x64dbg
/
TitanEngine
mirror of https://github.com/x64dbg/TitanEngine
1
0
Fork 0
Code Releases Activity

massive formatting

This commit is contained in:
Mr. eXoDia 2014-08-05 01:04:23 +02:00
parent b350775721
commit 7726d8fcf1
65 changed files with 1422 additions and 1421 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
SDK/C/TitanEngine.h
View File

@ -590,8 +590,8 @@ __declspec(dllexport) ULONG_PTR TITCALL ConvertVAtoFileOffset(ULONG_PTR FileMapV
__declspec(dllexport) ULONG_PTR TITCALL ConvertVAtoFileOffsetEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool AddressIsRVA, bool ReturnType);
__declspec(dllexport) ULONG_PTR TITCALL ConvertFileOffsetToVA(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType);
__declspec(dllexport) ULONG_PTR TITCALL ConvertFileOffsetToVAEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool ReturnType);
__declspec(dllexport) bool TITCALL MemoryReadSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T * lpNumberOfBytesRead);
__declspec(dllexport) bool TITCALL MemoryWriteSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID lpBuffer, SIZE_T nSize, SIZE_T * lpNumberOfBytesWritten);
__declspec(dllexport) bool TITCALL MemoryReadSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T* lpNumberOfBytesRead);
__declspec(dllexport) bool TITCALL MemoryWriteSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID lpBuffer, SIZE_T nSize, SIZE_T* lpNumberOfBytesWritten);
// TitanEngine.Realigner.functions:
__declspec(dllexport) bool TITCALL FixHeaderCheckSum(char* szFileName);
__declspec(dllexport) bool TITCALL FixHeaderCheckSumW(wchar_t* szFileName);

4
SDK/CPP/TitanEngine.h
View File

@ -589,8 +589,8 @@ __declspec(dllimport) ULONG_PTR TITCALL ConvertVAtoFileOffset(ULONG_PTR FileMapV
__declspec(dllimport) ULONG_PTR TITCALL ConvertVAtoFileOffsetEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool AddressIsRVA, bool ReturnType);
__declspec(dllimport) ULONG_PTR TITCALL ConvertFileOffsetToVA(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType);
__declspec(dllimport) ULONG_PTR TITCALL ConvertFileOffsetToVAEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool ReturnType);
__declspec(dllimport) bool TITCALL MemoryReadSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T * lpNumberOfBytesRead);
__declspec(dllimport) bool TITCALL MemoryWriteSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID lpBuffer, SIZE_T nSize, SIZE_T * lpNumberOfBytesWritten);
__declspec(dllimport) bool TITCALL MemoryReadSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T* lpNumberOfBytesRead);
__declspec(dllimport) bool TITCALL MemoryWriteSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID lpBuffer, SIZE_T nSize, SIZE_T* lpNumberOfBytesWritten);
// TitanEngine.Realigner.functions:
__declspec(dllimport) bool TITCALL FixHeaderCheckSum(char* szFileName);
__declspec(dllimport) bool TITCALL FixHeaderCheckSumW(wchar_t* szFileName);

30
SDK/CPP/TitanEngine.hpp
View File

@ -407,11 +407,11 @@ protected:
{
return UE::ConvertFileOffsetToVAEx(FileMapVA, FileSize, ImageBase, AddressToConvert, ReturnType);
}
static bool MemoryReadSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T * lpNumberOfBytesRead)
static bool MemoryReadSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T* lpNumberOfBytesRead)
{
return UE::MemoryReadSafe(hProcess, lpBaseAddress, lpBuffer, nSize, lpNumberOfBytesRead);
}
static bool MemoryWriteSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID lpBuffer, SIZE_T nSize, SIZE_T * lpNumberOfBytesWritten)
static bool MemoryWriteSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID lpBuffer, SIZE_T nSize, SIZE_T* lpNumberOfBytesWritten)
{
return UE::MemoryWriteSafe(hProcess, lpBaseAddress, lpBuffer, nSize, lpNumberOfBytesWritten);
}
@ -986,7 +986,7 @@ class ResourcerX
protected:
typedef void(TITCALL *fResourceEnumCallback)(const wchar_t* szResourceType, DWORD ResourceType, const wchar_t* szResourceName, DWORD ResourceName, DWORD ResourceLanguage, DWORD ResourceData, DWORD ResourceSize);
typedef void(TITCALL* fResourceEnumCallback)(const wchar_t* szResourceType, DWORD ResourceType, const wchar_t* szResourceName, DWORD ResourceName, DWORD ResourceLanguage, DWORD ResourceData, DWORD ResourceSize);
static bool FreeLoadedFile(void* LoadedFileBase)
{
@ -1076,8 +1076,8 @@ public:
typedef UE::THREAD_ITEM_DATA THREAD_ITEM_DATA;
typedef void(TITCALL *fThreadEnumCallback)(const THREAD_ITEM_DATA* fThreadDetail);
typedef void(TITCALL *fThreadExitCallback)(const EXIT_THREAD_DEBUG_INFO* SpecialDBG);
typedef void(TITCALL* fThreadEnumCallback)(const THREAD_ITEM_DATA* fThreadDetail);
typedef void(TITCALL* fThreadExitCallback)(const EXIT_THREAD_DEBUG_INFO* SpecialDBG);
static bool ImportRunningThreadData(DWORD ProcessId)
{
@ -1177,8 +1177,8 @@ class DebuggerX
protected:
typedef void (TITCALL *fBreakPointCallback)();
typedef void (TITCALL *fCustomHandlerCallback)(const void* ExceptionData);
typedef void (TITCALL* fBreakPointCallback)();
typedef void (TITCALL* fCustomHandlerCallback)(const void* ExceptionData);
static const char* StaticDisassembleEx(ULONG_PTR DisassmStart, const void* DisassmAddress)
{
@ -1664,8 +1664,8 @@ public:
protected:
typedef void (TITCALL *fImportEnumCallBack)(void* ptrImportEnumData);
typedef void* (TITCALL *fImportFixCallback)(void* fIATPointer);
typedef void (TITCALL* fImportEnumCallBack)(void* ptrImportEnumData);
typedef void* (TITCALL* fImportFixCallback)(void* fIATPointer);
static void AddNewDll(const char* szDLLName, ULONG_PTR FirstThunk)
{
@ -1954,7 +1954,7 @@ class LibrarianX
{
protected:
typedef void (TITCALL *fLibraryBreakPointCallback)(const LOAD_DLL_DEBUG_INFO* SpecialDBG);
typedef void (TITCALL* fLibraryBreakPointCallback)(const LOAD_DLL_DEBUG_INFO* SpecialDBG);
static bool SetBreakPoint(const char* szLibraryName, eLibraryEvent bpxType, bool SingleShoot, fLibraryBreakPointCallback bpxCallBack)
{
@ -1972,7 +1972,7 @@ public:
typedef UE::LIBRARY_ITEM_DATA LIBRARY_ITEM_DATA;
typedef void (TITCALL *fLibraryEnumCallback)(const LIBRARY_ITEM_DATA* fLibraryDetail);
typedef void (TITCALL* fLibraryEnumCallback)(const LIBRARY_ITEM_DATA* fLibraryDetail);
static const LIBRARY_ITEM_DATA* GetLibraryInfo(const char* szLibraryName)
{
@ -1994,7 +1994,7 @@ public:
typedef UE::LIBRARY_ITEM_DATAW LIBRARY_ITEM_DATA;
typedef void (TITCALL *fLibraryEnumCallback)(const LIBRARY_ITEM_DATA* fLibraryDetail);
typedef void (TITCALL* fLibraryEnumCallback)(const LIBRARY_ITEM_DATA* fLibraryDetail);
static const LIBRARY_ITEM_DATA* GetLibraryInfo(const wchar_t* szLibraryName)
{
@ -2046,7 +2046,7 @@ public:
typedef UE::HOOK_ENTRY HOOK_ENTRY;
typedef bool(TITCALL *fHookEnumCallBack)(const HOOK_ENTRY* HookDetails, void* ptrOriginalInstructions, const LibrarianA::LIBRARY_ITEM_DATA* ModuleInformation, DWORD SizeOfImage);
typedef bool(TITCALL* fHookEnumCallBack)(const HOOK_ENTRY* HookDetails, void* ptrOriginalInstructions, const LibrarianA::LIBRARY_ITEM_DATA* ModuleInformation, DWORD SizeOfImage);
static bool SafeTransitionEx(void** HookAddressArray, int NumberOfHooks, bool TransitionStart)
{
@ -2256,7 +2256,7 @@ class ProcessX
{
protected:
typedef void(TITCALL *fProcessWithLibraryEnumCallback)(DWORD ProcessId, HMODULE ModuleBaseAddress);
typedef void(TITCALL* fProcessWithLibraryEnumCallback)(DWORD ProcessId, HMODULE ModuleBaseAddress);
static void EnumProcessesWithLibrary(char* szLibraryName, fProcessWithLibraryEnumCallback EnumFunction)
{
@ -2608,7 +2608,7 @@ class StaticX
{
protected:
typedef bool (__stdcall *fStaticDecryptCallback)(void* sMemoryStart, int sKeySize);
typedef bool (__stdcall* fStaticDecryptCallback)(void* sMemoryStart, int sKeySize);
static bool FileGetContent(HANDLE FileHandle, DWORD FilePositionLow, const DWORD* FilePositionHigh, void* Buffer, DWORD Size)
{

246
TitanEngine/Global.Breakpoints.cpp
View File

@ -6,130 +6,130 @@ std::vector<BreakPointDetail> BreakPointBuffer;
ULONG_PTR dr7uint(DR7* dr7)
{
ULONG_PTR ret=0;
if(BITGET(dr7->HWBP_MODE[0],0))
BITSET(ret,0);
if(BITGET(dr7->HWBP_MODE[0],1))
BITSET(ret,1);
if(BITGET(dr7->HWBP_MODE[1],0))
BITSET(ret,2);
if(BITGET(dr7->HWBP_MODE[1],1))
BITSET(ret,3);
if(BITGET(dr7->HWBP_MODE[2],0))
BITSET(ret,4);
if(BITGET(dr7->HWBP_MODE[2],1))
BITSET(ret,5);
if(BITGET(dr7->HWBP_MODE[3],0))
BITSET(ret,6);
if(BITGET(dr7->HWBP_MODE[3],1))
BITSET(ret,7);
if(BITGET(dr7->HWBP_TYPE[0],0))
BITSET(ret,16);
if(BITGET(dr7->HWBP_TYPE[0],1))
BITSET(ret,17);
if(BITGET(dr7->HWBP_SIZE[0],0))
BITSET(ret,18);
if(BITGET(dr7->HWBP_SIZE[0],1))
BITSET(ret,19);
if(BITGET(dr7->HWBP_TYPE[1],0))
BITSET(ret,20);
if(BITGET(dr7->HWBP_TYPE[1],1))
BITSET(ret,21);
if(BITGET(dr7->HWBP_SIZE[1],0))
BITSET(ret,22);
if(BITGET(dr7->HWBP_SIZE[1],1))
BITSET(ret,23);
if(BITGET(dr7->HWBP_TYPE[2],0))
BITSET(ret,24);
if(BITGET(dr7->HWBP_TYPE[2],1))
BITSET(ret,25);
if(BITGET(dr7->HWBP_SIZE[2],0))
BITSET(ret,26);
if(BITGET(dr7->HWBP_SIZE[2],1))
BITSET(ret,27);
if(BITGET(dr7->HWBP_TYPE[3],0))
BITSET(ret,28);
if(BITGET(dr7->HWBP_TYPE[3],1))
BITSET(ret,29);
if(BITGET(dr7->HWBP_SIZE[3],0))
BITSET(ret,30);
if(BITGET(dr7->HWBP_SIZE[3],1))
BITSET(ret,31);
ULONG_PTR ret = 0;
if(BITGET(dr7->HWBP_MODE[0], 0))
BITSET(ret, 0);
if(BITGET(dr7->HWBP_MODE[0], 1))
BITSET(ret, 1);
if(BITGET(dr7->HWBP_MODE[1], 0))
BITSET(ret, 2);
if(BITGET(dr7->HWBP_MODE[1], 1))
BITSET(ret, 3);
if(BITGET(dr7->HWBP_MODE[2], 0))
BITSET(ret, 4);
if(BITGET(dr7->HWBP_MODE[2], 1))
BITSET(ret, 5);
if(BITGET(dr7->HWBP_MODE[3], 0))
BITSET(ret, 6);
if(BITGET(dr7->HWBP_MODE[3], 1))
BITSET(ret, 7);
if(BITGET(dr7->HWBP_TYPE[0], 0))
BITSET(ret, 16);
if(BITGET(dr7->HWBP_TYPE[0], 1))
BITSET(ret, 17);
if(BITGET(dr7->HWBP_SIZE[0], 0))
BITSET(ret, 18);
if(BITGET(dr7->HWBP_SIZE[0], 1))
BITSET(ret, 19);
if(BITGET(dr7->HWBP_TYPE[1], 0))
BITSET(ret, 20);
if(BITGET(dr7->HWBP_TYPE[1], 1))
BITSET(ret, 21);
if(BITGET(dr7->HWBP_SIZE[1], 0))
BITSET(ret, 22);
if(BITGET(dr7->HWBP_SIZE[1], 1))
BITSET(ret, 23);
if(BITGET(dr7->HWBP_TYPE[2], 0))
BITSET(ret, 24);
if(BITGET(dr7->HWBP_TYPE[2], 1))
BITSET(ret, 25);
if(BITGET(dr7->HWBP_SIZE[2], 0))
BITSET(ret, 26);
if(BITGET(dr7->HWBP_SIZE[2], 1))
BITSET(ret, 27);
if(BITGET(dr7->HWBP_TYPE[3], 0))
BITSET(ret, 28);
if(BITGET(dr7->HWBP_TYPE[3], 1))
BITSET(ret, 29);
if(BITGET(dr7->HWBP_SIZE[3], 0))
BITSET(ret, 30);
if(BITGET(dr7->HWBP_SIZE[3], 1))
BITSET(ret, 31);
return ret;
}
void uintdr7(ULONG_PTR dr7, DR7* ret)
{
memset(ret, 0, sizeof(DR7));
if(BITGET(dr7,0))
BITSET(ret->HWBP_MODE[0],0);
if(BITGET(dr7,1))
BITSET(ret->HWBP_MODE[0],1);
if(BITGET(dr7,2))
BITSET(ret->HWBP_MODE[1],0);
if(BITGET(dr7,3))
BITSET(ret->HWBP_MODE[1],1);
if(BITGET(dr7,4))
BITSET(ret->HWBP_MODE[2],0);
if(BITGET(dr7,5))
BITSET(ret->HWBP_MODE[2],1);
if(BITGET(dr7,6))
BITSET(ret->HWBP_MODE[3],0);
if(BITGET(dr7,7))
BITSET(ret->HWBP_MODE[3],1);
if(BITGET(dr7,16))
BITSET(ret->HWBP_TYPE[0],0);
if(BITGET(dr7,17))
BITSET(ret->HWBP_TYPE[0],1);
if(BITGET(dr7,18))
BITSET(ret->HWBP_SIZE[0],0);
if(BITGET(dr7,19))
BITSET(ret->HWBP_SIZE[0],1);
if(BITGET(dr7,20))
BITSET(ret->HWBP_TYPE[1],0);
if(BITGET(dr7,21))
BITSET(ret->HWBP_TYPE[1],1);
if(BITGET(dr7,22))
BITSET(ret->HWBP_SIZE[1],0);
if(BITGET(dr7,23))
BITSET(ret->HWBP_SIZE[1],1);
if(BITGET(dr7,24))
BITSET(ret->HWBP_TYPE[2],0);
if(BITGET(dr7,25))
BITSET(ret->HWBP_TYPE[2],1);
if(BITGET(dr7,26))
BITSET(ret->HWBP_SIZE[2],0);
if(BITGET(dr7,27))
BITSET(ret->HWBP_SIZE[2],1);
if(BITGET(dr7,28))
BITSET(ret->HWBP_TYPE[3],0);
if(BITGET(dr7,29))
BITSET(ret->HWBP_TYPE[3],1);
if(BITGET(dr7,30))
BITSET(ret->HWBP_SIZE[3],0);
if(BITGET(dr7,31))
BITSET(ret->HWBP_SIZE[3],1);
if(BITGET(dr7, 0))
BITSET(ret->HWBP_MODE[0], 0);
if(BITGET(dr7, 1))
BITSET(ret->HWBP_MODE[0], 1);
if(BITGET(dr7, 2))
BITSET(ret->HWBP_MODE[1], 0);
if(BITGET(dr7, 3))
BITSET(ret->HWBP_MODE[1], 1);
if(BITGET(dr7, 4))
BITSET(ret->HWBP_MODE[2], 0);
if(BITGET(dr7, 5))
BITSET(ret->HWBP_MODE[2], 1);
if(BITGET(dr7, 6))
BITSET(ret->HWBP_MODE[3], 0);
if(BITGET(dr7, 7))
BITSET(ret->HWBP_MODE[3], 1);
if(BITGET(dr7, 16))
BITSET(ret->HWBP_TYPE[0], 0);
if(BITGET(dr7, 17))
BITSET(ret->HWBP_TYPE[0], 1);
if(BITGET(dr7, 18))
BITSET(ret->HWBP_SIZE[0], 0);
if(BITGET(dr7, 19))
BITSET(ret->HWBP_SIZE[0], 1);
if(BITGET(dr7, 20))
BITSET(ret->HWBP_TYPE[1], 0);
if(BITGET(dr7, 21))
BITSET(ret->HWBP_TYPE[1], 1);
if(BITGET(dr7, 22))
BITSET(ret->HWBP_SIZE[1], 0);
if(BITGET(dr7, 23))
BITSET(ret->HWBP_SIZE[1], 1);
if(BITGET(dr7, 24))
BITSET(ret->HWBP_TYPE[2], 0);
if(BITGET(dr7, 25))
BITSET(ret->HWBP_TYPE[2], 1);
if(BITGET(dr7, 26))
BITSET(ret->HWBP_SIZE[2], 0);
if(BITGET(dr7, 27))
BITSET(ret->HWBP_SIZE[2], 1);
if(BITGET(dr7, 28))
BITSET(ret->HWBP_TYPE[3], 0);
if(BITGET(dr7, 29))
BITSET(ret->HWBP_TYPE[3], 1);
if(BITGET(dr7, 30))
BITSET(ret->HWBP_SIZE[3], 0);
if(BITGET(dr7, 31))
BITSET(ret->HWBP_SIZE[3], 1);
}
void BreakPointPostReadFilter(ULONG_PTR lpBaseAddress, unsigned char* lpBuffer, SIZE_T nSize)
{
CriticalSectionLocker lock(LockBreakPointBuffer);
ULONG_PTR start=lpBaseAddress;
ULONG_PTR end=start+nSize;
int bpcount=(int)BreakPointBuffer.size();
for(int i=0; i<bpcount; i++)
ULONG_PTR start = lpBaseAddress;
ULONG_PTR end = start + nSize;
int bpcount = (int)BreakPointBuffer.size();
for(int i = 0; i < bpcount; i++)
{
BreakPointDetail* curBp=&BreakPointBuffer.at(i);
BreakPointDetail* curBp = &BreakPointBuffer.at(i);
//check if the breakpoint is one we should be concerned about
if(curBp->BreakPointActive != UE_BPXACTIVE || (curBp->BreakPointType != UE_BREAKPOINT && curBp->BreakPointType != UE_SINGLESHOOT))
continue;
ULONG_PTR cur_addr=curBp->BreakPointAddress;
for(SIZE_T j=0; j<curBp->BreakPointSize; j++)
ULONG_PTR cur_addr = curBp->BreakPointAddress;
for(SIZE_T j = 0; j < curBp->BreakPointSize; j++)
{
if(cur_addr+j>=start && cur_addr+j<end) //breakpoint is in range
if(cur_addr + j >= start && cur_addr + j < end) //breakpoint is in range
{
ULONG_PTR index=cur_addr+j-start; //calculate where to write in the buffer
memcpy(lpBuffer+index, &curBp->OriginalByte[j], sizeof(char));
ULONG_PTR index = cur_addr + j - start; //calculate where to write in the buffer
memcpy(lpBuffer + index, &curBp->OriginalByte[j], sizeof(char));
}
}
}
@ -137,19 +137,19 @@ void BreakPointPostReadFilter(ULONG_PTR lpBaseAddress, unsigned char* lpBuffer,
void BreakPointPreWriteFilter(ULONG_PTR lpBaseAddress, SIZE_T nSize, CriticalSectionLocker* lock)
{
ULONG_PTR start=lpBaseAddress;
ULONG_PTR end=start+nSize;
int bpcount=(int)BreakPointBuffer.size();
for(int i=0; i<bpcount; i++)
ULONG_PTR start = lpBaseAddress;
ULONG_PTR end = start + nSize;
int bpcount = (int)BreakPointBuffer.size();
for(int i = 0; i < bpcount; i++)
{
BreakPointDetail* curBp=&BreakPointBuffer.at(i);
BreakPointDetail* curBp = &BreakPointBuffer.at(i);
//check if the breakpoint is one we should be concerned about
if(curBp->BreakPointActive != UE_BPXACTIVE || (curBp->BreakPointType != UE_BREAKPOINT && curBp->BreakPointType != UE_SINGLESHOOT))
continue;
ULONG_PTR cur_addr=curBp->BreakPointAddress;
for(SIZE_T j=0; j<curBp->BreakPointSize; j++)
ULONG_PTR cur_addr = curBp->BreakPointAddress;
for(SIZE_T j = 0; j < curBp->BreakPointSize; j++)
{
if(cur_addr+j>=start && cur_addr+j<end) //breakpoint byte is in range
if(cur_addr + j >= start && cur_addr + j < end) //breakpoint byte is in range
{
lock->unlock();
DisableBPX(cur_addr);
@ -163,19 +163,19 @@ void BreakPointPreWriteFilter(ULONG_PTR lpBaseAddress, SIZE_T nSize, CriticalSec
void BreakPointPostWriteFilter(ULONG_PTR lpBaseAddress, SIZE_T nSize, CriticalSectionLocker* lock)
{
ULONG_PTR start=lpBaseAddress;
ULONG_PTR end=start+nSize;
int bpcount=(int)BreakPointBuffer.size();
for(int i=0; i<bpcount; i++)
ULONG_PTR start = lpBaseAddress;
ULONG_PTR end = start + nSize;
int bpcount = (int)BreakPointBuffer.size();
for(int i = 0; i < bpcount; i++)
{
BreakPointDetail* curBp=&BreakPointBuffer.at(i);
BreakPointDetail* curBp = &BreakPointBuffer.at(i);
//check if the breakpoint is one we should be concerned about
if(curBp->BreakPointActive != UE_BPXACTIVE || (curBp->BreakPointType != UE_BREAKPOINT && curBp->BreakPointType != UE_SINGLESHOOT))
continue;
ULONG_PTR cur_addr=curBp->BreakPointAddress;
for(SIZE_T j=0; j<curBp->BreakPointSize; j++)
ULONG_PTR cur_addr = curBp->BreakPointAddress;
for(SIZE_T j = 0; j < curBp->BreakPointSize; j++)
{
if(cur_addr+j>=start && cur_addr+j<end) //breakpoint byte is in range
if(cur_addr + j >= start && cur_addr + j < end) //breakpoint byte is in range
{
curBp->BreakPointActive = UE_BPXINACTIVE; //little hack
lock->unlock();

4
TitanEngine/Global.Debugger.cpp
View File

@ -93,14 +93,14 @@ void StepOutStepCallBack()
StepOver(StepOutCallBack);
else
{
typedef void(TITCALL *fCustomBreakPoint)();
typedef void(TITCALL * fCustomBreakPoint)();
__try
{
((fCustomBreakPoint)StepOutCallBack)();
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
}
}
}
}
else

8
TitanEngine/Global.Engine.Extension.h
View File

@ -6,10 +6,10 @@
#define PLUGCALL TITCALL
//typedefs
typedef void(PLUGCALL *fPluginDebugExec)(LPDEBUG_EVENT debugEvent, int CallReason);
typedef bool(PLUGCALL *fPluginRegister)(char* szPluginName, LPDWORD titanPluginMajorVersion, LPDWORD titanPluginMinorVersion);
typedef void(PLUGCALL *fPluginReleaseExec)();
typedef void(PLUGCALL *fPluginResetExec)();
typedef void(PLUGCALL* fPluginDebugExec)(LPDEBUG_EVENT debugEvent, int CallReason);
typedef bool(PLUGCALL* fPluginRegister)(char* szPluginName, LPDWORD titanPluginMajorVersion, LPDWORD titanPluginMinorVersion);
typedef void(PLUGCALL* fPluginReleaseExec)();
typedef void(PLUGCALL* fPluginResetExec)();
//structs
typedef struct

2
TitanEngine/Global.Engine.GUI.cpp
View File

@ -45,7 +45,7 @@ long EngineWndProc(HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam)
{
char szAboutTitle[] = "[ About ]";
char szAboutText[] = "%s \r\n\r\n ReversingLabs - http://www.reversinglabs.com \r\n\r\n Minimum engine version needed:\r\n- TitanEngine %i.%i.%i by RevLabs\r\n\r\nUnpacker coded by %s";
typedef void(TITCALL *fStartUnpacking)(char* szInputFile, bool RealignFile, bool CopyOverlay);
typedef void(TITCALL * fStartUnpacking)(char* szInputFile, bool RealignFile, bool CopyOverlay);
fStartUnpacking myStartUnpacking = (fStartUnpacking)EngineStartUnpackingCallBack;
char GlobalBuffer[1024] = {};
char AboutBuffer[1024] = {};

6
TitanEngine/Global.Engine.Hash.cpp
View File

@ -37,13 +37,13 @@ unsigned long EngineCrc32Reflect(unsigned long ulReflect, const char cChar)
return ulValue;
}
void EngineCrc32PartialCRC(unsigned long *ulCRC, const unsigned char *sData, unsigned long ulDataLength)
void EngineCrc32PartialCRC(unsigned long* ulCRC, const unsigned char* sData, unsigned long ulDataLength)
{
while(ulDataLength--)
{
//If your compiler complains about the following line, try changing each
// occurrence of *ulCRC with "((unsigned long)*ulCRC)" or "*(unsigned long *)ulCRC".
*(unsigned long *)ulCRC = ((*(unsigned long *)ulCRC) >> 8) ^ Crc32Table[((*(unsigned long *)ulCRC) & 0xFF) ^ *sData++];
// occurrence of *ulCRC with "((unsigned long)*ulCRC)" or "*(unsigned long *)ulCRC".
*(unsigned long*)ulCRC = ((*(unsigned long*)ulCRC) >> 8) ^ Crc32Table[((*(unsigned long*)ulCRC) & 0xFF) ^ *sData++];
}
}

2
TitanEngine/Global.Engine.Hash.h
View File

@ -3,6 +3,6 @@
void HashInit();
unsigned long EngineCrc32Reflect(unsigned long ulReflect, const char cChar);
void EngineCrc32PartialCRC(unsigned long *ulCRC, const unsigned char *sData, unsigned long ulDataLength);
void EngineCrc32PartialCRC(unsigned long* ulCRC, const unsigned char* sData, unsigned long ulDataLength);
#endif //_GLOBAL_ENGINE_HASH_H

86
TitanEngine/Global.Engine.Hider.cpp
View File

@ -8,15 +8,15 @@
// Global.Engine.Hider.functions:
static bool isAtleastVista()
{
static bool isAtleastVista=false;
static bool isSet=false;
static bool isAtleastVista = false;
static bool isSet = false;
if(isSet)
return isAtleastVista;
OSVERSIONINFO versionInfo= {0};
versionInfo.dwOSVersionInfoSize=sizeof(OSVERSIONINFO);
OSVERSIONINFO versionInfo = {0};
versionInfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
GetVersionEx(&versionInfo);
isAtleastVista=versionInfo.dwMajorVersion >= 6;
isSet=true;
isAtleastVista = versionInfo.dwMajorVersion >= 6;
isSet = true;
return isAtleastVista;
}
@ -24,10 +24,10 @@ static bool isAtleastVista()
static bool isWindows64()
{
SYSTEM_INFO si = {0};
typedef void (WINAPI *tGetNativeSystemInfo)(LPSYSTEM_INFO lpSystemInfo);
typedef void (WINAPI * tGetNativeSystemInfo)(LPSYSTEM_INFO lpSystemInfo);
tGetNativeSystemInfo _GetNativeSystemInfo = (tGetNativeSystemInfo)GetProcAddress(GetModuleHandleA("kernel32.dll"), "GetNativeSystemInfo");
if (_GetNativeSystemInfo)
if(_GetNativeSystemInfo)
{
_GetNativeSystemInfo(&si);
}
@ -45,7 +45,7 @@ static void FixAntidebugApiInProcess(HANDLE hProcess, bool Hide, bool x64)
{
0x33, 0xC0, //XOR EAX,EAX
0xC2, 0x08, 0x00 //RETN 0x8
};
};
const BYTE patchGetTickCount32[3] =
{
0x33, 0xC0, //XOR EAX,EAX
@ -69,17 +69,17 @@ static void FixAntidebugApiInProcess(HANDLE hProcess, bool Hide, bool x64)
if(x64) //x64 patches
{
patchCheckRemoteDebuggerPresent=patchCheckRemoteDebuggerPresent64;
patchCheckRemoteDebuggerPresentSize=sizeof(patchCheckRemoteDebuggerPresent64);
patchGetTickCount=patchGetTickCount64;
patchGetTickCountSize=sizeof(patchGetTickCount64);
patchCheckRemoteDebuggerPresent = patchCheckRemoteDebuggerPresent64;
patchCheckRemoteDebuggerPresentSize = sizeof(patchCheckRemoteDebuggerPresent64);
patchGetTickCount = patchGetTickCount64;
patchGetTickCountSize = sizeof(patchGetTickCount64);
}
else //x86 patches
{
patchCheckRemoteDebuggerPresent=patchCheckRemoteDebuggerPresent32;
patchCheckRemoteDebuggerPresentSize=sizeof(patchCheckRemoteDebuggerPresent32);
patchGetTickCount=patchGetTickCount32;
patchGetTickCountSize=sizeof(patchGetTickCount32);
patchCheckRemoteDebuggerPresent = patchCheckRemoteDebuggerPresent32;
patchCheckRemoteDebuggerPresentSize = sizeof(patchCheckRemoteDebuggerPresent32);
patchGetTickCount = patchGetTickCount32;
patchGetTickCountSize = sizeof(patchGetTickCount32);
}
ULONG_PTR APIPatchAddress = 0;
@ -89,14 +89,14 @@ static void FixAntidebugApiInProcess(HANDLE hProcess, bool Hide, bool x64)
if(Hide)
{
APIPatchAddress = EngineGetProcAddressRemote(hProcess, L"kernel32.dll", "CheckRemoteDebuggerPresent");
if (VirtualProtectEx(hProcess, (LPVOID)APIPatchAddress, patchCheckRemoteDebuggerPresentSize, PAGE_EXECUTE_READWRITE, &OldProtect))
if(VirtualProtectEx(hProcess, (LPVOID)APIPatchAddress, patchCheckRemoteDebuggerPresentSize, PAGE_EXECUTE_READWRITE, &OldProtect))
{
WriteProcessMemory(hProcess, (LPVOID)(APIPatchAddress), &patchCheckRemoteDebuggerPresent, patchCheckRemoteDebuggerPresentSize, &ueNumberOfBytesRead);
VirtualProtectEx(hProcess, (LPVOID)APIPatchAddress, patchCheckRemoteDebuggerPresentSize, OldProtect, &OldProtect);
}
APIPatchAddress = EngineGetProcAddressRemote(hProcess, L"kernel32.dll", "GetTickCount");
if (VirtualProtectEx(hProcess, (LPVOID)APIPatchAddress, patchGetTickCountSize, PAGE_EXECUTE_READWRITE, &OldProtect))
if(VirtualProtectEx(hProcess, (LPVOID)APIPatchAddress, patchGetTickCountSize, PAGE_EXECUTE_READWRITE, &OldProtect))
{
WriteProcessMemory(hProcess, (LPVOID)(APIPatchAddress), &patchGetTickCount, patchGetTickCountSize, &ueNumberOfBytesRead);
VirtualProtectEx(hProcess, (LPVOID)APIPatchAddress, patchGetTickCountSize, OldProtect, &OldProtect);
@ -105,14 +105,14 @@ static void FixAntidebugApiInProcess(HANDLE hProcess, bool Hide, bool x64)
else
{
APIPatchAddress = EngineGetProcAddressRemote(hProcess, L"kernel32.dll", "CheckRemoteDebuggerPresent");
if (VirtualProtectEx(hProcess, (LPVOID)APIPatchAddress, patchCheckRemoteDebuggerPresentSize, PAGE_EXECUTE_READWRITE, &OldProtect))
if(VirtualProtectEx(hProcess, (LPVOID)APIPatchAddress, patchCheckRemoteDebuggerPresentSize, PAGE_EXECUTE_READWRITE, &OldProtect))
{
WriteProcessMemory(hProcess, (LPVOID)(APIPatchAddress), (void*)GetProcAddress(GetModuleHandleA("kernel32.dll"), "CheckRemoteDebuggerPresent"), patchCheckRemoteDebuggerPresentSize, &ueNumberOfBytesRead);
VirtualProtectEx(hProcess, (LPVOID)APIPatchAddress, patchCheckRemoteDebuggerPresentSize, OldProtect, &OldProtect);
}
APIPatchAddress = EngineGetProcAddressRemote(hProcess, L"kernel32.dll", "GetTickCount");
if (VirtualProtectEx(hProcess, (LPVOID)APIPatchAddress, patchGetTickCountSize, PAGE_EXECUTE_READWRITE, &OldProtect))
if(VirtualProtectEx(hProcess, (LPVOID)APIPatchAddress, patchGetTickCountSize, PAGE_EXECUTE_READWRITE, &OldProtect))
{
WriteProcessMemory(hProcess, (LPVOID)(APIPatchAddress), (void*)GetProcAddress(GetModuleHandleA("kernel32.dll"), "GetTickCount"), patchGetTickCountSize, &ueNumberOfBytesRead);
VirtualProtectEx(hProcess, (LPVOID)APIPatchAddress, patchGetTickCountSize, OldProtect, &OldProtect);
@ -128,9 +128,9 @@ static void FixAntidebugApiInProcess(HANDLE hProcess, bool Hide, bool x64)
static int getHeapFlagsOffset(bool x64)
{
if (x64) //x64 offsets
if(x64) //x64 offsets
{
if (isAtleastVista())
if(isAtleastVista())
{
return 0x70;
}
@ -141,7 +141,7 @@ static int getHeapFlagsOffset(bool x64)
}
else //x86 offsets
{
if (isAtleastVista())
if(isAtleastVista())
{
return 0x40;
}
@ -154,9 +154,9 @@ static int getHeapFlagsOffset(bool x64)
static int getHeapForceFlagsOffset(bool x64)
{
if (x64) //x64 offsets
if(x64) //x64 offsets
{
if (isAtleastVista())
if(isAtleastVista())
{
return 0x74;
}
@ -167,7 +167,7 @@ static int getHeapForceFlagsOffset(bool x64)
}
else //x86 offsets
{
if (isAtleastVista())
if(isAtleastVista())
{
return 0x44;
}
@ -182,25 +182,25 @@ static bool FixPebInProcess(HANDLE hProcess, bool Hide)
{
PEB_CURRENT myPEB = {0};
SIZE_T ueNumberOfBytesRead = 0;
void * heapFlagsAddress = 0;
void* heapFlagsAddress = 0;
DWORD heapFlags = 0;
void * heapForceFlagsAddress = 0;
void* heapForceFlagsAddress = 0;
DWORD heapForceFlags = 0;
#ifndef _WIN64
PEB64 myPEB64 = {0};
void * AddressOfPEB64 = GetPEBLocation64(hProcess);
void* AddressOfPEB64 = GetPEBLocation64(hProcess);
#endif
void * AddressOfPEB = GetPEBLocation(hProcess);
void* AddressOfPEB = GetPEBLocation(hProcess);
if (!AddressOfPEB)
if(!AddressOfPEB)
return false;
if(ReadProcessMemory(hProcess, AddressOfPEB, (void*)&myPEB, sizeof(PEB_CURRENT), &ueNumberOfBytesRead))
{
#ifndef _WIN64
if (AddressOfPEB64)
if(AddressOfPEB64)
{
ReadProcessMemory(hProcess, AddressOfPEB64, (void*)&myPEB64, sizeof(PEB64), &ueNumberOfBytesRead);
}
@ -219,17 +219,17 @@ static bool FixPebInProcess(HANDLE hProcess, bool Hide)
//TODO: backup heap flags
#ifdef _WIN64
heapFlagsAddress = (void *)((LONG_PTR)myPEB.ProcessHeap + getHeapFlagsOffset(true));
heapForceFlagsAddress = (void *)((LONG_PTR)myPEB.ProcessHeap + getHeapForceFlagsOffset(true));
heapFlagsAddress = (void*)((LONG_PTR)myPEB.ProcessHeap + getHeapFlagsOffset(true));
heapForceFlagsAddress = (void*)((LONG_PTR)myPEB.ProcessHeap + getHeapForceFlagsOffset(true));
#else
heapFlagsAddress = (void *)((LONG_PTR)myPEB.ProcessHeap + getHeapFlagsOffset(false));
heapForceFlagsAddress = (void *)((LONG_PTR)myPEB.ProcessHeap + getHeapForceFlagsOffset(false));
heapFlagsAddress = (void*)((LONG_PTR)myPEB.ProcessHeap + getHeapFlagsOffset(false));
heapForceFlagsAddress = (void*)((LONG_PTR)myPEB.ProcessHeap + getHeapForceFlagsOffset(false));
#endif //_WIN64
ReadProcessMemory(hProcess, heapFlagsAddress, &heapFlags, sizeof(DWORD), 0);
ReadProcessMemory(hProcess, heapForceFlagsAddress, &heapForceFlags, sizeof(DWORD), 0);
heapFlags&=HEAP_GROWABLE;
heapForceFlags=0;
heapFlags &= HEAP_GROWABLE;
heapForceFlags = 0;
WriteProcessMemory(hProcess, heapFlagsAddress, &heapFlags, sizeof(DWORD), 0);
WriteProcessMemory(hProcess, heapForceFlagsAddress, &heapForceFlags, sizeof(DWORD), 0);
@ -245,7 +245,7 @@ static bool FixPebInProcess(HANDLE hProcess, bool Hide)
if(WriteProcessMemory(hProcess, AddressOfPEB, (void*)&myPEB, sizeof(PEB_CURRENT), &ueNumberOfBytesRead))
{
#ifndef _WIN64
if (AddressOfPEB64)
if(AddressOfPEB64)
{
WriteProcessMemory(hProcess, AddressOfPEB64, (void*)&myPEB64, sizeof(PEB64), &ueNumberOfBytesRead);
}
@ -260,7 +260,7 @@ bool ChangeHideDebuggerState(HANDLE hProcess, DWORD PatchAPILevel, bool Hide)
{
if(hProcess)
{
if (FixPebInProcess(hProcess, Hide))
if(FixPebInProcess(hProcess, Hide))
{
if(PatchAPILevel == UE_HIDE_BASIC)
{
@ -280,11 +280,11 @@ bool ChangeHideDebuggerState(HANDLE hProcess, DWORD PatchAPILevel, bool Hide)
#ifndef _WIN64
bool IsThisProcessWow64()
{
typedef BOOL (WINAPI * tIsWow64Process)(HANDLE hProcess,PBOOL Wow64Process);
typedef BOOL (WINAPI * tIsWow64Process)(HANDLE hProcess, PBOOL Wow64Process);
BOOL bIsWow64 = FALSE;
tIsWow64Process fnIsWow64Process = (tIsWow64Process)GetProcAddress(GetModuleHandleA("kernel32.dll"), "IsWow64Process");
if (fnIsWow64Process)
if(fnIsWow64Process)
{
fnIsWow64Process(GetCurrentProcess(), &bIsWow64);
}

156
TitanEngine/Global.Engine.Importer.cpp
View File

@ -14,32 +14,32 @@ ULONG_PTR EngineGetProcAddressRemote(HANDLE hProcess, const wchar_t* szDLLName,
else
hProcess = dbgProcessInformation.hProcess;
}
DWORD cbNeeded=0;
DWORD cbNeeded = 0;
if(EnumProcessModules(hProcess, 0, 0, &cbNeeded))
{
HMODULE* hMods=(HMODULE*)malloc(cbNeeded*sizeof(HMODULE));
HMODULE* hMods = (HMODULE*)malloc(cbNeeded * sizeof(HMODULE));
if(EnumProcessModules(hProcess, hMods, cbNeeded, &cbNeeded))
{
for(unsigned int i=0; i<cbNeeded/sizeof(HMODULE); i++)
for(unsigned int i = 0; i < cbNeeded / sizeof(HMODULE); i++)
{
wchar_t szModuleName[MAX_PATH]=L"";
wchar_t szModuleName[MAX_PATH] = L"";
if(GetModuleFileNameExW(hProcess, hMods[i], szModuleName, _countof(szModuleName)))
{
wchar_t* dllName=wcsrchr(szModuleName, L'\\');
wchar_t* dllName = wcsrchr(szModuleName, L'\\');
if(dllName)
{
dllName++;
if(!_wcsicmp(dllName, szDLLName))
{
HMODULE hModule = LoadLibraryExW(szModuleName, 0, DONT_RESOLVE_DLL_REFERENCES|LOAD_LIBRARY_AS_DATAFILE);
if (hModule)
HMODULE hModule = LoadLibraryExW(szModuleName, 0, DONT_RESOLVE_DLL_REFERENCES | LOAD_LIBRARY_AS_DATAFILE);
if(hModule)
{
ULONG_PTR funcAddress=(ULONG_PTR)GetProcAddress(hModule, szAPIName);
ULONG_PTR funcAddress = (ULONG_PTR)GetProcAddress(hModule, szAPIName);
if(funcAddress)
{
funcAddress-=(ULONG_PTR)hModule; //rva
funcAddress -= (ULONG_PTR)hModule; //rva
FreeLibrary(hModule);
return funcAddress+(ULONG_PTR)hMods[i]; //va
return funcAddress + (ULONG_PTR)hMods[i]; //va
}
}
break;
@ -56,7 +56,7 @@ ULONG_PTR EngineGetProcAddressRemote(HANDLE hProcess, const wchar_t* szDLLName,
ULONG_PTR EngineGetProcAddressRemote(HANDLE hProcess, const char* szDLLName, const char* szAPIName)
{
WCHAR uniDLLName[MAX_PATH] = {0};
if (MultiByteToWideChar(CP_ACP, NULL, szDLLName, -1, uniDLLName, _countof(uniDLLName)))
if(MultiByteToWideChar(CP_ACP, NULL, szDLLName, -1, uniDLLName, _countof(uniDLLName)))
{
return EngineGetProcAddressRemote(hProcess, uniDLLName, szAPIName);
}
@ -75,21 +75,21 @@ ULONG_PTR EngineGetModuleBaseRemote(HANDLE hProcess, ULONG_PTR APIAddress)
else
hProcess = dbgProcessInformation.hProcess;
}
DWORD cbNeeded=0;
DWORD cbNeeded = 0;
if(EnumProcessModules(hProcess, 0, 0, &cbNeeded))
{
HMODULE* hMods=(HMODULE*)malloc(cbNeeded*sizeof(HMODULE));
HMODULE* hMods = (HMODULE*)malloc(cbNeeded * sizeof(HMODULE));
if(EnumProcessModules(hProcess, hMods, cbNeeded, &cbNeeded))
{
for(unsigned int i=0; i<cbNeeded/sizeof(HMODULE); i++)
for(unsigned int i = 0; i < cbNeeded / sizeof(HMODULE); i++)
{
MODULEINFO modinfo;
memset(&modinfo, 0, sizeof(MODULEINFO));
if(GetModuleInformation(hProcess, hMods[i], &modinfo, sizeof(MODULEINFO)))
{
ULONG_PTR start=(ULONG_PTR)hMods[i];
ULONG_PTR end=start+modinfo.SizeOfImage;
if(APIAddress>=start && APIAddress<end)
ULONG_PTR start = (ULONG_PTR)hMods[i];
ULONG_PTR end = start + modinfo.SizeOfImage;
if(APIAddress >= start && APIAddress < end)
return start;
}
}
@ -108,18 +108,18 @@ ULONG_PTR EngineGetModuleBaseRemote(HANDLE hProcess, const wchar_t* szDLLName)
else
hProcess = dbgProcessInformation.hProcess;
}
DWORD cbNeeded=0;
DWORD cbNeeded = 0;
if(EnumProcessModules(hProcess, 0, 0, &cbNeeded))
{
HMODULE* hMods=(HMODULE*)malloc(cbNeeded*sizeof(HMODULE));
HMODULE* hMods = (HMODULE*)malloc(cbNeeded * sizeof(HMODULE));
if(EnumProcessModules(hProcess, hMods, cbNeeded, &cbNeeded))
{
for(unsigned int i=0; i<cbNeeded/sizeof(HMODULE); i++)
for(unsigned int i = 0; i < cbNeeded / sizeof(HMODULE); i++)
{
wchar_t szModuleName[MAX_PATH]=L"";
wchar_t szModuleName[MAX_PATH] = L"";
if(GetModuleFileNameExW(hProcess, hMods[i], szModuleName, _countof(szModuleName)))
{
wchar_t* dllName=wcsrchr(szModuleName, L'\\');
wchar_t* dllName = wcsrchr(szModuleName, L'\\');
if(dllName)
{
dllName++;
@ -139,7 +139,7 @@ ULONG_PTR EngineGetModuleBaseRemote(HANDLE hProcess, const wchar_t* szDLLName)
ULONG_PTR EngineGetModuleBaseRemote(HANDLE hProcess, const char* szDLLName)
{
WCHAR uniDLLName[MAX_PATH] = {0};
if (MultiByteToWideChar(CP_ACP, NULL, szDLLName, -1, uniDLLName, _countof(uniDLLName)))
if(MultiByteToWideChar(CP_ACP, NULL, szDLLName, -1, uniDLLName, _countof(uniDLLName)))
{
return EngineGetModuleBaseRemote(hProcess, szDLLName);
}
@ -151,21 +151,21 @@ ULONG_PTR EngineGetModuleBaseRemote(HANDLE hProcess, const char* szDLLName)
ULONG_PTR EngineGetAddressRemote(HANDLE hProcess, ULONG_PTR Address)
{
HMODULE localModuleBase=(HMODULE)EngineGetModuleBaseRemote(GetCurrentProcess(), Address);
HMODULE localModuleBase = (HMODULE)EngineGetModuleBaseRemote(GetCurrentProcess(), Address);
if(localModuleBase)
{
wchar_t szModuleName[MAX_PATH]=L"";
wchar_t szModuleName[MAX_PATH] = L"";
if(GetModuleFileNameExW(hProcess, localModuleBase, szModuleName, _countof(szModuleName)))
{
wchar_t* dllName=wcsrchr(szModuleName, L'\\');
wchar_t* dllName = wcsrchr(szModuleName, L'\\');
if(dllName)
{
dllName++;
ULONG_PTR remoteModuleBase=EngineGetModuleBaseRemote(hProcess, dllName);
ULONG_PTR remoteModuleBase = EngineGetModuleBaseRemote(hProcess, dllName);
if(remoteModuleBase)
{
Address-=(ULONG_PTR)localModuleBase; //rva
return Address+remoteModuleBase;
Address -= (ULONG_PTR)localModuleBase; //rva
return Address + remoteModuleBase;
}
}
}
@ -175,21 +175,21 @@ ULONG_PTR EngineGetAddressRemote(HANDLE hProcess, ULONG_PTR Address)
ULONG_PTR EngineGetAddressLocal(HANDLE hProcess, ULONG_PTR Address)
{
HMODULE remoteModuleBase=(HMODULE)EngineGetModuleBaseRemote(hProcess, Address);
HMODULE remoteModuleBase = (HMODULE)EngineGetModuleBaseRemote(hProcess, Address);
if(remoteModuleBase)
{
wchar_t szModuleName[MAX_PATH]=L"";
wchar_t szModuleName[MAX_PATH] = L"";
if(GetModuleFileNameExW(hProcess, remoteModuleBase, szModuleName, _countof(szModuleName)))
{
wchar_t* dllName=wcsrchr(szModuleName, L'\\');
wchar_t* dllName = wcsrchr(szModuleName, L'\\');
if(dllName)
{
dllName++;
ULONG_PTR localModuleBase=EngineGetModuleBaseRemote(GetCurrentProcess(), dllName);
ULONG_PTR localModuleBase = EngineGetModuleBaseRemote(GetCurrentProcess(), dllName);
if(localModuleBase)
{
Address-=(ULONG_PTR)remoteModuleBase; //rva
return Address+localModuleBase;
Address -= (ULONG_PTR)remoteModuleBase; //rva
return Address + localModuleBase;
}
}
}
@ -210,54 +210,54 @@ bool EngineGetAPINameRemote(HANDLE hProcess, ULONG_PTR APIAddress, char* APIName
DWORD FileSize;
HANDLE FileMap;
ULONG_PTR FileMapVA;
ULONG_PTR ModuleBase=EngineGetModuleBaseRemote(hProcess, APIAddress);
ULONG_PTR ModuleBase = EngineGetModuleBaseRemote(hProcess, APIAddress);
if(!ModuleBase)
return false;
wchar_t szModulePath[MAX_PATH]=L"";
wchar_t szModulePath[MAX_PATH] = L"";
if(!GetModuleFileNameExW(hProcess, (HMODULE)ModuleBase, szModulePath, _countof(szModulePath)))
return false;
if(MapFileExW(szModulePath, UE_ACCESS_READ, &FileHandle, &FileSize, &FileMap, &FileMapVA, 0))
{
PIMAGE_DOS_HEADER DOSHeader=(PIMAGE_DOS_HEADER)FileMapVA;
PIMAGE_DOS_HEADER DOSHeader = (PIMAGE_DOS_HEADER)FileMapVA;
if(EngineValidateHeader(FileMapVA, NULL, NULL, DOSHeader, true))
{
PIMAGE_NT_HEADERS32 PEHeader32=(PIMAGE_NT_HEADERS32)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
PIMAGE_NT_HEADERS64 PEHeader64=(PIMAGE_NT_HEADERS64)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
PIMAGE_NT_HEADERS32 PEHeader32 = (PIMAGE_NT_HEADERS32)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
PIMAGE_NT_HEADERS64 PEHeader64 = (PIMAGE_NT_HEADERS64)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
ULONG_PTR ExportDirectoryVA;
DWORD ExportDirectorySize;
ULONG_PTR ImageBase;
if(PEHeader32->OptionalHeader.Magic==IMAGE_NT_OPTIONAL_HDR32_MAGIC)
if(PEHeader32->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR32_MAGIC)
{
ImageBase=PEHeader32->OptionalHeader.ImageBase;
ExportDirectoryVA=(ULONG_PTR)PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress;
ExportDirectorySize=(ULONG_PTR)PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size;
ImageBase = PEHeader32->OptionalHeader.ImageBase;
ExportDirectoryVA = (ULONG_PTR)PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress;
ExportDirectorySize = (ULONG_PTR)PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size;
}
else //x64
{
ImageBase=(ULONG_PTR)PEHeader64->OptionalHeader.ImageBase;
ExportDirectoryVA=(ULONG_PTR)PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress;
ExportDirectorySize=(ULONG_PTR)PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size;
ImageBase = (ULONG_PTR)PEHeader64->OptionalHeader.ImageBase;
ExportDirectoryVA = (ULONG_PTR)PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress;
ExportDirectorySize = (ULONG_PTR)PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size;
}
PIMAGE_EXPORT_DIRECTORY ExportDirectory=(PIMAGE_EXPORT_DIRECTORY)ConvertVAtoFileOffset(FileMapVA, ExportDirectoryVA+ImageBase, true);
PIMAGE_EXPORT_DIRECTORY ExportDirectory = (PIMAGE_EXPORT_DIRECTORY)ConvertVAtoFileOffset(FileMapVA, ExportDirectoryVA + ImageBase, true);
if(ExportDirectory)
{
DWORD* AddrOfFunctions=(DWORD*)ConvertVAtoFileOffset(FileMapVA, ExportDirectory->AddressOfFunctions+ImageBase, true);
DWORD* AddrOfNames=(DWORD*)ConvertVAtoFileOffset(FileMapVA, ExportDirectory->AddressOfNames+ImageBase, true);
SHORT* AddrOfNameOrdinals=(SHORT*)ConvertVAtoFileOffset(FileMapVA, ExportDirectory->AddressOfNameOrdinals+ImageBase, true);
DWORD* AddrOfFunctions = (DWORD*)ConvertVAtoFileOffset(FileMapVA, ExportDirectory->AddressOfFunctions + ImageBase, true);
DWORD* AddrOfNames = (DWORD*)ConvertVAtoFileOffset(FileMapVA, ExportDirectory->AddressOfNames + ImageBase, true);
SHORT* AddrOfNameOrdinals = (SHORT*)ConvertVAtoFileOffset(FileMapVA, ExportDirectory->AddressOfNameOrdinals + ImageBase, true);
if(AddrOfFunctions && AddrOfNames && AddrOfNameOrdinals)
{
unsigned int NumberOfNames=ExportDirectory->NumberOfNames;
for(unsigned int i=0; i<NumberOfNames; i++)
unsigned int NumberOfNames = ExportDirectory->NumberOfNames;
for(unsigned int i = 0; i < NumberOfNames; i++)
{
const char* curName=(const char*)ConvertVAtoFileOffset(FileMapVA, AddrOfNames[i]+ImageBase, true);
const char* curName = (const char*)ConvertVAtoFileOffset(FileMapVA, AddrOfNames[i] + ImageBase, true);
if(!curName)
continue;
unsigned int curRva=AddrOfFunctions[AddrOfNameOrdinals[i]];
if(curRva<ExportDirectoryVA || curRva>=ExportDirectoryVA+ExportDirectorySize) //non-forwarded exports
unsigned int curRva = AddrOfFunctions[AddrOfNameOrdinals[i]];
if(curRva < ExportDirectoryVA || curRva >= ExportDirectoryVA + ExportDirectorySize) //non-forwarded exports
{
if(curRva+ModuleBase==APIAddress)
if(curRva + ModuleBase == APIAddress)
{
if(APIName && APINameSize>strlen(curName))
if(APIName && APINameSize > strlen(curName))
{
strcpy(APIName, curName);
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
@ -265,7 +265,7 @@ bool EngineGetAPINameRemote(HANDLE hProcess, ULONG_PTR APIAddress, char* APIName
}
if(APINameSizeNeeded)
{
*APINameSizeNeeded=(DWORD)strlen(curName);
*APINameSizeNeeded = (DWORD)strlen(curName);
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return true;
}
@ -293,50 +293,50 @@ DWORD EngineGetAPIOrdinalRemote(HANDLE hProcess, ULONG_PTR APIAddress)
DWORD FileSize;
HANDLE FileMap;
ULONG_PTR FileMapVA;
ULONG_PTR ModuleBase=EngineGetModuleBaseRemote(hProcess, APIAddress);
ULONG_PTR ModuleBase = EngineGetModuleBaseRemote(hProcess, APIAddress);
if(!ModuleBase)
return 0;
wchar_t szModulePath[MAX_PATH]=L"";
wchar_t szModulePath[MAX_PATH] = L"";
if(!GetModuleFileNameExW(hProcess, (HMODULE)ModuleBase, szModulePath, _countof(szModulePath)))
return 0;
if(MapFileExW(szModulePath, UE_ACCESS_READ, &FileHandle, &FileSize, &FileMap, &FileMapVA, 0))
{
PIMAGE_DOS_HEADER DOSHeader=(PIMAGE_DOS_HEADER)FileMapVA;
PIMAGE_DOS_HEADER DOSHeader = (PIMAGE_DOS_HEADER)FileMapVA;
if(EngineValidateHeader(FileMapVA, NULL, NULL, DOSHeader, true))
{
PIMAGE_NT_HEADERS32 PEHeader32=(PIMAGE_NT_HEADERS32)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
PIMAGE_NT_HEADERS64 PEHeader64=(PIMAGE_NT_HEADERS64)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
PIMAGE_NT_HEADERS32 PEHeader32 = (PIMAGE_NT_HEADERS32)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
PIMAGE_NT_HEADERS64 PEHeader64 = (PIMAGE_NT_HEADERS64)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
ULONG_PTR ExportDirectoryVA;
DWORD ExportDirectorySize;
ULONG_PTR ImageBase;
if(PEHeader32->OptionalHeader.Magic==IMAGE_NT_OPTIONAL_HDR32_MAGIC)
if(PEHeader32->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR32_MAGIC)
{
ImageBase=PEHeader32->OptionalHeader.ImageBase;
ExportDirectoryVA=(ULONG_PTR)PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress;
ExportDirectorySize=(ULONG_PTR)PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size;
ImageBase = PEHeader32->OptionalHeader.ImageBase;
ExportDirectoryVA = (ULONG_PTR)PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress;
ExportDirectorySize = (ULONG_PTR)PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size;
}
else //x64
{
ImageBase=(ULONG_PTR)PEHeader64->OptionalHeader.ImageBase;
ExportDirectoryVA=(ULONG_PTR)PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress;
ExportDirectorySize=(ULONG_PTR)PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size;
ImageBase = (ULONG_PTR)PEHeader64->OptionalHeader.ImageBase;
ExportDirectoryVA = (ULONG_PTR)PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress;
ExportDirectorySize = (ULONG_PTR)PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size;
}
PIMAGE_EXPORT_DIRECTORY ExportDirectory=(PIMAGE_EXPORT_DIRECTORY)ConvertVAtoFileOffset(FileMapVA, ExportDirectoryVA+ImageBase, true);
PIMAGE_EXPORT_DIRECTORY ExportDirectory = (PIMAGE_EXPORT_DIRECTORY)ConvertVAtoFileOffset(FileMapVA, ExportDirectoryVA + ImageBase, true);
if(ExportDirectory)
{
DWORD* AddrOfFunctions=(DWORD*)ConvertVAtoFileOffset(FileMapVA, ExportDirectory->AddressOfFunctions+ImageBase, true);
DWORD* AddrOfFunctions = (DWORD*)ConvertVAtoFileOffset(FileMapVA, ExportDirectory->AddressOfFunctions + ImageBase, true);
if(AddrOfFunctions)
{
unsigned int NumberOfFunctions=ExportDirectory->NumberOfFunctions;
for(unsigned int i=0,j=0; i<NumberOfFunctions; i++)
unsigned int NumberOfFunctions = ExportDirectory->NumberOfFunctions;
for(unsigned int i = 0, j = 0; i < NumberOfFunctions; i++)
{
unsigned int curRva=AddrOfFunctions[i];
unsigned int curRva = AddrOfFunctions[i];
if(!curRva)
continue;
j++; //ordinal
if(curRva<ExportDirectoryVA || curRva>=ExportDirectoryVA+ExportDirectorySize) //non-forwarded exports
if(curRva < ExportDirectoryVA || curRva >= ExportDirectoryVA + ExportDirectorySize) //non-forwarded exports
{
if(curRva+ModuleBase==APIAddress)
if(curRva + ModuleBase == APIAddress)
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return j;

12
TitanEngine/Global.Engine.Simplification.cpp
View File

@ -54,7 +54,7 @@ void EngineSimplifyLoadLibraryCallBack()
ImporterAddNewDll(szReadStringData, (ULONG_PTR)GetContextData((DWORD)EngineUnpackerBreakInfo[i].Parameter2));
if(EngineUnpackerOptionLogData)
{
wsprintfA(szLogBufferData,"[x] LoadLibrary BPX -> %s",szReadStringData);
wsprintfA(szLogBufferData, "[x] LoadLibrary BPX -> %s", szReadStringData);
EngineAddUnpackerWindowLogMessage(szLogBufferData);
}
}
@ -89,7 +89,7 @@ void EngineSimplifyGetProcAddressCallBack()
ImporterAddNewAPI(szReadStringData, (ULONG_PTR)GetContextData((DWORD)EngineUnpackerBreakInfo[i].Parameter2));
if(EngineUnpackerOptionLogData)
{
wsprintfA(szLogBufferData,"[x] GetProcAddress BPX -> %s",szReadStringData);
wsprintfA(szLogBufferData, "[x] GetProcAddress BPX -> %s", szReadStringData);
EngineAddUnpackerWindowLogMessage(szLogBufferData);
}
}
@ -99,7 +99,7 @@ void EngineSimplifyGetProcAddressCallBack()
ImporterAddNewOrdinalAPI(iParameter1, (ULONG_PTR)GetContextData((DWORD)EngineUnpackerBreakInfo[i].Parameter2));
if(EngineUnpackerOptionLogData)
{
wsprintfA(szLogBufferData,"[x] GetProcAddress BPX -> %08X",iParameter1);
wsprintfA(szLogBufferData, "[x] GetProcAddress BPX -> %08X", iParameter1);
EngineAddUnpackerWindowLogMessage(szLogBufferData);
}
}
@ -113,7 +113,7 @@ void EngineSimplifyGetProcAddressCallBack()
ImporterAddNewAPI(szReadStringData, (ULONG_PTR)GetContextData((DWORD)EngineUnpackerBreakInfo[i].Parameter2));
if(EngineUnpackerOptionLogData)
{
wsprintfA(szLogBufferData,"[x] GetProcAddress BPX -> %s",szReadStringData);
wsprintfA(szLogBufferData, "[x] GetProcAddress BPX -> %s", szReadStringData);
EngineAddUnpackerWindowLogMessage(szLogBufferData);
}
}
@ -123,7 +123,7 @@ void EngineSimplifyGetProcAddressCallBack()
ImporterAddNewOrdinalAPI(iParameter1, (ULONG_PTR)GetContextData((DWORD)EngineUnpackerBreakInfo[i].Parameter2));
if(EngineUnpackerOptionLogData)
{
wsprintfA(szLogBufferData,"[x] GetProcAddress BPX -> %08X",iParameter1);
wsprintfA(szLogBufferData, "[x] GetProcAddress BPX -> %08X", iParameter1);
EngineAddUnpackerWindowLogMessage(szLogBufferData);
}
}
@ -206,7 +206,7 @@ void EngineSimplifyEntryPointCallBack()
}
if(EngineUnpackerOptionLogData)
{
wsprintfA(szLogBufferData,"[x] Entry Point at: %08X", EngineUnpackerOptionUnpackedOEP);
wsprintfA(szLogBufferData, "[x] Entry Point at: %08X", EngineUnpackerOptionUnpackedOEP);
EngineAddUnpackerWindowLogMessage(szLogBufferData);
}
if(EngineUnpackerFileStatus.FileIsDLL)

10
TitanEngine/Global.Engine.Threading.cpp
View File

@ -9,24 +9,24 @@ static void CriticalSectionInitializeLocks()
{
if(bInitDone)
return;
for(int i=0; i<LockLast; i++)
for(int i = 0; i < LockLast; i++)
InitializeCriticalSection(&locks[i]);
bInitDone=true;
bInitDone = true;
}
void CriticalSectionDeleteLocks()
{
if(!bInitDone)
return;
for(int i=0; i<LockLast; i++)
for(int i = 0; i < LockLast; i++)
DeleteCriticalSection(&locks[i]);
bInitDone=false;
bInitDone = false;
}
CriticalSectionLocker::CriticalSectionLocker(CriticalSectionLock lock)
{
CriticalSectionInitializeLocks(); //initialize critical sections
gLock=lock;
gLock = lock;
EnterCriticalSection(&locks[gLock]);
}

2
TitanEngine/Global.Engine.Threading.h
View File

@ -16,7 +16,7 @@ public:
~CriticalSectionLocker();
void unlock();
void relock();
private:
CriticalSectionLock gLock;
};

78
TitanEngine/Global.Engine.cpp
View File

@ -42,7 +42,7 @@ void EngineInit()
i--;
if(i)
{
engineSzEngineFolder[i]=L'\0';
engineSzEngineFolder[i] = L'\0';
lstrcpyW(engineSzEngineGarbageFolder, engineSzEngineFolder);
lstrcatW(engineSzEngineGarbageFolder, L"\\garbage\\");
CreateDirectoryW(engineSzEngineGarbageFolder, 0);
@ -106,24 +106,24 @@ bool EngineFileExists(char* szFileName)
void EngineCreatePathForFile(char* szFileName)
{
int len=lstrlenA(szFileName);
while(szFileName[len]!='\\' && len)
int len = lstrlenA(szFileName);
while(szFileName[len] != '\\' && len)
len--;
char szFolderName[MAX_PATH]="";
char szFolderName[MAX_PATH] = "";
lstrcpyA(szFolderName, szFileName);
if(len)
szFolderName[len+1]='\0';
szFolderName[len + 1] = '\0';
else //just a filename
return;
lstrcatA(szFolderName, "\\");
len=lstrlenA(szFolderName);
char szCreateFolder[MAX_PATH]="";
for(int i=3; i<len; i++)
len = lstrlenA(szFolderName);
char szCreateFolder[MAX_PATH] = "";
for(int i = 3; i < len; i++)
{
if(szFolderName[i]=='\\')
if(szFolderName[i] == '\\')
{
lstrcpyA(szCreateFolder, szFolderName);
szCreateFolder[i]='\0';
szCreateFolder[i] = '\0';
CreateDirectoryA(szCreateFolder, 0);
}
}
@ -131,23 +131,23 @@ void EngineCreatePathForFile(char* szFileName)
void EngineCreatePathForFileW(wchar_t* szFileName)
{
int len=lstrlenW(szFileName);
while(szFileName[len]!=L'\\' && len)
int len = lstrlenW(szFileName);
while(szFileName[len] != L'\\' && len)
len--;
wchar_t szFolderName[MAX_PATH]=L"";
wchar_t szFolderName[MAX_PATH] = L"";
lstrcpyW(szFolderName, szFileName);
if(len)
szFolderName[len+1]=L'\0';
szFolderName[len + 1] = L'\0';
else //just a filename
return;
len=lstrlenW(szFolderName);
wchar_t szCreateFolder[MAX_PATH]=L"";
for(int i=3; i<len; i++)
len = lstrlenW(szFolderName);
wchar_t szCreateFolder[MAX_PATH] = L"";
for(int i = 3; i < len; i++)
{
if(szFolderName[i]=='\\')
if(szFolderName[i] == '\\')
{
lstrcpyW(szCreateFolder, szFolderName);
szCreateFolder[i]='\0';
szCreateFolder[i] = '\0';
CreateDirectoryW(szCreateFolder, 0);
}
}
@ -168,7 +168,7 @@ wchar_t* EngineExtractFileNameW(wchar_t* szFileName)
}
if(szFileName[i] == 0x5C)
{
int len=lstrlenW(szFileName);
int len = lstrlenW(szFileName);
for(j = i + 1; j <= len; j++)
{
engineExtractedFileNameW[x] = szFileName[j];
@ -455,14 +455,14 @@ bool EngineExtractResource(char* szResourceName, wchar_t* szExtractedFileName)
bool EngineIsDependencyPresent(char* szFileName, char* szDependencyForFile, char* szPresentInFolder)
{
int i,j;
int i, j;
HANDLE hFile;
char szTryFileName[512] = {0};
if(szPresentInFolder != NULL && szFileName != NULL)
{
lstrcpyA(szTryFileName, szPresentInFolder);
if(szTryFileName[lstrlenA(szTryFileName)-1] != 0x5C)
if(szTryFileName[lstrlenA(szTryFileName) - 1] != 0x5C)
{
szTryFileName[lstrlenA(szTryFileName)] = 0x5C;
}
@ -532,14 +532,14 @@ bool EngineIsDependencyPresent(char* szFileName, char* szDependencyForFile, char
bool EngineIsDependencyPresentW(wchar_t* szFileName, wchar_t* szDependencyForFile, wchar_t* szPresentInFolder)
{
int i,j;
int i, j;
HANDLE hFile;
wchar_t szTryFileName[512] = {0};
if(szPresentInFolder != NULL)
{
lstrcpyW(szTryFileName, szPresentInFolder);
if(szTryFileName[lstrlenW(szTryFileName)-1] != 0x5C)
if(szTryFileName[lstrlenW(szTryFileName) - 1] != 0x5C)
{
szTryFileName[lstrlenW(szTryFileName)] = 0x5C;
}
@ -610,13 +610,13 @@ bool EngineGetDependencyLocation(char* szFileName, char* szDependencyForFile, vo
{
wchar_t uniFileName[MAX_PATH] = {0};
wchar_t uniDependencyForFile[MAX_PATH] = {0};
wchar_t * uniLocationOfTheFile = (WCHAR *)malloc(sizeof(WCHAR) * MaxStringSize);
wchar_t* uniLocationOfTheFile = (WCHAR*)malloc(sizeof(WCHAR) * MaxStringSize);
MultiByteToWideChar(CP_ACP, NULL, szFileName, -1, uniFileName, _countof(uniFileName));
MultiByteToWideChar(CP_ACP, NULL, szDependencyForFile, -1, uniDependencyForFile, _countof(uniDependencyForFile));
if (EngineGetDependencyLocationW(uniFileName, uniDependencyForFile, uniLocationOfTheFile, MaxStringSize))
if(EngineGetDependencyLocationW(uniFileName, uniDependencyForFile, uniLocationOfTheFile, MaxStringSize))
{
bool retVal = (WideCharToMultiByte(CP_ACP, NULL, uniLocationOfTheFile, -1, (char *)szLocationOfTheFile, MaxStringSize, NULL, NULL) != 0);
bool retVal = (WideCharToMultiByte(CP_ACP, NULL, uniLocationOfTheFile, -1, (char*)szLocationOfTheFile, MaxStringSize, NULL, NULL) != 0);
free(uniLocationOfTheFile);
return retVal;
}
@ -627,7 +627,7 @@ bool EngineGetDependencyLocation(char* szFileName, char* szDependencyForFile, vo
bool EngineGetDependencyLocationW(wchar_t* szFileName, wchar_t* szDependencyForFile, void* szLocationOfTheFile, int MaxStringSize)
{
int i,j;
int i, j;
HANDLE hFile;
wchar_t szTryFileName[512] = {0};
@ -796,7 +796,7 @@ bool EngineValidateHeader(ULONG_PTR FileMapVA, HANDLE hFileProc, LPVOID ImageBas
DWORD MemorySize = NULL;
PIMAGE_NT_HEADERS PEHeader;
IMAGE_NT_HEADERS RemotePEHeader;
MEMORY_BASIC_INFORMATION MemoryInfo= {0};
MEMORY_BASIC_INFORMATION MemoryInfo = {0};
ULONG_PTR NumberOfBytesRW = NULL;
if(IsFile)
@ -966,7 +966,7 @@ ULONG_PTR EngineSimulateDllLoader(HANDLE hProcess, char* szFileName)
{
WCHAR uniFileName[MAX_PATH] = {0};
if (hProcess && szFileName)
if(hProcess && szFileName)
{
MultiByteToWideChar(CP_ACP, NULL, szFileName, -1, uniFileName, _countof(uniFileName));
return EngineSimulateDllLoaderW(hProcess, uniFileName);
@ -992,9 +992,9 @@ ULONG_PTR EngineSimulateDllLoaderW(HANDLE hProcess, wchar_t* szFileName)
PIMAGE_EXPORT_DIRECTORY PEExports;
PEXPORTED_DATA ExportedFunctionNames;
ULONG_PTR ConvertedExport = NULL;
WCHAR szFileRemoteProc[1024]= {0};
WCHAR szDLLFileLocation[512]= {0};
WCHAR* szTranslatedProcName=0;
WCHAR szFileRemoteProc[1024] = {0};
WCHAR szDLLFileLocation[512] = {0};
WCHAR* szTranslatedProcName = 0;
GetProcessImageFileNameW(hProcess, szFileRemoteProc, _countof(szFileRemoteProc));
@ -1271,11 +1271,11 @@ ULONG_PTR EngineGlobalAPIHandler(HANDLE handleProcess, ULONG_PTR EnumedModulesBa
HANDLE hProcess = NULL;
ULONG_PTR EnumeratedModules[0x1000] = {0};
ULONG_PTR LoadedModules[1000][4] = {0};
char RemoteDLLName[MAX_PATH]= {0};
char FullRemoteDLLName[MAX_PATH]= {0};
char szWindowsSideBySide[MAX_PATH]= {0};
char szWindowsSideBySideCmp[MAX_PATH]= {0};
char szWindowsKernelBase[MAX_PATH]= {0};
char RemoteDLLName[MAX_PATH] = {0};
char FullRemoteDLLName[MAX_PATH] = {0};
char szWindowsSideBySide[MAX_PATH] = {0};
char szWindowsSideBySideCmp[MAX_PATH] = {0};
char szWindowsKernelBase[MAX_PATH] = {0};
HANDLE hLoadedModule = NULL;
HANDLE ModuleHandle = NULL;
PIMAGE_DOS_HEADER DOSHeader;
@ -2008,7 +2008,7 @@ ULONG_PTR EngineGlobalAPIHandler(HANDLE handleProcess, ULONG_PTR EnumedModulesBa
{
if(ReturnType == UE_OPTION_IMPORTER_RETURN_API_ORDINAL_NUMBER || ReturnType == UE_OPTION_IMPORTER_RETURN_FORWARDER_API_ORDINAL_NUMBER)
{
return((ULONG_PTR)-1);
return((ULONG_PTR) - 1);
}
else
{

2
TitanEngine/Global.Handle.cpp
View File

@ -6,7 +6,7 @@
bool EngineCloseHandle(HANDLE myHandle)
{
DWORD HandleFlags;
if(GetHandleInformation(myHandle, &HandleFlags) && (HandleFlags&HANDLE_FLAG_PROTECT_FROM_CLOSE)!=HANDLE_FLAG_PROTECT_FROM_CLOSE)
if(GetHandleInformation(myHandle, &HandleFlags) && (HandleFlags & HANDLE_FLAG_PROTECT_FROM_CLOSE) != HANDLE_FLAG_PROTECT_FROM_CLOSE)
return !!CloseHandle(myHandle);
return false;
}

12
TitanEngine/Global.Helper.cpp
View File

@ -3,7 +3,7 @@
bool IsStrEqual( const char* const a, const char* const b, bool considercase/*=true*/ )
bool IsStrEqual(const char* const a, const char* const b, bool considercase/*=true*/)
{
const int stringlen = (int)std::strlen(a);
if(stringlen != std::strlen(b))
@ -12,13 +12,13 @@ bool IsStrEqual( const char* const a, const char* const b, bool considercase/*=t
if(considercase)
{
//plain old strcmp
return std::strcmp(a, b)==0;
return std::strcmp(a, b) == 0;
}
else
{
for(int i=0; i<stringlen; i++)
for(int i = 0; i < stringlen; i++)
{
if (tolower(a[i]) != tolower(b[i]))
if(tolower(a[i]) != tolower(b[i]))
return false;
}
@ -26,7 +26,7 @@ bool IsStrEqual( const char* const a, const char* const b, bool considercase/*=t
}
}
void* MemAlloc( size_t sz )
void* MemAlloc(size_t sz)
{
void* r = malloc(sz);
if(r)
@ -34,7 +34,7 @@ void* MemAlloc( size_t sz )
return r;
}
void MemFree( void* mem )
void MemFree(void* mem)
{
free(mem);
}

14
TitanEngine/Global.Helper.h
View File

@ -10,7 +10,7 @@ a : string 1
b : string 2
considercase : casesensitivity
*/
bool IsStrEqual(const char* const a, const char* const b, bool considercase=true);
bool IsStrEqual(const char* const a, const char* const b, bool considercase = true);
/*
A basic dynamic buffer, exception free.
@ -18,7 +18,7 @@ A basic dynamic buffer, exception free.
class DynBuf
{
public:
DynBuf(size_t sz=0)
DynBuf(size_t sz = 0)
{
Allocate(sz);
}
@ -26,7 +26,7 @@ public:
void* Allocate(size_t sz)
{
void* r=NULL;
void* r = NULL;
try
{
if(Size() < sz)
@ -52,11 +52,11 @@ public:
{
mem.clear();
}
DynBufVec& GetVector()
DynBufVec & GetVector()
{
return mem;
}
const DynBufVec& GetVector() const
const DynBufVec & GetVector() const
{
return mem;
}
@ -67,11 +67,11 @@ public:
protected:
char& operator[](std::size_t idx)
char & operator[](std::size_t idx)
{
return mem[idx];
};
const char& operator[](std::size_t idx) const
const char & operator[](std::size_t idx) const
{
return mem[idx];
};

42
TitanEngine/Global.Injector.cpp
View File

@ -10,11 +10,11 @@ long injectedRemoteLoadLibrary(LPVOID Parameter)
PInjectCodeData APIData = (PInjectCodeData)Parameter;
Parameter = (LPVOID)((ULONG_PTR)Parameter + sizeof InjectCodeData);
#if !defined(_WIN64)
typedef ULONG_PTR(WINAPI *fLoadLibraryW)(LPCWSTR fLibraryName);
typedef ULONG_PTR(WINAPI *fVirtualFree)(LPVOID fMemBase, SIZE_T fMemSize, DWORD fFreeType);
typedef ULONG_PTR(WINAPI * fLoadLibraryW)(LPCWSTR fLibraryName);
typedef ULONG_PTR(WINAPI * fVirtualFree)(LPVOID fMemBase, SIZE_T fMemSize, DWORD fFreeType);
#else
typedef ULONG_PTR(__fastcall *fLoadLibraryW)(LPCWSTR fLibraryName);
typedef ULONG_PTR(__fastcall *fVirtualFree)(LPVOID fMemBase, SIZE_T fMemSize, DWORD fFreeType);
typedef ULONG_PTR(__fastcall * fLoadLibraryW)(LPCWSTR fLibraryName);
typedef ULONG_PTR(__fastcall * fVirtualFree)(LPVOID fMemBase, SIZE_T fMemSize, DWORD fFreeType);
#endif
fLoadLibraryW cLoadLibraryW = (fLoadLibraryW)(APIData->fLoadLibrary);
fVirtualFree cVirtualFree = (fVirtualFree)(APIData->fVirtualFree);
@ -33,11 +33,11 @@ long injectedRemoteFreeLibrary(LPVOID Parameter)
PInjectCodeData APIData = (PInjectCodeData)Parameter;
#if !defined(_WIN64)
typedef ULONG_PTR(WINAPI *fFreeLibrary)(HMODULE fLibBase);
typedef ULONG_PTR(WINAPI *fVirtualFree)(LPVOID fMemBase, SIZE_T fMemSize, DWORD fFreeType);
typedef ULONG_PTR(WINAPI * fFreeLibrary)(HMODULE fLibBase);
typedef ULONG_PTR(WINAPI * fVirtualFree)(LPVOID fMemBase, SIZE_T fMemSize, DWORD fFreeType);
#else
typedef ULONG_PTR(__fastcall *fFreeLibrary)(HMODULE fLibBase);
typedef ULONG_PTR(__fastcall *fVirtualFree)(LPVOID fMemBase, SIZE_T fMemSize, DWORD fFreeType);
typedef ULONG_PTR(__fastcall * fFreeLibrary)(HMODULE fLibBase);
typedef ULONG_PTR(__fastcall * fVirtualFree)(LPVOID fMemBase, SIZE_T fMemSize, DWORD fFreeType);
#endif
fFreeLibrary cFreeLibrary = (fFreeLibrary)(APIData->fFreeLibrary);
fVirtualFree cVirtualFree = (fVirtualFree)(APIData->fVirtualFree);
@ -58,13 +58,13 @@ long injectedRemoteFreeLibrarySimple(LPVOID Parameter)
LPVOID orgParameter = Parameter;
Parameter = (LPVOID)((ULONG_PTR)Parameter + sizeof InjectCodeData);
#if !defined(_WIN64)
typedef ULONG_PTR(WINAPI *fFreeLibrary)(HMODULE fLibBase);
typedef HMODULE(WINAPI *fGetModuleHandleW)(LPCWSTR fLibraryName);
typedef ULONG_PTR(WINAPI *fVirtualFree)(LPVOID fMemBase, SIZE_T fMemSize, DWORD fFreeType);
typedef ULONG_PTR(WINAPI * fFreeLibrary)(HMODULE fLibBase);
typedef HMODULE(WINAPI * fGetModuleHandleW)(LPCWSTR fLibraryName);
typedef ULONG_PTR(WINAPI * fVirtualFree)(LPVOID fMemBase, SIZE_T fMemSize, DWORD fFreeType);
#else
typedef ULONG_PTR(__fastcall *fFreeLibrary)(HMODULE fLibBase);
typedef HMODULE(__fastcall *fGetModuleHandleW)(LPCWSTR fLibraryName);
typedef ULONG_PTR(__fastcall *fVirtualFree)(LPVOID fMemBase, SIZE_T fMemSize, DWORD fFreeType);
typedef ULONG_PTR(__fastcall * fFreeLibrary)(HMODULE fLibBase);
typedef HMODULE(__fastcall * fGetModuleHandleW)(LPCWSTR fLibraryName);
typedef ULONG_PTR(__fastcall * fVirtualFree)(LPVOID fMemBase, SIZE_T fMemSize, DWORD fFreeType);
#endif
fGetModuleHandleW cGetModuleHandleW = (fGetModuleHandleW)(APIData->fGetModuleHandle);
fFreeLibrary cFreeLibrary = (fFreeLibrary)(APIData->fFreeLibrary);
@ -93,9 +93,9 @@ long injectedExitProcess(LPVOID Parameter)
PInjectCodeData APIData = (PInjectCodeData)Parameter;
#if !defined(_WIN64)
typedef ULONG_PTR(WINAPI *fExitProcess)(DWORD fExitCode);
typedef ULONG_PTR(WINAPI * fExitProcess)(DWORD fExitCode);
#else
typedef ULONG_PTR(__fastcall *fExitProcess)(DWORD fExitCode);
typedef ULONG_PTR(__fastcall * fExitProcess)(DWORD fExitCode);
#endif
fExitProcess cExitProcess = (fExitProcess)(APIData->fExitProcess);
long retValue = NULL;
@ -126,16 +126,16 @@ long injectedImpRec(LPVOID Parameter)
HANDLE hFileMap;
PInjectImpRecCodeData APIData = (PInjectImpRecCodeData)Parameter;
LPVOID szFileName = (LPVOID)((ULONG_PTR)Parameter + sizeof InjectImpRecCodeData);
typedef ULONG_PTR(__cdecl *fTrace)(DWORD hFileMap, DWORD dwSizeMap, DWORD dwTimeOut, DWORD dwToTrace, DWORD dwExactCall);
typedef HANDLE(WINAPI *fCreateFileW)(LPCWSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile);
typedef HANDLE(WINAPI *fCreateFileMappingA)(HANDLE hFile, LPSECURITY_ATTRIBUTES lpFileMappingAttributes, DWORD flProtect, DWORD dwMaximumSizeHigh, DWORD dwMaximumSizeLow, LPCSTR lpName);
typedef BOOL(__cdecl *fCloseHandle)(HANDLE hHandle);
typedef ULONG_PTR(__cdecl * fTrace)(DWORD hFileMap, DWORD dwSizeMap, DWORD dwTimeOut, DWORD dwToTrace, DWORD dwExactCall);
typedef HANDLE(WINAPI * fCreateFileW)(LPCWSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile);
typedef HANDLE(WINAPI * fCreateFileMappingA)(HANDLE hFile, LPSECURITY_ATTRIBUTES lpFileMappingAttributes, DWORD flProtect, DWORD dwMaximumSizeHigh, DWORD dwMaximumSizeLow, LPCSTR lpName);
typedef BOOL(__cdecl * fCloseHandle)(HANDLE hHandle);
fTrace cTrace = (fTrace)(APIData->fTrace);
fCreateFileW cCreateFileW = (fCreateFileW)(APIData->fCreateFileA);
fCloseHandle cCloseHandle = (fCloseHandle)(APIData->fCloseHandle);
fCreateFileMappingA cCreateFileMappingA = (fCreateFileMappingA)(APIData->fCreateFileMappingA);
hFile = cCreateFileW((LPCWSTR)szFileName, GENERIC_READ+GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
hFile = cCreateFileW((LPCWSTR)szFileName, GENERIC_READ + GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
if(hFile != INVALID_HANDLE_VALUE)
{
hFileMap = cCreateFileMappingA(hFile, NULL, 4, NULL, 0x100, NULL);

14
TitanEngine/Global.Mapping.cpp
View File

@ -24,13 +24,13 @@ bool MapFileEx(char* szFileName, DWORD ReadOrWrite, LPHANDLE FileHandle, LPDWORD
}
else if(ReadOrWrite == UE_ACCESS_ALL)
{
FileAccess = GENERIC_READ+GENERIC_WRITE+GENERIC_EXECUTE;
FileAccess = GENERIC_READ + GENERIC_WRITE + GENERIC_EXECUTE;
FileMapType = PAGE_EXECUTE_READWRITE;
FileMapViewType = FILE_MAP_WRITE;
}
else
{
FileAccess = GENERIC_READ+GENERIC_WRITE+GENERIC_EXECUTE;
FileAccess = GENERIC_READ + GENERIC_WRITE + GENERIC_EXECUTE;
FileMapType = PAGE_EXECUTE_READWRITE;
FileMapViewType = FILE_MAP_ALL_ACCESS;
}
@ -39,7 +39,7 @@ bool MapFileEx(char* szFileName, DWORD ReadOrWrite, LPHANDLE FileHandle, LPDWORD
if(hFile != INVALID_HANDLE_VALUE)
{
*FileHandle = hFile;
DWORD mfFileSize = GetFileSize(hFile,NULL);
DWORD mfFileSize = GetFileSize(hFile, NULL);
mfFileSize = mfFileSize + SizeModifier;
*FileSize = mfFileSize;
HANDLE mfFileMap = CreateFileMappingA(hFile, NULL, FileMapType, NULL, mfFileSize, NULL);
@ -85,13 +85,13 @@ bool MapFileExW(wchar_t* szFileName, DWORD ReadOrWrite, LPHANDLE FileHandle, LPD
}
else if(ReadOrWrite == UE_ACCESS_ALL)
{
FileAccess = GENERIC_READ+GENERIC_WRITE+GENERIC_EXECUTE;
FileAccess = GENERIC_READ + GENERIC_WRITE + GENERIC_EXECUTE;
FileMapType = PAGE_EXECUTE_READWRITE;
FileMapViewType = FILE_MAP_WRITE;
}
else
{
FileAccess = GENERIC_READ+GENERIC_WRITE+GENERIC_EXECUTE;
FileAccess = GENERIC_READ + GENERIC_WRITE + GENERIC_EXECUTE;
FileMapType = PAGE_EXECUTE_READWRITE;
FileMapViewType = FILE_MAP_ALL_ACCESS;
}
@ -100,7 +100,7 @@ bool MapFileExW(wchar_t* szFileName, DWORD ReadOrWrite, LPHANDLE FileHandle, LPD
if(hFile != INVALID_HANDLE_VALUE)
{
*FileHandle = hFile;
DWORD mfFileSize = GetFileSize(hFile,NULL);
DWORD mfFileSize = GetFileSize(hFile, NULL);
mfFileSize = mfFileSize + SizeModifier;
*FileSize = mfFileSize;
HANDLE mfFileMap = CreateFileMappingA(hFile, NULL, FileMapType, NULL, mfFileSize, NULL);
@ -131,7 +131,7 @@ void UnMapFileEx(HANDLE FileHandle, DWORD FileSize, HANDLE FileMap, ULONG_PTR Fi
if(UnmapViewOfFile((void*)FileMapVA))
{
EngineCloseHandle(FileMap);
SetFilePointer(FileHandle,FileSize,NULL,FILE_BEGIN);
SetFilePointer(FileHandle, FileSize, NULL, FILE_BEGIN);
SetEndOfFile(FileHandle);
EngineCloseHandle(FileHandle);
}

16
TitanEngine/Global.OEPFinder.cpp
View File

@ -17,10 +17,10 @@ void GenericOEPVirtualProtectHit()
DWORD NewProtect = 0;
DWORD OldProtect = 0;
int bpcount=(int)BreakPointBuffer.size();
for(int i=0; i<bpcount; i++)
int bpcount = (int)BreakPointBuffer.size();
for(int i = 0; i < bpcount; i++)
{
BreakPointDetail curDetail=BreakPointBuffer.at(i);
BreakPointDetail curDetail = BreakPointBuffer.at(i);
if(curDetail.BreakPointType == UE_MEMORY && curDetail.BreakPointActive == UE_BPXACTIVE)
{
VirtualQueryEx(dbgProcessInformation.hProcess, (LPVOID)curDetail.BreakPointAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
@ -39,7 +39,7 @@ void GenericOEPTraceHit()
{
char* szInstructionType;
typedef void(TITCALL *fEPCallBack)();
typedef void(TITCALL * fEPCallBack)();
fEPCallBack myEPCallBack = (fEPCallBack)glbEntryTracerData.EPCallBack;
LPDEBUG_EVENT myDbgEvent = (LPDEBUG_EVENT)GetDebugData();
@ -59,7 +59,7 @@ void GenericOEPTraceHited()
bool FakeEPDetected = false;
ULONG_PTR NumberOfBytesRW;
LPDEBUG_EVENT myDbgEvent = (LPDEBUG_EVENT)GetDebugData();
typedef void(TITCALL *fEPCallBack)();
typedef void(TITCALL * fEPCallBack)();
fEPCallBack myEPCallBack = (fEPCallBack)glbEntryTracerData.EPCallBack;
PMEMORY_COMPARE_HANDLER myCmpHandler;
ULONG_PTR memBpxAddress;
@ -98,11 +98,11 @@ void GenericOEPTraceHited()
if(ReadProcessMemory(dbgProcessInformation.hProcess, (void*)(glbEntryTracerData.CurrentIntructionPointer), lpHashBuffer, MAXIMUM_INSTRUCTION_SIZE, &NumberOfBytesRW))
{
myCmpHandler = (PMEMORY_COMPARE_HANDLER)(lpHashBuffer);
if(myCmpHandler->Array.bArrayEntry[0] == 0xC3) // RET
if(myCmpHandler->Array.bArrayEntry[0] == 0xC3) // RET
{
FakeEPDetected = true;
}
else if(myCmpHandler->Array.bArrayEntry[0] == 0x33 && myCmpHandler->Array.bArrayEntry[1] == 0xC0 && myCmpHandler->Array.bArrayEntry[2] == 0xC3) // XOR EAX,EAX; RET
else if(myCmpHandler->Array.bArrayEntry[0] == 0x33 && myCmpHandler->Array.bArrayEntry[1] == 0xC0 && myCmpHandler->Array.bArrayEntry[2] == 0xC3) // XOR EAX,EAX; RET
{
FakeEPDetected = true;
}
@ -201,7 +201,7 @@ void GenericOEPTraceInit()
int i;
void* lpHashBuffer;
ULONG_PTR NumberOfBytesRW;
typedef void(TITCALL *fInitCallBack)();
typedef void(TITCALL * fInitCallBack)();
fInitCallBack myInitCallBack = (fInitCallBack)glbEntryTracerData.InitCallBack;
if(glbEntryTracerData.FileIsDLL)

238
TitanEngine/LzmaDec.cpp
View File

@ -135,9 +135,9 @@ Out:
= kMatchSpecLenStart + 2 : State Init Marker
*/
static int MY_FAST_CALL LzmaDec_DecodeReal(CLzmaDec *p, SizeT limit, const Byte *bufLimit)
static int MY_FAST_CALL LzmaDec_DecodeReal(CLzmaDec* p, SizeT limit, const Byte* bufLimit)
{
CLzmaProb *probs = p->probs;
CLzmaProb* probs = p->probs;
unsigned state = p->state;
UInt32 rep0 = p->reps[0], rep1 = p->reps[1], rep2 = p->reps[2], rep3 = p->reps[3];
@ -145,7 +145,7 @@ static int MY_FAST_CALL LzmaDec_DecodeReal(CLzmaDec *p, SizeT limit, const Byte
unsigned lpMask = ((unsigned)1 << (p->prop.lp)) - 1;
unsigned lc = p->prop.lc;
Byte *dic = p->dic;
Byte* dic = p->dic;
SizeT dicBufSize = p->dicBufSize;
SizeT dicPos = p->dicPos;
@ -153,13 +153,13 @@ static int MY_FAST_CALL LzmaDec_DecodeReal(CLzmaDec *p, SizeT limit, const Byte
UInt32 checkDicSize = p->checkDicSize;
unsigned len = 0;
const Byte *buf = p->buf;
const Byte* buf = p->buf;
UInt32 range = p->range;
UInt32 code = p->code;
do
{
CLzmaProb *prob;
CLzmaProb* prob;
UInt32 bound;
unsigned ttt;
unsigned posState = processedPos & pbMask;
@ -170,18 +170,18 @@ static int MY_FAST_CALL LzmaDec_DecodeReal(CLzmaDec *p, SizeT limit, const Byte
unsigned symbol;
UPDATE_0(prob);
prob = probs + Literal;
if (checkDicSize != 0 || processedPos != 0)
if(checkDicSize != 0 || processedPos != 0)
prob += (LZMA_LIT_SIZE * (((processedPos & lpMask) << lc) +
(dic[(dicPos == 0 ? dicBufSize : dicPos) - 1] >> (8 - lc))));
if (state < kNumLitStates)
if(state < kNumLitStates)
{
symbol = 1;
do
{
GET_BIT(prob + symbol, symbol)
}
while (symbol < 0x100);
while(symbol < 0x100);
}
else
{
@ -191,13 +191,13 @@ static int MY_FAST_CALL LzmaDec_DecodeReal(CLzmaDec *p, SizeT limit, const Byte
do
{
unsigned bit;
CLzmaProb *probLit;
CLzmaProb* probLit;
matchByte <<= 1;
bit = (matchByte & offs);
probLit = prob + offs + bit + symbol;
GET_BIT2(probLit, symbol, offs &= ~bit, offs &= bit)
}
while (symbol < 0x100);
while(symbol < 0x100);
}
dic[dicPos++] = (Byte)symbol;
processedPos++;
@ -219,7 +219,7 @@ static int MY_FAST_CALL LzmaDec_DecodeReal(CLzmaDec *p, SizeT limit, const Byte
else
{
UPDATE_1(prob);
if (checkDicSize == 0 && processedPos == 0)
if(checkDicSize == 0 && processedPos == 0)
return SZ_ERROR_DATA;
prob = probs + IsRepG0 + state;
IF_BIT_0(prob)
@ -272,7 +272,7 @@ static int MY_FAST_CALL LzmaDec_DecodeReal(CLzmaDec *p, SizeT limit, const Byte
}
{
unsigned limit, offset;
CLzmaProb *probLen = prob + LenChoice;
CLzmaProb* probLen = prob + LenChoice;
IF_BIT_0(probLen)
{
UPDATE_0(probLen);
@ -303,18 +303,18 @@ static int MY_FAST_CALL LzmaDec_DecodeReal(CLzmaDec *p, SizeT limit, const Byte
len += offset;
}
if (state >= kNumStates)
if(state >= kNumStates)
{
UInt32 distance;
prob = probs + PosSlot +
((len < kNumLenToPosStates ? len : kNumLenToPosStates - 1) << kNumPosSlotBits);
TREE_6_DECODE(prob, distance);
if (distance >= kStartPosModelIndex)
if(distance >= kStartPosModelIndex)
{
unsigned posSlot = (unsigned)distance;
int numDirectBits = (int)(((distance >> 1) - 1));
distance = (2 | (distance & 1));
if (posSlot < kEndPosModelIndex)
if(posSlot < kEndPosModelIndex)
{
distance <<= numDirectBits;
prob = probs + SpecPos + distance - posSlot - 1;
@ -326,7 +326,7 @@ static int MY_FAST_CALL LzmaDec_DecodeReal(CLzmaDec *p, SizeT limit, const Byte
GET_BIT2(prob + i, i, ; , distance |= mask);
mask <<= 1;
}
while (--numDirectBits != 0);
while(--numDirectBits != 0);
}
}
else
@ -353,7 +353,7 @@ static int MY_FAST_CALL LzmaDec_DecodeReal(CLzmaDec *p, SizeT limit, const Byte
}
*/
}
while (--numDirectBits != 0);
while(--numDirectBits != 0);
prob = probs + Align;
distance <<= kNumAlignBits;
{
@ -363,7 +363,7 @@ static int MY_FAST_CALL LzmaDec_DecodeReal(CLzmaDec *p, SizeT limit, const Byte
GET_BIT2(prob + i, i, ; , distance |= 4);
GET_BIT2(prob + i, i, ; , distance |= 8);
}
if (distance == (UInt32)0xFFFFFFFF)
if(distance == (UInt32)0xFFFFFFFF)
{
len += kMatchSpecLenStart;
state -= kNumStates;
@ -375,12 +375,12 @@ static int MY_FAST_CALL LzmaDec_DecodeReal(CLzmaDec *p, SizeT limit, const Byte
rep2 = rep1;
rep1 = rep0;
rep0 = distance + 1;
if (checkDicSize == 0)
if(checkDicSize == 0)
{
if (distance >= processedPos)
if(distance >= processedPos)
return SZ_ERROR_DATA;
}
else if (distance >= checkDicSize)
else if(distance >= checkDicSize)
return SZ_ERROR_DATA;
state = (state < kNumStates + kNumLitStates) ? kNumLitStates : kNumLitStates + 3;
/* state = kLiteralNextStates[state]; */
@ -388,7 +388,7 @@ static int MY_FAST_CALL LzmaDec_DecodeReal(CLzmaDec *p, SizeT limit, const Byte
len += kMatchMinLen;
if (limit == dicPos)
if(limit == dicPos)
return SZ_ERROR_DATA;
{
SizeT rem = limit - dicPos;
@ -398,30 +398,30 @@ static int MY_FAST_CALL LzmaDec_DecodeReal(CLzmaDec *p, SizeT limit, const Byte
processedPos += curLen;
len -= curLen;
if (pos + curLen <= dicBufSize)
if(pos + curLen <= dicBufSize)
{
Byte *dest = dic + dicPos;
Byte* dest = dic + dicPos;
ptrdiff_t src = (ptrdiff_t)pos - (ptrdiff_t)dicPos;
const Byte *lim = dest + curLen;
const Byte* lim = dest + curLen;
dicPos += curLen;
do
*(dest) = (Byte)*(dest + src);
while (++dest != lim);
*(dest) = (Byte) * (dest + src);
while(++dest != lim);
}
else
{
do
{
dic[dicPos++] = dic[pos];
if (++pos == dicBufSize)
if(++pos == dicBufSize)
pos = 0;
}
while (--curLen != 0);
while(--curLen != 0);
}
}
}
}
while (dicPos < limit && buf < bufLimit);
while(dicPos < limit && buf < bufLimit);
NORMALIZE;
p->buf = buf;
p->range = range;
@ -438,24 +438,24 @@ static int MY_FAST_CALL LzmaDec_DecodeReal(CLzmaDec *p, SizeT limit, const Byte
return SZ_OK;
}
static void MY_FAST_CALL LzmaDec_WriteRem(CLzmaDec *p, SizeT limit)
static void MY_FAST_CALL LzmaDec_WriteRem(CLzmaDec* p, SizeT limit)
{
if (p->remainLen != 0 && p->remainLen < kMatchSpecLenStart)
if(p->remainLen != 0 && p->remainLen < kMatchSpecLenStart)
{
Byte *dic = p->dic;
Byte* dic = p->dic;
SizeT dicPos = p->dicPos;
SizeT dicBufSize = p->dicBufSize;
unsigned len = p->remainLen;
UInt32 rep0 = p->reps[0];
if (limit - dicPos < len)
if(limit - dicPos < len)
len = (unsigned)(limit - dicPos);
if (p->checkDicSize == 0 && p->prop.dicSize - p->processedPos <= len)
if(p->checkDicSize == 0 && p->prop.dicSize - p->processedPos <= len)
p->checkDicSize = p->prop.dicSize;
p->processedPos += len;
p->remainLen -= len;
while (len-- != 0)
while(len-- != 0)
{
dic[dicPos] = dic[(dicPos - rep0) + ((dicPos < rep0) ? dicBufSize : 0)];
dicPos++;
@ -464,25 +464,25 @@ static void MY_FAST_CALL LzmaDec_WriteRem(CLzmaDec *p, SizeT limit)
}
}
static int MY_FAST_CALL LzmaDec_DecodeReal2(CLzmaDec *p, SizeT limit, const Byte *bufLimit)
static int MY_FAST_CALL LzmaDec_DecodeReal2(CLzmaDec* p, SizeT limit, const Byte* bufLimit)
{
do
{
SizeT limit2 = limit;
if (p->checkDicSize == 0)
if(p->checkDicSize == 0)
{
UInt32 rem = p->prop.dicSize - p->processedPos;
if (limit - p->dicPos > rem)
if(limit - p->dicPos > rem)
limit2 = p->dicPos + rem;
}
RINOK(LzmaDec_DecodeReal(p, limit2, bufLimit));
if (p->processedPos >= p->prop.dicSize)
if(p->processedPos >= p->prop.dicSize)
p->checkDicSize = p->prop.dicSize;
LzmaDec_WriteRem(p, limit);
}
while (p->dicPos < limit && p->buf < bufLimit && p->remainLen < kMatchSpecLenStart);
while(p->dicPos < limit && p->buf < bufLimit && p->remainLen < kMatchSpecLenStart);
if (p->remainLen > kMatchSpecLenStart)
if(p->remainLen > kMatchSpecLenStart)
{
p->remainLen = kMatchSpecLenStart;
}
@ -497,17 +497,17 @@ typedef enum
DUMMY_REP
} ELzmaDummy;
static ELzmaDummy LzmaDec_TryDummy(const CLzmaDec *p, const Byte *buf, SizeT inSize)
static ELzmaDummy LzmaDec_TryDummy(const CLzmaDec* p, const Byte* buf, SizeT inSize)
{
UInt32 range = p->range;
UInt32 code = p->code;
const Byte *bufLimit = buf + inSize;
CLzmaProb *probs = p->probs;
const Byte* bufLimit = buf + inSize;
CLzmaProb* probs = p->probs;
unsigned state = p->state;
ELzmaDummy res;
{
CLzmaProb *prob;
CLzmaProb* prob;
UInt32 bound;
unsigned ttt;
unsigned posState = (p->processedPos) & ((1 << p->prop.pb) - 1);
@ -520,19 +520,19 @@ static ELzmaDummy LzmaDec_TryDummy(const CLzmaDec *p, const Byte *buf, SizeT inS
/* if (bufLimit - buf >= 7) return DUMMY_LIT; */
prob = probs + Literal;
if (p->checkDicSize != 0 || p->processedPos != 0)
if(p->checkDicSize != 0 || p->processedPos != 0)
prob += (LZMA_LIT_SIZE *
((((p->processedPos) & ((1 << (p->prop.lp)) - 1)) << p->prop.lc) +
(p->dic[(p->dicPos == 0 ? p->dicBufSize : p->dicPos) - 1] >> (8 - p->prop.lc))));
if (state < kNumLitStates)
if(state < kNumLitStates)
{
unsigned symbol = 1;
do
{
GET_BIT_CHECK(prob + symbol, symbol)
}
while (symbol < 0x100);
while(symbol < 0x100);
}
else
{
@ -543,13 +543,13 @@ static ELzmaDummy LzmaDec_TryDummy(const CLzmaDec *p, const Byte *buf, SizeT inS
do
{
unsigned bit;
CLzmaProb *probLit;
CLzmaProb* probLit;
matchByte <<= 1;
bit = (matchByte & offs);
probLit = prob + offs + bit + symbol;
GET_BIT2_CHECK(probLit, symbol, offs &= ~bit, offs &= bit)
}
while (symbol < 0x100);
while(symbol < 0x100);
}
res = DUMMY_LIT;
}
@ -613,7 +613,7 @@ static ELzmaDummy LzmaDec_TryDummy(const CLzmaDec *p, const Byte *buf, SizeT inS
}
{
unsigned limit, offset;
CLzmaProb *probLen = prob + LenChoice;
CLzmaProb* probLen = prob + LenChoice;
IF_BIT_0_CHECK(probLen)
{
UPDATE_0_CHECK;
@ -644,20 +644,20 @@ static ELzmaDummy LzmaDec_TryDummy(const CLzmaDec *p, const Byte *buf, SizeT inS
len += offset;
}
if (state < 4)
if(state < 4)
{
unsigned posSlot;
prob = probs + PosSlot +
((len < kNumLenToPosStates ? len : kNumLenToPosStates - 1) <<
kNumPosSlotBits);
TREE_DECODE_CHECK(prob, 1 << kNumPosSlotBits, posSlot);
if (posSlot >= kStartPosModelIndex)
if(posSlot >= kStartPosModelIndex)
{
int numDirectBits = ((posSlot >> 1) - 1);
/* if (bufLimit - buf >= 8) return DUMMY_MATCH; */
if (posSlot < kEndPosModelIndex)
if(posSlot < kEndPosModelIndex)
{
prob = probs + SpecPos + ((2 | (posSlot & 1)) << numDirectBits) - posSlot - 1;
}
@ -671,7 +671,7 @@ static ELzmaDummy LzmaDec_TryDummy(const CLzmaDec *p, const Byte *buf, SizeT inS
code -= range & (((code - range) >> 31) - 1);
/* if (code >= range) code -= range; */
}
while (--numDirectBits != 0);
while(--numDirectBits != 0);
prob = probs + Align;
numDirectBits = kNumAlignBits;
}
@ -681,7 +681,7 @@ static ELzmaDummy LzmaDec_TryDummy(const CLzmaDec *p, const Byte *buf, SizeT inS
{
GET_BIT_CHECK(prob + i, i);
}
while (--numDirectBits != 0);
while(--numDirectBits != 0);
}
}
}
@ -692,49 +692,49 @@ static ELzmaDummy LzmaDec_TryDummy(const CLzmaDec *p, const Byte *buf, SizeT inS
}
static void LzmaDec_InitRc(CLzmaDec *p, const Byte *data)
static void LzmaDec_InitRc(CLzmaDec* p, const Byte* data)
{
p->code = ((UInt32)data[1] << 24) | ((UInt32)data[2] << 16) | ((UInt32)data[3] << 8) | ((UInt32)data[4]);
p->range = 0xFFFFFFFF;
p->needFlush = 0;
}
void LzmaDec_InitDicAndState(CLzmaDec *p, Bool initDic, Bool initState)
void LzmaDec_InitDicAndState(CLzmaDec* p, Bool initDic, Bool initState)
{
p->needFlush = 1;
p->remainLen = 0;
p->tempBufSize = 0;
if (initDic)
if(initDic)
{
p->processedPos = 0;
p->checkDicSize = 0;
p->needInitState = 1;
}
if (initState)
if(initState)
p->needInitState = 1;
}
void LzmaDec_Init(CLzmaDec *p)
void LzmaDec_Init(CLzmaDec* p)
{
p->dicPos = 0;
LzmaDec_InitDicAndState(p, True, True);
}
static void LzmaDec_InitStateReal(CLzmaDec *p)
static void LzmaDec_InitStateReal(CLzmaDec* p)
{
UInt32 numProbs = Literal + ((UInt32)LZMA_LIT_SIZE << (p->prop.lc + p->prop.lp));
UInt32 i;
CLzmaProb *probs = p->probs;
for (i = 0; i < numProbs; i++)
CLzmaProb* probs = p->probs;
for(i = 0; i < numProbs; i++)
probs[i] = kBitModelTotal >> 1;
p->reps[0] = p->reps[1] = p->reps[2] = p->reps[3] = 1;
p->state = 0;
p->needInitState = 0;
}
SRes LzmaDec_DecodeToDic(CLzmaDec *p, SizeT dicLimit, const Byte *src, SizeT *srcLen,
ELzmaFinishMode finishMode, ELzmaStatus *status)
SRes LzmaDec_DecodeToDic(CLzmaDec* p, SizeT dicLimit, const Byte* src, SizeT* srcLen,
ELzmaFinishMode finishMode, ELzmaStatus* status)
{
SizeT inSize = *srcLen;
(*srcLen) = 0;
@ -742,20 +742,20 @@ SRes LzmaDec_DecodeToDic(CLzmaDec *p, SizeT dicLimit, const Byte *src, SizeT *sr
*status = LZMA_STATUS_NOT_SPECIFIED;
while (p->remainLen != kMatchSpecLenStart)
while(p->remainLen != kMatchSpecLenStart)
{
int checkEndMarkNow;
if (p->needFlush != 0)
if(p->needFlush != 0)
{
for (; inSize > 0 && p->tempBufSize < RC_INIT_SIZE; (*srcLen)++, inSize--)
for(; inSize > 0 && p->tempBufSize < RC_INIT_SIZE; (*srcLen)++, inSize--)
p->tempBuf[p->tempBufSize++] = *src++;
if (p->tempBufSize < RC_INIT_SIZE)
if(p->tempBufSize < RC_INIT_SIZE)
{
*status = LZMA_STATUS_NEEDS_MORE_INPUT;
return SZ_OK;
}
if (p->tempBuf[0] != 0)
if(p->tempBuf[0] != 0)
return SZ_ERROR_DATA;
LzmaDec_InitRc(p, p->tempBuf);
@ -763,19 +763,19 @@ SRes LzmaDec_DecodeToDic(CLzmaDec *p, SizeT dicLimit, const Byte *src, SizeT *sr
}
checkEndMarkNow = 0;
if (p->dicPos >= dicLimit)
if(p->dicPos >= dicLimit)
{
if (p->remainLen == 0 && p->code == 0)
if(p->remainLen == 0 && p->code == 0)
{
*status = LZMA_STATUS_MAYBE_FINISHED_WITHOUT_MARK;
return SZ_OK;
}
if (finishMode == LZMA_FINISH_ANY)
if(finishMode == LZMA_FINISH_ANY)
{
*status = LZMA_STATUS_NOT_FINISHED;
return SZ_OK;
}
if (p->remainLen != 0)
if(p->remainLen != 0)
{
*status = LZMA_STATUS_NOT_FINISHED;
return SZ_ERROR_DATA;
@ -783,17 +783,17 @@ SRes LzmaDec_DecodeToDic(CLzmaDec *p, SizeT dicLimit, const Byte *src, SizeT *sr
checkEndMarkNow = 1;
}
if (p->needInitState)
if(p->needInitState)
LzmaDec_InitStateReal(p);
if (p->tempBufSize == 0)
if(p->tempBufSize == 0)
{
SizeT processed;
const Byte *bufLimit;
if (inSize < LZMA_REQUIRED_INPUT_MAX || checkEndMarkNow)
const Byte* bufLimit;
if(inSize < LZMA_REQUIRED_INPUT_MAX || checkEndMarkNow)
{
int dummyRes = LzmaDec_TryDummy(p, src, inSize);
if (dummyRes == DUMMY_ERROR)
if(dummyRes == DUMMY_ERROR)
{
memcpy(p->tempBuf, src, inSize);
p->tempBufSize = (unsigned)inSize;
@ -801,7 +801,7 @@ SRes LzmaDec_DecodeToDic(CLzmaDec *p, SizeT dicLimit, const Byte *src, SizeT *sr
*status = LZMA_STATUS_NEEDS_MORE_INPUT;
return SZ_OK;
}
if (checkEndMarkNow && dummyRes != DUMMY_MATCH)
if(checkEndMarkNow && dummyRes != DUMMY_MATCH)
{
*status = LZMA_STATUS_NOT_FINISHED;
return SZ_ERROR_DATA;
@ -811,7 +811,7 @@ SRes LzmaDec_DecodeToDic(CLzmaDec *p, SizeT dicLimit, const Byte *src, SizeT *sr
else
bufLimit = src + inSize - LZMA_REQUIRED_INPUT_MAX;
p->buf = src;
if (LzmaDec_DecodeReal2(p, dicLimit, bufLimit) != 0)
if(LzmaDec_DecodeReal2(p, dicLimit, bufLimit) != 0)
return SZ_ERROR_DATA;
processed = (SizeT)(p->buf - src);
(*srcLen) += processed;
@ -821,26 +821,26 @@ SRes LzmaDec_DecodeToDic(CLzmaDec *p, SizeT dicLimit, const Byte *src, SizeT *sr
else
{
unsigned rem = p->tempBufSize, lookAhead = 0;
while (rem < LZMA_REQUIRED_INPUT_MAX && lookAhead < inSize)
while(rem < LZMA_REQUIRED_INPUT_MAX && lookAhead < inSize)
p->tempBuf[rem++] = src[lookAhead++];
p->tempBufSize = rem;
if (rem < LZMA_REQUIRED_INPUT_MAX || checkEndMarkNow)
if(rem < LZMA_REQUIRED_INPUT_MAX || checkEndMarkNow)
{
int dummyRes = LzmaDec_TryDummy(p, p->tempBuf, rem);
if (dummyRes == DUMMY_ERROR)
if(dummyRes == DUMMY_ERROR)
{
(*srcLen) += lookAhead;
*status = LZMA_STATUS_NEEDS_MORE_INPUT;
return SZ_OK;
}
if (checkEndMarkNow && dummyRes != DUMMY_MATCH)
if(checkEndMarkNow && dummyRes != DUMMY_MATCH)
{
*status = LZMA_STATUS_NOT_FINISHED;
return SZ_ERROR_DATA;
}
}
p->buf = p->tempBuf;
if (LzmaDec_DecodeReal2(p, dicLimit, p->buf) != 0)
if(LzmaDec_DecodeReal2(p, dicLimit, p->buf) != 0)
return SZ_ERROR_DATA;
lookAhead -= (rem - (unsigned)(p->buf - p->tempBuf));
(*srcLen) += lookAhead;
@ -849,25 +849,25 @@ SRes LzmaDec_DecodeToDic(CLzmaDec *p, SizeT dicLimit, const Byte *src, SizeT *sr
p->tempBufSize = 0;
}
}
if (p->code == 0)
if(p->code == 0)
*status = LZMA_STATUS_FINISHED_WITH_MARK;
return (p->code == 0) ? SZ_OK : SZ_ERROR_DATA;
}
SRes LzmaDec_DecodeToBuf(CLzmaDec *p, Byte *dest, SizeT *destLen, const Byte *src, SizeT *srcLen, ELzmaFinishMode finishMode, ELzmaStatus *status)
SRes LzmaDec_DecodeToBuf(CLzmaDec* p, Byte* dest, SizeT* destLen, const Byte* src, SizeT* srcLen, ELzmaFinishMode finishMode, ELzmaStatus* status)
{
SizeT outSize = *destLen;
SizeT inSize = *srcLen;
*srcLen = *destLen = 0;
for (;;)
for(;;)
{
SizeT inSizeCur = inSize, outSizeCur, dicPos;
ELzmaFinishMode curFinishMode;
SRes res;
if (p->dicPos == p->dicBufSize)
if(p->dicPos == p->dicBufSize)
p->dicPos = 0;
dicPos = p->dicPos;
if (outSize > p->dicBufSize - dicPos)
if(outSize > p->dicBufSize - dicPos)
{
outSizeCur = p->dicBufSize;
curFinishMode = LZMA_FINISH_ANY;
@ -887,47 +887,47 @@ SRes LzmaDec_DecodeToBuf(CLzmaDec *p, Byte *dest, SizeT *destLen, const Byte *sr
dest += outSizeCur;
outSize -= outSizeCur;
*destLen += outSizeCur;
if (res != 0)
if(res != 0)
return res;
if (outSizeCur == 0 || outSize == 0)
if(outSizeCur == 0 || outSize == 0)
return SZ_OK;
}
}
void LzmaDec_FreeProbs(CLzmaDec *p, ISzAlloc *alloc)
void LzmaDec_FreeProbs(CLzmaDec* p, ISzAlloc* alloc)
{
alloc->Free(alloc, p->probs);
p->probs = 0;
}
static void LzmaDec_FreeDict(CLzmaDec *p, ISzAlloc *alloc)
static void LzmaDec_FreeDict(CLzmaDec* p, ISzAlloc* alloc)
{
alloc->Free(alloc, p->dic);
p->dic = 0;
}
void LzmaDec_Free(CLzmaDec *p, ISzAlloc *alloc)
void LzmaDec_Free(CLzmaDec* p, ISzAlloc* alloc)
{
LzmaDec_FreeProbs(p, alloc);
LzmaDec_FreeDict(p, alloc);
}
SRes LzmaProps_Decode(CLzmaProps *p, const Byte *data, unsigned size)
SRes LzmaProps_Decode(CLzmaProps* p, const Byte* data, unsigned size)
{
UInt32 dicSize;
Byte d;
if (size < LZMA_PROPS_SIZE)
if(size < LZMA_PROPS_SIZE)
return SZ_ERROR_UNSUPPORTED;
else
dicSize = data[1] | ((UInt32)data[2] << 8) | ((UInt32)data[3] << 16) | ((UInt32)data[4] << 24);
if (dicSize < LZMA_DIC_MIN)
if(dicSize < LZMA_DIC_MIN)
dicSize = LZMA_DIC_MIN;
p->dicSize = dicSize;
d = data[0];
if (d >= (9 * 5 * 5))
if(d >= (9 * 5 * 5))
return SZ_ERROR_UNSUPPORTED;
p->lc = d % 9;
@ -938,21 +938,21 @@ SRes LzmaProps_Decode(CLzmaProps *p, const Byte *data, unsigned size)
return SZ_OK;
}
static SRes LzmaDec_AllocateProbs2(CLzmaDec *p, const CLzmaProps *propNew, ISzAlloc *alloc)
static SRes LzmaDec_AllocateProbs2(CLzmaDec* p, const CLzmaProps* propNew, ISzAlloc* alloc)
{
UInt32 numProbs = LzmaProps_GetNumProbs(propNew);
if (p->probs == 0 || numProbs != p->numProbs)
if(p->probs == 0 || numProbs != p->numProbs)
{
LzmaDec_FreeProbs(p, alloc);
p->probs = (CLzmaProb *)alloc->Alloc(alloc, numProbs * sizeof(CLzmaProb));
p->probs = (CLzmaProb*)alloc->Alloc(alloc, numProbs * sizeof(CLzmaProb));
p->numProbs = numProbs;
if (p->probs == 0)
if(p->probs == 0)
return SZ_ERROR_MEM;
}
return SZ_OK;
}
SRes LzmaDec_AllocateProbs(CLzmaDec *p, const Byte *props, unsigned propsSize, ISzAlloc *alloc)
SRes LzmaDec_AllocateProbs(CLzmaDec* p, const Byte* props, unsigned propsSize, ISzAlloc* alloc)
{
CLzmaProps propNew;
RINOK(LzmaProps_Decode(&propNew, props, propsSize));
@ -961,18 +961,18 @@ SRes LzmaDec_AllocateProbs(CLzmaDec *p, const Byte *props, unsigned propsSize, I
return SZ_OK;
}
SRes LzmaDec_Allocate(CLzmaDec *p, const Byte *props, unsigned propsSize, ISzAlloc *alloc)
SRes LzmaDec_Allocate(CLzmaDec* p, const Byte* props, unsigned propsSize, ISzAlloc* alloc)
{
CLzmaProps propNew;
SizeT dicBufSize;
RINOK(LzmaProps_Decode(&propNew, props, propsSize));
RINOK(LzmaDec_AllocateProbs2(p, &propNew, alloc));
dicBufSize = propNew.dicSize;
if (p->dic == 0 || dicBufSize != p->dicBufSize)
if(p->dic == 0 || dicBufSize != p->dicBufSize)
{
LzmaDec_FreeDict(p, alloc);
p->dic = (Byte *)alloc->Alloc(alloc, dicBufSize);
if (p->dic == 0)
p->dic = (Byte*)alloc->Alloc(alloc, dicBufSize);
if(p->dic == 0)
{
LzmaDec_FreeProbs(p, alloc);
return SZ_ERROR_MEM;
@ -983,21 +983,21 @@ SRes LzmaDec_Allocate(CLzmaDec *p, const Byte *props, unsigned propsSize, ISzAll
return SZ_OK;
}
SRes LzmaDecode(Byte *dest, SizeT *destLen, const Byte *src, SizeT *srcLen,
const Byte *propData, unsigned propSize, ELzmaFinishMode finishMode,
ELzmaStatus *status, ISzAlloc *alloc)
SRes LzmaDecode(Byte* dest, SizeT* destLen, const Byte* src, SizeT* srcLen,
const Byte* propData, unsigned propSize, ELzmaFinishMode finishMode,
ELzmaStatus* status, ISzAlloc* alloc)
{
CLzmaDec p;
SRes res;
SizeT inSize = *srcLen;
SizeT outSize = *destLen;
*srcLen = *destLen = 0;
if (inSize < RC_INIT_SIZE)
if(inSize < RC_INIT_SIZE)
return SZ_ERROR_INPUT_EOF;
LzmaDec_Construct(&p);
res = LzmaDec_AllocateProbs(&p, propData, propSize, alloc);
if (res != 0)
if(res != 0)
return res;
p.dic = dest;
p.dicBufSize = outSize;
@ -1007,7 +1007,7 @@ SRes LzmaDecode(Byte *dest, SizeT *destLen, const Byte *src, SizeT *srcLen,
*srcLen = inSize;
res = LzmaDec_DecodeToDic(&p, outSize, src, srcLen, finishMode, status);
if (res == SZ_OK && *status == LZMA_STATUS_NEEDS_MORE_INPUT)
if(res == SZ_OK && *status == LZMA_STATUS_NEEDS_MORE_INPUT)
res = SZ_ERROR_INPUT_EOF;
(*destLen) = p.dicPos;
@ -1015,12 +1015,12 @@ SRes LzmaDecode(Byte *dest, SizeT *destLen, const Byte *src, SizeT *srcLen,
return res;
}
void* LzmaAllocMem(void *p, size_t size)
void* LzmaAllocMem(void* p, size_t size)
{
return(VirtualAlloc(NULL, size, MEM_COMMIT, PAGE_READWRITE));
}
void LzmaFreeMem(void *p, void *address)
void LzmaFreeMem(void* p, void* address)
{
VirtualFree(address, NULL, MEM_RELEASE);
}

32
TitanEngine/LzmaDec.h
View File

@ -33,7 +33,7 @@ Returns:
SZ_ERROR_UNSUPPORTED - Unsupported properties
*/
SRes LzmaProps_Decode(CLzmaProps *p, const Byte *data, unsigned size);
SRes LzmaProps_Decode(CLzmaProps* p, const Byte* data, unsigned size);
/* ---------- LZMA Decoder state ---------- */
@ -46,9 +46,9 @@ SRes LzmaProps_Decode(CLzmaProps *p, const Byte *data, unsigned size);
typedef struct
{
CLzmaProps prop;
CLzmaProb *probs;
Byte *dic;
const Byte *buf;
CLzmaProb* probs;
Byte* dic;
const Byte* buf;
UInt32 range, code;
SizeT dicPos;
SizeT dicBufSize;
@ -66,7 +66,7 @@ typedef struct
#define LzmaDec_Construct(p) { (p)->dic = 0; (p)->probs = 0; }
void LzmaDec_Init(CLzmaDec *p);
void LzmaDec_Init(CLzmaDec* p);
/* There are two types of LZMA streams:
0) Stream with end mark. That end mark adds about 6 bytes to compressed size.
@ -127,11 +127,11 @@ LzmaDec_Allocate* can return:
SZ_ERROR_UNSUPPORTED - Unsupported properties
*/
SRes LzmaDec_AllocateProbs(CLzmaDec *p, const Byte *props, unsigned propsSize, ISzAlloc *alloc);
void LzmaDec_FreeProbs(CLzmaDec *p, ISzAlloc *alloc);
SRes LzmaDec_AllocateProbs(CLzmaDec* p, const Byte* props, unsigned propsSize, ISzAlloc* alloc);
void LzmaDec_FreeProbs(CLzmaDec* p, ISzAlloc* alloc);
SRes LzmaDec_Allocate(CLzmaDec *state, const Byte *prop, unsigned propsSize, ISzAlloc *alloc);
void LzmaDec_Free(CLzmaDec *state, ISzAlloc *alloc);
SRes LzmaDec_Allocate(CLzmaDec* state, const Byte* prop, unsigned propsSize, ISzAlloc* alloc);
void LzmaDec_Free(CLzmaDec* state, ISzAlloc* alloc);
/* ---------- Dictionary Interface ---------- */
@ -174,8 +174,8 @@ Returns:
SZ_ERROR_DATA - Data error
*/
SRes LzmaDec_DecodeToDic(CLzmaDec *p, SizeT dicLimit,
const Byte *src, SizeT *srcLen, ELzmaFinishMode finishMode, ELzmaStatus *status);
SRes LzmaDec_DecodeToDic(CLzmaDec* p, SizeT dicLimit,
const Byte* src, SizeT* srcLen, ELzmaFinishMode finishMode, ELzmaStatus* status);
/* ---------- Buffer Interface ---------- */
@ -191,8 +191,8 @@ finishMode:
LZMA_FINISH_END - Stream must be finished after (*destLen).
*/
SRes LzmaDec_DecodeToBuf(CLzmaDec *p, Byte *dest, SizeT *destLen,
const Byte *src, SizeT *srcLen, ELzmaFinishMode finishMode, ELzmaStatus *status);
SRes LzmaDec_DecodeToBuf(CLzmaDec* p, Byte* dest, SizeT* destLen,
const Byte* src, SizeT* srcLen, ELzmaFinishMode finishMode, ELzmaStatus* status);
/* ---------- One Call Interface ---------- */
@ -216,8 +216,8 @@ Returns:
SZ_ERROR_INPUT_EOF - It needs more bytes in input buffer (src).
*/
SRes LzmaDecode(Byte *dest, SizeT *destLen, const Byte *src, SizeT *srcLen,
const Byte *propData, unsigned propSize, ELzmaFinishMode finishMode,
ELzmaStatus *status, ISzAlloc *alloc);
SRes LzmaDecode(Byte* dest, SizeT* destLen, const Byte* src, SizeT* srcLen,
const Byte* propData, unsigned propSize, ELzmaFinishMode finishMode,
ELzmaStatus* status, ISzAlloc* alloc);
#endif

54
TitanEngine/LzmaTypes.h
View File

@ -108,19 +108,19 @@ typedef int Bool;
typedef struct
{
SRes (*Read)(void *p, void *buf, size_t *size);
SRes(*Read)(void* p, void* buf, size_t* size);
/* if (input(*size) != 0 && output(*size) == 0) means end_of_stream.
(output(*size) < input(*size)) is allowed */
} ISeqInStream;
/* it can return SZ_ERROR_INPUT_EOF */
SRes SeqInStream_Read(ISeqInStream *stream, void *buf, size_t size);
SRes SeqInStream_Read2(ISeqInStream *stream, void *buf, size_t size, SRes errorType);
SRes SeqInStream_ReadByte(ISeqInStream *stream, Byte *buf);
SRes SeqInStream_Read(ISeqInStream* stream, void* buf, size_t size);
SRes SeqInStream_Read2(ISeqInStream* stream, void* buf, size_t size, SRes errorType);
SRes SeqInStream_ReadByte(ISeqInStream* stream, Byte* buf);
typedef struct
{
size_t (*Write)(void *p, const void *buf, size_t size);
size_t (*Write)(void* p, const void* buf, size_t size);
/* Returns: result - the number of actually written bytes.
(result < size) means error */
} ISeqOutStream;
@ -134,78 +134,78 @@ typedef enum
typedef struct
{
SRes (*Read)(void *p, void *buf, size_t *size); /* same as ISeqInStream::Read */
SRes (*Seek)(void *p, Int64 *pos, ESzSeek origin);
SRes(*Read)(void* p, void* buf, size_t* size); /* same as ISeqInStream::Read */
SRes(*Seek)(void* p, Int64* pos, ESzSeek origin);
} ISeekInStream;
typedef struct
{
SRes (*Look)(void *p, void **buf, size_t *size);
SRes(*Look)(void* p, void** buf, size_t* size);
/* if (input(*size) != 0 && output(*size) == 0) means end_of_stream.
(output(*size) > input(*size)) is not allowed
(output(*size) < input(*size)) is allowed */
SRes (*Skip)(void *p, size_t offset);
SRes(*Skip)(void* p, size_t offset);
/* offset must be <= output(*size) of Look */
SRes (*Read)(void *p, void *buf, size_t *size);
SRes(*Read)(void* p, void* buf, size_t* size);
/* reads directly (without buffer). It's same as ISeqInStream::Read */
SRes (*Seek)(void *p, Int64 *pos, ESzSeek origin);
SRes(*Seek)(void* p, Int64* pos, ESzSeek origin);
} ILookInStream;
SRes LookInStream_LookRead(ILookInStream *stream, void *buf, size_t *size);
SRes LookInStream_SeekTo(ILookInStream *stream, UInt64 offset);
SRes LookInStream_LookRead(ILookInStream* stream, void* buf, size_t* size);
SRes LookInStream_SeekTo(ILookInStream* stream, UInt64 offset);
/* reads via ILookInStream::Read */
SRes LookInStream_Read2(ILookInStream *stream, void *buf, size_t size, SRes errorType);
SRes LookInStream_Read(ILookInStream *stream, void *buf, size_t size);
SRes LookInStream_Read2(ILookInStream* stream, void* buf, size_t size, SRes errorType);
SRes LookInStream_Read(ILookInStream* stream, void* buf, size_t size);
#define LookToRead_BUF_SIZE (1 << 14)
typedef struct
{
ILookInStream s;
ISeekInStream *realStream;
ISeekInStream* realStream;
size_t pos;
size_t size;
Byte buf[LookToRead_BUF_SIZE];
} CLookToRead;
void LookToRead_CreateVTable(CLookToRead *p, int lookahead);
void LookToRead_Init(CLookToRead *p);
void LookToRead_CreateVTable(CLookToRead* p, int lookahead);
void LookToRead_Init(CLookToRead* p);
typedef struct
{
ISeqInStream s;
ILookInStream *realStream;
ILookInStream* realStream;
} CSecToLook;
void SecToLook_CreateVTable(CSecToLook *p);
void SecToLook_CreateVTable(CSecToLook* p);
typedef struct
{
ISeqInStream s;
ILookInStream *realStream;
ILookInStream* realStream;
} CSecToRead;
void SecToRead_CreateVTable(CSecToRead *p);
void SecToRead_CreateVTable(CSecToRead* p);
typedef struct
{
SRes (*Progress)(void *p, UInt64 inSize, UInt64 outSize);
SRes(*Progress)(void* p, UInt64 inSize, UInt64 outSize);
/* Returns: result. (result != SZ_OK) means break.
Value (UInt64)(Int64)-1 for size means unknown value. */
} ICompressProgress;
typedef struct
{
void *(*Alloc)(void *p, size_t size);
void (*Free)(void *p, void *address); /* address can be 0 */
void* (*Alloc)(void* p, size_t size);
void (*Free)(void* p, void* address); /* address can be 0 */
} ISzAlloc;
#define IAlloc_Alloc(p, size) (p)->Alloc((p), size)
#define IAlloc_Free(p, a) (p)->Free((p), a)
void* LzmaAllocMem(void *p, size_t size);
void LzmaFreeMem(void *p, void *address);
void* LzmaAllocMem(void* p, size_t size);
void LzmaFreeMem(void* p, void* address);
#endif

204
TitanEngine/TitanEngine.Breakpoints.cpp
View File

@ -30,8 +30,8 @@ __declspec(dllexport) bool TITCALL IsBPXEnabled(ULONG_PTR bpxAddress)
ULONG_PTR NumberOfBytesReadWritten = 0;
DWORD MaximumBreakPoints = 0;
BYTE ReadData[10] = {};
int bpcount=(int)BreakPointBuffer.size();
for(int i=0; i<bpcount; i++)
int bpcount = (int)BreakPointBuffer.size();
for(int i = 0; i < bpcount; i++)
{
if(BreakPointBuffer.at(i).BreakPointAddress == bpxAddress)
{
@ -66,8 +66,8 @@ __declspec(dllexport) bool TITCALL EnableBPX(ULONG_PTR bpxAddress)
DWORD MaximumBreakPoints = 0;
bool testWrite = false;
DWORD OldProtect;
int bpcount=(int)BreakPointBuffer.size();
for(int i=0; i<bpcount; i++)
int bpcount = (int)BreakPointBuffer.size();
for(int i = 0; i < bpcount; i++)
{
if(BreakPointBuffer.at(i).BreakPointAddress == bpxAddress)
{
@ -135,8 +135,8 @@ __declspec(dllexport) bool TITCALL DisableBPX(ULONG_PTR bpxAddress)
ULONG_PTR NumberOfBytesReadWritten = 0;
DWORD MaximumBreakPoints = 0;
DWORD OldProtect;
int bpcount=(int)BreakPointBuffer.size();
for(int i=0; i<bpcount; i++)
int bpcount = (int)BreakPointBuffer.size();
for(int i = 0; i < bpcount; i++)
{
if(BreakPointBuffer.at(i).BreakPointAddress == bpxAddress)
{
@ -181,9 +181,9 @@ __declspec(dllexport) bool TITCALL SetBPX(ULONG_PTR bpxAddress, DWORD bpxType, L
{
return false;
}
int bpcount=(int)BreakPointBuffer.size();
int bpcount = (int)BreakPointBuffer.size();
//search for breakpoint
for(int i=0; i<bpcount; i++)
for(int i = 0; i < bpcount; i++)
{
if(BreakPointBuffer.at(i).BreakPointAddress == bpxAddress && BreakPointBuffer.at(i).BreakPointActive == UE_BPXACTIVE && (BreakPointBuffer.at(i).BreakPointType == UE_SINGLESHOOT || BreakPointBuffer.at(i).BreakPointType == UE_BREAKPOINT))
return false;
@ -248,10 +248,10 @@ __declspec(dllexport) bool TITCALL SetBPX(ULONG_PTR bpxAddress, DWORD bpxType, L
if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, bpxDataPrt, NewBreakPoint.BreakPointSize, &NumberOfBytesReadWritten))
{
//add new breakpoint to the list
NewBreakPoint.AdvancedBreakPointType = SelectedBreakPointType&0xFF;
NewBreakPoint.AdvancedBreakPointType = SelectedBreakPointType & 0xFF;
NewBreakPoint.BreakPointActive = UE_BPXACTIVE;
NewBreakPoint.BreakPointAddress = bpxAddress;
NewBreakPoint.BreakPointType = bpxType&0xFF;
NewBreakPoint.BreakPointType = bpxType & 0xFF;
NewBreakPoint.ExecuteCallBack = (ULONG_PTR)bpxCallBack;
BreakPointBuffer.push_back(NewBreakPoint);
VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, NewBreakPoint.BreakPointSize, OldProtect, &OldProtect);
@ -272,13 +272,13 @@ __declspec(dllexport) bool TITCALL DeleteBPX(ULONG_PTR bpxAddress)
CriticalSectionLocker lock(LockBreakPointBuffer);
ULONG_PTR NumberOfBytesReadWritten = 0;
DWORD OldProtect;
int bpcount=(int)BreakPointBuffer.size();
int found=-1;
for(int i=0; i<bpcount; i++)
int bpcount = (int)BreakPointBuffer.size();
int found = -1;
for(int i = 0; i < bpcount; i++)
{
if(BreakPointBuffer.at(i).BreakPointAddress == bpxAddress && (BreakPointBuffer.at(i).BreakPointType == UE_SINGLESHOOT || BreakPointBuffer.at(i).BreakPointType == UE_BREAKPOINT))
{
found=i;
found = i;
break;
}
}
@ -296,7 +296,7 @@ __declspec(dllexport) bool TITCALL DeleteBPX(ULONG_PTR bpxAddress)
}
lock.relock();
VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer.at(found).BreakPointSize, OldProtect, &OldProtect);
BreakPointBuffer.erase(BreakPointBuffer.begin()+found);
BreakPointBuffer.erase(BreakPointBuffer.begin() + found);
return true;
}
@ -328,7 +328,7 @@ __declspec(dllexport) bool TITCALL SetAPIBreakPoint(const char* szDLLName, const
do //search for forwarding indicators
{
i += len;
if(!MemoryReadSafe(dbgProcessInformation.hProcess, (void*)(APIAddress+i), CmdBuffer, sizeof(CmdBuffer), 0))
if(!MemoryReadSafe(dbgProcessInformation.hProcess, (void*)(APIAddress + i), CmdBuffer, sizeof(CmdBuffer), 0))
return false;
if(CmdBuffer[0] == 0xCC || CmdBuffer[0] == 0x90) //padding
{
@ -351,7 +351,7 @@ __declspec(dllexport) bool TITCALL SetAPIBreakPoint(const char* szDLLName, const
do //search for RET
{
i += len;
if(!MemoryReadSafe(dbgProcessInformation.hProcess, (void*)(APIAddress+i), CmdBuffer, sizeof(CmdBuffer), 0))
if(!MemoryReadSafe(dbgProcessInformation.hProcess, (void*)(APIAddress + i), CmdBuffer, sizeof(CmdBuffer), 0))
return false;
len = StaticLengthDisassemble(CmdBuffer);
}
@ -386,7 +386,7 @@ __declspec(dllexport) bool TITCALL DeleteAPIBreakPoint(const char* szDLLName, co
do //search for forwarding indicators
{
i += len;
if(!MemoryReadSafe(dbgProcessInformation.hProcess, (void*)(APIAddress+i), CmdBuffer, sizeof(CmdBuffer), 0))
if(!MemoryReadSafe(dbgProcessInformation.hProcess, (void*)(APIAddress + i), CmdBuffer, sizeof(CmdBuffer), 0))
return false;
if(CmdBuffer[0] == 0xCC || CmdBuffer[0] == 0x90) //padding
{
@ -409,7 +409,7 @@ __declspec(dllexport) bool TITCALL DeleteAPIBreakPoint(const char* szDLLName, co
do //search for RET
{
i += len;
if(!MemoryReadSafe(dbgProcessInformation.hProcess, (void*)(APIAddress+i), CmdBuffer, sizeof(CmdBuffer), 0))
if(!MemoryReadSafe(dbgProcessInformation.hProcess, (void*)(APIAddress + i), CmdBuffer, sizeof(CmdBuffer), 0))
return false;
len = StaticLengthDisassemble(CmdBuffer);
}
@ -440,9 +440,9 @@ __declspec(dllexport) bool TITCALL SetMemoryBPXEx(ULONG_PTR MemoryStart, SIZE_T
CriticalSectionLocker lock(LockBreakPointBuffer);
MEMORY_BASIC_INFORMATION MemInfo;
ULONG_PTR NumberOfBytesReadWritten = 0;
int bpcount=(int)BreakPointBuffer.size();
int bpcount = (int)BreakPointBuffer.size();
//search for breakpoint
for(int i=0; i<bpcount; i++)
for(int i = 0; i < bpcount; i++)
{
if(BreakPointBuffer.at(i).BreakPointAddress == MemoryStart &&
(BreakPointBuffer.at(i).BreakPointType == UE_MEMORY ||
@ -456,7 +456,7 @@ __declspec(dllexport) bool TITCALL SetMemoryBPXEx(ULONG_PTR MemoryStart, SIZE_T
}
//set PAGE_GUARD on all the pages separately
size_t pages = SizeOfMemory / TITANENGINE_PAGESIZE;
for(size_t i=0; i<pages; i++)
for(size_t i = 0; i < pages; i++)
{
const LPVOID curPage = (LPVOID)(MemoryStart + i * TITANENGINE_PAGESIZE);
VirtualQueryEx(dbgProcessInformation.hProcess, curPage, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION));
@ -487,10 +487,10 @@ __declspec(dllexport) bool TITCALL RemoveMemoryBPX(ULONG_PTR MemoryStart, SIZE_T
CriticalSectionLocker lock(LockBreakPointBuffer);
MEMORY_BASIC_INFORMATION MemInfo;
ULONG_PTR NumberOfBytesReadWritten = 0;
int bpcount=(int)BreakPointBuffer.size();
int found=-1;
int bpcount = (int)BreakPointBuffer.size();
int found = -1;
//search for breakpoint
for(int i=0; i<bpcount; i++)
for(int i = 0; i < bpcount; i++)
{
if(BreakPointBuffer.at(i).BreakPointAddress == MemoryStart &&
(BreakPointBuffer.at(i).BreakPointType == UE_MEMORY ||
@ -499,17 +499,17 @@ __declspec(dllexport) bool TITCALL RemoveMemoryBPX(ULONG_PTR MemoryStart, SIZE_T
BreakPointBuffer.at(i).BreakPointType == UE_MEMORY_EXECUTE)
)
{
found=i;
found = i;
break;
}
}
if(found==-1) //not found
if(found == -1) //not found
return false;
if(!SizeOfMemory)
SizeOfMemory = BreakPointBuffer.at(found).BreakPointSize;
//remove PAGE_GUARD from all the pages in the range
size_t pages = SizeOfMemory / TITANENGINE_PAGESIZE;
for(size_t i=0; i<pages; i++)
for(size_t i = 0; i < pages; i++)
{
const LPVOID curPage = (LPVOID)(MemoryStart + i * TITANENGINE_PAGESIZE);
VirtualQueryEx(dbgProcessInformation.hProcess, curPage, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION));
@ -521,7 +521,7 @@ __declspec(dllexport) bool TITCALL RemoveMemoryBPX(ULONG_PTR MemoryStart, SIZE_T
}
}
//remove breakpoint from list
BreakPointBuffer.erase(BreakPointBuffer.begin()+found);
BreakPointBuffer.erase(BreakPointBuffer.begin() + found);
return true;
}
@ -535,27 +535,27 @@ __declspec(dllexport) bool TITCALL SetHardwareBreakPoint(ULONG_PTR bpxAddress, D
HWBP_SIZE hwbpSize;
HWBP_MODE hwbpMode;
HWBP_TYPE hwbpType;
int hwbpIndex=-1;
int hwbpIndex = -1;
DR7 dr7;
switch(bpxSize)
{
case UE_HARDWARE_SIZE_1:
hwbpSize=SIZE_1;
hwbpSize = SIZE_1;
break;
case UE_HARDWARE_SIZE_2:
hwbpSize=SIZE_2;
if((bpxAddress%2)!=0)
hwbpSize = SIZE_2;
if((bpxAddress % 2) != 0)
return false;
break;
case UE_HARDWARE_SIZE_4:
hwbpSize=SIZE_4;
if((bpxAddress%4)!=0)
hwbpSize = SIZE_4;
if((bpxAddress % 4) != 0)
return false;
break;
case UE_HARDWARE_SIZE_8:
hwbpSize=SIZE_8;
if((bpxAddress%8)!=0)
hwbpSize = SIZE_8;
if((bpxAddress % 8) != 0)
return false;
break;
default:
@ -579,16 +579,16 @@ __declspec(dllexport) bool TITCALL SetHardwareBreakPoint(ULONG_PTR bpxAddress, D
switch(IndexOfRegister)
{
case UE_DR0:
hwbpIndex=0;
hwbpIndex = 0;
break;
case UE_DR1:
hwbpIndex=1;
hwbpIndex = 1;
break;
case UE_DR2:
hwbpIndex=2;
hwbpIndex = 2;
break;
case UE_DR3:
hwbpIndex=3;
hwbpIndex = 3;
break;
default:
return false;
@ -596,42 +596,42 @@ __declspec(dllexport) bool TITCALL SetHardwareBreakPoint(ULONG_PTR bpxAddress, D
uintdr7((ULONG_PTR)GetContextData(UE_DR7), &dr7);
DebugRegister[hwbpIndex].DrxExecution=false;
DebugRegister[hwbpIndex].DrxExecution = false;
switch(bpxType)
{
case UE_HARDWARE_EXECUTE:
hwbpSize=SIZE_1;
hwbpType=TYPE_EXECUTE;
DebugRegister[hwbpIndex].DrxExecution=true;
hwbpSize = SIZE_1;
hwbpType = TYPE_EXECUTE;
DebugRegister[hwbpIndex].DrxExecution = true;
break;
case UE_HARDWARE_WRITE:
hwbpType=TYPE_WRITE;
hwbpType = TYPE_WRITE;
break;
case UE_HARDWARE_READWRITE:
hwbpType=TYPE_READWRITE;
hwbpType = TYPE_READWRITE;
break;
default:
return false;
}
hwbpMode=MODE_LOCAL;
hwbpMode = MODE_LOCAL;
dr7.HWBP_MODE[hwbpIndex]=hwbpMode;
dr7.HWBP_SIZE[hwbpIndex]=hwbpSize;
dr7.HWBP_TYPE[hwbpIndex]=hwbpType;
dr7.HWBP_MODE[hwbpIndex] = hwbpMode;
dr7.HWBP_SIZE[hwbpIndex] = hwbpSize;
dr7.HWBP_TYPE[hwbpIndex] = hwbpType;
for(unsigned int i=0; i<hListThread.size(); i++)
for(unsigned int i = 0; i < hListThread.size(); i++)
{
SetContextDataEx(hListThread.at(i).hThread, UE_DR7, dr7uint(&dr7)); //NOTE: MUST SET THIS FIRST FOR X64!
SetContextDataEx(hListThread.at(i).hThread, IndexOfRegister, bpxAddress);
}
DebugRegister[hwbpIndex].DrxBreakPointType=bpxType;
DebugRegister[hwbpIndex].DrxBreakPointSize=bpxSize;
DebugRegister[hwbpIndex].DrxEnabled=true;
DebugRegister[hwbpIndex].DrxBreakAddress=(ULONG_PTR)bpxAddress;
DebugRegister[hwbpIndex].DrxCallBack=(ULONG_PTR)bpxCallBack;
DebugRegister[hwbpIndex].DrxBreakPointType = bpxType;
DebugRegister[hwbpIndex].DrxBreakPointSize = bpxSize;
DebugRegister[hwbpIndex].DrxEnabled = true;
DebugRegister[hwbpIndex].DrxBreakAddress = (ULONG_PTR)bpxAddress;
DebugRegister[hwbpIndex].DrxCallBack = (ULONG_PTR)bpxCallBack;
return true;
}
@ -641,27 +641,27 @@ __declspec(dllexport) bool TITCALL SetHardwareBreakPointEx(HANDLE hActiveThread,
HWBP_SIZE hwbpSize;
HWBP_MODE hwbpMode;
HWBP_TYPE hwbpType;
int hwbpIndex=-1;
int hwbpIndex = -1;
DR7 dr7;
switch(bpxSize)
{
case UE_HARDWARE_SIZE_1:
hwbpSize=SIZE_1;
hwbpSize = SIZE_1;
break;
case UE_HARDWARE_SIZE_2:
hwbpSize=SIZE_2;
if((bpxAddress%2)!=0)
hwbpSize = SIZE_2;
if((bpxAddress % 2) != 0)
return false;
break;
case UE_HARDWARE_SIZE_4:
hwbpSize=SIZE_4;
if((bpxAddress%4)!=0)
hwbpSize = SIZE_4;
if((bpxAddress % 4) != 0)
return false;
break;
case UE_HARDWARE_SIZE_8:
hwbpSize=SIZE_8;
if((bpxAddress%8)!=0)
hwbpSize = SIZE_8;
if((bpxAddress % 8) != 0)
return false;
break;
default:
@ -683,21 +683,21 @@ __declspec(dllexport) bool TITCALL SetHardwareBreakPointEx(HANDLE hActiveThread,
}
if(IndexOfSelectedRegister)
*IndexOfSelectedRegister=IndexOfRegister;
*IndexOfSelectedRegister = IndexOfRegister;
switch(IndexOfRegister)
{
case UE_DR0:
hwbpIndex=0;
hwbpIndex = 0;
break;
case UE_DR1:
hwbpIndex=1;
hwbpIndex = 1;
break;
case UE_DR2:
hwbpIndex=2;
hwbpIndex = 2;
break;
case UE_DR3:
hwbpIndex=3;
hwbpIndex = 3;
break;
default:
return false;
@ -705,39 +705,39 @@ __declspec(dllexport) bool TITCALL SetHardwareBreakPointEx(HANDLE hActiveThread,
uintdr7((ULONG_PTR)GetContextDataEx(hActiveThread, UE_DR7), &dr7);
DebugRegister[hwbpIndex].DrxExecution=false;
DebugRegister[hwbpIndex].DrxExecution = false;
switch(bpxType)
{
case UE_HARDWARE_EXECUTE:
hwbpSize=SIZE_1;
hwbpType=TYPE_EXECUTE;
DebugRegister[hwbpIndex].DrxExecution=true;
hwbpSize = SIZE_1;
hwbpType = TYPE_EXECUTE;
DebugRegister[hwbpIndex].DrxExecution = true;
break;
case UE_HARDWARE_WRITE:
hwbpType=TYPE_WRITE;
hwbpType = TYPE_WRITE;
break;
case UE_HARDWARE_READWRITE:
hwbpType=TYPE_READWRITE;
hwbpType = TYPE_READWRITE;
break;
default:
return false;
}
hwbpMode=MODE_LOCAL;
hwbpMode = MODE_LOCAL;
dr7.HWBP_MODE[hwbpIndex]=hwbpMode;
dr7.HWBP_SIZE[hwbpIndex]=hwbpSize;
dr7.HWBP_TYPE[hwbpIndex]=hwbpType;
dr7.HWBP_MODE[hwbpIndex] = hwbpMode;
dr7.HWBP_SIZE[hwbpIndex] = hwbpSize;
dr7.HWBP_TYPE[hwbpIndex] = hwbpType;
SetContextDataEx(hActiveThread, UE_DR7, dr7uint(&dr7));
SetContextDataEx(hActiveThread, IndexOfRegister, (ULONG_PTR)bpxAddress);
DebugRegister[hwbpIndex].DrxBreakPointType=bpxType;
DebugRegister[hwbpIndex].DrxBreakPointSize=bpxSize;
DebugRegister[hwbpIndex].DrxEnabled=true;
DebugRegister[hwbpIndex].DrxBreakAddress=(ULONG_PTR)bpxAddress;
DebugRegister[hwbpIndex].DrxCallBack=(ULONG_PTR)bpxCallBack;
DebugRegister[hwbpIndex].DrxBreakPointType = bpxType;
DebugRegister[hwbpIndex].DrxBreakPointSize = bpxSize;
DebugRegister[hwbpIndex].DrxEnabled = true;
DebugRegister[hwbpIndex].DrxBreakAddress = (ULONG_PTR)bpxAddress;
DebugRegister[hwbpIndex].DrxCallBack = (ULONG_PTR)bpxCallBack;
return true;
}
@ -750,9 +750,9 @@ __declspec(dllexport) bool TITCALL DeleteHardwareBreakPoint(DWORD IndexOfRegiste
if(IndexOfRegister == UE_DR0)
{
HardwareBPX = (ULONG_PTR)GetContextData(UE_DR7);
HardwareBPX = HardwareBPX &~ (1 << 0);
HardwareBPX = HardwareBPX &~ (1 << 1);
for(unsigned int i=0; i<hListThread.size(); i++)
HardwareBPX = HardwareBPX & ~(1 << 0);
HardwareBPX = HardwareBPX & ~(1 << 1);
for(unsigned int i = 0; i < hListThread.size(); i++)
{
SetContextDataEx(hListThread.at(i).hThread, UE_DR0, bpxAddress);
SetContextDataEx(hListThread.at(i).hThread, UE_DR7, HardwareBPX);
@ -765,9 +765,9 @@ __declspec(dllexport) bool TITCALL DeleteHardwareBreakPoint(DWORD IndexOfRegiste
else if(IndexOfRegister == UE_DR1)
{
HardwareBPX = (ULONG_PTR)GetContextData(UE_DR7);
HardwareBPX = HardwareBPX &~ (1 << 2);
HardwareBPX = HardwareBPX &~ (1 << 3);
for(unsigned int i=0; i<hListThread.size(); i++)
HardwareBPX = HardwareBPX & ~(1 << 2);
HardwareBPX = HardwareBPX & ~(1 << 3);
for(unsigned int i = 0; i < hListThread.size(); i++)
{
SetContextDataEx(hListThread.at(i).hThread, UE_DR1, bpxAddress);
SetContextDataEx(hListThread.at(i).hThread, UE_DR7, HardwareBPX);
@ -780,9 +780,9 @@ __declspec(dllexport) bool TITCALL DeleteHardwareBreakPoint(DWORD IndexOfRegiste
else if(IndexOfRegister == UE_DR2)
{
HardwareBPX = (ULONG_PTR)GetContextData(UE_DR7);
HardwareBPX = HardwareBPX &~ (1 << 4);
HardwareBPX = HardwareBPX &~ (1 << 5);
for(unsigned int i=0; i<hListThread.size(); i++)
HardwareBPX = HardwareBPX & ~(1 << 4);
HardwareBPX = HardwareBPX & ~(1 << 5);
for(unsigned int i = 0; i < hListThread.size(); i++)
{
SetContextDataEx(hListThread.at(i).hThread, UE_DR2, bpxAddress);
SetContextDataEx(hListThread.at(i).hThread, UE_DR7, HardwareBPX);
@ -795,9 +795,9 @@ __declspec(dllexport) bool TITCALL DeleteHardwareBreakPoint(DWORD IndexOfRegiste
else if(IndexOfRegister == UE_DR3)
{
HardwareBPX = (ULONG_PTR)GetContextData(UE_DR7);
HardwareBPX = HardwareBPX &~ (1 << 6);
HardwareBPX = HardwareBPX &~ (1 << 7);
for(unsigned int i=0; i<hListThread.size(); i++)
HardwareBPX = HardwareBPX & ~(1 << 6);
HardwareBPX = HardwareBPX & ~(1 << 7);
for(unsigned int i = 0; i < hListThread.size(); i++)
{
SetContextDataEx(hListThread.at(i).hThread, UE_DR3, bpxAddress);
SetContextDataEx(hListThread.at(i).hThread, UE_DR7, HardwareBPX);
@ -817,10 +817,10 @@ __declspec(dllexport) bool TITCALL DeleteHardwareBreakPoint(DWORD IndexOfRegiste
__declspec(dllexport) bool TITCALL RemoveAllBreakPoints(DWORD RemoveOption)
{
CriticalSectionLocker lock(LockBreakPointBuffer);
int bpcount=(int)BreakPointBuffer.size();
int bpcount = (int)BreakPointBuffer.size();
if(RemoveOption == UE_OPTION_REMOVEALL)
{
for(int i=bpcount-1; i>-1; i--)
for(int i = bpcount - 1; i > -1; i--)
{
if(BreakPointBuffer.at(i).BreakPointType == UE_BREAKPOINT)
{
@ -846,7 +846,7 @@ __declspec(dllexport) bool TITCALL RemoveAllBreakPoints(DWORD RemoveOption)
}
else if(RemoveOption == UE_OPTION_DISABLEALL)
{
for(int i=bpcount-1; i>-1; i--)
for(int i = bpcount - 1; i > -1; i--)
{
if(BreakPointBuffer.at(i).BreakPointType == UE_BREAKPOINT && BreakPointBuffer.at(i).BreakPointActive == UE_BPXACTIVE)
{
@ -868,7 +868,7 @@ __declspec(dllexport) bool TITCALL RemoveAllBreakPoints(DWORD RemoveOption)
}
else if(RemoveOption == UE_OPTION_REMOVEALLDISABLED)
{
for(int i=bpcount-1; i>-1; i--)
for(int i = bpcount - 1; i > -1; i--)
{
if(BreakPointBuffer.at(i).BreakPointType == UE_BREAKPOINT && BreakPointBuffer.at(i).BreakPointActive == UE_BPXINACTIVE)
{
@ -881,7 +881,7 @@ __declspec(dllexport) bool TITCALL RemoveAllBreakPoints(DWORD RemoveOption)
}
else if(RemoveOption == UE_OPTION_REMOVEALLENABLED)
{
for(int i=bpcount-1; i>-1; i--)
for(int i = bpcount - 1; i > -1; i--)
{
if(BreakPointBuffer.at(i).BreakPointType == UE_BREAKPOINT && BreakPointBuffer.at(i).BreakPointActive == UE_BPXACTIVE)
{

34
TitanEngine/TitanEngine.Debugger.Context.cpp
View File

@ -13,7 +13,7 @@ __declspec(dllexport) bool TITCALL GetContextFPUDataEx(HANDLE hActiveThread, voi
memset(&DBGContext, 0, sizeof(CONTEXT));
DBGContext.ContextFlags = CONTEXT_ALL;
if(SuspendThread(hActiveThread) == (DWORD)-1)
if(SuspendThread(hActiveThread) == (DWORD) - 1)
return false;
if(!GetThreadContext(hActiveThread, &DBGContext))
@ -39,7 +39,7 @@ __declspec(dllexport) ULONG_PTR TITCALL GetContextDataEx(HANDLE hActiveThread, D
memset(&DBGContext, 0, sizeof(CONTEXT));
DBGContext.ContextFlags = CONTEXT_ALL;
if(SuspendThread(hActiveThread) == (DWORD)-1)
if(SuspendThread(hActiveThread) == (DWORD) - 1)
return retValue;
if(!GetThreadContext(hActiveThread, &DBGContext))
@ -52,43 +52,43 @@ __declspec(dllexport) ULONG_PTR TITCALL GetContextDataEx(HANDLE hActiveThread, D
#ifdef _WIN64 //x64
if(IndexOfRegister == UE_EAX)
{
retValue = DBGContext.Rax&0xFFFFFFFF;
retValue = DBGContext.Rax & 0xFFFFFFFF;
}
else if(IndexOfRegister == UE_EBX)
{
retValue = DBGContext.Rbx&0xFFFFFFFF;
retValue = DBGContext.Rbx & 0xFFFFFFFF;
}
else if(IndexOfRegister == UE_ECX)
{
retValue = DBGContext.Rcx&0xFFFFFFFF;
retValue = DBGContext.Rcx & 0xFFFFFFFF;
}
else if(IndexOfRegister == UE_EDX)
{
retValue = DBGContext.Rdx&0xFFFFFFFF;
retValue = DBGContext.Rdx & 0xFFFFFFFF;
}
else if(IndexOfRegister == UE_EDI)
{
retValue = DBGContext.Rdi&0xFFFFFFFF;
retValue = DBGContext.Rdi & 0xFFFFFFFF;
}
else if(IndexOfRegister == UE_ESI)
{
retValue = DBGContext.Rsi&0xFFFFFFFF;
retValue = DBGContext.Rsi & 0xFFFFFFFF;
}
else if(IndexOfRegister == UE_EBP)
{
retValue = DBGContext.Rbp&0xFFFFFFFF;
retValue = DBGContext.Rbp & 0xFFFFFFFF;
}
else if(IndexOfRegister == UE_ESP)
{
retValue = DBGContext.Rsp&0xFFFFFFFF;
retValue = DBGContext.Rsp & 0xFFFFFFFF;
}
else if(IndexOfRegister == UE_EIP)
{
retValue = DBGContext.Rip&0xFFFFFFFF;
retValue = DBGContext.Rip & 0xFFFFFFFF;
}
else if(IndexOfRegister == UE_EFLAGS)
{
retValue = DBGContext.EFlags&0xFFFFFFFF;
retValue = DBGContext.EFlags & 0xFFFFFFFF;
}
else if(IndexOfRegister == UE_RAX)
{
@ -273,7 +273,7 @@ __declspec(dllexport) ULONG_PTR TITCALL GetContextDataEx(HANDLE hActiveThread, D
__declspec(dllexport) ULONG_PTR TITCALL GetContextData(DWORD IndexOfRegister)
{
HANDLE hActiveThread = OpenThread(THREAD_SUSPEND_RESUME|THREAD_GET_CONTEXT, false, DBGEvent.dwThreadId);
HANDLE hActiveThread = OpenThread(THREAD_SUSPEND_RESUME | THREAD_GET_CONTEXT, false, DBGEvent.dwThreadId);
ULONG_PTR ContextReturn = GetContextDataEx(hActiveThread, IndexOfRegister);
EngineCloseHandle(hActiveThread);
return ContextReturn;
@ -287,7 +287,7 @@ __declspec(dllexport) bool TITCALL SetContextFPUDataEx(HANDLE hActiveThread, voi
memset(&DBGContext, 0, sizeof(CONTEXT));
DBGContext.ContextFlags = CONTEXT_ALL;
if(SuspendThread(hActiveThread) == (DWORD)-1)
if(SuspendThread(hActiveThread) == (DWORD) - 1)
return false;
if(!GetThreadContext(hActiveThread, &DBGContext))
@ -316,7 +316,7 @@ __declspec(dllexport) bool TITCALL SetContextDataEx(HANDLE hActiveThread, DWORD
memset(&DBGContext, 0, sizeof(CONTEXT));
DBGContext.ContextFlags = CONTEXT_ALL;
if(SuspendThread(hActiveThread) == (DWORD)-1)
if(SuspendThread(hActiveThread) == (DWORD) - 1)
return false;
if(!GetThreadContext(hActiveThread, &DBGContext))
@ -324,7 +324,7 @@ __declspec(dllexport) bool TITCALL SetContextDataEx(HANDLE hActiveThread, DWORD
ResumeThread(hActiveThread);
return false;
}
#ifdef _WIN64 //x64
if(IndexOfRegister == UE_EAX)
{
@ -571,7 +571,7 @@ __declspec(dllexport) bool TITCALL SetContextDataEx(HANDLE hActiveThread, DWORD
__declspec(dllexport) bool TITCALL SetContextData(DWORD IndexOfRegister, ULONG_PTR NewRegisterValue)
{
HANDLE hActiveThread = OpenThread(THREAD_SUSPEND_RESUME|THREAD_SET_CONTEXT|THREAD_GET_CONTEXT, false, DBGEvent.dwThreadId);
HANDLE hActiveThread = OpenThread(THREAD_SUSPEND_RESUME | THREAD_SET_CONTEXT | THREAD_GET_CONTEXT, false, DBGEvent.dwThreadId);
bool ContextReturn = SetContextDataEx(hActiveThread, IndexOfRegister, NewRegisterValue);
EngineCloseHandle(hActiveThread);
return ContextReturn;

22
TitanEngine/TitanEngine.Debugger.Control.cpp
View File

@ -8,23 +8,23 @@
__declspec(dllexport) void TITCALL ForceClose()
{
//manage process list
int processcount=(int)hListProcess.size();
for(int i=0; i<processcount; i++)
int processcount = (int)hListProcess.size();
for(int i = 0; i < processcount; i++)
{
EngineCloseHandle(hListProcess.at(i).hFile);
EngineCloseHandle(hListProcess.at(i).hProcess);
}
ClearProcessList();
//manage thread list
int threadcount=(int)hListThread.size();
for(int i=0; i<threadcount; i++)
int threadcount = (int)hListThread.size();
for(int i = 0; i < threadcount; i++)
EngineCloseHandle(hListThread.at(i).hThread);
ClearThreadList();
//manage library list
int libcount=(int)hListLibrary.size();
for(int i=0; i<libcount; i++)
int libcount = (int)hListLibrary.size();
for(int i = 0; i < libcount; i++)
{
if(hListLibrary.at(i).hFile != (HANDLE)-1)
if(hListLibrary.at(i).hFile != (HANDLE) - 1)
{
if(hListLibrary.at(i).hFileMappingView != NULL)
{
@ -52,7 +52,7 @@ __declspec(dllexport) void TITCALL StepInto(LPVOID StepCallBack)
ULONG_PTR ueCurrentPosition = GetContextData(UE_CIP);
unsigned char instr[16];
MemoryReadSafe(dbgProcessInformation.hProcess, (void*)ueCurrentPosition, instr, sizeof(instr), 0);
char* DisassembledString=(char*)StaticDisassembleEx(ueCurrentPosition, (LPVOID)instr);
char* DisassembledString = (char*)StaticDisassembleEx(ueCurrentPosition, (LPVOID)instr);
if(strstr(DisassembledString, "PUSHF"))
StepOver(StepCallBack);
else
@ -72,11 +72,11 @@ __declspec(dllexport) void TITCALL StepOver(LPVOID StepCallBack)
ULONG_PTR ueCurrentPosition = GetContextData(UE_CIP);
unsigned char instr[16];
MemoryReadSafe(dbgProcessInformation.hProcess, (void*)ueCurrentPosition, instr, sizeof(instr), 0);
char* DisassembledString=(char*)StaticDisassembleEx(ueCurrentPosition, (LPVOID)instr);
char* DisassembledString = (char*)StaticDisassembleEx(ueCurrentPosition, (LPVOID)instr);
if(strstr(DisassembledString, "CALL") || strstr(DisassembledString, "REP") || strstr(DisassembledString, "PUSHF"))
{
ueCurrentPosition+=StaticLengthDisassemble((void*)instr);
SetBPX(ueCurrentPosition, UE_BREAKPOINT_TYPE_INT3+UE_SINGLESHOOT, StepCallBack);
ueCurrentPosition += StaticLengthDisassemble((void*)instr);
SetBPX(ueCurrentPosition, UE_BREAKPOINT_TYPE_INT3 + UE_SINGLESHOOT, StepCallBack);
}
else
StepInto(StepCallBack);

94
TitanEngine/TitanEngine.Debugger.DebugLoop.cpp
View File

@ -31,9 +31,9 @@ __declspec(dllexport) void TITCALL DebugLoop()
DebugRemoveDebugPrivilege = false; //reset this flag
PLIBRARY_ITEM_DATAW hLoadedLibData = NULL;
PLIBRARY_BREAK_DATA ptrLibrarianData = NULL;
typedef void(TITCALL *fCustomBreakPoint)(void);
typedef void(TITCALL *fCustomHandler)(void* SpecialDBG);
typedef void(TITCALL *fFindOEPHandler)(LPPROCESS_INFORMATION fProcessInfo, LPVOID fCallBack);
typedef void(TITCALL * fCustomBreakPoint)(void);
typedef void(TITCALL * fCustomHandler)(void* SpecialDBG);
typedef void(TITCALL * fFindOEPHandler)(LPPROCESS_INFORMATION fProcessInfo, LPVOID fCallBack);
fCustomHandler myCustomHandler;
fCustomBreakPoint myCustomBreakPoint;
ULONG_PTR MemoryBpxCallBack = 0;
@ -230,7 +230,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
if(ResetHwBPX)
{
SetHardwareBreakPoint(DebugRegisterX.DrxBreakAddress, DebugRegisterXId, DebugRegisterX.DrxBreakPointType, DebugRegisterX.DrxBreakPointSize, (void*)DebugRegisterX.DrxCallBack);
ResetHwBPX=false;
ResetHwBPX = false;
}
//custom handler
@ -311,14 +311,14 @@ __declspec(dllexport) void TITCALL DebugLoop()
{
NewLibraryData.hFileMapping = hFileMapping;
NewLibraryData.hFileMappingView = hFileMappingView;
if(GetMappedFileNameW(GetCurrentProcess(), hFileMappingView, DLLDebugFileName, sizeof(DLLDebugFileName)/sizeof(DLLDebugFileName[0])) > NULL)
if(GetMappedFileNameW(GetCurrentProcess(), hFileMappingView, DLLDebugFileName, sizeof(DLLDebugFileName) / sizeof(DLLDebugFileName[0])) > NULL)
{
int i = lstrlenW(DLLDebugFileName);
while(DLLDebugFileName[i]!='\\' && i)
while(DLLDebugFileName[i] != '\\' && i)
i--;
if(DebugDebuggingDLL)
{
if(lstrcmpiW(&DLLDebugFileName[i+1], DebugDebuggingDLLFileName) == NULL)
if(lstrcmpiW(&DLLDebugFileName[i + 1], DebugDebuggingDLLFileName) == NULL)
{
CloseHandle(DebugDLLFileMapping); //close file mapping handle
SetBPX(DebugModuleEntryPoint + (ULONG_PTR)DBGEvent.u.LoadDll.lpBaseOfDll, UE_SINGLESHOOT, DebugModuleEntryPointCallBack);
@ -334,12 +334,12 @@ __declspec(dllexport) void TITCALL DebugLoop()
}
if(engineFakeDLLHandle == NULL)
{
if(_wcsicmp(&DLLDebugFileName[i+1], L"kernel32.dll") == NULL)
if(_wcsicmp(&DLLDebugFileName[i + 1], L"kernel32.dll") == NULL)
{
engineFakeDLLHandle = (ULONG_PTR)DBGEvent.u.LoadDll.lpBaseOfDll;
}
}
lstrcpyW(NewLibraryData.szLibraryName, &DLLDebugFileName[i+1]);
lstrcpyW(NewLibraryData.szLibraryName, &DLLDebugFileName[i + 1]);
szTranslatedNativeName = (wchar_t*)TranslateNativeNameW(DLLDebugFileName);
lstrcpyW(NewLibraryData.szLibraryPath, szTranslatedNativeName);
VirtualFree((void*)szTranslatedNativeName, NULL, MEM_RELEASE);
@ -349,7 +349,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
//library breakpoint
for(int i = (int)LibrarianData.size() - 1; i >= 0; i--)
{
ptrLibrarianData=&LibrarianData.at(i);
ptrLibrarianData = &LibrarianData.at(i);
if(!_stricmp(ptrLibrarianData->szLibraryName, szAnsiLibraryName))
{
if(ptrLibrarianData->bpxType == UE_ON_LIB_LOAD || ptrLibrarianData->bpxType == UE_ON_LIB_ALL)
@ -416,7 +416,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
RtlZeroMemory(szAnsiLibraryName, sizeof(szAnsiLibraryName));
WideCharToMultiByte(CP_ACP, NULL, hLoadedLibData->szLibraryName, -1, szAnsiLibraryName, sizeof szAnsiLibraryName, NULL, NULL);
for(int i= (int)LibrarianData.size() - 1; i >= 0; i--)
for(int i = (int)LibrarianData.size() - 1; i >= 0; i--)
{
ptrLibrarianData = &LibrarianData.at(i);
if(!_stricmp(ptrLibrarianData->szLibraryName, szAnsiLibraryName))
@ -453,7 +453,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
EngineCloseHandle(hListLibrary.at(i).hFileMapping);
}
EngineCloseHandle(hListLibrary.at(i).hFile);
hListLibrary.erase(hListLibrary.begin()+i);
hListLibrary.erase(hListLibrary.begin() + i);
break;
}
}
@ -519,17 +519,17 @@ __declspec(dllexport) void TITCALL DebugLoop()
{
case STATUS_BREAKPOINT:
{
bool bFoundBreakPoint=false;
bool bFoundBreakPoint = false;
BreakPointDetail FoundBreakPoint;
int bpcount=(int)BreakPointBuffer.size();
for(int i=0; i<bpcount; i++)
int bpcount = (int)BreakPointBuffer.size();
for(int i = 0; i < bpcount; i++)
{
if(BreakPointBuffer.at(i).BreakPointAddress == (ULONG_PTR)DBGEvent.u.Exception.ExceptionRecord.ExceptionAddress - (BreakPointBuffer.at(i).BreakPointSize - 1) &&
(BreakPointBuffer.at(i).BreakPointType == UE_BREAKPOINT || BreakPointBuffer.at(i).BreakPointType == UE_SINGLESHOOT) &&
BreakPointBuffer.at(i).BreakPointActive == UE_BPXACTIVE)
{
FoundBreakPoint=BreakPointBuffer.at(i);
bFoundBreakPoint=true;
FoundBreakPoint = BreakPointBuffer.at(i);
bFoundBreakPoint = true;
break;
}
}
@ -539,7 +539,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)FoundBreakPoint.BreakPointAddress, &FoundBreakPoint.OriginalByte[0], FoundBreakPoint.BreakPointSize, &NumberOfBytesReadWritten))
{
DBGCode = DBG_CONTINUE;
hActiveThread = OpenThread(THREAD_GET_CONTEXT|THREAD_SET_CONTEXT, false, DBGEvent.dwThreadId);
hActiveThread = OpenThread(THREAD_GET_CONTEXT | THREAD_SET_CONTEXT, false, DBGEvent.dwThreadId);
myDBGContext.ContextFlags = CONTEXT_CONTROL;
GetThreadContext(hActiveThread, &myDBGContext);
if(FoundBreakPoint.BreakPointType != UE_SINGLESHOOT)
@ -555,7 +555,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
ULONG_PTR ueCurrentPosition = FoundBreakPoint.BreakPointAddress;
unsigned char instr[16];
MemoryReadSafe(dbgProcessInformation.hProcess, (void*)ueCurrentPosition, instr, sizeof(instr), 0);
char* DisassembledString=(char*)StaticDisassembleEx(ueCurrentPosition, (LPVOID)instr);
char* DisassembledString = (char*)StaticDisassembleEx(ueCurrentPosition, (LPVOID)instr);
if(strstr(DisassembledString, "PUSHF"))
PushfBPX = true;
myCustomBreakPoint = (fCustomBreakPoint)((LPVOID)FoundBreakPoint.ExecuteCallBack);
@ -630,7 +630,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
}
if(engineTLSBreakOnCallBack) //set TLS callback breakpoints
{
for(unsigned int i=0; i<tlsCallBackList.size(); i++)
for(unsigned int i = 0; i < tlsCallBackList.size(); i++)
SetBPX(tlsCallBackList.at(i), UE_SINGLESHOOT, (LPVOID)engineTLSBreakOnCallBackAddress);
ClearTlsCallBackList();
engineTLSBreakOnCallBackAddress = NULL;
@ -663,8 +663,8 @@ __declspec(dllexport) void TITCALL DebugLoop()
if(PushfBPX) //remove trap flag from stack
{
PushfBPX = false;
void* csp=(void*)GetContextData(UE_CSP);
ULONG_PTR data=0;
void* csp = (void*)GetContextData(UE_CSP);
ULONG_PTR data = 0;
ReadProcessMemory(dbgProcessInformation.hProcess, csp, &data, sizeof(ULONG_PTR), 0);
data &= ~UE_TRAP_FLAG;
WriteProcessMemory(dbgProcessInformation.hProcess, csp, &data, sizeof(ULONG_PTR), 0);
@ -700,7 +700,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
}
else
{
hActiveThread = OpenThread(THREAD_GET_CONTEXT|THREAD_SET_CONTEXT|THREAD_QUERY_INFORMATION, false, DBGEvent.dwThreadId);
hActiveThread = OpenThread(THREAD_GET_CONTEXT | THREAD_SET_CONTEXT | THREAD_QUERY_INFORMATION, false, DBGEvent.dwThreadId);
myDBGContext.ContextFlags = CONTEXT_CONTROL;
GetThreadContext(hActiveThread, &myDBGContext);
myDBGContext.EFlags |= UE_TRAP_FLAG;
@ -767,7 +767,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
else //no resetting needed (debugger reached hardware breakpoint or the user stepped)
{
//handle hardware breakpoints
hActiveThread = OpenThread(THREAD_GET_CONTEXT|THREAD_SET_CONTEXT, false, DBGEvent.dwThreadId);
hActiveThread = OpenThread(THREAD_GET_CONTEXT | THREAD_SET_CONTEXT, false, DBGEvent.dwThreadId);
myDBGContext.ContextFlags = CONTEXT_DEBUG_REGISTERS | CONTEXT_CONTROL;
GetThreadContext(hActiveThread, &myDBGContext);
if((ULONG_PTR)DBGEvent.u.Exception.ExceptionRecord.ExceptionAddress == myDBGContext.Dr0 || (myDBGContext.Dr6 & 0x1))
@ -888,7 +888,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
ULONG_PTR ueCurrentPosition = GetContextData(UE_CIP);
unsigned char instr[16];
MemoryReadSafe(dbgProcessInformation.hProcess, (void*)ueCurrentPosition, instr, sizeof(instr), 0);
char* DisassembledString=(char*)StaticDisassembleEx(ueCurrentPosition, (LPVOID)instr);
char* DisassembledString = (char*)StaticDisassembleEx(ueCurrentPosition, (LPVOID)instr);
if(strstr(DisassembledString, "PUSHF"))
PushfBPX = true;
}
@ -915,7 +915,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
}
}
}
if(DBGCode==DBG_EXCEPTION_NOT_HANDLED) //NOTE: only call the chSingleStep callback when the debuggee generated the exception
if(DBGCode == DBG_EXCEPTION_NOT_HANDLED) //NOTE: only call the chSingleStep callback when the debuggee generated the exception
{
if(DBGCustomHandler->chSingleStep != NULL)
{
@ -936,28 +936,28 @@ __declspec(dllexport) void TITCALL DebugLoop()
case STATUS_GUARD_PAGE_VIOLATION:
{
ULONG_PTR bpaddr;
bool bFoundBreakPoint=false;
bool bFoundBreakPoint = false;
BreakPointDetail FoundBreakPoint;
int bpcount=(int)BreakPointBuffer.size();
for(int i=0; i<bpcount; i++)
int bpcount = (int)BreakPointBuffer.size();
for(int i = 0; i < bpcount; i++)
{
ULONG_PTR addr=BreakPointBuffer.at(i).BreakPointAddress;
bpaddr=(ULONG_PTR)DBGEvent.u.Exception.ExceptionRecord.ExceptionInformation[1]; //page accessed
if(bpaddr>=addr && bpaddr<(addr+BreakPointBuffer.at(i).BreakPointSize) &&
ULONG_PTR addr = BreakPointBuffer.at(i).BreakPointAddress;
bpaddr = (ULONG_PTR)DBGEvent.u.Exception.ExceptionRecord.ExceptionInformation[1]; //page accessed
if(bpaddr >= addr && bpaddr < (addr + BreakPointBuffer.at(i).BreakPointSize) &&
(BreakPointBuffer.at(i).BreakPointType == UE_MEMORY ||
BreakPointBuffer.at(i).BreakPointType == UE_MEMORY_READ ||
BreakPointBuffer.at(i).BreakPointType == UE_MEMORY_WRITE ||
BreakPointBuffer.at(i).BreakPointType == UE_MEMORY_EXECUTE) &&
BreakPointBuffer.at(i).BreakPointActive == UE_BPXACTIVE)
{
FoundBreakPoint=BreakPointBuffer.at(i);
bFoundBreakPoint=true;
FoundBreakPoint = BreakPointBuffer.at(i);
bFoundBreakPoint = true;
break;
}
}
if(bFoundBreakPoint) //found memory breakpoint
{
hActiveThread = OpenThread(THREAD_GET_CONTEXT|THREAD_SET_CONTEXT, false, DBGEvent.dwThreadId);
hActiveThread = OpenThread(THREAD_GET_CONTEXT | THREAD_SET_CONTEXT, false, DBGEvent.dwThreadId);
myDBGContext.ContextFlags = CONTEXT_CONTROL;
GetThreadContext(hActiveThread, &myDBGContext);
DBGCode = DBG_CONTINUE; //debugger handled the exception
@ -1107,13 +1107,13 @@ __declspec(dllexport) void TITCALL DebugLoop()
ULONG_PTR ueCurrentPosition = GetContextData(UE_CIP);
unsigned char instr[16];
MemoryReadSafe(dbgProcessInformation.hProcess, (void*)ueCurrentPosition, instr, sizeof(instr), 0);
char* DisassembledString=(char*)StaticDisassembleEx(ueCurrentPosition, (LPVOID)instr);
char* DisassembledString = (char*)StaticDisassembleEx(ueCurrentPosition, (LPVOID)instr);
if(strstr(DisassembledString, "PUSHF"))
PushfBPX = true;
}
//debuggee generated GUARD_PAGE exception
if(DBGCode==DBG_EXCEPTION_NOT_HANDLED)
if(DBGCode == DBG_EXCEPTION_NOT_HANDLED)
{
//TODO: restore memory breakpoint?
if(DBGCustomHandler->chPageGuard != NULL)
@ -1152,17 +1152,17 @@ __declspec(dllexport) void TITCALL DebugLoop()
case STATUS_ILLEGAL_INSTRUCTION:
{
//UD2 breakpoint
bool bFoundBreakPoint=false;
bool bFoundBreakPoint = false;
BreakPointDetail FoundBreakPoint;
int bpcount=(int)BreakPointBuffer.size();
for(int i=0; i<bpcount; i++)
int bpcount = (int)BreakPointBuffer.size();
for(int i = 0; i < bpcount; i++)
{
if(BreakPointBuffer.at(i).BreakPointAddress == (ULONG_PTR)DBGEvent.u.Exception.ExceptionRecord.ExceptionAddress &&
(BreakPointBuffer.at(i).BreakPointType == UE_BREAKPOINT || BreakPointBuffer.at(i).BreakPointType == UE_SINGLESHOOT) &&
BreakPointBuffer.at(i).BreakPointActive == UE_BPXACTIVE)
{
FoundBreakPoint=BreakPointBuffer.at(i);
bFoundBreakPoint=true;
FoundBreakPoint = BreakPointBuffer.at(i);
bFoundBreakPoint = true;
break;
}
}
@ -1172,7 +1172,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)FoundBreakPoint.BreakPointAddress, &FoundBreakPoint.OriginalByte[0], FoundBreakPoint.BreakPointSize, &NumberOfBytesReadWritten))
{
DBGCode = DBG_CONTINUE;
hActiveThread = OpenThread(THREAD_GET_CONTEXT|THREAD_SET_CONTEXT|THREAD_QUERY_INFORMATION, false, DBGEvent.dwThreadId);
hActiveThread = OpenThread(THREAD_GET_CONTEXT | THREAD_SET_CONTEXT | THREAD_QUERY_INFORMATION, false, DBGEvent.dwThreadId);
myDBGContext.ContextFlags = CONTEXT_CONTROL;
GetThreadContext(hActiveThread, &myDBGContext);
if(FoundBreakPoint.BreakPointType != UE_SINGLESHOOT)
@ -1209,10 +1209,10 @@ __declspec(dllexport) void TITCALL DebugLoop()
VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)FoundBreakPoint.BreakPointAddress, FoundBreakPoint.BreakPointSize, OldProtect, &OldProtect);
}
else
DBGCode=DBG_EXCEPTION_NOT_HANDLED;
DBGCode = DBG_EXCEPTION_NOT_HANDLED;
//application-generated exception
if(DBGCode==DBG_EXCEPTION_NOT_HANDLED)
if(DBGCode == DBG_EXCEPTION_NOT_HANDLED)
{
if(DBGCustomHandler->chIllegalInstruction != NULL)
{
@ -1351,7 +1351,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
}
//general unhandled exception callback
if(DBGCode==DBG_EXCEPTION_NOT_HANDLED)
if(DBGCode == DBG_EXCEPTION_NOT_HANDLED)
{
if(engineExecutePluginCallBack)
{
@ -1423,7 +1423,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
break;
}
if(!ThreaderGetThreadInfo(0, DBGEvent.dwThreadId)) //switch thread
DBGEvent.dwThreadId=dbgProcessInformation.dwThreadId;
DBGEvent.dwThreadId = dbgProcessInformation.dwThreadId;
}
if(!SecondChance) //debugger didn't close with a second chance exception (normal exit)

36
TitanEngine/TitanEngine.Debugger.Memory.cpp
View File

@ -51,7 +51,7 @@ __declspec(dllexport) bool TITCALL MatchPatternEx(HANDLE hProcess, void* MemoryT
if(memCmp)
{
for(int i=0; i<SizeOfMemoryToCheck && i<SizeOfPatternToMatch; i++)
for(int i = 0; i < SizeOfMemoryToCheck && i < SizeOfPatternToMatch; i++)
{
if(memCmp->Array.bArrayEntry[i] != memPattern->Array.bArrayEntry[i] && memPattern->Array.bArrayEntry[i] != *WildCard)
{
@ -78,7 +78,7 @@ __declspec(dllexport) bool TITCALL MatchPattern(void* MemoryToCheck, int SizeOfM
__declspec(dllexport) ULONG_PTR TITCALL FindEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, LPBYTE WildCard)
{
if(!hProcess || !MemoryStart ||!MemorySize || !SearchPattern || !PatternSize)
if(!hProcess || !MemoryStart || !MemorySize || !SearchPattern || !PatternSize)
return 0;
ULONG_PTR Return = NULL;
@ -128,10 +128,10 @@ __declspec(dllexport) ULONG_PTR TITCALL FindEx(HANDLE hProcess, LPVOID MemorySta
CompareBuffer = (PUCHAR)SearchPattern;
DWORD i,j;
for(i=0; i < MemorySize && Return == NULL; i++)
DWORD i, j;
for(i = 0; i < MemorySize && Return == NULL; i++)
{
for(j=0; j < PatternSize; j++)
for(j = 0; j < PatternSize; j++)
{
if(CompareBuffer[j] != *(PUCHAR)WildCard && SearchBuffer[i + j] != CompareBuffer[j])
{
@ -205,7 +205,7 @@ __declspec(dllexport) bool TITCALL Fill(LPVOID MemoryStart, DWORD MemorySize, PB
__declspec(dllexport) bool TITCALL PatchEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, LPVOID ReplacePattern, DWORD ReplaceSize, bool AppendNOP, bool PrependNOP)
{
unsigned int i,recalcSize;
unsigned int i, recalcSize;
LPVOID lpMemoryStart = MemoryStart;
MEMORY_BASIC_INFORMATION MemInfo;
ULONG_PTR ueNumberOfBytesRead;
@ -326,20 +326,20 @@ __declspec(dllexport) bool TITCALL Replace(LPVOID MemoryStart, DWORD MemorySize,
//what should this function do:
//- do all possible effort to read memory
//- filter out breakpoints
__declspec(dllexport) bool TITCALL MemoryReadSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T * lpNumberOfBytesRead)
__declspec(dllexport) bool TITCALL MemoryReadSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T* lpNumberOfBytesRead)
{
SIZE_T ueNumberOfBytesRead = 0;
SIZE_T * pNumBytes = 0;
SIZE_T* pNumBytes = 0;
DWORD dwProtect = 0;
bool retValue = false;
//read memory
if ( (hProcess == 0) || (lpBaseAddress == 0) || (lpBuffer == 0) || (nSize == 0))
if((hProcess == 0) || (lpBaseAddress == 0) || (lpBuffer == 0) || (nSize == 0))
{
return false;
}
if (!lpNumberOfBytesRead)
if(!lpNumberOfBytesRead)
{
pNumBytes = &ueNumberOfBytesRead;
}
@ -350,9 +350,9 @@ __declspec(dllexport) bool TITCALL MemoryReadSafe(HANDLE hProcess, LPVOID lpBase
if(!ReadProcessMemory(hProcess, lpBaseAddress, lpBuffer, nSize, pNumBytes))
{
if (VirtualProtectEx(hProcess, lpBaseAddress, nSize, PAGE_EXECUTE_READWRITE, &dwProtect))
if(VirtualProtectEx(hProcess, lpBaseAddress, nSize, PAGE_EXECUTE_READWRITE, &dwProtect))
{
if (ReadProcessMemory(hProcess, lpBaseAddress, lpBuffer, nSize, pNumBytes))
if(ReadProcessMemory(hProcess, lpBaseAddress, lpBuffer, nSize, pNumBytes))
{
retValue = true;
}
@ -374,15 +374,15 @@ __declspec(dllexport) bool TITCALL MemoryReadSafe(HANDLE hProcess, LPVOID lpBase
//what should this function do:
//- do all possible effort to write memory
//- re-set breakpoints when overwritten
__declspec(dllexport) bool TITCALL MemoryWriteSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID lpBuffer, SIZE_T nSize, SIZE_T * lpNumberOfBytesWritten)
__declspec(dllexport) bool TITCALL MemoryWriteSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID lpBuffer, SIZE_T nSize, SIZE_T* lpNumberOfBytesWritten)
{
SIZE_T ueNumberOfBytesWritten = 0;
SIZE_T * pNumBytes = 0;
SIZE_T* pNumBytes = 0;
DWORD dwProtect = 0;
bool retValue = false;
//read memory
if ( (hProcess == 0) || (lpBaseAddress == 0) || (lpBuffer == 0) || (nSize == 0))
if((hProcess == 0) || (lpBaseAddress == 0) || (lpBuffer == 0) || (nSize == 0))
{
return false;
}
@ -391,7 +391,7 @@ __declspec(dllexport) bool TITCALL MemoryWriteSafe(HANDLE hProcess, LPVOID lpBas
//disable breakpoints that interfere with the memory to write
BreakPointPreWriteFilter((ULONG_PTR)lpBaseAddress, nSize, &lock);
if (!lpNumberOfBytesWritten)
if(!lpNumberOfBytesWritten)
{
pNumBytes = &ueNumberOfBytesWritten;
}
@ -402,9 +402,9 @@ __declspec(dllexport) bool TITCALL MemoryWriteSafe(HANDLE hProcess, LPVOID lpBas
if(!WriteProcessMemory(hProcess, lpBaseAddress, lpBuffer, nSize, pNumBytes))
{
if (VirtualProtectEx(hProcess, lpBaseAddress, nSize, PAGE_EXECUTE_READWRITE, &dwProtect))
if(VirtualProtectEx(hProcess, lpBaseAddress, nSize, PAGE_EXECUTE_READWRITE, &dwProtect))
{
if (WriteProcessMemory(hProcess, lpBaseAddress, lpBuffer, nSize, pNumBytes))
if(WriteProcessMemory(hProcess, lpBaseAddress, lpBuffer, nSize, pNumBytes))
{
retValue = true;
}

58
TitanEngine/TitanEngine.Debugger.cpp
View File

@ -19,9 +19,9 @@ __declspec(dllexport) void* TITCALL InitDebug(char* szFileName, char* szCommandL
if(szFileName != NULL)
{
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szCommandLine, lstrlenA(szCommandLine)+1, uniCommandLine, sizeof(uniCommandLine)/(sizeof(uniCommandLine[0])));
MultiByteToWideChar(CP_ACP, NULL, szCurrentFolder, lstrlenA(szCurrentFolder)+1, uniCurrentFolder, sizeof(uniCurrentFolder)/(sizeof(uniCurrentFolder[0])));
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szCommandLine, lstrlenA(szCommandLine) + 1, uniCommandLine, sizeof(uniCommandLine) / (sizeof(uniCommandLine[0])));
MultiByteToWideChar(CP_ACP, NULL, szCurrentFolder, lstrlenA(szCurrentFolder) + 1, uniCurrentFolder, sizeof(uniCurrentFolder) / (sizeof(uniCurrentFolder[0])));
if(szFileName != NULL)
{
PtrUniFileName = &uniFileName[0];
@ -47,13 +47,13 @@ __declspec(dllexport) void* TITCALL InitDebugW(wchar_t* szFileName, wchar_t* szC
if(DebugDebuggingDLL)
{
DebugConsoleFlag = CREATE_NO_WINDOW|CREATE_SUSPENDED;
DebugConsoleFlag = CREATE_NO_WINDOW | CREATE_SUSPENDED;
}
else if(engineRemoveConsoleForDebugee)
{
DebugConsoleFlag = CREATE_NO_WINDOW;
}
if(engineEnableDebugPrivilege)
{
EngineSetDebugPrivilege(GetCurrentProcess(), true);
@ -63,17 +63,17 @@ __declspec(dllexport) void* TITCALL InitDebugW(wchar_t* szFileName, wchar_t* szC
wchar_t* szCommandLineCreateProcess;
if(szCommandLine == NULL || !lstrlenW(szCommandLine))
{
szCommandLineCreateProcess=0;
szFileNameCreateProcess=szFileName;
szCommandLineCreateProcess = 0;
szFileNameCreateProcess = szFileName;
}
else
{
wchar_t szCreateWithCmdLine[1024];
wsprintfW(szCreateWithCmdLine, L"\"%s\" %s", szFileName, szCommandLine);
szCommandLineCreateProcess=szCreateWithCmdLine;
szFileNameCreateProcess=0;
szCommandLineCreateProcess = szCreateWithCmdLine;
szFileNameCreateProcess = 0;
}
if(CreateProcessW(szFileNameCreateProcess, szCommandLineCreateProcess, NULL, NULL, false, DEBUG_PROCESS|DEBUG_ONLY_THIS_PROCESS|DebugConsoleFlag|CREATE_NEW_CONSOLE, NULL, szCurrentFolder, &dbgStartupInfo, &dbgProcessInformation))
if(CreateProcessW(szFileNameCreateProcess, szCommandLineCreateProcess, NULL, NULL, false, DEBUG_PROCESS | DEBUG_ONLY_THIS_PROCESS | DebugConsoleFlag | CREATE_NEW_CONSOLE, NULL, szCurrentFolder, &dbgStartupInfo, &dbgProcessInformation))
{
if(engineEnableDebugPrivilege)
EngineSetDebugPrivilege(GetCurrentProcess(), false);
@ -119,9 +119,9 @@ __declspec(dllexport) void* TITCALL InitDLLDebug(char* szFileName, bool ReserveM
if(szFileName != NULL)
{
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szCommandLine, lstrlenA(szCommandLine)+1, uniCommandLine, sizeof(uniCommandLine)/(sizeof(uniCommandLine[0])));
MultiByteToWideChar(CP_ACP, NULL, szCurrentFolder, lstrlenA(szCurrentFolder)+1, uniCurrentFolder, sizeof(uniCurrentFolder)/(sizeof(uniCurrentFolder[0])));
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szCommandLine, lstrlenA(szCommandLine) + 1, uniCommandLine, sizeof(uniCommandLine) / (sizeof(uniCommandLine[0])));
MultiByteToWideChar(CP_ACP, NULL, szCurrentFolder, lstrlenA(szCurrentFolder) + 1, uniCurrentFolder, sizeof(uniCurrentFolder) / (sizeof(uniCurrentFolder[0])));
if(szFileName != NULL)
{
PtrUniFileName = &uniFileName[0];
@ -155,14 +155,14 @@ __declspec(dllexport) void* TITCALL InitDLLDebugW(wchar_t* szFileName, bool Rese
int i = lstrlenW(szDebuggerName);
while(szDebuggerName[i] != '\\' && i)
i--;
wchar_t DLLLoaderName[64]=L"";
wchar_t DLLLoaderName[64] = L"";
#ifdef _WIN64
wsprintfW(DLLLoaderName, L"DLLLoader64_%.4X.exe", GetTickCount()&0xFFFF);
wsprintfW(DLLLoaderName, L"DLLLoader64_%.4X.exe", GetTickCount() & 0xFFFF);
#else
wsprintfW(DLLLoaderName, L"DLLLoader32_%.4X.exe", GetTickCount()&0xFFFF);
wsprintfW(DLLLoaderName, L"DLLLoader32_%.4X.exe", GetTickCount() & 0xFFFF);
#endif
if(i)
lstrcpyW(szDebuggerName+i+1, DLLLoaderName);
lstrcpyW(szDebuggerName + i + 1, DLLLoaderName);
else
lstrcpyW(szDebuggerName, DLLLoaderName);
@ -179,7 +179,7 @@ __declspec(dllexport) void* TITCALL InitDLLDebugW(wchar_t* szFileName, bool Rese
DebugDebuggingDLLBase = NULL;
DebugDebuggingMainModuleBase = NULL;
DebugDebuggingDLLFullFileName = szFileName;
DebugDebuggingDLLFileName = &szFileName[i+1];
DebugDebuggingDLLFileName = &szFileName[i + 1];
DebugModuleImageBase = (ULONG_PTR)GetPE32DataW(szFileName, NULL, UE_IMAGEBASE);
DebugModuleEntryPoint = (ULONG_PTR)GetPE32DataW(szFileName, NULL, UE_OEP);
DebugModuleEntryPointCallBack = EntryCallBack;
@ -187,12 +187,12 @@ __declspec(dllexport) void* TITCALL InitDLLDebugW(wchar_t* szFileName, bool Rese
if(ReserveModuleBase)
DebugReserveModuleBase = DebugModuleImageBase;
PPROCESS_INFORMATION ReturnValue = (PPROCESS_INFORMATION)InitDebugW(szDebuggerName, szCommandLine, szCurrentFolder);
wchar_t szName[256]=L"";
wchar_t szName[256] = L"";
swprintf(szName, 256, L"Global\\szLibraryName%X", (unsigned int)ReturnValue->dwProcessId);
DebugDLLFileMapping=CreateFileMappingW(INVALID_HANDLE_VALUE, 0, PAGE_READWRITE, 0, 512*sizeof(wchar_t), szName);
DebugDLLFileMapping = CreateFileMappingW(INVALID_HANDLE_VALUE, 0, PAGE_READWRITE, 0, 512 * sizeof(wchar_t), szName);
if(DebugDLLFileMapping)
{
wchar_t* szLibraryPathMapping=(wchar_t*)MapViewOfFile(DebugDLLFileMapping, FILE_MAP_ALL_ACCESS, 0, 0, 512*sizeof(wchar_t));
wchar_t* szLibraryPathMapping = (wchar_t*)MapViewOfFile(DebugDLLFileMapping, FILE_MAP_ALL_ACCESS, 0, 0, 512 * sizeof(wchar_t));
if(szLibraryPathMapping)
{
wcscpy(szLibraryPathMapping, DebugDebuggingDLLFullFileName);
@ -219,7 +219,7 @@ __declspec(dllexport) bool TITCALL StopDebug()
__declspec(dllexport) bool TITCALL AttachDebugger(DWORD ProcessId, bool KillOnExit, LPVOID DebugInfo, LPVOID CallBack)
{
typedef void(WINAPI *fDebugSetProcessKillOnExit)(bool KillExitingDebugee);
typedef void(WINAPI * fDebugSetProcessKillOnExit)(bool KillExitingDebugee);
fDebugSetProcessKillOnExit myDebugSetProcessKillOnExit;
LPVOID funcDebugSetProcessKillOnExit = NULL;
@ -259,7 +259,7 @@ __declspec(dllexport) bool TITCALL AttachDebugger(DWORD ProcessId, bool KillOnEx
__declspec(dllexport) bool TITCALL DetachDebugger(DWORD ProcessId)
{
typedef bool(WINAPI *fDebugActiveProcessStop)(DWORD dwProcessId);
typedef bool(WINAPI * fDebugActiveProcessStop)(DWORD dwProcessId);
fDebugActiveProcessStop myDebugActiveProcessStop;
LPVOID funcDebugActiveProcessStop = NULL;
bool FuncReturn = false;
@ -292,10 +292,10 @@ __declspec(dllexport) bool TITCALL DetachDebugger(DWORD ProcessId)
__declspec(dllexport) bool TITCALL DetachDebuggerEx(DWORD ProcessId)
{
ThreaderPauseProcess();
int threadcount=(int)hListThread.size();
for(int i=0; i<threadcount; i++)
int threadcount = (int)hListThread.size();
for(int i = 0; i < threadcount; i++)
{
HANDLE hActiveThread = OpenThread(THREAD_GET_CONTEXT|THREAD_SET_CONTEXT, false, hListThread.at(i).dwThreadId);
HANDLE hActiveThread = OpenThread(THREAD_GET_CONTEXT | THREAD_SET_CONTEXT, false, hListThread.at(i).dwThreadId);
CONTEXT myDBGContext;
myDBGContext.ContextFlags = CONTEXT_CONTROL;
GetThreadContext(hActiveThread, &myDBGContext);
@ -321,9 +321,9 @@ __declspec(dllexport) void TITCALL AutoDebugEx(char* szFileName, bool ReserveMod
if(szFileName != NULL)
{
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szCommandLine, lstrlenA(szCommandLine)+1, uniCommandLine, sizeof(uniCommandLine)/(sizeof(uniCommandLine[0])));
MultiByteToWideChar(CP_ACP, NULL, szCurrentFolder, lstrlenA(szCurrentFolder)+1, uniCurrentFolder, sizeof(uniCurrentFolder)/(sizeof(uniCurrentFolder[0])));
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szCommandLine, lstrlenA(szCommandLine) + 1, uniCommandLine, sizeof(uniCommandLine) / (sizeof(uniCommandLine[0])));
MultiByteToWideChar(CP_ACP, NULL, szCurrentFolder, lstrlenA(szCurrentFolder) + 1, uniCurrentFolder, sizeof(uniCurrentFolder) / (sizeof(uniCurrentFolder[0])));
if(szFileName != NULL)
{
PtrUniFileName = &uniFileName[0];

26
TitanEngine/TitanEngine.Disassembler.cpp
View File

@ -12,17 +12,17 @@ _DecodeType DecodingType = Decode64Bits;
#endif
SIZE_T IsBadReadPtrRemote(HANDLE hProcess, const VOID *lp, SIZE_T length)
SIZE_T IsBadReadPtrRemote(HANDLE hProcess, const VOID* lp, SIZE_T length)
{
MEMORY_BASIC_INFORMATION MemInfo = {0};
ULONG_PTR section = 0;
if (VirtualQueryEx(hProcess, lp, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION)))
if(VirtualQueryEx(hProcess, lp, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION)))
{
if(MemInfo.State == MEM_COMMIT)
{
SIZE_T res = (SIZE_T)MemInfo.BaseAddress + (SIZE_T)MemInfo.RegionSize - (SIZE_T)lp;
if (res >= length)
if(res >= length)
{
return length; //good
}
@ -32,7 +32,7 @@ SIZE_T IsBadReadPtrRemote(HANDLE hProcess, const VOID *lp, SIZE_T length)
do
{
if (VirtualQueryEx(hProcess, (LPVOID)section, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION)))
if(VirtualQueryEx(hProcess, (LPVOID)section, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION)))
{
if(MemInfo.State == MEM_COMMIT)
{
@ -51,11 +51,11 @@ SIZE_T IsBadReadPtrRemote(HANDLE hProcess, const VOID *lp, SIZE_T length)
section += (ULONG_PTR)MemInfo.RegionSize;
}
while (res < length);
while(res < length);
return length; //good
}
}
}
}
@ -70,7 +70,7 @@ __declspec(dllexport) void* TITCALL StaticDisassembleEx(ULONG_PTR DisassmStart,
int MaxDisassmSize = (int)IsBadReadPtrRemote(GetCurrentProcess(), DisassmAddress, MAXIMUM_INSTRUCTION_SIZE);
if(MaxDisassmSize)
{
if (distorm_decode((ULONG_PTR)DisassmStart, (const unsigned char*)DisassmAddress, MaxDisassmSize, DecodingType, engineDecodedInstructions, _countof(engineDecodedInstructions), &DecodedInstructionsCount) != DECRES_INPUTERR)
if(distorm_decode((ULONG_PTR)DisassmStart, (const unsigned char*)DisassmAddress, MaxDisassmSize, DecodingType, engineDecodedInstructions, _countof(engineDecodedInstructions), &DecodedInstructionsCount) != DECRES_INPUTERR)
{
RtlZeroMemory(engineDisassembledInstruction, sizeof(engineDisassembledInstruction));
@ -100,14 +100,14 @@ __declspec(dllexport) void* TITCALL DisassembleEx(HANDLE hProcess, LPVOID Disass
if(hProcess != NULL)
{
int MaxDisassmSize = (int)IsBadReadPtrRemote(hProcess,DisassmAddress, sizeof(readBuffer));
int MaxDisassmSize = (int)IsBadReadPtrRemote(hProcess, DisassmAddress, sizeof(readBuffer));
if(MaxDisassmSize)
{
BOOL rpm = MemoryReadSafe(hProcess, DisassmAddress, readBuffer, MaxDisassmSize, 0);
if(rpm)
{
if (distorm_decode((ULONG_PTR)DisassmAddress, readBuffer, MaxDisassmSize, DecodingType, engineDecodedInstructions, _countof(engineDecodedInstructions), &DecodedInstructionsCount) != DECRES_INPUTERR)
if(distorm_decode((ULONG_PTR)DisassmAddress, readBuffer, MaxDisassmSize, DecodingType, engineDecodedInstructions, _countof(engineDecodedInstructions), &DecodedInstructionsCount) != DECRES_INPUTERR)
{
RtlZeroMemory(engineDisassembledInstruction, sizeof(engineDisassembledInstruction));
@ -149,18 +149,18 @@ __declspec(dllexport) long TITCALL LengthDisassembleEx(HANDLE hProcess, LPVOID D
if(hProcess != NULL)
{
int MaxDisassmSize = (int)IsBadReadPtrRemote(hProcess,DisassmAddress, sizeof(readBuffer));
int MaxDisassmSize = (int)IsBadReadPtrRemote(hProcess, DisassmAddress, sizeof(readBuffer));
if (MaxDisassmSize && MemoryReadSafe(hProcess, (LPVOID)DisassmAddress, readBuffer, MaxDisassmSize, 0))
if(MaxDisassmSize && MemoryReadSafe(hProcess, (LPVOID)DisassmAddress, readBuffer, MaxDisassmSize, 0))
{
decomposerCi.code = readBuffer;
decomposerCi.codeLen = MaxDisassmSize;
decomposerCi.dt = DecodingType;
decomposerCi.codeOffset = (LONG_PTR)DisassmAddress;
if (distorm_decompose(&decomposerCi, decomposerResult, _countof(decomposerResult), &DecodedInstructionsCount) != DECRES_INPUTERR)
if(distorm_decompose(&decomposerCi, decomposerResult, _countof(decomposerResult), &DecodedInstructionsCount) != DECRES_INPUTERR)
{
if (decomposerResult[0].flags != FLAG_NOT_DECODABLE)
if(decomposerResult[0].flags != FLAG_NOT_DECODABLE)
{
return decomposerResult[0].size;
}

30
TitanEngine/TitanEngine.Dumper.cpp
View File

@ -45,7 +45,7 @@ __declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBas
DOSHeader = (PIMAGE_DOS_HEADER)ueReadBuffer;
PEHeader32 = (PIMAGE_NT_HEADERS32)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
if ((DOSHeader->e_lfanew > 0x500) || (DOSHeader->e_magic != IMAGE_DOS_SIGNATURE) || (PEHeader32->Signature != IMAGE_NT_SIGNATURE))
if((DOSHeader->e_lfanew > 0x500) || (DOSHeader->e_magic != IMAGE_DOS_SIGNATURE) || (PEHeader32->Signature != IMAGE_NT_SIGNATURE))
{
return false;
}
@ -126,7 +126,7 @@ __declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBas
}
PEFixHeader32->OptionalHeader.AddressOfEntryPoint = (DWORD)(EntryPoint - (ULONG_PTR)ImageBase);
PEFixHeader32->OptionalHeader.ImageBase = (DWORD)((ULONG_PTR)ImageBase);
for(int i=NumberOfSections; i>=1; i--)
for(int i = NumberOfSections; i >= 1; i--)
{
PEFixSection->PointerToRawData = PEFixSection->VirtualAddress;
RealignedVirtualSize = (PEFixSection->Misc.VirtualSize / PEHeader32->OptionalHeader.SectionAlignment) * PEHeader32->OptionalHeader.SectionAlignment;
@ -200,7 +200,7 @@ __declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBas
}
PEFixHeader64->OptionalHeader.AddressOfEntryPoint = (DWORD)(EntryPoint - (ULONG_PTR)ImageBase);
PEFixHeader64->OptionalHeader.ImageBase = (DWORD64)((ULONG_PTR)ImageBase);
for(int i=NumberOfSections; i>=1; i--)
for(int i = NumberOfSections; i >= 1; i--)
{
PEFixSection->PointerToRawData = PEFixSection->VirtualAddress;
RealignedVirtualSize = (PEFixSection->Misc.VirtualSize / PEHeader64->OptionalHeader.SectionAlignment) * PEHeader64->OptionalHeader.SectionAlignment;
@ -212,7 +212,7 @@ __declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBas
PEFixSection->Misc.VirtualSize = RealignedVirtualSize;
PEFixSection = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PEFixSection + IMAGE_SIZEOF_SECTION_HEADER);
}
WriteFile(hFile,ueCopyBuffer, (DWORD)AlignedHeaderSize, &uedNumberOfBytesRead, NULL);
WriteFile(hFile, ueCopyBuffer, (DWORD)AlignedHeaderSize, &uedNumberOfBytesRead, NULL);
ReadBase = (LPVOID)((ULONG_PTR)ReadBase + (DWORD)AlignedHeaderSize - TITANENGINE_PAGESIZE);
while(SizeOfImageDump > NULL)
{
@ -246,7 +246,7 @@ __declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBas
}//EngineValidateHeader
}//ReadProcessMemory
if (hFile != INVALID_HANDLE_VALUE)
if(hFile != INVALID_HANDLE_VALUE)
{
EngineCloseHandle(hFile);
}
@ -274,7 +274,7 @@ __declspec(dllexport) bool TITCALL DumpProcessExW(DWORD ProcessId, LPVOID ImageB
HANDLE hProcess = 0;
bool ReturnValue = false;
hProcess = EngineOpenProcess(PROCESS_VM_READ|PROCESS_QUERY_INFORMATION, FALSE, ProcessId);
hProcess = EngineOpenProcess(PROCESS_VM_READ | PROCESS_QUERY_INFORMATION, FALSE, ProcessId);
if(hProcess)
{
ReturnValue = DumpProcessW(hProcess, ImageBase, szDumpFileName, EntryPoint);
@ -320,16 +320,16 @@ __declspec(dllexport) bool TITCALL DumpMemoryW(HANDLE hProcess, LPVOID MemorySta
ReadBase = (LPVOID)ProcReadBase;
if(MemorySize >= 0x1000)
{
RtlZeroMemory(ueCopyBuffer,0x2000);
RtlZeroMemory(ueCopyBuffer, 0x2000);
MemoryReadSafe(hProcess, ReadBase, ueCopyBuffer, 0x1000, &ueNumberOfBytesRead);
WriteFile(hFile,ueCopyBuffer, 0x1000, &uedNumberOfBytesRead, NULL);
WriteFile(hFile, ueCopyBuffer, 0x1000, &uedNumberOfBytesRead, NULL);
MemorySize = MemorySize - 0x1000;
}
else
{
RtlZeroMemory(ueCopyBuffer,0x2000);
RtlZeroMemory(ueCopyBuffer, 0x2000);
MemoryReadSafe(hProcess, ReadBase, ueCopyBuffer, MemorySize, &ueNumberOfBytesRead);
@ -364,7 +364,7 @@ __declspec(dllexport) bool TITCALL DumpMemoryExW(DWORD ProcessId, LPVOID MemoryS
HANDLE hProcess = 0;
bool ReturnValue = false;
hProcess = EngineOpenProcess(PROCESS_VM_READ|PROCESS_QUERY_INFORMATION, FALSE, ProcessId);
hProcess = EngineOpenProcess(PROCESS_VM_READ | PROCESS_QUERY_INFORMATION, FALSE, ProcessId);
if(hProcess)
{
ReturnValue = DumpMemoryW(hProcess, MemoryStart, MemorySize, szDumpFileName);
@ -403,7 +403,7 @@ __declspec(dllexport) bool TITCALL DumpRegionsW(HANDLE hProcess, wchar_t* szDump
if(hProcess != NULL)
{
if (!EnumProcessModules(hProcess, EnumeratedModules, sizeof(EnumeratedModules), &cbNeeded))
if(!EnumProcessModules(hProcess, EnumeratedModules, sizeof(EnumeratedModules), &cbNeeded))
{
return false;
}
@ -430,7 +430,7 @@ __declspec(dllexport) bool TITCALL DumpRegionsW(HANDLE hProcess, wchar_t* szDump
RtlZeroMemory(&szDumpName, MAX_PATH);
RtlZeroMemory(&szDumpFileName, MAX_PATH);
lstrcpyW(szDumpFileName, szDumpFolder);
if(szDumpFileName[lstrlenW(szDumpFileName)-1] != L'\\')
if(szDumpFileName[lstrlenW(szDumpFileName) - 1] != L'\\')
{
szDumpFileName[lstrlenW(szDumpFileName)] = L'\\';
}
@ -466,7 +466,7 @@ __declspec(dllexport) bool TITCALL DumpRegionsExW(DWORD ProcessId, wchar_t* szDu
HANDLE hProcess = 0;
bool ReturnValue = false;
hProcess = EngineOpenProcess(PROCESS_VM_READ|PROCESS_QUERY_INFORMATION, FALSE, ProcessId);
hProcess = EngineOpenProcess(PROCESS_VM_READ | PROCESS_QUERY_INFORMATION, FALSE, ProcessId);
if(hProcess)
{
ReturnValue = DumpRegionsW(hProcess, szDumpFolder, DumpAboveImageBaseOnly);
@ -506,7 +506,7 @@ __declspec(dllexport) bool TITCALL DumpModuleW(HANDLE hProcess, LPVOID ModuleBas
{
if(EnumeratedModules[i] == (HMODULE)ModuleBase)
{
if (GetModuleInformation(hProcess, (HMODULE)EnumeratedModules[i], &RemoteModuleInfo, sizeof(MODULEINFO)))
if(GetModuleInformation(hProcess, (HMODULE)EnumeratedModules[i], &RemoteModuleInfo, sizeof(MODULEINFO)))
{
return(DumpMemoryW(hProcess, (LPVOID)EnumeratedModules[i], RemoteModuleInfo.SizeOfImage, szDumpFileName));
}
@ -537,7 +537,7 @@ __declspec(dllexport) bool TITCALL DumpModuleExW(DWORD ProcessId, LPVOID ModuleB
HANDLE hProcess = 0;
bool ReturnValue = false;
hProcess = EngineOpenProcess(PROCESS_VM_READ|PROCESS_QUERY_INFORMATION, FALSE, ProcessId);
hProcess = EngineOpenProcess(PROCESS_VM_READ | PROCESS_QUERY_INFORMATION, FALSE, ProcessId);
if(hProcess) //If the function fails, the return value is NULL. To get extended error information, call GetLastError.
{
ReturnValue = DumpModuleW(hProcess, ModuleBase, szDumpFileName);

6
TitanEngine/TitanEngine.Engine.Simplification.cpp
View File

@ -11,14 +11,14 @@ __declspec(dllexport) void TITCALL EngineUnpackerInitialize(char* szFileName, ch
if(szFileName != NULL)
{
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
if(szUnpackedFileName == NULL)
{
return EngineUnpackerInitializeW(uniFileName, NULL, DoLogData, DoRealignFile, DoMoveOverlay, EntryCallBack);
}
else
{
MultiByteToWideChar(CP_ACP, NULL, szUnpackedFileName, lstrlenA(szUnpackedFileName)+1, uniUnpackedFileName, sizeof(uniUnpackedFileName)/(sizeof(uniUnpackedFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szUnpackedFileName, lstrlenA(szUnpackedFileName) + 1, uniUnpackedFileName, sizeof(uniUnpackedFileName) / (sizeof(uniUnpackedFileName[0])));
EngineUnpackerInitializeW(uniFileName, uniUnpackedFileName, DoLogData, DoRealignFile, DoMoveOverlay, EntryCallBack);
}
}
@ -26,7 +26,7 @@ __declspec(dllexport) void TITCALL EngineUnpackerInitialize(char* szFileName, ch
__declspec(dllexport) void TITCALL EngineUnpackerInitializeW(wchar_t* szFileName, wchar_t* szUnpackedFileName, bool DoLogData, bool DoRealignFile, bool DoMoveOverlay, void* EntryCallBack)
{
int i,j;
int i, j;
wchar_t TempBackBuffer[MAX_PATH] = {};
if(szFileName != NULL)

40
TitanEngine/TitanEngine.Engine.cpp
View File

@ -52,8 +52,8 @@ __declspec(dllexport) bool TITCALL EngineCreateMissingDependencies(char* szFileN
if(szFileName != NULL && szOutputFolder != NULL)
{
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szOutputFolder, lstrlenA(szOutputFolder)+1, uniOutputFolder, sizeof(uniOutputFolder)/(sizeof(uniOutputFolder[0])));
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szOutputFolder, lstrlenA(szOutputFolder) + 1, uniOutputFolder, sizeof(uniOutputFolder) / (sizeof(uniOutputFolder[0])));
return(EngineCreateMissingDependenciesW(uniFileName, uniOutputFolder, LogCreatedFiles));
}
else
@ -124,12 +124,12 @@ __declspec(dllexport) bool TITCALL EngineCreateMissingDependenciesW(wchar_t* szF
ImportDllName = (PCHAR)((ULONG_PTR)ConvertVAtoFileOffset(FileMapVA, ImportPointer->Name + ImageBase, true));
if(ImportDllName)
{
MultiByteToWideChar(CP_ACP, NULL, ImportDllName, lstrlenA(ImportDllName)+1, ImportDllNameW, sizeof(ImportDllNameW)/(sizeof(ImportDllNameW[0])));
MultiByteToWideChar(CP_ACP, NULL, ImportDllName, lstrlenA(ImportDllName) + 1, ImportDllNameW, sizeof(ImportDllNameW) / (sizeof(ImportDllNameW[0])));
if(!EngineIsDependencyPresentW(ImportDllNameW, szFileName, szOutputFolder))
{
RtlZeroMemory(&BuildExportName, sizeof(BuildExportName));
lstrcatW(BuildExportName, szOutputFolder);
if(BuildExportName[lstrlenW(BuildExportName)-1] != 0x5C)
if(BuildExportName[lstrlenW(BuildExportName) - 1] != 0x5C)
{
BuildExportName[lstrlenW(BuildExportName)] = 0x5C;
}
@ -182,12 +182,12 @@ __declspec(dllexport) bool TITCALL EngineCreateMissingDependenciesW(wchar_t* szF
ImportDllName = (PCHAR)((ULONG_PTR)ConvertVAtoFileOffset(FileMapVA, ImportPointer->Name + ImageBase, true));
if(ImportDllName)
{
MultiByteToWideChar(CP_ACP, NULL, ImportDllName, lstrlenA(ImportDllName)+1, ImportDllNameW, sizeof(ImportDllNameW)/(sizeof(ImportDllNameW[0])));
MultiByteToWideChar(CP_ACP, NULL, ImportDllName, lstrlenA(ImportDllName) + 1, ImportDllNameW, sizeof(ImportDllNameW) / (sizeof(ImportDllNameW[0])));
if(!EngineIsDependencyPresentW(ImportDllNameW, szFileName, szOutputFolder))
{
RtlZeroMemory(&BuildExportName, sizeof(BuildExportName));
lstrcatW(BuildExportName, szOutputFolder);
if(BuildExportName[lstrlenW(BuildExportName)-1] != 0x5C)
if(BuildExportName[lstrlenW(BuildExportName) - 1] != 0x5C)
{
BuildExportName[lstrlenW(BuildExportName)] = 0x5C;
}
@ -321,35 +321,35 @@ __declspec(dllexport) void TITCALL EngineAddUnpackerWindowLogMessage(char* szLog
__declspec(dllexport) bool TITCALL EngineCheckStructAlignment(DWORD StructureType, ULONG_PTR StructureSize)
{
int blub=1;
int blub = 1;
switch(StructureType)
{
case UE_STRUCT_PE32STRUCT:
return (sizeof(PE32Struct)==StructureSize);
return (sizeof(PE32Struct) == StructureSize);
case UE_STRUCT_PE64STRUCT:
return (sizeof(PE64Struct)==StructureSize);
return (sizeof(PE64Struct) == StructureSize);
case UE_STRUCT_PESTRUCT:
return (sizeof(PEStruct)==StructureSize);
return (sizeof(PEStruct) == StructureSize);
case UE_STRUCT_IMPORTENUMDATA:
return (sizeof(ImportEnumData)==StructureSize);
return (sizeof(ImportEnumData) == StructureSize);
case UE_STRUCT_THREAD_ITEM_DATA:
return (sizeof(THREAD_ITEM_DATA)==StructureSize);
return (sizeof(THREAD_ITEM_DATA) == StructureSize);
case UE_STRUCT_LIBRARY_ITEM_DATA:
return (sizeof(LIBRARY_ITEM_DATA)==StructureSize);
return (sizeof(LIBRARY_ITEM_DATA) == StructureSize);
case UE_STRUCT_LIBRARY_ITEM_DATAW:
return (sizeof(LIBRARY_ITEM_DATAW)==StructureSize);
return (sizeof(LIBRARY_ITEM_DATAW) == StructureSize);
case UE_STRUCT_PROCESS_ITEM_DATA:
return (sizeof(PROCESS_ITEM_DATA)==StructureSize);
return (sizeof(PROCESS_ITEM_DATA) == StructureSize);
case UE_STRUCT_HANDLERARRAY:
return (sizeof(HandlerArray)==StructureSize);
return (sizeof(HandlerArray) == StructureSize);
case UE_STRUCT_PLUGININFORMATION:
return (sizeof(PluginInformation)==StructureSize);
return (sizeof(PluginInformation) == StructureSize);
case UE_STRUCT_HOOK_ENTRY:
return (sizeof(HOOK_ENTRY)==StructureSize);
return (sizeof(HOOK_ENTRY) == StructureSize);
case UE_STRUCT_FILE_STATUS_INFO:
return (sizeof(FILE_STATUS_INFO)==StructureSize);
return (sizeof(FILE_STATUS_INFO) == StructureSize);
case UE_STRUCT_FILE_FIX_INFO:
return (sizeof(FILE_FIX_INFO)==StructureSize);
return (sizeof(FILE_FIX_INFO) == StructureSize);
}
return false;
}

4
TitanEngine/TitanEngine.Exporter.cpp
View File

@ -251,7 +251,7 @@ __declspec(dllexport) bool TITCALL ExporterBuildExportTableEx(char* szExportFile
if(szExportFileName != NULL)
{
MultiByteToWideChar(CP_ACP, NULL, szExportFileName, lstrlenA(szExportFileName)+1, uniExportFileName, sizeof(uniExportFileName)/(sizeof(uniExportFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szExportFileName, lstrlenA(szExportFileName) + 1, uniExportFileName, sizeof(uniExportFileName) / (sizeof(uniExportFileName[0])));
return(ExporterBuildExportTableExW(uniExportFileName, szSectionName));
}
else
@ -305,7 +305,7 @@ __declspec(dllexport) bool TITCALL ExporterLoadExportTable(char* szFileName)
if(szFileName != NULL)
{
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return(ExporterLoadExportTableW(uniFileName));
}
else

44
TitanEngine/TitanEngine.Handler.cpp
View File

@ -3,7 +3,7 @@
#include "Global.Handle.h"
#include "Global.Engine.h"
bool NtQuerySysHandleInfo(DynBuf& buf)
bool NtQuerySysHandleInfo(DynBuf & buf)
{
ULONG RequiredSize = NULL;
@ -23,7 +23,7 @@ __declspec(dllexport) long TITCALL HandlerGetActiveHandleCount(DWORD ProcessId)
int HandleCount = 0;
DynBuf hinfo;
if (!NtQuerySysHandleInfo(hinfo))
if(!NtQuerySysHandleInfo(hinfo))
return 0;
LPVOID QuerySystemBuffer = hinfo.GetPtr();
@ -31,7 +31,7 @@ __declspec(dllexport) long TITCALL HandlerGetActiveHandleCount(DWORD ProcessId)
PSYSTEM_HANDLE_INFORMATION HandleInfo = (PSYSTEM_HANDLE_INFORMATION)QuerySystemBuffer;
PSYSTEM_HANDLE_TABLE_ENTRY_INFO pHandle = HandleInfo->Handles;
for (ULONG i = 0; i < HandleInfo->NumberOfHandles; i++)
for(ULONG i = 0; i < HandleInfo->NumberOfHandles; i++)
{
if((DWORD)pHandle->UniqueProcessId == ProcessId)
{
@ -48,7 +48,7 @@ __declspec(dllexport) bool TITCALL HandlerIsHandleOpen(DWORD ProcessId, HANDLE h
bool HandleActive = false;
DynBuf hinfo;
if (!NtQuerySysHandleInfo(hinfo))
if(!NtQuerySysHandleInfo(hinfo))
return false;
LPVOID QuerySystemBuffer = hinfo.GetPtr();
@ -57,7 +57,7 @@ __declspec(dllexport) bool TITCALL HandlerIsHandleOpen(DWORD ProcessId, HANDLE h
PSYSTEM_HANDLE_TABLE_ENTRY_INFO pHandle = HandleInfo->Handles;
for (ULONG i = 0; i < HandleInfo->NumberOfHandles; i++)
for(ULONG i = 0; i < HandleInfo->NumberOfHandles; i++)
{
if((DWORD)pHandle->UniqueProcessId == ProcessId && (HANDLE)pHandle->HandleValue == hHandle)
{
@ -80,7 +80,7 @@ __declspec(dllexport) void* TITCALL HandlerGetHandleNameW(HANDLE hProcess, DWORD
LPVOID HandleFullName = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE);
DynBuf hinfo;
if (!NtQuerySysHandleInfo(hinfo))
if(!NtQuerySysHandleInfo(hinfo))
{
VirtualFree(HandleFullName, NULL, MEM_RELEASE);
return 0;
@ -90,7 +90,7 @@ __declspec(dllexport) void* TITCALL HandlerGetHandleNameW(HANDLE hProcess, DWORD
PSYSTEM_HANDLE_INFORMATION HandleInfo = (PSYSTEM_HANDLE_INFORMATION)QuerySystemBuffer;
PSYSTEM_HANDLE_TABLE_ENTRY_INFO pHandle = HandleInfo->Handles;
for (ULONG i = 0; i < HandleInfo->NumberOfHandles; i++)
for(ULONG i = 0; i < HandleInfo->NumberOfHandles; i++)
{
if((DWORD)pHandle->UniqueProcessId == ProcessId && (HANDLE)pHandle->HandleValue == hHandle)
{
@ -135,11 +135,11 @@ __declspec(dllexport) void* TITCALL HandlerGetHandleNameW(HANDLE hProcess, DWORD
}
__declspec(dllexport) void* TITCALL HandlerGetHandleName(HANDLE hProcess, DWORD ProcessId, HANDLE hHandle, bool TranslateName)
{
wchar_t * name = (wchar_t *)HandlerGetHandleNameW(hProcess, ProcessId, hHandle, TranslateName);
wchar_t* name = (wchar_t*)HandlerGetHandleNameW(hProcess, ProcessId, hHandle, TranslateName);
if (name)
if(name)
{
LPVOID HandleFullName = VirtualAlloc(NULL, wcslen(name) + 1, MEM_COMMIT|MEM_RESERVE, PAGE_READWRITE);
LPVOID HandleFullName = VirtualAlloc(NULL, wcslen(name) + 1, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
WideCharToMultiByte(CP_ACP, NULL, name, -1, (LPSTR)HandleFullName, (int)wcslen(name) + 1, NULL, NULL);
VirtualFree(name, NULL, MEM_RELEASE);
@ -158,7 +158,7 @@ __declspec(dllexport) long TITCALL HandlerEnumerateOpenHandles(DWORD ProcessId,
PNTDLL_QUERY_HANDLE_INFO HandleInfo;
DynBuf hinfo;
if (!NtQuerySysHandleInfo(hinfo))
if(!NtQuerySysHandleInfo(hinfo))
return 0;
LPVOID QuerySystemBuffer = hinfo.GetPtr();
@ -195,7 +195,7 @@ __declspec(dllexport) ULONG_PTR TITCALL HandlerGetHandleDetails(HANDLE hProcess,
DynBuf hinfo;
if (!NtQuerySysHandleInfo(hinfo))
if(!NtQuerySysHandleInfo(hinfo))
return 0;
LPVOID QuerySystemBuffer = hinfo.GetPtr();
@ -289,7 +289,7 @@ __declspec(dllexport) long TITCALL HandlerEnumerateLockHandles(char* szFileOrFol
if(szFileOrFolderName != NULL)
{
MultiByteToWideChar(CP_ACP, NULL, szFileOrFolderName, lstrlenA(szFileOrFolderName)+1, uniFileOrFolderName, sizeof(uniFileOrFolderName)/(sizeof(uniFileOrFolderName[0])));
MultiByteToWideChar(CP_ACP, NULL, szFileOrFolderName, lstrlenA(szFileOrFolderName) + 1, uniFileOrFolderName, sizeof(uniFileOrFolderName) / (sizeof(uniFileOrFolderName[0])));
return(HandlerEnumerateLockHandlesW(uniFileOrFolderName, NameIsFolder, NameIsTranslated, HandleDataBuffer, MaxHandleCount));
}
else
@ -318,7 +318,7 @@ __declspec(dllexport) long TITCALL HandlerEnumerateLockHandlesW(wchar_t* szFileO
LPVOID tmpHandleFullName = NULL;
DynBuf hinfo;
if (!NtQuerySysHandleInfo(hinfo))
if(!NtQuerySysHandleInfo(hinfo))
return 0;
LPVOID QuerySystemBuffer = hinfo.GetPtr();
@ -396,7 +396,7 @@ __declspec(dllexport) bool TITCALL HandlerCloseAllLockHandles(char* szFileOrFold
if(szFileOrFolderName != NULL)
{
MultiByteToWideChar(CP_ACP, NULL, szFileOrFolderName, lstrlenA(szFileOrFolderName)+1, uniFileOrFolderName, sizeof(uniFileOrFolderName)/(sizeof(uniFileOrFolderName[0])));
MultiByteToWideChar(CP_ACP, NULL, szFileOrFolderName, lstrlenA(szFileOrFolderName) + 1, uniFileOrFolderName, sizeof(uniFileOrFolderName) / (sizeof(uniFileOrFolderName[0])));
return(HandlerCloseAllLockHandlesW(uniFileOrFolderName, NameIsFolder, NameIsTranslated));
}
else
@ -425,7 +425,7 @@ __declspec(dllexport) bool TITCALL HandlerCloseAllLockHandlesW(wchar_t* szFileOr
DynBuf hinfo;
if (!NtQuerySysHandleInfo(hinfo))
if(!NtQuerySysHandleInfo(hinfo))
return 0;
LPVOID QuerySystemBuffer = hinfo.GetPtr();
@ -500,7 +500,7 @@ __declspec(dllexport) bool TITCALL HandlerIsFileLocked(char* szFileOrFolderName,
if(szFileOrFolderName != NULL)
{
MultiByteToWideChar(CP_ACP, NULL, szFileOrFolderName, lstrlenA(szFileOrFolderName)+1, uniFileOrFolderName, sizeof(uniFileOrFolderName)/(sizeof(uniFileOrFolderName[0])));
MultiByteToWideChar(CP_ACP, NULL, szFileOrFolderName, lstrlenA(szFileOrFolderName) + 1, uniFileOrFolderName, sizeof(uniFileOrFolderName) / (sizeof(uniFileOrFolderName[0])));
return(HandlerIsFileLockedW(uniFileOrFolderName, NameIsFolder, NameIsTranslated));
}
else
@ -528,7 +528,7 @@ __declspec(dllexport) bool TITCALL HandlerIsFileLockedW(wchar_t* szFileOrFolderN
LPVOID tmpHandleFullName = NULL;
DynBuf hinfo;
if (!NtQuerySysHandleInfo(hinfo))
if(!NtQuerySysHandleInfo(hinfo))
return 0;
LPVOID QuerySystemBuffer = hinfo.GetPtr();
@ -611,7 +611,7 @@ __declspec(dllexport) long TITCALL HandlerEnumerateOpenMutexes(HANDLE hProcess,
PPUBLIC_OBJECT_TYPE_INFORMATION pObjectTypeInfo = (PPUBLIC_OBJECT_TYPE_INFORMATION)HandleFullData;
DynBuf hinfo;
if (!NtQuerySysHandleInfo(hinfo))
if(!NtQuerySysHandleInfo(hinfo))
return 0;
LPVOID QuerySystemBuffer = hinfo.GetPtr();
@ -659,7 +659,7 @@ __declspec(dllexport) ULONG_PTR TITCALL HandlerGetOpenMutexHandle(HANDLE hProces
if(szMutexString != NULL)
{
MultiByteToWideChar(CP_ACP, NULL, szMutexString, lstrlenA(szMutexString)+1, uniMutexString, sizeof(uniMutexString)/(sizeof(uniMutexString[0])));
MultiByteToWideChar(CP_ACP, NULL, szMutexString, lstrlenA(szMutexString) + 1, uniMutexString, sizeof(uniMutexString) / (sizeof(uniMutexString[0])));
return((ULONG_PTR)HandlerGetOpenMutexHandleW(hProcess, ProcessId, uniMutexString));
}
else
@ -669,7 +669,7 @@ __declspec(dllexport) ULONG_PTR TITCALL HandlerGetOpenMutexHandle(HANDLE hProces
}
__declspec(dllexport) ULONG_PTR TITCALL HandlerGetOpenMutexHandleW(HANDLE hProcess, DWORD ProcessId, wchar_t* szMutexString)
{
if(!szMutexString || lstrlenW(szMutexString)>=512)
if(!szMutexString || lstrlenW(szMutexString) >= 512)
return 0;
int i;
HANDLE myHandle;
@ -734,7 +734,7 @@ __declspec(dllexport) long TITCALL HandlerGetProcessIdWhichCreatedMutexW(wchar_t
lstrcatW(RealMutexName, szMutexString);
DynBuf hinfo;
if (!NtQuerySysHandleInfo(hinfo))
if(!NtQuerySysHandleInfo(hinfo))
return 0;
LPVOID QuerySystemBuffer = hinfo.GetPtr();

16
TitanEngine/TitanEngine.Hider.cpp
View File

@ -6,7 +6,7 @@
__declspec(dllexport) void* TITCALL GetPEBLocation(HANDLE hProcess)
{
ULONG RequiredLen = 0;
void * PebAddress = 0;
void* PebAddress = 0;
PROCESS_BASIC_INFORMATION myProcessBasicInformation[5] = {0};
if(NtQueryInformationProcess(hProcess, ProcessBasicInformation, myProcessBasicInformation, sizeof(PROCESS_BASIC_INFORMATION), &RequiredLen) == STATUS_SUCCESS)
@ -27,7 +27,7 @@ __declspec(dllexport) void* TITCALL GetPEBLocation(HANDLE hProcess)
__declspec(dllexport) void* TITCALL GetTEBLocation(HANDLE hThread)
{
ULONG RequiredLen = 0;
void * TebAddress = 0;
void* TebAddress = 0;
THREAD_BASIC_INFORMATION myThreadBasicInformation[5] = {0};
if(NtQueryInformationThread(hThread, ThreadBasicInformation, myThreadBasicInformation, sizeof(THREAD_BASIC_INFORMATION), &RequiredLen) == STATUS_SUCCESS)
@ -48,14 +48,14 @@ __declspec(dllexport) void* TITCALL GetTEBLocation(HANDLE hThread)
__declspec(dllexport) void* TITCALL GetTEBLocation64(HANDLE hThread)
{
#ifndef _WIN64
if (IsThisProcessWow64())
if(IsThisProcessWow64())
{
//Only WOW64 processes have 2 PEBs and 2 TEBs
DWORD teb32 = (DWORD)GetTEBLocation(hThread);
if (teb32)
if(teb32)
{
teb32 -= 0x2000; //TEB64 before TEB32
return (void *)teb32;
return (void*)teb32;
}
}
#endif //_WIN64
@ -65,14 +65,14 @@ __declspec(dllexport) void* TITCALL GetTEBLocation64(HANDLE hThread)
__declspec(dllexport) void* TITCALL GetPEBLocation64(HANDLE hProcess)
{
#ifndef _WIN64
if (IsThisProcessWow64())
if(IsThisProcessWow64())
{
//Only WOW64 processes have 2 PEBs
DWORD peb32 = (DWORD)GetPEBLocation(hProcess);
if (peb32)
if(peb32)
{
peb32 += 0x1000; //PEB64 after PEB32
return (void *)peb32;
return (void*)peb32;
}
}
#endif //_WIN64

10
TitanEngine/TitanEngine.Hooks.cpp
View File

@ -29,10 +29,10 @@ __declspec(dllexport) bool TITCALL HooksSafeTransitionEx(LPVOID HookAddressArray
{
if(!TransitionStart || ThreaderImportRunningThreadData(GetCurrentProcessId()))
{
int threadcount=(int)hListThread.size();
for(int i=0; i<threadcount; i++)
int threadcount = (int)hListThread.size();
for(int i = 0; i < threadcount; i++)
{
PTHREAD_ITEM_DATA hListThreadPtr=&hListThread.at(i);
PTHREAD_ITEM_DATA hListThreadPtr = &hListThread.at(i);
if(hListThreadPtr->hThread != INVALID_HANDLE_VALUE)
{
if(TransitionStart)
@ -42,7 +42,7 @@ __declspec(dllexport) bool TITCALL HooksSafeTransitionEx(LPVOID HookAddressArray
SuspendThread(hListThreadPtr->hThread);
ULONG_PTR CurrentIP = (ULONG_PTR)GetContextDataEx(hListThreadPtr->hThread, UE_CIP);
PMEMORY_COMPARE_HANDLER myHookAddressArray = (PMEMORY_COMPARE_HANDLER)HookAddressArray;
for(int j=0; j<NumberOfHooks; j++)
for(int j = 0; j < NumberOfHooks; j++)
{
#if defined (_WIN64)
ULONG_PTR HookAddress = (ULONG_PTR)myHookAddressArray->Array.qwArrayEntry[0];
@ -902,7 +902,7 @@ __declspec(dllexport) void TITCALL HooksScanModuleMemory(HMODULE ModuleBase, LPV
HANDLE hProcess = GetCurrentProcess();
LIBRARY_ITEM_DATA RemoteLibInfo = {};
PLIBRARY_ITEM_DATA pRemoteLibInfo = (PLIBRARY_ITEM_DATA)LibrarianGetLibraryInfoEx((void*)ModuleBase);
typedef bool(TITCALL *fEnumCallBack)(PHOOK_ENTRY HookDetails, void* ptrOriginalInstructions, PLIBRARY_ITEM_DATA ModuleInformation, DWORD SizeOfImage);
typedef bool(TITCALL * fEnumCallBack)(PHOOK_ENTRY HookDetails, void* ptrOriginalInstructions, PLIBRARY_ITEM_DATA ModuleInformation, DWORD SizeOfImage);
fEnumCallBack myEnumCallBack = (fEnumCallBack)CallBack;
BYTE CheckHookMemory[TEE_MAXIMUM_HOOK_SIZE];
PMEMORY_COMPARE_HANDLER ExportedFunctions;

56
TitanEngine/TitanEngine.Importer.cpp
View File

@ -12,7 +12,7 @@ __declspec(dllexport) void TITCALL ImporterAddNewDll(char* szDLLName, ULONG_PTR
{
wchar_t uniDLLName[MAX_PATH] = {};
MultiByteToWideChar(CP_ACP, NULL, szDLLName, lstrlenA(szDLLName)+1, uniDLLName, sizeof(uniDLLName)/(sizeof(uniDLLName[0])));
MultiByteToWideChar(CP_ACP, NULL, szDLLName, lstrlenA(szDLLName) + 1, uniDLLName, sizeof(uniDLLName) / (sizeof(uniDLLName[0])));
scylla_addModule(uniDLLName, FirstThunk);
}
@ -21,14 +21,14 @@ __declspec(dllexport) void TITCALL ImporterAddNewAPI(char* szAPIName, ULONG_PTR
{
wchar_t uniAPIName[MAX_PATH] = {};
MultiByteToWideChar(CP_ACP, NULL, szAPIName, lstrlenA(szAPIName)+1, uniAPIName, sizeof(uniAPIName)/(sizeof(uniAPIName[0])));
MultiByteToWideChar(CP_ACP, NULL, szAPIName, lstrlenA(szAPIName) + 1, uniAPIName, sizeof(uniAPIName) / (sizeof(uniAPIName[0])));
scylla_addImport(uniAPIName, ThunkValue);
}
__declspec(dllexport) void TITCALL ImporterAddNewOrdinalAPI(ULONG_PTR OrdinalNumber, ULONG_PTR ThunkValue)
{
ImporterAddNewAPI((char*)(OrdinalNumber&~IMAGE_ORDINAL_FLAG), ThunkValue);
ImporterAddNewAPI((char*)(OrdinalNumber & ~IMAGE_ORDINAL_FLAG), ThunkValue);
}
__declspec(dllexport) long TITCALL ImporterGetAddedDllCount()
@ -58,9 +58,9 @@ __declspec(dllexport) bool TITCALL ImporterExportIATEx(char* szDumpFileName, cha
wchar_t uniSectionName[MAX_PATH] = {};
if(szExportFileName != NULL && szDumpFileName != NULL)
{
MultiByteToWideChar(CP_ACP, NULL, szExportFileName, lstrlenA(szExportFileName)+1, uniExportFileName, sizeof(uniExportFileName)/(sizeof(uniExportFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szDumpFileName, lstrlenA(szDumpFileName)+1, uniDumpFileName, sizeof(uniDumpFileName)/(sizeof(uniDumpFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szSectionName, lstrlenA(szSectionName)+1, uniSectionName, sizeof(uniSectionName)/(sizeof(uniSectionName[0])));
MultiByteToWideChar(CP_ACP, NULL, szExportFileName, lstrlenA(szExportFileName) + 1, uniExportFileName, sizeof(uniExportFileName) / (sizeof(uniExportFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szDumpFileName, lstrlenA(szDumpFileName) + 1, uniDumpFileName, sizeof(uniDumpFileName) / (sizeof(uniDumpFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szSectionName, lstrlenA(szSectionName) + 1, uniSectionName, sizeof(uniSectionName) / (sizeof(uniSectionName[0])));
return ImporterExportIATExW(uniDumpFileName, uniExportFileName, uniSectionName);
}
return false;
@ -118,10 +118,10 @@ __declspec(dllexport) ULONG_PTR TITCALL ImporterGetLocalAPIAddress(HANDLE hProce
__declspec(dllexport) void* TITCALL ImporterGetDLLNameFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress)
{
ULONG_PTR moduleBase=EngineGetModuleBaseRemote(hProcess, APIAddress);
ULONG_PTR moduleBase = EngineGetModuleBaseRemote(hProcess, APIAddress);
if(moduleBase)
{
static char szModuleName[MAX_PATH]="";
static char szModuleName[MAX_PATH] = "";
if(GetModuleFileNameExA(hProcess, (HMODULE)moduleBase, szModuleName, _countof(szModuleName)))
return szModuleName;
}
@ -130,17 +130,17 @@ __declspec(dllexport) void* TITCALL ImporterGetDLLNameFromDebugee(HANDLE hProces
__declspec(dllexport) void* TITCALL ImporterGetDLLNameFromDebugeeW(HANDLE hProcess, ULONG_PTR APIAddress)
{
ULONG_PTR moduleBase=EngineGetModuleBaseRemote(hProcess, APIAddress);
ULONG_PTR moduleBase = EngineGetModuleBaseRemote(hProcess, APIAddress);
if(moduleBase)
{
static wchar_t szModuleName[MAX_PATH]=L"";
static wchar_t szModuleName[MAX_PATH] = L"";
if(GetModuleFileNameExW(hProcess, (HMODULE)moduleBase, szModuleName, _countof(szModuleName)))
return szModuleName;
}
return 0;
}
__declspec(dllexport) void* TITCALL ImporterGetRemoteDLLBaseExW(HANDLE hProcess, WCHAR * szModuleName)
__declspec(dllexport) void* TITCALL ImporterGetRemoteDLLBaseExW(HANDLE hProcess, WCHAR* szModuleName)
{
return (void*)EngineGetModuleBaseRemote(hProcess, szModuleName);
}
@ -173,7 +173,7 @@ __declspec(dllexport) void* TITCALL ImporterGetAPINameEx(ULONG_PTR APIAddress, U
__declspec(dllexport) void* TITCALL ImporterGetAPINameFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress)
{
static char APIName[5000]="";
static char APIName[5000] = "";
if(EngineGetAPINameRemote(hProcess, APIAddress, APIName, _countof(APIName), 0))
return APIName;
return 0;
@ -240,8 +240,8 @@ __declspec(dllexport) bool TITCALL ImporterCopyOriginalIAT(char* szOriginalFile,
if(szOriginalFile != NULL && szDumpFile != NULL)
{
MultiByteToWideChar(CP_ACP, NULL, szDumpFile, lstrlenA(szDumpFile)+1, uniDumpFile, sizeof(uniDumpFile)/(sizeof(uniDumpFile[0])));
MultiByteToWideChar(CP_ACP, NULL, szOriginalFile, lstrlenA(szOriginalFile)+1, uniOriginalFile, sizeof(uniOriginalFile)/(sizeof(uniOriginalFile[0])));
MultiByteToWideChar(CP_ACP, NULL, szDumpFile, lstrlenA(szDumpFile) + 1, uniDumpFile, sizeof(uniDumpFile) / (sizeof(uniDumpFile[0])));
MultiByteToWideChar(CP_ACP, NULL, szOriginalFile, lstrlenA(szOriginalFile) + 1, uniOriginalFile, sizeof(uniOriginalFile) / (sizeof(uniOriginalFile[0])));
return(ImporterCopyOriginalIATW(uniOriginalFile, uniDumpFile));
}
else
@ -256,13 +256,13 @@ __declspec(dllexport) bool TITCALL ImporterCopyOriginalIATW(wchar_t* szOriginalF
PIMAGE_NT_HEADERS32 PEHeader32;
PIMAGE_NT_HEADERS64 PEHeader64;
BOOL FileIs64;
HANDLE FileHandle=0;
HANDLE FileHandle = 0;
DWORD FileSize;
HANDLE FileMap=0;
HANDLE FileMap = 0;
ULONG_PTR FileMapVA;
HANDLE FileHandle1=0;
HANDLE FileHandle1 = 0;
DWORD FileSize1;
HANDLE FileMap1=0;
HANDLE FileMap1 = 0;
ULONG_PTR FileMapVA1;
ULONG_PTR IATPointer;
ULONG_PTR IATWritePointer;
@ -342,7 +342,7 @@ __declspec(dllexport) bool TITCALL ImporterLoadImportTable(char* szFileName)
if(szFileName != NULL)
{
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return(ImporterLoadImportTableW(uniFileName));
}
else
@ -522,7 +522,7 @@ __declspec(dllexport) void TITCALL ImporterAutoSearchIAT(DWORD ProcessId, char*
if(szFileName != NULL)
{
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return(ImporterAutoSearchIATW(ProcessId, uniFileName, SearchStart, pIATStart, pIATSize));
}
}
@ -556,7 +556,7 @@ __declspec(dllexport) void TITCALL ImporterAutoSearchIATEx(DWORD ProcessId, ULON
{
if(GetTempFileNameW(szTempFolder, L"DumpTemp", GetTickCount() + 102, szTempName))
{
HANDLE hProcess = EngineOpenProcess(PROCESS_VM_READ|PROCESS_QUERY_INFORMATION, FALSE, ProcessId);
HANDLE hProcess = EngineOpenProcess(PROCESS_VM_READ | PROCESS_QUERY_INFORMATION, FALSE, ProcessId);
DumpProcessW(hProcess, (LPVOID)ImageBase, szTempName, NULL);
ImporterAutoSearchIATW(ProcessId, szTempName, SearchStart, pIATStart, pIATSize);
@ -576,13 +576,13 @@ __declspec(dllexport) long TITCALL ImporterAutoFixIATEx(DWORD ProcessId, char* s
if(szDumpedFile != NULL)
{
MultiByteToWideChar(CP_ACP, NULL, szDumpedFile, lstrlenA(szDumpedFile)+1, uniDumpedFile, sizeof(uniDumpedFile)/(sizeof(uniDumpedFile[0])));
MultiByteToWideChar(CP_ACP, NULL, szSectionName, lstrlenA(szSectionName)+1, uniSectionName, sizeof(uniSectionName)/(sizeof(uniSectionName[0])));
MultiByteToWideChar(CP_ACP, NULL, szDumpedFile, lstrlenA(szDumpedFile) + 1, uniDumpedFile, sizeof(uniDumpedFile) / (sizeof(uniDumpedFile[0])));
MultiByteToWideChar(CP_ACP, NULL, szSectionName, lstrlenA(szSectionName) + 1, uniSectionName, sizeof(uniSectionName) / (sizeof(uniSectionName[0])));
return(ImporterAutoFixIATExW(ProcessId, uniDumpedFile, uniSectionName, DumpRunningProcess, RealignFile, EntryPointAddress, ImageBase, SearchStart, TryAutoFix, FixEliminations, UnknownPointerFixCallback));
}
else
{
return(NULL); // Critical error! *just to be safe, but it should never happen!
return(NULL); // Critical error! *just to be safe, but it should never happen!
}
}
__declspec(dllexport) long TITCALL ImporterAutoFixIATExW(DWORD ProcessId, wchar_t* szDumpedFile, wchar_t* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, bool TryAutoFix, bool FixEliminations, LPVOID UnknownPointerFixCallback)
@ -610,11 +610,11 @@ __declspec(dllexport) long TITCALL ImporterAutoFixIATExW(DWORD ProcessId, wchar_
//do we need to dump first?
if(DumpRunningProcess)
{
HANDLE hProcess = EngineOpenProcess(PROCESS_VM_READ|PROCESS_QUERY_INFORMATION, FALSE, ProcessId);
HANDLE hProcess = EngineOpenProcess(PROCESS_VM_READ | PROCESS_QUERY_INFORMATION, FALSE, ProcessId);
if(!DumpProcessW(hProcess, (LPVOID)ImageBase, szDumpedFile, EntryPointAddress))
{
return(NULL); // Critical error! *just to be safe, but it should never happen!
return(NULL); // Critical error! *just to be safe, but it should never happen!
}
}
@ -657,10 +657,10 @@ __declspec(dllexport) long TITCALL ImporterAutoFixIATExW(DWORD ProcessId, wchar_
}
else
{
return(0x406); // Success, but realign failed!
return(0x406); // Success, but realign failed!
}
}
return(0x400); // Success!
return(0x400); // Success!
}
__declspec(dllexport) long TITCALL ImporterAutoFixIAT(DWORD ProcessId, char* szDumpedFile, ULONG_PTR SearchStart)
{

4
TitanEngine/TitanEngine.Injector.cpp
View File

@ -10,7 +10,7 @@ __declspec(dllexport) bool TITCALL RemoteLoadLibrary(HANDLE hProcess, char* szLi
if(szLibraryFile != NULL)
{
MultiByteToWideChar(CP_ACP, NULL, szLibraryFile, lstrlenA(szLibraryFile)+1, uniLibraryFile, sizeof(uniLibraryFile)/(sizeof(uniLibraryFile[0])));
MultiByteToWideChar(CP_ACP, NULL, szLibraryFile, lstrlenA(szLibraryFile) + 1, uniLibraryFile, sizeof(uniLibraryFile) / (sizeof(uniLibraryFile[0])));
return(RemoteLoadLibraryW(hProcess, uniLibraryFile, WaitForThreadExit));
}
else
@ -96,7 +96,7 @@ __declspec(dllexport) bool TITCALL RemoteFreeLibrary(HANDLE hProcess, HMODULE hM
if(szLibraryFile != NULL)
{
MultiByteToWideChar(CP_ACP, NULL, szLibraryFile, lstrlenA(szLibraryFile)+1, uniLibraryFile, sizeof(uniLibraryFile)/(sizeof(uniLibraryFile[0])));
MultiByteToWideChar(CP_ACP, NULL, szLibraryFile, lstrlenA(szLibraryFile) + 1, uniLibraryFile, sizeof(uniLibraryFile) / (sizeof(uniLibraryFile[0])));
return(RemoteFreeLibraryW(hProcess, hModule, uniLibraryFile, WaitForThreadExit));
}
else

8
TitanEngine/TitanEngine.Librarian.cpp
View File

@ -38,7 +38,7 @@ __declspec(dllexport) void* TITCALL LibrarianGetLibraryInfo(char* szLibraryName)
wchar_t uniLibraryName[MAX_PATH] = {};
PLIBRARY_ITEM_DATAW LibInfo;
MultiByteToWideChar(CP_ACP, NULL, szLibraryName, lstrlenA(szLibraryName)+1, uniLibraryName, sizeof(uniLibraryName)/(sizeof(uniLibraryName[0])));
MultiByteToWideChar(CP_ACP, NULL, szLibraryName, lstrlenA(szLibraryName) + 1, uniLibraryName, sizeof(uniLibraryName) / (sizeof(uniLibraryName[0])));
LibInfo = (PLIBRARY_ITEM_DATAW)LibrarianGetLibraryInfoW(uniLibraryName);
if(LibInfo)
{
@ -60,7 +60,7 @@ __declspec(dllexport) void* TITCALL LibrarianGetLibraryInfoW(wchar_t* szLibraryN
{
static LIBRARY_ITEM_DATAW LibraryInfo;
memset(&LibraryInfo, 0, sizeof(LIBRARY_ITEM_DATAW));
for(unsigned int i = 0; i < hListLibrary.size(); i++)
{
if(hListLibrary.at(i).hFile != INVALID_HANDLE_VALUE && !lstrcmpiW(hListLibrary.at(i).szLibraryName, szLibraryName))
@ -116,7 +116,7 @@ __declspec(dllexport) void TITCALL LibrarianEnumLibraryInfo(void* EnumCallBack)
if(!EnumCallBack)
return;
typedef void(TITCALL *fEnumCallBack)(LPVOID fLibraryDetail);
typedef void(TITCALL * fEnumCallBack)(LPVOID fLibraryDetail);
fEnumCallBack myEnumCallBack = (fEnumCallBack)EnumCallBack;
for(unsigned int i = 0; i < hListLibrary.size(); i++)
@ -148,7 +148,7 @@ __declspec(dllexport) void TITCALL LibrarianEnumLibraryInfoW(void* EnumCallBack)
if(!EnumCallBack)
return;
typedef void(TITCALL *fEnumCallBack)(LPVOID fLibraryDetail);
typedef void(TITCALL * fEnumCallBack)(LPVOID fLibraryDetail);
fEnumCallBack myEnumCallBack = (fEnumCallBack)EnumCallBack;
for(unsigned int i = 0; i < hListLibrary.size(); i++)

2
TitanEngine/TitanEngine.OEPFinder.cpp
View File

@ -14,7 +14,7 @@ __declspec(dllexport) bool TITCALL FindOEPGenerically(char* szFileName, LPVOID T
if(szFileName != NULL)
{
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return(FindOEPGenericallyW(uniFileName, TraceInitCallBack, CallBack));
}
else

126
TitanEngine/TitanEngine.PE.Fixer.cpp
View File

@ -10,7 +10,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidEx(char* szFileName, DWORD Che
if(szFileName != NULL)
{
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return(IsPE32FileValidExW(uniFileName, CheckDepth, FileStatusInfo));
}
else
@ -89,7 +89,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
if(!FileIs64)
{
/*
x86 Surface check
x86 Surface check
*/
__try
{
@ -144,19 +144,19 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
}
SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.FileAlignment, false);
/*
Get the console flag
Get the console flag
*/
if(PEHeader32->OptionalHeader.Subsystem == IMAGE_SUBSYSTEM_WINDOWS_CUI)
{
myFileStatusInfo.FileIsConsole = true;
}
/*
Export and relocation checks [for DLL and EXE]
Export and relocation checks [for DLL and EXE]
*/
if(PEHeader32->FileHeader.Characteristics & 0x2000)
{
/*
Export table check
Export table check
*/
FileIsDLL = true;
myFileStatusInfo.FileIsDLL = true;
@ -256,7 +256,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
myFileStatusInfo.ExportTable = UE_FIELD_NOT_PRESET;
}
/*
Relocation table check
Relocation table check
*/
if(PEHeader32->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_BASERELOC && PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress != NULL)
{
@ -311,7 +311,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
else
{
/*
Export table check
Export table check
*/
if(PEHeader32->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_EXPORT && PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress != NULL)
{
@ -357,7 +357,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
myFileStatusInfo.ExportTable = UE_FIELD_NOT_PRESET;
}
/*
Relocation table check
Relocation table check
*/
if(PEHeader32->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_BASERELOC && PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress != NULL)
{
@ -381,7 +381,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
}
}
/*
Import table check
Import table check
*/
if(PEHeader32->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_IMPORT && PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress != NULL)
{
@ -520,7 +520,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
myFileStatusInfo.ImportTable = UE_FIELD_NOT_PRESET;
}
/*
TLS table check
TLS table check
*/
if(PEHeader32->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_TLS && PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress != NULL)
{
@ -579,7 +579,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
myFileStatusInfo.TLSTable = UE_FIELD_NOT_PRESET;
}
/*
Load config table check
Load config table check
*/
if(PEHeader32->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG && PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG].VirtualAddress != NULL)
{
@ -602,7 +602,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
}
SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.LoadConfigTable, false);
/*
Bound import table check
Bound import table check
*/
if(PEHeader32->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT && PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT].VirtualAddress != NULL)
{
@ -641,7 +641,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
}
SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.BoundImportTable, false);
/*
IAT check
IAT check
*/
if(PEHeader32->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_IAT && PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IAT].VirtualAddress != NULL)
{
@ -664,7 +664,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
}
SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.IATTable, false);
/*
COM header check
COM header check
*/
if(PEHeader32->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR && PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR].VirtualAddress != NULL)
{
@ -687,7 +687,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
}
SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.COMHeaderTable, false);
/*
Resource header check
Resource header check
*/
if(PEHeader32->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_RESOURCE && PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_RESOURCE].VirtualAddress != NULL)
{
@ -733,7 +733,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
myFileStatusInfo.ResourceTable = UE_FIELD_NOT_PRESET;
}
/*
Section check
Section check
*/
PESections = IMAGE_FIRST_SECTION(PEHeader32);
NumberOfSections = PEHeader32->FileHeader.NumberOfSections;
@ -770,7 +770,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.SizeOfImage, true);
SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.SectionTable, true);
/*
Entry point check
Entry point check
*/
SectionNumber = GetPE32SectionNumberFromVA(FileMapVA, PEHeader32->OptionalHeader.AddressOfEntryPoint + PEHeader32->OptionalHeader.ImageBase);
if(SectionNumber != -1)
@ -800,7 +800,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
}
SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.EntryPoint, true);
/*
Return data
Return data
*/
if(FileStatusInfo != NULL)
{
@ -828,7 +828,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
else
{
/*
x64 Surface check
x64 Surface check
*/
__try
{
@ -883,19 +883,19 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
}
SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.FileAlignment, false);
/*
Get the console flag
Get the console flag
*/
if(PEHeader64->OptionalHeader.Subsystem == IMAGE_SUBSYSTEM_WINDOWS_CUI)
{
myFileStatusInfo.FileIsConsole = true;
}
/*
Export and relocation checks [for DLL and EXE]
Export and relocation checks [for DLL and EXE]
*/
if(PEHeader64->FileHeader.Characteristics & 0x2000)
{
/*
Export table check
Export table check
*/
FileIsDLL = true;
myFileStatusInfo.FileIsDLL = true;
@ -995,7 +995,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
myFileStatusInfo.ExportTable = UE_FIELD_NOT_PRESET;
}
/*
Relocation table check
Relocation table check
*/
if(PEHeader64->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_BASERELOC && PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress != NULL)
{
@ -1050,7 +1050,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
else
{
/*
Export table check
Export table check
*/
if(PEHeader64->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_EXPORT && PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress != NULL)
{
@ -1096,7 +1096,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
myFileStatusInfo.ExportTable = UE_FIELD_NOT_PRESET;
}
/*
Relocation table check
Relocation table check
*/
if(PEHeader64->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_BASERELOC && PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress != NULL)
{
@ -1120,7 +1120,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
}
}
/*
Import table check
Import table check
*/
if(PEHeader64->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_IMPORT && PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress != NULL)
{
@ -1259,7 +1259,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
myFileStatusInfo.ImportTable = UE_FIELD_NOT_PRESET;
}
/*
TLS table check
TLS table check
*/
if(PEHeader64->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_TLS && PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress != NULL)
{
@ -1318,7 +1318,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
myFileStatusInfo.TLSTable = UE_FIELD_NOT_PRESET;
}
/*
Load config table check
Load config table check
*/
if(PEHeader64->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG && PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG].VirtualAddress != NULL)
{
@ -1341,7 +1341,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
}
SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.LoadConfigTable, false);
/*
Bound import table check
Bound import table check
*/
if(PEHeader64->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT && PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT].VirtualAddress != NULL)
{
@ -1380,7 +1380,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
}
SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.BoundImportTable, false);
/*
IAT check
IAT check
*/
if(PEHeader64->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_IAT && PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IAT].VirtualAddress != NULL)
{
@ -1403,7 +1403,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
}
SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.IATTable, false);
/*
COM header check
COM header check
*/
if(PEHeader64->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR && PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR].VirtualAddress != NULL)
{
@ -1426,7 +1426,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
}
SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.COMHeaderTable, false);
/*
Resource header check
Resource header check
*/
if(PEHeader64->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_RESOURCE && PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_RESOURCE].VirtualAddress != NULL)
{
@ -1472,7 +1472,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
myFileStatusInfo.ResourceTable = UE_FIELD_NOT_PRESET;
}
/*
Section check
Section check
*/
PESections = IMAGE_FIRST_SECTION(PEHeader64);
NumberOfSections = PEHeader64->FileHeader.NumberOfSections;
@ -1509,7 +1509,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.SizeOfImage, true);
SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.SectionTable, true);
/*
Entry point check
Entry point check
*/
SectionNumber = GetPE32SectionNumberFromVA(FileMapVA, PEHeader64->OptionalHeader.AddressOfEntryPoint + (ULONG_PTR)PEHeader64->OptionalHeader.ImageBase);
if(SectionNumber != -1)
@ -1539,7 +1539,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
}
SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.EntryPoint, true);
/*
Return data
Return data
*/
if(FileStatusInfo != NULL)
{
@ -1590,7 +1590,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileEx(char* szFileName, LPVOID
if(szFileName != NULL)
{
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return(FixBrokenPE32FileExW(uniFileName, FileStatusInfo, FileFixInfo));
}
else
@ -1643,7 +1643,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
if(myFileStatusInfo == NULL) //here check for myfilestrus..ah lol, youre right
{
myFileStatusInfo=(PFILE_STATUS_INFO)&filestatusinfo;
myFileStatusInfo = (PFILE_STATUS_INFO)&filestatusinfo;
IsPE32FileValidExW(szFileName, UE_DEPTH_DEEP, myFileStatusInfo);
}
if(myFileFixInfo->FileFixPerformed == false && myFileStatusInfo->OveralEvaluation == UE_RESULT_FILE_INVALID_BUT_FIXABLE)
@ -1702,7 +1702,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
if(!FileIs64)
{
/*
x86 Surface check
x86 Surface check
*/
__try
{
@ -1715,7 +1715,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
CorrectedImageSize = ((PEHeader32->OptionalHeader.SizeOfImage / PEHeader32->OptionalHeader.SectionAlignment) + 1) * PEHeader32->OptionalHeader.SectionAlignment;
}
/*
Fixing import table
Fixing import table
*/
if(myFileStatusInfo->MissingDeclaredAPIs)
{
@ -1824,7 +1824,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
}
}
/*
Fixing Export table
Fixing Export table
*/
if(myFileStatusInfo->ExportTable == UE_FIELD_NOT_PRESET_WARNING)
{
@ -1889,7 +1889,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
}
}
/*
Fixing Relocation table
Fixing Relocation table
*/
if(myFileStatusInfo->FileIsDLL == true && myFileStatusInfo->RelocationTable == UE_FIELD_BROKEN_NON_FIXABLE)
{
@ -1981,7 +1981,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
FileFixed = false;
}
/*
Fixing Resource table
Fixing Resource table
*/
if(myFileFixInfo->DontFixResources == false && myFileStatusInfo->ResourceData != UE_FIELD_OK && myFileStatusInfo->ResourceData != UE_FIELD_NOT_PRESET)
{
@ -2018,7 +2018,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
}
}
/*
Fixing TLS table
Fixing TLS table
*/
if(myFileFixInfo->DontFixTLS == false && myFileStatusInfo->TLSTable != UE_FIELD_OK && myFileStatusInfo->TLSTable != UE_FIELD_NOT_PRESET)
{
@ -2095,7 +2095,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
}
}
/*
Fix Load config table
Fix Load config table
*/
if(myFileFixInfo->DontFixLoadConfig == false && myFileStatusInfo->LoadConfigTable != UE_FIELD_OK && myFileStatusInfo->LoadConfigTable != UE_FIELD_NOT_PRESET)
{
@ -2124,7 +2124,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
}
}
/*
Fix Bound import table
Fix Bound import table
*/
if(myFileFixInfo->DontFixBoundImports == false && myFileStatusInfo->BoundImportTable != UE_FIELD_OK && myFileStatusInfo->BoundImportTable != UE_FIELD_NOT_PRESET)
{
@ -2153,7 +2153,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
}
}
/*
Fix IAT
Fix IAT
*/
if(myFileFixInfo->DontFixIAT == false && myFileStatusInfo->IATTable != UE_FIELD_OK && myFileStatusInfo->IATTable != UE_FIELD_NOT_PRESET)
{
@ -2182,7 +2182,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
}
}
/*
Fix COM header
Fix COM header
*/
if(myFileFixInfo->DontFixCOM == false && myFileStatusInfo->COMHeaderTable != UE_FIELD_OK && myFileStatusInfo->COMHeaderTable != UE_FIELD_NOT_PRESET)
{
@ -2211,7 +2211,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
}
}
/*
Fix sections and SizeOfImage
Fix sections and SizeOfImage
*/
if(myFileStatusInfo->SectionTable != UE_FIELD_OK || myFileStatusInfo->SizeOfImage != UE_FIELD_OK)
{
@ -2252,7 +2252,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
}
}
/*
Entry point check
Entry point check
*/
if(myFileStatusInfo->EntryPoint != UE_FIELD_OK)
{
@ -2275,7 +2275,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
}
}
/*
Fix end
Fix end
*/
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
if(FileFixed)
@ -2295,7 +2295,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
else
{
/*
x64 Surface check
x64 Surface check
*/
__try
{
@ -2308,7 +2308,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
CorrectedImageSize = ((PEHeader64->OptionalHeader.SizeOfImage / PEHeader64->OptionalHeader.SectionAlignment) + 1) * PEHeader64->OptionalHeader.SectionAlignment;
}
/*
Fixing import table
Fixing import table
*/
if(myFileStatusInfo->MissingDeclaredAPIs)
{
@ -2417,7 +2417,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
}
}
/*
Fixing Export table
Fixing Export table
*/
if(myFileStatusInfo->ExportTable == UE_FIELD_NOT_PRESET_WARNING)
{
@ -2482,7 +2482,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
}
}
/*
Fixing Relocation table
Fixing Relocation table
*/
if(myFileStatusInfo->FileIsDLL == true && myFileStatusInfo->RelocationTable == UE_FIELD_BROKEN_NON_FIXABLE)
{
@ -2574,7 +2574,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
FileFixed = false;
}
/*
Fixing Resource table
Fixing Resource table
*/
if(myFileFixInfo->DontFixResources == false && myFileStatusInfo->ResourceData != UE_FIELD_OK && myFileStatusInfo->ResourceData != UE_FIELD_NOT_PRESET)
{
@ -2611,7 +2611,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
}
}
/*
Fixing TLS table
Fixing TLS table
*/
if(myFileFixInfo->DontFixTLS == false && myFileStatusInfo->TLSTable != UE_FIELD_OK && myFileStatusInfo->TLSTable != UE_FIELD_NOT_PRESET)
{
@ -2688,7 +2688,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
}
}
/*
Fix Load config table
Fix Load config table
*/
if(myFileFixInfo->DontFixLoadConfig == false && myFileStatusInfo->LoadConfigTable != UE_FIELD_OK && myFileStatusInfo->LoadConfigTable != UE_FIELD_NOT_PRESET)
{
@ -2717,7 +2717,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
}
}
/*
Fix Bound import table
Fix Bound import table
*/
if(myFileFixInfo->DontFixBoundImports == false && myFileStatusInfo->BoundImportTable != UE_FIELD_OK && myFileStatusInfo->BoundImportTable != UE_FIELD_NOT_PRESET)
{
@ -2746,7 +2746,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
}
}
/*
Fix IAT
Fix IAT
*/
if(myFileFixInfo->DontFixIAT == false && myFileStatusInfo->IATTable != UE_FIELD_OK && myFileStatusInfo->IATTable != UE_FIELD_NOT_PRESET)
{
@ -2775,7 +2775,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
}
}
/*
Fix COM header
Fix COM header
*/
if(myFileFixInfo->DontFixCOM == false && myFileStatusInfo->COMHeaderTable != UE_FIELD_OK && myFileStatusInfo->COMHeaderTable != UE_FIELD_NOT_PRESET)
{
@ -2804,7 +2804,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
}
}
/*
Fix sections and SizeOfImage
Fix sections and SizeOfImage
*/
if(myFileStatusInfo->SectionTable != UE_FIELD_OK || myFileStatusInfo->SizeOfImage != UE_FIELD_OK)
{
@ -2845,7 +2845,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
}
}
/*
Entry point check
Entry point check
*/
if(myFileStatusInfo->EntryPoint != UE_FIELD_OK)
{
@ -2868,7 +2868,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
}
}
/*
Fix end
Fix end
*/
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
if(FileFixed)

18
TitanEngine/TitanEngine.PE.Overlay.cpp
View File

@ -14,7 +14,7 @@ __declspec(dllexport) bool TITCALL FindOverlay(char* szFileName, LPDWORD Overlay
if(szFileName != NULL)
{
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return(FindOverlayW(uniFileName, OverlayStart, OverlaySize));
}
else
@ -156,8 +156,8 @@ __declspec(dllexport) bool TITCALL ExtractOverlay(char* szFileName, char* szExta
if(szFileName != NULL && szExtactedFileName != NULL)
{
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szExtactedFileName, lstrlenA(szExtactedFileName)+1, uniExtactedFileName, sizeof(uniExtactedFileName)/(sizeof(uniExtactedFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szExtactedFileName, lstrlenA(szExtactedFileName) + 1, uniExtactedFileName, sizeof(uniExtactedFileName) / (sizeof(uniExtactedFileName[0])));
return(ExtractOverlayW(uniFileName, uniExtactedFileName));
}
else
@ -241,8 +241,8 @@ __declspec(dllexport) bool TITCALL AddOverlay(char* szFileName, char* szOverlayF
if(szFileName != NULL && szOverlayFileName != NULL)
{
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szOverlayFileName, lstrlenA(szOverlayFileName)+1, uniOverlayFileName, sizeof(uniOverlayFileName)/(sizeof(uniOverlayFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szOverlayFileName, lstrlenA(szOverlayFileName) + 1, uniOverlayFileName, sizeof(uniOverlayFileName) / (sizeof(uniOverlayFileName[0])));
return(AddOverlayW(uniFileName, uniOverlayFileName));
}
else
@ -261,7 +261,7 @@ __declspec(dllexport) bool TITCALL AddOverlayW(wchar_t* szFileName, wchar_t* szO
DWORD uedNumberOfBytesRead = 0;
char ueReadBuffer[0x2000] = {0};
hFile = CreateFileW(szFileName, GENERIC_READ+GENERIC_WRITE, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
hFile = CreateFileW(szFileName, GENERIC_READ + GENERIC_WRITE, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
if(hFile != INVALID_HANDLE_VALUE)
{
hFileRead = CreateFileW(szOverlayFileName, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
@ -323,8 +323,8 @@ __declspec(dllexport) bool TITCALL CopyOverlay(char* szInFileName, char* szOutFi
if(szInFileName != NULL && szOutFileName != NULL)
{
MultiByteToWideChar(CP_ACP, NULL, szInFileName, lstrlenA(szInFileName)+1, uniInFileName, sizeof(uniInFileName)/(sizeof(uniInFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szOutFileName, lstrlenA(szOutFileName)+1, uniOutFileName, sizeof(uniOutFileName)/(sizeof(uniOutFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szInFileName, lstrlenA(szInFileName) + 1, uniInFileName, sizeof(uniInFileName) / (sizeof(uniInFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szOutFileName, lstrlenA(szOutFileName) + 1, uniOutFileName, sizeof(uniOutFileName) / (sizeof(uniOutFileName[0])));
return(CopyOverlayW(uniInFileName, uniOutFileName));
}
else
@ -359,7 +359,7 @@ __declspec(dllexport) bool TITCALL RemoveOverlay(char* szFileName)
if(szFileName != NULL)
{
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return(RemoveOverlayW(uniFileName));
}
else

22
TitanEngine/TitanEngine.PE.Section.cpp
View File

@ -12,8 +12,8 @@ __declspec(dllexport) bool TITCALL ExtractSection(char* szFileName, char* szDump
if(szFileName != NULL && szDumpFileName != NULL)
{
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szDumpFileName, lstrlenA(szDumpFileName)+1, uniDumpFileName, sizeof(uniDumpFileName)/(sizeof(uniDumpFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szDumpFileName, lstrlenA(szDumpFileName) + 1, uniDumpFileName, sizeof(uniDumpFileName) / (sizeof(uniDumpFileName[0])));
return(ExtractSectionW(uniFileName, uniDumpFileName, SectionNumber));
}
else
@ -130,7 +130,7 @@ __declspec(dllexport) bool TITCALL ResortFileSections(char* szFileName)
if(szFileName != NULL)
{
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return(ResortFileSectionsW(uniFileName));
}
else
@ -346,7 +346,7 @@ __declspec(dllexport) bool TITCALL MakeAllSectionsRWE(char* szFileName)
if(szFileName != NULL)
{
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return(MakeAllSectionsRWEW(uniFileName));
}
else
@ -500,7 +500,7 @@ __declspec(dllexport) long TITCALL AddNewSectionEx(char* szFileName, char* szSec
if(szFileName != NULL)
{
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return(AddNewSectionExW(uniFileName, szSectionName, SectionSize, SectionAttributes, SectionContent, ContentSize));
}
else
@ -706,7 +706,7 @@ __declspec(dllexport) long TITCALL AddNewSectionExW(wchar_t* szFileName, char* s
PESections = IMAGE_FIRST_SECTION(PEHeader32);
SectionNumber = PEHeader32->FileHeader.NumberOfSections;
PEHeader32->FileHeader.NumberOfSections = PEHeader32->FileHeader.NumberOfSections + 1;
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + (SectionNumber - 1)* IMAGE_SIZEOF_SECTION_HEADER);
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + (SectionNumber - 1) * IMAGE_SIZEOF_SECTION_HEADER);
NewSectionVirtualOffset = PESections->VirtualAddress + (PESections->Misc.VirtualSize / PEHeader32->OptionalHeader.SectionAlignment) * PEHeader32->OptionalHeader.SectionAlignment;
if(NewSectionVirtualOffset < PESections->VirtualAddress + PESections->Misc.VirtualSize)
{
@ -788,7 +788,7 @@ __declspec(dllexport) long TITCALL AddNewSectionExW(wchar_t* szFileName, char* s
PESections = IMAGE_FIRST_SECTION(PEHeader64);
SectionNumber = PEHeader64->FileHeader.NumberOfSections;
PEHeader32->FileHeader.NumberOfSections = PEHeader32->FileHeader.NumberOfSections + 1;
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + (SectionNumber - 1)* IMAGE_SIZEOF_SECTION_HEADER);
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + (SectionNumber - 1) * IMAGE_SIZEOF_SECTION_HEADER);
NewSectionVirtualOffset = PESections->VirtualAddress + (PESections->Misc.VirtualSize / PEHeader64->OptionalHeader.SectionAlignment) * PEHeader64->OptionalHeader.SectionAlignment;
if(NewSectionVirtualOffset < PESections->VirtualAddress + PESections->Misc.VirtualSize)
{
@ -883,7 +883,7 @@ __declspec(dllexport) bool TITCALL ResizeLastSection(char* szFileName, DWORD Num
if(szFileName != NULL)
{
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return(ResizeLastSectionW(uniFileName, NumberOfExpandBytes, AlignResizeData));
}
else
@ -1101,7 +1101,7 @@ __declspec(dllexport) bool TITCALL DeleteLastSection(char* szFileName)
if(szFileName != NULL)
{
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return(DeleteLastSectionW(uniFileName));
}
else
@ -1289,7 +1289,7 @@ __declspec(dllexport) bool TITCALL WipeSection(char* szFileName, int WipeSection
if(szFileName != NULL)
{
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return(WipeSectionW(uniFileName, WipeSectionNumber, RemovePhysically));
}
else
@ -1340,7 +1340,7 @@ __declspec(dllexport) bool TITCALL WipeSectionW(wchar_t* szFileName, int WipeSec
DOSHeader = (PIMAGE_DOS_HEADER)FileMapVA;
if(EngineValidateHeader(FileMapVA, FileHandle, NULL, DOSHeader, true))
{
ULONG_PTR WipeRawSize=GetPE32DataFromMappedFile(FileMapVA, SectionNumber, UE_SECTIONRAWSIZE);
ULONG_PTR WipeRawSize = GetPE32DataFromMappedFile(FileMapVA, SectionNumber, UE_SECTIONRAWSIZE);
if(!WipeRawSize)
RemovePhysically = false;
PEHeader32 = (PIMAGE_NT_HEADERS32)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);

2
TitanEngine/TitanEngine.PE.cpp
View File

@ -10,7 +10,7 @@ __declspec(dllexport) bool TITCALL PastePEHeader(HANDLE hProcess, LPVOID ImageBa
if(szDebuggedFileName != NULL)
{
MultiByteToWideChar(CP_ACP, NULL, szDebuggedFileName, lstrlenA(szDebuggedFileName)+1, uniDebuggedFileName, sizeof(uniDebuggedFileName)/(sizeof(uniDebuggedFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szDebuggedFileName, lstrlenA(szDebuggedFileName) + 1, uniDebuggedFileName, sizeof(uniDebuggedFileName) / (sizeof(uniDebuggedFileName[0])));
return(PastePEHeaderW(hProcess, ImageBase, uniDebuggedFileName));
}
else

12
TitanEngine/TitanEngine.Process.cpp
View File

@ -28,7 +28,7 @@ __declspec(dllexport) long TITCALL GetActiveProcessIdW(wchar_t* szImageName)
wchar_t szProcessPath[1024] = {};
DWORD cbNeeded = NULL;
HANDLE hProcess;
wchar_t * nameOnly = 0;
wchar_t* nameOnly = 0;
if(EnumProcesses(bProcessId, sizeof(bProcessId), &cbNeeded))
{
@ -45,15 +45,15 @@ __declspec(dllexport) long TITCALL GetActiveProcessIdW(wchar_t* szImageName)
lstrcpyW(szProcessPath, szTranslatedProcName);
VirtualFree((void*)szTranslatedProcName, NULL, MEM_RELEASE);
EngineCloseHandle(hProcess);
if(_wcsicmp(szProcessPath, szImageName) == 0)
{
return(bProcessId[i]);
}
else
else
{
nameOnly = wcsrchr(szProcessPath, L'\\');
if (nameOnly)
if(nameOnly)
{
nameOnly++;
if(_wcsicmp(nameOnly, szImageName) == 0)
@ -79,7 +79,7 @@ __declspec(dllexport) void TITCALL EnumProcessesWithLibrary(char* szLibraryName,
int i;
int j;
typedef void(TITCALL *fEnumFunction)(DWORD ProcessId, HMODULE ModuleBaseAddress);
typedef void(TITCALL * fEnumFunction)(DWORD ProcessId, HMODULE ModuleBaseAddress);
fEnumFunction myEnumFunction = (fEnumFunction)EnumFunction;
HMODULE EnumeratedModules[1024] = {0};
DWORD bProcessId[1024] = {0};
@ -96,7 +96,7 @@ __declspec(dllexport) void TITCALL EnumProcessesWithLibrary(char* szLibraryName,
{
if(bProcessId[i] != NULL)
{
hProcess = EngineOpenProcess(PROCESS_VM_READ|PROCESS_QUERY_INFORMATION, 0, bProcessId[i]);
hProcess = EngineOpenProcess(PROCESS_VM_READ | PROCESS_QUERY_INFORMATION, 0, bProcessId[i]);
if(hProcess != NULL)
{
RtlZeroMemory(EnumeratedModules, sizeof(EnumeratedModules));

2
TitanEngine/TitanEngine.Realigner.cpp
View File

@ -220,7 +220,7 @@ __declspec(dllexport) long TITCALL RealignPEEx(char* szFileName, DWORD RealingFi
if(szFileName != NULL)
{
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return(RealignPEExW(uniFileName, RealingFileSize, ForcedFileAlignment));
}
else

