mirror of https://github.com/x64dbg/TitanEngine
fixed various potential exceptions (ConvertVAtoFileOffset return wasn't checked everywhere)
This commit is contained in:
parent
b89eff37c8
commit
7e1fb26ebe
|
|
@ -239,13 +239,19 @@ bool EngineGetAPINameRemote(HANDLE hProcess, ULONG_PTR APIAddress, char* APIName
|
||||||
ExportDirectorySize=(ULONG_PTR)PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size;
|
ExportDirectorySize=(ULONG_PTR)PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size;
|
||||||
}
|
}
|
||||||
PIMAGE_EXPORT_DIRECTORY ExportDirectory=(PIMAGE_EXPORT_DIRECTORY)ConvertVAtoFileOffset(FileMapVA, ExportDirectoryVA+ImageBase, true);
|
PIMAGE_EXPORT_DIRECTORY ExportDirectory=(PIMAGE_EXPORT_DIRECTORY)ConvertVAtoFileOffset(FileMapVA, ExportDirectoryVA+ImageBase, true);
|
||||||
|
if(ExportDirectory)
|
||||||
|
{
|
||||||
DWORD* AddrOfFunctions=(DWORD*)ConvertVAtoFileOffset(FileMapVA, ExportDirectory->AddressOfFunctions+ImageBase, true);
|
DWORD* AddrOfFunctions=(DWORD*)ConvertVAtoFileOffset(FileMapVA, ExportDirectory->AddressOfFunctions+ImageBase, true);
|
||||||
DWORD* AddrOfNames=(DWORD*)ConvertVAtoFileOffset(FileMapVA, ExportDirectory->AddressOfNames+ImageBase, true);
|
DWORD* AddrOfNames=(DWORD*)ConvertVAtoFileOffset(FileMapVA, ExportDirectory->AddressOfNames+ImageBase, true);
|
||||||
SHORT* AddrOfNameOrdinals=(SHORT*)ConvertVAtoFileOffset(FileMapVA, ExportDirectory->AddressOfNameOrdinals+ImageBase, true);
|
SHORT* AddrOfNameOrdinals=(SHORT*)ConvertVAtoFileOffset(FileMapVA, ExportDirectory->AddressOfNameOrdinals+ImageBase, true);
|
||||||
|
if(AddrOfFunctions && AddrOfNames && AddrOfNameOrdinals)
|
||||||
|
{
|
||||||
unsigned int NumberOfNames=ExportDirectory->NumberOfNames;
|
unsigned int NumberOfNames=ExportDirectory->NumberOfNames;
|
||||||
for(unsigned int i=0; i<NumberOfNames; i++)
|
for(unsigned int i=0; i<NumberOfNames; i++)
|
||||||
{
|
{
|
||||||
const char* curName=(const char*)ConvertVAtoFileOffset(FileMapVA, AddrOfNames[i]+ImageBase, true);
|
const char* curName=(const char*)ConvertVAtoFileOffset(FileMapVA, AddrOfNames[i]+ImageBase, true);
|
||||||
|
if(!curName)
|
||||||
|
continue;
|
||||||
unsigned int curRva=AddrOfFunctions[AddrOfNameOrdinals[i]];
|
unsigned int curRva=AddrOfFunctions[AddrOfNameOrdinals[i]];
|
||||||
if(curRva<ExportDirectoryVA || curRva>=ExportDirectoryVA+ExportDirectorySize) //non-forwarded exports
|
if(curRva<ExportDirectoryVA || curRva>=ExportDirectoryVA+ExportDirectorySize) //non-forwarded exports
|
||||||
{
|
{
|
||||||
|
|
@ -254,17 +260,21 @@ bool EngineGetAPINameRemote(HANDLE hProcess, ULONG_PTR APIAddress, char* APIName
|
||||||
if(APIName && APINameSize>strlen(curName))
|
if(APIName && APINameSize>strlen(curName))
|
||||||
{
|
{
|
||||||
strcpy(APIName, curName);
|
strcpy(APIName, curName);
|
||||||
|
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
if(APINameSizeNeeded)
|
if(APINameSizeNeeded)
|
||||||
{
|
{
|
||||||
*APINameSizeNeeded=strlen(curName);
|
*APINameSizeNeeded=strlen(curName);
|
||||||
|
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
|
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
|
||||||
}
|
}
|
||||||
return false;
|
return false;
|
||||||
|
|
@ -312,7 +322,11 @@ DWORD EngineGetAPIOrdinalRemote(HANDLE hProcess, ULONG_PTR APIAddress)
|
||||||
ExportDirectorySize=(ULONG_PTR)PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size;
|
ExportDirectorySize=(ULONG_PTR)PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size;
|
||||||
}
|
}
|
||||||
PIMAGE_EXPORT_DIRECTORY ExportDirectory=(PIMAGE_EXPORT_DIRECTORY)ConvertVAtoFileOffset(FileMapVA, ExportDirectoryVA+ImageBase, true);
|
PIMAGE_EXPORT_DIRECTORY ExportDirectory=(PIMAGE_EXPORT_DIRECTORY)ConvertVAtoFileOffset(FileMapVA, ExportDirectoryVA+ImageBase, true);
|
||||||
|
if(ExportDirectory)
|
||||||
|
{
|
||||||
DWORD* AddrOfFunctions=(DWORD*)ConvertVAtoFileOffset(FileMapVA, ExportDirectory->AddressOfFunctions+ImageBase, true);
|
DWORD* AddrOfFunctions=(DWORD*)ConvertVAtoFileOffset(FileMapVA, ExportDirectory->AddressOfFunctions+ImageBase, true);
|
||||||
|
if(AddrOfFunctions)
|
||||||
|
{
|
||||||
unsigned int NumberOfFunctions=ExportDirectory->NumberOfFunctions;
|
unsigned int NumberOfFunctions=ExportDirectory->NumberOfFunctions;
|
||||||
for(unsigned int i=0,j=0; i<NumberOfFunctions; i++)
|
for(unsigned int i=0,j=0; i<NumberOfFunctions; i++)
|
||||||
{
|
{
|
||||||
|
|
@ -323,10 +337,15 @@ DWORD EngineGetAPIOrdinalRemote(HANDLE hProcess, ULONG_PTR APIAddress)
|
||||||
if(curRva<ExportDirectoryVA || curRva>=ExportDirectoryVA+ExportDirectorySize) //non-forwarded exports
|
if(curRva<ExportDirectoryVA || curRva>=ExportDirectoryVA+ExportDirectorySize) //non-forwarded exports
|
||||||
{
|
{
|
||||||
if(curRva+ModuleBase==APIAddress)
|
if(curRva+ModuleBase==APIAddress)
|
||||||
|
{
|
||||||
|
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
|
||||||
return j;
|
return j;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
|
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
|
||||||
}
|
}
|
||||||
return 0;
|
return 0;
|
||||||
|
|
|
||||||
|
|
@ -119,9 +119,11 @@ __declspec(dllexport) bool TITCALL EngineCreateMissingDependenciesW(wchar_t* szF
|
||||||
ImportTableAddress = (ULONG_PTR)PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress;
|
ImportTableAddress = (ULONG_PTR)PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress;
|
||||||
ImportTableAddress = (ULONG_PTR)ConvertVAtoFileOffset(FileMapVA, ImportTableAddress + ImageBase, true);
|
ImportTableAddress = (ULONG_PTR)ConvertVAtoFileOffset(FileMapVA, ImportTableAddress + ImageBase, true);
|
||||||
ImportPointer = (PIMAGE_IMPORT_DESCRIPTOR)ImportTableAddress;
|
ImportPointer = (PIMAGE_IMPORT_DESCRIPTOR)ImportTableAddress;
|
||||||
while(ImportPointer->FirstThunk != NULL)
|
while(ImportPointer && ImportPointer->FirstThunk != NULL)
|
||||||
{
|
{
|
||||||
ImportDllName = (PCHAR)((ULONG_PTR)ConvertVAtoFileOffset(FileMapVA, ImportPointer->Name + ImageBase, true));
|
ImportDllName = (PCHAR)((ULONG_PTR)ConvertVAtoFileOffset(FileMapVA, ImportPointer->Name + ImageBase, true));
|
||||||
|
if(ImportDllName)
|
||||||
|
{
|
||||||
MultiByteToWideChar(CP_ACP, NULL, ImportDllName, lstrlenA(ImportDllName)+1, ImportDllNameW, sizeof(ImportDllNameW)/(sizeof(ImportDllNameW[0])));
|
MultiByteToWideChar(CP_ACP, NULL, ImportDllName, lstrlenA(ImportDllName)+1, ImportDllNameW, sizeof(ImportDllNameW)/(sizeof(ImportDllNameW[0])));
|
||||||
if(!EngineIsDependencyPresentW(ImportDllNameW, szFileName, szOutputFolder))
|
if(!EngineIsDependencyPresentW(ImportDllNameW, szFileName, szOutputFolder))
|
||||||
{
|
{
|
||||||
|
|
@ -148,7 +150,7 @@ __declspec(dllexport) bool TITCALL EngineCreateMissingDependenciesW(wchar_t* szF
|
||||||
{
|
{
|
||||||
ImportThunkX86 = (PIMAGE_THUNK_DATA32)((ULONG_PTR)ConvertVAtoFileOffset(FileMapVA, ImportPointer->FirstThunk + ImageBase, true));
|
ImportThunkX86 = (PIMAGE_THUNK_DATA32)((ULONG_PTR)ConvertVAtoFileOffset(FileMapVA, ImportPointer->FirstThunk + ImageBase, true));
|
||||||
}
|
}
|
||||||
while(ImportThunkX86->u1.Function != NULL)
|
while(ImportThunkX86 && ImportThunkX86->u1.Function != NULL)
|
||||||
{
|
{
|
||||||
if(ImportThunkX86->u1.Ordinal & IMAGE_ORDINAL_FLAG32)
|
if(ImportThunkX86->u1.Ordinal & IMAGE_ORDINAL_FLAG32)
|
||||||
{
|
{
|
||||||
|
|
@ -157,6 +159,7 @@ __declspec(dllexport) bool TITCALL EngineCreateMissingDependenciesW(wchar_t* szF
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
ImportThunkName = (ULONG_PTR)(ConvertVAtoFileOffset(FileMapVA, ImportThunkX86->u1.AddressOfData + ImageBase, true) + 2);
|
ImportThunkName = (ULONG_PTR)(ConvertVAtoFileOffset(FileMapVA, ImportThunkX86->u1.AddressOfData + ImageBase, true) + 2);
|
||||||
|
if(ImportThunkName)
|
||||||
ExporterAddNewExport((PCHAR)ImportThunkName, 0x1000);
|
ExporterAddNewExport((PCHAR)ImportThunkName, 0x1000);
|
||||||
}
|
}
|
||||||
ImportThunkX86 = (PIMAGE_THUNK_DATA32)((ULONG_PTR)ImportThunkX86 + 4);
|
ImportThunkX86 = (PIMAGE_THUNK_DATA32)((ULONG_PTR)ImportThunkX86 + 4);
|
||||||
|
|
@ -167,15 +170,18 @@ __declspec(dllexport) bool TITCALL EngineCreateMissingDependenciesW(wchar_t* szF
|
||||||
ImportPointer = (PIMAGE_IMPORT_DESCRIPTOR)((ULONG_PTR)ImportPointer + sizeof IMAGE_IMPORT_DESCRIPTOR);
|
ImportPointer = (PIMAGE_IMPORT_DESCRIPTOR)((ULONG_PTR)ImportPointer + sizeof IMAGE_IMPORT_DESCRIPTOR);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
ImageBase = (ULONG_PTR)PEHeader64->OptionalHeader.ImageBase;
|
ImageBase = (ULONG_PTR)PEHeader64->OptionalHeader.ImageBase;
|
||||||
ImportTableAddress = (ULONG_PTR)PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress;
|
ImportTableAddress = (ULONG_PTR)PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress;
|
||||||
ImportTableAddress = (ULONG_PTR)ConvertVAtoFileOffset(FileMapVA, ImportTableAddress + ImageBase, true);
|
ImportTableAddress = (ULONG_PTR)ConvertVAtoFileOffset(FileMapVA, ImportTableAddress + ImageBase, true);
|
||||||
ImportPointer = (PIMAGE_IMPORT_DESCRIPTOR)ImportTableAddress;
|
ImportPointer = (PIMAGE_IMPORT_DESCRIPTOR)ImportTableAddress;
|
||||||
while(ImportPointer->FirstThunk != NULL)
|
while(ImportPointer && ImportPointer->FirstThunk != NULL)
|
||||||
{
|
{
|
||||||
ImportDllName = (PCHAR)((ULONG_PTR)ConvertVAtoFileOffset(FileMapVA, ImportPointer->Name + ImageBase, true));
|
ImportDllName = (PCHAR)((ULONG_PTR)ConvertVAtoFileOffset(FileMapVA, ImportPointer->Name + ImageBase, true));
|
||||||
|
if(ImportDllName)
|
||||||
|
{
|
||||||
MultiByteToWideChar(CP_ACP, NULL, ImportDllName, lstrlenA(ImportDllName)+1, ImportDllNameW, sizeof(ImportDllNameW)/(sizeof(ImportDllNameW[0])));
|
MultiByteToWideChar(CP_ACP, NULL, ImportDllName, lstrlenA(ImportDllName)+1, ImportDllNameW, sizeof(ImportDllNameW)/(sizeof(ImportDllNameW[0])));
|
||||||
if(!EngineIsDependencyPresentW(ImportDllNameW, szFileName, szOutputFolder))
|
if(!EngineIsDependencyPresentW(ImportDllNameW, szFileName, szOutputFolder))
|
||||||
{
|
{
|
||||||
|
|
@ -202,7 +208,7 @@ __declspec(dllexport) bool TITCALL EngineCreateMissingDependenciesW(wchar_t* szF
|
||||||
{
|
{
|
||||||
ImportThunkX64 = (PIMAGE_THUNK_DATA64)((ULONG_PTR)ConvertVAtoFileOffset(FileMapVA, ImportPointer->FirstThunk + ImageBase, true));
|
ImportThunkX64 = (PIMAGE_THUNK_DATA64)((ULONG_PTR)ConvertVAtoFileOffset(FileMapVA, ImportPointer->FirstThunk + ImageBase, true));
|
||||||
}
|
}
|
||||||
while(ImportThunkX64->u1.Function != NULL)
|
while(ImportThunkX64 && ImportThunkX64->u1.Function != NULL)
|
||||||
{
|
{
|
||||||
if(ImportThunkX64->u1.Ordinal & IMAGE_ORDINAL_FLAG64)
|
if(ImportThunkX64->u1.Ordinal & IMAGE_ORDINAL_FLAG64)
|
||||||
{
|
{
|
||||||
|
|
@ -211,6 +217,7 @@ __declspec(dllexport) bool TITCALL EngineCreateMissingDependenciesW(wchar_t* szF
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
ImportThunkName = (ULONG_PTR)(ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)(ImportThunkX64->u1.AddressOfData + ImageBase), true) + 2);
|
ImportThunkName = (ULONG_PTR)(ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)(ImportThunkX64->u1.AddressOfData + ImageBase), true) + 2);
|
||||||
|
if(ImportThunkName)
|
||||||
ExporterAddNewExport((PCHAR)ImportThunkName, 0x1000);
|
ExporterAddNewExport((PCHAR)ImportThunkName, 0x1000);
|
||||||
}
|
}
|
||||||
ImportThunkX64 = (PIMAGE_THUNK_DATA64)((ULONG_PTR)ImportThunkX64 + 8);
|
ImportThunkX64 = (PIMAGE_THUNK_DATA64)((ULONG_PTR)ImportThunkX64 + 8);
|
||||||
|
|
@ -221,6 +228,7 @@ __declspec(dllexport) bool TITCALL EngineCreateMissingDependenciesW(wchar_t* szF
|
||||||
ImportPointer = (PIMAGE_IMPORT_DESCRIPTOR)((ULONG_PTR)ImportPointer + sizeof IMAGE_IMPORT_DESCRIPTOR);
|
ImportPointer = (PIMAGE_IMPORT_DESCRIPTOR)((ULONG_PTR)ImportPointer + sizeof IMAGE_IMPORT_DESCRIPTOR);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
|
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -276,6 +276,7 @@ __declspec(dllexport) bool TITCALL ExporterBuildExportTableExW(wchar_t* szExport
|
||||||
if(MapFileExW(szExportFileName, UE_ACCESS_ALL, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL))
|
if(MapFileExW(szExportFileName, UE_ACCESS_ALL, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL))
|
||||||
{
|
{
|
||||||
NewSectionFO = (DWORD)ConvertVAtoFileOffset(FileMapVA, NewSectionVO + (ULONG_PTR)GetPE32DataFromMappedFile(FileMapVA, NULL, UE_IMAGEBASE), true);
|
NewSectionFO = (DWORD)ConvertVAtoFileOffset(FileMapVA, NewSectionVO + (ULONG_PTR)GetPE32DataFromMappedFile(FileMapVA, NULL, UE_IMAGEBASE), true);
|
||||||
|
if(NewSectionFO)
|
||||||
ReturnValue = ExporterBuildExportTable(NewSectionFO, FileMapVA);
|
ReturnValue = ExporterBuildExportTable(NewSectionFO, FileMapVA);
|
||||||
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
|
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
|
||||||
if(ReturnValue)
|
if(ReturnValue)
|
||||||
|
|
@ -359,21 +360,33 @@ __declspec(dllexport) bool TITCALL ExporterLoadExportTableW(wchar_t* szFileName)
|
||||||
if(PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress != NULL)
|
if(PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress != NULL)
|
||||||
{
|
{
|
||||||
PEExports = (PIMAGE_EXPORT_DIRECTORY)(ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)(PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress + PEHeader32->OptionalHeader.ImageBase), true));
|
PEExports = (PIMAGE_EXPORT_DIRECTORY)(ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)(PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress + PEHeader32->OptionalHeader.ImageBase), true));
|
||||||
|
if(PEExports)
|
||||||
|
{
|
||||||
ExportedFunctions = (PEXPORTED_DATA)(ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)(PEExports->AddressOfFunctions + PEHeader32->OptionalHeader.ImageBase), true));
|
ExportedFunctions = (PEXPORTED_DATA)(ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)(PEExports->AddressOfFunctions + PEHeader32->OptionalHeader.ImageBase), true));
|
||||||
|
if(ExportedFunctions)
|
||||||
|
{
|
||||||
ExporterInit(50 * 1024, (ULONG_PTR)PEHeader32->OptionalHeader.ImageBase, PEExports->Base, NULL);
|
ExporterInit(50 * 1024, (ULONG_PTR)PEHeader32->OptionalHeader.ImageBase, PEExports->Base, NULL);
|
||||||
ExportPresent = true;
|
ExportPresent = true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
if(PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress != NULL)
|
if(PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress != NULL)
|
||||||
{
|
{
|
||||||
PEExports = (PIMAGE_EXPORT_DIRECTORY)(ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)(PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress + PEHeader64->OptionalHeader.ImageBase), true));
|
PEExports = (PIMAGE_EXPORT_DIRECTORY)(ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)(PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress + PEHeader64->OptionalHeader.ImageBase), true));
|
||||||
|
if(PEExports)
|
||||||
|
{
|
||||||
ExportedFunctions = (PEXPORTED_DATA)(ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)(PEExports->AddressOfFunctions + PEHeader64->OptionalHeader.ImageBase), true));
|
ExportedFunctions = (PEXPORTED_DATA)(ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)(PEExports->AddressOfFunctions + PEHeader64->OptionalHeader.ImageBase), true));
|
||||||
|
if(ExportedFunctions)
|
||||||
|
{
|
||||||
ExporterInit(50 * 1024, (ULONG_PTR)PEHeader64->OptionalHeader.ImageBase, PEExports->Base, NULL);
|
ExporterInit(50 * 1024, (ULONG_PTR)PEHeader64->OptionalHeader.ImageBase, PEExports->Base, NULL);
|
||||||
ExportPresent = true;
|
ExportPresent = true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
if(ExportPresent)
|
if(ExportPresent)
|
||||||
{
|
{
|
||||||
for(n = 0; n <= PEExports->NumberOfNames; n++)
|
for(n = 0; n <= PEExports->NumberOfNames; n++)
|
||||||
|
|
@ -390,6 +403,8 @@ __declspec(dllexport) bool TITCALL ExporterLoadExportTableW(wchar_t* szFileName)
|
||||||
ExportedFunctionNames = (PEXPORTED_DATA)(ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)(PEExports->AddressOfNames + PEHeader64->OptionalHeader.ImageBase), true));
|
ExportedFunctionNames = (PEXPORTED_DATA)(ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)(PEExports->AddressOfNames + PEHeader64->OptionalHeader.ImageBase), true));
|
||||||
ExportedFunctionOrdinals = (PEXPORTED_DATA_WORD)(ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)(PEExports->AddressOfNameOrdinals + PEHeader64->OptionalHeader.ImageBase), true));
|
ExportedFunctionOrdinals = (PEXPORTED_DATA_WORD)(ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)(PEExports->AddressOfNameOrdinals + PEHeader64->OptionalHeader.ImageBase), true));
|
||||||
}
|
}
|
||||||
|
if(ExportedFunctionNames && ExportedFunctionOrdinals)
|
||||||
|
{
|
||||||
for(j = 0; j <= PEExports->NumberOfNames; j++)
|
for(j = 0; j <= PEExports->NumberOfNames; j++)
|
||||||
{
|
{
|
||||||
if(ExportedFunctionOrdinals->OrdinalNumber != x)
|
if(ExportedFunctionOrdinals->OrdinalNumber != x)
|
||||||
|
|
@ -413,10 +428,12 @@ __declspec(dllexport) bool TITCALL ExporterLoadExportTableW(wchar_t* szFileName)
|
||||||
{
|
{
|
||||||
ExportName = (char*)(ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)(ExportedFunctionNames->ExportedItem + PEHeader64->OptionalHeader.ImageBase), true));
|
ExportName = (char*)(ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)(ExportedFunctionNames->ExportedItem + PEHeader64->OptionalHeader.ImageBase), true));
|
||||||
}
|
}
|
||||||
|
if(ExportName)
|
||||||
ExporterAddNewExport(ExportName, ExportedFunctions->ExportedItem);
|
ExporterAddNewExport(ExportName, ExportedFunctions->ExportedItem);
|
||||||
}
|
}
|
||||||
ExportedFunctions = (PEXPORTED_DATA)((ULONG_PTR)ExportedFunctions + 4);
|
ExportedFunctions = (PEXPORTED_DATA)((ULONG_PTR)ExportedFunctions + 4);
|
||||||
}
|
}
|
||||||
|
}
|
||||||
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
|
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -470,7 +470,7 @@ __declspec(dllexport) bool TITCALL HooksInsertNewIATRedirectionEx(ULONG_PTR File
|
||||||
ThunkData32 = (PIMAGE_THUNK_DATA32)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)((ULONG_PTR)ImportIID->FirstThunk + PEHeader32->OptionalHeader.ImageBase), true);
|
ThunkData32 = (PIMAGE_THUNK_DATA32)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)((ULONG_PTR)ImportIID->FirstThunk + PEHeader32->OptionalHeader.ImageBase), true);
|
||||||
CurrentThunk = (ULONG_PTR)ImportIID->FirstThunk;
|
CurrentThunk = (ULONG_PTR)ImportIID->FirstThunk;
|
||||||
}
|
}
|
||||||
while(ThunkData32->u1.AddressOfData != NULL)
|
while(ThunkData32 && ThunkData32->u1.AddressOfData != NULL)
|
||||||
{
|
{
|
||||||
if(!(ThunkData32->u1.Ordinal & IMAGE_ORDINAL_FLAG32))
|
if(!(ThunkData32->u1.Ordinal & IMAGE_ORDINAL_FLAG32))
|
||||||
{
|
{
|
||||||
|
|
@ -519,7 +519,7 @@ __declspec(dllexport) bool TITCALL HooksInsertNewIATRedirectionEx(ULONG_PTR File
|
||||||
ThunkData64 = (PIMAGE_THUNK_DATA64)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)((ULONG_PTR)ImportIID->FirstThunk + PEHeader64->OptionalHeader.ImageBase), true);
|
ThunkData64 = (PIMAGE_THUNK_DATA64)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)((ULONG_PTR)ImportIID->FirstThunk + PEHeader64->OptionalHeader.ImageBase), true);
|
||||||
CurrentThunk = (ULONG_PTR)ImportIID->FirstThunk;
|
CurrentThunk = (ULONG_PTR)ImportIID->FirstThunk;
|
||||||
}
|
}
|
||||||
while(ThunkData64->u1.AddressOfData != NULL)
|
while(ThunkData64 && ThunkData64->u1.AddressOfData != NULL)
|
||||||
{
|
{
|
||||||
if(!(ThunkData64->u1.Ordinal & IMAGE_ORDINAL_FLAG64))
|
if(!(ThunkData64->u1.Ordinal & IMAGE_ORDINAL_FLAG64))
|
||||||
{
|
{
|
||||||
|
|
|
||||||
|
|
@ -73,7 +73,6 @@ __declspec(dllexport) long TITCALL GetPE32SectionNumberFromVA(ULONG_PTR FileMapV
|
||||||
}
|
}
|
||||||
__declspec(dllexport) ULONG_PTR TITCALL ConvertVAtoFileOffset(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType)
|
__declspec(dllexport) ULONG_PTR TITCALL ConvertVAtoFileOffset(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType)
|
||||||
{
|
{
|
||||||
|
|
||||||
PIMAGE_DOS_HEADER DOSHeader;
|
PIMAGE_DOS_HEADER DOSHeader;
|
||||||
PIMAGE_NT_HEADERS32 PEHeader32;
|
PIMAGE_NT_HEADERS32 PEHeader32;
|
||||||
PIMAGE_NT_HEADERS64 PEHeader64;
|
PIMAGE_NT_HEADERS64 PEHeader64;
|
||||||
|
|
@ -129,14 +128,14 @@ __declspec(dllexport) ULONG_PTR TITCALL ConvertVAtoFileOffset(ULONG_PTR FileMapV
|
||||||
{
|
{
|
||||||
if(ConvertedAddress != NULL)
|
if(ConvertedAddress != NULL)
|
||||||
{
|
{
|
||||||
ConvertedAddress = ConvertedAddress + FileMapVA;
|
ConvertedAddress += FileMapVA;
|
||||||
}
|
}
|
||||||
else if(ConvertAddress == NULL)
|
else if(ConvertAddress == NULL)
|
||||||
{
|
{
|
||||||
ConvertedAddress = FileMapVA;
|
ConvertedAddress = FileMapVA;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return(ConvertedAddress);
|
return ConvertedAddress;
|
||||||
}
|
}
|
||||||
__except(EXCEPTION_EXECUTE_HANDLER)
|
__except(EXCEPTION_EXECUTE_HANDLER)
|
||||||
{
|
{
|
||||||
|
|
@ -170,7 +169,7 @@ __declspec(dllexport) ULONG_PTR TITCALL ConvertVAtoFileOffset(ULONG_PTR FileMapV
|
||||||
{
|
{
|
||||||
if(ConvertedAddress != NULL)
|
if(ConvertedAddress != NULL)
|
||||||
{
|
{
|
||||||
ConvertedAddress = ConvertedAddress + FileMapVA;
|
ConvertedAddress += FileMapVA;
|
||||||
}
|
}
|
||||||
else if(ConvertAddress == NULL)
|
else if(ConvertAddress == NULL)
|
||||||
{
|
{
|
||||||
|
|
|
||||||
|
|
@ -211,6 +211,7 @@ __declspec(dllexport) bool TITCALL RelocaterExportRelocationExW(wchar_t* szFileN
|
||||||
if(MapFileExW(szFileName, UE_ACCESS_ALL, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL))
|
if(MapFileExW(szFileName, UE_ACCESS_ALL, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL))
|
||||||
{
|
{
|
||||||
NewSectionFO = (DWORD)ConvertVAtoFileOffset(FileMapVA, NewSectionVO + (ULONG_PTR)GetPE32DataFromMappedFile(FileMapVA, NULL, UE_IMAGEBASE), true);
|
NewSectionFO = (DWORD)ConvertVAtoFileOffset(FileMapVA, NewSectionVO + (ULONG_PTR)GetPE32DataFromMappedFile(FileMapVA, NULL, UE_IMAGEBASE), true);
|
||||||
|
if(NewSectionFO)
|
||||||
ReturnValue = RelocaterExportRelocation(NewSectionFO, NewSectionVO, FileMapVA);
|
ReturnValue = RelocaterExportRelocation(NewSectionFO, NewSectionVO, FileMapVA);
|
||||||
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
|
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
|
||||||
if(ReturnValue)
|
if(ReturnValue)
|
||||||
|
|
|
||||||
|
|
@ -74,10 +74,12 @@ __declspec(dllexport) bool TITCALL TLSGrabCallBackDataW(wchar_t* szFileName, LPV
|
||||||
{
|
{
|
||||||
ULONG_PTR TLSDirectoryAddress = (ULONG_PTR)((ULONG_PTR)PEHeader32->OptionalHeader.ImageBase + PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress);
|
ULONG_PTR TLSDirectoryAddress = (ULONG_PTR)((ULONG_PTR)PEHeader32->OptionalHeader.ImageBase + PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress);
|
||||||
PIMAGE_TLS_DIRECTORY32 TLSDirectoryX86 = (PIMAGE_TLS_DIRECTORY32)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)TLSDirectoryAddress, true);
|
PIMAGE_TLS_DIRECTORY32 TLSDirectoryX86 = (PIMAGE_TLS_DIRECTORY32)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)TLSDirectoryAddress, true);
|
||||||
if(TLSDirectoryX86->AddressOfCallBacks != NULL)
|
if(TLSDirectoryX86 && TLSDirectoryX86->AddressOfCallBacks != NULL)
|
||||||
{
|
{
|
||||||
ULONG_PTR TLSCompareData = 0;
|
ULONG_PTR TLSCompareData = 0;
|
||||||
ULONG_PTR TLSCallBackAddress = (ULONG_PTR)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)TLSDirectoryX86->AddressOfCallBacks, true);
|
ULONG_PTR TLSCallBackAddress = (ULONG_PTR)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)TLSDirectoryX86->AddressOfCallBacks, true);
|
||||||
|
if(TLSCallBackAddress)
|
||||||
|
{
|
||||||
while(memcmp((LPVOID)TLSCallBackAddress, &TLSCompareData, sizeof ULONG_PTR) != NULL)
|
while(memcmp((LPVOID)TLSCallBackAddress, &TLSCompareData, sizeof ULONG_PTR) != NULL)
|
||||||
{
|
{
|
||||||
if(ArrayOfCallBacks)
|
if(ArrayOfCallBacks)
|
||||||
|
|
@ -109,16 +111,26 @@ __declspec(dllexport) bool TITCALL TLSGrabCallBackDataW(wchar_t* szFileName, LPV
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
if(NumberOfCallBacks)
|
||||||
|
*NumberOfCallBacks = 0;
|
||||||
|
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
else //x64
|
else //x64
|
||||||
{
|
{
|
||||||
if(PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress != NULL)
|
if(PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress != NULL)
|
||||||
{
|
{
|
||||||
ULONG_PTR TLSDirectoryAddress = (ULONG_PTR)((ULONG_PTR)PEHeader64->OptionalHeader.ImageBase + PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress);
|
ULONG_PTR TLSDirectoryAddress = (ULONG_PTR)((ULONG_PTR)PEHeader64->OptionalHeader.ImageBase + PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress);
|
||||||
PIMAGE_TLS_DIRECTORY64 TLSDirectoryX64 = (PIMAGE_TLS_DIRECTORY64)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)TLSDirectoryAddress, true);
|
PIMAGE_TLS_DIRECTORY64 TLSDirectoryX64 = (PIMAGE_TLS_DIRECTORY64)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)TLSDirectoryAddress, true);
|
||||||
if(TLSDirectoryX64->AddressOfCallBacks != NULL)
|
if(TLSDirectoryX64 && TLSDirectoryX64->AddressOfCallBacks != NULL)
|
||||||
{
|
{
|
||||||
ULONG_PTR TLSCompareData = NULL;
|
ULONG_PTR TLSCompareData = NULL;
|
||||||
ULONG_PTR TLSCallBackAddress = (ULONG_PTR)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)TLSDirectoryX64->AddressOfCallBacks, true);
|
ULONG_PTR TLSCallBackAddress = (ULONG_PTR)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)TLSDirectoryX64->AddressOfCallBacks, true);
|
||||||
|
if(TLSCallBackAddress)
|
||||||
|
{
|
||||||
while(memcmp((LPVOID)TLSCallBackAddress, &TLSCompareData, sizeof ULONG_PTR) != NULL)
|
while(memcmp((LPVOID)TLSCallBackAddress, &TLSCompareData, sizeof ULONG_PTR) != NULL)
|
||||||
{
|
{
|
||||||
if(ArrayOfCallBacks)
|
if(ArrayOfCallBacks)
|
||||||
|
|
@ -150,6 +162,14 @@ __declspec(dllexport) bool TITCALL TLSGrabCallBackDataW(wchar_t* szFileName, LPV
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
if(NumberOfCallBacks)
|
||||||
|
*NumberOfCallBacks = 0;
|
||||||
|
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
|
@ -695,7 +715,9 @@ __declspec(dllexport) bool TITCALL TLSBuildNewTableExW(wchar_t* szFileName, char
|
||||||
if(MapFileExW(szFileName, UE_ACCESS_ALL, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL))
|
if(MapFileExW(szFileName, UE_ACCESS_ALL, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL))
|
||||||
{
|
{
|
||||||
DWORD NewSectionFO = (DWORD)ConvertVAtoFileOffset(FileMapVA, NewSectionVO + tlsImageBase, true);
|
DWORD NewSectionFO = (DWORD)ConvertVAtoFileOffset(FileMapVA, NewSectionVO + tlsImageBase, true);
|
||||||
bool ReturnValue = TLSBuildNewTable(FileMapVA, NewSectionFO, NewSectionVO, ArrayOfCallBacks, NumberOfCallBacks);
|
bool ReturnValue = false;
|
||||||
|
if(NewSectionFO)
|
||||||
|
ReturnValue = TLSBuildNewTable(FileMapVA, NewSectionFO, NewSectionVO, ArrayOfCallBacks, NumberOfCallBacks);
|
||||||
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
|
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
|
||||||
if(ReturnValue)
|
if(ReturnValue)
|
||||||
{
|
{
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue