mirror of https://github.com/x64dbg/TitanEngine
- fixed the function EngineGetProcAddressRemote (now supports any number of modules)
- added the function EngineGetModuleBaseRemote - added export ImporterGetDLLNameW - fixed export ImporterGetDLLName
This commit is contained in:
parent
e60e886cf5
commit
5e5dac1186
|
|
@ -743,6 +743,7 @@ __declspec(dllexport) long long TITCALL ImporterFindOrdinalAPIWriteLocation(ULON
|
||||||
__declspec(dllexport) long long TITCALL ImporterFindAPIByWriteLocation(ULONG_PTR APIWriteLocation);
|
__declspec(dllexport) long long TITCALL ImporterFindAPIByWriteLocation(ULONG_PTR APIWriteLocation);
|
||||||
__declspec(dllexport) long long TITCALL ImporterFindDLLByWriteLocation(ULONG_PTR APIWriteLocation);
|
__declspec(dllexport) long long TITCALL ImporterFindDLLByWriteLocation(ULONG_PTR APIWriteLocation);
|
||||||
__declspec(dllexport) void* TITCALL ImporterGetDLLName(ULONG_PTR APIAddress);
|
__declspec(dllexport) void* TITCALL ImporterGetDLLName(ULONG_PTR APIAddress);
|
||||||
|
__declspec(dllexport) void* TITCALL ImporterGetDLLNameW(ULONG_PTR APIAddress);
|
||||||
__declspec(dllexport) void* TITCALL ImporterGetAPIName(ULONG_PTR APIAddress);
|
__declspec(dllexport) void* TITCALL ImporterGetAPIName(ULONG_PTR APIAddress);
|
||||||
__declspec(dllexport) long long TITCALL ImporterGetAPIOrdinalNumber(ULONG_PTR APIAddress);
|
__declspec(dllexport) long long TITCALL ImporterGetAPIOrdinalNumber(ULONG_PTR APIAddress);
|
||||||
__declspec(dllexport) void* TITCALL ImporterGetAPINameEx(ULONG_PTR APIAddress, ULONG_PTR DLLBasesList);
|
__declspec(dllexport) void* TITCALL ImporterGetAPINameEx(ULONG_PTR APIAddress, ULONG_PTR DLLBasesList);
|
||||||
|
|
|
||||||
|
|
@ -742,6 +742,7 @@ __declspec(dllimport) long long TITCALL ImporterFindOrdinalAPIWriteLocation(ULON
|
||||||
__declspec(dllimport) long long TITCALL ImporterFindAPIByWriteLocation(ULONG_PTR APIWriteLocation);
|
__declspec(dllimport) long long TITCALL ImporterFindAPIByWriteLocation(ULONG_PTR APIWriteLocation);
|
||||||
__declspec(dllimport) long long TITCALL ImporterFindDLLByWriteLocation(ULONG_PTR APIWriteLocation);
|
__declspec(dllimport) long long TITCALL ImporterFindDLLByWriteLocation(ULONG_PTR APIWriteLocation);
|
||||||
__declspec(dllimport) void* TITCALL ImporterGetDLLName(ULONG_PTR APIAddress);
|
__declspec(dllimport) void* TITCALL ImporterGetDLLName(ULONG_PTR APIAddress);
|
||||||
|
__declspec(dllexport) void* TITCALL ImporterGetDLLNameW(ULONG_PTR APIAddress);
|
||||||
__declspec(dllimport) void* TITCALL ImporterGetAPIName(ULONG_PTR APIAddress);
|
__declspec(dllimport) void* TITCALL ImporterGetAPIName(ULONG_PTR APIAddress);
|
||||||
__declspec(dllimport) long long TITCALL ImporterGetAPIOrdinalNumber(ULONG_PTR APIAddress);
|
__declspec(dllimport) long long TITCALL ImporterGetAPIOrdinalNumber(ULONG_PTR APIAddress);
|
||||||
__declspec(dllimport) void* TITCALL ImporterGetAPINameEx(ULONG_PTR APIAddress, ULONG_PTR DLLBasesList);
|
__declspec(dllimport) void* TITCALL ImporterGetAPINameEx(ULONG_PTR APIAddress, ULONG_PTR DLLBasesList);
|
||||||
|
|
|
||||||
|
|
@ -1689,6 +1689,10 @@ protected:
|
||||||
{
|
{
|
||||||
return (const char*)UE::ImporterGetDLLName(APIAddress);
|
return (const char*)UE::ImporterGetDLLName(APIAddress);
|
||||||
}
|
}
|
||||||
|
static const wchar_t* GetDLLNameW(ULONG_PTR APIAddress)
|
||||||
|
{
|
||||||
|
return (const wchar_t*)UE::ImporterGetDLLNameW(APIAddress);
|
||||||
|
}
|
||||||
static const char* GetAPIName(ULONG_PTR APIAddress)
|
static const char* GetAPIName(ULONG_PTR APIAddress)
|
||||||
{
|
{
|
||||||
return (const char*)UE::ImporterGetAPIName(APIAddress);
|
return (const char*)UE::ImporterGetAPIName(APIAddress);
|
||||||
|
|
@ -1876,6 +1880,7 @@ public:
|
||||||
using ImporterX::FindAPIByWriteLocation;
|
using ImporterX::FindAPIByWriteLocation;
|
||||||
using ImporterX::FindDLLByWriteLocation;
|
using ImporterX::FindDLLByWriteLocation;
|
||||||
using ImporterX::GetDLLName;
|
using ImporterX::GetDLLName;
|
||||||
|
using ImporterX::GetDLLNameW;
|
||||||
using ImporterX::GetAPIName;
|
using ImporterX::GetAPIName;
|
||||||
using ImporterX::GetAPIOrdinalNumber;
|
using ImporterX::GetAPIOrdinalNumber;
|
||||||
using ImporterX::GetAPINameEx;
|
using ImporterX::GetAPINameEx;
|
||||||
|
|
|
||||||
|
|
@ -8,53 +8,37 @@ ULONG_PTR EngineGetProcAddressRemote(HANDLE hProcess, const WCHAR * szDLLName, c
|
||||||
{
|
{
|
||||||
if(!hProcess) //no process specified
|
if(!hProcess) //no process specified
|
||||||
{
|
{
|
||||||
if(dbgProcessInformation.hProcess == 0)
|
if(!dbgProcessInformation.hProcess)
|
||||||
{
|
|
||||||
hProcess = GetCurrentProcess();
|
hProcess = GetCurrentProcess();
|
||||||
}
|
|
||||||
else
|
else
|
||||||
{
|
|
||||||
hProcess = dbgProcessInformation.hProcess;
|
hProcess = dbgProcessInformation.hProcess;
|
||||||
}
|
}
|
||||||
}
|
DWORD cbNeeded=0;
|
||||||
DWORD cbNeeded = 0;
|
if(EnumProcessModules(hProcess, 0, 0, &cbNeeded))
|
||||||
HMODULE EnumeratedModules[1024] = {0};
|
|
||||||
WCHAR RemoteDLLPath[MAX_PATH] = {0};
|
|
||||||
HMODULE hModuleLocal = GetModuleHandleW(szDLLName);
|
|
||||||
WCHAR * dllName;
|
|
||||||
|
|
||||||
if(EnumProcessModules(hProcess, EnumeratedModules, sizeof(EnumeratedModules), &cbNeeded))
|
|
||||||
{
|
{
|
||||||
for(int i = 0; i < (int)(cbNeeded / sizeof(HMODULE)); i++)
|
HMODULE* hMods=(HMODULE*)malloc(cbNeeded*sizeof(HMODULE));
|
||||||
|
if(EnumProcessModules(hProcess, hMods, cbNeeded, &cbNeeded))
|
||||||
{
|
{
|
||||||
RemoteDLLPath[0] = 0;
|
for(unsigned int i=0; i<cbNeeded/sizeof(HMODULE); i++)
|
||||||
if(GetModuleFileNameExW(hProcess, EnumeratedModules[i], RemoteDLLPath, _countof(RemoteDLLPath)) > 0)
|
|
||||||
{
|
{
|
||||||
dllName = wcsrchr(RemoteDLLPath, L'\\');
|
wchar_t szModuleName[MAX_PATH]=L"";
|
||||||
if (dllName)
|
if(GetModuleFileNameExW(hProcess, hMods[i], szModuleName, _countof(szModuleName)))
|
||||||
|
{
|
||||||
|
wchar_t* dllName=wcsrchr(szModuleName, L'\\');
|
||||||
|
if(dllName)
|
||||||
{
|
{
|
||||||
dllName++;
|
dllName++;
|
||||||
if(_wcsicmp(dllName, szDLLName) == 0)
|
if(!_wcsicmp(dllName, szDLLName))
|
||||||
{
|
{
|
||||||
LONG_PTR funcAddress = 0;
|
HMODULE hModule = LoadLibraryExW(szModuleName, 0, DONT_RESOLVE_DLL_REFERENCES|LOAD_LIBRARY_AS_DATAFILE);
|
||||||
|
if (hModule)
|
||||||
if (hModuleLocal)
|
|
||||||
{
|
{
|
||||||
funcAddress = (LONG_PTR)GetProcAddress(hModuleLocal, szAPIName);
|
ULONG_PTR funcAddress=(ULONG_PTR)GetProcAddress(hModule, szAPIName);
|
||||||
if (funcAddress)
|
if(funcAddress)
|
||||||
{
|
{
|
||||||
return (LONG_PTR)funcAddress - (LONG_PTR)hModuleLocal + (LONG_PTR)EnumeratedModules[i];
|
funcAddress-=(ULONG_PTR)hModule; //rva
|
||||||
}
|
FreeLibrary(hModule);
|
||||||
}
|
return funcAddress+(ULONG_PTR)hMods[i]; //va
|
||||||
else
|
|
||||||
{
|
|
||||||
hModuleLocal = LoadLibraryExW(RemoteDLLPath, 0, DONT_RESOLVE_DLL_REFERENCES);
|
|
||||||
if (hModuleLocal)
|
|
||||||
{
|
|
||||||
funcAddress = (LONG_PTR)GetProcAddress(hModuleLocal, szAPIName);
|
|
||||||
funcAddress = (LONG_PTR)funcAddress - (LONG_PTR)hModuleLocal + (LONG_PTR)EnumeratedModules[i];
|
|
||||||
FreeLibrary(hModuleLocal);
|
|
||||||
return funcAddress;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
@ -63,7 +47,8 @@ ULONG_PTR EngineGetProcAddressRemote(HANDLE hProcess, const WCHAR * szDLLName, c
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
free(hMods);
|
||||||
|
}
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -89,3 +74,36 @@ ULONG_PTR EngineGetProcAddressRemote(const char * szDLLName, const char* szAPINa
|
||||||
{
|
{
|
||||||
return EngineGetProcAddressRemote(0, szDLLName, szAPIName);
|
return EngineGetProcAddressRemote(0, szDLLName, szAPIName);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
ULONG_PTR EngineGetModuleBaseRemote(HANDLE hProcess, ULONG_PTR APIAddress)
|
||||||
|
{
|
||||||
|
if(!hProcess) //no process specified
|
||||||
|
{
|
||||||
|
if(!dbgProcessInformation.hProcess)
|
||||||
|
hProcess = GetCurrentProcess();
|
||||||
|
else
|
||||||
|
hProcess = dbgProcessInformation.hProcess;
|
||||||
|
}
|
||||||
|
DWORD cbNeeded=0;
|
||||||
|
if(EnumProcessModules(hProcess, 0, 0, &cbNeeded))
|
||||||
|
{
|
||||||
|
HMODULE* hMods=(HMODULE*)malloc(cbNeeded*sizeof(HMODULE));
|
||||||
|
if(EnumProcessModules(hProcess, hMods, cbNeeded, &cbNeeded))
|
||||||
|
{
|
||||||
|
for(unsigned int i=0; i<cbNeeded/sizeof(HMODULE); i++)
|
||||||
|
{
|
||||||
|
MODULEINFO modinfo;
|
||||||
|
memset(&modinfo, 0, sizeof(MODULEINFO));
|
||||||
|
if(GetModuleInformation(hProcess, hMods[i], &modinfo, sizeof(MODULEINFO)))
|
||||||
|
{
|
||||||
|
ULONG_PTR start=(ULONG_PTR)hMods[i];
|
||||||
|
ULONG_PTR end=modinfo.SizeOfImage;
|
||||||
|
if(APIAddress>=start && APIAddress<end)
|
||||||
|
return start;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
free(hMods);
|
||||||
|
}
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
|
||||||
|
|
@ -6,5 +6,6 @@ ULONG_PTR EngineGetProcAddressRemote(const char * szDLLName, const char* szAPINa
|
||||||
ULONG_PTR EngineGetProcAddressRemote(HANDLE hProcess, const char * szDLLName, const char* szAPIName);
|
ULONG_PTR EngineGetProcAddressRemote(HANDLE hProcess, const char * szDLLName, const char* szAPIName);
|
||||||
ULONG_PTR EngineGetProcAddressRemote(const WCHAR * szDLLName, const char* szAPIName);
|
ULONG_PTR EngineGetProcAddressRemote(const WCHAR * szDLLName, const char* szAPIName);
|
||||||
ULONG_PTR EngineGetProcAddressRemote(HANDLE hProcess, const WCHAR * szDLLName, const char* szAPIName);
|
ULONG_PTR EngineGetProcAddressRemote(HANDLE hProcess, const WCHAR * szDLLName, const char* szAPIName);
|
||||||
|
ULONG_PTR EngineGetModuleBaseRemote(HANDLE hProcess, ULONG_PTR APIAddress);
|
||||||
|
|
||||||
#endif //_GLOBAL_ENGINE_IMPORTER_H
|
#endif //_GLOBAL_ENGINE_IMPORTER_H
|
||||||
|
|
@ -4,6 +4,7 @@
|
||||||
#include "Global.Engine.h"
|
#include "Global.Engine.h"
|
||||||
#include "Global.Librarian.h"
|
#include "Global.Librarian.h"
|
||||||
#include "Global.Engine.Importer.h"
|
#include "Global.Engine.Importer.h"
|
||||||
|
#include "Global.Debugger.h"
|
||||||
#include "scylla_wrapper.h"
|
#include "scylla_wrapper.h"
|
||||||
#include <psapi.h>
|
#include <psapi.h>
|
||||||
|
|
||||||
|
|
@ -16,6 +17,7 @@ __declspec(dllexport) void TITCALL ImporterAddNewDll(char* szDLLName, ULONG_PTR
|
||||||
|
|
||||||
scylla_addModule(uniDLLName, FirstThunk);
|
scylla_addModule(uniDLLName, FirstThunk);
|
||||||
}
|
}
|
||||||
|
|
||||||
__declspec(dllexport) void TITCALL ImporterAddNewAPI(char* szAPIName, ULONG_PTR ThunkValue)
|
__declspec(dllexport) void TITCALL ImporterAddNewAPI(char* szAPIName, ULONG_PTR ThunkValue)
|
||||||
{
|
{
|
||||||
wchar_t uniAPIName[MAX_PATH] = {};
|
wchar_t uniAPIName[MAX_PATH] = {};
|
||||||
|
|
@ -24,88 +26,106 @@ __declspec(dllexport) void TITCALL ImporterAddNewAPI(char* szAPIName, ULONG_PTR
|
||||||
|
|
||||||
scylla_addImport(uniAPIName, ThunkValue);
|
scylla_addImport(uniAPIName, ThunkValue);
|
||||||
}
|
}
|
||||||
|
|
||||||
__declspec(dllexport) void TITCALL ImporterAddNewOrdinalAPI(ULONG_PTR OrdinalNumber, ULONG_PTR ThunkValue)
|
__declspec(dllexport) void TITCALL ImporterAddNewOrdinalAPI(ULONG_PTR OrdinalNumber, ULONG_PTR ThunkValue)
|
||||||
{
|
{
|
||||||
|
ImporterAddNewAPI((char*)(OrdinalNumber&~IMAGE_ORDINAL_FLAG), ThunkValue);
|
||||||
if(OrdinalNumber & IMAGE_ORDINAL_FLAG)
|
|
||||||
{
|
|
||||||
OrdinalNumber = OrdinalNumber ^ IMAGE_ORDINAL_FLAG;
|
|
||||||
ImporterAddNewAPI((char*)OrdinalNumber, ThunkValue);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
ImporterAddNewAPI((char*)OrdinalNumber, ThunkValue);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
__declspec(dllexport) long TITCALL ImporterGetAddedDllCount()
|
__declspec(dllexport) long TITCALL ImporterGetAddedDllCount()
|
||||||
{
|
{
|
||||||
return scylla_getModuleCount();
|
return scylla_getModuleCount();
|
||||||
}
|
}
|
||||||
|
|
||||||
__declspec(dllexport) long TITCALL ImporterGetAddedAPICount()
|
__declspec(dllexport) long TITCALL ImporterGetAddedAPICount()
|
||||||
{
|
{
|
||||||
return scylla_getImportCount();
|
return scylla_getImportCount();
|
||||||
}
|
}
|
||||||
|
|
||||||
__declspec(dllexport) bool TITCALL ImporterExportIAT(ULONG_PTR StorePlace, ULONG_PTR FileMapVA, HANDLE hFileMap)
|
__declspec(dllexport) bool TITCALL ImporterExportIAT(ULONG_PTR StorePlace, ULONG_PTR FileMapVA, HANDLE hFileMap)
|
||||||
{
|
{
|
||||||
if(scylla_fixMappedDump(StorePlace, FileMapVA, hFileMap) != SCY_ERROR_SUCCESS)
|
return (scylla_fixMappedDump(StorePlace, FileMapVA, hFileMap) == SCY_ERROR_SUCCESS);
|
||||||
{
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
return true;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
__declspec(dllexport) long TITCALL ImporterEstimatedSize()
|
__declspec(dllexport) long TITCALL ImporterEstimatedSize()
|
||||||
{
|
{
|
||||||
return scylla_estimatedIATSize();
|
return scylla_estimatedIATSize();
|
||||||
}
|
}
|
||||||
|
|
||||||
__declspec(dllexport) bool TITCALL ImporterExportIATEx(char* szDumpFileName, char* szExportFileName, char* szSectionName)
|
__declspec(dllexport) bool TITCALL ImporterExportIATEx(char* szDumpFileName, char* szExportFileName, char* szSectionName)
|
||||||
{
|
{
|
||||||
|
|
||||||
wchar_t uniExportFileName[MAX_PATH] = {};
|
wchar_t uniExportFileName[MAX_PATH] = {};
|
||||||
wchar_t uniDumpFileName[MAX_PATH] = {};
|
wchar_t uniDumpFileName[MAX_PATH] = {};
|
||||||
wchar_t uniSectionName[MAX_PATH] = {};
|
wchar_t uniSectionName[MAX_PATH] = {};
|
||||||
|
|
||||||
if(szExportFileName != NULL && szDumpFileName != NULL)
|
if(szExportFileName != NULL && szDumpFileName != NULL)
|
||||||
{
|
{
|
||||||
MultiByteToWideChar(CP_ACP, NULL, szExportFileName, lstrlenA(szExportFileName)+1, uniExportFileName, sizeof(uniExportFileName)/(sizeof(uniExportFileName[0])));
|
MultiByteToWideChar(CP_ACP, NULL, szExportFileName, lstrlenA(szExportFileName)+1, uniExportFileName, sizeof(uniExportFileName)/(sizeof(uniExportFileName[0])));
|
||||||
MultiByteToWideChar(CP_ACP, NULL, szDumpFileName, lstrlenA(szDumpFileName)+1, uniDumpFileName, sizeof(uniDumpFileName)/(sizeof(uniDumpFileName[0])));
|
MultiByteToWideChar(CP_ACP, NULL, szDumpFileName, lstrlenA(szDumpFileName)+1, uniDumpFileName, sizeof(uniDumpFileName)/(sizeof(uniDumpFileName[0])));
|
||||||
MultiByteToWideChar(CP_ACP, NULL, szSectionName, lstrlenA(szSectionName)+1, uniSectionName, sizeof(uniSectionName)/(sizeof(uniSectionName[0])));
|
MultiByteToWideChar(CP_ACP, NULL, szSectionName, lstrlenA(szSectionName)+1, uniSectionName, sizeof(uniSectionName)/(sizeof(uniSectionName[0])));
|
||||||
return(ImporterExportIATExW(uniDumpFileName, uniExportFileName, uniSectionName));
|
return ImporterExportIATExW(uniDumpFileName, uniExportFileName, uniSectionName);
|
||||||
}
|
}
|
||||||
else
|
|
||||||
{
|
|
||||||
return false;
|
return false;
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
__declspec(dllexport) bool TITCALL ImporterExportIATExW(wchar_t* szDumpFileName, wchar_t* szExportFileName, wchar_t* szSectionName)
|
__declspec(dllexport) bool TITCALL ImporterExportIATExW(wchar_t* szDumpFileName, wchar_t* szExportFileName, wchar_t* szSectionName)
|
||||||
{
|
{
|
||||||
if(scylla_fixDump(szDumpFileName, szExportFileName, szSectionName) != SCY_ERROR_SUCCESS)
|
return (scylla_fixDump(szDumpFileName, szExportFileName, szSectionName) == SCY_ERROR_SUCCESS);
|
||||||
{
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
return true;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
__declspec(dllexport) long long TITCALL ImporterFindAPIWriteLocation(char* szAPIName)
|
__declspec(dllexport) long long TITCALL ImporterFindAPIWriteLocation(char* szAPIName)
|
||||||
{
|
{
|
||||||
return(scylla_findImportWriteLocation(szAPIName));
|
return scylla_findImportWriteLocation(szAPIName);
|
||||||
}
|
}
|
||||||
|
|
||||||
__declspec(dllexport) long long TITCALL ImporterFindOrdinalAPIWriteLocation(ULONG_PTR OrdinalNumber)
|
__declspec(dllexport) long long TITCALL ImporterFindOrdinalAPIWriteLocation(ULONG_PTR OrdinalNumber)
|
||||||
{
|
{
|
||||||
return(scylla_findOrdinalImportWriteLocation(OrdinalNumber));
|
return scylla_findOrdinalImportWriteLocation(OrdinalNumber);
|
||||||
}
|
}
|
||||||
|
|
||||||
__declspec(dllexport) long long TITCALL ImporterFindAPIByWriteLocation(ULONG_PTR APIWriteLocation)
|
__declspec(dllexport) long long TITCALL ImporterFindAPIByWriteLocation(ULONG_PTR APIWriteLocation)
|
||||||
{
|
{
|
||||||
return(scylla_findImportNameByWriteLocation(APIWriteLocation));
|
return scylla_findImportNameByWriteLocation(APIWriteLocation);
|
||||||
}
|
}
|
||||||
|
|
||||||
__declspec(dllexport) long long TITCALL ImporterFindDLLByWriteLocation(ULONG_PTR APIWriteLocation)
|
__declspec(dllexport) long long TITCALL ImporterFindDLLByWriteLocation(ULONG_PTR APIWriteLocation)
|
||||||
{
|
{
|
||||||
return scylla_findModuleNameByWriteLocation(APIWriteLocation);
|
return scylla_findModuleNameByWriteLocation(APIWriteLocation);
|
||||||
}
|
}
|
||||||
|
|
||||||
__declspec(dllexport) void* TITCALL ImporterGetDLLName(ULONG_PTR APIAddress)
|
__declspec(dllexport) void* TITCALL ImporterGetDLLName(ULONG_PTR APIAddress)
|
||||||
{
|
{
|
||||||
return((LPVOID)EngineGlobalAPIHandler(NULL, NULL, APIAddress, NULL, UE_OPTION_IMPORTER_RETURN_DLLNAME));
|
HANDLE hProcess;
|
||||||
|
if(!dbgProcessInformation.hProcess)
|
||||||
|
hProcess = GetCurrentProcess();
|
||||||
|
else
|
||||||
|
hProcess = dbgProcessInformation.hProcess;
|
||||||
|
ULONG_PTR moduleBase=EngineGetModuleBaseRemote(hProcess, APIAddress);
|
||||||
|
if(moduleBase)
|
||||||
|
{
|
||||||
|
static char szModuleName[MAX_PATH]="";
|
||||||
|
if(GetModuleFileNameExA(hProcess, (HMODULE)moduleBase, szModuleName, _countof(szModuleName)))
|
||||||
|
return szModuleName;
|
||||||
|
}
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
__declspec(dllexport) void* TITCALL ImporterGetDLLNameW(ULONG_PTR APIAddress)
|
||||||
|
{
|
||||||
|
HANDLE hProcess;
|
||||||
|
if(!dbgProcessInformation.hProcess)
|
||||||
|
hProcess = GetCurrentProcess();
|
||||||
|
else
|
||||||
|
hProcess = dbgProcessInformation.hProcess;
|
||||||
|
ULONG_PTR moduleBase=EngineGetModuleBaseRemote(hProcess, APIAddress);
|
||||||
|
if(moduleBase)
|
||||||
|
{
|
||||||
|
static wchar_t szModuleName[MAX_PATH]=L"";
|
||||||
|
if(GetModuleFileNameExW(hProcess, (HMODULE)moduleBase, szModuleName, _countof(szModuleName)))
|
||||||
|
return szModuleName;
|
||||||
|
}
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
__declspec(dllexport) void* TITCALL ImporterGetAPIName(ULONG_PTR APIAddress)
|
__declspec(dllexport) void* TITCALL ImporterGetAPIName(ULONG_PTR APIAddress)
|
||||||
{
|
{
|
||||||
return((LPVOID)EngineGlobalAPIHandler(NULL, NULL, APIAddress, NULL, UE_OPTION_IMPORTER_RETURN_APINAME));
|
return((LPVOID)EngineGlobalAPIHandler(NULL, NULL, APIAddress, NULL, UE_OPTION_IMPORTER_RETURN_APINAME));
|
||||||
|
|
|
||||||
|
|
@ -249,6 +249,7 @@ __declspec(dllexport) long long TITCALL ImporterFindOrdinalAPIWriteLocation(ULON
|
||||||
__declspec(dllexport) long long TITCALL ImporterFindAPIByWriteLocation(ULONG_PTR APIWriteLocation);
|
__declspec(dllexport) long long TITCALL ImporterFindAPIByWriteLocation(ULONG_PTR APIWriteLocation);
|
||||||
__declspec(dllexport) long long TITCALL ImporterFindDLLByWriteLocation(ULONG_PTR APIWriteLocation);
|
__declspec(dllexport) long long TITCALL ImporterFindDLLByWriteLocation(ULONG_PTR APIWriteLocation);
|
||||||
__declspec(dllexport) void* TITCALL ImporterGetDLLName(ULONG_PTR APIAddress);
|
__declspec(dllexport) void* TITCALL ImporterGetDLLName(ULONG_PTR APIAddress);
|
||||||
|
__declspec(dllexport) void* TITCALL ImporterGetDLLNameW(ULONG_PTR APIAddress);
|
||||||
__declspec(dllexport) void* TITCALL ImporterGetAPIName(ULONG_PTR APIAddress);
|
__declspec(dllexport) void* TITCALL ImporterGetAPIName(ULONG_PTR APIAddress);
|
||||||
__declspec(dllexport) long long TITCALL ImporterGetAPIOrdinalNumber(ULONG_PTR APIAddress);
|
__declspec(dllexport) long long TITCALL ImporterGetAPIOrdinalNumber(ULONG_PTR APIAddress);
|
||||||
__declspec(dllexport) void* TITCALL ImporterGetAPINameEx(ULONG_PTR APIAddress, ULONG_PTR DLLBasesList);
|
__declspec(dllexport) void* TITCALL ImporterGetAPINameEx(ULONG_PTR APIAddress, ULONG_PTR DLLBasesList);
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue