x64dbg
/
TitanEngine
mirror of https://github.com/x64dbg/TitanEngine
1
0
Fork 0
Code Releases Activity

removed _try..._catch blocks that prevented a successfull compilation with DynBuf

This commit is contained in:
deep0 2014-03-12 10:38:24 +01:00
parent 61fdb34693
commit 3cb15ef49f
4 changed files with 62 additions and 125 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

101
TitanEngine/TitanEngine.Debugger.Memory.cpp
View File

@ -5,13 +5,13 @@
__declspec(dllexport) bool TITCALL MatchPatternEx(HANDLE hProcess, void* MemoryToCheck, int SizeOfMemoryToCheck, void* PatternToMatch, int SizeOfPatternToMatch, PBYTE WildCard) __declspec(dllexport) bool TITCALL MatchPatternEx(HANDLE hProcess, void* MemoryToCheck, int SizeOfMemoryToCheck, void* PatternToMatch, int SizeOfPatternToMatch, PBYTE WildCard)
{ {
if(!MemoryToCheck || !PatternToMatch) if(!MemoryToCheck || !PatternToMatch || !SizeOfPatternToMatch || !SizeOfMemoryToCheck)
return false; return false;
int i = 0;
BYTE intWildCard = 0; BYTE intWildCard = 0;
LPVOID ueReadBuffer = NULL; LPVOID ueReadBuffer = NULL;
DynBuf ueReadBuf; DynBuf ueReadBuf;
ULONG_PTR ueNumberOfBytesRead = NULL; SIZE_T ueNumberOfBytesRead = 0;
MEMORY_BASIC_INFORMATION memoryInformation = {}; MEMORY_BASIC_INFORMATION memoryInformation = {};
PMEMORY_COMPARE_HANDLER memCmp = (PMEMORY_COMPARE_HANDLER)MemoryToCheck; PMEMORY_COMPARE_HANDLER memCmp = (PMEMORY_COMPARE_HANDLER)MemoryToCheck;
PMEMORY_COMPARE_HANDLER memPattern = (PMEMORY_COMPARE_HANDLER)PatternToMatch; PMEMORY_COMPARE_HANDLER memPattern = (PMEMORY_COMPARE_HANDLER)PatternToMatch;
@ -20,6 +20,7 @@ __declspec(dllexport) bool TITCALL MatchPatternEx(HANDLE hProcess, void* MemoryT
{ {
WildCard = &intWildCard; WildCard = &intWildCard;
} }
if(SizeOfMemoryToCheck >= SizeOfPatternToMatch) if(SizeOfMemoryToCheck >= SizeOfPatternToMatch)
{ {
if(hProcess != GetCurrentProcess()) if(hProcess != GetCurrentProcess())
@ -27,57 +28,39 @@ __declspec(dllexport) bool TITCALL MatchPatternEx(HANDLE hProcess, void* MemoryT
ueReadBuffer = ueReadBuf.Allocate(SizeOfMemoryToCheck); ueReadBuffer = ueReadBuf.Allocate(SizeOfMemoryToCheck);
if(ueReadBuffer && !ReadProcessMemory(hProcess, MemoryToCheck, ueReadBuffer, SizeOfMemoryToCheck, &ueNumberOfBytesRead)) if(ueReadBuffer && !ReadProcessMemory(hProcess, MemoryToCheck, ueReadBuffer, SizeOfMemoryToCheck, &ueNumberOfBytesRead))
{ {
if(ueNumberOfBytesRead == NULL) if(ueNumberOfBytesRead == 0)
{ {
if(VirtualQueryEx(hProcess, MemoryToCheck, &memoryInformation, sizeof memoryInformation) != NULL) if(VirtualQueryEx(hProcess, MemoryToCheck, &memoryInformation, sizeof memoryInformation) != NULL)
{ {
SizeOfMemoryToCheck = (int)((ULONG_PTR)memoryInformation.BaseAddress + memoryInformation.RegionSize - (ULONG_PTR)MemoryToCheck); SizeOfMemoryToCheck = (int)((ULONG_PTR)memoryInformation.BaseAddress + memoryInformation.RegionSize - (ULONG_PTR)MemoryToCheck);
if(!ReadProcessMemory(hProcess, MemoryToCheck, ueReadBuffer, SizeOfMemoryToCheck, &ueNumberOfBytesRead)) if(!ReadProcessMemory(hProcess, MemoryToCheck, ueReadBuffer, SizeOfMemoryToCheck, &ueNumberOfBytesRead))
{ {
return(NULL); return false;
}
} }
else else
{ {
return false;
}
}
}
memCmp = (PMEMORY_COMPARE_HANDLER)ueReadBuffer; memCmp = (PMEMORY_COMPARE_HANDLER)ueReadBuffer;
} }
} }
else
if(memCmp)
{ {
return(NULL); for(int i=0; i<SizeOfMemoryToCheck && i<SizeOfPatternToMatch; i++)
}
}
else
{
memCmp = (PMEMORY_COMPARE_HANDLER)ueReadBuffer;
}
}
else
{
memCmp = (PMEMORY_COMPARE_HANDLER)ueReadBuffer;
}
}
__try
{
while(SizeOfPatternToMatch > NULL)
{ {
if(memCmp->Array.bArrayEntry[i] != memPattern->Array.bArrayEntry[i] && memPattern->Array.bArrayEntry[i] != *WildCard) if(memCmp->Array.bArrayEntry[i] != memPattern->Array.bArrayEntry[i] && memPattern->Array.bArrayEntry[i] != *WildCard)
{ {
return false; return false;
} }
SizeOfPatternToMatch--;
i++;
} }
}
return true; return true;
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
return false;
}
}
else
{
return false;
}
} }
__declspec(dllexport) bool TITCALL MatchPattern(void* MemoryToCheck, int SizeOfMemoryToCheck, void* PatternToMatch, int SizeOfPatternToMatch, PBYTE WildCard) __declspec(dllexport) bool TITCALL MatchPattern(void* MemoryToCheck, int SizeOfMemoryToCheck, void* PatternToMatch, int SizeOfPatternToMatch, PBYTE WildCard)
{ {
@ -93,9 +76,9 @@ __declspec(dllexport) bool TITCALL MatchPattern(void* MemoryToCheck, int SizeOfM
} }
__declspec(dllexport) long long TITCALL FindEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, LPBYTE WildCard) __declspec(dllexport) long long TITCALL FindEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, LPBYTE WildCard)
{ {
if(!hProcess || !MemoryStart ||!MemorySize || !SearchPattern || !PatternSize)
return 0;
int i = NULL;
int j = NULL;
ULONG_PTR Return = NULL; ULONG_PTR Return = NULL;
LPVOID ueReadBuffer = NULL; LPVOID ueReadBuffer = NULL;
DynBuf ueReadBuf; DynBuf ueReadBuf;
@ -111,8 +94,7 @@ __declspec(dllexport) long long TITCALL FindEx(HANDLE hProcess, LPVOID MemorySta
{ {
WildCard = &nWildCard; WildCard = &nWildCard;
} }
if(hProcess != NULL && MemoryStart != NULL && MemorySize != NULL)
{
if(hProcess != GetCurrentProcess()) if(hProcess != GetCurrentProcess())
{ {
ueReadBuffer = ueReadBuf.Allocate(MemorySize); ueReadBuffer = ueReadBuf.Allocate(MemorySize);
@ -125,60 +107,37 @@ __declspec(dllexport) long long TITCALL FindEx(HANDLE hProcess, LPVOID MemorySta
MemorySize = (DWORD)((ULONG_PTR)memoryInformation.BaseAddress + memoryInformation.RegionSize - (ULONG_PTR)MemoryStart); MemorySize = (DWORD)((ULONG_PTR)memoryInformation.BaseAddress + memoryInformation.RegionSize - (ULONG_PTR)MemoryStart);
if(!ReadProcessMemory(hProcess, MemoryStart, ueReadBuffer, MemorySize, &ueNumberOfBytesRead)) if(!ReadProcessMemory(hProcess, MemoryStart, ueReadBuffer, MemorySize, &ueNumberOfBytesRead))
{ {
return(NULL); return 0;
}
else
{
SearchBuffer = (PUCHAR)ueReadBuffer;
} }
} }
else else
{ {
return(NULL); return 0;
} }
} }
else
{
SearchBuffer = (PUCHAR)ueReadBuffer;
} }
} }
else
{
SearchBuffer = (PUCHAR)ueReadBuffer;
}
}
else
{
SearchBuffer = (PUCHAR)MemoryStart; SearchBuffer = (PUCHAR)MemoryStart;
}
__try
{
CompareBuffer = (PUCHAR)SearchPattern; CompareBuffer = (PUCHAR)SearchPattern;
for(i = 0; i < (int)MemorySize && Return == NULL; i++)
DWORD i,j;
for(i=0; i < MemorySize && Return == NULL; i++)
{ {
for(j = 0; j < (int)PatternSize; j++) for(j=0; j < PatternSize; j++)
{ {
if(CompareBuffer[j] != *(PUCHAR)WildCard && SearchBuffer[i + j] != CompareBuffer[j]) if(CompareBuffer[j] != *(PUCHAR)WildCard && SearchBuffer[i + j] != CompareBuffer[j])
{ {
break; break;
} }
} }
if(j == (int)PatternSize) if(j == PatternSize)
{ {
Return = (ULONG_PTR)MemoryStart + i; Return = (ULONG_PTR)MemoryStart + i;
} }
} }
return(Return);
} return Return;
__except(EXCEPTION_EXECUTE_HANDLER)
{
return(NULL);
}
}
else
{
return(NULL);
}
} }
extern "C" __declspec(dllexport) long long TITCALL Find(LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, LPBYTE WildCard) extern "C" __declspec(dllexport) long long TITCALL Find(LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, LPBYTE WildCard)

25
TitanEngine/TitanEngine.Dumper.cpp
View File

@ -17,7 +17,6 @@ __declspec(dllexport) bool TITCALL DumpProcess(HANDLE hProcess, LPVOID ImageBase
__declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBase, wchar_t* szDumpFileName, ULONG_PTR EntryPoint) __declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBase, wchar_t* szDumpFileName, ULONG_PTR EntryPoint)
{ {
int i = 0;
PIMAGE_DOS_HEADER DOSHeader; PIMAGE_DOS_HEADER DOSHeader;
PIMAGE_DOS_HEADER DOSFixHeader; PIMAGE_DOS_HEADER DOSFixHeader;
PIMAGE_NT_HEADERS32 PEHeader32; PIMAGE_NT_HEADERS32 PEHeader32;
@ -46,7 +45,7 @@ __declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBas
DOSHeader = (PIMAGE_DOS_HEADER)ueReadBuffer; DOSHeader = (PIMAGE_DOS_HEADER)ueReadBuffer;
PEHeader32 = (PIMAGE_NT_HEADERS32)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew); PEHeader32 = (PIMAGE_NT_HEADERS32)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
if ((DOSHeader->e_lfanew > 0x500) || (DOSHeader->e_magic != IMAGE_DOS_SIGNATURE) || (PEHeader32->Signature != IMAGE_NT_SIGNATURE)) if((DOSHeader->e_lfanew > 0x500) || (DOSHeader->e_magic != IMAGE_DOS_SIGNATURE) || (PEHeader32->Signature != IMAGE_NT_SIGNATURE))
{ {
if(CalculatedHeaderSize % 0x1000 == NULL) if(CalculatedHeaderSize % 0x1000 == NULL)
{ {
@ -109,7 +108,7 @@ __declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBas
{ {
if(ReadProcessMemory(hProcess, ImageBase, ueCopyBuffer, AlignedHeaderSize, &ueNumberOfBytesRead)) if(ReadProcessMemory(hProcess, ImageBase, ueCopyBuffer, AlignedHeaderSize, &ueNumberOfBytesRead))
{ {
__try if(ueCopyBuffer)
{ {
DOSFixHeader = (PIMAGE_DOS_HEADER)ueCopyBuffer; DOSFixHeader = (PIMAGE_DOS_HEADER)ueCopyBuffer;
PEFixHeader32 = (PIMAGE_NT_HEADERS32)((ULONG_PTR)DOSFixHeader + DOSFixHeader->e_lfanew); PEFixHeader32 = (PIMAGE_NT_HEADERS32)((ULONG_PTR)DOSFixHeader + DOSFixHeader->e_lfanew);
@ -120,8 +119,7 @@ __declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBas
} }
PEFixHeader32->OptionalHeader.AddressOfEntryPoint = (DWORD)(EntryPoint - (ULONG_PTR)ImageBase); PEFixHeader32->OptionalHeader.AddressOfEntryPoint = (DWORD)(EntryPoint - (ULONG_PTR)ImageBase);
PEFixHeader32->OptionalHeader.ImageBase = (DWORD)((ULONG_PTR)ImageBase); PEFixHeader32->OptionalHeader.ImageBase = (DWORD)((ULONG_PTR)ImageBase);
i = NumberOfSections; for(int i=NumberOfSections; i>=1; i--)
while(i >= 1)
{ {
PEFixSection->PointerToRawData = PEFixSection->VirtualAddress; PEFixSection->PointerToRawData = PEFixSection->VirtualAddress;
RealignedVirtualSize = (PEFixSection->Misc.VirtualSize / PEHeader32->OptionalHeader.SectionAlignment) * PEHeader32->OptionalHeader.SectionAlignment; RealignedVirtualSize = (PEFixSection->Misc.VirtualSize / PEHeader32->OptionalHeader.SectionAlignment) * PEHeader32->OptionalHeader.SectionAlignment;
@ -132,7 +130,6 @@ __declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBas
PEFixSection->SizeOfRawData = RealignedVirtualSize; PEFixSection->SizeOfRawData = RealignedVirtualSize;
PEFixSection->Misc.VirtualSize = RealignedVirtualSize; PEFixSection->Misc.VirtualSize = RealignedVirtualSize;
PEFixSection = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PEFixSection + IMAGE_SIZEOF_SECTION_HEADER); PEFixSection = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PEFixSection + IMAGE_SIZEOF_SECTION_HEADER);
i--;
} }
WriteFile(hFile, ueCopyBuffer, (DWORD)AlignedHeaderSize, &uedNumberOfBytesRead, NULL); WriteFile(hFile, ueCopyBuffer, (DWORD)AlignedHeaderSize, &uedNumberOfBytesRead, NULL);
ReadBase = (LPVOID)((ULONG_PTR)ReadBase + AlignedHeaderSize - TITANENGINE_PAGESIZE); ReadBase = (LPVOID)((ULONG_PTR)ReadBase + AlignedHeaderSize - TITANENGINE_PAGESIZE);
@ -162,10 +159,6 @@ __declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBas
EngineCloseHandle(hFile); EngineCloseHandle(hFile);
return true; return true;
} }
__except(EXCEPTION_EXECUTE_HANDLER)
{
}
} }
} }
}//PE32 Handler }//PE32 Handler
@ -189,7 +182,7 @@ __declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBas
{ {
if(ReadProcessMemory(hProcess, ImageBase, ueCopyBuffer, AlignedHeaderSize, &ueNumberOfBytesRead)) if(ReadProcessMemory(hProcess, ImageBase, ueCopyBuffer, AlignedHeaderSize, &ueNumberOfBytesRead))
{ {
__try if(ueCopyBuffer)
{ {
DOSFixHeader = (PIMAGE_DOS_HEADER)ueCopyBuffer; DOSFixHeader = (PIMAGE_DOS_HEADER)ueCopyBuffer;
PEFixHeader64 = (PIMAGE_NT_HEADERS64)((ULONG_PTR)DOSFixHeader + DOSFixHeader->e_lfanew); PEFixHeader64 = (PIMAGE_NT_HEADERS64)((ULONG_PTR)DOSFixHeader + DOSFixHeader->e_lfanew);
@ -200,8 +193,7 @@ __declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBas
} }
PEFixHeader64->OptionalHeader.AddressOfEntryPoint = (DWORD)(EntryPoint - (ULONG_PTR)ImageBase); PEFixHeader64->OptionalHeader.AddressOfEntryPoint = (DWORD)(EntryPoint - (ULONG_PTR)ImageBase);
PEFixHeader64->OptionalHeader.ImageBase = (DWORD64)((ULONG_PTR)ImageBase); PEFixHeader64->OptionalHeader.ImageBase = (DWORD64)((ULONG_PTR)ImageBase);
i = NumberOfSections; for(int i=NumberOfSections; i>=1; i--)
while(i >= 1)
{ {
PEFixSection->PointerToRawData = PEFixSection->VirtualAddress; PEFixSection->PointerToRawData = PEFixSection->VirtualAddress;
RealignedVirtualSize = (PEFixSection->Misc.VirtualSize / PEHeader64->OptionalHeader.SectionAlignment) * PEHeader64->OptionalHeader.SectionAlignment; RealignedVirtualSize = (PEFixSection->Misc.VirtualSize / PEHeader64->OptionalHeader.SectionAlignment) * PEHeader64->OptionalHeader.SectionAlignment;
@ -212,7 +204,6 @@ __declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBas
PEFixSection->SizeOfRawData = RealignedVirtualSize; PEFixSection->SizeOfRawData = RealignedVirtualSize;
PEFixSection->Misc.VirtualSize = RealignedVirtualSize; PEFixSection->Misc.VirtualSize = RealignedVirtualSize;
PEFixSection = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PEFixSection + IMAGE_SIZEOF_SECTION_HEADER); PEFixSection = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PEFixSection + IMAGE_SIZEOF_SECTION_HEADER);
i--;
} }
WriteFile(hFile,ueCopyBuffer, (DWORD)AlignedHeaderSize, &uedNumberOfBytesRead, NULL); WriteFile(hFile,ueCopyBuffer, (DWORD)AlignedHeaderSize, &uedNumberOfBytesRead, NULL);
ReadBase = (LPVOID)((ULONG_PTR)ReadBase + (DWORD)AlignedHeaderSize - TITANENGINE_PAGESIZE); ReadBase = (LPVOID)((ULONG_PTR)ReadBase + (DWORD)AlignedHeaderSize - TITANENGINE_PAGESIZE);
@ -242,9 +233,6 @@ __declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBas
EngineCloseHandle(hFile); EngineCloseHandle(hFile);
return true; return true;
} }
__except(EXCEPTION_EXECUTE_HANDLER)
{
}
} }
} }
}//PE64 Handler }//PE64 Handler
@ -255,9 +243,6 @@ __declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBas
{ {
EngineCloseHandle(hFile); EngineCloseHandle(hFile);
} }
if (ueReadBuffer != 0)
{
}
return false; return false;
} }

9
TitanEngine/TitanEngine.Exporter.cpp
View File

@ -205,15 +205,8 @@ __declspec(dllexport) bool TITCALL ExporterBuildExportTable(ULONG_PTR StorePlace
RtlMoveMemory(expBuildExportDataCWP, &expOrdinals, 2 * expExportNumber); RtlMoveMemory(expBuildExportDataCWP, &expOrdinals, 2 * expExportNumber);
expBuildExportDataCWP = (LPVOID)((ULONG_PTR)expBuildExportDataCWP + 2 * expExportNumber); expBuildExportDataCWP = (LPVOID)((ULONG_PTR)expBuildExportDataCWP + 2 * expExportNumber);
RtlMoveMemory(expBuildExportData, &expExportData, sizeof IMAGE_EXPORT_DIRECTORY); RtlMoveMemory(expBuildExportData, &expExportData, sizeof IMAGE_EXPORT_DIRECTORY);
__try
{
RtlMoveMemory((LPVOID)StorePlace, expBuildExportData, (DWORD)((ULONG_PTR)expBuildExportDataCWP - (ULONG_PTR)expBuildExportData)); RtlMoveMemory((LPVOID)StorePlace, expBuildExportData, (DWORD)((ULONG_PTR)expBuildExportDataCWP - (ULONG_PTR)expBuildExportData));
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
ExporterCleanup();
return false;
}
if(FileMapVA != NULL) if(FileMapVA != NULL)
{ {

8
TitanEngine/TitanEngine.PE.Section.cpp
View File

@ -200,7 +200,7 @@ __declspec(dllexport) bool TITCALL ResortFileSectionsW(wchar_t* szFileName)
if(!FileIs64) if(!FileIs64)
{ {
sortedFileName = sortedFileNameBuf.Allocate(FileSize); sortedFileName = sortedFileNameBuf.Allocate(FileSize);
__try if(sortedFileName)
{ {
RtlMoveMemory(sortedFileName, (LPVOID)FileMapVA, FileSize); RtlMoveMemory(sortedFileName, (LPVOID)FileMapVA, FileSize);
SectionNumber = PEHeader32->FileHeader.NumberOfSections; SectionNumber = PEHeader32->FileHeader.NumberOfSections;
@ -257,7 +257,7 @@ __declspec(dllexport) bool TITCALL ResortFileSectionsW(wchar_t* szFileName)
return true; return true;
} }
} }
__except(EXCEPTION_EXECUTE_HANDLER) else
{ {
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA); UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
RemoveGarbageItem(szBackupItem, true); RemoveGarbageItem(szBackupItem, true);
@ -267,7 +267,7 @@ __declspec(dllexport) bool TITCALL ResortFileSectionsW(wchar_t* szFileName)
else else
{ {
sortedFileName = sortedFileNameBuf.Allocate(FileSize); sortedFileName = sortedFileNameBuf.Allocate(FileSize);
__try if(sortedFileName)
{ {
RtlMoveMemory(sortedFileName, (LPVOID)FileMapVA, FileSize); RtlMoveMemory(sortedFileName, (LPVOID)FileMapVA, FileSize);
SectionNumber = PEHeader64->FileHeader.NumberOfSections; SectionNumber = PEHeader64->FileHeader.NumberOfSections;
@ -324,7 +324,7 @@ __declspec(dllexport) bool TITCALL ResortFileSectionsW(wchar_t* szFileName)
return true; return true;
} }
} }
__except(EXCEPTION_EXECUTE_HANDLER) else
{ {
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA); UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
RemoveGarbageItem(szBackupItem, true); RemoveGarbageItem(szBackupItem, true);