- more migration

TitanEngine/Global.Breakpoints.cpp

@@ -0,0 +1,6 @@
+#include "stdafx.h"
+#include "definitions.h"
+#include "Global.Breakpoints.h"
+
+int BreakPointSetCount = 0;
+extern BreakPointDetail BreakPointBuffer[MAXIMUM_BREAKPOINTS] = {};

TitanEngine/Global.Breakpoints.h

@@ -0,0 +1,7 @@
+#ifndef _GLOBAL_BREAKPOINTS_H
+#define _GLOBAL_BREAKPOINTS_H
+
+extern int BreakPointSetCount;
+extern BreakPointDetail BreakPointBuffer[MAXIMUM_BREAKPOINTS];
+
+#endif //_GLOBAL_BREAKPOINTS_H

TitanEngine/Global.Debugger.cpp

@@ -0,0 +1,54 @@
+#include "stdafx.h"
+#include "definitions.h"
+#include "Global.Debugger.h"
+#include "Global.Engine.h"
+
+HARDWARE_DATA DebugRegister[4] = {};
+PROCESS_INFORMATION dbgProcessInformation = {};
+CustomHandler myDBGCustomHandler = {};
+PCustomHandler DBGCustomHandler = &myDBGCustomHandler;
+ExpertDebug expertDebug = {};
+STARTUPINFOW dbgStartupInfo = {};
+LPVOID DebugModuleEntryPointCallBack;
+LPVOID DebugExeFileEntryPointCallBack;
+ULONG_PTR DebugModuleEntryPoint;
+ULONG_PTR DebugModuleImageBase;
+
+ULONG_PTR engineAttachedProcessCallBack = NULL;
+ULONG_PTR engineReserveModuleBase = NULL;
+unsigned long long engineDebuggingMainModuleBase = NULL;
+ULONG_PTR engineDebuggingDLLBase = NULL;
+bool engineAttachedToProcess = false;
+bool engineDebuggingDLL = false;
+wchar_t* engineDebuggingDLLFullFileName;
+wchar_t* engineDebuggingDLLFileName;
+
+// Global.Debugger.functions:
+long DebugLoopInSecondThread(LPVOID InputParameter)
+{
+    __try
+    {
+        if(InputParameter == NULL)
+        {
+            InitDebugExW(expertDebug.szFileName, expertDebug.szCommandLine, expertDebug.szCurrentFolder, expertDebug.EntryCallBack);
+        }
+        else
+        {
+            InitDLLDebugW(expertDebug.szFileName, expertDebug.ReserveModuleBase, expertDebug.szCommandLine, expertDebug.szCurrentFolder, expertDebug.EntryCallBack);
+        }
+        DebugLoop();
+        return(NULL);
+    }
+    __except(EXCEPTION_EXECUTE_HANDLER)
+    {
+        return(-1);
+    }
+}
+
+void DebuggerReset()
+{
+    if(engineResetCustomHandler)
+    {
+        RtlZeroMemory(&myDBGCustomHandler, sizeof CustomHandler);
+    }
+}

TitanEngine/Global.Debugger.h

@@ -0,0 +1,27 @@
+#ifndef _GLOBAL_DEBUGGER_H
+#define _GLOBAL_DEBUGGER_H
+
+extern HARDWARE_DATA DebugRegister[4];
+extern PROCESS_INFORMATION dbgProcessInformation;
+extern CustomHandler myDBGCustomHandler;
+extern PCustomHandler DBGCustomHandler;
+extern ExpertDebug expertDebug;
+extern STARTUPINFOW dbgStartupInfo;
+extern LPVOID DebugModuleEntryPointCallBack;
+extern LPVOID DebugExeFileEntryPointCallBack;
+extern ULONG_PTR DebugModuleEntryPoint;
+extern ULONG_PTR DebugModuleImageBase;
+
+extern ULONG_PTR engineAttachedProcessCallBack;
+extern bool engineAttachedToProcess;
+extern ULONG_PTR engineReserveModuleBase;
+extern unsigned long long engineDebuggingMainModuleBase;
+extern ULONG_PTR engineDebuggingDLLBase;
+extern bool engineDebuggingDLL;
+extern wchar_t* engineDebuggingDLLFullFileName;
+extern wchar_t* engineDebuggingDLLFileName;
+
+long DebugLoopInSecondThread(LPVOID InputParameter);
+void DebuggerReset();
+
+#endif //_GLOBAL_DEBUGGER_H

TitanEngine/Global.Engine.Hider.cpp

@@ -2,6 +2,7 @@
 #include "definitions.h"
 #include "Global.Engine.Hider.h"
 #include "Global.Engine.h"
+#include "Global.Debugger.h"
 
 // Global.Engine.Hider.functions:
 static bool isAtleastVista()

TitanEngine/Global.Engine.cpp

@@ -5,10 +5,17 @@
 #include "Global.Mapping.h"
 #include "Global.Engine.Extension.h"
 #include "Global.Engine.Hash.h"
+#include "Global.Debugger.h"
 #include <psapi.h>
 
-HARDWARE_DATA DebugRegister[4] = {};
+bool engineCheckForwarders = true;
-PROCESS_INFORMATION dbgProcessInformation = {};
+bool engineAlowModuleLoading = false;
+bool engineCreatePathForFiles = true; // hardcoded
+bool engineBackupForCriticalFunctions = true;
+bool engineResumeProcessIfNoThreadIsActive = false;
+bool engineResetCustomHandler = true;
+bool engineRemoveConsoleForDebugee = false;
+
 char engineExtractedFolderName[512];
 char engineFoundDLLName[512];
 char engineFoundAPIName[512];
@@ -18,12 +25,6 @@ wchar_t engineSzEngineFile[MAX_PATH];
 wchar_t engineSzEngineGarbageFolder[MAX_PATH];
 wchar_t engineSzEngineFolder[MAX_PATH];
 HMODULE engineHandle;
-bool engineCheckForwarders = true;
-bool engineAlowModuleLoading = false;
-bool engineCreatePathForFiles = true; // hardcoded
-bool engineBackupForCriticalFunctions = true;
-bool engineResumeProcessIfNoThreadIsActive = false;
-
 LPVOID engineExitThreadOneShootCallBack = NULL;
 
 // Global.Engine.functions:

TitanEngine/Global.Engine.h

@@ -4,14 +4,14 @@
 #include <vector>
 
 //Global.Engine.Variables
-extern PROCESS_INFORMATION dbgProcessInformation;
-extern HARDWARE_DATA DebugRegister[4];
 extern HMODULE engineHandle;
 
 extern bool engineAlowModuleLoading;
 extern bool engineCheckForwarders;
 extern bool engineBackupForCriticalFunctions;
 extern bool engineResumeProcessIfNoThreadIsActive;
+extern bool engineResetCustomHandler;
+extern bool engineRemoveConsoleForDebugee;
 
 extern wchar_t engineSzEngineGarbageFolder[MAX_PATH];
 

