From 4f4f547d30fc8313fdcf34e3a2fac3b50301a548 Mon Sep 17 00:00:00 2001 From: "mr.exodia" Date: Mon, 3 Mar 2014 20:49:22 +0100 Subject: [PATCH] - more migration --- TitanEngine/Global.Breakpoints.cpp | 6 + TitanEngine/Global.Breakpoints.h | 7 + TitanEngine/Global.Debugger.cpp | 54 + TitanEngine/Global.Debugger.h | 27 + TitanEngine/Global.Engine.Hider.cpp | 1 + TitanEngine/Global.Engine.cpp | 17 +- TitanEngine/Global.Engine.h | 4 +- TitanEngine/TitanEngine.Breakpoints.cpp | 1005 ++++++++++++++ TitanEngine/TitanEngine.Debugger.cpp | 234 ++++ TitanEngine/TitanEngine.Disassembler.cpp | 236 ++++ TitanEngine/TitanEngine.Threader.cpp | 1 + TitanEngine/TitanEngine.cpp | 1534 +--------------------- TitanEngine/TitanEngine.vcxproj | 7 + TitanEngine/TitanEngine.vcxproj.filters | 21 + 14 files changed, 1630 insertions(+), 1524 deletions(-) create mode 100644 TitanEngine/Global.Breakpoints.cpp create mode 100644 TitanEngine/Global.Breakpoints.h create mode 100644 TitanEngine/Global.Debugger.cpp create mode 100644 TitanEngine/Global.Debugger.h create mode 100644 TitanEngine/TitanEngine.Breakpoints.cpp create mode 100644 TitanEngine/TitanEngine.Debugger.cpp create mode 100644 TitanEngine/TitanEngine.Disassembler.cpp diff --git a/TitanEngine/Global.Breakpoints.cpp b/TitanEngine/Global.Breakpoints.cpp new file mode 100644 index 0000000..9e75e32 --- /dev/null +++ b/TitanEngine/Global.Breakpoints.cpp @@ -0,0 +1,6 @@ +#include "stdafx.h" +#include "definitions.h" +#include "Global.Breakpoints.h" + +int BreakPointSetCount = 0; +extern BreakPointDetail BreakPointBuffer[MAXIMUM_BREAKPOINTS] = {}; \ No newline at end of file diff --git a/TitanEngine/Global.Breakpoints.h b/TitanEngine/Global.Breakpoints.h new file mode 100644 index 0000000..561b796 --- /dev/null +++ b/TitanEngine/Global.Breakpoints.h @@ -0,0 +1,7 @@ +#ifndef _GLOBAL_BREAKPOINTS_H +#define _GLOBAL_BREAKPOINTS_H + +extern int BreakPointSetCount; +extern BreakPointDetail BreakPointBuffer[MAXIMUM_BREAKPOINTS]; + +#endif //_GLOBAL_BREAKPOINTS_H \ No newline at end of file diff --git a/TitanEngine/Global.Debugger.cpp b/TitanEngine/Global.Debugger.cpp new file mode 100644 index 0000000..2ee01e7 --- /dev/null +++ b/TitanEngine/Global.Debugger.cpp @@ -0,0 +1,54 @@ +#include "stdafx.h" +#include "definitions.h" +#include "Global.Debugger.h" +#include "Global.Engine.h" + +HARDWARE_DATA DebugRegister[4] = {}; +PROCESS_INFORMATION dbgProcessInformation = {}; +CustomHandler myDBGCustomHandler = {}; +PCustomHandler DBGCustomHandler = &myDBGCustomHandler; +ExpertDebug expertDebug = {}; +STARTUPINFOW dbgStartupInfo = {}; +LPVOID DebugModuleEntryPointCallBack; +LPVOID DebugExeFileEntryPointCallBack; +ULONG_PTR DebugModuleEntryPoint; +ULONG_PTR DebugModuleImageBase; + +ULONG_PTR engineAttachedProcessCallBack = NULL; +ULONG_PTR engineReserveModuleBase = NULL; +unsigned long long engineDebuggingMainModuleBase = NULL; +ULONG_PTR engineDebuggingDLLBase = NULL; +bool engineAttachedToProcess = false; +bool engineDebuggingDLL = false; +wchar_t* engineDebuggingDLLFullFileName; +wchar_t* engineDebuggingDLLFileName; + +// Global.Debugger.functions: +long DebugLoopInSecondThread(LPVOID InputParameter) +{ + __try + { + if(InputParameter == NULL) + { + InitDebugExW(expertDebug.szFileName, expertDebug.szCommandLine, expertDebug.szCurrentFolder, expertDebug.EntryCallBack); + } + else + { + InitDLLDebugW(expertDebug.szFileName, expertDebug.ReserveModuleBase, expertDebug.szCommandLine, expertDebug.szCurrentFolder, expertDebug.EntryCallBack); + } + DebugLoop(); + return(NULL); + } + __except(EXCEPTION_EXECUTE_HANDLER) + { + return(-1); + } +} + +void DebuggerReset() +{ + if(engineResetCustomHandler) + { + RtlZeroMemory(&myDBGCustomHandler, sizeof CustomHandler); + } +} \ No newline at end of file diff --git a/TitanEngine/Global.Debugger.h b/TitanEngine/Global.Debugger.h new file mode 100644 index 0000000..47831f3 --- /dev/null +++ b/TitanEngine/Global.Debugger.h @@ -0,0 +1,27 @@ +#ifndef _GLOBAL_DEBUGGER_H +#define _GLOBAL_DEBUGGER_H + +extern HARDWARE_DATA DebugRegister[4]; +extern PROCESS_INFORMATION dbgProcessInformation; +extern CustomHandler myDBGCustomHandler; +extern PCustomHandler DBGCustomHandler; +extern ExpertDebug expertDebug; +extern STARTUPINFOW dbgStartupInfo; +extern LPVOID DebugModuleEntryPointCallBack; +extern LPVOID DebugExeFileEntryPointCallBack; +extern ULONG_PTR DebugModuleEntryPoint; +extern ULONG_PTR DebugModuleImageBase; + +extern ULONG_PTR engineAttachedProcessCallBack; +extern bool engineAttachedToProcess; +extern ULONG_PTR engineReserveModuleBase; +extern unsigned long long engineDebuggingMainModuleBase; +extern ULONG_PTR engineDebuggingDLLBase; +extern bool engineDebuggingDLL; +extern wchar_t* engineDebuggingDLLFullFileName; +extern wchar_t* engineDebuggingDLLFileName; + +long DebugLoopInSecondThread(LPVOID InputParameter); +void DebuggerReset(); + +#endif //_GLOBAL_DEBUGGER_H \ No newline at end of file diff --git a/TitanEngine/Global.Engine.Hider.cpp b/TitanEngine/Global.Engine.Hider.cpp index 4546c0c..3edc97a 100644 --- a/TitanEngine/Global.Engine.Hider.cpp +++ b/TitanEngine/Global.Engine.Hider.cpp @@ -2,6 +2,7 @@ #include "definitions.h" #include "Global.Engine.Hider.h" #include "Global.Engine.h" +#include "Global.Debugger.h" // Global.Engine.Hider.functions: static bool isAtleastVista() diff --git a/TitanEngine/Global.Engine.cpp b/TitanEngine/Global.Engine.cpp index 81d4959..c7c0c5b 100644 --- a/TitanEngine/Global.Engine.cpp +++ b/TitanEngine/Global.Engine.cpp @@ -5,10 +5,17 @@ #include "Global.Mapping.h" #include "Global.Engine.Extension.h" #include "Global.Engine.Hash.h" +#include "Global.Debugger.h" #include -HARDWARE_DATA DebugRegister[4] = {}; -PROCESS_INFORMATION dbgProcessInformation = {}; +bool engineCheckForwarders = true; +bool engineAlowModuleLoading = false; +bool engineCreatePathForFiles = true; // hardcoded +bool engineBackupForCriticalFunctions = true; +bool engineResumeProcessIfNoThreadIsActive = false; +bool engineResetCustomHandler = true; +bool engineRemoveConsoleForDebugee = false; + char engineExtractedFolderName[512]; char engineFoundDLLName[512]; char engineFoundAPIName[512]; @@ -18,12 +25,6 @@ wchar_t engineSzEngineFile[MAX_PATH]; wchar_t engineSzEngineGarbageFolder[MAX_PATH]; wchar_t engineSzEngineFolder[MAX_PATH]; HMODULE engineHandle; -bool engineCheckForwarders = true; -bool engineAlowModuleLoading = false; -bool engineCreatePathForFiles = true; // hardcoded -bool engineBackupForCriticalFunctions = true; -bool engineResumeProcessIfNoThreadIsActive = false; - LPVOID engineExitThreadOneShootCallBack = NULL; // Global.Engine.functions: diff --git a/TitanEngine/Global.Engine.h b/TitanEngine/Global.Engine.h index ef3066c..d1fd93c 100644 --- a/TitanEngine/Global.Engine.h +++ b/TitanEngine/Global.Engine.h @@ -4,14 +4,14 @@ #include //Global.Engine.Variables -extern PROCESS_INFORMATION dbgProcessInformation; -extern HARDWARE_DATA DebugRegister[4]; extern HMODULE engineHandle; extern bool engineAlowModuleLoading; extern bool engineCheckForwarders; extern bool engineBackupForCriticalFunctions; extern bool engineResumeProcessIfNoThreadIsActive; +extern bool engineResetCustomHandler; +extern bool engineRemoveConsoleForDebugee; extern wchar_t engineSzEngineGarbageFolder[MAX_PATH]; diff --git a/TitanEngine/TitanEngine.Breakpoints.cpp b/TitanEngine/TitanEngine.Breakpoints.cpp new file mode 100644 index 0000000..56f1052 --- /dev/null +++ b/TitanEngine/TitanEngine.Breakpoints.cpp @@ -0,0 +1,1005 @@ +#include "stdafx.h" +#include "definitions.h" +#include "Global.Breakpoints.h" +#include "Global.Debugger.h" +#include "Global.Engine.h" + +static long engineDefaultBreakPointType = UE_BREAKPOINT_INT3; +static BYTE UD2BreakPoint[2] = {0x0F, 0x0B}; +static BYTE INT3BreakPoint = 0xCC; +static BYTE INT3LongBreakPoint[2] = {0xCD, 0x03}; + +__declspec(dllexport) void TITCALL SetBPXOptions(long DefaultBreakPointType) +{ + engineDefaultBreakPointType = DefaultBreakPointType; +} +__declspec(dllexport) bool TITCALL IsBPXEnabled(ULONG_PTR bpxAddress) +{ + + int i; + ULONG_PTR NumberOfBytesReadWritten = 0; + DWORD MaximumBreakPoints = 0; + BYTE ReadData[10] = {}; + + for(i = 0; i < BreakPointSetCount; i++) + { + if(BreakPointBuffer[i].BreakPointAddress == bpxAddress) + { + if(BreakPointBuffer[i].BreakPointActive != UE_BPXINACTIVE && BreakPointBuffer[i].BreakPointActive != UE_BPXREMOVED) + { + if(ReadProcessMemory(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, &ReadData[0], UE_MAX_BREAKPOINT_SIZE, &NumberOfBytesReadWritten)) + { + if(BreakPointBuffer[i].AdvancedBreakPointType == UE_BREAKPOINT_INT3 && ReadData[0] == INT3BreakPoint) + { + return(true); + } + else if(BreakPointBuffer[i].AdvancedBreakPointType == UE_BREAKPOINT_LONG_INT3 && ReadData[0] == INT3LongBreakPoint[0] && ReadData[1] == INT3LongBreakPoint[1]) + { + return(true); + } + else if(BreakPointBuffer[i].AdvancedBreakPointType == UE_BREAKPOINT_UD2 && ReadData[0] == UD2BreakPoint[0] && ReadData[1] == UD2BreakPoint[1]) + { + return(true); + } + else + { + return(false); + } + } + else + { + return(false); + } + } + else + { + return(false); + } + } + } + return(false); +} +__declspec(dllexport) bool TITCALL EnableBPX(ULONG_PTR bpxAddress) +{ + + int i; + MEMORY_BASIC_INFORMATION MemInfo; + ULONG_PTR NumberOfBytesReadWritten = 0; + DWORD MaximumBreakPoints = 0; + bool testWrite = false; + DWORD OldProtect; + + for(i = 0; i < BreakPointSetCount; i++) + { + if(BreakPointBuffer[i].BreakPointAddress == bpxAddress) + { + VirtualQueryEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); + OldProtect = MemInfo.Protect; + VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, PAGE_EXECUTE_READWRITE, &OldProtect); + if(BreakPointBuffer[i].BreakPointActive == UE_BPXINACTIVE && (BreakPointBuffer[i].BreakPointType == UE_BREAKPOINT || BreakPointBuffer[i].BreakPointType == UE_SINGLESHOOT)) + { + if(BreakPointBuffer[i].AdvancedBreakPointType == UE_BREAKPOINT_INT3) + { + if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, &INT3BreakPoint, 1, &NumberOfBytesReadWritten)) + { + testWrite = true; + } + } + else if(BreakPointBuffer[i].AdvancedBreakPointType == UE_BREAKPOINT_LONG_INT3) + { + if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, &INT3LongBreakPoint, 2, &NumberOfBytesReadWritten)) + { + testWrite = true; + } + } + else if(BreakPointBuffer[i].AdvancedBreakPointType == UE_BREAKPOINT_UD2) + { + if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, &UD2BreakPoint, 2, &NumberOfBytesReadWritten)) + { + testWrite = true; + } + } + if(testWrite) + { + BreakPointBuffer[i].BreakPointActive = UE_BPXACTIVE; + VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, OldProtect, &OldProtect); + return(true); + } + else + { + VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, OldProtect, &OldProtect); + return(false); + } + } + else + { + VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, OldProtect, &OldProtect); + return(false); + } + } + } + return(false); +} +__declspec(dllexport) bool TITCALL DisableBPX(ULONG_PTR bpxAddress) +{ + + int i; + MEMORY_BASIC_INFORMATION MemInfo; + ULONG_PTR NumberOfBytesReadWritten = 0; + DWORD MaximumBreakPoints = 0; + DWORD OldProtect; + + for(i = 0; i < BreakPointSetCount; i++) + { + if(BreakPointBuffer[i].BreakPointAddress == bpxAddress) + { + VirtualQueryEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); + OldProtect = MemInfo.Protect; + VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, PAGE_EXECUTE_READWRITE, &OldProtect); + if(BreakPointBuffer[i].BreakPointActive == UE_BPXACTIVE && (BreakPointBuffer[i].BreakPointType == UE_BREAKPOINT || BreakPointBuffer[i].BreakPointType == UE_SINGLESHOOT)) + { + if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, &BreakPointBuffer[i].OriginalByte[0], BreakPointBuffer[i].BreakPointSize, &NumberOfBytesReadWritten)) + { + BreakPointBuffer[i].BreakPointActive = UE_BPXINACTIVE; + VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, OldProtect, &OldProtect); + return(true); + } + else + { + VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, OldProtect, &OldProtect); + return(false); + } + } + else + { + VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, OldProtect, &OldProtect); + return(false); + } + } + } + return(false); +} +__declspec(dllexport) bool TITCALL SetBPX(ULONG_PTR bpxAddress, DWORD bpxType, LPVOID bpxCallBack) +{ + + int i = 0; + int j = -1; + void* bpxDataPrt; + PMEMORY_COMPARE_HANDLER bpxDataCmpPtr; + MEMORY_BASIC_INFORMATION MemInfo; + ULONG_PTR NumberOfBytesReadWritten = 0; + BYTE SelectedBreakPointType; + DWORD checkBpxType; + DWORD OldProtect; + + if(bpxCallBack == NULL) + { + return(false); + } + for(i = 0; i < BreakPointSetCount; i++) + { + if(BreakPointBuffer[i].BreakPointAddress == bpxAddress && BreakPointBuffer[i].BreakPointActive == UE_BPXACTIVE && (BreakPointBuffer[i].BreakPointType == UE_SINGLESHOOT || BreakPointBuffer[i].BreakPointType == UE_BREAKPOINT)) + { + return(false); + } + else if(BreakPointBuffer[i].BreakPointAddress == bpxAddress && BreakPointBuffer[i].BreakPointActive == UE_BPXINACTIVE && (BreakPointBuffer[i].BreakPointType == UE_SINGLESHOOT || BreakPointBuffer[i].BreakPointType == UE_BREAKPOINT)) + { + return(EnableBPX(bpxAddress)); + } + else if(j == -1 && BreakPointBuffer[i].BreakPointActive == UE_BPXREMOVED) + { + j = i; + } + } + if(j == -1) + { + BreakPointSetCount++; + } + else + { + i = j; + } + if(i < MAXIMUM_BREAKPOINTS) + { + RtlZeroMemory(&BreakPointBuffer[i], sizeof BreakPointDetail); + if(bpxType < UE_BREAKPOINT_TYPE_INT3) + { + if(engineDefaultBreakPointType == UE_BREAKPOINT_INT3) + { + SelectedBreakPointType = UE_BREAKPOINT_INT3; + BreakPointBuffer[i].BreakPointSize = 1; + bpxDataPrt = &INT3BreakPoint; + } + else if(engineDefaultBreakPointType == UE_BREAKPOINT_LONG_INT3) + { + SelectedBreakPointType = UE_BREAKPOINT_LONG_INT3; + BreakPointBuffer[i].BreakPointSize = 2; + bpxDataPrt = &INT3LongBreakPoint; + } + else if(engineDefaultBreakPointType == UE_BREAKPOINT_UD2) + { + SelectedBreakPointType = UE_BREAKPOINT_UD2; + BreakPointBuffer[i].BreakPointSize = 2; + bpxDataPrt = &UD2BreakPoint; + } + } + else + { + checkBpxType = bpxType >> 24; + checkBpxType = checkBpxType << 24; + if(checkBpxType == UE_BREAKPOINT_TYPE_INT3) + { + SelectedBreakPointType = UE_BREAKPOINT_INT3; + BreakPointBuffer[i].BreakPointSize = 1; + bpxDataPrt = &INT3BreakPoint; + } + else if(checkBpxType == UE_BREAKPOINT_TYPE_LONG_INT3) + { + SelectedBreakPointType = UE_BREAKPOINT_LONG_INT3; + BreakPointBuffer[i].BreakPointSize = 2; + bpxDataPrt = &INT3LongBreakPoint; + } + else if(checkBpxType == UE_BREAKPOINT_TYPE_UD2) + { + SelectedBreakPointType = UE_BREAKPOINT_UD2; + BreakPointBuffer[i].BreakPointSize = 2; + bpxDataPrt = &UD2BreakPoint; + } + } + bpxDataCmpPtr = (PMEMORY_COMPARE_HANDLER)bpxDataPrt; + VirtualQueryEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); + OldProtect = MemInfo.Protect; + VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, PAGE_EXECUTE_READWRITE, &OldProtect); + if(ReadProcessMemory(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, &BreakPointBuffer[i].OriginalByte[0], BreakPointBuffer[i].BreakPointSize, &NumberOfBytesReadWritten)) + { + /*if(BreakPointBuffer[i].OriginalByte[0] != bpxDataCmpPtr->Array.bArrayEntry[0]) + {*/ + if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, bpxDataPrt, BreakPointBuffer[i].BreakPointSize, &NumberOfBytesReadWritten)) + { + BreakPointBuffer[i].AdvancedBreakPointType = (BYTE)SelectedBreakPointType; + BreakPointBuffer[i].BreakPointActive = UE_BPXACTIVE; + BreakPointBuffer[i].BreakPointAddress = bpxAddress; + BreakPointBuffer[i].BreakPointType = (BYTE)bpxType; + BreakPointBuffer[i].NumberOfExecutions = -1; + BreakPointBuffer[i].ExecuteCallBack = (ULONG_PTR)bpxCallBack; + VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, OldProtect, &OldProtect); + return(true); + } + else + { + VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, OldProtect, &OldProtect); + return(false); + } + /*} + else + { + VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, OldProtect, &OldProtect); + return(false); + }*/ + } + else + { + VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, OldProtect, &OldProtect); + return(false); + } + } + else + { + BreakPointSetCount--; + return(false); + } +} +__declspec(dllexport) bool TITCALL SetBPXEx(ULONG_PTR bpxAddress, DWORD bpxType, DWORD NumberOfExecution, DWORD CmpRegister, DWORD CmpCondition, ULONG_PTR CmpValue, LPVOID bpxCallBack, LPVOID bpxCompareCallBack, LPVOID bpxRemoveCallBack) +{ + + int i = 0; + int j = -1; + void* bpxDataPrt; + PMEMORY_COMPARE_HANDLER bpxDataCmpPtr; + MEMORY_BASIC_INFORMATION MemInfo; + ULONG_PTR NumberOfBytesReadWritten = 0; + BYTE SelectedBreakPointType; + DWORD checkBpxType; + DWORD OldProtect; + + if(bpxCallBack == NULL) + { + return(false); + } + for(i = 0; i < BreakPointSetCount; i++) + { + if(BreakPointBuffer[i].BreakPointAddress == bpxAddress && BreakPointBuffer[i].BreakPointActive == UE_BPXACTIVE) + { + return(true); + } + else if(BreakPointBuffer[i].BreakPointAddress == bpxAddress && BreakPointBuffer[i].BreakPointActive == UE_BPXINACTIVE) + { + return(EnableBPX(bpxAddress)); + } + else if(j == -1 && BreakPointBuffer[i].BreakPointActive == UE_BPXREMOVED) + { + j = i; + } + } + if(j == -1) + { + BreakPointSetCount++; + } + else + { + i = j; + } + if(i < MAXIMUM_BREAKPOINTS) + { + RtlZeroMemory(&BreakPointBuffer[i], sizeof BreakPointDetail); + if(bpxType < UE_BREAKPOINT_TYPE_INT3) + { + if(engineDefaultBreakPointType == UE_BREAKPOINT_INT3) + { + SelectedBreakPointType = UE_BREAKPOINT_INT3; + BreakPointBuffer[i].BreakPointSize = 1; + bpxDataPrt = &INT3BreakPoint; + } + else if(engineDefaultBreakPointType == UE_BREAKPOINT_LONG_INT3) + { + SelectedBreakPointType = UE_BREAKPOINT_LONG_INT3; + BreakPointBuffer[i].BreakPointSize = 2; + bpxDataPrt = &INT3LongBreakPoint; + } + else if(engineDefaultBreakPointType == UE_BREAKPOINT_UD2) + { + SelectedBreakPointType = UE_BREAKPOINT_UD2; + BreakPointBuffer[i].BreakPointSize = 2; + bpxDataPrt = &UD2BreakPoint; + } + } + else + { + checkBpxType = bpxType >> 24; + checkBpxType = checkBpxType << 24; + if(checkBpxType == UE_BREAKPOINT_TYPE_INT3) + { + SelectedBreakPointType = UE_BREAKPOINT_INT3; + BreakPointBuffer[i].BreakPointSize = 1; + bpxDataPrt = &INT3BreakPoint; + } + else if(checkBpxType == UE_BREAKPOINT_TYPE_LONG_INT3) + { + SelectedBreakPointType = UE_BREAKPOINT_LONG_INT3; + BreakPointBuffer[i].BreakPointSize = 2; + bpxDataPrt = &INT3LongBreakPoint; + } + else if(checkBpxType == UE_BREAKPOINT_TYPE_UD2) + { + SelectedBreakPointType = UE_BREAKPOINT_UD2; + BreakPointBuffer[i].BreakPointSize = 2; + bpxDataPrt = &UD2BreakPoint; + } + } + bpxDataCmpPtr = (PMEMORY_COMPARE_HANDLER)bpxDataPrt; + VirtualQueryEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); + OldProtect = MemInfo.Protect; + VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, PAGE_EXECUTE_READWRITE, &OldProtect); + if(ReadProcessMemory(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, &BreakPointBuffer[i].OriginalByte[0], BreakPointBuffer[i].BreakPointSize, &NumberOfBytesReadWritten)) + { + /*if(BreakPointBuffer[i].OriginalByte[0] != bpxDataCmpPtr->Array.bArrayEntry[0]) + {*/ + if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, bpxDataPrt, BreakPointBuffer[i].BreakPointSize, &NumberOfBytesReadWritten)) + { + BreakPointBuffer[i].AdvancedBreakPointType = (BYTE)SelectedBreakPointType; + BreakPointBuffer[i].BreakPointActive = UE_BPXACTIVE; + BreakPointBuffer[i].BreakPointAddress = bpxAddress; + BreakPointBuffer[i].BreakPointType = (BYTE)bpxType; + BreakPointBuffer[i].NumberOfExecutions = NumberOfExecution; + BreakPointBuffer[i].CmpRegister = CmpRegister; + BreakPointBuffer[i].CmpCondition = (BYTE)CmpCondition; + BreakPointBuffer[i].CmpValue = CmpValue; + BreakPointBuffer[i].ExecuteCallBack = (ULONG_PTR)bpxCallBack; + BreakPointBuffer[i].RemoveCallBack = (ULONG_PTR)bpxRemoveCallBack; + BreakPointBuffer[i].CompareCallBack = (ULONG_PTR)bpxCompareCallBack; + VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, OldProtect, &OldProtect); + return(true); + } + else + { + VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, OldProtect, &OldProtect); + return(false); + } + /*} + else + { + VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, OldProtect, &OldProtect); + return(false); + }*/ + } + else + { + VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, OldProtect, &OldProtect); + return(false); + } + } + else + { + BreakPointSetCount--; + return(false); + } +} +__declspec(dllexport) bool TITCALL DeleteBPX(ULONG_PTR bpxAddress) +{ + + int i; + typedef void(TITCALL *fCustomBreakPoint)(void* myBreakPointAddress); + fCustomBreakPoint myCustomBreakPoint; + MEMORY_BASIC_INFORMATION MemInfo; + ULONG_PTR NumberOfBytesReadWritten = 0; + DWORD OldProtect; + + for(i = 0; i < BreakPointSetCount; i++) + { + if(BreakPointBuffer[i].BreakPointAddress == bpxAddress) + { + if(i - 1 == BreakPointSetCount) + { + BreakPointSetCount--; + } + break; + } + } + if(BreakPointBuffer[i].BreakPointAddress == bpxAddress) + { + VirtualQueryEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); + OldProtect = MemInfo.Protect; + VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, PAGE_EXECUTE_READWRITE, &OldProtect); + if(BreakPointBuffer[i].BreakPointType == UE_BREAKPOINT || BreakPointBuffer[i].BreakPointType == UE_SINGLESHOOT) + { + if(BreakPointBuffer[i].BreakPointActive == UE_BPXACTIVE) + { + if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, &BreakPointBuffer[i].OriginalByte[0], BreakPointBuffer[i].BreakPointSize, &NumberOfBytesReadWritten)) + { + VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, OldProtect, &OldProtect); + if(BreakPointBuffer[i].RemoveCallBack != NULL) + { + __try + { + myCustomBreakPoint = (fCustomBreakPoint)((LPVOID)BreakPointBuffer[i].RemoveCallBack); + myCustomBreakPoint((void*)BreakPointBuffer[i].BreakPointAddress); + RtlZeroMemory(&BreakPointBuffer[i], sizeof BreakPointDetail); + } + __except(EXCEPTION_EXECUTE_HANDLER) + { + RtlZeroMemory(&BreakPointBuffer[i], sizeof BreakPointDetail); + return(true); + } + } + else + { + RtlZeroMemory(&BreakPointBuffer[i], sizeof BreakPointDetail); + } + return(true); + } + else + { + VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, OldProtect, &OldProtect); + return(false); + } + } + else + { + RtlZeroMemory(&BreakPointBuffer[i], sizeof BreakPointDetail); + return(true); + } + } + else + { + VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, OldProtect, &OldProtect); + return(false); + } + } + else + { + return(false); + } +} +__declspec(dllexport) bool TITCALL SafeDeleteBPX(ULONG_PTR bpxAddress) +{ + return(DeleteBPX(bpxAddress)); +} +__declspec(dllexport) bool TITCALL SetAPIBreakPoint(char* szDLLName, char* szAPIName, DWORD bpxType, DWORD bpxPlace, LPVOID bpxCallBack) +{ + + BYTE ReadByte = NULL; + HMODULE hModule = NULL; + DWORD ReadMemSize = NULL; + ULONG_PTR APIAddress = NULL; + ULONG_PTR tryAPIAddress = NULL; + ULONG_PTR QueryAPIAddress = NULL; + int i = MAX_RET_SEARCH_INSTRUCTIONS; + ULONG_PTR ueNumberOfReadWrite = NULL; + int currentInstructionLen = NULL; + bool ModuleLoaded = false; + void* CmdBuffer = NULL; + bool RemovedBpx = false; + + if(szDLLName != NULL && szAPIName != NULL) + { + hModule = GetModuleHandleA(szDLLName); + if(hModule == NULL) + { + if(engineAlowModuleLoading) + { + hModule = LoadLibraryA(szDLLName); + ModuleLoaded = true; + } + else + { + ReadMemSize = MAX_RET_SEARCH_INSTRUCTIONS * MAXIMUM_INSTRUCTION_SIZE; + APIAddress = (ULONG_PTR)EngineGlobalAPIHandler(dbgProcessInformation.hProcess, NULL, NULL, szAPIName, UE_OPTION_IMPORTER_RETURN_APIADDRESS); + if(APIAddress != NULL) + { + CmdBuffer = VirtualAlloc(NULL, ReadMemSize, MEM_COMMIT, PAGE_READWRITE); + while(ReadProcessMemory(dbgProcessInformation.hProcess, (void*)APIAddress, CmdBuffer, ReadMemSize, &ueNumberOfReadWrite) == false && ReadMemSize > NULL) + { + ReadMemSize = ReadMemSize - (MAXIMUM_INSTRUCTION_SIZE * 10); + } + if(ReadMemSize == NULL) + { + VirtualFree(CmdBuffer, NULL, MEM_RELEASE); + APIAddress = NULL; + } + else + { + tryAPIAddress = (ULONG_PTR)CmdBuffer; + } + } + } + } + if(hModule != NULL || APIAddress != NULL) + { + if(hModule != NULL) + { + APIAddress = (ULONG_PTR)GetProcAddress(hModule, szAPIName); + } + if(bpxPlace == UE_APIEND) + { + if(tryAPIAddress == NULL) + { + tryAPIAddress = APIAddress; + } + QueryAPIAddress = APIAddress; + RtlMoveMemory(&ReadByte, (LPVOID)tryAPIAddress, 1); + while(i > 0 && ReadByte != 0xC3 && ReadByte != 0xC2) + { + if(engineAlowModuleLoading == false && CmdBuffer != NULL) + { + if(IsBPXEnabled(QueryAPIAddress)) + { + DisableBPX(QueryAPIAddress); + ReadProcessMemory(dbgProcessInformation.hProcess, (void*)APIAddress, CmdBuffer, ReadMemSize, &ueNumberOfReadWrite); + RemovedBpx = true; + } + } + currentInstructionLen = StaticLengthDisassemble((LPVOID)tryAPIAddress); + tryAPIAddress = tryAPIAddress + currentInstructionLen; + RtlMoveMemory(&ReadByte, (LPVOID)tryAPIAddress, 1); + QueryAPIAddress = QueryAPIAddress + currentInstructionLen; + if(!engineAlowModuleLoading) + { + if(RemovedBpx) + { + EnableBPX(QueryAPIAddress - currentInstructionLen); + } + } + RemovedBpx = false; + i--; + } + if(i != NULL) + { + if((engineAlowModuleLoading == true && ModuleLoaded == true) || (engineAlowModuleLoading == true && ModuleLoaded == false)) + { + APIAddress = tryAPIAddress; + } + else if(!engineAlowModuleLoading) + { + if(CmdBuffer != NULL) + { + APIAddress = tryAPIAddress - (ULONG_PTR)CmdBuffer + APIAddress; + } + else + { + APIAddress = tryAPIAddress; + } + } + } + else + { + if(ModuleLoaded) + { + FreeLibrary(hModule); + } + if(CmdBuffer != NULL) + { + VirtualFree(CmdBuffer, NULL, MEM_RELEASE); + } + return(false); + } + } + if(engineAlowModuleLoading) + { + APIAddress = (ULONG_PTR)EngineGlobalAPIHandler(dbgProcessInformation.hProcess, NULL, APIAddress, NULL, UE_OPTION_IMPORTER_REALIGN_APIADDRESS); + if(ModuleLoaded) + { + FreeLibrary(hModule); + } + } + else + { + if(CmdBuffer != NULL) + { + VirtualFree(CmdBuffer, NULL, MEM_RELEASE); + } + } + return(SetBPX(APIAddress, bpxType, bpxCallBack)); + } + else + { + if(engineAlowModuleLoading) + { + if(ModuleLoaded) + { + FreeLibrary(hModule); + } + } + else + { + if(CmdBuffer != NULL) + { + VirtualFree(CmdBuffer, NULL, MEM_RELEASE); + } + } + return(false); + } + } + else + { + return(false); + } + return(false); +} +__declspec(dllexport) bool TITCALL DeleteAPIBreakPoint(char* szDLLName, char* szAPIName, DWORD bpxPlace) +{ + + BYTE ReadByte = NULL; + HMODULE hModule = NULL; + DWORD ReadMemSize = NULL; + ULONG_PTR APIAddress = NULL; + ULONG_PTR tryAPIAddress = NULL; + ULONG_PTR QueryAPIAddress = NULL; + int i = MAX_RET_SEARCH_INSTRUCTIONS; + ULONG_PTR ueNumberOfReadWrite = NULL; + int currentInstructionLen = NULL; + bool ModuleLoaded = false; + void* CmdBuffer = NULL; + bool RemovedBpx = false; + + if(szDLLName != NULL && szAPIName != NULL) + { + hModule = GetModuleHandleA(szDLLName); + if(hModule == NULL) + { + if(engineAlowModuleLoading) + { + hModule = LoadLibraryA(szDLLName); + ModuleLoaded = true; + } + else + { + ReadMemSize = MAX_RET_SEARCH_INSTRUCTIONS * MAXIMUM_INSTRUCTION_SIZE; + APIAddress = (ULONG_PTR)EngineGlobalAPIHandler(dbgProcessInformation.hProcess, NULL, NULL, szAPIName, UE_OPTION_IMPORTER_RETURN_APIADDRESS); + if(APIAddress != NULL) + { + CmdBuffer = VirtualAlloc(NULL, ReadMemSize, MEM_COMMIT, PAGE_READWRITE); + while(ReadProcessMemory(dbgProcessInformation.hProcess, (void*)APIAddress, CmdBuffer, ReadMemSize, &ueNumberOfReadWrite) == false && ReadMemSize > NULL) + { + ReadMemSize = ReadMemSize - (MAXIMUM_INSTRUCTION_SIZE * 10); + } + if(ReadMemSize == NULL) + { + VirtualFree(CmdBuffer, NULL, MEM_RELEASE); + APIAddress = NULL; + } + else + { + tryAPIAddress = (ULONG_PTR)CmdBuffer; + } + } + } + } + if(hModule != NULL || APIAddress != NULL) + { + if(hModule != NULL) + { + APIAddress = (ULONG_PTR)GetProcAddress(hModule, szAPIName); + } + if(bpxPlace == UE_APIEND) + { + if(tryAPIAddress == NULL) + { + tryAPIAddress = APIAddress; + } + QueryAPIAddress = APIAddress; + RtlMoveMemory(&ReadByte, (LPVOID)tryAPIAddress, 1); + while(i > 0 && ReadByte != 0xC3 && ReadByte != 0xC2) + { + if(engineAlowModuleLoading == false && CmdBuffer != NULL) + { + if(IsBPXEnabled(QueryAPIAddress)) + { + DisableBPX(QueryAPIAddress); + ReadProcessMemory(dbgProcessInformation.hProcess, (void*)APIAddress, CmdBuffer, ReadMemSize, &ueNumberOfReadWrite); + RemovedBpx = true; + } + } + currentInstructionLen = StaticLengthDisassemble((LPVOID)tryAPIAddress); + tryAPIAddress = tryAPIAddress + currentInstructionLen; + RtlMoveMemory(&ReadByte, (LPVOID)tryAPIAddress, 1); + QueryAPIAddress = QueryAPIAddress + currentInstructionLen; + if(!engineAlowModuleLoading) + { + if(RemovedBpx) + { + EnableBPX(QueryAPIAddress - currentInstructionLen); + } + } + RemovedBpx = false; + i--; + } + if(i != NULL) + { + if((engineAlowModuleLoading == true && ModuleLoaded == true) || (engineAlowModuleLoading == true && ModuleLoaded == false)) + { + APIAddress = tryAPIAddress; + } + else if(!engineAlowModuleLoading) + { + if(CmdBuffer != NULL) + { + APIAddress = tryAPIAddress - (ULONG_PTR)CmdBuffer + APIAddress; + } + else + { + APIAddress = tryAPIAddress; + } + } + } + else + { + if(ModuleLoaded) + { + FreeLibrary(hModule); + } + if(CmdBuffer != NULL) + { + VirtualFree(CmdBuffer, NULL, MEM_RELEASE); + } + return(false); + } + } + if(engineAlowModuleLoading) + { + APIAddress = (ULONG_PTR)EngineGlobalAPIHandler(dbgProcessInformation.hProcess, NULL, APIAddress, NULL, UE_OPTION_IMPORTER_REALIGN_APIADDRESS); + if(ModuleLoaded) + { + FreeLibrary(hModule); + } + } + else + { + if(CmdBuffer != NULL) + { + VirtualFree(CmdBuffer, NULL, MEM_RELEASE); + } + } + return(DeleteBPX(APIAddress)); + } + else + { + if(engineAlowModuleLoading) + { + if(ModuleLoaded) + { + FreeLibrary(hModule); + } + } + else + { + if(CmdBuffer != NULL) + { + VirtualFree(CmdBuffer, NULL, MEM_RELEASE); + } + } + return(false); + } + } + else + { + return(false); + } + return(false); +} +__declspec(dllexport) bool TITCALL SafeDeleteAPIBreakPoint(char* szDLLName, char* szAPIName, DWORD bpxPlace) +{ + return(DeleteAPIBreakPoint(szDLLName, szAPIName, bpxPlace)); +} +__declspec(dllexport) bool TITCALL SetMemoryBPX(ULONG_PTR MemoryStart, SIZE_T SizeOfMemory, LPVOID bpxCallBack) +{ + int i = 0; + int j = -1; + MEMORY_BASIC_INFORMATION MemInfo; + ULONG_PTR NumberOfBytesReadWritten = 0; + DWORD NewProtect = 0; + DWORD OldProtect = 0; + + for(i = 0; i < BreakPointSetCount; i++) + { + if(BreakPointBuffer[i].BreakPointAddress == MemoryStart) + { + if(BreakPointBuffer[i].BreakPointActive == UE_BPXACTIVE) + { + RemoveMemoryBPX(BreakPointBuffer[i].BreakPointAddress, BreakPointBuffer[i].BreakPointSize); + } + j = i; + break; + } + else if(j == -1 && BreakPointBuffer[i].BreakPointActive == UE_BPXREMOVED) + { + j = i; + } + } + if(BreakPointBuffer[i].BreakPointAddress != MemoryStart) + { + if(j != -1) + { + i = j; + } + else + { + BreakPointSetCount++; + } + } + if(i < MAXIMUM_BREAKPOINTS) + { + RtlZeroMemory(&BreakPointBuffer[i], sizeof BreakPointDetail); + VirtualQueryEx(dbgProcessInformation.hProcess, (LPVOID)MemoryStart, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); + OldProtect = MemInfo.Protect; + if(!(OldProtect & PAGE_GUARD)) + { + NewProtect = OldProtect ^ PAGE_GUARD; + VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)MemoryStart, SizeOfMemory, NewProtect, &OldProtect); + BreakPointBuffer[i].BreakPointActive = UE_BPXACTIVE; + BreakPointBuffer[i].BreakPointAddress = MemoryStart; + BreakPointBuffer[i].BreakPointType = UE_MEMORY; + BreakPointBuffer[i].BreakPointSize = SizeOfMemory; + BreakPointBuffer[i].NumberOfExecutions = -1; + BreakPointBuffer[i].ExecuteCallBack = (ULONG_PTR)bpxCallBack; + } + return(true); + } + else + { + return(false); + } +} +__declspec(dllexport) bool TITCALL SetMemoryBPXEx(ULONG_PTR MemoryStart, SIZE_T SizeOfMemory, DWORD BreakPointType, bool RestoreOnHit, LPVOID bpxCallBack) +{ + + int i = 0; + int j = -1; + MEMORY_BASIC_INFORMATION MemInfo; + ULONG_PTR NumberOfBytesReadWritten = 0; + DWORD NewProtect = 0; + DWORD OldProtect = 0; + + for(i = 0; i < BreakPointSetCount; i++) + { + if(BreakPointBuffer[i].BreakPointAddress == MemoryStart) + { + if(BreakPointBuffer[i].BreakPointActive == UE_BPXACTIVE) + { + RemoveMemoryBPX(BreakPointBuffer[i].BreakPointAddress, BreakPointBuffer[i].BreakPointSize); + } + j = i; + break; + } + else if(j == -1 && BreakPointBuffer[i].BreakPointActive == UE_BPXREMOVED) + { + j = i; + } + } + if(BreakPointBuffer[i].BreakPointAddress != MemoryStart) + { + if(j != -1) + { + i = j; + } + else + { + BreakPointSetCount++; + } + } + if(i < MAXIMUM_BREAKPOINTS) + { + RtlZeroMemory(&BreakPointBuffer[i], sizeof BreakPointDetail); + VirtualQueryEx(dbgProcessInformation.hProcess, (LPVOID)MemoryStart, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); + OldProtect = MemInfo.Protect; + if(!(OldProtect & PAGE_GUARD)) + { + NewProtect = OldProtect ^ PAGE_GUARD; + VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)MemoryStart, SizeOfMemory, NewProtect, &OldProtect); + BreakPointBuffer[i].BreakPointActive = UE_BPXACTIVE; + BreakPointBuffer[i].BreakPointAddress = MemoryStart; + BreakPointBuffer[i].BreakPointType = BreakPointType; + BreakPointBuffer[i].BreakPointSize = SizeOfMemory; + BreakPointBuffer[i].NumberOfExecutions = -1; + BreakPointBuffer[i].MemoryBpxRestoreOnHit = (BYTE)RestoreOnHit; + BreakPointBuffer[i].ExecuteCallBack = (ULONG_PTR)bpxCallBack; + } + return(true); + } + else + { + return(false); + } +} +__declspec(dllexport) bool TITCALL RemoveMemoryBPX(ULONG_PTR MemoryStart, SIZE_T SizeOfMemory) +{ + + int i = 0; + MEMORY_BASIC_INFORMATION MemInfo; + ULONG_PTR NumberOfBytesReadWritten = 0; + DWORD NewProtect = 0; + DWORD OldProtect = 0; + + for(i = 0; i < BreakPointSetCount; i++) + { + if(BreakPointBuffer[i].BreakPointAddress == MemoryStart && + (BreakPointBuffer[i].BreakPointType == UE_MEMORY || + BreakPointBuffer[i].BreakPointType == UE_MEMORY_READ || + BreakPointBuffer[i].BreakPointType == UE_MEMORY_WRITE || + BreakPointBuffer[i].BreakPointType == UE_MEMORY_EXECUTE) + ) + { + if(i - 1 == BreakPointSetCount) + { + BreakPointSetCount--; + } + break; + } + } + if(BreakPointBuffer[i].BreakPointAddress == MemoryStart) + { + VirtualQueryEx(dbgProcessInformation.hProcess, (LPVOID)MemoryStart, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); + OldProtect = MemInfo.Protect; + if(OldProtect & PAGE_GUARD) + { + NewProtect = OldProtect ^ PAGE_GUARD; + } + else + { + NewProtect = OldProtect; + } + if(SizeOfMemory != NULL) + { + VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)MemoryStart, SizeOfMemory, NewProtect, &OldProtect); + } + else + { + VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)MemoryStart, BreakPointBuffer[i].BreakPointSize, NewProtect, &OldProtect); + } + RtlZeroMemory(&BreakPointBuffer[i], sizeof BreakPointDetail); + return(true); + } + else + { + return(false); + } +} \ No newline at end of file diff --git a/TitanEngine/TitanEngine.Debugger.cpp b/TitanEngine/TitanEngine.Debugger.cpp new file mode 100644 index 0000000..d6f71cc --- /dev/null +++ b/TitanEngine/TitanEngine.Debugger.cpp @@ -0,0 +1,234 @@ +#include "stdafx.h" +#include "definitions.h" +#include "Global.Debugger.h" +#include "Global.Engine.h" +#include "Global.Breakpoints.h" + +static wchar_t szBackupDebuggedFileName[512]; +static wchar_t szDebuggerName[512]; + +// TitanEngine.Debugger.functions: +__declspec(dllexport) void* TITCALL InitDebug(char* szFileName, char* szCommandLine, char* szCurrentFolder) +{ + + wchar_t* PtrUniFileName = NULL; + wchar_t uniFileName[MAX_PATH] = {}; + wchar_t* PtrUniCommandLine = NULL; + wchar_t uniCommandLine[MAX_PATH] = {}; + wchar_t* PtrUniCurrentFolder = NULL; + wchar_t uniCurrentFolder[MAX_PATH] = {}; + + if(szFileName != NULL) + { + MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); + MultiByteToWideChar(CP_ACP, NULL, szCommandLine, lstrlenA(szCommandLine)+1, uniCommandLine, sizeof(uniCommandLine)/(sizeof(uniCommandLine[0]))); + MultiByteToWideChar(CP_ACP, NULL, szCurrentFolder, lstrlenA(szCurrentFolder)+1, uniCurrentFolder, sizeof(uniCurrentFolder)/(sizeof(uniCurrentFolder[0]))); + if(szFileName != NULL) + { + PtrUniFileName = &uniFileName[0]; + } + if(szCommandLine != NULL) + { + PtrUniCommandLine = &uniCommandLine[0]; + } + if(szCurrentFolder != NULL) + { + PtrUniCurrentFolder = &uniCurrentFolder[0]; + } + return(InitDebugW(PtrUniFileName, PtrUniCommandLine, PtrUniCurrentFolder)); + } + else + { + return NULL; + } +} +__declspec(dllexport) void* TITCALL InitDebugW(wchar_t* szFileName, wchar_t* szCommandLine, wchar_t* szCurrentFolder) +{ + + wchar_t szCreateWithCmdLine[1024]; + int DebugConsoleFlag = NULL; + + DebuggerReset(); + if(engineRemoveConsoleForDebugee) + { + DebugConsoleFlag = CREATE_NO_WINDOW; + } + BreakPointSetCount = 0; + RtlZeroMemory(&BreakPointBuffer, sizeof BreakPointBuffer); + if(szCommandLine == NULL) + { + if(CreateProcessW(szFileName, NULL, NULL, NULL, false, DEBUG_PROCESS|DEBUG_ONLY_THIS_PROCESS|DebugConsoleFlag|CREATE_NEW_CONSOLE, NULL, szCurrentFolder, &dbgStartupInfo, &dbgProcessInformation)) + { + engineAttachedToProcess = false; + engineAttachedProcessCallBack = NULL; + RtlZeroMemory(&BreakPointBuffer, sizeof BreakPointBuffer); + return(&dbgProcessInformation); + } + else + { + RtlZeroMemory(&dbgProcessInformation,sizeof PROCESS_INFORMATION); + return(0); + } + } + else + { + wsprintfW(szCreateWithCmdLine, L"\"%s\" %s", szFileName, szCommandLine); + if(CreateProcessW(NULL, szCreateWithCmdLine, NULL, NULL, false, DEBUG_PROCESS|DEBUG_ONLY_THIS_PROCESS|DebugConsoleFlag|CREATE_NEW_CONSOLE, NULL, szCurrentFolder, &dbgStartupInfo, &dbgProcessInformation)) + { + engineAttachedToProcess = false; + engineAttachedProcessCallBack = NULL; + RtlZeroMemory(&BreakPointBuffer, sizeof BreakPointBuffer); + return(&dbgProcessInformation); + } + else + { + RtlZeroMemory(&dbgProcessInformation,sizeof PROCESS_INFORMATION); + return(0); + } + } +} +__declspec(dllexport) void* TITCALL InitDebugEx(char* szFileName, char* szCommandLine, char* szCurrentFolder, LPVOID EntryCallBack) +{ + DebugExeFileEntryPointCallBack = EntryCallBack; + return(InitDebug(szFileName, szCommandLine, szCurrentFolder)); +} +__declspec(dllexport) void* TITCALL InitDebugExW(wchar_t* szFileName, wchar_t* szCommandLine, wchar_t* szCurrentFolder, LPVOID EntryCallBack) +{ + DebugExeFileEntryPointCallBack = EntryCallBack; + return(InitDebugW(szFileName, szCommandLine, szCurrentFolder)); +} +__declspec(dllexport) void* TITCALL InitDLLDebug(char* szFileName, bool ReserveModuleBase, char* szCommandLine, char* szCurrentFolder, LPVOID EntryCallBack) +{ + + wchar_t* PtrUniFileName = NULL; + wchar_t uniFileName[MAX_PATH] = {}; + wchar_t* PtrUniCommandLine = NULL; + wchar_t uniCommandLine[MAX_PATH] = {}; + wchar_t* PtrUniCurrentFolder = NULL; + wchar_t uniCurrentFolder[MAX_PATH] = {}; + + if(szFileName != NULL) + { + MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); + MultiByteToWideChar(CP_ACP, NULL, szCommandLine, lstrlenA(szCommandLine)+1, uniCommandLine, sizeof(uniCommandLine)/(sizeof(uniCommandLine[0]))); + MultiByteToWideChar(CP_ACP, NULL, szCurrentFolder, lstrlenA(szCurrentFolder)+1, uniCurrentFolder, sizeof(uniCurrentFolder)/(sizeof(uniCurrentFolder[0]))); + if(szFileName != NULL) + { + PtrUniFileName = &uniFileName[0]; + } + if(szCommandLine != NULL) + { + PtrUniCommandLine = &uniCommandLine[0]; + } + if(szCurrentFolder != NULL) + { + PtrUniCurrentFolder = &uniCurrentFolder[0]; + } + return(InitDLLDebugW(PtrUniFileName, ReserveModuleBase, PtrUniCommandLine, PtrUniCurrentFolder, EntryCallBack)); + } + else + { + return NULL; + } +} +__declspec(dllexport) void* TITCALL InitDLLDebugW(wchar_t* szFileName, bool ReserveModuleBase, wchar_t* szCommandLine, wchar_t* szCurrentFolder, LPVOID EntryCallBack) +{ + + int i = NULL; + int j = NULL; + bool ReturnData = false; + engineReserveModuleBase = NULL; + + RtlZeroMemory(&szDebuggerName, sizeof szDebuggerName); + if(lstrlenW(szFileName) < 512) + { + RtlZeroMemory(&szBackupDebuggedFileName, sizeof szBackupDebuggedFileName); + lstrcpyW(szBackupDebuggedFileName, szFileName); + szFileName = &szBackupDebuggedFileName[0]; + } + lstrcpyW(szDebuggerName, szFileName); + i = lstrlenW(szDebuggerName); + while(szDebuggerName[i] != 0x5C && i >= NULL) + { + i--; + } + if(i > NULL) + { + szDebuggerName[i+1] = 0x00; +#ifdef _WIN64 + lstrcpyW(szDebuggerName, L"DLLLoader64.exe"); +#else + lstrcpyW(szDebuggerName, L"DLLLoader32.exe"); +#endif + } + else + { +#ifdef _WIN64 + lstrcpyW(szDebuggerName, L"DLLLoader64.exe"); +#else + lstrcpyW(szDebuggerName, L"DLLLoader32.exe"); +#endif + } + //RtlZeroMemory(&szReserveModuleName, sizeof szReserveModuleName); + //lstrcpyW(szReserveModuleName, szFileName); + //lstrcatW(szReserveModuleName, L".module"); +#if defined(_WIN64) + ReturnData = EngineExtractResource("LOADERx64", szDebuggerName); + /*if(ReserveModuleBase) + { + EngineExtractResource("MODULEx64", szReserveModuleName); + }*/ +#else + ReturnData = EngineExtractResource("LOADERx86", szDebuggerName); + /*if(ReserveModuleBase) + { + EngineExtractResource("MODULEx86", szReserveModuleName); + }*/ +#endif + if(ReturnData) + { + engineDebuggingDLL = true; + i = lstrlenW(szFileName); + while(szFileName[i] != 0x5C && i >= NULL) + { + i--; + } + /*j = lstrlenW(szReserveModuleName); + while(szReserveModuleName[j] != 0x5C && j >= NULL) + { + j--; + }*/ + engineDebuggingDLLBase = NULL; + engineDebuggingMainModuleBase = NULL; + engineDebuggingDLLFullFileName = szFileName; + engineDebuggingDLLFileName = &szFileName[i+1]; + //engineDebuggingDLLReserveFileName = &szReserveModuleName[j+1]; + DebugModuleImageBase = (ULONG_PTR)GetPE32DataW(szFileName, NULL, UE_IMAGEBASE); + engineReserveModuleBase = DebugModuleImageBase; + DebugModuleEntryPoint = (ULONG_PTR)GetPE32DataW(szFileName, NULL, UE_OEP); + DebugModuleEntryPointCallBack = EntryCallBack; + /*if(ReserveModuleBase) + { + RelocaterChangeFileBaseW(szReserveModuleName, DebugModuleImageBase); + }*/ + return(InitDebugW(szDebuggerName, szCommandLine, szCurrentFolder)); + } + else + { + return(NULL); + } + return(NULL); +} +__declspec(dllexport) bool TITCALL StopDebug() +{ + if(dbgProcessInformation.hProcess != NULL) + { + TerminateThread(dbgProcessInformation.hThread, NULL); + TerminateProcess(dbgProcessInformation.hProcess, NULL); + return(true); + } + else + { + return(false); + } +} \ No newline at end of file diff --git a/TitanEngine/TitanEngine.Disassembler.cpp b/TitanEngine/TitanEngine.Disassembler.cpp new file mode 100644 index 0000000..391a7ad --- /dev/null +++ b/TitanEngine/TitanEngine.Disassembler.cpp @@ -0,0 +1,236 @@ +#include "stdafx.h" +#include "definitions.h" +#include "Global.Debugger.h" +#include "distorm.h" + +static char engineDisassembledInstruction[128]; + +__declspec(dllexport) void* TITCALL StaticDisassembleEx(ULONG_PTR DisassmStart, LPVOID DisassmAddress) +{ + _DecodeResult DecodingResult; + _DecodedInst engineDecodedInstructions[MAX_DECODE_INSTRUCTIONS]; + unsigned int DecodedInstructionsCount = 0; +#if !defined(_WIN64) + _DecodeType DecodingType = Decode32Bits; +#else + _DecodeType DecodingType = Decode64Bits; +#endif + MEMORY_BASIC_INFORMATION MemInfo; + DWORD MaxDisassmSize; + + VirtualQueryEx(GetCurrentProcess(), DisassmAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); + if(MemInfo.State == MEM_COMMIT) + { + if((ULONG_PTR)MemInfo.BaseAddress + (ULONG_PTR)MemInfo.RegionSize - (ULONG_PTR)DisassmAddress <= MAXIMUM_INSTRUCTION_SIZE) + { + MaxDisassmSize = (DWORD)((ULONG_PTR)MemInfo.BaseAddress + (ULONG_PTR)MemInfo.RegionSize - (ULONG_PTR)DisassmAddress - 1); + VirtualQueryEx(GetCurrentProcess(), (LPVOID)((ULONG_PTR)DisassmAddress + (ULONG_PTR)MemInfo.RegionSize), &MemInfo, sizeof MEMORY_BASIC_INFORMATION); + if(MemInfo.State == MEM_COMMIT) + { + MaxDisassmSize = MAXIMUM_INSTRUCTION_SIZE; + } + } + else + { + MaxDisassmSize = MAXIMUM_INSTRUCTION_SIZE; + } + DecodingResult = distorm_decode((ULONG_PTR)DisassmStart, (const unsigned char*)DisassmAddress, MaxDisassmSize, DecodingType, engineDecodedInstructions, MAX_DECODE_INSTRUCTIONS, &DecodedInstructionsCount); + RtlZeroMemory(&engineDisassembledInstruction, 128); + lstrcpyA(engineDisassembledInstruction, (LPCSTR)engineDecodedInstructions[0].mnemonic.p); + if(engineDecodedInstructions[0].size != NULL) + { + lstrcatA(engineDisassembledInstruction, " "); + } + lstrcatA(engineDisassembledInstruction, (LPCSTR)engineDecodedInstructions[0].operands.p); + return((char*)engineDisassembledInstruction); + } + else + { + return(NULL); + } +} +__declspec(dllexport) void* TITCALL StaticDisassemble(LPVOID DisassmAddress) +{ + return(StaticDisassembleEx((ULONG_PTR)DisassmAddress, DisassmAddress)); +} +__declspec(dllexport) void* TITCALL DisassembleEx(HANDLE hProcess, LPVOID DisassmAddress, bool ReturnInstructionType) +{ + + _DecodeResult DecodingResult; + _DecodedInst engineDecodedInstructions[MAX_DECODE_INSTRUCTIONS]; + unsigned int DecodedInstructionsCount = 0; +#if !defined(_WIN64) + _DecodeType DecodingType = Decode32Bits; +#else + _DecodeType DecodingType = Decode64Bits; +#endif + ULONG_PTR ueNumberOfBytesRead = 0; + LPVOID ueReadBuffer = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE); + MEMORY_BASIC_INFORMATION MemInfo; + DWORD MaxDisassmSize; + + if(hProcess != NULL) + { + VirtualQueryEx(hProcess, DisassmAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); + if(MemInfo.State == MEM_COMMIT) + { + if((ULONG_PTR)MemInfo.BaseAddress + (ULONG_PTR)MemInfo.RegionSize - (ULONG_PTR)DisassmAddress <= MAXIMUM_INSTRUCTION_SIZE) + { + MaxDisassmSize = (DWORD)((ULONG_PTR)MemInfo.BaseAddress + (ULONG_PTR)MemInfo.RegionSize - (ULONG_PTR)DisassmAddress - 1); + VirtualQueryEx(hProcess, (LPVOID)((ULONG_PTR)DisassmAddress + (ULONG_PTR)MemInfo.RegionSize), &MemInfo, sizeof MEMORY_BASIC_INFORMATION); + if(MemInfo.State == MEM_COMMIT) + { + MaxDisassmSize = MAXIMUM_INSTRUCTION_SIZE; + } + } + else + { + MaxDisassmSize = MAXIMUM_INSTRUCTION_SIZE; + } + bool isbp=false; + if(IsBPXEnabled((ULONG_PTR)DisassmAddress)) + { + isbp=true; + DisableBPX((ULONG_PTR)DisassmAddress); + } + BOOL rpm=ReadProcessMemory(hProcess, (LPVOID)DisassmAddress, ueReadBuffer, MaxDisassmSize, &ueNumberOfBytesRead); + if(isbp) + { + EnableBPX((ULONG_PTR)DisassmAddress); + } + if(rpm) + { + DecodingResult = distorm_decode((ULONG_PTR)DisassmAddress, (const unsigned char*)ueReadBuffer, MaxDisassmSize, DecodingType, engineDecodedInstructions, MAX_DECODE_INSTRUCTIONS, &DecodedInstructionsCount); + VirtualFree(ueReadBuffer, NULL, MEM_RELEASE); + RtlZeroMemory(&engineDisassembledInstruction, 128); + lstrcpyA(engineDisassembledInstruction, (LPCSTR)engineDecodedInstructions[0].mnemonic.p); + if(!ReturnInstructionType) + { + if(engineDecodedInstructions[0].size != NULL) + { + lstrcatA(engineDisassembledInstruction, " "); + } + lstrcatA(engineDisassembledInstruction, (LPCSTR)engineDecodedInstructions[0].operands.p); + } + return((char*)engineDisassembledInstruction); + } + else + { + VirtualFree(ueReadBuffer, NULL, MEM_RELEASE); + return(NULL); + } + } + else + { + return(NULL); + } + } + else + { + VirtualFree(ueReadBuffer, NULL, MEM_RELEASE); + return(NULL); + } +} +__declspec(dllexport) void* TITCALL Disassemble(LPVOID DisassmAddress) +{ + return(DisassembleEx(dbgProcessInformation.hProcess, DisassmAddress, false)); +} +__declspec(dllexport) long TITCALL StaticLengthDisassemble(LPVOID DisassmAddress) +{ + + _DecodeResult DecodingResult; + _DecodedInst DecodedInstructions[MAX_DECODE_INSTRUCTIONS]; + unsigned int DecodedInstructionsCount = 0; +#if !defined(_WIN64) + _DecodeType DecodingType = Decode32Bits; +#else + _DecodeType DecodingType = Decode64Bits; +#endif + MEMORY_BASIC_INFORMATION MemInfo; + DWORD MaxDisassmSize; + + VirtualQueryEx(GetCurrentProcess(), DisassmAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); + if(MemInfo.State == MEM_COMMIT) + { + if((ULONG_PTR)MemInfo.BaseAddress + (ULONG_PTR)MemInfo.RegionSize - (ULONG_PTR)DisassmAddress <= MAXIMUM_INSTRUCTION_SIZE) + { + MaxDisassmSize = (DWORD)((ULONG_PTR)MemInfo.BaseAddress + (ULONG_PTR)MemInfo.RegionSize - (ULONG_PTR)DisassmAddress - 1); + VirtualQueryEx(GetCurrentProcess(), (LPVOID)((ULONG_PTR)DisassmAddress + (ULONG_PTR)MemInfo.RegionSize), &MemInfo, sizeof MEMORY_BASIC_INFORMATION); + if(MemInfo.State == MEM_COMMIT) + { + MaxDisassmSize = MAXIMUM_INSTRUCTION_SIZE; + } + } + else + { + MaxDisassmSize = MAXIMUM_INSTRUCTION_SIZE; + } + DecodingResult = distorm_decode(NULL, (const unsigned char*)DisassmAddress, MaxDisassmSize, DecodingType, DecodedInstructions, MAX_DECODE_INSTRUCTIONS, &DecodedInstructionsCount); + return(DecodedInstructions[0].size); + } + else + { + return(NULL); + } +} +__declspec(dllexport) long TITCALL LengthDisassembleEx(HANDLE hProcess, LPVOID DisassmAddress) +{ + + _DecodeResult DecodingResult; + _DecodedInst DecodedInstructions[MAX_DECODE_INSTRUCTIONS]; + unsigned int DecodedInstructionsCount = 0; +#if !defined(_WIN64) + _DecodeType DecodingType = Decode32Bits; +#else + _DecodeType DecodingType = Decode64Bits; +#endif + ULONG_PTR ueNumberOfBytesRead = 0; + LPVOID ueReadBuffer = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE); + MEMORY_BASIC_INFORMATION MemInfo; + DWORD MaxDisassmSize; + + if(hProcess != NULL) + { + VirtualQueryEx(GetCurrentProcess(), DisassmAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); + if(MemInfo.State == MEM_COMMIT) + { + if((ULONG_PTR)MemInfo.BaseAddress + (ULONG_PTR)MemInfo.RegionSize - (ULONG_PTR)DisassmAddress <= MAXIMUM_INSTRUCTION_SIZE) + { + MaxDisassmSize = (DWORD)((ULONG_PTR)MemInfo.BaseAddress + (ULONG_PTR)MemInfo.RegionSize - (ULONG_PTR)DisassmAddress - 1); + VirtualQueryEx(GetCurrentProcess(), (LPVOID)((ULONG_PTR)DisassmAddress + (ULONG_PTR)MemInfo.RegionSize), &MemInfo, sizeof MEMORY_BASIC_INFORMATION); + if(MemInfo.State == MEM_COMMIT) + { + MaxDisassmSize = MAXIMUM_INSTRUCTION_SIZE; + } + } + else + { + MaxDisassmSize = MAXIMUM_INSTRUCTION_SIZE; + } + if(ReadProcessMemory(hProcess, (LPVOID)DisassmAddress, ueReadBuffer, MaxDisassmSize, &ueNumberOfBytesRead)) + { + DecodingResult = distorm_decode(NULL, (const unsigned char*)ueReadBuffer, MaxDisassmSize, DecodingType, DecodedInstructions, MAX_DECODE_INSTRUCTIONS, &DecodedInstructionsCount); + VirtualFree(ueReadBuffer, NULL, MEM_RELEASE); + return(DecodedInstructions[0].size); + } + else + { + VirtualFree(ueReadBuffer, NULL, MEM_RELEASE); + return(-1); + } + } + else + { + return(NULL); + } + } + else + { + VirtualFree(ueReadBuffer, NULL, MEM_RELEASE); + return(-1); + } +} +__declspec(dllexport) long TITCALL LengthDisassemble(LPVOID DisassmAddress) +{ + return(LengthDisassembleEx(dbgProcessInformation.hProcess, DisassmAddress)); +} \ No newline at end of file diff --git a/TitanEngine/TitanEngine.Threader.cpp b/TitanEngine/TitanEngine.Threader.cpp index 24bb541..e1437c6 100644 --- a/TitanEngine/TitanEngine.Threader.cpp +++ b/TitanEngine/TitanEngine.Threader.cpp @@ -3,6 +3,7 @@ #include "Global.Handle.h" #include "Global.Engine.h" #include "Global.Threader.h" +#include "Global.Debugger.h" #include // TitanEngine.Threader.functions: diff --git a/TitanEngine/TitanEngine.cpp b/TitanEngine/TitanEngine.cpp index 9073c1c..21cd9df 100644 --- a/TitanEngine/TitanEngine.cpp +++ b/TitanEngine/TitanEngine.cpp @@ -5,8 +5,7 @@ // Global.constants #include "stdafx.h" -// Disassembler.engine -#include "distorm.h" + // Windows libs #include #include @@ -32,6 +31,8 @@ #include "Global.Realigner.h" #include "Global.Engine.Hider.h" #include "Global.Threader.h" +#include "Global.Debugger.h" +#include "Global.Breakpoints.h" #define TE_VER_MAJOR 2 #define TE_VER_MIDDLE 1 @@ -41,17 +42,11 @@ "processorArchitecture='x86' publicKeyToken='6595b64144ccf1df' language='*'\"")*/ // Global.variables: -STARTUPINFOW dbgStartupInfo = {}; + DWORD DBGCode = DBG_CONTINUE; DWORD CurrentExceptionsNumber = 0; -int BreakPointSetCount = 0; -BreakPointDetail BreakPointBuffer[MAXIMUM_BREAKPOINTS] = {}; -BYTE INT3BreakPoint = 0xCC; -BYTE INT3LongBreakPoint[2] = {0xCD, 0x03}; -BYTE UD2BreakPoint[2] = {0x0F, 0x0B}; -CustomHandler myDBGCustomHandler = {}; -PCustomHandler DBGCustomHandler = &myDBGCustomHandler; + DEBUG_EVENT DBGEvent = {}; DEBUG_EVENT TerminateDBGEvent = {}; CONTEXT DBGContext = {}; @@ -84,43 +79,31 @@ IMAGE_TLS_DIRECTORY64 engineBackupTLSDataX64 = {}; bool enginePassAllExceptions = true; -bool engineRemoveConsoleForDebugee = false; -bool engineResetCustomHandler = true; + bool engineExecutePluginCallBack = true; bool engineFileIsBeingDebugged = false; -ULONG_PTR engineReserveModuleBase = NULL; DWORD engineWaitForDebugEventTimeOut = INFINITE; LPVOID engineStepCallBack = NULL; int engineStepCount = INFINITE; bool engineStepActive = false; -bool engineAttachedToProcess = false; bool engineProcessIsNowDetached = false; -ULONG_PTR engineAttachedProcessCallBack = NULL; LPVOID engineAttachedProcessDebugInfo = NULL; bool engineAutoHideFromDebugger = false; -long engineDefaultBreakPointType = UE_BREAKPOINT_INT3; -bool engineDebuggingDLL = false; -wchar_t* engineDebuggingDLLFullFileName; -wchar_t* engineDebuggingDLLFileName; + + //wchar_t* engineDebuggingDLLReserveFileName; -ULONG_PTR engineDebuggingDLLBase = NULL; -unsigned long long engineDebuggingMainModuleBase = NULL; + + ULONG_PTR engineFakeDLLHandle = NULL; -char engineDisassembledInstruction[128]; -ExpertDebug engineExpertDebug = {}; ULONG_PTR engineReservedMemoryLeft[UE_MAX_RESERVED_MEMORY_LEFT]; HANDLE engineReservedMemoryProcess = NULL; void* engineFindOEPCallBack = NULL; void* engineFindOEPUserCallBack = NULL; -ULONG_PTR DebugModuleEntryPoint; -ULONG_PTR DebugModuleImageBase; -LPVOID DebugModuleEntryPointCallBack; -LPVOID DebugExeFileEntryPointCallBack; -wchar_t szBackupDebuggedFileName[512]; + //wchar_t szReserveModuleName[512]; -wchar_t szDebuggerName[512]; + char szParameterString[512]; // Global.Engine.Librarian: LIBRARY_ITEM_DATA LibraryInfoData = {}; @@ -162,1483 +145,6 @@ std::vector hookEntry; #define UE_MODULEx86 0x2000; #define UE_MODULEx64 0x2000; -// Global.Debugger.functions: -long DebugLoopInSecondThread(LPVOID InputParameter) -{ - __try - { - if(InputParameter == NULL) - { - InitDebugExW(engineExpertDebug.szFileName, engineExpertDebug.szCommandLine, engineExpertDebug.szCurrentFolder, engineExpertDebug.EntryCallBack); - } - else - { - InitDLLDebugW(engineExpertDebug.szFileName, engineExpertDebug.ReserveModuleBase, engineExpertDebug.szCommandLine, engineExpertDebug.szCurrentFolder, engineExpertDebug.EntryCallBack); - } - DebugLoop(); - return(NULL); - } - __except(EXCEPTION_EXECUTE_HANDLER) - { - return(-1); - } -} -void DebuggerReset() -{ - - if(engineResetCustomHandler) - { - RtlZeroMemory(&myDBGCustomHandler, sizeof CustomHandler); - } -} -// TitanEngine.Debugger.functions: -__declspec(dllexport) void* TITCALL StaticDisassembleEx(ULONG_PTR DisassmStart, LPVOID DisassmAddress) -{ - _DecodeResult DecodingResult; - _DecodedInst engineDecodedInstructions[MAX_DECODE_INSTRUCTIONS]; - unsigned int DecodedInstructionsCount = 0; -#if !defined(_WIN64) - _DecodeType DecodingType = Decode32Bits; -#else - _DecodeType DecodingType = Decode64Bits; -#endif - MEMORY_BASIC_INFORMATION MemInfo; - DWORD MaxDisassmSize; - - VirtualQueryEx(GetCurrentProcess(), DisassmAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); - if(MemInfo.State == MEM_COMMIT) - { - if((ULONG_PTR)MemInfo.BaseAddress + (ULONG_PTR)MemInfo.RegionSize - (ULONG_PTR)DisassmAddress <= MAXIMUM_INSTRUCTION_SIZE) - { - MaxDisassmSize = (DWORD)((ULONG_PTR)MemInfo.BaseAddress + (ULONG_PTR)MemInfo.RegionSize - (ULONG_PTR)DisassmAddress - 1); - VirtualQueryEx(GetCurrentProcess(), (LPVOID)((ULONG_PTR)DisassmAddress + (ULONG_PTR)MemInfo.RegionSize), &MemInfo, sizeof MEMORY_BASIC_INFORMATION); - if(MemInfo.State == MEM_COMMIT) - { - MaxDisassmSize = MAXIMUM_INSTRUCTION_SIZE; - } - } - else - { - MaxDisassmSize = MAXIMUM_INSTRUCTION_SIZE; - } - DecodingResult = distorm_decode((ULONG_PTR)DisassmStart, (const unsigned char*)DisassmAddress, MaxDisassmSize, DecodingType, engineDecodedInstructions, MAX_DECODE_INSTRUCTIONS, &DecodedInstructionsCount); - RtlZeroMemory(&engineDisassembledInstruction, 128); - lstrcpyA(engineDisassembledInstruction, (LPCSTR)engineDecodedInstructions[0].mnemonic.p); - if(engineDecodedInstructions[0].size != NULL) - { - lstrcatA(engineDisassembledInstruction, " "); - } - lstrcatA(engineDisassembledInstruction, (LPCSTR)engineDecodedInstructions[0].operands.p); - return((char*)engineDisassembledInstruction); - } - else - { - return(NULL); - } -} -__declspec(dllexport) void* TITCALL StaticDisassemble(LPVOID DisassmAddress) -{ - return(StaticDisassembleEx((ULONG_PTR)DisassmAddress, DisassmAddress)); -} -__declspec(dllexport) void* TITCALL DisassembleEx(HANDLE hProcess, LPVOID DisassmAddress, bool ReturnInstructionType) -{ - - _DecodeResult DecodingResult; - _DecodedInst engineDecodedInstructions[MAX_DECODE_INSTRUCTIONS]; - unsigned int DecodedInstructionsCount = 0; -#if !defined(_WIN64) - _DecodeType DecodingType = Decode32Bits; -#else - _DecodeType DecodingType = Decode64Bits; -#endif - ULONG_PTR ueNumberOfBytesRead = 0; - LPVOID ueReadBuffer = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE); - MEMORY_BASIC_INFORMATION MemInfo; - DWORD MaxDisassmSize; - - if(hProcess != NULL) - { - VirtualQueryEx(hProcess, DisassmAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); - if(MemInfo.State == MEM_COMMIT) - { - if((ULONG_PTR)MemInfo.BaseAddress + (ULONG_PTR)MemInfo.RegionSize - (ULONG_PTR)DisassmAddress <= MAXIMUM_INSTRUCTION_SIZE) - { - MaxDisassmSize = (DWORD)((ULONG_PTR)MemInfo.BaseAddress + (ULONG_PTR)MemInfo.RegionSize - (ULONG_PTR)DisassmAddress - 1); - VirtualQueryEx(hProcess, (LPVOID)((ULONG_PTR)DisassmAddress + (ULONG_PTR)MemInfo.RegionSize), &MemInfo, sizeof MEMORY_BASIC_INFORMATION); - if(MemInfo.State == MEM_COMMIT) - { - MaxDisassmSize = MAXIMUM_INSTRUCTION_SIZE; - } - } - else - { - MaxDisassmSize = MAXIMUM_INSTRUCTION_SIZE; - } - bool isbp=false; - if(IsBPXEnabled((ULONG_PTR)DisassmAddress)) - { - isbp=true; - DisableBPX((ULONG_PTR)DisassmAddress); - } - BOOL rpm=ReadProcessMemory(hProcess, (LPVOID)DisassmAddress, ueReadBuffer, MaxDisassmSize, &ueNumberOfBytesRead); - if(isbp) - { - EnableBPX((ULONG_PTR)DisassmAddress); - } - if(rpm) - { - DecodingResult = distorm_decode((ULONG_PTR)DisassmAddress, (const unsigned char*)ueReadBuffer, MaxDisassmSize, DecodingType, engineDecodedInstructions, MAX_DECODE_INSTRUCTIONS, &DecodedInstructionsCount); - VirtualFree(ueReadBuffer, NULL, MEM_RELEASE); - RtlZeroMemory(&engineDisassembledInstruction, 128); - lstrcpyA(engineDisassembledInstruction, (LPCSTR)engineDecodedInstructions[0].mnemonic.p); - if(!ReturnInstructionType) - { - if(engineDecodedInstructions[0].size != NULL) - { - lstrcatA(engineDisassembledInstruction, " "); - } - lstrcatA(engineDisassembledInstruction, (LPCSTR)engineDecodedInstructions[0].operands.p); - } - return((char*)engineDisassembledInstruction); - } - else - { - VirtualFree(ueReadBuffer, NULL, MEM_RELEASE); - return(NULL); - } - } - else - { - return(NULL); - } - } - else - { - VirtualFree(ueReadBuffer, NULL, MEM_RELEASE); - return(NULL); - } -} -__declspec(dllexport) void* TITCALL Disassemble(LPVOID DisassmAddress) -{ - return(DisassembleEx(dbgProcessInformation.hProcess, DisassmAddress, false)); -} -__declspec(dllexport) long TITCALL StaticLengthDisassemble(LPVOID DisassmAddress) -{ - - _DecodeResult DecodingResult; - _DecodedInst DecodedInstructions[MAX_DECODE_INSTRUCTIONS]; - unsigned int DecodedInstructionsCount = 0; -#if !defined(_WIN64) - _DecodeType DecodingType = Decode32Bits; -#else - _DecodeType DecodingType = Decode64Bits; -#endif - MEMORY_BASIC_INFORMATION MemInfo; - DWORD MaxDisassmSize; - - VirtualQueryEx(GetCurrentProcess(), DisassmAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); - if(MemInfo.State == MEM_COMMIT) - { - if((ULONG_PTR)MemInfo.BaseAddress + (ULONG_PTR)MemInfo.RegionSize - (ULONG_PTR)DisassmAddress <= MAXIMUM_INSTRUCTION_SIZE) - { - MaxDisassmSize = (DWORD)((ULONG_PTR)MemInfo.BaseAddress + (ULONG_PTR)MemInfo.RegionSize - (ULONG_PTR)DisassmAddress - 1); - VirtualQueryEx(GetCurrentProcess(), (LPVOID)((ULONG_PTR)DisassmAddress + (ULONG_PTR)MemInfo.RegionSize), &MemInfo, sizeof MEMORY_BASIC_INFORMATION); - if(MemInfo.State == MEM_COMMIT) - { - MaxDisassmSize = MAXIMUM_INSTRUCTION_SIZE; - } - } - else - { - MaxDisassmSize = MAXIMUM_INSTRUCTION_SIZE; - } - DecodingResult = distorm_decode(NULL, (const unsigned char*)DisassmAddress, MaxDisassmSize, DecodingType, DecodedInstructions, MAX_DECODE_INSTRUCTIONS, &DecodedInstructionsCount); - return(DecodedInstructions[0].size); - } - else - { - return(NULL); - } -} -__declspec(dllexport) long TITCALL LengthDisassembleEx(HANDLE hProcess, LPVOID DisassmAddress) -{ - - _DecodeResult DecodingResult; - _DecodedInst DecodedInstructions[MAX_DECODE_INSTRUCTIONS]; - unsigned int DecodedInstructionsCount = 0; -#if !defined(_WIN64) - _DecodeType DecodingType = Decode32Bits; -#else - _DecodeType DecodingType = Decode64Bits; -#endif - ULONG_PTR ueNumberOfBytesRead = 0; - LPVOID ueReadBuffer = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE); - MEMORY_BASIC_INFORMATION MemInfo; - DWORD MaxDisassmSize; - - if(hProcess != NULL) - { - VirtualQueryEx(GetCurrentProcess(), DisassmAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); - if(MemInfo.State == MEM_COMMIT) - { - if((ULONG_PTR)MemInfo.BaseAddress + (ULONG_PTR)MemInfo.RegionSize - (ULONG_PTR)DisassmAddress <= MAXIMUM_INSTRUCTION_SIZE) - { - MaxDisassmSize = (DWORD)((ULONG_PTR)MemInfo.BaseAddress + (ULONG_PTR)MemInfo.RegionSize - (ULONG_PTR)DisassmAddress - 1); - VirtualQueryEx(GetCurrentProcess(), (LPVOID)((ULONG_PTR)DisassmAddress + (ULONG_PTR)MemInfo.RegionSize), &MemInfo, sizeof MEMORY_BASIC_INFORMATION); - if(MemInfo.State == MEM_COMMIT) - { - MaxDisassmSize = MAXIMUM_INSTRUCTION_SIZE; - } - } - else - { - MaxDisassmSize = MAXIMUM_INSTRUCTION_SIZE; - } - if(ReadProcessMemory(hProcess, (LPVOID)DisassmAddress, ueReadBuffer, MaxDisassmSize, &ueNumberOfBytesRead)) - { - DecodingResult = distorm_decode(NULL, (const unsigned char*)ueReadBuffer, MaxDisassmSize, DecodingType, DecodedInstructions, MAX_DECODE_INSTRUCTIONS, &DecodedInstructionsCount); - VirtualFree(ueReadBuffer, NULL, MEM_RELEASE); - return(DecodedInstructions[0].size); - } - else - { - VirtualFree(ueReadBuffer, NULL, MEM_RELEASE); - return(-1); - } - } - else - { - return(NULL); - } - } - else - { - VirtualFree(ueReadBuffer, NULL, MEM_RELEASE); - return(-1); - } -} -__declspec(dllexport) long TITCALL LengthDisassemble(LPVOID DisassmAddress) -{ - return(LengthDisassembleEx(dbgProcessInformation.hProcess, DisassmAddress)); -} -__declspec(dllexport) void* TITCALL InitDebug(char* szFileName, char* szCommandLine, char* szCurrentFolder) -{ - - wchar_t* PtrUniFileName = NULL; - wchar_t uniFileName[MAX_PATH] = {}; - wchar_t* PtrUniCommandLine = NULL; - wchar_t uniCommandLine[MAX_PATH] = {}; - wchar_t* PtrUniCurrentFolder = NULL; - wchar_t uniCurrentFolder[MAX_PATH] = {}; - - if(szFileName != NULL) - { - MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); - MultiByteToWideChar(CP_ACP, NULL, szCommandLine, lstrlenA(szCommandLine)+1, uniCommandLine, sizeof(uniCommandLine)/(sizeof(uniCommandLine[0]))); - MultiByteToWideChar(CP_ACP, NULL, szCurrentFolder, lstrlenA(szCurrentFolder)+1, uniCurrentFolder, sizeof(uniCurrentFolder)/(sizeof(uniCurrentFolder[0]))); - if(szFileName != NULL) - { - PtrUniFileName = &uniFileName[0]; - } - if(szCommandLine != NULL) - { - PtrUniCommandLine = &uniCommandLine[0]; - } - if(szCurrentFolder != NULL) - { - PtrUniCurrentFolder = &uniCurrentFolder[0]; - } - return(InitDebugW(PtrUniFileName, PtrUniCommandLine, PtrUniCurrentFolder)); - } - else - { - return NULL; - } -} -__declspec(dllexport) void* TITCALL InitDebugW(wchar_t* szFileName, wchar_t* szCommandLine, wchar_t* szCurrentFolder) -{ - - wchar_t szCreateWithCmdLine[1024]; - int DebugConsoleFlag = NULL; - - DebuggerReset(); - if(engineRemoveConsoleForDebugee) - { - DebugConsoleFlag = CREATE_NO_WINDOW; - } - BreakPointSetCount = 0; - RtlZeroMemory(&BreakPointBuffer, sizeof BreakPointBuffer); - if(szCommandLine == NULL) - { - if(CreateProcessW(szFileName, NULL, NULL, NULL, false, DEBUG_PROCESS|DEBUG_ONLY_THIS_PROCESS|DebugConsoleFlag|CREATE_NEW_CONSOLE, NULL, szCurrentFolder, &dbgStartupInfo, &dbgProcessInformation)) - { - engineAttachedToProcess = false; - engineAttachedProcessCallBack = NULL; - RtlZeroMemory(&BreakPointBuffer, sizeof BreakPointBuffer); - return(&dbgProcessInformation); - } - else - { - RtlZeroMemory(&dbgProcessInformation,sizeof PROCESS_INFORMATION); - return(0); - } - } - else - { - wsprintfW(szCreateWithCmdLine, L"\"%s\" %s", szFileName, szCommandLine); - if(CreateProcessW(NULL, szCreateWithCmdLine, NULL, NULL, false, DEBUG_PROCESS|DEBUG_ONLY_THIS_PROCESS|DebugConsoleFlag|CREATE_NEW_CONSOLE, NULL, szCurrentFolder, &dbgStartupInfo, &dbgProcessInformation)) - { - engineAttachedToProcess = false; - engineAttachedProcessCallBack = NULL; - RtlZeroMemory(&BreakPointBuffer, sizeof BreakPointBuffer); - return(&dbgProcessInformation); - } - else - { - RtlZeroMemory(&dbgProcessInformation,sizeof PROCESS_INFORMATION); - return(0); - } - } -} -__declspec(dllexport) void* TITCALL InitDebugEx(char* szFileName, char* szCommandLine, char* szCurrentFolder, LPVOID EntryCallBack) -{ - DebugExeFileEntryPointCallBack = EntryCallBack; - return(InitDebug(szFileName, szCommandLine, szCurrentFolder)); -} -__declspec(dllexport) void* TITCALL InitDebugExW(wchar_t* szFileName, wchar_t* szCommandLine, wchar_t* szCurrentFolder, LPVOID EntryCallBack) -{ - DebugExeFileEntryPointCallBack = EntryCallBack; - return(InitDebugW(szFileName, szCommandLine, szCurrentFolder)); -} -__declspec(dllexport) void* TITCALL InitDLLDebug(char* szFileName, bool ReserveModuleBase, char* szCommandLine, char* szCurrentFolder, LPVOID EntryCallBack) -{ - - wchar_t* PtrUniFileName = NULL; - wchar_t uniFileName[MAX_PATH] = {}; - wchar_t* PtrUniCommandLine = NULL; - wchar_t uniCommandLine[MAX_PATH] = {}; - wchar_t* PtrUniCurrentFolder = NULL; - wchar_t uniCurrentFolder[MAX_PATH] = {}; - - if(szFileName != NULL) - { - MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); - MultiByteToWideChar(CP_ACP, NULL, szCommandLine, lstrlenA(szCommandLine)+1, uniCommandLine, sizeof(uniCommandLine)/(sizeof(uniCommandLine[0]))); - MultiByteToWideChar(CP_ACP, NULL, szCurrentFolder, lstrlenA(szCurrentFolder)+1, uniCurrentFolder, sizeof(uniCurrentFolder)/(sizeof(uniCurrentFolder[0]))); - if(szFileName != NULL) - { - PtrUniFileName = &uniFileName[0]; - } - if(szCommandLine != NULL) - { - PtrUniCommandLine = &uniCommandLine[0]; - } - if(szCurrentFolder != NULL) - { - PtrUniCurrentFolder = &uniCurrentFolder[0]; - } - return(InitDLLDebugW(PtrUniFileName, ReserveModuleBase, PtrUniCommandLine, PtrUniCurrentFolder, EntryCallBack)); - } - else - { - return NULL; - } -} -__declspec(dllexport) void* TITCALL InitDLLDebugW(wchar_t* szFileName, bool ReserveModuleBase, wchar_t* szCommandLine, wchar_t* szCurrentFolder, LPVOID EntryCallBack) -{ - - int i = NULL; - int j = NULL; - bool ReturnData = false; - engineReserveModuleBase = NULL; - - RtlZeroMemory(&szDebuggerName, sizeof szDebuggerName); - if(lstrlenW(szFileName) < 512) - { - RtlZeroMemory(&szBackupDebuggedFileName, sizeof szBackupDebuggedFileName); - lstrcpyW(szBackupDebuggedFileName, szFileName); - szFileName = &szBackupDebuggedFileName[0]; - } - lstrcpyW(szDebuggerName, szFileName); - i = lstrlenW(szDebuggerName); - while(szDebuggerName[i] != 0x5C && i >= NULL) - { - i--; - } - if(i > NULL) - { - szDebuggerName[i+1] = 0x00; -#ifdef _WIN64 - lstrcpyW(szDebuggerName, L"DLLLoader64.exe"); -#else - lstrcpyW(szDebuggerName, L"DLLLoader32.exe"); -#endif - } - else - { -#ifdef _WIN64 - lstrcpyW(szDebuggerName, L"DLLLoader64.exe"); -#else - lstrcpyW(szDebuggerName, L"DLLLoader32.exe"); -#endif - } - //RtlZeroMemory(&szReserveModuleName, sizeof szReserveModuleName); - //lstrcpyW(szReserveModuleName, szFileName); - //lstrcatW(szReserveModuleName, L".module"); -#if defined(_WIN64) - ReturnData = EngineExtractResource("LOADERx64", szDebuggerName); - /*if(ReserveModuleBase) - { - EngineExtractResource("MODULEx64", szReserveModuleName); - }*/ -#else - ReturnData = EngineExtractResource("LOADERx86", szDebuggerName); - /*if(ReserveModuleBase) - { - EngineExtractResource("MODULEx86", szReserveModuleName); - }*/ -#endif - if(ReturnData) - { - engineDebuggingDLL = true; - i = lstrlenW(szFileName); - while(szFileName[i] != 0x5C && i >= NULL) - { - i--; - } - /*j = lstrlenW(szReserveModuleName); - while(szReserveModuleName[j] != 0x5C && j >= NULL) - { - j--; - }*/ - engineDebuggingDLLBase = NULL; - engineDebuggingMainModuleBase = NULL; - engineDebuggingDLLFullFileName = szFileName; - engineDebuggingDLLFileName = &szFileName[i+1]; - //engineDebuggingDLLReserveFileName = &szReserveModuleName[j+1]; - DebugModuleImageBase = (ULONG_PTR)GetPE32DataW(szFileName, NULL, UE_IMAGEBASE); - engineReserveModuleBase = DebugModuleImageBase; - DebugModuleEntryPoint = (ULONG_PTR)GetPE32DataW(szFileName, NULL, UE_OEP); - DebugModuleEntryPointCallBack = EntryCallBack; - /*if(ReserveModuleBase) - { - RelocaterChangeFileBaseW(szReserveModuleName, DebugModuleImageBase); - }*/ - return(InitDebugW(szDebuggerName, szCommandLine, szCurrentFolder)); - } - else - { - return(NULL); - } - return(NULL); -} -__declspec(dllexport) bool TITCALL StopDebug() -{ - if(dbgProcessInformation.hProcess != NULL) - { - TerminateThread(dbgProcessInformation.hThread, NULL); - TerminateProcess(dbgProcessInformation.hProcess, NULL); - return(true); - } - else - { - return(false); - } -} -__declspec(dllexport) void TITCALL SetBPXOptions(long DefaultBreakPointType) -{ - engineDefaultBreakPointType = DefaultBreakPointType; -} -__declspec(dllexport) bool TITCALL IsBPXEnabled(ULONG_PTR bpxAddress) -{ - - int i; - ULONG_PTR NumberOfBytesReadWritten = 0; - DWORD MaximumBreakPoints = 0; - BYTE ReadData[10] = {}; - - for(i = 0; i < BreakPointSetCount; i++) - { - if(BreakPointBuffer[i].BreakPointAddress == bpxAddress) - { - if(BreakPointBuffer[i].BreakPointActive != UE_BPXINACTIVE && BreakPointBuffer[i].BreakPointActive != UE_BPXREMOVED) - { - if(ReadProcessMemory(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, &ReadData[0], UE_MAX_BREAKPOINT_SIZE, &NumberOfBytesReadWritten)) - { - if(BreakPointBuffer[i].AdvancedBreakPointType == UE_BREAKPOINT_INT3 && ReadData[0] == INT3BreakPoint) - { - return(true); - } - else if(BreakPointBuffer[i].AdvancedBreakPointType == UE_BREAKPOINT_LONG_INT3 && ReadData[0] == INT3LongBreakPoint[0] && ReadData[1] == INT3LongBreakPoint[1]) - { - return(true); - } - else if(BreakPointBuffer[i].AdvancedBreakPointType == UE_BREAKPOINT_UD2 && ReadData[0] == UD2BreakPoint[0] && ReadData[1] == UD2BreakPoint[1]) - { - return(true); - } - else - { - return(false); - } - } - else - { - return(false); - } - } - else - { - return(false); - } - } - } - return(false); -} -__declspec(dllexport) bool TITCALL EnableBPX(ULONG_PTR bpxAddress) -{ - - int i; - MEMORY_BASIC_INFORMATION MemInfo; - ULONG_PTR NumberOfBytesReadWritten = 0; - DWORD MaximumBreakPoints = 0; - bool testWrite = false; - DWORD OldProtect; - - for(i = 0; i < BreakPointSetCount; i++) - { - if(BreakPointBuffer[i].BreakPointAddress == bpxAddress) - { - VirtualQueryEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); - OldProtect = MemInfo.Protect; - VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, PAGE_EXECUTE_READWRITE, &OldProtect); - if(BreakPointBuffer[i].BreakPointActive == UE_BPXINACTIVE && (BreakPointBuffer[i].BreakPointType == UE_BREAKPOINT || BreakPointBuffer[i].BreakPointType == UE_SINGLESHOOT)) - { - if(BreakPointBuffer[i].AdvancedBreakPointType == UE_BREAKPOINT_INT3) - { - if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, &INT3BreakPoint, 1, &NumberOfBytesReadWritten)) - { - testWrite = true; - } - } - else if(BreakPointBuffer[i].AdvancedBreakPointType == UE_BREAKPOINT_LONG_INT3) - { - if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, &INT3LongBreakPoint, 2, &NumberOfBytesReadWritten)) - { - testWrite = true; - } - } - else if(BreakPointBuffer[i].AdvancedBreakPointType == UE_BREAKPOINT_UD2) - { - if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, &UD2BreakPoint, 2, &NumberOfBytesReadWritten)) - { - testWrite = true; - } - } - if(testWrite) - { - BreakPointBuffer[i].BreakPointActive = UE_BPXACTIVE; - VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, OldProtect, &OldProtect); - return(true); - } - else - { - VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, OldProtect, &OldProtect); - return(false); - } - } - else - { - VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, OldProtect, &OldProtect); - return(false); - } - } - } - return(false); -} -__declspec(dllexport) bool TITCALL DisableBPX(ULONG_PTR bpxAddress) -{ - - int i; - MEMORY_BASIC_INFORMATION MemInfo; - ULONG_PTR NumberOfBytesReadWritten = 0; - DWORD MaximumBreakPoints = 0; - DWORD OldProtect; - - for(i = 0; i < BreakPointSetCount; i++) - { - if(BreakPointBuffer[i].BreakPointAddress == bpxAddress) - { - VirtualQueryEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); - OldProtect = MemInfo.Protect; - VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, PAGE_EXECUTE_READWRITE, &OldProtect); - if(BreakPointBuffer[i].BreakPointActive == UE_BPXACTIVE && (BreakPointBuffer[i].BreakPointType == UE_BREAKPOINT || BreakPointBuffer[i].BreakPointType == UE_SINGLESHOOT)) - { - if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, &BreakPointBuffer[i].OriginalByte[0], BreakPointBuffer[i].BreakPointSize, &NumberOfBytesReadWritten)) - { - BreakPointBuffer[i].BreakPointActive = UE_BPXINACTIVE; - VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, OldProtect, &OldProtect); - return(true); - } - else - { - VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, OldProtect, &OldProtect); - return(false); - } - } - else - { - VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, OldProtect, &OldProtect); - return(false); - } - } - } - return(false); -} -__declspec(dllexport) bool TITCALL SetBPX(ULONG_PTR bpxAddress, DWORD bpxType, LPVOID bpxCallBack) -{ - - int i = 0; - int j = -1; - void* bpxDataPrt; - PMEMORY_COMPARE_HANDLER bpxDataCmpPtr; - MEMORY_BASIC_INFORMATION MemInfo; - ULONG_PTR NumberOfBytesReadWritten = 0; - BYTE SelectedBreakPointType; - DWORD checkBpxType; - DWORD OldProtect; - - if(bpxCallBack == NULL) - { - return(false); - } - for(i = 0; i < BreakPointSetCount; i++) - { - if(BreakPointBuffer[i].BreakPointAddress == bpxAddress && BreakPointBuffer[i].BreakPointActive == UE_BPXACTIVE && (BreakPointBuffer[i].BreakPointType == UE_SINGLESHOOT || BreakPointBuffer[i].BreakPointType == UE_BREAKPOINT)) - { - return(false); - } - else if(BreakPointBuffer[i].BreakPointAddress == bpxAddress && BreakPointBuffer[i].BreakPointActive == UE_BPXINACTIVE && (BreakPointBuffer[i].BreakPointType == UE_SINGLESHOOT || BreakPointBuffer[i].BreakPointType == UE_BREAKPOINT)) - { - return(EnableBPX(bpxAddress)); - } - else if(j == -1 && BreakPointBuffer[i].BreakPointActive == UE_BPXREMOVED) - { - j = i; - } - } - if(j == -1) - { - BreakPointSetCount++; - } - else - { - i = j; - } - if(i < MAXIMUM_BREAKPOINTS) - { - RtlZeroMemory(&BreakPointBuffer[i], sizeof BreakPointDetail); - if(bpxType < UE_BREAKPOINT_TYPE_INT3) - { - if(engineDefaultBreakPointType == UE_BREAKPOINT_INT3) - { - SelectedBreakPointType = UE_BREAKPOINT_INT3; - BreakPointBuffer[i].BreakPointSize = 1; - bpxDataPrt = &INT3BreakPoint; - } - else if(engineDefaultBreakPointType == UE_BREAKPOINT_LONG_INT3) - { - SelectedBreakPointType = UE_BREAKPOINT_LONG_INT3; - BreakPointBuffer[i].BreakPointSize = 2; - bpxDataPrt = &INT3LongBreakPoint; - } - else if(engineDefaultBreakPointType == UE_BREAKPOINT_UD2) - { - SelectedBreakPointType = UE_BREAKPOINT_UD2; - BreakPointBuffer[i].BreakPointSize = 2; - bpxDataPrt = &UD2BreakPoint; - } - } - else - { - checkBpxType = bpxType >> 24; - checkBpxType = checkBpxType << 24; - if(checkBpxType == UE_BREAKPOINT_TYPE_INT3) - { - SelectedBreakPointType = UE_BREAKPOINT_INT3; - BreakPointBuffer[i].BreakPointSize = 1; - bpxDataPrt = &INT3BreakPoint; - } - else if(checkBpxType == UE_BREAKPOINT_TYPE_LONG_INT3) - { - SelectedBreakPointType = UE_BREAKPOINT_LONG_INT3; - BreakPointBuffer[i].BreakPointSize = 2; - bpxDataPrt = &INT3LongBreakPoint; - } - else if(checkBpxType == UE_BREAKPOINT_TYPE_UD2) - { - SelectedBreakPointType = UE_BREAKPOINT_UD2; - BreakPointBuffer[i].BreakPointSize = 2; - bpxDataPrt = &UD2BreakPoint; - } - } - bpxDataCmpPtr = (PMEMORY_COMPARE_HANDLER)bpxDataPrt; - VirtualQueryEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); - OldProtect = MemInfo.Protect; - VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, PAGE_EXECUTE_READWRITE, &OldProtect); - if(ReadProcessMemory(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, &BreakPointBuffer[i].OriginalByte[0], BreakPointBuffer[i].BreakPointSize, &NumberOfBytesReadWritten)) - { - /*if(BreakPointBuffer[i].OriginalByte[0] != bpxDataCmpPtr->Array.bArrayEntry[0]) - {*/ - if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, bpxDataPrt, BreakPointBuffer[i].BreakPointSize, &NumberOfBytesReadWritten)) - { - BreakPointBuffer[i].AdvancedBreakPointType = (BYTE)SelectedBreakPointType; - BreakPointBuffer[i].BreakPointActive = UE_BPXACTIVE; - BreakPointBuffer[i].BreakPointAddress = bpxAddress; - BreakPointBuffer[i].BreakPointType = (BYTE)bpxType; - BreakPointBuffer[i].NumberOfExecutions = -1; - BreakPointBuffer[i].ExecuteCallBack = (ULONG_PTR)bpxCallBack; - VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, OldProtect, &OldProtect); - return(true); - } - else - { - VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, OldProtect, &OldProtect); - return(false); - } - /*} - else - { - VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, OldProtect, &OldProtect); - return(false); - }*/ - } - else - { - VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, OldProtect, &OldProtect); - return(false); - } - } - else - { - BreakPointSetCount--; - return(false); - } -} -__declspec(dllexport) bool TITCALL SetBPXEx(ULONG_PTR bpxAddress, DWORD bpxType, DWORD NumberOfExecution, DWORD CmpRegister, DWORD CmpCondition, ULONG_PTR CmpValue, LPVOID bpxCallBack, LPVOID bpxCompareCallBack, LPVOID bpxRemoveCallBack) -{ - - int i = 0; - int j = -1; - void* bpxDataPrt; - PMEMORY_COMPARE_HANDLER bpxDataCmpPtr; - MEMORY_BASIC_INFORMATION MemInfo; - ULONG_PTR NumberOfBytesReadWritten = 0; - BYTE SelectedBreakPointType; - DWORD checkBpxType; - DWORD OldProtect; - - if(bpxCallBack == NULL) - { - return(false); - } - for(i = 0; i < BreakPointSetCount; i++) - { - if(BreakPointBuffer[i].BreakPointAddress == bpxAddress && BreakPointBuffer[i].BreakPointActive == UE_BPXACTIVE) - { - return(true); - } - else if(BreakPointBuffer[i].BreakPointAddress == bpxAddress && BreakPointBuffer[i].BreakPointActive == UE_BPXINACTIVE) - { - return(EnableBPX(bpxAddress)); - } - else if(j == -1 && BreakPointBuffer[i].BreakPointActive == UE_BPXREMOVED) - { - j = i; - } - } - if(j == -1) - { - BreakPointSetCount++; - } - else - { - i = j; - } - if(i < MAXIMUM_BREAKPOINTS) - { - RtlZeroMemory(&BreakPointBuffer[i], sizeof BreakPointDetail); - if(bpxType < UE_BREAKPOINT_TYPE_INT3) - { - if(engineDefaultBreakPointType == UE_BREAKPOINT_INT3) - { - SelectedBreakPointType = UE_BREAKPOINT_INT3; - BreakPointBuffer[i].BreakPointSize = 1; - bpxDataPrt = &INT3BreakPoint; - } - else if(engineDefaultBreakPointType == UE_BREAKPOINT_LONG_INT3) - { - SelectedBreakPointType = UE_BREAKPOINT_LONG_INT3; - BreakPointBuffer[i].BreakPointSize = 2; - bpxDataPrt = &INT3LongBreakPoint; - } - else if(engineDefaultBreakPointType == UE_BREAKPOINT_UD2) - { - SelectedBreakPointType = UE_BREAKPOINT_UD2; - BreakPointBuffer[i].BreakPointSize = 2; - bpxDataPrt = &UD2BreakPoint; - } - } - else - { - checkBpxType = bpxType >> 24; - checkBpxType = checkBpxType << 24; - if(checkBpxType == UE_BREAKPOINT_TYPE_INT3) - { - SelectedBreakPointType = UE_BREAKPOINT_INT3; - BreakPointBuffer[i].BreakPointSize = 1; - bpxDataPrt = &INT3BreakPoint; - } - else if(checkBpxType == UE_BREAKPOINT_TYPE_LONG_INT3) - { - SelectedBreakPointType = UE_BREAKPOINT_LONG_INT3; - BreakPointBuffer[i].BreakPointSize = 2; - bpxDataPrt = &INT3LongBreakPoint; - } - else if(checkBpxType == UE_BREAKPOINT_TYPE_UD2) - { - SelectedBreakPointType = UE_BREAKPOINT_UD2; - BreakPointBuffer[i].BreakPointSize = 2; - bpxDataPrt = &UD2BreakPoint; - } - } - bpxDataCmpPtr = (PMEMORY_COMPARE_HANDLER)bpxDataPrt; - VirtualQueryEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); - OldProtect = MemInfo.Protect; - VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, PAGE_EXECUTE_READWRITE, &OldProtect); - if(ReadProcessMemory(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, &BreakPointBuffer[i].OriginalByte[0], BreakPointBuffer[i].BreakPointSize, &NumberOfBytesReadWritten)) - { - /*if(BreakPointBuffer[i].OriginalByte[0] != bpxDataCmpPtr->Array.bArrayEntry[0]) - {*/ - if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, bpxDataPrt, BreakPointBuffer[i].BreakPointSize, &NumberOfBytesReadWritten)) - { - BreakPointBuffer[i].AdvancedBreakPointType = (BYTE)SelectedBreakPointType; - BreakPointBuffer[i].BreakPointActive = UE_BPXACTIVE; - BreakPointBuffer[i].BreakPointAddress = bpxAddress; - BreakPointBuffer[i].BreakPointType = (BYTE)bpxType; - BreakPointBuffer[i].NumberOfExecutions = NumberOfExecution; - BreakPointBuffer[i].CmpRegister = CmpRegister; - BreakPointBuffer[i].CmpCondition = (BYTE)CmpCondition; - BreakPointBuffer[i].CmpValue = CmpValue; - BreakPointBuffer[i].ExecuteCallBack = (ULONG_PTR)bpxCallBack; - BreakPointBuffer[i].RemoveCallBack = (ULONG_PTR)bpxRemoveCallBack; - BreakPointBuffer[i].CompareCallBack = (ULONG_PTR)bpxCompareCallBack; - VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, OldProtect, &OldProtect); - return(true); - } - else - { - VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, OldProtect, &OldProtect); - return(false); - } - /*} - else - { - VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, OldProtect, &OldProtect); - return(false); - }*/ - } - else - { - VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, OldProtect, &OldProtect); - return(false); - } - } - else - { - BreakPointSetCount--; - return(false); - } -} -__declspec(dllexport) bool TITCALL DeleteBPX(ULONG_PTR bpxAddress) -{ - - int i; - typedef void(TITCALL *fCustomBreakPoint)(void* myBreakPointAddress); - fCustomBreakPoint myCustomBreakPoint; - MEMORY_BASIC_INFORMATION MemInfo; - ULONG_PTR NumberOfBytesReadWritten = 0; - DWORD OldProtect; - - for(i = 0; i < BreakPointSetCount; i++) - { - if(BreakPointBuffer[i].BreakPointAddress == bpxAddress) - { - if(i - 1 == BreakPointSetCount) - { - BreakPointSetCount--; - } - break; - } - } - if(BreakPointBuffer[i].BreakPointAddress == bpxAddress) - { - VirtualQueryEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); - OldProtect = MemInfo.Protect; - VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, PAGE_EXECUTE_READWRITE, &OldProtect); - if(BreakPointBuffer[i].BreakPointType == UE_BREAKPOINT || BreakPointBuffer[i].BreakPointType == UE_SINGLESHOOT) - { - if(BreakPointBuffer[i].BreakPointActive == UE_BPXACTIVE) - { - if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, &BreakPointBuffer[i].OriginalByte[0], BreakPointBuffer[i].BreakPointSize, &NumberOfBytesReadWritten)) - { - VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, OldProtect, &OldProtect); - if(BreakPointBuffer[i].RemoveCallBack != NULL) - { - __try - { - myCustomBreakPoint = (fCustomBreakPoint)((LPVOID)BreakPointBuffer[i].RemoveCallBack); - myCustomBreakPoint((void*)BreakPointBuffer[i].BreakPointAddress); - RtlZeroMemory(&BreakPointBuffer[i], sizeof BreakPointDetail); - } - __except(EXCEPTION_EXECUTE_HANDLER) - { - RtlZeroMemory(&BreakPointBuffer[i], sizeof BreakPointDetail); - return(true); - } - } - else - { - RtlZeroMemory(&BreakPointBuffer[i], sizeof BreakPointDetail); - } - return(true); - } - else - { - VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, OldProtect, &OldProtect); - return(false); - } - } - else - { - RtlZeroMemory(&BreakPointBuffer[i], sizeof BreakPointDetail); - return(true); - } - } - else - { - VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, OldProtect, &OldProtect); - return(false); - } - } - else - { - return(false); - } -} -__declspec(dllexport) bool TITCALL SafeDeleteBPX(ULONG_PTR bpxAddress) -{ - return(DeleteBPX(bpxAddress)); -} -__declspec(dllexport) bool TITCALL SetAPIBreakPoint(char* szDLLName, char* szAPIName, DWORD bpxType, DWORD bpxPlace, LPVOID bpxCallBack) -{ - - BYTE ReadByte = NULL; - HMODULE hModule = NULL; - DWORD ReadMemSize = NULL; - ULONG_PTR APIAddress = NULL; - ULONG_PTR tryAPIAddress = NULL; - ULONG_PTR QueryAPIAddress = NULL; - int i = MAX_RET_SEARCH_INSTRUCTIONS; - ULONG_PTR ueNumberOfReadWrite = NULL; - int currentInstructionLen = NULL; - bool ModuleLoaded = false; - void* CmdBuffer = NULL; - bool RemovedBpx = false; - - if(szDLLName != NULL && szAPIName != NULL) - { - hModule = GetModuleHandleA(szDLLName); - if(hModule == NULL) - { - if(engineAlowModuleLoading) - { - hModule = LoadLibraryA(szDLLName); - ModuleLoaded = true; - } - else - { - ReadMemSize = MAX_RET_SEARCH_INSTRUCTIONS * MAXIMUM_INSTRUCTION_SIZE; - APIAddress = (ULONG_PTR)EngineGlobalAPIHandler(dbgProcessInformation.hProcess, NULL, NULL, szAPIName, UE_OPTION_IMPORTER_RETURN_APIADDRESS); - if(APIAddress != NULL) - { - CmdBuffer = VirtualAlloc(NULL, ReadMemSize, MEM_COMMIT, PAGE_READWRITE); - while(ReadProcessMemory(dbgProcessInformation.hProcess, (void*)APIAddress, CmdBuffer, ReadMemSize, &ueNumberOfReadWrite) == false && ReadMemSize > NULL) - { - ReadMemSize = ReadMemSize - (MAXIMUM_INSTRUCTION_SIZE * 10); - } - if(ReadMemSize == NULL) - { - VirtualFree(CmdBuffer, NULL, MEM_RELEASE); - APIAddress = NULL; - } - else - { - tryAPIAddress = (ULONG_PTR)CmdBuffer; - } - } - } - } - if(hModule != NULL || APIAddress != NULL) - { - if(hModule != NULL) - { - APIAddress = (ULONG_PTR)GetProcAddress(hModule, szAPIName); - } - if(bpxPlace == UE_APIEND) - { - if(tryAPIAddress == NULL) - { - tryAPIAddress = APIAddress; - } - QueryAPIAddress = APIAddress; - RtlMoveMemory(&ReadByte, (LPVOID)tryAPIAddress, 1); - while(i > 0 && ReadByte != 0xC3 && ReadByte != 0xC2) - { - if(engineAlowModuleLoading == false && CmdBuffer != NULL) - { - if(IsBPXEnabled(QueryAPIAddress)) - { - DisableBPX(QueryAPIAddress); - ReadProcessMemory(dbgProcessInformation.hProcess, (void*)APIAddress, CmdBuffer, ReadMemSize, &ueNumberOfReadWrite); - RemovedBpx = true; - } - } - currentInstructionLen = StaticLengthDisassemble((LPVOID)tryAPIAddress); - tryAPIAddress = tryAPIAddress + currentInstructionLen; - RtlMoveMemory(&ReadByte, (LPVOID)tryAPIAddress, 1); - QueryAPIAddress = QueryAPIAddress + currentInstructionLen; - if(!engineAlowModuleLoading) - { - if(RemovedBpx) - { - EnableBPX(QueryAPIAddress - currentInstructionLen); - } - } - RemovedBpx = false; - i--; - } - if(i != NULL) - { - if((engineAlowModuleLoading == true && ModuleLoaded == true) || (engineAlowModuleLoading == true && ModuleLoaded == false)) - { - APIAddress = tryAPIAddress; - } - else if(!engineAlowModuleLoading) - { - if(CmdBuffer != NULL) - { - APIAddress = tryAPIAddress - (ULONG_PTR)CmdBuffer + APIAddress; - } - else - { - APIAddress = tryAPIAddress; - } - } - } - else - { - if(ModuleLoaded) - { - FreeLibrary(hModule); - } - if(CmdBuffer != NULL) - { - VirtualFree(CmdBuffer, NULL, MEM_RELEASE); - } - return(false); - } - } - if(engineAlowModuleLoading) - { - APIAddress = (ULONG_PTR)EngineGlobalAPIHandler(dbgProcessInformation.hProcess, NULL, APIAddress, NULL, UE_OPTION_IMPORTER_REALIGN_APIADDRESS); - if(ModuleLoaded) - { - FreeLibrary(hModule); - } - } - else - { - if(CmdBuffer != NULL) - { - VirtualFree(CmdBuffer, NULL, MEM_RELEASE); - } - } - return(SetBPX(APIAddress, bpxType, bpxCallBack)); - } - else - { - if(engineAlowModuleLoading) - { - if(ModuleLoaded) - { - FreeLibrary(hModule); - } - } - else - { - if(CmdBuffer != NULL) - { - VirtualFree(CmdBuffer, NULL, MEM_RELEASE); - } - } - return(false); - } - } - else - { - return(false); - } - return(false); -} -__declspec(dllexport) bool TITCALL DeleteAPIBreakPoint(char* szDLLName, char* szAPIName, DWORD bpxPlace) -{ - - BYTE ReadByte = NULL; - HMODULE hModule = NULL; - DWORD ReadMemSize = NULL; - ULONG_PTR APIAddress = NULL; - ULONG_PTR tryAPIAddress = NULL; - ULONG_PTR QueryAPIAddress = NULL; - int i = MAX_RET_SEARCH_INSTRUCTIONS; - ULONG_PTR ueNumberOfReadWrite = NULL; - int currentInstructionLen = NULL; - bool ModuleLoaded = false; - void* CmdBuffer = NULL; - bool RemovedBpx = false; - - if(szDLLName != NULL && szAPIName != NULL) - { - hModule = GetModuleHandleA(szDLLName); - if(hModule == NULL) - { - if(engineAlowModuleLoading) - { - hModule = LoadLibraryA(szDLLName); - ModuleLoaded = true; - } - else - { - ReadMemSize = MAX_RET_SEARCH_INSTRUCTIONS * MAXIMUM_INSTRUCTION_SIZE; - APIAddress = (ULONG_PTR)EngineGlobalAPIHandler(dbgProcessInformation.hProcess, NULL, NULL, szAPIName, UE_OPTION_IMPORTER_RETURN_APIADDRESS); - if(APIAddress != NULL) - { - CmdBuffer = VirtualAlloc(NULL, ReadMemSize, MEM_COMMIT, PAGE_READWRITE); - while(ReadProcessMemory(dbgProcessInformation.hProcess, (void*)APIAddress, CmdBuffer, ReadMemSize, &ueNumberOfReadWrite) == false && ReadMemSize > NULL) - { - ReadMemSize = ReadMemSize - (MAXIMUM_INSTRUCTION_SIZE * 10); - } - if(ReadMemSize == NULL) - { - VirtualFree(CmdBuffer, NULL, MEM_RELEASE); - APIAddress = NULL; - } - else - { - tryAPIAddress = (ULONG_PTR)CmdBuffer; - } - } - } - } - if(hModule != NULL || APIAddress != NULL) - { - if(hModule != NULL) - { - APIAddress = (ULONG_PTR)GetProcAddress(hModule, szAPIName); - } - if(bpxPlace == UE_APIEND) - { - if(tryAPIAddress == NULL) - { - tryAPIAddress = APIAddress; - } - QueryAPIAddress = APIAddress; - RtlMoveMemory(&ReadByte, (LPVOID)tryAPIAddress, 1); - while(i > 0 && ReadByte != 0xC3 && ReadByte != 0xC2) - { - if(engineAlowModuleLoading == false && CmdBuffer != NULL) - { - if(IsBPXEnabled(QueryAPIAddress)) - { - DisableBPX(QueryAPIAddress); - ReadProcessMemory(dbgProcessInformation.hProcess, (void*)APIAddress, CmdBuffer, ReadMemSize, &ueNumberOfReadWrite); - RemovedBpx = true; - } - } - currentInstructionLen = StaticLengthDisassemble((LPVOID)tryAPIAddress); - tryAPIAddress = tryAPIAddress + currentInstructionLen; - RtlMoveMemory(&ReadByte, (LPVOID)tryAPIAddress, 1); - QueryAPIAddress = QueryAPIAddress + currentInstructionLen; - if(!engineAlowModuleLoading) - { - if(RemovedBpx) - { - EnableBPX(QueryAPIAddress - currentInstructionLen); - } - } - RemovedBpx = false; - i--; - } - if(i != NULL) - { - if((engineAlowModuleLoading == true && ModuleLoaded == true) || (engineAlowModuleLoading == true && ModuleLoaded == false)) - { - APIAddress = tryAPIAddress; - } - else if(!engineAlowModuleLoading) - { - if(CmdBuffer != NULL) - { - APIAddress = tryAPIAddress - (ULONG_PTR)CmdBuffer + APIAddress; - } - else - { - APIAddress = tryAPIAddress; - } - } - } - else - { - if(ModuleLoaded) - { - FreeLibrary(hModule); - } - if(CmdBuffer != NULL) - { - VirtualFree(CmdBuffer, NULL, MEM_RELEASE); - } - return(false); - } - } - if(engineAlowModuleLoading) - { - APIAddress = (ULONG_PTR)EngineGlobalAPIHandler(dbgProcessInformation.hProcess, NULL, APIAddress, NULL, UE_OPTION_IMPORTER_REALIGN_APIADDRESS); - if(ModuleLoaded) - { - FreeLibrary(hModule); - } - } - else - { - if(CmdBuffer != NULL) - { - VirtualFree(CmdBuffer, NULL, MEM_RELEASE); - } - } - return(DeleteBPX(APIAddress)); - } - else - { - if(engineAlowModuleLoading) - { - if(ModuleLoaded) - { - FreeLibrary(hModule); - } - } - else - { - if(CmdBuffer != NULL) - { - VirtualFree(CmdBuffer, NULL, MEM_RELEASE); - } - } - return(false); - } - } - else - { - return(false); - } - return(false); -} -__declspec(dllexport) bool TITCALL SafeDeleteAPIBreakPoint(char* szDLLName, char* szAPIName, DWORD bpxPlace) -{ - return(DeleteAPIBreakPoint(szDLLName, szAPIName, bpxPlace)); -} -__declspec(dllexport) bool TITCALL SetMemoryBPX(ULONG_PTR MemoryStart, SIZE_T SizeOfMemory, LPVOID bpxCallBack) -{ - int i = 0; - int j = -1; - MEMORY_BASIC_INFORMATION MemInfo; - ULONG_PTR NumberOfBytesReadWritten = 0; - DWORD NewProtect = 0; - DWORD OldProtect = 0; - - for(i = 0; i < BreakPointSetCount; i++) - { - if(BreakPointBuffer[i].BreakPointAddress == MemoryStart) - { - if(BreakPointBuffer[i].BreakPointActive == UE_BPXACTIVE) - { - RemoveMemoryBPX(BreakPointBuffer[i].BreakPointAddress, BreakPointBuffer[i].BreakPointSize); - } - j = i; - break; - } - else if(j == -1 && BreakPointBuffer[i].BreakPointActive == UE_BPXREMOVED) - { - j = i; - } - } - if(BreakPointBuffer[i].BreakPointAddress != MemoryStart) - { - if(j != -1) - { - i = j; - } - else - { - BreakPointSetCount++; - } - } - if(i < MAXIMUM_BREAKPOINTS) - { - RtlZeroMemory(&BreakPointBuffer[i], sizeof BreakPointDetail); - VirtualQueryEx(dbgProcessInformation.hProcess, (LPVOID)MemoryStart, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); - OldProtect = MemInfo.Protect; - if(!(OldProtect & PAGE_GUARD)) - { - NewProtect = OldProtect ^ PAGE_GUARD; - VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)MemoryStart, SizeOfMemory, NewProtect, &OldProtect); - BreakPointBuffer[i].BreakPointActive = UE_BPXACTIVE; - BreakPointBuffer[i].BreakPointAddress = MemoryStart; - BreakPointBuffer[i].BreakPointType = UE_MEMORY; - BreakPointBuffer[i].BreakPointSize = SizeOfMemory; - BreakPointBuffer[i].NumberOfExecutions = -1; - BreakPointBuffer[i].ExecuteCallBack = (ULONG_PTR)bpxCallBack; - } - return(true); - } - else - { - return(false); - } -} -__declspec(dllexport) bool TITCALL SetMemoryBPXEx(ULONG_PTR MemoryStart, SIZE_T SizeOfMemory, DWORD BreakPointType, bool RestoreOnHit, LPVOID bpxCallBack) -{ - - int i = 0; - int j = -1; - MEMORY_BASIC_INFORMATION MemInfo; - ULONG_PTR NumberOfBytesReadWritten = 0; - DWORD NewProtect = 0; - DWORD OldProtect = 0; - - for(i = 0; i < BreakPointSetCount; i++) - { - if(BreakPointBuffer[i].BreakPointAddress == MemoryStart) - { - if(BreakPointBuffer[i].BreakPointActive == UE_BPXACTIVE) - { - RemoveMemoryBPX(BreakPointBuffer[i].BreakPointAddress, BreakPointBuffer[i].BreakPointSize); - } - j = i; - break; - } - else if(j == -1 && BreakPointBuffer[i].BreakPointActive == UE_BPXREMOVED) - { - j = i; - } - } - if(BreakPointBuffer[i].BreakPointAddress != MemoryStart) - { - if(j != -1) - { - i = j; - } - else - { - BreakPointSetCount++; - } - } - if(i < MAXIMUM_BREAKPOINTS) - { - RtlZeroMemory(&BreakPointBuffer[i], sizeof BreakPointDetail); - VirtualQueryEx(dbgProcessInformation.hProcess, (LPVOID)MemoryStart, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); - OldProtect = MemInfo.Protect; - if(!(OldProtect & PAGE_GUARD)) - { - NewProtect = OldProtect ^ PAGE_GUARD; - VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)MemoryStart, SizeOfMemory, NewProtect, &OldProtect); - BreakPointBuffer[i].BreakPointActive = UE_BPXACTIVE; - BreakPointBuffer[i].BreakPointAddress = MemoryStart; - BreakPointBuffer[i].BreakPointType = BreakPointType; - BreakPointBuffer[i].BreakPointSize = SizeOfMemory; - BreakPointBuffer[i].NumberOfExecutions = -1; - BreakPointBuffer[i].MemoryBpxRestoreOnHit = (BYTE)RestoreOnHit; - BreakPointBuffer[i].ExecuteCallBack = (ULONG_PTR)bpxCallBack; - } - return(true); - } - else - { - return(false); - } -} -__declspec(dllexport) bool TITCALL RemoveMemoryBPX(ULONG_PTR MemoryStart, SIZE_T SizeOfMemory) -{ - - int i = 0; - MEMORY_BASIC_INFORMATION MemInfo; - ULONG_PTR NumberOfBytesReadWritten = 0; - DWORD NewProtect = 0; - DWORD OldProtect = 0; - - for(i = 0; i < BreakPointSetCount; i++) - { - if(BreakPointBuffer[i].BreakPointAddress == MemoryStart && - (BreakPointBuffer[i].BreakPointType == UE_MEMORY || - BreakPointBuffer[i].BreakPointType == UE_MEMORY_READ || - BreakPointBuffer[i].BreakPointType == UE_MEMORY_WRITE || - BreakPointBuffer[i].BreakPointType == UE_MEMORY_EXECUTE) - ) - { - if(i - 1 == BreakPointSetCount) - { - BreakPointSetCount--; - } - break; - } - } - if(BreakPointBuffer[i].BreakPointAddress == MemoryStart) - { - VirtualQueryEx(dbgProcessInformation.hProcess, (LPVOID)MemoryStart, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); - OldProtect = MemInfo.Protect; - if(OldProtect & PAGE_GUARD) - { - NewProtect = OldProtect ^ PAGE_GUARD; - } - else - { - NewProtect = OldProtect; - } - if(SizeOfMemory != NULL) - { - VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)MemoryStart, SizeOfMemory, NewProtect, &OldProtect); - } - else - { - VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)MemoryStart, BreakPointBuffer[i].BreakPointSize, NewProtect, &OldProtect); - } - RtlZeroMemory(&BreakPointBuffer[i], sizeof BreakPointDetail); - return(true); - } - else - { - return(false); - } -} __declspec(dllexport) bool TITCALL GetContextFPUDataEx(HANDLE hActiveThread, void* FPUSaveArea) { @@ -6201,13 +4707,13 @@ __declspec(dllexport) void TITCALL AutoDebugExW(wchar_t* szFileName, bool Reserv if(szFileName != NULL) { - RtlZeroMemory(&engineExpertDebug, sizeof ExpertDebug); - engineExpertDebug.ExpertModeActive = true; - engineExpertDebug.szFileName = szFileName; - engineExpertDebug.szCommandLine = szCommandLine; - engineExpertDebug.szCurrentFolder = szCurrentFolder; - engineExpertDebug.ReserveModuleBase = ReserveModuleBase; - engineExpertDebug.EntryCallBack = EntryCallBack; + RtlZeroMemory(&expertDebug, sizeof ExpertDebug); + expertDebug.ExpertModeActive = true; + expertDebug.szFileName = szFileName; + expertDebug.szCommandLine = szCommandLine; + expertDebug.szCurrentFolder = szCurrentFolder; + expertDebug.ReserveModuleBase = ReserveModuleBase; + expertDebug.EntryCallBack = EntryCallBack; GetPE32DataExW(szFileName, (LPVOID)&PEStructure); if(PEStructure.Characteristics & 0x2000) { @@ -6223,7 +4729,7 @@ __declspec(dllexport) void TITCALL AutoDebugExW(wchar_t* szFileName, bool Reserv ForceClose(); } } - RtlZeroMemory(&engineExpertDebug, sizeof ExpertDebug); + RtlZeroMemory(&expertDebug, sizeof ExpertDebug); SetDebugLoopTimeOut(INFINITE); } } diff --git a/TitanEngine/TitanEngine.vcxproj b/TitanEngine/TitanEngine.vcxproj index 3687217..65f6b44 100644 --- a/TitanEngine/TitanEngine.vcxproj +++ b/TitanEngine/TitanEngine.vcxproj @@ -215,6 +215,8 @@ + + @@ -229,8 +231,11 @@ Create Create + + + @@ -245,6 +250,8 @@ + + diff --git a/TitanEngine/TitanEngine.vcxproj.filters b/TitanEngine/TitanEngine.vcxproj.filters index 711849d..8d105be 100644 --- a/TitanEngine/TitanEngine.vcxproj.filters +++ b/TitanEngine/TitanEngine.vcxproj.filters @@ -99,6 +99,21 @@ Source Files\TitanEngine + + Source Files\TitanEngine + + + Source Files\TitanEngine + + + Source Files\TitanEngine + + + Source Files\TitanEngine + + + Source Files\TitanEngine + @@ -149,6 +164,12 @@ Header Files\TitanEngine + + Header Files\TitanEngine + + + Header Files\TitanEngine +