x64dbg
/
TitanEngine
mirror of https://github.com/x64dbg/TitanEngine
1
0
Fork 0
Code Releases Activity

- resolved issue #2 

- resolved issue #3
- added a lot of comments inside the DebugLoop function
This commit is contained in:
mr.exodia 2013-10-13 21:06:20 +02:00
parent 6039a0ee83
commit 996003476d
8 changed files with 82 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -8,3 +8,4 @@
*.sdf *.sdf
*.suo *.suo
*.bmarks *.bmarks
TitanEngine/TitanEngine.cscope_file_list

BIN
Release/x32/TitanEngine.dll
View File

Binary file not shown.

BIN
Release/x32/TitanEngine.exp
View File

Binary file not shown.

BIN
Release/x32/TitanEngine.lib
View File

Binary file not shown.

BIN
Release/x64/TitanEngine.dll
View File

Binary file not shown.

BIN
Release/x64/TitanEngine.exp
View File

Binary file not shown.

BIN
Release/x64/TitanEngine.lib
View File

Binary file not shown.

129
TitanEngine/TitanEngine.cpp
View File

@ -621,7 +621,8 @@ wchar_t* EngineExtractFileNameW(wchar_t* szFileName)
} }
if(szFileName[i] == 0x5C) if(szFileName[i] == 0x5C)
{ {
for(j = i + 1; j <= lstrlenW(szFileName); j++) int len=lstrlenW(szFileName);
for(j = i + 1; j <= len; j++)
{ {
engineExtractedFileNameW[x] = szFileName[j]; engineExtractedFileNameW[x] = szFileName[j];
x++; x++;
@ -7410,9 +7411,8 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidEx(char* szFileName, DWORD Che
} }
__declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD CheckDepth, LPVOID FileStatusInfo) __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD CheckDepth, LPVOID FileStatusInfo)
{ {
unsigned int i; unsigned int i;
DWORD ReadData = NULL; ULONG_PTR ReadData = NULL;
DWORD ReadSize = NULL; DWORD ReadSize = NULL;
WORD ReadDataWORD = NULL; WORD ReadDataWORD = NULL;
ULONG_PTR hSimulatedFileLoad; ULONG_PTR hSimulatedFileLoad;
@ -16435,7 +16435,6 @@ __declspec(dllexport) void* TITCALL GetStartupInformation()
} }
__declspec(dllexport) void TITCALL DebugLoop() __declspec(dllexport) void TITCALL DebugLoop()
{ {
int i = NULL; int i = NULL;
int j = NULL; int j = NULL;
int k = NULL; int k = NULL;
@ -16503,7 +16502,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
{ {
EngineExecutePluginDebugCallBack(&DBGEvent, UE_PLUGIN_CALL_REASON_PREDEBUG); EngineExecutePluginDebugCallBack(&DBGEvent, UE_PLUGIN_CALL_REASON_PREDEBUG);
} }
while(!BreakDBG) while(!BreakDBG) //actual debug loop
{ {
WaitForDebugEvent(&DBGEvent, engineWaitForDebugEventTimeOut); WaitForDebugEvent(&DBGEvent, engineWaitForDebugEventTimeOut);
if(engineExecutePluginCallBack) if(engineExecutePluginCallBack)
@ -16523,14 +16522,15 @@ __declspec(dllexport) void TITCALL DebugLoop()
} }
} }
if(DBGEvent.dwDebugEventCode == CREATE_PROCESS_DEBUG_EVENT) if(DBGEvent.dwDebugEventCode == CREATE_PROCESS_DEBUG_EVENT) //debuggee is created
{ {
if(DBGFileHandle == NULL) if(DBGFileHandle == NULL) //we didn't set the handle yet
{ {
DBGEntryPoint = DBGEvent.u.CreateProcessInfo.lpStartAddress; DBGEntryPoint = DBGEvent.u.CreateProcessInfo.lpStartAddress;
DBGFileHandle = DBGEvent.u.CreateProcessInfo.hFile; DBGFileHandle = DBGEvent.u.CreateProcessInfo.hFile;
EngineCloseHandle(DBGFileHandle); //handle is never used inside the code
engineDebuggingMainModuleBase = (unsigned long long) DBGEvent.u.CreateProcessInfo.lpBaseOfImage; engineDebuggingMainModuleBase = (unsigned long long) DBGEvent.u.CreateProcessInfo.lpBaseOfImage;
if(engineAttachedToProcess) if(engineAttachedToProcess) //we attached, set information
{ {
dbgProcessInformation.hProcess = DBGEvent.u.CreateProcessInfo.hProcess; dbgProcessInformation.hProcess = DBGEvent.u.CreateProcessInfo.hProcess;
dbgProcessInformation.hThread = DBGEvent.u.CreateProcessInfo.hThread; dbgProcessInformation.hThread = DBGEvent.u.CreateProcessInfo.hThread;
@ -16540,7 +16540,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
RtlMoveMemory(engineAttachedProcessDebugInfo, &dbgProcessInformation, sizeof PROCESS_INFORMATION); RtlMoveMemory(engineAttachedProcessDebugInfo, &dbgProcessInformation, sizeof PROCESS_INFORMATION);
} }
} }
if(engineDebuggingDLL) if(engineDebuggingDLL) //the DLL loader just started, set DLL names
{ {
#if defined(_WIN64) #if defined(_WIN64)
DLLPatchAddress = (ULONG_PTR)DBGEvent.u.CreateProcessInfo.lpBaseOfImage; DLLPatchAddress = (ULONG_PTR)DBGEvent.u.CreateProcessInfo.lpBaseOfImage;
@ -16552,6 +16552,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
if(!WriteProcessMemory(DBGEvent.u.CreateProcessInfo.hProcess, (LPVOID)DLLPatchAddress, engineDebuggingDLLFullFileName, lstrlenW(engineDebuggingDLLFullFileName) * 2, &NumberOfBytesReadWritten)) if(!WriteProcessMemory(DBGEvent.u.CreateProcessInfo.hProcess, (LPVOID)DLLPatchAddress, engineDebuggingDLLFullFileName, lstrlenW(engineDebuggingDLLFullFileName) * 2, &NumberOfBytesReadWritten))
{ {
StopDebug(); StopDebug();
return;
} }
if(engineReserveModuleBase) //reserve original image base if(engineReserveModuleBase) //reserve original image base
{ {
@ -16597,7 +16598,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
hListThreadPtr->ThreadLocalBase = (void*)DBGEvent.u.CreateProcessInfo.lpThreadLocalBase; hListThreadPtr->ThreadLocalBase = (void*)DBGEvent.u.CreateProcessInfo.lpThreadLocalBase;
hListThreadFirst = false; hListThreadFirst = false;
} }
else else //we have a valid handle already (which means a child process started)
{ {
hListProcessPtr = (PPROCESS_ITEM_DATA)hListProcess; hListProcessPtr = (PPROCESS_ITEM_DATA)hListProcess;
while(hListProcessPtr->hProcess != NULL) while(hListProcessPtr->hProcess != NULL)
@ -16617,6 +16618,8 @@ __declspec(dllexport) void TITCALL DebugLoop()
hListProcessFirst = false; hListProcessFirst = false;
} }
} }
//process created callback
if(DBGCustomHandler->chCreateProcess != NULL) if(DBGCustomHandler->chCreateProcess != NULL)
{ {
myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chCreateProcess); myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chCreateProcess);
@ -16630,18 +16633,15 @@ __declspec(dllexport) void TITCALL DebugLoop()
} }
} }
} }
else if(DBGEvent.dwDebugEventCode == EXIT_PROCESS_DEBUG_EVENT) else if(DBGEvent.dwDebugEventCode == EXIT_PROCESS_DEBUG_EVENT)
{ {
ProcessExitCode = DBGEvent.u.ExitProcess.dwExitCode; ProcessExitCode = DBGEvent.u.ExitProcess.dwExitCode;
if(DBGEvent.dwProcessId == dbgProcessInformation.dwProcessId) DBGCode = DBG_CONTINUE;
{ if(DBGEvent.dwProcessId == dbgProcessInformation.dwProcessId) //main process closed
DBGCode = DBG_CONTINUE;
BreakDBG = true; BreakDBG = true;
}
else //exit process handler
{
DBGCode = DBG_CONTINUE;
}
if(DBGCustomHandler->chExitProcess != NULL) if(DBGCustomHandler->chExitProcess != NULL)
{ {
myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chExitProcess); myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chExitProcess);
@ -16655,8 +16655,10 @@ __declspec(dllexport) void TITCALL DebugLoop()
} }
} }
} }
else if(DBGEvent.dwDebugEventCode == CREATE_THREAD_DEBUG_EVENT) else if(DBGEvent.dwDebugEventCode == CREATE_THREAD_DEBUG_EVENT)
{ {
//maintain thread list
if(hListThread == NULL) if(hListThread == NULL)
{ {
hListThread = VirtualAlloc(NULL, MAX_DEBUG_DATA * sizeof THREAD_ITEM_DATA, MEM_COMMIT, PAGE_READWRITE); hListThread = VirtualAlloc(NULL, MAX_DEBUG_DATA * sizeof THREAD_ITEM_DATA, MEM_COMMIT, PAGE_READWRITE);
@ -16677,6 +16679,8 @@ __declspec(dllexport) void TITCALL DebugLoop()
{ {
} }
//custom handler
if(DBGCustomHandler->chCreateThread != NULL) if(DBGCustomHandler->chCreateThread != NULL)
{ {
myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chCreateThread); myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chCreateThread);
@ -16690,8 +16694,10 @@ __declspec(dllexport) void TITCALL DebugLoop()
} }
} }
} }
else if(DBGEvent.dwDebugEventCode == EXIT_THREAD_DEBUG_EVENT) else if(DBGEvent.dwDebugEventCode == EXIT_THREAD_DEBUG_EVENT)
{ {
//custom handler
if(DBGCustomHandler->chExitThread != NULL) if(DBGCustomHandler->chExitThread != NULL)
{ {
myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chExitThread); myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chExitThread);
@ -16717,6 +16723,8 @@ __declspec(dllexport) void TITCALL DebugLoop()
} }
engineExitThreadOneShootCallBack = NULL; engineExitThreadOneShootCallBack = NULL;
} }
//maintain thread list
hListThreadPtr = (PTHREAD_ITEM_DATA)hListThread; hListThreadPtr = (PTHREAD_ITEM_DATA)hListThread;
while(hListThreadPtr->hThread != NULL && hListThreadPtr->dwThreadId != DBGEvent.dwThreadId) while(hListThreadPtr->hThread != NULL && hListThreadPtr->dwThreadId != DBGEvent.dwThreadId)
{ {
@ -16730,8 +16738,10 @@ __declspec(dllexport) void TITCALL DebugLoop()
hListThreadPtr->ThreadStartAddress = NULL; hListThreadPtr->ThreadStartAddress = NULL;
} }
} }
else if(DBGEvent.dwDebugEventCode == LOAD_DLL_DEBUG_EVENT) else if(DBGEvent.dwDebugEventCode == LOAD_DLL_DEBUG_EVENT)
{ {
//maintain library list
if(hListLibrary == NULL) if(hListLibrary == NULL)
{ {
hListLibrary = VirtualAlloc(NULL, MAX_DEBUG_DATA * sizeof LIBRARY_ITEM_DATAW, MEM_COMMIT, PAGE_READWRITE); hListLibrary = VirtualAlloc(NULL, MAX_DEBUG_DATA * sizeof LIBRARY_ITEM_DATAW, MEM_COMMIT, PAGE_READWRITE);
@ -16829,6 +16839,8 @@ __declspec(dllexport) void TITCALL DebugLoop()
} }
} }
} }
//loadDLL callback
if(DBGCustomHandler->chLoadDll != NULL) if(DBGCustomHandler->chLoadDll != NULL)
{ {
myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chLoadDll); myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chLoadDll);
@ -16842,8 +16854,10 @@ __declspec(dllexport) void TITCALL DebugLoop()
} }
} }
} }
else if(DBGEvent.dwDebugEventCode == UNLOAD_DLL_DEBUG_EVENT) else if(DBGEvent.dwDebugEventCode == UNLOAD_DLL_DEBUG_EVENT)
{ {
//unload DLL callback
if(DBGCustomHandler->chUnloadDll != NULL) if(DBGCustomHandler->chUnloadDll != NULL)
{ {
myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chUnloadDll); myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chUnloadDll);
@ -16856,6 +16870,8 @@ __declspec(dllexport) void TITCALL DebugLoop()
DBGCustomHandler->chUnloadDll = NULL; DBGCustomHandler->chUnloadDll = NULL;
} }
} }
//maintain library list
k = NULL; k = NULL;
ptrLibrarianData = (PLIBRARY_BREAK_DATA)LibrarianData; ptrLibrarianData = (PLIBRARY_BREAK_DATA)LibrarianData;
hLoadedLibData = (PLIBRARY_ITEM_DATAW)LibrarianGetLibraryInfoEx(DBGEvent.u.UnloadDll.lpBaseOfDll); hLoadedLibData = (PLIBRARY_ITEM_DATAW)LibrarianGetLibraryInfoEx(DBGEvent.u.UnloadDll.lpBaseOfDll);
@ -16917,8 +16933,10 @@ __declspec(dllexport) void TITCALL DebugLoop()
} }
} }
} }
else if(DBGEvent.dwDebugEventCode == OUTPUT_DEBUG_STRING_EVENT) else if(DBGEvent.dwDebugEventCode == OUTPUT_DEBUG_STRING_EVENT)
{ {
//debug string callback
if(DBGCustomHandler->chOutputDebugString != NULL) if(DBGCustomHandler->chOutputDebugString != NULL)
{ {
myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chOutputDebugString); myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chOutputDebugString);
@ -16932,9 +16950,10 @@ __declspec(dllexport) void TITCALL DebugLoop()
} }
} }
} }
else if(DBGEvent.dwDebugEventCode == EXCEPTION_DEBUG_EVENT) else if(DBGEvent.dwDebugEventCode == EXCEPTION_DEBUG_EVENT)
{ {
//bool firstchance=false; //NOTE: useless callback?
if(DBGCustomHandler->chEverythingElse != NULL) if(DBGCustomHandler->chEverythingElse != NULL)
{ {
myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chEverythingElse); myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chEverythingElse);
@ -16949,6 +16968,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
} }
if(DBGEvent.u.Exception.dwFirstChance == FALSE) //second chance exception if(DBGEvent.u.Exception.dwFirstChance == FALSE) //second chance exception
{ {
//NOTE: unclear behavious of ->Pass<- all exceptions (not to debuggee, but to debugger)
if(!enginePassAllExceptions) if(!enginePassAllExceptions)
{ {
DBGCode = DBG_CONTINUE; DBGCode = DBG_CONTINUE;
@ -16961,20 +16981,10 @@ __declspec(dllexport) void TITCALL DebugLoop()
} }
//handle different exception codes //handle different exception codes
//NOTE: breakpoint exception
if(DBGEvent.u.Exception.ExceptionRecord.ExceptionCode == STATUS_BREAKPOINT) if(DBGEvent.u.Exception.ExceptionRecord.ExceptionCode == STATUS_BREAKPOINT)
{ {
/*if(DBGCustomHandler->chBreakPoint != NULL)
{
myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chBreakPoint);
__try
{
myCustomHandler(&DBGEvent.u.Exception.ExceptionRecord);
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
DBGCustomHandler->chBreakPoint = NULL;
}
}*/
MaximumBreakPoints = 0; MaximumBreakPoints = 0;
for(MaximumBreakPoints = 0; MaximumBreakPoints < BreakPointSetCount; MaximumBreakPoints++) for(MaximumBreakPoints = 0; MaximumBreakPoints < BreakPointSetCount; MaximumBreakPoints++)
{ {
@ -16993,7 +17003,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, &BreakPointBuffer[MaximumBreakPoints].OriginalByte[0], BreakPointBuffer[MaximumBreakPoints].BreakPointSize, &NumberOfBytesReadWritten)) if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)BreakPointBuffer[MaximumBreakPoints].BreakPointAddress, &BreakPointBuffer[MaximumBreakPoints].OriginalByte[0], BreakPointBuffer[MaximumBreakPoints].BreakPointSize, &NumberOfBytesReadWritten))
{ {
DBGCode = DBG_CONTINUE; DBGCode = DBG_CONTINUE;
hActiveThread = OpenThread(THREAD_GET_CONTEXT+THREAD_SET_CONTEXT+THREAD_QUERY_INFORMATION, false, DBGEvent.dwThreadId); hActiveThread = OpenThread(THREAD_GET_CONTEXT|THREAD_SET_CONTEXT|THREAD_QUERY_INFORMATION, false, DBGEvent.dwThreadId);
myDBGContext.ContextFlags = CONTEXT_ALL; myDBGContext.ContextFlags = CONTEXT_ALL;
GetThreadContext(hActiveThread, &myDBGContext); GetThreadContext(hActiveThread, &myDBGContext);
if(BreakPointBuffer[MaximumBreakPoints].BreakPointType != UE_SINGLESHOOT) if(BreakPointBuffer[MaximumBreakPoints].BreakPointType != UE_SINGLESHOOT)
@ -17171,9 +17181,9 @@ __declspec(dllexport) void TITCALL DebugLoop()
DBGCode = DBG_EXCEPTION_NOT_HANDLED; DBGCode = DBG_EXCEPTION_NOT_HANDLED;
} }
} }
else else //breakpoint not in list
{ {
if(!FirstBPX) if(!FirstBPX) //program generated a breakpoint exception
{ {
DBGCode = DBG_EXCEPTION_NOT_HANDLED; DBGCode = DBG_EXCEPTION_NOT_HANDLED;
if(DBGCustomHandler->chBreakPoint != NULL) if(DBGCustomHandler->chBreakPoint != NULL)
@ -17189,8 +17199,9 @@ __declspec(dllexport) void TITCALL DebugLoop()
} }
} }
} }
else //first breakpoint else //system breakpoint
{ {
FirstBPX = false;
DBGCode = DBG_CONTINUE; DBGCode = DBG_CONTINUE;
if(engineAttachedToProcess) if(engineAttachedToProcess)
{ {
@ -17206,13 +17217,13 @@ __declspec(dllexport) void TITCALL DebugLoop()
} }
if(engineAutoHideFromDebugger) if(engineAutoHideFromDebugger)
{ {
HideDebugger(dbgProcessInformation.hProcess, NULL); HideDebugger(dbgProcessInformation.hProcess, UE_HIDE_BASIC);
} }
if(DebugExeFileEntryPointCallBack != NULL) if(DebugExeFileEntryPointCallBack != NULL) //set entry breakpoint
{ {
SetBPX((ULONG_PTR)DBGEntryPoint, UE_SINGLESHOOT, DebugExeFileEntryPointCallBack); SetBPX((ULONG_PTR)DBGEntryPoint, UE_SINGLESHOOT, DebugExeFileEntryPointCallBack);
} }
if(engineTLSBreakOnCallBack) if(engineTLSBreakOnCallBack) //set TLS callback breakpoints
{ {
i = NULL; i = NULL;
while(tlsCallBackList[i] != NULL) while(tlsCallBackList[i] != NULL)
@ -17224,7 +17235,8 @@ __declspec(dllexport) void TITCALL DebugLoop()
engineTLSBreakOnCallBackAddress = NULL; engineTLSBreakOnCallBackAddress = NULL;
engineTLSBreakOnCallBack = false; engineTLSBreakOnCallBack = false;
} }
FirstBPX = false;
//system breakpoint callback
if(DBGCustomHandler->chSystemBreakpoint != NULL) if(DBGCustomHandler->chSystemBreakpoint != NULL)
{ {
myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chSystemBreakpoint); myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chSystemBreakpoint);
@ -17240,9 +17252,10 @@ __declspec(dllexport) void TITCALL DebugLoop()
} }
} }
} }
//NOTE: single step exception
else if(DBGEvent.u.Exception.ExceptionRecord.ExceptionCode == STATUS_SINGLE_STEP) else if(DBGEvent.u.Exception.ExceptionRecord.ExceptionCode == STATUS_SINGLE_STEP)
{ {
if(ResetBPX == true || ResetHwBPX == true || ResetMemBPX == true) if(ResetBPX == true || ResetHwBPX == true || ResetMemBPX == true) //restore breakpoints (internal step)
{ {
DBGCode = DBG_CONTINUE; DBGCode = DBG_CONTINUE;
if(ResetBPX) //restore 'normal' breakpoint if(ResetBPX) //restore 'normal' breakpoint
@ -17492,14 +17505,14 @@ __declspec(dllexport) void TITCALL DebugLoop()
DBGCode = DBG_EXCEPTION_NOT_HANDLED; DBGCode = DBG_EXCEPTION_NOT_HANDLED;
} }
} }
else else //debuggee generated exception
{ {
DBGCode = DBG_EXCEPTION_NOT_HANDLED; DBGCode = DBG_EXCEPTION_NOT_HANDLED;
} }
EngineCloseHandle(hActiveThread); EngineCloseHandle(hActiveThread);
} }
} }
if(DBGCode==DBG_EXCEPTION_NOT_HANDLED) if(DBGCode==DBG_EXCEPTION_NOT_HANDLED) //NOTE: only call the chSingleStep callback when the debuggee generated the exception
{ {
if(DBGCustomHandler->chSingleStep != NULL) if(DBGCustomHandler->chSingleStep != NULL)
{ {
@ -17515,6 +17528,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
} }
} }
} }
//NOTE: guard page exception
else if(DBGEvent.u.Exception.ExceptionRecord.ExceptionCode == STATUS_GUARD_PAGE_VIOLATION) else if(DBGEvent.u.Exception.ExceptionRecord.ExceptionCode == STATUS_GUARD_PAGE_VIOLATION)
{ {
MemoryBpxFound = false; MemoryBpxFound = false;
@ -17703,9 +17717,11 @@ __declspec(dllexport) void TITCALL DebugLoop()
{ {
DBGCode = DBG_EXCEPTION_NOT_HANDLED; DBGCode = DBG_EXCEPTION_NOT_HANDLED;
} }
//debuggee generated GUARD_PAGE exception
if(DBGCode==DBG_EXCEPTION_NOT_HANDLED) if(DBGCode==DBG_EXCEPTION_NOT_HANDLED)
{ {
//TODO: re-set memory breakpoint? //TODO: restore memory breakpoint?
if(DBGCustomHandler->chPageGuard != NULL) if(DBGCustomHandler->chPageGuard != NULL)
{ {
myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chPageGuard); myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chPageGuard);
@ -17720,6 +17736,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
} }
} }
} }
//NOTE: access violation exception
else if(DBGEvent.u.Exception.ExceptionRecord.ExceptionCode == STATUS_ACCESS_VIOLATION) else if(DBGEvent.u.Exception.ExceptionRecord.ExceptionCode == STATUS_ACCESS_VIOLATION)
{ {
DBGCode = DBG_EXCEPTION_NOT_HANDLED; DBGCode = DBG_EXCEPTION_NOT_HANDLED;
@ -17736,8 +17753,10 @@ __declspec(dllexport) void TITCALL DebugLoop()
} }
} }
} }
//NOTE: illegal instruction exception
else if(DBGEvent.u.Exception.ExceptionRecord.ExceptionCode == STATUS_ILLEGAL_INSTRUCTION) else if(DBGEvent.u.Exception.ExceptionRecord.ExceptionCode == STATUS_ILLEGAL_INSTRUCTION)
{ {
//UD2 breakpoint
MaximumBreakPoints = 0; MaximumBreakPoints = 0;
for(MaximumBreakPoints = 0; MaximumBreakPoints < BreakPointSetCount; MaximumBreakPoints++) for(MaximumBreakPoints = 0; MaximumBreakPoints < BreakPointSetCount; MaximumBreakPoints++)
{ {
@ -17933,7 +17952,8 @@ __declspec(dllexport) void TITCALL DebugLoop()
{ {
DBGCode = DBG_EXCEPTION_NOT_HANDLED; DBGCode = DBG_EXCEPTION_NOT_HANDLED;
} }
if(DBGCode==DBG_EXCEPTION_NOT_HANDLED) //call custom handler //application-generated exception
if(DBGCode==DBG_EXCEPTION_NOT_HANDLED)
{ {
if(DBGCustomHandler->chIllegalInstruction != NULL) if(DBGCustomHandler->chIllegalInstruction != NULL)
{ {
@ -17949,6 +17969,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
} }
} }
} }
//NOTE: uncontinuable exception
else if(DBGEvent.u.Exception.ExceptionRecord.ExceptionCode == STATUS_NONCONTINUABLE_EXCEPTION) else if(DBGEvent.u.Exception.ExceptionRecord.ExceptionCode == STATUS_NONCONTINUABLE_EXCEPTION)
{ {
DBGCode = DBG_EXCEPTION_NOT_HANDLED; DBGCode = DBG_EXCEPTION_NOT_HANDLED;
@ -17965,6 +17986,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
} }
} }
} }
//NOTE: array bounds exception
else if(DBGEvent.u.Exception.ExceptionRecord.ExceptionCode == STATUS_ARRAY_BOUNDS_EXCEEDED) else if(DBGEvent.u.Exception.ExceptionRecord.ExceptionCode == STATUS_ARRAY_BOUNDS_EXCEEDED)
{ {
DBGCode = DBG_EXCEPTION_NOT_HANDLED; DBGCode = DBG_EXCEPTION_NOT_HANDLED;
@ -17981,6 +18003,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
} }
} }
} }
//NOTE: float denormal operand exception
else if(DBGEvent.u.Exception.ExceptionRecord.ExceptionCode == STATUS_FLOAT_DENORMAL_OPERAND) else if(DBGEvent.u.Exception.ExceptionRecord.ExceptionCode == STATUS_FLOAT_DENORMAL_OPERAND)
{ {
DBGCode = DBG_EXCEPTION_NOT_HANDLED; DBGCode = DBG_EXCEPTION_NOT_HANDLED;
@ -17997,6 +18020,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
} }
} }
} }
//NOTE: float devide by zero exception
else if(DBGEvent.u.Exception.ExceptionRecord.ExceptionCode == STATUS_FLOAT_DIVIDE_BY_ZERO) else if(DBGEvent.u.Exception.ExceptionRecord.ExceptionCode == STATUS_FLOAT_DIVIDE_BY_ZERO)
{ {
DBGCode = DBG_EXCEPTION_NOT_HANDLED; DBGCode = DBG_EXCEPTION_NOT_HANDLED;
@ -18013,6 +18037,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
} }
} }
} }
//NOTE: devide by zero exception
else if(DBGEvent.u.Exception.ExceptionRecord.ExceptionCode == STATUS_INTEGER_DIVIDE_BY_ZERO) else if(DBGEvent.u.Exception.ExceptionRecord.ExceptionCode == STATUS_INTEGER_DIVIDE_BY_ZERO)
{ {
DBGCode = DBG_EXCEPTION_NOT_HANDLED; DBGCode = DBG_EXCEPTION_NOT_HANDLED;
@ -18029,6 +18054,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
} }
} }
} }
//NOTE: integer overflow exception
else if(DBGEvent.u.Exception.ExceptionRecord.ExceptionCode == STATUS_INTEGER_OVERFLOW) else if(DBGEvent.u.Exception.ExceptionRecord.ExceptionCode == STATUS_INTEGER_OVERFLOW)
{ {
DBGCode = DBG_EXCEPTION_NOT_HANDLED; DBGCode = DBG_EXCEPTION_NOT_HANDLED;
@ -18045,6 +18071,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
} }
} }
} }
//NOTE: privileged instruction exception
else if(DBGEvent.u.Exception.ExceptionRecord.ExceptionCode == STATUS_PRIVILEGED_INSTRUCTION) else if(DBGEvent.u.Exception.ExceptionRecord.ExceptionCode == STATUS_PRIVILEGED_INSTRUCTION)
{ {
DBGCode = DBG_EXCEPTION_NOT_HANDLED; DBGCode = DBG_EXCEPTION_NOT_HANDLED;
@ -18062,7 +18089,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
} }
} }
//post exception handling (for debugger exceptions) //general unhandled exception callback
if(DBGCode==DBG_EXCEPTION_NOT_HANDLED) if(DBGCode==DBG_EXCEPTION_NOT_HANDLED)
{ {
if(DBGCustomHandler->chUnhandledException != NULL) if(DBGCustomHandler->chUnhandledException != NULL)
@ -18079,6 +18106,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
} }
} }
//general after-exception callback (includes debugger exceptions)
if(DBGCustomHandler->chAfterException != NULL) if(DBGCustomHandler->chAfterException != NULL)
{ {
myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chAfterException); myCustomHandler = (fCustomHandler)((LPVOID)DBGCustomHandler->chAfterException);
@ -18093,7 +18121,6 @@ __declspec(dllexport) void TITCALL DebugLoop()
} }
} }
//after handling of debug codes
if(engineResumeProcessIfNoThreadIsActive) if(engineResumeProcessIfNoThreadIsActive)
{ {
if(!ThreaderIsAnyThreadActive()) if(!ThreaderIsAnyThreadActive())
@ -18101,12 +18128,13 @@ __declspec(dllexport) void TITCALL DebugLoop()
ThreaderResumeProcess(); ThreaderResumeProcess();
} }
} }
if(!ContinueDebugEvent(DBGEvent.dwProcessId, DBGEvent.dwThreadId, DBGCode)) if(!ContinueDebugEvent(DBGEvent.dwProcessId, DBGEvent.dwThreadId, DBGCode)) //continue debugging
{ {
break; break;
} }
} }
if(!SecondChance)
if(!SecondChance) //debugger didn't close with a second chance exception (normal exit)
{ {
RtlMoveMemory(&TerminateDBGEvent, &DBGEvent, sizeof DEBUG_EVENT); RtlMoveMemory(&TerminateDBGEvent, &DBGEvent, sizeof DEBUG_EVENT);
} }
@ -26922,13 +26950,16 @@ __declspec(dllexport) void TITCALL StaticFileClose(HANDLE FileHandle)
} }
__declspec(dllexport) void TITCALL StaticMemoryDecrypt(LPVOID MemoryStart, DWORD MemorySize, DWORD DecryptionType, DWORD DecryptionKeySize, ULONG_PTR DecryptionKey) __declspec(dllexport) void TITCALL StaticMemoryDecrypt(LPVOID MemoryStart, DWORD MemorySize, DWORD DecryptionType, DWORD DecryptionKeySize, ULONG_PTR DecryptionKey)
{ {
DWORD LoopCount = NULL; DWORD LoopCount = NULL;
BYTE DataByte = NULL; BYTE DataByte = NULL;
WORD DataWord = NULL; WORD DataWord = NULL;
DWORD DataDword = NULL; DWORD DataDword = NULL;
ULONG_PTR DataQword = NULL; ULONG_PTR DataQword = NULL;
//ignore too big stuff
if(DecryptionKeySize>sizeof(ULONG_PTR))
return;
if(MemoryStart != NULL && MemorySize > NULL) if(MemoryStart != NULL && MemorySize > NULL)
{ {
LoopCount = MemorySize / DecryptionKeySize; LoopCount = MemorySize / DecryptionKeySize;