From 43caf023f8e1ffaa370d5d79af9fa2c3c084157e Mon Sep 17 00:00:00 2001 From: Duncan Ogilvie Date: Fri, 9 Sep 2022 13:44:12 +0200 Subject: [PATCH] Remove unused SDKs --- SDK/CPP/TitanEngine.h | 964 -------- SDK/CPP/TitanEngine.hpp | 2870 ----------------------- SDK/Delphi/TitanEngine.pas | 739 ------ SDK/LUA/TitanEngine.lua | 1477 ------------ SDK/MASM/TitanEngine.INC | 826 ------- SDK/Python/TitanEngine.py | 1398 ----------- TitanEngine/TitanEngine.vcxproj | 6 - TitanEngine/TitanEngine.vcxproj.filters | 33 - 8 files changed, 8313 deletions(-) delete mode 100644 SDK/CPP/TitanEngine.h delete mode 100644 SDK/CPP/TitanEngine.hpp delete mode 100644 SDK/Delphi/TitanEngine.pas delete mode 100644 SDK/LUA/TitanEngine.lua delete mode 100644 SDK/MASM/TitanEngine.INC delete mode 100644 SDK/Python/TitanEngine.py diff --git a/SDK/CPP/TitanEngine.h b/SDK/CPP/TitanEngine.h deleted file mode 100644 index 12f0083..0000000 --- a/SDK/CPP/TitanEngine.h +++ /dev/null @@ -1,964 +0,0 @@ -#ifndef TITANENGINE -#define TITANENGINE - -#define TITCALL - -#if _MSC_VER > 1000 -#pragma once -#endif - -#include - -#pragma pack(push, 1) - -// Global.Constant.Structure.Declaration: -// Engine.External: -const BYTE UE_STRUCT_PE32STRUCT = 1; -const BYTE UE_STRUCT_PE64STRUCT = 2; -const BYTE UE_STRUCT_PESTRUCT = 3; -const BYTE UE_STRUCT_IMPORTENUMDATA = 4; -const BYTE UE_STRUCT_THREAD_ITEM_DATA = 5; -const BYTE UE_STRUCT_LIBRARY_ITEM_DATA = 6; -const BYTE UE_STRUCT_LIBRARY_ITEM_DATAW = 7; -const BYTE UE_STRUCT_PROCESS_ITEM_DATA = 8; -const BYTE UE_STRUCT_HANDLERARRAY = 9; -const BYTE UE_STRUCT_PLUGININFORMATION = 10; -const BYTE UE_STRUCT_HOOK_ENTRY = 11; -const BYTE UE_STRUCT_FILE_STATUS_INFO = 12; -const BYTE UE_STRUCT_FILE_FIX_INFO = 13; - -const BYTE UE_ACCESS_READ = 0; -const BYTE UE_ACCESS_WRITE = 1; -const BYTE UE_ACCESS_ALL = 2; - -const BYTE UE_HIDE_PEBONLY = 0; -const BYTE UE_HIDE_BASIC = 1; - -const BYTE UE_PLUGIN_CALL_REASON_PREDEBUG = 1; -const BYTE UE_PLUGIN_CALL_REASON_EXCEPTION = 2; -const BYTE UE_PLUGIN_CALL_REASON_POSTDEBUG = 3; -const BYTE UE_PLUGIN_CALL_REASON_UNHANDLEDEXCEPTION = 4; - -const BYTE TEE_HOOK_NRM_JUMP = 1; -const BYTE TEE_HOOK_NRM_CALL = 3; -const BYTE TEE_HOOK_IAT = 5; - -const BYTE UE_ENGINE_ALOW_MODULE_LOADING = 1; -const BYTE UE_ENGINE_AUTOFIX_FORWARDERS = 2; -const BYTE UE_ENGINE_PASS_ALL_EXCEPTIONS = 3; -const BYTE UE_ENGINE_NO_CONSOLE_WINDOW = 4; -const BYTE UE_ENGINE_BACKUP_FOR_CRITICAL_FUNCTIONS = 5; -const BYTE UE_ENGINE_CALL_PLUGIN_CALLBACK = 6; -const BYTE UE_ENGINE_RESET_CUSTOM_HANDLER = 7; -const BYTE UE_ENGINE_CALL_PLUGIN_DEBUG_CALLBACK = 8; -const BYTE UE_ENGINE_SET_DEBUG_PRIVILEGE = 9; -const BYTE UE_ENGINE_SAFE_ATTACH = 10; -const BYTE UE_ENGINE_MEMBP_ALT = 11; - -const BYTE UE_OPTION_REMOVEALL = 1; -const BYTE UE_OPTION_DISABLEALL = 2; -const BYTE UE_OPTION_REMOVEALLDISABLED = 3; -const BYTE UE_OPTION_REMOVEALLENABLED = 4; - -const BYTE UE_STATIC_DECRYPTOR_XOR = 1; -const BYTE UE_STATIC_DECRYPTOR_SUB = 2; -const BYTE UE_STATIC_DECRYPTOR_ADD = 3; - -const BYTE UE_STATIC_DECRYPTOR_FOREWARD = 1; -const BYTE UE_STATIC_DECRYPTOR_BACKWARD = 2; - -const BYTE UE_STATIC_KEY_SIZE_1 = 1; -const BYTE UE_STATIC_KEY_SIZE_2 = 2; -const BYTE UE_STATIC_KEY_SIZE_4 = 4; -const BYTE UE_STATIC_KEY_SIZE_8 = 8; - -const BYTE UE_STATIC_APLIB = 1; -const BYTE UE_STATIC_APLIB_DEPACK = 2; -const BYTE UE_STATIC_LZMA = 3; - -const BYTE UE_STATIC_HASH_MD5 = 1; -const BYTE UE_STATIC_HASH_SHA1 = 2; -const BYTE UE_STATIC_HASH_CRC32 = 3; - -const DWORD UE_RESOURCE_LANGUAGE_ANY = -1; - -const BYTE UE_PE_OFFSET = 0; -const BYTE UE_IMAGEBASE = 1; -const BYTE UE_OEP = 2; -const BYTE UE_SIZEOFIMAGE = 3; -const BYTE UE_SIZEOFHEADERS = 4; -const BYTE UE_SIZEOFOPTIONALHEADER = 5; -const BYTE UE_SECTIONALIGNMENT = 6; -const BYTE UE_IMPORTTABLEADDRESS = 7; -const BYTE UE_IMPORTTABLESIZE = 8; -const BYTE UE_RESOURCETABLEADDRESS = 9; -const BYTE UE_RESOURCETABLESIZE = 10; -const BYTE UE_EXPORTTABLEADDRESS = 11; -const BYTE UE_EXPORTTABLESIZE = 12; -const BYTE UE_TLSTABLEADDRESS = 13; -const BYTE UE_TLSTABLESIZE = 14; -const BYTE UE_RELOCATIONTABLEADDRESS = 15; -const BYTE UE_RELOCATIONTABLESIZE = 16; -const BYTE UE_TIMEDATESTAMP = 17; -const BYTE UE_SECTIONNUMBER = 18; -const BYTE UE_CHECKSUM = 19; -const BYTE UE_SUBSYSTEM = 20; -const BYTE UE_CHARACTERISTICS = 21; -const BYTE UE_NUMBEROFRVAANDSIZES = 22; -const BYTE UE_BASEOFCODE = 23; -const BYTE UE_BASEOFDATA = 24; -const BYTE UE_DLLCHARACTERISTICS = 25; -//leaving some enum space here for future additions -const BYTE UE_SECTIONNAME = 40; -const BYTE UE_SECTIONVIRTUALOFFSET = 41; -const BYTE UE_SECTIONVIRTUALSIZE = 42; -const BYTE UE_SECTIONRAWOFFSET = 43; -const BYTE UE_SECTIONRAWSIZE = 44; -const BYTE UE_SECTIONFLAGS = 45; - -const long UE_VANOTFOUND = -2; - -const BYTE UE_CH_BREAKPOINT = 1; -const BYTE UE_CH_SINGLESTEP = 2; -const BYTE UE_CH_ACCESSVIOLATION = 3; -const BYTE UE_CH_ILLEGALINSTRUCTION = 4; -const BYTE UE_CH_NONCONTINUABLEEXCEPTION = 5; -const BYTE UE_CH_ARRAYBOUNDSEXCEPTION = 6; -const BYTE UE_CH_FLOATDENORMALOPERAND = 7; -const BYTE UE_CH_FLOATDEVIDEBYZERO = 8; -const BYTE UE_CH_INTEGERDEVIDEBYZERO = 9; -const BYTE UE_CH_INTEGEROVERFLOW = 10; -const BYTE UE_CH_PRIVILEGEDINSTRUCTION = 11; -const BYTE UE_CH_PAGEGUARD = 12; -const BYTE UE_CH_EVERYTHINGELSE = 13; -const BYTE UE_CH_CREATETHREAD = 14; -const BYTE UE_CH_EXITTHREAD = 15; -const BYTE UE_CH_CREATEPROCESS = 16; -const BYTE UE_CH_EXITPROCESS = 17; -const BYTE UE_CH_LOADDLL = 18; -const BYTE UE_CH_UNLOADDLL = 19; -const BYTE UE_CH_OUTPUTDEBUGSTRING = 20; -const BYTE UE_CH_AFTEREXCEPTIONPROCESSING = 21; -const BYTE UE_CH_SYSTEMBREAKPOINT = 23; -const BYTE UE_CH_UNHANDLEDEXCEPTION = 24; -const BYTE UE_CH_RIPEVENT = 25; -const BYTE UE_CH_DEBUGEVENT = 26; - -const BYTE UE_OPTION_HANDLER_RETURN_HANDLECOUNT = 1; -const BYTE UE_OPTION_HANDLER_RETURN_ACCESS = 2; -const BYTE UE_OPTION_HANDLER_RETURN_FLAGS = 3; -const BYTE UE_OPTION_HANDLER_RETURN_TYPENAME = 4; - -const BYTE UE_BREAKPOINT_INT3 = 1; -const BYTE UE_BREAKPOINT_LONG_INT3 = 2; -const BYTE UE_BREAKPOINT_UD2 = 3; - -const BYTE UE_BPXREMOVED = 0; -const BYTE UE_BPXACTIVE = 1; -const BYTE UE_BPXINACTIVE = 2; - -const BYTE UE_BREAKPOINT = 0; -const BYTE UE_SINGLESHOOT = 1; -const BYTE UE_HARDWARE = 2; -const BYTE UE_MEMORY = 3; -const BYTE UE_MEMORY_READ = 4; -const BYTE UE_MEMORY_WRITE = 5; -const BYTE UE_MEMORY_EXECUTE = 6; -const DWORD UE_BREAKPOINT_TYPE_INT3 = 0x10000000; -const DWORD UE_BREAKPOINT_TYPE_LONG_INT3 = 0x20000000; -const DWORD UE_BREAKPOINT_TYPE_UD2 = 0x30000000; - -const BYTE UE_HARDWARE_EXECUTE = 4; -const BYTE UE_HARDWARE_WRITE = 5; -const BYTE UE_HARDWARE_READWRITE = 6; - -const BYTE UE_HARDWARE_SIZE_1 = 7; -const BYTE UE_HARDWARE_SIZE_2 = 8; -const BYTE UE_HARDWARE_SIZE_4 = 9; -const BYTE UE_HARDWARE_SIZE_8 = 10; - -const BYTE UE_ON_LIB_LOAD = 1; -const BYTE UE_ON_LIB_UNLOAD = 2; -const BYTE UE_ON_LIB_ALL = 3; - -const BYTE UE_APISTART = 0; -const BYTE UE_APIEND = 1; - -const BYTE UE_PLATFORM_x86 = 1; -const BYTE UE_PLATFORM_x64 = 2; -const BYTE UE_PLATFORM_ALL = 3; - -const BYTE UE_FUNCTION_STDCALL = 1; -const BYTE UE_FUNCTION_CCALL = 2; -const BYTE UE_FUNCTION_FASTCALL = 3; -const BYTE UE_FUNCTION_STDCALL_RET = 4; -const BYTE UE_FUNCTION_CCALL_RET = 5; -const BYTE UE_FUNCTION_FASTCALL_RET = 6; -const BYTE UE_FUNCTION_STDCALL_CALL = 7; -const BYTE UE_FUNCTION_CCALL_CALL = 8; -const BYTE UE_FUNCTION_FASTCALL_CALL = 9; -const BYTE UE_PARAMETER_BYTE = 0; -const BYTE UE_PARAMETER_WORD = 1; -const BYTE UE_PARAMETER_DWORD = 2; -const BYTE UE_PARAMETER_QWORD = 3; -const BYTE UE_PARAMETER_PTR_BYTE = 4; -const BYTE UE_PARAMETER_PTR_WORD = 5; -const BYTE UE_PARAMETER_PTR_DWORD = 6; -const BYTE UE_PARAMETER_PTR_QWORD = 7; -const BYTE UE_PARAMETER_STRING = 8; -const BYTE UE_PARAMETER_UNICODE = 9; - -const BYTE UE_EAX = 1; -const BYTE UE_EBX = 2; -const BYTE UE_ECX = 3; -const BYTE UE_EDX = 4; -const BYTE UE_EDI = 5; -const BYTE UE_ESI = 6; -const BYTE UE_EBP = 7; -const BYTE UE_ESP = 8; -const BYTE UE_EIP = 9; -const BYTE UE_EFLAGS = 10; -const BYTE UE_DR0 = 11; -const BYTE UE_DR1 = 12; -const BYTE UE_DR2 = 13; -const BYTE UE_DR3 = 14; -const BYTE UE_DR6 = 15; -const BYTE UE_DR7 = 16; -const BYTE UE_RAX = 17; -const BYTE UE_RBX = 18; -const BYTE UE_RCX = 19; -const BYTE UE_RDX = 20; -const BYTE UE_RDI = 21; -const BYTE UE_RSI = 22; -const BYTE UE_RBP = 23; -const BYTE UE_RSP = 24; -const BYTE UE_RIP = 25; -const BYTE UE_RFLAGS = 26; -const BYTE UE_R8 = 27; -const BYTE UE_R9 = 28; -const BYTE UE_R10 = 29; -const BYTE UE_R11 = 30; -const BYTE UE_R12 = 31; -const BYTE UE_R13 = 32; -const BYTE UE_R14 = 33; -const BYTE UE_R15 = 34; -const BYTE UE_CIP = 35; -const BYTE UE_CSP = 36; -#ifdef _WIN64 -const BYTE UE_CFLAGS = UE_RFLAGS; -#else -const BYTE UE_CFLAGS = UE_EFLAGS; -#endif -const BYTE UE_SEG_GS = 37; -const BYTE UE_SEG_FS = 38; -const BYTE UE_SEG_ES = 39; -const BYTE UE_SEG_DS = 40; -const BYTE UE_SEG_CS = 41; -const BYTE UE_SEG_SS = 42; - -typedef struct -{ - DWORD PE32Offset; - DWORD ImageBase; - DWORD OriginalEntryPoint; - DWORD BaseOfCode; - DWORD BaseOfData; - DWORD NtSizeOfImage; - DWORD NtSizeOfHeaders; - WORD SizeOfOptionalHeaders; - DWORD FileAlignment; - DWORD SectionAligment; - DWORD ImportTableAddress; - DWORD ImportTableSize; - DWORD ResourceTableAddress; - DWORD ResourceTableSize; - DWORD ExportTableAddress; - DWORD ExportTableSize; - DWORD TLSTableAddress; - DWORD TLSTableSize; - DWORD RelocationTableAddress; - DWORD RelocationTableSize; - DWORD TimeDateStamp; - WORD SectionNumber; - DWORD CheckSum; - WORD SubSystem; - WORD Characteristics; - DWORD NumberOfRvaAndSizes; -} PE32Struct, *PPE32Struct; - -typedef struct -{ - DWORD PE64Offset; - DWORD64 ImageBase; - DWORD OriginalEntryPoint; - DWORD BaseOfCode; - DWORD BaseOfData; - DWORD NtSizeOfImage; - DWORD NtSizeOfHeaders; - WORD SizeOfOptionalHeaders; - DWORD FileAlignment; - DWORD SectionAligment; - DWORD ImportTableAddress; - DWORD ImportTableSize; - DWORD ResourceTableAddress; - DWORD ResourceTableSize; - DWORD ExportTableAddress; - DWORD ExportTableSize; - DWORD TLSTableAddress; - DWORD TLSTableSize; - DWORD RelocationTableAddress; - DWORD RelocationTableSize; - DWORD TimeDateStamp; - WORD SectionNumber; - DWORD CheckSum; - WORD SubSystem; - WORD Characteristics; - DWORD NumberOfRvaAndSizes; -} PE64Struct, *PPE64Struct; - -#if defined(_WIN64) -typedef PE64Struct PEStruct; -#else -typedef PE32Struct PEStruct; -#endif - -typedef struct -{ - bool NewDll; - int NumberOfImports; - ULONG_PTR ImageBase; - ULONG_PTR BaseImportThunk; - ULONG_PTR ImportThunk; - char* APIName; - char* DLLName; -} ImportEnumData, *PImportEnumData; - -typedef struct -{ - HANDLE hThread; - DWORD dwThreadId; - void* ThreadStartAddress; - void* ThreadLocalBase; - void* TebAddress; - ULONG WaitTime; - LONG Priority; - LONG BasePriority; - ULONG ContextSwitches; - ULONG ThreadState; - ULONG WaitReason; -} THREAD_ITEM_DATA, *PTHREAD_ITEM_DATA; - -typedef struct -{ - HANDLE hFile; - void* BaseOfDll; - HANDLE hFileMapping; - void* hFileMappingView; - char szLibraryPath[MAX_PATH]; - char szLibraryName[MAX_PATH]; -} LIBRARY_ITEM_DATA, *PLIBRARY_ITEM_DATA; - -typedef struct -{ - HANDLE hFile; - void* BaseOfDll; - HANDLE hFileMapping; - void* hFileMappingView; - wchar_t szLibraryPath[MAX_PATH]; - wchar_t szLibraryName[MAX_PATH]; -} LIBRARY_ITEM_DATAW, *PLIBRARY_ITEM_DATAW; - -typedef struct -{ - HANDLE hProcess; - DWORD dwProcessId; - HANDLE hThread; - DWORD dwThreadId; - HANDLE hFile; - void* BaseOfImage; - void* ThreadStartAddress; - void* ThreadLocalBase; -} PROCESS_ITEM_DATA, *PPROCESS_ITEM_DATA; - -typedef struct -{ - ULONG ProcessId; - HANDLE hHandle; -} HandlerArray, *PHandlerArray; - -typedef struct -{ - char PluginName[64]; - DWORD PluginMajorVersion; - DWORD PluginMinorVersion; - HMODULE PluginBaseAddress; - void* TitanDebuggingCallBack; - void* TitanRegisterPlugin; - void* TitanReleasePlugin; - void* TitanResetPlugin; - bool PluginDisabled; -} PluginInformation, *PPluginInformation; - -const size_t TEE_MAXIMUM_HOOK_SIZE = 14; -const size_t TEE_MAXIMUM_HOOK_RELOCS = 7; -#if defined(_WIN64) -const size_t TEE_MAXIMUM_HOOK_INSERT_SIZE = 14; -#else -const size_t TEE_MAXIMUM_HOOK_INSERT_SIZE = 5; -#endif - -typedef struct HOOK_ENTRY -{ - bool IATHook; - BYTE HookType; - DWORD HookSize; - void* HookAddress; - void* RedirectionAddress; - BYTE HookBytes[TEE_MAXIMUM_HOOK_SIZE]; - BYTE OriginalBytes[TEE_MAXIMUM_HOOK_SIZE]; - void* IATHookModuleBase; - DWORD IATHookNameHash; - bool HookIsEnabled; - bool HookIsRemote; - void* PatchedEntry; - DWORD RelocationInfo[TEE_MAXIMUM_HOOK_RELOCS]; - int RelocationCount; -} HOOK_ENTRY, *PHOOK_ENTRY; - -const BYTE UE_DEPTH_SURFACE = 0; -const BYTE UE_DEPTH_DEEP = 1; - -const BYTE UE_UNPACKER_CONDITION_SEARCH_FROM_EP = 1; - -const BYTE UE_UNPACKER_CONDITION_LOADLIBRARY = 1; -const BYTE UE_UNPACKER_CONDITION_GETPROCADDRESS = 2; -const BYTE UE_UNPACKER_CONDITION_ENTRYPOINTBREAK = 3; -const BYTE UE_UNPACKER_CONDITION_RELOCSNAPSHOT1 = 4; -const BYTE UE_UNPACKER_CONDITION_RELOCSNAPSHOT2 = 5; - -const BYTE UE_FIELD_OK = 0; -const BYTE UE_FIELD_BROKEN_NON_FIXABLE = 1; -const BYTE UE_FIELD_BROKEN_NON_CRITICAL = 2; -const BYTE UE_FIELD_BROKEN_FIXABLE_FOR_STATIC_USE = 3; -const BYTE UE_FIELD_BROKEN_BUT_CAN_BE_EMULATED = 4; -const BYTE UE_FIELD_FIXABLE_NON_CRITICAL = 5; -const BYTE UE_FIELD_FIXABLE_CRITICAL = 6; -const BYTE UE_FIELD_NOT_PRESET = 7; -const BYTE UE_FIELD_NOT_PRESET_WARNING = 8; - -const BYTE UE_RESULT_FILE_OK = 10; -const BYTE UE_RESULT_FILE_INVALID_BUT_FIXABLE = 11; -const BYTE UE_RESULT_FILE_INVALID_AND_NON_FIXABLE = 12; -const BYTE UE_RESULT_FILE_INVALID_FORMAT = 13; - -typedef struct -{ - BYTE OveralEvaluation; - bool EvaluationTerminatedByException; - bool FileIs64Bit; - bool FileIsDLL; - bool FileIsConsole; - bool MissingDependencies; - bool MissingDeclaredAPIs; - BYTE SignatureMZ; - BYTE SignaturePE; - BYTE EntryPoint; - BYTE ImageBase; - BYTE SizeOfImage; - BYTE FileAlignment; - BYTE SectionAlignment; - BYTE ExportTable; - BYTE RelocationTable; - BYTE ImportTable; - BYTE ImportTableSection; - BYTE ImportTableData; - BYTE IATTable; - BYTE TLSTable; - BYTE LoadConfigTable; - BYTE BoundImportTable; - BYTE COMHeaderTable; - BYTE ResourceTable; - BYTE ResourceData; - BYTE SectionTable; -} FILE_STATUS_INFO, *PFILE_STATUS_INFO; - -typedef struct -{ - BYTE OveralEvaluation; - bool FixingTerminatedByException; - bool FileFixPerformed; - bool StrippedRelocation; - bool DontFixRelocations; - DWORD OriginalRelocationTableAddress; - DWORD OriginalRelocationTableSize; - bool StrippedExports; - bool DontFixExports; - DWORD OriginalExportTableAddress; - DWORD OriginalExportTableSize; - bool StrippedResources; - bool DontFixResources; - DWORD OriginalResourceTableAddress; - DWORD OriginalResourceTableSize; - bool StrippedTLS; - bool DontFixTLS; - DWORD OriginalTLSTableAddress; - DWORD OriginalTLSTableSize; - bool StrippedLoadConfig; - bool DontFixLoadConfig; - DWORD OriginalLoadConfigTableAddress; - DWORD OriginalLoadConfigTableSize; - bool StrippedBoundImports; - bool DontFixBoundImports; - DWORD OriginalBoundImportTableAddress; - DWORD OriginalBoundImportTableSize; - bool StrippedIAT; - bool DontFixIAT; - DWORD OriginalImportAddressTableAddress; - DWORD OriginalImportAddressTableSize; - bool StrippedCOM; - bool DontFixCOM; - DWORD OriginalCOMTableAddress; - DWORD OriginalCOMTableSize; -} FILE_FIX_INFO, *PFILE_FIX_INFO; - -#ifdef __cplusplus -extern "C" { -#endif /*__cplusplus*/ - -// Global.Function.Declaration: -// TitanEngine.Dumper.functions: -__declspec(dllimport) bool TITCALL DumpProcess(HANDLE hProcess, LPVOID ImageBase, char* szDumpFileName, ULONG_PTR EntryPoint); -__declspec(dllimport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBase, wchar_t* szDumpFileName, ULONG_PTR EntryPoint); -__declspec(dllimport) bool TITCALL DumpProcessEx(DWORD ProcessId, LPVOID ImageBase, char* szDumpFileName, ULONG_PTR EntryPoint); -__declspec(dllimport) bool TITCALL DumpProcessExW(DWORD ProcessId, LPVOID ImageBase, wchar_t* szDumpFileName, ULONG_PTR EntryPoint); -__declspec(dllimport) bool TITCALL DumpMemory(HANDLE hProcess, LPVOID MemoryStart, ULONG_PTR MemorySize, char* szDumpFileName); -__declspec(dllimport) bool TITCALL DumpMemoryW(HANDLE hProcess, LPVOID MemoryStart, ULONG_PTR MemorySize, wchar_t* szDumpFileName); -__declspec(dllimport) bool TITCALL DumpMemoryEx(DWORD ProcessId, LPVOID MemoryStart, ULONG_PTR MemorySize, char* szDumpFileName); -__declspec(dllimport) bool TITCALL DumpMemoryExW(DWORD ProcessId, LPVOID MemoryStart, ULONG_PTR MemorySize, wchar_t* szDumpFileName); -__declspec(dllimport) bool TITCALL DumpRegions(HANDLE hProcess, char* szDumpFolder, bool DumpAboveImageBaseOnly); -__declspec(dllimport) bool TITCALL DumpRegionsW(HANDLE hProcess, wchar_t* szDumpFolder, bool DumpAboveImageBaseOnly); -__declspec(dllimport) bool TITCALL DumpRegionsEx(DWORD ProcessId, char* szDumpFolder, bool DumpAboveImageBaseOnly); -__declspec(dllimport) bool TITCALL DumpRegionsExW(DWORD ProcessId, wchar_t* szDumpFolder, bool DumpAboveImageBaseOnly); -__declspec(dllimport) bool TITCALL DumpModule(HANDLE hProcess, LPVOID ModuleBase, char* szDumpFileName); -__declspec(dllimport) bool TITCALL DumpModuleW(HANDLE hProcess, LPVOID ModuleBase, wchar_t* szDumpFileName); -__declspec(dllimport) bool TITCALL DumpModuleEx(DWORD ProcessId, LPVOID ModuleBase, char* szDumpFileName); -__declspec(dllimport) bool TITCALL DumpModuleExW(DWORD ProcessId, LPVOID ModuleBase, wchar_t* szDumpFileName); -__declspec(dllimport) bool TITCALL PastePEHeader(HANDLE hProcess, LPVOID ImageBase, char* szDebuggedFileName); -__declspec(dllimport) bool TITCALL PastePEHeaderW(HANDLE hProcess, LPVOID ImageBase, wchar_t* szDebuggedFileName); -__declspec(dllimport) bool TITCALL ExtractSection(char* szFileName, char* szDumpFileName, DWORD SectionNumber); -__declspec(dllimport) bool TITCALL ExtractSectionW(wchar_t* szFileName, wchar_t* szDumpFileName, DWORD SectionNumber); -__declspec(dllimport) bool TITCALL ResortFileSections(char* szFileName); -__declspec(dllimport) bool TITCALL ResortFileSectionsW(wchar_t* szFileName); -__declspec(dllimport) bool TITCALL FindOverlay(char* szFileName, LPDWORD OverlayStart, LPDWORD OverlaySize); -__declspec(dllimport) bool TITCALL FindOverlayW(wchar_t* szFileName, LPDWORD OverlayStart, LPDWORD OverlaySize); -__declspec(dllimport) bool TITCALL ExtractOverlay(char* szFileName, char* szExtractedFileName); -__declspec(dllimport) bool TITCALL ExtractOverlayW(wchar_t* szFileName, wchar_t* szExtractedFileName); -__declspec(dllimport) bool TITCALL AddOverlay(char* szFileName, char* szOverlayFileName); -__declspec(dllimport) bool TITCALL AddOverlayW(wchar_t* szFileName, wchar_t* szOverlayFileName); -__declspec(dllimport) bool TITCALL CopyOverlay(char* szInFileName, char* szOutFileName); -__declspec(dllimport) bool TITCALL CopyOverlayW(wchar_t* szInFileName, wchar_t* szOutFileName); -__declspec(dllimport) bool TITCALL RemoveOverlay(char* szFileName); -__declspec(dllimport) bool TITCALL RemoveOverlayW(wchar_t* szFileName); -__declspec(dllimport) bool TITCALL MakeAllSectionsRWE(char* szFileName); -__declspec(dllimport) bool TITCALL MakeAllSectionsRWEW(wchar_t* szFileName); -__declspec(dllimport) long TITCALL AddNewSectionEx(char* szFileName, char* szSectionName, DWORD SectionSize, DWORD SectionAttributes, LPVOID SectionContent, DWORD ContentSize); -__declspec(dllimport) long TITCALL AddNewSectionExW(wchar_t* szFileName, char* szSectionName, DWORD SectionSize, DWORD SectionAttributes, LPVOID SectionContent, DWORD ContentSize); -__declspec(dllimport) long TITCALL AddNewSection(char* szFileName, char* szSectionName, DWORD SectionSize); -__declspec(dllimport) long TITCALL AddNewSectionW(wchar_t* szFileName, char* szSectionName, DWORD SectionSize); -__declspec(dllimport) bool TITCALL ResizeLastSection(char* szFileName, DWORD NumberOfExpandBytes, bool AlignResizeData); -__declspec(dllimport) bool TITCALL ResizeLastSectionW(wchar_t* szFileName, DWORD NumberOfExpandBytes, bool AlignResizeData); -__declspec(dllimport) void TITCALL SetSharedOverlay(char* szFileName); -__declspec(dllimport) void TITCALL SetSharedOverlayW(wchar_t* szFileName); -__declspec(dllimport) char* TITCALL GetSharedOverlay(); -__declspec(dllimport) wchar_t* TITCALL GetSharedOverlayW(); -__declspec(dllimport) bool TITCALL DeleteLastSection(char* szFileName); -__declspec(dllimport) bool TITCALL DeleteLastSectionW(wchar_t* szFileName); -__declspec(dllimport) bool TITCALL DeleteLastSectionEx(char* szFileName, DWORD NumberOfSections); -__declspec(dllimport) bool TITCALL DeleteLastSectionExW(wchar_t* szFileName, DWORD NumberOfSections); -__declspec(dllimport) ULONG_PTR TITCALL GetPE32DataFromMappedFile(ULONG_PTR FileMapVA, DWORD WhichSection, DWORD WhichData); -__declspec(dllimport) ULONG_PTR TITCALL GetPE32Data(char* szFileName, DWORD WhichSection, DWORD WhichData); -__declspec(dllimport) ULONG_PTR TITCALL GetPE32DataW(const wchar_t* szFileName, DWORD WhichSection, DWORD WhichData); -__declspec(dllimport) bool TITCALL GetPE32DataFromMappedFileEx(ULONG_PTR FileMapVA, LPVOID DataStorage); -__declspec(dllimport) bool TITCALL GetPE32DataEx(char* szFileName, LPVOID DataStorage); -__declspec(dllimport) bool TITCALL GetPE32DataExW(wchar_t* szFileName, LPVOID DataStorage); -__declspec(dllimport) bool TITCALL SetPE32DataForMappedFile(ULONG_PTR FileMapVA, DWORD WhichSection, DWORD WhichData, ULONG_PTR NewDataValue); -__declspec(dllimport) bool TITCALL SetPE32Data(char* szFileName, DWORD WhichSection, DWORD WhichData, ULONG_PTR NewDataValue); -__declspec(dllimport) bool TITCALL SetPE32DataW(wchar_t* szFileName, DWORD WhichSection, DWORD WhichData, ULONG_PTR NewDataValue); -__declspec(dllimport) bool TITCALL SetPE32DataForMappedFileEx(ULONG_PTR FileMapVA, LPVOID DataStorage); -__declspec(dllimport) bool TITCALL SetPE32DataEx(char* szFileName, LPVOID DataStorage); -__declspec(dllimport) bool TITCALL SetPE32DataExW(wchar_t* szFileName, LPVOID DataStorage); -__declspec(dllimport) long TITCALL GetPE32SectionNumberFromVA(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert); -__declspec(dllimport) ULONG_PTR TITCALL ConvertVAtoFileOffset(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType); -__declspec(dllimport) ULONG_PTR TITCALL ConvertVAtoFileOffsetEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool AddressIsRVA, bool ReturnType); -__declspec(dllimport) ULONG_PTR TITCALL ConvertFileOffsetToVA(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType); -__declspec(dllimport) ULONG_PTR TITCALL ConvertFileOffsetToVAEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool ReturnType); -__declspec(dllimport) bool TITCALL MemoryReadSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T* lpNumberOfBytesRead); -__declspec(dllimport) bool TITCALL MemoryWriteSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID lpBuffer, SIZE_T nSize, SIZE_T* lpNumberOfBytesWritten); -// TitanEngine.Realigner.functions: -__declspec(dllimport) bool TITCALL FixHeaderCheckSum(char* szFileName); -__declspec(dllimport) bool TITCALL FixHeaderCheckSumW(wchar_t* szFileName); -__declspec(dllimport) long TITCALL RealignPE(ULONG_PTR FileMapVA, DWORD FileSize, DWORD RealingMode); -__declspec(dllimport) long TITCALL RealignPEEx(char* szFileName, DWORD RealingFileSize, DWORD ForcedFileAlignment); -__declspec(dllimport) long TITCALL RealignPEExW(wchar_t* szFileName, DWORD RealingFileSize, DWORD ForcedFileAlignment); -__declspec(dllimport) bool TITCALL WipeSection(char* szFileName, int WipeSectionNumber, bool RemovePhysically); -__declspec(dllimport) bool TITCALL WipeSectionW(wchar_t* szFileName, int WipeSectionNumber, bool RemovePhysically); -__declspec(dllimport) bool TITCALL IsPE32FileValidEx(char* szFileName, DWORD CheckDepth, LPVOID FileStatusInfo); -__declspec(dllimport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD CheckDepth, LPVOID FileStatusInfo); -__declspec(dllimport) bool TITCALL FixBrokenPE32FileEx(char* szFileName, LPVOID FileStatusInfo, LPVOID FileFixInfo); -__declspec(dllimport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPVOID FileStatusInfo, LPVOID FileFixInfo); -__declspec(dllimport) bool TITCALL IsFileDLL(char* szFileName, ULONG_PTR FileMapVA); -__declspec(dllimport) bool TITCALL IsFileDLLW(wchar_t* szFileName, ULONG_PTR FileMapVA); -// TitanEngine.Hider.functions: -__declspec(dllimport) void* TITCALL GetPEBLocation(HANDLE hProcess); -__declspec(dllimport) void* TITCALL GetPEBLocation64(HANDLE hProcess); -__declspec(dllimport) void* TITCALL GetTEBLocation(HANDLE hThread); -__declspec(dllimport) void* TITCALL GetTEBLocation64(HANDLE hThread); -__declspec(dllimport) bool TITCALL HideDebugger(HANDLE hProcess, DWORD PatchAPILevel); -__declspec(dllimport) bool TITCALL UnHideDebugger(HANDLE hProcess, DWORD PatchAPILevel); -// TitanEngine.Relocater.functions: -__declspec(dllimport) void TITCALL RelocaterCleanup(); -__declspec(dllimport) void TITCALL RelocaterInit(DWORD MemorySize, ULONG_PTR OldImageBase, ULONG_PTR NewImageBase); -__declspec(dllimport) void TITCALL RelocaterAddNewRelocation(HANDLE hProcess, ULONG_PTR RelocateAddress, DWORD RelocateState); -__declspec(dllimport) long TITCALL RelocaterEstimatedSize(); -__declspec(dllimport) bool TITCALL RelocaterExportRelocation(ULONG_PTR StorePlace, DWORD StorePlaceRVA, ULONG_PTR FileMapVA); -__declspec(dllimport) bool TITCALL RelocaterExportRelocationEx(char* szFileName, char* szSectionName); -__declspec(dllimport) bool TITCALL RelocaterExportRelocationExW(wchar_t* szFileName, char* szSectionName); -__declspec(dllimport) bool TITCALL RelocaterGrabRelocationTable(HANDLE hProcess, ULONG_PTR MemoryStart, DWORD MemorySize); -__declspec(dllimport) bool TITCALL RelocaterGrabRelocationTableEx(HANDLE hProcess, ULONG_PTR MemoryStart, ULONG_PTR MemorySize, DWORD NtSizeOfImage); -__declspec(dllimport) bool TITCALL RelocaterMakeSnapshot(HANDLE hProcess, char* szSaveFileName, LPVOID MemoryStart, ULONG_PTR MemorySize); -__declspec(dllimport) bool TITCALL RelocaterMakeSnapshotW(HANDLE hProcess, wchar_t* szSaveFileName, LPVOID MemoryStart, ULONG_PTR MemorySize); -__declspec(dllimport) bool TITCALL RelocaterCompareTwoSnapshots(HANDLE hProcess, ULONG_PTR LoadedImageBase, ULONG_PTR NtSizeOfImage, char* szDumpFile1, char* szDumpFile2, ULONG_PTR MemStart); -__declspec(dllimport) bool TITCALL RelocaterCompareTwoSnapshotsW(HANDLE hProcess, ULONG_PTR LoadedImageBase, ULONG_PTR NtSizeOfImage, wchar_t* szDumpFile1, wchar_t* szDumpFile2, ULONG_PTR MemStart); -__declspec(dllimport) bool TITCALL RelocaterChangeFileBase(char* szFileName, ULONG_PTR NewImageBase); -__declspec(dllimport) bool TITCALL RelocaterChangeFileBaseW(wchar_t* szFileName, ULONG_PTR NewImageBase); -__declspec(dllimport) bool TITCALL RelocaterRelocateMemoryBlock(ULONG_PTR FileMapVA, ULONG_PTR MemoryLocation, void* RelocateMemory, DWORD RelocateMemorySize, ULONG_PTR CurrentLoadedBase, ULONG_PTR RelocateBase); -__declspec(dllimport) bool TITCALL RelocaterWipeRelocationTable(char* szFileName); -__declspec(dllimport) bool TITCALL RelocaterWipeRelocationTableW(wchar_t* szFileName); -// TitanEngine.Resourcer.functions: -__declspec(dllimport) ULONG_PTR TITCALL ResourcerLoadFileForResourceUse(char* szFileName); -__declspec(dllimport) ULONG_PTR TITCALL ResourcerLoadFileForResourceUseW(wchar_t* szFileName); -__declspec(dllimport) bool TITCALL ResourcerFreeLoadedFile(LPVOID LoadedFileBase); -__declspec(dllimport) bool TITCALL ResourcerExtractResourceFromFileEx(HMODULE hFile, char* szResourceType, char* szResourceName, char* szExtractedFileName); -__declspec(dllimport) bool TITCALL ResourcerExtractResourceFromFile(char* szFileName, char* szResourceType, char* szResourceName, char* szExtractedFileName); -__declspec(dllimport) bool TITCALL ResourcerExtractResourceFromFileW(wchar_t* szFileName, char* szResourceType, char* szResourceName, char* szExtractedFileName); -__declspec(dllimport) bool TITCALL ResourcerFindResource(char* szFileName, char* szResourceType, DWORD ResourceType, char* szResourceName, DWORD ResourceName, DWORD ResourceLanguage, PULONG_PTR pResourceData, LPDWORD pResourceSize); -__declspec(dllimport) bool TITCALL ResourcerFindResourceW(wchar_t* szFileName, wchar_t* szResourceType, DWORD ResourceType, wchar_t* szResourceName, DWORD ResourceName, DWORD ResourceLanguage, PULONG_PTR pResourceData, LPDWORD pResourceSize); -__declspec(dllimport) bool TITCALL ResourcerFindResourceEx(ULONG_PTR FileMapVA, DWORD FileSize, wchar_t* szResourceType, DWORD ResourceType, wchar_t* szResourceName, DWORD ResourceName, DWORD ResourceLanguage, PULONG_PTR pResourceData, LPDWORD pResourceSize); -__declspec(dllimport) void TITCALL ResourcerEnumerateResource(char* szFileName, void* CallBack); -__declspec(dllimport) void TITCALL ResourcerEnumerateResourceW(wchar_t* szFileName, void* CallBack); -__declspec(dllimport) void TITCALL ResourcerEnumerateResourceEx(ULONG_PTR FileMapVA, DWORD FileSize, void* CallBack); -// TitanEngine.Threader.functions: -__declspec(dllimport) bool TITCALL ThreaderImportRunningThreadData(DWORD ProcessId); -__declspec(dllimport) void* TITCALL ThreaderGetThreadInfo(HANDLE hThread, DWORD ThreadId); -__declspec(dllimport) void TITCALL ThreaderEnumThreadInfo(void* EnumCallBack); -__declspec(dllimport) bool TITCALL ThreaderPauseThread(HANDLE hThread); -__declspec(dllimport) bool TITCALL ThreaderResumeThread(HANDLE hThread); -__declspec(dllimport) bool TITCALL ThreaderTerminateThread(HANDLE hThread, DWORD ThreadExitCode); -__declspec(dllimport) bool TITCALL ThreaderPauseAllThreads(bool LeaveMainRunning); -__declspec(dllimport) bool TITCALL ThreaderResumeAllThreads(bool LeaveMainPaused); -__declspec(dllimport) bool TITCALL ThreaderPauseProcess(); -__declspec(dllimport) bool TITCALL ThreaderResumeProcess(); -__declspec(dllimport) ULONG_PTR TITCALL ThreaderCreateRemoteThread(ULONG_PTR ThreadStartAddress, bool AutoCloseTheHandle, LPVOID ThreadPassParameter, LPDWORD ThreadId); -__declspec(dllimport) bool TITCALL ThreaderInjectAndExecuteCode(LPVOID InjectCode, DWORD StartDelta, DWORD InjectSize); -__declspec(dllimport) ULONG_PTR TITCALL ThreaderCreateRemoteThreadEx(HANDLE hProcess, ULONG_PTR ThreadStartAddress, bool AutoCloseTheHandle, LPVOID ThreadPassParameter, LPDWORD ThreadId); -__declspec(dllimport) bool TITCALL ThreaderInjectAndExecuteCodeEx(HANDLE hProcess, LPVOID InjectCode, DWORD StartDelta, DWORD InjectSize); -__declspec(dllimport) void TITCALL ThreaderSetCallBackForNextExitThreadEvent(LPVOID exitThreadCallBack); -__declspec(dllimport) bool TITCALL ThreaderIsThreadStillRunning(HANDLE hThread); -__declspec(dllimport) bool TITCALL ThreaderIsThreadActive(HANDLE hThread); -__declspec(dllimport) bool TITCALL ThreaderIsAnyThreadActive(); -__declspec(dllimport) bool TITCALL ThreaderExecuteOnlyInjectedThreads(); -__declspec(dllimport) ULONG_PTR TITCALL ThreaderGetOpenHandleForThread(DWORD ThreadId); -__declspec(dllimport) bool TITCALL ThreaderIsExceptionInMainThread(); -// TitanEngine.Debugger.functions: -__declspec(dllimport) void* TITCALL StaticDisassembleEx(ULONG_PTR DisassmStart, LPVOID DisassmAddress); -__declspec(dllimport) void* TITCALL StaticDisassemble(LPVOID DisassmAddress); -__declspec(dllimport) void* TITCALL DisassembleEx(HANDLE hProcess, LPVOID DisassmAddress, bool ReturnInstructionType); -__declspec(dllimport) void* TITCALL Disassemble(LPVOID DisassmAddress); -__declspec(dllimport) long TITCALL StaticLengthDisassemble(LPVOID DisassmAddress); -__declspec(dllimport) long TITCALL LengthDisassembleEx(HANDLE hProcess, LPVOID DisassmAddress); -__declspec(dllimport) long TITCALL LengthDisassemble(LPVOID DisassmAddress); -__declspec(dllimport) void* TITCALL InitDebug(char* szFileName, char* szCommandLine, char* szCurrentFolder); -__declspec(dllimport) void* TITCALL InitDebugW(wchar_t* szFileName, wchar_t* szCommandLine, wchar_t* szCurrentFolder); -__declspec(dllimport) void* TITCALL InitNativeDebug(char* szFileName, char* szCommandLine, char* szCurrentFolder); -__declspec(dllimport) void* TITCALL InitNativeDebugW(wchar_t* szFileName, wchar_t* szCommandLine, wchar_t* szCurrentFolder); -__declspec(dllimport) void* TITCALL InitDebugEx(char* szFileName, char* szCommandLine, char* szCurrentFolder, LPVOID EntryCallBack); -__declspec(dllimport) void* TITCALL InitDebugExW(wchar_t* szFileName, wchar_t* szCommandLine, wchar_t* szCurrentFolder, LPVOID EntryCallBack); -__declspec(dllimport) void* TITCALL InitDLLDebug(char* szFileName, bool ReserveModuleBase, char* szCommandLine, char* szCurrentFolder, LPVOID EntryCallBack); -__declspec(dllimport) void* TITCALL InitDLLDebugW(wchar_t* szFileName, bool ReserveModuleBase, wchar_t* szCommandLine, wchar_t* szCurrentFolder, LPVOID EntryCallBack); -__declspec(dllimport) bool TITCALL StopDebug(); -__declspec(dllimport) void TITCALL SetBPXOptions(long DefaultBreakPointType); -__declspec(dllimport) bool TITCALL IsBPXEnabled(ULONG_PTR bpxAddress); -__declspec(dllimport) bool TITCALL EnableBPX(ULONG_PTR bpxAddress); -__declspec(dllimport) bool TITCALL DisableBPX(ULONG_PTR bpxAddress); -__declspec(dllimport) bool TITCALL SetBPX(ULONG_PTR bpxAddress, DWORD bpxType, LPVOID bpxCallBack); -__declspec(dllimport) bool TITCALL DeleteBPX(ULONG_PTR bpxAddress); -__declspec(dllimport) bool TITCALL SafeDeleteBPX(ULONG_PTR bpxAddress); -__declspec(dllimport) bool TITCALL SetAPIBreakPoint(const char* szDLLName, const char* szAPIName, DWORD bpxType, DWORD bpxPlace, LPVOID bpxCallBack); -__declspec(dllimport) bool TITCALL DeleteAPIBreakPoint(const char* szDLLName, const char* szAPIName, DWORD bpxPlace); -__declspec(dllimport) bool TITCALL SafeDeleteAPIBreakPoint(const char* szDLLName, const char* szAPIName, DWORD bpxPlace); -__declspec(dllimport) bool TITCALL SetMemoryBPX(ULONG_PTR MemoryStart, SIZE_T SizeOfMemory, LPVOID bpxCallBack); -__declspec(dllimport) bool TITCALL SetMemoryBPXEx(ULONG_PTR MemoryStart, SIZE_T SizeOfMemory, DWORD BreakPointType, bool RestoreOnHit, LPVOID bpxCallBack); -__declspec(dllimport) bool TITCALL RemoveMemoryBPX(ULONG_PTR MemoryStart, SIZE_T SizeOfMemory); -__declspec(dllimport) bool TITCALL GetContextFPUDataEx(HANDLE hActiveThread, void* FPUSaveArea); -__declspec(dllimport) ULONG_PTR TITCALL GetContextDataEx(HANDLE hActiveThread, DWORD IndexOfRegister); -__declspec(dllimport) ULONG_PTR TITCALL GetContextData(DWORD IndexOfRegister); -__declspec(dllimport) bool TITCALL SetContextFPUDataEx(HANDLE hActiveThread, void* FPUSaveArea); -__declspec(dllimport) bool TITCALL SetContextDataEx(HANDLE hActiveThread, DWORD IndexOfRegister, ULONG_PTR NewRegisterValue); -__declspec(dllimport) bool TITCALL SetContextData(DWORD IndexOfRegister, ULONG_PTR NewRegisterValue); -__declspec(dllimport) void TITCALL ClearExceptionNumber(); -__declspec(dllimport) long TITCALL CurrentExceptionNumber(); -__declspec(dllimport) bool TITCALL MatchPatternEx(HANDLE hProcess, void* MemoryToCheck, int SizeOfMemoryToCheck, void* PatternToMatch, int SizeOfPatternToMatch, PBYTE WildCard); -__declspec(dllimport) bool TITCALL MatchPattern(void* MemoryToCheck, int SizeOfMemoryToCheck, void* PatternToMatch, int SizeOfPatternToMatch, PBYTE WildCard); -__declspec(dllimport) ULONG_PTR TITCALL FindEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, LPBYTE WildCard); -__declspec(dllimport) ULONG_PTR TITCALL Find(LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, LPBYTE WildCard); -__declspec(dllimport) bool TITCALL FillEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, PBYTE FillByte); -__declspec(dllimport) bool TITCALL Fill(LPVOID MemoryStart, DWORD MemorySize, PBYTE FillByte); -__declspec(dllimport) bool TITCALL PatchEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, LPVOID ReplacePattern, DWORD ReplaceSize, bool AppendNOP, bool PrependNOP); -__declspec(dllimport) bool TITCALL Patch(LPVOID MemoryStart, DWORD MemorySize, LPVOID ReplacePattern, DWORD ReplaceSize, bool AppendNOP, bool PrependNOP); -__declspec(dllimport) bool TITCALL ReplaceEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, DWORD NumberOfRepetitions, LPVOID ReplacePattern, DWORD ReplaceSize, PBYTE WildCard); -__declspec(dllimport) bool TITCALL Replace(LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, DWORD NumberOfRepetitions, LPVOID ReplacePattern, DWORD ReplaceSize, PBYTE WildCard); -__declspec(dllimport) void* TITCALL GetDebugData(); -__declspec(dllimport) void* TITCALL GetTerminationData(); -__declspec(dllimport) long TITCALL GetExitCode(); -__declspec(dllimport) ULONG_PTR TITCALL GetDebuggedDLLBaseAddress(); -__declspec(dllimport) ULONG_PTR TITCALL GetDebuggedFileBaseAddress(); -__declspec(dllimport) bool TITCALL GetRemoteString(HANDLE hProcess, LPVOID StringAddress, LPVOID StringStorage, int MaximumStringSize); -__declspec(dllimport) ULONG_PTR TITCALL GetFunctionParameter(HANDLE hProcess, DWORD FunctionType, DWORD ParameterNumber, DWORD ParameterType); -__declspec(dllimport) ULONG_PTR TITCALL GetJumpDestinationEx(HANDLE hProcess, ULONG_PTR InstructionAddress, bool JustJumps); -__declspec(dllimport) ULONG_PTR TITCALL GetJumpDestination(HANDLE hProcess, ULONG_PTR InstructionAddress); -__declspec(dllimport) bool TITCALL IsJumpGoingToExecuteEx(HANDLE hProcess, HANDLE hThread, ULONG_PTR InstructionAddress, ULONG_PTR RegFlags); -__declspec(dllimport) bool TITCALL IsJumpGoingToExecute(); -__declspec(dllimport) void TITCALL SetCustomHandler(DWORD ExceptionId, LPVOID CallBack); -__declspec(dllimport) void TITCALL ForceClose(); -__declspec(dllimport) void TITCALL StepInto(LPVOID traceCallBack); -__declspec(dllimport) void TITCALL StepOver(LPVOID traceCallBack); -__declspec(dllimport) void TITCALL StepOut(LPVOID StepOut, bool StepFinal); -__declspec(dllimport) void TITCALL SingleStep(DWORD StepCount, LPVOID StepCallBack); -__declspec(dllimport) bool TITCALL GetUnusedHardwareBreakPointRegister(LPDWORD RegisterIndex); -__declspec(dllimport) bool TITCALL SetHardwareBreakPointEx(HANDLE hActiveThread, ULONG_PTR bpxAddress, DWORD IndexOfRegister, DWORD bpxType, DWORD bpxSize, LPVOID bpxCallBack, LPDWORD IndexOfSelectedRegister); -__declspec(dllimport) bool TITCALL SetHardwareBreakPoint(ULONG_PTR bpxAddress, DWORD IndexOfRegister, DWORD bpxType, DWORD bpxSize, LPVOID bpxCallBack); -__declspec(dllimport) bool TITCALL DeleteHardwareBreakPoint(DWORD IndexOfRegister); -__declspec(dllimport) bool TITCALL RemoveAllBreakPoints(DWORD RemoveOption); -__declspec(dllexport) PROCESS_INFORMATION* TITCALL TitanGetProcessInformation(); -__declspec(dllexport) STARTUPINFOW* TITCALL TitanGetStartupInformation(); -__declspec(dllimport) void TITCALL DebugLoop(); -__declspec(dllimport) void TITCALL SetDebugLoopTimeOut(DWORD TimeOut); -__declspec(dllimport) void TITCALL SetNextDbgContinueStatus(DWORD SetDbgCode); -__declspec(dllimport) bool TITCALL AttachDebugger(DWORD ProcessId, bool KillOnExit, LPVOID DebugInfo, LPVOID CallBack); -__declspec(dllimport) bool TITCALL DetachDebugger(DWORD ProcessId); -__declspec(dllimport) bool TITCALL DetachDebuggerEx(DWORD ProcessId); -__declspec(dllimport) void TITCALL DebugLoopEx(DWORD TimeOut); -__declspec(dllimport) void TITCALL AutoDebugEx(char* szFileName, bool ReserveModuleBase, char* szCommandLine, char* szCurrentFolder, DWORD TimeOut, LPVOID EntryCallBack); -__declspec(dllimport) void TITCALL AutoDebugExW(wchar_t* szFileName, bool ReserveModuleBase, wchar_t* szCommandLine, wchar_t* szCurrentFolder, DWORD TimeOut, LPVOID EntryCallBack); -__declspec(dllimport) bool TITCALL IsFileBeingDebugged(); -__declspec(dllimport) void TITCALL SetErrorModel(bool DisplayErrorMessages); -// TitanEngine.FindOEP.functions: -__declspec(dllimport) void TITCALL FindOEPInit(); -__declspec(dllimport) bool TITCALL FindOEPGenerically(char* szFileName, LPVOID TraceInitCallBack, LPVOID CallBack); -__declspec(dllimport) bool TITCALL FindOEPGenericallyW(wchar_t* szFileName, LPVOID TraceInitCallBack, LPVOID CallBack); -// TitanEngine.Importer.functions: -__declspec(dllimport) void TITCALL ImporterAddNewDll(char* szDLLName, ULONG_PTR FirstThunk); -__declspec(dllimport) void TITCALL ImporterAddNewAPI(char* szAPIName, ULONG_PTR ThunkValue); -__declspec(dllimport) void TITCALL ImporterAddNewOrdinalAPI(ULONG_PTR OrdinalNumber, ULONG_PTR ThunkValue); -__declspec(dllimport) long TITCALL ImporterGetAddedDllCount(); -__declspec(dllimport) long TITCALL ImporterGetAddedAPICount(); -__declspec(dllimport) bool TITCALL ImporterExportIAT(ULONG_PTR StorePlace, ULONG_PTR FileMapVA, HANDLE hFileMap); -__declspec(dllimport) long TITCALL ImporterEstimatedSize(); -__declspec(dllimport) bool TITCALL ImporterExportIATEx(char* szDumpFileName, char* szExportFileName, char* szSectionName); -__declspec(dllimport) bool TITCALL ImporterExportIATExW(wchar_t* szDumpFileName, wchar_t* szExportFileName, wchar_t* szSectionName = L".RL!TEv2"); -__declspec(dllimport) ULONG_PTR TITCALL ImporterFindAPIWriteLocation(char* szAPIName); -__declspec(dllimport) ULONG_PTR TITCALL ImporterFindOrdinalAPIWriteLocation(ULONG_PTR OrdinalNumber); -__declspec(dllimport) ULONG_PTR TITCALL ImporterFindAPIByWriteLocation(ULONG_PTR APIWriteLocation); -__declspec(dllimport) ULONG_PTR TITCALL ImporterFindDLLByWriteLocation(ULONG_PTR APIWriteLocation); -__declspec(dllimport) void* TITCALL ImporterGetDLLName(ULONG_PTR APIAddress); -__declspec(dllimport) void* TITCALL ImporterGetDLLNameW(ULONG_PTR APIAddress); -__declspec(dllimport) void* TITCALL ImporterGetAPIName(ULONG_PTR APIAddress); -__declspec(dllimport) ULONG_PTR TITCALL ImporterGetAPIOrdinalNumber(ULONG_PTR APIAddress); -__declspec(dllimport) void* TITCALL ImporterGetAPINameEx(ULONG_PTR APIAddress, ULONG_PTR DLLBasesList); -__declspec(dllimport) ULONG_PTR TITCALL ImporterGetRemoteAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress); -__declspec(dllimport) ULONG_PTR TITCALL ImporterGetRemoteAPIAddressEx(char* szDLLName, char* szAPIName); -__declspec(dllimport) ULONG_PTR TITCALL ImporterGetLocalAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress); -__declspec(dllimport) void* TITCALL ImporterGetDLLNameFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress); -__declspec(dllimport) void* TITCALL ImporterGetDLLNameFromDebugeeW(HANDLE hProcess, ULONG_PTR APIAddress); -__declspec(dllimport) void* TITCALL ImporterGetAPINameFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress); -__declspec(dllimport) ULONG_PTR TITCALL ImporterGetAPIOrdinalNumberFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress); -__declspec(dllimport) long TITCALL ImporterGetDLLIndexEx(ULONG_PTR APIAddress, ULONG_PTR DLLBasesList); -__declspec(dllimport) long TITCALL ImporterGetDLLIndex(HANDLE hProcess, ULONG_PTR APIAddress, ULONG_PTR DLLBasesList); -__declspec(dllimport) ULONG_PTR TITCALL ImporterGetRemoteDLLBase(HANDLE hProcess, HMODULE LocalModuleBase); -__declspec(dllimport) ULONG_PTR TITCALL ImporterGetRemoteDLLBaseEx(HANDLE hProcess, char* szModuleName); -__declspec(dllimport) void* TITCALL ImporterGetRemoteDLLBaseExW(HANDLE hProcess, wchar_t* szModuleName); -__declspec(dllimport) bool TITCALL ImporterIsForwardedAPI(HANDLE hProcess, ULONG_PTR APIAddress); -__declspec(dllimport) void* TITCALL ImporterGetForwardedAPIName(HANDLE hProcess, ULONG_PTR APIAddress); -__declspec(dllimport) void* TITCALL ImporterGetForwardedDLLName(HANDLE hProcess, ULONG_PTR APIAddress); -__declspec(dllimport) long TITCALL ImporterGetForwardedDLLIndex(HANDLE hProcess, ULONG_PTR APIAddress, ULONG_PTR DLLBasesList); -__declspec(dllimport) ULONG_PTR TITCALL ImporterGetForwardedAPIOrdinalNumber(HANDLE hProcess, ULONG_PTR APIAddress); -__declspec(dllimport) ULONG_PTR TITCALL ImporterGetNearestAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress); -__declspec(dllimport) void* TITCALL ImporterGetNearestAPIName(HANDLE hProcess, ULONG_PTR APIAddress); -__declspec(dllimport) bool TITCALL ImporterCopyOriginalIAT(char* szOriginalFile, char* szDumpFile); -__declspec(dllimport) bool TITCALL ImporterCopyOriginalIATW(wchar_t* szOriginalFile, wchar_t* szDumpFile); -__declspec(dllimport) bool TITCALL ImporterLoadImportTable(char* szFileName); -__declspec(dllimport) bool TITCALL ImporterLoadImportTableW(wchar_t* szFileName); -__declspec(dllimport) bool TITCALL ImporterMoveOriginalIAT(char* szOriginalFile, char* szDumpFile, char* szSectionName); -__declspec(dllimport) bool TITCALL ImporterMoveOriginalIATW(wchar_t* szOriginalFile, wchar_t* szDumpFile, char* szSectionName); -__declspec(dllimport) void TITCALL ImporterAutoSearchIAT(DWORD ProcessId, char* szFileName, ULONG_PTR SearchStart, LPVOID pIATStart, LPVOID pIATSize); -__declspec(dllimport) void TITCALL ImporterAutoSearchIATW(DWORD ProcessIds, wchar_t* szFileName, ULONG_PTR SearchStart, LPVOID pIATStart, LPVOID pIATSize); -__declspec(dllimport) void TITCALL ImporterAutoSearchIATEx(DWORD ProcessId, ULONG_PTR ImageBase, ULONG_PTR SearchStart, LPVOID pIATStart, LPVOID pIATSize); -__declspec(dllimport) void TITCALL ImporterEnumAddedData(LPVOID EnumCallBack); -__declspec(dllimport) long TITCALL ImporterAutoFixIATEx(DWORD ProcessId, char* szDumpedFile, char* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, bool TryAutoFix, bool FixEliminations, LPVOID UnknownPointerFixCallback); -__declspec(dllimport) long TITCALL ImporterAutoFixIATExW(DWORD ProcessId, wchar_t* szDumpedFile, char* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, bool TryAutoFix, bool FixEliminations, LPVOID UnknownPointerFixCallback); -__declspec(dllimport) long TITCALL ImporterAutoFixIAT(DWORD ProcessId, char* szDumpedFile, ULONG_PTR SearchStart); -__declspec(dllimport) long TITCALL ImporterAutoFixIATW(DWORD ProcessId, wchar_t* szDumpedFile, ULONG_PTR SearchStart); -__declspec(dllimport) bool TITCALL ImporterDeleteAPI(DWORD_PTR apiAddr); -// Global.Engine.Hook.functions: -__declspec(dllimport) bool TITCALL HooksSafeTransitionEx(LPVOID HookAddressArray, int NumberOfHooks, bool TransitionStart); -__declspec(dllimport) bool TITCALL HooksSafeTransition(LPVOID HookAddress, bool TransitionStart); -__declspec(dllimport) bool TITCALL HooksIsAddressRedirected(LPVOID HookAddress); -__declspec(dllimport) void* TITCALL HooksGetTrampolineAddress(LPVOID HookAddress); -__declspec(dllimport) void* TITCALL HooksGetHookEntryDetails(LPVOID HookAddress); -__declspec(dllimport) bool TITCALL HooksInsertNewRedirection(LPVOID HookAddress, LPVOID RedirectTo, int HookType); -__declspec(dllimport) bool TITCALL HooksInsertNewIATRedirectionEx(ULONG_PTR FileMapVA, ULONG_PTR LoadedModuleBase, char* szHookFunction, LPVOID RedirectTo); -__declspec(dllimport) bool TITCALL HooksInsertNewIATRedirection(char* szModuleName, char* szHookFunction, LPVOID RedirectTo); -__declspec(dllimport) bool TITCALL HooksRemoveRedirection(LPVOID HookAddress, bool RemoveAll); -__declspec(dllimport) bool TITCALL HooksRemoveRedirectionsForModule(HMODULE ModuleBase); -__declspec(dllimport) bool TITCALL HooksRemoveIATRedirection(char* szModuleName, char* szHookFunction, bool RemoveAll); -__declspec(dllimport) bool TITCALL HooksDisableRedirection(LPVOID HookAddress, bool DisableAll); -__declspec(dllimport) bool TITCALL HooksDisableRedirectionsForModule(HMODULE ModuleBase); -__declspec(dllimport) bool TITCALL HooksDisableIATRedirection(char* szModuleName, char* szHookFunction, bool DisableAll); -__declspec(dllimport) bool TITCALL HooksEnableRedirection(LPVOID HookAddress, bool EnableAll); -__declspec(dllimport) bool TITCALL HooksEnableRedirectionsForModule(HMODULE ModuleBase); -__declspec(dllimport) bool TITCALL HooksEnableIATRedirection(char* szModuleName, char* szHookFunction, bool EnableAll); -__declspec(dllimport) void TITCALL HooksScanModuleMemory(HMODULE ModuleBase, LPVOID CallBack); -__declspec(dllimport) void TITCALL HooksScanEntireProcessMemory(LPVOID CallBack); -__declspec(dllimport) void TITCALL HooksScanEntireProcessMemoryEx(); -// TitanEngine.Tracer.functions: -__declspec(dllimport) void TITCALL TracerInit(); -__declspec(dllimport) ULONG_PTR TITCALL TracerLevel1(HANDLE hProcess, ULONG_PTR AddressToTrace); -__declspec(dllimport) ULONG_PTR TITCALL HashTracerLevel1(HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD InputNumberOfInstructions); -__declspec(dllimport) long TITCALL TracerDetectRedirection(HANDLE hProcess, ULONG_PTR AddressToTrace); -__declspec(dllimport) ULONG_PTR TITCALL TracerFixKnownRedirection(HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD RedirectionId); -__declspec(dllimport) ULONG_PTR TITCALL TracerFixRedirectionViaModule(HMODULE hModuleHandle, HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD IdParameter); -__declspec(dllimport) ULONG_PTR TITCALL TracerDetectRedirectionViaModule(HMODULE hModuleHandle, HANDLE hProcess, ULONG_PTR AddressToTrace, PDWORD ReturnedId); -__declspec(dllimport) long TITCALL TracerFixRedirectionViaImpRecPlugin(HANDLE hProcess, char* szPluginName, ULONG_PTR AddressToTrace); -// TitanEngine.Exporter.functions: -__declspec(dllimport) void TITCALL ExporterCleanup(); -__declspec(dllimport) void TITCALL ExporterSetImageBase(ULONG_PTR ImageBase); -__declspec(dllimport) void TITCALL ExporterInit(DWORD MemorySize, ULONG_PTR ImageBase, DWORD ExportOrdinalBase, char* szExportModuleName); -__declspec(dllimport) bool TITCALL ExporterAddNewExport(char* szExportName, DWORD ExportRelativeAddress); -__declspec(dllimport) bool TITCALL ExporterAddNewOrdinalExport(DWORD OrdinalNumber, DWORD ExportRelativeAddress); -__declspec(dllimport) long TITCALL ExporterGetAddedExportCount(); -__declspec(dllimport) long TITCALL ExporterEstimatedSize(); -__declspec(dllimport) bool TITCALL ExporterBuildExportTable(ULONG_PTR StorePlace, ULONG_PTR FileMapVA); -__declspec(dllimport) bool TITCALL ExporterBuildExportTableEx(char* szExportFileName, char* szSectionName); -__declspec(dllimport) bool TITCALL ExporterBuildExportTableExW(wchar_t* szExportFileName, char* szSectionName); -__declspec(dllimport) bool TITCALL ExporterLoadExportTable(char* szFileName); -__declspec(dllimport) bool TITCALL ExporterLoadExportTableW(wchar_t* szFileName); -// TitanEngine.Librarian.functions: -__declspec(dllimport) bool TITCALL LibrarianSetBreakPoint(char* szLibraryName, DWORD bpxType, bool SingleShoot, LPVOID bpxCallBack); -__declspec(dllimport) bool TITCALL LibrarianRemoveBreakPoint(char* szLibraryName, DWORD bpxType); -__declspec(dllimport) void* TITCALL LibrarianGetLibraryInfo(char* szLibraryName); -__declspec(dllimport) void* TITCALL LibrarianGetLibraryInfoW(wchar_t* szLibraryName); -__declspec(dllimport) void* TITCALL LibrarianGetLibraryInfoEx(void* BaseOfDll); -__declspec(dllimport) void* TITCALL LibrarianGetLibraryInfoExW(void* BaseOfDll); -__declspec(dllimport) void TITCALL LibrarianEnumLibraryInfo(void* EnumCallBack); -__declspec(dllimport) void TITCALL LibrarianEnumLibraryInfoW(void* EnumCallBack); -// TitanEngine.Process.functions: -__declspec(dllimport) long TITCALL GetActiveProcessId(char* szImageName); -__declspec(dllimport) long TITCALL GetActiveProcessIdW(wchar_t* szImageName); -__declspec(dllimport) void TITCALL EnumProcessesWithLibrary(char* szLibraryName, void* EnumFunction); -__declspec(dllimport) HANDLE TITCALL TitanOpenProcess(DWORD dwDesiredAccess, bool bInheritHandle, DWORD dwProcessId); -__declspec(dllexport) HANDLE TITCALL TitanOpenThread(DWORD dwDesiredAccess, bool bInheritHandle, DWORD dwThreadId); -// TitanEngine.TLSFixer.functions: -__declspec(dllimport) bool TITCALL TLSBreakOnCallBack(LPVOID ArrayOfCallBacks, DWORD NumberOfCallBacks, LPVOID bpxCallBack); -__declspec(dllimport) bool TITCALL TLSGrabCallBackData(char* szFileName, LPVOID ArrayOfCallBacks, LPDWORD NumberOfCallBacks); -__declspec(dllimport) bool TITCALL TLSGrabCallBackDataW(wchar_t* szFileName, LPVOID ArrayOfCallBacks, LPDWORD NumberOfCallBacks); -__declspec(dllimport) bool TITCALL TLSBreakOnCallBackEx(char* szFileName, LPVOID bpxCallBack); -__declspec(dllimport) bool TITCALL TLSBreakOnCallBackExW(wchar_t* szFileName, LPVOID bpxCallBack); -__declspec(dllimport) bool TITCALL TLSRemoveCallback(char* szFileName); -__declspec(dllimport) bool TITCALL TLSRemoveCallbackW(wchar_t* szFileName); -__declspec(dllimport) bool TITCALL TLSRemoveTable(char* szFileName); -__declspec(dllimport) bool TITCALL TLSRemoveTableW(wchar_t* szFileName); -__declspec(dllimport) bool TITCALL TLSBackupData(char* szFileName); -__declspec(dllimport) bool TITCALL TLSBackupDataW(wchar_t* szFileName); -__declspec(dllimport) bool TITCALL TLSRestoreData(); -__declspec(dllimport) bool TITCALL TLSBuildNewTable(ULONG_PTR FileMapVA, ULONG_PTR StorePlace, ULONG_PTR StorePlaceRVA, LPVOID ArrayOfCallBacks, DWORD NumberOfCallBacks); -__declspec(dllimport) bool TITCALL TLSBuildNewTableEx(char* szFileName, char* szSectionName, LPVOID ArrayOfCallBacks, DWORD NumberOfCallBacks); -__declspec(dllimport) bool TITCALL TLSBuildNewTableExW(wchar_t* szFileName, char* szSectionName, LPVOID ArrayOfCallBacks, DWORD NumberOfCallBacks); -// TitanEngine.TranslateName.functions: -__declspec(dllimport) void* TITCALL TranslateNativeName(char* szNativeName); -__declspec(dllimport) void* TITCALL TranslateNativeNameW(wchar_t* szNativeName); -// TitanEngine.Handler.functions: -__declspec(dllimport) long TITCALL HandlerGetActiveHandleCount(DWORD ProcessId); -__declspec(dllimport) bool TITCALL HandlerIsHandleOpen(DWORD ProcessId, HANDLE hHandle); -__declspec(dllimport) void* TITCALL HandlerGetHandleName(HANDLE hProcess, DWORD ProcessId, HANDLE hHandle, bool TranslateName); -__declspec(dllimport) void* TITCALL HandlerGetHandleNameW(HANDLE hProcess, DWORD ProcessId, HANDLE hHandle, bool TranslateName); -__declspec(dllimport) long TITCALL HandlerEnumerateOpenHandles(DWORD ProcessId, LPVOID HandleBuffer, DWORD MaxHandleCount); -__declspec(dllimport) ULONG_PTR TITCALL HandlerGetHandleDetails(HANDLE hProcess, DWORD ProcessId, HANDLE hHandle, DWORD InformationReturn); -__declspec(dllimport) bool TITCALL HandlerCloseRemoteHandle(HANDLE hProcess, HANDLE hHandle); -__declspec(dllimport) long TITCALL HandlerEnumerateLockHandles(char* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated, LPVOID HandleDataBuffer, DWORD MaxHandleCount); -__declspec(dllimport) long TITCALL HandlerEnumerateLockHandlesW(wchar_t* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated, LPVOID HandleDataBuffer, DWORD MaxHandleCount); -__declspec(dllimport) bool TITCALL HandlerCloseAllLockHandles(char* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated); -__declspec(dllimport) bool TITCALL HandlerCloseAllLockHandlesW(wchar_t* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated); -__declspec(dllimport) bool TITCALL HandlerIsFileLocked(char* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated); -__declspec(dllimport) bool TITCALL HandlerIsFileLockedW(wchar_t* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated); -// TitanEngine.Handler[Mutex].functions: -__declspec(dllimport) long TITCALL HandlerEnumerateOpenMutexes(HANDLE hProcess, DWORD ProcessId, LPVOID HandleBuffer, DWORD MaxHandleCount); -__declspec(dllimport) ULONG_PTR TITCALL HandlerGetOpenMutexHandle(HANDLE hProcess, DWORD ProcessId, char* szMutexString); -__declspec(dllimport) ULONG_PTR TITCALL HandlerGetOpenMutexHandleW(HANDLE hProcess, DWORD ProcessId, wchar_t* szMutexString); -__declspec(dllimport) long TITCALL HandlerGetProcessIdWhichCreatedMutex(char* szMutexString); -__declspec(dllimport) long TITCALL HandlerGetProcessIdWhichCreatedMutexW(wchar_t* szMutexString); -// TitanEngine.Injector.functions: -__declspec(dllimport) bool TITCALL RemoteLoadLibrary(HANDLE hProcess, char* szLibraryFile, bool WaitForThreadExit); -__declspec(dllimport) bool TITCALL RemoteLoadLibraryW(HANDLE hProcess, wchar_t* szLibraryFile, bool WaitForThreadExit); -__declspec(dllimport) bool TITCALL RemoteFreeLibrary(HANDLE hProcess, HMODULE hModule, char* szLibraryFile, bool WaitForThreadExit); -__declspec(dllimport) bool TITCALL RemoteFreeLibraryW(HANDLE hProcess, HMODULE hModule, wchar_t* szLibraryFile, bool WaitForThreadExit); -__declspec(dllimport) bool TITCALL RemoteExitProcess(HANDLE hProcess, DWORD ExitCode); -// TitanEngine.StaticUnpacker.functions: -__declspec(dllimport) bool TITCALL StaticFileLoad(char* szFileName, DWORD DesiredAccess, bool SimulateLoad, LPHANDLE FileHandle, LPDWORD LoadedSize, LPHANDLE FileMap, PULONG_PTR FileMapVA); -__declspec(dllimport) bool TITCALL StaticFileLoadW(wchar_t* szFileName, DWORD DesiredAccess, bool SimulateLoad, LPHANDLE FileHandle, LPDWORD LoadedSize, LPHANDLE FileMap, PULONG_PTR FileMapVA); -__declspec(dllimport) bool TITCALL StaticFileUnload(char* szFileName, bool CommitChanges, HANDLE FileHandle, DWORD LoadedSize, HANDLE FileMap, ULONG_PTR FileMapVA); -__declspec(dllimport) bool TITCALL StaticFileUnloadW(wchar_t* szFileName, bool CommitChanges, HANDLE FileHandle, DWORD LoadedSize, HANDLE FileMap, ULONG_PTR FileMapVA); -__declspec(dllimport) bool TITCALL StaticFileOpen(char* szFileName, DWORD DesiredAccess, LPHANDLE FileHandle, LPDWORD FileSizeLow, LPDWORD FileSizeHigh); -__declspec(dllimport) bool TITCALL StaticFileOpenW(wchar_t* szFileName, DWORD DesiredAccess, LPHANDLE FileHandle, LPDWORD FileSizeLow, LPDWORD FileSizeHigh); -__declspec(dllimport) bool TITCALL StaticFileGetContent(HANDLE FileHandle, DWORD FilePositionLow, LPDWORD FilePositionHigh, void* Buffer, DWORD Size); -__declspec(dllimport) void TITCALL StaticFileClose(HANDLE FileHandle); -__declspec(dllimport) void TITCALL StaticMemoryDecrypt(LPVOID MemoryStart, DWORD MemorySize, DWORD DecryptionType, DWORD DecryptionKeySize, ULONG_PTR DecryptionKey); -__declspec(dllimport) void TITCALL StaticMemoryDecryptEx(LPVOID MemoryStart, DWORD MemorySize, DWORD DecryptionKeySize, void* DecryptionCallBack); -__declspec(dllimport) void TITCALL StaticMemoryDecryptSpecial(LPVOID MemoryStart, DWORD MemorySize, DWORD DecryptionKeySize, DWORD SpecDecryptionType, void* DecryptionCallBack); -__declspec(dllimport) void TITCALL StaticSectionDecrypt(ULONG_PTR FileMapVA, DWORD SectionNumber, bool SimulateLoad, DWORD DecryptionType, DWORD DecryptionKeySize, ULONG_PTR DecryptionKey); -__declspec(dllimport) bool TITCALL StaticMemoryDecompress(void* Source, DWORD SourceSize, void* Destination, DWORD DestinationSize, int Algorithm); -__declspec(dllimport) bool TITCALL StaticRawMemoryCopy(HANDLE hFile, ULONG_PTR FileMapVA, ULONG_PTR VitualAddressToCopy, DWORD Size, bool AddressIsRVA, char* szDumpFileName); -__declspec(dllimport) bool TITCALL StaticRawMemoryCopyW(HANDLE hFile, ULONG_PTR FileMapVA, ULONG_PTR VitualAddressToCopy, DWORD Size, bool AddressIsRVA, wchar_t* szDumpFileName); -__declspec(dllimport) bool TITCALL StaticRawMemoryCopyEx(HANDLE hFile, DWORD RawAddressToCopy, DWORD Size, char* szDumpFileName); -__declspec(dllimport) bool TITCALL StaticRawMemoryCopyExW(HANDLE hFile, DWORD RawAddressToCopy, DWORD Size, wchar_t* szDumpFileName); -__declspec(dllimport) bool TITCALL StaticRawMemoryCopyEx64(HANDLE hFile, DWORD64 RawAddressToCopy, DWORD64 Size, char* szDumpFileName); -__declspec(dllimport) bool TITCALL StaticRawMemoryCopyEx64W(HANDLE hFile, DWORD64 RawAddressToCopy, DWORD64 Size, wchar_t* szDumpFileName); -__declspec(dllimport) bool TITCALL StaticHashMemory(void* MemoryToHash, DWORD SizeOfMemory, void* HashDigest, bool OutputString, int Algorithm); -__declspec(dllimport) bool TITCALL StaticHashFile(char* szFileName, char* HashDigest, bool OutputString, int Algorithm); -__declspec(dllimport) bool TITCALL StaticHashFileW(wchar_t* szFileName, char* HashDigest, bool OutputString, int Algorithm); -// TitanEngine.Engine.functions: -__declspec(dllimport) void TITCALL SetEngineVariable(DWORD VariableId, bool VariableSet); -__declspec(dllimport) bool TITCALL EngineCreateMissingDependencies(char* szFileName, char* szOutputFolder, bool LogCreatedFiles); -__declspec(dllimport) bool TITCALL EngineCreateMissingDependenciesW(wchar_t* szFileName, wchar_t* szOutputFolder, bool LogCreatedFiles); -__declspec(dllimport) bool TITCALL EngineFakeMissingDependencies(HANDLE hProcess); -__declspec(dllimport) bool TITCALL EngineDeleteCreatedDependencies(); -__declspec(dllimport) bool TITCALL EngineCreateUnpackerWindow(char* WindowUnpackerTitle, char* WindowUnpackerLongTitle, char* WindowUnpackerName, char* WindowUnpackerAuthor, void* StartUnpackingCallBack); -__declspec(dllimport) void TITCALL EngineAddUnpackerWindowLogMessage(char* szLogMessage); -__declspec(dllimport) bool TITCALL EngineCheckStructAlignment(DWORD StructureType, ULONG_PTR StructureSize); -// Global.Engine.Extension.Functions: -__declspec(dllimport) bool TITCALL ExtensionManagerIsPluginLoaded(char* szPluginName); -__declspec(dllimport) bool TITCALL ExtensionManagerIsPluginEnabled(char* szPluginName); -__declspec(dllimport) bool TITCALL ExtensionManagerDisableAllPlugins(); -__declspec(dllimport) bool TITCALL ExtensionManagerDisablePlugin(char* szPluginName); -__declspec(dllimport) bool TITCALL ExtensionManagerEnableAllPlugins(); -__declspec(dllimport) bool TITCALL ExtensionManagerEnablePlugin(char* szPluginName); -__declspec(dllimport) bool TITCALL ExtensionManagerUnloadAllPlugins(); -__declspec(dllimport) bool TITCALL ExtensionManagerUnloadPlugin(char* szPluginName); -__declspec(dllimport) void* TITCALL ExtensionManagerGetPluginInfo(char* szPluginName); - -#ifdef __cplusplus -} -#endif /*__cplusplus*/ - -#pragma pack(pop) - -#endif /*TITANENGINE*/ diff --git a/SDK/CPP/TitanEngine.hpp b/SDK/CPP/TitanEngine.hpp deleted file mode 100644 index e4ae837..0000000 --- a/SDK/CPP/TitanEngine.hpp +++ /dev/null @@ -1,2870 +0,0 @@ -#ifndef TITANENGINE_CPP -#define TITANENGINE_CPP - -#define TITCALL - -#if _MSC_VER > 1000 -#pragma once -#endif - -namespace TE -{ - -#include - -namespace UE -{ -#ifdef TITANENGINE -#undef TITANENGINE -#endif - -#include "TitanEngine.h" -} - -// ---- - -enum eStructType : DWORD -{ - UE_STRUCT_PE32STRUCT = UE::UE_STRUCT_PE32STRUCT, - UE_STRUCT_PE64STRUCT = UE::UE_STRUCT_PE64STRUCT, - UE_STRUCT_PESTRUCT = UE::UE_STRUCT_PESTRUCT, - UE_STRUCT_IMPORTENUMDATA = UE::UE_STRUCT_IMPORTENUMDATA, - UE_STRUCT_THREAD_ITEM_DATA = UE::UE_STRUCT_THREAD_ITEM_DATA, - UE_STRUCT_LIBRARY_ITEM_DATA = UE::UE_STRUCT_LIBRARY_ITEM_DATA, - UE_STRUCT_LIBRARY_ITEM_DATAW = UE::UE_STRUCT_LIBRARY_ITEM_DATAW, - UE_STRUCT_PROCESS_ITEM_DATA = UE::UE_STRUCT_PROCESS_ITEM_DATA, - UE_STRUCT_HANDLERARRAY = UE::UE_STRUCT_HANDLERARRAY, - UE_STRUCT_PLUGININFORMATION = UE::UE_STRUCT_PLUGININFORMATION, - UE_STRUCT_HOOK_ENTRY = UE::UE_STRUCT_HOOK_ENTRY, - UE_STRUCT_FILE_STATUS_INFO = UE::UE_STRUCT_FILE_STATUS_INFO, - UE_STRUCT_FILE_FIX_INFO = UE::UE_STRUCT_FILE_FIX_INFO -}; - -enum eHideLevel : DWORD -{ - UE_HIDE_PEBONLY = UE::UE_HIDE_PEBONLY, - UE_HIDE_BASIC = UE::UE_HIDE_BASIC -}; - -enum ePluginCallReason : int -{ - UE_PLUGIN_CALL_REASON_PREDEBUG = UE::UE_PLUGIN_CALL_REASON_PREDEBUG, - UE_PLUGIN_CALL_REASON_EXCEPTION = UE::UE_PLUGIN_CALL_REASON_EXCEPTION, - UE_PLUGIN_CALL_REASON_POSTDEBUG = UE::UE_PLUGIN_CALL_REASON_POSTDEBUG, - UE_PLUGIN_CALL_REASON_UNHANDLEDEXCEPTION = UE::UE_PLUGIN_CALL_REASON_UNHANDLEDEXCEPTION -}; - -enum eHookType : int -{ - TEE_HOOK_NRM_JUMP = UE::TEE_HOOK_NRM_JUMP, - TEE_HOOK_NRM_CALL = UE::TEE_HOOK_NRM_CALL, - TEE_HOOK_IAT = UE::TEE_HOOK_IAT -}; - -enum eEngineVariable : DWORD -{ - UE_ENGINE_ALOW_MODULE_LOADING = UE::UE_ENGINE_ALOW_MODULE_LOADING, - UE_ENGINE_AUTOFIX_FORWARDERS = UE::UE_ENGINE_AUTOFIX_FORWARDERS, - UE_ENGINE_PASS_ALL_EXCEPTIONS = UE::UE_ENGINE_PASS_ALL_EXCEPTIONS, - UE_ENGINE_NO_CONSOLE_WINDOW = UE::UE_ENGINE_NO_CONSOLE_WINDOW, - UE_ENGINE_BACKUP_FOR_CRITICAL_FUNCTIONS = UE::UE_ENGINE_BACKUP_FOR_CRITICAL_FUNCTIONS, - UE_ENGINE_CALL_PLUGIN_CALLBACK = UE::UE_ENGINE_CALL_PLUGIN_CALLBACK, - UE_ENGINE_RESET_CUSTOM_HANDLER = UE::UE_ENGINE_RESET_CUSTOM_HANDLER, - UE_ENGINE_CALL_PLUGIN_DEBUG_CALLBACK = UE::UE_ENGINE_CALL_PLUGIN_DEBUG_CALLBACK, - UE_ENGINE_SET_DEBUG_PRIVILEGE = UE::UE_ENGINE_SET_DEBUG_PRIVILEGE, - UE_ENGINE_SAFE_ATTACH = UE::UE_ENGINE_SAFE_ATTACH, - UE_ENGINE_MEMBP_ALT = UE::UE_ENGINE_MEMBP_ALT; -}; - -enum eBPRemoveOption : DWORD -{ - UE_OPTION_REMOVEALL = UE::UE_OPTION_REMOVEALL, - UE_OPTION_DISABLEALL = UE::UE_OPTION_DISABLEALL, - UE_OPTION_REMOVEALLDISABLED = UE::UE_OPTION_REMOVEALLDISABLED, - UE_OPTION_REMOVEALLENABLED = UE::UE_OPTION_REMOVEALLENABLED -}; - -enum eAccess : DWORD -{ - UE_ACCESS_READ = UE::UE_ACCESS_READ, - UE_ACCESS_WRITE = UE::UE_ACCESS_WRITE, - UE_ACCESS_ALL = UE::UE_ACCESS_ALL -}; - -enum eDecryptionType : DWORD -{ - UE_STATIC_DECRYPTOR_XOR = UE::UE_STATIC_DECRYPTOR_XOR, - UE_STATIC_DECRYPTOR_SUB = UE::UE_STATIC_DECRYPTOR_SUB, - UE_STATIC_DECRYPTOR_ADD = UE::UE_STATIC_DECRYPTOR_ADD -}; - -enum eDecryptionDirection : DWORD -{ - UE_STATIC_DECRYPTOR_FOREWARD = UE::UE_STATIC_DECRYPTOR_FOREWARD, - UE_STATIC_DECRYPTOR_BACKWARD = UE::UE_STATIC_DECRYPTOR_BACKWARD -}; - -enum eDecryptionKeySize : DWORD -{ - UE_STATIC_KEY_SIZE_1 = UE::UE_STATIC_KEY_SIZE_1, - UE_STATIC_KEY_SIZE_2 = UE::UE_STATIC_KEY_SIZE_2, - UE_STATIC_KEY_SIZE_4 = UE::UE_STATIC_KEY_SIZE_4, - UE_STATIC_KEY_SIZE_8 = UE::UE_STATIC_KEY_SIZE_8 -}; - -enum eCompressionAlgorithm : int -{ - UE_STATIC_APLIB = UE::UE_STATIC_APLIB, - UE_STATIC_APLIB_DEPACK = UE::UE_STATIC_APLIB_DEPACK, - UE_STATIC_LZMA = UE::UE_STATIC_LZMA -}; - -enum eHashAlgorithm : int -{ - UE_STATIC_HASH_MD5 = UE::UE_STATIC_HASH_MD5, - UE_STATIC_HASH_SHA1 = UE::UE_STATIC_HASH_SHA1, - UE_STATIC_HASH_CRC32 = UE::UE_STATIC_HASH_CRC32 -}; - -const DWORD UE_RESOURCE_LANGUAGE_ANY = UE::UE_RESOURCE_LANGUAGE_ANY; - -enum ePE32Data : DWORD -{ - UE_PE_OFFSET = UE::UE_PE_OFFSET, - UE_IMAGEBASE = UE::UE_IMAGEBASE, - UE_OEP = UE::UE_OEP, - UE_BASEOFCODE = UE::UE_BASEOFCODE, - UE_BASEOFDATA = UE::UE_BASEOFDATA, - UE_SIZEOFIMAGE = UE::UE_SIZEOFIMAGE, - UE_SIZEOFHEADERS = UE::UE_SIZEOFHEADERS, - UE_SIZEOFOPTIONALHEADER = UE::UE_SIZEOFOPTIONALHEADER, - UE_SECTIONALIGNMENT = UE::UE_SECTIONALIGNMENT, - UE_IMPORTTABLEADDRESS = UE::UE_IMPORTTABLEADDRESS, - UE_IMPORTTABLESIZE = UE::UE_IMPORTTABLESIZE, - UE_RESOURCETABLEADDRESS = UE::UE_RESOURCETABLEADDRESS, - UE_RESOURCETABLESIZE = UE::UE_RESOURCETABLESIZE, - UE_EXPORTTABLEADDRESS = UE::UE_EXPORTTABLEADDRESS, - UE_EXPORTTABLESIZE = UE::UE_EXPORTTABLESIZE, - UE_TLSTABLEADDRESS = UE::UE_TLSTABLEADDRESS, - UE_TLSTABLESIZE = UE::UE_TLSTABLESIZE, - UE_RELOCATIONTABLEADDRESS = UE::UE_RELOCATIONTABLEADDRESS, - UE_RELOCATIONTABLESIZE = UE::UE_RELOCATIONTABLESIZE, - UE_TIMEDATESTAMP = UE::UE_TIMEDATESTAMP, - UE_SECTIONNUMBER = UE::UE_SECTIONNUMBER, - UE_CHECKSUM = UE::UE_CHECKSUM, - UE_SUBSYSTEM = UE::UE_SUBSYSTEM, - UE_CHARACTERISTICS = UE::UE_CHARACTERISTICS, - UE_NUMBEROFRVAANDSIZES = UE::UE_NUMBEROFRVAANDSIZES, - UE_DLLCHARACTERISTICS = UE::UE_DLLCHARACTERISTICS, - UE_SECTIONNAME = UE::UE_SECTIONNAME, - UE_SECTIONVIRTUALOFFSET = UE::UE_SECTIONVIRTUALOFFSET, - UE_SECTIONVIRTUALSIZE = UE::UE_SECTIONVIRTUALSIZE, - UE_SECTIONRAWOFFSET = UE::UE_SECTIONRAWOFFSET, - UE_SECTIONRAWSIZE = UE::UE_SECTIONRAWSIZE, - UE_SECTIONFLAGS = UE::UE_SECTIONFLAGS -}; - -const long UE_VANOTFOUND = UE::UE_VANOTFOUND; - -enum eCustomException : DWORD -{ - UE_CH_BREAKPOINT = UE::UE_CH_BREAKPOINT, - UE_CH_SINGLESTEP = UE::UE_CH_SINGLESTEP, - UE_CH_ACCESSVIOLATION = UE::UE_CH_ACCESSVIOLATION, - UE_CH_ILLEGALINSTRUCTION = UE::UE_CH_ILLEGALINSTRUCTION, - UE_CH_NONCONTINUABLEEXCEPTION = UE::UE_CH_NONCONTINUABLEEXCEPTION, - UE_CH_ARRAYBOUNDSEXCEPTION = UE::UE_CH_ARRAYBOUNDSEXCEPTION, - UE_CH_FLOATDENORMALOPERAND = UE::UE_CH_FLOATDENORMALOPERAND, - UE_CH_FLOATDEVIDEBYZERO = UE::UE_CH_FLOATDEVIDEBYZERO, - UE_CH_INTEGERDEVIDEBYZERO = UE::UE_CH_INTEGERDEVIDEBYZERO, - UE_CH_INTEGEROVERFLOW = UE::UE_CH_INTEGEROVERFLOW, - UE_CH_PRIVILEGEDINSTRUCTION = UE::UE_CH_PRIVILEGEDINSTRUCTION, - UE_CH_PAGEGUARD = UE::UE_CH_PAGEGUARD, - UE_CH_EVERYTHINGELSE = UE::UE_CH_EVERYTHINGELSE, - UE_CH_CREATETHREAD = UE::UE_CH_CREATETHREAD, - UE_CH_EXITTHREAD = UE::UE_CH_EXITTHREAD, - UE_CH_CREATEPROCESS = UE::UE_CH_CREATEPROCESS, - UE_CH_EXITPROCESS = UE::UE_CH_EXITPROCESS, - UE_CH_LOADDLL = UE::UE_CH_LOADDLL, - UE_CH_UNLOADDLL = UE::UE_CH_UNLOADDLL, - UE_CH_OUTPUTDEBUGSTRING = UE::UE_CH_OUTPUTDEBUGSTRING, - UE_CH_AFTEREXCEPTIONPROCESSING = UE::UE_CH_AFTEREXCEPTIONPROCESSING, - UE_CH_SYSTEMBREAKPOINT = UE::UE_CH_SYSTEMBREAKPOINT, - UE_CH_UNHANDLEDEXCEPTION = UE::UE_CH_UNHANDLEDEXCEPTION, - UE_CH_RIPEVENT = UE::UE_CH_RIPEVENT, - UE_CH_DEBUGEVENT = UE::UE_CH_DEBUGEVENT -}; - -enum eHandlerReturnType : DWORD -{ - UE_OPTION_HANDLER_RETURN_HANDLECOUNT = UE::UE_OPTION_HANDLER_RETURN_HANDLECOUNT, - UE_OPTION_HANDLER_RETURN_ACCESS = UE::UE_OPTION_HANDLER_RETURN_ACCESS, - UE_OPTION_HANDLER_RETURN_FLAGS = UE::UE_OPTION_HANDLER_RETURN_FLAGS, - UE_OPTION_HANDLER_RETURN_TYPENAME = UE::UE_OPTION_HANDLER_RETURN_TYPENAME -}; - -enum eBPState -{ - UE_BPXREMOVED = UE::UE_BPXREMOVED, - UE_BPXACTIVE = UE::UE_BPXACTIVE, - UE_BPXINACTIVE = UE::UE_BPXINACTIVE -}; - -enum eBPType -{ - UE_BREAKPOINT = UE::UE_BREAKPOINT, - UE_SINGLESHOOT = UE::UE_SINGLESHOOT, - //UE_HARDWARE = UE::UE_HARDWARE, -}; - -enum eMemoryBPType -{ - UE_MEMORY = UE::UE_MEMORY, - UE_MEMORY_READ = UE::UE_MEMORY_READ, - UE_MEMORY_WRITE = UE::UE_MEMORY_WRITE, - UE_MEMORY_EXECUTE = UE::UE_MEMORY_EXECUTE -}; - -enum eHWBPType : DWORD -{ - UE_HARDWARE_EXECUTE = UE::UE_HARDWARE_EXECUTE, - UE_HARDWARE_WRITE = UE::UE_HARDWARE_WRITE, - UE_HARDWARE_READWRITE = UE::UE_HARDWARE_READWRITE -}; - -enum eHWBPSize : DWORD -{ - UE_HARDWARE_SIZE_1 = UE::UE_HARDWARE_SIZE_1, - UE_HARDWARE_SIZE_2 = UE::UE_HARDWARE_SIZE_2, - UE_HARDWARE_SIZE_4 = UE::UE_HARDWARE_SIZE_4, - UE_HARDWARE_SIZE_8 = UE::UE_HARDWARE_SIZE_8 -}; - -enum eLibraryEvent : DWORD -{ - UE_ON_LIB_LOAD = UE::UE_ON_LIB_LOAD, - UE_ON_LIB_UNLOAD = UE::UE_ON_LIB_UNLOAD, - UE_ON_LIB_ALL = UE::UE_ON_LIB_ALL -}; - -enum eBPPlace : DWORD -{ - UE_APISTART = UE::UE_APISTART, - UE_APIEND = UE::UE_APIEND -}; - -enum ePlatform : int -{ - UE_PLATFORM_x86 = UE::UE_PLATFORM_x86, - UE_PLATFORM_x64 = UE::UE_PLATFORM_x64, - UE_PLATFORM_ALL = UE::UE_PLATFORM_ALL -}; - -enum eFunctionType : DWORD -{ - UE_FUNCTION_STDCALL = UE::UE_FUNCTION_STDCALL, - UE_FUNCTION_CCALL = UE::UE_FUNCTION_CCALL, - UE_FUNCTION_FASTCALL = UE::UE_FUNCTION_FASTCALL, - UE_FUNCTION_STDCALL_RET = UE::UE_FUNCTION_STDCALL_RET, - UE_FUNCTION_CCALL_RET = UE::UE_FUNCTION_CCALL_RET, - UE_FUNCTION_FASTCALL_RET = UE::UE_FUNCTION_FASTCALL_RET, - UE_FUNCTION_STDCALL_CALL = UE::UE_FUNCTION_STDCALL_CALL, - UE_FUNCTION_CCALL_CALL = UE::UE_FUNCTION_CCALL_CALL, - UE_FUNCTION_FASTCALL_CALL = UE::UE_FUNCTION_FASTCALL_CALL -}; - -enum eParameterType : DWORD -{ - UE_PARAMETER_BYTE = UE::UE_PARAMETER_BYTE, - UE_PARAMETER_WORD = UE::UE_PARAMETER_WORD, - UE_PARAMETER_DWORD = UE::UE_PARAMETER_DWORD, - UE_PARAMETER_QWORD = UE::UE_PARAMETER_QWORD, - UE_PARAMETER_PTR_BYTE = UE::UE_PARAMETER_PTR_BYTE, - UE_PARAMETER_PTR_WORD = UE::UE_PARAMETER_PTR_WORD, - UE_PARAMETER_PTR_DWORD = UE::UE_PARAMETER_PTR_DWORD, - UE_PARAMETER_PTR_QWORD = UE::UE_PARAMETER_PTR_QWORD, - UE_PARAMETER_STRING = UE::UE_PARAMETER_STRING, - UE_PARAMETER_UNICODE = UE::UE_PARAMETER_UNICODE -}; - -enum eContextData : DWORD -{ - UE_EAX = UE::UE_EAX, - UE_EBX = UE::UE_EBX, - UE_ECX = UE::UE_ECX, - UE_EDX = UE::UE_EDX, - UE_EDI = UE::UE_EDI, - UE_ESI = UE::UE_ESI, - UE_EBP = UE::UE_EBP, - UE_ESP = UE::UE_ESP, - UE_EIP = UE::UE_EIP, - UE_EFLAGS = UE::UE_EFLAGS, - UE_DR0 = UE::UE_DR0, - UE_DR1 = UE::UE_DR1, - UE_DR2 = UE::UE_DR2, - UE_DR3 = UE::UE_DR3, - UE_DR6 = UE::UE_DR6, - UE_DR7 = UE::UE_DR7, - UE_RAX = UE::UE_RAX, - UE_RBX = UE::UE_RBX, - UE_RCX = UE::UE_RCX, - UE_RDX = UE::UE_RDX, - UE_RDI = UE::UE_RDI, - UE_RSI = UE::UE_RSI, - UE_RBP = UE::UE_RBP, - UE_RSP = UE::UE_RSP, - UE_RIP = UE::UE_RIP, - UE_RFLAGS = UE::UE_RFLAGS, - UE_R8 = UE::UE_R8, - UE_R9 = UE::UE_R9, - UE_R10 = UE::UE_R10, - UE_R11 = UE::UE_R11, - UE_R12 = UE::UE_R12, - UE_R13 = UE::UE_R13, - UE_R14 = UE::UE_R14, - UE_R15 = UE::UE_R15, - UE_CIP = UE::UE_CIP, - UE_CSP = UE::UE_CSP, - UE_SEG_GS = UE::UE_SEG_GS, - UE_SEG_FS = UE::UE_SEG_FS, - UE_SEG_ES = UE::UE_SEG_ES, - UE_SEG_DS = UE::UE_SEG_DS, - UE_SEG_CS = UE::UE_SEG_CS, - UE_SEG_SS = UE::UE_SEG_SS -}; - -enum eCheckDepth : DWORD -{ - UE_DEPTH_SURFACE = UE::UE_DEPTH_SURFACE, - UE_DEPTH_DEEP = UE::UE_DEPTH_DEEP -}; - -enum eFieldState : BYTE -{ - UE_FIELD_OK = UE::UE_FIELD_OK, - UE_FIELD_BROKEN_NON_FIXABLE = UE::UE_FIELD_BROKEN_NON_FIXABLE, - UE_FIELD_BROKEN_NON_CRITICAL = UE::UE_FIELD_BROKEN_NON_CRITICAL, - UE_FIELD_BROKEN_FIXABLE_FOR_STATIC_USE = UE::UE_FIELD_BROKEN_FIXABLE_FOR_STATIC_USE, - UE_FIELD_BROKEN_BUT_CAN_BE_EMULATED = UE::UE_FIELD_BROKEN_BUT_CAN_BE_EMULATED, - UE_FIELD_FIXABLE_NON_CRITICAL = UE::UE_FIELD_FIXABLE_NON_CRITICAL, - UE_FIELD_FIXABLE_CRITICAL = UE::UE_FIELD_FIXABLE_CRITICAL, - UE_FIELD_NOT_PRESET = UE::UE_FIELD_NOT_PRESET, - UE_FIELD_NOT_PRESET_WARNING = UE::UE_FIELD_NOT_PRESET_WARNING -}; - -enum eFileState : BYTE -{ - UE_RESULT_FILE_OK = UE::UE_RESULT_FILE_OK, - UE_RESULT_FILE_INVALID_BUT_FIXABLE = UE::UE_RESULT_FILE_INVALID_BUT_FIXABLE, - UE_RESULT_FILE_INVALID_AND_NON_FIXABLE = UE::UE_RESULT_FILE_INVALID_AND_NON_FIXABLE, - UE_RESULT_FILE_INVALID_FORMAT = UE::UE_RESULT_FILE_INVALID_FORMAT -}; - -// ---- - -class DumperA; -class DumperW; - -class DumperX -{ - friend class DumperA; - friend class DumperW; - -protected: - - typedef UE::PEStruct PEStruct; - - static ULONG_PTR GetPE32DataFromMappedFile(ULONG_PTR FileMapVA, DWORD WhichSection, ePE32Data WhichData) - { - return UE::GetPE32DataFromMappedFile(FileMapVA, WhichSection, WhichData); - } - static bool GetPE32DataFromMappedFileEx(ULONG_PTR FileMapVA, PEStruct* DataStorage) - { - return UE::GetPE32DataFromMappedFileEx(FileMapVA, (void*)DataStorage); - } - static bool SetPE32DataForMappedFile(ULONG_PTR FileMapVA, DWORD WhichSection, ePE32Data WhichData, ULONG_PTR NewDataValue) - { - return UE::SetPE32DataForMappedFile(FileMapVA, WhichSection, WhichData, NewDataValue); - } - static bool SetPE32DataForMappedFileEx(ULONG_PTR FileMapVA, PEStruct* DataStorage) - { - return UE::SetPE32DataForMappedFileEx(FileMapVA, (void*)DataStorage); - } - static long GetPE32SectionNumberFromVA(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert) - { - return UE::GetPE32SectionNumberFromVA(FileMapVA, AddressToConvert); - } - static ULONG_PTR ConvertVAtoFileOffset(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType) - { - return UE::ConvertVAtoFileOffset(FileMapVA, AddressToConvert, ReturnType); - } - static ULONG_PTR ConvertVAtoFileOffsetEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool AddressIsRVA, bool ReturnType) - { - return UE::ConvertVAtoFileOffsetEx(FileMapVA, FileSize, ImageBase, AddressToConvert, AddressIsRVA, ReturnType); - } - static ULONG_PTR ConvertFileOffsetToVA(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType) - { - return UE::ConvertFileOffsetToVA(FileMapVA, AddressToConvert, ReturnType); - } - static ULONG_PTR ConvertFileOffsetToVAEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool ReturnType) - { - return UE::ConvertFileOffsetToVAEx(FileMapVA, FileSize, ImageBase, AddressToConvert, ReturnType); - } - static bool MemoryReadSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T* lpNumberOfBytesRead) - { - return UE::MemoryReadSafe(hProcess, lpBaseAddress, lpBuffer, nSize, lpNumberOfBytesRead); - } - static bool MemoryWriteSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID lpBuffer, SIZE_T nSize, SIZE_T* lpNumberOfBytesWritten) - { - return UE::MemoryWriteSafe(hProcess, lpBaseAddress, lpBuffer, nSize, lpNumberOfBytesWritten); - } -}; - -class DumperA -{ -public: - - static bool DumpProcess(HANDLE hProcess, void* ImageBase, const char* szDumpFileName, ULONG_PTR EntryPoint) - { - return UE::DumpProcess(hProcess, ImageBase, (char*)szDumpFileName, EntryPoint); - } - static bool DumpProcessEx(DWORD ProcessId, void* ImageBase, const char* szDumpFileName, ULONG_PTR EntryPoint) - { - return UE::DumpProcessEx(ProcessId, ImageBase, (char*)szDumpFileName, EntryPoint); - } - static bool DumpMemory(HANDLE hProcess, void* MemoryStart, ULONG_PTR MemorySize, const char* szDumpFileName) - { - return UE::DumpMemory(hProcess, MemoryStart, MemorySize, (char*)szDumpFileName); - } - static bool DumpMemoryEx(DWORD ProcessId, void* MemoryStart, ULONG_PTR MemorySize, const char* szDumpFileName) - { - return UE::DumpMemoryEx(ProcessId, MemoryStart, MemorySize, (char*)szDumpFileName); - } - static bool DumpRegions(HANDLE hProcess, const char* szDumpFolder, bool DumpAboveImageBaseOnly) - { - return UE::DumpRegions(hProcess, (char*)szDumpFolder, DumpAboveImageBaseOnly); - } - static bool DumpRegionsEx(DWORD ProcessId, const char* szDumpFolder, bool DumpAboveImageBaseOnly) - { - return UE::DumpRegionsEx(ProcessId, (char*)szDumpFolder, DumpAboveImageBaseOnly); - } - static bool DumpModule(HANDLE hProcess, void* ModuleBase, const char* szDumpFileName) - { - return UE::DumpModule(hProcess, ModuleBase, (char*)szDumpFileName); - } - static bool DumpModuleEx(DWORD ProcessId, void* ModuleBase, const char* szDumpFileName) - { - return UE::DumpModuleEx(ProcessId, ModuleBase, (char*)szDumpFileName); - } - static bool PastePEHeader(HANDLE hProcess, void* ImageBase, const char* szDebuggedFileName) - { - return UE::PastePEHeader(hProcess, ImageBase, (char*)szDebuggedFileName); - } - static bool ExtractSection(const char* szFileName, const char* szDumpFileName, DWORD SectionNumber) - { - return UE::ExtractSection((char*)szFileName, (char*)szDumpFileName, SectionNumber); - } - static bool ResortFileSections(const char* szFileName) - { - return UE::ResortFileSections((char*)szFileName); - } - static bool FindOverlay(const char* szFileName, DWORD* OverlayStart, DWORD* OverlaySize) - { - return UE::FindOverlay((char*)szFileName, OverlayStart, OverlaySize); - } - static bool ExtractOverlay(const char* szFileName, const char* szExtractedFileName) - { - return UE::ExtractOverlay((char*)szFileName, (char*)szExtractedFileName); - } - static bool AddOverlay(const char* szFileName, const char* szOverlayFileName) - { - return UE::AddOverlay((char*)szFileName, (char*)szOverlayFileName); - } - static bool CopyOverlay(const char* szInFileName, const char* szOutFileName) - { - return UE::CopyOverlay((char*)szInFileName, (char*)szOutFileName); - } - static bool RemoveOverlay(const char* szFileName) - { - return UE::RemoveOverlay((char*)szFileName); - } - static bool MakeAllSectionsRWE(const char* szFileName) - { - return UE::MakeAllSectionsRWE((char*)szFileName); - } - static long AddNewSectionEx(const char* szFileName, const char* szSectionName, DWORD SectionSize, DWORD SectionAttributes, const void* SectionContent, DWORD ContentSize) - { - return UE::AddNewSectionEx((char*)szFileName, (char*)szSectionName, SectionSize, SectionAttributes, (void*)SectionContent, ContentSize); - } - static long AddNewSection(const char* szFileName, const char* szSectionName, DWORD SectionSize) - { - return UE::AddNewSection((char*)szFileName, (char*)szSectionName, SectionSize); - } - static bool ResizeLastSection(const char* szFileName, DWORD NumberOfExpandBytes, bool AlignResizeData) - { - return UE::ResizeLastSection((char*)szFileName, NumberOfExpandBytes, AlignResizeData); - } - static void SetSharedOverlay(const char* szFileName) - { - return UE::SetSharedOverlay((char*)szFileName); - } - static const char* GetSharedOverlay() - { - return UE::GetSharedOverlay(); - } - static bool DeleteLastSection(const char* szFileName) - { - return UE::DeleteLastSection((char*)szFileName); - } - static bool DeleteLastSectionEx(const char* szFileName, DWORD NumberOfSections) - { - return UE::DeleteLastSectionEx((char*)szFileName, NumberOfSections); - } - static ULONG_PTR GetPE32Data(const char* szFileName, DWORD WhichSection, ePE32Data WhichData) - { - return UE::GetPE32Data((char*)szFileName, WhichSection, WhichData); - } - static bool GetPE32DataEx(const char* szFileName, DumperX::PEStruct* DataStorage) - { - return UE::GetPE32DataEx((char*)szFileName, DataStorage); - } - static bool SetPE32Data(const char* szFileName, DWORD WhichSection, ePE32Data WhichData, ULONG_PTR NewDataValue) - { - return UE::SetPE32Data((char*)szFileName, WhichSection, WhichData, NewDataValue); - } - static bool SetPE32DataEx(const char* szFileName, const DumperX::PEStruct* DataStorage) - { - return UE::SetPE32DataEx((char*)szFileName, (void*)DataStorage); - } -}; - -class DumperW -{ -public: - - static bool DumpProcess(HANDLE hProcess, void* ImageBase, const wchar_t* szDumpFileName, ULONG_PTR EntryPoint) - { - return UE::DumpProcessW(hProcess, ImageBase, (wchar_t*)szDumpFileName, EntryPoint); - } - static bool DumpProcessEx(DWORD ProcessId, void* ImageBase, const wchar_t* szDumpFileName, ULONG_PTR EntryPoint) - { - return UE::DumpProcessExW(ProcessId, ImageBase, (wchar_t*)szDumpFileName, EntryPoint); - } - static bool DumpMemory(HANDLE hProcess, void* MemoryStart, ULONG_PTR MemorySize, const wchar_t* szDumpFileName) - { - return UE::DumpMemoryW(hProcess, MemoryStart, MemorySize, (wchar_t*)szDumpFileName); - } - static bool DumpMemoryEx(DWORD ProcessId, void* MemoryStart, ULONG_PTR MemorySize, const wchar_t* szDumpFileName) - { - return UE::DumpMemoryExW(ProcessId, MemoryStart, MemorySize, (wchar_t*)szDumpFileName); - } - static bool DumpRegions(HANDLE hProcess, const wchar_t* szDumpFolder, bool DumpAboveImageBaseOnly) - { - return UE::DumpRegionsW(hProcess, (wchar_t*)szDumpFolder, DumpAboveImageBaseOnly); - } - static bool DumpRegionsEx(DWORD ProcessId, const wchar_t* szDumpFolder, bool DumpAboveImageBaseOnly) - { - return UE::DumpRegionsExW(ProcessId, (wchar_t*)szDumpFolder, DumpAboveImageBaseOnly); - } - static bool DumpModule(HANDLE hProcess, void* ModuleBase, const wchar_t* szDumpFileName) - { - return UE::DumpModuleW(hProcess, ModuleBase, (wchar_t*)szDumpFileName); - } - static bool DumpModuleEx(DWORD ProcessId, void* ModuleBase, const wchar_t* szDumpFileName) - { - return UE::DumpModuleExW(ProcessId, ModuleBase, (wchar_t*)szDumpFileName); - } - static bool PastePEHeader(HANDLE hProcess, void* ImageBase, const wchar_t* szDebuggedFileName) - { - return UE::PastePEHeaderW(hProcess, ImageBase, (wchar_t*)szDebuggedFileName); - } - static bool ExtractSection(const wchar_t* szFileName, const wchar_t* szDumpFileName, DWORD SectionNumber) - { - return UE::ExtractSectionW((wchar_t*)szFileName, (wchar_t*)szDumpFileName, SectionNumber); - } - static bool ResortFileSections(const wchar_t* szFileName) - { - return UE::ResortFileSectionsW((wchar_t*)szFileName); - } - static bool FindOverlay(const wchar_t* szFileName, DWORD* OverlayStart, DWORD* OverlaySize) - { - return UE::FindOverlayW((wchar_t*)szFileName, OverlayStart, OverlaySize); - } - static bool ExtractOverlay(const wchar_t* szFileName, const wchar_t* szExtractedFileName) - { - return UE::ExtractOverlayW((wchar_t*)szFileName, (wchar_t*)szExtractedFileName); - } - static bool AddOverlay(const wchar_t* szFileName, const wchar_t* szOverlayFileName) - { - return UE::AddOverlayW((wchar_t*)szFileName, (wchar_t*)szOverlayFileName); - } - static bool CopyOverlay(const wchar_t* szInFileName, const wchar_t* szOutFileName) - { - return UE::CopyOverlayW((wchar_t*)szInFileName, (wchar_t*)szOutFileName); - } - static bool RemoveOverlay(const wchar_t* szFileName) - { - return UE::RemoveOverlayW((wchar_t*)szFileName); - } - static bool MakeAllSectionsRWE(const wchar_t* szFileName) - { - return UE::MakeAllSectionsRWEW((wchar_t*)szFileName); - } - static long AddNewSectionEx(const wchar_t* szFileName, const char* szSectionName, DWORD SectionSize, DWORD SectionAttributes, const void* SectionContent, DWORD ContentSize) - { - return UE::AddNewSectionExW((wchar_t*)szFileName, (char*)szSectionName, SectionSize, SectionAttributes, (void*)SectionContent, ContentSize); - } - static long AddNewSection(const wchar_t* szFileName, const char* szSectionName, DWORD SectionSize) - { - return UE::AddNewSectionW((wchar_t*)szFileName, (char*)szSectionName, SectionSize); - } - static bool ResizeLastSection(const wchar_t* szFileName, DWORD NumberOfExpandBytes, bool AlignResizeData) - { - return UE::ResizeLastSectionW((wchar_t*)szFileName, NumberOfExpandBytes, AlignResizeData); - } - static void SetSharedOverlay(const wchar_t* szFileName) - { - return UE::SetSharedOverlayW((wchar_t*)szFileName); - } - static const wchar_t* GetSharedOverlay() - { - return UE::GetSharedOverlayW(); - } - static bool DeleteLastSection(const wchar_t* szFileName) - { - return UE::DeleteLastSectionW((wchar_t*)szFileName); - } - static bool DeleteLastSectionEx(const wchar_t* szFileName, DWORD NumberOfSections) - { - return UE::DeleteLastSectionExW((wchar_t*)szFileName, NumberOfSections); - } - static ULONG_PTR GetPE32Data(const wchar_t* szFileName, DWORD WhichSection, ePE32Data WhichData) - { - return UE::GetPE32DataW((wchar_t*)szFileName, WhichSection, WhichData); - } - static bool GetPE32DataEx(const wchar_t* szFileName, DumperX::PEStruct* DataStorage) - { - return UE::GetPE32DataExW((wchar_t*)szFileName, DataStorage); - } - static bool SetPE32Data(const wchar_t* szFileName, DWORD WhichSection, ePE32Data WhichData, ULONG_PTR NewDataValue) - { - return UE::SetPE32DataW((wchar_t*)szFileName, WhichSection, WhichData, NewDataValue); - } - static bool SetPE32DataEx(const wchar_t* szFileName, const DumperX::PEStruct* DataStorage) - { - return UE::SetPE32DataExW((wchar_t*)szFileName, (void*)DataStorage); - } -}; - -class Dumper : DumperX, DumperA, DumperW -{ -public: - - using DumperX::PEStruct; - - using DumperA::DumpProcess; - using DumperW::DumpProcess; - using DumperA::DumpProcessEx; - using DumperW::DumpProcessEx; - using DumperA::DumpMemory; - using DumperW::DumpMemory; - using DumperA::DumpMemoryEx; - using DumperW::DumpMemoryEx; - using DumperA::DumpRegions; - using DumperW::DumpRegions; - using DumperA::DumpRegionsEx; - using DumperW::DumpRegionsEx; - using DumperA::DumpModule; - using DumperW::DumpModule; - using DumperA::DumpModuleEx; - using DumperW::DumpModuleEx; - using DumperA::PastePEHeader; - using DumperW::PastePEHeader; - using DumperA::ExtractSection; - using DumperW::ExtractSection; - using DumperA::ResortFileSections; - using DumperW::ResortFileSections; - using DumperA::FindOverlay; - using DumperW::FindOverlay; - using DumperA::ExtractOverlay; - using DumperW::ExtractOverlay; - using DumperA::AddOverlay; - using DumperW::AddOverlay; - using DumperA::CopyOverlay; - using DumperW::CopyOverlay; - using DumperA::RemoveOverlay; - using DumperW::RemoveOverlay; - using DumperA::MakeAllSectionsRWE; - using DumperW::MakeAllSectionsRWE; - using DumperA::AddNewSectionEx; - using DumperW::AddNewSectionEx; - using DumperA::AddNewSection; - using DumperW::AddNewSection; - using DumperA::ResizeLastSection; - using DumperW::ResizeLastSection; - using DumperA::SetSharedOverlay; - using DumperW::SetSharedOverlay; -#ifndef UNICODE - using DumperA::GetSharedOverlay; -#else - using DumperW::GetSharedOverlay; -#endif - using DumperA::DeleteLastSection; - using DumperW::DeleteLastSection; - using DumperA::DeleteLastSectionEx; - using DumperW::DeleteLastSectionEx; - using DumperX::GetPE32DataFromMappedFile; - using DumperA::GetPE32Data; - using DumperW::GetPE32Data; - using DumperX::GetPE32DataFromMappedFileEx; - using DumperA::GetPE32DataEx; - using DumperW::GetPE32DataEx; - using DumperX::SetPE32DataForMappedFile; - using DumperA::SetPE32Data; - using DumperW::SetPE32Data; - using DumperX::SetPE32DataForMappedFileEx; - using DumperA::SetPE32DataEx; - using DumperW::SetPE32DataEx; - using DumperX::GetPE32SectionNumberFromVA; - using DumperX::ConvertVAtoFileOffset; - using DumperX::ConvertVAtoFileOffsetEx; - using DumperX::ConvertFileOffsetToVA; - using DumperX::ConvertFileOffsetToVAEx; - using DumperX::MemoryReadSafe; - using DumperX::MemoryWriteSafe; -}; - -class RealignerA; -class RealignerW; - -class RealignerX -{ - friend class RealignerA; - friend class RealignerW; - -protected: - - typedef UE::FILE_STATUS_INFO FILE_STATUS_INFO; - typedef UE::FILE_FIX_INFO FILE_FIX_INFO; - - static long RealignPE(ULONG_PTR FileMapVA, DWORD FileSize, DWORD RealingMode) - { - return UE::RealignPE(FileMapVA, FileSize, RealingMode); - } -}; - -class RealignerA -{ -public: - - static bool FixHeaderCheckSum(const char* szFileName) - { - return UE::FixHeaderCheckSum((char*)szFileName); - } - static long RealignPEEx(const char* szFileName, DWORD RealingFileSize, DWORD ForcedFileAlignment) - { - return UE::RealignPEEx((char*)szFileName, RealingFileSize, ForcedFileAlignment); - } - static bool WipeSection(const char* szFileName, int WipeSectionNumber, bool RemovePhysically) - { - return UE::WipeSection((char*)szFileName, WipeSectionNumber, RemovePhysically); - } - static bool IsPE32FileValidEx(const char* szFileName, eCheckDepth CheckDepth, RealignerX::FILE_STATUS_INFO* FileStatusInfo) - { - return UE::IsPE32FileValidEx((char*)szFileName, CheckDepth, (void*)FileStatusInfo); - } - static bool FixBrokenPE32FileEx(const char* szFileName, const RealignerX::FILE_STATUS_INFO* FileStatusInfo, RealignerX::FILE_FIX_INFO* FileFixInfo) - { - return UE::FixBrokenPE32FileEx((char*)szFileName, (void*)FileStatusInfo, (void*)FileFixInfo); - } - static bool IsFileDLL(const char* szFileName, ULONG_PTR FileMapVA) - { - return UE::IsFileDLL((char*)szFileName, FileMapVA); - } -}; - -class RealignerW -{ -public: - - static bool FixHeaderCheckSum(const wchar_t* szFileName) - { - return UE::FixHeaderCheckSumW((wchar_t*)szFileName); - } - static long RealignPEEx(const wchar_t* szFileName, DWORD RealingFileSize, DWORD ForcedFileAlignment) - { - return UE::RealignPEExW((wchar_t*)szFileName, RealingFileSize, ForcedFileAlignment); - } - static bool WipeSection(const wchar_t* szFileName, int WipeSectionNumber, bool RemovePhysically) - { - return UE::WipeSectionW((wchar_t*)szFileName, WipeSectionNumber, RemovePhysically); - } - static bool IsPE32FileValidEx(const wchar_t* szFileName, eCheckDepth CheckDepth, RealignerX::FILE_STATUS_INFO* FileStatusInfo) - { - return UE::IsPE32FileValidExW((wchar_t*)szFileName, CheckDepth, FileStatusInfo); - } - static bool FixBrokenPE32FileEx(const wchar_t* szFileName, const RealignerX::FILE_STATUS_INFO* FileStatusInfo, RealignerX::FILE_FIX_INFO* FileFixInfo) - { - return UE::FixBrokenPE32FileExW((wchar_t*)szFileName, (void*)FileStatusInfo, (void*)FileFixInfo); - } - static bool IsFileDLL(const wchar_t* szFileName, ULONG_PTR FileMapVA) - { - return UE::IsFileDLLW((wchar_t*)szFileName, FileMapVA); - } -}; - -class Realigner: RealignerX, RealignerA, RealignerW -{ -public: - - using RealignerX::FILE_STATUS_INFO; - using RealignerX::FILE_FIX_INFO; - - using RealignerA::FixHeaderCheckSum; - using RealignerW::FixHeaderCheckSum; - using RealignerX::RealignPE; - using RealignerA::RealignPEEx; - using RealignerW::RealignPEEx; - using RealignerA::WipeSection; - using RealignerW::WipeSection; - using RealignerA::IsPE32FileValidEx; - using RealignerW::IsPE32FileValidEx; - using RealignerA::FixBrokenPE32FileEx; - using RealignerW::FixBrokenPE32FileEx; - using RealignerA::IsFileDLL; - using RealignerW::IsFileDLL; -}; - -class Hider -{ -public: - - static void* GetPEBLocation(HANDLE hProcess) - { - return UE::GetPEBLocation(hProcess); - } - static void* GetPEBLocation64(HANDLE hProcess) - { - return UE::GetPEBLocation64(hProcess); - } - static void* GetTEBLocation(HANDLE hProcess) - { - return UE::GetTEBLocation(hProcess); - } - static void* GetTEBLocation64(HANDLE hProcess) - { - return UE::GetTEBLocation64(hProcess); - } - static bool HideDebugger(HANDLE hProcess, eHideLevel PatchAPILevel) - { - return UE::HideDebugger(hProcess, PatchAPILevel); - } - static bool UnHideDebugger(HANDLE hProcess, eHideLevel PatchAPILevel) - { - return UE::UnHideDebugger(hProcess, PatchAPILevel); - } -}; - -class RelocaterX -{ -protected: - - static void Cleanup() - { - UE::RelocaterCleanup(); - } - static void Init(DWORD MemorySize, ULONG_PTR OldImageBase, ULONG_PTR NewImageBase) - { - UE::RelocaterInit(MemorySize, OldImageBase, NewImageBase); - } - static void AddNewRelocation(HANDLE hProcess, ULONG_PTR RelocateAddress, DWORD RelocateState) - { - UE::RelocaterAddNewRelocation(hProcess, RelocateAddress, RelocateState); - } - static long EstimatedSize() - { - return UE::RelocaterEstimatedSize(); - } - static bool ExportRelocation(ULONG_PTR StorePlace, DWORD StorePlaceRVA, ULONG_PTR FileMapVA) - { - return UE::RelocaterExportRelocation(StorePlace, StorePlaceRVA, FileMapVA); - } - static bool GrabRelocationTable(HANDLE hProcess, ULONG_PTR MemoryStart, DWORD MemorySize) - { - return UE::RelocaterGrabRelocationTable(hProcess, MemoryStart, MemorySize); - } - static bool GrabRelocationTableEx(HANDLE hProcess, ULONG_PTR MemoryStart, ULONG_PTR MemorySize, DWORD NtSizeOfImage) - { - return UE::RelocaterGrabRelocationTableEx(hProcess, MemoryStart, MemorySize, NtSizeOfImage); - } - static bool RelocateMemoryBlock(ULONG_PTR FileMapVA, ULONG_PTR MemoryLocation, void* RelocateMemory, DWORD RelocateMemorySize, ULONG_PTR CurrentLoadedBase, ULONG_PTR RelocateBase) - { - return UE::RelocaterRelocateMemoryBlock(FileMapVA, MemoryLocation, RelocateMemory, RelocateMemorySize, CurrentLoadedBase, RelocateBase); - } -}; - -class RelocaterA -{ -public: - - static bool ExportRelocationEx(const char* szFileName, const char* szSectionName) - { - return UE::RelocaterExportRelocationEx((char*)szFileName, (char*)szSectionName); - } - static bool MakeSnapshot(HANDLE hProcess, const char* szSaveFileName, void* MemoryStart, ULONG_PTR MemorySize) - { - return UE::RelocaterMakeSnapshot(hProcess, (char*)szSaveFileName, MemoryStart, MemorySize); - } - static bool CompareTwoSnapshots(HANDLE hProcess, ULONG_PTR LoadedImageBase, ULONG_PTR NtSizeOfImage, const char* szDumpFile1, const char* szDumpFile2, ULONG_PTR MemStart) - { - return UE::RelocaterCompareTwoSnapshots(hProcess, LoadedImageBase, NtSizeOfImage, (char*)szDumpFile1, (char*)szDumpFile2, MemStart); - } - static bool ChangeFileBase(const char* szFileName, ULONG_PTR NewImageBase) - { - return UE::RelocaterChangeFileBase((char*)szFileName, NewImageBase); - } - static bool WipeRelocationTable(const char* szFileName) - { - return UE::RelocaterWipeRelocationTable((char*)szFileName); - } -}; - -class RelocaterW -{ -public: - - static bool ExportRelocationEx(const wchar_t* szFileName, char* szSectionName) - { - return UE::RelocaterExportRelocationExW((wchar_t*)szFileName, (char*)szSectionName); - } - static bool MakeSnapshot(HANDLE hProcess, const wchar_t* szSaveFileName, void* MemoryStart, ULONG_PTR MemorySize) - { - return UE::RelocaterMakeSnapshotW(hProcess, (wchar_t*)szSaveFileName, MemoryStart, MemorySize); - } - static bool CompareTwoSnapshots(HANDLE hProcess, ULONG_PTR LoadedImageBase, ULONG_PTR NtSizeOfImage, const wchar_t* szDumpFile1, const wchar_t* szDumpFile2, ULONG_PTR MemStart) - { - return UE::RelocaterCompareTwoSnapshotsW(hProcess, LoadedImageBase, NtSizeOfImage, (wchar_t*)szDumpFile1, (wchar_t*)szDumpFile2, MemStart); - } - static bool ChangeFileBase(const wchar_t* szFileName, ULONG_PTR NewImageBase) - { - return UE::RelocaterChangeFileBaseW((wchar_t*)szFileName, NewImageBase); - } - static bool WipeRelocationTable(const wchar_t* szFileName) - { - return UE::RelocaterWipeRelocationTableW((wchar_t*)szFileName); - } -}; - -class Relocater : RelocaterX, RelocaterA, RelocaterW -{ -public: - - using RelocaterX::Cleanup; - using RelocaterX::Init; - using RelocaterX::AddNewRelocation; - using RelocaterX::EstimatedSize; - using RelocaterX::ExportRelocation; - using RelocaterA::ExportRelocationEx; - using RelocaterW::ExportRelocationEx; - using RelocaterX::GrabRelocationTable; - using RelocaterX::GrabRelocationTableEx; - using RelocaterA::MakeSnapshot; - using RelocaterW::MakeSnapshot; - using RelocaterA::CompareTwoSnapshots; - using RelocaterW::CompareTwoSnapshots; - using RelocaterA::ChangeFileBase; - using RelocaterW::ChangeFileBase; - using RelocaterX::RelocateMemoryBlock; - using RelocaterA::WipeRelocationTable; - using RelocaterW::WipeRelocationTable; -}; - -class ResourcerA; -class ResourcerW; - -class ResourcerX -{ - friend class ResourcerA; - friend class ResourcerW; - -protected: - - typedef void(TITCALL* fResourceEnumCallback)(const wchar_t* szResourceType, DWORD ResourceType, const wchar_t* szResourceName, DWORD ResourceName, DWORD ResourceLanguage, DWORD ResourceData, DWORD ResourceSize); - - static bool FreeLoadedFile(void* LoadedFileBase) - { - return UE::ResourcerFreeLoadedFile(LoadedFileBase); - } - static bool ExtractResourceFromFileEx(HMODULE hFile, char* szResourceType, char* szResourceName, char* szExtractedFileName) - { - return UE::ResourcerExtractResourceFromFileEx(hFile, szResourceType, szResourceName, szExtractedFileName); - } - static bool FindResourceEx(ULONG_PTR FileMapVA, DWORD FileSize, wchar_t* szResourceType, DWORD ResourceType, wchar_t* szResourceName, DWORD ResourceName, DWORD ResourceLanguage, ULONG_PTR* pResourceData, DWORD* pResourceSize) - { - return UE::ResourcerFindResourceEx(FileMapVA, FileSize, szResourceType, ResourceType, szResourceName, ResourceName, ResourceLanguage, pResourceData, pResourceSize); - } - static void EnumerateResourceEx(ULONG_PTR FileMapVA, DWORD FileSize, fResourceEnumCallback CallBack) - { - UE::ResourcerEnumerateResourceEx(FileMapVA, FileSize, (void*)CallBack); - } -}; - -class ResourcerA -{ -public: - - static ULONG_PTR LoadFileForResourceUse(char* szFileName) - { - return UE::ResourcerLoadFileForResourceUse(szFileName); - } - static bool ExtractResourceFromFile(char* szFileName, char* szResourceType, char* szResourceName, char* szExtractedFileName) - { - return UE::ResourcerExtractResourceFromFile(szFileName, szResourceType, szResourceName, szExtractedFileName); - } - static bool FindResource(char* szFileName, char* szResourceType, DWORD ResourceType, char* szResourceName, DWORD ResourceName, DWORD ResourceLanguage, ULONG_PTR* pResourceData, DWORD* pResourceSize) - { - return UE::ResourcerFindResource(szFileName, szResourceType, ResourceType, szResourceName, ResourceName, ResourceLanguage, pResourceData, pResourceSize); - } - static void EnumerateResource(char* szFileName, ResourcerX::fResourceEnumCallback CallBack) - { - UE::ResourcerEnumerateResource(szFileName, (void*)CallBack); - } -}; - -class ResourcerW -{ -public: - - static ULONG_PTR LoadFileForResourceUse(wchar_t* szFileName) - { - return UE::ResourcerLoadFileForResourceUseW(szFileName); - } - static bool ExtractResourceFromFile(wchar_t* szFileName, char* szResourceType, char* szResourceName, char* szExtractedFileName) - { - return UE::ResourcerExtractResourceFromFileW(szFileName, szResourceType, szResourceName, szExtractedFileName); - } - static bool FindResource(wchar_t* szFileName, wchar_t* szResourceType, DWORD ResourceType, wchar_t* szResourceName, DWORD ResourceName, DWORD ResourceLanguage, ULONG_PTR* pResourceData, DWORD* pResourceSize) - { - return UE::ResourcerFindResourceW(szFileName, szResourceType, ResourceType, szResourceName, ResourceName, ResourceLanguage, pResourceData, pResourceSize); - } - static void EnumerateResource(wchar_t* szFileName, ResourcerX::fResourceEnumCallback CallBack) - { - UE::ResourcerEnumerateResourceW(szFileName, (void*)CallBack); - } -}; - -class Resourcer : ResourcerX, ResourcerA, ResourcerW -{ -public: - - using ResourcerX::fResourceEnumCallback; - - using ResourcerA::LoadFileForResourceUse; - using ResourcerW::LoadFileForResourceUse; - using ResourcerX::FreeLoadedFile; - using ResourcerX::ExtractResourceFromFileEx; - using ResourcerA::ExtractResourceFromFile; - using ResourcerW::ExtractResourceFromFile; - using ResourcerA::FindResource; - using ResourcerW::FindResource; - using ResourcerX::FindResourceEx; - using ResourcerA::EnumerateResource; - using ResourcerW::EnumerateResource; - using ResourcerX::EnumerateResourceEx; -}; - -class Threader -{ -public: - - typedef UE::THREAD_ITEM_DATA THREAD_ITEM_DATA; - - typedef void(TITCALL* fThreadEnumCallback)(const THREAD_ITEM_DATA* fThreadDetail); - typedef void(TITCALL* fThreadExitCallback)(const EXIT_THREAD_DEBUG_INFO* SpecialDBG); - - static bool ImportRunningThreadData(DWORD ProcessId) - { - return UE::ThreaderImportRunningThreadData(ProcessId); - } - static const THREAD_ITEM_DATA* GetThreadInfo(HANDLE hThread, DWORD ThreadId) - { - return (const THREAD_ITEM_DATA*)UE::ThreaderGetThreadInfo(hThread, ThreadId); - } - static void EnumThreadInfo(fThreadEnumCallback EnumCallBack) - { - UE::ThreaderEnumThreadInfo((void*)EnumCallBack); - } - static bool PauseThread(HANDLE hThread) - { - return UE::ThreaderPauseThread(hThread); - } - static bool ResumeThread(HANDLE hThread) - { - return UE::ThreaderResumeThread(hThread); - } - static bool TerminateThread(HANDLE hThread, DWORD ThreadExitCode) - { - return UE::ThreaderTerminateThread(hThread, ThreadExitCode); - } - static bool PauseAllThreads(bool LeaveMainRunning) - { - return UE::ThreaderPauseAllThreads(LeaveMainRunning); - } - static bool ResumeAllThreads(bool LeaveMainPaused) - { - return UE::ThreaderResumeAllThreads(LeaveMainPaused); - } - static bool PauseProcess() - { - return UE::ThreaderPauseProcess(); - } - static bool ResumeProcess() - { - return UE::ThreaderResumeProcess(); - } - static ULONG_PTR CreateRemoteThread(ULONG_PTR ThreadStartAddress, bool AutoCloseTheHandle, void* ThreadPassParameter, DWORD* ThreadId) - { - return UE::ThreaderCreateRemoteThread(ThreadStartAddress, AutoCloseTheHandle, ThreadPassParameter, ThreadId); - } - static bool InjectAndExecuteCode(void* InjectCode, DWORD StartDelta, DWORD InjectSize) - { - return UE::ThreaderInjectAndExecuteCode(InjectCode, StartDelta, InjectSize); - } - static ULONG_PTR CreateRemoteThreadEx(HANDLE hProcess, ULONG_PTR ThreadStartAddress, bool AutoCloseTheHandle, void* ThreadPassParameter, DWORD* ThreadId) - { - return UE::ThreaderCreateRemoteThreadEx(hProcess, ThreadStartAddress, AutoCloseTheHandle, ThreadPassParameter, ThreadId); - } - static bool InjectAndExecuteCodeEx(HANDLE hProcess, void* InjectCode, DWORD StartDelta, DWORD InjectSize) - { - return UE::ThreaderInjectAndExecuteCodeEx(hProcess, InjectCode, StartDelta, InjectSize); - } - static void SetCallBackForNextExitThreadEvent(fThreadExitCallback exitThreadCallBack) - { - UE::ThreaderSetCallBackForNextExitThreadEvent((void*)exitThreadCallBack); - } - static bool IsThreadStillRunning(HANDLE hThread) - { - return UE::ThreaderIsThreadStillRunning(hThread); - } - static bool IsThreadActive(HANDLE hThread) - { - return UE::ThreaderIsThreadActive(hThread); - } - static bool IsAnyThreadActive() - { - return UE::ThreaderIsAnyThreadActive(); - } - static bool ExecuteOnlyInjectedThreads() - { - return UE::ThreaderExecuteOnlyInjectedThreads(); - } - static ULONG_PTR GetOpenHandleForThread(DWORD ThreadId) - { - return UE::ThreaderGetOpenHandleForThread(ThreadId); - } - static bool IsExceptionInMainThread() - { - return UE::ThreaderIsExceptionInMainThread(); - } - static HANDLE OpenThread(DWORD dwDesiredAccess, bool bInheritHandle, DWORD dwThreadId) - { - return UE::TitanOpenThread(dwDesiredAccess, bInheritHandle, dwThreadId); - } -}; - -// -- - -class DebuggerA; -class DebuggerW; - -class DebuggerX -{ - friend class DebuggerA; - friend class DebuggerW; - -protected: - - typedef void (TITCALL* fBreakPointCallback)(); - typedef void (TITCALL* fCustomHandlerCallback)(const void* ExceptionData); - - static const char* StaticDisassembleEx(ULONG_PTR DisassmStart, const void* DisassmAddress) - { - return (const char*)UE::StaticDisassembleEx(DisassmStart, (void*)DisassmAddress); - } - static const char* StaticDisassemble(const void* DisassmAddress) - { - return (const char*)UE::StaticDisassemble((void*)DisassmAddress); - } - static const char* DisassembleEx(HANDLE hProcess, void* DisassmAddress, bool ReturnInstructionType) - { - return (const char*)UE::DisassembleEx(hProcess, DisassmAddress, ReturnInstructionType); - } - static const char* Disassemble(void* DisassmAddress) - { - return (const char*)UE::Disassemble(DisassmAddress); - } - static long StaticLengthDisassemble(const void* DisassmAddress) - { - return UE::StaticLengthDisassemble((void*)DisassmAddress); - } - static long LengthDisassembleEx(HANDLE hProcess, void* DisassmAddress) - { - return UE::LengthDisassembleEx(hProcess, DisassmAddress); - } - static long LengthDisassemble(void* DisassmAddress) - { - return UE::LengthDisassemble(DisassmAddress); - } - static bool StopDebug() - { - return UE::StopDebug(); - } - static void SetBPXOptions(long DefaultBreakPointType) - { - UE::SetBPXOptions(DefaultBreakPointType); - } - static bool IsBPXEnabled(ULONG_PTR bpxAddress) - { - return UE::IsBPXEnabled(bpxAddress); - } - static bool EnableBPX(ULONG_PTR bpxAddress) - { - return UE::EnableBPX(bpxAddress); - } - static bool DisableBPX(ULONG_PTR bpxAddress) - { - return UE::DisableBPX(bpxAddress); - } - static bool SetBPX(ULONG_PTR bpxAddress, eBPType bpxType, fBreakPointCallback bpxCallBack) - { - return UE::SetBPX(bpxAddress, bpxType, (void*)bpxCallBack); - } - static bool DeleteBPX(ULONG_PTR bpxAddress) - { - return UE::DeleteBPX(bpxAddress); - } - static bool SafeDeleteBPX(ULONG_PTR bpxAddress) - { - return UE::SafeDeleteBPX(bpxAddress); - } - static bool SetAPIBreakPoint(const char* szDLLName, const char* szAPIName, eBPType bpxType, eBPPlace bpxPlace, fBreakPointCallback bpxCallBack) - { - return UE::SetAPIBreakPoint(szDLLName, szAPIName, bpxType, bpxPlace, (void*)bpxCallBack); - } - static bool DeleteAPIBreakPoint(const char* szDLLName, const char* szAPIName, eBPPlace bpxPlace) - { - return UE::DeleteAPIBreakPoint(szDLLName, szAPIName, bpxPlace); - } - static bool SafeDeleteAPIBreakPoint(const char* szDLLName, const char* szAPIName, eBPPlace bpxPlace) - { - return UE::SafeDeleteAPIBreakPoint(szDLLName, szAPIName, bpxPlace); - } - static bool SetMemoryBPX(ULONG_PTR MemoryStart, SIZE_T SizeOfMemory, fBreakPointCallback bpxCallBack) - { - return UE::SetMemoryBPX(MemoryStart, SizeOfMemory, (void*)bpxCallBack); - } - static bool SetMemoryBPXEx(ULONG_PTR MemoryStart, SIZE_T SizeOfMemory, eMemoryBPType BreakPointType, bool RestoreOnHit, fBreakPointCallback bpxCallBack) - { - return UE::SetMemoryBPXEx(MemoryStart, SizeOfMemory, BreakPointType, RestoreOnHit, (void*)bpxCallBack); - } - static bool RemoveMemoryBPX(ULONG_PTR MemoryStart, SIZE_T SizeOfMemory) - { - return UE::RemoveMemoryBPX(MemoryStart, SizeOfMemory); - } -#ifdef _WIN64 - static bool GetContextFPUDataEx(HANDLE hActiveThread, XMM_SAVE_AREA32* FPUSaveArea) -#else - static bool GetContextFPUDataEx(HANDLE hActiveThread, FLOATING_SAVE_AREA* FPUSaveArea) -#endif - { - return UE::GetContextFPUDataEx(hActiveThread, FPUSaveArea); - } - static ULONG_PTR GetContextDataEx(HANDLE hActiveThread, eContextData IndexOfRegister) - { - return UE::GetContextDataEx(hActiveThread, IndexOfRegister); - } - static ULONG_PTR GetContextData(eContextData IndexOfRegister) - { - return UE::GetContextData(IndexOfRegister); - } -#ifdef _WIN64 - static bool SetContextFPUDataEx(HANDLE hActiveThread, const XMM_SAVE_AREA32* FPUSaveArea) -#else - static bool SetContextFPUDataEx(HANDLE hActiveThread, const FLOATING_SAVE_AREA* FPUSaveArea) -#endif - { - return UE::SetContextFPUDataEx(hActiveThread, (void*)FPUSaveArea); - } - static bool SetContextDataEx(HANDLE hActiveThread, eContextData IndexOfRegister, ULONG_PTR NewRegisterValue) - { - return UE::SetContextDataEx(hActiveThread, IndexOfRegister, NewRegisterValue); - } - static bool SetContextData(eContextData IndexOfRegister, ULONG_PTR NewRegisterValue) - { - return UE::SetContextData(IndexOfRegister, NewRegisterValue); - } - static void ClearExceptionNumber() - { - UE::ClearExceptionNumber(); - } - static long CurrentExceptionNumber() - { - return UE::CurrentExceptionNumber(); - } - static bool MatchPatternEx(HANDLE hProcess, void* MemoryToCheck, int SizeOfMemoryToCheck, const void* PatternToMatch, int SizeOfPatternToMatch, const BYTE* WildCard) - { - return UE::MatchPatternEx(hProcess, MemoryToCheck, SizeOfMemoryToCheck, (void*)PatternToMatch, SizeOfPatternToMatch, (BYTE*)WildCard); - } - static bool MatchPattern(void* MemoryToCheck, int SizeOfMemoryToCheck, const void* PatternToMatch, int SizeOfPatternToMatch, const BYTE* WildCard) - { - return UE::MatchPattern(MemoryToCheck, SizeOfMemoryToCheck, (void*)PatternToMatch, SizeOfPatternToMatch, (BYTE*)WildCard); - } - static ULONG_PTR FindEx(HANDLE hProcess, void* MemoryStart, DWORD MemorySize, const void* SearchPattern, DWORD PatternSize, const BYTE* WildCard) - { - return UE::FindEx(hProcess, MemoryStart, MemorySize, (void*)SearchPattern, PatternSize, (BYTE*)WildCard); - } - static ULONG_PTR Find(void* MemoryStart, DWORD MemorySize, const void* SearchPattern, DWORD PatternSize, const BYTE* WildCard) - { - return UE::Find(MemoryStart, MemorySize, (void*)SearchPattern, PatternSize, (BYTE*)WildCard); - } - static bool FillEx(HANDLE hProcess, void* MemoryStart, DWORD MemorySize, const BYTE* FillByte) - { - return UE::FillEx(hProcess, MemoryStart, MemorySize, (BYTE*)FillByte); - } - static bool Fill(void* MemoryStart, DWORD MemorySize, const BYTE* FillByte) - { - return UE::Fill(MemoryStart, MemorySize, (BYTE*)FillByte); - } - static bool PatchEx(HANDLE hProcess, void* MemoryStart, DWORD MemorySize, const void* ReplacePattern, DWORD ReplaceSize, bool AppendNOP, bool PrependNOP) - { - return UE::PatchEx(hProcess, MemoryStart, MemorySize, (void*)ReplacePattern, ReplaceSize, AppendNOP, PrependNOP); - } - static bool Patch(void* MemoryStart, DWORD MemorySize, const void* ReplacePattern, DWORD ReplaceSize, bool AppendNOP, bool PrependNOP) - { - return UE::Patch(MemoryStart, MemorySize, (void*)ReplacePattern, ReplaceSize, AppendNOP, PrependNOP); - } - static bool ReplaceEx(HANDLE hProcess, void* MemoryStart, DWORD MemorySize, const void* SearchPattern, DWORD PatternSize, DWORD NumberOfRepetitions, const void* ReplacePattern, DWORD ReplaceSize, const BYTE* WildCard) - { - return UE::ReplaceEx(hProcess, MemoryStart, MemorySize, (void*)SearchPattern, PatternSize, NumberOfRepetitions, (void*)ReplacePattern, ReplaceSize, (BYTE*)WildCard); - } - static bool Replace(void* MemoryStart, DWORD MemorySize, const void* SearchPattern, DWORD PatternSize, DWORD NumberOfRepetitions, const void* ReplacePattern, DWORD ReplaceSize, const BYTE* WildCard) - { - return UE::Replace(MemoryStart, MemorySize, (void*)SearchPattern, PatternSize, NumberOfRepetitions, (void*)ReplacePattern, ReplaceSize, (BYTE*)WildCard); - } - static const DEBUG_EVENT* GetDebugData() - { - return (const DEBUG_EVENT*)UE::GetDebugData(); - } - static const DEBUG_EVENT* GetTerminationData() - { - return (const DEBUG_EVENT*)UE::GetTerminationData(); - } - static long GetExitCode() - { - return UE::GetExitCode(); - } - static ULONG_PTR GetDebuggedDLLBaseAddress() - { - return UE::GetDebuggedDLLBaseAddress(); - } - static ULONG_PTR GetDebuggedFileBaseAddress() - { - return UE::GetDebuggedFileBaseAddress(); - } - static bool GetRemoteString(HANDLE hProcess, void* StringAddress, void* StringStorage, int MaximumStringSize) - { - return UE::GetRemoteString(hProcess, StringAddress, StringStorage, MaximumStringSize); - } - static ULONG_PTR GetFunctionParameter(HANDLE hProcess, eFunctionType FunctionType, DWORD ParameterNumber, eParameterType ParameterType) - { - return UE::GetFunctionParameter(hProcess, FunctionType, ParameterNumber, ParameterType); - } - static ULONG_PTR GetJumpDestinationEx(HANDLE hProcess, ULONG_PTR InstructionAddress, bool JustJumps) - { - return UE::GetJumpDestinationEx(hProcess, InstructionAddress, JustJumps); - } - static ULONG_PTR GetJumpDestination(HANDLE hProcess, ULONG_PTR InstructionAddress) - { - return UE::GetJumpDestination(hProcess, InstructionAddress); - } - static bool IsJumpGoingToExecuteEx(HANDLE hProcess, HANDLE hThread, ULONG_PTR InstructionAddress, ULONG_PTR RegFlags) - { - return UE::IsJumpGoingToExecuteEx(hProcess, hThread, InstructionAddress, RegFlags); - } - static bool IsJumpGoingToExecute() - { - return UE::IsJumpGoingToExecute(); - } - static void SetCustomHandler(eCustomException ExceptionId, fCustomHandlerCallback CallBack) - { - UE::SetCustomHandler(ExceptionId, (void*)CallBack); - } - static void ForceClose() - { - UE::ForceClose(); - } - static void StepInto(fBreakPointCallback traceCallBack) - { - UE::StepInto((void*)traceCallBack); - } - static void StepOver(fBreakPointCallback traceCallBack) - { - UE::StepOver((void*)traceCallBack); - } - static void StepOut(fBreakPointCallback StepOutCallBack, bool FinalStep) - { - UE::StepOut((void*)StepOutCallBack, FinalStep); - } - static void SingleStep(DWORD StepCount, fBreakPointCallback StepCallBack) - { - UE::SingleStep(StepCount, (void*)StepCallBack); - } - static bool GetUnusedHardwareBreakPointRegister(DWORD* RegisterIndex) - { - return UE::GetUnusedHardwareBreakPointRegister(RegisterIndex); - } - static bool SetHardwareBreakPointEx(HANDLE hActiveThread, ULONG_PTR bpxAddress, DWORD IndexOfRegister, eHWBPType bpxType, eHWBPSize bpxSize, fBreakPointCallback bpxCallBack, DWORD* IndexOfSelectedRegister) - { - return UE::SetHardwareBreakPointEx(hActiveThread, bpxAddress, IndexOfRegister, bpxType, bpxSize, (void*)bpxCallBack, IndexOfSelectedRegister); - } - static bool SetHardwareBreakPoint(ULONG_PTR bpxAddress, DWORD IndexOfRegister, eHWBPType bpxType, eHWBPSize bpxSize, fBreakPointCallback bpxCallBack) - { - return UE::SetHardwareBreakPoint(bpxAddress, IndexOfRegister, bpxType, bpxSize, (void*)bpxCallBack); - } - static bool DeleteHardwareBreakPoint(DWORD IndexOfRegister) - { - return UE::DeleteHardwareBreakPoint(IndexOfRegister); - } - static bool RemoveAllBreakPoints(eBPRemoveOption RemoveOption) - { - return UE::RemoveAllBreakPoints(RemoveOption); - } - static const PROCESS_INFORMATION* GetProcessInformation() - { - return (const PROCESS_INFORMATION*)UE::TitanGetProcessInformation(); - } - static const STARTUPINFOW* GetStartupInformation() - { - return (const STARTUPINFOW*)UE::TitanGetStartupInformation(); - } - static void DebugLoop() - { - UE::DebugLoop(); - } - static void SetDebugLoopTimeOut(DWORD TimeOut) - { - UE::SetDebugLoopTimeOut(TimeOut); - } - static void SetNextDbgContinueStatus(DWORD SetDbgCode) - { - UE::SetNextDbgContinueStatus(SetDbgCode); - } - static bool AttachDebugger(DWORD ProcessId, bool KillOnExit, PROCESS_INFORMATION* DebugInfo, fBreakPointCallback CallBack) - { - return UE::AttachDebugger(ProcessId, KillOnExit, DebugInfo, (void*)CallBack); - } - static bool DetachDebugger(DWORD ProcessId) - { - return UE::DetachDebugger(ProcessId); - } - static bool DetachDebuggerEx(DWORD ProcessId) - { - return UE::DetachDebuggerEx(ProcessId); - } - static void DebugLoopEx(DWORD TimeOut) - { - UE::DebugLoopEx(TimeOut); - } - static bool IsFileBeingDebugged() - { - return UE::IsFileBeingDebugged(); - } - static void SetErrorModel(bool DisplayErrorMessages) - { - UE::SetErrorModel(DisplayErrorMessages); - } -}; - -class DebuggerA -{ -public: - - static const PROCESS_INFORMATION* InitDebug(const char* szFileName, const char* szCommandLine, const char* szCurrentFolder) - { - return (const PROCESS_INFORMATION*)UE::InitDebug((char*)szFileName, (char*)szCommandLine, (char*)szCurrentFolder); - } - static const PROCESS_INFORMATION* InitNativeDebug(const char* szFileName, const char* szCommandLine, const char* szCurrentFolder) - { - return (const PROCESS_INFORMATION*)UE::InitNativeDebug((char*)szFileName, (char*)szCommandLine, (char*)szCurrentFolder); - } - static const PROCESS_INFORMATION* InitDebugEx(const char* szFileName, const char* szCommandLine, const char* szCurrentFolder, DebuggerX::fBreakPointCallback EntryCallBack) - { - return (const PROCESS_INFORMATION*)UE::InitDebugEx((char*)szFileName, (char*)szCommandLine, (char*)szCurrentFolder, (void*)EntryCallBack); - } - static const PROCESS_INFORMATION* InitDLLDebug(const char* szFileName, bool ReserveModuleBase, const char* szCommandLine, const char* szCurrentFolder, DebuggerX::fBreakPointCallback EntryCallBack) - { - return (const PROCESS_INFORMATION*)UE::InitDLLDebug((char*)szFileName, ReserveModuleBase, (char*)szCommandLine, (char*)szCurrentFolder, (void*)EntryCallBack); - } - static void AutoDebugEx(const char* szFileName, bool ReserveModuleBase, const char* szCommandLine, const char* szCurrentFolder, DWORD TimeOut, DebuggerX::fBreakPointCallback EntryCallBack) - { - UE::AutoDebugEx((char*)szFileName, ReserveModuleBase, (char*)szCommandLine, (char*)szCurrentFolder, TimeOut, (void*)EntryCallBack); - } -}; - -class DebuggerW -{ -public: - - static const PROCESS_INFORMATION* InitDebug(const wchar_t* szFileName, const wchar_t* szCommandLine, const wchar_t* szCurrentFolder) - { - return (const PROCESS_INFORMATION*)UE::InitDebugW((wchar_t*)szFileName, (wchar_t*)szCommandLine, (wchar_t*)szCurrentFolder); - } - static const PROCESS_INFORMATION* InitNativeDebug(const wchar_t* szFileName, const wchar_t* szCommandLine, const wchar_t* szCurrentFolder) - { - return (const PROCESS_INFORMATION*)UE::InitNativeDebugW((wchar_t*)szFileName, (wchar_t*)szCommandLine, (wchar_t*)szCurrentFolder); - } - static const PROCESS_INFORMATION* InitDebugEx(const wchar_t* szFileName, const wchar_t* szCommandLine, const wchar_t* szCurrentFolder, DebuggerX::fBreakPointCallback EntryCallBack) - { - return (const PROCESS_INFORMATION*)UE::InitDebugExW((wchar_t*)szFileName, (wchar_t*)szCommandLine, (wchar_t*)szCurrentFolder, (void*)EntryCallBack); - } - static const PROCESS_INFORMATION* InitDLLDebug(const wchar_t* szFileName, bool ReserveModuleBase, const wchar_t* szCommandLine, const wchar_t* szCurrentFolder, DebuggerX::fBreakPointCallback EntryCallBack) - { - return (const PROCESS_INFORMATION*)UE::InitDLLDebugW((wchar_t*)szFileName, ReserveModuleBase, (wchar_t*)szCommandLine, (wchar_t*)szCurrentFolder, (void*)EntryCallBack); - } - static void AutoDebugEx(const wchar_t* szFileName, bool ReserveModuleBase, const wchar_t* szCommandLine, const wchar_t* szCurrentFolder, DWORD TimeOut, DebuggerX::fBreakPointCallback EntryCallBack) - { - UE::AutoDebugExW((wchar_t*)szFileName, ReserveModuleBase, (wchar_t*)szCommandLine, (wchar_t*)szCurrentFolder, TimeOut, (void*)EntryCallBack); - } -}; - -class Debugger : DebuggerX, DebuggerA, DebuggerW -{ -public: - - using DebuggerX::fBreakPointCallback; - using DebuggerX::fCustomHandlerCallback; - - using DebuggerX::StaticDisassembleEx; - using DebuggerX::StaticDisassemble; - using DebuggerX::DisassembleEx; - using DebuggerX::Disassemble; - using DebuggerX::StaticLengthDisassemble; - using DebuggerX::LengthDisassembleEx; - using DebuggerX::LengthDisassemble; - using DebuggerA::InitDebug; - using DebuggerW::InitDebug; - using DebuggerA::InitDebugEx; - using DebuggerW::InitDebugEx; - using DebuggerA::InitDLLDebug; - using DebuggerW::InitDLLDebug; - using DebuggerX::StopDebug; - using DebuggerX::SetBPXOptions; - using DebuggerX::IsBPXEnabled; - using DebuggerX::EnableBPX; - using DebuggerX::DisableBPX; - using DebuggerX::SetBPX; - using DebuggerX::DeleteBPX; - using DebuggerX::SafeDeleteBPX; - using DebuggerX::SetAPIBreakPoint; - using DebuggerX::DeleteAPIBreakPoint; - using DebuggerX::SafeDeleteAPIBreakPoint; - using DebuggerX::SetMemoryBPX; - using DebuggerX::SetMemoryBPXEx; - using DebuggerX::RemoveMemoryBPX; - using DebuggerX::GetContextFPUDataEx; - using DebuggerX::GetContextDataEx; - using DebuggerX::GetContextData; - using DebuggerX::SetContextFPUDataEx; - using DebuggerX::SetContextDataEx; - using DebuggerX::SetContextData; - using DebuggerX::ClearExceptionNumber; - using DebuggerX::CurrentExceptionNumber; - using DebuggerX::MatchPatternEx; - using DebuggerX::MatchPattern; - using DebuggerX::FindEx; - using DebuggerX::Find; - using DebuggerX::FillEx; - using DebuggerX::Fill; - using DebuggerX::PatchEx; - using DebuggerX::Patch; - using DebuggerX::ReplaceEx; - using DebuggerX::Replace; - using DebuggerX::GetDebugData; - using DebuggerX::GetTerminationData; - using DebuggerX::GetExitCode; - using DebuggerX::GetDebuggedDLLBaseAddress; - using DebuggerX::GetDebuggedFileBaseAddress; - using DebuggerX::GetRemoteString; - using DebuggerX::GetFunctionParameter; - using DebuggerX::GetJumpDestinationEx; - using DebuggerX::GetJumpDestination; - using DebuggerX::IsJumpGoingToExecuteEx; - using DebuggerX::IsJumpGoingToExecute; - using DebuggerX::SetCustomHandler; - using DebuggerX::ForceClose; - using DebuggerX::StepInto; - using DebuggerX::StepOver; - using DebuggerX::StepOut; - using DebuggerX::SingleStep; - using DebuggerX::GetUnusedHardwareBreakPointRegister; - using DebuggerX::SetHardwareBreakPointEx; - using DebuggerX::SetHardwareBreakPoint; - using DebuggerX::DeleteHardwareBreakPoint; - using DebuggerX::RemoveAllBreakPoints; - using DebuggerX::GetProcessInformation; - using DebuggerX::GetStartupInformation; - using DebuggerX::DebugLoop; - using DebuggerX::SetDebugLoopTimeOut; - using DebuggerX::SetNextDbgContinueStatus; - using DebuggerX::AttachDebugger; - using DebuggerX::DetachDebugger; - using DebuggerX::DetachDebuggerEx; - using DebuggerX::DebugLoopEx; - using DebuggerA::AutoDebugEx; - using DebuggerW::AutoDebugEx; - using DebuggerX::IsFileBeingDebugged; - using DebuggerX::SetErrorModel; -}; - -class FindOEPX -{ -protected: - - static void Init() - { - return UE::FindOEPInit(); - } -}; - -class FindOEPA -{ -public: - - static bool Generically(char* szFileName, Debugger::fBreakPointCallback TraceInitCallBack, Debugger::fBreakPointCallback CallBack) - { - return UE::FindOEPGenerically(szFileName, (void*)TraceInitCallBack, (void*)CallBack); - } -}; - -class FindOEPW -{ -public: - - static bool Generically(wchar_t* szFileName, Debugger::fBreakPointCallback TraceInitCallBack, Debugger::fBreakPointCallback CallBack) - { - return UE::FindOEPGenericallyW(szFileName, (void*)TraceInitCallBack, (void*)CallBack); - } -}; - -class FindOEP : FindOEPX, FindOEPA, FindOEPW -{ -public: - - using FindOEPX::Init; - using FindOEPA::Generically; - using FindOEPW::Generically; -}; - -class ImporterA; -class ImporterW; - -class ImporterX -{ - friend class ImporterA; - friend class ImporterW; - -public: - - typedef UE::ImportEnumData ImportEnumData; - -protected: - - typedef void (TITCALL* fImportEnumCallBack)(void* ptrImportEnumData); - typedef void* (TITCALL* fImportFixCallback)(void* fIATPointer); - - static void AddNewDll(const char* szDLLName, ULONG_PTR FirstThunk) - { - UE::ImporterAddNewDll((char*)szDLLName, FirstThunk); - } - static void AddNewAPI(const char* szAPIName, ULONG_PTR ThunkValue) - { - UE::ImporterAddNewAPI((char*)szAPIName, ThunkValue); - } - static void AddNewOrdinalAPI(ULONG_PTR OrdinalNumber, ULONG_PTR ThunkValue) - { - UE::ImporterAddNewOrdinalAPI(OrdinalNumber, ThunkValue); - } - static long GetAddedDllCount() - { - return UE::ImporterGetAddedDllCount(); - } - static long GetAddedAPICount() - { - return UE::ImporterGetAddedAPICount(); - } - static bool ExportIAT(ULONG_PTR StorePlace, ULONG_PTR FileMapVA, HANDLE hFileMap) - { - return UE::ImporterExportIAT(StorePlace, FileMapVA, hFileMap); - } - static long EstimatedSize() - { - return UE::ImporterEstimatedSize(); - } - static ULONG_PTR FindAPIWriteLocation(const char* szAPIName) - { - return UE::ImporterFindAPIWriteLocation((char*)szAPIName); - } - static ULONG_PTR FindOrdinalAPIWriteLocation(ULONG_PTR OrdinalNumber) - { - return UE::ImporterFindOrdinalAPIWriteLocation(OrdinalNumber); - } - static ULONG_PTR FindAPIByWriteLocation(ULONG_PTR APIWriteLocation) - { - return UE::ImporterFindAPIByWriteLocation(APIWriteLocation); - } - static ULONG_PTR FindDLLByWriteLocation(ULONG_PTR APIWriteLocation) - { - return UE::ImporterFindDLLByWriteLocation(APIWriteLocation); - } - static const char* GetDLLName(ULONG_PTR APIAddress) - { - return (const char*)UE::ImporterGetDLLName(APIAddress); - } - static const wchar_t* GetDLLNameW(ULONG_PTR APIAddress) - { - return (const wchar_t*)UE::ImporterGetDLLNameW(APIAddress); - } - static const char* GetAPIName(ULONG_PTR APIAddress) - { - return (const char*)UE::ImporterGetAPIName(APIAddress); - } - static ULONG_PTR GetAPIOrdinalNumber(ULONG_PTR APIAddress) - { - return UE::ImporterGetAPIOrdinalNumber(APIAddress); - } - static const char* GetAPINameEx(ULONG_PTR APIAddress, const HMODULE* DLLBasesList) - { - return (const char*)UE::ImporterGetAPINameEx(APIAddress, (ULONG_PTR)DLLBasesList); - } - static ULONG_PTR GetRemoteAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress) - { - return UE::ImporterGetRemoteAPIAddress(hProcess, APIAddress); - } - static ULONG_PTR GetRemoteAPIAddressEx(const char* szDLLName, const char* szAPIName) - { - return UE::ImporterGetRemoteAPIAddressEx((char*)szDLLName, (char*)szAPIName); - } - static ULONG_PTR GetLocalAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress) - { - return UE::ImporterGetLocalAPIAddress(hProcess, APIAddress); - } - static const char* GetDLLNameFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress) - { - return (const char*)UE::ImporterGetDLLNameFromDebugee(hProcess, APIAddress); - } - static const wchar_t* GetDLLNameFromDebugeeW(HANDLE hProcess, ULONG_PTR APIAddress) - { - return (const wchar_t*)UE::ImporterGetDLLNameFromDebugeeW(hProcess, APIAddress); - } - static const char* GetAPINameFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress) - { - return (const char*)UE::ImporterGetAPINameFromDebugee(hProcess, APIAddress); - } - static ULONG_PTR GetAPIOrdinalNumberFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress) - { - return UE::ImporterGetAPIOrdinalNumberFromDebugee(hProcess, APIAddress); - } - static long GetDLLIndexEx(ULONG_PTR APIAddress, const HMODULE* DLLBasesList) - { - return UE::ImporterGetDLLIndexEx(APIAddress, (ULONG_PTR)DLLBasesList); - } - static long GetDLLIndex(HANDLE hProcess, ULONG_PTR APIAddress, const HMODULE* DLLBasesList) - { - return UE::ImporterGetDLLIndex(hProcess, APIAddress, (ULONG_PTR)DLLBasesList); - } - static ULONG_PTR GetRemoteDLLBase(HANDLE hProcess, HMODULE LocalModuleBase) - { - return UE::ImporterGetRemoteDLLBase(hProcess, LocalModuleBase); - } - static ULONG_PTR GetRemoteDLLBaseEx(HANDLE hProcess, char* szModuleName) - { - return UE::ImporterGetRemoteDLLBaseEx(hProcess, szModuleName); - } - static void* GetRemoteDLLBaseExW(HANDLE hProcess, WCHAR* szModuleName) - { - return UE::ImporterGetRemoteDLLBaseExW(hProcess, szModuleName); - } - static bool IsForwardedAPI(HANDLE hProcess, ULONG_PTR APIAddress) - { - return UE::ImporterIsForwardedAPI(hProcess, APIAddress); - } - static const char* GetForwardedAPIName(HANDLE hProcess, ULONG_PTR APIAddress) - { - return (const char*)UE::ImporterGetForwardedAPIName(hProcess, APIAddress); - } - static const char* GetForwardedDLLName(HANDLE hProcess, ULONG_PTR APIAddress) - { - return (const char*)UE::ImporterGetForwardedDLLName(hProcess, APIAddress); - } - static long GetForwardedDLLIndex(HANDLE hProcess, ULONG_PTR APIAddress, const HMODULE* DLLBasesList) - { - return UE::ImporterGetForwardedDLLIndex(hProcess, APIAddress, (ULONG_PTR)DLLBasesList); - } - static ULONG_PTR GetForwardedAPIOrdinalNumber(HANDLE hProcess, ULONG_PTR APIAddress) - { - return UE::ImporterGetForwardedAPIOrdinalNumber(hProcess, APIAddress); - } - static ULONG_PTR GetNearestAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress) - { - return UE::ImporterGetNearestAPIAddress(hProcess, APIAddress); - } - static const char* GetNearestAPIName(HANDLE hProcess, ULONG_PTR APIAddress) - { - return (const char*)UE::ImporterGetNearestAPIName(hProcess, APIAddress); - } - static void AutoSearchIATEx(DWORD ProcessId, ULONG_PTR ImageBase, ULONG_PTR SearchStart, ULONG_PTR* pIATStart, ULONG_PTR* pIATSize) - { - UE::ImporterAutoSearchIATEx(ProcessId, ImageBase, SearchStart, pIATStart, pIATSize); - } - static void EnumAddedData(fImportEnumCallBack EnumCallBack) - { - UE::ImporterEnumAddedData((void*)EnumCallBack); - } - static bool DeleteAPI(DWORD_PTR apiAddr) - { - return UE::ImporterDeleteAPI(apiAddr); - } -}; - -class ImporterA -{ -public: - - static bool ExportIATEx(const char* szDumpFileName, const char* szExportFileName, const char* szSectionName) - { - return UE::ImporterExportIATEx((char*)szDumpFileName, (char*)szExportFileName, (char*)szSectionName); - } - static bool CopyOriginalIAT(const char* szOriginalFile, const char* szDumpFile) - { - return UE::ImporterCopyOriginalIAT((char*)szOriginalFile, (char*)szDumpFile); - } - static bool LoadImportTable(const char* szFileName) - { - return UE::ImporterLoadImportTable((char*)szFileName); - } - static bool MoveOriginalIAT(const char* szOriginalFile, const char* szDumpFile, const char* szSectionName) - { - return UE::ImporterMoveOriginalIAT((char*)szOriginalFile, (char*)szDumpFile, (char*)szSectionName); - } - static void AutoSearchIAT(DWORD ProcessId, char* szFileName, ULONG_PTR SearchStart, LPVOID pIATStart, LPVOID pIATSize) - { - UE::ImporterAutoSearchIAT(ProcessId, (char*)szFileName, SearchStart, pIATStart, pIATSize); - } - static long AutoFixIATEx(DWORD ProcessId, const char* szDumpedFile, const char* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, DWORD SearchSize, DWORD SearchStep, bool TryAutoFix, bool FixEliminations, ImporterX::fImportFixCallback UnknownPointerFixCallback) - { - return UE::ImporterAutoFixIATEx(ProcessId, (char*)szDumpedFile, (char*)szSectionName, DumpRunningProcess, RealignFile, EntryPointAddress, ImageBase, SearchStart, TryAutoFix, FixEliminations, (void*)UnknownPointerFixCallback); - } - static long AutoFixIAT(DWORD ProcessId, const char* szDumpedFile, ULONG_PTR SearchStart) - { - return UE::ImporterAutoFixIAT(ProcessId, (char*)szDumpedFile, SearchStart); - } -}; - -class ImporterW -{ -public: - - static bool ExportIATEx(const wchar_t* szDumpFileName, const wchar_t* szExportFileName, const wchar_t* szSectionName) - { - return UE::ImporterExportIATExW((wchar_t*)szDumpFileName, (wchar_t*)szExportFileName, (wchar_t*)szSectionName); - } - static bool CopyOriginalIAT(const wchar_t* szOriginalFile, const wchar_t* szDumpFile) - { - return UE::ImporterCopyOriginalIATW((wchar_t*)szOriginalFile, (wchar_t*)szDumpFile); - } - static bool LoadImportTable(const wchar_t* szFileName) - { - return UE::ImporterLoadImportTableW((wchar_t*)szFileName); - } - static bool MoveOriginalIAT(const wchar_t* szOriginalFile, const wchar_t* szDumpFile, const char* szSectionName) - { - return UE::ImporterMoveOriginalIATW((wchar_t*)szOriginalFile, (wchar_t*)szDumpFile, (char*)szSectionName); - } - static void AutoSearchIAT(DWORD ProcessId, const wchar_t* szFileName, ULONG_PTR SearchStart, ULONG_PTR* pIATStart, ULONG_PTR* pIATSize) - { - UE::ImporterAutoSearchIATW(ProcessId, (wchar_t*)szFileName, SearchStart, pIATStart, pIATSize); - } - static long AutoFixIATEx(DWORD ProcessId, const wchar_t* szDumpedFile, const char* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, bool TryAutoFix, bool FixEliminations, ImporterX::fImportFixCallback UnknownPointerFixCallback) - { - return UE::ImporterAutoFixIATExW(ProcessId, (wchar_t*)szDumpedFile, (char*)szSectionName, DumpRunningProcess, RealignFile, EntryPointAddress, ImageBase, SearchStart, TryAutoFix, FixEliminations, (void*)UnknownPointerFixCallback); - } - static long AutoFixIAT(DWORD ProcessId, const wchar_t* szDumpedFile, ULONG_PTR SearchStart) - { - return UE::ImporterAutoFixIATW(ProcessId, (wchar_t*)szDumpedFile, SearchStart); - } -}; - -class Importer : public ImporterX, ImporterA, ImporterW -{ -public: - - using ImporterX::fImportEnumCallBack; - using ImporterX::fImportFixCallback; - - using ImporterX::AddNewDll; - using ImporterX::AddNewAPI; - using ImporterX::AddNewOrdinalAPI; - using ImporterX::GetAddedDllCount; - using ImporterX::GetAddedAPICount; - using ImporterX::ExportIAT; - using ImporterX::EstimatedSize; - using ImporterA::ExportIATEx; - using ImporterW::ExportIATEx; - using ImporterX::FindAPIWriteLocation; - using ImporterX::FindOrdinalAPIWriteLocation; - using ImporterX::FindAPIByWriteLocation; - using ImporterX::FindDLLByWriteLocation; - using ImporterX::GetDLLName; - using ImporterX::GetDLLNameW; - using ImporterX::GetAPIName; - using ImporterX::GetAPIOrdinalNumber; - using ImporterX::GetAPINameEx; - using ImporterX::GetRemoteAPIAddress; - using ImporterX::GetRemoteAPIAddressEx; - using ImporterX::GetLocalAPIAddress; - using ImporterX::GetDLLNameFromDebugee; - using ImporterX::GetDLLNameFromDebugeeW; - using ImporterX::GetAPINameFromDebugee; - using ImporterX::GetAPIOrdinalNumberFromDebugee; - using ImporterX::GetDLLIndexEx; - using ImporterX::GetDLLIndex; - using ImporterX::GetRemoteDLLBase; - using ImporterX::IsForwardedAPI; - using ImporterX::GetForwardedAPIName; - using ImporterX::GetForwardedDLLName; - using ImporterX::GetForwardedDLLIndex; - using ImporterX::GetForwardedAPIOrdinalNumber; - using ImporterX::GetNearestAPIAddress; - using ImporterX::GetNearestAPIName; - using ImporterA::CopyOriginalIAT; - using ImporterW::CopyOriginalIAT; - using ImporterA::LoadImportTable; - using ImporterW::LoadImportTable; - using ImporterA::MoveOriginalIAT; - using ImporterW::MoveOriginalIAT; - using ImporterA::AutoSearchIAT; - using ImporterW::AutoSearchIAT; - using ImporterX::AutoSearchIATEx; - using ImporterX::EnumAddedData; - using ImporterX::DeleteAPI; - using ImporterA::AutoFixIATEx; - using ImporterW::AutoFixIATEx; - using ImporterA::AutoFixIAT; - using ImporterW::AutoFixIAT; -}; - -// --- - -class LibrarianX -{ -protected: - - typedef void (TITCALL* fLibraryBreakPointCallback)(const LOAD_DLL_DEBUG_INFO* SpecialDBG); - - static bool SetBreakPoint(const char* szLibraryName, eLibraryEvent bpxType, bool SingleShoot, fLibraryBreakPointCallback bpxCallBack) - { - return UE::LibrarianSetBreakPoint((char*)szLibraryName, bpxType, SingleShoot, (void*)bpxCallBack); - } - static bool RemoveBreakPoint(const char* szLibraryName, eLibraryEvent bpxType) - { - return UE::LibrarianRemoveBreakPoint((char*)szLibraryName, bpxType); - } -}; - -class LibrarianA -{ -public: - - typedef UE::LIBRARY_ITEM_DATA LIBRARY_ITEM_DATA; - - typedef void (TITCALL* fLibraryEnumCallback)(const LIBRARY_ITEM_DATA* fLibraryDetail); - - static const LIBRARY_ITEM_DATA* GetLibraryInfo(const char* szLibraryName) - { - return (const LIBRARY_ITEM_DATA*)UE::LibrarianGetLibraryInfo((char*)szLibraryName); - } - static const LIBRARY_ITEM_DATA* GetLibraryInfoEx(void* BaseOfDll) - { - return (const LIBRARY_ITEM_DATA*)UE::LibrarianGetLibraryInfoEx(BaseOfDll); - } - static void EnumLibraryInfo(fLibraryEnumCallback EnumCallBack) - { - UE::LibrarianEnumLibraryInfo((void*)EnumCallBack); - } -}; - -class LibrarianW -{ -public: - - typedef UE::LIBRARY_ITEM_DATAW LIBRARY_ITEM_DATA; - - typedef void (TITCALL* fLibraryEnumCallback)(const LIBRARY_ITEM_DATA* fLibraryDetail); - - static const LIBRARY_ITEM_DATA* GetLibraryInfo(const wchar_t* szLibraryName) - { - return (const LIBRARY_ITEM_DATA*)UE::LibrarianGetLibraryInfoW((wchar_t*)szLibraryName); - } - static const LIBRARY_ITEM_DATA* GetLibraryInfoEx(void* BaseOfDll) - { - return (const LIBRARY_ITEM_DATA*)UE::LibrarianGetLibraryInfoExW(BaseOfDll); - } - static void EnumLibraryInfo(fLibraryEnumCallback EnumCallBack) - { - UE::LibrarianEnumLibraryInfoW((void*)EnumCallBack); - } -}; - -class Librarian : LibrarianX, LibrarianA, LibrarianW -{ -public: - -#ifndef UNICODE - typedef LibrarianA::LIBRARY_ITEM_DATA LIBRARY_ITEM_DATA; -#else - typedef LibrarianW::LIBRARY_ITEM_DATA LIBRARY_ITEM_DATA; -#endif - - using LibrarianX::fLibraryBreakPointCallback; -#ifndef UNICODE - typedef LibrarianA::fLibraryEnumCallback fLibraryEnumCallback; -#else - typedef LibrarianW::fLibraryEnumCallback fLibraryEnumCallback; -#endif - - using LibrarianX::SetBreakPoint; - using LibrarianX::RemoveBreakPoint; - using LibrarianA::GetLibraryInfo; - using LibrarianW::GetLibraryInfo; -#ifndef UNICODE - using LibrarianA::GetLibraryInfoEx; -#else - using LibrarianW::GetLibraryInfoEx; -#endif - using LibrarianA::EnumLibraryInfo; - using LibrarianW::EnumLibraryInfo; -}; - -class Hooks -{ -public: - - typedef UE::HOOK_ENTRY HOOK_ENTRY; - - typedef bool(TITCALL* fHookEnumCallBack)(const HOOK_ENTRY* HookDetails, void* ptrOriginalInstructions, const LibrarianA::LIBRARY_ITEM_DATA* ModuleInformation, DWORD SizeOfImage); - - static bool SafeTransitionEx(void** HookAddressArray, int NumberOfHooks, bool TransitionStart) - { - return UE::HooksSafeTransitionEx(HookAddressArray, NumberOfHooks, TransitionStart); - } - static bool SafeTransition(void* HookAddress, bool TransitionStart) - { - return UE::HooksSafeTransition(HookAddress, TransitionStart); - } - static bool IsAddressRedirected(void* HookAddress) - { - return UE::HooksIsAddressRedirected(HookAddress); - } - static void* GetTrampolineAddress(void* HookAddress) - { - return UE::HooksGetTrampolineAddress(HookAddress); - } - static HOOK_ENTRY* GetHookEntryDetails(void* HookAddress) - { - return (HOOK_ENTRY*)UE::HooksGetHookEntryDetails(HookAddress); - } - static bool InsertNewRedirection(void* HookAddress, void* RedirectTo, eHookType HookType) - { - return UE::HooksInsertNewRedirection(HookAddress, RedirectTo, HookType); - } - static bool InsertNewIATRedirectionEx(ULONG_PTR FileMapVA, ULONG_PTR LoadedModuleBase, char* szHookFunction, void* RedirectTo) - { - return UE::HooksInsertNewIATRedirectionEx(FileMapVA, LoadedModuleBase, szHookFunction, RedirectTo); - } - static bool InsertNewIATRedirection(char* szModuleName, char* szHookFunction, void* RedirectTo) - { - return UE::HooksInsertNewIATRedirection(szModuleName, szHookFunction, RedirectTo); - } - static bool RemoveRedirection(void* HookAddress, bool RemoveAll) - { - return UE::HooksRemoveRedirection(HookAddress, RemoveAll); - } - static bool RemoveRedirectionsForModule(HMODULE ModuleBase) - { - return UE::HooksRemoveRedirectionsForModule(ModuleBase); - } - static bool RemoveIATRedirection(char* szModuleName, char* szHookFunction, bool RemoveAll) - { - return UE::HooksRemoveIATRedirection(szModuleName, szHookFunction, RemoveAll); - } - static bool DisableRedirection(void* HookAddress, bool DisableAll) - { - return UE::HooksDisableRedirection(HookAddress, DisableAll); - } - static bool DisableRedirectionsForModule(HMODULE ModuleBase) - { - return UE::HooksDisableRedirectionsForModule(ModuleBase); - } - static bool DisableIATRedirection(char* szModuleName, char* szHookFunction, bool DisableAll) - { - return UE::HooksDisableIATRedirection(szModuleName, szHookFunction, DisableAll); - } - static bool EnableRedirection(void* HookAddress, bool EnableAll) - { - return UE::HooksEnableRedirection(HookAddress, EnableAll); - } - static bool EnableRedirectionsForModule(HMODULE ModuleBase) - { - return UE::HooksEnableRedirectionsForModule(ModuleBase); - } - static bool EnableIATRedirection(char* szModuleName, char* szHookFunction, bool EnableAll) - { - return UE::HooksEnableIATRedirection(szModuleName, szHookFunction, EnableAll); - } - static void ScanModuleMemory(HMODULE ModuleBase, fHookEnumCallBack CallBack) - { - UE::HooksScanModuleMemory(ModuleBase, (void*)CallBack); - } - static void ScanEntireProcessMemory(fHookEnumCallBack CallBack) - { - UE::HooksScanEntireProcessMemory((void*)CallBack); - } - static void ScanEntireProcessMemoryEx() - { - UE::HooksScanEntireProcessMemoryEx(); - } -}; - -class Tracer -{ -public: - - static void Init() - { - UE::TracerInit(); - } - static ULONG_PTR Level1(HANDLE hProcess, ULONG_PTR AddressToTrace) - { - return UE::TracerLevel1(hProcess, AddressToTrace); - } - static ULONG_PTR HashTracerLevel1(HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD InputNumberOfInstructions) - { - return UE::HashTracerLevel1(hProcess, AddressToTrace, InputNumberOfInstructions); - } - static long DetectRedirection(HANDLE hProcess, ULONG_PTR AddressToTrace) - { - return UE::TracerDetectRedirection(hProcess, AddressToTrace); - } - static ULONG_PTR FixKnownRedirection(HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD RedirectionId) - { - return UE::TracerFixKnownRedirection(hProcess, AddressToTrace, RedirectionId); - } - static ULONG_PTR FixRedirectionViaModule(HMODULE hModuleHandle, HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD IdParameter) - { - return UE::TracerFixRedirectionViaModule(hModuleHandle, hProcess, AddressToTrace, IdParameter); - } - static ULONG_PTR DetectRedirectionViaModule(HMODULE hModuleHandle, HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD* ReturnedId) - { - return UE::TracerDetectRedirectionViaModule(hModuleHandle, hProcess, AddressToTrace, ReturnedId); - } - static long FixRedirectionViaImpRecPlugin(HANDLE hProcess, const char* szPluginName, ULONG_PTR AddressToTrace) - { - return UE::TracerFixRedirectionViaImpRecPlugin(hProcess, (char*)szPluginName, AddressToTrace); - } -}; - -class ExporterX -{ -protected: - - static void Cleanup() - { - UE::ExporterCleanup(); - } - static void SetImageBase(ULONG_PTR ImageBase) - { - UE::ExporterSetImageBase(ImageBase); - } - static void Init(DWORD MemorySize, ULONG_PTR ImageBase, DWORD ExportOrdinalBase, const char* szExportModuleName) - { - UE::ExporterInit(MemorySize, ImageBase, ExportOrdinalBase, (char*)szExportModuleName); - } - static bool AddNewExport(const char* szExportName, DWORD ExportRelativeAddress) - { - return UE::ExporterAddNewExport((char*)szExportName, ExportRelativeAddress); - } - static bool AddNewOrdinalExport(DWORD OrdinalNumber, DWORD ExportRelativeAddress) - { - return UE::ExporterAddNewOrdinalExport(OrdinalNumber, ExportRelativeAddress); - } - static long GetAddedExportCount() - { - return UE::ExporterGetAddedExportCount(); - } - static long EstimatedSize() - { - return UE::ExporterEstimatedSize(); - } - static bool BuildExportTable(ULONG_PTR StorePlace, ULONG_PTR FileMapVA) - { - return UE::ExporterBuildExportTable(StorePlace, FileMapVA); - } -}; - -class ExporterA -{ -public: - - static bool BuildExportTableEx(const char* szExportFileName, const char* szSectionName) - { - return UE::ExporterBuildExportTableEx((char*)szExportFileName, (char*)szSectionName); - } - static bool LoadExportTable(const char* szFileName) - { - return UE::ExporterLoadExportTable((char*)szFileName); - } -}; - -class ExporterW -{ -public: - - static bool BuildExportTableEx(const wchar_t* szExportFileName, const char* szSectionName) - { - return UE::ExporterBuildExportTableExW((wchar_t*)szExportFileName, (char*)szSectionName); - } - static bool LoadExportTable(const wchar_t* szFileName) - { - return UE::ExporterLoadExportTableW((wchar_t*)szFileName); - } -}; - -class Exporter : ExporterX, ExporterA, ExporterW -{ -public: - - using ExporterX::Cleanup; - using ExporterX::SetImageBase; - using ExporterX::Init; - using ExporterX::AddNewExport; - using ExporterX::AddNewOrdinalExport; - using ExporterX::GetAddedExportCount; - using ExporterX::EstimatedSize; - using ExporterX::BuildExportTable; - using ExporterA::BuildExportTableEx; - using ExporterW::BuildExportTableEx; - using ExporterA::LoadExportTable; - using ExporterW::LoadExportTable; -}; - -class ProcessX -{ -protected: - - typedef void(TITCALL* fProcessWithLibraryEnumCallback)(DWORD ProcessId, HMODULE ModuleBaseAddress); - - static void EnumProcessesWithLibrary(char* szLibraryName, fProcessWithLibraryEnumCallback EnumFunction) - { - UE::EnumProcessesWithLibrary(szLibraryName, (void*)EnumFunction); - } - - static HANDLE Open(DWORD dwDesiredAccess, bool bInheritHandle, DWORD dwProcessId) - { - return UE::TitanOpenProcess(dwDesiredAccess, bInheritHandle, dwProcessId); - } -}; - -class ProcessA -{ -public: - - static long GetActiveProcessId(char* szImageName) - { - return UE::GetActiveProcessId(szImageName); - } -}; - -class ProcessW -{ -public: - - static long GetActiveProcessId(wchar_t* szImageName) - { - return UE::GetActiveProcessIdW(szImageName); - } -}; - -class Process : ProcessX, ProcessA, ProcessW -{ -public: - - using ProcessX::fProcessWithLibraryEnumCallback; - - using ProcessA::GetActiveProcessId; - using ProcessW::GetActiveProcessId; - using ProcessX::EnumProcessesWithLibrary; - using ProcessX::Open; -}; - -class TLSX -{ -protected: - - static bool BreakOnCallBack(const ULONG_PTR* ArrayOfCallBacks, DWORD NumberOfCallBacks, Debugger::fBreakPointCallback bpxCallBack) - { - return UE::TLSBreakOnCallBack((void*)ArrayOfCallBacks, NumberOfCallBacks, (void*)bpxCallBack); - } - static bool RestoreData() - { - return UE::TLSRestoreData(); - } - static bool BuildNewTable(ULONG_PTR FileMapVA, ULONG_PTR StorePlace, ULONG_PTR StorePlaceRVA, const ULONG_PTR* ArrayOfCallBacks, DWORD NumberOfCallBacks) - { - return UE::TLSBuildNewTable(FileMapVA, StorePlace, StorePlaceRVA, (void*)ArrayOfCallBacks, NumberOfCallBacks); - } -}; - -class TLSA -{ -public: - - static bool GrabCallBackData(const char* szFileName, ULONG_PTR* ArrayOfCallBacks, DWORD* NumberOfCallBacks) - { - return UE::TLSGrabCallBackData((char*)szFileName, (void*)ArrayOfCallBacks, NumberOfCallBacks); - } - static bool BreakOnCallBackEx(const char* szFileName, Debugger::fBreakPointCallback bpxCallBack) - { - return UE::TLSBreakOnCallBackEx((char*)szFileName, (void*)bpxCallBack); - } - static bool RemoveCallback(const char* szFileName) - { - return UE::TLSRemoveCallback((char*)szFileName); - } - static bool RemoveTable(const char* szFileName) - { - return UE::TLSRemoveTable((char*)szFileName); - } - static bool BackupData(const char* szFileName) - { - return UE::TLSBackupData((char*)szFileName); - } - static bool BuildNewTableEx(const char* szFileName, const char* szSectionName, const ULONG_PTR* ArrayOfCallBacks, DWORD NumberOfCallBacks) - { - return UE::TLSBuildNewTableEx((char*)szFileName, (char*)szSectionName, (void*)ArrayOfCallBacks, NumberOfCallBacks); - } -}; - -class TLSW -{ -public: - - static bool GrabCallBackData(const wchar_t* szFileName, ULONG_PTR* ArrayOfCallBacks, DWORD* NumberOfCallBacks) - { - return UE::TLSGrabCallBackDataW((wchar_t*)szFileName, (void*)ArrayOfCallBacks, NumberOfCallBacks); - } - static bool BreakOnCallBackEx(const wchar_t* szFileName, Debugger::fBreakPointCallback bpxCallBack) - { - return UE::TLSBreakOnCallBackExW((wchar_t*)szFileName, (void*)bpxCallBack); - } - static bool RemoveCallback(const wchar_t* szFileName) - { - return UE::TLSRemoveCallbackW((wchar_t*)szFileName); - } - static bool RemoveTable(const wchar_t* szFileName) - { - return UE::TLSRemoveTableW((wchar_t*)szFileName); - } - static bool BackupData(const wchar_t* szFileName) - { - return UE::TLSBackupDataW((wchar_t*)szFileName); - } - static bool BuildNewTableEx(const wchar_t* szFileName, const char* szSectionName, const ULONG_PTR* ArrayOfCallBacks, DWORD NumberOfCallBacks) - { - return UE::TLSBuildNewTableExW((wchar_t*)szFileName, (char*)szSectionName, (void*)ArrayOfCallBacks, NumberOfCallBacks); - } -}; - -class TLS : TLSX, TLSA, TLSW -{ -public: - - using TLSX::BreakOnCallBack; - using TLSA::GrabCallBackData; - using TLSW::GrabCallBackData; - using TLSA::BreakOnCallBackEx; - using TLSW::BreakOnCallBackEx; - using TLSA::RemoveCallback; - using TLSW::RemoveCallback; - using TLSA::RemoveTable; - using TLSW::RemoveTable; - using TLSA::BackupData; - using TLSW::BackupData; - using TLSX::RestoreData; - using TLSX::BuildNewTable; - using TLSA::BuildNewTableEx; - using TLSW::BuildNewTableEx; -}; - -class TranslateA -{ -public: - - static const char* NativeName(char* szNativeName) - { - return (const char*)UE::TranslateNativeName(szNativeName); - } -}; - -class TranslateW -{ -public: - - static const wchar_t* NativeName(wchar_t* szNativeName) - { - return (const wchar_t*)UE::TranslateNativeNameW(szNativeName); - } -}; - -class Translate : TranslateA, TranslateW -{ -public: - - using TranslateA::NativeName; - using TranslateW::NativeName; -}; - -class HandlerA; -class HandlerW; - -class HandlerX -{ - friend class HandlerA; - friend class HandlerW; - -protected: - - typedef UE::HandlerArray HandlerArray; - - static long GetActiveHandleCount(DWORD ProcessId) - { - return UE::HandlerGetActiveHandleCount(ProcessId); - } - static bool IsHandleOpen(DWORD ProcessId, HANDLE hHandle) - { - return UE::HandlerIsHandleOpen(ProcessId, hHandle); - } - static long EnumerateOpenHandles(DWORD ProcessId, HandlerArray* HandleBuffer, DWORD MaxHandleCount) - { - return UE::HandlerEnumerateOpenHandles(ProcessId, HandleBuffer, MaxHandleCount); - } - static ULONG_PTR GetHandleDetails(HANDLE hProcess, DWORD ProcessId, HANDLE hHandle, eHandlerReturnType InformationReturn) - { - return UE::HandlerGetHandleDetails(hProcess, ProcessId, hHandle, InformationReturn); - } - static bool CloseRemoteHandle(HANDLE hProcess, HANDLE hHandle) - { - return UE::HandlerCloseRemoteHandle(hProcess, hHandle); - } - static long EnumerateOpenMutexes(HANDLE hProcess, DWORD ProcessId, HANDLE* HandleBuffer, DWORD MaxHandleCount) - { - return UE::HandlerEnumerateOpenMutexes(hProcess, ProcessId, HandleBuffer, MaxHandleCount); - } -}; - -class HandlerA -{ -public: - - static const char* GetHandleName(HANDLE hProcess, DWORD ProcessId, HANDLE hHandle, bool TranslateName) - { - return (const char*)UE::HandlerGetHandleName(hProcess, ProcessId, hHandle, TranslateName); - } - static long EnumerateLockHandles(char* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated, HandlerX::HandlerArray* HandleDataBuffer, DWORD MaxHandleCount) - { - return UE::HandlerEnumerateLockHandles(szFileOrFolderName, NameIsFolder, NameIsTranslated, HandleDataBuffer, MaxHandleCount); - } - static bool CloseAllLockHandles(char* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated) - { - return UE::HandlerCloseAllLockHandles(szFileOrFolderName, NameIsFolder, NameIsTranslated); - } - static bool IsFileLocked(char* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated) - { - return UE::HandlerIsFileLocked(szFileOrFolderName, NameIsFolder, NameIsTranslated); - } - static ULONG_PTR GetOpenMutexHandle(HANDLE hProcess, DWORD ProcessId, char* szMutexString) - { - return UE::HandlerGetOpenMutexHandle(hProcess, ProcessId, szMutexString); - } - static long GetProcessIdWhichCreatedMutex(char* szMutexString) - { - return UE::HandlerGetProcessIdWhichCreatedMutex(szMutexString); - } -}; - -class HandlerW -{ -public: - - static const wchar_t* GetHandleName(HANDLE hProcess, DWORD ProcessId, HANDLE hHandle, bool TranslateName) - { - return (const wchar_t*)UE::HandlerGetHandleNameW(hProcess, ProcessId, hHandle, TranslateName); - } - static long EnumerateLockHandles(wchar_t* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated, HandlerX::HandlerArray* HandleDataBuffer, DWORD MaxHandleCount) - { - return UE::HandlerEnumerateLockHandlesW(szFileOrFolderName, NameIsFolder, NameIsTranslated, HandleDataBuffer, MaxHandleCount); - } - static bool CloseAllLockHandles(wchar_t* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated) - { - return UE::HandlerCloseAllLockHandlesW(szFileOrFolderName, NameIsFolder, NameIsTranslated); - } - static bool IsFileLocked(wchar_t* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated) - { - return UE::HandlerIsFileLockedW(szFileOrFolderName, NameIsFolder, NameIsTranslated); - } - static ULONG_PTR GetOpenMutexHandle(HANDLE hProcess, DWORD ProcessId, wchar_t* szMutexString) - { - return UE::HandlerGetOpenMutexHandleW(hProcess, ProcessId, szMutexString); - } - static long GetProcessIdWhichCreatedMutex(wchar_t* szMutexString) - { - return UE::HandlerGetProcessIdWhichCreatedMutexW(szMutexString); - } -}; - -class Handler : HandlerX, HandlerA, HandlerW -{ -public: - - using HandlerX::HandlerArray; - - using HandlerX::GetActiveHandleCount; - using HandlerX::IsHandleOpen; -#ifndef UNICODE - using HandlerA::GetHandleName; -#else - using HandlerW::GetHandleName; -#endif - using HandlerX::EnumerateOpenHandles; - using HandlerX::GetHandleDetails; - using HandlerX::CloseRemoteHandle; - using HandlerA::EnumerateLockHandles; - using HandlerW::EnumerateLockHandles; - using HandlerA::CloseAllLockHandles; - using HandlerW::CloseAllLockHandles; - using HandlerA::IsFileLocked; - using HandlerW::IsFileLocked; - using HandlerX::EnumerateOpenMutexes; - using HandlerA::GetOpenMutexHandle; - using HandlerW::GetOpenMutexHandle; - using HandlerA::GetProcessIdWhichCreatedMutex; - using HandlerW::GetProcessIdWhichCreatedMutex; -}; - -class RemoteX -{ -protected: - - static bool ExitProcess(HANDLE hProcess, DWORD ExitCode) - { - return UE::RemoteExitProcess(hProcess, ExitCode); - } -}; - -class RemoteA -{ -public: - - static bool LoadLibrary(HANDLE hProcess, const char* szLibraryFile, bool WaitForThreadExit) - { - return UE::RemoteLoadLibrary(hProcess, (char*)szLibraryFile, WaitForThreadExit); - } - static bool FreeLibrary(HANDLE hProcess, HMODULE hModule, const char* szLibraryFile, bool WaitForThreadExit) - { - return UE::RemoteFreeLibrary(hProcess, hModule, (char*)szLibraryFile, WaitForThreadExit); - } -}; - -class RemoteW -{ -public: - - static bool LoadLibrary(HANDLE hProcess, const wchar_t* szLibraryFile, bool WaitForThreadExit) - { - return UE::RemoteLoadLibraryW(hProcess, (wchar_t*)szLibraryFile, WaitForThreadExit); - } - static bool FreeLibrary(HANDLE hProcess, HMODULE hModule, const wchar_t* szLibraryFile, bool WaitForThreadExit) - { - return UE::RemoteFreeLibraryW(hProcess, hModule, (wchar_t*)szLibraryFile, WaitForThreadExit); - } -}; - -class Remote : RemoteX, RemoteA, RemoteW -{ -public: - - using RemoteA::LoadLibrary; - using RemoteW::LoadLibrary; - using RemoteA::FreeLibrary; - using RemoteW::FreeLibrary; - using RemoteX::ExitProcess; -}; - -class StaticX -{ -protected: - - typedef bool (__stdcall* fStaticDecryptCallback)(void* sMemoryStart, int sKeySize); - - static bool FileGetContent(HANDLE FileHandle, DWORD FilePositionLow, const DWORD* FilePositionHigh, void* Buffer, DWORD Size) - { - return UE::StaticFileGetContent(FileHandle, FilePositionLow, (DWORD*)FilePositionHigh, Buffer, Size); - } - static void FileClose(HANDLE FileHandle) - { - UE::StaticFileClose(FileHandle); - } - static void MemoryDecrypt(void* MemoryStart, DWORD MemorySize, eDecryptionType DecryptionType, eDecryptionKeySize DecryptionKeySize, ULONG_PTR DecryptionKey) - { - UE::StaticMemoryDecrypt(MemoryStart, MemorySize, DecryptionType, DecryptionKeySize, DecryptionKey); - } - static void MemoryDecryptEx(void* MemoryStart, DWORD MemorySize, eDecryptionKeySize DecryptionKeySize, fStaticDecryptCallback DecryptionCallBack) - { - UE::StaticMemoryDecryptEx(MemoryStart, MemorySize, DecryptionKeySize, (void*)DecryptionCallBack); - } - static void MemoryDecryptSpecial(void* MemoryStart, DWORD MemorySize, eDecryptionKeySize DecryptionKeySize, eDecryptionDirection SpecDecryptionType, fStaticDecryptCallback DecryptionCallBack) - { - UE::StaticMemoryDecryptSpecial(MemoryStart, MemorySize, DecryptionKeySize, SpecDecryptionType, (void*)DecryptionCallBack); - } - static void SectionDecrypt(ULONG_PTR FileMapVA, DWORD SectionNumber, bool SimulateLoad, eDecryptionType DecryptionType, eDecryptionKeySize DecryptionKeySize, ULONG_PTR DecryptionKey) - { - UE::StaticSectionDecrypt(FileMapVA, SectionNumber, SimulateLoad, DecryptionType, DecryptionKeySize, DecryptionKey); - } - static bool MemoryDecompress(const void* Source, DWORD SourceSize, void* Destination, DWORD DestinationSize, eCompressionAlgorithm Algorithm) - { - return UE::StaticMemoryDecompress((void*)Source, SourceSize, Destination, DestinationSize, Algorithm); - } - static bool HashMemory(const void* MemoryToHash, DWORD SizeOfMemory, void* HashDigest, bool OutputString, eHashAlgorithm Algorithm) - { - return UE::StaticHashMemory((void*)MemoryToHash, SizeOfMemory, HashDigest, OutputString, Algorithm); - } -}; - -class StaticA -{ -public: - - static bool FileLoad(const char* szFileName, eAccess DesiredAccess, bool SimulateLoad, HANDLE* FileHandle, DWORD* LoadedSize, HANDLE* FileMap, ULONG_PTR* FileMapVA) - { - return UE::StaticFileLoad((char*)szFileName, DesiredAccess, SimulateLoad, FileHandle, LoadedSize, FileMap, FileMapVA); - } - static bool FileUnload(const char* szFileName, bool CommitChanges, HANDLE FileHandle, DWORD LoadedSize, HANDLE FileMap, ULONG_PTR FileMapVA) - { - return UE::StaticFileUnload((char*)szFileName, CommitChanges, FileHandle, LoadedSize, FileMap, FileMapVA); - } - static bool FileOpen(const char* szFileName, DWORD DesiredAccess, HANDLE* FileHandle, DWORD* FileSizeLow, DWORD* FileSizeHigh) - { - return UE::StaticFileOpen((char*)szFileName, DesiredAccess, FileHandle, FileSizeLow, FileSizeHigh); - } - static bool RawMemoryCopy(HANDLE hFile, ULONG_PTR FileMapVA, ULONG_PTR VitualAddressToCopy, DWORD Size, bool AddressIsRVA, const char* szDumpFileName) - { - return UE::StaticRawMemoryCopy(hFile, FileMapVA, VitualAddressToCopy, Size, AddressIsRVA, (char*)szDumpFileName); - } - static bool RawMemoryCopyEx(HANDLE hFile, DWORD RawAddressToCopy, DWORD Size, const char* szDumpFileName) - { - return UE::StaticRawMemoryCopyEx(hFile, RawAddressToCopy, Size, (char*)szDumpFileName); - } - static bool RawMemoryCopyEx64(HANDLE hFile, DWORD64 RawAddressToCopy, DWORD64 Size, const char* szDumpFileName) - { - return UE::StaticRawMemoryCopyEx64(hFile, RawAddressToCopy, Size, (char*)szDumpFileName); - } - static bool HashFile(const char* szFileName, void* HashDigest, bool OutputString, eHashAlgorithm Algorithm) - { - return UE::StaticHashFile((char*)szFileName, (char*)HashDigest, OutputString, Algorithm); - } -}; - -class StaticW -{ -public: - - static bool FileLoad(const wchar_t* szFileName, eAccess DesiredAccess, bool SimulateLoad, HANDLE* FileHandle, DWORD* LoadedSize, HANDLE* FileMap, ULONG_PTR* FileMapVA) - { - return UE::StaticFileLoadW((wchar_t*)szFileName, DesiredAccess, SimulateLoad, FileHandle, LoadedSize, FileMap, FileMapVA); - } - static bool FileUnload(const wchar_t* szFileName, bool CommitChanges, HANDLE FileHandle, DWORD LoadedSize, HANDLE FileMap, ULONG_PTR FileMapVA) - { - return UE::StaticFileUnloadW((wchar_t*)szFileName, CommitChanges, FileHandle, LoadedSize, FileMap, FileMapVA); - } - static bool FileOpen(const wchar_t* szFileName, DWORD DesiredAccess, HANDLE* FileHandle, DWORD* FileSizeLow, DWORD* FileSizeHigh) - { - return UE::StaticFileOpenW((wchar_t*)szFileName, DesiredAccess, FileHandle, FileSizeLow, FileSizeHigh); - } - static bool RawMemoryCopy(HANDLE hFile, ULONG_PTR FileMapVA, ULONG_PTR VitualAddressToCopy, DWORD Size, bool AddressIsRVA, const wchar_t* szDumpFileName) - { - return UE::StaticRawMemoryCopyW(hFile, FileMapVA, VitualAddressToCopy, Size, AddressIsRVA, (wchar_t*)szDumpFileName); - } - static bool RawMemoryCopyEx(HANDLE hFile, DWORD RawAddressToCopy, DWORD Size, const wchar_t* szDumpFileName) - { - return UE::StaticRawMemoryCopyExW(hFile, RawAddressToCopy, Size, (wchar_t*)szDumpFileName); - } - static bool RawMemoryCopyEx64(HANDLE hFile, DWORD64 RawAddressToCopy, DWORD64 Size, const wchar_t* szDumpFileName) - { - return UE::StaticRawMemoryCopyEx64W(hFile, RawAddressToCopy, Size, (wchar_t*)szDumpFileName); - } - static bool HashFile(const wchar_t* szFileName, void* HashDigest, bool OutputString, eHashAlgorithm Algorithm) - { - return UE::StaticHashFileW((wchar_t*)szFileName, (char*)HashDigest, OutputString, Algorithm); - } -}; - -class Static : StaticX, StaticA, StaticW -{ -public: - - using StaticX::fStaticDecryptCallback; - - using StaticA::FileLoad; - using StaticW::FileLoad; - using StaticA::FileUnload; - using StaticW::FileUnload; - using StaticA::FileOpen; - using StaticW::FileOpen; - using StaticX::FileGetContent; - using StaticX::FileClose; - using StaticX::MemoryDecrypt; - using StaticX::MemoryDecryptEx; - using StaticX::MemoryDecryptSpecial; - using StaticX::SectionDecrypt; - using StaticX::MemoryDecompress; - using StaticA::RawMemoryCopy; - using StaticW::RawMemoryCopy; - using StaticA::RawMemoryCopyEx; - using StaticW::RawMemoryCopyEx; - using StaticA::RawMemoryCopyEx64; - using StaticW::RawMemoryCopyEx64; - using StaticX::HashMemory; - using StaticA::HashFile; - using StaticW::HashFile; -}; - -class EngineX -{ -protected: - - static void SetEngineVariable(eEngineVariable VariableId, bool VariableSet) - { - UE::SetEngineVariable(VariableId, VariableSet); - } - static bool FakeMissingDependencies(HANDLE hProcess) - { - return UE::EngineFakeMissingDependencies(hProcess); - } - static bool DeleteCreatedDependencies() - { - return UE::EngineDeleteCreatedDependencies(); - } - static bool CreateUnpackerWindow(char* WindowUnpackerTitle, char* WindowUnpackerLongTitle, char* WindowUnpackerName, char* WindowUnpackerAuthor, void* StartUnpackingCallBack) - { - return UE::EngineCreateUnpackerWindow(WindowUnpackerTitle, WindowUnpackerLongTitle, WindowUnpackerName, WindowUnpackerAuthor, StartUnpackingCallBack); - } - static void AddUnpackerWindowLogMessage(char* szLogMessage) - { - return UE::EngineAddUnpackerWindowLogMessage(szLogMessage); - } - static bool EngineCheckStructAlignment(DWORD StructureType, ULONG_PTR StructureSize) - { - return UE::EngineCheckStructAlignment(StructureType, StructureSize); - } -}; - -class EngineA -{ -public: - - static bool CreateMissingDependencies(char* szFileName, char* szOutputFolder, bool LogCreatedFiles) - { - return UE::EngineCreateMissingDependencies(szFileName, szOutputFolder, LogCreatedFiles); - } -}; - -class EngineW -{ -public: - - static bool CreateMissingDependencies(wchar_t* szFileName, wchar_t* szOutputFolder, bool LogCreatedFiles) - { - return UE::EngineCreateMissingDependenciesW(szFileName, szOutputFolder, LogCreatedFiles); - } -}; - -class Engine : EngineX, EngineA, EngineW -{ -public: - - using EngineX::SetEngineVariable; - using EngineA::CreateMissingDependencies; - using EngineW::CreateMissingDependencies; - using EngineX::FakeMissingDependencies; - using EngineX::DeleteCreatedDependencies; - using EngineX::CreateUnpackerWindow; - using EngineX::AddUnpackerWindowLogMessage; - using EngineX::EngineCheckStructAlignment; -}; - -class ExtensionManager -{ -public: - - typedef UE::PluginInformation PluginInformation; - - static bool IsPluginLoaded(char* szPluginName) - { - return UE::ExtensionManagerIsPluginLoaded(szPluginName); - } - static bool IsPluginEnabled(char* szPluginName) - { - return UE::ExtensionManagerIsPluginEnabled(szPluginName); - } - static bool DisableAllPlugins() - { - return UE::ExtensionManagerDisableAllPlugins(); - } - static bool DisablePlugin(char* szPluginName) - { - return UE::ExtensionManagerDisablePlugin(szPluginName); - } - static bool EnableAllPlugins() - { - return UE::ExtensionManagerEnableAllPlugins(); - } - static bool EnablePlugin(char* szPluginName) - { - return UE::ExtensionManagerEnablePlugin(szPluginName); - } - static bool UnloadAllPlugins() - { - return UE::ExtensionManagerUnloadAllPlugins(); - } - static bool UnloadPlugin(char* szPluginName) - { - return UE::ExtensionManagerUnloadPlugin(szPluginName); - } - static PluginInformation* GetPluginInfo(char* szPluginName) - { - return (PluginInformation*)UE::ExtensionManagerGetPluginInfo(szPluginName); - } -}; - -} /* namespace TE */ - -#endif /*TITANENGINE_CPP*/ diff --git a/SDK/Delphi/TitanEngine.pas b/SDK/Delphi/TitanEngine.pas deleted file mode 100644 index 7378b41..0000000 --- a/SDK/Delphi/TitanEngine.pas +++ /dev/null @@ -1,739 +0,0 @@ -unit TitanEngine; - -interface - -{TitanEngine Delphi SDK - 2.0.3} -{http://www.reversinglabs.com/} -{Types} -type - PE32Structure = ^PE_32_STRUCT; - PE_32_STRUCT = packed record - PE32Offset : LongInt; - ImageBase : LongInt; - OriginalEntryPoint : LongInt; - NtSizeOfImage : LongInt; - NtSizeOfHeaders : LongInt; - SizeOfOptionalHeaders : SmallInt; - FileAlignment : LongInt; - SectionAligment : LongInt; - ImportTableAddress : LongInt; - ImportTableSize : LongInt; - ResourceTableAddress : LongInt; - ResourceTableSize : LongInt; - ExportTableAddress : LongInt; - ExportTableSize : LongInt; - TLSTableAddress : LongInt; - TLSTableSize : LongInt; - RelocationTableAddress : LongInt; - RelocationTableSize : LongInt; - TimeDateStamp : LongInt; - SectionNumber : SmallInt; - CheckSum : LongInt; - SubSystem : SmallInt; - Characteristics : SmallInt; - NumberOfRvaAndSizes : LongInt; - end; - - FileStatusInfo = ^FILE_STATUS_INFO; - FILE_STATUS_INFO = packed record - OveralEvaluation : BYTE; - EvaluationTerminatedByException : boolean; - FileIs64Bit : boolean; - FileIsDLL : boolean; - FileIsConsole : boolean; - MissingDependencies : boolean; - MissingDeclaredAPIs : boolean; - SignatureMZ : BYTE; - SignaturePE : BYTE; - EntryPoint : BYTE; - ImageBase : BYTE; - SizeOfImage : BYTE; - FileAlignment : BYTE; - SectionAlignment : BYTE; - ExportTable : BYTE; - RelocationTable : BYTE; - ImportTable : BYTE; - ImportTableSection : BYTE; - ImportTableData : BYTE; - IATTable : BYTE; - TLSTable : BYTE; - LoadConfigTable : BYTE; - BoundImportTable : BYTE; - COMHeaderTable : BYTE; - ResourceTable : BYTE; - ResourceData : BYTE; - SectionTable : BYTE; - end; - - FileFixInfo = ^FILE_FIX_INFO; - FILE_FIX_INFO = packed record - OveralEvaluation : BYTE; - FixingTerminatedByException : boolean; - FileFixPerformed : boolean; - StrippedRelocation : boolean; - DontFixRelocations : boolean; - OriginalRelocationTableAddress : LongInt; - OriginalRelocationTableSize : LongInt; - StrippedExports : boolean; - DontFixExports : boolean; - OriginalExportTableAddress : LongInt; - OriginalExportTableSize : LongInt; - StrippedResources : boolean; - DontFixResources : boolean; - OriginalResourceTableAddress : LongInt; - OriginalResourceTableSize : LongInt; - StrippedTLS : boolean; - DontFixTLS : boolean; - OriginalTLSTableAddress : LongInt; - OriginalTLSTableSize : LongInt; - StrippedLoadConfig : boolean; - DontFixLoadConfig : boolean; - OriginalLoadConfigTableAddress : LongInt; - OriginalLoadConfigTableSize : LongInt; - StrippedBoundImports : boolean; - DontFixBoundImports : boolean; - OriginalBoundImportTableAddress : LongInt; - OriginalBoundImportTableSize : LongInt; - StrippedIAT : boolean; - DontFixIAT : boolean; - OriginalImportAddressTableAddress : LongInt; - OriginalImportAddressTableSize : LongInt; - StrippedCOM : boolean; - DontFixCOM : boolean; - OriginalCOMTableAddress : LongInt; - OriginalCOMTableSize : LongInt; - end; - - ImportEnumData = ^IMPORT_ENUM_DATA; - IMPORT_ENUM_DATA = packed record - NewDll : boolean; - NumberOfImports : LongInt; - ImageBase : LongInt; - BaseImportThunk : LongInt; - ImportThunk : LongInt; - APIName : PAnsiChar; - DLLName : PAnsiChar; - end; - - ThreadItemData = ^THREAD_ITEM_DATA; - THREAD_ITEM_DATA = packed record - hThread : THandle; - dwThreadId : LongInt; - ThreadStartAddress : LongInt; - ThreadLocalBase : LongInt; - end; - - LibraryItemData = ^LIBRARY_ITEM_DATA; - LIBRARY_ITEM_DATA = packed record - hFile : THandle; - BaseOfDll : Pointer; - hFileMapping : THandle; - hFileMappingView : Pointer; - szLibraryPath:array[1..260] of AnsiChar; - szLibraryName:array[1..260] of AnsiChar; - end; - - ProcessItemData = ^PROCESS_ITEM_DATA; - PROCESS_ITEM_DATA = packed record - hProcess : THandle; - dwProcessId : LongInt; - hThread : THandle; - dwThreadId : LongInt; - hFile : THandle; - BaseOfImage : Pointer; - ThreadStartAddress : Pointer; - ThreadLocalBase : Pointer; - end; - - HandlerArray = ^HANDLER_ARRAY; - HANDLER_ARRAY = packed record - ProcessId : LongInt; - hHandle : THandle; - end; - - HookEntry = ^HOOK_ENTRY; - HOOK_ENTRY = packed record - IATHook : boolean; - HookType : BYTE; - HookSize : LongInt; - HookAddress : Pointer; - RedirectionAddress : Pointer; - HookBytes:array[1..14] of BYTE; - OriginalBytes:array[1..14] of BYTE; - IATHookModuleBase : Pointer; - IATHookNameHash : LongInt; - HookIsEnabled : boolean; - HookIsRemote : boolean; - PatchedEntry : Pointer; - RelocationInfo:array[1..7] of LongInt; - RelocationCount : LongInt; - end; - - PluginInformation = ^PLUGIN_INFORMATION; - PLUGIN_INFORMATION = packed record - PluginName:array[1..64] of AnsiChar; - PluginMajorVersion : LongInt; - PluginMinorVersion : LongInt; - PluginBaseAddress : LongInt; - TitanDebuggingCallBack : Pointer; - TitanRegisterPlugin : Pointer; - TitanReleasePlugin : Pointer; - TitanResetPlugin : Pointer; - PluginDisabled : boolean; - end; -const -{Registers} - UE_EAX = 1; - UE_EBX = 2; - UE_ECX = 3; - UE_EDX = 4; - UE_EDI = 5; - UE_ESI = 6; - UE_EBP = 7; - UE_ESP = 8; - UE_EIP = 9; - UE_EFLAGS = 10; - UE_DR0 = 11; - UE_DR1 = 12; - UE_DR2 = 13; - UE_DR3 = 14; - UE_DR6 = 15; - UE_DR7 = 16; - UE_CIP = 35; - UE_CSP = 36; - UE_SEG_GS = 37; - UE_SEG_FS = 38; - UE_SEG_ES = 39; - UE_SEG_DS = 40; - UE_SEG_CS = 41; - UE_SEG_SS = 42; -{Constants} - UE_PE_OFFSET = 0; - UE_IMAGEBASE = 1; - UE_OEP = 2; - UE_SIZEOFIMAGE = 3; - UE_SIZEOFHEADERS = 4; - UE_SIZEOFOPTIONALHEADER = 5; - UE_SECTIONALIGNMENT = 6; - UE_IMPORTTABLEADDRESS = 7; - UE_IMPORTTABLESIZE = 8; - UE_RESOURCETABLEADDRESS = 9; - UE_RESOURCETABLESIZE = 10; - UE_EXPORTTABLEADDRESS = 11; - UE_EXPORTTABLESIZE = 12; - UE_TLSTABLEADDRESS = 13; - UE_TLSTABLESIZE = 14; - UE_RELOCATIONTABLEADDRESS = 15; - UE_RELOCATIONTABLESIZE = 16; - UE_TIMEDATESTAMP = 17; - UE_SECTIONNUMBER = 18; - UE_CHECKSUM = 19; - UE_SUBSYSTEM = 20; - UE_CHARACTERISTICS = 21; - UE_NUMBEROFRVAANDSIZES = 22; - UE_SECTIONNAME = 23; - UE_SECTIONVIRTUALOFFSET = 24; - UE_SECTIONVIRTUALSIZE = 25; - UE_SECTIONRAWOFFSET = 26; - UE_SECTIONRAWSIZE = 27; - UE_SECTIONFLAGS = 28; - - UE_CH_BREAKPOINT = 1; - UE_CH_SINGLESTEP = 2; - UE_CH_ACCESSVIOLATION = 3; - UE_CH_ILLEGALINSTRUCTION = 4; - UE_CH_NONCONTINUABLEEXCEPTION = 5; - UE_CH_ARRAYBOUNDSEXCEPTION = 6; - UE_CH_FLOATDENORMALOPERAND = 7; - UE_CH_FLOATDEVIDEBYZERO = 8; - UE_CH_INTEGERDEVIDEBYZERO = 9; - UE_CH_INTEGEROVERFLOW = 10; - UE_CH_PRIVILEGEDINSTRUCTION = 11; - UE_CH_PAGEGUARD = 12; - UE_CH_EVERYTHINGELSE = 13; - UE_CH_CREATETHREAD = 14; - UE_CH_EXITTHREAD = 15; - UE_CH_CREATEPROCESS = 16; - UE_CH_EXITPROCESS = 17; - UE_CH_LOADDLL = 18; - UE_CH_UNLOADDLL = 19; - UE_CH_OUTPUTDEBUGSTRING = 20; - UE_CH_AFTEREXCEPTIONPROCESSING = 21; - UE_CH_SYSTEMBREAKPOINT = 23; - UE_CH_UNHANDLEDEXCEPTION = 24; - UE_CH_RIPEVENT = 25; - UE_CH_DEBUGEVENT = 26; - - UE_FUNCTION_STDCALL = 1; - UE_FUNCTION_CCALL = 2; - UE_FUNCTION_FASTCALL = 3; - UE_FUNCTION_STDCALL_RET = 4; - UE_FUNCTION_CCALL_RET = 5; - UE_FUNCTION_FASTCALL_RET = 6; - UE_FUNCTION_STDCALL_CALL = 7; - UE_FUNCTION_CCALL_CALL = 8; - UE_FUNCTION_FASTCALL_CALL = 9; - UE_PARAMETER_BYTE = 0; - UE_PARAMETER_WORD = 1; - UE_PARAMETER_DWORD = 2; - UE_PARAMETER_QWORD = 3; - UE_PARAMETER_PTR_BYTE = 4; - UE_PARAMETER_PTR_WORD = 5; - UE_PARAMETER_PTR_DWORD = 6; - UE_PARAMETER_PTR_QWORD = 7; - UE_PARAMETER_STRING = 8; - UE_PARAMETER_UNICODE = 9; - - UE_BREAKPOINT_INT3 = 1; - UE_BREAKPOINT_LONG_INT3 = 2; - UE_BREAKPOINT_UD2 = 3; - - UE_BPXREMOVED = 0; - UE_BPXACTIVE = 1; - UE_BPXINACTIVE = 2; - - UE_BREAKPOINT = 0; - UE_SINGLESHOOT = 1; - UE_HARDWARE = 2; - UE_MEMORY = 3; - UE_MEMORY_READ = 4; - UE_MEMORY_WRITE = 5; - UE_MEMORY_EXECUTE = 6; - UE_BREAKPOINT_TYPE_INT3 = $10000000; - UE_BREAKPOINT_TYPE_LONG_INT3 = $20000000; - UE_BREAKPOINT_TYPE_UD2 = $30000000; - - UE_HARDWARE_EXECUTE = 4; - UE_HARDWARE_WRITE = 5; - UE_HARDWARE_READWRITE = 6; - - UE_HARDWARE_SIZE_1 = 7; - UE_HARDWARE_SIZE_2 = 8; - UE_HARDWARE_SIZE_4 = 9; - - UE_ON_LIB_LOAD = 1; - UE_ON_LIB_UNLOAD = 2; - UE_ON_LIB_ALL = 3; - - UE_APISTART = 0; - UE_APIEND = 1; - - UE_PLATFORM_x86 = 1; - UE_PLATFORM_x64 = 2; - UE_PLATFORM_ALL = 3; - - UE_ACCESS_READ = 0; - UE_ACCESS_WRITE = 1; - UE_ACCESS_ALL = 2; - - UE_HIDE_BASIC = 1; - - UE_ENGINE_ALOW_MODULE_LOADING = 1; - UE_ENGINE_AUTOFIX_FORWARDERS = 2; - UE_ENGINE_PASS_ALL_EXCEPTIONS = 3; - UE_ENGINE_NO_CONSOLE_WINDOW = 4; - UE_ENGINE_BACKUP_FOR_CRITICAL_FUNCTIONS = 5; - UE_ENGINE_CALL_PLUGIN_CALLBACK = 6; - UE_ENGINE_RESET_CUSTOM_HANDLER = 7; - UE_ENGINE_CALL_PLUGIN_DEBUG_CALLBACK = 8; - UE_ENGINE_SET_DEBUG_PRIVILEGE = 9; - UE_ENGINE_SAFE_ATTACH = 10; - - UE_OPTION_REMOVEALL = 1; - UE_OPTION_DISABLEALL = 2; - UE_OPTION_REMOVEALLDISABLED = 3; - UE_OPTION_REMOVEALLENABLED = 4; - - UE_STATIC_DECRYPTOR_XOR = 1; - UE_STATIC_DECRYPTOR_SUB = 2; - UE_STATIC_DECRYPTOR_ADD = 3; - - UE_STATIC_DECRYPTOR_FOREWARD = 1; - UE_STATIC_DECRYPTOR_BACKWARD = 2; - - UE_STATIC_KEY_SIZE_1 = 1; - UE_STATIC_KEY_SIZE_2 = 2; - UE_STATIC_KEY_SIZE_4 = 4; - UE_STATIC_KEY_SIZE_8 = 8; - - UE_STATIC_APLIB = 1; - UE_STATIC_APLIB_DEPACK = 2; - UE_STATIC_LZMA = 3; - - UE_STATIC_HASH_MD5 = 1; - UE_STATIC_HASH_SHA1 = 2; - UE_STATIC_HASH_CRC32 = 3; - - UE_RESOURCE_LANGUAGE_ANY = -1; - - UE_DEPTH_SURFACE = 0; - UE_DEPTH_DEEP = 1; - - UE_UNPACKER_CONDITION_SEARCH_FROM_EP = 1; - - UE_UNPACKER_CONDITION_LOADLIBRARY = 1; - UE_UNPACKER_CONDITION_GETPROCADDRESS = 2; - UE_UNPACKER_CONDITION_ENTRYPOINTBREAK = 3; - UE_UNPACKER_CONDITION_RELOCSNAPSHOT1 = 4; - UE_UNPACKER_CONDITION_RELOCSNAPSHOT2 = 5; - - UE_FIELD_OK = 0; - UE_FIELD_BROKEN_NON_FIXABLE = 1; - UE_FIELD_BROKEN_NON_CRITICAL = 2; - UE_FIELD_BROKEN_FIXABLE_FOR_STATIC_USE = 3; - UE_FIELD_BROKEN_BUT_CAN_BE_EMULATED = 4; - UE_FIELD_FIXABLE_NON_CRITICAL = 5; - UE_FILED_FIXABLE_CRITICAL = 6; - UE_FIELD_NOT_PRESET = 7; - UE_FIELD_NOT_PRESET_WARNING = 8; - - UE_RESULT_FILE_OK = 10; - UE_RESULT_FILE_INVALID_BUT_FIXABLE = 11; - UE_RESULT_FILE_INVALID_AND_NON_FIXABLE = 12; - UE_RESULT_FILE_INVALID_FORMAT = 13; - - UE_PLUGIN_CALL_REASON_PREDEBUG = 1; - UE_PLUGIN_CALL_REASON_EXCEPTION = 2; - UE_PLUGIN_CALL_REASON_POSTDEBUG = 3; - - TEE_HOOK_NRM_JUMP = 1; - TEE_HOOK_NRM_CALL = 3; - TEE_HOOK_IAT = 5; - -{TitanEngine.Dumper.functions} - function DumpProcess(hProcess:THandle; ImageBase:LongInt; szDumpFileName:PAnsiChar; EntryPoint:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'DumpProcess'; - function DumpProcessEx(ProcessId:LongInt; ImageBase:LongInt; szDumpFileName:PAnsiChar; EntryPoint:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'DumpProcessEx'; - function DumpMemory(hProcess:THandle; MemoryStart,MemorySize:LongInt; szDumpFileName:PAnsiChar):boolean; stdcall; external 'TitanEngine.dll' name 'DumpMemory'; - function DumpMemoryEx(ProcessId:LongInt; MemoryStart,MemorySize:LongInt; szDumpFileName:PAnsiChar):boolean; stdcall; external 'TitanEngine.dll' name 'DumpMemoryEx'; - function DumpRegions(hProcess:THandle; szDumpFolder:PAnsiChar; DumpAboveImageBaseOnly:boolean):boolean; stdcall; external 'TitanEngine.dll' name 'DumpRegions'; - function DumpRegionsEx(ProcessId:LongInt; szDumpFolder:PAnsiChar; DumpAboveImageBaseOnly:boolean):boolean; stdcall; external 'TitanEngine.dll' name 'DumpRegionsEx'; - function DumpModule(hProcess:THandle; ModuleBase:LongInt; szDumpFileName:PAnsiChar):boolean; stdcall; external 'TitanEngine.dll' name 'DumpModule'; - function DumpModuleEx(ProcessId:LongInt; ModuleBase:LongInt; szDumpFileName:PAnsiChar):boolean; stdcall; external 'TitanEngine.dll' name 'DumpModuleEx'; - function PastePEHeader(hProcess:THandle; ImageBase:LongInt; szDebuggedFileName:PAnsiChar):boolean; stdcall; external 'TitanEngine.dll' name 'PastePEHeader'; - function ExtractSection(szFileName,szDumpFileName:PAnsiChar; SectionNumber:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'ExtractSection'; - function ResortFileSections(szFileName:PAnsiChar):boolean; stdcall; external 'TitanEngine.dll' name 'ResortFileSections'; - function FindOverlay(szFileName:PAnsiChar; OverlayStart,OverlaySize:Pointer):boolean; stdcall; external 'TitanEngine.dll' name 'FindOverlay'; - function ExtractOverlay(szFileName,szExtactedFileName:PAnsiChar):boolean; stdcall; external 'TitanEngine.dll' name 'ExtractOverlay'; - function AddOverlay(szFileName,szOverlayFileName:PAnsiChar):boolean; stdcall; external 'TitanEngine.dll' name 'AddOverlay'; - function CopyOverlay(szInFileName,szOutFileName:PAnsiChar):boolean; stdcall; external 'TitanEngine.dll' name 'CopyOverlay'; - function RemoveOverlay(szFileName:PAnsiChar):boolean; stdcall; external 'TitanEngine.dll' name 'RemoveOverlay'; - function MakeAllSectionsRWE(szFileName:PAnsiChar):boolean; stdcall; external 'TitanEngine.dll' name 'MakeAllSectionsRWE'; - function AddNewSectionEx(szFileName,szSectionName:PAnsiChar; SectionSize,SectionAttributes:LongInt; SectionContent:Pointer; ContentSize:LongInt):LongInt; stdcall; external 'TitanEngine.dll' name 'AddNewSectionEx'; - function AddNewSection(szFileName,szSectionName:PAnsiChar; SectionSize:LongInt):LongInt; stdcall; external 'TitanEngine.dll' name 'AddNewSection'; - function ResizeLastSection(szFileName:PAnsiChar; NumberOfExpandBytes:LongInt; AlignResizeData:boolean):boolean; stdcall; external 'TitanEngine.dll' name 'ResizeLastSection'; - procedure SetSharedOverlay(szFileName:PAnsiChar); stdcall; external 'TitanEngine.dll' name 'SetSharedOverlay'; - function GetSharedOverlay():PAnsiChar; stdcall; external 'TitanEngine.dll' name 'GetSharedOverlay'; - function DeleteLastSection(szFileName:PAnsiChar):boolean; stdcall; external 'TitanEngine.dll' name 'DeleteLastSection'; - function DeleteLastSectionEx(szFileName:PAnsiChar; NumberOfSections:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'DeleteLastSectionEx'; - function GetPE32DataFromMappedFile(FileMapVA,WhichSection,WhichData:LongInt):LongInt; stdcall; external 'TitanEngine.dll' name 'GetPE32DataFromMappedFile'; - function GetPE32Data(szFileName:PAnsiChar; WhichSection,WhichData:LongInt):LongInt; stdcall; external 'TitanEngine.dll' name 'GetPE32Data'; - function GetPE32DataFromMappedFileEx(FileMapVA:LongInt; DataStorage:Pointer):boolean; stdcall; external 'TitanEngine.dll' name 'GetPE32DataFromMappedFileEx'; - function GetPE32DataEx(szFileName:PAnsiChar; DataStorage:Pointer):boolean; stdcall; external 'TitanEngine.dll' name 'GetPE32DataEx'; - function SetPE32DataForMappedFile(FileMapVA,WhichSection,WhichData,NewDataValue:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'SetPE32DataForMappedFile'; - function SetPE32Data(szFileName:PAnsiChar; WhichSection,WhichData,NewDataValue:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'SetPE32Data'; - function SetPE32DataForMappedFileEx(szFileName:PAnsiChar; DataStorage:Pointer):boolean; stdcall; external 'TitanEngine.dll' name 'SetPE32DataForMappedFileEx'; - function SetPE32DataEx(szFileName:PAnsiChar; DataStorage:Pointer):boolean; stdcall; external 'TitanEngine.dll' name 'SetPE32DataEx'; - function GetPE32SectionNumberFromVA(FileMapVA,AddressToConvert:LongInt):LongInt; stdcall; external 'TitanEngine.dll' name 'GetPE32SectionNumberFromVA'; - function ConvertVAtoFileOffset(FileMapVA,AddressToConvert:LongInt; ReturnType:boolean):LongInt; stdcall; external 'TitanEngine.dll' name 'ConvertVAtoFileOffset'; - function ConvertVAtoFileOffsetEx(FileMapVA,FileSize,ImageBase,AddressToConvert:LongInt; AddressIsRVA,ReturnType:boolean):LongInt; stdcall; external 'TitanEngine.dll' name 'ConvertVAtoFileOffsetEx'; - function ConvertFileOffsetToVA(FileMapVA,AddressToConvert:LongInt; ReturnType:boolean):LongInt; stdcall; external 'TitanEngine.dll' name 'ConvertFileOffsetToVA'; - function ConvertFileOffsetToVAEx(FileMapVA,FileSize,ImageBase,AddressToConvert:LongInt; ReturnType:boolean):LongInt; stdcall; external 'TitanEngine.dll' name 'ConvertFileOffsetToVAEx'; -{TitanEngine.Realigner.functions} - function FixHeaderCheckSum(szFileName:PAnsiChar):boolean; stdcall; external 'TitanEngine.dll' name 'FixHeaderCheckSum'; - function RealignPE(FileMapVA,FileSize,RealingMode:LongInt):LongInt; stdcall; external 'TitanEngine.dll' name 'RealignPE'; - function RealignPEEx(szFileName:PAnsiChar; RealingFileSize,ForcedFileAlignment:LongInt):LongInt; stdcall; external 'TitanEngine.dll' name 'RealignPEEx'; - function WipeSection(szFileName:PAnsiChar; WipeSectionNumber:LongInt; RemovePhysically:boolean):boolean; stdcall; external 'TitanEngine.dll' name 'WipeSection'; - function IsPE32FileValidEx(szFileName:PAnsiChar; CheckDepth:LongInt; FileStatusInfo:Pointer):boolean; stdcall; external 'TitanEngine.dll' name 'IsPE32FileValidEx'; - function FixBrokenPE32FileEx(szFileName:PAnsiChar; FileStatusInfo,FileFixInfo:Pointer):boolean; stdcall; external 'TitanEngine.dll' name 'FixBrokenPE32FileEx'; - function IsFileDLL(szFileName:PAnsiChar; FileMapVA:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'IsFileDLL'; -{TitanEngine.Hider.functions} - function GetPEBLocation(hProcess:THandle):LongInt; stdcall; external 'TitanEngine.dll' name 'GetPEBLocation'; - function GetPEBLocation64(hProcess:THandle):LongInt; stdcall; external 'TitanEngine.dll' name 'GetPEBLocation64'; - function HideDebugger(hProcess:THandle; PatchAPILevel:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'HideDebugger'; - function UnHideDebugger(hProcess:THandle; PatchAPILevel:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'UnHideDebugger'; -{TitanEngine.Relocater.functions} - procedure RelocaterCleanup(); stdcall; external 'TitanEngine.dll' name 'RelocaterCleanup'; - procedure RelocaterInit(MemorySize,OldImageBase,NewImageBase:LongInt); stdcall; external 'TitanEngine.dll' name 'RelocaterInit'; - procedure RelocaterAddNewRelocation(hProcess:THandle; RelocateAddress,RelocateState:LongInt); stdcall; external 'TitanEngine.dll' name 'RelocaterAddNewRelocation'; - function RelocaterEstimatedSize():LongInt; stdcall; external 'TitanEngine.dll' name 'RelocaterEstimatedSize'; - function RelocaterExportRelocation(StorePlace,StorePlaceRVA,FileMapVA:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'RelocaterExportRelocation'; - function RelocaterExportRelocationEx(szFileName,szSectionName:PAnsiChar; StorePlace,StorePlaceRVA:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'RelocaterExportRelocationEx'; - function RelocaterGrabRelocationTable(hProcess:THandle; MemoryStart,MemorySize:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'RelocaterGrabRelocationTable'; - function RelocaterGrabRelocationTableEx(hProcess:THandle; MemoryStart,MemorySize,NtSizeOfImage:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'RelocaterGrabRelocationTableEx'; - function RelocaterMakeSnapshot(hProcess:THandle; szSaveFileName:PAnsiChar; MemoryStart,MemorySize:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'RelocaterMakeSnapshot'; - function RelocaterCompareTwoSnapshots(hProcess:THandle; LoadedImageBase,NtSizeOfImage:LongInt; szDumpFile1,szDumpFile2:PAnsiChar; MemStart:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'RelocaterCompareTwoSnapshots'; - function RelocaterChangeFileBase(szFileName:PAnsiChar; NewImageBase:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'RelocaterChangeFileBase'; - function RelocaterRelocateMemoryBlock(FileMapVA,MemoryLocation:LongInt; RelocateMemory:Pointer; RelocateMemorySize,CurrentLoadedBase,RelocateBase:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'RelocaterRelocateMemoryBlock'; - function RelocaterWipeRelocationTable(szFileName:PAnsiChar):boolean; stdcall; external 'TitanEngine.dll' name 'RelocaterWipeRelocationTable'; -{TitanEngine.Resourcer.functions} - function ResourcerLoadFileForResourceUse(szFileName:PAnsiChar):LongInt; stdcall; external 'TitanEngine.dll' name 'ResourcerLoadFileForResourceUse'; - function ResourcerFreeLoadedFile(LoadedFileBase:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'ResourcerFreeLoadedFile'; - function ResourcerExtractResourceFromFileEx(FileMapVA:LongInt; szResourceType,szResourceName,szExtractedFileName:PAnsiChar):boolean; stdcall; external 'TitanEngine.dll' name 'ResourcerExtractResourceFromFileEx'; - function ResourcerExtractResourceFromFile(szFileName,szResourceType,szResourceName,szExtractedFileName:PAnsiChar):boolean; stdcall; external 'TitanEngine.dll' name 'ResourcerExtractResourceFromFile'; - function ResourcerFindResource(szFileName,szResourceType:PAnsiChar; ResourceType:LongInt; szResourceName:PAnsiChar; ResourceName,ResourceLanguage:LongInt; pResourceData,pResourceSize:Pointer):boolean; stdcall; external 'TitanEngine.dll' name 'ResourcerFindResource'; - function ResourcerFindResourceEx(FileMapVA,FileSize:LongInt; szResourceType:PAnsiChar; ResourceType:LongInt; szResourceName:PAnsiChar; ResourceName,ResourceLanguage:LongInt; pResourceData,pResourceSize:Pointer):boolean; stdcall; external 'TitanEngine.dll' name 'ResourcerFindResourceEx'; - procedure ResourcerEnumerateResource(szFileName:PAnsiChar; CallBack:LongInt); stdcall; external 'TitanEngine.dll' name 'ResourcerEnumerateResource'; - procedure ResourcerEnumerateResourceEx(FileMapVA,FileSize:LongInt; CallBack:LongInt); stdcall; external 'TitanEngine.dll' name 'ResourcerEnumerateResourceEx'; -{TitanEngine.FindOEP.functions} - procedure FindOEPInit(); stdcall; external 'TitanEngine.dll' name 'FindOEPInit'; - procedure FindOEPGenerically(szFileName:PAnsiChar; TraceInitCallBack,CallBack:Pointer); stdcall; external 'TitanEngine.dll' name 'FindOEPGenerically'; -{TitanEngine.Threader.functions} - function ThreaderImportRunningThreadData(ProcessId:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'ThreaderImportRunningThreadData'; - function ThreaderGetThreadInfo(hThread:THandle; ThreadId:LongInt):LongInt; stdcall; external 'TitanEngine.dll' name 'ThreaderGetThreadInfo'; - procedure ThreaderEnumThreadInfo(EnumCallBack:Pointer); stdcall; external 'TitanEngine.dll' name 'ThreaderGetThreadInfo'; - function ThreaderPauseThread(hThread:THandle):boolean; stdcall; external 'TitanEngine.dll' name 'ThreaderPauseThread'; - function ThreaderResumeThread(hThread:THandle):boolean; stdcall; external 'TitanEngine.dll' name 'ThreaderResumeThread'; - function ThreaderTerminateThread(hThread:THandle; ThreadExitCode:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'ThreaderTerminateThread'; - function ThreaderPauseAllThreads(LeaveMainRunning:boolean):boolean; stdcall; external 'TitanEngine.dll' name 'ThreaderPauseAllThreads'; - function ThreaderResumeAllThreads(LeaveMainPaused:boolean):boolean; stdcall; external 'TitanEngine.dll' name 'ThreaderResumeAllThreads'; - function ThreaderPauseProcess():boolean; stdcall; external 'TitanEngine.dll' name 'ThreaderPauseProcess'; - function ThreaderResumeProcess():boolean; stdcall; external 'TitanEngine.dll' name 'ThreaderResumeProcess'; - function ThreaderCreateRemoteThread(ThreadStartAddress:LongInt; AutoCloseTheHandle:boolean; ThreadPassParameter,ThreadId:Pointer):LongInt; stdcall; external 'TitanEngine.dll' name 'ThreaderCreateRemoteThread'; - function ThreaderInjectAndExecuteCode(InjectCode:Pointer; StartDelta,InjectSize:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'ThreaderInjectAndExecuteCode'; - function ThreaderCreateRemoteThreadEx(hProcess:THandle; ThreadStartAddress:LongInt; AutoCloseTheHandle:boolean; ThreadPassParameter,ThreadId:Pointer):LongInt; stdcall; external 'TitanEngine.dll' name 'ThreaderCreateRemoteThreadEx'; - function ThreaderInjectAndExecuteCodeEx(hProcess:THandle; InjectCode:Pointer; StartDelta,InjectSize:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'ThreaderInjectAndExecuteCodeEx'; - procedure ThreaderSetCallBackForNextExitThreadEvent(exitThreadCallBack:Pointer); stdcall; external 'TitanEngine.dll' name 'ThreaderSetCallBackForNextExitThreadEvent'; - function ThreaderIsThreadStillRunning(hThread:THandle):boolean; stdcall; external 'TitanEngine.dll' name 'ThreaderIsThreadStillRunning'; - function ThreaderIsThreadActive(hThread:THandle):boolean; stdcall; external 'TitanEngine.dll' name 'ThreaderIsThreadActive'; - function ThreaderIsAnyThreadActive():boolean; stdcall; external 'TitanEngine.dll' name 'ThreaderIsAnyThreadActive'; - function ThreaderExecuteOnlyInjectedThreads():boolean; stdcall; external 'TitanEngine.dll' name 'ThreaderExecuteOnlyInjectedThreads'; - function ThreaderGetOpenHandleForThread(ThreadId:LongInt):THandle; stdcall; external 'TitanEngine.dll' name 'ThreaderGetOpenHandleForThread'; - function ThreaderIsExceptionInMainThread():boolean; stdcall; external 'TitanEngine.dll' name 'ThreaderIsExceptionInMainThread'; -{TitanEngine.Debugger.functions} - function StaticDisassembleEx(DisassmStart:LongInt; DisassmAddress:Pointer):PAnsiChar; stdcall; external 'TitanEngine.dll' name 'StaticDisassembleEx'; - function StaticDisassemble(DisassmAddress:Pointer):PAnsiChar; stdcall; external 'TitanEngine.dll' name 'StaticDisassemble'; - function DisassembleEx(hProcess:THandle; DisassmAddress:Pointer):PAnsiChar; stdcall; external 'TitanEngine.dll' name 'DisassembleEx'; - function Disassemble(DisassmAddress:Pointer):PAnsiChar; stdcall; external 'TitanEngine.dll' name 'Disassemble'; - function StaticLengthDisassemble(DisassmAddress:Pointer):LongInt; stdcall; external 'TitanEngine.dll' name 'StaticLengthDisassemble'; - function LengthDisassembleEx(hProcess:THandle; DisassmAddress:Pointer):LongInt; stdcall; external 'TitanEngine.dll' name 'LengthDisassembleEx'; - function LengthDisassemble(DisassmAddress:Pointer):LongInt; stdcall; external 'TitanEngine.dll' name 'LengthDisassemble'; - function InitDebug(szFileName,szCommandLine,szCurrentFolder:PAnsiChar): Pointer; stdcall; external 'TitanEngine.dll' name 'InitDebug'; - function InitNativeDebug(szFileName,szCommandLine,szCurrentFolder:PAnsiChar): Pointer; stdcall; external 'TitanEngine.dll' name 'InitNonWin32Debug'; - function InitDebugEx(szFileName,szCommandLine,szCurrentFolder:PAnsiChar; EntryCallBack:Pointer): Pointer; stdcall; external 'TitanEngine.dll' name 'InitDebugEx'; - function InitDLLDebug(szFileName:PAnsiChar; ReserveModuleBase:boolean; szCommandLine,szCurrentFolder:PAnsiChar; EntryCallBack:Pointer): Pointer; stdcall; external 'TitanEngine.dll' name 'InitDLLDebug'; - function StopDebug(): Boolean; stdcall; external 'TitanEngine.dll' name 'StopDebug'; - procedure SetBPXOptions(DefaultBreakPointType:LongInt); stdcall; external 'TitanEngine.dll' name 'SetBPXOptions'; - function IsBPXEnabled(bpxAddress:LongInt): boolean; stdcall; external 'TitanEngine.dll' name 'IsBPXEnabled'; - function EnableBPX(bpxAddress:LongInt): boolean; stdcall; external 'TitanEngine.dll' name 'EnableBPX'; - function DisableBPX(bpxAddress:LongInt): boolean; stdcall; external 'TitanEngine.dll' name 'DisableBPX'; - function SetBPX(bpxAddress,bpxType:LongInt; bpxCallBack:Pointer): boolean; stdcall; external 'TitanEngine.dll' name 'SetBPX'; - function DeleteBPX(bpxAddress:LongInt): boolean; stdcall; external 'TitanEngine.dll' name 'DeleteBPX'; - function SafeDeleteBPX(bpxAddress:LongInt): boolean; stdcall; external 'TitanEngine.dll' name 'SafeDeleteBPX'; - function SetAPIBreakPoint(szDLLName,szAPIName:PAnsiChar; bpxType,bpxPlace:LongInt; bpxCallBack:Pointer):boolean; stdcall; external 'TitanEngine.dll' name 'SetAPIBreakPoint'; - function DeleteAPIBreakPoint(szDLLName,szAPIName:PAnsiChar; bpxPlace:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'DeleteAPIBreakPoint'; - function SafeDeleteAPIBreakPoint(szDLLName,szAPIName:PAnsiChar; bpxPlace:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'SafeDeleteAPIBreakPoint'; - function SetMemoryBPX(MemoryStart,SizeOfMemory:LongInt; bpxCallBack:Pointer):boolean; stdcall; external 'TitanEngine.dll' name 'SetMemoryBPX'; - function SetMemoryBPXEx(MemoryStart,SizeOfMemory,BreakPointType:LongInt; RestoreOnHit:boolean; bpxCallBack:Pointer):boolean; stdcall; external 'TitanEngine.dll' name 'SetMemoryBPXEx'; - function RemoveMemoryBPX(MemoryStart,SizeOfMemory:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'RemoveMemoryBPX'; - function GetContextFPUDataEx(hActiveThread:THandle; FPUSaveArea:Pointer): boolean; stdcall; external 'TitanEngine.dll' name 'GetContextFPUDataEx'; - function GetContextDataEx(hActiveThread:THandle; IndexOfRegister:LongInt): LongInt; stdcall; external 'TitanEngine.dll' name 'GetContextDataEx'; - function GetContextData(IndexOfRegister:LongInt): LongInt; stdcall; external 'TitanEngine.dll' name 'GetContextData'; - function SetContextFPUDataEx(hActiveThread:THandle; FPUSaveArea:Pointer): boolean; stdcall; external 'TitanEngine.dll' name 'SetContextFPUDataEx'; - function SetContextDataEx(hActiveThread:THandle; IndexOfRegister,NewRegisterValue:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'SetContextDataEx'; - function SetContextData(IndexOfRegister,NewRegisterValue:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'SetContextData'; - procedure ClearExceptionNumber(); stdcall; external 'TitanEngine.dll' name 'ClearExceptionNumber'; - function CurrentExceptionNumber(): LongInt; stdcall; external 'TitanEngine.dll' name 'CurrentExceptionNumber'; - function MatchPatternEx(hProcess:THandle; MemoryToCheck,SizeOfMemoryToCheck:LongInt; PatternToMatch:Pointer; SizeOfPatternToMatch:LongInt; WildCard:Pointer): boolean; stdcall; external 'TitanEngine.dll' name 'MatchPatternEx'; - function MatchPattern(MemoryToCheck,SizeOfMemoryToCheck:LongInt; PatternToMatch:Pointer; SizeOfPatternToMatch:LongInt; WildCard:Pointer): boolean; stdcall; external 'TitanEngine.dll' name 'MatchPattern'; - function FindEx(hProcess:THandle; MemoryStart,MemorySize:LongInt; SearchPattern:Pointer; PatternSize:LongInt; WildCard:Pointer): LongInt; stdcall; external 'TitanEngine.dll' name 'FindEx'; - function Find(MemoryStart,MemorySize:LongInt; SearchPattern:Pointer; PatternSize:LongInt; WildCard:Pointer): LongInt; stdcall; external 'TitanEngine.dll' name 'Find'; - function FillEx(hProcess:THandle; MemoryStart,MemorySize:LongInt; FillByte:Pointer): boolean; stdcall; external 'TitanEngine.dll' name 'FillEx'; - function Fill(MemoryStart,MemorySize:LongInt; FillByte:Pointer): boolean; stdcall; external 'TitanEngine.dll' name 'Fill'; - function PatchEx(hProcess:THandle; MemoryStart,MemorySize:LongInt; ReplacePattern:Pointer; ReplaceSize:LongInt; AppendNOP,PrependNOP:boolean): boolean; stdcall; external 'TitanEngine.dll' name 'PatchEx'; - function Patch(MemoryStart,MemorySize:LongInt; ReplacePattern:Pointer; ReplaceSize:LongInt; AppendNOP,PrependNOP:boolean): boolean; stdcall; external 'TitanEngine.dll' name 'Patch'; - function ReplaceEx(hProcess:THandle; MemoryStart,MemorySize:LongInt; SearchPattern:Pointer; PatternSize,NumberOfRepetitions:LongInt; ReplacePattern:Pointer; ReplaceSize:LongInt; WildCard:Pointer): boolean; stdcall; external 'TitanEngine.dll' name 'ReplaceEx'; - function Replace(MemoryStart,MemorySize:LongInt; SearchPattern:Pointer; PatternSize,NumberOfRepetitions:LongInt; ReplacePattern:Pointer; ReplaceSize:LongInt; WildCard:Pointer): boolean; stdcall; external 'TitanEngine.dll' name 'Replace'; - function GetDebugData(): Pointer; stdcall; external 'TitanEngine.dll' name 'GetDebugData'; - function GetTerminationData(): Pointer; stdcall; external 'TitanEngine.dll' name 'GetTerminationData'; - function GetExitCode():LongInt; stdcall; external 'TitanEngine.dll' name 'GetExitCode'; - function GetDebuggedDLLBaseAddress(): LongInt; stdcall; external 'TitanEngine.dll' name 'GetDebuggedDLLBaseAddress'; - function GetDebuggedFileBaseAddress(): LongInt; stdcall; external 'TitanEngine.dll' name 'GetDebuggedFileBaseAddress'; - function GetRemoteString(hProcess:THandle; StringAddress:LongInt; StringStorage:Pointer; MaximumStringSize:LongInt): LongInt; stdcall; external 'TitanEngine.dll' name 'GetRemoteString'; - function GetFunctionParameter(hProcess:THandle; FunctionType,ParameterNumber,ParameterType:LongInt): LongInt; stdcall; external 'TitanEngine.dll' name 'GetFunctionParameter'; - function GetJumpDestinationEx(hProcess:THandle; InstructionAddress:LongInt; JustJumps:boolean): LongInt; stdcall; external 'TitanEngine.dll' name 'GetJumpDestinationEx'; - function GetJumpDestination(hProcess:THandle; InstructionAddress:LongInt; JustJumps:boolean): LongInt; stdcall; external 'TitanEngine.dll' name 'GetJumpDestination'; - function IsJumpGoingToExecuteEx(hProcess,hThread:THandle; InstructionAddress,RegFlags:LongInt): boolean; stdcall; external 'TitanEngine.dll' name 'IsJumpGoingToExecuteEx'; - function IsJumpGoingToExecute(): boolean; stdcall; external 'TitanEngine.dll' name 'IsJumpGoingToExecute'; - procedure SetCustomHandler(WhichException:LongInt; CallBack:Pointer); stdcall; external 'TitanEngine.dll' name 'SetCustomHandler'; - procedure ForceClose(); stdcall; external 'TitanEngine.dll' name 'ForceClose'; - procedure StepInto(traceCallBack:Pointer); stdcall; external 'TitanEngine.dll' name 'StepInto'; - procedure StepOver(traceCallBack:Pointer); stdcall; external 'TitanEngine.dll' name 'StepOver'; - procedure SingleStep(StepCount:LongInt; StepCallBack:Pointer); stdcall; external 'TitanEngine.dll' name 'SingleStep'; - function GetUnusedHardwareBreakPointRegister(RegisterIndex:Pointer):boolean; stdcall; external 'TitanEngine.dll' name 'GetUnusedHardwareBreakPointRegister'; - function SetHardwareBreakPointEx(hActiveThread:THandle; bpxAddress,IndexOfRegister,bpxType,bpxSize:LongInt; bpxCallBack,IndexOfSelectedRegister:Pointer):boolean; stdcall; external 'TitanEngine.dll' name 'SetHardwareBreakPointEx'; - function SetHardwareBreakPoint(bpxAddress,IndexOfRegister,bpxType,bpxSize:LongInt; bpxCallBack:Pointer):boolean; stdcall; external 'TitanEngine.dll' name 'SetHardwareBreakPoint'; - function DeleteHardwareBreakPoint(IndexOfRegister:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'DeleteHardwareBreakPoint'; - function RemoveAllBreakPoints(RemoveOption:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'RemoveAllBreakPoints'; - function GetProcessInformation(): Pointer; stdcall; external 'TitanEngine.dll' name 'GetProcessInformation'; - function GetStartupInformation(): Pointer; stdcall; external 'TitanEngine.dll' name 'GetStartupInformation'; - procedure DebugLoop(); stdcall; external 'TitanEngine.dll' name 'DebugLoop'; - procedure SetDebugLoopTimeOut(TimeOut:LongInt); stdcall; external 'TitanEngine.dll' name 'SetDebugLoopTimeOut'; - procedure SetNextDbgContinueStatus(SetDbgCode:LongInt); stdcall; external 'TitanEngine.dll' name 'SetNextDbgContinueStatus'; - function AttachDebugger(ProcessId:LongInt; KillOnExit:Boolean; DebugInfo,CallBack:Pointer): Pointer; stdcall; external 'TitanEngine.dll' name 'AttachDebugger'; - function DetachDebugger(ProcessId:LongInt): Pointer; stdcall; external 'TitanEngine.dll' name 'DetachDebugger'; - function DetachDebuggerEx(ProcessId:LongInt): Pointer; stdcall; external 'TitanEngine.dll' name 'DetachDebuggerEx'; - function DebugLoopEx(TimeOut:LongInt): LongInt; stdcall; external 'TitanEngine.dll' name 'DebugLoopEx'; - procedure AutoDebugEx(szFileName:PAnsiChar; ReserveModuleBase:boolean; szCommandLine,szCurrentFolder:PAnsiChar; TimeOut:LongInt; EntryCallBack:Pointer); stdcall; external 'TitanEngine.dll' name 'AutoDebugEx'; - function IsFileBeingDebugged(): boolean; stdcall; external 'TitanEngine.dll' name 'IsFileBeingDebugged'; - procedure SetErrorModel(DisplayErrorMessages:boolean); stdcall; external 'TitanEngine.dll' name 'SetErrorModel'; -{TitanEngine.Importer.functions} - procedure ImporterCleanup(); stdcall; external 'TitanEngine.dll' name 'ImporterCleanup'; - procedure ImporterSetImageBase(ImageBase:LongInt); stdcall; external 'TitanEngine.dll' name 'ImporterSetImageBase'; - procedure ImporterSetUnknownDelta(DeltaAddress:LongInt); stdcall; external 'TitanEngine.dll' name 'ImporterSetUnknownDelta'; - function ImporterGetCurrentDelta():LongInt; stdcall; external 'TitanEngine.dll' name 'ImporterGetCurrentDelta'; - procedure ImporterInit(MemorySize,ImageBase:LongInt); stdcall; external 'TitanEngine.dll' name 'ImporterInit'; - procedure ImporterAddNewDll(DLLName:PAnsiChar; FirstThunk:LongInt); stdcall; external 'TitanEngine.dll' name 'ImporterAddNewDll'; - procedure ImporterAddNewAPI(APIName:PAnsiChar; FirstThunk:LongInt); stdcall; external 'TitanEngine.dll' name 'ImporterAddNewAPI'; - procedure ImporterAddNewOrdinalAPI(dwAPIName,FirstThunk:LongInt); stdcall; external 'TitanEngine.dll' name 'ImporterAddNewAPI'; - function ImporterGetAddedDllCount(): LongInt; stdcall; external 'TitanEngine.dll' name 'ImporterGetAddedDllCount'; - function ImporterGetAddedAPICount(): LongInt; stdcall; external 'TitanEngine.dll' name 'ImporterGetAddedAPICount'; - function ImporterGetLastAddedDLLName(): PAnsiChar; stdcall; external 'TitanEngine.dll' name 'ImporterGetLastAddedDLLName'; - procedure ImporterMoveIAT(); stdcall; external 'TitanEngine.dll' name 'ImporterMoveIAT'; - function ImporterExportIAT(StorePlace,FileMap:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'ImporterExportIAT'; - function ImporterEstimatedSize(): LongInt; stdcall; external 'TitanEngine.dll' name 'ImporterEstimatedSize'; - function ImporterExportIATEx(szExportFileName,szSectionName:PAnsiChar):boolean; stdcall; external 'TitanEngine.dll' name 'ImporterExportIATEx'; - function ImporterFindAPIWriteLocation(szAPIName:PAnsiChar): LongInt; stdcall; external 'TitanEngine.dll' name 'ImporterFindAPIWriteLocation'; - function ImporterFindOrdinalAPIWriteLocation(OrdinalNumber:LongInt): LongInt; stdcall; external 'TitanEngine.dll' name 'ImporterFindOrdinalAPIWriteLocation'; - function ImporterFindAPIByWriteLocation(APIWriteLocation:PAnsiChar): LongInt; stdcall; external 'TitanEngine.dll' name 'ImporterFindAPIByWriteLocation'; - function ImporterFindDLLByWriteLocation(APIWriteLocation:PAnsiChar): LongInt; stdcall; external 'TitanEngine.dll' name 'ImporterFindDLLByWriteLocation'; - function ImporterGetDLLName(APIAddress:LongInt): PAnsiChar; stdcall; external 'TitanEngine.dll' name 'ImporterGetDLLName'; - function ImporterGetAPIName(APIAddress:LongInt): PAnsiChar; stdcall; external 'TitanEngine.dll' name 'ImporterGetAPIName'; - function ImporterGetAPIOrdinalNumber(APIAddress:LongInt): LongInt; stdcall; external 'TitanEngine.dll' name 'ImporterGetAPIOrdinalNumber'; - function ImporterGetAPINameEx(APIAddress:LongInt; pDLLBases:Pointer): PAnsiChar; stdcall; external 'TitanEngine.dll' name 'ImporterGetAPINameEx'; - function ImporterGetRemoteAPIAddress(hProcess:THandle; APIAddress:LongInt): LongInt; stdcall; external 'TitanEngine.dll' name 'ImporterGetRemoteAPIAddress'; - function ImporterGetRemoteAPIAddressEx(szDLLName,szAPIName:PAnsiChar): LongInt; stdcall; external 'TitanEngine.dll' name 'ImporterGetRemoteAPIAddressEx'; - function ImporterGetLocalAPIAddress(hProcess:THandle; APIAddress:LongInt): LongInt; stdcall; external 'TitanEngine.dll' name 'ImporterGetLocalAPIAddress'; - function ImporterGetDLLNameFromDebugee(hProcess:THandle; APIAddress:LongInt): PAnsiChar; stdcall; external 'TitanEngine.dll' name 'ImporterGetDLLNameFromDebugee'; - function ImporterGetAPINameFromDebugee(hProcess:THandle; APIAddress:LongInt): PAnsiChar; stdcall; external 'TitanEngine.dll' name 'ImporterGetAPINameFromDebugee'; - function ImporterGetAPIOrdinalNumberFromDebugee(hProcess:THandle; APIAddress:LongInt): LongInt; stdcall; external 'TitanEngine.dll' name 'ImporterGetAPIOrdinalNumberFromDebugee'; - function ImporterGetDLLIndexEx(APIAddress:LongInt; pDLLBases:Pointer): LongInt; stdcall; external 'TitanEngine.dll' name 'ImporterGetDLLIndexEx'; - function ImporterGetDLLIndex(hProcess:THandle; APIAddress:LongInt; pDLLBases:Pointer): LongInt; stdcall; external 'TitanEngine.dll' name 'ImporterGetDLLIndex'; - function ImporterGetRemoteDLLBase(hProcess:THandle; LocalModuleBase:LongInt): LongInt; stdcall; external 'TitanEngine.dll' name 'ImporterGetRemoteDLLBase'; - function ImporterRelocateWriteLocation(AddValue:LongInt): boolean; stdcall; external 'TitanEngine.dll' name 'ImporterRelocateWriteLocation'; - function ImporterIsForwardedAPI(hProcess:THandle; APIAddress:LongInt): boolean; stdcall; external 'TitanEngine.dll' name 'ImporterIsForwardedAPI'; - function ImporterGetForwardedAPIName(hProcess:THandle; APIAddress:LongInt): PAnsiChar; stdcall; external 'TitanEngine.dll' name 'ImporterGetForwardedAPIName'; - function ImporterGetForwardedDLLName(hProcess:THandle; APIAddress:LongInt): PAnsiChar; stdcall; external 'TitanEngine.dll' name 'ImporterGetForwardedDLLName'; - function ImporterGetForwardedDLLIndex(hProcess:THandle; APIAddress:LongInt; pDLLBases:Pointer): LongInt; stdcall; external 'TitanEngine.dll' name 'ImporterGetForwardedDLLIndex'; - function ImporterGetForwardedAPIOrdinalNumber(hProcess:THandle; APIAddress:LongInt): LongInt; stdcall; external 'TitanEngine.dll' name 'ImporterGetForwardedAPIOrdinalNumber'; - function ImporterGetNearestAPIAddress(hProcess:THandle; APIAddress:LongInt): LongInt; stdcall; external 'TitanEngine.dll' name 'ImporterGetNearestAPIAddress'; - function ImporterGetNearestAPIName(hProcess:THandle; APIAddress:LongInt): PAnsiChar; stdcall; external 'TitanEngine.dll' name 'ImporterGetNearestAPIName'; - function ImporterCopyOriginalIAT(szOriginalFile,szDumpFile:PAnsiChar): boolean; stdcall; external 'TitanEngine.dll' name 'ImporterCopyOriginalIAT'; - function ImporterLoadImportTable(szFileName:PAnsiChar): boolean; stdcall; external 'TitanEngine.dll' name 'ImporterLoadImportTable'; - function ImporterMoveOriginalIAT(szOriginalFile,szDumpFile,szSectionName:PAnsiChar): boolean; stdcall; external 'TitanEngine.dll' name 'ImporterMoveOriginalIAT'; - procedure ImporterAutoSearchIAT(pFileName:PAnsiChar;ImageBase,SearchStart,SearchSize:LongInt;pIATStart,pIATSize:Pointer); stdcall; external 'TitanEngine.dll' name 'ImporterAutoSearchIAT'; - procedure ImporterAutoSearchIATEx(hProcess:LongInt;ImageBase,SearchStart,SearchSize:LongInt;pIATStart,pIATSize:Pointer); stdcall; external 'TitanEngine.dll' name 'ImporterAutoSearchIATEx'; - procedure ImporterEnumAddedData(EnumCallBack:Pointer); stdcall; external 'TitanEngine.dll' name 'ImporterEnumAddedData'; - function ImporterAutoFixIAT(hProcess:LongInt;pFileName:PAnsiChar;ImageBase,SearchStart,SearchSize,SearchStep:LongInt):LongInt; stdcall; external 'TitanEngine.dll' name 'ImporterAutoFixIAT'; - function ImporterAutoFixIATEx(hProcess:LongInt;pFileName,szSectionName:PAnsiChar;DumpRunningProcess,RealignFile:boolean;EntryPointAddress,ImageBase,SearchStart,SearchSize,SearchStep:LongInt;TryAutoFix,FixEliminations:boolean;UnknownPointerFixCallback:LongInt):LongInt; stdcall; external 'TitanEngine.dll' name 'ImporterAutoFixIATEx'; -{TitanEngine.Hooks.functions} - function HooksSafeTransitionEx(HookAddressArray:Pointer; NumberOfHooks:LongInt; TransitionStart:boolean):boolean; stdcall; external 'TitanEngine.dll' name 'HooksSafeTransitionEx'; - function HooksSafeTransition(HookAddressArray:Pointer; TransitionStart:boolean):boolean; stdcall; external 'TitanEngine.dll' name 'HooksSafeTransition'; - function HooksIsAddressRedirected(HookAddressArray:Pointer):boolean; stdcall; external 'TitanEngine.dll' name 'HooksIsAddressRedirected'; - function HooksGetTrampolineAddress(HookAddressArray:Pointer):Pointer; stdcall; external 'TitanEngine.dll' name 'HooksGetTrampolineAddress'; - function HooksGetHookEntryDetails(HookAddressArray:Pointer):Pointer; stdcall; external 'TitanEngine.dll' name 'HooksGetHookEntryDetails'; - function HooksInsertNewRedirection(HookAddressArray,RedirectTo:Pointer; HookType:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'HooksInsertNewRedirection'; - function HooksInsertNewIATRedirectionEx(FileMapVA,LoadedModuleBase:LongInt; szHookFunction:PAnsiChar; RedirectTo:Pointer):boolean; stdcall; external 'TitanEngine.dll' name 'HooksInsertNewIATRedirectionEx'; - function HooksInsertNewIATRedirection(szModuleName,szHookFunction:PAnsiChar; RedirectTo:Pointer):boolean; stdcall; external 'TitanEngine.dll' name 'HooksInsertNewIATRedirection'; - function HooksRemoveRedirection(HookAddressArray:Pointer; RemoveAll:boolean):boolean; stdcall; external 'TitanEngine.dll' name 'HooksRemoveRedirection'; - function HooksRemoveRedirectionsForModule(ModuleBase:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'HooksRemoveRedirectionsForModule'; - function HooksDisableRedirection(HookAddressArray:Pointer; DisableAll:boolean):boolean; stdcall; external 'TitanEngine.dll' name 'HooksDisableRedirection'; - function HooksDisableRedirectionsForModule(ModuleBase:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'HooksDisableRedirectionsForModule'; - function HooksEnableRedirection(HookAddressArray:Pointer; EnableAll:boolean):boolean; stdcall; external 'TitanEngine.dll' name 'HooksEnableRedirection'; - function HooksEnableRedirectionsForModule(ModuleBase:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'HooksEnableRedirectionsForModule'; - function HooksRemoveIATRedirection(szModuleName,szHookFunction:PAnsiChar; RemoveAll:boolean):boolean; stdcall; external 'TitanEngine.dll' name 'HooksRemoveIATRedirection'; - function HooksDisableIATRedirection(szModuleName,szHookFunction:PAnsiChar; DisableAll:boolean):boolean; stdcall; external 'TitanEngine.dll' name 'HooksDisableIATRedirection'; - function HooksEnableIATRedirection(szModuleName,szHookFunction:PAnsiChar; EnableAll:boolean):boolean; stdcall; external 'TitanEngine.dll' name 'HooksEnableIATRedirection'; - procedure HooksScanModuleMemory(ModuleBase:LongInt; CallBack:Pointer); stdcall; external 'TitanEngine.dll' name 'HooksScanModuleMemory'; - procedure HooksScanEntireProcessMemory(CallBack:Pointer); stdcall; external 'TitanEngine.dll' name 'HooksScanEntireProcessMemory'; - procedure HooksScanEntireProcessMemoryEx(); stdcall; external 'TitanEngine.dll' name 'HooksScanEntireProcessMemoryEx'; -{TitanEngine.Tracer.functions} - procedure TracerInit(); stdcall; external 'TitanEngine.dll' name 'TracerInit'; - function TracerLevel1(hProcess,APIAddress:LongInt):LongInt; stdcall; external 'TitanEngine.dll' name 'TracerLevel1'; - function HashTracerLevel1(hProcess,APIAddress,NumberOfInstructions:LongInt):LongInt; stdcall; external 'TitanEngine.dll' name 'HashTracerLevel1'; - function TracerDetectRedirection(hProcess,APIAddress:LongInt):LongInt; stdcall; external 'TitanEngine.dll' name 'TracerDetectRedirection'; - function TracerFixKnownRedirection(hProcess,APIAddress,RedirectionId:LongInt):LongInt; stdcall; external 'TitanEngine.dll' name 'TracerFixKnownRedirection'; - function TracerFixRedirectionViaImpRecPlugin(hProcess:LongInt;szPluginName:PAnsiChar;APIAddress:LongInt):LongInt; stdcall; external 'TitanEngine.dll' name 'TracerFixRedirectionViaImpRecPlugin'; -{TitanEngine.Exporter.functions} - procedure ExporterCleanup(); stdcall; external 'TitanEngine.dll' name 'ExporterCleanup'; - procedure ExporterSetImageBase(ImageBase:LongInt); stdcall; external 'TitanEngine.dll' name 'ExporterSetImageBase'; - procedure ExporterInit(MemorySize,ImageBase,ExportOrdinalBase:LongInt; szExportModuleName:PAnsiChar); stdcall; external 'TitanEngine.dll' name 'ExporterInit'; - function ExporterAddNewExport(szExportName:PAnsiChar; ExportRelativeAddress:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'ExporterAddNewExport'; - function ExporterAddNewOrdinalExport(OrdinalNumber,ExportRelativeAddress:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'ExporterAddNewOrdinalExport'; - function ExporterGetAddedExportCount():LongInt; stdcall; external 'TitanEngine.dll' name 'ExporterGetAddedExportCount'; - function ExporterEstimatedSize():LongInt; stdcall; external 'TitanEngine.dll' name 'ExporterEstimatedSize'; - function ExporterBuildExportTable(StorePlace,FileMapVA:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'ExporterBuildExportTable'; - function ExporterBuildExportTableEx(szExportFileName,szSectionName:PAnsiChar):boolean; stdcall; external 'TitanEngine.dll' name 'ExporterBuildExportTableEx'; - function ExporterLoadExportTable(szFileName:PAnsiChar):boolean; stdcall; external 'TitanEngine.dll' name 'ExporterLoadExportTable'; -{TitanEngine.Librarian.functions} - function LibrarianSetBreakPoint(szLibraryName:PAnsiChar; bpxType:LongInt; SingleShoot:boolean; bpxCallBack:Pointer):boolean; stdcall; external 'TitanEngine.dll' name 'LibrarianSetBreakPoint'; - function LibrarianRemoveBreakPoint(szLibraryName:PAnsiChar; bpxType:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'LibrarianRemoveBreakPoint'; - function LibrarianGetLibraryInfo(szLibraryName:PAnsiChar):Pointer; stdcall; external 'TitanEngine.dll' name 'LibrarianGetLibraryInfo'; - function LibrarianGetLibraryInfoEx(BaseOfDll:Pointer):Pointer; stdcall; external 'TitanEngine.dll' name 'LibrarianGetLibraryInfoEx'; - procedure LibrarianEnumLibraryInfo(BaseOfDll:Pointer); stdcall; external 'TitanEngine.dll' name 'LibrarianEnumLibraryInfo'; -{TitanEngine.Process.functions} - function GetActiveProcessId(szImageName:PAnsiChar):LongInt; stdcall; external 'TitanEngine.dll' name 'GetActiveProcessId'; - function EnumProcessesWithLibrary(szLibraryName:PAnsiChar; EnumFunction:Pointer):LongInt; stdcall; external 'TitanEngine.dll' name 'EnumProcessesWithLibrary'; -{TitanEngine.TLSFixer.functions} - function TLSBreakOnCallBack(ArrayOfCallBacks:Pointer; NumberOfCallBacks:LongInt; bpxCallBack:Pointer):boolean; stdcall; external 'TitanEngine.dll' name 'TLSBreakOnCallBack'; - function TLSGrabCallBackData(szFileName:PAnsiChar; ArrayOfCallBacks,NumberOfCallBacks:Pointer):boolean; stdcall; external 'TitanEngine.dll' name 'TLSGrabCallBackData'; - function TLSBreakOnCallBackEx(szFileName:PAnsiChar; bpxCallBack:Pointer):boolean; stdcall; external 'TitanEngine.dll' name 'TLSBreakOnCallBackEx'; - function TLSRemoveCallback(szFileName:PAnsiChar):boolean; stdcall; external 'TitanEngine.dll' name 'TLSRemoveCallback'; - function TLSRemoveTable(szFileName:PAnsiChar):boolean; stdcall; external 'TitanEngine.dll' name 'TLSRemoveTable'; - function TLSBackupData(szFileName:PAnsiChar):boolean; stdcall; external 'TitanEngine.dll' name 'TLSBackupData'; - function TLSRestoreData():boolean; stdcall; external 'TitanEngine.dll' name 'TLSRestoreData'; - function TLSBuildNewTable(FileMapVA,StorePlace,StorePlaceRVA:LongInt; ArrayOfCallBacks:Pointer; NumberOfCallBacks:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'TLSBuildNewTable'; - function TLSBuildNewTableEx(szFileName,szSectionName:PAnsiChar; ArrayOfCallBacks:Pointer; NumberOfCallBacks:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'TLSBuildNewTableEx'; -{TitanEngine.TranslateName.functions} - function TranslateNativeName(szNativeName:PAnsiChar):PAnsiChar; stdcall; external 'TitanEngine.dll' name 'TranslateNativeName'; -{TitanEngine.Handler.functions} - function HandlerGetActiveHandleCount(ProcessId:LongInt):LongInt; stdcall; external 'TitanEngine.dll' name 'HandlerGetActiveHandleCount'; - function HandlerIsHandleOpen(ProcessId:LongInt; hHandle:THandle):boolean; stdcall; external 'TitanEngine.dll' name 'HandlerIsHandleOpen'; - function HandlerGetHandleName(hProcess:THandle; ProcessId:LongInt; hHandle:THandle; TranslateName:boolean):PAnsiChar; stdcall; external 'TitanEngine.dll' name 'HandlerGetHandleName'; - function HandlerEnumerateOpenHandles(ProcessId:LongInt; HandleBuffer:Pointer; MaxHandleCount:LongInt):LongInt; stdcall; external 'TitanEngine.dll' name 'HandlerEnumerateOpenHandles'; - function HandlerGetHandleDetails(hProcess:THandle; ProcessId:LongInt; hHandle:THandle; InformationReturn:LongInt):LongInt; stdcall; external 'TitanEngine.dll' name 'HandlerGetHandleDetails'; - function HandlerCloseRemoteHandle(ProcessId:LongInt; hHandle:THandle):boolean; stdcall; external 'TitanEngine.dll' name 'HandlerCloseRemoteHandle'; - function HandlerEnumerateLockHandles(szFileOrFolderName:PAnsiChar; NameIsFolder,NameIsTranslated:boolean; HandleDataBuffer:Pointer; MaxHandleCount:LongInt):LongInt; stdcall; external 'TitanEngine.dll' name 'HandlerEnumerateLockHandles'; - function HandlerCloseAllLockHandles(szFileOrFolderName:PAnsiChar; NameIsFolder,NameIsTranslated:boolean):boolean; stdcall; external 'TitanEngine.dll' name 'HandlerCloseAllLockHandles'; - function HandlerIsFileLocked(szFileOrFolderName:PAnsiChar; NameIsFolder,NameIsTranslated:boolean):boolean; stdcall; external 'TitanEngine.dll' name 'HandlerIsFileLocked'; - function HandlerEnumerateOpenMutexes(hProcess:THandle; ProcessId:LongInt; HandleBuffer:Pointer; MaxHandleCount:LongInt):LongInt; stdcall; external 'TitanEngine.dll' name 'HandlerEnumerateOpenMutexes'; - function HandlerGetOpenMutexHandle(hProcess:THandle; ProcessId:LongInt; szMutexString:PAnsiChar):LongInt; stdcall; external 'TitanEngine.dll' name 'HandlerGetOpenMutexHandle'; - function HandlerGetProcessIdWhichCreatedMutex(szMutexString:PAnsiChar):LongInt; stdcall; external 'TitanEngine.dll' name 'HandlerGetProcessIdWhichCreatedMutex'; -{TitanEngine.Injector.functions} - function RemoteLoadLibrary(hProcess:THandle; szLibraryFile:PAnsiChar; WaitForThreadExit:boolean):boolean; stdcall; external 'TitanEngine.dll' name 'RemoteLoadLibrary'; - function RemoteFreeLibrary(hProcess:THandle; hModule:LongInt; szLibraryFile:PAnsiChar; WaitForThreadExit:boolean):boolean; stdcall; external 'TitanEngine.dll' name 'RemoteFreeLibrary'; - function RemoteExitProcess(hProcess:THandle; ExitCode:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'RemoteExitProcess'; -{TitanEngine.StaticUnpacker.functions} - function StaticFileLoad(szFileName:PAnsiChar; DesiredAccess:LongInt; SimulateLoad:boolean; FileHandle,LoadedSize,FileMap,FileMapVA:Pointer):boolean; stdcall; external 'TitanEngine.dll' name 'StaticFileLoad'; - function StaticFileUnload(szFileName:PAnsiChar; CommitChanges:boolean; FileHandle,LoadedSize,FileMap,FileMapVA:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'StaticFileUnload'; - function StaticFileOpen(szFileName:PAnsiChar; DesiredAccess:LongInt; FileHandle,FileSizeLow,FileSizeHigh:Pointer):boolean; stdcall; external 'TitanEngine.dll' name 'StaticFileOpen'; - function StaticFileGetContent(FileHandle:THandle; FilePositionLow:LongInt; FilePositionHigh,Buffer:Pointer; Size:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'StaticFileGetContent'; - procedure StaticFileClose(FileHandle:THandle); stdcall; external 'TitanEngine.dll' name 'StaticFileClose'; - procedure StaticMemoryDecrypt(MemoryStart,MemorySize,DecryptionType,DecryptionKeySize,DecryptionKey:LongInt); stdcall; external 'TitanEngine.dll' name 'StaticMemoryDecrypt'; - procedure StaticMemoryDecryptEx(MemoryStart,MemorySize,DecryptionKeySize:LongInt; DecryptionCallBack:Pointer); stdcall; external 'TitanEngine.dll' name 'StaticMemoryDecryptEx'; - procedure StaticMemoryDecryptSpecial(MemoryStart,MemorySize,DecryptionKeySize,SpecDecryptionType:LongInt; DecryptionCallBack:Pointer); stdcall; external 'TitanEngine.dll' name 'StaticMemoryDecryptSpecial'; - procedure StaticSectionDecrypt(FileMapVA,SectionNumber:LongInt; SimulateLoad:boolean; DecryptionType,DecryptionKeySize,DecryptionKey:LongInt); stdcall; external 'TitanEngine.dll' name 'StaticSectionDecrypt'; - function StaticMemoryDecompress(Source,SourceSize,Destination,DestinationSize,Algorithm:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'StaticMemoryDecompress'; - function StaticRawMemoryCopy(hFile:THandle; FileMapVA,VitualAddressToCopy,Size:LongInt; AddressIsRVA:boolean; szDumpFileName:PAnsiChar):boolean; stdcall; external 'TitanEngine.dll' name 'StaticRawMemoryCopy'; - function StaticHashMemory(MemoryToHash:Pointer; SizeOfMemory:LongInt; HashDigest:Pointer; OutputString:boolean; Algorithm:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'StaticHashMemory'; - function StaticHashFile(szFileName,HashDigest:PAnsiChar; OutputString:boolean; Algorithm:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'StaticHashFile'; -{TitanEngine.Engine.functions} - procedure SetEngineVariable(VariableId:LongInt; VariableSet:boolean); stdcall; external 'TitanEngine.dll' name 'SetEngineVariable'; - function EngineCreateMissingDependencies(szFileName,szOutputFolder:PAnsiChar; LogCreatedFiles:boolean):boolean; stdcall; external 'TitanEngine.dll' name 'EngineCreateMissingDependencies'; - function EngineFakeMissingDependencies(hProcess:THandle):boolean; stdcall; external 'TitanEngine.dll' name 'EngineCreateMissingDependencies'; - function EngineDeleteCreatedDependencies():boolean; stdcall; external 'TitanEngine.dll' name 'EngineDeleteCreatedDependencies'; - function EngineCreateUnpackerWindow(WindowUnpackerTitle,WindowUnpackerLongTitleWindowUnpackerName,WindowUnpackerAuthor:PChar; StartUnpackingCallBack:Pointer):boolean; stdcall; external 'TitanEngine.dll' name 'EngineCreateUnpackerWindow'; - procedure EngineAddUnpackerWindowLogMessage(szLogMessage:PChar); stdcall; external 'TitanEngine.dll' name 'EngineAddUnpackerWindowLogMessage'; -{TitanEngine.Extension.functions} - function ExtensionManagerIsPluginLoaded(szPluginName:PAnsiChar):boolean; stdcall; external 'TitanEngine.dll' name 'ExtensionManagerIsPluginLoaded'; - function ExtensionManagerIsPluginEnabled(szPluginName:PAnsiChar):boolean; stdcall; external 'TitanEngine.dll' name 'ExtensionManagerIsPluginEnabled'; - function ExtensionManagerDisableAllPlugins():boolean; stdcall; external 'TitanEngine.dll' name 'ExtensionManagerDisableAllPlugins'; - function ExtensionManagerDisablePlugin(szPluginName:PAnsiChar):boolean; stdcall; external 'TitanEngine.dll' name 'ExtensionManagerDisablePlugin'; - function ExtensionManagerEnableAllPlugins():boolean; stdcall; external 'TitanEngine.dll' name 'ExtensionManagerEnableAllPlugins'; - function ExtensionManagerEnablePlugin(szPluginName:PAnsiChar):boolean; stdcall; external 'TitanEngine.dll' name 'ExtensionManagerEnablePlugin'; - function ExtensionManagerUnloadAllPlugins():boolean; stdcall; external 'TitanEngine.dll' name 'ExtensionManagerUnloadAllPlugins'; - function ExtensionManagerUnloadPlugin(szPluginName:PAnsiChar):boolean; stdcall; external 'TitanEngine.dll' name 'ExtensionManagerUnloadPlugin'; - function ExtensionManagerGetPluginInfo(szPluginName:PAnsiChar):Pointer; stdcall; external 'TitanEngine.dll' name 'ExtensionManagerGetPluginInfo'; - -implementation - -end. diff --git a/SDK/LUA/TitanEngine.lua b/SDK/LUA/TitanEngine.lua deleted file mode 100644 index 4faaad8..0000000 --- a/SDK/LUA/TitanEngine.lua +++ /dev/null @@ -1,1477 +0,0 @@ -require 'alien' -local TitanEngine = alien.load 'TitanEngine.dll' -local SystemKernel = alien.load 'kernel32.dll' - --- --- --- TitanEngine 2.0.3 LUA SDK / www.reversinglabs.com --- --- - --- Windows.Constants: - -MAX_PATH = 260 - --- Global.Constant.Structure.Declaration: --- Engine.External: -UE_ACCESS_READ = 0 -UE_ACCESS_WRITE = 1 -UE_ACCESS_ALL = 2 - -UE_HIDE_BASIC = 1 - -UE_PLUGIN_CALL_REASON_PREDEBUG = 1 -UE_PLUGIN_CALL_REASON_EXCEPTION = 2 -UE_PLUGIN_CALL_REASON_POSTDEBUG = 3 - -TEE_HOOK_NRM_JUMP = 1 -TEE_HOOK_NRM_CALL = 3 -TEE_HOOK_IAT = 5 - -UE_ENGINE_ALOW_MODULE_LOADING = 1 -UE_ENGINE_AUTOFIX_FORWARDERS = 2 -UE_ENGINE_PASS_ALL_EXCEPTIONS = 3 -UE_ENGINE_NO_CONSOLE_WINDOW = 4 -UE_ENGINE_BACKUP_FOR_CRITICAL_FUNCTIONS = 5 -UE_ENGINE_CALL_PLUGIN_CALLBACK = 6 -UE_ENGINE_RESET_CUSTOM_HANDLER = 7 -UE_ENGINE_CALL_PLUGIN_DEBUG_CALLBACK = 8 -UE_ENGINE_SET_DEBUG_PRIVILEGE = 9 -UE_ENGINE_SAFE_ATTACH = 10 - -UE_OPTION_REMOVEALL = 1 -UE_OPTION_DISABLEALL = 2 -UE_OPTION_REMOVEALLDISABLED = 3 -UE_OPTION_REMOVEALLENABLED = 4 - -UE_STATIC_DECRYPTOR_XOR = 1 -UE_STATIC_DECRYPTOR_SUB = 2 -UE_STATIC_DECRYPTOR_ADD = 3 - -UE_STATIC_DECRYPTOR_FOREWARD = 1 -UE_STATIC_DECRYPTOR_BACKWARD = 2 - -UE_STATIC_KEY_SIZE_1 = 1 -UE_STATIC_KEY_SIZE_2 = 2 -UE_STATIC_KEY_SIZE_4 = 4 -UE_STATIC_KEY_SIZE_8 = 8 - -UE_STATIC_APLIB = 1 -UE_STATIC_APLIB_DEPACK = 2 -UE_STATIC_LZMA = 3 - -UE_STATIC_HASH_MD5 = 1 -UE_STATIC_HASH_SHA1 = 2 -UE_STATIC_HASH_CRC32 = 3 - -UE_RESOURCE_LANGUAGE_ANY = -1 - -UE_PE_OFFSET = 0 -UE_IMAGEBASE = 1 -UE_OEP = 2 -UE_SIZEOFIMAGE = 3 -UE_SIZEOFHEADERS = 4 -UE_SIZEOFOPTIONALHEADER = 5 -UE_SECTIONALIGNMENT = 6 -UE_IMPORTTABLEADDRESS = 7 -UE_IMPORTTABLESIZE = 8 -UE_RESOURCETABLEADDRESS = 9 -UE_RESOURCETABLESIZE = 10 -UE_EXPORTTABLEADDRESS = 11 -UE_EXPORTTABLESIZE = 12 -UE_TLSTABLEADDRESS = 13 -UE_TLSTABLESIZE = 14 -UE_RELOCATIONTABLEADDRESS = 15 -UE_RELOCATIONTABLESIZE = 16 -UE_TIMEDATESTAMP = 17 -UE_SECTIONNUMBER = 18 -UE_CHECKSUM = 19 -UE_SUBSYSTEM = 20 -UE_CHARACTERISTICS = 21 -UE_NUMBEROFRVAANDSIZES = 22 -UE_SECTIONNAME = 23 -UE_SECTIONVIRTUALOFFSET = 24 -UE_SECTIONVIRTUALSIZE = 25 -UE_SECTIONRAWOFFSET = 26 -UE_SECTIONRAWSIZE = 27 -UE_SECTIONFLAGS = 28 - -UE_CH_BREAKPOINT = 1 -UE_CH_SINGLESTEP = 2 -UE_CH_ACCESSVIOLATION = 3 -UE_CH_ILLEGALINSTRUCTION = 4 -UE_CH_NONCONTINUABLEEXCEPTION = 5 -UE_CH_ARRAYBOUNDSEXCEPTION = 6 -UE_CH_FLOATDENORMALOPERAND = 7 -UE_CH_FLOATDEVIDEBYZERO = 8 -UE_CH_INTEGERDEVIDEBYZERO = 9 -UE_CH_INTEGEROVERFLOW = 10 -UE_CH_PRIVILEGEDINSTRUCTION = 11 -UE_CH_PAGEGUARD = 12 -UE_CH_EVERYTHINGELSE = 13 -UE_CH_CREATETHREAD = 14 -UE_CH_EXITTHREAD = 15 -UE_CH_CREATEPROCESS = 16 -UE_CH_EXITPROCESS = 17 -UE_CH_LOADDLL = 18 -UE_CH_UNLOADDLL = 19 -UE_CH_OUTPUTDEBUGSTRING = 20 -UE_CH_AFTEREXCEPTIONPROCESSING = 21 -UE_CH_SYSTEMBREAKPOINT = 23 -UE_CH_UNHANDLEDEXCEPTION = 24 -UE_CH_RIPEVENT = 25 -UE_CH_DEBUGEVENT = 26 - -UE_OPTION_HANDLER_RETURN_HANDLECOUNT = 1 -UE_OPTION_HANDLER_RETURN_ACCESS = 2 -UE_OPTION_HANDLER_RETURN_FLAGS = 3 -UE_OPTION_HANDLER_RETURN_TYPENAME = 4 - -UE_BREAKPOINT_INT3 = 1 -UE_BREAKPOINT_LONG_INT3 = 2 -UE_BREAKPOINT_UD2 = 3 - -UE_BPXREMOVED = 0 -UE_BPXACTIVE = 1 -UE_BPXINACTIVE = 2 - -UE_BREAKPOINT = 0 -UE_SINGLESHOOT = 1 -UE_HARDWARE = 2 -UE_MEMORY = 3 -UE_MEMORY_READ = 4 -UE_MEMORY_WRITE = 5 -UE_MEMORY_EXECUTE = 6 -UE_BREAKPOINT_TYPE_INT3 = 0x10000000 -UE_BREAKPOINT_TYPE_LONG_INT3 = 0x20000000 -UE_BREAKPOINT_TYPE_UD2 = 0x30000000 - -UE_HARDWARE_EXECUTE = 4 -UE_HARDWARE_WRITE = 5 -UE_HARDWARE_READWRITE = 6 - -UE_HARDWARE_SIZE_1 = 7 -UE_HARDWARE_SIZE_2 = 8 -UE_HARDWARE_SIZE_4 = 9 - -UE_ON_LIB_LOAD = 1 -UE_ON_LIB_UNLOAD = 2 -UE_ON_LIB_ALL = 3 - -UE_APISTART = 0 -UE_APIEND = 1 - -UE_PLATFORM_x86 = 1 -UE_PLATFORM_x64 = 2 -UE_PLATFORM_ALL = 3 - -UE_FUNCTION_STDCALL = 1 -UE_FUNCTION_CCALL = 2 -UE_FUNCTION_FASTCALL = 3 -UE_FUNCTION_STDCALL_RET = 4 -UE_FUNCTION_CCALL_RET = 5 -UE_FUNCTION_FASTCALL_RET = 6 -UE_FUNCTION_STDCALL_CALL = 7 -UE_FUNCTION_CCALL_CALL = 8 -UE_FUNCTION_FASTCALL_CALL = 9 -UE_PARAMETER_BYTE = 0 -UE_PARAMETER_WORD = 1 -UE_PARAMETER_DWORD = 2 -UE_PARAMETER_QWORD = 3 -UE_PARAMETER_PTR_BYTE = 4 -UE_PARAMETER_PTR_WORD = 5 -UE_PARAMETER_PTR_DWORD = 6 -UE_PARAMETER_PTR_QWORD = 7 -UE_PARAMETER_STRING = 8 -UE_PARAMETER_UNICODE = 9 - -UE_EAX = 1 -UE_EBX = 2 -UE_ECX = 3 -UE_EDX = 4 -UE_EDI = 5 -UE_ESI = 6 -UE_EBP = 7 -UE_ESP = 8 -UE_EIP = 9 -UE_EFLAGS = 10 -UE_DR0 = 11 -UE_DR1 = 12 -UE_DR2 = 13 -UE_DR3 = 14 -UE_DR6 = 15 -UE_DR7 = 16 -UE_RAX = 17 -UE_RBX = 18 -UE_RCX = 19 -UE_RDX = 20 -UE_RDI = 21 -UE_RSI = 22 -UE_RBP = 23 -UE_RSP = 24 -UE_RIP = 25 -UE_RFLAGS = 26 -UE_R8 = 27 -UE_R9 = 28 -UE_R10 = 29 -UE_R11 = 30 -UE_R12 = 31 -UE_R13 = 32 -UE_R14 = 33 -UE_R15 = 34 -UE_CIP = 35 -UE_CSP = 36 -UE_SEG_GS = 37 -UE_SEG_FS = 38 -UE_SEG_ES = 39 -UE_SEG_DS = 40 -UE_SEG_CS = 41 -UE_SEG_SS = 42 - -PE32Struct = alien.defstruct{ - { "PE32Offset", "long" }, - { "ImageBase", "long" }, - { "OriginalEntryPoint", "long" }, - { "NtSizeOfImage", "long" }, - { "NtSizeOfHeaders", "long" }, - { "SizeOfOptionalHeaders", "short" }, - { "FileAlignment", "long" }, - { "SectionAligment", "long" }, - { "ImportTableAddress", "long" }, - { "ImportTableSize", "long" }, - { "ResourceTableAddress", "long" }, - { "ResourceTableSize", "long" }, - { "ExportTableAddress", "long" }, - { "ExportTableSize", "long" }, - { "TLSTableAddress", "long" }, - { "TLSTableSize", "long" }, - { "RelocationTableAddress", "long" }, - { "RelocationTableSize", "long" }, - { "TimeDateStamp", "long" }, - { "SectionNumber", "short" }, - { "CheckSum", "long" }, - { "SubSystem", "short" }, - { "Characteristics", "short" }, - { "NumberOfRvaAndSizes", "long" } -} - -ImportEnumData = alien.defstruct{ - { "NewDll", "byte"}, - { "NumberOfImports", "long"}, - { "ImageBase", "long"}, - { "BaseImportThunk", "long"}, - { "ImportThunk", "long"}, - { "APIName", "string"}, - { "DLLName", "string"} -} - -THREAD_ITEM_DATA = alien.defstruct{ - { "hThread", "long" }, - { "dwThreadId", "long" }, - { "ThreadStartAddress", "long" }, - { "ThreadLocalBase", "long" } -} - -LIBRARY_ITEM_DATA = alien.defstruct{ - { "hFile", "long" }, - { "BaseOfDll", "long" }, - { "hFileMapping", "long" }, - { "hFileMappingView", "long" }, - { "additionalFields", "char" } -} -LIBRARY_ITEM_DATA.size = LIBRARY_ITEM_DATA.size + 2 * MAX_PATH - 1 - --- Auxiliary LUA functions -function LibraryItemData_GetLibraryPath(lid) - local out = {} - local offset = lid.offsets.additionalFields - local buf = lf() - for i = offset, offset+MAX_PATH-1 do - local c = buf:get(i, "char") - if c ~= 0 then - out[#out+1] = string.char(c) - else - break - end - end - return table.concat(out) -end - -function LibraryItemData_GetLibraryName(lid) - local out = {} - local offset = lid.offsets.additionalFields + MAX_PATH - local buf = lf() - for i = offset, offset+MAX_PATH-1 do - local c = buf:get(i, "char") - if c ~= 0 then - out[#out+1] = string.char(c) - else - break - end - end - return table.concat(out) -end --- Auxiliary LUA functions - -PROCESS_ITEM_DATA = alien.defstruct{ - { "hProcess", "long" }, - { "dwProcessId", "long" }, - { "hThread", "long" }, - { "dwThreadId", "long" }, - { "hFile", "long" }, - { "BaseOfImage", "long" }, - { "ThreadStartAddress", "long" }, - { "ThreadLocalBase", "long" } -} - -HandlerArray = alien.defstruct{ - { "ProcessId", "long" }, - { "hHandle", "long" } -} - -PluginInformation = alien.defstruct{ - { "PluginName", "byte" }, - { "PluginMajorVersion", "long" }, - { "PluginMinorVersion", "long" }, - { "PluginBaseAddress", "long" }, - { "TitanDebuggingCallBack", "long" }, - { "TitanRegisterPlugin", "long" }, - { "TitanReleasePlugin", "long" }, - { "TitanResetPlugin", "long" }, - { "PluginDisabled", "byte" } -} - -TEE_MAXIMUM_HOOK_SIZE = 14 -TEE_MAXIMUM_HOOK_RELOCS = 7 - -UE_DEPTH_SURFACE = 0 -UE_DEPTH_DEEP = 1 - -UE_UNPACKER_CONDITION_SEARCH_FROM_EP = 1 - -UE_UNPACKER_CONDITION_LOADLIBRARY = 1 -UE_UNPACKER_CONDITION_GETPROCADDRESS = 2 -UE_UNPACKER_CONDITION_ENTRYPOINTBREAK = 3 -UE_UNPACKER_CONDITION_RELOCSNAPSHOT1 = 4 -UE_UNPACKER_CONDITION_RELOCSNAPSHOT2 = 5 - -UE_FIELD_OK = 0 -UE_FIELD_BROKEN_NON_FIXABLE = 1 -UE_FIELD_BROKEN_NON_CRITICAL = 2 -UE_FIELD_BROKEN_FIXABLE_FOR_STATIC_USE = 3 -UE_FIELD_BROKEN_BUT_CAN_BE_EMULATED = 4 -UE_FIELD_FIXABLE_NON_CRITICAL = 5 -UE_FILED_FIXABLE_CRITICAL = 6 -UE_FIELD_NOT_PRESET = 7 -UE_FIELD_NOT_PRESET_WARNING = 8 - -UE_RESULT_FILE_OK = 10 -UE_RESULT_FILE_INVALID_BUT_FIXABLE = 11 -UE_RESULT_FILE_INVALID_AND_NON_FIXABLE = 12 -UE_RESULT_FILE_INVALID_FORMAT = 13 - -FILE_STATUS_INFO = alien.defstruct{ - { "OveralEvaluation", "byte" }, - { "EvaluationTerminatedByException", "byte" }, - { "FileIs64Bit", "byte" }, - { "FileIsDLL", "byte" }, - { "FileIsConsole", "byte" }, - { "MissingDependencies", "byte" }, - { "MissingDeclaredAPIs", "byte" }, - { "SignatureMZ", "byte" }, - { "SignaturePE", "byte" }, - { "EntryPoint", "byte" }, - { "ImageBase", "byte" }, - { "SizeOfImage", "byte" }, - { "FileAlignment", "byte" }, - { "SectionAlignment", "byte" }, - { "ExportTable", "byte" }, - { "RelocationTable", "byte" }, - { "ImportTable", "byte" }, - { "ImportTableSection", "byte" }, - { "ImportTableData", "byte" }, - { "IATTable", "byte" }, - { "TLSTable", "byte" }, - { "LoadConfigTable", "byte" }, - { "BoundImportTable", "byte" }, - { "COMHeaderTable", "byte" }, - { "ResourceTable", "byte" }, - { "ResourceData", "byte" }, - { "SectionTable", "byte" } -} - -FILE_FIX_INFO = alien.defstruct{ - { "OveralEvaluation", "byte" }, - { "FixingTerminatedByException", "byte" }, - { "FileFixPerformed", "byte" }, - { "StrippedRelocation", "byte" }, - { "DontFixRelocations", "byte" }, - { "OriginalRelocationTableAddress", "long" }, - { "OriginalRelocationTableSize", "long" }, - { "StrippedExports", "byte" }, - { "DontFixExports", "byte" }, - { "OriginalExportTableAddress", "long" }, - { "OriginalExportTableSize", "long" }, - { "StrippedResources", "byte" }, - { "DontFixResources", "byte" }, - { "OriginalResourceTableAddress", "long" }, - { "OriginalResourceTableSize", "long" }, - { "StrippedTLS", "byte" }, - { "DontFixTLS", "byte" }, - { "OriginalTLSTableAddress", "long" }, - { "OriginalTLSTableSize", "long" }, - { "StrippedLoadConfig", "byte" }, - { "DontFixLoadConfig", "byte" }, - { "OriginalLoadConfigTableAddress", "long" }, - { "OriginalLoadConfigTableSize", "long" }, - { "StrippedBoundImports", "byte" }, - { "DontFixBoundImports", "byte" }, - { "OriginalBoundImportTableAddress", "long" }, - { "OriginalBoundImportTableSize", "long" }, - { "StrippedIAT", "byte" }, - { "DontFixIAT", "byte" }, - { "OriginalImportAddressTableAddress", "long" }, - { "OriginalImportAddressTableSize", "long" }, - { "StrippedCOM", "byte" }, - { "DontFixCOM", "byte" }, - { "OriginalCOMTableAddress", "long" }, - { "OriginalCOMTableSize", "long" } -} - --- Global.UtilFunction.Declaration: - SystemKernel.CopyFileA:types {"string","string","long",abi="stdcall",ret="byte"} - TE_CopyFileA = SystemKernel.CopyFileA - SystemKernel.DeleteFileA:types {"string",abi="stdcall",ret="byte"} - TE_DeleteFileA = SystemKernel.DeleteFileA - SystemKernel.RtlMoveMemory:types {"pointer","pointer","long",abi="stdcall"} - TE_RtlMoveMemory = SystemKernel.RtlMoveMemory - SystemKernel.RtlZeroMemory:types {"pointer","long",abi="stdcall"} - TE_RtlZeroMemory = SystemKernel.RtlZeroMemory - SystemKernel.FreeLibrary:types {"long",abi="stdcall",ret="byte"} - TE_FreeLibrary = SystemKernel.FreeLibrary - --- Global.UtilStructure.Declaration: -PROCESS_INFORMATION = alien.defstruct{ - { "hProcess", "long" }, - { "hThread", "long" }, - { "dwProcessId", "long" }, - { "dwThreadId", "long" } -} - --- Global.UtilVariable.Declaration: - TE_TRUE = 1 - TE_FALSE = 0 - --- Global.Function.Declaration: --- --- TitanEngine.Dumper.functions: --- --- __declspec(dllexport) bool __stdcall DumpProcess(HANDLE hProcess, LPVOID ImageBase, char* szDumpFileName, ULONG_PTR EntryPoint); - TitanEngine.DumpProcess:types {"long","long","string","long",abi="stdcall",ret="byte"} - TE_DumpProcess = TitanEngine.DumpProcess --- __declspec(dllexport) bool __stdcall DumpProcessEx(DWORD ProcessId, LPVOID ImageBase, char* szDumpFileName, ULONG_PTR EntryPoint); - TitanEngine.DumpProcessEx:types {"long","long","string","long",abi="stdcall",ret="byte"} - TE_DumpProcessEx = TitanEngine.DumpProcessEx --- __declspec(dllexport) bool __stdcall DumpMemory(HANDLE hProcess, LPVOID MemoryStart, ULONG_PTR MemorySize, char* szDumpFileName); - TitanEngine.DumpMemory:types {"long","long","long","string",abi="stdcall",ret="byte"} - TE_DumpMemory = TitanEngine.DumpMemory --- __declspec(dllexport) bool __stdcall DumpMemoryEx(DWORD ProcessId, LPVOID MemoryStart, ULONG_PTR MemorySize, char* szDumpFileName); - TitanEngine.DumpMemoryEx:types {"long","long","long","string",abi="stdcall",ret="byte"} - TE_DumpMemoryEx = TitanEngine.DumpMemoryEx --- __declspec(dllexport) bool __stdcall DumpRegions(HANDLE hProcess, char* szDumpFolder, bool DumpAboveImageBaseOnly); - TitanEngine.DumpRegions:types {"long","string","long",abi="stdcall",ret="byte"} - TE_DumpRegions = TitanEngine.DumpRegions --- __declspec(dllexport) bool __stdcall DumpRegionsEx(DWORD ProcessId, char* szDumpFolder, bool DumpAboveImageBaseOnly); - TitanEngine.DumpRegionsEx:types {"long","string","long",abi="stdcall",ret="byte"} - TE_DumpRegionsEx = TitanEngine.DumpRegionsEx --- __declspec(dllexport) bool __stdcall DumpModule(HANDLE hProcess, LPVOID ModuleBase, char* szDumpFileName); - TitanEngine.DumpModule:types {"long","long","string",abi="stdcall",ret="byte"} - TE_DumpModule = TitanEngine.DumpModule --- __declspec(dllexport) bool __stdcall DumpModuleEx(DWORD ProcessId, LPVOID ModuleBase, char* szDumpFileName); - TitanEngine.DumpModuleEx:types {"long","long","string",abi="stdcall",ret="byte"} - TE_DumpModuleEx = TitanEngine.DumpModuleEx --- __declspec(dllexport) bool __stdcall PastePEHeader(HANDLE hProcess, LPVOID ImageBase, char* szDebuggedFileName); - TitanEngine.PastePEHeader:types {"long","long","string",abi="stdcall",ret="byte"} - TE_PastePEHeader = TitanEngine.PastePEHeader --- __declspec(dllexport) bool __stdcall ExtractSection(char* szFileName, char* szDumpFileName, DWORD SectionNumber); - TitanEngine.ExtractSection:types {"string","string","long",abi="stdcall",ret="byte"} - TE_ExtractSection = TitanEngine.ExtractSection --- __declspec(dllexport) bool __stdcall ResortFileSections(char* szFileName); - TitanEngine.ResortFileSections:types {"string",abi="stdcall",ret="byte"} - TE_ResortFileSections = TitanEngine.ResortFileSections --- __declspec(dllexport) bool __stdcall FindOverlay(char* szFileName, LPDWORD OverlayStart, LPDWORD OverlaySize); - TitanEngine.FindOverlay:types {"string","pointer","pointer",abi="stdcall",ret="byte"} - TE_FindOverlay = TitanEngine.FindOverlay --- __declspec(dllexport) bool __stdcall ExtractOverlay(char* szFileName, char* szExtactedFileName); - TitanEngine.ExtractOverlay:types {"string","string",abi="stdcall",ret="byte"} - TE_ExtractOverlay = TitanEngine.ExtractOverlay --- __declspec(dllexport) bool __stdcall AddOverlay(char* szFileName, char* szOverlayFileName); - TitanEngine.AddOverlay:types {"string","string",abi="stdcall",ret="byte"} - TE_AddOverlay = TitanEngine.AddOverlay --- __declspec(dllexport) bool __stdcall CopyOverlay(char* szInFileName, char* szOutFileName); - TitanEngine.CopyOverlay:types {"string","string",abi="stdcall",ret="byte"} - TE_CopyOverlay = TitanEngine.CopyOverlay --- __declspec(dllexport) bool __stdcall RemoveOverlay(char* szFileName); - TitanEngine.RemoveOverlay:types {"string",abi="stdcall",ret="byte"} - TE_RemoveOverlay = TitanEngine.RemoveOverlay --- __declspec(dllexport) bool __stdcall MakeAllSectionsRWE(char* szFileName); - TitanEngine.MakeAllSectionsRWE:types {"string",abi="stdcall",ret="byte"} - TE_MakeAllSectionsRWE = TitanEngine.MakeAllSectionsRWE --- __declspec(dllexport) long __stdcall AddNewSectionEx(char* szFileName, char* szSectionName, DWORD SectionSize, DWORD SectionAttributes, LPVOID SectionContent, DWORD ContentSize); - TitanEngine.AddNewSectionEx:types {"string","string","long","long","pointer","long",abi="stdcall",ret="long"} - TE_AddNewSectionEx = TitanEngine.AddNewSectionEx --- __declspec(dllexport) long __stdcall AddNewSection(char* szFileName, char* szSectionName, DWORD SectionSize); - TitanEngine.AddNewSection:types {"string","string","long",abi="stdcall",ret="long"} - TE_AddNewSection = TitanEngine.AddNewSection --- __declspec(dllexport) bool __stdcall ResizeLastSection(char* szFileName, DWORD NumberOfExpandBytes, bool AlignResizeData); - TitanEngine.ResizeLastSection:types {"string","long","long",abi="stdcall",ret="byte"} - TE_ResizeLastSection = TitanEngine.ResizeLastSection --- __declspec(dllexport) void __stdcall SetSharedOverlay(char* szFileName); - TitanEngine.SetSharedOverlay:types {"string",abi="stdcall"} - TE_SetSharedOverlay = TitanEngine.SetSharedOverlay --- __declspec(dllexport) char* __stdcall GetSharedOverlay(); - TitanEngine.GetSharedOverlay:types {abi="stdcall",ret="string"} - TE_GetSharedOverlay = TitanEngine.GetSharedOverlay --- __declspec(dllexport) bool __stdcall DeleteLastSection(char* szFileName); - TitanEngine.DeleteLastSection:types {"string",abi="stdcall",ret="byte"} - TE_DeleteLastSection = TitanEngine.DeleteLastSection --- __declspec(dllexport) bool __stdcall DeleteLastSectionEx(char* szFileName, DWORD NumberOfSections); - TitanEngine.DeleteLastSectionEx:types {"string","long",abi="stdcall",ret="byte"} - TE_DeleteLastSectionEx = TitanEngine.DeleteLastSectionEx --- __declspec(dllexport) long long __stdcall GetPE32DataFromMappedFile(ULONG_PTR FileMapVA, DWORD WhichSection, DWORD WhichData); - TitanEngine.GetPE32DataFromMappedFile:types {"long","long","long",abi="stdcall",ret="long"} - TE_GetPE32DataFromMappedFile = TitanEngine.GetPE32DataFromMappedFile --- __declspec(dllexport) long long __stdcall GetPE32Data(char* szFileName, DWORD WhichSection, DWORD WhichData); - TitanEngine.GetPE32Data:types {"string","long","long",abi="stdcall",ret="long"} - TE_GetPE32Data = TitanEngine.GetPE32Data --- __declspec(dllexport) bool __stdcall GetPE32DataFromMappedFileEx(ULONG_PTR FileMapVA, LPVOID DataStorage); - TitanEngine.GetPE32DataFromMappedFileEx:types {"long","pointer",abi="stdcall",ret="byte"} - TE_GetPE32DataFromMappedFileEx = TitanEngine.GetPE32DataFromMappedFileEx --- __declspec(dllexport) bool __stdcall GetPE32DataEx(char* szFileName, LPVOID DataStorage); - TitanEngine.GetPE32DataEx:types {"string","pointer",abi="stdcall",ret="byte"} - TE_GetPE32DataEx = TitanEngine.GetPE32DataEx --- __declspec(dllexport) bool __stdcall SetPE32DataForMappedFile(ULONG_PTR FileMapVA, DWORD WhichSection, DWORD WhichData, ULONG_PTR NewDataValue); - TitanEngine.SetPE32DataForMappedFile:types {"long","long","long","long",abi="stdcall",ret="byte"} - TE_SetPE32DataForMappedFile = TitanEngine.SetPE32DataForMappedFile --- __declspec(dllexport) bool __stdcall SetPE32Data(char* szFileName, DWORD WhichSection, DWORD WhichData, ULONG_PTR NewDataValue); - TitanEngine.SetPE32Data:types {"string","long","long","long",abi="stdcall",ret="byte"} - TE_SetPE32Data = TitanEngine.SetPE32Data --- __declspec(dllexport) bool __stdcall SetPE32DataForMappedFileEx(ULONG_PTR FileMapVA, LPVOID DataStorage); - TitanEngine.SetPE32DataForMappedFileEx:types {"long","pointer",abi="stdcall",ret="byte"} - TE_SetPE32DataForMappedFileEx = TitanEngine.SetPE32DataForMappedFileEx --- __declspec(dllexport) bool __stdcall SetPE32DataEx(char* szFileName, LPVOID DataStorage); - TitanEngine.SetPE32DataEx:types {"string","pointer",abi="stdcall",ret="byte"} - TE_SetPE32DataEx = TitanEngine.SetPE32DataEx --- __declspec(dllexport) long __stdcall GetPE32SectionNumberFromVA(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert); - TitanEngine.GetPE32SectionNumberFromVA:types {"long","long",abi="stdcall",ret="long"} - TE_GetPE32SectionNumberFromVA = TitanEngine.GetPE32SectionNumberFromVA --- __declspec(dllexport) long long __stdcall ConvertVAtoFileOffset(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType); - TitanEngine.ConvertVAtoFileOffset:types {"long","long","long",abi="stdcall",ret="long"} - TE_ConvertVAtoFileOffset = TitanEngine.ConvertVAtoFileOffset --- __declspec(dllexport) long long __stdcall ConvertVAtoFileOffsetEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool AddressIsRVA, bool ReturnType); - TitanEngine.ConvertVAtoFileOffsetEx:types {"long","long","long","long","long","long",abi="stdcall",ret="long"} - TE_ConvertVAtoFileOffsetEx = TitanEngine.ConvertVAtoFileOffsetEx --- __declspec(dllexport) long long __stdcall ConvertFileOffsetToVA(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType); - TitanEngine.ConvertFileOffsetToVA:types {"long","long","long",abi="stdcall",ret="long"} - TE_ConvertFileOffsetToVA = TitanEngine.ConvertFileOffsetToVA --- __declspec(dllexport) long long __stdcall ConvertFileOffsetToVAEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool ReturnType); - TitanEngine.ConvertFileOffsetToVAEx:types {"long","long","long","long","long",abi="stdcall",ret="long"} - TE_ConvertFileOffsetToVAEx = TitanEngine.ConvertFileOffsetToVAEx --- --- TitanEngine.Realigner.functions: --- --- __declspec(dllexport) bool __stdcall FixHeaderCheckSum(char* szFileName); - TitanEngine.FixHeaderCheckSum:types {"string",abi="stdcall",ret="byte"} - TE_FixHeaderCheckSum = TitanEngine.FixHeaderCheckSum --- __declspec(dllexport) long __stdcall RealignPE(ULONG_PTR FileMapVA, DWORD FileSize, DWORD RealingMode); - TitanEngine.RealignPE:types {"long","long","long",abi="stdcall",ret="long"} - TE_RealignPE = TitanEngine.RealignPE --- __declspec(dllexport) long __stdcall RealignPEEx(char* szFileName, DWORD RealingFileSize, DWORD ForcedFileAlignment); - TitanEngine.RealignPEEx:types {"string","long","long",abi="stdcall",ret="long"} - TE_RealignPEEx = TitanEngine.RealignPEEx --- __declspec(dllexport) bool __stdcall WipeSection(char* szFileName, int WipeSectionNumber, bool RemovePhysically); - TitanEngine.WipeSection:types {"string","long","long",abi="stdcall",ret="byte"} - TE_WipeSection = TitanEngine.WipeSection --- __declspec(dllexport) bool __stdcall IsPE32FileValidEx(char* szFileName, DWORD CheckDepth, LPVOID FileStatusInfo); - TitanEngine.IsPE32FileValidEx:types {"string","long","pointer",abi="stdcall",ret="byte"} - TE_IsPE32FileValidEx = TitanEngine.IsPE32FileValidEx --- __declspec(dllexport) bool __stdcall FixBrokenPE32FileEx(char* szFileName, LPVOID FileStatusInfo, LPVOID FileFixInfo); - TitanEngine.FixBrokenPE32FileEx:types {"string","pointer","pointer",abi="stdcall",ret="byte"} - TE_FixBrokenPE32FileEx = TitanEngine.FixBrokenPE32FileEx --- __declspec(dllexport) bool __stdcall IsFileDLL(char* szFileName, ULONG_PTR FileMapVA); - TitanEngine.IsFileDLL:types {"string","long",abi="stdcall",ret="byte"} - TE_IsFileDLL = TitanEngine.IsFileDLL --- --- TitanEngine.Hider.functions: --- --- __declspec(dllexport) void* __stdcall GetPEBLocation(HANDLE hProcess); - TitanEngine.GetPEBLocation:types {"long",abi="stdcall",ret="pointer"} - TE_GetPEBLocation = TitanEngine.GetPEBLocation --- __declspec(dllexport) void* __stdcall GetPEBLocation64(HANDLE hProcess); - TitanEngine.GetPEBLocation64:types {"long",abi="stdcall",ret="pointer"} - TE_GetPEBLocation64 = TitanEngine.GetPEBLocation64 --- __declspec(dllexport) bool __stdcall HideDebugger(HANDLE hProcess, DWORD PatchAPILevel); - TitanEngine.HideDebugger:types {"long","long",abi="stdcall",ret="byte"} - TE_HideDebugger = TitanEngine.HideDebugger --- __declspec(dllexport) bool __stdcall UnHideDebugger(HANDLE hProcess, DWORD PatchAPILevel); - TitanEngine.UnHideDebugger:types {"long","long",abi="stdcall",ret="byte"} - TE_UnHideDebugger = TitanEngine.UnHideDebugger --- --- TitanEngine.Relocater.functions: --- --- __declspec(dllexport) void __stdcall RelocaterCleanup(); - TitanEngine.RelocaterCleanup:types {abi="stdcall"} - TE_RelocaterCleanup = TitanEngine.RelocaterCleanup --- __declspec(dllexport) void __stdcall RelocaterInit(DWORD MemorySize, ULONG_PTR OldImageBase, ULONG_PTR NewImageBase); - TitanEngine.RelocaterInit:types {"long","long","long",abi="stdcall"} - TE_RelocaterInit = TitanEngine.RelocaterInit --- __declspec(dllexport) void __stdcall RelocaterAddNewRelocation(HANDLE hProcess, ULONG_PTR RelocateAddress, DWORD RelocateState); - TitanEngine.RelocaterAddNewRelocation:types {"long","long","long",abi="stdcall"} - TE_RelocaterAddNewRelocation = TitanEngine.RelocaterAddNewRelocation --- __declspec(dllexport) long __stdcall RelocaterEstimatedSize(); - TitanEngine.RelocaterEstimatedSize:types {abi="stdcall",ret="long"} - TE_RelocaterEstimatedSize = TitanEngine.RelocaterEstimatedSize --- __declspec(dllexport) bool __stdcall RelocaterExportRelocation(ULONG_PTR StorePlace, DWORD StorePlaceRVA, ULONG_PTR FileMapVA); - TitanEngine.RelocaterExportRelocation:types {"long","long","long",abi="stdcall",ret="byte"} - TE_RelocaterExportRelocation = TitanEngine.RelocaterExportRelocation --- __declspec(dllexport) bool __stdcall RelocaterExportRelocationEx(char* szFileName, char* szSectionName); - TitanEngine.RelocaterExportRelocationEx:types {"string","string",abi="stdcall",ret="byte"} - TE_RelocaterExportRelocationEx = TitanEngine.RelocaterExportRelocationEx --- __declspec(dllexport) bool __stdcall RelocaterGrabRelocationTable(HANDLE hProcess, ULONG_PTR MemoryStart, DWORD MemorySize); - TitanEngine.RelocaterGrabRelocationTable:types {"long","long","long",abi="stdcall",ret="byte"} - TE_RelocaterGrabRelocationTable = TitanEngine.RelocaterGrabRelocationTable --- __declspec(dllexport) bool __stdcall RelocaterGrabRelocationTableEx(HANDLE hProcess, ULONG_PTR MemoryStart, ULONG_PTR MemorySize, DWORD NtSizeOfImage); - TitanEngine.RelocaterGrabRelocationTableEx:types {"long","long","long","long",abi="stdcall",ret="byte"} - TE_RelocaterGrabRelocationTableEx = TitanEngine.RelocaterGrabRelocationTableEx --- __declspec(dllexport) bool __stdcall RelocaterMakeSnapshot(HANDLE hProcess, char* szSaveFileName, LPVOID MemoryStart, ULONG_PTR MemorySize); - TitanEngine.RelocaterMakeSnapshot:types {"long","string","long","long",abi="stdcall",ret="byte"} - TE_RelocaterMakeSnapshot = TitanEngine.RelocaterMakeSnapshot --- __declspec(dllexport) bool __stdcall RelocaterCompareTwoSnapshots(HANDLE hProcess, ULONG_PTR LoadedImageBase, ULONG_PTR NtSizeOfImage, char* szDumpFile1, char* szDumpFile2, ULONG_PTR MemStart); - TitanEngine.RelocaterCompareTwoSnapshots:types {"long","long","long","string","string","long",abi="stdcall",ret="byte"} - TE_RelocaterCompareTwoSnapshots = TitanEngine.RelocaterCompareTwoSnapshots --- __declspec(dllexport) bool __stdcall RelocaterChangeFileBase(char* szFileName, ULONG_PTR NewImageBase); - TitanEngine.RelocaterChangeFileBase:types {"string","long",abi="stdcall",ret="byte"} - TE_RelocaterChangeFileBase = TitanEngine.RelocaterChangeFileBase --- __declspec(dllexport) bool __stdcall RelocaterRelocateMemoryBlock(ULONG_PTR FileMapVA, ULONG_PTR MemoryLocation, void* RelocateMemory, DWORD RelocateMemorySize, ULONG_PTR CurrentLoadedBase, ULONG_PTR RelocateBase); - TitanEngine.RelocaterRelocateMemoryBlock:types {"long","long","long","long","long","long",abi="stdcall",ret="byte"} - TE_RelocaterRelocateMemoryBlock = TitanEngine.RelocaterRelocateMemoryBlock --- __declspec(dllexport) bool __stdcall RelocaterWipeRelocationTable(char* szFileName); - TitanEngine.RelocaterWipeRelocationTable:types {"string",abi="stdcall",ret="byte"} - TE_RelocaterWipeRelocationTable = TitanEngine.RelocaterWipeRelocationTable --- --- TitanEngine.Resourcer.functions: --- --- __declspec(dllexport) long long __stdcall ResourcerLoadFileForResourceUse(char* szFileName); - TitanEngine.ResourcerLoadFileForResourceUse:types {"string",abi="stdcall",ret="long"} - TE_ResourcerLoadFileForResourceUse = TitanEngine.ResourcerLoadFileForResourceUse --- __declspec(dllexport) bool __stdcall ResourcerFreeLoadedFile(LPVOID LoadedFileBase); - TitanEngine.ResourcerFreeLoadedFile:types {"long",abi="stdcall",ret="byte"} - TE_ResourcerFreeLoadedFile = TitanEngine.ResourcerFreeLoadedFile --- __declspec(dllexport) bool __stdcall ResourcerExtractResourceFromFileEx(ULONG_PTR FileMapVA, char* szResourceType, char* szResourceName, char* szExtractedFileName); - TitanEngine.ResourcerExtractResourceFromFileEx:types {"long","string","string","string",abi="stdcall",ret="byte"} - TE_ResourcerExtractResourceFromFileEx = TitanEngine.ResourcerExtractResourceFromFileEx --- __declspec(dllexport) bool __stdcall ResourcerExtractResourceFromFile(char* szFileName, char* szResourceType, char* szResourceName, char* szExtractedFileName); - TitanEngine.ResourcerExtractResourceFromFile:types {"string","string","string","string",abi="stdcall",ret="byte"} - TE_ResourcerExtractResourceFromFile = TitanEngine.ResourcerExtractResourceFromFile --- __declspec(dllexport) bool __stdcall ResourcerFindResource(char* szFileName, char* szResourceType, DWORD ResourceType, char* szResourceName, DWORD ResourceName, DWORD ResourceLanguage, PULONG_PTR pResourceData, LPDWORD pResourceSize); - TitanEngine.ResourcerFindResource:types {"string","string","long","string","long","long","pointer","pointer",abi="stdcall",ret="byte"} - TE_ResourcerFindResource = TitanEngine.ResourcerFindResource --- __declspec(dllexport) void __stdcall ResourcerEnumerateResource(char* szFileName, void* CallBack); - TitanEngine.ResourcerEnumerateResource:types {"string","callback",abi="stdcall"} - TE_ResourcerEnumerateResource = TitanEngine.ResourcerEnumerateResource --- __declspec(dllexport) void __stdcall ResourcerEnumerateResourceEx(ULONG_PTR FileMapVA, DWORD FileSize, void* CallBack); - TitanEngine.ResourcerEnumerateResourceEx:types {"long","long","callback",abi="stdcall"} - TE_ResourcerEnumerateResourceEx = TitanEngine.ResourcerEnumerateResourceEx --- CallBacks: --- typedef bool(__stdcall *fResourceEnumerator)(wchar_t* szResourceType, DWORD ResourceType, wchar_t* szResourceName, DWORD ResourceName, DWORD ResourceLanguage, DWORD ResourceData, DWORD ResourceSize); --- TE_ResourcerEnumerateResource_CB = alien.callback(YourFunctionHere, "pointer", "long", "pointer", "long", "long", "long", "long") --- TE_ResourcerEnumerateResourceEx_CB = alien.callback(YourFunctionHere, "pointer", "long", "pointer", "long", "long", "long", "long") --- --- TitanEngine.Threader.functions: --- --- __declspec(dllexport) bool __stdcall ThreaderImportRunningThreadData(DWORD ProcessId); - TitanEngine.ThreaderImportRunningThreadData:types {"long",abi="stdcall",ret="byte"} - TE_ThreaderImportRunningThreadData = TitanEngine.ThreaderImportRunningThreadData --- __declspec(dllexport) void* __stdcall ThreaderGetThreadInfo(HANDLE hThread, DWORD ThreadId); - TitanEngine.ThreaderGetThreadInfo:types {"long","long",abi="stdcall",ret="pointer"} - TE_ThreaderGetThreadInfo = TitanEngine.ThreaderGetThreadInfo --- __declspec(dllexport) void __stdcall ThreaderEnumThreadInfo(void* EnumCallBack); - TitanEngine.ThreaderEnumThreadInfo:types {"callback",abi="stdcall"} - TE_ThreaderEnumThreadInfo = TitanEngine.ThreaderEnumThreadInfo --- __declspec(dllexport) bool __stdcall ThreaderPauseThread(HANDLE hThread); - TitanEngine.ThreaderPauseThread:types {"long",abi="stdcall",ret="byte"} - TE_ThreaderPauseThread = TitanEngine.ThreaderPauseThread --- __declspec(dllexport) bool __stdcall ThreaderResumeThread(HANDLE hThread); - TitanEngine.ThreaderResumeThread:types {"long",abi="stdcall",ret="byte"} - TE_ThreaderResumeThread = TitanEngine.ThreaderResumeThread --- __declspec(dllexport) bool __stdcall ThreaderTerminateThread(HANDLE hThread, DWORD ThreadExitCode); - TitanEngine.ThreaderTerminateThread:types {"long","long",abi="stdcall",ret="byte"} - TE_ThreaderTerminateThread = TitanEngine.ThreaderTerminateThread --- __declspec(dllexport) bool __stdcall ThreaderPauseAllThreads(bool LeaveMainRunning); - TitanEngine.ThreaderPauseAllThreads:types {"long",abi="stdcall",ret="byte"} - TE_ThreaderPauseAllThreads = TitanEngine.ThreaderPauseAllThreads --- __declspec(dllexport) bool __stdcall ThreaderResumeAllThreads(bool LeaveMainPaused); - TitanEngine.ThreaderResumeAllThreads:types {"long",abi="stdcall",ret="byte"} - TE_ThreaderResumeAllThreads = TitanEngine.ThreaderResumeAllThreads --- __declspec(dllexport) bool __stdcall ThreaderPauseProcess(); - TitanEngine.ThreaderPauseProcess:types {abi="stdcall",ret="byte"} - TE_ThreaderPauseProcess = TitanEngine.ThreaderPauseProcess --- __declspec(dllexport) bool __stdcall ThreaderResumeProcess(); - TitanEngine.ThreaderResumeProcess:types {abi="stdcall",ret="byte"} - TE_ThreaderResumeProcess = TitanEngine.ThreaderResumeProcess --- __declspec(dllexport) long long __stdcall ThreaderCreateRemoteThread(ULONG_PTR ThreadStartAddress, bool AutoCloseTheHandle, LPVOID ThreadPassParameter, LPDWORD ThreadId); - TitanEngine.ThreaderCreateRemoteThread:types {"long","long","long","pointer",abi="stdcall",ret="long"} - TE_ThreaderCreateRemoteThread = TitanEngine.ThreaderCreateRemoteThread --- __declspec(dllexport) bool __stdcall ThreaderInjectAndExecuteCode(LPVOID InjectCode, DWORD StartDelta, DWORD InjectSize); - TitanEngine.ThreaderInjectAndExecuteCode:types {"pointer","long","long",abi="stdcall",ret="byte"} - TE_ThreaderInjectAndExecuteCode = TitanEngine.ThreaderInjectAndExecuteCode --- __declspec(dllexport) long long __stdcall ThreaderCreateRemoteThreadEx(HANDLE hProcess, ULONG_PTR ThreadStartAddress, bool AutoCloseTheHandle, LPVOID ThreadPassParameter, LPDWORD ThreadId); - TitanEngine.ThreaderCreateRemoteThreadEx:types {"long","long","long","long","pointer",abi="stdcall",ret="long"} - TE_ThreaderCreateRemoteThreadEx = TitanEngine.ThreaderCreateRemoteThreadEx --- __declspec(dllexport) bool __stdcall ThreaderInjectAndExecuteCodeEx(HANDLE hProcess, LPVOID InjectCode, DWORD StartDelta, DWORD InjectSize); - TitanEngine.ThreaderInjectAndExecuteCodeEx:types {"long","long","long","long",abi="stdcall",ret="byte"} - TE_ThreaderInjectAndExecuteCodeEx = TitanEngine.ThreaderInjectAndExecuteCodeEx --- __declspec(dllexport) void __stdcall ThreaderSetCallBackForNextExitThreadEvent(LPVOID exitThreadCallBack); - TitanEngine.ThreaderSetCallBackForNextExitThreadEvent:types {"callback",abi="stdcall"} - TE_ThreaderSetCallBackForNextExitThreadEvent = TitanEngine.ThreaderSetCallBackForNextExitThreadEvent --- __declspec(dllexport) bool __stdcall ThreaderIsThreadStillRunning(HANDLE hThread); - TitanEngine.ThreaderIsThreadStillRunning:types {"long",abi="stdcall",ret="byte"} - TE_ThreaderIsThreadStillRunning = TitanEngine.ThreaderIsThreadStillRunning --- __declspec(dllexport) bool __stdcall ThreaderIsThreadActive(HANDLE hThread); - TitanEngine.ThreaderIsThreadActive:types {"long",abi="stdcall",ret="byte"} - TE_ThreaderIsThreadActive = TitanEngine.ThreaderIsThreadActive --- __declspec(dllexport) bool __stdcall ThreaderIsAnyThreadActive(); - TitanEngine.ThreaderIsAnyThreadActive:types {abi="stdcall",ret="byte"} - TE_ThreaderIsAnyThreadActive = TitanEngine.ThreaderIsAnyThreadActive --- __declspec(dllexport) bool __stdcall ThreaderExecuteOnlyInjectedThreads(); - TitanEngine.ThreaderExecuteOnlyInjectedThreads:types {abi="stdcall",ret="byte"} - TE_ThreaderExecuteOnlyInjectedThreads = TitanEngine.ThreaderExecuteOnlyInjectedThreads --- __declspec(dllexport) long long __stdcall ThreaderGetOpenHandleForThread(DWORD ThreadId); - TitanEngine.ThreaderGetOpenHandleForThread:types {"long",abi="stdcall",ret="long"} - TE_ThreaderGetOpenHandleForThread = TitanEngine.ThreaderGetOpenHandleForThread --- __declspec(dllexport) bool __stdcall ThreaderIsExceptionInMainThread(); - TitanEngine.ThreaderIsExceptionInMainThread:types {abi="stdcall",ret="byte"} - TE_ThreaderIsExceptionInMainThread = TitanEngine.ThreaderIsExceptionInMainThread --- CallBacks: --- typedef void(__stdcall *fEnumCallBack)(LPVOID fThreadDetail); --- TE_ThreaderEnumThreadInfo_CB = alien.callback(YourFunctionHere, "pointer", abi = "stdcall") --- typedef void(__stdcall *fCustomHandler)(void* SpecialDBG); --- TE_ThreaderSetCallBackForNextExitThreadEvent_CB = alien.callback(YourFunctionHere, "pointer", abi = "stdcall") --- --- TitanEngine.Debugger.functions: --- --- __declspec(dllexport) void* __stdcall StaticDisassembleEx(ULONG_PTR DisassmStart, LPVOID DisassmAddress); - TitanEngine.StaticDisassembleEx:types {"long","long",abi="stdcall",ret="string"} - TE_StaticDisassembleEx = TitanEngine.StaticDisassembleEx --- __declspec(dllexport) void* __stdcall StaticDisassemble(LPVOID DisassmAddress); - TitanEngine.StaticDisassemble:types {"long",abi="stdcall",ret="string"} - TE_StaticDisassemble = TitanEngine.StaticDisassemble --- __declspec(dllexport) void* __stdcall DisassembleEx(HANDLE hProcess, LPVOID DisassmAddress); - TitanEngine.DisassembleEx:types {"long","long",abi="stdcall",ret="string"} - TE_DisassembleEx = TitanEngine.DisassembleEx --- __declspec(dllexport) void* __stdcall Disassemble(LPVOID DisassmAddress); - TitanEngine.Disassemble:types {"long",abi="stdcall",ret="string"} - TE_Disassemble = TitanEngine.Disassemble --- __declspec(dllexport) long __stdcall StaticLengthDisassemble(LPVOID DisassmAddress); - TitanEngine.StaticLengthDisassemble:types {"long",abi="stdcall",ret="long"} - TE_StaticLengthDisassemble = TitanEngine.StaticLengthDisassemble --- __declspec(dllexport) long __stdcall LengthDisassembleEx(HANDLE hProcess, LPVOID DisassmAddress); - TitanEngine.LengthDisassembleEx:types {"long","long",abi="stdcall",ret="long"} - TE_LengthDisassembleEx = TitanEngine.LengthDisassembleEx --- __declspec(dllexport) long __stdcall LengthDisassemble(LPVOID DisassmAddress); - TitanEngine.LengthDisassemble:types {"long",abi="stdcall",ret="long"} - TE_LengthDisassemble = TitanEngine.LengthDisassemble --- __declspec(dllexport) void* __stdcall InitDebug(char* szFileName, char* szCommandLine, char* szCurrentFolder); - TitanEngine.InitDebug:types {"string","string","string",abi="stdcall",ret="pointer"} - TE_InitDebug = TitanEngine.InitDebug --- __declspec(dllexport) void* __stdcall InitNativeDebug(char* szFileName, char* szCommandLine, char* szCurrentFolder); - TitanEngine.InitNativeDebug:types {"string","string","string",abi="stdcall",ret="pointer"} - InitNativeDebug = TitanEngine.InitNativeDebug --- __declspec(dllexport) void* __stdcall InitDebugEx(char* szFileName, char* szCommandLine, char* szCurrentFolder, LPVOID EntryCallBack); - TitanEngine.InitDebugEx:types {"string","string","string","callback",abi="stdcall",ret="pointer"} - TE_InitDebugEx = TitanEngine.InitDebugEx --- __declspec(dllexport) void* __stdcall InitDLLDebug(char* szFileName, bool ReserveModuleBase, char* szCommandLine, char* szCurrentFolder, LPVOID EntryCallBack); - TitanEngine.InitDLLDebug:types {"string","long","string","string","callback",abi="stdcall",ret="pointer"} - TE_InitDLLDebug = TitanEngine.InitDLLDebug --- __declspec(dllexport) bool __stdcall StopDebug(); - TitanEngine.StopDebug:types {abi="stdcall",ret="byte"} - TE_StopDebug = TitanEngine.StopDebug --- __declspec(dllexport) void __stdcall SetBPXOptions(long DefaultBreakPointType); - TitanEngine.SetBPXOptions:types {"long",abi="stdcall"} - TE_SetBPXOptions = TitanEngine.SetBPXOptions --- __declspec(dllexport) bool __stdcall IsBPXEnabled(ULONG_PTR bpxAddress); - TitanEngine.IsBPXEnabled:types {"long",abi="stdcall",ret="byte"} - TE_IsBPXEnabled = TitanEngine.IsBPXEnabled --- __declspec(dllexport) bool __stdcall EnableBPX(ULONG_PTR bpxAddress); - TitanEngine.EnableBPX:types {"long",abi="stdcall",ret="byte"} - TE_EnableBPX = TitanEngine.EnableBPX --- __declspec(dllexport) bool __stdcall DisableBPX(ULONG_PTR bpxAddress); - TitanEngine.DisableBPX:types {"long",abi="stdcall",ret="byte"} - TE_DisableBPX = TitanEngine.DisableBPX --- __declspec(dllexport) bool __stdcall SetBPX(ULONG_PTR bpxAddress, DWORD bpxType, LPVOID bpxCallBack); - TitanEngine.SetBPX:types {"long","long","callback",abi="stdcall",ret="byte"} - TE_SetBPX = TitanEngine.SetBPX --- __declspec(dllexport) bool __stdcall DeleteBPX(ULONG_PTR bpxAddress); - TitanEngine.DeleteBPX:types {"long",abi="stdcall",ret="byte"} - TE_DeleteBPX = TitanEngine.DeleteBPX --- __declspec(dllexport) bool __stdcall SafeDeleteBPX(ULONG_PTR bpxAddress); - TitanEngine.SafeDeleteBPX:types {"long",abi="stdcall",ret="byte"} - TE_SafeDeleteBPX = TitanEngine.SafeDeleteBPX --- __declspec(dllexport) bool __stdcall SetAPIBreakPoint(char* szDLLName, char* szAPIName, DWORD bpxType, DWORD bpxPlace, LPVOID bpxCallBack); - TitanEngine.SetAPIBreakPoint:types {"string","string","long","long","callback",abi="stdcall",ret="byte"} - TE_SetAPIBreakPoint = TitanEngine.SetAPIBreakPoint --- __declspec(dllexport) bool __stdcall DeleteAPIBreakPoint(char* szDLLName, char* szAPIName, DWORD bpxPlace); - TitanEngine.DeleteAPIBreakPoint:types {"string","string","long",abi="stdcall",ret="byte"} - TE_DeleteAPIBreakPoint = TitanEngine.DeleteAPIBreakPoint --- __declspec(dllexport) bool __stdcall SafeDeleteAPIBreakPoint(char* szDLLName, char* szAPIName, DWORD bpxPlace); - TitanEngine.SafeDeleteAPIBreakPoint:types {"string","string","long",abi="stdcall",ret="byte"} - TE_SafeDeleteAPIBreakPoint = TitanEngine.SafeDeleteAPIBreakPoint --- __declspec(dllexport) bool __stdcall SetMemoryBPX(ULONG_PTR MemoryStart, ULONG_PTR SizeOfMemory, LPVOID bpxCallBack); - TitanEngine.SetMemoryBPX:types {"long","long","callback",abi="stdcall",ret="byte"} - TE_SetMemoryBPX = TitanEngine.SetMemoryBPX --- __declspec(dllexport) bool __stdcall SetMemoryBPXEx(ULONG_PTR MemoryStart, ULONG_PTR SizeOfMemory, DWORD BreakPointType, bool RestoreOnHit, LPVOID bpxCallBack); - TitanEngine.SetMemoryBPXEx:types {"long","long","long","long","callback",abi="stdcall",ret="byte"} - TE_SetMemoryBPXEx = TitanEngine.SetMemoryBPXEx --- __declspec(dllexport) bool __stdcall RemoveMemoryBPX(ULONG_PTR MemoryStart, ULONG_PTR SizeOfMemory); - TitanEngine.RemoveMemoryBPX:types {"long","long",abi="stdcall",ret="byte"} - TE_RemoveMemoryBPX = TitanEngine.RemoveMemoryBPX --- __declspec(dllexport) bool __stdcall GetContextFPUDataEx(HANDLE hActiveThread, void* FPUSaveArea); - TitanEngine.GetContextFPUDataEx:types {"long","pointer",abi="stdcall",ret="byte"} - TE_GetContextFPUDataEx = TitanEngine.GetContextFPUDataEx --- __declspec(dllexport) long long __stdcall GetContextDataEx(HANDLE hActiveThread, DWORD IndexOfRegister); - TitanEngine.GetContextDataEx:types {"long","long",abi="stdcall",ret="long"} - TE_GetContextDataEx = TitanEngine.GetContextDataEx --- __declspec(dllexport) long long __stdcall GetContextData(DWORD IndexOfRegister); - TitanEngine.GetContextData:types {"long",abi="stdcall",ret="long"} - TE_GetContextData = TitanEngine.GetContextData --- __declspec(dllexport) bool __stdcall SetContextFPUDataEx(HANDLE hActiveThread, void* FPUSaveArea); - TitanEngine.SetContextFPUDataEx:types {"long","pointer",abi="stdcall",ret="byte"} - TE_SetContextFPUDataEx = TitanEngine.SetContextFPUDataEx --- __declspec(dllexport) bool __stdcall SetContextDataEx(HANDLE hActiveThread, DWORD IndexOfRegister, ULONG_PTR NewRegisterValue); - TitanEngine.SetContextDataEx:types {"long","long","long",abi="stdcall",ret="byte"} - TE_SetContextDataEx = TitanEngine.SetContextDataEx --- __declspec(dllexport) bool __stdcall SetContextData(DWORD IndexOfRegister, ULONG_PTR NewRegisterValue); - TitanEngine.SetContextData:types {"long","long",abi="stdcall",ret="byte"} - TE_SetContextData = TitanEngine.SetContextData --- __declspec(dllexport) void __stdcall ClearExceptionNumber(); - TitanEngine.ClearExceptionNumber:types {abi="stdcall"} - TE_ClearExceptionNumber = TitanEngine.ClearExceptionNumber --- __declspec(dllexport) long __stdcall CurrentExceptionNumber(); - TitanEngine.CurrentExceptionNumber:types {abi="stdcall",ret="long"} - TE_CurrentExceptionNumber = TitanEngine.CurrentExceptionNumber --- __declspec(dllexport) bool __stdcall MatchPatternEx(HANDLE hProcess, void* MemoryToCheck, int SizeOfMemoryToCheck, void* PatternToMatch, int SizeOfPatternToMatch, PBYTE WildCard); - TitanEngine.MatchPatternEx:types {"long","long","long","pointer","long","pointer",abi="stdcall",ret="byte"} - TE_MatchPatternEx = TitanEngine.MatchPatternEx --- __declspec(dllexport) bool __stdcall MatchPattern(void* MemoryToCheck, int SizeOfMemoryToCheck, void* PatternToMatch, int SizeOfPatternToMatch, PBYTE WildCard); - TitanEngine.MatchPattern:types {"long","long","pointer","long","pointer",abi="stdcall",ret="byte"} - TE_MatchPattern = TitanEngine.MatchPattern --- __declspec(dllexport) long long __stdcall FindEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, LPBYTE WildCard); - TitanEngine.FindEx:types {"long","long","long","pointer","long","pointer",abi="stdcall",ret="long"} - TE_FindEx = TitanEngine.FindEx --- __declspec(dllexport) long long __stdcall Find(LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, LPBYTE WildCard); - TitanEngine.Find:types {"long","long","pointer","long","pointer",abi="stdcall",ret="long"} - TE_Find = TitanEngine.Find --- __declspec(dllexport) bool __stdcall FillEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, PBYTE FillByte); - TitanEngine.FillEx:types {"long","long","long","pointer",abi="stdcall",ret="byte"} - TE_FillEx = TitanEngine.FillEx --- __declspec(dllexport) bool __stdcall Fill(LPVOID MemoryStart, DWORD MemorySize, PBYTE FillByte); - TitanEngine.Fill:types {"long","long","pointer",abi="stdcall",ret="byte"} - TE_Fill = TitanEngine.Fill --- __declspec(dllexport) bool __stdcall PatchEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, LPVOID ReplacePattern, DWORD ReplaceSize, bool AppendNOP, bool PrependNOP); - TitanEngine.PatchEx:types {"long","long","long","pointer","long","long","long",abi="stdcall",ret="byte"} - TE_PatchEx = TitanEngine.PatchEx --- __declspec(dllexport) bool __stdcall Patch(LPVOID MemoryStart, DWORD MemorySize, LPVOID ReplacePattern, DWORD ReplaceSize, bool AppendNOP, bool PrependNOP); - TitanEngine.Patch:types {"long","long","pointer","long","long","long",abi="stdcall",ret="byte"} - TE_Patch = TitanEngine.Patch --- __declspec(dllexport) bool __stdcall ReplaceEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, DWORD NumberOfRepetitions, LPVOID ReplacePattern, DWORD ReplaceSize, PBYTE WildCard); - TitanEngine.ReplaceEx:types {"long","long","long","pointer","long","long","pointer","long","pointer",abi="stdcall",ret="byte"} - TE_ReplaceEx = TitanEngine.ReplaceEx --- __declspec(dllexport) bool __stdcall Replace(LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, DWORD NumberOfRepetitions, LPVOID ReplacePattern, DWORD ReplaceSize, PBYTE WildCard); - TitanEngine.Replace:types {"long","long","pointer","long","long","pointer","long","pointer",abi="stdcall",ret="byte"} - TE_Replace = TitanEngine.Replace --- __declspec(dllexport) void* __stdcall GetDebugData(); - TitanEngine.GetDebugData:types {abi="stdcall",ret="pointer"} - TE_GetDebugData = TitanEngine.GetDebugData --- __declspec(dllexport) void* __stdcall GetTerminationData(); - TitanEngine.GetTerminationData:types {abi="stdcall",ret="pointer"} - TE_GetTerminationData = TitanEngine.GetTerminationData --- __declspec(dllexport) long __stdcall GetExitCode(); - TitanEngine.GetExitCode:types {abi="stdcall",ret="long"} - TE_GetExitCode = TitanEngine.GetExitCode --- __declspec(dllexport) long long __stdcall GetDebuggedDLLBaseAddress(); - TitanEngine.GetDebuggedDLLBaseAddress:types {abi="stdcall",ret="long"} - TE_GetDebuggedDLLBaseAddress = TitanEngine.GetDebuggedDLLBaseAddress --- __declspec(dllexport) long long __stdcall GetDebuggedFileBaseAddress(); - TitanEngine.GetDebuggedFileBaseAddress:types {abi="stdcall",ret="long"} - TE_GetDebuggedFileBaseAddress = TitanEngine.GetDebuggedFileBaseAddress --- __declspec(dllexport) bool __stdcall GetRemoteString(HANDLE hProcess, LPVOID StringAddress, LPVOID StringStorage, int MaximumStringSize); - TitanEngine.GetRemoteString:types {"long","long","pointer","long",abi="stdcall",ret="byte"} - TE_GetRemoteString = TitanEngine.GetRemoteString --- __declspec(dllexport) long long __stdcall GetFunctionParameter(HANDLE hProcess, DWORD FunctionType, DWORD ParameterNumber, DWORD ParameterType); - TitanEngine.GetFunctionParameter:types {"long","long","long","long",abi="stdcall",ret="long"} - TE_GetFunctionParameter = TitanEngine.GetFunctionParameter --- __declspec(dllexport) long long __stdcall GetJumpDestinationEx(HANDLE hProcess, ULONG_PTR InstructionAddress, bool JustJumps); - TitanEngine.GetJumpDestinationEx:types {"long","long","long",abi="stdcall",ret="long"} - TE_GetJumpDestinationEx = TitanEngine.GetJumpDestinationEx --- __declspec(dllexport) long long __stdcall GetJumpDestination(HANDLE hProcess, ULONG_PTR InstructionAddress); - TitanEngine.GetJumpDestination:types {"long","long",abi="stdcall",ret="long"} - TE_GetJumpDestination = TitanEngine.GetJumpDestination --- __declspec(dllexport) bool __stdcall IsJumpGoingToExecuteEx(HANDLE hProcess, HANDLE hThread, ULONG_PTR InstructionAddress, ULONG_PTR RegFlags); - TitanEngine.IsJumpGoingToExecuteEx:types {"long","long","long","long",abi="stdcall",ret="byte"} - TE_IsJumpGoingToExecuteEx = TitanEngine.IsJumpGoingToExecuteEx --- __declspec(dllexport) bool __stdcall IsJumpGoingToExecute(); - TitanEngine.IsJumpGoingToExecute:types {abi="stdcall",ret="byte"} - TE_IsJumpGoingToExecute = TitanEngine.IsJumpGoingToExecute --- __declspec(dllexport) void __stdcall SetCustomHandler(DWORD ExceptionId, LPVOID CallBack); - TitanEngine.SetCustomHandler:types {"long","callback",abi="stdcall"} - TE_SetCustomHandler = TitanEngine.SetCustomHandler --- __declspec(dllexport) void __stdcall ForceClose(); - TitanEngine.ForceClose:types {abi="stdcall"} - TE_ForceClose = TitanEngine.ForceClose --- __declspec(dllexport) void __stdcall StepInto(LPVOID traceCallBack); - TitanEngine.StepInto:types {"callback",abi="stdcall"} - TE_StepInto = TitanEngine.StepInto --- __declspec(dllexport) void __stdcall StepOver(LPVOID traceCallBack); - TitanEngine.StepOver:types {"callback",abi="stdcall"} - TE_StepOver = TitanEngine.StepOver --- __declspec(dllexport) void __stdcall SingleStep(DWORD StepCount, LPVOID StepCallBack); - TitanEngine.SingleStep:types {"long","callback",abi="stdcall"} - TE_SingleStep = TitanEngine.SingleStep --- __declspec(dllexport) bool __stdcall GetUnusedHardwareBreakPointRegister(LPDWORD RegisterIndex); - TitanEngine.GetUnusedHardwareBreakPointRegister:types {"long",abi="stdcall",ret="byte"} - TE_GetUnusedHardwareBreakPointRegister = TitanEngine.GetUnusedHardwareBreakPointRegister --- __declspec(dllexport) bool __stdcall SetHardwareBreakPointEx(HANDLE hActiveThread, ULONG_PTR bpxAddress, DWORD IndexOfRegister, DWORD bpxType, DWORD bpxSize, LPVOID bpxCallBack, LPDWORD IndexOfSelectedRegister); - TitanEngine.SetHardwareBreakPointEx:types {"long","long","long","long","long","callback","pointer",abi="stdcall",ret="byte"} - TE_SetHardwareBreakPointEx = TitanEngine.SetHardwareBreakPointEx --- __declspec(dllexport) bool __stdcall SetHardwareBreakPoint(ULONG_PTR bpxAddress, DWORD IndexOfRegister, DWORD bpxType, DWORD bpxSize, LPVOID bpxCallBack); - TitanEngine.SetHardwareBreakPoint:types {"long","long","long","long","callback",abi="stdcall",ret="byte"} - TE_SetHardwareBreakPoint = TitanEngine.SetHardwareBreakPoint --- __declspec(dllexport) bool __stdcall DeleteHardwareBreakPoint(DWORD IndexOfRegister); - TitanEngine.DeleteHardwareBreakPoint:types {"long",abi="stdcall",ret="byte"} - TE_DeleteHardwareBreakPoint = TitanEngine.DeleteHardwareBreakPoint --- __declspec(dllexport) bool __stdcall RemoveAllBreakPoints(DWORD RemoveOption); - TitanEngine.RemoveAllBreakPoints:types {"long",abi="stdcall",ret="byte"} - TE_RemoveAllBreakPoints = TitanEngine.RemoveAllBreakPoints --- __declspec(dllexport) void* __stdcall GetProcessInformation(); - TitanEngine.GetProcessInformation:types {abi="stdcall",ret="pointer"} - TE_GetProcessInformation = TitanEngine.GetProcessInformation --- __declspec(dllexport) void* __stdcall GetStartupInformation(); - TitanEngine.GetStartupInformation:types {abi="stdcall",ret="pointer"} - TE_GetStartupInformation = TitanEngine.GetStartupInformation --- __declspec(dllexport) void __stdcall DebugLoop(); - TitanEngine.DebugLoop:types {abi="stdcall"} - TE_DebugLoop = TitanEngine.DebugLoop --- __declspec(dllexport) void __stdcall SetDebugLoopTimeOut(DWORD TimeOut); - TitanEngine.SetDebugLoopTimeOut:types {"long",abi="stdcall"} - TE_SetDebugLoopTimeOut = TitanEngine.SetDebugLoopTimeOut --- __declspec(dllexport) void __stdcall SetNextDbgContinueStatus(DWORD SetDbgCode); - TitanEngine.SetNextDbgContinueStatus:types {"long",abi="stdcall"} - TE_SetNextDbgContinueStatus = TitanEngine.SetNextDbgContinueStatus --- __declspec(dllexport) bool __stdcall AttachDebugger(DWORD ProcessId, bool KillOnExit, LPVOID DebugInfo, LPVOID CallBack); - TitanEngine.AttachDebugger:types {"long","long","pointer","callback",abi="stdcall",ret="byte"} - TE_AttachDebugger = TitanEngine.AttachDebugger --- __declspec(dllexport) bool __stdcall DetachDebugger(DWORD ProcessId); - TitanEngine.DetachDebugger:types {"long",abi="stdcall",ret="byte"} - TE_DetachDebugger = TitanEngine.DetachDebugger --- __declspec(dllexport) bool __stdcall DetachDebuggerEx(DWORD ProcessId); - TitanEngine.DetachDebuggerEx:types {"long",abi="stdcall",ret="byte"} - TE_DetachDebuggerEx = TitanEngine.DetachDebuggerEx --- __declspec(dllexport) void __stdcall DebugLoopEx(DWORD TimeOut); - TitanEngine.DebugLoopEx:types {"long",abi="stdcall"} - TE_DebugLoopEx = TitanEngine.DebugLoopEx --- __declspec(dllexport) void __stdcall DebugLoop(); - TitanEngine.DebugLoop:types {abi="stdcall"} - TE_DebugLoop = TitanEngine.DebugLoop --- __declspec(dllexport) void __stdcall AutoDebugEx(char* szFileName, bool ReserveModuleBase, char* szCommandLine, char* szCurrentFolder, DWORD TimeOut, LPVOID EntryCallBack); - TitanEngine.AutoDebugEx:types {"string","long","string","string","long","callback",abi="stdcall"} - TE_AutoDebugEx = TitanEngine.AutoDebugEx --- __declspec(dllexport) bool __stdcall IsFileBeingDebugged(); - TitanEngine.IsFileBeingDebugged:types {abi="stdcall",ret="byte"} - TE_IsFileBeingDebugged = TitanEngine.IsFileBeingDebugged --- __declspec(dllexport) void __stdcall SetErrorModel(bool DisplayErrorMessages); - TitanEngine.SetErrorModel:types {"byte",abi="stdcall"} - TE_SetErrorModel = TitanEngine.SetErrorModel --- --- TitanEngine.FindOEP.functions: --- --- __declspec(dllexport) void __stdcall FindOEPInit(); - TitanEngine.FindOEPInit:types {abi="stdcall"} - TE_FindOEPInit = TitanEngine.FindOEPInit --- __declspec(dllexport) bool __stdcall FindOEPGenerically(char* szFileName, LPVOID TraceInitCallBack, LPVOID CallBack); - TitanEngine.FindOEPGenerically:types {"string","callback","callback",abi="stdcall",ret="byte"} - TE_FindOEPGenerically = TitanEngine.FindOEPGenerically --- --- TitanEngine.Importer.functions: --- --- __declspec(dllexport) void __stdcall ImporterCleanup(); - TitanEngine.ImporterCleanup:types {abi="stdcall"} - TE_ImporterCleanup = TitanEngine.ImporterCleanup --- __declspec(dllexport) void __stdcall ImporterSetImageBase(ULONG_PTR ImageBase); - TitanEngine.ImporterSetImageBase:types {"long",abi="stdcall"} - TE_ImporterSetImageBase = TitanEngine.ImporterSetImageBase --- __declspec(dllexport) void __stdcall ImporterSetUnknownDelta(ULONG_PTR DeltaAddress); - TitanEngine.ImporterSetUnknownDelta:types {"long",abi="stdcall"} - TE_ImporterSetUnknownDelta = TitanEngine.ImporterSetUnknownDelta --- __declspec(dllexport) long long __stdcall ImporterGetCurrentDelta(); - TitanEngine.ImporterGetCurrentDelta:types {abi="stdcall",ret="long"} - TE_ImporterGetCurrentDelta = TitanEngine.ImporterGetCurrentDelta --- __declspec(dllexport) void __stdcall ImporterInit(DWORD MemorySize, ULONG_PTR ImageBase); - TitanEngine.ImporterInit:types {"long","long",abi="stdcall"} - TE_ImporterInit = TitanEngine.ImporterInit --- __declspec(dllexport) void __stdcall ImporterAddNewDll(char* szDLLName, ULONG_PTR FirstThunk); - TitanEngine.ImporterAddNewDll:types {"string","long",abi="stdcall"} - TE_ImporterAddNewDll = TitanEngine.ImporterAddNewDll --- __declspec(dllexport) void __stdcall ImporterAddNewAPI(char* szAPIName, ULONG_PTR ThunkValue); - TitanEngine.ImporterAddNewAPI:types {"string","long",abi="stdcall"} - TE_ImporterAddNewAPI = TitanEngine.ImporterAddNewAPI --- __declspec(dllexport) void __stdcall ImporterAddNewOrdinalAPI(ULONG_PTR OrdinalNumber, ULONG_PTR ThunkValue); - TitanEngine.ImporterAddNewOrdinalAPI:types {"long","long",abi="stdcall"} - TE_ImporterAddNewOrdinalAPI = TitanEngine.ImporterAddNewOrdinalAPI --- __declspec(dllexport) long __stdcall ImporterGetAddedDllCount(); - TitanEngine.ImporterGetAddedDllCount:types {abi="stdcall",ret="long"} - TE_ImporterGetAddedDllCount = TitanEngine.ImporterGetAddedDllCount --- __declspec(dllexport) long __stdcall ImporterGetAddedAPICount(); - TitanEngine.ImporterGetAddedAPICount:types {abi="stdcall",ret="long"} - TE_ImporterGetAddedAPICount = TitanEngine.ImporterGetAddedAPICount --- __declspec(dllexport) void* __stdcall ImporterGetLastAddedDLLName(); - TitanEngine.ImporterGetLastAddedDLLName:types {abi="stdcall",ret="string"} - TE_ImporterGetLastAddedDLLName = TitanEngine.ImporterGetLastAddedDLLName --- __declspec(dllexport) void __stdcall ImporterMoveIAT(); - TitanEngine.ImporterMoveIAT:types {abi="stdcall"} - TE_ImporterMoveIAT = TitanEngine.ImporterMoveIAT --- __declspec(dllexport) bool __stdcall ImporterExportIAT(ULONG_PTR StorePlace, ULONG_PTR FileMapVA); - TitanEngine.ImporterExportIAT:types {"long","long",abi="stdcall"} - TE_ImporterExportIAT = TitanEngine.ImporterExportIAT --- __declspec(dllexport) long __stdcall ImporterEstimatedSize(); - TitanEngine.ImporterEstimatedSize:types {abi="stdcall",ret="long"} - TE_ImporterEstimatedSize = TitanEngine.ImporterEstimatedSize --- __declspec(dllexport) bool __stdcall ImporterExportIATEx(char* szExportFileName, char* szSectionName); - TitanEngine.ImporterExportIATEx:types {"string","string",abi="stdcall",ret="byte"} - TE_ImporterExportIATEx = TitanEngine.ImporterExportIATEx --- __declspec(dllexport) long long __stdcall ImporterFindAPIWriteLocation(char* szAPIName); - TitanEngine.ImporterFindAPIWriteLocation:types {"string",abi="stdcall",ret="long"} - TE_ImporterFindAPIWriteLocation = TitanEngine.ImporterFindAPIWriteLocation --- __declspec(dllexport) long long __stdcall ImporterFindOrdinalAPIWriteLocation(ULONG_PTR OrdinalNumber); - TitanEngine.ImporterFindOrdinalAPIWriteLocation:types {"long",abi="stdcall",ret="long"} - TE_ImporterFindOrdinalAPIWriteLocation = TitanEngine.ImporterFindOrdinalAPIWriteLocation --- __declspec(dllexport) long long __stdcall ImporterFindAPIByWriteLocation(char* szAPIName); - TitanEngine.ImporterFindAPIByWriteLocation:types {"string",abi="stdcall",ret="long"} - TE_ImporterFindAPIByWriteLocation = TitanEngine.ImporterFindAPIByWriteLocation --- __declspec(dllexport) long long __stdcall ImporterFindDLLByWriteLocation(ULONG_PTR APIWriteLocation); - TitanEngine.ImporterFindDLLByWriteLocation:types {"long",abi="stdcall",ret="long"} - TE_ImporterFindDLLByWriteLocation = TitanEngine.ImporterFindDLLByWriteLocation --- __declspec(dllexport) void* __stdcall ImporterGetDLLName(ULONG_PTR APIAddress); - TitanEngine.ImporterGetDLLName:types {"long",abi="stdcall",ret="string"} - TE_ImporterGetDLLName = TitanEngine.ImporterGetDLLName --- __declspec(dllexport) void* __stdcall ImporterGetAPIName(ULONG_PTR APIAddress); - TitanEngine.ImporterGetAPIName:types {"long",abi="stdcall",ret="string"} - TE_ImporterGetAPIName = TitanEngine.ImporterGetAPIName --- __declspec(dllexport) long long __stdcall ImporterGetAPIOrdinalNumber(ULONG_PTR APIAddress); - TitanEngine.ImporterGetAPIOrdinalNumber:types {"long",abi="stdcall",ret="long"} - TE_ImporterGetAPIOrdinalNumber = TitanEngine.ImporterGetAPIOrdinalNumber --- __declspec(dllexport) void* __stdcall ImporterGetAPINameEx(ULONG_PTR APIAddress, ULONG_PTR DLLBasesList); - TitanEngine.ImporterGetAPINameEx:types {"long","pointer",abi="stdcall",ret="string"} - TE_ImporterGetAPINameEx = TitanEngine.ImporterGetAPINameEx --- __declspec(dllexport) long long __stdcall ImporterGetRemoteAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress); - TitanEngine.ImporterGetRemoteAPIAddress:types {"long","long",abi="stdcall",ret="long"} - TE_ImporterGetRemoteAPIAddress = TitanEngine.ImporterGetRemoteAPIAddress --- __declspec(dllexport) long long __stdcall ImporterGetRemoteAPIAddressEx(char* szDLLName, char* szAPIName); - TitanEngine.ImporterGetRemoteAPIAddressEx:types {"string","string",abi="stdcall",ret="long"} - TE_ImporterGetRemoteAPIAddressEx = TitanEngine.ImporterGetRemoteAPIAddressEx --- __declspec(dllexport) long long __stdcall ImporterGetLocalAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress); - TitanEngine.ImporterGetLocalAPIAddress:types {"long","long",abi="stdcall",ret="long"} - TE_ImporterGetLocalAPIAddress = TitanEngine.ImporterGetLocalAPIAddress --- __declspec(dllexport) void* __stdcall ImporterGetDLLNameFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress); - TitanEngine.ImporterGetDLLNameFromDebugee:types {"long","long",abi="stdcall",ret="string"} - TE_ImporterGetDLLNameFromDebugee = TitanEngine.ImporterGetDLLNameFromDebugee --- __declspec(dllexport) void* __stdcall ImporterGetAPINameFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress); - TitanEngine.ImporterGetAPINameFromDebugee:types {"long","long",abi="stdcall",ret="string"} - TE_ImporterGetAPINameFromDebugee = TitanEngine.ImporterGetAPINameFromDebugee --- __declspec(dllexport) long long __stdcall ImporterGetAPIOrdinalNumberFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress); - TitanEngine.ImporterGetAPIOrdinalNumberFromDebugee:types {"long","long",abi="stdcall",ret="long"} - TE_ImporterGetAPIOrdinalNumberFromDebugee = TitanEngine.ImporterGetAPIOrdinalNumberFromDebugee --- __declspec(dllexport) long __stdcall ImporterGetDLLIndexEx(ULONG_PTR APIAddress, ULONG_PTR DLLBasesList); - TitanEngine.ImporterGetDLLIndexEx:types {"long","pointer",abi="stdcall",ret="long"} - TE_ImporterGetDLLIndexEx = TitanEngine.ImporterGetDLLIndexEx --- __declspec(dllexport) long __stdcall ImporterGetDLLIndex(HANDLE hProcess, ULONG_PTR APIAddress, ULONG_PTR DLLBasesList); - TitanEngine.ImporterGetDLLIndex:types {"long","long","pointer",abi="stdcall",ret="long"} - TE_ImporterGetDLLIndex = TitanEngine.ImporterGetDLLIndex --- __declspec(dllexport) long long __stdcall ImporterGetRemoteDLLBase(HANDLE hProcess, HMODULE LocalModuleBase); - TitanEngine.ImporterGetRemoteDLLBase:types {"long","long",abi="stdcall",ret="long"} - TE_ImporterGetRemoteDLLBase = TitanEngine.ImporterGetRemoteDLLBase --- __declspec(dllexport) bool __stdcall ImporterRelocateWriteLocation(ULONG_PTR AddValue); - TitanEngine.ImporterRelocateWriteLocation:types {"long",abi="stdcall",ret="byte"} - TE_ImporterRelocateWriteLocation = TitanEngine.ImporterRelocateWriteLocation --- __declspec(dllexport) bool __stdcall ImporterIsForwardedAPI(HANDLE hProcess, ULONG_PTR APIAddress); - TitanEngine.ImporterIsForwardedAPI:types {"long","long",abi="stdcall",ret="byte"} - TE_ImporterIsForwardedAPI = TitanEngine.ImporterIsForwardedAPI --- __declspec(dllexport) void* __stdcall ImporterGetForwardedAPIName(HANDLE hProcess, ULONG_PTR APIAddress); - TitanEngine.ImporterGetForwardedAPIName:types {"long","long",abi="stdcall",ret="string"} - TE_ImporterGetForwardedAPIName = TitanEngine.ImporterGetForwardedAPIName --- __declspec(dllexport) void* __stdcall ImporterGetForwardedDLLName(HANDLE hProcess, ULONG_PTR APIAddress); - TitanEngine.ImporterGetForwardedDLLName:types {"long","long",abi="stdcall",ret="string"} - TE_ImporterGetForwardedDLLName = TitanEngine.ImporterGetForwardedDLLName --- __declspec(dllexport) long __stdcall ImporterGetForwardedDLLIndex(HANDLE hProcess, ULONG_PTR APIAddress, ULONG_PTR DLLBasesList); - TitanEngine.ImporterGetForwardedDLLIndex:types {"long","long","pointer",abi="stdcall",ret="long"} - TE_ImporterGetForwardedDLLIndex = TitanEngine.ImporterGetForwardedDLLIndex --- __declspec(dllexport) long long __stdcall ImporterGetForwardedAPIOrdinalNumber(HANDLE hProcess, ULONG_PTR APIAddress); - TitanEngine.ImporterGetForwardedAPIOrdinalNumber:types {"long","long",abi="stdcall",ret="long"} - TE_ImporterGetForwardedAPIOrdinalNumber = TitanEngine.ImporterGetForwardedAPIOrdinalNumber --- __declspec(dllexport) long long __stdcall ImporterGetNearestAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress); - TitanEngine.ImporterGetNearestAPIAddress:types {"long","long",abi="stdcall",ret="long"} - TE_ImporterGetNearestAPIAddress = TitanEngine.ImporterGetNearestAPIAddress --- __declspec(dllexport) void* __stdcall ImporterGetNearestAPIName(HANDLE hProcess, ULONG_PTR APIAddress); - TitanEngine.ImporterGetNearestAPIName:types {"long","long",abi="stdcall",ret="string"} - TE_ImporterGetNearestAPIName = TitanEngine.ImporterGetNearestAPIName --- __declspec(dllexport) bool __stdcall ImporterCopyOriginalIAT(char* szOriginalFile, char* szDumpFile); - TitanEngine.ImporterCopyOriginalIAT:types {"string","string",abi="stdcall",ret="byte"} - TE_ImporterCopyOriginalIAT = TitanEngine.ImporterCopyOriginalIAT --- __declspec(dllexport) bool __stdcall ImporterLoadImportTable(char* szFileName); - TitanEngine.ImporterLoadImportTable:types {"string",abi="stdcall",ret="byte"} - TE_ImporterLoadImportTable = TitanEngine.ImporterLoadImportTable --- __declspec(dllexport) bool __stdcall ImporterMoveOriginalIAT(char* szOriginalFile, char* szDumpFile, char* szSectionName); - TitanEngine.ImporterMoveOriginalIAT:types {"string","string","string",abi="stdcall",ret="byte"} - TE_ImporterMoveOriginalIAT = TitanEngine.ImporterMoveOriginalIAT --- __declspec(dllexport) void __stdcall ImporterAutoSearchIAT(HANDLE hProcess, char* szFileName, ULONG_PTR ImageBase, ULONG_PTR SearchStart, DWORD SearchSize, LPVOID pIATStart, LPVOID pIATSize); - TitanEngine.ImporterAutoSearchIAT:types {"long","string","long","long","long","pointer","pointer",abi="stdcall"} - TE_ImporterAutoSearchIAT = TitanEngine.ImporterAutoSearchIAT --- __declspec(dllexport) void __stdcall ImporterAutoSearchIATEx(HANDLE hProcess, ULONG_PTR ImageBase, ULONG_PTR SearchStart, DWORD SearchSize, LPVOID pIATStart, LPVOID pIATSize); - TitanEngine.ImporterAutoSearchIATEx:types {"long","long","long","long","pointer","pointer",abi="stdcall"} - TE_ImporterAutoSearchIATEx = TitanEngine.ImporterAutoSearchIATEx --- __declspec(dllexport) void __stdcall ImporterEnumAddedData(LPVOID EnumCallBack); - TitanEngine.ImporterEnumAddedData:types {"callback",abi="stdcall"} - TE_ImporterEnumAddedData = TitanEngine.ImporterEnumAddedData --- __declspec(dllexport) long __stdcall ImporterAutoFixIATEx(HANDLE hProcess, char* szDumpedFile, char* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, DWORD SearchSize, DWORD SearchStep, bool TryAutoFix, bool FixEliminations, LPVOID UnknownPointerFixCallback); - TitanEngine.ImporterAutoSearchIATEx:types {"long","string","string","long","long","long","long","long","long","long","long","long","callback",abi="stdcall",ret="long"} - TE_ImporterAutoSearchIATEx = TitanEngine.ImporterAutoSearchIATEx --- __declspec(dllexport) long __stdcall ImporterAutoFixIAT(HANDLE hProcess, char* szDumpedFile, ULONG_PTR ImageBase, ULONG_PTR SearchStart, DWORD SearchSize, DWORD SearchStep); - TitanEngine.ImporterAutoFixIAT:types {"long","string","long","long","long","long",abi="stdcall",ret="long"} - TE_ImporterAutoFixIAT = TitanEngine.ImporterAutoFixIAT --- --- Global.Engine.Hook.functions: --- --- __declspec(dllexport) bool __stdcall HooksSafeTransitionEx(LPVOID HookAddressArray, int NumberOfHooks, bool TransitionStart); - TitanEngine.HooksSafeTransitionEx:types {"pointer","long","long",abi="stdcall",ret="byte"} - TE_HooksSafeTransitionEx = TitanEngine.HooksSafeTransitionEx --- __declspec(dllexport) bool __stdcall HooksSafeTransition(LPVOID HookAddress, bool TransitionStart); - TitanEngine.HooksSafeTransition:types {"long","long",abi="stdcall",ret="byte"} - TE_HooksSafeTransition = TitanEngine.HooksSafeTransition --- __declspec(dllexport) bool __stdcall HooksIsAddressRedirected(LPVOID HookAddress); - TitanEngine.HooksIsAddressRedirected:types {"long",abi="stdcall",ret="byte"} - TE_HooksIsAddressRedirected = TitanEngine.HooksIsAddressRedirected --- __declspec(dllexport) void* __stdcall HooksGetTrampolineAddress(LPVOID HookAddress); - TitanEngine.HooksGetTrampolineAddress:types {"long",abi="stdcall",ret="pointer"} - TE_HooksGetTrampolineAddress = TitanEngine.HooksGetTrampolineAddress --- __declspec(dllexport) void* __stdcall HooksGetHookEntryDetails(LPVOID HookAddress); - TitanEngine.HooksGetHookEntryDetails:types {"long",abi="stdcall",ret="pointer"} - TE_HooksGetHookEntryDetails = TitanEngine.HooksGetHookEntryDetails --- __declspec(dllexport) bool __stdcall HooksInsertNewRedirection(LPVOID HookAddress, LPVOID RedirectTo, int HookType); - TitanEngine.HooksInsertNewRedirection:types {"long","long","long",abi="stdcall",ret="byte"} - TE_HooksInsertNewRedirection = TitanEngine.HooksInsertNewRedirection --- __declspec(dllexport) bool __stdcall HooksInsertNewIATRedirectionEx(ULONG_PTR FileMapVA, ULONG_PTR LoadedModuleBase, char* szHookFunction, LPVOID RedirectTo); - TitanEngine.HooksInsertNewIATRedirectionEx:types {"long","long","string","long",abi="stdcall",ret="byte"} - TE_HooksInsertNewIATRedirectionEx = TitanEngine.HooksInsertNewIATRedirectionEx --- __declspec(dllexport) bool __stdcall HooksInsertNewIATRedirection(char* szModuleName, char* szHookFunction, LPVOID RedirectTo); - TitanEngine.HooksInsertNewIATRedirection:types {"string","string","long",abi="stdcall",ret="byte"} - TE_HooksInsertNewIATRedirection = TitanEngine.HooksInsertNewIATRedirection --- __declspec(dllexport) bool __stdcall HooksRemoveRedirection(LPVOID HookAddress, bool RemoveAll); - TitanEngine.HooksRemoveRedirection:types {"long","long",abi="stdcall",ret="byte"} - TE_HooksRemoveRedirection = TitanEngine.HooksRemoveRedirection --- __declspec(dllexport) bool __stdcall HooksRemoveRedirectionsForModule(HMODULE ModuleBase); - TitanEngine.HooksRemoveRedirectionsForModule:types {"long",abi="stdcall",ret="byte"} - TE_HooksRemoveRedirectionsForModule = TitanEngine.HooksRemoveRedirectionsForModule --- __declspec(dllexport) bool __stdcall HooksRemoveIATRedirection(char* szModuleName, char* szHookFunction, bool RemoveAll); - TitanEngine.HooksRemoveIATRedirection:types {"string","string","long",abi="stdcall",ret="byte"} - TE_HooksRemoveIATRedirection = TitanEngine.HooksRemoveIATRedirection --- __declspec(dllexport) bool __stdcall HooksDisableRedirection(LPVOID HookAddress, bool DisableAll); - TitanEngine.HooksDisableRedirection:types {"long","long",abi="stdcall",ret="byte"} - TE_HooksDisableRedirection = TitanEngine.HooksDisableRedirection --- __declspec(dllexport) bool __stdcall HooksDisableRedirectionsForModule(HMODULE ModuleBase); - TitanEngine.HooksDisableRedirectionsForModule:types {"long",abi="stdcall",ret="byte"} - TE_HooksDisableRedirectionsForModule = TitanEngine.HooksDisableRedirectionsForModule --- __declspec(dllexport) bool __stdcall HooksDisableIATRedirection(char* szModuleName, char* szHookFunction, bool DisableAll); - TitanEngine.HooksDisableIATRedirection:types {"string","string","long",abi="stdcall",ret="byte"} - TE_HooksDisableIATRedirection = TitanEngine.HooksDisableIATRedirection --- __declspec(dllexport) bool __stdcall HooksEnableRedirection(LPVOID HookAddress, bool EnableAll); - TitanEngine.HooksEnableRedirection:types {"long","long",abi="stdcall",ret="byte"} - TE_HooksEnableRedirection = TitanEngine.HooksEnableRedirection --- __declspec(dllexport) bool __stdcall HooksEnableRedirectionsForModule(HMODULE ModuleBase); - TitanEngine.HooksEnableRedirectionsForModule:types {"long",abi="stdcall",ret="byte"} - TE_HooksEnableRedirectionsForModule = TitanEngine.HooksEnableRedirectionsForModule --- __declspec(dllexport) bool __stdcall HooksEnableIATRedirection(char* szModuleName, char* szHookFunction, bool EnableAll); - TitanEngine.HooksEnableIATRedirection:types {"string","string","long",abi="stdcall",ret="byte"} - TE_HooksEnableIATRedirection = TitanEngine.HooksEnableIATRedirection --- __declspec(dllexport) void __stdcall HooksScanModuleMemory(HMODULE ModuleBase, LPVOID CallBack); - TitanEngine.HooksScanModuleMemory:types {"long","callback",abi="stdcall"} - TE_HooksScanModuleMemory = TitanEngine.HooksScanModuleMemory --- __declspec(dllexport) void __stdcall HooksScanEntireProcessMemory(LPVOID CallBack); - TitanEngine.HooksScanModuleMemory:types {"callback",abi="stdcall"} - TE_HooksScanModuleMemory = TitanEngine.HooksScanModuleMemory --- __declspec(dllexport) void __stdcall HooksScanEntireProcessMemoryEx(); - TitanEngine.HooksScanEntireProcessMemoryEx:types {abi="stdcall"} - TE_HooksScanEntireProcessMemoryEx = TitanEngine.HooksScanEntireProcessMemoryEx --- --- TitanEngine.Tracer.functions: --- --- __declspec(dllexport) void __stdcall TracerInit(); - TitanEngine.TracerInit:types {abi="stdcall"} - TE_TracerInit = TitanEngine.TracerInit --- __declspec(dllexport) long long __stdcall TracerLevel1(HANDLE hProcess, ULONG_PTR AddressToTrace); - TitanEngine.TracerLevel1:types {"long","long",abi="stdcall",ret="long"} - TE_TracerLevel1 = TitanEngine.TracerLevel1 --- __declspec(dllexport) long long __stdcall HashTracerLevel1(HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD InputNumberOfInstructions); - TitanEngine.HashTracerLevel1:types {"long","long","long",abi="stdcall",ret="long"} - TE_HashTracerLevel1 = TitanEngine.HashTracerLevel1 --- __declspec(dllexport) long __stdcall TracerDetectRedirection(HANDLE hProcess, ULONG_PTR AddressToTrace); - TitanEngine.TracerDetectRedirection:types {"long","long",abi="stdcall",ret="long"} - TE_TracerDetectRedirection = TitanEngine.TracerDetectRedirection --- __declspec(dllexport) long long __stdcall TracerFixKnownRedirection(HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD RedirectionId); - TitanEngine.TracerFixKnownRedirection:types {"long","long","long",abi="stdcall",ret="long"} - TE_TracerFixKnownRedirection = TitanEngine.TracerFixKnownRedirection --- __declspec(dllexport) long __stdcall TracerFixRedirectionViaImpRecPlugin(HANDLE hProcess, char* szPluginName, ULONG_PTR AddressToTrace); - TitanEngine.TracerFixRedirectionViaImpRecPlugin:types {"long","string","long",abi="stdcall",ret="long"} - TE_TracerFixRedirectionViaImpRecPlugin = TitanEngine.TracerFixRedirectionViaImpRecPlugin --- --- TitanEngine.Exporter.functions: --- --- __declspec(dllexport) void __stdcall ExporterCleanup(); - TitanEngine.ExporterCleanup:types {abi="stdcall"} - TE_ExporterCleanup = TitanEngine.ExporterCleanup --- __declspec(dllexport) void __stdcall ExporterSetImageBase(ULONG_PTR ImageBase); - TitanEngine.ExporterSetImageBase:types {"long",abi="stdcall"} - TE_ExporterSetImageBase = TitanEngine.ExporterSetImageBase --- __declspec(dllexport) void __stdcall ExporterInit(DWORD MemorySize, ULONG_PTR ImageBase, DWORD ExportOrdinalBase, char* szExportModuleName); - TitanEngine.ExporterInit:types {"long","long","long","string",abi="stdcall"} - TE_ExporterInit = TitanEngine.ExporterInit --- __declspec(dllexport) bool __stdcall ExporterAddNewExport(char* szExportName, DWORD ExportRelativeAddress); - TitanEngine.ExporterAddNewExport:types {"string","long",abi="stdcall",ret="byte"} - TE_ExporterAddNewExport = TitanEngine.ExporterAddNewExport --- __declspec(dllexport) bool __stdcall ExporterAddNewOrdinalExport(DWORD OrdinalNumber, DWORD ExportRelativeAddress); - TitanEngine.ExporterAddNewOrdinalExport:types {"long","long",abi="stdcall",ret="byte"} - TE_ExporterAddNewOrdinalExport = TitanEngine.ExporterAddNewOrdinalExport --- __declspec(dllexport) long __stdcall ExporterGetAddedExportCount(); - TitanEngine.ExporterGetAddedExportCount:types {abi="stdcall",ret="long"} - TE_ExporterGetAddedExportCount = TitanEngine.ExporterGetAddedExportCount --- __declspec(dllexport) long __stdcall ExporterEstimatedSize(); - TitanEngine.ExporterEstimatedSize:types {abi="stdcall",ret="long"} - TE_ExporterEstimatedSize = TitanEngine.ExporterEstimatedSize --- __declspec(dllexport) bool __stdcall ExporterBuildExportTable(ULONG_PTR StorePlace, ULONG_PTR FileMapVA); - TitanEngine.ExporterBuildExportTable:types {"long","long",abi="stdcall",ret="byte"} - TE_ExporterBuildExportTable = TitanEngine.ExporterBuildExportTable --- __declspec(dllexport) bool __stdcall ExporterBuildExportTableEx(char* szExportFileName, char* szSectionName); - TitanEngine.ExporterBuildExportTableEx:types {"string","string",abi="stdcall",ret="byte"} - TE_ExporterBuildExportTableEx = TitanEngine.ExporterBuildExportTableEx --- __declspec(dllexport) bool __stdcall ExporterLoadExportTable(char* szFileName); - TitanEngine.ExporterLoadExportTable:types {"string",abi="stdcall",ret="byte"} - TE_ExporterLoadExportTable = TitanEngine.ExporterLoadExportTable --- --- TitanEngine.Librarian.functions: --- --- __declspec(dllexport) bool __stdcall LibrarianSetBreakPoint(char* szLibraryName, DWORD bpxType, bool SingleShoot, LPVOID bpxCallBack); - TitanEngine.LibrarianSetBreakPoint:types {"string","long","long","callback",abi="stdcall",ret="byte"} - TE_LibrarianSetBreakPoint = TitanEngine.LibrarianSetBreakPoint --- __declspec(dllexport) bool __stdcall LibrarianRemoveBreakPoint(char* szLibraryName, DWORD bpxType); - TitanEngine.LibrarianRemoveBreakPoint:types {"string","long",abi="stdcall",ret="byte"} - TE_LibrarianRemoveBreakPoint = TitanEngine.LibrarianRemoveBreakPoint --- __declspec(dllexport) void* __stdcall LibrarianGetLibraryInfo(char* szLibraryName); - TitanEngine.LibrarianGetLibraryInfo:types {"string",abi="stdcall",ret="pointer"} - TE_LibrarianGetLibraryInfo = TitanEngine.LibrarianGetLibraryInfo --- __declspec(dllexport) void* __stdcall LibrarianGetLibraryInfoEx(void* BaseOfDll); - TitanEngine.LibrarianGetLibraryInfoEx:types {"long",abi="stdcall",ret="pointer"} - TE_LibrarianGetLibraryInfoEx = TitanEngine.LibrarianGetLibraryInfoEx --- __declspec(dllexport) void __stdcall LibrarianEnumLibraryInfo(void* EnumCallBack); - TitanEngine.LibrarianEnumLibraryInfo:types {"callback",abi="stdcall"} - TE_LibrarianEnumLibraryInfo = TitanEngine.LibrarianEnumLibraryInfo --- --- TitanEngine.Process.functions: --- --- __declspec(dllexport) long __stdcall GetActiveProcessId(char* szImageName); - TitanEngine.GetActiveProcessId:types {"string",abi="stdcall",ret="long"} - TE_GetActiveProcessId = TitanEngine.GetActiveProcessId --- __declspec(dllexport) void __stdcall EnumProcessesWithLibrary(char* szLibraryName, void* EnumFunction); - TitanEngine.EnumProcessesWithLibrary:types {"string","callback",abi="stdcall"} - TE_EnumProcessesWithLibrary = TitanEngine.EnumProcessesWithLibrary --- --- TitanEngine.TLSFixer.functions: --- --- __declspec(dllexport) bool __stdcall TLSBreakOnCallBack(LPVOID ArrayOfCallBacks, DWORD NumberOfCallBacks, LPVOID bpxCallBack); - TitanEngine.TLSBreakOnCallBack:types {"pointer","long","callback",abi="stdcall",ret="byte"} - TE_TLSBreakOnCallBack = TitanEngine.TLSBreakOnCallBack --- __declspec(dllexport) bool __stdcall TLSGrabCallBackData(char* szFileName, LPVOID ArrayOfCallBacks, LPDWORD NumberOfCallBacks); - TitanEngine.TLSGrabCallBackData:types {"string","pointer","pointer",abi="stdcall",ret="byte"} - TE_TLSGrabCallBackData = TitanEngine.TLSGrabCallBackData --- __declspec(dllexport) bool __stdcall TLSBreakOnCallBackEx(char* szFileName, LPVOID bpxCallBack); - TitanEngine.TLSBreakOnCallBackEx:types {"string","callback",abi="stdcall",ret="byte"} - TE_TLSBreakOnCallBackEx = TitanEngine.TLSBreakOnCallBackEx --- __declspec(dllexport) bool __stdcall TLSRemoveCallback(char* szFileName); - TitanEngine.TLSRemoveCallback:types {"string",abi="stdcall",ret="byte"} - TE_TLSRemoveCallback = TitanEngine.TLSRemoveCallback --- __declspec(dllexport) bool __stdcall TLSRemoveTable(char* szFileName); - TitanEngine.TLSRemoveTable:types {"string",abi="stdcall",ret="byte"} - TE_TLSRemoveTable = TitanEngine.TLSRemoveTable --- __declspec(dllexport) bool __stdcall TLSBackupData(char* szFileName); - TitanEngine.TLSBackupData:types {"string",abi="stdcall",ret="byte"} - TE_TLSBackupData = TitanEngine.TLSBackupData --- __declspec(dllexport) bool __stdcall TLSRestoreData(); - TitanEngine.TLSRestoreData:types {abi="stdcall",ret="byte"} - TE_TLSRestoreData = TitanEngine.TLSRestoreData --- __declspec(dllexport) bool __stdcall TLSBuildNewTable(ULONG_PTR FileMapVA, ULONG_PTR StorePlace, ULONG_PTR StorePlaceRVA, LPVOID ArrayOfCallBacks, DWORD NumberOfCallBacks); - TitanEngine.TLSBuildNewTable:types {"long","long","long","pointer","long",abi="stdcall",ret="byte"} - TE_TLSBuildNewTable = TitanEngine.TLSBuildNewTable --- __declspec(dllexport) bool __stdcall TLSBuildNewTableEx(char* szFileName, char* szSectionName, LPVOID ArrayOfCallBacks, DWORD NumberOfCallBacks); - TitanEngine.TLSBuildNewTableEx:types {"string","string","pointer","long",abi="stdcall",ret="byte"} - TE_TLSBuildNewTableEx = TitanEngine.TLSBuildNewTableEx --- --- TitanEngine.Handler.functions: --- --- __declspec(dllexport) long __stdcall HandlerGetActiveHandleCount(DWORD ProcessId); - TitanEngine.HandlerGetActiveHandleCount:types {"long",abi="stdcall",ret="long"} - TE_HandlerGetActiveHandleCount = TitanEngine.HandlerGetActiveHandleCount --- __declspec(dllexport) bool __stdcall HandlerIsHandleOpen(DWORD ProcessId, HANDLE hHandle); - TitanEngine.HandlerIsHandleOpen:types {"long","long",abi="stdcall",ret="byte"} - TE_HandlerIsHandleOpen = TitanEngine.HandlerIsHandleOpen --- __declspec(dllexport) void* __stdcall HandlerGetHandleName(HANDLE hProcess, DWORD ProcessId, HANDLE hHandle, bool TranslateName); - TitanEngine.HandlerGetHandleName:types {"long","long","long","long",abi="stdcall",ret="string"} - TE_HandlerGetHandleName = TitanEngine.HandlerGetHandleName --- __declspec(dllexport) long __stdcall HandlerEnumerateOpenHandles(DWORD ProcessId, LPVOID HandleBuffer, DWORD MaxHandleCount); - TitanEngine.HandlerEnumerateOpenHandles:types {"long","pointer","long",abi="stdcall",ret="long"} - TE_HandlerEnumerateOpenHandles = TitanEngine.HandlerEnumerateOpenHandles --- __declspec(dllexport) long long __stdcall HandlerGetHandleDetails(HANDLE hProcess, DWORD ProcessId, HANDLE hHandle, DWORD InformationReturn); - TitanEngine.HandlerGetHandleDetails:types {"long","long","long","long",abi="stdcall",ret="long"} - TE_HandlerGetHandleDetails = TitanEngine.HandlerGetHandleDetails --- __declspec(dllexport) bool __stdcall HandlerCloseRemoteHandle(HANDLE hProcess, HANDLE hHandle); - TitanEngine.HandlerCloseRemoteHandle:types {"long","long",abi="stdcall",ret="byte"} - TE_HandlerCloseRemoteHandle = TitanEngine.HandlerCloseRemoteHandle --- __declspec(dllexport) long __stdcall HandlerEnumerateLockHandles(char* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated, LPVOID HandleDataBuffer, DWORD MaxHandleCount); - TitanEngine.HandlerEnumerateLockHandles:types {"string","long","long","pointer","long",abi="stdcall",ret="long"} - TE_HandlerEnumerateLockHandles = TitanEngine.HandlerEnumerateLockHandles --- __declspec(dllexport) bool __stdcall HandlerCloseAllLockHandles(char* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated); - TitanEngine.HandlerCloseAllLockHandles:types {"string","long","long",abi="stdcall",ret="byte"} - TE_HandlerCloseAllLockHandles = TitanEngine.HandlerCloseAllLockHandles --- __declspec(dllexport) bool __stdcall HandlerIsFileLocked(char* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated); - TitanEngine.HandlerIsFileLocked:types {"string","long","long",abi="stdcall",ret="byte"} - TE_HandlerIsFileLocked = TitanEngine.HandlerIsFileLocked --- __declspec(dllexport) long __stdcall HandlerEnumerateOpenMutexes(HANDLE hProcess, DWORD ProcessId, LPVOID HandleBuffer, DWORD MaxHandleCount); - TitanEngine.HandlerEnumerateOpenMutexes:types {"long","long","pointer","long",abi="stdcall",ret="long"} - TE_HandlerEnumerateOpenMutexes = TitanEngine.HandlerEnumerateOpenMutexes --- __declspec(dllexport) long long __stdcall HandlerGetOpenMutexHandle(HANDLE hProcess, DWORD ProcessId, char* szMutexString); - TitanEngine.HandlerGetOpenMutexHandle:types {"long","long","string",abi="stdcall",ret="long"} - TE_HandlerGetOpenMutexHandle = TitanEngine.HandlerGetOpenMutexHandle --- ___declspec(dllexport) long __stdcall HandlerGetProcessIdWhichCreatedMutex(char* szMutexString); - TitanEngine.HandlerGetProcessIdWhichCreatedMutex:types {"string",abi="stdcall",ret="long"} - TE_HandlerGetProcessIdWhichCreatedMutex = TitanEngine.HandlerGetProcessIdWhichCreatedMutex --- --- TitanEngine.TranslateName.functions: --- --- __declspec(dllexport) void* __stdcall TranslateNativeName(char* szNativeName); - TitanEngine.TranslateNativeName:types {"string",abi="stdcall",ret="string"} - TE_TranslateNativeName = TitanEngine.TranslateNativeName --- --- TitanEngine.Injector.functions: --- --- __declspec(dllexport) bool __stdcall RemoteLoadLibrary(HANDLE hProcess, char* szLibraryFile, bool WaitForThreadExit); - TitanEngine.RemoteLoadLibrary:types {"long","string","long",abi="stdcall",ret="byte"} - TE_RemoteLoadLibrary = TitanEngine.RemoteLoadLibrary --- __declspec(dllexport) bool __stdcall RemoteFreeLibrary(HANDLE hProcess, HMODULE hModule, char* szLibraryFile, bool WaitForThreadExit); - TitanEngine.RemoteFreeLibrary:types {"long","long","string","long",abi="stdcall",ret="byte"} - TE_RemoteFreeLibrary = TitanEngine.RemoteFreeLibrary --- __declspec(dllexport) bool __stdcall RemoteExitProcess(HANDLE hProcess, DWORD ExitCode); - TitanEngine.RemoteExitProcess:types {"long","long",abi="stdcall",ret="byte"} - TE_RemoteExitProcess = TitanEngine.RemoteExitProcess --- --- TitanEngine.StaticUnpacker.functions: --- --- __declspec(dllexport) bool __stdcall StaticFileLoad(char* szFileName, DWORD DesiredAccess, bool SimulateLoad, LPHANDLE FileHandle, LPDWORD LoadedSize, LPHANDLE FileMap, PULONG_PTR FileMapVA); - TitanEngine.StaticFileLoad:types {"string","long","long","pointer","pointer","pointer","pointer",abi="stdcall",ret="byte"} - TE_StaticFileLoad = TitanEngine.StaticFileLoad --- __declspec(dllexport) bool __stdcall StaticFileUnload(char* szFileName, bool CommitChanges, HANDLE FileHandle, DWORD LoadedSize, HANDLE FileMap, ULONG_PTR FileMapVA); - TitanEngine.StaticFileUnload:types {"string","long","long","long","long","long",abi="stdcall",ret="byte"} - TE_StaticFileUnload = TitanEngine.StaticFileUnload --- __declspec(dllexport) bool __stdcall StaticFileOpen(char* szFileName, DWORD DesiredAccess, LPHANDLE FileHandle, LPDWORD FileSizeLow, LPDWORD FileSizeHigh); - TitanEngine.StaticFileOpen:types {"string","long","pointer","pointer","pointer",abi="stdcall",ret="byte"} - TE_StaticFileOpen = TitanEngine.StaticFileOpen --- __declspec(dllexport) bool __stdcall StaticFileGetContent(HANDLE FileHandle, DWORD FilePositionLow, LPDWORD FilePositionHigh, void* Buffer, DWORD Size); - TitanEngine.StaticFileGetContent:types {"long","long","pointer","pointer","long",abi="stdcall",ret="byte"} - TE_StaticFileGetContent = TitanEngine.StaticFileGetContent --- __declspec(dllexport) void __stdcall StaticFileClose(HANDLE FileHandle); - TitanEngine.StaticFileClose:types {"long",abi="stdcall"} - TE_StaticFileClose = TitanEngine.StaticFileClose --- __declspec(dllexport) void __stdcall StaticMemoryDecrypt(LPVOID MemoryStart, DWORD MemorySize, DWORD DecryptionType, DWORD DecryptionKeySize, ULONG_PTR DecryptionKey); - TitanEngine.StaticMemoryDecrypt:types {"long","long","long","long","long",abi="stdcall"} - TE_StaticMemoryDecrypt = TitanEngine.StaticMemoryDecrypt --- __declspec(dllexport) void __stdcall StaticMemoryDecryptEx(LPVOID MemoryStart, DWORD MemorySize, DWORD DecryptionKeySize, void* DecryptionCallBack); - TitanEngine.StaticMemoryDecryptEx:types {"long","long","long","long","callback",abi="stdcall"} - TE_StaticMemoryDecryptEx = TitanEngine.StaticMemoryDecryptEx --- __declspec(dllexport) void __stdcall StaticMemoryDecryptSpecial(LPVOID MemoryStart, DWORD MemorySize, DWORD DecryptionKeySize, DWORD SpecDecryptionType, void* DecryptionCallBack); - TitanEngine.StaticMemoryDecryptSpecial:types {"long","long","long","long","callback",abi="stdcall"} - TE_StaticMemoryDecryptSpecial = TitanEngine.StaticMemoryDecryptSpecial --- __declspec(dllexport) void __stdcall StaticSectionDecrypt(ULONG_PTR FileMapVA, DWORD SectionNumber, bool SimulateLoad, DWORD DecryptionType, DWORD DecryptionKeySize, ULONG_PTR DecryptionKey); - TitanEngine.StaticSectionDecrypt:types {"long","long","long","long","long","long",abi="stdcall"} - TE_StaticSectionDecrypt = TitanEngine.StaticSectionDecrypt --- __declspec(dllexport) bool __stdcall StaticMemoryDecompress(void* Source, DWORD SourceSize, void* Destination, DWORD DestinationSize, int Algorithm); - TitanEngine.StaticMemoryDecompress:types {"pointer","long","pointer","long","long",abi="stdcall",ret="byte"} - TE_StaticMemoryDecompress = TitanEngine.StaticMemoryDecompress --- __declspec(dllexport) bool __stdcall StaticRawMemoryCopy(HANDLE hFile, ULONG_PTR FileMapVA, ULONG_PTR VitualAddressToCopy, DWORD Size, bool AddressIsRVA, char* szDumpFileName); - TitanEngine.StaticRawMemoryCopy:types {"long","long","long","long","long","string",abi="stdcall",ret="byte"} - TE_StaticRawMemoryCopy = TitanEngine.StaticRawMemoryCopy --- __declspec(dllexport) bool __stdcall StaticRawMemoryCopyEx(HANDLE hFile, ULONG_PTR RawAddressToCopy, DWORD Size, char* szDumpFileName); - TitanEngine.StaticRawMemoryCopyEx:types {"long","long","long","string",abi="stdcall",ret="byte"} - TE_StaticRawMemoryCopyEx = TitanEngine.StaticRawMemoryCopyEx --- __declspec(dllexport) bool __stdcall StaticHashMemory(void* MemoryToHash, DWORD SizeOfMemory, void* HashDigest, bool OutputString, int Algorithm); - TitanEngine.StaticHashMemory:types {"long","long","pointer","long","long",abi="stdcall",ret="byte"} - TE_StaticHashMemory = TitanEngine.StaticHashMemory --- __declspec(dllexport) bool __stdcall StaticHashFile(char* szFileName, char* HashDigest, bool OutputString, int Algorithm); - TitanEngine.StaticHashFile:types {"string","string","long","long",abi="stdcall",ret="byte"} - TE_StaticHashFile = TitanEngine.StaticHashFile --- CallBacks: --- typedef bool(__stdcall *fStaticCallBack)(void* sMemoryStart, int sKeySize); --- TE_StaticMemoryDecryptEx_CB = alien.callback(YourFunctionHere, "pointer", "int", abi = "stdcall", ret = "byte") --- TE_StaticMemoryDecryptSpecial_CB = alien.callback(YourFunctionHere, "pointer", "int", abi = "stdcall", ret = "byte") --- --- TitanEngine.Engine.functions: --- --- __declspec(dllexport) void __stdcall SetEngineVariable(DWORD VariableId, bool VariableSet); - TitanEngine.SetEngineVariable:types {"long","long",abi="stdcall"} - TE_SetEngineVariable = TitanEngine.SetEngineVariable --- __declspec(dllexport) bool __stdcall EngineCreateMissingDependencies(char* szFileName, char* szOutputFolder, bool LogCreatedFiles); - TitanEngine.EngineCreateMissingDependencies:types {"string","string","long",abi="stdcall",ret="byte"} - TE_EngineCreateMissingDependencies = TitanEngine.EngineCreateMissingDependencies --- __declspec(dllexport) bool __stdcall EngineFakeMissingDependencies(HANDLE hProcess); - TitanEngine.EngineFakeMissingDependencies:types {"long",abi="stdcall",ret="byte"} - TE_EngineFakeMissingDependencies = TitanEngine.EngineFakeMissingDependencies --- __declspec(dllexport) bool __stdcall EngineDeleteCreatedDependencies(); - TitanEngine.EngineDeleteCreatedDependencies:types {abi="stdcall",ret="byte"} - TE_EngineDeleteCreatedDependencies = TitanEngine.EngineDeleteCreatedDependencies --- __declspec(dllexport) bool __stdcall EngineCreateUnpackerWindow(char* WindowUnpackerTitle, char* WindowUnpackerLongTitle, char* WindowUnpackerName, char* WindowUnpackerAuthor, void* StartUnpackingCallBack); - TitanEngine.EngineCreateUnpackerWindow:types {"string","string","string","string","callback",abi="stdcall",ret="byte"} - TE_EngineCreateUnpackerWindow = TitanEngine.EngineCreateUnpackerWindow --- __declspec(dllexport) bool __stdcall EngineAddUnpackerWindowLogMessage(char* szLogMessage); - TitanEngine.EngineAddUnpackerWindowLogMessage:types {"string",abi="stdcall",ret="byte"} - TE_EngineAddUnpackerWindowLogMessage = TitanEngine.EngineAddUnpackerWindowLogMessage --- --- TitanEngine.Engine.functions: --- --- __declspec(dllexport) bool __stdcall ExtensionManagerIsPluginLoaded(char* szPluginName); - TitanEngine.ExtensionManagerIsPluginLoaded:types {"string",abi="stdcall",ret="byte"} - TE_ExtensionManagerIsPluginLoaded = TitanEngine.ExtensionManagerIsPluginLoaded --- __declspec(dllexport) bool __stdcall ExtensionManagerIsPluginEnabled(char* szPluginName); - TitanEngine.ExtensionManagerIsPluginEnabled:types {"string",abi="stdcall",ret="byte"} - TE_ExtensionManagerIsPluginEnabled = TitanEngine.ExtensionManagerIsPluginEnabled --- __declspec(dllexport) bool __stdcall ExtensionManagerDisableAllPlugins(); - TitanEngine.ExtensionManagerDisableAllPlugins:types {abi="stdcall",ret="byte"} - TE_ExtensionManagerDisableAllPlugins = TitanEngine.ExtensionManagerDisableAllPlugins --- __declspec(dllexport) bool __stdcall ExtensionManagerDisablePlugin(char* szPluginName); - TitanEngine.ExtensionManagerDisablePlugin:types {"string",abi="stdcall",ret="byte"} - TE_ExtensionManagerDisablePlugin = TitanEngine.ExtensionManagerDisablePlugin --- __declspec(dllexport) bool __stdcall ExtensionManagerEnableAllPlugins(); - TitanEngine.ExtensionManagerEnableAllPlugins:types {abi="stdcall",ret="byte"} - TE_ExtensionManagerEnableAllPlugins = TitanEngine.ExtensionManagerEnableAllPlugins --- __declspec(dllexport) bool __stdcall ExtensionManagerEnablePlugin(char* szPluginName); - TitanEngine.ExtensionManagerEnablePlugin:types {"string",abi="stdcall",ret="byte"} - TE_ExtensionManagerEnablePlugin = TitanEngine.ExtensionManagerEnablePlugin --- __declspec(dllexport) bool __stdcall ExtensionManagerUnloadAllPlugins(); - TitanEngine.ExtensionManagerUnloadAllPlugins:types {abi="stdcall",ret="byte"} - TE_ExtensionManagerUnloadAllPlugins = TitanEngine.ExtensionManagerUnloadAllPlugins --- __declspec(dllexport) bool __stdcall ExtensionManagerUnloadPlugin(char* szPluginName); - TitanEngine.ExtensionManagerUnloadPlugin:types {"string",abi="stdcall",ret="byte"} - TE_ExtensionManagerUnloadPlugin = TitanEngine.ExtensionManagerUnloadPlugin diff --git a/SDK/MASM/TitanEngine.INC b/SDK/MASM/TitanEngine.INC deleted file mode 100644 index 0479dcd..0000000 --- a/SDK/MASM/TitanEngine.INC +++ /dev/null @@ -1,826 +0,0 @@ -;--- include file created by h2incx v0.99.20 (copyright 2005-2009 japheth) -;--- source file: C:\Users\Administrator\Desktop\h2incx\SDK.h, last modified: 3/8/2010 17:0 -;--- cmdline used for creation: -a -b -d3 -y sdk.h - -include windows.inc -includelib TitanEngine_x86.lib - -UE_ACCESS_READ EQU 0 -UE_ACCESS_WRITE EQU 1 -UE_ACCESS_ALL EQU 2 -UE_HIDE_BASIC EQU 1 -UE_PLUGIN_CALL_REASON_PREDEBUG EQU 1 -UE_PLUGIN_CALL_REASON_EXCEPTION EQU 2 -UE_PLUGIN_CALL_REASON_POSTDEBUG EQU 3 -TEE_HOOK_NRM_JUMP EQU 1 -TEE_HOOK_NRM_CALL EQU 3 -TEE_HOOK_IAT EQU 5 -UE_ENGINE_ALOW_MODULE_LOADING EQU 1 -UE_ENGINE_AUTOFIX_FORWARDERS EQU 2 -UE_ENGINE_PASS_ALL_EXCEPTIONS EQU 3 -UE_ENGINE_NO_CONSOLE_WINDOW EQU 4 -UE_ENGINE_BACKUP_FOR_CRITICAL_FUNCTIONS EQU 5 -UE_ENGINE_CALL_PLUGIN_CALLBACK EQU 6 -UE_ENGINE_RESET_CUSTOM_HANDLER EQU 7 -UE_ENGINE_CALL_PLUGIN_DEBUG_CALLBACK EQU 8 -UE_ENGINE_SAFE_ATTACH EQU 10 -UE_ENGINE_SET_DEBUG_PRIVILEGE EQU 9 -UE_OPTION_REMOVEALL EQU 1 -UE_OPTION_DISABLEALL EQU 2 -UE_OPTION_REMOVEALLDISABLED EQU 3 -UE_OPTION_REMOVEALLENABLED EQU 4 -UE_STATIC_DECRYPTOR_XOR EQU 1 -UE_STATIC_DECRYPTOR_SUB EQU 2 -UE_STATIC_DECRYPTOR_ADD EQU 3 -UE_STATIC_DECRYPTOR_FOREWARD EQU 1 -UE_STATIC_DECRYPTOR_BACKWARD EQU 2 -UE_STATIC_KEY_SIZE_1 EQU 1 -UE_STATIC_KEY_SIZE_2 EQU 2 -UE_STATIC_KEY_SIZE_4 EQU 4 -UE_STATIC_KEY_SIZE_8 EQU 8 -UE_STATIC_APLIB EQU 1 -UE_STATIC_APLIB_DEPACK EQU 2 -UE_STATIC_LZMA EQU 3 -UE_STATIC_HASH_MD5 EQU 1 -UE_STATIC_HASH_SHA1 EQU 2 -UE_STATIC_HASH_CRC32 EQU 3 -UE_RESOURCE_LANGUAGE_ANY EQU - 1 -UE_PE_OFFSET EQU 0 -UE_IMAGEBASE EQU 1 -UE_OEP EQU 2 -UE_SIZEOFIMAGE EQU 3 -UE_SIZEOFHEADERS EQU 4 -UE_SIZEOFOPTIONALHEADER EQU 5 -UE_SECTIONALIGNMENT EQU 6 -UE_IMPORTTABLEADDRESS EQU 7 -UE_IMPORTTABLESIZE EQU 8 -UE_RESOURCETABLEADDRESS EQU 9 -UE_RESOURCETABLESIZE EQU 10 -UE_EXPORTTABLEADDRESS EQU 11 -UE_EXPORTTABLESIZE EQU 12 -UE_TLSTABLEADDRESS EQU 13 -UE_TLSTABLESIZE EQU 14 -UE_RELOCATIONTABLEADDRESS EQU 15 -UE_RELOCATIONTABLESIZE EQU 16 -UE_TIMEDATESTAMP EQU 17 -UE_SECTIONNUMBER EQU 18 -UE_CHECKSUM EQU 19 -UE_SUBSYSTEM EQU 20 -UE_CHARACTERISTICS EQU 21 -UE_NUMBEROFRVAANDSIZES EQU 22 -UE_SECTIONNAME EQU 23 -UE_SECTIONVIRTUALOFFSET EQU 24 -UE_SECTIONVIRTUALSIZE EQU 25 -UE_SECTIONRAWOFFSET EQU 26 -UE_SECTIONRAWSIZE EQU 27 -UE_SECTIONFLAGS EQU 28 -UE_CH_BREAKPOINT EQU 1 -UE_CH_SINGLESTEP EQU 2 -UE_CH_ACCESSVIOLATION EQU 3 -UE_CH_ILLEGALINSTRUCTION EQU 4 -UE_CH_NONCONTINUABLEEXCEPTION EQU 5 -UE_CH_ARRAYBOUNDSEXCEPTION EQU 6 -UE_CH_FLOATDENORMALOPERAND EQU 7 -UE_CH_FLOATDEVIDEBYZERO EQU 8 -UE_CH_INTEGERDEVIDEBYZERO EQU 9 -UE_CH_INTEGEROVERFLOW EQU 10 -UE_CH_PRIVILEGEDINSTRUCTION EQU 11 -UE_CH_PAGEGUARD EQU 12 -UE_CH_EVERYTHINGELSE EQU 13 -UE_CH_CREATETHREAD EQU 14 -UE_CH_EXITTHREAD EQU 15 -UE_CH_CREATEPROCESS EQU 16 -UE_CH_EXITPROCESS EQU 17 -UE_CH_LOADDLL EQU 18 -UE_CH_UNLOADDLL EQU 19 -UE_CH_OUTPUTDEBUGSTRING EQU 20 -UE_CH_AFTEREXCEPTIONPROCESSING EQU 21 -UE_CH_SYSTEMBREAKPOINT EQU 23 -UE_CH_UNHANDLEDEXCEPTION EQU 24 -UE_CH_RIPEVENT EQU 25 -UE_CH_DEBUGEVENT EQU 26 - -UE_OPTION_HANDLER_RETURN_HANDLECOUNT EQU 1 -UE_OPTION_HANDLER_RETURN_ACCESS EQU 2 -UE_OPTION_HANDLER_RETURN_FLAGS EQU 3 -UE_OPTION_HANDLER_RETURN_TYPENAME EQU 4 -UE_BREAKPOINT_INT3 EQU 1 -UE_BREAKPOINT_LONG_INT3 EQU 2 -UE_BREAKPOINT_UD2 EQU 3 -UE_BPXREMOVED EQU 0 -UE_BPXACTIVE EQU 1 -UE_BPXINACTIVE EQU 2 -UE_BREAKPOINT EQU 0 -UE_SINGLESHOOT EQU 1 -UE_HARDWARE EQU 2 -UE_MEMORY EQU 3 -UE_MEMORY_READ EQU 4 -UE_MEMORY_WRITE EQU 5 -UE_MEMORY_EXECUTE EQU 6 -UE_BREAKPOINT_TYPE_INT3 EQU 10000000h -UE_BREAKPOINT_TYPE_LONG_INT3 EQU 20000000h -UE_BREAKPOINT_TYPE_UD2 EQU 30000000h -UE_HARDWARE_EXECUTE EQU 4 -UE_HARDWARE_WRITE EQU 5 -UE_HARDWARE_READWRITE EQU 6 -UE_HARDWARE_SIZE_1 EQU 7 -UE_HARDWARE_SIZE_2 EQU 8 -UE_HARDWARE_SIZE_4 EQU 9 -UE_ON_LIB_LOAD EQU 1 -UE_ON_LIB_UNLOAD EQU 2 -UE_ON_LIB_ALL EQU 3 -UE_APISTART EQU 0 -UE_APIEND EQU 1 -UE_PLATFORM_x86 EQU 1 -UE_PLATFORM_x64 EQU 2 -UE_PLATFORM_ALL EQU 3 -UE_FUNCTION_STDCALL EQU 1 -UE_FUNCTION_CCALL EQU 2 -UE_FUNCTION_FASTCALL EQU 3 -UE_FUNCTION_STDCALL_RET EQU 4 -UE_FUNCTION_CCALL_RET EQU 5 -UE_FUNCTION_FASTCALL_RET EQU 6 -UE_FUNCTION_STDCALL_CALL EQU 7 -UE_FUNCTION_CCALL_CALL EQU 8 -UE_FUNCTION_FASTCALL_CALL EQU 9 -UE_PARAMETER_BYTE EQU 0 -UE_PARAMETER_WORD EQU 1 -UE_PARAMETER_DWORD EQU 2 -UE_PARAMETER_QWORD EQU 3 -UE_PARAMETER_PTR_BYTE EQU 4 -UE_PARAMETER_PTR_WORD EQU 5 -UE_PARAMETER_PTR_DWORD EQU 6 -UE_PARAMETER_PTR_QWORD EQU 7 -UE_PARAMETER_STRING EQU 8 -UE_PARAMETER_UNICODE EQU 9 -UE_EAX EQU 1 -UE_EBX EQU 2 -UE_ECX EQU 3 -UE_EDX EQU 4 -UE_EDI EQU 5 -UE_ESI EQU 6 -UE_EBP EQU 7 -UE_ESP EQU 8 -UE_EIP EQU 9 -UE_EFLAGS EQU 10 -UE_DR0 EQU 11 -UE_DR1 EQU 12 -UE_DR2 EQU 13 -UE_DR3 EQU 14 -UE_DR6 EQU 15 -UE_DR7 EQU 16 -UE_RAX EQU 17 -UE_RBX EQU 18 -UE_RCX EQU 19 -UE_RDX EQU 20 -UE_RDI EQU 21 -UE_RSI EQU 22 -UE_RBP EQU 23 -UE_RSP EQU 24 -UE_RIP EQU 25 -UE_RFLAGS EQU 26 -UE_R8 EQU 27 -UE_R9 EQU 28 -UE_R10 EQU 29 -UE_R11 EQU 30 -UE_R12 EQU 31 -UE_R13 EQU 32 -UE_R14 EQU 33 -UE_R15 EQU 34 -UE_CIP EQU 35 -UE_CSP EQU 36 -UE_SEG_GS EQU 37 -UE_SEG_FS EQU 38 -UE_SEG_ES EQU 39 -UE_SEG_DS EQU 40 -UE_SEG_CS EQU 41 -UE_SEG_SS EQU 42 -ifndef @align -@align equ <> -endif -PE32Struct struct @align -PE32Offset DWORD ? -ImageBase DWORD ? -OriginalEntryPoint DWORD ? -NtSizeOfImage DWORD ? -NtSizeOfHeaders DWORD ? -SizeOfOptionalHeaders WORD ? -FileAlignment DWORD ? -SectionAligment DWORD ? -ImportTableAddress DWORD ? -ImportTableSize DWORD ? -ResourceTableAddress DWORD ? -ResourceTableSize DWORD ? -ExportTableAddress DWORD ? -ExportTableSize DWORD ? -TLSTableAddress DWORD ? -TLSTableSize DWORD ? -RelocationTableAddress DWORD ? -RelocationTableSize DWORD ? -TimeDateStamp DWORD ? -SectionNumber WORD ? -CheckSum DWORD ? -SubSystem WORD ? -Characteristics WORD ? -NumberOfRvaAndSizes DWORD ? -PE32Struct ends - -PPE32Struct typedef ptr PE32Struct - -ImportEnumData struct @align -NewDll bool ? -NumberOfImports DWORD ? -ImageBase DWORD ? -BaseImportThunk DWORD ? -ImportThunk DWORD ? -APIName DWORD ? -DLLName DWORD ? -ImportEnumData ends - -PImportEnumData typedef ptr ImportEnumData - -THREAD_ITEM_DATA struct @align -hThread HANDLE ? -dwThreadId DWORD ? -ThreadStartAddress DWORD ? -ThreadLocalBase DWORD ? -THREAD_ITEM_DATA ends - -PTHREAD_ITEM_DATA typedef ptr THREAD_ITEM_DATA - -LIBRARY_ITEM_DATA struct @align -hFile HANDLE ? -BaseOfDll DWORD ? -hFileMapping HANDLE ? -hFileMappingView DWORD ? -szLibraryPath SBYTE MAX_PATH dup (?) -szLibraryName SBYTE MAX_PATH dup (?) -LIBRARY_ITEM_DATA ends - -PLIBRARY_ITEM_DATA typedef ptr LIBRARY_ITEM_DATA - -LIBRARY_ITEM_DATAW struct @align -hFile HANDLE ? -BaseOfDll DWORD ? -hFileMapping HANDLE ? -hFileMappingView DWORD ? -szLibraryPath WORD MAX_PATH dup (?) -szLibraryName WORD MAX_PATH dup (?) -LIBRARY_ITEM_DATAW ends - -PLIBRARY_ITEM_DATAW typedef ptr LIBRARY_ITEM_DATAW - -PROCESS_ITEM_DATA struct @align -hProcess HANDLE ? -dwProcessId DWORD ? -hThread HANDLE ? -dwThreadId DWORD ? -hFile HANDLE ? -BaseOfImage DWORD ? -ThreadStartAddress DWORD ? -ThreadLocalBase DWORD ? -PROCESS_ITEM_DATA ends - -PPROCESS_ITEM_DATA typedef ptr PROCESS_ITEM_DATA - -HandlerArray struct @align -ProcessId DWORD ? -hHandle HANDLE ? -HandlerArray ends - -PHandlerArray typedef ptr HandlerArray - -PluginInformation struct @align -PluginName SBYTE 64 dup (?) -PluginMajorVersion DWORD ? -PluginMinorVersion DWORD ? -PluginBaseAddress HMODULE ? -TitanDebuggingCallBack DWORD ? -TitanRegisterPlugin DWORD ? -TitanReleasePlugin DWORD ? -TitanResetPlugin DWORD ? -PluginDisabled bool ? -PluginInformation ends - -PPluginInformation typedef ptr PluginInformation - -TEE_MAXIMUM_HOOK_SIZE EQU 14 -TEE_MAXIMUM_HOOK_RELOCS EQU 7 -TEE_MAXIMUM_HOOK_INSERT_SIZE EQU 5 - -HOOK_ENTRY struct @align -IATHook bool ? -HookType BYTE ? -HookSize DWORD ? -HookAddress DWORD ? -RedirectionAddress DWORD ? -HookBytes BYTE TEE_MAXIMUM_HOOK_SIZE dup (?) -OriginalBytes BYTE TEE_MAXIMUM_HOOK_SIZE dup (?) -IATHookModuleBase DWORD ? -IATHookNameHash DWORD ? -HookIsEnabled bool ? -HookIsRemote bool ? -PatchedEntry DWORD ? -RelocationInfo DWORD TEE_MAXIMUM_HOOK_RELOCS dup (?) -RelocationCount DWORD ? -HOOK_ENTRY ends - -PHOOK_ENTRY typedef ptr HOOK_ENTRY - -UE_DEPTH_SURFACE EQU 0 -UE_DEPTH_DEEP EQU 1 -UE_UNPACKER_CONDITION_SEARCH_FROM_EP EQU 1 -UE_UNPACKER_CONDITION_LOADLIBRARY EQU 1 -UE_UNPACKER_CONDITION_GETPROCADDRESS EQU 2 -UE_UNPACKER_CONDITION_ENTRYPOINTBREAK EQU 3 -UE_UNPACKER_CONDITION_RELOCSNAPSHOT1 EQU 4 -UE_UNPACKER_CONDITION_RELOCSNAPSHOT2 EQU 5 -UE_FIELD_OK EQU 0 -UE_FIELD_BROKEN_NON_FIXABLE EQU 1 -UE_FIELD_BROKEN_NON_CRITICAL EQU 2 -UE_FIELD_BROKEN_FIXABLE_FOR_STATIC_USE EQU 3 -UE_FIELD_BROKEN_BUT_CAN_BE_EMULATED EQU 4 -UE_FIELD_FIXABLE_NON_CRITICAL EQU 5 -UE_FIELD_FIXABLE_CRITICAL EQU 6 -UE_FIELD_NOT_PRESET EQU 7 -UE_FIELD_NOT_PRESET_WARNING EQU 8 -UE_RESULT_FILE_OK EQU 10 -UE_RESULT_FILE_INVALID_BUT_FIXABLE EQU 11 -UE_RESULT_FILE_INVALID_AND_NON_FIXABLE EQU 12 -UE_RESULT_FILE_INVALID_FORMAT EQU 13 -FILE_STATUS_INFO struct @align -OveralEvaluation BYTE ? -EvaluationTerminatedByException bool ? -FileIs64Bit bool ? -FileIsDLL bool ? -FileIsConsole bool ? -MissingDependencies bool ? -MissingDeclaredAPIs bool ? -SignatureMZ BYTE ? -SignaturePE BYTE ? -EntryPoint BYTE ? -ImageBase BYTE ? -SizeOfImage BYTE ? -FileAlignment BYTE ? -SectionAlignment BYTE ? -ExportTable BYTE ? -RelocationTable BYTE ? -ImportTable BYTE ? -ImportTableSection BYTE ? -ImportTableData BYTE ? -IATTable BYTE ? -TLSTable BYTE ? -LoadConfigTable BYTE ? -BoundImportTable BYTE ? -COMHeaderTable BYTE ? -ResourceTable BYTE ? -ResourceData BYTE ? -SectionTable BYTE ? -FILE_STATUS_INFO ends - -PFILE_STATUS_INFO typedef ptr FILE_STATUS_INFO - -FILE_FIX_INFO struct @align -OveralEvaluation BYTE ? -FixingTerminatedByException bool ? -FileFixPerformed bool ? -StrippedRelocation bool ? -DontFixRelocations bool ? -OriginalRelocationTableAddress DWORD ? -OriginalRelocationTableSize DWORD ? -StrippedExports bool ? -DontFixExports bool ? -OriginalExportTableAddress DWORD ? -OriginalExportTableSize DWORD ? -StrippedResources bool ? -DontFixResources bool ? -OriginalResourceTableAddress DWORD ? -OriginalResourceTableSize DWORD ? -StrippedTLS bool ? -DontFixTLS bool ? -OriginalTLSTableAddress DWORD ? -OriginalTLSTableSize DWORD ? -StrippedLoadConfig bool ? -DontFixLoadConfig bool ? -OriginalLoadConfigTableAddress DWORD ? -OriginalLoadConfigTableSize DWORD ? -StrippedBoundImports bool ? -DontFixBoundImports bool ? -OriginalBoundImportTableAddress DWORD ? -OriginalBoundImportTableSize DWORD ? -StrippedIAT bool ? -DontFixIAT bool ? -OriginalImportAddressTableAddress DWORD ? -OriginalImportAddressTableSize DWORD ? -StrippedCOM bool ? -DontFixCOM bool ? -OriginalCOMTableAddress DWORD ? -OriginalCOMTableSize DWORD ? -FILE_FIX_INFO ends - -PFILE_FIX_INFO typedef ptr FILE_FIX_INFO - -DumpProcess proto stdcall :HANDLE, :LPVOID, :ptr SBYTE, :DWORD -DumpProcessW proto stdcall :HANDLE, :LPVOID, :ptr WORD, :DWORD -DumpProcessEx proto stdcall :DWORD, :LPVOID, :ptr SBYTE, :DWORD -DumpProcessExW proto stdcall :DWORD, :LPVOID, :ptr WORD, :DWORD -DumpMemory proto stdcall :HANDLE, :LPVOID, :DWORD, :ptr SBYTE -DumpMemoryW proto stdcall :HANDLE, :LPVOID, :DWORD, :ptr WORD -DumpMemoryEx proto stdcall :DWORD, :LPVOID, :DWORD, :ptr SBYTE -DumpMemoryExW proto stdcall :DWORD, :LPVOID, :DWORD, :ptr WORD -DumpRegions proto stdcall :HANDLE, :ptr SBYTE, :bool -DumpRegionsW proto stdcall :HANDLE, :ptr WORD, :bool -DumpRegionsEx proto stdcall :DWORD, :ptr SBYTE, :bool -DumpRegionsExW proto stdcall :DWORD, :ptr WORD, :bool -DumpModule proto stdcall :HANDLE, :LPVOID, :ptr SBYTE -DumpModuleW proto stdcall :HANDLE, :LPVOID, :ptr WORD -DumpModuleEx proto stdcall :DWORD, :LPVOID, :ptr SBYTE -DumpModuleExW proto stdcall :DWORD, :LPVOID, :ptr WORD -PastePEHeader proto stdcall :HANDLE, :LPVOID, :ptr SBYTE -PastePEHeaderW proto stdcall :HANDLE, :LPVOID, :ptr WORD -ExtractSection proto stdcall :ptr SBYTE, :ptr SBYTE, :DWORD -ExtractSectionW proto stdcall :ptr WORD, :ptr WORD, :DWORD -ResortFileSections proto stdcall :ptr SBYTE -ResortFileSectionsW proto stdcall :ptr WORD -FindOverlay proto stdcall :ptr SBYTE, :LPDWORD, :LPDWORD -FindOverlayW proto stdcall :ptr WORD, :LPDWORD, :LPDWORD -ExtractOverlay proto stdcall :ptr SBYTE, :ptr SBYTE -ExtractOverlayW proto stdcall :ptr WORD, :ptr WORD -AddOverlay proto stdcall :ptr SBYTE, :ptr SBYTE -AddOverlayW proto stdcall :ptr WORD, :ptr WORD -CopyOverlay proto stdcall :ptr SBYTE, :ptr SBYTE -CopyOverlayW proto stdcall :ptr WORD, :ptr WORD -RemoveOverlay proto stdcall :ptr SBYTE -RemoveOverlayW proto stdcall :ptr WORD -MakeAllSectionsRWE proto stdcall :ptr SBYTE -MakeAllSectionsRWEW proto stdcall :ptr WORD -AddNewSectionEx proto stdcall :ptr SBYTE, :ptr SBYTE, :DWORD, :DWORD, :LPVOID, :DWORD -AddNewSectionExW proto stdcall :ptr WORD, :ptr SBYTE, :DWORD, :DWORD, :LPVOID, :DWORD -AddNewSection proto stdcall :ptr SBYTE, :ptr SBYTE, :DWORD -AddNewSectionW proto stdcall :ptr WORD, :ptr SBYTE, :DWORD -ResizeLastSection proto stdcall :ptr SBYTE, :DWORD, :bool -ResizeLastSectionW proto stdcall :ptr WORD, :DWORD, :bool -SetSharedOverlay proto stdcall :ptr SBYTE -SetSharedOverlayW proto stdcall :ptr WORD -GetSharedOverlay proto stdcall -GetSharedOverlayW proto stdcall -DeleteLastSection proto stdcall :ptr SBYTE -DeleteLastSectionW proto stdcall :ptr WORD -DeleteLastSectionEx proto stdcall :ptr SBYTE, :DWORD -DeleteLastSectionExW proto stdcall :ptr WORD, :DWORD -GetPE32DataFromMappedFile proto stdcall :DWORD, :DWORD, :DWORD -GetPE32Data proto stdcall :ptr SBYTE, :DWORD, :DWORD -GetPE32DataW proto stdcall :ptr WORD, :DWORD, :DWORD -GetPE32DataFromMappedFileEx proto stdcall :DWORD, :LPVOID -GetPE32DataEx proto stdcall :ptr SBYTE, :LPVOID -GetPE32DataExW proto stdcall :ptr WORD, :LPVOID -SetPE32DataForMappedFile proto stdcall :DWORD, :DWORD, :DWORD, :DWORD -SetPE32Data proto stdcall :ptr SBYTE, :DWORD, :DWORD, :DWORD -SetPE32DataW proto stdcall :ptr WORD, :DWORD, :DWORD, :DWORD -SetPE32DataForMappedFileEx proto stdcall :DWORD, :LPVOID -SetPE32DataEx proto stdcall :ptr SBYTE, :LPVOID -GetPE32SectionNumberFromVA proto stdcall :DWORD, :DWORD -ConvertVAtoFileOffset proto stdcall :DWORD, :DWORD, :bool -ConvertVAtoFileOffsetEx proto stdcall :DWORD, :DWORD, :DWORD, :DWORD, :bool, :bool -ConvertFileOffsetToVA proto stdcall :DWORD, :DWORD, :bool -ConvertFileOffsetToVAEx proto stdcall :DWORD, :DWORD, :DWORD, :DWORD, :bool -FixHeaderCheckSum proto stdcall :ptr SBYTE -FixHeaderCheckSumW proto stdcall :ptr WORD -RealignPE proto stdcall :DWORD, :DWORD, :DWORD -RealignPEEx proto stdcall :ptr SBYTE, :DWORD, :DWORD -RealignPEExW proto stdcall :ptr WORD, :DWORD, :DWORD -WipeSection proto stdcall :ptr SBYTE, :DWORD, :bool -WipeSectionW proto stdcall :ptr WORD, :DWORD, :bool -IsPE32FileValidEx proto stdcall :ptr SBYTE, :DWORD, :LPVOID -IsPE32FileValidExW proto stdcall :ptr WORD, :DWORD, :LPVOID -FixBrokenPE32FileEx proto stdcall :ptr SBYTE, :LPVOID, :LPVOID -FixBrokenPE32FileExW proto stdcall :ptr WORD, :LPVOID, :LPVOID -IsFileDLL proto stdcall :ptr SBYTE, :DWORD -IsFileDLLW proto stdcall :ptr WORD, :DWORD -GetPEBLocation proto stdcall :HANDLE -GetPEBLocation64 proto stdcall :HANDLE -HideDebugger proto stdcall :HANDLE, :DWORD -UnHideDebugger proto stdcall :HANDLE, :DWORD -RelocaterCleanup proto stdcall -RelocaterInit proto stdcall :DWORD, :DWORD, :DWORD -RelocaterAddNewRelocation proto stdcall :HANDLE, :DWORD, :DWORD -RelocaterEstimatedSize proto stdcall -RelocaterExportRelocation proto stdcall :DWORD, :DWORD, :DWORD -RelocaterExportRelocationEx proto stdcall :ptr SBYTE, :ptr SBYTE -RelocaterExportRelocationExW proto stdcall :ptr WORD, :ptr SBYTE -RelocaterGrabRelocationTable proto stdcall :HANDLE, :DWORD, :DWORD -RelocaterGrabRelocationTableEx proto stdcall :HANDLE, :DWORD, :DWORD, :DWORD -RelocaterMakeSnapshot proto stdcall :HANDLE, :ptr SBYTE, :LPVOID, :DWORD -RelocaterMakeSnapshotW proto stdcall :HANDLE, :ptr WORD, :LPVOID, :DWORD -RelocaterCompareTwoSnapshots proto stdcall :HANDLE, :DWORD, :DWORD, :ptr SBYTE, :ptr SBYTE, :DWORD -RelocaterCompareTwoSnapshotsW proto stdcall :HANDLE, :DWORD, :DWORD, :ptr WORD, :ptr WORD, :DWORD -RelocaterChangeFileBase proto stdcall :ptr SBYTE, :DWORD -RelocaterChangeFileBaseW proto stdcall :ptr WORD, :DWORD -RelocaterRelocateMemoryBlock proto stdcall :DWORD, :DWORD, :ptr , :DWORD, :DWORD, :DWORD -RelocaterWipeRelocationTable proto stdcall :ptr SBYTE -RelocaterWipeRelocationTableW proto stdcall :ptr WORD -ResourcerLoadFileForResourceUse proto stdcall :ptr SBYTE -ResourcerLoadFileForResourceUseW proto stdcall :ptr WORD -ResourcerFreeLoadedFile proto stdcall :LPVOID -ResourcerExtractResourceFromFileEx proto stdcall :DWORD, :ptr SBYTE, :ptr SBYTE, :ptr SBYTE -ResourcerExtractResourceFromFile proto stdcall :ptr SBYTE, :ptr SBYTE, :ptr SBYTE, :ptr SBYTE -ResourcerExtractResourceFromFileW proto stdcall :ptr WORD, :ptr SBYTE, :ptr SBYTE, :ptr SBYTE -ResourcerFindResource proto stdcall :ptr SBYTE, :ptr SBYTE, :DWORD, :ptr SBYTE, :DWORD, :DWORD, :ptr DWORD, :LPDWORD -ResourcerFindResourceW proto stdcall :ptr WORD, :ptr WORD, :DWORD, :ptr WORD, :DWORD, :DWORD, :ptr DWORD, :LPDWORD -ResourcerFindResourceEx proto stdcall :DWORD, :DWORD, :ptr WORD, :DWORD, :ptr WORD, :DWORD, :DWORD, :ptr DWORD, :LPDWORD -ResourcerEnumerateResource proto stdcall :ptr SBYTE, :ptr -ResourcerEnumerateResourceW proto stdcall :ptr WORD, :ptr -ResourcerEnumerateResourceEx proto stdcall :DWORD, :DWORD, :ptr -ThreaderImportRunningThreadData proto stdcall :DWORD -ThreaderGetThreadInfo proto stdcall :HANDLE, :DWORD -ThreaderEnumThreadInfo proto stdcall :ptr -ThreaderPauseThread proto stdcall :HANDLE -ThreaderResumeThread proto stdcall :HANDLE -ThreaderTerminateThread proto stdcall :HANDLE, :DWORD -ThreaderPauseAllThreads proto stdcall :bool -ThreaderResumeAllThreads proto stdcall :bool -ThreaderPauseProcess proto stdcall -ThreaderResumeProcess proto stdcall -ThreaderCreateRemoteThread proto stdcall :DWORD, :bool, :LPVOID, :LPDWORD -ThreaderInjectAndExecuteCode proto stdcall :LPVOID, :DWORD, :DWORD -ThreaderCreateRemoteThreadEx proto stdcall :HANDLE, :DWORD, :bool, :LPVOID, :LPDWORD -ThreaderInjectAndExecuteCodeEx proto stdcall :HANDLE, :LPVOID, :DWORD, :DWORD -ThreaderSetCallBackForNextExitThreadEvent proto stdcall :LPVOID -ThreaderIsThreadStillRunning proto stdcall :HANDLE -ThreaderIsThreadActive proto stdcall :HANDLE -ThreaderIsAnyThreadActive proto stdcall -ThreaderExecuteOnlyInjectedThreads proto stdcall -ThreaderGetOpenHandleForThread proto stdcall :DWORD -ThreaderIsExceptionInMainThread proto stdcall -StaticDisassembleEx proto stdcall :DWORD, :LPVOID -StaticDisassemble proto stdcall :LPVOID -DisassembleEx proto stdcall :HANDLE, :LPVOID -Disassemble proto stdcall :LPVOID -StaticLengthDisassemble proto stdcall :LPVOID -LengthDisassembleEx proto stdcall :HANDLE, :LPVOID -LengthDisassemble proto stdcall :LPVOID -InitDebug proto stdcall :ptr SBYTE, :ptr SBYTE, :ptr SBYTE -InitDebugW proto stdcall :ptr WORD, :ptr WORD, :ptr WORD -InitNativeDebug proto stdcall :ptr SBYTE, :ptr SBYTE, :ptr SBYTE -InitNativeDebugW proto stdcall :ptr WORD, :ptr WORD, :ptr WORD -InitDebugEx proto stdcall :ptr SBYTE, :ptr SBYTE, :ptr SBYTE, :LPVOID -InitDebugExW proto stdcall :ptr WORD, :ptr WORD, :ptr WORD, :LPVOID -InitDLLDebug proto stdcall :ptr SBYTE, :bool, :ptr SBYTE, :ptr SBYTE, :LPVOID -InitDLLDebugW proto stdcall :ptr WORD, :bool, :ptr WORD, :ptr WORD, :LPVOID -StopDebug proto stdcall -SetBPXOptions proto stdcall :SDWORD -IsBPXEnabled proto stdcall :DWORD -EnableBPX proto stdcall :DWORD -DisableBPX proto stdcall :DWORD -SetBPX proto stdcall :DWORD, :DWORD, :LPVOID -DeleteBPX proto stdcall :DWORD -SafeDeleteBPX proto stdcall :DWORD -SetAPIBreakPoint proto stdcall :ptr SBYTE, :ptr SBYTE, :DWORD, :DWORD, :LPVOID -DeleteAPIBreakPoint proto stdcall :ptr SBYTE, :ptr SBYTE, :DWORD -SafeDeleteAPIBreakPoint proto stdcall :ptr SBYTE, :ptr SBYTE, :DWORD -SetMemoryBPX proto stdcall :DWORD, :DWORD, :LPVOID -SetMemoryBPXEx proto stdcall :DWORD, :DWORD, :DWORD, :bool, :LPVOID -RemoveMemoryBPX proto stdcall :DWORD, :DWORD -GetContextFPUDataEx proto stdcall :HANDLE, :ptr -GetContextDataEx proto stdcall :HANDLE, :DWORD -GetContextData proto stdcall :DWORD -SetContextFPUDataEx proto stdcall :HANDLE, :ptr -SetContextDataEx proto stdcall :HANDLE, :DWORD, :DWORD -SetContextData proto stdcall :DWORD, :DWORD -ClearExceptionNumber proto stdcall -CurrentExceptionNumber proto stdcall -MatchPatternEx proto stdcall :HANDLE, :ptr , :DWORD, :ptr , :DWORD, :PBYTE -MatchPattern proto stdcall :ptr , :DWORD, :ptr , :DWORD, :PBYTE -FindEx proto stdcall :HANDLE, :LPVOID, :DWORD, :LPVOID, :DWORD, :LPBYTE -Find proto stdcall :LPVOID, :DWORD, :LPVOID, :DWORD, :LPBYTE -FillEx proto stdcall :HANDLE, :LPVOID, :DWORD, :PBYTE -Fill proto stdcall :LPVOID, :DWORD, :PBYTE -PatchEx proto stdcall :HANDLE, :LPVOID, :DWORD, :LPVOID, :DWORD, :bool, :bool -Patch proto stdcall :LPVOID, :DWORD, :LPVOID, :DWORD, :bool, :bool -ReplaceEx proto stdcall :HANDLE, :LPVOID, :DWORD, :LPVOID, :DWORD, :DWORD, :LPVOID, :DWORD, :PBYTE -Replace proto stdcall :LPVOID, :DWORD, :LPVOID, :DWORD, :DWORD, :LPVOID, :DWORD, :PBYTE -GetDebugData proto stdcall -GetTerminationData proto stdcall -GetExitCode proto stdcall -GetDebuggedDLLBaseAddress proto stdcall -GetDebuggedFileBaseAddress proto stdcall -GetRemoteString proto stdcall :HANDLE, :LPVOID, :LPVOID, :DWORD -GetFunctionParameter proto stdcall :HANDLE, :DWORD, :DWORD, :DWORD -GetJumpDestinationEx proto stdcall :HANDLE, :DWORD, :bool -GetJumpDestination proto stdcall :HANDLE, :DWORD -IsJumpGoingToExecuteEx proto stdcall :HANDLE, :HANDLE, :DWORD, :DWORD -IsJumpGoingToExecute proto stdcall -SetCustomHandler proto stdcall :DWORD, :LPVOID -ForceClose proto stdcall -StepInto proto stdcall :LPVOID -StepOver proto stdcall :LPVOID -SingleStep proto stdcall :DWORD, :LPVOID -GetUnusedHardwareBreakPointRegister proto stdcall :LPDWORD -SetHardwareBreakPointEx proto stdcall :HANDLE, :DWORD, :DWORD, :DWORD, :DWORD, :LPVOID, :LPDWORD -SetHardwareBreakPoint proto stdcall :DWORD, :DWORD, :DWORD, :DWORD, :LPVOID -DeleteHardwareBreakPoint proto stdcall :DWORD -RemoveAllBreakPoints proto stdcall :DWORD -GetProcessInformation proto stdcall -GetStartupInformation proto stdcall -DebugLoop proto stdcall -SetDebugLoopTimeOut proto stdcall :DWORD -SetNextDbgContinueStatus proto stdcall :DWORD -AttachDebugger proto stdcall :DWORD, :bool, :LPVOID, :LPVOID -DetachDebugger proto stdcall :DWORD -DetachDebuggerEx proto stdcall :DWORD -DebugLoopEx proto stdcall :DWORD -AutoDebugEx proto stdcall :ptr SBYTE, :bool, :ptr SBYTE, :ptr SBYTE, :DWORD, :LPVOID -AutoDebugExW proto stdcall :ptr WORD, :bool, :ptr WORD, :ptr WORD, :DWORD, :LPVOID -IsFileBeingDebugged proto stdcall -SetErrorModel proto stdcall :bool -FindOEPInit proto stdcall -FindOEPGenerically proto stdcall :ptr SBYTE, :LPVOID, :LPVOID -FindOEPGenericallyW proto stdcall :ptr WORD, :LPVOID, :LPVOID -ImporterCleanup proto stdcall -ImporterSetImageBase proto stdcall :DWORD -ImporterSetUnknownDelta proto stdcall :DWORD -ImporterGetCurrentDelta proto stdcall -ImporterInit proto stdcall :DWORD, :DWORD -ImporterAddNewDll proto stdcall :ptr SBYTE, :DWORD -ImporterAddNewAPI proto stdcall :ptr SBYTE, :DWORD -ImporterAddNewOrdinalAPI proto stdcall :DWORD, :DWORD -ImporterGetAddedDllCount proto stdcall -ImporterGetAddedAPICount proto stdcall -ImporterGetLastAddedDLLName proto stdcall -ImporterMoveIAT proto stdcall -ImporterExportIAT proto stdcall :DWORD, :DWORD -ImporterEstimatedSize proto stdcall -ImporterExportIATEx proto stdcall :ptr SBYTE, :ptr SBYTE -ImporterExportIATExW proto stdcall :ptr WORD, :ptr SBYTE -ImporterFindAPIWriteLocation proto stdcall :ptr SBYTE -ImporterFindOrdinalAPIWriteLocation proto stdcall :DWORD -ImporterFindAPIByWriteLocation proto stdcall :DWORD -ImporterFindDLLByWriteLocation proto stdcall :DWORD -ImporterGetDLLName proto stdcall :DWORD -ImporterGetAPIName proto stdcall :DWORD -ImporterGetAPIOrdinalNumber proto stdcall :DWORD -ImporterGetAPINameEx proto stdcall :DWORD, :DWORD -ImporterGetRemoteAPIAddress proto stdcall :HANDLE, :DWORD -ImporterGetRemoteAPIAddressEx proto stdcall :ptr SBYTE, :ptr SBYTE -ImporterGetLocalAPIAddress proto stdcall :HANDLE, :DWORD -ImporterGetDLLNameFromDebugee proto stdcall :HANDLE, :DWORD -ImporterGetAPINameFromDebugee proto stdcall :HANDLE, :DWORD -ImporterGetAPIOrdinalNumberFromDebugee proto stdcall :HANDLE, :DWORD -ImporterGetDLLIndexEx proto stdcall :DWORD, :DWORD -ImporterGetDLLIndex proto stdcall :HANDLE, :DWORD, :DWORD -ImporterGetRemoteDLLBase proto stdcall :HANDLE, :HMODULE -ImporterRelocateWriteLocation proto stdcall :DWORD -ImporterIsForwardedAPI proto stdcall :HANDLE, :DWORD -ImporterGetForwardedAPIName proto stdcall :HANDLE, :DWORD -ImporterGetForwardedDLLName proto stdcall :HANDLE, :DWORD -ImporterGetForwardedDLLIndex proto stdcall :HANDLE, :DWORD, :DWORD -ImporterGetForwardedAPIOrdinalNumber proto stdcall :HANDLE, :DWORD -ImporterGetNearestAPIAddress proto stdcall :HANDLE, :DWORD -ImporterGetNearestAPIName proto stdcall :HANDLE, :DWORD -ImporterCopyOriginalIAT proto stdcall :ptr SBYTE, :ptr SBYTE -ImporterCopyOriginalIATW proto stdcall :ptr WORD, :ptr WORD -ImporterLoadImportTable proto stdcall :ptr SBYTE -ImporterLoadImportTableW proto stdcall :ptr WORD -ImporterMoveOriginalIAT proto stdcall :ptr SBYTE, :ptr SBYTE, :ptr SBYTE -ImporterMoveOriginalIATW proto stdcall :ptr WORD, :ptr WORD, :ptr SBYTE -ImporterAutoSearchIAT proto stdcall :HANDLE, :ptr SBYTE, :DWORD, :DWORD, :DWORD, :LPVOID, :LPVOID -ImporterAutoSearchIATW proto stdcall :HANDLE, :ptr WORD, :DWORD, :DWORD, :DWORD, :LPVOID, :LPVOID -ImporterAutoSearchIATEx proto stdcall :HANDLE, :DWORD, :DWORD, :DWORD, :LPVOID, :LPVOID -ImporterEnumAddedData proto stdcall :LPVOID -ImporterAutoFixIATEx proto stdcall :HANDLE, :ptr SBYTE, :ptr SBYTE, :bool, :bool, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :bool, :bool, :LPVOID -ImporterAutoFixIATExW proto stdcall :HANDLE, :ptr WORD, :ptr SBYTE, :bool, :bool, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :bool, :bool, :LPVOID -ImporterAutoFixIAT proto stdcall :HANDLE, :ptr SBYTE, :DWORD, :DWORD, :DWORD, :DWORD -ImporterAutoFixIATW proto stdcall :HANDLE, :ptr WORD, :DWORD, :DWORD, :DWORD, :DWORD -HooksSafeTransitionEx proto stdcall :LPVOID, :DWORD, :bool -HooksSafeTransition proto stdcall :LPVOID, :bool -HooksIsAddressRedirected proto stdcall :LPVOID -HooksGetTrampolineAddress proto stdcall :LPVOID -HooksGetHookEntryDetails proto stdcall :LPVOID -HooksInsertNewRedirection proto stdcall :LPVOID, :LPVOID, :DWORD -HooksInsertNewIATRedirectionEx proto stdcall :DWORD, :DWORD, :ptr SBYTE, :LPVOID -HooksInsertNewIATRedirection proto stdcall :ptr SBYTE, :ptr SBYTE, :LPVOID -HooksRemoveRedirection proto stdcall :LPVOID, :bool -HooksRemoveRedirectionsForModule proto stdcall :HMODULE -HooksRemoveIATRedirection proto stdcall :ptr SBYTE, :ptr SBYTE, :bool -HooksDisableRedirection proto stdcall :LPVOID, :bool -HooksDisableRedirectionsForModule proto stdcall :HMODULE -HooksDisableIATRedirection proto stdcall :ptr SBYTE, :ptr SBYTE, :bool -HooksEnableRedirection proto stdcall :LPVOID, :bool -HooksEnableRedirectionsForModule proto stdcall :HMODULE -HooksEnableIATRedirection proto stdcall :ptr SBYTE, :ptr SBYTE, :bool -HooksScanModuleMemory proto stdcall :HMODULE, :LPVOID -HooksScanEntireProcessMemory proto stdcall :LPVOID -HooksScanEntireProcessMemoryEx proto stdcall -TracerInit proto stdcall -TracerLevel1 proto stdcall :HANDLE, :DWORD -HashTracerLevel1 proto stdcall :HANDLE, :DWORD, :DWORD -TracerDetectRedirection proto stdcall :HANDLE, :DWORD -TracerFixKnownRedirection proto stdcall :HANDLE, :DWORD, :DWORD -TracerFixRedirectionViaImpRecPlugin proto stdcall :HANDLE, :ptr SBYTE, :DWORD -ExporterCleanup proto stdcall -ExporterSetImageBase proto stdcall :DWORD -ExporterInit proto stdcall :DWORD, :DWORD, :DWORD, :ptr SBYTE -ExporterAddNewExport proto stdcall :ptr SBYTE, :DWORD -ExporterAddNewOrdinalExport proto stdcall :DWORD, :DWORD -ExporterGetAddedExportCount proto stdcall -ExporterEstimatedSize proto stdcall -ExporterBuildExportTable proto stdcall :DWORD, :DWORD -ExporterBuildExportTableEx proto stdcall :ptr SBYTE, :ptr SBYTE -ExporterBuildExportTableExW proto stdcall :ptr WORD, :ptr SBYTE -ExporterLoadExportTable proto stdcall :ptr SBYTE -ExporterLoadExportTableW proto stdcall :ptr WORD -LibrarianSetBreakPoint proto stdcall :ptr SBYTE, :DWORD, :bool, :LPVOID -LibrarianRemoveBreakPoint proto stdcall :ptr SBYTE, :DWORD -LibrarianGetLibraryInfo proto stdcall :ptr SBYTE -LibrarianGetLibraryInfoW proto stdcall :ptr WORD -LibrarianGetLibraryInfoEx proto stdcall :ptr -LibrarianGetLibraryInfoExW proto stdcall :ptr -LibrarianEnumLibraryInfo proto stdcall :ptr -LibrarianEnumLibraryInfoW proto stdcall :ptr -GetActiveProcessId proto stdcall :ptr SBYTE -GetActiveProcessIdW proto stdcall :ptr WORD -EnumProcessesWithLibrary proto stdcall :ptr SBYTE, :ptr -TLSBreakOnCallBack proto stdcall :LPVOID, :DWORD, :LPVOID -TLSGrabCallBackData proto stdcall :ptr SBYTE, :LPVOID, :LPDWORD -TLSGrabCallBackDataW proto stdcall :ptr WORD, :LPVOID, :LPDWORD -TLSBreakOnCallBackEx proto stdcall :ptr SBYTE, :LPVOID -TLSBreakOnCallBackExW proto stdcall :ptr WORD, :LPVOID -TLSRemoveCallback proto stdcall :ptr SBYTE -TLSRemoveCallbackW proto stdcall :ptr WORD -TLSRemoveTable proto stdcall :ptr SBYTE -TLSRemoveTableW proto stdcall :ptr WORD -TLSBackupData proto stdcall :ptr SBYTE -TLSBackupDataW proto stdcall :ptr WORD -TLSRestoreData proto stdcall -TLSBuildNewTable proto stdcall :DWORD, :DWORD, :DWORD, :LPVOID, :DWORD -TLSBuildNewTableEx proto stdcall :ptr SBYTE, :ptr SBYTE, :LPVOID, :DWORD -TLSBuildNewTableExW proto stdcall :ptr WORD, :ptr SBYTE, :LPVOID, :DWORD -TranslateNativeName proto stdcall :ptr SBYTE -TranslateNativeNameW proto stdcall :ptr WORD -HandlerGetActiveHandleCount proto stdcall :DWORD -HandlerIsHandleOpen proto stdcall :DWORD, :HANDLE -HandlerGetHandleName proto stdcall :HANDLE, :DWORD, :HANDLE, :bool -HandlerGetHandleNameW proto stdcall :HANDLE, :DWORD, :HANDLE, :bool -HandlerEnumerateOpenHandles proto stdcall :DWORD, :LPVOID, :DWORD -HandlerGetHandleDetails proto stdcall :HANDLE, :DWORD, :HANDLE, :DWORD -HandlerCloseRemoteHandle proto stdcall :HANDLE, :HANDLE -HandlerEnumerateLockHandles proto stdcall :ptr SBYTE, :bool, :bool, :LPVOID, :DWORD -HandlerEnumerateLockHandlesW proto stdcall :ptr WORD, :bool, :bool, :LPVOID, :DWORD -HandlerCloseAllLockHandles proto stdcall :ptr SBYTE, :bool, :bool -HandlerCloseAllLockHandlesW proto stdcall :ptr WORD, :bool, :bool -HandlerIsFileLocked proto stdcall :ptr SBYTE, :bool, :bool -HandlerIsFileLockedW proto stdcall :ptr WORD, :bool, :bool -HandlerEnumerateOpenMutexes proto stdcall :HANDLE, :DWORD, :LPVOID, :DWORD -HandlerGetOpenMutexHandle proto stdcall :HANDLE, :DWORD, :ptr SBYTE -HandlerGetOpenMutexHandleW proto stdcall :HANDLE, :DWORD, :ptr WORD -HandlerGetProcessIdWhichCreatedMutex proto stdcall :ptr SBYTE -HandlerGetProcessIdWhichCreatedMutexW proto stdcall :ptr WORD -RemoteLoadLibrary proto stdcall :HANDLE, :ptr SBYTE, :bool -RemoteLoadLibraryW proto stdcall :HANDLE, :ptr WORD, :bool -RemoteFreeLibrary proto stdcall :HANDLE, :HMODULE, :ptr SBYTE, :bool -RemoteFreeLibraryW proto stdcall :HANDLE, :HMODULE, :ptr WORD, :bool -RemoteExitProcess proto stdcall :HANDLE, :DWORD -StaticFileLoad proto stdcall :ptr SBYTE, :DWORD, :bool, :LPHANDLE, :LPDWORD, :LPHANDLE, :ptr DWORD -StaticFileLoadW proto stdcall :ptr WORD, :DWORD, :bool, :LPHANDLE, :LPDWORD, :LPHANDLE, :ptr DWORD -StaticFileUnload proto stdcall :ptr SBYTE, :bool, :HANDLE, :DWORD, :HANDLE, :DWORD -StaticFileUnloadW proto stdcall :ptr WORD, :bool, :HANDLE, :DWORD, :HANDLE, :DWORD -StaticFileOpen proto stdcall :ptr SBYTE, :DWORD, :LPHANDLE, :LPDWORD, :LPDWORD -StaticFileOpenW proto stdcall :ptr WORD, :DWORD, :LPHANDLE, :LPDWORD, :LPDWORD -StaticFileGetContent proto stdcall :HANDLE, :DWORD, :LPDWORD, :ptr , :DWORD -StaticFileClose proto stdcall :HANDLE -StaticMemoryDecrypt proto stdcall :LPVOID, :DWORD, :DWORD, :DWORD, :DWORD -StaticMemoryDecryptEx proto stdcall :LPVOID, :DWORD, :DWORD, :ptr -StaticMemoryDecryptSpecial proto stdcall :LPVOID, :DWORD, :DWORD, :DWORD, :ptr -StaticSectionDecrypt proto stdcall :DWORD, :DWORD, :bool, :DWORD, :DWORD, :DWORD -StaticMemoryDecompress proto stdcall :ptr , :DWORD, :ptr , :DWORD, :DWORD -StaticRawMemoryCopy proto stdcall :HANDLE, :DWORD, :DWORD, :DWORD, :bool, :ptr SBYTE -StaticRawMemoryCopyW proto stdcall :HANDLE, :DWORD, :DWORD, :DWORD, :bool, :ptr WORD -StaticRawMemoryCopyEx proto stdcall :HANDLE, :DWORD, :DWORD, :ptr SBYTE -StaticRawMemoryCopyExW proto stdcall :HANDLE, :DWORD, :DWORD, :ptr WORD -StaticHashMemory proto stdcall :ptr , :DWORD, :ptr , :bool, :DWORD -StaticHashFileW proto stdcall :ptr WORD, :ptr SBYTE, :bool, :DWORD -StaticHashFile proto stdcall :ptr SBYTE, :ptr SBYTE, :bool, :DWORD -EngineUnpackerInitialize proto stdcall :ptr SBYTE, :ptr SBYTE, :bool, :bool, :bool, :ptr -EngineUnpackerInitializeW proto stdcall :ptr WORD, :ptr WORD, :bool, :bool, :bool, :ptr -EngineUnpackerSetBreakCondition proto stdcall :ptr , :DWORD, :ptr , :DWORD, :DWORD, :DWORD, :bool, :DWORD, :DWORD -EngineUnpackerSetEntryPointAddress proto stdcall :DWORD -EngineUnpackerFinalizeUnpacking proto stdcall -SetEngineVariable proto stdcall :DWORD, :bool -EngineCreateMissingDependencies proto stdcall :ptr SBYTE, :ptr SBYTE, :bool -EngineCreateMissingDependenciesW proto stdcall :ptr WORD, :ptr WORD, :bool -EngineFakeMissingDependencies proto stdcall :HANDLE -EngineDeleteCreatedDependencies proto stdcall -EngineCreateUnpackerWindow proto stdcall :ptr SBYTE, :ptr SBYTE, :ptr SBYTE, :ptr SBYTE, :ptr -EngineAddUnpackerWindowLogMessage proto stdcall :ptr SBYTE -ExtensionManagerIsPluginLoaded proto stdcall :ptr SBYTE -ExtensionManagerIsPluginEnabled proto stdcall :ptr SBYTE -ExtensionManagerDisableAllPlugins proto stdcall -ExtensionManagerDisablePlugin proto stdcall :ptr SBYTE -ExtensionManagerEnableAllPlugins proto stdcall -ExtensionManagerEnablePlugin proto stdcall :ptr SBYTE -ExtensionManagerUnloadAllPlugins proto stdcall -ExtensionManagerUnloadPlugin proto stdcall :ptr SBYTE -ExtensionManagerGetPluginInfo proto stdcall :ptr SBYTE - -;--- errors: 0 -;--- end of file --- \ No newline at end of file diff --git a/SDK/Python/TitanEngine.py b/SDK/Python/TitanEngine.py deleted file mode 100644 index 7af5bc6..0000000 --- a/SDK/Python/TitanEngine.py +++ /dev/null @@ -1,1398 +0,0 @@ -# -*- coding: utf-8 -*- -import sys -from ctypes import * -from ctypes.wintypes import * - -_WIN64 = sys.maxsize > 0x7fffffff -LONGLONG = c_longlong -ULONGLONG = c_ulonglong -DWORD64 = c_ulonglong -ULONG_PTR = POINTER(ULONG) -SIZE_T = ULONG_PTR -LPDWORD = POINTER(DWORD) -PULONG_PTR = POINTER(ULONG_PTR) -PBYTE = POINTER(BYTE) -LPBYTE = POINTER(BYTE) -DWORD_PTR = POINTER(DWORD) -LPHANDLE = POINTER(HANDLE) -PVOID = c_void_p -LPTHREAD_START_ROUTINE = c_void_p - -TE = windll.LoadLibrary("TitanEngine.dll") - -# Global.Constant.Structure.Declaration: -# Engine.External: -UE_STRUCT_PE32STRUCT = 1 -UE_STRUCT_PE64STRUCT = 2 -UE_STRUCT_PESTRUCT = 3 -UE_STRUCT_IMPORTENUMDATA = 4 -UE_STRUCT_THREAD_ITEM_DATA = 5 -UE_STRUCT_LIBRARY_ITEM_DATA = 6 -UE_STRUCT_LIBRARY_ITEM_DATAW = 7 -UE_STRUCT_PROCESS_ITEM_DATA = 8 -UE_STRUCT_HANDLERARRAY = 9 -UE_STRUCT_PLUGININFORMATION = 10 -UE_STRUCT_HOOK_ENTRY = 11 -UE_STRUCT_FILE_STATUS_INFO = 12 -UE_STRUCT_FILE_FIX_INFO = 13 -UE_STRUCT_X87FPUREGISTER = 14 -UE_STRUCT_X87FPU = 15 -UE_STRUCT_TITAN_ENGINE_CONTEXT = 16 - -UE_ACCESS_READ = 0 -UE_ACCESS_WRITE = 1 -UE_ACCESS_ALL = 2 - -UE_HIDE_PEBONLY = 0 -UE_HIDE_BASIC = 1 - -UE_PLUGIN_CALL_REASON_PREDEBUG = 1 -UE_PLUGIN_CALL_REASON_EXCEPTION = 2 -UE_PLUGIN_CALL_REASON_POSTDEBUG = 3 -UE_PLUGIN_CALL_REASON_UNHANDLEDEXCEPTION = 4 - -TEE_HOOK_NRM_JUMP = 1 -TEE_HOOK_NRM_CALL = 3 -TEE_HOOK_IAT = 5 - -UE_ENGINE_ALOW_MODULE_LOADING = 1 -UE_ENGINE_AUTOFIX_FORWARDERS = 2 -UE_ENGINE_PASS_ALL_EXCEPTIONS = 3 -UE_ENGINE_NO_CONSOLE_WINDOW = 4 -UE_ENGINE_BACKUP_FOR_CRITICAL_FUNCTIONS = 5 -UE_ENGINE_CALL_PLUGIN_CALLBACK = 6 -UE_ENGINE_RESET_CUSTOM_HANDLER = 7 -UE_ENGINE_CALL_PLUGIN_DEBUG_CALLBACK = 8 -UE_ENGINE_SET_DEBUG_PRIVILEGE = 9 -UE_ENGINE_SAFE_ATTACH = 10 - -UE_OPTION_REMOVEALL = 1 -UE_OPTION_DISABLEALL = 2 -UE_OPTION_REMOVEALLDISABLED = 3 -UE_OPTION_REMOVEALLENABLED = 4 - -UE_STATIC_DECRYPTOR_XOR = 1 -UE_STATIC_DECRYPTOR_SUB = 2 -UE_STATIC_DECRYPTOR_ADD = 3 - -UE_STATIC_DECRYPTOR_FOREWARD = 1 -UE_STATIC_DECRYPTOR_BACKWARD = 2 - -UE_STATIC_KEY_SIZE_1 = 1 -UE_STATIC_KEY_SIZE_2 = 2 -UE_STATIC_KEY_SIZE_4 = 4 -UE_STATIC_KEY_SIZE_8 = 8 - -UE_STATIC_APLIB = 1 -UE_STATIC_APLIB_DEPACK = 2 -UE_STATIC_LZMA = 3 - -UE_STATIC_HASH_MD5 = 1 -UE_STATIC_HASH_SHA1 = 2 -UE_STATIC_HASH_CRC32 = 3 - -UE_RESOURCE_LANGUAGE_ANY = -1 - -UE_PE_OFFSET = 0 -UE_IMAGEBASE = 1 -UE_OEP = 2 -UE_SIZEOFIMAGE = 3 -UE_SIZEOFHEADERS = 4 -UE_SIZEOFOPTIONALHEADER = 5 -UE_SECTIONALIGNMENT = 6 -UE_IMPORTTABLEADDRESS = 7 -UE_IMPORTTABLESIZE = 8 -UE_RESOURCETABLEADDRESS = 9 -UE_RESOURCETABLESIZE = 10 -UE_EXPORTTABLEADDRESS = 11 -UE_EXPORTTABLESIZE = 12 -UE_TLSTABLEADDRESS = 13 -UE_TLSTABLESIZE = 14 -UE_RELOCATIONTABLEADDRESS = 15 -UE_RELOCATIONTABLESIZE = 16 -UE_TIMEDATESTAMP = 17 -UE_SECTIONNUMBER = 18 -UE_CHECKSUM = 19 -UE_SUBSYSTEM = 20 -UE_CHARACTERISTICS = 21 -UE_NUMBEROFRVAANDSIZES = 22 -UE_BASEOFCODE = 23 -UE_BASEOFDATA = 24 -UE_DLLCHARACTERISTICS = 25 -# leaving some enum space here for future additions -UE_SECTIONNAME = 40 -UE_SECTIONVIRTUALOFFSET = 41 -UE_SECTIONVIRTUALSIZE = 42 -UE_SECTIONRAWOFFSET = 43 -UE_SECTIONRAWSIZE = 44 -UE_SECTIONFLAGS = 45 - -UE_VANOTFOUND = -2 - -UE_CH_BREAKPOINT = 1 -UE_CH_SINGLESTEP = 2 -UE_CH_ACCESSVIOLATION = 3 -UE_CH_ILLEGALINSTRUCTION = 4 -UE_CH_NONCONTINUABLEEXCEPTION = 5 -UE_CH_ARRAYBOUNDSEXCEPTION = 6 -UE_CH_FLOATDENORMALOPERAND = 7 -UE_CH_FLOATDEVIDEBYZERO = 8 -UE_CH_INTEGERDEVIDEBYZERO = 9 -UE_CH_INTEGEROVERFLOW = 10 -UE_CH_PRIVILEGEDINSTRUCTION = 11 -UE_CH_PAGEGUARD = 12 -UE_CH_EVERYTHINGELSE = 13 -UE_CH_CREATETHREAD = 14 -UE_CH_EXITTHREAD = 15 -UE_CH_CREATEPROCESS = 16 -UE_CH_EXITPROCESS = 17 -UE_CH_LOADDLL = 18 -UE_CH_UNLOADDLL = 19 -UE_CH_OUTPUTDEBUGSTRING = 20 -UE_CH_AFTEREXCEPTIONPROCESSING = 21 -UE_CH_SYSTEMBREAKPOINT = 23 -UE_CH_UNHANDLEDEXCEPTION = 24 -UE_CH_RIPEVENT = 25 -UE_CH_DEBUGEVENT = 26 - -UE_OPTION_HANDLER_RETURN_HANDLECOUNT = 1 -UE_OPTION_HANDLER_RETURN_ACCESS = 2 -UE_OPTION_HANDLER_RETURN_FLAGS = 3 -UE_OPTION_HANDLER_RETURN_TYPENAME = 4 - -UE_BREAKPOINT_INT3 = 1 -UE_BREAKPOINT_LONG_INT3 = 2 -UE_BREAKPOINT_UD2 = 3 - -UE_BPXREMOVED = 0 -UE_BPXACTIVE = 1 -UE_BPXINACTIVE = 2 - -UE_BREAKPOINT = 0 -UE_SINGLESHOOT = 1 -UE_HARDWARE = 2 -UE_MEMORY = 3 -UE_MEMORY_READ = 4 -UE_MEMORY_WRITE = 5 -UE_MEMORY_EXECUTE = 6 -UE_BREAKPOINT_TYPE_INT3 = 0x10000000 -UE_BREAKPOINT_TYPE_LONG_INT3 = 0x20000000 -UE_BREAKPOINT_TYPE_UD2 = 0x30000000 - -UE_HARDWARE_EXECUTE = 4 -UE_HARDWARE_WRITE = 5 -UE_HARDWARE_READWRITE = 6 - -UE_HARDWARE_SIZE_1 = 7 -UE_HARDWARE_SIZE_2 = 8 -UE_HARDWARE_SIZE_4 = 9 -UE_HARDWARE_SIZE_8 = 10 - -UE_ON_LIB_LOAD = 1 -UE_ON_LIB_UNLOAD = 2 -UE_ON_LIB_ALL = 3 - -UE_APISTART = 0 -UE_APIEND = 1 - -UE_PLATFORM_x86 = 1 -UE_PLATFORM_x64 = 2 -UE_PLATFORM_ALL = 3 - -UE_FUNCTION_STDCALL = 1 -UE_FUNCTION_CCALL = 2 -UE_FUNCTION_FASTCALL = 3 -UE_FUNCTION_STDCALL_RET = 4 -UE_FUNCTION_CCALL_RET = 5 -UE_FUNCTION_FASTCALL_RET = 6 -UE_FUNCTION_STDCALL_CALL = 7 -UE_FUNCTION_CCALL_CALL = 8 -UE_FUNCTION_FASTCALL_CALL = 9 -UE_PARAMETER_BYTE = 0 -UE_PARAMETER_WORD = 1 -UE_PARAMETER_DWORD = 2 -UE_PARAMETER_QWORD = 3 -UE_PARAMETER_PTR_BYTE = 4 -UE_PARAMETER_PTR_WORD = 5 -UE_PARAMETER_PTR_DWORD = 6 -UE_PARAMETER_PTR_QWORD = 7 -UE_PARAMETER_STRING = 8 -UE_PARAMETER_UNICODE = 9 - -UE_EAX = 1 -UE_EBX = 2 -UE_ECX = 3 -UE_EDX = 4 -UE_EDI = 5 -UE_ESI = 6 -UE_EBP = 7 -UE_ESP = 8 -UE_EIP = 9 -UE_EFLAGS = 10 -UE_DR0 = 11 -UE_DR1 = 12 -UE_DR2 = 13 -UE_DR3 = 14 -UE_DR6 = 15 -UE_DR7 = 16 -UE_RAX = 17 -UE_RBX = 18 -UE_RCX = 19 -UE_RDX = 20 -UE_RDI = 21 -UE_RSI = 22 -UE_RBP = 23 -UE_RSP = 24 -UE_RIP = 25 -UE_RFLAGS = 26 -UE_R8 = 27 -UE_R9 = 28 -UE_R10 = 29 -UE_R11 = 30 -UE_R12 = 31 -UE_R13 = 32 -UE_R14 = 33 -UE_R15 = 34 -UE_CIP = 35 -UE_CSP = 36 - -if _WIN64: - UE_CFLAGS = UE_RFLAGS -else: - UE_CFLAGS = UE_EFLAGS - -UE_SEG_GS = 37 -UE_SEG_FS = 38 -UE_SEG_ES = 39 -UE_SEG_DS = 40 -UE_SEG_CS = 41 -UE_SEG_SS = 42 -UE_x87_r0 = 43 -UE_x87_r1 = 44 -UE_x87_r2 = 45 -UE_x87_r3 = 46 -UE_x87_r4 = 47 -UE_x87_r5 = 48 -UE_x87_r6 = 49 -UE_x87_r7 = 50 -UE_X87_STATUSWORD = 51 -UE_X87_CONTROLWORD = 52 -UE_X87_TAGWORD = 53 -UE_MXCSR = 54 -UE_MMX0 = 55 -UE_MMX1 = 56 -UE_MMX2 = 57 -UE_MMX3 = 58 -UE_MMX4 = 59 -UE_MMX5 = 60 -UE_MMX6 = 61 -UE_MMX7 = 62 -UE_XMM0 = 63 -UE_XMM1 = 64 -UE_XMM2 = 65 -UE_XMM3 = 66 -UE_XMM4 = 67 -UE_XMM5 = 68 -UE_XMM6 = 69 -UE_XMM7 = 70 -UE_XMM8 = 71 -UE_XMM9 = 72 -UE_XMM10 = 73 -UE_XMM11 = 74 -UE_XMM12 = 75 -UE_XMM13 = 76 -UE_XMM14 = 77 -UE_XMM15 = 78 -UE_x87_ST0 = 79 -UE_x87_ST1 = 80 -UE_x87_ST2 = 81 -UE_x87_ST3 = 82 -UE_x87_ST4 = 83 -UE_x87_ST5 = 84 -UE_x87_ST6 = 85 -UE_x87_ST7 = 86 -UE_YMM0 = 87 -UE_YMM1 = 88 -UE_YMM2 = 89 -UE_YMM3 = 90 -UE_YMM4 = 91 -UE_YMM5 = 92 -UE_YMM6 = 93 -UE_YMM7 = 94 -UE_YMM8 = 95 -UE_YMM9 = 96 -UE_YMM10 = 97 -UE_YMM11 = 98 -UE_YMM12 = 99 -UE_YMM13 = 100 -UE_YMM14 = 101 -UE_YMM15 = 102 - -CONTEXT_EXTENDED_REGISTERS = 0 - - -class PE32Struct(Structure): - _pack_ = 1 - _fields_ = [ - ("PE32Offset", DWORD), - ("ImageBase", DWORD), - ("OriginalEntryPoint", DWORD), - ("NtSizeOfImage", DWORD), - ("NtSizeOfHeaders", DWORD), - ("SizeOfOptionalHeaders", WORD), - ("FileAlignment", DWORD), - ("SectionAligment", DWORD), - ("ImportTableAddress", DWORD), - ("ImportTableSize", DWORD), - ("ResourceTableAddress", DWORD), - ("ResourceTableSize", DWORD), - ("ExportTableAddress", DWORD), - ("ExportTableSize", DWORD), - ("TLSTableAddress", DWORD), - ("TLSTableSize", DWORD), - ("RelocationTableAddress", DWORD), - ("RelocationTableSize", DWORD), - ("TimeDateStamp", DWORD), - ("SectionNumber", WORD), - ("CheckSum", DWORD), - ("SubSystem", WORD), - ("Characteristics", WORD), - ("NumberOfRvaAndSizes", DWORD) - ] - -class PE64Struct(Structure): - _pack_ = 1 - _fields_ = [ - ("PE64Offset", DWORD), - ("ImageBase", DWORD64), - ("OriginalEntryPoint", DWORD), - ("NtSizeOfImage", DWORD), - ("NtSizeOfHeaders", DWORD), - ("SizeOfOptionalHeaders", WORD), - ("FileAlignment", DWORD), - ("SectionAligment", DWORD), - ("ImportTableAddress", DWORD), - ("ImportTableSize", DWORD), - ("ResourceTableAddress", DWORD), - ("ResourceTableSize", DWORD), - ("ExportTableAddress", DWORD), - ("ExportTableSize", DWORD), - ("TLSTableAddress", DWORD), - ("TLSTableSize", DWORD), - ("RelocationTableAddress", DWORD), - ("RelocationTableSize", DWORD), - ("TimeDateStamp", DWORD), - ("SectionNumber", WORD), - ("CheckSum", DWORD), - ("SubSystem", WORD), - ("Characteristics", WORD), - ("NumberOfRvaAndSizes", DWORD) - ] - -if _WIN64: - PEStruct = PE64Struct -else: - PEStruct = PE32Struct - -class ImportEnumData(Structure): - _pack_ = 1 - _fields_ = [ - ("NewDll", c_bool), - ("NumberOfImports", c_int), - ("ImageBase", ULONG_PTR), - ("BaseImportThunk", ULONG_PTR), - ("ImportThunk", ULONG_PTR), - ("APIName", c_char_p), - ("DLLName", c_char_p) - ] - -class THREAD_ITEM_DATA(Structure): - _pack_ = 1 - _fields_ = [ - ("hThread", HANDLE), - ("dwThreadId", DWORD), - ("ThreadStartAddress", c_void_p), - ("ThreadLocalBase", c_void_p), - ("TebAddress", c_void_p), - ("WaitTime", ULONG), - ("Priority", LONG), - ("BasePriority", LONG), - ("ContextSwitches", ULONG), - ("ThreadState", ULONG), - ("WaitReason", ULONG) - ] - -class LIBRARY_ITEM_DATA(Structure): - _pack_ = 1 - _fields_ = [ - ("hFile", HANDLE), - ("BaseOfDll", c_void_p), - ("hFileMapping", HANDLE), - ("hFileMappingView", c_void_p), - ("szLibraryPath", c_char * MAX_PATH), - ("szLibraryName", c_char * MAX_PATH) - ] - -class LIBRARY_ITEM_DATAW(Structure): - _pack_ = 1 - _fields_ = [ - ("hFile", HANDLE), - ("BaseOfDll", c_void_p), - ("hFileMapping", HANDLE), - ("hFileMappingView", c_void_p), - ("szLibraryPath", c_wchar * MAX_PATH), - ("szLibraryName", c_wchar * MAX_PATH) - ] - -class PROCESS_ITEM_DATA(Structure): - _pack_ = 1 - _fields_ = [ - ("hProcess", HANDLE), - ("dwProcessId", DWORD), - ("hThread", HANDLE), - ("dwThreadId", DWORD), - ("hFile", HANDLE), - ("BaseOfImage", c_void_p), - ("ThreadStartAddress", c_void_p), - ("ThreadLocalBase", c_void_p) - ] - -class HandlerArray(Structure): - _pack_ = 1 - _fields_ = [ - ("ProcessId", ULONG), - ("hHandle", HANDLE) - ] - -class PluginInformation(Structure): - _pack_ = 1 - _fields_ = [ - ("PluginName", c_char * 64), - ("PluginMajorVersion", DWORD), - ("PluginMinorVersion", DWORD), - ("PluginBaseAddress", HMODULE), - ("TitanDebuggingCallBack", c_void_p), - ("TitanRegisterPlugin", c_void_p), - ("TitanReleasePlugin", c_void_p), - ("TitanResetPlugin", c_void_p), - ("PluginDisabled", c_bool) - ] - -TEE_MAXIMUM_HOOK_SIZE = 14 -TEE_MAXIMUM_HOOK_RELOCS = 7 - -if _WIN64: - TEE_MAXIMUM_HOOK_INSERT_SIZE = 14 -else: - TEE_MAXIMUM_HOOK_INSERT_SIZE = 5 - -class HOOK_ENTRY(Structure): - _pack_ = 1 - _fields_ = [ - ("IATHook", c_bool), - ("HookType", BYTE), - ("HookSize", DWORD), - ("HookAddress", c_void_p), - ("RedirectionAddress", c_void_p), - ("HookBytes", BYTE * TEE_MAXIMUM_HOOK_SIZE), - ("OriginalBytes", BYTE * TEE_MAXIMUM_HOOK_SIZE), - ("IATHookModuleBase", c_void_p), - ("IATHookNameHash", DWORD), - ("HookIsEnabled", c_bool), - ("HookIsRemote", c_bool), - ("PatchedEntry", c_void_p), - ("RelocationInfo", DWORD * TEE_MAXIMUM_HOOK_RELOCS), - ("RelocationCount", c_int) - ] - -UE_DEPTH_SURFACE = 0 -UE_DEPTH_DEEP = 1 - -UE_UNPACKER_CONDITION_SEARCH_FROM_EP = 1 - -UE_UNPACKER_CONDITION_LOADLIBRARY = 1 -UE_UNPACKER_CONDITION_GETPROCADDRESS = 2 -UE_UNPACKER_CONDITION_ENTRYPOINTBREAK = 3 -UE_UNPACKER_CONDITION_RELOCSNAPSHOT1 = 4 -UE_UNPACKER_CONDITION_RELOCSNAPSHOT2 = 5 - -UE_FIELD_OK = 0 -UE_FIELD_BROKEN_NON_FIXABLE = 1 -UE_FIELD_BROKEN_NON_CRITICAL = 2 -UE_FIELD_BROKEN_FIXABLE_FOR_STATIC_USE = 3 -UE_FIELD_BROKEN_BUT_CAN_BE_EMULATED = 4 -UE_FIELD_FIXABLE_NON_CRITICAL = 5 -UE_FILED_FIXABLE_CRITICAL = 6 -UE_FIELD_NOT_PRESET = 7 -UE_FIELD_NOT_PRESET_WARNING = 8 - -UE_RESULT_FILE_OK = 10 -UE_RESULT_FILE_INVALID_BUT_FIXABLE = 11 -UE_RESULT_FILE_INVALID_AND_NON_FIXABLE = 12 -UE_RESULT_FILE_INVALID_FORMAT = 13 - -class FILE_STATUS_INFO(Structure): - _pack_ = 1 - _fields_ = [ - ("OveralEvaluation", BYTE), - ("EvaluationTerminatedByException", c_bool), - ("FileIs64Bit", c_bool), - ("FileIsDLL", c_bool), - ("FileIsConsole", c_bool), - ("MissingDependencies", c_bool), - ("MissingDeclaredAPIs", c_bool), - ("SignatureMZ", BYTE), - ("SignaturePE", BYTE), - ("EntryPoint", BYTE), - ("ImageBase", BYTE), - ("SizeOfImage", BYTE), - ("FileAlignment", BYTE), - ("SectionAlignment", BYTE), - ("ExportTable", BYTE), - ("RelocationTable", BYTE), - ("ImportTable", BYTE), - ("ImportTableSection", BYTE), - ("ImportTableData", BYTE), - ("IATTable", BYTE), - ("TLSTable", BYTE), - ("LoadConfigTable", BYTE), - ("BoundImportTable", BYTE), - ("COMHeaderTable", BYTE), - ("ResourceTable", BYTE), - ("ResourceData", BYTE), - ("SectionTable", BYTE) - ] - -class FILE_FIX_INFO(Structure): - _pack_ = 1 - _fields_ = [ - ("OveralEvaluation", BYTE), - ("FixingTerminatedByException", c_bool), - ("FileFixPerformed", c_bool), - ("StrippedRelocation", c_bool), - ("DontFixRelocations", c_bool), - ("OriginalRelocationTableAddress", DWORD), - ("OriginalRelocationTableSize", DWORD), - ("StrippedExports", c_bool), - ("DontFixExports", c_bool), - ("OriginalExportTableAddress", DWORD), - ("OriginalExportTableSize", DWORD), - ("StrippedResources", c_bool), - ("DontFixResources", c_bool), - ("OriginalResourceTableAddress", DWORD), - ("OriginalResourceTableSize", DWORD), - ("StrippedTLS", c_bool), - ("DontFixTLS", c_bool), - ("OriginalTLSTableAddress", DWORD), - ("OriginalTLSTableSize", DWORD), - ("StrippedLoadConfig", c_bool), - ("DontFixLoadConfig", c_bool), - ("OriginalLoadConfigTableAddress", DWORD), - ("OriginalLoadConfigTableSize", DWORD), - ("StrippedBoundImports", c_bool), - ("DontFixBoundImports", c_bool), - ("OriginalBoundImportTableAddress", DWORD), - ("OriginalBoundImportTableSize", DWORD), - ("StrippedIAT", c_bool), - ("DontFixIAT", c_bool), - ("OriginalImportAddressTableAddress", DWORD), - ("OriginalImportAddressTableSize", DWORD), - ("StrippedCOM", c_bool), - ("DontFixCOM", c_bool), - ("OriginalCOMTableAddress", DWORD), - ("OriginalCOMTableSize", DWORD) - ] - -class XmmRegister_t(Structure): - _pack_ = 1 - _fields_ = [ - ("Low", ULONGLONG), - ("High", LONGLONG) - ] - -class YmmRegister_t(Structure): - _pack_ = 1 - _fields_ = [ - ("Low", XmmRegister_t), - ("High", XmmRegister_t) - ] - -class x87FPURegister_t(Structure): - _pack_ = 1 - _fields_ = [ - ("data", BYTE * 10), - ("st_value", c_int), - ("tag", c_int) - ] - -class x87FPU_t(Structure): - _pack_ = 1 - _fields_ = [ - ("ControlWord", WORD), - ("StatusWord", WORD), - ("TagWord", WORD), - ("ErrorOffset", DWORD), - ("ErrorSelector", DWORD), - ("DataOffset", DWORD), - ("DataSelector", DWORD), - ("Cr0NpxState", DWORD) - ] - -class TITAN_ENGINE_CONTEXT32_t(Structure): - _pack_ = 1 - _fields_ = [ - ("cax", ULONG_PTR), - ("ccx", ULONG_PTR), - ("cdx", ULONG_PTR), - ("cbx", ULONG_PTR), - ("csp", ULONG_PTR), - ("cbp", ULONG_PTR), - ("csi", ULONG_PTR), - ("cdi", ULONG_PTR), - ("cip", ULONG_PTR), - ("eflags", ULONG_PTR), - ("gs", c_ushort), - ("fs", c_ushort), - ("es", c_ushort), - ("ds", c_ushort), - ("cs", c_ushort), - ("ss", c_ushort), - ("dr0", ULONG_PTR), - ("dr1", ULONG_PTR), - ("dr2", ULONG_PTR), - ("dr3", ULONG_PTR), - ("dr4", ULONG_PTR), - ("dr5", ULONG_PTR), - ("dr6", ULONG_PTR), - ("dr7", ULONG_PTR), - ("RegisterArea", BYTE * 80), - ("x87fpu", x87FPU_t), - ("MxCsr", DWORD), - ("XmmRegisters", XmmRegister_t * 8), - ("YmmRegisters", YmmRegister_t * 8) - ] - -class TITAN_ENGINE_CONTEXT64_t(Structure): - _pack_ = 1 - _fields_ = [ - ("cax", ULONG_PTR), - ("ccx", ULONG_PTR), - ("cdx", ULONG_PTR), - ("cbx", ULONG_PTR), - ("csp", ULONG_PTR), - ("cbp", ULONG_PTR), - ("csi", ULONG_PTR), - ("cdi", ULONG_PTR), - ("r8", ULONG_PTR), - ("r9", ULONG_PTR), - ("r10", ULONG_PTR), - ("r11", ULONG_PTR), - ("r12", ULONG_PTR), - ("r13", ULONG_PTR), - ("r14", ULONG_PTR), - ("r15", ULONG_PTR), - ("cip", ULONG_PTR), - ("eflags", ULONG_PTR), - ("gs", c_ushort), - ("fs", c_ushort), - ("es", c_ushort), - ("ds", c_ushort), - ("cs", c_ushort), - ("ss", c_ushort), - ("dr0", ULONG_PTR), - ("dr1", ULONG_PTR), - ("dr2", ULONG_PTR), - ("dr3", ULONG_PTR), - ("dr4", ULONG_PTR), - ("dr5", ULONG_PTR), - ("dr6", ULONG_PTR), - ("dr7", ULONG_PTR), - ("RegisterArea", BYTE * 80), - ("x87fpu", x87FPU_t), - ("MxCsr", DWORD), - ("XmmRegisters", XmmRegister_t * 16), - ("YmmRegisters", YmmRegister_t * 16) - ] - -if _WIN64: - TITAN_ENGINE_CONTEXT_t = TITAN_ENGINE_CONTEXT64_t -else: - TITAN_ENGINE_CONTEXT_t = TITAN_ENGINE_CONTEXT32_t - -class PROCESS_INFORMATION(Structure): - _pack_ = 1 - _fields_ = [ - ("hProcess", HANDLE), - ("hThread", HANDLE), - ("dwProcessId", DWORD), - ("dwThreadId", DWORD) - ] - -EXCEPTION_MAXIMUM_PARAMETERS = 15 - -class EXCEPTION_RECORD(Structure): - _pack_ = 1 - -EXCEPTION_RECORD._fields_ = [ - ("ExceptionCode", DWORD), - ("ExceptionFlags", DWORD), - ("ExceptionRecord", POINTER(EXCEPTION_RECORD)), - ("ExceptionAddress", PVOID), - ("NumberParameters", DWORD), - ("ExceptionInformation", ULONG_PTR * EXCEPTION_MAXIMUM_PARAMETERS) -] - -class EXCEPTION_DEBUG_INFO(Structure): - _pack_ = 1 - _fields_ = [ - ("ExceptionRecord", EXCEPTION_RECORD), - ("dwFirstChance", DWORD) - ] - -class CREATE_THREAD_DEBUG_INFO(Structure): - _pack_ = 1 - _fields_ = [ - ("hThread", HANDLE), - ("lpThreadLocalBase", LPVOID), - ("lpStartAddress", LPTHREAD_START_ROUTINE) - ] - -class CREATE_PROCESS_DEBUG_INFO(Structure): - _pack_ = 1 - _fields_ = [ - ("hFile", HANDLE), - ("hProcess", HANDLE), - ("hThread", HANDLE), - ("lpBaseOfImage", LPVOID), - ("dwDebugInfoFileOffset", DWORD), - ("nDebugInfoSize", DWORD), - ("lpThreadLocalBase", LPVOID), - ("lpStartAddress", LPTHREAD_START_ROUTINE), - ("lpImageName", LPVOID), - ("fUnicode", WORD) - ] - -class EXIT_THREAD_DEBUG_INFO(Structure): - _pack_ = 1 - _fields_ = [ - ("dwExitCode", DWORD) - ] - -class EXIT_PROCESS_DEBUG_INFO(Structure): - _pack_ = 1 - _fields_ = [ - ("dwExitCode", DWORD) - ] - -class LOAD_DLL_DEBUG_INFO(Structure): - _pack_ = 1 - _fields_ = [ - ("hFile", HANDLE), - ("lpBaseOfDll", LPVOID), - ("dwDebugInfoFileOffset", DWORD), - ("nDebugInfoSize", DWORD), - ("lpImageName", LPVOID), - ("fUnicode", WORD) - ] - -class UNLOAD_DLL_DEBUG_INFO(Structure): - _pack_ = 1 - _fields_ = [ - ("lpBaseOfDll", LPVOID) - ] - -class OUTPUT_DEBUG_STRING_INFO(Structure): - _pack_ = 1 - _fields_ = [ - ("lpDebugStringData", LPSTR), - ("fUnicode", WORD), - ("nDebugStringLength", WORD) - ] - -class RIP_INFO(Structure): - _pack_ = 1 - _fields_ = [ - ("dwError", DWORD), - ("dwType", DWORD) - ] - -class _U(Union): - _pack_ = 1 - _fields_ = [ - ("Exception", EXCEPTION_DEBUG_INFO), - ("CreateThread", CREATE_THREAD_DEBUG_INFO), - ("CreateProcessInfo", CREATE_PROCESS_DEBUG_INFO), - ("ExitThread", EXIT_THREAD_DEBUG_INFO), - ("ExitProcess", EXIT_PROCESS_DEBUG_INFO), - ("LoadDll", LOAD_DLL_DEBUG_INFO), - ("UnloadDll", UNLOAD_DLL_DEBUG_INFO), - ("DebugString", OUTPUT_DEBUG_STRING_INFO), - ("RipInfo", RIP_INFO) - ] - -class DEBUG_EVENT(Structure): - _pack_ = 1 - _anonymous_ = ("u",) - _fields_ = [ - ("dwDebugEventCode", DWORD), - ("dwProcessId", DWORD), - ("dwThreadId", DWORD), - ("u", _U) - ] - -class STARTUPINFOW(Structure): - _pack_ = 1 - _fields_ = [ - ("cb", DWORD), - ("lpReserved", LPWSTR), - ("lpDesktop", LPWSTR), - ("lpTitle", LPWSTR), - ("dwX", DWORD), - ("dwY", DWORD), - ("dwXSize", DWORD), - ("dwYSize", DWORD), - ("dwXCountChars", DWORD), - ("dwYCountChars", DWORD), - ("dwFillAttribute", DWORD), - ("dwFlags", DWORD), - ("wShowWindow", WORD), - ("cbReserved2", WORD), - ("lpReserved2", LPBYTE), - ("hStdInput", HANDLE), - ("hStdOutput", HANDLE), - ("hStdError", HANDLE) - ] - -fImportEnum = WINFUNCTYPE(None, POINTER(ImportEnumData)) -fImportFix = WINFUNCTYPE(c_void_p, c_void_p) -fResourceEnum = WINFUNCTYPE(None, c_wchar_p, DWORD, c_wchar_p, DWORD, DWORD, DWORD, DWORD) -fThreadEnum = WINFUNCTYPE(None, POINTER(THREAD_ITEM_DATA)) -fThreadExit = WINFUNCTYPE(None, POINTER(EXIT_THREAD_DEBUG_INFO)) -fBreakPoint = WINFUNCTYPE(None) -fCustomHandler = WINFUNCTYPE(None, c_void_p) -fLibraryBreakPoint = WINFUNCTYPE(None, POINTER(LOAD_DLL_DEBUG_INFO)) -fLibraryEnum = WINFUNCTYPE(None, POINTER(LIBRARY_ITEM_DATA)) -fLibraryEnumW = WINFUNCTYPE(None, POINTER(LIBRARY_ITEM_DATAW)) -fHookEnum = WINFUNCTYPE(c_bool, POINTER(HOOK_ENTRY), c_void_p, POINTER(LIBRARY_ITEM_DATA), DWORD) -fProcessWithLibraryEnum = WINFUNCTYPE(None, DWORD, HMODULE) -fStaticDecrypt = WINFUNCTYPE(c_bool, c_void_p, c_long) -fInitializeDbg = WINFUNCTYPE(None, c_char_p, c_ubyte, c_ubyte) - -# Global.Function.Declaration: -# TitanEngine.Dumper.functions: -DumpProcess = WINFUNCTYPE(c_bool, HANDLE, LPVOID, c_char_p, ULONG_PTR)(TE.DumpProcess) -DumpProcessW = WINFUNCTYPE(c_bool, HANDLE, LPVOID, c_wchar_p, ULONG_PTR)(TE.DumpProcessW) -DumpProcessEx = WINFUNCTYPE(c_bool, DWORD, LPVOID, c_char_p, ULONG_PTR)(TE.DumpProcessEx) -DumpProcessExW = WINFUNCTYPE(c_bool, DWORD, LPVOID, c_wchar_p, ULONG_PTR)(TE.DumpProcessExW) -DumpMemory = WINFUNCTYPE(c_bool, HANDLE, LPVOID, ULONG_PTR, c_char_p)(TE.DumpMemory) -DumpMemoryW = WINFUNCTYPE(c_bool, HANDLE, LPVOID, ULONG_PTR, c_wchar_p)(TE.DumpMemoryW) -DumpMemoryEx = WINFUNCTYPE(c_bool, DWORD, LPVOID, ULONG_PTR, c_char_p)(TE.DumpMemoryEx) -DumpMemoryExW = WINFUNCTYPE(c_bool, DWORD, LPVOID, ULONG_PTR, c_wchar_p)(TE.DumpMemoryExW) -DumpRegions = WINFUNCTYPE(c_bool, HANDLE, c_char_p, c_bool)(TE.DumpRegions) -DumpRegionsW = WINFUNCTYPE(c_bool, HANDLE, c_wchar_p, c_bool)(TE.DumpRegionsW) -DumpRegionsEx = WINFUNCTYPE(c_bool, DWORD, c_char_p, c_bool)(TE.DumpRegionsEx) -DumpRegionsExW = WINFUNCTYPE(c_bool, DWORD, c_wchar_p, c_bool)(TE.DumpRegionsExW) -DumpModule = WINFUNCTYPE(c_bool, HANDLE, LPVOID, c_char_p)(TE.DumpModule) -DumpModuleW = WINFUNCTYPE(c_bool, HANDLE, LPVOID, c_wchar_p)(TE.DumpModuleW) -DumpModuleEx = WINFUNCTYPE(c_bool, DWORD, LPVOID, c_char_p)(TE.DumpModuleEx) -DumpModuleExW = WINFUNCTYPE(c_bool, DWORD, LPVOID, c_wchar_p)(TE.DumpModuleExW) -PastePEHeader = WINFUNCTYPE(c_bool, HANDLE, LPVOID, c_char_p)(TE.PastePEHeader) -PastePEHeaderW = WINFUNCTYPE(c_bool, HANDLE, LPVOID, c_wchar_p)(TE.PastePEHeaderW) -ExtractSection = WINFUNCTYPE(c_bool, c_char_p, c_char_p, DWORD)(TE.ExtractSection) -ExtractSectionW = WINFUNCTYPE(c_bool, c_wchar_p, c_wchar_p, DWORD)(TE.ExtractSectionW) -ResortFileSections = WINFUNCTYPE(c_bool, c_char_p)(TE.ResortFileSections) -ResortFileSectionsW = WINFUNCTYPE(c_bool, c_wchar_p)(TE.ResortFileSectionsW) -FindOverlay = WINFUNCTYPE(c_bool, c_char_p, LPDWORD, LPDWORD)(TE.FindOverlay) -FindOverlayW = WINFUNCTYPE(c_bool, c_wchar_p, LPDWORD, LPDWORD)(TE.FindOverlayW) -ExtractOverlay = WINFUNCTYPE(c_bool, c_char_p, c_char_p)(TE.ExtractOverlay) -ExtractOverlayW = WINFUNCTYPE(c_bool, c_wchar_p, c_wchar_p)(TE.ExtractOverlayW) -AddOverlay = WINFUNCTYPE(c_bool, c_char_p, c_char_p)(TE.AddOverlay) -AddOverlayW = WINFUNCTYPE(c_bool, c_wchar_p, c_wchar_p)(TE.AddOverlayW) -CopyOverlay = WINFUNCTYPE(c_bool, c_char_p, c_char_p)(TE.CopyOverlay) -CopyOverlayW = WINFUNCTYPE(c_bool, c_wchar_p, c_wchar_p)(TE.CopyOverlayW) -RemoveOverlay = WINFUNCTYPE(c_bool, c_char_p)(TE.RemoveOverlay) -RemoveOverlayW = WINFUNCTYPE(c_bool, c_wchar_p)(TE.RemoveOverlayW) -MakeAllSectionsRWE = WINFUNCTYPE(c_bool, c_char_p)(TE.MakeAllSectionsRWE) -MakeAllSectionsRWEW = WINFUNCTYPE(c_bool, c_wchar_p)(TE.MakeAllSectionsRWEW) -AddNewSectionEx = WINFUNCTYPE(c_long, c_char_p, c_char_p, DWORD, DWORD, LPVOID, DWORD)(TE.AddNewSectionEx) -AddNewSectionExW = WINFUNCTYPE(c_long, c_wchar_p, c_char_p, DWORD, DWORD, LPVOID, DWORD)(TE.AddNewSectionExW) -AddNewSection = WINFUNCTYPE(c_long, c_char_p, c_char_p, DWORD)(TE.AddNewSection) -AddNewSectionW = WINFUNCTYPE(c_long, c_wchar_p, c_char_p, DWORD)(TE.AddNewSectionW) -ResizeLastSection = WINFUNCTYPE(c_bool, c_char_p, DWORD, c_bool)(TE.ResizeLastSection) -ResizeLastSectionW = WINFUNCTYPE(c_bool, c_wchar_p, DWORD, c_bool)(TE.ResizeLastSectionW) -SetSharedOverlay = WINFUNCTYPE(None, c_char_p)(TE.SetSharedOverlay) -SetSharedOverlayW = WINFUNCTYPE(None, c_wchar_p)(TE.SetSharedOverlayW) -GetSharedOverlay = WINFUNCTYPE(c_char_p)(TE.GetSharedOverlay) -GetSharedOverlayW = WINFUNCTYPE(c_wchar_p)(TE.GetSharedOverlayW) -DeleteLastSection = WINFUNCTYPE(c_bool, c_char_p)(TE.DeleteLastSection) -DeleteLastSectionW = WINFUNCTYPE(c_bool, c_wchar_p)(TE.DeleteLastSectionW) -DeleteLastSectionEx = WINFUNCTYPE(c_bool, c_char_p, DWORD)(TE.DeleteLastSectionEx) -DeleteLastSectionExW = WINFUNCTYPE(c_bool, c_wchar_p, DWORD)(TE.DeleteLastSectionExW) -GetPE32DataFromMappedFile = WINFUNCTYPE(c_void_p, ULONG_PTR, DWORD, DWORD)(TE.GetPE32DataFromMappedFile) -GetPE32DataFromMappedFile.restype = ULONG_PTR -GetPE32Data = WINFUNCTYPE(c_void_p, c_char_p, DWORD, DWORD)(TE.GetPE32Data) -GetPE32Data.restype = ULONG_PTR -GetPE32DataW = WINFUNCTYPE(c_void_p, c_wchar_p, DWORD, DWORD)(TE.GetPE32DataW) -GetPE32DataW.restype = ULONG_PTR -GetPE32DataFromMappedFileEx = WINFUNCTYPE(c_bool, ULONG_PTR, LPVOID)(TE.GetPE32DataFromMappedFileEx) -GetPE32DataEx = WINFUNCTYPE(c_bool, c_char_p, LPVOID)(TE.GetPE32DataEx) -GetPE32DataExW = WINFUNCTYPE(c_bool, c_wchar_p, LPVOID)(TE.GetPE32DataExW) -SetPE32DataForMappedFile = WINFUNCTYPE(c_bool, ULONG_PTR, DWORD, DWORD, ULONG_PTR)(TE.SetPE32DataForMappedFile) -SetPE32Data = WINFUNCTYPE(c_bool, c_char_p, DWORD, DWORD, ULONG_PTR)(TE.SetPE32Data) -SetPE32DataW = WINFUNCTYPE(c_bool, c_wchar_p, DWORD, DWORD, ULONG_PTR)(TE.SetPE32DataW) -SetPE32DataForMappedFileEx = WINFUNCTYPE(c_bool, ULONG_PTR, LPVOID)(TE.SetPE32DataForMappedFileEx) -SetPE32DataEx = WINFUNCTYPE(c_bool, c_char_p, LPVOID)(TE.SetPE32DataEx) -SetPE32DataExW = WINFUNCTYPE(c_bool, c_wchar_p, LPVOID)(TE.SetPE32DataExW) -GetPE32SectionNumberFromVA = WINFUNCTYPE(c_long, ULONG_PTR, ULONG_PTR)(TE.GetPE32SectionNumberFromVA) -ConvertVAtoFileOffset = WINFUNCTYPE(c_void_p, ULONG_PTR, ULONG_PTR, c_bool)(TE.ConvertVAtoFileOffset) -ConvertVAtoFileOffset.restype = ULONG_PTR -ConvertVAtoFileOffsetEx = WINFUNCTYPE(c_void_p, ULONG_PTR, DWORD, ULONG_PTR, ULONG_PTR, c_bool, c_bool)(TE.ConvertVAtoFileOffsetEx) -ConvertVAtoFileOffsetEx.restype = ULONG_PTR -ConvertFileOffsetToVA = WINFUNCTYPE(c_void_p, ULONG_PTR, ULONG_PTR, c_bool)(TE.ConvertFileOffsetToVA) -ConvertFileOffsetToVA.restype = ULONG_PTR -ConvertFileOffsetToVAEx = WINFUNCTYPE(c_void_p, ULONG_PTR, DWORD, ULONG_PTR, ULONG_PTR, c_bool)(TE.ConvertFileOffsetToVAEx) -ConvertFileOffsetToVAEx.restype = ULONG_PTR -MemoryReadSafe = WINFUNCTYPE(c_bool, HANDLE, LPVOID, LPVOID, SIZE_T, POINTER(SIZE_T))(TE.MemoryReadSafe) -MemoryWriteSafe = WINFUNCTYPE(c_bool, HANDLE, LPVOID, LPCVOID, SIZE_T, POINTER(SIZE_T))(TE.MemoryWriteSafe) - -# TitanEngine.Realigner.functions: -FixHeaderCheckSum = WINFUNCTYPE(c_bool, c_char_p)(TE.FixHeaderCheckSum) -FixHeaderCheckSumW = WINFUNCTYPE(c_bool, c_wchar_p)(TE.FixHeaderCheckSumW) -RealignPE = WINFUNCTYPE(c_long, ULONG_PTR, DWORD, DWORD)(TE.RealignPE) -RealignPEEx = WINFUNCTYPE(c_long, c_char_p, DWORD, DWORD)(TE.RealignPEEx) -RealignPEExW = WINFUNCTYPE(c_long, c_wchar_p, DWORD, DWORD)(TE.RealignPEExW) -WipeSection = WINFUNCTYPE(c_bool, c_char_p, c_int, c_bool)(TE.WipeSection) -WipeSectionW = WINFUNCTYPE(c_bool, c_wchar_p, c_int, c_bool)(TE.WipeSectionW) -IsPE32FileValidEx = WINFUNCTYPE(c_bool, c_char_p, DWORD, LPVOID)(TE.IsPE32FileValidEx) -IsPE32FileValidExW = WINFUNCTYPE(c_bool, c_wchar_p, DWORD, LPVOID)(TE.IsPE32FileValidExW) -FixBrokenPE32FileEx = WINFUNCTYPE(c_bool, c_char_p, LPVOID, LPVOID)(TE.FixBrokenPE32FileEx) -FixBrokenPE32FileExW = WINFUNCTYPE(c_bool, c_wchar_p, LPVOID, LPVOID)(TE.FixBrokenPE32FileExW) -IsFileDLL = WINFUNCTYPE(c_bool, c_char_p, ULONG_PTR)(TE.IsFileDLL) -IsFileDLLW = WINFUNCTYPE(c_bool, c_wchar_p, ULONG_PTR)(TE.IsFileDLLW) - -# TitanEngine.Hider.functions: -GetPEBLocation = WINFUNCTYPE(c_void_p, HANDLE)(TE.GetPEBLocation) -GetPEBLocation64 = WINFUNCTYPE(c_void_p, HANDLE)(TE.GetPEBLocation64) -GetTEBLocation = WINFUNCTYPE(c_void_p, HANDLE)(TE.GetTEBLocation) -GetTEBLocation64 = WINFUNCTYPE(c_void_p, HANDLE)(TE.GetTEBLocation64) -HideDebugger = WINFUNCTYPE(c_bool, HANDLE, DWORD)(TE.HideDebugger) -UnHideDebugger = WINFUNCTYPE(c_bool, HANDLE, DWORD)(TE.UnHideDebugger) - -# TitanEngine.Relocater.functions: -RelocaterCleanup = WINFUNCTYPE(None)(TE.RelocaterCleanup) -RelocaterInit = WINFUNCTYPE(None, DWORD, ULONG_PTR, ULONG_PTR)(TE.RelocaterInit) -RelocaterAddNewRelocation = WINFUNCTYPE(None, HANDLE, ULONG_PTR, DWORD)(TE.RelocaterAddNewRelocation) -RelocaterEstimatedSize = WINFUNCTYPE(c_long)(TE.RelocaterEstimatedSize) -RelocaterExportRelocation = WINFUNCTYPE(c_bool, ULONG_PTR, DWORD, ULONG_PTR)(TE.RelocaterExportRelocation) -RelocaterExportRelocationEx = WINFUNCTYPE(c_bool, c_char_p, c_char_p)(TE.RelocaterExportRelocationEx) -RelocaterExportRelocationExW = WINFUNCTYPE(c_bool, c_wchar_p, c_char_p)(TE.RelocaterExportRelocationExW) -RelocaterGrabRelocationTable = WINFUNCTYPE(c_bool, HANDLE, ULONG_PTR, DWORD)(TE.RelocaterGrabRelocationTable) -RelocaterGrabRelocationTableEx = WINFUNCTYPE(c_bool, HANDLE, ULONG_PTR, ULONG_PTR, DWORD)(TE.RelocaterGrabRelocationTableEx) -RelocaterMakeSnapshot = WINFUNCTYPE(c_bool, HANDLE, c_char_p, LPVOID, ULONG_PTR)(TE.RelocaterMakeSnapshot) -RelocaterMakeSnapshotW = WINFUNCTYPE(c_bool, HANDLE, c_wchar_p, LPVOID, ULONG_PTR)(TE.RelocaterMakeSnapshotW) -RelocaterCompareTwoSnapshots = WINFUNCTYPE(c_bool, HANDLE, ULONG_PTR, ULONG_PTR, c_char_p, c_char_p, ULONG_PTR)(TE.RelocaterCompareTwoSnapshots) -RelocaterCompareTwoSnapshotsW = WINFUNCTYPE(c_bool, HANDLE, ULONG_PTR, ULONG_PTR, c_wchar_p, c_wchar_p, ULONG_PTR)(TE.RelocaterCompareTwoSnapshotsW) -RelocaterChangeFileBase = WINFUNCTYPE(c_bool, c_char_p, ULONG_PTR)(TE.RelocaterChangeFileBase) -RelocaterChangeFileBaseW = WINFUNCTYPE(c_bool, c_wchar_p, ULONG_PTR)(TE.RelocaterChangeFileBaseW) -RelocaterRelocateMemoryBlock = WINFUNCTYPE(c_bool, ULONG_PTR, ULONG_PTR, c_void_p, DWORD, ULONG_PTR, ULONG_PTR)(TE.RelocaterRelocateMemoryBlock) -RelocaterWipeRelocationTable = WINFUNCTYPE(c_bool, c_char_p)(TE.RelocaterWipeRelocationTable) -RelocaterWipeRelocationTableW = WINFUNCTYPE(c_bool, c_wchar_p)(TE.RelocaterWipeRelocationTableW) - -# TitanEngine.Resourcer.functions: -ResourcerLoadFileForResourceUse = WINFUNCTYPE(c_void_p, c_char_p)(TE.ResourcerLoadFileForResourceUse) -ResourcerLoadFileForResourceUse.restype = ULONG_PTR -ResourcerLoadFileForResourceUseW = WINFUNCTYPE(c_void_p, c_wchar_p)(TE.ResourcerLoadFileForResourceUseW) -ResourcerLoadFileForResourceUseW.restype = ULONG_PTR -ResourcerFreeLoadedFile = WINFUNCTYPE(c_bool, LPVOID)(TE.ResourcerFreeLoadedFile) -ResourcerExtractResourceFromFileEx = WINFUNCTYPE(c_bool, HMODULE, c_char_p, c_char_p, c_char_p)(TE.ResourcerExtractResourceFromFileEx) -ResourcerExtractResourceFromFile = WINFUNCTYPE(c_bool, c_char_p, c_char_p, c_char_p, c_char_p)(TE.ResourcerExtractResourceFromFile) -ResourcerExtractResourceFromFileW = WINFUNCTYPE(c_bool, c_wchar_p, c_char_p, c_char_p, c_char_p)(TE.ResourcerExtractResourceFromFileW) -ResourcerFindResource = WINFUNCTYPE(c_bool, c_char_p, c_char_p, DWORD, c_char_p, DWORD, DWORD, PULONG_PTR, LPDWORD)(TE.ResourcerFindResource) -ResourcerFindResourceW = WINFUNCTYPE(c_bool, c_wchar_p, c_wchar_p, DWORD, c_wchar_p, DWORD, DWORD, PULONG_PTR, LPDWORD)(TE.ResourcerFindResourceW) -ResourcerFindResourceEx = WINFUNCTYPE(c_bool, ULONG_PTR, DWORD, c_wchar_p, DWORD, c_wchar_p, DWORD, DWORD, PULONG_PTR, LPDWORD)(TE.ResourcerFindResourceEx) -ResourcerEnumerateResource = WINFUNCTYPE(None, c_char_p, c_void_p)(TE.ResourcerEnumerateResource) -ResourcerEnumerateResourceW = WINFUNCTYPE(None, c_wchar_p, c_void_p)(TE.ResourcerEnumerateResourceW) -ResourcerEnumerateResourceEx = WINFUNCTYPE(None, ULONG_PTR, DWORD, c_void_p)(TE.ResourcerEnumerateResourceEx) - -# TitanEngine.Threader.functions: -ThreaderImportRunningThreadData = WINFUNCTYPE(c_bool, DWORD)(TE.ThreaderImportRunningThreadData) -ThreaderGetThreadInfo = WINFUNCTYPE(c_void_p, HANDLE, DWORD)(TE.ThreaderGetThreadInfo) -ThreaderGetThreadInfo.restype = POINTER(THREAD_ITEM_DATA) -ThreaderEnumThreadInfo = WINFUNCTYPE(None, c_void_p)(TE.ThreaderEnumThreadInfo) -ThreaderPauseThread = WINFUNCTYPE(c_bool, HANDLE)(TE.ThreaderPauseThread) -ThreaderResumeThread = WINFUNCTYPE(c_bool, HANDLE)(TE.ThreaderResumeThread) -ThreaderTerminateThread = WINFUNCTYPE(c_bool, HANDLE, DWORD)(TE.ThreaderTerminateThread) -ThreaderPauseAllThreads = WINFUNCTYPE(c_bool, c_bool)(TE.ThreaderPauseAllThreads) -ThreaderResumeAllThreads = WINFUNCTYPE(c_bool, c_bool)(TE.ThreaderResumeAllThreads) -ThreaderPauseProcess = WINFUNCTYPE(c_bool)(TE.ThreaderPauseProcess) -ThreaderResumeProcess = WINFUNCTYPE(c_bool)(TE.ThreaderResumeProcess) -ThreaderCreateRemoteThread = WINFUNCTYPE(c_void_p, ULONG_PTR, c_bool, LPVOID, LPDWORD)(TE.ThreaderCreateRemoteThread) -ThreaderCreateRemoteThread.restype = ULONG_PTR -ThreaderInjectAndExecuteCode = WINFUNCTYPE(c_bool, LPVOID, DWORD, DWORD)(TE.ThreaderInjectAndExecuteCode) -ThreaderCreateRemoteThreadEx = WINFUNCTYPE(c_void_p, HANDLE, ULONG_PTR, c_bool, LPVOID, LPDWORD)(TE.ThreaderCreateRemoteThreadEx) -ThreaderCreateRemoteThreadEx.restype = ULONG_PTR -ThreaderInjectAndExecuteCodeEx = WINFUNCTYPE(c_bool, HANDLE, LPVOID, DWORD, DWORD)(TE.ThreaderInjectAndExecuteCodeEx) -ThreaderSetCallBackForNextExitThreadEvent = WINFUNCTYPE(None, LPVOID)(TE.ThreaderSetCallBackForNextExitThreadEvent) -ThreaderIsThreadStillRunning = WINFUNCTYPE(c_bool, HANDLE)(TE.ThreaderIsThreadStillRunning) -ThreaderIsThreadActive = WINFUNCTYPE(c_bool, HANDLE)(TE.ThreaderIsThreadActive) -ThreaderIsAnyThreadActive = WINFUNCTYPE(c_bool)(TE.ThreaderIsAnyThreadActive) -ThreaderExecuteOnlyInjectedThreads = WINFUNCTYPE(c_bool)(TE.ThreaderExecuteOnlyInjectedThreads) -ThreaderGetOpenHandleForThread = WINFUNCTYPE(c_void_p, DWORD)(TE.ThreaderGetOpenHandleForThread) -ThreaderGetOpenHandleForThread.restype = ULONG_PTR -ThreaderIsExceptionInMainThread = WINFUNCTYPE(c_bool)(TE.ThreaderIsExceptionInMainThread) - -# TitanEngine.Debugger.functions: -StaticDisassembleEx = WINFUNCTYPE(c_void_p, ULONG_PTR, LPVOID)(TE.StaticDisassembleEx) -StaticDisassemble = WINFUNCTYPE(c_void_p, LPVOID)(TE.StaticDisassemble) -DisassembleEx = WINFUNCTYPE(c_void_p, HANDLE, LPVOID, c_bool)(TE.DisassembleEx) -Disassemble = WINFUNCTYPE(c_void_p, LPVOID)(TE.Disassemble) -StaticLengthDisassemble = WINFUNCTYPE(c_long, LPVOID)(TE.StaticLengthDisassemble) -LengthDisassembleEx = WINFUNCTYPE(c_long, HANDLE, LPVOID)(TE.LengthDisassembleEx) -LengthDisassemble = WINFUNCTYPE(c_long, LPVOID)(TE.LengthDisassemble) -InitDebug = WINFUNCTYPE(c_void_p, c_char_p, c_char_p, c_char_p)(TE.InitDebug) -InitDebug.restype = POINTER(PROCESS_INFORMATION) -InitDebugW = WINFUNCTYPE(c_void_p, c_wchar_p, c_wchar_p, c_wchar_p)(TE.InitDebugW) -InitDebugW.restype = POINTER(PROCESS_INFORMATION) -InitNativeDebug = WINFUNCTYPE(c_void_p, c_char_p, c_char_p, c_char_p)(TE.InitNativeDebug) -InitNativeDebug.restype = POINTER(PROCESS_INFORMATION) -InitNativeDebugW = WINFUNCTYPE(c_void_p, c_wchar_p, c_wchar_p, c_wchar_p)(TE.InitNativeDebugW) -InitNativeDebugW.restype = POINTER(PROCESS_INFORMATION) -InitDebugEx = WINFUNCTYPE(c_void_p, c_char_p, c_char_p, c_char_p, LPVOID)(TE.InitDebugEx) -InitDebugEx.restype = POINTER(PROCESS_INFORMATION) -InitDebugExW = WINFUNCTYPE(c_void_p, c_wchar_p, c_wchar_p, c_wchar_p, LPVOID)(TE.InitDebugExW) -InitDebugExW.restype = POINTER(PROCESS_INFORMATION) -InitDLLDebug = WINFUNCTYPE(c_void_p, c_char_p, c_bool, c_char_p, c_char_p, LPVOID)(TE.InitDLLDebug) -InitDLLDebug.restype = POINTER(PROCESS_INFORMATION) -InitDLLDebugW = WINFUNCTYPE(c_void_p, c_wchar_p, c_bool, c_wchar_p, c_wchar_p, LPVOID)(TE.InitDLLDebugW) -InitDLLDebugW.restype = POINTER(PROCESS_INFORMATION) -StopDebug = WINFUNCTYPE(c_bool)(TE.StopDebug) -SetBPXOptions = WINFUNCTYPE(None, c_long)(TE.SetBPXOptions) -IsBPXEnabled = WINFUNCTYPE(c_bool, ULONG_PTR)(TE.IsBPXEnabled) -EnableBPX = WINFUNCTYPE(c_bool, ULONG_PTR)(TE.EnableBPX) -DisableBPX = WINFUNCTYPE(c_bool, ULONG_PTR)(TE.DisableBPX) -SetBPX = WINFUNCTYPE(c_bool, ULONG_PTR, DWORD, LPVOID)(TE.SetBPX) -DeleteBPX = WINFUNCTYPE(c_bool, ULONG_PTR)(TE.DeleteBPX) -SafeDeleteBPX = WINFUNCTYPE(c_bool, ULONG_PTR)(TE.SafeDeleteBPX) -SetAPIBreakPoint = WINFUNCTYPE(c_bool, c_char_p, c_char_p, DWORD, DWORD, LPVOID)(TE.SetAPIBreakPoint) -DeleteAPIBreakPoint = WINFUNCTYPE(c_bool, c_char_p, c_char_p, DWORD)(TE.DeleteAPIBreakPoint) -SafeDeleteAPIBreakPoint = WINFUNCTYPE(c_bool, c_char_p, c_char_p, DWORD)(TE.SafeDeleteAPIBreakPoint) -SetMemoryBPX = WINFUNCTYPE(c_bool, ULONG_PTR, SIZE_T, LPVOID)(TE.SetMemoryBPX) -SetMemoryBPXEx = WINFUNCTYPE(c_bool, ULONG_PTR, SIZE_T, DWORD, c_bool, LPVOID)(TE.SetMemoryBPXEx) -RemoveMemoryBPX = WINFUNCTYPE(c_bool, ULONG_PTR, SIZE_T)(TE.RemoveMemoryBPX) -GetContextFPUDataEx = WINFUNCTYPE(c_bool, HANDLE, c_void_p)(TE.GetContextFPUDataEx) -Getx87FPURegisters = WINFUNCTYPE(None, x87FPURegister_t, POINTER(TITAN_ENGINE_CONTEXT_t))(TE.Getx87FPURegisters) -GetMMXRegisters = WINFUNCTYPE(None, c_ulonglong, POINTER(TITAN_ENGINE_CONTEXT_t))(TE.GetMMXRegisters) -GetFullContextDataEx = WINFUNCTYPE(c_bool, HANDLE, POINTER(TITAN_ENGINE_CONTEXT_t))(TE.GetFullContextDataEx) -SetFullContextDataEx = WINFUNCTYPE(c_bool, HANDLE, POINTER(TITAN_ENGINE_CONTEXT_t))(TE.SetFullContextDataEx) -GetContextDataEx = WINFUNCTYPE(c_void_p, HANDLE, DWORD)(TE.GetContextDataEx) -GetContextDataEx.restype = ULONG_PTR -GetContextData = WINFUNCTYPE(c_void_p, DWORD)(TE.GetContextData) -GetContextData.restype = ULONG_PTR -SetContextFPUDataEx = WINFUNCTYPE(c_bool, HANDLE, c_void_p)(TE.SetContextFPUDataEx) -SetContextDataEx = WINFUNCTYPE(c_bool, HANDLE, DWORD, ULONG_PTR)(TE.SetContextDataEx) -SetContextData = WINFUNCTYPE(c_bool, DWORD, ULONG_PTR)(TE.SetContextData) -GetAVXContext = WINFUNCTYPE(c_bool, HANDLE, POINTER(TITAN_ENGINE_CONTEXT_t))(TE.GetAVXContext) -SetAVXContext = WINFUNCTYPE(c_bool, HANDLE, POINTER(TITAN_ENGINE_CONTEXT_t))(TE.SetAVXContext) -ClearExceptionNumber = WINFUNCTYPE(None)(TE.ClearExceptionNumber) -CurrentExceptionNumber = WINFUNCTYPE(c_long)(TE.CurrentExceptionNumber) -MatchPatternEx = WINFUNCTYPE(c_bool, HANDLE, c_void_p, c_int, c_void_p, c_int, PBYTE)(TE.MatchPatternEx) -MatchPattern = WINFUNCTYPE(c_bool, c_void_p, c_int, c_void_p, c_int, PBYTE)(TE.MatchPattern) -FindEx = WINFUNCTYPE(c_void_p, HANDLE, LPVOID, DWORD, LPVOID, DWORD, LPBYTE)(TE.FindEx) -FindEx.restype = ULONG_PTR -FillEx = WINFUNCTYPE(c_bool, HANDLE, LPVOID, DWORD, PBYTE)(TE.FillEx) -Fill = WINFUNCTYPE(c_bool, LPVOID, DWORD, PBYTE)(TE.Fill) -PatchEx = WINFUNCTYPE(c_bool, HANDLE, LPVOID, DWORD, LPVOID, DWORD, c_bool, c_bool)(TE.PatchEx) -Patch = WINFUNCTYPE(c_bool, LPVOID, DWORD, LPVOID, DWORD, c_bool, c_bool)(TE.Patch) -ReplaceEx = WINFUNCTYPE(c_bool, HANDLE, LPVOID, DWORD, LPVOID, DWORD, DWORD, LPVOID, DWORD, PBYTE)(TE.ReplaceEx) -Replace = WINFUNCTYPE(c_bool, LPVOID, DWORD, LPVOID, DWORD, DWORD, LPVOID, DWORD, PBYTE)(TE.Replace) -GetDebugData = WINFUNCTYPE(c_void_p)(TE.GetDebugData) -GetDebugData.restype = POINTER(DEBUG_EVENT) -GetTerminationData = WINFUNCTYPE(c_void_p)(TE.GetTerminationData) -GetTerminationData.restype = POINTER(DEBUG_EVENT) -GetExitCode = WINFUNCTYPE(c_long)(TE.GetExitCode) -GetDebuggedDLLBaseAddress = WINFUNCTYPE(c_void_p)(TE.GetDebuggedDLLBaseAddress) -GetDebuggedDLLBaseAddress.restype = ULONG_PTR -GetDebuggedFileBaseAddress = WINFUNCTYPE(c_void_p)(TE.GetDebuggedFileBaseAddress) -GetDebuggedFileBaseAddress.restype = ULONG_PTR -GetRemoteString = WINFUNCTYPE(c_bool, HANDLE, LPVOID, LPVOID, c_int)(TE.GetRemoteString) -GetFunctionParameter = WINFUNCTYPE(c_void_p, HANDLE, DWORD, DWORD, DWORD)(TE.GetFunctionParameter) -GetFunctionParameter.restype = ULONG_PTR -GetJumpDestinationEx = WINFUNCTYPE(c_void_p, HANDLE, ULONG_PTR, c_bool)(TE.GetJumpDestinationEx) -GetJumpDestinationEx.restype = ULONG_PTR -GetJumpDestination = WINFUNCTYPE(c_void_p, HANDLE, ULONG_PTR)(TE.GetJumpDestination) -GetJumpDestination.restype = ULONG_PTR -IsJumpGoingToExecuteEx = WINFUNCTYPE(c_bool, HANDLE, HANDLE, ULONG_PTR, ULONG_PTR)(TE.IsJumpGoingToExecuteEx) -IsJumpGoingToExecute = WINFUNCTYPE(c_bool)(TE.IsJumpGoingToExecute) -SetCustomHandler = WINFUNCTYPE(None, DWORD, LPVOID)(TE.SetCustomHandler) -ForceClose = WINFUNCTYPE(None)(TE.ForceClose) -StepInto = WINFUNCTYPE(None, LPVOID)(TE.StepInto) -StepOver = WINFUNCTYPE(None, LPVOID)(TE.StepOver) -StepOut = WINFUNCTYPE(None, LPVOID, c_bool)(TE.StepOut) -SingleStep = WINFUNCTYPE(None, DWORD, LPVOID)(TE.SingleStep) -GetUnusedHardwareBreakPointRegister = WINFUNCTYPE(c_bool, LPDWORD)(TE.GetUnusedHardwareBreakPointRegister) -SetHardwareBreakPointEx = WINFUNCTYPE(c_bool, HANDLE, ULONG_PTR, DWORD, DWORD, DWORD, LPVOID, LPDWORD)(TE.SetHardwareBreakPointEx) -SetHardwareBreakPoint = WINFUNCTYPE(c_bool, ULONG_PTR, DWORD, DWORD, DWORD, LPVOID)(TE.SetHardwareBreakPoint) -DeleteHardwareBreakPoint = WINFUNCTYPE(c_bool, DWORD)(TE.DeleteHardwareBreakPoint) -RemoveAllBreakPoints = WINFUNCTYPE(c_bool, DWORD)(TE.RemoveAllBreakPoints) -TitanGetProcessInformation = WINFUNCTYPE(c_void_p)(TE.TitanGetProcessInformation) -TitanGetProcessInformation.restype = POINTER(PROCESS_INFORMATION) -TitanGetStartupInformation = WINFUNCTYPE(c_void_p)(TE.TitanGetStartupInformation) -TitanGetStartupInformation.restype = POINTER(STARTUPINFOW) -DebugLoop = WINFUNCTYPE(None)(TE.DebugLoop) -SetDebugLoopTimeOut = WINFUNCTYPE(None, DWORD)(TE.SetDebugLoopTimeOut) -SetNextDbgContinueStatus = WINFUNCTYPE(None, DWORD)(TE.SetNextDbgContinueStatus) -AttachDebugger = WINFUNCTYPE(c_bool, DWORD, c_bool, LPVOID, LPVOID)(TE.AttachDebugger) -DetachDebugger = WINFUNCTYPE(c_bool, DWORD)(TE.DetachDebugger) -DetachDebuggerEx = WINFUNCTYPE(c_bool, DWORD)(TE.DetachDebuggerEx) -DebugLoopEx = WINFUNCTYPE(None, DWORD)(TE.DebugLoopEx) -AutoDebugEx = WINFUNCTYPE(None, c_char_p, c_bool, c_char_p, c_char_p, DWORD, LPVOID)(TE.AutoDebugEx) -AutoDebugExW = WINFUNCTYPE(None, c_wchar_p, c_bool, c_wchar_p, c_wchar_p, DWORD, LPVOID)(TE.AutoDebugExW) -IsFileBeingDebugged = WINFUNCTYPE(c_bool)(TE.IsFileBeingDebugged) -SetErrorModel = WINFUNCTYPE(None, c_bool)(TE.SetErrorModel) - -# TitanEngine.FindOEP.functions: -FindOEPInit = WINFUNCTYPE(None)(TE.FindOEPInit) -FindOEPGenerically = WINFUNCTYPE(c_bool, c_char_p, LPVOID, LPVOID)(TE.FindOEPGenerically) -FindOEPGenericallyW = WINFUNCTYPE(c_bool, c_wchar_p, LPVOID, LPVOID)(TE.FindOEPGenericallyW) - -# TitanEngine.Importer.functions: -ImporterAddNewDll = WINFUNCTYPE(None, c_char_p, ULONG_PTR)(TE.ImporterAddNewDll) -ImporterAddNewAPI = WINFUNCTYPE(None, c_char_p, ULONG_PTR)(TE.ImporterAddNewAPI) -ImporterAddNewOrdinalAPI = WINFUNCTYPE(None, ULONG_PTR, ULONG_PTR)(TE.ImporterAddNewOrdinalAPI) -ImporterGetAddedDllCount = WINFUNCTYPE(c_long)(TE.ImporterGetAddedDllCount) -ImporterGetAddedAPICount = WINFUNCTYPE(c_long)(TE.ImporterGetAddedAPICount) -ImporterExportIAT = WINFUNCTYPE(c_bool, ULONG_PTR, ULONG_PTR, HANDLE)(TE.ImporterExportIAT) -ImporterEstimatedSize = WINFUNCTYPE(c_long)(TE.ImporterEstimatedSize) -ImporterExportIATEx = WINFUNCTYPE(c_bool, c_char_p, c_char_p, c_char_p)(TE.ImporterExportIATEx) -ImporterExportIATExW = WINFUNCTYPE(c_bool, c_wchar_p, c_wchar_p, c_wchar_p)(TE.ImporterExportIATExW) -ImporterFindAPIWriteLocation = WINFUNCTYPE(c_void_p, c_char_p)(TE.ImporterFindAPIWriteLocation) -ImporterFindAPIWriteLocation.restype = ULONG_PTR -ImporterFindOrdinalAPIWriteLocation = WINFUNCTYPE(c_void_p, ULONG_PTR)(TE.ImporterFindOrdinalAPIWriteLocation) -ImporterFindOrdinalAPIWriteLocation.restype = ULONG_PTR -ImporterFindAPIByWriteLocation = WINFUNCTYPE(c_void_p, ULONG_PTR)(TE.ImporterFindAPIByWriteLocation) -ImporterFindAPIByWriteLocation.restype = ULONG_PTR -ImporterFindDLLByWriteLocation = WINFUNCTYPE(c_void_p, ULONG_PTR)(TE.ImporterFindDLLByWriteLocation) -ImporterFindDLLByWriteLocation.restype = ULONG_PTR -ImporterGetDLLName = WINFUNCTYPE(c_void_p, ULONG_PTR)(TE.ImporterGetDLLName) -ImporterGetDLLNameW = WINFUNCTYPE(c_void_p, ULONG_PTR)(TE.ImporterGetDLLNameW) -ImporterGetAPIName = WINFUNCTYPE(c_void_p, ULONG_PTR)(TE.ImporterGetAPIName) -ImporterGetAPIOrdinalNumber = WINFUNCTYPE(c_void_p, ULONG_PTR)(TE.ImporterGetAPIOrdinalNumber) -ImporterGetAPIOrdinalNumber.restype = ULONG_PTR -ImporterGetAPINameEx = WINFUNCTYPE(c_void_p, ULONG_PTR, ULONG_PTR)(TE.ImporterGetAPINameEx) -ImporterGetRemoteAPIAddress = WINFUNCTYPE(c_void_p, HANDLE, ULONG_PTR)(TE.ImporterGetRemoteAPIAddress) -ImporterGetRemoteAPIAddress.restype = ULONG_PTR -ImporterGetRemoteAPIAddressEx = WINFUNCTYPE(c_void_p, c_char_p, c_char_p)(TE.ImporterGetRemoteAPIAddressEx) -ImporterGetRemoteAPIAddressEx.restype = ULONG_PTR -ImporterGetLocalAPIAddress = WINFUNCTYPE(c_void_p, HANDLE, ULONG_PTR)(TE.ImporterGetLocalAPIAddress) -ImporterGetLocalAPIAddress.restype = ULONG_PTR -ImporterGetDLLNameFromDebugee = WINFUNCTYPE(c_void_p, HANDLE, ULONG_PTR)(TE.ImporterGetDLLNameFromDebugee) -ImporterGetDLLNameFromDebugeeW = WINFUNCTYPE(c_void_p, HANDLE, ULONG_PTR)(TE.ImporterGetDLLNameFromDebugeeW) -ImporterGetAPINameFromDebugee = WINFUNCTYPE(c_void_p, HANDLE, ULONG_PTR)(TE.ImporterGetAPINameFromDebugee) -ImporterGetAPIOrdinalNumberFromDebugee = WINFUNCTYPE(c_void_p, HANDLE, ULONG_PTR)(TE.ImporterGetAPIOrdinalNumberFromDebugee) -ImporterGetAPIOrdinalNumberFromDebugee.restype = ULONG_PTR -ImporterGetDLLIndexEx = WINFUNCTYPE(c_long, ULONG_PTR, ULONG_PTR)(TE.ImporterGetDLLIndexEx) -ImporterGetDLLIndex = WINFUNCTYPE(c_long, HANDLE, ULONG_PTR, ULONG_PTR)(TE.ImporterGetDLLIndex) -ImporterGetRemoteDLLBase = WINFUNCTYPE(c_void_p, HANDLE, HMODULE)(TE.ImporterGetRemoteDLLBase) -ImporterGetRemoteDLLBase.restype = ULONG_PTR -ImporterGetRemoteDLLBaseEx = WINFUNCTYPE(c_void_p, HANDLE, c_char_p)(TE.ImporterGetRemoteDLLBaseEx) -ImporterGetRemoteDLLBaseEx.restype = ULONG_PTR -ImporterGetRemoteDLLBaseExW = WINFUNCTYPE(c_void_p, HANDLE, c_wchar_p)(TE.ImporterGetRemoteDLLBaseExW) -ImporterIsForwardedAPI = WINFUNCTYPE(c_bool, HANDLE, ULONG_PTR)(TE.ImporterIsForwardedAPI) -ImporterGetForwardedAPIName = WINFUNCTYPE(c_void_p, HANDLE, ULONG_PTR)(TE.ImporterGetForwardedAPIName) -ImporterGetForwardedDLLName = WINFUNCTYPE(c_void_p, HANDLE, ULONG_PTR)(TE.ImporterGetForwardedDLLName) -ImporterGetForwardedDLLIndex = WINFUNCTYPE(c_long, HANDLE, ULONG_PTR, ULONG_PTR)(TE.ImporterGetForwardedDLLIndex) -ImporterGetForwardedAPIOrdinalNumber = WINFUNCTYPE(c_void_p, HANDLE, ULONG_PTR)(TE.ImporterGetForwardedAPIOrdinalNumber) -ImporterGetForwardedAPIOrdinalNumber.restype = ULONG_PTR -ImporterGetNearestAPIAddress = WINFUNCTYPE(c_void_p, HANDLE, ULONG_PTR)(TE.ImporterGetNearestAPIAddress) -ImporterGetNearestAPIAddress.restype = ULONG_PTR -ImporterGetNearestAPIName = WINFUNCTYPE(c_void_p, HANDLE, ULONG_PTR)(TE.ImporterGetNearestAPIName) -ImporterCopyOriginalIAT = WINFUNCTYPE(c_bool, c_char_p, c_char_p)(TE.ImporterCopyOriginalIAT) -ImporterCopyOriginalIATW = WINFUNCTYPE(c_bool, c_wchar_p, c_wchar_p)(TE.ImporterCopyOriginalIATW) -ImporterLoadImportTable = WINFUNCTYPE(c_bool, c_char_p)(TE.ImporterLoadImportTable) -ImporterLoadImportTableW = WINFUNCTYPE(c_bool, c_wchar_p)(TE.ImporterLoadImportTableW) -ImporterMoveOriginalIAT = WINFUNCTYPE(c_bool, c_char_p, c_char_p, c_char_p)(TE.ImporterMoveOriginalIAT) -ImporterMoveOriginalIATW = WINFUNCTYPE(c_bool, c_wchar_p, c_wchar_p, c_char_p)(TE.ImporterMoveOriginalIATW) -ImporterAutoSearchIAT = WINFUNCTYPE(None, DWORD, c_char_p, ULONG_PTR, LPVOID, LPVOID)(TE.ImporterAutoSearchIAT) -ImporterAutoSearchIATW = WINFUNCTYPE(None, DWORD, c_wchar_p, ULONG_PTR, LPVOID, LPVOID)(TE.ImporterAutoSearchIATW) -ImporterAutoSearchIATEx = WINFUNCTYPE(None, DWORD, ULONG_PTR, ULONG_PTR, LPVOID, LPVOID)(TE.ImporterAutoSearchIATEx) -ImporterEnumAddedData = WINFUNCTYPE(None, LPVOID)(TE.ImporterEnumAddedData) -ImporterAutoFixIATEx = WINFUNCTYPE(c_long, DWORD, c_char_p, c_char_p, c_bool, c_bool, ULONG_PTR, ULONG_PTR, ULONG_PTR, c_bool, c_bool, LPVOID)(TE.ImporterAutoFixIATEx) -ImporterAutoFixIATExW = WINFUNCTYPE(c_long, DWORD, c_wchar_p, c_wchar_p, c_bool, c_bool, ULONG_PTR, ULONG_PTR, ULONG_PTR, c_bool, c_bool, LPVOID)(TE.ImporterAutoFixIATExW) -ImporterAutoFixIAT = WINFUNCTYPE(c_long, DWORD, c_char_p, ULONG_PTR)(TE.ImporterAutoFixIAT) -ImporterAutoFixIATW = WINFUNCTYPE(c_long, DWORD, c_wchar_p, ULONG_PTR)(TE.ImporterAutoFixIATW) -ImporterDeleteAPI = WINFUNCTYPE(c_bool, DWORD_PTR)(TE.ImporterDeleteAPI) - -# Global.Engine.Hook.functions: -HooksSafeTransitionEx = WINFUNCTYPE(c_bool, LPVOID, c_int, c_bool)(TE.HooksSafeTransitionEx) -HooksSafeTransition = WINFUNCTYPE(c_bool, LPVOID, c_bool)(TE.HooksSafeTransition) -HooksIsAddressRedirected = WINFUNCTYPE(c_bool, LPVOID)(TE.HooksIsAddressRedirected) -HooksGetTrampolineAddress = WINFUNCTYPE(c_void_p, LPVOID)(TE.HooksGetTrampolineAddress) -HooksGetHookEntryDetails = WINFUNCTYPE(c_void_p, LPVOID)(TE.HooksGetHookEntryDetails) -HooksGetHookEntryDetails.restype = POINTER(HOOK_ENTRY) -HooksInsertNewRedirection = WINFUNCTYPE(c_bool, LPVOID, LPVOID, c_int)(TE.HooksInsertNewRedirection) -HooksInsertNewIATRedirectionEx = WINFUNCTYPE(c_bool, ULONG_PTR, ULONG_PTR, c_char_p, LPVOID)(TE.HooksInsertNewIATRedirectionEx) -HooksInsertNewIATRedirection = WINFUNCTYPE(c_bool, c_char_p, c_char_p, LPVOID)(TE.HooksInsertNewIATRedirection) -HooksRemoveRedirection = WINFUNCTYPE(c_bool, LPVOID, c_bool)(TE.HooksRemoveRedirection) -HooksRemoveRedirectionsForModule = WINFUNCTYPE(c_bool, HMODULE)(TE.HooksRemoveRedirectionsForModule) -HooksRemoveIATRedirection = WINFUNCTYPE(c_bool, c_char_p, c_char_p, c_bool)(TE.HooksRemoveIATRedirection) -HooksDisableRedirection = WINFUNCTYPE(c_bool, LPVOID, c_bool)(TE.HooksDisableRedirection) -HooksDisableRedirectionsForModule = WINFUNCTYPE(c_bool, HMODULE)(TE.HooksDisableRedirectionsForModule) -HooksDisableIATRedirection = WINFUNCTYPE(c_bool, c_char_p, c_char_p, c_bool)(TE.HooksDisableIATRedirection) -HooksEnableRedirection = WINFUNCTYPE(c_bool, LPVOID, c_bool)(TE.HooksEnableRedirection) -HooksEnableRedirectionsForModule = WINFUNCTYPE(c_bool, HMODULE)(TE.HooksEnableRedirectionsForModule) -HooksEnableIATRedirection = WINFUNCTYPE(c_bool, c_char_p, c_char_p, c_bool)(TE.HooksEnableIATRedirection) -HooksScanModuleMemory = WINFUNCTYPE(None, HMODULE, LPVOID)(TE.HooksScanModuleMemory) -HooksScanEntireProcessMemory = WINFUNCTYPE(None, LPVOID)(TE.HooksScanEntireProcessMemory) -HooksScanEntireProcessMemoryEx = WINFUNCTYPE(None)(TE.HooksScanEntireProcessMemoryEx) - -# TitanEngine.Tracer.functions: -TracerInit = WINFUNCTYPE(None)(TE.TracerInit) -TracerLevel1 = WINFUNCTYPE(c_void_p, HANDLE, ULONG_PTR)(TE.TracerLevel1) -TracerLevel1.restype = ULONG_PTR -HashTracerLevel1 = WINFUNCTYPE(c_void_p, HANDLE, ULONG_PTR, DWORD)(TE.HashTracerLevel1) -HashTracerLevel1.restype = ULONG_PTR -TracerDetectRedirection = WINFUNCTYPE(c_long, HANDLE, ULONG_PTR)(TE.TracerDetectRedirection) -TracerFixKnownRedirection = WINFUNCTYPE(c_void_p, HANDLE, ULONG_PTR, DWORD)(TE.TracerFixKnownRedirection) -TracerFixKnownRedirection.restype = ULONG_PTR -TracerFixRedirectionViaImpRecPlugin = WINFUNCTYPE(c_long, HANDLE, c_char_p, ULONG_PTR)(TE.TracerFixRedirectionViaImpRecPlugin) - -# TitanEngine.Exporter.functions: -ExporterCleanup = WINFUNCTYPE(None)(TE.ExporterCleanup) -ExporterSetImageBase = WINFUNCTYPE(None, ULONG_PTR)(TE.ExporterSetImageBase) -ExporterInit = WINFUNCTYPE(None, DWORD, ULONG_PTR, DWORD, c_char_p)(TE.ExporterInit) -ExporterAddNewExport = WINFUNCTYPE(c_bool, c_char_p, DWORD)(TE.ExporterAddNewExport) -ExporterAddNewOrdinalExport = WINFUNCTYPE(c_bool, DWORD, DWORD)(TE.ExporterAddNewOrdinalExport) -ExporterGetAddedExportCount = WINFUNCTYPE(c_long)(TE.ExporterGetAddedExportCount) -ExporterEstimatedSize = WINFUNCTYPE(c_long)(TE.ExporterEstimatedSize) -ExporterBuildExportTable = WINFUNCTYPE(c_bool, ULONG_PTR, ULONG_PTR)(TE.ExporterBuildExportTable) -ExporterBuildExportTableEx = WINFUNCTYPE(c_bool, c_char_p, c_char_p)(TE.ExporterBuildExportTableEx) -ExporterBuildExportTableExW = WINFUNCTYPE(c_bool, c_wchar_p, c_char_p)(TE.ExporterBuildExportTableExW) -ExporterLoadExportTable = WINFUNCTYPE(c_bool, c_char_p)(TE.ExporterLoadExportTable) -ExporterLoadExportTableW = WINFUNCTYPE(c_bool, c_wchar_p)(TE.ExporterLoadExportTableW) - -# TitanEngine.Librarian.functions: -LibrarianSetBreakPoint = WINFUNCTYPE(c_bool, c_char_p, DWORD, c_bool, LPVOID)(TE.LibrarianSetBreakPoint) -LibrarianRemoveBreakPoint = WINFUNCTYPE(c_bool, c_char_p, DWORD)(TE.LibrarianRemoveBreakPoint) -LibrarianGetLibraryInfo = WINFUNCTYPE(c_void_p, c_char_p)(TE.LibrarianGetLibraryInfo) -LibrarianGetLibraryInfo.restype = POINTER(LIBRARY_ITEM_DATA) -LibrarianGetLibraryInfoW = WINFUNCTYPE(c_void_p, c_wchar_p)(TE.LibrarianGetLibraryInfoW) -LibrarianGetLibraryInfoW.restype = POINTER(LIBRARY_ITEM_DATAW) -LibrarianGetLibraryInfoEx = WINFUNCTYPE(c_void_p, c_void_p)(TE.LibrarianGetLibraryInfoEx) -LibrarianGetLibraryInfoEx.restype = POINTER(LIBRARY_ITEM_DATA) -LibrarianGetLibraryInfoExW = WINFUNCTYPE(c_void_p, c_void_p)(TE.LibrarianGetLibraryInfoExW) -LibrarianGetLibraryInfoExW.restype = POINTER(LIBRARY_ITEM_DATAW) -LibrarianEnumLibraryInfo = WINFUNCTYPE(None, c_void_p)(TE.LibrarianEnumLibraryInfo) -LibrarianEnumLibraryInfoW = WINFUNCTYPE(None, c_void_p)(TE.LibrarianEnumLibraryInfoW) - -# TitanEngine.Process.functions: -GetActiveProcessId = WINFUNCTYPE(c_long, c_char_p)(TE.GetActiveProcessId) -GetActiveProcessIdW = WINFUNCTYPE(c_long, c_wchar_p)(TE.GetActiveProcessIdW) -EnumProcessesWithLibrary = WINFUNCTYPE(None, c_char_p, c_void_p)(TE.EnumProcessesWithLibrary) -TitanOpenProcess = WINFUNCTYPE(HANDLE, DWORD, c_bool, DWORD)(TE.TitanOpenProcess) -TitanOpenThread = WINFUNCTYPE(HANDLE, DWORD, c_bool, DWORD)(TE.TitanOpenThread) - -# TitanEngine.TLSFixer.functions: -TLSBreakOnCallBack = WINFUNCTYPE(c_bool, LPVOID, DWORD, LPVOID)(TE.TLSBreakOnCallBack) -TLSGrabCallBackData = WINFUNCTYPE(c_bool, c_char_p, LPVOID, LPDWORD)(TE.TLSGrabCallBackData) -TLSGrabCallBackDataW = WINFUNCTYPE(c_bool, c_wchar_p, LPVOID, LPDWORD)(TE.TLSGrabCallBackDataW) -TLSBreakOnCallBackEx = WINFUNCTYPE(c_bool, c_char_p, LPVOID)(TE.TLSBreakOnCallBackEx) -TLSBreakOnCallBackExW = WINFUNCTYPE(c_bool, c_wchar_p, LPVOID)(TE.TLSBreakOnCallBackExW) -TLSRemoveCallback = WINFUNCTYPE(c_bool, c_char_p)(TE.TLSRemoveCallback) -TLSRemoveCallbackW = WINFUNCTYPE(c_bool, c_wchar_p)(TE.TLSRemoveCallbackW) -TLSRemoveTable = WINFUNCTYPE(c_bool, c_char_p)(TE.TLSRemoveTable) -TLSRemoveTableW = WINFUNCTYPE(c_bool, c_wchar_p)(TE.TLSRemoveTableW) -TLSBackupData = WINFUNCTYPE(c_bool, c_char_p)(TE.TLSBackupData) -TLSBackupDataW = WINFUNCTYPE(c_bool, c_wchar_p)(TE.TLSBackupDataW) -TLSRestoreData = WINFUNCTYPE(c_bool)(TE.TLSRestoreData) -TLSBuildNewTable = WINFUNCTYPE(c_bool, ULONG_PTR, ULONG_PTR, ULONG_PTR, LPVOID, DWORD)(TE.TLSBuildNewTable) -TLSBuildNewTableEx = WINFUNCTYPE(c_bool, c_char_p, c_char_p, LPVOID, DWORD)(TE.TLSBuildNewTableEx) -TLSBuildNewTableExW = WINFUNCTYPE(c_bool, c_wchar_p, c_char_p, LPVOID, DWORD)(TE.TLSBuildNewTableExW) - -# TitanEngine.TranslateName.functions: -TranslateNativeName = WINFUNCTYPE(c_void_p, c_char_p)(TE.TranslateNativeName) -TranslateNativeNameW = WINFUNCTYPE(c_void_p, c_wchar_p)(TE.TranslateNativeNameW) - -# TitanEngine.Handler.functions: -HandlerGetActiveHandleCount = WINFUNCTYPE(c_long, DWORD)(TE.HandlerGetActiveHandleCount) -HandlerIsHandleOpen = WINFUNCTYPE(c_bool, DWORD, HANDLE)(TE.HandlerIsHandleOpen) -HandlerGetHandleName = WINFUNCTYPE(c_void_p, HANDLE, DWORD, HANDLE, c_bool)(TE.HandlerGetHandleName) -HandlerGetHandleNameW = WINFUNCTYPE(c_void_p, HANDLE, DWORD, HANDLE, c_bool)(TE.HandlerGetHandleNameW) -HandlerEnumerateOpenHandles = WINFUNCTYPE(c_long, DWORD, LPVOID, DWORD)(TE.HandlerEnumerateOpenHandles) -HandlerGetHandleDetails = WINFUNCTYPE(c_void_p, HANDLE, DWORD, HANDLE, DWORD)(TE.HandlerGetHandleDetails) -HandlerGetHandleDetails.restype = ULONG_PTR -HandlerCloseRemoteHandle = WINFUNCTYPE(c_bool, HANDLE, HANDLE)(TE.HandlerCloseRemoteHandle) -HandlerEnumerateLockHandles = WINFUNCTYPE(c_long, c_char_p, c_bool, c_bool, LPVOID, DWORD)(TE.HandlerEnumerateLockHandles) -HandlerEnumerateLockHandlesW = WINFUNCTYPE(c_long, c_wchar_p, c_bool, c_bool, LPVOID, DWORD)(TE.HandlerEnumerateLockHandlesW) -HandlerCloseAllLockHandles = WINFUNCTYPE(c_bool, c_char_p, c_bool, c_bool)(TE.HandlerCloseAllLockHandles) -HandlerCloseAllLockHandlesW = WINFUNCTYPE(c_bool, c_wchar_p, c_bool, c_bool)(TE.HandlerCloseAllLockHandlesW) -HandlerIsFileLocked = WINFUNCTYPE(c_bool, c_char_p, c_bool, c_bool)(TE.HandlerIsFileLocked) -HandlerIsFileLockedW = WINFUNCTYPE(c_bool, c_wchar_p, c_bool, c_bool)(TE.HandlerIsFileLockedW) - -# TitanEngine.Handler[Mutex].functions: -HandlerEnumerateOpenMutexes = WINFUNCTYPE(c_long, HANDLE, DWORD, LPVOID, DWORD)(TE.HandlerEnumerateOpenMutexes) -HandlerGetOpenMutexHandle = WINFUNCTYPE(c_void_p, HANDLE, DWORD, c_char_p)(TE.HandlerGetOpenMutexHandle) -HandlerGetOpenMutexHandle.restype = ULONG_PTR -HandlerGetOpenMutexHandleW = WINFUNCTYPE(c_void_p, HANDLE, DWORD, c_wchar_p)(TE.HandlerGetOpenMutexHandleW) -HandlerGetOpenMutexHandleW.restype = ULONG_PTR -HandlerGetProcessIdWhichCreatedMutex = WINFUNCTYPE(c_long, c_char_p)(TE.HandlerGetProcessIdWhichCreatedMutex) -HandlerGetProcessIdWhichCreatedMutexW = WINFUNCTYPE(c_long, c_wchar_p)(TE.HandlerGetProcessIdWhichCreatedMutexW) - -# TitanEngine.Injector.functions: -RemoteLoadLibrary = WINFUNCTYPE(c_bool, HANDLE, c_char_p, c_bool)(TE.RemoteLoadLibrary) -RemoteLoadLibraryW = WINFUNCTYPE(c_bool, HANDLE, c_wchar_p, c_bool)(TE.RemoteLoadLibraryW) -RemoteFreeLibrary = WINFUNCTYPE(c_bool, HANDLE, HMODULE, c_char_p, c_bool)(TE.RemoteFreeLibrary) -RemoteFreeLibraryW = WINFUNCTYPE(c_bool, HANDLE, HMODULE, c_wchar_p, c_bool)(TE.RemoteFreeLibraryW) -RemoteExitProcess = WINFUNCTYPE(c_bool, HANDLE, DWORD)(TE.RemoteExitProcess) - -# TitanEngine.StaticUnpacker.functions: -StaticFileLoad = WINFUNCTYPE(c_bool, c_char_p, DWORD, c_bool, LPHANDLE, LPDWORD, LPHANDLE, PULONG_PTR)(TE.StaticFileLoad) -StaticFileLoadW = WINFUNCTYPE(c_bool, c_wchar_p, DWORD, c_bool, LPHANDLE, LPDWORD, LPHANDLE, PULONG_PTR)(TE.StaticFileLoadW) -StaticFileUnload = WINFUNCTYPE(c_bool, c_char_p, c_bool, HANDLE, DWORD, HANDLE, ULONG_PTR)(TE.StaticFileUnload) -StaticFileUnloadW = WINFUNCTYPE(c_bool, c_wchar_p, c_bool, HANDLE, DWORD, HANDLE, ULONG_PTR)(TE.StaticFileUnloadW) -StaticFileOpen = WINFUNCTYPE(c_bool, c_char_p, DWORD, LPHANDLE, LPDWORD, LPDWORD)(TE.StaticFileOpen) -StaticFileOpenW = WINFUNCTYPE(c_bool, c_wchar_p, DWORD, LPHANDLE, LPDWORD, LPDWORD)(TE.StaticFileOpenW) -StaticFileGetContent = WINFUNCTYPE(c_bool, HANDLE, DWORD, LPDWORD, c_void_p, DWORD)(TE.StaticFileGetContent) -StaticFileClose = WINFUNCTYPE(None, HANDLE)(TE.StaticFileClose) -StaticMemoryDecrypt = WINFUNCTYPE(None, LPVOID, DWORD, DWORD, DWORD, ULONG_PTR)(TE.StaticMemoryDecrypt) -StaticMemoryDecryptEx = WINFUNCTYPE(None, LPVOID, DWORD, DWORD, c_void_p)(TE.StaticMemoryDecryptEx) -StaticMemoryDecryptSpecial = WINFUNCTYPE(None, LPVOID, DWORD, DWORD, DWORD, c_void_p)(TE.StaticMemoryDecryptSpecial) -StaticSectionDecrypt = WINFUNCTYPE(None, ULONG_PTR, DWORD, c_bool, DWORD, DWORD, ULONG_PTR)(TE.StaticSectionDecrypt) -StaticMemoryDecompress = WINFUNCTYPE(c_bool, c_void_p, DWORD, c_void_p, DWORD, c_int)(TE.StaticMemoryDecompress) -StaticRawMemoryCopy = WINFUNCTYPE(c_bool, HANDLE, ULONG_PTR, ULONG_PTR, DWORD, c_bool, c_char_p)(TE.StaticRawMemoryCopy) -StaticRawMemoryCopyW = WINFUNCTYPE(c_bool, HANDLE, ULONG_PTR, ULONG_PTR, DWORD, c_bool, c_wchar_p)(TE.StaticRawMemoryCopyW) -StaticRawMemoryCopyEx = WINFUNCTYPE(c_bool, HANDLE, DWORD, DWORD, c_char_p)(TE.StaticRawMemoryCopyEx) -StaticRawMemoryCopyExW = WINFUNCTYPE(c_bool, HANDLE, DWORD, DWORD, c_wchar_p)(TE.StaticRawMemoryCopyExW) -StaticRawMemoryCopyEx64 = WINFUNCTYPE(c_bool, HANDLE, DWORD64, DWORD64, c_char_p)(TE.StaticRawMemoryCopyEx64) -StaticRawMemoryCopyEx64W = WINFUNCTYPE(c_bool, HANDLE, DWORD64, DWORD64, c_wchar_p)(TE.StaticRawMemoryCopyEx64W) -StaticHashMemory = WINFUNCTYPE(c_bool, c_void_p, DWORD, c_void_p, c_bool, c_int)(TE.StaticHashMemory) -StaticHashFileW = WINFUNCTYPE(c_bool, c_wchar_p, c_char_p, c_bool, c_int)(TE.StaticHashFileW) -StaticHashFile = WINFUNCTYPE(c_bool, c_char_p, c_char_p, c_bool, c_int)(TE.StaticHashFile) - -# TitanEngine.Engine.functions: -EngineUnpackerInitialize = WINFUNCTYPE(None, c_char_p, c_char_p, c_bool, c_bool, c_bool, c_void_p)(TE.EngineUnpackerInitialize) -EngineUnpackerInitializeW = WINFUNCTYPE(None, c_wchar_p, c_wchar_p, c_bool, c_bool, c_bool, c_void_p)(TE.EngineUnpackerInitializeW) -EngineUnpackerSetBreakCondition = WINFUNCTYPE(c_bool, c_void_p, DWORD, c_void_p, DWORD, DWORD, ULONG_PTR, c_bool, DWORD, DWORD)(TE.EngineUnpackerSetBreakCondition) -EngineUnpackerSetEntryPointAddress = WINFUNCTYPE(None, ULONG_PTR)(TE.EngineUnpackerSetEntryPointAddress) -EngineUnpackerFinalizeUnpacking = WINFUNCTYPE(None)(TE.EngineUnpackerFinalizeUnpacking) - -# TitanEngine.Engine.functions: -SetEngineVariable = WINFUNCTYPE(None, DWORD, c_bool)(TE.SetEngineVariable) -EngineCreateMissingDependencies = WINFUNCTYPE(c_bool, c_char_p, c_char_p, c_bool)(TE.EngineCreateMissingDependencies) -EngineCreateMissingDependenciesW = WINFUNCTYPE(c_bool, c_wchar_p, c_wchar_p, c_bool)(TE.EngineCreateMissingDependenciesW) -EngineFakeMissingDependencies = WINFUNCTYPE(c_bool, HANDLE)(TE.EngineFakeMissingDependencies) -EngineDeleteCreatedDependencies = WINFUNCTYPE(c_bool)(TE.EngineDeleteCreatedDependencies) -EngineCreateUnpackerWindow = WINFUNCTYPE(c_bool, c_char_p, c_char_p, c_char_p, c_char_p, c_void_p)(TE.EngineCreateUnpackerWindow) -EngineAddUnpackerWindowLogMessage = WINFUNCTYPE(None, c_char_p)(TE.EngineAddUnpackerWindowLogMessage) -EngineCheckStructAlignment = WINFUNCTYPE(c_bool, DWORD, ULONG_PTR)(TE.EngineCheckStructAlignment) - -# Global.Engine.Extension.Functions: -ExtensionManagerIsPluginLoaded = WINFUNCTYPE(c_bool, c_char_p)(TE.ExtensionManagerIsPluginLoaded) -ExtensionManagerIsPluginEnabled = WINFUNCTYPE(c_bool, c_char_p)(TE.ExtensionManagerIsPluginEnabled) -ExtensionManagerDisableAllPlugins = WINFUNCTYPE(c_bool)(TE.ExtensionManagerDisableAllPlugins) -ExtensionManagerDisablePlugin = WINFUNCTYPE(c_bool, c_char_p)(TE.ExtensionManagerDisablePlugin) -ExtensionManagerEnableAllPlugins = WINFUNCTYPE(c_bool)(TE.ExtensionManagerEnableAllPlugins) -ExtensionManagerEnablePlugin = WINFUNCTYPE(c_bool, c_char_p)(TE.ExtensionManagerEnablePlugin) -ExtensionManagerUnloadAllPlugins = WINFUNCTYPE(c_bool)(TE.ExtensionManagerUnloadAllPlugins) -ExtensionManagerUnloadPlugin = WINFUNCTYPE(c_bool, c_char_p)(TE.ExtensionManagerUnloadPlugin) -ExtensionManagerGetPluginInfo = WINFUNCTYPE(c_void_p, c_char_p)(TE.ExtensionManagerGetPluginInfo) -ExtensionManagerGetPluginInfo.restype = POINTER(PluginInformation) diff --git a/TitanEngine/TitanEngine.vcxproj b/TitanEngine/TitanEngine.vcxproj index bf8aebe..e01a540 100644 --- a/TitanEngine/TitanEngine.vcxproj +++ b/TitanEngine/TitanEngine.vcxproj @@ -297,8 +297,6 @@ - - @@ -336,10 +334,6 @@ - - - - diff --git a/TitanEngine/TitanEngine.vcxproj.filters b/TitanEngine/TitanEngine.vcxproj.filters index 24326e7..95ca98a 100644 --- a/TitanEngine/TitanEngine.vcxproj.filters +++ b/TitanEngine/TitanEngine.vcxproj.filters @@ -37,21 +37,6 @@ {2efe2f1a-4ee7-4249-a67c-c51a63aa8f0d} - - {a1fcc566-fbcf-45e0-a99e-0dc7c8f1f3b1} - - - {6ead5e95-3e59-431b-a190-f031c0195a6c} - - - {4f08d968-e800-4208-b62a-147d69620060} - - - {1012361d-2057-4706-9c0f-e864e2c7a7c5} - - - {a7ccfa4b-cc58-4f5f-88a1-35d65ab8b5a9} - @@ -332,12 +317,6 @@ Header Files\SDK\C - - Header Files\SDK\CPP - - - Header Files\SDK\CPP - Header Files\TitanEngine @@ -363,17 +342,5 @@ Header Files\TitanEngine - - Header Files\SDK\Delphi - - - Header Files\SDK\LUA - - - Header Files\SDK\MASM - - - Header Files\SDK\Python - \ No newline at end of file