diff --git a/TitanEngine/Global.Debugger.cpp b/TitanEngine/Global.Debugger.cpp index 220d922..49073cf 100644 --- a/TitanEngine/Global.Debugger.cpp +++ b/TitanEngine/Global.Debugger.cpp @@ -35,6 +35,7 @@ DWORD DBGCode = DBG_CONTINUE; bool engineFileIsBeingDebugged = false; ULONG_PTR engineFakeDLLHandle = NULL; LPVOID engineAttachedProcessDebugInfo = NULL; +wchar_t szDebuggerName[512]; // Global.Debugger.functions: long DebugLoopInSecondThread(LPVOID InputParameter) diff --git a/TitanEngine/Global.Debugger.h b/TitanEngine/Global.Debugger.h index 2204803..20c3419 100644 --- a/TitanEngine/Global.Debugger.h +++ b/TitanEngine/Global.Debugger.h @@ -35,6 +35,7 @@ extern DWORD DBGCode; extern bool engineFileIsBeingDebugged; extern ULONG_PTR engineFakeDLLHandle; extern LPVOID engineAttachedProcessDebugInfo; +extern wchar_t szDebuggerName[512]; long DebugLoopInSecondThread(LPVOID InputParameter); void DebuggerReset(); diff --git a/TitanEngine/Global.Engine.cpp b/TitanEngine/Global.Engine.cpp index 4ef529b..f041b2d 100644 --- a/TitanEngine/Global.Engine.cpp +++ b/TitanEngine/Global.Engine.cpp @@ -51,6 +51,7 @@ void EngineInit() { lstrcpyW(engineSzEngineGarbageFolder, engineSzEngineFolder); lstrcatW(engineSzEngineGarbageFolder, L"garbage\\"); + CreateDirectoryW(engineSzEngineGarbageFolder, 0); } EngineInitPlugins(engineSzEngineFolder); } @@ -152,80 +153,53 @@ char* EngineExtractFileName(char* szFileName) return(engineExtractedFileName); } -bool EngineCreatePathForFile(char* szFileName) +void EngineCreatePathForFile(char* szFileName) { - - int i,j; - char szFolderName[2 * MAX_PATH] = {}; - char szCreateFolder[2 * MAX_PATH] = {}; - - if(engineCreatePathForFiles) + int len=lstrlenA(szFileName); + while(szFileName[len]!='\\' && len) + len--; + char szFolderName[MAX_PATH]=""; + lstrcpyA(szFolderName, szFileName); + if(len) + szFolderName[len+1]='\0'; + else //just a filename + return; + lstrcatA(szFolderName, "\\"); + len=lstrlenA(szFolderName); + char szCreateFolder[MAX_PATH]=""; + for(int i=3; i NULL) + if(szFolderName[i]=='\\') { - i--; - } - if(i != NULL) - { - RtlMoveMemory(szFolderName, szFileName, i + 1); - if(!CreateDirectoryA(szFolderName, NULL)) - { - if(GetLastError() != ERROR_ALREADY_EXISTS) - { - j = lstrlenA(szFolderName); - for(i = 4; i < j; i++) - { - if(szFileName[i] == '\\') - { - RtlZeroMemory(szCreateFolder, 2 * MAX_PATH); - RtlCopyMemory(szCreateFolder, szFileName, i + 1); - return !!CreateDirectoryA(szCreateFolder, NULL); - } - } - } - } + lstrcpyA(szCreateFolder, szFolderName); + szCreateFolder[i]='\0'; + CreateDirectoryA(szCreateFolder, 0); } } - return true; } -bool EngineCreatePathForFileW(wchar_t* szFileName) +void EngineCreatePathForFileW(wchar_t* szFileName) { - - int i,j; - wchar_t szFolderName[MAX_PATH] = {}; - wchar_t szCreateFolder[MAX_PATH] = {}; - - if(engineCreatePathForFiles) + int len=lstrlenW(szFileName); + while(szFileName[len]!=L'\\' && len) + len--; + wchar_t szFolderName[MAX_PATH]=L""; + lstrcpyW(szFolderName, szFileName); + if(len) + szFolderName[len+1]=L'\0'; + else //just a filename + return; + len=lstrlenW(szFolderName); + wchar_t szCreateFolder[MAX_PATH]=L""; + for(int i=3; i 0) + if(szFolderName[i]=='\\') { - i--; - } - if(i != 0) - { - RtlCopyMemory(szFolderName, szFileName, (i * 2) + 2); - if(!CreateDirectoryW(szFolderName, NULL)) - { - if(GetLastError() != ERROR_ALREADY_EXISTS) - { - j = lstrlenW(szFolderName); - for(i = 4; i < j; i++) - { - if(szFileName[i] == '\\') - { - RtlZeroMemory(szCreateFolder, 2 * MAX_PATH); - RtlCopyMemory(szCreateFolder, szFileName, (i * 2) + 1); - return !!CreateDirectoryW(szCreateFolder, NULL); - } - } - } - } + lstrcpyW(szCreateFolder, szFolderName); + szCreateFolder[i]='\0'; + CreateDirectoryW(szCreateFolder, 0); } } - return true; } wchar_t* EngineExtractFileNameW(wchar_t* szFileName) @@ -512,18 +486,16 @@ bool EngineExtractResource(char* szResourceName, wchar_t* szExtractedFileName) { ResourceSize = SizeofResource(engineHandle, hResource); ResourceData = LockResource(hResourceGlobal); - if(EngineCreatePathForFileW(szExtractedFileName)) + EngineCreatePathForFileW(szExtractedFileName); + hFile = CreateFileW(szExtractedFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); + if(hFile != INVALID_HANDLE_VALUE) { - hFile = CreateFileW(szExtractedFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); - if(hFile != INVALID_HANDLE_VALUE) + if(WriteFile(hFile, ResourceData, ResourceSize, &NumberOfBytesWritten, NULL)) { - if(WriteFile(hFile, ResourceData, ResourceSize, &NumberOfBytesWritten, NULL)) - { - EngineCloseHandle(hFile); - return true; - } EngineCloseHandle(hFile); + return true; } + EngineCloseHandle(hFile); } } } diff --git a/TitanEngine/Global.Engine.h b/TitanEngine/Global.Engine.h index f1a1e52..7ab62ae 100644 --- a/TitanEngine/Global.Engine.h +++ b/TitanEngine/Global.Engine.h @@ -27,8 +27,8 @@ bool EngineIsThereFreeHardwareBreakSlot(LPDWORD FreeRegister); bool EngineFileExists(char* szFileName); char* EngineExtractPath(char* szFileName); char* EngineExtractFileName(char* szFileName); -bool EngineCreatePathForFile(char* szFileName); -bool EngineCreatePathForFileW(wchar_t* szFileName); +void EngineCreatePathForFile(char* szFileName); +void EngineCreatePathForFileW(wchar_t* szFileName); wchar_t* EngineExtractFileNameW(wchar_t* szFileName); bool EngineIsPointedMemoryString(ULONG_PTR PossibleStringPtr); int EnginePointedMemoryStringLength(ULONG_PTR PossibleStringPtr); diff --git a/TitanEngine/Global.Garbage.cpp b/TitanEngine/Global.Garbage.cpp index 75f2272..ed28236 100644 --- a/TitanEngine/Global.Garbage.cpp +++ b/TitanEngine/Global.Garbage.cpp @@ -11,24 +11,17 @@ wchar_t engineSzEngineGarbageFolder[MAX_PATH]; // Global.Garbage.functions: bool CreateGarbageItem(void* outGargabeItem, int MaxGargabeStringSize) { - - bool Created = false; wchar_t szGarbageItem[512]; wchar_t szGargabeItemBuff[128]; - while(!Created) - { - RtlZeroMemory(&szGarbageItem, sizeof szGarbageItem); - RtlZeroMemory(&szGargabeItemBuff, sizeof szGargabeItemBuff); - srand((unsigned int)time(NULL)); - wsprintfW(szGargabeItemBuff, L"Junk-%08x\\", (rand() % 128 + 1) * (rand() % 128 + 1) + (rand() % 1024 + 1)); - lstrcpyW(szGarbageItem, engineSzEngineGarbageFolder); - lstrcatW(szGarbageItem, szGargabeItemBuff); - if(EngineCreatePathForFileW(szGarbageItem)) - { - Created = true; - } - } + RtlZeroMemory(&szGarbageItem, sizeof szGarbageItem); + RtlZeroMemory(&szGargabeItemBuff, sizeof szGargabeItemBuff); + srand((unsigned int)time(NULL)); + wsprintfW(szGargabeItemBuff, L"Junk-%08x\\", (rand() % 128 + 1) * (rand() % 128 + 1) + (rand() % 1024 + 1)); + lstrcpyW(szGarbageItem, engineSzEngineGarbageFolder); + lstrcatW(szGarbageItem, szGargabeItemBuff); + EngineCreatePathForFileW(szGarbageItem); + if(lstrlenW(szGarbageItem) * 2 >= MaxGargabeStringSize) { RtlMoveMemory(outGargabeItem, &szGarbageItem, MaxGargabeStringSize); diff --git a/TitanEngine/TitanEngine.Debugger.Control.cpp b/TitanEngine/TitanEngine.Debugger.Control.cpp index a466636..5de0164 100644 --- a/TitanEngine/TitanEngine.Debugger.Control.cpp +++ b/TitanEngine/TitanEngine.Debugger.Control.cpp @@ -42,39 +42,8 @@ __declspec(dllexport) void TITCALL ForceClose() StopDebug(); } RtlZeroMemory(&dbgProcessInformation, sizeof PROCESS_INFORMATION); - /*if(DebugDebuggingDLL) - { - RtlZeroMemory(&szTempName, sizeof szTempName); - RtlZeroMemory(&szTempFolder, sizeof szTempFolder); - if(GetTempPathW(MAX_PATH, szTempFolder) < MAX_PATH) - { - if(GetTempFileNameW(szTempFolder, L"DeleteTempFile", GetTickCount(), szTempName)) - { - DeleteFileW(szTempName); - if(!MoveFileW(szDebuggerName, szTempName)) - { - DeleteFileW(szDebuggerName); - } - else - { - DeleteFileW(szTempName); - } - } - RtlZeroMemory(&szTempName, sizeof szTempName); - if(GetTempFileNameW(szTempFolder, L"DeleteTempFile", GetTickCount() + 1, szTempName)) - { - DeleteFileW(szTempName); - if(!MoveFileW(szReserveModuleName, szTempName)) - { - DeleteFileW(szReserveModuleName); - } - else - { - DeleteFileW(szTempName); - } - } - } - }*/ + if(DebugDebuggingDLL) + DeleteFileW(szDebuggerName); DebugDebuggingDLL = false; DebugExeFileEntryPointCallBack = NULL; } diff --git a/TitanEngine/TitanEngine.Debugger.Helper.cpp b/TitanEngine/TitanEngine.Debugger.Helper.cpp index 1a94e16..49f9aab 100644 --- a/TitanEngine/TitanEngine.Debugger.Helper.cpp +++ b/TitanEngine/TitanEngine.Debugger.Helper.cpp @@ -295,7 +295,7 @@ __declspec(dllexport) long long TITCALL GetJumpDestinationEx(HANDLE hProcess, UL } else if(CompareMemory->DataByte[0] == 0x0F && CompareMemory->DataByte[1] >= 0x81 && CompareMemory->DataByte[1] <= 0x8F && CurrentInstructionSize == 4) { - ReadMemData = 0; + ReadMemData = 0; RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)ReadMemory + 2), 2); TargetedAddress = ReadMemData + InstructionAddress + CurrentInstructionSize; } @@ -324,7 +324,7 @@ __declspec(dllexport) long long TITCALL GetJumpDestinationEx(HANDLE hProcess, UL } else if(CompareMemory->DataByte[0] == 0xFF && CompareMemory->DataByte[1] != 0x64 && CompareMemory->DataByte[1] >= 0x60 && CompareMemory->DataByte[1] <= 0x67 && CurrentInstructionSize == 3) { - ReadMemData = 0; + ReadMemData = 0; RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)ReadMemory + 2), 1); TargetedAddress = ReadMemData; if(CompareMemory->DataByte[1] == 0x60) @@ -431,7 +431,7 @@ __declspec(dllexport) long long TITCALL GetJumpDestinationEx(HANDLE hProcess, UL } else if(CompareMemory->DataByte[0] == 0x0F && CompareMemory->DataByte[1] >= 0x81 && CompareMemory->DataByte[1] <= 0x8F && CurrentInstructionSize == 4) { - ReadMemData = 0; + ReadMemData = 0; RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)InstructionAddress + 2), 2); TargetedAddress = ReadMemData + InstructionAddress + CurrentInstructionSize; } @@ -460,7 +460,7 @@ __declspec(dllexport) long long TITCALL GetJumpDestinationEx(HANDLE hProcess, UL } else if(CompareMemory->DataByte[0] == 0xFF && CompareMemory->DataByte[1] != 0x64 && CompareMemory->DataByte[1] >= 0x60 && CompareMemory->DataByte[1] <= 0x67 && CurrentInstructionSize == 3) { - ReadMemData = 0; + ReadMemData = 0; RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)InstructionAddress + 2), 1); TargetedAddress = ReadMemData; if(CompareMemory->DataByte[1] == 0x60) diff --git a/TitanEngine/TitanEngine.Debugger.cpp b/TitanEngine/TitanEngine.Debugger.cpp index 116abc2..f4ab0f0 100644 --- a/TitanEngine/TitanEngine.Debugger.cpp +++ b/TitanEngine/TitanEngine.Debugger.cpp @@ -8,7 +8,6 @@ #include static wchar_t szBackupDebuggedFileName[512]; -static wchar_t szDebuggerName[512]; // TitanEngine.Debugger.functions: __declspec(dllexport) void* TITCALL InitDebug(char* szFileName, char* szCommandLine, char* szCurrentFolder) @@ -150,17 +149,16 @@ __declspec(dllexport) void* TITCALL InitDLLDebugW(wchar_t* szFileName, bool Rese } lstrcpyW(szDebuggerName, szFileName); i = lstrlenW(szDebuggerName); - while(szDebuggerName[i] != 0x5C && i >= NULL) + while(szDebuggerName[i] != '\\' && i) { i--; } - if(i > NULL) + if(i) { - szDebuggerName[i+1] = 0x00; #ifdef _WIN64 - lstrcpyW(szDebuggerName, L"DLLLoader64.exe"); + lstrcpyW(szDebuggerName+i+1, L"DLLLoader64.exe"); #else - lstrcpyW(szDebuggerName, L"DLLLoader32.exe"); + lstrcpyW(szDebuggerName+i+1, L"DLLLoader32.exe"); #endif } else @@ -171,21 +169,10 @@ __declspec(dllexport) void* TITCALL InitDLLDebugW(wchar_t* szFileName, bool Rese lstrcpyW(szDebuggerName, L"DLLLoader32.exe"); #endif } - //RtlZeroMemory(&szReserveModuleName, sizeof szReserveModuleName); - //lstrcpyW(szReserveModuleName, szFileName); - //lstrcatW(szReserveModuleName, L".module"); #if defined(_WIN64) - ReturnData = EngineExtractResource("LOADERx64", szDebuggerName); - /*if(ReserveModuleBase) - { - EngineExtractResource("MODULEx64", szReserveModuleName); - }*/ + ReturnData = EngineExtractResource("LOADERX64", szDebuggerName); #else - ReturnData = EngineExtractResource("LOADERx86", szDebuggerName); - /*if(ReserveModuleBase) - { - EngineExtractResource("MODULEx86", szReserveModuleName); - }*/ + ReturnData = EngineExtractResource("LOADERX86", szDebuggerName); #endif if(ReturnData) { @@ -195,24 +182,14 @@ __declspec(dllexport) void* TITCALL InitDLLDebugW(wchar_t* szFileName, bool Rese { i--; } - /*j = lstrlenW(szReserveModuleName); - while(szReserveModuleName[j] != 0x5C && j >= NULL) - { - j--; - }*/ DebugDebuggingDLLBase = NULL; DebugDebuggingMainModuleBase = NULL; DebugDebuggingDLLFullFileName = szFileName; DebugDebuggingDLLFileName = &szFileName[i+1]; - //DebugDebuggingDLLReserveFileName = &szReserveModuleName[j+1]; DebugModuleImageBase = (ULONG_PTR)GetPE32DataW(szFileName, NULL, UE_IMAGEBASE); DebugReserveModuleBase = DebugModuleImageBase; DebugModuleEntryPoint = (ULONG_PTR)GetPE32DataW(szFileName, NULL, UE_OEP); DebugModuleEntryPointCallBack = EntryCallBack; - /*if(ReserveModuleBase) - { - RelocaterChangeFileBaseW(szReserveModuleName, DebugModuleImageBase); - }*/ return(InitDebugW(szDebuggerName, szCommandLine, szCurrentFolder)); } else @@ -221,12 +198,14 @@ __declspec(dllexport) void* TITCALL InitDLLDebugW(wchar_t* szFileName, bool Rese } return(NULL); } + __declspec(dllexport) bool TITCALL StopDebug() { if(dbgProcessInformation.hProcess != NULL) { TerminateThread(dbgProcessInformation.hThread, NULL); TerminateProcess(dbgProcessInformation.hProcess, NULL); + Sleep(10); //allow thread switching return true; } else diff --git a/TitanEngine/TitanEngine.Handler.cpp b/TitanEngine/TitanEngine.Handler.cpp index 96db42e..f812bc6 100644 --- a/TitanEngine/TitanEngine.Handler.cpp +++ b/TitanEngine/TitanEngine.Handler.cpp @@ -141,8 +141,8 @@ __declspec(dllexport) void* TITCALL HandlerGetHandleName(HANDLE hProcess, DWORD VirtualFree(ObjectNameInfo, NULL, MEM_RELEASE); VirtualFree(QuerySystemBuffer, NULL, MEM_RELEASE); - - if(!NameFound) + + if(!NameFound) { VirtualFree(HandleFullName, NULL, MEM_RELEASE); return(NULL); @@ -221,8 +221,8 @@ __declspec(dllexport) void* TITCALL HandlerGetHandleNameW(HANDLE hProcess, DWORD VirtualFree(ObjectNameInfo, NULL, MEM_RELEASE); VirtualFree(QuerySystemBuffer, NULL, MEM_RELEASE); - - if(!NameFound) + + if(!NameFound) { VirtualFree(HandleFullName, NULL, MEM_RELEASE); return(NULL); diff --git a/TitanEngine/TitanEngine.PE.Overlay.cpp b/TitanEngine/TitanEngine.PE.Overlay.cpp index d4a10cc..89f3b75 100644 --- a/TitanEngine/TitanEngine.PE.Overlay.cpp +++ b/TitanEngine/TitanEngine.PE.Overlay.cpp @@ -182,56 +182,54 @@ __declspec(dllexport) bool TITCALL ExtractOverlayW(wchar_t* szFileName, wchar_t* hFile = CreateFileW(szFileName, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); if(hFile != INVALID_HANDLE_VALUE) { - if(EngineCreatePathForFileW(szExtactedFileName)) + EngineCreatePathForFileW(szExtactedFileName); + hFileWrite = CreateFileW(szExtactedFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); + if(hFileWrite != INVALID_HANDLE_VALUE) { - hFileWrite = CreateFileW(szExtactedFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); - if(hFileWrite != INVALID_HANDLE_VALUE) + SetFilePointer(hFile, OverlayStart, NULL, FILE_BEGIN); + while(OverlaySize > 0) { - SetFilePointer(hFile, OverlayStart, NULL, FILE_BEGIN); - while(OverlaySize > 0) + RtlZeroMemory(ueReadBuffer, 0x2000); + + if(OverlaySize > 0x1000) { - RtlZeroMemory(ueReadBuffer, 0x2000); - - if(OverlaySize > 0x1000) + if(ReadFile(hFile, ueReadBuffer, 0x1000, &ueNumberOfBytesRead, NULL)) { - if(ReadFile(hFile, ueReadBuffer, 0x1000, &ueNumberOfBytesRead, NULL)) - { - if(!WriteFile(hFileWrite, ueReadBuffer, 0x1000, &ueNumberOfBytesRead, NULL)) - return false; - } - else - { + if(!WriteFile(hFileWrite, ueReadBuffer, 0x1000, &ueNumberOfBytesRead, NULL)) return false; - } - - OverlaySize = OverlaySize - 0x1000; } else { - if(ReadFile(hFile, ueReadBuffer, OverlaySize, &ueNumberOfBytesRead, NULL)) - { - if(!WriteFile(hFileWrite, ueReadBuffer, OverlaySize, &ueNumberOfBytesRead, NULL)) - return false; - } - else - { - return false; - } - - OverlaySize = 0; + return false; } + + OverlaySize = OverlaySize - 0x1000; + } + else + { + if(ReadFile(hFile, ueReadBuffer, OverlaySize, &ueNumberOfBytesRead, NULL)) + { + if(!WriteFile(hFileWrite, ueReadBuffer, OverlaySize, &ueNumberOfBytesRead, NULL)) + return false; + } + else + { + return false; + } + + OverlaySize = 0; } - VirtualFree(ueReadBuffer, NULL, MEM_RELEASE); - EngineCloseHandle(hFile); - EngineCloseHandle(hFileWrite); - return true; - } - else - { - VirtualFree(ueReadBuffer, NULL, MEM_RELEASE); - EngineCloseHandle(hFile); - return false; } + VirtualFree(ueReadBuffer, NULL, MEM_RELEASE); + EngineCloseHandle(hFile); + EngineCloseHandle(hFileWrite); + return true; + } + else + { + VirtualFree(ueReadBuffer, NULL, MEM_RELEASE); + EngineCloseHandle(hFile); + return false; } } } diff --git a/TitanEngine/TitanEngine.PE.Section.cpp b/TitanEngine/TitanEngine.PE.Section.cpp index 50678a9..4f609ef 100644 --- a/TitanEngine/TitanEngine.PE.Section.cpp +++ b/TitanEngine/TitanEngine.PE.Section.cpp @@ -63,25 +63,23 @@ __declspec(dllexport) bool TITCALL ExtractSectionW(wchar_t* szFileName, wchar_t* if(SectionNumber <= PEHeader32->FileHeader.NumberOfSections) { PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + SectionNumber * IMAGE_SIZEOF_SECTION_HEADER); - if(EngineCreatePathForFileW(szDumpFileName)) + EngineCreatePathForFileW(szDumpFileName); + hFile = CreateFileW(szDumpFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); + if(hFile != INVALID_HANDLE_VALUE) { - hFile = CreateFileW(szDumpFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); - if(hFile != INVALID_HANDLE_VALUE) + __try { - __try - { - WriteFile(hFile, (LPCVOID)(FileMapVA + PESections->PointerToRawData), PESections->SizeOfRawData, &NumberOfBytesWritten, NULL); - EngineCloseHandle(hFile); - UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA); - return true; - } - __except(EXCEPTION_EXECUTE_HANDLER) - { - EngineCloseHandle(hFile); - UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA); - DeleteFileW(szDumpFileName); - return false; - } + WriteFile(hFile, (LPCVOID)(FileMapVA + PESections->PointerToRawData), PESections->SizeOfRawData, &NumberOfBytesWritten, NULL); + EngineCloseHandle(hFile); + UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA); + return true; + } + __except(EXCEPTION_EXECUTE_HANDLER) + { + EngineCloseHandle(hFile); + UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA); + DeleteFileW(szDumpFileName); + return false; } } } @@ -94,25 +92,23 @@ __declspec(dllexport) bool TITCALL ExtractSectionW(wchar_t* szFileName, wchar_t* if(SectionNumber <= PEHeader64->FileHeader.NumberOfSections) { PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + SectionNumber * IMAGE_SIZEOF_SECTION_HEADER); - if(EngineCreatePathForFileW(szDumpFileName)) + EngineCreatePathForFileW(szDumpFileName); + hFile = CreateFileW(szDumpFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); + if(hFile != INVALID_HANDLE_VALUE) { - hFile = CreateFileW(szDumpFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); - if(hFile != INVALID_HANDLE_VALUE) + __try { - __try - { - WriteFile(hFile, (LPCVOID)(FileMapVA + PESections->PointerToRawData), PESections->SizeOfRawData, &NumberOfBytesWritten, NULL); - EngineCloseHandle(hFile); - UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA); - return true; - } - __except(EXCEPTION_EXECUTE_HANDLER) - { - EngineCloseHandle(hFile); - UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA); - DeleteFileW(szDumpFileName); - return false; - } + WriteFile(hFile, (LPCVOID)(FileMapVA + PESections->PointerToRawData), PESections->SizeOfRawData, &NumberOfBytesWritten, NULL); + EngineCloseHandle(hFile); + UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA); + return true; + } + __except(EXCEPTION_EXECUTE_HANDLER) + { + EngineCloseHandle(hFile); + UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA); + DeleteFileW(szDumpFileName); + return false; } } } diff --git a/TitanEngine/TitanEngine.Resourcer.cpp b/TitanEngine/TitanEngine.Resourcer.cpp index 53c9237..addfa17 100644 --- a/TitanEngine/TitanEngine.Resourcer.cpp +++ b/TitanEngine/TitanEngine.Resourcer.cpp @@ -45,18 +45,16 @@ __declspec(dllexport) bool TITCALL ResourcerExtractResourceFromFileEx(ULONG_PTR { ResourceSize = SizeofResource((HMODULE)FileMapVA, hResource); ResourceData = LockResource(hResourceGlobal); - if(EngineCreatePathForFile(szExtractedFileName)) + EngineCreatePathForFile(szExtractedFileName); + hFile = CreateFileA(szExtractedFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); + if(hFile != INVALID_HANDLE_VALUE) { - hFile = CreateFileA(szExtractedFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); - if(hFile != INVALID_HANDLE_VALUE) - { - WriteFile(hFile, ResourceData, ResourceSize, &NumberOfBytesWritten, NULL); - EngineCloseHandle(hFile); - } - else - { - return false; - } + WriteFile(hFile, ResourceData, ResourceSize, &NumberOfBytesWritten, NULL); + EngineCloseHandle(hFile); + } + else + { + return false; } } return true; diff --git a/TitanEngine/TitanEngine.Static.cpp b/TitanEngine/TitanEngine.Static.cpp index a98fd3f..344d3d3 100644 --- a/TitanEngine/TitanEngine.Static.cpp +++ b/TitanEngine/TitanEngine.Static.cpp @@ -477,103 +477,7 @@ __declspec(dllexport) bool TITCALL StaticRawMemoryCopyW(HANDLE hFile, ULONG_PTR ueCopyBuffer = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE); if(ueCopyBuffer != NULL) { - if(EngineCreatePathForFileW(szDumpFileName)) - { - hWriteFile = CreateFileW(szDumpFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); - if(hWriteFile != INVALID_HANDLE_VALUE) - { - if(Size < 0x1000) - { - SizeToRead = Size; - } - else - { - SizeToRead = 0x1000; - } - while((int)Size > NULL) - { - if(ReadFile(hFile, ueCopyBuffer, SizeToRead, &rfNumberOfBytesRead, NULL) && rfNumberOfBytesRead == SizeToRead) - { - WriteFile(hWriteFile, ueCopyBuffer, SizeToRead, &rfNumberOfBytesRead, NULL); - if(Size > 0x1000) - { - Size = Size - 0x1000; - } - else if(SizeToRead != Size) - { - if(ReadFile(hFile, ueCopyBuffer, Size, &rfNumberOfBytesRead, NULL) && rfNumberOfBytesRead == SizeToRead) - { - WriteFile(hWriteFile, ueCopyBuffer, Size, &rfNumberOfBytesRead, NULL); - } - else - { - WriteFile(hWriteFile, ueCopyBuffer, rfNumberOfBytesRead, &rfNumberOfBytesRead, NULL); - } - SizeToRead = Size; - Size = NULL; - } - else - { - SizeToRead = Size; - Size = NULL; - } - } - else - { - WriteFile(hWriteFile, ueCopyBuffer, rfNumberOfBytesRead, &rfNumberOfBytesRead, NULL); - Size = NULL; - } - } - EngineCloseHandle(hReadFile); - EngineCloseHandle(hWriteFile); - VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE); - return true; - } - else - { - VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE); - } - } - } - } - EngineCloseHandle(hReadFile); - } - } - return false; -} -__declspec(dllexport) bool TITCALL StaticRawMemoryCopyEx(HANDLE hFile, DWORD RawAddressToCopy, DWORD Size, char* szDumpFileName) -{ - - wchar_t uniFileName[MAX_PATH] = {}; - - if(szDumpFileName != NULL) - { - MultiByteToWideChar(CP_ACP, NULL, szDumpFileName, lstrlenA(szDumpFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); - return(StaticRawMemoryCopyExW(hFile, RawAddressToCopy, Size, uniFileName)); - } - else - { - return false; - } -} -__declspec(dllexport) bool TITCALL StaticRawMemoryCopyExW(HANDLE hFile, DWORD RawAddressToCopy, DWORD Size, wchar_t* szDumpFileName) -{ - - DWORD SizeToRead; - HANDLE hReadFile; - HANDLE hWriteFile; - LPVOID ueCopyBuffer; - DWORD rfNumberOfBytesRead; - - if(DuplicateHandle(GetCurrentProcess(), hFile, GetCurrentProcess(), &hReadFile, NULL, false, DUPLICATE_SAME_ACCESS)) - { - if(SetFilePointer(hReadFile, (long)(RawAddressToCopy), NULL, FILE_BEGIN) != INVALID_SET_FILE_POINTER) - { - ueCopyBuffer = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE); - if(ueCopyBuffer != NULL) - { - if(EngineCreatePathForFileW(szDumpFileName)) - { + EngineCreatePathForFileW(szDumpFileName); hWriteFile = CreateFileW(szDumpFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); if(hWriteFile != INVALID_HANDLE_VALUE) { @@ -630,6 +534,98 @@ __declspec(dllexport) bool TITCALL StaticRawMemoryCopyExW(HANDLE hFile, DWORD Ra } } } + EngineCloseHandle(hReadFile); + } + } + return false; +} +__declspec(dllexport) bool TITCALL StaticRawMemoryCopyEx(HANDLE hFile, DWORD RawAddressToCopy, DWORD Size, char* szDumpFileName) +{ + + wchar_t uniFileName[MAX_PATH] = {}; + + if(szDumpFileName != NULL) + { + MultiByteToWideChar(CP_ACP, NULL, szDumpFileName, lstrlenA(szDumpFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); + return(StaticRawMemoryCopyExW(hFile, RawAddressToCopy, Size, uniFileName)); + } + else + { + return false; + } +} +__declspec(dllexport) bool TITCALL StaticRawMemoryCopyExW(HANDLE hFile, DWORD RawAddressToCopy, DWORD Size, wchar_t* szDumpFileName) +{ + + DWORD SizeToRead; + HANDLE hReadFile; + HANDLE hWriteFile; + LPVOID ueCopyBuffer; + DWORD rfNumberOfBytesRead; + + if(DuplicateHandle(GetCurrentProcess(), hFile, GetCurrentProcess(), &hReadFile, NULL, false, DUPLICATE_SAME_ACCESS)) + { + if(SetFilePointer(hReadFile, (long)(RawAddressToCopy), NULL, FILE_BEGIN) != INVALID_SET_FILE_POINTER) + { + ueCopyBuffer = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE); + if(ueCopyBuffer != NULL) + { + EngineCreatePathForFileW(szDumpFileName); + hWriteFile = CreateFileW(szDumpFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); + if(hWriteFile != INVALID_HANDLE_VALUE) + { + if(Size < 0x1000) + { + SizeToRead = Size; + } + else + { + SizeToRead = 0x1000; + } + while((int)Size > NULL) + { + if(ReadFile(hFile, ueCopyBuffer, SizeToRead, &rfNumberOfBytesRead, NULL) && rfNumberOfBytesRead == SizeToRead) + { + WriteFile(hWriteFile, ueCopyBuffer, SizeToRead, &rfNumberOfBytesRead, NULL); + if(Size > 0x1000) + { + Size = Size - 0x1000; + } + else if(SizeToRead != Size) + { + if(ReadFile(hFile, ueCopyBuffer, Size, &rfNumberOfBytesRead, NULL) && rfNumberOfBytesRead == SizeToRead) + { + WriteFile(hWriteFile, ueCopyBuffer, Size, &rfNumberOfBytesRead, NULL); + } + else + { + WriteFile(hWriteFile, ueCopyBuffer, rfNumberOfBytesRead, &rfNumberOfBytesRead, NULL); + } + SizeToRead = Size; + Size = NULL; + } + else + { + SizeToRead = Size; + Size = NULL; + } + } + else + { + WriteFile(hWriteFile, ueCopyBuffer, rfNumberOfBytesRead, &rfNumberOfBytesRead, NULL); + Size = NULL; + } + } + EngineCloseHandle(hReadFile); + EngineCloseHandle(hWriteFile); + VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE); + return true; + } + else + { + VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE); + } + } } EngineCloseHandle(hReadFile); } @@ -670,62 +666,60 @@ __declspec(dllexport) bool TITCALL StaticRawMemoryCopyEx64W(HANDLE hFile, DWORD6 ueCopyBuffer = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE); if(ueCopyBuffer != NULL) { - if(EngineCreatePathForFileW(szDumpFileName)) + EngineCreatePathForFileW(szDumpFileName); + hWriteFile = CreateFileW(szDumpFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); + if(hWriteFile != INVALID_HANDLE_VALUE) { - hWriteFile = CreateFileW(szDumpFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); - if(hWriteFile != INVALID_HANDLE_VALUE) + if(Size < 0x1000) { - if(Size < 0x1000) - { - SizeToRead = (DWORD)Size; - } - else - { - SizeToRead = 0x1000; - } - while(Size != NULL) - { - if(ReadFile(hFile, ueCopyBuffer, SizeToRead, &rfNumberOfBytesRead, NULL) && rfNumberOfBytesRead == SizeToRead) - { - WriteFile(hWriteFile, ueCopyBuffer, SizeToRead, &rfNumberOfBytesRead, NULL); - if(Size > 0x1000) - { - Size = Size - 0x1000; - } - else if((DWORD64)SizeToRead != Size) - { - if(ReadFile(hFile, ueCopyBuffer, (DWORD)Size, &rfNumberOfBytesRead, NULL) && rfNumberOfBytesRead == SizeToRead) - { - WriteFile(hWriteFile, ueCopyBuffer, (DWORD)Size, &rfNumberOfBytesRead, NULL); - } - else - { - WriteFile(hWriteFile, ueCopyBuffer, rfNumberOfBytesRead, &rfNumberOfBytesRead, NULL); - } - SizeToRead = (DWORD)Size; - Size = NULL; - } - else - { - SizeToRead = (DWORD)Size; - Size = NULL; - } - } - else - { - WriteFile(hWriteFile, ueCopyBuffer, rfNumberOfBytesRead, &rfNumberOfBytesRead, NULL); - Size = NULL; - } - } - EngineCloseHandle(hReadFile); - EngineCloseHandle(hWriteFile); - VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE); - return true; + SizeToRead = (DWORD)Size; } else { - VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE); + SizeToRead = 0x1000; } + while(Size != NULL) + { + if(ReadFile(hFile, ueCopyBuffer, SizeToRead, &rfNumberOfBytesRead, NULL) && rfNumberOfBytesRead == SizeToRead) + { + WriteFile(hWriteFile, ueCopyBuffer, SizeToRead, &rfNumberOfBytesRead, NULL); + if(Size > 0x1000) + { + Size = Size - 0x1000; + } + else if((DWORD64)SizeToRead != Size) + { + if(ReadFile(hFile, ueCopyBuffer, (DWORD)Size, &rfNumberOfBytesRead, NULL) && rfNumberOfBytesRead == SizeToRead) + { + WriteFile(hWriteFile, ueCopyBuffer, (DWORD)Size, &rfNumberOfBytesRead, NULL); + } + else + { + WriteFile(hWriteFile, ueCopyBuffer, rfNumberOfBytesRead, &rfNumberOfBytesRead, NULL); + } + SizeToRead = (DWORD)Size; + Size = NULL; + } + else + { + SizeToRead = (DWORD)Size; + Size = NULL; + } + } + else + { + WriteFile(hWriteFile, ueCopyBuffer, rfNumberOfBytesRead, &rfNumberOfBytesRead, NULL); + Size = NULL; + } + } + EngineCloseHandle(hReadFile); + EngineCloseHandle(hWriteFile); + VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE); + return true; + } + else + { + VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE); } } } diff --git a/TitanEngine/TitanEngine.cpp b/TitanEngine/TitanEngine.cpp index 131a9da..df1641e 100644 --- a/TitanEngine/TitanEngine.cpp +++ b/TitanEngine/TitanEngine.cpp @@ -22,6 +22,7 @@ BOOL APIENTRY DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) case DLL_PROCESS_DETACH: if(lpvReserved) ExtensionManagerPluginReleaseCallBack(); + RemoveDirectoryW(engineSzEngineGarbageFolder); break; } return TRUE; diff --git a/TitanEngine/distorm.h b/TitanEngine/distorm.h index bbc2c51..de2e086 100644 --- a/TitanEngine/distorm.h +++ b/TitanEngine/distorm.h @@ -118,7 +118,7 @@ extern "C" { typedef enum { Decode16Bits = 0, Decode32Bits = 1, Decode64Bits = 2 } - _DecodeType; +_DecodeType; typedef OFFSET_INTEGER _OffsetType; diff --git a/TitanEngine/ntdll.h b/TitanEngine/ntdll.h index fde91dd..7ce981f 100644 --- a/TitanEngine/ntdll.h +++ b/TitanEngine/ntdll.h @@ -11,7 +11,8 @@ typedef LONG NTSTATUS; typedef LONG KPRIORITY; -typedef struct _CLIENT_ID { +typedef struct _CLIENT_ID +{ HANDLE UniqueProcess; HANDLE UniqueThread; } CLIENT_ID, *PCLIENT_ID; @@ -53,7 +54,8 @@ typedef struct _PROCESS_BASIC_INFORMATION } PROCESS_BASIC_INFORMATION; typedef PROCESS_BASIC_INFORMATION *PPROCESS_BASIC_INFORMATION; -typedef struct _THREAD_BASIC_INFORMATION { +typedef struct _THREAD_BASIC_INFORMATION +{ NTSTATUS ExitStatus; PVOID TebBaseAddress; CLIENT_ID ClientId;