diff --git a/Release/TitanEngine.dll b/Release/TitanEngine.dll index ddafeb2..11a93d0 100644 Binary files a/Release/TitanEngine.dll and b/Release/TitanEngine.dll differ diff --git a/Release/TitanEngine.exp b/Release/TitanEngine.exp index cb94db9..17577fc 100644 Binary files a/Release/TitanEngine.exp and b/Release/TitanEngine.exp differ diff --git a/Release/TitanEngine.lib b/Release/TitanEngine.lib index fec1e8e..67c331c 100644 Binary files a/Release/TitanEngine.lib and b/Release/TitanEngine.lib differ diff --git a/TitanEngine/TitanEngine.cpp b/TitanEngine/TitanEngine.cpp index 054402e..0426ef6 100644 --- a/TitanEngine/TitanEngine.cpp +++ b/TitanEngine/TitanEngine.cpp @@ -188,6 +188,8 @@ unsigned long Crc32Table[256]; #define UE_MODULEx86 0x2000; #define UE_MODULEx64 0x2000; + + // Global.Handle.functions: bool EngineCloseHandle(HANDLE myHandle) { @@ -12697,18 +12699,18 @@ __declspec(dllexport) bool EnableBPX(ULONG_PTR bpxAddress) if(testWrite) { BreakPointBuffer[i].BreakPointActive = UE_BPXACTIVE; - VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, MemInfo.AllocationProtect, &OldProtect); + VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, OldProtect, &OldProtect); return(true); } else { - VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, MemInfo.AllocationProtect, &OldProtect); + VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, OldProtect, &OldProtect); return(false); } } else { - VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, MemInfo.AllocationProtect, &OldProtect); + VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, OldProtect, &OldProtect); return(false); } } @@ -12736,18 +12738,18 @@ __declspec(dllexport) bool DisableBPX(ULONG_PTR bpxAddress) if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, &BreakPointBuffer[i].OriginalByte[0], BreakPointBuffer[i].BreakPointSize, &NumberOfBytesReadWritten)) { BreakPointBuffer[i].BreakPointActive = UE_BPXINACTIVE; - VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, MemInfo.AllocationProtect, &OldProtect); + VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, OldProtect, &OldProtect); return(true); } else { - VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, MemInfo.AllocationProtect, &OldProtect); + VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, OldProtect, &OldProtect); return(false); } } else { - VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, MemInfo.AllocationProtect, &OldProtect); + VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, OldProtect, &OldProtect); return(false); } } @@ -12857,24 +12859,24 @@ __declspec(dllexport) bool SetBPX(ULONG_PTR bpxAddress, DWORD bpxType, LPVOID bp BreakPointBuffer[i].BreakPointType = (BYTE)bpxType; BreakPointBuffer[i].NumberOfExecutions = -1; BreakPointBuffer[i].ExecuteCallBack = (ULONG_PTR)bpxCallBack; - VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, MemInfo.AllocationProtect, &OldProtect); + VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, OldProtect, &OldProtect); return(true); } else { - VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, MemInfo.AllocationProtect, &OldProtect); + VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, OldProtect, &OldProtect); return(false); } /*} else { - VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, MemInfo.AllocationProtect, &OldProtect); + VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, OldProtect, &OldProtect); return(false); }*/ } else { - VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, MemInfo.AllocationProtect, &OldProtect); + VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, OldProtect, &OldProtect); return(false); } } @@ -12992,24 +12994,24 @@ __declspec(dllexport) bool SetBPXEx(ULONG_PTR bpxAddress, DWORD bpxType, DWORD N BreakPointBuffer[i].ExecuteCallBack = (ULONG_PTR)bpxCallBack; BreakPointBuffer[i].RemoveCallBack = (ULONG_PTR)bpxRemoveCallBack; BreakPointBuffer[i].CompareCallBack = (ULONG_PTR)bpxCompareCallBack; - VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, MemInfo.AllocationProtect, &OldProtect); + VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, OldProtect, &OldProtect); return(true); } else { - VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, MemInfo.AllocationProtect, &OldProtect); + VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, OldProtect, &OldProtect); return(false); } /*} else { - VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, MemInfo.AllocationProtect, &OldProtect); + VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, OldProtect, &OldProtect); return(false); }*/ } else { - VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, MemInfo.AllocationProtect, &OldProtect); + VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, OldProtect, &OldProtect); return(false); } } @@ -13051,7 +13053,7 @@ __declspec(dllexport) bool DeleteBPX(ULONG_PTR bpxAddress) { if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, &BreakPointBuffer[i].OriginalByte[0], BreakPointBuffer[i].BreakPointSize, &NumberOfBytesReadWritten)) { - VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, MemInfo.AllocationProtect, &OldProtect); + VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, OldProtect, &OldProtect); if(BreakPointBuffer[i].RemoveCallBack != NULL) { __try @@ -13074,7 +13076,7 @@ __declspec(dllexport) bool DeleteBPX(ULONG_PTR bpxAddress) } else { - VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, MemInfo.AllocationProtect, &OldProtect); + VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, OldProtect, &OldProtect); return(false); } } @@ -13086,7 +13088,7 @@ __declspec(dllexport) bool DeleteBPX(ULONG_PTR bpxAddress) } else { - VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, MemInfo.AllocationProtect, &OldProtect); + VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer[i].BreakPointSize, OldProtect, &OldProtect); return(false); } } @@ -14458,7 +14460,7 @@ __declspec(dllexport) bool FillEx(HANDLE hProcess, LPVOID MemoryStart, DWORD Mem WriteProcessMemory(hProcess, MemoryStart, FillByte, 1, &ueNumberOfBytesRead); MemoryStart = (LPVOID)((ULONG_PTR)MemoryStart + 1); } - VirtualProtectEx(hProcess, MemoryStart, MemorySize, MemInfo.AllocationProtect, &OldProtect); + VirtualProtectEx(hProcess, MemoryStart, MemorySize, OldProtect, &OldProtect); return(true); } return(false); @@ -14523,7 +14525,7 @@ __declspec(dllexport) bool PatchEx(HANDLE hProcess, LPVOID MemoryStart, DWORD Me { WriteProcessMemory(hProcess, MemoryStart, ReplacePattern, ReplaceSize, &ueNumberOfBytesRead); } - VirtualProtectEx(hProcess, MemoryStart, MemorySize, MemInfo.AllocationProtect, &OldProtect); + VirtualProtectEx(hProcess, MemoryStart, MemorySize, OldProtect, &OldProtect); return(true); } return(false); @@ -17035,7 +17037,8 @@ __declspec(dllexport) void DebugLoop() #endif SetThreadContext(hActiveThread, &myDBGContext); EngineCloseHandle(hActiveThread); - VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, BreakPointBuffer[MaximumBreakPoints].BreakPointSize, MemInfo.AllocationProtect, &OldProtect); + //TODO fixed + VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, BreakPointBuffer[MaximumBreakPoints].BreakPointSize, OldProtect, &OldProtect); myCustomBreakPoint = (fCustomBreakPoint)((LPVOID)BreakPointBuffer[MaximumBreakPoints].ExecuteCallBack); if(BreakPointBuffer[MaximumBreakPoints].NumberOfExecutions != -1 && BreakPointBuffer[MaximumBreakPoints].NumberOfExecutions != 0) { @@ -17182,13 +17185,15 @@ __declspec(dllexport) void DebugLoop() } else { - VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, BreakPointBuffer[MaximumBreakPoints].BreakPointSize, MemInfo.AllocationProtect, &OldProtect); + //TODO fixed + VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, BreakPointBuffer[MaximumBreakPoints].BreakPointSize, OldProtect, &OldProtect); DBGCode = DBG_CONTINUE; } } else { - VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, BreakPointBuffer[MaximumBreakPoints].BreakPointSize, MemInfo.AllocationProtect, &OldProtect); + //TODO fixed + VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, BreakPointBuffer[MaximumBreakPoints].BreakPointSize, OldProtect, &OldProtect); DBGCode = DBG_EXCEPTION_NOT_HANDLED; } } @@ -17410,7 +17415,6 @@ __declspec(dllexport) void DebugLoop() } else { - //TODO: everytingelkse DBGCode = DBG_EXCEPTION_NOT_HANDLED; } } @@ -17562,6 +17566,9 @@ __declspec(dllexport) void DebugLoop() DBGCustomHandler->chPageGuard = NULL; } }*/ + char temp[20]=""; + sprintf(temp, "%X", (unsigned int)DBGEvent.u.Exception.ExceptionRecord.ExceptionAddress); + MessageBoxA(0,temp,0,0); MemoryBpxFound = false; MaximumBreakPoints = 0; for(MaximumBreakPoints = 0; MaximumBreakPoints < BreakPointSetCount; MaximumBreakPoints++) @@ -17765,7 +17772,8 @@ __declspec(dllexport) void DebugLoop() } SetThreadContext(hActiveThread, &myDBGContext); EngineCloseHandle(hActiveThread); - VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, BreakPointBuffer[MaximumBreakPoints].BreakPointSize, MemInfo.AllocationProtect, &OldProtect); + //TODO fixed + VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, BreakPointBuffer[MaximumBreakPoints].BreakPointSize, OldProtect, &OldProtect); myCustomBreakPoint = (fCustomBreakPoint)((LPVOID)BreakPointBuffer[MaximumBreakPoints].ExecuteCallBack); if(BreakPointBuffer[MaximumBreakPoints].NumberOfExecutions != -1 && BreakPointBuffer[MaximumBreakPoints].NumberOfExecutions != 0) { @@ -17912,13 +17920,15 @@ __declspec(dllexport) void DebugLoop() } else { - VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, BreakPointBuffer[MaximumBreakPoints].BreakPointSize, MemInfo.AllocationProtect, &OldProtect); + //TODO fixed + VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, BreakPointBuffer[MaximumBreakPoints].BreakPointSize, OldProtect, &OldProtect); DBGCode = DBG_CONTINUE; } } else { - VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, BreakPointBuffer[MaximumBreakPoints].BreakPointSize, MemInfo.AllocationProtect, &OldProtect); + //TODO fixed + VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, BreakPointBuffer[MaximumBreakPoints].BreakPointSize, OldProtect, &OldProtect); DBGCode = DBG_EXCEPTION_NOT_HANDLED; } } diff --git a/TitanEngine/definitions.h b/TitanEngine/definitions.h index efd3078..861f107 100644 --- a/TitanEngine/definitions.h +++ b/TitanEngine/definitions.h @@ -8,11 +8,9 @@ bool RemoveGarbageItem(wchar_t* szGarbageItem, bool RemoveFolder); bool FillGarbageItem(wchar_t* szGarbageItem, wchar_t* szFileName, void* outGargabeItem, int MaxGargabeStringSize); void EmptyGarbage(); -#if !defined (_WIN64) #ifdef __cplusplus extern "C" { #endif /*__cplusplus*/ -#endif // TitanEngine.Dumper.functions: __declspec(dllexport) bool DumpProcess(HANDLE hProcess, LPVOID ImageBase, char* szDumpFileName, ULONG_PTR EntryPoint); @@ -74,6 +72,7 @@ __declspec(dllexport) bool SetPE32Data(char* szFileName, DWORD WhichSection, DWO __declspec(dllexport) bool SetPE32DataW(wchar_t* szFileName, DWORD WhichSection, DWORD WhichData, ULONG_PTR NewDataValue); __declspec(dllexport) bool SetPE32DataForMappedFileEx(ULONG_PTR FileMapVA, LPVOID DataStorage); __declspec(dllexport) bool SetPE32DataEx(char* szFileName, LPVOID DataStorage); +__declspec(dllexport) bool SetPE32DataExW(wchar_t* szFileName, LPVOID DataStorage); __declspec(dllexport) long GetPE32SectionNumberFromVA(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert); __declspec(dllexport) long long ConvertVAtoFileOffset(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType); __declspec(dllexport) long long ConvertVAtoFileOffsetEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool AddressIsRVA, bool ReturnType); @@ -155,7 +154,7 @@ __declspec(dllexport) bool ThreaderIsExceptionInMainThread(); // TitanEngine.Debugger.functions: __declspec(dllexport) void* StaticDisassembleEx(ULONG_PTR DisassmStart, LPVOID DisassmAddress); __declspec(dllexport) void* StaticDisassemble(LPVOID DisassmAddress); -__declspec(dllexport) void* DisassembleEx(HANDLE hProcess, LPVOID DisassmAddress); +__declspec(dllexport) void* DisassembleEx(HANDLE hProcess, LPVOID DisassmAddress, bool ReturnInstructionType); __declspec(dllexport) void* Disassemble(LPVOID DisassmAddress); __declspec(dllexport) long StaticLengthDisassemble(LPVOID DisassmAddress); __declspec(dllexport) long LengthDisassembleEx(HANDLE hProcess, LPVOID DisassmAddress); @@ -271,6 +270,7 @@ __declspec(dllexport) long long ImporterGetAPIOrdinalNumberFromDebugee(HANDLE hP __declspec(dllexport) long ImporterGetDLLIndexEx(ULONG_PTR APIAddress, ULONG_PTR DLLBasesList); __declspec(dllexport) long ImporterGetDLLIndex(HANDLE hProcess, ULONG_PTR APIAddress, ULONG_PTR DLLBasesList); __declspec(dllexport) long long ImporterGetRemoteDLLBase(HANDLE hProcess, HMODULE LocalModuleBase); +__declspec(dllexport) long long ImporterGetRemoteDLLBaseEx(HANDLE hProcess, char* szModuleName); __declspec(dllexport) bool ImporterRelocateWriteLocation(ULONG_PTR AddValue); __declspec(dllexport) bool ImporterIsForwardedAPI(HANDLE hProcess, ULONG_PTR APIAddress); __declspec(dllexport) void* ImporterGetForwardedAPIName(HANDLE hProcess, ULONG_PTR APIAddress); @@ -441,8 +441,6 @@ __declspec(dllexport) bool ExtensionManagerUnloadAllPlugins(); __declspec(dllexport) bool ExtensionManagerUnloadPlugin(char* szPluginName); __declspec(dllexport) void* ExtensionManagerGetPluginInfo(char* szPluginName); -#if !defined (_WIN64) #ifdef __cplusplus } #endif /*__cplusplus*/ -#endif diff --git a/TitanEngine/stdafx.cpp b/TitanEngine/stdafx.cpp index 2c8a553..01b5e14 100644 --- a/TitanEngine/stdafx.cpp +++ b/TitanEngine/stdafx.cpp @@ -3,6 +3,3 @@ // stdafx.obj will contain the pre-compiled type information #include "stdafx.h" - -// TODO: reference any additional headers you need in STDAFX.H -// and not in this file diff --git a/x64/Release/TitanEngine.dll b/x64/Release/TitanEngine.dll index e1b67dc..a408f13 100644 Binary files a/x64/Release/TitanEngine.dll and b/x64/Release/TitanEngine.dll differ diff --git a/x64/Release/TitanEngine.exp b/x64/Release/TitanEngine.exp index ec3c301..2efc58a 100644 Binary files a/x64/Release/TitanEngine.exp and b/x64/Release/TitanEngine.exp differ diff --git a/x64/Release/TitanEngine.lib b/x64/Release/TitanEngine.lib index b48f669..0a86fca 100644 Binary files a/x64/Release/TitanEngine.lib and b/x64/Release/TitanEngine.lib differ