x64dbg
/
TitanEngine
mirror of https://github.com/x64dbg/TitanEngine
1
0
Fork 0
Code Releases Activity

kind of fixed Issue #15 https://bitbucket.org/mrexodia/titanengine-update/issue/15/wrong-assumptoin-about-page-size

This commit is contained in:
NtQuery 2014-03-09 16:18:58 +01:00
parent 64bfce97c1
commit 829c0e77ba
3 changed files with 10 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
TitanEngine/Global.Engine.cpp
View File

@ -1083,13 +1083,13 @@ long long EngineSimulateDllLoader(HANDLE hProcess, char* szFileName)
{ {
__try __try
{ {
if((DOSHeader->e_lfanew + PEHeaderSize) % 0x1000 != 0) if((DOSHeader->e_lfanew + PEHeaderSize) % 0x1000 != 0) //SectionAlignment, the default value is the page size for the system.
{ {
ExportDelta = (((DOSHeader->e_lfanew + PEHeaderSize) / 0x1000) + 1) * 0x1000; ExportDelta = (((DOSHeader->e_lfanew + PEHeaderSize) / 0x1000) + 1) * 0x1000;
} }
else else
{ {
ExportDelta = ((DOSHeader->e_lfanew + PEHeaderSize) / 0x1000) * 0x1000; ExportDelta = (DOSHeader->e_lfanew + PEHeaderSize); //multiple of 0x1000
} }
ConvertedExport = (ULONG_PTR)ConvertVAtoFileOffsetEx(FileMapVA, FileSize, PEHeader32->OptionalHeader.ImageBase, PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress, true, true); ConvertedExport = (ULONG_PTR)ConvertVAtoFileOffsetEx(FileMapVA, FileSize, PEHeader32->OptionalHeader.ImageBase, PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress, true, true);
if(ConvertedExport != NULL) if(ConvertedExport != NULL)
@ -1134,13 +1134,13 @@ long long EngineSimulateDllLoader(HANDLE hProcess, char* szFileName)
{ {
__try __try
{ {
if((DOSHeader->e_lfanew + PEHeaderSize) % 0x1000 != 0) if((DOSHeader->e_lfanew + PEHeaderSize) % 0x1000 != 0) //SectionAlignment, the default value is the page size for the system.
{ {
ExportDelta = (((DOSHeader->e_lfanew + PEHeaderSize) % 0x1000) + 1) * 0x1000; ExportDelta = (((DOSHeader->e_lfanew + PEHeaderSize) / 0x1000) + 1) * 0x1000;
} }
else else
{ {
ExportDelta = ((DOSHeader->e_lfanew + PEHeaderSize) % 0x1000) * 0x1000; ExportDelta = (DOSHeader->e_lfanew + PEHeaderSize); //multiple of 0x1000
} }
ConvertedExport = (ULONG_PTR)ConvertVAtoFileOffsetEx(FileMapVA, FileSize, (ULONG_PTR)PEHeader64->OptionalHeader.ImageBase, PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress, true, true); ConvertedExport = (ULONG_PTR)ConvertVAtoFileOffsetEx(FileMapVA, FileSize, (ULONG_PTR)PEHeader64->OptionalHeader.ImageBase, PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress, true, true);
if(ConvertedExport != NULL) if(ConvertedExport != NULL)

6
TitanEngine/Global.OEPFinder.cpp
View File

@ -270,14 +270,10 @@ bool GenericOEPFileInitW(wchar_t* szFileName, LPVOID TraceInitCallBack, LPVOID C
{ {
glbEntryTracerData.SectionData[i].SectionVirtualOffset = (DWORD)GetPE32DataFromMappedFile(FileMapVA, i, UE_SECTIONVIRTUALOFFSET); glbEntryTracerData.SectionData[i].SectionVirtualOffset = (DWORD)GetPE32DataFromMappedFile(FileMapVA, i, UE_SECTIONVIRTUALOFFSET);
glbEntryTracerData.SectionData[i].SectionVirtualSize = (DWORD)GetPE32DataFromMappedFile(FileMapVA, i, UE_SECTIONVIRTUALSIZE); glbEntryTracerData.SectionData[i].SectionVirtualSize = (DWORD)GetPE32DataFromMappedFile(FileMapVA, i, UE_SECTIONVIRTUALSIZE);
if(glbEntryTracerData.SectionData[i].SectionVirtualSize % 0x1000 != 0) if(glbEntryTracerData.SectionData[i].SectionVirtualSize % 0x1000 != 0) //SectionAlignment, the default value is the page size for the system.
{ {
glbEntryTracerData.SectionData[i].SectionVirtualSize = ((glbEntryTracerData.SectionData[i].SectionVirtualSize / 0x1000) + 1) * 0x1000; glbEntryTracerData.SectionData[i].SectionVirtualSize = ((glbEntryTracerData.SectionData[i].SectionVirtualSize / 0x1000) + 1) * 0x1000;
} }
else
{
glbEntryTracerData.SectionData[i].SectionVirtualSize = (glbEntryTracerData.SectionData[i].SectionVirtualSize / 0x1000) * 0x1000;
}
glbEntryTracerData.SectionData[i].SectionAttributes = (DWORD)GetPE32DataFromMappedFile(FileMapVA, i, UE_SECTIONFLAGS); glbEntryTracerData.SectionData[i].SectionAttributes = (DWORD)GetPE32DataFromMappedFile(FileMapVA, i, UE_SECTIONFLAGS);
} }
glbEntryTracerData.EPCallBack = CallBack; glbEntryTracerData.EPCallBack = CallBack;

8
TitanEngine/TitanEngine.Dumper.cpp
View File

@ -46,15 +46,15 @@ __declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBas
{ {
DOSHeader = (PIMAGE_DOS_HEADER)ueReadBuffer; DOSHeader = (PIMAGE_DOS_HEADER)ueReadBuffer;
CalculatedHeaderSize = DOSHeader->e_lfanew + sizeof IMAGE_DOS_HEADER + sizeof IMAGE_NT_HEADERS64; CalculatedHeaderSize = DOSHeader->e_lfanew + sizeof IMAGE_DOS_HEADER + sizeof IMAGE_NT_HEADERS64;
if(CalculatedHeaderSize > 0x1000) if(CalculatedHeaderSize > 0x1000) //SectionAlignment, the default value is the page size for the system.
{ {
if(CalculatedHeaderSize % 0x1000 == NULL) if(CalculatedHeaderSize % 0x1000 != NULL)
{ {
AlignedHeaderSize = 0x1000; AlignedHeaderSize = ((CalculatedHeaderSize / 0x1000) + 1) * 0x1000;
} }
else else
{ {
AlignedHeaderSize = ((CalculatedHeaderSize / 0x1000) + 1) * 0x1000; AlignedHeaderSize = CalculatedHeaderSize;
} }
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE); VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE); VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE);