mirror of https://github.com/x64dbg/TitanEngine
- more fixes for issue #8
This commit is contained in:
parent
6d23bb68a6
commit
64bfce97c1
|
|
@ -180,7 +180,7 @@ bool EngineCreatePathForFile(char* szFileName)
|
|||
{
|
||||
RtlZeroMemory(szCreateFolder, 2 * MAX_PATH);
|
||||
RtlCopyMemory(szCreateFolder, szFileName, i + 1);
|
||||
CreateDirectoryA(szCreateFolder, NULL);
|
||||
return !!CreateDirectoryA(szCreateFolder, NULL);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -796,7 +796,7 @@ long EngineHashMemory(char* MemoryAddress, int MemorySize, DWORD InitialHashValu
|
|||
return(HashValue);
|
||||
}
|
||||
|
||||
bool EngineIsBadReadPtrEx(LPVOID DataPointer, DWORD DataSize)
|
||||
bool EngineIsValidReadPtrEx(LPVOID DataPointer, DWORD DataSize)
|
||||
{
|
||||
|
||||
MEMORY_BASIC_INFORMATION MemInfo = {0};
|
||||
|
|
@ -830,30 +830,22 @@ bool EngineValidateResource(HMODULE hModule, LPCTSTR lpszType, LPTSTR lpszName,
|
|||
BYTE ReturnData = UE_FIELD_FIXABLE_CRITICAL;
|
||||
|
||||
hResource = FindResourceA(hModule, (LPCSTR)lpszName, (LPCSTR)lpszType);
|
||||
if(hResource != NULL)
|
||||
if(hResource != NULL) //FindResourceA didn't fail
|
||||
{
|
||||
hResourceGlobal = LoadResource(hModule, hResource);
|
||||
if(hResourceGlobal != NULL)
|
||||
if(hResourceGlobal != NULL) //LoadResource didn't fail
|
||||
{
|
||||
ResourceSize = SizeofResource(hModule, hResource);
|
||||
ResourceData = LockResource(hResourceGlobal);
|
||||
if(ResourceData != NULL)
|
||||
if(ResourceData != NULL) //LockResource didn't fail
|
||||
{
|
||||
if(!EngineIsBadReadPtrEx(ResourceData, ResourceSize))
|
||||
if(EngineIsValidReadPtrEx(ResourceData, ResourceSize)) //ResourceData is a valid read pointer
|
||||
{
|
||||
*((LONG*)lParam) = ReturnData;
|
||||
return false;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
*((LONG*)lParam) = ReturnData;
|
||||
return false;
|
||||
}
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
*((LONG*)lParam) = ReturnData;
|
||||
return false;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -42,7 +42,7 @@ bool EngineIsDependencyPresentW(wchar_t* szFileName, wchar_t* szDependencyForFil
|
|||
bool EngineGetDependencyLocation(char* szFileName, char* szDependencyForFile, void* szLocationOfTheFile, int MaxStringSize);
|
||||
long EngineHashString(char* szStringToHash);
|
||||
long EngineHashMemory(char* MemoryAddress, int MemorySize, DWORD InitialHashValue);
|
||||
bool EngineIsBadReadPtrEx(LPVOID DataPointer, DWORD DataSize);
|
||||
bool EngineIsValidReadPtrEx(LPVOID DataPointer, DWORD DataSize);
|
||||
bool EngineValidateResource(HMODULE hModule, LPCTSTR lpszType, LPTSTR lpszName, LONG_PTR lParam);
|
||||
bool EngineValidateHeader(ULONG_PTR FileMapVA, HANDLE hFileProc, LPVOID ImageBase, PIMAGE_DOS_HEADER DOSHeader, bool IsFile);
|
||||
long long EngineSimulateNtLoaderW(wchar_t* szFileName);
|
||||
|
|
|
|||
|
|
@ -171,7 +171,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
|
|||
ConvertedAddress = (ULONG_PTR)ConvertVAtoFileOffsetEx(FileMapVA, FileSize, NULL, PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress + PEHeader32->OptionalHeader.ImageBase, false, true);
|
||||
if(ConvertedAddress != NULL)
