||||||
|
RelocWriteAddress = (ULONG_PTR)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)((DWORD64)PEHeader64->OptionalHeader.ImageBase + RelocWriteAddress), true);
|
||||||
|
RtlMoveMemory(&RelocWriteData64, (LPVOID)RelocWriteAddress, 8);
|
||||||
|
RelocWriteData64 = RelocWriteData64 - (DWORD64)PEHeader64->OptionalHeader.ImageBase + (DWORD64)NewImageBase;
|
||||||
|
RtlMoveMemory((LPVOID)RelocWriteAddress, &RelocWriteData64, 8);
|
||||||
|
}
|
||||||
|
else if(RelocAddressData & 0x3000)
|
||||||
|
{
|
||||||
|
RelocAddressData = RelocAddressData ^ 0x3000;
|
||||||
|
RelocWriteAddress = (ULONG_PTR)(RelocAddressData + RelocDelta);
|
||||||
|
RelocWriteAddress = (ULONG_PTR)ConvertVAtoFileOffset(FileMapVA, PEHeader32->OptionalHeader.ImageBase + RelocWriteAddress, true);
|
||||||
|
RtlMoveMemory(&RelocWriteData, (LPVOID)RelocWriteAddress, 4);
|
||||||
|
RelocWriteData = RelocWriteData - PEHeader32->OptionalHeader.ImageBase + NewImageBase;
|
||||||
|
RtlMoveMemory((LPVOID)RelocWriteAddress, &RelocWriteData, 4);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
RelocDeltaSize = RelocDeltaSize - 2;
|
||||||
|
RelocData = RelocData + 2;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if(!FileIs64)
|
||||||
|
{
|
||||||
|
PEHeader32->OptionalHeader.ImageBase = (DWORD)NewImageBase;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
PEHeader64->OptionalHeader.ImageBase = (ULONG_PTR)NewImageBase;
|
||||||
|
}
|
||||||
|
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
|
||||||
|
if(szBackupItem[0] != NULL)
|
||||||
|
{
|
||||||
|
if(CopyFileW(szBackupFile, szFileName, false))
|
||||||
|
{
|
||||||
|
RemoveGarbageItem(szBackupItem, true);
|
||||||
|
return(true);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
RemoveGarbageItem(szBackupItem, true);
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return(true);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
__except(EXCEPTION_EXECUTE_HANDLER)
|
||||||
|
{
|
||||||
|
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
|
||||||
|
RemoveGarbageItem(szBackupItem, true);
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
|
||||||
|
RemoveGarbageItem(szBackupItem, true);
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
RemoveGarbageItem(szBackupItem, true);
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
__declspec(dllexport) bool TITCALL RelocaterRelocateMemoryBlock(ULONG_PTR FileMapVA, ULONG_PTR MemoryLocation, void* RelocateMemory, DWORD RelocateMemorySize, ULONG_PTR CurrentLoadedBase, ULONG_PTR RelocateBase)
|
||||||
|
{
|
||||||
|
|
||||||
|
BOOL FileIs64;
|
||||||
|
DWORD RelocSize;
|
||||||
|
ULONG_PTR RelocData;
|
||||||
|
PIMAGE_DOS_HEADER DOSHeader;
|
||||||
|
PIMAGE_NT_HEADERS32 PEHeader32;
|
||||||
|
PIMAGE_NT_HEADERS64 PEHeader64;
|
||||||
|
DWORD CompareDummy = NULL;
|
||||||
|
DWORD RelocDelta = NULL;
|
||||||
|
DWORD RelocDeltaSize = NULL;
|
||||||
|
WORD RelocAddressData = NULL;
|
||||||
|
ULONG_PTR RelocWriteAddress = NULL;
|
||||||
|
ULONG_PTR RelocWriteData = NULL;
|
||||||
|
DWORD64 RelocWriteData64 = NULL;
|
||||||
|
|
||||||
|
DOSHeader = (PIMAGE_DOS_HEADER)FileMapVA;
|
||||||
|
MemoryLocation = MemoryLocation - CurrentLoadedBase;
|
||||||
|
if(EngineValidateHeader(FileMapVA, NULL, NULL, DOSHeader, true))
|
||||||
|
{
|
||||||
|
PEHeader32 = (PIMAGE_NT_HEADERS32)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
|
||||||
|
PEHeader64 = (PIMAGE_NT_HEADERS64)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
|
||||||
|
if(PEHeader32->OptionalHeader.Magic == 0x10B)
|
||||||
|
{
|
||||||
|
FileIs64 = false;
|
||||||
|
}
|
||||||
|
else if(PEHeader32->OptionalHeader.Magic == 0x20B)
|
||||||
|
{
|
||||||
|
FileIs64 = true;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
if(!FileIs64)
|
||||||
|
{
|
||||||
|
if(PEHeader32->OptionalHeader.ImageBase == (DWORD)RelocateBase)
|
||||||
|
{
|
||||||
|
return(true);
|
||||||
|
}
|
||||||
|
RelocData = (ULONG_PTR)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)(PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress + PEHeader32->OptionalHeader.ImageBase), true);
|
||||||
|
RelocSize = PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
if((ULONG_PTR)PEHeader64->OptionalHeader.ImageBase == RelocateBase)
|
||||||
|
{
|
||||||
|
return(true);
|
||||||
|
}
|
||||||
|
RelocData = (ULONG_PTR)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)(PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress + PEHeader64->OptionalHeader.ImageBase), true);
|
||||||
|
RelocSize = PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size;
|
||||||
|
}
|
||||||
|
__try
|
||||||
|
{
|
||||||
|
while(memcmp((LPVOID)RelocData, &CompareDummy, 4))
|
||||||
|
{
|
||||||
|
RtlMoveMemory(&RelocDelta, (LPVOID)RelocData, 4);
|
||||||
|
RtlMoveMemory(&RelocDeltaSize, (LPVOID)((ULONG_PTR)RelocData + 4), 4);
|
||||||
|
RelocDeltaSize = RelocDeltaSize - 8;
|
||||||
|
RelocData = RelocData + 8;
|
||||||
|
while(RelocDeltaSize > NULL)
|
||||||
|
{
|
||||||
|
RtlMoveMemory(&RelocAddressData, (LPVOID)RelocData, 2);
|
||||||
|
if(RelocAddressData != NULL)
|
||||||
|
{
|
||||||
|
if(RelocAddressData & 0x8000)
|
||||||
|
{
|
||||||
|
RelocAddressData = RelocAddressData ^ 0x8000;
|
||||||
|
if(RelocAddressData >= MemoryLocation && RelocAddressData < MemoryLocation + RelocateMemorySize)
|
||||||
|
{
|
||||||
|
RelocWriteAddress = (ULONG_PTR)(RelocAddressData + RelocDelta - MemoryLocation + (ULONG_PTR)RelocateMemory);
|
||||||
|
RtlMoveMemory(&RelocWriteData64, (LPVOID)RelocWriteAddress, 8);
|
||||||
|
RelocWriteData64 = RelocWriteData64 - (DWORD64)PEHeader64->OptionalHeader.ImageBase + (DWORD64)RelocateBase;
|
||||||
|
RtlMoveMemory((LPVOID)RelocWriteAddress, &RelocWriteData64, 8);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else if(RelocAddressData & 0x3000)
|
||||||
|
{
|
||||||
|
RelocAddressData = RelocAddressData ^ 0x3000;
|
||||||
|
if(RelocAddressData >= MemoryLocation && RelocAddressData < MemoryLocation + RelocateMemorySize)
|
||||||
|
{
|
||||||
|
RelocWriteAddress = (ULONG_PTR)(RelocAddressData + RelocDelta - MemoryLocation + (ULONG_PTR)RelocateMemory);
|
||||||
|
RtlMoveMemory(&RelocWriteData, (LPVOID)RelocWriteAddress, 4);
|
||||||
|
RelocWriteData = RelocWriteData - PEHeader32->OptionalHeader.ImageBase + RelocateBase;
|
||||||
|
RtlMoveMemory((LPVOID)RelocWriteAddress, &RelocWriteData, 4);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
RelocDeltaSize = RelocDeltaSize - 2;
|
||||||
|
RelocData = RelocData + 2;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return(true);
|
||||||
|
}
|
||||||
|
__except(EXCEPTION_EXECUTE_HANDLER)
|
||||||
|
{
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
__declspec(dllexport) bool TITCALL RelocaterWipeRelocationTable(char* szFileName)
|
||||||
|
{
|
||||||
|
|
||||||
|
wchar_t uniFileName[MAX_PATH] = {};
|
||||||
|
|
||||||
|
if(szFileName != NULL)
|
||||||
|
{
|
||||||
|
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
|
||||||
|
return(RelocaterWipeRelocationTableW(uniFileName));
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
__declspec(dllexport) bool TITCALL RelocaterWipeRelocationTableW(wchar_t* szFileName)
|
||||||
|
{
|
||||||
|
|
||||||
|
PIMAGE_DOS_HEADER DOSHeader;
|
||||||
|
PIMAGE_NT_HEADERS32 PEHeader32;
|
||||||
|
PIMAGE_NT_HEADERS64 PEHeader64;
|
||||||
|
DWORD WipeSectionNumber = NULL;
|
||||||
|
ULONG_PTR Characteristics;
|
||||||
|
BOOL FileIs64;
|
||||||
|
HANDLE FileHandle;
|
||||||
|
DWORD FileSize;
|
||||||
|
HANDLE FileMap;
|
||||||
|
ULONG_PTR FileMapVA;
|
||||||
|
|
||||||
|
if(MapFileExW(szFileName, UE_ACCESS_READ, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL))
|
||||||
|
{
|
||||||
|
DOSHeader = (PIMAGE_DOS_HEADER)FileMapVA;
|
||||||
|
if(EngineValidateHeader(FileMapVA, FileHandle, NULL, DOSHeader, true))
|
||||||
|
{
|
||||||
|
PEHeader32 = (PIMAGE_NT_HEADERS32)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
|
||||||
|
PEHeader64 = (PIMAGE_NT_HEADERS64)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
|
||||||
|
if(PEHeader32->OptionalHeader.Magic == 0x10B)
|
||||||
|
{
|
||||||
|
FileIs64 = false;
|
||||||
|
}
|
||||||
|
else if(PEHeader32->OptionalHeader.Magic == 0x20B)
|
||||||
|
{
|
||||||
|
FileIs64 = true;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
if(!FileIs64)
|
||||||
|
{
|
||||||
|
if(PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress != NULL)
|
||||||
|
{
|
||||||
|
Characteristics = (ULONG_PTR)GetPE32DataFromMappedFile(FileMapVA, NULL, UE_CHARACTERISTICS) ^ 1;
|
||||||
|
SetPE32DataForMappedFile(FileMapVA, NULL, UE_CHARACTERISTICS, Characteristics);
|
||||||
|
WipeSectionNumber = GetPE32SectionNumberFromVA(FileMapVA, (ULONG_PTR)((ULONG_PTR)PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress + (ULONG_PTR)PEHeader32->OptionalHeader.ImageBase));
|
||||||
|
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
|
||||||
|
return(WipeSectionW(szFileName, (int)WipeSectionNumber, true));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
if(PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress != NULL)
|
||||||
|
{
|
||||||
|
Characteristics = (ULONG_PTR)GetPE32DataFromMappedFile(FileMapVA, NULL, UE_CHARACTERISTICS) ^ 1;
|
||||||
|
SetPE32DataForMappedFile(FileMapVA, NULL, UE_CHARACTERISTICS, Characteristics);
|
||||||
|
WipeSectionNumber = GetPE32SectionNumberFromVA(FileMapVA, (ULONG_PTR)((ULONG_PTR)PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress + (ULONG_PTR)PEHeader64->OptionalHeader.ImageBase));
|
||||||
|
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
|
||||||
|
return(WipeSectionW(szFileName, (int)WipeSectionNumber, true));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
|
@ -0,0 +1,359 @@
|
||||||
|
#include "stdafx.h"
|
||||||
|
#include "definitions.h"
|
||||||
|
#include "Global.Mapping.h"
|
||||||
|
#include "Global.Engine.h"
|
||||||
|
#include "Global.Handle.h"
|
||||||
|
|
||||||
|
// TitanEngine.Resourcer.functions:
|
||||||
|
__declspec(dllexport) long long TITCALL ResourcerLoadFileForResourceUse(char* szFileName)
|
||||||
|
{
|
||||||
|
return((ULONG_PTR)EngineSimulateNtLoader(szFileName));
|
||||||
|
}
|
||||||
|
|
||||||
|
__declspec(dllexport) long long TITCALL ResourcerLoadFileForResourceUseW(wchar_t* szFileName)
|
||||||
|
{
|
||||||
|
return((ULONG_PTR)EngineSimulateNtLoaderW(szFileName));
|
||||||
|
}
|
||||||
|
|
||||||
|
__declspec(dllexport) bool TITCALL ResourcerFreeLoadedFile(LPVOID LoadedFileBase)
|
||||||
|
{
|
||||||
|
if(VirtualFree(LoadedFileBase, NULL, MEM_RELEASE))
|
||||||
|
{
|
||||||
|
return(true);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
__declspec(dllexport) bool TITCALL ResourcerExtractResourceFromFileEx(ULONG_PTR FileMapVA, char* szResourceType, char* szResourceName, char* szExtractedFileName)
|
||||||
|
{
|
||||||
|
|
||||||
|
HRSRC hResource;
|
||||||
|
HGLOBAL hResourceGlobal;
|
||||||
|
DWORD ResourceSize;
|
||||||
|
LPVOID ResourceData;
|
||||||
|
DWORD NumberOfBytesWritten;
|
||||||
|
HANDLE hFile;
|
||||||
|
|
||||||
|
hResource = FindResourceA((HMODULE)FileMapVA, (LPCSTR)szResourceName, (LPCSTR)szResourceType);
|
||||||
|
if(hResource != NULL)
|
||||||
|
{
|
||||||
|
hResourceGlobal = LoadResource((HMODULE)FileMapVA, hResource);
|
||||||
|
if(hResourceGlobal != NULL)
|
||||||
|
{
|
||||||
|
ResourceSize = SizeofResource((HMODULE)FileMapVA, hResource);
|
||||||
|
ResourceData = LockResource(hResourceGlobal);
|
||||||
|
if(EngineCreatePathForFile(szExtractedFileName))
|
||||||
|
{
|
||||||
|
hFile = CreateFileA(szExtractedFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
|
||||||
|
if(hFile != INVALID_HANDLE_VALUE)
|
||||||
|
{
|
||||||
|
WriteFile(hFile, ResourceData, ResourceSize, &NumberOfBytesWritten, NULL);
|
||||||
|
EngineCloseHandle(hFile);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return(true);
|
||||||
|
}
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
|
||||||
|
__declspec(dllexport) bool TITCALL ResourcerExtractResourceFromFile(char* szFileName, char* szResourceType, char* szResourceName, char* szExtractedFileName)
|
||||||
|
{
|
||||||
|
|
||||||
|
HANDLE FileHandle;
|
||||||
|
DWORD FileSize;
|
||||||
|
HANDLE FileMap;
|
||||||
|
ULONG_PTR FileMapVA;
|
||||||
|
bool bReturn;
|
||||||
|
|
||||||
|
if(MapFileEx(szFileName, UE_ACCESS_READ, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL))
|
||||||
|
{
|
||||||
|
bReturn = ResourcerExtractResourceFromFileEx(FileMapVA, szResourceType, szResourceName, szExtractedFileName);
|
||||||
|
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
|
||||||
|
if(bReturn)
|
||||||
|
{
|
||||||
|
return(true);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
|
||||||
|
__declspec(dllexport) bool TITCALL ResourcerExtractResourceFromFileW(wchar_t* szFileName, char* szResourceType, char* szResourceName, char* szExtractedFileName)
|
||||||
|
{
|
||||||
|
|
||||||
|
HANDLE FileHandle;
|
||||||
|
DWORD FileSize;
|
||||||
|
HANDLE FileMap;
|
||||||
|
ULONG_PTR FileMapVA;
|
||||||
|
bool bReturn;
|
||||||
|
|
||||||
|
if(MapFileExW(szFileName, UE_ACCESS_READ, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL))
|
||||||
|
{
|
||||||
|
bReturn = ResourcerExtractResourceFromFileEx(FileMapVA, szResourceType, szResourceName, szExtractedFileName);
|
||||||
|
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
|
||||||
|
if(bReturn)
|
||||||
|
{
|
||||||
|
return(true);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
|
||||||
|
__declspec(dllexport) bool TITCALL ResourcerFindResource(char* szFileName, char* szResourceType, DWORD ResourceType, char* szResourceName, DWORD ResourceName, DWORD ResourceLanguage, PULONG_PTR pResourceData, LPDWORD pResourceSize)
|
||||||
|
{
|
||||||
|
|
||||||
|
wchar_t uniFileName[MAX_PATH] = {};
|
||||||
|
wchar_t* PtrResourceType = NULL;
|
||||||
|
wchar_t uniResourceType[MAX_PATH] = {};
|
||||||
|
wchar_t* PtrResourceName = NULL;
|
||||||
|
wchar_t uniResourceName[MAX_PATH] = {};
|
||||||
|
|
||||||
|
if(szFileName != NULL)
|
||||||
|
{
|
||||||
|
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
|
||||||
|
if(szResourceName != NULL)
|
||||||
|
{
|
||||||
|
MultiByteToWideChar(CP_ACP, NULL, szResourceName, lstrlenA(szResourceName)+1, uniResourceName, sizeof(uniResourceName)/(sizeof(uniResourceName[0])));
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
PtrResourceType = &uniResourceType[0];
|
||||||
|
}
|
||||||
|
if(szResourceType != NULL)
|
||||||
|
{
|
||||||
|
MultiByteToWideChar(CP_ACP, NULL, szResourceType, lstrlenA(szResourceType)+1, uniResourceType, sizeof(uniResourceType)/(sizeof(uniResourceType[0])));
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
PtrResourceName = &uniResourceName[0];
|
||||||
|
}
|
||||||
|
return(ResourcerFindResourceW(uniFileName, PtrResourceType, ResourceType, PtrResourceName, ResourceName, ResourceLanguage, pResourceData, pResourceSize));
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
__declspec(dllexport) bool TITCALL ResourcerFindResourceW(wchar_t* szFileName, wchar_t* szResourceType, DWORD ResourceType, wchar_t* szResourceName, DWORD ResourceName, DWORD ResourceLanguage, PULONG_PTR pResourceData, LPDWORD pResourceSize)
|
||||||
|
{
|
||||||
|
|
||||||
|
bool ReturnValue;
|
||||||
|
ULONG_PTR FileMapVA;
|
||||||
|
HANDLE FileHandle;
|
||||||
|
HANDLE FileMap;
|
||||||
|
DWORD FileSize;
|
||||||
|
|
||||||
|
if(MapFileExW(szFileName, UE_ACCESS_ALL, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL))
|
||||||
|
{
|
||||||
|
ReturnValue = ResourcerFindResourceEx(FileMapVA, FileSize, szResourceType, ResourceType, szResourceName, ResourceName, ResourceLanguage, pResourceData, pResourceSize);
|
||||||
|
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
|
||||||
|
if(ReturnValue)
|
||||||
|
{
|
||||||
|
return(true);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
|
||||||
|
__declspec(dllexport) bool TITCALL ResourcerFindResourceEx(ULONG_PTR FileMapVA, DWORD FileSize, wchar_t* szResourceType, DWORD ResourceType, wchar_t* szResourceName, DWORD ResourceName, DWORD ResourceLanguage, PULONG_PTR pResourceData, LPDWORD pResourceSize)
|
||||||
|
{
|
||||||
|
|
||||||
|
int i,j,n;
|
||||||
|
wchar_t* uniResourceName;
|
||||||
|
wchar_t* uniResourceType;
|
||||||
|
PIMAGE_RESOURCE_DIRECTORY PEResource;
|
||||||
|
PIMAGE_RESOURCE_DIRECTORY PEResourcePtr;
|
||||||
|
PIMAGE_RESOURCE_DIRECTORY_ENTRY PEResourceDir;
|
||||||
|
PIMAGE_RESOURCE_DIRECTORY PESubResourcePtr1;
|
||||||
|
PIMAGE_RESOURCE_DIRECTORY_ENTRY PEResourceDir1;
|
||||||
|
PIMAGE_RESOURCE_DIRECTORY PESubResourcePtr2;
|
||||||
|
PIMAGE_RESOURCE_DIRECTORY_ENTRY PEResourceDir2;
|
||||||
|
PIMAGE_RESOURCE_DATA_ENTRY PEResourceItem;
|
||||||
|
|
||||||
|
__try
|
||||||
|
{
|
||||||
|
if(FileMapVA != NULL && FileSize != NULL)
|
||||||
|
{
|
||||||
|
PEResource = (PIMAGE_RESOURCE_DIRECTORY)(ConvertVAtoFileOffsetEx(FileMapVA, FileSize, (ULONG_PTR)GetPE32DataFromMappedFile(FileMapVA, NULL, UE_IMAGEBASE), (ULONG_PTR)GetPE32DataFromMappedFile(FileMapVA, NULL, UE_RESOURCETABLEADDRESS), true, true));
|
||||||
|
if(PEResource != NULL)
|
||||||
|
{
|
||||||
|
PEResourceDir = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PEResource + sizeof IMAGE_RESOURCE_DIRECTORY);
|
||||||
|
i = PEResource->NumberOfIdEntries + PEResource->NumberOfNamedEntries;
|
||||||
|
PEResourcePtr = PEResource;
|
||||||
|
while(i > NULL)
|
||||||
|
{
|
||||||
|
PESubResourcePtr1 = (PIMAGE_RESOURCE_DIRECTORY)((ULONG_PTR)PEResourcePtr + (PEResourceDir->OffsetToData ^ IMAGE_RESOURCE_DATA_IS_DIRECTORY));
|
||||||
|
PEResourceDir1 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PESubResourcePtr1 + sizeof IMAGE_RESOURCE_DIRECTORY);
|
||||||
|
j = PESubResourcePtr1->NumberOfIdEntries + PESubResourcePtr1->NumberOfNamedEntries;
|
||||||
|
uniResourceType = (wchar_t*)((ULONG_PTR)PEResourcePtr + PEResourceDir->NameOffset);
|
||||||
|
if(((bool)PEResourceDir->NameIsString == true && EngineCompareResourceString(uniResourceType, szResourceType) == true) || ((bool)PEResourceDir->NameIsString == false && PEResourceDir->Id == ResourceType))
|
||||||
|
{
|
||||||
|
while(j > NULL)
|
||||||
|
{
|
||||||
|
PESubResourcePtr2 = (PIMAGE_RESOURCE_DIRECTORY)((ULONG_PTR)PEResourcePtr + (PEResourceDir1->OffsetToData ^ IMAGE_RESOURCE_DATA_IS_DIRECTORY));
|
||||||
|
PEResourceDir2 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PESubResourcePtr2 + sizeof IMAGE_RESOURCE_DIRECTORY);
|
||||||
|
n = PESubResourcePtr2->NumberOfIdEntries + PESubResourcePtr2->NumberOfNamedEntries;
|
||||||
|
uniResourceName = (wchar_t*)((ULONG_PTR)PEResourcePtr + PEResourceDir1->NameOffset);
|
||||||
|
if(((bool)PEResourceDir1->NameIsString == true && EngineCompareResourceString(uniResourceName, szResourceName) == true) || ((bool)PEResourceDir1->NameIsString == false && PEResourceDir1->Id == ResourceName))
|
||||||
|
{
|
||||||
|
while(n > NULL)
|
||||||
|
{
|
||||||
|
PEResourceItem = (PIMAGE_RESOURCE_DATA_ENTRY)((ULONG_PTR)PEResourcePtr + PEResourceDir2->OffsetToData);
|
||||||
|
if(ResourceLanguage == UE_RESOURCE_LANGUAGE_ANY || ResourceLanguage == PEResourceDir2->Id)
|
||||||
|
{
|
||||||
|
*pResourceData = PEResourceItem->OffsetToData;
|
||||||
|
*pResourceSize = PEResourceItem->Size;
|
||||||
|
return(true);
|
||||||
|
}
|
||||||
|
PEResourceDir2 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PEResourceDir2 + sizeof IMAGE_RESOURCE_DIRECTORY_ENTRY);
|
||||||
|
n--;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
PEResourceDir2 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PEResourceDir2 + sizeof IMAGE_RESOURCE_DIRECTORY_ENTRY * n);
|
||||||
|
}
|
||||||
|
PEResourceDir1 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PEResourceDir1 + sizeof IMAGE_RESOURCE_DIRECTORY_ENTRY);
|
||||||
|
j--;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
PEResourceDir1 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PEResourceDir1 + sizeof IMAGE_RESOURCE_DIRECTORY_ENTRY * j);
|
||||||
|
}
|
||||||
|
PEResourceDir = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PEResourceDir + sizeof IMAGE_RESOURCE_DIRECTORY_ENTRY);
|
||||||
|
i--;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
__except(EXCEPTION_EXECUTE_HANDLER)
|
||||||
|
{
|
||||||
|
|
||||||
|
}
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
|
||||||
|
__declspec(dllexport) void TITCALL ResourcerEnumerateResource(char* szFileName, void* CallBack)
|
||||||
|
{
|
||||||
|
|
||||||
|
wchar_t uniFileName[MAX_PATH] = {};
|
||||||
|
|
||||||
|
if(szFileName != NULL)
|
||||||
|
{
|
||||||
|
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
|
||||||
|
ResourcerEnumerateResourceW(uniFileName, CallBack);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
__declspec(dllexport) void TITCALL ResourcerEnumerateResourceW(wchar_t* szFileName, void* CallBack)
|
||||||
|
{
|
||||||
|
|
||||||
|
ULONG_PTR FileMapVA;
|
||||||
|
HANDLE FileHandle;
|
||||||
|
HANDLE FileMap;
|
||||||
|
DWORD FileSize;
|
||||||
|
|
||||||
|
if(MapFileExW(szFileName, UE_ACCESS_ALL, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL))
|
||||||
|
{
|
||||||
|
ResourcerEnumerateResourceEx(FileMapVA, FileSize, CallBack);
|
||||||
|
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
__declspec(dllexport) void TITCALL ResourcerEnumerateResourceEx(ULONG_PTR FileMapVA, DWORD FileSize, void* CallBack)
|
||||||
|
{
|
||||||
|
|
||||||
|
int i,j,n;
|
||||||
|
wchar_t* uniResourceName;
|
||||||
|
wchar_t* uniResourceType;
|
||||||
|
PIMAGE_RESOURCE_DIRECTORY PEResource;
|
||||||
|
PIMAGE_RESOURCE_DIRECTORY PEResourcePtr;
|
||||||
|
PIMAGE_RESOURCE_DIRECTORY_ENTRY PEResourceDir;
|
||||||
|
PIMAGE_RESOURCE_DIRECTORY PESubResourcePtr1;
|
||||||
|
PIMAGE_RESOURCE_DIRECTORY_ENTRY PEResourceDir1;
|
||||||
|
PIMAGE_RESOURCE_DIRECTORY PESubResourcePtr2;
|
||||||
|
PIMAGE_RESOURCE_DIRECTORY_ENTRY PEResourceDir2;
|
||||||
|
PIMAGE_RESOURCE_DATA_ENTRY PEResourceItem;
|
||||||
|
typedef bool(TITCALL *fResourceEnumerator)(wchar_t* szResourceType, DWORD ResourceType, wchar_t* szResourceName, DWORD ResourceName, DWORD ResourceLanguage, DWORD ResourceData, DWORD ResourceSize);
|
||||||
|
fResourceEnumerator myResourceEnumerator = (fResourceEnumerator)CallBack;
|
||||||
|
|
||||||
|
__try
|
||||||
|
{
|
||||||
|
if(CallBack != NULL)
|
||||||
|
{
|
||||||
|
if(FileMapVA != NULL && FileSize != NULL)
|
||||||
|
{
|
||||||
|
PEResource = (PIMAGE_RESOURCE_DIRECTORY)(ConvertVAtoFileOffsetEx(FileMapVA, FileSize, (ULONG_PTR)GetPE32DataFromMappedFile(FileMapVA, NULL, UE_IMAGEBASE), (ULONG_PTR)GetPE32DataFromMappedFile(FileMapVA, NULL, UE_RESOURCETABLEADDRESS), true, true));
|
||||||
|
if(PEResource != NULL)
|
||||||
|
{
|
||||||
|
PEResourceDir = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PEResource + sizeof IMAGE_RESOURCE_DIRECTORY);
|
||||||
|
i = PEResource->NumberOfIdEntries + PEResource->NumberOfNamedEntries;
|
||||||
|
PEResourcePtr = PEResource;
|
||||||
|
while(i > NULL)
|
||||||
|
{
|
||||||
|
PESubResourcePtr1 = (PIMAGE_RESOURCE_DIRECTORY)((ULONG_PTR)PEResourcePtr + (PEResourceDir->OffsetToData ^ IMAGE_RESOURCE_DATA_IS_DIRECTORY));
|
||||||
|
PEResourceDir1 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PESubResourcePtr1 + sizeof IMAGE_RESOURCE_DIRECTORY);
|
||||||
|
j = PESubResourcePtr1->NumberOfIdEntries + PESubResourcePtr1->NumberOfNamedEntries;
|
||||||
|
while(j > NULL)
|
||||||
|
{
|
||||||
|
PESubResourcePtr2 = (PIMAGE_RESOURCE_DIRECTORY)((ULONG_PTR)PEResourcePtr + (PEResourceDir1->OffsetToData ^ IMAGE_RESOURCE_DATA_IS_DIRECTORY));
|
||||||
|
PEResourceDir2 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PESubResourcePtr2 + sizeof IMAGE_RESOURCE_DIRECTORY);
|
||||||
|
n = PESubResourcePtr2->NumberOfIdEntries + PESubResourcePtr2->NumberOfNamedEntries;
|
||||||
|
while(n > NULL)
|
||||||
|
{
|
||||||
|
PEResourceItem = (PIMAGE_RESOURCE_DATA_ENTRY)((ULONG_PTR)PEResourcePtr + PEResourceDir2->OffsetToData);
|
||||||
|
if(PEResourceDir->NameIsString)
|
||||||
|
{
|
||||||
|
uniResourceType = (wchar_t*)((ULONG_PTR)PEResourcePtr + PEResourceDir->NameOffset);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
uniResourceType = NULL;
|
||||||
|
}
|
||||||
|
if(PEResourceDir1->NameIsString)
|
||||||
|
{
|
||||||
|
uniResourceName = (wchar_t*)((ULONG_PTR)PEResourcePtr + PEResourceDir1->NameOffset);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
uniResourceName = NULL;
|
||||||
|
}
|
||||||
|
if(!myResourceEnumerator(uniResourceType, PEResourceDir->Id, uniResourceName, PEResourceDir1->Id, PEResourceDir2->Id, PEResourceItem->OffsetToData, PEResourceItem->Size))
|
||||||
|
{
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
PEResourceDir2 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PEResourceDir2 + sizeof IMAGE_RESOURCE_DIRECTORY_ENTRY);
|
||||||
|
n--;
|
||||||
|
}
|
||||||
|
PEResourceDir1 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PEResourceDir1 + sizeof IMAGE_RESOURCE_DIRECTORY_ENTRY);
|
||||||
|
j--;
|
||||||
|
}
|
||||||
|
PEResourceDir = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PEResourceDir + sizeof IMAGE_RESOURCE_DIRECTORY_ENTRY);
|
||||||
|
i--;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
__except(EXCEPTION_EXECUTE_HANDLER)
|
||||||
|
{
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
@ -0,0 +1,443 @@
|
||||||
|
#include "stdafx.h"
|
||||||
|
#include "definitions.h"
|
||||||
|
#include "Global.Handle.h"
|
||||||
|
#include "Global.Engine.h"
|
||||||
|
#include "Global.Threader.h"
|
||||||
|
#include <tlhelp32.h>
|
||||||
|
|
||||||
|
// TitanEngine.Threader.functions:
|
||||||
|
__declspec(dllexport) bool TITCALL ThreaderImportRunningThreadData(DWORD ProcessId)
|
||||||
|
{
|
||||||
|
|
||||||
|
HANDLE hSnapShot;
|
||||||
|
THREADENTRY32 ThreadEntry = {};
|
||||||
|
PTHREAD_ITEM_DATA hListThreadPtr = NULL;
|
||||||
|
|
||||||
|
if(dbgProcessInformation.hProcess == NULL && ProcessId != NULL)
|
||||||
|
{
|
||||||
|
if(hListThread == NULL)
|
||||||
|
{
|
||||||
|
hListThread = VirtualAlloc(NULL, MAX_DEBUG_DATA * sizeof THREAD_ITEM_DATA, MEM_COMMIT, PAGE_READWRITE);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
RtlZeroMemory(hListThread, MAX_DEBUG_DATA * sizeof THREAD_ITEM_DATA);
|
||||||
|
}
|
||||||
|
ThreadEntry.dwSize = sizeof THREADENTRY32;
|
||||||
|
hListThreadPtr = (PTHREAD_ITEM_DATA)hListThread;
|
||||||
|
hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, ProcessId);
|
||||||
|
if(hSnapShot != INVALID_HANDLE_VALUE)
|
||||||
|
{
|
||||||
|
if(Thread32First(hSnapShot, &ThreadEntry))
|
||||||
|
{
|
||||||
|
do
|
||||||
|
{
|
||||||
|
if(ThreadEntry.th32OwnerProcessID == ProcessId)
|
||||||
|
{
|
||||||
|
hListThreadPtr->dwThreadId = ThreadEntry.th32ThreadID;
|
||||||
|
hListThreadPtr->hThread = OpenThread(THREAD_GET_CONTEXT|THREAD_SET_CONTEXT|THREAD_QUERY_INFORMATION|THREAD_SUSPEND_RESUME, false, hListThreadPtr->dwThreadId);
|
||||||
|
hListThreadPtr = (PTHREAD_ITEM_DATA)((ULONG_PTR)hListThreadPtr + sizeof THREAD_ITEM_DATA);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
while(Thread32Next(hSnapShot, &ThreadEntry));
|
||||||
|
}
|
||||||
|
EngineCloseHandle(hSnapShot);
|
||||||
|
return(true);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
__declspec(dllexport) void* TITCALL ThreaderGetThreadInfo(HANDLE hThread, DWORD ThreadId)
|
||||||
|
{
|
||||||
|
|
||||||
|
PTHREAD_ITEM_DATA hListThreadPtr = (PTHREAD_ITEM_DATA)hListThread;
|
||||||
|
|
||||||
|
if(hListThreadPtr != NULL)
|
||||||
|
{
|
||||||
|
if(hThread != NULL)
|
||||||
|
{
|
||||||
|
while(hListThreadPtr->hThread != NULL && hListThreadPtr->hThread != hThread)
|
||||||
|
{
|
||||||
|
hListThreadPtr = (PTHREAD_ITEM_DATA)((ULONG_PTR)hListThreadPtr + sizeof THREAD_ITEM_DATA);
|
||||||
|
}
|
||||||
|
if(hListThreadPtr->hThread == hThread)
|
||||||
|
{
|
||||||
|
return((void*)hListThreadPtr);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else if(ThreadId != NULL)
|
||||||
|
{
|
||||||
|
while(hListThreadPtr->hThread != NULL && hListThreadPtr->dwThreadId != ThreadId)
|
||||||
|
{
|
||||||
|
hListThreadPtr = (PTHREAD_ITEM_DATA)((ULONG_PTR)hListThreadPtr + sizeof THREAD_ITEM_DATA);
|
||||||
|
}
|
||||||
|
if(hListThreadPtr->dwThreadId == ThreadId)
|
||||||
|
{
|
||||||
|
return((void*)hListThreadPtr);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return(NULL);
|
||||||
|
}
|
||||||
|
__declspec(dllexport) void TITCALL ThreaderEnumThreadInfo(void* EnumCallBack)
|
||||||
|
{
|
||||||
|
|
||||||
|
PTHREAD_ITEM_DATA hListThreadPtr = (PTHREAD_ITEM_DATA)hListThread;
|
||||||
|
typedef void(TITCALL *fEnumCallBack)(LPVOID fThreadDetail);
|
||||||
|
fEnumCallBack myEnumCallBack = (fEnumCallBack)EnumCallBack;
|
||||||
|
|
||||||
|
if(hListThreadPtr != NULL)
|
||||||
|
{
|
||||||
|
while(EnumCallBack != NULL && hListThreadPtr->hThread != NULL)
|
||||||
|
{
|
||||||
|
if(hListThreadPtr->hThread != NULL)
|
||||||
|
{
|
||||||
|
__try
|
||||||
|
{
|
||||||
|
myEnumCallBack((void*)hListThreadPtr);
|
||||||
|
}
|
||||||
|
__except(EXCEPTION_EXECUTE_HANDLER)
|
||||||
|
{
|
||||||
|
EnumCallBack = NULL;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
hListThreadPtr = (PTHREAD_ITEM_DATA)((ULONG_PTR)hListThreadPtr + sizeof THREAD_ITEM_DATA);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
__declspec(dllexport) bool TITCALL ThreaderPauseThread(HANDLE hThread)
|
||||||
|
{
|
||||||
|
|
||||||
|
PTHREAD_ITEM_DATA hListThreadPtr = (PTHREAD_ITEM_DATA)hListThread;
|
||||||
|
|
||||||
|
if(hListThreadPtr != NULL)
|
||||||
|
{
|
||||||
|
if(hThread != NULL)
|
||||||
|
{
|
||||||
|
while(hListThreadPtr->hThread != NULL && hListThreadPtr->hThread != hThread)
|
||||||
|
{
|
||||||
|
hListThreadPtr = (PTHREAD_ITEM_DATA)((ULONG_PTR)hListThreadPtr + sizeof THREAD_ITEM_DATA);
|
||||||
|
}
|
||||||
|
if(hListThreadPtr->hThread == hThread)
|
||||||
|
{
|
||||||
|
if(SuspendThread(hThread) != -1)
|
||||||
|
{
|
||||||
|
return(true);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
__declspec(dllexport) bool TITCALL ThreaderResumeThread(HANDLE hThread)
|
||||||
|
{
|
||||||
|
|
||||||
|
PTHREAD_ITEM_DATA hListThreadPtr = (PTHREAD_ITEM_DATA)hListThread;
|
||||||
|
|
||||||
|
if(hListThreadPtr != NULL)
|
||||||
|
{
|
||||||
|
if(hThread != NULL)
|
||||||
|
{
|
||||||
|
while(hListThreadPtr->hThread != NULL && hListThreadPtr->hThread != hThread)
|
||||||
|
{
|
||||||
|
hListThreadPtr = (PTHREAD_ITEM_DATA)((ULONG_PTR)hListThreadPtr + sizeof THREAD_ITEM_DATA);
|
||||||
|
}
|
||||||
|
if(hListThreadPtr->hThread == hThread)
|
||||||
|
{
|
||||||
|
if(ResumeThread(hThread) != -1)
|
||||||
|
{
|
||||||
|
return(true);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
__declspec(dllexport) bool TITCALL ThreaderTerminateThread(HANDLE hThread, DWORD ThreadExitCode)
|
||||||
|
{
|
||||||
|
|
||||||
|
PTHREAD_ITEM_DATA hListThreadPtr = (PTHREAD_ITEM_DATA)hListThread;
|
||||||
|
|
||||||
|
if(hListThreadPtr != NULL)
|
||||||
|
{
|
||||||
|
if(hThread != NULL)
|
||||||
|
{
|
||||||
|
while(hListThreadPtr->hThread != NULL && hListThreadPtr->hThread != hThread)
|
||||||
|
{
|
||||||
|
hListThreadPtr = (PTHREAD_ITEM_DATA)((ULONG_PTR)hListThreadPtr + sizeof THREAD_ITEM_DATA);
|
||||||
|
}
|
||||||
|
if(hListThreadPtr->hThread == hThread)
|
||||||
|
{
|
||||||
|
if(TerminateThread(hThread, ThreadExitCode) != NULL)
|
||||||
|
{
|
||||||
|
hListThreadPtr->hThread = (HANDLE)-1;
|
||||||
|
hListThreadPtr->dwThreadId = NULL;
|
||||||
|
hListThreadPtr->ThreadLocalBase = NULL;
|
||||||
|
hListThreadPtr->ThreadStartAddress = NULL;
|
||||||
|
return(true);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
__declspec(dllexport) bool TITCALL ThreaderPauseAllThreads(bool LeaveMainRunning)
|
||||||
|
{
|
||||||
|
|
||||||
|
PTHREAD_ITEM_DATA hListThreadPtr = (PTHREAD_ITEM_DATA)hListThread;
|
||||||
|
|
||||||
|
if(hListThreadPtr != NULL)
|
||||||
|
{
|
||||||
|
while(hListThreadPtr->hThread != NULL)
|
||||||
|
{
|
||||||
|
if(LeaveMainRunning)
|
||||||
|
{
|
||||||
|
if(hListThreadPtr->hThread != dbgProcessInformation.hThread)
|
||||||
|
{
|
||||||
|
SuspendThread((HANDLE)hListThreadPtr->hThread);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
SuspendThread(hListThreadPtr->hThread);
|
||||||
|
}
|
||||||
|
hListThreadPtr = (PTHREAD_ITEM_DATA)((ULONG_PTR)hListThreadPtr + sizeof THREAD_ITEM_DATA);
|
||||||
|
}
|
||||||
|
return(true);
|
||||||
|
}
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
__declspec(dllexport) bool TITCALL ThreaderResumeAllThreads(bool LeaveMainPaused)
|
||||||
|
{
|
||||||
|
|
||||||
|
PTHREAD_ITEM_DATA hListThreadPtr = (PTHREAD_ITEM_DATA)hListThread;
|
||||||
|
|
||||||
|
if(hListThreadPtr != NULL)
|
||||||
|
{
|
||||||
|
while(hListThreadPtr->hThread != NULL)
|
||||||
|
{
|
||||||
|
if(LeaveMainPaused)
|
||||||
|
{
|
||||||
|
if(hListThreadPtr->hThread != dbgProcessInformation.hThread)
|
||||||
|
{
|
||||||
|
ResumeThread(hListThreadPtr->hThread);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
ResumeThread(hListThreadPtr->hThread);
|
||||||
|
}
|
||||||
|
hListThreadPtr = (PTHREAD_ITEM_DATA)((ULONG_PTR)hListThreadPtr + sizeof THREAD_ITEM_DATA);
|
||||||
|
}
|
||||||
|
return(true);
|
||||||
|
}
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
__declspec(dllexport) bool TITCALL ThreaderPauseProcess()
|
||||||
|
{
|
||||||
|
return(ThreaderPauseAllThreads(false));
|
||||||
|
}
|
||||||
|
__declspec(dllexport) bool TITCALL ThreaderResumeProcess()
|
||||||
|
{
|
||||||
|
return(ThreaderResumeAllThreads(false));
|
||||||
|
}
|
||||||
|
__declspec(dllexport) long long TITCALL ThreaderCreateRemoteThread(ULONG_PTR ThreadStartAddress, bool AutoCloseTheHandle, LPVOID ThreadPassParameter, LPDWORD ThreadId)
|
||||||
|
{
|
||||||
|
|
||||||
|
HANDLE myThread;
|
||||||
|
|
||||||
|
if(dbgProcessInformation.hProcess != NULL)
|
||||||
|
{
|
||||||
|
if(!AutoCloseTheHandle)
|
||||||
|
{
|
||||||
|
return((ULONG_PTR)CreateRemoteThread(dbgProcessInformation.hProcess, NULL, NULL, (LPTHREAD_START_ROUTINE)ThreadStartAddress, ThreadPassParameter, NULL, ThreadId));
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
myThread = CreateRemoteThread(dbgProcessInformation.hProcess, NULL, NULL, (LPTHREAD_START_ROUTINE)ThreadStartAddress, ThreadPassParameter, NULL, ThreadId);
|
||||||
|
EngineCloseHandle(myThread);
|
||||||
|
return(NULL);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return(NULL);
|
||||||
|
}
|
||||||
|
__declspec(dllexport) bool TITCALL ThreaderInjectAndExecuteCode(LPVOID InjectCode, DWORD StartDelta, DWORD InjectSize)
|
||||||
|
{
|
||||||
|
|
||||||
|
LPVOID ThreadBase = 0;
|
||||||
|
ULONG_PTR ueNumberOfBytesRead = 0;
|
||||||
|
|
||||||
|
if(dbgProcessInformation.hProcess != NULL)
|
||||||
|
{
|
||||||
|
ThreadBase = VirtualAllocEx(dbgProcessInformation.hProcess, NULL, InjectSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
|
||||||
|
if(WriteProcessMemory(dbgProcessInformation.hProcess, ThreadBase, InjectCode, InjectSize, &ueNumberOfBytesRead))
|
||||||
|
{
|
||||||
|
ThreaderCreateRemoteThread((ULONG_PTR)((ULONG_PTR)InjectCode + StartDelta), true, NULL, NULL);
|
||||||
|
return(true);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
__declspec(dllexport) long long TITCALL ThreaderCreateRemoteThreadEx(HANDLE hProcess, ULONG_PTR ThreadStartAddress, bool AutoCloseTheHandle, LPVOID ThreadPassParameter, LPDWORD ThreadId)
|
||||||
|
{
|
||||||
|
|
||||||
|
HANDLE myThread;
|
||||||
|
|
||||||
|
if(hProcess != NULL)
|
||||||
|
{
|
||||||
|
if(!AutoCloseTheHandle)
|
||||||
|
{
|
||||||
|
return((ULONG_PTR)CreateRemoteThread(hProcess, NULL, NULL, (LPTHREAD_START_ROUTINE)ThreadStartAddress, ThreadPassParameter, NULL, ThreadId));
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
myThread = CreateRemoteThread(hProcess, NULL, NULL, (LPTHREAD_START_ROUTINE)ThreadStartAddress, ThreadPassParameter, NULL, ThreadId);
|
||||||
|
EngineCloseHandle(myThread);
|
||||||
|
return(NULL);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return(NULL);
|
||||||
|
}
|
||||||
|
__declspec(dllexport) bool TITCALL ThreaderInjectAndExecuteCodeEx(HANDLE hProcess, LPVOID InjectCode, DWORD StartDelta, DWORD InjectSize)
|
||||||
|
{
|
||||||
|
|
||||||
|
LPVOID ThreadBase = 0;
|
||||||
|
ULONG_PTR ueNumberOfBytesRead = 0;
|
||||||
|
|
||||||
|
if(hProcess != NULL)
|
||||||
|
{
|
||||||
|
ThreadBase = VirtualAllocEx(hProcess, NULL, InjectSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
|
||||||
|
if(WriteProcessMemory(hProcess, ThreadBase, InjectCode, InjectSize, &ueNumberOfBytesRead))
|
||||||
|
{
|
||||||
|
ThreaderCreateRemoteThread((ULONG_PTR)((ULONG_PTR)InjectCode + StartDelta), true, NULL, NULL);
|
||||||
|
return(true);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
__declspec(dllexport) void TITCALL ThreaderSetCallBackForNextExitThreadEvent(LPVOID exitThreadCallBack)
|
||||||
|
{
|
||||||
|
engineExitThreadOneShootCallBack = exitThreadCallBack;
|
||||||
|
}
|
||||||
|
__declspec(dllexport) bool TITCALL ThreaderIsThreadStillRunning(HANDLE hThread)
|
||||||
|
{
|
||||||
|
|
||||||
|
CONTEXT myDBGContext;
|
||||||
|
|
||||||
|
RtlZeroMemory(&myDBGContext, sizeof CONTEXT);
|
||||||
|
myDBGContext.ContextFlags = CONTEXT_ALL;
|
||||||
|
if(GetThreadContext(hThread, &myDBGContext))
|
||||||
|
{
|
||||||
|
return(true);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
__declspec(dllexport) bool TITCALL ThreaderIsThreadActive(HANDLE hThread)
|
||||||
|
{
|
||||||
|
if(SuspendThread(hThread)) //if previous suspend count is above 0 (which means thread is suspended)
|
||||||
|
{
|
||||||
|
ResumeThread(hThread); //decrement suspend count
|
||||||
|
return(true);
|
||||||
|
}
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
__declspec(dllexport) bool TITCALL ThreaderIsAnyThreadActive()
|
||||||
|
{
|
||||||
|
|
||||||
|
PTHREAD_ITEM_DATA hListThreadPtr = (PTHREAD_ITEM_DATA)hListThread;
|
||||||
|
|
||||||
|
if(hListThreadPtr != NULL)
|
||||||
|
{
|
||||||
|
while(hListThreadPtr->hThread != NULL)
|
||||||
|
{
|
||||||
|
if(hListThreadPtr->hThread != (HANDLE)-1)
|
||||||
|
{
|
||||||
|
if(ThreaderIsThreadActive(hListThreadPtr->hThread))
|
||||||
|
{
|
||||||
|
return(true);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
hListThreadPtr = (PTHREAD_ITEM_DATA)((ULONG_PTR)hListThreadPtr + sizeof THREAD_ITEM_DATA);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
__declspec(dllexport) bool TITCALL ThreaderExecuteOnlyInjectedThreads()
|
||||||
|
{
|
||||||
|
|
||||||
|
if(ThreaderPauseProcess())
|
||||||
|
{
|
||||||
|
engineResumeProcessIfNoThreadIsActive = true;
|
||||||
|
return(true);
|
||||||
|
}
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
|
__declspec(dllexport) long long TITCALL ThreaderGetOpenHandleForThread(DWORD ThreadId)
|
||||||
|
{
|
||||||
|
|
||||||
|
PTHREAD_ITEM_DATA hListThreadPtr = (PTHREAD_ITEM_DATA)hListThread;
|
||||||
|
|
||||||
|
if(hListThread != NULL)
|
||||||
|
{
|
||||||
|
while(hListThreadPtr->hThread != NULL)
|
||||||
|
{
|
||||||
|
if(hListThreadPtr->hThread != (HANDLE)-1 && hListThreadPtr->dwThreadId == ThreadId)
|
||||||
|
{
|
||||||
|
return((ULONG_PTR)hListThreadPtr->hThread);
|
||||||
|
}
|
||||||
|
hListThreadPtr = (PTHREAD_ITEM_DATA)((ULONG_PTR)hListThreadPtr + sizeof THREAD_ITEM_DATA);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return(NULL);
|
||||||
|
}
|
||||||
|
__declspec(dllexport) void* TITCALL ThreaderGetThreadData()
|
||||||
|
{
|
||||||
|
return(hListThread);
|
||||||
|
}
|
||||||
|
__declspec(dllexport) bool TITCALL ThreaderIsExceptionInMainThread()
|
||||||
|
{
|
||||||
|
|
||||||
|
LPDEBUG_EVENT myDBGEvent;
|
||||||
|
|
||||||
|
myDBGEvent = (LPDEBUG_EVENT)GetDebugData();
|
||||||
|
if(myDBGEvent->dwThreadId == dbgProcessInformation.dwThreadId)
|
||||||
|
{
|
||||||
|
return(true);
|
||||||
|
}
|
||||||
|
return(false);
|
||||||
|
}
|
||||||
File diff suppressed because it is too large
Load Diff
|
|
@ -218,8 +218,11 @@
|
||||||
<ClCompile Include="Global.Engine.cpp" />
|
<ClCompile Include="Global.Engine.cpp" />
|
||||||
<ClCompile Include="Global.Engine.Extension.cpp" />
|
<ClCompile Include="Global.Engine.Extension.cpp" />
|
||||||
<ClCompile Include="Global.Engine.Hash.cpp" />
|
<ClCompile Include="Global.Engine.Hash.cpp" />
|
||||||
|
<ClCompile Include="Global.Engine.Hider.cpp" />
|
||||||
<ClCompile Include="Global.Handle.cpp" />
|
<ClCompile Include="Global.Handle.cpp" />
|
||||||
<ClCompile Include="Global.Mapping.cpp" />
|
<ClCompile Include="Global.Mapping.cpp" />
|
||||||
|
<ClCompile Include="Global.Realigner.cpp" />
|
||||||
|
<ClCompile Include="Global.Threader.cpp" />
|
||||||
<ClCompile Include="stdafx.cpp">
|
<ClCompile Include="stdafx.cpp">
|
||||||
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
|
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
|
||||||
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Create</PrecompiledHeader>
|
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Create</PrecompiledHeader>
|
||||||
|
|
@ -229,6 +232,14 @@
|
||||||
<ClCompile Include="TitanEngine.cpp" />
|
<ClCompile Include="TitanEngine.cpp" />
|
||||||
<ClCompile Include="LzmaDec.cpp" />
|
<ClCompile Include="LzmaDec.cpp" />
|
||||||
<ClCompile Include="TitanEngine.Dumper.cpp" />
|
<ClCompile Include="TitanEngine.Dumper.cpp" />
|
||||||
|
<ClCompile Include="TitanEngine.Hider.cpp" />
|
||||||
|
<ClCompile Include="TitanEngine.PE.Convert.cpp" />
|
||||||
|
<ClCompile Include="TitanEngine.PE.cpp" />
|
||||||
|
<ClCompile Include="TitanEngine.PE.Fixer.cpp" />
|
||||||
|
<ClCompile Include="TitanEngine.Realigner.cpp" />
|
||||||
|
<ClCompile Include="TitanEngine.Relocator.cpp" />
|
||||||
|
<ClCompile Include="TitanEngine.Resourcer.cpp" />
|
||||||
|
<ClCompile Include="TitanEngine.Threader.cpp" />
|
||||||
</ItemGroup>
|
</ItemGroup>
|
||||||
<ItemGroup>
|
<ItemGroup>
|
||||||
<ClInclude Include="aplib.h" />
|
<ClInclude Include="aplib.h" />
|
||||||
|
|
@ -236,15 +247,17 @@
|
||||||
<ClInclude Include="distorm.h" />
|
<ClInclude Include="distorm.h" />
|
||||||
<ClInclude Include="Global.Engine.Extension.h" />
|
<ClInclude Include="Global.Engine.Extension.h" />
|
||||||
<ClInclude Include="Global.Engine.h" />
|
<ClInclude Include="Global.Engine.h" />
|
||||||
|
<ClInclude Include="Global.Engine.Hider.h" />
|
||||||
<ClInclude Include="Global.Handle.h" />
|
<ClInclude Include="Global.Handle.h" />
|
||||||
<ClInclude Include="Global.Mapping.h" />
|
<ClInclude Include="Global.Mapping.h" />
|
||||||
|
<ClInclude Include="Global.Realigner.h" />
|
||||||
|
<ClInclude Include="Global.Threader.h" />
|
||||||
<ClInclude Include="LzmaDec.h" />
|
<ClInclude Include="LzmaDec.h" />
|
||||||
<ClInclude Include="LzmaTypes.h" />
|
<ClInclude Include="LzmaTypes.h" />
|
||||||
<ClInclude Include="resource.h" />
|
<ClInclude Include="resource.h" />
|
||||||
<ClInclude Include="scylla_wrapper.h" />
|
<ClInclude Include="scylla_wrapper.h" />
|
||||||
<ClInclude Include="stdafx.h" />
|
<ClInclude Include="stdafx.h" />
|
||||||
<ClInclude Include="targetver.h" />
|
<ClInclude Include="targetver.h" />
|
||||||
<ClInclude Include="TitanEngine.Dumper.h" />
|
|
||||||
</ItemGroup>
|
</ItemGroup>
|
||||||
<ItemGroup>
|
<ItemGroup>
|
||||||
<ResourceCompile Include="TitanEngine.rc" />
|
<ResourceCompile Include="TitanEngine.rc" />
|
||||||
|
|
@ -259,6 +272,13 @@
|
||||||
<None Include="LOGO.bmp" />
|
<None Include="LOGO.bmp" />
|
||||||
<None Include="MAINICON.ico" />
|
<None Include="MAINICON.ico" />
|
||||||
<None Include="ReadMe.txt" />
|
<None Include="ReadMe.txt" />
|
||||||
|
<ClCompile Include="TitanEngine.PE.Data.cpp" />
|
||||||
|
<ClCompile Include="TitanEngine.PE.Section.cpp">
|
||||||
|
<FileType>Document</FileType>
|
||||||
|
</ClCompile>
|
||||||
|
<ClCompile Include="TitanEngine.PE.Overlay.cpp">
|
||||||
|
<FileType>Document</FileType>
|
||||||
|
</ClCompile>
|
||||||
</ItemGroup>
|
</ItemGroup>
|
||||||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
|
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
|
||||||
<ImportGroup Label="ExtensionTargets">
|
<ImportGroup Label="ExtensionTargets">
|
||||||
|
|
|
||||||
|
|
@ -57,6 +57,48 @@
|
||||||
<ClCompile Include="Global.Engine.Hash.cpp">
|
<ClCompile Include="Global.Engine.Hash.cpp">
|
||||||
<Filter>Source Files\TitanEngine</Filter>
|
<Filter>Source Files\TitanEngine</Filter>
|
||||||
</ClCompile>
|
</ClCompile>
|
||||||
|
<ClCompile Include="TitanEngine.PE.cpp">
|
||||||
|
<Filter>Source Files\TitanEngine</Filter>
|
||||||
|
</ClCompile>
|
||||||
|
<ClCompile Include="TitanEngine.PE.Section.cpp">
|
||||||
|
<Filter>Source Files\TitanEngine</Filter>
|
||||||
|
</ClCompile>
|
||||||
|
<ClCompile Include="TitanEngine.PE.Overlay.cpp">
|
||||||
|
<Filter>Source Files\TitanEngine</Filter>
|
||||||
|
</ClCompile>
|
||||||
|
<ClCompile Include="TitanEngine.PE.Data.cpp">
|
||||||
|
<Filter>Source Files\TitanEngine</Filter>
|
||||||
|
</ClCompile>
|
||||||
|
<ClCompile Include="TitanEngine.PE.Convert.cpp">
|
||||||
|
<Filter>Source Files\TitanEngine</Filter>
|
||||||
|
</ClCompile>
|
||||||
|
<ClCompile Include="Global.Realigner.cpp">
|
||||||
|
<Filter>Source Files\TitanEngine</Filter>
|
||||||
|
</ClCompile>
|
||||||
|
<ClCompile Include="TitanEngine.Realigner.cpp">
|
||||||
|
<Filter>Source Files\TitanEngine</Filter>
|
||||||
|
</ClCompile>
|
||||||
|
<ClCompile Include="TitanEngine.PE.Fixer.cpp">
|
||||||
|
<Filter>Source Files\TitanEngine</Filter>
|
||||||
|
</ClCompile>
|
||||||
|
<ClCompile Include="Global.Engine.Hider.cpp">
|
||||||
|
<Filter>Source Files\TitanEngine</Filter>
|
||||||
|
</ClCompile>
|
||||||
|
<ClCompile Include="TitanEngine.Hider.cpp">
|
||||||
|
<Filter>Source Files\TitanEngine</Filter>
|
||||||
|
</ClCompile>
|
||||||
|
<ClCompile Include="TitanEngine.Relocator.cpp">
|
||||||
|
<Filter>Source Files\TitanEngine</Filter>
|
||||||
|
</ClCompile>
|
||||||
|
<ClCompile Include="TitanEngine.Resourcer.cpp">
|
||||||
|
<Filter>Source Files\TitanEngine</Filter>
|
||||||
|
</ClCompile>
|
||||||
|
<ClCompile Include="TitanEngine.Threader.cpp">
|
||||||
|
<Filter>Source Files\TitanEngine</Filter>
|
||||||
|
</ClCompile>
|
||||||
|
<ClCompile Include="Global.Threader.cpp">
|
||||||
|
<Filter>Source Files\TitanEngine</Filter>
|
||||||
|
</ClCompile>
|
||||||
</ItemGroup>
|
</ItemGroup>
|
||||||
<ItemGroup>
|
<ItemGroup>
|
||||||
<ClInclude Include="resource.h">
|
<ClInclude Include="resource.h">
|
||||||
|
|
@ -86,9 +128,6 @@
|
||||||
<ClInclude Include="aplib.h">
|
<ClInclude Include="aplib.h">
|
||||||
<Filter>Header Files</Filter>
|
<Filter>Header Files</Filter>
|
||||||
</ClInclude>
|
</ClInclude>
|
||||||
<ClInclude Include="TitanEngine.Dumper.h">
|
|
||||||
<Filter>Header Files\TitanEngine</Filter>
|
|
||||||
</ClInclude>
|
|
||||||
<ClInclude Include="Global.Mapping.h">
|
<ClInclude Include="Global.Mapping.h">
|
||||||
<Filter>Header Files\TitanEngine</Filter>
|
<Filter>Header Files\TitanEngine</Filter>
|
||||||
</ClInclude>
|
</ClInclude>
|
||||||
|
|
@ -101,6 +140,15 @@
|
||||||
<ClInclude Include="Global.Engine.Extension.h">
|
<ClInclude Include="Global.Engine.Extension.h">
|
||||||
<Filter>Header Files\TitanEngine</Filter>
|
<Filter>Header Files\TitanEngine</Filter>
|
||||||
</ClInclude>
|
</ClInclude>
|
||||||
|
<ClInclude Include="Global.Realigner.h">
|
||||||
|
<Filter>Header Files\TitanEngine</Filter>
|
||||||
|
</ClInclude>
|
||||||
|
<ClInclude Include="Global.Engine.Hider.h">
|
||||||
|
<Filter>Header Files\TitanEngine</Filter>
|
||||||
|
</ClInclude>
|
||||||
|
<ClInclude Include="Global.Threader.h">
|
||||||
|
<Filter>Header Files\TitanEngine</Filter>
|
||||||
|
</ClInclude>
|
||||||
</ItemGroup>
|
</ItemGroup>
|
||||||
<ItemGroup>
|
<ItemGroup>
|
||||||
<ResourceCompile Include="TitanEngine.rc">
|
<ResourceCompile Include="TitanEngine.rc">
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,6 @@
|
||||||
#ifndef definitions_h__
|
#ifndef definitions_h__
|
||||||
#define definitions_h__
|
#define definitions_h__
|
||||||
|
|
||||||
|
|
||||||
#define TITCALL
|
#define TITCALL
|
||||||
|
|
||||||
// Global.Function.Declaration:
|
// Global.Function.Declaration:
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue