x64dbg
/
TitanEngine
mirror of https://github.com/x64dbg/TitanEngine
1
0
Fork 0
Code Releases Activity

- resolved issue #22 (dll debugging not working) 

- resolved hanging functions in TitanEngine.PE.*
- fixed issues with differences between debug and release builds (caused crashes)
This commit is contained in:
Mr. eXoDia 2014-03-09 22:40:18 +01:00
parent c51b7ac6bb
commit 97e00e86a4
16 changed files with 295 additions and 391 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
TitanEngine/Global.Debugger.cpp
View File

@ -35,6 +35,7 @@ DWORD DBGCode = DBG_CONTINUE;
bool engineFileIsBeingDebugged = false;
ULONG_PTR engineFakeDLLHandle = NULL;
LPVOID engineAttachedProcessDebugInfo = NULL;
wchar_t szDebuggerName[512];
// Global.Debugger.functions:
long DebugLoopInSecondThread(LPVOID InputParameter)

1
TitanEngine/Global.Debugger.h
View File

@ -35,6 +35,7 @@ extern DWORD DBGCode;
extern bool engineFileIsBeingDebugged;
extern ULONG_PTR engineFakeDLLHandle;
extern LPVOID engineAttachedProcessDebugInfo;
extern wchar_t szDebuggerName[512];
long DebugLoopInSecondThread(LPVOID InputParameter);
void DebuggerReset();

112
TitanEngine/Global.Engine.cpp
View File

@ -51,6 +51,7 @@ void EngineInit()
{
lstrcpyW(engineSzEngineGarbageFolder, engineSzEngineFolder);
lstrcatW(engineSzEngineGarbageFolder, L"garbage\\");
CreateDirectoryW(engineSzEngineGarbageFolder, 0);
}
EngineInitPlugins(engineSzEngineFolder);
}
@ -152,80 +153,53 @@ char* EngineExtractFileName(char* szFileName)
return(engineExtractedFileName);
}
bool EngineCreatePathForFile(char* szFileName)
void EngineCreatePathForFile(char* szFileName)
{
int i,j;
char szFolderName[2 * MAX_PATH] = {};
char szCreateFolder[2 * MAX_PATH] = {};
if(engineCreatePathForFiles)
int len=lstrlenA(szFileName);
while(szFileName[len]!='\\' && len)
len--;
char szFolderName[MAX_PATH]="";
lstrcpyA(szFolderName, szFileName);
if(len)
szFolderName[len+1]='\0';
else //just a filename
return;
lstrcatA(szFolderName, "\\");
len=lstrlenA(szFolderName);
char szCreateFolder[MAX_PATH]="";
for(int i=3; i<len; i++)
{
i = lstrlenA(szFileName);
while(szFileName[i] != '\\' && i > NULL)
if(szFolderName[i]=='\\')
{
i--;
}
if(i != NULL)
{
RtlMoveMemory(szFolderName, szFileName, i + 1);
if(!CreateDirectoryA(szFolderName, NULL))
{
if(GetLastError() != ERROR_ALREADY_EXISTS)
{
j = lstrlenA(szFolderName);
for(i = 4; i < j; i++)
{
if(szFileName[i] == '\\')
{
RtlZeroMemory(szCreateFolder, 2 * MAX_PATH);
RtlCopyMemory(szCreateFolder, szFileName, i + 1);
return !!CreateDirectoryA(szCreateFolder, NULL);
}
}
}
}
lstrcpyA(szCreateFolder, szFolderName);
szCreateFolder[i]='\0';
CreateDirectoryA(szCreateFolder, 0);
}
}
return true;
}
bool EngineCreatePathForFileW(wchar_t* szFileName)
void EngineCreatePathForFileW(wchar_t* szFileName)
{
int i,j;
wchar_t szFolderName[MAX_PATH] = {};
wchar_t szCreateFolder[MAX_PATH] = {};
if(engineCreatePathForFiles)
int len=lstrlenW(szFileName);
while(szFileName[len]!=L'\\' && len)
len--;
wchar_t szFolderName[MAX_PATH]=L"";
lstrcpyW(szFolderName, szFileName);
if(len)
szFolderName[len+1]=L'\0';
else //just a filename
return;
len=lstrlenW(szFolderName);
wchar_t szCreateFolder[MAX_PATH]=L"";
for(int i=3; i<len; i++)
{
i = lstrlenW(szFileName);
while(szFileName[i] != '\\' && i > 0)
if(szFolderName[i]=='\\')
{
i--;
}
if(i != 0)
{
RtlCopyMemory(szFolderName, szFileName, (i * 2) + 2);
if(!CreateDirectoryW(szFolderName, NULL))
{
if(GetLastError() != ERROR_ALREADY_EXISTS)
{
j = lstrlenW(szFolderName);
for(i = 4; i < j; i++)
{
if(szFileName[i] == '\\')
{
RtlZeroMemory(szCreateFolder, 2 * MAX_PATH);
RtlCopyMemory(szCreateFolder, szFileName, (i * 2) + 1);
return !!CreateDirectoryW(szCreateFolder, NULL);
}
}
}
}
lstrcpyW(szCreateFolder, szFolderName);
szCreateFolder[i]='\0';
CreateDirectoryW(szCreateFolder, 0);
}
}
return true;
}
wchar_t* EngineExtractFileNameW(wchar_t* szFileName)
@ -512,18 +486,16 @@ bool EngineExtractResource(char* szResourceName, wchar_t* szExtractedFileName)
{
ResourceSize = SizeofResource(engineHandle, hResource);
ResourceData = LockResource(hResourceGlobal);
if(EngineCreatePathForFileW(szExtractedFileName))
EngineCreatePathForFileW(szExtractedFileName);
hFile = CreateFileW(szExtractedFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
if(hFile != INVALID_HANDLE_VALUE)
{
hFile = CreateFileW(szExtractedFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
if(hFile != INVALID_HANDLE_VALUE)
if(WriteFile(hFile, ResourceData, ResourceSize, &NumberOfBytesWritten, NULL))
{
if(WriteFile(hFile, ResourceData, ResourceSize, &NumberOfBytesWritten, NULL))
{
EngineCloseHandle(hFile);
return true;
}
EngineCloseHandle(hFile);
return true;
}
EngineCloseHandle(hFile);
}
}
}

4
TitanEngine/Global.Engine.h
View File

@ -27,8 +27,8 @@ bool EngineIsThereFreeHardwareBreakSlot(LPDWORD FreeRegister);
bool EngineFileExists(char* szFileName);
char* EngineExtractPath(char* szFileName);
char* EngineExtractFileName(char* szFileName);
bool EngineCreatePathForFile(char* szFileName);
bool EngineCreatePathForFileW(wchar_t* szFileName);
void EngineCreatePathForFile(char* szFileName);
void EngineCreatePathForFileW(wchar_t* szFileName);
wchar_t* EngineExtractFileNameW(wchar_t* szFileName);
bool EngineIsPointedMemoryString(ULONG_PTR PossibleStringPtr);
int EnginePointedMemoryStringLength(ULONG_PTR PossibleStringPtr);

23
TitanEngine/Global.Garbage.cpp
View File

@ -11,24 +11,17 @@ wchar_t engineSzEngineGarbageFolder[MAX_PATH];
// Global.Garbage.functions:
bool CreateGarbageItem(void* outGargabeItem, int MaxGargabeStringSize)
{
bool Created = false;
wchar_t szGarbageItem[512];
wchar_t szGargabeItemBuff[128];
while(!Created)
{
RtlZeroMemory(&szGarbageItem, sizeof szGarbageItem);
RtlZeroMemory(&szGargabeItemBuff, sizeof szGargabeItemBuff);
srand((unsigned int)time(NULL));
wsprintfW(szGargabeItemBuff, L"Junk-%08x\\", (rand() % 128 + 1) * (rand() % 128 + 1) + (rand() % 1024 + 1));
lstrcpyW(szGarbageItem, engineSzEngineGarbageFolder);
lstrcatW(szGarbageItem, szGargabeItemBuff);
if(EngineCreatePathForFileW(szGarbageItem))
{
Created = true;
}
}
RtlZeroMemory(&szGarbageItem, sizeof szGarbageItem);
RtlZeroMemory(&szGargabeItemBuff, sizeof szGargabeItemBuff);
srand((unsigned int)time(NULL));
wsprintfW(szGargabeItemBuff, L"Junk-%08x\\", (rand() % 128 + 1) * (rand() % 128 + 1) + (rand() % 1024 + 1));
lstrcpyW(szGarbageItem, engineSzEngineGarbageFolder);
lstrcatW(szGarbageItem, szGargabeItemBuff);
EngineCreatePathForFileW(szGarbageItem);
if(lstrlenW(szGarbageItem) * 2 >= MaxGargabeStringSize)
{
RtlMoveMemory(outGargabeItem, &szGarbageItem, MaxGargabeStringSize);

35
TitanEngine/TitanEngine.Debugger.Control.cpp
View File

@ -42,39 +42,8 @@ __declspec(dllexport) void TITCALL ForceClose()
StopDebug();
}
RtlZeroMemory(&dbgProcessInformation, sizeof PROCESS_INFORMATION);
/*if(DebugDebuggingDLL)
{
RtlZeroMemory(&szTempName, sizeof szTempName);
RtlZeroMemory(&szTempFolder, sizeof szTempFolder);
if(GetTempPathW(MAX_PATH, szTempFolder) < MAX_PATH)
{
if(GetTempFileNameW(szTempFolder, L"DeleteTempFile", GetTickCount(), szTempName))
{
DeleteFileW(szTempName);
if(!MoveFileW(szDebuggerName, szTempName))
{
DeleteFileW(szDebuggerName);
}
else
{
DeleteFileW(szTempName);
}
}
RtlZeroMemory(&szTempName, sizeof szTempName);
if(GetTempFileNameW(szTempFolder, L"DeleteTempFile", GetTickCount() + 1, szTempName))
{
DeleteFileW(szTempName);
if(!MoveFileW(szReserveModuleName, szTempName))
{
DeleteFileW(szReserveModuleName);
}
else
{
DeleteFileW(szTempName);
}
}
}
}*/
if(DebugDebuggingDLL)
DeleteFileW(szDebuggerName);
DebugDebuggingDLL = false;
DebugExeFileEntryPointCallBack = NULL;
}

8
TitanEngine/TitanEngine.Debugger.Helper.cpp
View File

@ -295,7 +295,7 @@ __declspec(dllexport) long long TITCALL GetJumpDestinationEx(HANDLE hProcess, UL
}
else if(CompareMemory->DataByte[0] == 0x0F && CompareMemory->DataByte[1] >= 0x81 && CompareMemory->DataByte[1] <= 0x8F && CurrentInstructionSize == 4)
{
ReadMemData = 0;
ReadMemData = 0;
RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)ReadMemory + 2), 2);
TargetedAddress = ReadMemData + InstructionAddress + CurrentInstructionSize;
}
@ -324,7 +324,7 @@ __declspec(dllexport) long long TITCALL GetJumpDestinationEx(HANDLE hProcess, UL
}
else if(CompareMemory->DataByte[0] == 0xFF && CompareMemory->DataByte[1] != 0x64 && CompareMemory->DataByte[1] >= 0x60 && CompareMemory->DataByte[1] <= 0x67 && CurrentInstructionSize == 3)
{
ReadMemData = 0;
ReadMemData = 0;
RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)ReadMemory + 2), 1);
TargetedAddress = ReadMemData;
if(CompareMemory->DataByte[1] == 0x60)
@ -431,7 +431,7 @@ __declspec(dllexport) long long TITCALL GetJumpDestinationEx(HANDLE hProcess, UL
}
else if(CompareMemory->DataByte[0] == 0x0F && CompareMemory->DataByte[1] >= 0x81 && CompareMemory->DataByte[1] <= 0x8F && CurrentInstructionSize == 4)
{
ReadMemData = 0;
ReadMemData = 0;
RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)InstructionAddress + 2), 2);
TargetedAddress = ReadMemData + InstructionAddress + CurrentInstructionSize;
}
@ -460,7 +460,7 @@ __declspec(dllexport) long long TITCALL GetJumpDestinationEx(HANDLE hProcess, UL
}
else if(CompareMemory->DataByte[0] == 0xFF && CompareMemory->DataByte[1] != 0x64 && CompareMemory->DataByte[1] >= 0x60 && CompareMemory->DataByte[1] <= 0x67 && CurrentInstructionSize == 3)
{
ReadMemData = 0;
ReadMemData = 0;
RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)InstructionAddress + 2), 1);
TargetedAddress = ReadMemData;
if(CompareMemory->DataByte[1] == 0x60)

37
TitanEngine/TitanEngine.Debugger.cpp
View File

@ -8,7 +8,6 @@
#include <vector>
static wchar_t szBackupDebuggedFileName[512];
static wchar_t szDebuggerName[512];
// TitanEngine.Debugger.functions:
__declspec(dllexport) void* TITCALL InitDebug(char* szFileName, char* szCommandLine, char* szCurrentFolder)
@ -150,17 +149,16 @@ __declspec(dllexport) void* TITCALL InitDLLDebugW(wchar_t* szFileName, bool Rese
}
lstrcpyW(szDebuggerName, szFileName);
i = lstrlenW(szDebuggerName);
while(szDebuggerName[i] != 0x5C && i >= NULL)
while(szDebuggerName[i] != '\\' && i)
{
i--;
}
if(i > NULL)
if(i)
{
szDebuggerName[i+1] = 0x00;
#ifdef _WIN64
lstrcpyW(szDebuggerName, L"DLLLoader64.exe");
lstrcpyW(szDebuggerName+i+1, L"DLLLoader64.exe");
#else
lstrcpyW(szDebuggerName, L"DLLLoader32.exe");
lstrcpyW(szDebuggerName+i+1, L"DLLLoader32.exe");
#endif
}
else
@ -171,21 +169,10 @@ __declspec(dllexport) void* TITCALL InitDLLDebugW(wchar_t* szFileName, bool Rese
lstrcpyW(szDebuggerName, L"DLLLoader32.exe");
#endif
}
//RtlZeroMemory(&szReserveModuleName, sizeof szReserveModuleName);
//lstrcpyW(szReserveModuleName, szFileName);
//lstrcatW(szReserveModuleName, L".module");
#if defined(_WIN64)
ReturnData = EngineExtractResource("LOADERx64", szDebuggerName);
/*if(ReserveModuleBase)
{
EngineExtractResource("MODULEx64", szReserveModuleName);
}*/
ReturnData = EngineExtractResource("LOADERX64", szDebuggerName);
#else
ReturnData = EngineExtractResource("LOADERx86", szDebuggerName);
/*if(ReserveModuleBase)
{
EngineExtractResource("MODULEx86", szReserveModuleName);
}*/
ReturnData = EngineExtractResource("LOADERX86", szDebuggerName);
#endif
if(ReturnData)
{
@ -195,24 +182,14 @@ __declspec(dllexport) void* TITCALL InitDLLDebugW(wchar_t* szFileName, bool Rese
{
i--;
}
/*j = lstrlenW(szReserveModuleName);
while(szReserveModuleName[j] != 0x5C && j >= NULL)
{
j--;
}*/
DebugDebuggingDLLBase = NULL;
DebugDebuggingMainModuleBase = NULL;
DebugDebuggingDLLFullFileName = szFileName;
DebugDebuggingDLLFileName = &szFileName[i+1];
//DebugDebuggingDLLReserveFileName = &szReserveModuleName[j+1];
DebugModuleImageBase = (ULONG_PTR)GetPE32DataW(szFileName, NULL, UE_IMAGEBASE);
DebugReserveModuleBase = DebugModuleImageBase;
DebugModuleEntryPoint = (ULONG_PTR)GetPE32DataW(szFileName, NULL, UE_OEP);
DebugModuleEntryPointCallBack = EntryCallBack;
/*if(ReserveModuleBase)
{
RelocaterChangeFileBaseW(szReserveModuleName, DebugModuleImageBase);
}*/
return(InitDebugW(szDebuggerName, szCommandLine, szCurrentFolder));
}
else
@ -221,12 +198,14 @@ __declspec(dllexport) void* TITCALL InitDLLDebugW(wchar_t* szFileName, bool Rese
}
return(NULL);
}
__declspec(dllexport) bool TITCALL StopDebug()
{
if(dbgProcessInformation.hProcess != NULL)
{
TerminateThread(dbgProcessInformation.hThread, NULL);
TerminateProcess(dbgProcessInformation.hProcess, NULL);
Sleep(10); //allow thread switching
return true;
}
else

8
TitanEngine/TitanEngine.Handler.cpp
View File

@ -141,8 +141,8 @@ __declspec(dllexport) void* TITCALL HandlerGetHandleName(HANDLE hProcess, DWORD
VirtualFree(ObjectNameInfo, NULL, MEM_RELEASE);
VirtualFree(QuerySystemBuffer, NULL, MEM_RELEASE);
if(!NameFound)
if(!NameFound)
{
VirtualFree(HandleFullName, NULL, MEM_RELEASE);
return(NULL);
@ -221,8 +221,8 @@ __declspec(dllexport) void* TITCALL HandlerGetHandleNameW(HANDLE hProcess, DWORD
VirtualFree(ObjectNameInfo, NULL, MEM_RELEASE);
VirtualFree(QuerySystemBuffer, NULL, MEM_RELEASE);
if(!NameFound)
if(!NameFound)
{
VirtualFree(HandleFullName, NULL, MEM_RELEASE);
return(NULL);

76
TitanEngine/TitanEngine.PE.Overlay.cpp
View File

@ -182,56 +182,54 @@ __declspec(dllexport) bool TITCALL ExtractOverlayW(wchar_t* szFileName, wchar_t*
hFile = CreateFileW(szFileName, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
if(hFile != INVALID_HANDLE_VALUE)
{
if(EngineCreatePathForFileW(szExtactedFileName))
EngineCreatePathForFileW(szExtactedFileName);
hFileWrite = CreateFileW(szExtactedFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
if(hFileWrite != INVALID_HANDLE_VALUE)
{
hFileWrite = CreateFileW(szExtactedFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
if(hFileWrite != INVALID_HANDLE_VALUE)
SetFilePointer(hFile, OverlayStart, NULL, FILE_BEGIN);
while(OverlaySize > 0)
{
SetFilePointer(hFile, OverlayStart, NULL, FILE_BEGIN);
while(OverlaySize > 0)
RtlZeroMemory(ueReadBuffer, 0x2000);
if(OverlaySize > 0x1000)
{
RtlZeroMemory(ueReadBuffer, 0x2000);
if(OverlaySize > 0x1000)
if(ReadFile(hFile, ueReadBuffer, 0x1000, &ueNumberOfBytesRead, NULL))
{
if(ReadFile(hFile, ueReadBuffer, 0x1000, &ueNumberOfBytesRead, NULL))
{
if(!WriteFile(hFileWrite, ueReadBuffer, 0x1000, &ueNumberOfBytesRead, NULL))
return false;
}
else
{
if(!WriteFile(hFileWrite, ueReadBuffer, 0x1000, &ueNumberOfBytesRead, NULL))
return false;
}
OverlaySize = OverlaySize - 0x1000;
}
else
{
if(ReadFile(hFile, ueReadBuffer, OverlaySize, &ueNumberOfBytesRead, NULL))
{
if(!WriteFile(hFileWrite, ueReadBuffer, OverlaySize, &ueNumberOfBytesRead, NULL))
return false;
}
else
{
return false;
}
OverlaySize = 0;
return false;
}
OverlaySize = OverlaySize - 0x1000;
}
else
{
if(ReadFile(hFile, ueReadBuffer, OverlaySize, &ueNumberOfBytesRead, NULL))
{
if(!WriteFile(hFileWrite, ueReadBuffer, OverlaySize, &ueNumberOfBytesRead, NULL))
return false;
}
else
{
return false;
}
OverlaySize = 0;
}
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
EngineCloseHandle(hFile);
EngineCloseHandle(hFileWrite);
return true;
}
else
{
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
EngineCloseHandle(hFile);
return false;
}
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
EngineCloseHandle(hFile);
EngineCloseHandle(hFileWrite);
return true;
}
else
{
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
EngineCloseHandle(hFile);
return false;
}
}
}

64
TitanEngine/TitanEngine.PE.Section.cpp
View File

@ -63,25 +63,23 @@ __declspec(dllexport) bool TITCALL ExtractSectionW(wchar_t* szFileName, wchar_t*
if(SectionNumber <= PEHeader32->FileHeader.NumberOfSections)
{
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + SectionNumber * IMAGE_SIZEOF_SECTION_HEADER);
if(EngineCreatePathForFileW(szDumpFileName))
EngineCreatePathForFileW(szDumpFileName);
hFile = CreateFileW(szDumpFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
if(hFile != INVALID_HANDLE_VALUE)
{
hFile = CreateFileW(szDumpFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
if(hFile != INVALID_HANDLE_VALUE)
__try
{
__try
{
WriteFile(hFile, (LPCVOID)(FileMapVA + PESections->PointerToRawData), PESections->SizeOfRawData, &NumberOfBytesWritten, NULL);
EngineCloseHandle(hFile);
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return true;
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
EngineCloseHandle(hFile);
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
DeleteFileW(szDumpFileName);
return false;
}
WriteFile(hFile, (LPCVOID)(FileMapVA + PESections->PointerToRawData), PESections->SizeOfRawData, &NumberOfBytesWritten, NULL);
EngineCloseHandle(hFile);
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return true;
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
EngineCloseHandle(hFile);
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
DeleteFileW(szDumpFileName);
return false;
}
}
}
@ -94,25 +92,23 @@ __declspec(dllexport) bool TITCALL ExtractSectionW(wchar_t* szFileName, wchar_t*
if(SectionNumber <= PEHeader64->FileHeader.NumberOfSections)
{
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + SectionNumber * IMAGE_SIZEOF_SECTION_HEADER);
if(EngineCreatePathForFileW(szDumpFileName))
EngineCreatePathForFileW(szDumpFileName);
hFile = CreateFileW(szDumpFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
if(hFile != INVALID_HANDLE_VALUE)
{
hFile = CreateFileW(szDumpFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
if(hFile != INVALID_HANDLE_VALUE)
__try
{
__try
{
WriteFile(hFile, (LPCVOID)(FileMapVA + PESections->PointerToRawData), PESections->SizeOfRawData, &NumberOfBytesWritten, NULL);
EngineCloseHandle(hFile);
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return true;
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
EngineCloseHandle(hFile);
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
DeleteFileW(szDumpFileName);
return false;
}
WriteFile(hFile, (LPCVOID)(FileMapVA + PESections->PointerToRawData), PESections->SizeOfRawData, &NumberOfBytesWritten, NULL);
EngineCloseHandle(hFile);
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return true;
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
EngineCloseHandle(hFile);
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
DeleteFileW(szDumpFileName);
return false;
}
}
}

20
TitanEngine/TitanEngine.Resourcer.cpp
View File

@ -45,18 +45,16 @@ __declspec(dllexport) bool TITCALL ResourcerExtractResourceFromFileEx(ULONG_PTR
{
ResourceSize = SizeofResource((HMODULE)FileMapVA, hResource);
ResourceData = LockResource(hResourceGlobal);
if(EngineCreatePathForFile(szExtractedFileName))
EngineCreatePathForFile(szExtractedFileName);
hFile = CreateFileA(szExtractedFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
if(hFile != INVALID_HANDLE_VALUE)
{
hFile = CreateFileA(szExtractedFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
if(hFile != INVALID_HANDLE_VALUE)
{
WriteFile(hFile, ResourceData, ResourceSize, &NumberOfBytesWritten, NULL);
EngineCloseHandle(hFile);
}
else
{
return false;
}
WriteFile(hFile, ResourceData, ResourceSize, &NumberOfBytesWritten, NULL);
EngineCloseHandle(hFile);
}
else
{
return false;
}
}
return true;

288
TitanEngine/TitanEngine.Static.cpp
View File

@ -477,103 +477,7 @@ __declspec(dllexport) bool TITCALL StaticRawMemoryCopyW(HANDLE hFile, ULONG_PTR
ueCopyBuffer = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE);
if(ueCopyBuffer != NULL)
{
if(EngineCreatePathForFileW(szDumpFileName))
{
hWriteFile = CreateFileW(szDumpFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
if(hWriteFile != INVALID_HANDLE_VALUE)
{
if(Size < 0x1000)
{
SizeToRead = Size;
}
else
{
SizeToRead = 0x1000;
}
while((int)Size > NULL)
{
if(ReadFile(hFile, ueCopyBuffer, SizeToRead, &rfNumberOfBytesRead, NULL) && rfNumberOfBytesRead == SizeToRead)
{
WriteFile(hWriteFile, ueCopyBuffer, SizeToRead, &rfNumberOfBytesRead, NULL);
if(Size > 0x1000)
{
Size = Size - 0x1000;
}
else if(SizeToRead != Size)
{
if(ReadFile(hFile, ueCopyBuffer, Size, &rfNumberOfBytesRead, NULL) && rfNumberOfBytesRead == SizeToRead)
{
WriteFile(hWriteFile, ueCopyBuffer, Size, &rfNumberOfBytesRead, NULL);
}
else
{
WriteFile(hWriteFile, ueCopyBuffer, rfNumberOfBytesRead, &rfNumberOfBytesRead, NULL);
}
SizeToRead = Size;
Size = NULL;
}
else
{
SizeToRead = Size;
Size = NULL;
}
}
else
{
WriteFile(hWriteFile, ueCopyBuffer, rfNumberOfBytesRead, &rfNumberOfBytesRead, NULL);
Size = NULL;
}
}
EngineCloseHandle(hReadFile);
EngineCloseHandle(hWriteFile);
VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE);
return true;
}
else
{
VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE);
}
}
}
}
EngineCloseHandle(hReadFile);
}
}
return false;
}
__declspec(dllexport) bool TITCALL StaticRawMemoryCopyEx(HANDLE hFile, DWORD RawAddressToCopy, DWORD Size, char* szDumpFileName)
{
wchar_t uniFileName[MAX_PATH] = {};
if(szDumpFileName != NULL)
{
MultiByteToWideChar(CP_ACP, NULL, szDumpFileName, lstrlenA(szDumpFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
return(StaticRawMemoryCopyExW(hFile, RawAddressToCopy, Size, uniFileName));
}
else
{
return false;
}
}
__declspec(dllexport) bool TITCALL StaticRawMemoryCopyExW(HANDLE hFile, DWORD RawAddressToCopy, DWORD Size, wchar_t* szDumpFileName)
{
DWORD SizeToRead;
HANDLE hReadFile;
HANDLE hWriteFile;
LPVOID ueCopyBuffer;
DWORD rfNumberOfBytesRead;
if(DuplicateHandle(GetCurrentProcess(), hFile, GetCurrentProcess(), &hReadFile, NULL, false, DUPLICATE_SAME_ACCESS))
{
if(SetFilePointer(hReadFile, (long)(RawAddressToCopy), NULL, FILE_BEGIN) != INVALID_SET_FILE_POINTER)
{
ueCopyBuffer = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE);
if(ueCopyBuffer != NULL)
{
if(EngineCreatePathForFileW(szDumpFileName))
{
EngineCreatePathForFileW(szDumpFileName);
hWriteFile = CreateFileW(szDumpFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
if(hWriteFile != INVALID_HANDLE_VALUE)
{
@ -630,6 +534,98 @@ __declspec(dllexport) bool TITCALL StaticRawMemoryCopyExW(HANDLE hFile, DWORD Ra
}
}
}
EngineCloseHandle(hReadFile);
}
}
return false;
}
__declspec(dllexport) bool TITCALL StaticRawMemoryCopyEx(HANDLE hFile, DWORD RawAddressToCopy, DWORD Size, char* szDumpFileName)
{
wchar_t uniFileName[MAX_PATH] = {};
if(szDumpFileName != NULL)
{
MultiByteToWideChar(CP_ACP, NULL, szDumpFileName, lstrlenA(szDumpFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
return(StaticRawMemoryCopyExW(hFile, RawAddressToCopy, Size, uniFileName));
}
else
{
return false;
}
}
__declspec(dllexport) bool TITCALL StaticRawMemoryCopyExW(HANDLE hFile, DWORD RawAddressToCopy, DWORD Size, wchar_t* szDumpFileName)
{
DWORD SizeToRead;
HANDLE hReadFile;
HANDLE hWriteFile;
LPVOID ueCopyBuffer;
DWORD rfNumberOfBytesRead;
if(DuplicateHandle(GetCurrentProcess(), hFile, GetCurrentProcess(), &hReadFile, NULL, false, DUPLICATE_SAME_ACCESS))
{
if(SetFilePointer(hReadFile, (long)(RawAddressToCopy), NULL, FILE_BEGIN) != INVALID_SET_FILE_POINTER)
{
ueCopyBuffer = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE);
if(ueCopyBuffer != NULL)
{
EngineCreatePathForFileW(szDumpFileName);
hWriteFile = CreateFileW(szDumpFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
if(hWriteFile != INVALID_HANDLE_VALUE)
{
if(Size < 0x1000)
{
SizeToRead = Size;
}
else
{
SizeToRead = 0x1000;
}
while((int)Size > NULL)
{
if(ReadFile(hFile, ueCopyBuffer, SizeToRead, &rfNumberOfBytesRead, NULL) && rfNumberOfBytesRead == SizeToRead)
{
WriteFile(hWriteFile, ueCopyBuffer, SizeToRead, &rfNumberOfBytesRead, NULL);
if(Size > 0x1000)
{
Size = Size - 0x1000;
}
else if(SizeToRead != Size)
{
if(ReadFile(hFile, ueCopyBuffer, Size, &rfNumberOfBytesRead, NULL) && rfNumberOfBytesRead == SizeToRead)
{
WriteFile(hWriteFile, ueCopyBuffer, Size, &rfNumberOfBytesRead, NULL);
}
else
{
WriteFile(hWriteFile, ueCopyBuffer, rfNumberOfBytesRead, &rfNumberOfBytesRead, NULL);
}
SizeToRead = Size;
Size = NULL;
}
else
{
SizeToRead = Size;
Size = NULL;
}
}
else
{
WriteFile(hWriteFile, ueCopyBuffer, rfNumberOfBytesRead, &rfNumberOfBytesRead, NULL);
Size = NULL;
}
}
EngineCloseHandle(hReadFile);
EngineCloseHandle(hWriteFile);
VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE);
return true;
}
else
{
VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE);
}
}
}
EngineCloseHandle(hReadFile);
}
@ -670,62 +666,60 @@ __declspec(dllexport) bool TITCALL StaticRawMemoryCopyEx64W(HANDLE hFile, DWORD6
ueCopyBuffer = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE);
if(ueCopyBuffer != NULL)
{
if(EngineCreatePathForFileW(szDumpFileName))
EngineCreatePathForFileW(szDumpFileName);
hWriteFile = CreateFileW(szDumpFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
if(hWriteFile != INVALID_HANDLE_VALUE)
{
hWriteFile = CreateFileW(szDumpFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
if(hWriteFile != INVALID_HANDLE_VALUE)
if(Size < 0x1000)
{
if(Size < 0x1000)
{
SizeToRead = (DWORD)Size;
}
else
{
SizeToRead = 0x1000;
}
while(Size != NULL)
{
if(ReadFile(hFile, ueCopyBuffer, SizeToRead, &rfNumberOfBytesRead, NULL) && rfNumberOfBytesRead == SizeToRead)
{
WriteFile(hWriteFile, ueCopyBuffer, SizeToRead, &rfNumberOfBytesRead, NULL);
if(Size > 0x1000)
{
Size = Size - 0x1000;
}
else if((DWORD64)SizeToRead != Size)
{
if(ReadFile(hFile, ueCopyBuffer, (DWORD)Size, &rfNumberOfBytesRead, NULL) && rfNumberOfBytesRead == SizeToRead)
{
WriteFile(hWriteFile, ueCopyBuffer, (DWORD)Size, &rfNumberOfBytesRead, NULL);
}
else
{
WriteFile(hWriteFile, ueCopyBuffer, rfNumberOfBytesRead, &rfNumberOfBytesRead, NULL);
}
SizeToRead = (DWORD)Size;
Size = NULL;
}
else
{
SizeToRead = (DWORD)Size;
Size = NULL;
}
}
else
{
WriteFile(hWriteFile, ueCopyBuffer, rfNumberOfBytesRead, &rfNumberOfBytesRead, NULL);
Size = NULL;
}
}
EngineCloseHandle(hReadFile);
EngineCloseHandle(hWriteFile);
VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE);
return true;
SizeToRead = (DWORD)Size;
}
else
{
VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE);
SizeToRead = 0x1000;
}
while(Size != NULL)
{
if(ReadFile(hFile, ueCopyBuffer, SizeToRead, &rfNumberOfBytesRead, NULL) && rfNumberOfBytesRead == SizeToRead)
{
WriteFile(hWriteFile, ueCopyBuffer, SizeToRead, &rfNumberOfBytesRead, NULL);
if(Size > 0x1000)
{
Size = Size - 0x1000;
}
else if((DWORD64)SizeToRead != Size)
{
if(ReadFile(hFile, ueCopyBuffer, (DWORD)Size, &rfNumberOfBytesRead, NULL) && rfNumberOfBytesRead == SizeToRead)
{
WriteFile(hWriteFile, ueCopyBuffer, (DWORD)Size, &rfNumberOfBytesRead, NULL);
}
else
{
WriteFile(hWriteFile, ueCopyBuffer, rfNumberOfBytesRead, &rfNumberOfBytesRead, NULL);
}
SizeToRead = (DWORD)Size;
Size = NULL;
}
else
{
SizeToRead = (DWORD)Size;
Size = NULL;
}
}
else
{
WriteFile(hWriteFile, ueCopyBuffer, rfNumberOfBytesRead, &rfNumberOfBytesRead, NULL);
Size = NULL;
}
}
EngineCloseHandle(hReadFile);
EngineCloseHandle(hWriteFile);
VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE);
return true;
}
else
{
VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE);
}
}
}

1
TitanEngine/TitanEngine.cpp
View File

@ -22,6 +22,7 @@ BOOL APIENTRY DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
case DLL_PROCESS_DETACH:
if(lpvReserved)
ExtensionManagerPluginReleaseCallBack();
RemoveDirectoryW(engineSzEngineGarbageFolder);
break;
}
return TRUE;

2
TitanEngine/distorm.h
View File

@ -118,7 +118,7 @@ extern "C" {
typedef enum {
Decode16Bits = 0, Decode32Bits = 1, Decode64Bits = 2
}
_DecodeType;
_DecodeType;
typedef OFFSET_INTEGER _OffsetType;

6
TitanEngine/ntdll.h
View File

@ -11,7 +11,8 @@
typedef LONG NTSTATUS;
typedef LONG KPRIORITY;
typedef struct _CLIENT_ID {
typedef struct _CLIENT_ID
{
HANDLE UniqueProcess;
HANDLE UniqueThread;
} CLIENT_ID, *PCLIENT_ID;
@ -53,7 +54,8 @@ typedef struct _PROCESS_BASIC_INFORMATION
} PROCESS_BASIC_INFORMATION;
typedef PROCESS_BASIC_INFORMATION *PPROCESS_BASIC_INFORMATION;
typedef struct _THREAD_BASIC_INFORMATION {
typedef struct _THREAD_BASIC_INFORMATION
{
NTSTATUS ExitStatus;
PVOID TebBaseAddress;
CLIENT_ID ClientId;