diff --git a/SDK/C/TitanEngine.h b/SDK/C/TitanEngine.h index 4f8e118..6b24eba 100644 --- a/SDK/C/TitanEngine.h +++ b/SDK/C/TitanEngine.h @@ -567,6 +567,7 @@ __declspec(dllexport) long long TITCALL ConvertVAtoFileOffset(ULONG_PTR FileMapV __declspec(dllexport) long long TITCALL ConvertVAtoFileOffsetEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool AddressIsRVA, bool ReturnType); __declspec(dllexport) long long TITCALL ConvertFileOffsetToVA(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType); __declspec(dllexport) long long TITCALL ConvertFileOffsetToVAEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool ReturnType); +__declspec(dllexport) bool TITCALL ReadProcessMemoryEnforce(HANDLE hProcess, LPVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T * lpNumberOfBytesRead); // TitanEngine.Realigner.functions: __declspec(dllexport) bool TITCALL FixHeaderCheckSum(char* szFileName); __declspec(dllexport) bool TITCALL FixHeaderCheckSumW(wchar_t* szFileName); @@ -584,6 +585,8 @@ __declspec(dllexport) bool TITCALL IsFileDLLW(wchar_t* szFileName, ULONG_PTR Fil // TitanEngine.Hider.functions: __declspec(dllexport) void* TITCALL GetPEBLocation(HANDLE hProcess); __declspec(dllexport) void* TITCALL GetPEBLocation64(HANDLE hProcess); +__declspec(dllexport) void* TITCALL GetTEBLocation(HANDLE hThread); +__declspec(dllexport) void* TITCALL GetTEBLocation64(HANDLE hThread); __declspec(dllexport) bool TITCALL HideDebugger(HANDLE hProcess, DWORD PatchAPILevel); __declspec(dllexport) bool TITCALL UnHideDebugger(HANDLE hProcess, DWORD PatchAPILevel); // TitanEngine.Relocater.functions: diff --git a/SDK/CPP/TitanEngine.h b/SDK/CPP/TitanEngine.h index 6bda2fc..4f8f11c 100644 --- a/SDK/CPP/TitanEngine.h +++ b/SDK/CPP/TitanEngine.h @@ -566,6 +566,7 @@ __declspec(dllimport) long long TITCALL ConvertVAtoFileOffset(ULONG_PTR FileMapV __declspec(dllimport) long long TITCALL ConvertVAtoFileOffsetEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool AddressIsRVA, bool ReturnType); __declspec(dllimport) long long TITCALL ConvertFileOffsetToVA(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType); __declspec(dllimport) long long TITCALL ConvertFileOffsetToVAEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool ReturnType); +__declspec(dllimport) bool TITCALL ReadProcessMemoryEnforce(HANDLE hProcess, LPVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T * lpNumberOfBytesRead); // TitanEngine.Realigner.functions: __declspec(dllimport) bool TITCALL FixHeaderCheckSum(char* szFileName); __declspec(dllimport) bool TITCALL FixHeaderCheckSumW(wchar_t* szFileName); @@ -583,6 +584,8 @@ __declspec(dllimport) bool TITCALL IsFileDLLW(wchar_t* szFileName, ULONG_PTR Fil // TitanEngine.Hider.functions: __declspec(dllimport) void* TITCALL GetPEBLocation(HANDLE hProcess); __declspec(dllimport) void* TITCALL GetPEBLocation64(HANDLE hProcess); +__declspec(dllimport) void* TITCALL GetTEBLocation(HANDLE hThread); +__declspec(dllimport) void* TITCALL GetTEBLocation64(HANDLE hThread); __declspec(dllimport) bool TITCALL HideDebugger(HANDLE hProcess, DWORD PatchAPILevel); __declspec(dllimport) bool TITCALL UnHideDebugger(HANDLE hProcess, DWORD PatchAPILevel); // TitanEngine.Relocater.functions: diff --git a/TitanEngine/TitanEngine.Dumper.cpp b/TitanEngine/TitanEngine.Dumper.cpp index 13fbc3f..5e2be2c 100644 --- a/TitanEngine/TitanEngine.Dumper.cpp +++ b/TitanEngine/TitanEngine.Dumper.cpp @@ -359,7 +359,7 @@ __declspec(dllexport) bool TITCALL ReadProcessMemoryEnforce(HANDLE hProcess, LPV { if (ReadProcessMemory(hProcess, lpBaseAddress, lpBuffer, nSize, pNumBytes)) { - retValue = false; + retValue = true; } VirtualProtectEx(hProcess, lpBaseAddress, nSize, dwProtect, &dwProtect); } diff --git a/TitanEngine/TitanEngine.def b/TitanEngine/TitanEngine.def index 7cd2745..243a817 100644 --- a/TitanEngine/TitanEngine.def +++ b/TitanEngine/TitanEngine.def @@ -53,6 +53,7 @@ ConvertVAtoFileOffset ConvertVAtoFileOffsetEx ConvertFileOffsetToVA ConvertFileOffsetToVAEx +ReadProcessMemoryEnforce GetPE32Data GetPE32DataW GetPE32DataFromMappedFile