x64dbg
/
TitanEngine
mirror of https://github.com/x64dbg/TitanEngine
1
0
Fork 0
Code Releases Activity

Add CMake project

This commit is contained in:
Duncan Ogilvie 2026-04-12 14:34:41 +02:00
parent 95f332cacd
commit 4cdefb80c6
31 changed files with 773 additions and 310 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitattributes vendored Normal file
View File

@ -0,0 +1,3 @@
# cmkr
/**/CMakeLists.txt linguist-generated
/**/cmkr.cmake linguist-vendored

337
.gitignore vendored
View File

@ -1,166 +1,171 @@
## Ignore Visual Studio temporary files, build results, and
## files generated by popular Visual Studio add-ons.
# User-specific files
*.suo
*.user
*.sln.docstates
# Build results
[Dd]ebug/
[Rr]elease/
x64/
Win32/
build/
[Bb]in/
[Oo]bj/
.vs/
# Enable "build/" folder in the NuGet Packages folder since NuGet packages use it for MSBuild targets
!packages/*/build/
# MSTest test Results
[Tt]est[Rr]esult*/
[Bb]uild[Ll]og.*
*_i.c
*_p.c
*.ilk
*.meta
*.obj
*.pch
*.pdb
*.pgc
*.pgd
*.rsp
*.sbr
*.tlb
*.tli
*.tlh
*.tmp
*.tmp_proj
*.log
*.vspscc
*.vssscc
.builds
*.pidb
*.log
*.scc
# Visual C++ cache files
ipch/
*.aps
*.ncb
*.opensdf
*.sdf
*.cachefile
# Visual Studio profiler
*.psess
*.vsp
*.vspx
# Guidance Automation Toolkit
*.gpState
# ReSharper is a .NET coding add-in
_ReSharper*/
*.[Rr]e[Ss]harper
# TeamCity is a build add-in
_TeamCity*
# DotCover is a Code Coverage Tool
*.dotCover
# NCrunch
*.ncrunch*
.*crunch*.local.xml
# Installshield output folder
[Ee]xpress/
# DocProject is a documentation generator add-in
DocProject/buildhelp/
DocProject/Help/*.HxT
DocProject/Help/*.HxC
DocProject/Help/*.hhc
DocProject/Help/*.hhk
DocProject/Help/*.hhp
DocProject/Help/Html2
DocProject/Help/html
# Click-Once directory
publish/
# Publish Web Output
*.Publish.xml
*.pubxml
# NuGet Packages Directory
## TODO: If you have NuGet Package Restore enabled, uncomment the next line
#packages/
# Windows Azure Build Output
csx
*.build.csdef
# Windows Store app package directory
AppPackages/
# Others
sql/
*.Cache
ClientBin/
[Ss]tyle[Cc]op.*
~$*
*~
*.dbmdl
*.[Pp]ublish.xml
*.pfx
*.publishsettings
# RIA/Silverlight projects
Generated_Code/
# Backup & report files from converting an old project file to a newer
# Visual Studio version. Backup files are not needed, because we have git ;-)
_UpgradeReport_Files/
Backup*/
UpgradeLog*.XML
UpgradeLog*.htm
# SQL Server files
App_Data/*.mdf
App_Data/*.ldf
# =========================
# Windows detritus
# =========================
# Windows image file caches
Thumbs.db
ehthumbs.db
# Folder config file
Desktop.ini
# Recycle Bin used on file shares
$RECYCLE.BIN/
# Mac crap
.DS_Store
*.cscope_file_list
*.bmarks
*.depend
*.layout
*.orig
*.cbTemp
cov-*
coverity*
*.user
# Release
deps/
## Ignore Visual Studio temporary files, build results, and
## files generated by popular Visual Studio add-ons.
# User-specific files
*.suo
*.user
*.sln.docstates
# Build results
[Dd]ebug/
[Rr]elease/
x64/
Win32/
build/
[Bb]in/
[Oo]bj/
.vs/
# Enable "build/" folder in the NuGet Packages folder since NuGet packages use it for MSBuild targets
!packages/*/build/
# MSTest test Results
[Tt]est[Rr]esult*/
[Bb]uild[Ll]og.*
*_i.c
*_p.c
*.ilk
*.meta
*.obj
*.pch
*.pdb
*.pgc
*.pgd
*.rsp
*.sbr
*.tlb
*.tli
*.tlh
*.tmp
*.tmp_proj
*.log
*.vspscc
*.vssscc
.builds
*.pidb
*.log
*.scc
# Visual C++ cache files
ipch/
*.aps
*.ncb
*.opensdf
*.sdf
*.cachefile
# Visual Studio profiler
*.psess
*.vsp
*.vspx
# Guidance Automation Toolkit
*.gpState
# ReSharper is a .NET coding add-in
_ReSharper*/
*.[Rr]e[Ss]harper
# TeamCity is a build add-in
_TeamCity*
# DotCover is a Code Coverage Tool
*.dotCover
# NCrunch
*.ncrunch*
.*crunch*.local.xml
# Installshield output folder
[Ee]xpress/
# DocProject is a documentation generator add-in
DocProject/buildhelp/
DocProject/Help/*.HxT
DocProject/Help/*.HxC
DocProject/Help/*.hhc
DocProject/Help/*.hhk
DocProject/Help/*.hhp
DocProject/Help/Html2
DocProject/Help/html
# Click-Once directory
publish/
# Publish Web Output
*.Publish.xml
*.pubxml
# NuGet Packages Directory
## TODO: If you have NuGet Package Restore enabled, uncomment the next line
#packages/
# Windows Azure Build Output
csx
*.build.csdef
# Windows Store app package directory
AppPackages/
# Others
sql/
*.Cache
ClientBin/
[Ss]tyle[Cc]op.*
~$*
*~
*.dbmdl
*.[Pp]ublish.xml
*.pfx
*.publishsettings
# RIA/Silverlight projects
Generated_Code/
# Backup & report files from converting an old project file to a newer
# Visual Studio version. Backup files are not needed, because we have git ;-)
_UpgradeReport_Files/
Backup*/
UpgradeLog*.XML
UpgradeLog*.htm
# SQL Server files
App_Data/*.mdf
App_Data/*.ldf
# =========================
# Windows detritus
# =========================
# Windows image file caches
Thumbs.db
ehthumbs.db
# Folder config file
Desktop.ini
# Recycle Bin used on file shares
$RECYCLE.BIN/
# Mac crap
.DS_Store
*.cscope_file_list
*.bmarks
*.depend
*.layout
*.orig
*.cbTemp
cov-*
coverity*
*.user
# Release
deps/
# CMake
build*/
cmake-build*/
CMakeUserPresets.json

