x64dbg
/
TitanEngine
mirror of https://github.com/x64dbg/TitanEngine
1
0
Fork 0
Code Releases Activity

fixed various potential exceptions (ConvertVAtoFileOffset return wasn't checked everywhere)

This commit is contained in:
Mr. eXoDia 2014-06-01 14:34:42 +02:00
parent b89eff37c8
commit 7e1fb26ebe
7 changed files with 220 additions and 154 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
TitanEngine/Global.Engine.Importer.cpp
View File

@ -239,27 +239,37 @@ bool EngineGetAPINameRemote(HANDLE hProcess, ULONG_PTR APIAddress, char* APIName
ExportDirectorySize=(ULONG_PTR)PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size;
}
PIMAGE_EXPORT_DIRECTORY ExportDirectory=(PIMAGE_EXPORT_DIRECTORY)ConvertVAtoFileOffset(FileMapVA, ExportDirectoryVA+ImageBase, true);
DWORD* AddrOfFunctions=(DWORD*)ConvertVAtoFileOffset(FileMapVA, ExportDirectory->AddressOfFunctions+ImageBase, true);
DWORD* AddrOfNames=(DWORD*)ConvertVAtoFileOffset(FileMapVA, ExportDirectory->AddressOfNames+ImageBase, true);
SHORT* AddrOfNameOrdinals=(SHORT*)ConvertVAtoFileOffset(FileMapVA, ExportDirectory->AddressOfNameOrdinals+ImageBase, true);
unsigned int NumberOfNames=ExportDirectory->NumberOfNames;
for(unsigned int i=0; i<NumberOfNames; i++)
if(ExportDirectory)
{
const char* curName=(const char*)ConvertVAtoFileOffset(FileMapVA, AddrOfNames[i]+ImageBase, true);
unsigned int curRva=AddrOfFunctions[AddrOfNameOrdinals[i]];
if(curRva<ExportDirectoryVA || curRva>=ExportDirectoryVA+ExportDirectorySize) //non-forwarded exports
DWORD* AddrOfFunctions=(DWORD*)ConvertVAtoFileOffset(FileMapVA, ExportDirectory->AddressOfFunctions+ImageBase, true);
DWORD* AddrOfNames=(DWORD*)ConvertVAtoFileOffset(FileMapVA, ExportDirectory->AddressOfNames+ImageBase, true);
SHORT* AddrOfNameOrdinals=(SHORT*)ConvertVAtoFileOffset(FileMapVA, ExportDirectory->AddressOfNameOrdinals+ImageBase, true);
if(AddrOfFunctions && AddrOfNames && AddrOfNameOrdinals)
{
if(curRva+ModuleBase==APIAddress)
unsigned int NumberOfNames=ExportDirectory->NumberOfNames;
for(unsigned int i=0; i<NumberOfNames; i++)
{
if(APIName && APINameSize>strlen(curName))
const char* curName=(const char*)ConvertVAtoFileOffset(FileMapVA, AddrOfNames[i]+ImageBase, true);
if(!curName)
continue;
unsigned int curRva=AddrOfFunctions[AddrOfNameOrdinals[i]];
if(curRva<ExportDirectoryVA || curRva>=ExportDirectoryVA+ExportDirectorySize) //non-forwarded exports
{
strcpy(APIName, curName);
return true;
}
if(APINameSizeNeeded)
{
*APINameSizeNeeded=strlen(curName);
return true;
if(curRva+ModuleBase==APIAddress)
{
if(APIName && APINameSize>strlen(curName))
{
strcpy(APIName, curName);
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return true;
}
if(APINameSizeNeeded)
{
*APINameSizeNeeded=strlen(curName);
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return true;
}
}
}
}
}
@ -312,18 +322,27 @@ DWORD EngineGetAPIOrdinalRemote(HANDLE hProcess, ULONG_PTR APIAddress)
ExportDirectorySize=(ULONG_PTR)PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size;
}
PIMAGE_EXPORT_DIRECTORY ExportDirectory=(PIMAGE_EXPORT_DIRECTORY)ConvertVAtoFileOffset(FileMapVA, ExportDirectoryVA+ImageBase, true);
DWORD* AddrOfFunctions=(DWORD*)ConvertVAtoFileOffset(FileMapVA, ExportDirectory->AddressOfFunctions+ImageBase, true);
unsigned int NumberOfFunctions=ExportDirectory->NumberOfFunctions;
for(unsigned int i=0,j=0; i<NumberOfFunctions; i++)
if(ExportDirectory)
{
unsigned int curRva=AddrOfFunctions[i];
if(!curRva)
continue;
j++; //ordinal
if(curRva<ExportDirectoryVA || curRva>=ExportDirectoryVA+ExportDirectorySize) //non-forwarded exports
DWORD* AddrOfFunctions=(DWORD*)ConvertVAtoFileOffset(FileMapVA, ExportDirectory->AddressOfFunctions+ImageBase, true);
if(AddrOfFunctions)
{
if(curRva+ModuleBase==APIAddress)
return j;
unsigned int NumberOfFunctions=ExportDirectory->NumberOfFunctions;
for(unsigned int i=0,j=0; i<NumberOfFunctions; i++)
{
unsigned int curRva=AddrOfFunctions[i];
if(!curRva)
continue;
j++; //ordinal
if(curRva<ExportDirectoryVA || curRva>=ExportDirectoryVA+ExportDirectorySize) //non-forwarded exports
{
if(curRva+ModuleBase==APIAddress)
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return j;
}
}
}
}
}
}

148
TitanEngine/TitanEngine.Engine.cpp
View File

@ -119,52 +119,56 @@ __declspec(dllexport) bool TITCALL EngineCreateMissingDependenciesW(wchar_t* szF
ImportTableAddress = (ULONG_PTR)PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress;
ImportTableAddress = (ULONG_PTR)ConvertVAtoFileOffset(FileMapVA, ImportTableAddress + ImageBase, true);
ImportPointer = (PIMAGE_IMPORT_DESCRIPTOR)ImportTableAddress;
while(ImportPointer->FirstThunk != NULL)
while(ImportPointer && ImportPointer->FirstThunk != NULL)
{
ImportDllName = (PCHAR)((ULONG_PTR)ConvertVAtoFileOffset(FileMapVA, ImportPointer->Name + ImageBase, true));
MultiByteToWideChar(CP_ACP, NULL, ImportDllName, lstrlenA(ImportDllName)+1, ImportDllNameW, sizeof(ImportDllNameW)/(sizeof(ImportDllNameW[0])));
if(!EngineIsDependencyPresentW(ImportDllNameW, szFileName, szOutputFolder))
if(ImportDllName)
{
RtlZeroMemory(&BuildExportName, sizeof(BuildExportName));
lstrcatW(BuildExportName, szOutputFolder);
if(BuildExportName[lstrlenW(BuildExportName)-1] != 0x5C)
MultiByteToWideChar(CP_ACP, NULL, ImportDllName, lstrlenA(ImportDllName)+1, ImportDllNameW, sizeof(ImportDllNameW)/(sizeof(ImportDllNameW[0])));
if(!EngineIsDependencyPresentW(ImportDllNameW, szFileName, szOutputFolder))
{
BuildExportName[lstrlenW(BuildExportName)] = 0x5C;
}
lstrcatW(BuildExportName, ImportDllNameW);
if(LogCreatedFiles)
{
RtlMoveMemory(engineDependencyFilesCWP, &BuildExportName, lstrlenW(BuildExportName) * 2);
engineDependencyFilesCWP = (LPVOID)((ULONG_PTR)engineDependencyFilesCWP + (lstrlenW(BuildExportName) * 2) + 2);
}
EngineExtractResource("MODULEx86", BuildExportName);
ExporterInit(20 * 1024, (ULONG_PTR)GetPE32DataW(BuildExportName, NULL, UE_IMAGEBASE), NULL, ImportDllName);
ImportThunkAddress = ImportPointer->FirstThunk;
if(ImportPointer->OriginalFirstThunk != NULL)
{
ImportThunkX86 = (PIMAGE_THUNK_DATA32)((ULONG_PTR)ConvertVAtoFileOffset(FileMapVA, ImportPointer->OriginalFirstThunk + ImageBase, true));
}
else
{
ImportThunkX86 = (PIMAGE_THUNK_DATA32)((ULONG_PTR)ConvertVAtoFileOffset(FileMapVA, ImportPointer->FirstThunk + ImageBase, true));
}
while(ImportThunkX86->u1.Function != NULL)
{
if(ImportThunkX86->u1.Ordinal & IMAGE_ORDINAL_FLAG32)
RtlZeroMemory(&BuildExportName, sizeof(BuildExportName));
lstrcatW(BuildExportName, szOutputFolder);
if(BuildExportName[lstrlenW(BuildExportName)-1] != 0x5C)
{
ExporterAddNewOrdinalExport(ImportThunkX86->u1.Ordinal ^ IMAGE_ORDINAL_FLAG32, 0x1000);
BuildExportName[lstrlenW(BuildExportName)] = 0x5C;
}
lstrcatW(BuildExportName, ImportDllNameW);
if(LogCreatedFiles)
{
RtlMoveMemory(engineDependencyFilesCWP, &BuildExportName, lstrlenW(BuildExportName) * 2);
engineDependencyFilesCWP = (LPVOID)((ULONG_PTR)engineDependencyFilesCWP + (lstrlenW(BuildExportName) * 2) + 2);
}
EngineExtractResource("MODULEx86", BuildExportName);
ExporterInit(20 * 1024, (ULONG_PTR)GetPE32DataW(BuildExportName, NULL, UE_IMAGEBASE), NULL, ImportDllName);
ImportThunkAddress = ImportPointer->FirstThunk;
if(ImportPointer->OriginalFirstThunk != NULL)
{
ImportThunkX86 = (PIMAGE_THUNK_DATA32)((ULONG_PTR)ConvertVAtoFileOffset(FileMapVA, ImportPointer->OriginalFirstThunk + ImageBase, true));
}
else
{
ImportThunkName = (ULONG_PTR)(ConvertVAtoFileOffset(FileMapVA, ImportThunkX86->u1.AddressOfData + ImageBase, true) + 2);
ExporterAddNewExport((PCHAR)ImportThunkName, 0x1000);
ImportThunkX86 = (PIMAGE_THUNK_DATA32)((ULONG_PTR)ConvertVAtoFileOffset(FileMapVA, ImportPointer->FirstThunk + ImageBase, true));
}
ImportThunkX86 = (PIMAGE_THUNK_DATA32)((ULONG_PTR)ImportThunkX86 + 4);
ImportThunkAddress = ImportThunkAddress + 4;
while(ImportThunkX86 && ImportThunkX86->u1.Function != NULL)
{
if(ImportThunkX86->u1.Ordinal & IMAGE_ORDINAL_FLAG32)
{
ExporterAddNewOrdinalExport(ImportThunkX86->u1.Ordinal ^ IMAGE_ORDINAL_FLAG32, 0x1000);
}
else
{
ImportThunkName = (ULONG_PTR)(ConvertVAtoFileOffset(FileMapVA, ImportThunkX86->u1.AddressOfData + ImageBase, true) + 2);
if(ImportThunkName)
ExporterAddNewExport((PCHAR)ImportThunkName, 0x1000);
}
ImportThunkX86 = (PIMAGE_THUNK_DATA32)((ULONG_PTR)ImportThunkX86 + 4);
ImportThunkAddress = ImportThunkAddress + 4;
}
ExporterBuildExportTableExW(BuildExportName, ".export");
}
ExporterBuildExportTableExW(BuildExportName, ".export");
ImportPointer = (PIMAGE_IMPORT_DESCRIPTOR)((ULONG_PTR)ImportPointer + sizeof IMAGE_IMPORT_DESCRIPTOR);
}
ImportPointer = (PIMAGE_IMPORT_DESCRIPTOR)((ULONG_PTR)ImportPointer + sizeof IMAGE_IMPORT_DESCRIPTOR);
}
}
else
@ -173,52 +177,56 @@ __declspec(dllexport) bool TITCALL EngineCreateMissingDependenciesW(wchar_t* szF
ImportTableAddress = (ULONG_PTR)PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress;
ImportTableAddress = (ULONG_PTR)ConvertVAtoFileOffset(FileMapVA, ImportTableAddress + ImageBase, true);
ImportPointer = (PIMAGE_IMPORT_DESCRIPTOR)ImportTableAddress;
while(ImportPointer->FirstThunk != NULL)
while(ImportPointer && ImportPointer->FirstThunk != NULL)
{
ImportDllName = (PCHAR)((ULONG_PTR)ConvertVAtoFileOffset(FileMapVA, ImportPointer->Name + ImageBase, true));
MultiByteToWideChar(CP_ACP, NULL, ImportDllName, lstrlenA(ImportDllName)+1, ImportDllNameW, sizeof(ImportDllNameW)/(sizeof(ImportDllNameW[0])));
if(!EngineIsDependencyPresentW(ImportDllNameW, szFileName, szOutputFolder))
if(ImportDllName)
{
RtlZeroMemory(&BuildExportName, sizeof(BuildExportName));
lstrcatW(BuildExportName, szOutputFolder);
if(BuildExportName[lstrlenW(BuildExportName)-1] != 0x5C)
MultiByteToWideChar(CP_ACP, NULL, ImportDllName, lstrlenA(ImportDllName)+1, ImportDllNameW, sizeof(ImportDllNameW)/(sizeof(ImportDllNameW[0])));
if(!EngineIsDependencyPresentW(ImportDllNameW, szFileName, szOutputFolder))
{
BuildExportName[lstrlenW(BuildExportName)] = 0x5C;
}
lstrcatW(BuildExportName, ImportDllNameW);
if(LogCreatedFiles)
{
RtlMoveMemory(engineDependencyFilesCWP, &BuildExportName, lstrlenW(BuildExportName) * 2);
engineDependencyFilesCWP = (LPVOID)((ULONG_PTR)engineDependencyFilesCWP + (lstrlenW(BuildExportName) * 2) + 2);
}
EngineExtractResource("MODULEx64", BuildExportName);
ExporterInit(20 * 1024, (ULONG_PTR)GetPE32DataW(BuildExportName, NULL, UE_IMAGEBASE), NULL, ImportDllName);
ImportThunkAddress = ImportPointer->FirstThunk;
if(ImportPointer->OriginalFirstThunk != NULL)
{
ImportThunkX64 = (PIMAGE_THUNK_DATA64)((ULONG_PTR)ConvertVAtoFileOffset(FileMapVA, ImportPointer->OriginalFirstThunk + ImageBase, true));
}
else
{
ImportThunkX64 = (PIMAGE_THUNK_DATA64)((ULONG_PTR)ConvertVAtoFileOffset(FileMapVA, ImportPointer->FirstThunk + ImageBase, true));
}
while(ImportThunkX64->u1.Function != NULL)
{
if(ImportThunkX64->u1.Ordinal & IMAGE_ORDINAL_FLAG64)
RtlZeroMemory(&BuildExportName, sizeof(BuildExportName));
lstrcatW(BuildExportName, szOutputFolder);
if(BuildExportName[lstrlenW(BuildExportName)-1] != 0x5C)
{
ExporterAddNewOrdinalExport((DWORD)(ImportThunkX64->u1.Ordinal ^ IMAGE_ORDINAL_FLAG64), 0x1000);
BuildExportName[lstrlenW(BuildExportName)] = 0x5C;
}
lstrcatW(BuildExportName, ImportDllNameW);
if(LogCreatedFiles)
{
RtlMoveMemory(engineDependencyFilesCWP, &BuildExportName, lstrlenW(BuildExportName) * 2);
engineDependencyFilesCWP = (LPVOID)((ULONG_PTR)engineDependencyFilesCWP + (lstrlenW(BuildExportName) * 2) + 2);
}
EngineExtractResource("MODULEx64", BuildExportName);
ExporterInit(20 * 1024, (ULONG_PTR)GetPE32DataW(BuildExportName, NULL, UE_IMAGEBASE), NULL, ImportDllName);
ImportThunkAddress = ImportPointer->FirstThunk;
if(ImportPointer->OriginalFirstThunk != NULL)
{
ImportThunkX64 = (PIMAGE_THUNK_DATA64)((ULONG_PTR)ConvertVAtoFileOffset(FileMapVA, ImportPointer->OriginalFirstThunk + ImageBase, true));
}
else
{
ImportThunkName = (ULONG_PTR)(ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)(ImportThunkX64->u1.AddressOfData + ImageBase), true) + 2);
ExporterAddNewExport((PCHAR)ImportThunkName, 0x1000);
ImportThunkX64 = (PIMAGE_THUNK_DATA64)((ULONG_PTR)ConvertVAtoFileOffset(FileMapVA, ImportPointer->FirstThunk + ImageBase, true));
}
ImportThunkX64 = (PIMAGE_THUNK_DATA64)((ULONG_PTR)ImportThunkX64 + 8);
ImportThunkAddress = ImportThunkAddress + 8;
while(ImportThunkX64 && ImportThunkX64->u1.Function != NULL)
{
if(ImportThunkX64->u1.Ordinal & IMAGE_ORDINAL_FLAG64)
{
ExporterAddNewOrdinalExport((DWORD)(ImportThunkX64->u1.Ordinal ^ IMAGE_ORDINAL_FLAG64), 0x1000);
}
else
{
ImportThunkName = (ULONG_PTR)(ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)(ImportThunkX64->u1.AddressOfData + ImageBase), true) + 2);
if(ImportThunkName)
ExporterAddNewExport((PCHAR)ImportThunkName, 0x1000);
}
ImportThunkX64 = (PIMAGE_THUNK_DATA64)((ULONG_PTR)ImportThunkX64 + 8);
ImportThunkAddress = ImportThunkAddress + 8;
}
ExporterBuildExportTableExW(BuildExportName, ".export");
}
ExporterBuildExportTableExW(BuildExportName, ".export");
ImportPointer = (PIMAGE_IMPORT_DESCRIPTOR)((ULONG_PTR)ImportPointer + sizeof IMAGE_IMPORT_DESCRIPTOR);
}
ImportPointer = (PIMAGE_IMPORT_DESCRIPTOR)((ULONG_PTR)ImportPointer + sizeof IMAGE_IMPORT_DESCRIPTOR);
}
}
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);

71
TitanEngine/TitanEngine.Exporter.cpp
View File

@ -276,7 +276,8 @@ __declspec(dllexport) bool TITCALL ExporterBuildExportTableExW(wchar_t* szExport
if(MapFileExW(szExportFileName, UE_ACCESS_ALL, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL))
{
NewSectionFO = (DWORD)ConvertVAtoFileOffset(FileMapVA, NewSectionVO + (ULONG_PTR)GetPE32DataFromMappedFile(FileMapVA, NULL, UE_IMAGEBASE), true);
ReturnValue = ExporterBuildExportTable(NewSectionFO, FileMapVA);
if(NewSectionFO)
ReturnValue = ExporterBuildExportTable(NewSectionFO, FileMapVA);
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
if(ReturnValue)
{
@ -359,9 +360,15 @@ __declspec(dllexport) bool TITCALL ExporterLoadExportTableW(wchar_t* szFileName)
if(PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress != NULL)
{
PEExports = (PIMAGE_EXPORT_DIRECTORY)(ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)(PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress + PEHeader32->OptionalHeader.ImageBase), true));
ExportedFunctions = (PEXPORTED_DATA)(ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)(PEExports->AddressOfFunctions + PEHeader32->OptionalHeader.ImageBase), true));
ExporterInit(50 * 1024, (ULONG_PTR)PEHeader32->OptionalHeader.ImageBase, PEExports->Base, NULL);
ExportPresent = true;
if(PEExports)
{
ExportedFunctions = (PEXPORTED_DATA)(ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)(PEExports->AddressOfFunctions + PEHeader32->OptionalHeader.ImageBase), true));
if(ExportedFunctions)
{
ExporterInit(50 * 1024, (ULONG_PTR)PEHeader32->OptionalHeader.ImageBase, PEExports->Base, NULL);
ExportPresent = true;
}
}
}
}
else
@ -369,9 +376,15 @@ __declspec(dllexport) bool TITCALL ExporterLoadExportTableW(wchar_t* szFileName)
if(PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress != NULL)
{
PEExports = (PIMAGE_EXPORT_DIRECTORY)(ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)(PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress + PEHeader64->OptionalHeader.ImageBase), true));
ExportedFunctions = (PEXPORTED_DATA)(ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)(PEExports->AddressOfFunctions + PEHeader64->OptionalHeader.ImageBase), true));
ExporterInit(50 * 1024, (ULONG_PTR)PEHeader64->OptionalHeader.ImageBase, PEExports->Base, NULL);
ExportPresent = true;
if(PEExports)
{
ExportedFunctions = (PEXPORTED_DATA)(ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)(PEExports->AddressOfFunctions + PEHeader64->OptionalHeader.ImageBase), true));
if(ExportedFunctions)
{
ExporterInit(50 * 1024, (ULONG_PTR)PEHeader64->OptionalHeader.ImageBase, PEExports->Base, NULL);
ExportPresent = true;
}
}
}
}
if(ExportPresent)
@ -390,32 +403,36 @@ __declspec(dllexport) bool TITCALL ExporterLoadExportTableW(wchar_t* szFileName)
ExportedFunctionNames = (PEXPORTED_DATA)(ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)(PEExports->AddressOfNames + PEHeader64->OptionalHeader.ImageBase), true));
ExportedFunctionOrdinals = (PEXPORTED_DATA_WORD)(ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)(PEExports->AddressOfNameOrdinals + PEHeader64->OptionalHeader.ImageBase), true));
}
for(j = 0; j <= PEExports->NumberOfNames; j++)
if(ExportedFunctionNames && ExportedFunctionOrdinals)
{
if(ExportedFunctionOrdinals->OrdinalNumber != x)
for(j = 0; j <= PEExports->NumberOfNames; j++)
{
ExportedFunctionOrdinals = (PEXPORTED_DATA_WORD)((ULONG_PTR)ExportedFunctionOrdinals + 2);
if(ExportedFunctionOrdinals->OrdinalNumber != x)
{
ExportedFunctionOrdinals = (PEXPORTED_DATA_WORD)((ULONG_PTR)ExportedFunctionOrdinals + 2);
}
else
{
ExportPresent = true;
break;
}
}
else
if(ExportPresent)
{
ExportPresent = true;
break;
ExportedFunctionNames = (PEXPORTED_DATA)((ULONG_PTR)ExportedFunctionNames + j * 4);
if(!FileIs64)
{
ExportName = (char*)(ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)(ExportedFunctionNames->ExportedItem + PEHeader32->OptionalHeader.ImageBase), true));
}
else
{
ExportName = (char*)(ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)(ExportedFunctionNames->ExportedItem + PEHeader64->OptionalHeader.ImageBase), true));
}
if(ExportName)
ExporterAddNewExport(ExportName, ExportedFunctions->ExportedItem);
}
ExportedFunctions = (PEXPORTED_DATA)((ULONG_PTR)ExportedFunctions + 4);
}
if(ExportPresent)
{
ExportedFunctionNames = (PEXPORTED_DATA)((ULONG_PTR)ExportedFunctionNames + j * 4);
if(!FileIs64)
{
ExportName = (char*)(ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)(ExportedFunctionNames->ExportedItem + PEHeader32->OptionalHeader.ImageBase), true));
}
else
{
ExportName = (char*)(ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)(ExportedFunctionNames->ExportedItem + PEHeader64->OptionalHeader.ImageBase), true));
}
ExporterAddNewExport(ExportName, ExportedFunctions->ExportedItem);
}
ExportedFunctions = (PEXPORTED_DATA)((ULONG_PTR)ExportedFunctions + 4);
}
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return true;

4
TitanEngine/TitanEngine.Hooks.cpp
View File

@ -470,7 +470,7 @@ __declspec(dllexport) bool TITCALL HooksInsertNewIATRedirectionEx(ULONG_PTR File
ThunkData32 = (PIMAGE_THUNK_DATA32)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)((ULONG_PTR)ImportIID->FirstThunk + PEHeader32->OptionalHeader.ImageBase), true);
CurrentThunk = (ULONG_PTR)ImportIID->FirstThunk;
}
while(ThunkData32->u1.AddressOfData != NULL)
while(ThunkData32 && ThunkData32->u1.AddressOfData != NULL)
{
if(!(ThunkData32->u1.Ordinal & IMAGE_ORDINAL_FLAG32))
{
@ -519,7 +519,7 @@ __declspec(dllexport) bool TITCALL HooksInsertNewIATRedirectionEx(ULONG_PTR File
ThunkData64 = (PIMAGE_THUNK_DATA64)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)((ULONG_PTR)ImportIID->FirstThunk + PEHeader64->OptionalHeader.ImageBase), true);
CurrentThunk = (ULONG_PTR)ImportIID->FirstThunk;
}
while(ThunkData64->u1.AddressOfData != NULL)
while(ThunkData64 && ThunkData64->u1.AddressOfData != NULL)
{
if(!(ThunkData64->u1.Ordinal & IMAGE_ORDINAL_FLAG64))
{

7
TitanEngine/TitanEngine.PE.Convert.cpp
View File

@ -73,7 +73,6 @@ __declspec(dllexport) long TITCALL GetPE32SectionNumberFromVA(ULONG_PTR FileMapV
}
__declspec(dllexport) ULONG_PTR TITCALL ConvertVAtoFileOffset(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType)
{
PIMAGE_DOS_HEADER DOSHeader;
PIMAGE_NT_HEADERS32 PEHeader32;
PIMAGE_NT_HEADERS64 PEHeader64;
@ -129,14 +128,14 @@ __declspec(dllexport) ULONG_PTR TITCALL ConvertVAtoFileOffset(ULONG_PTR FileMapV
{
if(ConvertedAddress != NULL)
{
ConvertedAddress = ConvertedAddress + FileMapVA;
ConvertedAddress += FileMapVA;
}
else if(ConvertAddress == NULL)
{
ConvertedAddress = FileMapVA;
}
}
return(ConvertedAddress);
return ConvertedAddress;
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
@ -170,7 +169,7 @@ __declspec(dllexport) ULONG_PTR TITCALL ConvertVAtoFileOffset(ULONG_PTR FileMapV
{
if(ConvertedAddress != NULL)
{
ConvertedAddress = ConvertedAddress + FileMapVA;
ConvertedAddress += FileMapVA;
}
else if(ConvertAddress == NULL)
{

3
TitanEngine/TitanEngine.Relocator.cpp
View File

@ -211,7 +211,8 @@ __declspec(dllexport) bool TITCALL RelocaterExportRelocationExW(wchar_t* szFileN
if(MapFileExW(szFileName, UE_ACCESS_ALL, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL))
{
NewSectionFO = (DWORD)ConvertVAtoFileOffset(FileMapVA, NewSectionVO + (ULONG_PTR)GetPE32DataFromMappedFile(FileMapVA, NULL, UE_IMAGEBASE), true);
ReturnValue = RelocaterExportRelocation(NewSectionFO, NewSectionVO, FileMapVA);
if(NewSectionFO)
ReturnValue = RelocaterExportRelocation(NewSectionFO, NewSectionVO, FileMapVA);
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
if(ReturnValue)
{

68
TitanEngine/TitanEngine.TLS.cpp
View File

@ -74,24 +74,34 @@ __declspec(dllexport) bool TITCALL TLSGrabCallBackDataW(wchar_t* szFileName, LPV
{
ULONG_PTR TLSDirectoryAddress = (ULONG_PTR)((ULONG_PTR)PEHeader32->OptionalHeader.ImageBase + PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress);
PIMAGE_TLS_DIRECTORY32 TLSDirectoryX86 = (PIMAGE_TLS_DIRECTORY32)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)TLSDirectoryAddress, true);
if(TLSDirectoryX86->AddressOfCallBacks != NULL)
if(TLSDirectoryX86 && TLSDirectoryX86->AddressOfCallBacks != NULL)
{
ULONG_PTR TLSCompareData = 0;
ULONG_PTR TLSCallBackAddress = (ULONG_PTR)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)TLSDirectoryX86->AddressOfCallBacks, true);
while(memcmp((LPVOID)TLSCallBackAddress, &TLSCompareData, sizeof ULONG_PTR) != NULL)
if(TLSCallBackAddress)
{
if(ArrayOfCallBacks)
while(memcmp((LPVOID)TLSCallBackAddress, &TLSCompareData, sizeof ULONG_PTR) != NULL)
{
RtlMoveMemory(ArrayOfCallBacks, (LPVOID)TLSCallBackAddress, sizeof ULONG_PTR);
ArrayOfCallBacks = (LPVOID)((ULONG_PTR)ArrayOfCallBacks + sizeof ULONG_PTR);
if(ArrayOfCallBacks)
{
RtlMoveMemory(ArrayOfCallBacks, (LPVOID)TLSCallBackAddress, sizeof ULONG_PTR);
ArrayOfCallBacks = (LPVOID)((ULONG_PTR)ArrayOfCallBacks + sizeof ULONG_PTR);
}
TLSCallBackAddress = TLSCallBackAddress + sizeof ULONG_PTR;
NumberOfTLSCallBacks++;
}
TLSCallBackAddress = TLSCallBackAddress + sizeof ULONG_PTR;
NumberOfTLSCallBacks++;
if(NumberOfCallBacks)
*NumberOfCallBacks = NumberOfTLSCallBacks;
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return true;
}
else
{
if(NumberOfCallBacks)
*NumberOfCallBacks = 0;
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return false;
}
if(NumberOfCallBacks)
*NumberOfCallBacks = NumberOfTLSCallBacks;
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return true;
}
else
{
@ -115,24 +125,34 @@ __declspec(dllexport) bool TITCALL TLSGrabCallBackDataW(wchar_t* szFileName, LPV
{
ULONG_PTR TLSDirectoryAddress = (ULONG_PTR)((ULONG_PTR)PEHeader64->OptionalHeader.ImageBase + PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress);
PIMAGE_TLS_DIRECTORY64 TLSDirectoryX64 = (PIMAGE_TLS_DIRECTORY64)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)TLSDirectoryAddress, true);
if(TLSDirectoryX64->AddressOfCallBacks != NULL)
if(TLSDirectoryX64 && TLSDirectoryX64->AddressOfCallBacks != NULL)
{
ULONG_PTR TLSCompareData = NULL;
ULONG_PTR TLSCallBackAddress = (ULONG_PTR)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)TLSDirectoryX64->AddressOfCallBacks, true);
while(memcmp((LPVOID)TLSCallBackAddress, &TLSCompareData, sizeof ULONG_PTR) != NULL)
if(TLSCallBackAddress)
{
if(ArrayOfCallBacks)
while(memcmp((LPVOID)TLSCallBackAddress, &TLSCompareData, sizeof ULONG_PTR) != NULL)
{
RtlMoveMemory(ArrayOfCallBacks, (LPVOID)TLSCallBackAddress, sizeof ULONG_PTR);
ArrayOfCallBacks = (LPVOID)((ULONG_PTR)ArrayOfCallBacks + sizeof ULONG_PTR);
if(ArrayOfCallBacks)
{
RtlMoveMemory(ArrayOfCallBacks, (LPVOID)TLSCallBackAddress, sizeof ULONG_PTR);
ArrayOfCallBacks = (LPVOID)((ULONG_PTR)ArrayOfCallBacks + sizeof ULONG_PTR);
}
TLSCallBackAddress = TLSCallBackAddress + sizeof ULONG_PTR;
NumberOfTLSCallBacks++;
}
TLSCallBackAddress = TLSCallBackAddress + sizeof ULONG_PTR;
NumberOfTLSCallBacks++;
if(NumberOfCallBacks)
*NumberOfCallBacks = NumberOfTLSCallBacks;
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return true;
}
else
{
if(NumberOfCallBacks)
*NumberOfCallBacks = 0;
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return false;
}
if(NumberOfCallBacks)
*NumberOfCallBacks = NumberOfTLSCallBacks;
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return true;
}
else
{
@ -695,7 +715,9 @@ __declspec(dllexport) bool TITCALL TLSBuildNewTableExW(wchar_t* szFileName, char
if(MapFileExW(szFileName, UE_ACCESS_ALL, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL))
{
DWORD NewSectionFO = (DWORD)ConvertVAtoFileOffset(FileMapVA, NewSectionVO + tlsImageBase, true);
bool ReturnValue = TLSBuildNewTable(FileMapVA, NewSectionFO, NewSectionVO, ArrayOfCallBacks, NumberOfCallBacks);
bool ReturnValue = false;
if(NewSectionFO)
ReturnValue = TLSBuildNewTable(FileMapVA, NewSectionFO, NewSectionVO, ArrayOfCallBacks, NumberOfCallBacks);
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
if(ReturnValue)
{