- baby steps in better TitanEngine code

TitanEngine/Global.Engine.h

@@ -0,0 +1,50 @@
+#ifndef _GLOBAL_ENGINE_H
+#define _GLOBAL_ENGINE_H
+
+#include <vector>
+
+//Global.Engine.Variables
+extern PROCESS_INFORMATION dbgProcessInformation;
+extern HARDWARE_DATA DebugRegister[4];
+extern HMODULE engineHandle;
+
+extern bool engineAlowModuleLoading;
+extern bool engineCheckForwarders;
+
+extern std::vector<PluginInformation> Plugin;
+
+
+//Global.Engine.Functions
+void EngineExecutePluginReleaseCallBack();
+void EngineExecutePluginResetCallBack();
+void EngineExecutePluginDebugCallBack(LPDEBUG_EVENT debugEvent, int CallReason);
+bool EngineIsThereFreeHardwareBreakSlot(LPDWORD FreeRegister);
+bool EngineFileExists(char* szFileName);
+char* EngineExtractPath(char* szFileName);
+char* EngineExtractFileName(char* szFileName);
+bool EngineCreatePathForFile(char* szFileName);
+bool EngineCreatePathForFileW(wchar_t* szFileName);
+wchar_t* EngineExtractFileNameW(wchar_t* szFileName);
+bool EngineIsPointedMemoryString(ULONG_PTR PossibleStringPtr);
+int EnginePointedMemoryStringLength(ULONG_PTR PossibleStringPtr);
+bool EngineCompareResourceString(wchar_t* String1, wchar_t* String2);
+long long EngineEstimateNewSectionRVA(ULONG_PTR FileMapVA);
+bool EngineExtractForwarderData(ULONG_PTR PossibleStringPtr, LPVOID szFwdDLLName, LPVOID szFwdAPIName);
+bool EngineGrabDataFromMappedFile(HANDLE hFile, ULONG_PTR FileMapVA, ULONG_PTR FileOffset, DWORD CopySize, LPVOID CopyToMemory);
+bool EngineExtractResource(char* szResourceName, wchar_t* szExtractedFileName);
+bool EngineIsDependencyPresent(char* szFileName, char* szDependencyForFile, char* szPresentInFolder);
+bool EngineIsDependencyPresentW(wchar_t* szFileName, wchar_t* szDependencyForFile, wchar_t* szPresentInFolder);
+bool EngineGetDependencyLocation(char* szFileName, char* szDependencyForFile, void* szLocationOfTheFile, int MaxStringSize);
+long EngineHashString(char* szStringToHash);
+long EngineHashMemory(char* MemoryAddress, int MemorySize, DWORD InitialHashValue);
+bool EngineIsBadReadPtrEx(LPVOID DataPointer, DWORD DataSize);
+bool EngineValidateResource(HMODULE hModule, LPCTSTR lpszType, LPTSTR lpszName, LONG_PTR lParam);
+bool EngineValidateHeader(ULONG_PTR FileMapVA, HANDLE hFileProc, LPVOID ImageBase, PIMAGE_DOS_HEADER DOSHeader, bool IsFile);
+long long EngineSimulateNtLoaderW(wchar_t* szFileName);
+long long EngineSimulateNtLoader(char* szFileName);
+long long EngineSimulateDllLoader(HANDLE hProcess, char* szFileName);
+long long EngineGetProcAddress(ULONG_PTR ModuleBase, char* szAPIName);
+bool EngineGetLibraryOrdinalData(ULONG_PTR ModuleBase, LPDWORD ptrOrdinalBase, LPDWORD ptrOrdinalCount);
+long long EngineGlobalAPIHandler(HANDLE handleProcess, ULONG_PTR EnumedModulesBases, ULONG_PTR APIAddress, char* szAPIName, DWORD ReturnType);
+
+#endif //_GLOBAL_ENGINE_H

TitanEngine/Global.Handle.cpp

@@ -0,0 +1,11 @@
+#include "stdafx.h"
+#include "Global.Handle.h"
+
+// Global.Handle.functions:
+bool EngineCloseHandle(HANDLE myHandle)
+{
+    DWORD HandleFlags;
+    if(GetHandleInformation(myHandle, &HandleFlags) && HandleFlags!=HANDLE_FLAG_PROTECT_FROM_CLOSE)
+        return (CloseHandle(myHandle)==TRUE);
+    return false;
+}

TitanEngine/Global.Handle.h

@@ -0,0 +1,6 @@
+#ifndef _GLOBAL_HANDLE_H
+#define _GLOBAL_HANDLE_H
+
+bool EngineCloseHandle(HANDLE myHandle);
+
+#endif //_GLOBAL_HANDLE_H

TitanEngine/Global.Mapping.cpp

@@ -0,0 +1,138 @@
+#include "stdafx.h"
+#include "definitions.h"
+#include "Global.Mapping.h"
+#include "Global.Handle.h"
+
+// Global.Mapping.functions:
+bool MapFileEx(char* szFileName, DWORD ReadOrWrite, LPHANDLE FileHandle, LPDWORD FileSize, LPHANDLE FileMap, LPVOID FileMapVA, DWORD SizeModifier)
+{
+    DWORD FileAccess = 0;
+    DWORD FileMapType = 0;
+    DWORD FileMapViewType = 0;
+
+    if(ReadOrWrite == UE_ACCESS_READ)
+    {
+        FileAccess = GENERIC_READ;
+        FileMapType = PAGE_READONLY;
+        FileMapViewType = FILE_MAP_READ;
+    }
+    else if(ReadOrWrite == UE_ACCESS_WRITE)
+    {
+        FileAccess = GENERIC_WRITE;
+        FileMapType = PAGE_READWRITE;
+        FileMapViewType = FILE_MAP_WRITE;
+    }
+    else if(ReadOrWrite == UE_ACCESS_ALL)
+    {
+        FileAccess = GENERIC_READ+GENERIC_WRITE+GENERIC_EXECUTE;
+        FileMapType = PAGE_EXECUTE_READWRITE;
+        FileMapViewType = FILE_MAP_WRITE;
+    }
+    else
+    {
+        FileAccess = GENERIC_READ+GENERIC_WRITE+GENERIC_EXECUTE;
+        FileMapType = PAGE_EXECUTE_READWRITE;
+        FileMapViewType = FILE_MAP_ALL_ACCESS;
+    }
+
+    HANDLE hFile = CreateFileA(szFileName, FileAccess, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
+    if(hFile != INVALID_HANDLE_VALUE)
+    {
+        *FileHandle = hFile;
+        DWORD mfFileSize = GetFileSize(hFile,NULL);
+        mfFileSize = mfFileSize + SizeModifier;
+        *FileSize = mfFileSize;
+        HANDLE mfFileMap = CreateFileMappingA(hFile, NULL, FileMapType, NULL, mfFileSize, NULL);
+        if(mfFileMap != NULL)
+        {
+            *FileMap = mfFileMap;
+            LPVOID mfFileMapVA = MapViewOfFile(mfFileMap, FileMapViewType, NULL, NULL, NULL);
+            if(mfFileMapVA != NULL)
+            {
+                RtlMoveMemory(FileMapVA, &mfFileMapVA, sizeof ULONG_PTR);
+                return true;
+            }
+        }
+        RtlZeroMemory(FileMapVA, sizeof ULONG_PTR);
+        *FileHandle = NULL;
+        *FileSize = NULL;
+        EngineCloseHandle(hFile);
+    }
+    else
+    {
+        RtlZeroMemory(FileMapVA, sizeof ULONG_PTR);
+    }
+    return false;
+}
+
+bool MapFileExW(wchar_t* szFileName, DWORD ReadOrWrite, LPHANDLE FileHandle, LPDWORD FileSize, LPHANDLE FileMap, LPVOID FileMapVA, DWORD SizeModifier)
+{
+    DWORD FileAccess = 0;
+    DWORD FileMapType = 0;
+    DWORD FileMapViewType = 0;
+
+    if(ReadOrWrite == UE_ACCESS_READ)
+    {
+        FileAccess = GENERIC_READ;
+        FileMapType = PAGE_READONLY;
+        FileMapViewType = FILE_MAP_READ;
+    }
+    else if(ReadOrWrite == UE_ACCESS_WRITE)
+    {
+        FileAccess = GENERIC_WRITE;
+        FileMapType = PAGE_READWRITE;
+        FileMapViewType = FILE_MAP_WRITE;
+    }
+    else if(ReadOrWrite == UE_ACCESS_ALL)
+    {
+        FileAccess = GENERIC_READ+GENERIC_WRITE+GENERIC_EXECUTE;
+        FileMapType = PAGE_EXECUTE_READWRITE;
+        FileMapViewType = FILE_MAP_WRITE;
+    }
+    else
+    {
+        FileAccess = GENERIC_READ+GENERIC_WRITE+GENERIC_EXECUTE;
+        FileMapType = PAGE_EXECUTE_READWRITE;
+        FileMapViewType = FILE_MAP_ALL_ACCESS;
+    }
+
+    HANDLE hFile = CreateFileW(szFileName, FileAccess, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
+    if(hFile != INVALID_HANDLE_VALUE)
+    {
+        *FileHandle = hFile;
+        DWORD mfFileSize = GetFileSize(hFile,NULL);
+        mfFileSize = mfFileSize + SizeModifier;
+        *FileSize = mfFileSize;
+        HANDLE mfFileMap = CreateFileMappingA(hFile, NULL, FileMapType, NULL, mfFileSize, NULL);
+        if(mfFileMap != NULL)
+        {
+            *FileMap = mfFileMap;
+            LPVOID mfFileMapVA = MapViewOfFile(mfFileMap, FileMapViewType, NULL, NULL, NULL);
+            if(mfFileMapVA != NULL)
+            {
+                RtlMoveMemory(FileMapVA, &mfFileMapVA, sizeof ULONG_PTR);
+                return true;
+            }
+        }
+        RtlZeroMemory(FileMapVA, sizeof ULONG_PTR);
+        *FileHandle = NULL;
+        *FileSize = NULL;
+        EngineCloseHandle(hFile);
+    }
+    else
+    {
+        RtlZeroMemory(FileMapVA, sizeof ULONG_PTR);
+    }
+    return false;
+}
+
+void UnMapFileEx(HANDLE FileHandle, DWORD FileSize, HANDLE FileMap, ULONG_PTR FileMapVA)
+{
+    if(UnmapViewOfFile((void*)FileMapVA))
+    {
+        EngineCloseHandle(FileMap);
+        SetFilePointer(FileHandle,FileSize,NULL,FILE_BEGIN);
+        SetEndOfFile(FileHandle);
+        EngineCloseHandle(FileHandle);
+    }
+}

TitanEngine/Global.Mapping.h

@@ -0,0 +1,8 @@
+#ifndef _GLOBAL_MAPPING_H
+#define _GLOBAL_MAPPING_H
+
+bool MapFileEx(char* szFileName, DWORD ReadOrWrite, LPHANDLE FileHandle, LPDWORD FileSize, LPHANDLE FileMap, LPVOID FileMapVA, DWORD SizeModifier);
+bool MapFileExW(wchar_t* szFileName, DWORD ReadOrWrite, LPHANDLE FileHandle, LPDWORD FileSize, LPHANDLE FileMap, LPVOID FileMapVA, DWORD SizeModifier);
+void UnMapFileEx(HANDLE FileHandle, DWORD FileSize, HANDLE FileMap, ULONG_PTR FileMapVA);
+
+#endif //_GLOBAL_MAPPING_H

TitanEngine/TitanEngine.Dumper.cpp

@@ -0,0 +1,3 @@
+#include "stdafx.h"
+#include "TitanEngine.Dumper.h"
+#include "definitions.h"

TitanEngine/TitanEngine.Dumper.h

@@ -0,0 +1,6 @@
+#ifndef _TITANENGINE_DUMPER_H
+#define _TITANENGINE_DUMPER_H
+
+
+
+#endif //_TITANENGINE_DUMPER_H

TitanEngine/TitanEngine.vcxproj

@@ -215,6 +215,9 @@
     </Link>
   </ItemDefinitionGroup>
   <ItemGroup>
+    <ClCompile Include="Global.Engine.cpp" />
+    <ClCompile Include="Global.Handle.cpp" />
+    <ClCompile Include="Global.Mapping.cpp" />
     <ClCompile Include="stdafx.cpp">
       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Create</PrecompiledHeader>
@@ -223,17 +226,22 @@
     </ClCompile>
     <ClCompile Include="TitanEngine.cpp" />
     <ClCompile Include="LzmaDec.cpp" />
+    <ClCompile Include="TitanEngine.Dumper.cpp" />
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="aplib.h" />
     <ClInclude Include="definitions.h" />
     <ClInclude Include="distorm.h" />
+    <ClInclude Include="Global.Engine.h" />
+    <ClInclude Include="Global.Handle.h" />
+    <ClInclude Include="Global.Mapping.h" />
     <ClInclude Include="LzmaDec.h" />
     <ClInclude Include="LzmaTypes.h" />
     <ClInclude Include="resource.h" />
     <ClInclude Include="scylla_wrapper.h" />
     <ClInclude Include="stdafx.h" />
     <ClInclude Include="targetver.h" />
+    <ClInclude Include="TitanEngine.Dumper.h" />
   </ItemGroup>
   <ItemGroup>
     <ResourceCompile Include="TitanEngine.rc" />

TitanEngine/TitanEngine.vcxproj.filters

@@ -22,6 +22,12 @@
     <Filter Include="Resource Files\Images">
       <UniqueIdentifier>{b4e0243e-1a54-40fe-be40-e7cc7a16c3e1}</UniqueIdentifier>
     </Filter>
+    <Filter Include="Header Files\TitanEngine">
+      <UniqueIdentifier>{e6d39ee2-6c2c-444f-a68e-26a14ba4b11a}</UniqueIdentifier>
+    </Filter>
+    <Filter Include="Source Files\TitanEngine">
+      <UniqueIdentifier>{11622163-c50b-481a-9db8-1993dc220a72}</UniqueIdentifier>
+    </Filter>
   </ItemGroup>
   <ItemGroup>
     <ClCompile Include="stdafx.cpp">
@@ -33,6 +39,18 @@
     <ClCompile Include="LzmaDec.cpp">
       <Filter>Source Files\ThirdParty</Filter>
     </ClCompile>
+    <ClCompile Include="TitanEngine.Dumper.cpp">
+      <Filter>Source Files\TitanEngine</Filter>
+    </ClCompile>
+    <ClCompile Include="Global.Mapping.cpp">
+      <Filter>Source Files\TitanEngine</Filter>
+    </ClCompile>
+    <ClCompile Include="Global.Handle.cpp">
+      <Filter>Source Files\TitanEngine</Filter>
+    </ClCompile>
+    <ClCompile Include="Global.Engine.cpp">
+      <Filter>Source Files\TitanEngine</Filter>
+    </ClCompile>
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="resource.h">
@@ -62,6 +80,18 @@
     <ClInclude Include="aplib.h">
       <Filter>Header Files</Filter>
     </ClInclude>
+    <ClInclude Include="TitanEngine.Dumper.h">
+      <Filter>Header Files\TitanEngine</Filter>
+    </ClInclude>
+    <ClInclude Include="Global.Mapping.h">
+      <Filter>Header Files\TitanEngine</Filter>
+    </ClInclude>
+    <ClInclude Include="Global.Handle.h">
+      <Filter>Header Files\TitanEngine</Filter>
+    </ClInclude>
+    <ClInclude Include="Global.Engine.h">
+      <Filter>Header Files\TitanEngine</Filter>
+    </ClInclude>
   </ItemGroup>
   <ItemGroup>
     <ResourceCompile Include="TitanEngine.rc">

TitanEngine/stdafx.h

@@ -239,7 +239,7 @@ typedef struct MEMORY_COMPARE_HANDLER
     } Array;
 } MEMORY_COMPARE_HANDLER, *PMEMORY_COMPARE_HANDLER;
 
-#define MAX_DEBUG_DATA 512
+#define MAX_DEBUG_DATA 65536
 
 typedef struct
 {