237
CMakeLists.txt generated Normal file
View File

@ -0,0 +1,237 @@
# This file is automatically generated from cmake.toml - DO NOT EDIT
# See https://github.com/build-cpp/cmkr for more information
cmake_minimum_required(VERSION 3.15)
if(CMAKE_SOURCE_DIR STREQUAL CMAKE_BINARY_DIR)
message(FATAL_ERROR "In-tree builds are not supported. Run CMake from a separate directory: cmake -B build")
endif()
# Enable support for MSVC_RUNTIME_LIBRARY
cmake_policy(SET CMP0091 NEW)
set(CMKR_ROOT_PROJECT OFF)
if(CMAKE_CURRENT_SOURCE_DIR STREQUAL CMAKE_SOURCE_DIR)
set(CMKR_ROOT_PROJECT ON)
# Bootstrap cmkr and automatically regenerate CMakeLists.txt
include(cmkr.cmake OPTIONAL RESULT_VARIABLE CMKR_INCLUDE_RESULT)
if(CMKR_INCLUDE_RESULT)
cmkr()
endif()
# Enable folder support
set_property(GLOBAL PROPERTY USE_FOLDERS ON)
# Create a configure-time dependency on cmake.toml to improve IDE support
set_property(DIRECTORY APPEND PROPERTY CMAKE_CONFIGURE_DEPENDS cmake.toml)
if(NOT DEFINED CMAKE_MSVC_RUNTIME_LIBRARY)
set(CMAKE_MSVC_RUNTIME_LIBRARY "MultiThreaded$<$<CONFIG:Debug>:Debug>")
endif()
endif()
# Options
option(TITANENGINE_RESOURCES "" ON)
project(TitanEngine
LANGUAGES
C
CXX
)
# Target: distorm
set(distorm_SOURCES
cmake.toml
"distorm/include/distorm.h"
"distorm/include/mnemonics.h"
"distorm/src/distorm.c"
)
add_library(distorm STATIC)
target_sources(distorm PRIVATE ${distorm_SOURCES})
source_group(TREE ${CMAKE_CURRENT_SOURCE_DIR} FILES ${distorm_SOURCES})
target_include_directories(distorm PUBLIC
"distorm/include"
)
# Target: scylla_wrapper
set(scylla_wrapper_SOURCES
cmake.toml
"scylla_wrapper/ApiReader.cpp"
"scylla_wrapper/ApiReader.h"
"scylla_wrapper/Architecture.cpp"
"scylla_wrapper/Architecture.h"
"scylla_wrapper/DeviceNameResolver.cpp"
"scylla_wrapper/DeviceNameResolver.h"
"scylla_wrapper/IATReferenceScan.cpp"
"scylla_wrapper/IATReferenceScan.h"
"scylla_wrapper/IATSearch.cpp"
"scylla_wrapper/IATSearch.h"
"scylla_wrapper/ImportRebuilder.cpp"
"scylla_wrapper/ImportRebuilder.h"
"scylla_wrapper/NativeWinApi.cpp"
"scylla_wrapper/NativeWinApi.h"
"scylla_wrapper/PeParser.cpp"
"scylla_wrapper/PeParser.h"
"scylla_wrapper/ProcessAccessHelp.cpp"
"scylla_wrapper/ProcessAccessHelp.h"
"scylla_wrapper/ProcessLister.cpp"
"scylla_wrapper/ProcessLister.h"
"scylla_wrapper/StringConversion.cpp"
"scylla_wrapper/StringConversion.h"
"scylla_wrapper/SystemInformation.cpp"
"scylla_wrapper/SystemInformation.h"
"scylla_wrapper/Thunks.cpp"
"scylla_wrapper/Thunks.h"
"scylla_wrapper/include/scylla_wrapper.h"
"scylla_wrapper/mnemonics.h"
"scylla_wrapper/scylla_wrapper.cpp"
"scylla_wrapper/stdafx.cpp"
"scylla_wrapper/stdafx.h"
"scylla_wrapper/targetver.h"
)
add_library(scylla_wrapper STATIC)
target_sources(scylla_wrapper PRIVATE ${scylla_wrapper_SOURCES})
source_group(TREE ${CMAKE_CURRENT_SOURCE_DIR} FILES ${scylla_wrapper_SOURCES})
target_include_directories(scylla_wrapper PUBLIC
"scylla_wrapper/include"
)
if(NOT TARGET distorm)
message(FATAL_ERROR "Target \"distorm\" referenced by \"scylla_wrapper\" does not exist!")
endif()
target_link_libraries(scylla_wrapper PUBLIC
distorm
)
# Target: TitanEngine
set(TitanEngine_SOURCES
"TitanEngine/Global.Breakpoints.cpp"
"TitanEngine/Global.Breakpoints.h"
"TitanEngine/Global.Debugger.cpp"
"TitanEngine/Global.Debugger.h"
"TitanEngine/Global.Engine.Context.cpp"
"TitanEngine/Global.Engine.Context.h"
"TitanEngine/Global.Engine.GUI.cpp"
"TitanEngine/Global.Engine.GUI.h"
"TitanEngine/Global.Engine.Hash.cpp"
"TitanEngine/Global.Engine.Hash.h"
"TitanEngine/Global.Engine.Hider.cpp"
"TitanEngine/Global.Engine.Hider.h"
"TitanEngine/Global.Engine.Hook.cpp"
"TitanEngine/Global.Engine.Hook.h"
"TitanEngine/Global.Engine.Importer.cpp"
"TitanEngine/Global.Engine.Importer.h"
"TitanEngine/Global.Engine.Simplification.cpp"
"TitanEngine/Global.Engine.Simplification.h"
"TitanEngine/Global.Engine.Threading.cpp"
"TitanEngine/Global.Engine.Threading.h"
"TitanEngine/Global.Engine.cpp"
"TitanEngine/Global.Engine.h"
"TitanEngine/Global.Garbage.cpp"
"TitanEngine/Global.Garbage.h"
"TitanEngine/Global.Handle.cpp"
"TitanEngine/Global.Handle.h"
"TitanEngine/Global.Helper.cpp"
"TitanEngine/Global.Helper.h"
"TitanEngine/Global.Injector.cpp"
"TitanEngine/Global.Injector.h"
"TitanEngine/Global.Librarian.cpp"
"TitanEngine/Global.Librarian.h"
"TitanEngine/Global.Mapping.cpp"
"TitanEngine/Global.Mapping.h"
"TitanEngine/Global.OEPFinder.cpp"
"TitanEngine/Global.OEPFinder.h"
"TitanEngine/Global.Realigner.cpp"
"TitanEngine/Global.Realigner.h"
"TitanEngine/Global.TLS.cpp"
"TitanEngine/Global.TLS.h"
"TitanEngine/Global.Threader.cpp"
"TitanEngine/Global.Threader.h"
"TitanEngine/LzmaDec.cpp"
"TitanEngine/LzmaDec.h"
"TitanEngine/LzmaTypes.h"
"TitanEngine/TitanEngine.Breakpoints.cpp"
"TitanEngine/TitanEngine.Debugger.Context.cpp"
"TitanEngine/TitanEngine.Debugger.Control.cpp"
"TitanEngine/TitanEngine.Debugger.Data.cpp"
"TitanEngine/TitanEngine.Debugger.DebugLoop.cpp"
"TitanEngine/TitanEngine.Debugger.Helper.cpp"
"TitanEngine/TitanEngine.Debugger.Memory.cpp"
"TitanEngine/TitanEngine.Debugger.cpp"
"TitanEngine/TitanEngine.Disassembler.cpp"
"TitanEngine/TitanEngine.Dumper.cpp"
"TitanEngine/TitanEngine.Engine.Simplification.cpp"
"TitanEngine/TitanEngine.Engine.cpp"
"TitanEngine/TitanEngine.Exporter.cpp"
"TitanEngine/TitanEngine.Handler.cpp"
"TitanEngine/TitanEngine.Hider.cpp"
"TitanEngine/TitanEngine.Hooks.cpp"
"TitanEngine/TitanEngine.Importer.cpp"
"TitanEngine/TitanEngine.Injector.cpp"
"TitanEngine/TitanEngine.Librarian.cpp"
"TitanEngine/TitanEngine.OEPFinder.cpp"
"TitanEngine/TitanEngine.PE.Convert.cpp"
"TitanEngine/TitanEngine.PE.Data.cpp"
"TitanEngine/TitanEngine.PE.Fixer.cpp"
"TitanEngine/TitanEngine.PE.Overlay.cpp"
"TitanEngine/TitanEngine.PE.Section.cpp"
"TitanEngine/TitanEngine.PE.cpp"
"TitanEngine/TitanEngine.Process.cpp"
"TitanEngine/TitanEngine.Realigner.cpp"
"TitanEngine/TitanEngine.Relocator.cpp"
"TitanEngine/TitanEngine.Resourcer.cpp"
"TitanEngine/TitanEngine.Static.cpp"
"TitanEngine/TitanEngine.TLS.cpp"
"TitanEngine/TitanEngine.Threader.cpp"
"TitanEngine/TitanEngine.Tracer.cpp"
"TitanEngine/TitanEngine.TranslateName.cpp"
"TitanEngine/TitanEngine.cpp"
"TitanEngine/aplib.h"
"TitanEngine/definitions.h"
"TitanEngine/ntdll.h"
"TitanEngine/resource.h"
"TitanEngine/stdafx.cpp"
"TitanEngine/stdafx.h"
"TitanEngine/targetver.h"
cmake.toml
)
if(TITANENGINE_RESOURCES) # TITANENGINE_RESOURCES
list(APPEND TitanEngine_SOURCES
"TitanEngine/TitanEngine.rc"
)
endif()
add_library(TitanEngine SHARED)
target_sources(TitanEngine PRIVATE ${TitanEngine_SOURCES})
source_group(TREE ${CMAKE_CURRENT_SOURCE_DIR} FILES ${TitanEngine_SOURCES})
if(NOT TARGET scylla_wrapper)
message(FATAL_ERROR "Target \"scylla_wrapper\" referenced by \"TitanEngine\" does not exist!")
endif()
target_link_libraries(TitanEngine PRIVATE
scylla_wrapper
Psapi.lib
)
if(CMAKE_SIZEOF_VOID_P EQUAL 8) # x64
target_link_libraries(TitanEngine PRIVATE
"${CMAKE_CURRENT_SOURCE_DIR}/TitanEngine/ntdll_x64.lib"
)
endif()
if(CMAKE_SIZEOF_VOID_P EQUAL 4) # x32
target_link_libraries(TitanEngine PRIVATE
"${CMAKE_CURRENT_SOURCE_DIR}/TitanEngine/ntdll_x86.lib"
)
endif()

4
TitanEngine/Global.Injector.cpp
View File

@ -126,7 +126,7 @@ long injectedImpRec(LPVOID Parameter)
HANDLE hFileMap;
PInjectImpRecCodeData APIData = (PInjectImpRecCodeData)Parameter;
LPVOID szFileName = (LPVOID)((ULONG_PTR)Parameter + sizeof InjectImpRecCodeData);
typedef ULONG_PTR(__cdecl * fTrace)(DWORD hFileMap, DWORD dwSizeMap, DWORD dwTimeOut, DWORD dwToTrace, DWORD dwExactCall);
typedef ULONG_PTR(__cdecl * fTrace)(HANDLE hFileMap, DWORD dwSizeMap, DWORD dwTimeOut, DWORD dwToTrace, DWORD dwExactCall);
typedef HANDLE(WINAPI * fCreateFileW)(LPCWSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile);
typedef HANDLE(WINAPI * fCreateFileMappingA)(HANDLE hFile, LPSECURITY_ATTRIBUTES lpFileMappingAttributes, DWORD flProtect, DWORD dwMaximumSizeHigh, DWORD dwMaximumSizeLow, LPCSTR lpName);
typedef BOOL(__cdecl * fCloseHandle)(HANDLE hHandle);
@ -139,7 +139,7 @@ long injectedImpRec(LPVOID Parameter)
if(hFile != INVALID_HANDLE_VALUE)
{
hFileMap = cCreateFileMappingA(hFile, NULL, 4, NULL, 0x100, NULL);
cTrace((DWORD)hFileMap, 0x100, -1, (DWORD)APIData->AddressToTrace, NULL);
cTrace(hFileMap, 0x100, -1, (DWORD)APIData->AddressToTrace, NULL);
cCloseHandle(hFile);
return(1);
}

2
TitanEngine/TitanEngine.Engine.Simplification.cpp
View File

@ -86,7 +86,7 @@ __declspec(dllexport) bool TITCALL EngineUnpackerSetBreakCondition(void* SearchS
DWORD fBreakPointType = UE_BREAKPOINT;
UnpackerInformation fUnpackerInformation = {};
if((int)SearchStart == UE_UNPACKER_CONDITION_SEARCH_FROM_EP)
if(SearchStart == (void*)(DWORD_PTR)UE_UNPACKER_CONDITION_SEARCH_FROM_EP)
{
if(EngineUnpackerFileStatus.FileIsDLL)
{

2
TitanEngine/TitanEngine.Engine.cpp
View File

@ -322,7 +322,7 @@ __declspec(dllexport) bool TITCALL EngineCreateUnpackerWindow(char* WindowUnpack
}
}
__declspec(dllexport) void TITCALL EngineAddUnpackerWindowLogMessage(char* szLogMessage)
__declspec(dllexport) void TITCALL EngineAddUnpackerWindowLogMessage(const char* szLogMessage)
{
int cSelect;

2
TitanEngine/TitanEngine.Importer.cpp
View File

@ -66,7 +66,7 @@ __declspec(dllexport) bool TITCALL ImporterExportIATEx(char* szDumpFileName, cha
return false;
}
__declspec(dllexport) bool TITCALL ImporterExportIATExW(wchar_t* szDumpFileName, wchar_t* szExportFileName, wchar_t* szSectionName)
__declspec(dllexport) bool TITCALL ImporterExportIATExW(wchar_t* szDumpFileName, wchar_t* szExportFileName, const wchar_t* szSectionName)
{
return (scylla_fixDump(szDumpFileName, szExportFileName, szSectionName) == SCY_ERROR_SUCCESS);
}

4
TitanEngine/TitanEngine.Static.cpp
View File

@ -448,7 +448,9 @@ __declspec(dllexport) bool TITCALL StaticMemoryDecompress(void* Source, DWORD So
}
else if(Algorithm == UE_STATIC_LZMA)
{
if(LzmaDecode((unsigned char*)Destination, (size_t*)DestinationSize, (unsigned char*)Source, (size_t*)SourceSize, (unsigned char*)&lzProps, LZMA_PROPS_SIZE, LZMA_FINISH_ANY, &lzStatus, &lzAlloc) == SZ_OK)
size_t destLen = DestinationSize;
size_t srcLen = SourceSize;
if(LzmaDecode((unsigned char*)Destination, &destLen, (unsigned char*)Source, &srcLen, (unsigned char*)&lzProps, LZMA_PROPS_SIZE, LZMA_FINISH_ANY, &lzStatus, &lzAlloc) == SZ_OK)
{
return true;
}

4
TitanEngine/TitanEngine.Threader.cpp
View File

@ -95,7 +95,7 @@ __declspec(dllexport) bool TITCALL ThreaderImportRunningThreadData(DWORD Process
while(TRUE)
{
if(pIter->UniqueProcessId == (HANDLE)dwProcessId)
if(pIter->UniqueProcessId == (HANDLE)(DWORD_PTR)dwProcessId)
{
pIterThread = &pIter->Threads[0];
for(ULONG i = 0; i < pIter->NumberOfThreads; i++)
@ -110,7 +110,7 @@ __declspec(dllexport) bool TITCALL ThreaderImportRunningThreadData(DWORD Process
NewThreadData.ThreadState = pIterThread->ThreadState;
NewThreadData.WaitReason = pIterThread->WaitReason;
NewThreadData.WaitTime = pIterThread->WaitTime;
NewThreadData.dwThreadId = (DWORD)pIterThread->ClientId.UniqueThread;
NewThreadData.dwThreadId = (DWORD)(DWORD_PTR)pIterThread->ClientId.UniqueThread;
NewThreadData.hThread = EngineOpenThread(THREAD_ALL_ACCESS, FALSE, NewThreadData.dwThreadId);
if(NewThreadData.hThread)

10
TitanEngine/TitanEngine.Tracer.cpp
View File

@ -1176,7 +1176,7 @@ __declspec(dllexport) ULONG_PTR TITCALL TracerFixKnownRedirection(HANDLE hProces
if(ReadProcessMemory(hProcess, (LPVOID)AddressToTrace, TracerReadMemory, MaximumReadSize, &ueNumberOfBytesRead))
{
RtlMoveMemory(&TestAddressX86, &cMem->DataByte[2], 4);
if(ReadProcessMemory(hProcess, (LPVOID)TestAddressX86, &TestAddressX86, 4, &ueNumberOfBytesRead))
if(ReadProcessMemory(hProcess, (LPVOID)(DWORD_PTR)TestAddressX86, &TestAddressX86, 4, &ueNumberOfBytesRead))
{
return((DWORD)TestAddressX86);
}
@ -1201,7 +1201,7 @@ __declspec(dllexport) ULONG_PTR TITCALL TracerFixKnownRedirection(HANDLE hProces
{
RtlMoveMemory(&TestAddressX86, &cMem->DataByte[3], 4);
}
if(ReadProcessMemory(hProcess, (LPVOID)TestAddressX86, &TestAddressX86, 4, &ueNumberOfBytesRead))
if(ReadProcessMemory(hProcess, (LPVOID)(DWORD_PTR)TestAddressX86, &TestAddressX86, 4, &ueNumberOfBytesRead))
{
return((DWORD)TestAddressX86);
}
@ -1255,7 +1255,7 @@ __declspec(dllexport) ULONG_PTR TITCALL TracerFixKnownRedirection(HANDLE hProces
{
RtlMoveMemory(&TestAddressX86, &cMem->DataByte[2], 4);
}
if(ReadProcessMemory(hProcess, (LPVOID)TestAddressX86, &TestAddressX86, 4, &ueNumberOfBytesRead))
if(ReadProcessMemory(hProcess, (LPVOID)(DWORD_PTR)TestAddressX86, &TestAddressX86, 4, &ueNumberOfBytesRead))
{
return((DWORD)TestAddressX86);
}
@ -1264,7 +1264,7 @@ __declspec(dllexport) ULONG_PTR TITCALL TracerFixKnownRedirection(HANDLE hProces
{
cMem = (PMEMORY_CMP_HANDLER)((ULONG_PTR)cMem - 6);
RtlMoveMemory(&TestAddressX86, &cMem->DataByte[2], 4);
if(ReadProcessMemory(hProcess, (LPVOID)TestAddressX86, &TestAddressX86, 4, &ueNumberOfBytesRead))
if(ReadProcessMemory(hProcess, (LPVOID)(DWORD_PTR)TestAddressX86, &TestAddressX86, 4, &ueNumberOfBytesRead))
{
return((DWORD)TestAddressX86);
}
@ -1294,7 +1294,7 @@ __declspec(dllexport) ULONG_PTR TITCALL TracerFixKnownRedirection(HANDLE hProces
RtlMoveMemory(&ReadAddressX86, &cMem->DataByte[0x10], 4);
RtlMoveMemory(&TestAddressX86, &cMem->DataByte[0], 4);
TestAddressX86 = TestAddressX86 + 0x18;
if(ReadProcessMemory(hProcess, (LPVOID)TestAddressX86, &TestAddressX86, 4, &ueNumberOfBytesRead))
if(ReadProcessMemory(hProcess, (LPVOID)(DWORD_PTR)TestAddressX86, &TestAddressX86, 4, &ueNumberOfBytesRead))
{
TestAddressX86 = TestAddressX86 ^ ReadAddressX86;
return((DWORD)TestAddressX86);

9
TitanEngine/TitanEngine.vcxproj
View File

@ -93,16 +93,16 @@
<LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">false</LinkIncremental>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<IncludePath>$(SolutionDir)distorm\include;$(IncludePath)</IncludePath>
<IncludePath>$(SolutionDir)distorm\include;$(SolutionDir)scylla_wrapper\include;$(IncludePath)</IncludePath>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<IncludePath>$(SolutionDir)distorm\include;$(IncludePath)</IncludePath>
<IncludePath>$(SolutionDir)distorm\include;$(SolutionDir)scylla_wrapper\include;$(IncludePath)</IncludePath>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<IncludePath>$(SolutionDir)distorm\include;$(IncludePath)</IncludePath>
<IncludePath>$(SolutionDir)distorm\include;$(SolutionDir)scylla_wrapper\include;$(IncludePath)</IncludePath>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<IncludePath>$(SolutionDir)distorm\include;$(IncludePath)</IncludePath>
<IncludePath>$(SolutionDir)distorm\include;$(SolutionDir)scylla_wrapper\include;$(IncludePath)</IncludePath>
</PropertyGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<ClCompile>
@ -338,7 +338,6 @@
<ClInclude Include="LzmaTypes.h" />
<ClInclude Include="ntdll.h" />
<ClInclude Include="resource.h" />
<ClInclude Include="scylla_wrapper.h" />
<ClInclude Include="stdafx.h" />
<ClInclude Include="targetver.h" />
</ItemGroup>

3
TitanEngine/TitanEngine.vcxproj.filters
View File

@ -302,9 +302,6 @@
<ClInclude Include="LzmaTypes.h">
<Filter>Header Files\ThirdParty</Filter>
</ClInclude>
<ClInclude Include="scylla_wrapper.h">
<Filter>Header Files\ThirdParty</Filter>
</ClInclude>
<ClInclude Include="..\SDK\C\TitanEngine.h">
<Filter>Header Files\SDK\C</Filter>
</ClInclude>

4
TitanEngine/definitions.h
View File

@ -254,7 +254,7 @@ __declspec(dllexport) long TITCALL ImporterGetAddedAPICount();
__declspec(dllexport) bool TITCALL ImporterExportIAT(ULONG_PTR StorePlace, ULONG_PTR FileMapVA, HANDLE hFileMap);
__declspec(dllexport) long TITCALL ImporterEstimatedSize();
__declspec(dllexport) bool TITCALL ImporterExportIATEx(char* szDumpFileName, char* szExportFileName, char* szSectionName);
__declspec(dllexport) bool TITCALL ImporterExportIATExW(wchar_t* szDumpFileName, wchar_t* szExportFileName, wchar_t* szSectionName = L".RL!TEv2");
__declspec(dllexport) bool TITCALL ImporterExportIATExW(wchar_t* szDumpFileName, wchar_t* szExportFileName, const wchar_t* szSectionName = L".RL!TEv2");
__declspec(dllexport) ULONG_PTR TITCALL ImporterFindAPIWriteLocation(char* szAPIName);
__declspec(dllexport) ULONG_PTR TITCALL ImporterFindOrdinalAPIWriteLocation(ULONG_PTR OrdinalNumber);
__declspec(dllexport) ULONG_PTR TITCALL ImporterFindAPIByWriteLocation(ULONG_PTR APIWriteLocation);
@ -436,7 +436,7 @@ __declspec(dllexport) bool TITCALL EngineCreateMissingDependenciesW(wchar_t* szF
__declspec(dllexport) bool TITCALL EngineFakeMissingDependencies(HANDLE hProcess);
__declspec(dllexport) bool TITCALL EngineDeleteCreatedDependencies();
__declspec(dllexport) bool TITCALL EngineCreateUnpackerWindow(char* WindowUnpackerTitle, char* WindowUnpackerLongTitle, char* WindowUnpackerName, char* WindowUnpackerAuthor, void* StartUnpackingCallBack);
__declspec(dllexport) void TITCALL EngineAddUnpackerWindowLogMessage(char* szLogMessage);
__declspec(dllexport) void TITCALL EngineAddUnpackerWindowLogMessage(const char* szLogMessage);
__declspec(dllexport) bool TITCALL EngineCheckStructAlignment(DWORD StructureType, ULONG_PTR StructureSize);
#ifdef __cplusplus

36
TitanEngine/scylla_wrapper.h
View File

@ -1,36 +0,0 @@
#include "stdafx.h"
/* Scylla definitions */
const BYTE SCY_ERROR_SUCCESS = 0;
const BYTE SCY_ERROR_PROCOPEN = -1;
const BYTE SCY_ERROR_IATWRITE = -2;
const BYTE SCY_ERROR_IATSEARCH = -3;
const BYTE SCY_ERROR_IATNOTFOUND = -4;
//iat exports
int scylla_searchIAT(DWORD pid, DWORD_PTR & iatStart, DWORD & iatSize, DWORD_PTR searchStart, bool advancedSearch);
int scylla_getImports(DWORD_PTR iatAddr, DWORD iatSize, DWORD pid, LPVOID invalidImportCallback = NULL);
bool scylla_addModule(const WCHAR* moduleName, DWORD_PTR firstThunkRVA);
bool scylla_addImport(const WCHAR* importName, DWORD_PTR thunkVA);
bool scylla_importsValid();
bool scylla_cutImport(DWORD_PTR apiAddr);
int scylla_fixDump(WCHAR* dumpFile, WCHAR* iatFixFile, WCHAR* sectionName = L".scy");
int scylla_fixMappedDump(DWORD_PTR iatVA, DWORD_PTR FileMapVA, HANDLE hFileMap);
int scylla_getModuleCount();
int scylla_getImportCount();
void scylla_enumImportTree(LPVOID enumCallBack);
long scylla_estimatedIATSize();
DWORD_PTR scylla_findImportWriteLocation(char* importName);
DWORD_PTR scylla_findOrdinalImportWriteLocation(DWORD_PTR ordinalNumber);
DWORD_PTR scylla_findImportNameByWriteLocation(DWORD_PTR thunkVA);
DWORD_PTR scylla_findModuleNameByWriteLocation(DWORD_PTR thunkVA);
//dumper exports
bool scylla_dumpProcessW(DWORD_PTR pid, const WCHAR* fileToDump, DWORD_PTR imagebase, DWORD_PTR entrypoint, const WCHAR* fileResult);
bool scylla_dumpProcessA(DWORD_PTR pid, const char* fileToDump, DWORD_PTR imagebase, DWORD_PTR entrypoint, const char* fileResult);
//rebuilder exports
bool scylla_rebuildFileW(const WCHAR* fileToRebuild, BOOL removeDosStub, BOOL updatePeHeaderChecksum, BOOL createBackup);
bool scylla_rebuildFileA(const char* fileToRebuild, BOOL removeDosStub, BOOL updatePeHeaderChecksum, BOOL createBackup);
/* Scylla definitions */

28
cmake.toml Normal file
View File

@ -0,0 +1,28 @@
[project]
name = "TitanEngine"
msvc-runtime = "static"
[options]
TITANENGINE_RESOURCES = true
[target.distorm]
type = "static"
sources = ["distorm/src/*.c"]
headers = ["distorm/src/*.h", "distorm/include/*.h"]
include-directories = ["distorm/include"]
[target.scylla_wrapper]
type = "static"
sources = ["scylla_wrapper/*.cpp"]
headers = ["scylla_wrapper/*.h", "scylla_wrapper/include/*.h"]
link-libraries = ["::distorm"]
include-directories = ["scylla_wrapper/include"]
[target.TitanEngine]
type = "shared"
sources = ["TitanEngine/*.cpp"]
headers = ["TitanEngine/*.h"]
private-link-libraries = ["::scylla_wrapper", "Psapi.lib"]
x64.private-link-libraries = ["TitanEngine/ntdll_x64.lib"]
x32.private-link-libraries = ["TitanEngine/ntdll_x86.lib"]
TITANENGINE_RESOURCES.sources = ["TitanEngine/TitanEngine.rc"]

260
cmkr.cmake vendored Normal file
View File

@ -0,0 +1,260 @@
include_guard()
# Change these defaults to point to your infrastructure if desired
set(CMKR_REPO "https://github.com/build-cpp/cmkr" CACHE STRING "cmkr git repository" FORCE)
set(CMKR_TAG "v0.2.46" CACHE STRING "cmkr git tag (this needs to be available forever)" FORCE)
set(CMKR_COMMIT_HASH "" CACHE STRING "cmkr git commit hash (optional)" FORCE)
# To bootstrap/generate a cmkr project: cmake -P cmkr.cmake
if(CMAKE_SCRIPT_MODE_FILE)
set(CMAKE_BINARY_DIR "${CMAKE_BINARY_DIR}/build")
set(CMAKE_CURRENT_BINARY_DIR "${CMAKE_BINARY_DIR}")
file(MAKE_DIRECTORY "${CMAKE_BINARY_DIR}")
endif()
# Set these from the command line to customize for development/debugging purposes
set(CMKR_EXECUTABLE "" CACHE FILEPATH "cmkr executable")
set(CMKR_SKIP_GENERATION OFF CACHE BOOL "skip automatic cmkr generation")
set(CMKR_BUILD_TYPE "Debug" CACHE STRING "cmkr build configuration")
mark_as_advanced(CMKR_REPO CMKR_TAG CMKR_COMMIT_HASH CMKR_EXECUTABLE CMKR_SKIP_GENERATION CMKR_BUILD_TYPE)
# Disable cmkr if generation is disabled
if(DEFINED ENV{CI} OR CMKR_SKIP_GENERATION OR CMKR_BUILD_SKIP_GENERATION)
message(STATUS "[cmkr] Skipping automatic cmkr generation")
unset(CMKR_BUILD_SKIP_GENERATION CACHE)
macro(cmkr)
endmacro()
return()
endif()
# Disable cmkr if no cmake.toml file is found
if(NOT CMAKE_SCRIPT_MODE_FILE AND NOT EXISTS "${CMAKE_CURRENT_SOURCE_DIR}/cmake.toml")
message(AUTHOR_WARNING "[cmkr] Not found: ${CMAKE_CURRENT_SOURCE_DIR}/cmake.toml")
macro(cmkr)
endmacro()
return()
endif()
# Convert a Windows native path to CMake path
if(CMKR_EXECUTABLE MATCHES "\\\\")
string(REPLACE "\\" "/" CMKR_EXECUTABLE_CMAKE "${CMKR_EXECUTABLE}")
set(CMKR_EXECUTABLE "${CMKR_EXECUTABLE_CMAKE}" CACHE FILEPATH "" FORCE)
unset(CMKR_EXECUTABLE_CMAKE)
endif()
# Helper macro to execute a process (COMMAND_ERROR_IS_FATAL ANY is 3.19 and higher)
function(cmkr_exec)
execute_process(COMMAND ${ARGV} RESULT_VARIABLE CMKR_EXEC_RESULT)
if(NOT CMKR_EXEC_RESULT EQUAL 0)
message(FATAL_ERROR "cmkr_exec(${ARGV}) failed (exit code ${CMKR_EXEC_RESULT})")
endif()
endfunction()
# Windows-specific hack (CMAKE_EXECUTABLE_PREFIX is not set at the moment)
if(WIN32)
set(CMKR_EXECUTABLE_NAME "cmkr.exe")
else()
set(CMKR_EXECUTABLE_NAME "cmkr")
endif()
# Use cached cmkr if found
if(DEFINED ENV{CMKR_CACHE})
set(CMKR_DIRECTORY_PREFIX "$ENV{CMKR_CACHE}")
string(REPLACE "\\" "/" CMKR_DIRECTORY_PREFIX "${CMKR_DIRECTORY_PREFIX}")
if(CMKR_DIRECTORY_PREFIX MATCHES "^~")
if(WIN32)
string(REGEX REPLACE "^~" "$ENV{USERPROFILE}" CMKR_DIRECTORY_PREFIX "${CMKR_DIRECTORY_PREFIX}")
elseif(UNIX)
string(REGEX REPLACE "^~" "$ENV{HOME}" CMKR_DIRECTORY_PREFIX "${CMKR_DIRECTORY_PREFIX}")
endif()
endif()
if(NOT CMKR_DIRECTORY_PREFIX MATCHES "\\/$")
set(CMKR_DIRECTORY_PREFIX "${CMKR_DIRECTORY_PREFIX}/")
endif()
# Build in release mode for the cache
set(CMKR_BUILD_TYPE "Release")
else()
set(CMKR_DIRECTORY_PREFIX "${CMAKE_CURRENT_BINARY_DIR}/_cmkr_")
endif()
set(CMKR_DIRECTORY "${CMKR_DIRECTORY_PREFIX}${CMKR_TAG}")
set(CMKR_CACHED_EXECUTABLE "${CMKR_DIRECTORY}/bin/${CMKR_EXECUTABLE_NAME}")
# Helper function to check if a string starts with a prefix
# Cannot use MATCHES, see: https://github.com/build-cpp/cmkr/issues/61
function(cmkr_startswith str prefix result)
string(LENGTH "${prefix}" prefix_length)
string(LENGTH "${str}" str_length)
if(prefix_length LESS_EQUAL str_length)
string(SUBSTRING "${str}" 0 ${prefix_length} str_prefix)
if(prefix STREQUAL str_prefix)
set("${result}" ON PARENT_SCOPE)
return()
endif()
endif()
set("${result}" OFF PARENT_SCOPE)
endfunction()
# Handle upgrading logic
if(CMKR_EXECUTABLE AND NOT CMKR_CACHED_EXECUTABLE STREQUAL CMKR_EXECUTABLE)
cmkr_startswith("${CMKR_EXECUTABLE}" "${CMAKE_CURRENT_BINARY_DIR}/_cmkr" CMKR_STARTSWITH_BUILD)
cmkr_startswith("${CMKR_EXECUTABLE}" "${CMKR_DIRECTORY_PREFIX}" CMKR_STARTSWITH_CACHE)
if(CMKR_STARTSWITH_BUILD)
if(DEFINED ENV{CMKR_CACHE})
message(AUTHOR_WARNING "[cmkr] Switching to cached cmkr: '${CMKR_CACHED_EXECUTABLE}'")
if(EXISTS "${CMKR_CACHED_EXECUTABLE}")
set(CMKR_EXECUTABLE "${CMKR_CACHED_EXECUTABLE}" CACHE FILEPATH "Full path to cmkr executable" FORCE)
else()
unset(CMKR_EXECUTABLE CACHE)
endif()
else()
message(AUTHOR_WARNING "[cmkr] Upgrading '${CMKR_EXECUTABLE}' to '${CMKR_CACHED_EXECUTABLE}'")
unset(CMKR_EXECUTABLE CACHE)
endif()
elseif(DEFINED ENV{CMKR_CACHE} AND CMKR_STARTSWITH_CACHE)
message(AUTHOR_WARNING "[cmkr] Upgrading cached '${CMKR_EXECUTABLE}' to '${CMKR_CACHED_EXECUTABLE}'")
unset(CMKR_EXECUTABLE CACHE)
endif()
endif()
if(CMKR_EXECUTABLE AND EXISTS "${CMKR_EXECUTABLE}")
message(VERBOSE "[cmkr] Found cmkr: '${CMKR_EXECUTABLE}'")
elseif(CMKR_EXECUTABLE AND NOT CMKR_EXECUTABLE STREQUAL CMKR_CACHED_EXECUTABLE)
message(FATAL_ERROR "[cmkr] '${CMKR_EXECUTABLE}' not found")
elseif(NOT CMKR_EXECUTABLE AND EXISTS "${CMKR_CACHED_EXECUTABLE}")
set(CMKR_EXECUTABLE "${CMKR_CACHED_EXECUTABLE}" CACHE FILEPATH "Full path to cmkr executable" FORCE)
message(STATUS "[cmkr] Found cached cmkr: '${CMKR_EXECUTABLE}'")
else()
set(CMKR_EXECUTABLE "${CMKR_CACHED_EXECUTABLE}" CACHE FILEPATH "Full path to cmkr executable" FORCE)
message(VERBOSE "[cmkr] Bootstrapping '${CMKR_EXECUTABLE}'")
message(STATUS "[cmkr] Fetching cmkr...")
if(EXISTS "${CMKR_DIRECTORY}")
cmkr_exec("${CMAKE_COMMAND}" -E rm -rf "${CMKR_DIRECTORY}")
endif()
find_package(Git QUIET REQUIRED)
cmkr_exec("${GIT_EXECUTABLE}"
clone
--config advice.detachedHead=false
--branch ${CMKR_TAG}
--depth 1
${CMKR_REPO}
"${CMKR_DIRECTORY}"
)
if(CMKR_COMMIT_HASH)
execute_process(
COMMAND "${GIT_EXECUTABLE}" checkout -q "${CMKR_COMMIT_HASH}"
RESULT_VARIABLE CMKR_EXEC_RESULT
WORKING_DIRECTORY "${CMKR_DIRECTORY}"
)
if(NOT CMKR_EXEC_RESULT EQUAL 0)
message(FATAL_ERROR "Tag '${CMKR_TAG}' hash is not '${CMKR_COMMIT_HASH}'")
endif()
endif()
message(STATUS "[cmkr] Building cmkr (using system compiler)...")
cmkr_exec("${CMAKE_COMMAND}"
--no-warn-unused-cli
"${CMKR_DIRECTORY}"
"-B${CMKR_DIRECTORY}/build"
"-DCMAKE_BUILD_TYPE=${CMKR_BUILD_TYPE}"
"-DCMAKE_UNITY_BUILD=ON"
"-DCMAKE_INSTALL_PREFIX=${CMKR_DIRECTORY}"
"-DCMKR_GENERATE_DOCUMENTATION=OFF"
)
cmkr_exec("${CMAKE_COMMAND}"
--build "${CMKR_DIRECTORY}/build"
--config "${CMKR_BUILD_TYPE}"
--parallel
)
cmkr_exec("${CMAKE_COMMAND}"
--install "${CMKR_DIRECTORY}/build"
--config "${CMKR_BUILD_TYPE}"
--prefix "${CMKR_DIRECTORY}"
--component cmkr
)
if(NOT EXISTS ${CMKR_EXECUTABLE})
message(FATAL_ERROR "[cmkr] Failed to bootstrap '${CMKR_EXECUTABLE}'")
endif()
cmkr_exec("${CMKR_EXECUTABLE}" version)
message(STATUS "[cmkr] Bootstrapped ${CMKR_EXECUTABLE}")
endif()
execute_process(COMMAND "${CMKR_EXECUTABLE}" version
RESULT_VARIABLE CMKR_EXEC_RESULT
)
if(NOT CMKR_EXEC_RESULT EQUAL 0)
message(FATAL_ERROR "[cmkr] Failed to get version, try clearing the cache and rebuilding")
endif()
# Use cmkr.cmake as a script
if(CMAKE_SCRIPT_MODE_FILE)
if(NOT EXISTS "${CMAKE_SOURCE_DIR}/cmake.toml")
execute_process(COMMAND "${CMKR_EXECUTABLE}" init
RESULT_VARIABLE CMKR_EXEC_RESULT
)
if(NOT CMKR_EXEC_RESULT EQUAL 0)
message(FATAL_ERROR "[cmkr] Failed to bootstrap cmkr project. Please report an issue: https://github.com/build-cpp/cmkr/issues/new")
else()
message(STATUS "[cmkr] Modify cmake.toml and then configure using: cmake -B build")
endif()
else()
execute_process(COMMAND "${CMKR_EXECUTABLE}" gen
RESULT_VARIABLE CMKR_EXEC_RESULT
)
if(NOT CMKR_EXEC_RESULT EQUAL 0)
message(FATAL_ERROR "[cmkr] Failed to generate project.")
else()
message(STATUS "[cmkr] Configure using: cmake -B build")
endif()
endif()
endif()
# This is the macro that contains black magic
macro(cmkr)
# When this macro is called from the generated file, fake some internal CMake variables
get_source_file_property(CMKR_CURRENT_LIST_FILE "${CMAKE_CURRENT_LIST_FILE}" CMKR_CURRENT_LIST_FILE)
if(CMKR_CURRENT_LIST_FILE)
set(CMAKE_CURRENT_LIST_FILE "${CMKR_CURRENT_LIST_FILE}")
get_filename_component(CMAKE_CURRENT_LIST_DIR "${CMAKE_CURRENT_LIST_FILE}" DIRECTORY)
endif()
# File-based include guard (include_guard is not documented to work)
get_source_file_property(CMKR_INCLUDE_GUARD "${CMAKE_CURRENT_LIST_FILE}" CMKR_INCLUDE_GUARD)
if(NOT CMKR_INCLUDE_GUARD)
set_source_files_properties("${CMAKE_CURRENT_LIST_FILE}" PROPERTIES CMKR_INCLUDE_GUARD TRUE)
file(SHA256 "${CMAKE_CURRENT_LIST_FILE}" CMKR_LIST_FILE_SHA256_PRE)
# Generate CMakeLists.txt
cmkr_exec("${CMKR_EXECUTABLE}" gen
WORKING_DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}"
)
file(SHA256 "${CMAKE_CURRENT_LIST_FILE}" CMKR_LIST_FILE_SHA256_POST)
# Delete the temporary file if it was left for some reason
set(CMKR_TEMP_FILE "${CMAKE_CURRENT_SOURCE_DIR}/CMakerLists.txt")
if(EXISTS "${CMKR_TEMP_FILE}")
file(REMOVE "${CMKR_TEMP_FILE}")
endif()
if(NOT CMKR_LIST_FILE_SHA256_PRE STREQUAL CMKR_LIST_FILE_SHA256_POST)
# Copy the now-generated CMakeLists.txt to CMakerLists.txt
# This is done because you cannot include() a file you are currently in
configure_file(CMakeLists.txt "${CMKR_TEMP_FILE}" COPYONLY)
# Add the macro required for the hack at the start of the cmkr macro
set_source_files_properties("${CMKR_TEMP_FILE}" PROPERTIES
CMKR_CURRENT_LIST_FILE "${CMAKE_CURRENT_LIST_FILE}"
)
# 'Execute' the newly-generated CMakeLists.txt
include("${CMKR_TEMP_FILE}")
# Delete the generated file
file(REMOVE "${CMKR_TEMP_FILE}")
# Do not execute the rest of the original CMakeLists.txt
return()
endif()
# Resume executing the unmodified CMakeLists.txt
endif()
endmacro()

4
scylla_wrapper/ApiReader.cpp
View File

@ -445,7 +445,7 @@ void ApiReader::findApiByModule(ModuleInfo* module, char* searchFunctionName, WO
{
if(isModuleLoadedInOwnProcess(module))
{
HMODULE hModule = GetModuleHandle(module->getFilename());
HMODULE hModule = GetModuleHandleW(module->getFilename());
if(hModule)
{
@ -501,7 +501,7 @@ void ApiReader::parseModuleWithOwnProcess(ModuleInfo* module)
{
PIMAGE_NT_HEADERS pNtHeader = 0;
PIMAGE_DOS_HEADER pDosHeader = 0;
HMODULE hModule = GetModuleHandle(module->getFilename());
HMODULE hModule = GetModuleHandleW(module->getFilename());
if(hModule)
{

23
scylla_wrapper/DeviceNameResolver.cpp
View File

@ -15,27 +15,27 @@ DeviceNameResolver::~DeviceNameResolver()
void DeviceNameResolver::initDeviceNameList()
{
TCHAR shortName[3] = {0};
TCHAR longName[MAX_PATH] = {0};
WCHAR shortName[3] = {0};
WCHAR longName[MAX_PATH] = {0};
HardDisk hardDisk;
shortName[1] = TEXT(':');
deviceNameList.reserve(3);
for(TCHAR shortD = TEXT('a'); shortD < TEXT('z'); shortD++)
for(WCHAR shortD = TEXT('a'); shortD < TEXT('z'); shortD++)
{
shortName[0] = shortD;
if(QueryDosDevice(shortName, longName, MAX_PATH) > 0)
if(QueryDosDeviceW(shortName, longName, MAX_PATH) > 0)
{
hardDisk.shortName[0] = _totupper(shortD);
hardDisk.shortName[0] = towupper(shortD);
hardDisk.shortName[1] = TEXT(':');
hardDisk.shortName[2] = 0;
hardDisk.longNameLength = _tcslen(longName);
hardDisk.longNameLength = wcslen(longName);
_tcscpy_s(hardDisk.longName, longName);
wcscpy_s(hardDisk.longName, longName);
deviceNameList.push_back(hardDisk);
}
}
@ -43,14 +43,15 @@ void DeviceNameResolver::initDeviceNameList()
fixVirtualDevices();
}
bool DeviceNameResolver::resolveDeviceLongNameToShort(const TCHAR* sourcePath, TCHAR* targetPath)
bool DeviceNameResolver::resolveDeviceLongNameToShort(const WCHAR* sourcePath, WCHAR* targetPath)
{
for(unsigned int i = 0; i < deviceNameList.size(); i++)
{
if(!_tcsnicmp(deviceNameList[i].longName, sourcePath, deviceNameList[i].longNameLength))
if(!_wcsnicmp(deviceNameList[i].longName, sourcePath, deviceNameList[i].longNameLength))
{
_tcscpy_s(targetPath, MAX_PATH, deviceNameList[i].shortName);
_tcscat_s(targetPath, MAX_PATH, sourcePath + deviceNameList[i].longNameLength);
wcscpy_s(targetPath, MAX_PATH, deviceNameList[i].shortName);
wcscpy_s(targetPath, MAX_PATH, deviceNameList[i].shortName);
wcscat_s(targetPath, MAX_PATH, sourcePath + deviceNameList[i].longNameLength);
return true;
}
}

7
scylla_wrapper/DeviceNameResolver.h
View File

@ -5,13 +5,12 @@
#include <Windows.h>
#include <vector>
#include <tchar.h>
class HardDisk
{
public:
TCHAR shortName[3];
TCHAR longName[MAX_PATH];
WCHAR shortName[3];
WCHAR longName[MAX_PATH];
size_t longNameLength;
};
@ -20,7 +19,7 @@ class DeviceNameResolver
public:
DeviceNameResolver();
~DeviceNameResolver();
bool resolveDeviceLongNameToShort(const TCHAR* sourcePath, TCHAR* targetPath);
bool resolveDeviceLongNameToShort(const WCHAR* sourcePath, WCHAR* targetPath);
private:
std::vector<HardDisk> deviceNameList;

2
scylla_wrapper/IATReferenceScan.cpp
View File

@ -425,7 +425,7 @@ void IATReferenceScan::printDirectImportLog()
ApiInfo* apiInfo = apiReader->getApiByVirtualAddress(ref->targetAddressInIat, &isSuspect);
count++;
WCHAR* type = L"U";
const WCHAR* type = L"U";
if(ref->type == IAT_REFERENCE_DIRECT_CALL)
{

2
scylla_wrapper/NativeWinApi.cpp
View File

@ -30,7 +30,7 @@ void NativeWinApi::initialize()
return;
}
HMODULE hModuleNtdll = GetModuleHandle(L"ntdll.dll");
HMODULE hModuleNtdll = GetModuleHandleW(L"ntdll.dll");
if(!hModuleNtdll)
{

6
scylla_wrapper/PeParser.cpp
View File

@ -580,7 +580,7 @@ bool PeParser::openFileHandle()
{
if(filename)
{
hFile = CreateFile(filename, GENERIC_READ, FILE_SHARE_READ, 0, OPEN_EXISTING, 0, 0);
hFile = CreateFileW(filename, GENERIC_READ, FILE_SHARE_READ, 0, OPEN_EXISTING, 0, 0);
}
else
{
@ -595,7 +595,7 @@ bool PeParser::openWriteFileHandle(const WCHAR* newFile)
{
if(newFile)
{
hFile = CreateFile(newFile, GENERIC_WRITE, FILE_SHARE_WRITE, 0, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, 0);
hFile = CreateFileW(newFile, GENERIC_WRITE, FILE_SHARE_WRITE, 0, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, 0);
}
else
{
@ -1312,7 +1312,7 @@ bool PeParser::updatePeHeaderChecksum(const WCHAR* targetFile, DWORD fileSize)
if(!fileSize)
return retValue;
HANDLE hFileToMap = CreateFile(targetFile, GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, 0, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);
HANDLE hFileToMap = CreateFileW(targetFile, GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, 0, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);
if(hFileToMap != INVALID_HANDLE_VALUE)
{

12
scylla_wrapper/ProcessAccessHelp.cpp
View File

@ -75,7 +75,7 @@ HANDLE ProcessAccessHelp::NativeOpenProcess(DWORD dwDesiredAccess, DWORD dwProce
NTSTATUS ntStatus = 0;
InitializeObjectAttributes(&ObjectAttributes, 0, 0, 0, 0);
cid.UniqueProcess = (HANDLE)dwProcessId;
cid.UniqueProcess = (HANDLE)(DWORD_PTR)dwProcessId;
ntStatus = NativeWinApi::NtOpenProcess(&hProcess, dwDesiredAccess, &ObjectAttributes, &cid);
@ -356,7 +356,7 @@ LONGLONG ProcessAccessHelp::getFileSize(const WCHAR* filePath)
{
LONGLONG fileSize = 0;
HANDLE hFile = CreateFile(filePath, GENERIC_READ, FILE_SHARE_READ, 0, OPEN_EXISTING, 0, 0);
HANDLE hFile = CreateFileW(filePath, GENERIC_READ, FILE_SHARE_READ, 0, OPEN_EXISTING, 0, 0);
if(hFile != INVALID_HANDLE_VALUE)
{
@ -439,7 +439,7 @@ bool ProcessAccessHelp::readMemoryFromFile(HANDLE hFile, LONG offset, DWORD size
bool ProcessAccessHelp::writeMemoryToNewFile(const WCHAR* file, DWORD size, LPCVOID dataBuffer)
{
HANDLE hFile = CreateFile(file, GENERIC_WRITE, 0, 0, CREATE_ALWAYS, 0, 0);
HANDLE hFile = CreateFileW(file, GENERIC_WRITE, 0, 0, CREATE_ALWAYS, 0, 0);
if(hFile != INVALID_HANDLE_VALUE)
{
@ -532,7 +532,7 @@ bool ProcessAccessHelp::readHeaderFromFile(BYTE* buffer, DWORD bufferSize, const
DWORD dwSize = 0;
bool returnValue = 0;
HANDLE hFile = CreateFile(filePath, GENERIC_READ, FILE_SHARE_READ, 0, OPEN_EXISTING, 0, 0);
HANDLE hFile = CreateFileW(filePath, GENERIC_READ, FILE_SHARE_READ, 0, OPEN_EXISTING, 0, 0);
if(hFile == INVALID_HANDLE_VALUE)
{
@ -577,7 +577,7 @@ LPVOID ProcessAccessHelp::createFileMappingViewFull(const WCHAR* filePath)
LPVOID ProcessAccessHelp::createFileMappingView(const WCHAR* filePath, DWORD accessFile, DWORD flProtect, DWORD accessMap)
{
HANDLE hFile = CreateFile(filePath, accessFile, FILE_SHARE_READ, 0, OPEN_EXISTING, 0, 0);
HANDLE hFile = CreateFileW(filePath, accessFile, FILE_SHARE_READ, 0, OPEN_EXISTING, 0, 0);
if(hFile == INVALID_HANDLE_VALUE)
{
@ -811,7 +811,7 @@ bool ProcessAccessHelp::createBackupFile(const WCHAR* filePath)
wcscpy_s(backupFile, fileNameLength, filePath);
wcscat_s(backupFile, fileNameLength, L".bak");
retValue = CopyFile(filePath, backupFile, FALSE);
retValue = CopyFileW(filePath, backupFile, FALSE);
if(!retValue)
{

2
scylla_wrapper/ProcessLister.cpp
View File

@ -217,7 +217,7 @@ void ProcessLister::handleProcessInformationAndAddToList(PSYSTEM_PROCESS_INFORMA
Process process;
WCHAR tempProcessName[MAX_PATH * 2] = {0};
process.PID = (DWORD)pProcess->UniqueProcessId;
process.PID = (DWORD)(DWORD_PTR)pProcess->UniqueProcessId;
HANDLE hProcess = ProcessAccessHelp::NativeOpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, process.PID);

2
scylla_wrapper/ProcessLister.h
View File

@ -45,7 +45,7 @@ public:
ProcessLister()
{
deviceNameResolver = new DeviceNameResolver();
_IsWow64Process = (def_IsWow64Process)GetProcAddress(GetModuleHandle(L"kernel32.dll"), "IsWow64Process");
_IsWow64Process = (def_IsWow64Process)GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "IsWow64Process");
}
~ProcessLister()
{

2
scylla_wrapper/SystemInformation.cpp
View File

@ -20,7 +20,7 @@ bool SystemInformation::getSystemInformation()
return false;
}
_GetNativeSystemInfo = (def_GetNativeSystemInfo)GetProcAddress(GetModuleHandle(L"kernel32.dll"), "GetNativeSystemInfo");
_GetNativeSystemInfo = (def_GetNativeSystemInfo)GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "GetNativeSystemInfo");
if(_GetNativeSystemInfo)
{
_GetNativeSystemInfo(&si);

