x64dbg
/
TitanEngine
mirror of https://github.com/x64dbg/TitanEngine
1
0
Fork 0
Code Releases Activity

- removed SetBPXEx (condentional breakpoints are removed now) 

- no more static breakpoint list
- huge refactoring
- bugs fixed in TitanEngine.Breakpoints
This commit is contained in:
mr.exodia 2014-03-04 21:02:52 +01:00
parent ef9ed7ae1f
commit 92451cfe42
46 changed files with 1406 additions and 2000 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
SDK/C/TitanEngine.h
View File

@ -675,12 +675,11 @@ __declspec(dllexport) bool TITCALL IsBPXEnabled(ULONG_PTR bpxAddress);
__declspec(dllexport) bool TITCALL EnableBPX(ULONG_PTR bpxAddress);
__declspec(dllexport) bool TITCALL DisableBPX(ULONG_PTR bpxAddress);
__declspec(dllexport) bool TITCALL SetBPX(ULONG_PTR bpxAddress, DWORD bpxType, LPVOID bpxCallBack);
__declspec(dllexport) bool TITCALL SetBPXEx(ULONG_PTR bpxAddress, DWORD bpxType, DWORD NumberOfExecution, DWORD CmpRegister, DWORD CmpCondition, ULONG_PTR CmpValue, LPVOID bpxCallBack, LPVOID bpxCompareCallBack, LPVOID bpxRemoveCallBack);
__declspec(dllexport) bool TITCALL DeleteBPX(ULONG_PTR bpxAddress);
__declspec(dllexport) bool TITCALL SafeDeleteBPX(ULONG_PTR bpxAddress);
__declspec(dllexport) bool TITCALL SetAPIBreakPoint(char* szDLLName, char* szAPIName, DWORD bpxType, DWORD bpxPlace, LPVOID bpxCallBack);
__declspec(dllexport) bool TITCALL DeleteAPIBreakPoint(char* szDLLName, char* szAPIName, DWORD bpxPlace);
__declspec(dllexport) bool TITCALL SafeDeleteAPIBreakPoint(char* szDLLName, char* szAPIName, DWORD bpxPlace);
__declspec(dllexport) bool TITCALL SetAPIBreakPoint(const char* szDLLName, const char* szAPIName, DWORD bpxType, DWORD bpxPlace, LPVOID bpxCallBack);
__declspec(dllexport) bool TITCALL DeleteAPIBreakPoint(const char* szDLLName, const char* szAPIName, DWORD bpxPlace);
__declspec(dllexport) bool TITCALL SafeDeleteAPIBreakPoint(const char* szDLLName, const char* szAPIName, DWORD bpxPlace);
__declspec(dllexport) bool TITCALL SetMemoryBPX(ULONG_PTR MemoryStart, SIZE_T SizeOfMemory, LPVOID bpxCallBack);
__declspec(dllexport) bool TITCALL SetMemoryBPXEx(ULONG_PTR MemoryStart, SIZE_T SizeOfMemory, DWORD BreakPointType, bool RestoreOnHit, LPVOID bpxCallBack);
__declspec(dllexport) bool TITCALL RemoveMemoryBPX(ULONG_PTR MemoryStart, SIZE_T SizeOfMemory);

7
SDK/CPP/TitanEngine.h
View File

@ -674,12 +674,11 @@ __declspec(dllimport) bool TITCALL IsBPXEnabled(ULONG_PTR bpxAddress);
__declspec(dllimport) bool TITCALL EnableBPX(ULONG_PTR bpxAddress);
__declspec(dllimport) bool TITCALL DisableBPX(ULONG_PTR bpxAddress);
__declspec(dllimport) bool TITCALL SetBPX(ULONG_PTR bpxAddress, DWORD bpxType, LPVOID bpxCallBack);
__declspec(dllimport) bool TITCALL SetBPXEx(ULONG_PTR bpxAddress, DWORD bpxType, DWORD NumberOfExecution, DWORD CmpRegister, DWORD CmpCondition, ULONG_PTR CmpValue, LPVOID bpxCallBack, LPVOID bpxCompareCallBack, LPVOID bpxRemoveCallBack);
__declspec(dllimport) bool TITCALL DeleteBPX(ULONG_PTR bpxAddress);
__declspec(dllimport) bool TITCALL SafeDeleteBPX(ULONG_PTR bpxAddress);
__declspec(dllimport) bool TITCALL SetAPIBreakPoint(char* szDLLName, char* szAPIName, DWORD bpxType, DWORD bpxPlace, LPVOID bpxCallBack);
__declspec(dllimport) bool TITCALL DeleteAPIBreakPoint(char* szDLLName, char* szAPIName, DWORD bpxPlace);
__declspec(dllimport) bool TITCALL SafeDeleteAPIBreakPoint(char* szDLLName, char* szAPIName, DWORD bpxPlace);
__declspec(dllimport) bool TITCALL SetAPIBreakPoint(const char* szDLLName, const char* szAPIName, DWORD bpxType, DWORD bpxPlace, LPVOID bpxCallBack);
__declspec(dllimport) bool TITCALL DeleteAPIBreakPoint(const char* szDLLName, const char* szAPIName, DWORD bpxPlace);
__declspec(dllimport) bool TITCALL SafeDeleteAPIBreakPoint(const char* szDLLName, const char* szAPIName, DWORD bpxPlace);
__declspec(dllimport) bool TITCALL SetMemoryBPX(ULONG_PTR MemoryStart, SIZE_T SizeOfMemory, LPVOID bpxCallBack);
__declspec(dllimport) bool TITCALL SetMemoryBPXEx(ULONG_PTR MemoryStart, SIZE_T SizeOfMemory, DWORD BreakPointType, bool RestoreOnHit, LPVOID bpxCallBack);
__declspec(dllimport) bool TITCALL RemoveMemoryBPX(ULONG_PTR MemoryStart, SIZE_T SizeOfMemory);

11
SDK/CPP/TitanEngine.hpp
View File

@ -1213,10 +1213,6 @@ protected:
{
return UE::SetBPX(bpxAddress, bpxType, (void*)bpxCallBack);
}
static bool SetBPXEx(ULONG_PTR bpxAddress, eBPType bpxType, DWORD NumberOfExecution, eContextData CmpRegister, eCompareCondition CmpCondition, ULONG_PTR CmpValue, fBreakPointCallback bpxCallBack, fBreakPointCallback bpxCompareCallBack, fBreakPointCallback bpxRemoveCallBack)
{
return UE::SetBPXEx(bpxAddress, bpxType, NumberOfExecution, CmpRegister, CmpCondition, CmpValue, (void*)bpxCallBack, (void*)bpxCompareCallBack, (void*)bpxRemoveCallBack);
}
static bool DeleteBPX(ULONG_PTR bpxAddress)
{
return UE::DeleteBPX(bpxAddress);
@ -1227,15 +1223,15 @@ protected:
}
static bool SetAPIBreakPoint(const char* szDLLName, const char* szAPIName, eBPType bpxType, eBPPlace bpxPlace, fBreakPointCallback bpxCallBack)
{
return UE::SetAPIBreakPoint((char*)szDLLName, (char*)szAPIName, bpxType, bpxPlace, (void*)bpxCallBack);
return UE::SetAPIBreakPoint(szDLLName, szAPIName, bpxType, bpxPlace, (void*)bpxCallBack);
}
static bool DeleteAPIBreakPoint(const char* szDLLName, const char* szAPIName, eBPPlace bpxPlace)
{
return UE::DeleteAPIBreakPoint((char*)szDLLName, (char*)szAPIName, bpxPlace);
return UE::DeleteAPIBreakPoint(szDLLName, szAPIName, bpxPlace);
}
static bool SafeDeleteAPIBreakPoint(const char* szDLLName, const char* szAPIName, eBPPlace bpxPlace)
{
return UE::SafeDeleteAPIBreakPoint((char*)szDLLName, (char*)szAPIName, bpxPlace);
return UE::SafeDeleteAPIBreakPoint(szDLLName, szAPIName, bpxPlace);
}
static bool SetMemoryBPX(ULONG_PTR MemoryStart, SIZE_T SizeOfMemory, fBreakPointCallback bpxCallBack)
{
@ -1529,7 +1525,6 @@ public:
using DebuggerX::EnableBPX;
using DebuggerX::DisableBPX;
using DebuggerX::SetBPX;
using DebuggerX::SetBPXEx;
using DebuggerX::DeleteBPX;
using DebuggerX::SafeDeleteBPX;
using DebuggerX::SetAPIBreakPoint;

1
SDK/Delphi/TitanEngine.pas
View File

@ -533,7 +533,6 @@ const
function EnableBPX(bpxAddress:LongInt): boolean; stdcall; external 'TitanEngine.dll' name 'EnableBPX';
function DisableBPX(bpxAddress:LongInt): boolean; stdcall; external 'TitanEngine.dll' name 'DisableBPX';
function SetBPX(bpxAddress,bpxType:LongInt; bpxCallBack:Pointer): boolean; stdcall; external 'TitanEngine.dll' name 'SetBPX';
function SetBPXEx(bpxAddress,bpxType,NumberOfExecution,CmpRegister,CmpCondition,CmpValue:LongInt; bpxCallBack,bpxCompareCallBack,bpxRemoveCallBack:Pointer): boolean; stdcall; external 'TitanEngine.dll' name 'SetBPXEx';
function DeleteBPX(bpxAddress:LongInt): boolean; stdcall; external 'TitanEngine.dll' name 'DeleteBPX';
function SafeDeleteBPX(bpxAddress:LongInt): boolean; stdcall; external 'TitanEngine.dll' name 'SafeDeleteBPX';
function SetAPIBreakPoint(szDLLName,szAPIName:PAnsiChar; bpxType,bpxPlace:LongInt; bpxCallBack:Pointer):boolean; stdcall; external 'TitanEngine.dll' name 'SetAPIBreakPoint';

3
SDK/LUA/TitanEngine.lua
View File

@ -821,9 +821,6 @@ PROCESS_INFORMATION = alien.defstruct{
-- __declspec(dllexport) bool __stdcall SetBPX(ULONG_PTR bpxAddress, DWORD bpxType, LPVOID bpxCallBack);
TitanEngine.SetBPX:types {"long","long","callback",abi="stdcall",ret="byte"}
TE_SetBPX = TitanEngine.SetBPX
-- __declspec(dllexport) bool __stdcall SetBPXEx(ULONG_PTR bpxAddress, DWORD bpxType, DWORD NumberOfExecution, DWORD CmpRegister, DWORD CmpCondition, ULONG_PTR CmpValue, LPVOID bpxCallBack, LPVOID bpxCompareCallBack, LPVOID bpxRemoveCallBack);
TitanEngine.SetBPXEx:types {"long","long","long","long","long","long","callback","callback","callback",abi="stdcall",ret="byte"}
TE_SetBPXEx = TitanEngine.SetBPXEx
-- __declspec(dllexport) bool __stdcall DeleteBPX(ULONG_PTR bpxAddress);
TitanEngine.DeleteBPX:types {"long",abi="stdcall",ret="byte"}
TE_DeleteBPX = TitanEngine.DeleteBPX

1
SDK/MASM/TitanEngine.INC
View File

@ -583,7 +583,6 @@ IsBPXEnabled proto stdcall :DWORD
EnableBPX proto stdcall :DWORD
DisableBPX proto stdcall :DWORD
SetBPX proto stdcall :DWORD, :DWORD, :LPVOID
SetBPXEx proto stdcall :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :LPVOID, :LPVOID, :LPVOID
DeleteBPX proto stdcall :DWORD
SafeDeleteBPX proto stdcall :DWORD
SetAPIBreakPoint proto stdcall :ptr SBYTE, :ptr SBYTE, :DWORD, :DWORD, :LPVOID

3
TitanEngine/Global.Breakpoints.cpp
View File

@ -2,8 +2,7 @@
#include "definitions.h"
#include "Global.Breakpoints.h"
int BreakPointSetCount = 0;
extern BreakPointDetail BreakPointBuffer[MAXIMUM_BREAKPOINTS] = {};
std::vector<BreakPointDetail> BreakPointBuffer;
ULONG_PTR dr7uint(DR7* dr7)
{

5
TitanEngine/Global.Breakpoints.h
View File

@ -1,8 +1,9 @@
#ifndef _GLOBAL_BREAKPOINTS_H
#define _GLOBAL_BREAKPOINTS_H
extern int BreakPointSetCount;
extern BreakPointDetail BreakPointBuffer[MAXIMUM_BREAKPOINTS];
#include <vector>
extern std::vector<BreakPointDetail> BreakPointBuffer;
void uintdr7(ULONG_PTR dr7, DR7* ret);
ULONG_PTR dr7uint(DR7* dr7);

30
TitanEngine/Global.Engine.Extension.cpp
View File

@ -168,10 +168,10 @@ __declspec(dllexport) bool TITCALL ExtensionManagerIsPluginLoaded(char* szPlugin
{
if(lstrcmpiA(Plugin[i].PluginName, szPluginName) == NULL)
{
return(true);
return true;
}
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL ExtensionManagerIsPluginEnabled(char* szPluginName)
@ -183,15 +183,15 @@ __declspec(dllexport) bool TITCALL ExtensionManagerIsPluginEnabled(char* szPlugi
{
if(!Plugin[i].PluginDisabled)
{
return(true);
return true;
}
else
{
return(false);
return false;
}
}
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL ExtensionManagerDisableAllPlugins()
@ -201,7 +201,7 @@ __declspec(dllexport) bool TITCALL ExtensionManagerDisableAllPlugins()
{
Plugin[i].PluginDisabled = true;
}
return(true);
return true;
}
__declspec(dllexport) bool TITCALL ExtensionManagerDisablePlugin(char* szPluginName)
@ -212,10 +212,10 @@ __declspec(dllexport) bool TITCALL ExtensionManagerDisablePlugin(char* szPluginN
if(lstrcmpiA(Plugin[i].PluginName, szPluginName) == NULL)
{
Plugin[i].PluginDisabled = true;
return(true);
return true;
}
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL ExtensionManagerEnableAllPlugins()
@ -225,7 +225,7 @@ __declspec(dllexport) bool TITCALL ExtensionManagerEnableAllPlugins()
{
Plugin[i].PluginDisabled = false;
}
return(true);
return true;
}
__declspec(dllexport) bool TITCALL ExtensionManagerEnablePlugin(char* szPluginName)
@ -236,10 +236,10 @@ __declspec(dllexport) bool TITCALL ExtensionManagerEnablePlugin(char* szPluginNa
if(lstrcmpiA(Plugin[i].PluginName, szPluginName) == NULL)
{
Plugin[i].PluginDisabled = false;
return(true);
return true;
}
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL ExtensionManagerUnloadAllPlugins()
@ -252,7 +252,7 @@ __declspec(dllexport) bool TITCALL ExtensionManagerUnloadAllPlugins()
Plugin.erase(Plugin.begin() + i);
}
}
return(true);
return true;
}
__declspec(dllexport) bool TITCALL ExtensionManagerUnloadPlugin(char* szPluginName)
@ -274,7 +274,7 @@ __declspec(dllexport) bool TITCALL ExtensionManagerUnloadPlugin(char* szPluginNa
if(FreeLibrary(Plugin[i].PluginBaseAddress))
{
Plugin.erase(Plugin.begin() + i);
return(true);
return true;
}
}
}
@ -283,12 +283,12 @@ __declspec(dllexport) bool TITCALL ExtensionManagerUnloadPlugin(char* szPluginNa
if(FreeLibrary(Plugin[i].PluginBaseAddress))
{
Plugin.erase(Plugin.begin() + i);
return(true);
return true;
}
}
}
}
return(false);
return false;
}
__declspec(dllexport) void* TITCALL ExtensionManagerGetPluginInfo(char* szPluginName)

4
TitanEngine/Global.Engine.GUI.cpp
View File

@ -35,11 +35,11 @@ bool EngineGetFileDialog(char* GlobalBuffer)
if(!GetOpenFileNameA(&sOpenFileName))
{
RtlZeroMemory(&GlobalBuffer[0], 1024);
return(false);
return false;
}
else
{
return(true);
return true;
}
}

1
TitanEngine/Global.Engine.Threading.cpp
View File

@ -11,6 +11,7 @@ MutexLocker::MutexLocker(const char* name)
MutexLocker::~MutexLocker()
{
if(!bUnlocked)
ReleaseMutex(gMutex);
}

116
TitanEngine/Global.Engine.cpp
View File

@ -65,7 +65,7 @@ bool EngineIsThereFreeHardwareBreakSlot(LPDWORD FreeRegister)
{
*FreeRegister = UE_DR0;
}
return(true);
return true;
}
else if(DebugRegister[1].DrxEnabled == false)
{
@ -73,7 +73,7 @@ bool EngineIsThereFreeHardwareBreakSlot(LPDWORD FreeRegister)
{
*FreeRegister = UE_DR1;
}
return(true);
return true;
}
else if(DebugRegister[2].DrxEnabled == false)
{
@ -81,7 +81,7 @@ bool EngineIsThereFreeHardwareBreakSlot(LPDWORD FreeRegister)
{
*FreeRegister = UE_DR2;
}
return(true);
return true;
}
else if(DebugRegister[3].DrxEnabled == false)
{
@ -89,9 +89,9 @@ bool EngineIsThereFreeHardwareBreakSlot(LPDWORD FreeRegister)
{
*FreeRegister = UE_DR3;
}
return(true);
return true;
}
return(false);
return false;
}
bool EngineFileExists(char* szFileName)
@ -101,11 +101,11 @@ bool EngineFileExists(char* szFileName)
if(hFile != INVALID_HANDLE_VALUE)
{
EngineCloseHandle(hFile);
return(true);
return true;
}
else
{
return(false);
return false;
}
}
@ -187,7 +187,7 @@ bool EngineCreatePathForFile(char* szFileName)
}
}
}
return(true);
return true;
}
bool EngineCreatePathForFileW(wchar_t* szFileName)
@ -225,7 +225,7 @@ bool EngineCreatePathForFileW(wchar_t* szFileName)
}
}
}
return(true);
return true;
}
wchar_t* EngineExtractFileNameW(wchar_t* szFileName)
@ -304,10 +304,10 @@ bool EngineIsPointedMemoryString(ULONG_PTR PossibleStringPtr)
}
if(StringIsValid == true && MaxDisassmSize - i > 4)
{
return(true);
return true;
}
}
return(false);
return false;
}
int EnginePointedMemoryStringLength(ULONG_PTR PossibleStringPtr)
@ -366,9 +366,9 @@ bool EngineCompareResourceString(wchar_t* String1, wchar_t* String2)
RtlMoveMemory(&StringCmp[0], &String1[0], memData->Array.wArrayEntry[0] * 2);
if(lstrcmpiW(StringCmp, String2) == NULL)
{
return(true);
return true;
}
return(false);
return false;
}
long long EngineEstimateNewSectionRVA(ULONG_PTR FileMapVA)
@ -459,7 +459,7 @@ bool EngineExtractForwarderData(ULONG_PTR PossibleStringPtr, LPVOID szFwdDLLName
}
if(TestChar == 0x00)
{
return(false);
return false;
}
PossibleStringPtr--;
RtlCopyMemory(szFwdDLLName, lpPossibleStringPtr, PossibleStringPtr - (ULONG_PTR)lpPossibleStringPtr);
@ -477,11 +477,11 @@ bool EngineExtractForwarderData(ULONG_PTR PossibleStringPtr, LPVOID szFwdDLLName
PossibleStringPtr++;
}
RtlCopyMemory(szFwdAPIName, lpPossibleStringPtr, PossibleStringPtr - (ULONG_PTR)lpPossibleStringPtr);
return(true);
return true;
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
return(false);
return false;
}
}
@ -522,13 +522,13 @@ bool EngineExtractResource(char* szResourceName, wchar_t* szExtractedFileName)
}
else
{
return(false);
return false;
}
}
}
return(true);
return true;
}
return(false);
return false;
}
bool EngineIsDependencyPresent(char* szFileName, char* szDependencyForFile, char* szPresentInFolder)
@ -549,7 +549,7 @@ bool EngineIsDependencyPresent(char* szFileName, char* szDependencyForFile, char
if(hFile != INVALID_HANDLE_VALUE)
{
EngineCloseHandle(hFile);
return(true);
return true;
}
}
@ -559,7 +559,7 @@ bool EngineIsDependencyPresent(char* szFileName, char* szDependencyForFile, char
if(hFile != INVALID_HANDLE_VALUE)
{
EngineCloseHandle(hFile);
return(true);
return true;
}
if(GetSystemDirectoryA(szTryFileName, 512) > NULL)
{
@ -569,7 +569,7 @@ bool EngineIsDependencyPresent(char* szFileName, char* szDependencyForFile, char
if(hFile != INVALID_HANDLE_VALUE)
{
EngineCloseHandle(hFile);
return(true);
return true;
}
}
if(GetWindowsDirectoryA(szTryFileName, 512) > NULL)
@ -580,7 +580,7 @@ bool EngineIsDependencyPresent(char* szFileName, char* szDependencyForFile, char
if(hFile != INVALID_HANDLE_VALUE)
{
EngineCloseHandle(hFile);
return(true);
return true;
}
}
if(szDependencyForFile != NULL)
@ -600,11 +600,11 @@ bool EngineIsDependencyPresent(char* szFileName, char* szDependencyForFile, char
if(hFile != INVALID_HANDLE_VALUE)
{
EngineCloseHandle(hFile);
return(true);
return true;
}
}
}
return(false);
return false;
}
bool EngineIsDependencyPresentW(wchar_t* szFileName, wchar_t* szDependencyForFile, wchar_t* szPresentInFolder)
@ -626,7 +626,7 @@ bool EngineIsDependencyPresentW(wchar_t* szFileName, wchar_t* szDependencyForFil
if(hFile != INVALID_HANDLE_VALUE)
{
EngineCloseHandle(hFile);
return(true);
return true;
}
}
if(szFileName != NULL)
@ -635,7 +635,7 @@ bool EngineIsDependencyPresentW(wchar_t* szFileName, wchar_t* szDependencyForFil
if(hFile != INVALID_HANDLE_VALUE)
{
EngineCloseHandle(hFile);
return(true);
return true;
}
if(GetSystemDirectoryW(szTryFileName, 512) > NULL)
{
@ -645,7 +645,7 @@ bool EngineIsDependencyPresentW(wchar_t* szFileName, wchar_t* szDependencyForFil
if(hFile != INVALID_HANDLE_VALUE)
{
EngineCloseHandle(hFile);
return(true);
return true;
}
}
@ -657,7 +657,7 @@ bool EngineIsDependencyPresentW(wchar_t* szFileName, wchar_t* szDependencyForFil
if(hFile != INVALID_HANDLE_VALUE)
{
EngineCloseHandle(hFile);
return(true);
return true;
}
}
@ -677,11 +677,11 @@ bool EngineIsDependencyPresentW(wchar_t* szFileName, wchar_t* szDependencyForFil
if(hFile != INVALID_HANDLE_VALUE)
{
EngineCloseHandle(hFile);
return(true);
return true;
}
}
}
return(false);
return false;
}
bool EngineGetDependencyLocation(char* szFileName, char* szDependencyForFile, void* szLocationOfTheFile, int MaxStringSize)
@ -702,7 +702,7 @@ bool EngineGetDependencyLocation(char* szFileName, char* szDependencyForFile, vo
RtlCopyMemory(szLocationOfTheFile, szFileName, lstrlenA(szFileName));
}
EngineCloseHandle(hFile);
return(true);
return true;
}
if(GetSystemDirectoryA(szTryFileName, 512) > NULL)
{
@ -717,7 +717,7 @@ bool EngineGetDependencyLocation(char* szFileName, char* szDependencyForFile, vo
RtlCopyMemory(szLocationOfTheFile, &szTryFileName, lstrlenA(szTryFileName));
}
EngineCloseHandle(hFile);
return(true);
return true;
}
}
if(GetWindowsDirectoryA(szTryFileName, 512) > NULL)
@ -733,7 +733,7 @@ bool EngineGetDependencyLocation(char* szFileName, char* szDependencyForFile, vo
RtlCopyMemory(szLocationOfTheFile, &szTryFileName, lstrlenA(szTryFileName));
}
EngineCloseHandle(hFile);
return(true);
return true;
}
}
if(szDependencyForFile != NULL)
@ -758,11 +758,11 @@ bool EngineGetDependencyLocation(char* szFileName, char* szDependencyForFile, vo
RtlCopyMemory(szLocationOfTheFile, &szTryFileName, lstrlenA(szTryFileName));
}
EngineCloseHandle(hFile);
return(true);
return true;
}
}
}
return(false);
return false;
}
long EngineHashString(char* szStringToHash)
@ -807,7 +807,7 @@ bool EngineIsBadReadPtrEx(LPVOID DataPointer, DWORD DataSize)
VirtualQuery(DataPointer, &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
if(MemInfo.AllocationProtect == MEM_FREE || MemInfo.AllocationProtect == MEM_PRIVATE)
{
return(false);
return false;
}
DataPointer = (LPVOID)((ULONG_PTR)DataPointer + MemInfo.RegionSize);
if(MemInfo.RegionSize > DataSize)
@ -819,7 +819,7 @@ bool EngineIsBadReadPtrEx(LPVOID DataPointer, DWORD DataSize)
DataSize = DataSize - (DWORD)MemInfo.RegionSize;
}
}
return(true);
return true;
}
bool EngineValidateResource(HMODULE hModule, LPCTSTR lpszType, LPTSTR lpszName, LONG_PTR lParam)
@ -844,20 +844,20 @@ bool EngineValidateResource(HMODULE hModule, LPCTSTR lpszType, LPTSTR lpszName,
if(!EngineIsBadReadPtrEx(ResourceData, ResourceSize))
{
*((LONG*)lParam) = ReturnData;
return(false);
return false;
}
}
else
{
*((LONG*)lParam) = ReturnData;
return(false);
return false;
}
}
return(true);
return true;
}
*((LONG*)lParam) = ReturnData;
return(false);
return false;
}
bool EngineValidateHeader(ULONG_PTR FileMapVA, HANDLE hFileProc, LPVOID ImageBase, PIMAGE_DOS_HEADER DOSHeader, bool IsFile)
@ -891,26 +891,26 @@ bool EngineValidateHeader(ULONG_PTR FileMapVA, HANDLE hFileProc, LPVOID ImageBas
PEHeader32 = (PIMAGE_NT_HEADERS32)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
if(PEHeader32->Signature != 0x4550)
{
return(false);
return false;
}
else
{
return(true);
return true;
}
}
else
{
return(false);
return false;
}
}
else
{
return(false);
return false;
}
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
return(false);
return false;
}
}
else
@ -928,31 +928,31 @@ bool EngineValidateHeader(ULONG_PTR FileMapVA, HANDLE hFileProc, LPVOID ImageBas
PEHeader32 = (PIMAGE_NT_HEADERS32)(&RemotePEHeader32);
if(PEHeader32->Signature != 0x4550)
{
return(false);
return false;
}
else
{
return(true);
return true;
}
}
else
{
return(false);
return false;
}
}
else
{
return(false);
return false;
}
}
else
{
return(false);
return false;
}
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
return(false);
return false;
}
}
}
@ -1328,7 +1328,7 @@ bool EngineGetLibraryOrdinalData(ULONG_PTR ModuleBase, LPDWORD ptrOrdinalBase, L
}
else
{
return(false);
return false;
}
if(!FileIs64)
{
@ -1342,16 +1342,16 @@ bool EngineGetLibraryOrdinalData(ULONG_PTR ModuleBase, LPDWORD ptrOrdinalBase, L
*ptrOrdinalBase = PEExports->Base;
*ptrOrdinalCount = PEExports->NumberOfNames;
}
return(true);
return true;
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
return(false);
return false;
}
return(false);
return false;
}
long long EngineGlobalAPIHandler(HANDLE handleProcess, ULONG_PTR EnumedModulesBases, ULONG_PTR APIAddress, char* szAPIName, DWORD ReturnType)
long long EngineGlobalAPIHandler(HANDLE handleProcess, ULONG_PTR EnumedModulesBases, ULONG_PTR APIAddress, const char* szAPIName, DWORD ReturnType)
{
unsigned int i = 0;

2
TitanEngine/Global.Engine.h
View File

@ -50,6 +50,6 @@ long long EngineSimulateNtLoader(char* szFileName);
long long EngineSimulateDllLoader(HANDLE hProcess, char* szFileName);
long long EngineGetProcAddress(ULONG_PTR ModuleBase, char* szAPIName);
bool EngineGetLibraryOrdinalData(ULONG_PTR ModuleBase, LPDWORD ptrOrdinalBase, LPDWORD ptrOrdinalCount);
long long EngineGlobalAPIHandler(HANDLE handleProcess, ULONG_PTR EnumedModulesBases, ULONG_PTR APIAddress, char* szAPIName, DWORD ReturnType);
long long EngineGlobalAPIHandler(HANDLE handleProcess, ULONG_PTR EnumedModulesBases, ULONG_PTR APIAddress, const char* szAPIName, DWORD ReturnType);
#endif //_GLOBAL_ENGINE_H

12
TitanEngine/Global.Garbage.cpp
View File

@ -32,12 +32,12 @@ bool CreateGarbageItem(void* outGargabeItem, int MaxGargabeStringSize)
if(lstrlenW(szGarbageItem) * 2 >= MaxGargabeStringSize)
{
RtlMoveMemory(outGargabeItem, &szGarbageItem, MaxGargabeStringSize);
return(false);
return false;
}
else
{
RtlMoveMemory(outGargabeItem, &szGarbageItem, lstrlenW(szGarbageItem) * 2);
return(true);
return true;
}
}
@ -99,16 +99,16 @@ bool RemoveGarbageItem(wchar_t* szGarbageItem, bool RemoveFolder)
}
}
}
return(true);
return true;
}
else
{
return(false);
return false;
}
}
else
{
return(false);
return false;
}
}
@ -146,7 +146,7 @@ bool FillGarbageItem(wchar_t* szGarbageItem, wchar_t* szFileName, void* outGarga
CopyFileW(szFileName, szCopyFileName, false);
}
}
return(true);
return true;
}
void EmptyGarbage()

19
TitanEngine/Global.OEPFinder.cpp
View File

@ -13,24 +13,23 @@ GenericOEPTracerData glbEntryTracerData = {};
// Global.FindOEP.functions:
void GenericOEPVirtualProtectHit()
{
PBreakPointDetail bpxList = (PBreakPointDetail)BreakPointBuffer;
MEMORY_BASIC_INFORMATION MemInfo;
DWORD MaximumBreakPoints = 0;
DWORD NewProtect = 0;
DWORD OldProtect = 0;
while(MaximumBreakPoints < MAXIMUM_BREAKPOINTS)
int bpcount=BreakPointBuffer.size();
for(int i=0; i<bpcount; i++)
{
bpxList = (PBreakPointDetail)((ULONG_PTR)bpxList + sizeof BreakPointDetail);
if(bpxList->BreakPointType == UE_MEMORY && bpxList->BreakPointActive == UE_BPXACTIVE)
BreakPointDetail curDetail=BreakPointBuffer.at(i);
if(curDetail.BreakPointType == UE_MEMORY && curDetail.BreakPointActive == UE_BPXACTIVE)
{
VirtualQueryEx(dbgProcessInformation.hProcess, (LPVOID)bpxList->BreakPointAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
VirtualQueryEx(dbgProcessInformation.hProcess, (LPVOID)curDetail.BreakPointAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
OldProtect = MemInfo.Protect;
if(!(OldProtect & PAGE_GUARD))
{
NewProtect = OldProtect ^ PAGE_GUARD;
VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxList->BreakPointAddress, bpxList->BreakPointSize, NewProtect, &OldProtect);
VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)curDetail.BreakPointAddress, curDetail.BreakPointSize, NewProtect, &OldProtect);
}
}
MaximumBreakPoints++;
@ -286,11 +285,11 @@ bool GenericOEPFileInitW(wchar_t* szFileName, LPVOID TraceInitCallBack, LPVOID C
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
if(glbEntryTracerData.FileIsDLL)
{
return(false);
return false;
}
else
{
return(true);
return true;
}
}
else
@ -298,5 +297,5 @@ bool GenericOEPFileInitW(wchar_t* szFileName, LPVOID TraceInitCallBack, LPVOID C
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
}
}
return(false);
return false;
}

865
TitanEngine/TitanEngine.Breakpoints.cpp
View File

File diff suppressed because it is too large Load Diff

2
TitanEngine/TitanEngine.Debugger.Context.cpp
View File

@ -319,7 +319,7 @@ __declspec(dllexport) bool TITCALL SetContextFPUDataEx(HANDLE hActiveThread, voi
RtlZeroMemory(&DBGContext, sizeof CONTEXT);
DBGContext.ContextFlags = CONTEXT_ALL;
if(!GetThreadContext(hActiveThread, &DBGContext))
return(false);
return false;
#ifndef _WIN64
RtlMoveMemory(&DBGContext.FloatSave, FPUSaveArea, sizeof FLOATING_SAVE_AREA);
#else

446
TitanEngine/TitanEngine.Debugger.DebugLoop.cpp
View File

@ -17,7 +17,6 @@ static DWORD engineWaitForDebugEventTimeOut = INFINITE;
__declspec(dllexport) void TITCALL DebugLoop()
{
int i = NULL;
int j = NULL;
int k = NULL;
bool FirstBPX = true;
@ -47,7 +46,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
ULONG_PTR ResetBPXAddressTo = 0;
ULONG_PTR ResetMemBPXAddress = 0;
SIZE_T ResetMemBPXSize = 0;
int MaximumBreakPoints = 0;
//int MaximumBreakPoints = 0;
ULONG_PTR NumberOfBytesReadWritten = 0;
MEMORY_BASIC_INFORMATION MemInfo;
HANDLE hActiveThread;
@ -348,7 +347,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
hListLibraryPtr->hFileMappingView = hFileMappingView;
if(GetMappedFileNameW(GetCurrentProcess(), hFileMappingView, DLLDebugFileName, sizeof(DLLDebugFileName)/sizeof(DLLDebugFileName[0])) > NULL)
{
i = lstrlenW(DLLDebugFileName);
int i = lstrlenW(DLLDebugFileName);
while(DLLDebugFileName[i] != 0x5C && i >= NULL)
{
i--;
@ -567,28 +566,30 @@ __declspec(dllexport) void TITCALL DebugLoop()
{
case STATUS_BREAKPOINT:
{
MaximumBreakPoints = 0;
for(MaximumBreakPoints = 0; MaximumBreakPoints < BreakPointSetCount; MaximumBreakPoints++)
bool bFoundBreakPoint=false;
BreakPointDetail FoundBreakPoint;
int bpcount=BreakPointBuffer.size();
for(int i=0; i<bpcount; i++)
{
if(BreakPointBuffer[MaximumBreakPoints].BreakPointAddress == (ULONG_PTR)DBGEvent.u.Exception.ExceptionRecord.ExceptionAddress - (BreakPointBuffer[MaximumBreakPoints].BreakPointSize - 1))
if(BreakPointBuffer.at(i).BreakPointAddress == (ULONG_PTR)DBGEvent.u.Exception.ExceptionRecord.ExceptionAddress - (BreakPointBuffer.at(i).BreakPointSize - 1) &&
(BreakPointBuffer.at(i).BreakPointType == UE_BREAKPOINT || BreakPointBuffer.at(i).BreakPointType == UE_SINGLESHOOT) &&
BreakPointBuffer.at(i).BreakPointActive == UE_BPXACTIVE)
{
FoundBreakPoint=BreakPointBuffer.at(i);
bFoundBreakPoint=true;
break;
}
}
if(BreakPointBuffer[MaximumBreakPoints].BreakPointActive == UE_BPXACTIVE && MaximumBreakPoints < MAXIMUM_BREAKPOINTS)
if(bFoundBreakPoint) //breakpoint found
{
VirtualQueryEx(dbgProcessInformation.hProcess, (LPVOID)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
OldProtect = MemInfo.Protect;
VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, BreakPointBuffer[MaximumBreakPoints].BreakPointSize, PAGE_EXECUTE_READWRITE, &OldProtect);
if(BreakPointBuffer[MaximumBreakPoints].BreakPointActive == UE_BPXACTIVE && (BreakPointBuffer[MaximumBreakPoints].BreakPointType == UE_BREAKPOINT || BreakPointBuffer[MaximumBreakPoints].BreakPointType == UE_SINGLESHOOT) && (BreakPointBuffer[MaximumBreakPoints].NumberOfExecutions == -1 || BreakPointBuffer[MaximumBreakPoints].NumberOfExecutions > 0))
{
if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, &BreakPointBuffer[MaximumBreakPoints].OriginalByte[0], BreakPointBuffer[MaximumBreakPoints].BreakPointSize, &NumberOfBytesReadWritten))
VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)FoundBreakPoint.BreakPointAddress, FoundBreakPoint.BreakPointSize, PAGE_EXECUTE_READWRITE, &OldProtect);
if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)FoundBreakPoint.BreakPointAddress, &FoundBreakPoint.OriginalByte[0], FoundBreakPoint.BreakPointSize, &NumberOfBytesReadWritten))
{
DBGCode = DBG_CONTINUE;
hActiveThread = OpenThread(THREAD_GET_CONTEXT|THREAD_SET_CONTEXT|THREAD_QUERY_INFORMATION, false, DBGEvent.dwThreadId);
hActiveThread = OpenThread(THREAD_GET_CONTEXT|THREAD_SET_CONTEXT, false, DBGEvent.dwThreadId);
myDBGContext.ContextFlags = CONTEXT_CONTROL;
GetThreadContext(hActiveThread, &myDBGContext);
if(BreakPointBuffer[MaximumBreakPoints].BreakPointType != UE_SINGLESHOOT)
if(FoundBreakPoint.BreakPointType != UE_SINGLESHOOT)
{
if(!(myDBGContext.EFlags & 0x100))
{
@ -600,121 +601,15 @@ __declspec(dllexport) void TITCALL DebugLoop()
myDBGContext.EFlags = myDBGContext.EFlags ^ 0x10000;
}
#if defined(_WIN64)
myDBGContext.Rip = myDBGContext.Rip - BreakPointBuffer[MaximumBreakPoints].BreakPointSize;
myDBGContext.Rip = myDBGContext.Rip - FoundBreakPoint.BreakPointSize;
#else
myDBGContext.Eip = myDBGContext.Eip - BreakPointBuffer[MaximumBreakPoints].BreakPointSize;
myDBGContext.Eip = myDBGContext.Eip - FoundBreakPoint.BreakPointSize;
#endif
SetThreadContext(hActiveThread, &myDBGContext);
EngineCloseHandle(hActiveThread);
VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, BreakPointBuffer[MaximumBreakPoints].BreakPointSize, OldProtect, &OldProtect);
myCustomBreakPoint = (fCustomBreakPoint)((LPVOID)BreakPointBuffer[MaximumBreakPoints].ExecuteCallBack);
if(BreakPointBuffer[MaximumBreakPoints].NumberOfExecutions != -1 && BreakPointBuffer[MaximumBreakPoints].NumberOfExecutions != 0)
{
BreakPointBuffer[MaximumBreakPoints].NumberOfExecutions--;
}
if(BreakPointBuffer[MaximumBreakPoints].CmpCondition != UE_CMP_NOCONDITION)
{
CompareResult = false;
CmpValue1 = (ULONG_PTR)GetContextData((DWORD)BreakPointBuffer[MaximumBreakPoints].CmpRegister);
myCustomBreakPoint = (fCustomBreakPoint)((LPVOID)BreakPointBuffer[MaximumBreakPoints].CompareCallBack);
if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_EQUAL)
{
CmpValue2 = BreakPointBuffer[MaximumBreakPoints].CmpValue;
if(CmpValue1 == CmpValue2)
{
CompareResult = true;
}
}
else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_NOTEQUAL)
{
CmpValue2 = BreakPointBuffer[MaximumBreakPoints].CmpValue;
if(CmpValue1 != CmpValue2)
{
CompareResult = true;
}
}
else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_GREATER)
{
CmpValue2 = BreakPointBuffer[MaximumBreakPoints].CmpValue;
if(CmpValue1 > CmpValue2)
{
CompareResult = true;
}
}
else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_GREATEROREQUAL)
{
CmpValue2 = BreakPointBuffer[MaximumBreakPoints].CmpValue;
if(CmpValue1 >= CmpValue2)
{
CompareResult = true;
}
}
else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_LOWER)
{
CmpValue2 = BreakPointBuffer[MaximumBreakPoints].CmpValue;
if(CmpValue1 < CmpValue2)
{
CompareResult = true;
}
}
else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_LOWEROREQUAL)
{
CmpValue2 = BreakPointBuffer[MaximumBreakPoints].CmpValue;
if(CmpValue1 <= CmpValue2)
{
CompareResult = true;
}
}
else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_REG_EQUAL)
{
CmpValue2 = (ULONG_PTR)GetContextData((DWORD)BreakPointBuffer[MaximumBreakPoints].CmpValue);
if(CmpValue1 == CmpValue2)
{
CompareResult = true;
}
}
else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_REG_NOTEQUAL)
{
CmpValue2 = (ULONG_PTR)GetContextData((DWORD)BreakPointBuffer[MaximumBreakPoints].CmpValue);
if(CmpValue1 != CmpValue2)
{
CompareResult = true;
}
}
else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_REG_GREATER)
{
CmpValue2 = (ULONG_PTR)GetContextData((DWORD)BreakPointBuffer[MaximumBreakPoints].CmpValue);
if(CmpValue1 > CmpValue2)
{
CompareResult = true;
}
}
else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_REG_GREATEROREQUAL)
{
CmpValue2 = (ULONG_PTR)GetContextData((DWORD)BreakPointBuffer[MaximumBreakPoints].CmpValue);
if(CmpValue1 >= CmpValue2)
{
CompareResult = true;
}
}
else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_REG_LOWER)
{
CmpValue2 = (ULONG_PTR)GetContextData((DWORD)BreakPointBuffer[MaximumBreakPoints].CmpValue);
if(CmpValue1 < CmpValue2)
{
CompareResult = true;
}
}
else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_REG_LOWEROREQUAL)
{
CmpValue2 = (ULONG_PTR)GetContextData((DWORD)BreakPointBuffer[MaximumBreakPoints].CmpValue);
if(CmpValue1 <= CmpValue2)
{
CompareResult = true;
}
}
if(CompareResult)
{
VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)FoundBreakPoint.BreakPointAddress, FoundBreakPoint.BreakPointSize, OldProtect, &OldProtect);
myCustomBreakPoint = (fCustomBreakPoint)((LPVOID)FoundBreakPoint.ExecuteCallBack);
//execute callback
__try
{
myCustomBreakPoint();
@ -723,45 +618,23 @@ __declspec(dllexport) void TITCALL DebugLoop()
{
}
}
}
else
if(FoundBreakPoint.BreakPointType != UE_SINGLESHOOT)
{
__try
{
myCustomBreakPoint();
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
}
}
if(BreakPointBuffer[MaximumBreakPoints].BreakPointType != UE_SINGLESHOOT)
{
DisableBPX((ULONG_PTR)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress);
ResetBPXSize = BreakPointBuffer[MaximumBreakPoints].BreakPointSize - 1;
ResetBPXAddressTo = (ULONG_PTR)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress;
DisableBPX((ULONG_PTR)FoundBreakPoint.BreakPointAddress);
ResetBPXSize = FoundBreakPoint.BreakPointSize - 1;
ResetBPXAddressTo = (ULONG_PTR)FoundBreakPoint.BreakPointAddress;
ResetBPX = true;
}
else
{
DeleteBPX((ULONG_PTR)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress);
ResetBPXSize = BreakPointBuffer[MaximumBreakPoints].BreakPointSize - 1;
DeleteBPX((ULONG_PTR)FoundBreakPoint.BreakPointAddress);
ResetBPXSize = FoundBreakPoint.BreakPointSize - 1;
ResetBPXAddressTo = NULL;
ResetBPX = false;
}
}
else
{
VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, BreakPointBuffer[MaximumBreakPoints].BreakPointSize, OldProtect, &OldProtect);
DBGCode = DBG_CONTINUE;
}
}
else
{
VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, BreakPointBuffer[MaximumBreakPoints].BreakPointSize, OldProtect, &OldProtect);
DBGCode = DBG_EXCEPTION_NOT_HANDLED;
}
VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)FoundBreakPoint.BreakPointAddress, FoundBreakPoint.BreakPointSize, OldProtect, &OldProtect);
}
else //breakpoint not in list
{
@ -807,7 +680,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
}
if(engineTLSBreakOnCallBack) //set TLS callback breakpoints
{
i = NULL;
int i = NULL;
while(tlsCallBackList[i] != NULL)
{
SetBPX((ULONG_PTR)tlsCallBackList[i], UE_SINGLESHOOT, (LPVOID)engineTLSBreakOnCallBackAddress);
@ -1115,35 +988,38 @@ __declspec(dllexport) void TITCALL DebugLoop()
case STATUS_GUARD_PAGE_VIOLATION:
{
MemoryBpxFound = false;
MaximumBreakPoints = 0;
ULONG_PTR bpaddr;
for(MaximumBreakPoints = 0; MaximumBreakPoints < BreakPointSetCount; MaximumBreakPoints++)
bool bFoundBreakPoint=false;
BreakPointDetail FoundBreakPoint;
int bpcount=BreakPointBuffer.size();
for(int i=0; i<bpcount; i++)
{
ULONG_PTR addr=BreakPointBuffer[MaximumBreakPoints].BreakPointAddress;
ULONG_PTR addr=BreakPointBuffer.at(i).BreakPointAddress;
bpaddr=(ULONG_PTR)DBGEvent.u.Exception.ExceptionRecord.ExceptionInformation[1]; //page accessed
if(((BreakPointBuffer[MaximumBreakPoints].BreakPointType >= UE_MEMORY) && (BreakPointBuffer[MaximumBreakPoints].BreakPointType <= UE_MEMORY_EXECUTE)) && bpaddr>=addr && bpaddr<(addr+BreakPointBuffer[MaximumBreakPoints].BreakPointSize))
if(bpaddr>=addr && bpaddr<(addr+BreakPointBuffer.at(i).BreakPointSize) &&
(BreakPointBuffer.at(i).BreakPointType == UE_MEMORY ||
BreakPointBuffer.at(i).BreakPointType == UE_MEMORY_READ ||
BreakPointBuffer.at(i).BreakPointType == UE_MEMORY_WRITE ||
BreakPointBuffer.at(i).BreakPointType == UE_MEMORY_EXECUTE) &&
BreakPointBuffer.at(i).BreakPointActive == UE_BPXACTIVE)
{
MemoryBpxFound = true;
FoundBreakPoint=BreakPointBuffer.at(i);
bFoundBreakPoint=true;
break;
}
}
if(MaximumBreakPoints < MAXIMUM_BREAKPOINTS || MemoryBpxFound == true) //found memory breakpoint
if(bFoundBreakPoint) //found memory breakpoint
{
if(BreakPointBuffer[MaximumBreakPoints].BreakPointActive == UE_BPXACTIVE) //memory breakpoint is active
{
hActiveThread = OpenThread(THREAD_GET_CONTEXT|THREAD_SET_CONTEXT|THREAD_QUERY_INFORMATION, false, DBGEvent.dwThreadId);
hActiveThread = OpenThread(THREAD_GET_CONTEXT|THREAD_SET_CONTEXT, false, DBGEvent.dwThreadId);
myDBGContext.ContextFlags = CONTEXT_CONTROL;
GetThreadContext(hActiveThread, &myDBGContext);
DBGCode = DBG_CONTINUE; //debugger handled the exception
MemoryBpxCallBack = BreakPointBuffer[MaximumBreakPoints].ExecuteCallBack;
if(BreakPointBuffer[MaximumBreakPoints].BreakPointType == UE_MEMORY) //READ|WRITE|EXECUTE
MemoryBpxCallBack = FoundBreakPoint.ExecuteCallBack;
if(FoundBreakPoint.BreakPointType == UE_MEMORY) //READ|WRITE|EXECUTE
{
if(BreakPointBuffer[MaximumBreakPoints].MemoryBpxRestoreOnHit != 1)
if(FoundBreakPoint.MemoryBpxRestoreOnHit != 1)
{
RemoveMemoryBPX(BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, BreakPointBuffer[MaximumBreakPoints].BreakPointSize);
RemoveMemoryBPX(FoundBreakPoint.BreakPointAddress, FoundBreakPoint.BreakPointSize);
}
else
{
@ -1152,8 +1028,8 @@ __declspec(dllexport) void TITCALL DebugLoop()
myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100;
}
SetThreadContext(hActiveThread, &myDBGContext);
ResetMemBPXAddress = BreakPointBuffer[MaximumBreakPoints].BreakPointAddress;
ResetMemBPXSize = BreakPointBuffer[MaximumBreakPoints].BreakPointSize;
ResetMemBPXAddress = FoundBreakPoint.BreakPointAddress;
ResetMemBPXSize = FoundBreakPoint.BreakPointSize;
ResetMemBPX = true;
}
myCustomHandler = (fCustomHandler)(MemoryBpxCallBack);
@ -1166,12 +1042,12 @@ __declspec(dllexport) void TITCALL DebugLoop()
}
}
else if(BreakPointBuffer[MaximumBreakPoints].BreakPointType == UE_MEMORY_READ) //READ
else if(FoundBreakPoint.BreakPointType == UE_MEMORY_READ) //READ
{
if(BreakPointBuffer[MaximumBreakPoints].MemoryBpxRestoreOnHit != 1) //do not restore the memory breakpoint
if(FoundBreakPoint.MemoryBpxRestoreOnHit != 1) //do not restore the memory breakpoint
{
if(DBGEvent.u.Exception.ExceptionRecord.ExceptionInformation[0] == 0) //read operation
RemoveMemoryBPX(BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, BreakPointBuffer[MaximumBreakPoints].BreakPointSize);
RemoveMemoryBPX(FoundBreakPoint.BreakPointAddress, FoundBreakPoint.BreakPointSize);
}
else //restore the memory breakpoint
{
@ -1180,8 +1056,8 @@ __declspec(dllexport) void TITCALL DebugLoop()
myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100;
}
SetThreadContext(hActiveThread, &myDBGContext);
ResetMemBPXAddress = BreakPointBuffer[MaximumBreakPoints].BreakPointAddress;
ResetMemBPXSize = BreakPointBuffer[MaximumBreakPoints].BreakPointSize;
ResetMemBPXAddress = FoundBreakPoint.BreakPointAddress;
ResetMemBPXSize = FoundBreakPoint.BreakPointSize;
ResetMemBPX = true;
}
if(DBGEvent.u.Exception.ExceptionRecord.ExceptionInformation[0] == 0) //read operation
@ -1203,17 +1079,17 @@ __declspec(dllexport) void TITCALL DebugLoop()
myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100;
}
SetThreadContext(hActiveThread, &myDBGContext);
ResetMemBPXAddress = BreakPointBuffer[MaximumBreakPoints].BreakPointAddress;
ResetMemBPXSize = BreakPointBuffer[MaximumBreakPoints].BreakPointSize;
ResetMemBPXAddress = FoundBreakPoint.BreakPointAddress;
ResetMemBPXSize = FoundBreakPoint.BreakPointSize;
ResetMemBPX = true;
}
}
else if(BreakPointBuffer[MaximumBreakPoints].BreakPointType == UE_MEMORY_WRITE) //WRITE
else if(FoundBreakPoint.BreakPointType == UE_MEMORY_WRITE) //WRITE
{
if(BreakPointBuffer[MaximumBreakPoints].MemoryBpxRestoreOnHit != 1) //remove breakpoint
if(FoundBreakPoint.MemoryBpxRestoreOnHit != 1) //remove breakpoint
{
if(DBGEvent.u.Exception.ExceptionRecord.ExceptionInformation[0] == 1) //write operation
RemoveMemoryBPX(BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, BreakPointBuffer[MaximumBreakPoints].BreakPointSize);
RemoveMemoryBPX(FoundBreakPoint.BreakPointAddress, FoundBreakPoint.BreakPointSize);
}
else //restore breakpoint after trap flag
{
@ -1222,8 +1098,8 @@ __declspec(dllexport) void TITCALL DebugLoop()
myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100;
}
SetThreadContext(hActiveThread, &myDBGContext);
ResetMemBPXAddress = BreakPointBuffer[MaximumBreakPoints].BreakPointAddress;
ResetMemBPXSize = BreakPointBuffer[MaximumBreakPoints].BreakPointSize;
ResetMemBPXAddress = FoundBreakPoint.BreakPointAddress;
ResetMemBPXSize = FoundBreakPoint.BreakPointSize;
ResetMemBPX = true;
}
if(DBGEvent.u.Exception.ExceptionRecord.ExceptionInformation[0] == 1) //write operation
@ -1245,18 +1121,18 @@ __declspec(dllexport) void TITCALL DebugLoop()
myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100;
}
SetThreadContext(hActiveThread, &myDBGContext);
ResetMemBPXAddress = BreakPointBuffer[MaximumBreakPoints].BreakPointAddress;
ResetMemBPXSize = BreakPointBuffer[MaximumBreakPoints].BreakPointSize;
ResetMemBPXAddress = FoundBreakPoint.BreakPointAddress;
ResetMemBPXSize = FoundBreakPoint.BreakPointSize;
ResetMemBPX = true;
}
}
else if(BreakPointBuffer[MaximumBreakPoints].BreakPointType == UE_MEMORY_EXECUTE) //EXECUTE
else if(FoundBreakPoint.BreakPointType == UE_MEMORY_EXECUTE) //EXECUTE
{
if(BreakPointBuffer[MaximumBreakPoints].MemoryBpxRestoreOnHit != 1)
if(FoundBreakPoint.MemoryBpxRestoreOnHit != 1)
{
if(DBGEvent.u.Exception.ExceptionRecord.ExceptionInformation[0] == 8 && //data execution prevention (DEP) violation
(ULONG_PTR)DBGEvent.u.Exception.ExceptionRecord.ExceptionAddress == DBGEvent.u.Exception.ExceptionRecord.ExceptionInformation[1]) //exception address == read address
RemoveMemoryBPX(BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, BreakPointBuffer[MaximumBreakPoints].BreakPointSize);
RemoveMemoryBPX(FoundBreakPoint.BreakPointAddress, FoundBreakPoint.BreakPointSize);
}
else
{
@ -1265,8 +1141,8 @@ __declspec(dllexport) void TITCALL DebugLoop()
myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100;
}
SetThreadContext(hActiveThread, &myDBGContext);
ResetMemBPXAddress = BreakPointBuffer[MaximumBreakPoints].BreakPointAddress;
ResetMemBPXSize = BreakPointBuffer[MaximumBreakPoints].BreakPointSize;
ResetMemBPXAddress = FoundBreakPoint.BreakPointAddress;
ResetMemBPXSize = FoundBreakPoint.BreakPointSize;
ResetMemBPX = true;
}
if(DBGEvent.u.Exception.ExceptionRecord.ExceptionInformation[0] == 8 && //data execution prevention (DEP) violation
@ -1289,18 +1165,13 @@ __declspec(dllexport) void TITCALL DebugLoop()
myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100;
}
SetThreadContext(hActiveThread, &myDBGContext);
ResetMemBPXAddress = BreakPointBuffer[MaximumBreakPoints].BreakPointAddress;
ResetMemBPXSize = BreakPointBuffer[MaximumBreakPoints].BreakPointSize;
ResetMemBPXAddress = FoundBreakPoint.BreakPointAddress;
ResetMemBPXSize = FoundBreakPoint.BreakPointSize;
ResetMemBPX = true;
}
}
EngineCloseHandle(hActiveThread);
}
else
{
DBGCode = DBG_EXCEPTION_NOT_HANDLED; //debugger did not handle the exception
}
}
else //no memory breakpoint found
{
DBGCode = DBG_EXCEPTION_NOT_HANDLED;
@ -1346,28 +1217,30 @@ __declspec(dllexport) void TITCALL DebugLoop()
case STATUS_ILLEGAL_INSTRUCTION:
{
//UD2 breakpoint
MaximumBreakPoints = 0;
for(MaximumBreakPoints = 0; MaximumBreakPoints < BreakPointSetCount; MaximumBreakPoints++)
bool bFoundBreakPoint=false;
BreakPointDetail FoundBreakPoint;
int bpcount=BreakPointBuffer.size();
for(int i=0; i<bpcount; i++)
{
if(BreakPointBuffer[MaximumBreakPoints].BreakPointAddress == (ULONG_PTR)DBGEvent.u.Exception.ExceptionRecord.ExceptionAddress)
if(BreakPointBuffer.at(i).BreakPointAddress == (ULONG_PTR)DBGEvent.u.Exception.ExceptionRecord.ExceptionAddress &&
(BreakPointBuffer.at(i).BreakPointType == UE_BREAKPOINT || BreakPointBuffer.at(i).BreakPointType == UE_SINGLESHOOT) &&
BreakPointBuffer.at(i).BreakPointActive == UE_BPXACTIVE)
{
FoundBreakPoint=BreakPointBuffer.at(i);
bFoundBreakPoint=true;
break;
}
}
if(BreakPointBuffer[MaximumBreakPoints].BreakPointActive == UE_BPXACTIVE && MaximumBreakPoints < MAXIMUM_BREAKPOINTS)
if(bFoundBreakPoint) //found ud2 breakpoint
{
VirtualQueryEx(dbgProcessInformation.hProcess, (LPVOID)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
OldProtect = MemInfo.Protect;
VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, BreakPointBuffer[MaximumBreakPoints].BreakPointSize, PAGE_EXECUTE_READWRITE, &OldProtect);
if(BreakPointBuffer[MaximumBreakPoints].BreakPointActive == UE_BPXACTIVE && (BreakPointBuffer[MaximumBreakPoints].BreakPointType == UE_BREAKPOINT || BreakPointBuffer[MaximumBreakPoints].BreakPointType == UE_SINGLESHOOT) && (BreakPointBuffer[MaximumBreakPoints].NumberOfExecutions == -1 || BreakPointBuffer[MaximumBreakPoints].NumberOfExecutions > 0))
{
if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, &BreakPointBuffer[MaximumBreakPoints].OriginalByte[0], BreakPointBuffer[MaximumBreakPoints].BreakPointSize, &NumberOfBytesReadWritten))
VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)FoundBreakPoint.BreakPointAddress, FoundBreakPoint.BreakPointSize, PAGE_EXECUTE_READWRITE, &OldProtect);
if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)FoundBreakPoint.BreakPointAddress, &FoundBreakPoint.OriginalByte[0], FoundBreakPoint.BreakPointSize, &NumberOfBytesReadWritten))
{
DBGCode = DBG_CONTINUE;
hActiveThread = OpenThread(THREAD_GET_CONTEXT|THREAD_SET_CONTEXT|THREAD_QUERY_INFORMATION, false, DBGEvent.dwThreadId);
myDBGContext.ContextFlags = CONTEXT_CONTROL;
GetThreadContext(hActiveThread, &myDBGContext);
if(BreakPointBuffer[MaximumBreakPoints].BreakPointType != UE_SINGLESHOOT)
if(FoundBreakPoint.BreakPointType != UE_SINGLESHOOT)
{
if(!(myDBGContext.EFlags & 0x100))
{
@ -1380,115 +1253,9 @@ __declspec(dllexport) void TITCALL DebugLoop()
}
SetThreadContext(hActiveThread, &myDBGContext);
EngineCloseHandle(hActiveThread);
VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, BreakPointBuffer[MaximumBreakPoints].BreakPointSize, OldProtect, &OldProtect);
myCustomBreakPoint = (fCustomBreakPoint)((LPVOID)BreakPointBuffer[MaximumBreakPoints].ExecuteCallBack);
if(BreakPointBuffer[MaximumBreakPoints].NumberOfExecutions != -1 && BreakPointBuffer[MaximumBreakPoints].NumberOfExecutions != 0)
{
BreakPointBuffer[MaximumBreakPoints].NumberOfExecutions--;
}
if(BreakPointBuffer[MaximumBreakPoints].CmpCondition != UE_CMP_NOCONDITION)
{
CompareResult = false;
CmpValue1 = (ULONG_PTR)GetContextData((DWORD)BreakPointBuffer[MaximumBreakPoints].CmpRegister);
myCustomBreakPoint = (fCustomBreakPoint)((LPVOID)BreakPointBuffer[MaximumBreakPoints].CompareCallBack);
if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_EQUAL)
{
CmpValue2 = BreakPointBuffer[MaximumBreakPoints].CmpValue;
if(CmpValue1 == CmpValue2)
{
CompareResult = true;
}
}
else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_NOTEQUAL)
{
CmpValue2 = BreakPointBuffer[MaximumBreakPoints].CmpValue;
if(CmpValue1 != CmpValue2)
{
CompareResult = true;
}
}
else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_GREATER)
{
CmpValue2 = BreakPointBuffer[MaximumBreakPoints].CmpValue;
if(CmpValue1 > CmpValue2)
{
CompareResult = true;
}
}
else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_GREATEROREQUAL)
{
CmpValue2 = BreakPointBuffer[MaximumBreakPoints].CmpValue;
if(CmpValue1 >= CmpValue2)
{
CompareResult = true;
}
}
else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_LOWER)
{
CmpValue2 = BreakPointBuffer[MaximumBreakPoints].CmpValue;
if(CmpValue1 < CmpValue2)
{
CompareResult = true;
}
}
else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_LOWEROREQUAL)
{
CmpValue2 = BreakPointBuffer[MaximumBreakPoints].CmpValue;
if(CmpValue1 <= CmpValue2)
{
CompareResult = true;
}
}
else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_REG_EQUAL)
{
CmpValue2 = (ULONG_PTR)GetContextData((DWORD)BreakPointBuffer[MaximumBreakPoints].CmpValue);
if(CmpValue1 == CmpValue2)
{
CompareResult = true;
}
}
else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_REG_NOTEQUAL)
{
CmpValue2 = (ULONG_PTR)GetContextData((DWORD)BreakPointBuffer[MaximumBreakPoints].CmpValue);
if(CmpValue1 != CmpValue2)
{
CompareResult = true;
}
}
else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_REG_GREATER)
{
CmpValue2 = (ULONG_PTR)GetContextData((DWORD)BreakPointBuffer[MaximumBreakPoints].CmpValue);
if(CmpValue1 > CmpValue2)
{
CompareResult = true;
}
}
else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_REG_GREATEROREQUAL)
{
CmpValue2 = (ULONG_PTR)GetContextData((DWORD)BreakPointBuffer[MaximumBreakPoints].CmpValue);
if(CmpValue1 >= CmpValue2)
{
CompareResult = true;
}
}
else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_REG_LOWER)
{
CmpValue2 = (ULONG_PTR)GetContextData((DWORD)BreakPointBuffer[MaximumBreakPoints].CmpValue);
if(CmpValue1 < CmpValue2)
{
CompareResult = true;
}
}
else if(BreakPointBuffer[MaximumBreakPoints].CmpCondition == UE_CMP_REG_LOWEROREQUAL)
{
CmpValue2 = (ULONG_PTR)GetContextData((DWORD)BreakPointBuffer[MaximumBreakPoints].CmpValue);
if(CmpValue1 <= CmpValue2)
{
CompareResult = true;
}
}
if(CompareResult)
{
VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)FoundBreakPoint.BreakPointAddress, FoundBreakPoint.BreakPointSize, OldProtect, &OldProtect);
myCustomBreakPoint = (fCustomBreakPoint)((LPVOID)FoundBreakPoint.ExecuteCallBack);
//execute callback
__try
{
myCustomBreakPoint();
@ -1497,50 +1264,27 @@ __declspec(dllexport) void TITCALL DebugLoop()
{
}
}
}
else
if(FoundBreakPoint.BreakPointType != UE_SINGLESHOOT)
{
__try
{
myCustomBreakPoint();
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
}
}
if(BreakPointBuffer[MaximumBreakPoints].BreakPointType != UE_SINGLESHOOT)
{
DisableBPX((ULONG_PTR)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress);
ResetBPXSize = BreakPointBuffer[MaximumBreakPoints].BreakPointSize - 1;
ResetBPXAddressTo = (ULONG_PTR)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress;
DisableBPX((ULONG_PTR)FoundBreakPoint.BreakPointAddress);
ResetBPXSize = FoundBreakPoint.BreakPointSize - 1;
ResetBPXAddressTo = (ULONG_PTR)FoundBreakPoint.BreakPointAddress;
ResetBPX = true;
}
else
{
DeleteBPX((ULONG_PTR)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress);
ResetBPXSize = BreakPointBuffer[MaximumBreakPoints].BreakPointSize - 1;
DeleteBPX((ULONG_PTR)FoundBreakPoint.BreakPointAddress);
ResetBPXSize = FoundBreakPoint.BreakPointSize - 1;
ResetBPXAddressTo = NULL;
ResetBPX = false;
}
}
else
{
VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, BreakPointBuffer[MaximumBreakPoints].BreakPointSize, OldProtect, &OldProtect);
DBGCode = DBG_CONTINUE;
}
VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)FoundBreakPoint.BreakPointAddress, FoundBreakPoint.BreakPointSize, OldProtect, &OldProtect);
}
else
{
VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, BreakPointBuffer[MaximumBreakPoints].BreakPointSize, OldProtect, &OldProtect);
DBGCode=DBG_EXCEPTION_NOT_HANDLED;
}
}
else
{
DBGCode = DBG_EXCEPTION_NOT_HANDLED;
}
//application-generated exception
if(DBGCode==DBG_EXCEPTION_NOT_HANDLED)
{

74
TitanEngine/TitanEngine.Debugger.Helper.cpp
View File

@ -32,11 +32,11 @@ __declspec(dllexport) bool TITCALL GetRemoteString(HANDLE hProcess, LPVOID Strin
RtlZeroMemory(StringStorage, MaximumStringSize);
if(ReadProcessMemory(hProcess, (LPVOID)StringAddress, StringStorage, StringReadSize, &ueNumberOfBytesRW))
{
return(true);
return true;
}
else
{
return(false);
return false;
}
}
__declspec(dllexport) long long TITCALL GetFunctionParameter(HANDLE hProcess, DWORD FunctionType, DWORD ParameterNumber, DWORD ParameterType)
@ -579,242 +579,242 @@ __declspec(dllexport) bool TITCALL IsJumpGoingToExecuteEx(HANDLE hProcess, HANDL
}
else if(lstrcmpiA(DisassembledString, "JMP") == NULL)
{
return(true);
return true;
}
else if(lstrcmpiA(DisassembledString, "JA") == NULL)
{
if(bCF == false && bZF == false)
{
return(true);
return true;
}
}
else if(lstrcmpiA(DisassembledString, "JAE") == NULL)
{
if(!bCF)
{
return(true);
return true;
}
}
else if(lstrcmpiA(DisassembledString, "JB") == NULL)
{
if(bCF)
{
return(true);
return true;
}
}
else if(lstrcmpiA(DisassembledString, "JBE") == NULL)
{
if(bCF == true || bZF == true)
{
return(true);
return true;
}
}
else if(lstrcmpiA(DisassembledString, "JC") == NULL)
{
if(bCF)
{
return(true);
return true;
}
}
else if(lstrcmpiA(DisassembledString, "JCXZ") == NULL)
{
if((WORD)GetContextDataEx(hThread, UE_ECX) == NULL)
{
return(true);
return true;
}
}
else if(lstrcmpiA(DisassembledString, "JECXZ") == NULL)
{
if((DWORD)GetContextDataEx(hThread, UE_ECX) == NULL)
{
return(true);
return true;
}
}
else if(lstrcmpiA(DisassembledString, "JRCXZ") == NULL)
{
if((ULONG_PTR)GetContextDataEx(hThread, UE_RCX) == NULL)
{
return(true);
return true;
}
}
else if(lstrcmpiA(DisassembledString, "JZ") == NULL)
{
if(bZF)
{
return(true);
return true;
}
}
else if(lstrcmpiA(DisassembledString, "JNZ") == NULL)
{
if(!bZF)
{
return(true);
return true;
}
}
else if(lstrcmpiA(DisassembledString, "JE") == NULL)
{
if(bZF)
{
return(true);
return true;
}
}
else if(lstrcmpiA(DisassembledString, "JNE") == NULL)
{
if(!bZF)
{
return(true);
return true;
}
}
else if(lstrcmpiA(DisassembledString, "JG") == NULL)
{
if(bZF == false && bSF == bOF)
{
return(true);
return true;
}
}
else if(lstrcmpiA(DisassembledString, "JGE") == NULL)
{
if(bSF == bOF)
{
return(true);
return true;
}
}
else if(lstrcmpiA(DisassembledString, "JL") == NULL)
{
if(bSF != bOF)
{
return(true);
return true;
}
}
else if(lstrcmpiA(DisassembledString, "JLE") == NULL)
{
if(bZF == true || bSF != bOF)
{
return(true);
return true;
}
}
else if(lstrcmpiA(DisassembledString, "JNA") == NULL)
{
if(bCF == true || bZF == true)
{
return(true);
return true;
}
}
else if(lstrcmpiA(DisassembledString, "JNAE") == NULL)
{
if(bCF)
{
return(true);
return true;
}
}
else if(lstrcmpiA(DisassembledString, "JNB") == NULL)
{
if(!bCF)
{
return(true);
return true;
}
}
else if(lstrcmpiA(DisassembledString, "JNBE") == NULL)
{
if(bCF == false && bZF == false)
{
return(true);
return true;
}
}
else if(lstrcmpiA(DisassembledString, "JNC") == NULL)
{
if(!bCF)
{
return(true);
return true;
}
}
else if(lstrcmpiA(DisassembledString, "JNG") == NULL)
{
if(bZF == true || bSF != bOF)
{
return(true);
return true;
}
}
else if(lstrcmpiA(DisassembledString, "JNGE") == NULL)
{
if(bSF != bOF)
{
return(true);
return true;
}
}
else if(lstrcmpiA(DisassembledString, "JNL") == NULL)
{
if(bSF == bOF)
{
return(true);
return true;
}
}
else if(lstrcmpiA(DisassembledString, "JNLE") == NULL)
{
if(bZF == false && bSF == bOF)
{
return(true);
return true;
}
}
else if(lstrcmpiA(DisassembledString, "JNO") == NULL)
{
if(!bOF)
{
return(true);
return true;
}
}
else if(lstrcmpiA(DisassembledString, "JNP") == NULL)
{
if(!bPF)
{
return(true);
return true;
}
}
else if(lstrcmpiA(DisassembledString, "JNS") == NULL)
{
if(!bSF)
{
return(true);
return true;
}
}
else if(lstrcmpiA(DisassembledString, "JO") == NULL)
{
if(bOF)
{
return(true);
return true;
}
}
else if(lstrcmpiA(DisassembledString, "JP") == NULL)
{
if(bPF)
{
return(true);
return true;
}
}
else if(lstrcmpiA(DisassembledString, "JPE") == NULL)
{
if(bPF)
{
return(true);
return true;
}
}
else if(lstrcmpiA(DisassembledString, "JPO") == NULL)
{
if(!bPF)
{
return(true);
return true;
}
}
else if(lstrcmpiA(DisassembledString, "JS") == NULL)
{
if(bSF)
{
return(true);
return true;
}
}
}
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL IsJumpGoingToExecute()
{

20
TitanEngine/TitanEngine.Debugger.Memory.cpp
View File

@ -63,23 +63,23 @@ __declspec(dllexport) bool TITCALL MatchPatternEx(HANDLE hProcess, void* MemoryT
{
if(memCmp->Array.bArrayEntry[i] != memPattern->Array.bArrayEntry[i] && memPattern->Array.bArrayEntry[i] != *WildCard)
{
return(false);
return false;
}
SizeOfPatternToMatch--;
i++;
}
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
return(true);
return true;
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
return(false);
return false;
}
}
else
{
return(false);
return false;
}
}
__declspec(dllexport) bool TITCALL MatchPattern(void* MemoryToCheck, int SizeOfMemoryToCheck, void* PatternToMatch, int SizeOfPatternToMatch, PBYTE WildCard)
@ -224,9 +224,9 @@ __declspec(dllexport) bool TITCALL FillEx(HANDLE hProcess, LPVOID MemoryStart, D
MemoryStart = (LPVOID)((ULONG_PTR)MemoryStart + 1);
}
VirtualProtectEx(hProcess, MemoryStart, MemorySize, OldProtect, &OldProtect);
return(true);
return true;
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL Fill(LPVOID MemoryStart, DWORD MemorySize, PBYTE FillByte)
{
@ -289,9 +289,9 @@ __declspec(dllexport) bool TITCALL PatchEx(HANDLE hProcess, LPVOID MemoryStart,
WriteProcessMemory(hProcess, MemoryStart, ReplacePattern, ReplaceSize, &ueNumberOfBytesRead);
}
VirtualProtectEx(hProcess, MemoryStart, MemorySize, OldProtect, &OldProtect);
return(true);
return true;
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL Patch(LPVOID MemoryStart, DWORD MemorySize, LPVOID ReplacePattern, DWORD ReplaceSize, bool AppendNOP, bool PrependNOP)
{
@ -338,11 +338,11 @@ __declspec(dllexport) bool TITCALL ReplaceEx(HANDLE hProcess, LPVOID MemoryStart
VirtualFree(lpReadMemory, NULL, MEM_RELEASE);
if(NumberOfRepetitions != NULL)
{
return(false);
return false;
}
else
{
return(true);
return true;
}
}
__declspec(dllexport) bool TITCALL Replace(LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, DWORD NumberOfRepetitions, LPVOID ReplacePattern, DWORD ReplaceSize, PBYTE WildCard)

30
TitanEngine/TitanEngine.Debugger.cpp
View File

@ -5,6 +5,7 @@
#include "Global.Handle.h"
#include "Global.Breakpoints.h"
#include "Global.Threader.h"
#include <vector>
static wchar_t szBackupDebuggedFileName[512];
static wchar_t szDebuggerName[512];
@ -55,15 +56,14 @@ __declspec(dllexport) void* TITCALL InitDebugW(wchar_t* szFileName, wchar_t* szC
{
DebugConsoleFlag = CREATE_NO_WINDOW;
}
BreakPointSetCount = 0;
RtlZeroMemory(&BreakPointBuffer, sizeof BreakPointBuffer);
std::vector<BreakPointDetail>().swap(BreakPointBuffer);
if(szCommandLine == NULL)
{
if(CreateProcessW(szFileName, NULL, NULL, NULL, false, DEBUG_PROCESS|DEBUG_ONLY_THIS_PROCESS|DebugConsoleFlag|CREATE_NEW_CONSOLE, NULL, szCurrentFolder, &dbgStartupInfo, &dbgProcessInformation))
{
DebugAttachedToProcess = false;
DebugAttachedProcessCallBack = NULL;
RtlZeroMemory(&BreakPointBuffer, sizeof BreakPointBuffer);
std::vector<BreakPointDetail>().swap(BreakPointBuffer);
return(&dbgProcessInformation);
}
else
@ -79,7 +79,7 @@ __declspec(dllexport) void* TITCALL InitDebugW(wchar_t* szFileName, wchar_t* szC
{
DebugAttachedToProcess = false;
DebugAttachedProcessCallBack = NULL;
RtlZeroMemory(&BreakPointBuffer, sizeof BreakPointBuffer);
std::vector<BreakPointDetail>().swap(BreakPointBuffer);
return(&dbgProcessInformation);
}
else
@ -227,11 +227,11 @@ __declspec(dllexport) bool TITCALL StopDebug()
{
TerminateThread(dbgProcessInformation.hThread, NULL);
TerminateProcess(dbgProcessInformation.hProcess, NULL);
return(true);
return true;
}
else
{
return(false);
return false;
}
}
@ -244,7 +244,7 @@ __declspec(dllexport) bool TITCALL AttachDebugger(DWORD ProcessId, bool KillOnEx
if(ProcessId != NULL && dbgProcessInformation.hProcess == NULL)
{
RtlZeroMemory(&BreakPointBuffer, sizeof BreakPointBuffer);
std::vector<BreakPointDetail>().swap(BreakPointBuffer);
if(DebugActiveProcess(ProcessId))
{
if(KillOnExit)
@ -256,7 +256,7 @@ __declspec(dllexport) bool TITCALL AttachDebugger(DWORD ProcessId, bool KillOnEx
myDebugSetProcessKillOnExit(KillOnExit);
}
}
BreakPointSetCount = 0;
std::vector<BreakPointDetail>().swap(BreakPointBuffer);
DebugDebuggingDLL = false;
DebugAttachedToProcess = true;
DebugAttachedProcessCallBack = (ULONG_PTR)CallBack;
@ -265,14 +265,14 @@ __declspec(dllexport) bool TITCALL AttachDebugger(DWORD ProcessId, bool KillOnEx
DebugLoop();
DebugAttachedToProcess = false;
DebugAttachedProcessCallBack = NULL;
return(true);
return true;
}
}
else
{
return(false);
return false;
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL DetachDebugger(DWORD ProcessId)
@ -295,14 +295,14 @@ __declspec(dllexport) bool TITCALL DetachDebugger(DWORD ProcessId)
DebugAttachedToProcess = false;
if(FuncReturn)
{
return(true);
return true;
}
else
{
return(false);
return false;
}
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL DetachDebuggerEx(DWORD ProcessId)
@ -338,7 +338,7 @@ __declspec(dllexport) bool TITCALL DetachDebuggerEx(DWORD ProcessId)
}
else
{
return(false);
return false;
}
}

70
TitanEngine/TitanEngine.Dumper.cpp
View File

@ -64,7 +64,7 @@ __declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBas
{
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE);
return(false);
return false;
}
else
{
@ -92,7 +92,7 @@ __declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBas
{
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE);
return(false);
return false;
}
if(!FileIs64)
{
@ -176,14 +176,14 @@ __declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBas
EngineCloseHandle(hFile);
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE);
return(true);
return true;
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
EngineCloseHandle(hFile);
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE);
return(false);
return false;
}
}
else
@ -191,14 +191,14 @@ __declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBas
EngineCloseHandle(hFile);
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE);
return(false);
return false;
}
}
else
{
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE);
return(false);
return false;
}
}
}
@ -284,13 +284,13 @@ __declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBas
EngineCloseHandle(hFile);
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE);
return(true);
return true;
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE);
return(false);
return false;
}
}
else
@ -298,7 +298,7 @@ __declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBas
EngineCloseHandle(hFile);
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE);
return(false);
return false;
}
}
else
@ -306,7 +306,7 @@ __declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBas
EngineCloseHandle(hFile);
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE);
return(false);
return false;
}
}
}
@ -315,16 +315,16 @@ __declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBas
{
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE);
return(false);
return false;
}
}
else
{
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE);
return(false);
return false;
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL DumpProcessEx(DWORD ProcessId, LPVOID ImageBase, char* szDumpFileName, ULONG_PTR EntryPoint)
@ -339,7 +339,7 @@ __declspec(dllexport) bool TITCALL DumpProcessEx(DWORD ProcessId, LPVOID ImageBa
}
else
{
return(false);
return false;
}
}
@ -356,16 +356,16 @@ __declspec(dllexport) bool TITCALL DumpProcessExW(DWORD ProcessId, LPVOID ImageB
EngineCloseHandle(hProcess);
if(ReturnValue)
{
return(true);
return true;
}
else
{
return(false);
return false;
}
}
else
{
return(false);
return false;
}
}
@ -381,7 +381,7 @@ __declspec(dllexport) bool TITCALL DumpMemory(HANDLE hProcess, LPVOID MemoryStar
}
else
{
return(false);
return false;
}
}
@ -434,15 +434,15 @@ __declspec(dllexport) bool TITCALL DumpMemoryW(HANDLE hProcess, LPVOID MemorySta
}
EngineCloseHandle(hFile);
VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE);
return(true);
return true;
}
else
{
VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE);
return(false);
return false;
}
}
return(true);
return true;
}
__declspec(dllexport) bool TITCALL DumpMemoryEx(DWORD ProcessId, LPVOID MemoryStart, ULONG_PTR MemorySize, char* szDumpFileName)
@ -457,7 +457,7 @@ __declspec(dllexport) bool TITCALL DumpMemoryEx(DWORD ProcessId, LPVOID MemorySt
}
else
{
return(false);
return false;
}
}
@ -474,11 +474,11 @@ __declspec(dllexport) bool TITCALL DumpMemoryExW(DWORD ProcessId, LPVOID MemoryS
EngineCloseHandle(hProcess);
if(ReturnValue)
{
return(true);
return true;
}
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL DumpRegions(HANDLE hProcess, char* szDumpFolder, bool DumpAboveImageBaseOnly)
@ -493,7 +493,7 @@ __declspec(dllexport) bool TITCALL DumpRegions(HANDLE hProcess, char* szDumpFold
}
else
{
return(false);
return false;
}
}
@ -545,9 +545,9 @@ __declspec(dllexport) bool TITCALL DumpRegionsW(HANDLE hProcess, wchar_t* szDump
}
DumpAddress = DumpAddress + (ULONG_PTR)MemInfo.RegionSize;
}
return(true);
return true;
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL DumpRegionsEx(DWORD ProcessId, char* szDumpFolder, bool DumpAboveImageBaseOnly)
@ -562,7 +562,7 @@ __declspec(dllexport) bool TITCALL DumpRegionsEx(DWORD ProcessId, char* szDumpFo
}
else
{
return(false);
return false;
}
}
@ -579,11 +579,11 @@ __declspec(dllexport) bool TITCALL DumpRegionsExW(DWORD ProcessId, wchar_t* szDu
EngineCloseHandle(hProcess);
if(ReturnValue)
{
return(true);
return true;
}
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL DumpModule(HANDLE hProcess, LPVOID ModuleBase, char* szDumpFileName)
@ -598,7 +598,7 @@ __declspec(dllexport) bool TITCALL DumpModule(HANDLE hProcess, LPVOID ModuleBase
}
else
{
return(false);
return false;
}
}
@ -621,7 +621,7 @@ __declspec(dllexport) bool TITCALL DumpModuleW(HANDLE hProcess, LPVOID ModuleBas
}
}
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL DumpModuleEx(DWORD ProcessId, LPVOID ModuleBase, char* szDumpFileName)
@ -636,7 +636,7 @@ __declspec(dllexport) bool TITCALL DumpModuleEx(DWORD ProcessId, LPVOID ModuleBa
}
else
{
return(false);
return false;
}
}
@ -653,9 +653,9 @@ __declspec(dllexport) bool TITCALL DumpModuleExW(DWORD ProcessId, LPVOID ModuleB
EngineCloseHandle(hProcess);
if(ReturnValue)
{
return(true);
return true;
}
}
return(false);
return false;
}

14
TitanEngine/TitanEngine.Engine.Simplification.cpp
View File

@ -119,7 +119,7 @@ __declspec(dllexport) bool TITCALL EngineUnpackerSetBreakCondition(void* SearchS
if(SetBPX(fPatternLocation, UE_BREAKPOINT, &EngineSimplifyLoadLibraryCallBack))
{
EngineUnpackerBreakInfo.push_back(fUnpackerInformation);
return(true);
return true;
}
}
else if(BreakType == UE_UNPACKER_CONDITION_GETPROCADDRESS)
@ -127,7 +127,7 @@ __declspec(dllexport) bool TITCALL EngineUnpackerSetBreakCondition(void* SearchS
if(SetBPX(fPatternLocation, UE_BREAKPOINT, &EngineSimplifyGetProcAddressCallBack))
{
EngineUnpackerBreakInfo.push_back(fUnpackerInformation);
return(true);
return true;
}
}
else if(BreakType == UE_UNPACKER_CONDITION_ENTRYPOINTBREAK)
@ -135,7 +135,7 @@ __declspec(dllexport) bool TITCALL EngineUnpackerSetBreakCondition(void* SearchS
if(SetBPX(fPatternLocation, UE_BREAKPOINT, &EngineSimplifyGetProcAddressCallBack))
{
EngineUnpackerBreakInfo.push_back(fUnpackerInformation);
return(true);
return true;
}
}
else if(BreakType == UE_UNPACKER_CONDITION_RELOCSNAPSHOT1)
@ -144,7 +144,7 @@ __declspec(dllexport) bool TITCALL EngineUnpackerSetBreakCondition(void* SearchS
{
fUnpackerInformation.SnapShotNumber = 1;
EngineUnpackerBreakInfo.push_back(fUnpackerInformation);
return(true);
return true;
}
}
else if(BreakType == UE_UNPACKER_CONDITION_RELOCSNAPSHOT2)
@ -153,7 +153,7 @@ __declspec(dllexport) bool TITCALL EngineUnpackerSetBreakCondition(void* SearchS
{
fUnpackerInformation.SnapShotNumber = 2;
EngineUnpackerBreakInfo.push_back(fUnpackerInformation);
return(true);
return true;
}
}
else
@ -161,11 +161,11 @@ __declspec(dllexport) bool TITCALL EngineUnpackerSetBreakCondition(void* SearchS
if(SetBPX(fPatternLocation, fBreakPointType, (void*)BreakType))
{
EngineUnpackerBreakInfo.push_back(fUnpackerInformation);
return(true);
return true;
}
}
}
return(false);
return false;
}
__declspec(dllexport) void TITCALL EngineUnpackerSetEntryPointAddress(ULONG_PTR UnpackedEntryPointAddress)
{

18
TitanEngine/TitanEngine.Engine.cpp
View File

@ -96,7 +96,7 @@ __declspec(dllexport) bool TITCALL EngineCreateMissingDependenciesW(wchar_t* szF
else
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
if(LogCreatedFiles)
{
@ -216,15 +216,15 @@ __declspec(dllexport) bool TITCALL EngineCreateMissingDependenciesW(wchar_t* szF
}
}
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(true);
return true;
}
else
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL EngineFakeMissingDependencies(HANDLE hProcess)
{
@ -234,7 +234,7 @@ __declspec(dllexport) bool TITCALL EngineFakeMissingDependencies(HANDLE hProcess
SetAPIBreakPoint("ntdll.dll", "LdrLoadDll", UE_BREAKPOINT, UE_APIEND, (LPVOID)&EngineFakeLoadLibraryReturn);
SetAPIBreakPoint("ntdll.dll", "LdrGetProcedureAddress", UE_BREAKPOINT, UE_APIEND, (LPVOID)&EngineFakeGetProcAddressReturn);
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL EngineDeleteCreatedDependencies()
{
@ -269,9 +269,9 @@ __declspec(dllexport) bool TITCALL EngineDeleteCreatedDependencies()
VirtualFree(engineDependencyFiles, NULL, MEM_RELEASE);
engineDependencyFiles = NULL;
engineDependencyFilesCWP = NULL;
return(true);
return true;
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL EngineCreateUnpackerWindow(char* WindowUnpackerTitle, char* WindowUnpackerLongTitle, char* WindowUnpackerName, char* WindowUnpackerAuthor, void* StartUnpackingCallBack)
@ -285,11 +285,11 @@ __declspec(dllexport) bool TITCALL EngineCreateUnpackerWindow(char* WindowUnpack
lstrcpyA(szWindowUnpackerName, WindowUnpackerName);
if(DialogBoxParamA((HINSTANCE)engineHandle, MAKEINTRESOURCEA(IDD_MAINWINDOW), NULL, (DLGPROC)EngineWndProc, NULL) != -1)
{
return(true);
return true;
}
else
{
return(false);
return false;
}
}
__declspec(dllexport) void TITCALL EngineAddUnpackerWindowLogMessage(char* szLogMessage)

42
TitanEngine/TitanEngine.Exporter.cpp
View File

@ -75,7 +75,7 @@ __declspec(dllexport) bool TITCALL ExporterAddNewExport(char* szExportName, DWOR
{
if(expNameHashes[i] == NameHash)
{
return(true);
return true;
}
}
expExportAddress[expExportNumber] = ExportRelativeAddress;
@ -85,9 +85,9 @@ __declspec(dllexport) bool TITCALL ExporterAddNewExport(char* szExportName, DWOR
RtlMoveMemory(expTableDataCWP, szExportName, lstrlenA(szExportName));
expTableDataCWP = (LPVOID)((ULONG_PTR)expTableDataCWP + lstrlenA(szExportName) + 2);
expExportNumber++;
return(true);
return true;
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL ExporterAddNewOrdinalExport(DWORD OrdinalNumber, DWORD ExportRelativeAddress)
{
@ -119,15 +119,15 @@ __declspec(dllexport) bool TITCALL ExporterAddNewOrdinalExport(DWORD OrdinalNumb
wsprintfA(szExportFunctionName, "Func%d", expExportNumber + 1);
ExporterAddNewExport(szExportFunctionName, ExportRelativeAddress);
}
return(true);
return true;
}
else
{
return(true);
return true;
}
}
}
return(false);
return false;
}
__declspec(dllexport) long TITCALL ExporterGetAddedExportCount()
{
@ -212,7 +212,7 @@ __declspec(dllexport) bool TITCALL ExporterBuildExportTable(ULONG_PTR StorePlace
{
VirtualFree(expBuildExportData, NULL, MEM_RELEASE);
ExporterCleanup();
return(false);
return false;
}
if(FileMapVA != NULL)
@ -248,9 +248,9 @@ __declspec(dllexport) bool TITCALL ExporterBuildExportTable(ULONG_PTR StorePlace
}
VirtualFree(expBuildExportData, NULL, MEM_RELEASE);
ExporterCleanup();
return(true);
return true;
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL ExporterBuildExportTableEx(char* szExportFileName, char* szSectionName)
{
@ -264,7 +264,7 @@ __declspec(dllexport) bool TITCALL ExporterBuildExportTableEx(char* szExportFile
}
else
{
return(false);
return false;
}
}
__declspec(dllexport) bool TITCALL ExporterBuildExportTableExW(wchar_t* szExportFileName, char* szSectionName)
@ -288,21 +288,21 @@ __declspec(dllexport) bool TITCALL ExporterBuildExportTableExW(wchar_t* szExport
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
if(ReturnValue)
{
return(true);
return true;
}
else
{
return(false);
return false;
}
}
else
{
return(false);
return false;
}
}
else
{
return(false);
return false;
}
}
__declspec(dllexport) bool TITCALL ExporterLoadExportTable(char* szFileName)
@ -317,7 +317,7 @@ __declspec(dllexport) bool TITCALL ExporterLoadExportTable(char* szFileName)
}
else
{
return(false);
return false;
}
}
__declspec(dllexport) bool TITCALL ExporterLoadExportTableW(wchar_t* szFileName)
@ -360,7 +360,7 @@ __declspec(dllexport) bool TITCALL ExporterLoadExportTableW(wchar_t* szFileName)
else
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
if(!FileIs64)
{
@ -426,24 +426,24 @@ __declspec(dllexport) bool TITCALL ExporterLoadExportTableW(wchar_t* szFileName)
ExportedFunctions = (PEXPORTED_DATA)((ULONG_PTR)ExportedFunctions + 4);
}
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(true);
return true;
}
else
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
}
else
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
}
else
{
return(false);
return false;
}
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}

22
TitanEngine/TitanEngine.Handler.cpp
View File

@ -92,10 +92,10 @@ __declspec(dllexport) bool TITCALL HandlerIsHandleOpen(DWORD ProcessId, HANDLE h
VirtualFree(QuerySystemBuffer, NULL, MEM_RELEASE);
if(HandleActive)
{
return(true);
return true;
}
}
return(false);
return false;
}
__declspec(dllexport) void* TITCALL HandlerGetHandleName(HANDLE hProcess, DWORD ProcessId, HANDLE hHandle, bool TranslateName)
{
@ -453,7 +453,7 @@ __declspec(dllexport) bool TITCALL HandlerCloseRemoteHandle(HANDLE hProcess, HAN
DuplicateHandle(hProcess, hHandle, GetCurrentProcess(), &myHandle, NULL, false, DUPLICATE_CLOSE_SOURCE);
EngineCloseHandle(myHandle);
}
return(false);
return false;
}
__declspec(dllexport) long TITCALL HandlerEnumerateLockHandles(char* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated, LPVOID HandleDataBuffer, DWORD MaxHandleCount)
{
@ -595,7 +595,7 @@ __declspec(dllexport) bool TITCALL HandlerCloseAllLockHandles(char* szFileOrFold
}
else
{
return(false);
return false;
}
}
__declspec(dllexport) bool TITCALL HandlerCloseAllLockHandlesW(wchar_t* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated)
@ -704,16 +704,16 @@ __declspec(dllexport) bool TITCALL HandlerCloseAllLockHandlesW(wchar_t* szFileOr
VirtualFree(HandleFullName, NULL, MEM_RELEASE);
if(AllHandled)
{
return(true);
return true;
}
else
{
return(false);
return false;
}
}
VirtualFree(ObjectNameInfo, NULL, MEM_RELEASE);
VirtualFree(HandleFullName, NULL, MEM_RELEASE);
return(false);
return false;
}
__declspec(dllexport) bool TITCALL HandlerIsFileLocked(char* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated)
{
@ -727,7 +727,7 @@ __declspec(dllexport) bool TITCALL HandlerIsFileLocked(char* szFileOrFolderName,
}
else
{
return(false);
return false;
}
}
__declspec(dllexport) bool TITCALL HandlerIsFileLockedW(wchar_t* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated)
@ -821,7 +821,7 @@ __declspec(dllexport) bool TITCALL HandlerIsFileLockedW(wchar_t* szFileOrFolderN
VirtualFree(QuerySystemBuffer, NULL, MEM_RELEASE);
VirtualFree(HandleFullName, NULL, MEM_RELEASE);
EngineCloseHandle(myHandle);
return(true);
return true;
}
}
EngineCloseHandle(myHandle);
@ -834,11 +834,11 @@ __declspec(dllexport) bool TITCALL HandlerIsFileLockedW(wchar_t* szFileOrFolderN
VirtualFree(ObjectNameInfo, NULL, MEM_RELEASE);
VirtualFree(QuerySystemBuffer, NULL, MEM_RELEASE);
VirtualFree(HandleFullName, NULL, MEM_RELEASE);
return(false);
return false;
}
VirtualFree(ObjectNameInfo, NULL, MEM_RELEASE);
VirtualFree(HandleFullName, NULL, MEM_RELEASE);
return(false);
return false;
}
// TitanEngine.Handler[Mutex].functions:
__declspec(dllexport) long TITCALL HandlerEnumerateOpenMutexes(HANDLE hProcess, DWORD ProcessId, LPVOID HandleBuffer, DWORD MaxHandleCount)

88
TitanEngine/TitanEngine.Hooks.cpp
View File

@ -22,7 +22,7 @@ static bool ProcessHookScanAddNewHook(PHOOK_ENTRY HookDetails, void* ptrOriginal
RtlMoveMemory(&MyhookEntry, HookDetails, sizeof HOOK_ENTRY);
hookEntry.push_back(MyhookEntry);
return(true);
return true;
}
// Global.Engine.Hook.functions:
@ -86,15 +86,15 @@ __declspec(dllexport) bool TITCALL HooksSafeTransitionEx(LPVOID HookAddressArray
VirtualFree(hListThread, NULL, MEM_RELEASE);
hListThread = NULL;
}
return(true);
return true;
}
}
else
{
return(false);
return false;
}
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL HooksSafeTransition(LPVOID HookAddress, bool TransitionStart)
{
@ -111,10 +111,10 @@ __declspec(dllexport) bool TITCALL HooksIsAddressRedirected(LPVOID HookAddress)
{
if(hookEntry[i].HookAddress == HookAddress && hookEntry[i].IATHook == false && hookEntry[i].HookIsEnabled == true)
{
return(true);
return true;
}
}
return(false);
return false;
}
__declspec(dllexport) void* TITCALL HooksGetTrampolineAddress(LPVOID HookAddress)
{
@ -243,11 +243,11 @@ __declspec(dllexport) bool TITCALL HooksInsertNewRedirection(LPVOID HookAddress,
returnData = HooksInsertNewRedirection(HookAddress, RedirectTo, HookType);
if(returnData)
{
return(true);
return true;
}
else
{
return(false);
return false;
}
}
}
@ -382,7 +382,7 @@ __declspec(dllexport) bool TITCALL HooksInsertNewRedirection(LPVOID HookAddress,
RtlMoveMemory(&myHook.HookBytes[0], HookAddress, TEE_MAXIMUM_HOOK_SIZE);
VirtualProtect(HookAddress, TEE_MAXIMUM_HOOK_SIZE, OldProtect, &OldProtect);
hookEntry.push_back(myHook);
return(true);
return true;
}
#else
if(VirtualProtect(HookAddress, TEE_MAXIMUM_HOOK_SIZE, PAGE_EXECUTE_READWRITE, &OldProtect))
@ -394,7 +394,7 @@ __declspec(dllexport) bool TITCALL HooksInsertNewRedirection(LPVOID HookAddress,
RtlMoveMemory(&myHook.HookBytes[0], HookAddress, TEE_MAXIMUM_HOOK_SIZE);
VirtualProtect(HookAddress, TEE_MAXIMUM_HOOK_SIZE, OldProtect, &OldProtect);
hookEntry.push_back(myHook);
return(true);
return true;
}
#endif
}
@ -409,7 +409,7 @@ __declspec(dllexport) bool TITCALL HooksInsertNewRedirection(LPVOID HookAddress,
RtlMoveMemory(&myHook.HookBytes[0], HookAddress, TEE_MAXIMUM_HOOK_SIZE);
VirtualProtect(HookAddress, TEE_MAXIMUM_HOOK_SIZE, OldProtect, &OldProtect);
hookEntry.push_back(myHook);
return(true);
return true;
}
#else
if(VirtualProtect(HookAddress, TEE_MAXIMUM_HOOK_SIZE, PAGE_EXECUTE_READWRITE, &OldProtect))
@ -421,12 +421,12 @@ __declspec(dllexport) bool TITCALL HooksInsertNewRedirection(LPVOID HookAddress,
RtlMoveMemory(&myHook.HookBytes[0], HookAddress, TEE_MAXIMUM_HOOK_SIZE);
VirtualProtect(HookAddress, TEE_MAXIMUM_HOOK_SIZE, OldProtect, &OldProtect);
hookEntry.push_back(myHook);
return(true);
return true;
}
#endif
}
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL HooksInsertNewIATRedirectionEx(ULONG_PTR FileMapVA, ULONG_PTR LoadedModuleBase, char* szHookFunction, LPVOID RedirectTo)
{
@ -466,7 +466,7 @@ __declspec(dllexport) bool TITCALL HooksInsertNewIATRedirectionEx(ULONG_PTR File
}
else
{
return(false);
return false;
}
if(!FileIs64)
{
@ -509,11 +509,11 @@ __declspec(dllexport) bool TITCALL HooksInsertNewIATRedirectionEx(ULONG_PTR File
}
ImportIID = (PIMAGE_IMPORT_DESCRIPTOR)((ULONG_PTR)ImportIID + sizeof IMAGE_IMPORT_DESCRIPTOR);
}
return(true);
return true;
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
return(false);
return false;
}
}
}
@ -558,25 +558,25 @@ __declspec(dllexport) bool TITCALL HooksInsertNewIATRedirectionEx(ULONG_PTR File
}
ImportIID = (PIMAGE_IMPORT_DESCRIPTOR)((ULONG_PTR)ImportIID + sizeof IMAGE_IMPORT_DESCRIPTOR);
}
return(true);
return true;
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
return(false);
return false;
}
}
}
}
else
{
return(false);
return false;
}
}
else
{
return(false);
return false;
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL HooksInsertNewIATRedirection(char* szModuleName, char* szHookFunction, LPVOID RedirectTo)
{
@ -597,7 +597,7 @@ __declspec(dllexport) bool TITCALL HooksInsertNewIATRedirection(char* szModuleNa
if(HooksInsertNewIATRedirectionEx(FileMapVA, (ULONG_PTR)SelectedModule, szHookFunction, RedirectTo))
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(true);
return true;
}
else
{
@ -605,7 +605,7 @@ __declspec(dllexport) bool TITCALL HooksInsertNewIATRedirection(char* szModuleNa
}
}
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL HooksRemoveRedirection(LPVOID HookAddress, bool RemoveAll)
{
@ -623,11 +623,11 @@ __declspec(dllexport) bool TITCALL HooksRemoveRedirection(LPVOID HookAddress, bo
RtlMoveMemory(HookAddress, &hookEntry[i].OriginalBytes, hookEntry[i].HookSize);
VirtualProtect(HookAddress, TEE_MAXIMUM_HOOK_SIZE, OldProtect, &OldProtect);
hookEntry.erase(hookEntry.begin() + i);
return(true);
return true;
}
}
}
return(false);
return false;
}
else
{
@ -640,7 +640,7 @@ __declspec(dllexport) bool TITCALL HooksRemoveRedirection(LPVOID HookAddress, bo
}
}
hookEntry.clear();
return(true);
return true;
}
}
__declspec(dllexport) bool TITCALL HooksRemoveRedirectionsForModule(HMODULE ModuleBase)
@ -669,14 +669,14 @@ __declspec(dllexport) bool TITCALL HooksRemoveRedirectionsForModule(HMODULE Modu
}
if(j == NULL)
{
return(false);
return false;
}
}
else
{
return(false);
return false;
}
return(true);
return true;
}
__declspec(dllexport) bool TITCALL HooksRemoveIATRedirection(char* szModuleName, char* szHookFunction, bool RemoveAll)
{
@ -702,7 +702,7 @@ __declspec(dllexport) bool TITCALL HooksRemoveIATRedirection(char* szModuleName,
i--;
}
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL HooksDisableRedirection(LPVOID HookAddress, bool DisableAll)
{
@ -720,11 +720,11 @@ __declspec(dllexport) bool TITCALL HooksDisableRedirection(LPVOID HookAddress, b
RtlMoveMemory(HookAddress, &hookEntry[i].OriginalBytes, hookEntry[i].HookSize);
VirtualProtect(HookAddress, TEE_MAXIMUM_HOOK_SIZE, OldProtect, &OldProtect);
hookEntry[i].HookIsEnabled = false;
return(true);
return true;
}
}
}
return(false);
return false;
}
else
{
@ -737,7 +737,7 @@ __declspec(dllexport) bool TITCALL HooksDisableRedirection(LPVOID HookAddress, b
hookEntry[i].HookIsEnabled = false;
}
}
return(true);
return true;
}
}
__declspec(dllexport) bool TITCALL HooksDisableRedirectionsForModule(HMODULE ModuleBase)
@ -766,14 +766,14 @@ __declspec(dllexport) bool TITCALL HooksDisableRedirectionsForModule(HMODULE Mod
}
if(j == NULL)
{
return(false);
return false;
}
}
else
{
return(false);
return false;
}
return(true);
return true;
}
__declspec(dllexport) bool TITCALL HooksDisableIATRedirection(char* szModuleName, char* szHookFunction, bool DisableAll)
{
@ -802,7 +802,7 @@ __declspec(dllexport) bool TITCALL HooksDisableIATRedirection(char* szModuleName
i--;
}
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL HooksEnableRedirection(LPVOID HookAddress, bool EnableAll)
{
@ -820,11 +820,11 @@ __declspec(dllexport) bool TITCALL HooksEnableRedirection(LPVOID HookAddress, bo
RtlMoveMemory(HookAddress, &hookEntry[i].HookBytes, hookEntry[i].HookSize);
VirtualProtect(HookAddress, TEE_MAXIMUM_HOOK_SIZE, OldProtect, &OldProtect);
hookEntry[i].HookIsEnabled = true;
return(true);
return true;
}
}
}
return(false);
return false;
}
else
{
@ -837,7 +837,7 @@ __declspec(dllexport) bool TITCALL HooksEnableRedirection(LPVOID HookAddress, bo
hookEntry[i].HookIsEnabled = true;
}
}
return(true);
return true;
}
}
__declspec(dllexport) bool TITCALL HooksEnableRedirectionsForModule(HMODULE ModuleBase)
@ -866,14 +866,14 @@ __declspec(dllexport) bool TITCALL HooksEnableRedirectionsForModule(HMODULE Modu
}
if(j == NULL)
{
return(false);
return false;
}
}
else
{
return(false);
return false;
}
return(true);
return true;
}
__declspec(dllexport) bool TITCALL HooksEnableIATRedirection(char* szModuleName, char* szHookFunction, bool EnableAll)
{
@ -902,7 +902,7 @@ __declspec(dllexport) bool TITCALL HooksEnableIATRedirection(char* szModuleName,
i--;
}
}
return(false);
return false;
}
__declspec(dllexport) void TITCALL HooksScanModuleMemory(HMODULE ModuleBase, LPVOID CallBack)
{

38
TitanEngine/TitanEngine.Importer.cpp
View File

@ -73,7 +73,7 @@ __declspec(dllexport) bool TITCALL ImporterExportIATEx(char* szDumpFileName, cha
}
else
{
return(false);
return false;
}
}
__declspec(dllexport) bool TITCALL ImporterExportIATExW(wchar_t* szDumpFileName, wchar_t* szExportFileName, wchar_t* szSectionName)
@ -271,11 +271,11 @@ __declspec(dllexport) bool TITCALL ImporterIsForwardedAPI(HANDLE hProcess, ULONG
{
if((ULONG_PTR)EngineGlobalAPIHandler(hProcess, NULL, APIAddress, NULL, UE_OPTION_IMPORTER_RETURN_FORWARDER_DLLINDEX) > NULL)
{
return(true);
return true;
}
else
{
return(false);
return false;
}
}
__declspec(dllexport) void* TITCALL ImporterGetForwardedAPIName(HANDLE hProcess, ULONG_PTR APIAddress)
@ -316,7 +316,7 @@ __declspec(dllexport) bool TITCALL ImporterCopyOriginalIAT(char* szOriginalFile,
}
else
{
return(false);
return false;
}
}
__declspec(dllexport) bool TITCALL ImporterCopyOriginalIATW(wchar_t* szOriginalFile, wchar_t* szDumpFile)
@ -362,7 +362,7 @@ __declspec(dllexport) bool TITCALL ImporterCopyOriginalIATW(wchar_t* szOriginalF
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
UnMapFileEx(FileHandle1, FileSize1, FileMap1, FileMapVA1);
return(false);
return false;
}
if(!FileIs64)
{
@ -388,13 +388,13 @@ __declspec(dllexport) bool TITCALL ImporterCopyOriginalIATW(wchar_t* szOriginalF
SetPE32DataForMappedFile(FileMapVA1, NULL, UE_IMPORTTABLESIZE, (ULONG_PTR)IATHeaderData);
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
UnMapFileEx(FileHandle1, FileSize1, FileMap1, FileMapVA1);
return(true);
return true;
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
UnMapFileEx(FileHandle1, FileSize1, FileMap1, FileMapVA1);
return(false);
return false;
}
}
}
@ -403,7 +403,7 @@ __declspec(dllexport) bool TITCALL ImporterCopyOriginalIATW(wchar_t* szOriginalF
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL ImporterLoadImportTable(char* szFileName)
{
@ -417,7 +417,7 @@ __declspec(dllexport) bool TITCALL ImporterLoadImportTable(char* szFileName)
}
else
{
return(false);
return false;
}
}
__declspec(dllexport) bool TITCALL ImporterLoadImportTableW(wchar_t* szFileName)
@ -456,7 +456,7 @@ __declspec(dllexport) bool TITCALL ImporterLoadImportTableW(wchar_t* szFileName)
else
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
if(!FileIs64)
{
@ -495,13 +495,13 @@ __declspec(dllexport) bool TITCALL ImporterLoadImportTableW(wchar_t* szFileName)
ImportIID = (PIMAGE_IMPORT_DESCRIPTOR)((ULONG_PTR)ImportIID + sizeof IMAGE_IMPORT_DESCRIPTOR);
}
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(true);
return true;
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
ImporterCleanup();
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
}
}
@ -542,13 +542,13 @@ __declspec(dllexport) bool TITCALL ImporterLoadImportTableW(wchar_t* szFileName)
ImportIID = (PIMAGE_IMPORT_DESCRIPTOR)((ULONG_PTR)ImportIID + sizeof IMAGE_IMPORT_DESCRIPTOR);
}
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(true);
return true;
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
ImporterCleanup();
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
}
}
@ -556,15 +556,15 @@ __declspec(dllexport) bool TITCALL ImporterLoadImportTableW(wchar_t* szFileName)
else
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
}
else
{
return(false);
return false;
}
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
*/
}
__declspec(dllexport) bool TITCALL ImporterMoveOriginalIAT(char* szOriginalFile, char* szDumpFile, char* szSectionName)
@ -574,7 +574,7 @@ __declspec(dllexport) bool TITCALL ImporterMoveOriginalIAT(char* szOriginalFile,
{
return(ImporterExportIATEx(szDumpFile, szSectionName));
}*/
return(false);
return false;
}
__declspec(dllexport) bool TITCALL ImporterMoveOriginalIATW(wchar_t* szOriginalFile, wchar_t* szDumpFile, char* szSectionName)
{
@ -583,7 +583,7 @@ __declspec(dllexport) bool TITCALL ImporterMoveOriginalIATW(wchar_t* szOriginalF
{
return(ImporterExportIATExW(szDumpFile, szSectionName));
}*/
return(false);
return false;
}
__declspec(dllexport) void TITCALL ImporterAutoSearchIAT(DWORD ProcessId, char* szFileName, ULONG_PTR SearchStart, LPVOID pIATStart, LPVOID pIATSize)
{

24
TitanEngine/TitanEngine.Injector.cpp
View File

@ -15,7 +15,7 @@ __declspec(dllexport) bool TITCALL RemoteLoadLibrary(HANDLE hProcess, char* szLi
}
else
{
return(false);
return false;
}
}
__declspec(dllexport) bool TITCALL RemoteLoadLibraryW(HANDLE hProcess, wchar_t* szLibraryFile, bool WaitForThreadExit)
@ -68,7 +68,7 @@ __declspec(dllexport) bool TITCALL RemoteLoadLibraryW(HANDLE hProcess, wchar_t*
{
if(ExitCode == NULL)
{
return(false);
return false;
}
}
}
@ -86,7 +86,7 @@ __declspec(dllexport) bool TITCALL RemoteLoadLibraryW(HANDLE hProcess, wchar_t*
engineReservedMemoryProcess = hProcess;
ThreaderSetCallBackForNextExitThreadEvent((LPVOID)&injectedTerminator);
}
return(true);
return true;
}
else
{
@ -94,7 +94,7 @@ __declspec(dllexport) bool TITCALL RemoteLoadLibraryW(HANDLE hProcess, wchar_t*
VirtualFreeEx(hProcess, remStringData, NULL, MEM_RELEASE);
}
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL RemoteFreeLibrary(HANDLE hProcess, HMODULE hModule, char* szLibraryFile, bool WaitForThreadExit)
{
@ -108,7 +108,7 @@ __declspec(dllexport) bool TITCALL RemoteFreeLibrary(HANDLE hProcess, HMODULE hM
}
else
{
return(false);
return false;
}
}
__declspec(dllexport) bool TITCALL RemoteFreeLibraryW(HANDLE hProcess, HMODULE hModule, wchar_t* szLibraryFile, bool WaitForThreadExit)
@ -165,7 +165,7 @@ __declspec(dllexport) bool TITCALL RemoteFreeLibraryW(HANDLE hProcess, HMODULE h
{
if(ExitCode == NULL)
{
return(false);
return false;
}
}
}
@ -183,7 +183,7 @@ __declspec(dllexport) bool TITCALL RemoteFreeLibraryW(HANDLE hProcess, HMODULE h
engineReservedMemoryProcess = hProcess;
ThreaderSetCallBackForNextExitThreadEvent((LPVOID)&injectedTerminator);
}
return(true);
return true;
}
else
{
@ -211,7 +211,7 @@ __declspec(dllexport) bool TITCALL RemoteFreeLibraryW(HANDLE hProcess, HMODULE h
{
if(ExitCode == NULL)
{
return(false);
return false;
}
}
}
@ -229,7 +229,7 @@ __declspec(dllexport) bool TITCALL RemoteFreeLibraryW(HANDLE hProcess, HMODULE h
engineReservedMemoryProcess = hProcess;
ThreaderSetCallBackForNextExitThreadEvent((LPVOID)&injectedTerminator);
}
return(true);
return true;
}
else
{
@ -238,7 +238,7 @@ __declspec(dllexport) bool TITCALL RemoteFreeLibraryW(HANDLE hProcess, HMODULE h
}
}
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL RemoteExitProcess(HANDLE hProcess, DWORD ExitCode)
{
@ -268,7 +268,7 @@ __declspec(dllexport) bool TITCALL RemoteExitProcess(HANDLE hProcess, DWORD Exit
WriteProcessMemory(hProcess, remStringData, &APIData, sizeof InjectCodeData, &NumberOfBytesWritten);
hThread = CreateRemoteThread(hProcess, NULL, NULL, (LPTHREAD_START_ROUTINE)remCodeData, remStringData, NULL, &ThreadId);
VirtualFreeEx(hProcess, remCodeData, NULL, MEM_RELEASE);
return(true);
return true;
}
else
{
@ -276,5 +276,5 @@ __declspec(dllexport) bool TITCALL RemoteExitProcess(HANDLE hProcess, DWORD Exit
VirtualFreeEx(hProcess, remStringData, NULL, MEM_RELEASE);
}
}
return(false);
return false;
}

8
TitanEngine/TitanEngine.Librarian.cpp
View File

@ -20,9 +20,9 @@ __declspec(dllexport) bool TITCALL LibrarianSetBreakPoint(char* szLibraryName, D
ptrLibrarianData->bpxCallBack = bpxCallBack;
ptrLibrarianData->bpxSingleShoot = SingleShoot;
ptrLibrarianData->bpxType = bpxType;
return(true);
return true;
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL LibrarianRemoveBreakPoint(char* szLibraryName, DWORD bpxType)
@ -45,9 +45,9 @@ __declspec(dllexport) bool TITCALL LibrarianRemoveBreakPoint(char* szLibraryName
ptrLibrarianData = (PLIBRARY_BREAK_DATA)((ULONG_PTR)ptrLibrarianData + sizeof LIBRARY_BREAK_DATA);
i--;
}
return(true);
return true;
}
return(false);
return false;
}
__declspec(dllexport) void* TITCALL LibrarianGetLibraryInfo(char* szLibraryName)

4
TitanEngine/TitanEngine.OEPFinder.cpp
View File

@ -19,7 +19,7 @@ __declspec(dllexport) bool TITCALL FindOEPGenerically(char* szFileName, LPVOID T
}
else
{
return(false);
return false;
}
}
__declspec(dllexport) bool TITCALL FindOEPGenericallyW(wchar_t* szFileName, LPVOID TraceInitCallBack, LPVOID CallBack)
@ -36,5 +36,5 @@ __declspec(dllexport) bool TITCALL FindOEPGenericallyW(wchar_t* szFileName, LPVO
VirtualFree(glbEntryTracerData.SectionData[i].AllocatedSection, NULL, MEM_RELEASE);
}
}
return(false);
return false;
}

216
TitanEngine/TitanEngine.PE.Data.cpp
View File

@ -406,7 +406,7 @@ __declspec(dllexport) bool TITCALL GetPE32DataFromMappedFileEx(ULONG_PTR FileMap
}
else
{
return(false);
return false;
}
if(!FileIs64)
{
@ -436,7 +436,7 @@ __declspec(dllexport) bool TITCALL GetPE32DataFromMappedFileEx(ULONG_PTR FileMap
PE32Structure->SubSystem = PEHeader32->OptionalHeader.Subsystem;
PE32Structure->Characteristics = PEHeader32->FileHeader.Characteristics;
PE32Structure->NumberOfRvaAndSizes = PEHeader32->OptionalHeader.NumberOfRvaAndSizes;
return(true);
return true;
}
else
{
@ -466,15 +466,15 @@ __declspec(dllexport) bool TITCALL GetPE32DataFromMappedFileEx(ULONG_PTR FileMap
PE64Structure->SubSystem = PEHeader64->OptionalHeader.Subsystem;
PE64Structure->Characteristics = PEHeader64->FileHeader.Characteristics;
PE64Structure->NumberOfRvaAndSizes = PEHeader64->OptionalHeader.NumberOfRvaAndSizes;
return(true);
return true;
}
}
else
{
return(false);
return false;
}
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL GetPE32DataEx(char* szFileName, LPVOID DataStorage)
{
@ -491,16 +491,16 @@ __declspec(dllexport) bool TITCALL GetPE32DataEx(char* szFileName, LPVOID DataSt
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
if(ReturnValue)
{
return(true);
return true;
}
else
{
return(false);
return false;
}
}
else
{
return(false);
return false;
}
}
__declspec(dllexport) bool TITCALL GetPE32DataExW(wchar_t* szFileName, LPVOID DataStorage)
@ -518,16 +518,16 @@ __declspec(dllexport) bool TITCALL GetPE32DataExW(wchar_t* szFileName, LPVOID Da
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
if(ReturnValue)
{
return(true);
return true;
}
else
{
return(false);
return false;
}
}
else
{
return(false);
return false;
}
}
__declspec(dllexport) bool TITCALL SetPE32DataForMappedFile(ULONG_PTR FileMapVA, DWORD WhichSection, DWORD WhichData, ULONG_PTR NewDataValue)
@ -557,7 +557,7 @@ __declspec(dllexport) bool TITCALL SetPE32DataForMappedFile(ULONG_PTR FileMapVA,
}
else
{
return(false);
return false;
}
if(!FileIs64)
{
@ -570,131 +570,131 @@ __declspec(dllexport) bool TITCALL SetPE32DataForMappedFile(ULONG_PTR FileMapVA,
if(WhichData == UE_PE_OFFSET)
{
DOSHeader->e_lfanew = (DWORD)NewDataValue;
return(true);
return true;
}
else if(WhichData == UE_IMAGEBASE)
{
PEHeader32->OptionalHeader.ImageBase = (DWORD)NewDataValue;
return(true);
return true;
}
else if(WhichData == UE_OEP)
{
PEHeader32->OptionalHeader.AddressOfEntryPoint = (DWORD)NewDataValue;
return(true);
return true;
}
else if(WhichData == UE_BASEOFCODE)
{
PEHeader32->OptionalHeader.BaseOfCode = (DWORD)NewDataValue;
return(true);
return true;
}
else if(WhichData == UE_BASEOFDATA)
{
PEHeader32->OptionalHeader.BaseOfData = (DWORD)NewDataValue;
return(true);
return true;
}
else if(WhichData == UE_SIZEOFIMAGE)
{
PEHeader32->OptionalHeader.SizeOfImage = (DWORD)NewDataValue;
return(true);
return true;
}
else if(WhichData == UE_SIZEOFHEADERS)
{
PEHeader32->OptionalHeader.SizeOfHeaders = (DWORD)NewDataValue;
return(true);
return true;
}
else if(WhichData == UE_SIZEOFOPTIONALHEADER)
{
PEHeader32->FileHeader.SizeOfOptionalHeader = (WORD)NewDataValue;
return(true);
return true;
}
else if(WhichData == UE_SECTIONALIGNMENT)
{
PEHeader32->OptionalHeader.SectionAlignment = (WORD)NewDataValue;
return(true);
return true;
}
else if(WhichData == UE_IMPORTTABLEADDRESS)
{
PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress = (DWORD)NewDataValue;
return(true);
return true;
}
else if(WhichData == UE_IMPORTTABLESIZE)
{
PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].Size = (DWORD)NewDataValue;
return(true);
return true;
}
else if(WhichData == UE_RESOURCETABLEADDRESS)
{
PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_RESOURCE].VirtualAddress = (DWORD)NewDataValue;
return(true);
return true;
}
else if(WhichData == UE_RESOURCETABLESIZE)
{
PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_RESOURCE].Size = (DWORD)NewDataValue;
return(true);
return true;
}
else if(WhichData == UE_EXPORTTABLEADDRESS)
{
PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress = (DWORD)NewDataValue;
return(true);
return true;
}
else if(WhichData == UE_EXPORTTABLESIZE)
{
PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size = (DWORD)NewDataValue;
return(true);
return true;
}
else if(WhichData == UE_TLSTABLEADDRESS)
{
PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress = (DWORD)NewDataValue;
return(true);
return true;
}
else if(WhichData == UE_TLSTABLESIZE)
{
PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].Size = (DWORD)NewDataValue;
return(true);
return true;
}
else if(WhichData == UE_RELOCATIONTABLEADDRESS)
{
PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress = (DWORD)NewDataValue;
return(true);
return true;
}
else if(WhichData == UE_RELOCATIONTABLESIZE)
{
PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size = (DWORD)NewDataValue;
return(true);
return true;
}
else if(WhichData == UE_TIMEDATESTAMP)
{
PEHeader32->FileHeader.TimeDateStamp = (DWORD)NewDataValue;
return(true);
return true;
}
else if(WhichData == UE_SECTIONNUMBER)
{
PEHeader32->FileHeader.NumberOfSections = (WORD)NewDataValue;
return(true);
return true;
}
else if(WhichData == UE_CHECKSUM)
{
PEHeader32->OptionalHeader.CheckSum = (DWORD)NewDataValue;
return(true);
return true;
}
else if(WhichData == UE_SUBSYSTEM)
{
PEHeader32->OptionalHeader.Subsystem = (WORD)NewDataValue;
return(true);
return true;
}
else if(WhichData == UE_CHARACTERISTICS)
{
PEHeader32->FileHeader.Characteristics = (WORD)NewDataValue;
return(true);
return true;
}
else if(WhichData == UE_NUMBEROFRVAANDSIZES)
{
PEHeader32->OptionalHeader.NumberOfRvaAndSizes = (DWORD)NewDataValue;
return(true);
return true;
}
else
{
return(false);
return false;
}
}
else
@ -705,45 +705,45 @@ __declspec(dllexport) bool TITCALL SetPE32DataForMappedFile(ULONG_PTR FileMapVA,
if(WhichData == UE_SECTIONNAME)
{
memcpy(PESections->Name, (void*)NewDataValue, 8);
return(true);
return true;
}
else if(WhichData == UE_SECTIONVIRTUALOFFSET)
{
PESections->VirtualAddress = (DWORD)NewDataValue;
return(true);
return true;
}
else if(WhichData == UE_SECTIONVIRTUALSIZE)
{
PESections->Misc.VirtualSize = (DWORD)NewDataValue;
return(true);
return true;
}
else if(WhichData == UE_SECTIONRAWOFFSET)
{
PESections->PointerToRawData = (DWORD)NewDataValue;
return(true);
return true;
}
else if(WhichData == UE_SECTIONRAWSIZE)
{
PESections->SizeOfRawData = (DWORD)NewDataValue;
return(true);
return true;
}
else if(WhichData == UE_SECTIONFLAGS)
{
PESections->Characteristics = (DWORD)NewDataValue;
return(true);
return true;
}
else
{
return(false);
return false;
}
}
}
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
return(false);
return false;
}
return(false);
return false;
}
else
{
@ -756,127 +756,127 @@ __declspec(dllexport) bool TITCALL SetPE32DataForMappedFile(ULONG_PTR FileMapVA,
if(WhichData == UE_PE_OFFSET)
{
DOSHeader->e_lfanew = (DWORD)NewDataValue;
return(true);
return true;
}
else if(WhichData == UE_IMAGEBASE)
{
PEHeader64->OptionalHeader.ImageBase = NewDataValue;
return(true);
return true;
}
else if(WhichData == UE_OEP)
{
PEHeader64->OptionalHeader.AddressOfEntryPoint = (DWORD)NewDataValue;
return(true);
return true;
}
else if(WhichData == UE_BASEOFCODE)
{
PEHeader64->OptionalHeader.BaseOfCode = (DWORD)NewDataValue;
return(true);
return true;
}
else if(WhichData == UE_BASEOFDATA)
{
//non-existant in IMAGE_OPTIONAL_HEADER64
return(false);
return false;
}
else if(WhichData == UE_SIZEOFIMAGE)
{
PEHeader64->OptionalHeader.SizeOfImage = (DWORD)NewDataValue;
return(true);
return true;
}
else if(WhichData == UE_SIZEOFHEADERS)
{
PEHeader64->OptionalHeader.SizeOfHeaders = (DWORD)NewDataValue;
return(true);
return true;
}
else if(WhichData == UE_SIZEOFOPTIONALHEADER)
{
PEHeader64->FileHeader.SizeOfOptionalHeader = (WORD)NewDataValue;
return(true);
return true;
}
else if(WhichData == UE_SECTIONALIGNMENT)
{
PEHeader64->OptionalHeader.SectionAlignment = (DWORD)NewDataValue;
return(true);
return true;
}
else if(WhichData == UE_IMPORTTABLEADDRESS)
{
PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress = (DWORD)NewDataValue;
return(true);
return true;
}
else if(WhichData == UE_IMPORTTABLESIZE)
{
PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].Size = (DWORD)NewDataValue;
return(true);
return true;
}
else if(WhichData == UE_RESOURCETABLEADDRESS)
{
PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_RESOURCE].VirtualAddress = (DWORD)NewDataValue;
return(true);
return true;
}
else if(WhichData == UE_RESOURCETABLESIZE)
{
PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_RESOURCE].Size = (DWORD)NewDataValue;
return(true);
return true;
}
else if(WhichData == UE_EXPORTTABLEADDRESS)
{
PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress = (DWORD)NewDataValue;
return(true);
return true;
}
else if(WhichData == UE_EXPORTTABLESIZE)
{
PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size = (DWORD)NewDataValue;
return(true);
return true;
}
else if(WhichData == UE_TLSTABLEADDRESS)
{
PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress = (DWORD)NewDataValue;
return(true);
return true;
}
else if(WhichData == UE_TLSTABLESIZE)
{
PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].Size = (DWORD)NewDataValue;
return(true);
return true;
}
else if(WhichData == UE_RELOCATIONTABLEADDRESS)
{
PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress = (DWORD)NewDataValue;
return(true);
return true;
}
else if(WhichData == UE_RELOCATIONTABLESIZE)
{
PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size = (DWORD)NewDataValue;
return(true);
return true;
}
else if(WhichData == UE_TIMEDATESTAMP)
{
PEHeader64->FileHeader.TimeDateStamp = (DWORD)NewDataValue;
return(true);
return true;
}
else if(WhichData == UE_SECTIONNUMBER)
{
PEHeader64->FileHeader.NumberOfSections = (WORD)NewDataValue;
return(true);
return true;
}
else if(WhichData == UE_CHECKSUM)
{
PEHeader64->OptionalHeader.CheckSum = (DWORD)NewDataValue;
return(true);
return true;
}
else if(WhichData == UE_SUBSYSTEM)
{
PEHeader64->OptionalHeader.Subsystem = (WORD)NewDataValue;
return(true);
return true;
}
else if(WhichData == UE_CHARACTERISTICS)
{
PEHeader64->FileHeader.Characteristics = (WORD)NewDataValue;
return(true);
return true;
}
else if(WhichData == UE_NUMBEROFRVAANDSIZES)
{
PEHeader64->OptionalHeader.NumberOfRvaAndSizes = (DWORD)NewDataValue;
return(true);
return true;
}
else
{
@ -890,53 +890,53 @@ __declspec(dllexport) bool TITCALL SetPE32DataForMappedFile(ULONG_PTR FileMapVA,
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + WhichSection * IMAGE_SIZEOF_SECTION_HEADER);
if(WhichData == UE_SECTIONNAME)
{
return(false);
return false;
}
else if(WhichData == UE_SECTIONVIRTUALOFFSET)
{
PESections->VirtualAddress = (DWORD)NewDataValue;
return(true);
return true;
}
else if(WhichData == UE_SECTIONVIRTUALSIZE)
{
PESections->Misc.VirtualSize = (DWORD)NewDataValue;
return(true);
return true;
}
else if(WhichData == UE_SECTIONRAWOFFSET)
{
PESections->PointerToRawData = (DWORD)NewDataValue;
return(true);
return true;
}
else if(WhichData == UE_SECTIONRAWSIZE)
{
PESections->SizeOfRawData = (DWORD)NewDataValue;
return(true);
return true;
}
else if(WhichData == UE_SECTIONFLAGS)
{
PESections->Characteristics = (DWORD)NewDataValue;
return(true);
return true;
}
else
{
return(false);
return false;
}
}
}
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
return(false);
return false;
}
return(false);
return false;
}
}
else
{
return(false);
return false;
}
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL SetPE32Data(char* szFileName, DWORD WhichSection, DWORD WhichData, ULONG_PTR NewDataValue)
{
@ -953,16 +953,16 @@ __declspec(dllexport) bool TITCALL SetPE32Data(char* szFileName, DWORD WhichSect
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
if(ReturnValue)
{
return(true);
return true;
}
else
{
return(false);
return false;
}
}
else
{
return(false);
return false;
}
}
__declspec(dllexport) bool TITCALL SetPE32DataW(wchar_t* szFileName, DWORD WhichSection, DWORD WhichData, ULONG_PTR NewDataValue)
@ -980,16 +980,16 @@ __declspec(dllexport) bool TITCALL SetPE32DataW(wchar_t* szFileName, DWORD Which
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
if(ReturnValue)
{
return(true);
return true;
}
else
{
return(false);
return false;
}
}
else
{
return(false);
return false;
}
}
__declspec(dllexport) bool TITCALL SetPE32DataForMappedFileEx(ULONG_PTR FileMapVA, LPVOID DataStorage)
@ -1019,7 +1019,7 @@ __declspec(dllexport) bool TITCALL SetPE32DataForMappedFileEx(ULONG_PTR FileMapV
}
else
{
return(false);
return false;
}
if(!FileIs64)
{
@ -1051,11 +1051,11 @@ __declspec(dllexport) bool TITCALL SetPE32DataForMappedFileEx(ULONG_PTR FileMapV
PEHeader32->OptionalHeader.Subsystem = PE32Structure->SubSystem;
PEHeader32->FileHeader.Characteristics = PE32Structure->Characteristics;
PEHeader32->OptionalHeader.NumberOfRvaAndSizes = PE32Structure->NumberOfRvaAndSizes;
return(true);
return true;
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
return(false);
return false;
}
}
else
@ -1087,20 +1087,20 @@ __declspec(dllexport) bool TITCALL SetPE32DataForMappedFileEx(ULONG_PTR FileMapV
PEHeader64->OptionalHeader.Subsystem = PE64Structure->SubSystem;
PEHeader64->FileHeader.Characteristics = PE64Structure->Characteristics;
PEHeader64->OptionalHeader.NumberOfRvaAndSizes = PE64Structure->NumberOfRvaAndSizes;
return(true);
return true;
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
return(false);
return false;
}
}
}
else
{
return(false);
return false;
}
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL SetPE32DataEx(char* szFileName, LPVOID DataStorage)
{
@ -1117,16 +1117,16 @@ __declspec(dllexport) bool TITCALL SetPE32DataEx(char* szFileName, LPVOID DataSt
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
if(ReturnValue)
{
return(true);
return true;
}
else
{
return(false);
return false;
}
}
else
{
return(false);
return false;
}
}
__declspec(dllexport) bool TITCALL SetPE32DataExW(wchar_t* szFileName, LPVOID DataStorage)
@ -1144,16 +1144,16 @@ __declspec(dllexport) bool TITCALL SetPE32DataExW(wchar_t* szFileName, LPVOID Da
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
if(ReturnValue)
{
return(true);
return true;
}
else
{
return(false);
return false;
}
}
else
{
return(false);
return false;
}
}
@ -1164,17 +1164,17 @@ __declspec(dllexport) bool TITCALL IsFileDLL(char* szFileName, ULONG_PTR FileMap
{
if((DWORD)GetPE32Data(szFileName, NULL, UE_CHARACTERISTICS) & 0x2000)
{
return(true);
return true;
}
}
else if(FileMapVA != NULL)
{
if((DWORD)GetPE32DataFromMappedFile(FileMapVA, NULL, UE_CHARACTERISTICS) & 0x2000)
{
return(true);
return true;
}
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL IsFileDLLW(wchar_t* szFileName, ULONG_PTR FileMapVA)
@ -1184,15 +1184,15 @@ __declspec(dllexport) bool TITCALL IsFileDLLW(wchar_t* szFileName, ULONG_PTR Fil
{
if((DWORD)GetPE32DataW(szFileName, NULL, UE_CHARACTERISTICS) & 0x2000)
{
return(true);
return true;
}
}
else if(FileMapVA != NULL)
{
if((DWORD)GetPE32DataFromMappedFile(FileMapVA, NULL, UE_CHARACTERISTICS) & 0x2000)
{
return(true);
return true;
}
}
return(false);
return false;
}

56
TitanEngine/TitanEngine.PE.Fixer.cpp
View File

@ -15,7 +15,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidEx(char* szFileName, DWORD Che
}
else
{
return(false);
return false;
}
}
@ -84,7 +84,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
RtlMoveMemory(FileStatusInfo, &myFileStatusInfo, sizeof FILE_STATUS_INFO);
}
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
if(!FileIs64)
{
@ -809,7 +809,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
if(myFileStatusInfo.OveralEvaluation == UE_RESULT_FILE_OK)
{
return(true);
return true;
}
}
__except(EXCEPTION_EXECUTE_HANDLER)
@ -822,7 +822,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
RtlMoveMemory(FileStatusInfo, &myFileStatusInfo, sizeof FILE_STATUS_INFO);
}
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
}
else
@ -1548,7 +1548,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
if(myFileStatusInfo.OveralEvaluation == UE_RESULT_FILE_OK)
{
return(true);
return true;
}
}
__except(EXCEPTION_EXECUTE_HANDLER)
@ -1561,7 +1561,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
RtlMoveMemory(FileStatusInfo, &myFileStatusInfo, sizeof FILE_STATUS_INFO);
}
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
}
}
@ -1574,14 +1574,14 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
RtlMoveMemory(FileStatusInfo, &myFileStatusInfo, sizeof FILE_STATUS_INFO);
}
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
}
if(FileStatusInfo != NULL)
{
RtlMoveMemory(FileStatusInfo, &myFileStatusInfo, sizeof FILE_STATUS_INFO);
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL FixBrokenPE32FileEx(char* szFileName, LPVOID FileStatusInfo, LPVOID FileFixInfo)
{
@ -1595,7 +1595,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileEx(char* szFileName, LPVOID
}
else
{
return(false);
return false;
}
}
__declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPVOID FileStatusInfo, LPVOID FileFixInfo)
@ -1667,37 +1667,37 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
else
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
if(myFileStatusInfo->SignatureMZ != UE_FIELD_OK)
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
else if(myFileStatusInfo->SignaturePE != UE_FIELD_OK)
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
else if(myFileStatusInfo->SectionAlignment != UE_FIELD_OK)
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
else if(myFileStatusInfo->FileAlignment != UE_FIELD_OK)
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
else if(myFileStatusInfo->ImportTable != UE_FIELD_OK)
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
else if(myFileStatusInfo->ImportTableData != UE_FIELD_OK)
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
if(!FileIs64)
{
@ -1733,7 +1733,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
if(!SetPE32DataForMappedFile(FileMapVA, SectionAttributes, UE_SECTIONFLAGS, 0xE0000020))
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
}
if(PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress != NULL)
@ -2269,7 +2269,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
if(!SetPE32DataForMappedFile(FileMapVA, SectionNumber, UE_SECTIONFLAGS, 0xE0000020))
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
}
}
@ -2283,13 +2283,13 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
myFileFixInfo->OveralEvaluation = UE_RESULT_FILE_OK;
myFileFixInfo->FileFixPerformed = FileFixed;
}
return(true);
return true;
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
myFileFixInfo->FixingTerminatedByException = true;
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
}
else
@ -2326,7 +2326,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
if(!SetPE32DataForMappedFile(FileMapVA, SectionAttributes, UE_SECTIONFLAGS, 0xE0000020))
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
}
if(PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress != NULL)
@ -2862,7 +2862,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
if(!SetPE32DataForMappedFile(FileMapVA, SectionNumber, UE_SECTIONFLAGS, 0xE0000020))
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
}
}
@ -2876,20 +2876,20 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
myFileFixInfo->OveralEvaluation = UE_RESULT_FILE_OK;
myFileFixInfo->FileFixPerformed = FileFixed;
}
return(true);
return true;
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
myFileFixInfo->FixingTerminatedByException = true;
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
}
}
else
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
}
}
@ -2913,7 +2913,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
else
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
if(!FileIs64)
{
@ -3002,9 +3002,9 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
}
}
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(true);
return true;
}
}
}
return(false);
return false;
}

48
TitanEngine/TitanEngine.PE.Overlay.cpp
View File

@ -19,7 +19,7 @@ __declspec(dllexport) bool TITCALL FindOverlay(char* szFileName, LPDWORD Overlay
}
else
{
return(false);
return false;
}
}
@ -57,7 +57,7 @@ __declspec(dllexport) bool TITCALL FindOverlayW(wchar_t* szFileName, LPDWORD Ove
else
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
if(!FileIs64)
{
@ -86,17 +86,17 @@ __declspec(dllexport) bool TITCALL FindOverlayW(wchar_t* szFileName, LPDWORD Ove
*OverlayStart = (DWORD)(SectionRawOffset + SectionRawSize);
*OverlaySize = (DWORD)(FileSize - SectionRawOffset - SectionRawSize);
}
return(true);
return true;
}
else
{
return(false);
return false;
}
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
}
else
@ -126,27 +126,27 @@ __declspec(dllexport) bool TITCALL FindOverlayW(wchar_t* szFileName, LPDWORD Ove
*OverlayStart = (DWORD)(SectionRawOffset + SectionRawSize);
*OverlaySize = (DWORD)(FileSize - SectionRawOffset - SectionRawSize);
}
return(true);
return true;
}
else
{
return(false);
return false;
}
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
}
}
else
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL ExtractOverlay(char* szFileName, char* szExtactedFileName)
{
@ -162,7 +162,7 @@ __declspec(dllexport) bool TITCALL ExtractOverlay(char* szFileName, char* szExta
}
else
{
return(false);
return false;
}
}
__declspec(dllexport) bool TITCALL ExtractOverlayW(wchar_t* szFileName, wchar_t* szExtactedFileName)
@ -224,19 +224,19 @@ __declspec(dllexport) bool TITCALL ExtractOverlayW(wchar_t* szFileName, wchar_t*
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
EngineCloseHandle(hFile);
EngineCloseHandle(hFileWrite);
return(true);
return true;
}
else
{
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
EngineCloseHandle(hFile);
return(false);
return false;
}
}
}
}
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
return(false);
return false;
}
__declspec(dllexport) bool TITCALL AddOverlay(char* szFileName, char* szOverlayFileName)
{
@ -252,7 +252,7 @@ __declspec(dllexport) bool TITCALL AddOverlay(char* szFileName, char* szOverlayF
}
else
{
return(false);
return false;
}
}
__declspec(dllexport) bool TITCALL AddOverlayW(wchar_t* szFileName, wchar_t* szOverlayFileName)
@ -310,15 +310,15 @@ __declspec(dllexport) bool TITCALL AddOverlayW(wchar_t* szFileName, wchar_t* szO
}
EngineCloseHandle(hFile);
EngineCloseHandle(hFileRead);
return(true);
return true;
}
else
{
EngineCloseHandle(hFile);
return(false);
return false;
}
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL CopyOverlay(char* szInFileName, char* szOutFileName)
{
@ -334,7 +334,7 @@ __declspec(dllexport) bool TITCALL CopyOverlay(char* szInFileName, char* szOutFi
}
else
{
return(false);
return false;
}
}
__declspec(dllexport) bool TITCALL CopyOverlayW(wchar_t* szInFileName, wchar_t* szOutFileName)
@ -351,11 +351,11 @@ __declspec(dllexport) bool TITCALL CopyOverlayW(wchar_t* szInFileName, wchar_t*
{
AddOverlayW(szOutFileName, szTempName);
DeleteFileW(szTempName);
return(true);
return true;
}
}
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL RemoveOverlay(char* szFileName)
{
@ -369,7 +369,7 @@ __declspec(dllexport) bool TITCALL RemoveOverlay(char* szFileName)
}
else
{
return(false);
return false;
}
}
__declspec(dllexport) bool TITCALL RemoveOverlayW(wchar_t* szFileName)
@ -388,10 +388,10 @@ __declspec(dllexport) bool TITCALL RemoveOverlayW(wchar_t* szFileName)
{
FileSize = FileSize - OverlaySize;
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(true);
return true;
}
}
return(false);
return false;
}
__declspec(dllexport) void TITCALL SetSharedOverlay(char* szFileName)

152
TitanEngine/TitanEngine.PE.Section.cpp
View File

@ -18,7 +18,7 @@ __declspec(dllexport) bool TITCALL ExtractSection(char* szFileName, char* szDump
}
else
{
return(false);
return false;
}
}
@ -55,7 +55,7 @@ __declspec(dllexport) bool TITCALL ExtractSectionW(wchar_t* szFileName, wchar_t*
else
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
if(!FileIs64)
{
@ -73,20 +73,20 @@ __declspec(dllexport) bool TITCALL ExtractSectionW(wchar_t* szFileName, wchar_t*
WriteFile(hFile, (LPCVOID)(FileMapVA + PESections->PointerToRawData), PESections->SizeOfRawData, &NumberOfBytesWritten, NULL);
EngineCloseHandle(hFile);
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(true);
return true;
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
EngineCloseHandle(hFile);
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
DeleteFileW(szDumpFileName);
return(false);
return false;
}
}
}
}
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
else
{
@ -104,29 +104,29 @@ __declspec(dllexport) bool TITCALL ExtractSectionW(wchar_t* szFileName, wchar_t*
WriteFile(hFile, (LPCVOID)(FileMapVA + PESections->PointerToRawData), PESections->SizeOfRawData, &NumberOfBytesWritten, NULL);
EngineCloseHandle(hFile);
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(true);
return true;
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
EngineCloseHandle(hFile);
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
DeleteFileW(szDumpFileName);
return(false);
return false;
}
}
}
}
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
}
else
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL ResortFileSections(char* szFileName)
@ -141,7 +141,7 @@ __declspec(dllexport) bool TITCALL ResortFileSections(char* szFileName)
}
else
{
return(false);
return false;
}
}
@ -198,7 +198,7 @@ __declspec(dllexport) bool TITCALL ResortFileSectionsW(wchar_t* szFileName)
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
RemoveGarbageItem(szBackupItem, true);
return(false);
return false;
}
if(!FileIs64)
{
@ -248,17 +248,17 @@ __declspec(dllexport) bool TITCALL ResortFileSectionsW(wchar_t* szFileName)
if(CopyFileW(szBackupFile, szFileName, false))
{
RemoveGarbageItem(szBackupItem, true);
return(true);
return true;
}
else
{
RemoveGarbageItem(szBackupItem, true);
return(false);
return false;
}
}
else
{
return(true);
return true;
}
}
__except(EXCEPTION_EXECUTE_HANDLER)
@ -266,7 +266,7 @@ __declspec(dllexport) bool TITCALL ResortFileSectionsW(wchar_t* szFileName)
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
VirtualFree(sortedFileName, NULL, MEM_RELEASE);
RemoveGarbageItem(szBackupItem, true);
return(false);
return false;
}
}
else
@ -317,17 +317,17 @@ __declspec(dllexport) bool TITCALL ResortFileSectionsW(wchar_t* szFileName)
if(CopyFileW(szBackupFile, szFileName, false))
{
RemoveGarbageItem(szBackupItem, true);
return(true);
return true;
}
else
{
RemoveGarbageItem(szBackupItem, true);
return(false);
return false;
}
}
else
{
return(true);
return true;
}
}
__except(EXCEPTION_EXECUTE_HANDLER)
@ -335,7 +335,7 @@ __declspec(dllexport) bool TITCALL ResortFileSectionsW(wchar_t* szFileName)
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
VirtualFree(sortedFileName, NULL, MEM_RELEASE);
RemoveGarbageItem(szBackupItem, true);
return(false);
return false;
}
}
}
@ -343,11 +343,11 @@ __declspec(dllexport) bool TITCALL ResortFileSectionsW(wchar_t* szFileName)
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
RemoveGarbageItem(szBackupItem, true);
return(false);
return false;
}
}
RemoveGarbageItem(szBackupItem, true);
return(false);
return false;
}
__declspec(dllexport) bool TITCALL MakeAllSectionsRWE(char* szFileName)
@ -362,7 +362,7 @@ __declspec(dllexport) bool TITCALL MakeAllSectionsRWE(char* szFileName)
}
else
{
return(false);
return false;
}
}
@ -414,7 +414,7 @@ __declspec(dllexport) bool TITCALL MakeAllSectionsRWEW(wchar_t* szFileName)
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
RemoveGarbageItem(szBackupItem, true);
return(false);
return false;
}
if(!FileIs64)
{
@ -434,25 +434,25 @@ __declspec(dllexport) bool TITCALL MakeAllSectionsRWEW(wchar_t* szFileName)
if(CopyFileW(szBackupFile, szFileName, false))
{
RemoveGarbageItem(szBackupItem, true);
return(true);
return true;
}
else
{
RemoveGarbageItem(szBackupItem, true);
return(false);
return false;
}
}
else
{
return(true);
return true;
}
return(true);
return true;
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
RemoveGarbageItem(szBackupItem, true);
return(false);
return false;
}
}
else
@ -473,25 +473,25 @@ __declspec(dllexport) bool TITCALL MakeAllSectionsRWEW(wchar_t* szFileName)
if(CopyFileW(szBackupFile, szFileName, false))
{
RemoveGarbageItem(szBackupItem, true);
return(true);
return true;
}
else
{
RemoveGarbageItem(szBackupItem, true);
return(false);
return false;
}
}
else
{
return(true);
return true;
}
return(true);
return true;
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
RemoveGarbageItem(szBackupItem, true);
return(false);
return false;
}
}
}
@ -499,11 +499,11 @@ __declspec(dllexport) bool TITCALL MakeAllSectionsRWEW(wchar_t* szFileName)
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
RemoveGarbageItem(szBackupItem, true);
return(false);
return false;
}
}
RemoveGarbageItem(szBackupItem, true);
return(false);
return false;
}
__declspec(dllexport) long TITCALL AddNewSectionEx(char* szFileName, char* szSectionName, DWORD SectionSize, DWORD SectionAttributes, LPVOID SectionContent, DWORD ContentSize)
@ -903,7 +903,7 @@ __declspec(dllexport) bool TITCALL ResizeLastSection(char* szFileName, DWORD Num
}
else
{
return(false);
return false;
}
}
@ -957,7 +957,7 @@ __declspec(dllexport) bool TITCALL ResizeLastSectionW(wchar_t* szFileName, DWORD
FileSize = FileSize - NumberOfExpandBytes;
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
RemoveGarbageItem(szBackupItem, true);
return(false);
return false;
}
if(!FileIs64)
{
@ -1009,23 +1009,23 @@ __declspec(dllexport) bool TITCALL ResizeLastSectionW(wchar_t* szFileName, DWORD
RemoveGarbageItem(szBackupItem, true);
if(CopyFileW(szBackupFile, szFileName, false))
{
return(true);
return true;
}
else
{
return(false);
return false;
}
}
else
{
return(true);
return true;
}
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
RemoveGarbageItem(szBackupItem, true);
return(false);
return false;
}
}
else
@ -1078,24 +1078,24 @@ __declspec(dllexport) bool TITCALL ResizeLastSectionW(wchar_t* szFileName, DWORD
if(CopyFileW(szBackupFile, szFileName, false))
{
RemoveGarbageItem(szBackupItem, true);
return(true);
return true;
}
else
{
RemoveGarbageItem(szBackupItem, true);
return(false);
return false;
}
}
else
{
return(true);
return true;
}
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
RemoveGarbageItem(szBackupItem, true);
return(false);
return false;
}
}
}
@ -1104,11 +1104,11 @@ __declspec(dllexport) bool TITCALL ResizeLastSectionW(wchar_t* szFileName, DWORD
FileSize = FileSize - NumberOfExpandBytes;
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
RemoveGarbageItem(szBackupItem, true);
return(false);
return false;
}
}
RemoveGarbageItem(szBackupItem, true);
return(false);
return false;
}
__declspec(dllexport) bool TITCALL DeleteLastSection(char* szFileName)
@ -1123,7 +1123,7 @@ __declspec(dllexport) bool TITCALL DeleteLastSection(char* szFileName)
}
else
{
return(false);
return false;
}
}
@ -1175,7 +1175,7 @@ __declspec(dllexport) bool TITCALL DeleteLastSectionW(wchar_t* szFileName)
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
RemoveGarbageItem(szBackupItem, true);
return(false);
return false;
}
if(!FileIs64)
{
@ -1196,31 +1196,31 @@ __declspec(dllexport) bool TITCALL DeleteLastSectionW(wchar_t* szFileName)
if(CopyFileW(szBackupFile, szFileName, false))
{
RemoveGarbageItem(szBackupItem, true);
return(true);
return true;
}
else
{
RemoveGarbageItem(szBackupItem, true);
return(false);
return false;
}
}
else
{
return(true);
return true;
}
}
else
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
RemoveGarbageItem(szBackupItem, true);
return(false);
return false;
}
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
RemoveGarbageItem(szBackupItem, true);
return(false);
return false;
}
}
else
@ -1242,31 +1242,31 @@ __declspec(dllexport) bool TITCALL DeleteLastSectionW(wchar_t* szFileName)
if(CopyFileW(szBackupFile, szFileName, false))
{
RemoveGarbageItem(szBackupItem, true);
return(true);
return true;
}
else
{
RemoveGarbageItem(szBackupItem, true);
return(false);
return false;
}
}
else
{
return(true);
return true;
}
}
else
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
RemoveGarbageItem(szBackupItem, true);
return(false);
return false;
}
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
RemoveGarbageItem(szBackupItem, true);
return(false);
return false;
}
}
}
@ -1274,11 +1274,11 @@ __declspec(dllexport) bool TITCALL DeleteLastSectionW(wchar_t* szFileName)
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
RemoveGarbageItem(szBackupItem, true);
return(false);
return false;
}
}
RemoveGarbageItem(szBackupItem, true);
return(false);
return false;
}
__declspec(dllexport) bool TITCALL DeleteLastSectionEx(char* szFileName, DWORD NumberOfSections)
@ -1289,7 +1289,7 @@ __declspec(dllexport) bool TITCALL DeleteLastSectionEx(char* szFileName, DWORD N
DeleteLastSection(szFileName);
NumberOfSections--;
}
return(true);
return true;
}
__declspec(dllexport) bool TITCALL DeleteLastSectionExW(wchar_t* szFileName, DWORD NumberOfSections)
@ -1300,7 +1300,7 @@ __declspec(dllexport) bool TITCALL DeleteLastSectionExW(wchar_t* szFileName, DWO
DeleteLastSectionW(szFileName);
NumberOfSections--;
}
return(true);
return true;
}
__declspec(dllexport) bool TITCALL WipeSection(char* szFileName, int WipeSectionNumber, bool RemovePhysically)
@ -1315,7 +1315,7 @@ __declspec(dllexport) bool TITCALL WipeSection(char* szFileName, int WipeSection
}
else
{
return(false);
return false;
}
}
__declspec(dllexport) bool TITCALL WipeSectionW(wchar_t* szFileName, int WipeSectionNumber, bool RemovePhysically)
@ -1375,7 +1375,7 @@ __declspec(dllexport) bool TITCALL WipeSectionW(wchar_t* szFileName, int WipeSec
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
RemoveGarbageItem(szBackupItem, true);
return(false);
return false;
}
if(!FileIs64)
{
@ -1433,24 +1433,24 @@ __declspec(dllexport) bool TITCALL WipeSectionW(wchar_t* szFileName, int WipeSec
if(CopyFileW(szBackupFile, szFileName, false))
{
RemoveGarbageItem(szBackupItem, true);
return(true);
return true;
}
else
{
RemoveGarbageItem(szBackupItem, true);
return(false);
return false;
}
}
else
{
return(true);
return true;
}
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
RemoveGarbageItem(szBackupItem, true);
return(false);
return false;
}
}
}
@ -1519,24 +1519,24 @@ __declspec(dllexport) bool TITCALL WipeSectionW(wchar_t* szFileName, int WipeSec
if(CopyFileW(szBackupFile, szFileName, false))
{
RemoveGarbageItem(szBackupItem, true);
return(true);
return true;
}
else
{
RemoveGarbageItem(szBackupItem, true);
return(false);
return false;
}
}
else
{
return(true);
return true;
}
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
RemoveGarbageItem(szBackupItem, true);
return(false);
return false;
}
}
}
@ -1545,10 +1545,10 @@ __declspec(dllexport) bool TITCALL WipeSectionW(wchar_t* szFileName, int WipeSec
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
RemoveGarbageItem(szBackupItem, true);
return(false);
return false;
}
}
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
RemoveGarbageItem(szBackupItem, true);
return(false);
return false;
}

26
TitanEngine/TitanEngine.PE.cpp
View File

@ -15,7 +15,7 @@ __declspec(dllexport) bool TITCALL PastePEHeader(HANDLE hProcess, LPVOID ImageBa
}
else
{
return(false);
return false;
}
}
@ -69,7 +69,7 @@ __declspec(dllexport) bool TITCALL PastePEHeaderW(HANDLE hProcess, LPVOID ImageB
{
EngineCloseHandle(hFile);
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
return(false);
return false;
}
}
if(PEHeader32->OptionalHeader.Magic == 0x10B)
@ -92,7 +92,7 @@ __declspec(dllexport) bool TITCALL PastePEHeaderW(HANDLE hProcess, LPVOID ImageB
{
EngineCloseHandle(hFile);
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
return(false);
return false;
}
if(!FileIs64)
{
@ -104,20 +104,20 @@ __declspec(dllexport) bool TITCALL PastePEHeaderW(HANDLE hProcess, LPVOID ImageB
EngineCloseHandle(hFile);
VirtualProtectEx(hProcess, ImageBase, PEHeaderSize, OldProtect, &OldProtect);
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
return(true);
return true;
}
else
{
EngineCloseHandle(hFile);
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
return(false);
return false;
}
}
else
{
EngineCloseHandle(hFile);
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
return(false);
return false;
}
}
else
@ -130,20 +130,20 @@ __declspec(dllexport) bool TITCALL PastePEHeaderW(HANDLE hProcess, LPVOID ImageB
EngineCloseHandle(hFile);
VirtualProtectEx(hProcess, ImageBase, PEHeaderSize, OldProtect, &OldProtect);
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
return(true);
return true;
}
else
{
EngineCloseHandle(hFile);
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
return(false);
return false;
}
}
else
{
EngineCloseHandle(hFile);
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
return(false);
return false;
}
}
}
@ -151,21 +151,21 @@ __declspec(dllexport) bool TITCALL PastePEHeaderW(HANDLE hProcess, LPVOID ImageB
{
EngineCloseHandle(hFile);
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
return(false);
return false;
}
}
else
{
EngineCloseHandle(hFile);
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
return(false);
return false;
}
}
else
{
EngineCloseHandle(hFile);
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
return(false);
return false;
}
return(false);
return false;
}

8
TitanEngine/TitanEngine.Realigner.cpp
View File

@ -15,11 +15,11 @@ __declspec(dllexport) bool TITCALL FixHeaderCheckSum(char* szFileName)
if(MapFileAndCheckSumA(szFileName, &HeaderSum, &CheckSum) == NULL)
{
SetPE32Data(szFileName, NULL, UE_CHECKSUM, (ULONG_PTR)CheckSum);
return(true);
return true;
}
else
{
return(false);
return false;
}
}
__declspec(dllexport) bool TITCALL FixHeaderCheckSumW(wchar_t* szFileName)
@ -31,11 +31,11 @@ __declspec(dllexport) bool TITCALL FixHeaderCheckSumW(wchar_t* szFileName)
if(MapFileAndCheckSumW(szFileName, &HeaderSum, &CheckSum) == NULL)
{
SetPE32DataW(szFileName, NULL, UE_CHECKSUM, (ULONG_PTR)CheckSum);
return(true);
return true;
}
else
{
return(false);
return false;
}
}
__declspec(dllexport) long TITCALL RealignPE(ULONG_PTR FileMapVA, DWORD FileSize, DWORD RealingMode)

74
TitanEngine/TitanEngine.Relocator.cpp
View File

@ -134,7 +134,7 @@ __declspec(dllexport) bool TITCALL RelocaterExportRelocation(ULONG_PTR StorePlac
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
return(false);
return false;
}
DOSHeader = (PIMAGE_DOS_HEADER)FileMapVA;
@ -153,7 +153,7 @@ __declspec(dllexport) bool TITCALL RelocaterExportRelocation(ULONG_PTR StorePlac
else
{
RelocationData = NULL;
return(false);
return false;
}
if(!FileIs64)
{
@ -168,10 +168,10 @@ __declspec(dllexport) bool TITCALL RelocaterExportRelocation(ULONG_PTR StorePlac
PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size = (DWORD)((ULONG_PTR)RelocationWritePosition - (ULONG_PTR)RelocationData);
}
RelocationData = NULL;
return(true);
return true;
}
RelocationData = NULL;
return(false);
return false;
}
__declspec(dllexport) bool TITCALL RelocaterExportRelocationEx(char* szFileName, char* szSectionName)
{
@ -185,7 +185,7 @@ __declspec(dllexport) bool TITCALL RelocaterExportRelocationEx(char* szFileName,
}
else
{
return(false);
return false;
}
}
__declspec(dllexport) bool TITCALL RelocaterExportRelocationExW(wchar_t* szFileName, char* szSectionName)
@ -209,21 +209,21 @@ __declspec(dllexport) bool TITCALL RelocaterExportRelocationExW(wchar_t* szFileN
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
if(ReturnValue)
{
return(true);
return true;
}
else
{
return(false);
return false;
}
}
else
{
return(false);
return false;
}
}
else
{
return(false);
return false;
}
}
__declspec(dllexport) bool TITCALL RelocaterGrabRelocationTable(HANDLE hProcess, ULONG_PTR MemoryStart, DWORD MemorySize)
@ -242,10 +242,10 @@ __declspec(dllexport) bool TITCALL RelocaterGrabRelocationTable(HANDLE hProcess,
{
RelocationWritePosition = (LPVOID)((ULONG_PTR)RelocationData + MemorySize);
RelocationStartPosition = (LPVOID)(-1);
return(true);
return true;
}
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL RelocaterGrabRelocationTableEx(HANDLE hProcess, ULONG_PTR MemoryStart, ULONG_PTR MemorySize, DWORD NtSizeOfImage)
{
@ -287,10 +287,10 @@ __declspec(dllexport) bool TITCALL RelocaterGrabRelocationTableEx(HANDLE hProces
else
{
VirtualFree(ReadMemoryStorage, NULL, MEM_RELEASE);
return(false);
return false;
}
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL RelocaterMakeSnapshot(HANDLE hProcess, char* szSaveFileName, LPVOID MemoryStart, ULONG_PTR MemorySize)
@ -315,7 +315,7 @@ __declspec(dllexport) bool TITCALL RelocaterCompareTwoSnapshots(HANDLE hProcess,
}
else
{
return(false);
return false;
}
}
__declspec(dllexport) bool TITCALL RelocaterCompareTwoSnapshotsW(HANDLE hProcess, ULONG_PTR LoadedImageBase, ULONG_PTR NtSizeOfImage, wchar_t* szDumpFile1, wchar_t* szDumpFile2, ULONG_PTR MemStart)
@ -421,15 +421,15 @@ __declspec(dllexport) bool TITCALL RelocaterCompareTwoSnapshotsW(HANDLE hProcess
RelocaterCleanup();
UnMapFileEx(FileHandle2, FileSize2, FileMap2, FileMapVA2);
UnMapFileEx(FileHandle1, FileSize1, FileMap1, FileMapVA1);
return(false);
return false;
}
}
UnMapFileEx(FileHandle2, FileSize2, FileMap2, FileMapVA2);
}
UnMapFileEx(FileHandle1, FileSize1, FileMap1, FileMapVA1);
return(true);
return true;
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL RelocaterChangeFileBase(char* szFileName, ULONG_PTR NewImageBase)
{
@ -443,7 +443,7 @@ __declspec(dllexport) bool TITCALL RelocaterChangeFileBase(char* szFileName, ULO
}
else
{
return(false);
return false;
}
}
__declspec(dllexport) bool TITCALL RelocaterChangeFileBaseW(wchar_t* szFileName, ULONG_PTR NewImageBase)
@ -501,7 +501,7 @@ __declspec(dllexport) bool TITCALL RelocaterChangeFileBaseW(wchar_t* szFileName,
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
RemoveGarbageItem(szBackupItem, true);
return(false);
return false;
}
if(!FileIs64)
{
@ -509,7 +509,7 @@ __declspec(dllexport) bool TITCALL RelocaterChangeFileBaseW(wchar_t* szFileName,
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
RemoveGarbageItem(szBackupItem, true);
return(true);
return true;
}
RelocData = (ULONG_PTR)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)(PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress + PEHeader32->OptionalHeader.ImageBase), true);
RelocSize = PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size;
@ -520,7 +520,7 @@ __declspec(dllexport) bool TITCALL RelocaterChangeFileBaseW(wchar_t* szFileName,
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
RemoveGarbageItem(szBackupItem, true);
return(true);
return true;
}
RelocData = (ULONG_PTR)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)(PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress + PEHeader64->OptionalHeader.ImageBase), true);
RelocSize = PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size;
@ -575,35 +575,35 @@ __declspec(dllexport) bool TITCALL RelocaterChangeFileBaseW(wchar_t* szFileName,
if(CopyFileW(szBackupFile, szFileName, false))
{
RemoveGarbageItem(szBackupItem, true);
return(true);
return true;
}
else
{
RemoveGarbageItem(szBackupItem, true);
return(false);
return false;
}
}
else
{
return(true);
return true;
}
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
RemoveGarbageItem(szBackupItem, true);
return(false);
return false;
}
}
else
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
RemoveGarbageItem(szBackupItem, true);
return(false);
return false;
}
}
RemoveGarbageItem(szBackupItem, true);
return(false);
return false;
}
__declspec(dllexport) bool TITCALL RelocaterRelocateMemoryBlock(ULONG_PTR FileMapVA, ULONG_PTR MemoryLocation, void* RelocateMemory, DWORD RelocateMemorySize, ULONG_PTR CurrentLoadedBase, ULONG_PTR RelocateBase)
{
@ -638,13 +638,13 @@ __declspec(dllexport) bool TITCALL RelocaterRelocateMemoryBlock(ULONG_PTR FileMa
}
else
{
return(false);
return false;
}
if(!FileIs64)
{
if(PEHeader32->OptionalHeader.ImageBase == (DWORD)RelocateBase)
{
return(true);
return true;
}
RelocData = (ULONG_PTR)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)(PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress + PEHeader32->OptionalHeader.ImageBase), true);
RelocSize = PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size;
@ -653,7 +653,7 @@ __declspec(dllexport) bool TITCALL RelocaterRelocateMemoryBlock(ULONG_PTR FileMa
{
if((ULONG_PTR)PEHeader64->OptionalHeader.ImageBase == RelocateBase)
{
return(true);
return true;
}
RelocData = (ULONG_PTR)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)(PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress + PEHeader64->OptionalHeader.ImageBase), true);
RelocSize = PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size;
@ -698,18 +698,18 @@ __declspec(dllexport) bool TITCALL RelocaterRelocateMemoryBlock(ULONG_PTR FileMa
RelocData = RelocData + 2;
}
}
return(true);
return true;
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
return(false);
return false;
}
}
else
{
return(false);
return false;
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL RelocaterWipeRelocationTable(char* szFileName)
{
@ -723,7 +723,7 @@ __declspec(dllexport) bool TITCALL RelocaterWipeRelocationTable(char* szFileName
}
else
{
return(false);
return false;
}
}
__declspec(dllexport) bool TITCALL RelocaterWipeRelocationTableW(wchar_t* szFileName)
@ -758,7 +758,7 @@ __declspec(dllexport) bool TITCALL RelocaterWipeRelocationTableW(wchar_t* szFile
else
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
if(!FileIs64)
{
@ -784,5 +784,5 @@ __declspec(dllexport) bool TITCALL RelocaterWipeRelocationTableW(wchar_t* szFile
}
}
}
return(false);
return false;
}

32
TitanEngine/TitanEngine.Resourcer.cpp
View File

@ -19,11 +19,11 @@ __declspec(dllexport) bool TITCALL ResourcerFreeLoadedFile(LPVOID LoadedFileBase
{
if(VirtualFree(LoadedFileBase, NULL, MEM_RELEASE))
{
return(true);
return true;
}
else
{
return(false);
return false;
}
}
@ -55,13 +55,13 @@ __declspec(dllexport) bool TITCALL ResourcerExtractResourceFromFileEx(ULONG_PTR
}
else
{
return(false);
return false;
}
}
}
return(true);
return true;
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL ResourcerExtractResourceFromFile(char* szFileName, char* szResourceType, char* szResourceName, char* szExtractedFileName)
@ -79,10 +79,10 @@ __declspec(dllexport) bool TITCALL ResourcerExtractResourceFromFile(char* szFile
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
if(bReturn)
{
return(true);
return true;
}
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL ResourcerExtractResourceFromFileW(wchar_t* szFileName, char* szResourceType, char* szResourceName, char* szExtractedFileName)
@ -100,10 +100,10 @@ __declspec(dllexport) bool TITCALL ResourcerExtractResourceFromFileW(wchar_t* sz
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
if(bReturn)
{
return(true);
return true;
}
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL ResourcerFindResource(char* szFileName, char* szResourceType, DWORD ResourceType, char* szResourceName, DWORD ResourceName, DWORD ResourceLanguage, PULONG_PTR pResourceData, LPDWORD pResourceSize)
@ -138,7 +138,7 @@ __declspec(dllexport) bool TITCALL ResourcerFindResource(char* szFileName, char*
}
else
{
return(false);
return false;
}
}
@ -157,14 +157,14 @@ __declspec(dllexport) bool TITCALL ResourcerFindResourceW(wchar_t* szFileName, w
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
if(ReturnValue)
{
return(true);
return true;
}
}
else
{
return(false);
return false;
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL ResourcerFindResourceEx(ULONG_PTR FileMapVA, DWORD FileSize, wchar_t* szResourceType, DWORD ResourceType, wchar_t* szResourceName, DWORD ResourceName, DWORD ResourceLanguage, PULONG_PTR pResourceData, LPDWORD pResourceSize)
@ -215,7 +215,7 @@ __declspec(dllexport) bool TITCALL ResourcerFindResourceEx(ULONG_PTR FileMapVA,
{
*pResourceData = PEResourceItem->OffsetToData;
*pResourceSize = PEResourceItem->Size;
return(true);
return true;
}
PEResourceDir2 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PEResourceDir2 + sizeof IMAGE_RESOURCE_DIRECTORY_ENTRY);
n--;
@ -240,14 +240,14 @@ __declspec(dllexport) bool TITCALL ResourcerFindResourceEx(ULONG_PTR FileMapVA,
}
else
{
return(false);
return false;
}
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
}
return(false);
return false;
}
__declspec(dllexport) void TITCALL ResourcerEnumerateResource(char* szFileName, void* CallBack)

114
TitanEngine/TitanEngine.Static.cpp
View File

@ -14,7 +14,7 @@ __declspec(dllexport) bool TITCALL StaticFileLoad(char* szFileName, DWORD Desire
{
if(MapFileEx(szFileName, DesiredAccess, FileHandle, LoadedSize, FileMap, FileMapVA, NULL))
{
return(true);
return true;
}
}
else
@ -25,10 +25,10 @@ __declspec(dllexport) bool TITCALL StaticFileLoad(char* szFileName, DWORD Desire
*LoadedSize = (DWORD)GetPE32DataFromMappedFile(*FileMapVA, NULL, UE_SIZEOFIMAGE);
*FileHandle = NULL;
*FileMap = NULL;
return(true);
return true;
}
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL StaticFileLoadW(wchar_t* szFileName, DWORD DesiredAccess, bool SimulateLoad, LPHANDLE FileHandle, LPDWORD LoadedSize, LPHANDLE FileMap, PULONG_PTR FileMapVA)
{
@ -37,7 +37,7 @@ __declspec(dllexport) bool TITCALL StaticFileLoadW(wchar_t* szFileName, DWORD De
{
if(MapFileExW(szFileName, DesiredAccess, FileHandle, LoadedSize, FileMap, FileMapVA, NULL))
{
return(true);
return true;
}
}
else
@ -48,10 +48,10 @@ __declspec(dllexport) bool TITCALL StaticFileLoadW(wchar_t* szFileName, DWORD De
*LoadedSize = (DWORD)GetPE32DataFromMappedFile(*FileMapVA, NULL, UE_SIZEOFIMAGE);
*FileHandle = NULL;
*FileMap = NULL;
return(true);
return true;
}
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL StaticFileUnload(char* szFileName, bool CommitChanges, HANDLE FileHandle, DWORD LoadedSize, HANDLE FileMap, ULONG_PTR FileMapVA)
{
@ -65,7 +65,7 @@ __declspec(dllexport) bool TITCALL StaticFileUnload(char* szFileName, bool Commi
}
else
{
return(false);
return false;
}
}
__declspec(dllexport) bool TITCALL StaticFileUnloadW(wchar_t* szFileName, bool CommitChanges, HANDLE FileHandle, DWORD LoadedSize, HANDLE FileMap, ULONG_PTR FileMapVA)
@ -88,7 +88,7 @@ __declspec(dllexport) bool TITCALL StaticFileUnloadW(wchar_t* szFileName, bool C
if(FileHandle != NULL && FileMap != NULL)
{
UnMapFileEx(FileHandle, LoadedSize, FileMap, FileMapVA);
return(true);
return true;
}
else
{
@ -117,7 +117,7 @@ __declspec(dllexport) bool TITCALL StaticFileUnloadW(wchar_t* szFileName, bool C
{
ResourcerFreeLoadedFile((LPVOID)FileMapVA);
UnMapFileEx(myFileHandle, myFileSize, myFileMap, myFileMapVA);
return(false);
return false;
}
if(!FileIs64)
{
@ -133,7 +133,7 @@ __declspec(dllexport) bool TITCALL StaticFileUnloadW(wchar_t* szFileName, bool C
}
ResourcerFreeLoadedFile((LPVOID)FileMapVA);
UnMapFileEx(myFileHandle, myFileSize, myFileMap, myFileMapVA);
return(true);
return true;
}
else
{
@ -149,19 +149,19 @@ __declspec(dllexport) bool TITCALL StaticFileUnloadW(wchar_t* szFileName, bool C
}
ResourcerFreeLoadedFile((LPVOID)FileMapVA);
UnMapFileEx(myFileHandle, myFileSize, myFileMap, myFileMapVA);
return(true);
return true;
}
}
else
{
ResourcerFreeLoadedFile((LPVOID)FileMapVA);
UnMapFileEx(myFileHandle, myFileSize, myFileMap, myFileMapVA);
return(false);
return false;
}
}
}
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL StaticFileOpen(char* szFileName, DWORD DesiredAccess, LPHANDLE FileHandle, LPDWORD FileSizeLow, LPDWORD FileSizeHigh)
{
@ -175,7 +175,7 @@ __declspec(dllexport) bool TITCALL StaticFileOpen(char* szFileName, DWORD Desire
}
else
{
return(false);
return false;
}
}
__declspec(dllexport) bool TITCALL StaticFileOpenW(wchar_t* szFileName, DWORD DesiredAccess, LPHANDLE FileHandle, LPDWORD FileSizeLow, LPDWORD FileSizeHigh)
@ -187,16 +187,16 @@ __declspec(dllexport) bool TITCALL StaticFileOpenW(wchar_t* szFileName, DWORD De
if(FileHandle != INVALID_HANDLE_VALUE)
{
*FileSizeLow = GetFileSize(*FileHandle, FileSizeHigh);
return(true);
return true;
}
else
{
return(false);
return false;
}
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
return(false);
return false;
}
}
__declspec(dllexport) bool TITCALL StaticFileGetContent(HANDLE FileHandle, DWORD FilePositionLow, LPDWORD FilePositionHigh, void* Buffer, DWORD Size)
@ -210,7 +210,7 @@ __declspec(dllexport) bool TITCALL StaticFileGetContent(HANDLE FileHandle, DWORD
{
if(rfNumberOfBytesRead == Size)
{
return(true);
return true;
}
else
{
@ -218,7 +218,7 @@ __declspec(dllexport) bool TITCALL StaticFileGetContent(HANDLE FileHandle, DWORD
}
}
}
return(false);
return false;
}
__declspec(dllexport) void TITCALL StaticFileClose(HANDLE FileHandle)
{
@ -419,11 +419,11 @@ __declspec(dllexport) bool TITCALL StaticMemoryDecompress(void* Source, DWORD So
#if !defined (_WIN64)
if(aP_depack_asm_safe(Source, SourceSize, Destination, DestinationSize) != APLIB_ERROR)
{
return(true);
return true;
}
else if(aPsafe_depack(Source, SourceSize, Destination, DestinationSize) != APLIB_ERROR)
{
return(true);
return true;
}
#endif
}
@ -431,10 +431,10 @@ __declspec(dllexport) bool TITCALL StaticMemoryDecompress(void* Source, DWORD So
{
if(LzmaDecode((unsigned char*)Destination, (size_t*)DestinationSize, (unsigned char*)Source, (size_t*)SourceSize, (unsigned char*)&lzProps, LZMA_PROPS_SIZE, LZMA_FINISH_ANY, &lzStatus, &lzAlloc) == SZ_OK)
{
return(true);
return true;
}
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL StaticRawMemoryCopy(HANDLE hFile, ULONG_PTR FileMapVA, ULONG_PTR VitualAddressToCopy, DWORD Size, bool AddressIsRVA, char* szDumpFileName)
{
@ -448,7 +448,7 @@ __declspec(dllexport) bool TITCALL StaticRawMemoryCopy(HANDLE hFile, ULONG_PTR F
}
else
{
return(false);
return false;
}
}
__declspec(dllexport) bool TITCALL StaticRawMemoryCopyW(HANDLE hFile, ULONG_PTR FileMapVA, ULONG_PTR VitualAddressToCopy, DWORD Size, bool AddressIsRVA, wchar_t* szDumpFileName)
@ -529,7 +529,7 @@ __declspec(dllexport) bool TITCALL StaticRawMemoryCopyW(HANDLE hFile, ULONG_PTR
EngineCloseHandle(hReadFile);
EngineCloseHandle(hWriteFile);
VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE);
return(true);
return true;
}
else
{
@ -541,7 +541,7 @@ __declspec(dllexport) bool TITCALL StaticRawMemoryCopyW(HANDLE hFile, ULONG_PTR
EngineCloseHandle(hReadFile);
}
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL StaticRawMemoryCopyEx(HANDLE hFile, DWORD RawAddressToCopy, DWORD Size, char* szDumpFileName)
{
@ -555,7 +555,7 @@ __declspec(dllexport) bool TITCALL StaticRawMemoryCopyEx(HANDLE hFile, DWORD Raw
}
else
{
return(false);
return false;
}
}
__declspec(dllexport) bool TITCALL StaticRawMemoryCopyExW(HANDLE hFile, DWORD RawAddressToCopy, DWORD Size, wchar_t* szDumpFileName)
@ -624,7 +624,7 @@ __declspec(dllexport) bool TITCALL StaticRawMemoryCopyExW(HANDLE hFile, DWORD Ra
EngineCloseHandle(hReadFile);
EngineCloseHandle(hWriteFile);
VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE);
return(true);
return true;
}
else
{
@ -635,7 +635,7 @@ __declspec(dllexport) bool TITCALL StaticRawMemoryCopyExW(HANDLE hFile, DWORD Ra
}
EngineCloseHandle(hReadFile);
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL StaticRawMemoryCopyEx64(HANDLE hFile, DWORD64 RawAddressToCopy, DWORD64 Size, char* szDumpFileName)
{
@ -649,7 +649,7 @@ __declspec(dllexport) bool TITCALL StaticRawMemoryCopyEx64(HANDLE hFile, DWORD64
}
else
{
return(false);
return false;
}
}
__declspec(dllexport) bool TITCALL StaticRawMemoryCopyEx64W(HANDLE hFile, DWORD64 RawAddressToCopy, DWORD64 Size, wchar_t* szDumpFileName)
@ -722,7 +722,7 @@ __declspec(dllexport) bool TITCALL StaticRawMemoryCopyEx64W(HANDLE hFile, DWORD6
EngineCloseHandle(hReadFile);
EngineCloseHandle(hWriteFile);
VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE);
return(true);
return true;
}
else
{
@ -733,7 +733,7 @@ __declspec(dllexport) bool TITCALL StaticRawMemoryCopyEx64W(HANDLE hFile, DWORD6
}
EngineCloseHandle(hReadFile);
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL StaticHashMemory(void* MemoryToHash, DWORD SizeOfMemory, void* HashDigest, bool OutputString, int Algorithm)
{
@ -756,7 +756,7 @@ __declspec(dllexport) bool TITCALL StaticHashMemory(void* MemoryToHash, DWORD Si
{
if(!CryptAcquireContext(&hProv, NULL, NULL, PROV_RSA_FULL, CRYPT_NEWKEYSET))
{
return(false);
return false;
}
}
if(Algorithm == UE_STATIC_HASH_MD5)
@ -770,7 +770,7 @@ __declspec(dllexport) bool TITCALL StaticHashMemory(void* MemoryToHash, DWORD Si
if(!CryptCreateHash(hProv, hashAlgo, NULL, NULL, &hHash))
{
CryptReleaseContext(hProv, NULL);
return(false);
return false;
}
else
{
@ -778,7 +778,7 @@ __declspec(dllexport) bool TITCALL StaticHashMemory(void* MemoryToHash, DWORD Si
{
CryptReleaseContext(hProv, NULL);
CryptDestroyHash(hHash);
return(false);
return false;
}
}
if(Algorithm == UE_STATIC_HASH_MD5)
@ -788,7 +788,7 @@ __declspec(dllexport) bool TITCALL StaticHashMemory(void* MemoryToHash, DWORD Si
{
CryptDestroyHash(hHash);
CryptReleaseContext(hProv, NULL);
return(false);
return false;
}
else
{
@ -811,11 +811,11 @@ __declspec(dllexport) bool TITCALL StaticHashMemory(void* MemoryToHash, DWORD Si
{
CryptDestroyHash(hHash);
CryptReleaseContext(hProv, NULL);
return(false);
return false;
}
CryptDestroyHash(hHash);
CryptReleaseContext(hProv, NULL);
return(true);
return true;
}
}
else if(Algorithm == UE_STATIC_HASH_SHA1)
@ -825,7 +825,7 @@ __declspec(dllexport) bool TITCALL StaticHashMemory(void* MemoryToHash, DWORD Si
{
CryptDestroyHash(hHash);
CryptReleaseContext(hProv, NULL);
return(false);
return false;
}
else
{
@ -849,11 +849,11 @@ __declspec(dllexport) bool TITCALL StaticHashMemory(void* MemoryToHash, DWORD Si
{
CryptDestroyHash(hHash);
CryptReleaseContext(hProv, NULL);
return(false);
return false;
}
CryptDestroyHash(hHash);
CryptReleaseContext(hProv, NULL);
return(true);
return true;
}
}
}
@ -869,9 +869,9 @@ __declspec(dllexport) bool TITCALL StaticHashMemory(void* MemoryToHash, DWORD Si
{
RtlMoveMemory(HashDigest, &crc32, sizeof crc32);
}
return(true);
return true;
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL StaticHashFile(char* szFileName, char* HashDigest, bool OutputString, int Algorithm)
{
@ -885,7 +885,7 @@ __declspec(dllexport) bool TITCALL StaticHashFile(char* szFileName, char* HashDi
}
else
{
return(false);
return false;
}
}
__declspec(dllexport) bool TITCALL StaticHashFileW(wchar_t* szFileName, char* HashDigest, bool OutputString, int Algorithm)
@ -909,7 +909,7 @@ __declspec(dllexport) bool TITCALL StaticHashFileW(wchar_t* szFileName, char* Ha
hFile = CreateFileW(szFileName, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_FLAG_SEQUENTIAL_SCAN, NULL);
if(hFile == INVALID_HANDLE_VALUE || HashDigest == NULL)
{
return(false);
return false;
}
if(Algorithm != UE_STATIC_HASH_CRC32)
{
@ -918,7 +918,7 @@ __declspec(dllexport) bool TITCALL StaticHashFileW(wchar_t* szFileName, char* Ha
if(!CryptAcquireContext(&hProv, NULL, NULL, PROV_RSA_FULL, CRYPT_NEWKEYSET))
{
CloseHandle(hFile);
return(false);
return false;
}
}
if(Algorithm == UE_STATIC_HASH_MD5)
@ -933,7 +933,7 @@ __declspec(dllexport) bool TITCALL StaticHashFileW(wchar_t* szFileName, char* Ha
{
CloseHandle(hFile);
CryptReleaseContext(hProv, NULL);
return(false);
return false;
}
while(bResult)
{
@ -950,7 +950,7 @@ __declspec(dllexport) bool TITCALL StaticHashFileW(wchar_t* szFileName, char* Ha
CryptReleaseContext(hProv, NULL);
CryptDestroyHash(hHash);
CloseHandle(hFile);
return(false);
return false;
}
}
if(!bResult)
@ -958,7 +958,7 @@ __declspec(dllexport) bool TITCALL StaticHashFileW(wchar_t* szFileName, char* Ha
CryptReleaseContext(hProv, NULL);
CryptDestroyHash(hHash);
CloseHandle(hFile);
return(false);
return false;
}
if(Algorithm == UE_STATIC_HASH_MD5)
{
@ -968,7 +968,7 @@ __declspec(dllexport) bool TITCALL StaticHashFileW(wchar_t* szFileName, char* Ha
CryptDestroyHash(hHash);
CryptReleaseContext(hProv, NULL);
CloseHandle(hFile);
return(false);
return false;
}
else
{
@ -992,12 +992,12 @@ __declspec(dllexport) bool TITCALL StaticHashFileW(wchar_t* szFileName, char* Ha
CryptDestroyHash(hHash);
CryptReleaseContext(hProv, NULL);
CloseHandle(hFile);
return(false);
return false;
}
CryptDestroyHash(hHash);
CryptReleaseContext(hProv, NULL);
CloseHandle(hFile);
return(true);
return true;
}
}
else if(Algorithm == UE_STATIC_HASH_SHA1)
@ -1008,7 +1008,7 @@ __declspec(dllexport) bool TITCALL StaticHashFileW(wchar_t* szFileName, char* Ha
CryptDestroyHash(hHash);
CryptReleaseContext(hProv, NULL);
CloseHandle(hFile);
return(false);
return false;
}
else
{
@ -1033,12 +1033,12 @@ __declspec(dllexport) bool TITCALL StaticHashFileW(wchar_t* szFileName, char* Ha
CryptDestroyHash(hHash);
CryptReleaseContext(hProv, NULL);
CloseHandle(hFile);
return(false);
return false;
}
CryptDestroyHash(hHash);
CryptReleaseContext(hProv, NULL);
CloseHandle(hFile);
return(true);
return true;
}
}
}
@ -1066,8 +1066,8 @@ __declspec(dllexport) bool TITCALL StaticHashFileW(wchar_t* szFileName, char* Ha
RtlMoveMemory(HashDigest, &crc32, sizeof crc32);
}
CloseHandle(hFile);
return(true);
return true;
}
CloseHandle(hFile);
return(false);
return false;
}

132
TitanEngine/TitanEngine.TLS.cpp
View File

@ -28,11 +28,11 @@ __declspec(dllexport) bool TITCALL TLSBreakOnCallBack(LPVOID ArrayOfCallBacks, D
}
engineTLSBreakOnCallBackAddress = (ULONG_PTR)bpxCallBack;
engineTLSBreakOnCallBack = true;
return(true);
return true;
}
else
{
return(false);
return false;
}
}
__declspec(dllexport) bool TITCALL TLSGrabCallBackData(char* szFileName, LPVOID ArrayOfCallBacks, LPDWORD NumberOfCallBacks)
@ -47,7 +47,7 @@ __declspec(dllexport) bool TITCALL TLSGrabCallBackData(char* szFileName, LPVOID
}
else
{
return(false);
return false;
}
}
__declspec(dllexport) bool TITCALL TLSGrabCallBackDataW(wchar_t* szFileName, LPVOID ArrayOfCallBacks, LPDWORD NumberOfCallBacks)
@ -86,7 +86,7 @@ __declspec(dllexport) bool TITCALL TLSGrabCallBackDataW(wchar_t* szFileName, LPV
else
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
if(!FileIs64)
{
@ -106,20 +106,20 @@ __declspec(dllexport) bool TITCALL TLSGrabCallBackDataW(wchar_t* szFileName, LPV
}
*NumberOfCallBacks = NumberOfTLSCallBacks;
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(true);
return true;
}
else
{
*NumberOfCallBacks = NULL;
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
}
else
{
*NumberOfCallBacks = NULL;
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
}
else
@ -140,20 +140,20 @@ __declspec(dllexport) bool TITCALL TLSGrabCallBackDataW(wchar_t* szFileName, LPV
}
*NumberOfCallBacks = NumberOfTLSCallBacks;
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(true);
return true;
}
else
{
*NumberOfCallBacks = NULL;
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
}
else
{
*NumberOfCallBacks = NULL;
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
}
}
@ -161,10 +161,10 @@ __declspec(dllexport) bool TITCALL TLSGrabCallBackDataW(wchar_t* szFileName, LPV
{
*NumberOfCallBacks = NULL;
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL TLSBreakOnCallBackEx(char* szFileName, LPVOID bpxCallBack)
{
@ -178,7 +178,7 @@ __declspec(dllexport) bool TITCALL TLSBreakOnCallBackEx(char* szFileName, LPVOID
}
else
{
return(false);
return false;
}
}
__declspec(dllexport) bool TITCALL TLSBreakOnCallBackExW(wchar_t* szFileName, LPVOID bpxCallBack)
@ -193,16 +193,16 @@ __declspec(dllexport) bool TITCALL TLSBreakOnCallBackExW(wchar_t* szFileName, LP
if(TLSGrabCallBackDataW(szFileName, &TlsArrayOfCallBacks, &TlsNumberOfCallBacks))
{
TLSBreakOnCallBack(&TlsArrayOfCallBacks, TlsNumberOfCallBacks, bpxCallBack);
return(true);
return true;
}
else
{
return(false);
return false;
}
}
else
{
return(false);
return false;
}
}
__declspec(dllexport) bool TITCALL TLSRemoveCallback(char* szFileName)
@ -217,7 +217,7 @@ __declspec(dllexport) bool TITCALL TLSRemoveCallback(char* szFileName)
}
else
{
return(false);
return false;
}
}
__declspec(dllexport) bool TITCALL TLSRemoveCallbackW(wchar_t* szFileName)
@ -253,7 +253,7 @@ __declspec(dllexport) bool TITCALL TLSRemoveCallbackW(wchar_t* szFileName)
else
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
if(!FileIs64)
{
@ -267,24 +267,24 @@ __declspec(dllexport) bool TITCALL TLSRemoveCallbackW(wchar_t* szFileName)
{
TLSDirectoryX86->AddressOfCallBacks = NULL;
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(true);
return true;
}
else
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
}
else
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
}
else
@ -299,34 +299,34 @@ __declspec(dllexport) bool TITCALL TLSRemoveCallbackW(wchar_t* szFileName)
{
TLSDirectoryX64->AddressOfCallBacks = NULL;
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(true);
return true;
}
else
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
}
else
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
}
}
else
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL TLSRemoveTable(char* szFileName)
{
@ -340,7 +340,7 @@ __declspec(dllexport) bool TITCALL TLSRemoveTable(char* szFileName)
}
else
{
return(false);
return false;
}
}
__declspec(dllexport) bool TITCALL TLSRemoveTableW(wchar_t* szFileName)
@ -376,7 +376,7 @@ __declspec(dllexport) bool TITCALL TLSRemoveTableW(wchar_t* szFileName)
else
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
if(!FileIs64)
{
@ -390,18 +390,18 @@ __declspec(dllexport) bool TITCALL TLSRemoveTableW(wchar_t* szFileName)
PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].Size = NULL;
RtlZeroMemory(TLSDirectoryX86, sizeof IMAGE_TLS_DIRECTORY32);
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(true);
return true;
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
}
else
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
}
else
@ -416,28 +416,28 @@ __declspec(dllexport) bool TITCALL TLSRemoveTableW(wchar_t* szFileName)
PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].Size = NULL;
RtlZeroMemory(TLSDirectoryX64, sizeof IMAGE_TLS_DIRECTORY64);
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(true);
return true;
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
}
else
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
}
}
else
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL TLSBackupData(char* szFileName)
{
@ -451,7 +451,7 @@ __declspec(dllexport) bool TITCALL TLSBackupData(char* szFileName)
}
else
{
return(false);
return false;
}
}
__declspec(dllexport) bool TITCALL TLSBackupDataW(wchar_t* szFileName)
@ -496,7 +496,7 @@ __declspec(dllexport) bool TITCALL TLSBackupDataW(wchar_t* szFileName)
else
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
if(!FileIs64)
{
@ -521,27 +521,27 @@ __declspec(dllexport) bool TITCALL TLSBackupDataW(wchar_t* szFileName)
}
*NumberOfCallBacks = NumberOfTLSCallBacks;
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(true);
return true;
}
else
{
*NumberOfCallBacks = NULL;
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
*NumberOfCallBacks = NULL;
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
}
else
{
*NumberOfCallBacks = NULL;
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
}
else
@ -567,27 +567,27 @@ __declspec(dllexport) bool TITCALL TLSBackupDataW(wchar_t* szFileName)
}
*NumberOfCallBacks = NumberOfTLSCallBacks;
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(true);
return true;
}
else
{
*NumberOfCallBacks = NULL;
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
*NumberOfCallBacks = NULL;
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
}
else
{
*NumberOfCallBacks = NULL;
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
}
}
@ -595,10 +595,10 @@ __declspec(dllexport) bool TITCALL TLSBackupDataW(wchar_t* szFileName)
{
*NumberOfCallBacks = NULL;
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return(false);
return false;
}
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL TLSRestoreData()
{
@ -616,13 +616,13 @@ __declspec(dllexport) bool TITCALL TLSRestoreData()
if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)(engineBackupTLSDataX64.AddressOfCallBacks + GetDebuggedFileBaseAddress()), engineBackupArrayOfCallBacks, sizeof IMAGE_TLS_DIRECTORY64, &ueNumberOfBytesRead))
{
engineBackupTLSAddress = NULL;
return(true);
return true;
}
}
else
{
engineBackupTLSAddress = NULL;
return(true);
return true;
}
}
}
@ -635,18 +635,18 @@ __declspec(dllexport) bool TITCALL TLSRestoreData()
if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)(engineBackupTLSDataX86.AddressOfCallBacks + GetDebuggedFileBaseAddress()), engineBackupArrayOfCallBacks, sizeof IMAGE_TLS_DIRECTORY32, &ueNumberOfBytesRead))
{
engineBackupTLSAddress = NULL;
return(true);
return true;
}
}
else
{
engineBackupTLSAddress = NULL;
return(true);
return true;
}
}
}
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL TLSBuildNewTable(ULONG_PTR FileMapVA, ULONG_PTR StorePlace, ULONG_PTR StorePlaceRVA, LPVOID ArrayOfCallBacks, DWORD NumberOfCallBacks)
{
@ -676,7 +676,7 @@ __declspec(dllexport) bool TITCALL TLSBuildNewTable(ULONG_PTR FileMapVA, ULONG_P
}
else
{
return(false);
return false;
}
if(!FileIs64)
{
@ -690,11 +690,11 @@ __declspec(dllexport) bool TITCALL TLSBuildNewTable(ULONG_PTR FileMapVA, ULONG_P
TLSDirectoryX86->AddressOfIndex = (DWORD)TLSWriteData + 0x14;
TLSDirectoryX86->AddressOfCallBacks = (DWORD)TLSWriteData + sizeof IMAGE_TLS_DIRECTORY32 + 8;
RtlMoveMemory((LPVOID)(StorePlace + sizeof IMAGE_TLS_DIRECTORY32 + 8), ArrayOfCallBacks, NumberOfCallBacks * 4);
return(true);
return true;
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
return(false);
return false;
}
}
else
@ -709,20 +709,20 @@ __declspec(dllexport) bool TITCALL TLSBuildNewTable(ULONG_PTR FileMapVA, ULONG_P
TLSDirectoryX64->AddressOfIndex = TLSWriteData + 0x28;
TLSDirectoryX64->AddressOfCallBacks = TLSWriteData + sizeof IMAGE_TLS_DIRECTORY64 + 12;
RtlMoveMemory((LPVOID)(StorePlace + sizeof IMAGE_TLS_DIRECTORY64 + 12), ArrayOfCallBacks, NumberOfCallBacks * 8);
return(true);
return true;
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
return(false);
return false;
}
}
}
else
{
return(false);
return false;
}
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL TLSBuildNewTableEx(char* szFileName, char* szSectionName, LPVOID ArrayOfCallBacks, DWORD NumberOfCallBacks)
{
@ -736,7 +736,7 @@ __declspec(dllexport) bool TITCALL TLSBuildNewTableEx(char* szFileName, char* sz
}
else
{
return(false);
return false;
}
}
__declspec(dllexport) bool TITCALL TLSBuildNewTableExW(wchar_t* szFileName, char* szSectionName, LPVOID ArrayOfCallBacks, DWORD NumberOfCallBacks)
@ -760,15 +760,15 @@ __declspec(dllexport) bool TITCALL TLSBuildNewTableExW(wchar_t* szFileName, char
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
if(ReturnValue)
{
return(true);
return true;
}
else
{
return(false);
return false;
}
}
else
{
return(false);
return false;
}
}

68
TitanEngine/TitanEngine.Threader.cpp
View File

@ -43,10 +43,10 @@ __declspec(dllexport) bool TITCALL ThreaderImportRunningThreadData(DWORD Process
while(Thread32Next(hSnapShot, &ThreadEntry));
}
EngineCloseHandle(hSnapShot);
return(true);
return true;
}
}
return(false);
return false;
}
__declspec(dllexport) void* TITCALL ThreaderGetThreadInfo(HANDLE hThread, DWORD ThreadId)
{
@ -123,20 +123,20 @@ __declspec(dllexport) bool TITCALL ThreaderPauseThread(HANDLE hThread)
{
if(SuspendThread(hThread) != -1)
{
return(true);
return true;
}
else
{
return(false);
return false;
}
}
else
{
return(false);
return false;
}
}
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL ThreaderResumeThread(HANDLE hThread)
{
@ -155,20 +155,20 @@ __declspec(dllexport) bool TITCALL ThreaderResumeThread(HANDLE hThread)
{
if(ResumeThread(hThread) != -1)
{
return(true);
return true;
}
else
{
return(false);
return false;
}
}
else
{
return(false);
return false;
}
}
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL ThreaderTerminateThread(HANDLE hThread, DWORD ThreadExitCode)
{
@ -191,20 +191,20 @@ __declspec(dllexport) bool TITCALL ThreaderTerminateThread(HANDLE hThread, DWORD
hListThreadPtr->dwThreadId = NULL;
hListThreadPtr->ThreadLocalBase = NULL;
hListThreadPtr->ThreadStartAddress = NULL;
return(true);
return true;
}
else
{
return(false);
return false;
}
}
else
{
return(false);
return false;
}
}
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL ThreaderPauseAllThreads(bool LeaveMainRunning)
{
@ -228,9 +228,9 @@ __declspec(dllexport) bool TITCALL ThreaderPauseAllThreads(bool LeaveMainRunning
}
hListThreadPtr = (PTHREAD_ITEM_DATA)((ULONG_PTR)hListThreadPtr + sizeof THREAD_ITEM_DATA);
}
return(true);
return true;
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL ThreaderResumeAllThreads(bool LeaveMainPaused)
{
@ -254,9 +254,9 @@ __declspec(dllexport) bool TITCALL ThreaderResumeAllThreads(bool LeaveMainPaused
}
hListThreadPtr = (PTHREAD_ITEM_DATA)((ULONG_PTR)hListThreadPtr + sizeof THREAD_ITEM_DATA);
}
return(true);
return true;
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL ThreaderPauseProcess()
{
@ -298,14 +298,14 @@ __declspec(dllexport) bool TITCALL ThreaderInjectAndExecuteCode(LPVOID InjectCod
if(WriteProcessMemory(dbgProcessInformation.hProcess, ThreadBase, InjectCode, InjectSize, &ueNumberOfBytesRead))
{
ThreaderCreateRemoteThread((ULONG_PTR)((ULONG_PTR)InjectCode + StartDelta), true, NULL, NULL);
return(true);
return true;
}
else
{
return(false);
return false;
}
}
return(false);
return false;
}
__declspec(dllexport) long long TITCALL ThreaderCreateRemoteThreadEx(HANDLE hProcess, ULONG_PTR ThreadStartAddress, bool AutoCloseTheHandle, LPVOID ThreadPassParameter, LPDWORD ThreadId)
{
@ -339,14 +339,14 @@ __declspec(dllexport) bool TITCALL ThreaderInjectAndExecuteCodeEx(HANDLE hProces
if(WriteProcessMemory(hProcess, ThreadBase, InjectCode, InjectSize, &ueNumberOfBytesRead))
{
ThreaderCreateRemoteThread((ULONG_PTR)((ULONG_PTR)InjectCode + StartDelta), true, NULL, NULL);
return(true);
return true;
}
else
{
return(false);
return false;
}
}
return(false);
return false;
}
__declspec(dllexport) void TITCALL ThreaderSetCallBackForNextExitThreadEvent(LPVOID exitThreadCallBack)
{
@ -361,11 +361,11 @@ __declspec(dllexport) bool TITCALL ThreaderIsThreadStillRunning(HANDLE hThread)
myDBGContext.ContextFlags = CONTEXT_ALL;
if(GetThreadContext(hThread, &myDBGContext))
{
return(true);
return true;
}
else
{
return(false);
return false;
}
}
__declspec(dllexport) bool TITCALL ThreaderIsThreadActive(HANDLE hThread)
@ -373,9 +373,9 @@ __declspec(dllexport) bool TITCALL ThreaderIsThreadActive(HANDLE hThread)
if(SuspendThread(hThread)) //if previous suspend count is above 0 (which means thread is suspended)
{
ResumeThread(hThread); //decrement suspend count
return(true);
return true;
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL ThreaderIsAnyThreadActive()
{
@ -390,13 +390,13 @@ __declspec(dllexport) bool TITCALL ThreaderIsAnyThreadActive()
{
if(ThreaderIsThreadActive(hListThreadPtr->hThread))
{
return(true);
return true;
}
}
hListThreadPtr = (PTHREAD_ITEM_DATA)((ULONG_PTR)hListThreadPtr + sizeof THREAD_ITEM_DATA);
}
}
return(false);
return false;
}
__declspec(dllexport) bool TITCALL ThreaderExecuteOnlyInjectedThreads()
{
@ -404,9 +404,9 @@ __declspec(dllexport) bool TITCALL ThreaderExecuteOnlyInjectedThreads()
if(ThreaderPauseProcess())
{
engineResumeProcessIfNoThreadIsActive = true;
return(true);
return true;
}
return(false);
return false;
}
__declspec(dllexport) long long TITCALL ThreaderGetOpenHandleForThread(DWORD ThreadId)
{
@ -438,7 +438,7 @@ __declspec(dllexport) bool TITCALL ThreaderIsExceptionInMainThread()
myDBGEvent = (LPDEBUG_EVENT)GetDebugData();
if(myDBGEvent->dwThreadId == dbgProcessInformation.dwThreadId)
{
return(true);
return true;
}
return(false);
return false;
}

2
TitanEngine/TitanEngine.cbp
View File

@ -72,6 +72,8 @@
<Unit filename="Global.Engine.Hook.h" />
<Unit filename="Global.Engine.Simplification.cpp" />
<Unit filename="Global.Engine.Simplification.h" />
<Unit filename="Global.Engine.Threading.cpp" />
<Unit filename="Global.Engine.Threading.h" />
<Unit filename="Global.Engine.cpp" />
<Unit filename="Global.Engine.h" />
<Unit filename="Global.Garbage.cpp" />

1
TitanEngine/TitanEngine.def
View File

@ -88,7 +88,6 @@ StopDebug
SetBPXOptions
IsBPXEnabled
SetBPX
SetBPXEx
DisableBPX
EnableBPX
DeleteBPX

7
TitanEngine/definitions.h
View File

@ -169,12 +169,11 @@ __declspec(dllexport) bool TITCALL IsBPXEnabled(ULONG_PTR bpxAddress);
__declspec(dllexport) bool TITCALL EnableBPX(ULONG_PTR bpxAddress);
__declspec(dllexport) bool TITCALL DisableBPX(ULONG_PTR bpxAddress);
__declspec(dllexport) bool TITCALL SetBPX(ULONG_PTR bpxAddress, DWORD bpxType, LPVOID bpxCallBack);
__declspec(dllexport) bool TITCALL SetBPXEx(ULONG_PTR bpxAddress, DWORD bpxType, DWORD NumberOfExecution, DWORD CmpRegister, DWORD CmpCondition, ULONG_PTR CmpValue, LPVOID bpxCallBack, LPVOID bpxCompareCallBack, LPVOID bpxRemoveCallBack);
__declspec(dllexport) bool TITCALL DeleteBPX(ULONG_PTR bpxAddress);
__declspec(dllexport) bool TITCALL SafeDeleteBPX(ULONG_PTR bpxAddress);
__declspec(dllexport) bool TITCALL SetAPIBreakPoint(char* szDLLName, char* szAPIName, DWORD bpxType, DWORD bpxPlace, LPVOID bpxCallBack);
__declspec(dllexport) bool TITCALL DeleteAPIBreakPoint(char* szDLLName, char* szAPIName, DWORD bpxPlace);
__declspec(dllexport) bool TITCALL SafeDeleteAPIBreakPoint(char* szDLLName, char* szAPIName, DWORD bpxPlace);
__declspec(dllexport) bool TITCALL SetAPIBreakPoint(const char* szDLLName, const char* szAPIName, DWORD bpxType, DWORD bpxPlace, LPVOID bpxCallBack);
__declspec(dllexport) bool TITCALL DeleteAPIBreakPoint(const char* szDLLName, const char* szAPIName, DWORD bpxPlace);
__declspec(dllexport) bool TITCALL SafeDeleteAPIBreakPoint(const char* szDLLName, const char* szAPIName, DWORD bpxPlace);
__declspec(dllexport) bool TITCALL SetMemoryBPX(ULONG_PTR MemoryStart, SIZE_T SizeOfMemory, LPVOID bpxCallBack);
__declspec(dllexport) bool TITCALL SetMemoryBPXEx(ULONG_PTR MemoryStart, SIZE_T SizeOfMemory, DWORD BreakPointType, bool RestoreOnHit, LPVOID bpxCallBack);
__declspec(dllexport) bool TITCALL RemoveMemoryBPX(ULONG_PTR MemoryStart, SIZE_T SizeOfMemory);

9
TitanEngine/stdafx.h
View File

@ -115,18 +115,11 @@ typedef struct
BYTE BreakPointActive;
ULONG_PTR BreakPointAddress;
SIZE_T BreakPointSize;
BYTE OriginalByte[10];
BYTE OriginalByte[UE_MAX_BREAKPOINT_SIZE];
int BreakPointType;
int AdvancedBreakPointType;
int MemoryBpxRestoreOnHit;
DWORD NumberOfExecutions;
DWORD CmpRegister;
int CmpCondition;
ULONG_PTR CmpValue;
ULONG_PTR ExecuteCallBack;
ULONG_PTR CompareCallBack;
ULONG_PTR RemoveCallBack;
DWORD UniqueLinkId;
} BreakPointDetail, *PBreakPointDetail;
typedef struct