From 772c6dbeda70520a1c27eda6a6b4299feef2cf82 Mon Sep 17 00:00:00 2001 From: deepzero Date: Sat, 8 Mar 2014 14:44:30 +0100 Subject: [PATCH] drop VirtualAlloc in favor of local variables --- TitanEngine/Global.OEPFinder.cpp | 11 +++-- TitanEngine/TitanEngine.Debugger.Helper.cpp | 6 +-- TitanEngine/TitanEngine.Dumper.cpp | 8 ++-- TitanEngine/TitanEngine.Hider.cpp | 14 +------ TitanEngine/TitanEngine.PE.Overlay.cpp | 11 ++--- TitanEngine/TitanEngine.Static.cpp | 46 ++++++--------------- TitanEngine/TitanEngine.Tracer.cpp | 33 ++------------- TitanEngine/TitanEngine.TranslateName.cpp | 4 +- 8 files changed, 34 insertions(+), 99 deletions(-) diff --git a/TitanEngine/Global.OEPFinder.cpp b/TitanEngine/Global.OEPFinder.cpp index bc11272..06049a7 100644 --- a/TitanEngine/Global.OEPFinder.cpp +++ b/TitanEngine/Global.OEPFinder.cpp @@ -55,7 +55,8 @@ void GenericOEPTraceHited() { int i; - void* lpHashBuffer; + //void* lpHashBuffer; + char lpHashBuffer[0x1000] = {0}; bool FakeEPDetected = false; ULONG_PTR NumberOfBytesRW; LPDEBUG_EVENT myDbgEvent = (LPDEBUG_EVENT)GetDebugData(); @@ -85,12 +86,11 @@ void GenericOEPTraceHited() { glbEntryTracerData.SectionData[i].AccessedAlready = true; } - lpHashBuffer = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE); - memBpxAddress = (glbEntryTracerData.MemoryAccessed / 0x1000) * 0x1000; + memBpxAddress = (glbEntryTracerData.MemoryAccessed / sizeof(lpHashBuffer)) * sizeof(lpHashBuffer); memBpxSize = glbEntryTracerData.SectionData[i].SectionVirtualOffset + glbEntryTracerData.SectionData[i].SectionVirtualSize + glbEntryTracerData.LoadedImageBase - memBpxAddress; - if(memBpxSize > 0x1000) + if(memBpxSize > sizeof(lpHashBuffer)) { - memBpxSize = 0x1000; + memBpxSize = sizeof(lpHashBuffer); } if(ReadProcessMemory(dbgProcessInformation.hProcess, (void*)(memBpxAddress), lpHashBuffer, memBpxSize, &NumberOfBytesRW)) { @@ -108,7 +108,6 @@ void GenericOEPTraceHited() FakeEPDetected = true; } } - VirtualFree(lpHashBuffer, NULL, MEM_RELEASE); if(currentHash != originalHash && glbEntryTracerData.SectionData[i].AccessedAlready == true && i != glbEntryTracerData.OriginalEntryPointNum && FakeEPDetected == false) { __try diff --git a/TitanEngine/TitanEngine.Debugger.Helper.cpp b/TitanEngine/TitanEngine.Debugger.Helper.cpp index 1a94e16..3668d9e 100644 --- a/TitanEngine/TitanEngine.Debugger.Helper.cpp +++ b/TitanEngine/TitanEngine.Debugger.Helper.cpp @@ -210,7 +210,7 @@ __declspec(dllexport) long long TITCALL GetFunctionParameter(HANDLE hProcess, DW __declspec(dllexport) long long TITCALL GetJumpDestinationEx(HANDLE hProcess, ULONG_PTR InstructionAddress, bool JustJumps) { - LPVOID ReadMemory; + char ReadMemory[MAXIMUM_INSTRUCTION_SIZE] = {0}; MEMORY_BASIC_INFORMATION MemInfo; ULONG_PTR ueNumberOfBytesRead = NULL; PMEMORY_CMP_HANDLER CompareMemory; @@ -224,9 +224,6 @@ __declspec(dllexport) long long TITCALL GetJumpDestinationEx(HANDLE hProcess, UL VirtualQueryEx(hProcess, (LPVOID)InstructionAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); if(MemInfo.RegionSize > NULL) { - ReadMemory = VirtualAlloc(NULL, MAXIMUM_INSTRUCTION_SIZE, MEM_COMMIT, PAGE_READWRITE); - if(!ReadMemory) - return 0; if(ReadProcessMemory(hProcess, (LPVOID)InstructionAddress, ReadMemory, MAXIMUM_INSTRUCTION_SIZE, &ueNumberOfBytesRead)) { CompareMemory = (PMEMORY_CMP_HANDLER)ReadMemory; @@ -358,7 +355,6 @@ __declspec(dllexport) long long TITCALL GetJumpDestinationEx(HANDLE hProcess, UL ReadProcessMemory(hProcess, (LPVOID)TargetedAddress, &TargetedAddress, 4, &ueNumberOfBytesRead); } } - VirtualFree(ReadMemory, NULL, MEM_RELEASE); return((ULONG_PTR)TargetedAddress); } return(NULL); diff --git a/TitanEngine/TitanEngine.Dumper.cpp b/TitanEngine/TitanEngine.Dumper.cpp index c9d6a40..2665134 100644 --- a/TitanEngine/TitanEngine.Dumper.cpp +++ b/TitanEngine/TitanEngine.Dumper.cpp @@ -393,7 +393,7 @@ __declspec(dllexport) bool TITCALL DumpMemoryW(HANDLE hProcess, LPVOID MemorySta HANDLE hFile = 0; LPVOID ReadBase = MemoryStart; ULONG_PTR ProcReadBase = (ULONG_PTR)ReadBase; - LPVOID ueCopyBuffer = VirtualAlloc(NULL, 0x2000, MEM_COMMIT, PAGE_READWRITE); + char ueCopyBuffer[0x2000] = {0}; MEMORY_BASIC_INFORMATION MemInfo; if(EngineCreatePathForFileW(szDumpFileName)) @@ -406,7 +406,7 @@ __declspec(dllexport) bool TITCALL DumpMemoryW(HANDLE hProcess, LPVOID MemorySta ReadBase = (LPVOID)ProcReadBase; if(MemorySize >= 0x1000) { - RtlZeroMemory(ueCopyBuffer,0x2000); + RtlZeroMemory(ueCopyBuffer, sizeof(ueCopyBuffer)); if(!ReadProcessMemory(hProcess, ReadBase, ueCopyBuffer, 0x1000, &ueNumberOfBytesRead)) { VirtualQueryEx(hProcess, ReadBase, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); @@ -419,7 +419,7 @@ __declspec(dllexport) bool TITCALL DumpMemoryW(HANDLE hProcess, LPVOID MemorySta } else { - RtlZeroMemory(ueCopyBuffer,0x2000); + RtlZeroMemory(ueCopyBuffer, sizeof(ueCopyBuffer)); if(!ReadProcessMemory(hProcess, ReadBase, ueCopyBuffer, MemorySize, &ueNumberOfBytesRead)) { VirtualQueryEx(hProcess, ReadBase, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); @@ -433,12 +433,10 @@ __declspec(dllexport) bool TITCALL DumpMemoryW(HANDLE hProcess, LPVOID MemorySta ProcReadBase = (ULONG_PTR)ReadBase + 0x1000; } EngineCloseHandle(hFile); - VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE); return true; } else { - VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE); return false; } } diff --git a/TitanEngine/TitanEngine.Hider.cpp b/TitanEngine/TitanEngine.Hider.cpp index 4714037..bf019ee 100644 --- a/TitanEngine/TitanEngine.Hider.cpp +++ b/TitanEngine/TitanEngine.Hider.cpp @@ -7,10 +7,7 @@ __declspec(dllexport) void* TITCALL GetPEBLocation(HANDLE hProcess) { ULONG RequiredLen = 0; void * PebAddress = 0; - PPROCESS_BASIC_INFORMATION myProcessBasicInformation = (PPROCESS_BASIC_INFORMATION)VirtualAlloc(NULL, sizeof(PROCESS_BASIC_INFORMATION) * 4, MEM_COMMIT|MEM_RESERVE, PAGE_READWRITE); - - if(!myProcessBasicInformation) - return 0; + PROCESS_BASIC_INFORMATION myProcessBasicInformation[5] = {0}; if(NtQueryInformationProcess(hProcess, ProcessBasicInformation, myProcessBasicInformation, sizeof(PROCESS_BASIC_INFORMATION), &RequiredLen) == STATUS_SUCCESS) { @@ -24,8 +21,6 @@ __declspec(dllexport) void* TITCALL GetPEBLocation(HANDLE hProcess) } } - - VirtualFree(myProcessBasicInformation, 0, MEM_RELEASE); return PebAddress; } @@ -33,10 +28,7 @@ __declspec(dllexport) void* TITCALL GetTEBLocation(HANDLE hThread) { ULONG RequiredLen = 0; void * TebAddress = 0; - PTHREAD_BASIC_INFORMATION myThreadBasicInformation = (PTHREAD_BASIC_INFORMATION)VirtualAlloc(NULL, sizeof(THREAD_BASIC_INFORMATION) * 4, MEM_COMMIT|MEM_RESERVE, PAGE_READWRITE); - - if(!myThreadBasicInformation) - return 0; + THREAD_BASIC_INFORMATION myThreadBasicInformation[5] = {0}; if(NtQueryInformationThread(hThread, ThreadBasicInformation, myThreadBasicInformation, sizeof(THREAD_BASIC_INFORMATION), &RequiredLen) == STATUS_SUCCESS) { @@ -50,8 +42,6 @@ __declspec(dllexport) void* TITCALL GetTEBLocation(HANDLE hThread) } } - - VirtualFree(myThreadBasicInformation, 0, MEM_RELEASE); return TebAddress; } diff --git a/TitanEngine/TitanEngine.PE.Overlay.cpp b/TitanEngine/TitanEngine.PE.Overlay.cpp index d4a10cc..de83865 100644 --- a/TitanEngine/TitanEngine.PE.Overlay.cpp +++ b/TitanEngine/TitanEngine.PE.Overlay.cpp @@ -174,7 +174,7 @@ __declspec(dllexport) bool TITCALL ExtractOverlayW(wchar_t* szFileName, wchar_t* DWORD OverlayStart = 0; DWORD OverlaySize = 0; DWORD ueNumberOfBytesRead = 0; - LPVOID ueReadBuffer = VirtualAlloc(NULL, 0x2000, MEM_COMMIT, PAGE_READWRITE); + char ueReadBuffer[0x2000] = {0}; Return = FindOverlayW(szFileName, &OverlayStart, &OverlaySize); if(Return) @@ -190,7 +190,7 @@ __declspec(dllexport) bool TITCALL ExtractOverlayW(wchar_t* szFileName, wchar_t* SetFilePointer(hFile, OverlayStart, NULL, FILE_BEGIN); while(OverlaySize > 0) { - RtlZeroMemory(ueReadBuffer, 0x2000); + RtlZeroMemory(ueReadBuffer, sizeof(ueReadBuffer)); if(OverlaySize > 0x1000) { @@ -221,21 +221,18 @@ __declspec(dllexport) bool TITCALL ExtractOverlayW(wchar_t* szFileName, wchar_t* OverlaySize = 0; } } - VirtualFree(ueReadBuffer, NULL, MEM_RELEASE); EngineCloseHandle(hFile); EngineCloseHandle(hFileWrite); return true; } else { - VirtualFree(ueReadBuffer, NULL, MEM_RELEASE); EngineCloseHandle(hFile); return false; } } } } - VirtualFree(ueReadBuffer, NULL, MEM_RELEASE); return false; } __declspec(dllexport) bool TITCALL AddOverlay(char* szFileName, char* szOverlayFileName) @@ -264,7 +261,7 @@ __declspec(dllexport) bool TITCALL AddOverlayW(wchar_t* szFileName, wchar_t* szO DWORD OverlaySize = 0; ULONG_PTR ueNumberOfBytesRead = 0; DWORD uedNumberOfBytesRead = 0; - LPVOID ueReadBuffer = VirtualAlloc(NULL, 0x2000, MEM_COMMIT, PAGE_READWRITE); + char ueReadBuffer[0x2000] = {0}; hFile = CreateFileW(szFileName, GENERIC_READ+GENERIC_WRITE, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); if(hFile != INVALID_HANDLE_VALUE) @@ -277,7 +274,7 @@ __declspec(dllexport) bool TITCALL AddOverlayW(wchar_t* szFileName, wchar_t* szO SetFilePointer(hFile, FileSize, NULL, FILE_BEGIN); while(OverlaySize > 0) { - RtlZeroMemory(ueReadBuffer, 0x2000); + RtlZeroMemory(ueReadBuffer, sizeof(ueReadBuffer)); if(OverlaySize > 0x1000) { diff --git a/TitanEngine/TitanEngine.Static.cpp b/TitanEngine/TitanEngine.Static.cpp index 6416b9f..cb12302 100644 --- a/TitanEngine/TitanEngine.Static.cpp +++ b/TitanEngine/TitanEngine.Static.cpp @@ -455,7 +455,8 @@ __declspec(dllexport) bool TITCALL StaticRawMemoryCopyW(HANDLE hFile, ULONG_PTR DWORD SizeToRead; HANDLE hReadFile; HANDLE hWriteFile; - LPVOID ueCopyBuffer; + //LPVOID ueCopyBuf; + char ueCopyBuffer[0x1000] = {0}; ULONG_PTR AddressToCopy; DWORD rfNumberOfBytesRead; @@ -474,30 +475,28 @@ __declspec(dllexport) bool TITCALL StaticRawMemoryCopyW(HANDLE hFile, ULONG_PTR } if(SetFilePointer(hReadFile, (long)AddressToCopy, NULL, FILE_BEGIN) != INVALID_SET_FILE_POINTER) { - ueCopyBuffer = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE); - if(ueCopyBuffer != NULL) { if(EngineCreatePathForFileW(szDumpFileName)) { hWriteFile = CreateFileW(szDumpFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); if(hWriteFile != INVALID_HANDLE_VALUE) { - if(Size < 0x1000) + if(Size < sizeof(ueCopyBuffer)) { SizeToRead = Size; } else { - SizeToRead = 0x1000; + SizeToRead = sizeof(ueCopyBuffer); } while((int)Size > NULL) { if(ReadFile(hFile, ueCopyBuffer, SizeToRead, &rfNumberOfBytesRead, NULL) && rfNumberOfBytesRead == SizeToRead) { WriteFile(hWriteFile, ueCopyBuffer, SizeToRead, &rfNumberOfBytesRead, NULL); - if(Size > 0x1000) + if(Size > sizeof(ueCopyBuffer)) { - Size = Size - 0x1000; + Size = Size - sizeof(ueCopyBuffer); } else if(SizeToRead != Size) { @@ -526,13 +525,8 @@ __declspec(dllexport) bool TITCALL StaticRawMemoryCopyW(HANDLE hFile, ULONG_PTR } EngineCloseHandle(hReadFile); EngineCloseHandle(hWriteFile); - VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE); return true; } - else - { - VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE); - } } } } @@ -562,37 +556,35 @@ __declspec(dllexport) bool TITCALL StaticRawMemoryCopyExW(HANDLE hFile, DWORD Ra DWORD SizeToRead; HANDLE hReadFile; HANDLE hWriteFile; - LPVOID ueCopyBuffer; + char ueCopyBuffer[0x1000] = {0}; DWORD rfNumberOfBytesRead; if(DuplicateHandle(GetCurrentProcess(), hFile, GetCurrentProcess(), &hReadFile, NULL, false, DUPLICATE_SAME_ACCESS)) { if(SetFilePointer(hReadFile, (long)(RawAddressToCopy), NULL, FILE_BEGIN) != INVALID_SET_FILE_POINTER) { - ueCopyBuffer = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE); - if(ueCopyBuffer != NULL) { if(EngineCreatePathForFileW(szDumpFileName)) { hWriteFile = CreateFileW(szDumpFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); if(hWriteFile != INVALID_HANDLE_VALUE) { - if(Size < 0x1000) + if(Size < sizeof(ueCopyBuffer)) { SizeToRead = Size; } else { - SizeToRead = 0x1000; + SizeToRead = sizeof(ueCopyBuffer); } - while((int)Size > NULL) + while((int)Size > 0) { if(ReadFile(hFile, ueCopyBuffer, SizeToRead, &rfNumberOfBytesRead, NULL) && rfNumberOfBytesRead == SizeToRead) { WriteFile(hWriteFile, ueCopyBuffer, SizeToRead, &rfNumberOfBytesRead, NULL); - if(Size > 0x1000) + if(Size > sizeof(ueCopyBuffer)) { - Size = Size - 0x1000; + Size = Size - sizeof(ueCopyBuffer); } else if(SizeToRead != Size) { @@ -621,13 +613,8 @@ __declspec(dllexport) bool TITCALL StaticRawMemoryCopyExW(HANDLE hFile, DWORD Ra } EngineCloseHandle(hReadFile); EngineCloseHandle(hWriteFile); - VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE); return true; } - else - { - VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE); - } } } } @@ -656,7 +643,7 @@ __declspec(dllexport) bool TITCALL StaticRawMemoryCopyEx64W(HANDLE hFile, DWORD6 DWORD SizeToRead; HANDLE hReadFile; HANDLE hWriteFile; - LPVOID ueCopyBuffer; + char ueCopyBuffer[0x1000] = {0}; DWORD rfNumberOfBytesRead; long FilePosLow; long FilePosHigh; @@ -667,8 +654,6 @@ __declspec(dllexport) bool TITCALL StaticRawMemoryCopyEx64W(HANDLE hFile, DWORD6 RtlMoveMemory(&FilePosHigh, (void*)((ULONG_PTR)(&RawAddressToCopy) + 4), 4); if(SetFilePointer(hReadFile, FilePosLow, &FilePosHigh, FILE_BEGIN) != INVALID_SET_FILE_POINTER) { - ueCopyBuffer = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE); - if(ueCopyBuffer != NULL) { if(EngineCreatePathForFileW(szDumpFileName)) { @@ -719,13 +704,8 @@ __declspec(dllexport) bool TITCALL StaticRawMemoryCopyEx64W(HANDLE hFile, DWORD6 } EngineCloseHandle(hReadFile); EngineCloseHandle(hWriteFile); - VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE); return true; } - else - { - VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE); - } } } } diff --git a/TitanEngine/TitanEngine.Tracer.cpp b/TitanEngine/TitanEngine.Tracer.cpp index eb52102..e8ddb9f 100644 --- a/TitanEngine/TitanEngine.Tracer.cpp +++ b/TitanEngine/TitanEngine.Tracer.cpp @@ -1125,10 +1125,8 @@ __declspec(dllexport) long long TITCALL TracerFixKnownRedirection(HANDLE hProces PMEMORY_CMP_HANDLER cMem; MEMORY_BASIC_INFORMATION MemInfo; ULONG_PTR ueNumberOfBytesRead = NULL; - LPVOID TracerReadMemory = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE); + char TracerReadMemory[0x1000] = {0}; DWORD MaximumReadSize=0x1000; - if(!TracerReadMemory) - return (NULL); cMem = (PMEMORY_CMP_HANDLER)TracerReadMemory; VirtualQueryEx(hProcess, (LPVOID)AddressToTrace, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); @@ -1166,13 +1164,11 @@ __declspec(dllexport) long long TITCALL TracerFixKnownRedirection(HANDLE hProces RtlMoveMemory(&ReadAddressX86, &cMem->DataByte[8], 4); TestAddressX86 = TestAddressX86 + ReadAddressX86; } - VirtualFree(TracerReadMemory, NULL, MEM_RELEASE); return((DWORD)TestAddressX86); } } __except(EXCEPTION_EXECUTE_HANDLER) { - VirtualFree(TracerReadMemory, NULL, MEM_RELEASE); return(NULL); } } @@ -1185,14 +1181,12 @@ __declspec(dllexport) long long TITCALL TracerFixKnownRedirection(HANDLE hProces RtlMoveMemory(&TestAddressX86, &cMem->DataByte[2], 4); if(ReadProcessMemory(hProcess, (LPVOID)TestAddressX86, &TestAddressX86, 4, &ueNumberOfBytesRead)) { - VirtualFree(TracerReadMemory, NULL, MEM_RELEASE); return((DWORD)TestAddressX86); } } } __except(EXCEPTION_EXECUTE_HANDLER) { - VirtualFree(TracerReadMemory, NULL, MEM_RELEASE); return(NULL); } } @@ -1212,14 +1206,12 @@ __declspec(dllexport) long long TITCALL TracerFixKnownRedirection(HANDLE hProces } if(ReadProcessMemory(hProcess, (LPVOID)TestAddressX86, &TestAddressX86, 4, &ueNumberOfBytesRead)) { - VirtualFree(TracerReadMemory, NULL, MEM_RELEASE); return((DWORD)TestAddressX86); } } } __except(EXCEPTION_EXECUTE_HANDLER) { - VirtualFree(TracerReadMemory, NULL, MEM_RELEASE); return(NULL); } } @@ -1268,7 +1260,6 @@ __declspec(dllexport) long long TITCALL TracerFixKnownRedirection(HANDLE hProces } if(ReadProcessMemory(hProcess, (LPVOID)TestAddressX86, &TestAddressX86, 4, &ueNumberOfBytesRead)) { - VirtualFree(TracerReadMemory, NULL, MEM_RELEASE); return((DWORD)TestAddressX86); } } @@ -1278,7 +1269,6 @@ __declspec(dllexport) long long TITCALL TracerFixKnownRedirection(HANDLE hProces RtlMoveMemory(&TestAddressX86, &cMem->DataByte[2], 4); if(ReadProcessMemory(hProcess, (LPVOID)TestAddressX86, &TestAddressX86, 4, &ueNumberOfBytesRead)) { - VirtualFree(TracerReadMemory, NULL, MEM_RELEASE); return((DWORD)TestAddressX86); } } @@ -1286,7 +1276,6 @@ __declspec(dllexport) long long TITCALL TracerFixKnownRedirection(HANDLE hProces } __except(EXCEPTION_EXECUTE_HANDLER) { - VirtualFree(TracerReadMemory, NULL, MEM_RELEASE); return(NULL); } } @@ -1311,7 +1300,6 @@ __declspec(dllexport) long long TITCALL TracerFixKnownRedirection(HANDLE hProces if(ReadProcessMemory(hProcess, (LPVOID)TestAddressX86, &TestAddressX86, 4, &ueNumberOfBytesRead)) { TestAddressX86 = TestAddressX86 ^ ReadAddressX86; - VirtualFree(TracerReadMemory, NULL, MEM_RELEASE); return((DWORD)TestAddressX86); } } @@ -1319,7 +1307,6 @@ __declspec(dllexport) long long TITCALL TracerFixKnownRedirection(HANDLE hProces } __except(EXCEPTION_EXECUTE_HANDLER) { - VirtualFree(TracerReadMemory, NULL, MEM_RELEASE); return(NULL); } } @@ -1330,13 +1317,11 @@ __declspec(dllexport) long long TITCALL TracerFixKnownRedirection(HANDLE hProces if(ReadProcessMemory(hProcess, (LPVOID)AddressToTrace, TracerReadMemory, MaximumReadSize, &ueNumberOfBytesRead)) { RtlMoveMemory(&TestAddressX86, &cMem->DataByte[1], 4); - VirtualFree(TracerReadMemory, NULL, MEM_RELEASE); return((DWORD)TestAddressX86); } } __except(EXCEPTION_EXECUTE_HANDLER) { - VirtualFree(TracerReadMemory, NULL, MEM_RELEASE); return(NULL); } } @@ -1357,20 +1342,17 @@ __declspec(dllexport) long long TITCALL TracerFixKnownRedirection(HANDLE hProces { TestAddressX86 = (DWORD)ImporterGetRemoteAPIAddress(hProcess, (ULONG_PTR)GetProcAddress(GetModuleHandleA("kernel32.dll"), "GetCommandLineW")); } - VirtualFree(TracerReadMemory, NULL, MEM_RELEASE); return((DWORD)TestAddressX86); } else if(cMem->DataByte[0] == 0xC8) { TestAddressX86 = (DWORD)ImporterGetRemoteAPIAddress(hProcess, (ULONG_PTR)GetProcAddress(GetModuleHandleA("kernel32.dll"), "ExitProcess")); - VirtualFree(TracerReadMemory, NULL, MEM_RELEASE); return((DWORD)TestAddressX86); } } } __except(EXCEPTION_EXECUTE_HANDLER) { - VirtualFree(TracerReadMemory, NULL, MEM_RELEASE); return(NULL); } } @@ -1382,13 +1364,11 @@ __declspec(dllexport) long long TITCALL TracerFixKnownRedirection(HANDLE hProces { cMem = (PMEMORY_CMP_HANDLER)((ULONG_PTR)cMem + 0x34); RtlMoveMemory(&TestAddressX86, &cMem->DataByte[0], 4); - VirtualFree(TracerReadMemory, NULL, MEM_RELEASE); return((DWORD)TestAddressX86); } } __except(EXCEPTION_EXECUTE_HANDLER) { - VirtualFree(TracerReadMemory, NULL, MEM_RELEASE); return(NULL); } } @@ -1433,18 +1413,15 @@ __declspec(dllexport) long long TITCALL TracerFixKnownRedirection(HANDLE hProces { TestAddressX86 = (DWORD)ImporterGetRemoteAPIAddress(hProcess, (ULONG_PTR)GetProcAddress(GetModuleHandleA("kernel32.dll"), "GetModuleHandleA")); } - VirtualFree(TracerReadMemory, NULL, MEM_RELEASE); return((DWORD)TestAddressX86); } } } __except(EXCEPTION_EXECUTE_HANDLER) { - VirtualFree(TracerReadMemory, NULL, MEM_RELEASE); return(NULL); } } - VirtualFree(TracerReadMemory, NULL, MEM_RELEASE); return(NULL); } @@ -1457,8 +1434,8 @@ __declspec(dllexport) long TITCALL TracerFixRedirectionViaImpRecPlugin(HANDLE hP ULONG_PTR fImpRecTrace = NULL; PMEMORY_CMP_HANDLER cmpModuleName; ULONG_PTR remInjectSize = (ULONG_PTR)((ULONG_PTR)&injectedRemoteLoadLibrary - (ULONG_PTR)&injectedImpRec); - LPVOID szModuleName = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE); - LPVOID szGarbageFile = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE); + char szModuleName[0x1100] = {0}; + char szGarbageFile[0x1100] = {0}; LPVOID cModuleName = szModuleName; ULONG_PTR NumberOfBytesWritten; InjectImpRecCodeData APIData; @@ -1474,7 +1451,7 @@ __declspec(dllexport) long TITCALL TracerFixRedirectionViaImpRecPlugin(HANDLE hP HANDLE FileMap; ULONG_PTR FileMapVA; - if(GetModuleFileNameA(engineHandle, (LPCH)szModuleName, 0x1000) > NULL) + if(GetModuleFileNameA(engineHandle, (LPCH)szModuleName, sizeof(szModuleName)-0x100) > NULL) { cModuleName = (LPVOID)((ULONG_PTR)cModuleName + lstrlenA((LPCSTR)szModuleName)); cmpModuleName = (PMEMORY_CMP_HANDLER)(cModuleName); @@ -1547,7 +1524,5 @@ __declspec(dllexport) long TITCALL TracerFixRedirectionViaImpRecPlugin(HANDLE hP } } } - VirtualFree(szModuleName, NULL, MEM_RELEASE); - VirtualFree(szGarbageFile, NULL, MEM_RELEASE); return(TracedAddress); } \ No newline at end of file diff --git a/TitanEngine/TitanEngine.TranslateName.cpp b/TitanEngine/TitanEngine.TranslateName.cpp index 030295c..100c156 100644 --- a/TitanEngine/TitanEngine.TranslateName.cpp +++ b/TitanEngine/TitanEngine.TranslateName.cpp @@ -5,7 +5,7 @@ __declspec(dllexport) void* TITCALL TranslateNativeName(char* szNativeName) { - LPVOID TranslatedName = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE); + void* TranslatedName = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE); //pointer is returned char szDeviceName[3] = "A:"; char szDeviceCOMName[5] = "COM0"; int CurrentDeviceLen; @@ -50,7 +50,7 @@ __declspec(dllexport) void* TITCALL TranslateNativeName(char* szNativeName) __declspec(dllexport) void* TITCALL TranslateNativeNameW(wchar_t* szNativeName) { - LPVOID TranslatedName = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE); + void* TranslatedName = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE); //pointer is returned wchar_t szDeviceName[3] = L"A:"; wchar_t szDeviceCOMName[5] = L"COM0"; int CurrentDeviceLen;