x64dbg
/
TitanEngine
mirror of https://github.com/x64dbg/TitanEngine
1
0
Fork 0
Code Releases Activity

- updated codeblocks project 

- update scylla_wrapper_x64
- AStyle formatting
- TCHAR->WCHAR (somehow didn't compile here), also explicit lstrcatW/lstrcpyW
This commit is contained in:
mr.exodia 2014-01-16 21:16:03 +01:00
parent b29e53cd16
commit 4bda97ecba
6 changed files with 208 additions and 187 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
TitanEngine/TitanEngine.cbp
View File

@ -22,6 +22,7 @@
</Compiler> </Compiler>
<Linker> <Linker>
<Add option="/DEF:TitanEngine.def" /> <Add option="/DEF:TitanEngine.def" />
<Add library=".\scylla_wrapper_x86.lib" />
<Add library=".\distorm_x86.lib" /> <Add library=".\distorm_x86.lib" />
<Add library="Imagehlp.lib" /> <Add library="Imagehlp.lib" />
<Add library="psapi.lib" /> <Add library="psapi.lib" />
@ -42,6 +43,7 @@
<Add option="/DUNPACKERENGINE_EXPORTS" /> <Add option="/DUNPACKERENGINE_EXPORTS" />
</Compiler> </Compiler>
<Linker> <Linker>
<Add library=".\scylla_wrapper_x64.lib" />
<Add library=".\distorm_x64.lib" /> <Add library=".\distorm_x64.lib" />
<Add library="Imagehlp.lib" /> <Add library="Imagehlp.lib" />
<Add library="psapi.lib" /> <Add library="psapi.lib" />
@ -54,11 +56,11 @@
<Add library="comdlg32" /> <Add library="comdlg32" />
<Add library="shell32" /> <Add library="shell32" />
</Linker> </Linker>
<Unit filename="3rdparty-definitions.h" />
<Unit filename="LzmaDec.cpp" /> <Unit filename="LzmaDec.cpp" />
<Unit filename="LzmaDec.h" /> <Unit filename="LzmaDec.h" />
<Unit filename="LzmaTypes.h" /> <Unit filename="LzmaTypes.h" />
<Unit filename="TitanEngine.cpp" /> <Unit filename="TitanEngine.cpp" />
<Unit filename="TitanEngine.h" />
<Unit filename="TitanEngine.rc"> <Unit filename="TitanEngine.rc">
<Option compilerVar="WINDRES" /> <Option compilerVar="WINDRES" />
</Unit> </Unit>

42
TitanEngine/TitanEngine.cpp
View File

@ -18723,7 +18723,8 @@ __declspec(dllexport) void TITCALL ImporterMoveIAT()
} }
__declspec(dllexport) bool TITCALL ImporterExportIAT(ULONG_PTR StorePlace, ULONG_PTR FileMapVA, HANDLE hFileMap) __declspec(dllexport) bool TITCALL ImporterExportIAT(ULONG_PTR StorePlace, ULONG_PTR FileMapVA, HANDLE hFileMap)
{ {
if(scylla_fixMappedDump(StorePlace, FileMapVA, hFileMap) != SCY_ERROR_SUCCESS) { if(scylla_fixMappedDump(StorePlace, FileMapVA, hFileMap) != SCY_ERROR_SUCCESS)
{
return false; return false;
} }
@ -18781,7 +18782,8 @@ __declspec(dllexport) bool TITCALL ImporterExportIATEx(char* szDumpFileName, cha
} }
__declspec(dllexport) bool TITCALL ImporterExportIATExW(wchar_t* szDumpFileName, wchar_t* szExportFileName, wchar_t* szSectionName) __declspec(dllexport) bool TITCALL ImporterExportIATExW(wchar_t* szDumpFileName, wchar_t* szExportFileName, wchar_t* szSectionName)
{ {
if(scylla_fixDump(szDumpFileName, szExportFileName, szSectionName) != SCY_ERROR_SUCCESS) { if(scylla_fixDump(szDumpFileName, szExportFileName, szSectionName) != SCY_ERROR_SUCCESS)
{
return false; return false;
} }
@ -19459,7 +19461,8 @@ __declspec(dllexport) void TITCALL ImporterAutoSearchIATW(DWORD ProcessId, wchar
scylla_searchIAT(ProcessId, iatStart, iatSize, SearchStart, false); scylla_searchIAT(ProcessId, iatStart, iatSize, SearchStart, false);
//we also try to automatically read imports so following call to ExportIAT has a chance //we also try to automatically read imports so following call to ExportIAT has a chance
if(iatStart != NULL && iatSize != NULL) { if(iatStart != NULL && iatSize != NULL)
{
scylla_getImports(iatStart, iatSize, ProcessId); scylla_getImports(iatStart, iatSize, ProcessId);
} }
@ -19596,19 +19599,19 @@ __declspec(dllexport) long TITCALL ImporterAutoFixIATExW(DWORD ProcessId, wchar_
ULONG_PTR FileMapVA; ULONG_PTR FileMapVA;
ULONG_PTR iatStart = NULL; ULONG_PTR iatStart = NULL;
DWORD iatSize = NULL; DWORD iatSize = NULL;
TCHAR IatFixFileName[MAX_PATH]; WCHAR IatFixFileName[MAX_PATH];
TCHAR DumpFileName[MAX_PATH]; WCHAR DumpFileName[MAX_PATH];
lstrcpy(DumpFileName, szDumpedFile); lstrcpyW(DumpFileName, szDumpedFile);
TCHAR* Extension = wcsrchr(DumpFileName, L'.'); WCHAR* Extension = wcsrchr(DumpFileName, L'.');
TCHAR Bak = *Extension; WCHAR Bak = *Extension;
*Extension = 0; *Extension = 0;
lstrcpy(IatFixFileName, DumpFileName); lstrcpyW(IatFixFileName, DumpFileName);
*Extension = Bak; *Extension = Bak;
lstrcat(IatFixFileName, L"_scy"); lstrcatW(IatFixFileName, L"_scy");
lstrcat(IatFixFileName, Extension); lstrcatW(IatFixFileName, Extension);
lstrcat(DumpFileName, Extension); lstrcatW(DumpFileName, Extension);
//do we need to dump first? //do we need to dump first?
if(DumpRunningProcess) if(DumpRunningProcess)
@ -19624,24 +19627,29 @@ __declspec(dllexport) long TITCALL ImporterAutoFixIATExW(DWORD ProcessId, wchar_
//we need to fix iat, thats for sure //we need to fix iat, thats for sure
int ret = scylla_searchIAT(ProcessId, iatStart, iatSize, SearchStart, false); int ret = scylla_searchIAT(ProcessId, iatStart, iatSize, SearchStart, false);
if(ret != SCY_ERROR_SUCCESS) { if(ret != SCY_ERROR_SUCCESS)
if(ret == SCY_ERROR_PROCOPEN) { {
if(ret == SCY_ERROR_PROCOPEN)
{
return (0x401); //error proc terminated return (0x401); //error proc terminated
} }
if(ret == SCY_ERROR_IATNOTFOUND || ret == SCY_ERROR_IATSEARCH) { if(ret == SCY_ERROR_IATNOTFOUND || ret == SCY_ERROR_IATSEARCH)
{
return (0x405); //no API found return (0x405); //no API found
} }
} }
scylla_getImports(iatStart, iatSize, ProcessId, UnknownPointerFixCallback); scylla_getImports(iatStart, iatSize, ProcessId, UnknownPointerFixCallback);
if(!scylla_importsValid()) { if(!scylla_importsValid())
{
return (0x405); return (0x405);
} }
ret = scylla_fixDump(szDumpedFile, IatFixFileName, szSectionName); ret = scylla_fixDump(szDumpedFile, IatFixFileName, szSectionName);
if(ret == SCY_ERROR_IATWRITE) { if(ret == SCY_ERROR_IATWRITE)
{
return (0x407); return (0x407);
} }

29
TitanEngine/distorm.h
View File

@ -115,11 +115,15 @@ typedef unsigned __int8 uint8_t;
/* Decodes modes of the disassembler, 16 bits or 32 bits or 64 bits for AMD64, x86-64. */ /* Decodes modes of the disassembler, 16 bits or 32 bits or 64 bits for AMD64, x86-64. */
typedef enum { Decode16Bits = 0, Decode32Bits = 1, Decode64Bits = 2 } _DecodeType; typedef enum {
Decode16Bits = 0, Decode32Bits = 1, Decode64Bits = 2
}
_DecodeType;
typedef OFFSET_INTEGER _OffsetType; typedef OFFSET_INTEGER _OffsetType;
typedef struct { typedef struct
{
_OffsetType codeOffset, nextOffset; /* nextOffset is OUT only. */ _OffsetType codeOffset, nextOffset; /* nextOffset is OUT only. */
const uint8_t* code; const uint8_t* code;
int codeLen; /* Using signed integer makes it easier to detect an underflow. */ int codeLen; /* Using signed integer makes it easier to detect an underflow. */
@ -129,7 +133,8 @@ typedef struct {
typedef enum { O_NONE, O_REG, O_IMM, O_IMM1, O_IMM2, O_DISP, O_SMEM, O_MEM, O_PC, O_PTR } _OperandType; typedef enum { O_NONE, O_REG, O_IMM, O_IMM1, O_IMM2, O_DISP, O_SMEM, O_MEM, O_PC, O_PTR } _OperandType;
typedef union { typedef union
{
/* Used by O_IMM: */ /* Used by O_IMM: */
int8_t sbyte; int8_t sbyte;
uint8_t byte; uint8_t byte;
@ -144,20 +149,23 @@ typedef union {
_OffsetType addr; /* It's a relative offset as for now. */ _OffsetType addr; /* It's a relative offset as for now. */
/* Used by O_PTR: */ /* Used by O_PTR: */
struct { struct
{
uint16_t seg; uint16_t seg;
/* Can be 16 or 32 bits, size is in ops[n].size. */ /* Can be 16 or 32 bits, size is in ops[n].size. */
uint32_t off; uint32_t off;
} ptr; } ptr;
/* Used by O_IMM1 (i1) and O_IMM2 (i2). ENTER instruction only. */ /* Used by O_IMM1 (i1) and O_IMM2 (i2). ENTER instruction only. */
struct { struct
{
uint32_t i1; uint32_t i1;
uint32_t i2; uint32_t i2;
} ex; } ex;
} _Value; } _Value;
typedef struct { typedef struct
{
/* Type of operand: /* Type of operand:
O_NONE: operand is to be ignored. O_NONE: operand is to be ignored.
O_REG: index holds global register index. O_REG: index holds global register index.
@ -231,7 +239,8 @@ typedef struct {
#define OPERANDS_NO (4) #define OPERANDS_NO (4)
typedef struct { typedef struct
{
/* Used by ops[n].type == O_IMM/O_IMM1&O_IMM2/O_PTR/O_PC. Its size is ops[n].size. */ /* Used by ops[n].type == O_IMM/O_IMM1&O_IMM2/O_PTR/O_PC. Its size is ops[n].size. */
_Value imm; _Value imm;
/* Used by ops[n].type == O_SMEM/O_MEM/O_DISP. Its size is dispSize. */ /* Used by ops[n].type == O_SMEM/O_MEM/O_DISP. Its size is dispSize. */
@ -265,7 +274,8 @@ typedef struct {
/* Static size of strings. Do not change this value. Keep Python wrapper in sync. */ /* Static size of strings. Do not change this value. Keep Python wrapper in sync. */
#define MAX_TEXT_SIZE (48) #define MAX_TEXT_SIZE (48)
typedef struct { typedef struct
{
unsigned int length; unsigned int length;
unsigned char p[MAX_TEXT_SIZE]; /* p is a null terminated string. */ unsigned char p[MAX_TEXT_SIZE]; /* p is a null terminated string. */
} _WString; } _WString;
@ -275,7 +285,8 @@ typedef struct {
* Used only for backward compatibility with diStorm64. * Used only for backward compatibility with diStorm64.
* This structure holds all information the disassembler generates per instruction. * This structure holds all information the disassembler generates per instruction.
*/ */
typedef struct { typedef struct
{
_WString mnemonic; /* Mnemonic of decoded instruction, prefixed if required by REP, LOCK etc. */ _WString mnemonic; /* Mnemonic of decoded instruction, prefixed if required by REP, LOCK etc. */
_WString operands; /* Operands of the decoded instruction, up to 3 operands, comma-seperated. */ _WString operands; /* Operands of the decoded instruction, up to 3 operands, comma-seperated. */
_WString instructionHex; /* Hex dump - little endian, including prefixes. */ _WString instructionHex; /* Hex dump - little endian, including prefixes. */

BIN
TitanEngine/scylla_wrapper_x64.lib
View File

Binary file not shown.

BIN
TitanEngine/scylla_wrapperd_x64.lib
View File

Binary file not shown.