- fixed c++ headers (thanks to cypher)

- removed kernelbase.dll ignore
2013-10-13 18:23:46 +02:00 · 2013-10-13 18:23:46 +02:00 · 3e262f2ef1
parent fd1ebea613
commit 3e262f2ef1
10 changed files with 647 additions and 648 deletions
--- a/Release/x32/TitanEngine.dll
+++ b/Release/x32/TitanEngine.dll
--- a/Release/x32/TitanEngine.exp
+++ b/Release/x32/TitanEngine.exp
--- a/Release/x32/TitanEngine.lib
+++ b/Release/x32/TitanEngine.lib
--- a/Release/x64/TitanEngine.dll
+++ b/Release/x64/TitanEngine.dll
--- a/Release/x64/TitanEngine.exp
+++ b/Release/x64/TitanEngine.exp
--- a/Release/x64/TitanEngine.lib
+++ b/Release/x64/TitanEngine.lib
--- a/SDK/C/TitanEngine.h
+++ b/SDK/C/TitanEngine.h
@ -301,6 +301,12 @@ typedef struct
    DWORD NumberOfRvaAndSizes;
 } PE64Struct, *PPE64Struct;
 #if defined(_WIN64)
 typedef PE64Struct PEStruct;
 #else
 typedef PE32Struct PEStruct;
 #endif
 typedef struct
 {
    bool NewDll;
--- a/SDK/CPP/TitanEngine.h
+++ b/SDK/CPP/TitanEngine.h
--- a/SDK/CPP/TitanEngine.hpp
+++ b/SDK/CPP/TitanEngine.hpp
@ -138,8 +138,6 @@ enum ePE32Data : DWORD
 	UE_SECTIONFLAGS = UE::UE_SECTIONFLAGS
 };
 const long UE_VANOTFOUND = UE::UE_VANOTFOUND;
 enum eCustomException : DWORD
 {
 	UE_CH_BREAKPOINT = UE::UE_CH_BREAKPOINT,
--- a/TitanEngine/TitanEngine.cpp
+++ b/TitanEngine/TitanEngine.cpp
@ -1765,7 +1765,7 @@ long long EngineGlobalAPIHandler(HANDLE handleProcess, ULONG_PTR EnumedModulesBa
    ULONG_PTR ForwarderData = NULL;
    unsigned int ClosestAPI = 0x1000;
    int Vista64UserForwarderFix = 0;
-    int Windows7KernelBase = -1;
+    unsigned int Windows7KernelBase = 0xFFFFFFFF;
    RtlZeroMemory(&engineFoundDLLName, 512);
    RtlZeroMemory(&EnumeratedModules, 0x2000 * sizeof ULONG_PTR);
@ -1804,11 +1804,10 @@ long long EngineGlobalAPIHandler(HANDLE handleProcess, ULONG_PTR EnumedModulesBa
            if(Vista64UserForwarderFix == NULL)
            {
                GetModuleBaseNameA(hProcess, (HMODULE)EnumeratedModules[y], (LPSTR)RemoteDLLName, MAX_PATH);
-                if(lstrcmpiA(RemoteDLLName, "user32.dll") == NULL)
+                if(!lstrcmpiA(RemoteDLLName, "user32.dll"))
                {
                    Vista64UserForwarderFix = y;
-                }
+                //NOTE: this code is used to ignore all APIs inside kernelbase.dll
-                /*else if(lstrcmpiA(RemoteDLLName, "kernelbase.dll") == NULL)
+                else if(!lstrcmpiA(RemoteDLLName, "kernelbase.dll"))
                {
                    GetModuleFileNameExA(hProcess, (HMODULE)EnumeratedModules[y], (LPSTR)RemoteDLLName, MAX_PATH);
                    RemoteDLLName[lstrlenA(szWindowsKernelBase)] = 0x00;
@ -1816,20 +1815,21 @@ long long EngineGlobalAPIHandler(HANDLE handleProcess, ULONG_PTR EnumedModulesBa
                    {
                        Windows7KernelBase = y;
                    }
-                }*/
+                }
            }
            y++;
        }
        while(APINameFound == false && EnumeratedModules[i] != NULL)
        {
-            if(i == Windows7KernelBase)
+            //NOTE: un-comment when kernelbase should be ignored
            /*if(i == Windows7KernelBase)
            {
                i++;
                if(EnumeratedModules[i] == NULL)
                {
                    break;
                }
-            }
+            }*/
            ValidateHeader = false;
            RtlZeroMemory(&RemoteDLLName, MAX_PATH);
            GetModuleFileNameExA(hProcess, (HMODULE)EnumeratedModules[i], (LPSTR)RemoteDLLName, MAX_PATH);