|
||||
{
|
||||
if(EngineIsBadReadPtrEx((LPVOID)ConvertedAddress, PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size))
|
||||
if(EngineIsValidReadPtrEx((LPVOID)ConvertedAddress, PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size))
|
||||
{
|
||||
PEExports = (PIMAGE_EXPORT_DIRECTORY)ConvertedAddress;
|
||||
if(PEExports->AddressOfFunctions > CorrectedImageSize || PEExports->AddressOfFunctions + 4 * PEExports->NumberOfFunctions > CorrectedImageSize)
|
||||
|
|
@ -269,7 +269,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
|
|||
ConvertedAddress = (ULONG_PTR)ConvertVAtoFileOffsetEx(FileMapVA, FileSize, NULL, PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress + PEHeader32->OptionalHeader.ImageBase, false, true);
|
||||
if(ConvertedAddress != NULL)
|
||||
{
|
||||
if(EngineIsBadReadPtrEx((LPVOID)ConvertedAddress, PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size))
|
||||
if(EngineIsValidReadPtrEx((LPVOID)ConvertedAddress, PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size))
|
||||
{
|
||||
RtlMoveMemory(&ReadData, (LPVOID)ConvertedAddress, 4);
|
||||
RtlMoveMemory(&ReadSize, (LPVOID)(ConvertedAddress + 4), 4);
|
||||
|
|
@ -324,7 +324,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
|
|||
ConvertedAddress = (ULONG_PTR)ConvertVAtoFileOffsetEx(FileMapVA, FileSize, NULL, PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress + PEHeader32->OptionalHeader.ImageBase, false, true);
|
||||
if(ConvertedAddress != NULL)
|
||||
{
|
||||
if(EngineIsBadReadPtrEx((LPVOID)ConvertedAddress, PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size))
|
||||
if(EngineIsValidReadPtrEx((LPVOID)ConvertedAddress, PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size))
|
||||
{
|
||||
PEExports = (PIMAGE_EXPORT_DIRECTORY)ConvertedAddress;
|
||||
if(PEExports->AddressOfFunctions > CorrectedImageSize || PEExports->AddressOfFunctions + 4 * PEExports->NumberOfFunctions > CorrectedImageSize)
|
||||
|
|
@ -467,7 +467,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
|
|||
ImportNamePtr = (ULONG_PTR)ConvertVAtoFileOffsetEx(FileMapVA, FileSize, (ULONG_PTR)PEHeader32->OptionalHeader.ImageBase, (ULONG_PTR)((ULONG_PTR)ThunkData32->u1.AddressOfData + 2 + PEHeader32->OptionalHeader.ImageBase), false, true);
|
||||
if(ImportNamePtr != NULL)
|
||||
{
|
||||
if(!EngineIsBadReadPtrEx((LPVOID)ImportNamePtr, 8))
|
||||
if(!EngineIsValidReadPtrEx((LPVOID)ImportNamePtr, 8))
|
||||
{
|
||||
myFileStatusInfo.ImportTableData = UE_FIELD_BROKEN_NON_FIXABLE;
|
||||
}
|
||||
|
|
@ -910,7 +910,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
|
|||
ConvertedAddress = (ULONG_PTR)ConvertVAtoFileOffsetEx(FileMapVA, FileSize, NULL, PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress + (ULONG_PTR)PEHeader64->OptionalHeader.ImageBase, false, true);
|
||||
if(ConvertedAddress != NULL)
|
||||
{
|
||||
if(EngineIsBadReadPtrEx((LPVOID)ConvertedAddress, PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size))
|
||||
if(EngineIsValidReadPtrEx((LPVOID)ConvertedAddress, PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size))
|
||||
{
|
||||
PEExports = (PIMAGE_EXPORT_DIRECTORY)ConvertedAddress;
|
||||
if(PEExports->AddressOfFunctions > CorrectedImageSize || PEExports->AddressOfFunctions + 4 * PEExports->NumberOfFunctions > CorrectedImageSize)
|
||||
|
|
@ -1008,7 +1008,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
|
|||
ConvertedAddress = (ULONG_PTR)ConvertVAtoFileOffsetEx(FileMapVA, FileSize, NULL, PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress + (ULONG_PTR)PEHeader64->OptionalHeader.ImageBase, false, true);
|
||||
if(ConvertedAddress != NULL)
|
||||
{
|
||||
if(EngineIsBadReadPtrEx((LPVOID)ConvertedAddress, PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size))
|
||||
if(EngineIsValidReadPtrEx((LPVOID)ConvertedAddress, PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size))
|
||||
{
|
||||
RtlMoveMemory(&ReadData, (LPVOID)ConvertedAddress, 4);
|
||||
RtlMoveMemory(&ReadSize, (LPVOID)(ConvertedAddress + 4), 4);
|
||||
|
|
@ -1063,7 +1063,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
|
|||
ConvertedAddress = (ULONG_PTR)ConvertVAtoFileOffsetEx(FileMapVA, FileSize, NULL, PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress + (ULONG_PTR)PEHeader64->OptionalHeader.ImageBase, false, true);
|
||||
if(ConvertedAddress != NULL)
|
||||
{
|
||||
if(EngineIsBadReadPtrEx((LPVOID)ConvertedAddress, PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size))
|
||||
if(EngineIsValidReadPtrEx((LPVOID)ConvertedAddress, PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size))
|
||||
{
|
||||
PEExports = (PIMAGE_EXPORT_DIRECTORY)ConvertedAddress;
|
||||
if(PEExports->AddressOfFunctions > CorrectedImageSize || PEExports->AddressOfFunctions + 4 * PEExports->NumberOfFunctions > CorrectedImageSize)
|
||||
|
|
@ -1206,7 +1206,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
|
|||
ImportNamePtr = (ULONG_PTR)ConvertVAtoFileOffsetEx(FileMapVA, FileSize, (ULONG_PTR)(ULONG_PTR)PEHeader64->OptionalHeader.ImageBase, (ULONG_PTR)((ULONG_PTR)ThunkData64->u1.AddressOfData + 2 + (ULONG_PTR)PEHeader64->OptionalHeader.ImageBase), false, true);
|
||||
if(ImportNamePtr != NULL)
|
||||
{
|
||||
if(!EngineIsBadReadPtrEx((LPVOID)ImportNamePtr, 8))
|
||||
if(!EngineIsValidReadPtrEx((LPVOID)ImportNamePtr, 8))
|
||||
{
|
||||
myFileStatusInfo.ImportTableData = UE_FIELD_BROKEN_NON_FIXABLE;
|
||||
}
|
||||
|
|
@ -1786,7 +1786,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
|
|||
ImportNamePtr = (ULONG_PTR)ConvertVAtoFileOffsetEx(FileMapVA, FileSize, (ULONG_PTR)PEHeader32->OptionalHeader.ImageBase, (ULONG_PTR)((ULONG_PTR)ThunkData32->u1.AddressOfData + 2 + PEHeader32->OptionalHeader.ImageBase), false, true);
|
||||
if(ImportNamePtr != NULL)
|
||||
{
|
||||
if(EngineIsBadReadPtrEx((LPVOID)ImportNamePtr, 8))
|
||||
if(EngineIsValidReadPtrEx((LPVOID)ImportNamePtr, 8))
|
||||
{
|
||||
if(hLoadedModule != NULL)
|
||||
{
|
||||
|
|
@ -1848,7 +1848,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
|
|||
ConvertedAddress = (ULONG_PTR)ConvertVAtoFileOffsetEx(FileMapVA, FileSize, NULL, PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress + PEHeader32->OptionalHeader.ImageBase, false, true);
|
||||
if(ConvertedAddress != NULL)
|
||||
{
|
||||
if(EngineIsBadReadPtrEx((LPVOID)ConvertedAddress, PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size))
|
||||
if(EngineIsValidReadPtrEx((LPVOID)ConvertedAddress, PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size))
|
||||
{
|
||||
PEExports = (PIMAGE_EXPORT_DIRECTORY)ConvertedAddress;
|
||||
if(PEExports->AddressOfFunctions > CorrectedImageSize || PEExports->AddressOfFunctions + 4 * PEExports->NumberOfFunctions > CorrectedImageSize)
|
||||
|
|
@ -1917,7 +1917,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
|
|||
ConvertedAddress = (ULONG_PTR)ConvertVAtoFileOffsetEx(FileMapVA, FileSize, NULL, PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress + PEHeader32->OptionalHeader.ImageBase, false, true);
|
||||
if(ConvertedAddress != NULL)
|
||||
{
|
||||
if(EngineIsBadReadPtrEx((LPVOID)ConvertedAddress, PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size))
|
||||
if(EngineIsValidReadPtrEx((LPVOID)ConvertedAddress, PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size))
|
||||
{
|
||||
RtlMoveMemory(&ReadData, (LPVOID)ConvertedAddress, 4);
|
||||
RtlMoveMemory(&ReadSize, (LPVOID)(ConvertedAddress + 4), 4);
|
||||
|
|
@ -2379,7 +2379,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
|
|||
ImportNamePtr = (ULONG_PTR)ConvertVAtoFileOffsetEx(FileMapVA, FileSize, (ULONG_PTR)PEHeader64->OptionalHeader.ImageBase, (ULONG_PTR)((ULONG_PTR)ThunkData64->u1.AddressOfData + 2 + (ULONG_PTR)PEHeader64->OptionalHeader.ImageBase), false, true);
|
||||
if(ImportNamePtr != NULL)
|
||||
{
|
||||
if(EngineIsBadReadPtrEx((LPVOID)ImportNamePtr, 8))
|
||||
if(EngineIsValidReadPtrEx((LPVOID)ImportNamePtr, 8))
|
||||
{
|
||||
if(hLoadedModule != NULL)
|
||||
{
|
||||
|
|
@ -2441,7 +2441,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
|
|||
ConvertedAddress = (ULONG_PTR)ConvertVAtoFileOffsetEx(FileMapVA, FileSize, NULL, PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress + (ULONG_PTR)PEHeader64->OptionalHeader.ImageBase, false, true);
|
||||
if(ConvertedAddress != NULL)
|
||||
{
|
||||
if(EngineIsBadReadPtrEx((LPVOID)ConvertedAddress, PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size))
|
||||
if(EngineIsValidReadPtrEx((LPVOID)ConvertedAddress, PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size))
|
||||
{
|
||||
PEExports = (PIMAGE_EXPORT_DIRECTORY)ConvertedAddress;
|
||||
if(PEExports->AddressOfFunctions > CorrectedImageSize || PEExports->AddressOfFunctions + 4 * PEExports->NumberOfFunctions > CorrectedImageSize)
|
||||
|
|
@ -2510,7 +2510,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
|
|||
ConvertedAddress = (ULONG_PTR)ConvertVAtoFileOffsetEx(FileMapVA, FileSize, NULL, PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress + (ULONG_PTR)PEHeader64->OptionalHeader.ImageBase, false, true);
|
||||
if(ConvertedAddress != NULL)
|
||||
{
|
||||
if(EngineIsBadReadPtrEx((LPVOID)ConvertedAddress, PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size))
|
||||
if(EngineIsValidReadPtrEx((LPVOID)ConvertedAddress, PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size))
|
||||
{
|
||||
RtlMoveMemory(&ReadData, (LPVOID)ConvertedAddress, 4);
|
||||
RtlMoveMemory(&ReadSize, (LPVOID)(ConvertedAddress + 4), 4);
|
||||
|
|
|
|||
Loading…
Reference in New Issue