mirror of https://github.com/x64dbg/TitanEngine
cleanup TE remnants obsoleted by scylla integration
This commit is contained in:
cypherpunk
parent
cf3b7d49cd
commit
419f9a3c4b
|
|
@ -740,18 +740,11 @@ __declspec(dllexport) void TITCALL FindOEPInit();
|
||||||
__declspec(dllexport) bool TITCALL FindOEPGenerically(char* szFileName, LPVOID TraceInitCallBack, LPVOID CallBack);
|
__declspec(dllexport) bool TITCALL FindOEPGenerically(char* szFileName, LPVOID TraceInitCallBack, LPVOID CallBack);
|
||||||
__declspec(dllexport) bool TITCALL FindOEPGenericallyW(wchar_t* szFileName, LPVOID TraceInitCallBack, LPVOID CallBack);
|
__declspec(dllexport) bool TITCALL FindOEPGenericallyW(wchar_t* szFileName, LPVOID TraceInitCallBack, LPVOID CallBack);
|
||||||
// TitanEngine.Importer.functions:
|
// TitanEngine.Importer.functions:
|
||||||
__declspec(dllexport) void TITCALL ImporterCleanup();
|
|
||||||
__declspec(dllexport) void TITCALL ImporterSetImageBase(ULONG_PTR ImageBase);
|
|
||||||
__declspec(dllexport) void TITCALL ImporterSetUnknownDelta(ULONG_PTR DeltaAddress);
|
|
||||||
__declspec(dllexport) long long TITCALL ImporterGetCurrentDelta();
|
|
||||||
__declspec(dllexport) void TITCALL ImporterInit(DWORD MemorySize, ULONG_PTR ImageBase);
|
|
||||||
__declspec(dllexport) void TITCALL ImporterAddNewDll(char* szDLLName, ULONG_PTR FirstThunk);
|
__declspec(dllexport) void TITCALL ImporterAddNewDll(char* szDLLName, ULONG_PTR FirstThunk);
|
||||||
__declspec(dllexport) void TITCALL ImporterAddNewAPI(char* szAPIName, ULONG_PTR ThunkValue);
|
__declspec(dllexport) void TITCALL ImporterAddNewAPI(char* szAPIName, ULONG_PTR ThunkValue);
|
||||||
__declspec(dllexport) void TITCALL ImporterAddNewOrdinalAPI(ULONG_PTR OrdinalNumber, ULONG_PTR ThunkValue);
|
__declspec(dllexport) void TITCALL ImporterAddNewOrdinalAPI(ULONG_PTR OrdinalNumber, ULONG_PTR ThunkValue);
|
||||||
__declspec(dllexport) long TITCALL ImporterGetAddedDllCount();
|
__declspec(dllexport) long TITCALL ImporterGetAddedDllCount();
|
||||||
__declspec(dllexport) long TITCALL ImporterGetAddedAPICount();
|
__declspec(dllexport) long TITCALL ImporterGetAddedAPICount();
|
||||||
__declspec(dllexport) void* TITCALL ImporterGetLastAddedDLLName();
|
|
||||||
__declspec(dllexport) void TITCALL ImporterMoveIAT();
|
|
||||||
__declspec(dllexport) bool TITCALL ImporterExportIAT(ULONG_PTR StorePlace, ULONG_PTR FileMapVA, HANDLE hFileMap);
|
__declspec(dllexport) bool TITCALL ImporterExportIAT(ULONG_PTR StorePlace, ULONG_PTR FileMapVA, HANDLE hFileMap);
|
||||||
__declspec(dllexport) long TITCALL ImporterEstimatedSize();
|
__declspec(dllexport) long TITCALL ImporterEstimatedSize();
|
||||||
__declspec(dllexport) bool TITCALL ImporterExportIATEx(char* szDumpFileName, char* szExportFileName, char* szSectionName);
|
__declspec(dllexport) bool TITCALL ImporterExportIATEx(char* szDumpFileName, char* szExportFileName, char* szSectionName);
|
||||||
|
|
@ -774,7 +767,6 @@ __declspec(dllexport) long TITCALL ImporterGetDLLIndexEx(ULONG_PTR APIAddress, U
|
||||||
__declspec(dllexport) long TITCALL ImporterGetDLLIndex(HANDLE hProcess, ULONG_PTR APIAddress, ULONG_PTR DLLBasesList);
|
__declspec(dllexport) long TITCALL ImporterGetDLLIndex(HANDLE hProcess, ULONG_PTR APIAddress, ULONG_PTR DLLBasesList);
|
||||||
__declspec(dllexport) long long TITCALL ImporterGetRemoteDLLBase(HANDLE hProcess, HMODULE LocalModuleBase);
|
__declspec(dllexport) long long TITCALL ImporterGetRemoteDLLBase(HANDLE hProcess, HMODULE LocalModuleBase);
|
||||||
__declspec(dllexport) long long TITCALL ImporterGetRemoteDLLBaseEx(HANDLE hProcess, char* szModuleName);
|
__declspec(dllexport) long long TITCALL ImporterGetRemoteDLLBaseEx(HANDLE hProcess, char* szModuleName);
|
||||||
__declspec(dllexport) bool TITCALL ImporterRelocateWriteLocation(ULONG_PTR AddValue);
|
|
||||||
__declspec(dllexport) bool TITCALL ImporterIsForwardedAPI(HANDLE hProcess, ULONG_PTR APIAddress);
|
__declspec(dllexport) bool TITCALL ImporterIsForwardedAPI(HANDLE hProcess, ULONG_PTR APIAddress);
|
||||||
__declspec(dllexport) void* TITCALL ImporterGetForwardedAPIName(HANDLE hProcess, ULONG_PTR APIAddress);
|
__declspec(dllexport) void* TITCALL ImporterGetForwardedAPIName(HANDLE hProcess, ULONG_PTR APIAddress);
|
||||||
__declspec(dllexport) void* TITCALL ImporterGetForwardedDLLName(HANDLE hProcess, ULONG_PTR APIAddress);
|
__declspec(dllexport) void* TITCALL ImporterGetForwardedDLLName(HANDLE hProcess, ULONG_PTR APIAddress);
|
||||||
|
|
|
||||||
|
|
@ -739,18 +739,11 @@ __declspec(dllimport) void TITCALL FindOEPInit();
|
||||||
__declspec(dllimport) bool TITCALL FindOEPGenerically(char* szFileName, LPVOID TraceInitCallBack, LPVOID CallBack);
|
__declspec(dllimport) bool TITCALL FindOEPGenerically(char* szFileName, LPVOID TraceInitCallBack, LPVOID CallBack);
|
||||||
__declspec(dllimport) bool TITCALL FindOEPGenericallyW(wchar_t* szFileName, LPVOID TraceInitCallBack, LPVOID CallBack);
|
__declspec(dllimport) bool TITCALL FindOEPGenericallyW(wchar_t* szFileName, LPVOID TraceInitCallBack, LPVOID CallBack);
|
||||||
// TitanEngine.Importer.functions:
|
// TitanEngine.Importer.functions:
|
||||||
__declspec(dllimport) void TITCALL ImporterCleanup();
|
|
||||||
__declspec(dllimport) void TITCALL ImporterSetImageBase(ULONG_PTR ImageBase);
|
|
||||||
__declspec(dllimport) void TITCALL ImporterSetUnknownDelta(ULONG_PTR DeltaAddress);
|
|
||||||
__declspec(dllimport) long long TITCALL ImporterGetCurrentDelta();
|
|
||||||
__declspec(dllimport) void TITCALL ImporterInit(DWORD MemorySize, ULONG_PTR ImageBase);
|
|
||||||
__declspec(dllimport) void TITCALL ImporterAddNewDll(char* szDLLName, ULONG_PTR FirstThunk);
|
__declspec(dllimport) void TITCALL ImporterAddNewDll(char* szDLLName, ULONG_PTR FirstThunk);
|
||||||
__declspec(dllimport) void TITCALL ImporterAddNewAPI(char* szAPIName, ULONG_PTR ThunkValue);
|
__declspec(dllimport) void TITCALL ImporterAddNewAPI(char* szAPIName, ULONG_PTR ThunkValue);
|
||||||
__declspec(dllimport) void TITCALL ImporterAddNewOrdinalAPI(ULONG_PTR OrdinalNumber, ULONG_PTR ThunkValue);
|
__declspec(dllimport) void TITCALL ImporterAddNewOrdinalAPI(ULONG_PTR OrdinalNumber, ULONG_PTR ThunkValue);
|
||||||
__declspec(dllimport) long TITCALL ImporterGetAddedDllCount();
|
__declspec(dllimport) long TITCALL ImporterGetAddedDllCount();
|
||||||
__declspec(dllimport) long TITCALL ImporterGetAddedAPICount();
|
__declspec(dllimport) long TITCALL ImporterGetAddedAPICount();
|
||||||
__declspec(dllimport) void* TITCALL ImporterGetLastAddedDLLName();
|
|
||||||
__declspec(dllimport) void TITCALL ImporterMoveIAT();
|
|
||||||
__declspec(dllimport) bool TITCALL ImporterExportIAT(ULONG_PTR StorePlace, ULONG_PTR FileMapVA, HANDLE hFileMap);
|
__declspec(dllimport) bool TITCALL ImporterExportIAT(ULONG_PTR StorePlace, ULONG_PTR FileMapVA, HANDLE hFileMap);
|
||||||
__declspec(dllimport) long TITCALL ImporterEstimatedSize();
|
__declspec(dllimport) long TITCALL ImporterEstimatedSize();
|
||||||
__declspec(dllimport) bool TITCALL ImporterExportIATEx(char* szDumpFileName, char* szExportFileName, char* szSectionName);
|
__declspec(dllimport) bool TITCALL ImporterExportIATEx(char* szDumpFileName, char* szExportFileName, char* szSectionName);
|
||||||
|
|
@ -772,7 +765,6 @@ __declspec(dllimport) long long TITCALL ImporterGetAPIOrdinalNumberFromDebugee(H
|
||||||
__declspec(dllimport) long TITCALL ImporterGetDLLIndexEx(ULONG_PTR APIAddress, ULONG_PTR DLLBasesList);
|
__declspec(dllimport) long TITCALL ImporterGetDLLIndexEx(ULONG_PTR APIAddress, ULONG_PTR DLLBasesList);
|
||||||
__declspec(dllimport) long TITCALL ImporterGetDLLIndex(HANDLE hProcess, ULONG_PTR APIAddress, ULONG_PTR DLLBasesList);
|
__declspec(dllimport) long TITCALL ImporterGetDLLIndex(HANDLE hProcess, ULONG_PTR APIAddress, ULONG_PTR DLLBasesList);
|
||||||
__declspec(dllimport) long long TITCALL ImporterGetRemoteDLLBase(HANDLE hProcess, HMODULE LocalModuleBase);
|
__declspec(dllimport) long long TITCALL ImporterGetRemoteDLLBase(HANDLE hProcess, HMODULE LocalModuleBase);
|
||||||
__declspec(dllimport) bool TITCALL ImporterRelocateWriteLocation(ULONG_PTR AddValue);
|
|
||||||
__declspec(dllimport) bool TITCALL ImporterIsForwardedAPI(HANDLE hProcess, ULONG_PTR APIAddress);
|
__declspec(dllimport) bool TITCALL ImporterIsForwardedAPI(HANDLE hProcess, ULONG_PTR APIAddress);
|
||||||
__declspec(dllimport) void* TITCALL ImporterGetForwardedAPIName(HANDLE hProcess, ULONG_PTR APIAddress);
|
__declspec(dllimport) void* TITCALL ImporterGetForwardedAPIName(HANDLE hProcess, ULONG_PTR APIAddress);
|
||||||
__declspec(dllimport) void* TITCALL ImporterGetForwardedDLLName(HANDLE hProcess, ULONG_PTR APIAddress);
|
__declspec(dllimport) void* TITCALL ImporterGetForwardedDLLName(HANDLE hProcess, ULONG_PTR APIAddress);
|
||||||
|
|
|
||||||
|
|
@ -1647,26 +1647,6 @@ protected:
|
||||||
typedef void (TITCALL *fImportEnumCallBack)(void* ptrImportEnumData);
|
typedef void (TITCALL *fImportEnumCallBack)(void* ptrImportEnumData);
|
||||||
typedef void* (TITCALL *fImportFixCallback)(void* fIATPointer);
|
typedef void* (TITCALL *fImportFixCallback)(void* fIATPointer);
|
||||||
|
|
||||||
static void Cleanup()
|
|
||||||
{
|
|
||||||
UE::ImporterCleanup();
|
|
||||||
}
|
|
||||||
static void SetImageBase(ULONG_PTR ImageBase)
|
|
||||||
{
|
|
||||||
UE::ImporterSetImageBase(ImageBase);
|
|
||||||
}
|
|
||||||
static void SetUnknownDelta(ULONG_PTR DeltaAddress)
|
|
||||||
{
|
|
||||||
UE::ImporterSetUnknownDelta(DeltaAddress);
|
|
||||||
}
|
|
||||||
static long long GetCurrentDelta()
|
|
||||||
{
|
|
||||||
return UE::ImporterGetCurrentDelta();
|
|
||||||
}
|
|
||||||
static void Init(DWORD MemorySize, ULONG_PTR ImageBase)
|
|
||||||
{
|
|
||||||
UE::ImporterInit(MemorySize, ImageBase);
|
|
||||||
}
|
|
||||||
static void AddNewDll(const char* szDLLName, ULONG_PTR FirstThunk)
|
static void AddNewDll(const char* szDLLName, ULONG_PTR FirstThunk)
|
||||||
{
|
{
|
||||||
UE::ImporterAddNewDll((char*)szDLLName, FirstThunk);
|
UE::ImporterAddNewDll((char*)szDLLName, FirstThunk);
|
||||||
|
|
@ -1687,14 +1667,6 @@ protected:
|
||||||
{
|
{
|
||||||
return UE::ImporterGetAddedAPICount();
|
return UE::ImporterGetAddedAPICount();
|
||||||
}
|
}
|
||||||
static const char* GetLastAddedDLLName()
|
|
||||||
{
|
|
||||||
return (const char*)UE::ImporterGetLastAddedDLLName();
|
|
||||||
}
|
|
||||||
static void MoveIAT()
|
|
||||||
{
|
|
||||||
UE::ImporterMoveIAT();
|
|
||||||
}
|
|
||||||
static bool ExportIAT(ULONG_PTR StorePlace, ULONG_PTR FileMapVA, HANDLE hFileMap)
|
static bool ExportIAT(ULONG_PTR StorePlace, ULONG_PTR FileMapVA, HANDLE hFileMap)
|
||||||
{
|
{
|
||||||
return UE::ImporterExportIAT(StorePlace, FileMapVA, hFileMap);
|
return UE::ImporterExportIAT(StorePlace, FileMapVA, hFileMap);
|
||||||
|
|
@ -1771,10 +1743,6 @@ protected:
|
||||||
{
|
{
|
||||||
return UE::ImporterGetRemoteDLLBase(hProcess, LocalModuleBase);
|
return UE::ImporterGetRemoteDLLBase(hProcess, LocalModuleBase);
|
||||||
}
|
}
|
||||||
static bool RelocateWriteLocation(ULONG_PTR AddValue)
|
|
||||||
{
|
|
||||||
return UE::ImporterRelocateWriteLocation(AddValue);
|
|
||||||
}
|
|
||||||
static bool IsForwardedAPI(HANDLE hProcess, ULONG_PTR APIAddress)
|
static bool IsForwardedAPI(HANDLE hProcess, ULONG_PTR APIAddress)
|
||||||
{
|
{
|
||||||
return UE::ImporterIsForwardedAPI(hProcess, APIAddress);
|
return UE::ImporterIsForwardedAPI(hProcess, APIAddress);
|
||||||
|
|
@ -1892,18 +1860,11 @@ public:
|
||||||
using ImporterX::fImportEnumCallBack;
|
using ImporterX::fImportEnumCallBack;
|
||||||
using ImporterX::fImportFixCallback;
|
using ImporterX::fImportFixCallback;
|
||||||
|
|
||||||
using ImporterX::Cleanup;
|
|
||||||
using ImporterX::SetImageBase;
|
|
||||||
using ImporterX::SetUnknownDelta;
|
|
||||||
using ImporterX::GetCurrentDelta;
|
|
||||||
using ImporterX::Init;
|
|
||||||
using ImporterX::AddNewDll;
|
using ImporterX::AddNewDll;
|
||||||
using ImporterX::AddNewAPI;
|
using ImporterX::AddNewAPI;
|
||||||
using ImporterX::AddNewOrdinalAPI;
|
using ImporterX::AddNewOrdinalAPI;
|
||||||
using ImporterX::GetAddedDllCount;
|
using ImporterX::GetAddedDllCount;
|
||||||
using ImporterX::GetAddedAPICount;
|
using ImporterX::GetAddedAPICount;
|
||||||
using ImporterX::GetLastAddedDLLName;
|
|
||||||
using ImporterX::MoveIAT;
|
|
||||||
using ImporterX::ExportIAT;
|
using ImporterX::ExportIAT;
|
||||||
using ImporterX::EstimatedSize;
|
using ImporterX::EstimatedSize;
|
||||||
using ImporterA::ExportIATEx;
|
using ImporterA::ExportIATEx;
|
||||||
|
|
@ -1925,7 +1886,6 @@ public:
|
||||||
using ImporterX::GetDLLIndexEx;
|
using ImporterX::GetDLLIndexEx;
|
||||||
using ImporterX::GetDLLIndex;
|
using ImporterX::GetDLLIndex;
|
||||||
using ImporterX::GetRemoteDLLBase;
|
using ImporterX::GetRemoteDLLBase;
|
||||||
using ImporterX::RelocateWriteLocation;
|
|
||||||
using ImporterX::IsForwardedAPI;
|
using ImporterX::IsForwardedAPI;
|
||||||
using ImporterX::GetForwardedAPIName;
|
using ImporterX::GetForwardedAPIName;
|
||||||
using ImporterX::GetForwardedDLLName;
|
using ImporterX::GetForwardedDLLName;
|
||||||
|
|
|
||||||
|
|
@ -52,15 +52,6 @@ DWORD ProcessExitCode = 0;
|
||||||
LPVOID hListProcess = 0;
|
LPVOID hListProcess = 0;
|
||||||
LPVOID hListThread = 0;
|
LPVOID hListThread = 0;
|
||||||
LPVOID hListLibrary = 0;
|
LPVOID hListLibrary = 0;
|
||||||
ULONG_PTR impDeltaStart = NULL;
|
|
||||||
ULONG_PTR impDeltaCurrent = NULL;
|
|
||||||
ULONG_PTR impImageBase = 0;
|
|
||||||
DWORD impAllocSize = 20 * 1024;
|
|
||||||
DWORD impDLLNumber = 0;
|
|
||||||
bool impMoveIAT = false;
|
|
||||||
ULONG_PTR impDLLDataList[1000][2];
|
|
||||||
ULONG_PTR impDLLStringList[1000][2];
|
|
||||||
ULONG_PTR impOrdinalList[1000][2];
|
|
||||||
LPVOID expTableData = NULL;
|
LPVOID expTableData = NULL;
|
||||||
LPVOID expTableDataCWP = NULL;
|
LPVOID expTableDataCWP = NULL;
|
||||||
ULONG_PTR expImageBase = 0;
|
ULONG_PTR expImageBase = 0;
|
||||||
|
|
@ -18496,69 +18487,6 @@ __declspec(dllexport) bool TITCALL FindOEPGenericallyW(wchar_t* szFileName, LPVO
|
||||||
return(false);
|
return(false);
|
||||||
}
|
}
|
||||||
// TitanEngine.Importer.functions:
|
// TitanEngine.Importer.functions:
|
||||||
__declspec(dllexport) void TITCALL ImporterCleanup()
|
|
||||||
{
|
|
||||||
//TODO scylla obsoleted this
|
|
||||||
return;
|
|
||||||
/*
|
|
||||||
int i = 0;
|
|
||||||
|
|
||||||
for(i = 0; i < 1000; i++)
|
|
||||||
{
|
|
||||||
if(impDLLDataList[i][0] != NULL)
|
|
||||||
{
|
|
||||||
VirtualFree((LPVOID)(impDLLDataList[i][0]), NULL, MEM_RELEASE);
|
|
||||||
impDLLDataList[i][0] = 0;
|
|
||||||
impDLLDataList[i][1] = 0;
|
|
||||||
}
|
|
||||||
if(impDLLStringList[i][0] != NULL)
|
|
||||||
{
|
|
||||||
VirtualFree((LPVOID)(impDLLStringList[i][0]), NULL, MEM_RELEASE);
|
|
||||||
impDLLStringList[i][0] = 0;
|
|
||||||
impDLLStringList[i][1] = 0;
|
|
||||||
}
|
|
||||||
impOrdinalList[i][0] = 0;
|
|
||||||
impOrdinalList[i][1] = 0;
|
|
||||||
}
|
|
||||||
*/
|
|
||||||
}
|
|
||||||
__declspec(dllexport) void TITCALL ImporterSetImageBase(ULONG_PTR ImageBase)
|
|
||||||
{
|
|
||||||
// scylla obsoleted this
|
|
||||||
impImageBase = ImageBase;
|
|
||||||
}
|
|
||||||
__declspec(dllexport) void TITCALL ImporterSetUnknownDelta(ULONG_PTR DeltaAddress)
|
|
||||||
{
|
|
||||||
//scylla obsoleted this
|
|
||||||
impDeltaStart = DeltaAddress;
|
|
||||||
impDeltaCurrent = DeltaAddress;
|
|
||||||
}
|
|
||||||
__declspec(dllexport) long long TITCALL ImporterGetCurrentDelta()
|
|
||||||
{
|
|
||||||
//scylla obsoleted this
|
|
||||||
return((ULONG_PTR)impDeltaCurrent);
|
|
||||||
}
|
|
||||||
__declspec(dllexport) void TITCALL ImporterInit(DWORD MemorySize, ULONG_PTR ImageBase)
|
|
||||||
{
|
|
||||||
//TODO scylla obsoleted this
|
|
||||||
return;
|
|
||||||
/*
|
|
||||||
impImageBase = ImageBase;
|
|
||||||
if(MemorySize != NULL)
|
|
||||||
{
|
|
||||||
impAllocSize = MemorySize;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
impAllocSize = 20 * 1024;
|
|
||||||
}
|
|
||||||
ImporterCleanup();
|
|
||||||
impMoveIAT = false;
|
|
||||||
impDLLNumber = 0xFFFFFFFF;
|
|
||||||
impDeltaStart = NULL;
|
|
||||||
impDeltaCurrent = NULL;
|
|
||||||
*/
|
|
||||||
}
|
|
||||||
__declspec(dllexport) void TITCALL ImporterAddNewDll(char* szDLLName, ULONG_PTR FirstThunk)
|
__declspec(dllexport) void TITCALL ImporterAddNewDll(char* szDLLName, ULONG_PTR FirstThunk)
|
||||||
{
|
{
|
||||||
wchar_t uniDLLName[MAX_PATH] = {};
|
wchar_t uniDLLName[MAX_PATH] = {};
|
||||||
|
|
@ -18596,24 +18524,6 @@ __declspec(dllexport) long TITCALL ImporterGetAddedAPICount()
|
||||||
{
|
{
|
||||||
return scylla_getImportCount();
|
return scylla_getImportCount();
|
||||||
}
|
}
|
||||||
__declspec(dllexport) void* TITCALL ImporterGetLastAddedDLLName()
|
|
||||||
{
|
|
||||||
//TODO scylla enable
|
|
||||||
return NULL;
|
|
||||||
/*
|
|
||||||
if(impDLLNumber != 0xFFFFFFFF && impDLLNumber < 1000)
|
|
||||||
{
|
|
||||||
return((void*)impDLLStringList[impDLLNumber][0]);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return(NULL);
|
|
||||||
}*/
|
|
||||||
}
|
|
||||||
__declspec(dllexport) void TITCALL ImporterMoveIAT()
|
|
||||||
{
|
|
||||||
impMoveIAT = true;
|
|
||||||
}
|
|
||||||
__declspec(dllexport) bool TITCALL ImporterExportIAT(ULONG_PTR StorePlace, ULONG_PTR FileMapVA, HANDLE hFileMap)
|
__declspec(dllexport) bool TITCALL ImporterExportIAT(ULONG_PTR StorePlace, ULONG_PTR FileMapVA, HANDLE hFileMap)
|
||||||
{
|
{
|
||||||
if(scylla_fixMappedDump(StorePlace, FileMapVA, hFileMap) != SCY_ERROR_SUCCESS)
|
if(scylla_fixMappedDump(StorePlace, FileMapVA, hFileMap) != SCY_ERROR_SUCCESS)
|
||||||
|
|
@ -18836,40 +18746,6 @@ __declspec(dllexport) long long TITCALL ImporterGetRemoteDLLBaseEx(HANDLE hProce
|
||||||
}
|
}
|
||||||
return(NULL);
|
return(NULL);
|
||||||
}
|
}
|
||||||
__declspec(dllexport) bool TITCALL ImporterRelocateWriteLocation(ULONG_PTR AddValue)
|
|
||||||
{
|
|
||||||
//TODO scylla obsoleted this
|
|
||||||
/*
|
|
||||||
unsigned int i;
|
|
||||||
ULONG_PTR RealignData = NULL;
|
|
||||||
|
|
||||||
if(impDLLNumber >= NULL)
|
|
||||||
{
|
|
||||||
for(i = 0; i < impDLLNumber + 1; i++)
|
|
||||||
{
|
|
||||||
RtlMoveMemory(&RealignData, (LPVOID)impDLLDataList[i][0], sizeof ULONG_PTR);
|
|
||||||
RealignData = RealignData + AddValue;
|
|
||||||
RtlMoveMemory((LPVOID)impDLLDataList[i][0], &RealignData, sizeof ULONG_PTR);
|
|
||||||
RtlMoveMemory(&RealignData, (LPVOID)((ULONG_PTR)impDLLDataList[i][0] + sizeof ULONG_PTR), sizeof ULONG_PTR);
|
|
||||||
RealignData = RealignData + AddValue;
|
|
||||||
RtlMoveMemory((LPVOID)((ULONG_PTR)impDLLDataList[i][0] + sizeof ULONG_PTR), &RealignData, sizeof ULONG_PTR);
|
|
||||||
}
|
|
||||||
for(i = 0; i < 1000; i++)
|
|
||||||
{
|
|
||||||
if(impOrdinalList[i][0] != NULL && impOrdinalList[i][1] != NULL)
|
|
||||||
{
|
|
||||||
impOrdinalList[i][0] = impOrdinalList[i][0] + AddValue;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return(true);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return(false);
|
|
||||||
}
|
|
||||||
*/
|
|
||||||
return(false);
|
|
||||||
}
|
|
||||||
__declspec(dllexport) bool TITCALL ImporterIsForwardedAPI(HANDLE hProcess, ULONG_PTR APIAddress)
|
__declspec(dllexport) bool TITCALL ImporterIsForwardedAPI(HANDLE hProcess, ULONG_PTR APIAddress)
|
||||||
{
|
{
|
||||||
if((ULONG_PTR)EngineGlobalAPIHandler(hProcess, NULL, APIAddress, NULL, UE_OPTION_IMPORTER_RETURN_FORWARDER_DLLINDEX) > NULL)
|
if((ULONG_PTR)EngineGlobalAPIHandler(hProcess, NULL, APIAddress, NULL, UE_OPTION_IMPORTER_RETURN_FORWARDER_DLLINDEX) > NULL)
|
||||||
|
|
@ -26407,6 +26283,7 @@ void EngineSimplifyLoadLibraryCallBack()
|
||||||
if(!EngineUnpackerFileImporterInit)
|
if(!EngineUnpackerFileImporterInit)
|
||||||
{
|
{
|
||||||
EngineUnpackerFileImporterInit = true;
|
EngineUnpackerFileImporterInit = true;
|
||||||
|
/* broken since scylla integration but we dont care
|
||||||
if(EngineUnpackerFileStatus.FileIsDLL)
|
if(EngineUnpackerFileStatus.FileIsDLL)
|
||||||
{
|
{
|
||||||
ImporterInit(50 * 1024, (ULONG_PTR)GetDebuggedDLLBaseAddress());
|
ImporterInit(50 * 1024, (ULONG_PTR)GetDebuggedDLLBaseAddress());
|
||||||
|
|
@ -26414,7 +26291,7 @@ void EngineSimplifyLoadLibraryCallBack()
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
ImporterInit(50 * 1024, (ULONG_PTR)GetDebuggedFileBaseAddress());
|
ImporterInit(50 * 1024, (ULONG_PTR)GetDebuggedFileBaseAddress());
|
||||||
}
|
}*/
|
||||||
}
|
}
|
||||||
for(int i = 0; i < (int)EngineUnpackerBreakInfo.size(); i++)
|
for(int i = 0; i < (int)EngineUnpackerBreakInfo.size(); i++)
|
||||||
{
|
{
|
||||||
|
|
@ -26689,7 +26566,8 @@ void EngineSimplifyEntryPointCallBack()
|
||||||
__except(EXCEPTION_EXECUTE_HANDLER)
|
__except(EXCEPTION_EXECUTE_HANDLER)
|
||||||
{
|
{
|
||||||
ForceClose();
|
ForceClose();
|
||||||
ImporterCleanup();
|
//broken since scylla integration but we dont care
|
||||||
|
//ImporterCleanup();
|
||||||
if(FileMapVA > NULL)
|
if(FileMapVA > NULL)
|
||||||
{
|
{
|
||||||
StaticFileUnloadW(szEngineUnpackerOutputFile, false, FileHandle, FileSize, FileMap, FileMapVA);
|
StaticFileUnloadW(szEngineUnpackerOutputFile, false, FileHandle, FileSize, FileMap, FileMapVA);
|
||||||
|
|
|
||||||
|
|
@ -158,7 +158,6 @@ AutoDebugEx
|
||||||
AutoDebugExW
|
AutoDebugExW
|
||||||
IsFileBeingDebugged
|
IsFileBeingDebugged
|
||||||
SetErrorModel
|
SetErrorModel
|
||||||
ImporterInit
|
|
||||||
ImporterAddNewDll
|
ImporterAddNewDll
|
||||||
ImporterAddNewAPI
|
ImporterAddNewAPI
|
||||||
ImporterAddNewOrdinalAPI
|
ImporterAddNewOrdinalAPI
|
||||||
|
|
@ -166,14 +165,8 @@ ImporterExportIAT
|
||||||
ImporterExportIATEx
|
ImporterExportIATEx
|
||||||
ImporterExportIATExW
|
ImporterExportIATExW
|
||||||
ImporterEstimatedSize
|
ImporterEstimatedSize
|
||||||
ImporterSetImageBase
|
|
||||||
ImporterSetUnknownDelta
|
|
||||||
ImporterGetCurrentDelta
|
|
||||||
ImporterCleanup
|
|
||||||
ImporterGetAddedDllCount
|
ImporterGetAddedDllCount
|
||||||
ImporterGetAddedAPICount
|
ImporterGetAddedAPICount
|
||||||
ImporterGetLastAddedDLLName
|
|
||||||
ImporterMoveIAT
|
|
||||||
ImporterFindAPIWriteLocation
|
ImporterFindAPIWriteLocation
|
||||||
ImporterFindOrdinalAPIWriteLocation
|
ImporterFindOrdinalAPIWriteLocation
|
||||||
ImporterFindAPIByWriteLocation
|
ImporterFindAPIByWriteLocation
|
||||||
|
|
@ -192,7 +185,6 @@ ImporterGetDLLIndexEx
|
||||||
ImporterGetDLLIndex
|
ImporterGetDLLIndex
|
||||||
ImporterGetRemoteDLLBase
|
ImporterGetRemoteDLLBase
|
||||||
ImporterGetRemoteDLLBaseEx
|
ImporterGetRemoteDLLBaseEx
|
||||||
ImporterRelocateWriteLocation
|
|
||||||
ImporterIsForwardedAPI
|
ImporterIsForwardedAPI
|
||||||
ImporterAutoSearchIAT
|
ImporterAutoSearchIAT
|
||||||
ImporterAutoSearchIATW
|
ImporterAutoSearchIATW
|
||||||
|
|
@ -215,6 +207,7 @@ ImporterLoadImportTableW
|
||||||
ImporterMoveOriginalIAT
|
ImporterMoveOriginalIAT
|
||||||
ImporterMoveOriginalIATW
|
ImporterMoveOriginalIATW
|
||||||
ImporterEnumAddedData
|
ImporterEnumAddedData
|
||||||
|
ImporterDeleteAPI
|
||||||
HooksSafeTransition
|
HooksSafeTransition
|
||||||
HooksSafeTransitionEx
|
HooksSafeTransitionEx
|
||||||
HooksIsAddressRedirected
|
HooksIsAddressRedirected
|
||||||
|
|
|
||||||
|
|
@ -239,18 +239,11 @@ __declspec(dllexport) void TITCALL FindOEPInit();
|
||||||
__declspec(dllexport) bool TITCALL FindOEPGenerically(char* szFileName, LPVOID TraceInitCallBack, LPVOID CallBack);
|
__declspec(dllexport) bool TITCALL FindOEPGenerically(char* szFileName, LPVOID TraceInitCallBack, LPVOID CallBack);
|
||||||
__declspec(dllexport) bool TITCALL FindOEPGenericallyW(wchar_t* szFileName, LPVOID TraceInitCallBack, LPVOID CallBack);
|
__declspec(dllexport) bool TITCALL FindOEPGenericallyW(wchar_t* szFileName, LPVOID TraceInitCallBack, LPVOID CallBack);
|
||||||
// TitanEngine.Importer.functions:
|
// TitanEngine.Importer.functions:
|
||||||
__declspec(dllexport) void TITCALL ImporterCleanup();
|
|
||||||
__declspec(dllexport) void TITCALL ImporterSetImageBase(ULONG_PTR ImageBase);
|
|
||||||
__declspec(dllexport) void TITCALL ImporterSetUnknownDelta(ULONG_PTR DeltaAddress);
|
|
||||||
__declspec(dllexport) long long TITCALL ImporterGetCurrentDelta();
|
|
||||||
__declspec(dllexport) void TITCALL ImporterInit(DWORD MemorySize, ULONG_PTR ImageBase);
|
|
||||||
__declspec(dllexport) void TITCALL ImporterAddNewDll(char* szDLLName, ULONG_PTR FirstThunk);
|
__declspec(dllexport) void TITCALL ImporterAddNewDll(char* szDLLName, ULONG_PTR FirstThunk);
|
||||||
__declspec(dllexport) void TITCALL ImporterAddNewAPI(char* szAPIName, ULONG_PTR ThunkValue);
|
__declspec(dllexport) void TITCALL ImporterAddNewAPI(char* szAPIName, ULONG_PTR ThunkValue);
|
||||||
__declspec(dllexport) void TITCALL ImporterAddNewOrdinalAPI(ULONG_PTR OrdinalNumber, ULONG_PTR ThunkValue);
|
__declspec(dllexport) void TITCALL ImporterAddNewOrdinalAPI(ULONG_PTR OrdinalNumber, ULONG_PTR ThunkValue);
|
||||||
__declspec(dllexport) long TITCALL ImporterGetAddedDllCount();
|
__declspec(dllexport) long TITCALL ImporterGetAddedDllCount();
|
||||||
__declspec(dllexport) long TITCALL ImporterGetAddedAPICount();
|
__declspec(dllexport) long TITCALL ImporterGetAddedAPICount();
|
||||||
__declspec(dllexport) void* TITCALL ImporterGetLastAddedDLLName();
|
|
||||||
__declspec(dllexport) void TITCALL ImporterMoveIAT();
|
|
||||||
__declspec(dllexport) bool TITCALL ImporterExportIAT(ULONG_PTR StorePlace, ULONG_PTR FileMapVA, HANDLE hFileMap);
|
__declspec(dllexport) bool TITCALL ImporterExportIAT(ULONG_PTR StorePlace, ULONG_PTR FileMapVA, HANDLE hFileMap);
|
||||||
__declspec(dllexport) long TITCALL ImporterEstimatedSize();
|
__declspec(dllexport) long TITCALL ImporterEstimatedSize();
|
||||||
__declspec(dllexport) bool TITCALL ImporterExportIATEx(char* szDumpFileName, char* szExportFileName, char* szSectionName);
|
__declspec(dllexport) bool TITCALL ImporterExportIATEx(char* szDumpFileName, char* szExportFileName, char* szSectionName);
|
||||||
|
|
@ -273,7 +266,6 @@ __declspec(dllexport) long TITCALL ImporterGetDLLIndexEx(ULONG_PTR APIAddress, U
|
||||||
__declspec(dllexport) long TITCALL ImporterGetDLLIndex(HANDLE hProcess, ULONG_PTR APIAddress, ULONG_PTR DLLBasesList);
|
__declspec(dllexport) long TITCALL ImporterGetDLLIndex(HANDLE hProcess, ULONG_PTR APIAddress, ULONG_PTR DLLBasesList);
|
||||||
__declspec(dllexport) long long TITCALL ImporterGetRemoteDLLBase(HANDLE hProcess, HMODULE LocalModuleBase);
|
__declspec(dllexport) long long TITCALL ImporterGetRemoteDLLBase(HANDLE hProcess, HMODULE LocalModuleBase);
|
||||||
__declspec(dllexport) long long TITCALL ImporterGetRemoteDLLBaseEx(HANDLE hProcess, char* szModuleName);
|
__declspec(dllexport) long long TITCALL ImporterGetRemoteDLLBaseEx(HANDLE hProcess, char* szModuleName);
|
||||||
__declspec(dllexport) bool TITCALL ImporterRelocateWriteLocation(ULONG_PTR AddValue);
|
|
||||||
__declspec(dllexport) bool TITCALL ImporterIsForwardedAPI(HANDLE hProcess, ULONG_PTR APIAddress);
|
__declspec(dllexport) bool TITCALL ImporterIsForwardedAPI(HANDLE hProcess, ULONG_PTR APIAddress);
|
||||||
__declspec(dllexport) void* TITCALL ImporterGetForwardedAPIName(HANDLE hProcess, ULONG_PTR APIAddress);
|
__declspec(dllexport) void* TITCALL ImporterGetForwardedAPIName(HANDLE hProcess, ULONG_PTR APIAddress);
|
||||||
__declspec(dllexport) void* TITCALL ImporterGetForwardedDLLName(HANDLE hProcess, ULONG_PTR APIAddress);
|
__declspec(dllexport) void* TITCALL ImporterGetForwardedDLLName(HANDLE hProcess, ULONG_PTR APIAddress);
|
||||||
|
|
|
||||||
|
|
@ -1,21 +1,30 @@
|
||||||
scylla-integration TODO
|
obsolete/removed vars:
|
||||||
|
|
||||||
|
impDLLNumber
|
||||||
|
impDeltaStart
|
||||||
|
impDeltaCurrent
|
||||||
|
impImageBase
|
||||||
|
impAllocSize
|
||||||
|
impDLLNumber
|
||||||
|
impMoveIAT
|
||||||
|
impDLLDataList
|
||||||
|
impDLLStringList
|
||||||
|
impOrdinalList
|
||||||
|
|
||||||
|
|
||||||
obsolete functions:
|
obsolete/removed functions:
|
||||||
|
|
||||||
Init
|
__declspec(dllexport) void TITCALL ImporterCleanup()
|
||||||
SetImageBase
|
__declspec(dllexport) void TITCALL ImporterSetImageBase(ULONG_PTR ImageBase)
|
||||||
Cleanup
|
__declspec(dllexport) void TITCALL ImporterSetUnknownDelta(ULONG_PTR DeltaAddress)
|
||||||
MoveIAT
|
__declspec(dllexport) long long TITCALL ImporterGetCurrentDelta()
|
||||||
RelocateWriteLocation //only used for MoveIAT
|
__declspec(dllexport) void TITCALL ImporterInit(DWORD MemorySize, ULONG_PTR ImageBase
|
||||||
SetUnknownDelta //only used for MoveIAT
|
__declspec(dllexport) bool TITCALL ImporterRelocateWriteLocation(ULONG_PTR AddValue)
|
||||||
GetCurrentDelta //only used for MoveIAT
|
__declspec(dllexport) void TITCALL ImporterMoveIAT()
|
||||||
GetDLLIndexEx // no benefit in my eyes. can be done by enumAddedData
|
__declspec(dllexport) void TITCALL getLastAddedDLLName()
|
||||||
GetDLLIndex
|
|
||||||
|
|
||||||
defunct until scylla-enabled:
|
defunct until scylla-enabled:
|
||||||
|
|
||||||
GetLastAddedDLLName -> no scylla export needed, just rewrite
|
|
||||||
* LoadImportTable
|
* LoadImportTable
|
||||||
* MoveOriginalIAT
|
* MoveOriginalIAT
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue