diff --git a/Release/x32/TitanEngine.dll b/Release/x32/TitanEngine.dll index 9f6dd5c..7ca93d7 100644 Binary files a/Release/x32/TitanEngine.dll and b/Release/x32/TitanEngine.dll differ diff --git a/Release/x32/TitanEngine.exp b/Release/x32/TitanEngine.exp index b4a09dc..0a0f4b3 100644 Binary files a/Release/x32/TitanEngine.exp and b/Release/x32/TitanEngine.exp differ diff --git a/Release/x32/TitanEngine.lib b/Release/x32/TitanEngine.lib index bb30b1e..0302f3b 100644 Binary files a/Release/x32/TitanEngine.lib and b/Release/x32/TitanEngine.lib differ diff --git a/Release/x32/TitanEngine_x86.a b/Release/x32/TitanEngine_x86.a index 3c2c556..f455912 100644 Binary files a/Release/x32/TitanEngine_x86.a and b/Release/x32/TitanEngine_x86.a differ diff --git a/Release/x64/TitanEngine.dll b/Release/x64/TitanEngine.dll index 76ec624..78f6e23 100644 Binary files a/Release/x64/TitanEngine.dll and b/Release/x64/TitanEngine.dll differ diff --git a/Release/x64/TitanEngine.exp b/Release/x64/TitanEngine.exp index 7e7ba95..a37d3fb 100644 Binary files a/Release/x64/TitanEngine.exp and b/Release/x64/TitanEngine.exp differ diff --git a/Release/x64/TitanEngine.lib b/Release/x64/TitanEngine.lib index fc94f00..12f0cab 100644 Binary files a/Release/x64/TitanEngine.lib and b/Release/x64/TitanEngine.lib differ diff --git a/Release/x64/TitanEngine_x64.a b/Release/x64/TitanEngine_x64.a index ff10b21..dd98992 100644 Binary files a/Release/x64/TitanEngine_x64.a and b/Release/x64/TitanEngine_x64.a differ diff --git a/SDK/C/TitanEngine.h b/SDK/C/TitanEngine.h new file mode 100644 index 0000000..cb1b00f --- /dev/null +++ b/SDK/C/TitanEngine.h @@ -0,0 +1,938 @@ +#ifndef TITANENGINE +#define TITANENGINE + +#define TITCALL + +#if _MSC_VER > 1000 +#pragma once +#endif + +#include + +#pragma pack(push, 1) + +// Global.Constant.Structure.Declaration: +// Engine.External: +#define UE_ACCESS_READ 0 +#define UE_ACCESS_WRITE 1 +#define UE_ACCESS_ALL 2 + +#define UE_HIDE_BASIC 1 + +#define UE_PLUGIN_CALL_REASON_PREDEBUG 1 +#define UE_PLUGIN_CALL_REASON_EXCEPTION 2 +#define UE_PLUGIN_CALL_REASON_POSTDEBUG 3 + +#define TEE_HOOK_NRM_JUMP 1 +#define TEE_HOOK_NRM_CALL 3 +#define TEE_HOOK_IAT 5 + +#define UE_ENGINE_ALOW_MODULE_LOADING 1 +#define UE_ENGINE_AUTOFIX_FORWARDERS 2 +#define UE_ENGINE_PASS_ALL_EXCEPTIONS 3 +#define UE_ENGINE_NO_CONSOLE_WINDOW 4 +#define UE_ENGINE_BACKUP_FOR_CRITICAL_FUNCTIONS 5 +#define UE_ENGINE_CALL_PLUGIN_CALLBACK 6 +#define UE_ENGINE_RESET_CUSTOM_HANDLER 7 +#define UE_ENGINE_CALL_PLUGIN_DEBUG_CALLBACK 8 + +#define UE_OPTION_REMOVEALL 1 +#define UE_OPTION_DISABLEALL 2 +#define UE_OPTION_REMOVEALLDISABLED 3 +#define UE_OPTION_REMOVEALLENABLED 4 + +#define UE_STATIC_DECRYPTOR_XOR 1 +#define UE_STATIC_DECRYPTOR_SUB 2 +#define UE_STATIC_DECRYPTOR_ADD 3 + +#define UE_STATIC_DECRYPTOR_FOREWARD 1 +#define UE_STATIC_DECRYPTOR_BACKWARD 2 + +#define UE_STATIC_KEY_SIZE_1 1 +#define UE_STATIC_KEY_SIZE_2 2 +#define UE_STATIC_KEY_SIZE_4 4 +#define UE_STATIC_KEY_SIZE_8 8 + +#define UE_STATIC_APLIB 1 +#define UE_STATIC_APLIB_DEPACK 2 +#define UE_STATIC_LZMA 3 + +#define UE_STATIC_HASH_MD5 1 +#define UE_STATIC_HASH_SHA1 2 +#define UE_STATIC_HASH_CRC32 3 + +#define UE_RESOURCE_LANGUAGE_ANY -1 + +#define UE_PE_OFFSET 0 +#define UE_IMAGEBASE 1 +#define UE_OEP 2 +#define UE_SIZEOFIMAGE 3 +#define UE_SIZEOFHEADERS 4 +#define UE_SIZEOFOPTIONALHEADER 5 +#define UE_SECTIONALIGNMENT 6 +#define UE_IMPORTTABLEADDRESS 7 +#define UE_IMPORTTABLESIZE 8 +#define UE_RESOURCETABLEADDRESS 9 +#define UE_RESOURCETABLESIZE 10 +#define UE_EXPORTTABLEADDRESS 11 +#define UE_EXPORTTABLESIZE 12 +#define UE_TLSTABLEADDRESS 13 +#define UE_TLSTABLESIZE 14 +#define UE_RELOCATIONTABLEADDRESS 15 +#define UE_RELOCATIONTABLESIZE 16 +#define UE_TIMEDATESTAMP 17 +#define UE_SECTIONNUMBER 18 +#define UE_CHECKSUM 19 +#define UE_SUBSYSTEM 20 +#define UE_CHARACTERISTICS 21 +#define UE_NUMBEROFRVAANDSIZES 22 +#define UE_SECTIONNAME 23 +#define UE_SECTIONVIRTUALOFFSET 24 +#define UE_SECTIONVIRTUALSIZE 25 +#define UE_SECTIONRAWOFFSET 26 +#define UE_SECTIONRAWSIZE 27 +#define UE_SECTIONFLAGS 28 + +#define UE_CH_BREAKPOINT 1 +#define UE_CH_SINGLESTEP 2 +#define UE_CH_ACCESSVIOLATION 3 +#define UE_CH_ILLEGALINSTRUCTION 4 +#define UE_CH_NONCONTINUABLEEXCEPTION 5 +#define UE_CH_ARRAYBOUNDSEXCEPTION 6 +#define UE_CH_FLOATDENORMALOPERAND 7 +#define UE_CH_FLOATDEVIDEBYZERO 8 +#define UE_CH_INTEGERDEVIDEBYZERO 9 +#define UE_CH_INTEGEROVERFLOW 10 +#define UE_CH_PRIVILEGEDINSTRUCTION 11 +#define UE_CH_PAGEGUARD 12 +#define UE_CH_EVERYTHINGELSE 13 +#define UE_CH_CREATETHREAD 14 +#define UE_CH_EXITTHREAD 15 +#define UE_CH_CREATEPROCESS 16 +#define UE_CH_EXITPROCESS 17 +#define UE_CH_LOADDLL 18 +#define UE_CH_UNLOADDLL 19 +#define UE_CH_OUTPUTDEBUGSTRING 20 +#define UE_CH_AFTEREXCEPTIONPROCESSING 21 +#define UE_CH_ALLEVENTS 22 +#define UE_CH_SYSTEMBREAKPOINT 23 +#define UE_CH_UNHANDLEDEXCEPTION 24 +#define UE_CH_AFTERUNHANDLEDEXCEPTION 25 + +#define UE_OPTION_HANDLER_RETURN_HANDLECOUNT 1 +#define UE_OPTION_HANDLER_RETURN_ACCESS 2 +#define UE_OPTION_HANDLER_RETURN_FLAGS 3 +#define UE_OPTION_HANDLER_RETURN_TYPENAME 4 + +#define UE_BREAKPOINT_INT3 1 +#define UE_BREAKPOINT_LONG_INT3 2 +#define UE_BREAKPOINT_UD2 3 + +#define UE_BPXREMOVED 0 +#define UE_BPXACTIVE 1 +#define UE_BPXINACTIVE 2 + +#define UE_BREAKPOINT 0 +#define UE_SINGLESHOOT 1 +#define UE_HARDWARE 2 +#define UE_MEMORY 3 +#define UE_MEMORY_READ 4 +#define UE_MEMORY_WRITE 5 +#define UE_MEMORY_EXECUTE 6 +#define UE_BREAKPOINT_TYPE_INT3 0x10000000 +#define UE_BREAKPOINT_TYPE_LONG_INT3 0x20000000 +#define UE_BREAKPOINT_TYPE_UD2 0x30000000 + +#define UE_HARDWARE_EXECUTE 4 +#define UE_HARDWARE_WRITE 5 +#define UE_HARDWARE_READWRITE 6 + +#define UE_HARDWARE_SIZE_1 7 +#define UE_HARDWARE_SIZE_2 8 +#define UE_HARDWARE_SIZE_4 9 +#define UE_HARDWARE_SIZE_8 10 + +#define UE_ON_LIB_LOAD 1 +#define UE_ON_LIB_UNLOAD 2 +#define UE_ON_LIB_ALL 3 + +#define UE_APISTART 0 +#define UE_APIEND 1 + +#define UE_PLATFORM_x86 1 +#define UE_PLATFORM_x64 2 +#define UE_PLATFORM_ALL 3 + +#define UE_FUNCTION_STDCALL 1 +#define UE_FUNCTION_CCALL 2 +#define UE_FUNCTION_FASTCALL 3 +#define UE_FUNCTION_STDCALL_RET 4 +#define UE_FUNCTION_CCALL_RET 5 +#define UE_FUNCTION_FASTCALL_RET 6 +#define UE_FUNCTION_STDCALL_CALL 7 +#define UE_FUNCTION_CCALL_CALL 8 +#define UE_FUNCTION_FASTCALL_CALL 9 +#define UE_PARAMETER_BYTE 0 +#define UE_PARAMETER_WORD 1 +#define UE_PARAMETER_DWORD 2 +#define UE_PARAMETER_QWORD 3 +#define UE_PARAMETER_PTR_BYTE 4 +#define UE_PARAMETER_PTR_WORD 5 +#define UE_PARAMETER_PTR_DWORD 6 +#define UE_PARAMETER_PTR_QWORD 7 +#define UE_PARAMETER_STRING 8 +#define UE_PARAMETER_UNICODE 9 + +#define UE_CMP_NOCONDITION 0 +#define UE_CMP_EQUAL 1 +#define UE_CMP_NOTEQUAL 2 +#define UE_CMP_GREATER 3 +#define UE_CMP_GREATEROREQUAL 4 +#define UE_CMP_LOWER 5 +#define UE_CMP_LOWEROREQUAL 6 +#define UE_CMP_REG_EQUAL 7 +#define UE_CMP_REG_NOTEQUAL 8 +#define UE_CMP_REG_GREATER 9 +#define UE_CMP_REG_GREATEROREQUAL 10 +#define UE_CMP_REG_LOWER 11 +#define UE_CMP_REG_LOWEROREQUAL 12 +#define UE_CMP_ALWAYSFALSE 13 + +#define UE_EAX 1 +#define UE_EBX 2 +#define UE_ECX 3 +#define UE_EDX 4 +#define UE_EDI 5 +#define UE_ESI 6 +#define UE_EBP 7 +#define UE_ESP 8 +#define UE_EIP 9 +#define UE_EFLAGS 10 +#define UE_DR0 11 +#define UE_DR1 12 +#define UE_DR2 13 +#define UE_DR3 14 +#define UE_DR6 15 +#define UE_DR7 16 +#define UE_RAX 17 +#define UE_RBX 18 +#define UE_RCX 19 +#define UE_RDX 20 +#define UE_RDI 21 +#define UE_RSI 22 +#define UE_RBP 23 +#define UE_RSP 24 +#define UE_RIP 25 +#define UE_RFLAGS 26 +#define UE_R8 27 +#define UE_R9 28 +#define UE_R10 29 +#define UE_R11 30 +#define UE_R12 31 +#define UE_R13 32 +#define UE_R14 33 +#define UE_R15 34 +#define UE_CIP 35 +#define UE_CSP 36 +#ifdef _WIN64 +#define UE_CFLAGS UE_RFLAGS +#else +#define UE_CFLAGS UE_EFLAGS +#endif +#define UE_SEG_GS 37 +#define UE_SEG_FS 38 +#define UE_SEG_ES 39 +#define UE_SEG_DS 40 +#define UE_SEG_CS 41 +#define UE_SEG_SS 42 + +typedef struct +{ + DWORD PE32Offset; + DWORD ImageBase; + DWORD OriginalEntryPoint; + DWORD NtSizeOfImage; + DWORD NtSizeOfHeaders; + WORD SizeOfOptionalHeaders; + DWORD FileAlignment; + DWORD SectionAligment; + DWORD ImportTableAddress; + DWORD ImportTableSize; + DWORD ResourceTableAddress; + DWORD ResourceTableSize; + DWORD ExportTableAddress; + DWORD ExportTableSize; + DWORD TLSTableAddress; + DWORD TLSTableSize; + DWORD RelocationTableAddress; + DWORD RelocationTableSize; + DWORD TimeDateStamp; + WORD SectionNumber; + DWORD CheckSum; + WORD SubSystem; + WORD Characteristics; + DWORD NumberOfRvaAndSizes; +} PE32Struct, *PPE32Struct; + +typedef struct +{ + DWORD PE64Offset; + DWORD64 ImageBase; + DWORD OriginalEntryPoint; + DWORD NtSizeOfImage; + DWORD NtSizeOfHeaders; + WORD SizeOfOptionalHeaders; + DWORD FileAlignment; + DWORD SectionAligment; + DWORD ImportTableAddress; + DWORD ImportTableSize; + DWORD ResourceTableAddress; + DWORD ResourceTableSize; + DWORD ExportTableAddress; + DWORD ExportTableSize; + DWORD TLSTableAddress; + DWORD TLSTableSize; + DWORD RelocationTableAddress; + DWORD RelocationTableSize; + DWORD TimeDateStamp; + WORD SectionNumber; + DWORD CheckSum; + WORD SubSystem; + WORD Characteristics; + DWORD NumberOfRvaAndSizes; +} PE64Struct, *PPE64Struct; + +typedef struct +{ + bool NewDll; + int NumberOfImports; + ULONG_PTR ImageBase; + ULONG_PTR BaseImportThunk; + ULONG_PTR ImportThunk; + char* APIName; + char* DLLName; +} ImportEnumData, *PImportEnumData; + +typedef struct +{ + HANDLE hThread; + DWORD dwThreadId; + void* ThreadStartAddress; + void* ThreadLocalBase; +} THREAD_ITEM_DATA, *PTHREAD_ITEM_DATA; + +typedef struct +{ + HANDLE hFile; + void* BaseOfDll; + HANDLE hFileMapping; + void* hFileMappingView; + char szLibraryPath[MAX_PATH]; + char szLibraryName[MAX_PATH]; +} LIBRARY_ITEM_DATA, *PLIBRARY_ITEM_DATA; + +typedef struct +{ + HANDLE hFile; + void* BaseOfDll; + HANDLE hFileMapping; + void* hFileMappingView; + wchar_t szLibraryPath[MAX_PATH]; + wchar_t szLibraryName[MAX_PATH]; +} LIBRARY_ITEM_DATAW, *PLIBRARY_ITEM_DATAW; + +typedef struct +{ + HANDLE hProcess; + DWORD dwProcessId; + HANDLE hThread; + DWORD dwThreadId; + HANDLE hFile; + void* BaseOfImage; + void* ThreadStartAddress; + void* ThreadLocalBase; +} PROCESS_ITEM_DATA, *PPROCESS_ITEM_DATA; + +typedef struct +{ + ULONG ProcessId; + HANDLE hHandle; +} HandlerArray, *PHandlerArray; + +typedef struct +{ + char PluginName[64]; + DWORD PluginMajorVersion; + DWORD PluginMinorVersion; + HMODULE PluginBaseAddress; + void* TitanDebuggingCallBack; + void* TitanRegisterPlugin; + void* TitanReleasePlugin; + void* TitanResetPlugin; + bool PluginDisabled; +} PluginInformation, *PPluginInformation; + +#define TEE_MAXIMUM_HOOK_SIZE 14 +#define TEE_MAXIMUM_HOOK_RELOCS 7 +#if defined(_WIN64) +#define TEE_MAXIMUM_HOOK_INSERT_SIZE 14 +#else +#define TEE_MAXIMUM_HOOK_INSERT_SIZE 5 +#endif + +typedef struct HOOK_ENTRY +{ + bool IATHook; + BYTE HookType; + DWORD HookSize; + void* HookAddress; + void* RedirectionAddress; + BYTE HookBytes[TEE_MAXIMUM_HOOK_SIZE]; + BYTE OriginalBytes[TEE_MAXIMUM_HOOK_SIZE]; + void* IATHookModuleBase; + DWORD IATHookNameHash; + bool HookIsEnabled; + bool HookIsRemote; + void* PatchedEntry; + DWORD RelocationInfo[TEE_MAXIMUM_HOOK_RELOCS]; + int RelocationCount; +} HOOK_ENTRY, *PHOOK_ENTRY; + +#define UE_DEPTH_SURFACE 0 +#define UE_DEPTH_DEEP 1 + +#define UE_UNPACKER_CONDITION_SEARCH_FROM_EP 1 + +#define UE_UNPACKER_CONDITION_LOADLIBRARY 1 +#define UE_UNPACKER_CONDITION_GETPROCADDRESS 2 +#define UE_UNPACKER_CONDITION_ENTRYPOINTBREAK 3 +#define UE_UNPACKER_CONDITION_RELOCSNAPSHOT1 4 +#define UE_UNPACKER_CONDITION_RELOCSNAPSHOT2 5 + +#define UE_FIELD_OK 0 +#define UE_FIELD_BROKEN_NON_FIXABLE 1 +#define UE_FIELD_BROKEN_NON_CRITICAL 2 +#define UE_FIELD_BROKEN_FIXABLE_FOR_STATIC_USE 3 +#define UE_FIELD_BROKEN_BUT_CAN_BE_EMULATED 4 +#define UE_FILED_FIXABLE_NON_CRITICAL 5 +#define UE_FILED_FIXABLE_CRITICAL 6 +#define UE_FIELD_NOT_PRESET 7 +#define UE_FIELD_NOT_PRESET_WARNING 8 + +#define UE_RESULT_FILE_OK 10 +#define UE_RESULT_FILE_INVALID_BUT_FIXABLE 11 +#define UE_RESULT_FILE_INVALID_AND_NON_FIXABLE 12 +#define UE_RESULT_FILE_INVALID_FORMAT 13 + +typedef struct +{ + BYTE OveralEvaluation; + bool EvaluationTerminatedByException; + bool FileIs64Bit; + bool FileIsDLL; + bool FileIsConsole; + bool MissingDependencies; + bool MissingDeclaredAPIs; + BYTE SignatureMZ; + BYTE SignaturePE; + BYTE EntryPoint; + BYTE ImageBase; + BYTE SizeOfImage; + BYTE FileAlignment; + BYTE SectionAlignment; + BYTE ExportTable; + BYTE RelocationTable; + BYTE ImportTable; + BYTE ImportTableSection; + BYTE ImportTableData; + BYTE IATTable; + BYTE TLSTable; + BYTE LoadConfigTable; + BYTE BoundImportTable; + BYTE COMHeaderTable; + BYTE ResourceTable; + BYTE ResourceData; + BYTE SectionTable; +} FILE_STATUS_INFO, *PFILE_STATUS_INFO; + +typedef struct +{ + BYTE OveralEvaluation; + bool FixingTerminatedByException; + bool FileFixPerformed; + bool StrippedRelocation; + bool DontFixRelocations; + DWORD OriginalRelocationTableAddress; + DWORD OriginalRelocationTableSize; + bool StrippedExports; + bool DontFixExports; + DWORD OriginalExportTableAddress; + DWORD OriginalExportTableSize; + bool StrippedResources; + bool DontFixResources; + DWORD OriginalResourceTableAddress; + DWORD OriginalResourceTableSize; + bool StrippedTLS; + bool DontFixTLS; + DWORD OriginalTLSTableAddress; + DWORD OriginalTLSTableSize; + bool StrippedLoadConfig; + bool DontFixLoadConfig; + DWORD OriginalLoadConfigTableAddress; + DWORD OriginalLoadConfigTableSize; + bool StrippedBoundImports; + bool DontFixBoundImports; + DWORD OriginalBoundImportTableAddress; + DWORD OriginalBoundImportTableSize; + bool StrippedIAT; + bool DontFixIAT; + DWORD OriginalImportAddressTableAddress; + DWORD OriginalImportAddressTableSize; + bool StrippedCOM; + bool DontFixCOM; + DWORD OriginalCOMTableAddress; + DWORD OriginalCOMTableSize; +} FILE_FIX_INFO, *PFILE_FIX_INFO; + +#ifdef __cplusplus +extern "C" +{ +#endif + +// Global.Function.Declaration: +// TitanEngine.Dumper.functions: +__declspec(dllexport) bool TITCALL DumpProcess(HANDLE hProcess, LPVOID ImageBase, char* szDumpFileName, ULONG_PTR EntryPoint); +__declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBase, wchar_t* szDumpFileName, ULONG_PTR EntryPoint); +__declspec(dllexport) bool TITCALL DumpProcessEx(DWORD ProcessId, LPVOID ImageBase, char* szDumpFileName, ULONG_PTR EntryPoint); +__declspec(dllexport) bool TITCALL DumpProcessExW(DWORD ProcessId, LPVOID ImageBase, wchar_t* szDumpFileName, ULONG_PTR EntryPoint); +__declspec(dllexport) bool TITCALL DumpMemory(HANDLE hProcess, LPVOID MemoryStart, ULONG_PTR MemorySize, char* szDumpFileName); +__declspec(dllexport) bool TITCALL DumpMemoryW(HANDLE hProcess, LPVOID MemoryStart, ULONG_PTR MemorySize, wchar_t* szDumpFileName); +__declspec(dllexport) bool TITCALL DumpMemoryEx(DWORD ProcessId, LPVOID MemoryStart, ULONG_PTR MemorySize, char* szDumpFileName); +__declspec(dllexport) bool TITCALL DumpMemoryExW(DWORD ProcessId, LPVOID MemoryStart, ULONG_PTR MemorySize, wchar_t* szDumpFileName); +__declspec(dllexport) bool TITCALL DumpRegions(HANDLE hProcess, char* szDumpFolder, bool DumpAboveImageBaseOnly); +__declspec(dllexport) bool TITCALL DumpRegionsW(HANDLE hProcess, wchar_t* szDumpFolder, bool DumpAboveImageBaseOnly); +__declspec(dllexport) bool TITCALL DumpRegionsEx(DWORD ProcessId, char* szDumpFolder, bool DumpAboveImageBaseOnly); +__declspec(dllexport) bool TITCALL DumpRegionsExW(DWORD ProcessId, wchar_t* szDumpFolder, bool DumpAboveImageBaseOnly); +__declspec(dllexport) bool TITCALL DumpModule(HANDLE hProcess, LPVOID ModuleBase, char* szDumpFileName); +__declspec(dllexport) bool TITCALL DumpModuleW(HANDLE hProcess, LPVOID ModuleBase, wchar_t* szDumpFileName); +__declspec(dllexport) bool TITCALL DumpModuleEx(DWORD ProcessId, LPVOID ModuleBase, char* szDumpFileName); +__declspec(dllexport) bool TITCALL DumpModuleExW(DWORD ProcessId, LPVOID ModuleBase, wchar_t* szDumpFileName); +__declspec(dllexport) bool TITCALL PastePEHeader(HANDLE hProcess, LPVOID ImageBase, char* szDebuggedFileName); +__declspec(dllexport) bool TITCALL PastePEHeaderW(HANDLE hProcess, LPVOID ImageBase, wchar_t* szDebuggedFileName); +__declspec(dllexport) bool TITCALL ExtractSection(char* szFileName, char* szDumpFileName, DWORD SectionNumber); +__declspec(dllexport) bool TITCALL ExtractSectionW(wchar_t* szFileName, wchar_t* szDumpFileName, DWORD SectionNumber); +__declspec(dllexport) bool TITCALL ResortFileSections(char* szFileName); +__declspec(dllexport) bool TITCALL ResortFileSectionsW(wchar_t* szFileName); +__declspec(dllexport) bool TITCALL FindOverlay(char* szFileName, LPDWORD OverlayStart, LPDWORD OverlaySize); +__declspec(dllexport) bool TITCALL FindOverlayW(wchar_t* szFileName, LPDWORD OverlayStart, LPDWORD OverlaySize); +__declspec(dllexport) bool TITCALL ExtractOverlay(char* szFileName, char* szExtactedFileName); +__declspec(dllexport) bool TITCALL ExtractOverlayW(wchar_t* szFileName, wchar_t* szExtactedFileName); +__declspec(dllexport) bool TITCALL AddOverlay(char* szFileName, char* szOverlayFileName); +__declspec(dllexport) bool TITCALL AddOverlayW(wchar_t* szFileName, wchar_t* szOverlayFileName); +__declspec(dllexport) bool TITCALL CopyOverlay(char* szInFileName, char* szOutFileName); +__declspec(dllexport) bool TITCALL CopyOverlayW(wchar_t* szInFileName, wchar_t* szOutFileName); +__declspec(dllexport) bool TITCALL RemoveOverlay(char* szFileName); +__declspec(dllexport) bool TITCALL RemoveOverlayW(wchar_t* szFileName); +__declspec(dllexport) bool TITCALL MakeAllSectionsRWE(char* szFileName); +__declspec(dllexport) bool TITCALL MakeAllSectionsRWEW(wchar_t* szFileName); +__declspec(dllexport) long TITCALL AddNewSectionEx(char* szFileName, char* szSectionName, DWORD SectionSize, DWORD SectionAttributes, LPVOID SectionContent, DWORD ContentSize); +__declspec(dllexport) long TITCALL AddNewSectionExW(wchar_t* szFileName, char* szSectionName, DWORD SectionSize, DWORD SectionAttributes, LPVOID SectionContent, DWORD ContentSize); +__declspec(dllexport) long TITCALL AddNewSection(char* szFileName, char* szSectionName, DWORD SectionSize); +__declspec(dllexport) long TITCALL AddNewSectionW(wchar_t* szFileName, char* szSectionName, DWORD SectionSize); +__declspec(dllexport) bool TITCALL ResizeLastSection(char* szFileName, DWORD NumberOfExpandBytes, bool AlignResizeData); +__declspec(dllexport) bool TITCALL ResizeLastSectionW(wchar_t* szFileName, DWORD NumberOfExpandBytes, bool AlignResizeData); +__declspec(dllexport) void TITCALL SetSharedOverlay(char* szFileName); +__declspec(dllexport) void TITCALL SetSharedOverlayW(wchar_t* szFileName); +__declspec(dllexport) char* TITCALL GetSharedOverlay(); +__declspec(dllexport) wchar_t* TITCALL GetSharedOverlayW(); +__declspec(dllexport) bool TITCALL DeleteLastSection(char* szFileName); +__declspec(dllexport) bool TITCALL DeleteLastSectionW(wchar_t* szFileName); +__declspec(dllexport) bool TITCALL DeleteLastSectionEx(char* szFileName, DWORD NumberOfSections); +__declspec(dllexport) bool TITCALL DeleteLastSectionExW(wchar_t* szFileName, DWORD NumberOfSections); +__declspec(dllexport) long long TITCALL GetPE32DataFromMappedFile(ULONG_PTR FileMapVA, DWORD WhichSection, DWORD WhichData); +__declspec(dllexport) long long TITCALL GetPE32Data(char* szFileName, DWORD WhichSection, DWORD WhichData); +__declspec(dllexport) long long TITCALL GetPE32DataW(wchar_t* szFileName, DWORD WhichSection, DWORD WhichData); +__declspec(dllexport) bool TITCALL GetPE32DataFromMappedFileEx(ULONG_PTR FileMapVA, LPVOID DataStorage); +__declspec(dllexport) bool TITCALL GetPE32DataEx(char* szFileName, LPVOID DataStorage); +__declspec(dllexport) bool TITCALL GetPE32DataExW(wchar_t* szFileName, LPVOID DataStorage); +__declspec(dllexport) bool TITCALL SetPE32DataForMappedFile(ULONG_PTR FileMapVA, DWORD WhichSection, DWORD WhichData, ULONG_PTR NewDataValue); +__declspec(dllexport) bool TITCALL SetPE32Data(char* szFileName, DWORD WhichSection, DWORD WhichData, ULONG_PTR NewDataValue); +__declspec(dllexport) bool TITCALL SetPE32DataW(wchar_t* szFileName, DWORD WhichSection, DWORD WhichData, ULONG_PTR NewDataValue); +__declspec(dllexport) bool TITCALL SetPE32DataForMappedFileEx(ULONG_PTR FileMapVA, LPVOID DataStorage); +__declspec(dllexport) bool TITCALL SetPE32DataEx(char* szFileName, LPVOID DataStorage); +__declspec(dllexport) bool TITCALL SetPE32DataExW(wchar_t* szFileName, LPVOID DataStorage); +__declspec(dllexport) long TITCALL GetPE32SectionNumberFromVA(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert); +__declspec(dllexport) long long TITCALL ConvertVAtoFileOffset(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType); +__declspec(dllexport) long long TITCALL ConvertVAtoFileOffsetEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool AddressIsRVA, bool ReturnType); +__declspec(dllexport) long long TITCALL ConvertFileOffsetToVA(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType); +__declspec(dllexport) long long TITCALL ConvertFileOffsetToVAEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool ReturnType); +// TitanEngine.Realigner.functions: +__declspec(dllexport) bool TITCALL FixHeaderCheckSum(char* szFileName); +__declspec(dllexport) bool TITCALL FixHeaderCheckSumW(wchar_t* szFileName); +__declspec(dllexport) long TITCALL RealignPE(ULONG_PTR FileMapVA, DWORD FileSize, DWORD RealingMode); +__declspec(dllexport) long TITCALL RealignPEEx(char* szFileName, DWORD RealingFileSize, DWORD ForcedFileAlignment); +__declspec(dllexport) long TITCALL RealignPEExW(wchar_t* szFileName, DWORD RealingFileSize, DWORD ForcedFileAlignment); +__declspec(dllexport) bool TITCALL WipeSection(char* szFileName, int WipeSectionNumber, bool RemovePhysically); +__declspec(dllexport) bool TITCALL WipeSectionW(wchar_t* szFileName, int WipeSectionNumber, bool RemovePhysically); +__declspec(dllexport) bool TITCALL IsPE32FileValidEx(char* szFileName, DWORD CheckDepth, LPVOID FileStatusInfo); +__declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD CheckDepth, LPVOID FileStatusInfo); +__declspec(dllexport) bool TITCALL FixBrokenPE32FileEx(char* szFileName, LPVOID FileStatusInfo, LPVOID FileFixInfo); +__declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPVOID FileStatusInfo, LPVOID FileFixInfo); +__declspec(dllexport) bool TITCALL IsFileDLL(char* szFileName, ULONG_PTR FileMapVA); +__declspec(dllexport) bool TITCALL IsFileDLLW(wchar_t* szFileName, ULONG_PTR FileMapVA); +// TitanEngine.Hider.functions: +__declspec(dllexport) void* TITCALL GetPEBLocation(HANDLE hProcess); +__declspec(dllexport) bool TITCALL HideDebugger(HANDLE hProcess, DWORD PatchAPILevel); +__declspec(dllexport) bool TITCALL UnHideDebugger(HANDLE hProcess, DWORD PatchAPILevel); +// TitanEngine.Relocater.functions: +__declspec(dllexport) void TITCALL RelocaterCleanup(); +__declspec(dllexport) void TITCALL RelocaterInit(DWORD MemorySize, ULONG_PTR OldImageBase, ULONG_PTR NewImageBase); +__declspec(dllexport) void TITCALL RelocaterAddNewRelocation(HANDLE hProcess, ULONG_PTR RelocateAddress, DWORD RelocateState); +__declspec(dllexport) long TITCALL RelocaterEstimatedSize(); +__declspec(dllexport) bool TITCALL RelocaterExportRelocation(ULONG_PTR StorePlace, DWORD StorePlaceRVA, ULONG_PTR FileMapVA); +__declspec(dllexport) bool TITCALL RelocaterExportRelocationEx(char* szFileName, char* szSectionName); +__declspec(dllexport) bool TITCALL RelocaterExportRelocationExW(wchar_t* szFileName, char* szSectionName); +__declspec(dllexport) bool TITCALL RelocaterGrabRelocationTable(HANDLE hProcess, ULONG_PTR MemoryStart, DWORD MemorySize); +__declspec(dllexport) bool TITCALL RelocaterGrabRelocationTableEx(HANDLE hProcess, ULONG_PTR MemoryStart, ULONG_PTR MemorySize, DWORD NtSizeOfImage); +__declspec(dllexport) bool TITCALL RelocaterMakeSnapshot(HANDLE hProcess, char* szSaveFileName, LPVOID MemoryStart, ULONG_PTR MemorySize); +__declspec(dllexport) bool TITCALL RelocaterMakeSnapshotW(HANDLE hProcess, wchar_t* szSaveFileName, LPVOID MemoryStart, ULONG_PTR MemorySize); +__declspec(dllexport) bool TITCALL RelocaterCompareTwoSnapshots(HANDLE hProcess, ULONG_PTR LoadedImageBase, ULONG_PTR NtSizeOfImage, char* szDumpFile1, char* szDumpFile2, ULONG_PTR MemStart); +__declspec(dllexport) bool TITCALL RelocaterCompareTwoSnapshotsW(HANDLE hProcess, ULONG_PTR LoadedImageBase, ULONG_PTR NtSizeOfImage, wchar_t* szDumpFile1, wchar_t* szDumpFile2, ULONG_PTR MemStart); +__declspec(dllexport) bool TITCALL RelocaterChangeFileBase(char* szFileName, ULONG_PTR NewImageBase); +__declspec(dllexport) bool TITCALL RelocaterChangeFileBaseW(wchar_t* szFileName, ULONG_PTR NewImageBase); +__declspec(dllexport) bool TITCALL RelocaterRelocateMemoryBlock(ULONG_PTR FileMapVA, ULONG_PTR MemoryLocation, void* RelocateMemory, DWORD RelocateMemorySize, ULONG_PTR CurrentLoadedBase, ULONG_PTR RelocateBase); +__declspec(dllexport) bool TITCALL RelocaterWipeRelocationTable(char* szFileName); +__declspec(dllexport) bool TITCALL RelocaterWipeRelocationTableW(wchar_t* szFileName); +// TitanEngine.Resourcer.functions: +__declspec(dllexport) long long TITCALL ResourcerLoadFileForResourceUse(char* szFileName); +__declspec(dllexport) long long TITCALL ResourcerLoadFileForResourceUseW(wchar_t* szFileName); +__declspec(dllexport) bool TITCALL ResourcerFreeLoadedFile(LPVOID LoadedFileBase); +__declspec(dllexport) bool TITCALL ResourcerExtractResourceFromFileEx(ULONG_PTR FileMapVA, char* szResourceType, char* szResourceName, char* szExtractedFileName); +__declspec(dllexport) bool TITCALL ResourcerExtractResourceFromFile(char* szFileName, char* szResourceType, char* szResourceName, char* szExtractedFileName); +__declspec(dllexport) bool TITCALL ResourcerExtractResourceFromFileW(wchar_t* szFileName, char* szResourceType, char* szResourceName, char* szExtractedFileName); +__declspec(dllexport) bool TITCALL ResourcerFindResource(char* szFileName, char* szResourceType, DWORD ResourceType, char* szResourceName, DWORD ResourceName, DWORD ResourceLanguage, PULONG_PTR pResourceData, LPDWORD pResourceSize); +__declspec(dllexport) bool TITCALL ResourcerFindResourceW(wchar_t* szFileName, wchar_t* szResourceType, DWORD ResourceType, wchar_t* szResourceName, DWORD ResourceName, DWORD ResourceLanguage, PULONG_PTR pResourceData, LPDWORD pResourceSize); +__declspec(dllexport) bool TITCALL ResourcerFindResourceEx(ULONG_PTR FileMapVA, DWORD FileSize, wchar_t* szResourceType, DWORD ResourceType, wchar_t* szResourceName, DWORD ResourceName, DWORD ResourceLanguage, PULONG_PTR pResourceData, LPDWORD pResourceSize); +__declspec(dllexport) void TITCALL ResourcerEnumerateResource(char* szFileName, void* CallBack); +__declspec(dllexport) void TITCALL ResourcerEnumerateResourceW(wchar_t* szFileName, void* CallBack); +__declspec(dllexport) void TITCALL ResourcerEnumerateResourceEx(ULONG_PTR FileMapVA, DWORD FileSize, void* CallBack); +// TitanEngine.Threader.functions: +__declspec(dllexport) bool TITCALL ThreaderImportRunningThreadData(DWORD ProcessId); +__declspec(dllexport) void* TITCALL ThreaderGetThreadInfo(HANDLE hThread, DWORD ThreadId); +__declspec(dllexport) void TITCALL ThreaderEnumThreadInfo(void* EnumCallBack); +__declspec(dllexport) bool TITCALL ThreaderPauseThread(HANDLE hThread); +__declspec(dllexport) bool TITCALL ThreaderResumeThread(HANDLE hThread); +__declspec(dllexport) bool TITCALL ThreaderTerminateThread(HANDLE hThread, DWORD ThreadExitCode); +__declspec(dllexport) bool TITCALL ThreaderPauseAllThreads(bool LeaveMainRunning); +__declspec(dllexport) bool TITCALL ThreaderResumeAllThreads(bool LeaveMainPaused); +__declspec(dllexport) bool TITCALL ThreaderPauseProcess(); +__declspec(dllexport) bool TITCALL ThreaderResumeProcess(); +__declspec(dllexport) long long TITCALL ThreaderCreateRemoteThread(ULONG_PTR ThreadStartAddress, bool AutoCloseTheHandle, LPVOID ThreadPassParameter, LPDWORD ThreadId); +__declspec(dllexport) bool TITCALL ThreaderInjectAndExecuteCode(LPVOID InjectCode, DWORD StartDelta, DWORD InjectSize); +__declspec(dllexport) long long TITCALL ThreaderCreateRemoteThreadEx(HANDLE hProcess, ULONG_PTR ThreadStartAddress, bool AutoCloseTheHandle, LPVOID ThreadPassParameter, LPDWORD ThreadId); +__declspec(dllexport) bool TITCALL ThreaderInjectAndExecuteCodeEx(HANDLE hProcess, LPVOID InjectCode, DWORD StartDelta, DWORD InjectSize); +__declspec(dllexport) void TITCALL ThreaderSetCallBackForNextExitThreadEvent(LPVOID exitThreadCallBack); +__declspec(dllexport) bool TITCALL ThreaderIsThreadStillRunning(HANDLE hThread); +__declspec(dllexport) bool TITCALL ThreaderIsThreadActive(HANDLE hThread); +__declspec(dllexport) bool TITCALL ThreaderIsAnyThreadActive(); +__declspec(dllexport) bool TITCALL ThreaderExecuteOnlyInjectedThreads(); +__declspec(dllexport) long long TITCALL ThreaderGetOpenHandleForThread(DWORD ThreadId); +__declspec(dllexport) void* TITCALL ThreaderGetThreadData(); +__declspec(dllexport) bool TITCALL ThreaderIsExceptionInMainThread(); +// TitanEngine.Debugger.functions: +__declspec(dllexport) void* TITCALL StaticDisassembleEx(ULONG_PTR DisassmStart, LPVOID DisassmAddress); +__declspec(dllexport) void* TITCALL StaticDisassemble(LPVOID DisassmAddress); +__declspec(dllexport) void* TITCALL DisassembleEx(HANDLE hProcess, LPVOID DisassmAddress, bool ReturnInstructionType); +__declspec(dllexport) void* TITCALL Disassemble(LPVOID DisassmAddress); +__declspec(dllexport) long TITCALL StaticLengthDisassemble(LPVOID DisassmAddress); +__declspec(dllexport) long TITCALL LengthDisassembleEx(HANDLE hProcess, LPVOID DisassmAddress); +__declspec(dllexport) long TITCALL LengthDisassemble(LPVOID DisassmAddress); +__declspec(dllexport) void* TITCALL InitDebug(char* szFileName, char* szCommandLine, char* szCurrentFolder); +__declspec(dllexport) void* TITCALL InitDebugW(wchar_t* szFileName, wchar_t* szCommandLine, wchar_t* szCurrentFolder); +__declspec(dllexport) void* TITCALL InitDebugEx(char* szFileName, char* szCommandLine, char* szCurrentFolder, LPVOID EntryCallBack); +__declspec(dllexport) void* TITCALL InitDebugExW(wchar_t* szFileName, wchar_t* szCommandLine, wchar_t* szCurrentFolder, LPVOID EntryCallBack); +__declspec(dllexport) void* TITCALL InitDLLDebug(char* szFileName, bool ReserveModuleBase, char* szCommandLine, char* szCurrentFolder, LPVOID EntryCallBack); +__declspec(dllexport) void* TITCALL InitDLLDebugW(wchar_t* szFileName, bool ReserveModuleBase, wchar_t* szCommandLine, wchar_t* szCurrentFolder, LPVOID EntryCallBack); +__declspec(dllexport) bool TITCALL StopDebug(); +__declspec(dllexport) void TITCALL SetBPXOptions(long DefaultBreakPointType); +__declspec(dllexport) bool TITCALL IsBPXEnabled(ULONG_PTR bpxAddress); +__declspec(dllexport) bool TITCALL EnableBPX(ULONG_PTR bpxAddress); +__declspec(dllexport) bool TITCALL DisableBPX(ULONG_PTR bpxAddress); +__declspec(dllexport) bool TITCALL SetBPX(ULONG_PTR bpxAddress, DWORD bpxType, LPVOID bpxCallBack); +__declspec(dllexport) bool TITCALL SetBPXEx(ULONG_PTR bpxAddress, DWORD bpxType, DWORD NumberOfExecution, DWORD CmpRegister, DWORD CmpCondition, ULONG_PTR CmpValue, LPVOID bpxCallBack, LPVOID bpxCompareCallBack, LPVOID bpxRemoveCallBack); +__declspec(dllexport) bool TITCALL DeleteBPX(ULONG_PTR bpxAddress); +__declspec(dllexport) bool TITCALL SafeDeleteBPX(ULONG_PTR bpxAddress); +__declspec(dllexport) bool TITCALL SetAPIBreakPoint(char* szDLLName, char* szAPIName, DWORD bpxType, DWORD bpxPlace, LPVOID bpxCallBack); +__declspec(dllexport) bool TITCALL DeleteAPIBreakPoint(char* szDLLName, char* szAPIName, DWORD bpxPlace); +__declspec(dllexport) bool TITCALL SafeDeleteAPIBreakPoint(char* szDLLName, char* szAPIName, DWORD bpxPlace); +__declspec(dllexport) bool TITCALL SetMemoryBPX(ULONG_PTR MemoryStart, DWORD SizeOfMemory, LPVOID bpxCallBack); +__declspec(dllexport) bool TITCALL SetMemoryBPXEx(ULONG_PTR MemoryStart, DWORD SizeOfMemory, DWORD BreakPointType, bool RestoreOnHit, LPVOID bpxCallBack); +__declspec(dllexport) bool TITCALL RemoveMemoryBPX(ULONG_PTR MemoryStart, DWORD SizeOfMemory); +__declspec(dllexport) bool TITCALL GetContextFPUDataEx(HANDLE hActiveThread, void* FPUSaveArea); +__declspec(dllexport) long long TITCALL GetContextDataEx(HANDLE hActiveThread, DWORD IndexOfRegister); +__declspec(dllexport) long long TITCALL GetContextData(DWORD IndexOfRegister); +__declspec(dllexport) bool TITCALL SetContextFPUDataEx(HANDLE hActiveThread, void* FPUSaveArea); +__declspec(dllexport) bool TITCALL SetContextDataEx(HANDLE hActiveThread, DWORD IndexOfRegister, ULONG_PTR NewRegisterValue); +__declspec(dllexport) bool TITCALL SetContextData(DWORD IndexOfRegister, ULONG_PTR NewRegisterValue); +__declspec(dllexport) void TITCALL ClearExceptionNumber(); +__declspec(dllexport) long TITCALL CurrentExceptionNumber(); +__declspec(dllexport) bool TITCALL MatchPatternEx(HANDLE hProcess, void* MemoryToCheck, int SizeOfMemoryToCheck, void* PatternToMatch, int SizeOfPatternToMatch, PBYTE WildCard); +__declspec(dllexport) bool TITCALL MatchPattern(void* MemoryToCheck, int SizeOfMemoryToCheck, void* PatternToMatch, int SizeOfPatternToMatch, PBYTE WildCard); +__declspec(dllexport) long long TITCALL FindEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, LPBYTE WildCard); +extern "C" __declspec(dllexport) long long TITCALL Find(LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, LPBYTE WildCard); +__declspec(dllexport) bool TITCALL FillEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, PBYTE FillByte); +__declspec(dllexport) bool TITCALL Fill(LPVOID MemoryStart, DWORD MemorySize, PBYTE FillByte); +__declspec(dllexport) bool TITCALL PatchEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, LPVOID ReplacePattern, DWORD ReplaceSize, bool AppendNOP, bool PrependNOP); +__declspec(dllexport) bool TITCALL Patch(LPVOID MemoryStart, DWORD MemorySize, LPVOID ReplacePattern, DWORD ReplaceSize, bool AppendNOP, bool PrependNOP); +__declspec(dllexport) bool TITCALL ReplaceEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, DWORD NumberOfRepetitions, LPVOID ReplacePattern, DWORD ReplaceSize, PBYTE WildCard); +__declspec(dllexport) bool TITCALL Replace(LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, DWORD NumberOfRepetitions, LPVOID ReplacePattern, DWORD ReplaceSize, PBYTE WildCard); +__declspec(dllexport) void* TITCALL GetDebugData(); +__declspec(dllexport) void* TITCALL GetTerminationData(); +__declspec(dllexport) long TITCALL GetExitCode(); +__declspec(dllexport) long long TITCALL GetDebuggedDLLBaseAddress(); +__declspec(dllexport) unsigned long long TITCALL GetDebuggedFileBaseAddress(); +__declspec(dllexport) bool TITCALL GetRemoteString(HANDLE hProcess, LPVOID StringAddress, LPVOID StringStorage, int MaximumStringSize); +__declspec(dllexport) long long TITCALL GetFunctionParameter(HANDLE hProcess, DWORD FunctionType, DWORD ParameterNumber, DWORD ParameterType); +__declspec(dllexport) long long TITCALL GetJumpDestinationEx(HANDLE hProcess, ULONG_PTR InstructionAddress, bool JustJumps); +__declspec(dllexport) long long TITCALL GetJumpDestination(HANDLE hProcess, ULONG_PTR InstructionAddress); +__declspec(dllexport) bool TITCALL IsJumpGoingToExecuteEx(HANDLE hProcess, HANDLE hThread, ULONG_PTR InstructionAddress, ULONG_PTR RegFlags); +__declspec(dllexport) bool TITCALL IsJumpGoingToExecute(); +__declspec(dllexport) void TITCALL SetCustomHandler(DWORD ExceptionId, LPVOID CallBack); +__declspec(dllexport) void TITCALL ForceClose(); +__declspec(dllexport) void TITCALL StepInto(LPVOID traceCallBack); +__declspec(dllexport) void TITCALL StepOver(LPVOID traceCallBack); +__declspec(dllexport) void TITCALL SingleStep(DWORD StepCount, LPVOID StepCallBack); +__declspec(dllexport) bool TITCALL GetUnusedHardwareBreakPointRegister(LPDWORD RegisterIndex); +__declspec(dllexport) bool TITCALL SetHardwareBreakPointEx(HANDLE hActiveThread, ULONG_PTR bpxAddress, DWORD IndexOfRegister, DWORD bpxType, DWORD bpxSize, LPVOID bpxCallBack, LPDWORD IndexOfSelectedRegister); +__declspec(dllexport) bool TITCALL SetHardwareBreakPoint(ULONG_PTR bpxAddress, DWORD IndexOfRegister, DWORD bpxType, DWORD bpxSize, LPVOID bpxCallBack); +__declspec(dllexport) bool TITCALL DeleteHardwareBreakPoint(DWORD IndexOfRegister); +__declspec(dllexport) bool TITCALL RemoveAllBreakPoints(DWORD RemoveOption); +__declspec(dllexport) void* TITCALL GetProcessInformation(); +__declspec(dllexport) void* TITCALL GetStartupInformation(); +__declspec(dllexport) void TITCALL DebugLoop(); +__declspec(dllexport) void TITCALL SetDebugLoopTimeOut(DWORD TimeOut); +__declspec(dllexport) void TITCALL SetNextDbgContinueStatus(DWORD SetDbgCode); +__declspec(dllexport) bool TITCALL AttachDebugger(DWORD ProcessId, bool KillOnExit, LPVOID DebugInfo, LPVOID CallBack); +__declspec(dllexport) bool TITCALL DetachDebugger(DWORD ProcessId); +__declspec(dllexport) bool TITCALL DetachDebuggerEx(DWORD ProcessId); +__declspec(dllexport) void TITCALL DebugLoopEx(DWORD TimeOut); +__declspec(dllexport) void TITCALL AutoDebugEx(char* szFileName, bool ReserveModuleBase, char* szCommandLine, char* szCurrentFolder, DWORD TimeOut, LPVOID EntryCallBack); +__declspec(dllexport) void TITCALL AutoDebugExW(wchar_t* szFileName, bool ReserveModuleBase, wchar_t* szCommandLine, wchar_t* szCurrentFolder, DWORD TimeOut, LPVOID EntryCallBack); +__declspec(dllexport) bool TITCALL IsFileBeingDebugged(); +__declspec(dllexport) void TITCALL SetErrorModel(bool DisplayErrorMessages); +// TitanEngine.FindOEP.functions: +__declspec(dllexport) void TITCALL FindOEPInit(); +__declspec(dllexport) bool TITCALL FindOEPGenerically(char* szFileName, LPVOID TraceInitCallBack, LPVOID CallBack); +__declspec(dllexport) bool TITCALL FindOEPGenericallyW(wchar_t* szFileName, LPVOID TraceInitCallBack, LPVOID CallBack); +// TitanEngine.Importer.functions: +__declspec(dllexport) void TITCALL ImporterCleanup(); +__declspec(dllexport) void TITCALL ImporterSetImageBase(ULONG_PTR ImageBase); +__declspec(dllexport) void TITCALL ImporterSetUnknownDelta(ULONG_PTR DeltaAddress); +__declspec(dllexport) long long TITCALL ImporterGetCurrentDelta(); +__declspec(dllexport) void TITCALL ImporterInit(DWORD MemorySize, ULONG_PTR ImageBase); +__declspec(dllexport) void TITCALL ImporterAddNewDll(char* szDLLName, ULONG_PTR FirstThunk); +__declspec(dllexport) void TITCALL ImporterAddNewAPI(char* szAPIName, ULONG_PTR ThunkValue); +__declspec(dllexport) void TITCALL ImporterAddNewOrdinalAPI(ULONG_PTR OrdinalNumber, ULONG_PTR ThunkValue); +__declspec(dllexport) long TITCALL ImporterGetAddedDllCount(); +__declspec(dllexport) long TITCALL ImporterGetAddedAPICount(); +__declspec(dllexport) void* TITCALL ImporterGetLastAddedDLLName(); +__declspec(dllexport) void TITCALL ImporterMoveIAT(); +__declspec(dllexport) bool TITCALL ImporterExportIAT(ULONG_PTR StorePlace, ULONG_PTR FileMapVA); +__declspec(dllexport) long TITCALL ImporterEstimatedSize(); +__declspec(dllexport) bool TITCALL ImporterExportIATEx(char* szExportFileName, char* szSectionName); +__declspec(dllexport) bool TITCALL ImporterExportIATExW(wchar_t* szExportFileName, char* szSectionName); +__declspec(dllexport) long long TITCALL ImporterFindAPIWriteLocation(char* szAPIName); +__declspec(dllexport) long long TITCALL ImporterFindOrdinalAPIWriteLocation(ULONG_PTR OrdinalNumber); +__declspec(dllexport) long long TITCALL ImporterFindAPIByWriteLocation(ULONG_PTR APIWriteLocation); +__declspec(dllexport) long long TITCALL ImporterFindDLLByWriteLocation(ULONG_PTR APIWriteLocation); +__declspec(dllexport) void* TITCALL ImporterGetDLLName(ULONG_PTR APIAddress); +__declspec(dllexport) void* TITCALL ImporterGetAPIName(ULONG_PTR APIAddress); +__declspec(dllexport) long long TITCALL ImporterGetAPIOrdinalNumber(ULONG_PTR APIAddress); +__declspec(dllexport) void* TITCALL ImporterGetAPINameEx(ULONG_PTR APIAddress, ULONG_PTR DLLBasesList); +__declspec(dllexport) long long TITCALL ImporterGetRemoteAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress); +__declspec(dllexport) long long TITCALL ImporterGetRemoteAPIAddressEx(char* szDLLName, char* szAPIName); +__declspec(dllexport) long long TITCALL ImporterGetLocalAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress); +__declspec(dllexport) void* TITCALL ImporterGetDLLNameFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress); +__declspec(dllexport) void* TITCALL ImporterGetAPINameFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress); +__declspec(dllexport) long long TITCALL ImporterGetAPIOrdinalNumberFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress); +__declspec(dllexport) long TITCALL ImporterGetDLLIndexEx(ULONG_PTR APIAddress, ULONG_PTR DLLBasesList); +__declspec(dllexport) long TITCALL ImporterGetDLLIndex(HANDLE hProcess, ULONG_PTR APIAddress, ULONG_PTR DLLBasesList); +__declspec(dllexport) long long TITCALL ImporterGetRemoteDLLBase(HANDLE hProcess, HMODULE LocalModuleBase); +__declspec(dllexport) long long TITCALL ImporterGetRemoteDLLBaseEx(HANDLE hProcess, char* szModuleName); +__declspec(dllexport) bool TITCALL ImporterRelocateWriteLocation(ULONG_PTR AddValue); +__declspec(dllexport) bool TITCALL ImporterIsForwardedAPI(HANDLE hProcess, ULONG_PTR APIAddress); +__declspec(dllexport) void* TITCALL ImporterGetForwardedAPIName(HANDLE hProcess, ULONG_PTR APIAddress); +__declspec(dllexport) void* TITCALL ImporterGetForwardedDLLName(HANDLE hProcess, ULONG_PTR APIAddress); +__declspec(dllexport) long TITCALL ImporterGetForwardedDLLIndex(HANDLE hProcess, ULONG_PTR APIAddress, ULONG_PTR DLLBasesList); +__declspec(dllexport) long long TITCALL ImporterGetForwardedAPIOrdinalNumber(HANDLE hProcess, ULONG_PTR APIAddress); +__declspec(dllexport) long long TITCALL ImporterGetNearestAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress); +__declspec(dllexport) void* TITCALL ImporterGetNearestAPIName(HANDLE hProcess, ULONG_PTR APIAddress); +__declspec(dllexport) bool TITCALL ImporterCopyOriginalIAT(char* szOriginalFile, char* szDumpFile); +__declspec(dllexport) bool TITCALL ImporterCopyOriginalIATW(wchar_t* szOriginalFile, wchar_t* szDumpFile); +__declspec(dllexport) bool TITCALL ImporterLoadImportTable(char* szFileName); +__declspec(dllexport) bool TITCALL ImporterLoadImportTableW(wchar_t* szFileName); +__declspec(dllexport) bool TITCALL ImporterMoveOriginalIAT(char* szOriginalFile, char* szDumpFile, char* szSectionName); +__declspec(dllexport) bool TITCALL ImporterMoveOriginalIATW(wchar_t* szOriginalFile, wchar_t* szDumpFile, char* szSectionName); +__declspec(dllexport) void TITCALL ImporterAutoSearchIAT(HANDLE hProcess, char* szFileName, ULONG_PTR ImageBase, ULONG_PTR SearchStart, DWORD SearchSize, LPVOID pIATStart, LPVOID pIATSize); +__declspec(dllexport) void TITCALL ImporterAutoSearchIATW(HANDLE hProcess, wchar_t* szFileName, ULONG_PTR ImageBase, ULONG_PTR SearchStart, DWORD SearchSize, LPVOID pIATStart, LPVOID pIATSize); +__declspec(dllexport) void TITCALL ImporterAutoSearchIATEx(HANDLE hProcess, ULONG_PTR ImageBase, ULONG_PTR SearchStart, DWORD SearchSize, LPVOID pIATStart, LPVOID pIATSize); +__declspec(dllexport) void TITCALL ImporterEnumAddedData(LPVOID EnumCallBack); +__declspec(dllexport) long TITCALL ImporterAutoFixIATEx(HANDLE hProcess, char* szDumpedFile, char* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, DWORD SearchSize, DWORD SearchStep, bool TryAutoFix, bool FixEliminations, LPVOID UnknownPointerFixCallback); +__declspec(dllexport) long TITCALL ImporterAutoFixIATExW(HANDLE hProcess, wchar_t* szDumpedFile, char* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, DWORD SearchSize, DWORD SearchStep, bool TryAutoFix, bool FixEliminations, LPVOID UnknownPointerFixCallback); +__declspec(dllexport) long TITCALL ImporterAutoFixIAT(HANDLE hProcess, char* szDumpedFile, ULONG_PTR ImageBase, ULONG_PTR SearchStart, DWORD SearchSize, DWORD SearchStep); +__declspec(dllexport) long TITCALL ImporterAutoFixIATW(HANDLE hProcess, wchar_t* szDumpedFile, ULONG_PTR ImageBase, ULONG_PTR SearchStart, DWORD SearchSize, DWORD SearchStep); +// Global.Engine.Hook.functions: +__declspec(dllexport) bool TITCALL HooksSafeTransitionEx(LPVOID HookAddressArray, int NumberOfHooks, bool TransitionStart); +__declspec(dllexport) bool TITCALL HooksSafeTransition(LPVOID HookAddress, bool TransitionStart); +__declspec(dllexport) bool TITCALL HooksIsAddressRedirected(LPVOID HookAddress); +__declspec(dllexport) void* TITCALL HooksGetTrampolineAddress(LPVOID HookAddress); +__declspec(dllexport) void* TITCALL HooksGetHookEntryDetails(LPVOID HookAddress); +__declspec(dllexport) bool TITCALL HooksInsertNewRedirection(LPVOID HookAddress, LPVOID RedirectTo, int HookType); +__declspec(dllexport) bool TITCALL HooksInsertNewIATRedirectionEx(ULONG_PTR FileMapVA, ULONG_PTR LoadedModuleBase, char* szHookFunction, LPVOID RedirectTo); +__declspec(dllexport) bool TITCALL HooksInsertNewIATRedirection(char* szModuleName, char* szHookFunction, LPVOID RedirectTo); +__declspec(dllexport) bool TITCALL HooksRemoveRedirection(LPVOID HookAddress, bool RemoveAll); +__declspec(dllexport) bool TITCALL HooksRemoveRedirectionsForModule(HMODULE ModuleBase); +__declspec(dllexport) bool TITCALL HooksRemoveIATRedirection(char* szModuleName, char* szHookFunction, bool RemoveAll); +__declspec(dllexport) bool TITCALL HooksDisableRedirection(LPVOID HookAddress, bool DisableAll); +__declspec(dllexport) bool TITCALL HooksDisableRedirectionsForModule(HMODULE ModuleBase); +__declspec(dllexport) bool TITCALL HooksDisableIATRedirection(char* szModuleName, char* szHookFunction, bool DisableAll); +__declspec(dllexport) bool TITCALL HooksEnableRedirection(LPVOID HookAddress, bool EnableAll); +__declspec(dllexport) bool TITCALL HooksEnableRedirectionsForModule(HMODULE ModuleBase); +__declspec(dllexport) bool TITCALL HooksEnableIATRedirection(char* szModuleName, char* szHookFunction, bool EnableAll); +__declspec(dllexport) void TITCALL HooksScanModuleMemory(HMODULE ModuleBase, LPVOID CallBack); +__declspec(dllexport) void TITCALL HooksScanEntireProcessMemory(LPVOID CallBack); +__declspec(dllexport) void TITCALL HooksScanEntireProcessMemoryEx(); +// TitanEngine.Tracer.functions: +__declspec(dllexport) void TITCALL TracerInit(); +__declspec(dllexport) long long TITCALL TracerLevel1(HANDLE hProcess, ULONG_PTR AddressToTrace); +__declspec(dllexport) long long TITCALL HashTracerLevel1(HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD InputNumberOfInstructions); +__declspec(dllexport) long TITCALL TracerDetectRedirection(HANDLE hProcess, ULONG_PTR AddressToTrace); +__declspec(dllexport) long long TITCALL TracerFixKnownRedirection(HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD RedirectionId); +__declspec(dllexport) long long TITCALL TracerFixRedirectionViaModule(HMODULE hModuleHandle, HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD IdParameter); +__declspec(dllexport) long TITCALL TracerFixRedirectionViaImpRecPlugin(HANDLE hProcess, char* szPluginName, ULONG_PTR AddressToTrace); +// TitanEngine.Exporter.functions: +__declspec(dllexport) void TITCALL ExporterCleanup(); +__declspec(dllexport) void TITCALL ExporterSetImageBase(ULONG_PTR ImageBase); +__declspec(dllexport) void TITCALL ExporterInit(DWORD MemorySize, ULONG_PTR ImageBase, DWORD ExportOrdinalBase, char* szExportModuleName); +__declspec(dllexport) bool TITCALL ExporterAddNewExport(char* szExportName, DWORD ExportRelativeAddress); +__declspec(dllexport) bool TITCALL ExporterAddNewOrdinalExport(DWORD OrdinalNumber, DWORD ExportRelativeAddress); +__declspec(dllexport) long TITCALL ExporterGetAddedExportCount(); +__declspec(dllexport) long TITCALL ExporterEstimatedSize(); +__declspec(dllexport) bool TITCALL ExporterBuildExportTable(ULONG_PTR StorePlace, ULONG_PTR FileMapVA); +__declspec(dllexport) bool TITCALL ExporterBuildExportTableEx(char* szExportFileName, char* szSectionName); +__declspec(dllexport) bool TITCALL ExporterBuildExportTableExW(wchar_t* szExportFileName, char* szSectionName); +__declspec(dllexport) bool TITCALL ExporterLoadExportTable(char* szFileName); +__declspec(dllexport) bool TITCALL ExporterLoadExportTableW(wchar_t* szFileName); +// TitanEngine.Librarian.functions: +__declspec(dllexport) bool TITCALL LibrarianSetBreakPoint(char* szLibraryName, DWORD bpxType, bool SingleShoot, LPVOID bpxCallBack); +__declspec(dllexport) bool TITCALL LibrarianRemoveBreakPoint(char* szLibraryName, DWORD bpxType); +__declspec(dllexport) void* TITCALL LibrarianGetLibraryInfo(char* szLibraryName); +__declspec(dllexport) void* TITCALL LibrarianGetLibraryInfoW(wchar_t* szLibraryName); +__declspec(dllexport) void* TITCALL LibrarianGetLibraryInfoEx(void* BaseOfDll); +__declspec(dllexport) void* TITCALL LibrarianGetLibraryInfoExW(void* BaseOfDll); +__declspec(dllexport) void TITCALL LibrarianEnumLibraryInfo(void* EnumCallBack); +__declspec(dllexport) void TITCALL LibrarianEnumLibraryInfoW(void* EnumCallBack); +// TitanEngine.Process.functions: +__declspec(dllexport) long TITCALL GetActiveProcessId(char* szImageName); +__declspec(dllexport) long TITCALL GetActiveProcessIdW(wchar_t* szImageName); +__declspec(dllexport) void TITCALL EnumProcessesWithLibrary(char* szLibraryName, void* EnumFunction); +// TitanEngine.TLSFixer.functions: +__declspec(dllexport) bool TITCALL TLSBreakOnCallBack(LPVOID ArrayOfCallBacks, DWORD NumberOfCallBacks, LPVOID bpxCallBack); +__declspec(dllexport) bool TITCALL TLSGrabCallBackData(char* szFileName, LPVOID ArrayOfCallBacks, LPDWORD NumberOfCallBacks); +__declspec(dllexport) bool TITCALL TLSGrabCallBackDataW(wchar_t* szFileName, LPVOID ArrayOfCallBacks, LPDWORD NumberOfCallBacks); +__declspec(dllexport) bool TITCALL TLSBreakOnCallBackEx(char* szFileName, LPVOID bpxCallBack); +__declspec(dllexport) bool TITCALL TLSBreakOnCallBackExW(wchar_t* szFileName, LPVOID bpxCallBack); +__declspec(dllexport) bool TITCALL TLSRemoveCallback(char* szFileName); +__declspec(dllexport) bool TITCALL TLSRemoveCallbackW(wchar_t* szFileName); +__declspec(dllexport) bool TITCALL TLSRemoveTable(char* szFileName); +__declspec(dllexport) bool TITCALL TLSRemoveTableW(wchar_t* szFileName); +__declspec(dllexport) bool TITCALL TLSBackupData(char* szFileName); +__declspec(dllexport) bool TITCALL TLSBackupDataW(wchar_t* szFileName); +__declspec(dllexport) bool TITCALL TLSRestoreData(); +__declspec(dllexport) bool TITCALL TLSBuildNewTable(ULONG_PTR FileMapVA, ULONG_PTR StorePlace, ULONG_PTR StorePlaceRVA, LPVOID ArrayOfCallBacks, DWORD NumberOfCallBacks); +__declspec(dllexport) bool TITCALL TLSBuildNewTableEx(char* szFileName, char* szSectionName, LPVOID ArrayOfCallBacks, DWORD NumberOfCallBacks); +__declspec(dllexport) bool TITCALL TLSBuildNewTableExW(wchar_t* szFileName, char* szSectionName, LPVOID ArrayOfCallBacks, DWORD NumberOfCallBacks); +// TitanEngine.TranslateName.functions: +__declspec(dllexport) void* TITCALL TranslateNativeName(char* szNativeName); +__declspec(dllexport) void* TITCALL TranslateNativeNameW(wchar_t* szNativeName); +// TitanEngine.Handler.functions: +__declspec(dllexport) long TITCALL HandlerGetActiveHandleCount(DWORD ProcessId); +__declspec(dllexport) bool TITCALL HandlerIsHandleOpen(DWORD ProcessId, HANDLE hHandle); +__declspec(dllexport) void* TITCALL HandlerGetHandleName(HANDLE hProcess, DWORD ProcessId, HANDLE hHandle, bool TranslateName); +__declspec(dllexport) void* TITCALL HandlerGetHandleNameW(HANDLE hProcess, DWORD ProcessId, HANDLE hHandle, bool TranslateName); +__declspec(dllexport) long TITCALL HandlerEnumerateOpenHandles(DWORD ProcessId, LPVOID HandleBuffer, DWORD MaxHandleCount); +__declspec(dllexport) long long TITCALL HandlerGetHandleDetails(HANDLE hProcess, DWORD ProcessId, HANDLE hHandle, DWORD InformationReturn); +__declspec(dllexport) bool TITCALL HandlerCloseRemoteHandle(HANDLE hProcess, HANDLE hHandle); +__declspec(dllexport) long TITCALL HandlerEnumerateLockHandles(char* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated, LPVOID HandleDataBuffer, DWORD MaxHandleCount); +__declspec(dllexport) long TITCALL HandlerEnumerateLockHandlesW(wchar_t* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated, LPVOID HandleDataBuffer, DWORD MaxHandleCount); +__declspec(dllexport) bool TITCALL HandlerCloseAllLockHandles(char* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated); +__declspec(dllexport) bool TITCALL HandlerCloseAllLockHandlesW(wchar_t* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated); +__declspec(dllexport) bool TITCALL HandlerIsFileLocked(char* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated); +__declspec(dllexport) bool TITCALL HandlerIsFileLockedW(wchar_t* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated); +// TitanEngine.Handler[Mutex].functions: +__declspec(dllexport) long TITCALL HandlerEnumerateOpenMutexes(HANDLE hProcess, DWORD ProcessId, LPVOID HandleBuffer, DWORD MaxHandleCount); +__declspec(dllexport) long long TITCALL HandlerGetOpenMutexHandle(HANDLE hProcess, DWORD ProcessId, char* szMutexString); +__declspec(dllexport) long long TITCALL HandlerGetOpenMutexHandleW(HANDLE hProcess, DWORD ProcessId, wchar_t* szMutexString); +__declspec(dllexport) long TITCALL HandlerGetProcessIdWhichCreatedMutex(char* szMutexString); +__declspec(dllexport) long TITCALL HandlerGetProcessIdWhichCreatedMutexW(wchar_t* szMutexString); +// TitanEngine.Injector.functions: +__declspec(dllexport) bool TITCALL RemoteLoadLibrary(HANDLE hProcess, char* szLibraryFile, bool WaitForThreadExit); +__declspec(dllexport) bool TITCALL RemoteLoadLibraryW(HANDLE hProcess, wchar_t* szLibraryFile, bool WaitForThreadExit); +__declspec(dllexport) bool TITCALL RemoteFreeLibrary(HANDLE hProcess, HMODULE hModule, char* szLibraryFile, bool WaitForThreadExit); +__declspec(dllexport) bool TITCALL RemoteFreeLibraryW(HANDLE hProcess, HMODULE hModule, wchar_t* szLibraryFile, bool WaitForThreadExit); +__declspec(dllexport) bool TITCALL RemoteExitProcess(HANDLE hProcess, DWORD ExitCode); +// TitanEngine.StaticUnpacker.functions: +__declspec(dllexport) bool TITCALL StaticFileLoad(char* szFileName, DWORD DesiredAccess, bool SimulateLoad, LPHANDLE FileHandle, LPDWORD LoadedSize, LPHANDLE FileMap, PULONG_PTR FileMapVA); +__declspec(dllexport) bool TITCALL StaticFileLoadW(wchar_t* szFileName, DWORD DesiredAccess, bool SimulateLoad, LPHANDLE FileHandle, LPDWORD LoadedSize, LPHANDLE FileMap, PULONG_PTR FileMapVA); +__declspec(dllexport) bool TITCALL StaticFileUnload(char* szFileName, bool CommitChanges, HANDLE FileHandle, DWORD LoadedSize, HANDLE FileMap, ULONG_PTR FileMapVA); +__declspec(dllexport) bool TITCALL StaticFileUnloadW(wchar_t* szFileName, bool CommitChanges, HANDLE FileHandle, DWORD LoadedSize, HANDLE FileMap, ULONG_PTR FileMapVA); +__declspec(dllexport) bool TITCALL StaticFileOpen(char* szFileName, DWORD DesiredAccess, LPHANDLE FileHandle, LPDWORD FileSizeLow, LPDWORD FileSizeHigh); +__declspec(dllexport) bool TITCALL StaticFileOpenW(wchar_t* szFileName, DWORD DesiredAccess, LPHANDLE FileHandle, LPDWORD FileSizeLow, LPDWORD FileSizeHigh); +__declspec(dllexport) bool TITCALL StaticFileGetContent(HANDLE FileHandle, DWORD FilePositionLow, LPDWORD FilePositionHigh, void* Buffer, DWORD Size); +__declspec(dllexport) void TITCALL StaticFileClose(HANDLE FileHandle); +__declspec(dllexport) void TITCALL StaticMemoryDecrypt(LPVOID MemoryStart, DWORD MemorySize, DWORD DecryptionType, DWORD DecryptionKeySize, ULONG_PTR DecryptionKey); +__declspec(dllexport) void TITCALL StaticMemoryDecryptEx(LPVOID MemoryStart, DWORD MemorySize, DWORD DecryptionKeySize, void* DecryptionCallBack); +__declspec(dllexport) void TITCALL StaticMemoryDecryptSpecial(LPVOID MemoryStart, DWORD MemorySize, DWORD DecryptionKeySize, DWORD SpecDecryptionType, void* DecryptionCallBack); +__declspec(dllexport) void TITCALL StaticSectionDecrypt(ULONG_PTR FileMapVA, DWORD SectionNumber, bool SimulateLoad, DWORD DecryptionType, DWORD DecryptionKeySize, ULONG_PTR DecryptionKey); +__declspec(dllexport) bool TITCALL StaticMemoryDecompress(void* Source, DWORD SourceSize, void* Destination, DWORD DestinationSize, int Algorithm); +__declspec(dllexport) bool TITCALL StaticRawMemoryCopy(HANDLE hFile, ULONG_PTR FileMapVA, ULONG_PTR VitualAddressToCopy, DWORD Size, bool AddressIsRVA, char* szDumpFileName); +__declspec(dllexport) bool TITCALL StaticRawMemoryCopyW(HANDLE hFile, ULONG_PTR FileMapVA, ULONG_PTR VitualAddressToCopy, DWORD Size, bool AddressIsRVA, wchar_t* szDumpFileName); +__declspec(dllexport) bool TITCALL StaticRawMemoryCopyEx(HANDLE hFile, DWORD RawAddressToCopy, DWORD Size, char* szDumpFileName); +__declspec(dllexport) bool TITCALL StaticRawMemoryCopyExW(HANDLE hFile, DWORD RawAddressToCopy, DWORD Size, wchar_t* szDumpFileName); +__declspec(dllexport) bool TITCALL StaticRawMemoryCopyEx64(HANDLE hFile, DWORD64 RawAddressToCopy, DWORD64 Size, char* szDumpFileName); +__declspec(dllexport) bool TITCALL StaticRawMemoryCopyEx64W(HANDLE hFile, DWORD64 RawAddressToCopy, DWORD64 Size, wchar_t* szDumpFileName); +__declspec(dllexport) bool TITCALL StaticHashMemory(void* MemoryToHash, DWORD SizeOfMemory, void* HashDigest, bool OutputString, int Algorithm); +__declspec(dllexport) bool TITCALL StaticHashFileW(wchar_t* szFileName, char* HashDigest, bool OutputString, int Algorithm); +__declspec(dllexport) bool TITCALL StaticHashFile(char* szFileName, char* HashDigest, bool OutputString, int Algorithm); +// TitanEngine.Engine.functions: +__declspec(dllexport) void TITCALL EngineUnpackerInitialize(char* szFileName, char* szUnpackedFileName, bool DoLogData, bool DoRealignFile, bool DoMoveOverlay, void* EntryCallBack); +__declspec(dllexport) void TITCALL EngineUnpackerInitializeW(wchar_t* szFileName, wchar_t* szUnpackedFileName, bool DoLogData, bool DoRealignFile, bool DoMoveOverlay, void* EntryCallBack); +__declspec(dllexport) bool TITCALL EngineUnpackerSetBreakCondition(void* SearchStart, DWORD SearchSize, void* SearchPattern, DWORD PatternSize, DWORD PatternDelta, ULONG_PTR BreakType, bool SingleBreak, DWORD Parameter1, DWORD Parameter2); +__declspec(dllexport) void TITCALL EngineUnpackerSetEntryPointAddress(ULONG_PTR UnpackedEntryPointAddress); +__declspec(dllexport) void TITCALL EngineUnpackerFinalizeUnpacking(); +// TitanEngine.Engine.functions: +__declspec(dllexport) void TITCALL SetEngineVariable(DWORD VariableId, bool VariableSet); +__declspec(dllexport) bool TITCALL EngineCreateMissingDependencies(char* szFileName, char* szOutputFolder, bool LogCreatedFiles); +__declspec(dllexport) bool TITCALL EngineCreateMissingDependenciesW(wchar_t* szFileName, wchar_t* szOutputFolder, bool LogCreatedFiles); +__declspec(dllexport) bool TITCALL EngineFakeMissingDependencies(HANDLE hProcess); +__declspec(dllexport) bool TITCALL EngineDeleteCreatedDependencies(); +__declspec(dllexport) bool TITCALL EngineCreateUnpackerWindow(char* WindowUnpackerTitle, char* WindowUnpackerLongTitle, char* WindowUnpackerName, char* WindowUnpackerAuthor, void* StartUnpackingCallBack); +__declspec(dllexport) void TITCALL EngineAddUnpackerWindowLogMessage(char* szLogMessage); +// Global.Engine.Extension.Functions: +__declspec(dllexport) bool TITCALL ExtensionManagerIsPluginLoaded(char* szPluginName); +__declspec(dllexport) bool TITCALL ExtensionManagerIsPluginEnabled(char* szPluginName); +__declspec(dllexport) bool TITCALL ExtensionManagerDisableAllPlugins(); +__declspec(dllexport) bool TITCALL ExtensionManagerDisablePlugin(char* szPluginName); +__declspec(dllexport) bool TITCALL ExtensionManagerEnableAllPlugins(); +__declspec(dllexport) bool TITCALL ExtensionManagerEnablePlugin(char* szPluginName); +__declspec(dllexport) bool TITCALL ExtensionManagerUnloadAllPlugins(); +__declspec(dllexport) bool TITCALL ExtensionManagerUnloadPlugin(char* szPluginName); +__declspec(dllexport) void* TITCALL ExtensionManagerGetPluginInfo(char* szPluginName); + +#ifdef __cplusplus +} +#endif + +#pragma pack(pop) + +#endif /*TITANENGINE*/ diff --git a/SDK/CPP/TitanEngine.h b/SDK/CPP/TitanEngine.h new file mode 100644 index 0000000..cb1b00f --- /dev/null +++ b/SDK/CPP/TitanEngine.h @@ -0,0 +1,938 @@ +#ifndef TITANENGINE +#define TITANENGINE + +#define TITCALL + +#if _MSC_VER > 1000 +#pragma once +#endif + +#include + +#pragma pack(push, 1) + +// Global.Constant.Structure.Declaration: +// Engine.External: +#define UE_ACCESS_READ 0 +#define UE_ACCESS_WRITE 1 +#define UE_ACCESS_ALL 2 + +#define UE_HIDE_BASIC 1 + +#define UE_PLUGIN_CALL_REASON_PREDEBUG 1 +#define UE_PLUGIN_CALL_REASON_EXCEPTION 2 +#define UE_PLUGIN_CALL_REASON_POSTDEBUG 3 + +#define TEE_HOOK_NRM_JUMP 1 +#define TEE_HOOK_NRM_CALL 3 +#define TEE_HOOK_IAT 5 + +#define UE_ENGINE_ALOW_MODULE_LOADING 1 +#define UE_ENGINE_AUTOFIX_FORWARDERS 2 +#define UE_ENGINE_PASS_ALL_EXCEPTIONS 3 +#define UE_ENGINE_NO_CONSOLE_WINDOW 4 +#define UE_ENGINE_BACKUP_FOR_CRITICAL_FUNCTIONS 5 +#define UE_ENGINE_CALL_PLUGIN_CALLBACK 6 +#define UE_ENGINE_RESET_CUSTOM_HANDLER 7 +#define UE_ENGINE_CALL_PLUGIN_DEBUG_CALLBACK 8 + +#define UE_OPTION_REMOVEALL 1 +#define UE_OPTION_DISABLEALL 2 +#define UE_OPTION_REMOVEALLDISABLED 3 +#define UE_OPTION_REMOVEALLENABLED 4 + +#define UE_STATIC_DECRYPTOR_XOR 1 +#define UE_STATIC_DECRYPTOR_SUB 2 +#define UE_STATIC_DECRYPTOR_ADD 3 + +#define UE_STATIC_DECRYPTOR_FOREWARD 1 +#define UE_STATIC_DECRYPTOR_BACKWARD 2 + +#define UE_STATIC_KEY_SIZE_1 1 +#define UE_STATIC_KEY_SIZE_2 2 +#define UE_STATIC_KEY_SIZE_4 4 +#define UE_STATIC_KEY_SIZE_8 8 + +#define UE_STATIC_APLIB 1 +#define UE_STATIC_APLIB_DEPACK 2 +#define UE_STATIC_LZMA 3 + +#define UE_STATIC_HASH_MD5 1 +#define UE_STATIC_HASH_SHA1 2 +#define UE_STATIC_HASH_CRC32 3 + +#define UE_RESOURCE_LANGUAGE_ANY -1 + +#define UE_PE_OFFSET 0 +#define UE_IMAGEBASE 1 +#define UE_OEP 2 +#define UE_SIZEOFIMAGE 3 +#define UE_SIZEOFHEADERS 4 +#define UE_SIZEOFOPTIONALHEADER 5 +#define UE_SECTIONALIGNMENT 6 +#define UE_IMPORTTABLEADDRESS 7 +#define UE_IMPORTTABLESIZE 8 +#define UE_RESOURCETABLEADDRESS 9 +#define UE_RESOURCETABLESIZE 10 +#define UE_EXPORTTABLEADDRESS 11 +#define UE_EXPORTTABLESIZE 12 +#define UE_TLSTABLEADDRESS 13 +#define UE_TLSTABLESIZE 14 +#define UE_RELOCATIONTABLEADDRESS 15 +#define UE_RELOCATIONTABLESIZE 16 +#define UE_TIMEDATESTAMP 17 +#define UE_SECTIONNUMBER 18 +#define UE_CHECKSUM 19 +#define UE_SUBSYSTEM 20 +#define UE_CHARACTERISTICS 21 +#define UE_NUMBEROFRVAANDSIZES 22 +#define UE_SECTIONNAME 23 +#define UE_SECTIONVIRTUALOFFSET 24 +#define UE_SECTIONVIRTUALSIZE 25 +#define UE_SECTIONRAWOFFSET 26 +#define UE_SECTIONRAWSIZE 27 +#define UE_SECTIONFLAGS 28 + +#define UE_CH_BREAKPOINT 1 +#define UE_CH_SINGLESTEP 2 +#define UE_CH_ACCESSVIOLATION 3 +#define UE_CH_ILLEGALINSTRUCTION 4 +#define UE_CH_NONCONTINUABLEEXCEPTION 5 +#define UE_CH_ARRAYBOUNDSEXCEPTION 6 +#define UE_CH_FLOATDENORMALOPERAND 7 +#define UE_CH_FLOATDEVIDEBYZERO 8 +#define UE_CH_INTEGERDEVIDEBYZERO 9 +#define UE_CH_INTEGEROVERFLOW 10 +#define UE_CH_PRIVILEGEDINSTRUCTION 11 +#define UE_CH_PAGEGUARD 12 +#define UE_CH_EVERYTHINGELSE 13 +#define UE_CH_CREATETHREAD 14 +#define UE_CH_EXITTHREAD 15 +#define UE_CH_CREATEPROCESS 16 +#define UE_CH_EXITPROCESS 17 +#define UE_CH_LOADDLL 18 +#define UE_CH_UNLOADDLL 19 +#define UE_CH_OUTPUTDEBUGSTRING 20 +#define UE_CH_AFTEREXCEPTIONPROCESSING 21 +#define UE_CH_ALLEVENTS 22 +#define UE_CH_SYSTEMBREAKPOINT 23 +#define UE_CH_UNHANDLEDEXCEPTION 24 +#define UE_CH_AFTERUNHANDLEDEXCEPTION 25 + +#define UE_OPTION_HANDLER_RETURN_HANDLECOUNT 1 +#define UE_OPTION_HANDLER_RETURN_ACCESS 2 +#define UE_OPTION_HANDLER_RETURN_FLAGS 3 +#define UE_OPTION_HANDLER_RETURN_TYPENAME 4 + +#define UE_BREAKPOINT_INT3 1 +#define UE_BREAKPOINT_LONG_INT3 2 +#define UE_BREAKPOINT_UD2 3 + +#define UE_BPXREMOVED 0 +#define UE_BPXACTIVE 1 +#define UE_BPXINACTIVE 2 + +#define UE_BREAKPOINT 0 +#define UE_SINGLESHOOT 1 +#define UE_HARDWARE 2 +#define UE_MEMORY 3 +#define UE_MEMORY_READ 4 +#define UE_MEMORY_WRITE 5 +#define UE_MEMORY_EXECUTE 6 +#define UE_BREAKPOINT_TYPE_INT3 0x10000000 +#define UE_BREAKPOINT_TYPE_LONG_INT3 0x20000000 +#define UE_BREAKPOINT_TYPE_UD2 0x30000000 + +#define UE_HARDWARE_EXECUTE 4 +#define UE_HARDWARE_WRITE 5 +#define UE_HARDWARE_READWRITE 6 + +#define UE_HARDWARE_SIZE_1 7 +#define UE_HARDWARE_SIZE_2 8 +#define UE_HARDWARE_SIZE_4 9 +#define UE_HARDWARE_SIZE_8 10 + +#define UE_ON_LIB_LOAD 1 +#define UE_ON_LIB_UNLOAD 2 +#define UE_ON_LIB_ALL 3 + +#define UE_APISTART 0 +#define UE_APIEND 1 + +#define UE_PLATFORM_x86 1 +#define UE_PLATFORM_x64 2 +#define UE_PLATFORM_ALL 3 + +#define UE_FUNCTION_STDCALL 1 +#define UE_FUNCTION_CCALL 2 +#define UE_FUNCTION_FASTCALL 3 +#define UE_FUNCTION_STDCALL_RET 4 +#define UE_FUNCTION_CCALL_RET 5 +#define UE_FUNCTION_FASTCALL_RET 6 +#define UE_FUNCTION_STDCALL_CALL 7 +#define UE_FUNCTION_CCALL_CALL 8 +#define UE_FUNCTION_FASTCALL_CALL 9 +#define UE_PARAMETER_BYTE 0 +#define UE_PARAMETER_WORD 1 +#define UE_PARAMETER_DWORD 2 +#define UE_PARAMETER_QWORD 3 +#define UE_PARAMETER_PTR_BYTE 4 +#define UE_PARAMETER_PTR_WORD 5 +#define UE_PARAMETER_PTR_DWORD 6 +#define UE_PARAMETER_PTR_QWORD 7 +#define UE_PARAMETER_STRING 8 +#define UE_PARAMETER_UNICODE 9 + +#define UE_CMP_NOCONDITION 0 +#define UE_CMP_EQUAL 1 +#define UE_CMP_NOTEQUAL 2 +#define UE_CMP_GREATER 3 +#define UE_CMP_GREATEROREQUAL 4 +#define UE_CMP_LOWER 5 +#define UE_CMP_LOWEROREQUAL 6 +#define UE_CMP_REG_EQUAL 7 +#define UE_CMP_REG_NOTEQUAL 8 +#define UE_CMP_REG_GREATER 9 +#define UE_CMP_REG_GREATEROREQUAL 10 +#define UE_CMP_REG_LOWER 11 +#define UE_CMP_REG_LOWEROREQUAL 12 +#define UE_CMP_ALWAYSFALSE 13 + +#define UE_EAX 1 +#define UE_EBX 2 +#define UE_ECX 3 +#define UE_EDX 4 +#define UE_EDI 5 +#define UE_ESI 6 +#define UE_EBP 7 +#define UE_ESP 8 +#define UE_EIP 9 +#define UE_EFLAGS 10 +#define UE_DR0 11 +#define UE_DR1 12 +#define UE_DR2 13 +#define UE_DR3 14 +#define UE_DR6 15 +#define UE_DR7 16 +#define UE_RAX 17 +#define UE_RBX 18 +#define UE_RCX 19 +#define UE_RDX 20 +#define UE_RDI 21 +#define UE_RSI 22 +#define UE_RBP 23 +#define UE_RSP 24 +#define UE_RIP 25 +#define UE_RFLAGS 26 +#define UE_R8 27 +#define UE_R9 28 +#define UE_R10 29 +#define UE_R11 30 +#define UE_R12 31 +#define UE_R13 32 +#define UE_R14 33 +#define UE_R15 34 +#define UE_CIP 35 +#define UE_CSP 36 +#ifdef _WIN64 +#define UE_CFLAGS UE_RFLAGS +#else +#define UE_CFLAGS UE_EFLAGS +#endif +#define UE_SEG_GS 37 +#define UE_SEG_FS 38 +#define UE_SEG_ES 39 +#define UE_SEG_DS 40 +#define UE_SEG_CS 41 +#define UE_SEG_SS 42 + +typedef struct +{ + DWORD PE32Offset; + DWORD ImageBase; + DWORD OriginalEntryPoint; + DWORD NtSizeOfImage; + DWORD NtSizeOfHeaders; + WORD SizeOfOptionalHeaders; + DWORD FileAlignment; + DWORD SectionAligment; + DWORD ImportTableAddress; + DWORD ImportTableSize; + DWORD ResourceTableAddress; + DWORD ResourceTableSize; + DWORD ExportTableAddress; + DWORD ExportTableSize; + DWORD TLSTableAddress; + DWORD TLSTableSize; + DWORD RelocationTableAddress; + DWORD RelocationTableSize; + DWORD TimeDateStamp; + WORD SectionNumber; + DWORD CheckSum; + WORD SubSystem; + WORD Characteristics; + DWORD NumberOfRvaAndSizes; +} PE32Struct, *PPE32Struct; + +typedef struct +{ + DWORD PE64Offset; + DWORD64 ImageBase; + DWORD OriginalEntryPoint; + DWORD NtSizeOfImage; + DWORD NtSizeOfHeaders; + WORD SizeOfOptionalHeaders; + DWORD FileAlignment; + DWORD SectionAligment; + DWORD ImportTableAddress; + DWORD ImportTableSize; + DWORD ResourceTableAddress; + DWORD ResourceTableSize; + DWORD ExportTableAddress; + DWORD ExportTableSize; + DWORD TLSTableAddress; + DWORD TLSTableSize; + DWORD RelocationTableAddress; + DWORD RelocationTableSize; + DWORD TimeDateStamp; + WORD SectionNumber; + DWORD CheckSum; + WORD SubSystem; + WORD Characteristics; + DWORD NumberOfRvaAndSizes; +} PE64Struct, *PPE64Struct; + +typedef struct +{ + bool NewDll; + int NumberOfImports; + ULONG_PTR ImageBase; + ULONG_PTR BaseImportThunk; + ULONG_PTR ImportThunk; + char* APIName; + char* DLLName; +} ImportEnumData, *PImportEnumData; + +typedef struct +{ + HANDLE hThread; + DWORD dwThreadId; + void* ThreadStartAddress; + void* ThreadLocalBase; +} THREAD_ITEM_DATA, *PTHREAD_ITEM_DATA; + +typedef struct +{ + HANDLE hFile; + void* BaseOfDll; + HANDLE hFileMapping; + void* hFileMappingView; + char szLibraryPath[MAX_PATH]; + char szLibraryName[MAX_PATH]; +} LIBRARY_ITEM_DATA, *PLIBRARY_ITEM_DATA; + +typedef struct +{ + HANDLE hFile; + void* BaseOfDll; + HANDLE hFileMapping; + void* hFileMappingView; + wchar_t szLibraryPath[MAX_PATH]; + wchar_t szLibraryName[MAX_PATH]; +} LIBRARY_ITEM_DATAW, *PLIBRARY_ITEM_DATAW; + +typedef struct +{ + HANDLE hProcess; + DWORD dwProcessId; + HANDLE hThread; + DWORD dwThreadId; + HANDLE hFile; + void* BaseOfImage; + void* ThreadStartAddress; + void* ThreadLocalBase; +} PROCESS_ITEM_DATA, *PPROCESS_ITEM_DATA; + +typedef struct +{ + ULONG ProcessId; + HANDLE hHandle; +} HandlerArray, *PHandlerArray; + +typedef struct +{ + char PluginName[64]; + DWORD PluginMajorVersion; + DWORD PluginMinorVersion; + HMODULE PluginBaseAddress; + void* TitanDebuggingCallBack; + void* TitanRegisterPlugin; + void* TitanReleasePlugin; + void* TitanResetPlugin; + bool PluginDisabled; +} PluginInformation, *PPluginInformation; + +#define TEE_MAXIMUM_HOOK_SIZE 14 +#define TEE_MAXIMUM_HOOK_RELOCS 7 +#if defined(_WIN64) +#define TEE_MAXIMUM_HOOK_INSERT_SIZE 14 +#else +#define TEE_MAXIMUM_HOOK_INSERT_SIZE 5 +#endif + +typedef struct HOOK_ENTRY +{ + bool IATHook; + BYTE HookType; + DWORD HookSize; + void* HookAddress; + void* RedirectionAddress; + BYTE HookBytes[TEE_MAXIMUM_HOOK_SIZE]; + BYTE OriginalBytes[TEE_MAXIMUM_HOOK_SIZE]; + void* IATHookModuleBase; + DWORD IATHookNameHash; + bool HookIsEnabled; + bool HookIsRemote; + void* PatchedEntry; + DWORD RelocationInfo[TEE_MAXIMUM_HOOK_RELOCS]; + int RelocationCount; +} HOOK_ENTRY, *PHOOK_ENTRY; + +#define UE_DEPTH_SURFACE 0 +#define UE_DEPTH_DEEP 1 + +#define UE_UNPACKER_CONDITION_SEARCH_FROM_EP 1 + +#define UE_UNPACKER_CONDITION_LOADLIBRARY 1 +#define UE_UNPACKER_CONDITION_GETPROCADDRESS 2 +#define UE_UNPACKER_CONDITION_ENTRYPOINTBREAK 3 +#define UE_UNPACKER_CONDITION_RELOCSNAPSHOT1 4 +#define UE_UNPACKER_CONDITION_RELOCSNAPSHOT2 5 + +#define UE_FIELD_OK 0 +#define UE_FIELD_BROKEN_NON_FIXABLE 1 +#define UE_FIELD_BROKEN_NON_CRITICAL 2 +#define UE_FIELD_BROKEN_FIXABLE_FOR_STATIC_USE 3 +#define UE_FIELD_BROKEN_BUT_CAN_BE_EMULATED 4 +#define UE_FILED_FIXABLE_NON_CRITICAL 5 +#define UE_FILED_FIXABLE_CRITICAL 6 +#define UE_FIELD_NOT_PRESET 7 +#define UE_FIELD_NOT_PRESET_WARNING 8 + +#define UE_RESULT_FILE_OK 10 +#define UE_RESULT_FILE_INVALID_BUT_FIXABLE 11 +#define UE_RESULT_FILE_INVALID_AND_NON_FIXABLE 12 +#define UE_RESULT_FILE_INVALID_FORMAT 13 + +typedef struct +{ + BYTE OveralEvaluation; + bool EvaluationTerminatedByException; + bool FileIs64Bit; + bool FileIsDLL; + bool FileIsConsole; + bool MissingDependencies; + bool MissingDeclaredAPIs; + BYTE SignatureMZ; + BYTE SignaturePE; + BYTE EntryPoint; + BYTE ImageBase; + BYTE SizeOfImage; + BYTE FileAlignment; + BYTE SectionAlignment; + BYTE ExportTable; + BYTE RelocationTable; + BYTE ImportTable; + BYTE ImportTableSection; + BYTE ImportTableData; + BYTE IATTable; + BYTE TLSTable; + BYTE LoadConfigTable; + BYTE BoundImportTable; + BYTE COMHeaderTable; + BYTE ResourceTable; + BYTE ResourceData; + BYTE SectionTable; +} FILE_STATUS_INFO, *PFILE_STATUS_INFO; + +typedef struct +{ + BYTE OveralEvaluation; + bool FixingTerminatedByException; + bool FileFixPerformed; + bool StrippedRelocation; + bool DontFixRelocations; + DWORD OriginalRelocationTableAddress; + DWORD OriginalRelocationTableSize; + bool StrippedExports; + bool DontFixExports; + DWORD OriginalExportTableAddress; + DWORD OriginalExportTableSize; + bool StrippedResources; + bool DontFixResources; + DWORD OriginalResourceTableAddress; + DWORD OriginalResourceTableSize; + bool StrippedTLS; + bool DontFixTLS; + DWORD OriginalTLSTableAddress; + DWORD OriginalTLSTableSize; + bool StrippedLoadConfig; + bool DontFixLoadConfig; + DWORD OriginalLoadConfigTableAddress; + DWORD OriginalLoadConfigTableSize; + bool StrippedBoundImports; + bool DontFixBoundImports; + DWORD OriginalBoundImportTableAddress; + DWORD OriginalBoundImportTableSize; + bool StrippedIAT; + bool DontFixIAT; + DWORD OriginalImportAddressTableAddress; + DWORD OriginalImportAddressTableSize; + bool StrippedCOM; + bool DontFixCOM; + DWORD OriginalCOMTableAddress; + DWORD OriginalCOMTableSize; +} FILE_FIX_INFO, *PFILE_FIX_INFO; + +#ifdef __cplusplus +extern "C" +{ +#endif + +// Global.Function.Declaration: +// TitanEngine.Dumper.functions: +__declspec(dllexport) bool TITCALL DumpProcess(HANDLE hProcess, LPVOID ImageBase, char* szDumpFileName, ULONG_PTR EntryPoint); +__declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBase, wchar_t* szDumpFileName, ULONG_PTR EntryPoint); +__declspec(dllexport) bool TITCALL DumpProcessEx(DWORD ProcessId, LPVOID ImageBase, char* szDumpFileName, ULONG_PTR EntryPoint); +__declspec(dllexport) bool TITCALL DumpProcessExW(DWORD ProcessId, LPVOID ImageBase, wchar_t* szDumpFileName, ULONG_PTR EntryPoint); +__declspec(dllexport) bool TITCALL DumpMemory(HANDLE hProcess, LPVOID MemoryStart, ULONG_PTR MemorySize, char* szDumpFileName); +__declspec(dllexport) bool TITCALL DumpMemoryW(HANDLE hProcess, LPVOID MemoryStart, ULONG_PTR MemorySize, wchar_t* szDumpFileName); +__declspec(dllexport) bool TITCALL DumpMemoryEx(DWORD ProcessId, LPVOID MemoryStart, ULONG_PTR MemorySize, char* szDumpFileName); +__declspec(dllexport) bool TITCALL DumpMemoryExW(DWORD ProcessId, LPVOID MemoryStart, ULONG_PTR MemorySize, wchar_t* szDumpFileName); +__declspec(dllexport) bool TITCALL DumpRegions(HANDLE hProcess, char* szDumpFolder, bool DumpAboveImageBaseOnly); +__declspec(dllexport) bool TITCALL DumpRegionsW(HANDLE hProcess, wchar_t* szDumpFolder, bool DumpAboveImageBaseOnly); +__declspec(dllexport) bool TITCALL DumpRegionsEx(DWORD ProcessId, char* szDumpFolder, bool DumpAboveImageBaseOnly); +__declspec(dllexport) bool TITCALL DumpRegionsExW(DWORD ProcessId, wchar_t* szDumpFolder, bool DumpAboveImageBaseOnly); +__declspec(dllexport) bool TITCALL DumpModule(HANDLE hProcess, LPVOID ModuleBase, char* szDumpFileName); +__declspec(dllexport) bool TITCALL DumpModuleW(HANDLE hProcess, LPVOID ModuleBase, wchar_t* szDumpFileName); +__declspec(dllexport) bool TITCALL DumpModuleEx(DWORD ProcessId, LPVOID ModuleBase, char* szDumpFileName); +__declspec(dllexport) bool TITCALL DumpModuleExW(DWORD ProcessId, LPVOID ModuleBase, wchar_t* szDumpFileName); +__declspec(dllexport) bool TITCALL PastePEHeader(HANDLE hProcess, LPVOID ImageBase, char* szDebuggedFileName); +__declspec(dllexport) bool TITCALL PastePEHeaderW(HANDLE hProcess, LPVOID ImageBase, wchar_t* szDebuggedFileName); +__declspec(dllexport) bool TITCALL ExtractSection(char* szFileName, char* szDumpFileName, DWORD SectionNumber); +__declspec(dllexport) bool TITCALL ExtractSectionW(wchar_t* szFileName, wchar_t* szDumpFileName, DWORD SectionNumber); +__declspec(dllexport) bool TITCALL ResortFileSections(char* szFileName); +__declspec(dllexport) bool TITCALL ResortFileSectionsW(wchar_t* szFileName); +__declspec(dllexport) bool TITCALL FindOverlay(char* szFileName, LPDWORD OverlayStart, LPDWORD OverlaySize); +__declspec(dllexport) bool TITCALL FindOverlayW(wchar_t* szFileName, LPDWORD OverlayStart, LPDWORD OverlaySize); +__declspec(dllexport) bool TITCALL ExtractOverlay(char* szFileName, char* szExtactedFileName); +__declspec(dllexport) bool TITCALL ExtractOverlayW(wchar_t* szFileName, wchar_t* szExtactedFileName); +__declspec(dllexport) bool TITCALL AddOverlay(char* szFileName, char* szOverlayFileName); +__declspec(dllexport) bool TITCALL AddOverlayW(wchar_t* szFileName, wchar_t* szOverlayFileName); +__declspec(dllexport) bool TITCALL CopyOverlay(char* szInFileName, char* szOutFileName); +__declspec(dllexport) bool TITCALL CopyOverlayW(wchar_t* szInFileName, wchar_t* szOutFileName); +__declspec(dllexport) bool TITCALL RemoveOverlay(char* szFileName); +__declspec(dllexport) bool TITCALL RemoveOverlayW(wchar_t* szFileName); +__declspec(dllexport) bool TITCALL MakeAllSectionsRWE(char* szFileName); +__declspec(dllexport) bool TITCALL MakeAllSectionsRWEW(wchar_t* szFileName); +__declspec(dllexport) long TITCALL AddNewSectionEx(char* szFileName, char* szSectionName, DWORD SectionSize, DWORD SectionAttributes, LPVOID SectionContent, DWORD ContentSize); +__declspec(dllexport) long TITCALL AddNewSectionExW(wchar_t* szFileName, char* szSectionName, DWORD SectionSize, DWORD SectionAttributes, LPVOID SectionContent, DWORD ContentSize); +__declspec(dllexport) long TITCALL AddNewSection(char* szFileName, char* szSectionName, DWORD SectionSize); +__declspec(dllexport) long TITCALL AddNewSectionW(wchar_t* szFileName, char* szSectionName, DWORD SectionSize); +__declspec(dllexport) bool TITCALL ResizeLastSection(char* szFileName, DWORD NumberOfExpandBytes, bool AlignResizeData); +__declspec(dllexport) bool TITCALL ResizeLastSectionW(wchar_t* szFileName, DWORD NumberOfExpandBytes, bool AlignResizeData); +__declspec(dllexport) void TITCALL SetSharedOverlay(char* szFileName); +__declspec(dllexport) void TITCALL SetSharedOverlayW(wchar_t* szFileName); +__declspec(dllexport) char* TITCALL GetSharedOverlay(); +__declspec(dllexport) wchar_t* TITCALL GetSharedOverlayW(); +__declspec(dllexport) bool TITCALL DeleteLastSection(char* szFileName); +__declspec(dllexport) bool TITCALL DeleteLastSectionW(wchar_t* szFileName); +__declspec(dllexport) bool TITCALL DeleteLastSectionEx(char* szFileName, DWORD NumberOfSections); +__declspec(dllexport) bool TITCALL DeleteLastSectionExW(wchar_t* szFileName, DWORD NumberOfSections); +__declspec(dllexport) long long TITCALL GetPE32DataFromMappedFile(ULONG_PTR FileMapVA, DWORD WhichSection, DWORD WhichData); +__declspec(dllexport) long long TITCALL GetPE32Data(char* szFileName, DWORD WhichSection, DWORD WhichData); +__declspec(dllexport) long long TITCALL GetPE32DataW(wchar_t* szFileName, DWORD WhichSection, DWORD WhichData); +__declspec(dllexport) bool TITCALL GetPE32DataFromMappedFileEx(ULONG_PTR FileMapVA, LPVOID DataStorage); +__declspec(dllexport) bool TITCALL GetPE32DataEx(char* szFileName, LPVOID DataStorage); +__declspec(dllexport) bool TITCALL GetPE32DataExW(wchar_t* szFileName, LPVOID DataStorage); +__declspec(dllexport) bool TITCALL SetPE32DataForMappedFile(ULONG_PTR FileMapVA, DWORD WhichSection, DWORD WhichData, ULONG_PTR NewDataValue); +__declspec(dllexport) bool TITCALL SetPE32Data(char* szFileName, DWORD WhichSection, DWORD WhichData, ULONG_PTR NewDataValue); +__declspec(dllexport) bool TITCALL SetPE32DataW(wchar_t* szFileName, DWORD WhichSection, DWORD WhichData, ULONG_PTR NewDataValue); +__declspec(dllexport) bool TITCALL SetPE32DataForMappedFileEx(ULONG_PTR FileMapVA, LPVOID DataStorage); +__declspec(dllexport) bool TITCALL SetPE32DataEx(char* szFileName, LPVOID DataStorage); +__declspec(dllexport) bool TITCALL SetPE32DataExW(wchar_t* szFileName, LPVOID DataStorage); +__declspec(dllexport) long TITCALL GetPE32SectionNumberFromVA(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert); +__declspec(dllexport) long long TITCALL ConvertVAtoFileOffset(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType); +__declspec(dllexport) long long TITCALL ConvertVAtoFileOffsetEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool AddressIsRVA, bool ReturnType); +__declspec(dllexport) long long TITCALL ConvertFileOffsetToVA(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType); +__declspec(dllexport) long long TITCALL ConvertFileOffsetToVAEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool ReturnType); +// TitanEngine.Realigner.functions: +__declspec(dllexport) bool TITCALL FixHeaderCheckSum(char* szFileName); +__declspec(dllexport) bool TITCALL FixHeaderCheckSumW(wchar_t* szFileName); +__declspec(dllexport) long TITCALL RealignPE(ULONG_PTR FileMapVA, DWORD FileSize, DWORD RealingMode); +__declspec(dllexport) long TITCALL RealignPEEx(char* szFileName, DWORD RealingFileSize, DWORD ForcedFileAlignment); +__declspec(dllexport) long TITCALL RealignPEExW(wchar_t* szFileName, DWORD RealingFileSize, DWORD ForcedFileAlignment); +__declspec(dllexport) bool TITCALL WipeSection(char* szFileName, int WipeSectionNumber, bool RemovePhysically); +__declspec(dllexport) bool TITCALL WipeSectionW(wchar_t* szFileName, int WipeSectionNumber, bool RemovePhysically); +__declspec(dllexport) bool TITCALL IsPE32FileValidEx(char* szFileName, DWORD CheckDepth, LPVOID FileStatusInfo); +__declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD CheckDepth, LPVOID FileStatusInfo); +__declspec(dllexport) bool TITCALL FixBrokenPE32FileEx(char* szFileName, LPVOID FileStatusInfo, LPVOID FileFixInfo); +__declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPVOID FileStatusInfo, LPVOID FileFixInfo); +__declspec(dllexport) bool TITCALL IsFileDLL(char* szFileName, ULONG_PTR FileMapVA); +__declspec(dllexport) bool TITCALL IsFileDLLW(wchar_t* szFileName, ULONG_PTR FileMapVA); +// TitanEngine.Hider.functions: +__declspec(dllexport) void* TITCALL GetPEBLocation(HANDLE hProcess); +__declspec(dllexport) bool TITCALL HideDebugger(HANDLE hProcess, DWORD PatchAPILevel); +__declspec(dllexport) bool TITCALL UnHideDebugger(HANDLE hProcess, DWORD PatchAPILevel); +// TitanEngine.Relocater.functions: +__declspec(dllexport) void TITCALL RelocaterCleanup(); +__declspec(dllexport) void TITCALL RelocaterInit(DWORD MemorySize, ULONG_PTR OldImageBase, ULONG_PTR NewImageBase); +__declspec(dllexport) void TITCALL RelocaterAddNewRelocation(HANDLE hProcess, ULONG_PTR RelocateAddress, DWORD RelocateState); +__declspec(dllexport) long TITCALL RelocaterEstimatedSize(); +__declspec(dllexport) bool TITCALL RelocaterExportRelocation(ULONG_PTR StorePlace, DWORD StorePlaceRVA, ULONG_PTR FileMapVA); +__declspec(dllexport) bool TITCALL RelocaterExportRelocationEx(char* szFileName, char* szSectionName); +__declspec(dllexport) bool TITCALL RelocaterExportRelocationExW(wchar_t* szFileName, char* szSectionName); +__declspec(dllexport) bool TITCALL RelocaterGrabRelocationTable(HANDLE hProcess, ULONG_PTR MemoryStart, DWORD MemorySize); +__declspec(dllexport) bool TITCALL RelocaterGrabRelocationTableEx(HANDLE hProcess, ULONG_PTR MemoryStart, ULONG_PTR MemorySize, DWORD NtSizeOfImage); +__declspec(dllexport) bool TITCALL RelocaterMakeSnapshot(HANDLE hProcess, char* szSaveFileName, LPVOID MemoryStart, ULONG_PTR MemorySize); +__declspec(dllexport) bool TITCALL RelocaterMakeSnapshotW(HANDLE hProcess, wchar_t* szSaveFileName, LPVOID MemoryStart, ULONG_PTR MemorySize); +__declspec(dllexport) bool TITCALL RelocaterCompareTwoSnapshots(HANDLE hProcess, ULONG_PTR LoadedImageBase, ULONG_PTR NtSizeOfImage, char* szDumpFile1, char* szDumpFile2, ULONG_PTR MemStart); +__declspec(dllexport) bool TITCALL RelocaterCompareTwoSnapshotsW(HANDLE hProcess, ULONG_PTR LoadedImageBase, ULONG_PTR NtSizeOfImage, wchar_t* szDumpFile1, wchar_t* szDumpFile2, ULONG_PTR MemStart); +__declspec(dllexport) bool TITCALL RelocaterChangeFileBase(char* szFileName, ULONG_PTR NewImageBase); +__declspec(dllexport) bool TITCALL RelocaterChangeFileBaseW(wchar_t* szFileName, ULONG_PTR NewImageBase); +__declspec(dllexport) bool TITCALL RelocaterRelocateMemoryBlock(ULONG_PTR FileMapVA, ULONG_PTR MemoryLocation, void* RelocateMemory, DWORD RelocateMemorySize, ULONG_PTR CurrentLoadedBase, ULONG_PTR RelocateBase); +__declspec(dllexport) bool TITCALL RelocaterWipeRelocationTable(char* szFileName); +__declspec(dllexport) bool TITCALL RelocaterWipeRelocationTableW(wchar_t* szFileName); +// TitanEngine.Resourcer.functions: +__declspec(dllexport) long long TITCALL ResourcerLoadFileForResourceUse(char* szFileName); +__declspec(dllexport) long long TITCALL ResourcerLoadFileForResourceUseW(wchar_t* szFileName); +__declspec(dllexport) bool TITCALL ResourcerFreeLoadedFile(LPVOID LoadedFileBase); +__declspec(dllexport) bool TITCALL ResourcerExtractResourceFromFileEx(ULONG_PTR FileMapVA, char* szResourceType, char* szResourceName, char* szExtractedFileName); +__declspec(dllexport) bool TITCALL ResourcerExtractResourceFromFile(char* szFileName, char* szResourceType, char* szResourceName, char* szExtractedFileName); +__declspec(dllexport) bool TITCALL ResourcerExtractResourceFromFileW(wchar_t* szFileName, char* szResourceType, char* szResourceName, char* szExtractedFileName); +__declspec(dllexport) bool TITCALL ResourcerFindResource(char* szFileName, char* szResourceType, DWORD ResourceType, char* szResourceName, DWORD ResourceName, DWORD ResourceLanguage, PULONG_PTR pResourceData, LPDWORD pResourceSize); +__declspec(dllexport) bool TITCALL ResourcerFindResourceW(wchar_t* szFileName, wchar_t* szResourceType, DWORD ResourceType, wchar_t* szResourceName, DWORD ResourceName, DWORD ResourceLanguage, PULONG_PTR pResourceData, LPDWORD pResourceSize); +__declspec(dllexport) bool TITCALL ResourcerFindResourceEx(ULONG_PTR FileMapVA, DWORD FileSize, wchar_t* szResourceType, DWORD ResourceType, wchar_t* szResourceName, DWORD ResourceName, DWORD ResourceLanguage, PULONG_PTR pResourceData, LPDWORD pResourceSize); +__declspec(dllexport) void TITCALL ResourcerEnumerateResource(char* szFileName, void* CallBack); +__declspec(dllexport) void TITCALL ResourcerEnumerateResourceW(wchar_t* szFileName, void* CallBack); +__declspec(dllexport) void TITCALL ResourcerEnumerateResourceEx(ULONG_PTR FileMapVA, DWORD FileSize, void* CallBack); +// TitanEngine.Threader.functions: +__declspec(dllexport) bool TITCALL ThreaderImportRunningThreadData(DWORD ProcessId); +__declspec(dllexport) void* TITCALL ThreaderGetThreadInfo(HANDLE hThread, DWORD ThreadId); +__declspec(dllexport) void TITCALL ThreaderEnumThreadInfo(void* EnumCallBack); +__declspec(dllexport) bool TITCALL ThreaderPauseThread(HANDLE hThread); +__declspec(dllexport) bool TITCALL ThreaderResumeThread(HANDLE hThread); +__declspec(dllexport) bool TITCALL ThreaderTerminateThread(HANDLE hThread, DWORD ThreadExitCode); +__declspec(dllexport) bool TITCALL ThreaderPauseAllThreads(bool LeaveMainRunning); +__declspec(dllexport) bool TITCALL ThreaderResumeAllThreads(bool LeaveMainPaused); +__declspec(dllexport) bool TITCALL ThreaderPauseProcess(); +__declspec(dllexport) bool TITCALL ThreaderResumeProcess(); +__declspec(dllexport) long long TITCALL ThreaderCreateRemoteThread(ULONG_PTR ThreadStartAddress, bool AutoCloseTheHandle, LPVOID ThreadPassParameter, LPDWORD ThreadId); +__declspec(dllexport) bool TITCALL ThreaderInjectAndExecuteCode(LPVOID InjectCode, DWORD StartDelta, DWORD InjectSize); +__declspec(dllexport) long long TITCALL ThreaderCreateRemoteThreadEx(HANDLE hProcess, ULONG_PTR ThreadStartAddress, bool AutoCloseTheHandle, LPVOID ThreadPassParameter, LPDWORD ThreadId); +__declspec(dllexport) bool TITCALL ThreaderInjectAndExecuteCodeEx(HANDLE hProcess, LPVOID InjectCode, DWORD StartDelta, DWORD InjectSize); +__declspec(dllexport) void TITCALL ThreaderSetCallBackForNextExitThreadEvent(LPVOID exitThreadCallBack); +__declspec(dllexport) bool TITCALL ThreaderIsThreadStillRunning(HANDLE hThread); +__declspec(dllexport) bool TITCALL ThreaderIsThreadActive(HANDLE hThread); +__declspec(dllexport) bool TITCALL ThreaderIsAnyThreadActive(); +__declspec(dllexport) bool TITCALL ThreaderExecuteOnlyInjectedThreads(); +__declspec(dllexport) long long TITCALL ThreaderGetOpenHandleForThread(DWORD ThreadId); +__declspec(dllexport) void* TITCALL ThreaderGetThreadData(); +__declspec(dllexport) bool TITCALL ThreaderIsExceptionInMainThread(); +// TitanEngine.Debugger.functions: +__declspec(dllexport) void* TITCALL StaticDisassembleEx(ULONG_PTR DisassmStart, LPVOID DisassmAddress); +__declspec(dllexport) void* TITCALL StaticDisassemble(LPVOID DisassmAddress); +__declspec(dllexport) void* TITCALL DisassembleEx(HANDLE hProcess, LPVOID DisassmAddress, bool ReturnInstructionType); +__declspec(dllexport) void* TITCALL Disassemble(LPVOID DisassmAddress); +__declspec(dllexport) long TITCALL StaticLengthDisassemble(LPVOID DisassmAddress); +__declspec(dllexport) long TITCALL LengthDisassembleEx(HANDLE hProcess, LPVOID DisassmAddress); +__declspec(dllexport) long TITCALL LengthDisassemble(LPVOID DisassmAddress); +__declspec(dllexport) void* TITCALL InitDebug(char* szFileName, char* szCommandLine, char* szCurrentFolder); +__declspec(dllexport) void* TITCALL InitDebugW(wchar_t* szFileName, wchar_t* szCommandLine, wchar_t* szCurrentFolder); +__declspec(dllexport) void* TITCALL InitDebugEx(char* szFileName, char* szCommandLine, char* szCurrentFolder, LPVOID EntryCallBack); +__declspec(dllexport) void* TITCALL InitDebugExW(wchar_t* szFileName, wchar_t* szCommandLine, wchar_t* szCurrentFolder, LPVOID EntryCallBack); +__declspec(dllexport) void* TITCALL InitDLLDebug(char* szFileName, bool ReserveModuleBase, char* szCommandLine, char* szCurrentFolder, LPVOID EntryCallBack); +__declspec(dllexport) void* TITCALL InitDLLDebugW(wchar_t* szFileName, bool ReserveModuleBase, wchar_t* szCommandLine, wchar_t* szCurrentFolder, LPVOID EntryCallBack); +__declspec(dllexport) bool TITCALL StopDebug(); +__declspec(dllexport) void TITCALL SetBPXOptions(long DefaultBreakPointType); +__declspec(dllexport) bool TITCALL IsBPXEnabled(ULONG_PTR bpxAddress); +__declspec(dllexport) bool TITCALL EnableBPX(ULONG_PTR bpxAddress); +__declspec(dllexport) bool TITCALL DisableBPX(ULONG_PTR bpxAddress); +__declspec(dllexport) bool TITCALL SetBPX(ULONG_PTR bpxAddress, DWORD bpxType, LPVOID bpxCallBack); +__declspec(dllexport) bool TITCALL SetBPXEx(ULONG_PTR bpxAddress, DWORD bpxType, DWORD NumberOfExecution, DWORD CmpRegister, DWORD CmpCondition, ULONG_PTR CmpValue, LPVOID bpxCallBack, LPVOID bpxCompareCallBack, LPVOID bpxRemoveCallBack); +__declspec(dllexport) bool TITCALL DeleteBPX(ULONG_PTR bpxAddress); +__declspec(dllexport) bool TITCALL SafeDeleteBPX(ULONG_PTR bpxAddress); +__declspec(dllexport) bool TITCALL SetAPIBreakPoint(char* szDLLName, char* szAPIName, DWORD bpxType, DWORD bpxPlace, LPVOID bpxCallBack); +__declspec(dllexport) bool TITCALL DeleteAPIBreakPoint(char* szDLLName, char* szAPIName, DWORD bpxPlace); +__declspec(dllexport) bool TITCALL SafeDeleteAPIBreakPoint(char* szDLLName, char* szAPIName, DWORD bpxPlace); +__declspec(dllexport) bool TITCALL SetMemoryBPX(ULONG_PTR MemoryStart, DWORD SizeOfMemory, LPVOID bpxCallBack); +__declspec(dllexport) bool TITCALL SetMemoryBPXEx(ULONG_PTR MemoryStart, DWORD SizeOfMemory, DWORD BreakPointType, bool RestoreOnHit, LPVOID bpxCallBack); +__declspec(dllexport) bool TITCALL RemoveMemoryBPX(ULONG_PTR MemoryStart, DWORD SizeOfMemory); +__declspec(dllexport) bool TITCALL GetContextFPUDataEx(HANDLE hActiveThread, void* FPUSaveArea); +__declspec(dllexport) long long TITCALL GetContextDataEx(HANDLE hActiveThread, DWORD IndexOfRegister); +__declspec(dllexport) long long TITCALL GetContextData(DWORD IndexOfRegister); +__declspec(dllexport) bool TITCALL SetContextFPUDataEx(HANDLE hActiveThread, void* FPUSaveArea); +__declspec(dllexport) bool TITCALL SetContextDataEx(HANDLE hActiveThread, DWORD IndexOfRegister, ULONG_PTR NewRegisterValue); +__declspec(dllexport) bool TITCALL SetContextData(DWORD IndexOfRegister, ULONG_PTR NewRegisterValue); +__declspec(dllexport) void TITCALL ClearExceptionNumber(); +__declspec(dllexport) long TITCALL CurrentExceptionNumber(); +__declspec(dllexport) bool TITCALL MatchPatternEx(HANDLE hProcess, void* MemoryToCheck, int SizeOfMemoryToCheck, void* PatternToMatch, int SizeOfPatternToMatch, PBYTE WildCard); +__declspec(dllexport) bool TITCALL MatchPattern(void* MemoryToCheck, int SizeOfMemoryToCheck, void* PatternToMatch, int SizeOfPatternToMatch, PBYTE WildCard); +__declspec(dllexport) long long TITCALL FindEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, LPBYTE WildCard); +extern "C" __declspec(dllexport) long long TITCALL Find(LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, LPBYTE WildCard); +__declspec(dllexport) bool TITCALL FillEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, PBYTE FillByte); +__declspec(dllexport) bool TITCALL Fill(LPVOID MemoryStart, DWORD MemorySize, PBYTE FillByte); +__declspec(dllexport) bool TITCALL PatchEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, LPVOID ReplacePattern, DWORD ReplaceSize, bool AppendNOP, bool PrependNOP); +__declspec(dllexport) bool TITCALL Patch(LPVOID MemoryStart, DWORD MemorySize, LPVOID ReplacePattern, DWORD ReplaceSize, bool AppendNOP, bool PrependNOP); +__declspec(dllexport) bool TITCALL ReplaceEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, DWORD NumberOfRepetitions, LPVOID ReplacePattern, DWORD ReplaceSize, PBYTE WildCard); +__declspec(dllexport) bool TITCALL Replace(LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, DWORD NumberOfRepetitions, LPVOID ReplacePattern, DWORD ReplaceSize, PBYTE WildCard); +__declspec(dllexport) void* TITCALL GetDebugData(); +__declspec(dllexport) void* TITCALL GetTerminationData(); +__declspec(dllexport) long TITCALL GetExitCode(); +__declspec(dllexport) long long TITCALL GetDebuggedDLLBaseAddress(); +__declspec(dllexport) unsigned long long TITCALL GetDebuggedFileBaseAddress(); +__declspec(dllexport) bool TITCALL GetRemoteString(HANDLE hProcess, LPVOID StringAddress, LPVOID StringStorage, int MaximumStringSize); +__declspec(dllexport) long long TITCALL GetFunctionParameter(HANDLE hProcess, DWORD FunctionType, DWORD ParameterNumber, DWORD ParameterType); +__declspec(dllexport) long long TITCALL GetJumpDestinationEx(HANDLE hProcess, ULONG_PTR InstructionAddress, bool JustJumps); +__declspec(dllexport) long long TITCALL GetJumpDestination(HANDLE hProcess, ULONG_PTR InstructionAddress); +__declspec(dllexport) bool TITCALL IsJumpGoingToExecuteEx(HANDLE hProcess, HANDLE hThread, ULONG_PTR InstructionAddress, ULONG_PTR RegFlags); +__declspec(dllexport) bool TITCALL IsJumpGoingToExecute(); +__declspec(dllexport) void TITCALL SetCustomHandler(DWORD ExceptionId, LPVOID CallBack); +__declspec(dllexport) void TITCALL ForceClose(); +__declspec(dllexport) void TITCALL StepInto(LPVOID traceCallBack); +__declspec(dllexport) void TITCALL StepOver(LPVOID traceCallBack); +__declspec(dllexport) void TITCALL SingleStep(DWORD StepCount, LPVOID StepCallBack); +__declspec(dllexport) bool TITCALL GetUnusedHardwareBreakPointRegister(LPDWORD RegisterIndex); +__declspec(dllexport) bool TITCALL SetHardwareBreakPointEx(HANDLE hActiveThread, ULONG_PTR bpxAddress, DWORD IndexOfRegister, DWORD bpxType, DWORD bpxSize, LPVOID bpxCallBack, LPDWORD IndexOfSelectedRegister); +__declspec(dllexport) bool TITCALL SetHardwareBreakPoint(ULONG_PTR bpxAddress, DWORD IndexOfRegister, DWORD bpxType, DWORD bpxSize, LPVOID bpxCallBack); +__declspec(dllexport) bool TITCALL DeleteHardwareBreakPoint(DWORD IndexOfRegister); +__declspec(dllexport) bool TITCALL RemoveAllBreakPoints(DWORD RemoveOption); +__declspec(dllexport) void* TITCALL GetProcessInformation(); +__declspec(dllexport) void* TITCALL GetStartupInformation(); +__declspec(dllexport) void TITCALL DebugLoop(); +__declspec(dllexport) void TITCALL SetDebugLoopTimeOut(DWORD TimeOut); +__declspec(dllexport) void TITCALL SetNextDbgContinueStatus(DWORD SetDbgCode); +__declspec(dllexport) bool TITCALL AttachDebugger(DWORD ProcessId, bool KillOnExit, LPVOID DebugInfo, LPVOID CallBack); +__declspec(dllexport) bool TITCALL DetachDebugger(DWORD ProcessId); +__declspec(dllexport) bool TITCALL DetachDebuggerEx(DWORD ProcessId); +__declspec(dllexport) void TITCALL DebugLoopEx(DWORD TimeOut); +__declspec(dllexport) void TITCALL AutoDebugEx(char* szFileName, bool ReserveModuleBase, char* szCommandLine, char* szCurrentFolder, DWORD TimeOut, LPVOID EntryCallBack); +__declspec(dllexport) void TITCALL AutoDebugExW(wchar_t* szFileName, bool ReserveModuleBase, wchar_t* szCommandLine, wchar_t* szCurrentFolder, DWORD TimeOut, LPVOID EntryCallBack); +__declspec(dllexport) bool TITCALL IsFileBeingDebugged(); +__declspec(dllexport) void TITCALL SetErrorModel(bool DisplayErrorMessages); +// TitanEngine.FindOEP.functions: +__declspec(dllexport) void TITCALL FindOEPInit(); +__declspec(dllexport) bool TITCALL FindOEPGenerically(char* szFileName, LPVOID TraceInitCallBack, LPVOID CallBack); +__declspec(dllexport) bool TITCALL FindOEPGenericallyW(wchar_t* szFileName, LPVOID TraceInitCallBack, LPVOID CallBack); +// TitanEngine.Importer.functions: +__declspec(dllexport) void TITCALL ImporterCleanup(); +__declspec(dllexport) void TITCALL ImporterSetImageBase(ULONG_PTR ImageBase); +__declspec(dllexport) void TITCALL ImporterSetUnknownDelta(ULONG_PTR DeltaAddress); +__declspec(dllexport) long long TITCALL ImporterGetCurrentDelta(); +__declspec(dllexport) void TITCALL ImporterInit(DWORD MemorySize, ULONG_PTR ImageBase); +__declspec(dllexport) void TITCALL ImporterAddNewDll(char* szDLLName, ULONG_PTR FirstThunk); +__declspec(dllexport) void TITCALL ImporterAddNewAPI(char* szAPIName, ULONG_PTR ThunkValue); +__declspec(dllexport) void TITCALL ImporterAddNewOrdinalAPI(ULONG_PTR OrdinalNumber, ULONG_PTR ThunkValue); +__declspec(dllexport) long TITCALL ImporterGetAddedDllCount(); +__declspec(dllexport) long TITCALL ImporterGetAddedAPICount(); +__declspec(dllexport) void* TITCALL ImporterGetLastAddedDLLName(); +__declspec(dllexport) void TITCALL ImporterMoveIAT(); +__declspec(dllexport) bool TITCALL ImporterExportIAT(ULONG_PTR StorePlace, ULONG_PTR FileMapVA); +__declspec(dllexport) long TITCALL ImporterEstimatedSize(); +__declspec(dllexport) bool TITCALL ImporterExportIATEx(char* szExportFileName, char* szSectionName); +__declspec(dllexport) bool TITCALL ImporterExportIATExW(wchar_t* szExportFileName, char* szSectionName); +__declspec(dllexport) long long TITCALL ImporterFindAPIWriteLocation(char* szAPIName); +__declspec(dllexport) long long TITCALL ImporterFindOrdinalAPIWriteLocation(ULONG_PTR OrdinalNumber); +__declspec(dllexport) long long TITCALL ImporterFindAPIByWriteLocation(ULONG_PTR APIWriteLocation); +__declspec(dllexport) long long TITCALL ImporterFindDLLByWriteLocation(ULONG_PTR APIWriteLocation); +__declspec(dllexport) void* TITCALL ImporterGetDLLName(ULONG_PTR APIAddress); +__declspec(dllexport) void* TITCALL ImporterGetAPIName(ULONG_PTR APIAddress); +__declspec(dllexport) long long TITCALL ImporterGetAPIOrdinalNumber(ULONG_PTR APIAddress); +__declspec(dllexport) void* TITCALL ImporterGetAPINameEx(ULONG_PTR APIAddress, ULONG_PTR DLLBasesList); +__declspec(dllexport) long long TITCALL ImporterGetRemoteAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress); +__declspec(dllexport) long long TITCALL ImporterGetRemoteAPIAddressEx(char* szDLLName, char* szAPIName); +__declspec(dllexport) long long TITCALL ImporterGetLocalAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress); +__declspec(dllexport) void* TITCALL ImporterGetDLLNameFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress); +__declspec(dllexport) void* TITCALL ImporterGetAPINameFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress); +__declspec(dllexport) long long TITCALL ImporterGetAPIOrdinalNumberFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress); +__declspec(dllexport) long TITCALL ImporterGetDLLIndexEx(ULONG_PTR APIAddress, ULONG_PTR DLLBasesList); +__declspec(dllexport) long TITCALL ImporterGetDLLIndex(HANDLE hProcess, ULONG_PTR APIAddress, ULONG_PTR DLLBasesList); +__declspec(dllexport) long long TITCALL ImporterGetRemoteDLLBase(HANDLE hProcess, HMODULE LocalModuleBase); +__declspec(dllexport) long long TITCALL ImporterGetRemoteDLLBaseEx(HANDLE hProcess, char* szModuleName); +__declspec(dllexport) bool TITCALL ImporterRelocateWriteLocation(ULONG_PTR AddValue); +__declspec(dllexport) bool TITCALL ImporterIsForwardedAPI(HANDLE hProcess, ULONG_PTR APIAddress); +__declspec(dllexport) void* TITCALL ImporterGetForwardedAPIName(HANDLE hProcess, ULONG_PTR APIAddress); +__declspec(dllexport) void* TITCALL ImporterGetForwardedDLLName(HANDLE hProcess, ULONG_PTR APIAddress); +__declspec(dllexport) long TITCALL ImporterGetForwardedDLLIndex(HANDLE hProcess, ULONG_PTR APIAddress, ULONG_PTR DLLBasesList); +__declspec(dllexport) long long TITCALL ImporterGetForwardedAPIOrdinalNumber(HANDLE hProcess, ULONG_PTR APIAddress); +__declspec(dllexport) long long TITCALL ImporterGetNearestAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress); +__declspec(dllexport) void* TITCALL ImporterGetNearestAPIName(HANDLE hProcess, ULONG_PTR APIAddress); +__declspec(dllexport) bool TITCALL ImporterCopyOriginalIAT(char* szOriginalFile, char* szDumpFile); +__declspec(dllexport) bool TITCALL ImporterCopyOriginalIATW(wchar_t* szOriginalFile, wchar_t* szDumpFile); +__declspec(dllexport) bool TITCALL ImporterLoadImportTable(char* szFileName); +__declspec(dllexport) bool TITCALL ImporterLoadImportTableW(wchar_t* szFileName); +__declspec(dllexport) bool TITCALL ImporterMoveOriginalIAT(char* szOriginalFile, char* szDumpFile, char* szSectionName); +__declspec(dllexport) bool TITCALL ImporterMoveOriginalIATW(wchar_t* szOriginalFile, wchar_t* szDumpFile, char* szSectionName); +__declspec(dllexport) void TITCALL ImporterAutoSearchIAT(HANDLE hProcess, char* szFileName, ULONG_PTR ImageBase, ULONG_PTR SearchStart, DWORD SearchSize, LPVOID pIATStart, LPVOID pIATSize); +__declspec(dllexport) void TITCALL ImporterAutoSearchIATW(HANDLE hProcess, wchar_t* szFileName, ULONG_PTR ImageBase, ULONG_PTR SearchStart, DWORD SearchSize, LPVOID pIATStart, LPVOID pIATSize); +__declspec(dllexport) void TITCALL ImporterAutoSearchIATEx(HANDLE hProcess, ULONG_PTR ImageBase, ULONG_PTR SearchStart, DWORD SearchSize, LPVOID pIATStart, LPVOID pIATSize); +__declspec(dllexport) void TITCALL ImporterEnumAddedData(LPVOID EnumCallBack); +__declspec(dllexport) long TITCALL ImporterAutoFixIATEx(HANDLE hProcess, char* szDumpedFile, char* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, DWORD SearchSize, DWORD SearchStep, bool TryAutoFix, bool FixEliminations, LPVOID UnknownPointerFixCallback); +__declspec(dllexport) long TITCALL ImporterAutoFixIATExW(HANDLE hProcess, wchar_t* szDumpedFile, char* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, DWORD SearchSize, DWORD SearchStep, bool TryAutoFix, bool FixEliminations, LPVOID UnknownPointerFixCallback); +__declspec(dllexport) long TITCALL ImporterAutoFixIAT(HANDLE hProcess, char* szDumpedFile, ULONG_PTR ImageBase, ULONG_PTR SearchStart, DWORD SearchSize, DWORD SearchStep); +__declspec(dllexport) long TITCALL ImporterAutoFixIATW(HANDLE hProcess, wchar_t* szDumpedFile, ULONG_PTR ImageBase, ULONG_PTR SearchStart, DWORD SearchSize, DWORD SearchStep); +// Global.Engine.Hook.functions: +__declspec(dllexport) bool TITCALL HooksSafeTransitionEx(LPVOID HookAddressArray, int NumberOfHooks, bool TransitionStart); +__declspec(dllexport) bool TITCALL HooksSafeTransition(LPVOID HookAddress, bool TransitionStart); +__declspec(dllexport) bool TITCALL HooksIsAddressRedirected(LPVOID HookAddress); +__declspec(dllexport) void* TITCALL HooksGetTrampolineAddress(LPVOID HookAddress); +__declspec(dllexport) void* TITCALL HooksGetHookEntryDetails(LPVOID HookAddress); +__declspec(dllexport) bool TITCALL HooksInsertNewRedirection(LPVOID HookAddress, LPVOID RedirectTo, int HookType); +__declspec(dllexport) bool TITCALL HooksInsertNewIATRedirectionEx(ULONG_PTR FileMapVA, ULONG_PTR LoadedModuleBase, char* szHookFunction, LPVOID RedirectTo); +__declspec(dllexport) bool TITCALL HooksInsertNewIATRedirection(char* szModuleName, char* szHookFunction, LPVOID RedirectTo); +__declspec(dllexport) bool TITCALL HooksRemoveRedirection(LPVOID HookAddress, bool RemoveAll); +__declspec(dllexport) bool TITCALL HooksRemoveRedirectionsForModule(HMODULE ModuleBase); +__declspec(dllexport) bool TITCALL HooksRemoveIATRedirection(char* szModuleName, char* szHookFunction, bool RemoveAll); +__declspec(dllexport) bool TITCALL HooksDisableRedirection(LPVOID HookAddress, bool DisableAll); +__declspec(dllexport) bool TITCALL HooksDisableRedirectionsForModule(HMODULE ModuleBase); +__declspec(dllexport) bool TITCALL HooksDisableIATRedirection(char* szModuleName, char* szHookFunction, bool DisableAll); +__declspec(dllexport) bool TITCALL HooksEnableRedirection(LPVOID HookAddress, bool EnableAll); +__declspec(dllexport) bool TITCALL HooksEnableRedirectionsForModule(HMODULE ModuleBase); +__declspec(dllexport) bool TITCALL HooksEnableIATRedirection(char* szModuleName, char* szHookFunction, bool EnableAll); +__declspec(dllexport) void TITCALL HooksScanModuleMemory(HMODULE ModuleBase, LPVOID CallBack); +__declspec(dllexport) void TITCALL HooksScanEntireProcessMemory(LPVOID CallBack); +__declspec(dllexport) void TITCALL HooksScanEntireProcessMemoryEx(); +// TitanEngine.Tracer.functions: +__declspec(dllexport) void TITCALL TracerInit(); +__declspec(dllexport) long long TITCALL TracerLevel1(HANDLE hProcess, ULONG_PTR AddressToTrace); +__declspec(dllexport) long long TITCALL HashTracerLevel1(HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD InputNumberOfInstructions); +__declspec(dllexport) long TITCALL TracerDetectRedirection(HANDLE hProcess, ULONG_PTR AddressToTrace); +__declspec(dllexport) long long TITCALL TracerFixKnownRedirection(HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD RedirectionId); +__declspec(dllexport) long long TITCALL TracerFixRedirectionViaModule(HMODULE hModuleHandle, HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD IdParameter); +__declspec(dllexport) long TITCALL TracerFixRedirectionViaImpRecPlugin(HANDLE hProcess, char* szPluginName, ULONG_PTR AddressToTrace); +// TitanEngine.Exporter.functions: +__declspec(dllexport) void TITCALL ExporterCleanup(); +__declspec(dllexport) void TITCALL ExporterSetImageBase(ULONG_PTR ImageBase); +__declspec(dllexport) void TITCALL ExporterInit(DWORD MemorySize, ULONG_PTR ImageBase, DWORD ExportOrdinalBase, char* szExportModuleName); +__declspec(dllexport) bool TITCALL ExporterAddNewExport(char* szExportName, DWORD ExportRelativeAddress); +__declspec(dllexport) bool TITCALL ExporterAddNewOrdinalExport(DWORD OrdinalNumber, DWORD ExportRelativeAddress); +__declspec(dllexport) long TITCALL ExporterGetAddedExportCount(); +__declspec(dllexport) long TITCALL ExporterEstimatedSize(); +__declspec(dllexport) bool TITCALL ExporterBuildExportTable(ULONG_PTR StorePlace, ULONG_PTR FileMapVA); +__declspec(dllexport) bool TITCALL ExporterBuildExportTableEx(char* szExportFileName, char* szSectionName); +__declspec(dllexport) bool TITCALL ExporterBuildExportTableExW(wchar_t* szExportFileName, char* szSectionName); +__declspec(dllexport) bool TITCALL ExporterLoadExportTable(char* szFileName); +__declspec(dllexport) bool TITCALL ExporterLoadExportTableW(wchar_t* szFileName); +// TitanEngine.Librarian.functions: +__declspec(dllexport) bool TITCALL LibrarianSetBreakPoint(char* szLibraryName, DWORD bpxType, bool SingleShoot, LPVOID bpxCallBack); +__declspec(dllexport) bool TITCALL LibrarianRemoveBreakPoint(char* szLibraryName, DWORD bpxType); +__declspec(dllexport) void* TITCALL LibrarianGetLibraryInfo(char* szLibraryName); +__declspec(dllexport) void* TITCALL LibrarianGetLibraryInfoW(wchar_t* szLibraryName); +__declspec(dllexport) void* TITCALL LibrarianGetLibraryInfoEx(void* BaseOfDll); +__declspec(dllexport) void* TITCALL LibrarianGetLibraryInfoExW(void* BaseOfDll); +__declspec(dllexport) void TITCALL LibrarianEnumLibraryInfo(void* EnumCallBack); +__declspec(dllexport) void TITCALL LibrarianEnumLibraryInfoW(void* EnumCallBack); +// TitanEngine.Process.functions: +__declspec(dllexport) long TITCALL GetActiveProcessId(char* szImageName); +__declspec(dllexport) long TITCALL GetActiveProcessIdW(wchar_t* szImageName); +__declspec(dllexport) void TITCALL EnumProcessesWithLibrary(char* szLibraryName, void* EnumFunction); +// TitanEngine.TLSFixer.functions: +__declspec(dllexport) bool TITCALL TLSBreakOnCallBack(LPVOID ArrayOfCallBacks, DWORD NumberOfCallBacks, LPVOID bpxCallBack); +__declspec(dllexport) bool TITCALL TLSGrabCallBackData(char* szFileName, LPVOID ArrayOfCallBacks, LPDWORD NumberOfCallBacks); +__declspec(dllexport) bool TITCALL TLSGrabCallBackDataW(wchar_t* szFileName, LPVOID ArrayOfCallBacks, LPDWORD NumberOfCallBacks); +__declspec(dllexport) bool TITCALL TLSBreakOnCallBackEx(char* szFileName, LPVOID bpxCallBack); +__declspec(dllexport) bool TITCALL TLSBreakOnCallBackExW(wchar_t* szFileName, LPVOID bpxCallBack); +__declspec(dllexport) bool TITCALL TLSRemoveCallback(char* szFileName); +__declspec(dllexport) bool TITCALL TLSRemoveCallbackW(wchar_t* szFileName); +__declspec(dllexport) bool TITCALL TLSRemoveTable(char* szFileName); +__declspec(dllexport) bool TITCALL TLSRemoveTableW(wchar_t* szFileName); +__declspec(dllexport) bool TITCALL TLSBackupData(char* szFileName); +__declspec(dllexport) bool TITCALL TLSBackupDataW(wchar_t* szFileName); +__declspec(dllexport) bool TITCALL TLSRestoreData(); +__declspec(dllexport) bool TITCALL TLSBuildNewTable(ULONG_PTR FileMapVA, ULONG_PTR StorePlace, ULONG_PTR StorePlaceRVA, LPVOID ArrayOfCallBacks, DWORD NumberOfCallBacks); +__declspec(dllexport) bool TITCALL TLSBuildNewTableEx(char* szFileName, char* szSectionName, LPVOID ArrayOfCallBacks, DWORD NumberOfCallBacks); +__declspec(dllexport) bool TITCALL TLSBuildNewTableExW(wchar_t* szFileName, char* szSectionName, LPVOID ArrayOfCallBacks, DWORD NumberOfCallBacks); +// TitanEngine.TranslateName.functions: +__declspec(dllexport) void* TITCALL TranslateNativeName(char* szNativeName); +__declspec(dllexport) void* TITCALL TranslateNativeNameW(wchar_t* szNativeName); +// TitanEngine.Handler.functions: +__declspec(dllexport) long TITCALL HandlerGetActiveHandleCount(DWORD ProcessId); +__declspec(dllexport) bool TITCALL HandlerIsHandleOpen(DWORD ProcessId, HANDLE hHandle); +__declspec(dllexport) void* TITCALL HandlerGetHandleName(HANDLE hProcess, DWORD ProcessId, HANDLE hHandle, bool TranslateName); +__declspec(dllexport) void* TITCALL HandlerGetHandleNameW(HANDLE hProcess, DWORD ProcessId, HANDLE hHandle, bool TranslateName); +__declspec(dllexport) long TITCALL HandlerEnumerateOpenHandles(DWORD ProcessId, LPVOID HandleBuffer, DWORD MaxHandleCount); +__declspec(dllexport) long long TITCALL HandlerGetHandleDetails(HANDLE hProcess, DWORD ProcessId, HANDLE hHandle, DWORD InformationReturn); +__declspec(dllexport) bool TITCALL HandlerCloseRemoteHandle(HANDLE hProcess, HANDLE hHandle); +__declspec(dllexport) long TITCALL HandlerEnumerateLockHandles(char* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated, LPVOID HandleDataBuffer, DWORD MaxHandleCount); +__declspec(dllexport) long TITCALL HandlerEnumerateLockHandlesW(wchar_t* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated, LPVOID HandleDataBuffer, DWORD MaxHandleCount); +__declspec(dllexport) bool TITCALL HandlerCloseAllLockHandles(char* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated); +__declspec(dllexport) bool TITCALL HandlerCloseAllLockHandlesW(wchar_t* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated); +__declspec(dllexport) bool TITCALL HandlerIsFileLocked(char* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated); +__declspec(dllexport) bool TITCALL HandlerIsFileLockedW(wchar_t* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated); +// TitanEngine.Handler[Mutex].functions: +__declspec(dllexport) long TITCALL HandlerEnumerateOpenMutexes(HANDLE hProcess, DWORD ProcessId, LPVOID HandleBuffer, DWORD MaxHandleCount); +__declspec(dllexport) long long TITCALL HandlerGetOpenMutexHandle(HANDLE hProcess, DWORD ProcessId, char* szMutexString); +__declspec(dllexport) long long TITCALL HandlerGetOpenMutexHandleW(HANDLE hProcess, DWORD ProcessId, wchar_t* szMutexString); +__declspec(dllexport) long TITCALL HandlerGetProcessIdWhichCreatedMutex(char* szMutexString); +__declspec(dllexport) long TITCALL HandlerGetProcessIdWhichCreatedMutexW(wchar_t* szMutexString); +// TitanEngine.Injector.functions: +__declspec(dllexport) bool TITCALL RemoteLoadLibrary(HANDLE hProcess, char* szLibraryFile, bool WaitForThreadExit); +__declspec(dllexport) bool TITCALL RemoteLoadLibraryW(HANDLE hProcess, wchar_t* szLibraryFile, bool WaitForThreadExit); +__declspec(dllexport) bool TITCALL RemoteFreeLibrary(HANDLE hProcess, HMODULE hModule, char* szLibraryFile, bool WaitForThreadExit); +__declspec(dllexport) bool TITCALL RemoteFreeLibraryW(HANDLE hProcess, HMODULE hModule, wchar_t* szLibraryFile, bool WaitForThreadExit); +__declspec(dllexport) bool TITCALL RemoteExitProcess(HANDLE hProcess, DWORD ExitCode); +// TitanEngine.StaticUnpacker.functions: +__declspec(dllexport) bool TITCALL StaticFileLoad(char* szFileName, DWORD DesiredAccess, bool SimulateLoad, LPHANDLE FileHandle, LPDWORD LoadedSize, LPHANDLE FileMap, PULONG_PTR FileMapVA); +__declspec(dllexport) bool TITCALL StaticFileLoadW(wchar_t* szFileName, DWORD DesiredAccess, bool SimulateLoad, LPHANDLE FileHandle, LPDWORD LoadedSize, LPHANDLE FileMap, PULONG_PTR FileMapVA); +__declspec(dllexport) bool TITCALL StaticFileUnload(char* szFileName, bool CommitChanges, HANDLE FileHandle, DWORD LoadedSize, HANDLE FileMap, ULONG_PTR FileMapVA); +__declspec(dllexport) bool TITCALL StaticFileUnloadW(wchar_t* szFileName, bool CommitChanges, HANDLE FileHandle, DWORD LoadedSize, HANDLE FileMap, ULONG_PTR FileMapVA); +__declspec(dllexport) bool TITCALL StaticFileOpen(char* szFileName, DWORD DesiredAccess, LPHANDLE FileHandle, LPDWORD FileSizeLow, LPDWORD FileSizeHigh); +__declspec(dllexport) bool TITCALL StaticFileOpenW(wchar_t* szFileName, DWORD DesiredAccess, LPHANDLE FileHandle, LPDWORD FileSizeLow, LPDWORD FileSizeHigh); +__declspec(dllexport) bool TITCALL StaticFileGetContent(HANDLE FileHandle, DWORD FilePositionLow, LPDWORD FilePositionHigh, void* Buffer, DWORD Size); +__declspec(dllexport) void TITCALL StaticFileClose(HANDLE FileHandle); +__declspec(dllexport) void TITCALL StaticMemoryDecrypt(LPVOID MemoryStart, DWORD MemorySize, DWORD DecryptionType, DWORD DecryptionKeySize, ULONG_PTR DecryptionKey); +__declspec(dllexport) void TITCALL StaticMemoryDecryptEx(LPVOID MemoryStart, DWORD MemorySize, DWORD DecryptionKeySize, void* DecryptionCallBack); +__declspec(dllexport) void TITCALL StaticMemoryDecryptSpecial(LPVOID MemoryStart, DWORD MemorySize, DWORD DecryptionKeySize, DWORD SpecDecryptionType, void* DecryptionCallBack); +__declspec(dllexport) void TITCALL StaticSectionDecrypt(ULONG_PTR FileMapVA, DWORD SectionNumber, bool SimulateLoad, DWORD DecryptionType, DWORD DecryptionKeySize, ULONG_PTR DecryptionKey); +__declspec(dllexport) bool TITCALL StaticMemoryDecompress(void* Source, DWORD SourceSize, void* Destination, DWORD DestinationSize, int Algorithm); +__declspec(dllexport) bool TITCALL StaticRawMemoryCopy(HANDLE hFile, ULONG_PTR FileMapVA, ULONG_PTR VitualAddressToCopy, DWORD Size, bool AddressIsRVA, char* szDumpFileName); +__declspec(dllexport) bool TITCALL StaticRawMemoryCopyW(HANDLE hFile, ULONG_PTR FileMapVA, ULONG_PTR VitualAddressToCopy, DWORD Size, bool AddressIsRVA, wchar_t* szDumpFileName); +__declspec(dllexport) bool TITCALL StaticRawMemoryCopyEx(HANDLE hFile, DWORD RawAddressToCopy, DWORD Size, char* szDumpFileName); +__declspec(dllexport) bool TITCALL StaticRawMemoryCopyExW(HANDLE hFile, DWORD RawAddressToCopy, DWORD Size, wchar_t* szDumpFileName); +__declspec(dllexport) bool TITCALL StaticRawMemoryCopyEx64(HANDLE hFile, DWORD64 RawAddressToCopy, DWORD64 Size, char* szDumpFileName); +__declspec(dllexport) bool TITCALL StaticRawMemoryCopyEx64W(HANDLE hFile, DWORD64 RawAddressToCopy, DWORD64 Size, wchar_t* szDumpFileName); +__declspec(dllexport) bool TITCALL StaticHashMemory(void* MemoryToHash, DWORD SizeOfMemory, void* HashDigest, bool OutputString, int Algorithm); +__declspec(dllexport) bool TITCALL StaticHashFileW(wchar_t* szFileName, char* HashDigest, bool OutputString, int Algorithm); +__declspec(dllexport) bool TITCALL StaticHashFile(char* szFileName, char* HashDigest, bool OutputString, int Algorithm); +// TitanEngine.Engine.functions: +__declspec(dllexport) void TITCALL EngineUnpackerInitialize(char* szFileName, char* szUnpackedFileName, bool DoLogData, bool DoRealignFile, bool DoMoveOverlay, void* EntryCallBack); +__declspec(dllexport) void TITCALL EngineUnpackerInitializeW(wchar_t* szFileName, wchar_t* szUnpackedFileName, bool DoLogData, bool DoRealignFile, bool DoMoveOverlay, void* EntryCallBack); +__declspec(dllexport) bool TITCALL EngineUnpackerSetBreakCondition(void* SearchStart, DWORD SearchSize, void* SearchPattern, DWORD PatternSize, DWORD PatternDelta, ULONG_PTR BreakType, bool SingleBreak, DWORD Parameter1, DWORD Parameter2); +__declspec(dllexport) void TITCALL EngineUnpackerSetEntryPointAddress(ULONG_PTR UnpackedEntryPointAddress); +__declspec(dllexport) void TITCALL EngineUnpackerFinalizeUnpacking(); +// TitanEngine.Engine.functions: +__declspec(dllexport) void TITCALL SetEngineVariable(DWORD VariableId, bool VariableSet); +__declspec(dllexport) bool TITCALL EngineCreateMissingDependencies(char* szFileName, char* szOutputFolder, bool LogCreatedFiles); +__declspec(dllexport) bool TITCALL EngineCreateMissingDependenciesW(wchar_t* szFileName, wchar_t* szOutputFolder, bool LogCreatedFiles); +__declspec(dllexport) bool TITCALL EngineFakeMissingDependencies(HANDLE hProcess); +__declspec(dllexport) bool TITCALL EngineDeleteCreatedDependencies(); +__declspec(dllexport) bool TITCALL EngineCreateUnpackerWindow(char* WindowUnpackerTitle, char* WindowUnpackerLongTitle, char* WindowUnpackerName, char* WindowUnpackerAuthor, void* StartUnpackingCallBack); +__declspec(dllexport) void TITCALL EngineAddUnpackerWindowLogMessage(char* szLogMessage); +// Global.Engine.Extension.Functions: +__declspec(dllexport) bool TITCALL ExtensionManagerIsPluginLoaded(char* szPluginName); +__declspec(dllexport) bool TITCALL ExtensionManagerIsPluginEnabled(char* szPluginName); +__declspec(dllexport) bool TITCALL ExtensionManagerDisableAllPlugins(); +__declspec(dllexport) bool TITCALL ExtensionManagerDisablePlugin(char* szPluginName); +__declspec(dllexport) bool TITCALL ExtensionManagerEnableAllPlugins(); +__declspec(dllexport) bool TITCALL ExtensionManagerEnablePlugin(char* szPluginName); +__declspec(dllexport) bool TITCALL ExtensionManagerUnloadAllPlugins(); +__declspec(dllexport) bool TITCALL ExtensionManagerUnloadPlugin(char* szPluginName); +__declspec(dllexport) void* TITCALL ExtensionManagerGetPluginInfo(char* szPluginName); + +#ifdef __cplusplus +} +#endif + +#pragma pack(pop) + +#endif /*TITANENGINE*/ diff --git a/SDK/CPP/TitanEngine.hpp b/SDK/CPP/TitanEngine.hpp new file mode 100644 index 0000000..5f3e4d6 --- /dev/null +++ b/SDK/CPP/TitanEngine.hpp @@ -0,0 +1,2815 @@ +#ifndef TITANENGINE_CPP +#define TITANENGINE_CPP + +#if _MSC_VER > 1000 + #pragma once +#endif + +namespace TE +{ + +#include + +namespace UE +{ + #ifdef TITANENGINE + #undef TITANENGINE + #endif + + #include "TitanEngine.h" +} + +// ---- + +enum eHideLevel : DWORD +{ + UE_HIDE_PEBONLY = UE::UE_HIDE_PEBONLY, + UE_HIDE_BASIC = UE::UE_HIDE_BASIC +}; + +enum ePluginCallReason : int +{ + UE_PLUGIN_CALL_REASON_PREDEBUG = UE::UE_PLUGIN_CALL_REASON_PREDEBUG, + UE_PLUGIN_CALL_REASON_EXCEPTION = UE::UE_PLUGIN_CALL_REASON_EXCEPTION, + UE_PLUGIN_CALL_REASON_POSTDEBUG = UE::UE_PLUGIN_CALL_REASON_POSTDEBUG +}; + +enum eHookType : int +{ + TEE_HOOK_NRM_JUMP = UE::TEE_HOOK_NRM_JUMP, + TEE_HOOK_NRM_CALL = UE::TEE_HOOK_NRM_CALL, + TEE_HOOK_IAT = UE::TEE_HOOK_IAT +}; + +enum eEngineVariable : DWORD +{ + UE_ENGINE_ALOW_MODULE_LOADING = UE::UE_ENGINE_ALOW_MODULE_LOADING, + UE_ENGINE_AUTOFIX_FORWARDERS = UE::UE_ENGINE_AUTOFIX_FORWARDERS, + UE_ENGINE_PASS_ALL_EXCEPTIONS = UE::UE_ENGINE_PASS_ALL_EXCEPTIONS, + UE_ENGINE_NO_CONSOLE_WINDOW = UE::UE_ENGINE_NO_CONSOLE_WINDOW, + UE_ENGINE_BACKUP_FOR_CRITICAL_FUNCTIONS = UE::UE_ENGINE_BACKUP_FOR_CRITICAL_FUNCTIONS, + UE_ENGINE_CALL_PLUGIN_CALLBACK = UE::UE_ENGINE_CALL_PLUGIN_CALLBACK, + UE_ENGINE_RESET_CUSTOM_HANDLER = UE::UE_ENGINE_RESET_CUSTOM_HANDLER, + UE_ENGINE_CALL_PLUGIN_DEBUG_CALLBACK = UE::UE_ENGINE_CALL_PLUGIN_DEBUG_CALLBACK +}; + +enum eBPRemoveOption : DWORD +{ + UE_OPTION_REMOVEALL = UE::UE_OPTION_REMOVEALL, + UE_OPTION_DISABLEALL = UE::UE_OPTION_DISABLEALL, + UE_OPTION_REMOVEALLDISABLED = UE::UE_OPTION_REMOVEALLDISABLED, + UE_OPTION_REMOVEALLENABLED = UE::UE_OPTION_REMOVEALLENABLED +}; + +enum eAccess : DWORD +{ + UE_ACCESS_READ = UE::UE_ACCESS_READ, + UE_ACCESS_WRITE = UE::UE_ACCESS_WRITE, + UE_ACCESS_ALL = UE::UE_ACCESS_ALL +}; + +enum eDecryptionType : DWORD +{ + UE_STATIC_DECRYPTOR_XOR = UE::UE_STATIC_DECRYPTOR_XOR, + UE_STATIC_DECRYPTOR_SUB = UE::UE_STATIC_DECRYPTOR_SUB, + UE_STATIC_DECRYPTOR_ADD = UE::UE_STATIC_DECRYPTOR_ADD +}; + +enum eDecryptionDirection : DWORD +{ + UE_STATIC_DECRYPTOR_FOREWARD = UE::UE_STATIC_DECRYPTOR_FOREWARD, + UE_STATIC_DECRYPTOR_BACKWARD = UE::UE_STATIC_DECRYPTOR_BACKWARD +}; + +enum eDecryptionKeySize : DWORD +{ + UE_STATIC_KEY_SIZE_1 = UE::UE_STATIC_KEY_SIZE_1, + UE_STATIC_KEY_SIZE_2 = UE::UE_STATIC_KEY_SIZE_2, + UE_STATIC_KEY_SIZE_4 = UE::UE_STATIC_KEY_SIZE_4, + UE_STATIC_KEY_SIZE_8 = UE::UE_STATIC_KEY_SIZE_8 +}; + +enum eCompressionAlgorithm : int +{ + UE_STATIC_APLIB = UE::UE_STATIC_APLIB, + UE_STATIC_APLIB_DEPACK = UE::UE_STATIC_APLIB_DEPACK, + UE_STATIC_LZMA = UE::UE_STATIC_LZMA +}; + +enum eHashAlgorithm : int +{ + UE_STATIC_HASH_MD5 = UE::UE_STATIC_HASH_MD5, + UE_STATIC_HASH_SHA1 = UE::UE_STATIC_HASH_SHA1, + UE_STATIC_HASH_CRC32 = UE::UE_STATIC_HASH_CRC32 +}; + +const DWORD UE_RESOURCE_LANGUAGE_ANY = UE::UE_RESOURCE_LANGUAGE_ANY; + +enum ePE32Data : DWORD +{ + UE_PE_OFFSET = UE::UE_PE_OFFSET, + UE_IMAGEBASE = UE::UE_IMAGEBASE, + UE_OEP = UE::UE_OEP, + UE_SIZEOFIMAGE = UE::UE_SIZEOFIMAGE, + UE_SIZEOFHEADERS = UE::UE_SIZEOFHEADERS, + UE_SIZEOFOPTIONALHEADER = UE::UE_SIZEOFOPTIONALHEADER, + UE_SECTIONALIGNMENT = UE::UE_SECTIONALIGNMENT, + UE_IMPORTTABLEADDRESS = UE::UE_IMPORTTABLEADDRESS, + UE_IMPORTTABLESIZE = UE::UE_IMPORTTABLESIZE, + UE_RESOURCETABLEADDRESS = UE::UE_RESOURCETABLEADDRESS, + UE_RESOURCETABLESIZE = UE::UE_RESOURCETABLESIZE, + UE_EXPORTTABLEADDRESS = UE::UE_EXPORTTABLEADDRESS, + UE_EXPORTTABLESIZE = UE::UE_EXPORTTABLESIZE, + UE_TLSTABLEADDRESS = UE::UE_TLSTABLEADDRESS, + UE_TLSTABLESIZE = UE::UE_TLSTABLESIZE, + UE_RELOCATIONTABLEADDRESS = UE::UE_RELOCATIONTABLEADDRESS, + UE_RELOCATIONTABLESIZE = UE::UE_RELOCATIONTABLESIZE, + UE_TIMEDATESTAMP = UE::UE_TIMEDATESTAMP, + UE_SECTIONNUMBER = UE::UE_SECTIONNUMBER, + UE_CHECKSUM = UE::UE_CHECKSUM, + UE_SUBSYSTEM = UE::UE_SUBSYSTEM, + UE_CHARACTERISTICS = UE::UE_CHARACTERISTICS, + UE_NUMBEROFRVAANDSIZES = UE::UE_NUMBEROFRVAANDSIZES, + UE_SECTIONNAME = UE::UE_SECTIONNAME, + UE_SECTIONVIRTUALOFFSET = UE::UE_SECTIONVIRTUALOFFSET, + UE_SECTIONVIRTUALSIZE = UE::UE_SECTIONVIRTUALSIZE, + UE_SECTIONRAWOFFSET = UE::UE_SECTIONRAWOFFSET, + UE_SECTIONRAWSIZE = UE::UE_SECTIONRAWSIZE, + UE_SECTIONFLAGS = UE::UE_SECTIONFLAGS +}; + +const long UE_VANOTFOUND = UE::UE_VANOTFOUND; + +enum eCustomException : DWORD +{ + UE_CH_BREAKPOINT = UE::UE_CH_BREAKPOINT, + UE_CH_SINGLESTEP = UE::UE_CH_SINGLESTEP, + UE_CH_ACCESSVIOLATION = UE::UE_CH_ACCESSVIOLATION, + UE_CH_ILLEGALINSTRUCTION = UE::UE_CH_ILLEGALINSTRUCTION, + UE_CH_NONCONTINUABLEEXCEPTION = UE::UE_CH_NONCONTINUABLEEXCEPTION, + UE_CH_ARRAYBOUNDSEXCEPTION = UE::UE_CH_ARRAYBOUNDSEXCEPTION, + UE_CH_FLOATDENORMALOPERAND = UE::UE_CH_FLOATDENORMALOPERAND, + UE_CH_FLOATDEVIDEBYZERO = UE::UE_CH_FLOATDEVIDEBYZERO, + UE_CH_INTEGERDEVIDEBYZERO = UE::UE_CH_INTEGERDEVIDEBYZERO, + UE_CH_INTEGEROVERFLOW = UE::UE_CH_INTEGEROVERFLOW, + UE_CH_PRIVILEGEDINSTRUCTION = UE::UE_CH_PRIVILEGEDINSTRUCTION, + UE_CH_PAGEGUARD = UE::UE_CH_PAGEGUARD, + UE_CH_EVERYTHINGELSE = UE::UE_CH_EVERYTHINGELSE, + UE_CH_CREATETHREAD = UE::UE_CH_CREATETHREAD, + UE_CH_EXITTHREAD = UE::UE_CH_EXITTHREAD, + UE_CH_CREATEPROCESS = UE::UE_CH_CREATEPROCESS, + UE_CH_EXITPROCESS = UE::UE_CH_EXITPROCESS, + UE_CH_LOADDLL = UE::UE_CH_LOADDLL, + UE_CH_UNLOADDLL = UE::UE_CH_UNLOADDLL, + UE_CH_OUTPUTDEBUGSTRING = UE::UE_CH_OUTPUTDEBUGSTRING +}; + +enum eHandlerReturnType : DWORD +{ + UE_OPTION_HANDLER_RETURN_HANDLECOUNT = UE::UE_OPTION_HANDLER_RETURN_HANDLECOUNT, + UE_OPTION_HANDLER_RETURN_ACCESS = UE::UE_OPTION_HANDLER_RETURN_ACCESS, + UE_OPTION_HANDLER_RETURN_FLAGS = UE::UE_OPTION_HANDLER_RETURN_FLAGS, + UE_OPTION_HANDLER_RETURN_TYPENAME = UE::UE_OPTION_HANDLER_RETURN_TYPENAME +}; + +enum eBPState +{ + UE_BPXREMOVED = UE::UE_BPXREMOVED, + UE_BPXACTIVE = UE::UE_BPXACTIVE, + UE_BPXINACTIVE = UE::UE_BPXINACTIVE +}; + +enum eBPType +{ + UE_BREAKPOINT = UE::UE_BREAKPOINT, + UE_SINGLESHOOT = UE::UE_SINGLESHOOT, + //UE_HARDWARE = UE::UE_HARDWARE, +}; + +enum eMemoryBPType +{ + UE_MEMORY = UE::UE_MEMORY, + UE_MEMORY_READ = UE::UE_MEMORY_READ, + UE_MEMORY_WRITE = UE::UE_MEMORY_WRITE +}; + +enum eHWBPType : DWORD +{ + UE_HARDWARE_EXECUTE = UE::UE_HARDWARE_EXECUTE, + UE_HARDWARE_WRITE = UE::UE_HARDWARE_WRITE, + UE_HARDWARE_READWRITE = UE::UE_HARDWARE_READWRITE +}; + +enum eHWBPSize : DWORD +{ + UE_HARDWARE_SIZE_1 = UE::UE_HARDWARE_SIZE_1, + UE_HARDWARE_SIZE_2 = UE::UE_HARDWARE_SIZE_2, + UE_HARDWARE_SIZE_4 = UE::UE_HARDWARE_SIZE_4 +}; + +enum eLibraryEvent : DWORD +{ + UE_ON_LIB_LOAD = UE::UE_ON_LIB_LOAD, + UE_ON_LIB_UNLOAD = UE::UE_ON_LIB_UNLOAD, + UE_ON_LIB_ALL = UE::UE_ON_LIB_ALL +}; + +enum eBPPlace : DWORD +{ + UE_APISTART = UE::UE_APISTART, + UE_APIEND = UE::UE_APIEND +}; + +enum ePlatform : int +{ + UE_PLATFORM_x86 = UE::UE_PLATFORM_x86, + UE_PLATFORM_x64 = UE::UE_PLATFORM_x64, + UE_PLATFORM_ALL = UE::UE_PLATFORM_ALL +}; + +enum eFunctionType : DWORD +{ + UE_FUNCTION_STDCALL = UE::UE_FUNCTION_STDCALL, + UE_FUNCTION_CCALL = UE::UE_FUNCTION_CCALL, + UE_FUNCTION_FASTCALL = UE::UE_FUNCTION_FASTCALL, + UE_FUNCTION_STDCALL_RET = UE::UE_FUNCTION_STDCALL_RET, + UE_FUNCTION_CCALL_RET = UE::UE_FUNCTION_CCALL_RET, + UE_FUNCTION_FASTCALL_RET = UE::UE_FUNCTION_FASTCALL_RET, + UE_FUNCTION_STDCALL_CALL = UE::UE_FUNCTION_STDCALL_CALL, + UE_FUNCTION_CCALL_CALL = UE::UE_FUNCTION_CCALL_CALL, + UE_FUNCTION_FASTCALL_CALL = UE::UE_FUNCTION_FASTCALL_CALL +}; + +enum eParameterType : DWORD +{ + UE_PARAMETER_BYTE = UE::UE_PARAMETER_BYTE, + UE_PARAMETER_WORD = UE::UE_PARAMETER_WORD, + UE_PARAMETER_DWORD = UE::UE_PARAMETER_DWORD, + UE_PARAMETER_QWORD = UE::UE_PARAMETER_QWORD, + UE_PARAMETER_PTR_BYTE = UE::UE_PARAMETER_PTR_BYTE, + UE_PARAMETER_PTR_WORD = UE::UE_PARAMETER_PTR_WORD, + UE_PARAMETER_PTR_DWORD = UE::UE_PARAMETER_PTR_DWORD, + UE_PARAMETER_PTR_QWORD = UE::UE_PARAMETER_PTR_QWORD, + UE_PARAMETER_STRING = UE::UE_PARAMETER_STRING, + UE_PARAMETER_UNICODE = UE::UE_PARAMETER_UNICODE +}; + +enum eCompareCondition : DWORD +{ + UE_CMP_NOCONDITION = UE::UE_CMP_NOCONDITION, + UE_CMP_EQUAL = UE::UE_CMP_EQUAL, + UE_CMP_NOTEQUAL = UE::UE_CMP_NOTEQUAL, + UE_CMP_GREATER = UE::UE_CMP_GREATER, + UE_CMP_GREATEROREQUAL = UE::UE_CMP_GREATEROREQUAL, + UE_CMP_LOWER = UE::UE_CMP_LOWER, + UE_CMP_LOWEROREQUAL = UE::UE_CMP_LOWEROREQUAL, + UE_CMP_REG_EQUAL = UE::UE_CMP_REG_EQUAL, + UE_CMP_REG_NOTEQUAL = UE::UE_CMP_REG_NOTEQUAL, + UE_CMP_REG_GREATER = UE::UE_CMP_REG_GREATER, + UE_CMP_REG_GREATEROREQUAL = UE::UE_CMP_REG_GREATEROREQUAL, + UE_CMP_REG_LOWER = UE::UE_CMP_REG_LOWER, + UE_CMP_REG_LOWEROREQUAL = UE::UE_CMP_REG_LOWEROREQUAL, + UE_CMP_ALWAYSFALSE = UE::UE_CMP_ALWAYSFALSE +}; + +enum eContextData : DWORD +{ + UE_EAX = UE::UE_EAX, + UE_EBX = UE::UE_EBX, + UE_ECX = UE::UE_ECX, + UE_EDX = UE::UE_EDX, + UE_EDI = UE::UE_EDI, + UE_ESI = UE::UE_ESI, + UE_EBP = UE::UE_EBP, + UE_ESP = UE::UE_ESP, + UE_EIP = UE::UE_EIP, + UE_EFLAGS = UE::UE_EFLAGS, + UE_DR0 = UE::UE_DR0, + UE_DR1 = UE::UE_DR1, + UE_DR2 = UE::UE_DR2, + UE_DR3 = UE::UE_DR3, + UE_DR6 = UE::UE_DR6, + UE_DR7 = UE::UE_DR7, + UE_RAX = UE::UE_RAX, + UE_RBX = UE::UE_RBX, + UE_RCX = UE::UE_RCX, + UE_RDX = UE::UE_RDX, + UE_RDI = UE::UE_RDI, + UE_RSI = UE::UE_RSI, + UE_RBP = UE::UE_RBP, + UE_RSP = UE::UE_RSP, + UE_RIP = UE::UE_RIP, + UE_RFLAGS = UE::UE_RFLAGS, + UE_R8 = UE::UE_R8, + UE_R9 = UE::UE_R9, + UE_R10 = UE::UE_R10, + UE_R11 = UE::UE_R11, + UE_R12 = UE::UE_R12, + UE_R13 = UE::UE_R13, + UE_R14 = UE::UE_R14, + UE_R15 = UE::UE_R15, + UE_CIP = UE::UE_CIP, + UE_CSP = UE::UE_CSP +}; + +enum eCheckDepth : DWORD +{ + UE_DEPTH_SURFACE = UE::UE_DEPTH_SURFACE, + UE_DEPTH_DEEP = UE::UE_DEPTH_DEEP +}; + +enum eFieldState : BYTE +{ + UE_FIELD_OK = UE::UE_FIELD_OK, + UE_FIELD_BROKEN_NON_FIXABLE = UE::UE_FIELD_BROKEN_NON_FIXABLE, + UE_FIELD_BROKEN_NON_CRITICAL = UE::UE_FIELD_BROKEN_NON_CRITICAL, + UE_FIELD_BROKEN_FIXABLE_FOR_STATIC_USE = UE::UE_FIELD_BROKEN_FIXABLE_FOR_STATIC_USE, + UE_FIELD_BROKEN_BUT_CAN_BE_EMULATED = UE::UE_FIELD_BROKEN_BUT_CAN_BE_EMULATED, + UE_FILED_FIXABLE_NON_CRITICAL = UE::UE_FILED_FIXABLE_NON_CRITICAL, + UE_FILED_FIXABLE_CRITICAL = UE::UE_FILED_FIXABLE_CRITICAL, + UE_FIELD_NOT_PRESET = UE::UE_FIELD_NOT_PRESET, + UE_FIELD_NOT_PRESET_WARNING = UE::UE_FIELD_NOT_PRESET_WARNING +}; + +enum eFileState : BYTE +{ + UE_RESULT_FILE_OK = UE::UE_RESULT_FILE_OK, + UE_RESULT_FILE_INVALID_BUT_FIXABLE = UE::UE_RESULT_FILE_INVALID_BUT_FIXABLE, + UE_RESULT_FILE_INVALID_AND_NON_FIXABLE = UE::UE_RESULT_FILE_INVALID_AND_NON_FIXABLE, + UE_RESULT_FILE_INVALID_FORMAT = UE::UE_RESULT_FILE_INVALID_FORMAT +}; + +// ---- + +class DumperA; +class DumperW; + +class DumperX +{ + friend class DumperA; + friend class DumperW; + +protected: + + typedef UE::PEStruct PEStruct; + + static long long GetPE32DataFromMappedFile(ULONG_PTR FileMapVA, DWORD WhichSection, ePE32Data WhichData) + { + return UE::GetPE32DataFromMappedFile(FileMapVA, WhichSection, WhichData); + } + static bool GetPE32DataFromMappedFileEx(ULONG_PTR FileMapVA, PEStruct* DataStorage) + { + return UE::GetPE32DataFromMappedFileEx(FileMapVA, DataStorage); + } + static bool SetPE32DataForMappedFile(ULONG_PTR FileMapVA, DWORD WhichSection, ePE32Data WhichData, ULONG_PTR NewDataValue) + { + return UE::SetPE32DataForMappedFile(FileMapVA, WhichSection, WhichData, NewDataValue); + } + static bool SetPE32DataForMappedFileEx(ULONG_PTR FileMapVA, PEStruct* DataStorage) + { + return UE::SetPE32DataForMappedFileEx(FileMapVA, DataStorage); + } + static long GetPE32SectionNumberFromVA(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert) + { + return UE::GetPE32SectionNumberFromVA(FileMapVA, AddressToConvert); + } + static long long ConvertVAtoFileOffset(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType) + { + return UE::ConvertVAtoFileOffset(FileMapVA, AddressToConvert, ReturnType); + } + static long long ConvertVAtoFileOffsetEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool AddressIsRVA, bool ReturnType) + { + return UE::ConvertVAtoFileOffsetEx(FileMapVA, FileSize, ImageBase, AddressToConvert, AddressIsRVA, ReturnType); + } + static long long ConvertFileOffsetToVA(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType) + { + return UE::ConvertFileOffsetToVA(FileMapVA, AddressToConvert, ReturnType); + } + static long long ConvertFileOffsetToVAEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool ReturnType) + { + return UE::ConvertFileOffsetToVAEx(FileMapVA, FileSize, ImageBase, AddressToConvert, ReturnType); + } +}; + +class DumperA +{ +public: + + static bool DumpProcess(HANDLE hProcess, void* ImageBase, char* szDumpFileName, ULONG_PTR EntryPoint) + { + return UE::DumpProcess(hProcess, ImageBase, szDumpFileName, EntryPoint); + } + static bool DumpProcessEx(DWORD ProcessId, void* ImageBase, char* szDumpFileName, ULONG_PTR EntryPoint) + { + return UE::DumpProcessEx(ProcessId, ImageBase, szDumpFileName, EntryPoint); + } + static bool DumpMemory(HANDLE hProcess, void* MemoryStart, ULONG_PTR MemorySize, char* szDumpFileName) + { + return UE::DumpMemory(hProcess, MemoryStart, MemorySize, szDumpFileName); + } + static bool DumpMemoryEx(DWORD ProcessId, void* MemoryStart, ULONG_PTR MemorySize, char* szDumpFileName) + { + return UE::DumpMemoryEx(ProcessId, MemoryStart, MemorySize, szDumpFileName); + } + static bool DumpRegions(HANDLE hProcess, char* szDumpFolder, bool DumpAboveImageBaseOnly) + { + return UE::DumpRegions(hProcess, szDumpFolder, DumpAboveImageBaseOnly); + } + static bool DumpRegionsEx(DWORD ProcessId, char* szDumpFolder, bool DumpAboveImageBaseOnly) + { + return UE::DumpRegionsEx(ProcessId, szDumpFolder, DumpAboveImageBaseOnly); + } + static bool DumpModule(HANDLE hProcess, void* ModuleBase, char* szDumpFileName) + { + return UE::DumpModule(hProcess, ModuleBase, szDumpFileName); + } + static bool DumpModuleEx(DWORD ProcessId, void* ModuleBase, char* szDumpFileName) + { + return UE::DumpModuleEx(ProcessId, ModuleBase, szDumpFileName); + } + static bool PastePEHeader(HANDLE hProcess, void* ImageBase, char* szDebuggedFileName) + { + return UE::PastePEHeader(hProcess, ImageBase, szDebuggedFileName); + } + static bool ExtractSection(char* szFileName, char* szDumpFileName, DWORD SectionNumber) + { + return UE::ExtractSection(szFileName, szDumpFileName, SectionNumber); + } + static bool ResortFileSections(char* szFileName) + { + return UE::ResortFileSections(szFileName); + } + static bool FindOverlay(char* szFileName, DWORD* OverlayStart, DWORD* OverlaySize) + { + return UE::FindOverlay(szFileName, OverlayStart, OverlaySize); + } + static bool ExtractOverlay(char* szFileName, char* szExtractedFileName) + { + return UE::ExtractOverlay(szFileName, szExtractedFileName); + } + static bool AddOverlay(char* szFileName, char* szOverlayFileName) + { + return UE::AddOverlay(szFileName, szOverlayFileName); + } + static bool CopyOverlay(char* szInFileName, char* szOutFileName) + { + return UE::CopyOverlay(szInFileName, szOutFileName); + } + static bool RemoveOverlay(char* szFileName) + { + return UE::RemoveOverlay(szFileName); + } + static bool MakeAllSectionsRWE(char* szFileName) + { + return UE::MakeAllSectionsRWE(szFileName); + } + static long AddNewSectionEx(char* szFileName, char* szSectionName, DWORD SectionSize, DWORD SectionAttributes, void* SectionContent, DWORD ContentSize) + { + return UE::AddNewSectionEx(szFileName, szSectionName, SectionSize, SectionAttributes, SectionContent, ContentSize); + } + static long AddNewSection(char* szFileName, char* szSectionName, DWORD SectionSize) + { + return UE::AddNewSection(szFileName, szSectionName, SectionSize); + } + static bool ResizeLastSection(char* szFileName, DWORD NumberOfExpandBytes, bool AlignResizeData) + { + return UE::ResizeLastSection(szFileName, NumberOfExpandBytes, AlignResizeData); + } + static void SetSharedOverlay(char* szFileName) + { + return UE::SetSharedOverlay(szFileName); + } + static const char* GetSharedOverlay() + { + return UE::GetSharedOverlay(); + } + static bool DeleteLastSection(char* szFileName) + { + return UE::DeleteLastSection(szFileName); + } + static bool DeleteLastSectionEx(char* szFileName, DWORD NumberOfSections) + { + return UE::DeleteLastSectionEx(szFileName, NumberOfSections); + } + static long long GetPE32Data(char* szFileName, DWORD WhichSection, ePE32Data WhichData) + { + return UE::GetPE32Data(szFileName, WhichSection, WhichData); + } + static bool GetPE32DataEx(char* szFileName, DumperX::PEStruct* DataStorage) + { + return UE::GetPE32DataEx(szFileName, DataStorage); + } + static bool SetPE32Data(char* szFileName, DWORD WhichSection, ePE32Data WhichData, ULONG_PTR NewDataValue) + { + return UE::SetPE32Data(szFileName, WhichSection, WhichData, NewDataValue); + } + static bool SetPE32DataEx(char* szFileName, DumperX::PEStruct* DataStorage) + { + return UE::SetPE32DataEx(szFileName, DataStorage); + } +}; + +class DumperW +{ +public: + + static bool DumpProcess(HANDLE hProcess, void* ImageBase, wchar_t* szDumpFileName, ULONG_PTR EntryPoint) + { + return UE::DumpProcessW(hProcess, ImageBase, szDumpFileName, EntryPoint); + } + static bool DumpProcessEx(DWORD ProcessId, void* ImageBase, wchar_t* szDumpFileName, ULONG_PTR EntryPoint) + { + return UE::DumpProcessExW(ProcessId, ImageBase, szDumpFileName, EntryPoint); + } + static bool DumpMemory(HANDLE hProcess, void* MemoryStart, ULONG_PTR MemorySize, wchar_t* szDumpFileName) + { + return UE::DumpMemoryW(hProcess, MemoryStart, MemorySize, szDumpFileName); + } + static bool DumpMemoryEx(DWORD ProcessId, void* MemoryStart, ULONG_PTR MemorySize, wchar_t* szDumpFileName) + { + return UE::DumpMemoryExW(ProcessId, MemoryStart, MemorySize, szDumpFileName); + } + static bool DumpRegions(HANDLE hProcess, wchar_t* szDumpFolder, bool DumpAboveImageBaseOnly) + { + return UE::DumpRegionsW(hProcess, szDumpFolder, DumpAboveImageBaseOnly); + } + static bool DumpRegionsEx(DWORD ProcessId, wchar_t* szDumpFolder, bool DumpAboveImageBaseOnly) + { + return UE::DumpRegionsExW(ProcessId, szDumpFolder, DumpAboveImageBaseOnly); + } + static bool DumpModule(HANDLE hProcess, void* ModuleBase, wchar_t* szDumpFileName) + { + return UE::DumpModuleW(hProcess, ModuleBase, szDumpFileName); + } + static bool DumpModuleEx(DWORD ProcessId, void* ModuleBase, wchar_t* szDumpFileName) + { + return UE::DumpModuleExW(ProcessId, ModuleBase, szDumpFileName); + } + static bool PastePEHeader(HANDLE hProcess, void* ImageBase, wchar_t* szDebuggedFileName) + { + return UE::PastePEHeaderW(hProcess, ImageBase, szDebuggedFileName); + } + static bool ExtractSection(wchar_t* szFileName, wchar_t* szDumpFileName, DWORD SectionNumber) + { + return UE::ExtractSectionW(szFileName, szDumpFileName, SectionNumber); + } + static bool ResortFileSections(wchar_t* szFileName) + { + return UE::ResortFileSectionsW(szFileName); + } + static bool FindOverlay(wchar_t* szFileName, DWORD* OverlayStart, DWORD* OverlaySize) + { + return UE::FindOverlayW(szFileName, OverlayStart, OverlaySize); + } + static bool ExtractOverlay(wchar_t* szFileName, wchar_t* szExtractedFileName) + { + return UE::ExtractOverlayW(szFileName, szExtractedFileName); + } + static bool AddOverlay(wchar_t* szFileName, wchar_t* szOverlayFileName) + { + return UE::AddOverlayW(szFileName, szOverlayFileName); + } + static bool CopyOverlay(wchar_t* szInFileName, wchar_t* szOutFileName) + { + return UE::CopyOverlayW(szInFileName, szOutFileName); + } + static bool RemoveOverlay(wchar_t* szFileName) + { + return UE::RemoveOverlayW(szFileName); + } + static bool MakeAllSectionsRWE(wchar_t* szFileName) + { + return UE::MakeAllSectionsRWEW(szFileName); + } + static long AddNewSectionEx(wchar_t* szFileName, char* szSectionName, DWORD SectionSize, DWORD SectionAttributes, void* SectionContent, DWORD ContentSize) + { + return UE::AddNewSectionExW(szFileName, szSectionName, SectionSize, SectionAttributes, SectionContent, ContentSize); + } + static long AddNewSection(wchar_t* szFileName, char* szSectionName, DWORD SectionSize) + { + return UE::AddNewSectionW(szFileName, szSectionName, SectionSize); + } + static bool ResizeLastSection(wchar_t* szFileName, DWORD NumberOfExpandBytes, bool AlignResizeData) + { + return UE::ResizeLastSectionW(szFileName, NumberOfExpandBytes, AlignResizeData); + } + static void SetSharedOverlay(wchar_t* szFileName) + { + return UE::SetSharedOverlayW(szFileName); + } + static const wchar_t* GetSharedOverlay() + { + return UE::GetSharedOverlayW(); + } + static bool DeleteLastSection(wchar_t* szFileName) + { + return UE::DeleteLastSectionW(szFileName); + } + static bool DeleteLastSectionEx(wchar_t* szFileName, DWORD NumberOfSections) + { + return UE::DeleteLastSectionExW(szFileName, NumberOfSections); + } + static long long GetPE32Data(wchar_t* szFileName, DWORD WhichSection, ePE32Data WhichData) + { + return UE::GetPE32DataW(szFileName, WhichSection, WhichData); + } + static bool GetPE32DataEx(wchar_t* szFileName, DumperX::PEStruct* DataStorage) + { + return UE::GetPE32DataExW(szFileName, DataStorage); + } + static bool SetPE32Data(wchar_t* szFileName, DWORD WhichSection, ePE32Data WhichData, ULONG_PTR NewDataValue) + { + return UE::SetPE32DataW(szFileName, WhichSection, WhichData, NewDataValue); + } + static bool SetPE32DataEx(wchar_t* szFileName, DumperX::PEStruct* DataStorage) + { + return UE::SetPE32DataExW(szFileName, DataStorage); + } +}; + +class Dumper : DumperX, DumperA, DumperW +{ +public: + + using DumperX::PEStruct; + + using DumperA::DumpProcess; + using DumperW::DumpProcess; + using DumperA::DumpProcessEx; + using DumperW::DumpProcessEx; + using DumperA::DumpMemory; + using DumperW::DumpMemory; + using DumperA::DumpMemoryEx; + using DumperW::DumpMemoryEx; + using DumperA::DumpRegions; + using DumperW::DumpRegions; + using DumperA::DumpRegionsEx; + using DumperW::DumpRegionsEx; + using DumperA::DumpModule; + using DumperW::DumpModule; + using DumperA::DumpModuleEx; + using DumperW::DumpModuleEx; + using DumperA::PastePEHeader; + using DumperW::PastePEHeader; + using DumperA::ExtractSection; + using DumperW::ExtractSection; + using DumperA::ResortFileSections; + using DumperW::ResortFileSections; + using DumperA::FindOverlay; + using DumperW::FindOverlay; + using DumperA::ExtractOverlay; + using DumperW::ExtractOverlay; + using DumperA::AddOverlay; + using DumperW::AddOverlay; + using DumperA::CopyOverlay; + using DumperW::CopyOverlay; + using DumperA::RemoveOverlay; + using DumperW::RemoveOverlay; + using DumperA::MakeAllSectionsRWE; + using DumperW::MakeAllSectionsRWE; + using DumperA::AddNewSectionEx; + using DumperW::AddNewSectionEx; + using DumperA::AddNewSection; + using DumperW::AddNewSection; + using DumperA::ResizeLastSection; + using DumperW::ResizeLastSection; + using DumperA::SetSharedOverlay; + using DumperW::SetSharedOverlay; + #ifndef UNICODE + using DumperA::GetSharedOverlay; + #else + using DumperW::GetSharedOverlay; + #endif + using DumperA::DeleteLastSection; + using DumperW::DeleteLastSection; + using DumperA::DeleteLastSectionEx; + using DumperW::DeleteLastSectionEx; + using DumperX::GetPE32DataFromMappedFile; + using DumperA::GetPE32Data; + using DumperW::GetPE32Data; + using DumperX::GetPE32DataFromMappedFileEx; + using DumperA::GetPE32DataEx; + using DumperW::GetPE32DataEx; + using DumperX::SetPE32DataForMappedFile; + using DumperA::SetPE32Data; + using DumperW::SetPE32Data; + using DumperX::SetPE32DataForMappedFileEx; + using DumperA::SetPE32DataEx; + using DumperW::SetPE32DataEx; + using DumperX::GetPE32SectionNumberFromVA; + using DumperX::ConvertVAtoFileOffset; + using DumperX::ConvertVAtoFileOffsetEx; + using DumperX::ConvertFileOffsetToVA; + using DumperX::ConvertFileOffsetToVAEx; +}; + +class RealignerA; +class RealignerW; + +class RealignerX +{ + friend class RealignerA; + friend class RealignerW; + +protected: + + typedef UE::FILE_STATUS_INFO FILE_STATUS_INFO; + typedef UE::FILE_FIX_INFO FILE_FIX_INFO; + + static long RealignPE(ULONG_PTR FileMapVA, DWORD FileSize, DWORD RealingMode) + { + return UE::RealignPE(FileMapVA, FileSize, RealingMode); + } +}; + +class RealignerA +{ +public: + + static bool FixHeaderCheckSum(char* szFileName) + { + return UE::FixHeaderCheckSum(szFileName); + } + static long RealignPEEx(char* szFileName, DWORD RealingFileSize, DWORD ForcedFileAlignment) + { + return UE::RealignPEEx(szFileName, RealingFileSize, ForcedFileAlignment); + } + static bool WipeSection(char* szFileName, int WipeSectionNumber, bool RemovePhysically) + { + return UE::WipeSection(szFileName, WipeSectionNumber, RemovePhysically); + } + static bool IsPE32FileValidEx(char* szFileName, eCheckDepth CheckDepth, RealignerX::FILE_STATUS_INFO* FileStatusInfo) + { + return UE::IsPE32FileValidEx(szFileName, CheckDepth, FileStatusInfo); + } + static bool FixBrokenPE32FileEx(char* szFileName, RealignerX::FILE_STATUS_INFO* FileStatusInfo, RealignerX::FILE_FIX_INFO* FileFixInfo) + { + return UE::FixBrokenPE32FileEx(szFileName, FileStatusInfo, FileFixInfo); + } + static bool IsFileDLL(char* szFileName, ULONG_PTR FileMapVA) + { + return UE::IsFileDLL(szFileName, FileMapVA); + } +}; + +class RealignerW +{ +public: + + static bool FixHeaderCheckSum(wchar_t* szFileName) + { + return UE::FixHeaderCheckSumW(szFileName); + } + static long RealignPEEx(wchar_t* szFileName, DWORD RealingFileSize, DWORD ForcedFileAlignment) + { + return UE::RealignPEExW(szFileName, RealingFileSize, ForcedFileAlignment); + } + static bool WipeSection(wchar_t* szFileName, int WipeSectionNumber, bool RemovePhysically) + { + return UE::WipeSectionW(szFileName, WipeSectionNumber, RemovePhysically); + } + static bool IsPE32FileValidEx(wchar_t* szFileName, eCheckDepth CheckDepth, RealignerX::FILE_STATUS_INFO* FileStatusInfo) + { + return UE::IsPE32FileValidExW(szFileName, CheckDepth, FileStatusInfo); + } + static bool FixBrokenPE32FileEx(wchar_t* szFileName, RealignerX::FILE_STATUS_INFO* FileStatusInfo, RealignerX::FILE_FIX_INFO* FileFixInfo) + { + return UE::FixBrokenPE32FileExW(szFileName, FileStatusInfo, FileFixInfo); + } + static bool IsFileDLL(wchar_t* szFileName, ULONG_PTR FileMapVA) + { + return UE::IsFileDLLW(szFileName, FileMapVA); + } +}; + +class Realigner: RealignerX, RealignerA, RealignerW +{ +public: + + using RealignerX::FILE_STATUS_INFO; + using RealignerX::FILE_FIX_INFO; + + using RealignerA::FixHeaderCheckSum; + using RealignerW::FixHeaderCheckSum; + using RealignerX::RealignPE; + using RealignerA::RealignPEEx; + using RealignerW::RealignPEEx; + using RealignerA::WipeSection; + using RealignerW::WipeSection; + using RealignerA::IsPE32FileValidEx; + using RealignerW::IsPE32FileValidEx; + using RealignerA::FixBrokenPE32FileEx; + using RealignerW::FixBrokenPE32FileEx; + using RealignerA::IsFileDLL; + using RealignerW::IsFileDLL; +}; + +class Hider +{ +public: + + static void* GetPEBLocation(HANDLE hProcess) + { + return UE::GetPEBLocation(hProcess); + } + static bool HideDebugger(HANDLE hProcess, eHideLevel PatchAPILevel) + { + return UE::HideDebugger(hProcess, PatchAPILevel); + } + static bool UnHideDebugger(HANDLE hProcess, eHideLevel PatchAPILevel) + { + return UE::UnHideDebugger(hProcess, PatchAPILevel); + } +}; + +class RelocaterX +{ +protected: + + static void Cleanup() + { + UE::RelocaterCleanup(); + } + static void Init(DWORD MemorySize, ULONG_PTR OldImageBase, ULONG_PTR NewImageBase) + { + UE::RelocaterInit(MemorySize, OldImageBase, NewImageBase); + } + static void AddNewRelocation(HANDLE hProcess, ULONG_PTR RelocateAddress, DWORD RelocateState) + { + UE::RelocaterAddNewRelocation(hProcess, RelocateAddress, RelocateState); + } + static long EstimatedSize() + { + return UE::RelocaterEstimatedSize(); + } + static bool ExportRelocation(ULONG_PTR StorePlace, DWORD StorePlaceRVA, ULONG_PTR FileMapVA) + { + return UE::RelocaterExportRelocation(StorePlace, StorePlaceRVA, FileMapVA); + } + static bool GrabRelocationTable(HANDLE hProcess, ULONG_PTR MemoryStart, DWORD MemorySize) + { + return UE::RelocaterGrabRelocationTable(hProcess, MemoryStart, MemorySize); + } + static bool GrabRelocationTableEx(HANDLE hProcess, ULONG_PTR MemoryStart, ULONG_PTR MemorySize, DWORD NtSizeOfImage) + { + return UE::RelocaterGrabRelocationTableEx(hProcess, MemoryStart, MemorySize, NtSizeOfImage); + } + static bool RelocateMemoryBlock(ULONG_PTR FileMapVA, ULONG_PTR MemoryLocation, void* RelocateMemory, DWORD RelocateMemorySize, ULONG_PTR CurrentLoadedBase, ULONG_PTR RelocateBase) + { + return UE::RelocaterRelocateMemoryBlock(FileMapVA, MemoryLocation, RelocateMemory, RelocateMemorySize, CurrentLoadedBase, RelocateBase); + } +}; + +class RelocaterA +{ +public: + + static bool ExportRelocationEx(char* szFileName, char* szSectionName) + { + return UE::RelocaterExportRelocationEx(szFileName, szSectionName); + } + static bool MakeSnapshot(HANDLE hProcess, char* szSaveFileName, void* MemoryStart, ULONG_PTR MemorySize) + { + return UE::RelocaterMakeSnapshot(hProcess, szSaveFileName, MemoryStart, MemorySize); + } + static bool CompareTwoSnapshots(HANDLE hProcess, ULONG_PTR LoadedImageBase, ULONG_PTR NtSizeOfImage, char* szDumpFile1, char* szDumpFile2, ULONG_PTR MemStart) + { + return UE::RelocaterCompareTwoSnapshots(hProcess, LoadedImageBase, NtSizeOfImage, szDumpFile1, szDumpFile2, MemStart); + } + static bool ChangeFileBase(char* szFileName, ULONG_PTR NewImageBase) + { + return UE::RelocaterChangeFileBase(szFileName, NewImageBase); + } + static bool WipeRelocationTable(char* szFileName) + { + return UE::RelocaterWipeRelocationTable(szFileName); + } +}; + +class RelocaterW +{ +public: + + static bool ExportRelocationEx(wchar_t* szFileName, char* szSectionName) + { + return UE::RelocaterExportRelocationExW(szFileName, szSectionName); + } + static bool MakeSnapshot(HANDLE hProcess, wchar_t* szSaveFileName, void* MemoryStart, ULONG_PTR MemorySize) + { + return UE::RelocaterMakeSnapshotW(hProcess, szSaveFileName, MemoryStart, MemorySize); + } + static bool CompareTwoSnapshots(HANDLE hProcess, ULONG_PTR LoadedImageBase, ULONG_PTR NtSizeOfImage, wchar_t* szDumpFile1, wchar_t* szDumpFile2, ULONG_PTR MemStart) + { + return UE::RelocaterCompareTwoSnapshotsW(hProcess, LoadedImageBase, NtSizeOfImage, szDumpFile1, szDumpFile2, MemStart); + } + static bool ChangeFileBase(wchar_t* szFileName, ULONG_PTR NewImageBase) + { + return UE::RelocaterChangeFileBaseW(szFileName, NewImageBase); + } + static bool WipeRelocationTable(wchar_t* szFileName) + { + return UE::RelocaterWipeRelocationTableW(szFileName); + } +}; + +class Relocater : RelocaterX, RelocaterA, RelocaterW +{ +public: + + using RelocaterX::Cleanup; + using RelocaterX::Init; + using RelocaterX::AddNewRelocation; + using RelocaterX::EstimatedSize; + using RelocaterX::ExportRelocation; + using RelocaterA::ExportRelocationEx; + using RelocaterW::ExportRelocationEx; + using RelocaterX::GrabRelocationTable; + using RelocaterX::GrabRelocationTableEx; + using RelocaterA::MakeSnapshot; + using RelocaterW::MakeSnapshot; + using RelocaterA::CompareTwoSnapshots; + using RelocaterW::CompareTwoSnapshots; + using RelocaterA::ChangeFileBase; + using RelocaterW::ChangeFileBase; + using RelocaterX::RelocateMemoryBlock; + using RelocaterA::WipeRelocationTable; + using RelocaterW::WipeRelocationTable; +}; + +class ResourcerA; +class ResourcerW; + +class ResourcerX +{ + friend class ResourcerA; + friend class ResourcerW; + +protected: + + typedef void(__stdcall *fResourceEnumCallback)(const wchar_t* szResourceType, DWORD ResourceType, const wchar_t* szResourceName, DWORD ResourceName, DWORD ResourceLanguage, DWORD ResourceData, DWORD ResourceSize); + + static bool FreeLoadedFile(void* LoadedFileBase) + { + return UE::ResourcerFreeLoadedFile(LoadedFileBase); + } + static bool ExtractResourceFromFileEx(ULONG_PTR FileMapVA, char* szResourceType, char* szResourceName, char* szExtractedFileName) + { + return UE::ResourcerExtractResourceFromFileEx(FileMapVA, szResourceType, szResourceName, szExtractedFileName); + } + static bool FindResourceEx(ULONG_PTR FileMapVA, DWORD FileSize, wchar_t* szResourceType, DWORD ResourceType, wchar_t* szResourceName, DWORD ResourceName, DWORD ResourceLanguage, ULONG_PTR* pResourceData, DWORD* pResourceSize) + { + return UE::ResourcerFindResourceEx(FileMapVA, FileSize, szResourceType, ResourceType, szResourceName, ResourceName, ResourceLanguage, pResourceData, pResourceSize); + } + static void EnumerateResourceEx(ULONG_PTR FileMapVA, DWORD FileSize, fResourceEnumCallback CallBack) + { + UE::ResourcerEnumerateResourceEx(FileMapVA, FileSize, (void*)CallBack); + } +}; + +class ResourcerA +{ +public: + + static long long LoadFileForResourceUse(char* szFileName) + { + return UE::ResourcerLoadFileForResourceUse(szFileName); + } + static bool ExtractResourceFromFile(char* szFileName, char* szResourceType, char* szResourceName, char* szExtractedFileName) + { + return UE::ResourcerExtractResourceFromFile(szFileName, szResourceType, szResourceName, szExtractedFileName); + } + static bool FindResource(char* szFileName, char* szResourceType, DWORD ResourceType, char* szResourceName, DWORD ResourceName, DWORD ResourceLanguage, ULONG_PTR* pResourceData, DWORD* pResourceSize) + { + return UE::ResourcerFindResource(szFileName, szResourceType, ResourceType, szResourceName, ResourceName, ResourceLanguage, pResourceData, pResourceSize); + } + static void EnumerateResource(char* szFileName, ResourcerX::fResourceEnumCallback CallBack) + { + UE::ResourcerEnumerateResource(szFileName, (void*)CallBack); + } +}; + +class ResourcerW +{ +public: + + static long long LoadFileForResourceUse(wchar_t* szFileName) + { + return UE::ResourcerLoadFileForResourceUseW(szFileName); + } + static bool ExtractResourceFromFile(wchar_t* szFileName, char* szResourceType, char* szResourceName, char* szExtractedFileName) + { + return UE::ResourcerExtractResourceFromFileW(szFileName, szResourceType, szResourceName, szExtractedFileName); + } + static bool FindResource(wchar_t* szFileName, wchar_t* szResourceType, DWORD ResourceType, wchar_t* szResourceName, DWORD ResourceName, DWORD ResourceLanguage, ULONG_PTR* pResourceData, DWORD* pResourceSize) + { + return UE::ResourcerFindResourceW(szFileName, szResourceType, ResourceType, szResourceName, ResourceName, ResourceLanguage, pResourceData, pResourceSize); + } + static void EnumerateResource(wchar_t* szFileName, ResourcerX::fResourceEnumCallback CallBack) + { + UE::ResourcerEnumerateResourceW(szFileName, (void*)CallBack); + } +}; + +class Resourcer : ResourcerX, ResourcerA, ResourcerW +{ +public: + + using ResourcerX::fResourceEnumCallback; + + using ResourcerA::LoadFileForResourceUse; + using ResourcerW::LoadFileForResourceUse; + using ResourcerX::FreeLoadedFile; + using ResourcerX::ExtractResourceFromFileEx; + using ResourcerA::ExtractResourceFromFile; + using ResourcerW::ExtractResourceFromFile; + using ResourcerA::FindResource; + using ResourcerW::FindResource; + using ResourcerX::FindResourceEx; + using ResourcerA::EnumerateResource; + using ResourcerW::EnumerateResource; + using ResourcerX::EnumerateResourceEx; +}; + +class Threader +{ +public: + + typedef UE::THREAD_ITEM_DATA THREAD_ITEM_DATA; + + typedef void(__stdcall *fThreadEnumCallback)(const THREAD_ITEM_DATA* fThreadDetail); + typedef void(__stdcall *fThreadExitCallback)(const EXIT_THREAD_DEBUG_INFO* SpecialDBG); + + static bool ImportRunningThreadData(DWORD ProcessId) + { + return UE::ThreaderImportRunningThreadData(ProcessId); + } + static const THREAD_ITEM_DATA* GetThreadInfo(HANDLE hThread, DWORD ThreadId) + { + return (const THREAD_ITEM_DATA*)UE::ThreaderGetThreadInfo(hThread, ThreadId); + } + static void EnumThreadInfo(fThreadEnumCallback EnumCallBack) + { + UE::ThreaderEnumThreadInfo((void*)EnumCallBack); + } + static bool PauseThread(HANDLE hThread) + { + return UE::ThreaderPauseThread(hThread); + } + static bool ResumeThread(HANDLE hThread) + { + return UE::ThreaderResumeThread(hThread); + } + static bool TerminateThread(HANDLE hThread, DWORD ThreadExitCode) + { + return UE::ThreaderTerminateThread(hThread, ThreadExitCode); + } + static bool PauseAllThreads(bool LeaveMainRunning) + { + return UE::ThreaderPauseAllThreads(LeaveMainRunning); + } + static bool ResumeAllThreads(bool LeaveMainPaused) + { + return UE::ThreaderResumeAllThreads(LeaveMainPaused); + } + static bool PauseProcess() + { + return UE::ThreaderPauseProcess(); + } + static bool ResumeProcess() + { + return UE::ThreaderResumeProcess(); + } + static long long CreateRemoteThread(ULONG_PTR ThreadStartAddress, bool AutoCloseTheHandle, void* ThreadPassParameter, DWORD* ThreadId) + { + return UE::ThreaderCreateRemoteThread(ThreadStartAddress, AutoCloseTheHandle, ThreadPassParameter, ThreadId); + } + static bool InjectAndExecuteCode(void* InjectCode, DWORD StartDelta, DWORD InjectSize) + { + return UE::ThreaderInjectAndExecuteCode(InjectCode, StartDelta, InjectSize); + } + static long long CreateRemoteThreadEx(HANDLE hProcess, ULONG_PTR ThreadStartAddress, bool AutoCloseTheHandle, void* ThreadPassParameter, DWORD* ThreadId) + { + return UE::ThreaderCreateRemoteThreadEx(hProcess, ThreadStartAddress, AutoCloseTheHandle, ThreadPassParameter, ThreadId); + } + static bool InjectAndExecuteCodeEx(HANDLE hProcess, void* InjectCode, DWORD StartDelta, DWORD InjectSize) + { + return UE::ThreaderInjectAndExecuteCodeEx(hProcess, InjectCode, StartDelta, InjectSize); + } + static void SetCallBackForNextExitThreadEvent(fThreadExitCallback exitThreadCallBack) + { + UE::ThreaderSetCallBackForNextExitThreadEvent((void*)exitThreadCallBack); + } + static bool IsThreadStillRunning(HANDLE hThread) + { + return UE::ThreaderIsThreadStillRunning(hThread); + } + static bool IsThreadActive(HANDLE hThread) + { + return UE::ThreaderIsThreadActive(hThread); + } + static bool IsAnyThreadActive() + { + return UE::ThreaderIsAnyThreadActive(); + } + static bool ExecuteOnlyInjectedThreads() + { + return UE::ThreaderExecuteOnlyInjectedThreads(); + } + static long long GetOpenHandleForThread(DWORD ThreadId) + { + return UE::ThreaderGetOpenHandleForThread(ThreadId); + } + static const THREAD_ITEM_DATA* GetThreadData() + { + return (const THREAD_ITEM_DATA*)UE::ThreaderGetThreadData(); + } + static bool IsExceptionInMainThread() + { + return UE::ThreaderIsExceptionInMainThread(); + } +}; + +// -- + +class DebuggerA; +class DebuggerW; + +class DebuggerX +{ + friend class DebuggerA; + friend class DebuggerW; + +protected: + + typedef void(__stdcall *fBreakPointCallback)(); + typedef void(__stdcall *fCustomHandlerCallback)(void* ExceptionData); + + static const char* StaticDisassembleEx(ULONG_PTR DisassmStart, void* DisassmAddress) + { + return (const char*)UE::StaticDisassembleEx(DisassmStart, DisassmAddress); + } + static const char* StaticDisassemble(void* DisassmAddress) + { + return (const char*)UE::StaticDisassemble(DisassmAddress); + } + static const char* DisassembleEx(HANDLE hProcess, void* DisassmAddress, bool ReturnInstructionType) + { + return (const char*)UE::DisassembleEx(hProcess, DisassmAddress, ReturnInstructionType); + } + static const char* Disassemble(void* DisassmAddress) + { + return (const char*)UE::Disassemble(DisassmAddress); + } + static long StaticLengthDisassemble(void* DisassmAddress) + { + return UE::StaticLengthDisassemble(DisassmAddress); + } + static long LengthDisassembleEx(HANDLE hProcess, void* DisassmAddress) + { + return UE::LengthDisassembleEx(hProcess, DisassmAddress); + } + static long LengthDisassemble(void* DisassmAddress) + { + return UE::LengthDisassemble(DisassmAddress); + } + static bool StopDebug() + { + return UE::StopDebug(); + } + static void SetBPXOptions(long DefaultBreakPointType) + { + UE::SetBPXOptions(DefaultBreakPointType); + } + static bool IsBPXEnabled(ULONG_PTR bpxAddress) + { + return UE::IsBPXEnabled(bpxAddress); + } + static bool EnableBPX(ULONG_PTR bpxAddress) + { + return UE::EnableBPX(bpxAddress); + } + static bool DisableBPX(ULONG_PTR bpxAddress) + { + return UE::DisableBPX(bpxAddress); + } + static bool SetBPX(ULONG_PTR bpxAddress, eBPType bpxType, fBreakPointCallback bpxCallBack) + { + return UE::SetBPX(bpxAddress, bpxType, (void*)bpxCallBack); + } + static bool SetBPXEx(ULONG_PTR bpxAddress, eBPType bpxType, DWORD NumberOfExecution, eContextData CmpRegister, eCompareCondition CmpCondition, ULONG_PTR CmpValue, fBreakPointCallback bpxCallBack, fBreakPointCallback bpxCompareCallBack, fBreakPointCallback bpxRemoveCallBack) + { + return UE::SetBPXEx(bpxAddress, bpxType, NumberOfExecution, CmpRegister, CmpCondition, CmpValue, (void*)bpxCallBack, (void*)bpxCompareCallBack, (void*)bpxRemoveCallBack); + } + static bool DeleteBPX(ULONG_PTR bpxAddress) + { + return UE::DeleteBPX(bpxAddress); + } + static bool SafeDeleteBPX(ULONG_PTR bpxAddress) + { + return UE::SafeDeleteBPX(bpxAddress); + } + static bool SetAPIBreakPoint(char* szDLLName, char* szAPIName, eBPType bpxType, eBPPlace bpxPlace, fBreakPointCallback bpxCallBack) + { + return UE::SetAPIBreakPoint(szDLLName, szAPIName, bpxType, bpxPlace, (void*)bpxCallBack); + } + static bool DeleteAPIBreakPoint(char* szDLLName, char* szAPIName, eBPPlace bpxPlace) + { + return UE::DeleteAPIBreakPoint(szDLLName, szAPIName, bpxPlace); + } + static bool SafeDeleteAPIBreakPoint(char* szDLLName, char* szAPIName, eBPPlace bpxPlace) + { + return UE::SafeDeleteAPIBreakPoint(szDLLName, szAPIName, bpxPlace); + } + static bool SetMemoryBPX(ULONG_PTR MemoryStart, DWORD SizeOfMemory, fBreakPointCallback bpxCallBack) + { + return UE::SetMemoryBPX(MemoryStart, SizeOfMemory, (void*)bpxCallBack); + } + static bool SetMemoryBPXEx(ULONG_PTR MemoryStart, DWORD SizeOfMemory, eMemoryBPType BreakPointType, bool RestoreOnHit, fBreakPointCallback bpxCallBack) + { + return UE::SetMemoryBPXEx(MemoryStart, SizeOfMemory, BreakPointType, RestoreOnHit, (void*)bpxCallBack); + } + static bool RemoveMemoryBPX(ULONG_PTR MemoryStart, DWORD SizeOfMemory) + { + return UE::RemoveMemoryBPX(MemoryStart, SizeOfMemory); + } + static bool GetContextFPUDataEx(HANDLE hActiveThread, void* FPUSaveArea) + { + return UE::GetContextFPUDataEx(hActiveThread, FPUSaveArea); + } + static long long GetContextDataEx(HANDLE hActiveThread, eContextData IndexOfRegister) + { + return UE::GetContextDataEx(hActiveThread, IndexOfRegister); + } + static long long GetContextData(eContextData IndexOfRegister) + { + return UE::GetContextData(IndexOfRegister); + } + static bool SetContextFPUDataEx(HANDLE hActiveThread, void* FPUSaveArea) + { + return UE::SetContextFPUDataEx(hActiveThread, FPUSaveArea); + } + static bool SetContextDataEx(HANDLE hActiveThread, eContextData IndexOfRegister, ULONG_PTR NewRegisterValue) + { + return UE::SetContextDataEx(hActiveThread, IndexOfRegister, NewRegisterValue); + } + static bool SetContextData(eContextData IndexOfRegister, ULONG_PTR NewRegisterValue) + { + return UE::SetContextData(IndexOfRegister, NewRegisterValue); + } + static void ClearExceptionNumber() + { + UE::ClearExceptionNumber(); + } + static long CurrentExceptionNumber() + { + return UE::CurrentExceptionNumber(); + } + static bool MatchPatternEx(HANDLE hProcess, void* MemoryToCheck, int SizeOfMemoryToCheck, void* PatternToMatch, int SizeOfPatternToMatch, PBYTE WildCard) + { + return UE::MatchPatternEx(hProcess, MemoryToCheck, SizeOfMemoryToCheck, PatternToMatch, SizeOfPatternToMatch, WildCard); + } + static bool MatchPattern(void* MemoryToCheck, int SizeOfMemoryToCheck, void* PatternToMatch, int SizeOfPatternToMatch, PBYTE WildCard) + { + return UE::MatchPattern(MemoryToCheck, SizeOfMemoryToCheck, PatternToMatch, SizeOfPatternToMatch, WildCard); + } + static long long FindEx(HANDLE hProcess, void* MemoryStart, DWORD MemorySize, void* SearchPattern, DWORD PatternSize, BYTE* WildCard) + { + return UE::FindEx(hProcess, MemoryStart, MemorySize, SearchPattern, PatternSize, WildCard); + } + static long long Find(void* MemoryStart, DWORD MemorySize, void* SearchPattern, DWORD PatternSize, BYTE* WildCard) + { + return UE::Find(MemoryStart, MemorySize, SearchPattern, PatternSize, WildCard); + } + static bool FillEx(HANDLE hProcess, void* MemoryStart, DWORD MemorySize, BYTE* FillByte) + { + return UE::FillEx(hProcess, MemoryStart, MemorySize, FillByte); + } + static bool Fill(void* MemoryStart, DWORD MemorySize, BYTE* FillByte) + { + return UE::Fill(MemoryStart, MemorySize, FillByte); + } + static bool PatchEx(HANDLE hProcess, void* MemoryStart, DWORD MemorySize, void* ReplacePattern, DWORD ReplaceSize, bool AppendNOP, bool PrependNOP) + { + return UE::PatchEx(hProcess, MemoryStart, MemorySize, ReplacePattern, ReplaceSize, AppendNOP, PrependNOP); + } + static bool Patch(void* MemoryStart, DWORD MemorySize, void* ReplacePattern, DWORD ReplaceSize, bool AppendNOP, bool PrependNOP) + { + return UE::Patch(MemoryStart, MemorySize, ReplacePattern, ReplaceSize, AppendNOP, PrependNOP); + } + static bool ReplaceEx(HANDLE hProcess, void* MemoryStart, DWORD MemorySize, void* SearchPattern, DWORD PatternSize, DWORD NumberOfRepetitions, void* ReplacePattern, DWORD ReplaceSize, BYTE* WildCard) + { + return UE::ReplaceEx(hProcess, MemoryStart, MemorySize, SearchPattern, PatternSize, NumberOfRepetitions, ReplacePattern, ReplaceSize, WildCard); + } + static bool Replace(void* MemoryStart, DWORD MemorySize, void* SearchPattern, DWORD PatternSize, DWORD NumberOfRepetitions, void* ReplacePattern, DWORD ReplaceSize, BYTE* WildCard) + { + return UE::Replace(MemoryStart, MemorySize, SearchPattern, PatternSize, NumberOfRepetitions, ReplacePattern, ReplaceSize, WildCard); + } + static const DEBUG_EVENT* GetDebugData() + { + return (const DEBUG_EVENT*)UE::GetDebugData(); + } + static const DEBUG_EVENT* GetTerminationData() + { + return (const DEBUG_EVENT*)UE::GetTerminationData(); + } + static long GetExitCode() + { + return UE::GetExitCode(); + } + static long long GetDebuggedDLLBaseAddress() + { + return UE::GetDebuggedDLLBaseAddress(); + } + static long long GetDebuggedFileBaseAddress() + { + return UE::GetDebuggedFileBaseAddress(); + } + static bool GetRemoteString(HANDLE hProcess, void* StringAddress, void* StringStorage, int MaximumStringSize) + { + return UE::GetRemoteString(hProcess, StringAddress, StringStorage, MaximumStringSize); + } + static long long GetFunctionParameter(HANDLE hProcess, eFunctionType FunctionType, DWORD ParameterNumber, eParameterType ParameterType) + { + return UE::GetFunctionParameter(hProcess, FunctionType, ParameterNumber, ParameterType); + } + static long long GetJumpDestinationEx(HANDLE hProcess, ULONG_PTR InstructionAddress, bool JustJumps) + { + return UE::GetJumpDestinationEx(hProcess, InstructionAddress, JustJumps); + } + static long long GetJumpDestination(HANDLE hProcess, ULONG_PTR InstructionAddress) + { + return UE::GetJumpDestination(hProcess, InstructionAddress); + } + static bool IsJumpGoingToExecuteEx(HANDLE hProcess, HANDLE hThread, ULONG_PTR InstructionAddress, ULONG_PTR RegFlags) + { + return UE::IsJumpGoingToExecuteEx(hProcess, hThread, InstructionAddress, RegFlags); + } + static bool IsJumpGoingToExecute() + { + return UE::IsJumpGoingToExecute(); + } + static void SetCustomHandler(eCustomException ExceptionId, fCustomHandlerCallback CallBack) + { + UE::SetCustomHandler(ExceptionId, (void*)CallBack); + } + static void ForceClose() + { + UE::ForceClose(); + } + static void StepInto(fBreakPointCallback traceCallBack) + { + UE::StepInto((void*)traceCallBack); + } + static void StepOver(fBreakPointCallback traceCallBack) + { + UE::StepOver((void*)traceCallBack); + } + static void SingleStep(DWORD StepCount, fBreakPointCallback StepCallBack) + { + UE::SingleStep(StepCount, (void*)StepCallBack); + } + static bool GetUnusedHardwareBreakPointRegister(DWORD* RegisterIndex) + { + return UE::GetUnusedHardwareBreakPointRegister(RegisterIndex); + } + static bool SetHardwareBreakPointEx(HANDLE hActiveThread, ULONG_PTR bpxAddress, DWORD IndexOfRegister, eHWBPType bpxType, eHWBPSize bpxSize, fBreakPointCallback bpxCallBack, DWORD* IndexOfSelectedRegister) + { + return UE::SetHardwareBreakPointEx(hActiveThread, bpxAddress, IndexOfRegister, bpxType, bpxSize, (void*)bpxCallBack, IndexOfSelectedRegister); + } + static bool SetHardwareBreakPoint(ULONG_PTR bpxAddress, DWORD IndexOfRegister, eHWBPType bpxType, eHWBPSize bpxSize, fBreakPointCallback bpxCallBack) + { + return UE::SetHardwareBreakPoint(bpxAddress, IndexOfRegister, bpxType, bpxSize, (void*)bpxCallBack); + } + static bool DeleteHardwareBreakPoint(DWORD IndexOfRegister) + { + return UE::DeleteHardwareBreakPoint(IndexOfRegister); + } + static bool RemoveAllBreakPoints(eBPRemoveOption RemoveOption) + { + return UE::RemoveAllBreakPoints(RemoveOption); + } + static const PROCESS_INFORMATION* GetProcessInformation() + { + return (const PROCESS_INFORMATION*)UE::GetProcessInformation(); + } + static const STARTUPINFOW* GetStartupInformation() + { + return (const STARTUPINFOW*)UE::GetStartupInformation(); + } + static void DebugLoop() + { + UE::DebugLoop(); + } + static void SetDebugLoopTimeOut(DWORD TimeOut) + { + UE::SetDebugLoopTimeOut(TimeOut); + } + static void SetNextDbgContinueStatus(DWORD SetDbgCode) + { + UE::SetNextDbgContinueStatus(SetDbgCode); + } + static bool AttachDebugger(DWORD ProcessId, bool KillOnExit, PROCESS_INFORMATION* DebugInfo, fBreakPointCallback CallBack) + { + return UE::AttachDebugger(ProcessId, KillOnExit, DebugInfo, (void*)CallBack); + } + static bool DetachDebugger(DWORD ProcessId) + { + return UE::DetachDebugger(ProcessId); + } + static bool DetachDebuggerEx(DWORD ProcessId) + { + return UE::DetachDebuggerEx(ProcessId); + } + static void DebugLoopEx(DWORD TimeOut) + { + UE::DebugLoopEx(TimeOut); + } + static bool IsFileBeingDebugged() + { + return UE::IsFileBeingDebugged(); + } + static void SetErrorModel(bool DisplayErrorMessages) + { + return UE::SetErrorModel(DisplayErrorMessages); + } +}; + +class DebuggerA +{ +public: + + static const PROCESS_INFORMATION* InitDebug(char* szFileName, char* szCommandLine, char* szCurrentFolder) + { + return (const PROCESS_INFORMATION*)UE::InitDebug(szFileName, szCommandLine, szCurrentFolder); + } + static const PROCESS_INFORMATION* InitDebugEx(char* szFileName, char* szCommandLine, char* szCurrentFolder, DebuggerX::fBreakPointCallback EntryCallBack) + { + return (const PROCESS_INFORMATION*)UE::InitDebugEx(szFileName, szCommandLine, szCurrentFolder, (void*)EntryCallBack); + } + static const PROCESS_INFORMATION* InitDLLDebug(char* szFileName, bool ReserveModuleBase, char* szCommandLine, char* szCurrentFolder, DebuggerX::fBreakPointCallback EntryCallBack) + { + return (const PROCESS_INFORMATION*)UE::InitDLLDebug(szFileName, ReserveModuleBase, szCommandLine, szCurrentFolder, (void*)EntryCallBack); + } + static void AutoDebugEx(char* szFileName, bool ReserveModuleBase, char* szCommandLine, char* szCurrentFolder, DWORD TimeOut, DebuggerX::fBreakPointCallback EntryCallBack) + { + UE::AutoDebugEx(szFileName, ReserveModuleBase, szCommandLine, szCurrentFolder, TimeOut, (void*)EntryCallBack); + } +}; + +class DebuggerW +{ +public: + + static const PROCESS_INFORMATION* InitDebug(wchar_t* szFileName, wchar_t* szCommandLine, wchar_t* szCurrentFolder) + { + return (const PROCESS_INFORMATION*)UE::InitDebugW(szFileName, szCommandLine, szCurrentFolder); + } + static const PROCESS_INFORMATION* InitDebugEx(wchar_t* szFileName, wchar_t* szCommandLine, wchar_t* szCurrentFolder, DebuggerX::fBreakPointCallback EntryCallBack) + { + return (const PROCESS_INFORMATION*)UE::InitDebugExW(szFileName, szCommandLine, szCurrentFolder, (void*)EntryCallBack); + } + static const PROCESS_INFORMATION* InitDLLDebug(wchar_t* szFileName, bool ReserveModuleBase, wchar_t* szCommandLine, wchar_t* szCurrentFolder, DebuggerX::fBreakPointCallback EntryCallBack) + { + return (const PROCESS_INFORMATION*)UE::InitDLLDebugW(szFileName, ReserveModuleBase, szCommandLine, szCurrentFolder, (void*)EntryCallBack); + } + static void AutoDebugEx(wchar_t* szFileName, bool ReserveModuleBase, wchar_t* szCommandLine, wchar_t* szCurrentFolder, DWORD TimeOut, DebuggerX::fBreakPointCallback EntryCallBack) + { + UE::AutoDebugExW(szFileName, ReserveModuleBase, szCommandLine, szCurrentFolder, TimeOut, (void*)EntryCallBack); + } +}; + +class Debugger : DebuggerX, DebuggerA, DebuggerW +{ +public: + + using DebuggerX::fBreakPointCallback; + using DebuggerX::fCustomHandlerCallback; + + using DebuggerX::StaticDisassembleEx; + using DebuggerX::StaticDisassemble; + using DebuggerX::DisassembleEx; + using DebuggerX::Disassemble; + using DebuggerX::StaticLengthDisassemble; + using DebuggerX::LengthDisassembleEx; + using DebuggerX::LengthDisassemble; + using DebuggerA::InitDebug; + using DebuggerW::InitDebug; + using DebuggerA::InitDebugEx; + using DebuggerW::InitDebugEx; + using DebuggerA::InitDLLDebug; + using DebuggerW::InitDLLDebug; + using DebuggerX::StopDebug; + using DebuggerX::SetBPXOptions; + using DebuggerX::IsBPXEnabled; + using DebuggerX::EnableBPX; + using DebuggerX::DisableBPX; + using DebuggerX::SetBPX; + using DebuggerX::SetBPXEx; + using DebuggerX::DeleteBPX; + using DebuggerX::SafeDeleteBPX; + using DebuggerX::SetAPIBreakPoint; + using DebuggerX::DeleteAPIBreakPoint; + using DebuggerX::SafeDeleteAPIBreakPoint; + using DebuggerX::SetMemoryBPX; + using DebuggerX::SetMemoryBPXEx; + using DebuggerX::RemoveMemoryBPX; + using DebuggerX::GetContextFPUDataEx; + using DebuggerX::GetContextDataEx; + using DebuggerX::GetContextData; + using DebuggerX::SetContextFPUDataEx; + using DebuggerX::SetContextDataEx; + using DebuggerX::SetContextData; + using DebuggerX::ClearExceptionNumber; + using DebuggerX::CurrentExceptionNumber; + using DebuggerX::MatchPatternEx; + using DebuggerX::MatchPattern; + using DebuggerX::FindEx; + using DebuggerX::Find; + using DebuggerX::FillEx; + using DebuggerX::Fill; + using DebuggerX::PatchEx; + using DebuggerX::Patch; + using DebuggerX::ReplaceEx; + using DebuggerX::Replace; + using DebuggerX::GetDebugData; + using DebuggerX::GetTerminationData; + using DebuggerX::GetExitCode; + using DebuggerX::GetDebuggedDLLBaseAddress; + using DebuggerX::GetDebuggedFileBaseAddress; + using DebuggerX::GetRemoteString; + using DebuggerX::GetFunctionParameter; + using DebuggerX::GetJumpDestinationEx; + using DebuggerX::GetJumpDestination; + using DebuggerX::IsJumpGoingToExecuteEx; + using DebuggerX::IsJumpGoingToExecute; + using DebuggerX::SetCustomHandler; + using DebuggerX::ForceClose; + using DebuggerX::StepInto; + using DebuggerX::StepOver; + using DebuggerX::SingleStep; + using DebuggerX::GetUnusedHardwareBreakPointRegister; + using DebuggerX::SetHardwareBreakPointEx; + using DebuggerX::SetHardwareBreakPoint; + using DebuggerX::DeleteHardwareBreakPoint; + using DebuggerX::RemoveAllBreakPoints; + using DebuggerX::GetProcessInformation; + using DebuggerX::GetStartupInformation; + using DebuggerX::DebugLoop; + using DebuggerX::SetDebugLoopTimeOut; + using DebuggerX::SetNextDbgContinueStatus; + using DebuggerX::AttachDebugger; + using DebuggerX::DetachDebugger; + using DebuggerX::DetachDebuggerEx; + using DebuggerX::DebugLoopEx; + using DebuggerA::AutoDebugEx; + using DebuggerW::AutoDebugEx; + using DebuggerX::IsFileBeingDebugged; + using DebuggerX::SetErrorModel; +}; + +class FindOEPX +{ +protected: + + static void Init() + { + return UE::FindOEPInit(); + } +}; + +class FindOEPA +{ +public: + + static bool Generically(char* szFileName, Debugger::fBreakPointCallback TraceInitCallBack, Debugger::fBreakPointCallback CallBack) + { + return UE::FindOEPGenerically(szFileName, (void*)TraceInitCallBack, (void*)CallBack); + } +}; + +class FindOEPW +{ +public: + + static bool Generically(wchar_t* szFileName, Debugger::fBreakPointCallback TraceInitCallBack, Debugger::fBreakPointCallback CallBack) + { + return UE::FindOEPGenericallyW(szFileName, (void*)TraceInitCallBack, (void*)CallBack); + } +}; + +class FindOEP : FindOEPX, FindOEPA, FindOEPW +{ +public: + + using FindOEPX::Init; + using FindOEPA::Generically; + using FindOEPW::Generically; +}; + +class ImporterA; +class ImporterW; + +class ImporterX +{ + friend class ImporterA; + friend class ImporterW; + +protected: + + typedef UE::ImportEnumData ImportEnumData; + + typedef void(__stdcall *fImportEnumCallBack)(const ImportEnumData* ptrImportEnumData); + typedef void*(__stdcall *fImportFixCallback)(void* fIATPointer); + + static void Cleanup() + { + UE::ImporterCleanup(); + } + static void SetImageBase(ULONG_PTR ImageBase) + { + UE::ImporterSetImageBase(ImageBase); + } + static void SetUnknownDelta(ULONG_PTR DeltaAddress) + { + UE::ImporterSetUnknownDelta(DeltaAddress); + } + static long long GetCurrentDelta() + { + return UE::ImporterGetCurrentDelta(); + } + static void Init(DWORD MemorySize, ULONG_PTR ImageBase) + { + UE::ImporterInit(MemorySize, ImageBase); + } + static void AddNewDll(char* szDLLName, ULONG_PTR FirstThunk) + { + UE::ImporterAddNewDll(szDLLName, FirstThunk); + } + static void AddNewAPI(char* szAPIName, ULONG_PTR ThunkValue) + { + UE::ImporterAddNewAPI(szAPIName, ThunkValue); + } + static void AddNewOrdinalAPI(ULONG_PTR OrdinalNumber, ULONG_PTR ThunkValue) + { + UE::ImporterAddNewOrdinalAPI(OrdinalNumber, ThunkValue); + } + static long GetAddedDllCount() + { + return UE::ImporterGetAddedDllCount(); + } + static long GetAddedAPICount() + { + return UE::ImporterGetAddedAPICount(); + } + static const char* GetLastAddedDLLName() + { + return (const char*)UE::ImporterGetLastAddedDLLName(); + } + static void MoveIAT() + { + UE::ImporterMoveIAT(); + } + static bool ExportIAT(ULONG_PTR StorePlace, ULONG_PTR FileMapVA) + { + return UE::ImporterExportIAT(StorePlace, FileMapVA); + } + static long EstimatedSize() + { + return UE::ImporterEstimatedSize(); + } + static long long FindAPIWriteLocation(char* szAPIName) + { + return UE::ImporterFindAPIWriteLocation(szAPIName); + } + static long long FindOrdinalAPIWriteLocation(ULONG_PTR OrdinalNumber) + { + return UE::ImporterFindOrdinalAPIWriteLocation(OrdinalNumber); + } + static long long FindAPIByWriteLocation(ULONG_PTR APIWriteLocation) + { + return UE::ImporterFindAPIByWriteLocation(APIWriteLocation); + } + static long long FindDLLByWriteLocation(ULONG_PTR APIWriteLocation) + { + return UE::ImporterFindDLLByWriteLocation(APIWriteLocation); + } + static const char* GetDLLName(ULONG_PTR APIAddress) + { + return (const char*)UE::ImporterGetDLLName(APIAddress); + } + static const char* GetAPIName(ULONG_PTR APIAddress) + { + return (const char*)UE::ImporterGetAPIName(APIAddress); + } + static long long GetAPIOrdinalNumber(ULONG_PTR APIAddress) + { + return UE::ImporterGetAPIOrdinalNumber(APIAddress); + } + static const char* GetAPINameEx(ULONG_PTR APIAddress, HMODULE* DLLBasesList) + { + return (const char*)UE::ImporterGetAPINameEx(APIAddress, (ULONG_PTR)DLLBasesList); + } + static long long GetRemoteAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress) + { + return UE::ImporterGetRemoteAPIAddress(hProcess, APIAddress); + } + static long long GetRemoteAPIAddressEx(char* szDLLName, char* szAPIName) + { + return UE::ImporterGetRemoteAPIAddressEx(szDLLName, szAPIName); + } + static long long GetLocalAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress) + { + return UE::ImporterGetLocalAPIAddress(hProcess, APIAddress); + } + static const char* GetDLLNameFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress) + { + return (const char*)UE::ImporterGetDLLNameFromDebugee(hProcess, APIAddress); + } + static const char* GetAPINameFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress) + { + return (const char*)UE::ImporterGetAPINameFromDebugee(hProcess, APIAddress); + } + static long long GetAPIOrdinalNumberFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress) + { + return UE::ImporterGetAPIOrdinalNumberFromDebugee(hProcess, APIAddress); + } + static long GetDLLIndexEx(ULONG_PTR APIAddress, HMODULE* DLLBasesList) + { + return UE::ImporterGetDLLIndexEx(APIAddress, (ULONG_PTR)DLLBasesList); + } + static long GetDLLIndex(HANDLE hProcess, ULONG_PTR APIAddress, HMODULE* DLLBasesList) + { + return UE::ImporterGetDLLIndex(hProcess, APIAddress, (ULONG_PTR)DLLBasesList); + } + static long long GetRemoteDLLBase(HANDLE hProcess, HMODULE LocalModuleBase) + { + return UE::ImporterGetRemoteDLLBase(hProcess, LocalModuleBase); + } + static bool RelocateWriteLocation(ULONG_PTR AddValue) + { + return UE::ImporterRelocateWriteLocation(AddValue); + } + static bool IsForwardedAPI(HANDLE hProcess, ULONG_PTR APIAddress) + { + return UE::ImporterIsForwardedAPI(hProcess, APIAddress); + } + static const char* GetForwardedAPIName(HANDLE hProcess, ULONG_PTR APIAddress) + { + return (const char*)UE::ImporterGetForwardedAPIName(hProcess, APIAddress); + } + static const char* GetForwardedDLLName(HANDLE hProcess, ULONG_PTR APIAddress) + { + return (const char*)UE::ImporterGetForwardedDLLName(hProcess, APIAddress); + } + static long GetForwardedDLLIndex(HANDLE hProcess, ULONG_PTR APIAddress, HMODULE* DLLBasesList) + { + return UE::ImporterGetForwardedDLLIndex(hProcess, APIAddress, (ULONG_PTR)DLLBasesList); + } + static long long GetForwardedAPIOrdinalNumber(HANDLE hProcess, ULONG_PTR APIAddress) + { + return UE::ImporterGetForwardedAPIOrdinalNumber(hProcess, APIAddress); + } + static long long GetNearestAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress) + { + return UE::ImporterGetNearestAPIAddress(hProcess, APIAddress); + } + static const char* GetNearestAPIName(HANDLE hProcess, ULONG_PTR APIAddress) + { + return (const char*)UE::ImporterGetNearestAPIName(hProcess, APIAddress); + } + static void AutoSearchIATEx(HANDLE hProcess, ULONG_PTR ImageBase, ULONG_PTR SearchStart, DWORD SearchSize, ULONG_PTR* pIATStart, ULONG_PTR* pIATSize) + { + UE::ImporterAutoSearchIATEx(hProcess, ImageBase, SearchStart, SearchSize, pIATStart, pIATSize); + } + static void EnumAddedData(fImportEnumCallBack EnumCallBack) + { + UE::ImporterEnumAddedData((void*)EnumCallBack); + } +}; + +class ImporterA +{ +public: + + static bool ExportIATEx(char* szExportFileName, char* szSectionName) + { + return UE::ImporterExportIATEx(szExportFileName, szSectionName); + } + static bool CopyOriginalIAT(char* szOriginalFile, char* szDumpFile) + { + return UE::ImporterCopyOriginalIAT(szOriginalFile, szDumpFile); + } + static bool LoadImportTable(char* szFileName) + { + return UE::ImporterLoadImportTable(szFileName); + } + static bool MoveOriginalIAT(char* szOriginalFile, char* szDumpFile, char* szSectionName) + { + return UE::ImporterMoveOriginalIAT(szOriginalFile, szDumpFile, szSectionName); + } + static void AutoSearchIAT(HANDLE hProcess, char* szFileName, ULONG_PTR ImageBase, ULONG_PTR SearchStart, DWORD SearchSize, ULONG_PTR* pIATStart, ULONG_PTR* pIATSize) + { + UE::ImporterAutoSearchIAT(hProcess, szFileName, ImageBase, SearchStart, SearchSize, pIATStart, pIATSize); + } + static long AutoFixIATEx(HANDLE hProcess, char* szDumpedFile, char* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, DWORD SearchSize, DWORD SearchStep, bool TryAutoFix, bool FixEliminations, ImporterX::fImportFixCallback UnknownPointerFixCallback) + { + return UE::ImporterAutoFixIATEx(hProcess, szDumpedFile, szSectionName, DumpRunningProcess, RealignFile, EntryPointAddress, ImageBase, SearchStart, SearchSize, SearchStep, TryAutoFix, FixEliminations, (void*)UnknownPointerFixCallback); + } + static long AutoFixIAT(HANDLE hProcess, char* szDumpedFile, ULONG_PTR ImageBase, ULONG_PTR SearchStart, DWORD SearchSize, DWORD SearchStep) + { + return UE::ImporterAutoFixIAT(hProcess, szDumpedFile, ImageBase, SearchStart, SearchSize, SearchStep); + } +}; + +class ImporterW +{ +public: + + static bool ExportIATEx(wchar_t* szExportFileName, char* szSectionName) + { + return UE::ImporterExportIATExW(szExportFileName, szSectionName); + } + static bool CopyOriginalIAT(wchar_t* szOriginalFile, wchar_t* szDumpFile) + { + return UE::ImporterCopyOriginalIATW(szOriginalFile, szDumpFile); + } + static bool LoadImportTable(wchar_t* szFileName) + { + return UE::ImporterLoadImportTableW(szFileName); + } + static bool MoveOriginalIAT(wchar_t* szOriginalFile, wchar_t* szDumpFile, char* szSectionName) + { + return UE::ImporterMoveOriginalIATW(szOriginalFile, szDumpFile, szSectionName); + } + static void AutoSearchIAT(HANDLE hProcess, wchar_t* szFileName, ULONG_PTR ImageBase, ULONG_PTR SearchStart, DWORD SearchSize, ULONG_PTR* pIATStart, ULONG_PTR* pIATSize) + { + UE::ImporterAutoSearchIATW(hProcess, szFileName, ImageBase, SearchStart, SearchSize, pIATStart, pIATSize); + } + static long AutoFixIATEx(HANDLE hProcess, wchar_t* szDumpedFile, char* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, DWORD SearchSize, DWORD SearchStep, bool TryAutoFix, bool FixEliminations, ImporterX::fImportFixCallback UnknownPointerFixCallback) + { + return UE::ImporterAutoFixIATExW(hProcess, szDumpedFile, szSectionName, DumpRunningProcess, RealignFile, EntryPointAddress, ImageBase, SearchStart, SearchSize, SearchStep, TryAutoFix, FixEliminations, (void*)UnknownPointerFixCallback); + } + static long AutoFixIAT(HANDLE hProcess, wchar_t* szDumpedFile, ULONG_PTR ImageBase, ULONG_PTR SearchStart, DWORD SearchSize, DWORD SearchStep) + { + return UE::ImporterAutoFixIATW(hProcess, szDumpedFile, ImageBase, SearchStart, SearchSize, SearchStep); + } +}; + +class Importer : ImporterX, ImporterA, ImporterW +{ +public: + + using ImporterX::fImportEnumCallBack; + using ImporterX::fImportFixCallback; + + using ImporterX::Cleanup; + using ImporterX::SetImageBase; + using ImporterX::SetUnknownDelta; + using ImporterX::GetCurrentDelta; + using ImporterX::Init; + using ImporterX::AddNewDll; + using ImporterX::AddNewAPI; + using ImporterX::AddNewOrdinalAPI; + using ImporterX::GetAddedDllCount; + using ImporterX::GetAddedAPICount; + using ImporterX::GetLastAddedDLLName; + using ImporterX::MoveIAT; + using ImporterX::ExportIAT; + using ImporterX::EstimatedSize; + using ImporterA::ExportIATEx; + using ImporterW::ExportIATEx; + using ImporterX::FindAPIWriteLocation; + using ImporterX::FindOrdinalAPIWriteLocation; + using ImporterX::FindAPIByWriteLocation; + using ImporterX::FindDLLByWriteLocation; + using ImporterX::GetDLLName; + using ImporterX::GetAPIName; + using ImporterX::GetAPIOrdinalNumber; + using ImporterX::GetAPINameEx; + using ImporterX::GetRemoteAPIAddress; + using ImporterX::GetRemoteAPIAddressEx; + using ImporterX::GetLocalAPIAddress; + using ImporterX::GetDLLNameFromDebugee; + using ImporterX::GetAPINameFromDebugee; + using ImporterX::GetAPIOrdinalNumberFromDebugee; + using ImporterX::GetDLLIndexEx; + using ImporterX::GetDLLIndex; + using ImporterX::GetRemoteDLLBase; + using ImporterX::RelocateWriteLocation; + using ImporterX::IsForwardedAPI; + using ImporterX::GetForwardedAPIName; + using ImporterX::GetForwardedDLLName; + using ImporterX::GetForwardedDLLIndex; + using ImporterX::GetForwardedAPIOrdinalNumber; + using ImporterX::GetNearestAPIAddress; + using ImporterX::GetNearestAPIName; + using ImporterA::CopyOriginalIAT; + using ImporterW::CopyOriginalIAT; + using ImporterA::LoadImportTable; + using ImporterW::LoadImportTable; + using ImporterA::MoveOriginalIAT; + using ImporterW::MoveOriginalIAT; + using ImporterA::AutoSearchIAT; + using ImporterW::AutoSearchIAT; + using ImporterX::AutoSearchIATEx; + using ImporterX::EnumAddedData; + using ImporterA::AutoFixIATEx; + using ImporterW::AutoFixIATEx; + using ImporterA::AutoFixIAT; + using ImporterW::AutoFixIAT; +}; + +// --- + +class LibrarianX +{ +protected: + + typedef void(__stdcall *fLibraryBreakPointCallback)(const LOAD_DLL_DEBUG_INFO* SpecialDBG); + + static bool SetBreakPoint(char* szLibraryName, eLibraryEvent bpxType, bool SingleShoot, fLibraryBreakPointCallback bpxCallBack) + { + return UE::LibrarianSetBreakPoint(szLibraryName, bpxType, SingleShoot, (void*)bpxCallBack); + } + static bool RemoveBreakPoint(char* szLibraryName, eLibraryEvent bpxType) + { + return UE::LibrarianRemoveBreakPoint(szLibraryName, bpxType); + } +}; + +class LibrarianA +{ +public: + + typedef UE::LIBRARY_ITEM_DATA LIBRARY_ITEM_DATA; + + typedef void(__stdcall *fLibraryEnumCallback)(const LIBRARY_ITEM_DATA* fLibraryDetail); + + static const LIBRARY_ITEM_DATA* GetLibraryInfo(char* szLibraryName) + { + return (const LIBRARY_ITEM_DATA*)UE::LibrarianGetLibraryInfo(szLibraryName); + } + static const LIBRARY_ITEM_DATA* GetLibraryInfoEx(void* BaseOfDll) + { + return (const LIBRARY_ITEM_DATA*)UE::LibrarianGetLibraryInfoEx(BaseOfDll); + } + static void EnumLibraryInfo(fLibraryEnumCallback EnumCallBack) + { + UE::LibrarianEnumLibraryInfo((void*)EnumCallBack); + } +}; + +class LibrarianW +{ +public: + + typedef UE::LIBRARY_ITEM_DATAW LIBRARY_ITEM_DATA; + + typedef void(__stdcall *fLibraryEnumCallback)(const LIBRARY_ITEM_DATA* fLibraryDetail); + + static const LIBRARY_ITEM_DATA* GetLibraryInfo(wchar_t* szLibraryName) + { + return (const LIBRARY_ITEM_DATA*)UE::LibrarianGetLibraryInfoW(szLibraryName); + } + static const LIBRARY_ITEM_DATA* GetLibraryInfoEx(void* BaseOfDll) + { + return (const LIBRARY_ITEM_DATA*)UE::LibrarianGetLibraryInfoExW(BaseOfDll); + } + static void EnumLibraryInfo(fLibraryEnumCallback EnumCallBack) + { + UE::LibrarianEnumLibraryInfoW((void*)EnumCallBack); + } +}; + +class Librarian : LibrarianX, LibrarianA, LibrarianW +{ +public: + + #ifndef UNICODE + typedef LibrarianA::LIBRARY_ITEM_DATA LIBRARY_ITEM_DATA; + #else + typedef LibrarianW::LIBRARY_ITEM_DATA LIBRARY_ITEM_DATA; + #endif + + using LibrarianX::fLibraryBreakPointCallback; + #ifndef UNICODE + typedef LibrarianA::fLibraryEnumCallback fLibraryEnumCallback; + #else + typedef LibrarianW::fLibraryEnumCallback fLibraryEnumCallback; + #endif + + using LibrarianX::SetBreakPoint; + using LibrarianX::RemoveBreakPoint; + using LibrarianA::GetLibraryInfo; + using LibrarianW::GetLibraryInfo; + #ifndef UNICODE + using LibrarianA::GetLibraryInfoEx; + #else + using LibrarianW::GetLibraryInfoEx; + #endif + using LibrarianA::EnumLibraryInfo; + using LibrarianW::EnumLibraryInfo; +}; + +class Hooks +{ +public: + + typedef UE::HOOK_ENTRY HOOK_ENTRY; + + typedef bool(__stdcall *fHookEnumCallBack)(const HOOK_ENTRY* HookDetails, void* ptrOriginalInstructions, const LibrarianA::LIBRARY_ITEM_DATA* ModuleInformation, DWORD SizeOfImage); + + static bool SafeTransitionEx(void** HookAddressArray, int NumberOfHooks, bool TransitionStart) + { + return UE::HooksSafeTransitionEx(HookAddressArray, NumberOfHooks, TransitionStart); + } + static bool SafeTransition(void* HookAddress, bool TransitionStart) + { + return UE::HooksSafeTransition(HookAddress, TransitionStart); + } + static bool IsAddressRedirected(void* HookAddress) + { + return UE::HooksIsAddressRedirected(HookAddress); + } + static void* GetTrampolineAddress(void* HookAddress) + { + return UE::HooksGetTrampolineAddress(HookAddress); + } + static HOOK_ENTRY* GetHookEntryDetails(void* HookAddress) + { + return (HOOK_ENTRY*)UE::HooksGetHookEntryDetails(HookAddress); + } + static bool InsertNewRedirection(void* HookAddress, void* RedirectTo, eHookType HookType) + { + return UE::HooksInsertNewRedirection(HookAddress, RedirectTo, HookType); + } + static bool InsertNewIATRedirectionEx(ULONG_PTR FileMapVA, ULONG_PTR LoadedModuleBase, char* szHookFunction, void* RedirectTo) + { + return UE::HooksInsertNewIATRedirectionEx(FileMapVA, LoadedModuleBase, szHookFunction, RedirectTo); + } + static bool InsertNewIATRedirection(char* szModuleName, char* szHookFunction, void* RedirectTo) + { + return UE::HooksInsertNewIATRedirection(szModuleName, szHookFunction, RedirectTo); + } + static bool RemoveRedirection(void* HookAddress, bool RemoveAll) + { + return UE::HooksRemoveRedirection(HookAddress, RemoveAll); + } + static bool RemoveRedirectionsForModule(HMODULE ModuleBase) + { + return UE::HooksRemoveRedirectionsForModule(ModuleBase); + } + static bool RemoveIATRedirection(char* szModuleName, char* szHookFunction, bool RemoveAll) + { + return UE::HooksRemoveIATRedirection(szModuleName, szHookFunction, RemoveAll); + } + static bool DisableRedirection(void* HookAddress, bool DisableAll) + { + return UE::HooksDisableRedirection(HookAddress, DisableAll); + } + static bool DisableRedirectionsForModule(HMODULE ModuleBase) + { + return UE::HooksDisableRedirectionsForModule(ModuleBase); + } + static bool DisableIATRedirection(char* szModuleName, char* szHookFunction, bool DisableAll) + { + return UE::HooksDisableIATRedirection(szModuleName, szHookFunction, DisableAll); + } + static bool EnableRedirection(void* HookAddress, bool EnableAll) + { + return UE::HooksEnableRedirection(HookAddress, EnableAll); + } + static bool EnableRedirectionsForModule(HMODULE ModuleBase) + { + return UE::HooksEnableRedirectionsForModule(ModuleBase); + } + static bool EnableIATRedirection(char* szModuleName, char* szHookFunction, bool EnableAll) + { + return UE::HooksEnableIATRedirection(szModuleName, szHookFunction, EnableAll); + } + static void ScanModuleMemory(HMODULE ModuleBase, fHookEnumCallBack CallBack) + { + UE::HooksScanModuleMemory(ModuleBase, (void*)CallBack); + } + static void ScanEntireProcessMemory(fHookEnumCallBack CallBack) + { + UE::HooksScanEntireProcessMemory((void*)CallBack); + } + static void ScanEntireProcessMemoryEx() + { + UE::HooksScanEntireProcessMemoryEx(); + } +}; + +class Tracer +{ +public: + + static void Init() + { + UE::TracerInit(); + } + static long long Level1(HANDLE hProcess, ULONG_PTR AddressToTrace) + { + return UE::TracerLevel1(hProcess, AddressToTrace); + } + static long long HashTracerLevel1(HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD InputNumberOfInstructions) + { + return UE::HashTracerLevel1(hProcess, AddressToTrace, InputNumberOfInstructions); + } + static long DetectRedirection(HANDLE hProcess, ULONG_PTR AddressToTrace) + { + return UE::TracerDetectRedirection(hProcess, AddressToTrace); + } + static long long FixKnownRedirection(HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD RedirectionId) + { + return UE::TracerFixKnownRedirection(hProcess, AddressToTrace, RedirectionId); + } + static long long FixRedirectionViaModule(HMODULE hModuleHandle, HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD IdParameter) + { + return UE::TracerFixRedirectionViaModule(hModuleHandle, hProcess, AddressToTrace, IdParameter); + } + static long long DetectRedirectionViaModule(HMODULE hModuleHandle, HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD* ReturnedId) + { + return UE::TracerDetectRedirectionViaModule(hModuleHandle, hProcess, AddressToTrace, ReturnedId); + } + static long FixRedirectionViaImpRecPlugin(HANDLE hProcess, char* szPluginName, ULONG_PTR AddressToTrace) + { + return UE::TracerFixRedirectionViaImpRecPlugin(hProcess, szPluginName, AddressToTrace); + } +}; + +class ExporterX +{ +protected: + + static void Cleanup() + { + UE::ExporterCleanup(); + } + static void SetImageBase(ULONG_PTR ImageBase) + { + UE::ExporterSetImageBase(ImageBase); + } + static void Init(DWORD MemorySize, ULONG_PTR ImageBase, DWORD ExportOrdinalBase, char* szExportModuleName) + { + UE::ExporterInit(MemorySize, ImageBase, ExportOrdinalBase, szExportModuleName); + } + static bool AddNewExport(char* szExportName, DWORD ExportRelativeAddress) + { + return UE::ExporterAddNewExport(szExportName, ExportRelativeAddress); + } + static bool AddNewOrdinalExport(DWORD OrdinalNumber, DWORD ExportRelativeAddress) + { + return UE::ExporterAddNewOrdinalExport(OrdinalNumber, ExportRelativeAddress); + } + static long GetAddedExportCount() + { + return UE::ExporterGetAddedExportCount(); + } + static long EstimatedSize() + { + return UE::ExporterEstimatedSize(); + } + static bool BuildExportTable(ULONG_PTR StorePlace, ULONG_PTR FileMapVA) + { + return UE::ExporterBuildExportTable(StorePlace, FileMapVA); + } +}; + +class ExporterA +{ +public: + + static bool BuildExportTableEx(char* szExportFileName, char* szSectionName) + { + return UE::ExporterBuildExportTableEx(szExportFileName, szSectionName); + } + static bool LoadExportTable(char* szFileName) + { + return UE::ExporterLoadExportTable(szFileName); + } +}; + +class ExporterW +{ +public: + + static bool BuildExportTableEx(wchar_t* szExportFileName, char* szSectionName) + { + return UE::ExporterBuildExportTableExW(szExportFileName, szSectionName); + } + static bool LoadExportTable(wchar_t* szFileName) + { + return UE::ExporterLoadExportTableW(szFileName); + } +}; + +class Exporter : ExporterX, ExporterA, ExporterW +{ +public: + + using ExporterX::Cleanup; + using ExporterX::SetImageBase; + using ExporterX::Init; + using ExporterX::AddNewExport; + using ExporterX::AddNewOrdinalExport; + using ExporterX::GetAddedExportCount; + using ExporterX::EstimatedSize; + using ExporterX::BuildExportTable; + using ExporterA::BuildExportTableEx; + using ExporterW::BuildExportTableEx; + using ExporterA::LoadExportTable; + using ExporterW::LoadExportTable; +}; + +class ProcessX +{ +protected: + + typedef void(__stdcall *fProcessWithLibraryEnumCallback)(DWORD ProcessId, HMODULE ModuleBaseAddress); + + static void EnumProcessesWithLibrary(char* szLibraryName, fProcessWithLibraryEnumCallback EnumFunction) + { + UE::EnumProcessesWithLibrary(szLibraryName, (void*)EnumFunction); + } +}; + +class ProcessA +{ +public: + + static long GetActiveProcessId(char* szImageName) + { + return UE::GetActiveProcessId(szImageName); + } +}; + +class ProcessW +{ +public: + + static long GetActiveProcessId(wchar_t* szImageName) + { + return UE::GetActiveProcessIdW(szImageName); + } +}; + +class Process : ProcessX, ProcessA, ProcessW +{ +public: + + using ProcessX::fProcessWithLibraryEnumCallback; + + using ProcessA::GetActiveProcessId; + using ProcessW::GetActiveProcessId; + using ProcessX::EnumProcessesWithLibrary; +}; + +class TLSX +{ +protected: + + static bool BreakOnCallBack(ULONG_PTR* ArrayOfCallBacks, DWORD NumberOfCallBacks, Debugger::fBreakPointCallback bpxCallBack) + { + return UE::TLSBreakOnCallBack(ArrayOfCallBacks, NumberOfCallBacks, (void*)bpxCallBack); + } + static bool RestoreData() + { + return UE::TLSRestoreData(); + } + static bool BuildNewTable(ULONG_PTR FileMapVA, ULONG_PTR StorePlace, ULONG_PTR StorePlaceRVA, ULONG_PTR* ArrayOfCallBacks, DWORD NumberOfCallBacks) + { + return UE::TLSBuildNewTable(FileMapVA, StorePlace, StorePlaceRVA, ArrayOfCallBacks, NumberOfCallBacks); + } +}; + +class TLSA +{ +public: + + static bool GrabCallBackData(char* szFileName, ULONG_PTR* ArrayOfCallBacks, DWORD* NumberOfCallBacks) + { + return UE::TLSGrabCallBackData(szFileName, ArrayOfCallBacks, NumberOfCallBacks); + } + static bool BreakOnCallBackEx(char* szFileName, Debugger::fBreakPointCallback bpxCallBack) + { + return UE::TLSBreakOnCallBackEx(szFileName, (void*)bpxCallBack); + } + static bool RemoveCallback(char* szFileName) + { + return UE::TLSRemoveCallback(szFileName); + } + static bool RemoveTable(char* szFileName) + { + return UE::TLSRemoveTable(szFileName); + } + static bool BackupData(char* szFileName) + { + return UE::TLSBackupData(szFileName); + } + static bool BuildNewTableEx(char* szFileName, char* szSectionName, ULONG_PTR* ArrayOfCallBacks, DWORD NumberOfCallBacks) + { + return UE::TLSBuildNewTableEx(szFileName, szSectionName, ArrayOfCallBacks, NumberOfCallBacks); + } +}; + +class TLSW +{ +public: + + static bool GrabCallBackData(wchar_t* szFileName, ULONG_PTR* ArrayOfCallBacks, DWORD* NumberOfCallBacks) + { + return UE::TLSGrabCallBackDataW(szFileName, ArrayOfCallBacks, NumberOfCallBacks); + } + static bool BreakOnCallBackEx(wchar_t* szFileName, Debugger::fBreakPointCallback bpxCallBack) + { + return UE::TLSBreakOnCallBackExW(szFileName, (void*)bpxCallBack); + } + static bool RemoveCallback(wchar_t* szFileName) + { + return UE::TLSRemoveCallbackW(szFileName); + } + static bool RemoveTable(wchar_t* szFileName) + { + return UE::TLSRemoveTableW(szFileName); + } + static bool BackupData(wchar_t* szFileName) + { + return UE::TLSBackupDataW(szFileName); + } + static bool BuildNewTableEx(wchar_t* szFileName, char* szSectionName, ULONG_PTR* ArrayOfCallBacks, DWORD NumberOfCallBacks) + { + return UE::TLSBuildNewTableExW(szFileName, szSectionName, ArrayOfCallBacks, NumberOfCallBacks); + } +}; + +class TLS : TLSX, TLSA, TLSW +{ +public: + + using TLSX::BreakOnCallBack; + using TLSA::GrabCallBackData; + using TLSW::GrabCallBackData; + using TLSA::BreakOnCallBackEx; + using TLSW::BreakOnCallBackEx; + using TLSA::RemoveCallback; + using TLSW::RemoveCallback; + using TLSA::RemoveTable; + using TLSW::RemoveTable; + using TLSA::BackupData; + using TLSW::BackupData; + using TLSX::RestoreData; + using TLSX::BuildNewTable; + using TLSA::BuildNewTableEx; + using TLSW::BuildNewTableEx; +}; + +class TranslateA +{ +public: + + static const char* NativeName(char* szNativeName) + { + return (const char*)UE::TranslateNativeName(szNativeName); + } +}; + +class TranslateW +{ +public: + + static const wchar_t* NativeName(wchar_t* szNativeName) + { + return (const wchar_t*)UE::TranslateNativeNameW(szNativeName); + } +}; + +class Translate : TranslateA, TranslateW +{ +public: + + using TranslateA::NativeName; + using TranslateW::NativeName; +}; + +class HandlerA; +class HandlerW; + +class HandlerX +{ + friend class HandlerA; + friend class HandlerW; + +protected: + + typedef UE::HandlerArray HandlerArray; + + static long GetActiveHandleCount(DWORD ProcessId) + { + return UE::HandlerGetActiveHandleCount(ProcessId); + } + static bool IsHandleOpen(DWORD ProcessId, HANDLE hHandle) + { + return UE::HandlerIsHandleOpen(ProcessId, hHandle); + } + static long EnumerateOpenHandles(DWORD ProcessId, HandlerArray* HandleBuffer, DWORD MaxHandleCount) + { + return UE::HandlerEnumerateOpenHandles(ProcessId, HandleBuffer, MaxHandleCount); + } + static long long GetHandleDetails(HANDLE hProcess, DWORD ProcessId, HANDLE hHandle, eHandlerReturnType InformationReturn) + { + return UE::HandlerGetHandleDetails(hProcess, ProcessId, hHandle, InformationReturn); + } + static bool CloseRemoteHandle(HANDLE hProcess, HANDLE hHandle) + { + return UE::HandlerCloseRemoteHandle(hProcess, hHandle); + } + static long EnumerateOpenMutexes(HANDLE hProcess, DWORD ProcessId, HANDLE* HandleBuffer, DWORD MaxHandleCount) + { + return UE::HandlerEnumerateOpenMutexes(hProcess, ProcessId, HandleBuffer, MaxHandleCount); + } +}; + +class HandlerA +{ +public: + + static const char* GetHandleName(HANDLE hProcess, DWORD ProcessId, HANDLE hHandle, bool TranslateName) + { + return (const char*)UE::HandlerGetHandleName(hProcess, ProcessId, hHandle, TranslateName); + } + static long EnumerateLockHandles(char* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated, HandlerX::HandlerArray* HandleDataBuffer, DWORD MaxHandleCount) + { + return UE::HandlerEnumerateLockHandles(szFileOrFolderName, NameIsFolder, NameIsTranslated, HandleDataBuffer, MaxHandleCount); + } + static bool CloseAllLockHandles(char* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated) + { + return UE::HandlerCloseAllLockHandles(szFileOrFolderName, NameIsFolder, NameIsTranslated); + } + static bool IsFileLocked(char* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated) + { + return UE::HandlerIsFileLocked(szFileOrFolderName, NameIsFolder, NameIsTranslated); + } + static long long GetOpenMutexHandle(HANDLE hProcess, DWORD ProcessId, char* szMutexString) + { + return UE::HandlerGetOpenMutexHandle(hProcess, ProcessId, szMutexString); + } + static long GetProcessIdWhichCreatedMutex(char* szMutexString) + { + return UE::HandlerGetProcessIdWhichCreatedMutex(szMutexString); + } +}; + +class HandlerW +{ +public: + + static const wchar_t* GetHandleName(HANDLE hProcess, DWORD ProcessId, HANDLE hHandle, bool TranslateName) + { + return (const wchar_t*)UE::HandlerGetHandleNameW(hProcess, ProcessId, hHandle, TranslateName); + } + static long EnumerateLockHandles(wchar_t* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated, HandlerX::HandlerArray* HandleDataBuffer, DWORD MaxHandleCount) + { + return UE::HandlerEnumerateLockHandlesW(szFileOrFolderName, NameIsFolder, NameIsTranslated, HandleDataBuffer, MaxHandleCount); + } + static bool CloseAllLockHandles(wchar_t* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated) + { + return UE::HandlerCloseAllLockHandlesW(szFileOrFolderName, NameIsFolder, NameIsTranslated); + } + static bool IsFileLocked(wchar_t* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated) + { + return UE::HandlerIsFileLockedW(szFileOrFolderName, NameIsFolder, NameIsTranslated); + } + static long long GetOpenMutexHandle(HANDLE hProcess, DWORD ProcessId, wchar_t* szMutexString) + { + return UE::HandlerGetOpenMutexHandleW(hProcess, ProcessId, szMutexString); + } + static long GetProcessIdWhichCreatedMutex(wchar_t* szMutexString) + { + return UE::HandlerGetProcessIdWhichCreatedMutexW(szMutexString); + } +}; + +class Handler : HandlerX, HandlerA, HandlerW +{ +public: + + using HandlerX::HandlerArray; + + using HandlerX::GetActiveHandleCount; + using HandlerX::IsHandleOpen; + #ifndef UNICODE + using HandlerA::GetHandleName; + #else + using HandlerW::GetHandleName; + #endif + using HandlerX::EnumerateOpenHandles; + using HandlerX::GetHandleDetails; + using HandlerX::CloseRemoteHandle; + using HandlerA::EnumerateLockHandles; + using HandlerW::EnumerateLockHandles; + using HandlerA::CloseAllLockHandles; + using HandlerW::CloseAllLockHandles; + using HandlerA::IsFileLocked; + using HandlerW::IsFileLocked; + using HandlerX::EnumerateOpenMutexes; + using HandlerA::GetOpenMutexHandle; + using HandlerW::GetOpenMutexHandle; + using HandlerA::GetProcessIdWhichCreatedMutex; + using HandlerW::GetProcessIdWhichCreatedMutex; +}; + +class RemoteX +{ +protected: + + static bool ExitProcess(HANDLE hProcess, DWORD ExitCode) + { + return UE::RemoteExitProcess(hProcess, ExitCode); + } +}; + +class RemoteA +{ +public: + + static bool LoadLibrary(HANDLE hProcess, char* szLibraryFile, bool WaitForThreadExit) + { + return UE::RemoteLoadLibrary(hProcess, szLibraryFile, WaitForThreadExit); + } + static bool FreeLibrary(HANDLE hProcess, HMODULE hModule, char* szLibraryFile, bool WaitForThreadExit) + { + return UE::RemoteFreeLibrary(hProcess, hModule, szLibraryFile, WaitForThreadExit); + } +}; + +class RemoteW +{ +public: + + static bool LoadLibrary(HANDLE hProcess, wchar_t* szLibraryFile, bool WaitForThreadExit) + { + return UE::RemoteLoadLibraryW(hProcess, szLibraryFile, WaitForThreadExit); + } + static bool FreeLibrary(HANDLE hProcess, HMODULE hModule, wchar_t* szLibraryFile, bool WaitForThreadExit) + { + return UE::RemoteFreeLibraryW(hProcess, hModule, szLibraryFile, WaitForThreadExit); + } +}; + +class Remote : RemoteX, RemoteA, RemoteW +{ +public: + + using RemoteA::LoadLibrary; + using RemoteW::LoadLibrary; + using RemoteA::FreeLibrary; + using RemoteW::FreeLibrary; + using RemoteX::ExitProcess; +}; + +class StaticX +{ +protected: + + typedef bool(__stdcall *fStaticDecryptCallback)(void* sMemoryStart, int sKeySize); + + static bool FileGetContent(HANDLE FileHandle, DWORD FilePositionLow, LPDWORD FilePositionHigh, void* Buffer, DWORD Size) + { + return UE::StaticFileGetContent(FileHandle, FilePositionLow, FilePositionHigh, Buffer, Size); + } + static void FileClose(HANDLE FileHandle) + { + return UE::StaticFileClose(FileHandle); + } + static void MemoryDecrypt(void* MemoryStart, DWORD MemorySize, eDecryptionType DecryptionType, eDecryptionKeySize DecryptionKeySize, ULONG_PTR DecryptionKey) + { + UE::StaticMemoryDecrypt(MemoryStart, MemorySize, DecryptionType, DecryptionKeySize, DecryptionKey); + } + static void MemoryDecryptEx(void* MemoryStart, DWORD MemorySize, eDecryptionKeySize DecryptionKeySize, fStaticDecryptCallback DecryptionCallBack) + { + UE::StaticMemoryDecryptEx(MemoryStart, MemorySize, DecryptionKeySize, (void*)DecryptionCallBack); + } + static void MemoryDecryptSpecial(void* MemoryStart, DWORD MemorySize, eDecryptionKeySize DecryptionKeySize, eDecryptionDirection SpecDecryptionType, fStaticDecryptCallback DecryptionCallBack) + { + UE::StaticMemoryDecryptSpecial(MemoryStart, MemorySize, DecryptionKeySize, SpecDecryptionType, (void*)DecryptionCallBack); + } + static void SectionDecrypt(ULONG_PTR FileMapVA, DWORD SectionNumber, bool SimulateLoad, eDecryptionType DecryptionType, eDecryptionKeySize DecryptionKeySize, ULONG_PTR DecryptionKey) + { + UE::StaticSectionDecrypt(FileMapVA, SectionNumber, SimulateLoad, DecryptionType, DecryptionKeySize, DecryptionKey); + } + static bool MemoryDecompress(void* Source, DWORD SourceSize, void* Destination, DWORD DestinationSize, eCompressionAlgorithm Algorithm) + { + return UE::StaticMemoryDecompress(Source, SourceSize, Destination, DestinationSize, Algorithm); + } + static bool HashMemory(void* MemoryToHash, DWORD SizeOfMemory, void* HashDigest, bool OutputString, eHashAlgorithm Algorithm) + { + return UE::StaticHashMemory(MemoryToHash, SizeOfMemory, HashDigest, OutputString, Algorithm); + } +}; + +class StaticA +{ +public: + + static bool FileLoad(char* szFileName, eAccess DesiredAccess, bool SimulateLoad, HANDLE* FileHandle, DWORD* LoadedSize, HANDLE* FileMap, ULONG_PTR* FileMapVA) + { + return UE::StaticFileLoad(szFileName, DesiredAccess, SimulateLoad, FileHandle, LoadedSize, FileMap, FileMapVA); + } + static bool FileUnload(char* szFileName, bool CommitChanges, HANDLE FileHandle, DWORD LoadedSize, HANDLE FileMap, ULONG_PTR FileMapVA) + { + return UE::StaticFileUnload(szFileName, CommitChanges, FileHandle, LoadedSize, FileMap, FileMapVA); + } + static bool FileOpen(char* szFileName, DWORD DesiredAccess, LPHANDLE FileHandle, LPDWORD FileSizeLow, LPDWORD FileSizeHigh) + { + return UE::StaticFileOpen(szFileName, DesiredAccess, FileHandle, FileSizeLow, FileSizeHigh); + } + static bool RawMemoryCopy(HANDLE hFile, ULONG_PTR FileMapVA, ULONG_PTR VitualAddressToCopy, DWORD Size, bool AddressIsRVA, char* szDumpFileName) + { + return UE::StaticRawMemoryCopy(hFile, FileMapVA, VitualAddressToCopy, Size, AddressIsRVA, szDumpFileName); + } + static bool RawMemoryCopyEx(HANDLE hFile, DWORD RawAddressToCopy, DWORD Size, char* szDumpFileName) + { + return UE::StaticRawMemoryCopyEx(hFile, RawAddressToCopy, Size, szDumpFileName); + } + static bool RawMemoryCopyEx64(HANDLE hFile, DWORD64 RawAddressToCopy, DWORD64 Size, char* szDumpFileName) + { + return UE::StaticRawMemoryCopyEx64(hFile, RawAddressToCopy, Size, szDumpFileName); + } + static bool HashFile(char* szFileName, void* HashDigest, bool OutputString, eHashAlgorithm Algorithm) + { + return UE::StaticHashFile(szFileName, (char*)HashDigest, OutputString, Algorithm); + } +}; + +class StaticW +{ +public: + + static bool FileLoad(wchar_t* szFileName, eAccess DesiredAccess, bool SimulateLoad, HANDLE* FileHandle, DWORD* LoadedSize, HANDLE* FileMap, ULONG_PTR* FileMapVA) + { + return UE::StaticFileLoadW(szFileName, DesiredAccess, SimulateLoad, FileHandle, LoadedSize, FileMap, FileMapVA); + } + static bool FileUnload(wchar_t* szFileName, bool CommitChanges, HANDLE FileHandle, DWORD LoadedSize, HANDLE FileMap, ULONG_PTR FileMapVA) + { + return UE::StaticFileUnloadW(szFileName, CommitChanges, FileHandle, LoadedSize, FileMap, FileMapVA); + } + static bool FileOpen(wchar_t* szFileName, DWORD DesiredAccess, LPHANDLE FileHandle, LPDWORD FileSizeLow, LPDWORD FileSizeHigh) + { + return UE::StaticFileOpenW(szFileName, DesiredAccess, FileHandle, FileSizeLow, FileSizeHigh); + } + static bool RawMemoryCopy(HANDLE hFile, ULONG_PTR FileMapVA, ULONG_PTR VitualAddressToCopy, DWORD Size, bool AddressIsRVA, wchar_t* szDumpFileName) + { + return UE::StaticRawMemoryCopyW(hFile, FileMapVA, VitualAddressToCopy, Size, AddressIsRVA, szDumpFileName); + } + static bool RawMemoryCopyEx(HANDLE hFile, DWORD RawAddressToCopy, DWORD Size, wchar_t* szDumpFileName) + { + return UE::StaticRawMemoryCopyExW(hFile, RawAddressToCopy, Size, szDumpFileName); + } + static bool RawMemoryCopyEx64(HANDLE hFile, DWORD64 RawAddressToCopy, DWORD64 Size, wchar_t* szDumpFileName) + { + return UE::StaticRawMemoryCopyEx64W(hFile, RawAddressToCopy, Size, szDumpFileName); + } + static bool HashFile(wchar_t* szFileName, void* HashDigest, bool OutputString, eHashAlgorithm Algorithm) + { + return UE::StaticHashFileW(szFileName, (char*)HashDigest, OutputString, Algorithm); + } +}; + +class Static : StaticX, StaticA, StaticW +{ +public: + + using StaticX::fStaticDecryptCallback; + + using StaticA::FileLoad; + using StaticW::FileLoad; + using StaticA::FileUnload; + using StaticW::FileUnload; + using StaticA::FileOpen; + using StaticW::FileOpen; + using StaticX::FileGetContent; + using StaticX::FileClose; + using StaticX::MemoryDecrypt; + using StaticX::MemoryDecryptEx; + using StaticX::MemoryDecryptSpecial; + using StaticX::SectionDecrypt; + using StaticX::MemoryDecompress; + using StaticA::RawMemoryCopy; + using StaticW::RawMemoryCopy; + using StaticA::RawMemoryCopyEx; + using StaticW::RawMemoryCopyEx; + using StaticA::RawMemoryCopyEx64; + using StaticW::RawMemoryCopyEx64; + using StaticX::HashMemory; + using StaticA::HashFile; + using StaticW::HashFile; +}; + +class EngineX +{ +protected: + + static void SetEngineVariable(eEngineVariable VariableId, bool VariableSet) + { + UE::SetEngineVariable(VariableId, VariableSet); + } + static bool FakeMissingDependencies(HANDLE hProcess) + { + return UE::EngineFakeMissingDependencies(hProcess); + } + static bool DeleteCreatedDependencies() + { + return UE::EngineDeleteCreatedDependencies(); + } + static bool CreateUnpackerWindow(char* WindowUnpackerTitle, char* WindowUnpackerLongTitle, char* WindowUnpackerName, char* WindowUnpackerAuthor, void* StartUnpackingCallBack) + { + return UE::EngineCreateUnpackerWindow(WindowUnpackerTitle, WindowUnpackerLongTitle, WindowUnpackerName, WindowUnpackerAuthor, StartUnpackingCallBack); + } + static void AddUnpackerWindowLogMessage(char* szLogMessage) + { + return UE::EngineAddUnpackerWindowLogMessage(szLogMessage); + } +}; + +class EngineA +{ +public: + + static bool CreateMissingDependencies(char* szFileName, char* szOutputFolder, bool LogCreatedFiles) + { + return UE::EngineCreateMissingDependencies(szFileName, szOutputFolder, LogCreatedFiles); + } +}; + +class EngineW +{ +public: + + static bool CreateMissingDependencies(wchar_t* szFileName, wchar_t* szOutputFolder, bool LogCreatedFiles) + { + return UE::EngineCreateMissingDependenciesW(szFileName, szOutputFolder, LogCreatedFiles); + } +}; + +class Engine : EngineX, EngineA, EngineW +{ +public: + + using EngineX::SetEngineVariable; + using EngineA::CreateMissingDependencies; + using EngineW::CreateMissingDependencies; + using EngineX::FakeMissingDependencies; + using EngineX::DeleteCreatedDependencies; + using EngineX::CreateUnpackerWindow; + using EngineX::AddUnpackerWindowLogMessage; +}; + +class ExtensionManager +{ +public: + + typedef UE::PluginInformation PluginInformation; + + static bool IsPluginLoaded(char* szPluginName) + { + return UE::ExtensionManagerIsPluginLoaded(szPluginName); + } + static bool IsPluginEnabled(char* szPluginName) + { + return UE::ExtensionManagerIsPluginEnabled(szPluginName); + } + static bool DisableAllPlugins() + { + return UE::ExtensionManagerDisableAllPlugins(); + } + static bool DisablePlugin(char* szPluginName) + { + return UE::ExtensionManagerDisablePlugin(szPluginName); + } + static bool EnableAllPlugins() + { + return UE::ExtensionManagerEnableAllPlugins(); + } + static bool EnablePlugin(char* szPluginName) + { + return UE::ExtensionManagerEnablePlugin(szPluginName); + } + static bool UnloadAllPlugins() + { + return UE::ExtensionManagerUnloadAllPlugins(); + } + static bool UnloadPlugin(char* szPluginName) + { + return UE::ExtensionManagerUnloadPlugin(szPluginName); + } + static PluginInformation* GetPluginInfo(char* szPluginName) + { + return (PluginInformation*)UE::ExtensionManagerGetPluginInfo(szPluginName); + } +}; + +} /* namespace TE */ + +#endif /*TITANENGINE_CPP*/ diff --git a/SDK/Delphi/TitanEngine.pas b/SDK/Delphi/TitanEngine.pas new file mode 100644 index 0000000..0c2f10e --- /dev/null +++ b/SDK/Delphi/TitanEngine.pas @@ -0,0 +1,750 @@ +unit TitanEngine; + +interface + +{TitanEngine Delphi SDK - 2.0.3} +{http://www.reversinglabs.com/} +{Types} +type + PE32Structure = ^PE_32_STRUCT; + PE_32_STRUCT = packed record + PE32Offset : LongInt; + ImageBase : LongInt; + OriginalEntryPoint : LongInt; + NtSizeOfImage : LongInt; + NtSizeOfHeaders : LongInt; + SizeOfOptionalHeaders : SmallInt; + FileAlignment : LongInt; + SectionAligment : LongInt; + ImportTableAddress : LongInt; + ImportTableSize : LongInt; + ResourceTableAddress : LongInt; + ResourceTableSize : LongInt; + ExportTableAddress : LongInt; + ExportTableSize : LongInt; + TLSTableAddress : LongInt; + TLSTableSize : LongInt; + RelocationTableAddress : LongInt; + RelocationTableSize : LongInt; + TimeDateStamp : LongInt; + SectionNumber : SmallInt; + CheckSum : LongInt; + SubSystem : SmallInt; + Characteristics : SmallInt; + NumberOfRvaAndSizes : LongInt; + end; + + FileStatusInfo = ^FILE_STATUS_INFO; + FILE_STATUS_INFO = packed record + OveralEvaluation : BYTE; + EvaluationTerminatedByException : boolean; + FileIs64Bit : boolean; + FileIsDLL : boolean; + FileIsConsole : boolean; + MissingDependencies : boolean; + MissingDeclaredAPIs : boolean; + SignatureMZ : BYTE; + SignaturePE : BYTE; + EntryPoint : BYTE; + ImageBase : BYTE; + SizeOfImage : BYTE; + FileAlignment : BYTE; + SectionAlignment : BYTE; + ExportTable : BYTE; + RelocationTable : BYTE; + ImportTable : BYTE; + ImportTableSection : BYTE; + ImportTableData : BYTE; + IATTable : BYTE; + TLSTable : BYTE; + LoadConfigTable : BYTE; + BoundImportTable : BYTE; + COMHeaderTable : BYTE; + ResourceTable : BYTE; + ResourceData : BYTE; + SectionTable : BYTE; + end; + + FileFixInfo = ^FILE_FIX_INFO; + FILE_FIX_INFO = packed record + OveralEvaluation : BYTE; + FixingTerminatedByException : boolean; + FileFixPerformed : boolean; + StrippedRelocation : boolean; + DontFixRelocations : boolean; + OriginalRelocationTableAddress : LongInt; + OriginalRelocationTableSize : LongInt; + StrippedExports : boolean; + DontFixExports : boolean; + OriginalExportTableAddress : LongInt; + OriginalExportTableSize : LongInt; + StrippedResources : boolean; + DontFixResources : boolean; + OriginalResourceTableAddress : LongInt; + OriginalResourceTableSize : LongInt; + StrippedTLS : boolean; + DontFixTLS : boolean; + OriginalTLSTableAddress : LongInt; + OriginalTLSTableSize : LongInt; + StrippedLoadConfig : boolean; + DontFixLoadConfig : boolean; + OriginalLoadConfigTableAddress : LongInt; + OriginalLoadConfigTableSize : LongInt; + StrippedBoundImports : boolean; + DontFixBoundImports : boolean; + OriginalBoundImportTableAddress : LongInt; + OriginalBoundImportTableSize : LongInt; + StrippedIAT : boolean; + DontFixIAT : boolean; + OriginalImportAddressTableAddress : LongInt; + OriginalImportAddressTableSize : LongInt; + StrippedCOM : boolean; + DontFixCOM : boolean; + OriginalCOMTableAddress : LongInt; + OriginalCOMTableSize : LongInt; + end; + + ImportEnumData = ^IMPORT_ENUM_DATA; + IMPORT_ENUM_DATA = packed record + NewDll : boolean; + NumberOfImports : LongInt; + ImageBase : LongInt; + BaseImportThunk : LongInt; + ImportThunk : LongInt; + APIName : PAnsiChar; + DLLName : PAnsiChar; + end; + + ThreadItemData = ^THREAD_ITEM_DATA; + THREAD_ITEM_DATA = packed record + hThread : THandle; + dwThreadId : LongInt; + ThreadStartAddress : LongInt; + ThreadLocalBase : LongInt; + end; + + LibraryItemData = ^LIBRARY_ITEM_DATA; + LIBRARY_ITEM_DATA = packed record + hFile : THandle; + BaseOfDll : Pointer; + hFileMapping : THandle; + hFileMappingView : Pointer; + szLibraryPath:array[1..260] of AnsiChar; + szLibraryName:array[1..260] of AnsiChar; + end; + + ProcessItemData = ^PROCESS_ITEM_DATA; + PROCESS_ITEM_DATA = packed record + hProcess : THandle; + dwProcessId : LongInt; + hThread : THandle; + dwThreadId : LongInt; + hFile : THandle; + BaseOfImage : Pointer; + ThreadStartAddress : Pointer; + ThreadLocalBase : Pointer; + end; + + HandlerArray = ^HANDLER_ARRAY; + HANDLER_ARRAY = packed record + ProcessId : LongInt; + hHandle : THandle; + end; + + HookEntry = ^HOOK_ENTRY; + HOOK_ENTRY = packed record + IATHook : boolean; + HookType : BYTE; + HookSize : LongInt; + HookAddress : Pointer; + RedirectionAddress : Pointer; + HookBytes:array[1..14] of BYTE; + OriginalBytes:array[1..14] of BYTE; + IATHookModuleBase : Pointer; + IATHookNameHash : LongInt; + HookIsEnabled : boolean; + HookIsRemote : boolean; + PatchedEntry : Pointer; + RelocationInfo:array[1..7] of LongInt; + RelocationCount : LongInt; + end; + + PluginInformation = ^PLUGIN_INFORMATION; + PLUGIN_INFORMATION = packed record + PluginName:array[1..64] of AnsiChar; + PluginMajorVersion : LongInt; + PluginMinorVersion : LongInt; + PluginBaseAddress : LongInt; + TitanDebuggingCallBack : Pointer; + TitanRegisterPlugin : Pointer; + TitanReleasePlugin : Pointer; + TitanResetPlugin : Pointer; + PluginDisabled : boolean; + end; +const +{Registers} + UE_EAX = 1; + UE_EBX = 2; + UE_ECX = 3; + UE_EDX = 4; + UE_EDI = 5; + UE_ESI = 6; + UE_EBP = 7; + UE_ESP = 8; + UE_EIP = 9; + UE_EFLAGS = 10; + UE_DR0 = 11; + UE_DR1 = 12; + UE_DR2 = 13; + UE_DR3 = 14; + UE_DR6 = 15; + UE_DR7 = 16; + UE_CIP = 35; + UE_CSP = 36; + UE_SEG_GS = 37; + UE_SEG_FS = 38; + UE_SEG_ES = 39; + UE_SEG_DS = 40; + UE_SEG_CS = 41; + UE_SEG_SS = 42; +{Constants} + UE_PE_OFFSET = 0; + UE_IMAGEBASE = 1; + UE_OEP = 2; + UE_SIZEOFIMAGE = 3; + UE_SIZEOFHEADERS = 4; + UE_SIZEOFOPTIONALHEADER = 5; + UE_SECTIONALIGNMENT = 6; + UE_IMPORTTABLEADDRESS = 7; + UE_IMPORTTABLESIZE = 8; + UE_RESOURCETABLEADDRESS = 9; + UE_RESOURCETABLESIZE = 10; + UE_EXPORTTABLEADDRESS = 11; + UE_EXPORTTABLESIZE = 12; + UE_TLSTABLEADDRESS = 13; + UE_TLSTABLESIZE = 14; + UE_RELOCATIONTABLEADDRESS = 15; + UE_RELOCATIONTABLESIZE = 16; + UE_TIMEDATESTAMP = 17; + UE_SECTIONNUMBER = 18; + UE_CHECKSUM = 19; + UE_SUBSYSTEM = 20; + UE_CHARACTERISTICS = 21; + UE_NUMBEROFRVAANDSIZES = 22; + UE_SECTIONNAME = 23; + UE_SECTIONVIRTUALOFFSET = 24; + UE_SECTIONVIRTUALSIZE = 25; + UE_SECTIONRAWOFFSET = 26; + UE_SECTIONRAWSIZE = 27; + UE_SECTIONFLAGS = 28; + + UE_CH_BREAKPOINT = 1; + UE_CH_SINGLESTEP = 2; + UE_CH_ACCESSVIOLATION = 3; + UE_CH_ILLEGALINSTRUCTION = 4; + UE_CH_NONCONTINUABLEEXCEPTION = 5; + UE_CH_ARRAYBOUNDSEXCEPTION = 6; + UE_CH_FLOATDENORMALOPERAND = 7; + UE_CH_FLOATDEVIDEBYZERO = 8; + UE_CH_INTEGERDEVIDEBYZERO = 9; + UE_CH_INTEGEROVERFLOW = 10; + UE_CH_PRIVILEGEDINSTRUCTION = 11; + UE_CH_PAGEGUARD = 12; + UE_CH_EVERYTHINGELSE = 13; + UE_CH_CREATETHREAD = 14; + UE_CH_EXITTHREAD = 15; + UE_CH_CREATEPROCESS = 16; + UE_CH_EXITPROCESS = 17; + UE_CH_LOADDLL = 18; + UE_CH_UNLOADDLL = 19; + UE_CH_OUTPUTDEBUGSTRING = 20; + + UE_FUNCTION_STDCALL = 1; + UE_FUNCTION_CCALL = 2; + UE_FUNCTION_FASTCALL = 3; + UE_FUNCTION_STDCALL_RET = 4; + UE_FUNCTION_CCALL_RET = 5; + UE_FUNCTION_FASTCALL_RET = 6; + UE_FUNCTION_STDCALL_CALL = 7; + UE_FUNCTION_CCALL_CALL = 8; + UE_FUNCTION_FASTCALL_CALL = 9; + UE_PARAMETER_BYTE = 0; + UE_PARAMETER_WORD = 1; + UE_PARAMETER_DWORD = 2; + UE_PARAMETER_QWORD = 3; + UE_PARAMETER_PTR_BYTE = 4; + UE_PARAMETER_PTR_WORD = 5; + UE_PARAMETER_PTR_DWORD = 6; + UE_PARAMETER_PTR_QWORD = 7; + UE_PARAMETER_STRING = 8; + UE_PARAMETER_UNICODE = 9; + + UE_CMP_NOCONDITION = 0; + UE_CMP_EQUAL = 1; + UE_CMP_NOTEQUAL = 2; + UE_CMP_GREATER = 3; + UE_CMP_GREATEROREQUAL = 4; + UE_CMP_LOWER = 5; + UE_CMP_LOWEROREQUAL = 6; + UE_CMP_REG_EQUAL = 7; + UE_CMP_REG_NOTEQUAL = 8; + UE_CMP_REG_GREATER = 9; + UE_CMP_REG_GREATEROREQUAL = 10; + UE_CMP_REG_LOWER = 11; + UE_CMP_REG_LOWEROREQUAL = 12; + UE_CMP_ALWAYSFALSE = 13; + UE_OPTION_HANDLER_RETURN_HANDLECOUNT = 1; + UE_OPTION_HANDLER_RETURN_ACCESS = 2; + UE_OPTION_HANDLER_RETURN_FLAGS = 3; + UE_OPTION_HANDLER_RETURN_TYPENAME = 4; + + UE_BREAKPOINT_INT3 = 1; + UE_BREAKPOINT_LONG_INT3 = 2; + UE_BREAKPOINT_UD2 = 3; + + UE_BPXREMOVED = 0; + UE_BPXACTIVE = 1; + UE_BPXINACTIVE = 2; + + UE_BREAKPOINT = 0; + UE_SINGLESHOOT = 1; + UE_HARDWARE = 2; + UE_MEMORY = 3; + UE_MEMORY_READ = 4; + UE_MEMORY_WRITE = 5; + UE_BREAKPOINT_TYPE_INT3 = $10000000; + UE_BREAKPOINT_TYPE_LONG_INT3 = $20000000; + UE_BREAKPOINT_TYPE_UD2 = $30000000; + + UE_HARDWARE_EXECUTE = 4; + UE_HARDWARE_WRITE = 5; + UE_HARDWARE_READWRITE = 6; + + UE_HARDWARE_SIZE_1 = 7; + UE_HARDWARE_SIZE_2 = 8; + UE_HARDWARE_SIZE_4 = 9; + + UE_ON_LIB_LOAD = 1; + UE_ON_LIB_UNLOAD = 2; + UE_ON_LIB_ALL = 3; + + UE_APISTART = 0; + UE_APIEND = 1; + + UE_PLATFORM_x86 = 1; + UE_PLATFORM_x64 = 2; + UE_PLATFORM_ALL = 3; + + UE_ACCESS_READ = 0; + UE_ACCESS_WRITE = 1; + UE_ACCESS_ALL = 2; + + UE_HIDE_BASIC = 1; + + UE_ENGINE_ALOW_MODULE_LOADING = 1; + UE_ENGINE_AUTOFIX_FORWARDERS = 2; + UE_ENGINE_PASS_ALL_EXCEPTIONS = 3; + UE_ENGINE_NO_CONSOLE_WINDOW = 4; + UE_ENGINE_BACKUP_FOR_CRITICAL_FUNCTIONS = 5; + UE_ENGINE_CALL_PLUGIN_CALLBACK = 6; + UE_ENGINE_RESET_CUSTOM_HANDLER = 7; + UE_ENGINE_CALL_PLUGIN_DEBUG_CALLBACK = 8; + + UE_OPTION_REMOVEALL = 1; + UE_OPTION_DISABLEALL = 2; + UE_OPTION_REMOVEALLDISABLED = 3; + UE_OPTION_REMOVEALLENABLED = 4; + + UE_STATIC_DECRYPTOR_XOR = 1; + UE_STATIC_DECRYPTOR_SUB = 2; + UE_STATIC_DECRYPTOR_ADD = 3; + + UE_STATIC_DECRYPTOR_FOREWARD = 1; + UE_STATIC_DECRYPTOR_BACKWARD = 2; + + UE_STATIC_KEY_SIZE_1 = 1; + UE_STATIC_KEY_SIZE_2 = 2; + UE_STATIC_KEY_SIZE_4 = 4; + UE_STATIC_KEY_SIZE_8 = 8; + + UE_STATIC_APLIB = 1; + UE_STATIC_APLIB_DEPACK = 2; + UE_STATIC_LZMA = 3; + + UE_STATIC_HASH_MD5 = 1; + UE_STATIC_HASH_SHA1 = 2; + UE_STATIC_HASH_CRC32 = 3; + + UE_RESOURCE_LANGUAGE_ANY = -1; + + UE_DEPTH_SURFACE = 0; + UE_DEPTH_DEEP = 1; + + UE_UNPACKER_CONDITION_SEARCH_FROM_EP = 1; + + UE_UNPACKER_CONDITION_LOADLIBRARY = 1; + UE_UNPACKER_CONDITION_GETPROCADDRESS = 2; + UE_UNPACKER_CONDITION_ENTRYPOINTBREAK = 3; + UE_UNPACKER_CONDITION_RELOCSNAPSHOT1 = 4; + UE_UNPACKER_CONDITION_RELOCSNAPSHOT2 = 5; + + UE_FIELD_OK = 0; + UE_FIELD_BROKEN_NON_FIXABLE = 1; + UE_FIELD_BROKEN_NON_CRITICAL = 2; + UE_FIELD_BROKEN_FIXABLE_FOR_STATIC_USE = 3; + UE_FIELD_BROKEN_BUT_CAN_BE_EMULATED = 4; + UE_FILED_FIXABLE_NON_CRITICAL = 5; + UE_FILED_FIXABLE_CRITICAL = 6; + UE_FIELD_NOT_PRESET = 7; + UE_FIELD_NOT_PRESET_WARNING = 8; + + UE_RESULT_FILE_OK = 10; + UE_RESULT_FILE_INVALID_BUT_FIXABLE = 11; + UE_RESULT_FILE_INVALID_AND_NON_FIXABLE = 12; + UE_RESULT_FILE_INVALID_FORMAT = 13; + + UE_PLUGIN_CALL_REASON_PREDEBUG = 1; + UE_PLUGIN_CALL_REASON_EXCEPTION = 2; + UE_PLUGIN_CALL_REASON_POSTDEBUG = 3; + + TEE_HOOK_NRM_JUMP = 1; + TEE_HOOK_NRM_CALL = 3; + TEE_HOOK_IAT = 5; + +{TitanEngine.Dumper.functions} + function DumpProcess(hProcess:THandle; ImageBase:LongInt; szDumpFileName:PAnsiChar; EntryPoint:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'DumpProcess'; + function DumpProcessEx(ProcessId:LongInt; ImageBase:LongInt; szDumpFileName:PAnsiChar; EntryPoint:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'DumpProcessEx'; + function DumpMemory(hProcess:THandle; MemoryStart,MemorySize:LongInt; szDumpFileName:PAnsiChar):boolean; stdcall; external 'TitanEngine.dll' name 'DumpMemory'; + function DumpMemoryEx(ProcessId:LongInt; MemoryStart,MemorySize:LongInt; szDumpFileName:PAnsiChar):boolean; stdcall; external 'TitanEngine.dll' name 'DumpMemoryEx'; + function DumpRegions(hProcess:THandle; szDumpFolder:PAnsiChar; DumpAboveImageBaseOnly:boolean):boolean; stdcall; external 'TitanEngine.dll' name 'DumpRegions'; + function DumpRegionsEx(ProcessId:LongInt; szDumpFolder:PAnsiChar; DumpAboveImageBaseOnly:boolean):boolean; stdcall; external 'TitanEngine.dll' name 'DumpRegionsEx'; + function DumpModule(hProcess:THandle; ModuleBase:LongInt; szDumpFileName:PAnsiChar):boolean; stdcall; external 'TitanEngine.dll' name 'DumpModule'; + function DumpModuleEx(ProcessId:LongInt; ModuleBase:LongInt; szDumpFileName:PAnsiChar):boolean; stdcall; external 'TitanEngine.dll' name 'DumpModuleEx'; + function PastePEHeader(hProcess:THandle; ImageBase:LongInt; szDebuggedFileName:PAnsiChar):boolean; stdcall; external 'TitanEngine.dll' name 'PastePEHeader'; + function ExtractSection(szFileName,szDumpFileName:PAnsiChar; SectionNumber:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'ExtractSection'; + function ResortFileSections(szFileName:PAnsiChar):boolean; stdcall; external 'TitanEngine.dll' name 'ResortFileSections'; + function FindOverlay(szFileName:PAnsiChar; OverlayStart,OverlaySize:Pointer):boolean; stdcall; external 'TitanEngine.dll' name 'FindOverlay'; + function ExtractOverlay(szFileName,szExtactedFileName:PAnsiChar):boolean; stdcall; external 'TitanEngine.dll' name 'ExtractOverlay'; + function AddOverlay(szFileName,szOverlayFileName:PAnsiChar):boolean; stdcall; external 'TitanEngine.dll' name 'AddOverlay'; + function CopyOverlay(szInFileName,szOutFileName:PAnsiChar):boolean; stdcall; external 'TitanEngine.dll' name 'CopyOverlay'; + function RemoveOverlay(szFileName:PAnsiChar):boolean; stdcall; external 'TitanEngine.dll' name 'RemoveOverlay'; + function MakeAllSectionsRWE(szFileName:PAnsiChar):boolean; stdcall; external 'TitanEngine.dll' name 'MakeAllSectionsRWE'; + function AddNewSectionEx(szFileName,szSectionName:PAnsiChar; SectionSize,SectionAttributes:LongInt; SectionContent:Pointer; ContentSize:LongInt):LongInt; stdcall; external 'TitanEngine.dll' name 'AddNewSectionEx'; + function AddNewSection(szFileName,szSectionName:PAnsiChar; SectionSize:LongInt):LongInt; stdcall; external 'TitanEngine.dll' name 'AddNewSection'; + function ResizeLastSection(szFileName:PAnsiChar; NumberOfExpandBytes:LongInt; AlignResizeData:boolean):boolean; stdcall; external 'TitanEngine.dll' name 'ResizeLastSection'; + procedure SetSharedOverlay(szFileName:PAnsiChar); stdcall; external 'TitanEngine.dll' name 'SetSharedOverlay'; + function GetSharedOverlay():PAnsiChar; stdcall; external 'TitanEngine.dll' name 'GetSharedOverlay'; + function DeleteLastSection(szFileName:PAnsiChar):boolean; stdcall; external 'TitanEngine.dll' name 'DeleteLastSection'; + function DeleteLastSectionEx(szFileName:PAnsiChar; NumberOfSections:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'DeleteLastSectionEx'; + function GetPE32DataFromMappedFile(FileMapVA,WhichSection,WhichData:LongInt):LongInt; stdcall; external 'TitanEngine.dll' name 'GetPE32DataFromMappedFile'; + function GetPE32Data(szFileName:PAnsiChar; WhichSection,WhichData:LongInt):LongInt; stdcall; external 'TitanEngine.dll' name 'GetPE32Data'; + function GetPE32DataFromMappedFileEx(FileMapVA:LongInt; DataStorage:Pointer):boolean; stdcall; external 'TitanEngine.dll' name 'GetPE32DataFromMappedFileEx'; + function GetPE32DataEx(szFileName:PAnsiChar; DataStorage:Pointer):boolean; stdcall; external 'TitanEngine.dll' name 'GetPE32DataEx'; + function SetPE32DataForMappedFile(FileMapVA,WhichSection,WhichData,NewDataValue:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'SetPE32DataForMappedFile'; + function SetPE32Data(szFileName:PAnsiChar; WhichSection,WhichData,NewDataValue:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'SetPE32Data'; + function SetPE32DataForMappedFileEx(szFileName:PAnsiChar; DataStorage:Pointer):boolean; stdcall; external 'TitanEngine.dll' name 'SetPE32DataForMappedFileEx'; + function SetPE32DataEx(szFileName:PAnsiChar; DataStorage:Pointer):boolean; stdcall; external 'TitanEngine.dll' name 'SetPE32DataEx'; + function GetPE32SectionNumberFromVA(FileMapVA,AddressToConvert:LongInt):LongInt; stdcall; external 'TitanEngine.dll' name 'GetPE32SectionNumberFromVA'; + function ConvertVAtoFileOffset(FileMapVA,AddressToConvert:LongInt; ReturnType:boolean):LongInt; stdcall; external 'TitanEngine.dll' name 'ConvertVAtoFileOffset'; + function ConvertVAtoFileOffsetEx(FileMapVA,FileSize,ImageBase,AddressToConvert:LongInt; AddressIsRVA,ReturnType:boolean):LongInt; stdcall; external 'TitanEngine.dll' name 'ConvertVAtoFileOffsetEx'; + function ConvertFileOffsetToVA(FileMapVA,AddressToConvert:LongInt; ReturnType:boolean):LongInt; stdcall; external 'TitanEngine.dll' name 'ConvertFileOffsetToVA'; + function ConvertFileOffsetToVAEx(FileMapVA,FileSize,ImageBase,AddressToConvert:LongInt; ReturnType:boolean):LongInt; stdcall; external 'TitanEngine.dll' name 'ConvertFileOffsetToVAEx'; +{TitanEngine.Realigner.functions} + function FixHeaderCheckSum(szFileName:PAnsiChar):boolean; stdcall; external 'TitanEngine.dll' name 'FixHeaderCheckSum'; + function RealignPE(FileMapVA,FileSize,RealingMode:LongInt):LongInt; stdcall; external 'TitanEngine.dll' name 'RealignPE'; + function RealignPEEx(szFileName:PAnsiChar; RealingFileSize,ForcedFileAlignment:LongInt):LongInt; stdcall; external 'TitanEngine.dll' name 'RealignPEEx'; + function WipeSection(szFileName:PAnsiChar; WipeSectionNumber:LongInt; RemovePhysically:boolean):boolean; stdcall; external 'TitanEngine.dll' name 'WipeSection'; + function IsPE32FileValidEx(szFileName:PAnsiChar; CheckDepth:LongInt; FileStatusInfo:Pointer):boolean; stdcall; external 'TitanEngine.dll' name 'IsPE32FileValidEx'; + function FixBrokenPE32FileEx(szFileName:PAnsiChar; FileStatusInfo,FileFixInfo:Pointer):boolean; stdcall; external 'TitanEngine.dll' name 'FixBrokenPE32FileEx'; + function IsFileDLL(szFileName:PAnsiChar; FileMapVA:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'IsFileDLL'; +{TitanEngine.Hider.functions} + function GetPEBLocation(hProcess:THandle):LongInt; stdcall; external 'TitanEngine.dll' name 'GetPEBLocation'; + function HideDebugger(hProcess:THandle; PatchAPILevel:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'HideDebugger'; + function UnHideDebugger(hProcess:THandle; PatchAPILevel:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'UnHideDebugger'; +{TitanEngine.Relocater.functions} + procedure RelocaterCleanup(); stdcall; external 'TitanEngine.dll' name 'RelocaterCleanup'; + procedure RelocaterInit(MemorySize,OldImageBase,NewImageBase:LongInt); stdcall; external 'TitanEngine.dll' name 'RelocaterInit'; + procedure RelocaterAddNewRelocation(hProcess:THandle; RelocateAddress,RelocateState:LongInt); stdcall; external 'TitanEngine.dll' name 'RelocaterAddNewRelocation'; + function RelocaterEstimatedSize():LongInt; stdcall; external 'TitanEngine.dll' name 'RelocaterEstimatedSize'; + function RelocaterExportRelocation(StorePlace,StorePlaceRVA,FileMapVA:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'RelocaterExportRelocation'; + function RelocaterExportRelocationEx(szFileName,szSectionName:PAnsiChar; StorePlace,StorePlaceRVA:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'RelocaterExportRelocationEx'; + function RelocaterGrabRelocationTable(hProcess:THandle; MemoryStart,MemorySize:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'RelocaterGrabRelocationTable'; + function RelocaterGrabRelocationTableEx(hProcess:THandle; MemoryStart,MemorySize,NtSizeOfImage:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'RelocaterGrabRelocationTableEx'; + function RelocaterMakeSnapshot(hProcess:THandle; szSaveFileName:PAnsiChar; MemoryStart,MemorySize:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'RelocaterMakeSnapshot'; + function RelocaterCompareTwoSnapshots(hProcess:THandle; LoadedImageBase,NtSizeOfImage:LongInt; szDumpFile1,szDumpFile2:PAnsiChar; MemStart:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'RelocaterCompareTwoSnapshots'; + function RelocaterChangeFileBase(szFileName:PAnsiChar; NewImageBase:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'RelocaterChangeFileBase'; + function RelocaterRelocateMemoryBlock(FileMapVA,MemoryLocation:LongInt; RelocateMemory:Pointer; RelocateMemorySize,CurrentLoadedBase,RelocateBase:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'RelocaterRelocateMemoryBlock'; + function RelocaterWipeRelocationTable(szFileName:PAnsiChar):boolean; stdcall; external 'TitanEngine.dll' name 'RelocaterWipeRelocationTable'; +{TitanEngine.Resourcer.functions} + function ResourcerLoadFileForResourceUse(szFileName:PAnsiChar):LongInt; stdcall; external 'TitanEngine.dll' name 'ResourcerLoadFileForResourceUse'; + function ResourcerFreeLoadedFile(LoadedFileBase:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'ResourcerFreeLoadedFile'; + function ResourcerExtractResourceFromFileEx(FileMapVA:LongInt; szResourceType,szResourceName,szExtractedFileName:PAnsiChar):boolean; stdcall; external 'TitanEngine.dll' name 'ResourcerExtractResourceFromFileEx'; + function ResourcerExtractResourceFromFile(szFileName,szResourceType,szResourceName,szExtractedFileName:PAnsiChar):boolean; stdcall; external 'TitanEngine.dll' name 'ResourcerExtractResourceFromFile'; + function ResourcerFindResource(szFileName,szResourceType:PAnsiChar; ResourceType:LongInt; szResourceName:PAnsiChar; ResourceName,ResourceLanguage:LongInt; pResourceData,pResourceSize:Pointer):boolean; stdcall; external 'TitanEngine.dll' name 'ResourcerFindResource'; + function ResourcerFindResourceEx(FileMapVA,FileSize:LongInt; szResourceType:PAnsiChar; ResourceType:LongInt; szResourceName:PAnsiChar; ResourceName,ResourceLanguage:LongInt; pResourceData,pResourceSize:Pointer):boolean; stdcall; external 'TitanEngine.dll' name 'ResourcerFindResourceEx'; + procedure ResourcerEnumerateResource(szFileName:PAnsiChar; CallBack:LongInt); stdcall; external 'TitanEngine.dll' name 'ResourcerEnumerateResource'; + procedure ResourcerEnumerateResourceEx(FileMapVA,FileSize:LongInt; CallBack:LongInt); stdcall; external 'TitanEngine.dll' name 'ResourcerEnumerateResourceEx'; +{TitanEngine.FindOEP.functions} + procedure FindOEPInit(); stdcall; external 'TitanEngine.dll' name 'FindOEPInit'; + procedure FindOEPGenerically(szFileName:PAnsiChar; TraceInitCallBack,CallBack:Pointer); stdcall; external 'TitanEngine.dll' name 'FindOEPGenerically'; +{TitanEngine.Threader.functions} + function ThreaderImportRunningThreadData(ProcessId:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'ThreaderImportRunningThreadData'; + function ThreaderGetThreadInfo(hThread:THandle; ThreadId:LongInt):LongInt; stdcall; external 'TitanEngine.dll' name 'ThreaderGetThreadInfo'; + procedure ThreaderEnumThreadInfo(EnumCallBack:Pointer); stdcall; external 'TitanEngine.dll' name 'ThreaderGetThreadInfo'; + function ThreaderPauseThread(hThread:THandle):boolean; stdcall; external 'TitanEngine.dll' name 'ThreaderPauseThread'; + function ThreaderResumeThread(hThread:THandle):boolean; stdcall; external 'TitanEngine.dll' name 'ThreaderResumeThread'; + function ThreaderTerminateThread(hThread:THandle; ThreadExitCode:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'ThreaderTerminateThread'; + function ThreaderPauseAllThreads(LeaveMainRunning:boolean):boolean; stdcall; external 'TitanEngine.dll' name 'ThreaderPauseAllThreads'; + function ThreaderResumeAllThreads(LeaveMainPaused:boolean):boolean; stdcall; external 'TitanEngine.dll' name 'ThreaderResumeAllThreads'; + function ThreaderPauseProcess():boolean; stdcall; external 'TitanEngine.dll' name 'ThreaderPauseProcess'; + function ThreaderResumeProcess():boolean; stdcall; external 'TitanEngine.dll' name 'ThreaderResumeProcess'; + function ThreaderCreateRemoteThread(ThreadStartAddress:LongInt; AutoCloseTheHandle:boolean; ThreadPassParameter,ThreadId:Pointer):LongInt; stdcall; external 'TitanEngine.dll' name 'ThreaderCreateRemoteThread'; + function ThreaderInjectAndExecuteCode(InjectCode:Pointer; StartDelta,InjectSize:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'ThreaderInjectAndExecuteCode'; + function ThreaderCreateRemoteThreadEx(hProcess:THandle; ThreadStartAddress:LongInt; AutoCloseTheHandle:boolean; ThreadPassParameter,ThreadId:Pointer):LongInt; stdcall; external 'TitanEngine.dll' name 'ThreaderCreateRemoteThreadEx'; + function ThreaderInjectAndExecuteCodeEx(hProcess:THandle; InjectCode:Pointer; StartDelta,InjectSize:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'ThreaderInjectAndExecuteCodeEx'; + procedure ThreaderSetCallBackForNextExitThreadEvent(exitThreadCallBack:Pointer); stdcall; external 'TitanEngine.dll' name 'ThreaderSetCallBackForNextExitThreadEvent'; + function ThreaderIsThreadStillRunning(hThread:THandle):boolean; stdcall; external 'TitanEngine.dll' name 'ThreaderIsThreadStillRunning'; + function ThreaderIsThreadActive(hThread:THandle):boolean; stdcall; external 'TitanEngine.dll' name 'ThreaderIsThreadActive'; + function ThreaderIsAnyThreadActive():boolean; stdcall; external 'TitanEngine.dll' name 'ThreaderIsAnyThreadActive'; + function ThreaderExecuteOnlyInjectedThreads():boolean; stdcall; external 'TitanEngine.dll' name 'ThreaderExecuteOnlyInjectedThreads'; + function ThreaderGetOpenHandleForThread(ThreadId:LongInt):THandle; stdcall; external 'TitanEngine.dll' name 'ThreaderGetOpenHandleForThread'; + function ThreaderGetThreadData():Pointer; stdcall; external 'TitanEngine.dll' name 'ThreaderGetThreadData'; + function ThreaderIsExceptionInMainThread():boolean; stdcall; external 'TitanEngine.dll' name 'ThreaderIsExceptionInMainThread'; +{TitanEngine.Debugger.functions} + function StaticDisassembleEx(DisassmStart:LongInt; DisassmAddress:Pointer):PAnsiChar; stdcall; external 'TitanEngine.dll' name 'StaticDisassembleEx'; + function StaticDisassemble(DisassmAddress:Pointer):PAnsiChar; stdcall; external 'TitanEngine.dll' name 'StaticDisassemble'; + function DisassembleEx(hProcess:THandle; DisassmAddress:Pointer):PAnsiChar; stdcall; external 'TitanEngine.dll' name 'DisassembleEx'; + function Disassemble(DisassmAddress:Pointer):PAnsiChar; stdcall; external 'TitanEngine.dll' name 'Disassemble'; + function StaticLengthDisassemble(DisassmAddress:Pointer):LongInt; stdcall; external 'TitanEngine.dll' name 'StaticLengthDisassemble'; + function LengthDisassembleEx(hProcess:THandle; DisassmAddress:Pointer):LongInt; stdcall; external 'TitanEngine.dll' name 'LengthDisassembleEx'; + function LengthDisassemble(DisassmAddress:Pointer):LongInt; stdcall; external 'TitanEngine.dll' name 'LengthDisassemble'; + function InitDebug(szFileName,szCommandLine,szCurrentFolder:PAnsiChar): Pointer; stdcall; external 'TitanEngine.dll' name 'InitDebug'; + function InitDebugEx(szFileName,szCommandLine,szCurrentFolder:PAnsiChar; EntryCallBack:Pointer): Pointer; stdcall; external 'TitanEngine.dll' name 'InitDebugEx'; + function InitDLLDebug(szFileName:PAnsiChar; ReserveModuleBase:boolean; szCommandLine,szCurrentFolder:PAnsiChar; EntryCallBack:Pointer): Pointer; stdcall; external 'TitanEngine.dll' name 'InitDLLDebug'; + function StopDebug(): Boolean; stdcall; external 'TitanEngine.dll' name 'StopDebug'; + procedure SetBPXOptions(DefaultBreakPointType:LongInt); stdcall; external 'TitanEngine.dll' name 'SetBPXOptions'; + function IsBPXEnabled(bpxAddress:LongInt): boolean; stdcall; external 'TitanEngine.dll' name 'IsBPXEnabled'; + function EnableBPX(bpxAddress:LongInt): boolean; stdcall; external 'TitanEngine.dll' name 'EnableBPX'; + function DisableBPX(bpxAddress:LongInt): boolean; stdcall; external 'TitanEngine.dll' name 'DisableBPX'; + function SetBPX(bpxAddress,bpxType:LongInt; bpxCallBack:Pointer): boolean; stdcall; external 'TitanEngine.dll' name 'SetBPX'; + function SetBPXEx(bpxAddress,bpxType,NumberOfExecution,CmpRegister,CmpCondition,CmpValue:LongInt; bpxCallBack,bpxCompareCallBack,bpxRemoveCallBack:Pointer): boolean; stdcall; external 'TitanEngine.dll' name 'SetBPXEx'; + function DeleteBPX(bpxAddress:LongInt): boolean; stdcall; external 'TitanEngine.dll' name 'DeleteBPX'; + function SafeDeleteBPX(bpxAddress:LongInt): boolean; stdcall; external 'TitanEngine.dll' name 'SafeDeleteBPX'; + function SetAPIBreakPoint(szDLLName,szAPIName:PAnsiChar; bpxType,bpxPlace:LongInt; bpxCallBack:Pointer):boolean; stdcall; external 'TitanEngine.dll' name 'SetAPIBreakPoint'; + function DeleteAPIBreakPoint(szDLLName,szAPIName:PAnsiChar; bpxPlace:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'DeleteAPIBreakPoint'; + function SafeDeleteAPIBreakPoint(szDLLName,szAPIName:PAnsiChar; bpxPlace:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'SafeDeleteAPIBreakPoint'; + function SetMemoryBPX(MemoryStart,SizeOfMemory:LongInt; bpxCallBack:Pointer):boolean; stdcall; external 'TitanEngine.dll' name 'SetMemoryBPX'; + function SetMemoryBPXEx(MemoryStart,SizeOfMemory,BreakPointType:LongInt; RestoreOnHit:boolean; bpxCallBack:Pointer):boolean; stdcall; external 'TitanEngine.dll' name 'SetMemoryBPXEx'; + function RemoveMemoryBPX(MemoryStart,SizeOfMemory:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'RemoveMemoryBPX'; + function GetContextFPUDataEx(hActiveThread:THandle; FPUSaveArea:Pointer): boolean; stdcall; external 'TitanEngine.dll' name 'GetContextFPUDataEx'; + function GetContextDataEx(hActiveThread:THandle; IndexOfRegister:LongInt): LongInt; stdcall; external 'TitanEngine.dll' name 'GetContextDataEx'; + function GetContextData(IndexOfRegister:LongInt): LongInt; stdcall; external 'TitanEngine.dll' name 'GetContextData'; + function SetContextFPUDataEx(hActiveThread:THandle; FPUSaveArea:Pointer): boolean; stdcall; external 'TitanEngine.dll' name 'SetContextFPUDataEx'; + function SetContextDataEx(hActiveThread:THandle; IndexOfRegister,NewRegisterValue:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'SetContextDataEx'; + function SetContextData(IndexOfRegister,NewRegisterValue:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'SetContextData'; + procedure ClearExceptionNumber(); stdcall; external 'TitanEngine.dll' name 'ClearExceptionNumber'; + function CurrentExceptionNumber(): LongInt; stdcall; external 'TitanEngine.dll' name 'CurrentExceptionNumber'; + function MatchPatternEx(hProcess:THandle; MemoryToCheck,SizeOfMemoryToCheck:LongInt; PatternToMatch:Pointer; SizeOfPatternToMatch:LongInt; WildCard:Pointer): boolean; stdcall; external 'TitanEngine.dll' name 'MatchPatternEx'; + function MatchPattern(MemoryToCheck,SizeOfMemoryToCheck:LongInt; PatternToMatch:Pointer; SizeOfPatternToMatch:LongInt; WildCard:Pointer): boolean; stdcall; external 'TitanEngine.dll' name 'MatchPattern'; + function FindEx(hProcess:THandle; MemoryStart,MemorySize:LongInt; SearchPattern:Pointer; PatternSize:LongInt; WildCard:Pointer): LongInt; stdcall; external 'TitanEngine.dll' name 'FindEx'; + function Find(MemoryStart,MemorySize:LongInt; SearchPattern:Pointer; PatternSize:LongInt; WildCard:Pointer): LongInt; stdcall; external 'TitanEngine.dll' name 'Find'; + function FillEx(hProcess:THandle; MemoryStart,MemorySize:LongInt; FillByte:Pointer): boolean; stdcall; external 'TitanEngine.dll' name 'FillEx'; + function Fill(MemoryStart,MemorySize:LongInt; FillByte:Pointer): boolean; stdcall; external 'TitanEngine.dll' name 'Fill'; + function PatchEx(hProcess:THandle; MemoryStart,MemorySize:LongInt; ReplacePattern:Pointer; ReplaceSize:LongInt; AppendNOP,PrependNOP:boolean): boolean; stdcall; external 'TitanEngine.dll' name 'PatchEx'; + function Patch(MemoryStart,MemorySize:LongInt; ReplacePattern:Pointer; ReplaceSize:LongInt; AppendNOP,PrependNOP:boolean): boolean; stdcall; external 'TitanEngine.dll' name 'Patch'; + function ReplaceEx(hProcess:THandle; MemoryStart,MemorySize:LongInt; SearchPattern:Pointer; PatternSize,NumberOfRepetitions:LongInt; ReplacePattern:Pointer; ReplaceSize:LongInt; WildCard:Pointer): boolean; stdcall; external 'TitanEngine.dll' name 'ReplaceEx'; + function Replace(MemoryStart,MemorySize:LongInt; SearchPattern:Pointer; PatternSize,NumberOfRepetitions:LongInt; ReplacePattern:Pointer; ReplaceSize:LongInt; WildCard:Pointer): boolean; stdcall; external 'TitanEngine.dll' name 'Replace'; + function GetDebugData(): Pointer; stdcall; external 'TitanEngine.dll' name 'GetDebugData'; + function GetTerminationData(): Pointer; stdcall; external 'TitanEngine.dll' name 'GetTerminationData'; + function GetExitCode():LongInt; stdcall; external 'TitanEngine.dll' name 'GetExitCode'; + function GetDebuggedDLLBaseAddress(): LongInt; stdcall; external 'TitanEngine.dll' name 'GetDebuggedDLLBaseAddress'; + function GetDebuggedFileBaseAddress(): LongInt; stdcall; external 'TitanEngine.dll' name 'GetDebuggedFileBaseAddress'; + function GetRemoteString(hProcess:THandle; StringAddress:LongInt; StringStorage:Pointer; MaximumStringSize:LongInt): LongInt; stdcall; external 'TitanEngine.dll' name 'GetRemoteString'; + function GetFunctionParameter(hProcess:THandle; FunctionType,ParameterNumber,ParameterType:LongInt): LongInt; stdcall; external 'TitanEngine.dll' name 'GetFunctionParameter'; + function GetJumpDestinationEx(hProcess:THandle; InstructionAddress:LongInt; JustJumps:boolean): LongInt; stdcall; external 'TitanEngine.dll' name 'GetJumpDestinationEx'; + function GetJumpDestination(hProcess:THandle; InstructionAddress:LongInt; JustJumps:boolean): LongInt; stdcall; external 'TitanEngine.dll' name 'GetJumpDestination'; + function IsJumpGoingToExecuteEx(hProcess,hThread:THandle; InstructionAddress,RegFlags:LongInt): boolean; stdcall; external 'TitanEngine.dll' name 'IsJumpGoingToExecuteEx'; + function IsJumpGoingToExecute(): boolean; stdcall; external 'TitanEngine.dll' name 'IsJumpGoingToExecute'; + procedure SetCustomHandler(WhichException:LongInt; CallBack:Pointer); stdcall; external 'TitanEngine.dll' name 'SetCustomHandler'; + procedure ForceClose(); stdcall; external 'TitanEngine.dll' name 'ForceClose'; + procedure StepInto(traceCallBack:Pointer); stdcall; external 'TitanEngine.dll' name 'StepInto'; + procedure StepOver(traceCallBack:Pointer); stdcall; external 'TitanEngine.dll' name 'StepOver'; + procedure SingleStep(StepCount:LongInt; StepCallBack:Pointer); stdcall; external 'TitanEngine.dll' name 'SingleStep'; + function GetUnusedHardwareBreakPointRegister(RegisterIndex:Pointer):boolean; stdcall; external 'TitanEngine.dll' name 'GetUnusedHardwareBreakPointRegister'; + function SetHardwareBreakPointEx(hActiveThread:THandle; bpxAddress,IndexOfRegister,bpxType,bpxSize:LongInt; bpxCallBack,IndexOfSelectedRegister:Pointer):boolean; stdcall; external 'TitanEngine.dll' name 'SetHardwareBreakPointEx'; + function SetHardwareBreakPoint(bpxAddress,IndexOfRegister,bpxType,bpxSize:LongInt; bpxCallBack:Pointer):boolean; stdcall; external 'TitanEngine.dll' name 'SetHardwareBreakPoint'; + function DeleteHardwareBreakPoint(IndexOfRegister:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'DeleteHardwareBreakPoint'; + function RemoveAllBreakPoints(RemoveOption:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'RemoveAllBreakPoints'; + function GetProcessInformation(): Pointer; stdcall; external 'TitanEngine.dll' name 'GetProcessInformation'; + function GetStartupInformation(): Pointer; stdcall; external 'TitanEngine.dll' name 'GetStartupInformation'; + procedure DebugLoop(); stdcall; external 'TitanEngine.dll' name 'DebugLoop'; + procedure SetDebugLoopTimeOut(TimeOut:LongInt); stdcall; external 'TitanEngine.dll' name 'SetDebugLoopTimeOut'; + procedure SetNextDbgContinueStatus(SetDbgCode:LongInt); stdcall; external 'TitanEngine.dll' name 'SetNextDbgContinueStatus'; + function AttachDebugger(ProcessId:LongInt; KillOnExit:Boolean; DebugInfo,CallBack:Pointer): Pointer; stdcall; external 'TitanEngine.dll' name 'AttachDebugger'; + function DetachDebugger(ProcessId:LongInt): Pointer; stdcall; external 'TitanEngine.dll' name 'DetachDebugger'; + function DetachDebuggerEx(ProcessId:LongInt): Pointer; stdcall; external 'TitanEngine.dll' name 'DetachDebuggerEx'; + function DebugLoopEx(TimeOut:LongInt): LongInt; stdcall; external 'TitanEngine.dll' name 'DebugLoopEx'; + procedure AutoDebugEx(szFileName:PAnsiChar; ReserveModuleBase:boolean; szCommandLine,szCurrentFolder:PAnsiChar; TimeOut:LongInt; EntryCallBack:Pointer); stdcall; external 'TitanEngine.dll' name 'AutoDebugEx'; + function IsFileBeingDebugged(): boolean; stdcall; external 'TitanEngine.dll' name 'IsFileBeingDebugged'; + procedure SetErrorModel(DisplayErrorMessages:boolean); stdcall; external 'TitanEngine.dll' name 'SetErrorModel'; +{TitanEngine.Importer.functions} + procedure ImporterCleanup(); stdcall; external 'TitanEngine.dll' name 'ImporterCleanup'; + procedure ImporterSetImageBase(ImageBase:LongInt); stdcall; external 'TitanEngine.dll' name 'ImporterSetImageBase'; + procedure ImporterSetUnknownDelta(DeltaAddress:LongInt); stdcall; external 'TitanEngine.dll' name 'ImporterSetUnknownDelta'; + function ImporterGetCurrentDelta():LongInt; stdcall; external 'TitanEngine.dll' name 'ImporterGetCurrentDelta'; + procedure ImporterInit(MemorySize,ImageBase:LongInt); stdcall; external 'TitanEngine.dll' name 'ImporterInit'; + procedure ImporterAddNewDll(DLLName:PAnsiChar; FirstThunk:LongInt); stdcall; external 'TitanEngine.dll' name 'ImporterAddNewDll'; + procedure ImporterAddNewAPI(APIName:PAnsiChar; FirstThunk:LongInt); stdcall; external 'TitanEngine.dll' name 'ImporterAddNewAPI'; + procedure ImporterAddNewOrdinalAPI(dwAPIName,FirstThunk:LongInt); stdcall; external 'TitanEngine.dll' name 'ImporterAddNewAPI'; + function ImporterGetAddedDllCount(): LongInt; stdcall; external 'TitanEngine.dll' name 'ImporterGetAddedDllCount'; + function ImporterGetAddedAPICount(): LongInt; stdcall; external 'TitanEngine.dll' name 'ImporterGetAddedAPICount'; + function ImporterGetLastAddedDLLName(): PAnsiChar; stdcall; external 'TitanEngine.dll' name 'ImporterGetLastAddedDLLName'; + procedure ImporterMoveIAT(); stdcall; external 'TitanEngine.dll' name 'ImporterMoveIAT'; + function ImporterExportIAT(StorePlace,FileMap:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'ImporterExportIAT'; + function ImporterEstimatedSize(): LongInt; stdcall; external 'TitanEngine.dll' name 'ImporterEstimatedSize'; + function ImporterExportIATEx(szExportFileName,szSectionName:PAnsiChar):boolean; stdcall; external 'TitanEngine.dll' name 'ImporterExportIATEx'; + function ImporterFindAPIWriteLocation(szAPIName:PAnsiChar): LongInt; stdcall; external 'TitanEngine.dll' name 'ImporterFindAPIWriteLocation'; + function ImporterFindOrdinalAPIWriteLocation(OrdinalNumber:LongInt): LongInt; stdcall; external 'TitanEngine.dll' name 'ImporterFindOrdinalAPIWriteLocation'; + function ImporterFindAPIByWriteLocation(APIWriteLocation:PAnsiChar): LongInt; stdcall; external 'TitanEngine.dll' name 'ImporterFindAPIByWriteLocation'; + function ImporterFindDLLByWriteLocation(APIWriteLocation:PAnsiChar): LongInt; stdcall; external 'TitanEngine.dll' name 'ImporterFindDLLByWriteLocation'; + function ImporterGetDLLName(APIAddress:LongInt): PAnsiChar; stdcall; external 'TitanEngine.dll' name 'ImporterGetDLLName'; + function ImporterGetAPIName(APIAddress:LongInt): PAnsiChar; stdcall; external 'TitanEngine.dll' name 'ImporterGetAPIName'; + function ImporterGetAPIOrdinalNumber(APIAddress:LongInt): LongInt; stdcall; external 'TitanEngine.dll' name 'ImporterGetAPIOrdinalNumber'; + function ImporterGetAPINameEx(APIAddress:LongInt; pDLLBases:Pointer): PAnsiChar; stdcall; external 'TitanEngine.dll' name 'ImporterGetAPINameEx'; + function ImporterGetRemoteAPIAddress(hProcess:THandle; APIAddress:LongInt): LongInt; stdcall; external 'TitanEngine.dll' name 'ImporterGetRemoteAPIAddress'; + function ImporterGetRemoteAPIAddressEx(szDLLName,szAPIName:PAnsiChar): LongInt; stdcall; external 'TitanEngine.dll' name 'ImporterGetRemoteAPIAddressEx'; + function ImporterGetLocalAPIAddress(hProcess:THandle; APIAddress:LongInt): LongInt; stdcall; external 'TitanEngine.dll' name 'ImporterGetLocalAPIAddress'; + function ImporterGetDLLNameFromDebugee(hProcess:THandle; APIAddress:LongInt): PAnsiChar; stdcall; external 'TitanEngine.dll' name 'ImporterGetDLLNameFromDebugee'; + function ImporterGetAPINameFromDebugee(hProcess:THandle; APIAddress:LongInt): PAnsiChar; stdcall; external 'TitanEngine.dll' name 'ImporterGetAPINameFromDebugee'; + function ImporterGetAPIOrdinalNumberFromDebugee(hProcess:THandle; APIAddress:LongInt): LongInt; stdcall; external 'TitanEngine.dll' name 'ImporterGetAPIOrdinalNumberFromDebugee'; + function ImporterGetDLLIndexEx(APIAddress:LongInt; pDLLBases:Pointer): LongInt; stdcall; external 'TitanEngine.dll' name 'ImporterGetDLLIndexEx'; + function ImporterGetDLLIndex(hProcess:THandle; APIAddress:LongInt; pDLLBases:Pointer): LongInt; stdcall; external 'TitanEngine.dll' name 'ImporterGetDLLIndex'; + function ImporterGetRemoteDLLBase(hProcess:THandle; LocalModuleBase:LongInt): LongInt; stdcall; external 'TitanEngine.dll' name 'ImporterGetRemoteDLLBase'; + function ImporterRelocateWriteLocation(AddValue:LongInt): boolean; stdcall; external 'TitanEngine.dll' name 'ImporterRelocateWriteLocation'; + function ImporterIsForwardedAPI(hProcess:THandle; APIAddress:LongInt): boolean; stdcall; external 'TitanEngine.dll' name 'ImporterIsForwardedAPI'; + function ImporterGetForwardedAPIName(hProcess:THandle; APIAddress:LongInt): PAnsiChar; stdcall; external 'TitanEngine.dll' name 'ImporterGetForwardedAPIName'; + function ImporterGetForwardedDLLName(hProcess:THandle; APIAddress:LongInt): PAnsiChar; stdcall; external 'TitanEngine.dll' name 'ImporterGetForwardedDLLName'; + function ImporterGetForwardedDLLIndex(hProcess:THandle; APIAddress:LongInt; pDLLBases:Pointer): LongInt; stdcall; external 'TitanEngine.dll' name 'ImporterGetForwardedDLLIndex'; + function ImporterGetForwardedAPIOrdinalNumber(hProcess:THandle; APIAddress:LongInt): LongInt; stdcall; external 'TitanEngine.dll' name 'ImporterGetForwardedAPIOrdinalNumber'; + function ImporterGetNearestAPIAddress(hProcess:THandle; APIAddress:LongInt): LongInt; stdcall; external 'TitanEngine.dll' name 'ImporterGetNearestAPIAddress'; + function ImporterGetNearestAPIName(hProcess:THandle; APIAddress:LongInt): PAnsiChar; stdcall; external 'TitanEngine.dll' name 'ImporterGetNearestAPIName'; + function ImporterCopyOriginalIAT(szOriginalFile,szDumpFile:PAnsiChar): boolean; stdcall; external 'TitanEngine.dll' name 'ImporterCopyOriginalIAT'; + function ImporterLoadImportTable(szFileName:PAnsiChar): boolean; stdcall; external 'TitanEngine.dll' name 'ImporterLoadImportTable'; + function ImporterMoveOriginalIAT(szOriginalFile,szDumpFile,szSectionName:PAnsiChar): boolean; stdcall; external 'TitanEngine.dll' name 'ImporterMoveOriginalIAT'; + procedure ImporterAutoSearchIAT(pFileName:PAnsiChar;ImageBase,SearchStart,SearchSize:LongInt;pIATStart,pIATSize:Pointer); stdcall; external 'TitanEngine.dll' name 'ImporterAutoSearchIAT'; + procedure ImporterAutoSearchIATEx(hProcess:LongInt;ImageBase,SearchStart,SearchSize:LongInt;pIATStart,pIATSize:Pointer); stdcall; external 'TitanEngine.dll' name 'ImporterAutoSearchIATEx'; + procedure ImporterEnumAddedData(EnumCallBack:Pointer); stdcall; external 'TitanEngine.dll' name 'ImporterEnumAddedData'; + function ImporterAutoFixIAT(hProcess:LongInt;pFileName:PAnsiChar;ImageBase,SearchStart,SearchSize,SearchStep:LongInt):LongInt; stdcall; external 'TitanEngine.dll' name 'ImporterAutoFixIAT'; + function ImporterAutoFixIATEx(hProcess:LongInt;pFileName,szSectionName:PAnsiChar;DumpRunningProcess,RealignFile:boolean;EntryPointAddress,ImageBase,SearchStart,SearchSize,SearchStep:LongInt;TryAutoFix,FixEliminations:boolean;UnknownPointerFixCallback:LongInt):LongInt; stdcall; external 'TitanEngine.dll' name 'ImporterAutoFixIATEx'; +{TitanEngine.Hooks.functions} + function HooksSafeTransitionEx(HookAddressArray:Pointer; NumberOfHooks:LongInt; TransitionStart:boolean):boolean; stdcall; external 'TitanEngine.dll' name 'HooksSafeTransitionEx'; + function HooksSafeTransition(HookAddressArray:Pointer; TransitionStart:boolean):boolean; stdcall; external 'TitanEngine.dll' name 'HooksSafeTransition'; + function HooksIsAddressRedirected(HookAddressArray:Pointer):boolean; stdcall; external 'TitanEngine.dll' name 'HooksIsAddressRedirected'; + function HooksGetTrampolineAddress(HookAddressArray:Pointer):Pointer; stdcall; external 'TitanEngine.dll' name 'HooksGetTrampolineAddress'; + function HooksGetHookEntryDetails(HookAddressArray:Pointer):Pointer; stdcall; external 'TitanEngine.dll' name 'HooksGetHookEntryDetails'; + function HooksInsertNewRedirection(HookAddressArray,RedirectTo:Pointer; HookType:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'HooksInsertNewRedirection'; + function HooksInsertNewIATRedirectionEx(FileMapVA,LoadedModuleBase:LongInt; szHookFunction:PAnsiChar; RedirectTo:Pointer):boolean; stdcall; external 'TitanEngine.dll' name 'HooksInsertNewIATRedirectionEx'; + function HooksInsertNewIATRedirection(szModuleName,szHookFunction:PAnsiChar; RedirectTo:Pointer):boolean; stdcall; external 'TitanEngine.dll' name 'HooksInsertNewIATRedirection'; + function HooksRemoveRedirection(HookAddressArray:Pointer; RemoveAll:boolean):boolean; stdcall; external 'TitanEngine.dll' name 'HooksRemoveRedirection'; + function HooksRemoveRedirectionsForModule(ModuleBase:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'HooksRemoveRedirectionsForModule'; + function HooksDisableRedirection(HookAddressArray:Pointer; DisableAll:boolean):boolean; stdcall; external 'TitanEngine.dll' name 'HooksDisableRedirection'; + function HooksDisableRedirectionsForModule(ModuleBase:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'HooksDisableRedirectionsForModule'; + function HooksEnableRedirection(HookAddressArray:Pointer; EnableAll:boolean):boolean; stdcall; external 'TitanEngine.dll' name 'HooksEnableRedirection'; + function HooksEnableRedirectionsForModule(ModuleBase:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'HooksEnableRedirectionsForModule'; + function HooksRemoveIATRedirection(szModuleName,szHookFunction:PAnsiChar; RemoveAll:boolean):boolean; stdcall; external 'TitanEngine.dll' name 'HooksRemoveIATRedirection'; + function HooksDisableIATRedirection(szModuleName,szHookFunction:PAnsiChar; DisableAll:boolean):boolean; stdcall; external 'TitanEngine.dll' name 'HooksDisableIATRedirection'; + function HooksEnableIATRedirection(szModuleName,szHookFunction:PAnsiChar; EnableAll:boolean):boolean; stdcall; external 'TitanEngine.dll' name 'HooksEnableIATRedirection'; + procedure HooksScanModuleMemory(ModuleBase:LongInt; CallBack:Pointer); stdcall; external 'TitanEngine.dll' name 'HooksScanModuleMemory'; + procedure HooksScanEntireProcessMemory(CallBack:Pointer); stdcall; external 'TitanEngine.dll' name 'HooksScanEntireProcessMemory'; + procedure HooksScanEntireProcessMemoryEx(); stdcall; external 'TitanEngine.dll' name 'HooksScanEntireProcessMemoryEx'; +{TitanEngine.Tracer.functions} + procedure TracerInit(); stdcall; external 'TitanEngine.dll' name 'TracerInit'; + function TracerLevel1(hProcess,APIAddress:LongInt):LongInt; stdcall; external 'TitanEngine.dll' name 'TracerLevel1'; + function HashTracerLevel1(hProcess,APIAddress,NumberOfInstructions:LongInt):LongInt; stdcall; external 'TitanEngine.dll' name 'HashTracerLevel1'; + function TracerDetectRedirection(hProcess,APIAddress:LongInt):LongInt; stdcall; external 'TitanEngine.dll' name 'TracerDetectRedirection'; + function TracerFixKnownRedirection(hProcess,APIAddress,RedirectionId:LongInt):LongInt; stdcall; external 'TitanEngine.dll' name 'TracerFixKnownRedirection'; + function TracerFixRedirectionViaImpRecPlugin(hProcess:LongInt;szPluginName:PAnsiChar;APIAddress:LongInt):LongInt; stdcall; external 'TitanEngine.dll' name 'TracerFixRedirectionViaImpRecPlugin'; +{TitanEngine.Exporter.functions} + procedure ExporterCleanup(); stdcall; external 'TitanEngine.dll' name 'ExporterCleanup'; + procedure ExporterSetImageBase(ImageBase:LongInt); stdcall; external 'TitanEngine.dll' name 'ExporterSetImageBase'; + procedure ExporterInit(MemorySize,ImageBase,ExportOrdinalBase:LongInt; szExportModuleName:PAnsiChar); stdcall; external 'TitanEngine.dll' name 'ExporterInit'; + function ExporterAddNewExport(szExportName:PAnsiChar; ExportRelativeAddress:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'ExporterAddNewExport'; + function ExporterAddNewOrdinalExport(OrdinalNumber,ExportRelativeAddress:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'ExporterAddNewOrdinalExport'; + function ExporterGetAddedExportCount():LongInt; stdcall; external 'TitanEngine.dll' name 'ExporterGetAddedExportCount'; + function ExporterEstimatedSize():LongInt; stdcall; external 'TitanEngine.dll' name 'ExporterEstimatedSize'; + function ExporterBuildExportTable(StorePlace,FileMapVA:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'ExporterBuildExportTable'; + function ExporterBuildExportTableEx(szExportFileName,szSectionName:PAnsiChar):boolean; stdcall; external 'TitanEngine.dll' name 'ExporterBuildExportTableEx'; + function ExporterLoadExportTable(szFileName:PAnsiChar):boolean; stdcall; external 'TitanEngine.dll' name 'ExporterLoadExportTable'; +{TitanEngine.Librarian.functions} + function LibrarianSetBreakPoint(szLibraryName:PAnsiChar; bpxType:LongInt; SingleShoot:boolean; bpxCallBack:Pointer):boolean; stdcall; external 'TitanEngine.dll' name 'LibrarianSetBreakPoint'; + function LibrarianRemoveBreakPoint(szLibraryName:PAnsiChar; bpxType:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'LibrarianRemoveBreakPoint'; + function LibrarianGetLibraryInfo(szLibraryName:PAnsiChar):Pointer; stdcall; external 'TitanEngine.dll' name 'LibrarianGetLibraryInfo'; + function LibrarianGetLibraryInfoEx(BaseOfDll:Pointer):Pointer; stdcall; external 'TitanEngine.dll' name 'LibrarianGetLibraryInfoEx'; + procedure LibrarianEnumLibraryInfo(BaseOfDll:Pointer); stdcall; external 'TitanEngine.dll' name 'LibrarianEnumLibraryInfo'; +{TitanEngine.Process.functions} + function GetActiveProcessId(szImageName:PAnsiChar):LongInt; stdcall; external 'TitanEngine.dll' name 'GetActiveProcessId'; + function EnumProcessesWithLibrary(szLibraryName:PAnsiChar; EnumFunction:Pointer):LongInt; stdcall; external 'TitanEngine.dll' name 'EnumProcessesWithLibrary'; +{TitanEngine.TLSFixer.functions} + function TLSBreakOnCallBack(ArrayOfCallBacks:Pointer; NumberOfCallBacks:LongInt; bpxCallBack:Pointer):boolean; stdcall; external 'TitanEngine.dll' name 'TLSBreakOnCallBack'; + function TLSGrabCallBackData(szFileName:PAnsiChar; ArrayOfCallBacks,NumberOfCallBacks:Pointer):boolean; stdcall; external 'TitanEngine.dll' name 'TLSGrabCallBackData'; + function TLSBreakOnCallBackEx(szFileName:PAnsiChar; bpxCallBack:Pointer):boolean; stdcall; external 'TitanEngine.dll' name 'TLSBreakOnCallBackEx'; + function TLSRemoveCallback(szFileName:PAnsiChar):boolean; stdcall; external 'TitanEngine.dll' name 'TLSRemoveCallback'; + function TLSRemoveTable(szFileName:PAnsiChar):boolean; stdcall; external 'TitanEngine.dll' name 'TLSRemoveTable'; + function TLSBackupData(szFileName:PAnsiChar):boolean; stdcall; external 'TitanEngine.dll' name 'TLSBackupData'; + function TLSRestoreData():boolean; stdcall; external 'TitanEngine.dll' name 'TLSRestoreData'; + function TLSBuildNewTable(FileMapVA,StorePlace,StorePlaceRVA:LongInt; ArrayOfCallBacks:Pointer; NumberOfCallBacks:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'TLSBuildNewTable'; + function TLSBuildNewTableEx(szFileName,szSectionName:PAnsiChar; ArrayOfCallBacks:Pointer; NumberOfCallBacks:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'TLSBuildNewTableEx'; +{TitanEngine.TranslateName.functions} + function TranslateNativeName(szNativeName:PAnsiChar):PAnsiChar; stdcall; external 'TitanEngine.dll' name 'TranslateNativeName'; +{TitanEngine.Handler.functions} + function HandlerGetActiveHandleCount(ProcessId:LongInt):LongInt; stdcall; external 'TitanEngine.dll' name 'HandlerGetActiveHandleCount'; + function HandlerIsHandleOpen(ProcessId:LongInt; hHandle:THandle):boolean; stdcall; external 'TitanEngine.dll' name 'HandlerIsHandleOpen'; + function HandlerGetHandleName(hProcess:THandle; ProcessId:LongInt; hHandle:THandle; TranslateName:boolean):PAnsiChar; stdcall; external 'TitanEngine.dll' name 'HandlerGetHandleName'; + function HandlerEnumerateOpenHandles(ProcessId:LongInt; HandleBuffer:Pointer; MaxHandleCount:LongInt):LongInt; stdcall; external 'TitanEngine.dll' name 'HandlerEnumerateOpenHandles'; + function HandlerGetHandleDetails(hProcess:THandle; ProcessId:LongInt; hHandle:THandle; InformationReturn:LongInt):LongInt; stdcall; external 'TitanEngine.dll' name 'HandlerGetHandleDetails'; + function HandlerCloseRemoteHandle(ProcessId:LongInt; hHandle:THandle):boolean; stdcall; external 'TitanEngine.dll' name 'HandlerCloseRemoteHandle'; + function HandlerEnumerateLockHandles(szFileOrFolderName:PAnsiChar; NameIsFolder,NameIsTranslated:boolean; HandleDataBuffer:Pointer; MaxHandleCount:LongInt):LongInt; stdcall; external 'TitanEngine.dll' name 'HandlerEnumerateLockHandles'; + function HandlerCloseAllLockHandles(szFileOrFolderName:PAnsiChar; NameIsFolder,NameIsTranslated:boolean):boolean; stdcall; external 'TitanEngine.dll' name 'HandlerCloseAllLockHandles'; + function HandlerIsFileLocked(szFileOrFolderName:PAnsiChar; NameIsFolder,NameIsTranslated:boolean):boolean; stdcall; external 'TitanEngine.dll' name 'HandlerIsFileLocked'; + function HandlerEnumerateOpenMutexes(hProcess:THandle; ProcessId:LongInt; HandleBuffer:Pointer; MaxHandleCount:LongInt):LongInt; stdcall; external 'TitanEngine.dll' name 'HandlerEnumerateOpenMutexes'; + function HandlerGetOpenMutexHandle(hProcess:THandle; ProcessId:LongInt; szMutexString:PAnsiChar):LongInt; stdcall; external 'TitanEngine.dll' name 'HandlerGetOpenMutexHandle'; + function HandlerGetProcessIdWhichCreatedMutex(szMutexString:PAnsiChar):LongInt; stdcall; external 'TitanEngine.dll' name 'HandlerGetProcessIdWhichCreatedMutex'; +{TitanEngine.Injector.functions} + function RemoteLoadLibrary(hProcess:THandle; szLibraryFile:PAnsiChar; WaitForThreadExit:boolean):boolean; stdcall; external 'TitanEngine.dll' name 'RemoteLoadLibrary'; + function RemoteFreeLibrary(hProcess:THandle; hModule:LongInt; szLibraryFile:PAnsiChar; WaitForThreadExit:boolean):boolean; stdcall; external 'TitanEngine.dll' name 'RemoteFreeLibrary'; + function RemoteExitProcess(hProcess:THandle; ExitCode:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'RemoteExitProcess'; +{TitanEngine.StaticUnpacker.functions} + function StaticFileLoad(szFileName:PAnsiChar; DesiredAccess:LongInt; SimulateLoad:boolean; FileHandle,LoadedSize,FileMap,FileMapVA:Pointer):boolean; stdcall; external 'TitanEngine.dll' name 'StaticFileLoad'; + function StaticFileUnload(szFileName:PAnsiChar; CommitChanges:boolean; FileHandle,LoadedSize,FileMap,FileMapVA:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'StaticFileUnload'; + function StaticFileOpen(szFileName:PAnsiChar; DesiredAccess:LongInt; FileHandle,FileSizeLow,FileSizeHigh:Pointer):boolean; stdcall; external 'TitanEngine.dll' name 'StaticFileOpen'; + function StaticFileGetContent(FileHandle:THandle; FilePositionLow:LongInt; FilePositionHigh,Buffer:Pointer; Size:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'StaticFileGetContent'; + procedure StaticFileClose(FileHandle:THandle); stdcall; external 'TitanEngine.dll' name 'StaticFileClose'; + procedure StaticMemoryDecrypt(MemoryStart,MemorySize,DecryptionType,DecryptionKeySize,DecryptionKey:LongInt); stdcall; external 'TitanEngine.dll' name 'StaticMemoryDecrypt'; + procedure StaticMemoryDecryptEx(MemoryStart,MemorySize,DecryptionKeySize:LongInt; DecryptionCallBack:Pointer); stdcall; external 'TitanEngine.dll' name 'StaticMemoryDecryptEx'; + procedure StaticMemoryDecryptSpecial(MemoryStart,MemorySize,DecryptionKeySize,SpecDecryptionType:LongInt; DecryptionCallBack:Pointer); stdcall; external 'TitanEngine.dll' name 'StaticMemoryDecryptSpecial'; + procedure StaticSectionDecrypt(FileMapVA,SectionNumber:LongInt; SimulateLoad:boolean; DecryptionType,DecryptionKeySize,DecryptionKey:LongInt); stdcall; external 'TitanEngine.dll' name 'StaticSectionDecrypt'; + function StaticMemoryDecompress(Source,SourceSize,Destination,DestinationSize,Algorithm:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'StaticMemoryDecompress'; + function StaticRawMemoryCopy(hFile:THandle; FileMapVA,VitualAddressToCopy,Size:LongInt; AddressIsRVA:boolean; szDumpFileName:PAnsiChar):boolean; stdcall; external 'TitanEngine.dll' name 'StaticRawMemoryCopy'; + function StaticHashMemory(MemoryToHash:Pointer; SizeOfMemory:LongInt; HashDigest:Pointer; OutputString:boolean; Algorithm:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'StaticHashMemory'; + function StaticHashFile(szFileName,HashDigest:PAnsiChar; OutputString:boolean; Algorithm:LongInt):boolean; stdcall; external 'TitanEngine.dll' name 'StaticHashFile'; +{TitanEngine.Engine.functions} + procedure SetEngineVariable(VariableId:LongInt; VariableSet:boolean); stdcall; external 'TitanEngine.dll' name 'SetEngineVariable'; + function EngineCreateMissingDependencies(szFileName,szOutputFolder:PAnsiChar; LogCreatedFiles:boolean):boolean; stdcall; external 'TitanEngine.dll' name 'EngineCreateMissingDependencies'; + function EngineFakeMissingDependencies(hProcess:THandle):boolean; stdcall; external 'TitanEngine.dll' name 'EngineCreateMissingDependencies'; + function EngineDeleteCreatedDependencies():boolean; stdcall; external 'TitanEngine.dll' name 'EngineDeleteCreatedDependencies'; + function EngineCreateUnpackerWindow(WindowUnpackerTitle,WindowUnpackerLongTitleWindowUnpackerName,WindowUnpackerAuthor:PChar; StartUnpackingCallBack:Pointer):boolean; stdcall; external 'TitanEngine.dll' name 'EngineCreateUnpackerWindow'; + procedure EngineAddUnpackerWindowLogMessage(szLogMessage:PChar); stdcall; external 'TitanEngine.dll' name 'EngineAddUnpackerWindowLogMessage'; +{TitanEngine.Extension.functions} + function ExtensionManagerIsPluginLoaded(szPluginName:PAnsiChar):boolean; stdcall; external 'TitanEngine.dll' name 'ExtensionManagerIsPluginLoaded'; + function ExtensionManagerIsPluginEnabled(szPluginName:PAnsiChar):boolean; stdcall; external 'TitanEngine.dll' name 'ExtensionManagerIsPluginEnabled'; + function ExtensionManagerDisableAllPlugins():boolean; stdcall; external 'TitanEngine.dll' name 'ExtensionManagerDisableAllPlugins'; + function ExtensionManagerDisablePlugin(szPluginName:PAnsiChar):boolean; stdcall; external 'TitanEngine.dll' name 'ExtensionManagerDisablePlugin'; + function ExtensionManagerEnableAllPlugins():boolean; stdcall; external 'TitanEngine.dll' name 'ExtensionManagerEnableAllPlugins'; + function ExtensionManagerEnablePlugin(szPluginName:PAnsiChar):boolean; stdcall; external 'TitanEngine.dll' name 'ExtensionManagerEnablePlugin'; + function ExtensionManagerUnloadAllPlugins():boolean; stdcall; external 'TitanEngine.dll' name 'ExtensionManagerUnloadAllPlugins'; + function ExtensionManagerUnloadPlugin(szPluginName:PAnsiChar):boolean; stdcall; external 'TitanEngine.dll' name 'ExtensionManagerUnloadPlugin'; + function ExtensionManagerGetPluginInfo(szPluginName:PAnsiChar):Pointer; stdcall; external 'TitanEngine.dll' name 'ExtensionManagerGetPluginInfo'; + +implementation + +end. diff --git a/SDK/LUA/TitanEngine.lua b/SDK/LUA/TitanEngine.lua new file mode 100644 index 0000000..9873d14 --- /dev/null +++ b/SDK/LUA/TitanEngine.lua @@ -0,0 +1,1486 @@ +require 'alien' +local TitanEngine = alien.load 'TitanEngine.dll' +local SystemKernel = alien.load 'kernel32.dll' + +-- +-- +-- TitanEngine 2.0.3 LUA SDK / www.reversinglabs.com +-- +-- + +-- Windows.Constants: + +MAX_PATH = 260 + +-- Global.Constant.Structure.Declaration: +-- Engine.External: +UE_ACCESS_READ = 0 +UE_ACCESS_WRITE = 1 +UE_ACCESS_ALL = 2 + +UE_HIDE_BASIC = 1 + +UE_PLUGIN_CALL_REASON_PREDEBUG = 1 +UE_PLUGIN_CALL_REASON_EXCEPTION = 2 +UE_PLUGIN_CALL_REASON_POSTDEBUG = 3 + +TEE_HOOK_NRM_JUMP = 1 +TEE_HOOK_NRM_CALL = 3 +TEE_HOOK_IAT = 5 + +UE_ENGINE_ALOW_MODULE_LOADING = 1 +UE_ENGINE_AUTOFIX_FORWARDERS = 2 +UE_ENGINE_PASS_ALL_EXCEPTIONS = 3 +UE_ENGINE_NO_CONSOLE_WINDOW = 4 +UE_ENGINE_BACKUP_FOR_CRITICAL_FUNCTIONS = 5 +UE_ENGINE_CALL_PLUGIN_CALLBACK = 6 +UE_ENGINE_RESET_CUSTOM_HANDLER = 7 +UE_ENGINE_CALL_PLUGIN_DEBUG_CALLBACK = 8 + +UE_OPTION_REMOVEALL = 1 +UE_OPTION_DISABLEALL = 2 +UE_OPTION_REMOVEALLDISABLED = 3 +UE_OPTION_REMOVEALLENABLED = 4 + +UE_STATIC_DECRYPTOR_XOR = 1 +UE_STATIC_DECRYPTOR_SUB = 2 +UE_STATIC_DECRYPTOR_ADD = 3 + +UE_STATIC_DECRYPTOR_FOREWARD = 1 +UE_STATIC_DECRYPTOR_BACKWARD = 2 + +UE_STATIC_KEY_SIZE_1 = 1 +UE_STATIC_KEY_SIZE_2 = 2 +UE_STATIC_KEY_SIZE_4 = 4 +UE_STATIC_KEY_SIZE_8 = 8 + +UE_STATIC_APLIB = 1 +UE_STATIC_APLIB_DEPACK = 2 +UE_STATIC_LZMA = 3 + +UE_STATIC_HASH_MD5 = 1 +UE_STATIC_HASH_SHA1 = 2 +UE_STATIC_HASH_CRC32 = 3 + +UE_RESOURCE_LANGUAGE_ANY = -1 + +UE_PE_OFFSET = 0 +UE_IMAGEBASE = 1 +UE_OEP = 2 +UE_SIZEOFIMAGE = 3 +UE_SIZEOFHEADERS = 4 +UE_SIZEOFOPTIONALHEADER = 5 +UE_SECTIONALIGNMENT = 6 +UE_IMPORTTABLEADDRESS = 7 +UE_IMPORTTABLESIZE = 8 +UE_RESOURCETABLEADDRESS = 9 +UE_RESOURCETABLESIZE = 10 +UE_EXPORTTABLEADDRESS = 11 +UE_EXPORTTABLESIZE = 12 +UE_TLSTABLEADDRESS = 13 +UE_TLSTABLESIZE = 14 +UE_RELOCATIONTABLEADDRESS = 15 +UE_RELOCATIONTABLESIZE = 16 +UE_TIMEDATESTAMP = 17 +UE_SECTIONNUMBER = 18 +UE_CHECKSUM = 19 +UE_SUBSYSTEM = 20 +UE_CHARACTERISTICS = 21 +UE_NUMBEROFRVAANDSIZES = 22 +UE_SECTIONNAME = 23 +UE_SECTIONVIRTUALOFFSET = 24 +UE_SECTIONVIRTUALSIZE = 25 +UE_SECTIONRAWOFFSET = 26 +UE_SECTIONRAWSIZE = 27 +UE_SECTIONFLAGS = 28 + +UE_CH_BREAKPOINT = 1 +UE_CH_SINGLESTEP = 2 +UE_CH_ACCESSVIOLATION = 3 +UE_CH_ILLEGALINSTRUCTION = 4 +UE_CH_NONCONTINUABLEEXCEPTION = 5 +UE_CH_ARRAYBOUNDSEXCEPTION = 6 +UE_CH_FLOATDENORMALOPERAND = 7 +UE_CH_FLOATDEVIDEBYZERO = 8 +UE_CH_INTEGERDEVIDEBYZERO = 9 +UE_CH_INTEGEROVERFLOW = 10 +UE_CH_PRIVILEGEDINSTRUCTION = 11 +UE_CH_PAGEGUARD = 12 +UE_CH_EVERYTHINGELSE = 13 +UE_CH_CREATETHREAD = 14 +UE_CH_EXITTHREAD = 15 +UE_CH_CREATEPROCESS = 16 +UE_CH_EXITPROCESS = 17 +UE_CH_LOADDLL = 18 +UE_CH_UNLOADDLL = 19 +UE_CH_OUTPUTDEBUGSTRING = 20 +UE_CH_AFTEREXCEPTIONPROCESSING = 21 +UE_CH_ALLEVENTS = 22 + +UE_OPTION_HANDLER_RETURN_HANDLECOUNT = 1 +UE_OPTION_HANDLER_RETURN_ACCESS = 2 +UE_OPTION_HANDLER_RETURN_FLAGS = 3 +UE_OPTION_HANDLER_RETURN_TYPENAME = 4 + +UE_BREAKPOINT_INT3 = 1 +UE_BREAKPOINT_LONG_INT3 = 2 +UE_BREAKPOINT_UD2 = 3 + +UE_BPXREMOVED = 0 +UE_BPXACTIVE = 1 +UE_BPXINACTIVE = 2 + +UE_BREAKPOINT = 0 +UE_SINGLESHOOT = 1 +UE_HARDWARE = 2 +UE_MEMORY = 3 +UE_MEMORY_READ = 4 +UE_MEMORY_WRITE = 5 +UE_BREAKPOINT_TYPE_INT3 = 0x10000000 +UE_BREAKPOINT_TYPE_LONG_INT3 = 0x20000000 +UE_BREAKPOINT_TYPE_UD2 = 0x30000000 + +UE_HARDWARE_EXECUTE = 4 +UE_HARDWARE_WRITE = 5 +UE_HARDWARE_READWRITE = 6 + +UE_HARDWARE_SIZE_1 = 7 +UE_HARDWARE_SIZE_2 = 8 +UE_HARDWARE_SIZE_4 = 9 + +UE_ON_LIB_LOAD = 1 +UE_ON_LIB_UNLOAD = 2 +UE_ON_LIB_ALL = 3 + +UE_APISTART = 0 +UE_APIEND = 1 + +UE_PLATFORM_x86 = 1 +UE_PLATFORM_x64 = 2 +UE_PLATFORM_ALL = 3 + +UE_FUNCTION_STDCALL = 1 +UE_FUNCTION_CCALL = 2 +UE_FUNCTION_FASTCALL = 3 +UE_FUNCTION_STDCALL_RET = 4 +UE_FUNCTION_CCALL_RET = 5 +UE_FUNCTION_FASTCALL_RET = 6 +UE_FUNCTION_STDCALL_CALL = 7 +UE_FUNCTION_CCALL_CALL = 8 +UE_FUNCTION_FASTCALL_CALL = 9 +UE_PARAMETER_BYTE = 0 +UE_PARAMETER_WORD = 1 +UE_PARAMETER_DWORD = 2 +UE_PARAMETER_QWORD = 3 +UE_PARAMETER_PTR_BYTE = 4 +UE_PARAMETER_PTR_WORD = 5 +UE_PARAMETER_PTR_DWORD = 6 +UE_PARAMETER_PTR_QWORD = 7 +UE_PARAMETER_STRING = 8 +UE_PARAMETER_UNICODE = 9 + +UE_CMP_NOCONDITION = 0 +UE_CMP_EQUAL = 1 +UE_CMP_NOTEQUAL = 2 +UE_CMP_GREATER = 3 +UE_CMP_GREATEROREQUAL = 4 +UE_CMP_LOWER = 5 +UE_CMP_LOWEROREQUAL = 6 +UE_CMP_REG_EQUAL = 7 +UE_CMP_REG_NOTEQUAL = 8 +UE_CMP_REG_GREATER = 9 +UE_CMP_REG_GREATEROREQUAL = 10 +UE_CMP_REG_LOWER = 11 +UE_CMP_REG_LOWEROREQUAL = 12 +UE_CMP_ALWAYSFALSE = 13 + +UE_EAX = 1 +UE_EBX = 2 +UE_ECX = 3 +UE_EDX = 4 +UE_EDI = 5 +UE_ESI = 6 +UE_EBP = 7 +UE_ESP = 8 +UE_EIP = 9 +UE_EFLAGS = 10 +UE_DR0 = 11 +UE_DR1 = 12 +UE_DR2 = 13 +UE_DR3 = 14 +UE_DR6 = 15 +UE_DR7 = 16 +UE_RAX = 17 +UE_RBX = 18 +UE_RCX = 19 +UE_RDX = 20 +UE_RDI = 21 +UE_RSI = 22 +UE_RBP = 23 +UE_RSP = 24 +UE_RIP = 25 +UE_RFLAGS = 26 +UE_R8 = 27 +UE_R9 = 28 +UE_R10 = 29 +UE_R11 = 30 +UE_R12 = 31 +UE_R13 = 32 +UE_R14 = 33 +UE_R15 = 34 +UE_CIP = 35 +UE_CSP = 36 +UE_SEG_GS = 37 +UE_SEG_FS = 38 +UE_SEG_ES = 39 +UE_SEG_DS = 40 +UE_SEG_CS = 41 +UE_SEG_SS = 42 + +PE32Struct = alien.defstruct{ + { "PE32Offset", "long" }, + { "ImageBase", "long" }, + { "OriginalEntryPoint", "long" }, + { "NtSizeOfImage", "long" }, + { "NtSizeOfHeaders", "long" }, + { "SizeOfOptionalHeaders", "short" }, + { "FileAlignment", "long" }, + { "SectionAligment", "long" }, + { "ImportTableAddress", "long" }, + { "ImportTableSize", "long" }, + { "ResourceTableAddress", "long" }, + { "ResourceTableSize", "long" }, + { "ExportTableAddress", "long" }, + { "ExportTableSize", "long" }, + { "TLSTableAddress", "long" }, + { "TLSTableSize", "long" }, + { "RelocationTableAddress", "long" }, + { "RelocationTableSize", "long" }, + { "TimeDateStamp", "long" }, + { "SectionNumber", "short" }, + { "CheckSum", "long" }, + { "SubSystem", "short" }, + { "Characteristics", "short" }, + { "NumberOfRvaAndSizes", "long" } +} + +ImportEnumData = alien.defstruct{ + { "NewDll", "byte"}, + { "NumberOfImports", "long"}, + { "ImageBase", "long"}, + { "BaseImportThunk", "long"}, + { "ImportThunk", "long"}, + { "APIName", "string"}, + { "DLLName", "string"} +} + +THREAD_ITEM_DATA = alien.defstruct{ + { "hThread", "long" }, + { "dwThreadId", "long" }, + { "ThreadStartAddress", "long" }, + { "ThreadLocalBase", "long" } +} + +LIBRARY_ITEM_DATA = alien.defstruct{ + { "hFile", "long" }, + { "BaseOfDll", "long" }, + { "hFileMapping", "long" }, + { "hFileMappingView", "long" }, + { "additionalFields", "char" } +} +LIBRARY_ITEM_DATA.size = LIBRARY_ITEM_DATA.size + 2 * MAX_PATH - 1 + +-- Auxiliary LUA functions +function LibraryItemData_GetLibraryPath(lid) + local out = {} + local offset = lid.offsets.additionalFields + local buf = lf() + for i = offset, offset+MAX_PATH-1 do + local c = buf:get(i, "char") + if c ~= 0 then + out[#out+1] = string.char(c) + else + break + end + end + return table.concat(out) +end + +function LibraryItemData_GetLibraryName(lid) + local out = {} + local offset = lid.offsets.additionalFields + MAX_PATH + local buf = lf() + for i = offset, offset+MAX_PATH-1 do + local c = buf:get(i, "char") + if c ~= 0 then + out[#out+1] = string.char(c) + else + break + end + end + return table.concat(out) +end +-- Auxiliary LUA functions + +PROCESS_ITEM_DATA = alien.defstruct{ + { "hProcess", "long" }, + { "dwProcessId", "long" }, + { "hThread", "long" }, + { "dwThreadId", "long" }, + { "hFile", "long" }, + { "BaseOfImage", "long" }, + { "ThreadStartAddress", "long" }, + { "ThreadLocalBase", "long" } +} + +HandlerArray = alien.defstruct{ + { "ProcessId", "long" }, + { "hHandle", "long" } +} + +PluginInformation = alien.defstruct{ + { "PluginName", "byte" }, + { "PluginMajorVersion", "long" }, + { "PluginMinorVersion", "long" }, + { "PluginBaseAddress", "long" }, + { "TitanDebuggingCallBack", "long" }, + { "TitanRegisterPlugin", "long" }, + { "TitanReleasePlugin", "long" }, + { "TitanResetPlugin", "long" }, + { "PluginDisabled", "byte" } +} + +TEE_MAXIMUM_HOOK_SIZE = 14 +TEE_MAXIMUM_HOOK_RELOCS = 7 + +UE_DEPTH_SURFACE = 0 +UE_DEPTH_DEEP = 1 + +UE_UNPACKER_CONDITION_SEARCH_FROM_EP = 1 + +UE_UNPACKER_CONDITION_LOADLIBRARY = 1 +UE_UNPACKER_CONDITION_GETPROCADDRESS = 2 +UE_UNPACKER_CONDITION_ENTRYPOINTBREAK = 3 +UE_UNPACKER_CONDITION_RELOCSNAPSHOT1 = 4 +UE_UNPACKER_CONDITION_RELOCSNAPSHOT2 = 5 + +UE_FIELD_OK = 0 +UE_FIELD_BROKEN_NON_FIXABLE = 1 +UE_FIELD_BROKEN_NON_CRITICAL = 2 +UE_FIELD_BROKEN_FIXABLE_FOR_STATIC_USE = 3 +UE_FIELD_BROKEN_BUT_CAN_BE_EMULATED = 4 +UE_FILED_FIXABLE_NON_CRITICAL = 5 +UE_FILED_FIXABLE_CRITICAL = 6 +UE_FIELD_NOT_PRESET = 7 +UE_FIELD_NOT_PRESET_WARNING = 8 + +UE_RESULT_FILE_OK = 10 +UE_RESULT_FILE_INVALID_BUT_FIXABLE = 11 +UE_RESULT_FILE_INVALID_AND_NON_FIXABLE = 12 +UE_RESULT_FILE_INVALID_FORMAT = 13 + +FILE_STATUS_INFO = alien.defstruct{ + { "OveralEvaluation", "byte" }, + { "EvaluationTerminatedByException", "byte" }, + { "FileIs64Bit", "byte" }, + { "FileIsDLL", "byte" }, + { "FileIsConsole", "byte" }, + { "MissingDependencies", "byte" }, + { "MissingDeclaredAPIs", "byte" }, + { "SignatureMZ", "byte" }, + { "SignaturePE", "byte" }, + { "EntryPoint", "byte" }, + { "ImageBase", "byte" }, + { "SizeOfImage", "byte" }, + { "FileAlignment", "byte" }, + { "SectionAlignment", "byte" }, + { "ExportTable", "byte" }, + { "RelocationTable", "byte" }, + { "ImportTable", "byte" }, + { "ImportTableSection", "byte" }, + { "ImportTableData", "byte" }, + { "IATTable", "byte" }, + { "TLSTable", "byte" }, + { "LoadConfigTable", "byte" }, + { "BoundImportTable", "byte" }, + { "COMHeaderTable", "byte" }, + { "ResourceTable", "byte" }, + { "ResourceData", "byte" }, + { "SectionTable", "byte" } +} + +FILE_FIX_INFO = alien.defstruct{ + { "OveralEvaluation", "byte" }, + { "FixingTerminatedByException", "byte" }, + { "FileFixPerformed", "byte" }, + { "StrippedRelocation", "byte" }, + { "DontFixRelocations", "byte" }, + { "OriginalRelocationTableAddress", "long" }, + { "OriginalRelocationTableSize", "long" }, + { "StrippedExports", "byte" }, + { "DontFixExports", "byte" }, + { "OriginalExportTableAddress", "long" }, + { "OriginalExportTableSize", "long" }, + { "StrippedResources", "byte" }, + { "DontFixResources", "byte" }, + { "OriginalResourceTableAddress", "long" }, + { "OriginalResourceTableSize", "long" }, + { "StrippedTLS", "byte" }, + { "DontFixTLS", "byte" }, + { "OriginalTLSTableAddress", "long" }, + { "OriginalTLSTableSize", "long" }, + { "StrippedLoadConfig", "byte" }, + { "DontFixLoadConfig", "byte" }, + { "OriginalLoadConfigTableAddress", "long" }, + { "OriginalLoadConfigTableSize", "long" }, + { "StrippedBoundImports", "byte" }, + { "DontFixBoundImports", "byte" }, + { "OriginalBoundImportTableAddress", "long" }, + { "OriginalBoundImportTableSize", "long" }, + { "StrippedIAT", "byte" }, + { "DontFixIAT", "byte" }, + { "OriginalImportAddressTableAddress", "long" }, + { "OriginalImportAddressTableSize", "long" }, + { "StrippedCOM", "byte" }, + { "DontFixCOM", "byte" }, + { "OriginalCOMTableAddress", "long" }, + { "OriginalCOMTableSize", "long" } +} + +-- Global.UtilFunction.Declaration: + SystemKernel.CopyFileA:types {"string","string","long",abi="stdcall",ret="byte"} + TE_CopyFileA = SystemKernel.CopyFileA + SystemKernel.DeleteFileA:types {"string",abi="stdcall",ret="byte"} + TE_DeleteFileA = SystemKernel.DeleteFileA + SystemKernel.RtlMoveMemory:types {"pointer","pointer","long",abi="stdcall"} + TE_RtlMoveMemory = SystemKernel.RtlMoveMemory + SystemKernel.RtlZeroMemory:types {"pointer","long",abi="stdcall"} + TE_RtlZeroMemory = SystemKernel.RtlZeroMemory + SystemKernel.FreeLibrary:types {"long",abi="stdcall",ret="byte"} + TE_FreeLibrary = SystemKernel.FreeLibrary + +-- Global.UtilStructure.Declaration: +PROCESS_INFORMATION = alien.defstruct{ + { "hProcess", "long" }, + { "hThread", "long" }, + { "dwProcessId", "long" }, + { "dwThreadId", "long" } +} + +-- Global.UtilVariable.Declaration: + TE_TRUE = 1 + TE_FALSE = 0 + +-- Global.Function.Declaration: +-- +-- TitanEngine.Dumper.functions: +-- +-- __declspec(dllexport) bool __stdcall DumpProcess(HANDLE hProcess, LPVOID ImageBase, char* szDumpFileName, ULONG_PTR EntryPoint); + TitanEngine.DumpProcess:types {"long","long","string","long",abi="stdcall",ret="byte"} + TE_DumpProcess = TitanEngine.DumpProcess +-- __declspec(dllexport) bool __stdcall DumpProcessEx(DWORD ProcessId, LPVOID ImageBase, char* szDumpFileName, ULONG_PTR EntryPoint); + TitanEngine.DumpProcessEx:types {"long","long","string","long",abi="stdcall",ret="byte"} + TE_DumpProcessEx = TitanEngine.DumpProcessEx +-- __declspec(dllexport) bool __stdcall DumpMemory(HANDLE hProcess, LPVOID MemoryStart, ULONG_PTR MemorySize, char* szDumpFileName); + TitanEngine.DumpMemory:types {"long","long","long","string",abi="stdcall",ret="byte"} + TE_DumpMemory = TitanEngine.DumpMemory +-- __declspec(dllexport) bool __stdcall DumpMemoryEx(DWORD ProcessId, LPVOID MemoryStart, ULONG_PTR MemorySize, char* szDumpFileName); + TitanEngine.DumpMemoryEx:types {"long","long","long","string",abi="stdcall",ret="byte"} + TE_DumpMemoryEx = TitanEngine.DumpMemoryEx +-- __declspec(dllexport) bool __stdcall DumpRegions(HANDLE hProcess, char* szDumpFolder, bool DumpAboveImageBaseOnly); + TitanEngine.DumpRegions:types {"long","string","long",abi="stdcall",ret="byte"} + TE_DumpRegions = TitanEngine.DumpRegions +-- __declspec(dllexport) bool __stdcall DumpRegionsEx(DWORD ProcessId, char* szDumpFolder, bool DumpAboveImageBaseOnly); + TitanEngine.DumpRegionsEx:types {"long","string","long",abi="stdcall",ret="byte"} + TE_DumpRegionsEx = TitanEngine.DumpRegionsEx +-- __declspec(dllexport) bool __stdcall DumpModule(HANDLE hProcess, LPVOID ModuleBase, char* szDumpFileName); + TitanEngine.DumpModule:types {"long","long","string",abi="stdcall",ret="byte"} + TE_DumpModule = TitanEngine.DumpModule +-- __declspec(dllexport) bool __stdcall DumpModuleEx(DWORD ProcessId, LPVOID ModuleBase, char* szDumpFileName); + TitanEngine.DumpModuleEx:types {"long","long","string",abi="stdcall",ret="byte"} + TE_DumpModuleEx = TitanEngine.DumpModuleEx +-- __declspec(dllexport) bool __stdcall PastePEHeader(HANDLE hProcess, LPVOID ImageBase, char* szDebuggedFileName); + TitanEngine.PastePEHeader:types {"long","long","string",abi="stdcall",ret="byte"} + TE_PastePEHeader = TitanEngine.PastePEHeader +-- __declspec(dllexport) bool __stdcall ExtractSection(char* szFileName, char* szDumpFileName, DWORD SectionNumber); + TitanEngine.ExtractSection:types {"string","string","long",abi="stdcall",ret="byte"} + TE_ExtractSection = TitanEngine.ExtractSection +-- __declspec(dllexport) bool __stdcall ResortFileSections(char* szFileName); + TitanEngine.ResortFileSections:types {"string",abi="stdcall",ret="byte"} + TE_ResortFileSections = TitanEngine.ResortFileSections +-- __declspec(dllexport) bool __stdcall FindOverlay(char* szFileName, LPDWORD OverlayStart, LPDWORD OverlaySize); + TitanEngine.FindOverlay:types {"string","pointer","pointer",abi="stdcall",ret="byte"} + TE_FindOverlay = TitanEngine.FindOverlay +-- __declspec(dllexport) bool __stdcall ExtractOverlay(char* szFileName, char* szExtactedFileName); + TitanEngine.ExtractOverlay:types {"string","string",abi="stdcall",ret="byte"} + TE_ExtractOverlay = TitanEngine.ExtractOverlay +-- __declspec(dllexport) bool __stdcall AddOverlay(char* szFileName, char* szOverlayFileName); + TitanEngine.AddOverlay:types {"string","string",abi="stdcall",ret="byte"} + TE_AddOverlay = TitanEngine.AddOverlay +-- __declspec(dllexport) bool __stdcall CopyOverlay(char* szInFileName, char* szOutFileName); + TitanEngine.CopyOverlay:types {"string","string",abi="stdcall",ret="byte"} + TE_CopyOverlay = TitanEngine.CopyOverlay +-- __declspec(dllexport) bool __stdcall RemoveOverlay(char* szFileName); + TitanEngine.RemoveOverlay:types {"string",abi="stdcall",ret="byte"} + TE_RemoveOverlay = TitanEngine.RemoveOverlay +-- __declspec(dllexport) bool __stdcall MakeAllSectionsRWE(char* szFileName); + TitanEngine.MakeAllSectionsRWE:types {"string",abi="stdcall",ret="byte"} + TE_MakeAllSectionsRWE = TitanEngine.MakeAllSectionsRWE +-- __declspec(dllexport) long __stdcall AddNewSectionEx(char* szFileName, char* szSectionName, DWORD SectionSize, DWORD SectionAttributes, LPVOID SectionContent, DWORD ContentSize); + TitanEngine.AddNewSectionEx:types {"string","string","long","long","pointer","long",abi="stdcall",ret="long"} + TE_AddNewSectionEx = TitanEngine.AddNewSectionEx +-- __declspec(dllexport) long __stdcall AddNewSection(char* szFileName, char* szSectionName, DWORD SectionSize); + TitanEngine.AddNewSection:types {"string","string","long",abi="stdcall",ret="long"} + TE_AddNewSection = TitanEngine.AddNewSection +-- __declspec(dllexport) bool __stdcall ResizeLastSection(char* szFileName, DWORD NumberOfExpandBytes, bool AlignResizeData); + TitanEngine.ResizeLastSection:types {"string","long","long",abi="stdcall",ret="byte"} + TE_ResizeLastSection = TitanEngine.ResizeLastSection +-- __declspec(dllexport) void __stdcall SetSharedOverlay(char* szFileName); + TitanEngine.SetSharedOverlay:types {"string",abi="stdcall"} + TE_SetSharedOverlay = TitanEngine.SetSharedOverlay +-- __declspec(dllexport) char* __stdcall GetSharedOverlay(); + TitanEngine.GetSharedOverlay:types {abi="stdcall",ret="string"} + TE_GetSharedOverlay = TitanEngine.GetSharedOverlay +-- __declspec(dllexport) bool __stdcall DeleteLastSection(char* szFileName); + TitanEngine.DeleteLastSection:types {"string",abi="stdcall",ret="byte"} + TE_DeleteLastSection = TitanEngine.DeleteLastSection +-- __declspec(dllexport) bool __stdcall DeleteLastSectionEx(char* szFileName, DWORD NumberOfSections); + TitanEngine.DeleteLastSectionEx:types {"string","long",abi="stdcall",ret="byte"} + TE_DeleteLastSectionEx = TitanEngine.DeleteLastSectionEx +-- __declspec(dllexport) long long __stdcall GetPE32DataFromMappedFile(ULONG_PTR FileMapVA, DWORD WhichSection, DWORD WhichData); + TitanEngine.GetPE32DataFromMappedFile:types {"long","long","long",abi="stdcall",ret="long"} + TE_GetPE32DataFromMappedFile = TitanEngine.GetPE32DataFromMappedFile +-- __declspec(dllexport) long long __stdcall GetPE32Data(char* szFileName, DWORD WhichSection, DWORD WhichData); + TitanEngine.GetPE32Data:types {"string","long","long",abi="stdcall",ret="long"} + TE_GetPE32Data = TitanEngine.GetPE32Data +-- __declspec(dllexport) bool __stdcall GetPE32DataFromMappedFileEx(ULONG_PTR FileMapVA, LPVOID DataStorage); + TitanEngine.GetPE32DataFromMappedFileEx:types {"long","pointer",abi="stdcall",ret="byte"} + TE_GetPE32DataFromMappedFileEx = TitanEngine.GetPE32DataFromMappedFileEx +-- __declspec(dllexport) bool __stdcall GetPE32DataEx(char* szFileName, LPVOID DataStorage); + TitanEngine.GetPE32DataEx:types {"string","pointer",abi="stdcall",ret="byte"} + TE_GetPE32DataEx = TitanEngine.GetPE32DataEx +-- __declspec(dllexport) bool __stdcall SetPE32DataForMappedFile(ULONG_PTR FileMapVA, DWORD WhichSection, DWORD WhichData, ULONG_PTR NewDataValue); + TitanEngine.SetPE32DataForMappedFile:types {"long","long","long","long",abi="stdcall",ret="byte"} + TE_SetPE32DataForMappedFile = TitanEngine.SetPE32DataForMappedFile +-- __declspec(dllexport) bool __stdcall SetPE32Data(char* szFileName, DWORD WhichSection, DWORD WhichData, ULONG_PTR NewDataValue); + TitanEngine.SetPE32Data:types {"string","long","long","long",abi="stdcall",ret="byte"} + TE_SetPE32Data = TitanEngine.SetPE32Data +-- __declspec(dllexport) bool __stdcall SetPE32DataForMappedFileEx(ULONG_PTR FileMapVA, LPVOID DataStorage); + TitanEngine.SetPE32DataForMappedFileEx:types {"long","pointer",abi="stdcall",ret="byte"} + TE_SetPE32DataForMappedFileEx = TitanEngine.SetPE32DataForMappedFileEx +-- __declspec(dllexport) bool __stdcall SetPE32DataEx(char* szFileName, LPVOID DataStorage); + TitanEngine.SetPE32DataEx:types {"string","pointer",abi="stdcall",ret="byte"} + TE_SetPE32DataEx = TitanEngine.SetPE32DataEx +-- __declspec(dllexport) long __stdcall GetPE32SectionNumberFromVA(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert); + TitanEngine.GetPE32SectionNumberFromVA:types {"long","long",abi="stdcall",ret="long"} + TE_GetPE32SectionNumberFromVA = TitanEngine.GetPE32SectionNumberFromVA +-- __declspec(dllexport) long long __stdcall ConvertVAtoFileOffset(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType); + TitanEngine.ConvertVAtoFileOffset:types {"long","long","long",abi="stdcall",ret="long"} + TE_ConvertVAtoFileOffset = TitanEngine.ConvertVAtoFileOffset +-- __declspec(dllexport) long long __stdcall ConvertVAtoFileOffsetEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool AddressIsRVA, bool ReturnType); + TitanEngine.ConvertVAtoFileOffsetEx:types {"long","long","long","long","long","long",abi="stdcall",ret="long"} + TE_ConvertVAtoFileOffsetEx = TitanEngine.ConvertVAtoFileOffsetEx +-- __declspec(dllexport) long long __stdcall ConvertFileOffsetToVA(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType); + TitanEngine.ConvertFileOffsetToVA:types {"long","long","long",abi="stdcall",ret="long"} + TE_ConvertFileOffsetToVA = TitanEngine.ConvertFileOffsetToVA +-- __declspec(dllexport) long long __stdcall ConvertFileOffsetToVAEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool ReturnType); + TitanEngine.ConvertFileOffsetToVAEx:types {"long","long","long","long","long",abi="stdcall",ret="long"} + TE_ConvertFileOffsetToVAEx = TitanEngine.ConvertFileOffsetToVAEx +-- +-- TitanEngine.Realigner.functions: +-- +-- __declspec(dllexport) bool __stdcall FixHeaderCheckSum(char* szFileName); + TitanEngine.FixHeaderCheckSum:types {"string",abi="stdcall",ret="byte"} + TE_FixHeaderCheckSum = TitanEngine.FixHeaderCheckSum +-- __declspec(dllexport) long __stdcall RealignPE(ULONG_PTR FileMapVA, DWORD FileSize, DWORD RealingMode); + TitanEngine.RealignPE:types {"long","long","long",abi="stdcall",ret="long"} + TE_RealignPE = TitanEngine.RealignPE +-- __declspec(dllexport) long __stdcall RealignPEEx(char* szFileName, DWORD RealingFileSize, DWORD ForcedFileAlignment); + TitanEngine.RealignPEEx:types {"string","long","long",abi="stdcall",ret="long"} + TE_RealignPEEx = TitanEngine.RealignPEEx +-- __declspec(dllexport) bool __stdcall WipeSection(char* szFileName, int WipeSectionNumber, bool RemovePhysically); + TitanEngine.WipeSection:types {"string","long","long",abi="stdcall",ret="byte"} + TE_WipeSection = TitanEngine.WipeSection +-- __declspec(dllexport) bool __stdcall IsPE32FileValidEx(char* szFileName, DWORD CheckDepth, LPVOID FileStatusInfo); + TitanEngine.IsPE32FileValidEx:types {"string","long","pointer",abi="stdcall",ret="byte"} + TE_IsPE32FileValidEx = TitanEngine.IsPE32FileValidEx +-- __declspec(dllexport) bool __stdcall FixBrokenPE32FileEx(char* szFileName, LPVOID FileStatusInfo, LPVOID FileFixInfo); + TitanEngine.FixBrokenPE32FileEx:types {"string","pointer","pointer",abi="stdcall",ret="byte"} + TE_FixBrokenPE32FileEx = TitanEngine.FixBrokenPE32FileEx +-- __declspec(dllexport) bool __stdcall IsFileDLL(char* szFileName, ULONG_PTR FileMapVA); + TitanEngine.IsFileDLL:types {"string","long",abi="stdcall",ret="byte"} + TE_IsFileDLL = TitanEngine.IsFileDLL +-- +-- TitanEngine.Hider.functions: +-- +-- __declspec(dllexport) void* __stdcall GetPEBLocation(HANDLE hProcess); + TitanEngine.GetPEBLocation:types {"long",abi="stdcall",ret="pointer"} + TE_GetPEBLocation = TitanEngine.GetPEBLocation +-- __declspec(dllexport) bool __stdcall HideDebugger(HANDLE hProcess, DWORD PatchAPILevel); + TitanEngine.HideDebugger:types {"long","long",abi="stdcall",ret="byte"} + TE_HideDebugger = TitanEngine.HideDebugger +-- __declspec(dllexport) bool __stdcall UnHideDebugger(HANDLE hProcess, DWORD PatchAPILevel); + TitanEngine.UnHideDebugger:types {"long","long",abi="stdcall",ret="byte"} + TE_UnHideDebugger = TitanEngine.UnHideDebugger +-- +-- TitanEngine.Relocater.functions: +-- +-- __declspec(dllexport) void __stdcall RelocaterCleanup(); + TitanEngine.RelocaterCleanup:types {abi="stdcall"} + TE_RelocaterCleanup = TitanEngine.RelocaterCleanup +-- __declspec(dllexport) void __stdcall RelocaterInit(DWORD MemorySize, ULONG_PTR OldImageBase, ULONG_PTR NewImageBase); + TitanEngine.RelocaterInit:types {"long","long","long",abi="stdcall"} + TE_RelocaterInit = TitanEngine.RelocaterInit +-- __declspec(dllexport) void __stdcall RelocaterAddNewRelocation(HANDLE hProcess, ULONG_PTR RelocateAddress, DWORD RelocateState); + TitanEngine.RelocaterAddNewRelocation:types {"long","long","long",abi="stdcall"} + TE_RelocaterAddNewRelocation = TitanEngine.RelocaterAddNewRelocation +-- __declspec(dllexport) long __stdcall RelocaterEstimatedSize(); + TitanEngine.RelocaterEstimatedSize:types {abi="stdcall",ret="long"} + TE_RelocaterEstimatedSize = TitanEngine.RelocaterEstimatedSize +-- __declspec(dllexport) bool __stdcall RelocaterExportRelocation(ULONG_PTR StorePlace, DWORD StorePlaceRVA, ULONG_PTR FileMapVA); + TitanEngine.RelocaterExportRelocation:types {"long","long","long",abi="stdcall",ret="byte"} + TE_RelocaterExportRelocation = TitanEngine.RelocaterExportRelocation +-- __declspec(dllexport) bool __stdcall RelocaterExportRelocationEx(char* szFileName, char* szSectionName); + TitanEngine.RelocaterExportRelocationEx:types {"string","string",abi="stdcall",ret="byte"} + TE_RelocaterExportRelocationEx = TitanEngine.RelocaterExportRelocationEx +-- __declspec(dllexport) bool __stdcall RelocaterGrabRelocationTable(HANDLE hProcess, ULONG_PTR MemoryStart, DWORD MemorySize); + TitanEngine.RelocaterGrabRelocationTable:types {"long","long","long",abi="stdcall",ret="byte"} + TE_RelocaterGrabRelocationTable = TitanEngine.RelocaterGrabRelocationTable +-- __declspec(dllexport) bool __stdcall RelocaterGrabRelocationTableEx(HANDLE hProcess, ULONG_PTR MemoryStart, ULONG_PTR MemorySize, DWORD NtSizeOfImage); + TitanEngine.RelocaterGrabRelocationTableEx:types {"long","long","long","long",abi="stdcall",ret="byte"} + TE_RelocaterGrabRelocationTableEx = TitanEngine.RelocaterGrabRelocationTableEx +-- __declspec(dllexport) bool __stdcall RelocaterMakeSnapshot(HANDLE hProcess, char* szSaveFileName, LPVOID MemoryStart, ULONG_PTR MemorySize); + TitanEngine.RelocaterMakeSnapshot:types {"long","string","long","long",abi="stdcall",ret="byte"} + TE_RelocaterMakeSnapshot = TitanEngine.RelocaterMakeSnapshot +-- __declspec(dllexport) bool __stdcall RelocaterCompareTwoSnapshots(HANDLE hProcess, ULONG_PTR LoadedImageBase, ULONG_PTR NtSizeOfImage, char* szDumpFile1, char* szDumpFile2, ULONG_PTR MemStart); + TitanEngine.RelocaterCompareTwoSnapshots:types {"long","long","long","string","string","long",abi="stdcall",ret="byte"} + TE_RelocaterCompareTwoSnapshots = TitanEngine.RelocaterCompareTwoSnapshots +-- __declspec(dllexport) bool __stdcall RelocaterChangeFileBase(char* szFileName, ULONG_PTR NewImageBase); + TitanEngine.RelocaterChangeFileBase:types {"string","long",abi="stdcall",ret="byte"} + TE_RelocaterChangeFileBase = TitanEngine.RelocaterChangeFileBase +-- __declspec(dllexport) bool __stdcall RelocaterRelocateMemoryBlock(ULONG_PTR FileMapVA, ULONG_PTR MemoryLocation, void* RelocateMemory, DWORD RelocateMemorySize, ULONG_PTR CurrentLoadedBase, ULONG_PTR RelocateBase); + TitanEngine.RelocaterRelocateMemoryBlock:types {"long","long","long","long","long","long",abi="stdcall",ret="byte"} + TE_RelocaterRelocateMemoryBlock = TitanEngine.RelocaterRelocateMemoryBlock +-- __declspec(dllexport) bool __stdcall RelocaterWipeRelocationTable(char* szFileName); + TitanEngine.RelocaterWipeRelocationTable:types {"string",abi="stdcall",ret="byte"} + TE_RelocaterWipeRelocationTable = TitanEngine.RelocaterWipeRelocationTable +-- +-- TitanEngine.Resourcer.functions: +-- +-- __declspec(dllexport) long long __stdcall ResourcerLoadFileForResourceUse(char* szFileName); + TitanEngine.ResourcerLoadFileForResourceUse:types {"string",abi="stdcall",ret="long"} + TE_ResourcerLoadFileForResourceUse = TitanEngine.ResourcerLoadFileForResourceUse +-- __declspec(dllexport) bool __stdcall ResourcerFreeLoadedFile(LPVOID LoadedFileBase); + TitanEngine.ResourcerFreeLoadedFile:types {"long",abi="stdcall",ret="byte"} + TE_ResourcerFreeLoadedFile = TitanEngine.ResourcerFreeLoadedFile +-- __declspec(dllexport) bool __stdcall ResourcerExtractResourceFromFileEx(ULONG_PTR FileMapVA, char* szResourceType, char* szResourceName, char* szExtractedFileName); + TitanEngine.ResourcerExtractResourceFromFileEx:types {"long","string","string","string",abi="stdcall",ret="byte"} + TE_ResourcerExtractResourceFromFileEx = TitanEngine.ResourcerExtractResourceFromFileEx +-- __declspec(dllexport) bool __stdcall ResourcerExtractResourceFromFile(char* szFileName, char* szResourceType, char* szResourceName, char* szExtractedFileName); + TitanEngine.ResourcerExtractResourceFromFile:types {"string","string","string","string",abi="stdcall",ret="byte"} + TE_ResourcerExtractResourceFromFile = TitanEngine.ResourcerExtractResourceFromFile +-- __declspec(dllexport) bool __stdcall ResourcerFindResource(char* szFileName, char* szResourceType, DWORD ResourceType, char* szResourceName, DWORD ResourceName, DWORD ResourceLanguage, PULONG_PTR pResourceData, LPDWORD pResourceSize); + TitanEngine.ResourcerFindResource:types {"string","string","long","string","long","long","pointer","pointer",abi="stdcall",ret="byte"} + TE_ResourcerFindResource = TitanEngine.ResourcerFindResource +-- __declspec(dllexport) void __stdcall ResourcerEnumerateResource(char* szFileName, void* CallBack); + TitanEngine.ResourcerEnumerateResource:types {"string","callback",abi="stdcall"} + TE_ResourcerEnumerateResource = TitanEngine.ResourcerEnumerateResource +-- __declspec(dllexport) void __stdcall ResourcerEnumerateResourceEx(ULONG_PTR FileMapVA, DWORD FileSize, void* CallBack); + TitanEngine.ResourcerEnumerateResourceEx:types {"long","long","callback",abi="stdcall"} + TE_ResourcerEnumerateResourceEx = TitanEngine.ResourcerEnumerateResourceEx +-- CallBacks: +-- typedef bool(__stdcall *fResourceEnumerator)(wchar_t* szResourceType, DWORD ResourceType, wchar_t* szResourceName, DWORD ResourceName, DWORD ResourceLanguage, DWORD ResourceData, DWORD ResourceSize); +-- TE_ResourcerEnumerateResource_CB = alien.callback(YourFunctionHere, "pointer", "long", "pointer", "long", "long", "long", "long") +-- TE_ResourcerEnumerateResourceEx_CB = alien.callback(YourFunctionHere, "pointer", "long", "pointer", "long", "long", "long", "long") +-- +-- TitanEngine.Threader.functions: +-- +-- __declspec(dllexport) bool __stdcall ThreaderImportRunningThreadData(DWORD ProcessId); + TitanEngine.ThreaderImportRunningThreadData:types {"long",abi="stdcall",ret="byte"} + TE_ThreaderImportRunningThreadData = TitanEngine.ThreaderImportRunningThreadData +-- __declspec(dllexport) void* __stdcall ThreaderGetThreadInfo(HANDLE hThread, DWORD ThreadId); + TitanEngine.ThreaderGetThreadInfo:types {"long","long",abi="stdcall",ret="pointer"} + TE_ThreaderGetThreadInfo = TitanEngine.ThreaderGetThreadInfo +-- __declspec(dllexport) void __stdcall ThreaderEnumThreadInfo(void* EnumCallBack); + TitanEngine.ThreaderEnumThreadInfo:types {"callback",abi="stdcall"} + TE_ThreaderEnumThreadInfo = TitanEngine.ThreaderEnumThreadInfo +-- __declspec(dllexport) bool __stdcall ThreaderPauseThread(HANDLE hThread); + TitanEngine.ThreaderPauseThread:types {"long",abi="stdcall",ret="byte"} + TE_ThreaderPauseThread = TitanEngine.ThreaderPauseThread +-- __declspec(dllexport) bool __stdcall ThreaderResumeThread(HANDLE hThread); + TitanEngine.ThreaderResumeThread:types {"long",abi="stdcall",ret="byte"} + TE_ThreaderResumeThread = TitanEngine.ThreaderResumeThread +-- __declspec(dllexport) bool __stdcall ThreaderTerminateThread(HANDLE hThread, DWORD ThreadExitCode); + TitanEngine.ThreaderTerminateThread:types {"long","long",abi="stdcall",ret="byte"} + TE_ThreaderTerminateThread = TitanEngine.ThreaderTerminateThread +-- __declspec(dllexport) bool __stdcall ThreaderPauseAllThreads(bool LeaveMainRunning); + TitanEngine.ThreaderPauseAllThreads:types {"long",abi="stdcall",ret="byte"} + TE_ThreaderPauseAllThreads = TitanEngine.ThreaderPauseAllThreads +-- __declspec(dllexport) bool __stdcall ThreaderResumeAllThreads(bool LeaveMainPaused); + TitanEngine.ThreaderResumeAllThreads:types {"long",abi="stdcall",ret="byte"} + TE_ThreaderResumeAllThreads = TitanEngine.ThreaderResumeAllThreads +-- __declspec(dllexport) bool __stdcall ThreaderPauseProcess(); + TitanEngine.ThreaderPauseProcess:types {abi="stdcall",ret="byte"} + TE_ThreaderPauseProcess = TitanEngine.ThreaderPauseProcess +-- __declspec(dllexport) bool __stdcall ThreaderResumeProcess(); + TitanEngine.ThreaderResumeProcess:types {abi="stdcall",ret="byte"} + TE_ThreaderResumeProcess = TitanEngine.ThreaderResumeProcess +-- __declspec(dllexport) long long __stdcall ThreaderCreateRemoteThread(ULONG_PTR ThreadStartAddress, bool AutoCloseTheHandle, LPVOID ThreadPassParameter, LPDWORD ThreadId); + TitanEngine.ThreaderCreateRemoteThread:types {"long","long","long","pointer",abi="stdcall",ret="long"} + TE_ThreaderCreateRemoteThread = TitanEngine.ThreaderCreateRemoteThread +-- __declspec(dllexport) bool __stdcall ThreaderInjectAndExecuteCode(LPVOID InjectCode, DWORD StartDelta, DWORD InjectSize); + TitanEngine.ThreaderInjectAndExecuteCode:types {"pointer","long","long",abi="stdcall",ret="byte"} + TE_ThreaderInjectAndExecuteCode = TitanEngine.ThreaderInjectAndExecuteCode +-- __declspec(dllexport) long long __stdcall ThreaderCreateRemoteThreadEx(HANDLE hProcess, ULONG_PTR ThreadStartAddress, bool AutoCloseTheHandle, LPVOID ThreadPassParameter, LPDWORD ThreadId); + TitanEngine.ThreaderCreateRemoteThreadEx:types {"long","long","long","long","pointer",abi="stdcall",ret="long"} + TE_ThreaderCreateRemoteThreadEx = TitanEngine.ThreaderCreateRemoteThreadEx +-- __declspec(dllexport) bool __stdcall ThreaderInjectAndExecuteCodeEx(HANDLE hProcess, LPVOID InjectCode, DWORD StartDelta, DWORD InjectSize); + TitanEngine.ThreaderInjectAndExecuteCodeEx:types {"long","long","long","long",abi="stdcall",ret="byte"} + TE_ThreaderInjectAndExecuteCodeEx = TitanEngine.ThreaderInjectAndExecuteCodeEx +-- __declspec(dllexport) void __stdcall ThreaderSetCallBackForNextExitThreadEvent(LPVOID exitThreadCallBack); + TitanEngine.ThreaderSetCallBackForNextExitThreadEvent:types {"callback",abi="stdcall"} + TE_ThreaderSetCallBackForNextExitThreadEvent = TitanEngine.ThreaderSetCallBackForNextExitThreadEvent +-- __declspec(dllexport) bool __stdcall ThreaderIsThreadStillRunning(HANDLE hThread); + TitanEngine.ThreaderIsThreadStillRunning:types {"long",abi="stdcall",ret="byte"} + TE_ThreaderIsThreadStillRunning = TitanEngine.ThreaderIsThreadStillRunning +-- __declspec(dllexport) bool __stdcall ThreaderIsThreadActive(HANDLE hThread); + TitanEngine.ThreaderIsThreadActive:types {"long",abi="stdcall",ret="byte"} + TE_ThreaderIsThreadActive = TitanEngine.ThreaderIsThreadActive +-- __declspec(dllexport) bool __stdcall ThreaderIsAnyThreadActive(); + TitanEngine.ThreaderIsAnyThreadActive:types {abi="stdcall",ret="byte"} + TE_ThreaderIsAnyThreadActive = TitanEngine.ThreaderIsAnyThreadActive +-- __declspec(dllexport) bool __stdcall ThreaderExecuteOnlyInjectedThreads(); + TitanEngine.ThreaderExecuteOnlyInjectedThreads:types {abi="stdcall",ret="byte"} + TE_ThreaderExecuteOnlyInjectedThreads = TitanEngine.ThreaderExecuteOnlyInjectedThreads +-- __declspec(dllexport) long long __stdcall ThreaderGetOpenHandleForThread(DWORD ThreadId); + TitanEngine.ThreaderGetOpenHandleForThread:types {"long",abi="stdcall",ret="long"} + TE_ThreaderGetOpenHandleForThread = TitanEngine.ThreaderGetOpenHandleForThread +-- __declspec(dllexport) void* __stdcall ThreaderGetThreadData(); + TitanEngine.ThreaderGetThreadData:types {abi="stdcall",ret="pointer"} + TE_ThreaderGetThreadData = TitanEngine.ThreaderGetThreadData +-- __declspec(dllexport) bool __stdcall ThreaderIsExceptionInMainThread(); + TitanEngine.ThreaderIsExceptionInMainThread:types {abi="stdcall",ret="byte"} + TE_ThreaderIsExceptionInMainThread = TitanEngine.ThreaderIsExceptionInMainThread +-- CallBacks: +-- typedef void(__stdcall *fEnumCallBack)(LPVOID fThreadDetail); +-- TE_ThreaderEnumThreadInfo_CB = alien.callback(YourFunctionHere, "pointer", abi = "stdcall") +-- typedef void(__stdcall *fCustomHandler)(void* SpecialDBG); +-- TE_ThreaderSetCallBackForNextExitThreadEvent_CB = alien.callback(YourFunctionHere, "pointer", abi = "stdcall") +-- +-- TitanEngine.Debugger.functions: +-- +-- __declspec(dllexport) void* __stdcall StaticDisassembleEx(ULONG_PTR DisassmStart, LPVOID DisassmAddress); + TitanEngine.StaticDisassembleEx:types {"long","long",abi="stdcall",ret="string"} + TE_StaticDisassembleEx = TitanEngine.StaticDisassembleEx +-- __declspec(dllexport) void* __stdcall StaticDisassemble(LPVOID DisassmAddress); + TitanEngine.StaticDisassemble:types {"long",abi="stdcall",ret="string"} + TE_StaticDisassemble = TitanEngine.StaticDisassemble +-- __declspec(dllexport) void* __stdcall DisassembleEx(HANDLE hProcess, LPVOID DisassmAddress); + TitanEngine.DisassembleEx:types {"long","long",abi="stdcall",ret="string"} + TE_DisassembleEx = TitanEngine.DisassembleEx +-- __declspec(dllexport) void* __stdcall Disassemble(LPVOID DisassmAddress); + TitanEngine.Disassemble:types {"long",abi="stdcall",ret="string"} + TE_Disassemble = TitanEngine.Disassemble +-- __declspec(dllexport) long __stdcall StaticLengthDisassemble(LPVOID DisassmAddress); + TitanEngine.StaticLengthDisassemble:types {"long",abi="stdcall",ret="long"} + TE_StaticLengthDisassemble = TitanEngine.StaticLengthDisassemble +-- __declspec(dllexport) long __stdcall LengthDisassembleEx(HANDLE hProcess, LPVOID DisassmAddress); + TitanEngine.LengthDisassembleEx:types {"long","long",abi="stdcall",ret="long"} + TE_LengthDisassembleEx = TitanEngine.LengthDisassembleEx +-- __declspec(dllexport) long __stdcall LengthDisassemble(LPVOID DisassmAddress); + TitanEngine.LengthDisassemble:types {"long",abi="stdcall",ret="long"} + TE_LengthDisassemble = TitanEngine.LengthDisassemble +-- __declspec(dllexport) void* __stdcall InitDebug(char* szFileName, char* szCommandLine, char* szCurrentFolder); + TitanEngine.InitDebug:types {"string","string","string",abi="stdcall",ret="pointer"} + TE_InitDebug = TitanEngine.InitDebug +-- __declspec(dllexport) void* __stdcall InitDebugEx(char* szFileName, char* szCommandLine, char* szCurrentFolder, LPVOID EntryCallBack); + TitanEngine.InitDebugEx:types {"string","string","string","callback",abi="stdcall",ret="pointer"} + TE_InitDebugEx = TitanEngine.InitDebugEx +-- __declspec(dllexport) void* __stdcall InitDLLDebug(char* szFileName, bool ReserveModuleBase, char* szCommandLine, char* szCurrentFolder, LPVOID EntryCallBack); + TitanEngine.InitDLLDebug:types {"string","long","string","string","callback",abi="stdcall",ret="pointer"} + TE_InitDLLDebug = TitanEngine.InitDLLDebug +-- __declspec(dllexport) bool __stdcall StopDebug(); + TitanEngine.StopDebug:types {abi="stdcall",ret="byte"} + TE_StopDebug = TitanEngine.StopDebug +-- __declspec(dllexport) void __stdcall SetBPXOptions(long DefaultBreakPointType); + TitanEngine.SetBPXOptions:types {"long",abi="stdcall"} + TE_SetBPXOptions = TitanEngine.SetBPXOptions +-- __declspec(dllexport) bool __stdcall IsBPXEnabled(ULONG_PTR bpxAddress); + TitanEngine.IsBPXEnabled:types {"long",abi="stdcall",ret="byte"} + TE_IsBPXEnabled = TitanEngine.IsBPXEnabled +-- __declspec(dllexport) bool __stdcall EnableBPX(ULONG_PTR bpxAddress); + TitanEngine.EnableBPX:types {"long",abi="stdcall",ret="byte"} + TE_EnableBPX = TitanEngine.EnableBPX +-- __declspec(dllexport) bool __stdcall DisableBPX(ULONG_PTR bpxAddress); + TitanEngine.DisableBPX:types {"long",abi="stdcall",ret="byte"} + TE_DisableBPX = TitanEngine.DisableBPX +-- __declspec(dllexport) bool __stdcall SetBPX(ULONG_PTR bpxAddress, DWORD bpxType, LPVOID bpxCallBack); + TitanEngine.SetBPX:types {"long","long","callback",abi="stdcall",ret="byte"} + TE_SetBPX = TitanEngine.SetBPX +-- __declspec(dllexport) bool __stdcall SetBPXEx(ULONG_PTR bpxAddress, DWORD bpxType, DWORD NumberOfExecution, DWORD CmpRegister, DWORD CmpCondition, ULONG_PTR CmpValue, LPVOID bpxCallBack, LPVOID bpxCompareCallBack, LPVOID bpxRemoveCallBack); + TitanEngine.SetBPXEx:types {"long","long","long","long","long","long","callback","callback","callback",abi="stdcall",ret="byte"} + TE_SetBPXEx = TitanEngine.SetBPXEx +-- __declspec(dllexport) bool __stdcall DeleteBPX(ULONG_PTR bpxAddress); + TitanEngine.DeleteBPX:types {"long",abi="stdcall",ret="byte"} + TE_DeleteBPX = TitanEngine.DeleteBPX +-- __declspec(dllexport) bool __stdcall SafeDeleteBPX(ULONG_PTR bpxAddress); + TitanEngine.SafeDeleteBPX:types {"long",abi="stdcall",ret="byte"} + TE_SafeDeleteBPX = TitanEngine.SafeDeleteBPX +-- __declspec(dllexport) bool __stdcall SetAPIBreakPoint(char* szDLLName, char* szAPIName, DWORD bpxType, DWORD bpxPlace, LPVOID bpxCallBack); + TitanEngine.SetAPIBreakPoint:types {"string","string","long","long","callback",abi="stdcall",ret="byte"} + TE_SetAPIBreakPoint = TitanEngine.SetAPIBreakPoint +-- __declspec(dllexport) bool __stdcall DeleteAPIBreakPoint(char* szDLLName, char* szAPIName, DWORD bpxPlace); + TitanEngine.DeleteAPIBreakPoint:types {"string","string","long",abi="stdcall",ret="byte"} + TE_DeleteAPIBreakPoint = TitanEngine.DeleteAPIBreakPoint +-- __declspec(dllexport) bool __stdcall SafeDeleteAPIBreakPoint(char* szDLLName, char* szAPIName, DWORD bpxPlace); + TitanEngine.SafeDeleteAPIBreakPoint:types {"string","string","long",abi="stdcall",ret="byte"} + TE_SafeDeleteAPIBreakPoint = TitanEngine.SafeDeleteAPIBreakPoint +-- __declspec(dllexport) bool __stdcall SetMemoryBPX(ULONG_PTR MemoryStart, DWORD SizeOfMemory, LPVOID bpxCallBack); + TitanEngine.SetMemoryBPX:types {"long","long","callback",abi="stdcall",ret="byte"} + TE_SetMemoryBPX = TitanEngine.SetMemoryBPX +-- __declspec(dllexport) bool __stdcall SetMemoryBPXEx(ULONG_PTR MemoryStart, DWORD SizeOfMemory, DWORD BreakPointType, bool RestoreOnHit, LPVOID bpxCallBack); + TitanEngine.SetMemoryBPXEx:types {"long","long","long","long","callback",abi="stdcall",ret="byte"} + TE_SetMemoryBPXEx = TitanEngine.SetMemoryBPXEx +-- __declspec(dllexport) bool __stdcall RemoveMemoryBPX(ULONG_PTR MemoryStart, DWORD SizeOfMemory); + TitanEngine.RemoveMemoryBPX:types {"long","long",abi="stdcall",ret="byte"} + TE_RemoveMemoryBPX = TitanEngine.RemoveMemoryBPX +-- __declspec(dllexport) bool __stdcall GetContextFPUDataEx(HANDLE hActiveThread, void* FPUSaveArea); + TitanEngine.GetContextFPUDataEx:types {"long","pointer",abi="stdcall",ret="byte"} + TE_GetContextFPUDataEx = TitanEngine.GetContextFPUDataEx +-- __declspec(dllexport) long long __stdcall GetContextDataEx(HANDLE hActiveThread, DWORD IndexOfRegister); + TitanEngine.GetContextDataEx:types {"long","long",abi="stdcall",ret="long"} + TE_GetContextDataEx = TitanEngine.GetContextDataEx +-- __declspec(dllexport) long long __stdcall GetContextData(DWORD IndexOfRegister); + TitanEngine.GetContextData:types {"long",abi="stdcall",ret="long"} + TE_GetContextData = TitanEngine.GetContextData +-- __declspec(dllexport) bool __stdcall SetContextFPUDataEx(HANDLE hActiveThread, void* FPUSaveArea); + TitanEngine.SetContextFPUDataEx:types {"long","pointer",abi="stdcall",ret="byte"} + TE_SetContextFPUDataEx = TitanEngine.SetContextFPUDataEx +-- __declspec(dllexport) bool __stdcall SetContextDataEx(HANDLE hActiveThread, DWORD IndexOfRegister, ULONG_PTR NewRegisterValue); + TitanEngine.SetContextDataEx:types {"long","long","long",abi="stdcall",ret="byte"} + TE_SetContextDataEx = TitanEngine.SetContextDataEx +-- __declspec(dllexport) bool __stdcall SetContextData(DWORD IndexOfRegister, ULONG_PTR NewRegisterValue); + TitanEngine.SetContextData:types {"long","long",abi="stdcall",ret="byte"} + TE_SetContextData = TitanEngine.SetContextData +-- __declspec(dllexport) void __stdcall ClearExceptionNumber(); + TitanEngine.ClearExceptionNumber:types {abi="stdcall"} + TE_ClearExceptionNumber = TitanEngine.ClearExceptionNumber +-- __declspec(dllexport) long __stdcall CurrentExceptionNumber(); + TitanEngine.CurrentExceptionNumber:types {abi="stdcall",ret="long"} + TE_CurrentExceptionNumber = TitanEngine.CurrentExceptionNumber +-- __declspec(dllexport) bool __stdcall MatchPatternEx(HANDLE hProcess, void* MemoryToCheck, int SizeOfMemoryToCheck, void* PatternToMatch, int SizeOfPatternToMatch, PBYTE WildCard); + TitanEngine.MatchPatternEx:types {"long","long","long","pointer","long","pointer",abi="stdcall",ret="byte"} + TE_MatchPatternEx = TitanEngine.MatchPatternEx +-- __declspec(dllexport) bool __stdcall MatchPattern(void* MemoryToCheck, int SizeOfMemoryToCheck, void* PatternToMatch, int SizeOfPatternToMatch, PBYTE WildCard); + TitanEngine.MatchPattern:types {"long","long","pointer","long","pointer",abi="stdcall",ret="byte"} + TE_MatchPattern = TitanEngine.MatchPattern +-- __declspec(dllexport) long long __stdcall FindEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, LPBYTE WildCard); + TitanEngine.FindEx:types {"long","long","long","pointer","long","pointer",abi="stdcall",ret="long"} + TE_FindEx = TitanEngine.FindEx +-- __declspec(dllexport) long long __stdcall Find(LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, LPBYTE WildCard); + TitanEngine.Find:types {"long","long","pointer","long","pointer",abi="stdcall",ret="long"} + TE_Find = TitanEngine.Find +-- __declspec(dllexport) bool __stdcall FillEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, PBYTE FillByte); + TitanEngine.FillEx:types {"long","long","long","pointer",abi="stdcall",ret="byte"} + TE_FillEx = TitanEngine.FillEx +-- __declspec(dllexport) bool __stdcall Fill(LPVOID MemoryStart, DWORD MemorySize, PBYTE FillByte); + TitanEngine.Fill:types {"long","long","pointer",abi="stdcall",ret="byte"} + TE_Fill = TitanEngine.Fill +-- __declspec(dllexport) bool __stdcall PatchEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, LPVOID ReplacePattern, DWORD ReplaceSize, bool AppendNOP, bool PrependNOP); + TitanEngine.PatchEx:types {"long","long","long","pointer","long","long","long",abi="stdcall",ret="byte"} + TE_PatchEx = TitanEngine.PatchEx +-- __declspec(dllexport) bool __stdcall Patch(LPVOID MemoryStart, DWORD MemorySize, LPVOID ReplacePattern, DWORD ReplaceSize, bool AppendNOP, bool PrependNOP); + TitanEngine.Patch:types {"long","long","pointer","long","long","long",abi="stdcall",ret="byte"} + TE_Patch = TitanEngine.Patch +-- __declspec(dllexport) bool __stdcall ReplaceEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, DWORD NumberOfRepetitions, LPVOID ReplacePattern, DWORD ReplaceSize, PBYTE WildCard); + TitanEngine.ReplaceEx:types {"long","long","long","pointer","long","long","pointer","long","pointer",abi="stdcall",ret="byte"} + TE_ReplaceEx = TitanEngine.ReplaceEx +-- __declspec(dllexport) bool __stdcall Replace(LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, DWORD NumberOfRepetitions, LPVOID ReplacePattern, DWORD ReplaceSize, PBYTE WildCard); + TitanEngine.Replace:types {"long","long","pointer","long","long","pointer","long","pointer",abi="stdcall",ret="byte"} + TE_Replace = TitanEngine.Replace +-- __declspec(dllexport) void* __stdcall GetDebugData(); + TitanEngine.GetDebugData:types {abi="stdcall",ret="pointer"} + TE_GetDebugData = TitanEngine.GetDebugData +-- __declspec(dllexport) void* __stdcall GetTerminationData(); + TitanEngine.GetTerminationData:types {abi="stdcall",ret="pointer"} + TE_GetTerminationData = TitanEngine.GetTerminationData +-- __declspec(dllexport) long __stdcall GetExitCode(); + TitanEngine.GetExitCode:types {abi="stdcall",ret="long"} + TE_GetExitCode = TitanEngine.GetExitCode +-- __declspec(dllexport) long long __stdcall GetDebuggedDLLBaseAddress(); + TitanEngine.GetDebuggedDLLBaseAddress:types {abi="stdcall",ret="long"} + TE_GetDebuggedDLLBaseAddress = TitanEngine.GetDebuggedDLLBaseAddress +-- __declspec(dllexport) long long __stdcall GetDebuggedFileBaseAddress(); + TitanEngine.GetDebuggedFileBaseAddress:types {abi="stdcall",ret="long"} + TE_GetDebuggedFileBaseAddress = TitanEngine.GetDebuggedFileBaseAddress +-- __declspec(dllexport) bool __stdcall GetRemoteString(HANDLE hProcess, LPVOID StringAddress, LPVOID StringStorage, int MaximumStringSize); + TitanEngine.GetRemoteString:types {"long","long","pointer","long",abi="stdcall",ret="byte"} + TE_GetRemoteString = TitanEngine.GetRemoteString +-- __declspec(dllexport) long long __stdcall GetFunctionParameter(HANDLE hProcess, DWORD FunctionType, DWORD ParameterNumber, DWORD ParameterType); + TitanEngine.GetFunctionParameter:types {"long","long","long","long",abi="stdcall",ret="long"} + TE_GetFunctionParameter = TitanEngine.GetFunctionParameter +-- __declspec(dllexport) long long __stdcall GetJumpDestinationEx(HANDLE hProcess, ULONG_PTR InstructionAddress, bool JustJumps); + TitanEngine.GetJumpDestinationEx:types {"long","long","long",abi="stdcall",ret="long"} + TE_GetJumpDestinationEx = TitanEngine.GetJumpDestinationEx +-- __declspec(dllexport) long long __stdcall GetJumpDestination(HANDLE hProcess, ULONG_PTR InstructionAddress); + TitanEngine.GetJumpDestination:types {"long","long",abi="stdcall",ret="long"} + TE_GetJumpDestination = TitanEngine.GetJumpDestination +-- __declspec(dllexport) bool __stdcall IsJumpGoingToExecuteEx(HANDLE hProcess, HANDLE hThread, ULONG_PTR InstructionAddress, ULONG_PTR RegFlags); + TitanEngine.IsJumpGoingToExecuteEx:types {"long","long","long","long",abi="stdcall",ret="byte"} + TE_IsJumpGoingToExecuteEx = TitanEngine.IsJumpGoingToExecuteEx +-- __declspec(dllexport) bool __stdcall IsJumpGoingToExecute(); + TitanEngine.IsJumpGoingToExecute:types {abi="stdcall",ret="byte"} + TE_IsJumpGoingToExecute = TitanEngine.IsJumpGoingToExecute +-- __declspec(dllexport) void __stdcall SetCustomHandler(DWORD ExceptionId, LPVOID CallBack); + TitanEngine.SetCustomHandler:types {"long","callback",abi="stdcall"} + TE_SetCustomHandler = TitanEngine.SetCustomHandler +-- __declspec(dllexport) void __stdcall ForceClose(); + TitanEngine.ForceClose:types {abi="stdcall"} + TE_ForceClose = TitanEngine.ForceClose +-- __declspec(dllexport) void __stdcall StepInto(LPVOID traceCallBack); + TitanEngine.StepInto:types {"callback",abi="stdcall"} + TE_StepInto = TitanEngine.StepInto +-- __declspec(dllexport) void __stdcall StepOver(LPVOID traceCallBack); + TitanEngine.StepOver:types {"callback",abi="stdcall"} + TE_StepOver = TitanEngine.StepOver +-- __declspec(dllexport) void __stdcall SingleStep(DWORD StepCount, LPVOID StepCallBack); + TitanEngine.SingleStep:types {"long","callback",abi="stdcall"} + TE_SingleStep = TitanEngine.SingleStep +-- __declspec(dllexport) bool __stdcall GetUnusedHardwareBreakPointRegister(LPDWORD RegisterIndex); + TitanEngine.GetUnusedHardwareBreakPointRegister:types {"long",abi="stdcall",ret="byte"} + TE_GetUnusedHardwareBreakPointRegister = TitanEngine.GetUnusedHardwareBreakPointRegister +-- __declspec(dllexport) bool __stdcall SetHardwareBreakPointEx(HANDLE hActiveThread, ULONG_PTR bpxAddress, DWORD IndexOfRegister, DWORD bpxType, DWORD bpxSize, LPVOID bpxCallBack, LPDWORD IndexOfSelectedRegister); + TitanEngine.SetHardwareBreakPointEx:types {"long","long","long","long","long","callback","pointer",abi="stdcall",ret="byte"} + TE_SetHardwareBreakPointEx = TitanEngine.SetHardwareBreakPointEx +-- __declspec(dllexport) bool __stdcall SetHardwareBreakPoint(ULONG_PTR bpxAddress, DWORD IndexOfRegister, DWORD bpxType, DWORD bpxSize, LPVOID bpxCallBack); + TitanEngine.SetHardwareBreakPoint:types {"long","long","long","long","callback",abi="stdcall",ret="byte"} + TE_SetHardwareBreakPoint = TitanEngine.SetHardwareBreakPoint +-- __declspec(dllexport) bool __stdcall DeleteHardwareBreakPoint(DWORD IndexOfRegister); + TitanEngine.DeleteHardwareBreakPoint:types {"long",abi="stdcall",ret="byte"} + TE_DeleteHardwareBreakPoint = TitanEngine.DeleteHardwareBreakPoint +-- __declspec(dllexport) bool __stdcall RemoveAllBreakPoints(DWORD RemoveOption); + TitanEngine.RemoveAllBreakPoints:types {"long",abi="stdcall",ret="byte"} + TE_RemoveAllBreakPoints = TitanEngine.RemoveAllBreakPoints +-- __declspec(dllexport) void* __stdcall GetProcessInformation(); + TitanEngine.GetProcessInformation:types {abi="stdcall",ret="pointer"} + TE_GetProcessInformation = TitanEngine.GetProcessInformation +-- __declspec(dllexport) void* __stdcall GetStartupInformation(); + TitanEngine.GetStartupInformation:types {abi="stdcall",ret="pointer"} + TE_GetStartupInformation = TitanEngine.GetStartupInformation +-- __declspec(dllexport) void __stdcall DebugLoop(); + TitanEngine.DebugLoop:types {abi="stdcall"} + TE_DebugLoop = TitanEngine.DebugLoop +-- __declspec(dllexport) void __stdcall SetDebugLoopTimeOut(DWORD TimeOut); + TitanEngine.SetDebugLoopTimeOut:types {"long",abi="stdcall"} + TE_SetDebugLoopTimeOut = TitanEngine.SetDebugLoopTimeOut +-- __declspec(dllexport) void __stdcall SetNextDbgContinueStatus(DWORD SetDbgCode); + TitanEngine.SetNextDbgContinueStatus:types {"long",abi="stdcall"} + TE_SetNextDbgContinueStatus = TitanEngine.SetNextDbgContinueStatus +-- __declspec(dllexport) bool __stdcall AttachDebugger(DWORD ProcessId, bool KillOnExit, LPVOID DebugInfo, LPVOID CallBack); + TitanEngine.AttachDebugger:types {"long","long","pointer","callback",abi="stdcall",ret="byte"} + TE_AttachDebugger = TitanEngine.AttachDebugger +-- __declspec(dllexport) bool __stdcall DetachDebugger(DWORD ProcessId); + TitanEngine.DetachDebugger:types {"long",abi="stdcall",ret="byte"} + TE_DetachDebugger = TitanEngine.DetachDebugger +-- __declspec(dllexport) bool __stdcall DetachDebuggerEx(DWORD ProcessId); + TitanEngine.DetachDebuggerEx:types {"long",abi="stdcall",ret="byte"} + TE_DetachDebuggerEx = TitanEngine.DetachDebuggerEx +-- __declspec(dllexport) void __stdcall DebugLoopEx(DWORD TimeOut); + TitanEngine.DebugLoopEx:types {"long",abi="stdcall"} + TE_DebugLoopEx = TitanEngine.DebugLoopEx +-- __declspec(dllexport) void __stdcall DebugLoop(); + TitanEngine.DebugLoop:types {abi="stdcall"} + TE_DebugLoop = TitanEngine.DebugLoop +-- __declspec(dllexport) void __stdcall AutoDebugEx(char* szFileName, bool ReserveModuleBase, char* szCommandLine, char* szCurrentFolder, DWORD TimeOut, LPVOID EntryCallBack); + TitanEngine.AutoDebugEx:types {"string","long","string","string","long","callback",abi="stdcall"} + TE_AutoDebugEx = TitanEngine.AutoDebugEx +-- __declspec(dllexport) bool __stdcall IsFileBeingDebugged(); + TitanEngine.IsFileBeingDebugged:types {abi="stdcall",ret="byte"} + TE_IsFileBeingDebugged = TitanEngine.IsFileBeingDebugged +-- __declspec(dllexport) void __stdcall SetErrorModel(bool DisplayErrorMessages); + TitanEngine.SetErrorModel:types {"byte",abi="stdcall"} + TE_SetErrorModel = TitanEngine.SetErrorModel +-- +-- TitanEngine.FindOEP.functions: +-- +-- __declspec(dllexport) void __stdcall FindOEPInit(); + TitanEngine.FindOEPInit:types {abi="stdcall"} + TE_FindOEPInit = TitanEngine.FindOEPInit +-- __declspec(dllexport) bool __stdcall FindOEPGenerically(char* szFileName, LPVOID TraceInitCallBack, LPVOID CallBack); + TitanEngine.FindOEPGenerically:types {"string","callback","callback",abi="stdcall",ret="byte"} + TE_FindOEPGenerically = TitanEngine.FindOEPGenerically +-- +-- TitanEngine.Importer.functions: +-- +-- __declspec(dllexport) void __stdcall ImporterCleanup(); + TitanEngine.ImporterCleanup:types {abi="stdcall"} + TE_ImporterCleanup = TitanEngine.ImporterCleanup +-- __declspec(dllexport) void __stdcall ImporterSetImageBase(ULONG_PTR ImageBase); + TitanEngine.ImporterSetImageBase:types {"long",abi="stdcall"} + TE_ImporterSetImageBase = TitanEngine.ImporterSetImageBase +-- __declspec(dllexport) void __stdcall ImporterSetUnknownDelta(ULONG_PTR DeltaAddress); + TitanEngine.ImporterSetUnknownDelta:types {"long",abi="stdcall"} + TE_ImporterSetUnknownDelta = TitanEngine.ImporterSetUnknownDelta +-- __declspec(dllexport) long long __stdcall ImporterGetCurrentDelta(); + TitanEngine.ImporterGetCurrentDelta:types {abi="stdcall",ret="long"} + TE_ImporterGetCurrentDelta = TitanEngine.ImporterGetCurrentDelta +-- __declspec(dllexport) void __stdcall ImporterInit(DWORD MemorySize, ULONG_PTR ImageBase); + TitanEngine.ImporterInit:types {"long","long",abi="stdcall"} + TE_ImporterInit = TitanEngine.ImporterInit +-- __declspec(dllexport) void __stdcall ImporterAddNewDll(char* szDLLName, ULONG_PTR FirstThunk); + TitanEngine.ImporterAddNewDll:types {"string","long",abi="stdcall"} + TE_ImporterAddNewDll = TitanEngine.ImporterAddNewDll +-- __declspec(dllexport) void __stdcall ImporterAddNewAPI(char* szAPIName, ULONG_PTR ThunkValue); + TitanEngine.ImporterAddNewAPI:types {"string","long",abi="stdcall"} + TE_ImporterAddNewAPI = TitanEngine.ImporterAddNewAPI +-- __declspec(dllexport) void __stdcall ImporterAddNewOrdinalAPI(ULONG_PTR OrdinalNumber, ULONG_PTR ThunkValue); + TitanEngine.ImporterAddNewOrdinalAPI:types {"long","long",abi="stdcall"} + TE_ImporterAddNewOrdinalAPI = TitanEngine.ImporterAddNewOrdinalAPI +-- __declspec(dllexport) long __stdcall ImporterGetAddedDllCount(); + TitanEngine.ImporterGetAddedDllCount:types {abi="stdcall",ret="long"} + TE_ImporterGetAddedDllCount = TitanEngine.ImporterGetAddedDllCount +-- __declspec(dllexport) long __stdcall ImporterGetAddedAPICount(); + TitanEngine.ImporterGetAddedAPICount:types {abi="stdcall",ret="long"} + TE_ImporterGetAddedAPICount = TitanEngine.ImporterGetAddedAPICount +-- __declspec(dllexport) void* __stdcall ImporterGetLastAddedDLLName(); + TitanEngine.ImporterGetLastAddedDLLName:types {abi="stdcall",ret="string"} + TE_ImporterGetLastAddedDLLName = TitanEngine.ImporterGetLastAddedDLLName +-- __declspec(dllexport) void __stdcall ImporterMoveIAT(); + TitanEngine.ImporterMoveIAT:types {abi="stdcall"} + TE_ImporterMoveIAT = TitanEngine.ImporterMoveIAT +-- __declspec(dllexport) bool __stdcall ImporterExportIAT(ULONG_PTR StorePlace, ULONG_PTR FileMapVA); + TitanEngine.ImporterExportIAT:types {"long","long",abi="stdcall"} + TE_ImporterExportIAT = TitanEngine.ImporterExportIAT +-- __declspec(dllexport) long __stdcall ImporterEstimatedSize(); + TitanEngine.ImporterEstimatedSize:types {abi="stdcall",ret="long"} + TE_ImporterEstimatedSize = TitanEngine.ImporterEstimatedSize +-- __declspec(dllexport) bool __stdcall ImporterExportIATEx(char* szExportFileName, char* szSectionName); + TitanEngine.ImporterExportIATEx:types {"string","string",abi="stdcall",ret="byte"} + TE_ImporterExportIATEx = TitanEngine.ImporterExportIATEx +-- __declspec(dllexport) long long __stdcall ImporterFindAPIWriteLocation(char* szAPIName); + TitanEngine.ImporterFindAPIWriteLocation:types {"string",abi="stdcall",ret="long"} + TE_ImporterFindAPIWriteLocation = TitanEngine.ImporterFindAPIWriteLocation +-- __declspec(dllexport) long long __stdcall ImporterFindOrdinalAPIWriteLocation(ULONG_PTR OrdinalNumber); + TitanEngine.ImporterFindOrdinalAPIWriteLocation:types {"long",abi="stdcall",ret="long"} + TE_ImporterFindOrdinalAPIWriteLocation = TitanEngine.ImporterFindOrdinalAPIWriteLocation +-- __declspec(dllexport) long long __stdcall ImporterFindAPIByWriteLocation(char* szAPIName); + TitanEngine.ImporterFindAPIByWriteLocation:types {"string",abi="stdcall",ret="long"} + TE_ImporterFindAPIByWriteLocation = TitanEngine.ImporterFindAPIByWriteLocation +-- __declspec(dllexport) long long __stdcall ImporterFindDLLByWriteLocation(ULONG_PTR APIWriteLocation); + TitanEngine.ImporterFindDLLByWriteLocation:types {"long",abi="stdcall",ret="long"} + TE_ImporterFindDLLByWriteLocation = TitanEngine.ImporterFindDLLByWriteLocation +-- __declspec(dllexport) void* __stdcall ImporterGetDLLName(ULONG_PTR APIAddress); + TitanEngine.ImporterGetDLLName:types {"long",abi="stdcall",ret="string"} + TE_ImporterGetDLLName = TitanEngine.ImporterGetDLLName +-- __declspec(dllexport) void* __stdcall ImporterGetAPIName(ULONG_PTR APIAddress); + TitanEngine.ImporterGetAPIName:types {"long",abi="stdcall",ret="string"} + TE_ImporterGetAPIName = TitanEngine.ImporterGetAPIName +-- __declspec(dllexport) long long __stdcall ImporterGetAPIOrdinalNumber(ULONG_PTR APIAddress); + TitanEngine.ImporterGetAPIOrdinalNumber:types {"long",abi="stdcall",ret="long"} + TE_ImporterGetAPIOrdinalNumber = TitanEngine.ImporterGetAPIOrdinalNumber +-- __declspec(dllexport) void* __stdcall ImporterGetAPINameEx(ULONG_PTR APIAddress, ULONG_PTR DLLBasesList); + TitanEngine.ImporterGetAPINameEx:types {"long","pointer",abi="stdcall",ret="string"} + TE_ImporterGetAPINameEx = TitanEngine.ImporterGetAPINameEx +-- __declspec(dllexport) long long __stdcall ImporterGetRemoteAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress); + TitanEngine.ImporterGetRemoteAPIAddress:types {"long","long",abi="stdcall",ret="long"} + TE_ImporterGetRemoteAPIAddress = TitanEngine.ImporterGetRemoteAPIAddress +-- __declspec(dllexport) long long __stdcall ImporterGetRemoteAPIAddressEx(char* szDLLName, char* szAPIName); + TitanEngine.ImporterGetRemoteAPIAddressEx:types {"string","string",abi="stdcall",ret="long"} + TE_ImporterGetRemoteAPIAddressEx = TitanEngine.ImporterGetRemoteAPIAddressEx +-- __declspec(dllexport) long long __stdcall ImporterGetLocalAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress); + TitanEngine.ImporterGetLocalAPIAddress:types {"long","long",abi="stdcall",ret="long"} + TE_ImporterGetLocalAPIAddress = TitanEngine.ImporterGetLocalAPIAddress +-- __declspec(dllexport) void* __stdcall ImporterGetDLLNameFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress); + TitanEngine.ImporterGetDLLNameFromDebugee:types {"long","long",abi="stdcall",ret="string"} + TE_ImporterGetDLLNameFromDebugee = TitanEngine.ImporterGetDLLNameFromDebugee +-- __declspec(dllexport) void* __stdcall ImporterGetAPINameFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress); + TitanEngine.ImporterGetAPINameFromDebugee:types {"long","long",abi="stdcall",ret="string"} + TE_ImporterGetAPINameFromDebugee = TitanEngine.ImporterGetAPINameFromDebugee +-- __declspec(dllexport) long long __stdcall ImporterGetAPIOrdinalNumberFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress); + TitanEngine.ImporterGetAPIOrdinalNumberFromDebugee:types {"long","long",abi="stdcall",ret="long"} + TE_ImporterGetAPIOrdinalNumberFromDebugee = TitanEngine.ImporterGetAPIOrdinalNumberFromDebugee +-- __declspec(dllexport) long __stdcall ImporterGetDLLIndexEx(ULONG_PTR APIAddress, ULONG_PTR DLLBasesList); + TitanEngine.ImporterGetDLLIndexEx:types {"long","pointer",abi="stdcall",ret="long"} + TE_ImporterGetDLLIndexEx = TitanEngine.ImporterGetDLLIndexEx +-- __declspec(dllexport) long __stdcall ImporterGetDLLIndex(HANDLE hProcess, ULONG_PTR APIAddress, ULONG_PTR DLLBasesList); + TitanEngine.ImporterGetDLLIndex:types {"long","long","pointer",abi="stdcall",ret="long"} + TE_ImporterGetDLLIndex = TitanEngine.ImporterGetDLLIndex +-- __declspec(dllexport) long long __stdcall ImporterGetRemoteDLLBase(HANDLE hProcess, HMODULE LocalModuleBase); + TitanEngine.ImporterGetRemoteDLLBase:types {"long","long",abi="stdcall",ret="long"} + TE_ImporterGetRemoteDLLBase = TitanEngine.ImporterGetRemoteDLLBase +-- __declspec(dllexport) bool __stdcall ImporterRelocateWriteLocation(ULONG_PTR AddValue); + TitanEngine.ImporterRelocateWriteLocation:types {"long",abi="stdcall",ret="byte"} + TE_ImporterRelocateWriteLocation = TitanEngine.ImporterRelocateWriteLocation +-- __declspec(dllexport) bool __stdcall ImporterIsForwardedAPI(HANDLE hProcess, ULONG_PTR APIAddress); + TitanEngine.ImporterIsForwardedAPI:types {"long","long",abi="stdcall",ret="byte"} + TE_ImporterIsForwardedAPI = TitanEngine.ImporterIsForwardedAPI +-- __declspec(dllexport) void* __stdcall ImporterGetForwardedAPIName(HANDLE hProcess, ULONG_PTR APIAddress); + TitanEngine.ImporterGetForwardedAPIName:types {"long","long",abi="stdcall",ret="string"} + TE_ImporterGetForwardedAPIName = TitanEngine.ImporterGetForwardedAPIName +-- __declspec(dllexport) void* __stdcall ImporterGetForwardedDLLName(HANDLE hProcess, ULONG_PTR APIAddress); + TitanEngine.ImporterGetForwardedDLLName:types {"long","long",abi="stdcall",ret="string"} + TE_ImporterGetForwardedDLLName = TitanEngine.ImporterGetForwardedDLLName +-- __declspec(dllexport) long __stdcall ImporterGetForwardedDLLIndex(HANDLE hProcess, ULONG_PTR APIAddress, ULONG_PTR DLLBasesList); + TitanEngine.ImporterGetForwardedDLLIndex:types {"long","long","pointer",abi="stdcall",ret="long"} + TE_ImporterGetForwardedDLLIndex = TitanEngine.ImporterGetForwardedDLLIndex +-- __declspec(dllexport) long long __stdcall ImporterGetForwardedAPIOrdinalNumber(HANDLE hProcess, ULONG_PTR APIAddress); + TitanEngine.ImporterGetForwardedAPIOrdinalNumber:types {"long","long",abi="stdcall",ret="long"} + TE_ImporterGetForwardedAPIOrdinalNumber = TitanEngine.ImporterGetForwardedAPIOrdinalNumber +-- __declspec(dllexport) long long __stdcall ImporterGetNearestAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress); + TitanEngine.ImporterGetNearestAPIAddress:types {"long","long",abi="stdcall",ret="long"} + TE_ImporterGetNearestAPIAddress = TitanEngine.ImporterGetNearestAPIAddress +-- __declspec(dllexport) void* __stdcall ImporterGetNearestAPIName(HANDLE hProcess, ULONG_PTR APIAddress); + TitanEngine.ImporterGetNearestAPIName:types {"long","long",abi="stdcall",ret="string"} + TE_ImporterGetNearestAPIName = TitanEngine.ImporterGetNearestAPIName +-- __declspec(dllexport) bool __stdcall ImporterCopyOriginalIAT(char* szOriginalFile, char* szDumpFile); + TitanEngine.ImporterCopyOriginalIAT:types {"string","string",abi="stdcall",ret="byte"} + TE_ImporterCopyOriginalIAT = TitanEngine.ImporterCopyOriginalIAT +-- __declspec(dllexport) bool __stdcall ImporterLoadImportTable(char* szFileName); + TitanEngine.ImporterLoadImportTable:types {"string",abi="stdcall",ret="byte"} + TE_ImporterLoadImportTable = TitanEngine.ImporterLoadImportTable +-- __declspec(dllexport) bool __stdcall ImporterMoveOriginalIAT(char* szOriginalFile, char* szDumpFile, char* szSectionName); + TitanEngine.ImporterMoveOriginalIAT:types {"string","string","string",abi="stdcall",ret="byte"} + TE_ImporterMoveOriginalIAT = TitanEngine.ImporterMoveOriginalIAT +-- __declspec(dllexport) void __stdcall ImporterAutoSearchIAT(HANDLE hProcess, char* szFileName, ULONG_PTR ImageBase, ULONG_PTR SearchStart, DWORD SearchSize, LPVOID pIATStart, LPVOID pIATSize); + TitanEngine.ImporterAutoSearchIAT:types {"long","string","long","long","long","pointer","pointer",abi="stdcall"} + TE_ImporterAutoSearchIAT = TitanEngine.ImporterAutoSearchIAT +-- __declspec(dllexport) void __stdcall ImporterAutoSearchIATEx(HANDLE hProcess, ULONG_PTR ImageBase, ULONG_PTR SearchStart, DWORD SearchSize, LPVOID pIATStart, LPVOID pIATSize); + TitanEngine.ImporterAutoSearchIATEx:types {"long","long","long","long","pointer","pointer",abi="stdcall"} + TE_ImporterAutoSearchIATEx = TitanEngine.ImporterAutoSearchIATEx +-- __declspec(dllexport) void __stdcall ImporterEnumAddedData(LPVOID EnumCallBack); + TitanEngine.ImporterEnumAddedData:types {"callback",abi="stdcall"} + TE_ImporterEnumAddedData = TitanEngine.ImporterEnumAddedData +-- __declspec(dllexport) long __stdcall ImporterAutoFixIATEx(HANDLE hProcess, char* szDumpedFile, char* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, DWORD SearchSize, DWORD SearchStep, bool TryAutoFix, bool FixEliminations, LPVOID UnknownPointerFixCallback); + TitanEngine.ImporterAutoSearchIATEx:types {"long","string","string","long","long","long","long","long","long","long","long","long","callback",abi="stdcall",ret="long"} + TE_ImporterAutoSearchIATEx = TitanEngine.ImporterAutoSearchIATEx +-- __declspec(dllexport) long __stdcall ImporterAutoFixIAT(HANDLE hProcess, char* szDumpedFile, ULONG_PTR ImageBase, ULONG_PTR SearchStart, DWORD SearchSize, DWORD SearchStep); + TitanEngine.ImporterAutoFixIAT:types {"long","string","long","long","long","long",abi="stdcall",ret="long"} + TE_ImporterAutoFixIAT = TitanEngine.ImporterAutoFixIAT +-- +-- Global.Engine.Hook.functions: +-- +-- __declspec(dllexport) bool __stdcall HooksSafeTransitionEx(LPVOID HookAddressArray, int NumberOfHooks, bool TransitionStart); + TitanEngine.HooksSafeTransitionEx:types {"pointer","long","long",abi="stdcall",ret="byte"} + TE_HooksSafeTransitionEx = TitanEngine.HooksSafeTransitionEx +-- __declspec(dllexport) bool __stdcall HooksSafeTransition(LPVOID HookAddress, bool TransitionStart); + TitanEngine.HooksSafeTransition:types {"long","long",abi="stdcall",ret="byte"} + TE_HooksSafeTransition = TitanEngine.HooksSafeTransition +-- __declspec(dllexport) bool __stdcall HooksIsAddressRedirected(LPVOID HookAddress); + TitanEngine.HooksIsAddressRedirected:types {"long",abi="stdcall",ret="byte"} + TE_HooksIsAddressRedirected = TitanEngine.HooksIsAddressRedirected +-- __declspec(dllexport) void* __stdcall HooksGetTrampolineAddress(LPVOID HookAddress); + TitanEngine.HooksGetTrampolineAddress:types {"long",abi="stdcall",ret="pointer"} + TE_HooksGetTrampolineAddress = TitanEngine.HooksGetTrampolineAddress +-- __declspec(dllexport) void* __stdcall HooksGetHookEntryDetails(LPVOID HookAddress); + TitanEngine.HooksGetHookEntryDetails:types {"long",abi="stdcall",ret="pointer"} + TE_HooksGetHookEntryDetails = TitanEngine.HooksGetHookEntryDetails +-- __declspec(dllexport) bool __stdcall HooksInsertNewRedirection(LPVOID HookAddress, LPVOID RedirectTo, int HookType); + TitanEngine.HooksInsertNewRedirection:types {"long","long","long",abi="stdcall",ret="byte"} + TE_HooksInsertNewRedirection = TitanEngine.HooksInsertNewRedirection +-- __declspec(dllexport) bool __stdcall HooksInsertNewIATRedirectionEx(ULONG_PTR FileMapVA, ULONG_PTR LoadedModuleBase, char* szHookFunction, LPVOID RedirectTo); + TitanEngine.HooksInsertNewIATRedirectionEx:types {"long","long","string","long",abi="stdcall",ret="byte"} + TE_HooksInsertNewIATRedirectionEx = TitanEngine.HooksInsertNewIATRedirectionEx +-- __declspec(dllexport) bool __stdcall HooksInsertNewIATRedirection(char* szModuleName, char* szHookFunction, LPVOID RedirectTo); + TitanEngine.HooksInsertNewIATRedirection:types {"string","string","long",abi="stdcall",ret="byte"} + TE_HooksInsertNewIATRedirection = TitanEngine.HooksInsertNewIATRedirection +-- __declspec(dllexport) bool __stdcall HooksRemoveRedirection(LPVOID HookAddress, bool RemoveAll); + TitanEngine.HooksRemoveRedirection:types {"long","long",abi="stdcall",ret="byte"} + TE_HooksRemoveRedirection = TitanEngine.HooksRemoveRedirection +-- __declspec(dllexport) bool __stdcall HooksRemoveRedirectionsForModule(HMODULE ModuleBase); + TitanEngine.HooksRemoveRedirectionsForModule:types {"long",abi="stdcall",ret="byte"} + TE_HooksRemoveRedirectionsForModule = TitanEngine.HooksRemoveRedirectionsForModule +-- __declspec(dllexport) bool __stdcall HooksRemoveIATRedirection(char* szModuleName, char* szHookFunction, bool RemoveAll); + TitanEngine.HooksRemoveIATRedirection:types {"string","string","long",abi="stdcall",ret="byte"} + TE_HooksRemoveIATRedirection = TitanEngine.HooksRemoveIATRedirection +-- __declspec(dllexport) bool __stdcall HooksDisableRedirection(LPVOID HookAddress, bool DisableAll); + TitanEngine.HooksDisableRedirection:types {"long","long",abi="stdcall",ret="byte"} + TE_HooksDisableRedirection = TitanEngine.HooksDisableRedirection +-- __declspec(dllexport) bool __stdcall HooksDisableRedirectionsForModule(HMODULE ModuleBase); + TitanEngine.HooksDisableRedirectionsForModule:types {"long",abi="stdcall",ret="byte"} + TE_HooksDisableRedirectionsForModule = TitanEngine.HooksDisableRedirectionsForModule +-- __declspec(dllexport) bool __stdcall HooksDisableIATRedirection(char* szModuleName, char* szHookFunction, bool DisableAll); + TitanEngine.HooksDisableIATRedirection:types {"string","string","long",abi="stdcall",ret="byte"} + TE_HooksDisableIATRedirection = TitanEngine.HooksDisableIATRedirection +-- __declspec(dllexport) bool __stdcall HooksEnableRedirection(LPVOID HookAddress, bool EnableAll); + TitanEngine.HooksEnableRedirection:types {"long","long",abi="stdcall",ret="byte"} + TE_HooksEnableRedirection = TitanEngine.HooksEnableRedirection +-- __declspec(dllexport) bool __stdcall HooksEnableRedirectionsForModule(HMODULE ModuleBase); + TitanEngine.HooksEnableRedirectionsForModule:types {"long",abi="stdcall",ret="byte"} + TE_HooksEnableRedirectionsForModule = TitanEngine.HooksEnableRedirectionsForModule +-- __declspec(dllexport) bool __stdcall HooksEnableIATRedirection(char* szModuleName, char* szHookFunction, bool EnableAll); + TitanEngine.HooksEnableIATRedirection:types {"string","string","long",abi="stdcall",ret="byte"} + TE_HooksEnableIATRedirection = TitanEngine.HooksEnableIATRedirection +-- __declspec(dllexport) void __stdcall HooksScanModuleMemory(HMODULE ModuleBase, LPVOID CallBack); + TitanEngine.HooksScanModuleMemory:types {"long","callback",abi="stdcall"} + TE_HooksScanModuleMemory = TitanEngine.HooksScanModuleMemory +-- __declspec(dllexport) void __stdcall HooksScanEntireProcessMemory(LPVOID CallBack); + TitanEngine.HooksScanModuleMemory:types {"callback",abi="stdcall"} + TE_HooksScanModuleMemory = TitanEngine.HooksScanModuleMemory +-- __declspec(dllexport) void __stdcall HooksScanEntireProcessMemoryEx(); + TitanEngine.HooksScanEntireProcessMemoryEx:types {abi="stdcall"} + TE_HooksScanEntireProcessMemoryEx = TitanEngine.HooksScanEntireProcessMemoryEx +-- +-- TitanEngine.Tracer.functions: +-- +-- __declspec(dllexport) void __stdcall TracerInit(); + TitanEngine.TracerInit:types {abi="stdcall"} + TE_TracerInit = TitanEngine.TracerInit +-- __declspec(dllexport) long long __stdcall TracerLevel1(HANDLE hProcess, ULONG_PTR AddressToTrace); + TitanEngine.TracerLevel1:types {"long","long",abi="stdcall",ret="long"} + TE_TracerLevel1 = TitanEngine.TracerLevel1 +-- __declspec(dllexport) long long __stdcall HashTracerLevel1(HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD InputNumberOfInstructions); + TitanEngine.HashTracerLevel1:types {"long","long","long",abi="stdcall",ret="long"} + TE_HashTracerLevel1 = TitanEngine.HashTracerLevel1 +-- __declspec(dllexport) long __stdcall TracerDetectRedirection(HANDLE hProcess, ULONG_PTR AddressToTrace); + TitanEngine.TracerDetectRedirection:types {"long","long",abi="stdcall",ret="long"} + TE_TracerDetectRedirection = TitanEngine.TracerDetectRedirection +-- __declspec(dllexport) long long __stdcall TracerFixKnownRedirection(HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD RedirectionId); + TitanEngine.TracerFixKnownRedirection:types {"long","long","long",abi="stdcall",ret="long"} + TE_TracerFixKnownRedirection = TitanEngine.TracerFixKnownRedirection +-- __declspec(dllexport) long __stdcall TracerFixRedirectionViaImpRecPlugin(HANDLE hProcess, char* szPluginName, ULONG_PTR AddressToTrace); + TitanEngine.TracerFixRedirectionViaImpRecPlugin:types {"long","string","long",abi="stdcall",ret="long"} + TE_TracerFixRedirectionViaImpRecPlugin = TitanEngine.TracerFixRedirectionViaImpRecPlugin +-- +-- TitanEngine.Exporter.functions: +-- +-- __declspec(dllexport) void __stdcall ExporterCleanup(); + TitanEngine.ExporterCleanup:types {abi="stdcall"} + TE_ExporterCleanup = TitanEngine.ExporterCleanup +-- __declspec(dllexport) void __stdcall ExporterSetImageBase(ULONG_PTR ImageBase); + TitanEngine.ExporterSetImageBase:types {"long",abi="stdcall"} + TE_ExporterSetImageBase = TitanEngine.ExporterSetImageBase +-- __declspec(dllexport) void __stdcall ExporterInit(DWORD MemorySize, ULONG_PTR ImageBase, DWORD ExportOrdinalBase, char* szExportModuleName); + TitanEngine.ExporterInit:types {"long","long","long","string",abi="stdcall"} + TE_ExporterInit = TitanEngine.ExporterInit +-- __declspec(dllexport) bool __stdcall ExporterAddNewExport(char* szExportName, DWORD ExportRelativeAddress); + TitanEngine.ExporterAddNewExport:types {"string","long",abi="stdcall",ret="byte"} + TE_ExporterAddNewExport = TitanEngine.ExporterAddNewExport +-- __declspec(dllexport) bool __stdcall ExporterAddNewOrdinalExport(DWORD OrdinalNumber, DWORD ExportRelativeAddress); + TitanEngine.ExporterAddNewOrdinalExport:types {"long","long",abi="stdcall",ret="byte"} + TE_ExporterAddNewOrdinalExport = TitanEngine.ExporterAddNewOrdinalExport +-- __declspec(dllexport) long __stdcall ExporterGetAddedExportCount(); + TitanEngine.ExporterGetAddedExportCount:types {abi="stdcall",ret="long"} + TE_ExporterGetAddedExportCount = TitanEngine.ExporterGetAddedExportCount +-- __declspec(dllexport) long __stdcall ExporterEstimatedSize(); + TitanEngine.ExporterEstimatedSize:types {abi="stdcall",ret="long"} + TE_ExporterEstimatedSize = TitanEngine.ExporterEstimatedSize +-- __declspec(dllexport) bool __stdcall ExporterBuildExportTable(ULONG_PTR StorePlace, ULONG_PTR FileMapVA); + TitanEngine.ExporterBuildExportTable:types {"long","long",abi="stdcall",ret="byte"} + TE_ExporterBuildExportTable = TitanEngine.ExporterBuildExportTable +-- __declspec(dllexport) bool __stdcall ExporterBuildExportTableEx(char* szExportFileName, char* szSectionName); + TitanEngine.ExporterBuildExportTableEx:types {"string","string",abi="stdcall",ret="byte"} + TE_ExporterBuildExportTableEx = TitanEngine.ExporterBuildExportTableEx +-- __declspec(dllexport) bool __stdcall ExporterLoadExportTable(char* szFileName); + TitanEngine.ExporterLoadExportTable:types {"string",abi="stdcall",ret="byte"} + TE_ExporterLoadExportTable = TitanEngine.ExporterLoadExportTable +-- +-- TitanEngine.Librarian.functions: +-- +-- __declspec(dllexport) bool __stdcall LibrarianSetBreakPoint(char* szLibraryName, DWORD bpxType, bool SingleShoot, LPVOID bpxCallBack); + TitanEngine.LibrarianSetBreakPoint:types {"string","long","long","callback",abi="stdcall",ret="byte"} + TE_LibrarianSetBreakPoint = TitanEngine.LibrarianSetBreakPoint +-- __declspec(dllexport) bool __stdcall LibrarianRemoveBreakPoint(char* szLibraryName, DWORD bpxType); + TitanEngine.LibrarianRemoveBreakPoint:types {"string","long",abi="stdcall",ret="byte"} + TE_LibrarianRemoveBreakPoint = TitanEngine.LibrarianRemoveBreakPoint +-- __declspec(dllexport) void* __stdcall LibrarianGetLibraryInfo(char* szLibraryName); + TitanEngine.LibrarianGetLibraryInfo:types {"string",abi="stdcall",ret="pointer"} + TE_LibrarianGetLibraryInfo = TitanEngine.LibrarianGetLibraryInfo +-- __declspec(dllexport) void* __stdcall LibrarianGetLibraryInfoEx(void* BaseOfDll); + TitanEngine.LibrarianGetLibraryInfoEx:types {"long",abi="stdcall",ret="pointer"} + TE_LibrarianGetLibraryInfoEx = TitanEngine.LibrarianGetLibraryInfoEx +-- __declspec(dllexport) void __stdcall LibrarianEnumLibraryInfo(void* EnumCallBack); + TitanEngine.LibrarianEnumLibraryInfo:types {"callback",abi="stdcall"} + TE_LibrarianEnumLibraryInfo = TitanEngine.LibrarianEnumLibraryInfo +-- +-- TitanEngine.Process.functions: +-- +-- __declspec(dllexport) long __stdcall GetActiveProcessId(char* szImageName); + TitanEngine.GetActiveProcessId:types {"string",abi="stdcall",ret="long"} + TE_GetActiveProcessId = TitanEngine.GetActiveProcessId +-- __declspec(dllexport) void __stdcall EnumProcessesWithLibrary(char* szLibraryName, void* EnumFunction); + TitanEngine.EnumProcessesWithLibrary:types {"string","callback",abi="stdcall"} + TE_EnumProcessesWithLibrary = TitanEngine.EnumProcessesWithLibrary +-- +-- TitanEngine.TLSFixer.functions: +-- +-- __declspec(dllexport) bool __stdcall TLSBreakOnCallBack(LPVOID ArrayOfCallBacks, DWORD NumberOfCallBacks, LPVOID bpxCallBack); + TitanEngine.TLSBreakOnCallBack:types {"pointer","long","callback",abi="stdcall",ret="byte"} + TE_TLSBreakOnCallBack = TitanEngine.TLSBreakOnCallBack +-- __declspec(dllexport) bool __stdcall TLSGrabCallBackData(char* szFileName, LPVOID ArrayOfCallBacks, LPDWORD NumberOfCallBacks); + TitanEngine.TLSGrabCallBackData:types {"string","pointer","pointer",abi="stdcall",ret="byte"} + TE_TLSGrabCallBackData = TitanEngine.TLSGrabCallBackData +-- __declspec(dllexport) bool __stdcall TLSBreakOnCallBackEx(char* szFileName, LPVOID bpxCallBack); + TitanEngine.TLSBreakOnCallBackEx:types {"string","callback",abi="stdcall",ret="byte"} + TE_TLSBreakOnCallBackEx = TitanEngine.TLSBreakOnCallBackEx +-- __declspec(dllexport) bool __stdcall TLSRemoveCallback(char* szFileName); + TitanEngine.TLSRemoveCallback:types {"string",abi="stdcall",ret="byte"} + TE_TLSRemoveCallback = TitanEngine.TLSRemoveCallback +-- __declspec(dllexport) bool __stdcall TLSRemoveTable(char* szFileName); + TitanEngine.TLSRemoveTable:types {"string",abi="stdcall",ret="byte"} + TE_TLSRemoveTable = TitanEngine.TLSRemoveTable +-- __declspec(dllexport) bool __stdcall TLSBackupData(char* szFileName); + TitanEngine.TLSBackupData:types {"string",abi="stdcall",ret="byte"} + TE_TLSBackupData = TitanEngine.TLSBackupData +-- __declspec(dllexport) bool __stdcall TLSRestoreData(); + TitanEngine.TLSRestoreData:types {abi="stdcall",ret="byte"} + TE_TLSRestoreData = TitanEngine.TLSRestoreData +-- __declspec(dllexport) bool __stdcall TLSBuildNewTable(ULONG_PTR FileMapVA, ULONG_PTR StorePlace, ULONG_PTR StorePlaceRVA, LPVOID ArrayOfCallBacks, DWORD NumberOfCallBacks); + TitanEngine.TLSBuildNewTable:types {"long","long","long","pointer","long",abi="stdcall",ret="byte"} + TE_TLSBuildNewTable = TitanEngine.TLSBuildNewTable +-- __declspec(dllexport) bool __stdcall TLSBuildNewTableEx(char* szFileName, char* szSectionName, LPVOID ArrayOfCallBacks, DWORD NumberOfCallBacks); + TitanEngine.TLSBuildNewTableEx:types {"string","string","pointer","long",abi="stdcall",ret="byte"} + TE_TLSBuildNewTableEx = TitanEngine.TLSBuildNewTableEx +-- +-- TitanEngine.Handler.functions: +-- +-- __declspec(dllexport) long __stdcall HandlerGetActiveHandleCount(DWORD ProcessId); + TitanEngine.HandlerGetActiveHandleCount:types {"long",abi="stdcall",ret="long"} + TE_HandlerGetActiveHandleCount = TitanEngine.HandlerGetActiveHandleCount +-- __declspec(dllexport) bool __stdcall HandlerIsHandleOpen(DWORD ProcessId, HANDLE hHandle); + TitanEngine.HandlerIsHandleOpen:types {"long","long",abi="stdcall",ret="byte"} + TE_HandlerIsHandleOpen = TitanEngine.HandlerIsHandleOpen +-- __declspec(dllexport) void* __stdcall HandlerGetHandleName(HANDLE hProcess, DWORD ProcessId, HANDLE hHandle, bool TranslateName); + TitanEngine.HandlerGetHandleName:types {"long","long","long","long",abi="stdcall",ret="string"} + TE_HandlerGetHandleName = TitanEngine.HandlerGetHandleName +-- __declspec(dllexport) long __stdcall HandlerEnumerateOpenHandles(DWORD ProcessId, LPVOID HandleBuffer, DWORD MaxHandleCount); + TitanEngine.HandlerEnumerateOpenHandles:types {"long","pointer","long",abi="stdcall",ret="long"} + TE_HandlerEnumerateOpenHandles = TitanEngine.HandlerEnumerateOpenHandles +-- __declspec(dllexport) long long __stdcall HandlerGetHandleDetails(HANDLE hProcess, DWORD ProcessId, HANDLE hHandle, DWORD InformationReturn); + TitanEngine.HandlerGetHandleDetails:types {"long","long","long","long",abi="stdcall",ret="long"} + TE_HandlerGetHandleDetails = TitanEngine.HandlerGetHandleDetails +-- __declspec(dllexport) bool __stdcall HandlerCloseRemoteHandle(HANDLE hProcess, HANDLE hHandle); + TitanEngine.HandlerCloseRemoteHandle:types {"long","long",abi="stdcall",ret="byte"} + TE_HandlerCloseRemoteHandle = TitanEngine.HandlerCloseRemoteHandle +-- __declspec(dllexport) long __stdcall HandlerEnumerateLockHandles(char* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated, LPVOID HandleDataBuffer, DWORD MaxHandleCount); + TitanEngine.HandlerEnumerateLockHandles:types {"string","long","long","pointer","long",abi="stdcall",ret="long"} + TE_HandlerEnumerateLockHandles = TitanEngine.HandlerEnumerateLockHandles +-- __declspec(dllexport) bool __stdcall HandlerCloseAllLockHandles(char* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated); + TitanEngine.HandlerCloseAllLockHandles:types {"string","long","long",abi="stdcall",ret="byte"} + TE_HandlerCloseAllLockHandles = TitanEngine.HandlerCloseAllLockHandles +-- __declspec(dllexport) bool __stdcall HandlerIsFileLocked(char* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated); + TitanEngine.HandlerIsFileLocked:types {"string","long","long",abi="stdcall",ret="byte"} + TE_HandlerIsFileLocked = TitanEngine.HandlerIsFileLocked +-- __declspec(dllexport) long __stdcall HandlerEnumerateOpenMutexes(HANDLE hProcess, DWORD ProcessId, LPVOID HandleBuffer, DWORD MaxHandleCount); + TitanEngine.HandlerEnumerateOpenMutexes:types {"long","long","pointer","long",abi="stdcall",ret="long"} + TE_HandlerEnumerateOpenMutexes = TitanEngine.HandlerEnumerateOpenMutexes +-- __declspec(dllexport) long long __stdcall HandlerGetOpenMutexHandle(HANDLE hProcess, DWORD ProcessId, char* szMutexString); + TitanEngine.HandlerGetOpenMutexHandle:types {"long","long","string",abi="stdcall",ret="long"} + TE_HandlerGetOpenMutexHandle = TitanEngine.HandlerGetOpenMutexHandle +-- ___declspec(dllexport) long __stdcall HandlerGetProcessIdWhichCreatedMutex(char* szMutexString); + TitanEngine.HandlerGetProcessIdWhichCreatedMutex:types {"string",abi="stdcall",ret="long"} + TE_HandlerGetProcessIdWhichCreatedMutex = TitanEngine.HandlerGetProcessIdWhichCreatedMutex +-- +-- TitanEngine.TranslateName.functions: +-- +-- __declspec(dllexport) void* __stdcall TranslateNativeName(char* szNativeName); + TitanEngine.TranslateNativeName:types {"string",abi="stdcall",ret="string"} + TE_TranslateNativeName = TitanEngine.TranslateNativeName +-- +-- TitanEngine.Injector.functions: +-- +-- __declspec(dllexport) bool __stdcall RemoteLoadLibrary(HANDLE hProcess, char* szLibraryFile, bool WaitForThreadExit); + TitanEngine.RemoteLoadLibrary:types {"long","string","long",abi="stdcall",ret="byte"} + TE_RemoteLoadLibrary = TitanEngine.RemoteLoadLibrary +-- __declspec(dllexport) bool __stdcall RemoteFreeLibrary(HANDLE hProcess, HMODULE hModule, char* szLibraryFile, bool WaitForThreadExit); + TitanEngine.RemoteFreeLibrary:types {"long","long","string","long",abi="stdcall",ret="byte"} + TE_RemoteFreeLibrary = TitanEngine.RemoteFreeLibrary +-- __declspec(dllexport) bool __stdcall RemoteExitProcess(HANDLE hProcess, DWORD ExitCode); + TitanEngine.RemoteExitProcess:types {"long","long",abi="stdcall",ret="byte"} + TE_RemoteExitProcess = TitanEngine.RemoteExitProcess +-- +-- TitanEngine.StaticUnpacker.functions: +-- +-- __declspec(dllexport) bool __stdcall StaticFileLoad(char* szFileName, DWORD DesiredAccess, bool SimulateLoad, LPHANDLE FileHandle, LPDWORD LoadedSize, LPHANDLE FileMap, PULONG_PTR FileMapVA); + TitanEngine.StaticFileLoad:types {"string","long","long","pointer","pointer","pointer","pointer",abi="stdcall",ret="byte"} + TE_StaticFileLoad = TitanEngine.StaticFileLoad +-- __declspec(dllexport) bool __stdcall StaticFileUnload(char* szFileName, bool CommitChanges, HANDLE FileHandle, DWORD LoadedSize, HANDLE FileMap, ULONG_PTR FileMapVA); + TitanEngine.StaticFileUnload:types {"string","long","long","long","long","long",abi="stdcall",ret="byte"} + TE_StaticFileUnload = TitanEngine.StaticFileUnload +-- __declspec(dllexport) bool __stdcall StaticFileOpen(char* szFileName, DWORD DesiredAccess, LPHANDLE FileHandle, LPDWORD FileSizeLow, LPDWORD FileSizeHigh); + TitanEngine.StaticFileOpen:types {"string","long","pointer","pointer","pointer",abi="stdcall",ret="byte"} + TE_StaticFileOpen = TitanEngine.StaticFileOpen +-- __declspec(dllexport) bool __stdcall StaticFileGetContent(HANDLE FileHandle, DWORD FilePositionLow, LPDWORD FilePositionHigh, void* Buffer, DWORD Size); + TitanEngine.StaticFileGetContent:types {"long","long","pointer","pointer","long",abi="stdcall",ret="byte"} + TE_StaticFileGetContent = TitanEngine.StaticFileGetContent +-- __declspec(dllexport) void __stdcall StaticFileClose(HANDLE FileHandle); + TitanEngine.StaticFileClose:types {"long",abi="stdcall"} + TE_StaticFileClose = TitanEngine.StaticFileClose +-- __declspec(dllexport) void __stdcall StaticMemoryDecrypt(LPVOID MemoryStart, DWORD MemorySize, DWORD DecryptionType, DWORD DecryptionKeySize, ULONG_PTR DecryptionKey); + TitanEngine.StaticMemoryDecrypt:types {"long","long","long","long","long",abi="stdcall"} + TE_StaticMemoryDecrypt = TitanEngine.StaticMemoryDecrypt +-- __declspec(dllexport) void __stdcall StaticMemoryDecryptEx(LPVOID MemoryStart, DWORD MemorySize, DWORD DecryptionKeySize, void* DecryptionCallBack); + TitanEngine.StaticMemoryDecryptEx:types {"long","long","long","long","callback",abi="stdcall"} + TE_StaticMemoryDecryptEx = TitanEngine.StaticMemoryDecryptEx +-- __declspec(dllexport) void __stdcall StaticMemoryDecryptSpecial(LPVOID MemoryStart, DWORD MemorySize, DWORD DecryptionKeySize, DWORD SpecDecryptionType, void* DecryptionCallBack); + TitanEngine.StaticMemoryDecryptSpecial:types {"long","long","long","long","callback",abi="stdcall"} + TE_StaticMemoryDecryptSpecial = TitanEngine.StaticMemoryDecryptSpecial +-- __declspec(dllexport) void __stdcall StaticSectionDecrypt(ULONG_PTR FileMapVA, DWORD SectionNumber, bool SimulateLoad, DWORD DecryptionType, DWORD DecryptionKeySize, ULONG_PTR DecryptionKey); + TitanEngine.StaticSectionDecrypt:types {"long","long","long","long","long","long",abi="stdcall"} + TE_StaticSectionDecrypt = TitanEngine.StaticSectionDecrypt +-- __declspec(dllexport) bool __stdcall StaticMemoryDecompress(void* Source, DWORD SourceSize, void* Destination, DWORD DestinationSize, int Algorithm); + TitanEngine.StaticMemoryDecompress:types {"pointer","long","pointer","long","long",abi="stdcall",ret="byte"} + TE_StaticMemoryDecompress = TitanEngine.StaticMemoryDecompress +-- __declspec(dllexport) bool __stdcall StaticRawMemoryCopy(HANDLE hFile, ULONG_PTR FileMapVA, ULONG_PTR VitualAddressToCopy, DWORD Size, bool AddressIsRVA, char* szDumpFileName); + TitanEngine.StaticRawMemoryCopy:types {"long","long","long","long","long","string",abi="stdcall",ret="byte"} + TE_StaticRawMemoryCopy = TitanEngine.StaticRawMemoryCopy +-- __declspec(dllexport) bool __stdcall StaticRawMemoryCopyEx(HANDLE hFile, ULONG_PTR RawAddressToCopy, DWORD Size, char* szDumpFileName); + TitanEngine.StaticRawMemoryCopyEx:types {"long","long","long","string",abi="stdcall",ret="byte"} + TE_StaticRawMemoryCopyEx = TitanEngine.StaticRawMemoryCopyEx +-- __declspec(dllexport) bool __stdcall StaticHashMemory(void* MemoryToHash, DWORD SizeOfMemory, void* HashDigest, bool OutputString, int Algorithm); + TitanEngine.StaticHashMemory:types {"long","long","pointer","long","long",abi="stdcall",ret="byte"} + TE_StaticHashMemory = TitanEngine.StaticHashMemory +-- __declspec(dllexport) bool __stdcall StaticHashFile(char* szFileName, char* HashDigest, bool OutputString, int Algorithm); + TitanEngine.StaticHashFile:types {"string","string","long","long",abi="stdcall",ret="byte"} + TE_StaticHashFile = TitanEngine.StaticHashFile +-- CallBacks: +-- typedef bool(__stdcall *fStaticCallBack)(void* sMemoryStart, int sKeySize); +-- TE_StaticMemoryDecryptEx_CB = alien.callback(YourFunctionHere, "pointer", "int", abi = "stdcall", ret = "byte") +-- TE_StaticMemoryDecryptSpecial_CB = alien.callback(YourFunctionHere, "pointer", "int", abi = "stdcall", ret = "byte") +-- +-- TitanEngine.Engine.functions: +-- +-- __declspec(dllexport) void __stdcall SetEngineVariable(DWORD VariableId, bool VariableSet); + TitanEngine.SetEngineVariable:types {"long","long",abi="stdcall"} + TE_SetEngineVariable = TitanEngine.SetEngineVariable +-- __declspec(dllexport) bool __stdcall EngineCreateMissingDependencies(char* szFileName, char* szOutputFolder, bool LogCreatedFiles); + TitanEngine.EngineCreateMissingDependencies:types {"string","string","long",abi="stdcall",ret="byte"} + TE_EngineCreateMissingDependencies = TitanEngine.EngineCreateMissingDependencies +-- __declspec(dllexport) bool __stdcall EngineFakeMissingDependencies(HANDLE hProcess); + TitanEngine.EngineFakeMissingDependencies:types {"long",abi="stdcall",ret="byte"} + TE_EngineFakeMissingDependencies = TitanEngine.EngineFakeMissingDependencies +-- __declspec(dllexport) bool __stdcall EngineDeleteCreatedDependencies(); + TitanEngine.EngineDeleteCreatedDependencies:types {abi="stdcall",ret="byte"} + TE_EngineDeleteCreatedDependencies = TitanEngine.EngineDeleteCreatedDependencies +-- __declspec(dllexport) bool __stdcall EngineCreateUnpackerWindow(char* WindowUnpackerTitle, char* WindowUnpackerLongTitle, char* WindowUnpackerName, char* WindowUnpackerAuthor, void* StartUnpackingCallBack); + TitanEngine.EngineCreateUnpackerWindow:types {"string","string","string","string","callback",abi="stdcall",ret="byte"} + TE_EngineCreateUnpackerWindow = TitanEngine.EngineCreateUnpackerWindow +-- __declspec(dllexport) bool __stdcall EngineAddUnpackerWindowLogMessage(char* szLogMessage); + TitanEngine.EngineAddUnpackerWindowLogMessage:types {"string",abi="stdcall",ret="byte"} + TE_EngineAddUnpackerWindowLogMessage = TitanEngine.EngineAddUnpackerWindowLogMessage +-- +-- TitanEngine.Engine.functions: +-- +-- __declspec(dllexport) bool __stdcall ExtensionManagerIsPluginLoaded(char* szPluginName); + TitanEngine.ExtensionManagerIsPluginLoaded:types {"string",abi="stdcall",ret="byte"} + TE_ExtensionManagerIsPluginLoaded = TitanEngine.ExtensionManagerIsPluginLoaded +-- __declspec(dllexport) bool __stdcall ExtensionManagerIsPluginEnabled(char* szPluginName); + TitanEngine.ExtensionManagerIsPluginEnabled:types {"string",abi="stdcall",ret="byte"} + TE_ExtensionManagerIsPluginEnabled = TitanEngine.ExtensionManagerIsPluginEnabled +-- __declspec(dllexport) bool __stdcall ExtensionManagerDisableAllPlugins(); + TitanEngine.ExtensionManagerDisableAllPlugins:types {abi="stdcall",ret="byte"} + TE_ExtensionManagerDisableAllPlugins = TitanEngine.ExtensionManagerDisableAllPlugins +-- __declspec(dllexport) bool __stdcall ExtensionManagerDisablePlugin(char* szPluginName); + TitanEngine.ExtensionManagerDisablePlugin:types {"string",abi="stdcall",ret="byte"} + TE_ExtensionManagerDisablePlugin = TitanEngine.ExtensionManagerDisablePlugin +-- __declspec(dllexport) bool __stdcall ExtensionManagerEnableAllPlugins(); + TitanEngine.ExtensionManagerEnableAllPlugins:types {abi="stdcall",ret="byte"} + TE_ExtensionManagerEnableAllPlugins = TitanEngine.ExtensionManagerEnableAllPlugins +-- __declspec(dllexport) bool __stdcall ExtensionManagerEnablePlugin(char* szPluginName); + TitanEngine.ExtensionManagerEnablePlugin:types {"string",abi="stdcall",ret="byte"} + TE_ExtensionManagerEnablePlugin = TitanEngine.ExtensionManagerEnablePlugin +-- __declspec(dllexport) bool __stdcall ExtensionManagerUnloadAllPlugins(); + TitanEngine.ExtensionManagerUnloadAllPlugins:types {abi="stdcall",ret="byte"} + TE_ExtensionManagerUnloadAllPlugins = TitanEngine.ExtensionManagerUnloadAllPlugins +-- __declspec(dllexport) bool __stdcall ExtensionManagerUnloadPlugin(char* szPluginName); + TitanEngine.ExtensionManagerUnloadPlugin:types {"string",abi="stdcall",ret="byte"} + TE_ExtensionManagerUnloadPlugin = TitanEngine.ExtensionManagerUnloadPlugin diff --git a/SDK/MASM/TitanEngine.INC b/SDK/MASM/TitanEngine.INC new file mode 100644 index 0000000..2c5f07b --- /dev/null +++ b/SDK/MASM/TitanEngine.INC @@ -0,0 +1,832 @@ +;--- include file created by h2incx v0.99.20 (copyright 2005-2009 japheth) +;--- source file: C:\Users\Administrator\Desktop\h2incx\SDK.h, last modified: 3/8/2010 17:0 +;--- cmdline used for creation: -a -b -d3 -y sdk.h + +include windows.inc +includelib TitanEngine_x86.lib + +UE_ACCESS_READ EQU 0 +UE_ACCESS_WRITE EQU 1 +UE_ACCESS_ALL EQU 2 +UE_HIDE_BASIC EQU 1 +UE_PLUGIN_CALL_REASON_PREDEBUG EQU 1 +UE_PLUGIN_CALL_REASON_EXCEPTION EQU 2 +UE_PLUGIN_CALL_REASON_POSTDEBUG EQU 3 +TEE_HOOK_NRM_JUMP EQU 1 +TEE_HOOK_NRM_CALL EQU 3 +TEE_HOOK_IAT EQU 5 +UE_ENGINE_ALOW_MODULE_LOADING EQU 1 +UE_ENGINE_AUTOFIX_FORWARDERS EQU 2 +UE_ENGINE_PASS_ALL_EXCEPTIONS EQU 3 +UE_ENGINE_NO_CONSOLE_WINDOW EQU 4 +UE_ENGINE_BACKUP_FOR_CRITICAL_FUNCTIONS EQU 5 +UE_ENGINE_CALL_PLUGIN_CALLBACK EQU 6 +UE_ENGINE_RESET_CUSTOM_HANDLER EQU 7 +UE_ENGINE_CALL_PLUGIN_DEBUG_CALLBACK EQU 8 +UE_OPTION_REMOVEALL EQU 1 +UE_OPTION_DISABLEALL EQU 2 +UE_OPTION_REMOVEALLDISABLED EQU 3 +UE_OPTION_REMOVEALLENABLED EQU 4 +UE_STATIC_DECRYPTOR_XOR EQU 1 +UE_STATIC_DECRYPTOR_SUB EQU 2 +UE_STATIC_DECRYPTOR_ADD EQU 3 +UE_STATIC_DECRYPTOR_FOREWARD EQU 1 +UE_STATIC_DECRYPTOR_BACKWARD EQU 2 +UE_STATIC_KEY_SIZE_1 EQU 1 +UE_STATIC_KEY_SIZE_2 EQU 2 +UE_STATIC_KEY_SIZE_4 EQU 4 +UE_STATIC_KEY_SIZE_8 EQU 8 +UE_STATIC_APLIB EQU 1 +UE_STATIC_APLIB_DEPACK EQU 2 +UE_STATIC_LZMA EQU 3 +UE_STATIC_HASH_MD5 EQU 1 +UE_STATIC_HASH_SHA1 EQU 2 +UE_STATIC_HASH_CRC32 EQU 3 +UE_RESOURCE_LANGUAGE_ANY EQU - 1 +UE_PE_OFFSET EQU 0 +UE_IMAGEBASE EQU 1 +UE_OEP EQU 2 +UE_SIZEOFIMAGE EQU 3 +UE_SIZEOFHEADERS EQU 4 +UE_SIZEOFOPTIONALHEADER EQU 5 +UE_SECTIONALIGNMENT EQU 6 +UE_IMPORTTABLEADDRESS EQU 7 +UE_IMPORTTABLESIZE EQU 8 +UE_RESOURCETABLEADDRESS EQU 9 +UE_RESOURCETABLESIZE EQU 10 +UE_EXPORTTABLEADDRESS EQU 11 +UE_EXPORTTABLESIZE EQU 12 +UE_TLSTABLEADDRESS EQU 13 +UE_TLSTABLESIZE EQU 14 +UE_RELOCATIONTABLEADDRESS EQU 15 +UE_RELOCATIONTABLESIZE EQU 16 +UE_TIMEDATESTAMP EQU 17 +UE_SECTIONNUMBER EQU 18 +UE_CHECKSUM EQU 19 +UE_SUBSYSTEM EQU 20 +UE_CHARACTERISTICS EQU 21 +UE_NUMBEROFRVAANDSIZES EQU 22 +UE_SECTIONNAME EQU 23 +UE_SECTIONVIRTUALOFFSET EQU 24 +UE_SECTIONVIRTUALSIZE EQU 25 +UE_SECTIONRAWOFFSET EQU 26 +UE_SECTIONRAWSIZE EQU 27 +UE_SECTIONFLAGS EQU 28 +UE_CH_BREAKPOINT EQU 1 +UE_CH_SINGLESTEP EQU 2 +UE_CH_ACCESSVIOLATION EQU 3 +UE_CH_ILLEGALINSTRUCTION EQU 4 +UE_CH_NONCONTINUABLEEXCEPTION EQU 5 +UE_CH_ARRAYBOUNDSEXCEPTION EQU 6 +UE_CH_FLOATDENORMALOPERAND EQU 7 +UE_CH_FLOATDEVIDEBYZERO EQU 8 +UE_CH_INTEGERDEVIDEBYZERO EQU 9 +UE_CH_INTEGEROVERFLOW EQU 10 +UE_CH_PRIVILEGEDINSTRUCTION EQU 11 +UE_CH_PAGEGUARD EQU 12 +UE_CH_EVERYTHINGELSE EQU 13 +UE_CH_CREATETHREAD EQU 14 +UE_CH_EXITTHREAD EQU 15 +UE_CH_CREATEPROCESS EQU 16 +UE_CH_EXITPROCESS EQU 17 +UE_CH_LOADDLL EQU 18 +UE_CH_UNLOADDLL EQU 19 +UE_CH_OUTPUTDEBUGSTRING EQU 20 +UE_CH_AFTEREXCEPTIONPROCESSING EQU 21 +UE_CH_ALLEVENTS EQU 22 +UE_OPTION_HANDLER_RETURN_HANDLECOUNT EQU 1 +UE_OPTION_HANDLER_RETURN_ACCESS EQU 2 +UE_OPTION_HANDLER_RETURN_FLAGS EQU 3 +UE_OPTION_HANDLER_RETURN_TYPENAME EQU 4 +UE_BREAKPOINT_INT3 EQU 1 +UE_BREAKPOINT_LONG_INT3 EQU 2 +UE_BREAKPOINT_UD2 EQU 3 +UE_BPXREMOVED EQU 0 +UE_BPXACTIVE EQU 1 +UE_BPXINACTIVE EQU 2 +UE_BREAKPOINT EQU 0 +UE_SINGLESHOOT EQU 1 +UE_HARDWARE EQU 2 +UE_MEMORY EQU 3 +UE_MEMORY_READ EQU 4 +UE_MEMORY_WRITE EQU 5 +UE_BREAKPOINT_TYPE_INT3 EQU 10000000h +UE_BREAKPOINT_TYPE_LONG_INT3 EQU 20000000h +UE_BREAKPOINT_TYPE_UD2 EQU 30000000h +UE_HARDWARE_EXECUTE EQU 4 +UE_HARDWARE_WRITE EQU 5 +UE_HARDWARE_READWRITE EQU 6 +UE_HARDWARE_SIZE_1 EQU 7 +UE_HARDWARE_SIZE_2 EQU 8 +UE_HARDWARE_SIZE_4 EQU 9 +UE_ON_LIB_LOAD EQU 1 +UE_ON_LIB_UNLOAD EQU 2 +UE_ON_LIB_ALL EQU 3 +UE_APISTART EQU 0 +UE_APIEND EQU 1 +UE_PLATFORM_x86 EQU 1 +UE_PLATFORM_x64 EQU 2 +UE_PLATFORM_ALL EQU 3 +UE_FUNCTION_STDCALL EQU 1 +UE_FUNCTION_CCALL EQU 2 +UE_FUNCTION_FASTCALL EQU 3 +UE_FUNCTION_STDCALL_RET EQU 4 +UE_FUNCTION_CCALL_RET EQU 5 +UE_FUNCTION_FASTCALL_RET EQU 6 +UE_FUNCTION_STDCALL_CALL EQU 7 +UE_FUNCTION_CCALL_CALL EQU 8 +UE_FUNCTION_FASTCALL_CALL EQU 9 +UE_PARAMETER_BYTE EQU 0 +UE_PARAMETER_WORD EQU 1 +UE_PARAMETER_DWORD EQU 2 +UE_PARAMETER_QWORD EQU 3 +UE_PARAMETER_PTR_BYTE EQU 4 +UE_PARAMETER_PTR_WORD EQU 5 +UE_PARAMETER_PTR_DWORD EQU 6 +UE_PARAMETER_PTR_QWORD EQU 7 +UE_PARAMETER_STRING EQU 8 +UE_PARAMETER_UNICODE EQU 9 +UE_CMP_NOCONDITION EQU 0 +UE_CMP_EQUAL EQU 1 +UE_CMP_NOTEQUAL EQU 2 +UE_CMP_GREATER EQU 3 +UE_CMP_GREATEROREQUAL EQU 4 +UE_CMP_LOWER EQU 5 +UE_CMP_LOWEROREQUAL EQU 6 +UE_CMP_REG_EQUAL EQU 7 +UE_CMP_REG_NOTEQUAL EQU 8 +UE_CMP_REG_GREATER EQU 9 +UE_CMP_REG_GREATEROREQUAL EQU 10 +UE_CMP_REG_LOWER EQU 11 +UE_CMP_REG_LOWEROREQUAL EQU 12 +UE_CMP_ALWAYSFALSE EQU 13 +UE_EAX EQU 1 +UE_EBX EQU 2 +UE_ECX EQU 3 +UE_EDX EQU 4 +UE_EDI EQU 5 +UE_ESI EQU 6 +UE_EBP EQU 7 +UE_ESP EQU 8 +UE_EIP EQU 9 +UE_EFLAGS EQU 10 +UE_DR0 EQU 11 +UE_DR1 EQU 12 +UE_DR2 EQU 13 +UE_DR3 EQU 14 +UE_DR6 EQU 15 +UE_DR7 EQU 16 +UE_RAX EQU 17 +UE_RBX EQU 18 +UE_RCX EQU 19 +UE_RDX EQU 20 +UE_RDI EQU 21 +UE_RSI EQU 22 +UE_RBP EQU 23 +UE_RSP EQU 24 +UE_RIP EQU 25 +UE_RFLAGS EQU 26 +UE_R8 EQU 27 +UE_R9 EQU 28 +UE_R10 EQU 29 +UE_R11 EQU 30 +UE_R12 EQU 31 +UE_R13 EQU 32 +UE_R14 EQU 33 +UE_R15 EQU 34 +UE_CIP EQU 35 +UE_CSP EQU 36 +UE_SEG_GS EQU 37 +UE_SEG_FS EQU 38 +UE_SEG_ES EQU 39 +UE_SEG_DS EQU 40 +UE_SEG_CS EQU 41 +UE_SEG_SS EQU 42 +ifndef @align +@align equ <> +endif +PE32Struct struct @align +PE32Offset DWORD ? +ImageBase DWORD ? +OriginalEntryPoint DWORD ? +NtSizeOfImage DWORD ? +NtSizeOfHeaders DWORD ? +SizeOfOptionalHeaders WORD ? +FileAlignment DWORD ? +SectionAligment DWORD ? +ImportTableAddress DWORD ? +ImportTableSize DWORD ? +ResourceTableAddress DWORD ? +ResourceTableSize DWORD ? +ExportTableAddress DWORD ? +ExportTableSize DWORD ? +TLSTableAddress DWORD ? +TLSTableSize DWORD ? +RelocationTableAddress DWORD ? +RelocationTableSize DWORD ? +TimeDateStamp DWORD ? +SectionNumber WORD ? +CheckSum DWORD ? +SubSystem WORD ? +Characteristics WORD ? +NumberOfRvaAndSizes DWORD ? +PE32Struct ends + +PPE32Struct typedef ptr PE32Struct + +ImportEnumData struct @align +NewDll bool ? +NumberOfImports DWORD ? +ImageBase DWORD ? +BaseImportThunk DWORD ? +ImportThunk DWORD ? +APIName DWORD ? +DLLName DWORD ? +ImportEnumData ends + +PImportEnumData typedef ptr ImportEnumData + +THREAD_ITEM_DATA struct @align +hThread HANDLE ? +dwThreadId DWORD ? +ThreadStartAddress DWORD ? +ThreadLocalBase DWORD ? +THREAD_ITEM_DATA ends + +PTHREAD_ITEM_DATA typedef ptr THREAD_ITEM_DATA + +LIBRARY_ITEM_DATA struct @align +hFile HANDLE ? +BaseOfDll DWORD ? +hFileMapping HANDLE ? +hFileMappingView DWORD ? +szLibraryPath SBYTE MAX_PATH dup (?) +szLibraryName SBYTE MAX_PATH dup (?) +LIBRARY_ITEM_DATA ends + +PLIBRARY_ITEM_DATA typedef ptr LIBRARY_ITEM_DATA + +LIBRARY_ITEM_DATAW struct @align +hFile HANDLE ? +BaseOfDll DWORD ? +hFileMapping HANDLE ? +hFileMappingView DWORD ? +szLibraryPath WORD MAX_PATH dup (?) +szLibraryName WORD MAX_PATH dup (?) +LIBRARY_ITEM_DATAW ends + +PLIBRARY_ITEM_DATAW typedef ptr LIBRARY_ITEM_DATAW + +PROCESS_ITEM_DATA struct @align +hProcess HANDLE ? +dwProcessId DWORD ? +hThread HANDLE ? +dwThreadId DWORD ? +hFile HANDLE ? +BaseOfImage DWORD ? +ThreadStartAddress DWORD ? +ThreadLocalBase DWORD ? +PROCESS_ITEM_DATA ends + +PPROCESS_ITEM_DATA typedef ptr PROCESS_ITEM_DATA + +HandlerArray struct @align +ProcessId DWORD ? +hHandle HANDLE ? +HandlerArray ends + +PHandlerArray typedef ptr HandlerArray + +PluginInformation struct @align +PluginName SBYTE 64 dup (?) +PluginMajorVersion DWORD ? +PluginMinorVersion DWORD ? +PluginBaseAddress HMODULE ? +TitanDebuggingCallBack DWORD ? +TitanRegisterPlugin DWORD ? +TitanReleasePlugin DWORD ? +TitanResetPlugin DWORD ? +PluginDisabled bool ? +PluginInformation ends + +PPluginInformation typedef ptr PluginInformation + +TEE_MAXIMUM_HOOK_SIZE EQU 14 +TEE_MAXIMUM_HOOK_RELOCS EQU 7 +TEE_MAXIMUM_HOOK_INSERT_SIZE EQU 5 + +HOOK_ENTRY struct @align +IATHook bool ? +HookType BYTE ? +HookSize DWORD ? +HookAddress DWORD ? +RedirectionAddress DWORD ? +HookBytes BYTE TEE_MAXIMUM_HOOK_SIZE dup (?) +OriginalBytes BYTE TEE_MAXIMUM_HOOK_SIZE dup (?) +IATHookModuleBase DWORD ? +IATHookNameHash DWORD ? +HookIsEnabled bool ? +HookIsRemote bool ? +PatchedEntry DWORD ? +RelocationInfo DWORD TEE_MAXIMUM_HOOK_RELOCS dup (?) +RelocationCount DWORD ? +HOOK_ENTRY ends + +PHOOK_ENTRY typedef ptr HOOK_ENTRY + +UE_DEPTH_SURFACE EQU 0 +UE_DEPTH_DEEP EQU 1 +UE_UNPACKER_CONDITION_SEARCH_FROM_EP EQU 1 +UE_UNPACKER_CONDITION_LOADLIBRARY EQU 1 +UE_UNPACKER_CONDITION_GETPROCADDRESS EQU 2 +UE_UNPACKER_CONDITION_ENTRYPOINTBREAK EQU 3 +UE_UNPACKER_CONDITION_RELOCSNAPSHOT1 EQU 4 +UE_UNPACKER_CONDITION_RELOCSNAPSHOT2 EQU 5 +UE_FIELD_OK EQU 0 +UE_FIELD_BROKEN_NON_FIXABLE EQU 1 +UE_FIELD_BROKEN_NON_CRITICAL EQU 2 +UE_FIELD_BROKEN_FIXABLE_FOR_STATIC_USE EQU 3 +UE_FIELD_BROKEN_BUT_CAN_BE_EMULATED EQU 4 +UE_FILED_FIXABLE_NON_CRITICAL EQU 5 +UE_FILED_FIXABLE_CRITICAL EQU 6 +UE_FIELD_NOT_PRESET EQU 7 +UE_FIELD_NOT_PRESET_WARNING EQU 8 +UE_RESULT_FILE_OK EQU 10 +UE_RESULT_FILE_INVALID_BUT_FIXABLE EQU 11 +UE_RESULT_FILE_INVALID_AND_NON_FIXABLE EQU 12 +UE_RESULT_FILE_INVALID_FORMAT EQU 13 +FILE_STATUS_INFO struct @align +OveralEvaluation BYTE ? +EvaluationTerminatedByException bool ? +FileIs64Bit bool ? +FileIsDLL bool ? +FileIsConsole bool ? +MissingDependencies bool ? +MissingDeclaredAPIs bool ? +SignatureMZ BYTE ? +SignaturePE BYTE ? +EntryPoint BYTE ? +ImageBase BYTE ? +SizeOfImage BYTE ? +FileAlignment BYTE ? +SectionAlignment BYTE ? +ExportTable BYTE ? +RelocationTable BYTE ? +ImportTable BYTE ? +ImportTableSection BYTE ? +ImportTableData BYTE ? +IATTable BYTE ? +TLSTable BYTE ? +LoadConfigTable BYTE ? +BoundImportTable BYTE ? +COMHeaderTable BYTE ? +ResourceTable BYTE ? +ResourceData BYTE ? +SectionTable BYTE ? +FILE_STATUS_INFO ends + +PFILE_STATUS_INFO typedef ptr FILE_STATUS_INFO + +FILE_FIX_INFO struct @align +OveralEvaluation BYTE ? +FixingTerminatedByException bool ? +FileFixPerformed bool ? +StrippedRelocation bool ? +DontFixRelocations bool ? +OriginalRelocationTableAddress DWORD ? +OriginalRelocationTableSize DWORD ? +StrippedExports bool ? +DontFixExports bool ? +OriginalExportTableAddress DWORD ? +OriginalExportTableSize DWORD ? +StrippedResources bool ? +DontFixResources bool ? +OriginalResourceTableAddress DWORD ? +OriginalResourceTableSize DWORD ? +StrippedTLS bool ? +DontFixTLS bool ? +OriginalTLSTableAddress DWORD ? +OriginalTLSTableSize DWORD ? +StrippedLoadConfig bool ? +DontFixLoadConfig bool ? +OriginalLoadConfigTableAddress DWORD ? +OriginalLoadConfigTableSize DWORD ? +StrippedBoundImports bool ? +DontFixBoundImports bool ? +OriginalBoundImportTableAddress DWORD ? +OriginalBoundImportTableSize DWORD ? +StrippedIAT bool ? +DontFixIAT bool ? +OriginalImportAddressTableAddress DWORD ? +OriginalImportAddressTableSize DWORD ? +StrippedCOM bool ? +DontFixCOM bool ? +OriginalCOMTableAddress DWORD ? +OriginalCOMTableSize DWORD ? +FILE_FIX_INFO ends + +PFILE_FIX_INFO typedef ptr FILE_FIX_INFO + +DumpProcess proto stdcall :HANDLE, :LPVOID, :ptr SBYTE, :DWORD +DumpProcessW proto stdcall :HANDLE, :LPVOID, :ptr WORD, :DWORD +DumpProcessEx proto stdcall :DWORD, :LPVOID, :ptr SBYTE, :DWORD +DumpProcessExW proto stdcall :DWORD, :LPVOID, :ptr WORD, :DWORD +DumpMemory proto stdcall :HANDLE, :LPVOID, :DWORD, :ptr SBYTE +DumpMemoryW proto stdcall :HANDLE, :LPVOID, :DWORD, :ptr WORD +DumpMemoryEx proto stdcall :DWORD, :LPVOID, :DWORD, :ptr SBYTE +DumpMemoryExW proto stdcall :DWORD, :LPVOID, :DWORD, :ptr WORD +DumpRegions proto stdcall :HANDLE, :ptr SBYTE, :bool +DumpRegionsW proto stdcall :HANDLE, :ptr WORD, :bool +DumpRegionsEx proto stdcall :DWORD, :ptr SBYTE, :bool +DumpRegionsExW proto stdcall :DWORD, :ptr WORD, :bool +DumpModule proto stdcall :HANDLE, :LPVOID, :ptr SBYTE +DumpModuleW proto stdcall :HANDLE, :LPVOID, :ptr WORD +DumpModuleEx proto stdcall :DWORD, :LPVOID, :ptr SBYTE +DumpModuleExW proto stdcall :DWORD, :LPVOID, :ptr WORD +PastePEHeader proto stdcall :HANDLE, :LPVOID, :ptr SBYTE +PastePEHeaderW proto stdcall :HANDLE, :LPVOID, :ptr WORD +ExtractSection proto stdcall :ptr SBYTE, :ptr SBYTE, :DWORD +ExtractSectionW proto stdcall :ptr WORD, :ptr WORD, :DWORD +ResortFileSections proto stdcall :ptr SBYTE +ResortFileSectionsW proto stdcall :ptr WORD +FindOverlay proto stdcall :ptr SBYTE, :LPDWORD, :LPDWORD +FindOverlayW proto stdcall :ptr WORD, :LPDWORD, :LPDWORD +ExtractOverlay proto stdcall :ptr SBYTE, :ptr SBYTE +ExtractOverlayW proto stdcall :ptr WORD, :ptr WORD +AddOverlay proto stdcall :ptr SBYTE, :ptr SBYTE +AddOverlayW proto stdcall :ptr WORD, :ptr WORD +CopyOverlay proto stdcall :ptr SBYTE, :ptr SBYTE +CopyOverlayW proto stdcall :ptr WORD, :ptr WORD +RemoveOverlay proto stdcall :ptr SBYTE +RemoveOverlayW proto stdcall :ptr WORD +MakeAllSectionsRWE proto stdcall :ptr SBYTE +MakeAllSectionsRWEW proto stdcall :ptr WORD +AddNewSectionEx proto stdcall :ptr SBYTE, :ptr SBYTE, :DWORD, :DWORD, :LPVOID, :DWORD +AddNewSectionExW proto stdcall :ptr WORD, :ptr SBYTE, :DWORD, :DWORD, :LPVOID, :DWORD +AddNewSection proto stdcall :ptr SBYTE, :ptr SBYTE, :DWORD +AddNewSectionW proto stdcall :ptr WORD, :ptr SBYTE, :DWORD +ResizeLastSection proto stdcall :ptr SBYTE, :DWORD, :bool +ResizeLastSectionW proto stdcall :ptr WORD, :DWORD, :bool +SetSharedOverlay proto stdcall :ptr SBYTE +SetSharedOverlayW proto stdcall :ptr WORD +GetSharedOverlay proto stdcall +GetSharedOverlayW proto stdcall +DeleteLastSection proto stdcall :ptr SBYTE +DeleteLastSectionW proto stdcall :ptr WORD +DeleteLastSectionEx proto stdcall :ptr SBYTE, :DWORD +DeleteLastSectionExW proto stdcall :ptr WORD, :DWORD +GetPE32DataFromMappedFile proto stdcall :DWORD, :DWORD, :DWORD +GetPE32Data proto stdcall :ptr SBYTE, :DWORD, :DWORD +GetPE32DataW proto stdcall :ptr WORD, :DWORD, :DWORD +GetPE32DataFromMappedFileEx proto stdcall :DWORD, :LPVOID +GetPE32DataEx proto stdcall :ptr SBYTE, :LPVOID +GetPE32DataExW proto stdcall :ptr WORD, :LPVOID +SetPE32DataForMappedFile proto stdcall :DWORD, :DWORD, :DWORD, :DWORD +SetPE32Data proto stdcall :ptr SBYTE, :DWORD, :DWORD, :DWORD +SetPE32DataW proto stdcall :ptr WORD, :DWORD, :DWORD, :DWORD +SetPE32DataForMappedFileEx proto stdcall :DWORD, :LPVOID +SetPE32DataEx proto stdcall :ptr SBYTE, :LPVOID +GetPE32SectionNumberFromVA proto stdcall :DWORD, :DWORD +ConvertVAtoFileOffset proto stdcall :DWORD, :DWORD, :bool +ConvertVAtoFileOffsetEx proto stdcall :DWORD, :DWORD, :DWORD, :DWORD, :bool, :bool +ConvertFileOffsetToVA proto stdcall :DWORD, :DWORD, :bool +ConvertFileOffsetToVAEx proto stdcall :DWORD, :DWORD, :DWORD, :DWORD, :bool +FixHeaderCheckSum proto stdcall :ptr SBYTE +FixHeaderCheckSumW proto stdcall :ptr WORD +RealignPE proto stdcall :DWORD, :DWORD, :DWORD +RealignPEEx proto stdcall :ptr SBYTE, :DWORD, :DWORD +RealignPEExW proto stdcall :ptr WORD, :DWORD, :DWORD +WipeSection proto stdcall :ptr SBYTE, :DWORD, :bool +WipeSectionW proto stdcall :ptr WORD, :DWORD, :bool +IsPE32FileValidEx proto stdcall :ptr SBYTE, :DWORD, :LPVOID +IsPE32FileValidExW proto stdcall :ptr WORD, :DWORD, :LPVOID +FixBrokenPE32FileEx proto stdcall :ptr SBYTE, :LPVOID, :LPVOID +FixBrokenPE32FileExW proto stdcall :ptr WORD, :LPVOID, :LPVOID +IsFileDLL proto stdcall :ptr SBYTE, :DWORD +IsFileDLLW proto stdcall :ptr WORD, :DWORD +GetPEBLocation proto stdcall :HANDLE +HideDebugger proto stdcall :HANDLE, :DWORD +UnHideDebugger proto stdcall :HANDLE, :DWORD +RelocaterCleanup proto stdcall +RelocaterInit proto stdcall :DWORD, :DWORD, :DWORD +RelocaterAddNewRelocation proto stdcall :HANDLE, :DWORD, :DWORD +RelocaterEstimatedSize proto stdcall +RelocaterExportRelocation proto stdcall :DWORD, :DWORD, :DWORD +RelocaterExportRelocationEx proto stdcall :ptr SBYTE, :ptr SBYTE +RelocaterExportRelocationExW proto stdcall :ptr WORD, :ptr SBYTE +RelocaterGrabRelocationTable proto stdcall :HANDLE, :DWORD, :DWORD +RelocaterGrabRelocationTableEx proto stdcall :HANDLE, :DWORD, :DWORD, :DWORD +RelocaterMakeSnapshot proto stdcall :HANDLE, :ptr SBYTE, :LPVOID, :DWORD +RelocaterMakeSnapshotW proto stdcall :HANDLE, :ptr WORD, :LPVOID, :DWORD +RelocaterCompareTwoSnapshots proto stdcall :HANDLE, :DWORD, :DWORD, :ptr SBYTE, :ptr SBYTE, :DWORD +RelocaterCompareTwoSnapshotsW proto stdcall :HANDLE, :DWORD, :DWORD, :ptr WORD, :ptr WORD, :DWORD +RelocaterChangeFileBase proto stdcall :ptr SBYTE, :DWORD +RelocaterChangeFileBaseW proto stdcall :ptr WORD, :DWORD +RelocaterRelocateMemoryBlock proto stdcall :DWORD, :DWORD, :ptr , :DWORD, :DWORD, :DWORD +RelocaterWipeRelocationTable proto stdcall :ptr SBYTE +RelocaterWipeRelocationTableW proto stdcall :ptr WORD +ResourcerLoadFileForResourceUse proto stdcall :ptr SBYTE +ResourcerLoadFileForResourceUseW proto stdcall :ptr WORD +ResourcerFreeLoadedFile proto stdcall :LPVOID +ResourcerExtractResourceFromFileEx proto stdcall :DWORD, :ptr SBYTE, :ptr SBYTE, :ptr SBYTE +ResourcerExtractResourceFromFile proto stdcall :ptr SBYTE, :ptr SBYTE, :ptr SBYTE, :ptr SBYTE +ResourcerExtractResourceFromFileW proto stdcall :ptr WORD, :ptr SBYTE, :ptr SBYTE, :ptr SBYTE +ResourcerFindResource proto stdcall :ptr SBYTE, :ptr SBYTE, :DWORD, :ptr SBYTE, :DWORD, :DWORD, :ptr DWORD, :LPDWORD +ResourcerFindResourceW proto stdcall :ptr WORD, :ptr WORD, :DWORD, :ptr WORD, :DWORD, :DWORD, :ptr DWORD, :LPDWORD +ResourcerFindResourceEx proto stdcall :DWORD, :DWORD, :ptr WORD, :DWORD, :ptr WORD, :DWORD, :DWORD, :ptr DWORD, :LPDWORD +ResourcerEnumerateResource proto stdcall :ptr SBYTE, :ptr +ResourcerEnumerateResourceW proto stdcall :ptr WORD, :ptr +ResourcerEnumerateResourceEx proto stdcall :DWORD, :DWORD, :ptr +ThreaderImportRunningThreadData proto stdcall :DWORD +ThreaderGetThreadInfo proto stdcall :HANDLE, :DWORD +ThreaderEnumThreadInfo proto stdcall :ptr +ThreaderPauseThread proto stdcall :HANDLE +ThreaderResumeThread proto stdcall :HANDLE +ThreaderTerminateThread proto stdcall :HANDLE, :DWORD +ThreaderPauseAllThreads proto stdcall :bool +ThreaderResumeAllThreads proto stdcall :bool +ThreaderPauseProcess proto stdcall +ThreaderResumeProcess proto stdcall +ThreaderCreateRemoteThread proto stdcall :DWORD, :bool, :LPVOID, :LPDWORD +ThreaderInjectAndExecuteCode proto stdcall :LPVOID, :DWORD, :DWORD +ThreaderCreateRemoteThreadEx proto stdcall :HANDLE, :DWORD, :bool, :LPVOID, :LPDWORD +ThreaderInjectAndExecuteCodeEx proto stdcall :HANDLE, :LPVOID, :DWORD, :DWORD +ThreaderSetCallBackForNextExitThreadEvent proto stdcall :LPVOID +ThreaderIsThreadStillRunning proto stdcall :HANDLE +ThreaderIsThreadActive proto stdcall :HANDLE +ThreaderIsAnyThreadActive proto stdcall +ThreaderExecuteOnlyInjectedThreads proto stdcall +ThreaderGetOpenHandleForThread proto stdcall :DWORD +ThreaderGetThreadData proto stdcall +ThreaderIsExceptionInMainThread proto stdcall +StaticDisassembleEx proto stdcall :DWORD, :LPVOID +StaticDisassemble proto stdcall :LPVOID +DisassembleEx proto stdcall :HANDLE, :LPVOID +Disassemble proto stdcall :LPVOID +StaticLengthDisassemble proto stdcall :LPVOID +LengthDisassembleEx proto stdcall :HANDLE, :LPVOID +LengthDisassemble proto stdcall :LPVOID +InitDebug proto stdcall :ptr SBYTE, :ptr SBYTE, :ptr SBYTE +InitDebugW proto stdcall :ptr WORD, :ptr WORD, :ptr WORD +InitDebugEx proto stdcall :ptr SBYTE, :ptr SBYTE, :ptr SBYTE, :LPVOID +InitDebugExW proto stdcall :ptr WORD, :ptr WORD, :ptr WORD, :LPVOID +InitDLLDebug proto stdcall :ptr SBYTE, :bool, :ptr SBYTE, :ptr SBYTE, :LPVOID +InitDLLDebugW proto stdcall :ptr WORD, :bool, :ptr WORD, :ptr WORD, :LPVOID +StopDebug proto stdcall +SetBPXOptions proto stdcall :SDWORD +IsBPXEnabled proto stdcall :DWORD +EnableBPX proto stdcall :DWORD +DisableBPX proto stdcall :DWORD +SetBPX proto stdcall :DWORD, :DWORD, :LPVOID +SetBPXEx proto stdcall :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :LPVOID, :LPVOID, :LPVOID +DeleteBPX proto stdcall :DWORD +SafeDeleteBPX proto stdcall :DWORD +SetAPIBreakPoint proto stdcall :ptr SBYTE, :ptr SBYTE, :DWORD, :DWORD, :LPVOID +DeleteAPIBreakPoint proto stdcall :ptr SBYTE, :ptr SBYTE, :DWORD +SafeDeleteAPIBreakPoint proto stdcall :ptr SBYTE, :ptr SBYTE, :DWORD +SetMemoryBPX proto stdcall :DWORD, :DWORD, :LPVOID +SetMemoryBPXEx proto stdcall :DWORD, :DWORD, :DWORD, :bool, :LPVOID +RemoveMemoryBPX proto stdcall :DWORD, :DWORD +GetContextFPUDataEx proto stdcall :HANDLE, :ptr +GetContextDataEx proto stdcall :HANDLE, :DWORD +GetContextData proto stdcall :DWORD +SetContextFPUDataEx proto stdcall :HANDLE, :ptr +SetContextDataEx proto stdcall :HANDLE, :DWORD, :DWORD +SetContextData proto stdcall :DWORD, :DWORD +ClearExceptionNumber proto stdcall +CurrentExceptionNumber proto stdcall +MatchPatternEx proto stdcall :HANDLE, :ptr , :DWORD, :ptr , :DWORD, :PBYTE +MatchPattern proto stdcall :ptr , :DWORD, :ptr , :DWORD, :PBYTE +FindEx proto stdcall :HANDLE, :LPVOID, :DWORD, :LPVOID, :DWORD, :LPBYTE +Find proto stdcall :LPVOID, :DWORD, :LPVOID, :DWORD, :LPBYTE +FillEx proto stdcall :HANDLE, :LPVOID, :DWORD, :PBYTE +Fill proto stdcall :LPVOID, :DWORD, :PBYTE +PatchEx proto stdcall :HANDLE, :LPVOID, :DWORD, :LPVOID, :DWORD, :bool, :bool +Patch proto stdcall :LPVOID, :DWORD, :LPVOID, :DWORD, :bool, :bool +ReplaceEx proto stdcall :HANDLE, :LPVOID, :DWORD, :LPVOID, :DWORD, :DWORD, :LPVOID, :DWORD, :PBYTE +Replace proto stdcall :LPVOID, :DWORD, :LPVOID, :DWORD, :DWORD, :LPVOID, :DWORD, :PBYTE +GetDebugData proto stdcall +GetTerminationData proto stdcall +GetExitCode proto stdcall +GetDebuggedDLLBaseAddress proto stdcall +GetDebuggedFileBaseAddress proto stdcall +GetRemoteString proto stdcall :HANDLE, :LPVOID, :LPVOID, :DWORD +GetFunctionParameter proto stdcall :HANDLE, :DWORD, :DWORD, :DWORD +GetJumpDestinationEx proto stdcall :HANDLE, :DWORD, :bool +GetJumpDestination proto stdcall :HANDLE, :DWORD +IsJumpGoingToExecuteEx proto stdcall :HANDLE, :HANDLE, :DWORD, :DWORD +IsJumpGoingToExecute proto stdcall +SetCustomHandler proto stdcall :DWORD, :LPVOID +ForceClose proto stdcall +StepInto proto stdcall :LPVOID +StepOver proto stdcall :LPVOID +SingleStep proto stdcall :DWORD, :LPVOID +GetUnusedHardwareBreakPointRegister proto stdcall :LPDWORD +SetHardwareBreakPointEx proto stdcall :HANDLE, :DWORD, :DWORD, :DWORD, :DWORD, :LPVOID, :LPDWORD +SetHardwareBreakPoint proto stdcall :DWORD, :DWORD, :DWORD, :DWORD, :LPVOID +DeleteHardwareBreakPoint proto stdcall :DWORD +RemoveAllBreakPoints proto stdcall :DWORD +GetProcessInformation proto stdcall +GetStartupInformation proto stdcall +DebugLoop proto stdcall +SetDebugLoopTimeOut proto stdcall :DWORD +SetNextDbgContinueStatus proto stdcall :DWORD +AttachDebugger proto stdcall :DWORD, :bool, :LPVOID, :LPVOID +DetachDebugger proto stdcall :DWORD +DetachDebuggerEx proto stdcall :DWORD +DebugLoopEx proto stdcall :DWORD +AutoDebugEx proto stdcall :ptr SBYTE, :bool, :ptr SBYTE, :ptr SBYTE, :DWORD, :LPVOID +AutoDebugExW proto stdcall :ptr WORD, :bool, :ptr WORD, :ptr WORD, :DWORD, :LPVOID +IsFileBeingDebugged proto stdcall +SetErrorModel proto stdcall :bool +FindOEPInit proto stdcall +FindOEPGenerically proto stdcall :ptr SBYTE, :LPVOID, :LPVOID +FindOEPGenericallyW proto stdcall :ptr WORD, :LPVOID, :LPVOID +ImporterCleanup proto stdcall +ImporterSetImageBase proto stdcall :DWORD +ImporterSetUnknownDelta proto stdcall :DWORD +ImporterGetCurrentDelta proto stdcall +ImporterInit proto stdcall :DWORD, :DWORD +ImporterAddNewDll proto stdcall :ptr SBYTE, :DWORD +ImporterAddNewAPI proto stdcall :ptr SBYTE, :DWORD +ImporterAddNewOrdinalAPI proto stdcall :DWORD, :DWORD +ImporterGetAddedDllCount proto stdcall +ImporterGetAddedAPICount proto stdcall +ImporterGetLastAddedDLLName proto stdcall +ImporterMoveIAT proto stdcall +ImporterExportIAT proto stdcall :DWORD, :DWORD +ImporterEstimatedSize proto stdcall +ImporterExportIATEx proto stdcall :ptr SBYTE, :ptr SBYTE +ImporterExportIATExW proto stdcall :ptr WORD, :ptr SBYTE +ImporterFindAPIWriteLocation proto stdcall :ptr SBYTE +ImporterFindOrdinalAPIWriteLocation proto stdcall :DWORD +ImporterFindAPIByWriteLocation proto stdcall :DWORD +ImporterFindDLLByWriteLocation proto stdcall :DWORD +ImporterGetDLLName proto stdcall :DWORD +ImporterGetAPIName proto stdcall :DWORD +ImporterGetAPIOrdinalNumber proto stdcall :DWORD +ImporterGetAPINameEx proto stdcall :DWORD, :DWORD +ImporterGetRemoteAPIAddress proto stdcall :HANDLE, :DWORD +ImporterGetRemoteAPIAddressEx proto stdcall :ptr SBYTE, :ptr SBYTE +ImporterGetLocalAPIAddress proto stdcall :HANDLE, :DWORD +ImporterGetDLLNameFromDebugee proto stdcall :HANDLE, :DWORD +ImporterGetAPINameFromDebugee proto stdcall :HANDLE, :DWORD +ImporterGetAPIOrdinalNumberFromDebugee proto stdcall :HANDLE, :DWORD +ImporterGetDLLIndexEx proto stdcall :DWORD, :DWORD +ImporterGetDLLIndex proto stdcall :HANDLE, :DWORD, :DWORD +ImporterGetRemoteDLLBase proto stdcall :HANDLE, :HMODULE +ImporterRelocateWriteLocation proto stdcall :DWORD +ImporterIsForwardedAPI proto stdcall :HANDLE, :DWORD +ImporterGetForwardedAPIName proto stdcall :HANDLE, :DWORD +ImporterGetForwardedDLLName proto stdcall :HANDLE, :DWORD +ImporterGetForwardedDLLIndex proto stdcall :HANDLE, :DWORD, :DWORD +ImporterGetForwardedAPIOrdinalNumber proto stdcall :HANDLE, :DWORD +ImporterGetNearestAPIAddress proto stdcall :HANDLE, :DWORD +ImporterGetNearestAPIName proto stdcall :HANDLE, :DWORD +ImporterCopyOriginalIAT proto stdcall :ptr SBYTE, :ptr SBYTE +ImporterCopyOriginalIATW proto stdcall :ptr WORD, :ptr WORD +ImporterLoadImportTable proto stdcall :ptr SBYTE +ImporterLoadImportTableW proto stdcall :ptr WORD +ImporterMoveOriginalIAT proto stdcall :ptr SBYTE, :ptr SBYTE, :ptr SBYTE +ImporterMoveOriginalIATW proto stdcall :ptr WORD, :ptr WORD, :ptr SBYTE +ImporterAutoSearchIAT proto stdcall :HANDLE, :ptr SBYTE, :DWORD, :DWORD, :DWORD, :LPVOID, :LPVOID +ImporterAutoSearchIATW proto stdcall :HANDLE, :ptr WORD, :DWORD, :DWORD, :DWORD, :LPVOID, :LPVOID +ImporterAutoSearchIATEx proto stdcall :HANDLE, :DWORD, :DWORD, :DWORD, :LPVOID, :LPVOID +ImporterEnumAddedData proto stdcall :LPVOID +ImporterAutoFixIATEx proto stdcall :HANDLE, :ptr SBYTE, :ptr SBYTE, :bool, :bool, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :bool, :bool, :LPVOID +ImporterAutoFixIATExW proto stdcall :HANDLE, :ptr WORD, :ptr SBYTE, :bool, :bool, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :bool, :bool, :LPVOID +ImporterAutoFixIAT proto stdcall :HANDLE, :ptr SBYTE, :DWORD, :DWORD, :DWORD, :DWORD +ImporterAutoFixIATW proto stdcall :HANDLE, :ptr WORD, :DWORD, :DWORD, :DWORD, :DWORD +HooksSafeTransitionEx proto stdcall :LPVOID, :DWORD, :bool +HooksSafeTransition proto stdcall :LPVOID, :bool +HooksIsAddressRedirected proto stdcall :LPVOID +HooksGetTrampolineAddress proto stdcall :LPVOID +HooksGetHookEntryDetails proto stdcall :LPVOID +HooksInsertNewRedirection proto stdcall :LPVOID, :LPVOID, :DWORD +HooksInsertNewIATRedirectionEx proto stdcall :DWORD, :DWORD, :ptr SBYTE, :LPVOID +HooksInsertNewIATRedirection proto stdcall :ptr SBYTE, :ptr SBYTE, :LPVOID +HooksRemoveRedirection proto stdcall :LPVOID, :bool +HooksRemoveRedirectionsForModule proto stdcall :HMODULE +HooksRemoveIATRedirection proto stdcall :ptr SBYTE, :ptr SBYTE, :bool +HooksDisableRedirection proto stdcall :LPVOID, :bool +HooksDisableRedirectionsForModule proto stdcall :HMODULE +HooksDisableIATRedirection proto stdcall :ptr SBYTE, :ptr SBYTE, :bool +HooksEnableRedirection proto stdcall :LPVOID, :bool +HooksEnableRedirectionsForModule proto stdcall :HMODULE +HooksEnableIATRedirection proto stdcall :ptr SBYTE, :ptr SBYTE, :bool +HooksScanModuleMemory proto stdcall :HMODULE, :LPVOID +HooksScanEntireProcessMemory proto stdcall :LPVOID +HooksScanEntireProcessMemoryEx proto stdcall +TracerInit proto stdcall +TracerLevel1 proto stdcall :HANDLE, :DWORD +HashTracerLevel1 proto stdcall :HANDLE, :DWORD, :DWORD +TracerDetectRedirection proto stdcall :HANDLE, :DWORD +TracerFixKnownRedirection proto stdcall :HANDLE, :DWORD, :DWORD +TracerFixRedirectionViaImpRecPlugin proto stdcall :HANDLE, :ptr SBYTE, :DWORD +ExporterCleanup proto stdcall +ExporterSetImageBase proto stdcall :DWORD +ExporterInit proto stdcall :DWORD, :DWORD, :DWORD, :ptr SBYTE +ExporterAddNewExport proto stdcall :ptr SBYTE, :DWORD +ExporterAddNewOrdinalExport proto stdcall :DWORD, :DWORD +ExporterGetAddedExportCount proto stdcall +ExporterEstimatedSize proto stdcall +ExporterBuildExportTable proto stdcall :DWORD, :DWORD +ExporterBuildExportTableEx proto stdcall :ptr SBYTE, :ptr SBYTE +ExporterBuildExportTableExW proto stdcall :ptr WORD, :ptr SBYTE +ExporterLoadExportTable proto stdcall :ptr SBYTE +ExporterLoadExportTableW proto stdcall :ptr WORD +LibrarianSetBreakPoint proto stdcall :ptr SBYTE, :DWORD, :bool, :LPVOID +LibrarianRemoveBreakPoint proto stdcall :ptr SBYTE, :DWORD +LibrarianGetLibraryInfo proto stdcall :ptr SBYTE +LibrarianGetLibraryInfoW proto stdcall :ptr WORD +LibrarianGetLibraryInfoEx proto stdcall :ptr +LibrarianGetLibraryInfoExW proto stdcall :ptr +LibrarianEnumLibraryInfo proto stdcall :ptr +LibrarianEnumLibraryInfoW proto stdcall :ptr +GetActiveProcessId proto stdcall :ptr SBYTE +GetActiveProcessIdW proto stdcall :ptr WORD +EnumProcessesWithLibrary proto stdcall :ptr SBYTE, :ptr +TLSBreakOnCallBack proto stdcall :LPVOID, :DWORD, :LPVOID +TLSGrabCallBackData proto stdcall :ptr SBYTE, :LPVOID, :LPDWORD +TLSGrabCallBackDataW proto stdcall :ptr WORD, :LPVOID, :LPDWORD +TLSBreakOnCallBackEx proto stdcall :ptr SBYTE, :LPVOID +TLSBreakOnCallBackExW proto stdcall :ptr WORD, :LPVOID +TLSRemoveCallback proto stdcall :ptr SBYTE +TLSRemoveCallbackW proto stdcall :ptr WORD +TLSRemoveTable proto stdcall :ptr SBYTE +TLSRemoveTableW proto stdcall :ptr WORD +TLSBackupData proto stdcall :ptr SBYTE +TLSBackupDataW proto stdcall :ptr WORD +TLSRestoreData proto stdcall +TLSBuildNewTable proto stdcall :DWORD, :DWORD, :DWORD, :LPVOID, :DWORD +TLSBuildNewTableEx proto stdcall :ptr SBYTE, :ptr SBYTE, :LPVOID, :DWORD +TLSBuildNewTableExW proto stdcall :ptr WORD, :ptr SBYTE, :LPVOID, :DWORD +TranslateNativeName proto stdcall :ptr SBYTE +TranslateNativeNameW proto stdcall :ptr WORD +HandlerGetActiveHandleCount proto stdcall :DWORD +HandlerIsHandleOpen proto stdcall :DWORD, :HANDLE +HandlerGetHandleName proto stdcall :HANDLE, :DWORD, :HANDLE, :bool +HandlerGetHandleNameW proto stdcall :HANDLE, :DWORD, :HANDLE, :bool +HandlerEnumerateOpenHandles proto stdcall :DWORD, :LPVOID, :DWORD +HandlerGetHandleDetails proto stdcall :HANDLE, :DWORD, :HANDLE, :DWORD +HandlerCloseRemoteHandle proto stdcall :HANDLE, :HANDLE +HandlerEnumerateLockHandles proto stdcall :ptr SBYTE, :bool, :bool, :LPVOID, :DWORD +HandlerEnumerateLockHandlesW proto stdcall :ptr WORD, :bool, :bool, :LPVOID, :DWORD +HandlerCloseAllLockHandles proto stdcall :ptr SBYTE, :bool, :bool +HandlerCloseAllLockHandlesW proto stdcall :ptr WORD, :bool, :bool +HandlerIsFileLocked proto stdcall :ptr SBYTE, :bool, :bool +HandlerIsFileLockedW proto stdcall :ptr WORD, :bool, :bool +HandlerEnumerateOpenMutexes proto stdcall :HANDLE, :DWORD, :LPVOID, :DWORD +HandlerGetOpenMutexHandle proto stdcall :HANDLE, :DWORD, :ptr SBYTE +HandlerGetOpenMutexHandleW proto stdcall :HANDLE, :DWORD, :ptr WORD +HandlerGetProcessIdWhichCreatedMutex proto stdcall :ptr SBYTE +HandlerGetProcessIdWhichCreatedMutexW proto stdcall :ptr WORD +RemoteLoadLibrary proto stdcall :HANDLE, :ptr SBYTE, :bool +RemoteLoadLibraryW proto stdcall :HANDLE, :ptr WORD, :bool +RemoteFreeLibrary proto stdcall :HANDLE, :HMODULE, :ptr SBYTE, :bool +RemoteFreeLibraryW proto stdcall :HANDLE, :HMODULE, :ptr WORD, :bool +RemoteExitProcess proto stdcall :HANDLE, :DWORD +StaticFileLoad proto stdcall :ptr SBYTE, :DWORD, :bool, :LPHANDLE, :LPDWORD, :LPHANDLE, :ptr DWORD +StaticFileLoadW proto stdcall :ptr WORD, :DWORD, :bool, :LPHANDLE, :LPDWORD, :LPHANDLE, :ptr DWORD +StaticFileUnload proto stdcall :ptr SBYTE, :bool, :HANDLE, :DWORD, :HANDLE, :DWORD +StaticFileUnloadW proto stdcall :ptr WORD, :bool, :HANDLE, :DWORD, :HANDLE, :DWORD +StaticFileOpen proto stdcall :ptr SBYTE, :DWORD, :LPHANDLE, :LPDWORD, :LPDWORD +StaticFileOpenW proto stdcall :ptr WORD, :DWORD, :LPHANDLE, :LPDWORD, :LPDWORD +StaticFileGetContent proto stdcall :HANDLE, :DWORD, :LPDWORD, :ptr , :DWORD +StaticFileClose proto stdcall :HANDLE +StaticMemoryDecrypt proto stdcall :LPVOID, :DWORD, :DWORD, :DWORD, :DWORD +StaticMemoryDecryptEx proto stdcall :LPVOID, :DWORD, :DWORD, :ptr +StaticMemoryDecryptSpecial proto stdcall :LPVOID, :DWORD, :DWORD, :DWORD, :ptr +StaticSectionDecrypt proto stdcall :DWORD, :DWORD, :bool, :DWORD, :DWORD, :DWORD +StaticMemoryDecompress proto stdcall :ptr , :DWORD, :ptr , :DWORD, :DWORD +StaticRawMemoryCopy proto stdcall :HANDLE, :DWORD, :DWORD, :DWORD, :bool, :ptr SBYTE +StaticRawMemoryCopyW proto stdcall :HANDLE, :DWORD, :DWORD, :DWORD, :bool, :ptr WORD +StaticRawMemoryCopyEx proto stdcall :HANDLE, :DWORD, :DWORD, :ptr SBYTE +StaticRawMemoryCopyExW proto stdcall :HANDLE, :DWORD, :DWORD, :ptr WORD +StaticHashMemory proto stdcall :ptr , :DWORD, :ptr , :bool, :DWORD +StaticHashFileW proto stdcall :ptr WORD, :ptr SBYTE, :bool, :DWORD +StaticHashFile proto stdcall :ptr SBYTE, :ptr SBYTE, :bool, :DWORD +EngineUnpackerInitialize proto stdcall :ptr SBYTE, :ptr SBYTE, :bool, :bool, :bool, :ptr +EngineUnpackerInitializeW proto stdcall :ptr WORD, :ptr WORD, :bool, :bool, :bool, :ptr +EngineUnpackerSetBreakCondition proto stdcall :ptr , :DWORD, :ptr , :DWORD, :DWORD, :DWORD, :bool, :DWORD, :DWORD +EngineUnpackerSetEntryPointAddress proto stdcall :DWORD +EngineUnpackerFinalizeUnpacking proto stdcall +SetEngineVariable proto stdcall :DWORD, :bool +EngineCreateMissingDependencies proto stdcall :ptr SBYTE, :ptr SBYTE, :bool +EngineCreateMissingDependenciesW proto stdcall :ptr WORD, :ptr WORD, :bool +EngineFakeMissingDependencies proto stdcall :HANDLE +EngineDeleteCreatedDependencies proto stdcall +EngineCreateUnpackerWindow proto stdcall :ptr SBYTE, :ptr SBYTE, :ptr SBYTE, :ptr SBYTE, :ptr +EngineAddUnpackerWindowLogMessage proto stdcall :ptr SBYTE +ExtensionManagerIsPluginLoaded proto stdcall :ptr SBYTE +ExtensionManagerIsPluginEnabled proto stdcall :ptr SBYTE +ExtensionManagerDisableAllPlugins proto stdcall +ExtensionManagerDisablePlugin proto stdcall :ptr SBYTE +ExtensionManagerEnableAllPlugins proto stdcall +ExtensionManagerEnablePlugin proto stdcall :ptr SBYTE +ExtensionManagerUnloadAllPlugins proto stdcall +ExtensionManagerUnloadPlugin proto stdcall :ptr SBYTE +ExtensionManagerGetPluginInfo proto stdcall :ptr SBYTE + +;--- errors: 0 +;--- end of file --- \ No newline at end of file diff --git a/SDK/Python/TitanEngine.py b/SDK/Python/TitanEngine.py new file mode 100644 index 0000000..6d2a242 --- /dev/null +++ b/SDK/Python/TitanEngine.py @@ -0,0 +1,678 @@ + +from ctypes import * + +TE = windll.LoadLibrary("TitanEngine.dll") + +# check widechar, x64 + +UE_ACCESS_READ = 0 +UE_ACCESS_WRITE = 1 +UE_ACCESS_ALL = 2 + +UE_HIDE_BASIC = 1 + +UE_PLUGIN_CALL_REASON_PREDEBUG = 1 +UE_PLUGIN_CALL_REASON_EXCEPTION = 2 +UE_PLUGIN_CALL_REASON_POSTDEBUG = 3 + +TEE_HOOK_NRM_JUMP = 1 +TEE_HOOK_NRM_CALL = 3 +TEE_HOOK_IAT = 5 + +UE_ENGINE_ALOW_MODULE_LOADING = 1 +UE_ENGINE_AUTOFIX_FORWARDERS = 2 +UE_ENGINE_PASS_ALL_EXCEPTIONS = 3 +UE_ENGINE_NO_CONSOLE_WINDOW = 4 +UE_ENGINE_BACKUP_FOR_CRITICAL_FUNCTIONS = 5 +UE_ENGINE_CALL_PLUGIN_CALLBACK = 6 +UE_ENGINE_RESET_CUSTOM_HANDLER = 7 +UE_ENGINE_CALL_PLUGIN_DEBUG_CALLBACK = 8 + +UE_OPTION_REMOVEALL = 1 +UE_OPTION_DISABLEALL = 2 +UE_OPTION_REMOVEALLDISABLED = 3 +UE_OPTION_REMOVEALLENABLED = 4 + +UE_STATIC_DECRYPTOR_XOR = 1 +UE_STATIC_DECRYPTOR_SUB = 2 +UE_STATIC_DECRYPTOR_ADD = 3 + +UE_STATIC_DECRYPTOR_FOREWARD = 1 +UE_STATIC_DECRYPTOR_BACKWARD = 2 + +UE_STATIC_KEY_SIZE_1 = 1 +UE_STATIC_KEY_SIZE_2 = 2 +UE_STATIC_KEY_SIZE_4 = 4 +UE_STATIC_KEY_SIZE_8 = 8 + +UE_STATIC_APLIB = 1 +UE_STATIC_APLIB_DEPACK = 2 +UE_STATIC_LZMA = 3 + +UE_STATIC_HASH_MD5 = 1 +UE_STATIC_HASH_SHA1 = 2 +UE_STATIC_HASH_CRC32 = 3 + +UE_RESOURCE_LANGUAGE_ANY = -1 + +UE_PE_OFFSET = 0 +UE_IMAGEBASE = 1 +UE_OEP = 2 +UE_SIZEOFIMAGE = 3 +UE_SIZEOFHEADERS = 4 +UE_SIZEOFOPTIONALHEADER = 5 +UE_SECTIONALIGNMENT = 6 +UE_IMPORTTABLEADDRESS = 7 +UE_IMPORTTABLESIZE = 8 +UE_RESOURCETABLEADDRESS = 9 +UE_RESOURCETABLESIZE = 10 +UE_EXPORTTABLEADDRESS = 11 +UE_EXPORTTABLESIZE = 12 +UE_TLSTABLEADDRESS = 13 +UE_TLSTABLESIZE = 14 +UE_RELOCATIONTABLEADDRESS = 15 +UE_RELOCATIONTABLESIZE = 16 +UE_TIMEDATESTAMP = 17 +UE_SECTIONNUMBER = 18 +UE_CHECKSUM = 19 +UE_SUBSYSTEM = 20 +UE_CHARACTERISTICS = 21 +UE_NUMBEROFRVAANDSIZES = 22 +UE_SECTIONNAME = 23 +UE_SECTIONVIRTUALOFFSET = 24 +UE_SECTIONVIRTUALSIZE = 25 +UE_SECTIONRAWOFFSET = 26 +UE_SECTIONRAWSIZE = 27 +UE_SECTIONFLAGS = 28 + +UE_CH_BREAKPOINT = 1 +UE_CH_SINGLESTEP = 2 +UE_CH_ACCESSVIOLATION = 3 +UE_CH_ILLEGALINSTRUCTION = 4 +UE_CH_NONCONTINUABLEEXCEPTION = 5 +UE_CH_ARRAYBOUNDSEXCEPTION = 6 +UE_CH_FLOATDENORMALOPERAND = 7 +UE_CH_FLOATDEVIDEBYZERO = 8 +UE_CH_INTEGERDEVIDEBYZERO = 9 +UE_CH_INTEGEROVERFLOW = 10 +UE_CH_PRIVILEGEDINSTRUCTION = 11 +UE_CH_PAGEGUARD = 12 +UE_CH_EVERYTHINGELSE = 13 +UE_CH_CREATETHREAD = 14 +UE_CH_EXITTHREAD = 15 +UE_CH_CREATEPROCESS = 16 +UE_CH_EXITPROCESS = 17 +UE_CH_LOADDLL = 18 +UE_CH_UNLOADDLL = 19 +UE_CH_OUTPUTDEBUGSTRING = 20 + +UE_OPTION_HANDLER_RETURN_HANDLECOUNT = 1 +UE_OPTION_HANDLER_RETURN_ACCESS = 2 +UE_OPTION_HANDLER_RETURN_FLAGS = 3 +UE_OPTION_HANDLER_RETURN_TYPENAME = 4 + +UE_BREAKPOINT_INT3 = 1 +UE_BREAKPOINT_LONG_INT3 = 2 +UE_BREAKPOINT_UD2 = 3 + +UE_BPXREMOVED = 0 +UE_BPXACTIVE = 1 +UE_BPXINACTIVE = 2 + +UE_BREAKPOINT = 0 +UE_SINGLESHOOT = 1 +UE_HARDWARE = 2 +UE_MEMORY = 3 +UE_MEMORY_READ = 4 +UE_MEMORY_WRITE = 5 +UE_BREAKPOINT_TYPE_INT3 = 0x10000000 +UE_BREAKPOINT_TYPE_LONG_INT3 = 0x20000000 +UE_BREAKPOINT_TYPE_UD2 = 0x30000000 + +UE_HARDWARE_EXECUTE = 4 +UE_HARDWARE_WRITE = 5 +UE_HARDWARE_READWRITE = 6 + +UE_HARDWARE_SIZE_1 = 7 +UE_HARDWARE_SIZE_2 = 8 +UE_HARDWARE_SIZE_4 = 9 + +UE_ON_LIB_LOAD = 1 +UE_ON_LIB_UNLOAD = 2 +UE_ON_LIB_ALL = 3 + +UE_APISTART = 0 +UE_APIEND = 1 + +UE_PLATFORM_x86 = 1 +UE_PLATFORM_x64 = 2 +UE_PLATFORM_ALL = 3 + +UE_FUNCTION_STDCALL = 1 +UE_FUNCTION_CCALL = 2 +UE_FUNCTION_FASTCALL = 3 +UE_FUNCTION_STDCALL_RET = 4 +UE_FUNCTION_CCALL_RET = 5 +UE_FUNCTION_FASTCALL_RET = 6 +UE_FUNCTION_STDCALL_CALL = 7 +UE_FUNCTION_CCALL_CALL = 8 +UE_FUNCTION_FASTCALL_CALL = 9 +UE_PARAMETER_BYTE = 0 +UE_PARAMETER_WORD = 1 +UE_PARAMETER_DWORD = 2 +UE_PARAMETER_QWORD = 3 +UE_PARAMETER_PTR_BYTE = 4 +UE_PARAMETER_PTR_WORD = 5 +UE_PARAMETER_PTR_DWORD = 6 +UE_PARAMETER_PTR_QWORD = 7 +UE_PARAMETER_STRING = 8 +UE_PARAMETER_UNICODE = 9 + +UE_CMP_NOCONDITION = 0 +UE_CMP_EQUAL = 1 +UE_CMP_NOTEQUAL = 2 +UE_CMP_GREATER = 3 +UE_CMP_GREATEROREQUAL = 4 +UE_CMP_LOWER = 5 +UE_CMP_LOWEROREQUAL = 6 +UE_CMP_REG_EQUAL = 7 +UE_CMP_REG_NOTEQUAL = 8 +UE_CMP_REG_GREATER = 9 +UE_CMP_REG_GREATEROREQUAL = 10 +UE_CMP_REG_LOWER = 11 +UE_CMP_REG_LOWEROREQUAL = 12 +UE_CMP_ALWAYSFALSE = 13 + +UE_EAX = 1 +UE_EBX = 2 +UE_ECX = 3 +UE_EDX = 4 +UE_EDI = 5 +UE_ESI = 6 +UE_EBP = 7 +UE_ESP = 8 +UE_EIP = 9 +UE_EFLAGS = 10 +UE_DR0 = 11 +UE_DR1 = 12 +UE_DR2 = 13 +UE_DR3 = 14 +UE_DR6 = 15 +UE_DR7 = 16 +UE_RAX = 17 +UE_RBX = 18 +UE_RCX = 19 +UE_RDX = 20 +UE_RDI = 21 +UE_RSI = 22 +UE_RBP = 23 +UE_RSP = 24 +UE_RIP = 25 +UE_RFLAGS = 26 +UE_R8 = 27 +UE_R9 = 28 +UE_R10 = 29 +UE_R11 = 30 +UE_R12 = 31 +UE_R13 = 32 +UE_R14 = 33 +UE_R15 = 34 +UE_CIP = 35 +UE_CSP = 36 + +class PE32Struct(Structure): + _pack_ = 1 + _fields_ = [ ("PE32Offset", c_ulong), + ("ImageBase", c_ulong), + ("OriginalEntryPoint", c_ulong), + ("NtSizeOfImage", c_ulong), + ("NtSizeOfHeaders", c_ulong), + ("SizeOfOptionalHeaders", c_ushort), + ("FileAlignment", c_ulong), + ("SectionAligment", c_ulong), + ("ImportTableAddress", c_ulong), + ("ImportTableSize", c_ulong), + ("ResourceTableAddress", c_ulong), + ("ResourceTableSize", c_ulong), + ("ExportTableAddress", c_ulong), + ("ExportTableSize", c_ulong), + ("TLSTableAddress", c_ulong), + ("TLSTableSize", c_ulong), + ("RelocationTableAddress", c_ulong), + ("RelocationTableSize", c_ulong), + ("TimeDateStamp", c_ulong), + ("SectionNumber", c_ushort), + ("CheckSum", c_ulong), + ("SubSystem", c_ushort), + ("Characteristics", c_ushort), + ("NumberOfRvaAndSizes", c_ulong) ] + +class PE64Struct(Structure): + _pack_ = 1 + _fields_ = [ ("PE64Offset", c_ulong), + ("ImageBase", c_ulonglong), + ("OriginalEntryPoint", c_ulong), + ("NtSizeOfImage", c_ulong), + ("NtSizeOfHeaders", c_ulong), + ("SizeOfOptionalHeaders", c_ushort), + ("FileAlignment", c_ulong), + ("SectionAligment", c_ulong), + ("ImportTableAddress", c_ulong), + ("ImportTableSize", c_ulong), + ("ResourceTableAddress", c_ulong), + ("ResourceTableSize", c_ulong), + ("ExportTableAddress", c_ulong), + ("ExportTableSize", c_ulong), + ("TLSTableAddress", c_ulong), + ("TLSTableSize", c_ulong), + ("RelocationTableAddress", c_ulong), + ("RelocationTableSize", c_ulong), + ("TimeDateStamp", c_ulong), + ("SectionNumber", c_ushort), + ("CheckSum", c_ulong), + ("SubSystem", c_ushort), + ("Characteristics", c_ushort), + ("NumberOfRvaAndSizes", c_ulong) ] + +class ImportEnumData(Structure): + _pack_ = 1 + _fields_ = [ ("NewDll", c_bool), + ("NumberOfImports", c_int), + ("ImageBase", c_ulong), + ("BaseImportThunk", c_ulong), + ("ImportThunk", c_ulong), + ("APIName", c_char_p), + ("DLLName", c_char_p) ] + +class THREAD_ITEM_DATA(Structure): + _pack_ = 1 + _fields_ = [ ("hThread", c_void_p), + ("dwThreadId", c_ulong), + ("ThreadStartAddress", c_void_p), + ("ThreadLocalBase", c_void_p) ] + +MAX_PATH = 260 + +class LIBRARY_ITEM_DATA(Structure): + _pack_ = 1 + _fields_ = [ ("hFile", c_void_p), + ("BaseOfDll", c_void_p), + ("hFileMapping", c_void_p), + ("hFileMappingView", c_void_p), + ("szLibraryPath", c_char * MAX_PATH), + ("szLibraryName", c_char * MAX_PATH) ] + +class LIBRARY_ITEM_DATAW(Structure): + _pack_ = 1 + _fields_ = [ ("hFile", c_void_p), + ("BaseOfDll", c_void_p), + ("hFileMapping", c_void_p), + ("hFileMappingView", c_void_p), + ("szLibraryPath", c_wchar * MAX_PATH), + ("szLibraryName", c_wchar * MAX_PATH) ] + +class PROCESS_ITEM_DATA(Structure): + _pack_ = 1 + _fields_ = [ ("hProcess", c_void_p), + ("dwProcessId", c_ulong), + ("hThread", c_void_p), + ("dwThreadId", c_ulong), + ("hFile", c_void_p), + ("BaseOfImage", c_void_p), + ("ThreadStartAddress", c_void_p), + ("ThreadLocalBase", c_void_p) ] + +class HandlerArray(Structure): + _pack_ = 1 + _fields_ = [ ("ProcessId", c_ulong), + ("hHandle", c_void_p) ] + +class PluginInformation(Structure): + _pack_ = 1 + _fields_ = [ ("PluginName", c_char * 64), + ("PluginMajorVersion", c_ulong), + ("PluginMinorVersion", c_ulong), + ("PluginBaseAddress", c_void_p), + ("TitanDebuggingCallBack", c_void_p), + ("TitanRegisterPlugin", c_void_p), + ("TitanReleasePlugin", c_void_p), + ("TitanResetPlugin", c_void_p), + ("PluginDisabled", c_bool) ] + +TEE_MAXIMUM_HOOK_SIZE = 14 +TEE_MAXIMUM_HOOK_RELOCS = 7 + +TEE_MAXIMUM_HOOK_INSERT_SIZE = 5 +TEE_MAXIMUM_HOOK_INSERT_SIZE64 = 14 + +class HOOK_ENTRY(Structure): + _pack_ = 1 + _fields_ = [ ("IATHook", c_bool), + ("HookType", c_ubyte), + ("HookSize", c_ulong), + ("HookAddress", c_void_p), + ("RedirectionAddress", c_void_p), + ("HookBytes", c_ubyte * TEE_MAXIMUM_HOOK_SIZE), + ("OriginalBytes", c_ubyte * TEE_MAXIMUM_HOOK_SIZE), + ("IATHookModuleBase", c_void_p), + ("IATHookNameHash", c_ulong), + ("HookIsEnabled", c_bool), + ("HookIsRemote", c_bool), + ("PatchedEntry", c_void_p), + ("RelocationInfo", c_ulong * TEE_MAXIMUM_HOOK_RELOCS), + ("RelocationCount", c_int) ] + +UE_DEPTH_SURFACE = 0 +UE_DEPTH_DEEP = 1 + +UE_UNPACKER_CONDITION_SEARCH_FROM_EP = 1 + +UE_UNPACKER_CONDITION_LOADLIBRARY = 1 +UE_UNPACKER_CONDITION_GETPROCADDRESS = 2 +UE_UNPACKER_CONDITION_ENTRYPOINTBREAK = 3 +UE_UNPACKER_CONDITION_RELOCSNAPSHOT1 = 4 +UE_UNPACKER_CONDITION_RELOCSNAPSHOT2 = 5 + +UE_FIELD_OK = 0 +UE_FIELD_BROKEN_NON_FIXABLE = 1 +UE_FIELD_BROKEN_NON_CRITICAL = 2 +UE_FIELD_BROKEN_FIXABLE_FOR_STATIC_USE = 3 +UE_FIELD_BROKEN_BUT_CAN_BE_EMULATED = 4 +UE_FILED_FIXABLE_NON_CRITICAL = 5 +UE_FILED_FIXABLE_CRITICAL = 6 +UE_FIELD_NOT_PRESET = 7 +UE_FIELD_NOT_PRESET_WARNING = 8 + +UE_RESULT_FILE_OK = 10 +UE_RESULT_FILE_INVALID_BUT_FIXABLE = 11 +UE_RESULT_FILE_INVALID_AND_NON_FIXABLE = 12 +UE_RESULT_FILE_INVALID_FORMAT = 13 + +class FILE_STATUS_INFO(Structure): + _pack_ = 1 + _fields_ = [ ("OveralEvaluation", c_ubyte), + ("EvaluationTerminatedByException", c_bool), + ("FileIs64Bit", c_bool), + ("FileIsDLL", c_bool), + ("FileIsConsole", c_bool), + ("MissingDependencies", c_bool), + ("MissingDeclaredAPIs", c_bool), + ("SignatureMZ", c_ubyte), + ("SignaturePE", c_ubyte), + ("EntryPoint", c_ubyte), + ("ImageBase", c_ubyte), + ("SizeOfImage", c_ubyte), + ("FileAlignment", c_ubyte), + ("SectionAlignment", c_ubyte), + ("ExportTable", c_ubyte), + ("RelocationTable", c_ubyte), + ("ImportTable", c_ubyte), + ("ImportTableSection", c_ubyte), + ("ImportTableData", c_ubyte), + ("IATTable", c_ubyte), + ("TLSTable", c_ubyte), + ("LoadConfigTable", c_ubyte), + ("BoundImportTable", c_ubyte), + ("COMHeaderTable", c_ubyte), + ("ResourceTable", c_ubyte), + ("ResourceData", c_ubyte), + ("SectionTable", c_ubyte) ] + +class FILE_FIX_INFO(Structure): + _pack_ = 1 + _fields_ = [ ("OveralEvaluation", c_ubyte), + ("FixingTerminatedByException", c_bool), + ("FileFixPerformed", c_bool), + ("StrippedRelocation", c_bool), + ("DontFixRelocations", c_bool), + ("OriginalRelocationTableAddress", c_ulong), + ("OriginalRelocationTableSize", c_ulong), + ("StrippedExports", c_bool), + ("DontFixExports", c_bool), + ("OriginalExportTableAddress", c_ulong), + ("OriginalExportTableSize", c_ulong), + ("StrippedResources", c_bool), + ("DontFixResources", c_bool), + ("OriginalResourceTableAddress", c_ulong), + ("OriginalResourceTableSize", c_ulong), + ("StrippedTLS", c_bool), + ("DontFixTLS", c_bool), + ("OriginalTLSTableAddress", c_ulong), + ("OriginalTLSTableSize", c_ulong), + ("StrippedLoadConfig", c_bool), + ("DontFixLoadConfig", c_bool), + ("OriginalLoadConfigTableAddress", c_ulong), + ("OriginalLoadConfigTableSize", c_ulong), + ("StrippedBoundImports", c_bool), + ("DontFixBoundImports", c_bool), + ("OriginalBoundImportTableAddress", c_ulong), + ("OriginalBoundImportTableSize", c_ulong), + ("StrippedIAT", c_bool), + ("DontFixIAT", c_bool), + ("OriginalImportAddressTableAddress", c_ulong), + ("OriginalImportAddressTableSize", c_ulong), + ("StrippedCOM", c_bool), + ("DontFixCOM", c_bool), + ("OriginalCOMTableAddress", c_ulong), + ("OriginalCOMTableSize", c_ulong) ] + +class PROCESS_INFORMATION(Structure): + _pack_ = 1 + _fields_ = [ ("hProcess", c_void_p), + ("hThread", c_void_p), + ("dwProcessId", c_ulong), + ("dwThreadId", c_ulong) ] + +EXCEPTION_MAXIMUM_PARAMETERS = 15 + +class EXCEPTION_RECORD(Structure): + _pack_ = 1 + pass + +EXCEPTION_RECORD._fields_ = [ ("ExceptionCode", c_ulong), + ("ExceptionFlags", c_ulong), + ("ExceptionRecord", POINTER(EXCEPTION_RECORD)), + ("ExceptionAddress", c_void_p), + ("NumberParameters", c_ulong), + ("ExceptionInformation", c_ulong * EXCEPTION_MAXIMUM_PARAMETERS) ] + +class EXCEPTION_DEBUG_INFO(Structure): + _pack_ = 1 + _fields_ = [ ("ExceptionRecord", EXCEPTION_RECORD), + ("dwFirstChance", c_ulong) ] + +class CREATE_THREAD_DEBUG_INFO(Structure): + _pack_ = 1 + _fields_ = [ ("hThread", c_void_p), + ("lpThreadLocalBase", c_void_p), + ("lpStartAddress", c_void_p) ] + +class CREATE_PROCESS_DEBUG_INFO(Structure): + _pack_ = 1 + _fields_ = [ ("hFile", c_void_p), + ("hProcess", c_void_p), + ("hThread", c_void_p), + ("dwDebugInfoFileOffset", c_ulong), + ("nDebugInfoSize", c_ulong), + ("lpThreadLocalBase", c_void_p), + ("lpStartAddress", c_void_p), + ("lpImageName", c_void_p), + ("fUnicode", c_ushort) ] + +class EXIT_THREAD_DEBUG_INFO(Structure): + _pack_ = 1 + _fields_ = [ ("dwExitCode", c_ulong) ] + +class EXIT_PROCESS_DEBUG_INFO(Structure): + _pack_ = 1 + _fields_ = [ ("dwExitCode", c_ulong) ] + +class LOAD_DLL_DEBUG_INFO(Structure): + _pack_ = 1 + _fields_ = [ ("hFile", c_void_p), + ("lpBaseOfDll", c_void_p), + ("dwDebugInfoFileOffset", c_ulong), + ("nDebugInfoSize", c_ulong), + ("lpImageName", c_void_p), + ("fUnicode", c_ushort) ] + +class UNLOAD_DLL_DEBUG_INFO(Structure): + _pack_ = 1 + _fields_ = [ ("lpBaseOfDll", c_void_p) ] + +class OUTPUT_DEBUG_STRING_INFO(Structure): + _pack_ = 1 + _fields_ = [ ("lpDebugStringData", c_char_p), + ("fUnicode", c_ushort), + ("nDebugStringLength", c_ushort) ] + +class RIP_INFO(Structure): + _pack_ = 1 + _fields_ = [ ("dwError", c_ulong), + ("dwType", c_ulong) ] + +class _U(Union): + _pack_ = 1 + _fields_ = [ ("Exception", EXCEPTION_DEBUG_INFO), + ("CreateThread", CREATE_THREAD_DEBUG_INFO), + ("CreateProcessInfo", CREATE_PROCESS_DEBUG_INFO), + ("ExitThread", EXIT_THREAD_DEBUG_INFO), + ("ExitProcess", EXIT_PROCESS_DEBUG_INFO), + ("LoadDll", LOAD_DLL_DEBUG_INFO), + ("UnloadDll", UNLOAD_DLL_DEBUG_INFO), + ("DebugString", OUTPUT_DEBUG_STRING_INFO), + ("RipInfo", RIP_INFO) ] + +class DEBUG_EVENT(Structure): + _pack_ = 1 + _anonymous_ = ("u",) + _fields_ = [ ("dwDebugEventCode", c_ulong), + ("dwProcessId", c_ulong), + ("dwThreadId", c_ulong), + ("u", _U) ] + +class STARTUPINFOW(Structure): + _pack_ = 1 + _fields_ = [ ("cb", c_ulong), + ("lpReserved", c_wchar_p), + ("lpDesktop", c_wchar_p), + ("lpTitle", c_wchar_p), + ("dwX", c_ulong), + ("dwY", c_ulong), + ("dwXSize", c_ulong), + ("dwYSize", c_ulong), + ("dwXCountChars", c_ulong), + ("dwYCountChars", c_ulong), + ("dwFillAttribute", c_ulong), + ("dwFlags", c_ulong), + ("wShowWindow", c_ushort), + ("cbReserved2", c_ushort), + ("lpReserved2", POINTER(c_ubyte)), + ("hStdInput", c_void_p), + ("hStdOutput", c_void_p), + ("hStdError", c_void_p) ] + +fImportEnum = WINFUNCTYPE(None, POINTER(ImportEnumData)) +fImportFix = WINFUNCTYPE(None, c_void_p) +fResourceEnum = WINFUNCTYPE(None, c_wchar_p, c_ulong, c_wchar_p, c_ulong, c_ulong, c_ulong, c_ulong) +fThreadEnum = WINFUNCTYPE(None, POINTER(THREAD_ITEM_DATA)) +fThreadExit = WINFUNCTYPE(None, POINTER(EXIT_THREAD_DEBUG_INFO)) +fBreakPoint = WINFUNCTYPE(None) +fCustomHandler = WINFUNCTYPE(None, c_void_p) +fLibraryBreakPoint = WINFUNCTYPE(None, POINTER(LOAD_DLL_DEBUG_INFO)) +fLibraryEnum = WINFUNCTYPE(None, POINTER(LIBRARY_ITEM_DATA)) +fLibraryEnumW = WINFUNCTYPE(None, POINTER(LIBRARY_ITEM_DATAW)) +fHookEnum = WINFUNCTYPE(c_bool, POINTER(HOOK_ENTRY), c_void_p, POINTER(LIBRARY_ITEM_DATA), c_ulong) +fProcessWithLibraryEnum = WINFUNCTYPE(None, c_ulong, c_void_p) +fStaticDecrypt = WINFUNCTYPE(c_bool, c_void_p, c_ulong) +fInitializeDbg = WINFUNCTYPE(None, c_char_p, c_ubyte, c_ubyte) + +TE.GetPE32DataFromMappedFile.restype = c_ulonglong +TE.GetPE32Data.restype = c_ulonglong +TE.GetPE32DataW.restype = c_ulonglong +TE.ConvertVAtoFileOffset.restype = c_ulonglong +TE.ConvertVAtoFileOffsetEx.restype = c_ulonglong +TE.ConvertFileOffsetToVA.restype = c_ulonglong +TE.ConvertFileOffsetToVAEx.restype = c_ulonglong +TE.ResourcerLoadFileForResourceUse.restype = c_ulonglong +TE.ResourcerLoadFileForResourceUseW.restype = c_ulonglong +TE.ThreaderCreateRemoteThread.restype = c_ulonglong +TE.ThreaderCreateRemoteThreadEx.restype = c_ulonglong +TE.ThreaderGetOpenHandleForThread.restype = c_ulonglong +TE.GetContextDataEx.restype = c_ulonglong +TE.GetContextData.restype = c_ulonglong +TE.FindEx.restype = c_ulonglong +TE.Find.restype = c_ulonglong +TE.GetDebuggedDLLBaseAddress.restype = c_ulonglong +TE.GetDebuggedFileBaseAddress.restype = c_ulonglong +TE.GetFunctionParameter.restype = c_ulonglong +TE.GetJumpDestinationEx.restype = c_ulonglong +TE.GetJumpDestination.restype = c_ulonglong +TE.ImporterGetCurrentDelta.restype = c_ulonglong +TE.ImporterFindAPIWriteLocation.restype = c_ulonglong +TE.ImporterFindOrdinalAPIWriteLocation.restype = c_ulonglong +TE.ImporterFindAPIByWriteLocation.restype = c_ulonglong +TE.ImporterFindDLLByWriteLocation.restype = c_ulonglong +TE.ImporterGetAPIOrdinalNumber.restype = c_ulonglong +TE.ImporterGetRemoteAPIAddress.restype = c_ulonglong +TE.ImporterGetRemoteAPIAddressEx.restype = c_ulonglong +TE.ImporterGetLocalAPIAddress.restype = c_ulonglong +TE.ImporterGetAPIOrdinalNumberFromDebugee.restype = c_ulonglong +TE.ImporterGetRemoteDLLBase.restype = c_ulonglong +TE.ImporterGetForwardedAPIOrdinalNumber.restype = c_ulonglong +TE.ImporterGetNearestAPIAddress.restype = c_ulonglong +TE.TracerLevel1.restype = c_ulonglong +TE.HashTracerLevel1.restype = c_ulonglong +TE.TracerFixKnownRedirection.restype = c_ulonglong +TE.HandlerGetHandleDetails.restype = c_ulonglong +TE.HandlerGetOpenMutexHandle.restype = c_ulonglong +TE.HandlerGetOpenMutexHandleW.restype = c_ulonglong + +TE.GetSharedOverlay.restype = c_char_p +TE.StaticDisassembleEx.restype = c_char_p +TE.StaticDisassemble.restype = c_char_p +TE.DisassembleEx.restype = c_char_p +TE.Disassemble.restype = c_char_p +TE.ImporterGetLastAddedDLLName.restype = c_char_p +TE.ImporterGetDLLName.restype = c_char_p +TE.ImporterGetAPIName.restype = c_char_p +TE.ImporterGetAPINameEx.restype = c_char_p +TE.ImporterGetDLLNameFromDebugee.restype = c_char_p +TE.ImporterGetAPINameFromDebugee.restype = c_char_p +TE.ImporterGetForwardedAPIName.restype = c_char_p +TE.ImporterGetForwardedDLLName.restype = c_char_p +TE.ImporterGetNearestAPIName.restype = c_char_p +TE.TranslateNativeName.restype = c_char_p +TE.HandlerGetHandleName.restype = c_char_p + +TE.GetSharedOverlayW.restype = c_wchar_p +TE.TranslateNativeNameW.restype = c_wchar_p +TE.HandlerGetHandleNameW.restype = c_wchar_p + +TE.GetPEBLocation.restype = c_void_p + +TE.ThreaderGetThreadInfo.restype = POINTER(THREAD_ITEM_DATA) +TE.ThreaderGetThreadData.restype = POINTER(THREAD_ITEM_DATA) + +TE.InitDebug.restype = POINTER(PROCESS_INFORMATION) +TE.InitDebugW.restype = POINTER(PROCESS_INFORMATION) +TE.InitDebugEx.restype = POINTER(PROCESS_INFORMATION) +TE.InitDebugExW.restype = POINTER(PROCESS_INFORMATION) +TE.InitDLLDebug.restype = POINTER(PROCESS_INFORMATION) +TE.InitDLLDebugW.restype = POINTER(PROCESS_INFORMATION) + +TE.GetDebugData.restype = POINTER(DEBUG_EVENT) +TE.GetTerminationData.restype = POINTER(DEBUG_EVENT) + +TE.GetProcessInformation.restype = POINTER(PROCESS_INFORMATION) +TE.GetStartupInformation.restype = POINTER(STARTUPINFOW) + +TE.LibrarianGetLibraryInfo.restype = POINTER(LIBRARY_ITEM_DATA) +TE.LibrarianGetLibraryInfoEx.restype = POINTER(LIBRARY_ITEM_DATA) + +TE.LibrarianGetLibraryInfoW.restype = POINTER(LIBRARY_ITEM_DATAW) +TE.LibrarianGetLibraryInfoExW.restype = POINTER(LIBRARY_ITEM_DATAW) + +TE.HooksGetHookEntryDetails.restype = POINTER(HOOK_ENTRY) + +TE.ExtensionManagerGetPluginInfo.restype = POINTER(PluginInformation) \ No newline at end of file diff --git a/TitanEngine/TitanEngine.cbp b/TitanEngine/TitanEngine.cbp index 0730314..2c5bbb0 100644 --- a/TitanEngine/TitanEngine.cbp +++ b/TitanEngine/TitanEngine.cbp @@ -6,26 +6,6 @@