From 3cb15ef49fc99e3044ac67e6fa2509b9702b808b Mon Sep 17 00:00:00 2001 From: deep0 Date: Wed, 12 Mar 2014 10:38:24 +0100 Subject: [PATCH] removed _try..._catch blocks that prevented a successfull compilation with DynBuf --- TitanEngine/TitanEngine.Debugger.Memory.cpp | 143 +++++++------------- TitanEngine/TitanEngine.Dumper.cpp | 25 +--- TitanEngine/TitanEngine.Exporter.cpp | 11 +- TitanEngine/TitanEngine.PE.Section.cpp | 8 +- 4 files changed, 62 insertions(+), 125 deletions(-) diff --git a/TitanEngine/TitanEngine.Debugger.Memory.cpp b/TitanEngine/TitanEngine.Debugger.Memory.cpp index 748e254..04f7fac 100644 --- a/TitanEngine/TitanEngine.Debugger.Memory.cpp +++ b/TitanEngine/TitanEngine.Debugger.Memory.cpp @@ -5,13 +5,13 @@ __declspec(dllexport) bool TITCALL MatchPatternEx(HANDLE hProcess, void* MemoryToCheck, int SizeOfMemoryToCheck, void* PatternToMatch, int SizeOfPatternToMatch, PBYTE WildCard) { - if(!MemoryToCheck || !PatternToMatch) + if(!MemoryToCheck || !PatternToMatch || !SizeOfPatternToMatch || !SizeOfMemoryToCheck) return false; - int i = 0; + BYTE intWildCard = 0; LPVOID ueReadBuffer = NULL; DynBuf ueReadBuf; - ULONG_PTR ueNumberOfBytesRead = NULL; + SIZE_T ueNumberOfBytesRead = 0; MEMORY_BASIC_INFORMATION memoryInformation = {}; PMEMORY_COMPARE_HANDLER memCmp = (PMEMORY_COMPARE_HANDLER)MemoryToCheck; PMEMORY_COMPARE_HANDLER memPattern = (PMEMORY_COMPARE_HANDLER)PatternToMatch; @@ -20,6 +20,7 @@ __declspec(dllexport) bool TITCALL MatchPatternEx(HANDLE hProcess, void* MemoryT { WildCard = &intWildCard; } + if(SizeOfMemoryToCheck >= SizeOfPatternToMatch) { if(hProcess != GetCurrentProcess()) @@ -27,57 +28,39 @@ __declspec(dllexport) bool TITCALL MatchPatternEx(HANDLE hProcess, void* MemoryT ueReadBuffer = ueReadBuf.Allocate(SizeOfMemoryToCheck); if(ueReadBuffer && !ReadProcessMemory(hProcess, MemoryToCheck, ueReadBuffer, SizeOfMemoryToCheck, &ueNumberOfBytesRead)) { - if(ueNumberOfBytesRead == NULL) + if(ueNumberOfBytesRead == 0) { if(VirtualQueryEx(hProcess, MemoryToCheck, &memoryInformation, sizeof memoryInformation) != NULL) { SizeOfMemoryToCheck = (int)((ULONG_PTR)memoryInformation.BaseAddress + memoryInformation.RegionSize - (ULONG_PTR)MemoryToCheck); if(!ReadProcessMemory(hProcess, MemoryToCheck, ueReadBuffer, SizeOfMemoryToCheck, &ueNumberOfBytesRead)) { - return(NULL); - } - else - { - memCmp = (PMEMORY_COMPARE_HANDLER)ueReadBuffer; + return false; } } else { - return(NULL); + return false; } } - else - { - memCmp = (PMEMORY_COMPARE_HANDLER)ueReadBuffer; - } } - else - { - memCmp = (PMEMORY_COMPARE_HANDLER)ueReadBuffer; - } - } - __try - { - while(SizeOfPatternToMatch > NULL) - { - if(memCmp->Array.bArrayEntry[i] != memPattern->Array.bArrayEntry[i] && memPattern->Array.bArrayEntry[i] != *WildCard) - { - return false; - } - SizeOfPatternToMatch--; - i++; - } - return true; - } - __except(EXCEPTION_EXECUTE_HANDLER) - { - return false; + + memCmp = (PMEMORY_COMPARE_HANDLER)ueReadBuffer; } } - else + + if(memCmp) { - return false; + for(int i=0; iArray.bArrayEntry[i] != memPattern->Array.bArrayEntry[i] && memPattern->Array.bArrayEntry[i] != *WildCard) + { + return false; + } + } } + + return true; } __declspec(dllexport) bool TITCALL MatchPattern(void* MemoryToCheck, int SizeOfMemoryToCheck, void* PatternToMatch, int SizeOfPatternToMatch, PBYTE WildCard) { @@ -93,9 +76,9 @@ __declspec(dllexport) bool TITCALL MatchPattern(void* MemoryToCheck, int SizeOfM } __declspec(dllexport) long long TITCALL FindEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, LPBYTE WildCard) { + if(!hProcess || !MemoryStart ||!MemorySize || !SearchPattern || !PatternSize) + return 0; - int i = NULL; - int j = NULL; ULONG_PTR Return = NULL; LPVOID ueReadBuffer = NULL; DynBuf ueReadBuf; @@ -111,74 +94,50 @@ __declspec(dllexport) long long TITCALL FindEx(HANDLE hProcess, LPVOID MemorySta { WildCard = &nWildCard; } - if(hProcess != NULL && MemoryStart != NULL && MemorySize != NULL) + + if(hProcess != GetCurrentProcess()) { - if(hProcess != GetCurrentProcess()) + ueReadBuffer = ueReadBuf.Allocate(MemorySize); + if(ueReadBuffer && !ReadProcessMemory(hProcess, MemoryStart, ueReadBuffer, MemorySize, &ueNumberOfBytesRead)) { - ueReadBuffer = ueReadBuf.Allocate(MemorySize); - if(ueReadBuffer && !ReadProcessMemory(hProcess, MemoryStart, ueReadBuffer, MemorySize, &ueNumberOfBytesRead)) + if(ueNumberOfBytesRead == NULL) { - if(ueNumberOfBytesRead == NULL) + if(VirtualQueryEx(hProcess, MemoryStart, &memoryInformation, sizeof memoryInformation) != NULL) { - if(VirtualQueryEx(hProcess, MemoryStart, &memoryInformation, sizeof memoryInformation) != NULL) + MemorySize = (DWORD)((ULONG_PTR)memoryInformation.BaseAddress + memoryInformation.RegionSize - (ULONG_PTR)MemoryStart); + if(!ReadProcessMemory(hProcess, MemoryStart, ueReadBuffer, MemorySize, &ueNumberOfBytesRead)) { - MemorySize = (DWORD)((ULONG_PTR)memoryInformation.BaseAddress + memoryInformation.RegionSize - (ULONG_PTR)MemoryStart); - if(!ReadProcessMemory(hProcess, MemoryStart, ueReadBuffer, MemorySize, &ueNumberOfBytesRead)) - { - return(NULL); - } - else - { - SearchBuffer = (PUCHAR)ueReadBuffer; - } - } - else - { - return(NULL); + return 0; } } else { - SearchBuffer = (PUCHAR)ueReadBuffer; + return 0; } } - else - { - SearchBuffer = (PUCHAR)ueReadBuffer; - } - } - else - { - SearchBuffer = (PUCHAR)MemoryStart; - } - __try - { - CompareBuffer = (PUCHAR)SearchPattern; - for(i = 0; i < (int)MemorySize && Return == NULL; i++) - { - for(j = 0; j < (int)PatternSize; j++) - { - if(CompareBuffer[j] != *(PUCHAR)WildCard && SearchBuffer[i + j] != CompareBuffer[j]) - { - break; - } - } - if(j == (int)PatternSize) - { - Return = (ULONG_PTR)MemoryStart + i; - } - } - return(Return); - } - __except(EXCEPTION_EXECUTE_HANDLER) - { - return(NULL); } } - else + + SearchBuffer = (PUCHAR)MemoryStart; + CompareBuffer = (PUCHAR)SearchPattern; + + DWORD i,j; + for(i=0; i < MemorySize && Return == NULL; i++) { - return(NULL); + for(j=0; j < PatternSize; j++) + { + if(CompareBuffer[j] != *(PUCHAR)WildCard && SearchBuffer[i + j] != CompareBuffer[j]) + { + break; + } + } + if(j == PatternSize) + { + Return = (ULONG_PTR)MemoryStart + i; + } } + + return Return; } extern "C" __declspec(dllexport) long long TITCALL Find(LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, LPBYTE WildCard) diff --git a/TitanEngine/TitanEngine.Dumper.cpp b/TitanEngine/TitanEngine.Dumper.cpp index ce6de1e..cff4d94 100644 --- a/TitanEngine/TitanEngine.Dumper.cpp +++ b/TitanEngine/TitanEngine.Dumper.cpp @@ -17,7 +17,6 @@ __declspec(dllexport) bool TITCALL DumpProcess(HANDLE hProcess, LPVOID ImageBase __declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBase, wchar_t* szDumpFileName, ULONG_PTR EntryPoint) { - int i = 0; PIMAGE_DOS_HEADER DOSHeader; PIMAGE_DOS_HEADER DOSFixHeader; PIMAGE_NT_HEADERS32 PEHeader32; @@ -46,7 +45,7 @@ __declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBas DOSHeader = (PIMAGE_DOS_HEADER)ueReadBuffer; PEHeader32 = (PIMAGE_NT_HEADERS32)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew); - if ((DOSHeader->e_lfanew > 0x500) || (DOSHeader->e_magic != IMAGE_DOS_SIGNATURE) || (PEHeader32->Signature != IMAGE_NT_SIGNATURE)) + if((DOSHeader->e_lfanew > 0x500) || (DOSHeader->e_magic != IMAGE_DOS_SIGNATURE) || (PEHeader32->Signature != IMAGE_NT_SIGNATURE)) { if(CalculatedHeaderSize % 0x1000 == NULL) { @@ -109,7 +108,7 @@ __declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBas { if(ReadProcessMemory(hProcess, ImageBase, ueCopyBuffer, AlignedHeaderSize, &ueNumberOfBytesRead)) { - __try + if(ueCopyBuffer) { DOSFixHeader = (PIMAGE_DOS_HEADER)ueCopyBuffer; PEFixHeader32 = (PIMAGE_NT_HEADERS32)((ULONG_PTR)DOSFixHeader + DOSFixHeader->e_lfanew); @@ -120,8 +119,7 @@ __declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBas } PEFixHeader32->OptionalHeader.AddressOfEntryPoint = (DWORD)(EntryPoint - (ULONG_PTR)ImageBase); PEFixHeader32->OptionalHeader.ImageBase = (DWORD)((ULONG_PTR)ImageBase); - i = NumberOfSections; - while(i >= 1) + for(int i=NumberOfSections; i>=1; i--) { PEFixSection->PointerToRawData = PEFixSection->VirtualAddress; RealignedVirtualSize = (PEFixSection->Misc.VirtualSize / PEHeader32->OptionalHeader.SectionAlignment) * PEHeader32->OptionalHeader.SectionAlignment; @@ -132,7 +130,6 @@ __declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBas PEFixSection->SizeOfRawData = RealignedVirtualSize; PEFixSection->Misc.VirtualSize = RealignedVirtualSize; PEFixSection = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PEFixSection + IMAGE_SIZEOF_SECTION_HEADER); - i--; } WriteFile(hFile, ueCopyBuffer, (DWORD)AlignedHeaderSize, &uedNumberOfBytesRead, NULL); ReadBase = (LPVOID)((ULONG_PTR)ReadBase + AlignedHeaderSize - TITANENGINE_PAGESIZE); @@ -162,10 +159,6 @@ __declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBas EngineCloseHandle(hFile); return true; } - __except(EXCEPTION_EXECUTE_HANDLER) - { - - } } } }//PE32 Handler @@ -189,7 +182,7 @@ __declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBas { if(ReadProcessMemory(hProcess, ImageBase, ueCopyBuffer, AlignedHeaderSize, &ueNumberOfBytesRead)) { - __try + if(ueCopyBuffer) { DOSFixHeader = (PIMAGE_DOS_HEADER)ueCopyBuffer; PEFixHeader64 = (PIMAGE_NT_HEADERS64)((ULONG_PTR)DOSFixHeader + DOSFixHeader->e_lfanew); @@ -200,8 +193,7 @@ __declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBas } PEFixHeader64->OptionalHeader.AddressOfEntryPoint = (DWORD)(EntryPoint - (ULONG_PTR)ImageBase); PEFixHeader64->OptionalHeader.ImageBase = (DWORD64)((ULONG_PTR)ImageBase); - i = NumberOfSections; - while(i >= 1) + for(int i=NumberOfSections; i>=1; i--) { PEFixSection->PointerToRawData = PEFixSection->VirtualAddress; RealignedVirtualSize = (PEFixSection->Misc.VirtualSize / PEHeader64->OptionalHeader.SectionAlignment) * PEHeader64->OptionalHeader.SectionAlignment; @@ -212,7 +204,6 @@ __declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBas PEFixSection->SizeOfRawData = RealignedVirtualSize; PEFixSection->Misc.VirtualSize = RealignedVirtualSize; PEFixSection = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PEFixSection + IMAGE_SIZEOF_SECTION_HEADER); - i--; } WriteFile(hFile,ueCopyBuffer, (DWORD)AlignedHeaderSize, &uedNumberOfBytesRead, NULL); ReadBase = (LPVOID)((ULONG_PTR)ReadBase + (DWORD)AlignedHeaderSize - TITANENGINE_PAGESIZE); @@ -242,9 +233,6 @@ __declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBas EngineCloseHandle(hFile); return true; } - __except(EXCEPTION_EXECUTE_HANDLER) - { - } } } }//PE64 Handler @@ -255,9 +243,6 @@ __declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBas { EngineCloseHandle(hFile); } - if (ueReadBuffer != 0) - { - } return false; } diff --git a/TitanEngine/TitanEngine.Exporter.cpp b/TitanEngine/TitanEngine.Exporter.cpp index 2720c29..83574ef 100644 --- a/TitanEngine/TitanEngine.Exporter.cpp +++ b/TitanEngine/TitanEngine.Exporter.cpp @@ -205,15 +205,8 @@ __declspec(dllexport) bool TITCALL ExporterBuildExportTable(ULONG_PTR StorePlace RtlMoveMemory(expBuildExportDataCWP, &expOrdinals, 2 * expExportNumber); expBuildExportDataCWP = (LPVOID)((ULONG_PTR)expBuildExportDataCWP + 2 * expExportNumber); RtlMoveMemory(expBuildExportData, &expExportData, sizeof IMAGE_EXPORT_DIRECTORY); - __try - { - RtlMoveMemory((LPVOID)StorePlace, expBuildExportData, (DWORD)((ULONG_PTR)expBuildExportDataCWP - (ULONG_PTR)expBuildExportData)); - } - __except(EXCEPTION_EXECUTE_HANDLER) - { - ExporterCleanup(); - return false; - } + + RtlMoveMemory((LPVOID)StorePlace, expBuildExportData, (DWORD)((ULONG_PTR)expBuildExportDataCWP - (ULONG_PTR)expBuildExportData)); if(FileMapVA != NULL) { diff --git a/TitanEngine/TitanEngine.PE.Section.cpp b/TitanEngine/TitanEngine.PE.Section.cpp index 6ee4bac..306d9d0 100644 --- a/TitanEngine/TitanEngine.PE.Section.cpp +++ b/TitanEngine/TitanEngine.PE.Section.cpp @@ -200,7 +200,7 @@ __declspec(dllexport) bool TITCALL ResortFileSectionsW(wchar_t* szFileName) if(!FileIs64) { sortedFileName = sortedFileNameBuf.Allocate(FileSize); - __try + if(sortedFileName) { RtlMoveMemory(sortedFileName, (LPVOID)FileMapVA, FileSize); SectionNumber = PEHeader32->FileHeader.NumberOfSections; @@ -257,7 +257,7 @@ __declspec(dllexport) bool TITCALL ResortFileSectionsW(wchar_t* szFileName) return true; } } - __except(EXCEPTION_EXECUTE_HANDLER) + else { UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA); RemoveGarbageItem(szBackupItem, true); @@ -267,7 +267,7 @@ __declspec(dllexport) bool TITCALL ResortFileSectionsW(wchar_t* szFileName) else { sortedFileName = sortedFileNameBuf.Allocate(FileSize); - __try + if(sortedFileName) { RtlMoveMemory(sortedFileName, (LPVOID)FileMapVA, FileSize); SectionNumber = PEHeader64->FileHeader.NumberOfSections; @@ -324,7 +324,7 @@ __declspec(dllexport) bool TITCALL ResortFileSectionsW(wchar_t* szFileName) return true; } } - __except(EXCEPTION_EXECUTE_HANDLER) + else { UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA); RemoveGarbageItem(szBackupItem, true);