From 64bfce97c1eb1d195deb17769161938da0e0b310 Mon Sep 17 00:00:00 2001 From: "Mr. eXoDia" Date: Sat, 8 Mar 2014 20:22:20 +0100 Subject: [PATCH] - more fixes for issue #8 --- TitanEngine/Global.Engine.cpp | 22 +++++++--------------- TitanEngine/Global.Engine.h | 2 +- TitanEngine/TitanEngine.PE.Fixer.cpp | 28 ++++++++++++++-------------- 3 files changed, 22 insertions(+), 30 deletions(-) diff --git a/TitanEngine/Global.Engine.cpp b/TitanEngine/Global.Engine.cpp index 00830d1..84c2051 100644 --- a/TitanEngine/Global.Engine.cpp +++ b/TitanEngine/Global.Engine.cpp @@ -180,7 +180,7 @@ bool EngineCreatePathForFile(char* szFileName) { RtlZeroMemory(szCreateFolder, 2 * MAX_PATH); RtlCopyMemory(szCreateFolder, szFileName, i + 1); - CreateDirectoryA(szCreateFolder, NULL); + return !!CreateDirectoryA(szCreateFolder, NULL); } } } @@ -796,7 +796,7 @@ long EngineHashMemory(char* MemoryAddress, int MemorySize, DWORD InitialHashValu return(HashValue); } -bool EngineIsBadReadPtrEx(LPVOID DataPointer, DWORD DataSize) +bool EngineIsValidReadPtrEx(LPVOID DataPointer, DWORD DataSize) { MEMORY_BASIC_INFORMATION MemInfo = {0}; @@ -830,30 +830,22 @@ bool EngineValidateResource(HMODULE hModule, LPCTSTR lpszType, LPTSTR lpszName, BYTE ReturnData = UE_FIELD_FIXABLE_CRITICAL; hResource = FindResourceA(hModule, (LPCSTR)lpszName, (LPCSTR)lpszType); - if(hResource != NULL) + if(hResource != NULL) //FindResourceA didn't fail { hResourceGlobal = LoadResource(hModule, hResource); - if(hResourceGlobal != NULL) + if(hResourceGlobal != NULL) //LoadResource didn't fail { ResourceSize = SizeofResource(hModule, hResource); ResourceData = LockResource(hResourceGlobal); - if(ResourceData != NULL) + if(ResourceData != NULL) //LockResource didn't fail { - if(!EngineIsBadReadPtrEx(ResourceData, ResourceSize)) + if(EngineIsValidReadPtrEx(ResourceData, ResourceSize)) //ResourceData is a valid read pointer { - *((LONG*)lParam) = ReturnData; - return false; + return true; } } - else - { - *((LONG*)lParam) = ReturnData; - return false; - } } - return true; } - *((LONG*)lParam) = ReturnData; return false; } diff --git a/TitanEngine/Global.Engine.h b/TitanEngine/Global.Engine.h index 55f9bdb..f1a1e52 100644 --- a/TitanEngine/Global.Engine.h +++ b/TitanEngine/Global.Engine.h @@ -42,7 +42,7 @@ bool EngineIsDependencyPresentW(wchar_t* szFileName, wchar_t* szDependencyForFil bool EngineGetDependencyLocation(char* szFileName, char* szDependencyForFile, void* szLocationOfTheFile, int MaxStringSize); long EngineHashString(char* szStringToHash); long EngineHashMemory(char* MemoryAddress, int MemorySize, DWORD InitialHashValue); -bool EngineIsBadReadPtrEx(LPVOID DataPointer, DWORD DataSize); +bool EngineIsValidReadPtrEx(LPVOID DataPointer, DWORD DataSize); bool EngineValidateResource(HMODULE hModule, LPCTSTR lpszType, LPTSTR lpszName, LONG_PTR lParam); bool EngineValidateHeader(ULONG_PTR FileMapVA, HANDLE hFileProc, LPVOID ImageBase, PIMAGE_DOS_HEADER DOSHeader, bool IsFile); long long EngineSimulateNtLoaderW(wchar_t* szFileName); diff --git a/TitanEngine/TitanEngine.PE.Fixer.cpp b/TitanEngine/TitanEngine.PE.Fixer.cpp index 23cf5e3..0e82f55 100644 --- a/TitanEngine/TitanEngine.PE.Fixer.cpp +++ b/TitanEngine/TitanEngine.PE.Fixer.cpp @@ -171,7 +171,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD ConvertedAddress = (ULONG_PTR)ConvertVAtoFileOffsetEx(FileMapVA, FileSize, NULL, PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress + PEHeader32->OptionalHeader.ImageBase, false, true); if(ConvertedAddress != NULL) { - if(EngineIsBadReadPtrEx((LPVOID)ConvertedAddress, PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size)) + if(EngineIsValidReadPtrEx((LPVOID)ConvertedAddress, PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size)) { PEExports = (PIMAGE_EXPORT_DIRECTORY)ConvertedAddress; if(PEExports->AddressOfFunctions > CorrectedImageSize || PEExports->AddressOfFunctions + 4 * PEExports->NumberOfFunctions > CorrectedImageSize) @@ -269,7 +269,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD ConvertedAddress = (ULONG_PTR)ConvertVAtoFileOffsetEx(FileMapVA, FileSize, NULL, PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress + PEHeader32->OptionalHeader.ImageBase, false, true); if(ConvertedAddress != NULL) { - if(EngineIsBadReadPtrEx((LPVOID)ConvertedAddress, PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size)) + if(EngineIsValidReadPtrEx((LPVOID)ConvertedAddress, PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size)) { RtlMoveMemory(&ReadData, (LPVOID)ConvertedAddress, 4); RtlMoveMemory(&ReadSize, (LPVOID)(ConvertedAddress + 4), 4); @@ -324,7 +324,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD ConvertedAddress = (ULONG_PTR)ConvertVAtoFileOffsetEx(FileMapVA, FileSize, NULL, PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress + PEHeader32->OptionalHeader.ImageBase, false, true); if(ConvertedAddress != NULL) { - if(EngineIsBadReadPtrEx((LPVOID)ConvertedAddress, PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size)) + if(EngineIsValidReadPtrEx((LPVOID)ConvertedAddress, PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size)) { PEExports = (PIMAGE_EXPORT_DIRECTORY)ConvertedAddress; if(PEExports->AddressOfFunctions > CorrectedImageSize || PEExports->AddressOfFunctions + 4 * PEExports->NumberOfFunctions > CorrectedImageSize) @@ -467,7 +467,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD ImportNamePtr = (ULONG_PTR)ConvertVAtoFileOffsetEx(FileMapVA, FileSize, (ULONG_PTR)PEHeader32->OptionalHeader.ImageBase, (ULONG_PTR)((ULONG_PTR)ThunkData32->u1.AddressOfData + 2 + PEHeader32->OptionalHeader.ImageBase), false, true); if(ImportNamePtr != NULL) { - if(!EngineIsBadReadPtrEx((LPVOID)ImportNamePtr, 8)) + if(!EngineIsValidReadPtrEx((LPVOID)ImportNamePtr, 8)) { myFileStatusInfo.ImportTableData = UE_FIELD_BROKEN_NON_FIXABLE; } @@ -910,7 +910,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD ConvertedAddress = (ULONG_PTR)ConvertVAtoFileOffsetEx(FileMapVA, FileSize, NULL, PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress + (ULONG_PTR)PEHeader64->OptionalHeader.ImageBase, false, true); if(ConvertedAddress != NULL) { - if(EngineIsBadReadPtrEx((LPVOID)ConvertedAddress, PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size)) + if(EngineIsValidReadPtrEx((LPVOID)ConvertedAddress, PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size)) { PEExports = (PIMAGE_EXPORT_DIRECTORY)ConvertedAddress; if(PEExports->AddressOfFunctions > CorrectedImageSize || PEExports->AddressOfFunctions + 4 * PEExports->NumberOfFunctions > CorrectedImageSize) @@ -1008,7 +1008,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD ConvertedAddress = (ULONG_PTR)ConvertVAtoFileOffsetEx(FileMapVA, FileSize, NULL, PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress + (ULONG_PTR)PEHeader64->OptionalHeader.ImageBase, false, true); if(ConvertedAddress != NULL) { - if(EngineIsBadReadPtrEx((LPVOID)ConvertedAddress, PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size)) + if(EngineIsValidReadPtrEx((LPVOID)ConvertedAddress, PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size)) { RtlMoveMemory(&ReadData, (LPVOID)ConvertedAddress, 4); RtlMoveMemory(&ReadSize, (LPVOID)(ConvertedAddress + 4), 4); @@ -1063,7 +1063,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD ConvertedAddress = (ULONG_PTR)ConvertVAtoFileOffsetEx(FileMapVA, FileSize, NULL, PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress + (ULONG_PTR)PEHeader64->OptionalHeader.ImageBase, false, true); if(ConvertedAddress != NULL) { - if(EngineIsBadReadPtrEx((LPVOID)ConvertedAddress, PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size)) + if(EngineIsValidReadPtrEx((LPVOID)ConvertedAddress, PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size)) { PEExports = (PIMAGE_EXPORT_DIRECTORY)ConvertedAddress; if(PEExports->AddressOfFunctions > CorrectedImageSize || PEExports->AddressOfFunctions + 4 * PEExports->NumberOfFunctions > CorrectedImageSize) @@ -1206,7 +1206,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD ImportNamePtr = (ULONG_PTR)ConvertVAtoFileOffsetEx(FileMapVA, FileSize, (ULONG_PTR)(ULONG_PTR)PEHeader64->OptionalHeader.ImageBase, (ULONG_PTR)((ULONG_PTR)ThunkData64->u1.AddressOfData + 2 + (ULONG_PTR)PEHeader64->OptionalHeader.ImageBase), false, true); if(ImportNamePtr != NULL) { - if(!EngineIsBadReadPtrEx((LPVOID)ImportNamePtr, 8)) + if(!EngineIsValidReadPtrEx((LPVOID)ImportNamePtr, 8)) { myFileStatusInfo.ImportTableData = UE_FIELD_BROKEN_NON_FIXABLE; } @@ -1786,7 +1786,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV ImportNamePtr = (ULONG_PTR)ConvertVAtoFileOffsetEx(FileMapVA, FileSize, (ULONG_PTR)PEHeader32->OptionalHeader.ImageBase, (ULONG_PTR)((ULONG_PTR)ThunkData32->u1.AddressOfData + 2 + PEHeader32->OptionalHeader.ImageBase), false, true); if(ImportNamePtr != NULL) { - if(EngineIsBadReadPtrEx((LPVOID)ImportNamePtr, 8)) + if(EngineIsValidReadPtrEx((LPVOID)ImportNamePtr, 8)) { if(hLoadedModule != NULL) { @@ -1848,7 +1848,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV ConvertedAddress = (ULONG_PTR)ConvertVAtoFileOffsetEx(FileMapVA, FileSize, NULL, PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress + PEHeader32->OptionalHeader.ImageBase, false, true); if(ConvertedAddress != NULL) { - if(EngineIsBadReadPtrEx((LPVOID)ConvertedAddress, PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size)) + if(EngineIsValidReadPtrEx((LPVOID)ConvertedAddress, PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size)) { PEExports = (PIMAGE_EXPORT_DIRECTORY)ConvertedAddress; if(PEExports->AddressOfFunctions > CorrectedImageSize || PEExports->AddressOfFunctions + 4 * PEExports->NumberOfFunctions > CorrectedImageSize) @@ -1917,7 +1917,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV ConvertedAddress = (ULONG_PTR)ConvertVAtoFileOffsetEx(FileMapVA, FileSize, NULL, PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress + PEHeader32->OptionalHeader.ImageBase, false, true); if(ConvertedAddress != NULL) { - if(EngineIsBadReadPtrEx((LPVOID)ConvertedAddress, PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size)) + if(EngineIsValidReadPtrEx((LPVOID)ConvertedAddress, PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size)) { RtlMoveMemory(&ReadData, (LPVOID)ConvertedAddress, 4); RtlMoveMemory(&ReadSize, (LPVOID)(ConvertedAddress + 4), 4); @@ -2379,7 +2379,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV ImportNamePtr = (ULONG_PTR)ConvertVAtoFileOffsetEx(FileMapVA, FileSize, (ULONG_PTR)PEHeader64->OptionalHeader.ImageBase, (ULONG_PTR)((ULONG_PTR)ThunkData64->u1.AddressOfData + 2 + (ULONG_PTR)PEHeader64->OptionalHeader.ImageBase), false, true); if(ImportNamePtr != NULL) { - if(EngineIsBadReadPtrEx((LPVOID)ImportNamePtr, 8)) + if(EngineIsValidReadPtrEx((LPVOID)ImportNamePtr, 8)) { if(hLoadedModule != NULL) { @@ -2441,7 +2441,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV ConvertedAddress = (ULONG_PTR)ConvertVAtoFileOffsetEx(FileMapVA, FileSize, NULL, PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress + (ULONG_PTR)PEHeader64->OptionalHeader.ImageBase, false, true); if(ConvertedAddress != NULL) { - if(EngineIsBadReadPtrEx((LPVOID)ConvertedAddress, PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size)) + if(EngineIsValidReadPtrEx((LPVOID)ConvertedAddress, PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size)) { PEExports = (PIMAGE_EXPORT_DIRECTORY)ConvertedAddress; if(PEExports->AddressOfFunctions > CorrectedImageSize || PEExports->AddressOfFunctions + 4 * PEExports->NumberOfFunctions > CorrectedImageSize) @@ -2510,7 +2510,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV ConvertedAddress = (ULONG_PTR)ConvertVAtoFileOffsetEx(FileMapVA, FileSize, NULL, PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress + (ULONG_PTR)PEHeader64->OptionalHeader.ImageBase, false, true); if(ConvertedAddress != NULL) { - if(EngineIsBadReadPtrEx((LPVOID)ConvertedAddress, PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size)) + if(EngineIsValidReadPtrEx((LPVOID)ConvertedAddress, PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size)) { RtlMoveMemory(&ReadData, (LPVOID)ConvertedAddress, 4); RtlMoveMemory(&ReadSize, (LPVOID)(ConvertedAddress + 4), 4);