call FlushInstructionCache after changing code (this could bug)

TitanEngine/Global.Engine.Hider.cpp

@@ -118,6 +118,8 @@ static void FixAntidebugApiInProcess(HANDLE hProcess, bool Hide, bool x64)
             VirtualProtectEx(hProcess, (LPVOID)APIPatchAddress, patchGetTickCountSize, OldProtect, &OldProtect);
         }
     }
+
+    FlushInstructionCache(hProcess, NULL, 0);
 }
 
 //Quote from The Ultimate Anti-Debugging Reference by Peter Ferrie

TitanEngine/TitanEngine.Breakpoints.cpp

@@ -83,6 +83,7 @@ __declspec(dllexport) bool TITCALL EnableBPX(ULONG_PTR bpxAddress)
                     {
                         if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, &INT3BreakPoint, 1, &NumberOfBytesReadWritten))
                         {
+                            FlushInstructionCache(dbgProcessInformation.hProcess, NULL, 0);
                             testWrite = true;
                         }
                     }
@@ -90,6 +91,7 @@ __declspec(dllexport) bool TITCALL EnableBPX(ULONG_PTR bpxAddress)
                     {
                         if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, &INT3LongBreakPoint, 2, &NumberOfBytesReadWritten))
                         {
+                            FlushInstructionCache(dbgProcessInformation.hProcess, NULL, 0);
                             testWrite = true;
                         }
                     }
@@ -97,6 +99,7 @@ __declspec(dllexport) bool TITCALL EnableBPX(ULONG_PTR bpxAddress)
                     {
                         if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, &UD2BreakPoint, 2, &NumberOfBytesReadWritten))
                         {
+                            FlushInstructionCache(dbgProcessInformation.hProcess, NULL, 0);
                             testWrite = true;
                         }
                     }
@@ -147,6 +150,7 @@ __declspec(dllexport) bool TITCALL DisableBPX(ULONG_PTR bpxAddress)
             {
                 if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, &BreakPointBuffer.at(i).OriginalByte[0], BreakPointBuffer.at(i).BreakPointSize, &NumberOfBytesReadWritten))
                 {
+                    FlushInstructionCache(dbgProcessInformation.hProcess, NULL, 0);
                     BreakPointBuffer.at(i).BreakPointActive = UE_BPXINACTIVE;
                     VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer.at(i).BreakPointSize, OldProtect, &OldProtect);
                     return true;
@@ -247,6 +251,7 @@ __declspec(dllexport) bool TITCALL SetBPX(ULONG_PTR bpxAddress, DWORD bpxType, L
     {
         if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, bpxDataPrt, NewBreakPoint.BreakPointSize, &NumberOfBytesReadWritten))
         {
+            FlushInstructionCache(dbgProcessInformation.hProcess, NULL, 0);
             //add new breakpoint to the list
             NewBreakPoint.AdvancedBreakPointType = SelectedBreakPointType & 0xFF;
             NewBreakPoint.BreakPointActive = UE_BPXACTIVE;
@@ -289,6 +294,7 @@ __declspec(dllexport) bool TITCALL DeleteBPX(ULONG_PTR bpxAddress)
     {
         if(!WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, &BreakPointBuffer.at(found).OriginalByte[0], BreakPointBuffer.at(found).BreakPointSize, &NumberOfBytesReadWritten))
         {
+            FlushInstructionCache(dbgProcessInformation.hProcess, NULL, 0);
             VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer.at(found).BreakPointSize, OldProtect, &OldProtect);
             return false;
         }

TitanEngine/TitanEngine.Debugger.DebugLoop.cpp

@@ -454,6 +454,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
                     VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)FoundBreakPoint.BreakPointAddress, FoundBreakPoint.BreakPointSize, PAGE_EXECUTE_READWRITE, &OldProtect);
                     if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)FoundBreakPoint.BreakPointAddress, &FoundBreakPoint.OriginalByte[0], FoundBreakPoint.BreakPointSize, &NumberOfBytesReadWritten))
                     {
+                        FlushInstructionCache(dbgProcessInformation.hProcess, NULL, 0);
                         DBGCode = DBG_CONTINUE;
                         hActiveThread = OpenThread(THREAD_GET_CONTEXT | THREAD_SET_CONTEXT, false, DBGEvent.dwThreadId);
                         myDBGContext.ContextFlags = CONTEXT_CONTROL;
@@ -559,6 +560,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
                         ReadProcessMemory(dbgProcessInformation.hProcess, csp, &data, sizeof(ULONG_PTR), 0);
                         data &= ~UE_TRAP_FLAG;
                         WriteProcessMemory(dbgProcessInformation.hProcess, csp, &data, sizeof(ULONG_PTR), 0);
+                        FlushInstructionCache(dbgProcessInformation.hProcess, NULL, 0);
                     }
                     if(ResetBPX) //restore 'normal' breakpoint
                     {
@@ -965,6 +967,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
                     VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)FoundBreakPoint.BreakPointAddress, FoundBreakPoint.BreakPointSize, PAGE_EXECUTE_READWRITE, &OldProtect);
                     if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)FoundBreakPoint.BreakPointAddress, &FoundBreakPoint.OriginalByte[0], FoundBreakPoint.BreakPointSize, &NumberOfBytesReadWritten))
                     {
+                        FlushInstructionCache(dbgProcessInformation.hProcess, NULL, 0);
                         DBGCode = DBG_CONTINUE;
                         hActiveThread = OpenThread(THREAD_GET_CONTEXT | THREAD_SET_CONTEXT | THREAD_QUERY_INFORMATION, false, DBGEvent.dwThreadId);
                         myDBGContext.ContextFlags = CONTEXT_CONTROL;