x64dbg
/
TitanEngine
mirror of https://github.com/x64dbg/TitanEngine
1
0
Fork 0
Code Releases Activity

- resolved issue #22 (dll debugging not working) 

- resolved hanging functions in TitanEngine.PE.*
- fixed issues with differences between debug and release builds (caused crashes)
This commit is contained in:
Mr. eXoDia 2014-03-09 22:40:18 +01:00
parent c51b7ac6bb
commit 97e00e86a4
16 changed files with 295 additions and 391 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
TitanEngine/Global.Debugger.cpp
View File

@ -35,6 +35,7 @@ DWORD DBGCode = DBG_CONTINUE;
bool engineFileIsBeingDebugged = false;
ULONG_PTR engineFakeDLLHandle = NULL;
LPVOID engineAttachedProcessDebugInfo = NULL;
wchar_t szDebuggerName[512];
// Global.Debugger.functions:
long DebugLoopInSecondThread(LPVOID InputParameter)

1
TitanEngine/Global.Debugger.h
View File

@ -35,6 +35,7 @@ extern DWORD DBGCode;
extern bool engineFileIsBeingDebugged;
extern ULONG_PTR engineFakeDLLHandle;
extern LPVOID engineAttachedProcessDebugInfo;
extern wchar_t szDebuggerName[512];
long DebugLoopInSecondThread(LPVOID InputParameter);
void DebuggerReset();

102
TitanEngine/Global.Engine.cpp
View File

@ -51,6 +51,7 @@ void EngineInit()
{
lstrcpyW(engineSzEngineGarbageFolder, engineSzEngineFolder);
lstrcatW(engineSzEngineGarbageFolder, L"garbage\\");
CreateDirectoryW(engineSzEngineGarbageFolder, 0);
}
EngineInitPlugins(engineSzEngineFolder);
}
@ -152,80 +153,53 @@ char* EngineExtractFileName(char* szFileName)
return(engineExtractedFileName);
}
bool EngineCreatePathForFile(char* szFileName)
void EngineCreatePathForFile(char* szFileName)
{
int i,j;
char szFolderName[2 * MAX_PATH] = {};
char szCreateFolder[2 * MAX_PATH] = {};
if(engineCreatePathForFiles)
int len=lstrlenA(szFileName);
while(szFileName[len]!='\\' && len)
len--;
char szFolderName[MAX_PATH]="";
lstrcpyA(szFolderName, szFileName);
if(len)
szFolderName[len+1]='\0';
else //just a filename
return;
lstrcatA(szFolderName, "\\");
len=lstrlenA(szFolderName);
char szCreateFolder[MAX_PATH]="";
for(int i=3; i<len; i++)
{
i = lstrlenA(szFileName);
while(szFileName[i] != '\\' && i > NULL)
if(szFolderName[i]=='\\')
{
i--;
}
if(i != NULL)
{
RtlMoveMemory(szFolderName, szFileName, i + 1);
if(!CreateDirectoryA(szFolderName, NULL))
{
if(GetLastError() != ERROR_ALREADY_EXISTS)
{
j = lstrlenA(szFolderName);
for(i = 4; i < j; i++)
{
if(szFileName[i] == '\\')
{
RtlZeroMemory(szCreateFolder, 2 * MAX_PATH);
RtlCopyMemory(szCreateFolder, szFileName, i + 1);
return !!CreateDirectoryA(szCreateFolder, NULL);
lstrcpyA(szCreateFolder, szFolderName);
szCreateFolder[i]='\0';
CreateDirectoryA(szCreateFolder, 0);
}
}
}
}
}
}
return true;
}
bool EngineCreatePathForFileW(wchar_t* szFileName)
void EngineCreatePathForFileW(wchar_t* szFileName)
{
int i,j;
wchar_t szFolderName[MAX_PATH] = {};
wchar_t szCreateFolder[MAX_PATH] = {};
if(engineCreatePathForFiles)
int len=lstrlenW(szFileName);
while(szFileName[len]!=L'\\' && len)
len--;
wchar_t szFolderName[MAX_PATH]=L"";
lstrcpyW(szFolderName, szFileName);
if(len)
szFolderName[len+1]=L'\0';
else //just a filename
return;
len=lstrlenW(szFolderName);
wchar_t szCreateFolder[MAX_PATH]=L"";
for(int i=3; i<len; i++)
{
i = lstrlenW(szFileName);
while(szFileName[i] != '\\' && i > 0)
if(szFolderName[i]=='\\')
{
i--;
}
if(i != 0)
{
RtlCopyMemory(szFolderName, szFileName, (i * 2) + 2);
if(!CreateDirectoryW(szFolderName, NULL))
{
if(GetLastError() != ERROR_ALREADY_EXISTS)
{
j = lstrlenW(szFolderName);
for(i = 4; i < j; i++)
{
if(szFileName[i] == '\\')
{
RtlZeroMemory(szCreateFolder, 2 * MAX_PATH);
RtlCopyMemory(szCreateFolder, szFileName, (i * 2) + 1);
return !!CreateDirectoryW(szCreateFolder, NULL);
lstrcpyW(szCreateFolder, szFolderName);
szCreateFolder[i]='\0';
CreateDirectoryW(szCreateFolder, 0);
}
}
}
}
}
}
return true;
}
wchar_t* EngineExtractFileNameW(wchar_t* szFileName)
@ -512,8 +486,7 @@ bool EngineExtractResource(char* szResourceName, wchar_t* szExtractedFileName)
{
ResourceSize = SizeofResource(engineHandle, hResource);
ResourceData = LockResource(hResourceGlobal);
if(EngineCreatePathForFileW(szExtractedFileName))
{
EngineCreatePathForFileW(szExtractedFileName);
hFile = CreateFileW(szExtractedFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
if(hFile != INVALID_HANDLE_VALUE)
{
@ -526,7 +499,6 @@ bool EngineExtractResource(char* szResourceName, wchar_t* szExtractedFileName)
}
}
}
}
return false;
}

4
TitanEngine/Global.Engine.h
View File

@ -27,8 +27,8 @@ bool EngineIsThereFreeHardwareBreakSlot(LPDWORD FreeRegister);
bool EngineFileExists(char* szFileName);
char* EngineExtractPath(char* szFileName);
char* EngineExtractFileName(char* szFileName);
bool EngineCreatePathForFile(char* szFileName);
bool EngineCreatePathForFileW(wchar_t* szFileName);
void EngineCreatePathForFile(char* szFileName);
void EngineCreatePathForFileW(wchar_t* szFileName);
wchar_t* EngineExtractFileNameW(wchar_t* szFileName);
bool EngineIsPointedMemoryString(ULONG_PTR PossibleStringPtr);
int EnginePointedMemoryStringLength(ULONG_PTR PossibleStringPtr);

11
TitanEngine/Global.Garbage.cpp
View File

@ -11,24 +11,17 @@ wchar_t engineSzEngineGarbageFolder[MAX_PATH];
// Global.Garbage.functions:
bool CreateGarbageItem(void* outGargabeItem, int MaxGargabeStringSize)
{
bool Created = false;
wchar_t szGarbageItem[512];
wchar_t szGargabeItemBuff[128];
while(!Created)
{
RtlZeroMemory(&szGarbageItem, sizeof szGarbageItem);
RtlZeroMemory(&szGargabeItemBuff, sizeof szGargabeItemBuff);
srand((unsigned int)time(NULL));
wsprintfW(szGargabeItemBuff, L"Junk-%08x\\", (rand() % 128 + 1) * (rand() % 128 + 1) + (rand() % 1024 + 1));
lstrcpyW(szGarbageItem, engineSzEngineGarbageFolder);
lstrcatW(szGarbageItem, szGargabeItemBuff);
if(EngineCreatePathForFileW(szGarbageItem))
{
Created = true;
}
}
EngineCreatePathForFileW(szGarbageItem);
if(lstrlenW(szGarbageItem) * 2 >= MaxGargabeStringSize)
{
RtlMoveMemory(outGargabeItem, &szGarbageItem, MaxGargabeStringSize);

33
TitanEngine/TitanEngine.Debugger.Control.cpp
View File

@ -42,39 +42,8 @@ __declspec(dllexport) void TITCALL ForceClose()
StopDebug();
}
RtlZeroMemory(&dbgProcessInformation, sizeof PROCESS_INFORMATION);
/*if(DebugDebuggingDLL)
{
RtlZeroMemory(&szTempName, sizeof szTempName);
RtlZeroMemory(&szTempFolder, sizeof szTempFolder);
if(GetTempPathW(MAX_PATH, szTempFolder) < MAX_PATH)
{
if(GetTempFileNameW(szTempFolder, L"DeleteTempFile", GetTickCount(), szTempName))
{
DeleteFileW(szTempName);
if(!MoveFileW(szDebuggerName, szTempName))
{
if(DebugDebuggingDLL)
DeleteFileW(szDebuggerName);
}
else
{
DeleteFileW(szTempName);
}
}
RtlZeroMemory(&szTempName, sizeof szTempName);
if(GetTempFileNameW(szTempFolder, L"DeleteTempFile", GetTickCount() + 1, szTempName))
{
DeleteFileW(szTempName);
if(!MoveFileW(szReserveModuleName, szTempName))
{
DeleteFileW(szReserveModuleName);
}
else
{
DeleteFileW(szTempName);
}
}
}
}*/
DebugDebuggingDLL = false;
DebugExeFileEntryPointCallBack = NULL;
}

37
TitanEngine/TitanEngine.Debugger.cpp
View File

@ -8,7 +8,6 @@
#include <vector>
static wchar_t szBackupDebuggedFileName[512];
static wchar_t szDebuggerName[512];
// TitanEngine.Debugger.functions:
__declspec(dllexport) void* TITCALL InitDebug(char* szFileName, char* szCommandLine, char* szCurrentFolder)
@ -150,17 +149,16 @@ __declspec(dllexport) void* TITCALL InitDLLDebugW(wchar_t* szFileName, bool Rese
}
lstrcpyW(szDebuggerName, szFileName);
i = lstrlenW(szDebuggerName);
while(szDebuggerName[i] != 0x5C && i >= NULL)
while(szDebuggerName[i] != '\\' && i)
{
i--;
}
if(i > NULL)
if(i)
{
szDebuggerName[i+1] = 0x00;
#ifdef _WIN64
lstrcpyW(szDebuggerName, L"DLLLoader64.exe");
lstrcpyW(szDebuggerName+i+1, L"DLLLoader64.exe");
#else
lstrcpyW(szDebuggerName, L"DLLLoader32.exe");
lstrcpyW(szDebuggerName+i+1, L"DLLLoader32.exe");
#endif
}
else
@ -171,21 +169,10 @@ __declspec(dllexport) void* TITCALL InitDLLDebugW(wchar_t* szFileName, bool Rese
lstrcpyW(szDebuggerName, L"DLLLoader32.exe");
#endif
}
//RtlZeroMemory(&szReserveModuleName, sizeof szReserveModuleName);
//lstrcpyW(szReserveModuleName, szFileName);
//lstrcatW(szReserveModuleName, L".module");
#if defined(_WIN64)
ReturnData = EngineExtractResource("LOADERx64", szDebuggerName);
/*if(ReserveModuleBase)
{
EngineExtractResource("MODULEx64", szReserveModuleName);
}*/
ReturnData = EngineExtractResource("LOADERX64", szDebuggerName);
#else
ReturnData = EngineExtractResource("LOADERx86", szDebuggerName);
/*if(ReserveModuleBase)
{
EngineExtractResource("MODULEx86", szReserveModuleName);
}*/
ReturnData = EngineExtractResource("LOADERX86", szDebuggerName);
#endif
if(ReturnData)
{
@ -195,24 +182,14 @@ __declspec(dllexport) void* TITCALL InitDLLDebugW(wchar_t* szFileName, bool Rese
{
i--;
}
/*j = lstrlenW(szReserveModuleName);
while(szReserveModuleName[j] != 0x5C && j >= NULL)
{
j--;
}*/
DebugDebuggingDLLBase = NULL;
DebugDebuggingMainModuleBase = NULL;
DebugDebuggingDLLFullFileName = szFileName;
DebugDebuggingDLLFileName = &szFileName[i+1];
//DebugDebuggingDLLReserveFileName = &szReserveModuleName[j+1];
DebugModuleImageBase = (ULONG_PTR)GetPE32DataW(szFileName, NULL, UE_IMAGEBASE);
DebugReserveModuleBase = DebugModuleImageBase;
DebugModuleEntryPoint = (ULONG_PTR)GetPE32DataW(szFileName, NULL, UE_OEP);
DebugModuleEntryPointCallBack = EntryCallBack;
/*if(ReserveModuleBase)
{
RelocaterChangeFileBaseW(szReserveModuleName, DebugModuleImageBase);
}*/
return(InitDebugW(szDebuggerName, szCommandLine, szCurrentFolder));
}
else
@ -221,12 +198,14 @@ __declspec(dllexport) void* TITCALL InitDLLDebugW(wchar_t* szFileName, bool Rese
}
return(NULL);
}
__declspec(dllexport) bool TITCALL StopDebug()
{
if(dbgProcessInformation.hProcess != NULL)
{
TerminateThread(dbgProcessInformation.hThread, NULL);
TerminateProcess(dbgProcessInformation.hProcess, NULL);
Sleep(10); //allow thread switching
return true;
}
else

4
TitanEngine/TitanEngine.PE.Overlay.cpp
View File

@ -182,8 +182,7 @@ __declspec(dllexport) bool TITCALL ExtractOverlayW(wchar_t* szFileName, wchar_t*
hFile = CreateFileW(szFileName, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
if(hFile != INVALID_HANDLE_VALUE)
{
if(EngineCreatePathForFileW(szExtactedFileName))
{
EngineCreatePathForFileW(szExtactedFileName);
hFileWrite = CreateFileW(szExtactedFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
if(hFileWrite != INVALID_HANDLE_VALUE)
{
@ -234,7 +233,6 @@ __declspec(dllexport) bool TITCALL ExtractOverlayW(wchar_t* szFileName, wchar_t*
}
}
}
}
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
return false;
}

8
TitanEngine/TitanEngine.PE.Section.cpp
View File

@ -63,8 +63,7 @@ __declspec(dllexport) bool TITCALL ExtractSectionW(wchar_t* szFileName, wchar_t*
if(SectionNumber <= PEHeader32->FileHeader.NumberOfSections)
{
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + SectionNumber * IMAGE_SIZEOF_SECTION_HEADER);
if(EngineCreatePathForFileW(szDumpFileName))
{
EngineCreatePathForFileW(szDumpFileName);
hFile = CreateFileW(szDumpFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
if(hFile != INVALID_HANDLE_VALUE)
{
@ -84,7 +83,6 @@ __declspec(dllexport) bool TITCALL ExtractSectionW(wchar_t* szFileName, wchar_t*
}
}
}
}
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return false;
}
@ -94,8 +92,7 @@ __declspec(dllexport) bool TITCALL ExtractSectionW(wchar_t* szFileName, wchar_t*
if(SectionNumber <= PEHeader64->FileHeader.NumberOfSections)
{
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + SectionNumber * IMAGE_SIZEOF_SECTION_HEADER);
if(EngineCreatePathForFileW(szDumpFileName))
{
EngineCreatePathForFileW(szDumpFileName);
hFile = CreateFileW(szDumpFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
if(hFile != INVALID_HANDLE_VALUE)
{
@ -115,7 +112,6 @@ __declspec(dllexport) bool TITCALL ExtractSectionW(wchar_t* szFileName, wchar_t*
}
}
}
}
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return false;
}

4
TitanEngine/TitanEngine.Resourcer.cpp
View File

@ -45,8 +45,7 @@ __declspec(dllexport) bool TITCALL ResourcerExtractResourceFromFileEx(ULONG_PTR
{
ResourceSize = SizeofResource((HMODULE)FileMapVA, hResource);
ResourceData = LockResource(hResourceGlobal);
if(EngineCreatePathForFile(szExtractedFileName))
{
EngineCreatePathForFile(szExtractedFileName);
hFile = CreateFileA(szExtractedFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
if(hFile != INVALID_HANDLE_VALUE)
{
@ -58,7 +57,6 @@ __declspec(dllexport) bool TITCALL ResourcerExtractResourceFromFileEx(ULONG_PTR
return false;
}
}
}
return true;
}
return false;

12
TitanEngine/TitanEngine.Static.cpp
View File

@ -477,8 +477,7 @@ __declspec(dllexport) bool TITCALL StaticRawMemoryCopyW(HANDLE hFile, ULONG_PTR
ueCopyBuffer = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE);
if(ueCopyBuffer != NULL)
{
if(EngineCreatePathForFileW(szDumpFileName))
{
EngineCreatePathForFileW(szDumpFileName);
hWriteFile = CreateFileW(szDumpFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
if(hWriteFile != INVALID_HANDLE_VALUE)
{
@ -535,7 +534,6 @@ __declspec(dllexport) bool TITCALL StaticRawMemoryCopyW(HANDLE hFile, ULONG_PTR
}
}
}
}
EngineCloseHandle(hReadFile);
}
}
@ -572,8 +570,7 @@ __declspec(dllexport) bool TITCALL StaticRawMemoryCopyExW(HANDLE hFile, DWORD Ra
ueCopyBuffer = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE);
if(ueCopyBuffer != NULL)
{
if(EngineCreatePathForFileW(szDumpFileName))
{
EngineCreatePathForFileW(szDumpFileName);
hWriteFile = CreateFileW(szDumpFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
if(hWriteFile != INVALID_HANDLE_VALUE)
{
@ -630,7 +627,6 @@ __declspec(dllexport) bool TITCALL StaticRawMemoryCopyExW(HANDLE hFile, DWORD Ra
}
}
}
}
EngineCloseHandle(hReadFile);
}
return false;
@ -670,8 +666,7 @@ __declspec(dllexport) bool TITCALL StaticRawMemoryCopyEx64W(HANDLE hFile, DWORD6
ueCopyBuffer = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE);
if(ueCopyBuffer != NULL)
{
if(EngineCreatePathForFileW(szDumpFileName))
{
EngineCreatePathForFileW(szDumpFileName);
hWriteFile = CreateFileW(szDumpFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
if(hWriteFile != INVALID_HANDLE_VALUE)
{
@ -728,7 +723,6 @@ __declspec(dllexport) bool TITCALL StaticRawMemoryCopyEx64W(HANDLE hFile, DWORD6
}
}
}
}
EngineCloseHandle(hReadFile);
}
return false;

1
TitanEngine/TitanEngine.cpp
View File

@ -22,6 +22,7 @@ BOOL APIENTRY DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
case DLL_PROCESS_DETACH:
if(lpvReserved)
ExtensionManagerPluginReleaseCallBack();
RemoveDirectoryW(engineSzEngineGarbageFolder);
break;
}
return TRUE;

2
TitanEngine/distorm.h
View File

@ -118,7 +118,7 @@ extern "C" {
typedef enum {
Decode16Bits = 0, Decode32Bits = 1, Decode64Bits = 2
}
_DecodeType;
_DecodeType;
typedef OFFSET_INTEGER _OffsetType;

6
TitanEngine/ntdll.h
View File

@ -11,7 +11,8 @@
typedef LONG NTSTATUS;
typedef LONG KPRIORITY;
typedef struct _CLIENT_ID {
typedef struct _CLIENT_ID
{
HANDLE UniqueProcess;
HANDLE UniqueThread;
} CLIENT_ID, *PCLIENT_ID;
@ -53,7 +54,8 @@ typedef struct _PROCESS_BASIC_INFORMATION
} PROCESS_BASIC_INFORMATION;
typedef PROCESS_BASIC_INFORMATION *PPROCESS_BASIC_INFORMATION;
typedef struct _THREAD_BASIC_INFORMATION {
typedef struct _THREAD_BASIC_INFORMATION
{
NTSTATUS ExitStatus;
PVOID TebBaseAddress;
CLIENT_ID ClientId;