18
scylla_wrapper/dllmain.cpp
View File

@ -1,18 +0,0 @@
#include "stdafx.h"
BOOL APIENTRY DllMain(HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch(ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}

19
scylla_wrapper/scylla_wrapper.h → scylla_wrapper/include/scylla_wrapper.h
View File

@ -20,11 +20,14 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.
//packing set to 1 needed because TitanEngine uses same
#pragma pack(push, 1)
const BYTE SCY_ERROR_SUCCESS = 0;
const BYTE SCY_ERROR_PROCOPEN = -1;
const BYTE SCY_ERROR_IATWRITE = -2;
const BYTE SCY_ERROR_IATSEARCH = -3;
const BYTE SCY_ERROR_IATNOTFOUND = -4;
typedef enum
{
SCY_ERROR_SUCCESS = 0,
SCY_ERROR_PROCOPEN = -1,
SCY_ERROR_IATWRITE = -2,
SCY_ERROR_IATSEARCH = -3,
SCY_ERROR_IATNOTFOUND = -4
} ScyllaErrorCode;;
typedef struct
{
@ -35,7 +38,7 @@ typedef struct
ULONG_PTR ImportThunk;
char* APIName;
char* DLLName;
} ImportEnumData, *PImportEnumData;
} ScyllaImportEnumData, *PScyllaImportEnumData;
//IAT exports
int scylla_searchIAT(DWORD pid, DWORD_PTR & iatStart, DWORD & iatSize, DWORD_PTR searchStart, bool advancedSearch);
@ -44,13 +47,13 @@ bool scylla_addModule(const WCHAR* moduleName, DWORD_PTR firstThunkRVA);
bool scylla_addImport(const WCHAR* importName, DWORD_PTR thunkVA);
bool scylla_importsValid();
bool scylla_cutImport(DWORD_PTR apiAddr);
int scylla_fixDump(WCHAR* dumpFile, WCHAR* iatFixFile, WCHAR* sectionName = L".scy");
int scylla_fixDump(const WCHAR* dumpFile, const WCHAR* iatFixFile, const WCHAR* sectionName = L".scy");
int scylla_fixMappedDump(DWORD_PTR iatVA, DWORD_PTR FileMapVA, HANDLE hFileMap);
int scylla_getModuleCount();
int scylla_getImportCount();
void scylla_enumImportTree(LPVOID enumCallBack);
long scylla_estimatedIATSize();
DWORD_PTR scylla_findImportWriteLocation(char* importName);
DWORD_PTR scylla_findImportWriteLocation(const char* importName);
DWORD_PTR scylla_findOrdinalImportWriteLocation(DWORD_PTR ordinalNumber);
DWORD_PTR scylla_findImportNameByWriteLocation(DWORD_PTR thunkVA);
DWORD_PTR scylla_findModuleNameByWriteLocation(DWORD_PTR thunkVA);

6
scylla_wrapper/scylla_wrapper.cpp
View File

@ -334,7 +334,7 @@ bool scylla_cutImport(DWORD_PTR apiAddr)
return false;
}
int scylla_fixDump(WCHAR* dumpFile, WCHAR* iatFixFile, WCHAR* sectionName)
int scylla_fixDump(const WCHAR* dumpFile, const WCHAR* iatFixFile, const WCHAR* sectionName)
{
WCHAR dumpedFilePath[MAX_PATH];
WCHAR fixedFilePath[MAX_PATH];
@ -389,7 +389,7 @@ void scylla_enumImportTree(LPVOID enumCallback)
std::map<DWORD_PTR, ImportThunk>::iterator it_import;
typedef void(*fCallback)(LPVOID importDetail);
fCallback myCallback = (fCallback)enumCallback;
ImportEnumData myImportEnumData;
ScyllaImportEnumData myImportEnumData;
myImportEnumData.DLLName = (char*)malloc(sizeof(char) * MAX_PATH);
myImportEnumData.APIName = (char*)malloc(sizeof(char) * MAX_PATH);
@ -438,7 +438,7 @@ long scylla_estimatedIATSize()
return importRebuild.getIATSectionSize(moduleList);
}
DWORD_PTR scylla_findImportWriteLocation(char* importName)
DWORD_PTR scylla_findImportWriteLocation(const char* importName)
{
std::map<DWORD_PTR, ImportModuleThunk>::iterator it_module;
std::map<DWORD_PTR, ImportThunk>::iterator it_import;

24
scylla_wrapper/scylla_wrapper.vcxproj
View File

@ -72,25 +72,25 @@
<LinkIncremental>true</LinkIncremental>
<OutDir>$(SolutionDir)bin\$(Configuration)\$(Platform)\</OutDir>
<IntDir>$(SolutionDir)obj\$(MSBuildProjectName)\$(Configuration)\$(Platform)\</IntDir>
<IncludePath>$(SolutionDir)distorm\include;$(IncludePath)</IncludePath>
<IncludePath>$(SolutionDir)distorm\include;$(SolutionDir)scylla_wrapper\include;$(IncludePath)</IncludePath>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<LinkIncremental>true</LinkIncremental>
<OutDir>$(SolutionDir)bin\$(Configuration)\$(Platform)\</OutDir>
<IntDir>$(SolutionDir)obj\$(MSBuildProjectName)\$(Configuration)\$(Platform)\</IntDir>
<IncludePath>$(SolutionDir)distorm\include;$(IncludePath)</IncludePath>
<IncludePath>$(SolutionDir)distorm\include;$(SolutionDir)scylla_wrapper\include;$(IncludePath)</IncludePath>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<LinkIncremental>false</LinkIncremental>
<OutDir>$(SolutionDir)bin\$(Configuration)\$(Platform)\</OutDir>
<IntDir>$(SolutionDir)obj\$(MSBuildProjectName)\$(Configuration)\$(Platform)\</IntDir>
<IncludePath>$(SolutionDir)distorm\include;$(IncludePath)</IncludePath>
<IncludePath>$(SolutionDir)distorm\include;$(SolutionDir)scylla_wrapper\include;$(IncludePath)</IncludePath>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<LinkIncremental>false</LinkIncremental>
<OutDir>$(SolutionDir)bin\$(Configuration)\$(Platform)\</OutDir>
<IntDir>$(SolutionDir)obj\$(MSBuildProjectName)\$(Configuration)\$(Platform)\</IntDir>
<IncludePath>$(SolutionDir)distorm\include;$(IncludePath)</IncludePath>
<IncludePath>$(SolutionDir)distorm\include;$(SolutionDir)scylla_wrapper\include;$(IncludePath)</IncludePath>
</PropertyGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<ClCompile>
@ -170,12 +170,12 @@
<ClInclude Include="IATReferenceScan.h" />
<ClInclude Include="IATSearch.h" />
<ClInclude Include="ImportRebuilder.h" />
<ClInclude Include="include\scylla_wrapper.h" />
<ClInclude Include="mnemonics.h" />
<ClInclude Include="NativeWinApi.h" />
<ClInclude Include="PeParser.h" />
<ClInclude Include="ProcessAccessHelp.h" />
<ClInclude Include="ProcessLister.h" />
<ClInclude Include="scylla_wrapper.h" />
<ClInclude Include="stdafx.h" />
<ClInclude Include="StringConversion.h" />
<ClInclude Include="SystemInformation.h" />
@ -186,20 +186,6 @@
<ClCompile Include="ApiReader.cpp" />
<ClCompile Include="Architecture.cpp" />
<ClCompile Include="DeviceNameResolver.cpp" />
<ClCompile Include="dllmain.cpp">
<CompileAsManaged Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">false</CompileAsManaged>
<CompileAsManaged Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</CompileAsManaged>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
</PrecompiledHeader>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
</PrecompiledHeader>
<CompileAsManaged Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</CompileAsManaged>
<CompileAsManaged Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</CompileAsManaged>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
</PrecompiledHeader>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
</PrecompiledHeader>
</ClCompile>
<ClCompile Include="IATReferenceScan.cpp" />
<ClCompile Include="IATSearch.cpp" />
<ClCompile Include="ImportRebuilder.cpp" />

9
scylla_wrapper/scylla_wrapper.vcxproj.filters
View File

@ -60,23 +60,20 @@
<ClInclude Include="IATSearch.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="scylla_wrapper.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="IATReferenceScan.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="mnemonics.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="include\scylla_wrapper.h">
<Filter>Header Files</Filter>
</ClInclude>
</ItemGroup>
<ItemGroup>
<ClCompile Include="stdafx.cpp">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="dllmain.cpp">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="ApiReader.cpp">
<Filter>Source Files</Filter>
</ClCompile>