x64dbg
/
TitanEngine
mirror of https://github.com/x64dbg/TitanEngine
1
0
Fork 0
Code Releases Activity

massive formatting

This commit is contained in:
Mr. eXoDia 2014-08-05 01:04:23 +02:00
parent b350775721
commit 7726d8fcf1
65 changed files with 1422 additions and 1421 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
SDK/C/TitanEngine.h
View File

@ -590,8 +590,8 @@ __declspec(dllexport) ULONG_PTR TITCALL ConvertVAtoFileOffset(ULONG_PTR FileMapV
__declspec(dllexport) ULONG_PTR TITCALL ConvertVAtoFileOffsetEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool AddressIsRVA, bool ReturnType); __declspec(dllexport) ULONG_PTR TITCALL ConvertVAtoFileOffsetEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool AddressIsRVA, bool ReturnType);
__declspec(dllexport) ULONG_PTR TITCALL ConvertFileOffsetToVA(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType); __declspec(dllexport) ULONG_PTR TITCALL ConvertFileOffsetToVA(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType);
__declspec(dllexport) ULONG_PTR TITCALL ConvertFileOffsetToVAEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool ReturnType); __declspec(dllexport) ULONG_PTR TITCALL ConvertFileOffsetToVAEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool ReturnType);
__declspec(dllexport) bool TITCALL MemoryReadSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T * lpNumberOfBytesRead); __declspec(dllexport) bool TITCALL MemoryReadSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T* lpNumberOfBytesRead);
__declspec(dllexport) bool TITCALL MemoryWriteSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID lpBuffer, SIZE_T nSize, SIZE_T * lpNumberOfBytesWritten); __declspec(dllexport) bool TITCALL MemoryWriteSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID lpBuffer, SIZE_T nSize, SIZE_T* lpNumberOfBytesWritten);
// TitanEngine.Realigner.functions: // TitanEngine.Realigner.functions:
__declspec(dllexport) bool TITCALL FixHeaderCheckSum(char* szFileName); __declspec(dllexport) bool TITCALL FixHeaderCheckSum(char* szFileName);
__declspec(dllexport) bool TITCALL FixHeaderCheckSumW(wchar_t* szFileName); __declspec(dllexport) bool TITCALL FixHeaderCheckSumW(wchar_t* szFileName);

4
SDK/CPP/TitanEngine.h
View File

@ -589,8 +589,8 @@ __declspec(dllimport) ULONG_PTR TITCALL ConvertVAtoFileOffset(ULONG_PTR FileMapV
__declspec(dllimport) ULONG_PTR TITCALL ConvertVAtoFileOffsetEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool AddressIsRVA, bool ReturnType); __declspec(dllimport) ULONG_PTR TITCALL ConvertVAtoFileOffsetEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool AddressIsRVA, bool ReturnType);
__declspec(dllimport) ULONG_PTR TITCALL ConvertFileOffsetToVA(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType); __declspec(dllimport) ULONG_PTR TITCALL ConvertFileOffsetToVA(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType);
__declspec(dllimport) ULONG_PTR TITCALL ConvertFileOffsetToVAEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool ReturnType); __declspec(dllimport) ULONG_PTR TITCALL ConvertFileOffsetToVAEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool ReturnType);
__declspec(dllimport) bool TITCALL MemoryReadSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T * lpNumberOfBytesRead); __declspec(dllimport) bool TITCALL MemoryReadSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T* lpNumberOfBytesRead);
__declspec(dllimport) bool TITCALL MemoryWriteSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID lpBuffer, SIZE_T nSize, SIZE_T * lpNumberOfBytesWritten); __declspec(dllimport) bool TITCALL MemoryWriteSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID lpBuffer, SIZE_T nSize, SIZE_T* lpNumberOfBytesWritten);
// TitanEngine.Realigner.functions: // TitanEngine.Realigner.functions:
__declspec(dllimport) bool TITCALL FixHeaderCheckSum(char* szFileName); __declspec(dllimport) bool TITCALL FixHeaderCheckSum(char* szFileName);
__declspec(dllimport) bool TITCALL FixHeaderCheckSumW(wchar_t* szFileName); __declspec(dllimport) bool TITCALL FixHeaderCheckSumW(wchar_t* szFileName);

30
SDK/CPP/TitanEngine.hpp
View File

@ -407,11 +407,11 @@ protected:
{ {
return UE::ConvertFileOffsetToVAEx(FileMapVA, FileSize, ImageBase, AddressToConvert, ReturnType); return UE::ConvertFileOffsetToVAEx(FileMapVA, FileSize, ImageBase, AddressToConvert, ReturnType);
} }
static bool MemoryReadSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T * lpNumberOfBytesRead) static bool MemoryReadSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T* lpNumberOfBytesRead)
{ {
return UE::MemoryReadSafe(hProcess, lpBaseAddress, lpBuffer, nSize, lpNumberOfBytesRead); return UE::MemoryReadSafe(hProcess, lpBaseAddress, lpBuffer, nSize, lpNumberOfBytesRead);
} }
static bool MemoryWriteSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID lpBuffer, SIZE_T nSize, SIZE_T * lpNumberOfBytesWritten) static bool MemoryWriteSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID lpBuffer, SIZE_T nSize, SIZE_T* lpNumberOfBytesWritten)
{ {
return UE::MemoryWriteSafe(hProcess, lpBaseAddress, lpBuffer, nSize, lpNumberOfBytesWritten); return UE::MemoryWriteSafe(hProcess, lpBaseAddress, lpBuffer, nSize, lpNumberOfBytesWritten);
} }
@ -986,7 +986,7 @@ class ResourcerX
protected: protected:
typedef void(TITCALL *fResourceEnumCallback)(const wchar_t* szResourceType, DWORD ResourceType, const wchar_t* szResourceName, DWORD ResourceName, DWORD ResourceLanguage, DWORD ResourceData, DWORD ResourceSize); typedef void(TITCALL* fResourceEnumCallback)(const wchar_t* szResourceType, DWORD ResourceType, const wchar_t* szResourceName, DWORD ResourceName, DWORD ResourceLanguage, DWORD ResourceData, DWORD ResourceSize);
static bool FreeLoadedFile(void* LoadedFileBase) static bool FreeLoadedFile(void* LoadedFileBase)
{ {
@ -1076,8 +1076,8 @@ public:
typedef UE::THREAD_ITEM_DATA THREAD_ITEM_DATA; typedef UE::THREAD_ITEM_DATA THREAD_ITEM_DATA;
typedef void(TITCALL *fThreadEnumCallback)(const THREAD_ITEM_DATA* fThreadDetail); typedef void(TITCALL* fThreadEnumCallback)(const THREAD_ITEM_DATA* fThreadDetail);
typedef void(TITCALL *fThreadExitCallback)(const EXIT_THREAD_DEBUG_INFO* SpecialDBG); typedef void(TITCALL* fThreadExitCallback)(const EXIT_THREAD_DEBUG_INFO* SpecialDBG);
static bool ImportRunningThreadData(DWORD ProcessId) static bool ImportRunningThreadData(DWORD ProcessId)
{ {
@ -1177,8 +1177,8 @@ class DebuggerX
protected: protected:
typedef void (TITCALL *fBreakPointCallback)(); typedef void (TITCALL* fBreakPointCallback)();
typedef void (TITCALL *fCustomHandlerCallback)(const void* ExceptionData); typedef void (TITCALL* fCustomHandlerCallback)(const void* ExceptionData);
static const char* StaticDisassembleEx(ULONG_PTR DisassmStart, const void* DisassmAddress) static const char* StaticDisassembleEx(ULONG_PTR DisassmStart, const void* DisassmAddress)
{ {
@ -1664,8 +1664,8 @@ public:
protected: protected:
typedef void (TITCALL *fImportEnumCallBack)(void* ptrImportEnumData); typedef void (TITCALL* fImportEnumCallBack)(void* ptrImportEnumData);
typedef void* (TITCALL *fImportFixCallback)(void* fIATPointer); typedef void* (TITCALL* fImportFixCallback)(void* fIATPointer);
static void AddNewDll(const char* szDLLName, ULONG_PTR FirstThunk) static void AddNewDll(const char* szDLLName, ULONG_PTR FirstThunk)
{ {
@ -1954,7 +1954,7 @@ class LibrarianX
{ {
protected: protected:
typedef void (TITCALL *fLibraryBreakPointCallback)(const LOAD_DLL_DEBUG_INFO* SpecialDBG); typedef void (TITCALL* fLibraryBreakPointCallback)(const LOAD_DLL_DEBUG_INFO* SpecialDBG);
static bool SetBreakPoint(const char* szLibraryName, eLibraryEvent bpxType, bool SingleShoot, fLibraryBreakPointCallback bpxCallBack) static bool SetBreakPoint(const char* szLibraryName, eLibraryEvent bpxType, bool SingleShoot, fLibraryBreakPointCallback bpxCallBack)
{ {
@ -1972,7 +1972,7 @@ public:
typedef UE::LIBRARY_ITEM_DATA LIBRARY_ITEM_DATA; typedef UE::LIBRARY_ITEM_DATA LIBRARY_ITEM_DATA;
typedef void (TITCALL *fLibraryEnumCallback)(const LIBRARY_ITEM_DATA* fLibraryDetail); typedef void (TITCALL* fLibraryEnumCallback)(const LIBRARY_ITEM_DATA* fLibraryDetail);
static const LIBRARY_ITEM_DATA* GetLibraryInfo(const char* szLibraryName) static const LIBRARY_ITEM_DATA* GetLibraryInfo(const char* szLibraryName)
{ {
@ -1994,7 +1994,7 @@ public:
typedef UE::LIBRARY_ITEM_DATAW LIBRARY_ITEM_DATA; typedef UE::LIBRARY_ITEM_DATAW LIBRARY_ITEM_DATA;
typedef void (TITCALL *fLibraryEnumCallback)(const LIBRARY_ITEM_DATA* fLibraryDetail); typedef void (TITCALL* fLibraryEnumCallback)(const LIBRARY_ITEM_DATA* fLibraryDetail);
static const LIBRARY_ITEM_DATA* GetLibraryInfo(const wchar_t* szLibraryName) static const LIBRARY_ITEM_DATA* GetLibraryInfo(const wchar_t* szLibraryName)
{ {
@ -2046,7 +2046,7 @@ public:
typedef UE::HOOK_ENTRY HOOK_ENTRY; typedef UE::HOOK_ENTRY HOOK_ENTRY;
typedef bool(TITCALL *fHookEnumCallBack)(const HOOK_ENTRY* HookDetails, void* ptrOriginalInstructions, const LibrarianA::LIBRARY_ITEM_DATA* ModuleInformation, DWORD SizeOfImage); typedef bool(TITCALL* fHookEnumCallBack)(const HOOK_ENTRY* HookDetails, void* ptrOriginalInstructions, const LibrarianA::LIBRARY_ITEM_DATA* ModuleInformation, DWORD SizeOfImage);
static bool SafeTransitionEx(void** HookAddressArray, int NumberOfHooks, bool TransitionStart) static bool SafeTransitionEx(void** HookAddressArray, int NumberOfHooks, bool TransitionStart)
{ {
@ -2256,7 +2256,7 @@ class ProcessX
{ {
protected: protected:
typedef void(TITCALL *fProcessWithLibraryEnumCallback)(DWORD ProcessId, HMODULE ModuleBaseAddress); typedef void(TITCALL* fProcessWithLibraryEnumCallback)(DWORD ProcessId, HMODULE ModuleBaseAddress);
static void EnumProcessesWithLibrary(char* szLibraryName, fProcessWithLibraryEnumCallback EnumFunction) static void EnumProcessesWithLibrary(char* szLibraryName, fProcessWithLibraryEnumCallback EnumFunction)
{ {
@ -2608,7 +2608,7 @@ class StaticX
{ {
protected: protected:
typedef bool (__stdcall *fStaticDecryptCallback)(void* sMemoryStart, int sKeySize); typedef bool (__stdcall* fStaticDecryptCallback)(void* sMemoryStart, int sKeySize);
static bool FileGetContent(HANDLE FileHandle, DWORD FilePositionLow, const DWORD* FilePositionHigh, void* Buffer, DWORD Size) static bool FileGetContent(HANDLE FileHandle, DWORD FilePositionLow, const DWORD* FilePositionHigh, void* Buffer, DWORD Size)
{ {

246
TitanEngine/Global.Breakpoints.cpp
View File

@ -6,130 +6,130 @@ std::vector<BreakPointDetail> BreakPointBuffer;
ULONG_PTR dr7uint(DR7* dr7) ULONG_PTR dr7uint(DR7* dr7)
{ {
ULONG_PTR ret=0; ULONG_PTR ret = 0;
if(BITGET(dr7->HWBP_MODE[0],0)) if(BITGET(dr7->HWBP_MODE[0], 0))
BITSET(ret,0); BITSET(ret, 0);
if(BITGET(dr7->HWBP_MODE[0],1)) if(BITGET(dr7->HWBP_MODE[0], 1))
BITSET(ret,1); BITSET(ret, 1);
if(BITGET(dr7->HWBP_MODE[1],0)) if(BITGET(dr7->HWBP_MODE[1], 0))
BITSET(ret,2); BITSET(ret, 2);
if(BITGET(dr7->HWBP_MODE[1],1)) if(BITGET(dr7->HWBP_MODE[1], 1))
BITSET(ret,3); BITSET(ret, 3);
if(BITGET(dr7->HWBP_MODE[2],0)) if(BITGET(dr7->HWBP_MODE[2], 0))
BITSET(ret,4); BITSET(ret, 4);
if(BITGET(dr7->HWBP_MODE[2],1)) if(BITGET(dr7->HWBP_MODE[2], 1))
BITSET(ret,5); BITSET(ret, 5);
if(BITGET(dr7->HWBP_MODE[3],0)) if(BITGET(dr7->HWBP_MODE[3], 0))
BITSET(ret,6); BITSET(ret, 6);
if(BITGET(dr7->HWBP_MODE[3],1)) if(BITGET(dr7->HWBP_MODE[3], 1))
BITSET(ret,7); BITSET(ret, 7);
if(BITGET(dr7->HWBP_TYPE[0],0)) if(BITGET(dr7->HWBP_TYPE[0], 0))
BITSET(ret,16); BITSET(ret, 16);
if(BITGET(dr7->HWBP_TYPE[0],1)) if(BITGET(dr7->HWBP_TYPE[0], 1))
BITSET(ret,17); BITSET(ret, 17);
if(BITGET(dr7->HWBP_SIZE[0],0)) if(BITGET(dr7->HWBP_SIZE[0], 0))
BITSET(ret,18); BITSET(ret, 18);
if(BITGET(dr7->HWBP_SIZE[0],1)) if(BITGET(dr7->HWBP_SIZE[0], 1))
BITSET(ret,19); BITSET(ret, 19);
if(BITGET(dr7->HWBP_TYPE[1],0)) if(BITGET(dr7->HWBP_TYPE[1], 0))
BITSET(ret,20); BITSET(ret, 20);
if(BITGET(dr7->HWBP_TYPE[1],1)) if(BITGET(dr7->HWBP_TYPE[1], 1))
BITSET(ret,21); BITSET(ret, 21);
if(BITGET(dr7->HWBP_SIZE[1],0)) if(BITGET(dr7->HWBP_SIZE[1], 0))
BITSET(ret,22); BITSET(ret, 22);
if(BITGET(dr7->HWBP_SIZE[1],1)) if(BITGET(dr7->HWBP_SIZE[1], 1))
BITSET(ret,23); BITSET(ret, 23);
if(BITGET(dr7->HWBP_TYPE[2],0)) if(BITGET(dr7->HWBP_TYPE[2], 0))
BITSET(ret,24); BITSET(ret, 24);
if(BITGET(dr7->HWBP_TYPE[2],1)) if(BITGET(dr7->HWBP_TYPE[2], 1))
BITSET(ret,25); BITSET(ret, 25);
if(BITGET(dr7->HWBP_SIZE[2],0)) if(BITGET(dr7->HWBP_SIZE[2], 0))
BITSET(ret,26); BITSET(ret, 26);
if(BITGET(dr7->HWBP_SIZE[2],1)) if(BITGET(dr7->HWBP_SIZE[2], 1))
BITSET(ret,27); BITSET(ret, 27);
if(BITGET(dr7->HWBP_TYPE[3],0)) if(BITGET(dr7->HWBP_TYPE[3], 0))
BITSET(ret,28); BITSET(ret, 28);
if(BITGET(dr7->HWBP_TYPE[3],1)) if(BITGET(dr7->HWBP_TYPE[3], 1))
BITSET(ret,29); BITSET(ret, 29);
if(BITGET(dr7->HWBP_SIZE[3],0)) if(BITGET(dr7->HWBP_SIZE[3], 0))
BITSET(ret,30); BITSET(ret, 30);
if(BITGET(dr7->HWBP_SIZE[3],1)) if(BITGET(dr7->HWBP_SIZE[3], 1))
BITSET(ret,31); BITSET(ret, 31);
return ret; return ret;
} }
void uintdr7(ULONG_PTR dr7, DR7* ret) void uintdr7(ULONG_PTR dr7, DR7* ret)
{ {
memset(ret, 0, sizeof(DR7)); memset(ret, 0, sizeof(DR7));
if(BITGET(dr7,0)) if(BITGET(dr7, 0))
BITSET(ret->HWBP_MODE[0],0); BITSET(ret->HWBP_MODE[0], 0);
if(BITGET(dr7,1)) if(BITGET(dr7, 1))
BITSET(ret->HWBP_MODE[0],1); BITSET(ret->HWBP_MODE[0], 1);
if(BITGET(dr7,2)) if(BITGET(dr7, 2))
BITSET(ret->HWBP_MODE[1],0); BITSET(ret->HWBP_MODE[1], 0);
if(BITGET(dr7,3)) if(BITGET(dr7, 3))
BITSET(ret->HWBP_MODE[1],1); BITSET(ret->HWBP_MODE[1], 1);
if(BITGET(dr7,4)) if(BITGET(dr7, 4))
BITSET(ret->HWBP_MODE[2],0); BITSET(ret->HWBP_MODE[2], 0);
if(BITGET(dr7,5)) if(BITGET(dr7, 5))
BITSET(ret->HWBP_MODE[2],1); BITSET(ret->HWBP_MODE[2], 1);
if(BITGET(dr7,6)) if(BITGET(dr7, 6))
BITSET(ret->HWBP_MODE[3],0); BITSET(ret->HWBP_MODE[3], 0);
if(BITGET(dr7,7)) if(BITGET(dr7, 7))
BITSET(ret->HWBP_MODE[3],1); BITSET(ret->HWBP_MODE[3], 1);
if(BITGET(dr7,16)) if(BITGET(dr7, 16))
BITSET(ret->HWBP_TYPE[0],0); BITSET(ret->HWBP_TYPE[0], 0);
if(BITGET(dr7,17)) if(BITGET(dr7, 17))
BITSET(ret->HWBP_TYPE[0],1); BITSET(ret->HWBP_TYPE[0], 1);
if(BITGET(dr7,18)) if(BITGET(dr7, 18))
BITSET(ret->HWBP_SIZE[0],0); BITSET(ret->HWBP_SIZE[0], 0);
if(BITGET(dr7,19)) if(BITGET(dr7, 19))
BITSET(ret->HWBP_SIZE[0],1); BITSET(ret->HWBP_SIZE[0], 1);
if(BITGET(dr7,20)) if(BITGET(dr7, 20))
BITSET(ret->HWBP_TYPE[1],0); BITSET(ret->HWBP_TYPE[1], 0);
if(BITGET(dr7,21)) if(BITGET(dr7, 21))
BITSET(ret->HWBP_TYPE[1],1); BITSET(ret->HWBP_TYPE[1], 1);
if(BITGET(dr7,22)) if(BITGET(dr7, 22))
BITSET(ret->HWBP_SIZE[1],0); BITSET(ret->HWBP_SIZE[1], 0);
if(BITGET(dr7,23)) if(BITGET(dr7, 23))
BITSET(ret->HWBP_SIZE[1],1); BITSET(ret->HWBP_SIZE[1], 1);
if(BITGET(dr7,24)) if(BITGET(dr7, 24))
BITSET(ret->HWBP_TYPE[2],0); BITSET(ret->HWBP_TYPE[2], 0);
if(BITGET(dr7,25)) if(BITGET(dr7, 25))
BITSET(ret->HWBP_TYPE[2],1); BITSET(ret->HWBP_TYPE[2], 1);
if(BITGET(dr7,26)) if(BITGET(dr7, 26))
BITSET(ret->HWBP_SIZE[2],0); BITSET(ret->HWBP_SIZE[2], 0);
if(BITGET(dr7,27)) if(BITGET(dr7, 27))
BITSET(ret->HWBP_SIZE[2],1); BITSET(ret->HWBP_SIZE[2], 1);
if(BITGET(dr7,28)) if(BITGET(dr7, 28))
BITSET(ret->HWBP_TYPE[3],0); BITSET(ret->HWBP_TYPE[3], 0);
if(BITGET(dr7,29)) if(BITGET(dr7, 29))
BITSET(ret->HWBP_TYPE[3],1); BITSET(ret->HWBP_TYPE[3], 1);
if(BITGET(dr7,30)) if(BITGET(dr7, 30))
BITSET(ret->HWBP_SIZE[3],0); BITSET(ret->HWBP_SIZE[3], 0);
if(BITGET(dr7,31)) if(BITGET(dr7, 31))
BITSET(ret->HWBP_SIZE[3],1); BITSET(ret->HWBP_SIZE[3], 1);
} }
void BreakPointPostReadFilter(ULONG_PTR lpBaseAddress, unsigned char* lpBuffer, SIZE_T nSize) void BreakPointPostReadFilter(ULONG_PTR lpBaseAddress, unsigned char* lpBuffer, SIZE_T nSize)
{ {
CriticalSectionLocker lock(LockBreakPointBuffer); CriticalSectionLocker lock(LockBreakPointBuffer);
ULONG_PTR start=lpBaseAddress; ULONG_PTR start = lpBaseAddress;
ULONG_PTR end=start+nSize; ULONG_PTR end = start + nSize;
int bpcount=(int)BreakPointBuffer.size(); int bpcount = (int)BreakPointBuffer.size();
for(int i=0; i<bpcount; i++) for(int i = 0; i < bpcount; i++)
{ {
BreakPointDetail* curBp=&BreakPointBuffer.at(i); BreakPointDetail* curBp = &BreakPointBuffer.at(i);
//check if the breakpoint is one we should be concerned about //check if the breakpoint is one we should be concerned about
if(curBp->BreakPointActive != UE_BPXACTIVE || (curBp->BreakPointType != UE_BREAKPOINT && curBp->BreakPointType != UE_SINGLESHOOT)) if(curBp->BreakPointActive != UE_BPXACTIVE || (curBp->BreakPointType != UE_BREAKPOINT && curBp->BreakPointType != UE_SINGLESHOOT))
continue; continue;
ULONG_PTR cur_addr=curBp->BreakPointAddress; ULONG_PTR cur_addr = curBp->BreakPointAddress;
for(SIZE_T j=0; j<curBp->BreakPointSize; j++) for(SIZE_T j = 0; j < curBp->BreakPointSize; j++)
{ {
if(cur_addr+j>=start && cur_addr+j<end) //breakpoint is in range if(cur_addr + j >= start && cur_addr + j < end) //breakpoint is in range
{ {
ULONG_PTR index=cur_addr+j-start; //calculate where to write in the buffer ULONG_PTR index = cur_addr + j - start; //calculate where to write in the buffer
memcpy(lpBuffer+index, &curBp->OriginalByte[j], sizeof(char)); memcpy(lpBuffer + index, &curBp->OriginalByte[j], sizeof(char));
} }
} }
} }
@ -137,19 +137,19 @@ void BreakPointPostReadFilter(ULONG_PTR lpBaseAddress, unsigned char* lpBuffer,
void BreakPointPreWriteFilter(ULONG_PTR lpBaseAddress, SIZE_T nSize, CriticalSectionLocker* lock) void BreakPointPreWriteFilter(ULONG_PTR lpBaseAddress, SIZE_T nSize, CriticalSectionLocker* lock)
{ {
ULONG_PTR start=lpBaseAddress; ULONG_PTR start = lpBaseAddress;
ULONG_PTR end=start+nSize; ULONG_PTR end = start + nSize;
int bpcount=(int)BreakPointBuffer.size(); int bpcount = (int)BreakPointBuffer.size();
for(int i=0; i<bpcount; i++) for(int i = 0; i < bpcount; i++)
{ {
BreakPointDetail* curBp=&BreakPointBuffer.at(i); BreakPointDetail* curBp = &BreakPointBuffer.at(i);
//check if the breakpoint is one we should be concerned about //check if the breakpoint is one we should be concerned about
if(curBp->BreakPointActive != UE_BPXACTIVE || (curBp->BreakPointType != UE_BREAKPOINT && curBp->BreakPointType != UE_SINGLESHOOT)) if(curBp->BreakPointActive != UE_BPXACTIVE || (curBp->BreakPointType != UE_BREAKPOINT && curBp->BreakPointType != UE_SINGLESHOOT))
continue; continue;
ULONG_PTR cur_addr=curBp->BreakPointAddress; ULONG_PTR cur_addr = curBp->BreakPointAddress;
for(SIZE_T j=0; j<curBp->BreakPointSize; j++) for(SIZE_T j = 0; j < curBp->BreakPointSize; j++)
{ {
if(cur_addr+j>=start && cur_addr+j<end) //breakpoint byte is in range if(cur_addr + j >= start && cur_addr + j < end) //breakpoint byte is in range
{ {
lock->unlock(); lock->unlock();
DisableBPX(cur_addr); DisableBPX(cur_addr);
@ -163,19 +163,19 @@ void BreakPointPreWriteFilter(ULONG_PTR lpBaseAddress, SIZE_T nSize, CriticalSec
void BreakPointPostWriteFilter(ULONG_PTR lpBaseAddress, SIZE_T nSize, CriticalSectionLocker* lock) void BreakPointPostWriteFilter(ULONG_PTR lpBaseAddress, SIZE_T nSize, CriticalSectionLocker* lock)
{ {
ULONG_PTR start=lpBaseAddress; ULONG_PTR start = lpBaseAddress;
ULONG_PTR end=start+nSize; ULONG_PTR end = start + nSize;
int bpcount=(int)BreakPointBuffer.size(); int bpcount = (int)BreakPointBuffer.size();
for(int i=0; i<bpcount; i++) for(int i = 0; i < bpcount; i++)
{ {
BreakPointDetail* curBp=&BreakPointBuffer.at(i); BreakPointDetail* curBp = &BreakPointBuffer.at(i);
//check if the breakpoint is one we should be concerned about //check if the breakpoint is one we should be concerned about
if(curBp->BreakPointActive != UE_BPXACTIVE || (curBp->BreakPointType != UE_BREAKPOINT && curBp->BreakPointType != UE_SINGLESHOOT)) if(curBp->BreakPointActive != UE_BPXACTIVE || (curBp->BreakPointType != UE_BREAKPOINT && curBp->BreakPointType != UE_SINGLESHOOT))
continue; continue;
ULONG_PTR cur_addr=curBp->BreakPointAddress; ULONG_PTR cur_addr = curBp->BreakPointAddress;
for(SIZE_T j=0; j<curBp->BreakPointSize; j++) for(SIZE_T j = 0; j < curBp->BreakPointSize; j++)
{ {
if(cur_addr+j>=start && cur_addr+j<end) //breakpoint byte is in range if(cur_addr + j >= start && cur_addr + j < end) //breakpoint byte is in range
{ {
curBp->BreakPointActive = UE_BPXINACTIVE; //little hack curBp->BreakPointActive = UE_BPXINACTIVE; //little hack
lock->unlock(); lock->unlock();

4
TitanEngine/Global.Debugger.cpp
View File

@ -93,14 +93,14 @@ void StepOutStepCallBack()
StepOver(StepOutCallBack); StepOver(StepOutCallBack);
else else
{ {
typedef void(TITCALL *fCustomBreakPoint)(); typedef void(TITCALL * fCustomBreakPoint)();
__try __try
{ {
((fCustomBreakPoint)StepOutCallBack)(); ((fCustomBreakPoint)StepOutCallBack)();
} }
__except(EXCEPTION_EXECUTE_HANDLER) __except(EXCEPTION_EXECUTE_HANDLER)
{ {
} }
} }
} }
else else

8
TitanEngine/Global.Engine.Extension.h
View File

@ -6,10 +6,10 @@
#define PLUGCALL TITCALL #define PLUGCALL TITCALL
//typedefs //typedefs
typedef void(PLUGCALL *fPluginDebugExec)(LPDEBUG_EVENT debugEvent, int CallReason); typedef void(PLUGCALL* fPluginDebugExec)(LPDEBUG_EVENT debugEvent, int CallReason);
typedef bool(PLUGCALL *fPluginRegister)(char* szPluginName, LPDWORD titanPluginMajorVersion, LPDWORD titanPluginMinorVersion); typedef bool(PLUGCALL* fPluginRegister)(char* szPluginName, LPDWORD titanPluginMajorVersion, LPDWORD titanPluginMinorVersion);
typedef void(PLUGCALL *fPluginReleaseExec)(); typedef void(PLUGCALL* fPluginReleaseExec)();
typedef void(PLUGCALL *fPluginResetExec)(); typedef void(PLUGCALL* fPluginResetExec)();
//structs //structs
typedef struct typedef struct

2
TitanEngine/Global.Engine.GUI.cpp
View File

@ -45,7 +45,7 @@ long EngineWndProc(HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam)
{ {
char szAboutTitle[] = "[ About ]"; char szAboutTitle[] = "[ About ]";
char szAboutText[] = "%s \r\n\r\n ReversingLabs - http://www.reversinglabs.com \r\n\r\n Minimum engine version needed:\r\n- TitanEngine %i.%i.%i by RevLabs\r\n\r\nUnpacker coded by %s"; char szAboutText[] = "%s \r\n\r\n ReversingLabs - http://www.reversinglabs.com \r\n\r\n Minimum engine version needed:\r\n- TitanEngine %i.%i.%i by RevLabs\r\n\r\nUnpacker coded by %s";
typedef void(TITCALL *fStartUnpacking)(char* szInputFile, bool RealignFile, bool CopyOverlay); typedef void(TITCALL * fStartUnpacking)(char* szInputFile, bool RealignFile, bool CopyOverlay);
fStartUnpacking myStartUnpacking = (fStartUnpacking)EngineStartUnpackingCallBack; fStartUnpacking myStartUnpacking = (fStartUnpacking)EngineStartUnpackingCallBack;
char GlobalBuffer[1024] = {}; char GlobalBuffer[1024] = {};
char AboutBuffer[1024] = {}; char AboutBuffer[1024] = {};

6
TitanEngine/Global.Engine.Hash.cpp
View File

@ -37,13 +37,13 @@ unsigned long EngineCrc32Reflect(unsigned long ulReflect, const char cChar)
return ulValue; return ulValue;
} }
void EngineCrc32PartialCRC(unsigned long *ulCRC, const unsigned char *sData, unsigned long ulDataLength) void EngineCrc32PartialCRC(unsigned long* ulCRC, const unsigned char* sData, unsigned long ulDataLength)
{ {
while(ulDataLength--) while(ulDataLength--)
{ {
//If your compiler complains about the following line, try changing each //If your compiler complains about the following line, try changing each
// occurrence of *ulCRC with "((unsigned long)*ulCRC)" or "*(unsigned long *)ulCRC". // occurrence of *ulCRC with "((unsigned long)*ulCRC)" or "*(unsigned long *)ulCRC".
*(unsigned long *)ulCRC = ((*(unsigned long *)ulCRC) >> 8) ^ Crc32Table[((*(unsigned long *)ulCRC) & 0xFF) ^ *sData++]; *(unsigned long*)ulCRC = ((*(unsigned long*)ulCRC) >> 8) ^ Crc32Table[((*(unsigned long*)ulCRC) & 0xFF) ^ *sData++];
} }
} }

2
TitanEngine/Global.Engine.Hash.h
View File

@ -3,6 +3,6 @@
void HashInit(); void HashInit();
unsigned long EngineCrc32Reflect(unsigned long ulReflect, const char cChar); unsigned long EngineCrc32Reflect(unsigned long ulReflect, const char cChar);
void EngineCrc32PartialCRC(unsigned long *ulCRC, const unsigned char *sData, unsigned long ulDataLength); void EngineCrc32PartialCRC(unsigned long* ulCRC, const unsigned char* sData, unsigned long ulDataLength);
#endif //_GLOBAL_ENGINE_HASH_H #endif //_GLOBAL_ENGINE_HASH_H

86
TitanEngine/Global.Engine.Hider.cpp
View File

@ -8,15 +8,15 @@
// Global.Engine.Hider.functions: // Global.Engine.Hider.functions:
static bool isAtleastVista() static bool isAtleastVista()
{ {
static bool isAtleastVista=false; static bool isAtleastVista = false;
static bool isSet=false; static bool isSet = false;
if(isSet) if(isSet)
return isAtleastVista; return isAtleastVista;
OSVERSIONINFO versionInfo= {0}; OSVERSIONINFO versionInfo = {0};
versionInfo.dwOSVersionInfoSize=sizeof(OSVERSIONINFO); versionInfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
GetVersionEx(&versionInfo); GetVersionEx(&versionInfo);
isAtleastVista=versionInfo.dwMajorVersion >= 6; isAtleastVista = versionInfo.dwMajorVersion >= 6;
isSet=true; isSet = true;
return isAtleastVista; return isAtleastVista;
} }
@ -24,10 +24,10 @@ static bool isAtleastVista()
static bool isWindows64() static bool isWindows64()
{ {
SYSTEM_INFO si = {0}; SYSTEM_INFO si = {0};
typedef void (WINAPI *tGetNativeSystemInfo)(LPSYSTEM_INFO lpSystemInfo); typedef void (WINAPI * tGetNativeSystemInfo)(LPSYSTEM_INFO lpSystemInfo);
tGetNativeSystemInfo _GetNativeSystemInfo = (tGetNativeSystemInfo)GetProcAddress(GetModuleHandleA("kernel32.dll"), "GetNativeSystemInfo"); tGetNativeSystemInfo _GetNativeSystemInfo = (tGetNativeSystemInfo)GetProcAddress(GetModuleHandleA("kernel32.dll"), "GetNativeSystemInfo");
if (_GetNativeSystemInfo) if(_GetNativeSystemInfo)
{ {
_GetNativeSystemInfo(&si); _GetNativeSystemInfo(&si);
} }
@ -45,7 +45,7 @@ static void FixAntidebugApiInProcess(HANDLE hProcess, bool Hide, bool x64)
{ {
0x33, 0xC0, //XOR EAX,EAX 0x33, 0xC0, //XOR EAX,EAX
0xC2, 0x08, 0x00 //RETN 0x8 0xC2, 0x08, 0x00 //RETN 0x8
}; };
const BYTE patchGetTickCount32[3] = const BYTE patchGetTickCount32[3] =
{ {
0x33, 0xC0, //XOR EAX,EAX 0x33, 0xC0, //XOR EAX,EAX
@ -69,17 +69,17 @@ static void FixAntidebugApiInProcess(HANDLE hProcess, bool Hide, bool x64)
if(x64) //x64 patches if(x64) //x64 patches
{ {
patchCheckRemoteDebuggerPresent=patchCheckRemoteDebuggerPresent64; patchCheckRemoteDebuggerPresent = patchCheckRemoteDebuggerPresent64;
patchCheckRemoteDebuggerPresentSize=sizeof(patchCheckRemoteDebuggerPresent64); patchCheckRemoteDebuggerPresentSize = sizeof(patchCheckRemoteDebuggerPresent64);
patchGetTickCount=patchGetTickCount64; patchGetTickCount = patchGetTickCount64;
patchGetTickCountSize=sizeof(patchGetTickCount64); patchGetTickCountSize = sizeof(patchGetTickCount64);
} }
else //x86 patches else //x86 patches
{ {
patchCheckRemoteDebuggerPresent=patchCheckRemoteDebuggerPresent32; patchCheckRemoteDebuggerPresent = patchCheckRemoteDebuggerPresent32;
patchCheckRemoteDebuggerPresentSize=sizeof(patchCheckRemoteDebuggerPresent32); patchCheckRemoteDebuggerPresentSize = sizeof(patchCheckRemoteDebuggerPresent32);
patchGetTickCount=patchGetTickCount32; patchGetTickCount = patchGetTickCount32;
patchGetTickCountSize=sizeof(patchGetTickCount32); patchGetTickCountSize = sizeof(patchGetTickCount32);
} }
ULONG_PTR APIPatchAddress = 0; ULONG_PTR APIPatchAddress = 0;
@ -89,14 +89,14 @@ static void FixAntidebugApiInProcess(HANDLE hProcess, bool Hide, bool x64)
if(Hide) if(Hide)
{ {
APIPatchAddress = EngineGetProcAddressRemote(hProcess, L"kernel32.dll", "CheckRemoteDebuggerPresent"); APIPatchAddress = EngineGetProcAddressRemote(hProcess, L"kernel32.dll", "CheckRemoteDebuggerPresent");
if (VirtualProtectEx(hProcess, (LPVOID)APIPatchAddress, patchCheckRemoteDebuggerPresentSize, PAGE_EXECUTE_READWRITE, &OldProtect)) if(VirtualProtectEx(hProcess, (LPVOID)APIPatchAddress, patchCheckRemoteDebuggerPresentSize, PAGE_EXECUTE_READWRITE, &OldProtect))
{ {
WriteProcessMemory(hProcess, (LPVOID)(APIPatchAddress), &patchCheckRemoteDebuggerPresent, patchCheckRemoteDebuggerPresentSize, &ueNumberOfBytesRead); WriteProcessMemory(hProcess, (LPVOID)(APIPatchAddress), &patchCheckRemoteDebuggerPresent, patchCheckRemoteDebuggerPresentSize, &ueNumberOfBytesRead);
VirtualProtectEx(hProcess, (LPVOID)APIPatchAddress, patchCheckRemoteDebuggerPresentSize, OldProtect, &OldProtect); VirtualProtectEx(hProcess, (LPVOID)APIPatchAddress, patchCheckRemoteDebuggerPresentSize, OldProtect, &OldProtect);
} }
APIPatchAddress = EngineGetProcAddressRemote(hProcess, L"kernel32.dll", "GetTickCount"); APIPatchAddress = EngineGetProcAddressRemote(hProcess, L"kernel32.dll", "GetTickCount");
if (VirtualProtectEx(hProcess, (LPVOID)APIPatchAddress, patchGetTickCountSize, PAGE_EXECUTE_READWRITE, &OldProtect)) if(VirtualProtectEx(hProcess, (LPVOID)APIPatchAddress, patchGetTickCountSize, PAGE_EXECUTE_READWRITE, &OldProtect))
{ {
WriteProcessMemory(hProcess, (LPVOID)(APIPatchAddress), &patchGetTickCount, patchGetTickCountSize, &ueNumberOfBytesRead); WriteProcessMemory(hProcess, (LPVOID)(APIPatchAddress), &patchGetTickCount, patchGetTickCountSize, &ueNumberOfBytesRead);
VirtualProtectEx(hProcess, (LPVOID)APIPatchAddress, patchGetTickCountSize, OldProtect, &OldProtect); VirtualProtectEx(hProcess, (LPVOID)APIPatchAddress, patchGetTickCountSize, OldProtect, &OldProtect);
@ -105,14 +105,14 @@ static void FixAntidebugApiInProcess(HANDLE hProcess, bool Hide, bool x64)
else else
{ {
APIPatchAddress = EngineGetProcAddressRemote(hProcess, L"kernel32.dll", "CheckRemoteDebuggerPresent"); APIPatchAddress = EngineGetProcAddressRemote(hProcess, L"kernel32.dll", "CheckRemoteDebuggerPresent");
if (VirtualProtectEx(hProcess, (LPVOID)APIPatchAddress, patchCheckRemoteDebuggerPresentSize, PAGE_EXECUTE_READWRITE, &OldProtect)) if(VirtualProtectEx(hProcess, (LPVOID)APIPatchAddress, patchCheckRemoteDebuggerPresentSize, PAGE_EXECUTE_READWRITE, &OldProtect))
{ {
WriteProcessMemory(hProcess, (LPVOID)(APIPatchAddress), (void*)GetProcAddress(GetModuleHandleA("kernel32.dll"), "CheckRemoteDebuggerPresent"), patchCheckRemoteDebuggerPresentSize, &ueNumberOfBytesRead); WriteProcessMemory(hProcess, (LPVOID)(APIPatchAddress), (void*)GetProcAddress(GetModuleHandleA("kernel32.dll"), "CheckRemoteDebuggerPresent"), patchCheckRemoteDebuggerPresentSize, &ueNumberOfBytesRead);
VirtualProtectEx(hProcess, (LPVOID)APIPatchAddress, patchCheckRemoteDebuggerPresentSize, OldProtect, &OldProtect); VirtualProtectEx(hProcess, (LPVOID)APIPatchAddress, patchCheckRemoteDebuggerPresentSize, OldProtect, &OldProtect);
} }
APIPatchAddress = EngineGetProcAddressRemote(hProcess, L"kernel32.dll", "GetTickCount"); APIPatchAddress = EngineGetProcAddressRemote(hProcess, L"kernel32.dll", "GetTickCount");
if (VirtualProtectEx(hProcess, (LPVOID)APIPatchAddress, patchGetTickCountSize, PAGE_EXECUTE_READWRITE, &OldProtect)) if(VirtualProtectEx(hProcess, (LPVOID)APIPatchAddress, patchGetTickCountSize, PAGE_EXECUTE_READWRITE, &OldProtect))
{ {
WriteProcessMemory(hProcess, (LPVOID)(APIPatchAddress), (void*)GetProcAddress(GetModuleHandleA("kernel32.dll"), "GetTickCount"), patchGetTickCountSize, &ueNumberOfBytesRead); WriteProcessMemory(hProcess, (LPVOID)(APIPatchAddress), (void*)GetProcAddress(GetModuleHandleA("kernel32.dll"), "GetTickCount"), patchGetTickCountSize, &ueNumberOfBytesRead);
VirtualProtectEx(hProcess, (LPVOID)APIPatchAddress, patchGetTickCountSize, OldProtect, &OldProtect); VirtualProtectEx(hProcess, (LPVOID)APIPatchAddress, patchGetTickCountSize, OldProtect, &OldProtect);
@ -128,9 +128,9 @@ static void FixAntidebugApiInProcess(HANDLE hProcess, bool Hide, bool x64)
static int getHeapFlagsOffset(bool x64) static int getHeapFlagsOffset(bool x64)
{ {
if (x64) //x64 offsets if(x64) //x64 offsets
{ {
if (isAtleastVista()) if(isAtleastVista())
{ {
return 0x70; return 0x70;
} }
@ -141,7 +141,7 @@ static int getHeapFlagsOffset(bool x64)
} }
else //x86 offsets else //x86 offsets
{ {
if (isAtleastVista()) if(isAtleastVista())
{ {
return 0x40; return 0x40;
} }
@ -154,9 +154,9 @@ static int getHeapFlagsOffset(bool x64)
static int getHeapForceFlagsOffset(bool x64) static int getHeapForceFlagsOffset(bool x64)
{ {
if (x64) //x64 offsets if(x64) //x64 offsets
{ {
if (isAtleastVista()) if(isAtleastVista())
{ {
return 0x74; return 0x74;
} }
@ -167,7 +167,7 @@ static int getHeapForceFlagsOffset(bool x64)
} }
else //x86 offsets else //x86 offsets
{ {
if (isAtleastVista()) if(isAtleastVista())
{ {
return 0x44; return 0x44;
} }
@ -182,25 +182,25 @@ static bool FixPebInProcess(HANDLE hProcess, bool Hide)
{ {
PEB_CURRENT myPEB = {0}; PEB_CURRENT myPEB = {0};
SIZE_T ueNumberOfBytesRead = 0; SIZE_T ueNumberOfBytesRead = 0;
void * heapFlagsAddress = 0; void* heapFlagsAddress = 0;
DWORD heapFlags = 0; DWORD heapFlags = 0;
void * heapForceFlagsAddress = 0; void* heapForceFlagsAddress = 0;
DWORD heapForceFlags = 0; DWORD heapForceFlags = 0;
#ifndef _WIN64 #ifndef _WIN64
PEB64 myPEB64 = {0}; PEB64 myPEB64 = {0};
void * AddressOfPEB64 = GetPEBLocation64(hProcess); void* AddressOfPEB64 = GetPEBLocation64(hProcess);
#endif #endif
void * AddressOfPEB = GetPEBLocation(hProcess); void* AddressOfPEB = GetPEBLocation(hProcess);
if (!AddressOfPEB) if(!AddressOfPEB)
return false; return false;
if(ReadProcessMemory(hProcess, AddressOfPEB, (void*)&myPEB, sizeof(PEB_CURRENT), &ueNumberOfBytesRead)) if(ReadProcessMemory(hProcess, AddressOfPEB, (void*)&myPEB, sizeof(PEB_CURRENT), &ueNumberOfBytesRead))
{ {
#ifndef _WIN64 #ifndef _WIN64
if (AddressOfPEB64) if(AddressOfPEB64)
{ {
ReadProcessMemory(hProcess, AddressOfPEB64, (void*)&myPEB64, sizeof(PEB64), &ueNumberOfBytesRead); ReadProcessMemory(hProcess, AddressOfPEB64, (void*)&myPEB64, sizeof(PEB64), &ueNumberOfBytesRead);
} }
@ -219,17 +219,17 @@ static bool FixPebInProcess(HANDLE hProcess, bool Hide)
//TODO: backup heap flags //TODO: backup heap flags
#ifdef _WIN64 #ifdef _WIN64
heapFlagsAddress = (void *)((LONG_PTR)myPEB.ProcessHeap + getHeapFlagsOffset(true)); heapFlagsAddress = (void*)((LONG_PTR)myPEB.ProcessHeap + getHeapFlagsOffset(true));
heapForceFlagsAddress = (void *)((LONG_PTR)myPEB.ProcessHeap + getHeapForceFlagsOffset(true)); heapForceFlagsAddress = (void*)((LONG_PTR)myPEB.ProcessHeap + getHeapForceFlagsOffset(true));
#else #else
heapFlagsAddress = (void *)((LONG_PTR)myPEB.ProcessHeap + getHeapFlagsOffset(false)); heapFlagsAddress = (void*)((LONG_PTR)myPEB.ProcessHeap + getHeapFlagsOffset(false));
heapForceFlagsAddress = (void *)((LONG_PTR)myPEB.ProcessHeap + getHeapForceFlagsOffset(false)); heapForceFlagsAddress = (void*)((LONG_PTR)myPEB.ProcessHeap + getHeapForceFlagsOffset(false));
#endif //_WIN64 #endif //_WIN64
ReadProcessMemory(hProcess, heapFlagsAddress, &heapFlags, sizeof(DWORD), 0); ReadProcessMemory(hProcess, heapFlagsAddress, &heapFlags, sizeof(DWORD), 0);
ReadProcessMemory(hProcess, heapForceFlagsAddress, &heapForceFlags, sizeof(DWORD), 0); ReadProcessMemory(hProcess, heapForceFlagsAddress, &heapForceFlags, sizeof(DWORD), 0);
heapFlags&=HEAP_GROWABLE; heapFlags &= HEAP_GROWABLE;
heapForceFlags=0; heapForceFlags = 0;
WriteProcessMemory(hProcess, heapFlagsAddress, &heapFlags, sizeof(DWORD), 0); WriteProcessMemory(hProcess, heapFlagsAddress, &heapFlags, sizeof(DWORD), 0);
WriteProcessMemory(hProcess, heapForceFlagsAddress, &heapForceFlags, sizeof(DWORD), 0); WriteProcessMemory(hProcess, heapForceFlagsAddress, &heapForceFlags, sizeof(DWORD), 0);
@ -245,7 +245,7 @@ static bool FixPebInProcess(HANDLE hProcess, bool Hide)
if(WriteProcessMemory(hProcess, AddressOfPEB, (void*)&myPEB, sizeof(PEB_CURRENT), &ueNumberOfBytesRead)) if(WriteProcessMemory(hProcess, AddressOfPEB, (void*)&myPEB, sizeof(PEB_CURRENT), &ueNumberOfBytesRead))
{ {
#ifndef _WIN64 #ifndef _WIN64
if (AddressOfPEB64) if(AddressOfPEB64)
{ {
WriteProcessMemory(hProcess, AddressOfPEB64, (void*)&myPEB64, sizeof(PEB64), &ueNumberOfBytesRead); WriteProcessMemory(hProcess, AddressOfPEB64, (void*)&myPEB64, sizeof(PEB64), &ueNumberOfBytesRead);
} }
@ -260,7 +260,7 @@ bool ChangeHideDebuggerState(HANDLE hProcess, DWORD PatchAPILevel, bool Hide)
{ {
if(hProcess) if(hProcess)
{ {
if (FixPebInProcess(hProcess, Hide)) if(FixPebInProcess(hProcess, Hide))
{ {
if(PatchAPILevel == UE_HIDE_BASIC) if(PatchAPILevel == UE_HIDE_BASIC)
{ {
@ -280,11 +280,11 @@ bool ChangeHideDebuggerState(HANDLE hProcess, DWORD PatchAPILevel, bool Hide)
#ifndef _WIN64 #ifndef _WIN64
bool IsThisProcessWow64() bool IsThisProcessWow64()
{ {
typedef BOOL (WINAPI * tIsWow64Process)(HANDLE hProcess,PBOOL Wow64Process); typedef BOOL (WINAPI * tIsWow64Process)(HANDLE hProcess, PBOOL Wow64Process);
BOOL bIsWow64 = FALSE; BOOL bIsWow64 = FALSE;
tIsWow64Process fnIsWow64Process = (tIsWow64Process)GetProcAddress(GetModuleHandleA("kernel32.dll"), "IsWow64Process"); tIsWow64Process fnIsWow64Process = (tIsWow64Process)GetProcAddress(GetModuleHandleA("kernel32.dll"), "IsWow64Process");
if (fnIsWow64Process) if(fnIsWow64Process)
{ {
fnIsWow64Process(GetCurrentProcess(), &bIsWow64); fnIsWow64Process(GetCurrentProcess(), &bIsWow64);
} }

156
TitanEngine/Global.Engine.Importer.cpp
View File

@ -14,32 +14,32 @@ ULONG_PTR EngineGetProcAddressRemote(HANDLE hProcess, const wchar_t* szDLLName,
else else
hProcess = dbgProcessInformation.hProcess; hProcess = dbgProcessInformation.hProcess;
} }
DWORD cbNeeded=0; DWORD cbNeeded = 0;
if(EnumProcessModules(hProcess, 0, 0, &cbNeeded)) if(EnumProcessModules(hProcess, 0, 0, &cbNeeded))
{ {
HMODULE* hMods=(HMODULE*)malloc(cbNeeded*sizeof(HMODULE)); HMODULE* hMods = (HMODULE*)malloc(cbNeeded * sizeof(HMODULE));
if(EnumProcessModules(hProcess, hMods, cbNeeded, &cbNeeded)) if(EnumProcessModules(hProcess, hMods, cbNeeded, &cbNeeded))
{ {
for(unsigned int i=0; i<cbNeeded/sizeof(HMODULE); i++) for(unsigned int i = 0; i < cbNeeded / sizeof(HMODULE); i++)
{ {
wchar_t szModuleName[MAX_PATH]=L""; wchar_t szModuleName[MAX_PATH] = L"";
if(GetModuleFileNameExW(hProcess, hMods[i], szModuleName, _countof(szModuleName))) if(GetModuleFileNameExW(hProcess, hMods[i], szModuleName, _countof(szModuleName)))
{ {
wchar_t* dllName=wcsrchr(szModuleName, L'\\'); wchar_t* dllName = wcsrchr(szModuleName, L'\\');
if(dllName) if(dllName)
{ {
dllName++; dllName++;
if(!_wcsicmp(dllName, szDLLName)) if(!_wcsicmp(dllName, szDLLName))
{ {
HMODULE hModule = LoadLibraryExW(szModuleName, 0, DONT_RESOLVE_DLL_REFERENCES|LOAD_LIBRARY_AS_DATAFILE); HMODULE hModule = LoadLibraryExW(szModuleName, 0, DONT_RESOLVE_DLL_REFERENCES | LOAD_LIBRARY_AS_DATAFILE);
if (hModule) if(hModule)
{ {
ULONG_PTR funcAddress=(ULONG_PTR)GetProcAddress(hModule, szAPIName); ULONG_PTR funcAddress = (ULONG_PTR)GetProcAddress(hModule, szAPIName);
if(funcAddress) if(funcAddress)
{ {
funcAddress-=(ULONG_PTR)hModule; //rva funcAddress -= (ULONG_PTR)hModule; //rva
FreeLibrary(hModule); FreeLibrary(hModule);
return funcAddress+(ULONG_PTR)hMods[i]; //va return funcAddress + (ULONG_PTR)hMods[i]; //va
} }
} }
break; break;
@ -56,7 +56,7 @@ ULONG_PTR EngineGetProcAddressRemote(HANDLE hProcess, const wchar_t* szDLLName,
ULONG_PTR EngineGetProcAddressRemote(HANDLE hProcess, const char* szDLLName, const char* szAPIName) ULONG_PTR EngineGetProcAddressRemote(HANDLE hProcess, const char* szDLLName, const char* szAPIName)
{ {
WCHAR uniDLLName[MAX_PATH] = {0}; WCHAR uniDLLName[MAX_PATH] = {0};
if (MultiByteToWideChar(CP_ACP, NULL, szDLLName, -1, uniDLLName, _countof(uniDLLName))) if(MultiByteToWideChar(CP_ACP, NULL, szDLLName, -1, uniDLLName, _countof(uniDLLName)))
{ {
return EngineGetProcAddressRemote(hProcess, uniDLLName, szAPIName); return EngineGetProcAddressRemote(hProcess, uniDLLName, szAPIName);
} }
@ -75,21 +75,21 @@ ULONG_PTR EngineGetModuleBaseRemote(HANDLE hProcess, ULONG_PTR APIAddress)
else else
hProcess = dbgProcessInformation.hProcess; hProcess = dbgProcessInformation.hProcess;
} }
DWORD cbNeeded=0; DWORD cbNeeded = 0;
if(EnumProcessModules(hProcess, 0, 0, &cbNeeded)) if(EnumProcessModules(hProcess, 0, 0, &cbNeeded))
{ {
HMODULE* hMods=(HMODULE*)malloc(cbNeeded*sizeof(HMODULE)); HMODULE* hMods = (HMODULE*)malloc(cbNeeded * sizeof(HMODULE));
if(EnumProcessModules(hProcess, hMods, cbNeeded, &cbNeeded)) if(EnumProcessModules(hProcess, hMods, cbNeeded, &cbNeeded))
{ {
for(unsigned int i=0; i<cbNeeded/sizeof(HMODULE); i++) for(unsigned int i = 0; i < cbNeeded / sizeof(HMODULE); i++)
{ {
MODULEINFO modinfo; MODULEINFO modinfo;
memset(&modinfo, 0, sizeof(MODULEINFO)); memset(&modinfo, 0, sizeof(MODULEINFO));
if(GetModuleInformation(hProcess, hMods[i], &modinfo, sizeof(MODULEINFO))) if(GetModuleInformation(hProcess, hMods[i], &modinfo, sizeof(MODULEINFO)))
{ {
ULONG_PTR start=(ULONG_PTR)hMods[i]; ULONG_PTR start = (ULONG_PTR)hMods[i];
ULONG_PTR end=start+modinfo.SizeOfImage; ULONG_PTR end = start + modinfo.SizeOfImage;
if(APIAddress>=start && APIAddress<end) if(APIAddress >= start && APIAddress < end)
return start; return start;
} }
} }
@ -108,18 +108,18 @@ ULONG_PTR EngineGetModuleBaseRemote(HANDLE hProcess, const wchar_t* szDLLName)
else else
hProcess = dbgProcessInformation.hProcess; hProcess = dbgProcessInformation.hProcess;
} }
DWORD cbNeeded=0; DWORD cbNeeded = 0;
if(EnumProcessModules(hProcess, 0, 0, &cbNeeded)) if(EnumProcessModules(hProcess, 0, 0, &cbNeeded))
{ {
HMODULE* hMods=(HMODULE*)malloc(cbNeeded*sizeof(HMODULE)); HMODULE* hMods = (HMODULE*)malloc(cbNeeded * sizeof(HMODULE));
if(EnumProcessModules(hProcess, hMods, cbNeeded, &cbNeeded)) if(EnumProcessModules(hProcess, hMods, cbNeeded, &cbNeeded))
{ {
for(unsigned int i=0; i<cbNeeded/sizeof(HMODULE); i++) for(unsigned int i = 0; i < cbNeeded / sizeof(HMODULE); i++)
{ {
wchar_t szModuleName[MAX_PATH]=L""; wchar_t szModuleName[MAX_PATH] = L"";
if(GetModuleFileNameExW(hProcess, hMods[i], szModuleName, _countof(szModuleName))) if(GetModuleFileNameExW(hProcess, hMods[i], szModuleName, _countof(szModuleName)))
{ {
wchar_t* dllName=wcsrchr(szModuleName, L'\\'); wchar_t* dllName = wcsrchr(szModuleName, L'\\');
if(dllName) if(dllName)
{ {
dllName++; dllName++;
@ -139,7 +139,7 @@ ULONG_PTR EngineGetModuleBaseRemote(HANDLE hProcess, const wchar_t* szDLLName)
ULONG_PTR EngineGetModuleBaseRemote(HANDLE hProcess, const char* szDLLName) ULONG_PTR EngineGetModuleBaseRemote(HANDLE hProcess, const char* szDLLName)
{ {
WCHAR uniDLLName[MAX_PATH] = {0}; WCHAR uniDLLName[MAX_PATH] = {0};
if (MultiByteToWideChar(CP_ACP, NULL, szDLLName, -1, uniDLLName, _countof(uniDLLName))) if(MultiByteToWideChar(CP_ACP, NULL, szDLLName, -1, uniDLLName, _countof(uniDLLName)))
{ {
return EngineGetModuleBaseRemote(hProcess, szDLLName); return EngineGetModuleBaseRemote(hProcess, szDLLName);
} }
@ -151,21 +151,21 @@ ULONG_PTR EngineGetModuleBaseRemote(HANDLE hProcess, const char* szDLLName)
ULONG_PTR EngineGetAddressRemote(HANDLE hProcess, ULONG_PTR Address) ULONG_PTR EngineGetAddressRemote(HANDLE hProcess, ULONG_PTR Address)
{ {
HMODULE localModuleBase=(HMODULE)EngineGetModuleBaseRemote(GetCurrentProcess(), Address); HMODULE localModuleBase = (HMODULE)EngineGetModuleBaseRemote(GetCurrentProcess(), Address);
if(localModuleBase) if(localModuleBase)
{ {
wchar_t szModuleName[MAX_PATH]=L""; wchar_t szModuleName[MAX_PATH] = L"";
if(GetModuleFileNameExW(hProcess, localModuleBase, szModuleName, _countof(szModuleName))) if(GetModuleFileNameExW(hProcess, localModuleBase, szModuleName, _countof(szModuleName)))
{ {
wchar_t* dllName=wcsrchr(szModuleName, L'\\'); wchar_t* dllName = wcsrchr(szModuleName, L'\\');
if(dllName) if(dllName)
{ {
dllName++; dllName++;
ULONG_PTR remoteModuleBase=EngineGetModuleBaseRemote(hProcess, dllName); ULONG_PTR remoteModuleBase = EngineGetModuleBaseRemote(hProcess, dllName);
if(remoteModuleBase) if(remoteModuleBase)
{ {
Address-=(ULONG_PTR)localModuleBase; //rva Address -= (ULONG_PTR)localModuleBase; //rva
return Address+remoteModuleBase; return Address + remoteModuleBase;
} }
} }
} }
@ -175,21 +175,21 @@ ULONG_PTR EngineGetAddressRemote(HANDLE hProcess, ULONG_PTR Address)
ULONG_PTR EngineGetAddressLocal(HANDLE hProcess, ULONG_PTR Address) ULONG_PTR EngineGetAddressLocal(HANDLE hProcess, ULONG_PTR Address)
{ {
HMODULE remoteModuleBase=(HMODULE)EngineGetModuleBaseRemote(hProcess, Address); HMODULE remoteModuleBase = (HMODULE)EngineGetModuleBaseRemote(hProcess, Address);
if(remoteModuleBase) if(remoteModuleBase)
{ {
wchar_t szModuleName[MAX_PATH]=L""; wchar_t szModuleName[MAX_PATH] = L"";
if(GetModuleFileNameExW(hProcess, remoteModuleBase, szModuleName, _countof(szModuleName))) if(GetModuleFileNameExW(hProcess, remoteModuleBase, szModuleName, _countof(szModuleName)))
{ {
wchar_t* dllName=wcsrchr(szModuleName, L'\\'); wchar_t* dllName = wcsrchr(szModuleName, L'\\');
if(dllName) if(dllName)
{ {
dllName++; dllName++;
ULONG_PTR localModuleBase=EngineGetModuleBaseRemote(GetCurrentProcess(), dllName); ULONG_PTR localModuleBase = EngineGetModuleBaseRemote(GetCurrentProcess(), dllName);
if(localModuleBase) if(localModuleBase)
{ {
Address-=(ULONG_PTR)remoteModuleBase; //rva Address -= (ULONG_PTR)remoteModuleBase; //rva
return Address+localModuleBase; return Address + localModuleBase;
} }
} }
} }
@ -210,54 +210,54 @@ bool EngineGetAPINameRemote(HANDLE hProcess, ULONG_PTR APIAddress, char* APIName
DWORD FileSize; DWORD FileSize;
HANDLE FileMap; HANDLE FileMap;
ULONG_PTR FileMapVA; ULONG_PTR FileMapVA;
ULONG_PTR ModuleBase=EngineGetModuleBaseRemote(hProcess, APIAddress); ULONG_PTR ModuleBase = EngineGetModuleBaseRemote(hProcess, APIAddress);
if(!ModuleBase) if(!ModuleBase)
return false; return false;
wchar_t szModulePath[MAX_PATH]=L""; wchar_t szModulePath[MAX_PATH] = L"";
if(!GetModuleFileNameExW(hProcess, (HMODULE)ModuleBase, szModulePath, _countof(szModulePath))) if(!GetModuleFileNameExW(hProcess, (HMODULE)ModuleBase, szModulePath, _countof(szModulePath)))
return false; return false;
if(MapFileExW(szModulePath, UE_ACCESS_READ, &FileHandle, &FileSize, &FileMap, &FileMapVA, 0)) if(MapFileExW(szModulePath, UE_ACCESS_READ, &FileHandle, &FileSize, &FileMap, &FileMapVA, 0))
{ {
PIMAGE_DOS_HEADER DOSHeader=(PIMAGE_DOS_HEADER)FileMapVA; PIMAGE_DOS_HEADER DOSHeader = (PIMAGE_DOS_HEADER)FileMapVA;
if(EngineValidateHeader(FileMapVA, NULL, NULL, DOSHeader, true)) if(EngineValidateHeader(FileMapVA, NULL, NULL, DOSHeader, true))
{ {
PIMAGE_NT_HEADERS32 PEHeader32=(PIMAGE_NT_HEADERS32)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew); PIMAGE_NT_HEADERS32 PEHeader32 = (PIMAGE_NT_HEADERS32)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
PIMAGE_NT_HEADERS64 PEHeader64=(PIMAGE_NT_HEADERS64)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew); PIMAGE_NT_HEADERS64 PEHeader64 = (PIMAGE_NT_HEADERS64)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
ULONG_PTR ExportDirectoryVA; ULONG_PTR ExportDirectoryVA;
DWORD ExportDirectorySize; DWORD ExportDirectorySize;
ULONG_PTR ImageBase; ULONG_PTR ImageBase;
if(PEHeader32->OptionalHeader.Magic==IMAGE_NT_OPTIONAL_HDR32_MAGIC) if(PEHeader32->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR32_MAGIC)
{ {
ImageBase=PEHeader32->OptionalHeader.ImageBase; ImageBase = PEHeader32->OptionalHeader.ImageBase;
ExportDirectoryVA=(ULONG_PTR)PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress; ExportDirectoryVA = (ULONG_PTR)PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress;
ExportDirectorySize=(ULONG_PTR)PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size; ExportDirectorySize = (ULONG_PTR)PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size;
} }
else //x64 else //x64
{ {
ImageBase=(ULONG_PTR)PEHeader64->OptionalHeader.ImageBase; ImageBase = (ULONG_PTR)PEHeader64->OptionalHeader.ImageBase;
ExportDirectoryVA=(ULONG_PTR)PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress; ExportDirectoryVA = (ULONG_PTR)PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress;
ExportDirectorySize=(ULONG_PTR)PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size; ExportDirectorySize = (ULONG_PTR)PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size;
} }
PIMAGE_EXPORT_DIRECTORY ExportDirectory=(PIMAGE_EXPORT_DIRECTORY)ConvertVAtoFileOffset(FileMapVA, ExportDirectoryVA+ImageBase, true); PIMAGE_EXPORT_DIRECTORY ExportDirectory = (PIMAGE_EXPORT_DIRECTORY)ConvertVAtoFileOffset(FileMapVA, ExportDirectoryVA + ImageBase, true);
if(ExportDirectory) if(ExportDirectory)
{ {
DWORD* AddrOfFunctions=(DWORD*)ConvertVAtoFileOffset(FileMapVA, ExportDirectory->AddressOfFunctions+ImageBase, true); DWORD* AddrOfFunctions = (DWORD*)ConvertVAtoFileOffset(FileMapVA, ExportDirectory->AddressOfFunctions + ImageBase, true);
DWORD* AddrOfNames=(DWORD*)ConvertVAtoFileOffset(FileMapVA, ExportDirectory->AddressOfNames+ImageBase, true); DWORD* AddrOfNames = (DWORD*)ConvertVAtoFileOffset(FileMapVA, ExportDirectory->AddressOfNames + ImageBase, true);
SHORT* AddrOfNameOrdinals=(SHORT*)ConvertVAtoFileOffset(FileMapVA, ExportDirectory->AddressOfNameOrdinals+ImageBase, true); SHORT* AddrOfNameOrdinals = (SHORT*)ConvertVAtoFileOffset(FileMapVA, ExportDirectory->AddressOfNameOrdinals + ImageBase, true);
if(AddrOfFunctions && AddrOfNames && AddrOfNameOrdinals) if(AddrOfFunctions && AddrOfNames && AddrOfNameOrdinals)
{ {
unsigned int NumberOfNames=ExportDirectory->NumberOfNames; unsigned int NumberOfNames = ExportDirectory->NumberOfNames;
for(unsigned int i=0; i<NumberOfNames; i++) for(unsigned int i = 0; i < NumberOfNames; i++)
{ {
const char* curName=(const char*)ConvertVAtoFileOffset(FileMapVA, AddrOfNames[i]+ImageBase, true); const char* curName = (const char*)ConvertVAtoFileOffset(FileMapVA, AddrOfNames[i] + ImageBase, true);
if(!curName) if(!curName)
continue; continue;
unsigned int curRva=AddrOfFunctions[AddrOfNameOrdinals[i]]; unsigned int curRva = AddrOfFunctions[AddrOfNameOrdinals[i]];
if(curRva<ExportDirectoryVA || curRva>=ExportDirectoryVA+ExportDirectorySize) //non-forwarded exports if(curRva < ExportDirectoryVA || curRva >= ExportDirectoryVA + ExportDirectorySize) //non-forwarded exports
{ {
if(curRva+ModuleBase==APIAddress) if(curRva + ModuleBase == APIAddress)
{ {
if(APIName && APINameSize>strlen(curName)) if(APIName && APINameSize > strlen(curName))
{ {
strcpy(APIName, curName); strcpy(APIName, curName);
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA); UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
@ -265,7 +265,7 @@ bool EngineGetAPINameRemote(HANDLE hProcess, ULONG_PTR APIAddress, char* APIName
} }
if(APINameSizeNeeded) if(APINameSizeNeeded)
{ {
*APINameSizeNeeded=(DWORD)strlen(curName); *APINameSizeNeeded = (DWORD)strlen(curName);
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA); UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return true; return true;
} }
@ -293,50 +293,50 @@ DWORD EngineGetAPIOrdinalRemote(HANDLE hProcess, ULONG_PTR APIAddress)
DWORD FileSize; DWORD FileSize;
HANDLE FileMap; HANDLE FileMap;
ULONG_PTR FileMapVA; ULONG_PTR FileMapVA;
ULONG_PTR ModuleBase=EngineGetModuleBaseRemote(hProcess, APIAddress); ULONG_PTR ModuleBase = EngineGetModuleBaseRemote(hProcess, APIAddress);
if(!ModuleBase) if(!ModuleBase)
return 0; return 0;
wchar_t szModulePath[MAX_PATH]=L""; wchar_t szModulePath[MAX_PATH] = L"";
if(!GetModuleFileNameExW(hProcess, (HMODULE)ModuleBase, szModulePath, _countof(szModulePath))) if(!GetModuleFileNameExW(hProcess, (HMODULE)ModuleBase, szModulePath, _countof(szModulePath)))
return 0; return 0;
if(MapFileExW(szModulePath, UE_ACCESS_READ, &FileHandle, &FileSize, &FileMap, &FileMapVA, 0)) if(MapFileExW(szModulePath, UE_ACCESS_READ, &FileHandle, &FileSize, &FileMap, &FileMapVA, 0))
{ {
PIMAGE_DOS_HEADER DOSHeader=(PIMAGE_DOS_HEADER)FileMapVA; PIMAGE_DOS_HEADER DOSHeader = (PIMAGE_DOS_HEADER)FileMapVA;
if(EngineValidateHeader(FileMapVA, NULL, NULL, DOSHeader, true)) if(EngineValidateHeader(FileMapVA, NULL, NULL, DOSHeader, true))
{ {
PIMAGE_NT_HEADERS32 PEHeader32=(PIMAGE_NT_HEADERS32)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew); PIMAGE_NT_HEADERS32 PEHeader32 = (PIMAGE_NT_HEADERS32)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
PIMAGE_NT_HEADERS64 PEHeader64=(PIMAGE_NT_HEADERS64)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew); PIMAGE_NT_HEADERS64 PEHeader64 = (PIMAGE_NT_HEADERS64)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
ULONG_PTR ExportDirectoryVA; ULONG_PTR ExportDirectoryVA;
DWORD ExportDirectorySize; DWORD ExportDirectorySize;
ULONG_PTR ImageBase; ULONG_PTR ImageBase;
if(PEHeader32->OptionalHeader.Magic==IMAGE_NT_OPTIONAL_HDR32_MAGIC) if(PEHeader32->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR32_MAGIC)
{ {
ImageBase=PEHeader32->OptionalHeader.ImageBase; ImageBase = PEHeader32->OptionalHeader.ImageBase;
ExportDirectoryVA=(ULONG_PTR)PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress; ExportDirectoryVA = (ULONG_PTR)PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress;
ExportDirectorySize=(ULONG_PTR)PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size; ExportDirectorySize = (ULONG_PTR)PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size;
} }
else //x64 else //x64
{ {
ImageBase=(ULONG_PTR)PEHeader64->OptionalHeader.ImageBase; ImageBase = (ULONG_PTR)PEHeader64->OptionalHeader.ImageBase;
ExportDirectoryVA=(ULONG_PTR)PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress; ExportDirectoryVA = (ULONG_PTR)PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress;
ExportDirectorySize=(ULONG_PTR)PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size; ExportDirectorySize = (ULONG_PTR)PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size;
} }
PIMAGE_EXPORT_DIRECTORY ExportDirectory=(PIMAGE_EXPORT_DIRECTORY)ConvertVAtoFileOffset(FileMapVA, ExportDirectoryVA+ImageBase, true); PIMAGE_EXPORT_DIRECTORY ExportDirectory = (PIMAGE_EXPORT_DIRECTORY)ConvertVAtoFileOffset(FileMapVA, ExportDirectoryVA + ImageBase, true);
if(ExportDirectory) if(ExportDirectory)
{ {
DWORD* AddrOfFunctions=(DWORD*)ConvertVAtoFileOffset(FileMapVA, ExportDirectory->AddressOfFunctions+ImageBase, true); DWORD* AddrOfFunctions = (DWORD*)ConvertVAtoFileOffset(FileMapVA, ExportDirectory->AddressOfFunctions + ImageBase, true);
if(AddrOfFunctions) if(AddrOfFunctions)
{ {
unsigned int NumberOfFunctions=ExportDirectory->NumberOfFunctions; unsigned int NumberOfFunctions = ExportDirectory->NumberOfFunctions;
for(unsigned int i=0,j=0; i<NumberOfFunctions; i++) for(unsigned int i = 0, j = 0; i < NumberOfFunctions; i++)
{ {
unsigned int curRva=AddrOfFunctions[i]; unsigned int curRva = AddrOfFunctions[i];
if(!curRva) if(!curRva)
continue; continue;
j++; //ordinal j++; //ordinal
if(curRva<ExportDirectoryVA || curRva>=ExportDirectoryVA+ExportDirectorySize) //non-forwarded exports if(curRva < ExportDirectoryVA || curRva >= ExportDirectoryVA + ExportDirectorySize) //non-forwarded exports
{ {
if(curRva+ModuleBase==APIAddress) if(curRva + ModuleBase == APIAddress)
{ {
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA); UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return j; return j;

12
TitanEngine/Global.Engine.Simplification.cpp
View File

@ -54,7 +54,7 @@ void EngineSimplifyLoadLibraryCallBack()
ImporterAddNewDll(szReadStringData, (ULONG_PTR)GetContextData((DWORD)EngineUnpackerBreakInfo[i].Parameter2)); ImporterAddNewDll(szReadStringData, (ULONG_PTR)GetContextData((DWORD)EngineUnpackerBreakInfo[i].Parameter2));
if(EngineUnpackerOptionLogData) if(EngineUnpackerOptionLogData)
{ {
wsprintfA(szLogBufferData,"[x] LoadLibrary BPX -> %s",szReadStringData); wsprintfA(szLogBufferData, "[x] LoadLibrary BPX -> %s", szReadStringData);
EngineAddUnpackerWindowLogMessage(szLogBufferData); EngineAddUnpackerWindowLogMessage(szLogBufferData);
} }
} }
@ -89,7 +89,7 @@ void EngineSimplifyGetProcAddressCallBack()
ImporterAddNewAPI(szReadStringData, (ULONG_PTR)GetContextData((DWORD)EngineUnpackerBreakInfo[i].Parameter2)); ImporterAddNewAPI(szReadStringData, (ULONG_PTR)GetContextData((DWORD)EngineUnpackerBreakInfo[i].Parameter2));
if(EngineUnpackerOptionLogData) if(EngineUnpackerOptionLogData)
{ {
wsprintfA(szLogBufferData,"[x] GetProcAddress BPX -> %s",szReadStringData); wsprintfA(szLogBufferData, "[x] GetProcAddress BPX -> %s", szReadStringData);
EngineAddUnpackerWindowLogMessage(szLogBufferData); EngineAddUnpackerWindowLogMessage(szLogBufferData);
} }
} }
@ -99,7 +99,7 @@ void EngineSimplifyGetProcAddressCallBack()
ImporterAddNewOrdinalAPI(iParameter1, (ULONG_PTR)GetContextData((DWORD)EngineUnpackerBreakInfo[i].Parameter2)); ImporterAddNewOrdinalAPI(iParameter1, (ULONG_PTR)GetContextData((DWORD)EngineUnpackerBreakInfo[i].Parameter2));
if(EngineUnpackerOptionLogData) if(EngineUnpackerOptionLogData)
{ {
wsprintfA(szLogBufferData,"[x] GetProcAddress BPX -> %08X",iParameter1); wsprintfA(szLogBufferData, "[x] GetProcAddress BPX -> %08X", iParameter1);
EngineAddUnpackerWindowLogMessage(szLogBufferData); EngineAddUnpackerWindowLogMessage(szLogBufferData);
} }
} }
@ -113,7 +113,7 @@ void EngineSimplifyGetProcAddressCallBack()
ImporterAddNewAPI(szReadStringData, (ULONG_PTR)GetContextData((DWORD)EngineUnpackerBreakInfo[i].Parameter2)); ImporterAddNewAPI(szReadStringData, (ULONG_PTR)GetContextData((DWORD)EngineUnpackerBreakInfo[i].Parameter2));
if(EngineUnpackerOptionLogData) if(EngineUnpackerOptionLogData)
{ {
wsprintfA(szLogBufferData,"[x] GetProcAddress BPX -> %s",szReadStringData); wsprintfA(szLogBufferData, "[x] GetProcAddress BPX -> %s", szReadStringData);
EngineAddUnpackerWindowLogMessage(szLogBufferData); EngineAddUnpackerWindowLogMessage(szLogBufferData);
} }
} }
@ -123,7 +123,7 @@ void EngineSimplifyGetProcAddressCallBack()
ImporterAddNewOrdinalAPI(iParameter1, (ULONG_PTR)GetContextData((DWORD)EngineUnpackerBreakInfo[i].Parameter2)); ImporterAddNewOrdinalAPI(iParameter1, (ULONG_PTR)GetContextData((DWORD)EngineUnpackerBreakInfo[i].Parameter2));
if(EngineUnpackerOptionLogData) if(EngineUnpackerOptionLogData)
{ {
wsprintfA(szLogBufferData,"[x] GetProcAddress BPX -> %08X",iParameter1); wsprintfA(szLogBufferData, "[x] GetProcAddress BPX -> %08X", iParameter1);
EngineAddUnpackerWindowLogMessage(szLogBufferData); EngineAddUnpackerWindowLogMessage(szLogBufferData);
} }
} }
@ -206,7 +206,7 @@ void EngineSimplifyEntryPointCallBack()
} }
if(EngineUnpackerOptionLogData) if(EngineUnpackerOptionLogData)
{ {
wsprintfA(szLogBufferData,"[x] Entry Point at: %08X", EngineUnpackerOptionUnpackedOEP); wsprintfA(szLogBufferData, "[x] Entry Point at: %08X", EngineUnpackerOptionUnpackedOEP);
EngineAddUnpackerWindowLogMessage(szLogBufferData); EngineAddUnpackerWindowLogMessage(szLogBufferData);
} }
if(EngineUnpackerFileStatus.FileIsDLL) if(EngineUnpackerFileStatus.FileIsDLL)

10
TitanEngine/Global.Engine.Threading.cpp
View File

@ -9,24 +9,24 @@ static void CriticalSectionInitializeLocks()
{ {
if(bInitDone) if(bInitDone)
return; return;
for(int i=0; i<LockLast; i++) for(int i = 0; i < LockLast; i++)
InitializeCriticalSection(&locks[i]); InitializeCriticalSection(&locks[i]);
bInitDone=true; bInitDone = true;
} }
void CriticalSectionDeleteLocks() void CriticalSectionDeleteLocks()
{ {
if(!bInitDone) if(!bInitDone)
return; return;
for(int i=0; i<LockLast; i++) for(int i = 0; i < LockLast; i++)
DeleteCriticalSection(&locks[i]); DeleteCriticalSection(&locks[i]);
bInitDone=false; bInitDone = false;
} }
CriticalSectionLocker::CriticalSectionLocker(CriticalSectionLock lock) CriticalSectionLocker::CriticalSectionLocker(CriticalSectionLock lock)
{ {
CriticalSectionInitializeLocks(); //initialize critical sections CriticalSectionInitializeLocks(); //initialize critical sections
gLock=lock; gLock = lock;
EnterCriticalSection(&locks[gLock]); EnterCriticalSection(&locks[gLock]);
} }

2
TitanEngine/Global.Engine.Threading.h
View File

@ -16,7 +16,7 @@ public:
~CriticalSectionLocker(); ~CriticalSectionLocker();
void unlock(); void unlock();
void relock(); void relock();
private: private:
CriticalSectionLock gLock; CriticalSectionLock gLock;
}; };

78
TitanEngine/Global.Engine.cpp
View File

@ -42,7 +42,7 @@ void EngineInit()
i--; i--;
if(i) if(i)
{ {
engineSzEngineFolder[i]=L'\0'; engineSzEngineFolder[i] = L'\0';
lstrcpyW(engineSzEngineGarbageFolder, engineSzEngineFolder); lstrcpyW(engineSzEngineGarbageFolder, engineSzEngineFolder);
lstrcatW(engineSzEngineGarbageFolder, L"\\garbage\\"); lstrcatW(engineSzEngineGarbageFolder, L"\\garbage\\");
CreateDirectoryW(engineSzEngineGarbageFolder, 0); CreateDirectoryW(engineSzEngineGarbageFolder, 0);
@ -106,24 +106,24 @@ bool EngineFileExists(char* szFileName)
void EngineCreatePathForFile(char* szFileName) void EngineCreatePathForFile(char* szFileName)
{ {
int len=lstrlenA(szFileName); int len = lstrlenA(szFileName);
while(szFileName[len]!='\\' && len) while(szFileName[len] != '\\' && len)
len--; len--;
char szFolderName[MAX_PATH]=""; char szFolderName[MAX_PATH] = "";
lstrcpyA(szFolderName, szFileName); lstrcpyA(szFolderName, szFileName);
if(len) if(len)
szFolderName[len+1]='\0'; szFolderName[len + 1] = '\0';
else //just a filename else //just a filename
return; return;
lstrcatA(szFolderName, "\\"); lstrcatA(szFolderName, "\\");
len=lstrlenA(szFolderName); len = lstrlenA(szFolderName);
char szCreateFolder[MAX_PATH]=""; char szCreateFolder[MAX_PATH] = "";
for(int i=3; i<len; i++) for(int i = 3; i < len; i++)
{ {
if(szFolderName[i]=='\\') if(szFolderName[i] == '\\')
{ {
lstrcpyA(szCreateFolder, szFolderName); lstrcpyA(szCreateFolder, szFolderName);
szCreateFolder[i]='\0'; szCreateFolder[i] = '\0';
CreateDirectoryA(szCreateFolder, 0); CreateDirectoryA(szCreateFolder, 0);
} }
} }
@ -131,23 +131,23 @@ void EngineCreatePathForFile(char* szFileName)
void EngineCreatePathForFileW(wchar_t* szFileName) void EngineCreatePathForFileW(wchar_t* szFileName)
{ {
int len=lstrlenW(szFileName); int len = lstrlenW(szFileName);
while(szFileName[len]!=L'\\' && len) while(szFileName[len] != L'\\' && len)
len--; len--;
wchar_t szFolderName[MAX_PATH]=L""; wchar_t szFolderName[MAX_PATH] = L"";
lstrcpyW(szFolderName, szFileName); lstrcpyW(szFolderName, szFileName);
if(len) if(len)
szFolderName[len+1]=L'\0'; szFolderName[len + 1] = L'\0';
else //just a filename else //just a filename
return; return;
len=lstrlenW(szFolderName); len = lstrlenW(szFolderName);
wchar_t szCreateFolder[MAX_PATH]=L""; wchar_t szCreateFolder[MAX_PATH] = L"";
for(int i=3; i<len; i++) for(int i = 3; i < len; i++)
{ {
if(szFolderName[i]=='\\') if(szFolderName[i] == '\\')
{ {
lstrcpyW(szCreateFolder, szFolderName); lstrcpyW(szCreateFolder, szFolderName);
szCreateFolder[i]='\0'; szCreateFolder[i] = '\0';
CreateDirectoryW(szCreateFolder, 0); CreateDirectoryW(szCreateFolder, 0);
} }
} }
@ -168,7 +168,7 @@ wchar_t* EngineExtractFileNameW(wchar_t* szFileName)
} }
if(szFileName[i] == 0x5C) if(szFileName[i] == 0x5C)
{ {
int len=lstrlenW(szFileName); int len = lstrlenW(szFileName);
for(j = i + 1; j <= len; j++) for(j = i + 1; j <= len; j++)
{ {
engineExtractedFileNameW[x] = szFileName[j]; engineExtractedFileNameW[x] = szFileName[j];
@ -455,14 +455,14 @@ bool EngineExtractResource(char* szResourceName, wchar_t* szExtractedFileName)
bool EngineIsDependencyPresent(char* szFileName, char* szDependencyForFile, char* szPresentInFolder) bool EngineIsDependencyPresent(char* szFileName, char* szDependencyForFile, char* szPresentInFolder)
{ {
int i,j; int i, j;
HANDLE hFile; HANDLE hFile;
char szTryFileName[512] = {0}; char szTryFileName[512] = {0};
if(szPresentInFolder != NULL && szFileName != NULL) if(szPresentInFolder != NULL && szFileName != NULL)
{ {
lstrcpyA(szTryFileName, szPresentInFolder); lstrcpyA(szTryFileName, szPresentInFolder);
if(szTryFileName[lstrlenA(szTryFileName)-1] != 0x5C) if(szTryFileName[lstrlenA(szTryFileName) - 1] != 0x5C)
{ {
szTryFileName[lstrlenA(szTryFileName)] = 0x5C; szTryFileName[lstrlenA(szTryFileName)] = 0x5C;
} }
@ -532,14 +532,14 @@ bool EngineIsDependencyPresent(char* szFileName, char* szDependencyForFile, char
bool EngineIsDependencyPresentW(wchar_t* szFileName, wchar_t* szDependencyForFile, wchar_t* szPresentInFolder) bool EngineIsDependencyPresentW(wchar_t* szFileName, wchar_t* szDependencyForFile, wchar_t* szPresentInFolder)
{ {
int i,j; int i, j;
HANDLE hFile; HANDLE hFile;
wchar_t szTryFileName[512] = {0}; wchar_t szTryFileName[512] = {0};
if(szPresentInFolder != NULL) if(szPresentInFolder != NULL)
{ {
lstrcpyW(szTryFileName, szPresentInFolder); lstrcpyW(szTryFileName, szPresentInFolder);
if(szTryFileName[lstrlenW(szTryFileName)-1] != 0x5C) if(szTryFileName[lstrlenW(szTryFileName) - 1] != 0x5C)
{ {
szTryFileName[lstrlenW(szTryFileName)] = 0x5C; szTryFileName[lstrlenW(szTryFileName)] = 0x5C;
} }
@ -610,13 +610,13 @@ bool EngineGetDependencyLocation(char* szFileName, char* szDependencyForFile, vo
{ {
wchar_t uniFileName[MAX_PATH] = {0}; wchar_t uniFileName[MAX_PATH] = {0};
wchar_t uniDependencyForFile[MAX_PATH] = {0}; wchar_t uniDependencyForFile[MAX_PATH] = {0};
wchar_t * uniLocationOfTheFile = (WCHAR *)malloc(sizeof(WCHAR) * MaxStringSize); wchar_t* uniLocationOfTheFile = (WCHAR*)malloc(sizeof(WCHAR) * MaxStringSize);
MultiByteToWideChar(CP_ACP, NULL, szFileName, -1, uniFileName, _countof(uniFileName)); MultiByteToWideChar(CP_ACP, NULL, szFileName, -1, uniFileName, _countof(uniFileName));
MultiByteToWideChar(CP_ACP, NULL, szDependencyForFile, -1, uniDependencyForFile, _countof(uniDependencyForFile)); MultiByteToWideChar(CP_ACP, NULL, szDependencyForFile, -1, uniDependencyForFile, _countof(uniDependencyForFile));
if (EngineGetDependencyLocationW(uniFileName, uniDependencyForFile, uniLocationOfTheFile, MaxStringSize)) if(EngineGetDependencyLocationW(uniFileName, uniDependencyForFile, uniLocationOfTheFile, MaxStringSize))
{ {
bool retVal = (WideCharToMultiByte(CP_ACP, NULL, uniLocationOfTheFile, -1, (char *)szLocationOfTheFile, MaxStringSize, NULL, NULL) != 0); bool retVal = (WideCharToMultiByte(CP_ACP, NULL, uniLocationOfTheFile, -1, (char*)szLocationOfTheFile, MaxStringSize, NULL, NULL) != 0);
free(uniLocationOfTheFile); free(uniLocationOfTheFile);
return retVal; return retVal;
} }
@ -627,7 +627,7 @@ bool EngineGetDependencyLocation(char* szFileName, char* szDependencyForFile, vo
bool EngineGetDependencyLocationW(wchar_t* szFileName, wchar_t* szDependencyForFile, void* szLocationOfTheFile, int MaxStringSize) bool EngineGetDependencyLocationW(wchar_t* szFileName, wchar_t* szDependencyForFile, void* szLocationOfTheFile, int MaxStringSize)
{ {
int i,j; int i, j;
HANDLE hFile; HANDLE hFile;
wchar_t szTryFileName[512] = {0}; wchar_t szTryFileName[512] = {0};
@ -796,7 +796,7 @@ bool EngineValidateHeader(ULONG_PTR FileMapVA, HANDLE hFileProc, LPVOID ImageBas
DWORD MemorySize = NULL; DWORD MemorySize = NULL;
PIMAGE_NT_HEADERS PEHeader; PIMAGE_NT_HEADERS PEHeader;
IMAGE_NT_HEADERS RemotePEHeader; IMAGE_NT_HEADERS RemotePEHeader;
MEMORY_BASIC_INFORMATION MemoryInfo= {0}; MEMORY_BASIC_INFORMATION MemoryInfo = {0};
ULONG_PTR NumberOfBytesRW = NULL; ULONG_PTR NumberOfBytesRW = NULL;
if(IsFile) if(IsFile)
@ -966,7 +966,7 @@ ULONG_PTR EngineSimulateDllLoader(HANDLE hProcess, char* szFileName)
{ {
WCHAR uniFileName[MAX_PATH] = {0}; WCHAR uniFileName[MAX_PATH] = {0};
if (hProcess && szFileName) if(hProcess && szFileName)
{ {
MultiByteToWideChar(CP_ACP, NULL, szFileName, -1, uniFileName, _countof(uniFileName)); MultiByteToWideChar(CP_ACP, NULL, szFileName, -1, uniFileName, _countof(uniFileName));
return EngineSimulateDllLoaderW(hProcess, uniFileName); return EngineSimulateDllLoaderW(hProcess, uniFileName);
@ -992,9 +992,9 @@ ULONG_PTR EngineSimulateDllLoaderW(HANDLE hProcess, wchar_t* szFileName)
PIMAGE_EXPORT_DIRECTORY PEExports; PIMAGE_EXPORT_DIRECTORY PEExports;
PEXPORTED_DATA ExportedFunctionNames; PEXPORTED_DATA ExportedFunctionNames;
ULONG_PTR ConvertedExport = NULL; ULONG_PTR ConvertedExport = NULL;
WCHAR szFileRemoteProc[1024]= {0}; WCHAR szFileRemoteProc[1024] = {0};
WCHAR szDLLFileLocation[512]= {0}; WCHAR szDLLFileLocation[512] = {0};
WCHAR* szTranslatedProcName=0; WCHAR* szTranslatedProcName = 0;
GetProcessImageFileNameW(hProcess, szFileRemoteProc, _countof(szFileRemoteProc)); GetProcessImageFileNameW(hProcess, szFileRemoteProc, _countof(szFileRemoteProc));
@ -1271,11 +1271,11 @@ ULONG_PTR EngineGlobalAPIHandler(HANDLE handleProcess, ULONG_PTR EnumedModulesBa
HANDLE hProcess = NULL; HANDLE hProcess = NULL;
ULONG_PTR EnumeratedModules[0x1000] = {0}; ULONG_PTR EnumeratedModules[0x1000] = {0};
ULONG_PTR LoadedModules[1000][4] = {0}; ULONG_PTR LoadedModules[1000][4] = {0};
char RemoteDLLName[MAX_PATH]= {0}; char RemoteDLLName[MAX_PATH] = {0};
char FullRemoteDLLName[MAX_PATH]= {0}; char FullRemoteDLLName[MAX_PATH] = {0};
char szWindowsSideBySide[MAX_PATH]= {0}; char szWindowsSideBySide[MAX_PATH] = {0};
char szWindowsSideBySideCmp[MAX_PATH]= {0}; char szWindowsSideBySideCmp[MAX_PATH] = {0};
char szWindowsKernelBase[MAX_PATH]= {0}; char szWindowsKernelBase[MAX_PATH] = {0};
HANDLE hLoadedModule = NULL; HANDLE hLoadedModule = NULL;
HANDLE ModuleHandle = NULL; HANDLE ModuleHandle = NULL;
PIMAGE_DOS_HEADER DOSHeader; PIMAGE_DOS_HEADER DOSHeader;
@ -2008,7 +2008,7 @@ ULONG_PTR EngineGlobalAPIHandler(HANDLE handleProcess, ULONG_PTR EnumedModulesBa
{ {
if(ReturnType == UE_OPTION_IMPORTER_RETURN_API_ORDINAL_NUMBER || ReturnType == UE_OPTION_IMPORTER_RETURN_FORWARDER_API_ORDINAL_NUMBER) if(ReturnType == UE_OPTION_IMPORTER_RETURN_API_ORDINAL_NUMBER || ReturnType == UE_OPTION_IMPORTER_RETURN_FORWARDER_API_ORDINAL_NUMBER)
{ {
return((ULONG_PTR)-1); return((ULONG_PTR) - 1);
} }
else else
{ {

2
TitanEngine/Global.Handle.cpp
View File

@ -6,7 +6,7 @@
bool EngineCloseHandle(HANDLE myHandle) bool EngineCloseHandle(HANDLE myHandle)
{ {
DWORD HandleFlags; DWORD HandleFlags;
if(GetHandleInformation(myHandle, &HandleFlags) && (HandleFlags&HANDLE_FLAG_PROTECT_FROM_CLOSE)!=HANDLE_FLAG_PROTECT_FROM_CLOSE) if(GetHandleInformation(myHandle, &HandleFlags) && (HandleFlags & HANDLE_FLAG_PROTECT_FROM_CLOSE) != HANDLE_FLAG_PROTECT_FROM_CLOSE)
return !!CloseHandle(myHandle); return !!CloseHandle(myHandle);
return false; return false;
} }

12
TitanEngine/Global.Helper.cpp
View File

@ -3,7 +3,7 @@
bool IsStrEqual( const char* const a, const char* const b, bool considercase/*=true*/ ) bool IsStrEqual(const char* const a, const char* const b, bool considercase/*=true*/)
{ {
const int stringlen = (int)std::strlen(a); const int stringlen = (int)std::strlen(a);
if(stringlen != std::strlen(b)) if(stringlen != std::strlen(b))
@ -12,13 +12,13 @@ bool IsStrEqual( const char* const a, const char* const b, bool considercase/*=t
if(considercase) if(considercase)
{ {
//plain old strcmp //plain old strcmp
return std::strcmp(a, b)==0; return std::strcmp(a, b) == 0;
} }
else else
{ {
for(int i=0; i<stringlen; i++) for(int i = 0; i < stringlen; i++)
{ {
if (tolower(a[i]) != tolower(b[i])) if(tolower(a[i]) != tolower(b[i]))
return false; return false;
} }
@ -26,7 +26,7 @@ bool IsStrEqual( const char* const a, const char* const b, bool considercase/*=t
} }
} }
void* MemAlloc( size_t sz ) void* MemAlloc(size_t sz)
{ {
void* r = malloc(sz); void* r = malloc(sz);
if(r) if(r)
@ -34,7 +34,7 @@ void* MemAlloc( size_t sz )
return r; return r;
} }
void MemFree( void* mem ) void MemFree(void* mem)
{ {
free(mem); free(mem);
} }

14
TitanEngine/Global.Helper.h
View File

@ -10,7 +10,7 @@ a : string 1
b : string 2 b : string 2
considercase : casesensitivity considercase : casesensitivity
*/ */
bool IsStrEqual(const char* const a, const char* const b, bool considercase=true); bool IsStrEqual(const char* const a, const char* const b, bool considercase = true);
/* /*
A basic dynamic buffer, exception free. A basic dynamic buffer, exception free.
@ -18,7 +18,7 @@ A basic dynamic buffer, exception free.
class DynBuf class DynBuf
{ {
public: public:
DynBuf(size_t sz=0) DynBuf(size_t sz = 0)
{ {
Allocate(sz); Allocate(sz);
} }
@ -26,7 +26,7 @@ public:
void* Allocate(size_t sz) void* Allocate(size_t sz)
{ {
void* r=NULL; void* r = NULL;
try try
{ {
if(Size() < sz) if(Size() < sz)
@ -52,11 +52,11 @@ public:
{ {
mem.clear(); mem.clear();
} }
DynBufVec& GetVector() DynBufVec & GetVector()
{ {
return mem; return mem;
} }
const DynBufVec& GetVector() const const DynBufVec & GetVector() const
{ {
return mem; return mem;
} }
@ -67,11 +67,11 @@ public:
protected: protected:
char& operator[](std::size_t idx) char & operator[](std::size_t idx)
{ {
return mem[idx]; return mem[idx];
}; };
const char& operator[](std::size_t idx) const const char & operator[](std::size_t idx) const
{ {
return mem[idx]; return mem[idx];
}; };

42
TitanEngine/Global.Injector.cpp
View File

@ -10,11 +10,11 @@ long injectedRemoteLoadLibrary(LPVOID Parameter)
PInjectCodeData APIData = (PInjectCodeData)Parameter; PInjectCodeData APIData = (PInjectCodeData)Parameter;
Parameter = (LPVOID)((ULONG_PTR)Parameter + sizeof InjectCodeData); Parameter = (LPVOID)((ULONG_PTR)Parameter + sizeof InjectCodeData);
#if !defined(_WIN64) #if !defined(_WIN64)
typedef ULONG_PTR(WINAPI *fLoadLibraryW)(LPCWSTR fLibraryName); typedef ULONG_PTR(WINAPI * fLoadLibraryW)(LPCWSTR fLibraryName);
typedef ULONG_PTR(WINAPI *fVirtualFree)(LPVOID fMemBase, SIZE_T fMemSize, DWORD fFreeType); typedef ULONG_PTR(WINAPI * fVirtualFree)(LPVOID fMemBase, SIZE_T fMemSize, DWORD fFreeType);
#else #else
typedef ULONG_PTR(__fastcall *fLoadLibraryW)(LPCWSTR fLibraryName); typedef ULONG_PTR(__fastcall * fLoadLibraryW)(LPCWSTR fLibraryName);
typedef ULONG_PTR(__fastcall *fVirtualFree)(LPVOID fMemBase, SIZE_T fMemSize, DWORD fFreeType); typedef ULONG_PTR(__fastcall * fVirtualFree)(LPVOID fMemBase, SIZE_T fMemSize, DWORD fFreeType);
#endif #endif
fLoadLibraryW cLoadLibraryW = (fLoadLibraryW)(APIData->fLoadLibrary); fLoadLibraryW cLoadLibraryW = (fLoadLibraryW)(APIData->fLoadLibrary);
fVirtualFree cVirtualFree = (fVirtualFree)(APIData->fVirtualFree); fVirtualFree cVirtualFree = (fVirtualFree)(APIData->fVirtualFree);
@ -33,11 +33,11 @@ long injectedRemoteFreeLibrary(LPVOID Parameter)
PInjectCodeData APIData = (PInjectCodeData)Parameter; PInjectCodeData APIData = (PInjectCodeData)Parameter;
#if !defined(_WIN64) #if !defined(_WIN64)
typedef ULONG_PTR(WINAPI *fFreeLibrary)(HMODULE fLibBase); typedef ULONG_PTR(WINAPI * fFreeLibrary)(HMODULE fLibBase);
typedef ULONG_PTR(WINAPI *fVirtualFree)(LPVOID fMemBase, SIZE_T fMemSize, DWORD fFreeType); typedef ULONG_PTR(WINAPI * fVirtualFree)(LPVOID fMemBase, SIZE_T fMemSize, DWORD fFreeType);
#else #else
typedef ULONG_PTR(__fastcall *fFreeLibrary)(HMODULE fLibBase); typedef ULONG_PTR(__fastcall * fFreeLibrary)(HMODULE fLibBase);
typedef ULONG_PTR(__fastcall *fVirtualFree)(LPVOID fMemBase, SIZE_T fMemSize, DWORD fFreeType); typedef ULONG_PTR(__fastcall * fVirtualFree)(LPVOID fMemBase, SIZE_T fMemSize, DWORD fFreeType);
#endif #endif
fFreeLibrary cFreeLibrary = (fFreeLibrary)(APIData->fFreeLibrary); fFreeLibrary cFreeLibrary = (fFreeLibrary)(APIData->fFreeLibrary);
fVirtualFree cVirtualFree = (fVirtualFree)(APIData->fVirtualFree); fVirtualFree cVirtualFree = (fVirtualFree)(APIData->fVirtualFree);
@ -58,13 +58,13 @@ long injectedRemoteFreeLibrarySimple(LPVOID Parameter)
LPVOID orgParameter = Parameter; LPVOID orgParameter = Parameter;
Parameter = (LPVOID)((ULONG_PTR)Parameter + sizeof InjectCodeData); Parameter = (LPVOID)((ULONG_PTR)Parameter + sizeof InjectCodeData);
#if !defined(_WIN64) #if !defined(_WIN64)
typedef ULONG_PTR(WINAPI *fFreeLibrary)(HMODULE fLibBase); typedef ULONG_PTR(WINAPI * fFreeLibrary)(HMODULE fLibBase);
typedef HMODULE(WINAPI *fGetModuleHandleW)(LPCWSTR fLibraryName); typedef HMODULE(WINAPI * fGetModuleHandleW)(LPCWSTR fLibraryName);
typedef ULONG_PTR(WINAPI *fVirtualFree)(LPVOID fMemBase, SIZE_T fMemSize, DWORD fFreeType); typedef ULONG_PTR(WINAPI * fVirtualFree)(LPVOID fMemBase, SIZE_T fMemSize, DWORD fFreeType);
#else #else
typedef ULONG_PTR(__fastcall *fFreeLibrary)(HMODULE fLibBase); typedef ULONG_PTR(__fastcall * fFreeLibrary)(HMODULE fLibBase);
typedef HMODULE(__fastcall *fGetModuleHandleW)(LPCWSTR fLibraryName); typedef HMODULE(__fastcall * fGetModuleHandleW)(LPCWSTR fLibraryName);
typedef ULONG_PTR(__fastcall *fVirtualFree)(LPVOID fMemBase, SIZE_T fMemSize, DWORD fFreeType); typedef ULONG_PTR(__fastcall * fVirtualFree)(LPVOID fMemBase, SIZE_T fMemSize, DWORD fFreeType);
#endif #endif
fGetModuleHandleW cGetModuleHandleW = (fGetModuleHandleW)(APIData->fGetModuleHandle); fGetModuleHandleW cGetModuleHandleW = (fGetModuleHandleW)(APIData->fGetModuleHandle);
fFreeLibrary cFreeLibrary = (fFreeLibrary)(APIData->fFreeLibrary); fFreeLibrary cFreeLibrary = (fFreeLibrary)(APIData->fFreeLibrary);
@ -93,9 +93,9 @@ long injectedExitProcess(LPVOID Parameter)
PInjectCodeData APIData = (PInjectCodeData)Parameter; PInjectCodeData APIData = (PInjectCodeData)Parameter;
#if !defined(_WIN64) #if !defined(_WIN64)
typedef ULONG_PTR(WINAPI *fExitProcess)(DWORD fExitCode); typedef ULONG_PTR(WINAPI * fExitProcess)(DWORD fExitCode);
#else #else
typedef ULONG_PTR(__fastcall *fExitProcess)(DWORD fExitCode); typedef ULONG_PTR(__fastcall * fExitProcess)(DWORD fExitCode);
#endif #endif
fExitProcess cExitProcess = (fExitProcess)(APIData->fExitProcess); fExitProcess cExitProcess = (fExitProcess)(APIData->fExitProcess);
long retValue = NULL; long retValue = NULL;
@ -126,16 +126,16 @@ long injectedImpRec(LPVOID Parameter)
HANDLE hFileMap; HANDLE hFileMap;
PInjectImpRecCodeData APIData = (PInjectImpRecCodeData)Parameter; PInjectImpRecCodeData APIData = (PInjectImpRecCodeData)Parameter;
LPVOID szFileName = (LPVOID)((ULONG_PTR)Parameter + sizeof InjectImpRecCodeData); LPVOID szFileName = (LPVOID)((ULONG_PTR)Parameter + sizeof InjectImpRecCodeData);
typedef ULONG_PTR(__cdecl *fTrace)(DWORD hFileMap, DWORD dwSizeMap, DWORD dwTimeOut, DWORD dwToTrace, DWORD dwExactCall); typedef ULONG_PTR(__cdecl * fTrace)(DWORD hFileMap, DWORD dwSizeMap, DWORD dwTimeOut, DWORD dwToTrace, DWORD dwExactCall);
typedef HANDLE(WINAPI *fCreateFileW)(LPCWSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile); typedef HANDLE(WINAPI * fCreateFileW)(LPCWSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile);
typedef HANDLE(WINAPI *fCreateFileMappingA)(HANDLE hFile, LPSECURITY_ATTRIBUTES lpFileMappingAttributes, DWORD flProtect, DWORD dwMaximumSizeHigh, DWORD dwMaximumSizeLow, LPCSTR lpName); typedef HANDLE(WINAPI * fCreateFileMappingA)(HANDLE hFile, LPSECURITY_ATTRIBUTES lpFileMappingAttributes, DWORD flProtect, DWORD dwMaximumSizeHigh, DWORD dwMaximumSizeLow, LPCSTR lpName);
typedef BOOL(__cdecl *fCloseHandle)(HANDLE hHandle); typedef BOOL(__cdecl * fCloseHandle)(HANDLE hHandle);
fTrace cTrace = (fTrace)(APIData->fTrace); fTrace cTrace = (fTrace)(APIData->fTrace);
fCreateFileW cCreateFileW = (fCreateFileW)(APIData->fCreateFileA); fCreateFileW cCreateFileW = (fCreateFileW)(APIData->fCreateFileA);
fCloseHandle cCloseHandle = (fCloseHandle)(APIData->fCloseHandle); fCloseHandle cCloseHandle = (fCloseHandle)(APIData->fCloseHandle);
fCreateFileMappingA cCreateFileMappingA = (fCreateFileMappingA)(APIData->fCreateFileMappingA); fCreateFileMappingA cCreateFileMappingA = (fCreateFileMappingA)(APIData->fCreateFileMappingA);
hFile = cCreateFileW((LPCWSTR)szFileName, GENERIC_READ+GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); hFile = cCreateFileW((LPCWSTR)szFileName, GENERIC_READ + GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
if(hFile != INVALID_HANDLE_VALUE) if(hFile != INVALID_HANDLE_VALUE)
{ {
hFileMap = cCreateFileMappingA(hFile, NULL, 4, NULL, 0x100, NULL); hFileMap = cCreateFileMappingA(hFile, NULL, 4, NULL, 0x100, NULL);

14
TitanEngine/Global.Mapping.cpp
View File

@ -24,13 +24,13 @@ bool MapFileEx(char* szFileName, DWORD ReadOrWrite, LPHANDLE FileHandle, LPDWORD
} }
else if(ReadOrWrite == UE_ACCESS_ALL) else if(ReadOrWrite == UE_ACCESS_ALL)
{ {
FileAccess = GENERIC_READ+GENERIC_WRITE+GENERIC_EXECUTE; FileAccess = GENERIC_READ + GENERIC_WRITE + GENERIC_EXECUTE;
FileMapType = PAGE_EXECUTE_READWRITE; FileMapType = PAGE_EXECUTE_READWRITE;
FileMapViewType = FILE_MAP_WRITE; FileMapViewType = FILE_MAP_WRITE;
} }
else else
{ {
FileAccess = GENERIC_READ+GENERIC_WRITE+GENERIC_EXECUTE; FileAccess = GENERIC_READ + GENERIC_WRITE + GENERIC_EXECUTE;
FileMapType = PAGE_EXECUTE_READWRITE; FileMapType = PAGE_EXECUTE_READWRITE;
FileMapViewType = FILE_MAP_ALL_ACCESS; FileMapViewType = FILE_MAP_ALL_ACCESS;
} }
@ -39,7 +39,7 @@ bool MapFileEx(char* szFileName, DWORD ReadOrWrite, LPHANDLE FileHandle, LPDWORD
if(hFile != INVALID_HANDLE_VALUE) if(hFile != INVALID_HANDLE_VALUE)
{ {
*FileHandle = hFile; *FileHandle = hFile;
DWORD mfFileSize = GetFileSize(hFile,NULL); DWORD mfFileSize = GetFileSize(hFile, NULL);
mfFileSize = mfFileSize + SizeModifier; mfFileSize = mfFileSize + SizeModifier;
*FileSize = mfFileSize; *FileSize = mfFileSize;
HANDLE mfFileMap = CreateFileMappingA(hFile, NULL, FileMapType, NULL, mfFileSize, NULL); HANDLE mfFileMap = CreateFileMappingA(hFile, NULL, FileMapType, NULL, mfFileSize, NULL);
@ -85,13 +85,13 @@ bool MapFileExW(wchar_t* szFileName, DWORD ReadOrWrite, LPHANDLE FileHandle, LPD
} }
else if(ReadOrWrite == UE_ACCESS_ALL) else if(ReadOrWrite == UE_ACCESS_ALL)
{ {
FileAccess = GENERIC_READ+GENERIC_WRITE+GENERIC_EXECUTE; FileAccess = GENERIC_READ + GENERIC_WRITE + GENERIC_EXECUTE;
FileMapType = PAGE_EXECUTE_READWRITE; FileMapType = PAGE_EXECUTE_READWRITE;
FileMapViewType = FILE_MAP_WRITE; FileMapViewType = FILE_MAP_WRITE;
} }
else else
{ {
FileAccess = GENERIC_READ+GENERIC_WRITE+GENERIC_EXECUTE; FileAccess = GENERIC_READ + GENERIC_WRITE + GENERIC_EXECUTE;
FileMapType = PAGE_EXECUTE_READWRITE; FileMapType = PAGE_EXECUTE_READWRITE;
FileMapViewType = FILE_MAP_ALL_ACCESS; FileMapViewType = FILE_MAP_ALL_ACCESS;
} }
@ -100,7 +100,7 @@ bool MapFileExW(wchar_t* szFileName, DWORD ReadOrWrite, LPHANDLE FileHandle, LPD
if(hFile != INVALID_HANDLE_VALUE) if(hFile != INVALID_HANDLE_VALUE)
{ {
*FileHandle = hFile; *FileHandle = hFile;
DWORD mfFileSize = GetFileSize(hFile,NULL); DWORD mfFileSize = GetFileSize(hFile, NULL);
mfFileSize = mfFileSize + SizeModifier; mfFileSize = mfFileSize + SizeModifier;
*FileSize = mfFileSize; *FileSize = mfFileSize;
HANDLE mfFileMap = CreateFileMappingA(hFile, NULL, FileMapType, NULL, mfFileSize, NULL); HANDLE mfFileMap = CreateFileMappingA(hFile, NULL, FileMapType, NULL, mfFileSize, NULL);
@ -131,7 +131,7 @@ void UnMapFileEx(HANDLE FileHandle, DWORD FileSize, HANDLE FileMap, ULONG_PTR Fi
if(UnmapViewOfFile((void*)FileMapVA)) if(UnmapViewOfFile((void*)FileMapVA))
{ {
EngineCloseHandle(FileMap); EngineCloseHandle(FileMap);
SetFilePointer(FileHandle,FileSize,NULL,FILE_BEGIN); SetFilePointer(FileHandle, FileSize, NULL, FILE_BEGIN);
SetEndOfFile(FileHandle); SetEndOfFile(FileHandle);
EngineCloseHandle(FileHandle); EngineCloseHandle(FileHandle);
} }

16
TitanEngine/Global.OEPFinder.cpp
View File

@ -17,10 +17,10 @@ void GenericOEPVirtualProtectHit()
DWORD NewProtect = 0; DWORD NewProtect = 0;
DWORD OldProtect = 0; DWORD OldProtect = 0;
int bpcount=(int)BreakPointBuffer.size(); int bpcount = (int)BreakPointBuffer.size();
for(int i=0; i<bpcount; i++) for(int i = 0; i < bpcount; i++)
{ {
BreakPointDetail curDetail=BreakPointBuffer.at(i); BreakPointDetail curDetail = BreakPointBuffer.at(i);
if(curDetail.BreakPointType == UE_MEMORY && curDetail.BreakPointActive == UE_BPXACTIVE) if(curDetail.BreakPointType == UE_MEMORY && curDetail.BreakPointActive == UE_BPXACTIVE)
{ {
VirtualQueryEx(dbgProcessInformation.hProcess, (LPVOID)curDetail.BreakPointAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); VirtualQueryEx(dbgProcessInformation.hProcess, (LPVOID)curDetail.BreakPointAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
@ -39,7 +39,7 @@ void GenericOEPTraceHit()
{ {
char* szInstructionType; char* szInstructionType;
typedef void(TITCALL *fEPCallBack)(); typedef void(TITCALL * fEPCallBack)();
fEPCallBack myEPCallBack = (fEPCallBack)glbEntryTracerData.EPCallBack; fEPCallBack myEPCallBack = (fEPCallBack)glbEntryTracerData.EPCallBack;
LPDEBUG_EVENT myDbgEvent = (LPDEBUG_EVENT)GetDebugData(); LPDEBUG_EVENT myDbgEvent = (LPDEBUG_EVENT)GetDebugData();
@ -59,7 +59,7 @@ void GenericOEPTraceHited()
bool FakeEPDetected = false; bool FakeEPDetected = false;
ULONG_PTR NumberOfBytesRW; ULONG_PTR NumberOfBytesRW;
LPDEBUG_EVENT myDbgEvent = (LPDEBUG_EVENT)GetDebugData(); LPDEBUG_EVENT myDbgEvent = (LPDEBUG_EVENT)GetDebugData();
typedef void(TITCALL *fEPCallBack)(); typedef void(TITCALL * fEPCallBack)();
fEPCallBack myEPCallBack = (fEPCallBack)glbEntryTracerData.EPCallBack; fEPCallBack myEPCallBack = (fEPCallBack)glbEntryTracerData.EPCallBack;
PMEMORY_COMPARE_HANDLER myCmpHandler; PMEMORY_COMPARE_HANDLER myCmpHandler;
ULONG_PTR memBpxAddress; ULONG_PTR memBpxAddress;
@ -98,11 +98,11 @@ void GenericOEPTraceHited()
if(ReadProcessMemory(dbgProcessInformation.hProcess, (void*)(glbEntryTracerData.CurrentIntructionPointer), lpHashBuffer, MAXIMUM_INSTRUCTION_SIZE, &NumberOfBytesRW)) if(ReadProcessMemory(dbgProcessInformation.hProcess, (void*)(glbEntryTracerData.CurrentIntructionPointer), lpHashBuffer, MAXIMUM_INSTRUCTION_SIZE, &NumberOfBytesRW))
{ {
myCmpHandler = (PMEMORY_COMPARE_HANDLER)(lpHashBuffer); myCmpHandler = (PMEMORY_COMPARE_HANDLER)(lpHashBuffer);
if(myCmpHandler->Array.bArrayEntry[0] == 0xC3) // RET if(myCmpHandler->Array.bArrayEntry[0] == 0xC3) // RET
{ {
FakeEPDetected = true; FakeEPDetected = true;
} }
else if(myCmpHandler->Array.bArrayEntry[0] == 0x33 && myCmpHandler->Array.bArrayEntry[1] == 0xC0 && myCmpHandler->Array.bArrayEntry[2] == 0xC3) // XOR EAX,EAX; RET else if(myCmpHandler->Array.bArrayEntry[0] == 0x33 && myCmpHandler->Array.bArrayEntry[1] == 0xC0 && myCmpHandler->Array.bArrayEntry[2] == 0xC3) // XOR EAX,EAX; RET
{ {
FakeEPDetected = true; FakeEPDetected = true;
} }
@ -201,7 +201,7 @@ void GenericOEPTraceInit()
int i; int i;
void* lpHashBuffer; void* lpHashBuffer;
ULONG_PTR NumberOfBytesRW; ULONG_PTR NumberOfBytesRW;
typedef void(TITCALL *fInitCallBack)(); typedef void(TITCALL * fInitCallBack)();
fInitCallBack myInitCallBack = (fInitCallBack)glbEntryTracerData.InitCallBack; fInitCallBack myInitCallBack = (fInitCallBack)glbEntryTracerData.InitCallBack;
if(glbEntryTracerData.FileIsDLL) if(glbEntryTracerData.FileIsDLL)

238
TitanEngine/LzmaDec.cpp
View File

@ -135,9 +135,9 @@ Out:
= kMatchSpecLenStart + 2 : State Init Marker = kMatchSpecLenStart + 2 : State Init Marker
*/ */
static int MY_FAST_CALL LzmaDec_DecodeReal(CLzmaDec *p, SizeT limit, const Byte *bufLimit) static int MY_FAST_CALL LzmaDec_DecodeReal(CLzmaDec* p, SizeT limit, const Byte* bufLimit)
{ {
CLzmaProb *probs = p->probs; CLzmaProb* probs = p->probs;
unsigned state = p->state; unsigned state = p->state;
UInt32 rep0 = p->reps[0], rep1 = p->reps[1], rep2 = p->reps[2], rep3 = p->reps[3]; UInt32 rep0 = p->reps[0], rep1 = p->reps[1], rep2 = p->reps[2], rep3 = p->reps[3];
@ -145,7 +145,7 @@ static int MY_FAST_CALL LzmaDec_DecodeReal(CLzmaDec *p, SizeT limit, const Byte
unsigned lpMask = ((unsigned)1 << (p->prop.lp)) - 1; unsigned lpMask = ((unsigned)1 << (p->prop.lp)) - 1;
unsigned lc = p->prop.lc; unsigned lc = p->prop.lc;
Byte *dic = p->dic; Byte* dic = p->dic;
SizeT dicBufSize = p->dicBufSize; SizeT dicBufSize = p->dicBufSize;
SizeT dicPos = p->dicPos; SizeT dicPos = p->dicPos;
@ -153,13 +153,13 @@ static int MY_FAST_CALL LzmaDec_DecodeReal(CLzmaDec *p, SizeT limit, const Byte
UInt32 checkDicSize = p->checkDicSize; UInt32 checkDicSize = p->checkDicSize;
unsigned len = 0; unsigned len = 0;
const Byte *buf = p->buf; const Byte* buf = p->buf;
UInt32 range = p->range; UInt32 range = p->range;
UInt32 code = p->code; UInt32 code = p->code;
do do
{ {
CLzmaProb *prob; CLzmaProb* prob;
UInt32 bound; UInt32 bound;
unsigned ttt; unsigned ttt;
unsigned posState = processedPos & pbMask; unsigned posState = processedPos & pbMask;
@ -170,18 +170,18 @@ static int MY_FAST_CALL LzmaDec_DecodeReal(CLzmaDec *p, SizeT limit, const Byte
unsigned symbol; unsigned symbol;
UPDATE_0(prob); UPDATE_0(prob);
prob = probs + Literal; prob = probs + Literal;
if (checkDicSize != 0 || processedPos != 0) if(checkDicSize != 0 || processedPos != 0)
prob += (LZMA_LIT_SIZE * (((processedPos & lpMask) << lc) + prob += (LZMA_LIT_SIZE * (((processedPos & lpMask) << lc) +
(dic[(dicPos == 0 ? dicBufSize : dicPos) - 1] >> (8 - lc)))); (dic[(dicPos == 0 ? dicBufSize : dicPos) - 1] >> (8 - lc))));
if (state < kNumLitStates) if(state < kNumLitStates)
{ {
symbol = 1; symbol = 1;
do do
{ {
GET_BIT(prob + symbol, symbol) GET_BIT(prob + symbol, symbol)
} }
while (symbol < 0x100); while(symbol < 0x100);
} }
else else
{ {
@ -191,13 +191,13 @@ static int MY_FAST_CALL LzmaDec_DecodeReal(CLzmaDec *p, SizeT limit, const Byte
do do
{ {
unsigned bit; unsigned bit;
CLzmaProb *probLit; CLzmaProb* probLit;
matchByte <<= 1; matchByte <<= 1;
bit = (matchByte & offs); bit = (matchByte & offs);
probLit = prob + offs + bit + symbol; probLit = prob + offs + bit + symbol;
GET_BIT2(probLit, symbol, offs &= ~bit, offs &= bit) GET_BIT2(probLit, symbol, offs &= ~bit, offs &= bit)
} }
while (symbol < 0x100); while(symbol < 0x100);
} }
dic[dicPos++] = (Byte)symbol; dic[dicPos++] = (Byte)symbol;
processedPos++; processedPos++;
@ -219,7 +219,7 @@ static int MY_FAST_CALL LzmaDec_DecodeReal(CLzmaDec *p, SizeT limit, const Byte
else else
{ {
UPDATE_1(prob); UPDATE_1(prob);
if (checkDicSize == 0 && processedPos == 0) if(checkDicSize == 0 && processedPos == 0)
return SZ_ERROR_DATA; return SZ_ERROR_DATA;
prob = probs + IsRepG0 + state; prob = probs + IsRepG0 + state;
IF_BIT_0(prob) IF_BIT_0(prob)
@ -272,7 +272,7 @@ static int MY_FAST_CALL LzmaDec_DecodeReal(CLzmaDec *p, SizeT limit, const Byte
} }
{ {
unsigned limit, offset; unsigned limit, offset;
CLzmaProb *probLen = prob + LenChoice; CLzmaProb* probLen = prob + LenChoice;
IF_BIT_0(probLen) IF_BIT_0(probLen)
{ {
UPDATE_0(probLen); UPDATE_0(probLen);
@ -303,18 +303,18 @@ static int MY_FAST_CALL LzmaDec_DecodeReal(CLzmaDec *p, SizeT limit, const Byte
len += offset; len += offset;
} }
if (state >= kNumStates) if(state >= kNumStates)
{ {
UInt32 distance; UInt32 distance;
prob = probs + PosSlot + prob = probs + PosSlot +
((len < kNumLenToPosStates ? len : kNumLenToPosStates - 1) << kNumPosSlotBits); ((len < kNumLenToPosStates ? len : kNumLenToPosStates - 1) << kNumPosSlotBits);
TREE_6_DECODE(prob, distance); TREE_6_DECODE(prob, distance);
if (distance >= kStartPosModelIndex) if(distance >= kStartPosModelIndex)
{ {
unsigned posSlot = (unsigned)distance; unsigned posSlot = (unsigned)distance;
int numDirectBits = (int)(((distance >> 1) - 1)); int numDirectBits = (int)(((distance >> 1) - 1));
distance = (2 | (distance & 1)); distance = (2 | (distance & 1));
if (posSlot < kEndPosModelIndex) if(posSlot < kEndPosModelIndex)
{ {
distance <<= numDirectBits; distance <<= numDirectBits;
prob = probs + SpecPos + distance - posSlot - 1; prob = probs + SpecPos + distance - posSlot - 1;
@ -326,7 +326,7 @@ static int MY_FAST_CALL LzmaDec_DecodeReal(CLzmaDec *p, SizeT limit, const Byte
GET_BIT2(prob + i, i, ; , distance |= mask); GET_BIT2(prob + i, i, ; , distance |= mask);
mask <<= 1; mask <<= 1;
} }
while (--numDirectBits != 0); while(--numDirectBits != 0);
} }
} }
else else
@ -353,7 +353,7 @@ static int MY_FAST_CALL LzmaDec_DecodeReal(CLzmaDec *p, SizeT limit, const Byte
} }
*/ */
} }
while (--numDirectBits != 0); while(--numDirectBits != 0);
prob = probs + Align; prob = probs + Align;
distance <<= kNumAlignBits; distance <<= kNumAlignBits;
{ {
@ -363,7 +363,7 @@ static int MY_FAST_CALL LzmaDec_DecodeReal(CLzmaDec *p, SizeT limit, const Byte
GET_BIT2(prob + i, i, ; , distance |= 4); GET_BIT2(prob + i, i, ; , distance |= 4);
GET_BIT2(prob + i, i, ; , distance |= 8); GET_BIT2(prob + i, i, ; , distance |= 8);
} }
if (distance == (UInt32)0xFFFFFFFF) if(distance == (UInt32)0xFFFFFFFF)
{ {
len += kMatchSpecLenStart; len += kMatchSpecLenStart;
state -= kNumStates; state -= kNumStates;
@ -375,12 +375,12 @@ static int MY_FAST_CALL LzmaDec_DecodeReal(CLzmaDec *p, SizeT limit, const Byte
rep2 = rep1; rep2 = rep1;
rep1 = rep0; rep1 = rep0;
rep0 = distance + 1; rep0 = distance + 1;
if (checkDicSize == 0) if(checkDicSize == 0)
{ {
if (distance >= processedPos) if(distance >= processedPos)
return SZ_ERROR_DATA; return SZ_ERROR_DATA;
} }
else if (distance >= checkDicSize) else if(distance >= checkDicSize)
return SZ_ERROR_DATA; return SZ_ERROR_DATA;
state = (state < kNumStates + kNumLitStates) ? kNumLitStates : kNumLitStates + 3; state = (state < kNumStates + kNumLitStates) ? kNumLitStates : kNumLitStates + 3;
/* state = kLiteralNextStates[state]; */ /* state = kLiteralNextStates[state]; */
@ -388,7 +388,7 @@ static int MY_FAST_CALL LzmaDec_DecodeReal(CLzmaDec *p, SizeT limit, const Byte
len += kMatchMinLen; len += kMatchMinLen;
if (limit == dicPos) if(limit == dicPos)
return SZ_ERROR_DATA; return SZ_ERROR_DATA;
{ {
SizeT rem = limit - dicPos; SizeT rem = limit - dicPos;
@ -398,30 +398,30 @@ static int MY_FAST_CALL LzmaDec_DecodeReal(CLzmaDec *p, SizeT limit, const Byte
processedPos += curLen; processedPos += curLen;
len -= curLen; len -= curLen;
if (pos + curLen <= dicBufSize) if(pos + curLen <= dicBufSize)
{ {
Byte *dest = dic + dicPos; Byte* dest = dic + dicPos;
ptrdiff_t src = (ptrdiff_t)pos - (ptrdiff_t)dicPos; ptrdiff_t src = (ptrdiff_t)pos - (ptrdiff_t)dicPos;
const Byte *lim = dest + curLen; const Byte* lim = dest + curLen;
dicPos += curLen; dicPos += curLen;
do do
*(dest) = (Byte)*(dest + src); *(dest) = (Byte) * (dest + src);
while (++dest != lim); while(++dest != lim);
} }
else else
{ {
do do
{ {
dic[dicPos++] = dic[pos]; dic[dicPos++] = dic[pos];
if (++pos == dicBufSize) if(++pos == dicBufSize)
pos = 0; pos = 0;
} }
while (--curLen != 0); while(--curLen != 0);
} }
} }
} }
} }
while (dicPos < limit && buf < bufLimit); while(dicPos < limit && buf < bufLimit);
NORMALIZE; NORMALIZE;
p->buf = buf; p->buf = buf;
p->range = range; p->range = range;
@ -438,24 +438,24 @@ static int MY_FAST_CALL LzmaDec_DecodeReal(CLzmaDec *p, SizeT limit, const Byte
return SZ_OK; return SZ_OK;
} }
static void MY_FAST_CALL LzmaDec_WriteRem(CLzmaDec *p, SizeT limit) static void MY_FAST_CALL LzmaDec_WriteRem(CLzmaDec* p, SizeT limit)
{ {
if (p->remainLen != 0 && p->remainLen < kMatchSpecLenStart) if(p->remainLen != 0 && p->remainLen < kMatchSpecLenStart)
{ {
Byte *dic = p->dic; Byte* dic = p->dic;
SizeT dicPos = p->dicPos; SizeT dicPos = p->dicPos;
SizeT dicBufSize = p->dicBufSize; SizeT dicBufSize = p->dicBufSize;
unsigned len = p->remainLen; unsigned len = p->remainLen;
UInt32 rep0 = p->reps[0]; UInt32 rep0 = p->reps[0];
if (limit - dicPos < len) if(limit - dicPos < len)
len = (unsigned)(limit - dicPos); len = (unsigned)(limit - dicPos);
if (p->checkDicSize == 0 && p->prop.dicSize - p->processedPos <= len) if(p->checkDicSize == 0 && p->prop.dicSize - p->processedPos <= len)
p->checkDicSize = p->prop.dicSize; p->checkDicSize = p->prop.dicSize;
p->processedPos += len; p->processedPos += len;
p->remainLen -= len; p->remainLen -= len;
while (len-- != 0) while(len-- != 0)
{ {
dic[dicPos] = dic[(dicPos - rep0) + ((dicPos < rep0) ? dicBufSize : 0)]; dic[dicPos] = dic[(dicPos - rep0) + ((dicPos < rep0) ? dicBufSize : 0)];
dicPos++; dicPos++;
@ -464,25 +464,25 @@ static void MY_FAST_CALL LzmaDec_WriteRem(CLzmaDec *p, SizeT limit)
} }
} }
static int MY_FAST_CALL LzmaDec_DecodeReal2(CLzmaDec *p, SizeT limit, const Byte *bufLimit) static int MY_FAST_CALL LzmaDec_DecodeReal2(CLzmaDec* p, SizeT limit, const Byte* bufLimit)
{ {
do do
{ {
SizeT limit2 = limit; SizeT limit2 = limit;
if (p->checkDicSize == 0) if(p->checkDicSize == 0)
{ {
UInt32 rem = p->prop.dicSize - p->processedPos; UInt32 rem = p->prop.dicSize - p->processedPos;
if (limit - p->dicPos > rem) if(limit - p->dicPos > rem)
limit2 = p->dicPos + rem; limit2 = p->dicPos + rem;
} }
RINOK(LzmaDec_DecodeReal(p, limit2, bufLimit)); RINOK(LzmaDec_DecodeReal(p, limit2, bufLimit));
if (p->processedPos >= p->prop.dicSize) if(p->processedPos >= p->prop.dicSize)
p->checkDicSize = p->prop.dicSize; p->checkDicSize = p->prop.dicSize;
LzmaDec_WriteRem(p, limit); LzmaDec_WriteRem(p, limit);
} }
while (p->dicPos < limit && p->buf < bufLimit && p->remainLen < kMatchSpecLenStart); while(p->dicPos < limit && p->buf < bufLimit && p->remainLen < kMatchSpecLenStart);
if (p->remainLen > kMatchSpecLenStart) if(p->remainLen > kMatchSpecLenStart)
{ {
p->remainLen = kMatchSpecLenStart; p->remainLen = kMatchSpecLenStart;
} }
@ -497,17 +497,17 @@ typedef enum
DUMMY_REP DUMMY_REP
} ELzmaDummy; } ELzmaDummy;
static ELzmaDummy LzmaDec_TryDummy(const CLzmaDec *p, const Byte *buf, SizeT inSize) static ELzmaDummy LzmaDec_TryDummy(const CLzmaDec* p, const Byte* buf, SizeT inSize)
{ {
UInt32 range = p->range; UInt32 range = p->range;
UInt32 code = p->code; UInt32 code = p->code;
const Byte *bufLimit = buf + inSize; const Byte* bufLimit = buf + inSize;
CLzmaProb *probs = p->probs; CLzmaProb* probs = p->probs;
unsigned state = p->state; unsigned state = p->state;
ELzmaDummy res; ELzmaDummy res;
{ {
CLzmaProb *prob; CLzmaProb* prob;
UInt32 bound; UInt32 bound;
unsigned ttt; unsigned ttt;
unsigned posState = (p->processedPos) & ((1 << p->prop.pb) - 1); unsigned posState = (p->processedPos) & ((1 << p->prop.pb) - 1);
@ -520,19 +520,19 @@ static ELzmaDummy LzmaDec_TryDummy(const CLzmaDec *p, const Byte *buf, SizeT inS
/* if (bufLimit - buf >= 7) return DUMMY_LIT; */ /* if (bufLimit - buf >= 7) return DUMMY_LIT; */
prob = probs + Literal; prob = probs + Literal;
if (p->checkDicSize != 0 || p->processedPos != 0) if(p->checkDicSize != 0 || p->processedPos != 0)
prob += (LZMA_LIT_SIZE * prob += (LZMA_LIT_SIZE *
((((p->processedPos) & ((1 << (p->prop.lp)) - 1)) << p->prop.lc) + ((((p->processedPos) & ((1 << (p->prop.lp)) - 1)) << p->prop.lc) +
(p->dic[(p->dicPos == 0 ? p->dicBufSize : p->dicPos) - 1] >> (8 - p->prop.lc)))); (p->dic[(p->dicPos == 0 ? p->dicBufSize : p->dicPos) - 1] >> (8 - p->prop.lc))));
if (state < kNumLitStates) if(state < kNumLitStates)
{ {
unsigned symbol = 1; unsigned symbol = 1;
do do
{ {
GET_BIT_CHECK(prob + symbol, symbol) GET_BIT_CHECK(prob + symbol, symbol)
} }
while (symbol < 0x100); while(symbol < 0x100);
} }
else else
{ {
@ -543,13 +543,13 @@ static ELzmaDummy LzmaDec_TryDummy(const CLzmaDec *p, const Byte *buf, SizeT inS
do do
{ {
unsigned bit; unsigned bit;
CLzmaProb *probLit; CLzmaProb* probLit;
matchByte <<= 1; matchByte <<= 1;
bit = (matchByte & offs); bit = (matchByte & offs);
probLit = prob + offs + bit + symbol; probLit = prob + offs + bit + symbol;
GET_BIT2_CHECK(probLit, symbol, offs &= ~bit, offs &= bit) GET_BIT2_CHECK(probLit, symbol, offs &= ~bit, offs &= bit)
} }
while (symbol < 0x100); while(symbol < 0x100);
} }
res = DUMMY_LIT; res = DUMMY_LIT;
} }
@ -613,7 +613,7 @@ static ELzmaDummy LzmaDec_TryDummy(const CLzmaDec *p, const Byte *buf, SizeT inS
} }
{ {
unsigned limit, offset; unsigned limit, offset;
CLzmaProb *probLen = prob + LenChoice; CLzmaProb* probLen = prob + LenChoice;
IF_BIT_0_CHECK(probLen) IF_BIT_0_CHECK(probLen)
{ {
UPDATE_0_CHECK; UPDATE_0_CHECK;
@ -644,20 +644,20 @@ static ELzmaDummy LzmaDec_TryDummy(const CLzmaDec *p, const Byte *buf, SizeT inS
len += offset; len += offset;
} }
if (state < 4) if(state < 4)
{ {
unsigned posSlot; unsigned posSlot;
prob = probs + PosSlot + prob = probs + PosSlot +
((len < kNumLenToPosStates ? len : kNumLenToPosStates - 1) << ((len < kNumLenToPosStates ? len : kNumLenToPosStates - 1) <<
kNumPosSlotBits); kNumPosSlotBits);
TREE_DECODE_CHECK(prob, 1 << kNumPosSlotBits, posSlot); TREE_DECODE_CHECK(prob, 1 << kNumPosSlotBits, posSlot);
if (posSlot >= kStartPosModelIndex) if(posSlot >= kStartPosModelIndex)
{ {
int numDirectBits = ((posSlot >> 1) - 1); int numDirectBits = ((posSlot >> 1) - 1);
/* if (bufLimit - buf >= 8) return DUMMY_MATCH; */ /* if (bufLimit - buf >= 8) return DUMMY_MATCH; */
if (posSlot < kEndPosModelIndex) if(posSlot < kEndPosModelIndex)
{ {
prob = probs + SpecPos + ((2 | (posSlot & 1)) << numDirectBits) - posSlot - 1; prob = probs + SpecPos + ((2 | (posSlot & 1)) << numDirectBits) - posSlot - 1;
} }
@ -671,7 +671,7 @@ static ELzmaDummy LzmaDec_TryDummy(const CLzmaDec *p, const Byte *buf, SizeT inS
code -= range & (((code - range) >> 31) - 1); code -= range & (((code - range) >> 31) - 1);
/* if (code >= range) code -= range; */ /* if (code >= range) code -= range; */
} }
while (--numDirectBits != 0); while(--numDirectBits != 0);
prob = probs + Align; prob = probs + Align;
numDirectBits = kNumAlignBits; numDirectBits = kNumAlignBits;
} }
@ -681,7 +681,7 @@ static ELzmaDummy LzmaDec_TryDummy(const CLzmaDec *p, const Byte *buf, SizeT inS
{ {
GET_BIT_CHECK(prob + i, i); GET_BIT_CHECK(prob + i, i);
} }
while (--numDirectBits != 0); while(--numDirectBits != 0);
} }
} }
} }
@ -692,49 +692,49 @@ static ELzmaDummy LzmaDec_TryDummy(const CLzmaDec *p, const Byte *buf, SizeT inS
} }
static void LzmaDec_InitRc(CLzmaDec *p, const Byte *data) static void LzmaDec_InitRc(CLzmaDec* p, const Byte* data)
{ {
p->code = ((UInt32)data[1] << 24) | ((UInt32)data[2] << 16) | ((UInt32)data[3] << 8) | ((UInt32)data[4]); p->code = ((UInt32)data[1] << 24) | ((UInt32)data[2] << 16) | ((UInt32)data[3] << 8) | ((UInt32)data[4]);
p->range = 0xFFFFFFFF; p->range = 0xFFFFFFFF;
p->needFlush = 0; p->needFlush = 0;
} }
void LzmaDec_InitDicAndState(CLzmaDec *p, Bool initDic, Bool initState) void LzmaDec_InitDicAndState(CLzmaDec* p, Bool initDic, Bool initState)
{ {
p->needFlush = 1; p->needFlush = 1;
p->remainLen = 0; p->remainLen = 0;
p->tempBufSize = 0; p->tempBufSize = 0;
if (initDic) if(initDic)
{ {
p->processedPos = 0; p->processedPos = 0;
p->checkDicSize = 0; p->checkDicSize = 0;
p->needInitState = 1; p->needInitState = 1;
} }
if (initState) if(initState)
p->needInitState = 1; p->needInitState = 1;
} }
void LzmaDec_Init(CLzmaDec *p) void LzmaDec_Init(CLzmaDec* p)
{ {
p->dicPos = 0; p->dicPos = 0;
LzmaDec_InitDicAndState(p, True, True); LzmaDec_InitDicAndState(p, True, True);
} }
static void LzmaDec_InitStateReal(CLzmaDec *p) static void LzmaDec_InitStateReal(CLzmaDec* p)
{ {
UInt32 numProbs = Literal + ((UInt32)LZMA_LIT_SIZE << (p->prop.lc + p->prop.lp)); UInt32 numProbs = Literal + ((UInt32)LZMA_LIT_SIZE << (p->prop.lc + p->prop.lp));
UInt32 i; UInt32 i;
CLzmaProb *probs = p->probs; CLzmaProb* probs = p->probs;
for (i = 0; i < numProbs; i++) for(i = 0; i < numProbs; i++)
probs[i] = kBitModelTotal >> 1; probs[i] = kBitModelTotal >> 1;
p->reps[0] = p->reps[1] = p->reps[2] = p->reps[3] = 1; p->reps[0] = p->reps[1] = p->reps[2] = p->reps[3] = 1;
p->state = 0; p->state = 0;
p->needInitState = 0; p->needInitState = 0;
} }
SRes LzmaDec_DecodeToDic(CLzmaDec *p, SizeT dicLimit, const Byte *src, SizeT *srcLen, SRes LzmaDec_DecodeToDic(CLzmaDec* p, SizeT dicLimit, const Byte* src, SizeT* srcLen,
ELzmaFinishMode finishMode, ELzmaStatus *status) ELzmaFinishMode finishMode, ELzmaStatus* status)
{ {
SizeT inSize = *srcLen; SizeT inSize = *srcLen;
(*srcLen) = 0; (*srcLen) = 0;
@ -742,20 +742,20 @@ SRes LzmaDec_DecodeToDic(CLzmaDec *p, SizeT dicLimit, const Byte *src, SizeT *sr
*status = LZMA_STATUS_NOT_SPECIFIED; *status = LZMA_STATUS_NOT_SPECIFIED;
while (p->remainLen != kMatchSpecLenStart) while(p->remainLen != kMatchSpecLenStart)
{ {
int checkEndMarkNow; int checkEndMarkNow;
if (p->needFlush != 0) if(p->needFlush != 0)
{ {
for (; inSize > 0 && p->tempBufSize < RC_INIT_SIZE; (*srcLen)++, inSize--) for(; inSize > 0 && p->tempBufSize < RC_INIT_SIZE; (*srcLen)++, inSize--)
p->tempBuf[p->tempBufSize++] = *src++; p->tempBuf[p->tempBufSize++] = *src++;
if (p->tempBufSize < RC_INIT_SIZE) if(p->tempBufSize < RC_INIT_SIZE)
{ {
*status = LZMA_STATUS_NEEDS_MORE_INPUT; *status = LZMA_STATUS_NEEDS_MORE_INPUT;
return SZ_OK; return SZ_OK;
} }
if (p->tempBuf[0] != 0) if(p->tempBuf[0] != 0)
return SZ_ERROR_DATA; return SZ_ERROR_DATA;
LzmaDec_InitRc(p, p->tempBuf); LzmaDec_InitRc(p, p->tempBuf);
@ -763,19 +763,19 @@ SRes LzmaDec_DecodeToDic(CLzmaDec *p, SizeT dicLimit, const Byte *src, SizeT *sr
} }
checkEndMarkNow = 0; checkEndMarkNow = 0;
if (p->dicPos >= dicLimit) if(p->dicPos >= dicLimit)
{ {
if (p->remainLen == 0 && p->code == 0) if(p->remainLen == 0 && p->code == 0)
{ {
*status = LZMA_STATUS_MAYBE_FINISHED_WITHOUT_MARK; *status = LZMA_STATUS_MAYBE_FINISHED_WITHOUT_MARK;
return SZ_OK; return SZ_OK;
} }
if (finishMode == LZMA_FINISH_ANY) if(finishMode == LZMA_FINISH_ANY)
{ {
*status = LZMA_STATUS_NOT_FINISHED; *status = LZMA_STATUS_NOT_FINISHED;
return SZ_OK; return SZ_OK;
} }
if (p->remainLen != 0) if(p->remainLen != 0)
{ {
*status = LZMA_STATUS_NOT_FINISHED; *status = LZMA_STATUS_NOT_FINISHED;
return SZ_ERROR_DATA; return SZ_ERROR_DATA;
@ -783,17 +783,17 @@ SRes LzmaDec_DecodeToDic(CLzmaDec *p, SizeT dicLimit, const Byte *src, SizeT *sr
checkEndMarkNow = 1; checkEndMarkNow = 1;
} }
if (p->needInitState) if(p->needInitState)
LzmaDec_InitStateReal(p); LzmaDec_InitStateReal(p);
if (p->tempBufSize == 0) if(p->tempBufSize == 0)
{ {
SizeT processed; SizeT processed;
const Byte *bufLimit; const Byte* bufLimit;
if (inSize < LZMA_REQUIRED_INPUT_MAX || checkEndMarkNow) if(inSize < LZMA_REQUIRED_INPUT_MAX || checkEndMarkNow)
{ {
int dummyRes = LzmaDec_TryDummy(p, src, inSize); int dummyRes = LzmaDec_TryDummy(p, src, inSize);
if (dummyRes == DUMMY_ERROR) if(dummyRes == DUMMY_ERROR)
{ {
memcpy(p->tempBuf, src, inSize); memcpy(p->tempBuf, src, inSize);
p->tempBufSize = (unsigned)inSize; p->tempBufSize = (unsigned)inSize;
@ -801,7 +801,7 @@ SRes LzmaDec_DecodeToDic(CLzmaDec *p, SizeT dicLimit, const Byte *src, SizeT *sr
*status = LZMA_STATUS_NEEDS_MORE_INPUT; *status = LZMA_STATUS_NEEDS_MORE_INPUT;
return SZ_OK; return SZ_OK;
} }
if (checkEndMarkNow && dummyRes != DUMMY_MATCH) if(checkEndMarkNow && dummyRes != DUMMY_MATCH)
{ {
*status = LZMA_STATUS_NOT_FINISHED; *status = LZMA_STATUS_NOT_FINISHED;
return SZ_ERROR_DATA; return SZ_ERROR_DATA;
@ -811,7 +811,7 @@ SRes LzmaDec_DecodeToDic(CLzmaDec *p, SizeT dicLimit, const Byte *src, SizeT *sr
else else
bufLimit = src + inSize - LZMA_REQUIRED_INPUT_MAX; bufLimit = src + inSize - LZMA_REQUIRED_INPUT_MAX;
p->buf = src; p->buf = src;
if (LzmaDec_DecodeReal2(p, dicLimit, bufLimit) != 0) if(LzmaDec_DecodeReal2(p, dicLimit, bufLimit) != 0)
return SZ_ERROR_DATA; return SZ_ERROR_DATA;
processed = (SizeT)(p->buf - src); processed = (SizeT)(p->buf - src);
(*srcLen) += processed; (*srcLen) += processed;
@ -821,26 +821,26 @@ SRes LzmaDec_DecodeToDic(CLzmaDec *p, SizeT dicLimit, const Byte *src, SizeT *sr
else else
{ {
unsigned rem = p->tempBufSize, lookAhead = 0; unsigned rem = p->tempBufSize, lookAhead = 0;
while (rem < LZMA_REQUIRED_INPUT_MAX && lookAhead < inSize) while(rem < LZMA_REQUIRED_INPUT_MAX && lookAhead < inSize)
p->tempBuf[rem++] = src[lookAhead++]; p->tempBuf[rem++] = src[lookAhead++];
p->tempBufSize = rem; p->tempBufSize = rem;
if (rem < LZMA_REQUIRED_INPUT_MAX || checkEndMarkNow) if(rem < LZMA_REQUIRED_INPUT_MAX || checkEndMarkNow)
{ {
int dummyRes = LzmaDec_TryDummy(p, p->tempBuf, rem); int dummyRes = LzmaDec_TryDummy(p, p->tempBuf, rem);
if (dummyRes == DUMMY_ERROR) if(dummyRes == DUMMY_ERROR)
{ {
(*srcLen) += lookAhead; (*srcLen) += lookAhead;
*status = LZMA_STATUS_NEEDS_MORE_INPUT; *status = LZMA_STATUS_NEEDS_MORE_INPUT;
return SZ_OK; return SZ_OK;
} }
if (checkEndMarkNow && dummyRes != DUMMY_MATCH) if(checkEndMarkNow && dummyRes != DUMMY_MATCH)
{ {
*status = LZMA_STATUS_NOT_FINISHED; *status = LZMA_STATUS_NOT_FINISHED;
return SZ_ERROR_DATA; return SZ_ERROR_DATA;
} }
} }
p->buf = p->tempBuf; p->buf = p->tempBuf;
if (LzmaDec_DecodeReal2(p, dicLimit, p->buf) != 0) if(LzmaDec_DecodeReal2(p, dicLimit, p->buf) != 0)
return SZ_ERROR_DATA; return SZ_ERROR_DATA;
lookAhead -= (rem - (unsigned)(p->buf - p->tempBuf)); lookAhead -= (rem - (unsigned)(p->buf - p->tempBuf));
(*srcLen) += lookAhead; (*srcLen) += lookAhead;
@ -849,25 +849,25 @@ SRes LzmaDec_DecodeToDic(CLzmaDec *p, SizeT dicLimit, const Byte *src, SizeT *sr
p->tempBufSize = 0; p->tempBufSize = 0;
} }
} }
if (p->code == 0) if(p->code == 0)
*status = LZMA_STATUS_FINISHED_WITH_MARK; *status = LZMA_STATUS_FINISHED_WITH_MARK;
return (p->code == 0) ? SZ_OK : SZ_ERROR_DATA; return (p->code == 0) ? SZ_OK : SZ_ERROR_DATA;
} }
SRes LzmaDec_DecodeToBuf(CLzmaDec *p, Byte *dest, SizeT *destLen, const Byte *src, SizeT *srcLen, ELzmaFinishMode finishMode, ELzmaStatus *status) SRes LzmaDec_DecodeToBuf(CLzmaDec* p, Byte* dest, SizeT* destLen, const Byte* src, SizeT* srcLen, ELzmaFinishMode finishMode, ELzmaStatus* status)
{ {
SizeT outSize = *destLen; SizeT outSize = *destLen;
SizeT inSize = *srcLen; SizeT inSize = *srcLen;
*srcLen = *destLen = 0; *srcLen = *destLen = 0;
for (;;) for(;;)
{ {
SizeT inSizeCur = inSize, outSizeCur, dicPos; SizeT inSizeCur = inSize, outSizeCur, dicPos;
ELzmaFinishMode curFinishMode; ELzmaFinishMode curFinishMode;
SRes res; SRes res;
if (p->dicPos == p->dicBufSize) if(p->dicPos == p->dicBufSize)
p->dicPos = 0; p->dicPos = 0;
dicPos = p->dicPos; dicPos = p->dicPos;
if (outSize > p->dicBufSize - dicPos) if(outSize > p->dicBufSize - dicPos)
{ {
outSizeCur = p->dicBufSize; outSizeCur = p->dicBufSize;
curFinishMode = LZMA_FINISH_ANY; curFinishMode = LZMA_FINISH_ANY;
@ -887,47 +887,47 @@ SRes LzmaDec_DecodeToBuf(CLzmaDec *p, Byte *dest, SizeT *destLen, const Byte *sr
dest += outSizeCur; dest += outSizeCur;
outSize -= outSizeCur; outSize -= outSizeCur;
*destLen += outSizeCur; *destLen += outSizeCur;
if (res != 0) if(res != 0)
return res; return res;
if (outSizeCur == 0 || outSize == 0) if(outSizeCur == 0 || outSize == 0)
return SZ_OK; return SZ_OK;
} }
} }
void LzmaDec_FreeProbs(CLzmaDec *p, ISzAlloc *alloc) void LzmaDec_FreeProbs(CLzmaDec* p, ISzAlloc* alloc)
{ {
alloc->Free(alloc, p->probs); alloc->Free(alloc, p->probs);
p->probs = 0; p->probs = 0;
} }
static void LzmaDec_FreeDict(CLzmaDec *p, ISzAlloc *alloc) static void LzmaDec_FreeDict(CLzmaDec* p, ISzAlloc* alloc)
{ {
alloc->Free(alloc, p->dic); alloc->Free(alloc, p->dic);
p->dic = 0; p->dic = 0;
} }
void LzmaDec_Free(CLzmaDec *p, ISzAlloc *alloc) void LzmaDec_Free(CLzmaDec* p, ISzAlloc* alloc)
{ {
LzmaDec_FreeProbs(p, alloc); LzmaDec_FreeProbs(p, alloc);
LzmaDec_FreeDict(p, alloc); LzmaDec_FreeDict(p, alloc);
} }
SRes LzmaProps_Decode(CLzmaProps *p, const Byte *data, unsigned size) SRes LzmaProps_Decode(CLzmaProps* p, const Byte* data, unsigned size)
{ {
UInt32 dicSize; UInt32 dicSize;
Byte d; Byte d;
if (size < LZMA_PROPS_SIZE) if(size < LZMA_PROPS_SIZE)
return SZ_ERROR_UNSUPPORTED; return SZ_ERROR_UNSUPPORTED;
else else
dicSize = data[1] | ((UInt32)data[2] << 8) | ((UInt32)data[3] << 16) | ((UInt32)data[4] << 24); dicSize = data[1] | ((UInt32)data[2] << 8) | ((UInt32)data[3] << 16) | ((UInt32)data[4] << 24);
if (dicSize < LZMA_DIC_MIN) if(dicSize < LZMA_DIC_MIN)
dicSize = LZMA_DIC_MIN; dicSize = LZMA_DIC_MIN;
p->dicSize = dicSize; p->dicSize = dicSize;
d = data[0]; d = data[0];
if (d >= (9 * 5 * 5)) if(d >= (9 * 5 * 5))
return SZ_ERROR_UNSUPPORTED; return SZ_ERROR_UNSUPPORTED;
p->lc = d % 9; p->lc = d % 9;
@ -938,21 +938,21 @@ SRes LzmaProps_Decode(CLzmaProps *p, const Byte *data, unsigned size)
return SZ_OK; return SZ_OK;
} }
static SRes LzmaDec_AllocateProbs2(CLzmaDec *p, const CLzmaProps *propNew, ISzAlloc *alloc) static SRes LzmaDec_AllocateProbs2(CLzmaDec* p, const CLzmaProps* propNew, ISzAlloc* alloc)
{ {
UInt32 numProbs = LzmaProps_GetNumProbs(propNew); UInt32 numProbs = LzmaProps_GetNumProbs(propNew);
if (p->probs == 0 || numProbs != p->numProbs) if(p->probs == 0 || numProbs != p->numProbs)
{ {
LzmaDec_FreeProbs(p, alloc); LzmaDec_FreeProbs(p, alloc);
p->probs = (CLzmaProb *)alloc->Alloc(alloc, numProbs * sizeof(CLzmaProb)); p->probs = (CLzmaProb*)alloc->Alloc(alloc, numProbs * sizeof(CLzmaProb));
p->numProbs = numProbs; p->numProbs = numProbs;
if (p->probs == 0) if(p->probs == 0)
return SZ_ERROR_MEM; return SZ_ERROR_MEM;
} }
return SZ_OK; return SZ_OK;
} }
SRes LzmaDec_AllocateProbs(CLzmaDec *p, const Byte *props, unsigned propsSize, ISzAlloc *alloc) SRes LzmaDec_AllocateProbs(CLzmaDec* p, const Byte* props, unsigned propsSize, ISzAlloc* alloc)
{ {
CLzmaProps propNew; CLzmaProps propNew;
RINOK(LzmaProps_Decode(&propNew, props, propsSize)); RINOK(LzmaProps_Decode(&propNew, props, propsSize));
@ -961,18 +961,18 @@ SRes LzmaDec_AllocateProbs(CLzmaDec *p, const Byte *props, unsigned propsSize, I
return SZ_OK; return SZ_OK;
} }
SRes LzmaDec_Allocate(CLzmaDec *p, const Byte *props, unsigned propsSize, ISzAlloc *alloc) SRes LzmaDec_Allocate(CLzmaDec* p, const Byte* props, unsigned propsSize, ISzAlloc* alloc)
{ {
CLzmaProps propNew; CLzmaProps propNew;
SizeT dicBufSize; SizeT dicBufSize;
RINOK(LzmaProps_Decode(&propNew, props, propsSize)); RINOK(LzmaProps_Decode(&propNew, props, propsSize));
RINOK(LzmaDec_AllocateProbs2(p, &propNew, alloc)); RINOK(LzmaDec_AllocateProbs2(p, &propNew, alloc));
dicBufSize = propNew.dicSize; dicBufSize = propNew.dicSize;
if (p->dic == 0 || dicBufSize != p->dicBufSize) if(p->dic == 0 || dicBufSize != p->dicBufSize)
{ {
LzmaDec_FreeDict(p, alloc); LzmaDec_FreeDict(p, alloc);
p->dic = (Byte *)alloc->Alloc(alloc, dicBufSize); p->dic = (Byte*)alloc->Alloc(alloc, dicBufSize);
if (p->dic == 0) if(p->dic == 0)
{ {
LzmaDec_FreeProbs(p, alloc); LzmaDec_FreeProbs(p, alloc);
return SZ_ERROR_MEM; return SZ_ERROR_MEM;
@ -983,21 +983,21 @@ SRes LzmaDec_Allocate(CLzmaDec *p, const Byte *props, unsigned propsSize, ISzAll
return SZ_OK; return SZ_OK;
} }
SRes LzmaDecode(Byte *dest, SizeT *destLen, const Byte *src, SizeT *srcLen, SRes LzmaDecode(Byte* dest, SizeT* destLen, const Byte* src, SizeT* srcLen,
const Byte *propData, unsigned propSize, ELzmaFinishMode finishMode, const Byte* propData, unsigned propSize, ELzmaFinishMode finishMode,
ELzmaStatus *status, ISzAlloc *alloc) ELzmaStatus* status, ISzAlloc* alloc)
{ {
CLzmaDec p; CLzmaDec p;
SRes res; SRes res;
SizeT inSize = *srcLen; SizeT inSize = *srcLen;
SizeT outSize = *destLen; SizeT outSize = *destLen;
*srcLen = *destLen = 0; *srcLen = *destLen = 0;
if (inSize < RC_INIT_SIZE) if(inSize < RC_INIT_SIZE)
return SZ_ERROR_INPUT_EOF; return SZ_ERROR_INPUT_EOF;
LzmaDec_Construct(&p); LzmaDec_Construct(&p);
res = LzmaDec_AllocateProbs(&p, propData, propSize, alloc); res = LzmaDec_AllocateProbs(&p, propData, propSize, alloc);
if (res != 0) if(res != 0)
return res; return res;
p.dic = dest; p.dic = dest;
p.dicBufSize = outSize; p.dicBufSize = outSize;
@ -1007,7 +1007,7 @@ SRes LzmaDecode(Byte *dest, SizeT *destLen, const Byte *src, SizeT *srcLen,
*srcLen = inSize; *srcLen = inSize;
res = LzmaDec_DecodeToDic(&p, outSize, src, srcLen, finishMode, status); res = LzmaDec_DecodeToDic(&p, outSize, src, srcLen, finishMode, status);
if (res == SZ_OK && *status == LZMA_STATUS_NEEDS_MORE_INPUT) if(res == SZ_OK && *status == LZMA_STATUS_NEEDS_MORE_INPUT)
res = SZ_ERROR_INPUT_EOF; res = SZ_ERROR_INPUT_EOF;
(*destLen) = p.dicPos; (*destLen) = p.dicPos;
@ -1015,12 +1015,12 @@ SRes LzmaDecode(Byte *dest, SizeT *destLen, const Byte *src, SizeT *srcLen,
return res; return res;
} }
void* LzmaAllocMem(void *p, size_t size) void* LzmaAllocMem(void* p, size_t size)
{ {
return(VirtualAlloc(NULL, size, MEM_COMMIT, PAGE_READWRITE)); return(VirtualAlloc(NULL, size, MEM_COMMIT, PAGE_READWRITE));
} }
void LzmaFreeMem(void *p, void *address) void LzmaFreeMem(void* p, void* address)
{ {
VirtualFree(address, NULL, MEM_RELEASE); VirtualFree(address, NULL, MEM_RELEASE);
} }

32
TitanEngine/LzmaDec.h
View File

@ -33,7 +33,7 @@ Returns:
SZ_ERROR_UNSUPPORTED - Unsupported properties SZ_ERROR_UNSUPPORTED - Unsupported properties
*/ */
SRes LzmaProps_Decode(CLzmaProps *p, const Byte *data, unsigned size); SRes LzmaProps_Decode(CLzmaProps* p, const Byte* data, unsigned size);
/* ---------- LZMA Decoder state ---------- */ /* ---------- LZMA Decoder state ---------- */
@ -46,9 +46,9 @@ SRes LzmaProps_Decode(CLzmaProps *p, const Byte *data, unsigned size);
typedef struct typedef struct
{ {
CLzmaProps prop; CLzmaProps prop;
CLzmaProb *probs; CLzmaProb* probs;
Byte *dic; Byte* dic;
const Byte *buf; const Byte* buf;
UInt32 range, code; UInt32 range, code;
SizeT dicPos; SizeT dicPos;
SizeT dicBufSize; SizeT dicBufSize;
@ -66,7 +66,7 @@ typedef struct
#define LzmaDec_Construct(p) { (p)->dic = 0; (p)->probs = 0; } #define LzmaDec_Construct(p) { (p)->dic = 0; (p)->probs = 0; }
void LzmaDec_Init(CLzmaDec *p); void LzmaDec_Init(CLzmaDec* p);
/* There are two types of LZMA streams: /* There are two types of LZMA streams:
0) Stream with end mark. That end mark adds about 6 bytes to compressed size. 0) Stream with end mark. That end mark adds about 6 bytes to compressed size.
@ -127,11 +127,11 @@ LzmaDec_Allocate* can return:
SZ_ERROR_UNSUPPORTED - Unsupported properties SZ_ERROR_UNSUPPORTED - Unsupported properties
*/ */
SRes LzmaDec_AllocateProbs(CLzmaDec *p, const Byte *props, unsigned propsSize, ISzAlloc *alloc); SRes LzmaDec_AllocateProbs(CLzmaDec* p, const Byte* props, unsigned propsSize, ISzAlloc* alloc);
void LzmaDec_FreeProbs(CLzmaDec *p, ISzAlloc *alloc); void LzmaDec_FreeProbs(CLzmaDec* p, ISzAlloc* alloc);
SRes LzmaDec_Allocate(CLzmaDec *state, const Byte *prop, unsigned propsSize, ISzAlloc *alloc); SRes LzmaDec_Allocate(CLzmaDec* state, const Byte* prop, unsigned propsSize, ISzAlloc* alloc);
void LzmaDec_Free(CLzmaDec *state, ISzAlloc *alloc); void LzmaDec_Free(CLzmaDec* state, ISzAlloc* alloc);
/* ---------- Dictionary Interface ---------- */ /* ---------- Dictionary Interface ---------- */
@ -174,8 +174,8 @@ Returns:
SZ_ERROR_DATA - Data error SZ_ERROR_DATA - Data error
*/ */
SRes LzmaDec_DecodeToDic(CLzmaDec *p, SizeT dicLimit, SRes LzmaDec_DecodeToDic(CLzmaDec* p, SizeT dicLimit,
const Byte *src, SizeT *srcLen, ELzmaFinishMode finishMode, ELzmaStatus *status); const Byte* src, SizeT* srcLen, ELzmaFinishMode finishMode, ELzmaStatus* status);
/* ---------- Buffer Interface ---------- */ /* ---------- Buffer Interface ---------- */
@ -191,8 +191,8 @@ finishMode:
LZMA_FINISH_END - Stream must be finished after (*destLen). LZMA_FINISH_END - Stream must be finished after (*destLen).
*/ */
SRes LzmaDec_DecodeToBuf(CLzmaDec *p, Byte *dest, SizeT *destLen, SRes LzmaDec_DecodeToBuf(CLzmaDec* p, Byte* dest, SizeT* destLen,
const Byte *src, SizeT *srcLen, ELzmaFinishMode finishMode, ELzmaStatus *status); const Byte* src, SizeT* srcLen, ELzmaFinishMode finishMode, ELzmaStatus* status);
/* ---------- One Call Interface ---------- */ /* ---------- One Call Interface ---------- */
@ -216,8 +216,8 @@ Returns:
SZ_ERROR_INPUT_EOF - It needs more bytes in input buffer (src). SZ_ERROR_INPUT_EOF - It needs more bytes in input buffer (src).
*/ */
SRes LzmaDecode(Byte *dest, SizeT *destLen, const Byte *src, SizeT *srcLen, SRes LzmaDecode(Byte* dest, SizeT* destLen, const Byte* src, SizeT* srcLen,
const Byte *propData, unsigned propSize, ELzmaFinishMode finishMode, const Byte* propData, unsigned propSize, ELzmaFinishMode finishMode,
ELzmaStatus *status, ISzAlloc *alloc); ELzmaStatus* status, ISzAlloc* alloc);
#endif #endif

54
TitanEngine/LzmaTypes.h
View File

@ -108,19 +108,19 @@ typedef int Bool;
typedef struct typedef struct
{ {
SRes (*Read)(void *p, void *buf, size_t *size); SRes(*Read)(void* p, void* buf, size_t* size);
/* if (input(*size) != 0 && output(*size) == 0) means end_of_stream. /* if (input(*size) != 0 && output(*size) == 0) means end_of_stream.
(output(*size) < input(*size)) is allowed */ (output(*size) < input(*size)) is allowed */
} ISeqInStream; } ISeqInStream;
/* it can return SZ_ERROR_INPUT_EOF */ /* it can return SZ_ERROR_INPUT_EOF */
SRes SeqInStream_Read(ISeqInStream *stream, void *buf, size_t size); SRes SeqInStream_Read(ISeqInStream* stream, void* buf, size_t size);
SRes SeqInStream_Read2(ISeqInStream *stream, void *buf, size_t size, SRes errorType); SRes SeqInStream_Read2(ISeqInStream* stream, void* buf, size_t size, SRes errorType);
SRes SeqInStream_ReadByte(ISeqInStream *stream, Byte *buf); SRes SeqInStream_ReadByte(ISeqInStream* stream, Byte* buf);
typedef struct typedef struct
{ {
size_t (*Write)(void *p, const void *buf, size_t size); size_t (*Write)(void* p, const void* buf, size_t size);
/* Returns: result - the number of actually written bytes. /* Returns: result - the number of actually written bytes.
(result < size) means error */ (result < size) means error */
} ISeqOutStream; } ISeqOutStream;
@ -134,78 +134,78 @@ typedef enum
typedef struct typedef struct
{ {
SRes (*Read)(void *p, void *buf, size_t *size); /* same as ISeqInStream::Read */ SRes(*Read)(void* p, void* buf, size_t* size); /* same as ISeqInStream::Read */
SRes (*Seek)(void *p, Int64 *pos, ESzSeek origin); SRes(*Seek)(void* p, Int64* pos, ESzSeek origin);
} ISeekInStream; } ISeekInStream;
typedef struct typedef struct
{ {
SRes (*Look)(void *p, void **buf, size_t *size); SRes(*Look)(void* p, void** buf, size_t* size);
/* if (input(*size) != 0 && output(*size) == 0) means end_of_stream. /* if (input(*size) != 0 && output(*size) == 0) means end_of_stream.
(output(*size) > input(*size)) is not allowed (output(*size) > input(*size)) is not allowed
(output(*size) < input(*size)) is allowed */ (output(*size) < input(*size)) is allowed */
SRes (*Skip)(void *p, size_t offset); SRes(*Skip)(void* p, size_t offset);
/* offset must be <= output(*size) of Look */ /* offset must be <= output(*size) of Look */
SRes (*Read)(void *p, void *buf, size_t *size); SRes(*Read)(void* p, void* buf, size_t* size);
/* reads directly (without buffer). It's same as ISeqInStream::Read */ /* reads directly (without buffer). It's same as ISeqInStream::Read */
SRes (*Seek)(void *p, Int64 *pos, ESzSeek origin); SRes(*Seek)(void* p, Int64* pos, ESzSeek origin);
} ILookInStream; } ILookInStream;
SRes LookInStream_LookRead(ILookInStream *stream, void *buf, size_t *size); SRes LookInStream_LookRead(ILookInStream* stream, void* buf, size_t* size);
SRes LookInStream_SeekTo(ILookInStream *stream, UInt64 offset); SRes LookInStream_SeekTo(ILookInStream* stream, UInt64 offset);
/* reads via ILookInStream::Read */ /* reads via ILookInStream::Read */
SRes LookInStream_Read2(ILookInStream *stream, void *buf, size_t size, SRes errorType); SRes LookInStream_Read2(ILookInStream* stream, void* buf, size_t size, SRes errorType);
SRes LookInStream_Read(ILookInStream *stream, void *buf, size_t size); SRes LookInStream_Read(ILookInStream* stream, void* buf, size_t size);
#define LookToRead_BUF_SIZE (1 << 14) #define LookToRead_BUF_SIZE (1 << 14)
typedef struct typedef struct
{ {
ILookInStream s; ILookInStream s;
ISeekInStream *realStream; ISeekInStream* realStream;
size_t pos; size_t pos;
size_t size; size_t size;
Byte buf[LookToRead_BUF_SIZE]; Byte buf[LookToRead_BUF_SIZE];
} CLookToRead; } CLookToRead;
void LookToRead_CreateVTable(CLookToRead *p, int lookahead); void LookToRead_CreateVTable(CLookToRead* p, int lookahead);
void LookToRead_Init(CLookToRead *p); void LookToRead_Init(CLookToRead* p);
typedef struct typedef struct
{ {
ISeqInStream s; ISeqInStream s;
ILookInStream *realStream; ILookInStream* realStream;
} CSecToLook; } CSecToLook;
void SecToLook_CreateVTable(CSecToLook *p); void SecToLook_CreateVTable(CSecToLook* p);
typedef struct typedef struct
{ {
ISeqInStream s; ISeqInStream s;
ILookInStream *realStream; ILookInStream* realStream;
} CSecToRead; } CSecToRead;
void SecToRead_CreateVTable(CSecToRead *p); void SecToRead_CreateVTable(CSecToRead* p);
typedef struct typedef struct
{ {
SRes (*Progress)(void *p, UInt64 inSize, UInt64 outSize); SRes(*Progress)(void* p, UInt64 inSize, UInt64 outSize);
/* Returns: result. (result != SZ_OK) means break. /* Returns: result. (result != SZ_OK) means break.
Value (UInt64)(Int64)-1 for size means unknown value. */ Value (UInt64)(Int64)-1 for size means unknown value. */
} ICompressProgress; } ICompressProgress;
typedef struct typedef struct
{ {
void *(*Alloc)(void *p, size_t size); void* (*Alloc)(void* p, size_t size);
void (*Free)(void *p, void *address); /* address can be 0 */ void (*Free)(void* p, void* address); /* address can be 0 */
} ISzAlloc; } ISzAlloc;
#define IAlloc_Alloc(p, size) (p)->Alloc((p), size) #define IAlloc_Alloc(p, size) (p)->Alloc((p), size)
#define IAlloc_Free(p, a) (p)->Free((p), a) #define IAlloc_Free(p, a) (p)->Free((p), a)
void* LzmaAllocMem(void *p, size_t size); void* LzmaAllocMem(void* p, size_t size);
void LzmaFreeMem(void *p, void *address); void LzmaFreeMem(void* p, void* address);
#endif #endif

204
TitanEngine/TitanEngine.Breakpoints.cpp
View File

@ -30,8 +30,8 @@ __declspec(dllexport) bool TITCALL IsBPXEnabled(ULONG_PTR bpxAddress)
ULONG_PTR NumberOfBytesReadWritten = 0; ULONG_PTR NumberOfBytesReadWritten = 0;
DWORD MaximumBreakPoints = 0; DWORD MaximumBreakPoints = 0;
BYTE ReadData[10] = {}; BYTE ReadData[10] = {};
int bpcount=(int)BreakPointBuffer.size(); int bpcount = (int)BreakPointBuffer.size();
for(int i=0; i<bpcount; i++) for(int i = 0; i < bpcount; i++)
{ {
if(BreakPointBuffer.at(i).BreakPointAddress == bpxAddress) if(BreakPointBuffer.at(i).BreakPointAddress == bpxAddress)
{ {
@ -66,8 +66,8 @@ __declspec(dllexport) bool TITCALL EnableBPX(ULONG_PTR bpxAddress)
DWORD MaximumBreakPoints = 0; DWORD MaximumBreakPoints = 0;
bool testWrite = false; bool testWrite = false;
DWORD OldProtect; DWORD OldProtect;
int bpcount=(int)BreakPointBuffer.size(); int bpcount = (int)BreakPointBuffer.size();
for(int i=0; i<bpcount; i++) for(int i = 0; i < bpcount; i++)
{ {
if(BreakPointBuffer.at(i).BreakPointAddress == bpxAddress) if(BreakPointBuffer.at(i).BreakPointAddress == bpxAddress)
{ {
@ -135,8 +135,8 @@ __declspec(dllexport) bool TITCALL DisableBPX(ULONG_PTR bpxAddress)
ULONG_PTR NumberOfBytesReadWritten = 0; ULONG_PTR NumberOfBytesReadWritten = 0;
DWORD MaximumBreakPoints = 0; DWORD MaximumBreakPoints = 0;
DWORD OldProtect; DWORD OldProtect;
int bpcount=(int)BreakPointBuffer.size(); int bpcount = (int)BreakPointBuffer.size();
for(int i=0; i<bpcount; i++) for(int i = 0; i < bpcount; i++)
{ {
if(BreakPointBuffer.at(i).BreakPointAddress == bpxAddress) if(BreakPointBuffer.at(i).BreakPointAddress == bpxAddress)
{ {
@ -181,9 +181,9 @@ __declspec(dllexport) bool TITCALL SetBPX(ULONG_PTR bpxAddress, DWORD bpxType, L
{ {
return false; return false;
} }
int bpcount=(int)BreakPointBuffer.size(); int bpcount = (int)BreakPointBuffer.size();
//search for breakpoint //search for breakpoint
for(int i=0; i<bpcount; i++) for(int i = 0; i < bpcount; i++)
{ {
if(BreakPointBuffer.at(i).BreakPointAddress == bpxAddress && BreakPointBuffer.at(i).BreakPointActive == UE_BPXACTIVE && (BreakPointBuffer.at(i).BreakPointType == UE_SINGLESHOOT || BreakPointBuffer.at(i).BreakPointType == UE_BREAKPOINT)) if(BreakPointBuffer.at(i).BreakPointAddress == bpxAddress && BreakPointBuffer.at(i).BreakPointActive == UE_BPXACTIVE && (BreakPointBuffer.at(i).BreakPointType == UE_SINGLESHOOT || BreakPointBuffer.at(i).BreakPointType == UE_BREAKPOINT))
return false; return false;
@ -248,10 +248,10 @@ __declspec(dllexport) bool TITCALL SetBPX(ULONG_PTR bpxAddress, DWORD bpxType, L
if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, bpxDataPrt, NewBreakPoint.BreakPointSize, &NumberOfBytesReadWritten)) if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, bpxDataPrt, NewBreakPoint.BreakPointSize, &NumberOfBytesReadWritten))
{ {
//add new breakpoint to the list //add new breakpoint to the list
NewBreakPoint.AdvancedBreakPointType = SelectedBreakPointType&0xFF; NewBreakPoint.AdvancedBreakPointType = SelectedBreakPointType & 0xFF;
NewBreakPoint.BreakPointActive = UE_BPXACTIVE; NewBreakPoint.BreakPointActive = UE_BPXACTIVE;
NewBreakPoint.BreakPointAddress = bpxAddress; NewBreakPoint.BreakPointAddress = bpxAddress;
NewBreakPoint.BreakPointType = bpxType&0xFF; NewBreakPoint.BreakPointType = bpxType & 0xFF;
NewBreakPoint.ExecuteCallBack = (ULONG_PTR)bpxCallBack; NewBreakPoint.ExecuteCallBack = (ULONG_PTR)bpxCallBack;
BreakPointBuffer.push_back(NewBreakPoint); BreakPointBuffer.push_back(NewBreakPoint);
VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, NewBreakPoint.BreakPointSize, OldProtect, &OldProtect); VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, NewBreakPoint.BreakPointSize, OldProtect, &OldProtect);
@ -272,13 +272,13 @@ __declspec(dllexport) bool TITCALL DeleteBPX(ULONG_PTR bpxAddress)
CriticalSectionLocker lock(LockBreakPointBuffer); CriticalSectionLocker lock(LockBreakPointBuffer);
ULONG_PTR NumberOfBytesReadWritten = 0; ULONG_PTR NumberOfBytesReadWritten = 0;
DWORD OldProtect; DWORD OldProtect;
int bpcount=(int)BreakPointBuffer.size(); int bpcount = (int)BreakPointBuffer.size();
int found=-1; int found = -1;
for(int i=0; i<bpcount; i++) for(int i = 0; i < bpcount; i++)
{ {
if(BreakPointBuffer.at(i).BreakPointAddress == bpxAddress && (BreakPointBuffer.at(i).BreakPointType == UE_SINGLESHOOT || BreakPointBuffer.at(i).BreakPointType == UE_BREAKPOINT)) if(BreakPointBuffer.at(i).BreakPointAddress == bpxAddress && (BreakPointBuffer.at(i).BreakPointType == UE_SINGLESHOOT || BreakPointBuffer.at(i).BreakPointType == UE_BREAKPOINT))
{ {
found=i; found = i;
break; break;
} }
} }
@ -296,7 +296,7 @@ __declspec(dllexport) bool TITCALL DeleteBPX(ULONG_PTR bpxAddress)
} }
lock.relock(); lock.relock();
VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer.at(found).BreakPointSize, OldProtect, &OldProtect); VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer.at(found).BreakPointSize, OldProtect, &OldProtect);
BreakPointBuffer.erase(BreakPointBuffer.begin()+found); BreakPointBuffer.erase(BreakPointBuffer.begin() + found);
return true; return true;
} }
@ -328,7 +328,7 @@ __declspec(dllexport) bool TITCALL SetAPIBreakPoint(const char* szDLLName, const
do //search for forwarding indicators do //search for forwarding indicators
{ {
i += len; i += len;
if(!MemoryReadSafe(dbgProcessInformation.hProcess, (void*)(APIAddress+i), CmdBuffer, sizeof(CmdBuffer), 0)) if(!MemoryReadSafe(dbgProcessInformation.hProcess, (void*)(APIAddress + i), CmdBuffer, sizeof(CmdBuffer), 0))
return false; return false;
if(CmdBuffer[0] == 0xCC || CmdBuffer[0] == 0x90) //padding if(CmdBuffer[0] == 0xCC || CmdBuffer[0] == 0x90) //padding
{ {
@ -351,7 +351,7 @@ __declspec(dllexport) bool TITCALL SetAPIBreakPoint(const char* szDLLName, const
do //search for RET do //search for RET
{ {
i += len; i += len;
if(!MemoryReadSafe(dbgProcessInformation.hProcess, (void*)(APIAddress+i), CmdBuffer, sizeof(CmdBuffer), 0)) if(!MemoryReadSafe(dbgProcessInformation.hProcess, (void*)(APIAddress + i), CmdBuffer, sizeof(CmdBuffer), 0))
return false; return false;
len = StaticLengthDisassemble(CmdBuffer); len = StaticLengthDisassemble(CmdBuffer);
} }
@ -386,7 +386,7 @@ __declspec(dllexport) bool TITCALL DeleteAPIBreakPoint(const char* szDLLName, co
do //search for forwarding indicators do //search for forwarding indicators
{ {
i += len; i += len;
if(!MemoryReadSafe(dbgProcessInformation.hProcess, (void*)(APIAddress+i), CmdBuffer, sizeof(CmdBuffer), 0)) if(!MemoryReadSafe(dbgProcessInformation.hProcess, (void*)(APIAddress + i), CmdBuffer, sizeof(CmdBuffer), 0))
return false; return false;
if(CmdBuffer[0] == 0xCC || CmdBuffer[0] == 0x90) //padding if(CmdBuffer[0] == 0xCC || CmdBuffer[0] == 0x90) //padding
{ {
@ -409,7 +409,7 @@ __declspec(dllexport) bool TITCALL DeleteAPIBreakPoint(const char* szDLLName, co
do //search for RET do //search for RET
{ {
i += len; i += len;
if(!MemoryReadSafe(dbgProcessInformation.hProcess, (void*)(APIAddress+i), CmdBuffer, sizeof(CmdBuffer), 0)) if(!MemoryReadSafe(dbgProcessInformation.hProcess, (void*)(APIAddress + i), CmdBuffer, sizeof(CmdBuffer), 0))
return false; return false;
len = StaticLengthDisassemble(CmdBuffer); len = StaticLengthDisassemble(CmdBuffer);
} }
@ -440,9 +440,9 @@ __declspec(dllexport) bool TITCALL SetMemoryBPXEx(ULONG_PTR MemoryStart, SIZE_T
CriticalSectionLocker lock(LockBreakPointBuffer); CriticalSectionLocker lock(LockBreakPointBuffer);
MEMORY_BASIC_INFORMATION MemInfo; MEMORY_BASIC_INFORMATION MemInfo;
ULONG_PTR NumberOfBytesReadWritten = 0; ULONG_PTR NumberOfBytesReadWritten = 0;
int bpcount=(int)BreakPointBuffer.size(); int bpcount = (int)BreakPointBuffer.size();
//search for breakpoint //search for breakpoint
for(int i=0; i<bpcount; i++) for(int i = 0; i < bpcount; i++)
{ {
if(BreakPointBuffer.at(i).BreakPointAddress == MemoryStart && if(BreakPointBuffer.at(i).BreakPointAddress == MemoryStart &&
(BreakPointBuffer.at(i).BreakPointType == UE_MEMORY || (BreakPointBuffer.at(i).BreakPointType == UE_MEMORY ||
@ -456,7 +456,7 @@ __declspec(dllexport) bool TITCALL SetMemoryBPXEx(ULONG_PTR MemoryStart, SIZE_T
} }
//set PAGE_GUARD on all the pages separately //set PAGE_GUARD on all the pages separately
size_t pages = SizeOfMemory / TITANENGINE_PAGESIZE; size_t pages = SizeOfMemory / TITANENGINE_PAGESIZE;
for(size_t i=0; i<pages; i++) for(size_t i = 0; i < pages; i++)
{ {
const LPVOID curPage = (LPVOID)(MemoryStart + i * TITANENGINE_PAGESIZE); const LPVOID curPage = (LPVOID)(MemoryStart + i * TITANENGINE_PAGESIZE);
VirtualQueryEx(dbgProcessInformation.hProcess, curPage, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION)); VirtualQueryEx(dbgProcessInformation.hProcess, curPage, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION));
@ -487,10 +487,10 @@ __declspec(dllexport) bool TITCALL RemoveMemoryBPX(ULONG_PTR MemoryStart, SIZE_T
CriticalSectionLocker lock(LockBreakPointBuffer); CriticalSectionLocker lock(LockBreakPointBuffer);
MEMORY_BASIC_INFORMATION MemInfo; MEMORY_BASIC_INFORMATION MemInfo;
ULONG_PTR NumberOfBytesReadWritten = 0; ULONG_PTR NumberOfBytesReadWritten = 0;
int bpcount=(int)BreakPointBuffer.size(); int bpcount = (int)BreakPointBuffer.size();
int found=-1; int found = -1;
//search for breakpoint //search for breakpoint
for(int i=0; i<bpcount; i++) for(int i = 0; i < bpcount; i++)
{ {
if(BreakPointBuffer.at(i).BreakPointAddress == MemoryStart && if(BreakPointBuffer.at(i).BreakPointAddress == MemoryStart &&
(BreakPointBuffer.at(i).BreakPointType == UE_MEMORY || (BreakPointBuffer.at(i).BreakPointType == UE_MEMORY ||
@ -499,17 +499,17 @@ __declspec(dllexport) bool TITCALL RemoveMemoryBPX(ULONG_PTR MemoryStart, SIZE_T
BreakPointBuffer.at(i).BreakPointType == UE_MEMORY_EXECUTE) BreakPointBuffer.at(i).BreakPointType == UE_MEMORY_EXECUTE)
) )
{ {
found=i; found = i;
break; break;
} }
} }
if(found==-1) //not found if(found == -1) //not found
return false; return false;
if(!SizeOfMemory) if(!SizeOfMemory)
SizeOfMemory = BreakPointBuffer.at(found).BreakPointSize; SizeOfMemory = BreakPointBuffer.at(found).BreakPointSize;
//remove PAGE_GUARD from all the pages in the range //remove PAGE_GUARD from all the pages in the range
size_t pages = SizeOfMemory / TITANENGINE_PAGESIZE; size_t pages = SizeOfMemory / TITANENGINE_PAGESIZE;
for(size_t i=0; i<pages; i++) for(size_t i = 0; i < pages; i++)
{ {
const LPVOID curPage = (LPVOID)(MemoryStart + i * TITANENGINE_PAGESIZE); const LPVOID curPage = (LPVOID)(MemoryStart + i * TITANENGINE_PAGESIZE);
VirtualQueryEx(dbgProcessInformation.hProcess, curPage, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION)); VirtualQueryEx(dbgProcessInformation.hProcess, curPage, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION));
@ -521,7 +521,7 @@ __declspec(dllexport) bool TITCALL RemoveMemoryBPX(ULONG_PTR MemoryStart, SIZE_T
} }
} }
//remove breakpoint from list //remove breakpoint from list
BreakPointBuffer.erase(BreakPointBuffer.begin()+found); BreakPointBuffer.erase(BreakPointBuffer.begin() + found);
return true; return true;
} }
@ -535,27 +535,27 @@ __declspec(dllexport) bool TITCALL SetHardwareBreakPoint(ULONG_PTR bpxAddress, D
HWBP_SIZE hwbpSize; HWBP_SIZE hwbpSize;
HWBP_MODE hwbpMode; HWBP_MODE hwbpMode;
HWBP_TYPE hwbpType; HWBP_TYPE hwbpType;
int hwbpIndex=-1; int hwbpIndex = -1;
DR7 dr7; DR7 dr7;
switch(bpxSize) switch(bpxSize)
{ {
case UE_HARDWARE_SIZE_1: case UE_HARDWARE_SIZE_1:
hwbpSize=SIZE_1; hwbpSize = SIZE_1;
break; break;
case UE_HARDWARE_SIZE_2: case UE_HARDWARE_SIZE_2:
hwbpSize=SIZE_2; hwbpSize = SIZE_2;
if((bpxAddress%2)!=0) if((bpxAddress % 2) != 0)
return false; return false;
break; break;
case UE_HARDWARE_SIZE_4: case UE_HARDWARE_SIZE_4:
hwbpSize=SIZE_4; hwbpSize = SIZE_4;
if((bpxAddress%4)!=0) if((bpxAddress % 4) != 0)
return false; return false;
break; break;
case UE_HARDWARE_SIZE_8: case UE_HARDWARE_SIZE_8:
hwbpSize=SIZE_8; hwbpSize = SIZE_8;
if((bpxAddress%8)!=0) if((bpxAddress % 8) != 0)
return false; return false;
break; break;
default: default:
@ -579,16 +579,16 @@ __declspec(dllexport) bool TITCALL SetHardwareBreakPoint(ULONG_PTR bpxAddress, D
switch(IndexOfRegister) switch(IndexOfRegister)
{ {
case UE_DR0: case UE_DR0:
hwbpIndex=0; hwbpIndex = 0;
break; break;
case UE_DR1: case UE_DR1:
hwbpIndex=1; hwbpIndex = 1;
break; break;
case UE_DR2: case UE_DR2:
hwbpIndex=2; hwbpIndex = 2;
break; break;
case UE_DR3: case UE_DR3:
hwbpIndex=3; hwbpIndex = 3;
break; break;
default: default:
return false; return false;
@ -596,42 +596,42 @@ __declspec(dllexport) bool TITCALL SetHardwareBreakPoint(ULONG_PTR bpxAddress, D
uintdr7((ULONG_PTR)GetContextData(UE_DR7), &dr7); uintdr7((ULONG_PTR)GetContextData(UE_DR7), &dr7);
DebugRegister[hwbpIndex].DrxExecution=false; DebugRegister[hwbpIndex].DrxExecution = false;
switch(bpxType) switch(bpxType)
{ {
case UE_HARDWARE_EXECUTE: case UE_HARDWARE_EXECUTE:
hwbpSize=SIZE_1; hwbpSize = SIZE_1;
hwbpType=TYPE_EXECUTE; hwbpType = TYPE_EXECUTE;
DebugRegister[hwbpIndex].DrxExecution=true; DebugRegister[hwbpIndex].DrxExecution = true;
break; break;
case UE_HARDWARE_WRITE: case UE_HARDWARE_WRITE:
hwbpType=TYPE_WRITE; hwbpType = TYPE_WRITE;
break; break;
case UE_HARDWARE_READWRITE: case UE_HARDWARE_READWRITE:
hwbpType=TYPE_READWRITE; hwbpType = TYPE_READWRITE;
break; break;
default: default:
return false; return false;
} }
hwbpMode=MODE_LOCAL; hwbpMode = MODE_LOCAL;
dr7.HWBP_MODE[hwbpIndex]=hwbpMode; dr7.HWBP_MODE[hwbpIndex] = hwbpMode;
dr7.HWBP_SIZE[hwbpIndex]=hwbpSize; dr7.HWBP_SIZE[hwbpIndex] = hwbpSize;
dr7.HWBP_TYPE[hwbpIndex]=hwbpType; dr7.HWBP_TYPE[hwbpIndex] = hwbpType;
for(unsigned int i=0; i<hListThread.size(); i++) for(unsigned int i = 0; i < hListThread.size(); i++)
{ {
SetContextDataEx(hListThread.at(i).hThread, UE_DR7, dr7uint(&dr7)); //NOTE: MUST SET THIS FIRST FOR X64! SetContextDataEx(hListThread.at(i).hThread, UE_DR7, dr7uint(&dr7)); //NOTE: MUST SET THIS FIRST FOR X64!
SetContextDataEx(hListThread.at(i).hThread, IndexOfRegister, bpxAddress); SetContextDataEx(hListThread.at(i).hThread, IndexOfRegister, bpxAddress);
} }
DebugRegister[hwbpIndex].DrxBreakPointType=bpxType; DebugRegister[hwbpIndex].DrxBreakPointType = bpxType;
DebugRegister[hwbpIndex].DrxBreakPointSize=bpxSize; DebugRegister[hwbpIndex].DrxBreakPointSize = bpxSize;
DebugRegister[hwbpIndex].DrxEnabled=true; DebugRegister[hwbpIndex].DrxEnabled = true;
DebugRegister[hwbpIndex].DrxBreakAddress=(ULONG_PTR)bpxAddress; DebugRegister[hwbpIndex].DrxBreakAddress = (ULONG_PTR)bpxAddress;
DebugRegister[hwbpIndex].DrxCallBack=(ULONG_PTR)bpxCallBack; DebugRegister[hwbpIndex].DrxCallBack = (ULONG_PTR)bpxCallBack;
return true; return true;
} }
@ -641,27 +641,27 @@ __declspec(dllexport) bool TITCALL SetHardwareBreakPointEx(HANDLE hActiveThread,
HWBP_SIZE hwbpSize; HWBP_SIZE hwbpSize;
HWBP_MODE hwbpMode; HWBP_MODE hwbpMode;
HWBP_TYPE hwbpType; HWBP_TYPE hwbpType;
int hwbpIndex=-1; int hwbpIndex = -1;
DR7 dr7; DR7 dr7;
switch(bpxSize) switch(bpxSize)
{ {
case UE_HARDWARE_SIZE_1: case UE_HARDWARE_SIZE_1:
hwbpSize=SIZE_1; hwbpSize = SIZE_1;
break; break;
case UE_HARDWARE_SIZE_2: case UE_HARDWARE_SIZE_2:
hwbpSize=SIZE_2; hwbpSize = SIZE_2;
if((bpxAddress%2)!=0) if((bpxAddress % 2) != 0)
return false; return false;
break; break;
case UE_HARDWARE_SIZE_4: case UE_HARDWARE_SIZE_4:
hwbpSize=SIZE_4; hwbpSize = SIZE_4;
if((bpxAddress%4)!=0) if((bpxAddress % 4) != 0)
return false; return false;
break; break;
case UE_HARDWARE_SIZE_8: case UE_HARDWARE_SIZE_8:
hwbpSize=SIZE_8; hwbpSize = SIZE_8;
if((bpxAddress%8)!=0) if((bpxAddress % 8) != 0)
return false; return false;
break; break;
default: default:
@ -683,21 +683,21 @@ __declspec(dllexport) bool TITCALL SetHardwareBreakPointEx(HANDLE hActiveThread,
} }
if(IndexOfSelectedRegister) if(IndexOfSelectedRegister)
*IndexOfSelectedRegister=IndexOfRegister; *IndexOfSelectedRegister = IndexOfRegister;
switch(IndexOfRegister) switch(IndexOfRegister)
{ {
case UE_DR0: case UE_DR0:
hwbpIndex=0; hwbpIndex = 0;
break; break;
case UE_DR1: case UE_DR1:
hwbpIndex=1; hwbpIndex = 1;
break; break;
case UE_DR2: case UE_DR2:
hwbpIndex=2; hwbpIndex = 2;
break; break;
case UE_DR3: case UE_DR3:
hwbpIndex=3; hwbpIndex = 3;
break; break;
default: default:
return false; return false;
@ -705,39 +705,39 @@ __declspec(dllexport) bool TITCALL SetHardwareBreakPointEx(HANDLE hActiveThread,
uintdr7((ULONG_PTR)GetContextDataEx(hActiveThread, UE_DR7), &dr7); uintdr7((ULONG_PTR)GetContextDataEx(hActiveThread, UE_DR7), &dr7);
DebugRegister[hwbpIndex].DrxExecution=false; DebugRegister[hwbpIndex].DrxExecution = false;
switch(bpxType) switch(bpxType)
{ {
case UE_HARDWARE_EXECUTE: case UE_HARDWARE_EXECUTE:
hwbpSize=SIZE_1; hwbpSize = SIZE_1;
hwbpType=TYPE_EXECUTE; hwbpType = TYPE_EXECUTE;
DebugRegister[hwbpIndex].DrxExecution=true; DebugRegister[hwbpIndex].DrxExecution = true;
break; break;
case UE_HARDWARE_WRITE: case UE_HARDWARE_WRITE:
hwbpType=TYPE_WRITE; hwbpType = TYPE_WRITE;
break; break;
case UE_HARDWARE_READWRITE: case UE_HARDWARE_READWRITE:
hwbpType=TYPE_READWRITE; hwbpType = TYPE_READWRITE;
break; break;
default: default:
return false; return false;
} }
hwbpMode=MODE_LOCAL; hwbpMode = MODE_LOCAL;
dr7.HWBP_MODE[hwbpIndex]=hwbpMode; dr7.HWBP_MODE[hwbpIndex] = hwbpMode;
dr7.HWBP_SIZE[hwbpIndex]=hwbpSize; dr7.HWBP_SIZE[hwbpIndex] = hwbpSize;
dr7.HWBP_TYPE[hwbpIndex]=hwbpType; dr7.HWBP_TYPE[hwbpIndex] = hwbpType;
SetContextDataEx(hActiveThread, UE_DR7, dr7uint(&dr7)); SetContextDataEx(hActiveThread, UE_DR7, dr7uint(&dr7));
SetContextDataEx(hActiveThread, IndexOfRegister, (ULONG_PTR)bpxAddress); SetContextDataEx(hActiveThread, IndexOfRegister, (ULONG_PTR)bpxAddress);
DebugRegister[hwbpIndex].DrxBreakPointType=bpxType; DebugRegister[hwbpIndex].DrxBreakPointType = bpxType;
DebugRegister[hwbpIndex].DrxBreakPointSize=bpxSize; DebugRegister[hwbpIndex].DrxBreakPointSize = bpxSize;
DebugRegister[hwbpIndex].DrxEnabled=true; DebugRegister[hwbpIndex].DrxEnabled = true;
DebugRegister[hwbpIndex].DrxBreakAddress=(ULONG_PTR)bpxAddress; DebugRegister[hwbpIndex].DrxBreakAddress = (ULONG_PTR)bpxAddress;
DebugRegister[hwbpIndex].DrxCallBack=(ULONG_PTR)bpxCallBack; DebugRegister[hwbpIndex].DrxCallBack = (ULONG_PTR)bpxCallBack;
return true; return true;
} }
@ -750,9 +750,9 @@ __declspec(dllexport) bool TITCALL DeleteHardwareBreakPoint(DWORD IndexOfRegiste
if(IndexOfRegister == UE_DR0) if(IndexOfRegister == UE_DR0)
{ {
HardwareBPX = (ULONG_PTR)GetContextData(UE_DR7); HardwareBPX = (ULONG_PTR)GetContextData(UE_DR7);
HardwareBPX = HardwareBPX &~ (1 << 0); HardwareBPX = HardwareBPX & ~(1 << 0);
HardwareBPX = HardwareBPX &~ (1 << 1); HardwareBPX = HardwareBPX & ~(1 << 1);
for(unsigned int i=0; i<hListThread.size(); i++) for(unsigned int i = 0; i < hListThread.size(); i++)
{ {
SetContextDataEx(hListThread.at(i).hThread, UE_DR0, bpxAddress); SetContextDataEx(hListThread.at(i).hThread, UE_DR0, bpxAddress);
SetContextDataEx(hListThread.at(i).hThread, UE_DR7, HardwareBPX); SetContextDataEx(hListThread.at(i).hThread, UE_DR7, HardwareBPX);
@ -765,9 +765,9 @@ __declspec(dllexport) bool TITCALL DeleteHardwareBreakPoint(DWORD IndexOfRegiste
else if(IndexOfRegister == UE_DR1) else if(IndexOfRegister == UE_DR1)
{ {
HardwareBPX = (ULONG_PTR)GetContextData(UE_DR7); HardwareBPX = (ULONG_PTR)GetContextData(UE_DR7);
HardwareBPX = HardwareBPX &~ (1 << 2); HardwareBPX = HardwareBPX & ~(1 << 2);
HardwareBPX = HardwareBPX &~ (1 << 3); HardwareBPX = HardwareBPX & ~(1 << 3);
for(unsigned int i=0; i<hListThread.size(); i++) for(unsigned int i = 0; i < hListThread.size(); i++)
{ {
SetContextDataEx(hListThread.at(i).hThread, UE_DR1, bpxAddress); SetContextDataEx(hListThread.at(i).hThread, UE_DR1, bpxAddress);
SetContextDataEx(hListThread.at(i).hThread, UE_DR7, HardwareBPX); SetContextDataEx(hListThread.at(i).hThread, UE_DR7, HardwareBPX);
@ -780,9 +780,9 @@ __declspec(dllexport) bool TITCALL DeleteHardwareBreakPoint(DWORD IndexOfRegiste
else if(IndexOfRegister == UE_DR2) else if(IndexOfRegister == UE_DR2)
{ {
HardwareBPX = (ULONG_PTR)GetContextData(UE_DR7); HardwareBPX = (ULONG_PTR)GetContextData(UE_DR7);
HardwareBPX = HardwareBPX &~ (1 << 4); HardwareBPX = HardwareBPX & ~(1 << 4);
HardwareBPX = HardwareBPX &~ (1 << 5); HardwareBPX = HardwareBPX & ~(1 << 5);
for(unsigned int i=0; i<hListThread.size(); i++) for(unsigned int i = 0; i < hListThread.size(); i++)
{ {
SetContextDataEx(hListThread.at(i).hThread, UE_DR2, bpxAddress); SetContextDataEx(hListThread.at(i).hThread, UE_DR2, bpxAddress);
SetContextDataEx(hListThread.at(i).hThread, UE_DR7, HardwareBPX); SetContextDataEx(hListThread.at(i).hThread, UE_DR7, HardwareBPX);
@ -795,9 +795,9 @@ __declspec(dllexport) bool TITCALL DeleteHardwareBreakPoint(DWORD IndexOfRegiste
else if(IndexOfRegister == UE_DR3) else if(IndexOfRegister == UE_DR3)
{ {
HardwareBPX = (ULONG_PTR)GetContextData(UE_DR7); HardwareBPX = (ULONG_PTR)GetContextData(UE_DR7);
HardwareBPX = HardwareBPX &~ (1 << 6); HardwareBPX = HardwareBPX & ~(1 << 6);
HardwareBPX = HardwareBPX &~ (1 << 7); HardwareBPX = HardwareBPX & ~(1 << 7);
for(unsigned int i=0; i<hListThread.size(); i++) for(unsigned int i = 0; i < hListThread.size(); i++)
{ {
SetContextDataEx(hListThread.at(i).hThread, UE_DR3, bpxAddress); SetContextDataEx(hListThread.at(i).hThread, UE_DR3, bpxAddress);
SetContextDataEx(hListThread.at(i).hThread, UE_DR7, HardwareBPX); SetContextDataEx(hListThread.at(i).hThread, UE_DR7, HardwareBPX);
@ -817,10 +817,10 @@ __declspec(dllexport) bool TITCALL DeleteHardwareBreakPoint(DWORD IndexOfRegiste
__declspec(dllexport) bool TITCALL RemoveAllBreakPoints(DWORD RemoveOption) __declspec(dllexport) bool TITCALL RemoveAllBreakPoints(DWORD RemoveOption)
{ {
CriticalSectionLocker lock(LockBreakPointBuffer); CriticalSectionLocker lock(LockBreakPointBuffer);
int bpcount=(int)BreakPointBuffer.size(); int bpcount = (int)BreakPointBuffer.size();
if(RemoveOption == UE_OPTION_REMOVEALL) if(RemoveOption == UE_OPTION_REMOVEALL)
{ {
for(int i=bpcount-1; i>-1; i--) for(int i = bpcount - 1; i > -1; i--)
{ {
if(BreakPointBuffer.at(i).BreakPointType == UE_BREAKPOINT) if(BreakPointBuffer.at(i).BreakPointType == UE_BREAKPOINT)
{ {
@ -846,7 +846,7 @@ __declspec(dllexport) bool TITCALL RemoveAllBreakPoints(DWORD RemoveOption)
} }
else if(RemoveOption == UE_OPTION_DISABLEALL) else if(RemoveOption == UE_OPTION_DISABLEALL)
{ {
for(int i=bpcount-1; i>-1; i--) for(int i = bpcount - 1; i > -1; i--)
{ {
if(BreakPointBuffer.at(i).BreakPointType == UE_BREAKPOINT && BreakPointBuffer.at(i).BreakPointActive == UE_BPXACTIVE) if(BreakPointBuffer.at(i).BreakPointType == UE_BREAKPOINT && BreakPointBuffer.at(i).BreakPointActive == UE_BPXACTIVE)
{ {
@ -868,7 +868,7 @@ __declspec(dllexport) bool TITCALL RemoveAllBreakPoints(DWORD RemoveOption)
} }
else if(RemoveOption == UE_OPTION_REMOVEALLDISABLED) else if(RemoveOption == UE_OPTION_REMOVEALLDISABLED)
{ {
for(int i=bpcount-1; i>-1; i--) for(int i = bpcount - 1; i > -1; i--)
{ {
if(BreakPointBuffer.at(i).BreakPointType == UE_BREAKPOINT && BreakPointBuffer.at(i).BreakPointActive == UE_BPXINACTIVE) if(BreakPointBuffer.at(i).BreakPointType == UE_BREAKPOINT && BreakPointBuffer.at(i).BreakPointActive == UE_BPXINACTIVE)
{ {
@ -881,7 +881,7 @@ __declspec(dllexport) bool TITCALL RemoveAllBreakPoints(DWORD RemoveOption)
} }
else if(RemoveOption == UE_OPTION_REMOVEALLENABLED) else if(RemoveOption == UE_OPTION_REMOVEALLENABLED)
{ {
for(int i=bpcount-1; i>-1; i--) for(int i = bpcount - 1; i > -1; i--)
{ {
if(BreakPointBuffer.at(i).BreakPointType == UE_BREAKPOINT && BreakPointBuffer.at(i).BreakPointActive == UE_BPXACTIVE) if(BreakPointBuffer.at(i).BreakPointType == UE_BREAKPOINT && BreakPointBuffer.at(i).BreakPointActive == UE_BPXACTIVE)
{ {

34
TitanEngine/TitanEngine.Debugger.Context.cpp
View File

@ -13,7 +13,7 @@ __declspec(dllexport) bool TITCALL GetContextFPUDataEx(HANDLE hActiveThread, voi
memset(&DBGContext, 0, sizeof(CONTEXT)); memset(&DBGContext, 0, sizeof(CONTEXT));
DBGContext.ContextFlags = CONTEXT_ALL; DBGContext.ContextFlags = CONTEXT_ALL;
if(SuspendThread(hActiveThread) == (DWORD)-1) if(SuspendThread(hActiveThread) == (DWORD) - 1)
return false; return false;
if(!GetThreadContext(hActiveThread, &DBGContext)) if(!GetThreadContext(hActiveThread, &DBGContext))
@ -39,7 +39,7 @@ __declspec(dllexport) ULONG_PTR TITCALL GetContextDataEx(HANDLE hActiveThread, D
memset(&DBGContext, 0, sizeof(CONTEXT)); memset(&DBGContext, 0, sizeof(CONTEXT));
DBGContext.ContextFlags = CONTEXT_ALL; DBGContext.ContextFlags = CONTEXT_ALL;
if(SuspendThread(hActiveThread) == (DWORD)-1) if(SuspendThread(hActiveThread) == (DWORD) - 1)
return retValue; return retValue;
if(!GetThreadContext(hActiveThread, &DBGContext)) if(!GetThreadContext(hActiveThread, &DBGContext))
@ -52,43 +52,43 @@ __declspec(dllexport) ULONG_PTR TITCALL GetContextDataEx(HANDLE hActiveThread, D
#ifdef _WIN64 //x64 #ifdef _WIN64 //x64
if(IndexOfRegister == UE_EAX) if(IndexOfRegister == UE_EAX)
{ {
retValue = DBGContext.Rax&0xFFFFFFFF; retValue = DBGContext.Rax & 0xFFFFFFFF;
} }
else if(IndexOfRegister == UE_EBX) else if(IndexOfRegister == UE_EBX)
{ {
retValue = DBGContext.Rbx&0xFFFFFFFF; retValue = DBGContext.Rbx & 0xFFFFFFFF;
} }
else if(IndexOfRegister == UE_ECX) else if(IndexOfRegister == UE_ECX)
{ {
retValue = DBGContext.Rcx&0xFFFFFFFF; retValue = DBGContext.Rcx & 0xFFFFFFFF;
} }
else if(IndexOfRegister == UE_EDX) else if(IndexOfRegister == UE_EDX)
{ {
retValue = DBGContext.Rdx&0xFFFFFFFF; retValue = DBGContext.Rdx & 0xFFFFFFFF;
} }
else if(IndexOfRegister == UE_EDI) else if(IndexOfRegister == UE_EDI)
{ {
retValue = DBGContext.Rdi&0xFFFFFFFF; retValue = DBGContext.Rdi & 0xFFFFFFFF;
} }
else if(IndexOfRegister == UE_ESI) else if(IndexOfRegister == UE_ESI)
{ {
retValue = DBGContext.Rsi&0xFFFFFFFF; retValue = DBGContext.Rsi & 0xFFFFFFFF;
} }
else if(IndexOfRegister == UE_EBP) else if(IndexOfRegister == UE_EBP)
{ {
retValue = DBGContext.Rbp&0xFFFFFFFF; retValue = DBGContext.Rbp & 0xFFFFFFFF;
} }
else if(IndexOfRegister == UE_ESP) else if(IndexOfRegister == UE_ESP)
{ {
retValue = DBGContext.Rsp&0xFFFFFFFF; retValue = DBGContext.Rsp & 0xFFFFFFFF;
} }
else if(IndexOfRegister == UE_EIP) else if(IndexOfRegister == UE_EIP)
{ {
retValue = DBGContext.Rip&0xFFFFFFFF; retValue = DBGContext.Rip & 0xFFFFFFFF;
} }
else if(IndexOfRegister == UE_EFLAGS) else if(IndexOfRegister == UE_EFLAGS)
{ {
retValue = DBGContext.EFlags&0xFFFFFFFF; retValue = DBGContext.EFlags & 0xFFFFFFFF;
} }
else if(IndexOfRegister == UE_RAX) else if(IndexOfRegister == UE_RAX)
{ {
@ -273,7 +273,7 @@ __declspec(dllexport) ULONG_PTR TITCALL GetContextDataEx(HANDLE hActiveThread, D
__declspec(dllexport) ULONG_PTR TITCALL GetContextData(DWORD IndexOfRegister) __declspec(dllexport) ULONG_PTR TITCALL GetContextData(DWORD IndexOfRegister)
{ {
HANDLE hActiveThread = OpenThread(THREAD_SUSPEND_RESUME|THREAD_GET_CONTEXT, false, DBGEvent.dwThreadId); HANDLE hActiveThread = OpenThread(THREAD_SUSPEND_RESUME | THREAD_GET_CONTEXT, false, DBGEvent.dwThreadId);
ULONG_PTR ContextReturn = GetContextDataEx(hActiveThread, IndexOfRegister); ULONG_PTR ContextReturn = GetContextDataEx(hActiveThread, IndexOfRegister);
EngineCloseHandle(hActiveThread); EngineCloseHandle(hActiveThread);
return ContextReturn; return ContextReturn;
@ -287,7 +287,7 @@ __declspec(dllexport) bool TITCALL SetContextFPUDataEx(HANDLE hActiveThread, voi
memset(&DBGContext, 0, sizeof(CONTEXT)); memset(&DBGContext, 0, sizeof(CONTEXT));
DBGContext.ContextFlags = CONTEXT_ALL; DBGContext.ContextFlags = CONTEXT_ALL;
if(SuspendThread(hActiveThread) == (DWORD)-1) if(SuspendThread(hActiveThread) == (DWORD) - 1)
return false; return false;
if(!GetThreadContext(hActiveThread, &DBGContext)) if(!GetThreadContext(hActiveThread, &DBGContext))
@ -316,7 +316,7 @@ __declspec(dllexport) bool TITCALL SetContextDataEx(HANDLE hActiveThread, DWORD
memset(&DBGContext, 0, sizeof(CONTEXT)); memset(&DBGContext, 0, sizeof(CONTEXT));
DBGContext.ContextFlags = CONTEXT_ALL; DBGContext.ContextFlags = CONTEXT_ALL;
if(SuspendThread(hActiveThread) == (DWORD)-1) if(SuspendThread(hActiveThread) == (DWORD) - 1)
return false; return false;
if(!GetThreadContext(hActiveThread, &DBGContext)) if(!GetThreadContext(hActiveThread, &DBGContext))
@ -324,7 +324,7 @@ __declspec(dllexport) bool TITCALL SetContextDataEx(HANDLE hActiveThread, DWORD
ResumeThread(hActiveThread); ResumeThread(hActiveThread);
return false; return false;
} }
#ifdef _WIN64 //x64 #ifdef _WIN64 //x64
if(IndexOfRegister == UE_EAX) if(IndexOfRegister == UE_EAX)
{ {
@ -571,7 +571,7 @@ __declspec(dllexport) bool TITCALL SetContextDataEx(HANDLE hActiveThread, DWORD
__declspec(dllexport) bool TITCALL SetContextData(DWORD IndexOfRegister, ULONG_PTR NewRegisterValue) __declspec(dllexport) bool TITCALL SetContextData(DWORD IndexOfRegister, ULONG_PTR NewRegisterValue)
{ {
HANDLE hActiveThread = OpenThread(THREAD_SUSPEND_RESUME|THREAD_SET_CONTEXT|THREAD_GET_CONTEXT, false, DBGEvent.dwThreadId); HANDLE hActiveThread = OpenThread(THREAD_SUSPEND_RESUME | THREAD_SET_CONTEXT | THREAD_GET_CONTEXT, false, DBGEvent.dwThreadId);
bool ContextReturn = SetContextDataEx(hActiveThread, IndexOfRegister, NewRegisterValue); bool ContextReturn = SetContextDataEx(hActiveThread, IndexOfRegister, NewRegisterValue);
EngineCloseHandle(hActiveThread); EngineCloseHandle(hActiveThread);
return ContextReturn; return ContextReturn;

22
TitanEngine/TitanEngine.Debugger.Control.cpp
View File

@ -8,23 +8,23 @@
__declspec(dllexport) void TITCALL ForceClose() __declspec(dllexport) void TITCALL ForceClose()
{ {
//manage process list //manage process list
int processcount=(int)hListProcess.size(); int processcount = (int)hListProcess.size();
for(int i=0; i<processcount; i++) for(int i = 0; i < processcount; i++)
{ {
EngineCloseHandle(hListProcess.at(i).hFile); EngineCloseHandle(hListProcess.at(i).hFile);
EngineCloseHandle(hListProcess.at(i).hProcess); EngineCloseHandle(hListProcess.at(i).hProcess);
} }
ClearProcessList(); ClearProcessList();
//manage thread list //manage thread list
int threadcount=(int)hListThread.size(); int threadcount = (int)hListThread.size();
for(int i=0; i<threadcount; i++) for(int i = 0; i < threadcount; i++)
EngineCloseHandle(hListThread.at(i).hThread); EngineCloseHandle(hListThread.at(i).hThread);
ClearThreadList(); ClearThreadList();
//manage library list //manage library list
int libcount=(int)hListLibrary.size(); int libcount = (int)hListLibrary.size();
for(int i=0; i<libcount; i++) for(int i = 0; i < libcount; i++)
{ {
if(hListLibrary.at(i).hFile != (HANDLE)-1) if(hListLibrary.at(i).hFile != (HANDLE) - 1)
{ {
if(hListLibrary.at(i).hFileMappingView != NULL) if(hListLibrary.at(i).hFileMappingView != NULL)
{ {
@ -52,7 +52,7 @@ __declspec(dllexport) void TITCALL StepInto(LPVOID StepCallBack)
ULONG_PTR ueCurrentPosition = GetContextData(UE_CIP); ULONG_PTR ueCurrentPosition = GetContextData(UE_CIP);
unsigned char instr[16]; unsigned char instr[16];
MemoryReadSafe(dbgProcessInformation.hProcess, (void*)ueCurrentPosition, instr, sizeof(instr), 0); MemoryReadSafe(dbgProcessInformation.hProcess, (void*)ueCurrentPosition, instr, sizeof(instr), 0);
char* DisassembledString=(char*)StaticDisassembleEx(ueCurrentPosition, (LPVOID)instr); char* DisassembledString = (char*)StaticDisassembleEx(ueCurrentPosition, (LPVOID)instr);
if(strstr(DisassembledString, "PUSHF")) if(strstr(DisassembledString, "PUSHF"))
StepOver(StepCallBack); StepOver(StepCallBack);
else else
@ -72,11 +72,11 @@ __declspec(dllexport) void TITCALL StepOver(LPVOID StepCallBack)
ULONG_PTR ueCurrentPosition = GetContextData(UE_CIP); ULONG_PTR ueCurrentPosition = GetContextData(UE_CIP);
unsigned char instr[16]; unsigned char instr[16];
MemoryReadSafe(dbgProcessInformation.hProcess, (void*)ueCurrentPosition, instr, sizeof(instr), 0); MemoryReadSafe(dbgProcessInformation.hProcess, (void*)ueCurrentPosition, instr, sizeof(instr), 0);
char* DisassembledString=(char*)StaticDisassembleEx(ueCurrentPosition, (LPVOID)instr); char* DisassembledString = (char*)StaticDisassembleEx(ueCurrentPosition, (LPVOID)instr);
if(strstr(DisassembledString, "CALL") || strstr(DisassembledString, "REP") || strstr(DisassembledString, "PUSHF")) if(strstr(DisassembledString, "CALL") || strstr(DisassembledString, "REP") || strstr(DisassembledString, "PUSHF"))
{ {
ueCurrentPosition+=StaticLengthDisassemble((void*)instr); ueCurrentPosition += StaticLengthDisassemble((void*)instr);
SetBPX(ueCurrentPosition, UE_BREAKPOINT_TYPE_INT3+UE_SINGLESHOOT, StepCallBack); SetBPX(ueCurrentPosition, UE_BREAKPOINT_TYPE_INT3 + UE_SINGLESHOOT, StepCallBack);
} }
else else
StepInto(StepCallBack); StepInto(StepCallBack);

94
TitanEngine/TitanEngine.Debugger.DebugLoop.cpp
View File

@ -31,9 +31,9 @@ __declspec(dllexport) void TITCALL DebugLoop()
DebugRemoveDebugPrivilege = false; //reset this flag DebugRemoveDebugPrivilege = false; //reset this flag
PLIBRARY_ITEM_DATAW hLoadedLibData = NULL; PLIBRARY_ITEM_DATAW hLoadedLibData = NULL;
PLIBRARY_BREAK_DATA ptrLibrarianData = NULL; PLIBRARY_BREAK_DATA ptrLibrarianData = NULL;
typedef void(TITCALL *fCustomBreakPoint)(void); typedef void(TITCALL * fCustomBreakPoint)(void);
typedef void(TITCALL *fCustomHandler)(void* SpecialDBG); typedef void(TITCALL * fCustomHandler)(void* SpecialDBG);
typedef void(TITCALL *fFindOEPHandler)(LPPROCESS_INFORMATION fProcessInfo, LPVOID fCallBack); typedef void(TITCALL * fFindOEPHandler)(LPPROCESS_INFORMATION fProcessInfo, LPVOID fCallBack);
fCustomHandler myCustomHandler; fCustomHandler myCustomHandler;
fCustomBreakPoint myCustomBreakPoint; fCustomBreakPoint myCustomBreakPoint;
ULONG_PTR MemoryBpxCallBack = 0; ULONG_PTR MemoryBpxCallBack = 0;
@ -230,7 +230,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
if(ResetHwBPX) if(ResetHwBPX)
{ {
SetHardwareBreakPoint(DebugRegisterX.DrxBreakAddress, DebugRegisterXId, DebugRegisterX.DrxBreakPointType, DebugRegisterX.DrxBreakPointSize, (void*)DebugRegisterX.DrxCallBack); SetHardwareBreakPoint(DebugRegisterX.DrxBreakAddress, DebugRegisterXId, DebugRegisterX.DrxBreakPointType, DebugRegisterX.DrxBreakPointSize, (void*)DebugRegisterX.DrxCallBack);
ResetHwBPX=false; ResetHwBPX = false;
} }
//custom handler //custom handler
@ -311,14 +311,14 @@ __declspec(dllexport) void TITCALL DebugLoop()
{ {
NewLibraryData.hFileMapping = hFileMapping; NewLibraryData.hFileMapping = hFileMapping;
NewLibraryData.hFileMappingView = hFileMappingView; NewLibraryData.hFileMappingView = hFileMappingView;
if(GetMappedFileNameW(GetCurrentProcess(), hFileMappingView, DLLDebugFileName, sizeof(DLLDebugFileName)/sizeof(DLLDebugFileName[0])) > NULL) if(GetMappedFileNameW(GetCurrentProcess(), hFileMappingView, DLLDebugFileName, sizeof(DLLDebugFileName) / sizeof(DLLDebugFileName[0])) > NULL)
{ {
int i = lstrlenW(DLLDebugFileName); int i = lstrlenW(DLLDebugFileName);
while(DLLDebugFileName[i]!='\\' && i) while(DLLDebugFileName[i] != '\\' && i)
i--; i--;
if(DebugDebuggingDLL) if(DebugDebuggingDLL)
{ {
if(lstrcmpiW(&DLLDebugFileName[i+1], DebugDebuggingDLLFileName) == NULL) if(lstrcmpiW(&DLLDebugFileName[i + 1], DebugDebuggingDLLFileName) == NULL)
{ {
CloseHandle(DebugDLLFileMapping); //close file mapping handle CloseHandle(DebugDLLFileMapping); //close file mapping handle
SetBPX(DebugModuleEntryPoint + (ULONG_PTR)DBGEvent.u.LoadDll.lpBaseOfDll, UE_SINGLESHOOT, DebugModuleEntryPointCallBack); SetBPX(DebugModuleEntryPoint + (ULONG_PTR)DBGEvent.u.LoadDll.lpBaseOfDll, UE_SINGLESHOOT, DebugModuleEntryPointCallBack);
@ -334,12 +334,12 @@ __declspec(dllexport) void TITCALL DebugLoop()
} }
if(engineFakeDLLHandle == NULL) if(engineFakeDLLHandle == NULL)
{ {
if(_wcsicmp(&DLLDebugFileName[i+1], L"kernel32.dll") == NULL) if(_wcsicmp(&DLLDebugFileName[i + 1], L"kernel32.dll") == NULL)
{ {
engineFakeDLLHandle = (ULONG_PTR)DBGEvent.u.LoadDll.lpBaseOfDll; engineFakeDLLHandle = (ULONG_PTR)DBGEvent.u.LoadDll.lpBaseOfDll;
} }
} }
lstrcpyW(NewLibraryData.szLibraryName, &DLLDebugFileName[i+1]); lstrcpyW(NewLibraryData.szLibraryName, &DLLDebugFileName[i + 1]);
szTranslatedNativeName = (wchar_t*)TranslateNativeNameW(DLLDebugFileName); szTranslatedNativeName = (wchar_t*)TranslateNativeNameW(DLLDebugFileName);
lstrcpyW(NewLibraryData.szLibraryPath, szTranslatedNativeName); lstrcpyW(NewLibraryData.szLibraryPath, szTranslatedNativeName);
VirtualFree((void*)szTranslatedNativeName, NULL, MEM_RELEASE); VirtualFree((void*)szTranslatedNativeName, NULL, MEM_RELEASE);
@ -349,7 +349,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
//library breakpoint //library breakpoint
for(int i = (int)LibrarianData.size() - 1; i >= 0; i--) for(int i = (int)LibrarianData.size() - 1; i >= 0; i--)
{ {
ptrLibrarianData=&LibrarianData.at(i); ptrLibrarianData = &LibrarianData.at(i);
if(!_stricmp(ptrLibrarianData->szLibraryName, szAnsiLibraryName)) if(!_stricmp(ptrLibrarianData->szLibraryName, szAnsiLibraryName))
{ {
if(ptrLibrarianData->bpxType == UE_ON_LIB_LOAD || ptrLibrarianData->bpxType == UE_ON_LIB_ALL) if(ptrLibrarianData->bpxType == UE_ON_LIB_LOAD || ptrLibrarianData->bpxType == UE_ON_LIB_ALL)
@ -416,7 +416,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
RtlZeroMemory(szAnsiLibraryName, sizeof(szAnsiLibraryName)); RtlZeroMemory(szAnsiLibraryName, sizeof(szAnsiLibraryName));
WideCharToMultiByte(CP_ACP, NULL, hLoadedLibData->szLibraryName, -1, szAnsiLibraryName, sizeof szAnsiLibraryName, NULL, NULL); WideCharToMultiByte(CP_ACP, NULL, hLoadedLibData->szLibraryName, -1, szAnsiLibraryName, sizeof szAnsiLibraryName, NULL, NULL);
for(int i= (int)LibrarianData.size() - 1; i >= 0; i--) for(int i = (int)LibrarianData.size() - 1; i >= 0; i--)
{ {
ptrLibrarianData = &LibrarianData.at(i); ptrLibrarianData = &LibrarianData.at(i);
if(!_stricmp(ptrLibrarianData->szLibraryName, szAnsiLibraryName)) if(!_stricmp(ptrLibrarianData->szLibraryName, szAnsiLibraryName))
@ -453,7 +453,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
EngineCloseHandle(hListLibrary.at(i).hFileMapping); EngineCloseHandle(hListLibrary.at(i).hFileMapping);
} }
EngineCloseHandle(hListLibrary.at(i).hFile); EngineCloseHandle(hListLibrary.at(i).hFile);
hListLibrary.erase(hListLibrary.begin()+i); hListLibrary.erase(hListLibrary.begin() + i);
break; break;
} }
} }
@ -519,17 +519,17 @@ __declspec(dllexport) void TITCALL DebugLoop()
{ {
case STATUS_BREAKPOINT: case STATUS_BREAKPOINT:
{ {
bool bFoundBreakPoint=false; bool bFoundBreakPoint = false;
BreakPointDetail FoundBreakPoint; BreakPointDetail FoundBreakPoint;
int bpcount=(int)BreakPointBuffer.size(); int bpcount = (int)BreakPointBuffer.size();
for(int i=0; i<bpcount; i++) for(int i = 0; i < bpcount; i++)
{ {
if(BreakPointBuffer.at(i).BreakPointAddress == (ULONG_PTR)DBGEvent.u.Exception.ExceptionRecord.ExceptionAddress - (BreakPointBuffer.at(i).BreakPointSize - 1) && if(BreakPointBuffer.at(i).BreakPointAddress == (ULONG_PTR)DBGEvent.u.Exception.ExceptionRecord.ExceptionAddress - (BreakPointBuffer.at(i).BreakPointSize - 1) &&
(BreakPointBuffer.at(i).BreakPointType == UE_BREAKPOINT || BreakPointBuffer.at(i).BreakPointType == UE_SINGLESHOOT) && (BreakPointBuffer.at(i).BreakPointType == UE_BREAKPOINT || BreakPointBuffer.at(i).BreakPointType == UE_SINGLESHOOT) &&
BreakPointBuffer.at(i).BreakPointActive == UE_BPXACTIVE) BreakPointBuffer.at(i).BreakPointActive == UE_BPXACTIVE)
{ {
FoundBreakPoint=BreakPointBuffer.at(i); FoundBreakPoint = BreakPointBuffer.at(i);
bFoundBreakPoint=true; bFoundBreakPoint = true;
break; break;
} }
} }
@ -539,7 +539,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)FoundBreakPoint.BreakPointAddress, &FoundBreakPoint.OriginalByte[0], FoundBreakPoint.BreakPointSize, &NumberOfBytesReadWritten)) if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)FoundBreakPoint.BreakPointAddress, &FoundBreakPoint.OriginalByte[0], FoundBreakPoint.BreakPointSize, &NumberOfBytesReadWritten))
{ {
DBGCode = DBG_CONTINUE; DBGCode = DBG_CONTINUE;
hActiveThread = OpenThread(THREAD_GET_CONTEXT|THREAD_SET_CONTEXT, false, DBGEvent.dwThreadId); hActiveThread = OpenThread(THREAD_GET_CONTEXT | THREAD_SET_CONTEXT, false, DBGEvent.dwThreadId);
myDBGContext.ContextFlags = CONTEXT_CONTROL; myDBGContext.ContextFlags = CONTEXT_CONTROL;
GetThreadContext(hActiveThread, &myDBGContext); GetThreadContext(hActiveThread, &myDBGContext);
if(FoundBreakPoint.BreakPointType != UE_SINGLESHOOT) if(FoundBreakPoint.BreakPointType != UE_SINGLESHOOT)
@ -555,7 +555,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
ULONG_PTR ueCurrentPosition = FoundBreakPoint.BreakPointAddress; ULONG_PTR ueCurrentPosition = FoundBreakPoint.BreakPointAddress;
unsigned char instr[16]; unsigned char instr[16];
MemoryReadSafe(dbgProcessInformation.hProcess, (void*)ueCurrentPosition, instr, sizeof(instr), 0); MemoryReadSafe(dbgProcessInformation.hProcess, (void*)ueCurrentPosition, instr, sizeof(instr), 0);
char* DisassembledString=(char*)StaticDisassembleEx(ueCurrentPosition, (LPVOID)instr); char* DisassembledString = (char*)StaticDisassembleEx(ueCurrentPosition, (LPVOID)instr);
if(strstr(DisassembledString, "PUSHF")) if(strstr(DisassembledString, "PUSHF"))
PushfBPX = true; PushfBPX = true;
myCustomBreakPoint = (fCustomBreakPoint)((LPVOID)FoundBreakPoint.ExecuteCallBack); myCustomBreakPoint = (fCustomBreakPoint)((LPVOID)FoundBreakPoint.ExecuteCallBack);
@ -630,7 +630,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
} }
if(engineTLSBreakOnCallBack) //set TLS callback breakpoints if(engineTLSBreakOnCallBack) //set TLS callback breakpoints
{ {
for(unsigned int i=0; i<tlsCallBackList.size(); i++) for(unsigned int i = 0; i < tlsCallBackList.size(); i++)
SetBPX(tlsCallBackList.at(i), UE_SINGLESHOOT, (LPVOID)engineTLSBreakOnCallBackAddress); SetBPX(tlsCallBackList.at(i), UE_SINGLESHOOT, (LPVOID)engineTLSBreakOnCallBackAddress);
ClearTlsCallBackList(); ClearTlsCallBackList();
engineTLSBreakOnCallBackAddress = NULL; engineTLSBreakOnCallBackAddress = NULL;
@ -663,8 +663,8 @@ __declspec(dllexport) void TITCALL DebugLoop()
if(PushfBPX) //remove trap flag from stack if(PushfBPX) //remove trap flag from stack
{ {
PushfBPX = false; PushfBPX = false;
void* csp=(void*)GetContextData(UE_CSP); void* csp = (void*)GetContextData(UE_CSP);
ULONG_PTR data=0; ULONG_PTR data = 0;
ReadProcessMemory(dbgProcessInformation.hProcess, csp, &data, sizeof(ULONG_PTR), 0); ReadProcessMemory(dbgProcessInformation.hProcess, csp, &data, sizeof(ULONG_PTR), 0);
data &= ~UE_TRAP_FLAG; data &= ~UE_TRAP_FLAG;
WriteProcessMemory(dbgProcessInformation.hProcess, csp, &data, sizeof(ULONG_PTR), 0); WriteProcessMemory(dbgProcessInformation.hProcess, csp, &data, sizeof(ULONG_PTR), 0);
@ -700,7 +700,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
} }
else else
{ {
hActiveThread = OpenThread(THREAD_GET_CONTEXT|THREAD_SET_CONTEXT|THREAD_QUERY_INFORMATION, false, DBGEvent.dwThreadId); hActiveThread = OpenThread(THREAD_GET_CONTEXT | THREAD_SET_CONTEXT | THREAD_QUERY_INFORMATION, false, DBGEvent.dwThreadId);
myDBGContext.ContextFlags = CONTEXT_CONTROL; myDBGContext.ContextFlags = CONTEXT_CONTROL;
GetThreadContext(hActiveThread, &myDBGContext); GetThreadContext(hActiveThread, &myDBGContext);
myDBGContext.EFlags |= UE_TRAP_FLAG; myDBGContext.EFlags |= UE_TRAP_FLAG;
@ -767,7 +767,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
else //no resetting needed (debugger reached hardware breakpoint or the user stepped) else //no resetting needed (debugger reached hardware breakpoint or the user stepped)
{ {
//handle hardware breakpoints //handle hardware breakpoints
hActiveThread = OpenThread(THREAD_GET_CONTEXT|THREAD_SET_CONTEXT, false, DBGEvent.dwThreadId); hActiveThread = OpenThread(THREAD_GET_CONTEXT | THREAD_SET_CONTEXT, false, DBGEvent.dwThreadId);
myDBGContext.ContextFlags = CONTEXT_DEBUG_REGISTERS | CONTEXT_CONTROL; myDBGContext.ContextFlags = CONTEXT_DEBUG_REGISTERS | CONTEXT_CONTROL;
GetThreadContext(hActiveThread, &myDBGContext); GetThreadContext(hActiveThread, &myDBGContext);
if((ULONG_PTR)DBGEvent.u.Exception.ExceptionRecord.ExceptionAddress == myDBGContext.Dr0 || (myDBGContext.Dr6 & 0x1)) if((ULONG_PTR)DBGEvent.u.Exception.ExceptionRecord.ExceptionAddress == myDBGContext.Dr0 || (myDBGContext.Dr6 & 0x1))
@ -888,7 +888,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
ULONG_PTR ueCurrentPosition = GetContextData(UE_CIP); ULONG_PTR ueCurrentPosition = GetContextData(UE_CIP);
unsigned char instr[16]; unsigned char instr[16];
MemoryReadSafe(dbgProcessInformation.hProcess, (void*)ueCurrentPosition, instr, sizeof(instr), 0); MemoryReadSafe(dbgProcessInformation.hProcess, (void*)ueCurrentPosition, instr, sizeof(instr), 0);
char* DisassembledString=(char*)StaticDisassembleEx(ueCurrentPosition, (LPVOID)instr); char* DisassembledString = (char*)StaticDisassembleEx(ueCurrentPosition, (LPVOID)instr);
if(strstr(DisassembledString, "PUSHF")) if(strstr(DisassembledString, "PUSHF"))
PushfBPX = true; PushfBPX = true;
} }
@ -915,7 +915,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
} }
} }
} }
if(DBGCode==DBG_EXCEPTION_NOT_HANDLED) //NOTE: only call the chSingleStep callback when the debuggee generated the exception if(DBGCode == DBG_EXCEPTION_NOT_HANDLED) //NOTE: only call the chSingleStep callback when the debuggee generated the exception
{ {
if(DBGCustomHandler->chSingleStep != NULL) if(DBGCustomHandler->chSingleStep != NULL)
{ {
@ -936,28 +936,28 @@ __declspec(dllexport) void TITCALL DebugLoop()
case STATUS_GUARD_PAGE_VIOLATION: case STATUS_GUARD_PAGE_VIOLATION:
{ {
ULONG_PTR bpaddr; ULONG_PTR bpaddr;
bool bFoundBreakPoint=false; bool bFoundBreakPoint = false;
BreakPointDetail FoundBreakPoint; BreakPointDetail FoundBreakPoint;
int bpcount=(int)BreakPointBuffer.size(); int bpcount = (int)BreakPointBuffer.size();
for(int i=0; i<bpcount; i++) for(int i = 0; i < bpcount; i++)
{ {
ULONG_PTR addr=BreakPointBuffer.at(i).BreakPointAddress; ULONG_PTR addr = BreakPointBuffer.at(i).BreakPointAddress;
bpaddr=(ULONG_PTR)DBGEvent.u.Exception.ExceptionRecord.ExceptionInformation[1]; //page accessed bpaddr = (ULONG_PTR)DBGEvent.u.Exception.ExceptionRecord.ExceptionInformation[1]; //page accessed
if(bpaddr>=addr && bpaddr<(addr+BreakPointBuffer.at(i).BreakPointSize) && if(bpaddr >= addr && bpaddr < (addr + BreakPointBuffer.at(i).BreakPointSize) &&
(BreakPointBuffer.at(i).BreakPointType == UE_MEMORY || (BreakPointBuffer.at(i).BreakPointType == UE_MEMORY ||
BreakPointBuffer.at(i).BreakPointType == UE_MEMORY_READ || BreakPointBuffer.at(i).BreakPointType == UE_MEMORY_READ ||
BreakPointBuffer.at(i).BreakPointType == UE_MEMORY_WRITE || BreakPointBuffer.at(i).BreakPointType == UE_MEMORY_WRITE ||
BreakPointBuffer.at(i).BreakPointType == UE_MEMORY_EXECUTE) && BreakPointBuffer.at(i).BreakPointType == UE_MEMORY_EXECUTE) &&
BreakPointBuffer.at(i).BreakPointActive == UE_BPXACTIVE) BreakPointBuffer.at(i).BreakPointActive == UE_BPXACTIVE)
{ {
FoundBreakPoint=BreakPointBuffer.at(i); FoundBreakPoint = BreakPointBuffer.at(i);
bFoundBreakPoint=true; bFoundBreakPoint = true;
break; break;
} }
} }
if(bFoundBreakPoint) //found memory breakpoint if(bFoundBreakPoint) //found memory breakpoint
{ {
hActiveThread = OpenThread(THREAD_GET_CONTEXT|THREAD_SET_CONTEXT, false, DBGEvent.dwThreadId); hActiveThread = OpenThread(THREAD_GET_CONTEXT | THREAD_SET_CONTEXT, false, DBGEvent.dwThreadId);
myDBGContext.ContextFlags = CONTEXT_CONTROL; myDBGContext.ContextFlags = CONTEXT_CONTROL;
GetThreadContext(hActiveThread, &myDBGContext); GetThreadContext(hActiveThread, &myDBGContext);
DBGCode = DBG_CONTINUE; //debugger handled the exception DBGCode = DBG_CONTINUE; //debugger handled the exception
@ -1107,13 +1107,13 @@ __declspec(dllexport) void TITCALL DebugLoop()
ULONG_PTR ueCurrentPosition = GetContextData(UE_CIP); ULONG_PTR ueCurrentPosition = GetContextData(UE_CIP);
unsigned char instr[16]; unsigned char instr[16];
MemoryReadSafe(dbgProcessInformation.hProcess, (void*)ueCurrentPosition, instr, sizeof(instr), 0); MemoryReadSafe(dbgProcessInformation.hProcess, (void*)ueCurrentPosition, instr, sizeof(instr), 0);
char* DisassembledString=(char*)StaticDisassembleEx(ueCurrentPosition, (LPVOID)instr); char* DisassembledString = (char*)StaticDisassembleEx(ueCurrentPosition, (LPVOID)instr);
if(strstr(DisassembledString, "PUSHF")) if(strstr(DisassembledString, "PUSHF"))
PushfBPX = true; PushfBPX = true;
} }
//debuggee generated GUARD_PAGE exception //debuggee generated GUARD_PAGE exception
if(DBGCode==DBG_EXCEPTION_NOT_HANDLED) if(DBGCode == DBG_EXCEPTION_NOT_HANDLED)
{ {
//TODO: restore memory breakpoint? //TODO: restore memory breakpoint?
if(DBGCustomHandler->chPageGuard != NULL) if(DBGCustomHandler->chPageGuard != NULL)
@ -1152,17 +1152,17 @@ __declspec(dllexport) void TITCALL DebugLoop()
case STATUS_ILLEGAL_INSTRUCTION: case STATUS_ILLEGAL_INSTRUCTION:
{ {
//UD2 breakpoint //UD2 breakpoint
bool bFoundBreakPoint=false; bool bFoundBreakPoint = false;
BreakPointDetail FoundBreakPoint; BreakPointDetail FoundBreakPoint;
int bpcount=(int)BreakPointBuffer.size(); int bpcount = (int)BreakPointBuffer.size();
for(int i=0; i<bpcount; i++) for(int i = 0; i < bpcount; i++)
{ {
if(BreakPointBuffer.at(i).BreakPointAddress == (ULONG_PTR)DBGEvent.u.Exception.ExceptionRecord.ExceptionAddress && if(BreakPointBuffer.at(i).BreakPointAddress == (ULONG_PTR)DBGEvent.u.Exception.ExceptionRecord.ExceptionAddress &&
(BreakPointBuffer.at(i).BreakPointType == UE_BREAKPOINT || BreakPointBuffer.at(i).BreakPointType == UE_SINGLESHOOT) && (BreakPointBuffer.at(i).BreakPointType == UE_BREAKPOINT || BreakPointBuffer.at(i).BreakPointType == UE_SINGLESHOOT) &&
BreakPointBuffer.at(i).BreakPointActive == UE_BPXACTIVE) BreakPointBuffer.at(i).BreakPointActive == UE_BPXACTIVE)
{ {
FoundBreakPoint=BreakPointBuffer.at(i); FoundBreakPoint = BreakPointBuffer.at(i);
bFoundBreakPoint=true; bFoundBreakPoint = true;
break; break;
} }
} }
@ -1172,7 +1172,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)FoundBreakPoint.BreakPointAddress, &FoundBreakPoint.OriginalByte[0], FoundBreakPoint.BreakPointSize, &NumberOfBytesReadWritten)) if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)FoundBreakPoint.BreakPointAddress, &FoundBreakPoint.OriginalByte[0], FoundBreakPoint.BreakPointSize, &NumberOfBytesReadWritten))
{ {
DBGCode = DBG_CONTINUE; DBGCode = DBG_CONTINUE;
hActiveThread = OpenThread(THREAD_GET_CONTEXT|THREAD_SET_CONTEXT|THREAD_QUERY_INFORMATION, false, DBGEvent.dwThreadId); hActiveThread = OpenThread(THREAD_GET_CONTEXT | THREAD_SET_CONTEXT | THREAD_QUERY_INFORMATION, false, DBGEvent.dwThreadId);
myDBGContext.ContextFlags = CONTEXT_CONTROL; myDBGContext.ContextFlags = CONTEXT_CONTROL;
GetThreadContext(hActiveThread, &myDBGContext); GetThreadContext(hActiveThread, &myDBGContext);
if(FoundBreakPoint.BreakPointType != UE_SINGLESHOOT) if(FoundBreakPoint.BreakPointType != UE_SINGLESHOOT)
@ -1209,10 +1209,10 @@ __declspec(dllexport) void TITCALL DebugLoop()
VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)FoundBreakPoint.BreakPointAddress, FoundBreakPoint.BreakPointSize, OldProtect, &OldProtect); VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)FoundBreakPoint.BreakPointAddress, FoundBreakPoint.BreakPointSize, OldProtect, &OldProtect);
} }
else else
DBGCode=DBG_EXCEPTION_NOT_HANDLED; DBGCode = DBG_EXCEPTION_NOT_HANDLED;
//application-generated exception //application-generated exception
if(DBGCode==DBG_EXCEPTION_NOT_HANDLED) if(DBGCode == DBG_EXCEPTION_NOT_HANDLED)
{ {
if(DBGCustomHandler->chIllegalInstruction != NULL) if(DBGCustomHandler->chIllegalInstruction != NULL)
{ {
@ -1351,7 +1351,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
} }
//general unhandled exception callback //general unhandled exception callback
if(DBGCode==DBG_EXCEPTION_NOT_HANDLED) if(DBGCode == DBG_EXCEPTION_NOT_HANDLED)
{ {
if(engineExecutePluginCallBack) if(engineExecutePluginCallBack)
{ {
@ -1423,7 +1423,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
break; break;
} }
if(!ThreaderGetThreadInfo(0, DBGEvent.dwThreadId)) //switch thread if(!ThreaderGetThreadInfo(0, DBGEvent.dwThreadId)) //switch thread
DBGEvent.dwThreadId=dbgProcessInformation.dwThreadId; DBGEvent.dwThreadId = dbgProcessInformation.dwThreadId;
} }
if(!SecondChance) //debugger didn't close with a second chance exception (normal exit) if(!SecondChance) //debugger didn't close with a second chance exception (normal exit)

36
TitanEngine/TitanEngine.Debugger.Memory.cpp
View File

@ -51,7 +51,7 @@ __declspec(dllexport) bool TITCALL MatchPatternEx(HANDLE hProcess, void* MemoryT
if(memCmp) if(memCmp)
{ {
for(int i=0; i<SizeOfMemoryToCheck && i<SizeOfPatternToMatch; i++) for(int i = 0; i < SizeOfMemoryToCheck && i < SizeOfPatternToMatch; i++)
{ {
if(memCmp->Array.bArrayEntry[i] != memPattern->Array.bArrayEntry[i] && memPattern->Array.bArrayEntry[i] != *WildCard) if(memCmp->Array.bArrayEntry[i] != memPattern->Array.bArrayEntry[i] && memPattern->Array.bArrayEntry[i] != *WildCard)
{ {
@ -78,7 +78,7 @@ __declspec(dllexport) bool TITCALL MatchPattern(void* MemoryToCheck, int SizeOfM
__declspec(dllexport) ULONG_PTR TITCALL FindEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, LPBYTE WildCard) __declspec(dllexport) ULONG_PTR TITCALL FindEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, LPBYTE WildCard)
{ {
if(!hProcess || !MemoryStart ||!MemorySize || !SearchPattern || !PatternSize) if(!hProcess || !MemoryStart || !MemorySize || !SearchPattern || !PatternSize)
return 0; return 0;
ULONG_PTR Return = NULL; ULONG_PTR Return = NULL;
@ -128,10 +128,10 @@ __declspec(dllexport) ULONG_PTR TITCALL FindEx(HANDLE hProcess, LPVOID MemorySta
CompareBuffer = (PUCHAR)SearchPattern; CompareBuffer = (PUCHAR)SearchPattern;
DWORD i,j; DWORD i, j;
for(i=0; i < MemorySize && Return == NULL; i++) for(i = 0; i < MemorySize && Return == NULL; i++)
{ {
for(j=0; j < PatternSize; j++) for(j = 0; j < PatternSize; j++)
{ {
if(CompareBuffer[j] != *(PUCHAR)WildCard && SearchBuffer[i + j] != CompareBuffer[j]) if(CompareBuffer[j] != *(PUCHAR)WildCard && SearchBuffer[i + j] != CompareBuffer[j])
{ {
@ -205,7 +205,7 @@ __declspec(dllexport) bool TITCALL Fill(LPVOID MemoryStart, DWORD MemorySize, PB
__declspec(dllexport) bool TITCALL PatchEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, LPVOID ReplacePattern, DWORD ReplaceSize, bool AppendNOP, bool PrependNOP) __declspec(dllexport) bool TITCALL PatchEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, LPVOID ReplacePattern, DWORD ReplaceSize, bool AppendNOP, bool PrependNOP)
{ {
unsigned int i,recalcSize; unsigned int i, recalcSize;
LPVOID lpMemoryStart = MemoryStart; LPVOID lpMemoryStart = MemoryStart;
MEMORY_BASIC_INFORMATION MemInfo; MEMORY_BASIC_INFORMATION MemInfo;
ULONG_PTR ueNumberOfBytesRead; ULONG_PTR ueNumberOfBytesRead;
@ -326,20 +326,20 @@ __declspec(dllexport) bool TITCALL Replace(LPVOID MemoryStart, DWORD MemorySize,
//what should this function do: //what should this function do:
//- do all possible effort to read memory //- do all possible effort to read memory
//- filter out breakpoints //- filter out breakpoints
__declspec(dllexport) bool TITCALL MemoryReadSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T * lpNumberOfBytesRead) __declspec(dllexport) bool TITCALL MemoryReadSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T* lpNumberOfBytesRead)
{ {
SIZE_T ueNumberOfBytesRead = 0; SIZE_T ueNumberOfBytesRead = 0;
SIZE_T * pNumBytes = 0; SIZE_T* pNumBytes = 0;
DWORD dwProtect = 0; DWORD dwProtect = 0;
bool retValue = false; bool retValue = false;
//read memory //read memory
if ( (hProcess == 0) || (lpBaseAddress == 0) || (lpBuffer == 0) || (nSize == 0)) if((hProcess == 0) || (lpBaseAddress == 0) || (lpBuffer == 0) || (nSize == 0))
{ {
return false; return false;
} }
if (!lpNumberOfBytesRead) if(!lpNumberOfBytesRead)
{ {
pNumBytes = &ueNumberOfBytesRead; pNumBytes = &ueNumberOfBytesRead;
} }
@ -350,9 +350,9 @@ __declspec(dllexport) bool TITCALL MemoryReadSafe(HANDLE hProcess, LPVOID lpBase
if(!ReadProcessMemory(hProcess, lpBaseAddress, lpBuffer, nSize, pNumBytes)) if(!ReadProcessMemory(hProcess, lpBaseAddress, lpBuffer, nSize, pNumBytes))
{ {
if (VirtualProtectEx(hProcess, lpBaseAddress, nSize, PAGE_EXECUTE_READWRITE, &dwProtect)) if(VirtualProtectEx(hProcess, lpBaseAddress, nSize, PAGE_EXECUTE_READWRITE, &dwProtect))
{ {
if (ReadProcessMemory(hProcess, lpBaseAddress, lpBuffer, nSize, pNumBytes)) if(ReadProcessMemory(hProcess, lpBaseAddress, lpBuffer, nSize, pNumBytes))
{ {
retValue = true; retValue = true;
} }
@ -374,15 +374,15 @@ __declspec(dllexport) bool TITCALL MemoryReadSafe(HANDLE hProcess, LPVOID lpBase
//what should this function do: //what should this function do:
//- do all possible effort to write memory //- do all possible effort to write memory
//- re-set breakpoints when overwritten //- re-set breakpoints when overwritten
__declspec(dllexport) bool TITCALL MemoryWriteSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID lpBuffer, SIZE_T nSize, SIZE_T * lpNumberOfBytesWritten) __declspec(dllexport) bool TITCALL MemoryWriteSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID lpBuffer, SIZE_T nSize, SIZE_T* lpNumberOfBytesWritten)
{ {
SIZE_T ueNumberOfBytesWritten = 0; SIZE_T ueNumberOfBytesWritten = 0;
SIZE_T * pNumBytes = 0; SIZE_T* pNumBytes = 0;
DWORD dwProtect = 0; DWORD dwProtect = 0;
bool retValue = false; bool retValue = false;
//read memory //read memory
if ( (hProcess == 0) || (lpBaseAddress == 0) || (lpBuffer == 0) || (nSize == 0)) if((hProcess == 0) || (lpBaseAddress == 0) || (lpBuffer == 0) || (nSize == 0))
{ {
return false; return false;
} }
@ -391,7 +391,7 @@ __declspec(dllexport) bool TITCALL MemoryWriteSafe(HANDLE hProcess, LPVOID lpBas
//disable breakpoints that interfere with the memory to write //disable breakpoints that interfere with the memory to write
BreakPointPreWriteFilter((ULONG_PTR)lpBaseAddress, nSize, &lock); BreakPointPreWriteFilter((ULONG_PTR)lpBaseAddress, nSize, &lock);
if (!lpNumberOfBytesWritten) if(!lpNumberOfBytesWritten)
{ {
pNumBytes = &ueNumberOfBytesWritten; pNumBytes = &ueNumberOfBytesWritten;
} }
@ -402,9 +402,9 @@ __declspec(dllexport) bool TITCALL MemoryWriteSafe(HANDLE hProcess, LPVOID lpBas
if(!WriteProcessMemory(hProcess, lpBaseAddress, lpBuffer, nSize, pNumBytes)) if(!WriteProcessMemory(hProcess, lpBaseAddress, lpBuffer, nSize, pNumBytes))
{ {
if (VirtualProtectEx(hProcess, lpBaseAddress, nSize, PAGE_EXECUTE_READWRITE, &dwProtect)) if(VirtualProtectEx(hProcess, lpBaseAddress, nSize, PAGE_EXECUTE_READWRITE, &dwProtect))
{ {
if (WriteProcessMemory(hProcess, lpBaseAddress, lpBuffer, nSize, pNumBytes)) if(WriteProcessMemory(hProcess, lpBaseAddress, lpBuffer, nSize, pNumBytes))
{ {
retValue = true; retValue = true;
} }

58
TitanEngine/TitanEngine.Debugger.cpp
View File

@ -19,9 +19,9 @@ __declspec(dllexport) void* TITCALL InitDebug(char* szFileName, char* szCommandL
if(szFileName != NULL) if(szFileName != NULL)
{ {
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szCommandLine, lstrlenA(szCommandLine)+1, uniCommandLine, sizeof(uniCommandLine)/(sizeof(uniCommandLine[0]))); MultiByteToWideChar(CP_ACP, NULL, szCommandLine, lstrlenA(szCommandLine) + 1, uniCommandLine, sizeof(uniCommandLine) / (sizeof(uniCommandLine[0])));
MultiByteToWideChar(CP_ACP, NULL, szCurrentFolder, lstrlenA(szCurrentFolder)+1, uniCurrentFolder, sizeof(uniCurrentFolder)/(sizeof(uniCurrentFolder[0]))); MultiByteToWideChar(CP_ACP, NULL, szCurrentFolder, lstrlenA(szCurrentFolder) + 1, uniCurrentFolder, sizeof(uniCurrentFolder) / (sizeof(uniCurrentFolder[0])));
if(szFileName != NULL) if(szFileName != NULL)
{ {
PtrUniFileName = &uniFileName[0]; PtrUniFileName = &uniFileName[0];
@ -47,13 +47,13 @@ __declspec(dllexport) void* TITCALL InitDebugW(wchar_t* szFileName, wchar_t* szC
if(DebugDebuggingDLL) if(DebugDebuggingDLL)
{ {
DebugConsoleFlag = CREATE_NO_WINDOW|CREATE_SUSPENDED; DebugConsoleFlag = CREATE_NO_WINDOW | CREATE_SUSPENDED;
} }
else if(engineRemoveConsoleForDebugee) else if(engineRemoveConsoleForDebugee)
{ {
DebugConsoleFlag = CREATE_NO_WINDOW; DebugConsoleFlag = CREATE_NO_WINDOW;
} }
if(engineEnableDebugPrivilege) if(engineEnableDebugPrivilege)
{ {
EngineSetDebugPrivilege(GetCurrentProcess(), true); EngineSetDebugPrivilege(GetCurrentProcess(), true);
@ -63,17 +63,17 @@ __declspec(dllexport) void* TITCALL InitDebugW(wchar_t* szFileName, wchar_t* szC
wchar_t* szCommandLineCreateProcess; wchar_t* szCommandLineCreateProcess;
if(szCommandLine == NULL || !lstrlenW(szCommandLine)) if(szCommandLine == NULL || !lstrlenW(szCommandLine))
{ {
szCommandLineCreateProcess=0; szCommandLineCreateProcess = 0;
szFileNameCreateProcess=szFileName; szFileNameCreateProcess = szFileName;
} }
else else
{ {
wchar_t szCreateWithCmdLine[1024]; wchar_t szCreateWithCmdLine[1024];
wsprintfW(szCreateWithCmdLine, L"\"%s\" %s", szFileName, szCommandLine); wsprintfW(szCreateWithCmdLine, L"\"%s\" %s", szFileName, szCommandLine);
szCommandLineCreateProcess=szCreateWithCmdLine; szCommandLineCreateProcess = szCreateWithCmdLine;
szFileNameCreateProcess=0; szFileNameCreateProcess = 0;
} }
if(CreateProcessW(szFileNameCreateProcess, szCommandLineCreateProcess, NULL, NULL, false, DEBUG_PROCESS|DEBUG_ONLY_THIS_PROCESS|DebugConsoleFlag|CREATE_NEW_CONSOLE, NULL, szCurrentFolder, &dbgStartupInfo, &dbgProcessInformation)) if(CreateProcessW(szFileNameCreateProcess, szCommandLineCreateProcess, NULL, NULL, false, DEBUG_PROCESS | DEBUG_ONLY_THIS_PROCESS | DebugConsoleFlag | CREATE_NEW_CONSOLE, NULL, szCurrentFolder, &dbgStartupInfo, &dbgProcessInformation))
{ {
if(engineEnableDebugPrivilege) if(engineEnableDebugPrivilege)
EngineSetDebugPrivilege(GetCurrentProcess(), false); EngineSetDebugPrivilege(GetCurrentProcess(), false);
@ -119,9 +119,9 @@ __declspec(dllexport) void* TITCALL InitDLLDebug(char* szFileName, bool ReserveM
if(szFileName != NULL) if(szFileName != NULL)
{ {
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szCommandLine, lstrlenA(szCommandLine)+1, uniCommandLine, sizeof(uniCommandLine)/(sizeof(uniCommandLine[0]))); MultiByteToWideChar(CP_ACP, NULL, szCommandLine, lstrlenA(szCommandLine) + 1, uniCommandLine, sizeof(uniCommandLine) / (sizeof(uniCommandLine[0])));
MultiByteToWideChar(CP_ACP, NULL, szCurrentFolder, lstrlenA(szCurrentFolder)+1, uniCurrentFolder, sizeof(uniCurrentFolder)/(sizeof(uniCurrentFolder[0]))); MultiByteToWideChar(CP_ACP, NULL, szCurrentFolder, lstrlenA(szCurrentFolder) + 1, uniCurrentFolder, sizeof(uniCurrentFolder) / (sizeof(uniCurrentFolder[0])));
if(szFileName != NULL) if(szFileName != NULL)
{ {
PtrUniFileName = &uniFileName[0]; PtrUniFileName = &uniFileName[0];
@ -155,14 +155,14 @@ __declspec(dllexport) void* TITCALL InitDLLDebugW(wchar_t* szFileName, bool Rese
int i = lstrlenW(szDebuggerName); int i = lstrlenW(szDebuggerName);
while(szDebuggerName[i] != '\\' && i) while(szDebuggerName[i] != '\\' && i)
i--; i--;
wchar_t DLLLoaderName[64]=L""; wchar_t DLLLoaderName[64] = L"";
#ifdef _WIN64 #ifdef _WIN64
wsprintfW(DLLLoaderName, L"DLLLoader64_%.4X.exe", GetTickCount()&0xFFFF); wsprintfW(DLLLoaderName, L"DLLLoader64_%.4X.exe", GetTickCount() & 0xFFFF);
#else #else
wsprintfW(DLLLoaderName, L"DLLLoader32_%.4X.exe", GetTickCount()&0xFFFF); wsprintfW(DLLLoaderName, L"DLLLoader32_%.4X.exe", GetTickCount() & 0xFFFF);
#endif #endif
if(i) if(i)
lstrcpyW(szDebuggerName+i+1, DLLLoaderName); lstrcpyW(szDebuggerName + i + 1, DLLLoaderName);
else else
lstrcpyW(szDebuggerName, DLLLoaderName); lstrcpyW(szDebuggerName, DLLLoaderName);
@ -179,7 +179,7 @@ __declspec(dllexport) void* TITCALL InitDLLDebugW(wchar_t* szFileName, bool Rese
DebugDebuggingDLLBase = NULL; DebugDebuggingDLLBase = NULL;
DebugDebuggingMainModuleBase = NULL; DebugDebuggingMainModuleBase = NULL;
DebugDebuggingDLLFullFileName = szFileName; DebugDebuggingDLLFullFileName = szFileName;
DebugDebuggingDLLFileName = &szFileName[i+1]; DebugDebuggingDLLFileName = &szFileName[i + 1];
DebugModuleImageBase = (ULONG_PTR)GetPE32DataW(szFileName, NULL, UE_IMAGEBASE); DebugModuleImageBase = (ULONG_PTR)GetPE32DataW(szFileName, NULL, UE_IMAGEBASE);
DebugModuleEntryPoint = (ULONG_PTR)GetPE32DataW(szFileName, NULL, UE_OEP); DebugModuleEntryPoint = (ULONG_PTR)GetPE32DataW(szFileName, NULL, UE_OEP);
DebugModuleEntryPointCallBack = EntryCallBack; DebugModuleEntryPointCallBack = EntryCallBack;
@ -187,12 +187,12 @@ __declspec(dllexport) void* TITCALL InitDLLDebugW(wchar_t* szFileName, bool Rese
if(ReserveModuleBase) if(ReserveModuleBase)
DebugReserveModuleBase = DebugModuleImageBase; DebugReserveModuleBase = DebugModuleImageBase;
PPROCESS_INFORMATION ReturnValue = (PPROCESS_INFORMATION)InitDebugW(szDebuggerName, szCommandLine, szCurrentFolder); PPROCESS_INFORMATION ReturnValue = (PPROCESS_INFORMATION)InitDebugW(szDebuggerName, szCommandLine, szCurrentFolder);
wchar_t szName[256]=L""; wchar_t szName[256] = L"";
swprintf(szName, 256, L"Global\\szLibraryName%X", (unsigned int)ReturnValue->dwProcessId); swprintf(szName, 256, L"Global\\szLibraryName%X", (unsigned int)ReturnValue->dwProcessId);
DebugDLLFileMapping=CreateFileMappingW(INVALID_HANDLE_VALUE, 0, PAGE_READWRITE, 0, 512*sizeof(wchar_t), szName); DebugDLLFileMapping = CreateFileMappingW(INVALID_HANDLE_VALUE, 0, PAGE_READWRITE, 0, 512 * sizeof(wchar_t), szName);
if(DebugDLLFileMapping) if(DebugDLLFileMapping)
{ {
wchar_t* szLibraryPathMapping=(wchar_t*)MapViewOfFile(DebugDLLFileMapping, FILE_MAP_ALL_ACCESS, 0, 0, 512*sizeof(wchar_t)); wchar_t* szLibraryPathMapping = (wchar_t*)MapViewOfFile(DebugDLLFileMapping, FILE_MAP_ALL_ACCESS, 0, 0, 512 * sizeof(wchar_t));
if(szLibraryPathMapping) if(szLibraryPathMapping)
{ {
wcscpy(szLibraryPathMapping, DebugDebuggingDLLFullFileName); wcscpy(szLibraryPathMapping, DebugDebuggingDLLFullFileName);
@ -219,7 +219,7 @@ __declspec(dllexport) bool TITCALL StopDebug()
__declspec(dllexport) bool TITCALL AttachDebugger(DWORD ProcessId, bool KillOnExit, LPVOID DebugInfo, LPVOID CallBack) __declspec(dllexport) bool TITCALL AttachDebugger(DWORD ProcessId, bool KillOnExit, LPVOID DebugInfo, LPVOID CallBack)
{ {
typedef void(WINAPI *fDebugSetProcessKillOnExit)(bool KillExitingDebugee); typedef void(WINAPI * fDebugSetProcessKillOnExit)(bool KillExitingDebugee);
fDebugSetProcessKillOnExit myDebugSetProcessKillOnExit; fDebugSetProcessKillOnExit myDebugSetProcessKillOnExit;
LPVOID funcDebugSetProcessKillOnExit = NULL; LPVOID funcDebugSetProcessKillOnExit = NULL;
@ -259,7 +259,7 @@ __declspec(dllexport) bool TITCALL AttachDebugger(DWORD ProcessId, bool KillOnEx
__declspec(dllexport) bool TITCALL DetachDebugger(DWORD ProcessId) __declspec(dllexport) bool TITCALL DetachDebugger(DWORD ProcessId)
{ {
typedef bool(WINAPI *fDebugActiveProcessStop)(DWORD dwProcessId); typedef bool(WINAPI * fDebugActiveProcessStop)(DWORD dwProcessId);
fDebugActiveProcessStop myDebugActiveProcessStop; fDebugActiveProcessStop myDebugActiveProcessStop;
LPVOID funcDebugActiveProcessStop = NULL; LPVOID funcDebugActiveProcessStop = NULL;
bool FuncReturn = false; bool FuncReturn = false;
@ -292,10 +292,10 @@ __declspec(dllexport) bool TITCALL DetachDebugger(DWORD ProcessId)
__declspec(dllexport) bool TITCALL DetachDebuggerEx(DWORD ProcessId) __declspec(dllexport) bool TITCALL DetachDebuggerEx(DWORD ProcessId)
{ {
ThreaderPauseProcess(); ThreaderPauseProcess();
int threadcount=(int)hListThread.size(); int threadcount = (int)hListThread.size();
for(int i=0; i<threadcount; i++) for(int i = 0; i < threadcount; i++)
{ {
HANDLE hActiveThread = OpenThread(THREAD_GET_CONTEXT|THREAD_SET_CONTEXT, false, hListThread.at(i).dwThreadId); HANDLE hActiveThread = OpenThread(THREAD_GET_CONTEXT | THREAD_SET_CONTEXT, false, hListThread.at(i).dwThreadId);
CONTEXT myDBGContext; CONTEXT myDBGContext;
myDBGContext.ContextFlags = CONTEXT_CONTROL; myDBGContext.ContextFlags = CONTEXT_CONTROL;
GetThreadContext(hActiveThread, &myDBGContext); GetThreadContext(hActiveThread, &myDBGContext);
@ -321,9 +321,9 @@ __declspec(dllexport) void TITCALL AutoDebugEx(char* szFileName, bool ReserveMod
if(szFileName != NULL) if(szFileName != NULL)
{ {
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szCommandLine, lstrlenA(szCommandLine)+1, uniCommandLine, sizeof(uniCommandLine)/(sizeof(uniCommandLine[0]))); MultiByteToWideChar(CP_ACP, NULL, szCommandLine, lstrlenA(szCommandLine) + 1, uniCommandLine, sizeof(uniCommandLine) / (sizeof(uniCommandLine[0])));
MultiByteToWideChar(CP_ACP, NULL, szCurrentFolder, lstrlenA(szCurrentFolder)+1, uniCurrentFolder, sizeof(uniCurrentFolder)/(sizeof(uniCurrentFolder[0]))); MultiByteToWideChar(CP_ACP, NULL, szCurrentFolder, lstrlenA(szCurrentFolder) + 1, uniCurrentFolder, sizeof(uniCurrentFolder) / (sizeof(uniCurrentFolder[0])));
if(szFileName != NULL) if(szFileName != NULL)
{ {
PtrUniFileName = &uniFileName[0]; PtrUniFileName = &uniFileName[0];

26
TitanEngine/TitanEngine.Disassembler.cpp
View File

@ -12,17 +12,17 @@ _DecodeType DecodingType = Decode64Bits;
#endif #endif
SIZE_T IsBadReadPtrRemote(HANDLE hProcess, const VOID *lp, SIZE_T length) SIZE_T IsBadReadPtrRemote(HANDLE hProcess, const VOID* lp, SIZE_T length)
{ {
MEMORY_BASIC_INFORMATION MemInfo = {0}; MEMORY_BASIC_INFORMATION MemInfo = {0};
ULONG_PTR section = 0; ULONG_PTR section = 0;
if (VirtualQueryEx(hProcess, lp, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION))) if(VirtualQueryEx(hProcess, lp, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION)))
{ {
if(MemInfo.State == MEM_COMMIT) if(MemInfo.State == MEM_COMMIT)
{ {
SIZE_T res = (SIZE_T)MemInfo.BaseAddress + (SIZE_T)MemInfo.RegionSize - (SIZE_T)lp; SIZE_T res = (SIZE_T)MemInfo.BaseAddress + (SIZE_T)MemInfo.RegionSize - (SIZE_T)lp;
if (res >= length) if(res >= length)
{ {
return length; //good return length; //good
} }
@ -32,7 +32,7 @@ SIZE_T IsBadReadPtrRemote(HANDLE hProcess, const VOID *lp, SIZE_T length)
do do
{ {
if (VirtualQueryEx(hProcess, (LPVOID)section, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION))) if(VirtualQueryEx(hProcess, (LPVOID)section, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION)))
{ {
if(MemInfo.State == MEM_COMMIT) if(MemInfo.State == MEM_COMMIT)
{ {
@ -51,11 +51,11 @@ SIZE_T IsBadReadPtrRemote(HANDLE hProcess, const VOID *lp, SIZE_T length)
section += (ULONG_PTR)MemInfo.RegionSize; section += (ULONG_PTR)MemInfo.RegionSize;
} }
while (res < length); while(res < length);
return length; //good return length; //good
} }
} }
} }
@ -70,7 +70,7 @@ __declspec(dllexport) void* TITCALL StaticDisassembleEx(ULONG_PTR DisassmStart,
int MaxDisassmSize = (int)IsBadReadPtrRemote(GetCurrentProcess(), DisassmAddress, MAXIMUM_INSTRUCTION_SIZE); int MaxDisassmSize = (int)IsBadReadPtrRemote(GetCurrentProcess(), DisassmAddress, MAXIMUM_INSTRUCTION_SIZE);
if(MaxDisassmSize) if(MaxDisassmSize)
{ {
if (distorm_decode((ULONG_PTR)DisassmStart, (const unsigned char*)DisassmAddress, MaxDisassmSize, DecodingType, engineDecodedInstructions, _countof(engineDecodedInstructions), &DecodedInstructionsCount) != DECRES_INPUTERR) if(distorm_decode((ULONG_PTR)DisassmStart, (const unsigned char*)DisassmAddress, MaxDisassmSize, DecodingType, engineDecodedInstructions, _countof(engineDecodedInstructions), &DecodedInstructionsCount) != DECRES_INPUTERR)
{ {
RtlZeroMemory(engineDisassembledInstruction, sizeof(engineDisassembledInstruction)); RtlZeroMemory(engineDisassembledInstruction, sizeof(engineDisassembledInstruction));
@ -100,14 +100,14 @@ __declspec(dllexport) void* TITCALL DisassembleEx(HANDLE hProcess, LPVOID Disass
if(hProcess != NULL) if(hProcess != NULL)
{ {
int MaxDisassmSize = (int)IsBadReadPtrRemote(hProcess,DisassmAddress, sizeof(readBuffer)); int MaxDisassmSize = (int)IsBadReadPtrRemote(hProcess, DisassmAddress, sizeof(readBuffer));
if(MaxDisassmSize) if(MaxDisassmSize)
{ {
BOOL rpm = MemoryReadSafe(hProcess, DisassmAddress, readBuffer, MaxDisassmSize, 0); BOOL rpm = MemoryReadSafe(hProcess, DisassmAddress, readBuffer, MaxDisassmSize, 0);
if(rpm) if(rpm)
{ {
if (distorm_decode((ULONG_PTR)DisassmAddress, readBuffer, MaxDisassmSize, DecodingType, engineDecodedInstructions, _countof(engineDecodedInstructions), &DecodedInstructionsCount) != DECRES_INPUTERR) if(distorm_decode((ULONG_PTR)DisassmAddress, readBuffer, MaxDisassmSize, DecodingType, engineDecodedInstructions, _countof(engineDecodedInstructions), &DecodedInstructionsCount) != DECRES_INPUTERR)
{ {
RtlZeroMemory(engineDisassembledInstruction, sizeof(engineDisassembledInstruction)); RtlZeroMemory(engineDisassembledInstruction, sizeof(engineDisassembledInstruction));
@ -149,18 +149,18 @@ __declspec(dllexport) long TITCALL LengthDisassembleEx(HANDLE hProcess, LPVOID D
if(hProcess != NULL) if(hProcess != NULL)
{ {
int MaxDisassmSize = (int)IsBadReadPtrRemote(hProcess,DisassmAddress, sizeof(readBuffer)); int MaxDisassmSize = (int)IsBadReadPtrRemote(hProcess, DisassmAddress, sizeof(readBuffer));
if (MaxDisassmSize && MemoryReadSafe(hProcess, (LPVOID)DisassmAddress, readBuffer, MaxDisassmSize, 0)) if(MaxDisassmSize && MemoryReadSafe(hProcess, (LPVOID)DisassmAddress, readBuffer, MaxDisassmSize, 0))
{ {
decomposerCi.code = readBuffer; decomposerCi.code = readBuffer;
decomposerCi.codeLen = MaxDisassmSize; decomposerCi.codeLen = MaxDisassmSize;
decomposerCi.dt = DecodingType; decomposerCi.dt = DecodingType;
decomposerCi.codeOffset = (LONG_PTR)DisassmAddress; decomposerCi.codeOffset = (LONG_PTR)DisassmAddress;
if (distorm_decompose(&decomposerCi, decomposerResult, _countof(decomposerResult), &DecodedInstructionsCount) != DECRES_INPUTERR) if(distorm_decompose(&decomposerCi, decomposerResult, _countof(decomposerResult), &DecodedInstructionsCount) != DECRES_INPUTERR)
{ {
if (decomposerResult[0].flags != FLAG_NOT_DECODABLE) if(decomposerResult[0].flags != FLAG_NOT_DECODABLE)
{ {
return decomposerResult[0].size; return decomposerResult[0].size;
} }

30
TitanEngine/TitanEngine.Dumper.cpp
View File

@ -45,7 +45,7 @@ __declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBas
DOSHeader = (PIMAGE_DOS_HEADER)ueReadBuffer; DOSHeader = (PIMAGE_DOS_HEADER)ueReadBuffer;
PEHeader32 = (PIMAGE_NT_HEADERS32)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew); PEHeader32 = (PIMAGE_NT_HEADERS32)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
if ((DOSHeader->e_lfanew > 0x500) || (DOSHeader->e_magic != IMAGE_DOS_SIGNATURE) || (PEHeader32->Signature != IMAGE_NT_SIGNATURE)) if((DOSHeader->e_lfanew > 0x500) || (DOSHeader->e_magic != IMAGE_DOS_SIGNATURE) || (PEHeader32->Signature != IMAGE_NT_SIGNATURE))
{ {
return false; return false;
} }
@ -126,7 +126,7 @@ __declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBas
} }
PEFixHeader32->OptionalHeader.AddressOfEntryPoint = (DWORD)(EntryPoint - (ULONG_PTR)ImageBase); PEFixHeader32->OptionalHeader.AddressOfEntryPoint = (DWORD)(EntryPoint - (ULONG_PTR)ImageBase);
PEFixHeader32->OptionalHeader.ImageBase = (DWORD)((ULONG_PTR)ImageBase); PEFixHeader32->OptionalHeader.ImageBase = (DWORD)((ULONG_PTR)ImageBase);
for(int i=NumberOfSections; i>=1; i--) for(int i = NumberOfSections; i >= 1; i--)
{ {
PEFixSection->PointerToRawData = PEFixSection->VirtualAddress; PEFixSection->PointerToRawData = PEFixSection->VirtualAddress;
RealignedVirtualSize = (PEFixSection->Misc.VirtualSize / PEHeader32->OptionalHeader.SectionAlignment) * PEHeader32->OptionalHeader.SectionAlignment; RealignedVirtualSize = (PEFixSection->Misc.VirtualSize / PEHeader32->OptionalHeader.SectionAlignment) * PEHeader32->OptionalHeader.SectionAlignment;
@ -200,7 +200,7 @@ __declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBas
} }
PEFixHeader64->OptionalHeader.AddressOfEntryPoint = (DWORD)(EntryPoint - (ULONG_PTR)ImageBase); PEFixHeader64->OptionalHeader.AddressOfEntryPoint = (DWORD)(EntryPoint - (ULONG_PTR)ImageBase);
PEFixHeader64->OptionalHeader.ImageBase = (DWORD64)((ULONG_PTR)ImageBase); PEFixHeader64->OptionalHeader.ImageBase = (DWORD64)((ULONG_PTR)ImageBase);
for(int i=NumberOfSections; i>=1; i--) for(int i = NumberOfSections; i >= 1; i--)
{ {
PEFixSection->PointerToRawData = PEFixSection->VirtualAddress; PEFixSection->PointerToRawData = PEFixSection->VirtualAddress;
RealignedVirtualSize = (PEFixSection->Misc.VirtualSize / PEHeader64->OptionalHeader.SectionAlignment) * PEHeader64->OptionalHeader.SectionAlignment; RealignedVirtualSize = (PEFixSection->Misc.VirtualSize / PEHeader64->OptionalHeader.SectionAlignment) * PEHeader64->OptionalHeader.SectionAlignment;
@ -212,7 +212,7 @@ __declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBas
PEFixSection->Misc.VirtualSize = RealignedVirtualSize; PEFixSection->Misc.VirtualSize = RealignedVirtualSize;
PEFixSection = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PEFixSection + IMAGE_SIZEOF_SECTION_HEADER); PEFixSection = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PEFixSection + IMAGE_SIZEOF_SECTION_HEADER);
} }
WriteFile(hFile,ueCopyBuffer, (DWORD)AlignedHeaderSize, &uedNumberOfBytesRead, NULL); WriteFile(hFile, ueCopyBuffer, (DWORD)AlignedHeaderSize, &uedNumberOfBytesRead, NULL);
ReadBase = (LPVOID)((ULONG_PTR)ReadBase + (DWORD)AlignedHeaderSize - TITANENGINE_PAGESIZE); ReadBase = (LPVOID)((ULONG_PTR)ReadBase + (DWORD)AlignedHeaderSize - TITANENGINE_PAGESIZE);
while(SizeOfImageDump > NULL) while(SizeOfImageDump > NULL)
{ {
@ -246,7 +246,7 @@ __declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBas
}//EngineValidateHeader }//EngineValidateHeader
}//ReadProcessMemory }//ReadProcessMemory
if (hFile != INVALID_HANDLE_VALUE) if(hFile != INVALID_HANDLE_VALUE)
{ {
EngineCloseHandle(hFile); EngineCloseHandle(hFile);
} }
@ -274,7 +274,7 @@ __declspec(dllexport) bool TITCALL DumpProcessExW(DWORD ProcessId, LPVOID ImageB
HANDLE hProcess = 0; HANDLE hProcess = 0;
bool ReturnValue = false; bool ReturnValue = false;
hProcess = EngineOpenProcess(PROCESS_VM_READ|PROCESS_QUERY_INFORMATION, FALSE, ProcessId); hProcess = EngineOpenProcess(PROCESS_VM_READ | PROCESS_QUERY_INFORMATION, FALSE, ProcessId);
if(hProcess) if(hProcess)
{ {
ReturnValue = DumpProcessW(hProcess, ImageBase, szDumpFileName, EntryPoint); ReturnValue = DumpProcessW(hProcess, ImageBase, szDumpFileName, EntryPoint);
@ -320,16 +320,16 @@ __declspec(dllexport) bool TITCALL DumpMemoryW(HANDLE hProcess, LPVOID MemorySta
ReadBase = (LPVOID)ProcReadBase; ReadBase = (LPVOID)ProcReadBase;
if(MemorySize >= 0x1000) if(MemorySize >= 0x1000)
{ {
RtlZeroMemory(ueCopyBuffer,0x2000); RtlZeroMemory(ueCopyBuffer, 0x2000);
MemoryReadSafe(hProcess, ReadBase, ueCopyBuffer, 0x1000, &ueNumberOfBytesRead); MemoryReadSafe(hProcess, ReadBase, ueCopyBuffer, 0x1000, &ueNumberOfBytesRead);
WriteFile(hFile,ueCopyBuffer, 0x1000, &uedNumberOfBytesRead, NULL); WriteFile(hFile, ueCopyBuffer, 0x1000, &uedNumberOfBytesRead, NULL);
MemorySize = MemorySize - 0x1000; MemorySize = MemorySize - 0x1000;
} }
else else
{ {
RtlZeroMemory(ueCopyBuffer,0x2000); RtlZeroMemory(ueCopyBuffer, 0x2000);
MemoryReadSafe(hProcess, ReadBase, ueCopyBuffer, MemorySize, &ueNumberOfBytesRead); MemoryReadSafe(hProcess, ReadBase, ueCopyBuffer, MemorySize, &ueNumberOfBytesRead);
@ -364,7 +364,7 @@ __declspec(dllexport) bool TITCALL DumpMemoryExW(DWORD ProcessId, LPVOID MemoryS
HANDLE hProcess = 0; HANDLE hProcess = 0;
bool ReturnValue = false; bool ReturnValue = false;
hProcess = EngineOpenProcess(PROCESS_VM_READ|PROCESS_QUERY_INFORMATION, FALSE, ProcessId); hProcess = EngineOpenProcess(PROCESS_VM_READ | PROCESS_QUERY_INFORMATION, FALSE, ProcessId);
if(hProcess) if(hProcess)
{ {
ReturnValue = DumpMemoryW(hProcess, MemoryStart, MemorySize, szDumpFileName); ReturnValue = DumpMemoryW(hProcess, MemoryStart, MemorySize, szDumpFileName);
@ -403,7 +403,7 @@ __declspec(dllexport) bool TITCALL DumpRegionsW(HANDLE hProcess, wchar_t* szDump
if(hProcess != NULL) if(hProcess != NULL)
{ {
if (!EnumProcessModules(hProcess, EnumeratedModules, sizeof(EnumeratedModules), &cbNeeded)) if(!EnumProcessModules(hProcess, EnumeratedModules, sizeof(EnumeratedModules), &cbNeeded))
{ {
return false; return false;
} }
@ -430,7 +430,7 @@ __declspec(dllexport) bool TITCALL DumpRegionsW(HANDLE hProcess, wchar_t* szDump
RtlZeroMemory(&szDumpName, MAX_PATH); RtlZeroMemory(&szDumpName, MAX_PATH);
RtlZeroMemory(&szDumpFileName, MAX_PATH); RtlZeroMemory(&szDumpFileName, MAX_PATH);
lstrcpyW(szDumpFileName, szDumpFolder); lstrcpyW(szDumpFileName, szDumpFolder);
if(szDumpFileName[lstrlenW(szDumpFileName)-1] != L'\\') if(szDumpFileName[lstrlenW(szDumpFileName) - 1] != L'\\')
{ {
szDumpFileName[lstrlenW(szDumpFileName)] = L'\\'; szDumpFileName[lstrlenW(szDumpFileName)] = L'\\';
} }
@ -466,7 +466,7 @@ __declspec(dllexport) bool TITCALL DumpRegionsExW(DWORD ProcessId, wchar_t* szDu
HANDLE hProcess = 0; HANDLE hProcess = 0;
bool ReturnValue = false; bool ReturnValue = false;
hProcess = EngineOpenProcess(PROCESS_VM_READ|PROCESS_QUERY_INFORMATION, FALSE, ProcessId); hProcess = EngineOpenProcess(PROCESS_VM_READ | PROCESS_QUERY_INFORMATION, FALSE, ProcessId);
if(hProcess) if(hProcess)
{ {
ReturnValue = DumpRegionsW(hProcess, szDumpFolder, DumpAboveImageBaseOnly); ReturnValue = DumpRegionsW(hProcess, szDumpFolder, DumpAboveImageBaseOnly);
@ -506,7 +506,7 @@ __declspec(dllexport) bool TITCALL DumpModuleW(HANDLE hProcess, LPVOID ModuleBas
{ {
if(EnumeratedModules[i] == (HMODULE)ModuleBase) if(EnumeratedModules[i] == (HMODULE)ModuleBase)
{ {
if (GetModuleInformation(hProcess, (HMODULE)EnumeratedModules[i], &RemoteModuleInfo, sizeof(MODULEINFO))) if(GetModuleInformation(hProcess, (HMODULE)EnumeratedModules[i], &RemoteModuleInfo, sizeof(MODULEINFO)))
{ {
return(DumpMemoryW(hProcess, (LPVOID)EnumeratedModules[i], RemoteModuleInfo.SizeOfImage, szDumpFileName)); return(DumpMemoryW(hProcess, (LPVOID)EnumeratedModules[i], RemoteModuleInfo.SizeOfImage, szDumpFileName));
} }
@ -537,7 +537,7 @@ __declspec(dllexport) bool TITCALL DumpModuleExW(DWORD ProcessId, LPVOID ModuleB
HANDLE hProcess = 0; HANDLE hProcess = 0;
bool ReturnValue = false; bool ReturnValue = false;
hProcess = EngineOpenProcess(PROCESS_VM_READ|PROCESS_QUERY_INFORMATION, FALSE, ProcessId); hProcess = EngineOpenProcess(PROCESS_VM_READ | PROCESS_QUERY_INFORMATION, FALSE, ProcessId);
if(hProcess) //If the function fails, the return value is NULL. To get extended error information, call GetLastError. if(hProcess) //If the function fails, the return value is NULL. To get extended error information, call GetLastError.
{ {
ReturnValue = DumpModuleW(hProcess, ModuleBase, szDumpFileName); ReturnValue = DumpModuleW(hProcess, ModuleBase, szDumpFileName);

6
TitanEngine/TitanEngine.Engine.Simplification.cpp
View File

@ -11,14 +11,14 @@ __declspec(dllexport) void TITCALL EngineUnpackerInitialize(char* szFileName, ch
if(szFileName != NULL) if(szFileName != NULL)
{ {
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
if(szUnpackedFileName == NULL) if(szUnpackedFileName == NULL)
{ {
return EngineUnpackerInitializeW(uniFileName, NULL, DoLogData, DoRealignFile, DoMoveOverlay, EntryCallBack); return EngineUnpackerInitializeW(uniFileName, NULL, DoLogData, DoRealignFile, DoMoveOverlay, EntryCallBack);
} }
else else
{ {
MultiByteToWideChar(CP_ACP, NULL, szUnpackedFileName, lstrlenA(szUnpackedFileName)+1, uniUnpackedFileName, sizeof(uniUnpackedFileName)/(sizeof(uniUnpackedFileName[0]))); MultiByteToWideChar(CP_ACP, NULL, szUnpackedFileName, lstrlenA(szUnpackedFileName) + 1, uniUnpackedFileName, sizeof(uniUnpackedFileName) / (sizeof(uniUnpackedFileName[0])));
EngineUnpackerInitializeW(uniFileName, uniUnpackedFileName, DoLogData, DoRealignFile, DoMoveOverlay, EntryCallBack); EngineUnpackerInitializeW(uniFileName, uniUnpackedFileName, DoLogData, DoRealignFile, DoMoveOverlay, EntryCallBack);
} }
} }
@ -26,7 +26,7 @@ __declspec(dllexport) void TITCALL EngineUnpackerInitialize(char* szFileName, ch
__declspec(dllexport) void TITCALL EngineUnpackerInitializeW(wchar_t* szFileName, wchar_t* szUnpackedFileName, bool DoLogData, bool DoRealignFile, bool DoMoveOverlay, void* EntryCallBack) __declspec(dllexport) void TITCALL EngineUnpackerInitializeW(wchar_t* szFileName, wchar_t* szUnpackedFileName, bool DoLogData, bool DoRealignFile, bool DoMoveOverlay, void* EntryCallBack)
{ {
int i,j; int i, j;
wchar_t TempBackBuffer[MAX_PATH] = {}; wchar_t TempBackBuffer[MAX_PATH] = {};
if(szFileName != NULL) if(szFileName != NULL)

40
TitanEngine/TitanEngine.Engine.cpp
View File

@ -52,8 +52,8 @@ __declspec(dllexport) bool TITCALL EngineCreateMissingDependencies(char* szFileN
if(szFileName != NULL && szOutputFolder != NULL) if(szFileName != NULL && szOutputFolder != NULL)
{ {
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szOutputFolder, lstrlenA(szOutputFolder)+1, uniOutputFolder, sizeof(uniOutputFolder)/(sizeof(uniOutputFolder[0]))); MultiByteToWideChar(CP_ACP, NULL, szOutputFolder, lstrlenA(szOutputFolder) + 1, uniOutputFolder, sizeof(uniOutputFolder) / (sizeof(uniOutputFolder[0])));
return(EngineCreateMissingDependenciesW(uniFileName, uniOutputFolder, LogCreatedFiles)); return(EngineCreateMissingDependenciesW(uniFileName, uniOutputFolder, LogCreatedFiles));
} }
else else
@ -124,12 +124,12 @@ __declspec(dllexport) bool TITCALL EngineCreateMissingDependenciesW(wchar_t* szF
ImportDllName = (PCHAR)((ULONG_PTR)ConvertVAtoFileOffset(FileMapVA, ImportPointer->Name + ImageBase, true)); ImportDllName = (PCHAR)((ULONG_PTR)ConvertVAtoFileOffset(FileMapVA, ImportPointer->Name + ImageBase, true));
if(ImportDllName) if(ImportDllName)
{ {
MultiByteToWideChar(CP_ACP, NULL, ImportDllName, lstrlenA(ImportDllName)+1, ImportDllNameW, sizeof(ImportDllNameW)/(sizeof(ImportDllNameW[0]))); MultiByteToWideChar(CP_ACP, NULL, ImportDllName, lstrlenA(ImportDllName) + 1, ImportDllNameW, sizeof(ImportDllNameW) / (sizeof(ImportDllNameW[0])));
if(!EngineIsDependencyPresentW(ImportDllNameW, szFileName, szOutputFolder)) if(!EngineIsDependencyPresentW(ImportDllNameW, szFileName, szOutputFolder))
{ {
RtlZeroMemory(&BuildExportName, sizeof(BuildExportName)); RtlZeroMemory(&BuildExportName, sizeof(BuildExportName));
lstrcatW(BuildExportName, szOutputFolder); lstrcatW(BuildExportName, szOutputFolder);
if(BuildExportName[lstrlenW(BuildExportName)-1] != 0x5C) if(BuildExportName[lstrlenW(BuildExportName) - 1] != 0x5C)
{ {
BuildExportName[lstrlenW(BuildExportName)] = 0x5C; BuildExportName[lstrlenW(BuildExportName)] = 0x5C;
} }
@ -182,12 +182,12 @@ __declspec(dllexport) bool TITCALL EngineCreateMissingDependenciesW(wchar_t* szF
ImportDllName = (PCHAR)((ULONG_PTR)ConvertVAtoFileOffset(FileMapVA, ImportPointer->Name + ImageBase, true)); ImportDllName = (PCHAR)((ULONG_PTR)ConvertVAtoFileOffset(FileMapVA, ImportPointer->Name + ImageBase, true));
if(ImportDllName) if(ImportDllName)
{ {
MultiByteToWideChar(CP_ACP, NULL, ImportDllName, lstrlenA(ImportDllName)+1, ImportDllNameW, sizeof(ImportDllNameW)/(sizeof(ImportDllNameW[0]))); MultiByteToWideChar(CP_ACP, NULL, ImportDllName, lstrlenA(ImportDllName) + 1, ImportDllNameW, sizeof(ImportDllNameW) / (sizeof(ImportDllNameW[0])));
if(!EngineIsDependencyPresentW(ImportDllNameW, szFileName, szOutputFolder)) if(!EngineIsDependencyPresentW(ImportDllNameW, szFileName, szOutputFolder))
{ {
RtlZeroMemory(&BuildExportName, sizeof(BuildExportName)); RtlZeroMemory(&BuildExportName, sizeof(BuildExportName));
lstrcatW(BuildExportName, szOutputFolder); lstrcatW(BuildExportName, szOutputFolder);
if(BuildExportName[lstrlenW(BuildExportName)-1] != 0x5C) if(BuildExportName[lstrlenW(BuildExportName) - 1] != 0x5C)
{ {
BuildExportName[lstrlenW(BuildExportName)] = 0x5C; BuildExportName[lstrlenW(BuildExportName)] = 0x5C;
} }
@ -321,35 +321,35 @@ __declspec(dllexport) void TITCALL EngineAddUnpackerWindowLogMessage(char* szLog
__declspec(dllexport) bool TITCALL EngineCheckStructAlignment(DWORD StructureType, ULONG_PTR StructureSize) __declspec(dllexport) bool TITCALL EngineCheckStructAlignment(DWORD StructureType, ULONG_PTR StructureSize)
{ {
int blub=1; int blub = 1;
switch(StructureType) switch(StructureType)
{ {
case UE_STRUCT_PE32STRUCT: case UE_STRUCT_PE32STRUCT:
return (sizeof(PE32Struct)==StructureSize); return (sizeof(PE32Struct) == StructureSize);
case UE_STRUCT_PE64STRUCT: case UE_STRUCT_PE64STRUCT:
return (sizeof(PE64Struct)==StructureSize); return (sizeof(PE64Struct) == StructureSize);
case UE_STRUCT_PESTRUCT: case UE_STRUCT_PESTRUCT:
return (sizeof(PEStruct)==StructureSize); return (sizeof(PEStruct) == StructureSize);
case UE_STRUCT_IMPORTENUMDATA: case UE_STRUCT_IMPORTENUMDATA:
return (sizeof(ImportEnumData)==StructureSize); return (sizeof(ImportEnumData) == StructureSize);
case UE_STRUCT_THREAD_ITEM_DATA: case UE_STRUCT_THREAD_ITEM_DATA:
return (sizeof(THREAD_ITEM_DATA)==StructureSize); return (sizeof(THREAD_ITEM_DATA) == StructureSize);
case UE_STRUCT_LIBRARY_ITEM_DATA: case UE_STRUCT_LIBRARY_ITEM_DATA:
return (sizeof(LIBRARY_ITEM_DATA)==StructureSize); return (sizeof(LIBRARY_ITEM_DATA) == StructureSize);
case UE_STRUCT_LIBRARY_ITEM_DATAW: case UE_STRUCT_LIBRARY_ITEM_DATAW:
return (sizeof(LIBRARY_ITEM_DATAW)==StructureSize); return (sizeof(LIBRARY_ITEM_DATAW) == StructureSize);
case UE_STRUCT_PROCESS_ITEM_DATA: case UE_STRUCT_PROCESS_ITEM_DATA:
return (sizeof(PROCESS_ITEM_DATA)==StructureSize); return (sizeof(PROCESS_ITEM_DATA) == StructureSize);
case UE_STRUCT_HANDLERARRAY: case UE_STRUCT_HANDLERARRAY:
return (sizeof(HandlerArray)==StructureSize); return (sizeof(HandlerArray) == StructureSize);
case UE_STRUCT_PLUGININFORMATION: case UE_STRUCT_PLUGININFORMATION:
return (sizeof(PluginInformation)==StructureSize); return (sizeof(PluginInformation) == StructureSize);
case UE_STRUCT_HOOK_ENTRY: case UE_STRUCT_HOOK_ENTRY:
return (sizeof(HOOK_ENTRY)==StructureSize); return (sizeof(HOOK_ENTRY) == StructureSize);
case UE_STRUCT_FILE_STATUS_INFO: case UE_STRUCT_FILE_STATUS_INFO:
return (sizeof(FILE_STATUS_INFO)==StructureSize); return (sizeof(FILE_STATUS_INFO) == StructureSize);
case UE_STRUCT_FILE_FIX_INFO: case UE_STRUCT_FILE_FIX_INFO:
return (sizeof(FILE_FIX_INFO)==StructureSize); return (sizeof(FILE_FIX_INFO) == StructureSize);
} }
return false; return false;
} }

4
TitanEngine/TitanEngine.Exporter.cpp
View File

@ -251,7 +251,7 @@ __declspec(dllexport) bool TITCALL ExporterBuildExportTableEx(char* szExportFile
if(szExportFileName != NULL) if(szExportFileName != NULL)
{ {
MultiByteToWideChar(CP_ACP, NULL, szExportFileName, lstrlenA(szExportFileName)+1, uniExportFileName, sizeof(uniExportFileName)/(sizeof(uniExportFileName[0]))); MultiByteToWideChar(CP_ACP, NULL, szExportFileName, lstrlenA(szExportFileName) + 1, uniExportFileName, sizeof(uniExportFileName) / (sizeof(uniExportFileName[0])));
return(ExporterBuildExportTableExW(uniExportFileName, szSectionName)); return(ExporterBuildExportTableExW(uniExportFileName, szSectionName));
} }
else else
@ -305,7 +305,7 @@ __declspec(dllexport) bool TITCALL ExporterLoadExportTable(char* szFileName)
if(szFileName != NULL) if(szFileName != NULL)
{ {
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return(ExporterLoadExportTableW(uniFileName)); return(ExporterLoadExportTableW(uniFileName));
} }
else else

44
TitanEngine/TitanEngine.Handler.cpp
View File

@ -3,7 +3,7 @@
#include "Global.Handle.h" #include "Global.Handle.h"
#include "Global.Engine.h" #include "Global.Engine.h"
bool NtQuerySysHandleInfo(DynBuf& buf) bool NtQuerySysHandleInfo(DynBuf & buf)
{ {
ULONG RequiredSize = NULL; ULONG RequiredSize = NULL;
@ -23,7 +23,7 @@ __declspec(dllexport) long TITCALL HandlerGetActiveHandleCount(DWORD ProcessId)
int HandleCount = 0; int HandleCount = 0;
DynBuf hinfo; DynBuf hinfo;
if (!NtQuerySysHandleInfo(hinfo)) if(!NtQuerySysHandleInfo(hinfo))
return 0; return 0;
LPVOID QuerySystemBuffer = hinfo.GetPtr(); LPVOID QuerySystemBuffer = hinfo.GetPtr();
@ -31,7 +31,7 @@ __declspec(dllexport) long TITCALL HandlerGetActiveHandleCount(DWORD ProcessId)
PSYSTEM_HANDLE_INFORMATION HandleInfo = (PSYSTEM_HANDLE_INFORMATION)QuerySystemBuffer; PSYSTEM_HANDLE_INFORMATION HandleInfo = (PSYSTEM_HANDLE_INFORMATION)QuerySystemBuffer;
PSYSTEM_HANDLE_TABLE_ENTRY_INFO pHandle = HandleInfo->Handles; PSYSTEM_HANDLE_TABLE_ENTRY_INFO pHandle = HandleInfo->Handles;
for (ULONG i = 0; i < HandleInfo->NumberOfHandles; i++) for(ULONG i = 0; i < HandleInfo->NumberOfHandles; i++)
{ {
if((DWORD)pHandle->UniqueProcessId == ProcessId) if((DWORD)pHandle->UniqueProcessId == ProcessId)
{ {
@ -48,7 +48,7 @@ __declspec(dllexport) bool TITCALL HandlerIsHandleOpen(DWORD ProcessId, HANDLE h
bool HandleActive = false; bool HandleActive = false;
DynBuf hinfo; DynBuf hinfo;
if (!NtQuerySysHandleInfo(hinfo)) if(!NtQuerySysHandleInfo(hinfo))
return false; return false;
LPVOID QuerySystemBuffer = hinfo.GetPtr(); LPVOID QuerySystemBuffer = hinfo.GetPtr();
@ -57,7 +57,7 @@ __declspec(dllexport) bool TITCALL HandlerIsHandleOpen(DWORD ProcessId, HANDLE h
PSYSTEM_HANDLE_TABLE_ENTRY_INFO pHandle = HandleInfo->Handles; PSYSTEM_HANDLE_TABLE_ENTRY_INFO pHandle = HandleInfo->Handles;
for (ULONG i = 0; i < HandleInfo->NumberOfHandles; i++) for(ULONG i = 0; i < HandleInfo->NumberOfHandles; i++)
{ {
if((DWORD)pHandle->UniqueProcessId == ProcessId && (HANDLE)pHandle->HandleValue == hHandle) if((DWORD)pHandle->UniqueProcessId == ProcessId && (HANDLE)pHandle->HandleValue == hHandle)
{ {
@ -80,7 +80,7 @@ __declspec(dllexport) void* TITCALL HandlerGetHandleNameW(HANDLE hProcess, DWORD
LPVOID HandleFullName = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE); LPVOID HandleFullName = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE);
DynBuf hinfo; DynBuf hinfo;
if (!NtQuerySysHandleInfo(hinfo)) if(!NtQuerySysHandleInfo(hinfo))
{ {
VirtualFree(HandleFullName, NULL, MEM_RELEASE); VirtualFree(HandleFullName, NULL, MEM_RELEASE);
return 0; return 0;
@ -90,7 +90,7 @@ __declspec(dllexport) void* TITCALL HandlerGetHandleNameW(HANDLE hProcess, DWORD
PSYSTEM_HANDLE_INFORMATION HandleInfo = (PSYSTEM_HANDLE_INFORMATION)QuerySystemBuffer; PSYSTEM_HANDLE_INFORMATION HandleInfo = (PSYSTEM_HANDLE_INFORMATION)QuerySystemBuffer;
PSYSTEM_HANDLE_TABLE_ENTRY_INFO pHandle = HandleInfo->Handles; PSYSTEM_HANDLE_TABLE_ENTRY_INFO pHandle = HandleInfo->Handles;
for (ULONG i = 0; i < HandleInfo->NumberOfHandles; i++) for(ULONG i = 0; i < HandleInfo->NumberOfHandles; i++)
{ {
if((DWORD)pHandle->UniqueProcessId == ProcessId && (HANDLE)pHandle->HandleValue == hHandle) if((DWORD)pHandle->UniqueProcessId == ProcessId && (HANDLE)pHandle->HandleValue == hHandle)
{ {
@ -135,11 +135,11 @@ __declspec(dllexport) void* TITCALL HandlerGetHandleNameW(HANDLE hProcess, DWORD
} }
__declspec(dllexport) void* TITCALL HandlerGetHandleName(HANDLE hProcess, DWORD ProcessId, HANDLE hHandle, bool TranslateName) __declspec(dllexport) void* TITCALL HandlerGetHandleName(HANDLE hProcess, DWORD ProcessId, HANDLE hHandle, bool TranslateName)
{ {
wchar_t * name = (wchar_t *)HandlerGetHandleNameW(hProcess, ProcessId, hHandle, TranslateName); wchar_t* name = (wchar_t*)HandlerGetHandleNameW(hProcess, ProcessId, hHandle, TranslateName);
if (name) if(name)
{ {
LPVOID HandleFullName = VirtualAlloc(NULL, wcslen(name) + 1, MEM_COMMIT|MEM_RESERVE, PAGE_READWRITE); LPVOID HandleFullName = VirtualAlloc(NULL, wcslen(name) + 1, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
WideCharToMultiByte(CP_ACP, NULL, name, -1, (LPSTR)HandleFullName, (int)wcslen(name) + 1, NULL, NULL); WideCharToMultiByte(CP_ACP, NULL, name, -1, (LPSTR)HandleFullName, (int)wcslen(name) + 1, NULL, NULL);
VirtualFree(name, NULL, MEM_RELEASE); VirtualFree(name, NULL, MEM_RELEASE);
@ -158,7 +158,7 @@ __declspec(dllexport) long TITCALL HandlerEnumerateOpenHandles(DWORD ProcessId,
PNTDLL_QUERY_HANDLE_INFO HandleInfo; PNTDLL_QUERY_HANDLE_INFO HandleInfo;
DynBuf hinfo; DynBuf hinfo;
if (!NtQuerySysHandleInfo(hinfo)) if(!NtQuerySysHandleInfo(hinfo))
return 0; return 0;
LPVOID QuerySystemBuffer = hinfo.GetPtr(); LPVOID QuerySystemBuffer = hinfo.GetPtr();
@ -195,7 +195,7 @@ __declspec(dllexport) ULONG_PTR TITCALL HandlerGetHandleDetails(HANDLE hProcess,
DynBuf hinfo; DynBuf hinfo;
if (!NtQuerySysHandleInfo(hinfo)) if(!NtQuerySysHandleInfo(hinfo))
return 0; return 0;
LPVOID QuerySystemBuffer = hinfo.GetPtr(); LPVOID QuerySystemBuffer = hinfo.GetPtr();
@ -289,7 +289,7 @@ __declspec(dllexport) long TITCALL HandlerEnumerateLockHandles(char* szFileOrFol
if(szFileOrFolderName != NULL) if(szFileOrFolderName != NULL)
{ {
MultiByteToWideChar(CP_ACP, NULL, szFileOrFolderName, lstrlenA(szFileOrFolderName)+1, uniFileOrFolderName, sizeof(uniFileOrFolderName)/(sizeof(uniFileOrFolderName[0]))); MultiByteToWideChar(CP_ACP, NULL, szFileOrFolderName, lstrlenA(szFileOrFolderName) + 1, uniFileOrFolderName, sizeof(uniFileOrFolderName) / (sizeof(uniFileOrFolderName[0])));
return(HandlerEnumerateLockHandlesW(uniFileOrFolderName, NameIsFolder, NameIsTranslated, HandleDataBuffer, MaxHandleCount)); return(HandlerEnumerateLockHandlesW(uniFileOrFolderName, NameIsFolder, NameIsTranslated, HandleDataBuffer, MaxHandleCount));
} }
else else
@ -318,7 +318,7 @@ __declspec(dllexport) long TITCALL HandlerEnumerateLockHandlesW(wchar_t* szFileO
LPVOID tmpHandleFullName = NULL; LPVOID tmpHandleFullName = NULL;
DynBuf hinfo; DynBuf hinfo;
if (!NtQuerySysHandleInfo(hinfo)) if(!NtQuerySysHandleInfo(hinfo))
return 0; return 0;
LPVOID QuerySystemBuffer = hinfo.GetPtr(); LPVOID QuerySystemBuffer = hinfo.GetPtr();
@ -396,7 +396,7 @@ __declspec(dllexport) bool TITCALL HandlerCloseAllLockHandles(char* szFileOrFold
if(szFileOrFolderName != NULL) if(szFileOrFolderName != NULL)
{ {
MultiByteToWideChar(CP_ACP, NULL, szFileOrFolderName, lstrlenA(szFileOrFolderName)+1, uniFileOrFolderName, sizeof(uniFileOrFolderName)/(sizeof(uniFileOrFolderName[0]))); MultiByteToWideChar(CP_ACP, NULL, szFileOrFolderName, lstrlenA(szFileOrFolderName) + 1, uniFileOrFolderName, sizeof(uniFileOrFolderName) / (sizeof(uniFileOrFolderName[0])));
return(HandlerCloseAllLockHandlesW(uniFileOrFolderName, NameIsFolder, NameIsTranslated)); return(HandlerCloseAllLockHandlesW(uniFileOrFolderName, NameIsFolder, NameIsTranslated));
} }
else else
@ -425,7 +425,7 @@ __declspec(dllexport) bool TITCALL HandlerCloseAllLockHandlesW(wchar_t* szFileOr
DynBuf hinfo; DynBuf hinfo;
if (!NtQuerySysHandleInfo(hinfo)) if(!NtQuerySysHandleInfo(hinfo))
return 0; return 0;
LPVOID QuerySystemBuffer = hinfo.GetPtr(); LPVOID QuerySystemBuffer = hinfo.GetPtr();
@ -500,7 +500,7 @@ __declspec(dllexport) bool TITCALL HandlerIsFileLocked(char* szFileOrFolderName,
if(szFileOrFolderName != NULL) if(szFileOrFolderName != NULL)
{ {
MultiByteToWideChar(CP_ACP, NULL, szFileOrFolderName, lstrlenA(szFileOrFolderName)+1, uniFileOrFolderName, sizeof(uniFileOrFolderName)/(sizeof(uniFileOrFolderName[0]))); MultiByteToWideChar(CP_ACP, NULL, szFileOrFolderName, lstrlenA(szFileOrFolderName) + 1, uniFileOrFolderName, sizeof(uniFileOrFolderName) / (sizeof(uniFileOrFolderName[0])));
return(HandlerIsFileLockedW(uniFileOrFolderName, NameIsFolder, NameIsTranslated)); return(HandlerIsFileLockedW(uniFileOrFolderName, NameIsFolder, NameIsTranslated));
} }
else else
@ -528,7 +528,7 @@ __declspec(dllexport) bool TITCALL HandlerIsFileLockedW(wchar_t* szFileOrFolderN
LPVOID tmpHandleFullName = NULL; LPVOID tmpHandleFullName = NULL;
DynBuf hinfo; DynBuf hinfo;
if (!NtQuerySysHandleInfo(hinfo)) if(!NtQuerySysHandleInfo(hinfo))
return 0; return 0;
LPVOID QuerySystemBuffer = hinfo.GetPtr(); LPVOID QuerySystemBuffer = hinfo.GetPtr();
@ -611,7 +611,7 @@ __declspec(dllexport) long TITCALL HandlerEnumerateOpenMutexes(HANDLE hProcess,
PPUBLIC_OBJECT_TYPE_INFORMATION pObjectTypeInfo = (PPUBLIC_OBJECT_TYPE_INFORMATION)HandleFullData; PPUBLIC_OBJECT_TYPE_INFORMATION pObjectTypeInfo = (PPUBLIC_OBJECT_TYPE_INFORMATION)HandleFullData;
DynBuf hinfo; DynBuf hinfo;
if (!NtQuerySysHandleInfo(hinfo)) if(!NtQuerySysHandleInfo(hinfo))
return 0; return 0;
LPVOID QuerySystemBuffer = hinfo.GetPtr(); LPVOID QuerySystemBuffer = hinfo.GetPtr();
@ -659,7 +659,7 @@ __declspec(dllexport) ULONG_PTR TITCALL HandlerGetOpenMutexHandle(HANDLE hProces
if(szMutexString != NULL) if(szMutexString != NULL)
{ {
MultiByteToWideChar(CP_ACP, NULL, szMutexString, lstrlenA(szMutexString)+1, uniMutexString, sizeof(uniMutexString)/(sizeof(uniMutexString[0]))); MultiByteToWideChar(CP_ACP, NULL, szMutexString, lstrlenA(szMutexString) + 1, uniMutexString, sizeof(uniMutexString) / (sizeof(uniMutexString[0])));
return((ULONG_PTR)HandlerGetOpenMutexHandleW(hProcess, ProcessId, uniMutexString)); return((ULONG_PTR)HandlerGetOpenMutexHandleW(hProcess, ProcessId, uniMutexString));
} }
else else
@ -669,7 +669,7 @@ __declspec(dllexport) ULONG_PTR TITCALL HandlerGetOpenMutexHandle(HANDLE hProces
} }
__declspec(dllexport) ULONG_PTR TITCALL HandlerGetOpenMutexHandleW(HANDLE hProcess, DWORD ProcessId, wchar_t* szMutexString) __declspec(dllexport) ULONG_PTR TITCALL HandlerGetOpenMutexHandleW(HANDLE hProcess, DWORD ProcessId, wchar_t* szMutexString)
{ {
if(!szMutexString || lstrlenW(szMutexString)>=512) if(!szMutexString || lstrlenW(szMutexString) >= 512)
return 0; return 0;
int i; int i;
HANDLE myHandle; HANDLE myHandle;
@ -734,7 +734,7 @@ __declspec(dllexport) long TITCALL HandlerGetProcessIdWhichCreatedMutexW(wchar_t
lstrcatW(RealMutexName, szMutexString); lstrcatW(RealMutexName, szMutexString);
DynBuf hinfo; DynBuf hinfo;
if (!NtQuerySysHandleInfo(hinfo)) if(!NtQuerySysHandleInfo(hinfo))
return 0; return 0;
LPVOID QuerySystemBuffer = hinfo.GetPtr(); LPVOID QuerySystemBuffer = hinfo.GetPtr();

16
TitanEngine/TitanEngine.Hider.cpp
View File

@ -6,7 +6,7 @@
__declspec(dllexport) void* TITCALL GetPEBLocation(HANDLE hProcess) __declspec(dllexport) void* TITCALL GetPEBLocation(HANDLE hProcess)
{ {
ULONG RequiredLen = 0; ULONG RequiredLen = 0;
void * PebAddress = 0; void* PebAddress = 0;
PROCESS_BASIC_INFORMATION myProcessBasicInformation[5] = {0}; PROCESS_BASIC_INFORMATION myProcessBasicInformation[5] = {0};
if(NtQueryInformationProcess(hProcess, ProcessBasicInformation, myProcessBasicInformation, sizeof(PROCESS_BASIC_INFORMATION), &RequiredLen) == STATUS_SUCCESS) if(NtQueryInformationProcess(hProcess, ProcessBasicInformation, myProcessBasicInformation, sizeof(PROCESS_BASIC_INFORMATION), &RequiredLen) == STATUS_SUCCESS)
@ -27,7 +27,7 @@ __declspec(dllexport) void* TITCALL GetPEBLocation(HANDLE hProcess)
__declspec(dllexport) void* TITCALL GetTEBLocation(HANDLE hThread) __declspec(dllexport) void* TITCALL GetTEBLocation(HANDLE hThread)
{ {
ULONG RequiredLen = 0; ULONG RequiredLen = 0;
void * TebAddress = 0; void* TebAddress = 0;
THREAD_BASIC_INFORMATION myThreadBasicInformation[5] = {0}; THREAD_BASIC_INFORMATION myThreadBasicInformation[5] = {0};
if(NtQueryInformationThread(hThread, ThreadBasicInformation, myThreadBasicInformation, sizeof(THREAD_BASIC_INFORMATION), &RequiredLen) == STATUS_SUCCESS) if(NtQueryInformationThread(hThread, ThreadBasicInformation, myThreadBasicInformation, sizeof(THREAD_BASIC_INFORMATION), &RequiredLen) == STATUS_SUCCESS)
@ -48,14 +48,14 @@ __declspec(dllexport) void* TITCALL GetTEBLocation(HANDLE hThread)
__declspec(dllexport) void* TITCALL GetTEBLocation64(HANDLE hThread) __declspec(dllexport) void* TITCALL GetTEBLocation64(HANDLE hThread)
{ {
#ifndef _WIN64 #ifndef _WIN64
if (IsThisProcessWow64()) if(IsThisProcessWow64())
{ {
//Only WOW64 processes have 2 PEBs and 2 TEBs //Only WOW64 processes have 2 PEBs and 2 TEBs
DWORD teb32 = (DWORD)GetTEBLocation(hThread); DWORD teb32 = (DWORD)GetTEBLocation(hThread);
if (teb32) if(teb32)
{ {
teb32 -= 0x2000; //TEB64 before TEB32 teb32 -= 0x2000; //TEB64 before TEB32
return (void *)teb32; return (void*)teb32;
} }
} }
#endif //_WIN64 #endif //_WIN64
@ -65,14 +65,14 @@ __declspec(dllexport) void* TITCALL GetTEBLocation64(HANDLE hThread)
__declspec(dllexport) void* TITCALL GetPEBLocation64(HANDLE hProcess) __declspec(dllexport) void* TITCALL GetPEBLocation64(HANDLE hProcess)
{ {
#ifndef _WIN64 #ifndef _WIN64
if (IsThisProcessWow64()) if(IsThisProcessWow64())
{ {
//Only WOW64 processes have 2 PEBs //Only WOW64 processes have 2 PEBs
DWORD peb32 = (DWORD)GetPEBLocation(hProcess); DWORD peb32 = (DWORD)GetPEBLocation(hProcess);
if (peb32) if(peb32)
{ {
peb32 += 0x1000; //PEB64 after PEB32 peb32 += 0x1000; //PEB64 after PEB32
return (void *)peb32; return (void*)peb32;
} }
} }
#endif //_WIN64 #endif //_WIN64

10
TitanEngine/TitanEngine.Hooks.cpp
View File

@ -29,10 +29,10 @@ __declspec(dllexport) bool TITCALL HooksSafeTransitionEx(LPVOID HookAddressArray
{ {
if(!TransitionStart || ThreaderImportRunningThreadData(GetCurrentProcessId())) if(!TransitionStart || ThreaderImportRunningThreadData(GetCurrentProcessId()))
{ {
int threadcount=(int)hListThread.size(); int threadcount = (int)hListThread.size();
for(int i=0; i<threadcount; i++) for(int i = 0; i < threadcount; i++)
{ {
PTHREAD_ITEM_DATA hListThreadPtr=&hListThread.at(i); PTHREAD_ITEM_DATA hListThreadPtr = &hListThread.at(i);
if(hListThreadPtr->hThread != INVALID_HANDLE_VALUE) if(hListThreadPtr->hThread != INVALID_HANDLE_VALUE)
{ {
if(TransitionStart) if(TransitionStart)
@ -42,7 +42,7 @@ __declspec(dllexport) bool TITCALL HooksSafeTransitionEx(LPVOID HookAddressArray
SuspendThread(hListThreadPtr->hThread); SuspendThread(hListThreadPtr->hThread);
ULONG_PTR CurrentIP = (ULONG_PTR)GetContextDataEx(hListThreadPtr->hThread, UE_CIP); ULONG_PTR CurrentIP = (ULONG_PTR)GetContextDataEx(hListThreadPtr->hThread, UE_CIP);
PMEMORY_COMPARE_HANDLER myHookAddressArray = (PMEMORY_COMPARE_HANDLER)HookAddressArray; PMEMORY_COMPARE_HANDLER myHookAddressArray = (PMEMORY_COMPARE_HANDLER)HookAddressArray;
for(int j=0; j<NumberOfHooks; j++) for(int j = 0; j < NumberOfHooks; j++)
{ {
#if defined (_WIN64) #if defined (_WIN64)
ULONG_PTR HookAddress = (ULONG_PTR)myHookAddressArray->Array.qwArrayEntry[0]; ULONG_PTR HookAddress = (ULONG_PTR)myHookAddressArray->Array.qwArrayEntry[0];
@ -902,7 +902,7 @@ __declspec(dllexport) void TITCALL HooksScanModuleMemory(HMODULE ModuleBase, LPV
HANDLE hProcess = GetCurrentProcess(); HANDLE hProcess = GetCurrentProcess();
LIBRARY_ITEM_DATA RemoteLibInfo = {}; LIBRARY_ITEM_DATA RemoteLibInfo = {};
PLIBRARY_ITEM_DATA pRemoteLibInfo = (PLIBRARY_ITEM_DATA)LibrarianGetLibraryInfoEx((void*)ModuleBase); PLIBRARY_ITEM_DATA pRemoteLibInfo = (PLIBRARY_ITEM_DATA)LibrarianGetLibraryInfoEx((void*)ModuleBase);
typedef bool(TITCALL *fEnumCallBack)(PHOOK_ENTRY HookDetails, void* ptrOriginalInstructions, PLIBRARY_ITEM_DATA ModuleInformation, DWORD SizeOfImage); typedef bool(TITCALL * fEnumCallBack)(PHOOK_ENTRY HookDetails, void* ptrOriginalInstructions, PLIBRARY_ITEM_DATA ModuleInformation, DWORD SizeOfImage);
fEnumCallBack myEnumCallBack = (fEnumCallBack)CallBack; fEnumCallBack myEnumCallBack = (fEnumCallBack)CallBack;
BYTE CheckHookMemory[TEE_MAXIMUM_HOOK_SIZE]; BYTE CheckHookMemory[TEE_MAXIMUM_HOOK_SIZE];
PMEMORY_COMPARE_HANDLER ExportedFunctions; PMEMORY_COMPARE_HANDLER ExportedFunctions;

56
TitanEngine/TitanEngine.Importer.cpp
View File

@ -12,7 +12,7 @@ __declspec(dllexport) void TITCALL ImporterAddNewDll(char* szDLLName, ULONG_PTR
{ {
wchar_t uniDLLName[MAX_PATH] = {}; wchar_t uniDLLName[MAX_PATH] = {};
MultiByteToWideChar(CP_ACP, NULL, szDLLName, lstrlenA(szDLLName)+1, uniDLLName, sizeof(uniDLLName)/(sizeof(uniDLLName[0]))); MultiByteToWideChar(CP_ACP, NULL, szDLLName, lstrlenA(szDLLName) + 1, uniDLLName, sizeof(uniDLLName) / (sizeof(uniDLLName[0])));
scylla_addModule(uniDLLName, FirstThunk); scylla_addModule(uniDLLName, FirstThunk);
} }
@ -21,14 +21,14 @@ __declspec(dllexport) void TITCALL ImporterAddNewAPI(char* szAPIName, ULONG_PTR
{ {
wchar_t uniAPIName[MAX_PATH] = {}; wchar_t uniAPIName[MAX_PATH] = {};
MultiByteToWideChar(CP_ACP, NULL, szAPIName, lstrlenA(szAPIName)+1, uniAPIName, sizeof(uniAPIName)/(sizeof(uniAPIName[0]))); MultiByteToWideChar(CP_ACP, NULL, szAPIName, lstrlenA(szAPIName) + 1, uniAPIName, sizeof(uniAPIName) / (sizeof(uniAPIName[0])));
scylla_addImport(uniAPIName, ThunkValue); scylla_addImport(uniAPIName, ThunkValue);
} }
__declspec(dllexport) void TITCALL ImporterAddNewOrdinalAPI(ULONG_PTR OrdinalNumber, ULONG_PTR ThunkValue) __declspec(dllexport) void TITCALL ImporterAddNewOrdinalAPI(ULONG_PTR OrdinalNumber, ULONG_PTR ThunkValue)
{ {
ImporterAddNewAPI((char*)(OrdinalNumber&~IMAGE_ORDINAL_FLAG), ThunkValue); ImporterAddNewAPI((char*)(OrdinalNumber & ~IMAGE_ORDINAL_FLAG), ThunkValue);
} }
__declspec(dllexport) long TITCALL ImporterGetAddedDllCount() __declspec(dllexport) long TITCALL ImporterGetAddedDllCount()
@ -58,9 +58,9 @@ __declspec(dllexport) bool TITCALL ImporterExportIATEx(char* szDumpFileName, cha
wchar_t uniSectionName[MAX_PATH] = {}; wchar_t uniSectionName[MAX_PATH] = {};
if(szExportFileName != NULL && szDumpFileName != NULL) if(szExportFileName != NULL && szDumpFileName != NULL)
{ {
MultiByteToWideChar(CP_ACP, NULL, szExportFileName, lstrlenA(szExportFileName)+1, uniExportFileName, sizeof(uniExportFileName)/(sizeof(uniExportFileName[0]))); MultiByteToWideChar(CP_ACP, NULL, szExportFileName, lstrlenA(szExportFileName) + 1, uniExportFileName, sizeof(uniExportFileName) / (sizeof(uniExportFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szDumpFileName, lstrlenA(szDumpFileName)+1, uniDumpFileName, sizeof(uniDumpFileName)/(sizeof(uniDumpFileName[0]))); MultiByteToWideChar(CP_ACP, NULL, szDumpFileName, lstrlenA(szDumpFileName) + 1, uniDumpFileName, sizeof(uniDumpFileName) / (sizeof(uniDumpFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szSectionName, lstrlenA(szSectionName)+1, uniSectionName, sizeof(uniSectionName)/(sizeof(uniSectionName[0]))); MultiByteToWideChar(CP_ACP, NULL, szSectionName, lstrlenA(szSectionName) + 1, uniSectionName, sizeof(uniSectionName) / (sizeof(uniSectionName[0])));
return ImporterExportIATExW(uniDumpFileName, uniExportFileName, uniSectionName); return ImporterExportIATExW(uniDumpFileName, uniExportFileName, uniSectionName);
} }
return false; return false;
@ -118,10 +118,10 @@ __declspec(dllexport) ULONG_PTR TITCALL ImporterGetLocalAPIAddress(HANDLE hProce
__declspec(dllexport) void* TITCALL ImporterGetDLLNameFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress) __declspec(dllexport) void* TITCALL ImporterGetDLLNameFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress)
{ {
ULONG_PTR moduleBase=EngineGetModuleBaseRemote(hProcess, APIAddress); ULONG_PTR moduleBase = EngineGetModuleBaseRemote(hProcess, APIAddress);
if(moduleBase) if(moduleBase)
{ {
static char szModuleName[MAX_PATH]=""; static char szModuleName[MAX_PATH] = "";
if(GetModuleFileNameExA(hProcess, (HMODULE)moduleBase, szModuleName, _countof(szModuleName))) if(GetModuleFileNameExA(hProcess, (HMODULE)moduleBase, szModuleName, _countof(szModuleName)))
return szModuleName; return szModuleName;
} }
@ -130,17 +130,17 @@ __declspec(dllexport) void* TITCALL ImporterGetDLLNameFromDebugee(HANDLE hProces
__declspec(dllexport) void* TITCALL ImporterGetDLLNameFromDebugeeW(HANDLE hProcess, ULONG_PTR APIAddress) __declspec(dllexport) void* TITCALL ImporterGetDLLNameFromDebugeeW(HANDLE hProcess, ULONG_PTR APIAddress)
{ {
ULONG_PTR moduleBase=EngineGetModuleBaseRemote(hProcess, APIAddress); ULONG_PTR moduleBase = EngineGetModuleBaseRemote(hProcess, APIAddress);
if(moduleBase) if(moduleBase)
{ {
static wchar_t szModuleName[MAX_PATH]=L""; static wchar_t szModuleName[MAX_PATH] = L"";
if(GetModuleFileNameExW(hProcess, (HMODULE)moduleBase, szModuleName, _countof(szModuleName))) if(GetModuleFileNameExW(hProcess, (HMODULE)moduleBase, szModuleName, _countof(szModuleName)))
return szModuleName; return szModuleName;
} }
return 0; return 0;
} }
__declspec(dllexport) void* TITCALL ImporterGetRemoteDLLBaseExW(HANDLE hProcess, WCHAR * szModuleName) __declspec(dllexport) void* TITCALL ImporterGetRemoteDLLBaseExW(HANDLE hProcess, WCHAR* szModuleName)
{ {
return (void*)EngineGetModuleBaseRemote(hProcess, szModuleName); return (void*)EngineGetModuleBaseRemote(hProcess, szModuleName);
} }
@ -173,7 +173,7 @@ __declspec(dllexport) void* TITCALL ImporterGetAPINameEx(ULONG_PTR APIAddress, U
__declspec(dllexport) void* TITCALL ImporterGetAPINameFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress) __declspec(dllexport) void* TITCALL ImporterGetAPINameFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress)
{ {
static char APIName[5000]=""; static char APIName[5000] = "";
if(EngineGetAPINameRemote(hProcess, APIAddress, APIName, _countof(APIName), 0)) if(EngineGetAPINameRemote(hProcess, APIAddress, APIName, _countof(APIName), 0))
return APIName; return APIName;
return 0; return 0;
@ -240,8 +240,8 @@ __declspec(dllexport) bool TITCALL ImporterCopyOriginalIAT(char* szOriginalFile,
if(szOriginalFile != NULL && szDumpFile != NULL) if(szOriginalFile != NULL && szDumpFile != NULL)
{ {
MultiByteToWideChar(CP_ACP, NULL, szDumpFile, lstrlenA(szDumpFile)+1, uniDumpFile, sizeof(uniDumpFile)/(sizeof(uniDumpFile[0]))); MultiByteToWideChar(CP_ACP, NULL, szDumpFile, lstrlenA(szDumpFile) + 1, uniDumpFile, sizeof(uniDumpFile) / (sizeof(uniDumpFile[0])));
MultiByteToWideChar(CP_ACP, NULL, szOriginalFile, lstrlenA(szOriginalFile)+1, uniOriginalFile, sizeof(uniOriginalFile)/(sizeof(uniOriginalFile[0]))); MultiByteToWideChar(CP_ACP, NULL, szOriginalFile, lstrlenA(szOriginalFile) + 1, uniOriginalFile, sizeof(uniOriginalFile) / (sizeof(uniOriginalFile[0])));
return(ImporterCopyOriginalIATW(uniOriginalFile, uniDumpFile)); return(ImporterCopyOriginalIATW(uniOriginalFile, uniDumpFile));
} }
else else
@ -256,13 +256,13 @@ __declspec(dllexport) bool TITCALL ImporterCopyOriginalIATW(wchar_t* szOriginalF
PIMAGE_NT_HEADERS32 PEHeader32; PIMAGE_NT_HEADERS32 PEHeader32;
PIMAGE_NT_HEADERS64 PEHeader64; PIMAGE_NT_HEADERS64 PEHeader64;
BOOL FileIs64; BOOL FileIs64;
HANDLE FileHandle=0; HANDLE FileHandle = 0;
DWORD FileSize; DWORD FileSize;
HANDLE FileMap=0; HANDLE FileMap = 0;
ULONG_PTR FileMapVA; ULONG_PTR FileMapVA;
HANDLE FileHandle1=0; HANDLE FileHandle1 = 0;
DWORD FileSize1; DWORD FileSize1;
HANDLE FileMap1=0; HANDLE FileMap1 = 0;
ULONG_PTR FileMapVA1; ULONG_PTR FileMapVA1;
ULONG_PTR IATPointer; ULONG_PTR IATPointer;
ULONG_PTR IATWritePointer; ULONG_PTR IATWritePointer;
@ -342,7 +342,7 @@ __declspec(dllexport) bool TITCALL ImporterLoadImportTable(char* szFileName)
if(szFileName != NULL) if(szFileName != NULL)
{ {
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return(ImporterLoadImportTableW(uniFileName)); return(ImporterLoadImportTableW(uniFileName));
} }
else else
@ -522,7 +522,7 @@ __declspec(dllexport) void TITCALL ImporterAutoSearchIAT(DWORD ProcessId, char*
if(szFileName != NULL) if(szFileName != NULL)
{ {
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return(ImporterAutoSearchIATW(ProcessId, uniFileName, SearchStart, pIATStart, pIATSize)); return(ImporterAutoSearchIATW(ProcessId, uniFileName, SearchStart, pIATStart, pIATSize));
} }
} }
@ -556,7 +556,7 @@ __declspec(dllexport) void TITCALL ImporterAutoSearchIATEx(DWORD ProcessId, ULON
{ {
if(GetTempFileNameW(szTempFolder, L"DumpTemp", GetTickCount() + 102, szTempName)) if(GetTempFileNameW(szTempFolder, L"DumpTemp", GetTickCount() + 102, szTempName))
{ {
HANDLE hProcess = EngineOpenProcess(PROCESS_VM_READ|PROCESS_QUERY_INFORMATION, FALSE, ProcessId); HANDLE hProcess = EngineOpenProcess(PROCESS_VM_READ | PROCESS_QUERY_INFORMATION, FALSE, ProcessId);
DumpProcessW(hProcess, (LPVOID)ImageBase, szTempName, NULL); DumpProcessW(hProcess, (LPVOID)ImageBase, szTempName, NULL);
ImporterAutoSearchIATW(ProcessId, szTempName, SearchStart, pIATStart, pIATSize); ImporterAutoSearchIATW(ProcessId, szTempName, SearchStart, pIATStart, pIATSize);
@ -576,13 +576,13 @@ __declspec(dllexport) long TITCALL ImporterAutoFixIATEx(DWORD ProcessId, char* s
if(szDumpedFile != NULL) if(szDumpedFile != NULL)
{ {
MultiByteToWideChar(CP_ACP, NULL, szDumpedFile, lstrlenA(szDumpedFile)+1, uniDumpedFile, sizeof(uniDumpedFile)/(sizeof(uniDumpedFile[0]))); MultiByteToWideChar(CP_ACP, NULL, szDumpedFile, lstrlenA(szDumpedFile) + 1, uniDumpedFile, sizeof(uniDumpedFile) / (sizeof(uniDumpedFile[0])));
MultiByteToWideChar(CP_ACP, NULL, szSectionName, lstrlenA(szSectionName)+1, uniSectionName, sizeof(uniSectionName)/(sizeof(uniSectionName[0]))); MultiByteToWideChar(CP_ACP, NULL, szSectionName, lstrlenA(szSectionName) + 1, uniSectionName, sizeof(uniSectionName) / (sizeof(uniSectionName[0])));
return(ImporterAutoFixIATExW(ProcessId, uniDumpedFile, uniSectionName, DumpRunningProcess, RealignFile, EntryPointAddress, ImageBase, SearchStart, TryAutoFix, FixEliminations, UnknownPointerFixCallback)); return(ImporterAutoFixIATExW(ProcessId, uniDumpedFile, uniSectionName, DumpRunningProcess, RealignFile, EntryPointAddress, ImageBase, SearchStart, TryAutoFix, FixEliminations, UnknownPointerFixCallback));
} }
else else
{ {
return(NULL); // Critical error! *just to be safe, but it should never happen! return(NULL); // Critical error! *just to be safe, but it should never happen!
} }
} }
__declspec(dllexport) long TITCALL ImporterAutoFixIATExW(DWORD ProcessId, wchar_t* szDumpedFile, wchar_t* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, bool TryAutoFix, bool FixEliminations, LPVOID UnknownPointerFixCallback) __declspec(dllexport) long TITCALL ImporterAutoFixIATExW(DWORD ProcessId, wchar_t* szDumpedFile, wchar_t* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, bool TryAutoFix, bool FixEliminations, LPVOID UnknownPointerFixCallback)
@ -610,11 +610,11 @@ __declspec(dllexport) long TITCALL ImporterAutoFixIATExW(DWORD ProcessId, wchar_
//do we need to dump first? //do we need to dump first?
if(DumpRunningProcess) if(DumpRunningProcess)
{ {
HANDLE hProcess = EngineOpenProcess(PROCESS_VM_READ|PROCESS_QUERY_INFORMATION, FALSE, ProcessId); HANDLE hProcess = EngineOpenProcess(PROCESS_VM_READ | PROCESS_QUERY_INFORMATION, FALSE, ProcessId);
if(!DumpProcessW(hProcess, (LPVOID)ImageBase, szDumpedFile, EntryPointAddress)) if(!DumpProcessW(hProcess, (LPVOID)ImageBase, szDumpedFile, EntryPointAddress))
{ {
return(NULL); // Critical error! *just to be safe, but it should never happen! return(NULL); // Critical error! *just to be safe, but it should never happen!
} }
} }
@ -657,10 +657,10 @@ __declspec(dllexport) long TITCALL ImporterAutoFixIATExW(DWORD ProcessId, wchar_
} }
else else
{ {
return(0x406); // Success, but realign failed! return(0x406); // Success, but realign failed!
} }
} }
return(0x400); // Success! return(0x400); // Success!
} }
__declspec(dllexport) long TITCALL ImporterAutoFixIAT(DWORD ProcessId, char* szDumpedFile, ULONG_PTR SearchStart) __declspec(dllexport) long TITCALL ImporterAutoFixIAT(DWORD ProcessId, char* szDumpedFile, ULONG_PTR SearchStart)
{ {

4
TitanEngine/TitanEngine.Injector.cpp
View File

@ -10,7 +10,7 @@ __declspec(dllexport) bool TITCALL RemoteLoadLibrary(HANDLE hProcess, char* szLi
if(szLibraryFile != NULL) if(szLibraryFile != NULL)
{ {
MultiByteToWideChar(CP_ACP, NULL, szLibraryFile, lstrlenA(szLibraryFile)+1, uniLibraryFile, sizeof(uniLibraryFile)/(sizeof(uniLibraryFile[0]))); MultiByteToWideChar(CP_ACP, NULL, szLibraryFile, lstrlenA(szLibraryFile) + 1, uniLibraryFile, sizeof(uniLibraryFile) / (sizeof(uniLibraryFile[0])));
return(RemoteLoadLibraryW(hProcess, uniLibraryFile, WaitForThreadExit)); return(RemoteLoadLibraryW(hProcess, uniLibraryFile, WaitForThreadExit));
} }
else else
@ -96,7 +96,7 @@ __declspec(dllexport) bool TITCALL RemoteFreeLibrary(HANDLE hProcess, HMODULE hM
if(szLibraryFile != NULL) if(szLibraryFile != NULL)
{ {
MultiByteToWideChar(CP_ACP, NULL, szLibraryFile, lstrlenA(szLibraryFile)+1, uniLibraryFile, sizeof(uniLibraryFile)/(sizeof(uniLibraryFile[0]))); MultiByteToWideChar(CP_ACP, NULL, szLibraryFile, lstrlenA(szLibraryFile) + 1, uniLibraryFile, sizeof(uniLibraryFile) / (sizeof(uniLibraryFile[0])));
return(RemoteFreeLibraryW(hProcess, hModule, uniLibraryFile, WaitForThreadExit)); return(RemoteFreeLibraryW(hProcess, hModule, uniLibraryFile, WaitForThreadExit));
} }
else else

8
TitanEngine/TitanEngine.Librarian.cpp
View File

@ -38,7 +38,7 @@ __declspec(dllexport) void* TITCALL LibrarianGetLibraryInfo(char* szLibraryName)
wchar_t uniLibraryName[MAX_PATH] = {}; wchar_t uniLibraryName[MAX_PATH] = {};
PLIBRARY_ITEM_DATAW LibInfo; PLIBRARY_ITEM_DATAW LibInfo;
MultiByteToWideChar(CP_ACP, NULL, szLibraryName, lstrlenA(szLibraryName)+1, uniLibraryName, sizeof(uniLibraryName)/(sizeof(uniLibraryName[0]))); MultiByteToWideChar(CP_ACP, NULL, szLibraryName, lstrlenA(szLibraryName) + 1, uniLibraryName, sizeof(uniLibraryName) / (sizeof(uniLibraryName[0])));
LibInfo = (PLIBRARY_ITEM_DATAW)LibrarianGetLibraryInfoW(uniLibraryName); LibInfo = (PLIBRARY_ITEM_DATAW)LibrarianGetLibraryInfoW(uniLibraryName);
if(LibInfo) if(LibInfo)
{ {
@ -60,7 +60,7 @@ __declspec(dllexport) void* TITCALL LibrarianGetLibraryInfoW(wchar_t* szLibraryN
{ {
static LIBRARY_ITEM_DATAW LibraryInfo; static LIBRARY_ITEM_DATAW LibraryInfo;
memset(&LibraryInfo, 0, sizeof(LIBRARY_ITEM_DATAW)); memset(&LibraryInfo, 0, sizeof(LIBRARY_ITEM_DATAW));
for(unsigned int i = 0; i < hListLibrary.size(); i++) for(unsigned int i = 0; i < hListLibrary.size(); i++)
{ {
if(hListLibrary.at(i).hFile != INVALID_HANDLE_VALUE && !lstrcmpiW(hListLibrary.at(i).szLibraryName, szLibraryName)) if(hListLibrary.at(i).hFile != INVALID_HANDLE_VALUE && !lstrcmpiW(hListLibrary.at(i).szLibraryName, szLibraryName))
@ -116,7 +116,7 @@ __declspec(dllexport) void TITCALL LibrarianEnumLibraryInfo(void* EnumCallBack)
if(!EnumCallBack) if(!EnumCallBack)
return; return;
typedef void(TITCALL *fEnumCallBack)(LPVOID fLibraryDetail); typedef void(TITCALL * fEnumCallBack)(LPVOID fLibraryDetail);
fEnumCallBack myEnumCallBack = (fEnumCallBack)EnumCallBack; fEnumCallBack myEnumCallBack = (fEnumCallBack)EnumCallBack;
for(unsigned int i = 0; i < hListLibrary.size(); i++) for(unsigned int i = 0; i < hListLibrary.size(); i++)
@ -148,7 +148,7 @@ __declspec(dllexport) void TITCALL LibrarianEnumLibraryInfoW(void* EnumCallBack)
if(!EnumCallBack) if(!EnumCallBack)
return; return;
typedef void(TITCALL *fEnumCallBack)(LPVOID fLibraryDetail); typedef void(TITCALL * fEnumCallBack)(LPVOID fLibraryDetail);
fEnumCallBack myEnumCallBack = (fEnumCallBack)EnumCallBack; fEnumCallBack myEnumCallBack = (fEnumCallBack)EnumCallBack;
for(unsigned int i = 0; i < hListLibrary.size(); i++) for(unsigned int i = 0; i < hListLibrary.size(); i++)

2
TitanEngine/TitanEngine.OEPFinder.cpp
View File

@ -14,7 +14,7 @@ __declspec(dllexport) bool TITCALL FindOEPGenerically(char* szFileName, LPVOID T
if(szFileName != NULL) if(szFileName != NULL)
{ {
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return(FindOEPGenericallyW(uniFileName, TraceInitCallBack, CallBack)); return(FindOEPGenericallyW(uniFileName, TraceInitCallBack, CallBack));
} }
else else

126
TitanEngine/TitanEngine.PE.Fixer.cpp
View File

@ -10,7 +10,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidEx(char* szFileName, DWORD Che
if(szFileName != NULL) if(szFileName != NULL)
{ {
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return(IsPE32FileValidExW(uniFileName, CheckDepth, FileStatusInfo)); return(IsPE32FileValidExW(uniFileName, CheckDepth, FileStatusInfo));
} }
else else
@ -89,7 +89,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
if(!FileIs64) if(!FileIs64)
{ {
/* /*
x86 Surface check x86 Surface check
*/ */
__try __try
{ {
@ -144,19 +144,19 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
} }
SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.FileAlignment, false); SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.FileAlignment, false);
/* /*
Get the console flag Get the console flag
*/ */
if(PEHeader32->OptionalHeader.Subsystem == IMAGE_SUBSYSTEM_WINDOWS_CUI) if(PEHeader32->OptionalHeader.Subsystem == IMAGE_SUBSYSTEM_WINDOWS_CUI)
{ {
myFileStatusInfo.FileIsConsole = true; myFileStatusInfo.FileIsConsole = true;
} }
/* /*
Export and relocation checks [for DLL and EXE] Export and relocation checks [for DLL and EXE]
*/ */
if(PEHeader32->FileHeader.Characteristics & 0x2000) if(PEHeader32->FileHeader.Characteristics & 0x2000)
{ {
/* /*
Export table check Export table check
*/ */
FileIsDLL = true; FileIsDLL = true;
myFileStatusInfo.FileIsDLL = true; myFileStatusInfo.FileIsDLL = true;
@ -256,7 +256,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
myFileStatusInfo.ExportTable = UE_FIELD_NOT_PRESET; myFileStatusInfo.ExportTable = UE_FIELD_NOT_PRESET;
} }
/* /*
Relocation table check Relocation table check
*/ */
if(PEHeader32->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_BASERELOC && PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress != NULL) if(PEHeader32->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_BASERELOC && PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress != NULL)
{ {
@ -311,7 +311,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
else else
{ {
/* /*
Export table check Export table check
*/ */
if(PEHeader32->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_EXPORT && PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress != NULL) if(PEHeader32->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_EXPORT && PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress != NULL)
{ {
@ -357,7 +357,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
myFileStatusInfo.ExportTable = UE_FIELD_NOT_PRESET; myFileStatusInfo.ExportTable = UE_FIELD_NOT_PRESET;
} }
/* /*
Relocation table check Relocation table check
*/ */
if(PEHeader32->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_BASERELOC && PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress != NULL) if(PEHeader32->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_BASERELOC && PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress != NULL)
{ {
@ -381,7 +381,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
} }
} }
/* /*
Import table check Import table check
*/ */
if(PEHeader32->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_IMPORT && PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress != NULL) if(PEHeader32->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_IMPORT && PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress != NULL)
{ {
@ -520,7 +520,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
myFileStatusInfo.ImportTable = UE_FIELD_NOT_PRESET; myFileStatusInfo.ImportTable = UE_FIELD_NOT_PRESET;
} }
/* /*
TLS table check TLS table check
*/ */
if(PEHeader32->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_TLS && PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress != NULL) if(PEHeader32->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_TLS && PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress != NULL)
{ {
@ -579,7 +579,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
myFileStatusInfo.TLSTable = UE_FIELD_NOT_PRESET; myFileStatusInfo.TLSTable = UE_FIELD_NOT_PRESET;
} }
/* /*
Load config table check Load config table check
*/ */
if(PEHeader32->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG && PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG].VirtualAddress != NULL) if(PEHeader32->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG && PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG].VirtualAddress != NULL)
{ {
@ -602,7 +602,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
} }
SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.LoadConfigTable, false); SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.LoadConfigTable, false);
/* /*
Bound import table check Bound import table check
*/ */
if(PEHeader32->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT && PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT].VirtualAddress != NULL) if(PEHeader32->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT && PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT].VirtualAddress != NULL)
{ {
@ -641,7 +641,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
} }
SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.BoundImportTable, false); SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.BoundImportTable, false);
/* /*
IAT check IAT check
*/ */
if(PEHeader32->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_IAT && PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IAT].VirtualAddress != NULL) if(PEHeader32->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_IAT && PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IAT].VirtualAddress != NULL)
{ {
@ -664,7 +664,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
} }
SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.IATTable, false); SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.IATTable, false);
/* /*
COM header check COM header check
*/ */
if(PEHeader32->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR && PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR].VirtualAddress != NULL) if(PEHeader32->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR && PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR].VirtualAddress != NULL)
{ {
@ -687,7 +687,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
} }
SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.COMHeaderTable, false); SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.COMHeaderTable, false);
/* /*
Resource header check Resource header check
*/ */
if(PEHeader32->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_RESOURCE && PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_RESOURCE].VirtualAddress != NULL) if(PEHeader32->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_RESOURCE && PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_RESOURCE].VirtualAddress != NULL)
{ {
@ -733,7 +733,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
myFileStatusInfo.ResourceTable = UE_FIELD_NOT_PRESET; myFileStatusInfo.ResourceTable = UE_FIELD_NOT_PRESET;
} }
/* /*
Section check Section check
*/ */
PESections = IMAGE_FIRST_SECTION(PEHeader32); PESections = IMAGE_FIRST_SECTION(PEHeader32);
NumberOfSections = PEHeader32->FileHeader.NumberOfSections; NumberOfSections = PEHeader32->FileHeader.NumberOfSections;
@ -770,7 +770,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.SizeOfImage, true); SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.SizeOfImage, true);
SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.SectionTable, true); SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.SectionTable, true);
/* /*
Entry point check Entry point check
*/ */
SectionNumber = GetPE32SectionNumberFromVA(FileMapVA, PEHeader32->OptionalHeader.AddressOfEntryPoint + PEHeader32->OptionalHeader.ImageBase); SectionNumber = GetPE32SectionNumberFromVA(FileMapVA, PEHeader32->OptionalHeader.AddressOfEntryPoint + PEHeader32->OptionalHeader.ImageBase);
if(SectionNumber != -1) if(SectionNumber != -1)
@ -800,7 +800,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
} }
SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.EntryPoint, true); SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.EntryPoint, true);
/* /*
Return data Return data
*/ */
if(FileStatusInfo != NULL) if(FileStatusInfo != NULL)
{ {
@ -828,7 +828,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
else else
{ {
/* /*
x64 Surface check x64 Surface check
*/ */
__try __try
{ {
@ -883,19 +883,19 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
} }
SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.FileAlignment, false); SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.FileAlignment, false);
/* /*
Get the console flag Get the console flag
*/ */
if(PEHeader64->OptionalHeader.Subsystem == IMAGE_SUBSYSTEM_WINDOWS_CUI) if(PEHeader64->OptionalHeader.Subsystem == IMAGE_SUBSYSTEM_WINDOWS_CUI)
{ {
myFileStatusInfo.FileIsConsole = true; myFileStatusInfo.FileIsConsole = true;
} }
/* /*
Export and relocation checks [for DLL and EXE] Export and relocation checks [for DLL and EXE]
*/ */
if(PEHeader64->FileHeader.Characteristics & 0x2000) if(PEHeader64->FileHeader.Characteristics & 0x2000)
{ {
/* /*
Export table check Export table check
*/ */
FileIsDLL = true; FileIsDLL = true;
myFileStatusInfo.FileIsDLL = true; myFileStatusInfo.FileIsDLL = true;
@ -995,7 +995,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
myFileStatusInfo.ExportTable = UE_FIELD_NOT_PRESET; myFileStatusInfo.ExportTable = UE_FIELD_NOT_PRESET;
} }
/* /*
Relocation table check Relocation table check
*/ */
if(PEHeader64->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_BASERELOC && PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress != NULL) if(PEHeader64->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_BASERELOC && PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress != NULL)
{ {
@ -1050,7 +1050,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
else else
{ {
/* /*
Export table check Export table check
*/ */
if(PEHeader64->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_EXPORT && PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress != NULL) if(PEHeader64->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_EXPORT && PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress != NULL)
{ {
@ -1096,7 +1096,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
myFileStatusInfo.ExportTable = UE_FIELD_NOT_PRESET; myFileStatusInfo.ExportTable = UE_FIELD_NOT_PRESET;
} }
/* /*
Relocation table check Relocation table check
*/ */
if(PEHeader64->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_BASERELOC && PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress != NULL) if(PEHeader64->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_BASERELOC && PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress != NULL)
{ {
@ -1120,7 +1120,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
} }
} }
/* /*
Import table check Import table check
*/ */
if(PEHeader64->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_IMPORT && PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress != NULL) if(PEHeader64->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_IMPORT && PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress != NULL)
{ {
@ -1259,7 +1259,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
myFileStatusInfo.ImportTable = UE_FIELD_NOT_PRESET; myFileStatusInfo.ImportTable = UE_FIELD_NOT_PRESET;
} }
/* /*
TLS table check TLS table check
*/ */
if(PEHeader64->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_TLS && PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress != NULL) if(PEHeader64->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_TLS && PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress != NULL)
{ {
@ -1318,7 +1318,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
myFileStatusInfo.TLSTable = UE_FIELD_NOT_PRESET; myFileStatusInfo.TLSTable = UE_FIELD_NOT_PRESET;
} }
/* /*
Load config table check Load config table check
*/ */
if(PEHeader64->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG && PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG].VirtualAddress != NULL) if(PEHeader64->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG && PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG].VirtualAddress != NULL)
{ {
@ -1341,7 +1341,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
} }
SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.LoadConfigTable, false); SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.LoadConfigTable, false);
/* /*
Bound import table check Bound import table check
*/ */
if(PEHeader64->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT && PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT].VirtualAddress != NULL) if(PEHeader64->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT && PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT].VirtualAddress != NULL)
{ {
@ -1380,7 +1380,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
} }
SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.BoundImportTable, false); SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.BoundImportTable, false);
/* /*
IAT check IAT check
*/ */
if(PEHeader64->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_IAT && PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IAT].VirtualAddress != NULL) if(PEHeader64->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_IAT && PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IAT].VirtualAddress != NULL)
{ {
@ -1403,7 +1403,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
} }
SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.IATTable, false); SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.IATTable, false);
/* /*
COM header check COM header check
*/ */
if(PEHeader64->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR && PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR].VirtualAddress != NULL) if(PEHeader64->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR && PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR].VirtualAddress != NULL)
{ {
@ -1426,7 +1426,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
} }
SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.COMHeaderTable, false); SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.COMHeaderTable, false);
/* /*
Resource header check Resource header check
*/ */
if(PEHeader64->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_RESOURCE && PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_RESOURCE].VirtualAddress != NULL) if(PEHeader64->OptionalHeader.NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_RESOURCE && PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_RESOURCE].VirtualAddress != NULL)
{ {
@ -1472,7 +1472,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
myFileStatusInfo.ResourceTable = UE_FIELD_NOT_PRESET; myFileStatusInfo.ResourceTable = UE_FIELD_NOT_PRESET;
} }
/* /*
Section check Section check
*/ */
PESections = IMAGE_FIRST_SECTION(PEHeader64); PESections = IMAGE_FIRST_SECTION(PEHeader64);
NumberOfSections = PEHeader64->FileHeader.NumberOfSections; NumberOfSections = PEHeader64->FileHeader.NumberOfSections;
@ -1509,7 +1509,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.SizeOfImage, true); SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.SizeOfImage, true);
SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.SectionTable, true); SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.SectionTable, true);
/* /*
Entry point check Entry point check
*/ */
SectionNumber = GetPE32SectionNumberFromVA(FileMapVA, PEHeader64->OptionalHeader.AddressOfEntryPoint + (ULONG_PTR)PEHeader64->OptionalHeader.ImageBase); SectionNumber = GetPE32SectionNumberFromVA(FileMapVA, PEHeader64->OptionalHeader.AddressOfEntryPoint + (ULONG_PTR)PEHeader64->OptionalHeader.ImageBase);
if(SectionNumber != -1) if(SectionNumber != -1)
@ -1539,7 +1539,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
} }
SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.EntryPoint, true); SetOverallFileStatus(&myFileStatusInfo, myFileStatusInfo.EntryPoint, true);
/* /*
Return data Return data
*/ */
if(FileStatusInfo != NULL) if(FileStatusInfo != NULL)
{ {
@ -1590,7 +1590,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileEx(char* szFileName, LPVOID
if(szFileName != NULL) if(szFileName != NULL)
{ {
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return(FixBrokenPE32FileExW(uniFileName, FileStatusInfo, FileFixInfo)); return(FixBrokenPE32FileExW(uniFileName, FileStatusInfo, FileFixInfo));
} }
else else
@ -1643,7 +1643,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
if(myFileStatusInfo == NULL) //here check for myfilestrus..ah lol, youre right if(myFileStatusInfo == NULL) //here check for myfilestrus..ah lol, youre right
{ {
myFileStatusInfo=(PFILE_STATUS_INFO)&filestatusinfo; myFileStatusInfo = (PFILE_STATUS_INFO)&filestatusinfo;
IsPE32FileValidExW(szFileName, UE_DEPTH_DEEP, myFileStatusInfo); IsPE32FileValidExW(szFileName, UE_DEPTH_DEEP, myFileStatusInfo);
} }
if(myFileFixInfo->FileFixPerformed == false && myFileStatusInfo->OveralEvaluation == UE_RESULT_FILE_INVALID_BUT_FIXABLE) if(myFileFixInfo->FileFixPerformed == false && myFileStatusInfo->OveralEvaluation == UE_RESULT_FILE_INVALID_BUT_FIXABLE)
@ -1702,7 +1702,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
if(!FileIs64) if(!FileIs64)
{ {
/* /*
x86 Surface check x86 Surface check
*/ */
__try __try
{ {
@ -1715,7 +1715,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
CorrectedImageSize = ((PEHeader32->OptionalHeader.SizeOfImage / PEHeader32->OptionalHeader.SectionAlignment) + 1) * PEHeader32->OptionalHeader.SectionAlignment; CorrectedImageSize = ((PEHeader32->OptionalHeader.SizeOfImage / PEHeader32->OptionalHeader.SectionAlignment) + 1) * PEHeader32->OptionalHeader.SectionAlignment;
} }
/* /*
Fixing import table Fixing import table
*/ */
if(myFileStatusInfo->MissingDeclaredAPIs) if(myFileStatusInfo->MissingDeclaredAPIs)
{ {
@ -1824,7 +1824,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
} }
} }
/* /*
Fixing Export table Fixing Export table
*/ */
if(myFileStatusInfo->ExportTable == UE_FIELD_NOT_PRESET_WARNING) if(myFileStatusInfo->ExportTable == UE_FIELD_NOT_PRESET_WARNING)
{ {
@ -1889,7 +1889,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
} }
} }
/* /*
Fixing Relocation table Fixing Relocation table
*/ */
if(myFileStatusInfo->FileIsDLL == true && myFileStatusInfo->RelocationTable == UE_FIELD_BROKEN_NON_FIXABLE) if(myFileStatusInfo->FileIsDLL == true && myFileStatusInfo->RelocationTable == UE_FIELD_BROKEN_NON_FIXABLE)
{ {
@ -1981,7 +1981,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
FileFixed = false; FileFixed = false;
} }
/* /*
Fixing Resource table Fixing Resource table
*/ */
if(myFileFixInfo->DontFixResources == false && myFileStatusInfo->ResourceData != UE_FIELD_OK && myFileStatusInfo->ResourceData != UE_FIELD_NOT_PRESET) if(myFileFixInfo->DontFixResources == false && myFileStatusInfo->ResourceData != UE_FIELD_OK && myFileStatusInfo->ResourceData != UE_FIELD_NOT_PRESET)
{ {
@ -2018,7 +2018,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
} }
} }
/* /*
Fixing TLS table Fixing TLS table
*/ */
if(myFileFixInfo->DontFixTLS == false && myFileStatusInfo->TLSTable != UE_FIELD_OK && myFileStatusInfo->TLSTable != UE_FIELD_NOT_PRESET) if(myFileFixInfo->DontFixTLS == false && myFileStatusInfo->TLSTable != UE_FIELD_OK && myFileStatusInfo->TLSTable != UE_FIELD_NOT_PRESET)
{ {
@ -2095,7 +2095,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
} }
} }
/* /*
Fix Load config table Fix Load config table
*/ */
if(myFileFixInfo->DontFixLoadConfig == false && myFileStatusInfo->LoadConfigTable != UE_FIELD_OK && myFileStatusInfo->LoadConfigTable != UE_FIELD_NOT_PRESET) if(myFileFixInfo->DontFixLoadConfig == false && myFileStatusInfo->LoadConfigTable != UE_FIELD_OK && myFileStatusInfo->LoadConfigTable != UE_FIELD_NOT_PRESET)
{ {
@ -2124,7 +2124,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
} }
} }
/* /*
Fix Bound import table Fix Bound import table
*/ */
if(myFileFixInfo->DontFixBoundImports == false && myFileStatusInfo->BoundImportTable != UE_FIELD_OK && myFileStatusInfo->BoundImportTable != UE_FIELD_NOT_PRESET) if(myFileFixInfo->DontFixBoundImports == false && myFileStatusInfo->BoundImportTable != UE_FIELD_OK && myFileStatusInfo->BoundImportTable != UE_FIELD_NOT_PRESET)
{ {
@ -2153,7 +2153,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
} }
} }
/* /*
Fix IAT Fix IAT
*/ */
if(myFileFixInfo->DontFixIAT == false && myFileStatusInfo->IATTable != UE_FIELD_OK && myFileStatusInfo->IATTable != UE_FIELD_NOT_PRESET) if(myFileFixInfo->DontFixIAT == false && myFileStatusInfo->IATTable != UE_FIELD_OK && myFileStatusInfo->IATTable != UE_FIELD_NOT_PRESET)
{ {
@ -2182,7 +2182,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
} }
} }
/* /*
Fix COM header Fix COM header
*/ */
if(myFileFixInfo->DontFixCOM == false && myFileStatusInfo->COMHeaderTable != UE_FIELD_OK && myFileStatusInfo->COMHeaderTable != UE_FIELD_NOT_PRESET) if(myFileFixInfo->DontFixCOM == false && myFileStatusInfo->COMHeaderTable != UE_FIELD_OK && myFileStatusInfo->COMHeaderTable != UE_FIELD_NOT_PRESET)
{ {
@ -2211,7 +2211,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
} }
} }
/* /*
Fix sections and SizeOfImage Fix sections and SizeOfImage
*/ */
if(myFileStatusInfo->SectionTable != UE_FIELD_OK || myFileStatusInfo->SizeOfImage != UE_FIELD_OK) if(myFileStatusInfo->SectionTable != UE_FIELD_OK || myFileStatusInfo->SizeOfImage != UE_FIELD_OK)
{ {
@ -2252,7 +2252,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
} }
} }
/* /*
Entry point check Entry point check
*/ */
if(myFileStatusInfo->EntryPoint != UE_FIELD_OK) if(myFileStatusInfo->EntryPoint != UE_FIELD_OK)
{ {
@ -2275,7 +2275,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
} }
} }
/* /*
Fix end Fix end
*/ */
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA); UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
if(FileFixed) if(FileFixed)
@ -2295,7 +2295,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
else else
{ {
/* /*
x64 Surface check x64 Surface check
*/ */
__try __try
{ {
@ -2308,7 +2308,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
CorrectedImageSize = ((PEHeader64->OptionalHeader.SizeOfImage / PEHeader64->OptionalHeader.SectionAlignment) + 1) * PEHeader64->OptionalHeader.SectionAlignment; CorrectedImageSize = ((PEHeader64->OptionalHeader.SizeOfImage / PEHeader64->OptionalHeader.SectionAlignment) + 1) * PEHeader64->OptionalHeader.SectionAlignment;
} }
/* /*
Fixing import table Fixing import table
*/ */
if(myFileStatusInfo->MissingDeclaredAPIs) if(myFileStatusInfo->MissingDeclaredAPIs)
{ {
@ -2417,7 +2417,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
} }
} }
/* /*
Fixing Export table Fixing Export table
*/ */
if(myFileStatusInfo->ExportTable == UE_FIELD_NOT_PRESET_WARNING) if(myFileStatusInfo->ExportTable == UE_FIELD_NOT_PRESET_WARNING)
{ {
@ -2482,7 +2482,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
} }
} }
/* /*
Fixing Relocation table Fixing Relocation table
*/ */
if(myFileStatusInfo->FileIsDLL == true && myFileStatusInfo->RelocationTable == UE_FIELD_BROKEN_NON_FIXABLE) if(myFileStatusInfo->FileIsDLL == true && myFileStatusInfo->RelocationTable == UE_FIELD_BROKEN_NON_FIXABLE)
{ {
@ -2574,7 +2574,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
FileFixed = false; FileFixed = false;
} }
/* /*
Fixing Resource table Fixing Resource table
*/ */
if(myFileFixInfo->DontFixResources == false && myFileStatusInfo->ResourceData != UE_FIELD_OK && myFileStatusInfo->ResourceData != UE_FIELD_NOT_PRESET) if(myFileFixInfo->DontFixResources == false && myFileStatusInfo->ResourceData != UE_FIELD_OK && myFileStatusInfo->ResourceData != UE_FIELD_NOT_PRESET)
{ {
@ -2611,7 +2611,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
} }
} }
/* /*
Fixing TLS table Fixing TLS table
*/ */
if(myFileFixInfo->DontFixTLS == false && myFileStatusInfo->TLSTable != UE_FIELD_OK && myFileStatusInfo->TLSTable != UE_FIELD_NOT_PRESET) if(myFileFixInfo->DontFixTLS == false && myFileStatusInfo->TLSTable != UE_FIELD_OK && myFileStatusInfo->TLSTable != UE_FIELD_NOT_PRESET)
{ {
@ -2688,7 +2688,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
} }
} }
/* /*
Fix Load config table Fix Load config table
*/ */
if(myFileFixInfo->DontFixLoadConfig == false && myFileStatusInfo->LoadConfigTable != UE_FIELD_OK && myFileStatusInfo->LoadConfigTable != UE_FIELD_NOT_PRESET) if(myFileFixInfo->DontFixLoadConfig == false && myFileStatusInfo->LoadConfigTable != UE_FIELD_OK && myFileStatusInfo->LoadConfigTable != UE_FIELD_NOT_PRESET)
{ {
@ -2717,7 +2717,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
} }
} }
/* /*
Fix Bound import table Fix Bound import table
*/ */
if(myFileFixInfo->DontFixBoundImports == false && myFileStatusInfo->BoundImportTable != UE_FIELD_OK && myFileStatusInfo->BoundImportTable != UE_FIELD_NOT_PRESET) if(myFileFixInfo->DontFixBoundImports == false && myFileStatusInfo->BoundImportTable != UE_FIELD_OK && myFileStatusInfo->BoundImportTable != UE_FIELD_NOT_PRESET)
{ {
@ -2746,7 +2746,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
} }
} }
/* /*
Fix IAT Fix IAT
*/ */
if(myFileFixInfo->DontFixIAT == false && myFileStatusInfo->IATTable != UE_FIELD_OK && myFileStatusInfo->IATTable != UE_FIELD_NOT_PRESET) if(myFileFixInfo->DontFixIAT == false && myFileStatusInfo->IATTable != UE_FIELD_OK && myFileStatusInfo->IATTable != UE_FIELD_NOT_PRESET)
{ {
@ -2775,7 +2775,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
} }
} }
/* /*
Fix COM header Fix COM header
*/ */
if(myFileFixInfo->DontFixCOM == false && myFileStatusInfo->COMHeaderTable != UE_FIELD_OK && myFileStatusInfo->COMHeaderTable != UE_FIELD_NOT_PRESET) if(myFileFixInfo->DontFixCOM == false && myFileStatusInfo->COMHeaderTable != UE_FIELD_OK && myFileStatusInfo->COMHeaderTable != UE_FIELD_NOT_PRESET)
{ {
@ -2804,7 +2804,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
} }
} }
/* /*
Fix sections and SizeOfImage Fix sections and SizeOfImage
*/ */
if(myFileStatusInfo->SectionTable != UE_FIELD_OK || myFileStatusInfo->SizeOfImage != UE_FIELD_OK) if(myFileStatusInfo->SectionTable != UE_FIELD_OK || myFileStatusInfo->SizeOfImage != UE_FIELD_OK)
{ {
@ -2845,7 +2845,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
} }
} }
/* /*
Entry point check Entry point check
*/ */
if(myFileStatusInfo->EntryPoint != UE_FIELD_OK) if(myFileStatusInfo->EntryPoint != UE_FIELD_OK)
{ {
@ -2868,7 +2868,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
} }
} }
/* /*
Fix end Fix end
*/ */
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA); UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
if(FileFixed) if(FileFixed)

18
TitanEngine/TitanEngine.PE.Overlay.cpp
View File

@ -14,7 +14,7 @@ __declspec(dllexport) bool TITCALL FindOverlay(char* szFileName, LPDWORD Overlay
if(szFileName != NULL) if(szFileName != NULL)
{ {
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return(FindOverlayW(uniFileName, OverlayStart, OverlaySize)); return(FindOverlayW(uniFileName, OverlayStart, OverlaySize));
} }
else else
@ -156,8 +156,8 @@ __declspec(dllexport) bool TITCALL ExtractOverlay(char* szFileName, char* szExta
if(szFileName != NULL && szExtactedFileName != NULL) if(szFileName != NULL && szExtactedFileName != NULL)
{ {
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szExtactedFileName, lstrlenA(szExtactedFileName)+1, uniExtactedFileName, sizeof(uniExtactedFileName)/(sizeof(uniExtactedFileName[0]))); MultiByteToWideChar(CP_ACP, NULL, szExtactedFileName, lstrlenA(szExtactedFileName) + 1, uniExtactedFileName, sizeof(uniExtactedFileName) / (sizeof(uniExtactedFileName[0])));
return(ExtractOverlayW(uniFileName, uniExtactedFileName)); return(ExtractOverlayW(uniFileName, uniExtactedFileName));
} }
else else
@ -241,8 +241,8 @@ __declspec(dllexport) bool TITCALL AddOverlay(char* szFileName, char* szOverlayF
if(szFileName != NULL && szOverlayFileName != NULL) if(szFileName != NULL && szOverlayFileName != NULL)
{ {
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szOverlayFileName, lstrlenA(szOverlayFileName)+1, uniOverlayFileName, sizeof(uniOverlayFileName)/(sizeof(uniOverlayFileName[0]))); MultiByteToWideChar(CP_ACP, NULL, szOverlayFileName, lstrlenA(szOverlayFileName) + 1, uniOverlayFileName, sizeof(uniOverlayFileName) / (sizeof(uniOverlayFileName[0])));
return(AddOverlayW(uniFileName, uniOverlayFileName)); return(AddOverlayW(uniFileName, uniOverlayFileName));
} }
else else
@ -261,7 +261,7 @@ __declspec(dllexport) bool TITCALL AddOverlayW(wchar_t* szFileName, wchar_t* szO
DWORD uedNumberOfBytesRead = 0; DWORD uedNumberOfBytesRead = 0;
char ueReadBuffer[0x2000] = {0}; char ueReadBuffer[0x2000] = {0};
hFile = CreateFileW(szFileName, GENERIC_READ+GENERIC_WRITE, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); hFile = CreateFileW(szFileName, GENERIC_READ + GENERIC_WRITE, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
if(hFile != INVALID_HANDLE_VALUE) if(hFile != INVALID_HANDLE_VALUE)
{ {
hFileRead = CreateFileW(szOverlayFileName, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); hFileRead = CreateFileW(szOverlayFileName, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
@ -323,8 +323,8 @@ __declspec(dllexport) bool TITCALL CopyOverlay(char* szInFileName, char* szOutFi
if(szInFileName != NULL && szOutFileName != NULL) if(szInFileName != NULL && szOutFileName != NULL)
{ {
MultiByteToWideChar(CP_ACP, NULL, szInFileName, lstrlenA(szInFileName)+1, uniInFileName, sizeof(uniInFileName)/(sizeof(uniInFileName[0]))); MultiByteToWideChar(CP_ACP, NULL, szInFileName, lstrlenA(szInFileName) + 1, uniInFileName, sizeof(uniInFileName) / (sizeof(uniInFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szOutFileName, lstrlenA(szOutFileName)+1, uniOutFileName, sizeof(uniOutFileName)/(sizeof(uniOutFileName[0]))); MultiByteToWideChar(CP_ACP, NULL, szOutFileName, lstrlenA(szOutFileName) + 1, uniOutFileName, sizeof(uniOutFileName) / (sizeof(uniOutFileName[0])));
return(CopyOverlayW(uniInFileName, uniOutFileName)); return(CopyOverlayW(uniInFileName, uniOutFileName));
} }
else else
@ -359,7 +359,7 @@ __declspec(dllexport) bool TITCALL RemoveOverlay(char* szFileName)
if(szFileName != NULL) if(szFileName != NULL)
{ {
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return(RemoveOverlayW(uniFileName)); return(RemoveOverlayW(uniFileName));
} }
else else

22
TitanEngine/TitanEngine.PE.Section.cpp
View File

@ -12,8 +12,8 @@ __declspec(dllexport) bool TITCALL ExtractSection(char* szFileName, char* szDump
if(szFileName != NULL && szDumpFileName != NULL) if(szFileName != NULL && szDumpFileName != NULL)
{ {
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
MultiByteToWideChar(CP_ACP, NULL, szDumpFileName, lstrlenA(szDumpFileName)+1, uniDumpFileName, sizeof(uniDumpFileName)/(sizeof(uniDumpFileName[0]))); MultiByteToWideChar(CP_ACP, NULL, szDumpFileName, lstrlenA(szDumpFileName) + 1, uniDumpFileName, sizeof(uniDumpFileName) / (sizeof(uniDumpFileName[0])));
return(ExtractSectionW(uniFileName, uniDumpFileName, SectionNumber)); return(ExtractSectionW(uniFileName, uniDumpFileName, SectionNumber));
} }
else else
@ -130,7 +130,7 @@ __declspec(dllexport) bool TITCALL ResortFileSections(char* szFileName)
if(szFileName != NULL) if(szFileName != NULL)
{ {
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return(ResortFileSectionsW(uniFileName)); return(ResortFileSectionsW(uniFileName));
} }
else else
@ -346,7 +346,7 @@ __declspec(dllexport) bool TITCALL MakeAllSectionsRWE(char* szFileName)
if(szFileName != NULL) if(szFileName != NULL)
{ {
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return(MakeAllSectionsRWEW(uniFileName)); return(MakeAllSectionsRWEW(uniFileName));
} }
else else
@ -500,7 +500,7 @@ __declspec(dllexport) long TITCALL AddNewSectionEx(char* szFileName, char* szSec
if(szFileName != NULL) if(szFileName != NULL)
{ {
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return(AddNewSectionExW(uniFileName, szSectionName, SectionSize, SectionAttributes, SectionContent, ContentSize)); return(AddNewSectionExW(uniFileName, szSectionName, SectionSize, SectionAttributes, SectionContent, ContentSize));
} }
else else
@ -706,7 +706,7 @@ __declspec(dllexport) long TITCALL AddNewSectionExW(wchar_t* szFileName, char* s
PESections = IMAGE_FIRST_SECTION(PEHeader32); PESections = IMAGE_FIRST_SECTION(PEHeader32);
SectionNumber = PEHeader32->FileHeader.NumberOfSections; SectionNumber = PEHeader32->FileHeader.NumberOfSections;
PEHeader32->FileHeader.NumberOfSections = PEHeader32->FileHeader.NumberOfSections + 1; PEHeader32->FileHeader.NumberOfSections = PEHeader32->FileHeader.NumberOfSections + 1;
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + (SectionNumber - 1)* IMAGE_SIZEOF_SECTION_HEADER); PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + (SectionNumber - 1) * IMAGE_SIZEOF_SECTION_HEADER);
NewSectionVirtualOffset = PESections->VirtualAddress + (PESections->Misc.VirtualSize / PEHeader32->OptionalHeader.SectionAlignment) * PEHeader32->OptionalHeader.SectionAlignment; NewSectionVirtualOffset = PESections->VirtualAddress + (PESections->Misc.VirtualSize / PEHeader32->OptionalHeader.SectionAlignment) * PEHeader32->OptionalHeader.SectionAlignment;
if(NewSectionVirtualOffset < PESections->VirtualAddress + PESections->Misc.VirtualSize) if(NewSectionVirtualOffset < PESections->VirtualAddress + PESections->Misc.VirtualSize)
{ {
@ -788,7 +788,7 @@ __declspec(dllexport) long TITCALL AddNewSectionExW(wchar_t* szFileName, char* s
PESections = IMAGE_FIRST_SECTION(PEHeader64); PESections = IMAGE_FIRST_SECTION(PEHeader64);
SectionNumber = PEHeader64->FileHeader.NumberOfSections; SectionNumber = PEHeader64->FileHeader.NumberOfSections;
PEHeader32->FileHeader.NumberOfSections = PEHeader32->FileHeader.NumberOfSections + 1; PEHeader32->FileHeader.NumberOfSections = PEHeader32->FileHeader.NumberOfSections + 1;
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + (SectionNumber - 1)* IMAGE_SIZEOF_SECTION_HEADER); PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + (SectionNumber - 1) * IMAGE_SIZEOF_SECTION_HEADER);
NewSectionVirtualOffset = PESections->VirtualAddress + (PESections->Misc.VirtualSize / PEHeader64->OptionalHeader.SectionAlignment) * PEHeader64->OptionalHeader.SectionAlignment; NewSectionVirtualOffset = PESections->VirtualAddress + (PESections->Misc.VirtualSize / PEHeader64->OptionalHeader.SectionAlignment) * PEHeader64->OptionalHeader.SectionAlignment;
if(NewSectionVirtualOffset < PESections->VirtualAddress + PESections->Misc.VirtualSize) if(NewSectionVirtualOffset < PESections->VirtualAddress + PESections->Misc.VirtualSize)
{ {
@ -883,7 +883,7 @@ __declspec(dllexport) bool TITCALL ResizeLastSection(char* szFileName, DWORD Num
if(szFileName != NULL) if(szFileName != NULL)
{ {
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return(ResizeLastSectionW(uniFileName, NumberOfExpandBytes, AlignResizeData)); return(ResizeLastSectionW(uniFileName, NumberOfExpandBytes, AlignResizeData));
} }
else else
@ -1101,7 +1101,7 @@ __declspec(dllexport) bool TITCALL DeleteLastSection(char* szFileName)
if(szFileName != NULL) if(szFileName != NULL)
{ {
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return(DeleteLastSectionW(uniFileName)); return(DeleteLastSectionW(uniFileName));
} }
else else
@ -1289,7 +1289,7 @@ __declspec(dllexport) bool TITCALL WipeSection(char* szFileName, int WipeSection
if(szFileName != NULL) if(szFileName != NULL)
{ {
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return(WipeSectionW(uniFileName, WipeSectionNumber, RemovePhysically)); return(WipeSectionW(uniFileName, WipeSectionNumber, RemovePhysically));
} }
else else
@ -1340,7 +1340,7 @@ __declspec(dllexport) bool TITCALL WipeSectionW(wchar_t* szFileName, int WipeSec
DOSHeader = (PIMAGE_DOS_HEADER)FileMapVA; DOSHeader = (PIMAGE_DOS_HEADER)FileMapVA;
if(EngineValidateHeader(FileMapVA, FileHandle, NULL, DOSHeader, true)) if(EngineValidateHeader(FileMapVA, FileHandle, NULL, DOSHeader, true))
{ {
ULONG_PTR WipeRawSize=GetPE32DataFromMappedFile(FileMapVA, SectionNumber, UE_SECTIONRAWSIZE); ULONG_PTR WipeRawSize = GetPE32DataFromMappedFile(FileMapVA, SectionNumber, UE_SECTIONRAWSIZE);
if(!WipeRawSize) if(!WipeRawSize)
RemovePhysically = false; RemovePhysically = false;
PEHeader32 = (PIMAGE_NT_HEADERS32)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew); PEHeader32 = (PIMAGE_NT_HEADERS32)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);

2
TitanEngine/TitanEngine.PE.cpp
View File

@ -10,7 +10,7 @@ __declspec(dllexport) bool TITCALL PastePEHeader(HANDLE hProcess, LPVOID ImageBa
if(szDebuggedFileName != NULL) if(szDebuggedFileName != NULL)
{ {
MultiByteToWideChar(CP_ACP, NULL, szDebuggedFileName, lstrlenA(szDebuggedFileName)+1, uniDebuggedFileName, sizeof(uniDebuggedFileName)/(sizeof(uniDebuggedFileName[0]))); MultiByteToWideChar(CP_ACP, NULL, szDebuggedFileName, lstrlenA(szDebuggedFileName) + 1, uniDebuggedFileName, sizeof(uniDebuggedFileName) / (sizeof(uniDebuggedFileName[0])));
return(PastePEHeaderW(hProcess, ImageBase, uniDebuggedFileName)); return(PastePEHeaderW(hProcess, ImageBase, uniDebuggedFileName));
} }
else else

12
TitanEngine/TitanEngine.Process.cpp
View File

@ -28,7 +28,7 @@ __declspec(dllexport) long TITCALL GetActiveProcessIdW(wchar_t* szImageName)
wchar_t szProcessPath[1024] = {}; wchar_t szProcessPath[1024] = {};
DWORD cbNeeded = NULL; DWORD cbNeeded = NULL;
HANDLE hProcess; HANDLE hProcess;
wchar_t * nameOnly = 0; wchar_t* nameOnly = 0;
if(EnumProcesses(bProcessId, sizeof(bProcessId), &cbNeeded)) if(EnumProcesses(bProcessId, sizeof(bProcessId), &cbNeeded))
{ {
@ -45,15 +45,15 @@ __declspec(dllexport) long TITCALL GetActiveProcessIdW(wchar_t* szImageName)
lstrcpyW(szProcessPath, szTranslatedProcName); lstrcpyW(szProcessPath, szTranslatedProcName);
VirtualFree((void*)szTranslatedProcName, NULL, MEM_RELEASE); VirtualFree((void*)szTranslatedProcName, NULL, MEM_RELEASE);
EngineCloseHandle(hProcess); EngineCloseHandle(hProcess);
if(_wcsicmp(szProcessPath, szImageName) == 0) if(_wcsicmp(szProcessPath, szImageName) == 0)
{ {
return(bProcessId[i]); return(bProcessId[i]);
} }
else else
{ {
nameOnly = wcsrchr(szProcessPath, L'\\'); nameOnly = wcsrchr(szProcessPath, L'\\');
if (nameOnly) if(nameOnly)
{ {
nameOnly++; nameOnly++;
if(_wcsicmp(nameOnly, szImageName) == 0) if(_wcsicmp(nameOnly, szImageName) == 0)
@ -79,7 +79,7 @@ __declspec(dllexport) void TITCALL EnumProcessesWithLibrary(char* szLibraryName,
int i; int i;
int j; int j;
typedef void(TITCALL *fEnumFunction)(DWORD ProcessId, HMODULE ModuleBaseAddress); typedef void(TITCALL * fEnumFunction)(DWORD ProcessId, HMODULE ModuleBaseAddress);
fEnumFunction myEnumFunction = (fEnumFunction)EnumFunction; fEnumFunction myEnumFunction = (fEnumFunction)EnumFunction;
HMODULE EnumeratedModules[1024] = {0}; HMODULE EnumeratedModules[1024] = {0};
DWORD bProcessId[1024] = {0}; DWORD bProcessId[1024] = {0};
@ -96,7 +96,7 @@ __declspec(dllexport) void TITCALL EnumProcessesWithLibrary(char* szLibraryName,
{ {
if(bProcessId[i] != NULL) if(bProcessId[i] != NULL)
{ {
hProcess = EngineOpenProcess(PROCESS_VM_READ|PROCESS_QUERY_INFORMATION, 0, bProcessId[i]); hProcess = EngineOpenProcess(PROCESS_VM_READ | PROCESS_QUERY_INFORMATION, 0, bProcessId[i]);
if(hProcess != NULL) if(hProcess != NULL)
{ {
RtlZeroMemory(EnumeratedModules, sizeof(EnumeratedModules)); RtlZeroMemory(EnumeratedModules, sizeof(EnumeratedModules));

2
TitanEngine/TitanEngine.Realigner.cpp
View File

@ -220,7 +220,7 @@ __declspec(dllexport) long TITCALL RealignPEEx(char* szFileName, DWORD RealingFi
if(szFileName != NULL) if(szFileName != NULL)
{ {
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return(RealignPEExW(uniFileName, RealingFileSize, ForcedFileAlignment)); return(RealignPEExW(uniFileName, RealingFileSize, ForcedFileAlignment));
} }
else else

10
TitanEngine/TitanEngine.Relocator.cpp
View File

@ -185,7 +185,7 @@ __declspec(dllexport) bool TITCALL RelocaterExportRelocationEx(char* szFileName,
if(szFileName != NULL) if(szFileName != NULL)
{ {
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return(RelocaterExportRelocationExW(uniFileName, szSectionName)); return(RelocaterExportRelocationExW(uniFileName, szSectionName));
} }
else else
@ -319,8 +319,8 @@ __declspec(dllexport) bool TITCALL RelocaterCompareTwoSnapshots(HANDLE hProcess,
if(szDumpFile1 != NULL && szDumpFile2 != NULL) if(szDumpFile1 != NULL && szDumpFile2 != NULL)
{ {
MultiByteToWideChar(CP_ACP, NULL, szDumpFile1, lstrlenA(szDumpFile1)+1, uniDumpFile1, sizeof(uniDumpFile1)/(sizeof(uniDumpFile1[0]))); MultiByteToWideChar(CP_ACP, NULL, szDumpFile1, lstrlenA(szDumpFile1) + 1, uniDumpFile1, sizeof(uniDumpFile1) / (sizeof(uniDumpFile1[0])));
MultiByteToWideChar(CP_ACP, NULL, szDumpFile2, lstrlenA(szDumpFile2)+1, uniDumpFile2, sizeof(uniDumpFile2)/(sizeof(uniDumpFile2[0]))); MultiByteToWideChar(CP_ACP, NULL, szDumpFile2, lstrlenA(szDumpFile2) + 1, uniDumpFile2, sizeof(uniDumpFile2) / (sizeof(uniDumpFile2[0])));
return(RelocaterCompareTwoSnapshotsW(hProcess, LoadedImageBase, NtSizeOfImage, uniDumpFile1, uniDumpFile2, MemStart)); return(RelocaterCompareTwoSnapshotsW(hProcess, LoadedImageBase, NtSizeOfImage, uniDumpFile1, uniDumpFile2, MemStart));
} }
else else
@ -450,7 +450,7 @@ __declspec(dllexport) bool TITCALL RelocaterChangeFileBase(char* szFileName, ULO
if(szFileName != NULL) if(szFileName != NULL)
{ {
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return(RelocaterChangeFileBaseW(uniFileName, NewImageBase)); return(RelocaterChangeFileBaseW(uniFileName, NewImageBase));
} }
else else
@ -733,7 +733,7 @@ __declspec(dllexport) bool TITCALL RelocaterWipeRelocationTable(char* szFileName
if(szFileName != NULL) if(szFileName != NULL)
{ {
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return(RelocaterWipeRelocationTableW(uniFileName)); return(RelocaterWipeRelocationTableW(uniFileName));
} }
else else

14
TitanEngine/TitanEngine.Resourcer.cpp
View File

@ -115,10 +115,10 @@ __declspec(dllexport) bool TITCALL ResourcerFindResource(char* szFileName, char*
if(szFileName != NULL) if(szFileName != NULL)
{ {
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
if(szResourceName != NULL) if(szResourceName != NULL)
{ {
MultiByteToWideChar(CP_ACP, NULL, szResourceName, lstrlenA(szResourceName)+1, uniResourceName, sizeof(uniResourceName)/(sizeof(uniResourceName[0]))); MultiByteToWideChar(CP_ACP, NULL, szResourceName, lstrlenA(szResourceName) + 1, uniResourceName, sizeof(uniResourceName) / (sizeof(uniResourceName[0])));
} }
else else
{ {
@ -126,7 +126,7 @@ __declspec(dllexport) bool TITCALL ResourcerFindResource(char* szFileName, char*
} }
if(szResourceType != NULL) if(szResourceType != NULL)
{ {
MultiByteToWideChar(CP_ACP, NULL, szResourceType, lstrlenA(szResourceType)+1, uniResourceType, sizeof(uniResourceType)/(sizeof(uniResourceType[0]))); MultiByteToWideChar(CP_ACP, NULL, szResourceType, lstrlenA(szResourceType) + 1, uniResourceType, sizeof(uniResourceType) / (sizeof(uniResourceType[0])));
} }
else else
{ {
@ -168,7 +168,7 @@ __declspec(dllexport) bool TITCALL ResourcerFindResourceW(wchar_t* szFileName, w
__declspec(dllexport) bool TITCALL ResourcerFindResourceEx(ULONG_PTR FileMapVA, DWORD FileSize, wchar_t* szResourceType, DWORD ResourceType, wchar_t* szResourceName, DWORD ResourceName, DWORD ResourceLanguage, PULONG_PTR pResourceData, LPDWORD pResourceSize) __declspec(dllexport) bool TITCALL ResourcerFindResourceEx(ULONG_PTR FileMapVA, DWORD FileSize, wchar_t* szResourceType, DWORD ResourceType, wchar_t* szResourceName, DWORD ResourceName, DWORD ResourceLanguage, PULONG_PTR pResourceData, LPDWORD pResourceSize)
{ {
int i,j,n; int i, j, n;
wchar_t* uniResourceName; wchar_t* uniResourceName;
wchar_t* uniResourceType; wchar_t* uniResourceType;
PIMAGE_RESOURCE_DIRECTORY PEResource; PIMAGE_RESOURCE_DIRECTORY PEResource;
@ -255,7 +255,7 @@ __declspec(dllexport) void TITCALL ResourcerEnumerateResource(char* szFileName,
if(szFileName != NULL) if(szFileName != NULL)
{ {
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
ResourcerEnumerateResourceW(uniFileName, CallBack); ResourcerEnumerateResourceW(uniFileName, CallBack);
} }
} }
@ -278,7 +278,7 @@ __declspec(dllexport) void TITCALL ResourcerEnumerateResourceW(wchar_t* szFileNa
__declspec(dllexport) void TITCALL ResourcerEnumerateResourceEx(ULONG_PTR FileMapVA, DWORD FileSize, void* CallBack) __declspec(dllexport) void TITCALL ResourcerEnumerateResourceEx(ULONG_PTR FileMapVA, DWORD FileSize, void* CallBack)
{ {
int i,j,n; int i, j, n;
wchar_t* uniResourceName; wchar_t* uniResourceName;
wchar_t* uniResourceType; wchar_t* uniResourceType;
PIMAGE_RESOURCE_DIRECTORY PEResource; PIMAGE_RESOURCE_DIRECTORY PEResource;
@ -289,7 +289,7 @@ __declspec(dllexport) void TITCALL ResourcerEnumerateResourceEx(ULONG_PTR FileMa
PIMAGE_RESOURCE_DIRECTORY PESubResourcePtr2; PIMAGE_RESOURCE_DIRECTORY PESubResourcePtr2;
PIMAGE_RESOURCE_DIRECTORY_ENTRY PEResourceDir2; PIMAGE_RESOURCE_DIRECTORY_ENTRY PEResourceDir2;
PIMAGE_RESOURCE_DATA_ENTRY PEResourceItem; PIMAGE_RESOURCE_DATA_ENTRY PEResourceItem;
typedef bool(TITCALL *fResourceEnumerator)(wchar_t* szResourceType, DWORD ResourceType, wchar_t* szResourceName, DWORD ResourceName, DWORD ResourceLanguage, DWORD ResourceData, DWORD ResourceSize); typedef bool(TITCALL * fResourceEnumerator)(wchar_t* szResourceType, DWORD ResourceType, wchar_t* szResourceName, DWORD ResourceName, DWORD ResourceLanguage, DWORD ResourceData, DWORD ResourceSize);
fResourceEnumerator myResourceEnumerator = (fResourceEnumerator)CallBack; fResourceEnumerator myResourceEnumerator = (fResourceEnumerator)CallBack;
__try __try

18
TitanEngine/TitanEngine.Static.cpp
View File

@ -62,7 +62,7 @@ __declspec(dllexport) bool TITCALL StaticFileUnload(char* szFileName, bool Commi
if(szFileName != NULL) if(szFileName != NULL)
{ {
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return(StaticFileUnloadW(uniFileName, CommitChanges, FileHandle, LoadedSize, FileMap, FileMapVA)); return(StaticFileUnloadW(uniFileName, CommitChanges, FileHandle, LoadedSize, FileMap, FileMapVA));
} }
else else
@ -183,7 +183,7 @@ __declspec(dllexport) bool TITCALL StaticFileOpen(char* szFileName, DWORD Desire
if(szFileName != NULL) if(szFileName != NULL)
{ {
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return StaticFileOpenW(uniFileName, DesiredAccess, FileHandle, FileSizeLow, FileSizeHigh); return StaticFileOpenW(uniFileName, DesiredAccess, FileHandle, FileSizeLow, FileSizeHigh);
} }
@ -251,7 +251,7 @@ __declspec(dllexport) void TITCALL StaticMemoryDecrypt(LPVOID MemoryStart, DWORD
ULONG64 DataQword = NULL; ULONG64 DataQword = NULL;
//ignore too big stuff //ignore too big stuff
if(DecryptionKeySize>sizeof(ULONG_PTR)) if(DecryptionKeySize > sizeof(ULONG_PTR))
return; return;
if(MemoryStart != NULL && MemorySize > NULL) if(MemoryStart != NULL && MemorySize > NULL)
@ -349,7 +349,7 @@ __declspec(dllexport) void TITCALL StaticMemoryDecrypt(LPVOID MemoryStart, DWORD
__declspec(dllexport) void TITCALL StaticMemoryDecryptEx(LPVOID MemoryStart, DWORD MemorySize, DWORD DecryptionKeySize, void* DecryptionCallBack) __declspec(dllexport) void TITCALL StaticMemoryDecryptEx(LPVOID MemoryStart, DWORD MemorySize, DWORD DecryptionKeySize, void* DecryptionCallBack)
{ {
DWORD LoopCount = NULL; DWORD LoopCount = NULL;
typedef bool(TITCALL *fStaticCallBack)(void* sMemoryStart, int sKeySize); typedef bool(TITCALL * fStaticCallBack)(void* sMemoryStart, int sKeySize);
fStaticCallBack myStaticCallBack = (fStaticCallBack)DecryptionCallBack; fStaticCallBack myStaticCallBack = (fStaticCallBack)DecryptionCallBack;
if(MemoryStart != NULL && MemorySize > NULL) if(MemoryStart != NULL && MemorySize > NULL)
@ -377,7 +377,7 @@ __declspec(dllexport) void TITCALL StaticMemoryDecryptEx(LPVOID MemoryStart, DWO
__declspec(dllexport) void TITCALL StaticMemoryDecryptSpecial(LPVOID MemoryStart, DWORD MemorySize, DWORD DecryptionKeySize, DWORD SpecDecryptionType, void* DecryptionCallBack) __declspec(dllexport) void TITCALL StaticMemoryDecryptSpecial(LPVOID MemoryStart, DWORD MemorySize, DWORD DecryptionKeySize, DWORD SpecDecryptionType, void* DecryptionCallBack)
{ {
DWORD LoopCount = NULL; DWORD LoopCount = NULL;
typedef bool(TITCALL *fStaticCallBack)(void* sMemoryStart, int sKeySize); typedef bool(TITCALL * fStaticCallBack)(void* sMemoryStart, int sKeySize);
fStaticCallBack myStaticCallBack = (fStaticCallBack)DecryptionCallBack; fStaticCallBack myStaticCallBack = (fStaticCallBack)DecryptionCallBack;
if(MemoryStart != NULL && MemorySize > NULL) if(MemoryStart != NULL && MemorySize > NULL)
@ -463,7 +463,7 @@ __declspec(dllexport) bool TITCALL StaticRawMemoryCopy(HANDLE hFile, ULONG_PTR F
if(szDumpFileName != NULL) if(szDumpFileName != NULL)
{ {
MultiByteToWideChar(CP_ACP, NULL, szDumpFileName, lstrlenA(szDumpFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); MultiByteToWideChar(CP_ACP, NULL, szDumpFileName, lstrlenA(szDumpFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return(StaticRawMemoryCopyW(hFile, FileMapVA, VitualAddressToCopy, Size, AddressIsRVA, uniFileName)); return(StaticRawMemoryCopyW(hFile, FileMapVA, VitualAddressToCopy, Size, AddressIsRVA, uniFileName));
} }
else else
@ -564,7 +564,7 @@ __declspec(dllexport) bool TITCALL StaticRawMemoryCopyEx(HANDLE hFile, DWORD Raw
if(szDumpFileName != NULL) if(szDumpFileName != NULL)
{ {
MultiByteToWideChar(CP_ACP, NULL, szDumpFileName, lstrlenA(szDumpFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); MultiByteToWideChar(CP_ACP, NULL, szDumpFileName, lstrlenA(szDumpFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return(StaticRawMemoryCopyExW(hFile, RawAddressToCopy, Size, uniFileName)); return(StaticRawMemoryCopyExW(hFile, RawAddressToCopy, Size, uniFileName));
} }
else else
@ -651,7 +651,7 @@ __declspec(dllexport) bool TITCALL StaticRawMemoryCopyEx64(HANDLE hFile, DWORD64
if(szDumpFileName != NULL) if(szDumpFileName != NULL)
{ {
MultiByteToWideChar(CP_ACP, NULL, szDumpFileName, lstrlenA(szDumpFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); MultiByteToWideChar(CP_ACP, NULL, szDumpFileName, lstrlenA(szDumpFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return StaticRawMemoryCopyEx64W(hFile, RawAddressToCopy, Size, uniFileName); return StaticRawMemoryCopyEx64W(hFile, RawAddressToCopy, Size, uniFileName);
} }
@ -895,7 +895,7 @@ __declspec(dllexport) bool TITCALL StaticHashFile(char* szFileName, char* HashDi
if(szFileName != NULL) if(szFileName != NULL)
{ {
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return StaticHashFileW(uniFileName, HashDigest, OutputString, Algorithm); return StaticHashFileW(uniFileName, HashDigest, OutputString, Algorithm);
} }

30
TitanEngine/TitanEngine.TLS.cpp
View File

@ -20,7 +20,7 @@ __declspec(dllexport) bool TITCALL TLSBreakOnCallBack(LPVOID ArrayOfCallBacks, D
if(NumberOfCallBacks && EngineIsValidReadPtrEx(ReadArrayOfCallBacks, sizeof(ULONG_PTR)*NumberOfCallBacks) && bpxCallBack) if(NumberOfCallBacks && EngineIsValidReadPtrEx(ReadArrayOfCallBacks, sizeof(ULONG_PTR)*NumberOfCallBacks) && bpxCallBack)
{ {
ClearTlsCallBackList(); //clear TLS cb list ClearTlsCallBackList(); //clear TLS cb list
for(unsigned int i=0; i<NumberOfCallBacks; i++) for(unsigned int i = 0; i < NumberOfCallBacks; i++)
tlsCallBackList.push_back(ReadArrayOfCallBacks[i]); tlsCallBackList.push_back(ReadArrayOfCallBacks[i]);
engineTLSBreakOnCallBackAddress = (ULONG_PTR)bpxCallBack; engineTLSBreakOnCallBackAddress = (ULONG_PTR)bpxCallBack;
engineTLSBreakOnCallBack = true; engineTLSBreakOnCallBack = true;
@ -34,7 +34,7 @@ __declspec(dllexport) bool TITCALL TLSGrabCallBackData(char* szFileName, LPVOID
wchar_t uniFileName[MAX_PATH] = {}; wchar_t uniFileName[MAX_PATH] = {};
if(szFileName) if(szFileName)
{ {
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return TLSGrabCallBackDataW(uniFileName, ArrayOfCallBacks, NumberOfCallBacks); return TLSGrabCallBackDataW(uniFileName, ArrayOfCallBacks, NumberOfCallBacks);
} }
return false; return false;
@ -45,7 +45,7 @@ __declspec(dllexport) bool TITCALL TLSGrabCallBackDataW(wchar_t* szFileName, LPV
DWORD FileSize; DWORD FileSize;
HANDLE FileMap; HANDLE FileMap;
ULONG_PTR FileMapVA; ULONG_PTR FileMapVA;
if(MapFileExW(szFileName, UE_ACCESS_READ, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL)) if(MapFileExW(szFileName, UE_ACCESS_READ, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL))
{ {
PIMAGE_DOS_HEADER DOSHeader = (PIMAGE_DOS_HEADER)FileMapVA; PIMAGE_DOS_HEADER DOSHeader = (PIMAGE_DOS_HEADER)FileMapVA;
@ -187,7 +187,7 @@ __declspec(dllexport) bool TITCALL TLSBreakOnCallBackEx(char* szFileName, LPVOID
wchar_t uniFileName[MAX_PATH] = {}; wchar_t uniFileName[MAX_PATH] = {};
if(szFileName) if(szFileName)
{ {
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return TLSBreakOnCallBackExW(uniFileName, bpxCallBack); return TLSBreakOnCallBackExW(uniFileName, bpxCallBack);
} }
return false; return false;
@ -198,7 +198,7 @@ __declspec(dllexport) bool TITCALL TLSBreakOnCallBackExW(wchar_t* szFileName, LP
DWORD NumberOfCallBacks; DWORD NumberOfCallBacks;
if(TLSGrabCallBackDataW(szFileName, NULL, &NumberOfCallBacks)) if(TLSGrabCallBackDataW(szFileName, NULL, &NumberOfCallBacks))
{ {
DynBuf TlsArrayOfCallBacks(NumberOfCallBacks*sizeof(ULONG_PTR)); DynBuf TlsArrayOfCallBacks(NumberOfCallBacks * sizeof(ULONG_PTR));
if(TLSGrabCallBackDataW(szFileName, TlsArrayOfCallBacks.GetPtr(), &NumberOfCallBacks)) if(TLSGrabCallBackDataW(szFileName, TlsArrayOfCallBacks.GetPtr(), &NumberOfCallBacks))
{ {
return TLSBreakOnCallBack(TlsArrayOfCallBacks.GetPtr(), NumberOfCallBacks, bpxCallBack); return TLSBreakOnCallBack(TlsArrayOfCallBacks.GetPtr(), NumberOfCallBacks, bpxCallBack);
@ -212,7 +212,7 @@ __declspec(dllexport) bool TITCALL TLSRemoveCallback(char* szFileName)
wchar_t uniFileName[MAX_PATH] = {}; wchar_t uniFileName[MAX_PATH] = {};
if(szFileName) if(szFileName)
{ {
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return TLSRemoveCallbackW(uniFileName); return TLSRemoveCallbackW(uniFileName);
} }
return false; return false;
@ -324,7 +324,7 @@ __declspec(dllexport) bool TITCALL TLSRemoveTable(char* szFileName)
wchar_t uniFileName[MAX_PATH] = {}; wchar_t uniFileName[MAX_PATH] = {};
if(szFileName) if(szFileName)
{ {
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return TLSRemoveTableW(uniFileName); return TLSRemoveTableW(uniFileName);
} }
return false; return false;
@ -424,7 +424,7 @@ __declspec(dllexport) bool TITCALL TLSBackupData(char* szFileName)
wchar_t uniFileName[MAX_PATH] = {}; wchar_t uniFileName[MAX_PATH] = {};
if(szFileName) if(szFileName)
{ {
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return TLSBackupDataW(uniFileName); return TLSBackupDataW(uniFileName);
} }
return false; return false;
@ -580,9 +580,9 @@ __declspec(dllexport) bool TITCALL TLSRestoreData()
if(engineBackupTLSDataX64.AddressOfCallBacks != NULL && engineBackupNumberOfCallBacks != NULL) if(engineBackupTLSDataX64.AddressOfCallBacks != NULL && engineBackupNumberOfCallBacks != NULL)
{ {
DynBuf BackupData(sizeof(ULONG_PTR)*engineBackupArrayOfCallBacks.size()); DynBuf BackupData(sizeof(ULONG_PTR)*engineBackupArrayOfCallBacks.size());
ULONG_PTR* Backup=(ULONG_PTR*)BackupData.GetPtr(); ULONG_PTR* Backup = (ULONG_PTR*)BackupData.GetPtr();
for(unsigned int i=0; i<engineBackupArrayOfCallBacks.size(); i++) for(unsigned int i = 0; i < engineBackupArrayOfCallBacks.size(); i++)
Backup[i]=engineBackupArrayOfCallBacks.at(i); Backup[i] = engineBackupArrayOfCallBacks.at(i);
if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)(engineBackupTLSDataX64.AddressOfCallBacks + GetDebuggedFileBaseAddress()), Backup, BackupData.Size(), &ueNumberOfBytesRead)) if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)(engineBackupTLSDataX64.AddressOfCallBacks + GetDebuggedFileBaseAddress()), Backup, BackupData.Size(), &ueNumberOfBytesRead))
{ {
engineBackupTLSAddress = NULL; engineBackupTLSAddress = NULL;
@ -603,9 +603,9 @@ __declspec(dllexport) bool TITCALL TLSRestoreData()
if(engineBackupTLSDataX86.AddressOfCallBacks != NULL && engineBackupNumberOfCallBacks != NULL) if(engineBackupTLSDataX86.AddressOfCallBacks != NULL && engineBackupNumberOfCallBacks != NULL)
{ {
DynBuf BackupData(sizeof(ULONG_PTR)*engineBackupArrayOfCallBacks.size()); DynBuf BackupData(sizeof(ULONG_PTR)*engineBackupArrayOfCallBacks.size());
ULONG_PTR* Backup=(ULONG_PTR*)BackupData.GetPtr(); ULONG_PTR* Backup = (ULONG_PTR*)BackupData.GetPtr();
for(unsigned int i=0; i<engineBackupArrayOfCallBacks.size(); i++) for(unsigned int i = 0; i < engineBackupArrayOfCallBacks.size(); i++)
Backup[i]=engineBackupArrayOfCallBacks.at(i); Backup[i] = engineBackupArrayOfCallBacks.at(i);
if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)(engineBackupTLSDataX86.AddressOfCallBacks + GetDebuggedFileBaseAddress()), Backup, BackupData.Size(), &ueNumberOfBytesRead)) if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)(engineBackupTLSDataX86.AddressOfCallBacks + GetDebuggedFileBaseAddress()), Backup, BackupData.Size(), &ueNumberOfBytesRead))
{ {
engineBackupTLSAddress = NULL; engineBackupTLSAddress = NULL;
@ -698,7 +698,7 @@ __declspec(dllexport) bool TITCALL TLSBuildNewTableEx(char* szFileName, char* sz
wchar_t uniFileName[MAX_PATH] = {}; wchar_t uniFileName[MAX_PATH] = {};
if(szFileName) if(szFileName)
{ {
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName) + 1, uniFileName, sizeof(uniFileName) / (sizeof(uniFileName[0])));
return TLSBuildNewTableExW(uniFileName, szSectionName, ArrayOfCallBacks, NumberOfCallBacks); return TLSBuildNewTableExW(uniFileName, szSectionName, ArrayOfCallBacks, NumberOfCallBacks);
} }
return false; return false;

96
TitanEngine/TitanEngine.Threader.cpp
View File

@ -5,14 +5,14 @@
#include "Global.Threader.h" #include "Global.Threader.h"
#include "Global.Debugger.h" #include "Global.Debugger.h"
void updateThreadList( THREAD_ITEM_DATA* NewThreadData ) void updateThreadList(THREAD_ITEM_DATA* NewThreadData)
{ {
bool notInList = true; bool notInList = true;
int count = (int)hListThread.size(); int count = (int)hListThread.size();
for (int i = 0; i < count; i++) for(int i = 0; i < count; i++)
{ {
if (hListThread.at(i).dwThreadId == NewThreadData->dwThreadId) if(hListThread.at(i).dwThreadId == NewThreadData->dwThreadId)
{ {
notInList = false; notInList = false;
CloseHandle(NewThreadData->hThread); //handle not needed CloseHandle(NewThreadData->hThread); //handle not needed
@ -28,7 +28,7 @@ void updateThreadList( THREAD_ITEM_DATA* NewThreadData )
} }
} }
if (notInList) if(notInList)
{ {
hListThread.push_back(*NewThreadData); hListThread.push_back(*NewThreadData);
} }
@ -40,27 +40,27 @@ __declspec(dllexport) bool TITCALL ThreaderImportRunningThreadData(DWORD Process
bool updateList = false; bool updateList = false;
DWORD dwProcessId = 0; DWORD dwProcessId = 0;
if (ProcessId == NULL && dbgProcessInformation.hProcess != NULL) if(ProcessId == NULL && dbgProcessInformation.hProcess != NULL)
{ {
updateList = true; updateList = true;
dwProcessId = GetProcessId(dbgProcessInformation.hProcess); dwProcessId = GetProcessId(dbgProcessInformation.hProcess);
} }
else if (ProcessId != NULL && dbgProcessInformation.hProcess != NULL) else if(ProcessId != NULL && dbgProcessInformation.hProcess != NULL)
{ {
updateList = true; updateList = true;
dwProcessId = ProcessId; dwProcessId = ProcessId;
} }
else if (ProcessId != NULL && dbgProcessInformation.hProcess == NULL) else if(ProcessId != NULL && dbgProcessInformation.hProcess == NULL)
{ {
updateList = false; updateList = false;
dwProcessId = ProcessId; dwProcessId = ProcessId;
} }
else if (ProcessId == NULL && dbgProcessInformation.hProcess == NULL) else if(ProcessId == NULL && dbgProcessInformation.hProcess == NULL)
{ {
return false; return false;
} }
if (updateList == false) if(updateList == false)
{ {
std::vector<THREAD_ITEM_DATA>().swap(hListThread); //clear thread list std::vector<THREAD_ITEM_DATA>().swap(hListThread); //clear thread list
} }
@ -73,15 +73,15 @@ __declspec(dllexport) bool TITCALL ThreaderImportRunningThreadData(DWORD Process
PSYSTEM_PROCESS_INFORMATION pIter; PSYSTEM_PROCESS_INFORMATION pIter;
PSYSTEM_THREAD_INFORMATION pIterThread; PSYSTEM_THREAD_INFORMATION pIterThread;
if (NtQuerySystemInformation(SystemProcessInformation, pBuffer, bufferLength, &retLength) == STATUS_INFO_LENGTH_MISMATCH) if(NtQuerySystemInformation(SystemProcessInformation, pBuffer, bufferLength, &retLength) == STATUS_INFO_LENGTH_MISMATCH)
{ {
free(pBuffer); free(pBuffer);
bufferLength = retLength + sizeof(SYSTEM_PROCESS_INFORMATION); bufferLength = retLength + sizeof(SYSTEM_PROCESS_INFORMATION);
pBuffer = (PSYSTEM_PROCESS_INFORMATION)malloc(bufferLength); pBuffer = (PSYSTEM_PROCESS_INFORMATION)malloc(bufferLength);
if (!pBuffer) if(!pBuffer)
return false; return false;
if (NtQuerySystemInformation(SystemProcessInformation, pBuffer, bufferLength, &retLength) != STATUS_SUCCESS) if(NtQuerySystemInformation(SystemProcessInformation, pBuffer, bufferLength, &retLength) != STATUS_SUCCESS)
{ {
return false; return false;
} }
@ -95,10 +95,10 @@ __declspec(dllexport) bool TITCALL ThreaderImportRunningThreadData(DWORD Process
while(TRUE) while(TRUE)
{ {
if (pIter->UniqueProcessId == (HANDLE)dwProcessId) if(pIter->UniqueProcessId == (HANDLE)dwProcessId)
{ {
pIterThread = &pIter->Threads[0]; pIterThread = &pIter->Threads[0];
for (ULONG i = 0; i < pIter->NumberOfThreads; i++) for(ULONG i = 0; i < pIter->NumberOfThreads; i++)
{ {
ZeroMemory(&NewThreadData, sizeof(THREAD_ITEM_DATA)); ZeroMemory(&NewThreadData, sizeof(THREAD_ITEM_DATA));
@ -113,18 +113,18 @@ __declspec(dllexport) bool TITCALL ThreaderImportRunningThreadData(DWORD Process
NewThreadData.dwThreadId = (DWORD)pIterThread->ClientId.UniqueThread; NewThreadData.dwThreadId = (DWORD)pIterThread->ClientId.UniqueThread;
NewThreadData.hThread = OpenThread(THREAD_ALL_ACCESS, FALSE, NewThreadData.dwThreadId); NewThreadData.hThread = OpenThread(THREAD_ALL_ACCESS, FALSE, NewThreadData.dwThreadId);
if (NewThreadData.hThread) if(NewThreadData.hThread)
{ {
NewThreadData.TebAddress = GetTEBLocation(NewThreadData.hThread); NewThreadData.TebAddress = GetTEBLocation(NewThreadData.hThread);
PVOID startAddress = 0; PVOID startAddress = 0;
if (NtQueryInformationThread(NewThreadData.hThread, ThreadQuerySetWin32StartAddress, &startAddress, sizeof(PVOID), NULL) == STATUS_SUCCESS) if(NtQueryInformationThread(NewThreadData.hThread, ThreadQuerySetWin32StartAddress, &startAddress, sizeof(PVOID), NULL) == STATUS_SUCCESS)
{ {
NewThreadData.ThreadStartAddress = startAddress; NewThreadData.ThreadStartAddress = startAddress;
} }
} }
if (updateList == false) if(updateList == false)
{ {
hListThread.push_back(NewThreadData); hListThread.push_back(NewThreadData);
} }
@ -139,7 +139,7 @@ __declspec(dllexport) bool TITCALL ThreaderImportRunningThreadData(DWORD Process
break; break;
} }
if (pIter->NextEntryOffset == 0) if(pIter->NextEntryOffset == 0)
{ {
break; break;
} }
@ -159,8 +159,8 @@ __declspec(dllexport) void* TITCALL ThreaderGetThreadInfo(HANDLE hThread, DWORD
return NULL; return NULL;
static THREAD_ITEM_DATA ThreadData; static THREAD_ITEM_DATA ThreadData;
memset(&ThreadData, 0, sizeof(THREAD_ITEM_DATA)); memset(&ThreadData, 0, sizeof(THREAD_ITEM_DATA));
int threadcount=(int)hListThread.size(); int threadcount = (int)hListThread.size();
for(int i=0; i<threadcount; i++) for(int i = 0; i < threadcount; i++)
if(hListThread.at(i).hThread == hThread || hListThread.at(i).dwThreadId == ThreadId) if(hListThread.at(i).hThread == hThread || hListThread.at(i).dwThreadId == ThreadId)
{ {
memcpy(&ThreadData, &hListThread.at(i), sizeof(THREAD_ITEM_DATA)); memcpy(&ThreadData, &hListThread.at(i), sizeof(THREAD_ITEM_DATA));
@ -171,10 +171,10 @@ __declspec(dllexport) void* TITCALL ThreaderGetThreadInfo(HANDLE hThread, DWORD
__declspec(dllexport) void TITCALL ThreaderEnumThreadInfo(void* EnumCallBack) __declspec(dllexport) void TITCALL ThreaderEnumThreadInfo(void* EnumCallBack)
{ {
typedef void(TITCALL *fEnumCallBack)(LPVOID fThreadDetail); typedef void(TITCALL * fEnumCallBack)(LPVOID fThreadDetail);
fEnumCallBack myEnumCallBack = (fEnumCallBack)EnumCallBack; fEnumCallBack myEnumCallBack = (fEnumCallBack)EnumCallBack;
int threadcount=(int)hListThread.size(); int threadcount = (int)hListThread.size();
for(int i=0; i<threadcount; i++) for(int i = 0; i < threadcount; i++)
{ {
__try __try
{ {
@ -189,8 +189,8 @@ __declspec(dllexport) void TITCALL ThreaderEnumThreadInfo(void* EnumCallBack)
__declspec(dllexport) bool TITCALL ThreaderPauseThread(HANDLE hThread) __declspec(dllexport) bool TITCALL ThreaderPauseThread(HANDLE hThread)
{ {
int threadcount=(int)hListThread.size(); int threadcount = (int)hListThread.size();
for(int i=0; i<threadcount; i++) for(int i = 0; i < threadcount; i++)
if(hListThread.at(i).hThread == hThread && SuspendThread(hThread) != -1) if(hListThread.at(i).hThread == hThread && SuspendThread(hThread) != -1)
return true; return true;
return false; return false;
@ -198,8 +198,8 @@ __declspec(dllexport) bool TITCALL ThreaderPauseThread(HANDLE hThread)
__declspec(dllexport) bool TITCALL ThreaderResumeThread(HANDLE hThread) __declspec(dllexport) bool TITCALL ThreaderResumeThread(HANDLE hThread)
{ {
int threadcount=(int)hListThread.size(); int threadcount = (int)hListThread.size();
for(int i=0; i<threadcount; i++) for(int i = 0; i < threadcount; i++)
if(hListThread.at(i).hThread == hThread && ResumeThread(hThread) != -1) if(hListThread.at(i).hThread == hThread && ResumeThread(hThread) != -1)
return true; return true;
return false; return false;
@ -207,11 +207,11 @@ __declspec(dllexport) bool TITCALL ThreaderResumeThread(HANDLE hThread)
__declspec(dllexport) bool TITCALL ThreaderTerminateThread(HANDLE hThread, DWORD ThreadExitCode) __declspec(dllexport) bool TITCALL ThreaderTerminateThread(HANDLE hThread, DWORD ThreadExitCode)
{ {
int threadcount=(int)hListThread.size(); int threadcount = (int)hListThread.size();
for(int i=0; i<threadcount; i++) for(int i = 0; i < threadcount; i++)
if(hListThread.at(i).hThread == hThread && TerminateThread(hThread, ThreadExitCode) != NULL) if(hListThread.at(i).hThread == hThread && TerminateThread(hThread, ThreadExitCode) != NULL)
{ {
hListThread.erase(hListThread.begin()+i); hListThread.erase(hListThread.begin() + i);
return true; return true;
} }
return false; return false;
@ -219,34 +219,34 @@ __declspec(dllexport) bool TITCALL ThreaderTerminateThread(HANDLE hThread, DWORD
__declspec(dllexport) bool TITCALL ThreaderPauseAllThreads(bool LeaveMainRunning) __declspec(dllexport) bool TITCALL ThreaderPauseAllThreads(bool LeaveMainRunning)
{ {
bool ret=true; bool ret = true;
int threadcount=(int)hListThread.size(); int threadcount = (int)hListThread.size();
for(int i=0; i<threadcount; i++) for(int i = 0; i < threadcount; i++)
{ {
DWORD suspended; DWORD suspended;
if(LeaveMainRunning && hListThread.at(i).hThread != dbgProcessInformation.hThread) if(LeaveMainRunning && hListThread.at(i).hThread != dbgProcessInformation.hThread)
suspended=SuspendThread(hListThread.at(i).hThread); suspended = SuspendThread(hListThread.at(i).hThread);
else else
suspended=SuspendThread(hListThread.at(i).hThread); suspended = SuspendThread(hListThread.at(i).hThread);
if(suspended==-1) if(suspended == -1)
ret=false; ret = false;
} }
return ret; return ret;
} }
__declspec(dllexport) bool TITCALL ThreaderResumeAllThreads(bool LeaveMainPaused) __declspec(dllexport) bool TITCALL ThreaderResumeAllThreads(bool LeaveMainPaused)
{ {
bool ret=true; bool ret = true;
int threadcount=(int)hListThread.size(); int threadcount = (int)hListThread.size();
for(int i=0; i<threadcount; i++) for(int i = 0; i < threadcount; i++)
{ {
DWORD resumed; DWORD resumed;
if(LeaveMainPaused && hListThread.at(i).hThread != dbgProcessInformation.hThread) if(LeaveMainPaused && hListThread.at(i).hThread != dbgProcessInformation.hThread)
resumed=ResumeThread(hListThread.at(i).hThread); resumed = ResumeThread(hListThread.at(i).hThread);
else else
resumed=ResumeThread(hListThread.at(i).hThread); resumed = ResumeThread(hListThread.at(i).hThread);
if(resumed==-1) if(resumed == -1)
ret=false; ret = false;
} }
return ret; return ret;
} }
@ -332,8 +332,8 @@ __declspec(dllexport) bool TITCALL ThreaderIsThreadActive(HANDLE hThread)
__declspec(dllexport) bool TITCALL ThreaderIsAnyThreadActive() __declspec(dllexport) bool TITCALL ThreaderIsAnyThreadActive()
{ {
int threadcount=(int)hListThread.size(); int threadcount = (int)hListThread.size();
for(int i=0; i<threadcount; i++) for(int i = 0; i < threadcount; i++)
if(ThreaderIsThreadActive(hListThread.at(i).hThread)) if(ThreaderIsThreadActive(hListThread.at(i).hThread))
return true; return true;
return false; return false;
@ -351,8 +351,8 @@ __declspec(dllexport) bool TITCALL ThreaderExecuteOnlyInjectedThreads()
__declspec(dllexport) ULONG_PTR TITCALL ThreaderGetOpenHandleForThread(DWORD ThreadId) __declspec(dllexport) ULONG_PTR TITCALL ThreaderGetOpenHandleForThread(DWORD ThreadId)
{ {
int threadcount=(int)hListThread.size(); int threadcount = (int)hListThread.size();
for(int i=0; i<threadcount; i++) for(int i = 0; i < threadcount; i++)
if(hListThread.at(i).dwThreadId == ThreadId) if(hListThread.at(i).dwThreadId == ThreadId)
return (ULONG_PTR)hListThread.at(i).hThread; return (ULONG_PTR)hListThread.at(i).hThread;
return 0; return 0;

500
TitanEngine/TitanEngine.Tracer.cpp
View File

@ -64,7 +64,7 @@ static ULONG_PTR EngineGlobalTracerHandler1(HANDLE hProcess, ULONG_PTR AddressTo
CurrentInstructionSize = StaticLengthDisassemble((LPVOID)TraceStartAddress); CurrentInstructionSize = StaticLengthDisassemble((LPVOID)TraceStartAddress);
CurrentNumberOfInstructions++; CurrentNumberOfInstructions++;
/* /*
Long JUMP (0xE9) Long JUMP (0xE9)
*/ */
if(HashInstructions == false && CompareMemory->DataByte[0] == 0xE9 && CurrentInstructionSize == 5) if(HashInstructions == false && CompareMemory->DataByte[0] == 0xE9 && CurrentInstructionSize == 5)
{ {
@ -95,7 +95,7 @@ static ULONG_PTR EngineGlobalTracerHandler1(HANDLE hProcess, ULONG_PTR AddressTo
} }
} }
/* /*
Near JUMP (0xFF25) Near JUMP (0xFF25)
*/ */
} }
else if(HashInstructions == false && CompareMemory->DataByte[0] == 0xFF && CompareMemory->DataByte[1] == 0x25 && CurrentInstructionSize == 6) else if(HashInstructions == false && CompareMemory->DataByte[0] == 0xFF && CompareMemory->DataByte[1] == 0x25 && CurrentInstructionSize == 6)
@ -130,7 +130,7 @@ static ULONG_PTR EngineGlobalTracerHandler1(HANDLE hProcess, ULONG_PTR AddressTo
} }
} }
/* /*
PUSH then RET (0x68 ???????? 0xC3) PUSH then RET (0x68 ???????? 0xC3)
*/ */
} }
else if(HashInstructions == false && CompareMemory->DataByte[0] == 0x68 && CompareMemory->DataByte[5] == 0xC3 && CurrentInstructionSize == 5) else if(HashInstructions == false && CompareMemory->DataByte[0] == 0x68 && CompareMemory->DataByte[5] == 0xC3 && CurrentInstructionSize == 5)
@ -170,7 +170,7 @@ static ULONG_PTR EngineGlobalTracerHandler1(HANDLE hProcess, ULONG_PTR AddressTo
} }
} }
/* /*
CALL (0xE8) CALL (0xE8)
*/ */
} }
else if(HashInstructions == true && CompareMemory->DataByte[0] == 0xE8 && CurrentInstructionSize == 5) else if(HashInstructions == true && CompareMemory->DataByte[0] == 0xE8 && CurrentInstructionSize == 5)
@ -178,14 +178,14 @@ static ULONG_PTR EngineGlobalTracerHandler1(HANDLE hProcess, ULONG_PTR AddressTo
SkipHashing = true; SkipHashing = true;
InstructionHash = EngineHashMemory((char*)&EmptyCall, CurrentInstructionSize, InstructionHash); InstructionHash = EngineHashMemory((char*)&EmptyCall, CurrentInstructionSize, InstructionHash);
/* /*
PUSH (0x68) PUSH (0x68)
*/ */
} }
else if(CompareMemory->DataByte[0] == 0x68 && CurrentInstructionSize == 5) else if(CompareMemory->DataByte[0] == 0x68 && CurrentInstructionSize == 5)
{ {
LastPushValue = (DWORD)(CompareMemory->DataByte[1] + CompareMemory->DataByte[2] * 0x1000 + CompareMemory->DataByte[3] * 0x100000 + CompareMemory->DataByte[4] * 0x10000000); LastPushValue = (DWORD)(CompareMemory->DataByte[1] + CompareMemory->DataByte[2] * 0x1000 + CompareMemory->DataByte[3] * 0x100000 + CompareMemory->DataByte[4] * 0x10000000);
/* /*
ADD BYTE PTR[AL],AL (0x00, 0x00) -> End of page! ADD BYTE PTR[AL],AL (0x00, 0x00) -> End of page!
*/ */
} }
else if(CompareMemory->DataByte[0] == 0x00 && CurrentInstructionSize == 2) else if(CompareMemory->DataByte[0] == 0x00 && CurrentInstructionSize == 2)
@ -193,7 +193,7 @@ static ULONG_PTR EngineGlobalTracerHandler1(HANDLE hProcess, ULONG_PTR AddressTo
FoundValidAPI = false; FoundValidAPI = false;
break; break;
/* /*
RET (0xC3) RET (0xC3)
*/ */
} }
else if(CompareMemory->DataByte[0] == 0xC3 && CurrentInstructionSize == 1) else if(CompareMemory->DataByte[0] == 0xC3 && CurrentInstructionSize == 1)
@ -201,7 +201,7 @@ static ULONG_PTR EngineGlobalTracerHandler1(HANDLE hProcess, ULONG_PTR AddressTo
NumberOfInstructions++; NumberOfInstructions++;
break; break;
/* /*
RET (0xC2) RET (0xC2)
*/ */
} }
else if(CompareMemory->DataByte[0] == 0xC2 && CurrentInstructionSize == 3) else if(CompareMemory->DataByte[0] == 0xC2 && CurrentInstructionSize == 3)
@ -209,7 +209,7 @@ static ULONG_PTR EngineGlobalTracerHandler1(HANDLE hProcess, ULONG_PTR AddressTo
NumberOfInstructions++; NumberOfInstructions++;
break; break;
/* /*
Short JUMP (0xEB) Short JUMP (0xEB)
*/ */
} }
else if(CompareMemory->DataByte[0] == 0xEB && CurrentInstructionSize == 2) else if(CompareMemory->DataByte[0] == 0xEB && CurrentInstructionSize == 2)
@ -217,48 +217,48 @@ static ULONG_PTR EngineGlobalTracerHandler1(HANDLE hProcess, ULONG_PTR AddressTo
TraceStartAddress = TraceStartAddress + CompareMemory->DataByte[1]; TraceStartAddress = TraceStartAddress + CompareMemory->DataByte[1];
SkipThisInstruction = true; SkipThisInstruction = true;
/* /*
CLC (0xF8) CLC (0xF8)
*/ */
} }
else if(CompareMemory->DataByte[0] == 0xF8 && CurrentInstructionSize == 1) else if(CompareMemory->DataByte[0] == 0xF8 && CurrentInstructionSize == 1)
{ {
SkipThisInstruction = true; SkipThisInstruction = true;
/* /*
STC (0xF9) STC (0xF9)
*/ */
} }
else if(CompareMemory->DataByte[0] == 0xF9 && CurrentInstructionSize == 1) else if(CompareMemory->DataByte[0] == 0xF9 && CurrentInstructionSize == 1)
{ {
SkipThisInstruction = true; SkipThisInstruction = true;
/* /*
NOP (0x90) NOP (0x90)
*/ */
} }
else if(CompareMemory->DataByte[0] == 0x90 && CurrentInstructionSize == 1) else if(CompareMemory->DataByte[0] == 0x90 && CurrentInstructionSize == 1)
{ {
SkipThisInstruction = true; SkipThisInstruction = true;
/* /*
FNOP (0xD9 0xD0) FNOP (0xD9 0xD0)
*/ */
} }
else if(CompareMemory->DataByte[0] == 0xD9 && CompareMemory->DataByte[1] == 0xD0 && CurrentInstructionSize == 2) else if(CompareMemory->DataByte[0] == 0xD9 && CompareMemory->DataByte[1] == 0xD0 && CurrentInstructionSize == 2)
{ {
SkipThisInstruction = true; SkipThisInstruction = true;
/* /*
Multiple MOV Multiple MOV
*/ */
} }
else if(CompareMemory->DataByte[0] >= 0x8A && CompareMemory->DataByte[0] <= 0x8B) else if(CompareMemory->DataByte[0] >= 0x8A && CompareMemory->DataByte[0] <= 0x8B)
{ {
/* /*
MOV EAX,EAX (0x8B 0xC8) MOV EAX,EAX (0x8B 0xC8)
*/ */
if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xC8 && CurrentInstructionSize == 2) if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xC8 && CurrentInstructionSize == 2)
{ {
SkipThisInstruction = true; SkipThisInstruction = true;
} }
/* /*
MOV EBX,EBX (0x8B 0xC9) MOV EBX,EBX (0x8B 0xC9)
*/ */
else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xC9 && CurrentInstructionSize == 2) else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xC9 && CurrentInstructionSize == 2)
{ {
@ -272,7 +272,7 @@ static ULONG_PTR EngineGlobalTracerHandler1(HANDLE hProcess, ULONG_PTR AddressTo
SkipThisInstruction = true; SkipThisInstruction = true;
} }
/* /*
MOV (0x8B 0xED) MOV (0x8B 0xED)
*/ */
else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xED && CurrentInstructionSize == 2) else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xED && CurrentInstructionSize == 2)
{ {
@ -280,7 +280,7 @@ static ULONG_PTR EngineGlobalTracerHandler1(HANDLE hProcess, ULONG_PTR AddressTo
} }
/* /*
MOV (0x8B 0xF6) MOV (0x8B 0xF6)
*/ */
else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xF6 && CurrentInstructionSize == 2) else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xF6 && CurrentInstructionSize == 2)
{ {
@ -301,98 +301,98 @@ static ULONG_PTR EngineGlobalTracerHandler1(HANDLE hProcess, ULONG_PTR AddressTo
SkipThisInstruction = true; SkipThisInstruction = true;
} }
/* /*
MOV EDI,EDI (0x8B 0xFF) MOV EDI,EDI (0x8B 0xFF)
*/ */
else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xFF && CurrentNumberOfInstructions != 1 && CurrentInstructionSize == 2) else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xFF && CurrentNumberOfInstructions != 1 && CurrentInstructionSize == 2)
{ {
SkipThisInstruction = true; SkipThisInstruction = true;
} }
/* /*
MOV AL,AL (0x8A 0xC0) MOV AL,AL (0x8A 0xC0)
*/ */
else if(CompareMemory->DataByte[0] == 0x8A && CompareMemory->DataByte[1] == 0xC0 && CurrentInstructionSize == 2) else if(CompareMemory->DataByte[0] == 0x8A && CompareMemory->DataByte[1] == 0xC0 && CurrentInstructionSize == 2)
{ {
SkipThisInstruction = true; SkipThisInstruction = true;
} }
/* /*
MOV BL,BL (0x8A 0xDB) MOV BL,BL (0x8A 0xDB)
*/ */
else if(CompareMemory->DataByte[0] == 0x8A && CompareMemory->DataByte[1] == 0xDB && CurrentInstructionSize == 2) else if(CompareMemory->DataByte[0] == 0x8A && CompareMemory->DataByte[1] == 0xDB && CurrentInstructionSize == 2)
{ {
SkipThisInstruction = true; SkipThisInstruction = true;
} }
/* /*
MOV CL,CL (0x8A 0xC9) MOV CL,CL (0x8A 0xC9)
*/ */
else if(CompareMemory->DataByte[0] == 0x8A && CompareMemory->DataByte[1] == 0xC9 && CurrentInstructionSize == 2) else if(CompareMemory->DataByte[0] == 0x8A && CompareMemory->DataByte[1] == 0xC9 && CurrentInstructionSize == 2)
{ {
SkipThisInstruction = true; SkipThisInstruction = true;
} }
/* /*
MOV (0x8A 0xD2) MOV (0x8A 0xD2)
*/ */
else if(CompareMemory->DataByte[0] == 0x8A && CompareMemory->DataByte[1] == 0xD2 && CurrentInstructionSize == 2) else if(CompareMemory->DataByte[0] == 0x8A && CompareMemory->DataByte[1] == 0xD2 && CurrentInstructionSize == 2)
{ {
SkipThisInstruction = true; SkipThisInstruction = true;
} }
/* /*
MOV (0x8A 0xE4) MOV (0x8A 0xE4)
*/ */
else if(CompareMemory->DataByte[0] == 0x8A && CompareMemory->DataByte[1] == 0xE4 && CurrentInstructionSize == 2) else if(CompareMemory->DataByte[0] == 0x8A && CompareMemory->DataByte[1] == 0xE4 && CurrentInstructionSize == 2)
{ {
SkipThisInstruction = true; SkipThisInstruction = true;
} }
/* /*
MOV (0x8A 0xED) MOV (0x8A 0xED)
*/ */
else if(CompareMemory->DataByte[0] == 0x8A && CompareMemory->DataByte[1] == 0xED && CurrentInstructionSize == 2) else if(CompareMemory->DataByte[0] == 0x8A && CompareMemory->DataByte[1] == 0xED && CurrentInstructionSize == 2)
{ {
SkipThisInstruction = true; SkipThisInstruction = true;
} }
/* /*
MOV (0x8A 0xFF) MOV (0x8A 0xFF)
*/ */
else if(CompareMemory->DataByte[0] == 0x8A && CompareMemory->DataByte[1] == 0xFF && CurrentInstructionSize == 2) else if(CompareMemory->DataByte[0] == 0x8A && CompareMemory->DataByte[1] == 0xFF && CurrentInstructionSize == 2)
{ {
SkipThisInstruction = true; SkipThisInstruction = true;
} }
/* /*
MOV (0x8A 0xF6) MOV (0x8A 0xF6)
*/ */
else if(CompareMemory->DataByte[0] == 0x8A && CompareMemory->DataByte[1] == 0xF6 && CurrentInstructionSize == 2) else if(CompareMemory->DataByte[0] == 0x8A && CompareMemory->DataByte[1] == 0xF6 && CurrentInstructionSize == 2)
{ {
SkipThisInstruction = true; SkipThisInstruction = true;
} }
/* /*
MOV AX,AX (0x8B 0xC0) MOV AX,AX (0x8B 0xC0)
*/ */
else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xC0 && CurrentInstructionSize == 2) else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xC0 && CurrentInstructionSize == 2)
{ {
SkipThisInstruction = true; SkipThisInstruction = true;
} }
/* /*
MOV (0x8B 0xDB) MOV (0x8B 0xDB)
*/ */
else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xDB && CurrentInstructionSize == 2) else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xDB && CurrentInstructionSize == 2)
{ {
SkipThisInstruction = true; SkipThisInstruction = true;
} }
/* /*
MOV (0x8B 0xC9) MOV (0x8B 0xC9)
*/ */
else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xC9 && CurrentInstructionSize == 2) else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xC9 && CurrentInstructionSize == 2)
{ {
SkipThisInstruction = true; SkipThisInstruction = true;
} }
/* /*
MOV (0x8B 0xF6) MOV (0x8B 0xF6)
*/ */
else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xF6 && CurrentInstructionSize == 2) else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xF6 && CurrentInstructionSize == 2)
{ {
SkipThisInstruction = true; SkipThisInstruction = true;
} }
/* /*
MOV (0x8B 0xED) MOV (0x8B 0xED)
*/ */
else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xED && CurrentInstructionSize == 2) else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xED && CurrentInstructionSize == 2)
{ {
@ -400,27 +400,27 @@ static ULONG_PTR EngineGlobalTracerHandler1(HANDLE hProcess, ULONG_PTR AddressTo
} }
} }
/* /*
RDTSC (0x0F 0x31) RDTSC (0x0F 0x31)
*/ */
else if(CompareMemory->DataByte[0] == 0x0F && CompareMemory->DataByte[1] == 0x31 && CurrentInstructionSize == 2) else if(CompareMemory->DataByte[0] == 0x0F && CompareMemory->DataByte[1] == 0x31 && CurrentInstructionSize == 2)
{ {
SkipThisInstruction = true; SkipThisInstruction = true;
/* /*
CPUID (0x0F 0xA2) CPUID (0x0F 0xA2)
*/ */
} }
else if(CompareMemory->DataByte[0] == 0x0F && CompareMemory->DataByte[1] == 0xA2 && CurrentInstructionSize == 2) else if(CompareMemory->DataByte[0] == 0x0F && CompareMemory->DataByte[1] == 0xA2 && CurrentInstructionSize == 2)
{ {
SkipThisInstruction = true; SkipThisInstruction = true;
/* /*
XCHG EAX,EAX (0x87 0xC0) XCHG EAX,EAX (0x87 0xC0)
*/ */
} }
else if(CompareMemory->DataByte[0] == 0x87 && CompareMemory->DataByte[1] == 0xC0 && CurrentInstructionSize == 2) else if(CompareMemory->DataByte[0] == 0x87 && CompareMemory->DataByte[1] == 0xC0 && CurrentInstructionSize == 2)
{ {
SkipThisInstruction = true; SkipThisInstruction = true;
/* /*
SHL EAX,0 - SHL EDI,0 && SHR EAX,0 - SHR EDI,0 SHL EAX,0 - SHL EDI,0 && SHR EAX,0 - SHR EDI,0
*/ */
} }
else if(CompareMemory->DataByte[0] == 0xC1 && CurrentInstructionSize == 3) else if(CompareMemory->DataByte[0] == 0xC1 && CurrentInstructionSize == 3)
@ -430,7 +430,7 @@ static ULONG_PTR EngineGlobalTracerHandler1(HANDLE hProcess, ULONG_PTR AddressTo
SkipThisInstruction = true; SkipThisInstruction = true;
} }
/* /*
ROR EAX,0 - ROR EDI,0 && ROL EAX,0 - ROL EDI,0 ROR EAX,0 - ROR EDI,0 && ROL EAX,0 - ROL EDI,0
*/ */
} }
else if(CompareMemory->DataByte[0] == 0xC1 && CurrentInstructionSize == 3) else if(CompareMemory->DataByte[0] == 0xC1 && CurrentInstructionSize == 3)
@ -440,7 +440,7 @@ static ULONG_PTR EngineGlobalTracerHandler1(HANDLE hProcess, ULONG_PTR AddressTo
SkipThisInstruction = true; SkipThisInstruction = true;
} }
/* /*
LEA EAX,DWORD PTR[EAX] -> LEA EDI,DWORD PTR[EDI] LEA EAX,DWORD PTR[EAX] -> LEA EDI,DWORD PTR[EDI]
*/ */
} }
else if(CompareMemory->DataByte[0] == 0x8D && CurrentInstructionSize == 2) else if(CompareMemory->DataByte[0] == 0x8D && CurrentInstructionSize == 2)
@ -527,7 +527,7 @@ static ULONG_PTR EngineGlobalTracerHandler1(HANDLE hProcess, ULONG_PTR AddressTo
// TitanEngine.Tracer.functions: // TitanEngine.Tracer.functions:
__declspec(dllexport) void TITCALL TracerInit() __declspec(dllexport) void TITCALL TracerInit()
{ {
return; // UE 1.5 compatibility mode return; // UE 1.5 compatibility mode
} }
__declspec(dllexport) ULONG_PTR TITCALL TracerLevel1(HANDLE hProcess, ULONG_PTR AddressToTrace) __declspec(dllexport) ULONG_PTR TITCALL TracerLevel1(HANDLE hProcess, ULONG_PTR AddressToTrace)
@ -707,7 +707,7 @@ __declspec(dllexport) ULONG_PTR TITCALL HashTracerLevel1(HANDLE hProcess, ULONG_
__declspec(dllexport) long TITCALL TracerDetectRedirection(HANDLE hProcess, ULONG_PTR AddressToTrace) __declspec(dllexport) long TITCALL TracerDetectRedirection(HANDLE hProcess, ULONG_PTR AddressToTrace)
{ {
int i,j; int i, j;
MEMORY_BASIC_INFORMATION MemInfo; MEMORY_BASIC_INFORMATION MemInfo;
DWORD KnownRedirectionIndex = NULL; DWORD KnownRedirectionIndex = NULL;
ULONG_PTR ueNumberOfBytesRead = NULL; ULONG_PTR ueNumberOfBytesRead = NULL;
@ -744,224 +744,224 @@ __declspec(dllexport) long TITCALL TracerDetectRedirection(HANDLE hProcess, ULON
cMem = (PMEMORY_CMP_HANDLER)TraceMemory; cMem = (PMEMORY_CMP_HANDLER)TraceMemory;
if(cMem->DataByte[0] == 0xEB && cMem->DataByte[1] == 0x01 && ((cMem->DataByte[3] >= 0x50 && cMem->DataByte[3] <= 0x5F) || cMem->DataByte[3] == 0x6A || cMem->DataByte[3] == 0x68)) if(cMem->DataByte[0] == 0xEB && cMem->DataByte[1] == 0x01 && ((cMem->DataByte[3] >= 0x50 && cMem->DataByte[3] <= 0x5F) || cMem->DataByte[3] == 0x6A || cMem->DataByte[3] == 0x68))
{ {
KnownRedirectionIndex = NULL; // ; PeX 0.99 fail safe! KnownRedirectionIndex = NULL; // ; PeX 0.99 fail safe!
} }
else if(cMem->DataByte[0] == 0x68 && cMem->DataByte[5] == 0x81 && cMem->DataByte[12] == 0xC3) else if(cMem->DataByte[0] == 0x68 && cMem->DataByte[5] == 0x81 && cMem->DataByte[12] == 0xC3)
{ {
KnownRedirectionIndex = 1; // ; RLP 0.7.4 & CryptoPeProtector 0.9.x & ACProtect KnownRedirectionIndex = 1; // ; RLP 0.7.4 & CryptoPeProtector 0.9.x & ACProtect
/* ;$ ==> > 68 904B4013 PUSH 13404B90 /* ;$ ==> > 68 904B4013 PUSH 13404B90
;$+5 > 812C24 0A9E589B SUB DWORD PTR SS:[ESP],9B589E0A ;$+5 > 812C24 0A9E589B SUB DWORD PTR SS:[ESP],9B589E0A
;$+C > C3 RET ;$+C > C3 RET
;$+D > 68 E21554DF PUSH DF5415E2 ;$+D > 68 E21554DF PUSH DF5415E2
;$+12 > 813424 B6DCB2A8 XOR DWORD PTR SS:[ESP],A8B2DCB6 ;$+12 > 813424 B6DCB2A8 XOR DWORD PTR SS:[ESP],A8B2DCB6
;$+19 > C3 RET ;$+19 > C3 RET
;$+1A > 68 34B2C6B1 PUSH B1C6B234 ;$+1A > 68 34B2C6B1 PUSH B1C6B234
;$+1F > 810424 4A2C21C6 ADD DWORD PTR SS:[ESP],C6212C4A ;$+1F > 810424 4A2C21C6 ADD DWORD PTR SS:[ESP],C6212C4A
;$+26 > C3 RET */ ;$+26 > C3 RET */
} }
else if(cMem->DataByte[0] == 0xFF && cMem->DataByte[1] == 0x25) else if(cMem->DataByte[0] == 0xFF && cMem->DataByte[1] == 0x25)
{ {
KnownRedirectionIndex = 2; // ; tELock 0.80 - 0.85 KnownRedirectionIndex = 2; // ; tELock 0.80 - 0.85
// ;$ ==> >- FF25 48018E00 JMP NEAR DWORD PTR DS:[8E0148] // ;$ ==> >- FF25 48018E00 JMP NEAR DWORD PTR DS:[8E0148]
} }
else if((cMem->DataByte[0] == 0xFF && cMem->DataByte[1] == 0x35) || (cMem->DataByte[1] == 0xFF && cMem->DataByte[2] == 0x35) && (cMem->DataByte[8] == 0xC3 || cMem->DataByte[9] == 0xC3)) else if((cMem->DataByte[0] == 0xFF && cMem->DataByte[1] == 0x35) || (cMem->DataByte[1] == 0xFF && cMem->DataByte[2] == 0x35) && (cMem->DataByte[8] == 0xC3 || cMem->DataByte[9] == 0xC3))
{ {
KnownRedirectionIndex = 3; // ; tELock 0.90 - 0.95 KnownRedirectionIndex = 3; // ; tELock 0.90 - 0.95
/* ;$ ==> > FF35 AE018E00 PUSH DWORD PTR DS:[8E01AE] ; kernel32.InitializeCriticalSection /* ;$ ==> > FF35 AE018E00 PUSH DWORD PTR DS:[8E01AE] ; kernel32.InitializeCriticalSection
;$+6 > A8 C3 TEST AL,0C3 ;$+6 > A8 C3 TEST AL,0C3
;$+8 > C3 RET ;$+8 > C3 RET
;$+9 > F9 STC ;$+9 > F9 STC
;$+A > FF35 B2018E00 PUSH DWORD PTR DS:[8E01B2] ; kernel32.VirtualFree ;$+A > FF35 B2018E00 PUSH DWORD PTR DS:[8E01B2] ; kernel32.VirtualFree
;$+10 > 80FA C3 CMP DL,0C3 ;$+10 > 80FA C3 CMP DL,0C3
;$+13 > C3 RET */ ;$+13 > C3 RET */
} }
else if(cMem->DataByte[0] == 0xEB && cMem->DataByte[1] == 0x01 && cMem->DataByte[2] == 0xC9 && cMem->DataByte[3] == 0x60 && cMem->DataByte[4] == 0x0F && cMem->DataByte[5] == 0x31) else if(cMem->DataByte[0] == 0xEB && cMem->DataByte[1] == 0x01 && cMem->DataByte[2] == 0xC9 && cMem->DataByte[3] == 0x60 && cMem->DataByte[4] == 0x0F && cMem->DataByte[5] == 0x31)
{ {
KnownRedirectionIndex = 8; // ; AlexProtector 1.x KnownRedirectionIndex = 8; // ; AlexProtector 1.x
/* ;$ ==> > /EB 01 JMP SHORT 008413F9 /* ;$ ==> > /EB 01 JMP SHORT 008413F9
;$+2 > |C9 LEAVE ;$+2 > |C9 LEAVE
;$+3 > \60 PUSHAD ;$+3 > \60 PUSHAD
;$+4 > 0F31 RDTSC ;$+4 > 0F31 RDTSC
;$+6 > EB 01 JMP SHORT 008413FF ;$+6 > EB 01 JMP SHORT 008413FF
;$+8 > C9 LEAVE ;$+8 > C9 LEAVE
;$+9 > 8BD8 MOV EBX,EAX ;$+9 > 8BD8 MOV EBX,EAX
;$+B > EB 01 JMP SHORT 00841404 ;$+B > EB 01 JMP SHORT 00841404
;... ;...
;$+33 > 68 E9B9D477 PUSH USER32.PostQuitMessage ;$+33 > 68 E9B9D477 PUSH USER32.PostQuitMessage
;$+38 > EB 01 JMP SHORT 00841431 ;$+38 > EB 01 JMP SHORT 00841431
;$+3A >- E9 C3EB01E9 JMP E985FFF8 */ ;$+3A >- E9 C3EB01E9 JMP E985FFF8 */
} }
else if((cMem->DataByte[0] == 0x0B && cMem->DataByte[1] == 0xC5) || (cMem->DataByte[0] == 0x05 && cMem->DataByte[5] == 0xB8 && cMem->DataByte[10] == 0xEB && cMem->DataByte[11] == 0x02)) else if((cMem->DataByte[0] == 0x0B && cMem->DataByte[1] == 0xC5) || (cMem->DataByte[0] == 0x05 && cMem->DataByte[5] == 0xB8 && cMem->DataByte[10] == 0xEB && cMem->DataByte[11] == 0x02))
{ {
KnownRedirectionIndex = 5; // ; tELock 0.99 - 1.0 Private! KnownRedirectionIndex = 5; // ; tELock 0.99 - 1.0 Private!
/* ;008E0122 05 F9DEBE71 ADD EAX,71BEDEF9 /* ;008E0122 05 F9DEBE71 ADD EAX,71BEDEF9
;008E0127 B8 28018E00 MOV EAX,8E0128 ;008E0127 B8 28018E00 MOV EAX,8E0128
;008E012C EB 02 JMP SHORT 008E0130 ;008E012C EB 02 JMP SHORT 008E0130
;008E012E CD 20 INT 20 ;008E012E CD 20 INT 20
;008E0130 05 18000000 ADD EAX,18 ;008E0130 05 18000000 ADD EAX,18
;008E0135 8B00 MOV EAX,DWORD PTR DS:[EAX] ;008E0135 8B00 MOV EAX,DWORD PTR DS:[EAX]
;008E0137 35 22018E00 XOR EAX,8E0122 ;008E0137 35 22018E00 XOR EAX,8E0122
;008E013C 90 NOP ;008E013C 90 NOP
;008E013D 90 NOP ;008E013D 90 NOP
;008E013E 50 PUSH EAX ;008E013E 50 PUSH EAX
;008E013F C3 RET ;008E013F C3 RET
; ;
;00850036 13C4 ADC EAX,ESP ;00850036 13C4 ADC EAX,ESP
;00850038 E8 0A000000 CALL 00850047 ;00850038 E8 0A000000 CALL 00850047
;0085003D 90 NOP ;0085003D 90 NOP
;0085003E 1BC2 SBB EAX,EDX ;0085003E 1BC2 SBB EAX,EDX
;00850040 E9 09000000 JMP 0085004E ;00850040 E9 09000000 JMP 0085004E
;00850045 1BC3 SBB EAX,EBX ;00850045 1BC3 SBB EAX,EBX
;00850047 83F8 74 CMP EAX,74 ;00850047 83F8 74 CMP EAX,74
;0085004A C3 RET ;0085004A C3 RET
;0085004B 98 CWDE ;0085004B 98 CWDE
;0085004C 33C7 XOR EAX,EDI ;0085004C 33C7 XOR EAX,EDI
;0085004E D6 SALC ;0085004E D6 SALC
;0085004F B8 50008500 MOV EAX,850050 ;0085004F B8 50008500 MOV EAX,850050
;00850054 EB 02 JMP SHORT 00850058 ;00850054 EB 02 JMP SHORT 00850058
;00850056 CD 20 INT 20 ;00850056 CD 20 INT 20
;00850058 05 18000000 ADD EAX,18 ;00850058 05 18000000 ADD EAX,18
;0085005D 8B00 MOV EAX,DWORD PTR DS:[EAX] ;0085005D 8B00 MOV EAX,DWORD PTR DS:[EAX]
;0085005F 35 36008500 XOR EAX,850036 ;0085005F 35 36008500 XOR EAX,850036
;00850064 90 NOP ;00850064 90 NOP
;00850065 90 NOP ;00850065 90 NOP
;00850066 50 PUSH EAX ;00850066 50 PUSH EAX
;00850067 C3 RET */ ;00850067 C3 RET */
} }
else if((cMem->DataByte[0] == 0x13 && cMem->DataByte[1] == 0xC4 && cMem->DataByte[2] == 0xE8) || (cMem->DataByte[0] == 0x83 && cMem->DataByte[3] == 0xE8)) else if((cMem->DataByte[0] == 0x13 && cMem->DataByte[1] == 0xC4 && cMem->DataByte[2] == 0xE8) || (cMem->DataByte[0] == 0x83 && cMem->DataByte[3] == 0xE8))
{ {
KnownRedirectionIndex = 5; // ; tELock 0.99 - 1.0 Private! KnownRedirectionIndex = 5; // ; tELock 0.99 - 1.0 Private!
} }
else if((cMem->DataByte[0] == 0xB8 || cMem->DataByte[0] == 0x1D || cMem->DataByte[0] == 0x0D || cMem->DataByte[0] == 0x2D) && cMem->DataByte[5] == 0xB8 && cMem->DataByte[10] == 0xEB && cMem->DataByte[11] == 0x02) else if((cMem->DataByte[0] == 0xB8 || cMem->DataByte[0] == 0x1D || cMem->DataByte[0] == 0x0D || cMem->DataByte[0] == 0x2D) && cMem->DataByte[5] == 0xB8 && cMem->DataByte[10] == 0xEB && cMem->DataByte[11] == 0x02)
{ {
KnownRedirectionIndex = 5; // ; tELock 0.99 - 1.0 Private! KnownRedirectionIndex = 5; // ; tELock 0.99 - 1.0 Private!
/* ;011F0000 B8 2107F205 MOV EAX,5F20721 /* ;011F0000 B8 2107F205 MOV EAX,5F20721
;011F0005 B8 06008D00 MOV EAX,8D0006 ;011F0005 B8 06008D00 MOV EAX,8D0006
;011F000A EB 02 JMP SHORT 011F000E ;011F000A EB 02 JMP SHORT 011F000E
;011F000C CD 20 INT 20 ;011F000C CD 20 INT 20
;011F000E 05 18000000 ADD EAX,18 ;011F000E 05 18000000 ADD EAX,18
;011F0013 8B00 MOV EAX,DWORD PTR DS:[EAX] ;011F0013 8B00 MOV EAX,DWORD PTR DS:[EAX]
;011F0015 35 00008D00 XOR EAX,8D0000 ;011F0015 35 00008D00 XOR EAX,8D0000
;011F001A 90 NOP ;011F001A 90 NOP
;011F001B 90 NOP ;011F001B 90 NOP
;011F001C 50 PUSH EAX ;011F001C 50 PUSH EAX
;011F001D C3 RET ;011F001D C3 RET
; ;
;01360000 1D A508F205 SBB EAX,5F208A5 ;01360000 1D A508F205 SBB EAX,5F208A5
;01360005 B8 28008D00 MOV EAX,8D0028 ;01360005 B8 28008D00 MOV EAX,8D0028
;0136000A EB 02 JMP SHORT 0136000E ;0136000A EB 02 JMP SHORT 0136000E
;0136000C CD 20 INT 20 ;0136000C CD 20 INT 20
;0136000E 05 18000000 ADD EAX,18 ;0136000E 05 18000000 ADD EAX,18
;01360013 8B00 MOV EAX,DWORD PTR DS:[EAX] ;01360013 8B00 MOV EAX,DWORD PTR DS:[EAX]
;01360015 35 22008D00 XOR EAX,8D0022 ;01360015 35 22008D00 XOR EAX,8D0022
;0136001A 90 NOP ;0136001A 90 NOP
;0136001B 90 NOP ;0136001B 90 NOP
;0136001C 50 PUSH EAX ;0136001C 50 PUSH EAX
;0136001D C3 RET ;0136001D C3 RET
; ;
;014B0000 0D F918F205 OR EAX,5F218F9 ;014B0000 0D F918F205 OR EAX,5F218F9
;014B0005 B8 4A008D00 MOV EAX,8D004A ;014B0005 B8 4A008D00 MOV EAX,8D004A
;014B000A EB 02 JMP SHORT 014B000E ;014B000A EB 02 JMP SHORT 014B000E
;014B000C CD 20 INT 20 ;014B000C CD 20 INT 20
;014B000E 05 18000000 ADD EAX,18 ;014B000E 05 18000000 ADD EAX,18
;014B0013 8B00 MOV EAX,DWORD PTR DS:[EAX] ;014B0013 8B00 MOV EAX,DWORD PTR DS:[EAX]
;014B0015 35 44008D00 XOR EAX,8D0044 ;014B0015 35 44008D00 XOR EAX,8D0044
;014B001A 90 NOP ;014B001A 90 NOP
;014B001B 90 NOP ;014B001B 90 NOP
;014B001C 50 PUSH EAX ;014B001C 50 PUSH EAX
;014B001D C3 RET ;014B001D C3 RET
; ;
;01750000 2D 0B37F205 SUB EAX,5F2370B ;01750000 2D 0B37F205 SUB EAX,5F2370B
;01750005 B8 8E008D00 MOV EAX,8D008E ;01750005 B8 8E008D00 MOV EAX,8D008E
;0175000A EB 02 JMP SHORT 0175000E ;0175000A EB 02 JMP SHORT 0175000E
;0175000C CD 20 INT 20 ;0175000C CD 20 INT 20
;0175000E 05 18000000 ADD EAX,18 ;0175000E 05 18000000 ADD EAX,18
;01750013 8B00 MOV EAX,DWORD PTR DS:[EAX] ;01750013 8B00 MOV EAX,DWORD PTR DS:[EAX]
;01750015 35 88008D00 XOR EAX,8D0088 ;01750015 35 88008D00 XOR EAX,8D0088
;0175001A 90 NOP ;0175001A 90 NOP
;0175001B 90 NOP ;0175001B 90 NOP
;0175001C 50 PUSH EAX ;0175001C 50 PUSH EAX
;0175001D C3 RET ;0175001D C3 RET
; ;
;019F0000 0BC4 OR EAX,ESP ;019F0000 0BC4 OR EAX,ESP
;019F0002 F9 STC ;019F0002 F9 STC
;019F0003 E8 0B000000 CALL 019F0013 ;019F0003 E8 0B000000 CALL 019F0013
;019F0008 90 NOP ;019F0008 90 NOP
;019F0009 13C4 ADC EAX,ESP ;019F0009 13C4 ADC EAX,ESP
;019F000B E9 0A000000 JMP 019F001A ;019F000B E9 0A000000 JMP 019F001A
;019F0010 F9 STC ;019F0010 F9 STC
;019F0011 13C3 ADC EAX,EBX ;019F0011 13C3 ADC EAX,EBX
;019F0013 98 CWDE ;019F0013 98 CWDE
;019F0014 03C2 ADD EAX,EDX ;019F0014 03C2 ADD EAX,EDX
;019F0016 C3 RET ;019F0016 C3 RET
; ;
;01B40000 48 DEC EAX ;01B40000 48 DEC EAX
;01B40001 E8 0D000000 CALL 01B40013 ;01B40001 E8 0D000000 CALL 01B40013
;01B40006 03C5 ADD EAX,EBP ;01B40006 03C5 ADD EAX,EBP
;01B40008 FC CLD ;01B40008 FC CLD
;01B40009 E9 0A000000 JMP 01B40018 ;01B40009 E9 0A000000 JMP 01B40018
;01B4000E 35 D82FF205 XOR EAX,5F22FD8 ;01B4000E 35 D82FF205 XOR EAX,5F22FD8
;01B40013 C1C8 9A ROR EAX,9A ;01B40013 C1C8 9A ROR EAX,9A
;01B40016 C3 RET */ ;01B40016 C3 RET */
} }
else if((cMem->DataByte[0] == 0x0B && cMem->DataByte[1] == 0xC4 && cMem->DataByte[2] == 0xF9 && cMem->DataByte[3] == 0xE8) || (cMem->DataByte[0] == 0x48 && cMem->DataByte[1] == 0xE8)) else if((cMem->DataByte[0] == 0x0B && cMem->DataByte[1] == 0xC4 && cMem->DataByte[2] == 0xF9 && cMem->DataByte[3] == 0xE8) || (cMem->DataByte[0] == 0x48 && cMem->DataByte[1] == 0xE8))
{ {
KnownRedirectionIndex = 5; // ; tELock 0.99 - 1.0 Private! KnownRedirectionIndex = 5; // ; tELock 0.99 - 1.0 Private!
} }
else if((cMem->DataByte[0] == 0xB8 && cMem->DataByte[5] == 0xE8 && cMem->DataByte[10] == 0xF9 && cMem->DataByte[11] == 0xE9) && (cMem->DataByte[0] == 0xE8 && cMem->DataByte[1] == 0x0B && cMem->DataByte[10] == 0xE9 && cMem->DataByte[11] == 0x05 && cMem->DataByte[15] == 0x90 && cMem->DataByte[16] == 0xC3)) else if((cMem->DataByte[0] == 0xB8 && cMem->DataByte[5] == 0xE8 && cMem->DataByte[10] == 0xF9 && cMem->DataByte[11] == 0xE9) && (cMem->DataByte[0] == 0xE8 && cMem->DataByte[1] == 0x0B && cMem->DataByte[10] == 0xE9 && cMem->DataByte[11] == 0x05 && cMem->DataByte[15] == 0x90 && cMem->DataByte[16] == 0xC3))
{ {
KnownRedirectionIndex = 5; // ; tELock 0.99 - 1.0 Private! KnownRedirectionIndex = 5; // ; tELock 0.99 - 1.0 Private!
/* ;01C90000 B8 B853F205 MOV EAX,5F253B8 /* ;01C90000 B8 B853F205 MOV EAX,5F253B8
;01C90005 E8 07000000 CALL 01C90011 ;01C90005 E8 07000000 CALL 01C90011
;01C9000A F9 STC ;01C9000A F9 STC
;01C9000B E9 07000000 JMP 01C90017 ;01C9000B E9 07000000 JMP 01C90017
;01C90010 90 NOP ;01C90010 90 NOP
;01C90011 23C3 AND EAX,EBX ;01C90011 23C3 AND EAX,EBX
;01C90013 C3 RET ;01C90013 C3 RET
; ;
;00A40022 1BC2 SBB EAX,EDX ;00A40022 1BC2 SBB EAX,EDX
;00A40024 E8 08000000 CALL 00A40031 ;00A40024 E8 08000000 CALL 00A40031
;00A40029 40 INC EAX ;00A40029 40 INC EAX
;00A4002A E9 09000000 JMP 00A40038 ;00A4002A E9 09000000 JMP 00A40038
;00A4002F 33C7 XOR EAX,EDI ;00A4002F 33C7 XOR EAX,EDI
;00A40031 C1E8 92 SHR EAX,92 ;00A40031 C1E8 92 SHR EAX,92
;00A40034 C3 RET ;00A40034 C3 RET
;00A40035 83E0 25 AND EAX,25 ;00A40035 83E0 25 AND EAX,25
;00A40038 25 E5AE65DD AND EAX,DD65AEE5 ;00A40038 25 E5AE65DD AND EAX,DD65AEE5
;00A4003D B8 3E00A400 MOV EAX,0A4003E ;00A4003D B8 3E00A400 MOV EAX,0A4003E
;00A40042 EB 02 JMP SHORT 00A40046 ;00A40042 EB 02 JMP SHORT 00A40046
;00A40044 CD 20 INT 20 ;00A40044 CD 20 INT 20
;00A40046 05 18000000 ADD EAX,18 ;00A40046 05 18000000 ADD EAX,18
;00A4004B 8B00 MOV EAX,DWORD PTR DS:[EAX] ;00A4004B 8B00 MOV EAX,DWORD PTR DS:[EAX]
;00A4004D 35 2200A400 XOR EAX,0A40022 ;00A4004D 35 2200A400 XOR EAX,0A40022
;00A40052 90 NOP ;00A40052 90 NOP
;00A40053 90 NOP ;00A40053 90 NOP
;00A40054 50 PUSH EAX ;00A40054 50 PUSH EAX
;00A40055 C3 RET ;00A40055 C3 RET
; ;
;00A4005A E8 0B000000 CALL 00A4006A ;00A4005A E8 0B000000 CALL 00A4006A
;00A4005F 15 06F265DD ADC EAX,DD65F206 ;00A4005F 15 06F265DD ADC EAX,DD65F206
;00A40064 E9 05000000 JMP 00A4006E ;00A40064 E9 05000000 JMP 00A4006E
;00A40069 90 NOP ;00A40069 90 NOP
;00A4006A C3 RET ;00A4006A C3 RET
;00A4006B 1BC5 SBB EAX,EBP ;00A4006B 1BC5 SBB EAX,EBP
;00A4006D 40 INC EAX ;00A4006D 40 INC EAX
;00A4006E 1BC0 SBB EAX,EAX ;00A4006E 1BC0 SBB EAX,EAX
;00A40070 F9 STC ;00A40070 F9 STC
;00A40071 B8 7200A400 MOV EAX,0A40072 ;00A40071 B8 7200A400 MOV EAX,0A40072
;00A40076 EB 02 JMP SHORT 00A4007A ;00A40076 EB 02 JMP SHORT 00A4007A
;00A40078 CD 20 INT 20 ;00A40078 CD 20 INT 20
;00A4007A 05 18000000 ADD EAX,18 ;00A4007A 05 18000000 ADD EAX,18
;00A4007F 8B00 MOV EAX,DWORD PTR DS:[EAX] ;00A4007F 8B00 MOV EAX,DWORD PTR DS:[EAX]
;00A40081 35 5A00A400 XOR EAX,0A4005A ;00A40081 35 5A00A400 XOR EAX,0A4005A
;00A40086 90 NOP ;00A40086 90 NOP
;00A40087 90 NOP ;00A40087 90 NOP
;00A40088 50 PUSH EAX ;00A40088 50 PUSH EAX
;00A40089 C3 RET */ ;00A40089 C3 RET */
} }
else if(cMem->DataByte[0] == 0x1B && cMem->DataByte[1] == 0xC2 && cMem->DataByte[2] == 0xE8 && cMem->DataByte[3] == 0x08 && cMem->DataByte[7] == 0x40 && cMem->DataByte[8] == 0xE9 && cMem->DataByte[9] == 0x09 && cMem->DataByte[10] == 0x00) else if(cMem->DataByte[0] == 0x1B && cMem->DataByte[1] == 0xC2 && cMem->DataByte[2] == 0xE8 && cMem->DataByte[3] == 0x08 && cMem->DataByte[7] == 0x40 && cMem->DataByte[8] == 0xE9 && cMem->DataByte[9] == 0x09 && cMem->DataByte[10] == 0x00)
{ {
KnownRedirectionIndex = 5; // ; tELock 0.99 - 1.0 Private! KnownRedirectionIndex = 5; // ; tELock 0.99 - 1.0 Private!
} }
else if(cMem->DataByte[0] == 0x68 && cMem->DataByte[5] == 0xE9) else if(cMem->DataByte[0] == 0x68 && cMem->DataByte[5] == 0xE9)
{ {
@ -970,15 +970,15 @@ __declspec(dllexport) long TITCALL TracerDetectRedirection(HANDLE hProcess, ULON
{ {
if(ImporterGetAPIName((ULONG_PTR)TestAddressX86) != NULL) if(ImporterGetAPIName((ULONG_PTR)TestAddressX86) != NULL)
{ {
KnownRedirectionIndex = 6; // ; ReCrypt 0.74 KnownRedirectionIndex = 6; // ; ReCrypt 0.74
/* ;001739F1 68 E9D9D477 PUSH User32.EndDialog /* ;001739F1 68 E9D9D477 PUSH User32.EndDialog
;001739F6 ^ E9 FDFEFFFF JMP 001738F8 */ ;001739F6 ^ E9 FDFEFFFF JMP 001738F8 */
} }
} }
} }
else if((cMem->DataByte[0] == 0xE8 && cMem->DataByte[5] == 0x58 && cMem->DataByte[6] == 0xEB && cMem->DataByte[7] == 0x01) || (cMem->DataByte[0] == 0xC8 && cMem->DataByte[4] == 0xE8 && cMem->DataByte[9] == 0x5B)) else if((cMem->DataByte[0] == 0xE8 && cMem->DataByte[5] == 0x58 && cMem->DataByte[6] == 0xEB && cMem->DataByte[7] == 0x01) || (cMem->DataByte[0] == 0xC8 && cMem->DataByte[4] == 0xE8 && cMem->DataByte[9] == 0x5B))
{ {
KnownRedirectionIndex = 7; // ; Orien 2.1x KnownRedirectionIndex = 7; // ; Orien 2.1x
/* ;GetCommandLineA /* ;GetCommandLineA
;$ ==> >/$ E8 00000000 CALL crackme_.0040DF8F ;$ ==> >/$ E8 00000000 CALL crackme_.0040DF8F
;$+5 >|$ 58 POP EAX ;$+5 >|$ 58 POP EAX
@ -1044,7 +1044,7 @@ __declspec(dllexport) long TITCALL TracerDetectRedirection(HANDLE hProcess, ULON
} }
else if((cMem->DataByte[0] == 0xEB && cMem->DataByte[1] == 0x01 && cMem->DataByte[2] == 0x66 && cMem->DataByte[3] == 0x1B) || (cMem->DataByte[0] == 0xEB && cMem->DataByte[1] == 0x02 && cMem->DataByte[2] == 0xCD && cMem->DataByte[3] == 0x20) || (cMem->DataByte[0] == 0xEB && cMem->DataByte[1] == 0x01 && cMem->DataByte[2] == 0xB8 && cMem->DataByte[3] == 0xEB)) else if((cMem->DataByte[0] == 0xEB && cMem->DataByte[1] == 0x01 && cMem->DataByte[2] == 0x66 && cMem->DataByte[3] == 0x1B) || (cMem->DataByte[0] == 0xEB && cMem->DataByte[1] == 0x02 && cMem->DataByte[2] == 0xCD && cMem->DataByte[3] == 0x20) || (cMem->DataByte[0] == 0xEB && cMem->DataByte[1] == 0x01 && cMem->DataByte[2] == 0xB8 && cMem->DataByte[3] == 0xEB))
{ {
KnownRedirectionIndex = 4; // ; tELock 0.96 - 0.98 KnownRedirectionIndex = 4; // ; tELock 0.96 - 0.98
/* ;(BYTE PTR[ESI] == 0EBh && (BYTE PTR[ESI+3] == 0EBh || BYTE PTR[ESI+2] == 0EBh)) /* ;(BYTE PTR[ESI] == 0EBh && (BYTE PTR[ESI+3] == 0EBh || BYTE PTR[ESI+2] == 0EBh))
;017B0000 0BE4 OR ESP,ESP ;017B0000 0BE4 OR ESP,ESP
;017B0002 75 01 JNZ SHORT 017B0005 ;017B0002 75 01 JNZ SHORT 017B0005
@ -1067,11 +1067,11 @@ __declspec(dllexport) long TITCALL TracerDetectRedirection(HANDLE hProcess, ULON
} }
else if((cMem->DataByte[0] == 0xEB && cMem->DataByte[1] == 0x03 && cMem->DataByte[2] == 0xFF && cMem->DataByte[3] == 0xEB) || (cMem->DataByte[0] == 0xEB && cMem->DataByte[1] == 0x01 && cMem->DataByte[2] == 0xB8 && cMem->DataByte[3] == 0x05) || (cMem->DataByte[0] == 0xEB && cMem->DataByte[1] == 0x02 && cMem->DataByte[2] == 0xFF && cMem->DataByte[3] == 0x20)) else if((cMem->DataByte[0] == 0xEB && cMem->DataByte[1] == 0x03 && cMem->DataByte[2] == 0xFF && cMem->DataByte[3] == 0xEB) || (cMem->DataByte[0] == 0xEB && cMem->DataByte[1] == 0x01 && cMem->DataByte[2] == 0xB8 && cMem->DataByte[3] == 0x05) || (cMem->DataByte[0] == 0xEB && cMem->DataByte[1] == 0x02 && cMem->DataByte[2] == 0xFF && cMem->DataByte[3] == 0x20))
{ {
KnownRedirectionIndex = 4; // ; tELock 0.96 - 0.98 KnownRedirectionIndex = 4; // ; tELock 0.96 - 0.98
} }
else if((cMem->DataByte[0] == 0xF9 || cMem->DataByte[0] == 0xF8) || (cMem->DataByte[0] == 0x0B && cMem->DataByte[1] == 0xE4) || (cMem->DataByte[0] == 0x85 && cMem->DataByte[1] == 0xE4)) else if((cMem->DataByte[0] == 0xF9 || cMem->DataByte[0] == 0xF8) || (cMem->DataByte[0] == 0x0B && cMem->DataByte[1] == 0xE4) || (cMem->DataByte[0] == 0x85 && cMem->DataByte[1] == 0xE4))
{ {
KnownRedirectionIndex = 4; // ; tELock 0.96 - 0.98 KnownRedirectionIndex = 4; // ; tELock 0.96 - 0.98
} }
else if(cMem->DataByte[0] == 0xEB && (cMem->DataByte[1] > NULL && cMem->DataByte[1] < 4)) else if(cMem->DataByte[0] == 0xEB && (cMem->DataByte[1] > NULL && cMem->DataByte[1] < 4))
{ {
@ -1079,9 +1079,9 @@ __declspec(dllexport) long TITCALL TracerDetectRedirection(HANDLE hProcess, ULON
j = 30; j = 30;
while(j > NULL) while(j > NULL)
{ {
if(cMem->DataByte[i] == 0xB8 && (cMem->DataByte[i+5] == 0x40 || cMem->DataByte[i+5] == 0x90) && cMem->DataByte[i+6] == 0xFF && cMem->DataByte[i+7] == 0x30 && cMem->DataByte[i+8] == 0xC3) if(cMem->DataByte[i] == 0xB8 && (cMem->DataByte[i + 5] == 0x40 || cMem->DataByte[i + 5] == 0x90) && cMem->DataByte[i + 6] == 0xFF && cMem->DataByte[i + 7] == 0x30 && cMem->DataByte[i + 8] == 0xC3)
{ {
KnownRedirectionIndex = 4; // ; tELock 0.96 - 0.98 KnownRedirectionIndex = 4; // ; tELock 0.96 - 0.98
j = 1; j = 1;
} }
i++; i++;
@ -1095,11 +1095,11 @@ __declspec(dllexport) long TITCALL TracerDetectRedirection(HANDLE hProcess, ULON
MemoryHash = EngineHashMemory((char*)TraceMemory, 192, MemoryHash); MemoryHash = EngineHashMemory((char*)TraceMemory, 192, MemoryHash);
if(MemoryHash == 0x5AF7E209 || MemoryHash == 0xEB480CAC || MemoryHash == 0x86218561 || MemoryHash == 0xCA9ABD85) if(MemoryHash == 0x5AF7E209 || MemoryHash == 0xEB480CAC || MemoryHash == 0x86218561 || MemoryHash == 0xCA9ABD85)
{ {
KnownRedirectionIndex = 9; // ; SVKP 1.x KnownRedirectionIndex = 9; // ; SVKP 1.x
} }
else if(MemoryHash == 0xF1F84A98 || MemoryHash == 0x91823290 || MemoryHash == 0xBEE6BAA0 || MemoryHash == 0x79603232) else if(MemoryHash == 0xF1F84A98 || MemoryHash == 0x91823290 || MemoryHash == 0xBEE6BAA0 || MemoryHash == 0x79603232)
{ {
KnownRedirectionIndex = 9; // ; SVKP 1.x KnownRedirectionIndex = 9; // ; SVKP 1.x
} }
} }
} }
@ -1123,7 +1123,7 @@ __declspec(dllexport) ULONG_PTR TITCALL TracerFixKnownRedirection(HANDLE hProces
MEMORY_BASIC_INFORMATION MemInfo; MEMORY_BASIC_INFORMATION MemInfo;
ULONG_PTR ueNumberOfBytesRead = NULL; ULONG_PTR ueNumberOfBytesRead = NULL;
char TracerReadMemory[0x1000] = {0}; char TracerReadMemory[0x1000] = {0};
DWORD MaximumReadSize=0x1000; DWORD MaximumReadSize = 0x1000;
cMem = (PMEMORY_CMP_HANDLER)TracerReadMemory; cMem = (PMEMORY_CMP_HANDLER)TracerReadMemory;
VirtualQueryEx(hProcess, (LPVOID)AddressToTrace, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); VirtualQueryEx(hProcess, (LPVOID)AddressToTrace, &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
@ -1139,7 +1139,7 @@ __declspec(dllexport) ULONG_PTR TITCALL TracerFixKnownRedirection(HANDLE hProces
{ {
RedirectionId = (DWORD)TracerDetectRedirection(hProcess, AddressToTrace); RedirectionId = (DWORD)TracerDetectRedirection(hProcess, AddressToTrace);
} }
if(RedirectionId == 1) // TracerFix_ACProtect if(RedirectionId == 1) // TracerFix_ACProtect
{ {
__try __try
{ {
@ -1169,7 +1169,7 @@ __declspec(dllexport) ULONG_PTR TITCALL TracerFixKnownRedirection(HANDLE hProces
return(NULL); return(NULL);
} }
} }
else if(RedirectionId == 2) // TracerFix_tELock_varA else if(RedirectionId == 2) // TracerFix_tELock_varA
{ {
__try __try
{ {
@ -1187,7 +1187,7 @@ __declspec(dllexport) ULONG_PTR TITCALL TracerFixKnownRedirection(HANDLE hProces
return(NULL); return(NULL);
} }
} }
else if(RedirectionId == 3) // TracerFix_tELock_varB else if(RedirectionId == 3) // TracerFix_tELock_varB
{ {
__try __try
{ {
@ -1212,7 +1212,7 @@ __declspec(dllexport) ULONG_PTR TITCALL TracerFixKnownRedirection(HANDLE hProces
return(NULL); return(NULL);
} }
} }
else if(RedirectionId == 4) // TracerFix_tELock_varC else if(RedirectionId == 4) // TracerFix_tELock_varC
{ {
__try __try
{ {
@ -1276,7 +1276,7 @@ __declspec(dllexport) ULONG_PTR TITCALL TracerFixKnownRedirection(HANDLE hProces
return(NULL); return(NULL);
} }
} }
else if(RedirectionId == 5) // TracerFix_tELock_varD else if(RedirectionId == 5) // TracerFix_tELock_varD
{ {
__try __try
{ {
@ -1307,7 +1307,7 @@ __declspec(dllexport) ULONG_PTR TITCALL TracerFixKnownRedirection(HANDLE hProces
return(NULL); return(NULL);
} }
} }
else if(RedirectionId == 6) // TracerFix_ReCrypt else if(RedirectionId == 6) // TracerFix_ReCrypt
{ {
__try __try
{ {
@ -1322,7 +1322,7 @@ __declspec(dllexport) ULONG_PTR TITCALL TracerFixKnownRedirection(HANDLE hProces
return(NULL); return(NULL);
} }
} }
else if(RedirectionId == 7) // TracerFix_Orien else if(RedirectionId == 7) // TracerFix_Orien
{ {
__try __try
{ {
@ -1353,7 +1353,7 @@ __declspec(dllexport) ULONG_PTR TITCALL TracerFixKnownRedirection(HANDLE hProces
return(NULL); return(NULL);
} }
} }
else if(RedirectionId == 8) // TracerFix_AlexProtector else if(RedirectionId == 8) // TracerFix_AlexProtector
{ {
__try __try
{ {
@ -1369,7 +1369,7 @@ __declspec(dllexport) ULONG_PTR TITCALL TracerFixKnownRedirection(HANDLE hProces
return(NULL); return(NULL);
} }
} }
else if(RedirectionId == 9 && MaximumReadSize > 192) // TracerFix_SVKP else if(RedirectionId == 9 && MaximumReadSize > 192) // TracerFix_SVKP
{ {
__try __try
{ {
@ -1448,7 +1448,7 @@ __declspec(dllexport) long TITCALL TracerFixRedirectionViaImpRecPlugin(HANDLE hP
HANDLE FileMap; HANDLE FileMap;
ULONG_PTR FileMapVA; ULONG_PTR FileMapVA;
if(GetModuleFileNameA(engineHandle, (LPCH)szModuleName, sizeof(szModuleName)-0x100) > NULL) if(GetModuleFileNameA(engineHandle, (LPCH)szModuleName, sizeof(szModuleName) - 0x100) > NULL)
{ {
cModuleName = (LPVOID)((ULONG_PTR)cModuleName + lstrlenA((LPCSTR)szModuleName)); cModuleName = (LPVOID)((ULONG_PTR)cModuleName + lstrlenA((LPCSTR)szModuleName));
cmpModuleName = (PMEMORY_CMP_HANDLER)(cModuleName); cmpModuleName = (PMEMORY_CMP_HANDLER)(cModuleName);

2
TitanEngine/TitanEngine.TranslateName.cpp
View File

@ -46,7 +46,7 @@ __declspec(dllexport) void* TITCALL TranslateNativeName(char* szNativeName)
} }
VirtualFree(TranslatedName, NULL, MEM_RELEASE); VirtualFree(TranslatedName, NULL, MEM_RELEASE);
return NULL; return NULL;
} }

4
TitanEngine/TitanEngine.cpp
View File

@ -12,10 +12,10 @@ BOOL APIENTRY DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
switch(fdwReason) switch(fdwReason)
{ {
case DLL_PROCESS_ATTACH: case DLL_PROCESS_ATTACH:
engineHandle=hinstDLL; engineHandle = hinstDLL;
EngineInit(); EngineInit();
EmptyGarbage(); EmptyGarbage();
for(int i=0; i<UE_MAX_RESERVED_MEMORY_LEFT; i++) for(int i = 0; i < UE_MAX_RESERVED_MEMORY_LEFT; i++)
engineReservedMemoryLeft[i] = NULL; engineReservedMemoryLeft[i] = NULL;
break; break;
case DLL_THREAD_ATTACH: case DLL_THREAD_ATTACH:

38
TitanEngine/aplib.h
View File

@ -28,42 +28,42 @@ extern "C" {
# define APLIB_ERROR ((unsigned int) (-1)) # define APLIB_ERROR ((unsigned int) (-1))
#endif #endif
unsigned int APLIB_CONVENTION aP_pack(const void *source, unsigned int APLIB_CONVENTION aP_pack(const void* source,
void *destination, void* destination,
unsigned int length, unsigned int length,
void *workmem, void* workmem,
int (__cdecl *callback)(unsigned int, unsigned int, unsigned int, void *), int (__cdecl* callback)(unsigned int, unsigned int, unsigned int, void*),
void *cbparam); void* cbparam);
unsigned int APLIB_CONVENTION aP_workmem_size(unsigned int inputsize); unsigned int APLIB_CONVENTION aP_workmem_size(unsigned int inputsize);
unsigned int APLIB_CONVENTION aP_max_packed_size(unsigned int inputsize); unsigned int APLIB_CONVENTION aP_max_packed_size(unsigned int inputsize);
unsigned int APLIB_CONVENTION aP_depack_asm(const void *source, void *destination); unsigned int APLIB_CONVENTION aP_depack_asm(const void* source, void* destination);
unsigned int APLIB_CONVENTION aP_depack_asm_fast(const void *source, void *destination); unsigned int APLIB_CONVENTION aP_depack_asm_fast(const void* source, void* destination);
unsigned int APLIB_CONVENTION aP_depack_asm_safe(const void *source, unsigned int APLIB_CONVENTION aP_depack_asm_safe(const void* source,
unsigned int srclen, unsigned int srclen,
void *destination, void* destination,
unsigned int dstlen); unsigned int dstlen);
unsigned int APLIB_CONVENTION aP_crc32(const void *source, unsigned int length); unsigned int APLIB_CONVENTION aP_crc32(const void* source, unsigned int length);
unsigned int APLIB_CONVENTION aPsafe_pack(const void *source, unsigned int APLIB_CONVENTION aPsafe_pack(const void* source,
void *destination, void* destination,
unsigned int length, unsigned int length,
void *workmem, void* workmem,
int (__cdecl *callback)(unsigned int, unsigned int, unsigned int, void *), int (__cdecl* callback)(unsigned int, unsigned int, unsigned int, void*),
void *cbparam); void* cbparam);
unsigned int APLIB_CONVENTION aPsafe_check(const void *source); unsigned int APLIB_CONVENTION aPsafe_check(const void* source);
unsigned int APLIB_CONVENTION aPsafe_get_orig_size(const void *source); unsigned int APLIB_CONVENTION aPsafe_get_orig_size(const void* source);
unsigned int APLIB_CONVENTION aPsafe_depack(const void *source, unsigned int APLIB_CONVENTION aPsafe_depack(const void* source,
unsigned int srclen, unsigned int srclen,
void *destination, void* destination,
unsigned int dstlen); unsigned int dstlen);
#ifdef __cplusplus #ifdef __cplusplus

4
TitanEngine/definitions.h
View File

@ -73,8 +73,8 @@ __declspec(dllexport) ULONG_PTR TITCALL ConvertVAtoFileOffset(ULONG_PTR FileMapV
__declspec(dllexport) ULONG_PTR TITCALL ConvertVAtoFileOffsetEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool AddressIsRVA, bool ReturnType); __declspec(dllexport) ULONG_PTR TITCALL ConvertVAtoFileOffsetEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool AddressIsRVA, bool ReturnType);
__declspec(dllexport) ULONG_PTR TITCALL ConvertFileOffsetToVA(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType); __declspec(dllexport) ULONG_PTR TITCALL ConvertFileOffsetToVA(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType);
__declspec(dllexport) ULONG_PTR TITCALL ConvertFileOffsetToVAEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool ReturnType); __declspec(dllexport) ULONG_PTR TITCALL ConvertFileOffsetToVAEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool ReturnType);
__declspec(dllexport) bool TITCALL MemoryReadSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T * lpNumberOfBytesRead); __declspec(dllexport) bool TITCALL MemoryReadSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T* lpNumberOfBytesRead);
__declspec(dllexport) bool TITCALL MemoryWriteSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID lpBuffer, SIZE_T nSize, SIZE_T * lpNumberOfBytesWritten); __declspec(dllexport) bool TITCALL MemoryWriteSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID lpBuffer, SIZE_T nSize, SIZE_T* lpNumberOfBytesWritten);
// TitanEngine.Realigner.functions: // TitanEngine.Realigner.functions:
__declspec(dllexport) bool TITCALL FixHeaderCheckSum(char* szFileName); __declspec(dllexport) bool TITCALL FixHeaderCheckSum(char* szFileName);
__declspec(dllexport) bool TITCALL FixHeaderCheckSumW(wchar_t* szFileName); __declspec(dllexport) bool TITCALL FixHeaderCheckSumW(wchar_t* szFileName);

63
TitanEngine/distorm.h
View File

@ -60,14 +60,14 @@ along with this program. If not, see <http://www.gnu.org/licenses/>
#ifdef _MSC_VER #ifdef _MSC_VER
/* Since MSVC isn't shipped with stdint.h, we will have our own: */ /* Since MSVC isn't shipped with stdint.h, we will have our own: */
typedef signed __int64 int64_t; typedef signed __int64 int64_t;
typedef unsigned __int64 uint64_t; typedef unsigned __int64 uint64_t;
typedef signed __int32 int32_t; typedef signed __int32 int32_t;
typedef unsigned __int32 uint32_t; typedef unsigned __int32 uint32_t;
typedef signed __int16 int16_t; typedef signed __int16 int16_t;
typedef unsigned __int16 uint16_t; typedef unsigned __int16 uint16_t;
typedef signed __int8 int8_t; typedef signed __int8 int8_t;
typedef unsigned __int8 uint8_t; typedef unsigned __int8 uint8_t;
#endif #endif
/* Support C++ compilers */ /* Support C++ compilers */
@ -115,7 +115,8 @@ extern "C" {
/* Decodes modes of the disassembler, 16 bits or 32 bits or 64 bits for AMD64, x86-64. */ /* Decodes modes of the disassembler, 16 bits or 32 bits or 64 bits for AMD64, x86-64. */
typedef enum { typedef enum
{
Decode16Bits = 0, Decode32Bits = 1, Decode64Bits = 2 Decode16Bits = 0, Decode32Bits = 1, Decode64Bits = 2
} }
_DecodeType; _DecodeType;
@ -167,36 +168,36 @@ typedef union
typedef struct typedef struct
{ {
/* Type of operand: /* Type of operand:
O_NONE: operand is to be ignored. O_NONE: operand is to be ignored.
O_REG: index holds global register index. O_REG: index holds global register index.
O_IMM: instruction.imm. O_IMM: instruction.imm.
O_IMM1: instruction.imm.ex.i1. O_IMM1: instruction.imm.ex.i1.
O_IMM2: instruction.imm.ex.i2. O_IMM2: instruction.imm.ex.i2.
O_DISP: memory dereference with displacement only, instruction.disp. O_DISP: memory dereference with displacement only, instruction.disp.
O_SMEM: simple memory dereference with optional displacement (a single register memory dereference). O_SMEM: simple memory dereference with optional displacement (a single register memory dereference).
O_MEM: complex memory dereference (optional fields: s/i/b/disp). O_MEM: complex memory dereference (optional fields: s/i/b/disp).
O_PC: the relative address of a branch instruction (instruction.imm.addr). O_PC: the relative address of a branch instruction (instruction.imm.addr).
O_PTR: the absolute target address of a far branch instruction (instruction.imm.ptr.seg/off). O_PTR: the absolute target address of a far branch instruction (instruction.imm.ptr.seg/off).
*/ */
uint8_t type; /* _OperandType */ uint8_t type; /* _OperandType */
/* Index of: /* Index of:
O_REG: holds global register index O_REG: holds global register index
O_SMEM: holds the 'base' register. E.G: [ECX], [EBX+0x1234] are both in operand.index. O_SMEM: holds the 'base' register. E.G: [ECX], [EBX+0x1234] are both in operand.index.
O_MEM: holds the 'index' register. E.G: [EAX*4] is in operand.index. O_MEM: holds the 'index' register. E.G: [EAX*4] is in operand.index.
*/ */
uint8_t index; uint8_t index;
/* Size of: /* Size of:
O_REG: register O_REG: register
O_IMM: instruction.imm O_IMM: instruction.imm
O_IMM1: instruction.imm.ex.i1 O_IMM1: instruction.imm.ex.i1
O_IMM2: instruction.imm.ex.i2 O_IMM2: instruction.imm.ex.i2
O_DISP: instruction.disp O_DISP: instruction.disp
O_SMEM: size of indirection. O_SMEM: size of indirection.
O_MEM: size of indirection. O_MEM: size of indirection.
O_PC: size of the relative offset O_PC: size of the relative offset
O_PTR: size of instruction.imm.ptr.off (16 or 32) O_PTR: size of instruction.imm.ptr.off (16 or 32)
*/ */
uint16_t size; uint16_t size;
} _Operand; } _Operand;

38
TitanEngine/ntdll.h
View File

@ -250,7 +250,7 @@ typedef struct _PROCESS_BASIC_INFORMATION
ULONG_PTR UniqueProcessId; ULONG_PTR UniqueProcessId;
PVOID Reserved3; PVOID Reserved3;
} PROCESS_BASIC_INFORMATION; } PROCESS_BASIC_INFORMATION;
typedef PROCESS_BASIC_INFORMATION *PPROCESS_BASIC_INFORMATION; typedef PROCESS_BASIC_INFORMATION* PPROCESS_BASIC_INFORMATION;
typedef struct _THREAD_BASIC_INFORMATION typedef struct _THREAD_BASIC_INFORMATION
{ {
@ -264,7 +264,7 @@ typedef struct _THREAD_BASIC_INFORMATION
typedef typedef
VOID VOID
(*PPS_APC_ROUTINE) ( (*PPS_APC_ROUTINE)(
__in_opt PVOID ApcArgument1, __in_opt PVOID ApcArgument1,
__in_opt PVOID ApcArgument2, __in_opt PVOID ApcArgument2,
__in_opt PVOID ApcArgument3 __in_opt PVOID ApcArgument3
@ -445,7 +445,7 @@ extern "C" {
NTSYSCALLAPI NTSYSCALLAPI
NTSTATUS NTSTATUS
NTAPI NTAPI
NtSetInformationProcess ( NtSetInformationProcess(
__in HANDLE ProcessHandle, __in HANDLE ProcessHandle,
__in PROCESSINFOCLASS ProcessInformationClass, __in PROCESSINFOCLASS ProcessInformationClass,
__in_bcount(ProcessInformationLength) PVOID ProcessInformation, __in_bcount(ProcessInformationLength) PVOID ProcessInformation,
@ -455,7 +455,7 @@ NtSetInformationProcess (
NTSYSCALLAPI NTSYSCALLAPI
NTSTATUS NTSTATUS
NTAPI NTAPI
NtQueryInformationProcess ( NtQueryInformationProcess(
__in HANDLE ProcessHandle, __in HANDLE ProcessHandle,
__in PROCESSINFOCLASS ProcessInformationClass, __in PROCESSINFOCLASS ProcessInformationClass,
__out_bcount(ProcessInformationLength) PVOID ProcessInformation, __out_bcount(ProcessInformationLength) PVOID ProcessInformation,
@ -466,7 +466,7 @@ NtQueryInformationProcess (
NTSYSCALLAPI NTSYSCALLAPI
NTSTATUS NTSTATUS
NTAPI NTAPI
NtQueryObject ( NtQueryObject(
__in HANDLE Handle, __in HANDLE Handle,
__in OBJECT_INFORMATION_CLASS ObjectInformationClass, __in OBJECT_INFORMATION_CLASS ObjectInformationClass,
__out_bcount_opt(ObjectInformationLength) PVOID ObjectInformation, __out_bcount_opt(ObjectInformationLength) PVOID ObjectInformation,
@ -477,7 +477,7 @@ NtQueryObject (
NTSYSCALLAPI NTSYSCALLAPI
NTSTATUS NTSTATUS
NTAPI NTAPI
NtSetSystemInformation ( NtSetSystemInformation(
__in SYSTEM_INFORMATION_CLASS SystemInformationClass, __in SYSTEM_INFORMATION_CLASS SystemInformationClass,
__in_bcount_opt(SystemInformationLength) PVOID SystemInformation, __in_bcount_opt(SystemInformationLength) PVOID SystemInformation,
__in ULONG SystemInformationLength __in ULONG SystemInformationLength
@ -486,7 +486,7 @@ NtSetSystemInformation (
NTSYSCALLAPI NTSYSCALLAPI
NTSTATUS NTSTATUS
NTAPI NTAPI
NtQuerySystemInformation ( NtQuerySystemInformation(
__in SYSTEM_INFORMATION_CLASS SystemInformationClass, __in SYSTEM_INFORMATION_CLASS SystemInformationClass,
__out_bcount_opt(SystemInformationLength) PVOID SystemInformation, __out_bcount_opt(SystemInformationLength) PVOID SystemInformation,
__in ULONG SystemInformationLength, __in ULONG SystemInformationLength,
@ -496,7 +496,7 @@ NtQuerySystemInformation (
NTSYSCALLAPI NTSYSCALLAPI
NTSTATUS NTSTATUS
NTAPI NTAPI
NtSetInformationThread ( NtSetInformationThread(
__in HANDLE ThreadHandle, __in HANDLE ThreadHandle,
__in THREADINFOCLASS ThreadInformationClass, __in THREADINFOCLASS ThreadInformationClass,
__in_bcount(ThreadInformationLength) PVOID ThreadInformation, __in_bcount(ThreadInformationLength) PVOID ThreadInformation,
@ -506,7 +506,7 @@ NtSetInformationThread (
NTSYSCALLAPI NTSYSCALLAPI
NTSTATUS NTSTATUS
NTAPI NTAPI
NtQueryInformationThread ( NtQueryInformationThread(
__in HANDLE ThreadHandle, __in HANDLE ThreadHandle,
__in THREADINFOCLASS ThreadInformationClass, __in THREADINFOCLASS ThreadInformationClass,
__out_bcount(ThreadInformationLength) PVOID ThreadInformation, __out_bcount(ThreadInformationLength) PVOID ThreadInformation,
@ -517,7 +517,7 @@ NtQueryInformationThread (
NTSYSCALLAPI NTSYSCALLAPI
NTSTATUS NTSTATUS
NTAPI NTAPI
NtUnmapViewOfSection ( NtUnmapViewOfSection(
__in HANDLE ProcessHandle, __in HANDLE ProcessHandle,
__in PVOID BaseAddress __in PVOID BaseAddress
); );
@ -525,7 +525,7 @@ NtUnmapViewOfSection (
NTSYSCALLAPI NTSYSCALLAPI
NTSTATUS NTSTATUS
NTAPI NTAPI
NtSuspendThread ( NtSuspendThread(
__in HANDLE ThreadHandle, __in HANDLE ThreadHandle,
__out_opt PULONG PreviousSuspendCount __out_opt PULONG PreviousSuspendCount
); );
@ -533,7 +533,7 @@ NtSuspendThread (
NTSYSCALLAPI NTSYSCALLAPI
NTSTATUS NTSTATUS
NTAPI NTAPI
NtResumeThread ( NtResumeThread(
__in HANDLE ThreadHandle, __in HANDLE ThreadHandle,
__out_opt PULONG PreviousSuspendCount __out_opt PULONG PreviousSuspendCount
); );
@ -541,21 +541,21 @@ NtResumeThread (
NTSYSCALLAPI NTSYSCALLAPI
NTSTATUS NTSTATUS
NTAPI NTAPI
NtSuspendProcess ( NtSuspendProcess(
__in HANDLE ProcessHandle __in HANDLE ProcessHandle
); );
NTSYSCALLAPI NTSYSCALLAPI
NTSTATUS NTSTATUS
NTAPI NTAPI
NtResumeProcess ( NtResumeProcess(
__in HANDLE ProcessHandle __in HANDLE ProcessHandle
); );
NTSYSCALLAPI NTSYSCALLAPI
NTSTATUS NTSTATUS
NTAPI NTAPI
NtQueueApcThread ( NtQueueApcThread(
__in HANDLE ThreadHandle, __in HANDLE ThreadHandle,
__in PPS_APC_ROUTINE ApcRoutine, __in PPS_APC_ROUTINE ApcRoutine,
__in_opt PVOID ApcArgument1, __in_opt PVOID ApcArgument1,
@ -566,7 +566,7 @@ NtQueueApcThread (
NTSYSCALLAPI NTSYSCALLAPI
NTSTATUS NTSTATUS
NTAPI NTAPI
RtlGetCompressionWorkSpaceSize ( RtlGetCompressionWorkSpaceSize(
IN USHORT CompressionFormatAndEngine, IN USHORT CompressionFormatAndEngine,
OUT PULONG CompressBufferWorkSpaceSize, OUT PULONG CompressBufferWorkSpaceSize,
OUT PULONG CompressFragmentWorkSpaceSize OUT PULONG CompressFragmentWorkSpaceSize
@ -575,7 +575,7 @@ RtlGetCompressionWorkSpaceSize (
NTSYSCALLAPI NTSYSCALLAPI
NTSTATUS NTSTATUS
NTAPI NTAPI
RtlCompressBuffer ( RtlCompressBuffer(
IN USHORT CompressionFormatAndEngine, IN USHORT CompressionFormatAndEngine,
IN PUCHAR UncompressedBuffer, IN PUCHAR UncompressedBuffer,
IN ULONG UncompressedBufferSize, IN ULONG UncompressedBufferSize,
@ -589,7 +589,7 @@ RtlCompressBuffer (
NTSYSCALLAPI NTSYSCALLAPI
NTSTATUS NTSTATUS
NTAPI NTAPI
RtlDecompressBuffer ( RtlDecompressBuffer(
IN USHORT CompressionFormat, IN USHORT CompressionFormat,
OUT PUCHAR UncompressedBuffer, OUT PUCHAR UncompressedBuffer,
IN ULONG UncompressedBufferSize, IN ULONG UncompressedBufferSize,
@ -601,7 +601,7 @@ RtlDecompressBuffer (
NTSYSCALLAPI NTSYSCALLAPI
ULONG ULONG
NTAPI NTAPI
RtlNtStatusToDosError ( RtlNtStatusToDosError(
NTSTATUS Status NTSTATUS Status
); );

2
TitanEngine/resource.h
View File

@ -25,7 +25,7 @@
#define IDC_LISTBOX 800 #define IDC_LISTBOX 800
// Next default values for new objects // Next default values for new objects
// //
#ifdef APSTUDIO_INVOKED #ifdef APSTUDIO_INVOKED
#ifndef APSTUDIO_READONLY_SYMBOLS #ifndef APSTUDIO_READONLY_SYMBOLS
#define _APS_NEXT_RESOURCE_VALUE 114 #define _APS_NEXT_RESOURCE_VALUE 114

10
TitanEngine/scylla_wrapper.h
View File

@ -11,7 +11,7 @@ const BYTE SCY_ERROR_IATNOTFOUND = -4;
extern "C" { extern "C" {
#endif /*__cplusplus*/ #endif /*__cplusplus*/
//iat exports //iat exports
int scylla_searchIAT(DWORD pid, DWORD_PTR &iatStart, DWORD &iatSize, DWORD_PTR searchStart, bool advancedSearch); int scylla_searchIAT(DWORD pid, DWORD_PTR & iatStart, DWORD & iatSize, DWORD_PTR searchStart, bool advancedSearch);
int scylla_getImports(DWORD_PTR iatAddr, DWORD iatSize, DWORD pid, LPVOID invalidImportCallback = NULL); int scylla_getImports(DWORD_PTR iatAddr, DWORD iatSize, DWORD pid, LPVOID invalidImportCallback = NULL);
bool scylla_addModule(const WCHAR* moduleName, DWORD_PTR firstThunkRVA); bool scylla_addModule(const WCHAR* moduleName, DWORD_PTR firstThunkRVA);
bool scylla_addImport(const WCHAR* importName, DWORD_PTR thunkVA); bool scylla_addImport(const WCHAR* importName, DWORD_PTR thunkVA);
@ -29,12 +29,12 @@ DWORD_PTR scylla_findImportNameByWriteLocation(DWORD_PTR thunkVA);
DWORD_PTR scylla_findModuleNameByWriteLocation(DWORD_PTR thunkVA); DWORD_PTR scylla_findModuleNameByWriteLocation(DWORD_PTR thunkVA);
//dumper exports //dumper exports
bool scylla_dumpProcessW(DWORD_PTR pid, const WCHAR * fileToDump, DWORD_PTR imagebase, DWORD_PTR entrypoint, const WCHAR * fileResult); bool scylla_dumpProcessW(DWORD_PTR pid, const WCHAR* fileToDump, DWORD_PTR imagebase, DWORD_PTR entrypoint, const WCHAR* fileResult);
bool scylla_dumpProcessA(DWORD_PTR pid, const char * fileToDump, DWORD_PTR imagebase, DWORD_PTR entrypoint, const char * fileResult); bool scylla_dumpProcessA(DWORD_PTR pid, const char* fileToDump, DWORD_PTR imagebase, DWORD_PTR entrypoint, const char* fileResult);
//rebuilder exports //rebuilder exports
bool scylla_rebuildFileW(const WCHAR * fileToRebuild, BOOL removeDosStub, BOOL updatePeHeaderChecksum, BOOL createBackup); bool scylla_rebuildFileW(const WCHAR* fileToRebuild, BOOL removeDosStub, BOOL updatePeHeaderChecksum, BOOL createBackup);
bool scylla_rebuildFileA(const char * fileToRebuild, BOOL removeDosStub, BOOL updatePeHeaderChecksum, BOOL createBackup); bool scylla_rebuildFileA(const char* fileToRebuild, BOOL removeDosStub, BOOL updatePeHeaderChecksum, BOOL createBackup);
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif /*__cplusplus*/ #endif /*__cplusplus*/

52
TitanEngine/stdafx.h
View File

@ -154,24 +154,24 @@ typedef struct
enum HWBP_MODE enum HWBP_MODE
{ {
MODE_DISABLED=0, //00 MODE_DISABLED = 0, //00
MODE_LOCAL=1, //01 MODE_LOCAL = 1, //01
MODE_GLOBAL=2 //10 MODE_GLOBAL = 2 //10
}; };
enum HWBP_TYPE enum HWBP_TYPE
{ {
TYPE_EXECUTE=0, //00 TYPE_EXECUTE = 0, //00
TYPE_WRITE=1, //01 TYPE_WRITE = 1, //01
TYPE_READWRITE=3 //11 TYPE_READWRITE = 3 //11
}; };
enum HWBP_SIZE enum HWBP_SIZE
{ {
SIZE_1=0, //00 SIZE_1 = 0, //00
SIZE_2=1, //01 SIZE_2 = 1, //01
SIZE_8=2, //10 SIZE_8 = 2, //10
SIZE_4=3 //11 SIZE_4 = 3 //11
}; };
struct DR7 struct DR7
@ -759,21 +759,21 @@ typedef struct
/*typedef enum _POOL_TYPE { /*typedef enum _POOL_TYPE {
NonPagedPool, NonPagedPool,
PagedPool, PagedPool,
NonPagedPoolMustSucceed, NonPagedPoolMustSucceed,
DontUseThisType, DontUseThisType,
NonPagedPoolCacheAligned, NonPagedPoolCacheAligned,
PagedPoolCacheAligned, PagedPoolCacheAligned,
NonPagedPoolCacheAlignedMustS, NonPagedPoolCacheAlignedMustS,
MaxPoolType, MaxPoolType,
NonPagedPoolSession, NonPagedPoolSession,
PagedPoolSession, PagedPoolSession,
NonPagedPoolMustSucceedSession, NonPagedPoolMustSucceedSession,
DontUseThisTypeSession, DontUseThisTypeSession,
NonPagedPoolCacheAlignedSession, NonPagedPoolCacheAlignedSession,
PagedPoolCacheAlignedSession, PagedPoolCacheAlignedSession,
NonPagedPoolCacheAlignedMustSSession NonPagedPoolCacheAlignedMustSSession
} POOL_TYPE;*/ } POOL_TYPE;*/
typedef struct typedef struct
@ -924,7 +924,7 @@ struct _PEB_T
DWORD MaximumNumberOfHeaps; DWORD MaximumNumberOfHeaps;
T ProcessHeaps; T ProcessHeaps;
//FULL PEB not needed //FULL PEB not needed
/* T GdiSharedHandleTable; /* T GdiSharedHandleTable;
T ProcessStarterHelper; T ProcessStarterHelper;
T GdiDCAttributeList; T GdiDCAttributeList;

4
TitanEngine/targetver.h
View File

@ -1,8 +1,8 @@
#pragma once #pragma once
// The following macros define the minimum required platform. The minimum required platform // The following macros define the minimum required platform. The minimum required platform
// is the earliest version of Windows, Internet Explorer etc. that has the necessary features to run // is the earliest version of Windows, Internet Explorer etc. that has the necessary features to run
// your application. The macros work by enabling all features available on platform versions up to and // your application. The macros work by enabling all features available on platform versions up to and
// including the version specified. // including the version specified.
// Modify the following defines if you have to target a platform prior to the ones specified below. // Modify the following defines if you have to target a platform prior to the ones specified below.

8
TitanEngineLoaders/LibraryLoader/LibraryLoader.cpp
View File

@ -5,12 +5,12 @@ wchar_t szLibraryPath[512];
int main() int main()
{ {
memset(szLibraryPath, 0, sizeof(szLibraryPath)); memset(szLibraryPath, 0, sizeof(szLibraryPath));
wchar_t szName[256]=L""; wchar_t szName[256] = L"";
wsprintfW(szName, L"Global\\szLibraryName%X", (unsigned int)GetCurrentProcessId()); wsprintfW(szName, L"Global\\szLibraryName%X", (unsigned int)GetCurrentProcessId());
HANDLE hMapFile=OpenFileMappingW(FILE_MAP_READ, false, szName); HANDLE hMapFile = OpenFileMappingW(FILE_MAP_READ, false, szName);
if(hMapFile) if(hMapFile)
{ {
const wchar_t* szLibraryPathMapping=(const wchar_t*)MapViewOfFile(hMapFile, FILE_MAP_READ, 0, 0, sizeof(szLibraryPath)); const wchar_t* szLibraryPathMapping = (const wchar_t*)MapViewOfFile(hMapFile, FILE_MAP_READ, 0, 0, sizeof(szLibraryPath));
if(szLibraryPathMapping) if(szLibraryPathMapping)
{ {
lstrcpyW(szLibraryPath, szLibraryPathMapping); lstrcpyW(szLibraryPath, szLibraryPathMapping);
@ -19,6 +19,6 @@ int main()
CloseHandle(hMapFile); CloseHandle(hMapFile);
} }
if(szLibraryPath[0]) if(szLibraryPath[0])
return (LoadLibraryW(szLibraryPath)!=NULL); return (LoadLibraryW(szLibraryPath) != NULL);
return 0; return 0;
} }