x64dbg
/
TitanEngine
mirror of https://github.com/x64dbg/TitanEngine
1
0
Fork 0
Code Releases Activity

- fixed EngineSetDebugPrivilege 

- added function EngineOpenProcess (with debug privilege option)
- added UE_ENGINE_SET_DEBUG_PRIVILEGE
- added debug privileges before CreateProcess and DebugActiveProcess
- remove debug privilege from the child process
- dumper/handler/importer/process now use EngineOpenProcess
This commit is contained in:
Mr. eXoDia 2014-04-16 17:14:20 +02:00
parent 1ce0b5f838
commit 98f71dbad6
19 changed files with 90 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
SDK/C/TitanEngine.h
View File

@ -51,6 +51,7 @@
#define UE_ENGINE_CALL_PLUGIN_CALLBACK 6
#define UE_ENGINE_RESET_CUSTOM_HANDLER 7
#define UE_ENGINE_CALL_PLUGIN_DEBUG_CALLBACK 8
#define UE_ENGINE_SET_DEBUG_PRIVILEGE 9
#define UE_OPTION_REMOVEALL 1
#define UE_OPTION_DISABLEALL 2

1
SDK/CPP/TitanEngine.h
View File

@ -51,6 +51,7 @@ const BYTE UE_ENGINE_BACKUP_FOR_CRITICAL_FUNCTIONS = 5;
const BYTE UE_ENGINE_CALL_PLUGIN_CALLBACK = 6;
const BYTE UE_ENGINE_RESET_CUSTOM_HANDLER = 7;
const BYTE UE_ENGINE_CALL_PLUGIN_DEBUG_CALLBACK = 8;
const BYTE UE_ENGINE_SET_DEBUG_PRIVILEGE = 9;
const BYTE UE_OPTION_REMOVEALL = 1;
const BYTE UE_OPTION_DISABLEALL = 2;

3
SDK/CPP/TitanEngine.hpp
View File

@ -70,7 +70,8 @@ enum eEngineVariable : DWORD
UE_ENGINE_BACKUP_FOR_CRITICAL_FUNCTIONS = UE::UE_ENGINE_BACKUP_FOR_CRITICAL_FUNCTIONS,
UE_ENGINE_CALL_PLUGIN_CALLBACK = UE::UE_ENGINE_CALL_PLUGIN_CALLBACK,
UE_ENGINE_RESET_CUSTOM_HANDLER = UE::UE_ENGINE_RESET_CUSTOM_HANDLER,
UE_ENGINE_CALL_PLUGIN_DEBUG_CALLBACK = UE::UE_ENGINE_CALL_PLUGIN_DEBUG_CALLBACK
UE_ENGINE_CALL_PLUGIN_DEBUG_CALLBACK = UE::UE_ENGINE_CALL_PLUGIN_DEBUG_CALLBACK,
UE_ENGINE_SET_DEBUG_PRIVILEGE = UE::UE_ENGINE_SET_DEBUG_PRIVILEGE
};
enum eBPRemoveOption : DWORD

1
SDK/Delphi/TitanEngine.pas
View File

@ -336,6 +336,7 @@ const
UE_ENGINE_CALL_PLUGIN_CALLBACK = 6;
UE_ENGINE_RESET_CUSTOM_HANDLER = 7;
UE_ENGINE_CALL_PLUGIN_DEBUG_CALLBACK = 8;
UE_ENGINE_SET_DEBUG_PRIVILEGE = 9;
UE_OPTION_REMOVEALL = 1;
UE_OPTION_DISABLEALL = 2;

1
SDK/LUA/TitanEngine.lua
View File

@ -36,6 +36,7 @@ UE_ENGINE_BACKUP_FOR_CRITICAL_FUNCTIONS = 5
UE_ENGINE_CALL_PLUGIN_CALLBACK = 6
UE_ENGINE_RESET_CUSTOM_HANDLER = 7
UE_ENGINE_CALL_PLUGIN_DEBUG_CALLBACK = 8
UE_ENGINE_SET_DEBUG_PRIVILEGE = 9
UE_OPTION_REMOVEALL = 1
UE_OPTION_DISABLEALL = 2

1
SDK/MASM/TitanEngine.INC
View File

@ -23,6 +23,7 @@ UE_ENGINE_BACKUP_FOR_CRITICAL_FUNCTIONS EQU 5
UE_ENGINE_CALL_PLUGIN_CALLBACK EQU 6
UE_ENGINE_RESET_CUSTOM_HANDLER EQU 7
UE_ENGINE_CALL_PLUGIN_DEBUG_CALLBACK EQU 8
UE_ENGINE_SET_DEBUG_PRIVILEGE EQU 9
UE_OPTION_REMOVEALL EQU 1
UE_OPTION_DISABLEALL EQU 2
UE_OPTION_REMOVEALLDISABLED EQU 3

1
SDK/Python/TitanEngine.py
View File

@ -27,6 +27,7 @@ UE_ENGINE_BACKUP_FOR_CRITICAL_FUNCTIONS = 5
UE_ENGINE_CALL_PLUGIN_CALLBACK = 6
UE_ENGINE_RESET_CUSTOM_HANDLER = 7
UE_ENGINE_CALL_PLUGIN_DEBUG_CALLBACK = 8
UE_ENGINE_SET_DEBUG_PRIVILEGE = 9
UE_OPTION_REMOVEALL = 1
UE_OPTION_DISABLEALL = 2

1
TitanEngine/Global.Debugger.cpp
View File

@ -18,6 +18,7 @@ ULONG_PTR DebugReserveModuleBase = NULL;
ULONG_PTR DebugDebuggingMainModuleBase = NULL;
ULONG_PTR DebugDebuggingDLLBase = NULL;
bool DebugAttachedToProcess = false;
bool DebugRemoveDebugPrivilege = false;
bool DebugDebuggingDLL = false;
wchar_t* DebugDebuggingDLLFullFileName;
wchar_t* DebugDebuggingDLLFileName;

1
TitanEngine/Global.Debugger.h
View File

@ -15,6 +15,7 @@ extern ULONG_PTR DebugModuleEntryPoint;
extern ULONG_PTR DebugModuleImageBase;
extern ULONG_PTR DebugAttachedProcessCallBack;
extern bool DebugAttachedToProcess;
extern bool DebugRemoveDebugPrivilege;
extern ULONG_PTR DebugReserveModuleBase;
extern ULONG_PTR DebugDebuggingMainModuleBase;
extern ULONG_PTR DebugDebuggingDLLBase;

23
TitanEngine/Global.Engine.cpp
View File

@ -17,6 +17,7 @@ bool engineRemoveConsoleForDebugee = false;
bool enginePassAllExceptions = true;
bool engineExecutePluginCallBack = true;
bool engineAutoHideFromDebugger = false; // hardcoded
bool engineEnableDebugPrivilege = false;
char engineFoundDLLName[512] = {0};
char engineFoundAPIName[512] = {0};
@ -2037,7 +2038,11 @@ DWORD EngineSetDebugPrivilege(HANDLE hProcess, bool bEnablePrivilege)
memset(&tokenPrivileges, 0, sizeof(TOKEN_PRIVILEGES));
LUID luid;
if(!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &luid))
return false;
{
dwLastError = GetLastError();
CloseHandle(hToken);
return dwLastError;
}
tokenPrivileges.PrivilegeCount = 1;
tokenPrivileges.Privileges[0].Luid = luid;
if(bEnablePrivilege)
@ -2045,5 +2050,19 @@ DWORD EngineSetDebugPrivilege(HANDLE hProcess, bool bEnablePrivilege)
else
tokenPrivileges.Privileges[0].Attributes = 0;
AdjustTokenPrivileges(hToken, FALSE, &tokenPrivileges, sizeof(TOKEN_PRIVILEGES), NULL, NULL);
return GetLastError();
dwLastError = GetLastError();
CloseHandle(hToken);
return dwLastError;
}
HANDLE EngineOpenProcess(DWORD dwDesiredAccess, bool bInheritHandle, DWORD dwProcessId)
{
if(engineEnableDebugPrivilege)
EngineSetDebugPrivilege(GetCurrentProcess(), true);
HANDLE hProcess = OpenProcess(dwDesiredAccess, bInheritHandle, dwProcessId);
DWORD dwLastError = GetLastError();
if(engineEnableDebugPrivilege)
EngineSetDebugPrivilege(GetCurrentProcess(), false);
SetLastError(dwLastError);
return hProcess;
}

2
TitanEngine/Global.Engine.h
View File

@ -20,6 +20,7 @@ extern bool engineRemoveConsoleForDebugee;
extern bool enginePassAllExceptions;
extern bool engineExecutePluginCallBack;
extern bool engineAutoHideFromDebugger;
extern bool engineEnableDebugPrivilege;
//Global.Engine.Functions
void EngineInit();
@ -52,5 +53,6 @@ ULONG_PTR EngineGetProcAddress(ULONG_PTR ModuleBase, char* szAPIName);
bool EngineGetLibraryOrdinalData(ULONG_PTR ModuleBase, LPDWORD ptrOrdinalBase, LPDWORD ptrOrdinalCount);
ULONG_PTR EngineGlobalAPIHandler(HANDLE handleProcess, ULONG_PTR EnumedModulesBases, ULONG_PTR APIAddress, const char* szAPIName, DWORD ReturnType);
DWORD EngineSetDebugPrivilege(HANDLE hProcess, bool bEnablePrivilege);
HANDLE EngineOpenProcess(DWORD dwDesiredAccess, bool bInheritHandle, DWORD dwProcessId);
#endif //_GLOBAL_ENGINE_H

7
TitanEngine/TitanEngine.Debugger.DebugLoop.cpp
View File

@ -26,6 +26,8 @@ __declspec(dllexport) void TITCALL DebugLoop()
bool hListThreadFirst = true;
bool hListLibraryFirst = true;
bool MemoryBpxFound = false;
bool RemoveDebugPrivilege = DebugRemoveDebugPrivilege; //store the flag in a local variable
DebugRemoveDebugPrivilege = false; //reset this flag
PLIBRARY_ITEM_DATAW hLoadedLibData = NULL;
PLIBRARY_BREAK_DATA ptrLibrarianData = NULL;
typedef void(TITCALL *fCustomBreakPoint)(void);
@ -87,7 +89,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
{
case CREATE_PROCESS_DEBUG_EVENT:
{
if(DBGFileHandle == NULL) //we didn't set the handle yet
if(DBGFileHandle == NULL) //we didn't set the handle yet (initial process)
{
DBGEntryPoint = DBGEvent.u.CreateProcessInfo.lpStartAddress;
DBGFileHandle = DBGEvent.u.CreateProcessInfo.hFile;
@ -137,6 +139,9 @@ __declspec(dllexport) void TITCALL DebugLoop()
NewThreadData.ThreadStartAddress = (void*)DBGEvent.u.CreateProcessInfo.lpStartAddress;
NewThreadData.ThreadLocalBase = (void*)DBGEvent.u.CreateProcessInfo.lpThreadLocalBase;
hListThread.push_back(NewThreadData);
//remove debug privilege from child process
if(RemoveDebugPrivilege)
EngineSetDebugPrivilege(DBGEvent.u.CreateProcessInfo.hProcess, false);
}
//update process list
PROCESS_ITEM_DATA NewProcessItem;

41
TitanEngine/TitanEngine.Debugger.cpp
View File

@ -11,7 +11,6 @@ static wchar_t szBackupDebuggedFileName[512];
// TitanEngine.Debugger.functions:
__declspec(dllexport) void* TITCALL InitDebug(char* szFileName, char* szCommandLine, char* szCurrentFolder)
{
wchar_t* PtrUniFileName = NULL;
wchar_t uniFileName[MAX_PATH] = {};
wchar_t* PtrUniCommandLine = NULL;
@ -55,10 +54,17 @@ __declspec(dllexport) void* TITCALL InitDebugW(wchar_t* szFileName, wchar_t* szC
DebugConsoleFlag = CREATE_NO_WINDOW;
}
std::vector<BreakPointDetail>().swap(BreakPointBuffer);
if(engineEnableDebugPrivilege)
{
EngineSetDebugPrivilege(GetCurrentProcess(), true);
DebugRemoveDebugPrivilege = true;
}
if(szCommandLine == NULL)
{
if(CreateProcessW(szFileName, NULL, NULL, NULL, false, DEBUG_PROCESS|DEBUG_ONLY_THIS_PROCESS|DebugConsoleFlag|CREATE_NEW_CONSOLE, NULL, szCurrentFolder, &dbgStartupInfo, &dbgProcessInformation))
{
if(engineEnableDebugPrivilege)
EngineSetDebugPrivilege(GetCurrentProcess(), false);
DebugAttachedToProcess = false;
DebugAttachedProcessCallBack = NULL;
std::vector<BreakPointDetail>().swap(BreakPointBuffer);
@ -66,6 +72,11 @@ __declspec(dllexport) void* TITCALL InitDebugW(wchar_t* szFileName, wchar_t* szC
}
else
{
if(engineEnableDebugPrivilege)
{
EngineSetDebugPrivilege(GetCurrentProcess(), false);
DebugRemoveDebugPrivilege = false;
}
RtlZeroMemory(&dbgProcessInformation,sizeof PROCESS_INFORMATION);
return(0);
}
@ -75,6 +86,8 @@ __declspec(dllexport) void* TITCALL InitDebugW(wchar_t* szFileName, wchar_t* szC
wsprintfW(szCreateWithCmdLine, L"\"%s\" %s", szFileName, szCommandLine);
if(CreateProcessW(NULL, szCreateWithCmdLine, NULL, NULL, false, DEBUG_PROCESS|DEBUG_ONLY_THIS_PROCESS|DebugConsoleFlag|CREATE_NEW_CONSOLE, NULL, szCurrentFolder, &dbgStartupInfo, &dbgProcessInformation))
{
if(engineEnableDebugPrivilege)
EngineSetDebugPrivilege(GetCurrentProcess(), false);
DebugAttachedToProcess = false;
DebugAttachedProcessCallBack = NULL;
std::vector<BreakPointDetail>().swap(BreakPointBuffer);
@ -82,6 +95,11 @@ __declspec(dllexport) void* TITCALL InitDebugW(wchar_t* szFileName, wchar_t* szC
}
else
{
if(engineEnableDebugPrivilege)
{
EngineSetDebugPrivilege(GetCurrentProcess(), false);
DebugRemoveDebugPrivilege = false;
}
RtlZeroMemory(&dbgProcessInformation,sizeof PROCESS_INFORMATION);
return(0);
}
@ -191,11 +209,7 @@ __declspec(dllexport) void* TITCALL InitDLLDebugW(wchar_t* szFileName, bool Rese
DebugModuleEntryPointCallBack = EntryCallBack;
return(InitDebugW(szDebuggerName, szCommandLine, szCurrentFolder));
}
else
{
return(NULL);
}
return(NULL);
return 0;
}
__declspec(dllexport) bool TITCALL StopDebug()
@ -207,15 +221,11 @@ __declspec(dllexport) bool TITCALL StopDebug()
Sleep(10); //allow thread switching
return true;
}
else
{
return false;
}
}
__declspec(dllexport) bool TITCALL AttachDebugger(DWORD ProcessId, bool KillOnExit, LPVOID DebugInfo, LPVOID CallBack)
{
typedef void(WINAPI *fDebugSetProcessKillOnExit)(bool KillExitingDebugee);
fDebugSetProcessKillOnExit myDebugSetProcessKillOnExit;
LPVOID funcDebugSetProcessKillOnExit = NULL;
@ -223,8 +233,15 @@ __declspec(dllexport) bool TITCALL AttachDebugger(DWORD ProcessId, bool KillOnEx
if(ProcessId != NULL && dbgProcessInformation.hProcess == NULL)
{
std::vector<BreakPointDetail>().swap(BreakPointBuffer);
if(engineEnableDebugPrivilege)
{
EngineSetDebugPrivilege(GetCurrentProcess(), true);
DebugRemoveDebugPrivilege = true;
}
if(DebugActiveProcess(ProcessId))
{
if(engineEnableDebugPrivilege)
EngineSetDebugPrivilege(GetCurrentProcess(), false);
if(KillOnExit)
{
funcDebugSetProcessKillOnExit = GetProcAddress(GetModuleHandleA("kernel32.dll"), "DebugSetProcessKillOnExit");
@ -246,10 +263,6 @@ __declspec(dllexport) bool TITCALL AttachDebugger(DWORD ProcessId, bool KillOnEx
return true;
}
}
else
{
return false;
}
return false;
}

8
TitanEngine/TitanEngine.Dumper.cpp
View File

@ -274,7 +274,7 @@ __declspec(dllexport) bool TITCALL DumpProcessExW(DWORD ProcessId, LPVOID ImageB
HANDLE hProcess = 0;
bool ReturnValue = false;
hProcess = OpenProcess(PROCESS_VM_READ|PROCESS_QUERY_INFORMATION, FALSE, ProcessId);
hProcess = EngineOpenProcess(PROCESS_VM_READ|PROCESS_QUERY_INFORMATION, FALSE, ProcessId);
if(hProcess)
{
ReturnValue = DumpProcessW(hProcess, ImageBase, szDumpFileName, EntryPoint);
@ -364,7 +364,7 @@ __declspec(dllexport) bool TITCALL DumpMemoryExW(DWORD ProcessId, LPVOID MemoryS
HANDLE hProcess = 0;
bool ReturnValue = false;
hProcess = OpenProcess(PROCESS_VM_READ|PROCESS_QUERY_INFORMATION, FALSE, ProcessId);
hProcess = EngineOpenProcess(PROCESS_VM_READ|PROCESS_QUERY_INFORMATION, FALSE, ProcessId);
if(hProcess)
{
ReturnValue = DumpMemoryW(hProcess, MemoryStart, MemorySize, szDumpFileName);
@ -466,7 +466,7 @@ __declspec(dllexport) bool TITCALL DumpRegionsExW(DWORD ProcessId, wchar_t* szDu
HANDLE hProcess = 0;
bool ReturnValue = false;
hProcess = OpenProcess(PROCESS_VM_READ|PROCESS_QUERY_INFORMATION, FALSE, ProcessId);
hProcess = EngineOpenProcess(PROCESS_VM_READ|PROCESS_QUERY_INFORMATION, FALSE, ProcessId);
if(hProcess)
{
ReturnValue = DumpRegionsW(hProcess, szDumpFolder, DumpAboveImageBaseOnly);
@ -537,7 +537,7 @@ __declspec(dllexport) bool TITCALL DumpModuleExW(DWORD ProcessId, LPVOID ModuleB
HANDLE hProcess = 0;
bool ReturnValue = false;
hProcess = OpenProcess(PROCESS_VM_READ|PROCESS_QUERY_INFORMATION, FALSE, ProcessId);
hProcess = EngineOpenProcess(PROCESS_VM_READ|PROCESS_QUERY_INFORMATION, FALSE, ProcessId);
if(hProcess) //If the function fails, the return value is NULL. To get extended error information, call GetLastError.
{
ReturnValue = DumpModuleW(hProcess, ModuleBase, szDumpFileName);

4
TitanEngine/TitanEngine.Engine.cpp
View File

@ -38,6 +38,10 @@ __declspec(dllexport) void TITCALL SetEngineVariable(DWORD VariableId, bool Vari
{
engineExecutePluginCallBack = VariableSet;
}
else if(VariableId == UE_ENGINE_SET_DEBUG_PRIVILEGE)
{
engineEnableDebugPrivilege = VariableSet;
}
}
__declspec(dllexport) bool TITCALL EngineCreateMissingDependencies(char* szFileName, char* szOutputFolder, bool LogCreatedFiles)

10
TitanEngine/TitanEngine.Handler.cpp
View File

@ -1,7 +1,7 @@
#include "stdafx.h"
#include "definitions.h"
#include "Global.Handle.h"
#include "Global.Engine.h"
bool NtQuerySysHandleInfo(DynBuf& buf)
{
@ -334,7 +334,7 @@ __declspec(dllexport) long TITCALL HandlerEnumerateLockHandlesW(wchar_t* szFileO
{
EngineCloseHandle(hProcess);
}
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_DUP_HANDLE, false, HandleInfo->ProcessId);
hProcess = EngineOpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_DUP_HANDLE, false, HandleInfo->ProcessId);
LastProcessId = HandleInfo->ProcessId;
}
if(hProcess != NULL)
@ -441,7 +441,7 @@ __declspec(dllexport) bool TITCALL HandlerCloseAllLockHandlesW(wchar_t* szFileOr
{
EngineCloseHandle(hProcess);
}
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_DUP_HANDLE, false, HandleInfo->ProcessId);
hProcess = EngineOpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_DUP_HANDLE, false, HandleInfo->ProcessId);
LastProcessId = HandleInfo->ProcessId;
}
if(hProcess != NULL)
@ -544,7 +544,7 @@ __declspec(dllexport) bool TITCALL HandlerIsFileLockedW(wchar_t* szFileOrFolderN
{
EngineCloseHandle(hProcess);
}
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_DUP_HANDLE, false, HandleInfo->ProcessId);
hProcess = EngineOpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_DUP_HANDLE, false, HandleInfo->ProcessId);
LastProcessId = HandleInfo->ProcessId;
}
if(hProcess != NULL)
@ -749,7 +749,7 @@ __declspec(dllexport) long TITCALL HandlerGetProcessIdWhichCreatedMutexW(wchar_t
{
EngineCloseHandle(hProcess);
}
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_DUP_HANDLE, FALSE, HandleInfo->ProcessId);
hProcess = EngineOpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_DUP_HANDLE, FALSE, HandleInfo->ProcessId);
LastProcessId = HandleInfo->ProcessId;
}
if(hProcess != NULL)

4
TitanEngine/TitanEngine.Importer.cpp
View File

@ -555,7 +555,7 @@ __declspec(dllexport) void TITCALL ImporterAutoSearchIATEx(DWORD ProcessId, ULON
{
if(GetTempFileNameW(szTempFolder, L"DumpTemp", GetTickCount() + 102, szTempName))
{
HANDLE hProcess = OpenProcess(PROCESS_VM_READ|PROCESS_QUERY_INFORMATION, FALSE, ProcessId);
HANDLE hProcess = EngineOpenProcess(PROCESS_VM_READ|PROCESS_QUERY_INFORMATION, FALSE, ProcessId);
DumpProcessW(hProcess, (LPVOID)ImageBase, szTempName, NULL);
ImporterAutoSearchIATW(ProcessId, szTempName, SearchStart, pIATStart, pIATSize);
@ -609,7 +609,7 @@ __declspec(dllexport) long TITCALL ImporterAutoFixIATExW(DWORD ProcessId, wchar_
//do we need to dump first?
if(DumpRunningProcess)
{
HANDLE hProcess = OpenProcess(PROCESS_VM_READ|PROCESS_QUERY_INFORMATION, FALSE, ProcessId);
HANDLE hProcess = EngineOpenProcess(PROCESS_VM_READ|PROCESS_QUERY_INFORMATION, FALSE, ProcessId);
if(!DumpProcessW(hProcess, (LPVOID)ImageBase, szDumpedFile, EntryPointAddress))
{

4
TitanEngine/TitanEngine.Process.cpp
View File

@ -36,7 +36,7 @@ __declspec(dllexport) long TITCALL GetActiveProcessIdW(wchar_t* szImageName)
{
if(bProcessId[i] != NULL)
{
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, false, bProcessId[i]);
hProcess = EngineOpenProcess(PROCESS_QUERY_INFORMATION, false, bProcessId[i]);
if(hProcess != NULL)
{
if(GetProcessImageFileNameW(hProcess, szProcessPath, _countof(szProcessPath)) > NULL)
@ -96,7 +96,7 @@ __declspec(dllexport) void TITCALL EnumProcessesWithLibrary(char* szLibraryName,
{
if(bProcessId[i] != NULL)
{
hProcess = OpenProcess(PROCESS_VM_READ|PROCESS_QUERY_INFORMATION, 0, bProcessId[i]);
hProcess = EngineOpenProcess(PROCESS_VM_READ|PROCESS_QUERY_INFORMATION, 0, bProcessId[i]);
if(hProcess != NULL)
{
RtlZeroMemory(EnumeratedModules, sizeof(EnumeratedModules));

1
TitanEngine/stdafx.h
View File

@ -362,6 +362,7 @@ typedef struct HOOK_ENTRY
#define UE_ENGINE_CALL_PLUGIN_CALLBACK 6
#define UE_ENGINE_RESET_CUSTOM_HANDLER 7
#define UE_ENGINE_CALL_PLUGIN_DEBUG_CALLBACK 8
#define UE_ENGINE_SET_DEBUG_PRIVILEGE 9
#define UE_OPTION_REMOVEALL 1
#define UE_OPTION_DISABLEALL 2