diff --git a/SDK/C/TitanEngine.h b/SDK/C/TitanEngine.h index e53b316..58cf38a 100644 --- a/SDK/C/TitanEngine.h +++ b/SDK/C/TitanEngine.h @@ -590,8 +590,8 @@ __declspec(dllexport) ULONG_PTR TITCALL ConvertVAtoFileOffset(ULONG_PTR FileMapV __declspec(dllexport) ULONG_PTR TITCALL ConvertVAtoFileOffsetEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool AddressIsRVA, bool ReturnType); __declspec(dllexport) ULONG_PTR TITCALL ConvertFileOffsetToVA(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType); __declspec(dllexport) ULONG_PTR TITCALL ConvertFileOffsetToVAEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool ReturnType); -__declspec(dllexport) bool TITCALL MemoryReadSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T * lpNumberOfBytesRead); -__declspec(dllexport) bool TITCALL MemoryWriteSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID lpBuffer, SIZE_T nSize, SIZE_T * lpNumberOfBytesWritten); +__declspec(dllexport) bool TITCALL MemoryReadSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T* lpNumberOfBytesRead); +__declspec(dllexport) bool TITCALL MemoryWriteSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID lpBuffer, SIZE_T nSize, SIZE_T* lpNumberOfBytesWritten); // TitanEngine.Realigner.functions: __declspec(dllexport) bool TITCALL FixHeaderCheckSum(char* szFileName); __declspec(dllexport) bool TITCALL FixHeaderCheckSumW(wchar_t* szFileName); diff --git a/SDK/CPP/TitanEngine.h b/SDK/CPP/TitanEngine.h index 85f02d5..1a42a61 100644 --- a/SDK/CPP/TitanEngine.h +++ b/SDK/CPP/TitanEngine.h @@ -589,8 +589,8 @@ __declspec(dllimport) ULONG_PTR TITCALL ConvertVAtoFileOffset(ULONG_PTR FileMapV __declspec(dllimport) ULONG_PTR TITCALL ConvertVAtoFileOffsetEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool AddressIsRVA, bool ReturnType); __declspec(dllimport) ULONG_PTR TITCALL ConvertFileOffsetToVA(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType); __declspec(dllimport) ULONG_PTR TITCALL ConvertFileOffsetToVAEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool ReturnType); -__declspec(dllimport) bool TITCALL MemoryReadSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T * lpNumberOfBytesRead); -__declspec(dllimport) bool TITCALL MemoryWriteSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID lpBuffer, SIZE_T nSize, SIZE_T * lpNumberOfBytesWritten); +__declspec(dllimport) bool TITCALL MemoryReadSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T* lpNumberOfBytesRead); +__declspec(dllimport) bool TITCALL MemoryWriteSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID lpBuffer, SIZE_T nSize, SIZE_T* lpNumberOfBytesWritten); // TitanEngine.Realigner.functions: __declspec(dllimport) bool TITCALL FixHeaderCheckSum(char* szFileName); __declspec(dllimport) bool TITCALL FixHeaderCheckSumW(wchar_t* szFileName); diff --git a/SDK/CPP/TitanEngine.hpp b/SDK/CPP/TitanEngine.hpp index 15383b7..e14d960 100644 --- a/SDK/CPP/TitanEngine.hpp +++ b/SDK/CPP/TitanEngine.hpp @@ -407,11 +407,11 @@ protected: { return UE::ConvertFileOffsetToVAEx(FileMapVA, FileSize, ImageBase, AddressToConvert, ReturnType); } - static bool MemoryReadSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T * lpNumberOfBytesRead) + static bool MemoryReadSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T* lpNumberOfBytesRead) { return UE::MemoryReadSafe(hProcess, lpBaseAddress, lpBuffer, nSize, lpNumberOfBytesRead); } - static bool MemoryWriteSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID lpBuffer, SIZE_T nSize, SIZE_T * lpNumberOfBytesWritten) + static bool MemoryWriteSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID lpBuffer, SIZE_T nSize, SIZE_T* lpNumberOfBytesWritten) { return UE::MemoryWriteSafe(hProcess, lpBaseAddress, lpBuffer, nSize, lpNumberOfBytesWritten); } @@ -986,7 +986,7 @@ class ResourcerX protected: - typedef void(TITCALL *fResourceEnumCallback)(const wchar_t* szResourceType, DWORD ResourceType, const wchar_t* szResourceName, DWORD ResourceName, DWORD ResourceLanguage, DWORD ResourceData, DWORD ResourceSize); + typedef void(TITCALL* fResourceEnumCallback)(const wchar_t* szResourceType, DWORD ResourceType, const wchar_t* szResourceName, DWORD ResourceName, DWORD ResourceLanguage, DWORD ResourceData, DWORD ResourceSize); static bool FreeLoadedFile(void* LoadedFileBase) { @@ -1076,8 +1076,8 @@ public: typedef UE::THREAD_ITEM_DATA THREAD_ITEM_DATA; - typedef void(TITCALL *fThreadEnumCallback)(const THREAD_ITEM_DATA* fThreadDetail); - typedef void(TITCALL *fThreadExitCallback)(const EXIT_THREAD_DEBUG_INFO* SpecialDBG); + typedef void(TITCALL* fThreadEnumCallback)(const THREAD_ITEM_DATA* fThreadDetail); + typedef void(TITCALL* fThreadExitCallback)(const EXIT_THREAD_DEBUG_INFO* SpecialDBG); static bool ImportRunningThreadData(DWORD ProcessId) { @@ -1177,8 +1177,8 @@ class DebuggerX protected: - typedef void (TITCALL *fBreakPointCallback)(); - typedef void (TITCALL *fCustomHandlerCallback)(const void* ExceptionData); + typedef void (TITCALL* fBreakPointCallback)(); + typedef void (TITCALL* fCustomHandlerCallback)(const void* ExceptionData); static const char* StaticDisassembleEx(ULONG_PTR DisassmStart, const void* DisassmAddress) { @@ -1664,8 +1664,8 @@ public: protected: - typedef void (TITCALL *fImportEnumCallBack)(void* ptrImportEnumData); - typedef void* (TITCALL *fImportFixCallback)(void* fIATPointer); + typedef void (TITCALL* fImportEnumCallBack)(void* ptrImportEnumData); + typedef void* (TITCALL* fImportFixCallback)(void* fIATPointer); static void AddNewDll(const char* szDLLName, ULONG_PTR FirstThunk) { @@ -1954,7 +1954,7 @@ class LibrarianX { protected: - typedef void (TITCALL *fLibraryBreakPointCallback)(const LOAD_DLL_DEBUG_INFO* SpecialDBG); + typedef void (TITCALL* fLibraryBreakPointCallback)(const LOAD_DLL_DEBUG_INFO* SpecialDBG); static bool SetBreakPoint(const char* szLibraryName, eLibraryEvent bpxType, bool SingleShoot, fLibraryBreakPointCallback bpxCallBack) { @@ -1972,7 +1972,7 @@ public: typedef UE::LIBRARY_ITEM_DATA LIBRARY_ITEM_DATA; - typedef void (TITCALL *fLibraryEnumCallback)(const LIBRARY_ITEM_DATA* fLibraryDetail); + typedef void (TITCALL* fLibraryEnumCallback)(const LIBRARY_ITEM_DATA* fLibraryDetail); static const LIBRARY_ITEM_DATA* GetLibraryInfo(const char* szLibraryName) { @@ -1994,7 +1994,7 @@ public: typedef UE::LIBRARY_ITEM_DATAW LIBRARY_ITEM_DATA; - typedef void (TITCALL *fLibraryEnumCallback)(const LIBRARY_ITEM_DATA* fLibraryDetail); + typedef void (TITCALL* fLibraryEnumCallback)(const LIBRARY_ITEM_DATA* fLibraryDetail); static const LIBRARY_ITEM_DATA* GetLibraryInfo(const wchar_t* szLibraryName) { @@ -2046,7 +2046,7 @@ public: typedef UE::HOOK_ENTRY HOOK_ENTRY; - typedef bool(TITCALL *fHookEnumCallBack)(const HOOK_ENTRY* HookDetails, void* ptrOriginalInstructions, const LibrarianA::LIBRARY_ITEM_DATA* ModuleInformation, DWORD SizeOfImage); + typedef bool(TITCALL* fHookEnumCallBack)(const HOOK_ENTRY* HookDetails, void* ptrOriginalInstructions, const LibrarianA::LIBRARY_ITEM_DATA* ModuleInformation, DWORD SizeOfImage); static bool SafeTransitionEx(void** HookAddressArray, int NumberOfHooks, bool TransitionStart) { @@ -2256,7 +2256,7 @@ class ProcessX { protected: - typedef void(TITCALL *fProcessWithLibraryEnumCallback)(DWORD ProcessId, HMODULE ModuleBaseAddress); + typedef void(TITCALL* fProcessWithLibraryEnumCallback)(DWORD ProcessId, HMODULE ModuleBaseAddress); static void EnumProcessesWithLibrary(char* szLibraryName, fProcessWithLibraryEnumCallback EnumFunction) { @@ -2608,7 +2608,7 @@ class StaticX { protected: - typedef bool (__stdcall *fStaticDecryptCallback)(void* sMemoryStart, int sKeySize); + typedef bool (__stdcall* fStaticDecryptCallback)(void* sMemoryStart, int sKeySize); static bool FileGetContent(HANDLE FileHandle, DWORD FilePositionLow, const DWORD* FilePositionHigh, void* Buffer, DWORD Size) { diff --git a/TitanEngine/Global.Breakpoints.cpp b/TitanEngine/Global.Breakpoints.cpp index b81993d..5932c06 100644 --- a/TitanEngine/Global.Breakpoints.cpp +++ b/TitanEngine/Global.Breakpoints.cpp @@ -6,130 +6,130 @@ std::vector BreakPointBuffer; ULONG_PTR dr7uint(DR7* dr7) { - ULONG_PTR ret=0; - if(BITGET(dr7->HWBP_MODE[0],0)) - BITSET(ret,0); - if(BITGET(dr7->HWBP_MODE[0],1)) - BITSET(ret,1); - if(BITGET(dr7->HWBP_MODE[1],0)) - BITSET(ret,2); - if(BITGET(dr7->HWBP_MODE[1],1)) - BITSET(ret,3); - if(BITGET(dr7->HWBP_MODE[2],0)) - BITSET(ret,4); - if(BITGET(dr7->HWBP_MODE[2],1)) - BITSET(ret,5); - if(BITGET(dr7->HWBP_MODE[3],0)) - BITSET(ret,6); - if(BITGET(dr7->HWBP_MODE[3],1)) - BITSET(ret,7); - if(BITGET(dr7->HWBP_TYPE[0],0)) - BITSET(ret,16); - if(BITGET(dr7->HWBP_TYPE[0],1)) - BITSET(ret,17); - if(BITGET(dr7->HWBP_SIZE[0],0)) - BITSET(ret,18); - if(BITGET(dr7->HWBP_SIZE[0],1)) - BITSET(ret,19); - if(BITGET(dr7->HWBP_TYPE[1],0)) - BITSET(ret,20); - if(BITGET(dr7->HWBP_TYPE[1],1)) - BITSET(ret,21); - if(BITGET(dr7->HWBP_SIZE[1],0)) - BITSET(ret,22); - if(BITGET(dr7->HWBP_SIZE[1],1)) - BITSET(ret,23); - if(BITGET(dr7->HWBP_TYPE[2],0)) - BITSET(ret,24); - if(BITGET(dr7->HWBP_TYPE[2],1)) - BITSET(ret,25); - if(BITGET(dr7->HWBP_SIZE[2],0)) - BITSET(ret,26); - if(BITGET(dr7->HWBP_SIZE[2],1)) - BITSET(ret,27); - if(BITGET(dr7->HWBP_TYPE[3],0)) - BITSET(ret,28); - if(BITGET(dr7->HWBP_TYPE[3],1)) - BITSET(ret,29); - if(BITGET(dr7->HWBP_SIZE[3],0)) - BITSET(ret,30); - if(BITGET(dr7->HWBP_SIZE[3],1)) - BITSET(ret,31); + ULONG_PTR ret = 0; + if(BITGET(dr7->HWBP_MODE[0], 0)) + BITSET(ret, 0); + if(BITGET(dr7->HWBP_MODE[0], 1)) + BITSET(ret, 1); + if(BITGET(dr7->HWBP_MODE[1], 0)) + BITSET(ret, 2); + if(BITGET(dr7->HWBP_MODE[1], 1)) + BITSET(ret, 3); + if(BITGET(dr7->HWBP_MODE[2], 0)) + BITSET(ret, 4); + if(BITGET(dr7->HWBP_MODE[2], 1)) + BITSET(ret, 5); + if(BITGET(dr7->HWBP_MODE[3], 0)) + BITSET(ret, 6); + if(BITGET(dr7->HWBP_MODE[3], 1)) + BITSET(ret, 7); + if(BITGET(dr7->HWBP_TYPE[0], 0)) + BITSET(ret, 16); + if(BITGET(dr7->HWBP_TYPE[0], 1)) + BITSET(ret, 17); + if(BITGET(dr7->HWBP_SIZE[0], 0)) + BITSET(ret, 18); + if(BITGET(dr7->HWBP_SIZE[0], 1)) + BITSET(ret, 19); + if(BITGET(dr7->HWBP_TYPE[1], 0)) + BITSET(ret, 20); + if(BITGET(dr7->HWBP_TYPE[1], 1)) + BITSET(ret, 21); + if(BITGET(dr7->HWBP_SIZE[1], 0)) + BITSET(ret, 22); + if(BITGET(dr7->HWBP_SIZE[1], 1)) + BITSET(ret, 23); + if(BITGET(dr7->HWBP_TYPE[2], 0)) + BITSET(ret, 24); + if(BITGET(dr7->HWBP_TYPE[2], 1)) + BITSET(ret, 25); + if(BITGET(dr7->HWBP_SIZE[2], 0)) + BITSET(ret, 26); + if(BITGET(dr7->HWBP_SIZE[2], 1)) + BITSET(ret, 27); + if(BITGET(dr7->HWBP_TYPE[3], 0)) + BITSET(ret, 28); + if(BITGET(dr7->HWBP_TYPE[3], 1)) + BITSET(ret, 29); + if(BITGET(dr7->HWBP_SIZE[3], 0)) + BITSET(ret, 30); + if(BITGET(dr7->HWBP_SIZE[3], 1)) + BITSET(ret, 31); return ret; } void uintdr7(ULONG_PTR dr7, DR7* ret) { memset(ret, 0, sizeof(DR7)); - if(BITGET(dr7,0)) - BITSET(ret->HWBP_MODE[0],0); - if(BITGET(dr7,1)) - BITSET(ret->HWBP_MODE[0],1); - if(BITGET(dr7,2)) - BITSET(ret->HWBP_MODE[1],0); - if(BITGET(dr7,3)) - BITSET(ret->HWBP_MODE[1],1); - if(BITGET(dr7,4)) - BITSET(ret->HWBP_MODE[2],0); - if(BITGET(dr7,5)) - BITSET(ret->HWBP_MODE[2],1); - if(BITGET(dr7,6)) - BITSET(ret->HWBP_MODE[3],0); - if(BITGET(dr7,7)) - BITSET(ret->HWBP_MODE[3],1); - if(BITGET(dr7,16)) - BITSET(ret->HWBP_TYPE[0],0); - if(BITGET(dr7,17)) - BITSET(ret->HWBP_TYPE[0],1); - if(BITGET(dr7,18)) - BITSET(ret->HWBP_SIZE[0],0); - if(BITGET(dr7,19)) - BITSET(ret->HWBP_SIZE[0],1); - if(BITGET(dr7,20)) - BITSET(ret->HWBP_TYPE[1],0); - if(BITGET(dr7,21)) - BITSET(ret->HWBP_TYPE[1],1); - if(BITGET(dr7,22)) - BITSET(ret->HWBP_SIZE[1],0); - if(BITGET(dr7,23)) - BITSET(ret->HWBP_SIZE[1],1); - if(BITGET(dr7,24)) - BITSET(ret->HWBP_TYPE[2],0); - if(BITGET(dr7,25)) - BITSET(ret->HWBP_TYPE[2],1); - if(BITGET(dr7,26)) - BITSET(ret->HWBP_SIZE[2],0); - if(BITGET(dr7,27)) - BITSET(ret->HWBP_SIZE[2],1); - if(BITGET(dr7,28)) - BITSET(ret->HWBP_TYPE[3],0); - if(BITGET(dr7,29)) - BITSET(ret->HWBP_TYPE[3],1); - if(BITGET(dr7,30)) - BITSET(ret->HWBP_SIZE[3],0); - if(BITGET(dr7,31)) - BITSET(ret->HWBP_SIZE[3],1); + if(BITGET(dr7, 0)) + BITSET(ret->HWBP_MODE[0], 0); + if(BITGET(dr7, 1)) + BITSET(ret->HWBP_MODE[0], 1); + if(BITGET(dr7, 2)) + BITSET(ret->HWBP_MODE[1], 0); + if(BITGET(dr7, 3)) + BITSET(ret->HWBP_MODE[1], 1); + if(BITGET(dr7, 4)) + BITSET(ret->HWBP_MODE[2], 0); + if(BITGET(dr7, 5)) + BITSET(ret->HWBP_MODE[2], 1); + if(BITGET(dr7, 6)) + BITSET(ret->HWBP_MODE[3], 0); + if(BITGET(dr7, 7)) + BITSET(ret->HWBP_MODE[3], 1); + if(BITGET(dr7, 16)) + BITSET(ret->HWBP_TYPE[0], 0); + if(BITGET(dr7, 17)) + BITSET(ret->HWBP_TYPE[0], 1); + if(BITGET(dr7, 18)) + BITSET(ret->HWBP_SIZE[0], 0); + if(BITGET(dr7, 19)) + BITSET(ret->HWBP_SIZE[0], 1); + if(BITGET(dr7, 20)) + BITSET(ret->HWBP_TYPE[1], 0); + if(BITGET(dr7, 21)) + BITSET(ret->HWBP_TYPE[1], 1); + if(BITGET(dr7, 22)) + BITSET(ret->HWBP_SIZE[1], 0); + if(BITGET(dr7, 23)) + BITSET(ret->HWBP_SIZE[1], 1); + if(BITGET(dr7, 24)) + BITSET(ret->HWBP_TYPE[2], 0); + if(BITGET(dr7, 25)) + BITSET(ret->HWBP_TYPE[2], 1); + if(BITGET(dr7, 26)) + BITSET(ret->HWBP_SIZE[2], 0); + if(BITGET(dr7, 27)) + BITSET(ret->HWBP_SIZE[2], 1); + if(BITGET(dr7, 28)) + BITSET(ret->HWBP_TYPE[3], 0); + if(BITGET(dr7, 29)) + BITSET(ret->HWBP_TYPE[3], 1); + if(BITGET(dr7, 30)) + BITSET(ret->HWBP_SIZE[3], 0); + if(BITGET(dr7, 31)) + BITSET(ret->HWBP_SIZE[3], 1); } void BreakPointPostReadFilter(ULONG_PTR lpBaseAddress, unsigned char* lpBuffer, SIZE_T nSize) { CriticalSectionLocker lock(LockBreakPointBuffer); - ULONG_PTR start=lpBaseAddress; - ULONG_PTR end=start+nSize; - int bpcount=(int)BreakPointBuffer.size(); - for(int i=0; iBreakPointActive != UE_BPXACTIVE || (curBp->BreakPointType != UE_BREAKPOINT && curBp->BreakPointType != UE_SINGLESHOOT)) continue; - ULONG_PTR cur_addr=curBp->BreakPointAddress; - for(SIZE_T j=0; jBreakPointSize; j++) + ULONG_PTR cur_addr = curBp->BreakPointAddress; + for(SIZE_T j = 0; j < curBp->BreakPointSize; j++) { - if(cur_addr+j>=start && cur_addr+j= start && cur_addr + j < end) //breakpoint is in range { - ULONG_PTR index=cur_addr+j-start; //calculate where to write in the buffer - memcpy(lpBuffer+index, &curBp->OriginalByte[j], sizeof(char)); + ULONG_PTR index = cur_addr + j - start; //calculate where to write in the buffer + memcpy(lpBuffer + index, &curBp->OriginalByte[j], sizeof(char)); } } } @@ -137,19 +137,19 @@ void BreakPointPostReadFilter(ULONG_PTR lpBaseAddress, unsigned char* lpBuffer, void BreakPointPreWriteFilter(ULONG_PTR lpBaseAddress, SIZE_T nSize, CriticalSectionLocker* lock) { - ULONG_PTR start=lpBaseAddress; - ULONG_PTR end=start+nSize; - int bpcount=(int)BreakPointBuffer.size(); - for(int i=0; iBreakPointActive != UE_BPXACTIVE || (curBp->BreakPointType != UE_BREAKPOINT && curBp->BreakPointType != UE_SINGLESHOOT)) continue; - ULONG_PTR cur_addr=curBp->BreakPointAddress; - for(SIZE_T j=0; jBreakPointSize; j++) + ULONG_PTR cur_addr = curBp->BreakPointAddress; + for(SIZE_T j = 0; j < curBp->BreakPointSize; j++) { - if(cur_addr+j>=start && cur_addr+j= start && cur_addr + j < end) //breakpoint byte is in range { lock->unlock(); DisableBPX(cur_addr); @@ -163,19 +163,19 @@ void BreakPointPreWriteFilter(ULONG_PTR lpBaseAddress, SIZE_T nSize, CriticalSec void BreakPointPostWriteFilter(ULONG_PTR lpBaseAddress, SIZE_T nSize, CriticalSectionLocker* lock) { - ULONG_PTR start=lpBaseAddress; - ULONG_PTR end=start+nSize; - int bpcount=(int)BreakPointBuffer.size(); - for(int i=0; iBreakPointActive != UE_BPXACTIVE || (curBp->BreakPointType != UE_BREAKPOINT && curBp->BreakPointType != UE_SINGLESHOOT)) continue; - ULONG_PTR cur_addr=curBp->BreakPointAddress; - for(SIZE_T j=0; jBreakPointSize; j++) + ULONG_PTR cur_addr = curBp->BreakPointAddress; + for(SIZE_T j = 0; j < curBp->BreakPointSize; j++) { - if(cur_addr+j>=start && cur_addr+j= start && cur_addr + j < end) //breakpoint byte is in range { curBp->BreakPointActive = UE_BPXINACTIVE; //little hack lock->unlock(); diff --git a/TitanEngine/Global.Debugger.cpp b/TitanEngine/Global.Debugger.cpp index f273b31..b5c7dc8 100644 --- a/TitanEngine/Global.Debugger.cpp +++ b/TitanEngine/Global.Debugger.cpp @@ -93,14 +93,14 @@ void StepOutStepCallBack() StepOver(StepOutCallBack); else { - typedef void(TITCALL *fCustomBreakPoint)(); + typedef void(TITCALL * fCustomBreakPoint)(); __try { ((fCustomBreakPoint)StepOutCallBack)(); } __except(EXCEPTION_EXECUTE_HANDLER) { - } + } } } else diff --git a/TitanEngine/Global.Engine.Extension.h b/TitanEngine/Global.Engine.Extension.h index 7ec832e..6a7eaf3 100644 --- a/TitanEngine/Global.Engine.Extension.h +++ b/TitanEngine/Global.Engine.Extension.h @@ -6,10 +6,10 @@ #define PLUGCALL TITCALL //typedefs -typedef void(PLUGCALL *fPluginDebugExec)(LPDEBUG_EVENT debugEvent, int CallReason); -typedef bool(PLUGCALL *fPluginRegister)(char* szPluginName, LPDWORD titanPluginMajorVersion, LPDWORD titanPluginMinorVersion); -typedef void(PLUGCALL *fPluginReleaseExec)(); -typedef void(PLUGCALL *fPluginResetExec)(); +typedef void(PLUGCALL* fPluginDebugExec)(LPDEBUG_EVENT debugEvent, int CallReason); +typedef bool(PLUGCALL* fPluginRegister)(char* szPluginName, LPDWORD titanPluginMajorVersion, LPDWORD titanPluginMinorVersion); +typedef void(PLUGCALL* fPluginReleaseExec)(); +typedef void(PLUGCALL* fPluginResetExec)(); //structs typedef struct diff --git a/TitanEngine/Global.Engine.GUI.cpp b/TitanEngine/Global.Engine.GUI.cpp index 2770cc5..5a2cd8d 100644 --- a/TitanEngine/Global.Engine.GUI.cpp +++ b/TitanEngine/Global.Engine.GUI.cpp @@ -45,7 +45,7 @@ long EngineWndProc(HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam) { char szAboutTitle[] = "[ About ]"; char szAboutText[] = "%s \r\n\r\n ReversingLabs - http://www.reversinglabs.com \r\n\r\n Minimum engine version needed:\r\n- TitanEngine %i.%i.%i by RevLabs\r\n\r\nUnpacker coded by %s"; - typedef void(TITCALL *fStartUnpacking)(char* szInputFile, bool RealignFile, bool CopyOverlay); + typedef void(TITCALL * fStartUnpacking)(char* szInputFile, bool RealignFile, bool CopyOverlay); fStartUnpacking myStartUnpacking = (fStartUnpacking)EngineStartUnpackingCallBack; char GlobalBuffer[1024] = {}; char AboutBuffer[1024] = {}; diff --git a/TitanEngine/Global.Engine.Hash.cpp b/TitanEngine/Global.Engine.Hash.cpp index 97e212d..f679ff2 100644 --- a/TitanEngine/Global.Engine.Hash.cpp +++ b/TitanEngine/Global.Engine.Hash.cpp @@ -37,13 +37,13 @@ unsigned long EngineCrc32Reflect(unsigned long ulReflect, const char cChar) return ulValue; } -void EngineCrc32PartialCRC(unsigned long *ulCRC, const unsigned char *sData, unsigned long ulDataLength) +void EngineCrc32PartialCRC(unsigned long* ulCRC, const unsigned char* sData, unsigned long ulDataLength) { while(ulDataLength--) { //If your compiler complains about the following line, try changing each - // occurrence of *ulCRC with "((unsigned long)*ulCRC)" or "*(unsigned long *)ulCRC". - *(unsigned long *)ulCRC = ((*(unsigned long *)ulCRC) >> 8) ^ Crc32Table[((*(unsigned long *)ulCRC) & 0xFF) ^ *sData++]; + // occurrence of *ulCRC with "((unsigned long)*ulCRC)" or "*(unsigned long *)ulCRC". + *(unsigned long*)ulCRC = ((*(unsigned long*)ulCRC) >> 8) ^ Crc32Table[((*(unsigned long*)ulCRC) & 0xFF) ^ *sData++]; } } \ No newline at end of file diff --git a/TitanEngine/Global.Engine.Hash.h b/TitanEngine/Global.Engine.Hash.h index 369b1aa..d227057 100644 --- a/TitanEngine/Global.Engine.Hash.h +++ b/TitanEngine/Global.Engine.Hash.h @@ -3,6 +3,6 @@ void HashInit(); unsigned long EngineCrc32Reflect(unsigned long ulReflect, const char cChar); -void EngineCrc32PartialCRC(unsigned long *ulCRC, const unsigned char *sData, unsigned long ulDataLength); +void EngineCrc32PartialCRC(unsigned long* ulCRC, const unsigned char* sData, unsigned long ulDataLength); #endif //_GLOBAL_ENGINE_HASH_H \ No newline at end of file diff --git a/TitanEngine/Global.Engine.Hider.cpp b/TitanEngine/Global.Engine.Hider.cpp index d3a311c..91a441b 100644 --- a/TitanEngine/Global.Engine.Hider.cpp +++ b/TitanEngine/Global.Engine.Hider.cpp @@ -8,15 +8,15 @@ // Global.Engine.Hider.functions: static bool isAtleastVista() { - static bool isAtleastVista=false; - static bool isSet=false; + static bool isAtleastVista = false; + static bool isSet = false; if(isSet) return isAtleastVista; - OSVERSIONINFO versionInfo= {0}; - versionInfo.dwOSVersionInfoSize=sizeof(OSVERSIONINFO); + OSVERSIONINFO versionInfo = {0}; + versionInfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO); GetVersionEx(&versionInfo); - isAtleastVista=versionInfo.dwMajorVersion >= 6; - isSet=true; + isAtleastVista = versionInfo.dwMajorVersion >= 6; + isSet = true; return isAtleastVista; } @@ -24,10 +24,10 @@ static bool isAtleastVista() static bool isWindows64() { SYSTEM_INFO si = {0}; - typedef void (WINAPI *tGetNativeSystemInfo)(LPSYSTEM_INFO lpSystemInfo); + typedef void (WINAPI * tGetNativeSystemInfo)(LPSYSTEM_INFO lpSystemInfo); tGetNativeSystemInfo _GetNativeSystemInfo = (tGetNativeSystemInfo)GetProcAddress(GetModuleHandleA("kernel32.dll"), "GetNativeSystemInfo"); - if (_GetNativeSystemInfo) + if(_GetNativeSystemInfo) { _GetNativeSystemInfo(&si); } @@ -45,7 +45,7 @@ static void FixAntidebugApiInProcess(HANDLE hProcess, bool Hide, bool x64) { 0x33, 0xC0, //XOR EAX,EAX 0xC2, 0x08, 0x00 //RETN 0x8 - }; + }; const BYTE patchGetTickCount32[3] = { 0x33, 0xC0, //XOR EAX,EAX @@ -69,17 +69,17 @@ static void FixAntidebugApiInProcess(HANDLE hProcess, bool Hide, bool x64) if(x64) //x64 patches { - patchCheckRemoteDebuggerPresent=patchCheckRemoteDebuggerPresent64; - patchCheckRemoteDebuggerPresentSize=sizeof(patchCheckRemoteDebuggerPresent64); - patchGetTickCount=patchGetTickCount64; - patchGetTickCountSize=sizeof(patchGetTickCount64); + patchCheckRemoteDebuggerPresent = patchCheckRemoteDebuggerPresent64; + patchCheckRemoteDebuggerPresentSize = sizeof(patchCheckRemoteDebuggerPresent64); + patchGetTickCount = patchGetTickCount64; + patchGetTickCountSize = sizeof(patchGetTickCount64); } else //x86 patches { - patchCheckRemoteDebuggerPresent=patchCheckRemoteDebuggerPresent32; - patchCheckRemoteDebuggerPresentSize=sizeof(patchCheckRemoteDebuggerPresent32); - patchGetTickCount=patchGetTickCount32; - patchGetTickCountSize=sizeof(patchGetTickCount32); + patchCheckRemoteDebuggerPresent = patchCheckRemoteDebuggerPresent32; + patchCheckRemoteDebuggerPresentSize = sizeof(patchCheckRemoteDebuggerPresent32); + patchGetTickCount = patchGetTickCount32; + patchGetTickCountSize = sizeof(patchGetTickCount32); } ULONG_PTR APIPatchAddress = 0; @@ -89,14 +89,14 @@ static void FixAntidebugApiInProcess(HANDLE hProcess, bool Hide, bool x64) if(Hide) { APIPatchAddress = EngineGetProcAddressRemote(hProcess, L"kernel32.dll", "CheckRemoteDebuggerPresent"); - if (VirtualProtectEx(hProcess, (LPVOID)APIPatchAddress, patchCheckRemoteDebuggerPresentSize, PAGE_EXECUTE_READWRITE, &OldProtect)) + if(VirtualProtectEx(hProcess, (LPVOID)APIPatchAddress, patchCheckRemoteDebuggerPresentSize, PAGE_EXECUTE_READWRITE, &OldProtect)) { WriteProcessMemory(hProcess, (LPVOID)(APIPatchAddress), &patchCheckRemoteDebuggerPresent, patchCheckRemoteDebuggerPresentSize, &ueNumberOfBytesRead); VirtualProtectEx(hProcess, (LPVOID)APIPatchAddress, patchCheckRemoteDebuggerPresentSize, OldProtect, &OldProtect); } APIPatchAddress = EngineGetProcAddressRemote(hProcess, L"kernel32.dll", "GetTickCount"); - if (VirtualProtectEx(hProcess, (LPVOID)APIPatchAddress, patchGetTickCountSize, PAGE_EXECUTE_READWRITE, &OldProtect)) + if(VirtualProtectEx(hProcess, (LPVOID)APIPatchAddress, patchGetTickCountSize, PAGE_EXECUTE_READWRITE, &OldProtect)) { WriteProcessMemory(hProcess, (LPVOID)(APIPatchAddress), &patchGetTickCount, patchGetTickCountSize, &ueNumberOfBytesRead); VirtualProtectEx(hProcess, (LPVOID)APIPatchAddress, patchGetTickCountSize, OldProtect, &OldProtect); @@ -105,14 +105,14 @@ static void FixAntidebugApiInProcess(HANDLE hProcess, bool Hide, bool x64) else { APIPatchAddress = EngineGetProcAddressRemote(hProcess, L"kernel32.dll", "CheckRemoteDebuggerPresent"); - if (VirtualProtectEx(hProcess, (LPVOID)APIPatchAddress, patchCheckRemoteDebuggerPresentSize, PAGE_EXECUTE_READWRITE, &OldProtect)) + if(VirtualProtectEx(hProcess, (LPVOID)APIPatchAddress, patchCheckRemoteDebuggerPresentSize, PAGE_EXECUTE_READWRITE, &OldProtect)) { WriteProcessMemory(hProcess, (LPVOID)(APIPatchAddress), (void*)GetProcAddress(GetModuleHandleA("kernel32.dll"), "CheckRemoteDebuggerPresent"), patchCheckRemoteDebuggerPresentSize, &ueNumberOfBytesRead); VirtualProtectEx(hProcess, (LPVOID)APIPatchAddress, patchCheckRemoteDebuggerPresentSize, OldProtect, &OldProtect); } APIPatchAddress = EngineGetProcAddressRemote(hProcess, L"kernel32.dll", "GetTickCount"); - if (VirtualProtectEx(hProcess, (LPVOID)APIPatchAddress, patchGetTickCountSize, PAGE_EXECUTE_READWRITE, &OldProtect)) + if(VirtualProtectEx(hProcess, (LPVOID)APIPatchAddress, patchGetTickCountSize, PAGE_EXECUTE_READWRITE, &OldProtect)) { WriteProcessMemory(hProcess, (LPVOID)(APIPatchAddress), (void*)GetProcAddress(GetModuleHandleA("kernel32.dll"), "GetTickCount"), patchGetTickCountSize, &ueNumberOfBytesRead); VirtualProtectEx(hProcess, (LPVOID)APIPatchAddress, patchGetTickCountSize, OldProtect, &OldProtect); @@ -128,9 +128,9 @@ static void FixAntidebugApiInProcess(HANDLE hProcess, bool Hide, bool x64) static int getHeapFlagsOffset(bool x64) { - if (x64) //x64 offsets + if(x64) //x64 offsets { - if (isAtleastVista()) + if(isAtleastVista()) { return 0x70; } @@ -141,7 +141,7 @@ static int getHeapFlagsOffset(bool x64) } else //x86 offsets { - if (isAtleastVista()) + if(isAtleastVista()) { return 0x40; } @@ -154,9 +154,9 @@ static int getHeapFlagsOffset(bool x64) static int getHeapForceFlagsOffset(bool x64) { - if (x64) //x64 offsets + if(x64) //x64 offsets { - if (isAtleastVista()) + if(isAtleastVista()) { return 0x74; } @@ -167,7 +167,7 @@ static int getHeapForceFlagsOffset(bool x64) } else //x86 offsets { - if (isAtleastVista()) + if(isAtleastVista()) { return 0x44; } @@ -182,25 +182,25 @@ static bool FixPebInProcess(HANDLE hProcess, bool Hide) { PEB_CURRENT myPEB = {0}; SIZE_T ueNumberOfBytesRead = 0; - void * heapFlagsAddress = 0; + void* heapFlagsAddress = 0; DWORD heapFlags = 0; - void * heapForceFlagsAddress = 0; + void* heapForceFlagsAddress = 0; DWORD heapForceFlags = 0; #ifndef _WIN64 PEB64 myPEB64 = {0}; - void * AddressOfPEB64 = GetPEBLocation64(hProcess); + void* AddressOfPEB64 = GetPEBLocation64(hProcess); #endif - void * AddressOfPEB = GetPEBLocation(hProcess); + void* AddressOfPEB = GetPEBLocation(hProcess); - if (!AddressOfPEB) + if(!AddressOfPEB) return false; if(ReadProcessMemory(hProcess, AddressOfPEB, (void*)&myPEB, sizeof(PEB_CURRENT), &ueNumberOfBytesRead)) { #ifndef _WIN64 - if (AddressOfPEB64) + if(AddressOfPEB64) { ReadProcessMemory(hProcess, AddressOfPEB64, (void*)&myPEB64, sizeof(PEB64), &ueNumberOfBytesRead); } @@ -219,17 +219,17 @@ static bool FixPebInProcess(HANDLE hProcess, bool Hide) //TODO: backup heap flags #ifdef _WIN64 - heapFlagsAddress = (void *)((LONG_PTR)myPEB.ProcessHeap + getHeapFlagsOffset(true)); - heapForceFlagsAddress = (void *)((LONG_PTR)myPEB.ProcessHeap + getHeapForceFlagsOffset(true)); + heapFlagsAddress = (void*)((LONG_PTR)myPEB.ProcessHeap + getHeapFlagsOffset(true)); + heapForceFlagsAddress = (void*)((LONG_PTR)myPEB.ProcessHeap + getHeapForceFlagsOffset(true)); #else - heapFlagsAddress = (void *)((LONG_PTR)myPEB.ProcessHeap + getHeapFlagsOffset(false)); - heapForceFlagsAddress = (void *)((LONG_PTR)myPEB.ProcessHeap + getHeapForceFlagsOffset(false)); + heapFlagsAddress = (void*)((LONG_PTR)myPEB.ProcessHeap + getHeapFlagsOffset(false)); + heapForceFlagsAddress = (void*)((LONG_PTR)myPEB.ProcessHeap + getHeapForceFlagsOffset(false)); #endif //_WIN64 ReadProcessMemory(hProcess, heapFlagsAddress, &heapFlags, sizeof(DWORD), 0); ReadProcessMemory(hProcess, heapForceFlagsAddress, &heapForceFlags, sizeof(DWORD), 0); - heapFlags&=HEAP_GROWABLE; - heapForceFlags=0; + heapFlags &= HEAP_GROWABLE; + heapForceFlags = 0; WriteProcessMemory(hProcess, heapFlagsAddress, &heapFlags, sizeof(DWORD), 0); WriteProcessMemory(hProcess, heapForceFlagsAddress, &heapForceFlags, sizeof(DWORD), 0); @@ -245,7 +245,7 @@ static bool FixPebInProcess(HANDLE hProcess, bool Hide) if(WriteProcessMemory(hProcess, AddressOfPEB, (void*)&myPEB, sizeof(PEB_CURRENT), &ueNumberOfBytesRead)) { #ifndef _WIN64 - if (AddressOfPEB64) + if(AddressOfPEB64) { WriteProcessMemory(hProcess, AddressOfPEB64, (void*)&myPEB64, sizeof(PEB64), &ueNumberOfBytesRead); } @@ -260,7 +260,7 @@ bool ChangeHideDebuggerState(HANDLE hProcess, DWORD PatchAPILevel, bool Hide) { if(hProcess) { - if (FixPebInProcess(hProcess, Hide)) + if(FixPebInProcess(hProcess, Hide)) { if(PatchAPILevel == UE_HIDE_BASIC) { @@ -280,11 +280,11 @@ bool ChangeHideDebuggerState(HANDLE hProcess, DWORD PatchAPILevel, bool Hide) #ifndef _WIN64 bool IsThisProcessWow64() { - typedef BOOL (WINAPI * tIsWow64Process)(HANDLE hProcess,PBOOL Wow64Process); + typedef BOOL (WINAPI * tIsWow64Process)(HANDLE hProcess, PBOOL Wow64Process); BOOL bIsWow64 = FALSE; tIsWow64Process fnIsWow64Process = (tIsWow64Process)GetProcAddress(GetModuleHandleA("kernel32.dll"), "IsWow64Process"); - if (fnIsWow64Process) + if(fnIsWow64Process) { fnIsWow64Process(GetCurrentProcess(), &bIsWow64); } diff --git a/TitanEngine/Global.Engine.Importer.cpp b/TitanEngine/Global.Engine.Importer.cpp index 3155c05..435e57a 100644 --- a/TitanEngine/Global.Engine.Importer.cpp +++ b/TitanEngine/Global.Engine.Importer.cpp @@ -14,32 +14,32 @@ ULONG_PTR EngineGetProcAddressRemote(HANDLE hProcess, const wchar_t* szDLLName, else hProcess = dbgProcessInformation.hProcess; } - DWORD cbNeeded=0; + DWORD cbNeeded = 0; if(EnumProcessModules(hProcess, 0, 0, &cbNeeded)) { - HMODULE* hMods=(HMODULE*)malloc(cbNeeded*sizeof(HMODULE)); + HMODULE* hMods = (HMODULE*)malloc(cbNeeded * sizeof(HMODULE)); if(EnumProcessModules(hProcess, hMods, cbNeeded, &cbNeeded)) { - for(unsigned int i=0; i=start && APIAddress= start && APIAddress < end) return start; } } @@ -108,18 +108,18 @@ ULONG_PTR EngineGetModuleBaseRemote(HANDLE hProcess, const wchar_t* szDLLName) else hProcess = dbgProcessInformation.hProcess; } - DWORD cbNeeded=0; + DWORD cbNeeded = 0; if(EnumProcessModules(hProcess, 0, 0, &cbNeeded)) { - HMODULE* hMods=(HMODULE*)malloc(cbNeeded*sizeof(HMODULE)); + HMODULE* hMods = (HMODULE*)malloc(cbNeeded * sizeof(HMODULE)); if(EnumProcessModules(hProcess, hMods, cbNeeded, &cbNeeded)) { - for(unsigned int i=0; ie_lfanew); - PIMAGE_NT_HEADERS64 PEHeader64=(PIMAGE_NT_HEADERS64)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew); + PIMAGE_NT_HEADERS32 PEHeader32 = (PIMAGE_NT_HEADERS32)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew); + PIMAGE_NT_HEADERS64 PEHeader64 = (PIMAGE_NT_HEADERS64)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew); ULONG_PTR ExportDirectoryVA; DWORD ExportDirectorySize; ULONG_PTR ImageBase; - if(PEHeader32->OptionalHeader.Magic==IMAGE_NT_OPTIONAL_HDR32_MAGIC) + if(PEHeader32->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR32_MAGIC) { - ImageBase=PEHeader32->OptionalHeader.ImageBase; - ExportDirectoryVA=(ULONG_PTR)PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress; - ExportDirectorySize=(ULONG_PTR)PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size; + ImageBase = PEHeader32->OptionalHeader.ImageBase; + ExportDirectoryVA = (ULONG_PTR)PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress; + ExportDirectorySize = (ULONG_PTR)PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size; } else //x64 { - ImageBase=(ULONG_PTR)PEHeader64->OptionalHeader.ImageBase; - ExportDirectoryVA=(ULONG_PTR)PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress; - ExportDirectorySize=(ULONG_PTR)PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size; + ImageBase = (ULONG_PTR)PEHeader64->OptionalHeader.ImageBase; + ExportDirectoryVA = (ULONG_PTR)PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress; + ExportDirectorySize = (ULONG_PTR)PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size; } - PIMAGE_EXPORT_DIRECTORY ExportDirectory=(PIMAGE_EXPORT_DIRECTORY)ConvertVAtoFileOffset(FileMapVA, ExportDirectoryVA+ImageBase, true); + PIMAGE_EXPORT_DIRECTORY ExportDirectory = (PIMAGE_EXPORT_DIRECTORY)ConvertVAtoFileOffset(FileMapVA, ExportDirectoryVA + ImageBase, true); if(ExportDirectory) { - DWORD* AddrOfFunctions=(DWORD*)ConvertVAtoFileOffset(FileMapVA, ExportDirectory->AddressOfFunctions+ImageBase, true); - DWORD* AddrOfNames=(DWORD*)ConvertVAtoFileOffset(FileMapVA, ExportDirectory->AddressOfNames+ImageBase, true); - SHORT* AddrOfNameOrdinals=(SHORT*)ConvertVAtoFileOffset(FileMapVA, ExportDirectory->AddressOfNameOrdinals+ImageBase, true); + DWORD* AddrOfFunctions = (DWORD*)ConvertVAtoFileOffset(FileMapVA, ExportDirectory->AddressOfFunctions + ImageBase, true); + DWORD* AddrOfNames = (DWORD*)ConvertVAtoFileOffset(FileMapVA, ExportDirectory->AddressOfNames + ImageBase, true); + SHORT* AddrOfNameOrdinals = (SHORT*)ConvertVAtoFileOffset(FileMapVA, ExportDirectory->AddressOfNameOrdinals + ImageBase, true); if(AddrOfFunctions && AddrOfNames && AddrOfNameOrdinals) { - unsigned int NumberOfNames=ExportDirectory->NumberOfNames; - for(unsigned int i=0; iNumberOfNames; + for(unsigned int i = 0; i < NumberOfNames; i++) { - const char* curName=(const char*)ConvertVAtoFileOffset(FileMapVA, AddrOfNames[i]+ImageBase, true); + const char* curName = (const char*)ConvertVAtoFileOffset(FileMapVA, AddrOfNames[i] + ImageBase, true); if(!curName) continue; - unsigned int curRva=AddrOfFunctions[AddrOfNameOrdinals[i]]; - if(curRva=ExportDirectoryVA+ExportDirectorySize) //non-forwarded exports + unsigned int curRva = AddrOfFunctions[AddrOfNameOrdinals[i]]; + if(curRva < ExportDirectoryVA || curRva >= ExportDirectoryVA + ExportDirectorySize) //non-forwarded exports { - if(curRva+ModuleBase==APIAddress) + if(curRva + ModuleBase == APIAddress) { - if(APIName && APINameSize>strlen(curName)) + if(APIName && APINameSize > strlen(curName)) { strcpy(APIName, curName); UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA); @@ -265,7 +265,7 @@ bool EngineGetAPINameRemote(HANDLE hProcess, ULONG_PTR APIAddress, char* APIName } if(APINameSizeNeeded) { - *APINameSizeNeeded=(DWORD)strlen(curName); + *APINameSizeNeeded = (DWORD)strlen(curName); UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA); return true; } @@ -293,50 +293,50 @@ DWORD EngineGetAPIOrdinalRemote(HANDLE hProcess, ULONG_PTR APIAddress) DWORD FileSize; HANDLE FileMap; ULONG_PTR FileMapVA; - ULONG_PTR ModuleBase=EngineGetModuleBaseRemote(hProcess, APIAddress); + ULONG_PTR ModuleBase = EngineGetModuleBaseRemote(hProcess, APIAddress); if(!ModuleBase) return 0; - wchar_t szModulePath[MAX_PATH]=L""; + wchar_t szModulePath[MAX_PATH] = L""; if(!GetModuleFileNameExW(hProcess, (HMODULE)ModuleBase, szModulePath, _countof(szModulePath))) return 0; if(MapFileExW(szModulePath, UE_ACCESS_READ, &FileHandle, &FileSize, &FileMap, &FileMapVA, 0)) { - PIMAGE_DOS_HEADER DOSHeader=(PIMAGE_DOS_HEADER)FileMapVA; + PIMAGE_DOS_HEADER DOSHeader = (PIMAGE_DOS_HEADER)FileMapVA; if(EngineValidateHeader(FileMapVA, NULL, NULL, DOSHeader, true)) { - PIMAGE_NT_HEADERS32 PEHeader32=(PIMAGE_NT_HEADERS32)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew); - PIMAGE_NT_HEADERS64 PEHeader64=(PIMAGE_NT_HEADERS64)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew); + PIMAGE_NT_HEADERS32 PEHeader32 = (PIMAGE_NT_HEADERS32)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew); + PIMAGE_NT_HEADERS64 PEHeader64 = (PIMAGE_NT_HEADERS64)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew); ULONG_PTR ExportDirectoryVA; DWORD ExportDirectorySize; ULONG_PTR ImageBase; - if(PEHeader32->OptionalHeader.Magic==IMAGE_NT_OPTIONAL_HDR32_MAGIC) + if(PEHeader32->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR32_MAGIC) { - ImageBase=PEHeader32->OptionalHeader.ImageBase; - ExportDirectoryVA=(ULONG_PTR)PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress; - ExportDirectorySize=(ULONG_PTR)PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size; + ImageBase = PEHeader32->OptionalHeader.ImageBase; + ExportDirectoryVA = (ULONG_PTR)PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress; + ExportDirectorySize = (ULONG_PTR)PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size; } else //x64 { - ImageBase=(ULONG_PTR)PEHeader64->OptionalHeader.ImageBase; - ExportDirectoryVA=(ULONG_PTR)PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress; - ExportDirectorySize=(ULONG_PTR)PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size; + ImageBase = (ULONG_PTR)PEHeader64->OptionalHeader.ImageBase; + ExportDirectoryVA = (ULONG_PTR)PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress; + ExportDirectorySize = (ULONG_PTR)PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size; } - PIMAGE_EXPORT_DIRECTORY ExportDirectory=(PIMAGE_EXPORT_DIRECTORY)ConvertVAtoFileOffset(FileMapVA, ExportDirectoryVA+ImageBase, true); + PIMAGE_EXPORT_DIRECTORY ExportDirectory = (PIMAGE_EXPORT_DIRECTORY)ConvertVAtoFileOffset(FileMapVA, ExportDirectoryVA + ImageBase, true); if(ExportDirectory) { - DWORD* AddrOfFunctions=(DWORD*)ConvertVAtoFileOffset(FileMapVA, ExportDirectory->AddressOfFunctions+ImageBase, true); + DWORD* AddrOfFunctions = (DWORD*)ConvertVAtoFileOffset(FileMapVA, ExportDirectory->AddressOfFunctions + ImageBase, true); if(AddrOfFunctions) { - unsigned int NumberOfFunctions=ExportDirectory->NumberOfFunctions; - for(unsigned int i=0,j=0; iNumberOfFunctions; + for(unsigned int i = 0, j = 0; i < NumberOfFunctions; i++) { - unsigned int curRva=AddrOfFunctions[i]; + unsigned int curRva = AddrOfFunctions[i]; if(!curRva) continue; j++; //ordinal - if(curRva=ExportDirectoryVA+ExportDirectorySize) //non-forwarded exports + if(curRva < ExportDirectoryVA || curRva >= ExportDirectoryVA + ExportDirectorySize) //non-forwarded exports { - if(curRva+ModuleBase==APIAddress) + if(curRva + ModuleBase == APIAddress) { UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA); return j; diff --git a/TitanEngine/Global.Engine.Simplification.cpp b/TitanEngine/Global.Engine.Simplification.cpp index f1b2e47..ad220ac 100644 --- a/TitanEngine/Global.Engine.Simplification.cpp +++ b/TitanEngine/Global.Engine.Simplification.cpp @@ -54,7 +54,7 @@ void EngineSimplifyLoadLibraryCallBack() ImporterAddNewDll(szReadStringData, (ULONG_PTR)GetContextData((DWORD)EngineUnpackerBreakInfo[i].Parameter2)); if(EngineUnpackerOptionLogData) { - wsprintfA(szLogBufferData,"[x] LoadLibrary BPX -> %s",szReadStringData); + wsprintfA(szLogBufferData, "[x] LoadLibrary BPX -> %s", szReadStringData); EngineAddUnpackerWindowLogMessage(szLogBufferData); } } @@ -89,7 +89,7 @@ void EngineSimplifyGetProcAddressCallBack() ImporterAddNewAPI(szReadStringData, (ULONG_PTR)GetContextData((DWORD)EngineUnpackerBreakInfo[i].Parameter2)); if(EngineUnpackerOptionLogData) { - wsprintfA(szLogBufferData,"[x] GetProcAddress BPX -> %s",szReadStringData); + wsprintfA(szLogBufferData, "[x] GetProcAddress BPX -> %s", szReadStringData); EngineAddUnpackerWindowLogMessage(szLogBufferData); } } @@ -99,7 +99,7 @@ void EngineSimplifyGetProcAddressCallBack() ImporterAddNewOrdinalAPI(iParameter1, (ULONG_PTR)GetContextData((DWORD)EngineUnpackerBreakInfo[i].Parameter2)); if(EngineUnpackerOptionLogData) { - wsprintfA(szLogBufferData,"[x] GetProcAddress BPX -> %08X",iParameter1); + wsprintfA(szLogBufferData, "[x] GetProcAddress BPX -> %08X", iParameter1); EngineAddUnpackerWindowLogMessage(szLogBufferData); } } @@ -113,7 +113,7 @@ void EngineSimplifyGetProcAddressCallBack() ImporterAddNewAPI(szReadStringData, (ULONG_PTR)GetContextData((DWORD)EngineUnpackerBreakInfo[i].Parameter2)); if(EngineUnpackerOptionLogData) { - wsprintfA(szLogBufferData,"[x] GetProcAddress BPX -> %s",szReadStringData); + wsprintfA(szLogBufferData, "[x] GetProcAddress BPX -> %s", szReadStringData); EngineAddUnpackerWindowLogMessage(szLogBufferData); } } @@ -123,7 +123,7 @@ void EngineSimplifyGetProcAddressCallBack() ImporterAddNewOrdinalAPI(iParameter1, (ULONG_PTR)GetContextData((DWORD)EngineUnpackerBreakInfo[i].Parameter2)); if(EngineUnpackerOptionLogData) { - wsprintfA(szLogBufferData,"[x] GetProcAddress BPX -> %08X",iParameter1); + wsprintfA(szLogBufferData, "[x] GetProcAddress BPX -> %08X", iParameter1); EngineAddUnpackerWindowLogMessage(szLogBufferData); } } @@ -206,7 +206,7 @@ void EngineSimplifyEntryPointCallBack() } if(EngineUnpackerOptionLogData) { - wsprintfA(szLogBufferData,"[x] Entry Point at: %08X", EngineUnpackerOptionUnpackedOEP); + wsprintfA(szLogBufferData, "[x] Entry Point at: %08X", EngineUnpackerOptionUnpackedOEP); EngineAddUnpackerWindowLogMessage(szLogBufferData); } if(EngineUnpackerFileStatus.FileIsDLL) diff --git a/TitanEngine/Global.Engine.Threading.cpp b/TitanEngine/Global.Engine.Threading.cpp index 7dea371..0735970 100644 --- a/TitanEngine/Global.Engine.Threading.cpp +++ b/TitanEngine/Global.Engine.Threading.cpp @@ -9,24 +9,24 @@ static void CriticalSectionInitializeLocks() { if(bInitDone) return; - for(int i=0; ifLoadLibrary); fVirtualFree cVirtualFree = (fVirtualFree)(APIData->fVirtualFree); @@ -33,11 +33,11 @@ long injectedRemoteFreeLibrary(LPVOID Parameter) PInjectCodeData APIData = (PInjectCodeData)Parameter; #if !defined(_WIN64) - typedef ULONG_PTR(WINAPI *fFreeLibrary)(HMODULE fLibBase); - typedef ULONG_PTR(WINAPI *fVirtualFree)(LPVOID fMemBase, SIZE_T fMemSize, DWORD fFreeType); + typedef ULONG_PTR(WINAPI * fFreeLibrary)(HMODULE fLibBase); + typedef ULONG_PTR(WINAPI * fVirtualFree)(LPVOID fMemBase, SIZE_T fMemSize, DWORD fFreeType); #else - typedef ULONG_PTR(__fastcall *fFreeLibrary)(HMODULE fLibBase); - typedef ULONG_PTR(__fastcall *fVirtualFree)(LPVOID fMemBase, SIZE_T fMemSize, DWORD fFreeType); + typedef ULONG_PTR(__fastcall * fFreeLibrary)(HMODULE fLibBase); + typedef ULONG_PTR(__fastcall * fVirtualFree)(LPVOID fMemBase, SIZE_T fMemSize, DWORD fFreeType); #endif fFreeLibrary cFreeLibrary = (fFreeLibrary)(APIData->fFreeLibrary); fVirtualFree cVirtualFree = (fVirtualFree)(APIData->fVirtualFree); @@ -58,13 +58,13 @@ long injectedRemoteFreeLibrarySimple(LPVOID Parameter) LPVOID orgParameter = Parameter; Parameter = (LPVOID)((ULONG_PTR)Parameter + sizeof InjectCodeData); #if !defined(_WIN64) - typedef ULONG_PTR(WINAPI *fFreeLibrary)(HMODULE fLibBase); - typedef HMODULE(WINAPI *fGetModuleHandleW)(LPCWSTR fLibraryName); - typedef ULONG_PTR(WINAPI *fVirtualFree)(LPVOID fMemBase, SIZE_T fMemSize, DWORD fFreeType); + typedef ULONG_PTR(WINAPI * fFreeLibrary)(HMODULE fLibBase); + typedef HMODULE(WINAPI * fGetModuleHandleW)(LPCWSTR fLibraryName); + typedef ULONG_PTR(WINAPI * fVirtualFree)(LPVOID fMemBase, SIZE_T fMemSize, DWORD fFreeType); #else - typedef ULONG_PTR(__fastcall *fFreeLibrary)(HMODULE fLibBase); - typedef HMODULE(__fastcall *fGetModuleHandleW)(LPCWSTR fLibraryName); - typedef ULONG_PTR(__fastcall *fVirtualFree)(LPVOID fMemBase, SIZE_T fMemSize, DWORD fFreeType); + typedef ULONG_PTR(__fastcall * fFreeLibrary)(HMODULE fLibBase); + typedef HMODULE(__fastcall * fGetModuleHandleW)(LPCWSTR fLibraryName); + typedef ULONG_PTR(__fastcall * fVirtualFree)(LPVOID fMemBase, SIZE_T fMemSize, DWORD fFreeType); #endif fGetModuleHandleW cGetModuleHandleW = (fGetModuleHandleW)(APIData->fGetModuleHandle); fFreeLibrary cFreeLibrary = (fFreeLibrary)(APIData->fFreeLibrary); @@ -93,9 +93,9 @@ long injectedExitProcess(LPVOID Parameter) PInjectCodeData APIData = (PInjectCodeData)Parameter; #if !defined(_WIN64) - typedef ULONG_PTR(WINAPI *fExitProcess)(DWORD fExitCode); + typedef ULONG_PTR(WINAPI * fExitProcess)(DWORD fExitCode); #else - typedef ULONG_PTR(__fastcall *fExitProcess)(DWORD fExitCode); + typedef ULONG_PTR(__fastcall * fExitProcess)(DWORD fExitCode); #endif fExitProcess cExitProcess = (fExitProcess)(APIData->fExitProcess); long retValue = NULL; @@ -126,16 +126,16 @@ long injectedImpRec(LPVOID Parameter) HANDLE hFileMap; PInjectImpRecCodeData APIData = (PInjectImpRecCodeData)Parameter; LPVOID szFileName = (LPVOID)((ULONG_PTR)Parameter + sizeof InjectImpRecCodeData); - typedef ULONG_PTR(__cdecl *fTrace)(DWORD hFileMap, DWORD dwSizeMap, DWORD dwTimeOut, DWORD dwToTrace, DWORD dwExactCall); - typedef HANDLE(WINAPI *fCreateFileW)(LPCWSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile); - typedef HANDLE(WINAPI *fCreateFileMappingA)(HANDLE hFile, LPSECURITY_ATTRIBUTES lpFileMappingAttributes, DWORD flProtect, DWORD dwMaximumSizeHigh, DWORD dwMaximumSizeLow, LPCSTR lpName); - typedef BOOL(__cdecl *fCloseHandle)(HANDLE hHandle); + typedef ULONG_PTR(__cdecl * fTrace)(DWORD hFileMap, DWORD dwSizeMap, DWORD dwTimeOut, DWORD dwToTrace, DWORD dwExactCall); + typedef HANDLE(WINAPI * fCreateFileW)(LPCWSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile); + typedef HANDLE(WINAPI * fCreateFileMappingA)(HANDLE hFile, LPSECURITY_ATTRIBUTES lpFileMappingAttributes, DWORD flProtect, DWORD dwMaximumSizeHigh, DWORD dwMaximumSizeLow, LPCSTR lpName); + typedef BOOL(__cdecl * fCloseHandle)(HANDLE hHandle); fTrace cTrace = (fTrace)(APIData->fTrace); fCreateFileW cCreateFileW = (fCreateFileW)(APIData->fCreateFileA); fCloseHandle cCloseHandle = (fCloseHandle)(APIData->fCloseHandle); fCreateFileMappingA cCreateFileMappingA = (fCreateFileMappingA)(APIData->fCreateFileMappingA); - hFile = cCreateFileW((LPCWSTR)szFileName, GENERIC_READ+GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); + hFile = cCreateFileW((LPCWSTR)szFileName, GENERIC_READ + GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); if(hFile != INVALID_HANDLE_VALUE) { hFileMap = cCreateFileMappingA(hFile, NULL, 4, NULL, 0x100, NULL); diff --git a/TitanEngine/Global.Mapping.cpp b/TitanEngine/Global.Mapping.cpp index 21e5679..689e134 100644 --- a/TitanEngine/Global.Mapping.cpp +++ b/TitanEngine/Global.Mapping.cpp @@ -24,13 +24,13 @@ bool MapFileEx(char* szFileName, DWORD ReadOrWrite, LPHANDLE FileHandle, LPDWORD } else if(ReadOrWrite == UE_ACCESS_ALL) { - FileAccess = GENERIC_READ+GENERIC_WRITE+GENERIC_EXECUTE; + FileAccess = GENERIC_READ + GENERIC_WRITE + GENERIC_EXECUTE; FileMapType = PAGE_EXECUTE_READWRITE; FileMapViewType = FILE_MAP_WRITE; } else { - FileAccess = GENERIC_READ+GENERIC_WRITE+GENERIC_EXECUTE; + FileAccess = GENERIC_READ + GENERIC_WRITE + GENERIC_EXECUTE; FileMapType = PAGE_EXECUTE_READWRITE; FileMapViewType = FILE_MAP_ALL_ACCESS; } @@ -39,7 +39,7 @@ bool MapFileEx(char* szFileName, DWORD ReadOrWrite, LPHANDLE FileHandle, LPDWORD if(hFile != INVALID_HANDLE_VALUE) { *FileHandle = hFile; - DWORD mfFileSize = GetFileSize(hFile,NULL); + DWORD mfFileSize = GetFileSize(hFile, NULL); mfFileSize = mfFileSize + SizeModifier; *FileSize = mfFileSize; HANDLE mfFileMap = CreateFileMappingA(hFile, NULL, FileMapType, NULL, mfFileSize, NULL); @@ -85,13 +85,13 @@ bool MapFileExW(wchar_t* szFileName, DWORD ReadOrWrite, LPHANDLE FileHandle, LPD } else if(ReadOrWrite == UE_ACCESS_ALL) { - FileAccess = GENERIC_READ+GENERIC_WRITE+GENERIC_EXECUTE; + FileAccess = GENERIC_READ + GENERIC_WRITE + GENERIC_EXECUTE; FileMapType = PAGE_EXECUTE_READWRITE; FileMapViewType = FILE_MAP_WRITE; } else { - FileAccess = GENERIC_READ+GENERIC_WRITE+GENERIC_EXECUTE; + FileAccess = GENERIC_READ + GENERIC_WRITE + GENERIC_EXECUTE; FileMapType = PAGE_EXECUTE_READWRITE; FileMapViewType = FILE_MAP_ALL_ACCESS; } @@ -100,7 +100,7 @@ bool MapFileExW(wchar_t* szFileName, DWORD ReadOrWrite, LPHANDLE FileHandle, LPD if(hFile != INVALID_HANDLE_VALUE) { *FileHandle = hFile; - DWORD mfFileSize = GetFileSize(hFile,NULL); + DWORD mfFileSize = GetFileSize(hFile, NULL); mfFileSize = mfFileSize + SizeModifier; *FileSize = mfFileSize; HANDLE mfFileMap = CreateFileMappingA(hFile, NULL, FileMapType, NULL, mfFileSize, NULL); @@ -131,7 +131,7 @@ void UnMapFileEx(HANDLE FileHandle, DWORD FileSize, HANDLE FileMap, ULONG_PTR Fi if(UnmapViewOfFile((void*)FileMapVA)) { EngineCloseHandle(FileMap); - SetFilePointer(FileHandle,FileSize,NULL,FILE_BEGIN); + SetFilePointer(FileHandle, FileSize, NULL, FILE_BEGIN); SetEndOfFile(FileHandle); EngineCloseHandle(FileHandle); } diff --git a/TitanEngine/Global.OEPFinder.cpp b/TitanEngine/Global.OEPFinder.cpp index 0d790e1..e70db2f 100644 --- a/TitanEngine/Global.OEPFinder.cpp +++ b/TitanEngine/Global.OEPFinder.cpp @@ -17,10 +17,10 @@ void GenericOEPVirtualProtectHit() DWORD NewProtect = 0; DWORD OldProtect = 0; - int bpcount=(int)BreakPointBuffer.size(); - for(int i=0; iArray.bArrayEntry[0] == 0xC3) // RET + if(myCmpHandler->Array.bArrayEntry[0] == 0xC3) // RET { FakeEPDetected = true; } - else if(myCmpHandler->Array.bArrayEntry[0] == 0x33 && myCmpHandler->Array.bArrayEntry[1] == 0xC0 && myCmpHandler->Array.bArrayEntry[2] == 0xC3) // XOR EAX,EAX; RET + else if(myCmpHandler->Array.bArrayEntry[0] == 0x33 && myCmpHandler->Array.bArrayEntry[1] == 0xC0 && myCmpHandler->Array.bArrayEntry[2] == 0xC3) // XOR EAX,EAX; RET { FakeEPDetected = true; } @@ -201,7 +201,7 @@ void GenericOEPTraceInit() int i; void* lpHashBuffer; ULONG_PTR NumberOfBytesRW; - typedef void(TITCALL *fInitCallBack)(); + typedef void(TITCALL * fInitCallBack)(); fInitCallBack myInitCallBack = (fInitCallBack)glbEntryTracerData.InitCallBack; if(glbEntryTracerData.FileIsDLL) diff --git a/TitanEngine/LzmaDec.cpp b/TitanEngine/LzmaDec.cpp index 5c53b41..71e9ddf 100644 --- a/TitanEngine/LzmaDec.cpp +++ b/TitanEngine/LzmaDec.cpp @@ -135,9 +135,9 @@ Out: = kMatchSpecLenStart + 2 : State Init Marker */ -static int MY_FAST_CALL LzmaDec_DecodeReal(CLzmaDec *p, SizeT limit, const Byte *bufLimit) +static int MY_FAST_CALL LzmaDec_DecodeReal(CLzmaDec* p, SizeT limit, const Byte* bufLimit) { - CLzmaProb *probs = p->probs; + CLzmaProb* probs = p->probs; unsigned state = p->state; UInt32 rep0 = p->reps[0], rep1 = p->reps[1], rep2 = p->reps[2], rep3 = p->reps[3]; @@ -145,7 +145,7 @@ static int MY_FAST_CALL LzmaDec_DecodeReal(CLzmaDec *p, SizeT limit, const Byte unsigned lpMask = ((unsigned)1 << (p->prop.lp)) - 1; unsigned lc = p->prop.lc; - Byte *dic = p->dic; + Byte* dic = p->dic; SizeT dicBufSize = p->dicBufSize; SizeT dicPos = p->dicPos; @@ -153,13 +153,13 @@ static int MY_FAST_CALL LzmaDec_DecodeReal(CLzmaDec *p, SizeT limit, const Byte UInt32 checkDicSize = p->checkDicSize; unsigned len = 0; - const Byte *buf = p->buf; + const Byte* buf = p->buf; UInt32 range = p->range; UInt32 code = p->code; do { - CLzmaProb *prob; + CLzmaProb* prob; UInt32 bound; unsigned ttt; unsigned posState = processedPos & pbMask; @@ -170,18 +170,18 @@ static int MY_FAST_CALL LzmaDec_DecodeReal(CLzmaDec *p, SizeT limit, const Byte unsigned symbol; UPDATE_0(prob); prob = probs + Literal; - if (checkDicSize != 0 || processedPos != 0) + if(checkDicSize != 0 || processedPos != 0) prob += (LZMA_LIT_SIZE * (((processedPos & lpMask) << lc) + (dic[(dicPos == 0 ? dicBufSize : dicPos) - 1] >> (8 - lc)))); - if (state < kNumLitStates) + if(state < kNumLitStates) { symbol = 1; do { GET_BIT(prob + symbol, symbol) } - while (symbol < 0x100); + while(symbol < 0x100); } else { @@ -191,13 +191,13 @@ static int MY_FAST_CALL LzmaDec_DecodeReal(CLzmaDec *p, SizeT limit, const Byte do { unsigned bit; - CLzmaProb *probLit; + CLzmaProb* probLit; matchByte <<= 1; bit = (matchByte & offs); probLit = prob + offs + bit + symbol; GET_BIT2(probLit, symbol, offs &= ~bit, offs &= bit) } - while (symbol < 0x100); + while(symbol < 0x100); } dic[dicPos++] = (Byte)symbol; processedPos++; @@ -219,7 +219,7 @@ static int MY_FAST_CALL LzmaDec_DecodeReal(CLzmaDec *p, SizeT limit, const Byte else { UPDATE_1(prob); - if (checkDicSize == 0 && processedPos == 0) + if(checkDicSize == 0 && processedPos == 0) return SZ_ERROR_DATA; prob = probs + IsRepG0 + state; IF_BIT_0(prob) @@ -272,7 +272,7 @@ static int MY_FAST_CALL LzmaDec_DecodeReal(CLzmaDec *p, SizeT limit, const Byte } { unsigned limit, offset; - CLzmaProb *probLen = prob + LenChoice; + CLzmaProb* probLen = prob + LenChoice; IF_BIT_0(probLen) { UPDATE_0(probLen); @@ -303,18 +303,18 @@ static int MY_FAST_CALL LzmaDec_DecodeReal(CLzmaDec *p, SizeT limit, const Byte len += offset; } - if (state >= kNumStates) + if(state >= kNumStates) { UInt32 distance; prob = probs + PosSlot + ((len < kNumLenToPosStates ? len : kNumLenToPosStates - 1) << kNumPosSlotBits); TREE_6_DECODE(prob, distance); - if (distance >= kStartPosModelIndex) + if(distance >= kStartPosModelIndex) { unsigned posSlot = (unsigned)distance; int numDirectBits = (int)(((distance >> 1) - 1)); distance = (2 | (distance & 1)); - if (posSlot < kEndPosModelIndex) + if(posSlot < kEndPosModelIndex) { distance <<= numDirectBits; prob = probs + SpecPos + distance - posSlot - 1; @@ -326,7 +326,7 @@ static int MY_FAST_CALL LzmaDec_DecodeReal(CLzmaDec *p, SizeT limit, const Byte GET_BIT2(prob + i, i, ; , distance |= mask); mask <<= 1; } - while (--numDirectBits != 0); + while(--numDirectBits != 0); } } else @@ -353,7 +353,7 @@ static int MY_FAST_CALL LzmaDec_DecodeReal(CLzmaDec *p, SizeT limit, const Byte } */ } - while (--numDirectBits != 0); + while(--numDirectBits != 0); prob = probs + Align; distance <<= kNumAlignBits; { @@ -363,7 +363,7 @@ static int MY_FAST_CALL LzmaDec_DecodeReal(CLzmaDec *p, SizeT limit, const Byte GET_BIT2(prob + i, i, ; , distance |= 4); GET_BIT2(prob + i, i, ; , distance |= 8); } - if (distance == (UInt32)0xFFFFFFFF) + if(distance == (UInt32)0xFFFFFFFF) { len += kMatchSpecLenStart; state -= kNumStates; @@ -375,12 +375,12 @@ static int MY_FAST_CALL LzmaDec_DecodeReal(CLzmaDec *p, SizeT limit, const Byte rep2 = rep1; rep1 = rep0; rep0 = distance + 1; - if (checkDicSize == 0) + if(checkDicSize == 0) { - if (distance >= processedPos) + if(distance >= processedPos) return SZ_ERROR_DATA; } - else if (distance >= checkDicSize) + else if(distance >= checkDicSize) return SZ_ERROR_DATA; state = (state < kNumStates + kNumLitStates) ? kNumLitStates : kNumLitStates + 3; /* state = kLiteralNextStates[state]; */ @@ -388,7 +388,7 @@ static int MY_FAST_CALL LzmaDec_DecodeReal(CLzmaDec *p, SizeT limit, const Byte len += kMatchMinLen; - if (limit == dicPos) + if(limit == dicPos) return SZ_ERROR_DATA; { SizeT rem = limit - dicPos; @@ -398,30 +398,30 @@ static int MY_FAST_CALL LzmaDec_DecodeReal(CLzmaDec *p, SizeT limit, const Byte processedPos += curLen; len -= curLen; - if (pos + curLen <= dicBufSize) + if(pos + curLen <= dicBufSize) { - Byte *dest = dic + dicPos; + Byte* dest = dic + dicPos; ptrdiff_t src = (ptrdiff_t)pos - (ptrdiff_t)dicPos; - const Byte *lim = dest + curLen; + const Byte* lim = dest + curLen; dicPos += curLen; do - *(dest) = (Byte)*(dest + src); - while (++dest != lim); + *(dest) = (Byte) * (dest + src); + while(++dest != lim); } else { do { dic[dicPos++] = dic[pos]; - if (++pos == dicBufSize) + if(++pos == dicBufSize) pos = 0; } - while (--curLen != 0); + while(--curLen != 0); } } } } - while (dicPos < limit && buf < bufLimit); + while(dicPos < limit && buf < bufLimit); NORMALIZE; p->buf = buf; p->range = range; @@ -438,24 +438,24 @@ static int MY_FAST_CALL LzmaDec_DecodeReal(CLzmaDec *p, SizeT limit, const Byte return SZ_OK; } -static void MY_FAST_CALL LzmaDec_WriteRem(CLzmaDec *p, SizeT limit) +static void MY_FAST_CALL LzmaDec_WriteRem(CLzmaDec* p, SizeT limit) { - if (p->remainLen != 0 && p->remainLen < kMatchSpecLenStart) + if(p->remainLen != 0 && p->remainLen < kMatchSpecLenStart) { - Byte *dic = p->dic; + Byte* dic = p->dic; SizeT dicPos = p->dicPos; SizeT dicBufSize = p->dicBufSize; unsigned len = p->remainLen; UInt32 rep0 = p->reps[0]; - if (limit - dicPos < len) + if(limit - dicPos < len) len = (unsigned)(limit - dicPos); - if (p->checkDicSize == 0 && p->prop.dicSize - p->processedPos <= len) + if(p->checkDicSize == 0 && p->prop.dicSize - p->processedPos <= len) p->checkDicSize = p->prop.dicSize; p->processedPos += len; p->remainLen -= len; - while (len-- != 0) + while(len-- != 0) { dic[dicPos] = dic[(dicPos - rep0) + ((dicPos < rep0) ? dicBufSize : 0)]; dicPos++; @@ -464,25 +464,25 @@ static void MY_FAST_CALL LzmaDec_WriteRem(CLzmaDec *p, SizeT limit) } } -static int MY_FAST_CALL LzmaDec_DecodeReal2(CLzmaDec *p, SizeT limit, const Byte *bufLimit) +static int MY_FAST_CALL LzmaDec_DecodeReal2(CLzmaDec* p, SizeT limit, const Byte* bufLimit) { do { SizeT limit2 = limit; - if (p->checkDicSize == 0) + if(p->checkDicSize == 0) { UInt32 rem = p->prop.dicSize - p->processedPos; - if (limit - p->dicPos > rem) + if(limit - p->dicPos > rem) limit2 = p->dicPos + rem; } RINOK(LzmaDec_DecodeReal(p, limit2, bufLimit)); - if (p->processedPos >= p->prop.dicSize) + if(p->processedPos >= p->prop.dicSize) p->checkDicSize = p->prop.dicSize; LzmaDec_WriteRem(p, limit); } - while (p->dicPos < limit && p->buf < bufLimit && p->remainLen < kMatchSpecLenStart); + while(p->dicPos < limit && p->buf < bufLimit && p->remainLen < kMatchSpecLenStart); - if (p->remainLen > kMatchSpecLenStart) + if(p->remainLen > kMatchSpecLenStart) { p->remainLen = kMatchSpecLenStart; } @@ -497,17 +497,17 @@ typedef enum DUMMY_REP } ELzmaDummy; -static ELzmaDummy LzmaDec_TryDummy(const CLzmaDec *p, const Byte *buf, SizeT inSize) +static ELzmaDummy LzmaDec_TryDummy(const CLzmaDec* p, const Byte* buf, SizeT inSize) { UInt32 range = p->range; UInt32 code = p->code; - const Byte *bufLimit = buf + inSize; - CLzmaProb *probs = p->probs; + const Byte* bufLimit = buf + inSize; + CLzmaProb* probs = p->probs; unsigned state = p->state; ELzmaDummy res; { - CLzmaProb *prob; + CLzmaProb* prob; UInt32 bound; unsigned ttt; unsigned posState = (p->processedPos) & ((1 << p->prop.pb) - 1); @@ -520,19 +520,19 @@ static ELzmaDummy LzmaDec_TryDummy(const CLzmaDec *p, const Byte *buf, SizeT inS /* if (bufLimit - buf >= 7) return DUMMY_LIT; */ prob = probs + Literal; - if (p->checkDicSize != 0 || p->processedPos != 0) + if(p->checkDicSize != 0 || p->processedPos != 0) prob += (LZMA_LIT_SIZE * ((((p->processedPos) & ((1 << (p->prop.lp)) - 1)) << p->prop.lc) + (p->dic[(p->dicPos == 0 ? p->dicBufSize : p->dicPos) - 1] >> (8 - p->prop.lc)))); - if (state < kNumLitStates) + if(state < kNumLitStates) { unsigned symbol = 1; do { GET_BIT_CHECK(prob + symbol, symbol) } - while (symbol < 0x100); + while(symbol < 0x100); } else { @@ -543,13 +543,13 @@ static ELzmaDummy LzmaDec_TryDummy(const CLzmaDec *p, const Byte *buf, SizeT inS do { unsigned bit; - CLzmaProb *probLit; + CLzmaProb* probLit; matchByte <<= 1; bit = (matchByte & offs); probLit = prob + offs + bit + symbol; GET_BIT2_CHECK(probLit, symbol, offs &= ~bit, offs &= bit) } - while (symbol < 0x100); + while(symbol < 0x100); } res = DUMMY_LIT; } @@ -613,7 +613,7 @@ static ELzmaDummy LzmaDec_TryDummy(const CLzmaDec *p, const Byte *buf, SizeT inS } { unsigned limit, offset; - CLzmaProb *probLen = prob + LenChoice; + CLzmaProb* probLen = prob + LenChoice; IF_BIT_0_CHECK(probLen) { UPDATE_0_CHECK; @@ -644,20 +644,20 @@ static ELzmaDummy LzmaDec_TryDummy(const CLzmaDec *p, const Byte *buf, SizeT inS len += offset; } - if (state < 4) + if(state < 4) { unsigned posSlot; prob = probs + PosSlot + ((len < kNumLenToPosStates ? len : kNumLenToPosStates - 1) << kNumPosSlotBits); TREE_DECODE_CHECK(prob, 1 << kNumPosSlotBits, posSlot); - if (posSlot >= kStartPosModelIndex) + if(posSlot >= kStartPosModelIndex) { int numDirectBits = ((posSlot >> 1) - 1); /* if (bufLimit - buf >= 8) return DUMMY_MATCH; */ - if (posSlot < kEndPosModelIndex) + if(posSlot < kEndPosModelIndex) { prob = probs + SpecPos + ((2 | (posSlot & 1)) << numDirectBits) - posSlot - 1; } @@ -671,7 +671,7 @@ static ELzmaDummy LzmaDec_TryDummy(const CLzmaDec *p, const Byte *buf, SizeT inS code -= range & (((code - range) >> 31) - 1); /* if (code >= range) code -= range; */ } - while (--numDirectBits != 0); + while(--numDirectBits != 0); prob = probs + Align; numDirectBits = kNumAlignBits; } @@ -681,7 +681,7 @@ static ELzmaDummy LzmaDec_TryDummy(const CLzmaDec *p, const Byte *buf, SizeT inS { GET_BIT_CHECK(prob + i, i); } - while (--numDirectBits != 0); + while(--numDirectBits != 0); } } } @@ -692,49 +692,49 @@ static ELzmaDummy LzmaDec_TryDummy(const CLzmaDec *p, const Byte *buf, SizeT inS } -static void LzmaDec_InitRc(CLzmaDec *p, const Byte *data) +static void LzmaDec_InitRc(CLzmaDec* p, const Byte* data) { p->code = ((UInt32)data[1] << 24) | ((UInt32)data[2] << 16) | ((UInt32)data[3] << 8) | ((UInt32)data[4]); p->range = 0xFFFFFFFF; p->needFlush = 0; } -void LzmaDec_InitDicAndState(CLzmaDec *p, Bool initDic, Bool initState) +void LzmaDec_InitDicAndState(CLzmaDec* p, Bool initDic, Bool initState) { p->needFlush = 1; p->remainLen = 0; p->tempBufSize = 0; - if (initDic) + if(initDic) { p->processedPos = 0; p->checkDicSize = 0; p->needInitState = 1; } - if (initState) + if(initState) p->needInitState = 1; } -void LzmaDec_Init(CLzmaDec *p) +void LzmaDec_Init(CLzmaDec* p) { p->dicPos = 0; LzmaDec_InitDicAndState(p, True, True); } -static void LzmaDec_InitStateReal(CLzmaDec *p) +static void LzmaDec_InitStateReal(CLzmaDec* p) { UInt32 numProbs = Literal + ((UInt32)LZMA_LIT_SIZE << (p->prop.lc + p->prop.lp)); UInt32 i; - CLzmaProb *probs = p->probs; - for (i = 0; i < numProbs; i++) + CLzmaProb* probs = p->probs; + for(i = 0; i < numProbs; i++) probs[i] = kBitModelTotal >> 1; p->reps[0] = p->reps[1] = p->reps[2] = p->reps[3] = 1; p->state = 0; p->needInitState = 0; } -SRes LzmaDec_DecodeToDic(CLzmaDec *p, SizeT dicLimit, const Byte *src, SizeT *srcLen, - ELzmaFinishMode finishMode, ELzmaStatus *status) +SRes LzmaDec_DecodeToDic(CLzmaDec* p, SizeT dicLimit, const Byte* src, SizeT* srcLen, + ELzmaFinishMode finishMode, ELzmaStatus* status) { SizeT inSize = *srcLen; (*srcLen) = 0; @@ -742,20 +742,20 @@ SRes LzmaDec_DecodeToDic(CLzmaDec *p, SizeT dicLimit, const Byte *src, SizeT *sr *status = LZMA_STATUS_NOT_SPECIFIED; - while (p->remainLen != kMatchSpecLenStart) + while(p->remainLen != kMatchSpecLenStart) { int checkEndMarkNow; - if (p->needFlush != 0) + if(p->needFlush != 0) { - for (; inSize > 0 && p->tempBufSize < RC_INIT_SIZE; (*srcLen)++, inSize--) + for(; inSize > 0 && p->tempBufSize < RC_INIT_SIZE; (*srcLen)++, inSize--) p->tempBuf[p->tempBufSize++] = *src++; - if (p->tempBufSize < RC_INIT_SIZE) + if(p->tempBufSize < RC_INIT_SIZE) { *status = LZMA_STATUS_NEEDS_MORE_INPUT; return SZ_OK; } - if (p->tempBuf[0] != 0) + if(p->tempBuf[0] != 0) return SZ_ERROR_DATA; LzmaDec_InitRc(p, p->tempBuf); @@ -763,19 +763,19 @@ SRes LzmaDec_DecodeToDic(CLzmaDec *p, SizeT dicLimit, const Byte *src, SizeT *sr } checkEndMarkNow = 0; - if (p->dicPos >= dicLimit) + if(p->dicPos >= dicLimit) { - if (p->remainLen == 0 && p->code == 0) + if(p->remainLen == 0 && p->code == 0) { *status = LZMA_STATUS_MAYBE_FINISHED_WITHOUT_MARK; return SZ_OK; } - if (finishMode == LZMA_FINISH_ANY) + if(finishMode == LZMA_FINISH_ANY) { *status = LZMA_STATUS_NOT_FINISHED; return SZ_OK; } - if (p->remainLen != 0) + if(p->remainLen != 0) { *status = LZMA_STATUS_NOT_FINISHED; return SZ_ERROR_DATA; @@ -783,17 +783,17 @@ SRes LzmaDec_DecodeToDic(CLzmaDec *p, SizeT dicLimit, const Byte *src, SizeT *sr checkEndMarkNow = 1; } - if (p->needInitState) + if(p->needInitState) LzmaDec_InitStateReal(p); - if (p->tempBufSize == 0) + if(p->tempBufSize == 0) { SizeT processed; - const Byte *bufLimit; - if (inSize < LZMA_REQUIRED_INPUT_MAX || checkEndMarkNow) + const Byte* bufLimit; + if(inSize < LZMA_REQUIRED_INPUT_MAX || checkEndMarkNow) { int dummyRes = LzmaDec_TryDummy(p, src, inSize); - if (dummyRes == DUMMY_ERROR) + if(dummyRes == DUMMY_ERROR) { memcpy(p->tempBuf, src, inSize); p->tempBufSize = (unsigned)inSize; @@ -801,7 +801,7 @@ SRes LzmaDec_DecodeToDic(CLzmaDec *p, SizeT dicLimit, const Byte *src, SizeT *sr *status = LZMA_STATUS_NEEDS_MORE_INPUT; return SZ_OK; } - if (checkEndMarkNow && dummyRes != DUMMY_MATCH) + if(checkEndMarkNow && dummyRes != DUMMY_MATCH) { *status = LZMA_STATUS_NOT_FINISHED; return SZ_ERROR_DATA; @@ -811,7 +811,7 @@ SRes LzmaDec_DecodeToDic(CLzmaDec *p, SizeT dicLimit, const Byte *src, SizeT *sr else bufLimit = src + inSize - LZMA_REQUIRED_INPUT_MAX; p->buf = src; - if (LzmaDec_DecodeReal2(p, dicLimit, bufLimit) != 0) + if(LzmaDec_DecodeReal2(p, dicLimit, bufLimit) != 0) return SZ_ERROR_DATA; processed = (SizeT)(p->buf - src); (*srcLen) += processed; @@ -821,26 +821,26 @@ SRes LzmaDec_DecodeToDic(CLzmaDec *p, SizeT dicLimit, const Byte *src, SizeT *sr else { unsigned rem = p->tempBufSize, lookAhead = 0; - while (rem < LZMA_REQUIRED_INPUT_MAX && lookAhead < inSize) + while(rem < LZMA_REQUIRED_INPUT_MAX && lookAhead < inSize) p->tempBuf[rem++] = src[lookAhead++]; p->tempBufSize = rem; - if (rem < LZMA_REQUIRED_INPUT_MAX || checkEndMarkNow) + if(rem < LZMA_REQUIRED_INPUT_MAX || checkEndMarkNow) { int dummyRes = LzmaDec_TryDummy(p, p->tempBuf, rem); - if (dummyRes == DUMMY_ERROR) + if(dummyRes == DUMMY_ERROR) { (*srcLen) += lookAhead; *status = LZMA_STATUS_NEEDS_MORE_INPUT; return SZ_OK; } - if (checkEndMarkNow && dummyRes != DUMMY_MATCH) + if(checkEndMarkNow && dummyRes != DUMMY_MATCH) { *status = LZMA_STATUS_NOT_FINISHED; return SZ_ERROR_DATA; } } p->buf = p->tempBuf; - if (LzmaDec_DecodeReal2(p, dicLimit, p->buf) != 0) + if(LzmaDec_DecodeReal2(p, dicLimit, p->buf) != 0) return SZ_ERROR_DATA; lookAhead -= (rem - (unsigned)(p->buf - p->tempBuf)); (*srcLen) += lookAhead; @@ -849,25 +849,25 @@ SRes LzmaDec_DecodeToDic(CLzmaDec *p, SizeT dicLimit, const Byte *src, SizeT *sr p->tempBufSize = 0; } } - if (p->code == 0) + if(p->code == 0) *status = LZMA_STATUS_FINISHED_WITH_MARK; return (p->code == 0) ? SZ_OK : SZ_ERROR_DATA; } -SRes LzmaDec_DecodeToBuf(CLzmaDec *p, Byte *dest, SizeT *destLen, const Byte *src, SizeT *srcLen, ELzmaFinishMode finishMode, ELzmaStatus *status) +SRes LzmaDec_DecodeToBuf(CLzmaDec* p, Byte* dest, SizeT* destLen, const Byte* src, SizeT* srcLen, ELzmaFinishMode finishMode, ELzmaStatus* status) { SizeT outSize = *destLen; SizeT inSize = *srcLen; *srcLen = *destLen = 0; - for (;;) + for(;;) { SizeT inSizeCur = inSize, outSizeCur, dicPos; ELzmaFinishMode curFinishMode; SRes res; - if (p->dicPos == p->dicBufSize) + if(p->dicPos == p->dicBufSize) p->dicPos = 0; dicPos = p->dicPos; - if (outSize > p->dicBufSize - dicPos) + if(outSize > p->dicBufSize - dicPos) { outSizeCur = p->dicBufSize; curFinishMode = LZMA_FINISH_ANY; @@ -887,47 +887,47 @@ SRes LzmaDec_DecodeToBuf(CLzmaDec *p, Byte *dest, SizeT *destLen, const Byte *sr dest += outSizeCur; outSize -= outSizeCur; *destLen += outSizeCur; - if (res != 0) + if(res != 0) return res; - if (outSizeCur == 0 || outSize == 0) + if(outSizeCur == 0 || outSize == 0) return SZ_OK; } } -void LzmaDec_FreeProbs(CLzmaDec *p, ISzAlloc *alloc) +void LzmaDec_FreeProbs(CLzmaDec* p, ISzAlloc* alloc) { alloc->Free(alloc, p->probs); p->probs = 0; } -static void LzmaDec_FreeDict(CLzmaDec *p, ISzAlloc *alloc) +static void LzmaDec_FreeDict(CLzmaDec* p, ISzAlloc* alloc) { alloc->Free(alloc, p->dic); p->dic = 0; } -void LzmaDec_Free(CLzmaDec *p, ISzAlloc *alloc) +void LzmaDec_Free(CLzmaDec* p, ISzAlloc* alloc) { LzmaDec_FreeProbs(p, alloc); LzmaDec_FreeDict(p, alloc); } -SRes LzmaProps_Decode(CLzmaProps *p, const Byte *data, unsigned size) +SRes LzmaProps_Decode(CLzmaProps* p, const Byte* data, unsigned size) { UInt32 dicSize; Byte d; - if (size < LZMA_PROPS_SIZE) + if(size < LZMA_PROPS_SIZE) return SZ_ERROR_UNSUPPORTED; else dicSize = data[1] | ((UInt32)data[2] << 8) | ((UInt32)data[3] << 16) | ((UInt32)data[4] << 24); - if (dicSize < LZMA_DIC_MIN) + if(dicSize < LZMA_DIC_MIN) dicSize = LZMA_DIC_MIN; p->dicSize = dicSize; d = data[0]; - if (d >= (9 * 5 * 5)) + if(d >= (9 * 5 * 5)) return SZ_ERROR_UNSUPPORTED; p->lc = d % 9; @@ -938,21 +938,21 @@ SRes LzmaProps_Decode(CLzmaProps *p, const Byte *data, unsigned size) return SZ_OK; } -static SRes LzmaDec_AllocateProbs2(CLzmaDec *p, const CLzmaProps *propNew, ISzAlloc *alloc) +static SRes LzmaDec_AllocateProbs2(CLzmaDec* p, const CLzmaProps* propNew, ISzAlloc* alloc) { UInt32 numProbs = LzmaProps_GetNumProbs(propNew); - if (p->probs == 0 || numProbs != p->numProbs) + if(p->probs == 0 || numProbs != p->numProbs) { LzmaDec_FreeProbs(p, alloc); - p->probs = (CLzmaProb *)alloc->Alloc(alloc, numProbs * sizeof(CLzmaProb)); + p->probs = (CLzmaProb*)alloc->Alloc(alloc, numProbs * sizeof(CLzmaProb)); p->numProbs = numProbs; - if (p->probs == 0) + if(p->probs == 0) return SZ_ERROR_MEM; } return SZ_OK; } -SRes LzmaDec_AllocateProbs(CLzmaDec *p, const Byte *props, unsigned propsSize, ISzAlloc *alloc) +SRes LzmaDec_AllocateProbs(CLzmaDec* p, const Byte* props, unsigned propsSize, ISzAlloc* alloc) { CLzmaProps propNew; RINOK(LzmaProps_Decode(&propNew, props, propsSize)); @@ -961,18 +961,18 @@ SRes LzmaDec_AllocateProbs(CLzmaDec *p, const Byte *props, unsigned propsSize, I return SZ_OK; } -SRes LzmaDec_Allocate(CLzmaDec *p, const Byte *props, unsigned propsSize, ISzAlloc *alloc) +SRes LzmaDec_Allocate(CLzmaDec* p, const Byte* props, unsigned propsSize, ISzAlloc* alloc) { CLzmaProps propNew; SizeT dicBufSize; RINOK(LzmaProps_Decode(&propNew, props, propsSize)); RINOK(LzmaDec_AllocateProbs2(p, &propNew, alloc)); dicBufSize = propNew.dicSize; - if (p->dic == 0 || dicBufSize != p->dicBufSize) + if(p->dic == 0 || dicBufSize != p->dicBufSize) { LzmaDec_FreeDict(p, alloc); - p->dic = (Byte *)alloc->Alloc(alloc, dicBufSize); - if (p->dic == 0) + p->dic = (Byte*)alloc->Alloc(alloc, dicBufSize); + if(p->dic == 0) { LzmaDec_FreeProbs(p, alloc); return SZ_ERROR_MEM; @@ -983,21 +983,21 @@ SRes LzmaDec_Allocate(CLzmaDec *p, const Byte *props, unsigned propsSize, ISzAll return SZ_OK; } -SRes LzmaDecode(Byte *dest, SizeT *destLen, const Byte *src, SizeT *srcLen, - const Byte *propData, unsigned propSize, ELzmaFinishMode finishMode, - ELzmaStatus *status, ISzAlloc *alloc) +SRes LzmaDecode(Byte* dest, SizeT* destLen, const Byte* src, SizeT* srcLen, + const Byte* propData, unsigned propSize, ELzmaFinishMode finishMode, + ELzmaStatus* status, ISzAlloc* alloc) { CLzmaDec p; SRes res; SizeT inSize = *srcLen; SizeT outSize = *destLen; *srcLen = *destLen = 0; - if (inSize < RC_INIT_SIZE) + if(inSize < RC_INIT_SIZE) return SZ_ERROR_INPUT_EOF; LzmaDec_Construct(&p); res = LzmaDec_AllocateProbs(&p, propData, propSize, alloc); - if (res != 0) + if(res != 0) return res; p.dic = dest; p.dicBufSize = outSize; @@ -1007,7 +1007,7 @@ SRes LzmaDecode(Byte *dest, SizeT *destLen, const Byte *src, SizeT *srcLen, *srcLen = inSize; res = LzmaDec_DecodeToDic(&p, outSize, src, srcLen, finishMode, status); - if (res == SZ_OK && *status == LZMA_STATUS_NEEDS_MORE_INPUT) + if(res == SZ_OK && *status == LZMA_STATUS_NEEDS_MORE_INPUT) res = SZ_ERROR_INPUT_EOF; (*destLen) = p.dicPos; @@ -1015,12 +1015,12 @@ SRes LzmaDecode(Byte *dest, SizeT *destLen, const Byte *src, SizeT *srcLen, return res; } -void* LzmaAllocMem(void *p, size_t size) +void* LzmaAllocMem(void* p, size_t size) { return(VirtualAlloc(NULL, size, MEM_COMMIT, PAGE_READWRITE)); } -void LzmaFreeMem(void *p, void *address) +void LzmaFreeMem(void* p, void* address) { VirtualFree(address, NULL, MEM_RELEASE); } diff --git a/TitanEngine/LzmaDec.h b/TitanEngine/LzmaDec.h index a020019..335733b 100644 --- a/TitanEngine/LzmaDec.h +++ b/TitanEngine/LzmaDec.h @@ -33,7 +33,7 @@ Returns: SZ_ERROR_UNSUPPORTED - Unsupported properties */ -SRes LzmaProps_Decode(CLzmaProps *p, const Byte *data, unsigned size); +SRes LzmaProps_Decode(CLzmaProps* p, const Byte* data, unsigned size); /* ---------- LZMA Decoder state ---------- */ @@ -46,9 +46,9 @@ SRes LzmaProps_Decode(CLzmaProps *p, const Byte *data, unsigned size); typedef struct { CLzmaProps prop; - CLzmaProb *probs; - Byte *dic; - const Byte *buf; + CLzmaProb* probs; + Byte* dic; + const Byte* buf; UInt32 range, code; SizeT dicPos; SizeT dicBufSize; @@ -66,7 +66,7 @@ typedef struct #define LzmaDec_Construct(p) { (p)->dic = 0; (p)->probs = 0; } -void LzmaDec_Init(CLzmaDec *p); +void LzmaDec_Init(CLzmaDec* p); /* There are two types of LZMA streams: 0) Stream with end mark. That end mark adds about 6 bytes to compressed size. @@ -127,11 +127,11 @@ LzmaDec_Allocate* can return: SZ_ERROR_UNSUPPORTED - Unsupported properties */ -SRes LzmaDec_AllocateProbs(CLzmaDec *p, const Byte *props, unsigned propsSize, ISzAlloc *alloc); -void LzmaDec_FreeProbs(CLzmaDec *p, ISzAlloc *alloc); +SRes LzmaDec_AllocateProbs(CLzmaDec* p, const Byte* props, unsigned propsSize, ISzAlloc* alloc); +void LzmaDec_FreeProbs(CLzmaDec* p, ISzAlloc* alloc); -SRes LzmaDec_Allocate(CLzmaDec *state, const Byte *prop, unsigned propsSize, ISzAlloc *alloc); -void LzmaDec_Free(CLzmaDec *state, ISzAlloc *alloc); +SRes LzmaDec_Allocate(CLzmaDec* state, const Byte* prop, unsigned propsSize, ISzAlloc* alloc); +void LzmaDec_Free(CLzmaDec* state, ISzAlloc* alloc); /* ---------- Dictionary Interface ---------- */ @@ -174,8 +174,8 @@ Returns: SZ_ERROR_DATA - Data error */ -SRes LzmaDec_DecodeToDic(CLzmaDec *p, SizeT dicLimit, - const Byte *src, SizeT *srcLen, ELzmaFinishMode finishMode, ELzmaStatus *status); +SRes LzmaDec_DecodeToDic(CLzmaDec* p, SizeT dicLimit, + const Byte* src, SizeT* srcLen, ELzmaFinishMode finishMode, ELzmaStatus* status); /* ---------- Buffer Interface ---------- */ @@ -191,8 +191,8 @@ finishMode: LZMA_FINISH_END - Stream must be finished after (*destLen). */ -SRes LzmaDec_DecodeToBuf(CLzmaDec *p, Byte *dest, SizeT *destLen, - const Byte *src, SizeT *srcLen, ELzmaFinishMode finishMode, ELzmaStatus *status); +SRes LzmaDec_DecodeToBuf(CLzmaDec* p, Byte* dest, SizeT* destLen, + const Byte* src, SizeT* srcLen, ELzmaFinishMode finishMode, ELzmaStatus* status); /* ---------- One Call Interface ---------- */ @@ -216,8 +216,8 @@ Returns: SZ_ERROR_INPUT_EOF - It needs more bytes in input buffer (src). */ -SRes LzmaDecode(Byte *dest, SizeT *destLen, const Byte *src, SizeT *srcLen, - const Byte *propData, unsigned propSize, ELzmaFinishMode finishMode, - ELzmaStatus *status, ISzAlloc *alloc); +SRes LzmaDecode(Byte* dest, SizeT* destLen, const Byte* src, SizeT* srcLen, + const Byte* propData, unsigned propSize, ELzmaFinishMode finishMode, + ELzmaStatus* status, ISzAlloc* alloc); #endif diff --git a/TitanEngine/LzmaTypes.h b/TitanEngine/LzmaTypes.h index 0a72285..e7e9722 100644 --- a/TitanEngine/LzmaTypes.h +++ b/TitanEngine/LzmaTypes.h @@ -108,19 +108,19 @@ typedef int Bool; typedef struct { - SRes (*Read)(void *p, void *buf, size_t *size); + SRes(*Read)(void* p, void* buf, size_t* size); /* if (input(*size) != 0 && output(*size) == 0) means end_of_stream. (output(*size) < input(*size)) is allowed */ } ISeqInStream; /* it can return SZ_ERROR_INPUT_EOF */ -SRes SeqInStream_Read(ISeqInStream *stream, void *buf, size_t size); -SRes SeqInStream_Read2(ISeqInStream *stream, void *buf, size_t size, SRes errorType); -SRes SeqInStream_ReadByte(ISeqInStream *stream, Byte *buf); +SRes SeqInStream_Read(ISeqInStream* stream, void* buf, size_t size); +SRes SeqInStream_Read2(ISeqInStream* stream, void* buf, size_t size, SRes errorType); +SRes SeqInStream_ReadByte(ISeqInStream* stream, Byte* buf); typedef struct { - size_t (*Write)(void *p, const void *buf, size_t size); + size_t (*Write)(void* p, const void* buf, size_t size); /* Returns: result - the number of actually written bytes. (result < size) means error */ } ISeqOutStream; @@ -134,78 +134,78 @@ typedef enum typedef struct { - SRes (*Read)(void *p, void *buf, size_t *size); /* same as ISeqInStream::Read */ - SRes (*Seek)(void *p, Int64 *pos, ESzSeek origin); + SRes(*Read)(void* p, void* buf, size_t* size); /* same as ISeqInStream::Read */ + SRes(*Seek)(void* p, Int64* pos, ESzSeek origin); } ISeekInStream; typedef struct { - SRes (*Look)(void *p, void **buf, size_t *size); + SRes(*Look)(void* p, void** buf, size_t* size); /* if (input(*size) != 0 && output(*size) == 0) means end_of_stream. (output(*size) > input(*size)) is not allowed (output(*size) < input(*size)) is allowed */ - SRes (*Skip)(void *p, size_t offset); + SRes(*Skip)(void* p, size_t offset); /* offset must be <= output(*size) of Look */ - SRes (*Read)(void *p, void *buf, size_t *size); + SRes(*Read)(void* p, void* buf, size_t* size); /* reads directly (without buffer). It's same as ISeqInStream::Read */ - SRes (*Seek)(void *p, Int64 *pos, ESzSeek origin); + SRes(*Seek)(void* p, Int64* pos, ESzSeek origin); } ILookInStream; -SRes LookInStream_LookRead(ILookInStream *stream, void *buf, size_t *size); -SRes LookInStream_SeekTo(ILookInStream *stream, UInt64 offset); +SRes LookInStream_LookRead(ILookInStream* stream, void* buf, size_t* size); +SRes LookInStream_SeekTo(ILookInStream* stream, UInt64 offset); /* reads via ILookInStream::Read */ -SRes LookInStream_Read2(ILookInStream *stream, void *buf, size_t size, SRes errorType); -SRes LookInStream_Read(ILookInStream *stream, void *buf, size_t size); +SRes LookInStream_Read2(ILookInStream* stream, void* buf, size_t size, SRes errorType); +SRes LookInStream_Read(ILookInStream* stream, void* buf, size_t size); #define LookToRead_BUF_SIZE (1 << 14) typedef struct { ILookInStream s; - ISeekInStream *realStream; + ISeekInStream* realStream; size_t pos; size_t size; Byte buf[LookToRead_BUF_SIZE]; } CLookToRead; -void LookToRead_CreateVTable(CLookToRead *p, int lookahead); -void LookToRead_Init(CLookToRead *p); +void LookToRead_CreateVTable(CLookToRead* p, int lookahead); +void LookToRead_Init(CLookToRead* p); typedef struct { ISeqInStream s; - ILookInStream *realStream; + ILookInStream* realStream; } CSecToLook; -void SecToLook_CreateVTable(CSecToLook *p); +void SecToLook_CreateVTable(CSecToLook* p); typedef struct { ISeqInStream s; - ILookInStream *realStream; + ILookInStream* realStream; } CSecToRead; -void SecToRead_CreateVTable(CSecToRead *p); +void SecToRead_CreateVTable(CSecToRead* p); typedef struct { - SRes (*Progress)(void *p, UInt64 inSize, UInt64 outSize); + SRes(*Progress)(void* p, UInt64 inSize, UInt64 outSize); /* Returns: result. (result != SZ_OK) means break. Value (UInt64)(Int64)-1 for size means unknown value. */ } ICompressProgress; typedef struct { - void *(*Alloc)(void *p, size_t size); - void (*Free)(void *p, void *address); /* address can be 0 */ + void* (*Alloc)(void* p, size_t size); + void (*Free)(void* p, void* address); /* address can be 0 */ } ISzAlloc; #define IAlloc_Alloc(p, size) (p)->Alloc((p), size) #define IAlloc_Free(p, a) (p)->Free((p), a) -void* LzmaAllocMem(void *p, size_t size); -void LzmaFreeMem(void *p, void *address); +void* LzmaAllocMem(void* p, size_t size); +void LzmaFreeMem(void* p, void* address); #endif diff --git a/TitanEngine/TitanEngine.Breakpoints.cpp b/TitanEngine/TitanEngine.Breakpoints.cpp index de1bc57..dff7e98 100644 --- a/TitanEngine/TitanEngine.Breakpoints.cpp +++ b/TitanEngine/TitanEngine.Breakpoints.cpp @@ -30,8 +30,8 @@ __declspec(dllexport) bool TITCALL IsBPXEnabled(ULONG_PTR bpxAddress) ULONG_PTR NumberOfBytesReadWritten = 0; DWORD MaximumBreakPoints = 0; BYTE ReadData[10] = {}; - int bpcount=(int)BreakPointBuffer.size(); - for(int i=0; i-1; i--) + for(int i = bpcount - 1; i > -1; i--) { if(BreakPointBuffer.at(i).BreakPointType == UE_BREAKPOINT) { @@ -846,7 +846,7 @@ __declspec(dllexport) bool TITCALL RemoveAllBreakPoints(DWORD RemoveOption) } else if(RemoveOption == UE_OPTION_DISABLEALL) { - for(int i=bpcount-1; i>-1; i--) + for(int i = bpcount - 1; i > -1; i--) { if(BreakPointBuffer.at(i).BreakPointType == UE_BREAKPOINT && BreakPointBuffer.at(i).BreakPointActive == UE_BPXACTIVE) { @@ -868,7 +868,7 @@ __declspec(dllexport) bool TITCALL RemoveAllBreakPoints(DWORD RemoveOption) } else if(RemoveOption == UE_OPTION_REMOVEALLDISABLED) { - for(int i=bpcount-1; i>-1; i--) + for(int i = bpcount - 1; i > -1; i--) { if(BreakPointBuffer.at(i).BreakPointType == UE_BREAKPOINT && BreakPointBuffer.at(i).BreakPointActive == UE_BPXINACTIVE) { @@ -881,7 +881,7 @@ __declspec(dllexport) bool TITCALL RemoveAllBreakPoints(DWORD RemoveOption) } else if(RemoveOption == UE_OPTION_REMOVEALLENABLED) { - for(int i=bpcount-1; i>-1; i--) + for(int i = bpcount - 1; i > -1; i--) { if(BreakPointBuffer.at(i).BreakPointType == UE_BREAKPOINT && BreakPointBuffer.at(i).BreakPointActive == UE_BPXACTIVE) { diff --git a/TitanEngine/TitanEngine.Debugger.Context.cpp b/TitanEngine/TitanEngine.Debugger.Context.cpp index 5010903..c4850d1 100644 --- a/TitanEngine/TitanEngine.Debugger.Context.cpp +++ b/TitanEngine/TitanEngine.Debugger.Context.cpp @@ -13,7 +13,7 @@ __declspec(dllexport) bool TITCALL GetContextFPUDataEx(HANDLE hActiveThread, voi memset(&DBGContext, 0, sizeof(CONTEXT)); DBGContext.ContextFlags = CONTEXT_ALL; - if(SuspendThread(hActiveThread) == (DWORD)-1) + if(SuspendThread(hActiveThread) == (DWORD) - 1) return false; if(!GetThreadContext(hActiveThread, &DBGContext)) @@ -39,7 +39,7 @@ __declspec(dllexport) ULONG_PTR TITCALL GetContextDataEx(HANDLE hActiveThread, D memset(&DBGContext, 0, sizeof(CONTEXT)); DBGContext.ContextFlags = CONTEXT_ALL; - if(SuspendThread(hActiveThread) == (DWORD)-1) + if(SuspendThread(hActiveThread) == (DWORD) - 1) return retValue; if(!GetThreadContext(hActiveThread, &DBGContext)) @@ -52,43 +52,43 @@ __declspec(dllexport) ULONG_PTR TITCALL GetContextDataEx(HANDLE hActiveThread, D #ifdef _WIN64 //x64 if(IndexOfRegister == UE_EAX) { - retValue = DBGContext.Rax&0xFFFFFFFF; + retValue = DBGContext.Rax & 0xFFFFFFFF; } else if(IndexOfRegister == UE_EBX) { - retValue = DBGContext.Rbx&0xFFFFFFFF; + retValue = DBGContext.Rbx & 0xFFFFFFFF; } else if(IndexOfRegister == UE_ECX) { - retValue = DBGContext.Rcx&0xFFFFFFFF; + retValue = DBGContext.Rcx & 0xFFFFFFFF; } else if(IndexOfRegister == UE_EDX) { - retValue = DBGContext.Rdx&0xFFFFFFFF; + retValue = DBGContext.Rdx & 0xFFFFFFFF; } else if(IndexOfRegister == UE_EDI) { - retValue = DBGContext.Rdi&0xFFFFFFFF; + retValue = DBGContext.Rdi & 0xFFFFFFFF; } else if(IndexOfRegister == UE_ESI) { - retValue = DBGContext.Rsi&0xFFFFFFFF; + retValue = DBGContext.Rsi & 0xFFFFFFFF; } else if(IndexOfRegister == UE_EBP) { - retValue = DBGContext.Rbp&0xFFFFFFFF; + retValue = DBGContext.Rbp & 0xFFFFFFFF; } else if(IndexOfRegister == UE_ESP) { - retValue = DBGContext.Rsp&0xFFFFFFFF; + retValue = DBGContext.Rsp & 0xFFFFFFFF; } else if(IndexOfRegister == UE_EIP) { - retValue = DBGContext.Rip&0xFFFFFFFF; + retValue = DBGContext.Rip & 0xFFFFFFFF; } else if(IndexOfRegister == UE_EFLAGS) { - retValue = DBGContext.EFlags&0xFFFFFFFF; + retValue = DBGContext.EFlags & 0xFFFFFFFF; } else if(IndexOfRegister == UE_RAX) { @@ -273,7 +273,7 @@ __declspec(dllexport) ULONG_PTR TITCALL GetContextDataEx(HANDLE hActiveThread, D __declspec(dllexport) ULONG_PTR TITCALL GetContextData(DWORD IndexOfRegister) { - HANDLE hActiveThread = OpenThread(THREAD_SUSPEND_RESUME|THREAD_GET_CONTEXT, false, DBGEvent.dwThreadId); + HANDLE hActiveThread = OpenThread(THREAD_SUSPEND_RESUME | THREAD_GET_CONTEXT, false, DBGEvent.dwThreadId); ULONG_PTR ContextReturn = GetContextDataEx(hActiveThread, IndexOfRegister); EngineCloseHandle(hActiveThread); return ContextReturn; @@ -287,7 +287,7 @@ __declspec(dllexport) bool TITCALL SetContextFPUDataEx(HANDLE hActiveThread, voi memset(&DBGContext, 0, sizeof(CONTEXT)); DBGContext.ContextFlags = CONTEXT_ALL; - if(SuspendThread(hActiveThread) == (DWORD)-1) + if(SuspendThread(hActiveThread) == (DWORD) - 1) return false; if(!GetThreadContext(hActiveThread, &DBGContext)) @@ -316,7 +316,7 @@ __declspec(dllexport) bool TITCALL SetContextDataEx(HANDLE hActiveThread, DWORD memset(&DBGContext, 0, sizeof(CONTEXT)); DBGContext.ContextFlags = CONTEXT_ALL; - if(SuspendThread(hActiveThread) == (DWORD)-1) + if(SuspendThread(hActiveThread) == (DWORD) - 1) return false; if(!GetThreadContext(hActiveThread, &DBGContext)) @@ -324,7 +324,7 @@ __declspec(dllexport) bool TITCALL SetContextDataEx(HANDLE hActiveThread, DWORD ResumeThread(hActiveThread); return false; } - + #ifdef _WIN64 //x64 if(IndexOfRegister == UE_EAX) { @@ -571,7 +571,7 @@ __declspec(dllexport) bool TITCALL SetContextDataEx(HANDLE hActiveThread, DWORD __declspec(dllexport) bool TITCALL SetContextData(DWORD IndexOfRegister, ULONG_PTR NewRegisterValue) { - HANDLE hActiveThread = OpenThread(THREAD_SUSPEND_RESUME|THREAD_SET_CONTEXT|THREAD_GET_CONTEXT, false, DBGEvent.dwThreadId); + HANDLE hActiveThread = OpenThread(THREAD_SUSPEND_RESUME | THREAD_SET_CONTEXT | THREAD_GET_CONTEXT, false, DBGEvent.dwThreadId); bool ContextReturn = SetContextDataEx(hActiveThread, IndexOfRegister, NewRegisterValue); EngineCloseHandle(hActiveThread); return ContextReturn; diff --git a/TitanEngine/TitanEngine.Debugger.Control.cpp b/TitanEngine/TitanEngine.Debugger.Control.cpp index 87a34d4..1a35bf2 100644 --- a/TitanEngine/TitanEngine.Debugger.Control.cpp +++ b/TitanEngine/TitanEngine.Debugger.Control.cpp @@ -8,23 +8,23 @@ __declspec(dllexport) void TITCALL ForceClose() { //manage process list - int processcount=(int)hListProcess.size(); - for(int i=0; i NULL) + if(GetMappedFileNameW(GetCurrentProcess(), hFileMappingView, DLLDebugFileName, sizeof(DLLDebugFileName) / sizeof(DLLDebugFileName[0])) > NULL) { int i = lstrlenW(DLLDebugFileName); - while(DLLDebugFileName[i]!='\\' && i) + while(DLLDebugFileName[i] != '\\' && i) i--; if(DebugDebuggingDLL) { - if(lstrcmpiW(&DLLDebugFileName[i+1], DebugDebuggingDLLFileName) == NULL) + if(lstrcmpiW(&DLLDebugFileName[i + 1], DebugDebuggingDLLFileName) == NULL) { CloseHandle(DebugDLLFileMapping); //close file mapping handle SetBPX(DebugModuleEntryPoint + (ULONG_PTR)DBGEvent.u.LoadDll.lpBaseOfDll, UE_SINGLESHOOT, DebugModuleEntryPointCallBack); @@ -334,12 +334,12 @@ __declspec(dllexport) void TITCALL DebugLoop() } if(engineFakeDLLHandle == NULL) { - if(_wcsicmp(&DLLDebugFileName[i+1], L"kernel32.dll") == NULL) + if(_wcsicmp(&DLLDebugFileName[i + 1], L"kernel32.dll") == NULL) { engineFakeDLLHandle = (ULONG_PTR)DBGEvent.u.LoadDll.lpBaseOfDll; } } - lstrcpyW(NewLibraryData.szLibraryName, &DLLDebugFileName[i+1]); + lstrcpyW(NewLibraryData.szLibraryName, &DLLDebugFileName[i + 1]); szTranslatedNativeName = (wchar_t*)TranslateNativeNameW(DLLDebugFileName); lstrcpyW(NewLibraryData.szLibraryPath, szTranslatedNativeName); VirtualFree((void*)szTranslatedNativeName, NULL, MEM_RELEASE); @@ -349,7 +349,7 @@ __declspec(dllexport) void TITCALL DebugLoop() //library breakpoint for(int i = (int)LibrarianData.size() - 1; i >= 0; i--) { - ptrLibrarianData=&LibrarianData.at(i); + ptrLibrarianData = &LibrarianData.at(i); if(!_stricmp(ptrLibrarianData->szLibraryName, szAnsiLibraryName)) { if(ptrLibrarianData->bpxType == UE_ON_LIB_LOAD || ptrLibrarianData->bpxType == UE_ON_LIB_ALL) @@ -416,7 +416,7 @@ __declspec(dllexport) void TITCALL DebugLoop() RtlZeroMemory(szAnsiLibraryName, sizeof(szAnsiLibraryName)); WideCharToMultiByte(CP_ACP, NULL, hLoadedLibData->szLibraryName, -1, szAnsiLibraryName, sizeof szAnsiLibraryName, NULL, NULL); - for(int i= (int)LibrarianData.size() - 1; i >= 0; i--) + for(int i = (int)LibrarianData.size() - 1; i >= 0; i--) { ptrLibrarianData = &LibrarianData.at(i); if(!_stricmp(ptrLibrarianData->szLibraryName, szAnsiLibraryName)) @@ -453,7 +453,7 @@ __declspec(dllexport) void TITCALL DebugLoop() EngineCloseHandle(hListLibrary.at(i).hFileMapping); } EngineCloseHandle(hListLibrary.at(i).hFile); - hListLibrary.erase(hListLibrary.begin()+i); + hListLibrary.erase(hListLibrary.begin() + i); break; } } @@ -519,17 +519,17 @@ __declspec(dllexport) void TITCALL DebugLoop() { case STATUS_BREAKPOINT: { - bool bFoundBreakPoint=false; + bool bFoundBreakPoint = false; BreakPointDetail FoundBreakPoint; - int bpcount=(int)BreakPointBuffer.size(); - for(int i=0; ichSingleStep != NULL) { @@ -936,28 +936,28 @@ __declspec(dllexport) void TITCALL DebugLoop() case STATUS_GUARD_PAGE_VIOLATION: { ULONG_PTR bpaddr; - bool bFoundBreakPoint=false; + bool bFoundBreakPoint = false; BreakPointDetail FoundBreakPoint; - int bpcount=(int)BreakPointBuffer.size(); - for(int i=0; i=addr && bpaddr<(addr+BreakPointBuffer.at(i).BreakPointSize) && + ULONG_PTR addr = BreakPointBuffer.at(i).BreakPointAddress; + bpaddr = (ULONG_PTR)DBGEvent.u.Exception.ExceptionRecord.ExceptionInformation[1]; //page accessed + if(bpaddr >= addr && bpaddr < (addr + BreakPointBuffer.at(i).BreakPointSize) && (BreakPointBuffer.at(i).BreakPointType == UE_MEMORY || BreakPointBuffer.at(i).BreakPointType == UE_MEMORY_READ || BreakPointBuffer.at(i).BreakPointType == UE_MEMORY_WRITE || BreakPointBuffer.at(i).BreakPointType == UE_MEMORY_EXECUTE) && BreakPointBuffer.at(i).BreakPointActive == UE_BPXACTIVE) { - FoundBreakPoint=BreakPointBuffer.at(i); - bFoundBreakPoint=true; + FoundBreakPoint = BreakPointBuffer.at(i); + bFoundBreakPoint = true; break; } } if(bFoundBreakPoint) //found memory breakpoint { - hActiveThread = OpenThread(THREAD_GET_CONTEXT|THREAD_SET_CONTEXT, false, DBGEvent.dwThreadId); + hActiveThread = OpenThread(THREAD_GET_CONTEXT | THREAD_SET_CONTEXT, false, DBGEvent.dwThreadId); myDBGContext.ContextFlags = CONTEXT_CONTROL; GetThreadContext(hActiveThread, &myDBGContext); DBGCode = DBG_CONTINUE; //debugger handled the exception @@ -1107,13 +1107,13 @@ __declspec(dllexport) void TITCALL DebugLoop() ULONG_PTR ueCurrentPosition = GetContextData(UE_CIP); unsigned char instr[16]; MemoryReadSafe(dbgProcessInformation.hProcess, (void*)ueCurrentPosition, instr, sizeof(instr), 0); - char* DisassembledString=(char*)StaticDisassembleEx(ueCurrentPosition, (LPVOID)instr); + char* DisassembledString = (char*)StaticDisassembleEx(ueCurrentPosition, (LPVOID)instr); if(strstr(DisassembledString, "PUSHF")) PushfBPX = true; } //debuggee generated GUARD_PAGE exception - if(DBGCode==DBG_EXCEPTION_NOT_HANDLED) + if(DBGCode == DBG_EXCEPTION_NOT_HANDLED) { //TODO: restore memory breakpoint? if(DBGCustomHandler->chPageGuard != NULL) @@ -1152,17 +1152,17 @@ __declspec(dllexport) void TITCALL DebugLoop() case STATUS_ILLEGAL_INSTRUCTION: { //UD2 breakpoint - bool bFoundBreakPoint=false; + bool bFoundBreakPoint = false; BreakPointDetail FoundBreakPoint; - int bpcount=(int)BreakPointBuffer.size(); - for(int i=0; ichIllegalInstruction != NULL) { @@ -1351,7 +1351,7 @@ __declspec(dllexport) void TITCALL DebugLoop() } //general unhandled exception callback - if(DBGCode==DBG_EXCEPTION_NOT_HANDLED) + if(DBGCode == DBG_EXCEPTION_NOT_HANDLED) { if(engineExecutePluginCallBack) { @@ -1423,7 +1423,7 @@ __declspec(dllexport) void TITCALL DebugLoop() break; } if(!ThreaderGetThreadInfo(0, DBGEvent.dwThreadId)) //switch thread - DBGEvent.dwThreadId=dbgProcessInformation.dwThreadId; + DBGEvent.dwThreadId = dbgProcessInformation.dwThreadId; } if(!SecondChance) //debugger didn't close with a second chance exception (normal exit) diff --git a/TitanEngine/TitanEngine.Debugger.Memory.cpp b/TitanEngine/TitanEngine.Debugger.Memory.cpp index 9703cd3..7564778 100644 --- a/TitanEngine/TitanEngine.Debugger.Memory.cpp +++ b/TitanEngine/TitanEngine.Debugger.Memory.cpp @@ -51,7 +51,7 @@ __declspec(dllexport) bool TITCALL MatchPatternEx(HANDLE hProcess, void* MemoryT if(memCmp) { - for(int i=0; iArray.bArrayEntry[i] != memPattern->Array.bArrayEntry[i] && memPattern->Array.bArrayEntry[i] != *WildCard) { @@ -78,7 +78,7 @@ __declspec(dllexport) bool TITCALL MatchPattern(void* MemoryToCheck, int SizeOfM __declspec(dllexport) ULONG_PTR TITCALL FindEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, LPBYTE WildCard) { - if(!hProcess || !MemoryStart ||!MemorySize || !SearchPattern || !PatternSize) + if(!hProcess || !MemoryStart || !MemorySize || !SearchPattern || !PatternSize) return 0; ULONG_PTR Return = NULL; @@ -128,10 +128,10 @@ __declspec(dllexport) ULONG_PTR TITCALL FindEx(HANDLE hProcess, LPVOID MemorySta CompareBuffer = (PUCHAR)SearchPattern; - DWORD i,j; - for(i=0; i < MemorySize && Return == NULL; i++) + DWORD i, j; + for(i = 0; i < MemorySize && Return == NULL; i++) { - for(j=0; j < PatternSize; j++) + for(j = 0; j < PatternSize; j++) { if(CompareBuffer[j] != *(PUCHAR)WildCard && SearchBuffer[i + j] != CompareBuffer[j]) { @@ -205,7 +205,7 @@ __declspec(dllexport) bool TITCALL Fill(LPVOID MemoryStart, DWORD MemorySize, PB __declspec(dllexport) bool TITCALL PatchEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, LPVOID ReplacePattern, DWORD ReplaceSize, bool AppendNOP, bool PrependNOP) { - unsigned int i,recalcSize; + unsigned int i, recalcSize; LPVOID lpMemoryStart = MemoryStart; MEMORY_BASIC_INFORMATION MemInfo; ULONG_PTR ueNumberOfBytesRead; @@ -326,20 +326,20 @@ __declspec(dllexport) bool TITCALL Replace(LPVOID MemoryStart, DWORD MemorySize, //what should this function do: //- do all possible effort to read memory //- filter out breakpoints -__declspec(dllexport) bool TITCALL MemoryReadSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T * lpNumberOfBytesRead) +__declspec(dllexport) bool TITCALL MemoryReadSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T* lpNumberOfBytesRead) { SIZE_T ueNumberOfBytesRead = 0; - SIZE_T * pNumBytes = 0; + SIZE_T* pNumBytes = 0; DWORD dwProtect = 0; bool retValue = false; //read memory - if ( (hProcess == 0) || (lpBaseAddress == 0) || (lpBuffer == 0) || (nSize == 0)) + if((hProcess == 0) || (lpBaseAddress == 0) || (lpBuffer == 0) || (nSize == 0)) { return false; } - if (!lpNumberOfBytesRead) + if(!lpNumberOfBytesRead) { pNumBytes = &ueNumberOfBytesRead; } @@ -350,9 +350,9 @@ __declspec(dllexport) bool TITCALL MemoryReadSafe(HANDLE hProcess, LPVOID lpBase if(!ReadProcessMemory(hProcess, lpBaseAddress, lpBuffer, nSize, pNumBytes)) { - if (VirtualProtectEx(hProcess, lpBaseAddress, nSize, PAGE_EXECUTE_READWRITE, &dwProtect)) + if(VirtualProtectEx(hProcess, lpBaseAddress, nSize, PAGE_EXECUTE_READWRITE, &dwProtect)) { - if (ReadProcessMemory(hProcess, lpBaseAddress, lpBuffer, nSize, pNumBytes)) + if(ReadProcessMemory(hProcess, lpBaseAddress, lpBuffer, nSize, pNumBytes)) { retValue = true; } @@ -374,15 +374,15 @@ __declspec(dllexport) bool TITCALL MemoryReadSafe(HANDLE hProcess, LPVOID lpBase //what should this function do: //- do all possible effort to write memory //- re-set breakpoints when overwritten -__declspec(dllexport) bool TITCALL MemoryWriteSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID lpBuffer, SIZE_T nSize, SIZE_T * lpNumberOfBytesWritten) +__declspec(dllexport) bool TITCALL MemoryWriteSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID lpBuffer, SIZE_T nSize, SIZE_T* lpNumberOfBytesWritten) { SIZE_T ueNumberOfBytesWritten = 0; - SIZE_T * pNumBytes = 0; + SIZE_T* pNumBytes = 0; DWORD dwProtect = 0; bool retValue = false; //read memory - if ( (hProcess == 0) || (lpBaseAddress == 0) || (lpBuffer == 0) || (nSize == 0)) + if((hProcess == 0) || (lpBaseAddress == 0) || (lpBuffer == 0) || (nSize == 0)) { return false; } @@ -391,7 +391,7 @@ __declspec(dllexport) bool TITCALL MemoryWriteSafe(HANDLE hProcess, LPVOID lpBas //disable breakpoints that interfere with the memory to write BreakPointPreWriteFilter((ULONG_PTR)lpBaseAddress, nSize, &lock); - if (!lpNumberOfBytesWritten) + if(!lpNumberOfBytesWritten) { pNumBytes = &ueNumberOfBytesWritten; } @@ -402,9 +402,9 @@ __declspec(dllexport) bool TITCALL MemoryWriteSafe(HANDLE hProcess, LPVOID lpBas if(!WriteProcessMemory(hProcess, lpBaseAddress, lpBuffer, nSize, pNumBytes)) { - if (VirtualProtectEx(hProcess, lpBaseAddress, nSize, PAGE_EXECUTE_READWRITE, &dwProtect)) + if(VirtualProtectEx(hProcess, lpBaseAddress, nSize, PAGE_EXECUTE_READWRITE, &dwProtect)) { - if (WriteProcessMemory(hProcess, lpBaseAddress, lpBuffer, nSize, pNumBytes)) + if(WriteProcessMemory(hProcess, lpBaseAddress, lpBuffer, nSize, pNumBytes)) { retValue = true; } diff --git a/TitanEngine/TitanEngine.Debugger.cpp b/TitanEngine/TitanEngine.Debugger.cpp index 0cfbee5..812a82d 100644 --- a/TitanEngine/TitanEngine.Debugger.cpp +++ b/TitanEngine/TitanEngine.Debugger.cpp @@ -19,9 +19,9 @@ __declspec(dllexport) void* TITCALL InitDebug(char* szFileName, char* szCommandL if(szFileName != NULL) { - MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); - MultiByteToWideChar(CP_ACP, NULL, szCommandLine, lstrlenA(szCommandLine)+1, uniCommandLine, sizeof(uniCommandLine)/(sizeof(uniCommandLine[0]))); - MultiByteToWideChar(CP_ACP, NULL, szCurrentFolder, lstrlenA(szCurrentFolder)+1, uniCurrentFolder, sizeof(uniCurrentFolder)/(sizeof(uniCurrentFolder[0]))); + MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0]))); + MultiByteToWideChar(CP_ACP, NULL, szCommandLine, lstrlenA(szCommandLine) + 1, uniCommandLine, sizeof(uniCommandLine) / (sizeof(uniCommandLine[0]))); + MultiByteToWideChar(CP_ACP, NULL, szCurrentFolder, lstrlenA(szCurrentFolder) + 1, uniCurrentFolder, sizeof(uniCurrentFolder) / (sizeof(uniCurrentFolder[0]))); if(szFileName != NULL) { PtrUniFileName = &uniFileName[0]; @@ -47,13 +47,13 @@ __declspec(dllexport) void* TITCALL InitDebugW(wchar_t* szFileName, wchar_t* szC if(DebugDebuggingDLL) { - DebugConsoleFlag = CREATE_NO_WINDOW|CREATE_SUSPENDED; + DebugConsoleFlag = CREATE_NO_WINDOW | CREATE_SUSPENDED; } else if(engineRemoveConsoleForDebugee) { DebugConsoleFlag = CREATE_NO_WINDOW; } - + if(engineEnableDebugPrivilege) { EngineSetDebugPrivilege(GetCurrentProcess(), true); @@ -63,17 +63,17 @@ __declspec(dllexport) void* TITCALL InitDebugW(wchar_t* szFileName, wchar_t* szC wchar_t* szCommandLineCreateProcess; if(szCommandLine == NULL || !lstrlenW(szCommandLine)) { - szCommandLineCreateProcess=0; - szFileNameCreateProcess=szFileName; + szCommandLineCreateProcess = 0; + szFileNameCreateProcess = szFileName; } else { wchar_t szCreateWithCmdLine[1024]; wsprintfW(szCreateWithCmdLine, L"\"%s\" %s", szFileName, szCommandLine); - szCommandLineCreateProcess=szCreateWithCmdLine; - szFileNameCreateProcess=0; + szCommandLineCreateProcess = szCreateWithCmdLine; + szFileNameCreateProcess = 0; } - if(CreateProcessW(szFileNameCreateProcess, szCommandLineCreateProcess, NULL, NULL, false, DEBUG_PROCESS|DEBUG_ONLY_THIS_PROCESS|DebugConsoleFlag|CREATE_NEW_CONSOLE, NULL, szCurrentFolder, &dbgStartupInfo, &dbgProcessInformation)) + if(CreateProcessW(szFileNameCreateProcess, szCommandLineCreateProcess, NULL, NULL, false, DEBUG_PROCESS | DEBUG_ONLY_THIS_PROCESS | DebugConsoleFlag | CREATE_NEW_CONSOLE, NULL, szCurrentFolder, &dbgStartupInfo, &dbgProcessInformation)) { if(engineEnableDebugPrivilege) EngineSetDebugPrivilege(GetCurrentProcess(), false); @@ -119,9 +119,9 @@ __declspec(dllexport) void* TITCALL InitDLLDebug(char* szFileName, bool ReserveM if(szFileName != NULL) { - MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); - MultiByteToWideChar(CP_ACP, NULL, szCommandLine, lstrlenA(szCommandLine)+1, uniCommandLine, sizeof(uniCommandLine)/(sizeof(uniCommandLine[0]))); - MultiByteToWideChar(CP_ACP, NULL, szCurrentFolder, lstrlenA(szCurrentFolder)+1, uniCurrentFolder, sizeof(uniCurrentFolder)/(sizeof(uniCurrentFolder[0]))); + MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0]))); + MultiByteToWideChar(CP_ACP, NULL, szCommandLine, lstrlenA(szCommandLine) + 1, uniCommandLine, sizeof(uniCommandLine) / (sizeof(uniCommandLine[0]))); + MultiByteToWideChar(CP_ACP, NULL, szCurrentFolder, lstrlenA(szCurrentFolder) + 1, uniCurrentFolder, sizeof(uniCurrentFolder) / (sizeof(uniCurrentFolder[0]))); if(szFileName != NULL) { PtrUniFileName = &uniFileName[0]; @@ -155,14 +155,14 @@ __declspec(dllexport) void* TITCALL InitDLLDebugW(wchar_t* szFileName, bool Rese int i = lstrlenW(szDebuggerName); while(szDebuggerName[i] != '\\' && i) i--; - wchar_t DLLLoaderName[64]=L""; + wchar_t DLLLoaderName[64] = L""; #ifdef _WIN64 - wsprintfW(DLLLoaderName, L"DLLLoader64_%.4X.exe", GetTickCount()&0xFFFF); + wsprintfW(DLLLoaderName, L"DLLLoader64_%.4X.exe", GetTickCount() & 0xFFFF); #else - wsprintfW(DLLLoaderName, L"DLLLoader32_%.4X.exe", GetTickCount()&0xFFFF); + wsprintfW(DLLLoaderName, L"DLLLoader32_%.4X.exe", GetTickCount() & 0xFFFF); #endif if(i) - lstrcpyW(szDebuggerName+i+1, DLLLoaderName); + lstrcpyW(szDebuggerName + i + 1, DLLLoaderName); else lstrcpyW(szDebuggerName, DLLLoaderName); @@ -179,7 +179,7 @@ __declspec(dllexport) void* TITCALL InitDLLDebugW(wchar_t* szFileName, bool Rese DebugDebuggingDLLBase = NULL; DebugDebuggingMainModuleBase = NULL; DebugDebuggingDLLFullFileName = szFileName; - DebugDebuggingDLLFileName = &szFileName[i+1]; + DebugDebuggingDLLFileName = &szFileName[i + 1]; DebugModuleImageBase = (ULONG_PTR)GetPE32DataW(szFileName, NULL, UE_IMAGEBASE); DebugModuleEntryPoint = (ULONG_PTR)GetPE32DataW(szFileName, NULL, UE_OEP); DebugModuleEntryPointCallBack = EntryCallBack; @@ -187,12 +187,12 @@ __declspec(dllexport) void* TITCALL InitDLLDebugW(wchar_t* szFileName, bool Rese if(ReserveModuleBase) DebugReserveModuleBase = DebugModuleImageBase; PPROCESS_INFORMATION ReturnValue = (PPROCESS_INFORMATION)InitDebugW(szDebuggerName, szCommandLine, szCurrentFolder); - wchar_t szName[256]=L""; + wchar_t szName[256] = L""; swprintf(szName, 256, L"Global\\szLibraryName%X", (unsigned int)ReturnValue->dwProcessId); - DebugDLLFileMapping=CreateFileMappingW(INVALID_HANDLE_VALUE, 0, PAGE_READWRITE, 0, 512*sizeof(wchar_t), szName); + DebugDLLFileMapping = CreateFileMappingW(INVALID_HANDLE_VALUE, 0, PAGE_READWRITE, 0, 512 * sizeof(wchar_t), szName); if(DebugDLLFileMapping) { - wchar_t* szLibraryPathMapping=(wchar_t*)MapViewOfFile(DebugDLLFileMapping, FILE_MAP_ALL_ACCESS, 0, 0, 512*sizeof(wchar_t)); + wchar_t* szLibraryPathMapping = (wchar_t*)MapViewOfFile(DebugDLLFileMapping, FILE_MAP_ALL_ACCESS, 0, 0, 512 * sizeof(wchar_t)); if(szLibraryPathMapping) { wcscpy(szLibraryPathMapping, DebugDebuggingDLLFullFileName); @@ -219,7 +219,7 @@ __declspec(dllexport) bool TITCALL StopDebug() __declspec(dllexport) bool TITCALL AttachDebugger(DWORD ProcessId, bool KillOnExit, LPVOID DebugInfo, LPVOID CallBack) { - typedef void(WINAPI *fDebugSetProcessKillOnExit)(bool KillExitingDebugee); + typedef void(WINAPI * fDebugSetProcessKillOnExit)(bool KillExitingDebugee); fDebugSetProcessKillOnExit myDebugSetProcessKillOnExit; LPVOID funcDebugSetProcessKillOnExit = NULL; @@ -259,7 +259,7 @@ __declspec(dllexport) bool TITCALL AttachDebugger(DWORD ProcessId, bool KillOnEx __declspec(dllexport) bool TITCALL DetachDebugger(DWORD ProcessId) { - typedef bool(WINAPI *fDebugActiveProcessStop)(DWORD dwProcessId); + typedef bool(WINAPI * fDebugActiveProcessStop)(DWORD dwProcessId); fDebugActiveProcessStop myDebugActiveProcessStop; LPVOID funcDebugActiveProcessStop = NULL; bool FuncReturn = false; @@ -292,10 +292,10 @@ __declspec(dllexport) bool TITCALL DetachDebugger(DWORD ProcessId) __declspec(dllexport) bool TITCALL DetachDebuggerEx(DWORD ProcessId) { ThreaderPauseProcess(); - int threadcount=(int)hListThread.size(); - for(int i=0; i= length) + if(res >= length) { return length; //good } @@ -32,7 +32,7 @@ SIZE_T IsBadReadPtrRemote(HANDLE hProcess, const VOID *lp, SIZE_T length) do { - if (VirtualQueryEx(hProcess, (LPVOID)section, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION))) + if(VirtualQueryEx(hProcess, (LPVOID)section, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION))) { if(MemInfo.State == MEM_COMMIT) { @@ -51,11 +51,11 @@ SIZE_T IsBadReadPtrRemote(HANDLE hProcess, const VOID *lp, SIZE_T length) section += (ULONG_PTR)MemInfo.RegionSize; } - while (res < length); + while(res < length); return length; //good } - } + } } @@ -70,7 +70,7 @@ __declspec(dllexport) void* TITCALL StaticDisassembleEx(ULONG_PTR DisassmStart, int MaxDisassmSize = (int)IsBadReadPtrRemote(GetCurrentProcess(), DisassmAddress, MAXIMUM_INSTRUCTION_SIZE); if(MaxDisassmSize) { - if (distorm_decode((ULONG_PTR)DisassmStart, (const unsigned char*)DisassmAddress, MaxDisassmSize, DecodingType, engineDecodedInstructions, _countof(engineDecodedInstructions), &DecodedInstructionsCount) != DECRES_INPUTERR) + if(distorm_decode((ULONG_PTR)DisassmStart, (const unsigned char*)DisassmAddress, MaxDisassmSize, DecodingType, engineDecodedInstructions, _countof(engineDecodedInstructions), &DecodedInstructionsCount) != DECRES_INPUTERR) { RtlZeroMemory(engineDisassembledInstruction, sizeof(engineDisassembledInstruction)); @@ -100,14 +100,14 @@ __declspec(dllexport) void* TITCALL DisassembleEx(HANDLE hProcess, LPVOID Disass if(hProcess != NULL) { - int MaxDisassmSize = (int)IsBadReadPtrRemote(hProcess,DisassmAddress, sizeof(readBuffer)); + int MaxDisassmSize = (int)IsBadReadPtrRemote(hProcess, DisassmAddress, sizeof(readBuffer)); if(MaxDisassmSize) { BOOL rpm = MemoryReadSafe(hProcess, DisassmAddress, readBuffer, MaxDisassmSize, 0); if(rpm) { - if (distorm_decode((ULONG_PTR)DisassmAddress, readBuffer, MaxDisassmSize, DecodingType, engineDecodedInstructions, _countof(engineDecodedInstructions), &DecodedInstructionsCount) != DECRES_INPUTERR) + if(distorm_decode((ULONG_PTR)DisassmAddress, readBuffer, MaxDisassmSize, DecodingType, engineDecodedInstructions, _countof(engineDecodedInstructions), &DecodedInstructionsCount) != DECRES_INPUTERR) { RtlZeroMemory(engineDisassembledInstruction, sizeof(engineDisassembledInstruction)); @@ -149,18 +149,18 @@ __declspec(dllexport) long TITCALL LengthDisassembleEx(HANDLE hProcess, LPVOID D if(hProcess != NULL) { - int MaxDisassmSize = (int)IsBadReadPtrRemote(hProcess,DisassmAddress, sizeof(readBuffer)); + int MaxDisassmSize = (int)IsBadReadPtrRemote(hProcess, DisassmAddress, sizeof(readBuffer)); - if (MaxDisassmSize && MemoryReadSafe(hProcess, (LPVOID)DisassmAddress, readBuffer, MaxDisassmSize, 0)) + if(MaxDisassmSize && MemoryReadSafe(hProcess, (LPVOID)DisassmAddress, readBuffer, MaxDisassmSize, 0)) { decomposerCi.code = readBuffer; decomposerCi.codeLen = MaxDisassmSize; decomposerCi.dt = DecodingType; decomposerCi.codeOffset = (LONG_PTR)DisassmAddress; - if (distorm_decompose(&decomposerCi, decomposerResult, _countof(decomposerResult), &DecodedInstructionsCount) != DECRES_INPUTERR) + if(distorm_decompose(&decomposerCi, decomposerResult, _countof(decomposerResult), &DecodedInstructionsCount) != DECRES_INPUTERR) { - if (decomposerResult[0].flags != FLAG_NOT_DECODABLE) + if(decomposerResult[0].flags != FLAG_NOT_DECODABLE) { return decomposerResult[0].size; } diff --git a/TitanEngine/TitanEngine.Dumper.cpp b/TitanEngine/TitanEngine.Dumper.cpp index 7f7ee30..f8bc7e4 100644 --- a/TitanEngine/TitanEngine.Dumper.cpp +++ b/TitanEngine/TitanEngine.Dumper.cpp @@ -45,7 +45,7 @@ __declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBas DOSHeader = (PIMAGE_DOS_HEADER)ueReadBuffer; PEHeader32 = (PIMAGE_NT_HEADERS32)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew); - if ((DOSHeader->e_lfanew > 0x500) || (DOSHeader->e_magic != IMAGE_DOS_SIGNATURE) || (PEHeader32->Signature != IMAGE_NT_SIGNATURE)) + if((DOSHeader->e_lfanew > 0x500) || (DOSHeader->e_magic != IMAGE_DOS_SIGNATURE) || (PEHeader32->Signature != IMAGE_NT_SIGNATURE)) { return false; } @@ -126,7 +126,7 @@ __declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBas } PEFixHeader32->OptionalHeader.AddressOfEntryPoint = (DWORD)(EntryPoint - (ULONG_PTR)ImageBase); PEFixHeader32->OptionalHeader.ImageBase = (DWORD)((ULONG_PTR)ImageBase); - for(int i=NumberOfSections; i>=1; i--) + for(int i = NumberOfSections; i >= 1; i--) { PEFixSection->PointerToRawData = PEFixSection->VirtualAddress; RealignedVirtualSize = (PEFixSection->Misc.VirtualSize / PEHeader32->OptionalHeader.SectionAlignment) * PEHeader32->OptionalHeader.SectionAlignment; @@ -200,7 +200,7 @@ __declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBas } PEFixHeader64->OptionalHeader.AddressOfEntryPoint = (DWORD)(EntryPoint - (ULONG_PTR)ImageBase); PEFixHeader64->OptionalHeader.ImageBase = (DWORD64)((ULONG_PTR)ImageBase); - for(int i=NumberOfSections; i>=1; i--) + for(int i = NumberOfSections; i >= 1; i--) { PEFixSection->PointerToRawData = PEFixSection->VirtualAddress; RealignedVirtualSize = (PEFixSection->Misc.VirtualSize / PEHeader64->OptionalHeader.SectionAlignment) * PEHeader64->OptionalHeader.SectionAlignment; @@ -212,7 +212,7 @@ __declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBas PEFixSection->Misc.VirtualSize = RealignedVirtualSize; PEFixSection = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PEFixSection + IMAGE_SIZEOF_SECTION_HEADER); } - WriteFile(hFile,ueCopyBuffer, (DWORD)AlignedHeaderSize, &uedNumberOfBytesRead, NULL); + WriteFile(hFile, ueCopyBuffer, (DWORD)AlignedHeaderSize, &uedNumberOfBytesRead, NULL); ReadBase = (LPVOID)((ULONG_PTR)ReadBase + (DWORD)AlignedHeaderSize - TITANENGINE_PAGESIZE); while(SizeOfImageDump > NULL) { @@ -246,7 +246,7 @@ __declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBas }//EngineValidateHeader }//ReadProcessMemory - if (hFile != INVALID_HANDLE_VALUE) + if(hFile != INVALID_HANDLE_VALUE) { EngineCloseHandle(hFile); } @@ -274,7 +274,7 @@ __declspec(dllexport) bool TITCALL DumpProcessExW(DWORD ProcessId, LPVOID ImageB HANDLE hProcess = 0; bool ReturnValue = false; - hProcess = EngineOpenProcess(PROCESS_VM_READ|PROCESS_QUERY_INFORMATION, FALSE, ProcessId); + hProcess = EngineOpenProcess(PROCESS_VM_READ | PROCESS_QUERY_INFORMATION, FALSE, ProcessId); if(hProcess) { ReturnValue = DumpProcessW(hProcess, ImageBase, szDumpFileName, EntryPoint); @@ -320,16 +320,16 @@ __declspec(dllexport) bool TITCALL DumpMemoryW(HANDLE hProcess, LPVOID MemorySta ReadBase = (LPVOID)ProcReadBase; if(MemorySize >= 0x1000) { - RtlZeroMemory(ueCopyBuffer,0x2000); + RtlZeroMemory(ueCopyBuffer, 0x2000); MemoryReadSafe(hProcess, ReadBase, ueCopyBuffer, 0x1000, &ueNumberOfBytesRead); - WriteFile(hFile,ueCopyBuffer, 0x1000, &uedNumberOfBytesRead, NULL); + WriteFile(hFile, ueCopyBuffer, 0x1000, &uedNumberOfBytesRead, NULL); MemorySize = MemorySize - 0x1000; } else { - RtlZeroMemory(ueCopyBuffer,0x2000); + RtlZeroMemory(ueCopyBuffer, 0x2000); MemoryReadSafe(hProcess, ReadBase, ueCopyBuffer, MemorySize, &ueNumberOfBytesRead); @@ -364,7 +364,7 @@ __declspec(dllexport) bool TITCALL DumpMemoryExW(DWORD ProcessId, LPVOID MemoryS HANDLE hProcess = 0; bool ReturnValue = false; - hProcess = EngineOpenProcess(PROCESS_VM_READ|PROCESS_QUERY_INFORMATION, FALSE, ProcessId); + hProcess = EngineOpenProcess(PROCESS_VM_READ | PROCESS_QUERY_INFORMATION, FALSE, ProcessId); if(hProcess) { ReturnValue = DumpMemoryW(hProcess, MemoryStart, MemorySize, szDumpFileName); @@ -403,7 +403,7 @@ __declspec(dllexport) bool TITCALL DumpRegionsW(HANDLE hProcess, wchar_t* szDump if(hProcess != NULL) { - if (!EnumProcessModules(hProcess, EnumeratedModules, sizeof(EnumeratedModules), &cbNeeded)) + if(!EnumProcessModules(hProcess, EnumeratedModules, sizeof(EnumeratedModules), &cbNeeded)) { return false; } @@ -430,7 +430,7 @@ __declspec(dllexport) bool TITCALL DumpRegionsW(HANDLE hProcess, wchar_t* szDump RtlZeroMemory(&szDumpName, MAX_PATH); RtlZeroMemory(&szDumpFileName, MAX_PATH); lstrcpyW(szDumpFileName, szDumpFolder); - if(szDumpFileName[lstrlenW(szDumpFileName)-1] != L'\\') + if(szDumpFileName[lstrlenW(szDumpFileName) - 1] != L'\\') { szDumpFileName[lstrlenW(szDumpFileName)] = L'\\'; } @@ -466,7 +466,7 @@ __declspec(dllexport) bool TITCALL DumpRegionsExW(DWORD ProcessId, wchar_t* szDu HANDLE hProcess = 0; bool ReturnValue = false; - hProcess = EngineOpenProcess(PROCESS_VM_READ|PROCESS_QUERY_INFORMATION, FALSE, ProcessId); + hProcess = EngineOpenProcess(PROCESS_VM_READ | PROCESS_QUERY_INFORMATION, FALSE, ProcessId); if(hProcess) { ReturnValue = DumpRegionsW(hProcess, szDumpFolder, DumpAboveImageBaseOnly); @@ -506,7 +506,7 @@ __declspec(dllexport) bool TITCALL DumpModuleW(HANDLE hProcess, LPVOID ModuleBas { if(EnumeratedModules[i] == (HMODULE)ModuleBase) { - if (GetModuleInformation(hProcess, (HMODULE)EnumeratedModules[i], &RemoteModuleInfo, sizeof(MODULEINFO))) + if(GetModuleInformation(hProcess, (HMODULE)EnumeratedModules[i], &RemoteModuleInfo, sizeof(MODULEINFO))) { return(DumpMemoryW(hProcess, (LPVOID)EnumeratedModules[i], RemoteModuleInfo.SizeOfImage, szDumpFileName)); } @@ -537,7 +537,7 @@ __declspec(dllexport) bool TITCALL DumpModuleExW(DWORD ProcessId, LPVOID ModuleB HANDLE hProcess = 0; bool ReturnValue = false; - hProcess = EngineOpenProcess(PROCESS_VM_READ|PROCESS_QUERY_INFORMATION, FALSE, ProcessId); + hProcess = EngineOpenProcess(PROCESS_VM_READ | PROCESS_QUERY_INFORMATION, FALSE, ProcessId); if(hProcess) //If the function fails, the return value is NULL. To get extended error information, call GetLastError. { ReturnValue = DumpModuleW(hProcess, ModuleBase, szDumpFileName); diff --git a/TitanEngine/TitanEngine.Engine.Simplification.cpp b/TitanEngine/TitanEngine.Engine.Simplification.cpp index 1d80b7b..86e8ea2 100644 --- a/TitanEngine/TitanEngine.Engine.Simplification.cpp +++ b/TitanEngine/TitanEngine.Engine.Simplification.cpp @@ -11,14 +11,14 @@ __declspec(dllexport) void TITCALL EngineUnpackerInitialize(char* szFileName, ch if(szFileName != NULL) { - MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); + MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0]))); if(szUnpackedFileName == NULL) { return EngineUnpackerInitializeW(uniFileName, NULL, DoLogData, DoRealignFile, DoMoveOverlay, EntryCallBack); } else { - MultiByteToWideChar(CP_ACP, NULL, szUnpackedFileName, lstrlenA(szUnpackedFileName)+1, uniUnpackedFileName, sizeof(uniUnpackedFileName)/(sizeof(uniUnpackedFileName[0]))); + MultiByteToWideChar(CP_ACP, NULL, szUnpackedFileName, lstrlenA(szUnpackedFileName) + 1, uniUnpackedFileName, sizeof(uniUnpackedFileName) / (sizeof(uniUnpackedFileName[0]))); EngineUnpackerInitializeW(uniFileName, uniUnpackedFileName, DoLogData, DoRealignFile, DoMoveOverlay, EntryCallBack); } } @@ -26,7 +26,7 @@ __declspec(dllexport) void TITCALL EngineUnpackerInitialize(char* szFileName, ch __declspec(dllexport) void TITCALL EngineUnpackerInitializeW(wchar_t* szFileName, wchar_t* szUnpackedFileName, bool DoLogData, bool DoRealignFile, bool DoMoveOverlay, void* EntryCallBack) { - int i,j; + int i, j; wchar_t TempBackBuffer[MAX_PATH] = {}; if(szFileName != NULL) diff --git a/TitanEngine/TitanEngine.Engine.cpp b/TitanEngine/TitanEngine.Engine.cpp index bf407d4..790c264 100644 --- a/TitanEngine/TitanEngine.Engine.cpp +++ b/TitanEngine/TitanEngine.Engine.cpp @@ -52,8 +52,8 @@ __declspec(dllexport) bool TITCALL EngineCreateMissingDependencies(char* szFileN if(szFileName != NULL && szOutputFolder != NULL) { - MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); - MultiByteToWideChar(CP_ACP, NULL, szOutputFolder, lstrlenA(szOutputFolder)+1, uniOutputFolder, sizeof(uniOutputFolder)/(sizeof(uniOutputFolder[0]))); + MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0]))); + MultiByteToWideChar(CP_ACP, NULL, szOutputFolder, lstrlenA(szOutputFolder) + 1, uniOutputFolder, sizeof(uniOutputFolder) / (sizeof(uniOutputFolder[0]))); return(EngineCreateMissingDependenciesW(uniFileName, uniOutputFolder, LogCreatedFiles)); } else @@ -124,12 +124,12 @@ __declspec(dllexport) bool TITCALL EngineCreateMissingDependenciesW(wchar_t* szF ImportDllName = (PCHAR)((ULONG_PTR)ConvertVAtoFileOffset(FileMapVA, ImportPointer->Name + ImageBase, true)); if(ImportDllName) { - MultiByteToWideChar(CP_ACP, NULL, ImportDllName, lstrlenA(ImportDllName)+1, ImportDllNameW, sizeof(ImportDllNameW)/(sizeof(ImportDllNameW[0]))); + MultiByteToWideChar(CP_ACP, NULL, ImportDllName, lstrlenA(ImportDllName) + 1, ImportDllNameW, sizeof(ImportDllNameW) / (sizeof(ImportDllNameW[0]))); if(!EngineIsDependencyPresentW(ImportDllNameW, szFileName, szOutputFolder)) { RtlZeroMemory(&BuildExportName, sizeof(BuildExportName)); lstrcatW(BuildExportName, szOutputFolder); - if(BuildExportName[lstrlenW(BuildExportName)-1] != 0x5C) + if(BuildExportName[lstrlenW(BuildExportName) - 1] != 0x5C) { BuildExportName[lstrlenW(BuildExportName)] = 0x5C; } @@ -182,12 +182,12 @@ __declspec(dllexport) bool TITCALL EngineCreateMissingDependenciesW(wchar_t* szF ImportDllName = (PCHAR)((ULONG_PTR)ConvertVAtoFileOffset(FileMapVA, ImportPointer->Name + ImageBase, true)); if(ImportDllName) { - MultiByteToWideChar(CP_ACP, NULL, ImportDllName, lstrlenA(ImportDllName)+1, ImportDllNameW, sizeof(ImportDllNameW)/(sizeof(ImportDllNameW[0]))); + MultiByteToWideChar(CP_ACP, NULL, ImportDllName, lstrlenA(ImportDllName) + 1, ImportDllNameW, sizeof(ImportDllNameW) / (sizeof(ImportDllNameW[0]))); if(!EngineIsDependencyPresentW(ImportDllNameW, szFileName, szOutputFolder)) { RtlZeroMemory(&BuildExportName, sizeof(BuildExportName)); lstrcatW(BuildExportName, szOutputFolder); - if(BuildExportName[lstrlenW(BuildExportName)-1] != 0x5C) + if(BuildExportName[lstrlenW(BuildExportName) - 1] != 0x5C) { BuildExportName[lstrlenW(BuildExportName)] = 0x5C; } @@ -321,35 +321,35 @@ __declspec(dllexport) void TITCALL EngineAddUnpackerWindowLogMessage(char* szLog __declspec(dllexport) bool TITCALL EngineCheckStructAlignment(DWORD StructureType, ULONG_PTR StructureSize) { - int blub=1; + int blub = 1; switch(StructureType) { case UE_STRUCT_PE32STRUCT: - return (sizeof(PE32Struct)==StructureSize); + return (sizeof(PE32Struct) == StructureSize); case UE_STRUCT_PE64STRUCT: - return (sizeof(PE64Struct)==StructureSize); + return (sizeof(PE64Struct) == StructureSize); case UE_STRUCT_PESTRUCT: - return (sizeof(PEStruct)==StructureSize); + return (sizeof(PEStruct) == StructureSize); case UE_STRUCT_IMPORTENUMDATA: - return (sizeof(ImportEnumData)==StructureSize); + return (sizeof(ImportEnumData) == StructureSize); case UE_STRUCT_THREAD_ITEM_DATA: - return (sizeof(THREAD_ITEM_DATA)==StructureSize); + return (sizeof(THREAD_ITEM_DATA) == StructureSize); case UE_STRUCT_LIBRARY_ITEM_DATA: - return (sizeof(LIBRARY_ITEM_DATA)==StructureSize); + return (sizeof(LIBRARY_ITEM_DATA) == StructureSize); case UE_STRUCT_LIBRARY_ITEM_DATAW: - return (sizeof(LIBRARY_ITEM_DATAW)==StructureSize); + return (sizeof(LIBRARY_ITEM_DATAW) == StructureSize); case UE_STRUCT_PROCESS_ITEM_DATA: - return (sizeof(PROCESS_ITEM_DATA)==StructureSize); + return (sizeof(PROCESS_ITEM_DATA) == StructureSize); case UE_STRUCT_HANDLERARRAY: - return (sizeof(HandlerArray)==StructureSize); + return (sizeof(HandlerArray) == StructureSize); case UE_STRUCT_PLUGININFORMATION: - return (sizeof(PluginInformation)==StructureSize); + return (sizeof(PluginInformation) == StructureSize); case UE_STRUCT_HOOK_ENTRY: - return (sizeof(HOOK_ENTRY)==StructureSize); + return (sizeof(HOOK_ENTRY) == StructureSize); case UE_STRUCT_FILE_STATUS_INFO: - return (sizeof(FILE_STATUS_INFO)==StructureSize); + return (sizeof(FILE_STATUS_INFO) == StructureSize); case UE_STRUCT_FILE_FIX_INFO: - return (sizeof(FILE_FIX_INFO)==StructureSize); + return (sizeof(FILE_FIX_INFO) == StructureSize); } return false; } diff --git a/TitanEngine/TitanEngine.Exporter.cpp b/TitanEngine/TitanEngine.Exporter.cpp index 446677a..0591297 100644 --- a/TitanEngine/TitanEngine.Exporter.cpp +++ b/TitanEngine/TitanEngine.Exporter.cpp @@ -251,7 +251,7 @@ __declspec(dllexport) bool TITCALL ExporterBuildExportTableEx(char* szExportFile if(szExportFileName != NULL) { - MultiByteToWideChar(CP_ACP, NULL, szExportFileName, lstrlenA(szExportFileName)+1, uniExportFileName, sizeof(uniExportFileName)/(sizeof(uniExportFileName[0]))); + MultiByteToWideChar(CP_ACP, NULL, szExportFileName, lstrlenA(szExportFileName) + 1, uniExportFileName, sizeof(uniExportFileName) / (sizeof(uniExportFileName[0]))); return(ExporterBuildExportTableExW(uniExportFileName, szSectionName)); } else @@ -305,7 +305,7 @@ __declspec(dllexport) bool TITCALL ExporterLoadExportTable(char* szFileName) if(szFileName != NULL) { - MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); + MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0]))); return(ExporterLoadExportTableW(uniFileName)); } else diff --git a/TitanEngine/TitanEngine.Handler.cpp b/TitanEngine/TitanEngine.Handler.cpp index e6cde27..a9920fb 100644 --- a/TitanEngine/TitanEngine.Handler.cpp +++ b/TitanEngine/TitanEngine.Handler.cpp @@ -3,7 +3,7 @@ #include "Global.Handle.h" #include "Global.Engine.h" -bool NtQuerySysHandleInfo(DynBuf& buf) +bool NtQuerySysHandleInfo(DynBuf & buf) { ULONG RequiredSize = NULL; @@ -23,7 +23,7 @@ __declspec(dllexport) long TITCALL HandlerGetActiveHandleCount(DWORD ProcessId) int HandleCount = 0; DynBuf hinfo; - if (!NtQuerySysHandleInfo(hinfo)) + if(!NtQuerySysHandleInfo(hinfo)) return 0; LPVOID QuerySystemBuffer = hinfo.GetPtr(); @@ -31,7 +31,7 @@ __declspec(dllexport) long TITCALL HandlerGetActiveHandleCount(DWORD ProcessId) PSYSTEM_HANDLE_INFORMATION HandleInfo = (PSYSTEM_HANDLE_INFORMATION)QuerySystemBuffer; PSYSTEM_HANDLE_TABLE_ENTRY_INFO pHandle = HandleInfo->Handles; - for (ULONG i = 0; i < HandleInfo->NumberOfHandles; i++) + for(ULONG i = 0; i < HandleInfo->NumberOfHandles; i++) { if((DWORD)pHandle->UniqueProcessId == ProcessId) { @@ -48,7 +48,7 @@ __declspec(dllexport) bool TITCALL HandlerIsHandleOpen(DWORD ProcessId, HANDLE h bool HandleActive = false; DynBuf hinfo; - if (!NtQuerySysHandleInfo(hinfo)) + if(!NtQuerySysHandleInfo(hinfo)) return false; LPVOID QuerySystemBuffer = hinfo.GetPtr(); @@ -57,7 +57,7 @@ __declspec(dllexport) bool TITCALL HandlerIsHandleOpen(DWORD ProcessId, HANDLE h PSYSTEM_HANDLE_TABLE_ENTRY_INFO pHandle = HandleInfo->Handles; - for (ULONG i = 0; i < HandleInfo->NumberOfHandles; i++) + for(ULONG i = 0; i < HandleInfo->NumberOfHandles; i++) { if((DWORD)pHandle->UniqueProcessId == ProcessId && (HANDLE)pHandle->HandleValue == hHandle) { @@ -80,7 +80,7 @@ __declspec(dllexport) void* TITCALL HandlerGetHandleNameW(HANDLE hProcess, DWORD LPVOID HandleFullName = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE); DynBuf hinfo; - if (!NtQuerySysHandleInfo(hinfo)) + if(!NtQuerySysHandleInfo(hinfo)) { VirtualFree(HandleFullName, NULL, MEM_RELEASE); return 0; @@ -90,7 +90,7 @@ __declspec(dllexport) void* TITCALL HandlerGetHandleNameW(HANDLE hProcess, DWORD PSYSTEM_HANDLE_INFORMATION HandleInfo = (PSYSTEM_HANDLE_INFORMATION)QuerySystemBuffer; PSYSTEM_HANDLE_TABLE_ENTRY_INFO pHandle = HandleInfo->Handles; - for (ULONG i = 0; i < HandleInfo->NumberOfHandles; i++) + for(ULONG i = 0; i < HandleInfo->NumberOfHandles; i++) { if((DWORD)pHandle->UniqueProcessId == ProcessId && (HANDLE)pHandle->HandleValue == hHandle) { @@ -135,11 +135,11 @@ __declspec(dllexport) void* TITCALL HandlerGetHandleNameW(HANDLE hProcess, DWORD } __declspec(dllexport) void* TITCALL HandlerGetHandleName(HANDLE hProcess, DWORD ProcessId, HANDLE hHandle, bool TranslateName) { - wchar_t * name = (wchar_t *)HandlerGetHandleNameW(hProcess, ProcessId, hHandle, TranslateName); + wchar_t* name = (wchar_t*)HandlerGetHandleNameW(hProcess, ProcessId, hHandle, TranslateName); - if (name) + if(name) { - LPVOID HandleFullName = VirtualAlloc(NULL, wcslen(name) + 1, MEM_COMMIT|MEM_RESERVE, PAGE_READWRITE); + LPVOID HandleFullName = VirtualAlloc(NULL, wcslen(name) + 1, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE); WideCharToMultiByte(CP_ACP, NULL, name, -1, (LPSTR)HandleFullName, (int)wcslen(name) + 1, NULL, NULL); VirtualFree(name, NULL, MEM_RELEASE); @@ -158,7 +158,7 @@ __declspec(dllexport) long TITCALL HandlerEnumerateOpenHandles(DWORD ProcessId, PNTDLL_QUERY_HANDLE_INFO HandleInfo; DynBuf hinfo; - if (!NtQuerySysHandleInfo(hinfo)) + if(!NtQuerySysHandleInfo(hinfo)) return 0; LPVOID QuerySystemBuffer = hinfo.GetPtr(); @@ -195,7 +195,7 @@ __declspec(dllexport) ULONG_PTR TITCALL HandlerGetHandleDetails(HANDLE hProcess, DynBuf hinfo; - if (!NtQuerySysHandleInfo(hinfo)) + if(!NtQuerySysHandleInfo(hinfo)) return 0; LPVOID QuerySystemBuffer = hinfo.GetPtr(); @@ -289,7 +289,7 @@ __declspec(dllexport) long TITCALL HandlerEnumerateLockHandles(char* szFileOrFol if(szFileOrFolderName != NULL) { - MultiByteToWideChar(CP_ACP, NULL, szFileOrFolderName, lstrlenA(szFileOrFolderName)+1, uniFileOrFolderName, sizeof(uniFileOrFolderName)/(sizeof(uniFileOrFolderName[0]))); + MultiByteToWideChar(CP_ACP, NULL, szFileOrFolderName, lstrlenA(szFileOrFolderName) + 1, uniFileOrFolderName, sizeof(uniFileOrFolderName) / (sizeof(uniFileOrFolderName[0]))); return(HandlerEnumerateLockHandlesW(uniFileOrFolderName, NameIsFolder, NameIsTranslated, HandleDataBuffer, MaxHandleCount)); } else @@ -318,7 +318,7 @@ __declspec(dllexport) long TITCALL HandlerEnumerateLockHandlesW(wchar_t* szFileO LPVOID tmpHandleFullName = NULL; DynBuf hinfo; - if (!NtQuerySysHandleInfo(hinfo)) + if(!NtQuerySysHandleInfo(hinfo)) return 0; LPVOID QuerySystemBuffer = hinfo.GetPtr(); @@ -396,7 +396,7 @@ __declspec(dllexport) bool TITCALL HandlerCloseAllLockHandles(char* szFileOrFold if(szFileOrFolderName != NULL) { - MultiByteToWideChar(CP_ACP, NULL, szFileOrFolderName, lstrlenA(szFileOrFolderName)+1, uniFileOrFolderName, sizeof(uniFileOrFolderName)/(sizeof(uniFileOrFolderName[0]))); + MultiByteToWideChar(CP_ACP, NULL, szFileOrFolderName, lstrlenA(szFileOrFolderName) + 1, uniFileOrFolderName, sizeof(uniFileOrFolderName) / (sizeof(uniFileOrFolderName[0]))); return(HandlerCloseAllLockHandlesW(uniFileOrFolderName, NameIsFolder, NameIsTranslated)); } else @@ -425,7 +425,7 @@ __declspec(dllexport) bool TITCALL HandlerCloseAllLockHandlesW(wchar_t* szFileOr DynBuf hinfo; - if (!NtQuerySysHandleInfo(hinfo)) + if(!NtQuerySysHandleInfo(hinfo)) return 0; LPVOID QuerySystemBuffer = hinfo.GetPtr(); @@ -500,7 +500,7 @@ __declspec(dllexport) bool TITCALL HandlerIsFileLocked(char* szFileOrFolderName, if(szFileOrFolderName != NULL) { - MultiByteToWideChar(CP_ACP, NULL, szFileOrFolderName, lstrlenA(szFileOrFolderName)+1, uniFileOrFolderName, sizeof(uniFileOrFolderName)/(sizeof(uniFileOrFolderName[0]))); + MultiByteToWideChar(CP_ACP, NULL, szFileOrFolderName, lstrlenA(szFileOrFolderName) + 1, uniFileOrFolderName, sizeof(uniFileOrFolderName) / (sizeof(uniFileOrFolderName[0]))); return(HandlerIsFileLockedW(uniFileOrFolderName, NameIsFolder, NameIsTranslated)); } else @@ -528,7 +528,7 @@ __declspec(dllexport) bool TITCALL HandlerIsFileLockedW(wchar_t* szFileOrFolderN LPVOID tmpHandleFullName = NULL; DynBuf hinfo; - if (!NtQuerySysHandleInfo(hinfo)) + if(!NtQuerySysHandleInfo(hinfo)) return 0; LPVOID QuerySystemBuffer = hinfo.GetPtr(); @@ -611,7 +611,7 @@ __declspec(dllexport) long TITCALL HandlerEnumerateOpenMutexes(HANDLE hProcess, PPUBLIC_OBJECT_TYPE_INFORMATION pObjectTypeInfo = (PPUBLIC_OBJECT_TYPE_INFORMATION)HandleFullData; DynBuf hinfo; - if (!NtQuerySysHandleInfo(hinfo)) + if(!NtQuerySysHandleInfo(hinfo)) return 0; LPVOID QuerySystemBuffer = hinfo.GetPtr(); @@ -659,7 +659,7 @@ __declspec(dllexport) ULONG_PTR TITCALL HandlerGetOpenMutexHandle(HANDLE hProces if(szMutexString != NULL) { - MultiByteToWideChar(CP_ACP, NULL, szMutexString, lstrlenA(szMutexString)+1, uniMutexString, sizeof(uniMutexString)/(sizeof(uniMutexString[0]))); + MultiByteToWideChar(CP_ACP, NULL, szMutexString, lstrlenA(szMutexString) + 1, uniMutexString, sizeof(uniMutexString) / (sizeof(uniMutexString[0]))); return((ULONG_PTR)HandlerGetOpenMutexHandleW(hProcess, ProcessId, uniMutexString)); } else @@ -669,7 +669,7 @@ __declspec(dllexport) ULONG_PTR TITCALL HandlerGetOpenMutexHandle(HANDLE hProces } __declspec(dllexport) ULONG_PTR TITCALL HandlerGetOpenMutexHandleW(HANDLE hProcess, DWORD ProcessId, wchar_t* szMutexString) { - if(!szMutexString || lstrlenW(szMutexString)>=512) + if(!szMutexString || lstrlenW(szMutexString) >= 512) return 0; int i; HANDLE myHandle; @@ -734,7 +734,7 @@ __declspec(dllexport) long TITCALL HandlerGetProcessIdWhichCreatedMutexW(wchar_t lstrcatW(RealMutexName, szMutexString); DynBuf hinfo; - if (!NtQuerySysHandleInfo(hinfo)) + if(!NtQuerySysHandleInfo(hinfo)) return 0; LPVOID QuerySystemBuffer = hinfo.GetPtr(); diff --git a/TitanEngine/TitanEngine.Hider.cpp b/TitanEngine/TitanEngine.Hider.cpp index bf019ee..98c5986 100644 --- a/TitanEngine/TitanEngine.Hider.cpp +++ b/TitanEngine/TitanEngine.Hider.cpp @@ -6,7 +6,7 @@ __declspec(dllexport) void* TITCALL GetPEBLocation(HANDLE hProcess) { ULONG RequiredLen = 0; - void * PebAddress = 0; + void* PebAddress = 0; PROCESS_BASIC_INFORMATION myProcessBasicInformation[5] = {0}; if(NtQueryInformationProcess(hProcess, ProcessBasicInformation, myProcessBasicInformation, sizeof(PROCESS_BASIC_INFORMATION), &RequiredLen) == STATUS_SUCCESS) @@ -27,7 +27,7 @@ __declspec(dllexport) void* TITCALL GetPEBLocation(HANDLE hProcess) __declspec(dllexport) void* TITCALL GetTEBLocation(HANDLE hThread) { ULONG RequiredLen = 0; - void * TebAddress = 0; + void* TebAddress = 0; THREAD_BASIC_INFORMATION myThreadBasicInformation[5] = {0}; if(NtQueryInformationThread(hThread, ThreadBasicInformation, myThreadBasicInformation, sizeof(THREAD_BASIC_INFORMATION), &RequiredLen) == STATUS_SUCCESS) @@ -48,14 +48,14 @@ __declspec(dllexport) void* TITCALL GetTEBLocation(HANDLE hThread) __declspec(dllexport) void* TITCALL GetTEBLocation64(HANDLE hThread) { #ifndef _WIN64 - if (IsThisProcessWow64()) + if(IsThisProcessWow64()) { //Only WOW64 processes have 2 PEBs and 2 TEBs DWORD teb32 = (DWORD)GetTEBLocation(hThread); - if (teb32) + if(teb32) { teb32 -= 0x2000; //TEB64 before TEB32 - return (void *)teb32; + return (void*)teb32; } } #endif //_WIN64 @@ -65,14 +65,14 @@ __declspec(dllexport) void* TITCALL GetTEBLocation64(HANDLE hThread) __declspec(dllexport) void* TITCALL GetPEBLocation64(HANDLE hProcess) { #ifndef _WIN64 - if (IsThisProcessWow64()) + if(IsThisProcessWow64()) { //Only WOW64 processes have 2 PEBs DWORD peb32 = (DWORD)GetPEBLocation(hProcess); - if (peb32) + if(peb32) { peb32 += 0x1000; //PEB64 after PEB32 - return (void *)peb32; + return (void*)peb32; } } #endif //_WIN64 diff --git a/TitanEngine/TitanEngine.Hooks.cpp b/TitanEngine/TitanEngine.Hooks.cpp index aed9d4c..62a1d98 100644 --- a/TitanEngine/TitanEngine.Hooks.cpp +++ b/TitanEngine/TitanEngine.Hooks.cpp @@ -29,10 +29,10 @@ __declspec(dllexport) bool TITCALL HooksSafeTransitionEx(LPVOID HookAddressArray { if(!TransitionStart || ThreaderImportRunningThreadData(GetCurrentProcessId())) { - int threadcount=(int)hListThread.size(); - for(int i=0; ihThread != INVALID_HANDLE_VALUE) { if(TransitionStart) @@ -42,7 +42,7 @@ __declspec(dllexport) bool TITCALL HooksSafeTransitionEx(LPVOID HookAddressArray SuspendThread(hListThreadPtr->hThread); ULONG_PTR CurrentIP = (ULONG_PTR)GetContextDataEx(hListThreadPtr->hThread, UE_CIP); PMEMORY_COMPARE_HANDLER myHookAddressArray = (PMEMORY_COMPARE_HANDLER)HookAddressArray; - for(int j=0; jArray.qwArrayEntry[0]; @@ -902,7 +902,7 @@ __declspec(dllexport) void TITCALL HooksScanModuleMemory(HMODULE ModuleBase, LPV HANDLE hProcess = GetCurrentProcess(); LIBRARY_ITEM_DATA RemoteLibInfo = {}; PLIBRARY_ITEM_DATA pRemoteLibInfo = (PLIBRARY_ITEM_DATA)LibrarianGetLibraryInfoEx((void*)ModuleBase); - typedef bool(TITCALL *fEnumCallBack)(PHOOK_ENTRY HookDetails, void* ptrOriginalInstructions, PLIBRARY_ITEM_DATA ModuleInformation, DWORD SizeOfImage); + typedef bool(TITCALL * fEnumCallBack)(PHOOK_ENTRY HookDetails, void* ptrOriginalInstructions, PLIBRARY_ITEM_DATA ModuleInformation, DWORD SizeOfImage); fEnumCallBack myEnumCallBack = (fEnumCallBack)CallBack; BYTE CheckHookMemory[TEE_MAXIMUM_HOOK_SIZE]; PMEMORY_COMPARE_HANDLER ExportedFunctions; diff --git a/TitanEngine/TitanEngine.Importer.cpp b/TitanEngine/TitanEngine.Importer.cpp index a666e0c..c81cd8f 100644 --- a/TitanEngine/TitanEngine.Importer.cpp +++ b/TitanEngine/TitanEngine.Importer.cpp @@ -12,7 +12,7 @@ __declspec(dllexport) void TITCALL ImporterAddNewDll(char* szDLLName, ULONG_PTR { wchar_t uniDLLName[MAX_PATH] = {}; - MultiByteToWideChar(CP_ACP, NULL, szDLLName, lstrlenA(szDLLName)+1, uniDLLName, sizeof(uniDLLName)/(sizeof(uniDLLName[0]))); + MultiByteToWideChar(CP_ACP, NULL, szDLLName, lstrlenA(szDLLName) + 1, uniDLLName, sizeof(uniDLLName) / (sizeof(uniDLLName[0]))); scylla_addModule(uniDLLName, FirstThunk); } @@ -21,14 +21,14 @@ __declspec(dllexport) void TITCALL ImporterAddNewAPI(char* szAPIName, ULONG_PTR { wchar_t uniAPIName[MAX_PATH] = {}; - MultiByteToWideChar(CP_ACP, NULL, szAPIName, lstrlenA(szAPIName)+1, uniAPIName, sizeof(uniAPIName)/(sizeof(uniAPIName[0]))); + MultiByteToWideChar(CP_ACP, NULL, szAPIName, lstrlenA(szAPIName) + 1, uniAPIName, sizeof(uniAPIName) / (sizeof(uniAPIName[0]))); scylla_addImport(uniAPIName, ThunkValue); } __declspec(dllexport) void TITCALL ImporterAddNewOrdinalAPI(ULONG_PTR OrdinalNumber, ULONG_PTR ThunkValue) { - ImporterAddNewAPI((char*)(OrdinalNumber&~IMAGE_ORDINAL_FLAG), ThunkValue); + ImporterAddNewAPI((char*)(OrdinalNumber & ~IMAGE_ORDINAL_FLAG), ThunkValue); } __declspec(dllexport) long TITCALL ImporterGetAddedDllCount() @@ -58,9 +58,9 @@ __declspec(dllexport) bool TITCALL ImporterExportIATEx(char* szDumpFileName, cha wchar_t uniSectionName[MAX_PATH] = {}; if(szExportFileName != NULL && szDumpFileName != NULL) { - MultiByteToWideChar(CP_ACP, NULL, szExportFileName, lstrlenA(szExportFileName)+1, uniExportFileName, sizeof(uniExportFileName)/(sizeof(uniExportFileName[0]))); - MultiByteToWideChar(CP_ACP, NULL, szDumpFileName, lstrlenA(szDumpFileName)+1, uniDumpFileName, sizeof(uniDumpFileName)/(sizeof(uniDumpFileName[0]))); - MultiByteToWideChar(CP_ACP, NULL, szSectionName, lstrlenA(szSectionName)+1, uniSectionName, sizeof(uniSectionName)/(sizeof(uniSectionName[0]))); + MultiByteToWideChar(CP_ACP, NULL, szExportFileName, lstrlenA(szExportFileName) + 1, uniExportFileName, sizeof(uniExportFileName) / (sizeof(uniExportFileName[0]))); + MultiByteToWideChar(CP_ACP, NULL, szDumpFileName, lstrlenA(szDumpFileName) + 1, uniDumpFileName, sizeof(uniDumpFileName) / (sizeof(uniDumpFileName[0]))); + MultiByteToWideChar(CP_ACP, NULL, szSectionName, lstrlenA(szSectionName) + 1, uniSectionName, sizeof(uniSectionName) / (sizeof(uniSectionName[0]))); return ImporterExportIATExW(uniDumpFileName, uniExportFileName, uniSectionName); } return false; @@ -118,10 +118,10 @@ __declspec(dllexport) ULONG_PTR TITCALL ImporterGetLocalAPIAddress(HANDLE hProce __declspec(dllexport) void* TITCALL ImporterGetDLLNameFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress) { - ULONG_PTR moduleBase=EngineGetModuleBaseRemote(hProcess, APIAddress); + ULONG_PTR moduleBase = EngineGetModuleBaseRemote(hProcess, APIAddress); if(moduleBase) { - static char szModuleName[MAX_PATH]=""; + static char szModuleName[MAX_PATH] = ""; if(GetModuleFileNameExA(hProcess, (HMODULE)moduleBase, szModuleName, _countof(szModuleName))) return szModuleName; } @@ -130,17 +130,17 @@ __declspec(dllexport) void* TITCALL ImporterGetDLLNameFromDebugee(HANDLE hProces __declspec(dllexport) void* TITCALL ImporterGetDLLNameFromDebugeeW(HANDLE hProcess, ULONG_PTR APIAddress) { - ULONG_PTR moduleBase=EngineGetModuleBaseRemote(hProcess, APIAddress); + ULONG_PTR moduleBase = EngineGetModuleBaseRemote(hProcess, APIAddress); if(moduleBase) { - static wchar_t szModuleName[MAX_PATH]=L""; + static wchar_t szModuleName[MAX_PATH] = L""; if(GetModuleFileNameExW(hProcess, (HMODULE)moduleBase, szModuleName, _countof(szModuleName))) return szModuleName; } return 0; } -__declspec(dllexport) void* TITCALL ImporterGetRemoteDLLBaseExW(HANDLE hProcess, WCHAR * szModuleName) +__declspec(dllexport) void* TITCALL ImporterGetRemoteDLLBaseExW(HANDLE hProcess, WCHAR* szModuleName) { return (void*)EngineGetModuleBaseRemote(hProcess, szModuleName); } @@ -173,7 +173,7 @@ __declspec(dllexport) void* TITCALL ImporterGetAPINameEx(ULONG_PTR APIAddress, U __declspec(dllexport) void* TITCALL ImporterGetAPINameFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress) { - static char APIName[5000]=""; + static char APIName[5000] = ""; if(EngineGetAPINameRemote(hProcess, APIAddress, APIName, _countof(APIName), 0)) return APIName; return 0; @@ -240,8 +240,8 @@ __declspec(dllexport) bool TITCALL ImporterCopyOriginalIAT(char* szOriginalFile, if(szOriginalFile != NULL && szDumpFile != NULL) { - MultiByteToWideChar(CP_ACP, NULL, szDumpFile, lstrlenA(szDumpFile)+1, uniDumpFile, sizeof(uniDumpFile)/(sizeof(uniDumpFile[0]))); - MultiByteToWideChar(CP_ACP, NULL, szOriginalFile, lstrlenA(szOriginalFile)+1, uniOriginalFile, sizeof(uniOriginalFile)/(sizeof(uniOriginalFile[0]))); + MultiByteToWideChar(CP_ACP, NULL, szDumpFile, lstrlenA(szDumpFile) + 1, uniDumpFile, sizeof(uniDumpFile) / (sizeof(uniDumpFile[0]))); + MultiByteToWideChar(CP_ACP, NULL, szOriginalFile, lstrlenA(szOriginalFile) + 1, uniOriginalFile, sizeof(uniOriginalFile) / (sizeof(uniOriginalFile[0]))); return(ImporterCopyOriginalIATW(uniOriginalFile, uniDumpFile)); } else @@ -256,13 +256,13 @@ __declspec(dllexport) bool TITCALL ImporterCopyOriginalIATW(wchar_t* szOriginalF PIMAGE_NT_HEADERS32 PEHeader32; PIMAGE_NT_HEADERS64 PEHeader64; BOOL FileIs64; - HANDLE FileHandle=0; + HANDLE FileHandle = 0; DWORD FileSize; - HANDLE FileMap=0; + HANDLE FileMap = 0; ULONG_PTR FileMapVA; - HANDLE FileHandle1=0; + HANDLE FileHandle1 = 0; DWORD FileSize1; - HANDLE FileMap1=0; + HANDLE FileMap1 = 0; ULONG_PTR FileMapVA1; ULONG_PTR IATPointer; ULONG_PTR IATWritePointer; @@ -342,7 +342,7 @@ __declspec(dllexport) bool TITCALL ImporterLoadImportTable(char* szFileName) if(szFileName != NULL) { - MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); + MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0]))); return(ImporterLoadImportTableW(uniFileName)); } else @@ -522,7 +522,7 @@ __declspec(dllexport) void TITCALL ImporterAutoSearchIAT(DWORD ProcessId, char* if(szFileName != NULL) { - MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); + MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0]))); return(ImporterAutoSearchIATW(ProcessId, uniFileName, SearchStart, pIATStart, pIATSize)); } } @@ -556,7 +556,7 @@ __declspec(dllexport) void TITCALL ImporterAutoSearchIATEx(DWORD ProcessId, ULON { if(GetTempFileNameW(szTempFolder, L"DumpTemp", GetTickCount() + 102, szTempName)) { - HANDLE hProcess = EngineOpenProcess(PROCESS_VM_READ|PROCESS_QUERY_INFORMATION, FALSE, ProcessId); + HANDLE hProcess = EngineOpenProcess(PROCESS_VM_READ | PROCESS_QUERY_INFORMATION, FALSE, ProcessId); DumpProcessW(hProcess, (LPVOID)ImageBase, szTempName, NULL); ImporterAutoSearchIATW(ProcessId, szTempName, SearchStart, pIATStart, pIATSize); @@ -576,13 +576,13 @@ __declspec(dllexport) long TITCALL ImporterAutoFixIATEx(DWORD ProcessId, char* s if(szDumpedFile != NULL) { - MultiByteToWideChar(CP_ACP, NULL, szDumpedFile, lstrlenA(szDumpedFile)+1, uniDumpedFile, sizeof(uniDumpedFile)/(sizeof(uniDumpedFile[0]))); - MultiByteToWideChar(CP_ACP, NULL, szSectionName, lstrlenA(szSectionName)+1, uniSectionName, sizeof(uniSectionName)/(sizeof(uniSectionName[0]))); + MultiByteToWideChar(CP_ACP, NULL, szDumpedFile, lstrlenA(szDumpedFile) + 1, uniDumpedFile, sizeof(uniDumpedFile) / (sizeof(uniDumpedFile[0]))); + MultiByteToWideChar(CP_ACP, NULL, szSectionName, lstrlenA(szSectionName) + 1, uniSectionName, sizeof(uniSectionName) / (sizeof(uniSectionName[0]))); return(ImporterAutoFixIATExW(ProcessId, uniDumpedFile, uniSectionName, DumpRunningProcess, RealignFile, EntryPointAddress, ImageBase, SearchStart, TryAutoFix, FixEliminations, UnknownPointerFixCallback)); } else { - return(NULL); // Critical error! *just to be safe, but it should never happen! + return(NULL); // Critical error! *just to be safe, but it should never happen! } } __declspec(dllexport) long TITCALL ImporterAutoFixIATExW(DWORD ProcessId, wchar_t* szDumpedFile, wchar_t* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, bool TryAutoFix, bool FixEliminations, LPVOID UnknownPointerFixCallback) @@ -610,11 +610,11 @@ __declspec(dllexport) long TITCALL ImporterAutoFixIATExW(DWORD ProcessId, wchar_ //do we need to dump first? if(DumpRunningProcess) { - HANDLE hProcess = EngineOpenProcess(PROCESS_VM_READ|PROCESS_QUERY_INFORMATION, FALSE, ProcessId); + HANDLE hProcess = EngineOpenProcess(PROCESS_VM_READ | PROCESS_QUERY_INFORMATION, FALSE, ProcessId); if(!DumpProcessW(hProcess, (LPVOID)ImageBase, szDumpedFile, EntryPointAddress)) { - return(NULL); // Critical error! *just to be safe, but it should never happen! + return(NULL); // Critical error! *just to be safe, but it should never happen! } } @@ -657,10 +657,10 @@ __declspec(dllexport) long TITCALL ImporterAutoFixIATExW(DWORD ProcessId, wchar_ } else { - return(0x406); // Success, but realign failed! + return(0x406); // Success, but realign failed! } } - return(0x400); // Success! + return(0x400); // Success! } __declspec(dllexport) long TITCALL ImporterAutoFixIAT(DWORD ProcessId, char* szDumpedFile, ULONG_PTR SearchStart) { diff --git a/TitanEngine/TitanEngine.Injector.cpp b/TitanEngine/TitanEngine.Injector.cpp index b67e9a6..9f1e53f 100644 --- a/TitanEngine/TitanEngine.Injector.cpp +++ b/TitanEngine/TitanEngine.Injector.cpp @@ -10,7 +10,7 @@ __declspec(dllexport) bool TITCALL RemoteLoadLibrary(HANDLE hProcess, char* szLi if(szLibraryFile != NULL) { - MultiByteToWideChar(CP_ACP, NULL, szLibraryFile, lstrlenA(szLibraryFile)+1, uniLibraryFile, sizeof(uniLibraryFile)/(sizeof(uniLibraryFile[0]))); + MultiByteToWideChar(CP_ACP, NULL, szLibraryFile, lstrlenA(szLibraryFile) + 1, uniLibraryFile, sizeof(uniLibraryFile) / (sizeof(uniLibraryFile[0]))); return(RemoteLoadLibraryW(hProcess, uniLibraryFile, WaitForThreadExit)); } else @@ -96,7 +96,7 @@ __declspec(dllexport) bool TITCALL RemoteFreeLibrary(HANDLE hProcess, HMODULE hM if(szLibraryFile != NULL) { - MultiByteToWideChar(CP_ACP, NULL, szLibraryFile, lstrlenA(szLibraryFile)+1, uniLibraryFile, sizeof(uniLibraryFile)/(sizeof(uniLibraryFile[0]))); + MultiByteToWideChar(CP_ACP, NULL, szLibraryFile, lstrlenA(szLibraryFile) + 1, uniLibraryFile, sizeof(uniLibraryFile) / (sizeof(uniLibraryFile[0]))); return(RemoteFreeLibraryW(hProcess, hModule, uniLibraryFile, WaitForThreadExit)); } else diff --git a/TitanEngine/TitanEngine.Librarian.cpp b/TitanEngine/TitanEngine.Librarian.cpp index 4e137a1..e23e23a 100644 --- a/TitanEngine/TitanEngine.Librarian.cpp +++ b/TitanEngine/TitanEngine.Librarian.cpp @@ -38,7 +38,7 @@ __declspec(dllexport) void* TITCALL LibrarianGetLibraryInfo(char* szLibraryName) wchar_t uniLibraryName[MAX_PATH] = {}; PLIBRARY_ITEM_DATAW LibInfo; - MultiByteToWideChar(CP_ACP, NULL, szLibraryName, lstrlenA(szLibraryName)+1, uniLibraryName, sizeof(uniLibraryName)/(sizeof(uniLibraryName[0]))); + MultiByteToWideChar(CP_ACP, NULL, szLibraryName, lstrlenA(szLibraryName) + 1, uniLibraryName, sizeof(uniLibraryName) / (sizeof(uniLibraryName[0]))); LibInfo = (PLIBRARY_ITEM_DATAW)LibrarianGetLibraryInfoW(uniLibraryName); if(LibInfo) { @@ -60,7 +60,7 @@ __declspec(dllexport) void* TITCALL LibrarianGetLibraryInfoW(wchar_t* szLibraryN { static LIBRARY_ITEM_DATAW LibraryInfo; memset(&LibraryInfo, 0, sizeof(LIBRARY_ITEM_DATAW)); - + for(unsigned int i = 0; i < hListLibrary.size(); i++) { if(hListLibrary.at(i).hFile != INVALID_HANDLE_VALUE && !lstrcmpiW(hListLibrary.at(i).szLibraryName, szLibraryName)) @@ -116,7 +116,7 @@ __declspec(dllexport) void TITCALL LibrarianEnumLibraryInfo(void* EnumCallBack) if(!EnumCallBack) return; - typedef void(TITCALL *fEnumCallBack)(LPVOID fLibraryDetail); + typedef void(TITCALL * fEnumCallBack)(LPVOID fLibraryDetail); fEnumCallBack myEnumCallBack = (fEnumCallBack)EnumCallBack; for(unsigned int i = 0; i < hListLibrary.size(); i++) @@ -148,7 +148,7 @@ __declspec(dllexport) void TITCALL LibrarianEnumLibraryInfoW(void* EnumCallBack) if(!EnumCallBack) return; - typedef void(TITCALL *fEnumCallBack)(LPVOID fLibraryDetail); + typedef void(TITCALL * fEnumCallBack)(LPVOID fLibraryDetail); fEnumCallBack myEnumCallBack = (fEnumCallBack)EnumCallBack; for(unsigned int i = 0; i < hListLibrary.size(); i++) diff --git a/TitanEngine/TitanEngine.OEPFinder.cpp b/TitanEngine/TitanEngine.OEPFinder.cpp index 12fac3f..253cd1b 100644 --- a/TitanEngine/TitanEngine.OEPFinder.cpp +++ b/TitanEngine/TitanEngine.OEPFinder.cpp @@ -14,7 +14,7 @@ __declspec(dllexport) bool TITCALL FindOEPGenerically(char* szFileName, LPVOID T if(szFileName != NULL) { - MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); + MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0]))); return(FindOEPGenericallyW(uniFileName, TraceInitCallBack, CallBack)); } else diff --git a/TitanEngine/TitanEngine.PE.Fixer.cpp b/TitanEngine/TitanEngine.PE.Fixer.cpp index 6ef89e4..65af4c4 100644 --- a/TitanEngine/TitanEngine.PE.Fixer.cpp +++ b/TitanEngine/TitanEngine.PE.Fixer.cpp @@ -10,7 +10,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidEx(char* szFileName, DWORD Che if(szFileName != NULL) { - MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); + MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0]))); return(IsPE32FileValidExW(uniFileName, CheckDepth, FileStatusInfo)); } else @@ -89,7 +89,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD if(!FileIs64) { /* - x86 Surface check + x86 Surface check */ __try { @@ -144,19 +144,19 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD } SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.FileAlignment, false); /* - Get the console flag + Get the console flag */ if(PEHeader32->OptionalHeader.Subsystem == IMAGE_SUBSYSTEM_WINDOWS_CUI) { myFileStatusInfo.FileIsConsole = true; } /* - Export and relocation checks [for DLL and EXE] + Export and relocation checks [for DLL and EXE] */ if(PEHeader32->FileHeader.Characteristics & 0x2000) { /* - Export table check + Export table check */ FileIsDLL = true; myFileStatusInfo.FileIsDLL = true; @@ -256,7 +256,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD myFileStatusInfo.ExportTable = UE_FIELD_NOT_PRESET; } /* - Relocation table check + Relocation table check */ if(PEHeader32->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_BASERELOC && PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress != NULL) { @@ -311,7 +311,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD else { /* - Export table check + Export table check */ if(PEHeader32->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_EXPORT && PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress != NULL) { @@ -357,7 +357,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD myFileStatusInfo.ExportTable = UE_FIELD_NOT_PRESET; } /* - Relocation table check + Relocation table check */ if(PEHeader32->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_BASERELOC && PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress != NULL) { @@ -381,7 +381,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD } } /* - Import table check + Import table check */ if(PEHeader32->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_IMPORT && PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress != NULL) { @@ -520,7 +520,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD myFileStatusInfo.ImportTable = UE_FIELD_NOT_PRESET; } /* - TLS table check + TLS table check */ if(PEHeader32->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_TLS && PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress != NULL) { @@ -579,7 +579,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD myFileStatusInfo.TLSTable = UE_FIELD_NOT_PRESET; } /* - Load config table check + Load config table check */ if(PEHeader32->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG && PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG].VirtualAddress != NULL) { @@ -602,7 +602,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD } SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.LoadConfigTable, false); /* - Bound import table check + Bound import table check */ if(PEHeader32->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT && PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT].VirtualAddress != NULL) { @@ -641,7 +641,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD } SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.BoundImportTable, false); /* - IAT check + IAT check */ if(PEHeader32->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_IAT && PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IAT].VirtualAddress != NULL) { @@ -664,7 +664,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD } SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.IATTable, false); /* - COM header check + COM header check */ if(PEHeader32->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR && PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR].VirtualAddress != NULL) { @@ -687,7 +687,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD } SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.COMHeaderTable, false); /* - Resource header check + Resource header check */ if(PEHeader32->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_RESOURCE && PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_RESOURCE].VirtualAddress != NULL) { @@ -733,7 +733,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD myFileStatusInfo.ResourceTable = UE_FIELD_NOT_PRESET; } /* - Section check + Section check */ PESections = IMAGE_FIRST_SECTION(PEHeader32); NumberOfSections = PEHeader32->FileHeader.NumberOfSections; @@ -770,7 +770,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.SizeOfImage, true); SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.SectionTable, true); /* - Entry point check + Entry point check */ SectionNumber = GetPE32SectionNumberFromVA(FileMapVA, PEHeader32->OptionalHeader.AddressOfEntryPoint + PEHeader32->OptionalHeader.ImageBase); if(SectionNumber != -1) @@ -800,7 +800,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD } SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.EntryPoint, true); /* - Return data + Return data */ if(FileStatusInfo != NULL) { @@ -828,7 +828,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD else { /* - x64 Surface check + x64 Surface check */ __try { @@ -883,19 +883,19 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD } SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.FileAlignment, false); /* - Get the console flag + Get the console flag */ if(PEHeader64->OptionalHeader.Subsystem == IMAGE_SUBSYSTEM_WINDOWS_CUI) { myFileStatusInfo.FileIsConsole = true; } /* - Export and relocation checks [for DLL and EXE] + Export and relocation checks [for DLL and EXE] */ if(PEHeader64->FileHeader.Characteristics & 0x2000) { /* - Export table check + Export table check */ FileIsDLL = true; myFileStatusInfo.FileIsDLL = true; @@ -995,7 +995,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD myFileStatusInfo.ExportTable = UE_FIELD_NOT_PRESET; } /* - Relocation table check + Relocation table check */ if(PEHeader64->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_BASERELOC && PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress != NULL) { @@ -1050,7 +1050,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD else { /* - Export table check + Export table check */ if(PEHeader64->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_EXPORT && PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress != NULL) { @@ -1096,7 +1096,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD myFileStatusInfo.ExportTable = UE_FIELD_NOT_PRESET; } /* - Relocation table check + Relocation table check */ if(PEHeader64->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_BASERELOC && PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress != NULL) { @@ -1120,7 +1120,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD } } /* - Import table check + Import table check */ if(PEHeader64->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_IMPORT && PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress != NULL) { @@ -1259,7 +1259,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD myFileStatusInfo.ImportTable = UE_FIELD_NOT_PRESET; } /* - TLS table check + TLS table check */ if(PEHeader64->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_TLS && PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress != NULL) { @@ -1318,7 +1318,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD myFileStatusInfo.TLSTable = UE_FIELD_NOT_PRESET; } /* - Load config table check + Load config table check */ if(PEHeader64->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG && PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG].VirtualAddress != NULL) { @@ -1341,7 +1341,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD } SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.LoadConfigTable, false); /* - Bound import table check + Bound import table check */ if(PEHeader64->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT && PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT].VirtualAddress != NULL) { @@ -1380,7 +1380,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD } SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.BoundImportTable, false); /* - IAT check + IAT check */ if(PEHeader64->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_IAT && PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IAT].VirtualAddress != NULL) { @@ -1403,7 +1403,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD } SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.IATTable, false); /* - COM header check + COM header check */ if(PEHeader64->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR && PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR].VirtualAddress != NULL) { @@ -1426,7 +1426,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD } SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.COMHeaderTable, false); /* - Resource header check + Resource header check */ if(PEHeader64->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_RESOURCE && PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_RESOURCE].VirtualAddress != NULL) { @@ -1472,7 +1472,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD myFileStatusInfo.ResourceTable = UE_FIELD_NOT_PRESET; } /* - Section check + Section check */ PESections = IMAGE_FIRST_SECTION(PEHeader64); NumberOfSections = PEHeader64->FileHeader.NumberOfSections; @@ -1509,7 +1509,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.SizeOfImage, true); SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.SectionTable, true); /* - Entry point check + Entry point check */ SectionNumber = GetPE32SectionNumberFromVA(FileMapVA, PEHeader64->OptionalHeader.AddressOfEntryPoint + (ULONG_PTR)PEHeader64->OptionalHeader.ImageBase); if(SectionNumber != -1) @@ -1539,7 +1539,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD } SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.EntryPoint, true); /* - Return data + Return data */ if(FileStatusInfo != NULL) { @@ -1590,7 +1590,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileEx(char* szFileName, LPVOID if(szFileName != NULL) { - MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); + MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0]))); return(FixBrokenPE32FileExW(uniFileName, FileStatusInfo, FileFixInfo)); } else @@ -1643,7 +1643,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV if(myFileStatusInfo == NULL) //here check for myfilestrus..ah lol, youre right { - myFileStatusInfo=(PFILE_STATUS_INFO)&filestatusinfo; + myFileStatusInfo = (PFILE_STATUS_INFO)&filestatusinfo; IsPE32FileValidExW(szFileName, UE_DEPTH_DEEP, myFileStatusInfo); } if(myFileFixInfo->FileFixPerformed == false && myFileStatusInfo->OveralEvaluation == UE_RESULT_FILE_INVALID_BUT_FIXABLE) @@ -1702,7 +1702,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV if(!FileIs64) { /* - x86 Surface check + x86 Surface check */ __try { @@ -1715,7 +1715,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV CorrectedImageSize = ((PEHeader32->OptionalHeader.SizeOfImage / PEHeader32->OptionalHeader.SectionAlignment) + 1) * PEHeader32->OptionalHeader.SectionAlignment; } /* - Fixing import table + Fixing import table */ if(myFileStatusInfo->MissingDeclaredAPIs) { @@ -1824,7 +1824,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV } } /* - Fixing Export table + Fixing Export table */ if(myFileStatusInfo->ExportTable == UE_FIELD_NOT_PRESET_WARNING) { @@ -1889,7 +1889,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV } } /* - Fixing Relocation table + Fixing Relocation table */ if(myFileStatusInfo->FileIsDLL == true && myFileStatusInfo->RelocationTable == UE_FIELD_BROKEN_NON_FIXABLE) { @@ -1981,7 +1981,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV FileFixed = false; } /* - Fixing Resource table + Fixing Resource table */ if(myFileFixInfo->DontFixResources == false && myFileStatusInfo->ResourceData != UE_FIELD_OK && myFileStatusInfo->ResourceData != UE_FIELD_NOT_PRESET) { @@ -2018,7 +2018,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV } } /* - Fixing TLS table + Fixing TLS table */ if(myFileFixInfo->DontFixTLS == false && myFileStatusInfo->TLSTable != UE_FIELD_OK && myFileStatusInfo->TLSTable != UE_FIELD_NOT_PRESET) { @@ -2095,7 +2095,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV } } /* - Fix Load config table + Fix Load config table */ if(myFileFixInfo->DontFixLoadConfig == false && myFileStatusInfo->LoadConfigTable != UE_FIELD_OK && myFileStatusInfo->LoadConfigTable != UE_FIELD_NOT_PRESET) { @@ -2124,7 +2124,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV } } /* - Fix Bound import table + Fix Bound import table */ if(myFileFixInfo->DontFixBoundImports == false && myFileStatusInfo->BoundImportTable != UE_FIELD_OK && myFileStatusInfo->BoundImportTable != UE_FIELD_NOT_PRESET) { @@ -2153,7 +2153,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV } } /* - Fix IAT + Fix IAT */ if(myFileFixInfo->DontFixIAT == false && myFileStatusInfo->IATTable != UE_FIELD_OK && myFileStatusInfo->IATTable != UE_FIELD_NOT_PRESET) { @@ -2182,7 +2182,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV } } /* - Fix COM header + Fix COM header */ if(myFileFixInfo->DontFixCOM == false && myFileStatusInfo->COMHeaderTable != UE_FIELD_OK && myFileStatusInfo->COMHeaderTable != UE_FIELD_NOT_PRESET) { @@ -2211,7 +2211,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV } } /* - Fix sections and SizeOfImage + Fix sections and SizeOfImage */ if(myFileStatusInfo->SectionTable != UE_FIELD_OK || myFileStatusInfo->SizeOfImage != UE_FIELD_OK) { @@ -2252,7 +2252,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV } } /* - Entry point check + Entry point check */ if(myFileStatusInfo->EntryPoint != UE_FIELD_OK) { @@ -2275,7 +2275,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV } } /* - Fix end + Fix end */ UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA); if(FileFixed) @@ -2295,7 +2295,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV else { /* - x64 Surface check + x64 Surface check */ __try { @@ -2308,7 +2308,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV CorrectedImageSize = ((PEHeader64->OptionalHeader.SizeOfImage / PEHeader64->OptionalHeader.SectionAlignment) + 1) * PEHeader64->OptionalHeader.SectionAlignment; } /* - Fixing import table + Fixing import table */ if(myFileStatusInfo->MissingDeclaredAPIs) { @@ -2417,7 +2417,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV } } /* - Fixing Export table + Fixing Export table */ if(myFileStatusInfo->ExportTable == UE_FIELD_NOT_PRESET_WARNING) { @@ -2482,7 +2482,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV } } /* - Fixing Relocation table + Fixing Relocation table */ if(myFileStatusInfo->FileIsDLL == true && myFileStatusInfo->RelocationTable == UE_FIELD_BROKEN_NON_FIXABLE) { @@ -2574,7 +2574,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV FileFixed = false; } /* - Fixing Resource table + Fixing Resource table */ if(myFileFixInfo->DontFixResources == false && myFileStatusInfo->ResourceData != UE_FIELD_OK && myFileStatusInfo->ResourceData != UE_FIELD_NOT_PRESET) { @@ -2611,7 +2611,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV } } /* - Fixing TLS table + Fixing TLS table */ if(myFileFixInfo->DontFixTLS == false && myFileStatusInfo->TLSTable != UE_FIELD_OK && myFileStatusInfo->TLSTable != UE_FIELD_NOT_PRESET) { @@ -2688,7 +2688,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV } } /* - Fix Load config table + Fix Load config table */ if(myFileFixInfo->DontFixLoadConfig == false && myFileStatusInfo->LoadConfigTable != UE_FIELD_OK && myFileStatusInfo->LoadConfigTable != UE_FIELD_NOT_PRESET) { @@ -2717,7 +2717,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV } } /* - Fix Bound import table + Fix Bound import table */ if(myFileFixInfo->DontFixBoundImports == false && myFileStatusInfo->BoundImportTable != UE_FIELD_OK && myFileStatusInfo->BoundImportTable != UE_FIELD_NOT_PRESET) { @@ -2746,7 +2746,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV } } /* - Fix IAT + Fix IAT */ if(myFileFixInfo->DontFixIAT == false && myFileStatusInfo->IATTable != UE_FIELD_OK && myFileStatusInfo->IATTable != UE_FIELD_NOT_PRESET) { @@ -2775,7 +2775,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV } } /* - Fix COM header + Fix COM header */ if(myFileFixInfo->DontFixCOM == false && myFileStatusInfo->COMHeaderTable != UE_FIELD_OK && myFileStatusInfo->COMHeaderTable != UE_FIELD_NOT_PRESET) { @@ -2804,7 +2804,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV } } /* - Fix sections and SizeOfImage + Fix sections and SizeOfImage */ if(myFileStatusInfo->SectionTable != UE_FIELD_OK || myFileStatusInfo->SizeOfImage != UE_FIELD_OK) { @@ -2845,7 +2845,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV } } /* - Entry point check + Entry point check */ if(myFileStatusInfo->EntryPoint != UE_FIELD_OK) { @@ -2868,7 +2868,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV } } /* - Fix end + Fix end */ UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA); if(FileFixed) diff --git a/TitanEngine/TitanEngine.PE.Overlay.cpp b/TitanEngine/TitanEngine.PE.Overlay.cpp index 0592f40..bd1077e 100644 --- a/TitanEngine/TitanEngine.PE.Overlay.cpp +++ b/TitanEngine/TitanEngine.PE.Overlay.cpp @@ -14,7 +14,7 @@ __declspec(dllexport) bool TITCALL FindOverlay(char* szFileName, LPDWORD Overlay if(szFileName != NULL) { - MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); + MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0]))); return(FindOverlayW(uniFileName, OverlayStart, OverlaySize)); } else @@ -156,8 +156,8 @@ __declspec(dllexport) bool TITCALL ExtractOverlay(char* szFileName, char* szExta if(szFileName != NULL && szExtactedFileName != NULL) { - MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); - MultiByteToWideChar(CP_ACP, NULL, szExtactedFileName, lstrlenA(szExtactedFileName)+1, uniExtactedFileName, sizeof(uniExtactedFileName)/(sizeof(uniExtactedFileName[0]))); + MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0]))); + MultiByteToWideChar(CP_ACP, NULL, szExtactedFileName, lstrlenA(szExtactedFileName) + 1, uniExtactedFileName, sizeof(uniExtactedFileName) / (sizeof(uniExtactedFileName[0]))); return(ExtractOverlayW(uniFileName, uniExtactedFileName)); } else @@ -241,8 +241,8 @@ __declspec(dllexport) bool TITCALL AddOverlay(char* szFileName, char* szOverlayF if(szFileName != NULL && szOverlayFileName != NULL) { - MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); - MultiByteToWideChar(CP_ACP, NULL, szOverlayFileName, lstrlenA(szOverlayFileName)+1, uniOverlayFileName, sizeof(uniOverlayFileName)/(sizeof(uniOverlayFileName[0]))); + MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0]))); + MultiByteToWideChar(CP_ACP, NULL, szOverlayFileName, lstrlenA(szOverlayFileName) + 1, uniOverlayFileName, sizeof(uniOverlayFileName) / (sizeof(uniOverlayFileName[0]))); return(AddOverlayW(uniFileName, uniOverlayFileName)); } else @@ -261,7 +261,7 @@ __declspec(dllexport) bool TITCALL AddOverlayW(wchar_t* szFileName, wchar_t* szO DWORD uedNumberOfBytesRead = 0; char ueReadBuffer[0x2000] = {0}; - hFile = CreateFileW(szFileName, GENERIC_READ+GENERIC_WRITE, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); + hFile = CreateFileW(szFileName, GENERIC_READ + GENERIC_WRITE, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); if(hFile != INVALID_HANDLE_VALUE) { hFileRead = CreateFileW(szOverlayFileName, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); @@ -323,8 +323,8 @@ __declspec(dllexport) bool TITCALL CopyOverlay(char* szInFileName, char* szOutFi if(szInFileName != NULL && szOutFileName != NULL) { - MultiByteToWideChar(CP_ACP, NULL, szInFileName, lstrlenA(szInFileName)+1, uniInFileName, sizeof(uniInFileName)/(sizeof(uniInFileName[0]))); - MultiByteToWideChar(CP_ACP, NULL, szOutFileName, lstrlenA(szOutFileName)+1, uniOutFileName, sizeof(uniOutFileName)/(sizeof(uniOutFileName[0]))); + MultiByteToWideChar(CP_ACP, NULL, szInFileName, lstrlenA(szInFileName) + 1, uniInFileName, sizeof(uniInFileName) / (sizeof(uniInFileName[0]))); + MultiByteToWideChar(CP_ACP, NULL, szOutFileName, lstrlenA(szOutFileName) + 1, uniOutFileName, sizeof(uniOutFileName) / (sizeof(uniOutFileName[0]))); return(CopyOverlayW(uniInFileName, uniOutFileName)); } else @@ -359,7 +359,7 @@ __declspec(dllexport) bool TITCALL RemoveOverlay(char* szFileName) if(szFileName != NULL) { - MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); + MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0]))); return(RemoveOverlayW(uniFileName)); } else diff --git a/TitanEngine/TitanEngine.PE.Section.cpp b/TitanEngine/TitanEngine.PE.Section.cpp index efe8035..0c158d9 100644 --- a/TitanEngine/TitanEngine.PE.Section.cpp +++ b/TitanEngine/TitanEngine.PE.Section.cpp @@ -12,8 +12,8 @@ __declspec(dllexport) bool TITCALL ExtractSection(char* szFileName, char* szDump if(szFileName != NULL && szDumpFileName != NULL) { - MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); - MultiByteToWideChar(CP_ACP, NULL, szDumpFileName, lstrlenA(szDumpFileName)+1, uniDumpFileName, sizeof(uniDumpFileName)/(sizeof(uniDumpFileName[0]))); + MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0]))); + MultiByteToWideChar(CP_ACP, NULL, szDumpFileName, lstrlenA(szDumpFileName) + 1, uniDumpFileName, sizeof(uniDumpFileName) / (sizeof(uniDumpFileName[0]))); return(ExtractSectionW(uniFileName, uniDumpFileName, SectionNumber)); } else @@ -130,7 +130,7 @@ __declspec(dllexport) bool TITCALL ResortFileSections(char* szFileName) if(szFileName != NULL) { - MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); + MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0]))); return(ResortFileSectionsW(uniFileName)); } else @@ -346,7 +346,7 @@ __declspec(dllexport) bool TITCALL MakeAllSectionsRWE(char* szFileName) if(szFileName != NULL) { - MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); + MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0]))); return(MakeAllSectionsRWEW(uniFileName)); } else @@ -500,7 +500,7 @@ __declspec(dllexport) long TITCALL AddNewSectionEx(char* szFileName, char* szSec if(szFileName != NULL) { - MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); + MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0]))); return(AddNewSectionExW(uniFileName, szSectionName, SectionSize, SectionAttributes, SectionContent, ContentSize)); } else @@ -706,7 +706,7 @@ __declspec(dllexport) long TITCALL AddNewSectionExW(wchar_t* szFileName, char* s PESections = IMAGE_FIRST_SECTION(PEHeader32); SectionNumber = PEHeader32->FileHeader.NumberOfSections; PEHeader32->FileHeader.NumberOfSections = PEHeader32->FileHeader.NumberOfSections + 1; - PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + (SectionNumber - 1)* IMAGE_SIZEOF_SECTION_HEADER); + PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + (SectionNumber - 1) * IMAGE_SIZEOF_SECTION_HEADER); NewSectionVirtualOffset = PESections->VirtualAddress + (PESections->Misc.VirtualSize / PEHeader32->OptionalHeader.SectionAlignment) * PEHeader32->OptionalHeader.SectionAlignment; if(NewSectionVirtualOffset < PESections->VirtualAddress + PESections->Misc.VirtualSize) { @@ -788,7 +788,7 @@ __declspec(dllexport) long TITCALL AddNewSectionExW(wchar_t* szFileName, char* s PESections = IMAGE_FIRST_SECTION(PEHeader64); SectionNumber = PEHeader64->FileHeader.NumberOfSections; PEHeader32->FileHeader.NumberOfSections = PEHeader32->FileHeader.NumberOfSections + 1; - PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + (SectionNumber - 1)* IMAGE_SIZEOF_SECTION_HEADER); + PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + (SectionNumber - 1) * IMAGE_SIZEOF_SECTION_HEADER); NewSectionVirtualOffset = PESections->VirtualAddress + (PESections->Misc.VirtualSize / PEHeader64->OptionalHeader.SectionAlignment) * PEHeader64->OptionalHeader.SectionAlignment; if(NewSectionVirtualOffset < PESections->VirtualAddress + PESections->Misc.VirtualSize) { @@ -883,7 +883,7 @@ __declspec(dllexport) bool TITCALL ResizeLastSection(char* szFileName, DWORD Num if(szFileName != NULL) { - MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); + MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0]))); return(ResizeLastSectionW(uniFileName, NumberOfExpandBytes, AlignResizeData)); } else @@ -1101,7 +1101,7 @@ __declspec(dllexport) bool TITCALL DeleteLastSection(char* szFileName) if(szFileName != NULL) { - MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); + MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0]))); return(DeleteLastSectionW(uniFileName)); } else @@ -1289,7 +1289,7 @@ __declspec(dllexport) bool TITCALL WipeSection(char* szFileName, int WipeSection if(szFileName != NULL) { - MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); + MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0]))); return(WipeSectionW(uniFileName, WipeSectionNumber, RemovePhysically)); } else @@ -1340,7 +1340,7 @@ __declspec(dllexport) bool TITCALL WipeSectionW(wchar_t* szFileName, int WipeSec DOSHeader = (PIMAGE_DOS_HEADER)FileMapVA; if(EngineValidateHeader(FileMapVA, FileHandle, NULL, DOSHeader, true)) { - ULONG_PTR WipeRawSize=GetPE32DataFromMappedFile(FileMapVA, SectionNumber, UE_SECTIONRAWSIZE); + ULONG_PTR WipeRawSize = GetPE32DataFromMappedFile(FileMapVA, SectionNumber, UE_SECTIONRAWSIZE); if(!WipeRawSize) RemovePhysically = false; PEHeader32 = (PIMAGE_NT_HEADERS32)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew); diff --git a/TitanEngine/TitanEngine.PE.cpp b/TitanEngine/TitanEngine.PE.cpp index ab88f74..7ba2837 100644 --- a/TitanEngine/TitanEngine.PE.cpp +++ b/TitanEngine/TitanEngine.PE.cpp @@ -10,7 +10,7 @@ __declspec(dllexport) bool TITCALL PastePEHeader(HANDLE hProcess, LPVOID ImageBa if(szDebuggedFileName != NULL) { - MultiByteToWideChar(CP_ACP, NULL, szDebuggedFileName, lstrlenA(szDebuggedFileName)+1, uniDebuggedFileName, sizeof(uniDebuggedFileName)/(sizeof(uniDebuggedFileName[0]))); + MultiByteToWideChar(CP_ACP, NULL, szDebuggedFileName, lstrlenA(szDebuggedFileName) + 1, uniDebuggedFileName, sizeof(uniDebuggedFileName) / (sizeof(uniDebuggedFileName[0]))); return(PastePEHeaderW(hProcess, ImageBase, uniDebuggedFileName)); } else diff --git a/TitanEngine/TitanEngine.Process.cpp b/TitanEngine/TitanEngine.Process.cpp index ebe1778..6010b61 100644 --- a/TitanEngine/TitanEngine.Process.cpp +++ b/TitanEngine/TitanEngine.Process.cpp @@ -28,7 +28,7 @@ __declspec(dllexport) long TITCALL GetActiveProcessIdW(wchar_t* szImageName) wchar_t szProcessPath[1024] = {}; DWORD cbNeeded = NULL; HANDLE hProcess; - wchar_t * nameOnly = 0; + wchar_t* nameOnly = 0; if(EnumProcesses(bProcessId, sizeof(bProcessId), &cbNeeded)) { @@ -45,15 +45,15 @@ __declspec(dllexport) long TITCALL GetActiveProcessIdW(wchar_t* szImageName) lstrcpyW(szProcessPath, szTranslatedProcName); VirtualFree((void*)szTranslatedProcName, NULL, MEM_RELEASE); EngineCloseHandle(hProcess); - + if(_wcsicmp(szProcessPath, szImageName) == 0) { return(bProcessId[i]); } - else + else { nameOnly = wcsrchr(szProcessPath, L'\\'); - if (nameOnly) + if(nameOnly) { nameOnly++; if(_wcsicmp(nameOnly, szImageName) == 0) @@ -79,7 +79,7 @@ __declspec(dllexport) void TITCALL EnumProcessesWithLibrary(char* szLibraryName, int i; int j; - typedef void(TITCALL *fEnumFunction)(DWORD ProcessId, HMODULE ModuleBaseAddress); + typedef void(TITCALL * fEnumFunction)(DWORD ProcessId, HMODULE ModuleBaseAddress); fEnumFunction myEnumFunction = (fEnumFunction)EnumFunction; HMODULE EnumeratedModules[1024] = {0}; DWORD bProcessId[1024] = {0}; @@ -96,7 +96,7 @@ __declspec(dllexport) void TITCALL EnumProcessesWithLibrary(char* szLibraryName, { if(bProcessId[i] != NULL) { - hProcess = EngineOpenProcess(PROCESS_VM_READ|PROCESS_QUERY_INFORMATION, 0, bProcessId[i]); + hProcess = EngineOpenProcess(PROCESS_VM_READ | PROCESS_QUERY_INFORMATION, 0, bProcessId[i]); if(hProcess != NULL) { RtlZeroMemory(EnumeratedModules, sizeof(EnumeratedModules)); diff --git a/TitanEngine/TitanEngine.Realigner.cpp b/TitanEngine/TitanEngine.Realigner.cpp index f41f771..1890bfa 100644 --- a/TitanEngine/TitanEngine.Realigner.cpp +++ b/TitanEngine/TitanEngine.Realigner.cpp @@ -220,7 +220,7 @@ __declspec(dllexport) long TITCALL RealignPEEx(char* szFileName, DWORD RealingFi if(szFileName != NULL) { - MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); + MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0]))); return(RealignPEExW(uniFileName, RealingFileSize, ForcedFileAlignment)); } else diff --git a/TitanEngine/TitanEngine.Relocator.cpp b/TitanEngine/TitanEngine.Relocator.cpp index 452398f..7456158 100644 --- a/TitanEngine/TitanEngine.Relocator.cpp +++ b/TitanEngine/TitanEngine.Relocator.cpp @@ -185,7 +185,7 @@ __declspec(dllexport) bool TITCALL RelocaterExportRelocationEx(char* szFileName, if(szFileName != NULL) { - MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); + MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0]))); return(RelocaterExportRelocationExW(uniFileName, szSectionName)); } else @@ -319,8 +319,8 @@ __declspec(dllexport) bool TITCALL RelocaterCompareTwoSnapshots(HANDLE hProcess, if(szDumpFile1 != NULL && szDumpFile2 != NULL) { - MultiByteToWideChar(CP_ACP, NULL, szDumpFile1, lstrlenA(szDumpFile1)+1, uniDumpFile1, sizeof(uniDumpFile1)/(sizeof(uniDumpFile1[0]))); - MultiByteToWideChar(CP_ACP, NULL, szDumpFile2, lstrlenA(szDumpFile2)+1, uniDumpFile2, sizeof(uniDumpFile2)/(sizeof(uniDumpFile2[0]))); + MultiByteToWideChar(CP_ACP, NULL, szDumpFile1, lstrlenA(szDumpFile1) + 1, uniDumpFile1, sizeof(uniDumpFile1) / (sizeof(uniDumpFile1[0]))); + MultiByteToWideChar(CP_ACP, NULL, szDumpFile2, lstrlenA(szDumpFile2) + 1, uniDumpFile2, sizeof(uniDumpFile2) / (sizeof(uniDumpFile2[0]))); return(RelocaterCompareTwoSnapshotsW(hProcess, LoadedImageBase, NtSizeOfImage, uniDumpFile1, uniDumpFile2, MemStart)); } else @@ -450,7 +450,7 @@ __declspec(dllexport) bool TITCALL RelocaterChangeFileBase(char* szFileName, ULO if(szFileName != NULL) { - MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); + MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0]))); return(RelocaterChangeFileBaseW(uniFileName, NewImageBase)); } else @@ -733,7 +733,7 @@ __declspec(dllexport) bool TITCALL RelocaterWipeRelocationTable(char* szFileName if(szFileName != NULL) { - MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); + MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0]))); return(RelocaterWipeRelocationTableW(uniFileName)); } else diff --git a/TitanEngine/TitanEngine.Resourcer.cpp b/TitanEngine/TitanEngine.Resourcer.cpp index 2e1b565..eb3fb0c 100644 --- a/TitanEngine/TitanEngine.Resourcer.cpp +++ b/TitanEngine/TitanEngine.Resourcer.cpp @@ -115,10 +115,10 @@ __declspec(dllexport) bool TITCALL ResourcerFindResource(char* szFileName, char* if(szFileName != NULL) { - MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); + MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0]))); if(szResourceName != NULL) { - MultiByteToWideChar(CP_ACP, NULL, szResourceName, lstrlenA(szResourceName)+1, uniResourceName, sizeof(uniResourceName)/(sizeof(uniResourceName[0]))); + MultiByteToWideChar(CP_ACP, NULL, szResourceName, lstrlenA(szResourceName) + 1, uniResourceName, sizeof(uniResourceName) / (sizeof(uniResourceName[0]))); } else { @@ -126,7 +126,7 @@ __declspec(dllexport) bool TITCALL ResourcerFindResource(char* szFileName, char* } if(szResourceType != NULL) { - MultiByteToWideChar(CP_ACP, NULL, szResourceType, lstrlenA(szResourceType)+1, uniResourceType, sizeof(uniResourceType)/(sizeof(uniResourceType[0]))); + MultiByteToWideChar(CP_ACP, NULL, szResourceType, lstrlenA(szResourceType) + 1, uniResourceType, sizeof(uniResourceType) / (sizeof(uniResourceType[0]))); } else { @@ -168,7 +168,7 @@ __declspec(dllexport) bool TITCALL ResourcerFindResourceW(wchar_t* szFileName, w __declspec(dllexport) bool TITCALL ResourcerFindResourceEx(ULONG_PTR FileMapVA, DWORD FileSize, wchar_t* szResourceType, DWORD ResourceType, wchar_t* szResourceName, DWORD ResourceName, DWORD ResourceLanguage, PULONG_PTR pResourceData, LPDWORD pResourceSize) { - int i,j,n; + int i, j, n; wchar_t* uniResourceName; wchar_t* uniResourceType; PIMAGE_RESOURCE_DIRECTORY PEResource; @@ -255,7 +255,7 @@ __declspec(dllexport) void TITCALL ResourcerEnumerateResource(char* szFileName, if(szFileName != NULL) { - MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); + MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0]))); ResourcerEnumerateResourceW(uniFileName, CallBack); } } @@ -278,7 +278,7 @@ __declspec(dllexport) void TITCALL ResourcerEnumerateResourceW(wchar_t* szFileNa __declspec(dllexport) void TITCALL ResourcerEnumerateResourceEx(ULONG_PTR FileMapVA, DWORD FileSize, void* CallBack) { - int i,j,n; + int i, j, n; wchar_t* uniResourceName; wchar_t* uniResourceType; PIMAGE_RESOURCE_DIRECTORY PEResource; @@ -289,7 +289,7 @@ __declspec(dllexport) void TITCALL ResourcerEnumerateResourceEx(ULONG_PTR FileMa PIMAGE_RESOURCE_DIRECTORY PESubResourcePtr2; PIMAGE_RESOURCE_DIRECTORY_ENTRY PEResourceDir2; PIMAGE_RESOURCE_DATA_ENTRY PEResourceItem; - typedef bool(TITCALL *fResourceEnumerator)(wchar_t* szResourceType, DWORD ResourceType, wchar_t* szResourceName, DWORD ResourceName, DWORD ResourceLanguage, DWORD ResourceData, DWORD ResourceSize); + typedef bool(TITCALL * fResourceEnumerator)(wchar_t* szResourceType, DWORD ResourceType, wchar_t* szResourceName, DWORD ResourceName, DWORD ResourceLanguage, DWORD ResourceData, DWORD ResourceSize); fResourceEnumerator myResourceEnumerator = (fResourceEnumerator)CallBack; __try diff --git a/TitanEngine/TitanEngine.Static.cpp b/TitanEngine/TitanEngine.Static.cpp index bfdf914..df3b3e9 100644 --- a/TitanEngine/TitanEngine.Static.cpp +++ b/TitanEngine/TitanEngine.Static.cpp @@ -62,7 +62,7 @@ __declspec(dllexport) bool TITCALL StaticFileUnload(char* szFileName, bool Commi if(szFileName != NULL) { - MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); + MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0]))); return(StaticFileUnloadW(uniFileName, CommitChanges, FileHandle, LoadedSize, FileMap, FileMapVA)); } else @@ -183,7 +183,7 @@ __declspec(dllexport) bool TITCALL StaticFileOpen(char* szFileName, DWORD Desire if(szFileName != NULL) { - MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); + MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0]))); return StaticFileOpenW(uniFileName, DesiredAccess, FileHandle, FileSizeLow, FileSizeHigh); } @@ -251,7 +251,7 @@ __declspec(dllexport) void TITCALL StaticMemoryDecrypt(LPVOID MemoryStart, DWORD ULONG64 DataQword = NULL; //ignore too big stuff - if(DecryptionKeySize>sizeof(ULONG_PTR)) + if(DecryptionKeySize > sizeof(ULONG_PTR)) return; if(MemoryStart != NULL && MemorySize > NULL) @@ -349,7 +349,7 @@ __declspec(dllexport) void TITCALL StaticMemoryDecrypt(LPVOID MemoryStart, DWORD __declspec(dllexport) void TITCALL StaticMemoryDecryptEx(LPVOID MemoryStart, DWORD MemorySize, DWORD DecryptionKeySize, void* DecryptionCallBack) { DWORD LoopCount = NULL; - typedef bool(TITCALL *fStaticCallBack)(void* sMemoryStart, int sKeySize); + typedef bool(TITCALL * fStaticCallBack)(void* sMemoryStart, int sKeySize); fStaticCallBack myStaticCallBack = (fStaticCallBack)DecryptionCallBack; if(MemoryStart != NULL && MemorySize > NULL) @@ -377,7 +377,7 @@ __declspec(dllexport) void TITCALL StaticMemoryDecryptEx(LPVOID MemoryStart, DWO __declspec(dllexport) void TITCALL StaticMemoryDecryptSpecial(LPVOID MemoryStart, DWORD MemorySize, DWORD DecryptionKeySize, DWORD SpecDecryptionType, void* DecryptionCallBack) { DWORD LoopCount = NULL; - typedef bool(TITCALL *fStaticCallBack)(void* sMemoryStart, int sKeySize); + typedef bool(TITCALL * fStaticCallBack)(void* sMemoryStart, int sKeySize); fStaticCallBack myStaticCallBack = (fStaticCallBack)DecryptionCallBack; if(MemoryStart != NULL && MemorySize > NULL) @@ -463,7 +463,7 @@ __declspec(dllexport) bool TITCALL StaticRawMemoryCopy(HANDLE hFile, ULONG_PTR F if(szDumpFileName != NULL) { - MultiByteToWideChar(CP_ACP, NULL, szDumpFileName, lstrlenA(szDumpFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); + MultiByteToWideChar(CP_ACP, NULL, szDumpFileName, lstrlenA(szDumpFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0]))); return(StaticRawMemoryCopyW(hFile, FileMapVA, VitualAddressToCopy, Size, AddressIsRVA, uniFileName)); } else @@ -564,7 +564,7 @@ __declspec(dllexport) bool TITCALL StaticRawMemoryCopyEx(HANDLE hFile, DWORD Raw if(szDumpFileName != NULL) { - MultiByteToWideChar(CP_ACP, NULL, szDumpFileName, lstrlenA(szDumpFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); + MultiByteToWideChar(CP_ACP, NULL, szDumpFileName, lstrlenA(szDumpFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0]))); return(StaticRawMemoryCopyExW(hFile, RawAddressToCopy, Size, uniFileName)); } else @@ -651,7 +651,7 @@ __declspec(dllexport) bool TITCALL StaticRawMemoryCopyEx64(HANDLE hFile, DWORD64 if(szDumpFileName != NULL) { - MultiByteToWideChar(CP_ACP, NULL, szDumpFileName, lstrlenA(szDumpFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); + MultiByteToWideChar(CP_ACP, NULL, szDumpFileName, lstrlenA(szDumpFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0]))); return StaticRawMemoryCopyEx64W(hFile, RawAddressToCopy, Size, uniFileName); } @@ -895,7 +895,7 @@ __declspec(dllexport) bool TITCALL StaticHashFile(char* szFileName, char* HashDi if(szFileName != NULL) { - MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); + MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0]))); return StaticHashFileW(uniFileName, HashDigest, OutputString, Algorithm); } diff --git a/TitanEngine/TitanEngine.TLS.cpp b/TitanEngine/TitanEngine.TLS.cpp index 677ad81..c18f36f 100644 --- a/TitanEngine/TitanEngine.TLS.cpp +++ b/TitanEngine/TitanEngine.TLS.cpp @@ -20,7 +20,7 @@ __declspec(dllexport) bool TITCALL TLSBreakOnCallBack(LPVOID ArrayOfCallBacks, D if(NumberOfCallBacks && EngineIsValidReadPtrEx(ReadArrayOfCallBacks, sizeof(ULONG_PTR)*NumberOfCallBacks) && bpxCallBack) { ClearTlsCallBackList(); //clear TLS cb list - for(unsigned int i=0; idwThreadId) + if(hListThread.at(i).dwThreadId == NewThreadData->dwThreadId) { notInList = false; CloseHandle(NewThreadData->hThread); //handle not needed @@ -28,7 +28,7 @@ void updateThreadList( THREAD_ITEM_DATA* NewThreadData ) } } - if (notInList) + if(notInList) { hListThread.push_back(*NewThreadData); } @@ -40,27 +40,27 @@ __declspec(dllexport) bool TITCALL ThreaderImportRunningThreadData(DWORD Process bool updateList = false; DWORD dwProcessId = 0; - if (ProcessId == NULL && dbgProcessInformation.hProcess != NULL) + if(ProcessId == NULL && dbgProcessInformation.hProcess != NULL) { updateList = true; dwProcessId = GetProcessId(dbgProcessInformation.hProcess); } - else if (ProcessId != NULL && dbgProcessInformation.hProcess != NULL) + else if(ProcessId != NULL && dbgProcessInformation.hProcess != NULL) { updateList = true; dwProcessId = ProcessId; } - else if (ProcessId != NULL && dbgProcessInformation.hProcess == NULL) + else if(ProcessId != NULL && dbgProcessInformation.hProcess == NULL) { updateList = false; dwProcessId = ProcessId; } - else if (ProcessId == NULL && dbgProcessInformation.hProcess == NULL) + else if(ProcessId == NULL && dbgProcessInformation.hProcess == NULL) { return false; } - if (updateList == false) + if(updateList == false) { std::vector().swap(hListThread); //clear thread list } @@ -73,15 +73,15 @@ __declspec(dllexport) bool TITCALL ThreaderImportRunningThreadData(DWORD Process PSYSTEM_PROCESS_INFORMATION pIter; PSYSTEM_THREAD_INFORMATION pIterThread; - if (NtQuerySystemInformation(SystemProcessInformation, pBuffer, bufferLength, &retLength) == STATUS_INFO_LENGTH_MISMATCH) + if(NtQuerySystemInformation(SystemProcessInformation, pBuffer, bufferLength, &retLength) == STATUS_INFO_LENGTH_MISMATCH) { free(pBuffer); bufferLength = retLength + sizeof(SYSTEM_PROCESS_INFORMATION); pBuffer = (PSYSTEM_PROCESS_INFORMATION)malloc(bufferLength); - if (!pBuffer) + if(!pBuffer) return false; - if (NtQuerySystemInformation(SystemProcessInformation, pBuffer, bufferLength, &retLength) != STATUS_SUCCESS) + if(NtQuerySystemInformation(SystemProcessInformation, pBuffer, bufferLength, &retLength) != STATUS_SUCCESS) { return false; } @@ -95,10 +95,10 @@ __declspec(dllexport) bool TITCALL ThreaderImportRunningThreadData(DWORD Process while(TRUE) { - if (pIter->UniqueProcessId == (HANDLE)dwProcessId) + if(pIter->UniqueProcessId == (HANDLE)dwProcessId) { pIterThread = &pIter->Threads[0]; - for (ULONG i = 0; i < pIter->NumberOfThreads; i++) + for(ULONG i = 0; i < pIter->NumberOfThreads; i++) { ZeroMemory(&NewThreadData, sizeof(THREAD_ITEM_DATA)); @@ -113,18 +113,18 @@ __declspec(dllexport) bool TITCALL ThreaderImportRunningThreadData(DWORD Process NewThreadData.dwThreadId = (DWORD)pIterThread->ClientId.UniqueThread; NewThreadData.hThread = OpenThread(THREAD_ALL_ACCESS, FALSE, NewThreadData.dwThreadId); - if (NewThreadData.hThread) + if(NewThreadData.hThread) { NewThreadData.TebAddress = GetTEBLocation(NewThreadData.hThread); PVOID startAddress = 0; - if (NtQueryInformationThread(NewThreadData.hThread, ThreadQuerySetWin32StartAddress, &startAddress, sizeof(PVOID), NULL) == STATUS_SUCCESS) + if(NtQueryInformationThread(NewThreadData.hThread, ThreadQuerySetWin32StartAddress, &startAddress, sizeof(PVOID), NULL) == STATUS_SUCCESS) { NewThreadData.ThreadStartAddress = startAddress; } } - if (updateList == false) + if(updateList == false) { hListThread.push_back(NewThreadData); } @@ -139,7 +139,7 @@ __declspec(dllexport) bool TITCALL ThreaderImportRunningThreadData(DWORD Process break; } - if (pIter->NextEntryOffset == 0) + if(pIter->NextEntryOffset == 0) { break; } @@ -159,8 +159,8 @@ __declspec(dllexport) void* TITCALL ThreaderGetThreadInfo(HANDLE hThread, DWORD return NULL; static THREAD_ITEM_DATA ThreadData; memset(&ThreadData, 0, sizeof(THREAD_ITEM_DATA)); - int threadcount=(int)hListThread.size(); - for(int i=0; iDataByte[0] == 0xE9 && CurrentInstructionSize == 5) { @@ -95,7 +95,7 @@ static ULONG_PTR EngineGlobalTracerHandler1(HANDLE hProcess, ULONG_PTR AddressTo } } /* - Near JUMP (0xFF25) + Near JUMP (0xFF25) */ } else if(HashInstructions == false && CompareMemory->DataByte[0] == 0xFF && CompareMemory->DataByte[1] == 0x25 && CurrentInstructionSize == 6) @@ -130,7 +130,7 @@ static ULONG_PTR EngineGlobalTracerHandler1(HANDLE hProcess, ULONG_PTR AddressTo } } /* - PUSH then RET (0x68 ???????? 0xC3) + PUSH then RET (0x68 ???????? 0xC3) */ } else if(HashInstructions == false && CompareMemory->DataByte[0] == 0x68 && CompareMemory->DataByte[5] == 0xC3 && CurrentInstructionSize == 5) @@ -170,7 +170,7 @@ static ULONG_PTR EngineGlobalTracerHandler1(HANDLE hProcess, ULONG_PTR AddressTo } } /* - CALL (0xE8) + CALL (0xE8) */ } else if(HashInstructions == true && CompareMemory->DataByte[0] == 0xE8 && CurrentInstructionSize == 5) @@ -178,14 +178,14 @@ static ULONG_PTR EngineGlobalTracerHandler1(HANDLE hProcess, ULONG_PTR AddressTo SkipHashing = true; InstructionHash = EngineHashMemory((char*)&EmptyCall, CurrentInstructionSize, InstructionHash); /* - PUSH (0x68) + PUSH (0x68) */ } else if(CompareMemory->DataByte[0] == 0x68 && CurrentInstructionSize == 5) { LastPushValue = (DWORD)(CompareMemory->DataByte[1] + CompareMemory->DataByte[2] * 0x1000 + CompareMemory->DataByte[3] * 0x100000 + CompareMemory->DataByte[4] * 0x10000000); /* - ADD BYTE PTR[AL],AL (0x00, 0x00) -> End of page! + ADD BYTE PTR[AL],AL (0x00, 0x00) -> End of page! */ } else if(CompareMemory->DataByte[0] == 0x00 && CurrentInstructionSize == 2) @@ -193,7 +193,7 @@ static ULONG_PTR EngineGlobalTracerHandler1(HANDLE hProcess, ULONG_PTR AddressTo FoundValidAPI = false; break; /* - RET (0xC3) + RET (0xC3) */ } else if(CompareMemory->DataByte[0] == 0xC3 && CurrentInstructionSize == 1) @@ -201,7 +201,7 @@ static ULONG_PTR EngineGlobalTracerHandler1(HANDLE hProcess, ULONG_PTR AddressTo NumberOfInstructions++; break; /* - RET (0xC2) + RET (0xC2) */ } else if(CompareMemory->DataByte[0] == 0xC2 && CurrentInstructionSize == 3) @@ -209,7 +209,7 @@ static ULONG_PTR EngineGlobalTracerHandler1(HANDLE hProcess, ULONG_PTR AddressTo NumberOfInstructions++; break; /* - Short JUMP (0xEB) + Short JUMP (0xEB) */ } else if(CompareMemory->DataByte[0] == 0xEB && CurrentInstructionSize == 2) @@ -217,48 +217,48 @@ static ULONG_PTR EngineGlobalTracerHandler1(HANDLE hProcess, ULONG_PTR AddressTo TraceStartAddress = TraceStartAddress + CompareMemory->DataByte[1]; SkipThisInstruction = true; /* - CLC (0xF8) + CLC (0xF8) */ } else if(CompareMemory->DataByte[0] == 0xF8 && CurrentInstructionSize == 1) { SkipThisInstruction = true; /* - STC (0xF9) + STC (0xF9) */ } else if(CompareMemory->DataByte[0] == 0xF9 && CurrentInstructionSize == 1) { SkipThisInstruction = true; /* - NOP (0x90) + NOP (0x90) */ } else if(CompareMemory->DataByte[0] == 0x90 && CurrentInstructionSize == 1) { SkipThisInstruction = true; /* - FNOP (0xD9 0xD0) + FNOP (0xD9 0xD0) */ } else if(CompareMemory->DataByte[0] == 0xD9 && CompareMemory->DataByte[1] == 0xD0 && CurrentInstructionSize == 2) { SkipThisInstruction = true; /* - Multiple MOV + Multiple MOV */ } else if(CompareMemory->DataByte[0] >= 0x8A && CompareMemory->DataByte[0] <= 0x8B) { /* - MOV EAX,EAX (0x8B 0xC8) + MOV EAX,EAX (0x8B 0xC8) */ if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xC8 && CurrentInstructionSize == 2) { SkipThisInstruction = true; } /* - MOV EBX,EBX (0x8B 0xC9) + MOV EBX,EBX (0x8B 0xC9) */ else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xC9 && CurrentInstructionSize == 2) { @@ -272,7 +272,7 @@ static ULONG_PTR EngineGlobalTracerHandler1(HANDLE hProcess, ULONG_PTR AddressTo SkipThisInstruction = true; } /* - MOV (0x8B 0xED) + MOV (0x8B 0xED) */ else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xED && CurrentInstructionSize == 2) { @@ -280,7 +280,7 @@ static ULONG_PTR EngineGlobalTracerHandler1(HANDLE hProcess, ULONG_PTR AddressTo } /* - MOV (0x8B 0xF6) + MOV (0x8B 0xF6) */ else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xF6 && CurrentInstructionSize == 2) { @@ -301,98 +301,98 @@ static ULONG_PTR EngineGlobalTracerHandler1(HANDLE hProcess, ULONG_PTR AddressTo SkipThisInstruction = true; } /* - MOV EDI,EDI (0x8B 0xFF) + MOV EDI,EDI (0x8B 0xFF) */ else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xFF && CurrentNumberOfInstructions != 1 && CurrentInstructionSize == 2) { SkipThisInstruction = true; } /* - MOV AL,AL (0x8A 0xC0) + MOV AL,AL (0x8A 0xC0) */ else if(CompareMemory->DataByte[0] == 0x8A && CompareMemory->DataByte[1] == 0xC0 && CurrentInstructionSize == 2) { SkipThisInstruction = true; } /* - MOV BL,BL (0x8A 0xDB) + MOV BL,BL (0x8A 0xDB) */ else if(CompareMemory->DataByte[0] == 0x8A && CompareMemory->DataByte[1] == 0xDB && CurrentInstructionSize == 2) { SkipThisInstruction = true; } /* - MOV CL,CL (0x8A 0xC9) + MOV CL,CL (0x8A 0xC9) */ else if(CompareMemory->DataByte[0] == 0x8A && CompareMemory->DataByte[1] == 0xC9 && CurrentInstructionSize == 2) { SkipThisInstruction = true; } /* - MOV (0x8A 0xD2) + MOV (0x8A 0xD2) */ else if(CompareMemory->DataByte[0] == 0x8A && CompareMemory->DataByte[1] == 0xD2 && CurrentInstructionSize == 2) { SkipThisInstruction = true; } /* - MOV (0x8A 0xE4) + MOV (0x8A 0xE4) */ else if(CompareMemory->DataByte[0] == 0x8A && CompareMemory->DataByte[1] == 0xE4 && CurrentInstructionSize == 2) { SkipThisInstruction = true; } /* - MOV (0x8A 0xED) + MOV (0x8A 0xED) */ else if(CompareMemory->DataByte[0] == 0x8A && CompareMemory->DataByte[1] == 0xED && CurrentInstructionSize == 2) { SkipThisInstruction = true; } /* - MOV (0x8A 0xFF) + MOV (0x8A 0xFF) */ else if(CompareMemory->DataByte[0] == 0x8A && CompareMemory->DataByte[1] == 0xFF && CurrentInstructionSize == 2) { SkipThisInstruction = true; } /* - MOV (0x8A 0xF6) + MOV (0x8A 0xF6) */ else if(CompareMemory->DataByte[0] == 0x8A && CompareMemory->DataByte[1] == 0xF6 && CurrentInstructionSize == 2) { SkipThisInstruction = true; } /* - MOV AX,AX (0x8B 0xC0) + MOV AX,AX (0x8B 0xC0) */ else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xC0 && CurrentInstructionSize == 2) { SkipThisInstruction = true; } /* - MOV (0x8B 0xDB) + MOV (0x8B 0xDB) */ else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xDB && CurrentInstructionSize == 2) { SkipThisInstruction = true; } /* - MOV (0x8B 0xC9) + MOV (0x8B 0xC9) */ else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xC9 && CurrentInstructionSize == 2) { SkipThisInstruction = true; } /* - MOV (0x8B 0xF6) + MOV (0x8B 0xF6) */ else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xF6 && CurrentInstructionSize == 2) { SkipThisInstruction = true; } /* - MOV (0x8B 0xED) + MOV (0x8B 0xED) */ else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xED && CurrentInstructionSize == 2) { @@ -400,27 +400,27 @@ static ULONG_PTR EngineGlobalTracerHandler1(HANDLE hProcess, ULONG_PTR AddressTo } } /* - RDTSC (0x0F 0x31) + RDTSC (0x0F 0x31) */ else if(CompareMemory->DataByte[0] == 0x0F && CompareMemory->DataByte[1] == 0x31 && CurrentInstructionSize == 2) { SkipThisInstruction = true; /* - CPUID (0x0F 0xA2) + CPUID (0x0F 0xA2) */ } else if(CompareMemory->DataByte[0] == 0x0F && CompareMemory->DataByte[1] == 0xA2 && CurrentInstructionSize == 2) { SkipThisInstruction = true; /* - XCHG EAX,EAX (0x87 0xC0) + XCHG EAX,EAX (0x87 0xC0) */ } else if(CompareMemory->DataByte[0] == 0x87 && CompareMemory->DataByte[1] == 0xC0 && CurrentInstructionSize == 2) { SkipThisInstruction = true; /* - SHL EAX,0 - SHL EDI,0 && SHR EAX,0 - SHR EDI,0 + SHL EAX,0 - SHL EDI,0 && SHR EAX,0 - SHR EDI,0 */ } else if(CompareMemory->DataByte[0] == 0xC1 && CurrentInstructionSize == 3) @@ -430,7 +430,7 @@ static ULONG_PTR EngineGlobalTracerHandler1(HANDLE hProcess, ULONG_PTR AddressTo SkipThisInstruction = true; } /* - ROR EAX,0 - ROR EDI,0 && ROL EAX,0 - ROL EDI,0 + ROR EAX,0 - ROR EDI,0 && ROL EAX,0 - ROL EDI,0 */ } else if(CompareMemory->DataByte[0] == 0xC1 && CurrentInstructionSize == 3) @@ -440,7 +440,7 @@ static ULONG_PTR EngineGlobalTracerHandler1(HANDLE hProcess, ULONG_PTR AddressTo SkipThisInstruction = true; } /* - LEA EAX,DWORD PTR[EAX] -> LEA EDI,DWORD PTR[EDI] + LEA EAX,DWORD PTR[EAX] -> LEA EDI,DWORD PTR[EDI] */ } else if(CompareMemory->DataByte[0] == 0x8D && CurrentInstructionSize == 2) @@ -527,7 +527,7 @@ static ULONG_PTR EngineGlobalTracerHandler1(HANDLE hProcess, ULONG_PTR AddressTo // TitanEngine.Tracer.functions: __declspec(dllexport) void TITCALL TracerInit() { - return; // UE 1.5 compatibility mode + return; // UE 1.5 compatibility mode } __declspec(dllexport) ULONG_PTR TITCALL TracerLevel1(HANDLE hProcess, ULONG_PTR AddressToTrace) @@ -707,7 +707,7 @@ __declspec(dllexport) ULONG_PTR TITCALL HashTracerLevel1(HANDLE hProcess, ULONG_ __declspec(dllexport) long TITCALL TracerDetectRedirection(HANDLE hProcess, ULONG_PTR AddressToTrace) { - int i,j; + int i, j; MEMORY_BASIC_INFORMATION MemInfo; DWORD KnownRedirectionIndex = NULL; ULONG_PTR ueNumberOfBytesRead = NULL; @@ -744,224 +744,224 @@ __declspec(dllexport) long TITCALL TracerDetectRedirection(HANDLE hProcess, ULON cMem = (PMEMORY_CMP_HANDLER)TraceMemory; if(cMem->DataByte[0] == 0xEB && cMem->DataByte[1] == 0x01 && ((cMem->DataByte[3] >= 0x50 && cMem->DataByte[3] <= 0x5F) || cMem->DataByte[3] == 0x6A || cMem->DataByte[3] == 0x68)) { - KnownRedirectionIndex = NULL; // ; PeX 0.99 fail safe! + KnownRedirectionIndex = NULL; // ; PeX 0.99 fail safe! } else if(cMem->DataByte[0] == 0x68 && cMem->DataByte[5] == 0x81 && cMem->DataByte[12] == 0xC3) { - KnownRedirectionIndex = 1; // ; RLP 0.7.4 & CryptoPeProtector 0.9.x & ACProtect - /* ;$ ==> > 68 904B4013 PUSH 13404B90 - ;$+5 > 812C24 0A9E589B SUB DWORD PTR SS:[ESP],9B589E0A - ;$+C > C3 RET - ;$+D > 68 E21554DF PUSH DF5415E2 - ;$+12 > 813424 B6DCB2A8 XOR DWORD PTR SS:[ESP],A8B2DCB6 - ;$+19 > C3 RET - ;$+1A > 68 34B2C6B1 PUSH B1C6B234 - ;$+1F > 810424 4A2C21C6 ADD DWORD PTR SS:[ESP],C6212C4A - ;$+26 > C3 RET */ + KnownRedirectionIndex = 1; // ; RLP 0.7.4 & CryptoPeProtector 0.9.x & ACProtect + /* ;$ ==> > 68 904B4013 PUSH 13404B90 + ;$+5 > 812C24 0A9E589B SUB DWORD PTR SS:[ESP],9B589E0A + ;$+C > C3 RET + ;$+D > 68 E21554DF PUSH DF5415E2 + ;$+12 > 813424 B6DCB2A8 XOR DWORD PTR SS:[ESP],A8B2DCB6 + ;$+19 > C3 RET + ;$+1A > 68 34B2C6B1 PUSH B1C6B234 + ;$+1F > 810424 4A2C21C6 ADD DWORD PTR SS:[ESP],C6212C4A + ;$+26 > C3 RET */ } else if(cMem->DataByte[0] == 0xFF && cMem->DataByte[1] == 0x25) { - KnownRedirectionIndex = 2; // ; tELock 0.80 - 0.85 - // ;$ ==> >- FF25 48018E00 JMP NEAR DWORD PTR DS:[8E0148] + KnownRedirectionIndex = 2; // ; tELock 0.80 - 0.85 + // ;$ ==> >- FF25 48018E00 JMP NEAR DWORD PTR DS:[8E0148] } else if((cMem->DataByte[0] == 0xFF && cMem->DataByte[1] == 0x35) || (cMem->DataByte[1] == 0xFF && cMem->DataByte[2] == 0x35) && (cMem->DataByte[8] == 0xC3 || cMem->DataByte[9] == 0xC3)) { - KnownRedirectionIndex = 3; // ; tELock 0.90 - 0.95 - /* ;$ ==> > FF35 AE018E00 PUSH DWORD PTR DS:[8E01AE] ; kernel32.InitializeCriticalSection - ;$+6 > A8 C3 TEST AL,0C3 - ;$+8 > C3 RET - ;$+9 > F9 STC - ;$+A > FF35 B2018E00 PUSH DWORD PTR DS:[8E01B2] ; kernel32.VirtualFree - ;$+10 > 80FA C3 CMP DL,0C3 - ;$+13 > C3 RET */ + KnownRedirectionIndex = 3; // ; tELock 0.90 - 0.95 + /* ;$ ==> > FF35 AE018E00 PUSH DWORD PTR DS:[8E01AE] ; kernel32.InitializeCriticalSection + ;$+6 > A8 C3 TEST AL,0C3 + ;$+8 > C3 RET + ;$+9 > F9 STC + ;$+A > FF35 B2018E00 PUSH DWORD PTR DS:[8E01B2] ; kernel32.VirtualFree + ;$+10 > 80FA C3 CMP DL,0C3 + ;$+13 > C3 RET */ } else if(cMem->DataByte[0] == 0xEB && cMem->DataByte[1] == 0x01 && cMem->DataByte[2] == 0xC9 && cMem->DataByte[3] == 0x60 && cMem->DataByte[4] == 0x0F && cMem->DataByte[5] == 0x31) { - KnownRedirectionIndex = 8; // ; AlexProtector 1.x - /* ;$ ==> > /EB 01 JMP SHORT 008413F9 - ;$+2 > |C9 LEAVE - ;$+3 > \60 PUSHAD - ;$+4 > 0F31 RDTSC - ;$+6 > EB 01 JMP SHORT 008413FF - ;$+8 > C9 LEAVE - ;$+9 > 8BD8 MOV EBX,EAX - ;$+B > EB 01 JMP SHORT 00841404 - ;... - ;$+33 > 68 E9B9D477 PUSH USER32.PostQuitMessage - ;$+38 > EB 01 JMP SHORT 00841431 - ;$+3A >- E9 C3EB01E9 JMP E985FFF8 */ + KnownRedirectionIndex = 8; // ; AlexProtector 1.x + /* ;$ ==> > /EB 01 JMP SHORT 008413F9 + ;$+2 > |C9 LEAVE + ;$+3 > \60 PUSHAD + ;$+4 > 0F31 RDTSC + ;$+6 > EB 01 JMP SHORT 008413FF + ;$+8 > C9 LEAVE + ;$+9 > 8BD8 MOV EBX,EAX + ;$+B > EB 01 JMP SHORT 00841404 + ;... + ;$+33 > 68 E9B9D477 PUSH USER32.PostQuitMessage + ;$+38 > EB 01 JMP SHORT 00841431 + ;$+3A >- E9 C3EB01E9 JMP E985FFF8 */ } else if((cMem->DataByte[0] == 0x0B && cMem->DataByte[1] == 0xC5) || (cMem->DataByte[0] == 0x05 && cMem->DataByte[5] == 0xB8 && cMem->DataByte[10] == 0xEB && cMem->DataByte[11] == 0x02)) { - KnownRedirectionIndex = 5; // ; tELock 0.99 - 1.0 Private! - /* ;008E0122 05 F9DEBE71 ADD EAX,71BEDEF9 - ;008E0127 B8 28018E00 MOV EAX,8E0128 - ;008E012C EB 02 JMP SHORT 008E0130 - ;008E012E CD 20 INT 20 - ;008E0130 05 18000000 ADD EAX,18 - ;008E0135 8B00 MOV EAX,DWORD PTR DS:[EAX] - ;008E0137 35 22018E00 XOR EAX,8E0122 - ;008E013C 90 NOP - ;008E013D 90 NOP - ;008E013E 50 PUSH EAX - ;008E013F C3 RET - ; - ;00850036 13C4 ADC EAX,ESP - ;00850038 E8 0A000000 CALL 00850047 - ;0085003D 90 NOP - ;0085003E 1BC2 SBB EAX,EDX - ;00850040 E9 09000000 JMP 0085004E - ;00850045 1BC3 SBB EAX,EBX - ;00850047 83F8 74 CMP EAX,74 - ;0085004A C3 RET - ;0085004B 98 CWDE - ;0085004C 33C7 XOR EAX,EDI - ;0085004E D6 SALC - ;0085004F B8 50008500 MOV EAX,850050 - ;00850054 EB 02 JMP SHORT 00850058 - ;00850056 CD 20 INT 20 - ;00850058 05 18000000 ADD EAX,18 - ;0085005D 8B00 MOV EAX,DWORD PTR DS:[EAX] - ;0085005F 35 36008500 XOR EAX,850036 - ;00850064 90 NOP - ;00850065 90 NOP - ;00850066 50 PUSH EAX - ;00850067 C3 RET */ + KnownRedirectionIndex = 5; // ; tELock 0.99 - 1.0 Private! + /* ;008E0122 05 F9DEBE71 ADD EAX,71BEDEF9 + ;008E0127 B8 28018E00 MOV EAX,8E0128 + ;008E012C EB 02 JMP SHORT 008E0130 + ;008E012E CD 20 INT 20 + ;008E0130 05 18000000 ADD EAX,18 + ;008E0135 8B00 MOV EAX,DWORD PTR DS:[EAX] + ;008E0137 35 22018E00 XOR EAX,8E0122 + ;008E013C 90 NOP + ;008E013D 90 NOP + ;008E013E 50 PUSH EAX + ;008E013F C3 RET + ; + ;00850036 13C4 ADC EAX,ESP + ;00850038 E8 0A000000 CALL 00850047 + ;0085003D 90 NOP + ;0085003E 1BC2 SBB EAX,EDX + ;00850040 E9 09000000 JMP 0085004E + ;00850045 1BC3 SBB EAX,EBX + ;00850047 83F8 74 CMP EAX,74 + ;0085004A C3 RET + ;0085004B 98 CWDE + ;0085004C 33C7 XOR EAX,EDI + ;0085004E D6 SALC + ;0085004F B8 50008500 MOV EAX,850050 + ;00850054 EB 02 JMP SHORT 00850058 + ;00850056 CD 20 INT 20 + ;00850058 05 18000000 ADD EAX,18 + ;0085005D 8B00 MOV EAX,DWORD PTR DS:[EAX] + ;0085005F 35 36008500 XOR EAX,850036 + ;00850064 90 NOP + ;00850065 90 NOP + ;00850066 50 PUSH EAX + ;00850067 C3 RET */ } else if((cMem->DataByte[0] == 0x13 && cMem->DataByte[1] == 0xC4 && cMem->DataByte[2] == 0xE8) || (cMem->DataByte[0] == 0x83 && cMem->DataByte[3] == 0xE8)) { - KnownRedirectionIndex = 5; // ; tELock 0.99 - 1.0 Private! + KnownRedirectionIndex = 5; // ; tELock 0.99 - 1.0 Private! } else if((cMem->DataByte[0] == 0xB8 || cMem->DataByte[0] == 0x1D || cMem->DataByte[0] == 0x0D || cMem->DataByte[0] == 0x2D) && cMem->DataByte[5] == 0xB8 && cMem->DataByte[10] == 0xEB && cMem->DataByte[11] == 0x02) { - KnownRedirectionIndex = 5; // ; tELock 0.99 - 1.0 Private! - /* ;011F0000 B8 2107F205 MOV EAX,5F20721 - ;011F0005 B8 06008D00 MOV EAX,8D0006 - ;011F000A EB 02 JMP SHORT 011F000E - ;011F000C CD 20 INT 20 - ;011F000E 05 18000000 ADD EAX,18 - ;011F0013 8B00 MOV EAX,DWORD PTR DS:[EAX] - ;011F0015 35 00008D00 XOR EAX,8D0000 - ;011F001A 90 NOP - ;011F001B 90 NOP - ;011F001C 50 PUSH EAX - ;011F001D C3 RET - ; - ;01360000 1D A508F205 SBB EAX,5F208A5 - ;01360005 B8 28008D00 MOV EAX,8D0028 - ;0136000A EB 02 JMP SHORT 0136000E - ;0136000C CD 20 INT 20 - ;0136000E 05 18000000 ADD EAX,18 - ;01360013 8B00 MOV EAX,DWORD PTR DS:[EAX] - ;01360015 35 22008D00 XOR EAX,8D0022 - ;0136001A 90 NOP - ;0136001B 90 NOP - ;0136001C 50 PUSH EAX - ;0136001D C3 RET - ; - ;014B0000 0D F918F205 OR EAX,5F218F9 - ;014B0005 B8 4A008D00 MOV EAX,8D004A - ;014B000A EB 02 JMP SHORT 014B000E - ;014B000C CD 20 INT 20 - ;014B000E 05 18000000 ADD EAX,18 - ;014B0013 8B00 MOV EAX,DWORD PTR DS:[EAX] - ;014B0015 35 44008D00 XOR EAX,8D0044 - ;014B001A 90 NOP - ;014B001B 90 NOP - ;014B001C 50 PUSH EAX - ;014B001D C3 RET - ; - ;01750000 2D 0B37F205 SUB EAX,5F2370B - ;01750005 B8 8E008D00 MOV EAX,8D008E - ;0175000A EB 02 JMP SHORT 0175000E - ;0175000C CD 20 INT 20 - ;0175000E 05 18000000 ADD EAX,18 - ;01750013 8B00 MOV EAX,DWORD PTR DS:[EAX] - ;01750015 35 88008D00 XOR EAX,8D0088 - ;0175001A 90 NOP - ;0175001B 90 NOP - ;0175001C 50 PUSH EAX - ;0175001D C3 RET - ; - ;019F0000 0BC4 OR EAX,ESP - ;019F0002 F9 STC - ;019F0003 E8 0B000000 CALL 019F0013 - ;019F0008 90 NOP - ;019F0009 13C4 ADC EAX,ESP - ;019F000B E9 0A000000 JMP 019F001A - ;019F0010 F9 STC - ;019F0011 13C3 ADC EAX,EBX - ;019F0013 98 CWDE - ;019F0014 03C2 ADD EAX,EDX - ;019F0016 C3 RET - ; - ;01B40000 48 DEC EAX - ;01B40001 E8 0D000000 CALL 01B40013 - ;01B40006 03C5 ADD EAX,EBP - ;01B40008 FC CLD - ;01B40009 E9 0A000000 JMP 01B40018 - ;01B4000E 35 D82FF205 XOR EAX,5F22FD8 - ;01B40013 C1C8 9A ROR EAX,9A - ;01B40016 C3 RET */ + KnownRedirectionIndex = 5; // ; tELock 0.99 - 1.0 Private! + /* ;011F0000 B8 2107F205 MOV EAX,5F20721 + ;011F0005 B8 06008D00 MOV EAX,8D0006 + ;011F000A EB 02 JMP SHORT 011F000E + ;011F000C CD 20 INT 20 + ;011F000E 05 18000000 ADD EAX,18 + ;011F0013 8B00 MOV EAX,DWORD PTR DS:[EAX] + ;011F0015 35 00008D00 XOR EAX,8D0000 + ;011F001A 90 NOP + ;011F001B 90 NOP + ;011F001C 50 PUSH EAX + ;011F001D C3 RET + ; + ;01360000 1D A508F205 SBB EAX,5F208A5 + ;01360005 B8 28008D00 MOV EAX,8D0028 + ;0136000A EB 02 JMP SHORT 0136000E + ;0136000C CD 20 INT 20 + ;0136000E 05 18000000 ADD EAX,18 + ;01360013 8B00 MOV EAX,DWORD PTR DS:[EAX] + ;01360015 35 22008D00 XOR EAX,8D0022 + ;0136001A 90 NOP + ;0136001B 90 NOP + ;0136001C 50 PUSH EAX + ;0136001D C3 RET + ; + ;014B0000 0D F918F205 OR EAX,5F218F9 + ;014B0005 B8 4A008D00 MOV EAX,8D004A + ;014B000A EB 02 JMP SHORT 014B000E + ;014B000C CD 20 INT 20 + ;014B000E 05 18000000 ADD EAX,18 + ;014B0013 8B00 MOV EAX,DWORD PTR DS:[EAX] + ;014B0015 35 44008D00 XOR EAX,8D0044 + ;014B001A 90 NOP + ;014B001B 90 NOP + ;014B001C 50 PUSH EAX + ;014B001D C3 RET + ; + ;01750000 2D 0B37F205 SUB EAX,5F2370B + ;01750005 B8 8E008D00 MOV EAX,8D008E + ;0175000A EB 02 JMP SHORT 0175000E + ;0175000C CD 20 INT 20 + ;0175000E 05 18000000 ADD EAX,18 + ;01750013 8B00 MOV EAX,DWORD PTR DS:[EAX] + ;01750015 35 88008D00 XOR EAX,8D0088 + ;0175001A 90 NOP + ;0175001B 90 NOP + ;0175001C 50 PUSH EAX + ;0175001D C3 RET + ; + ;019F0000 0BC4 OR EAX,ESP + ;019F0002 F9 STC + ;019F0003 E8 0B000000 CALL 019F0013 + ;019F0008 90 NOP + ;019F0009 13C4 ADC EAX,ESP + ;019F000B E9 0A000000 JMP 019F001A + ;019F0010 F9 STC + ;019F0011 13C3 ADC EAX,EBX + ;019F0013 98 CWDE + ;019F0014 03C2 ADD EAX,EDX + ;019F0016 C3 RET + ; + ;01B40000 48 DEC EAX + ;01B40001 E8 0D000000 CALL 01B40013 + ;01B40006 03C5 ADD EAX,EBP + ;01B40008 FC CLD + ;01B40009 E9 0A000000 JMP 01B40018 + ;01B4000E 35 D82FF205 XOR EAX,5F22FD8 + ;01B40013 C1C8 9A ROR EAX,9A + ;01B40016 C3 RET */ } else if((cMem->DataByte[0] == 0x0B && cMem->DataByte[1] == 0xC4 && cMem->DataByte[2] == 0xF9 && cMem->DataByte[3] == 0xE8) || (cMem->DataByte[0] == 0x48 && cMem->DataByte[1] == 0xE8)) { - KnownRedirectionIndex = 5; // ; tELock 0.99 - 1.0 Private! + KnownRedirectionIndex = 5; // ; tELock 0.99 - 1.0 Private! } else if((cMem->DataByte[0] == 0xB8 && cMem->DataByte[5] == 0xE8 && cMem->DataByte[10] == 0xF9 && cMem->DataByte[11] == 0xE9) && (cMem->DataByte[0] == 0xE8 && cMem->DataByte[1] == 0x0B && cMem->DataByte[10] == 0xE9 && cMem->DataByte[11] == 0x05 && cMem->DataByte[15] == 0x90 && cMem->DataByte[16] == 0xC3)) { - KnownRedirectionIndex = 5; // ; tELock 0.99 - 1.0 Private! - /* ;01C90000 B8 B853F205 MOV EAX,5F253B8 - ;01C90005 E8 07000000 CALL 01C90011 - ;01C9000A F9 STC - ;01C9000B E9 07000000 JMP 01C90017 - ;01C90010 90 NOP - ;01C90011 23C3 AND EAX,EBX - ;01C90013 C3 RET - ; - ;00A40022 1BC2 SBB EAX,EDX - ;00A40024 E8 08000000 CALL 00A40031 - ;00A40029 40 INC EAX - ;00A4002A E9 09000000 JMP 00A40038 - ;00A4002F 33C7 XOR EAX,EDI - ;00A40031 C1E8 92 SHR EAX,92 - ;00A40034 C3 RET - ;00A40035 83E0 25 AND EAX,25 - ;00A40038 25 E5AE65DD AND EAX,DD65AEE5 - ;00A4003D B8 3E00A400 MOV EAX,0A4003E - ;00A40042 EB 02 JMP SHORT 00A40046 - ;00A40044 CD 20 INT 20 - ;00A40046 05 18000000 ADD EAX,18 - ;00A4004B 8B00 MOV EAX,DWORD PTR DS:[EAX] - ;00A4004D 35 2200A400 XOR EAX,0A40022 - ;00A40052 90 NOP - ;00A40053 90 NOP - ;00A40054 50 PUSH EAX - ;00A40055 C3 RET - ; - ;00A4005A E8 0B000000 CALL 00A4006A - ;00A4005F 15 06F265DD ADC EAX,DD65F206 - ;00A40064 E9 05000000 JMP 00A4006E - ;00A40069 90 NOP - ;00A4006A C3 RET - ;00A4006B 1BC5 SBB EAX,EBP - ;00A4006D 40 INC EAX - ;00A4006E 1BC0 SBB EAX,EAX - ;00A40070 F9 STC - ;00A40071 B8 7200A400 MOV EAX,0A40072 - ;00A40076 EB 02 JMP SHORT 00A4007A - ;00A40078 CD 20 INT 20 - ;00A4007A 05 18000000 ADD EAX,18 - ;00A4007F 8B00 MOV EAX,DWORD PTR DS:[EAX] - ;00A40081 35 5A00A400 XOR EAX,0A4005A - ;00A40086 90 NOP - ;00A40087 90 NOP - ;00A40088 50 PUSH EAX - ;00A40089 C3 RET */ + KnownRedirectionIndex = 5; // ; tELock 0.99 - 1.0 Private! + /* ;01C90000 B8 B853F205 MOV EAX,5F253B8 + ;01C90005 E8 07000000 CALL 01C90011 + ;01C9000A F9 STC + ;01C9000B E9 07000000 JMP 01C90017 + ;01C90010 90 NOP + ;01C90011 23C3 AND EAX,EBX + ;01C90013 C3 RET + ; + ;00A40022 1BC2 SBB EAX,EDX + ;00A40024 E8 08000000 CALL 00A40031 + ;00A40029 40 INC EAX + ;00A4002A E9 09000000 JMP 00A40038 + ;00A4002F 33C7 XOR EAX,EDI + ;00A40031 C1E8 92 SHR EAX,92 + ;00A40034 C3 RET + ;00A40035 83E0 25 AND EAX,25 + ;00A40038 25 E5AE65DD AND EAX,DD65AEE5 + ;00A4003D B8 3E00A400 MOV EAX,0A4003E + ;00A40042 EB 02 JMP SHORT 00A40046 + ;00A40044 CD 20 INT 20 + ;00A40046 05 18000000 ADD EAX,18 + ;00A4004B 8B00 MOV EAX,DWORD PTR DS:[EAX] + ;00A4004D 35 2200A400 XOR EAX,0A40022 + ;00A40052 90 NOP + ;00A40053 90 NOP + ;00A40054 50 PUSH EAX + ;00A40055 C3 RET + ; + ;00A4005A E8 0B000000 CALL 00A4006A + ;00A4005F 15 06F265DD ADC EAX,DD65F206 + ;00A40064 E9 05000000 JMP 00A4006E + ;00A40069 90 NOP + ;00A4006A C3 RET + ;00A4006B 1BC5 SBB EAX,EBP + ;00A4006D 40 INC EAX + ;00A4006E 1BC0 SBB EAX,EAX + ;00A40070 F9 STC + ;00A40071 B8 7200A400 MOV EAX,0A40072 + ;00A40076 EB 02 JMP SHORT 00A4007A + ;00A40078 CD 20 INT 20 + ;00A4007A 05 18000000 ADD EAX,18 + ;00A4007F 8B00 MOV EAX,DWORD PTR DS:[EAX] + ;00A40081 35 5A00A400 XOR EAX,0A4005A + ;00A40086 90 NOP + ;00A40087 90 NOP + ;00A40088 50 PUSH EAX + ;00A40089 C3 RET */ } else if(cMem->DataByte[0] == 0x1B && cMem->DataByte[1] == 0xC2 && cMem->DataByte[2] == 0xE8 && cMem->DataByte[3] == 0x08 && cMem->DataByte[7] == 0x40 && cMem->DataByte[8] == 0xE9 && cMem->DataByte[9] == 0x09 && cMem->DataByte[10] == 0x00) { - KnownRedirectionIndex = 5; // ; tELock 0.99 - 1.0 Private! + KnownRedirectionIndex = 5; // ; tELock 0.99 - 1.0 Private! } else if(cMem->DataByte[0] == 0x68 && cMem->DataByte[5] == 0xE9) { @@ -970,15 +970,15 @@ __declspec(dllexport) long TITCALL TracerDetectRedirection(HANDLE hProcess, ULON { if(ImporterGetAPIName((ULONG_PTR)TestAddressX86) != NULL) { - KnownRedirectionIndex = 6; // ; ReCrypt 0.74 - /* ;001739F1 68 E9D9D477 PUSH User32.EndDialog - ;001739F6 ^ E9 FDFEFFFF JMP 001738F8 */ + KnownRedirectionIndex = 6; // ; ReCrypt 0.74 + /* ;001739F1 68 E9D9D477 PUSH User32.EndDialog + ;001739F6 ^ E9 FDFEFFFF JMP 001738F8 */ } } } else if((cMem->DataByte[0] == 0xE8 && cMem->DataByte[5] == 0x58 && cMem->DataByte[6] == 0xEB && cMem->DataByte[7] == 0x01) || (cMem->DataByte[0] == 0xC8 && cMem->DataByte[4] == 0xE8 && cMem->DataByte[9] == 0x5B)) { - KnownRedirectionIndex = 7; // ; Orien 2.1x + KnownRedirectionIndex = 7; // ; Orien 2.1x /* ;GetCommandLineA ;$ ==> >/$ E8 00000000 CALL crackme_.0040DF8F ;$+5 >|$ 58 POP EAX @@ -1044,7 +1044,7 @@ __declspec(dllexport) long TITCALL TracerDetectRedirection(HANDLE hProcess, ULON } else if((cMem->DataByte[0] == 0xEB && cMem->DataByte[1] == 0x01 && cMem->DataByte[2] == 0x66 && cMem->DataByte[3] == 0x1B) || (cMem->DataByte[0] == 0xEB && cMem->DataByte[1] == 0x02 && cMem->DataByte[2] == 0xCD && cMem->DataByte[3] == 0x20) || (cMem->DataByte[0] == 0xEB && cMem->DataByte[1] == 0x01 && cMem->DataByte[2] == 0xB8 && cMem->DataByte[3] == 0xEB)) { - KnownRedirectionIndex = 4; // ; tELock 0.96 - 0.98 + KnownRedirectionIndex = 4; // ; tELock 0.96 - 0.98 /* ;(BYTE PTR[ESI] == 0EBh && (BYTE PTR[ESI+3] == 0EBh || BYTE PTR[ESI+2] == 0EBh)) ;017B0000 0BE4 OR ESP,ESP ;017B0002 75 01 JNZ SHORT 017B0005 @@ -1067,11 +1067,11 @@ __declspec(dllexport) long TITCALL TracerDetectRedirection(HANDLE hProcess, ULON } else if((cMem->DataByte[0] == 0xEB && cMem->DataByte[1] == 0x03 && cMem->DataByte[2] == 0xFF && cMem->DataByte[3] == 0xEB) || (cMem->DataByte[0] == 0xEB && cMem->DataByte[1] == 0x01 && cMem->DataByte[2] == 0xB8 && cMem->DataByte[3] == 0x05) || (cMem->DataByte[0] == 0xEB && cMem->DataByte[1] == 0x02 && cMem->DataByte[2] == 0xFF && cMem->DataByte[3] == 0x20)) { - KnownRedirectionIndex = 4; // ; tELock 0.96 - 0.98 + KnownRedirectionIndex = 4; // ; tELock 0.96 - 0.98 } else if((cMem->DataByte[0] == 0xF9 || cMem->DataByte[0] == 0xF8) || (cMem->DataByte[0] == 0x0B && cMem->DataByte[1] == 0xE4) || (cMem->DataByte[0] == 0x85 && cMem->DataByte[1] == 0xE4)) { - KnownRedirectionIndex = 4; // ; tELock 0.96 - 0.98 + KnownRedirectionIndex = 4; // ; tELock 0.96 - 0.98 } else if(cMem->DataByte[0] == 0xEB && (cMem->DataByte[1] > NULL && cMem->DataByte[1] < 4)) { @@ -1079,9 +1079,9 @@ __declspec(dllexport) long TITCALL TracerDetectRedirection(HANDLE hProcess, ULON j = 30; while(j > NULL) { - if(cMem->DataByte[i] == 0xB8 && (cMem->DataByte[i+5] == 0x40 || cMem->DataByte[i+5] == 0x90) && cMem->DataByte[i+6] == 0xFF && cMem->DataByte[i+7] == 0x30 && cMem->DataByte[i+8] == 0xC3) + if(cMem->DataByte[i] == 0xB8 && (cMem->DataByte[i + 5] == 0x40 || cMem->DataByte[i + 5] == 0x90) && cMem->DataByte[i + 6] == 0xFF && cMem->DataByte[i + 7] == 0x30 && cMem->DataByte[i + 8] == 0xC3) { - KnownRedirectionIndex = 4; // ; tELock 0.96 - 0.98 + KnownRedirectionIndex = 4; // ; tELock 0.96 - 0.98 j = 1; } i++; @@ -1095,11 +1095,11 @@ __declspec(dllexport) long TITCALL TracerDetectRedirection(HANDLE hProcess, ULON MemoryHash = EngineHashMemory((char*)TraceMemory, 192, MemoryHash); if(MemoryHash == 0x5AF7E209 || MemoryHash == 0xEB480CAC || MemoryHash == 0x86218561 || MemoryHash == 0xCA9ABD85) { - KnownRedirectionIndex = 9; // ; SVKP 1.x + KnownRedirectionIndex = 9; // ; SVKP 1.x } else if(MemoryHash == 0xF1F84A98 || MemoryHash == 0x91823290 || MemoryHash == 0xBEE6BAA0 || MemoryHash == 0x79603232) { - KnownRedirectionIndex = 9; // ; SVKP 1.x + KnownRedirectionIndex = 9; // ; SVKP 1.x } } } @@ -1123,7 +1123,7 @@ __declspec(dllexport) ULONG_PTR TITCALL TracerFixKnownRedirection(HANDLE hProces MEMORY_BASIC_INFORMATION MemInfo; ULONG_PTR ueNumberOfBytesRead = NULL; char TracerReadMemory[0x1000] = {0}; - DWORD MaximumReadSize=0x1000; + DWORD MaximumReadSize = 0x1000; cMem = (PMEMORY_CMP_HANDLER)TracerReadMemory; VirtualQueryEx(hProcess, (LPVOID)AddressToTrace, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); @@ -1139,7 +1139,7 @@ __declspec(dllexport) ULONG_PTR TITCALL TracerFixKnownRedirection(HANDLE hProces { RedirectionId = (DWORD)TracerDetectRedirection(hProcess, AddressToTrace); } - if(RedirectionId == 1) // TracerFix_ACProtect + if(RedirectionId == 1) // TracerFix_ACProtect { __try { @@ -1169,7 +1169,7 @@ __declspec(dllexport) ULONG_PTR TITCALL TracerFixKnownRedirection(HANDLE hProces return(NULL); } } - else if(RedirectionId == 2) // TracerFix_tELock_varA + else if(RedirectionId == 2) // TracerFix_tELock_varA { __try { @@ -1187,7 +1187,7 @@ __declspec(dllexport) ULONG_PTR TITCALL TracerFixKnownRedirection(HANDLE hProces return(NULL); } } - else if(RedirectionId == 3) // TracerFix_tELock_varB + else if(RedirectionId == 3) // TracerFix_tELock_varB { __try { @@ -1212,7 +1212,7 @@ __declspec(dllexport) ULONG_PTR TITCALL TracerFixKnownRedirection(HANDLE hProces return(NULL); } } - else if(RedirectionId == 4) // TracerFix_tELock_varC + else if(RedirectionId == 4) // TracerFix_tELock_varC { __try { @@ -1276,7 +1276,7 @@ __declspec(dllexport) ULONG_PTR TITCALL TracerFixKnownRedirection(HANDLE hProces return(NULL); } } - else if(RedirectionId == 5) // TracerFix_tELock_varD + else if(RedirectionId == 5) // TracerFix_tELock_varD { __try { @@ -1307,7 +1307,7 @@ __declspec(dllexport) ULONG_PTR TITCALL TracerFixKnownRedirection(HANDLE hProces return(NULL); } } - else if(RedirectionId == 6) // TracerFix_ReCrypt + else if(RedirectionId == 6) // TracerFix_ReCrypt { __try { @@ -1322,7 +1322,7 @@ __declspec(dllexport) ULONG_PTR TITCALL TracerFixKnownRedirection(HANDLE hProces return(NULL); } } - else if(RedirectionId == 7) // TracerFix_Orien + else if(RedirectionId == 7) // TracerFix_Orien { __try { @@ -1353,7 +1353,7 @@ __declspec(dllexport) ULONG_PTR TITCALL TracerFixKnownRedirection(HANDLE hProces return(NULL); } } - else if(RedirectionId == 8) // TracerFix_AlexProtector + else if(RedirectionId == 8) // TracerFix_AlexProtector { __try { @@ -1369,7 +1369,7 @@ __declspec(dllexport) ULONG_PTR TITCALL TracerFixKnownRedirection(HANDLE hProces return(NULL); } } - else if(RedirectionId == 9 && MaximumReadSize > 192) // TracerFix_SVKP + else if(RedirectionId == 9 && MaximumReadSize > 192) // TracerFix_SVKP { __try { @@ -1448,7 +1448,7 @@ __declspec(dllexport) long TITCALL TracerFixRedirectionViaImpRecPlugin(HANDLE hP HANDLE FileMap; ULONG_PTR FileMapVA; - if(GetModuleFileNameA(engineHandle, (LPCH)szModuleName, sizeof(szModuleName)-0x100) > NULL) + if(GetModuleFileNameA(engineHandle, (LPCH)szModuleName, sizeof(szModuleName) - 0x100) > NULL) { cModuleName = (LPVOID)((ULONG_PTR)cModuleName + lstrlenA((LPCSTR)szModuleName)); cmpModuleName = (PMEMORY_CMP_HANDLER)(cModuleName); diff --git a/TitanEngine/TitanEngine.TranslateName.cpp b/TitanEngine/TitanEngine.TranslateName.cpp index 9192712..dfdd15c 100644 --- a/TitanEngine/TitanEngine.TranslateName.cpp +++ b/TitanEngine/TitanEngine.TranslateName.cpp @@ -46,7 +46,7 @@ __declspec(dllexport) void* TITCALL TranslateNativeName(char* szNativeName) } VirtualFree(TranslatedName, NULL, MEM_RELEASE); - + return NULL; } diff --git a/TitanEngine/TitanEngine.cpp b/TitanEngine/TitanEngine.cpp index d1c09ad..708404b 100644 --- a/TitanEngine/TitanEngine.cpp +++ b/TitanEngine/TitanEngine.cpp @@ -12,10 +12,10 @@ BOOL APIENTRY DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) switch(fdwReason) { case DLL_PROCESS_ATTACH: - engineHandle=hinstDLL; + engineHandle = hinstDLL; EngineInit(); EmptyGarbage(); - for(int i=0; i #ifdef _MSC_VER /* Since MSVC isn't shipped with stdint.h, we will have our own: */ -typedef signed __int64 int64_t; -typedef unsigned __int64 uint64_t; -typedef signed __int32 int32_t; -typedef unsigned __int32 uint32_t; -typedef signed __int16 int16_t; -typedef unsigned __int16 uint16_t; -typedef signed __int8 int8_t; -typedef unsigned __int8 uint8_t; +typedef signed __int64 int64_t; +typedef unsigned __int64 uint64_t; +typedef signed __int32 int32_t; +typedef unsigned __int32 uint32_t; +typedef signed __int16 int16_t; +typedef unsigned __int16 uint16_t; +typedef signed __int8 int8_t; +typedef unsigned __int8 uint8_t; #endif /* Support C++ compilers */ @@ -115,7 +115,8 @@ extern "C" { /* Decodes modes of the disassembler, 16 bits or 32 bits or 64 bits for AMD64, x86-64. */ -typedef enum { +typedef enum +{ Decode16Bits = 0, Decode32Bits = 1, Decode64Bits = 2 } _DecodeType; @@ -167,36 +168,36 @@ typedef union typedef struct { /* Type of operand: - O_NONE: operand is to be ignored. - O_REG: index holds global register index. - O_IMM: instruction.imm. - O_IMM1: instruction.imm.ex.i1. - O_IMM2: instruction.imm.ex.i2. - O_DISP: memory dereference with displacement only, instruction.disp. - O_SMEM: simple memory dereference with optional displacement (a single register memory dereference). - O_MEM: complex memory dereference (optional fields: s/i/b/disp). - O_PC: the relative address of a branch instruction (instruction.imm.addr). - O_PTR: the absolute target address of a far branch instruction (instruction.imm.ptr.seg/off). + O_NONE: operand is to be ignored. + O_REG: index holds global register index. + O_IMM: instruction.imm. + O_IMM1: instruction.imm.ex.i1. + O_IMM2: instruction.imm.ex.i2. + O_DISP: memory dereference with displacement only, instruction.disp. + O_SMEM: simple memory dereference with optional displacement (a single register memory dereference). + O_MEM: complex memory dereference (optional fields: s/i/b/disp). + O_PC: the relative address of a branch instruction (instruction.imm.addr). + O_PTR: the absolute target address of a far branch instruction (instruction.imm.ptr.seg/off). */ uint8_t type; /* _OperandType */ /* Index of: - O_REG: holds global register index - O_SMEM: holds the 'base' register. E.G: [ECX], [EBX+0x1234] are both in operand.index. - O_MEM: holds the 'index' register. E.G: [EAX*4] is in operand.index. + O_REG: holds global register index + O_SMEM: holds the 'base' register. E.G: [ECX], [EBX+0x1234] are both in operand.index. + O_MEM: holds the 'index' register. E.G: [EAX*4] is in operand.index. */ uint8_t index; /* Size of: - O_REG: register - O_IMM: instruction.imm - O_IMM1: instruction.imm.ex.i1 - O_IMM2: instruction.imm.ex.i2 - O_DISP: instruction.disp - O_SMEM: size of indirection. - O_MEM: size of indirection. - O_PC: size of the relative offset - O_PTR: size of instruction.imm.ptr.off (16 or 32) + O_REG: register + O_IMM: instruction.imm + O_IMM1: instruction.imm.ex.i1 + O_IMM2: instruction.imm.ex.i2 + O_DISP: instruction.disp + O_SMEM: size of indirection. + O_MEM: size of indirection. + O_PC: size of the relative offset + O_PTR: size of instruction.imm.ptr.off (16 or 32) */ uint16_t size; } _Operand; diff --git a/TitanEngine/ntdll.h b/TitanEngine/ntdll.h index 3669b70..0ac4245 100644 --- a/TitanEngine/ntdll.h +++ b/TitanEngine/ntdll.h @@ -250,7 +250,7 @@ typedef struct _PROCESS_BASIC_INFORMATION ULONG_PTR UniqueProcessId; PVOID Reserved3; } PROCESS_BASIC_INFORMATION; -typedef PROCESS_BASIC_INFORMATION *PPROCESS_BASIC_INFORMATION; +typedef PROCESS_BASIC_INFORMATION* PPROCESS_BASIC_INFORMATION; typedef struct _THREAD_BASIC_INFORMATION { @@ -264,7 +264,7 @@ typedef struct _THREAD_BASIC_INFORMATION typedef VOID -(*PPS_APC_ROUTINE) ( +(*PPS_APC_ROUTINE)( __in_opt PVOID ApcArgument1, __in_opt PVOID ApcArgument2, __in_opt PVOID ApcArgument3 @@ -445,7 +445,7 @@ extern "C" { NTSYSCALLAPI NTSTATUS NTAPI -NtSetInformationProcess ( +NtSetInformationProcess( __in HANDLE ProcessHandle, __in PROCESSINFOCLASS ProcessInformationClass, __in_bcount(ProcessInformationLength) PVOID ProcessInformation, @@ -455,7 +455,7 @@ NtSetInformationProcess ( NTSYSCALLAPI NTSTATUS NTAPI -NtQueryInformationProcess ( +NtQueryInformationProcess( __in HANDLE ProcessHandle, __in PROCESSINFOCLASS ProcessInformationClass, __out_bcount(ProcessInformationLength) PVOID ProcessInformation, @@ -466,7 +466,7 @@ NtQueryInformationProcess ( NTSYSCALLAPI NTSTATUS NTAPI -NtQueryObject ( +NtQueryObject( __in HANDLE Handle, __in OBJECT_INFORMATION_CLASS ObjectInformationClass, __out_bcount_opt(ObjectInformationLength) PVOID ObjectInformation, @@ -477,7 +477,7 @@ NtQueryObject ( NTSYSCALLAPI NTSTATUS NTAPI -NtSetSystemInformation ( +NtSetSystemInformation( __in SYSTEM_INFORMATION_CLASS SystemInformationClass, __in_bcount_opt(SystemInformationLength) PVOID SystemInformation, __in ULONG SystemInformationLength @@ -486,7 +486,7 @@ NtSetSystemInformation ( NTSYSCALLAPI NTSTATUS NTAPI -NtQuerySystemInformation ( +NtQuerySystemInformation( __in SYSTEM_INFORMATION_CLASS SystemInformationClass, __out_bcount_opt(SystemInformationLength) PVOID SystemInformation, __in ULONG SystemInformationLength, @@ -496,7 +496,7 @@ NtQuerySystemInformation ( NTSYSCALLAPI NTSTATUS NTAPI -NtSetInformationThread ( +NtSetInformationThread( __in HANDLE ThreadHandle, __in THREADINFOCLASS ThreadInformationClass, __in_bcount(ThreadInformationLength) PVOID ThreadInformation, @@ -506,7 +506,7 @@ NtSetInformationThread ( NTSYSCALLAPI NTSTATUS NTAPI -NtQueryInformationThread ( +NtQueryInformationThread( __in HANDLE ThreadHandle, __in THREADINFOCLASS ThreadInformationClass, __out_bcount(ThreadInformationLength) PVOID ThreadInformation, @@ -517,7 +517,7 @@ NtQueryInformationThread ( NTSYSCALLAPI NTSTATUS NTAPI -NtUnmapViewOfSection ( +NtUnmapViewOfSection( __in HANDLE ProcessHandle, __in PVOID BaseAddress ); @@ -525,7 +525,7 @@ NtUnmapViewOfSection ( NTSYSCALLAPI NTSTATUS NTAPI -NtSuspendThread ( +NtSuspendThread( __in HANDLE ThreadHandle, __out_opt PULONG PreviousSuspendCount ); @@ -533,7 +533,7 @@ NtSuspendThread ( NTSYSCALLAPI NTSTATUS NTAPI -NtResumeThread ( +NtResumeThread( __in HANDLE ThreadHandle, __out_opt PULONG PreviousSuspendCount ); @@ -541,21 +541,21 @@ NtResumeThread ( NTSYSCALLAPI NTSTATUS NTAPI -NtSuspendProcess ( +NtSuspendProcess( __in HANDLE ProcessHandle ); NTSYSCALLAPI NTSTATUS NTAPI -NtResumeProcess ( +NtResumeProcess( __in HANDLE ProcessHandle ); NTSYSCALLAPI NTSTATUS NTAPI -NtQueueApcThread ( +NtQueueApcThread( __in HANDLE ThreadHandle, __in PPS_APC_ROUTINE ApcRoutine, __in_opt PVOID ApcArgument1, @@ -566,7 +566,7 @@ NtQueueApcThread ( NTSYSCALLAPI NTSTATUS NTAPI -RtlGetCompressionWorkSpaceSize ( +RtlGetCompressionWorkSpaceSize( IN USHORT CompressionFormatAndEngine, OUT PULONG CompressBufferWorkSpaceSize, OUT PULONG CompressFragmentWorkSpaceSize @@ -575,7 +575,7 @@ RtlGetCompressionWorkSpaceSize ( NTSYSCALLAPI NTSTATUS NTAPI -RtlCompressBuffer ( +RtlCompressBuffer( IN USHORT CompressionFormatAndEngine, IN PUCHAR UncompressedBuffer, IN ULONG UncompressedBufferSize, @@ -589,7 +589,7 @@ RtlCompressBuffer ( NTSYSCALLAPI NTSTATUS NTAPI -RtlDecompressBuffer ( +RtlDecompressBuffer( IN USHORT CompressionFormat, OUT PUCHAR UncompressedBuffer, IN ULONG UncompressedBufferSize, @@ -601,7 +601,7 @@ RtlDecompressBuffer ( NTSYSCALLAPI ULONG NTAPI -RtlNtStatusToDosError ( +RtlNtStatusToDosError( NTSTATUS Status ); diff --git a/TitanEngine/resource.h b/TitanEngine/resource.h index 13eea5b..c61dddc 100644 --- a/TitanEngine/resource.h +++ b/TitanEngine/resource.h @@ -25,7 +25,7 @@ #define IDC_LISTBOX 800 // Next default values for new objects -// +// #ifdef APSTUDIO_INVOKED #ifndef APSTUDIO_READONLY_SYMBOLS #define _APS_NEXT_RESOURCE_VALUE 114 diff --git a/TitanEngine/scylla_wrapper.h b/TitanEngine/scylla_wrapper.h index a7064d3..8663202 100644 --- a/TitanEngine/scylla_wrapper.h +++ b/TitanEngine/scylla_wrapper.h @@ -11,7 +11,7 @@ const BYTE SCY_ERROR_IATNOTFOUND = -4; extern "C" { #endif /*__cplusplus*/ //iat exports -int scylla_searchIAT(DWORD pid, DWORD_PTR &iatStart, DWORD &iatSize, DWORD_PTR searchStart, bool advancedSearch); +int scylla_searchIAT(DWORD pid, DWORD_PTR & iatStart, DWORD & iatSize, DWORD_PTR searchStart, bool advancedSearch); int scylla_getImports(DWORD_PTR iatAddr, DWORD iatSize, DWORD pid, LPVOID invalidImportCallback = NULL); bool scylla_addModule(const WCHAR* moduleName, DWORD_PTR firstThunkRVA); bool scylla_addImport(const WCHAR* importName, DWORD_PTR thunkVA); @@ -29,12 +29,12 @@ DWORD_PTR scylla_findImportNameByWriteLocation(DWORD_PTR thunkVA); DWORD_PTR scylla_findModuleNameByWriteLocation(DWORD_PTR thunkVA); //dumper exports -bool scylla_dumpProcessW(DWORD_PTR pid, const WCHAR * fileToDump, DWORD_PTR imagebase, DWORD_PTR entrypoint, const WCHAR * fileResult); -bool scylla_dumpProcessA(DWORD_PTR pid, const char * fileToDump, DWORD_PTR imagebase, DWORD_PTR entrypoint, const char * fileResult); +bool scylla_dumpProcessW(DWORD_PTR pid, const WCHAR* fileToDump, DWORD_PTR imagebase, DWORD_PTR entrypoint, const WCHAR* fileResult); +bool scylla_dumpProcessA(DWORD_PTR pid, const char* fileToDump, DWORD_PTR imagebase, DWORD_PTR entrypoint, const char* fileResult); //rebuilder exports -bool scylla_rebuildFileW(const WCHAR * fileToRebuild, BOOL removeDosStub, BOOL updatePeHeaderChecksum, BOOL createBackup); -bool scylla_rebuildFileA(const char * fileToRebuild, BOOL removeDosStub, BOOL updatePeHeaderChecksum, BOOL createBackup); +bool scylla_rebuildFileW(const WCHAR* fileToRebuild, BOOL removeDosStub, BOOL updatePeHeaderChecksum, BOOL createBackup); +bool scylla_rebuildFileA(const char* fileToRebuild, BOOL removeDosStub, BOOL updatePeHeaderChecksum, BOOL createBackup); #ifdef __cplusplus } #endif /*__cplusplus*/ diff --git a/TitanEngine/stdafx.h b/TitanEngine/stdafx.h index d652225..b2fec93 100644 --- a/TitanEngine/stdafx.h +++ b/TitanEngine/stdafx.h @@ -154,24 +154,24 @@ typedef struct enum HWBP_MODE { - MODE_DISABLED=0, //00 - MODE_LOCAL=1, //01 - MODE_GLOBAL=2 //10 + MODE_DISABLED = 0, //00 + MODE_LOCAL = 1, //01 + MODE_GLOBAL = 2 //10 }; enum HWBP_TYPE { - TYPE_EXECUTE=0, //00 - TYPE_WRITE=1, //01 - TYPE_READWRITE=3 //11 + TYPE_EXECUTE = 0, //00 + TYPE_WRITE = 1, //01 + TYPE_READWRITE = 3 //11 }; enum HWBP_SIZE { - SIZE_1=0, //00 - SIZE_2=1, //01 - SIZE_8=2, //10 - SIZE_4=3 //11 + SIZE_1 = 0, //00 + SIZE_2 = 1, //01 + SIZE_8 = 2, //10 + SIZE_4 = 3 //11 }; struct DR7 @@ -759,21 +759,21 @@ typedef struct /*typedef enum _POOL_TYPE { - NonPagedPool, - PagedPool, - NonPagedPoolMustSucceed, - DontUseThisType, - NonPagedPoolCacheAligned, - PagedPoolCacheAligned, - NonPagedPoolCacheAlignedMustS, - MaxPoolType, - NonPagedPoolSession, - PagedPoolSession, - NonPagedPoolMustSucceedSession, - DontUseThisTypeSession, - NonPagedPoolCacheAlignedSession, - PagedPoolCacheAlignedSession, - NonPagedPoolCacheAlignedMustSSession + NonPagedPool, + PagedPool, + NonPagedPoolMustSucceed, + DontUseThisType, + NonPagedPoolCacheAligned, + PagedPoolCacheAligned, + NonPagedPoolCacheAlignedMustS, + MaxPoolType, + NonPagedPoolSession, + PagedPoolSession, + NonPagedPoolMustSucceedSession, + DontUseThisTypeSession, + NonPagedPoolCacheAlignedSession, + PagedPoolCacheAlignedSession, + NonPagedPoolCacheAlignedMustSSession } POOL_TYPE;*/ typedef struct @@ -924,7 +924,7 @@ struct _PEB_T DWORD MaximumNumberOfHeaps; T ProcessHeaps; -//FULL PEB not needed + //FULL PEB not needed /* T GdiSharedHandleTable; T ProcessStarterHelper; T GdiDCAttributeList; diff --git a/TitanEngine/targetver.h b/TitanEngine/targetver.h index f583181..ad00983 100644 --- a/TitanEngine/targetver.h +++ b/TitanEngine/targetver.h @@ -1,8 +1,8 @@ #pragma once // The following macros define the minimum required platform. The minimum required platform -// is the earliest version of Windows, Internet Explorer etc. that has the necessary features to run -// your application. The macros work by enabling all features available on platform versions up to and +// is the earliest version of Windows, Internet Explorer etc. that has the necessary features to run +// your application. The macros work by enabling all features available on platform versions up to and // including the version specified. // Modify the following defines if you have to target a platform prior to the ones specified below. diff --git a/TitanEngineLoaders/LibraryLoader/LibraryLoader.cpp b/TitanEngineLoaders/LibraryLoader/LibraryLoader.cpp index 64c62a7..4c8526e 100644 --- a/TitanEngineLoaders/LibraryLoader/LibraryLoader.cpp +++ b/TitanEngineLoaders/LibraryLoader/LibraryLoader.cpp @@ -5,12 +5,12 @@ wchar_t szLibraryPath[512]; int main() { memset(szLibraryPath, 0, sizeof(szLibraryPath)); - wchar_t szName[256]=L""; + wchar_t szName[256] = L""; wsprintfW(szName, L"Global\\szLibraryName%X", (unsigned int)GetCurrentProcessId()); - HANDLE hMapFile=OpenFileMappingW(FILE_MAP_READ, false, szName); + HANDLE hMapFile = OpenFileMappingW(FILE_MAP_READ, false, szName); if(hMapFile) { - const wchar_t* szLibraryPathMapping=(const wchar_t*)MapViewOfFile(hMapFile, FILE_MAP_READ, 0, 0, sizeof(szLibraryPath)); + const wchar_t* szLibraryPathMapping = (const wchar_t*)MapViewOfFile(hMapFile, FILE_MAP_READ, 0, 0, sizeof(szLibraryPath)); if(szLibraryPathMapping) { lstrcpyW(szLibraryPath, szLibraryPathMapping); @@ -19,6 +19,6 @@ int main() CloseHandle(hMapFile); } if(szLibraryPath[0]) - return (LoadLibraryW(szLibraryPath)!=NULL); + return (LoadLibraryW(szLibraryPath) != NULL); return 0; }