From 51208e22f3354be8aa4f9926b22cb683b174e431 Mon Sep 17 00:00:00 2001
From: "Mr. eXoDia" <mr.exodia.tpodt@gmail.com>
Date: Thu, 30 Jul 2015 15:39:09 +0200
Subject: [PATCH] call FlushInstructionCache after changing code (this could
 bug)

---
 TitanEngine/Global.Engine.Hider.cpp            | 2 ++
 TitanEngine/TitanEngine.Breakpoints.cpp        | 6 ++++++
 TitanEngine/TitanEngine.Debugger.DebugLoop.cpp | 3 +++
 3 files changed, 11 insertions(+)

diff --git a/TitanEngine/Global.Engine.Hider.cpp b/TitanEngine/Global.Engine.Hider.cpp
index 91a441b..111a6e7 100644
--- a/TitanEngine/Global.Engine.Hider.cpp
+++ b/TitanEngine/Global.Engine.Hider.cpp
@@ -118,6 +118,8 @@ static void FixAntidebugApiInProcess(HANDLE hProcess, bool Hide, bool x64)
             VirtualProtectEx(hProcess, (LPVOID)APIPatchAddress, patchGetTickCountSize, OldProtect, &OldProtect);
         }
     }
+
+    FlushInstructionCache(hProcess, NULL, 0);
 }
 
 //Quote from The Ultimate Anti-Debugging Reference by Peter Ferrie
diff --git a/TitanEngine/TitanEngine.Breakpoints.cpp b/TitanEngine/TitanEngine.Breakpoints.cpp
index 0b20f58..f8f6565 100644
--- a/TitanEngine/TitanEngine.Breakpoints.cpp
+++ b/TitanEngine/TitanEngine.Breakpoints.cpp
@@ -83,6 +83,7 @@ __declspec(dllexport) bool TITCALL EnableBPX(ULONG_PTR bpxAddress)
                     {
                         if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, &INT3BreakPoint, 1, &NumberOfBytesReadWritten))
                         {
+                            FlushInstructionCache(dbgProcessInformation.hProcess, NULL, 0);
                             testWrite = true;
                         }
                     }
@@ -90,6 +91,7 @@ __declspec(dllexport) bool TITCALL EnableBPX(ULONG_PTR bpxAddress)
                     {
                         if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, &INT3LongBreakPoint, 2, &NumberOfBytesReadWritten))
                         {
+                            FlushInstructionCache(dbgProcessInformation.hProcess, NULL, 0);
                             testWrite = true;
                         }
                     }
@@ -97,6 +99,7 @@ __declspec(dllexport) bool TITCALL EnableBPX(ULONG_PTR bpxAddress)
                     {
                         if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, &UD2BreakPoint, 2, &NumberOfBytesReadWritten))
                         {
+                            FlushInstructionCache(dbgProcessInformation.hProcess, NULL, 0);
                             testWrite = true;
                         }
                     }
@@ -147,6 +150,7 @@ __declspec(dllexport) bool TITCALL DisableBPX(ULONG_PTR bpxAddress)
             {
                 if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, &BreakPointBuffer.at(i).OriginalByte[0], BreakPointBuffer.at(i).BreakPointSize, &NumberOfBytesReadWritten))
                 {
+                    FlushInstructionCache(dbgProcessInformation.hProcess, NULL, 0);
                     BreakPointBuffer.at(i).BreakPointActive = UE_BPXINACTIVE;
                     VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer.at(i).BreakPointSize, OldProtect, &OldProtect);
                     return true;
@@ -247,6 +251,7 @@ __declspec(dllexport) bool TITCALL SetBPX(ULONG_PTR bpxAddress, DWORD bpxType, L
     {
         if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, bpxDataPrt, NewBreakPoint.BreakPointSize, &NumberOfBytesReadWritten))
         {
+            FlushInstructionCache(dbgProcessInformation.hProcess, NULL, 0);
             //add new breakpoint to the list
             NewBreakPoint.AdvancedBreakPointType = SelectedBreakPointType & 0xFF;
             NewBreakPoint.BreakPointActive = UE_BPXACTIVE;
@@ -289,6 +294,7 @@ __declspec(dllexport) bool TITCALL DeleteBPX(ULONG_PTR bpxAddress)
     {
         if(!WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, &BreakPointBuffer.at(found).OriginalByte[0], BreakPointBuffer.at(found).BreakPointSize, &NumberOfBytesReadWritten))
         {
+            FlushInstructionCache(dbgProcessInformation.hProcess, NULL, 0);
             VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer.at(found).BreakPointSize, OldProtect, &OldProtect);
             return false;
         }
diff --git a/TitanEngine/TitanEngine.Debugger.DebugLoop.cpp b/TitanEngine/TitanEngine.Debugger.DebugLoop.cpp
index becfd6d..4792a7f 100644
--- a/TitanEngine/TitanEngine.Debugger.DebugLoop.cpp
+++ b/TitanEngine/TitanEngine.Debugger.DebugLoop.cpp
@@ -454,6 +454,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
                     VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)FoundBreakPoint.BreakPointAddress, FoundBreakPoint.BreakPointSize, PAGE_EXECUTE_READWRITE, &OldProtect);
                     if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)FoundBreakPoint.BreakPointAddress, &FoundBreakPoint.OriginalByte[0], FoundBreakPoint.BreakPointSize, &NumberOfBytesReadWritten))
                     {
+                        FlushInstructionCache(dbgProcessInformation.hProcess, NULL, 0);
                         DBGCode = DBG_CONTINUE;
                         hActiveThread = OpenThread(THREAD_GET_CONTEXT | THREAD_SET_CONTEXT, false, DBGEvent.dwThreadId);
                         myDBGContext.ContextFlags = CONTEXT_CONTROL;
@@ -559,6 +560,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
                         ReadProcessMemory(dbgProcessInformation.hProcess, csp, &data, sizeof(ULONG_PTR), 0);
                         data &= ~UE_TRAP_FLAG;
                         WriteProcessMemory(dbgProcessInformation.hProcess, csp, &data, sizeof(ULONG_PTR), 0);
+                        FlushInstructionCache(dbgProcessInformation.hProcess, NULL, 0);
                     }
                     if(ResetBPX) //restore 'normal' breakpoint
                     {
@@ -965,6 +967,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
                     VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)FoundBreakPoint.BreakPointAddress, FoundBreakPoint.BreakPointSize, PAGE_EXECUTE_READWRITE, &OldProtect);
                     if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)FoundBreakPoint.BreakPointAddress, &FoundBreakPoint.OriginalByte[0], FoundBreakPoint.BreakPointSize, &NumberOfBytesReadWritten))
                     {
+                        FlushInstructionCache(dbgProcessInformation.hProcess, NULL, 0);
                         DBGCode = DBG_CONTINUE;
                         hActiveThread = OpenThread(THREAD_GET_CONTEXT | THREAD_SET_CONTEXT | THREAD_QUERY_INFORMATION, false, DBGEvent.dwThreadId);
                         myDBGContext.ContextFlags = CONTEXT_CONTROL;