x64dbg
/
TitanEngine
mirror of https://github.com/x64dbg/TitanEngine
1
0
Fork 0
Code Releases Activity

drop VirtualAlloc in favor of local variables

This commit is contained in:
deepzero 2014-03-08 14:44:30 +01:00
parent ec558397a7
commit 772c6dbeda
8 changed files with 34 additions and 99 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
TitanEngine/Global.OEPFinder.cpp
View File

@ -55,7 +55,8 @@ void GenericOEPTraceHited()
{
int i;
void* lpHashBuffer;
//void* lpHashBuffer;
char lpHashBuffer[0x1000] = {0};
bool FakeEPDetected = false;
ULONG_PTR NumberOfBytesRW;
LPDEBUG_EVENT myDbgEvent = (LPDEBUG_EVENT)GetDebugData();
@ -85,12 +86,11 @@ void GenericOEPTraceHited()
{
glbEntryTracerData.SectionData[i].AccessedAlready = true;
}
lpHashBuffer = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE);
memBpxAddress = (glbEntryTracerData.MemoryAccessed / 0x1000) * 0x1000;
memBpxAddress = (glbEntryTracerData.MemoryAccessed / sizeof(lpHashBuffer)) * sizeof(lpHashBuffer);
memBpxSize = glbEntryTracerData.SectionData[i].SectionVirtualOffset + glbEntryTracerData.SectionData[i].SectionVirtualSize + glbEntryTracerData.LoadedImageBase - memBpxAddress;
if(memBpxSize > 0x1000)
if(memBpxSize > sizeof(lpHashBuffer))
{
memBpxSize = 0x1000;
memBpxSize = sizeof(lpHashBuffer);
}
if(ReadProcessMemory(dbgProcessInformation.hProcess, (void*)(memBpxAddress), lpHashBuffer, memBpxSize, &NumberOfBytesRW))
{
@ -108,7 +108,6 @@ void GenericOEPTraceHited()
FakeEPDetected = true;
}
}
VirtualFree(lpHashBuffer, NULL, MEM_RELEASE);
if(currentHash != originalHash && glbEntryTracerData.SectionData[i].AccessedAlready == true && i != glbEntryTracerData.OriginalEntryPointNum && FakeEPDetected == false)
{
__try

6
TitanEngine/TitanEngine.Debugger.Helper.cpp
View File

@ -210,7 +210,7 @@ __declspec(dllexport) long long TITCALL GetFunctionParameter(HANDLE hProcess, DW
__declspec(dllexport) long long TITCALL GetJumpDestinationEx(HANDLE hProcess, ULONG_PTR InstructionAddress, bool JustJumps)
{
LPVOID ReadMemory;
char ReadMemory[MAXIMUM_INSTRUCTION_SIZE] = {0};
MEMORY_BASIC_INFORMATION MemInfo;
ULONG_PTR ueNumberOfBytesRead = NULL;
PMEMORY_CMP_HANDLER CompareMemory;
@ -224,9 +224,6 @@ __declspec(dllexport) long long TITCALL GetJumpDestinationEx(HANDLE hProcess, UL
VirtualQueryEx(hProcess, (LPVOID)InstructionAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
if(MemInfo.RegionSize > NULL)
{
ReadMemory = VirtualAlloc(NULL, MAXIMUM_INSTRUCTION_SIZE, MEM_COMMIT, PAGE_READWRITE);
if(!ReadMemory)
return 0;
if(ReadProcessMemory(hProcess, (LPVOID)InstructionAddress, ReadMemory, MAXIMUM_INSTRUCTION_SIZE, &ueNumberOfBytesRead))
{
CompareMemory = (PMEMORY_CMP_HANDLER)ReadMemory;
@ -358,7 +355,6 @@ __declspec(dllexport) long long TITCALL GetJumpDestinationEx(HANDLE hProcess, UL
ReadProcessMemory(hProcess, (LPVOID)TargetedAddress, &TargetedAddress, 4, &ueNumberOfBytesRead);
}
}
VirtualFree(ReadMemory, NULL, MEM_RELEASE);
return((ULONG_PTR)TargetedAddress);
}
return(NULL);

8
TitanEngine/TitanEngine.Dumper.cpp
View File

@ -393,7 +393,7 @@ __declspec(dllexport) bool TITCALL DumpMemoryW(HANDLE hProcess, LPVOID MemorySta
HANDLE hFile = 0;
LPVOID ReadBase = MemoryStart;
ULONG_PTR ProcReadBase = (ULONG_PTR)ReadBase;
LPVOID ueCopyBuffer = VirtualAlloc(NULL, 0x2000, MEM_COMMIT, PAGE_READWRITE);
char ueCopyBuffer[0x2000] = {0};
MEMORY_BASIC_INFORMATION MemInfo;
if(EngineCreatePathForFileW(szDumpFileName))
@ -406,7 +406,7 @@ __declspec(dllexport) bool TITCALL DumpMemoryW(HANDLE hProcess, LPVOID MemorySta
ReadBase = (LPVOID)ProcReadBase;
if(MemorySize >= 0x1000)
{
RtlZeroMemory(ueCopyBuffer,0x2000);
RtlZeroMemory(ueCopyBuffer, sizeof(ueCopyBuffer));
if(!ReadProcessMemory(hProcess, ReadBase, ueCopyBuffer, 0x1000, &ueNumberOfBytesRead))
{
VirtualQueryEx(hProcess, ReadBase, &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
@ -419,7 +419,7 @@ __declspec(dllexport) bool TITCALL DumpMemoryW(HANDLE hProcess, LPVOID MemorySta
}
else
{
RtlZeroMemory(ueCopyBuffer,0x2000);
RtlZeroMemory(ueCopyBuffer, sizeof(ueCopyBuffer));
if(!ReadProcessMemory(hProcess, ReadBase, ueCopyBuffer, MemorySize, &ueNumberOfBytesRead))
{
VirtualQueryEx(hProcess, ReadBase, &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
@ -433,12 +433,10 @@ __declspec(dllexport) bool TITCALL DumpMemoryW(HANDLE hProcess, LPVOID MemorySta
ProcReadBase = (ULONG_PTR)ReadBase + 0x1000;
}
EngineCloseHandle(hFile);
VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE);
return true;
}
else
{
VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE);
return false;
}
}

14
TitanEngine/TitanEngine.Hider.cpp
View File

@ -7,10 +7,7 @@ __declspec(dllexport) void* TITCALL GetPEBLocation(HANDLE hProcess)
{
ULONG RequiredLen = 0;
void * PebAddress = 0;
PPROCESS_BASIC_INFORMATION myProcessBasicInformation = (PPROCESS_BASIC_INFORMATION)VirtualAlloc(NULL, sizeof(PROCESS_BASIC_INFORMATION) * 4, MEM_COMMIT|MEM_RESERVE, PAGE_READWRITE);
if(!myProcessBasicInformation)
return 0;
PROCESS_BASIC_INFORMATION myProcessBasicInformation[5] = {0};
if(NtQueryInformationProcess(hProcess, ProcessBasicInformation, myProcessBasicInformation, sizeof(PROCESS_BASIC_INFORMATION), &RequiredLen) == STATUS_SUCCESS)
{
@ -24,8 +21,6 @@ __declspec(dllexport) void* TITCALL GetPEBLocation(HANDLE hProcess)
}
}
VirtualFree(myProcessBasicInformation, 0, MEM_RELEASE);
return PebAddress;
}
@ -33,10 +28,7 @@ __declspec(dllexport) void* TITCALL GetTEBLocation(HANDLE hThread)
{
ULONG RequiredLen = 0;
void * TebAddress = 0;
PTHREAD_BASIC_INFORMATION myThreadBasicInformation = (PTHREAD_BASIC_INFORMATION)VirtualAlloc(NULL, sizeof(THREAD_BASIC_INFORMATION) * 4, MEM_COMMIT|MEM_RESERVE, PAGE_READWRITE);
if(!myThreadBasicInformation)
return 0;
THREAD_BASIC_INFORMATION myThreadBasicInformation[5] = {0};
if(NtQueryInformationThread(hThread, ThreadBasicInformation, myThreadBasicInformation, sizeof(THREAD_BASIC_INFORMATION), &RequiredLen) == STATUS_SUCCESS)
{
@ -50,8 +42,6 @@ __declspec(dllexport) void* TITCALL GetTEBLocation(HANDLE hThread)
}
}
VirtualFree(myThreadBasicInformation, 0, MEM_RELEASE);
return TebAddress;
}

11
TitanEngine/TitanEngine.PE.Overlay.cpp
View File

@ -174,7 +174,7 @@ __declspec(dllexport) bool TITCALL ExtractOverlayW(wchar_t* szFileName, wchar_t*
DWORD OverlayStart = 0;
DWORD OverlaySize = 0;
DWORD ueNumberOfBytesRead = 0;
LPVOID ueReadBuffer = VirtualAlloc(NULL, 0x2000, MEM_COMMIT, PAGE_READWRITE);
char ueReadBuffer[0x2000] = {0};
Return = FindOverlayW(szFileName, &OverlayStart, &OverlaySize);
if(Return)
@ -190,7 +190,7 @@ __declspec(dllexport) bool TITCALL ExtractOverlayW(wchar_t* szFileName, wchar_t*
SetFilePointer(hFile, OverlayStart, NULL, FILE_BEGIN);
while(OverlaySize > 0)
{
RtlZeroMemory(ueReadBuffer, 0x2000);
RtlZeroMemory(ueReadBuffer, sizeof(ueReadBuffer));
if(OverlaySize > 0x1000)
{
@ -221,21 +221,18 @@ __declspec(dllexport) bool TITCALL ExtractOverlayW(wchar_t* szFileName, wchar_t*
OverlaySize = 0;
}
}
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
EngineCloseHandle(hFile);
EngineCloseHandle(hFileWrite);
return true;
}
else
{
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
EngineCloseHandle(hFile);
return false;
}
}
}
}
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
return false;
}
__declspec(dllexport) bool TITCALL AddOverlay(char* szFileName, char* szOverlayFileName)
@ -264,7 +261,7 @@ __declspec(dllexport) bool TITCALL AddOverlayW(wchar_t* szFileName, wchar_t* szO
DWORD OverlaySize = 0;
ULONG_PTR ueNumberOfBytesRead = 0;
DWORD uedNumberOfBytesRead = 0;
LPVOID ueReadBuffer = VirtualAlloc(NULL, 0x2000, MEM_COMMIT, PAGE_READWRITE);
char ueReadBuffer[0x2000] = {0};
hFile = CreateFileW(szFileName, GENERIC_READ+GENERIC_WRITE, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
if(hFile != INVALID_HANDLE_VALUE)
@ -277,7 +274,7 @@ __declspec(dllexport) bool TITCALL AddOverlayW(wchar_t* szFileName, wchar_t* szO
SetFilePointer(hFile, FileSize, NULL, FILE_BEGIN);
while(OverlaySize > 0)
{
RtlZeroMemory(ueReadBuffer, 0x2000);
RtlZeroMemory(ueReadBuffer, sizeof(ueReadBuffer));
if(OverlaySize > 0x1000)
{

46
TitanEngine/TitanEngine.Static.cpp
View File

@ -455,7 +455,8 @@ __declspec(dllexport) bool TITCALL StaticRawMemoryCopyW(HANDLE hFile, ULONG_PTR
DWORD SizeToRead;
HANDLE hReadFile;
HANDLE hWriteFile;
LPVOID ueCopyBuffer;
//LPVOID ueCopyBuf;
char ueCopyBuffer[0x1000] = {0};
ULONG_PTR AddressToCopy;
DWORD rfNumberOfBytesRead;
@ -474,30 +475,28 @@ __declspec(dllexport) bool TITCALL StaticRawMemoryCopyW(HANDLE hFile, ULONG_PTR
}
if(SetFilePointer(hReadFile, (long)AddressToCopy, NULL, FILE_BEGIN) != INVALID_SET_FILE_POINTER)
{
ueCopyBuffer = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE);
if(ueCopyBuffer != NULL)
{
if(EngineCreatePathForFileW(szDumpFileName))
{
hWriteFile = CreateFileW(szDumpFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
if(hWriteFile != INVALID_HANDLE_VALUE)
{
if(Size < 0x1000)
if(Size < sizeof(ueCopyBuffer))
{
SizeToRead = Size;
}
else
{
SizeToRead = 0x1000;
SizeToRead = sizeof(ueCopyBuffer);
}
while((int)Size > NULL)
{
if(ReadFile(hFile, ueCopyBuffer, SizeToRead, &rfNumberOfBytesRead, NULL) && rfNumberOfBytesRead == SizeToRead)
{
WriteFile(hWriteFile, ueCopyBuffer, SizeToRead, &rfNumberOfBytesRead, NULL);
if(Size > 0x1000)
if(Size > sizeof(ueCopyBuffer))
{
Size = Size - 0x1000;
Size = Size - sizeof(ueCopyBuffer);
}
else if(SizeToRead != Size)
{
@ -526,13 +525,8 @@ __declspec(dllexport) bool TITCALL StaticRawMemoryCopyW(HANDLE hFile, ULONG_PTR
}
EngineCloseHandle(hReadFile);
EngineCloseHandle(hWriteFile);
VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE);
return true;
}
else
{
VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE);
}
}
}
}
@ -562,37 +556,35 @@ __declspec(dllexport) bool TITCALL StaticRawMemoryCopyExW(HANDLE hFile, DWORD Ra
DWORD SizeToRead;
HANDLE hReadFile;
HANDLE hWriteFile;
LPVOID ueCopyBuffer;
char ueCopyBuffer[0x1000] = {0};
DWORD rfNumberOfBytesRead;
if(DuplicateHandle(GetCurrentProcess(), hFile, GetCurrentProcess(), &hReadFile, NULL, false, DUPLICATE_SAME_ACCESS))
{
if(SetFilePointer(hReadFile, (long)(RawAddressToCopy), NULL, FILE_BEGIN) != INVALID_SET_FILE_POINTER)
{
ueCopyBuffer = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE);
if(ueCopyBuffer != NULL)
{
if(EngineCreatePathForFileW(szDumpFileName))
{
hWriteFile = CreateFileW(szDumpFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
if(hWriteFile != INVALID_HANDLE_VALUE)
{
if(Size < 0x1000)
if(Size < sizeof(ueCopyBuffer))
{
SizeToRead = Size;
}
else
{
SizeToRead = 0x1000;
SizeToRead = sizeof(ueCopyBuffer);
}
while((int)Size > NULL)
while((int)Size > 0)
{
if(ReadFile(hFile, ueCopyBuffer, SizeToRead, &rfNumberOfBytesRead, NULL) && rfNumberOfBytesRead == SizeToRead)
{
WriteFile(hWriteFile, ueCopyBuffer, SizeToRead, &rfNumberOfBytesRead, NULL);
if(Size > 0x1000)
if(Size > sizeof(ueCopyBuffer))
{
Size = Size - 0x1000;
Size = Size - sizeof(ueCopyBuffer);
}
else if(SizeToRead != Size)
{
@ -621,13 +613,8 @@ __declspec(dllexport) bool TITCALL StaticRawMemoryCopyExW(HANDLE hFile, DWORD Ra
}
EngineCloseHandle(hReadFile);
EngineCloseHandle(hWriteFile);
VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE);
return true;
}
else
{
VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE);
}
}
}
}
@ -656,7 +643,7 @@ __declspec(dllexport) bool TITCALL StaticRawMemoryCopyEx64W(HANDLE hFile, DWORD6
DWORD SizeToRead;
HANDLE hReadFile;
HANDLE hWriteFile;
LPVOID ueCopyBuffer;
char ueCopyBuffer[0x1000] = {0};
DWORD rfNumberOfBytesRead;
long FilePosLow;
long FilePosHigh;
@ -667,8 +654,6 @@ __declspec(dllexport) bool TITCALL StaticRawMemoryCopyEx64W(HANDLE hFile, DWORD6
RtlMoveMemory(&FilePosHigh, (void*)((ULONG_PTR)(&RawAddressToCopy) + 4), 4);
if(SetFilePointer(hReadFile, FilePosLow, &FilePosHigh, FILE_BEGIN) != INVALID_SET_FILE_POINTER)
{
ueCopyBuffer = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE);
if(ueCopyBuffer != NULL)
{
if(EngineCreatePathForFileW(szDumpFileName))
{
@ -719,13 +704,8 @@ __declspec(dllexport) bool TITCALL StaticRawMemoryCopyEx64W(HANDLE hFile, DWORD6
}
EngineCloseHandle(hReadFile);
EngineCloseHandle(hWriteFile);
VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE);
return true;
}
else
{
VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE);
}
}
}
}

33
TitanEngine/TitanEngine.Tracer.cpp
View File

@ -1125,10 +1125,8 @@ __declspec(dllexport) long long TITCALL TracerFixKnownRedirection(HANDLE hProces
PMEMORY_CMP_HANDLER cMem;
MEMORY_BASIC_INFORMATION MemInfo;
ULONG_PTR ueNumberOfBytesRead = NULL;
LPVOID TracerReadMemory = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE);
char TracerReadMemory[0x1000] = {0};
DWORD MaximumReadSize=0x1000;
if(!TracerReadMemory)
return (NULL);
cMem = (PMEMORY_CMP_HANDLER)TracerReadMemory;
VirtualQueryEx(hProcess, (LPVOID)AddressToTrace, &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
@ -1166,13 +1164,11 @@ __declspec(dllexport) long long TITCALL TracerFixKnownRedirection(HANDLE hProces
RtlMoveMemory(&ReadAddressX86, &cMem->DataByte[8], 4);
TestAddressX86 = TestAddressX86 + ReadAddressX86;
}
VirtualFree(TracerReadMemory, NULL, MEM_RELEASE);
return((DWORD)TestAddressX86);
}
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
VirtualFree(TracerReadMemory, NULL, MEM_RELEASE);
return(NULL);
}
}
@ -1185,14 +1181,12 @@ __declspec(dllexport) long long TITCALL TracerFixKnownRedirection(HANDLE hProces
RtlMoveMemory(&TestAddressX86, &cMem->DataByte[2], 4);
if(ReadProcessMemory(hProcess, (LPVOID)TestAddressX86, &TestAddressX86, 4, &ueNumberOfBytesRead))
{
VirtualFree(TracerReadMemory, NULL, MEM_RELEASE);
return((DWORD)TestAddressX86);
}
}
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
VirtualFree(TracerReadMemory, NULL, MEM_RELEASE);
return(NULL);
}
}
@ -1212,14 +1206,12 @@ __declspec(dllexport) long long TITCALL TracerFixKnownRedirection(HANDLE hProces
}
if(ReadProcessMemory(hProcess, (LPVOID)TestAddressX86, &TestAddressX86, 4, &ueNumberOfBytesRead))
{
VirtualFree(TracerReadMemory, NULL, MEM_RELEASE);
return((DWORD)TestAddressX86);
}
}
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
VirtualFree(TracerReadMemory, NULL, MEM_RELEASE);
return(NULL);
}
}
@ -1268,7 +1260,6 @@ __declspec(dllexport) long long TITCALL TracerFixKnownRedirection(HANDLE hProces
}
if(ReadProcessMemory(hProcess, (LPVOID)TestAddressX86, &TestAddressX86, 4, &ueNumberOfBytesRead))
{
VirtualFree(TracerReadMemory, NULL, MEM_RELEASE);
return((DWORD)TestAddressX86);
}
}
@ -1278,7 +1269,6 @@ __declspec(dllexport) long long TITCALL TracerFixKnownRedirection(HANDLE hProces
RtlMoveMemory(&TestAddressX86, &cMem->DataByte[2], 4);
if(ReadProcessMemory(hProcess, (LPVOID)TestAddressX86, &TestAddressX86, 4, &ueNumberOfBytesRead))
{
VirtualFree(TracerReadMemory, NULL, MEM_RELEASE);
return((DWORD)TestAddressX86);
}
}
@ -1286,7 +1276,6 @@ __declspec(dllexport) long long TITCALL TracerFixKnownRedirection(HANDLE hProces
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
VirtualFree(TracerReadMemory, NULL, MEM_RELEASE);
return(NULL);
}
}
@ -1311,7 +1300,6 @@ __declspec(dllexport) long long TITCALL TracerFixKnownRedirection(HANDLE hProces
if(ReadProcessMemory(hProcess, (LPVOID)TestAddressX86, &TestAddressX86, 4, &ueNumberOfBytesRead))
{
TestAddressX86 = TestAddressX86 ^ ReadAddressX86;
VirtualFree(TracerReadMemory, NULL, MEM_RELEASE);
return((DWORD)TestAddressX86);
}
}
@ -1319,7 +1307,6 @@ __declspec(dllexport) long long TITCALL TracerFixKnownRedirection(HANDLE hProces
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
VirtualFree(TracerReadMemory, NULL, MEM_RELEASE);
return(NULL);
}
}
@ -1330,13 +1317,11 @@ __declspec(dllexport) long long TITCALL TracerFixKnownRedirection(HANDLE hProces
if(ReadProcessMemory(hProcess, (LPVOID)AddressToTrace, TracerReadMemory, MaximumReadSize, &ueNumberOfBytesRead))
{
RtlMoveMemory(&TestAddressX86, &cMem->DataByte[1], 4);
VirtualFree(TracerReadMemory, NULL, MEM_RELEASE);
return((DWORD)TestAddressX86);
}
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
VirtualFree(TracerReadMemory, NULL, MEM_RELEASE);
return(NULL);
}
}
@ -1357,20 +1342,17 @@ __declspec(dllexport) long long TITCALL TracerFixKnownRedirection(HANDLE hProces
{
TestAddressX86 = (DWORD)ImporterGetRemoteAPIAddress(hProcess, (ULONG_PTR)GetProcAddress(GetModuleHandleA("kernel32.dll"), "GetCommandLineW"));
}
VirtualFree(TracerReadMemory, NULL, MEM_RELEASE);
return((DWORD)TestAddressX86);
}
else if(cMem->DataByte[0] == 0xC8)
{
TestAddressX86 = (DWORD)ImporterGetRemoteAPIAddress(hProcess, (ULONG_PTR)GetProcAddress(GetModuleHandleA("kernel32.dll"), "ExitProcess"));
VirtualFree(TracerReadMemory, NULL, MEM_RELEASE);
return((DWORD)TestAddressX86);
}
}
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
VirtualFree(TracerReadMemory, NULL, MEM_RELEASE);
return(NULL);
}
}
@ -1382,13 +1364,11 @@ __declspec(dllexport) long long TITCALL TracerFixKnownRedirection(HANDLE hProces
{
cMem = (PMEMORY_CMP_HANDLER)((ULONG_PTR)cMem + 0x34);
RtlMoveMemory(&TestAddressX86, &cMem->DataByte[0], 4);
VirtualFree(TracerReadMemory, NULL, MEM_RELEASE);
return((DWORD)TestAddressX86);
}
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
VirtualFree(TracerReadMemory, NULL, MEM_RELEASE);
return(NULL);
}
}
@ -1433,18 +1413,15 @@ __declspec(dllexport) long long TITCALL TracerFixKnownRedirection(HANDLE hProces
{
TestAddressX86 = (DWORD)ImporterGetRemoteAPIAddress(hProcess, (ULONG_PTR)GetProcAddress(GetModuleHandleA("kernel32.dll"), "GetModuleHandleA"));
}
VirtualFree(TracerReadMemory, NULL, MEM_RELEASE);
return((DWORD)TestAddressX86);
}
}
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
VirtualFree(TracerReadMemory, NULL, MEM_RELEASE);
return(NULL);
}
}
VirtualFree(TracerReadMemory, NULL, MEM_RELEASE);
return(NULL);
}
@ -1457,8 +1434,8 @@ __declspec(dllexport) long TITCALL TracerFixRedirectionViaImpRecPlugin(HANDLE hP
ULONG_PTR fImpRecTrace = NULL;
PMEMORY_CMP_HANDLER cmpModuleName;
ULONG_PTR remInjectSize = (ULONG_PTR)((ULONG_PTR)&injectedRemoteLoadLibrary - (ULONG_PTR)&injectedImpRec);
LPVOID szModuleName = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE);
LPVOID szGarbageFile = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE);
char szModuleName[0x1100] = {0};
char szGarbageFile[0x1100] = {0};
LPVOID cModuleName = szModuleName;
ULONG_PTR NumberOfBytesWritten;
InjectImpRecCodeData APIData;
@ -1474,7 +1451,7 @@ __declspec(dllexport) long TITCALL TracerFixRedirectionViaImpRecPlugin(HANDLE hP
HANDLE FileMap;
ULONG_PTR FileMapVA;
if(GetModuleFileNameA(engineHandle, (LPCH)szModuleName, 0x1000) > NULL)
if(GetModuleFileNameA(engineHandle, (LPCH)szModuleName, sizeof(szModuleName)-0x100) > NULL)
{
cModuleName = (LPVOID)((ULONG_PTR)cModuleName + lstrlenA((LPCSTR)szModuleName));
cmpModuleName = (PMEMORY_CMP_HANDLER)(cModuleName);
@ -1547,7 +1524,5 @@ __declspec(dllexport) long TITCALL TracerFixRedirectionViaImpRecPlugin(HANDLE hP
}
}
}
VirtualFree(szModuleName, NULL, MEM_RELEASE);
VirtualFree(szGarbageFile, NULL, MEM_RELEASE);
return(TracedAddress);
}

4
TitanEngine/TitanEngine.TranslateName.cpp
View File

@ -5,7 +5,7 @@
__declspec(dllexport) void* TITCALL TranslateNativeName(char* szNativeName)
{
LPVOID TranslatedName = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE);
void* TranslatedName = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE); //pointer is returned
char szDeviceName[3] = "A:";
char szDeviceCOMName[5] = "COM0";
int CurrentDeviceLen;
@ -50,7 +50,7 @@ __declspec(dllexport) void* TITCALL TranslateNativeName(char* szNativeName)
__declspec(dllexport) void* TITCALL TranslateNativeNameW(wchar_t* szNativeName)
{
LPVOID TranslatedName = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE);
void* TranslatedName = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE); //pointer is returned
wchar_t szDeviceName[3] = L"A:";
wchar_t szDeviceCOMName[5] = L"COM0";
int CurrentDeviceLen;