10
TitanEngine/TitanEngine.Relocator.cpp
View File

@ -185,7 +185,7 @@ __declspec(dllexport) bool TITCALL RelocaterExportRelocationEx(char* szFileName,
if(szFileName != NULL)
{
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return(RelocaterExportRelocationExW(uniFileName, szSectionName));
}
else
@ -319,8 +319,8 @@ __declspec(dllexport) bool TITCALL RelocaterCompareTwoSnapshots(HANDLE hProcess,
if(szDumpFile1 != NULL && szDumpFile2 != NULL)
{
MultiByteToWideChar(CP_ACP, NULL, szDumpFile1, lstrlenA(szDumpFile1)+1, uniDumpFile1, sizeof(uniDumpFile1)/(sizeof(uniDumpFile1[0])));
MultiByteToWideChar(CP_ACP, NULL, szDumpFile2, lstrlenA(szDumpFile2)+1, uniDumpFile2, sizeof(uniDumpFile2)/(sizeof(uniDumpFile2[0])));
MultiByteToWideChar(CP_ACP, NULL, szDumpFile1, lstrlenA(szDumpFile1) + 1, uniDumpFile1, sizeof(uniDumpFile1) / (sizeof(uniDumpFile1[0])));
MultiByteToWideChar(CP_ACP, NULL, szDumpFile2, lstrlenA(szDumpFile2) + 1, uniDumpFile2, sizeof(uniDumpFile2) / (sizeof(uniDumpFile2[0])));
return(RelocaterCompareTwoSnapshotsW(hProcess, LoadedImageBase, NtSizeOfImage, uniDumpFile1, uniDumpFile2, MemStart));
}
else
@ -450,7 +450,7 @@ __declspec(dllexport) bool TITCALL RelocaterChangeFileBase(char* szFileName, ULO
if(szFileName != NULL)
{
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return(RelocaterChangeFileBaseW(uniFileName, NewImageBase));
}
else
@ -733,7 +733,7 @@ __declspec(dllexport) bool TITCALL RelocaterWipeRelocationTable(char* szFileName
if(szFileName != NULL)
{
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return(RelocaterWipeRelocationTableW(uniFileName));
}
else

14
TitanEngine/TitanEngine.Resourcer.cpp
View File

@ -115,10 +115,10 @@ __declspec(dllexport) bool TITCALL ResourcerFindResource(char* szFileName, char*
if(szFileName != NULL)
{
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
if(szResourceName != NULL)
{
MultiByteToWideChar(CP_ACP, NULL, szResourceName, lstrlenA(szResourceName)+1, uniResourceName, sizeof(uniResourceName)/(sizeof(uniResourceName[0])));
MultiByteToWideChar(CP_ACP, NULL, szResourceName, lstrlenA(szResourceName) + 1, uniResourceName, sizeof(uniResourceName) / (sizeof(uniResourceName[0])));
}
else
{
@ -126,7 +126,7 @@ __declspec(dllexport) bool TITCALL ResourcerFindResource(char* szFileName, char*
}
if(szResourceType != NULL)
{
MultiByteToWideChar(CP_ACP, NULL, szResourceType, lstrlenA(szResourceType)+1, uniResourceType, sizeof(uniResourceType)/(sizeof(uniResourceType[0])));
MultiByteToWideChar(CP_ACP, NULL, szResourceType, lstrlenA(szResourceType) + 1, uniResourceType, sizeof(uniResourceType) / (sizeof(uniResourceType[0])));
}
else
{
@ -168,7 +168,7 @@ __declspec(dllexport) bool TITCALL ResourcerFindResourceW(wchar_t* szFileName, w
__declspec(dllexport) bool TITCALL ResourcerFindResourceEx(ULONG_PTR FileMapVA, DWORD FileSize, wchar_t* szResourceType, DWORD ResourceType, wchar_t* szResourceName, DWORD ResourceName, DWORD ResourceLanguage, PULONG_PTR pResourceData, LPDWORD pResourceSize)
{
int i,j,n;
int i, j, n;
wchar_t* uniResourceName;
wchar_t* uniResourceType;
PIMAGE_RESOURCE_DIRECTORY PEResource;
@ -255,7 +255,7 @@ __declspec(dllexport) void TITCALL ResourcerEnumerateResource(char* szFileName,
if(szFileName != NULL)
{
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
ResourcerEnumerateResourceW(uniFileName, CallBack);
}
}
@ -278,7 +278,7 @@ __declspec(dllexport) void TITCALL ResourcerEnumerateResourceW(wchar_t* szFileNa
__declspec(dllexport) void TITCALL ResourcerEnumerateResourceEx(ULONG_PTR FileMapVA, DWORD FileSize, void* CallBack)
{
int i,j,n;
int i, j, n;
wchar_t* uniResourceName;
wchar_t* uniResourceType;
PIMAGE_RESOURCE_DIRECTORY PEResource;
@ -289,7 +289,7 @@ __declspec(dllexport) void TITCALL ResourcerEnumerateResourceEx(ULONG_PTR FileMa
PIMAGE_RESOURCE_DIRECTORY PESubResourcePtr2;
PIMAGE_RESOURCE_DIRECTORY_ENTRY PEResourceDir2;
PIMAGE_RESOURCE_DATA_ENTRY PEResourceItem;
typedef bool(TITCALL *fResourceEnumerator)(wchar_t* szResourceType, DWORD ResourceType, wchar_t* szResourceName, DWORD ResourceName, DWORD ResourceLanguage, DWORD ResourceData, DWORD ResourceSize);
typedef bool(TITCALL * fResourceEnumerator)(wchar_t* szResourceType, DWORD ResourceType, wchar_t* szResourceName, DWORD ResourceName, DWORD ResourceLanguage, DWORD ResourceData, DWORD ResourceSize);
fResourceEnumerator myResourceEnumerator = (fResourceEnumerator)CallBack;
__try

18
TitanEngine/TitanEngine.Static.cpp
View File

@ -62,7 +62,7 @@ __declspec(dllexport) bool TITCALL StaticFileUnload(char* szFileName, bool Commi
if(szFileName != NULL)
{
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return(StaticFileUnloadW(uniFileName, CommitChanges, FileHandle, LoadedSize, FileMap, FileMapVA));
}
else
@ -183,7 +183,7 @@ __declspec(dllexport) bool TITCALL StaticFileOpen(char* szFileName, DWORD Desire
if(szFileName != NULL)
{
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return StaticFileOpenW(uniFileName, DesiredAccess, FileHandle, FileSizeLow, FileSizeHigh);
}
@ -251,7 +251,7 @@ __declspec(dllexport) void TITCALL StaticMemoryDecrypt(LPVOID MemoryStart, DWORD
ULONG64 DataQword = NULL;
//ignore too big stuff
if(DecryptionKeySize>sizeof(ULONG_PTR))
if(DecryptionKeySize > sizeof(ULONG_PTR))
return;
if(MemoryStart != NULL && MemorySize > NULL)
@ -349,7 +349,7 @@ __declspec(dllexport) void TITCALL StaticMemoryDecrypt(LPVOID MemoryStart, DWORD
__declspec(dllexport) void TITCALL StaticMemoryDecryptEx(LPVOID MemoryStart, DWORD MemorySize, DWORD DecryptionKeySize, void* DecryptionCallBack)
{
DWORD LoopCount = NULL;
typedef bool(TITCALL *fStaticCallBack)(void* sMemoryStart, int sKeySize);
typedef bool(TITCALL * fStaticCallBack)(void* sMemoryStart, int sKeySize);
fStaticCallBack myStaticCallBack = (fStaticCallBack)DecryptionCallBack;
if(MemoryStart != NULL && MemorySize > NULL)
@ -377,7 +377,7 @@ __declspec(dllexport) void TITCALL StaticMemoryDecryptEx(LPVOID MemoryStart, DWO
__declspec(dllexport) void TITCALL StaticMemoryDecryptSpecial(LPVOID MemoryStart, DWORD MemorySize, DWORD DecryptionKeySize, DWORD SpecDecryptionType, void* DecryptionCallBack)
{
DWORD LoopCount = NULL;
typedef bool(TITCALL *fStaticCallBack)(void* sMemoryStart, int sKeySize);
typedef bool(TITCALL * fStaticCallBack)(void* sMemoryStart, int sKeySize);
fStaticCallBack myStaticCallBack = (fStaticCallBack)DecryptionCallBack;
if(MemoryStart != NULL && MemorySize > NULL)
@ -463,7 +463,7 @@ __declspec(dllexport) bool TITCALL StaticRawMemoryCopy(HANDLE hFile, ULONG_PTR F
if(szDumpFileName != NULL)
{
MultiByteToWideChar(CP_ACP, NULL, szDumpFileName, lstrlenA(szDumpFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szDumpFileName, lstrlenA(szDumpFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return(StaticRawMemoryCopyW(hFile, FileMapVA, VitualAddressToCopy, Size, AddressIsRVA, uniFileName));
}
else
@ -564,7 +564,7 @@ __declspec(dllexport) bool TITCALL StaticRawMemoryCopyEx(HANDLE hFile, DWORD Raw
if(szDumpFileName != NULL)
{
MultiByteToWideChar(CP_ACP, NULL, szDumpFileName, lstrlenA(szDumpFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szDumpFileName, lstrlenA(szDumpFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return(StaticRawMemoryCopyExW(hFile, RawAddressToCopy, Size, uniFileName));
}
else
@ -651,7 +651,7 @@ __declspec(dllexport) bool TITCALL StaticRawMemoryCopyEx64(HANDLE hFile, DWORD64
if(szDumpFileName != NULL)
{
MultiByteToWideChar(CP_ACP, NULL, szDumpFileName, lstrlenA(szDumpFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szDumpFileName, lstrlenA(szDumpFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return StaticRawMemoryCopyEx64W(hFile, RawAddressToCopy, Size, uniFileName);
}
@ -895,7 +895,7 @@ __declspec(dllexport) bool TITCALL StaticHashFile(char* szFileName, char* HashDi
if(szFileName != NULL)
{
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return StaticHashFileW(uniFileName, HashDigest, OutputString, Algorithm);
}

30
TitanEngine/TitanEngine.TLS.cpp
View File

@ -20,7 +20,7 @@ __declspec(dllexport) bool TITCALL TLSBreakOnCallBack(LPVOID ArrayOfCallBacks, D
if(NumberOfCallBacks && EngineIsValidReadPtrEx(ReadArrayOfCallBacks, sizeof(ULONG_PTR)*NumberOfCallBacks) && bpxCallBack)
{
ClearTlsCallBackList(); //clear TLS cb list
for(unsigned int i=0; i<NumberOfCallBacks; i++)
for(unsigned int i = 0; i < NumberOfCallBacks; i++)
tlsCallBackList.push_back(ReadArrayOfCallBacks[i]);
engineTLSBreakOnCallBackAddress = (ULONG_PTR)bpxCallBack;
engineTLSBreakOnCallBack = true;
@ -34,7 +34,7 @@ __declspec(dllexport) bool TITCALL TLSGrabCallBackData(char* szFileName, LPVOID
wchar_t uniFileName[MAX_PATH] = {};
if(szFileName)
{
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return TLSGrabCallBackDataW(uniFileName, ArrayOfCallBacks, NumberOfCallBacks);
}
return false;
@ -45,7 +45,7 @@ __declspec(dllexport) bool TITCALL TLSGrabCallBackDataW(wchar_t* szFileName, LPV
DWORD FileSize;
HANDLE FileMap;
ULONG_PTR FileMapVA;
if(MapFileExW(szFileName, UE_ACCESS_READ, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL))
{
PIMAGE_DOS_HEADER DOSHeader = (PIMAGE_DOS_HEADER)FileMapVA;
@ -187,7 +187,7 @@ __declspec(dllexport) bool TITCALL TLSBreakOnCallBackEx(char* szFileName, LPVOID
wchar_t uniFileName[MAX_PATH] = {};
if(szFileName)
{
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return TLSBreakOnCallBackExW(uniFileName, bpxCallBack);
}
return false;
@ -198,7 +198,7 @@ __declspec(dllexport) bool TITCALL TLSBreakOnCallBackExW(wchar_t* szFileName, LP
DWORD NumberOfCallBacks;
if(TLSGrabCallBackDataW(szFileName, NULL, &NumberOfCallBacks))
{
DynBuf TlsArrayOfCallBacks(NumberOfCallBacks*sizeof(ULONG_PTR));
DynBuf TlsArrayOfCallBacks(NumberOfCallBacks * sizeof(ULONG_PTR));
if(TLSGrabCallBackDataW(szFileName, TlsArrayOfCallBacks.GetPtr(), &NumberOfCallBacks))
{
return TLSBreakOnCallBack(TlsArrayOfCallBacks.GetPtr(), NumberOfCallBacks, bpxCallBack);
@ -212,7 +212,7 @@ __declspec(dllexport) bool TITCALL TLSRemoveCallback(char* szFileName)
wchar_t uniFileName[MAX_PATH] = {};
if(szFileName)
{
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return TLSRemoveCallbackW(uniFileName);
}
return false;
@ -324,7 +324,7 @@ __declspec(dllexport) bool TITCALL TLSRemoveTable(char* szFileName)
wchar_t uniFileName[MAX_PATH] = {};
if(szFileName)
{
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return TLSRemoveTableW(uniFileName);
}
return false;
@ -424,7 +424,7 @@ __declspec(dllexport) bool TITCALL TLSBackupData(char* szFileName)
wchar_t uniFileName[MAX_PATH] = {};
if(szFileName)
{
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return TLSBackupDataW(uniFileName);
}
return false;
@ -580,9 +580,9 @@ __declspec(dllexport) bool TITCALL TLSRestoreData()
if(engineBackupTLSDataX64.AddressOfCallBacks != NULL && engineBackupNumberOfCallBacks != NULL)
{
DynBuf BackupData(sizeof(ULONG_PTR)*engineBackupArrayOfCallBacks.size());
ULONG_PTR* Backup=(ULONG_PTR*)BackupData.GetPtr();
for(unsigned int i=0; i<engineBackupArrayOfCallBacks.size(); i++)
Backup[i]=engineBackupArrayOfCallBacks.at(i);
ULONG_PTR* Backup = (ULONG_PTR*)BackupData.GetPtr();
for(unsigned int i = 0; i < engineBackupArrayOfCallBacks.size(); i++)
Backup[i] = engineBackupArrayOfCallBacks.at(i);
if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)(engineBackupTLSDataX64.AddressOfCallBacks + GetDebuggedFileBaseAddress()), Backup, BackupData.Size(), &ueNumberOfBytesRead))
{
engineBackupTLSAddress = NULL;
@ -603,9 +603,9 @@ __declspec(dllexport) bool TITCALL TLSRestoreData()
if(engineBackupTLSDataX86.AddressOfCallBacks != NULL && engineBackupNumberOfCallBacks != NULL)
{
DynBuf BackupData(sizeof(ULONG_PTR)*engineBackupArrayOfCallBacks.size());
ULONG_PTR* Backup=(ULONG_PTR*)BackupData.GetPtr();
for(unsigned int i=0; i<engineBackupArrayOfCallBacks.size(); i++)
Backup[i]=engineBackupArrayOfCallBacks.at(i);
ULONG_PTR* Backup = (ULONG_PTR*)BackupData.GetPtr();
for(unsigned int i = 0; i < engineBackupArrayOfCallBacks.size(); i++)
Backup[i] = engineBackupArrayOfCallBacks.at(i);
if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)(engineBackupTLSDataX86.AddressOfCallBacks + GetDebuggedFileBaseAddress()), Backup, BackupData.Size(), &ueNumberOfBytesRead))
{
engineBackupTLSAddress = NULL;
@ -698,7 +698,7 @@ __declspec(dllexport) bool TITCALL TLSBuildNewTableEx(char* szFileName, char* sz
wchar_t uniFileName[MAX_PATH] = {};
if(szFileName)
{
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return TLSBuildNewTableExW(uniFileName, szSectionName, ArrayOfCallBacks, NumberOfCallBacks);
}
return false;

96
TitanEngine/TitanEngine.Threader.cpp
View File

@ -5,14 +5,14 @@
#include "Global.Threader.h"
#include "Global.Debugger.h"
void updateThreadList( THREAD_ITEM_DATA* NewThreadData )
void updateThreadList(THREAD_ITEM_DATA* NewThreadData)
{
bool notInList = true;
int count = (int)hListThread.size();
for (int i = 0; i < count; i++)
for(int i = 0; i < count; i++)
{
if (hListThread.at(i).dwThreadId == NewThreadData->dwThreadId)
if(hListThread.at(i).dwThreadId == NewThreadData->dwThreadId)
{
notInList = false;
CloseHandle(NewThreadData->hThread); //handle not needed
@ -28,7 +28,7 @@ void updateThreadList( THREAD_ITEM_DATA* NewThreadData )
}
}
if (notInList)
if(notInList)
{
hListThread.push_back(*NewThreadData);
}
@ -40,27 +40,27 @@ __declspec(dllexport) bool TITCALL ThreaderImportRunningThreadData(DWORD Process
bool updateList = false;
DWORD dwProcessId = 0;
if (ProcessId == NULL && dbgProcessInformation.hProcess != NULL)
if(ProcessId == NULL && dbgProcessInformation.hProcess != NULL)
{
updateList = true;
dwProcessId = GetProcessId(dbgProcessInformation.hProcess);
}
else if (ProcessId != NULL && dbgProcessInformation.hProcess != NULL)
else if(ProcessId != NULL && dbgProcessInformation.hProcess != NULL)
{
updateList = true;
dwProcessId = ProcessId;
}
else if (ProcessId != NULL && dbgProcessInformation.hProcess == NULL)
else if(ProcessId != NULL && dbgProcessInformation.hProcess == NULL)
{
updateList = false;
dwProcessId = ProcessId;
}
else if (ProcessId == NULL && dbgProcessInformation.hProcess == NULL)
else if(ProcessId == NULL && dbgProcessInformation.hProcess == NULL)
{
return false;
}
if (updateList == false)
if(updateList == false)
{
std::vector<THREAD_ITEM_DATA>().swap(hListThread); //clear thread list
}
@ -73,15 +73,15 @@ __declspec(dllexport) bool TITCALL ThreaderImportRunningThreadData(DWORD Process
PSYSTEM_PROCESS_INFORMATION pIter;
PSYSTEM_THREAD_INFORMATION pIterThread;
if (NtQuerySystemInformation(SystemProcessInformation, pBuffer, bufferLength, &retLength) == STATUS_INFO_LENGTH_MISMATCH)
if(NtQuerySystemInformation(SystemProcessInformation, pBuffer, bufferLength, &retLength) == STATUS_INFO_LENGTH_MISMATCH)
{
free(pBuffer);
bufferLength = retLength + sizeof(SYSTEM_PROCESS_INFORMATION);
pBuffer = (PSYSTEM_PROCESS_INFORMATION)malloc(bufferLength);
if (!pBuffer)
if(!pBuffer)
return false;
if (NtQuerySystemInformation(SystemProcessInformation, pBuffer, bufferLength, &retLength) != STATUS_SUCCESS)
if(NtQuerySystemInformation(SystemProcessInformation, pBuffer, bufferLength, &retLength) != STATUS_SUCCESS)
{
return false;
}
@ -95,10 +95,10 @@ __declspec(dllexport) bool TITCALL ThreaderImportRunningThreadData(DWORD Process
while(TRUE)
{
if (pIter->UniqueProcessId == (HANDLE)dwProcessId)
if(pIter->UniqueProcessId == (HANDLE)dwProcessId)
{
pIterThread = &pIter->Threads[0];
for (ULONG i = 0; i < pIter->NumberOfThreads; i++)
for(ULONG i = 0; i < pIter->NumberOfThreads; i++)
{
ZeroMemory(&NewThreadData, sizeof(THREAD_ITEM_DATA));
@ -113,18 +113,18 @@ __declspec(dllexport) bool TITCALL ThreaderImportRunningThreadData(DWORD Process
NewThreadData.dwThreadId = (DWORD)pIterThread->ClientId.UniqueThread;
NewThreadData.hThread = OpenThread(THREAD_ALL_ACCESS, FALSE, NewThreadData.dwThreadId);
if (NewThreadData.hThread)
if(NewThreadData.hThread)
{
NewThreadData.TebAddress = GetTEBLocation(NewThreadData.hThread);
PVOID startAddress = 0;
if (NtQueryInformationThread(NewThreadData.hThread, ThreadQuerySetWin32StartAddress, &startAddress, sizeof(PVOID), NULL) == STATUS_SUCCESS)
if(NtQueryInformationThread(NewThreadData.hThread, ThreadQuerySetWin32StartAddress, &startAddress, sizeof(PVOID), NULL) == STATUS_SUCCESS)
{
NewThreadData.ThreadStartAddress = startAddress;
}
}
if (updateList == false)
if(updateList == false)
{
hListThread.push_back(NewThreadData);
}
@ -139,7 +139,7 @@ __declspec(dllexport) bool TITCALL ThreaderImportRunningThreadData(DWORD Process
break;
}
if (pIter->NextEntryOffset == 0)
if(pIter->NextEntryOffset == 0)
{
break;
}
@ -159,8 +159,8 @@ __declspec(dllexport) void* TITCALL ThreaderGetThreadInfo(HANDLE hThread, DWORD
return NULL;
static THREAD_ITEM_DATA ThreadData;
memset(&ThreadData, 0, sizeof(THREAD_ITEM_DATA));
int threadcount=(int)hListThread.size();
for(int i=0; i<threadcount; i++)
int threadcount = (int)hListThread.size();
for(int i = 0; i < threadcount; i++)
if(hListThread.at(i).hThread == hThread || hListThread.at(i).dwThreadId == ThreadId)
{
memcpy(&ThreadData, &hListThread.at(i), sizeof(THREAD_ITEM_DATA));
@ -171,10 +171,10 @@ __declspec(dllexport) void* TITCALL ThreaderGetThreadInfo(HANDLE hThread, DWORD
__declspec(dllexport) void TITCALL ThreaderEnumThreadInfo(void* EnumCallBack)
{
typedef void(TITCALL *fEnumCallBack)(LPVOID fThreadDetail);
typedef void(TITCALL * fEnumCallBack)(LPVOID fThreadDetail);
fEnumCallBack myEnumCallBack = (fEnumCallBack)EnumCallBack;
int threadcount=(int)hListThread.size();
for(int i=0; i<threadcount; i++)
int threadcount = (int)hListThread.size();
for(int i = 0; i < threadcount; i++)
{
__try
{
@ -189,8 +189,8 @@ __declspec(dllexport) void TITCALL ThreaderEnumThreadInfo(void* EnumCallBack)
__declspec(dllexport) bool TITCALL ThreaderPauseThread(HANDLE hThread)
{
int threadcount=(int)hListThread.size();
for(int i=0; i<threadcount; i++)
int threadcount = (int)hListThread.size();
for(int i = 0; i < threadcount; i++)
if(hListThread.at(i).hThread == hThread && SuspendThread(hThread) != -1)
return true;
return false;
@ -198,8 +198,8 @@ __declspec(dllexport) bool TITCALL ThreaderPauseThread(HANDLE hThread)
__declspec(dllexport) bool TITCALL ThreaderResumeThread(HANDLE hThread)
{
int threadcount=(int)hListThread.size();
for(int i=0; i<threadcount; i++)
int threadcount = (int)hListThread.size();
for(int i = 0; i < threadcount; i++)
if(hListThread.at(i).hThread == hThread && ResumeThread(hThread) != -1)
return true;
return false;
@ -207,11 +207,11 @@ __declspec(dllexport) bool TITCALL ThreaderResumeThread(HANDLE hThread)
__declspec(dllexport) bool TITCALL ThreaderTerminateThread(HANDLE hThread, DWORD ThreadExitCode)
{
int threadcount=(int)hListThread.size();
for(int i=0; i<threadcount; i++)
int threadcount = (int)hListThread.size();
for(int i = 0; i < threadcount; i++)
if(hListThread.at(i).hThread == hThread && TerminateThread(hThread, ThreadExitCode) != NULL)
{
hListThread.erase(hListThread.begin()+i);
hListThread.erase(hListThread.begin() + i);
return true;
}
return false;
@ -219,34 +219,34 @@ __declspec(dllexport) bool TITCALL ThreaderTerminateThread(HANDLE hThread, DWORD
__declspec(dllexport) bool TITCALL ThreaderPauseAllThreads(bool LeaveMainRunning)
{
bool ret=true;
int threadcount=(int)hListThread.size();
for(int i=0; i<threadcount; i++)
bool ret = true;
int threadcount = (int)hListThread.size();
for(int i = 0; i < threadcount; i++)
{
DWORD suspended;
if(LeaveMainRunning && hListThread.at(i).hThread != dbgProcessInformation.hThread)
suspended=SuspendThread(hListThread.at(i).hThread);
suspended = SuspendThread(hListThread.at(i).hThread);
else
suspended=SuspendThread(hListThread.at(i).hThread);
if(suspended==-1)
ret=false;
suspended = SuspendThread(hListThread.at(i).hThread);
if(suspended == -1)
ret = false;
}
return ret;
}
__declspec(dllexport) bool TITCALL ThreaderResumeAllThreads(bool LeaveMainPaused)
{
bool ret=true;
int threadcount=(int)hListThread.size();
for(int i=0; i<threadcount; i++)
bool ret = true;
int threadcount = (int)hListThread.size();
for(int i = 0; i < threadcount; i++)
{
DWORD resumed;
if(LeaveMainPaused && hListThread.at(i).hThread != dbgProcessInformation.hThread)
resumed=ResumeThread(hListThread.at(i).hThread);
resumed = ResumeThread(hListThread.at(i).hThread);
else
resumed=ResumeThread(hListThread.at(i).hThread);
if(resumed==-1)
ret=false;
resumed = ResumeThread(hListThread.at(i).hThread);
if(resumed == -1)
ret = false;
}
return ret;
}
@ -332,8 +332,8 @@ __declspec(dllexport) bool TITCALL ThreaderIsThreadActive(HANDLE hThread)
__declspec(dllexport) bool TITCALL ThreaderIsAnyThreadActive()
{
int threadcount=(int)hListThread.size();
for(int i=0; i<threadcount; i++)
int threadcount = (int)hListThread.size();
for(int i = 0; i < threadcount; i++)
if(ThreaderIsThreadActive(hListThread.at(i).hThread))
return true;
return false;
@ -351,8 +351,8 @@ __declspec(dllexport) bool TITCALL ThreaderExecuteOnlyInjectedThreads()
__declspec(dllexport) ULONG_PTR TITCALL ThreaderGetOpenHandleForThread(DWORD ThreadId)
{
int threadcount=(int)hListThread.size();
for(int i=0; i<threadcount; i++)
int threadcount = (int)hListThread.size();
for(int i = 0; i < threadcount; i++)
if(hListThread.at(i).dwThreadId == ThreadId)
return (ULONG_PTR)hListThread.at(i).hThread;
return 0;

500
TitanEngine/TitanEngine.Tracer.cpp
View File

@ -64,7 +64,7 @@ static ULONG_PTR EngineGlobalTracerHandler1(HANDLE hProcess, ULONG_PTR AddressTo
CurrentInstructionSize = StaticLengthDisassemble((LPVOID)TraceStartAddress);
CurrentNumberOfInstructions++;
/*
Long JUMP (0xE9)
Long JUMP (0xE9)
*/
if(HashInstructions == false && CompareMemory->DataByte[0] == 0xE9 && CurrentInstructionSize == 5)
{
@ -95,7 +95,7 @@ static ULONG_PTR EngineGlobalTracerHandler1(HANDLE hProcess, ULONG_PTR AddressTo
}
}
/*
Near JUMP (0xFF25)
Near JUMP (0xFF25)
*/
}
else if(HashInstructions == false && CompareMemory->DataByte[0] == 0xFF && CompareMemory->DataByte[1] == 0x25 && CurrentInstructionSize == 6)
@ -130,7 +130,7 @@ static ULONG_PTR EngineGlobalTracerHandler1(HANDLE hProcess, ULONG_PTR AddressTo
}
}
/*
PUSH then RET (0x68 ???????? 0xC3)
PUSH then RET (0x68 ???????? 0xC3)
*/
}
else if(HashInstructions == false && CompareMemory->DataByte[0] == 0x68 && CompareMemory->DataByte[5] == 0xC3 && CurrentInstructionSize == 5)
@ -170,7 +170,7 @@ static ULONG_PTR EngineGlobalTracerHandler1(HANDLE hProcess, ULONG_PTR AddressTo
}
}
/*
CALL (0xE8)
CALL (0xE8)
*/
}
else if(HashInstructions == true && CompareMemory->DataByte[0] == 0xE8 && CurrentInstructionSize == 5)
@ -178,14 +178,14 @@ static ULONG_PTR EngineGlobalTracerHandler1(HANDLE hProcess, ULONG_PTR AddressTo
SkipHashing = true;
InstructionHash = EngineHashMemory((char*)&EmptyCall, CurrentInstructionSize, InstructionHash);
/*
PUSH (0x68)
PUSH (0x68)
*/
}
else if(CompareMemory->DataByte[0] == 0x68 && CurrentInstructionSize == 5)
{
LastPushValue = (DWORD)(CompareMemory->DataByte[1] + CompareMemory->DataByte[2] * 0x1000 + CompareMemory->DataByte[3] * 0x100000 + CompareMemory->DataByte[4] * 0x10000000);
/*
ADD BYTE PTR[AL],AL (0x00, 0x00) -> End of page!
ADD BYTE PTR[AL],AL (0x00, 0x00) -> End of page!
*/
}
else if(CompareMemory->DataByte[0] == 0x00 && CurrentInstructionSize == 2)
@ -193,7 +193,7 @@ static ULONG_PTR EngineGlobalTracerHandler1(HANDLE hProcess, ULONG_PTR AddressTo
FoundValidAPI = false;
break;
/*
RET (0xC3)
RET (0xC3)
*/
}
else if(CompareMemory->DataByte[0] == 0xC3 && CurrentInstructionSize == 1)
@ -201,7 +201,7 @@ static ULONG_PTR EngineGlobalTracerHandler1(HANDLE hProcess, ULONG_PTR AddressTo
NumberOfInstructions++;
break;
/*
RET (0xC2)
RET (0xC2)
*/
}
else if(CompareMemory->DataByte[0] == 0xC2 && CurrentInstructionSize == 3)
@ -209,7 +209,7 @@ static ULONG_PTR EngineGlobalTracerHandler1(HANDLE hProcess, ULONG_PTR AddressTo
NumberOfInstructions++;
break;
/*
Short JUMP (0xEB)
Short JUMP (0xEB)
*/
}
else if(CompareMemory->DataByte[0] == 0xEB && CurrentInstructionSize == 2)
@ -217,48 +217,48 @@ static ULONG_PTR EngineGlobalTracerHandler1(HANDLE hProcess, ULONG_PTR AddressTo
TraceStartAddress = TraceStartAddress + CompareMemory->DataByte[1];
SkipThisInstruction = true;
/*
CLC (0xF8)
CLC (0xF8)
*/
}
else if(CompareMemory->DataByte[0] == 0xF8 && CurrentInstructionSize == 1)
{
SkipThisInstruction = true;
/*
STC (0xF9)
STC (0xF9)
*/
}
else if(CompareMemory->DataByte[0] == 0xF9 && CurrentInstructionSize == 1)
{
SkipThisInstruction = true;
/*
NOP (0x90)
NOP (0x90)
*/
}
else if(CompareMemory->DataByte[0] == 0x90 && CurrentInstructionSize == 1)
{
SkipThisInstruction = true;
/*
FNOP (0xD9 0xD0)
FNOP (0xD9 0xD0)
*/
}
else if(CompareMemory->DataByte[0] == 0xD9 && CompareMemory->DataByte[1] == 0xD0 && CurrentInstructionSize == 2)
{
SkipThisInstruction = true;
/*
Multiple MOV
Multiple MOV
*/
}
else if(CompareMemory->DataByte[0] >= 0x8A && CompareMemory->DataByte[0] <= 0x8B)
{
/*
MOV EAX,EAX (0x8B 0xC8)
MOV EAX,EAX (0x8B 0xC8)
*/
if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xC8 && CurrentInstructionSize == 2)
{
SkipThisInstruction = true;
}
/*
MOV EBX,EBX (0x8B 0xC9)
MOV EBX,EBX (0x8B 0xC9)
*/
else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xC9 && CurrentInstructionSize == 2)
{
@ -272,7 +272,7 @@ static ULONG_PTR EngineGlobalTracerHandler1(HANDLE hProcess, ULONG_PTR AddressTo
SkipThisInstruction = true;
}
/*
MOV (0x8B 0xED)
MOV (0x8B 0xED)
*/
else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xED && CurrentInstructionSize == 2)
{
@ -280,7 +280,7 @@ static ULONG_PTR EngineGlobalTracerHandler1(HANDLE hProcess, ULONG_PTR AddressTo
}
/*
MOV (0x8B 0xF6)
MOV (0x8B 0xF6)
*/
else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xF6 && CurrentInstructionSize == 2)
{
@ -301,98 +301,98 @@ static ULONG_PTR EngineGlobalTracerHandler1(HANDLE hProcess, ULONG_PTR AddressTo
SkipThisInstruction = true;
}
/*
MOV EDI,EDI (0x8B 0xFF)
MOV EDI,EDI (0x8B 0xFF)
*/
else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xFF && CurrentNumberOfInstructions != 1 && CurrentInstructionSize == 2)
{
SkipThisInstruction = true;
}
/*
MOV AL,AL (0x8A 0xC0)
MOV AL,AL (0x8A 0xC0)
*/
else if(CompareMemory->DataByte[0] == 0x8A && CompareMemory->DataByte[1] == 0xC0 && CurrentInstructionSize == 2)
{
SkipThisInstruction = true;
}
/*
MOV BL,BL (0x8A 0xDB)
MOV BL,BL (0x8A 0xDB)
*/
else if(CompareMemory->DataByte[0] == 0x8A && CompareMemory->DataByte[1] == 0xDB && CurrentInstructionSize == 2)
{
SkipThisInstruction = true;
}
/*
MOV CL,CL (0x8A 0xC9)
MOV CL,CL (0x8A 0xC9)
*/
else if(CompareMemory->DataByte[0] == 0x8A && CompareMemory->DataByte[1] == 0xC9 && CurrentInstructionSize == 2)
{
SkipThisInstruction = true;
}
/*
MOV (0x8A 0xD2)
MOV (0x8A 0xD2)
*/
else if(CompareMemory->DataByte[0] == 0x8A && CompareMemory->DataByte[1] == 0xD2 && CurrentInstructionSize == 2)
{
SkipThisInstruction = true;
}
/*
MOV (0x8A 0xE4)
MOV (0x8A 0xE4)
*/
else if(CompareMemory->DataByte[0] == 0x8A && CompareMemory->DataByte[1] == 0xE4 && CurrentInstructionSize == 2)
{
SkipThisInstruction = true;
}
/*
MOV (0x8A 0xED)
MOV (0x8A 0xED)
*/
else if(CompareMemory->DataByte[0] == 0x8A && CompareMemory->DataByte[1] == 0xED && CurrentInstructionSize == 2)
{
SkipThisInstruction = true;
}
/*
MOV (0x8A 0xFF)
MOV (0x8A 0xFF)
*/
else if(CompareMemory->DataByte[0] == 0x8A && CompareMemory->DataByte[1] == 0xFF && CurrentInstructionSize == 2)
{
SkipThisInstruction = true;
}
/*
MOV (0x8A 0xF6)
MOV (0x8A 0xF6)
*/
else if(CompareMemory->DataByte[0] == 0x8A && CompareMemory->DataByte[1] == 0xF6 && CurrentInstructionSize == 2)
{
SkipThisInstruction = true;
}
/*
MOV AX,AX (0x8B 0xC0)
MOV AX,AX (0x8B 0xC0)
*/
else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xC0 && CurrentInstructionSize == 2)
{
SkipThisInstruction = true;
}
/*
MOV (0x8B 0xDB)
MOV (0x8B 0xDB)
*/
else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xDB && CurrentInstructionSize == 2)
{
SkipThisInstruction = true;
}
/*
MOV (0x8B 0xC9)
MOV (0x8B 0xC9)
*/
else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xC9 && CurrentInstructionSize == 2)
{
SkipThisInstruction = true;
}
/*
MOV (0x8B 0xF6)
MOV (0x8B 0xF6)
*/
else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xF6 && CurrentInstructionSize == 2)
{
SkipThisInstruction = true;
}
/*
MOV (0x8B 0xED)
MOV (0x8B 0xED)
*/
else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xED && CurrentInstructionSize == 2)
{
@ -400,27 +400,27 @@ static ULONG_PTR EngineGlobalTracerHandler1(HANDLE hProcess, ULONG_PTR AddressTo
}
}
/*
RDTSC (0x0F 0x31)
RDTSC (0x0F 0x31)
*/
else if(CompareMemory->DataByte[0] == 0x0F && CompareMemory->DataByte[1] == 0x31 && CurrentInstructionSize == 2)
{
SkipThisInstruction = true;
/*
CPUID (0x0F 0xA2)
CPUID (0x0F 0xA2)
*/
}
else if(CompareMemory->DataByte[0] == 0x0F && CompareMemory->DataByte[1] == 0xA2 && CurrentInstructionSize == 2)
{
SkipThisInstruction = true;
/*
XCHG EAX,EAX (0x87 0xC0)
XCHG EAX,EAX (0x87 0xC0)
*/
}
else if(CompareMemory->DataByte[0] == 0x87 && CompareMemory->DataByte[1] == 0xC0 && CurrentInstructionSize == 2)
{
SkipThisInstruction = true;
/*
SHL EAX,0 - SHL EDI,0 && SHR EAX,0 - SHR EDI,0
SHL EAX,0 - SHL EDI,0 && SHR EAX,0 - SHR EDI,0
*/
}
else if(CompareMemory->DataByte[0] == 0xC1 && CurrentInstructionSize == 3)
@ -430,7 +430,7 @@ static ULONG_PTR EngineGlobalTracerHandler1(HANDLE hProcess, ULONG_PTR AddressTo
SkipThisInstruction = true;
}
/*
ROR EAX,0 - ROR EDI,0 && ROL EAX,0 - ROL EDI,0
ROR EAX,0 - ROR EDI,0 && ROL EAX,0 - ROL EDI,0
*/
}
else if(CompareMemory->DataByte[0] == 0xC1 && CurrentInstructionSize == 3)
@ -440,7 +440,7 @@ static ULONG_PTR EngineGlobalTracerHandler1(HANDLE hProcess, ULONG_PTR AddressTo
SkipThisInstruction = true;
}
/*
LEA EAX,DWORD PTR[EAX] -> LEA EDI,DWORD PTR[EDI]
LEA EAX,DWORD PTR[EAX] -> LEA EDI,DWORD PTR[EDI]
*/
}
else if(CompareMemory->DataByte[0] == 0x8D && CurrentInstructionSize == 2)
@ -527,7 +527,7 @@ static ULONG_PTR EngineGlobalTracerHandler1(HANDLE hProcess, ULONG_PTR AddressTo
// TitanEngine.Tracer.functions:
__declspec(dllexport) void TITCALL TracerInit()
{
return; // UE 1.5 compatibility mode
return; // UE 1.5 compatibility mode
}
__declspec(dllexport) ULONG_PTR TITCALL TracerLevel1(HANDLE hProcess, ULONG_PTR AddressToTrace)
@ -707,7 +707,7 @@ __declspec(dllexport) ULONG_PTR TITCALL HashTracerLevel1(HANDLE hProcess, ULONG_
__declspec(dllexport) long TITCALL TracerDetectRedirection(HANDLE hProcess, ULONG_PTR AddressToTrace)
{
int i,j;
int i, j;
MEMORY_BASIC_INFORMATION MemInfo;
DWORD KnownRedirectionIndex = NULL;
ULONG_PTR ueNumberOfBytesRead = NULL;
@ -744,224 +744,224 @@ __declspec(dllexport) long TITCALL TracerDetectRedirection(HANDLE hProcess, ULON
cMem = (PMEMORY_CMP_HANDLER)TraceMemory;
if(cMem->DataByte[0] == 0xEB && cMem->DataByte[1] == 0x01 && ((cMem->DataByte[3] >= 0x50 && cMem->DataByte[3] <= 0x5F) || cMem->DataByte[3] == 0x6A || cMem->DataByte[3] == 0x68))
{
KnownRedirectionIndex = NULL; // ; PeX 0.99 fail safe!
KnownRedirectionIndex = NULL; // ; PeX 0.99 fail safe!
}
else if(cMem->DataByte[0] == 0x68 && cMem->DataByte[5] == 0x81 && cMem->DataByte[12] == 0xC3)
{
KnownRedirectionIndex = 1; // ; RLP 0.7.4 & CryptoPeProtector 0.9.x & ACProtect
/* ;$ ==> > 68 904B4013 PUSH 13404B90
;$+5 > 812C24 0A9E589B SUB DWORD PTR SS:[ESP],9B589E0A
;$+C > C3 RET
;$+D > 68 E21554DF PUSH DF5415E2
;$+12 > 813424 B6DCB2A8 XOR DWORD PTR SS:[ESP],A8B2DCB6
;$+19 > C3 RET
;$+1A > 68 34B2C6B1 PUSH B1C6B234
;$+1F > 810424 4A2C21C6 ADD DWORD PTR SS:[ESP],C6212C4A
;$+26 > C3 RET */
KnownRedirectionIndex = 1; // ; RLP 0.7.4 & CryptoPeProtector 0.9.x & ACProtect
/* ;$ ==> > 68 904B4013 PUSH 13404B90
;$+5 > 812C24 0A9E589B SUB DWORD PTR SS:[ESP],9B589E0A
;$+C > C3 RET
;$+D > 68 E21554DF PUSH DF5415E2
;$+12 > 813424 B6DCB2A8 XOR DWORD PTR SS:[ESP],A8B2DCB6
;$+19 > C3 RET
;$+1A > 68 34B2C6B1 PUSH B1C6B234
;$+1F > 810424 4A2C21C6 ADD DWORD PTR SS:[ESP],C6212C4A
;$+26 > C3 RET */
}
else if(cMem->DataByte[0] == 0xFF && cMem->DataByte[1] == 0x25)
{
KnownRedirectionIndex = 2; // ; tELock 0.80 - 0.85
// ;$ ==> >- FF25 48018E00 JMP NEAR DWORD PTR DS:[8E0148]
KnownRedirectionIndex = 2; // ; tELock 0.80 - 0.85
// ;$ ==> >- FF25 48018E00 JMP NEAR DWORD PTR DS:[8E0148]
}
else if((cMem->DataByte[0] == 0xFF && cMem->DataByte[1] == 0x35) || (cMem->DataByte[1] == 0xFF && cMem->DataByte[2] == 0x35) && (cMem->DataByte[8] == 0xC3 || cMem->DataByte[9] == 0xC3))
{
KnownRedirectionIndex = 3; // ; tELock 0.90 - 0.95
/* ;$ ==> > FF35 AE018E00 PUSH DWORD PTR DS:[8E01AE] ; kernel32.InitializeCriticalSection
;$+6 > A8 C3 TEST AL,0C3
;$+8 > C3 RET
;$+9 > F9 STC
;$+A > FF35 B2018E00 PUSH DWORD PTR DS:[8E01B2] ; kernel32.VirtualFree
;$+10 > 80FA C3 CMP DL,0C3
;$+13 > C3 RET */
KnownRedirectionIndex = 3; // ; tELock 0.90 - 0.95
/* ;$ ==> > FF35 AE018E00 PUSH DWORD PTR DS:[8E01AE] ; kernel32.InitializeCriticalSection
;$+6 > A8 C3 TEST AL,0C3
;$+8 > C3 RET
;$+9 > F9 STC
;$+A > FF35 B2018E00 PUSH DWORD PTR DS:[8E01B2] ; kernel32.VirtualFree
;$+10 > 80FA C3 CMP DL,0C3
;$+13 > C3 RET */
}
else if(cMem->DataByte[0] == 0xEB && cMem->DataByte[1] == 0x01 && cMem->DataByte[2] == 0xC9 && cMem->DataByte[3] == 0x60 && cMem->DataByte[4] == 0x0F && cMem->DataByte[5] == 0x31)
{
KnownRedirectionIndex = 8; // ; AlexProtector 1.x
/* ;$ ==> > /EB 01 JMP SHORT 008413F9
;$+2 > |C9 LEAVE
;$+3 > \60 PUSHAD
;$+4 > 0F31 RDTSC
;$+6 > EB 01 JMP SHORT 008413FF
;$+8 > C9 LEAVE
;$+9 > 8BD8 MOV EBX,EAX
;$+B > EB 01 JMP SHORT 00841404
;...
;$+33 > 68 E9B9D477 PUSH USER32.PostQuitMessage
;$+38 > EB 01 JMP SHORT 00841431
;$+3A >- E9 C3EB01E9 JMP E985FFF8 */
KnownRedirectionIndex = 8; // ; AlexProtector 1.x
/* ;$ ==> > /EB 01 JMP SHORT 008413F9
;$+2 > |C9 LEAVE
;$+3 > \60 PUSHAD
;$+4 > 0F31 RDTSC
;$+6 > EB 01 JMP SHORT 008413FF
;$+8 > C9 LEAVE
;$+9 > 8BD8 MOV EBX,EAX
;$+B > EB 01 JMP SHORT 00841404
;...
;$+33 > 68 E9B9D477 PUSH USER32.PostQuitMessage
;$+38 > EB 01 JMP SHORT 00841431
;$+3A >- E9 C3EB01E9 JMP E985FFF8 */
}
else if((cMem->DataByte[0] == 0x0B && cMem->DataByte[1] == 0xC5) || (cMem->DataByte[0] == 0x05 && cMem->DataByte[5] == 0xB8 && cMem->DataByte[10] == 0xEB && cMem->DataByte[11] == 0x02))
{
KnownRedirectionIndex = 5; // ; tELock 0.99 - 1.0 Private!
/* ;008E0122 05 F9DEBE71 ADD EAX,71BEDEF9
;008E0127 B8 28018E00 MOV EAX,8E0128
;008E012C EB 02 JMP SHORT 008E0130
;008E012E CD 20 INT 20
;008E0130 05 18000000 ADD EAX,18
;008E0135 8B00 MOV EAX,DWORD PTR DS:[EAX]
;008E0137 35 22018E00 XOR EAX,8E0122
;008E013C 90 NOP
;008E013D 90 NOP
;008E013E 50 PUSH EAX
;008E013F C3 RET
;
;00850036 13C4 ADC EAX,ESP
;00850038 E8 0A000000 CALL 00850047
;0085003D 90 NOP
;0085003E 1BC2 SBB EAX,EDX
;00850040 E9 09000000 JMP 0085004E
;00850045 1BC3 SBB EAX,EBX
;00850047 83F8 74 CMP EAX,74
;0085004A C3 RET
;0085004B 98 CWDE
;0085004C 33C7 XOR EAX,EDI
;0085004E D6 SALC
;0085004F B8 50008500 MOV EAX,850050
;00850054 EB 02 JMP SHORT 00850058
;00850056 CD 20 INT 20
;00850058 05 18000000 ADD EAX,18
;0085005D 8B00 MOV EAX,DWORD PTR DS:[EAX]
;0085005F 35 36008500 XOR EAX,850036
;00850064 90 NOP
;00850065 90 NOP
;00850066 50 PUSH EAX
;00850067 C3 RET */
KnownRedirectionIndex = 5; // ; tELock 0.99 - 1.0 Private!
/* ;008E0122 05 F9DEBE71 ADD EAX,71BEDEF9
;008E0127 B8 28018E00 MOV EAX,8E0128
;008E012C EB 02 JMP SHORT 008E0130
;008E012E CD 20 INT 20
;008E0130 05 18000000 ADD EAX,18
;008E0135 8B00 MOV EAX,DWORD PTR DS:[EAX]
;008E0137 35 22018E00 XOR EAX,8E0122
;008E013C 90 NOP
;008E013D 90 NOP
;008E013E 50 PUSH EAX
;008E013F C3 RET
;
;00850036 13C4 ADC EAX,ESP
;00850038 E8 0A000000 CALL 00850047
;0085003D 90 NOP
;0085003E 1BC2 SBB EAX,EDX
;00850040 E9 09000000 JMP 0085004E
;00850045 1BC3 SBB EAX,EBX
;00850047 83F8 74 CMP EAX,74
;0085004A C3 RET
;0085004B 98 CWDE
;0085004C 33C7 XOR EAX,EDI
;0085004E D6 SALC
;0085004F B8 50008500 MOV EAX,850050
;00850054 EB 02 JMP SHORT 00850058
;00850056 CD 20 INT 20
;00850058 05 18000000 ADD EAX,18
;0085005D 8B00 MOV EAX,DWORD PTR DS:[EAX]
;0085005F 35 36008500 XOR EAX,850036
;00850064 90 NOP
;00850065 90 NOP
;00850066 50 PUSH EAX
;00850067 C3 RET */
}
else if((cMem->DataByte[0] == 0x13 && cMem->DataByte[1] == 0xC4 && cMem->DataByte[2] == 0xE8) || (cMem->DataByte[0] == 0x83 && cMem->DataByte[3] == 0xE8))
{
KnownRedirectionIndex = 5; // ; tELock 0.99 - 1.0 Private!
KnownRedirectionIndex = 5; // ; tELock 0.99 - 1.0 Private!
}
else if((cMem->DataByte[0] == 0xB8 || cMem->DataByte[0] == 0x1D || cMem->DataByte[0] == 0x0D || cMem->DataByte[0] == 0x2D) && cMem->DataByte[5] == 0xB8 && cMem->DataByte[10] == 0xEB && cMem->DataByte[11] == 0x02)
{
KnownRedirectionIndex = 5; // ; tELock 0.99 - 1.0 Private!
/* ;011F0000 B8 2107F205 MOV EAX,5F20721
;011F0005 B8 06008D00 MOV EAX,8D0006
;011F000A EB 02 JMP SHORT 011F000E
;011F000C CD 20 INT 20
;011F000E 05 18000000 ADD EAX,18
;011F0013 8B00 MOV EAX,DWORD PTR DS:[EAX]
;011F0015 35 00008D00 XOR EAX,8D0000
;011F001A 90 NOP
;011F001B 90 NOP
;011F001C 50 PUSH EAX
;011F001D C3 RET
;
;01360000 1D A508F205 SBB EAX,5F208A5
;01360005 B8 28008D00 MOV EAX,8D0028
;0136000A EB 02 JMP SHORT 0136000E
;0136000C CD 20 INT 20
;0136000E 05 18000000 ADD EAX,18
;01360013 8B00 MOV EAX,DWORD PTR DS:[EAX]
;01360015 35 22008D00 XOR EAX,8D0022
;0136001A 90 NOP
;0136001B 90 NOP
;0136001C 50 PUSH EAX
;0136001D C3 RET
;
;014B0000 0D F918F205 OR EAX,5F218F9
;014B0005 B8 4A008D00 MOV EAX,8D004A
;014B000A EB 02 JMP SHORT 014B000E
;014B000C CD 20 INT 20
;014B000E 05 18000000 ADD EAX,18
;014B0013 8B00 MOV EAX,DWORD PTR DS:[EAX]
;014B0015 35 44008D00 XOR EAX,8D0044
;014B001A 90 NOP
;014B001B 90 NOP
;014B001C 50 PUSH EAX
;014B001D C3 RET
;
;01750000 2D 0B37F205 SUB EAX,5F2370B
;01750005 B8 8E008D00 MOV EAX,8D008E
;0175000A EB 02 JMP SHORT 0175000E
;0175000C CD 20 INT 20
;0175000E 05 18000000 ADD EAX,18
;01750013 8B00 MOV EAX,DWORD PTR DS:[EAX]
;01750015 35 88008D00 XOR EAX,8D0088
;0175001A 90 NOP
;0175001B 90 NOP
;0175001C 50 PUSH EAX
;0175001D C3 RET
;
;019F0000 0BC4 OR EAX,ESP
;019F0002 F9 STC
;019F0003 E8 0B000000 CALL 019F0013
;019F0008 90 NOP
;019F0009 13C4 ADC EAX,ESP
;019F000B E9 0A000000 JMP 019F001A
;019F0010 F9 STC
;019F0011 13C3 ADC EAX,EBX
;019F0013 98 CWDE
;019F0014 03C2 ADD EAX,EDX
;019F0016 C3 RET
;
;01B40000 48 DEC EAX
;01B40001 E8 0D000000 CALL 01B40013
;01B40006 03C5 ADD EAX,EBP
;01B40008 FC CLD
;01B40009 E9 0A000000 JMP 01B40018
;01B4000E 35 D82FF205 XOR EAX,5F22FD8
;01B40013 C1C8 9A ROR EAX,9A
;01B40016 C3 RET */
KnownRedirectionIndex = 5; // ; tELock 0.99 - 1.0 Private!
/* ;011F0000 B8 2107F205 MOV EAX,5F20721
;011F0005 B8 06008D00 MOV EAX,8D0006
;011F000A EB 02 JMP SHORT 011F000E
;011F000C CD 20 INT 20
;011F000E 05 18000000 ADD EAX,18
;011F0013 8B00 MOV EAX,DWORD PTR DS:[EAX]
;011F0015 35 00008D00 XOR EAX,8D0000
;011F001A 90 NOP
;011F001B 90 NOP
;011F001C 50 PUSH EAX
;011F001D C3 RET
;
;01360000 1D A508F205 SBB EAX,5F208A5
;01360005 B8 28008D00 MOV EAX,8D0028
;0136000A EB 02 JMP SHORT 0136000E
;0136000C CD 20 INT 20
;0136000E 05 18000000 ADD EAX,18
;01360013 8B00 MOV EAX,DWORD PTR DS:[EAX]
;01360015 35 22008D00 XOR EAX,8D0022
;0136001A 90 NOP
;0136001B 90 NOP
;0136001C 50 PUSH EAX
;0136001D C3 RET
;
;014B0000 0D F918F205 OR EAX,5F218F9
;014B0005 B8 4A008D00 MOV EAX,8D004A
;014B000A EB 02 JMP SHORT 014B000E
;014B000C CD 20 INT 20
;014B000E 05 18000000 ADD EAX,18
;014B0013 8B00 MOV EAX,DWORD PTR DS:[EAX]
;014B0015 35 44008D00 XOR EAX,8D0044
;014B001A 90 NOP
;014B001B 90 NOP
;014B001C 50 PUSH EAX
;014B001D C3 RET
;
;01750000 2D 0B37F205 SUB EAX,5F2370B
;01750005 B8 8E008D00 MOV EAX,8D008E
;0175000A EB 02 JMP SHORT 0175000E
;0175000C CD 20 INT 20
;0175000E 05 18000000 ADD EAX,18
;01750013 8B00 MOV EAX,DWORD PTR DS:[EAX]
;01750015 35 88008D00 XOR EAX,8D0088
;0175001A 90 NOP
;0175001B 90 NOP
;0175001C 50 PUSH EAX
;0175001D C3 RET
;
;019F0000 0BC4 OR EAX,ESP
;019F0002 F9 STC
;019F0003 E8 0B000000 CALL 019F0013
;019F0008 90 NOP
;019F0009 13C4 ADC EAX,ESP
;019F000B E9 0A000000 JMP 019F001A
;019F0010 F9 STC
;019F0011 13C3 ADC EAX,EBX
;019F0013 98 CWDE
;019F0014 03C2 ADD EAX,EDX
;019F0016 C3 RET
;
;01B40000 48 DEC EAX
;01B40001 E8 0D000000 CALL 01B40013
;01B40006 03C5 ADD EAX,EBP
;01B40008 FC CLD
;01B40009 E9 0A000000 JMP 01B40018
;01B4000E 35 D82FF205 XOR EAX,5F22FD8
;01B40013 C1C8 9A ROR EAX,9A
;01B40016 C3 RET */
}
else if((cMem->DataByte[0] == 0x0B && cMem->DataByte[1] == 0xC4 && cMem->DataByte[2] == 0xF9 && cMem->DataByte[3] == 0xE8) || (cMem->DataByte[0] == 0x48 && cMem->DataByte[1] == 0xE8))
{
KnownRedirectionIndex = 5; // ; tELock 0.99 - 1.0 Private!
KnownRedirectionIndex = 5; // ; tELock 0.99 - 1.0 Private!
}
else if((cMem->DataByte[0] == 0xB8 && cMem->DataByte[5] == 0xE8 && cMem->DataByte[10] == 0xF9 && cMem->DataByte[11] == 0xE9) && (cMem->DataByte[0] == 0xE8 && cMem->DataByte[1] == 0x0B && cMem->DataByte[10] == 0xE9 && cMem->DataByte[11] == 0x05 && cMem->DataByte[15] == 0x90 && cMem->DataByte[16] == 0xC3))
{
KnownRedirectionIndex = 5; // ; tELock 0.99 - 1.0 Private!
/* ;01C90000 B8 B853F205 MOV EAX,5F253B8
;01C90005 E8 07000000 CALL 01C90011
;01C9000A F9 STC
;01C9000B E9 07000000 JMP 01C90017
;01C90010 90 NOP
;01C90011 23C3 AND EAX,EBX
;01C90013 C3 RET
;
;00A40022 1BC2 SBB EAX,EDX
;00A40024 E8 08000000 CALL 00A40031
;00A40029 40 INC EAX
;00A4002A E9 09000000 JMP 00A40038
;00A4002F 33C7 XOR EAX,EDI
;00A40031 C1E8 92 SHR EAX,92
;00A40034 C3 RET
;00A40035 83E0 25 AND EAX,25
;00A40038 25 E5AE65DD AND EAX,DD65AEE5
;00A4003D B8 3E00A400 MOV EAX,0A4003E
;00A40042 EB 02 JMP SHORT 00A40046
;00A40044 CD 20 INT 20
;00A40046 05 18000000 ADD EAX,18
;00A4004B 8B00 MOV EAX,DWORD PTR DS:[EAX]
;00A4004D 35 2200A400 XOR EAX,0A40022
;00A40052 90 NOP
;00A40053 90 NOP
;00A40054 50 PUSH EAX
;00A40055 C3 RET
;
;00A4005A E8 0B000000 CALL 00A4006A
;00A4005F 15 06F265DD ADC EAX,DD65F206
;00A40064 E9 05000000 JMP 00A4006E
;00A40069 90 NOP
;00A4006A C3 RET
;00A4006B 1BC5 SBB EAX,EBP
;00A4006D 40 INC EAX
;00A4006E 1BC0 SBB EAX,EAX
;00A40070 F9 STC
;00A40071 B8 7200A400 MOV EAX,0A40072
;00A40076 EB 02 JMP SHORT 00A4007A
;00A40078 CD 20 INT 20
;00A4007A 05 18000000 ADD EAX,18
;00A4007F 8B00 MOV EAX,DWORD PTR DS:[EAX]
;00A40081 35 5A00A400 XOR EAX,0A4005A
;00A40086 90 NOP
;00A40087 90 NOP
;00A40088 50 PUSH EAX
;00A40089 C3 RET */
KnownRedirectionIndex = 5; // ; tELock 0.99 - 1.0 Private!
/* ;01C90000 B8 B853F205 MOV EAX,5F253B8
;01C90005 E8 07000000 CALL 01C90011
;01C9000A F9 STC
;01C9000B E9 07000000 JMP 01C90017
;01C90010 90 NOP
;01C90011 23C3 AND EAX,EBX
;01C90013 C3 RET
;
;00A40022 1BC2 SBB EAX,EDX
;00A40024 E8 08000000 CALL 00A40031
;00A40029 40 INC EAX
;00A4002A E9 09000000 JMP 00A40038
;00A4002F 33C7 XOR EAX,EDI
;00A40031 C1E8 92 SHR EAX,92
;00A40034 C3 RET
;00A40035 83E0 25 AND EAX,25
;00A40038 25 E5AE65DD AND EAX,DD65AEE5
;00A4003D B8 3E00A400 MOV EAX,0A4003E
;00A40042 EB 02 JMP SHORT 00A40046
;00A40044 CD 20 INT 20
;00A40046 05 18000000 ADD EAX,18
;00A4004B 8B00 MOV EAX,DWORD PTR DS:[EAX]
;00A4004D 35 2200A400 XOR EAX,0A40022
;00A40052 90 NOP
;00A40053 90 NOP
;00A40054 50 PUSH EAX
;00A40055 C3 RET
;
;00A4005A E8 0B000000 CALL 00A4006A
;00A4005F 15 06F265DD ADC EAX,DD65F206
;00A40064 E9 05000000 JMP 00A4006E
;00A40069 90 NOP
;00A4006A C3 RET
;00A4006B 1BC5 SBB EAX,EBP
;00A4006D 40 INC EAX
;00A4006E 1BC0 SBB EAX,EAX
;00A40070 F9 STC
;00A40071 B8 7200A400 MOV EAX,0A40072
;00A40076 EB 02 JMP SHORT 00A4007A
;00A40078 CD 20 INT 20
;00A4007A 05 18000000 ADD EAX,18
;00A4007F 8B00 MOV EAX,DWORD PTR DS:[EAX]
;00A40081 35 5A00A400 XOR EAX,0A4005A
;00A40086 90 NOP
;00A40087 90 NOP
;00A40088 50 PUSH EAX
;00A40089 C3 RET */
}
else if(cMem->DataByte[0] == 0x1B && cMem->DataByte[1] == 0xC2 && cMem->DataByte[2] == 0xE8 && cMem->DataByte[3] == 0x08 && cMem->DataByte[7] == 0x40 && cMem->DataByte[8] == 0xE9 && cMem->DataByte[9] == 0x09 && cMem->DataByte[10] == 0x00)
{
KnownRedirectionIndex = 5; // ; tELock 0.99 - 1.0 Private!
KnownRedirectionIndex = 5; // ; tELock 0.99 - 1.0 Private!
}
else if(cMem->DataByte[0] == 0x68 && cMem->DataByte[5] == 0xE9)
{
@ -970,15 +970,15 @@ __declspec(dllexport) long TITCALL TracerDetectRedirection(HANDLE hProcess, ULON
{
if(ImporterGetAPIName((ULONG_PTR)TestAddressX86) != NULL)
{
KnownRedirectionIndex = 6; // ; ReCrypt 0.74
/* ;001739F1 68 E9D9D477 PUSH User32.EndDialog
;001739F6 ^ E9 FDFEFFFF JMP 001738F8 */
KnownRedirectionIndex = 6; // ; ReCrypt 0.74
/* ;001739F1 68 E9D9D477 PUSH User32.EndDialog
;001739F6 ^ E9 FDFEFFFF JMP 001738F8 */
}
}
}
else if((cMem->DataByte[0] == 0xE8 && cMem->DataByte[5] == 0x58 && cMem->DataByte[6] == 0xEB && cMem->DataByte[7] == 0x01) || (cMem->DataByte[0] == 0xC8 && cMem->DataByte[4] == 0xE8 && cMem->DataByte[9] == 0x5B))
{
KnownRedirectionIndex = 7; // ; Orien 2.1x
KnownRedirectionIndex = 7; // ; Orien 2.1x
/* ;GetCommandLineA
;$ ==> >/$ E8 00000000 CALL crackme_.0040DF8F
;$+5 >|$ 58 POP EAX
@ -1044,7 +1044,7 @@ __declspec(dllexport) long TITCALL TracerDetectRedirection(HANDLE hProcess, ULON
}
else if((cMem->DataByte[0] == 0xEB && cMem->DataByte[1] == 0x01 && cMem->DataByte[2] == 0x66 && cMem->DataByte[3] == 0x1B) || (cMem->DataByte[0] == 0xEB && cMem->DataByte[1] == 0x02 && cMem->DataByte[2] == 0xCD && cMem->DataByte[3] == 0x20) || (cMem->DataByte[0] == 0xEB && cMem->DataByte[1] == 0x01 && cMem->DataByte[2] == 0xB8 && cMem->DataByte[3] == 0xEB))
{
KnownRedirectionIndex = 4; // ; tELock 0.96 - 0.98
KnownRedirectionIndex = 4; // ; tELock 0.96 - 0.98
/* ;(BYTE PTR[ESI] == 0EBh && (BYTE PTR[ESI+3] == 0EBh || BYTE PTR[ESI+2] == 0EBh))
;017B0000 0BE4 OR ESP,ESP
;017B0002 75 01 JNZ SHORT 017B0005
@ -1067,11 +1067,11 @@ __declspec(dllexport) long TITCALL TracerDetectRedirection(HANDLE hProcess, ULON
}
else if((cMem->DataByte[0] == 0xEB && cMem->DataByte[1] == 0x03 && cMem->DataByte[2] == 0xFF && cMem->DataByte[3] == 0xEB) || (cMem->DataByte[0] == 0xEB && cMem->DataByte[1] == 0x01 && cMem->DataByte[2] == 0xB8 && cMem->DataByte[3] == 0x05) || (cMem->DataByte[0] == 0xEB && cMem->DataByte[1] == 0x02 && cMem->DataByte[2] == 0xFF && cMem->DataByte[3] == 0x20))
{
KnownRedirectionIndex = 4; // ; tELock 0.96 - 0.98
KnownRedirectionIndex = 4; // ; tELock 0.96 - 0.98
}
else if((cMem->DataByte[0] == 0xF9 || cMem->DataByte[0] == 0xF8) || (cMem->DataByte[0] == 0x0B && cMem->DataByte[1] == 0xE4) || (cMem->DataByte[0] == 0x85 && cMem->DataByte[1] == 0xE4))
{
KnownRedirectionIndex = 4; // ; tELock 0.96 - 0.98
KnownRedirectionIndex = 4; // ; tELock 0.96 - 0.98
}
else if(cMem->DataByte[0] == 0xEB && (cMem->DataByte[1] > NULL && cMem->DataByte[1] < 4))
{
@ -1079,9 +1079,9 @@ __declspec(dllexport) long TITCALL TracerDetectRedirection(HANDLE hProcess, ULON
j = 30;
while(j > NULL)
{
if(cMem->DataByte[i] == 0xB8 && (cMem->DataByte[i+5] == 0x40 || cMem->DataByte[i+5] == 0x90) && cMem->DataByte[i+6] == 0xFF && cMem->DataByte[i+7] == 0x30 && cMem->DataByte[i+8] == 0xC3)
if(cMem->DataByte[i] == 0xB8 && (cMem->DataByte[i + 5] == 0x40 || cMem->DataByte[i + 5] == 0x90) && cMem->DataByte[i + 6] == 0xFF && cMem->DataByte[i + 7] == 0x30 && cMem->DataByte[i + 8] == 0xC3)
{
KnownRedirectionIndex = 4; // ; tELock 0.96 - 0.98
KnownRedirectionIndex = 4; // ; tELock 0.96 - 0.98
j = 1;
}
i++;
@ -1095,11 +1095,11 @@ __declspec(dllexport) long TITCALL TracerDetectRedirection(HANDLE hProcess, ULON
MemoryHash = EngineHashMemory((char*)TraceMemory, 192, MemoryHash);
if(MemoryHash == 0x5AF7E209 || MemoryHash == 0xEB480CAC || MemoryHash == 0x86218561 || MemoryHash == 0xCA9ABD85)
{
KnownRedirectionIndex = 9; // ; SVKP 1.x
KnownRedirectionIndex = 9; // ; SVKP 1.x
}
else if(MemoryHash == 0xF1F84A98 || MemoryHash == 0x91823290 || MemoryHash == 0xBEE6BAA0 || MemoryHash == 0x79603232)
{
KnownRedirectionIndex = 9; // ; SVKP 1.x
KnownRedirectionIndex = 9; // ; SVKP 1.x
}
}
}
@ -1123,7 +1123,7 @@ __declspec(dllexport) ULONG_PTR TITCALL TracerFixKnownRedirection(HANDLE hProces
MEMORY_BASIC_INFORMATION MemInfo;
ULONG_PTR ueNumberOfBytesRead = NULL;
char TracerReadMemory[0x1000] = {0};
DWORD MaximumReadSize=0x1000;
DWORD MaximumReadSize = 0x1000;
cMem = (PMEMORY_CMP_HANDLER)TracerReadMemory;
VirtualQueryEx(hProcess, (LPVOID)AddressToTrace, &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
@ -1139,7 +1139,7 @@ __declspec(dllexport) ULONG_PTR TITCALL TracerFixKnownRedirection(HANDLE hProces
{
RedirectionId = (DWORD)TracerDetectRedirection(hProcess, AddressToTrace);
}
if(RedirectionId == 1) // TracerFix_ACProtect
if(RedirectionId == 1) // TracerFix_ACProtect
{
__try
{
@ -1169,7 +1169,7 @@ __declspec(dllexport) ULONG_PTR TITCALL TracerFixKnownRedirection(HANDLE hProces
return(NULL);
}
}
else if(RedirectionId == 2) // TracerFix_tELock_varA
else if(RedirectionId == 2) // TracerFix_tELock_varA
{
__try
{
@ -1187,7 +1187,7 @@ __declspec(dllexport) ULONG_PTR TITCALL TracerFixKnownRedirection(HANDLE hProces
return(NULL);
}
}
else if(RedirectionId == 3) // TracerFix_tELock_varB
else if(RedirectionId == 3) // TracerFix_tELock_varB
{
__try
{
@ -1212,7 +1212,7 @@ __declspec(dllexport) ULONG_PTR TITCALL TracerFixKnownRedirection(HANDLE hProces
return(NULL);
}
}
else if(RedirectionId == 4) // TracerFix_tELock_varC
else if(RedirectionId == 4) // TracerFix_tELock_varC
{
__try
{
@ -1276,7 +1276,7 @@ __declspec(dllexport) ULONG_PTR TITCALL TracerFixKnownRedirection(HANDLE hProces
return(NULL);
}
}
else if(RedirectionId == 5) // TracerFix_tELock_varD
else if(RedirectionId == 5) // TracerFix_tELock_varD
{
__try
{
@ -1307,7 +1307,7 @@ __declspec(dllexport) ULONG_PTR TITCALL TracerFixKnownRedirection(HANDLE hProces
return(NULL);
}
}
else if(RedirectionId == 6) // TracerFix_ReCrypt
else if(RedirectionId == 6) // TracerFix_ReCrypt
{
__try
{
@ -1322,7 +1322,7 @@ __declspec(dllexport) ULONG_PTR TITCALL TracerFixKnownRedirection(HANDLE hProces
return(NULL);
}
}
else if(RedirectionId == 7) // TracerFix_Orien
else if(RedirectionId == 7) // TracerFix_Orien
{
__try
{
@ -1353,7 +1353,7 @@ __declspec(dllexport) ULONG_PTR TITCALL TracerFixKnownRedirection(HANDLE hProces
return(NULL);
}
}
else if(RedirectionId == 8) // TracerFix_AlexProtector
else if(RedirectionId == 8) // TracerFix_AlexProtector
{
__try
{
@ -1369,7 +1369,7 @@ __declspec(dllexport) ULONG_PTR TITCALL TracerFixKnownRedirection(HANDLE hProces
return(NULL);
}
}
else if(RedirectionId == 9 && MaximumReadSize > 192) // TracerFix_SVKP
else if(RedirectionId == 9 && MaximumReadSize > 192) // TracerFix_SVKP
{
__try
{
@ -1448,7 +1448,7 @@ __declspec(dllexport) long TITCALL TracerFixRedirectionViaImpRecPlugin(HANDLE hP
HANDLE FileMap;
ULONG_PTR FileMapVA;
if(GetModuleFileNameA(engineHandle, (LPCH)szModuleName, sizeof(szModuleName)-0x100) > NULL)
if(GetModuleFileNameA(engineHandle, (LPCH)szModuleName, sizeof(szModuleName) - 0x100) > NULL)
{
cModuleName = (LPVOID)((ULONG_PTR)cModuleName + lstrlenA((LPCSTR)szModuleName));
cmpModuleName = (PMEMORY_CMP_HANDLER)(cModuleName);

2
TitanEngine/TitanEngine.TranslateName.cpp
View File

@ -46,7 +46,7 @@ __declspec(dllexport) void* TITCALL TranslateNativeName(char* szNativeName)
}
VirtualFree(TranslatedName, NULL, MEM_RELEASE);
return NULL;
}

4
TitanEngine/TitanEngine.cpp
View File

@ -12,10 +12,10 @@ BOOL APIENTRY DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
switch(fdwReason)
{
case DLL_PROCESS_ATTACH:
engineHandle=hinstDLL;
engineHandle = hinstDLL;
EngineInit();
EmptyGarbage();
for(int i=0; i<UE_MAX_RESERVED_MEMORY_LEFT; i++)
for(int i = 0; i < UE_MAX_RESERVED_MEMORY_LEFT; i++)
engineReservedMemoryLeft[i] = NULL;
break;
case DLL_THREAD_ATTACH:

38
TitanEngine/aplib.h
View File

@ -28,42 +28,42 @@ extern "C" {
# define APLIB_ERROR ((unsigned int) (-1))
#endif
unsigned int APLIB_CONVENTION aP_pack(const void *source,
void *destination,
unsigned int APLIB_CONVENTION aP_pack(const void* source,
void* destination,
unsigned int length,
void *workmem,
int (__cdecl *callback)(unsigned int, unsigned int, unsigned int, void *),
void *cbparam);
void* workmem,
int (__cdecl* callback)(unsigned int, unsigned int, unsigned int, void*),
void* cbparam);
unsigned int APLIB_CONVENTION aP_workmem_size(unsigned int inputsize);
unsigned int APLIB_CONVENTION aP_max_packed_size(unsigned int inputsize);
unsigned int APLIB_CONVENTION aP_depack_asm(const void *source, void *destination);
unsigned int APLIB_CONVENTION aP_depack_asm(const void* source, void* destination);
unsigned int APLIB_CONVENTION aP_depack_asm_fast(const void *source, void *destination);
unsigned int APLIB_CONVENTION aP_depack_asm_fast(const void* source, void* destination);
unsigned int APLIB_CONVENTION aP_depack_asm_safe(const void *source,
unsigned int APLIB_CONVENTION aP_depack_asm_safe(const void* source,
unsigned int srclen,
void *destination,
void* destination,
unsigned int dstlen);
unsigned int APLIB_CONVENTION aP_crc32(const void *source, unsigned int length);
unsigned int APLIB_CONVENTION aP_crc32(const void* source, unsigned int length);
unsigned int APLIB_CONVENTION aPsafe_pack(const void *source,
void *destination,
unsigned int APLIB_CONVENTION aPsafe_pack(const void* source,
void* destination,
unsigned int length,
void *workmem,
int (__cdecl *callback)(unsigned int, unsigned int, unsigned int, void *),
void *cbparam);
void* workmem,
int (__cdecl* callback)(unsigned int, unsigned int, unsigned int, void*),
void* cbparam);
unsigned int APLIB_CONVENTION aPsafe_check(const void *source);
unsigned int APLIB_CONVENTION aPsafe_check(const void* source);
unsigned int APLIB_CONVENTION aPsafe_get_orig_size(const void *source);
unsigned int APLIB_CONVENTION aPsafe_get_orig_size(const void* source);
unsigned int APLIB_CONVENTION aPsafe_depack(const void *source,
unsigned int APLIB_CONVENTION aPsafe_depack(const void* source,
unsigned int srclen,
void *destination,
void* destination,
unsigned int dstlen);
#ifdef __cplusplus

4
TitanEngine/definitions.h
View File

@ -73,8 +73,8 @@ __declspec(dllexport) ULONG_PTR TITCALL ConvertVAtoFileOffset(ULONG_PTR FileMapV
__declspec(dllexport) ULONG_PTR TITCALL ConvertVAtoFileOffsetEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool AddressIsRVA, bool ReturnType);
__declspec(dllexport) ULONG_PTR TITCALL ConvertFileOffsetToVA(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType);
__declspec(dllexport) ULONG_PTR TITCALL ConvertFileOffsetToVAEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool ReturnType);
__declspec(dllexport) bool TITCALL MemoryReadSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T * lpNumberOfBytesRead);
__declspec(dllexport) bool TITCALL MemoryWriteSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID lpBuffer, SIZE_T nSize, SIZE_T * lpNumberOfBytesWritten);
__declspec(dllexport) bool TITCALL MemoryReadSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T* lpNumberOfBytesRead);
__declspec(dllexport) bool TITCALL MemoryWriteSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID lpBuffer, SIZE_T nSize, SIZE_T* lpNumberOfBytesWritten);
// TitanEngine.Realigner.functions:
__declspec(dllexport) bool TITCALL FixHeaderCheckSum(char* szFileName);
__declspec(dllexport) bool TITCALL FixHeaderCheckSumW(wchar_t* szFileName);

63
TitanEngine/distorm.h
View File

@ -60,14 +60,14 @@ along with this program. If not, see <http://www.gnu.org/licenses/>
#ifdef _MSC_VER
/* Since MSVC isn't shipped with stdint.h, we will have our own: */
typedef signed __int64 int64_t;
typedef unsigned __int64 uint64_t;
typedef signed __int32 int32_t;
typedef unsigned __int32 uint32_t;
typedef signed __int16 int16_t;
typedef unsigned __int16 uint16_t;
typedef signed __int8 int8_t;
typedef unsigned __int8 uint8_t;
typedef signed __int64 int64_t;
typedef unsigned __int64 uint64_t;
typedef signed __int32 int32_t;
typedef unsigned __int32 uint32_t;
typedef signed __int16 int16_t;
typedef unsigned __int16 uint16_t;
typedef signed __int8 int8_t;
typedef unsigned __int8 uint8_t;
#endif
/* Support C++ compilers */
@ -115,7 +115,8 @@ extern "C" {
/* Decodes modes of the disassembler, 16 bits or 32 bits or 64 bits for AMD64, x86-64. */
typedef enum {
typedef enum
{
Decode16Bits = 0, Decode32Bits = 1, Decode64Bits = 2
}
_DecodeType;
@ -167,36 +168,36 @@ typedef union
typedef struct
{
/* Type of operand:
O_NONE: operand is to be ignored.
O_REG: index holds global register index.
O_IMM: instruction.imm.
O_IMM1: instruction.imm.ex.i1.
O_IMM2: instruction.imm.ex.i2.
O_DISP: memory dereference with displacement only, instruction.disp.
O_SMEM: simple memory dereference with optional displacement (a single register memory dereference).
O_MEM: complex memory dereference (optional fields: s/i/b/disp).
O_PC: the relative address of a branch instruction (instruction.imm.addr).
O_PTR: the absolute target address of a far branch instruction (instruction.imm.ptr.seg/off).
O_NONE: operand is to be ignored.
O_REG: index holds global register index.
O_IMM: instruction.imm.
O_IMM1: instruction.imm.ex.i1.
O_IMM2: instruction.imm.ex.i2.
O_DISP: memory dereference with displacement only, instruction.disp.
O_SMEM: simple memory dereference with optional displacement (a single register memory dereference).
O_MEM: complex memory dereference (optional fields: s/i/b/disp).
O_PC: the relative address of a branch instruction (instruction.imm.addr).
O_PTR: the absolute target address of a far branch instruction (instruction.imm.ptr.seg/off).
*/
uint8_t type; /* _OperandType */
/* Index of:
O_REG: holds global register index
O_SMEM: holds the 'base' register. E.G: [ECX], [EBX+0x1234] are both in operand.index.
O_MEM: holds the 'index' register. E.G: [EAX*4] is in operand.index.
O_REG: holds global register index
O_SMEM: holds the 'base' register. E.G: [ECX], [EBX+0x1234] are both in operand.index.
O_MEM: holds the 'index' register. E.G: [EAX*4] is in operand.index.
*/
uint8_t index;
/* Size of:
O_REG: register
O_IMM: instruction.imm
O_IMM1: instruction.imm.ex.i1
O_IMM2: instruction.imm.ex.i2
O_DISP: instruction.disp
O_SMEM: size of indirection.
O_MEM: size of indirection.
O_PC: size of the relative offset
O_PTR: size of instruction.imm.ptr.off (16 or 32)
O_REG: register
O_IMM: instruction.imm
O_IMM1: instruction.imm.ex.i1
O_IMM2: instruction.imm.ex.i2
O_DISP: instruction.disp
O_SMEM: size of indirection.
O_MEM: size of indirection.
O_PC: size of the relative offset
O_PTR: size of instruction.imm.ptr.off (16 or 32)
*/
uint16_t size;
} _Operand;

38
TitanEngine/ntdll.h
View File

@ -250,7 +250,7 @@ typedef struct _PROCESS_BASIC_INFORMATION
ULONG_PTR UniqueProcessId;
PVOID Reserved3;
} PROCESS_BASIC_INFORMATION;
typedef PROCESS_BASIC_INFORMATION *PPROCESS_BASIC_INFORMATION;
typedef PROCESS_BASIC_INFORMATION* PPROCESS_BASIC_INFORMATION;
typedef struct _THREAD_BASIC_INFORMATION
{
@ -264,7 +264,7 @@ typedef struct _THREAD_BASIC_INFORMATION
typedef
VOID
(*PPS_APC_ROUTINE) (
(*PPS_APC_ROUTINE)(
__in_opt PVOID ApcArgument1,
__in_opt PVOID ApcArgument2,
__in_opt PVOID ApcArgument3
@ -445,7 +445,7 @@ extern "C" {
NTSYSCALLAPI
NTSTATUS
NTAPI
NtSetInformationProcess (
NtSetInformationProcess(
__in HANDLE ProcessHandle,
__in PROCESSINFOCLASS ProcessInformationClass,
__in_bcount(ProcessInformationLength) PVOID ProcessInformation,
@ -455,7 +455,7 @@ NtSetInformationProcess (
NTSYSCALLAPI
NTSTATUS
NTAPI
NtQueryInformationProcess (
NtQueryInformationProcess(
__in HANDLE ProcessHandle,
__in PROCESSINFOCLASS ProcessInformationClass,
__out_bcount(ProcessInformationLength) PVOID ProcessInformation,
@ -466,7 +466,7 @@ NtQueryInformationProcess (
NTSYSCALLAPI
NTSTATUS
NTAPI
NtQueryObject (
NtQueryObject(
__in HANDLE Handle,
__in OBJECT_INFORMATION_CLASS ObjectInformationClass,
__out_bcount_opt(ObjectInformationLength) PVOID ObjectInformation,
@ -477,7 +477,7 @@ NtQueryObject (
NTSYSCALLAPI
NTSTATUS
NTAPI
NtSetSystemInformation (
NtSetSystemInformation(
__in SYSTEM_INFORMATION_CLASS SystemInformationClass,
__in_bcount_opt(SystemInformationLength) PVOID SystemInformation,
__in ULONG SystemInformationLength
@ -486,7 +486,7 @@ NtSetSystemInformation (
NTSYSCALLAPI
NTSTATUS
NTAPI
NtQuerySystemInformation (
NtQuerySystemInformation(
__in SYSTEM_INFORMATION_CLASS SystemInformationClass,
__out_bcount_opt(SystemInformationLength) PVOID SystemInformation,
__in ULONG SystemInformationLength,
@ -496,7 +496,7 @@ NtQuerySystemInformation (
NTSYSCALLAPI
NTSTATUS
NTAPI
NtSetInformationThread (
NtSetInformationThread(
__in HANDLE ThreadHandle,
__in THREADINFOCLASS ThreadInformationClass,
__in_bcount(ThreadInformationLength) PVOID ThreadInformation,
@ -506,7 +506,7 @@ NtSetInformationThread (
NTSYSCALLAPI
NTSTATUS
NTAPI
NtQueryInformationThread (
NtQueryInformationThread(
__in HANDLE ThreadHandle,
__in THREADINFOCLASS ThreadInformationClass,
__out_bcount(ThreadInformationLength) PVOID ThreadInformation,
@ -517,7 +517,7 @@ NtQueryInformationThread (
NTSYSCALLAPI
NTSTATUS
NTAPI
NtUnmapViewOfSection (
NtUnmapViewOfSection(
__in HANDLE ProcessHandle,
__in PVOID BaseAddress
);
@ -525,7 +525,7 @@ NtUnmapViewOfSection (
NTSYSCALLAPI
NTSTATUS
NTAPI
NtSuspendThread (
NtSuspendThread(
__in HANDLE ThreadHandle,
__out_opt PULONG PreviousSuspendCount
);
@ -533,7 +533,7 @@ NtSuspendThread (
NTSYSCALLAPI
NTSTATUS
NTAPI
NtResumeThread (
NtResumeThread(
__in HANDLE ThreadHandle,
__out_opt PULONG PreviousSuspendCount
);
@ -541,21 +541,21 @@ NtResumeThread (
NTSYSCALLAPI
NTSTATUS
NTAPI
NtSuspendProcess (
NtSuspendProcess(
__in HANDLE ProcessHandle
);
NTSYSCALLAPI
NTSTATUS
NTAPI
NtResumeProcess (
NtResumeProcess(
__in HANDLE ProcessHandle
);
NTSYSCALLAPI
NTSTATUS
NTAPI
NtQueueApcThread (
NtQueueApcThread(
__in HANDLE ThreadHandle,
__in PPS_APC_ROUTINE ApcRoutine,
__in_opt PVOID ApcArgument1,
@ -566,7 +566,7 @@ NtQueueApcThread (
NTSYSCALLAPI
NTSTATUS
NTAPI
RtlGetCompressionWorkSpaceSize (
RtlGetCompressionWorkSpaceSize(
IN USHORT CompressionFormatAndEngine,
OUT PULONG CompressBufferWorkSpaceSize,
OUT PULONG CompressFragmentWorkSpaceSize
@ -575,7 +575,7 @@ RtlGetCompressionWorkSpaceSize (
NTSYSCALLAPI
NTSTATUS
NTAPI
RtlCompressBuffer (
RtlCompressBuffer(
IN USHORT CompressionFormatAndEngine,
IN PUCHAR UncompressedBuffer,
IN ULONG UncompressedBufferSize,
@ -589,7 +589,7 @@ RtlCompressBuffer (
NTSYSCALLAPI
NTSTATUS
NTAPI
RtlDecompressBuffer (
RtlDecompressBuffer(
IN USHORT CompressionFormat,
OUT PUCHAR UncompressedBuffer,
IN ULONG UncompressedBufferSize,
@ -601,7 +601,7 @@ RtlDecompressBuffer (
NTSYSCALLAPI
ULONG
NTAPI
RtlNtStatusToDosError (
RtlNtStatusToDosError(
NTSTATUS Status
);

2
TitanEngine/resource.h
View File

@ -25,7 +25,7 @@
#define IDC_LISTBOX 800
// Next default values for new objects
//
//
#ifdef APSTUDIO_INVOKED
#ifndef APSTUDIO_READONLY_SYMBOLS
#define _APS_NEXT_RESOURCE_VALUE 114

10
TitanEngine/scylla_wrapper.h
View File

@ -11,7 +11,7 @@ const BYTE SCY_ERROR_IATNOTFOUND = -4;
extern "C" {
#endif /*__cplusplus*/
//iat exports
int scylla_searchIAT(DWORD pid, DWORD_PTR &iatStart, DWORD &iatSize, DWORD_PTR searchStart, bool advancedSearch);
int scylla_searchIAT(DWORD pid, DWORD_PTR & iatStart, DWORD & iatSize, DWORD_PTR searchStart, bool advancedSearch);
int scylla_getImports(DWORD_PTR iatAddr, DWORD iatSize, DWORD pid, LPVOID invalidImportCallback = NULL);
bool scylla_addModule(const WCHAR* moduleName, DWORD_PTR firstThunkRVA);
bool scylla_addImport(const WCHAR* importName, DWORD_PTR thunkVA);
@ -29,12 +29,12 @@ DWORD_PTR scylla_findImportNameByWriteLocation(DWORD_PTR thunkVA);
DWORD_PTR scylla_findModuleNameByWriteLocation(DWORD_PTR thunkVA);
//dumper exports
bool scylla_dumpProcessW(DWORD_PTR pid, const WCHAR * fileToDump, DWORD_PTR imagebase, DWORD_PTR entrypoint, const WCHAR * fileResult);
bool scylla_dumpProcessA(DWORD_PTR pid, const char * fileToDump, DWORD_PTR imagebase, DWORD_PTR entrypoint, const char * fileResult);
bool scylla_dumpProcessW(DWORD_PTR pid, const WCHAR* fileToDump, DWORD_PTR imagebase, DWORD_PTR entrypoint, const WCHAR* fileResult);
bool scylla_dumpProcessA(DWORD_PTR pid, const char* fileToDump, DWORD_PTR imagebase, DWORD_PTR entrypoint, const char* fileResult);
//rebuilder exports
bool scylla_rebuildFileW(const WCHAR * fileToRebuild, BOOL removeDosStub, BOOL updatePeHeaderChecksum, BOOL createBackup);
bool scylla_rebuildFileA(const char * fileToRebuild, BOOL removeDosStub, BOOL updatePeHeaderChecksum, BOOL createBackup);
bool scylla_rebuildFileW(const WCHAR* fileToRebuild, BOOL removeDosStub, BOOL updatePeHeaderChecksum, BOOL createBackup);
bool scylla_rebuildFileA(const char* fileToRebuild, BOOL removeDosStub, BOOL updatePeHeaderChecksum, BOOL createBackup);
#ifdef __cplusplus
}
#endif /*__cplusplus*/

52
TitanEngine/stdafx.h
View File

@ -154,24 +154,24 @@ typedef struct
enum HWBP_MODE
{
MODE_DISABLED=0, //00
MODE_LOCAL=1, //01
MODE_GLOBAL=2 //10
MODE_DISABLED = 0, //00
MODE_LOCAL = 1, //01
MODE_GLOBAL = 2 //10
};
enum HWBP_TYPE
{
TYPE_EXECUTE=0, //00
TYPE_WRITE=1, //01
TYPE_READWRITE=3 //11
TYPE_EXECUTE = 0, //00
TYPE_WRITE = 1, //01
TYPE_READWRITE = 3 //11
};
enum HWBP_SIZE
{
SIZE_1=0, //00
SIZE_2=1, //01
SIZE_8=2, //10
SIZE_4=3 //11
SIZE_1 = 0, //00
SIZE_2 = 1, //01
SIZE_8 = 2, //10
SIZE_4 = 3 //11
};
struct DR7
@ -759,21 +759,21 @@ typedef struct
/*typedef enum _POOL_TYPE {
NonPagedPool,
PagedPool,
NonPagedPoolMustSucceed,
DontUseThisType,
NonPagedPoolCacheAligned,
PagedPoolCacheAligned,
NonPagedPoolCacheAlignedMustS,
MaxPoolType,
NonPagedPoolSession,
PagedPoolSession,
NonPagedPoolMustSucceedSession,
DontUseThisTypeSession,
NonPagedPoolCacheAlignedSession,
PagedPoolCacheAlignedSession,
NonPagedPoolCacheAlignedMustSSession
NonPagedPool,
PagedPool,
NonPagedPoolMustSucceed,
DontUseThisType,
NonPagedPoolCacheAligned,
PagedPoolCacheAligned,
NonPagedPoolCacheAlignedMustS,
MaxPoolType,
NonPagedPoolSession,
PagedPoolSession,
NonPagedPoolMustSucceedSession,
DontUseThisTypeSession,
NonPagedPoolCacheAlignedSession,
PagedPoolCacheAlignedSession,
NonPagedPoolCacheAlignedMustSSession
} POOL_TYPE;*/
typedef struct
@ -924,7 +924,7 @@ struct _PEB_T
DWORD MaximumNumberOfHeaps;
T ProcessHeaps;
//FULL PEB not needed
//FULL PEB not needed
/* T GdiSharedHandleTable;
T ProcessStarterHelper;
T GdiDCAttributeList;

4
TitanEngine/targetver.h
View File

@ -1,8 +1,8 @@
#pragma once
// The following macros define the minimum required platform. The minimum required platform
// is the earliest version of Windows, Internet Explorer etc. that has the necessary features to run
// your application. The macros work by enabling all features available on platform versions up to and
// is the earliest version of Windows, Internet Explorer etc. that has the necessary features to run
// your application. The macros work by enabling all features available on platform versions up to and
// including the version specified.
// Modify the following defines if you have to target a platform prior to the ones specified below.

8
TitanEngineLoaders/LibraryLoader/LibraryLoader.cpp
View File

@ -5,12 +5,12 @@ wchar_t szLibraryPath[512];
int main()
{
memset(szLibraryPath, 0, sizeof(szLibraryPath));
wchar_t szName[256]=L"";
wchar_t szName[256] = L"";
wsprintfW(szName, L"Global\\szLibraryName%X", (unsigned int)GetCurrentProcessId());
HANDLE hMapFile=OpenFileMappingW(FILE_MAP_READ, false, szName);
HANDLE hMapFile = OpenFileMappingW(FILE_MAP_READ, false, szName);
if(hMapFile)
{
const wchar_t* szLibraryPathMapping=(const wchar_t*)MapViewOfFile(hMapFile, FILE_MAP_READ, 0, 0, sizeof(szLibraryPath));
const wchar_t* szLibraryPathMapping = (const wchar_t*)MapViewOfFile(hMapFile, FILE_MAP_READ, 0, 0, sizeof(szLibraryPath));
if(szLibraryPathMapping)
{
lstrcpyW(szLibraryPath, szLibraryPathMapping);
@ -19,6 +19,6 @@ int main()
CloseHandle(hMapFile);
}
if(szLibraryPath[0])
return (LoadLibraryW(szLibraryPath)!=NULL);
return (LoadLibraryW(szLibraryPath) != NULL);
return 0;
}