x64dbg
/
TitanEngine
mirror of https://github.com/x64dbg/TitanEngine
1
0
Fork 0
Code Releases Activity

- heap flags are now hidden

This commit is contained in:
mr.exodia 2014-03-04 23:31:16 +01:00
parent e265f498d0
commit 9502654a71
1 changed files with 25 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
TitanEngine/Global.Engine.Hider.cpp
View File

@ -19,8 +19,13 @@ static bool isAtleastVista()
return isAtleastVista;
}
static bool isWindows64()
static bool isWindows64() //TODO: unclear behaviour, will return true when on wow64, but should not return true, because the system structures are x32 in that case
{
#ifdef _WIN64
return true;
#else
return false;
#endif;
SYSTEM_INFO si = {0};
typedef void (WINAPI *tGetNativeSystemInfo)(LPSYSTEM_INFO lpSystemInfo);
tGetNativeSystemInfo _GetNativeSystemInfo = (tGetNativeSystemInfo)GetProcAddress(GetModuleHandleA("kernel32.dll"), "GetNativeSystemInfo");
@ -183,6 +188,7 @@ bool FixPebInProcess(HANDLE hProcess, bool Hide)
if(Hide)
{
//TODO: backup GlobalFlag
myPEB.BeingDebugged = FALSE;
myPEB.NtGlobalFlag &= ~0x70;
@ -193,7 +199,24 @@ bool FixPebInProcess(HANDLE hProcess, bool Hide)
heapFlagsAddress = (void *)((LONG_PTR)myPEB.ProcessHeap + getHeapFlagsOffset());
heapForceFlagsAddress = (void *)((LONG_PTR)myPEB.ProcessHeap + getHeapForceFlagsOffset());
//TODO finish Heap Flag Anti-Anti-Debug
//TODO: finish Heap Flag Anti-Anti-Debug
/*
*(ULONG*)flagPtr_ &= HEAP_GROWABLE;
*(ULONG*)forceFlagPtr_ = 0;
*/
//TODO: backup heap flags
ULONG flagPtr_=0;
ReadProcessMemory(hProcess, heapFlagsAddress, &flagPtr_, sizeof(ULONG), 0);
ULONG forceFlagPtr_=0;
ReadProcessMemory(hProcess, heapForceFlagsAddress, &forceFlagPtr_, sizeof(ULONG), 0);
flagPtr_&=HEAP_GROWABLE;
forceFlagPtr_=0;
WriteProcessMemory(hProcess, heapFlagsAddress, &flagPtr_, sizeof(ULONG), 0);
WriteProcessMemory(hProcess, heapForceFlagsAddress, &forceFlagPtr_, sizeof(ULONG), 0);
}
else
{