x64dbg
/
TitanEngine
mirror of https://github.com/x64dbg/TitanEngine
1
0
Fork 0
Code Releases Activity

- resolved issue #22 (dll debugging not working) 

- resolved hanging functions in TitanEngine.PE.*
- fixed issues with differences between debug and release builds (caused crashes)
This commit is contained in:
Mr. eXoDia 2014-03-09 22:40:18 +01:00
parent c51b7ac6bb
commit 97e00e86a4
16 changed files with 295 additions and 391 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
TitanEngine/Global.Debugger.cpp
View File

@ -35,6 +35,7 @@ DWORD DBGCode = DBG_CONTINUE;
bool engineFileIsBeingDebugged = false; bool engineFileIsBeingDebugged = false;
ULONG_PTR engineFakeDLLHandle = NULL; ULONG_PTR engineFakeDLLHandle = NULL;
LPVOID engineAttachedProcessDebugInfo = NULL; LPVOID engineAttachedProcessDebugInfo = NULL;
wchar_t szDebuggerName[512];
// Global.Debugger.functions: // Global.Debugger.functions:
long DebugLoopInSecondThread(LPVOID InputParameter) long DebugLoopInSecondThread(LPVOID InputParameter)

1
TitanEngine/Global.Debugger.h
View File

@ -35,6 +35,7 @@ extern DWORD DBGCode;
extern bool engineFileIsBeingDebugged; extern bool engineFileIsBeingDebugged;
extern ULONG_PTR engineFakeDLLHandle; extern ULONG_PTR engineFakeDLLHandle;
extern LPVOID engineAttachedProcessDebugInfo; extern LPVOID engineAttachedProcessDebugInfo;
extern wchar_t szDebuggerName[512];
long DebugLoopInSecondThread(LPVOID InputParameter); long DebugLoopInSecondThread(LPVOID InputParameter);
void DebuggerReset(); void DebuggerReset();

112
TitanEngine/Global.Engine.cpp
View File

@ -51,6 +51,7 @@ void EngineInit()
{ {
lstrcpyW(engineSzEngineGarbageFolder, engineSzEngineFolder); lstrcpyW(engineSzEngineGarbageFolder, engineSzEngineFolder);
lstrcatW(engineSzEngineGarbageFolder, L"garbage\\"); lstrcatW(engineSzEngineGarbageFolder, L"garbage\\");
CreateDirectoryW(engineSzEngineGarbageFolder, 0);
} }
EngineInitPlugins(engineSzEngineFolder); EngineInitPlugins(engineSzEngineFolder);
} }
@ -152,80 +153,53 @@ char* EngineExtractFileName(char* szFileName)
return(engineExtractedFileName); return(engineExtractedFileName);
} }
bool EngineCreatePathForFile(char* szFileName) void EngineCreatePathForFile(char* szFileName)
{ {
int len=lstrlenA(szFileName);
int i,j; while(szFileName[len]!='\\' && len)
char szFolderName[2 * MAX_PATH] = {}; len--;
char szCreateFolder[2 * MAX_PATH] = {}; char szFolderName[MAX_PATH]="";
lstrcpyA(szFolderName, szFileName);
if(engineCreatePathForFiles) if(len)
szFolderName[len+1]='\0';
else //just a filename
return;
lstrcatA(szFolderName, "\\");
len=lstrlenA(szFolderName);
char szCreateFolder[MAX_PATH]="";
for(int i=3; i<len; i++)
{ {
i = lstrlenA(szFileName); if(szFolderName[i]=='\\')
while(szFileName[i] != '\\' && i > NULL)
{ {
i--; lstrcpyA(szCreateFolder, szFolderName);
} szCreateFolder[i]='\0';
if(i != NULL) CreateDirectoryA(szCreateFolder, 0);
{
RtlMoveMemory(szFolderName, szFileName, i + 1);
if(!CreateDirectoryA(szFolderName, NULL))
{
if(GetLastError() != ERROR_ALREADY_EXISTS)
{
j = lstrlenA(szFolderName);
for(i = 4; i < j; i++)
{
if(szFileName[i] == '\\')
{
RtlZeroMemory(szCreateFolder, 2 * MAX_PATH);
RtlCopyMemory(szCreateFolder, szFileName, i + 1);
return !!CreateDirectoryA(szCreateFolder, NULL);
}
}
}
}
} }
} }
return true;
} }
bool EngineCreatePathForFileW(wchar_t* szFileName) void EngineCreatePathForFileW(wchar_t* szFileName)
{ {
int len=lstrlenW(szFileName);
int i,j; while(szFileName[len]!=L'\\' && len)
wchar_t szFolderName[MAX_PATH] = {}; len--;
wchar_t szCreateFolder[MAX_PATH] = {}; wchar_t szFolderName[MAX_PATH]=L"";
lstrcpyW(szFolderName, szFileName);
if(engineCreatePathForFiles) if(len)
szFolderName[len+1]=L'\0';
else //just a filename
return;
len=lstrlenW(szFolderName);
wchar_t szCreateFolder[MAX_PATH]=L"";
for(int i=3; i<len; i++)
{ {
i = lstrlenW(szFileName); if(szFolderName[i]=='\\')
while(szFileName[i] != '\\' && i > 0)
{ {
i--; lstrcpyW(szCreateFolder, szFolderName);
} szCreateFolder[i]='\0';
if(i != 0) CreateDirectoryW(szCreateFolder, 0);
{
RtlCopyMemory(szFolderName, szFileName, (i * 2) + 2);
if(!CreateDirectoryW(szFolderName, NULL))
{
if(GetLastError() != ERROR_ALREADY_EXISTS)
{
j = lstrlenW(szFolderName);
for(i = 4; i < j; i++)
{
if(szFileName[i] == '\\')
{
RtlZeroMemory(szCreateFolder, 2 * MAX_PATH);
RtlCopyMemory(szCreateFolder, szFileName, (i * 2) + 1);
return !!CreateDirectoryW(szCreateFolder, NULL);
}
}
}
}
} }
} }
return true;
} }
wchar_t* EngineExtractFileNameW(wchar_t* szFileName) wchar_t* EngineExtractFileNameW(wchar_t* szFileName)
@ -512,18 +486,16 @@ bool EngineExtractResource(char* szResourceName, wchar_t* szExtractedFileName)
{ {
ResourceSize = SizeofResource(engineHandle, hResource); ResourceSize = SizeofResource(engineHandle, hResource);
ResourceData = LockResource(hResourceGlobal); ResourceData = LockResource(hResourceGlobal);
if(EngineCreatePathForFileW(szExtractedFileName)) EngineCreatePathForFileW(szExtractedFileName);
hFile = CreateFileW(szExtractedFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
if(hFile != INVALID_HANDLE_VALUE)
{ {
hFile = CreateFileW(szExtractedFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); if(WriteFile(hFile, ResourceData, ResourceSize, &NumberOfBytesWritten, NULL))
if(hFile != INVALID_HANDLE_VALUE)
{ {
if(WriteFile(hFile, ResourceData, ResourceSize, &NumberOfBytesWritten, NULL))
{
EngineCloseHandle(hFile);
return true;
}
EngineCloseHandle(hFile); EngineCloseHandle(hFile);
return true;
} }
EngineCloseHandle(hFile);
} }
} }
} }

4
TitanEngine/Global.Engine.h
View File

@ -27,8 +27,8 @@ bool EngineIsThereFreeHardwareBreakSlot(LPDWORD FreeRegister);
bool EngineFileExists(char* szFileName); bool EngineFileExists(char* szFileName);
char* EngineExtractPath(char* szFileName); char* EngineExtractPath(char* szFileName);
char* EngineExtractFileName(char* szFileName); char* EngineExtractFileName(char* szFileName);
bool EngineCreatePathForFile(char* szFileName); void EngineCreatePathForFile(char* szFileName);
bool EngineCreatePathForFileW(wchar_t* szFileName); void EngineCreatePathForFileW(wchar_t* szFileName);
wchar_t* EngineExtractFileNameW(wchar_t* szFileName); wchar_t* EngineExtractFileNameW(wchar_t* szFileName);
bool EngineIsPointedMemoryString(ULONG_PTR PossibleStringPtr); bool EngineIsPointedMemoryString(ULONG_PTR PossibleStringPtr);
int EnginePointedMemoryStringLength(ULONG_PTR PossibleStringPtr); int EnginePointedMemoryStringLength(ULONG_PTR PossibleStringPtr);

23
TitanEngine/Global.Garbage.cpp
View File

@ -11,24 +11,17 @@ wchar_t engineSzEngineGarbageFolder[MAX_PATH];
// Global.Garbage.functions: // Global.Garbage.functions:
bool CreateGarbageItem(void* outGargabeItem, int MaxGargabeStringSize) bool CreateGarbageItem(void* outGargabeItem, int MaxGargabeStringSize)
{ {
bool Created = false;
wchar_t szGarbageItem[512]; wchar_t szGarbageItem[512];
wchar_t szGargabeItemBuff[128]; wchar_t szGargabeItemBuff[128];
while(!Created) RtlZeroMemory(&szGarbageItem, sizeof szGarbageItem);
{ RtlZeroMemory(&szGargabeItemBuff, sizeof szGargabeItemBuff);
RtlZeroMemory(&szGarbageItem, sizeof szGarbageItem); srand((unsigned int)time(NULL));
RtlZeroMemory(&szGargabeItemBuff, sizeof szGargabeItemBuff); wsprintfW(szGargabeItemBuff, L"Junk-%08x\\", (rand() % 128 + 1) * (rand() % 128 + 1) + (rand() % 1024 + 1));
srand((unsigned int)time(NULL)); lstrcpyW(szGarbageItem, engineSzEngineGarbageFolder);
wsprintfW(szGargabeItemBuff, L"Junk-%08x\\", (rand() % 128 + 1) * (rand() % 128 + 1) + (rand() % 1024 + 1)); lstrcatW(szGarbageItem, szGargabeItemBuff);
lstrcpyW(szGarbageItem, engineSzEngineGarbageFolder); EngineCreatePathForFileW(szGarbageItem);
lstrcatW(szGarbageItem, szGargabeItemBuff);
if(EngineCreatePathForFileW(szGarbageItem))
{
Created = true;
}
}
if(lstrlenW(szGarbageItem) * 2 >= MaxGargabeStringSize) if(lstrlenW(szGarbageItem) * 2 >= MaxGargabeStringSize)
{ {
RtlMoveMemory(outGargabeItem, &szGarbageItem, MaxGargabeStringSize); RtlMoveMemory(outGargabeItem, &szGarbageItem, MaxGargabeStringSize);

35
TitanEngine/TitanEngine.Debugger.Control.cpp
View File

@ -42,39 +42,8 @@ __declspec(dllexport) void TITCALL ForceClose()
StopDebug(); StopDebug();
} }
RtlZeroMemory(&dbgProcessInformation, sizeof PROCESS_INFORMATION); RtlZeroMemory(&dbgProcessInformation, sizeof PROCESS_INFORMATION);
/*if(DebugDebuggingDLL) if(DebugDebuggingDLL)
{ DeleteFileW(szDebuggerName);
RtlZeroMemory(&szTempName, sizeof szTempName);
RtlZeroMemory(&szTempFolder, sizeof szTempFolder);
if(GetTempPathW(MAX_PATH, szTempFolder) < MAX_PATH)
{
if(GetTempFileNameW(szTempFolder, L"DeleteTempFile", GetTickCount(), szTempName))
{
DeleteFileW(szTempName);
if(!MoveFileW(szDebuggerName, szTempName))
{
DeleteFileW(szDebuggerName);
}
else
{
DeleteFileW(szTempName);
}
}
RtlZeroMemory(&szTempName, sizeof szTempName);
if(GetTempFileNameW(szTempFolder, L"DeleteTempFile", GetTickCount() + 1, szTempName))
{
DeleteFileW(szTempName);
if(!MoveFileW(szReserveModuleName, szTempName))
{
DeleteFileW(szReserveModuleName);
}
else
{
DeleteFileW(szTempName);
}
}
}
}*/
DebugDebuggingDLL = false; DebugDebuggingDLL = false;
DebugExeFileEntryPointCallBack = NULL; DebugExeFileEntryPointCallBack = NULL;
} }

8
TitanEngine/TitanEngine.Debugger.Helper.cpp
View File

@ -295,7 +295,7 @@ __declspec(dllexport) long long TITCALL GetJumpDestinationEx(HANDLE hProcess, UL
} }
else if(CompareMemory->DataByte[0] == 0x0F && CompareMemory->DataByte[1] >= 0x81 && CompareMemory->DataByte[1] <= 0x8F && CurrentInstructionSize == 4) else if(CompareMemory->DataByte[0] == 0x0F && CompareMemory->DataByte[1] >= 0x81 && CompareMemory->DataByte[1] <= 0x8F && CurrentInstructionSize == 4)
{ {
ReadMemData = 0; ReadMemData = 0;
RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)ReadMemory + 2), 2); RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)ReadMemory + 2), 2);
TargetedAddress = ReadMemData + InstructionAddress + CurrentInstructionSize; TargetedAddress = ReadMemData + InstructionAddress + CurrentInstructionSize;
} }
@ -324,7 +324,7 @@ __declspec(dllexport) long long TITCALL GetJumpDestinationEx(HANDLE hProcess, UL
} }
else if(CompareMemory->DataByte[0] == 0xFF && CompareMemory->DataByte[1] != 0x64 && CompareMemory->DataByte[1] >= 0x60 && CompareMemory->DataByte[1] <= 0x67 && CurrentInstructionSize == 3) else if(CompareMemory->DataByte[0] == 0xFF && CompareMemory->DataByte[1] != 0x64 && CompareMemory->DataByte[1] >= 0x60 && CompareMemory->DataByte[1] <= 0x67 && CurrentInstructionSize == 3)
{ {
ReadMemData = 0; ReadMemData = 0;
RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)ReadMemory + 2), 1); RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)ReadMemory + 2), 1);
TargetedAddress = ReadMemData; TargetedAddress = ReadMemData;
if(CompareMemory->DataByte[1] == 0x60) if(CompareMemory->DataByte[1] == 0x60)
@ -431,7 +431,7 @@ __declspec(dllexport) long long TITCALL GetJumpDestinationEx(HANDLE hProcess, UL
} }
else if(CompareMemory->DataByte[0] == 0x0F && CompareMemory->DataByte[1] >= 0x81 && CompareMemory->DataByte[1] <= 0x8F && CurrentInstructionSize == 4) else if(CompareMemory->DataByte[0] == 0x0F && CompareMemory->DataByte[1] >= 0x81 && CompareMemory->DataByte[1] <= 0x8F && CurrentInstructionSize == 4)
{ {
ReadMemData = 0; ReadMemData = 0;
RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)InstructionAddress + 2), 2); RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)InstructionAddress + 2), 2);
TargetedAddress = ReadMemData + InstructionAddress + CurrentInstructionSize; TargetedAddress = ReadMemData + InstructionAddress + CurrentInstructionSize;
} }
@ -460,7 +460,7 @@ __declspec(dllexport) long long TITCALL GetJumpDestinationEx(HANDLE hProcess, UL
} }
else if(CompareMemory->DataByte[0] == 0xFF && CompareMemory->DataByte[1] != 0x64 && CompareMemory->DataByte[1] >= 0x60 && CompareMemory->DataByte[1] <= 0x67 && CurrentInstructionSize == 3) else if(CompareMemory->DataByte[0] == 0xFF && CompareMemory->DataByte[1] != 0x64 && CompareMemory->DataByte[1] >= 0x60 && CompareMemory->DataByte[1] <= 0x67 && CurrentInstructionSize == 3)
{ {
ReadMemData = 0; ReadMemData = 0;
RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)InstructionAddress + 2), 1); RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)InstructionAddress + 2), 1);
TargetedAddress = ReadMemData; TargetedAddress = ReadMemData;
if(CompareMemory->DataByte[1] == 0x60) if(CompareMemory->DataByte[1] == 0x60)

37
TitanEngine/TitanEngine.Debugger.cpp
View File

@ -8,7 +8,6 @@
#include <vector> #include <vector>
static wchar_t szBackupDebuggedFileName[512]; static wchar_t szBackupDebuggedFileName[512];
static wchar_t szDebuggerName[512];
// TitanEngine.Debugger.functions: // TitanEngine.Debugger.functions:
__declspec(dllexport) void* TITCALL InitDebug(char* szFileName, char* szCommandLine, char* szCurrentFolder) __declspec(dllexport) void* TITCALL InitDebug(char* szFileName, char* szCommandLine, char* szCurrentFolder)
@ -150,17 +149,16 @@ __declspec(dllexport) void* TITCALL InitDLLDebugW(wchar_t* szFileName, bool Rese
} }
lstrcpyW(szDebuggerName, szFileName); lstrcpyW(szDebuggerName, szFileName);
i = lstrlenW(szDebuggerName); i = lstrlenW(szDebuggerName);
while(szDebuggerName[i] != 0x5C && i >= NULL) while(szDebuggerName[i] != '\\' && i)
{ {
i--; i--;
} }
if(i > NULL) if(i)
{ {
szDebuggerName[i+1] = 0x00;
#ifdef _WIN64 #ifdef _WIN64
lstrcpyW(szDebuggerName, L"DLLLoader64.exe"); lstrcpyW(szDebuggerName+i+1, L"DLLLoader64.exe");
#else #else
lstrcpyW(szDebuggerName, L"DLLLoader32.exe"); lstrcpyW(szDebuggerName+i+1, L"DLLLoader32.exe");
#endif #endif
} }
else else
@ -171,21 +169,10 @@ __declspec(dllexport) void* TITCALL InitDLLDebugW(wchar_t* szFileName, bool Rese
lstrcpyW(szDebuggerName, L"DLLLoader32.exe"); lstrcpyW(szDebuggerName, L"DLLLoader32.exe");
#endif #endif
} }
//RtlZeroMemory(&szReserveModuleName, sizeof szReserveModuleName);
//lstrcpyW(szReserveModuleName, szFileName);
//lstrcatW(szReserveModuleName, L".module");
#if defined(_WIN64) #if defined(_WIN64)
ReturnData = EngineExtractResource("LOADERx64", szDebuggerName); ReturnData = EngineExtractResource("LOADERX64", szDebuggerName);
/*if(ReserveModuleBase)
{
EngineExtractResource("MODULEx64", szReserveModuleName);
}*/
#else #else
ReturnData = EngineExtractResource("LOADERx86", szDebuggerName); ReturnData = EngineExtractResource("LOADERX86", szDebuggerName);
/*if(ReserveModuleBase)
{
EngineExtractResource("MODULEx86", szReserveModuleName);
}*/
#endif #endif
if(ReturnData) if(ReturnData)
{ {
@ -195,24 +182,14 @@ __declspec(dllexport) void* TITCALL InitDLLDebugW(wchar_t* szFileName, bool Rese
{ {
i--; i--;
} }
/*j = lstrlenW(szReserveModuleName);
while(szReserveModuleName[j] != 0x5C && j >= NULL)
{
j--;
}*/
DebugDebuggingDLLBase = NULL; DebugDebuggingDLLBase = NULL;
DebugDebuggingMainModuleBase = NULL; DebugDebuggingMainModuleBase = NULL;
DebugDebuggingDLLFullFileName = szFileName; DebugDebuggingDLLFullFileName = szFileName;
DebugDebuggingDLLFileName = &szFileName[i+1]; DebugDebuggingDLLFileName = &szFileName[i+1];
//DebugDebuggingDLLReserveFileName = &szReserveModuleName[j+1];
DebugModuleImageBase = (ULONG_PTR)GetPE32DataW(szFileName, NULL, UE_IMAGEBASE); DebugModuleImageBase = (ULONG_PTR)GetPE32DataW(szFileName, NULL, UE_IMAGEBASE);
DebugReserveModuleBase = DebugModuleImageBase; DebugReserveModuleBase = DebugModuleImageBase;
DebugModuleEntryPoint = (ULONG_PTR)GetPE32DataW(szFileName, NULL, UE_OEP); DebugModuleEntryPoint = (ULONG_PTR)GetPE32DataW(szFileName, NULL, UE_OEP);
DebugModuleEntryPointCallBack = EntryCallBack; DebugModuleEntryPointCallBack = EntryCallBack;
/*if(ReserveModuleBase)
{
RelocaterChangeFileBaseW(szReserveModuleName, DebugModuleImageBase);
}*/
return(InitDebugW(szDebuggerName, szCommandLine, szCurrentFolder)); return(InitDebugW(szDebuggerName, szCommandLine, szCurrentFolder));
} }
else else
@ -221,12 +198,14 @@ __declspec(dllexport) void* TITCALL InitDLLDebugW(wchar_t* szFileName, bool Rese
} }
return(NULL); return(NULL);
} }
__declspec(dllexport) bool TITCALL StopDebug() __declspec(dllexport) bool TITCALL StopDebug()
{ {
if(dbgProcessInformation.hProcess != NULL) if(dbgProcessInformation.hProcess != NULL)
{ {
TerminateThread(dbgProcessInformation.hThread, NULL); TerminateThread(dbgProcessInformation.hThread, NULL);
TerminateProcess(dbgProcessInformation.hProcess, NULL); TerminateProcess(dbgProcessInformation.hProcess, NULL);
Sleep(10); //allow thread switching
return true; return true;
} }
else else

8
TitanEngine/TitanEngine.Handler.cpp
View File

@ -141,8 +141,8 @@ __declspec(dllexport) void* TITCALL HandlerGetHandleName(HANDLE hProcess, DWORD
VirtualFree(ObjectNameInfo, NULL, MEM_RELEASE); VirtualFree(ObjectNameInfo, NULL, MEM_RELEASE);
VirtualFree(QuerySystemBuffer, NULL, MEM_RELEASE); VirtualFree(QuerySystemBuffer, NULL, MEM_RELEASE);
if(!NameFound) if(!NameFound)
{ {
VirtualFree(HandleFullName, NULL, MEM_RELEASE); VirtualFree(HandleFullName, NULL, MEM_RELEASE);
return(NULL); return(NULL);
@ -221,8 +221,8 @@ __declspec(dllexport) void* TITCALL HandlerGetHandleNameW(HANDLE hProcess, DWORD
VirtualFree(ObjectNameInfo, NULL, MEM_RELEASE); VirtualFree(ObjectNameInfo, NULL, MEM_RELEASE);
VirtualFree(QuerySystemBuffer, NULL, MEM_RELEASE); VirtualFree(QuerySystemBuffer, NULL, MEM_RELEASE);
if(!NameFound) if(!NameFound)
{ {
VirtualFree(HandleFullName, NULL, MEM_RELEASE); VirtualFree(HandleFullName, NULL, MEM_RELEASE);
return(NULL); return(NULL);

76
TitanEngine/TitanEngine.PE.Overlay.cpp
View File

@ -182,56 +182,54 @@ __declspec(dllexport) bool TITCALL ExtractOverlayW(wchar_t* szFileName, wchar_t*
hFile = CreateFileW(szFileName, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); hFile = CreateFileW(szFileName, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
if(hFile != INVALID_HANDLE_VALUE) if(hFile != INVALID_HANDLE_VALUE)
{ {
if(EngineCreatePathForFileW(szExtactedFileName)) EngineCreatePathForFileW(szExtactedFileName);
hFileWrite = CreateFileW(szExtactedFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
if(hFileWrite != INVALID_HANDLE_VALUE)
{ {
hFileWrite = CreateFileW(szExtactedFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); SetFilePointer(hFile, OverlayStart, NULL, FILE_BEGIN);
if(hFileWrite != INVALID_HANDLE_VALUE) while(OverlaySize > 0)
{ {
SetFilePointer(hFile, OverlayStart, NULL, FILE_BEGIN); RtlZeroMemory(ueReadBuffer, 0x2000);
while(OverlaySize > 0)
if(OverlaySize > 0x1000)
{ {
RtlZeroMemory(ueReadBuffer, 0x2000); if(ReadFile(hFile, ueReadBuffer, 0x1000, &ueNumberOfBytesRead, NULL))
if(OverlaySize > 0x1000)
{ {
if(ReadFile(hFile, ueReadBuffer, 0x1000, &ueNumberOfBytesRead, NULL)) if(!WriteFile(hFileWrite, ueReadBuffer, 0x1000, &ueNumberOfBytesRead, NULL))
{
if(!WriteFile(hFileWrite, ueReadBuffer, 0x1000, &ueNumberOfBytesRead, NULL))
return false;
}
else
{
return false; return false;
}
OverlaySize = OverlaySize - 0x1000;
} }
else else
{ {
if(ReadFile(hFile, ueReadBuffer, OverlaySize, &ueNumberOfBytesRead, NULL)) return false;
{
if(!WriteFile(hFileWrite, ueReadBuffer, OverlaySize, &ueNumberOfBytesRead, NULL))
return false;
}
else
{
return false;
}
OverlaySize = 0;
} }
OverlaySize = OverlaySize - 0x1000;
}
else
{
if(ReadFile(hFile, ueReadBuffer, OverlaySize, &ueNumberOfBytesRead, NULL))
{
if(!WriteFile(hFileWrite, ueReadBuffer, OverlaySize, &ueNumberOfBytesRead, NULL))
return false;
}
else
{
return false;
}
OverlaySize = 0;
} }
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
EngineCloseHandle(hFile);
EngineCloseHandle(hFileWrite);
return true;
}
else
{
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
EngineCloseHandle(hFile);
return false;
} }
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
EngineCloseHandle(hFile);
EngineCloseHandle(hFileWrite);
return true;
}
else
{
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
EngineCloseHandle(hFile);
return false;
} }
} }
} }

64
TitanEngine/TitanEngine.PE.Section.cpp
View File

@ -63,25 +63,23 @@ __declspec(dllexport) bool TITCALL ExtractSectionW(wchar_t* szFileName, wchar_t*
if(SectionNumber <= PEHeader32->FileHeader.NumberOfSections) if(SectionNumber <= PEHeader32->FileHeader.NumberOfSections)
{ {
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + SectionNumber * IMAGE_SIZEOF_SECTION_HEADER); PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + SectionNumber * IMAGE_SIZEOF_SECTION_HEADER);
if(EngineCreatePathForFileW(szDumpFileName)) EngineCreatePathForFileW(szDumpFileName);
hFile = CreateFileW(szDumpFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
if(hFile != INVALID_HANDLE_VALUE)
{ {
hFile = CreateFileW(szDumpFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); __try
if(hFile != INVALID_HANDLE_VALUE)
{ {
__try WriteFile(hFile, (LPCVOID)(FileMapVA + PESections->PointerToRawData), PESections->SizeOfRawData, &NumberOfBytesWritten, NULL);
{ EngineCloseHandle(hFile);
WriteFile(hFile, (LPCVOID)(FileMapVA + PESections->PointerToRawData), PESections->SizeOfRawData, &NumberOfBytesWritten, NULL); UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
EngineCloseHandle(hFile); return true;
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA); }
return true; __except(EXCEPTION_EXECUTE_HANDLER)
} {
__except(EXCEPTION_EXECUTE_HANDLER) EngineCloseHandle(hFile);
{ UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
EngineCloseHandle(hFile); DeleteFileW(szDumpFileName);
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA); return false;
DeleteFileW(szDumpFileName);
return false;
}
} }
} }
} }
@ -94,25 +92,23 @@ __declspec(dllexport) bool TITCALL ExtractSectionW(wchar_t* szFileName, wchar_t*
if(SectionNumber <= PEHeader64->FileHeader.NumberOfSections) if(SectionNumber <= PEHeader64->FileHeader.NumberOfSections)
{ {
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + SectionNumber * IMAGE_SIZEOF_SECTION_HEADER); PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + SectionNumber * IMAGE_SIZEOF_SECTION_HEADER);
if(EngineCreatePathForFileW(szDumpFileName)) EngineCreatePathForFileW(szDumpFileName);
hFile = CreateFileW(szDumpFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
if(hFile != INVALID_HANDLE_VALUE)
{ {
hFile = CreateFileW(szDumpFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); __try
if(hFile != INVALID_HANDLE_VALUE)
{ {
__try WriteFile(hFile, (LPCVOID)(FileMapVA + PESections->PointerToRawData), PESections->SizeOfRawData, &NumberOfBytesWritten, NULL);
{ EngineCloseHandle(hFile);
WriteFile(hFile, (LPCVOID)(FileMapVA + PESections->PointerToRawData), PESections->SizeOfRawData, &NumberOfBytesWritten, NULL); UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
EngineCloseHandle(hFile); return true;
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA); }
return true; __except(EXCEPTION_EXECUTE_HANDLER)
} {
__except(EXCEPTION_EXECUTE_HANDLER) EngineCloseHandle(hFile);
{ UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
EngineCloseHandle(hFile); DeleteFileW(szDumpFileName);
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA); return false;
DeleteFileW(szDumpFileName);
return false;
}
} }
} }
} }

20
TitanEngine/TitanEngine.Resourcer.cpp
View File

@ -45,18 +45,16 @@ __declspec(dllexport) bool TITCALL ResourcerExtractResourceFromFileEx(ULONG_PTR
{ {
ResourceSize = SizeofResource((HMODULE)FileMapVA, hResource); ResourceSize = SizeofResource((HMODULE)FileMapVA, hResource);
ResourceData = LockResource(hResourceGlobal); ResourceData = LockResource(hResourceGlobal);
if(EngineCreatePathForFile(szExtractedFileName)) EngineCreatePathForFile(szExtractedFileName);
hFile = CreateFileA(szExtractedFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
if(hFile != INVALID_HANDLE_VALUE)
{ {
hFile = CreateFileA(szExtractedFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); WriteFile(hFile, ResourceData, ResourceSize, &NumberOfBytesWritten, NULL);
if(hFile != INVALID_HANDLE_VALUE) EngineCloseHandle(hFile);
{ }
WriteFile(hFile, ResourceData, ResourceSize, &NumberOfBytesWritten, NULL); else
EngineCloseHandle(hFile); {
} return false;
else
{
return false;
}
} }
} }
return true; return true;

288
TitanEngine/TitanEngine.Static.cpp
View File

@ -477,103 +477,7 @@ __declspec(dllexport) bool TITCALL StaticRawMemoryCopyW(HANDLE hFile, ULONG_PTR
ueCopyBuffer = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE); ueCopyBuffer = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE);
if(ueCopyBuffer != NULL) if(ueCopyBuffer != NULL)
{ {
if(EngineCreatePathForFileW(szDumpFileName)) EngineCreatePathForFileW(szDumpFileName);
{
hWriteFile = CreateFileW(szDumpFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
if(hWriteFile != INVALID_HANDLE_VALUE)
{
if(Size < 0x1000)
{
SizeToRead = Size;
}
else
{
SizeToRead = 0x1000;
}
while((int)Size > NULL)
{
if(ReadFile(hFile, ueCopyBuffer, SizeToRead, &rfNumberOfBytesRead, NULL) && rfNumberOfBytesRead == SizeToRead)
{
WriteFile(hWriteFile, ueCopyBuffer, SizeToRead, &rfNumberOfBytesRead, NULL);
if(Size > 0x1000)
{
Size = Size - 0x1000;
}
else if(SizeToRead != Size)
{
if(ReadFile(hFile, ueCopyBuffer, Size, &rfNumberOfBytesRead, NULL) && rfNumberOfBytesRead == SizeToRead)
{
WriteFile(hWriteFile, ueCopyBuffer, Size, &rfNumberOfBytesRead, NULL);
}
else
{
WriteFile(hWriteFile, ueCopyBuffer, rfNumberOfBytesRead, &rfNumberOfBytesRead, NULL);
}
SizeToRead = Size;
Size = NULL;
}
else
{
SizeToRead = Size;
Size = NULL;
}
}
else
{
WriteFile(hWriteFile, ueCopyBuffer, rfNumberOfBytesRead, &rfNumberOfBytesRead, NULL);
Size = NULL;
}
}
EngineCloseHandle(hReadFile);
EngineCloseHandle(hWriteFile);
VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE);
return true;
}
else
{
VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE);
}
}
}
}
EngineCloseHandle(hReadFile);
}
}
return false;
}
__declspec(dllexport) bool TITCALL StaticRawMemoryCopyEx(HANDLE hFile, DWORD RawAddressToCopy, DWORD Size, char* szDumpFileName)
{
wchar_t uniFileName[MAX_PATH] = {};
if(szDumpFileName != NULL)
{
MultiByteToWideChar(CP_ACP, NULL, szDumpFileName, lstrlenA(szDumpFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
return(StaticRawMemoryCopyExW(hFile, RawAddressToCopy, Size, uniFileName));
}
else
{
return false;
}
}
__declspec(dllexport) bool TITCALL StaticRawMemoryCopyExW(HANDLE hFile, DWORD RawAddressToCopy, DWORD Size, wchar_t* szDumpFileName)
{
DWORD SizeToRead;
HANDLE hReadFile;
HANDLE hWriteFile;
LPVOID ueCopyBuffer;
DWORD rfNumberOfBytesRead;
if(DuplicateHandle(GetCurrentProcess(), hFile, GetCurrentProcess(), &hReadFile, NULL, false, DUPLICATE_SAME_ACCESS))
{
if(SetFilePointer(hReadFile, (long)(RawAddressToCopy), NULL, FILE_BEGIN) != INVALID_SET_FILE_POINTER)
{
ueCopyBuffer = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE);
if(ueCopyBuffer != NULL)
{
if(EngineCreatePathForFileW(szDumpFileName))
{
hWriteFile = CreateFileW(szDumpFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); hWriteFile = CreateFileW(szDumpFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
if(hWriteFile != INVALID_HANDLE_VALUE) if(hWriteFile != INVALID_HANDLE_VALUE)
{ {
@ -630,6 +534,98 @@ __declspec(dllexport) bool TITCALL StaticRawMemoryCopyExW(HANDLE hFile, DWORD Ra
} }
} }
} }
EngineCloseHandle(hReadFile);
}
}
return false;
}
__declspec(dllexport) bool TITCALL StaticRawMemoryCopyEx(HANDLE hFile, DWORD RawAddressToCopy, DWORD Size, char* szDumpFileName)
{
wchar_t uniFileName[MAX_PATH] = {};
if(szDumpFileName != NULL)
{
MultiByteToWideChar(CP_ACP, NULL, szDumpFileName, lstrlenA(szDumpFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
return(StaticRawMemoryCopyExW(hFile, RawAddressToCopy, Size, uniFileName));
}
else
{
return false;
}
}
__declspec(dllexport) bool TITCALL StaticRawMemoryCopyExW(HANDLE hFile, DWORD RawAddressToCopy, DWORD Size, wchar_t* szDumpFileName)
{
DWORD SizeToRead;
HANDLE hReadFile;
HANDLE hWriteFile;
LPVOID ueCopyBuffer;
DWORD rfNumberOfBytesRead;
if(DuplicateHandle(GetCurrentProcess(), hFile, GetCurrentProcess(), &hReadFile, NULL, false, DUPLICATE_SAME_ACCESS))
{
if(SetFilePointer(hReadFile, (long)(RawAddressToCopy), NULL, FILE_BEGIN) != INVALID_SET_FILE_POINTER)
{
ueCopyBuffer = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE);
if(ueCopyBuffer != NULL)
{
EngineCreatePathForFileW(szDumpFileName);
hWriteFile = CreateFileW(szDumpFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
if(hWriteFile != INVALID_HANDLE_VALUE)
{
if(Size < 0x1000)
{
SizeToRead = Size;
}
else
{
SizeToRead = 0x1000;
}
while((int)Size > NULL)
{
if(ReadFile(hFile, ueCopyBuffer, SizeToRead, &rfNumberOfBytesRead, NULL) && rfNumberOfBytesRead == SizeToRead)
{
WriteFile(hWriteFile, ueCopyBuffer, SizeToRead, &rfNumberOfBytesRead, NULL);
if(Size > 0x1000)
{
Size = Size - 0x1000;
}
else if(SizeToRead != Size)
{
if(ReadFile(hFile, ueCopyBuffer, Size, &rfNumberOfBytesRead, NULL) && rfNumberOfBytesRead == SizeToRead)
{
WriteFile(hWriteFile, ueCopyBuffer, Size, &rfNumberOfBytesRead, NULL);
}
else
{
WriteFile(hWriteFile, ueCopyBuffer, rfNumberOfBytesRead, &rfNumberOfBytesRead, NULL);
}
SizeToRead = Size;
Size = NULL;
}
else
{
SizeToRead = Size;
Size = NULL;
}
}
else
{
WriteFile(hWriteFile, ueCopyBuffer, rfNumberOfBytesRead, &rfNumberOfBytesRead, NULL);
Size = NULL;
}
}
EngineCloseHandle(hReadFile);
EngineCloseHandle(hWriteFile);
VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE);
return true;
}
else
{
VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE);
}
}
} }
EngineCloseHandle(hReadFile); EngineCloseHandle(hReadFile);
} }
@ -670,62 +666,60 @@ __declspec(dllexport) bool TITCALL StaticRawMemoryCopyEx64W(HANDLE hFile, DWORD6
ueCopyBuffer = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE); ueCopyBuffer = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE);
if(ueCopyBuffer != NULL) if(ueCopyBuffer != NULL)
{ {
if(EngineCreatePathForFileW(szDumpFileName)) EngineCreatePathForFileW(szDumpFileName);
hWriteFile = CreateFileW(szDumpFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
if(hWriteFile != INVALID_HANDLE_VALUE)
{ {
hWriteFile = CreateFileW(szDumpFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); if(Size < 0x1000)
if(hWriteFile != INVALID_HANDLE_VALUE)
{ {
if(Size < 0x1000) SizeToRead = (DWORD)Size;
{
SizeToRead = (DWORD)Size;
}
else
{
SizeToRead = 0x1000;
}
while(Size != NULL)
{
if(ReadFile(hFile, ueCopyBuffer, SizeToRead, &rfNumberOfBytesRead, NULL) && rfNumberOfBytesRead == SizeToRead)
{
WriteFile(hWriteFile, ueCopyBuffer, SizeToRead, &rfNumberOfBytesRead, NULL);
if(Size > 0x1000)
{
Size = Size - 0x1000;
}
else if((DWORD64)SizeToRead != Size)
{
if(ReadFile(hFile, ueCopyBuffer, (DWORD)Size, &rfNumberOfBytesRead, NULL) && rfNumberOfBytesRead == SizeToRead)
{
WriteFile(hWriteFile, ueCopyBuffer, (DWORD)Size, &rfNumberOfBytesRead, NULL);
}
else
{
WriteFile(hWriteFile, ueCopyBuffer, rfNumberOfBytesRead, &rfNumberOfBytesRead, NULL);
}
SizeToRead = (DWORD)Size;
Size = NULL;
}
else
{
SizeToRead = (DWORD)Size;
Size = NULL;
}
}
else
{
WriteFile(hWriteFile, ueCopyBuffer, rfNumberOfBytesRead, &rfNumberOfBytesRead, NULL);
Size = NULL;
}
}
EngineCloseHandle(hReadFile);
EngineCloseHandle(hWriteFile);
VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE);
return true;
} }
else else
{ {
VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE); SizeToRead = 0x1000;
} }
while(Size != NULL)
{
if(ReadFile(hFile, ueCopyBuffer, SizeToRead, &rfNumberOfBytesRead, NULL) && rfNumberOfBytesRead == SizeToRead)
{
WriteFile(hWriteFile, ueCopyBuffer, SizeToRead, &rfNumberOfBytesRead, NULL);
if(Size > 0x1000)
{
Size = Size - 0x1000;
}
else if((DWORD64)SizeToRead != Size)
{
if(ReadFile(hFile, ueCopyBuffer, (DWORD)Size, &rfNumberOfBytesRead, NULL) && rfNumberOfBytesRead == SizeToRead)
{
WriteFile(hWriteFile, ueCopyBuffer, (DWORD)Size, &rfNumberOfBytesRead, NULL);
}
else
{
WriteFile(hWriteFile, ueCopyBuffer, rfNumberOfBytesRead, &rfNumberOfBytesRead, NULL);
}
SizeToRead = (DWORD)Size;
Size = NULL;
}
else
{
SizeToRead = (DWORD)Size;
Size = NULL;
}
}
else
{
WriteFile(hWriteFile, ueCopyBuffer, rfNumberOfBytesRead, &rfNumberOfBytesRead, NULL);
Size = NULL;
}
}
EngineCloseHandle(hReadFile);
EngineCloseHandle(hWriteFile);
VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE);
return true;
}
else
{
VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE);
} }
} }
} }

1
TitanEngine/TitanEngine.cpp
View File

@ -22,6 +22,7 @@ BOOL APIENTRY DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
case DLL_PROCESS_DETACH: case DLL_PROCESS_DETACH:
if(lpvReserved) if(lpvReserved)
ExtensionManagerPluginReleaseCallBack(); ExtensionManagerPluginReleaseCallBack();
RemoveDirectoryW(engineSzEngineGarbageFolder);
break; break;
} }
return TRUE; return TRUE;

2
TitanEngine/distorm.h
View File

@ -118,7 +118,7 @@ extern "C" {
typedef enum { typedef enum {
Decode16Bits = 0, Decode32Bits = 1, Decode64Bits = 2 Decode16Bits = 0, Decode32Bits = 1, Decode64Bits = 2
} }
_DecodeType; _DecodeType;
typedef OFFSET_INTEGER _OffsetType; typedef OFFSET_INTEGER _OffsetType;

6
TitanEngine/ntdll.h
View File

@ -11,7 +11,8 @@
typedef LONG NTSTATUS; typedef LONG NTSTATUS;
typedef LONG KPRIORITY; typedef LONG KPRIORITY;
typedef struct _CLIENT_ID { typedef struct _CLIENT_ID
{
HANDLE UniqueProcess; HANDLE UniqueProcess;
HANDLE UniqueThread; HANDLE UniqueThread;
} CLIENT_ID, *PCLIENT_ID; } CLIENT_ID, *PCLIENT_ID;
@ -53,7 +54,8 @@ typedef struct _PROCESS_BASIC_INFORMATION
} PROCESS_BASIC_INFORMATION; } PROCESS_BASIC_INFORMATION;
typedef PROCESS_BASIC_INFORMATION *PPROCESS_BASIC_INFORMATION; typedef PROCESS_BASIC_INFORMATION *PPROCESS_BASIC_INFORMATION;
typedef struct _THREAD_BASIC_INFORMATION { typedef struct _THREAD_BASIC_INFORMATION
{
NTSTATUS ExitStatus; NTSTATUS ExitStatus;
PVOID TebBaseAddress; PVOID TebBaseAddress;
CLIENT_ID ClientId; CLIENT_ID ClientId;