x64dbg
/
TitanEngine
mirror of https://github.com/x64dbg/TitanEngine
1
0
Fork 0
Code Releases Activity

kind of fixed Issue #15 https://bitbucket.org/mrexodia/titanengine-update/issue/15/wrong-assumptoin-about-page-size

This commit is contained in:
NtQuery 2014-03-09 16:18:58 +01:00
parent 64bfce97c1
commit 829c0e77ba
3 changed files with 10 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
TitanEngine/Global.Engine.cpp
View File

@ -1083,13 +1083,13 @@ long long EngineSimulateDllLoader(HANDLE hProcess, char* szFileName)
{
__try
{
if((DOSHeader->e_lfanew + PEHeaderSize) % 0x1000 != 0)
if((DOSHeader->e_lfanew + PEHeaderSize) % 0x1000 != 0) //SectionAlignment, the default value is the page size for the system.
{
ExportDelta = (((DOSHeader->e_lfanew + PEHeaderSize) / 0x1000) + 1) * 0x1000;
}
else
{
ExportDelta = ((DOSHeader->e_lfanew + PEHeaderSize) / 0x1000) * 0x1000;
ExportDelta = (DOSHeader->e_lfanew + PEHeaderSize); //multiple of 0x1000
}
ConvertedExport = (ULONG_PTR)ConvertVAtoFileOffsetEx(FileMapVA, FileSize, PEHeader32->OptionalHeader.ImageBase, PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress, true, true);
if(ConvertedExport != NULL)
@ -1134,13 +1134,13 @@ long long EngineSimulateDllLoader(HANDLE hProcess, char* szFileName)
{
__try
{
if((DOSHeader->e_lfanew + PEHeaderSize) % 0x1000 != 0)
if((DOSHeader->e_lfanew + PEHeaderSize) % 0x1000 != 0) //SectionAlignment, the default value is the page size for the system.
{
ExportDelta = (((DOSHeader->e_lfanew + PEHeaderSize) % 0x1000) + 1) * 0x1000;
ExportDelta = (((DOSHeader->e_lfanew + PEHeaderSize) / 0x1000) + 1) * 0x1000;
}
else
{
ExportDelta = ((DOSHeader->e_lfanew + PEHeaderSize) % 0x1000) * 0x1000;
ExportDelta = (DOSHeader->e_lfanew + PEHeaderSize); //multiple of 0x1000
}
ConvertedExport = (ULONG_PTR)ConvertVAtoFileOffsetEx(FileMapVA, FileSize, (ULONG_PTR)PEHeader64->OptionalHeader.ImageBase, PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress, true, true);
if(ConvertedExport != NULL)

6
TitanEngine/Global.OEPFinder.cpp
View File

@ -270,14 +270,10 @@ bool GenericOEPFileInitW(wchar_t* szFileName, LPVOID TraceInitCallBack, LPVOID C
{
glbEntryTracerData.SectionData[i].SectionVirtualOffset = (DWORD)GetPE32DataFromMappedFile(FileMapVA, i, UE_SECTIONVIRTUALOFFSET);
glbEntryTracerData.SectionData[i].SectionVirtualSize = (DWORD)GetPE32DataFromMappedFile(FileMapVA, i, UE_SECTIONVIRTUALSIZE);
if(glbEntryTracerData.SectionData[i].SectionVirtualSize % 0x1000 != 0)
if(glbEntryTracerData.SectionData[i].SectionVirtualSize % 0x1000 != 0) //SectionAlignment, the default value is the page size for the system.
{
glbEntryTracerData.SectionData[i].SectionVirtualSize = ((glbEntryTracerData.SectionData[i].SectionVirtualSize / 0x1000) + 1) * 0x1000;
}
else
{
glbEntryTracerData.SectionData[i].SectionVirtualSize = (glbEntryTracerData.SectionData[i].SectionVirtualSize / 0x1000) * 0x1000;
}
glbEntryTracerData.SectionData[i].SectionAttributes = (DWORD)GetPE32DataFromMappedFile(FileMapVA, i, UE_SECTIONFLAGS);
}
glbEntryTracerData.EPCallBack = CallBack;

8
TitanEngine/TitanEngine.Dumper.cpp
View File

@ -46,15 +46,15 @@ __declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBas
{
DOSHeader = (PIMAGE_DOS_HEADER)ueReadBuffer;
CalculatedHeaderSize = DOSHeader->e_lfanew + sizeof IMAGE_DOS_HEADER + sizeof IMAGE_NT_HEADERS64;
if(CalculatedHeaderSize > 0x1000)
if(CalculatedHeaderSize > 0x1000) //SectionAlignment, the default value is the page size for the system.
{
if(CalculatedHeaderSize % 0x1000 == NULL)
if(CalculatedHeaderSize % 0x1000 != NULL)
{
AlignedHeaderSize = 0x1000;
AlignedHeaderSize = ((CalculatedHeaderSize / 0x1000) + 1) * 0x1000;
}
else
{
AlignedHeaderSize = ((CalculatedHeaderSize / 0x1000) + 1) * 0x1000;
AlignedHeaderSize = CalculatedHeaderSize;
}
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE);