x64dbg
/
TitanEngine
mirror of https://github.com/x64dbg/TitanEngine
1
0
Fork 0
Code Releases Activity

replaced some RtlMemMove opartions by proper casts (far from all)

This commit is contained in:
deepzero 2014-01-15 11:36:22 +01:00 committed by cypherpunk
parent 55e28c9735
commit 79e1457a93
1 changed files with 21 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
TitanEngine/TitanEngine.cpp
View File

@ -629,8 +629,8 @@ bool EngineIsPointedMemoryString(ULONG_PTR PossibleStringPtr)
bool StringIsValid = true; bool StringIsValid = true;
unsigned int i = 512; unsigned int i = 512;
MEMORY_BASIC_INFORMATION MemInfo; MEMORY_BASIC_INFORMATION MemInfo = {0};
DWORD MaxDisassmSize; DWORD MaxDisassmSize = 512;
BYTE TestChar; BYTE TestChar;
VirtualQueryEx(GetCurrentProcess(), (LPVOID)PossibleStringPtr, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); VirtualQueryEx(GetCurrentProcess(), (LPVOID)PossibleStringPtr, &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
@ -644,19 +644,13 @@ bool EngineIsPointedMemoryString(ULONG_PTR PossibleStringPtr)
{ {
i = MaxDisassmSize; i = MaxDisassmSize;
} }
else
{
MaxDisassmSize = 512;
}
} }
else
{ TestChar = *((BYTE*)PossibleStringPtr);
MaxDisassmSize = 512;
}
RtlMoveMemory(&TestChar, (LPVOID)PossibleStringPtr, 1);
while(i > NULL && StringIsValid == true && TestChar != 0x00) while(i > NULL && StringIsValid == true && TestChar != 0x00)
{ {
RtlMoveMemory(&TestChar, (LPVOID)PossibleStringPtr, 1); TestChar = *((BYTE*)PossibleStringPtr);
if(TestChar < 32 || TestChar > 126) if(TestChar < 32 || TestChar > 126)
{ {
if(TestChar != 0x00) if(TestChar != 0x00)
@ -684,7 +678,7 @@ int EnginePointedMemoryStringLength(ULONG_PTR PossibleStringPtr)
bool StringIsValid = true; bool StringIsValid = true;
unsigned int i = 512; unsigned int i = 512;
MEMORY_BASIC_INFORMATION MemInfo; MEMORY_BASIC_INFORMATION MemInfo;
DWORD MaxDisassmSize; DWORD MaxDisassmSize = 512;
BYTE TestChar; BYTE TestChar;
VirtualQueryEx(GetCurrentProcess(), (LPVOID)PossibleStringPtr, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); VirtualQueryEx(GetCurrentProcess(), (LPVOID)PossibleStringPtr, &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
@ -698,19 +692,13 @@ int EnginePointedMemoryStringLength(ULONG_PTR PossibleStringPtr)
{ {
i = MaxDisassmSize; i = MaxDisassmSize;
} }
else
{
MaxDisassmSize = 512;
}
} }
else
{ TestChar = *((BYTE*)PossibleStringPtr);
MaxDisassmSize = 512;
}
RtlMoveMemory(&TestChar, (LPVOID)PossibleStringPtr, 1);
while(i > NULL && StringIsValid == true && TestChar != 0x00) while(i > NULL && StringIsValid == true && TestChar != 0x00)
{ {
RtlMoveMemory(&TestChar, (LPVOID)PossibleStringPtr, 1); TestChar = *((BYTE*)PossibleStringPtr);
if(TestChar < 32 || TestChar > 126) if(TestChar < 32 || TestChar > 126)
{ {
if(TestChar != 0x00) if(TestChar != 0x00)
@ -824,10 +812,11 @@ bool EngineExtractForwarderData(ULONG_PTR PossibleStringPtr, LPVOID szFwdDLLName
LPVOID lpPossibleStringPtr = (LPVOID)PossibleStringPtr; LPVOID lpPossibleStringPtr = (LPVOID)PossibleStringPtr;
BYTE TestChar; BYTE TestChar;
RtlMoveMemory(&TestChar, (LPVOID)PossibleStringPtr, 1); TestChar = *((BYTE*)PossibleStringPtr);
while(TestChar != 0x2E && TestChar != 0x00) while(TestChar != 0x2E && TestChar != 0x00)
{ {
RtlMoveMemory(&TestChar, (LPVOID)PossibleStringPtr, 1); TestChar = *((BYTE*)PossibleStringPtr);
PossibleStringPtr++; PossibleStringPtr++;
} }
if(TestChar == 0x00) if(TestChar == 0x00)
@ -838,14 +827,15 @@ bool EngineExtractForwarderData(ULONG_PTR PossibleStringPtr, LPVOID szFwdDLLName
RtlCopyMemory(szFwdDLLName, lpPossibleStringPtr, PossibleStringPtr - (ULONG_PTR)lpPossibleStringPtr); RtlCopyMemory(szFwdDLLName, lpPossibleStringPtr, PossibleStringPtr - (ULONG_PTR)lpPossibleStringPtr);
lstrcatA((LPSTR)szFwdDLLName, ".dll"); lstrcatA((LPSTR)szFwdDLLName, ".dll");
lpPossibleStringPtr = (LPVOID)(PossibleStringPtr + 1); lpPossibleStringPtr = (LPVOID)(PossibleStringPtr + 1);
RtlMoveMemory(&TestChar, (LPVOID)PossibleStringPtr, 1); TestChar = *((BYTE*)PossibleStringPtr);
if(TestChar == 0x23) if(TestChar == 0x23)
{ {
lpPossibleStringPtr = (LPVOID)(PossibleStringPtr + 1); lpPossibleStringPtr = (LPVOID)(PossibleStringPtr + 1);
} }
while(TestChar != 0x00) while(TestChar != 0x00)
{ {
RtlMoveMemory(&TestChar, (LPVOID)PossibleStringPtr, 1); TestChar = *((BYTE*)PossibleStringPtr);
PossibleStringPtr++; PossibleStringPtr++;
} }
RtlCopyMemory(szFwdAPIName, lpPossibleStringPtr, PossibleStringPtr - (ULONG_PTR)lpPossibleStringPtr); RtlCopyMemory(szFwdAPIName, lpPossibleStringPtr, PossibleStringPtr - (ULONG_PTR)lpPossibleStringPtr);
@ -1211,19 +1201,20 @@ bool EngineValidateResource(HMODULE hModule, LPCTSTR lpszType, LPTSTR lpszName,
{ {
if(!EngineIsBadReadPtrEx(ResourceData, ResourceSize)) if(!EngineIsBadReadPtrEx(ResourceData, ResourceSize))
{ {
RtlMoveMemory((LPVOID)lParam, &ReturnData, 1); *((LONG*)lParam) = ReturnData;
return(false); return(false);
} }
} }
else else
{ {
RtlMoveMemory((LPVOID)lParam, &ReturnData, 1); *((LONG*)lParam) = ReturnData;
return(false); return(false);
} }
} }
return(true); return(true);
} }
RtlMoveMemory((LPVOID)lParam, &ReturnData, 1);
*((LONG*)lParam) = ReturnData;
return(false); return(false);
} }
bool EngineValidateHeader(ULONG_PTR FileMapVA, HANDLE hFileProc, LPVOID ImageBase, PIMAGE_DOS_HEADER DOSHeader, bool IsFile) bool EngineValidateHeader(ULONG_PTR FileMapVA, HANDLE hFileProc, LPVOID ImageBase, PIMAGE_DOS_HEADER DOSHeader, bool IsFile)