diff --git a/SDK/C/TitanEngine.h b/SDK/C/TitanEngine.h index 00c0e58..098bf83 100644 --- a/SDK/C/TitanEngine.h +++ b/SDK/C/TitanEngine.h @@ -740,18 +740,11 @@ __declspec(dllexport) void TITCALL FindOEPInit(); __declspec(dllexport) bool TITCALL FindOEPGenerically(char* szFileName, LPVOID TraceInitCallBack, LPVOID CallBack); __declspec(dllexport) bool TITCALL FindOEPGenericallyW(wchar_t* szFileName, LPVOID TraceInitCallBack, LPVOID CallBack); // TitanEngine.Importer.functions: -__declspec(dllexport) void TITCALL ImporterCleanup(); -__declspec(dllexport) void TITCALL ImporterSetImageBase(ULONG_PTR ImageBase); -__declspec(dllexport) void TITCALL ImporterSetUnknownDelta(ULONG_PTR DeltaAddress); -__declspec(dllexport) long long TITCALL ImporterGetCurrentDelta(); -__declspec(dllexport) void TITCALL ImporterInit(DWORD MemorySize, ULONG_PTR ImageBase); __declspec(dllexport) void TITCALL ImporterAddNewDll(char* szDLLName, ULONG_PTR FirstThunk); __declspec(dllexport) void TITCALL ImporterAddNewAPI(char* szAPIName, ULONG_PTR ThunkValue); __declspec(dllexport) void TITCALL ImporterAddNewOrdinalAPI(ULONG_PTR OrdinalNumber, ULONG_PTR ThunkValue); __declspec(dllexport) long TITCALL ImporterGetAddedDllCount(); __declspec(dllexport) long TITCALL ImporterGetAddedAPICount(); -__declspec(dllexport) void* TITCALL ImporterGetLastAddedDLLName(); -__declspec(dllexport) void TITCALL ImporterMoveIAT(); __declspec(dllexport) bool TITCALL ImporterExportIAT(ULONG_PTR StorePlace, ULONG_PTR FileMapVA, HANDLE hFileMap); __declspec(dllexport) long TITCALL ImporterEstimatedSize(); __declspec(dllexport) bool TITCALL ImporterExportIATEx(char* szDumpFileName, char* szExportFileName, char* szSectionName); @@ -774,7 +767,6 @@ __declspec(dllexport) long TITCALL ImporterGetDLLIndexEx(ULONG_PTR APIAddress, U __declspec(dllexport) long TITCALL ImporterGetDLLIndex(HANDLE hProcess, ULONG_PTR APIAddress, ULONG_PTR DLLBasesList); __declspec(dllexport) long long TITCALL ImporterGetRemoteDLLBase(HANDLE hProcess, HMODULE LocalModuleBase); __declspec(dllexport) long long TITCALL ImporterGetRemoteDLLBaseEx(HANDLE hProcess, char* szModuleName); -__declspec(dllexport) bool TITCALL ImporterRelocateWriteLocation(ULONG_PTR AddValue); __declspec(dllexport) bool TITCALL ImporterIsForwardedAPI(HANDLE hProcess, ULONG_PTR APIAddress); __declspec(dllexport) void* TITCALL ImporterGetForwardedAPIName(HANDLE hProcess, ULONG_PTR APIAddress); __declspec(dllexport) void* TITCALL ImporterGetForwardedDLLName(HANDLE hProcess, ULONG_PTR APIAddress); diff --git a/SDK/CPP/TitanEngine.h b/SDK/CPP/TitanEngine.h index 360e117..0cc8535 100644 --- a/SDK/CPP/TitanEngine.h +++ b/SDK/CPP/TitanEngine.h @@ -739,18 +739,11 @@ __declspec(dllimport) void TITCALL FindOEPInit(); __declspec(dllimport) bool TITCALL FindOEPGenerically(char* szFileName, LPVOID TraceInitCallBack, LPVOID CallBack); __declspec(dllimport) bool TITCALL FindOEPGenericallyW(wchar_t* szFileName, LPVOID TraceInitCallBack, LPVOID CallBack); // TitanEngine.Importer.functions: -__declspec(dllimport) void TITCALL ImporterCleanup(); -__declspec(dllimport) void TITCALL ImporterSetImageBase(ULONG_PTR ImageBase); -__declspec(dllimport) void TITCALL ImporterSetUnknownDelta(ULONG_PTR DeltaAddress); -__declspec(dllimport) long long TITCALL ImporterGetCurrentDelta(); -__declspec(dllimport) void TITCALL ImporterInit(DWORD MemorySize, ULONG_PTR ImageBase); __declspec(dllimport) void TITCALL ImporterAddNewDll(char* szDLLName, ULONG_PTR FirstThunk); __declspec(dllimport) void TITCALL ImporterAddNewAPI(char* szAPIName, ULONG_PTR ThunkValue); __declspec(dllimport) void TITCALL ImporterAddNewOrdinalAPI(ULONG_PTR OrdinalNumber, ULONG_PTR ThunkValue); __declspec(dllimport) long TITCALL ImporterGetAddedDllCount(); __declspec(dllimport) long TITCALL ImporterGetAddedAPICount(); -__declspec(dllimport) void* TITCALL ImporterGetLastAddedDLLName(); -__declspec(dllimport) void TITCALL ImporterMoveIAT(); __declspec(dllimport) bool TITCALL ImporterExportIAT(ULONG_PTR StorePlace, ULONG_PTR FileMapVA, HANDLE hFileMap); __declspec(dllimport) long TITCALL ImporterEstimatedSize(); __declspec(dllimport) bool TITCALL ImporterExportIATEx(char* szDumpFileName, char* szExportFileName, char* szSectionName); @@ -772,7 +765,6 @@ __declspec(dllimport) long long TITCALL ImporterGetAPIOrdinalNumberFromDebugee(H __declspec(dllimport) long TITCALL ImporterGetDLLIndexEx(ULONG_PTR APIAddress, ULONG_PTR DLLBasesList); __declspec(dllimport) long TITCALL ImporterGetDLLIndex(HANDLE hProcess, ULONG_PTR APIAddress, ULONG_PTR DLLBasesList); __declspec(dllimport) long long TITCALL ImporterGetRemoteDLLBase(HANDLE hProcess, HMODULE LocalModuleBase); -__declspec(dllimport) bool TITCALL ImporterRelocateWriteLocation(ULONG_PTR AddValue); __declspec(dllimport) bool TITCALL ImporterIsForwardedAPI(HANDLE hProcess, ULONG_PTR APIAddress); __declspec(dllimport) void* TITCALL ImporterGetForwardedAPIName(HANDLE hProcess, ULONG_PTR APIAddress); __declspec(dllimport) void* TITCALL ImporterGetForwardedDLLName(HANDLE hProcess, ULONG_PTR APIAddress); diff --git a/SDK/CPP/TitanEngine.hpp b/SDK/CPP/TitanEngine.hpp index f74af61..a69c4ac 100644 --- a/SDK/CPP/TitanEngine.hpp +++ b/SDK/CPP/TitanEngine.hpp @@ -1647,26 +1647,6 @@ protected: typedef void (TITCALL *fImportEnumCallBack)(void* ptrImportEnumData); typedef void* (TITCALL *fImportFixCallback)(void* fIATPointer); - static void Cleanup() - { - UE::ImporterCleanup(); - } - static void SetImageBase(ULONG_PTR ImageBase) - { - UE::ImporterSetImageBase(ImageBase); - } - static void SetUnknownDelta(ULONG_PTR DeltaAddress) - { - UE::ImporterSetUnknownDelta(DeltaAddress); - } - static long long GetCurrentDelta() - { - return UE::ImporterGetCurrentDelta(); - } - static void Init(DWORD MemorySize, ULONG_PTR ImageBase) - { - UE::ImporterInit(MemorySize, ImageBase); - } static void AddNewDll(const char* szDLLName, ULONG_PTR FirstThunk) { UE::ImporterAddNewDll((char*)szDLLName, FirstThunk); @@ -1687,14 +1667,6 @@ protected: { return UE::ImporterGetAddedAPICount(); } - static const char* GetLastAddedDLLName() - { - return (const char*)UE::ImporterGetLastAddedDLLName(); - } - static void MoveIAT() - { - UE::ImporterMoveIAT(); - } static bool ExportIAT(ULONG_PTR StorePlace, ULONG_PTR FileMapVA, HANDLE hFileMap) { return UE::ImporterExportIAT(StorePlace, FileMapVA, hFileMap); @@ -1771,10 +1743,6 @@ protected: { return UE::ImporterGetRemoteDLLBase(hProcess, LocalModuleBase); } - static bool RelocateWriteLocation(ULONG_PTR AddValue) - { - return UE::ImporterRelocateWriteLocation(AddValue); - } static bool IsForwardedAPI(HANDLE hProcess, ULONG_PTR APIAddress) { return UE::ImporterIsForwardedAPI(hProcess, APIAddress); @@ -1892,18 +1860,11 @@ public: using ImporterX::fImportEnumCallBack; using ImporterX::fImportFixCallback; - using ImporterX::Cleanup; - using ImporterX::SetImageBase; - using ImporterX::SetUnknownDelta; - using ImporterX::GetCurrentDelta; - using ImporterX::Init; using ImporterX::AddNewDll; using ImporterX::AddNewAPI; using ImporterX::AddNewOrdinalAPI; using ImporterX::GetAddedDllCount; using ImporterX::GetAddedAPICount; - using ImporterX::GetLastAddedDLLName; - using ImporterX::MoveIAT; using ImporterX::ExportIAT; using ImporterX::EstimatedSize; using ImporterA::ExportIATEx; @@ -1925,7 +1886,6 @@ public: using ImporterX::GetDLLIndexEx; using ImporterX::GetDLLIndex; using ImporterX::GetRemoteDLLBase; - using ImporterX::RelocateWriteLocation; using ImporterX::IsForwardedAPI; using ImporterX::GetForwardedAPIName; using ImporterX::GetForwardedDLLName; diff --git a/TitanEngine/TitanEngine.cpp b/TitanEngine/TitanEngine.cpp index 116cdd0..6b56364 100644 --- a/TitanEngine/TitanEngine.cpp +++ b/TitanEngine/TitanEngine.cpp @@ -52,15 +52,6 @@ DWORD ProcessExitCode = 0; LPVOID hListProcess = 0; LPVOID hListThread = 0; LPVOID hListLibrary = 0; -ULONG_PTR impDeltaStart = NULL; -ULONG_PTR impDeltaCurrent = NULL; -ULONG_PTR impImageBase = 0; -DWORD impAllocSize = 20 * 1024; -DWORD impDLLNumber = 0; -bool impMoveIAT = false; -ULONG_PTR impDLLDataList[1000][2]; -ULONG_PTR impDLLStringList[1000][2]; -ULONG_PTR impOrdinalList[1000][2]; LPVOID expTableData = NULL; LPVOID expTableDataCWP = NULL; ULONG_PTR expImageBase = 0; @@ -18496,69 +18487,6 @@ __declspec(dllexport) bool TITCALL FindOEPGenericallyW(wchar_t* szFileName, LPVO return(false); } // TitanEngine.Importer.functions: -__declspec(dllexport) void TITCALL ImporterCleanup() -{ - //TODO scylla obsoleted this - return; - /* - int i = 0; - - for(i = 0; i < 1000; i++) - { - if(impDLLDataList[i][0] != NULL) - { - VirtualFree((LPVOID)(impDLLDataList[i][0]), NULL, MEM_RELEASE); - impDLLDataList[i][0] = 0; - impDLLDataList[i][1] = 0; - } - if(impDLLStringList[i][0] != NULL) - { - VirtualFree((LPVOID)(impDLLStringList[i][0]), NULL, MEM_RELEASE); - impDLLStringList[i][0] = 0; - impDLLStringList[i][1] = 0; - } - impOrdinalList[i][0] = 0; - impOrdinalList[i][1] = 0; - } - */ -} -__declspec(dllexport) void TITCALL ImporterSetImageBase(ULONG_PTR ImageBase) -{ - // scylla obsoleted this - impImageBase = ImageBase; -} -__declspec(dllexport) void TITCALL ImporterSetUnknownDelta(ULONG_PTR DeltaAddress) -{ - //scylla obsoleted this - impDeltaStart = DeltaAddress; - impDeltaCurrent = DeltaAddress; -} -__declspec(dllexport) long long TITCALL ImporterGetCurrentDelta() -{ - //scylla obsoleted this - return((ULONG_PTR)impDeltaCurrent); -} -__declspec(dllexport) void TITCALL ImporterInit(DWORD MemorySize, ULONG_PTR ImageBase) -{ - //TODO scylla obsoleted this - return; - /* - impImageBase = ImageBase; - if(MemorySize != NULL) - { - impAllocSize = MemorySize; - } - else - { - impAllocSize = 20 * 1024; - } - ImporterCleanup(); - impMoveIAT = false; - impDLLNumber = 0xFFFFFFFF; - impDeltaStart = NULL; - impDeltaCurrent = NULL; - */ -} __declspec(dllexport) void TITCALL ImporterAddNewDll(char* szDLLName, ULONG_PTR FirstThunk) { wchar_t uniDLLName[MAX_PATH] = {}; @@ -18596,24 +18524,6 @@ __declspec(dllexport) long TITCALL ImporterGetAddedAPICount() { return scylla_getImportCount(); } -__declspec(dllexport) void* TITCALL ImporterGetLastAddedDLLName() -{ - //TODO scylla enable - return NULL; - /* - if(impDLLNumber != 0xFFFFFFFF && impDLLNumber < 1000) - { - return((void*)impDLLStringList[impDLLNumber][0]); - } - else - { - return(NULL); - }*/ -} -__declspec(dllexport) void TITCALL ImporterMoveIAT() -{ - impMoveIAT = true; -} __declspec(dllexport) bool TITCALL ImporterExportIAT(ULONG_PTR StorePlace, ULONG_PTR FileMapVA, HANDLE hFileMap) { if(scylla_fixMappedDump(StorePlace, FileMapVA, hFileMap) != SCY_ERROR_SUCCESS) @@ -18836,40 +18746,6 @@ __declspec(dllexport) long long TITCALL ImporterGetRemoteDLLBaseEx(HANDLE hProce } return(NULL); } -__declspec(dllexport) bool TITCALL ImporterRelocateWriteLocation(ULONG_PTR AddValue) -{ - //TODO scylla obsoleted this - /* - unsigned int i; - ULONG_PTR RealignData = NULL; - - if(impDLLNumber >= NULL) - { - for(i = 0; i < impDLLNumber + 1; i++) - { - RtlMoveMemory(&RealignData, (LPVOID)impDLLDataList[i][0], sizeof ULONG_PTR); - RealignData = RealignData + AddValue; - RtlMoveMemory((LPVOID)impDLLDataList[i][0], &RealignData, sizeof ULONG_PTR); - RtlMoveMemory(&RealignData, (LPVOID)((ULONG_PTR)impDLLDataList[i][0] + sizeof ULONG_PTR), sizeof ULONG_PTR); - RealignData = RealignData + AddValue; - RtlMoveMemory((LPVOID)((ULONG_PTR)impDLLDataList[i][0] + sizeof ULONG_PTR), &RealignData, sizeof ULONG_PTR); - } - for(i = 0; i < 1000; i++) - { - if(impOrdinalList[i][0] != NULL && impOrdinalList[i][1] != NULL) - { - impOrdinalList[i][0] = impOrdinalList[i][0] + AddValue; - } - } - return(true); - } - else - { - return(false); - } - */ - return(false); -} __declspec(dllexport) bool TITCALL ImporterIsForwardedAPI(HANDLE hProcess, ULONG_PTR APIAddress) { if((ULONG_PTR)EngineGlobalAPIHandler(hProcess, NULL, APIAddress, NULL, UE_OPTION_IMPORTER_RETURN_FORWARDER_DLLINDEX) > NULL) @@ -26407,6 +26283,7 @@ void EngineSimplifyLoadLibraryCallBack() if(!EngineUnpackerFileImporterInit) { EngineUnpackerFileImporterInit = true; + /* broken since scylla integration but we dont care if(EngineUnpackerFileStatus.FileIsDLL) { ImporterInit(50 * 1024, (ULONG_PTR)GetDebuggedDLLBaseAddress()); @@ -26414,7 +26291,7 @@ void EngineSimplifyLoadLibraryCallBack() else { ImporterInit(50 * 1024, (ULONG_PTR)GetDebuggedFileBaseAddress()); - } + }*/ } for(int i = 0; i < (int)EngineUnpackerBreakInfo.size(); i++) { @@ -26689,7 +26566,8 @@ void EngineSimplifyEntryPointCallBack() __except(EXCEPTION_EXECUTE_HANDLER) { ForceClose(); - ImporterCleanup(); + //broken since scylla integration but we dont care + //ImporterCleanup(); if(FileMapVA > NULL) { StaticFileUnloadW(szEngineUnpackerOutputFile, false, FileHandle, FileSize, FileMap, FileMapVA); diff --git a/TitanEngine/TitanEngine.def b/TitanEngine/TitanEngine.def index 4a648e1..7de8d84 100644 --- a/TitanEngine/TitanEngine.def +++ b/TitanEngine/TitanEngine.def @@ -158,7 +158,6 @@ AutoDebugEx AutoDebugExW IsFileBeingDebugged SetErrorModel -ImporterInit ImporterAddNewDll ImporterAddNewAPI ImporterAddNewOrdinalAPI @@ -166,14 +165,8 @@ ImporterExportIAT ImporterExportIATEx ImporterExportIATExW ImporterEstimatedSize -ImporterSetImageBase -ImporterSetUnknownDelta -ImporterGetCurrentDelta -ImporterCleanup ImporterGetAddedDllCount ImporterGetAddedAPICount -ImporterGetLastAddedDLLName -ImporterMoveIAT ImporterFindAPIWriteLocation ImporterFindOrdinalAPIWriteLocation ImporterFindAPIByWriteLocation @@ -192,7 +185,6 @@ ImporterGetDLLIndexEx ImporterGetDLLIndex ImporterGetRemoteDLLBase ImporterGetRemoteDLLBaseEx -ImporterRelocateWriteLocation ImporterIsForwardedAPI ImporterAutoSearchIAT ImporterAutoSearchIATW @@ -215,6 +207,7 @@ ImporterLoadImportTableW ImporterMoveOriginalIAT ImporterMoveOriginalIATW ImporterEnumAddedData +ImporterDeleteAPI HooksSafeTransition HooksSafeTransitionEx HooksIsAddressRedirected diff --git a/TitanEngine/definitions.h b/TitanEngine/definitions.h index 8a13af7..6591903 100644 --- a/TitanEngine/definitions.h +++ b/TitanEngine/definitions.h @@ -239,18 +239,11 @@ __declspec(dllexport) void TITCALL FindOEPInit(); __declspec(dllexport) bool TITCALL FindOEPGenerically(char* szFileName, LPVOID TraceInitCallBack, LPVOID CallBack); __declspec(dllexport) bool TITCALL FindOEPGenericallyW(wchar_t* szFileName, LPVOID TraceInitCallBack, LPVOID CallBack); // TitanEngine.Importer.functions: -__declspec(dllexport) void TITCALL ImporterCleanup(); -__declspec(dllexport) void TITCALL ImporterSetImageBase(ULONG_PTR ImageBase); -__declspec(dllexport) void TITCALL ImporterSetUnknownDelta(ULONG_PTR DeltaAddress); -__declspec(dllexport) long long TITCALL ImporterGetCurrentDelta(); -__declspec(dllexport) void TITCALL ImporterInit(DWORD MemorySize, ULONG_PTR ImageBase); __declspec(dllexport) void TITCALL ImporterAddNewDll(char* szDLLName, ULONG_PTR FirstThunk); __declspec(dllexport) void TITCALL ImporterAddNewAPI(char* szAPIName, ULONG_PTR ThunkValue); __declspec(dllexport) void TITCALL ImporterAddNewOrdinalAPI(ULONG_PTR OrdinalNumber, ULONG_PTR ThunkValue); __declspec(dllexport) long TITCALL ImporterGetAddedDllCount(); __declspec(dllexport) long TITCALL ImporterGetAddedAPICount(); -__declspec(dllexport) void* TITCALL ImporterGetLastAddedDLLName(); -__declspec(dllexport) void TITCALL ImporterMoveIAT(); __declspec(dllexport) bool TITCALL ImporterExportIAT(ULONG_PTR StorePlace, ULONG_PTR FileMapVA, HANDLE hFileMap); __declspec(dllexport) long TITCALL ImporterEstimatedSize(); __declspec(dllexport) bool TITCALL ImporterExportIATEx(char* szDumpFileName, char* szExportFileName, char* szSectionName); @@ -273,7 +266,6 @@ __declspec(dllexport) long TITCALL ImporterGetDLLIndexEx(ULONG_PTR APIAddress, U __declspec(dllexport) long TITCALL ImporterGetDLLIndex(HANDLE hProcess, ULONG_PTR APIAddress, ULONG_PTR DLLBasesList); __declspec(dllexport) long long TITCALL ImporterGetRemoteDLLBase(HANDLE hProcess, HMODULE LocalModuleBase); __declspec(dllexport) long long TITCALL ImporterGetRemoteDLLBaseEx(HANDLE hProcess, char* szModuleName); -__declspec(dllexport) bool TITCALL ImporterRelocateWriteLocation(ULONG_PTR AddValue); __declspec(dllexport) bool TITCALL ImporterIsForwardedAPI(HANDLE hProcess, ULONG_PTR APIAddress); __declspec(dllexport) void* TITCALL ImporterGetForwardedAPIName(HANDLE hProcess, ULONG_PTR APIAddress); __declspec(dllexport) void* TITCALL ImporterGetForwardedDLLName(HANDLE hProcess, ULONG_PTR APIAddress); diff --git a/scylla_integration.txt b/scylla_integration.txt index 71c18c7..1bd4035 100644 --- a/scylla_integration.txt +++ b/scylla_integration.txt @@ -1,21 +1,30 @@ -scylla-integration TODO +obsolete/removed vars: + +impDLLNumber +impDeltaStart +impDeltaCurrent +impImageBase +impAllocSize +impDLLNumber +impMoveIAT +impDLLDataList +impDLLStringList +impOrdinalList -obsolete functions: +obsolete/removed functions: -Init -SetImageBase -Cleanup -MoveIAT -RelocateWriteLocation //only used for MoveIAT -SetUnknownDelta //only used for MoveIAT -GetCurrentDelta //only used for MoveIAT -GetDLLIndexEx // no benefit in my eyes. can be done by enumAddedData -GetDLLIndex +__declspec(dllexport) void TITCALL ImporterCleanup() +__declspec(dllexport) void TITCALL ImporterSetImageBase(ULONG_PTR ImageBase) +__declspec(dllexport) void TITCALL ImporterSetUnknownDelta(ULONG_PTR DeltaAddress) +__declspec(dllexport) long long TITCALL ImporterGetCurrentDelta() +__declspec(dllexport) void TITCALL ImporterInit(DWORD MemorySize, ULONG_PTR ImageBase +__declspec(dllexport) bool TITCALL ImporterRelocateWriteLocation(ULONG_PTR AddValue) +__declspec(dllexport) void TITCALL ImporterMoveIAT() +__declspec(dllexport) void TITCALL getLastAddedDLLName() defunct until scylla-enabled: -GetLastAddedDLLName -> no scylla export needed, just rewrite * LoadImportTable * MoveOriginalIAT