TitanEngine/TitanEngine.Debugger.cpp

@@ -0,0 +1,234 @@
+#include "stdafx.h"
+#include "definitions.h"
+#include "Global.Debugger.h"
+#include "Global.Engine.h"
+#include "Global.Breakpoints.h"
+
+static wchar_t szBackupDebuggedFileName[512];
+static wchar_t szDebuggerName[512];
+
+// TitanEngine.Debugger.functions:
+__declspec(dllexport) void* TITCALL InitDebug(char* szFileName, char* szCommandLine, char* szCurrentFolder)
+{
+
+    wchar_t* PtrUniFileName = NULL;
+    wchar_t uniFileName[MAX_PATH] = {};
+    wchar_t* PtrUniCommandLine = NULL;
+    wchar_t uniCommandLine[MAX_PATH] = {};
+    wchar_t* PtrUniCurrentFolder = NULL;
+    wchar_t uniCurrentFolder[MAX_PATH] = {};
+
+    if(szFileName != NULL)
+    {
+        MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
+        MultiByteToWideChar(CP_ACP, NULL, szCommandLine, lstrlenA(szCommandLine)+1, uniCommandLine, sizeof(uniCommandLine)/(sizeof(uniCommandLine[0])));
+        MultiByteToWideChar(CP_ACP, NULL, szCurrentFolder, lstrlenA(szCurrentFolder)+1, uniCurrentFolder, sizeof(uniCurrentFolder)/(sizeof(uniCurrentFolder[0])));
+        if(szFileName != NULL)
+        {
+            PtrUniFileName = &uniFileName[0];
+        }
+        if(szCommandLine != NULL)
+        {
+            PtrUniCommandLine = &uniCommandLine[0];
+        }
+        if(szCurrentFolder != NULL)
+        {
+            PtrUniCurrentFolder = &uniCurrentFolder[0];
+        }
+        return(InitDebugW(PtrUniFileName, PtrUniCommandLine, PtrUniCurrentFolder));
+    }
+    else
+    {
+        return NULL;
+    }
+}
+__declspec(dllexport) void* TITCALL InitDebugW(wchar_t* szFileName, wchar_t* szCommandLine, wchar_t* szCurrentFolder)
+{
+
+    wchar_t szCreateWithCmdLine[1024];
+    int DebugConsoleFlag = NULL;
+
+    DebuggerReset();
+    if(engineRemoveConsoleForDebugee)
+    {
+        DebugConsoleFlag = CREATE_NO_WINDOW;
+    }
+    BreakPointSetCount = 0;
+    RtlZeroMemory(&BreakPointBuffer, sizeof BreakPointBuffer);
+    if(szCommandLine == NULL)
+    {
+        if(CreateProcessW(szFileName, NULL, NULL, NULL, false, DEBUG_PROCESS|DEBUG_ONLY_THIS_PROCESS|DebugConsoleFlag|CREATE_NEW_CONSOLE, NULL, szCurrentFolder, &dbgStartupInfo, &dbgProcessInformation))
+        {
+            engineAttachedToProcess = false;
+            engineAttachedProcessCallBack = NULL;
+            RtlZeroMemory(&BreakPointBuffer, sizeof BreakPointBuffer);
+            return(&dbgProcessInformation);
+        }
+        else
+        {
+            RtlZeroMemory(&dbgProcessInformation,sizeof PROCESS_INFORMATION);
+            return(0);
+        }
+    }
+    else
+    {
+        wsprintfW(szCreateWithCmdLine, L"\"%s\" %s", szFileName, szCommandLine);
+        if(CreateProcessW(NULL, szCreateWithCmdLine, NULL, NULL, false, DEBUG_PROCESS|DEBUG_ONLY_THIS_PROCESS|DebugConsoleFlag|CREATE_NEW_CONSOLE, NULL, szCurrentFolder, &dbgStartupInfo, &dbgProcessInformation))
+        {
+            engineAttachedToProcess = false;
+            engineAttachedProcessCallBack = NULL;
+            RtlZeroMemory(&BreakPointBuffer, sizeof BreakPointBuffer);
+            return(&dbgProcessInformation);
+        }
+        else
+        {
+            RtlZeroMemory(&dbgProcessInformation,sizeof PROCESS_INFORMATION);
+            return(0);
+        }
+    }
+}
+__declspec(dllexport) void* TITCALL InitDebugEx(char* szFileName, char* szCommandLine, char* szCurrentFolder, LPVOID EntryCallBack)
+{
+    DebugExeFileEntryPointCallBack = EntryCallBack;
+    return(InitDebug(szFileName, szCommandLine, szCurrentFolder));
+}
+__declspec(dllexport) void* TITCALL InitDebugExW(wchar_t* szFileName, wchar_t* szCommandLine, wchar_t* szCurrentFolder, LPVOID EntryCallBack)
+{
+    DebugExeFileEntryPointCallBack = EntryCallBack;
+    return(InitDebugW(szFileName, szCommandLine, szCurrentFolder));
+}
+__declspec(dllexport) void* TITCALL InitDLLDebug(char* szFileName, bool ReserveModuleBase, char* szCommandLine, char* szCurrentFolder, LPVOID EntryCallBack)
+{
+
+    wchar_t* PtrUniFileName = NULL;
+    wchar_t uniFileName[MAX_PATH] = {};
+    wchar_t* PtrUniCommandLine = NULL;
+    wchar_t uniCommandLine[MAX_PATH] = {};
+    wchar_t* PtrUniCurrentFolder = NULL;
+    wchar_t uniCurrentFolder[MAX_PATH] = {};
+
+    if(szFileName != NULL)
+    {
+        MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
+        MultiByteToWideChar(CP_ACP, NULL, szCommandLine, lstrlenA(szCommandLine)+1, uniCommandLine, sizeof(uniCommandLine)/(sizeof(uniCommandLine[0])));
+        MultiByteToWideChar(CP_ACP, NULL, szCurrentFolder, lstrlenA(szCurrentFolder)+1, uniCurrentFolder, sizeof(uniCurrentFolder)/(sizeof(uniCurrentFolder[0])));
+        if(szFileName != NULL)
+        {
+            PtrUniFileName = &uniFileName[0];
+        }
+        if(szCommandLine != NULL)
+        {
+            PtrUniCommandLine = &uniCommandLine[0];
+        }
+        if(szCurrentFolder != NULL)
+        {
+            PtrUniCurrentFolder = &uniCurrentFolder[0];
+        }
+        return(InitDLLDebugW(PtrUniFileName, ReserveModuleBase, PtrUniCommandLine, PtrUniCurrentFolder, EntryCallBack));
+    }
+    else
+    {
+        return NULL;
+    }
+}
+__declspec(dllexport) void* TITCALL InitDLLDebugW(wchar_t* szFileName, bool ReserveModuleBase, wchar_t* szCommandLine, wchar_t* szCurrentFolder, LPVOID EntryCallBack)
+{
+
+    int i = NULL;
+    int j = NULL;
+    bool ReturnData = false;
+    engineReserveModuleBase = NULL;
+
+    RtlZeroMemory(&szDebuggerName, sizeof szDebuggerName);
+    if(lstrlenW(szFileName) < 512)
+    {
+        RtlZeroMemory(&szBackupDebuggedFileName, sizeof szBackupDebuggedFileName);
+        lstrcpyW(szBackupDebuggedFileName, szFileName);
+        szFileName = &szBackupDebuggedFileName[0];
+    }
+    lstrcpyW(szDebuggerName, szFileName);
+    i = lstrlenW(szDebuggerName);
+    while(szDebuggerName[i] != 0x5C && i >= NULL)
+    {
+        i--;
+    }
+    if(i > NULL)
+    {
+        szDebuggerName[i+1] = 0x00;
+#ifdef _WIN64
+        lstrcpyW(szDebuggerName, L"DLLLoader64.exe");
+#else
+        lstrcpyW(szDebuggerName, L"DLLLoader32.exe");
+#endif
+    }
+    else
+    {
+#ifdef _WIN64
+        lstrcpyW(szDebuggerName, L"DLLLoader64.exe");
+#else
+        lstrcpyW(szDebuggerName, L"DLLLoader32.exe");
+#endif
+    }
+    //RtlZeroMemory(&szReserveModuleName, sizeof szReserveModuleName);
+    //lstrcpyW(szReserveModuleName, szFileName);
+    //lstrcatW(szReserveModuleName, L".module");
+#if defined(_WIN64)
+    ReturnData = EngineExtractResource("LOADERx64", szDebuggerName);
+    /*if(ReserveModuleBase)
+    {
+        EngineExtractResource("MODULEx64", szReserveModuleName);
+    }*/
+#else
+    ReturnData = EngineExtractResource("LOADERx86", szDebuggerName);
+    /*if(ReserveModuleBase)
+    {
+        EngineExtractResource("MODULEx86", szReserveModuleName);
+    }*/
+#endif
+    if(ReturnData)
+    {
+        engineDebuggingDLL = true;
+        i = lstrlenW(szFileName);
+        while(szFileName[i] != 0x5C && i >= NULL)
+        {
+            i--;
+        }
+        /*j = lstrlenW(szReserveModuleName);
+        while(szReserveModuleName[j] != 0x5C && j >= NULL)
+        {
+            j--;
+        }*/
+        engineDebuggingDLLBase = NULL;
+        engineDebuggingMainModuleBase = NULL;
+        engineDebuggingDLLFullFileName = szFileName;
+        engineDebuggingDLLFileName = &szFileName[i+1];
+        //engineDebuggingDLLReserveFileName = &szReserveModuleName[j+1];
+        DebugModuleImageBase = (ULONG_PTR)GetPE32DataW(szFileName, NULL, UE_IMAGEBASE);
+        engineReserveModuleBase = DebugModuleImageBase;
+        DebugModuleEntryPoint = (ULONG_PTR)GetPE32DataW(szFileName, NULL, UE_OEP);
+        DebugModuleEntryPointCallBack = EntryCallBack;
+        /*if(ReserveModuleBase)
+        {
+            RelocaterChangeFileBaseW(szReserveModuleName, DebugModuleImageBase);
+        }*/
+        return(InitDebugW(szDebuggerName, szCommandLine, szCurrentFolder));
+    }
+    else
+    {
+        return(NULL);
+    }
+    return(NULL);
+}
+__declspec(dllexport) bool TITCALL StopDebug()
+{
+    if(dbgProcessInformation.hProcess != NULL)
+    {
+        TerminateThread(dbgProcessInformation.hThread, NULL);
+        TerminateProcess(dbgProcessInformation.hProcess, NULL);
+        return(true);
+    }
+    else
+    {
+        return(false);
+    }
+}

TitanEngine/TitanEngine.Disassembler.cpp

@@ -0,0 +1,236 @@
+#include "stdafx.h"
+#include "definitions.h"
+#include "Global.Debugger.h"
+#include "distorm.h"
+
+static char engineDisassembledInstruction[128];
+
+__declspec(dllexport) void* TITCALL StaticDisassembleEx(ULONG_PTR DisassmStart, LPVOID DisassmAddress)
+{
+    _DecodeResult DecodingResult;
+    _DecodedInst engineDecodedInstructions[MAX_DECODE_INSTRUCTIONS];
+    unsigned int DecodedInstructionsCount = 0;
+#if !defined(_WIN64)
+    _DecodeType DecodingType = Decode32Bits;
+#else
+    _DecodeType DecodingType = Decode64Bits;
+#endif
+    MEMORY_BASIC_INFORMATION MemInfo;
+    DWORD MaxDisassmSize;
+
+    VirtualQueryEx(GetCurrentProcess(), DisassmAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
+    if(MemInfo.State == MEM_COMMIT)
+    {
+        if((ULONG_PTR)MemInfo.BaseAddress + (ULONG_PTR)MemInfo.RegionSize - (ULONG_PTR)DisassmAddress <= MAXIMUM_INSTRUCTION_SIZE)
+        {
+            MaxDisassmSize = (DWORD)((ULONG_PTR)MemInfo.BaseAddress + (ULONG_PTR)MemInfo.RegionSize - (ULONG_PTR)DisassmAddress - 1);
+            VirtualQueryEx(GetCurrentProcess(), (LPVOID)((ULONG_PTR)DisassmAddress + (ULONG_PTR)MemInfo.RegionSize), &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
+            if(MemInfo.State == MEM_COMMIT)
+            {
+                MaxDisassmSize = MAXIMUM_INSTRUCTION_SIZE;
+            }
+        }
+        else
+        {
+            MaxDisassmSize = MAXIMUM_INSTRUCTION_SIZE;
+        }
+        DecodingResult = distorm_decode((ULONG_PTR)DisassmStart, (const unsigned char*)DisassmAddress, MaxDisassmSize, DecodingType, engineDecodedInstructions, MAX_DECODE_INSTRUCTIONS, &DecodedInstructionsCount);
+        RtlZeroMemory(&engineDisassembledInstruction, 128);
+        lstrcpyA(engineDisassembledInstruction, (LPCSTR)engineDecodedInstructions[0].mnemonic.p);
+        if(engineDecodedInstructions[0].size != NULL)
+        {
+            lstrcatA(engineDisassembledInstruction, " ");
+        }
+        lstrcatA(engineDisassembledInstruction, (LPCSTR)engineDecodedInstructions[0].operands.p);
+        return((char*)engineDisassembledInstruction);
+    }
+    else
+    {
+        return(NULL);
+    }
+}
+__declspec(dllexport) void* TITCALL StaticDisassemble(LPVOID DisassmAddress)
+{
+    return(StaticDisassembleEx((ULONG_PTR)DisassmAddress, DisassmAddress));
+}
+__declspec(dllexport) void* TITCALL DisassembleEx(HANDLE hProcess, LPVOID DisassmAddress, bool ReturnInstructionType)
+{
+
+    _DecodeResult DecodingResult;
+    _DecodedInst engineDecodedInstructions[MAX_DECODE_INSTRUCTIONS];
+    unsigned int DecodedInstructionsCount = 0;
+#if !defined(_WIN64)
+    _DecodeType DecodingType = Decode32Bits;
+#else
+    _DecodeType DecodingType = Decode64Bits;
+#endif
+    ULONG_PTR ueNumberOfBytesRead = 0;
+    LPVOID ueReadBuffer = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE);
+    MEMORY_BASIC_INFORMATION MemInfo;
+    DWORD MaxDisassmSize;
+
+    if(hProcess != NULL)
+    {
+        VirtualQueryEx(hProcess, DisassmAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
+        if(MemInfo.State == MEM_COMMIT)
+        {
+            if((ULONG_PTR)MemInfo.BaseAddress + (ULONG_PTR)MemInfo.RegionSize - (ULONG_PTR)DisassmAddress <= MAXIMUM_INSTRUCTION_SIZE)
+            {
+                MaxDisassmSize = (DWORD)((ULONG_PTR)MemInfo.BaseAddress + (ULONG_PTR)MemInfo.RegionSize - (ULONG_PTR)DisassmAddress - 1);
+                VirtualQueryEx(hProcess, (LPVOID)((ULONG_PTR)DisassmAddress + (ULONG_PTR)MemInfo.RegionSize), &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
+                if(MemInfo.State == MEM_COMMIT)
+                {
+                    MaxDisassmSize = MAXIMUM_INSTRUCTION_SIZE;
+                }
+            }
+            else
+            {
+                MaxDisassmSize = MAXIMUM_INSTRUCTION_SIZE;
+            }
+            bool isbp=false;
+            if(IsBPXEnabled((ULONG_PTR)DisassmAddress))
+            {
+                isbp=true;
+                DisableBPX((ULONG_PTR)DisassmAddress);
+            }
+            BOOL rpm=ReadProcessMemory(hProcess, (LPVOID)DisassmAddress, ueReadBuffer, MaxDisassmSize, &ueNumberOfBytesRead);
+            if(isbp)
+            {
+                EnableBPX((ULONG_PTR)DisassmAddress);
+            }
+            if(rpm)
+            {
+                DecodingResult = distorm_decode((ULONG_PTR)DisassmAddress, (const unsigned char*)ueReadBuffer, MaxDisassmSize, DecodingType, engineDecodedInstructions, MAX_DECODE_INSTRUCTIONS, &DecodedInstructionsCount);
+                VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
+                RtlZeroMemory(&engineDisassembledInstruction, 128);
+                lstrcpyA(engineDisassembledInstruction, (LPCSTR)engineDecodedInstructions[0].mnemonic.p);
+                if(!ReturnInstructionType)
+                {
+                    if(engineDecodedInstructions[0].size != NULL)
+                    {
+                        lstrcatA(engineDisassembledInstruction, " ");
+                    }
+                    lstrcatA(engineDisassembledInstruction, (LPCSTR)engineDecodedInstructions[0].operands.p);
+                }
+                return((char*)engineDisassembledInstruction);
+            }
+            else
+            {
+                VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
+                return(NULL);
+            }
+        }
+        else
+        {
+            return(NULL);
+        }
+    }
+    else
+    {
+        VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
+        return(NULL);
+    }
+}
+__declspec(dllexport) void* TITCALL Disassemble(LPVOID DisassmAddress)
+{
+    return(DisassembleEx(dbgProcessInformation.hProcess, DisassmAddress, false));
+}
+__declspec(dllexport) long TITCALL StaticLengthDisassemble(LPVOID DisassmAddress)
+{
+
+    _DecodeResult DecodingResult;
+    _DecodedInst DecodedInstructions[MAX_DECODE_INSTRUCTIONS];
+    unsigned int DecodedInstructionsCount = 0;
+#if !defined(_WIN64)
+    _DecodeType DecodingType = Decode32Bits;
+#else
+    _DecodeType DecodingType = Decode64Bits;
+#endif
+    MEMORY_BASIC_INFORMATION MemInfo;
+    DWORD MaxDisassmSize;
+
+    VirtualQueryEx(GetCurrentProcess(), DisassmAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
+    if(MemInfo.State == MEM_COMMIT)
+    {
+        if((ULONG_PTR)MemInfo.BaseAddress + (ULONG_PTR)MemInfo.RegionSize - (ULONG_PTR)DisassmAddress <= MAXIMUM_INSTRUCTION_SIZE)
+        {
+            MaxDisassmSize = (DWORD)((ULONG_PTR)MemInfo.BaseAddress + (ULONG_PTR)MemInfo.RegionSize - (ULONG_PTR)DisassmAddress - 1);
+            VirtualQueryEx(GetCurrentProcess(), (LPVOID)((ULONG_PTR)DisassmAddress + (ULONG_PTR)MemInfo.RegionSize), &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
+            if(MemInfo.State == MEM_COMMIT)
+            {
+                MaxDisassmSize = MAXIMUM_INSTRUCTION_SIZE;
+            }
+        }
+        else
+        {
+            MaxDisassmSize = MAXIMUM_INSTRUCTION_SIZE;
+        }
+        DecodingResult = distorm_decode(NULL, (const unsigned char*)DisassmAddress, MaxDisassmSize, DecodingType, DecodedInstructions, MAX_DECODE_INSTRUCTIONS, &DecodedInstructionsCount);
+        return(DecodedInstructions[0].size);
+    }
+    else
+    {
+        return(NULL);
+    }
+}
+__declspec(dllexport) long TITCALL LengthDisassembleEx(HANDLE hProcess, LPVOID DisassmAddress)
+{
+
+    _DecodeResult DecodingResult;
+    _DecodedInst DecodedInstructions[MAX_DECODE_INSTRUCTIONS];
+    unsigned int DecodedInstructionsCount = 0;
+#if !defined(_WIN64)
+    _DecodeType DecodingType = Decode32Bits;
+#else
+    _DecodeType DecodingType = Decode64Bits;
+#endif
+    ULONG_PTR ueNumberOfBytesRead = 0;
+    LPVOID ueReadBuffer = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE);
+    MEMORY_BASIC_INFORMATION MemInfo;
+    DWORD MaxDisassmSize;
+
+    if(hProcess != NULL)
+    {
+        VirtualQueryEx(GetCurrentProcess(), DisassmAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
+        if(MemInfo.State == MEM_COMMIT)
+        {
+            if((ULONG_PTR)MemInfo.BaseAddress + (ULONG_PTR)MemInfo.RegionSize - (ULONG_PTR)DisassmAddress <= MAXIMUM_INSTRUCTION_SIZE)
+            {
+                MaxDisassmSize = (DWORD)((ULONG_PTR)MemInfo.BaseAddress + (ULONG_PTR)MemInfo.RegionSize - (ULONG_PTR)DisassmAddress - 1);
+                VirtualQueryEx(GetCurrentProcess(), (LPVOID)((ULONG_PTR)DisassmAddress + (ULONG_PTR)MemInfo.RegionSize), &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
+                if(MemInfo.State == MEM_COMMIT)
+                {
+                    MaxDisassmSize = MAXIMUM_INSTRUCTION_SIZE;
+                }
+            }
+            else
+            {
+                MaxDisassmSize = MAXIMUM_INSTRUCTION_SIZE;
+            }
+            if(ReadProcessMemory(hProcess, (LPVOID)DisassmAddress, ueReadBuffer, MaxDisassmSize, &ueNumberOfBytesRead))
+            {
+                DecodingResult = distorm_decode(NULL, (const unsigned char*)ueReadBuffer, MaxDisassmSize, DecodingType, DecodedInstructions, MAX_DECODE_INSTRUCTIONS, &DecodedInstructionsCount);
+                VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
+                return(DecodedInstructions[0].size);
+            }
+            else
+            {
+                VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
+                return(-1);
+            }
+        }
+        else
+        {
+            return(NULL);
+        }
+    }
+    else
+    {
+        VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
+        return(-1);
+    }
+}
+__declspec(dllexport) long TITCALL LengthDisassemble(LPVOID DisassmAddress)
+{
+    return(LengthDisassembleEx(dbgProcessInformation.hProcess, DisassmAddress));
+}

TitanEngine/TitanEngine.Threader.cpp

@@ -3,6 +3,7 @@
 #include "Global.Handle.h"
 #include "Global.Engine.h"
 #include "Global.Threader.h"
+#include "Global.Debugger.h"
 #include <tlhelp32.h>
 
 // TitanEngine.Threader.functions:

TitanEngine/TitanEngine.vcxproj

@@ -215,6 +215,8 @@
     </Link>
   </ItemDefinitionGroup>
   <ItemGroup>
+    <ClCompile Include="Global.Breakpoints.cpp" />
+    <ClCompile Include="Global.Debugger.cpp" />
     <ClCompile Include="Global.Engine.cpp" />
     <ClCompile Include="Global.Engine.Extension.cpp" />
     <ClCompile Include="Global.Engine.Hash.cpp" />
@@ -229,8 +231,11 @@
       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>
       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Create</PrecompiledHeader>
     </ClCompile>
+    <ClCompile Include="TitanEngine.Breakpoints.cpp" />
     <ClCompile Include="TitanEngine.cpp" />
     <ClCompile Include="LzmaDec.cpp" />
+    <ClCompile Include="TitanEngine.Debugger.cpp" />
+    <ClCompile Include="TitanEngine.Disassembler.cpp" />
     <ClCompile Include="TitanEngine.Dumper.cpp" />
     <ClCompile Include="TitanEngine.Hider.cpp" />
     <ClCompile Include="TitanEngine.PE.Convert.cpp" />
@@ -245,6 +250,8 @@
     <ClInclude Include="aplib.h" />
     <ClInclude Include="definitions.h" />
     <ClInclude Include="distorm.h" />
+    <ClInclude Include="Global.Breakpoints.h" />
+    <ClInclude Include="Global.Debugger.h" />
     <ClInclude Include="Global.Engine.Extension.h" />
     <ClInclude Include="Global.Engine.h" />
     <ClInclude Include="Global.Engine.Hider.h" />

TitanEngine/TitanEngine.vcxproj.filters

@@ -99,6 +99,21 @@
     <ClCompile Include="Global.Threader.cpp">
       <Filter>Source Files\TitanEngine</Filter>
     </ClCompile>
+    <ClCompile Include="Global.Debugger.cpp">
+      <Filter>Source Files\TitanEngine</Filter>
+    </ClCompile>
+    <ClCompile Include="TitanEngine.Disassembler.cpp">
+      <Filter>Source Files\TitanEngine</Filter>
+    </ClCompile>
+    <ClCompile Include="TitanEngine.Debugger.cpp">
+      <Filter>Source Files\TitanEngine</Filter>
+    </ClCompile>
+    <ClCompile Include="TitanEngine.Breakpoints.cpp">
+      <Filter>Source Files\TitanEngine</Filter>
+    </ClCompile>
+    <ClCompile Include="Global.Breakpoints.cpp">
+      <Filter>Source Files\TitanEngine</Filter>
+    </ClCompile>
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="resource.h">
@@ -149,6 +164,12 @@
     <ClInclude Include="Global.Threader.h">
       <Filter>Header Files\TitanEngine</Filter>
     </ClInclude>
+    <ClInclude Include="Global.Debugger.h">
+      <Filter>Header Files\TitanEngine</Filter>
+    </ClInclude>
+    <ClInclude Include="Global.Breakpoints.h">
+      <Filter>Header Files\TitanEngine</Filter>
+    </ClInclude>
   </ItemGroup>
   <ItemGroup>
     <ResourceCompile Include="TitanEngine.rc">