From 829c0e77ba003f22db44d07e71609a06f979fcef Mon Sep 17 00:00:00 2001
From: NtQuery <NtQuery>
Date: Sun, 9 Mar 2014 16:18:58 +0100
Subject: [PATCH] kind of fixed Issue #15
 https://bitbucket.org/mrexodia/titanengine-update/issue/15/wrong-assumptoin-about-page-size

---
 TitanEngine/Global.Engine.cpp      | 10 +++++-----
 TitanEngine/Global.OEPFinder.cpp   |  6 +-----
 TitanEngine/TitanEngine.Dumper.cpp |  8 ++++----
 3 files changed, 10 insertions(+), 14 deletions(-)

diff --git a/TitanEngine/Global.Engine.cpp b/TitanEngine/Global.Engine.cpp
index 84c2051..5e53b29 100644
--- a/TitanEngine/Global.Engine.cpp
+++ b/TitanEngine/Global.Engine.cpp
@@ -1083,13 +1083,13 @@ long long EngineSimulateDllLoader(HANDLE hProcess, char* szFileName)
                             {
                                 __try
                                 {
-                                    if((DOSHeader->e_lfanew + PEHeaderSize) % 0x1000 != 0)
+                                    if((DOSHeader->e_lfanew + PEHeaderSize) % 0x1000 != 0) //SectionAlignment, the default value is the page size for the system.
                                     {
                                         ExportDelta = (((DOSHeader->e_lfanew + PEHeaderSize) / 0x1000) + 1) * 0x1000;
                                     }
                                     else
                                     {
-                                        ExportDelta = ((DOSHeader->e_lfanew + PEHeaderSize) / 0x1000) * 0x1000;
+                                        ExportDelta = (DOSHeader->e_lfanew + PEHeaderSize); //multiple of 0x1000
                                     }
                                     ConvertedExport = (ULONG_PTR)ConvertVAtoFileOffsetEx(FileMapVA, FileSize, PEHeader32->OptionalHeader.ImageBase, PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress, true, true);
                                     if(ConvertedExport != NULL)
@@ -1134,13 +1134,13 @@ long long EngineSimulateDllLoader(HANDLE hProcess, char* szFileName)
                             {
                                 __try
                                 {
-                                    if((DOSHeader->e_lfanew + PEHeaderSize) % 0x1000 != 0)
+                                    if((DOSHeader->e_lfanew + PEHeaderSize) % 0x1000 != 0) //SectionAlignment, the default value is the page size for the system.
                                     {
-                                        ExportDelta = (((DOSHeader->e_lfanew + PEHeaderSize) % 0x1000) + 1) * 0x1000;
+                                        ExportDelta = (((DOSHeader->e_lfanew + PEHeaderSize) / 0x1000) + 1) * 0x1000;
                                     }
                                     else
                                     {
-                                        ExportDelta = ((DOSHeader->e_lfanew + PEHeaderSize) % 0x1000) * 0x1000;
+                                        ExportDelta = (DOSHeader->e_lfanew + PEHeaderSize); //multiple of 0x1000
                                     }
                                     ConvertedExport = (ULONG_PTR)ConvertVAtoFileOffsetEx(FileMapVA, FileSize, (ULONG_PTR)PEHeader64->OptionalHeader.ImageBase, PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress, true, true);
                                     if(ConvertedExport != NULL)
diff --git a/TitanEngine/Global.OEPFinder.cpp b/TitanEngine/Global.OEPFinder.cpp
index bc11272..274c5a2 100644
--- a/TitanEngine/Global.OEPFinder.cpp
+++ b/TitanEngine/Global.OEPFinder.cpp
@@ -270,14 +270,10 @@ bool GenericOEPFileInitW(wchar_t* szFileName, LPVOID TraceInitCallBack, LPVOID C
             {
                 glbEntryTracerData.SectionData[i].SectionVirtualOffset = (DWORD)GetPE32DataFromMappedFile(FileMapVA, i, UE_SECTIONVIRTUALOFFSET);
                 glbEntryTracerData.SectionData[i].SectionVirtualSize = (DWORD)GetPE32DataFromMappedFile(FileMapVA, i, UE_SECTIONVIRTUALSIZE);
-                if(glbEntryTracerData.SectionData[i].SectionVirtualSize % 0x1000 != 0)
+                if(glbEntryTracerData.SectionData[i].SectionVirtualSize % 0x1000 != 0) //SectionAlignment, the default value is the page size for the system.
                 {
                     glbEntryTracerData.SectionData[i].SectionVirtualSize = ((glbEntryTracerData.SectionData[i].SectionVirtualSize / 0x1000) + 1) * 0x1000;
                 }
-                else
-                {
-                    glbEntryTracerData.SectionData[i].SectionVirtualSize = (glbEntryTracerData.SectionData[i].SectionVirtualSize / 0x1000) * 0x1000;
-                }
                 glbEntryTracerData.SectionData[i].SectionAttributes = (DWORD)GetPE32DataFromMappedFile(FileMapVA, i, UE_SECTIONFLAGS);
             }
             glbEntryTracerData.EPCallBack = CallBack;
diff --git a/TitanEngine/TitanEngine.Dumper.cpp b/TitanEngine/TitanEngine.Dumper.cpp
index c9d6a40..bf35d93 100644
--- a/TitanEngine/TitanEngine.Dumper.cpp
+++ b/TitanEngine/TitanEngine.Dumper.cpp
@@ -46,15 +46,15 @@ __declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBas
     {
         DOSHeader = (PIMAGE_DOS_HEADER)ueReadBuffer;
         CalculatedHeaderSize = DOSHeader->e_lfanew + sizeof IMAGE_DOS_HEADER + sizeof IMAGE_NT_HEADERS64;
-        if(CalculatedHeaderSize > 0x1000)
+        if(CalculatedHeaderSize > 0x1000) //SectionAlignment, the default value is the page size for the system.
         {
-            if(CalculatedHeaderSize % 0x1000 == NULL)
+            if(CalculatedHeaderSize % 0x1000 != NULL)
             {
-                AlignedHeaderSize = 0x1000;
+                AlignedHeaderSize = ((CalculatedHeaderSize / 0x1000) + 1) * 0x1000;
             }
             else
             {
-                AlignedHeaderSize = ((CalculatedHeaderSize / 0x1000) + 1) * 0x1000;
+                AlignedHeaderSize = CalculatedHeaderSize;
             }
             VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
             VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE);