x64dbg
/
TitanEngine
mirror of https://github.com/x64dbg/TitanEngine
1
0
Fork 0
Code Releases Activity

Make everything standards-compliant

This commit is contained in:
Duncan Ogilvie 2026-04-12 17:38:04 +02:00
parent 4cdefb80c6
commit a62925db7a
44 changed files with 416 additions and 1506 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CMakeLists.txt generated
View File

@ -99,6 +99,10 @@ add_library(scylla_wrapper STATIC)
target_sources(scylla_wrapper PRIVATE ${scylla_wrapper_SOURCES})
source_group(TREE ${CMAKE_CURRENT_SOURCE_DIR} FILES ${scylla_wrapper_SOURCES})
target_compile_features(scylla_wrapper PUBLIC
cxx_std_11
)
target_include_directories(scylla_wrapper PUBLIC
"scylla_wrapper/include"
)

1131
SDK/C/TitanEngine.h
View File

File diff suppressed because it is too large Load Diff

6
TitanEngine/Global.Debugger.cpp
View File

@ -85,7 +85,7 @@ void DebuggerReset()
{
if(engineResetCustomHandler)
{
RtlZeroMemory(&myDBGCustomHandler, sizeof CustomHandler);
RtlZeroMemory(&myDBGCustomHandler, sizeof(CustomHandler));
}
std::vector<BreakPointDetail>().swap(BreakPointBuffer);
std::unordered_map<ULONG_PTR, MemoryBreakpointPageDetail>().swap(MemoryBreakpointPages);
@ -113,11 +113,11 @@ void StepOutStepCallBack()
else
{
typedef void(TITCALL * fCustomBreakPoint)();
((fCustomBreakPoint)StepOutCallBack)();
ObjectPointerToCallback<fCustomBreakPoint>(StepOutCallBack)();
}
}
else
StepOver(StepOutStepCallBack);
StepOver(CallbackToObjectPointer(&StepOutStepCallBack));
}
static DWORD BaseSetLastNTError(IN NTSTATUS Status)

16
TitanEngine/Global.Engine.Hider.cpp
View File

@ -12,10 +12,18 @@ static bool isAtleastVista()
static bool isSet = false;
if(isSet)
return isAtleastVista;
OSVERSIONINFO versionInfo = {0};
versionInfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
GetVersionEx(&versionInfo);
isAtleastVista = versionInfo.dwMajorVersion >= 6;
RTL_OSVERSIONINFOW versionInfo = {0};
versionInfo.dwOSVersionInfoSize = sizeof(RTL_OSVERSIONINFOW);
typedef NTSTATUS (WINAPI* tRtlGetVersion)(PRTL_OSVERSIONINFOW);
tRtlGetVersion pRtlGetVersion = (tRtlGetVersion)GetProcAddress(GetModuleHandleW(L"ntdll.dll"), "RtlGetVersion");
if(!pRtlGetVersion || !NT_SUCCESS(pRtlGetVersion(&versionInfo)))
{
isAtleastVista = false;
}
else
{
isAtleastVista = versionInfo.dwMajorVersion >= 6;
}
isSet = true;
return isAtleastVista;
}

42
TitanEngine/Global.Engine.cpp
View File

@ -145,7 +145,7 @@ wchar_t* EngineExtractFileNameW(wchar_t* szFileName)
int x = 0;
i = lstrlenW(szFileName);
RtlZeroMemory(&engineExtractedFileNameW, sizeof engineExtractedFileNameW);
RtlZeroMemory(&engineExtractedFileNameW, sizeof(engineExtractedFileNameW));
while(i > 0 && szFileName[i] != 0x5C)
{
i--;
@ -175,13 +175,13 @@ bool EngineIsPointedMemoryString(ULONG_PTR PossibleStringPtr)
DWORD MaxDisassmSize = 512;
BYTE TestChar;
VirtualQueryEx(GetCurrentProcess(), (LPVOID)PossibleStringPtr, &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
VirtualQueryEx(GetCurrentProcess(), (LPVOID)PossibleStringPtr, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION));
if(MemInfo.State == MEM_COMMIT)
{
if((ULONG_PTR)MemInfo.BaseAddress + (ULONG_PTR)MemInfo.RegionSize - PossibleStringPtr <= 512)
{
MaxDisassmSize = (DWORD)((ULONG_PTR)MemInfo.BaseAddress + (ULONG_PTR)MemInfo.RegionSize - PossibleStringPtr - 1);
VirtualQueryEx(GetCurrentProcess(), (LPVOID)(PossibleStringPtr + (ULONG_PTR)MemInfo.RegionSize), &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
VirtualQueryEx(GetCurrentProcess(), (LPVOID)(PossibleStringPtr + (ULONG_PTR)MemInfo.RegionSize), &MemInfo, sizeof(MEMORY_BASIC_INFORMATION));
if(MemInfo.State != MEM_COMMIT)
{
i = MaxDisassmSize;
@ -228,13 +228,13 @@ int EnginePointedMemoryStringLength(ULONG_PTR PossibleStringPtr)
DWORD MaxDisassmSize = 512;
BYTE TestChar;
VirtualQueryEx(GetCurrentProcess(), (LPVOID)PossibleStringPtr, &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
VirtualQueryEx(GetCurrentProcess(), (LPVOID)PossibleStringPtr, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION));
if(MemInfo.State == MEM_COMMIT)
{
if((ULONG_PTR)MemInfo.BaseAddress + (ULONG_PTR)MemInfo.RegionSize - PossibleStringPtr <= 512)
{
MaxDisassmSize = (DWORD)((ULONG_PTR)MemInfo.BaseAddress + (ULONG_PTR)MemInfo.RegionSize - PossibleStringPtr - 1);
VirtualQueryEx(GetCurrentProcess(), (LPVOID)(PossibleStringPtr + (ULONG_PTR)MemInfo.RegionSize), &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
VirtualQueryEx(GetCurrentProcess(), (LPVOID)(PossibleStringPtr + (ULONG_PTR)MemInfo.RegionSize), &MemInfo, sizeof(MEMORY_BASIC_INFORMATION));
if(MemInfo.State != MEM_COMMIT)
{
i = MaxDisassmSize;
@ -403,7 +403,7 @@ bool EngineGrabDataFromMappedFile(HANDLE hFile, ULONG_PTR FileMapVA, ULONG_PTR F
return !!ReadFile(hFile, CopyToMemory, CopySize, &rfNumberOfBytesRead, NULL);
}
bool EngineExtractResource(char* szResourceName, wchar_t* szExtractedFileName)
bool EngineExtractResource(const char* szResourceName, wchar_t* szExtractedFileName)
{
HRSRC hResource;
@ -727,7 +727,7 @@ bool EngineIsValidReadPtrEx(LPVOID DataPointer, DWORD DataSize)
while(DataSize > NULL)
{
VirtualQuery(DataPointer, &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
VirtualQuery(DataPointer, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION));
if(MemInfo.AllocationProtect == MEM_FREE || MemInfo.AllocationProtect == MEM_PRIVATE)
{
return false;
@ -814,7 +814,7 @@ bool EngineValidateHeader(ULONG_PTR FileMapVA, HANDLE hFileProc, LPVOID ImageBas
}
else
{
RtlZeroMemory(&ModuleInfo, sizeof MODULEINFO);
RtlZeroMemory(&ModuleInfo, sizeof(MODULEINFO));
GetModuleInformation(hFileProc, (HMODULE)ImageBase, &ModuleInfo, sizeof(MODULEINFO));
PESize = ModuleInfo.SizeOfImage;
__try
@ -1404,9 +1404,9 @@ ULONG_PTR EngineGlobalAPIHandler(HANDLE handleProcess, ULONG_PTR EnumedModulesBa
{
if(szAPIName == NULL && ReturnType == UE_OPTION_IMPORTER_REALIGN_APIADDRESS)
{
RtlZeroMemory(&RemoteModuleInfo, sizeof MODULEINFO);
//GetModuleInformation(GetCurrentProcess(), (HMODULE)LoadedModules[i][1], &RemoteModuleInfo, sizeof MODULEINFO);
GetModuleInformation(hProcess, (HMODULE)LoadedModules[i][0], &RemoteModuleInfo, sizeof MODULEINFO);
RtlZeroMemory(&RemoteModuleInfo, sizeof(MODULEINFO));
//GetModuleInformation(GetCurrentProcess(), (HMODULE)LoadedModules[i][1], &RemoteModuleInfo, sizeof(MODULEINFO));
GetModuleInformation(hProcess, (HMODULE)LoadedModules[i][0], &RemoteModuleInfo, sizeof(MODULEINFO));
if(APIAddress >= LoadedModules[i][1] && APIAddress <= LoadedModules[i][1] + RemoteModuleInfo.SizeOfImage)
{
GetModuleBaseNameA(hProcess, (HMODULE)LoadedModules[i][0], (LPSTR)engineFoundDLLName, 512);
@ -1418,8 +1418,8 @@ ULONG_PTR EngineGlobalAPIHandler(HANDLE handleProcess, ULONG_PTR EnumedModulesBa
}
else if(szAPIName == NULL && ReturnType == UE_OPTION_IMPORTER_REALIGN_LOCAL_APIADDRESS)
{
RtlZeroMemory(&RemoteModuleInfo, sizeof MODULEINFO);
GetModuleInformation(hProcess, (HMODULE)LoadedModules[i][0], &RemoteModuleInfo, sizeof MODULEINFO);
RtlZeroMemory(&RemoteModuleInfo, sizeof(MODULEINFO));
GetModuleInformation(hProcess, (HMODULE)LoadedModules[i][0], &RemoteModuleInfo, sizeof(MODULEINFO));
if(APIAddress >= LoadedModules[i][0] && APIAddress <= LoadedModules[i][0] + RemoteModuleInfo.SizeOfImage)
{
GetModuleBaseNameA(hProcess, (HMODULE)LoadedModules[i][0], (LPSTR)engineFoundDLLName, 512);
@ -1441,8 +1441,8 @@ ULONG_PTR EngineGlobalAPIHandler(HANDLE handleProcess, ULONG_PTR EnumedModulesBa
}
else if(ReturnType == UE_OPTION_IMPORTER_RETURN_NEAREST_APIADDRESS || ReturnType == UE_OPTION_IMPORTER_RETURN_NEAREST_APINAME)
{
RtlZeroMemory(&RemoteModuleInfo, sizeof MODULEINFO);
GetModuleInformation(hProcess, (HMODULE)LoadedModules[i][0], &RemoteModuleInfo, sizeof MODULEINFO);
RtlZeroMemory(&RemoteModuleInfo, sizeof(MODULEINFO));
GetModuleInformation(hProcess, (HMODULE)LoadedModules[i][0], &RemoteModuleInfo, sizeof(MODULEINFO));
if(APIAddress >= LoadedModules[i][0] && APIAddress <= LoadedModules[i][0] + RemoteModuleInfo.SizeOfImage)
{
DOSHeader = (PIMAGE_DOS_HEADER)LoadedModules[i][1];
@ -1520,10 +1520,10 @@ ULONG_PTR EngineGlobalAPIHandler(HANDLE handleProcess, ULONG_PTR EnumedModulesBa
if((ReturnType == UE_OPTION_IMPORTER_RETURN_API_ORDINAL_NUMBER || (ReturnType > UE_OPTION_IMPORTER_REALIGN_APIADDRESS && ReturnType < UE_OPTION_IMPORTER_RETURN_FORWARDER_DLLNAME)) && ReturnType != UE_OPTION_IMPORTER_RETURN_DLLBASE && LoadedModules[i][1] != NULL)
{
RtlZeroMemory(&RemoteModuleInfo, sizeof MODULEINFO);
RtlZeroMemory(&RemoteModuleInfo, sizeof(MODULEINFO));
DOSHeader = (PIMAGE_DOS_HEADER)LoadedModules[i][1];
//GetModuleInformation(GetCurrentProcess(), (HMODULE)LoadedModules[i][1], &RemoteModuleInfo, sizeof MODULEINFO);
GetModuleInformation(hProcess, (HMODULE)LoadedModules[i][0], &RemoteModuleInfo, sizeof MODULEINFO);
//GetModuleInformation(GetCurrentProcess(), (HMODULE)LoadedModules[i][1], &RemoteModuleInfo, sizeof(MODULEINFO));
GetModuleInformation(hProcess, (HMODULE)LoadedModules[i][0], &RemoteModuleInfo, sizeof(MODULEINFO));
if(APIAddress >= LoadedModules[i][0] && APIAddress <= LoadedModules[i][0] + RemoteModuleInfo.SizeOfImage)
{
if(ValidateHeader || EngineValidateHeader((ULONG_PTR)LoadedModules[i][1], GetCurrentProcess(), RemoteModuleInfo.lpBaseOfDll, DOSHeader, false))
@ -1637,9 +1637,9 @@ ULONG_PTR EngineGlobalAPIHandler(HANDLE handleProcess, ULONG_PTR EnumedModulesBa
if(FileMapVA != NULL)
{
DOSHeader = (PIMAGE_DOS_HEADER)FileMapVA;
RtlZeroMemory(&RemoteModuleInfo, sizeof MODULEINFO);
//GetModuleInformation(GetCurrentProcess(), (HMODULE)LoadedModules[i][1], &RemoteModuleInfo, sizeof MODULEINFO);
GetModuleInformation(hProcess, (HMODULE)LoadedModules[i][0], &RemoteModuleInfo, sizeof MODULEINFO);
RtlZeroMemory(&RemoteModuleInfo, sizeof(MODULEINFO));
//GetModuleInformation(GetCurrentProcess(), (HMODULE)LoadedModules[i][1], &RemoteModuleInfo, sizeof(MODULEINFO));
GetModuleInformation(hProcess, (HMODULE)LoadedModules[i][0], &RemoteModuleInfo, sizeof(MODULEINFO));
if(ValidateHeader || EngineValidateHeader((ULONG_PTR)LoadedModules[i][1], GetCurrentProcess(), RemoteModuleInfo.lpBaseOfDll, DOSHeader, false))
{
__try

2
TitanEngine/Global.Engine.h
View File

@ -37,7 +37,7 @@ bool EngineCompareResourceString(wchar_t* String1, wchar_t* String2);
ULONG_PTR EngineEstimateNewSectionRVA(ULONG_PTR FileMapVA);
bool EngineExtractForwarderData(ULONG_PTR PossibleStringPtr, LPVOID szFwdDLLName, LPVOID szFwdAPIName);
bool EngineGrabDataFromMappedFile(HANDLE hFile, ULONG_PTR FileMapVA, ULONG_PTR FileOffset, DWORD CopySize, LPVOID CopyToMemory);
bool EngineExtractResource(char* szResourceName, wchar_t* szExtractedFileName);
bool EngineExtractResource(const char* szResourceName, wchar_t* szExtractedFileName);
bool EngineIsDependencyPresent(char* szFileName, char* szDependencyForFile, char* szPresentInFolder);
bool EngineIsDependencyPresentW(wchar_t* szFileName, wchar_t* szDependencyForFile, wchar_t* szPresentInFolder);
bool EngineGetDependencyLocation(char* szFileName, char* szDependencyForFile, void* szLocationOfTheFile, int MaxStringSize);

6
TitanEngine/Global.Injector.cpp
View File

@ -8,7 +8,7 @@ ULONG_PTR engineReservedMemoryLeft[UE_MAX_RESERVED_MEMORY_LEFT];
long injectedRemoteLoadLibrary(LPVOID Parameter)
{
PInjectCodeData APIData = (PInjectCodeData)Parameter;
Parameter = (LPVOID)((ULONG_PTR)Parameter + sizeof InjectCodeData);
Parameter = (LPVOID)((ULONG_PTR)Parameter + sizeof(InjectCodeData));
#if !defined(_WIN64)
typedef ULONG_PTR(WINAPI * fLoadLibraryW)(LPCWSTR fLibraryName);
typedef ULONG_PTR(WINAPI * fVirtualFree)(LPVOID fMemBase, SIZE_T fMemSize, DWORD fFreeType);
@ -56,7 +56,7 @@ long injectedRemoteFreeLibrarySimple(LPVOID Parameter)
PInjectCodeData APIData = (PInjectCodeData)Parameter;
LPVOID orgParameter = Parameter;
Parameter = (LPVOID)((ULONG_PTR)Parameter + sizeof InjectCodeData);
Parameter = (LPVOID)((ULONG_PTR)Parameter + sizeof(InjectCodeData));
#if !defined(_WIN64)
typedef ULONG_PTR(WINAPI * fFreeLibrary)(HMODULE fLibBase);
typedef HMODULE(WINAPI * fGetModuleHandleW)(LPCWSTR fLibraryName);
@ -125,7 +125,7 @@ long injectedImpRec(LPVOID Parameter)
HANDLE hFile;
HANDLE hFileMap;
PInjectImpRecCodeData APIData = (PInjectImpRecCodeData)Parameter;
LPVOID szFileName = (LPVOID)((ULONG_PTR)Parameter + sizeof InjectImpRecCodeData);
LPVOID szFileName = (LPVOID)((ULONG_PTR)Parameter + sizeof(InjectImpRecCodeData));
typedef ULONG_PTR(__cdecl * fTrace)(HANDLE hFileMap, DWORD dwSizeMap, DWORD dwTimeOut, DWORD dwToTrace, DWORD dwExactCall);
typedef HANDLE(WINAPI * fCreateFileW)(LPCWSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile);
typedef HANDLE(WINAPI * fCreateFileMappingA)(HANDLE hFile, LPSECURITY_ATTRIBUTES lpFileMappingAttributes, DWORD flProtect, DWORD dwMaximumSizeHigh, DWORD dwMaximumSizeLow, LPCSTR lpName);

12
TitanEngine/Global.Mapping.cpp
View File

@ -49,18 +49,18 @@ bool MapFileEx(const char* szFileName, DWORD ReadOrWrite, LPHANDLE FileHandle, L
LPVOID mfFileMapVA = MapViewOfFile(mfFileMap, FileMapViewType, NULL, NULL, NULL);
if(mfFileMapVA != NULL)
{
RtlMoveMemory(FileMapVA, &mfFileMapVA, sizeof ULONG_PTR);
RtlMoveMemory(FileMapVA, &mfFileMapVA, sizeof(ULONG_PTR));
return true;
}
}
RtlZeroMemory(FileMapVA, sizeof ULONG_PTR);
RtlZeroMemory(FileMapVA, sizeof(ULONG_PTR));
*FileHandle = NULL;
*FileSize = NULL;
EngineCloseHandle(hFile);
}
else
{
RtlZeroMemory(FileMapVA, sizeof ULONG_PTR);
RtlZeroMemory(FileMapVA, sizeof(ULONG_PTR));
}
return false;
}
@ -110,18 +110,18 @@ bool MapFileExW(const wchar_t* szFileName, DWORD ReadOrWrite, LPHANDLE FileHandl
LPVOID mfFileMapVA = MapViewOfFile(mfFileMap, FileMapViewType, NULL, NULL, NULL);
if(mfFileMapVA != NULL)
{
RtlMoveMemory(FileMapVA, &mfFileMapVA, sizeof ULONG_PTR);
RtlMoveMemory(FileMapVA, &mfFileMapVA, sizeof(ULONG_PTR));
return true;
}
}
RtlZeroMemory(FileMapVA, sizeof ULONG_PTR);
RtlZeroMemory(FileMapVA, sizeof(ULONG_PTR));
*FileHandle = NULL;
*FileSize = NULL;
EngineCloseHandle(hFile);
}
else
{
RtlZeroMemory(FileMapVA, sizeof ULONG_PTR);
RtlZeroMemory(FileMapVA, sizeof(ULONG_PTR));
}
return false;
}

26
TitanEngine/Global.OEPFinder.cpp
View File

@ -23,7 +23,7 @@ void GenericOEPVirtualProtectHit()
BreakPointDetail curDetail = BreakPointBuffer.at(i);
if(curDetail.BreakPointType == UE_MEMORY && curDetail.BreakPointActive == UE_BPXACTIVE)
{
VirtualQueryEx(dbgProcessInformation.hProcess, (LPVOID)curDetail.BreakPointAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
VirtualQueryEx(dbgProcessInformation.hProcess, (LPVOID)curDetail.BreakPointAddress, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION));
OldProtect = MemInfo.Protect;
if(!(OldProtect & PAGE_GUARD))
{
@ -40,14 +40,14 @@ void GenericOEPTraceHit()
char* szInstructionType;
typedef void(TITCALL * fEPCallBack)();
fEPCallBack myEPCallBack = (fEPCallBack)glbEntryTracerData.EPCallBack;
fEPCallBack myEPCallBack = ObjectPointerToCallback<fEPCallBack>(glbEntryTracerData.EPCallBack);
LPDEBUG_EVENT myDbgEvent = (LPDEBUG_EVENT)GetDebugData();
glbEntryTracerData.MemoryAccessedFrom = (ULONG_PTR)GetContextData(UE_CIP);
glbEntryTracerData.MemoryAccessed = myDbgEvent->u.Exception.ExceptionRecord.ExceptionInformation[1];
glbEntryTracerData.AccessType = myDbgEvent->u.Exception.ExceptionRecord.ExceptionInformation[0];
szInstructionType = (char*)DisassembleEx(dbgProcessInformation.hProcess, (void*)glbEntryTracerData.MemoryAccessedFrom, true);
StepInto(&GenericOEPTraceHited);
StepInto(CallbackToObjectPointer(&GenericOEPTraceHited));
}
void GenericOEPTraceHited()
@ -60,7 +60,7 @@ void GenericOEPTraceHited()
ULONG_PTR NumberOfBytesRW;
LPDEBUG_EVENT myDbgEvent = (LPDEBUG_EVENT)GetDebugData();
typedef void(TITCALL * fEPCallBack)();
fEPCallBack myEPCallBack = (fEPCallBack)glbEntryTracerData.EPCallBack;
fEPCallBack myEPCallBack = ObjectPointerToCallback<fEPCallBack>(glbEntryTracerData.EPCallBack);
PMEMORY_COMPARE_HANDLER myCmpHandler;
ULONG_PTR memBpxAddress;
ULONG_PTR memBpxSize;
@ -134,12 +134,12 @@ void GenericOEPTraceHited()
}
else
{
SetMemoryBPXEx((ULONG_PTR)(glbEntryTracerData.SectionData[i].SectionVirtualOffset + glbEntryTracerData.LoadedImageBase), glbEntryTracerData.SectionData[i].SectionVirtualSize, UE_MEMORY, false, &GenericOEPTraceHit);
SetMemoryBPXEx((ULONG_PTR)(glbEntryTracerData.SectionData[i].SectionVirtualOffset + glbEntryTracerData.LoadedImageBase), glbEntryTracerData.SectionData[i].SectionVirtualSize, UE_MEMORY, false, CallbackToObjectPointer(&GenericOEPTraceHit));
}
}
else
{
SetMemoryBPXEx((ULONG_PTR)(glbEntryTracerData.SectionData[i].SectionVirtualOffset + glbEntryTracerData.LoadedImageBase), glbEntryTracerData.SectionData[i].SectionVirtualSize, UE_MEMORY, false, &GenericOEPTraceHit);
SetMemoryBPXEx((ULONG_PTR)(glbEntryTracerData.SectionData[i].SectionVirtualOffset + glbEntryTracerData.LoadedImageBase), glbEntryTracerData.SectionData[i].SectionVirtualSize, UE_MEMORY, false, CallbackToObjectPointer(&GenericOEPTraceHit));
}
}
}
@ -162,7 +162,7 @@ void GenericOEPLibraryDetailsHit()
int inReg = UE_RAX;
#endif
if(GetModuleBaseNameA(dbgProcessInformation.hProcess, (HMODULE)GetContextData(inReg), szModuleName, sizeof szModuleName) > NULL)
if(GetModuleBaseNameA(dbgProcessInformation.hProcess, (HMODULE)GetContextData(inReg), szModuleName, sizeof(szModuleName)) > NULL)
{
if(lstrcmpiA(szModuleName, "kernel32.dll") != NULL)
{
@ -178,7 +178,7 @@ void GenericOEPLibraryDetailsHit()
{
if(glbEntryTracerData.SectionData[i].SectionAttributes & IMAGE_SCN_MEM_EXECUTE || glbEntryTracerData.SectionData[i].SectionAttributes & IMAGE_SCN_CNT_CODE)
{
SetMemoryBPXEx((ULONG_PTR)(glbEntryTracerData.SectionData[i].SectionVirtualOffset + glbEntryTracerData.LoadedImageBase), glbEntryTracerData.SectionData[i].SectionVirtualSize, UE_MEMORY, false, &GenericOEPTraceHit);
SetMemoryBPXEx((ULONG_PTR)(glbEntryTracerData.SectionData[i].SectionVirtualOffset + glbEntryTracerData.LoadedImageBase), glbEntryTracerData.SectionData[i].SectionVirtualSize, UE_MEMORY, false, CallbackToObjectPointer(&GenericOEPTraceHit));
memBreakPointSet = true;
}
}
@ -202,7 +202,7 @@ void GenericOEPTraceInit()
void* lpHashBuffer;
ULONG_PTR NumberOfBytesRW;
typedef void(TITCALL * fInitCallBack)();
fInitCallBack myInitCallBack = (fInitCallBack)glbEntryTracerData.InitCallBack;
fInitCallBack myInitCallBack = ObjectPointerToCallback<fInitCallBack>(glbEntryTracerData.InitCallBack);
if(glbEntryTracerData.FileIsDLL)
{
@ -223,9 +223,9 @@ void GenericOEPTraceInit()
}
}
}
SetAPIBreakPoint("kernel32.dll", "VirtualProtect", UE_BREAKPOINT, UE_APIEND, &GenericOEPVirtualProtectHit);
SetAPIBreakPoint("kernel32.dll", "GetModuleHandleW", UE_BREAKPOINT, UE_APIEND, &GenericOEPLibraryDetailsHit);
SetAPIBreakPoint("kernel32.dll", "LoadLibraryExW", UE_BREAKPOINT, UE_APIEND, &GenericOEPLibraryDetailsHit);
SetAPIBreakPoint("kernel32.dll", "VirtualProtect", UE_BREAKPOINT, UE_APIEND, CallbackToObjectPointer(&GenericOEPVirtualProtectHit));
SetAPIBreakPoint("kernel32.dll", "GetModuleHandleW", UE_BREAKPOINT, UE_APIEND, CallbackToObjectPointer(&GenericOEPLibraryDetailsHit));
SetAPIBreakPoint("kernel32.dll", "LoadLibraryExW", UE_BREAKPOINT, UE_APIEND, CallbackToObjectPointer(&GenericOEPLibraryDetailsHit));
if(glbEntryTracerData.InitCallBack != NULL)
{
__try
@ -257,7 +257,7 @@ bool GenericOEPFileInitW(wchar_t* szFileName, LPVOID TraceInitCallBack, LPVOID C
{
if(GetPE32DataFromMappedFileEx(FileMapVA, &PEStruct))
{
RtlZeroMemory(&glbEntryTracerData, sizeof GenericOEPTracerData);
RtlZeroMemory(&glbEntryTracerData, sizeof(GenericOEPTracerData));
glbEntryTracerData.OriginalImageBase = PEStruct.ImageBase;
glbEntryTracerData.OriginalEntryPoint = PEStruct.OriginalEntryPoint;
glbEntryTracerData.SizeOfImage = PEStruct.NtSizeOfImage;

4
TitanEngine/TitanEngine.Breakpoints.cpp
View File

@ -72,7 +72,7 @@ __declspec(dllexport) bool TITCALL EnableBPX(ULONG_PTR bpxAddress)
{
if(BreakPointBuffer.at(i).BreakPointAddress == bpxAddress)
{
VirtualQueryEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
VirtualQueryEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION));
OldProtect = MemInfo.Protect;
VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer.at(i).BreakPointSize, PAGE_EXECUTE_READWRITE, &OldProtect);
if(BreakPointBuffer.at(i).BreakPointActive == UE_BPXINACTIVE && (BreakPointBuffer.at(i).BreakPointType == UE_BREAKPOINT || BreakPointBuffer.at(i).BreakPointType == UE_SINGLESHOOT))
@ -144,7 +144,7 @@ __declspec(dllexport) bool TITCALL DisableBPX(ULONG_PTR bpxAddress)
{
if(BreakPointBuffer.at(i).BreakPointAddress == bpxAddress)
{
VirtualQueryEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
VirtualQueryEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION));
OldProtect = MemInfo.Protect;
VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer.at(i).BreakPointSize, PAGE_EXECUTE_READWRITE, &OldProtect);
if(BreakPointBuffer.at(i).BreakPointActive == UE_BPXACTIVE && (BreakPointBuffer.at(i).BreakPointType == UE_BREAKPOINT || BreakPointBuffer.at(i).BreakPointType == UE_SINGLESHOOT))

4
TitanEngine/TitanEngine.Debugger.Control.cpp
View File

@ -28,7 +28,7 @@ __declspec(dllexport) void TITCALL ForceClose()
{
StopDebug();
}
RtlZeroMemory(&dbgProcessInformation, sizeof PROCESS_INFORMATION);
RtlZeroMemory(&dbgProcessInformation, sizeof(PROCESS_INFORMATION));
if(DebugDebuggingDLL)
DeleteFileW(szDebuggerName);
DebugDebuggingDLL = false;
@ -87,7 +87,7 @@ __declspec(dllexport) void TITCALL StepOut(LPVOID StepOut, bool StepFinal)
{
DebugStepFinal = StepFinal;
StepOutCallBack = StepOut;
StepOver(StepOutStepCallBack);
StepOver(CallbackToObjectPointer(&StepOutStepCallBack));
}
__declspec(dllexport) void TITCALL SingleStep(DWORD StepCount, LPVOID StepCallBack)

16
TitanEngine/TitanEngine.Debugger.DebugLoop.cpp
View File

@ -184,7 +184,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
{
startAddress -= ULONG_PTR(DBGEvent.u.CreateProcessInfo.lpBaseOfImage);
startAddress += DebugModuleImageBase;
DBGEvent.u.CreateProcessInfo.lpStartAddress = LPTHREAD_START_ROUTINE(startAddress);
DBGEvent.u.CreateProcessInfo.lpStartAddress = reinterpret_cast<LPTHREAD_START_ROUTINE>(reinterpret_cast<LPVOID>(startAddress));
}
DBGEvent.u.CreateProcessInfo.lpBaseOfImage = LPVOID(DebugModuleImageBase);
}
@ -192,7 +192,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
bool attachBreakpoint = false;
if(DBGFileHandle == NULL) //we didn't set the handle yet (initial process)
{
DBGEntryPoint = DBGEvent.u.CreateProcessInfo.lpStartAddress;
DBGEntryPoint = CallbackToObjectPointer(DBGEvent.u.CreateProcessInfo.lpStartAddress);
DBGFileHandle = DBGEvent.u.CreateProcessInfo.hFile;
DebugDebuggingMainModuleBase = (ULONG_PTR) DBGEvent.u.CreateProcessInfo.lpBaseOfImage;
if(DebugAttachedToProcess) //we attached, set information
@ -202,7 +202,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
dbgProcessInformation.dwThreadId = NULL;
if(engineAttachedProcessDebugInfo != NULL)
{
RtlMoveMemory(engineAttachedProcessDebugInfo, &dbgProcessInformation, sizeof PROCESS_INFORMATION);
RtlMoveMemory(engineAttachedProcessDebugInfo, &dbgProcessInformation, sizeof(PROCESS_INFORMATION));
}
attachBreakpoint = true;
}
@ -394,7 +394,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
VirtualFree((void*)szTranslatedNativeName, NULL, MEM_RELEASE);
}
RtlZeroMemory(szAnsiLibraryName, sizeof(szAnsiLibraryName));
WideCharToMultiByte(CP_ACP, NULL, NewLibraryData.szLibraryName, -1, szAnsiLibraryName, sizeof szAnsiLibraryName, NULL, NULL);
WideCharToMultiByte(CP_ACP, NULL, NewLibraryData.szLibraryName, -1, szAnsiLibraryName, sizeof(szAnsiLibraryName), NULL, NULL);
//library breakpoint
for(int i = (int)LibrarianData.size() - 1; i >= 0; i--)
@ -444,7 +444,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
if(hLoadedLibData)
{
RtlZeroMemory(szAnsiLibraryName, sizeof(szAnsiLibraryName));
WideCharToMultiByte(CP_ACP, NULL, hLoadedLibData->szLibraryName, -1, szAnsiLibraryName, sizeof szAnsiLibraryName, NULL, NULL);
WideCharToMultiByte(CP_ACP, NULL, hLoadedLibData->szLibraryName, -1, szAnsiLibraryName, sizeof(szAnsiLibraryName), NULL, NULL);
for(int i = (int)LibrarianData.size() - 1; i >= 0; i--)
{
@ -514,11 +514,11 @@ __declspec(dllexport) void TITCALL DebugLoop()
{
DBGCode = DBG_EXCEPTION_NOT_HANDLED; //let debuggee handle the exception
}
RtlMoveMemory(&TerminateDBGEvent, &DBGEvent, sizeof DEBUG_EVENT);
RtlMoveMemory(&TerminateDBGEvent, &DBGEvent, sizeof(DEBUG_EVENT));
}
//handle different exception codes
switch(DBGEvent.u.Exception.ExceptionRecord.ExceptionCode)
switch((LONG)DBGEvent.u.Exception.ExceptionRecord.ExceptionCode)
{
case STATUS_BREAKPOINT:
{
@ -1373,7 +1373,7 @@ continue_dbg_event:
if(!SecondChance) //debugger didn't close with a second chance exception (normal exit)
{
RtlMoveMemory(&TerminateDBGEvent, &DBGEvent, sizeof DEBUG_EVENT);
RtlMoveMemory(&TerminateDBGEvent, &DBGEvent, sizeof(DEBUG_EVENT));
}
ForceClose();
engineFileIsBeingDebugged = false;

34
TitanEngine/TitanEngine.Debugger.Helper.cpp
View File

@ -15,11 +15,11 @@ __declspec(dllexport) bool TITCALL GetRemoteString(HANDLE hProcess, LPVOID Strin
{
MaximumStringSize = 512;
}
VirtualQueryEx(hProcess, (LPVOID)StringAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
VirtualQueryEx(hProcess, (LPVOID)StringAddress, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION));
if((int)((ULONG_PTR)MemInfo.BaseAddress + (ULONG_PTR)MemInfo.RegionSize - (ULONG_PTR)StringAddress) < MaximumStringSize)
{
StringReadSize = (DWORD)((ULONG_PTR)StringAddress - (ULONG_PTR)MemInfo.BaseAddress);
VirtualQueryEx(hProcess, (LPVOID)((ULONG_PTR)StringAddress + (ULONG_PTR)MemInfo.RegionSize), &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
VirtualQueryEx(hProcess, (LPVOID)((ULONG_PTR)StringAddress + (ULONG_PTR)MemInfo.RegionSize), &MemInfo, sizeof(MEMORY_BASIC_INFORMATION));
if(MemInfo.State == MEM_COMMIT)
{
StringReadSize = MaximumStringSize;
@ -94,17 +94,17 @@ __declspec(dllexport) ULONG_PTR TITCALL GetFunctionParameter(HANDLE hProcess, DW
{
StackSecondReadSize = 0;
}
StackReadSize = sizeof ULONG_PTR;
StackReadSize = sizeof(ULONG_PTR);
}
if(FunctionType >= UE_FUNCTION_STDCALL && FunctionType <= UE_FUNCTION_CCALL_CALL && FunctionType != UE_FUNCTION_FASTCALL_RET)
{
StackReadAddress = (ULONG_PTR)GetContextData(UE_CSP);
if(FunctionType != UE_FUNCTION_FASTCALL_CALL)
{
StackReadAddress = StackReadAddress + (ParameterNumber * sizeof ULONG_PTR);
StackReadAddress = StackReadAddress + (ParameterNumber * sizeof(ULONG_PTR));
if(FunctionType >= UE_FUNCTION_STDCALL_CALL)
{
StackReadAddress = StackReadAddress - sizeof ULONG_PTR;
StackReadAddress = StackReadAddress - sizeof(ULONG_PTR);
}
}
else
@ -152,23 +152,23 @@ __declspec(dllexport) ULONG_PTR TITCALL GetFunctionParameter(HANDLE hProcess, DW
}
else
{
StackReadAddress = StackReadAddress + 0x20 + ((ParameterNumber - 4) * sizeof ULONG_PTR) - sizeof ULONG_PTR;
StackReadAddress = StackReadAddress + 0x20 + ((ParameterNumber - 4) * sizeof(ULONG_PTR)) - sizeof(ULONG_PTR);
}
}
if(ReadProcessMemory(hProcess, (LPVOID)StackReadAddress, &StackReadBuffer, sizeof ULONG_PTR, &ueNumberOfBytesRW))
if(ReadProcessMemory(hProcess, (LPVOID)StackReadAddress, &StackReadBuffer, sizeof(ULONG_PTR), &ueNumberOfBytesRW))
{
if(!ValueIsPointer)
{
RtlMoveMemory((LPVOID)((ULONG_PTR)&StackFinalBuffer + sizeof ULONG_PTR - StackReadSize), (LPVOID)((ULONG_PTR)&StackReadBuffer + sizeof ULONG_PTR - StackReadSize), StackReadSize);
RtlMoveMemory((LPVOID)((ULONG_PTR)&StackFinalBuffer + sizeof(ULONG_PTR) - StackReadSize), (LPVOID)((ULONG_PTR)&StackReadBuffer + sizeof(ULONG_PTR) - StackReadSize), StackReadSize);
}
else
{
StackReadAddress = StackReadBuffer;
if(StackSecondReadSize > NULL)
{
if(ReadProcessMemory(hProcess, (LPVOID)StackReadAddress, &StackReadBuffer, sizeof ULONG_PTR, &ueNumberOfBytesRW))
if(ReadProcessMemory(hProcess, (LPVOID)StackReadAddress, &StackReadBuffer, sizeof(ULONG_PTR), &ueNumberOfBytesRW))
{
RtlMoveMemory((LPVOID)((ULONG_PTR)&StackFinalBuffer + sizeof ULONG_PTR - StackSecondReadSize), (LPVOID)((ULONG_PTR)&StackReadBuffer + sizeof ULONG_PTR - StackSecondReadSize), StackSecondReadSize);
RtlMoveMemory((LPVOID)((ULONG_PTR)&StackFinalBuffer + sizeof(ULONG_PTR) - StackSecondReadSize), (LPVOID)((ULONG_PTR)&StackReadBuffer + sizeof(ULONG_PTR) - StackSecondReadSize), StackSecondReadSize);
}
else
{
@ -177,11 +177,11 @@ __declspec(dllexport) ULONG_PTR TITCALL GetFunctionParameter(HANDLE hProcess, DW
}
else
{
VirtualQueryEx(hProcess, (LPVOID)StackReadAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
VirtualQueryEx(hProcess, (LPVOID)StackReadAddress, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION));
if((ULONG_PTR)MemInfo.BaseAddress + (ULONG_PTR)MemInfo.RegionSize - StackReadAddress < 512)
{
StringReadSize = (DWORD)((ULONG_PTR)StackReadAddress - (ULONG_PTR)MemInfo.BaseAddress);
VirtualQueryEx(hProcess, (LPVOID)(StackReadAddress + (ULONG_PTR)MemInfo.RegionSize), &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
VirtualQueryEx(hProcess, (LPVOID)(StackReadAddress + (ULONG_PTR)MemInfo.RegionSize), &MemInfo, sizeof(MEMORY_BASIC_INFORMATION));
if(MemInfo.State == MEM_COMMIT)
{
StringReadSize = 512;
@ -221,7 +221,7 @@ __declspec(dllexport) ULONG_PTR TITCALL GetJumpDestinationEx(HANDLE hProcess, UL
if(hProcess != NULL)
{
VirtualQueryEx(hProcess, (LPVOID)InstructionAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
VirtualQueryEx(hProcess, (LPVOID)InstructionAddress, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION));
if(MemInfo.RegionSize > NULL)
{
if(ReadProcessMemory(hProcess, (LPVOID)InstructionAddress, ReadMemory, MAXIMUM_INSTRUCTION_SIZE, &ueNumberOfBytesRead))
@ -305,7 +305,7 @@ __declspec(dllexport) ULONG_PTR TITCALL GetJumpDestinationEx(HANDLE hProcess, UL
{
RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)ReadMemory + 2), 4);
TargetedAddress = ReadMemData;
if(sizeof HANDLE == 8)
if(sizeof(HANDLE) == 8)
{
TargetedAddress = TargetedAddress + InstructionAddress;
}
@ -314,7 +314,7 @@ __declspec(dllexport) ULONG_PTR TITCALL GetJumpDestinationEx(HANDLE hProcess, UL
{
RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)ReadMemory + 2), 4);
TargetedAddress = ReadMemData;
if(sizeof HANDLE == 8)
if(sizeof(HANDLE) == 8)
{
TargetedAddress = TargetedAddress + InstructionAddress;
}
@ -440,7 +440,7 @@ __declspec(dllexport) ULONG_PTR TITCALL GetJumpDestinationEx(HANDLE hProcess, UL
{
RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)InstructionAddress + 2), 4);
TargetedAddress = ReadMemData;
if(sizeof HANDLE == 8)
if(sizeof(HANDLE) == 8)
{
TargetedAddress = TargetedAddress + InstructionAddress;
}
@ -449,7 +449,7 @@ __declspec(dllexport) ULONG_PTR TITCALL GetJumpDestinationEx(HANDLE hProcess, UL
{
RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)InstructionAddress + 2), 4);
TargetedAddress = ReadMemData;
if(sizeof HANDLE == 8)
if(sizeof(HANDLE) == 8)
{
TargetedAddress = TargetedAddress + InstructionAddress;
}

12
TitanEngine/TitanEngine.Debugger.Memory.cpp
View File

@ -30,7 +30,7 @@ __declspec(dllexport) bool TITCALL MatchPatternEx(HANDLE hProcess, void* MemoryT
{
if(ueNumberOfBytesRead == 0)
{
if(VirtualQueryEx(hProcess, MemoryToCheck, &memoryInformation, sizeof memoryInformation) != NULL)
if(VirtualQueryEx(hProcess, MemoryToCheck, &memoryInformation, sizeof(memoryInformation)) != NULL)
{
SizeOfMemoryToCheck = (int)((ULONG_PTR)memoryInformation.BaseAddress + memoryInformation.RegionSize - (ULONG_PTR)MemoryToCheck);
if(!ReadProcessMemory(hProcess, MemoryToCheck, ueReadBuffer, SizeOfMemoryToCheck, &ueNumberOfBytesRead))
@ -104,7 +104,7 @@ __declspec(dllexport) ULONG_PTR TITCALL FindEx(HANDLE hProcess, LPVOID MemorySta
{
if(ueNumberOfBytesRead == NULL)
{
if(VirtualQueryEx(hProcess, MemoryStart, &memoryInformation, sizeof memoryInformation) != NULL)
if(VirtualQueryEx(hProcess, MemoryStart, &memoryInformation, sizeof(memoryInformation)) != NULL)
{
MemorySize = (DWORD)((ULONG_PTR)memoryInformation.BaseAddress + memoryInformation.RegionSize - (ULONG_PTR)MemoryStart);
if(!MemoryReadSafe(hProcess, MemoryStart, ueReadBuffer, MemorySize, &ueNumberOfBytesRead))
@ -175,7 +175,7 @@ __declspec(dllexport) bool TITCALL FillEx(HANDLE hProcess, LPVOID MemoryStart, D
{
FillByte = &defFillByte;
}
VirtualQueryEx(hProcess, MemoryStart, &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
VirtualQueryEx(hProcess, MemoryStart, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION));
OldProtect = MemInfo.Protect;
VirtualProtectEx(hProcess, MemoryStart, MemorySize, PAGE_EXECUTE_READWRITE, &OldProtect);
for(i = 0; i < MemorySize; i++)
@ -214,7 +214,7 @@ __declspec(dllexport) bool TITCALL PatchEx(HANDLE hProcess, LPVOID MemoryStart,
if(hProcess != NULL)
{
VirtualQueryEx(hProcess, MemoryStart, &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
VirtualQueryEx(hProcess, MemoryStart, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION));
OldProtect = MemInfo.Protect;
VirtualProtectEx(hProcess, MemoryStart, MemorySize, PAGE_EXECUTE_READWRITE, &OldProtect);
@ -358,7 +358,7 @@ __declspec(dllexport) bool TITCALL MemoryReadSafe(HANDLE hProcess, LPVOID lpBase
ULONG_PTR endAddr = (ULONG_PTR)lpBaseAddress + nSize;
for(ULONG_PTR page = ALIGN_DOWN_BY(lpBaseAddress, TITANENGINE_PAGESIZE); page < endAddr; page += memInfo.RegionSize)
{
if(0 == VirtualQueryEx(hProcess, (LPCVOID)page, &memInfo, sizeof memInfo))
if(0 == VirtualQueryEx(hProcess, (LPCVOID)page, &memInfo, sizeof(memInfo)))
break; // failure ('VirtualProtectEx' will fail too)
memRegions.push_back(memInfo);
}
@ -430,7 +430,7 @@ __declspec(dllexport) bool TITCALL MemoryWriteSafe(HANDLE hProcess, LPVOID lpBas
ULONG_PTR endAddr = (ULONG_PTR)lpBaseAddress + nSize;
for(ULONG_PTR page = ALIGN_DOWN_BY(lpBaseAddress, TITANENGINE_PAGESIZE); page < endAddr; page += memInfo.RegionSize)
{
if(0 == VirtualQueryEx(hProcess, (LPCVOID)page, &memInfo, sizeof memInfo))
if(0 == VirtualQueryEx(hProcess, (LPCVOID)page, &memInfo, sizeof(memInfo)))
break; // failure
memRegions.push_back(memInfo);
}

34
TitanEngine/TitanEngine.Debugger.cpp
View File

@ -402,6 +402,17 @@ __declspec(dllexport) void* TITCALL InitNativeDebugW(wchar_t* szFileName, wchar_
HANDLE ProcessHandle = NULL, ThreadHandle = NULL;
UNICODE_STRING CommandLine = { 0 };
PUNICODE_STRING PtrCurrentDirectory = NULL;
OBJECT_ATTRIBUTES ObjectAttributes = {};
HANDLE DebugPort = NULL;
PS_CREATE_INFO CreateInfo = {};
SIZE_T NumAttributes = 0;
SIZE_T AttributesSize = 0;
PPS_ATTRIBUTE_LIST AttributeList = NULL;
ULONG N = 0;
CLIENT_ID Cid = {};
PCLIENT_ID ClientId = NULL;
ULONG NtProcessFlags = 0;
ULONG NtThreadFlags = 0;
// Convert the application path to its NT equivalent
UNICODE_STRING ImagePath, NtImagePath;
@ -461,9 +472,7 @@ __declspec(dllexport) void* TITCALL InitNativeDebugW(wchar_t* szFileName, wchar_
ProcessParameters->ShowWindowFlags = STARTF_USESHOWWINDOW | SW_SHOWDEFAULT;
// Create a debug port object
OBJECT_ATTRIBUTES ObjectAttributes;
InitializeObjectAttributes(&ObjectAttributes, NULL, 0, NULL, NULL);
HANDLE DebugPort = NULL;
Status = NtCreateDebugObject(&DebugPort,
DEBUG_ALL_ACCESS,
&ObjectAttributes,
@ -478,7 +487,6 @@ __declspec(dllexport) void* TITCALL InitNativeDebugW(wchar_t* szFileName, wchar_
NtCurrentTeb()->DbgSsReserved[1] = DebugPort;
// Initialize the PS_CREATE_INFO structure
PS_CREATE_INFO CreateInfo;
RtlZeroMemory(&CreateInfo, sizeof(CreateInfo));
CreateInfo.Size = sizeof(CreateInfo);
CreateInfo.State = PsCreateInitialState;
@ -488,16 +496,16 @@ __declspec(dllexport) void* TITCALL InitNativeDebugW(wchar_t* szFileName, wchar_
CreateInfo.u1.InitState.AdditionalFileAccess = FILE_READ_ATTRIBUTES | FILE_READ_DATA;
// Initialize the PS_ATTRIBUTE_LIST that contains the process creation attributes
const SIZE_T NumAttributes = 3;
const SIZE_T AttributesSize = sizeof(SIZE_T) + NumAttributes * sizeof(PS_ATTRIBUTE);
PPS_ATTRIBUTE_LIST AttributeList = reinterpret_cast<PPS_ATTRIBUTE_LIST>(
NumAttributes = 3;
AttributesSize = sizeof(SIZE_T) + NumAttributes * sizeof(PS_ATTRIBUTE);
AttributeList = reinterpret_cast<PPS_ATTRIBUTE_LIST>(
RtlAllocateHeap(RtlProcessHeap(),
HEAP_ZERO_MEMORY, // Not optional
AttributesSize));
AttributeList->TotalLength = AttributesSize;
// In: NT style absolute image path. This is the only required attribute
ULONG N = 0;
N = 0;
AttributeList->Attributes[N].Attribute = PS_ATTRIBUTE_IMAGE_NAME;
AttributeList->Attributes[N].Size = NtImagePath.Length;
AttributeList->Attributes[N].Value = reinterpret_cast<ULONG_PTR>(NtImagePath.Buffer);
@ -510,15 +518,15 @@ __declspec(dllexport) void* TITCALL InitNativeDebugW(wchar_t* szFileName, wchar_
// Out: client ID
N++;
CLIENT_ID Cid;
PCLIENT_ID ClientId = &Cid;
Cid = {};
ClientId = &Cid;
AttributeList->Attributes[N].Attribute = PS_ATTRIBUTE_CLIENT_ID;
AttributeList->Attributes[N].Size = sizeof(CLIENT_ID);
AttributeList->Attributes[N].Value = reinterpret_cast<ULONG_PTR>(ClientId);
// Set process and thread flags
ULONG NtProcessFlags = PROCESS_CREATE_FLAGS_NO_DEBUG_INHERIT; // Same as DEBUG_ONLY_THIS_PROCESS. DEBUG_PROCESS is implied by the debug port
ULONG NtThreadFlags = THREAD_CREATE_FLAGS_CREATE_SUSPENDED; // Always set this, because we need to do some bookkeeping before resuming
NtProcessFlags = PROCESS_CREATE_FLAGS_NO_DEBUG_INHERIT; // Same as DEBUG_ONLY_THIS_PROCESS. DEBUG_PROCESS is implied by the debug port
NtThreadFlags = THREAD_CREATE_FLAGS_CREATE_SUSPENDED; // Always set this, because we need to do some bookkeeping before resuming
// Create the process
Status = fnNtCreateUserProcess(&ProcessHandle,
@ -822,7 +830,7 @@ __declspec(dllexport) void TITCALL AutoDebugExW(wchar_t* szFileName, bool Reserv
if(szFileName != NULL)
{
RtlZeroMemory(&expertDebug, sizeof ExpertDebug);
RtlZeroMemory(&expertDebug, sizeof(ExpertDebug));
expertDebug.ExpertModeActive = true;
expertDebug.szFileName = szFileName;
expertDebug.szCommandLine = szCommandLine;
@ -844,7 +852,7 @@ __declspec(dllexport) void TITCALL AutoDebugExW(wchar_t* szFileName, bool Reserv
ForceClose();
}
}
RtlZeroMemory(&expertDebug, sizeof ExpertDebug);
RtlZeroMemory(&expertDebug, sizeof(ExpertDebug));
SetDebugLoopTimeOut(INFINITE);
}
}

2
TitanEngine/TitanEngine.Dumper.cpp
View File

@ -408,7 +408,7 @@ __declspec(dllexport) bool TITCALL DumpRegionsW(HANDLE hProcess, wchar_t* szDump
return false;
}
while(VirtualQueryEx(hProcess, (LPVOID)DumpAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION) != NULL)
while(VirtualQueryEx(hProcess, (LPVOID)DumpAddress, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION)) != NULL)
{
AddressIsModuleBase = false;
for(i = 0; i < (int)(cbNeeded / sizeof(HMODULE)); i++)

14
TitanEngine/TitanEngine.Engine.Simplification.cpp
View File

@ -33,7 +33,7 @@ __declspec(dllexport) void TITCALL EngineUnpackerInitializeW(wchar_t* szFileName
{
RtlZeroMemory(&szEngineUnpackerSnapShot1[0], MAX_PATH * 2);
RtlZeroMemory(&szEngineUnpackerSnapShot2[0], MAX_PATH * 2);
RtlZeroMemory(&EngineUnpackerFileStatus, sizeof FILE_STATUS_INFO);
RtlZeroMemory(&EngineUnpackerFileStatus, sizeof(FILE_STATUS_INFO));
if(IsPE32FileValidExW(szFileName, UE_DEPTH_DEEP, &EngineUnpackerFileStatus))
{
if(!EngineUnpackerFileStatus.FileIsDLL)
@ -119,7 +119,7 @@ __declspec(dllexport) bool TITCALL EngineUnpackerSetBreakCondition(void* SearchS
if(BreakType == UE_UNPACKER_CONDITION_LOADLIBRARY)
{
if(SetBPX(fPatternLocation, UE_BREAKPOINT, &EngineSimplifyLoadLibraryCallBack))
if(SetBPX(fPatternLocation, UE_BREAKPOINT, CallbackToObjectPointer(&EngineSimplifyLoadLibraryCallBack)))
{
EngineUnpackerBreakInfo.push_back(fUnpackerInformation);
return true;
@ -127,7 +127,7 @@ __declspec(dllexport) bool TITCALL EngineUnpackerSetBreakCondition(void* SearchS
}
else if(BreakType == UE_UNPACKER_CONDITION_GETPROCADDRESS)
{
if(SetBPX(fPatternLocation, UE_BREAKPOINT, &EngineSimplifyGetProcAddressCallBack))
if(SetBPX(fPatternLocation, UE_BREAKPOINT, CallbackToObjectPointer(&EngineSimplifyGetProcAddressCallBack)))
{
EngineUnpackerBreakInfo.push_back(fUnpackerInformation);
return true;
@ -135,7 +135,7 @@ __declspec(dllexport) bool TITCALL EngineUnpackerSetBreakCondition(void* SearchS
}
else if(BreakType == UE_UNPACKER_CONDITION_ENTRYPOINTBREAK)
{
if(SetBPX(fPatternLocation, UE_BREAKPOINT, &EngineSimplifyGetProcAddressCallBack))
if(SetBPX(fPatternLocation, UE_BREAKPOINT, CallbackToObjectPointer(&EngineSimplifyGetProcAddressCallBack)))
{
EngineUnpackerBreakInfo.push_back(fUnpackerInformation);
return true;
@ -143,7 +143,7 @@ __declspec(dllexport) bool TITCALL EngineUnpackerSetBreakCondition(void* SearchS
}
else if(BreakType == UE_UNPACKER_CONDITION_RELOCSNAPSHOT1)
{
if(SetBPX(fPatternLocation, UE_BREAKPOINT, &EngineSimplifyMakeSnapshotCallBack))
if(SetBPX(fPatternLocation, UE_BREAKPOINT, CallbackToObjectPointer(&EngineSimplifyMakeSnapshotCallBack)))
{
fUnpackerInformation.SnapShotNumber = 1;
EngineUnpackerBreakInfo.push_back(fUnpackerInformation);
@ -152,7 +152,7 @@ __declspec(dllexport) bool TITCALL EngineUnpackerSetBreakCondition(void* SearchS
}
else if(BreakType == UE_UNPACKER_CONDITION_RELOCSNAPSHOT2)
{
if(SetBPX(fPatternLocation, UE_BREAKPOINT, &EngineSimplifyMakeSnapshotCallBack))
if(SetBPX(fPatternLocation, UE_BREAKPOINT, CallbackToObjectPointer(&EngineSimplifyMakeSnapshotCallBack)))
{
fUnpackerInformation.SnapShotNumber = 2;
EngineUnpackerBreakInfo.push_back(fUnpackerInformation);
@ -161,7 +161,7 @@ __declspec(dllexport) bool TITCALL EngineUnpackerSetBreakCondition(void* SearchS
}
else
{
if(SetBPX(fPatternLocation, fBreakPointType, (void*)BreakType))
if(SetBPX(fPatternLocation, fBreakPointType, (void*)(ULONG_PTR)BreakType))
{
EngineUnpackerBreakInfo.push_back(fUnpackerInformation);
return true;

8
TitanEngine/TitanEngine.Engine.cpp
View File

@ -180,7 +180,7 @@ __declspec(dllexport) bool TITCALL EngineCreateMissingDependenciesW(wchar_t* szF
}
ExporterBuildExportTableExW(BuildExportName, ".export");
}
ImportPointer = (PIMAGE_IMPORT_DESCRIPTOR)((ULONG_PTR)ImportPointer + sizeof IMAGE_IMPORT_DESCRIPTOR);
ImportPointer = (PIMAGE_IMPORT_DESCRIPTOR)((ULONG_PTR)ImportPointer + sizeof(IMAGE_IMPORT_DESCRIPTOR));
}
}
}
@ -238,7 +238,7 @@ __declspec(dllexport) bool TITCALL EngineCreateMissingDependenciesW(wchar_t* szF
}
ExporterBuildExportTableExW(BuildExportName, ".export");
}
ImportPointer = (PIMAGE_IMPORT_DESCRIPTOR)((ULONG_PTR)ImportPointer + sizeof IMAGE_IMPORT_DESCRIPTOR);
ImportPointer = (PIMAGE_IMPORT_DESCRIPTOR)((ULONG_PTR)ImportPointer + sizeof(IMAGE_IMPORT_DESCRIPTOR));
}
}
}
@ -276,8 +276,8 @@ __declspec(dllexport) bool TITCALL EngineDeleteCreatedDependencies()
engineDependencyFilesCWP = engineDependencyFiles;
while(*((char*)engineDependencyFilesCWP) != 0)
{
RtlZeroMemory(&szTempName, sizeof szTempName);
RtlZeroMemory(&szTempFolder, sizeof szTempFolder);
RtlZeroMemory(&szTempName, sizeof(szTempName));
RtlZeroMemory(&szTempFolder, sizeof(szTempFolder));
if(GetTempPathW(MAX_PATH, szTempFolder) < MAX_PATH)
{
if(GetTempFileNameW(szTempFolder, L"DeleteTempGenFile", GetTickCount(), szTempName))

10
TitanEngine/TitanEngine.Exporter.cpp
View File

@ -30,7 +30,7 @@ __declspec(dllexport) void TITCALL ExporterCleanup()
expOrdinals[i] = 0;
}
//RtlZeroMemory(&szExportFileName, 512);
RtlZeroMemory(&expExportData, sizeof IMAGE_EXPORT_DIRECTORY);
RtlZeroMemory(&expExportData, sizeof(IMAGE_EXPORT_DIRECTORY));
VirtualFree(expTableData, NULL, MEM_RELEASE);
expExportNumber = NULL;
expTableData = NULL;
@ -139,7 +139,7 @@ __declspec(dllexport) long TITCALL ExporterEstimatedSize()
DWORD EstimatedSize = NULL;
EstimatedSize = (DWORD)((ULONG_PTR)expTableDataCWP - (ULONG_PTR)expTableData);
EstimatedSize = EstimatedSize + (expExportNumber * 12) + sizeof IMAGE_EXPORT_DIRECTORY;
EstimatedSize = EstimatedSize + (expExportNumber * 12) + sizeof(IMAGE_EXPORT_DIRECTORY);
return(EstimatedSize);
}
__declspec(dllexport) bool TITCALL ExporterBuildExportTable(ULONG_PTR StorePlace, ULONG_PTR FileMapVA)
@ -162,7 +162,7 @@ __declspec(dllexport) bool TITCALL ExporterBuildExportTable(ULONG_PTR StorePlace
if(expTableDataCWP != NULL)
{
expBuildExportData = expBuildExportDyn.Allocate(ExporterEstimatedSize());
expBuildExportDataCWP = (LPVOID)((ULONG_PTR)expBuildExportData + sizeof IMAGE_EXPORT_DIRECTORY);
expBuildExportDataCWP = (LPVOID)((ULONG_PTR)expBuildExportData + sizeof(IMAGE_EXPORT_DIRECTORY));
expExportData.NumberOfNames = expExportNumber;
expExportData.NumberOfFunctions = expExportNumber;
@ -204,7 +204,7 @@ __declspec(dllexport) bool TITCALL ExporterBuildExportTable(ULONG_PTR StorePlace
expExportData.AddressOfNameOrdinals = StorePlaceRVA + (DWORD)((ULONG_PTR)expBuildExportDataCWP - (ULONG_PTR)expBuildExportData);
RtlMoveMemory(expBuildExportDataCWP, &expOrdinals, 2 * expExportNumber);
expBuildExportDataCWP = (LPVOID)((ULONG_PTR)expBuildExportDataCWP + 2 * expExportNumber);
RtlMoveMemory(expBuildExportData, &expExportData, sizeof IMAGE_EXPORT_DIRECTORY);
RtlMoveMemory(expBuildExportData, &expExportData, sizeof(IMAGE_EXPORT_DIRECTORY));
RtlMoveMemory((LPVOID)StorePlace, expBuildExportData, (DWORD)((ULONG_PTR)expBuildExportDataCWP - (ULONG_PTR)expBuildExportData));
@ -259,7 +259,7 @@ __declspec(dllexport) bool TITCALL ExporterBuildExportTableEx(char* szExportFile
return false;
}
}
__declspec(dllexport) bool TITCALL ExporterBuildExportTableExW(wchar_t* szExportFileName, char* szSectionName)
__declspec(dllexport) bool TITCALL ExporterBuildExportTableExW(wchar_t* szExportFileName, const char* szSectionName)
{
HANDLE FileHandle;

96
TitanEngine/TitanEngine.Handler.cpp
View File

@ -1,5 +1,11 @@
#include "stdafx.h"
#include "definitions.h"
static inline HANDLE HandleFromNtHandle(USHORT handle)
{
return (HANDLE)(ULONG_PTR)handle;
}
#include "Global.Handle.h"
#include "Global.Engine.h"
@ -59,7 +65,7 @@ __declspec(dllexport) bool TITCALL HandlerIsHandleOpen(DWORD ProcessId, HANDLE h
for(ULONG i = 0; i < HandleInfo->NumberOfHandles; i++)
{
if((DWORD)pHandle->UniqueProcessId == ProcessId && (HANDLE)pHandle->HandleValue == hHandle)
if((DWORD)pHandle->UniqueProcessId == ProcessId && (HANDLE)(ULONG_PTR)pHandle->HandleValue == hHandle)
{
HandleActive = true;
break;
@ -92,7 +98,7 @@ __declspec(dllexport) void* TITCALL HandlerGetHandleNameW(HANDLE hProcess, DWORD
for(ULONG i = 0; i < HandleInfo->NumberOfHandles; i++)
{
if((DWORD)pHandle->UniqueProcessId == ProcessId && (HANDLE)pHandle->HandleValue == hHandle)
if((DWORD)pHandle->UniqueProcessId == ProcessId && (HANDLE)(ULONG_PTR)pHandle->HandleValue == hHandle)
{
if(pHandle->GrantedAccess != 0x0012019F) //Filter, because this GrantedAccess type can cause deadlocks!
{
@ -162,19 +168,19 @@ __declspec(dllexport) long TITCALL HandlerEnumerateOpenHandles(DWORD ProcessId,
return 0;
LPVOID QuerySystemBuffer = hinfo.GetPtr();
RtlMoveMemory(&TotalHandleCount, QuerySystemBuffer, sizeof ULONG);
RtlMoveMemory(&TotalHandleCount, QuerySystemBuffer, sizeof(ULONG));
QuerySystemBuffer = (LPVOID)((ULONG_PTR)QuerySystemBuffer + 4);
HandleInfo = (PNTDLL_QUERY_HANDLE_INFO)QuerySystemBuffer;
while(TotalHandleCount > NULL)
{
if(HandleInfo->ProcessId == ProcessId && HandleCount < MaxHandleCount)
{
myHandle = (HANDLE)HandleInfo->hHandle;
RtlMoveMemory(HandleBuffer, &myHandle, sizeof HANDLE);
HandleBuffer = (LPVOID)((ULONG_PTR)HandleBuffer + sizeof HANDLE);
myHandle = HandleFromNtHandle(HandleInfo->hHandle);
RtlMoveMemory(HandleBuffer, &myHandle, sizeof(HANDLE));
HandleBuffer = (LPVOID)((ULONG_PTR)HandleBuffer + sizeof(HANDLE));
HandleCount++;
}
HandleInfo = (PNTDLL_QUERY_HANDLE_INFO)((ULONG_PTR)HandleInfo + sizeof NTDLL_QUERY_HANDLE_INFO);
HandleInfo = (PNTDLL_QUERY_HANDLE_INFO)((ULONG_PTR)HandleInfo + sizeof(NTDLL_QUERY_HANDLE_INFO));
TotalHandleCount--;
}
return(HandleCount);
@ -199,17 +205,17 @@ __declspec(dllexport) ULONG_PTR TITCALL HandlerGetHandleDetails(HANDLE hProcess,
return 0;
LPVOID QuerySystemBuffer = hinfo.GetPtr();
RtlMoveMemory(&TotalHandleCount, QuerySystemBuffer, sizeof ULONG);
RtlMoveMemory(&TotalHandleCount, QuerySystemBuffer, sizeof(ULONG));
QuerySystemBuffer = (LPVOID)((ULONG_PTR)QuerySystemBuffer + 4);
HandleInfo = (PNTDLL_QUERY_HANDLE_INFO)QuerySystemBuffer;
while(TotalHandleCount > NULL)
{
if(HandleInfo->ProcessId == ProcessId && (HANDLE)HandleInfo->hHandle == hHandle)
if(HandleInfo->ProcessId == ProcessId && HandleFromNtHandle(HandleInfo->hHandle) == hHandle)
{
if(DuplicateHandle(hProcess, hHandle, GetCurrentProcess(), &myHandle, NULL, false, DUPLICATE_SAME_ACCESS))
{
RtlZeroMemory(&ObjectBasicInfo, sizeof OBJECT_BASIC_INFORMATION);
NtQueryObject(myHandle, ObjectBasicInformation, &ObjectBasicInfo, sizeof OBJECT_BASIC_INFORMATION, &RequiredSize);
RtlZeroMemory(&ObjectBasicInfo, sizeof(OBJECT_BASIC_INFORMATION));
NtQueryObject(myHandle, ObjectBasicInformation, &ObjectBasicInfo, sizeof(OBJECT_BASIC_INFORMATION), &RequiredSize);
if(InformationReturn == UE_OPTION_HANDLER_RETURN_HANDLECOUNT)
{
ReturnData = (ULONG_PTR)ObjectBasicInfo.HandleCount;
@ -261,7 +267,7 @@ __declspec(dllexport) ULONG_PTR TITCALL HandlerGetHandleDetails(HANDLE hProcess,
break;
}
}
HandleInfo = (PNTDLL_QUERY_HANDLE_INFO)((ULONG_PTR)HandleInfo + sizeof NTDLL_QUERY_HANDLE_INFO);
HandleInfo = (PNTDLL_QUERY_HANDLE_INFO)((ULONG_PTR)HandleInfo + sizeof(NTDLL_QUERY_HANDLE_INFO));
TotalHandleCount--;
}
if(!DontFreeStringMemory)
@ -323,7 +329,7 @@ __declspec(dllexport) long TITCALL HandlerEnumerateLockHandlesW(wchar_t* szFileO
LPVOID QuerySystemBuffer = hinfo.GetPtr();
RtlMoveMemory(&TotalHandleCount, QuerySystemBuffer, sizeof ULONG);
RtlMoveMemory(&TotalHandleCount, QuerySystemBuffer, sizeof(ULONG));
QuerySystemBuffer = (LPVOID)((ULONG_PTR)QuerySystemBuffer + 4);
HandleInfo = (PNTDLL_QUERY_HANDLE_INFO)QuerySystemBuffer;
while(TotalHandleCount > NULL)
@ -342,10 +348,10 @@ __declspec(dllexport) long TITCALL HandlerEnumerateLockHandlesW(wchar_t* szFileO
//if(!(HandleInfo->GrantedAccess & SYNCHRONIZE) || ((HandleInfo->GrantedAccess & SYNCHRONIZE) && ((WORD)HandleInfo->GrantedAccess != 0x19F9))){// && (WORD)HandleInfo->GrantedAccess != 0x89))){
if(HandleInfo->GrantedAccess != 0x0012019F)
{
if(DuplicateHandle(hProcess, (HANDLE)HandleInfo->hHandle, GetCurrentProcess(), &myHandle, NULL, false, DUPLICATE_SAME_ACCESS))
if(DuplicateHandle(hProcess, HandleFromNtHandle(HandleInfo->hHandle), GetCurrentProcess(), &myHandle, NULL, false, DUPLICATE_SAME_ACCESS))
{
RtlZeroMemory(&ObjectBasicInfo, sizeof OBJECT_BASIC_INFORMATION);
NtQueryObject(myHandle, ObjectBasicInformation, &ObjectBasicInfo, sizeof OBJECT_BASIC_INFORMATION, &RequiredSize);
RtlZeroMemory(&ObjectBasicInfo, sizeof(OBJECT_BASIC_INFORMATION));
NtQueryObject(myHandle, ObjectBasicInformation, &ObjectBasicInfo, sizeof(OBJECT_BASIC_INFORMATION), &RequiredSize);
NtQueryObject(myHandle, ObjectNameInformation, ObjectNameInfo, 8, &RequiredSize);
NtQueryObject(myHandle, ObjectNameInformation, ObjectNameInfo, RequiredSize, &RequiredSize);
RtlZeroMemory(HandleFullName, 0x1000);
@ -370,11 +376,11 @@ __declspec(dllexport) long TITCALL HandlerEnumerateLockHandlesW(wchar_t* szFileO
}
if(lstrcmpiW((LPCWSTR)HandleFullName, szFileOrFolderName) == NULL && MaxHandleCount > NULL)
{
RtlMoveMemory(HandleDataBuffer, &HandleInfo->ProcessId, sizeof ULONG);
HandleDataBuffer = (LPVOID)((ULONG_PTR)HandleDataBuffer + sizeof ULONG);
CopyHandle = (HANDLE)HandleInfo->hHandle;
RtlMoveMemory(HandleDataBuffer, &CopyHandle, sizeof HANDLE);
HandleDataBuffer = (LPVOID)((ULONG_PTR)HandleDataBuffer + sizeof HANDLE);
RtlMoveMemory(HandleDataBuffer, &HandleInfo->ProcessId, sizeof(ULONG));
HandleDataBuffer = (LPVOID)((ULONG_PTR)HandleDataBuffer + sizeof(ULONG));
CopyHandle = HandleFromNtHandle(HandleInfo->hHandle);
RtlMoveMemory(HandleDataBuffer, &CopyHandle, sizeof(HANDLE));
HandleDataBuffer = (LPVOID)((ULONG_PTR)HandleDataBuffer + sizeof(HANDLE));
FoundHandles++;
MaxHandleCount--;
}
@ -383,7 +389,7 @@ __declspec(dllexport) long TITCALL HandlerEnumerateLockHandlesW(wchar_t* szFileO
}
}
}
HandleInfo = (PNTDLL_QUERY_HANDLE_INFO)((ULONG_PTR)HandleInfo + sizeof NTDLL_QUERY_HANDLE_INFO);
HandleInfo = (PNTDLL_QUERY_HANDLE_INFO)((ULONG_PTR)HandleInfo + sizeof(NTDLL_QUERY_HANDLE_INFO));
TotalHandleCount--;
}
@ -430,7 +436,7 @@ __declspec(dllexport) bool TITCALL HandlerCloseAllLockHandlesW(wchar_t* szFileOr
LPVOID QuerySystemBuffer = hinfo.GetPtr();
RtlMoveMemory(&TotalHandleCount, QuerySystemBuffer, sizeof ULONG);
RtlMoveMemory(&TotalHandleCount, QuerySystemBuffer, sizeof(ULONG));
QuerySystemBuffer = (LPVOID)((ULONG_PTR)QuerySystemBuffer + 4);
HandleInfo = (PNTDLL_QUERY_HANDLE_INFO)QuerySystemBuffer;
while(TotalHandleCount > NULL)
@ -449,10 +455,10 @@ __declspec(dllexport) bool TITCALL HandlerCloseAllLockHandlesW(wchar_t* szFileOr
//if(!(HandleInfo->GrantedAccess & SYNCHRONIZE) || ((HandleInfo->GrantedAccess & SYNCHRONIZE) && ((WORD)HandleInfo->GrantedAccess != 0x19F9))){// && (WORD)HandleInfo->GrantedAccess != 0x89))){
if(HandleInfo->GrantedAccess != 0x0012019F)
{
if(DuplicateHandle(hProcess, (HANDLE)HandleInfo->hHandle, GetCurrentProcess(), &myHandle, NULL, false, DUPLICATE_SAME_ACCESS))
if(DuplicateHandle(hProcess, HandleFromNtHandle(HandleInfo->hHandle), GetCurrentProcess(), &myHandle, NULL, false, DUPLICATE_SAME_ACCESS))
{
RtlZeroMemory(&ObjectBasicInfo, sizeof OBJECT_BASIC_INFORMATION);
NtQueryObject(myHandle, ObjectBasicInformation, &ObjectBasicInfo, sizeof OBJECT_BASIC_INFORMATION, &RequiredSize);
RtlZeroMemory(&ObjectBasicInfo, sizeof(OBJECT_BASIC_INFORMATION));
NtQueryObject(myHandle, ObjectBasicInformation, &ObjectBasicInfo, sizeof(OBJECT_BASIC_INFORMATION), &RequiredSize);
NtQueryObject(myHandle, ObjectNameInformation, ObjectNameInfo, 8, &RequiredSize);
NtQueryObject(myHandle, ObjectNameInformation, ObjectNameInfo, RequiredSize, &RequiredSize);
RtlZeroMemory(HandleFullName, 0x1000);
@ -477,7 +483,7 @@ __declspec(dllexport) bool TITCALL HandlerCloseAllLockHandlesW(wchar_t* szFileOr
}
if(lstrcmpiW((LPCWSTR)HandleFullName, szFileOrFolderName) == NULL)
{
if(!HandlerCloseRemoteHandle(hProcess, (HANDLE)HandleInfo->hHandle))
if(!HandlerCloseRemoteHandle(hProcess, HandleFromNtHandle(HandleInfo->hHandle)))
{
AllHandled = false;
}
@ -487,7 +493,7 @@ __declspec(dllexport) bool TITCALL HandlerCloseAllLockHandlesW(wchar_t* szFileOr
}
}
}
HandleInfo = (PNTDLL_QUERY_HANDLE_INFO)((ULONG_PTR)HandleInfo + sizeof NTDLL_QUERY_HANDLE_INFO);
HandleInfo = (PNTDLL_QUERY_HANDLE_INFO)((ULONG_PTR)HandleInfo + sizeof(NTDLL_QUERY_HANDLE_INFO));
TotalHandleCount--;
}
@ -533,7 +539,7 @@ __declspec(dllexport) bool TITCALL HandlerIsFileLockedW(wchar_t* szFileOrFolderN
LPVOID QuerySystemBuffer = hinfo.GetPtr();
RtlMoveMemory(&TotalHandleCount, QuerySystemBuffer, sizeof ULONG);
RtlMoveMemory(&TotalHandleCount, QuerySystemBuffer, sizeof(ULONG));
QuerySystemBuffer = (LPVOID)((ULONG_PTR)QuerySystemBuffer + 4);
HandleInfo = (PNTDLL_QUERY_HANDLE_INFO)QuerySystemBuffer;
while(TotalHandleCount > NULL)
@ -552,10 +558,10 @@ __declspec(dllexport) bool TITCALL HandlerIsFileLockedW(wchar_t* szFileOrFolderN
//if(!(HandleInfo->GrantedAccess & SYNCHRONIZE) || ((HandleInfo->GrantedAccess & SYNCHRONIZE) && ((WORD)HandleInfo->GrantedAccess != 0x19F9))){// && (WORD)HandleInfo->GrantedAccess != 0x89))){
if(HandleInfo->GrantedAccess != 0x0012019F)
{
if(DuplicateHandle(hProcess, (HANDLE)HandleInfo->hHandle, GetCurrentProcess(), &myHandle, NULL, false, DUPLICATE_SAME_ACCESS))
if(DuplicateHandle(hProcess, HandleFromNtHandle(HandleInfo->hHandle), GetCurrentProcess(), &myHandle, NULL, false, DUPLICATE_SAME_ACCESS))
{
RtlZeroMemory(&ObjectBasicInfo, sizeof OBJECT_BASIC_INFORMATION);
NtQueryObject(myHandle, ObjectBasicInformation, &ObjectBasicInfo, sizeof OBJECT_BASIC_INFORMATION, &RequiredSize);
RtlZeroMemory(&ObjectBasicInfo, sizeof(OBJECT_BASIC_INFORMATION));
NtQueryObject(myHandle, ObjectBasicInformation, &ObjectBasicInfo, sizeof(OBJECT_BASIC_INFORMATION), &RequiredSize);
NtQueryObject(myHandle, ObjectNameInformation, ObjectNameInfo, 8, &RequiredSize);
NtQueryObject(myHandle, ObjectNameInformation, ObjectNameInfo, RequiredSize, &RequiredSize);
RtlZeroMemory(HandleFullName, 0x1000);
@ -588,7 +594,7 @@ __declspec(dllexport) bool TITCALL HandlerIsFileLockedW(wchar_t* szFileOrFolderN
}
}
}
HandleInfo = (PNTDLL_QUERY_HANDLE_INFO)((ULONG_PTR)HandleInfo + sizeof NTDLL_QUERY_HANDLE_INFO);
HandleInfo = (PNTDLL_QUERY_HANDLE_INFO)((ULONG_PTR)HandleInfo + sizeof(NTDLL_QUERY_HANDLE_INFO));
TotalHandleCount--;
}
return false;
@ -615,7 +621,7 @@ __declspec(dllexport) long TITCALL HandlerEnumerateOpenMutexes(HANDLE hProcess,
return 0;
LPVOID QuerySystemBuffer = hinfo.GetPtr();
RtlMoveMemory(&TotalHandleCount, QuerySystemBuffer, sizeof ULONG);
RtlMoveMemory(&TotalHandleCount, QuerySystemBuffer, sizeof(ULONG));
QuerySystemBuffer = (LPVOID)((ULONG_PTR)QuerySystemBuffer + 4);
HandleInfo = (PNTDLL_QUERY_HANDLE_INFO)QuerySystemBuffer;
while(TotalHandleCount > NULL)
@ -625,7 +631,7 @@ __declspec(dllexport) long TITCALL HandlerEnumerateOpenMutexes(HANDLE hProcess,
//if(!(HandleInfo->GrantedAccess & SYNCHRONIZE) || ((HandleInfo->GrantedAccess & SYNCHRONIZE) && ((WORD)HandleInfo->GrantedAccess != 0x19F9))){// && (WORD)HandleInfo->GrantedAccess != 0x89))){
if(HandleInfo->GrantedAccess != 0x0012019F)
{
if(DuplicateHandle(hProcess, (HANDLE)HandleInfo->hHandle, GetCurrentProcess(), &myHandle, NULL, false, DUPLICATE_SAME_ACCESS))
if(DuplicateHandle(hProcess, HandleFromNtHandle(HandleInfo->hHandle), GetCurrentProcess(), &myHandle, NULL, false, DUPLICATE_SAME_ACCESS))
{
RtlZeroMemory(HandleFullData, sizeof(HandleFullData));
NtQueryObject(myHandle, ObjectTypeInformation, HandleFullData, 8, &RequiredSize);
@ -636,9 +642,9 @@ __declspec(dllexport) long TITCALL HandlerEnumerateOpenMutexes(HANDLE hProcess,
WideCharToMultiByte(CP_ACP, NULL, (LPCWSTR)pObjectTypeInfo->TypeName.Buffer, -1, (LPSTR)HandleNameData, 0x1000, NULL, NULL);
if(lstrcmpiA((LPCSTR)HandleNameData, "Mutant") == NULL)
{
copyHandle = (HANDLE)HandleInfo->hHandle;
RtlMoveMemory(HandleBuffer, &copyHandle, sizeof HANDLE);
HandleBuffer = (LPVOID)((ULONG_PTR)HandleBuffer + sizeof HANDLE);
copyHandle = HandleFromNtHandle(HandleInfo->hHandle);
RtlMoveMemory(HandleBuffer, &copyHandle, sizeof(HANDLE));
HandleBuffer = (LPVOID)((ULONG_PTR)HandleBuffer + sizeof(HANDLE));
HandleCount++;
}
}
@ -646,7 +652,7 @@ __declspec(dllexport) long TITCALL HandlerEnumerateOpenMutexes(HANDLE hProcess,
}
}
}
HandleInfo = (PNTDLL_QUERY_HANDLE_INFO)((ULONG_PTR)HandleInfo + sizeof NTDLL_QUERY_HANDLE_INFO);
HandleInfo = (PNTDLL_QUERY_HANDLE_INFO)((ULONG_PTR)HandleInfo + sizeof(NTDLL_QUERY_HANDLE_INFO));
TotalHandleCount--;
}
return(HandleCount);
@ -675,7 +681,7 @@ __declspec(dllexport) ULONG_PTR TITCALL HandlerGetOpenMutexHandleW(HANDLE hProce
HANDLE myHandle;
char HandleBuffer[0x1000] = {0};
LPVOID cHandleBuffer = HandleBuffer;
int OpenHandleCount = HandlerEnumerateOpenMutexes(hProcess, ProcessId, HandleBuffer, 0x1000 / sizeof HANDLE);
int OpenHandleCount = HandlerEnumerateOpenMutexes(hProcess, ProcessId, HandleBuffer, 0x1000 / sizeof(HANDLE));
wchar_t RealMutexName[512] = L"\\BaseNamedObjects\\";
wchar_t* HandleName;
@ -684,7 +690,7 @@ __declspec(dllexport) ULONG_PTR TITCALL HandlerGetOpenMutexHandleW(HANDLE hProce
lstrcatW(RealMutexName, szMutexString);
for(i = 0; i < OpenHandleCount; i++)
{
RtlMoveMemory(&myHandle, cHandleBuffer, sizeof HANDLE);
RtlMoveMemory(&myHandle, cHandleBuffer, sizeof(HANDLE));
HandleName = (wchar_t*)HandlerGetHandleNameW(hProcess, ProcessId, myHandle, true);
if(HandleName != NULL)
{
@ -693,7 +699,7 @@ __declspec(dllexport) ULONG_PTR TITCALL HandlerGetOpenMutexHandleW(HANDLE hProce
return((ULONG_PTR)myHandle);
}
}
cHandleBuffer = (LPVOID)((ULONG_PTR)cHandleBuffer + sizeof HANDLE);
cHandleBuffer = (LPVOID)((ULONG_PTR)cHandleBuffer + sizeof(HANDLE));
}
}
return(NULL);
@ -738,7 +744,7 @@ __declspec(dllexport) long TITCALL HandlerGetProcessIdWhichCreatedMutexW(wchar_t
return 0;
LPVOID QuerySystemBuffer = hinfo.GetPtr();
RtlMoveMemory(&TotalHandleCount, QuerySystemBuffer, sizeof ULONG);
RtlMoveMemory(&TotalHandleCount, QuerySystemBuffer, sizeof(ULONG));
QuerySystemBuffer = (LPVOID)((ULONG_PTR)QuerySystemBuffer + 4);
HandleInfo = (PNTDLL_QUERY_HANDLE_INFO)QuerySystemBuffer;
while(TotalHandleCount > NULL)
@ -757,7 +763,7 @@ __declspec(dllexport) long TITCALL HandlerGetProcessIdWhichCreatedMutexW(wchar_t
//if(!(HandleInfo->GrantedAccess & SYNCHRONIZE) || ((HandleInfo->GrantedAccess & SYNCHRONIZE) && ((WORD)HandleInfo->GrantedAccess != 0x19F9))){// && (WORD)HandleInfo->GrantedAccess != 0x89))){
if(HandleInfo->GrantedAccess != 0x0012019F)
{
if(DuplicateHandle(hProcess, (HANDLE)HandleInfo->hHandle, GetCurrentProcess(), &myHandle, NULL, false, DUPLICATE_SAME_ACCESS))
if(DuplicateHandle(hProcess, HandleFromNtHandle(HandleInfo->hHandle), GetCurrentProcess(), &myHandle, NULL, false, DUPLICATE_SAME_ACCESS))
{
RtlZeroMemory(HandleFullData, sizeof(HandleFullData));
NtQueryObject(myHandle, ObjectTypeInformation, HandleFullData, 8, &RequiredSize);
@ -788,7 +794,7 @@ __declspec(dllexport) long TITCALL HandlerGetProcessIdWhichCreatedMutexW(wchar_t
}
}
}
HandleInfo = (PNTDLL_QUERY_HANDLE_INFO)((ULONG_PTR)HandleInfo + sizeof NTDLL_QUERY_HANDLE_INFO);
HandleInfo = (PNTDLL_QUERY_HANDLE_INFO)((ULONG_PTR)HandleInfo + sizeof(NTDLL_QUERY_HANDLE_INFO));
TotalHandleCount--;
}
return(ReturnData);

68
TitanEngine/TitanEngine.Hooks.cpp
View File

@ -17,7 +17,7 @@ static bool ProcessHookScanAddNewHook(PHOOK_ENTRY HookDetails, void* ptrOriginal
{
HOOK_ENTRY MyhookEntry = {};
RtlMoveMemory(&MyhookEntry, HookDetails, sizeof HOOK_ENTRY);
RtlMoveMemory(&MyhookEntry, HookDetails, sizeof(HOOK_ENTRY));
hookEntry.push_back(MyhookEntry);
return true;
}
@ -46,10 +46,10 @@ __declspec(dllexport) bool TITCALL HooksSafeTransitionEx(LPVOID HookAddressArray
{
#if defined (_WIN64)
ULONG_PTR HookAddress = (ULONG_PTR)myHookAddressArray->Array.qwArrayEntry[0];
myHookAddressArray = (PMEMORY_COMPARE_HANDLER)((ULONG_PTR)myHookAddressArray + sizeof ULONG_PTR);
myHookAddressArray = (PMEMORY_COMPARE_HANDLER)((ULONG_PTR)myHookAddressArray + sizeof(ULONG_PTR));
#else
ULONG_PTR HookAddress = (ULONG_PTR)myHookAddressArray->Array.dwArrayEntry[0];
myHookAddressArray = (PMEMORY_COMPARE_HANDLER)((ULONG_PTR)myHookAddressArray + sizeof ULONG_PTR);
myHookAddressArray = (PMEMORY_COMPARE_HANDLER)((ULONG_PTR)myHookAddressArray + sizeof(ULONG_PTR));
#endif
while(CurrentIP >= (ULONG_PTR)HookAddress && CurrentIP <= (ULONG_PTR)HookAddress + 5)
{
@ -84,7 +84,7 @@ __declspec(dllexport) bool TITCALL HooksSafeTransition(LPVOID HookAddress, bool
void* aHookAddress[1];
aHookAddress[0] = HookAddress;
return(HooksSafeTransitionEx(&aHookAddress[0], sizeof aHookAddress, TransitionStart));
return(HooksSafeTransitionEx(&aHookAddress[0], sizeof(aHookAddress), TransitionStart));
}
__declspec(dllexport) bool TITCALL HooksIsAddressRedirected(LPVOID HookAddress)
@ -176,22 +176,22 @@ __declspec(dllexport) bool TITCALL HooksInsertNewRedirection(LPVOID HookAddress,
if(CompareMemory->Array.bArrayEntry[0] == 0xE9 && CurrentInstructionSize == 5)
{
CalculatedRealingJump = (DWORD)((ULONG_PTR)RealignAddressTarget - (ULONG_PTR)RelocateMemory - CurrentInstructionSize);
RtlMoveMemory(&RelocateMemory->Array.bArrayEntry[1], &CalculatedRealingJump, sizeof CalculatedRealingJump);
RtlMoveMemory(&RelocateMemory->Array.bArrayEntry[1], &CalculatedRealingJump, sizeof(CalculatedRealingJump));
}
else if(CompareMemory->Array.bArrayEntry[0] >= 0x70 && CompareMemory->Array.bArrayEntry[0] <= 0x7F && CurrentInstructionSize == 2)
{
CalculatedRealingJump = (DWORD)((ULONG_PTR)RealignAddressTarget - (ULONG_PTR)RelocateMemory - CurrentInstructionSize);
RtlMoveMemory(&RelocateMemory->Array.bArrayEntry[2], &CalculatedRealingJump, sizeof CalculatedRealingJump);
RtlMoveMemory(&RelocateMemory->Array.bArrayEntry[2], &CalculatedRealingJump, sizeof(CalculatedRealingJump));
}
else if(CompareMemory->Array.bArrayEntry[0] == 0x0F && CompareMemory->Array.bArrayEntry[1] >= 0x80 && CompareMemory->Array.bArrayEntry[1] <= 0x8F && CurrentInstructionSize == 6)
{
CalculatedRealingJump = (DWORD)((ULONG_PTR)RealignAddressTarget - (ULONG_PTR)RelocateMemory - CurrentInstructionSize);
RtlMoveMemory(&RelocateMemory->Array.bArrayEntry[2], &CalculatedRealingJump, sizeof CalculatedRealingJump);
RtlMoveMemory(&RelocateMemory->Array.bArrayEntry[2], &CalculatedRealingJump, sizeof(CalculatedRealingJump));
}
else if(CompareMemory->Array.bArrayEntry[0] == 0xE8 && CurrentInstructionSize == 5)
{
CalculatedRealingJump = (DWORD)((ULONG_PTR)RealignAddressTarget - (ULONG_PTR)RelocateMemory - CurrentInstructionSize);
RtlMoveMemory(&RelocateMemory->Array.bArrayEntry[1], &CalculatedRealingJump, sizeof CalculatedRealingJump);
RtlMoveMemory(&RelocateMemory->Array.bArrayEntry[1], &CalculatedRealingJump, sizeof(CalculatedRealingJump));
}
}
}
@ -236,7 +236,7 @@ __declspec(dllexport) bool TITCALL HooksInsertNewRedirection(LPVOID HookAddress,
}
CalculatedRealingJump = (DWORD)((ULONG_PTR)RealignAddressTarget - (ULONG_PTR)WriteMemory - CurrentInstructionSize);
WriteMemory->Array.bArrayEntry[0] = 0xE9;
RtlMoveMemory(&WriteMemory->Array.bArrayEntry[1], &CalculatedRealingJump, sizeof CalculatedRealingJump);
RtlMoveMemory(&WriteMemory->Array.bArrayEntry[1], &CalculatedRealingJump, sizeof(CalculatedRealingJump));
myHook.RelocationInfo[myHook.RelocationCount] = (DWORD)((ULONG_PTR)WriteMemory - (ULONG_PTR)buffPatchedEntry);
WriteMemory = (PMEMORY_COMPARE_HANDLER)((ULONG_PTR)WriteMemory + CurrentInstructionSize);
myHook.RelocationCount++;
@ -245,7 +245,7 @@ __declspec(dllexport) bool TITCALL HooksInsertNewRedirection(LPVOID HookAddress,
{
CalculatedRealingJump = (DWORD)((ULONG_PTR)RealignAddressTarget - (ULONG_PTR)WriteMemory - 5);
WriteMemory->Array.bArrayEntry[0] = 0xE9;
RtlMoveMemory(&WriteMemory->Array.bArrayEntry[1], &CalculatedRealingJump, sizeof CalculatedRealingJump);
RtlMoveMemory(&WriteMemory->Array.bArrayEntry[1], &CalculatedRealingJump, sizeof(CalculatedRealingJump));
myHook.RelocationInfo[myHook.RelocationCount] = (DWORD)((ULONG_PTR)WriteMemory - (ULONG_PTR)buffPatchedEntry);
WriteMemory = (PMEMORY_COMPARE_HANDLER)((ULONG_PTR)WriteMemory + 5);
myHook.RelocationCount++;
@ -256,7 +256,7 @@ __declspec(dllexport) bool TITCALL HooksInsertNewRedirection(LPVOID HookAddress,
CalculatedRealingJump = (DWORD)((ULONG_PTR)RealignAddressTarget - (ULONG_PTR)WriteMemory - 6);
WriteMemory->Array.bArrayEntry[0] = 0x0F;
WriteMemory->Array.bArrayEntry[1] = CompareMemory->Array.bArrayEntry[0] + 0x10;
RtlMoveMemory(&WriteMemory->Array.bArrayEntry[2], &CalculatedRealingJump, sizeof CalculatedRealingJump);
RtlMoveMemory(&WriteMemory->Array.bArrayEntry[2], &CalculatedRealingJump, sizeof(CalculatedRealingJump));
myHook.RelocationInfo[myHook.RelocationCount] = (DWORD)((ULONG_PTR)WriteMemory - (ULONG_PTR)buffPatchedEntry);
WriteMemory = (PMEMORY_COMPARE_HANDLER)((ULONG_PTR)WriteMemory + 6);
myHook.RelocationCount++;
@ -269,7 +269,7 @@ __declspec(dllexport) bool TITCALL HooksInsertNewRedirection(LPVOID HookAddress,
WriteMemory->Array.bArrayEntry[4] = 0xFF;
WriteMemory->Array.bArrayEntry[5] = 0x25;
RtlZeroMemory(&WriteMemory->Array.bArrayEntry[6], 4);
RtlMoveMemory(&WriteMemory->Array.bArrayEntry[10], &x64CalculatedRealingJump, sizeof x64CalculatedRealingJump);
RtlMoveMemory(&WriteMemory->Array.bArrayEntry[10], &x64CalculatedRealingJump, sizeof(x64CalculatedRealingJump));
WriteMemory = (PMEMORY_COMPARE_HANDLER)((ULONG_PTR)WriteMemory + 18);
#endif
}
@ -278,7 +278,7 @@ __declspec(dllexport) bool TITCALL HooksInsertNewRedirection(LPVOID HookAddress,
#if !defined(_WIN64)
CalculatedRealingJump = (DWORD)((ULONG_PTR)RealignAddressTarget - (ULONG_PTR)WriteMemory - CurrentInstructionSize);
RtlMoveMemory(&WriteMemory->Array.bArrayEntry[0], &CompareMemory->Array.bArrayEntry[0], 2);
RtlMoveMemory(&WriteMemory->Array.bArrayEntry[2], &CalculatedRealingJump, sizeof CalculatedRealingJump);
RtlMoveMemory(&WriteMemory->Array.bArrayEntry[2], &CalculatedRealingJump, sizeof(CalculatedRealingJump));
myHook.RelocationInfo[myHook.RelocationCount] = (DWORD)((ULONG_PTR)WriteMemory - (ULONG_PTR)buffPatchedEntry);
WriteMemory = (PMEMORY_COMPARE_HANDLER)((ULONG_PTR)WriteMemory + CurrentInstructionSize);
myHook.RelocationCount++;
@ -295,7 +295,7 @@ __declspec(dllexport) bool TITCALL HooksInsertNewRedirection(LPVOID HookAddress,
WriteMemory->Array.bArrayEntry[8] = 0xFF;
WriteMemory->Array.bArrayEntry[9] = 0x25;
RtlZeroMemory(&WriteMemory->Array.bArrayEntry[10], 4);
RtlMoveMemory(&WriteMemory->Array.bArrayEntry[14], &x64CalculatedRealingJump, sizeof x64CalculatedRealingJump);
RtlMoveMemory(&WriteMemory->Array.bArrayEntry[14], &x64CalculatedRealingJump, sizeof(x64CalculatedRealingJump));
WriteMemory = (PMEMORY_COMPARE_HANDLER)((ULONG_PTR)WriteMemory + 22);
#endif
}
@ -303,7 +303,7 @@ __declspec(dllexport) bool TITCALL HooksInsertNewRedirection(LPVOID HookAddress,
{
CalculatedRealingJump = (DWORD)((ULONG_PTR)RealignAddressTarget - (ULONG_PTR)WriteMemory - CurrentInstructionSize);
WriteMemory->Array.bArrayEntry[0] = 0xE8;
RtlMoveMemory(&WriteMemory->Array.bArrayEntry[1], &CalculatedRealingJump, sizeof CalculatedRealingJump);
RtlMoveMemory(&WriteMemory->Array.bArrayEntry[1], &CalculatedRealingJump, sizeof(CalculatedRealingJump));
myHook.RelocationInfo[myHook.RelocationCount] = (DWORD)((ULONG_PTR)WriteMemory - (ULONG_PTR)buffPatchedEntry);
WriteMemory = (PMEMORY_COMPARE_HANDLER)((ULONG_PTR)WriteMemory + CurrentInstructionSize);
myHook.RelocationCount++;
@ -313,7 +313,7 @@ __declspec(dllexport) bool TITCALL HooksInsertNewRedirection(LPVOID HookAddress,
{
CalculatedRealingJump = (DWORD)((ULONG_PTR)RealignAddressTarget - (ULONG_PTR)WriteMemory - CurrentInstructionSize);
RtlMoveMemory(&WriteMemory->Array.bArrayEntry[0], &CompareMemory->Array.bArrayEntry[0], 2);
RtlMoveMemory(&WriteMemory->Array.bArrayEntry[2], &CalculatedRealingJump, sizeof CalculatedRealingJump);
RtlMoveMemory(&WriteMemory->Array.bArrayEntry[2], &CalculatedRealingJump, sizeof(CalculatedRealingJump));
WriteMemory = (PMEMORY_COMPARE_HANDLER)((ULONG_PTR)WriteMemory + CurrentInstructionSize);
#endif
}
@ -340,9 +340,9 @@ __declspec(dllexport) bool TITCALL HooksInsertNewRedirection(LPVOID HookAddress,
#else
CalculatedRealingJump = NULL;
#endif
RtlMoveMemory(&WriteMemory->Array.bArrayEntry[2], &CalculatedRealingJump, sizeof CalculatedRealingJump);
RtlMoveMemory(&WriteMemory->Array.bArrayEntry[6], &cHookAddress, sizeof CalculatedRealingJump);
WriteMemory = (PMEMORY_COMPARE_HANDLER)((ULONG_PTR)WriteMemory + 6 + sizeof ULONG_PTR);
RtlMoveMemory(&WriteMemory->Array.bArrayEntry[2], &CalculatedRealingJump, sizeof(CalculatedRealingJump));
RtlMoveMemory(&WriteMemory->Array.bArrayEntry[6], &cHookAddress, sizeof(CalculatedRealingJump));
WriteMemory = (PMEMORY_COMPARE_HANDLER)((ULONG_PTR)WriteMemory + 6 + sizeof(ULONG_PTR));
myHook.HookIsEnabled = true;
myHook.HookType = (BYTE)HookType;
myHook.HookAddress = HookAddress;
@ -360,7 +360,7 @@ __declspec(dllexport) bool TITCALL HooksInsertNewRedirection(LPVOID HookAddress,
if(VirtualProtect(HookAddress, TEE_MAXIMUM_HOOK_SIZE, PAGE_EXECUTE_READWRITE, &OldProtect))
{
WriteMemory->Array.bArrayEntry[0] = 0xE9;
RtlMoveMemory(&WriteMemory->Array.bArrayEntry[1], &CalculatedRealingJump, sizeof CalculatedRealingJump);
RtlMoveMemory(&WriteMemory->Array.bArrayEntry[1], &CalculatedRealingJump, sizeof(CalculatedRealingJump));
RtlMoveMemory(&myHook.HookBytes[0], HookAddress, TEE_MAXIMUM_HOOK_SIZE);
VirtualProtect(HookAddress, TEE_MAXIMUM_HOOK_SIZE, OldProtect, &OldProtect);
hookEntry.push_back(myHook);
@ -372,7 +372,7 @@ __declspec(dllexport) bool TITCALL HooksInsertNewRedirection(LPVOID HookAddress,
WriteMemory->Array.bArrayEntry[0] = 0xFF;
WriteMemory->Array.bArrayEntry[1] = 0x25;
RtlZeroMemory(&WriteMemory->Array.bArrayEntry[2], 4);
RtlMoveMemory(&WriteMemory->Array.bArrayEntry[6], &RedirectTo, sizeof RedirectTo);
RtlMoveMemory(&WriteMemory->Array.bArrayEntry[6], &RedirectTo, sizeof(RedirectTo));
RtlMoveMemory(&myHook.HookBytes[0], HookAddress, TEE_MAXIMUM_HOOK_SIZE);
VirtualProtect(HookAddress, TEE_MAXIMUM_HOOK_SIZE, OldProtect, &OldProtect);
hookEntry.push_back(myHook);
@ -387,7 +387,7 @@ __declspec(dllexport) bool TITCALL HooksInsertNewRedirection(LPVOID HookAddress,
if(VirtualProtect(HookAddress, TEE_MAXIMUM_HOOK_SIZE, PAGE_EXECUTE_READWRITE, &OldProtect))
{
WriteMemory->Array.bArrayEntry[0] = 0xE8;
RtlMoveMemory(&WriteMemory->Array.bArrayEntry[1], &CalculatedRealingJump, sizeof CalculatedRealingJump);
RtlMoveMemory(&WriteMemory->Array.bArrayEntry[1], &CalculatedRealingJump, sizeof(CalculatedRealingJump));
RtlMoveMemory(&myHook.HookBytes[0], HookAddress, TEE_MAXIMUM_HOOK_SIZE);
VirtualProtect(HookAddress, TEE_MAXIMUM_HOOK_SIZE, OldProtect, &OldProtect);
hookEntry.push_back(myHook);
@ -399,7 +399,7 @@ __declspec(dllexport) bool TITCALL HooksInsertNewRedirection(LPVOID HookAddress,
WriteMemory->Array.bArrayEntry[0] = 0xFF;
WriteMemory->Array.bArrayEntry[1] = 0x15;
RtlZeroMemory(&WriteMemory->Array.bArrayEntry[2], 4);
RtlMoveMemory(&WriteMemory->Array.bArrayEntry[6], &RedirectTo, sizeof RedirectTo);
RtlMoveMemory(&WriteMemory->Array.bArrayEntry[6], &RedirectTo, sizeof(RedirectTo));
RtlMoveMemory(&myHook.HookBytes[0], HookAddress, TEE_MAXIMUM_HOOK_SIZE);
VirtualProtect(HookAddress, TEE_MAXIMUM_HOOK_SIZE, OldProtect, &OldProtect);
hookEntry.push_back(myHook);
@ -430,7 +430,7 @@ __declspec(dllexport) bool TITCALL HooksInsertNewIATRedirectionEx(ULONG_PTR File
myHook.IATHook = true;
myHook.HookIsEnabled = true;
myHook.HookType = TEE_HOOK_IAT;
myHook.HookSize = sizeof ULONG_PTR;
myHook.HookSize = sizeof(ULONG_PTR);
myHook.RedirectionAddress = RedirectTo;
myHook.IATHookModuleBase = (void*)LoadedModuleBase;
myHook.IATHookNameHash = EngineHashString(szHookFunction);
@ -488,9 +488,9 @@ __declspec(dllexport) bool TITCALL HooksInsertNewIATRedirectionEx(ULONG_PTR File
}
}
CurrentThunk = CurrentThunk + 4;
ThunkData32 = (PIMAGE_THUNK_DATA32)((ULONG_PTR)ThunkData32 + sizeof IMAGE_THUNK_DATA32);
ThunkData32 = (PIMAGE_THUNK_DATA32)((ULONG_PTR)ThunkData32 + sizeof(IMAGE_THUNK_DATA32));
}
ImportIID = (PIMAGE_IMPORT_DESCRIPTOR)((ULONG_PTR)ImportIID + sizeof IMAGE_IMPORT_DESCRIPTOR);
ImportIID = (PIMAGE_IMPORT_DESCRIPTOR)((ULONG_PTR)ImportIID + sizeof(IMAGE_IMPORT_DESCRIPTOR));
}
return true;
}
@ -537,9 +537,9 @@ __declspec(dllexport) bool TITCALL HooksInsertNewIATRedirectionEx(ULONG_PTR File
}
}
CurrentThunk = CurrentThunk + 8;
ThunkData64 = (PIMAGE_THUNK_DATA64)((ULONG_PTR)ThunkData64 + sizeof IMAGE_THUNK_DATA64);
ThunkData64 = (PIMAGE_THUNK_DATA64)((ULONG_PTR)ThunkData64 + sizeof(IMAGE_THUNK_DATA64));
}
ImportIID = (PIMAGE_IMPORT_DESCRIPTOR)((ULONG_PTR)ImportIID + sizeof IMAGE_IMPORT_DESCRIPTOR);
ImportIID = (PIMAGE_IMPORT_DESCRIPTOR)((ULONG_PTR)ImportIID + sizeof(IMAGE_IMPORT_DESCRIPTOR));
}
return true;
}
@ -634,7 +634,7 @@ __declspec(dllexport) bool TITCALL HooksRemoveRedirectionsForModule(HMODULE Modu
DWORD OldProtect = PAGE_READONLY;
MODULEINFO RemoteModuleInfo;
if(GetModuleInformation(GetCurrentProcess(), ModuleBase, &RemoteModuleInfo, sizeof MODULEINFO))
if(GetModuleInformation(GetCurrentProcess(), ModuleBase, &RemoteModuleInfo, sizeof(MODULEINFO)))
{
while(i > NULL)
{
@ -731,7 +731,7 @@ __declspec(dllexport) bool TITCALL HooksDisableRedirectionsForModule(HMODULE Mod
DWORD OldProtect = PAGE_READONLY;
MODULEINFO RemoteModuleInfo;
if(GetModuleInformation(GetCurrentProcess(), ModuleBase, &RemoteModuleInfo, sizeof MODULEINFO))
if(GetModuleInformation(GetCurrentProcess(), ModuleBase, &RemoteModuleInfo, sizeof(MODULEINFO)))
{
while(i > NULL)
{
@ -831,7 +831,7 @@ __declspec(dllexport) bool TITCALL HooksEnableRedirectionsForModule(HMODULE Modu
DWORD OldProtect = PAGE_READONLY;
MODULEINFO RemoteModuleInfo;
if(GetModuleInformation(GetCurrentProcess(), ModuleBase, &RemoteModuleInfo, sizeof MODULEINFO))
if(GetModuleInformation(GetCurrentProcess(), ModuleBase, &RemoteModuleInfo, sizeof(MODULEINFO)))
{
while(i > NULL)
{
@ -950,12 +950,12 @@ __declspec(dllexport) void TITCALL HooksScanModuleMemory(HMODULE ModuleBase, LPV
}
else
{
RtlMoveMemory(&RemoteLibInfo, pRemoteLibInfo, sizeof LIBRARY_ITEM_DATA);
RtlMoveMemory(&RemoteLibInfo, pRemoteLibInfo, sizeof(LIBRARY_ITEM_DATA));
}
if(!FileError)
{
hSize = GetFileSize(RemoteLibInfo.hFile, NULL);
GetModuleInformation(hProcess, ModuleBase, &ModuleInfo, sizeof MODULEINFO);
GetModuleInformation(hProcess, ModuleBase, &ModuleInfo, sizeof(MODULEINFO));
DOSHeader = (PIMAGE_DOS_HEADER)RemoteLibInfo.hFileMappingView;
__try
{
@ -1125,5 +1125,5 @@ __declspec(dllexport) void TITCALL HooksScanEntireProcessMemory(LPVOID CallBack)
__declspec(dllexport) void TITCALL HooksScanEntireProcessMemoryEx()
{
HooksScanEntireProcessMemory(&ProcessHookScanAddNewHook);
HooksScanEntireProcessMemory(CallbackToObjectPointer(&ProcessHookScanAddNewHook));
}

22
TitanEngine/TitanEngine.Importer.cpp
View File

@ -420,9 +420,9 @@ __declspec(dllexport) bool TITCALL ImporterLoadImportTableW(wchar_t* szFileName)
ImporterAddNewAPI((char*)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)((ULONG_PTR)ThunkData32->u1.AddressOfData + 2 + PEHeader32->OptionalHeader.ImageBase), true), (ULONG_PTR)CurrentThunk + PEHeader32->OptionalHeader.ImageBase);
}
CurrentThunk = CurrentThunk + 4;
ThunkData32 = (PIMAGE_THUNK_DATA32)((ULONG_PTR)ThunkData32 + sizeof IMAGE_THUNK_DATA32);
ThunkData32 = (PIMAGE_THUNK_DATA32)((ULONG_PTR)ThunkData32 + sizeof(IMAGE_THUNK_DATA32));
}
ImportIID = (PIMAGE_IMPORT_DESCRIPTOR)((ULONG_PTR)ImportIID + sizeof IMAGE_IMPORT_DESCRIPTOR);
ImportIID = (PIMAGE_IMPORT_DESCRIPTOR)((ULONG_PTR)ImportIID + sizeof(IMAGE_IMPORT_DESCRIPTOR));
}
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return true;
@ -467,9 +467,9 @@ __declspec(dllexport) bool TITCALL ImporterLoadImportTableW(wchar_t* szFileName)
ImporterAddNewAPI((char*)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)((ULONG_PTR)ThunkData64->u1.AddressOfData + 2 + (ULONG_PTR)PEHeader64->OptionalHeader.ImageBase), true), (ULONG_PTR)CurrentThunk + (ULONG_PTR)PEHeader64->OptionalHeader.ImageBase);
}
CurrentThunk = CurrentThunk + 8;
ThunkData64 = (PIMAGE_THUNK_DATA64)((ULONG_PTR)ThunkData64 + sizeof IMAGE_THUNK_DATA64);
ThunkData64 = (PIMAGE_THUNK_DATA64)((ULONG_PTR)ThunkData64 + sizeof(IMAGE_THUNK_DATA64));
}
ImportIID = (PIMAGE_IMPORT_DESCRIPTOR)((ULONG_PTR)ImportIID + sizeof IMAGE_IMPORT_DESCRIPTOR);
ImportIID = (PIMAGE_IMPORT_DESCRIPTOR)((ULONG_PTR)ImportIID + sizeof(IMAGE_IMPORT_DESCRIPTOR));
}
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return true;
@ -539,8 +539,8 @@ __declspec(dllexport) void TITCALL ImporterAutoSearchIATW(DWORD ProcessId, wchar
scylla_getImports(iatStart, iatSize, ProcessId);
}
RtlMoveMemory(pIATStart, &iatStart, sizeof ULONG_PTR);
RtlMoveMemory(pIATSize, &iatSize, sizeof ULONG_PTR);
RtlMoveMemory(pIATStart, &iatStart, sizeof(ULONG_PTR));
RtlMoveMemory(pIATSize, &iatSize, sizeof(ULONG_PTR));
return;
}
@ -550,8 +550,8 @@ __declspec(dllexport) void TITCALL ImporterAutoSearchIATEx(DWORD ProcessId, ULON
wchar_t szTempName[MAX_PATH];
wchar_t szTempFolder[MAX_PATH];
RtlZeroMemory(&szTempName, sizeof szTempName);
RtlZeroMemory(&szTempFolder, sizeof szTempFolder);
RtlZeroMemory(&szTempName, sizeof(szTempName));
RtlZeroMemory(&szTempFolder, sizeof(szTempFolder));
if(GetTempPathW(MAX_PATH, szTempFolder) < MAX_PATH)
{
if(GetTempFileNameW(szTempFolder, L"DumpTemp", GetTickCount() + 102, szTempName))
@ -568,7 +568,7 @@ __declspec(dllexport) void TITCALL ImporterEnumAddedData(LPVOID EnumCallBack)
{
return scylla_enumImportTree(EnumCallBack);
}
__declspec(dllexport) long TITCALL ImporterAutoFixIATEx(DWORD ProcessId, char* szDumpedFile, char* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, bool TryAutoFix, bool FixEliminations, LPVOID UnknownPointerFixCallback)
__declspec(dllexport) long TITCALL ImporterAutoFixIATEx(DWORD ProcessId, const char* szDumpedFile, const char* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, bool TryAutoFix, bool FixEliminations, LPVOID UnknownPointerFixCallback)
{
wchar_t uniDumpedFile[MAX_PATH] = {};
@ -585,7 +585,7 @@ __declspec(dllexport) long TITCALL ImporterAutoFixIATEx(DWORD ProcessId, char* s
return(NULL); // Critical error! *just to be safe, but it should never happen!
}
}
__declspec(dllexport) long TITCALL ImporterAutoFixIATExW(DWORD ProcessId, wchar_t* szDumpedFile, wchar_t* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, bool TryAutoFix, bool FixEliminations, LPVOID UnknownPointerFixCallback)
__declspec(dllexport) long TITCALL ImporterAutoFixIATExW(DWORD ProcessId, const wchar_t* szDumpedFile, const wchar_t* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, bool TryAutoFix, bool FixEliminations, LPVOID UnknownPointerFixCallback)
{
HANDLE FileHandle;
DWORD FileSize;
@ -612,7 +612,7 @@ __declspec(dllexport) long TITCALL ImporterAutoFixIATExW(DWORD ProcessId, wchar_
{
HANDLE hProcess = EngineOpenProcess(PROCESS_VM_READ | PROCESS_QUERY_INFORMATION, FALSE, ProcessId);
if(!DumpProcessW(hProcess, (LPVOID)ImageBase, szDumpedFile, EntryPointAddress))
if(!DumpProcessW(hProcess, (LPVOID)ImageBase, DumpFileName, EntryPointAddress))
{
return(NULL); // Critical error! *just to be safe, but it should never happen!
}

18
TitanEngine/TitanEngine.Injector.cpp
View File

@ -34,7 +34,7 @@ __declspec(dllexport) bool TITCALL RemoteLoadLibraryW(HANDLE hProcess, wchar_t*
if(hProcess != NULL)
{
RtlZeroMemory(&APIData, sizeof InjectCodeData);
RtlZeroMemory(&APIData, sizeof(InjectCodeData));
APIData.fLoadLibrary = (ULONG_PTR)ImporterGetRemoteAPIAddress(hProcess, (ULONG_PTR)GetProcAddress(GetModuleHandleA("kernel32.dll"), "LoadLibraryW"));
APIData.fFreeLibrary = (ULONG_PTR)ImporterGetRemoteAPIAddress(hProcess, (ULONG_PTR)GetProcAddress(GetModuleHandleA("kernel32.dll"), "FreeLibrary"));
APIData.fGetModuleHandle = (ULONG_PTR)ImporterGetRemoteAPIAddress(hProcess, (ULONG_PTR)GetProcAddress(GetModuleHandleA("kernel32.dll"), "GetModuleHandleW"));
@ -43,9 +43,9 @@ __declspec(dllexport) bool TITCALL RemoteLoadLibraryW(HANDLE hProcess, wchar_t*
APIData.fExitProcess = (ULONG_PTR)ImporterGetRemoteAPIAddress(hProcess, (ULONG_PTR)GetProcAddress(GetModuleHandleA("kernel32.dll"), "ExitProcess"));
remCodeData = VirtualAllocEx(hProcess, NULL, remInjectSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
remStringData = VirtualAllocEx(hProcess, NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE);
if(WriteProcessMemory(hProcess, (LPVOID)((ULONG_PTR)remStringData + sizeof InjectCodeData), (LPCVOID)szLibraryFile, lstrlenW(szLibraryFile) * 2, &NumberOfBytesWritten))
if(WriteProcessMemory(hProcess, (LPVOID)((ULONG_PTR)remStringData + sizeof(InjectCodeData)), (LPCVOID)szLibraryFile, lstrlenW(szLibraryFile) * 2, &NumberOfBytesWritten))
{
WriteProcessMemory(hProcess, remStringData, &APIData, sizeof InjectCodeData, &NumberOfBytesWritten);
WriteProcessMemory(hProcess, remStringData, &APIData, sizeof(InjectCodeData), &NumberOfBytesWritten);
WriteProcessMemory(hProcess, remCodeData, (LPCVOID)&injectedRemoteLoadLibrary, remInjectSize, &NumberOfBytesWritten);
if(WaitForThreadExit)
{
@ -120,7 +120,7 @@ __declspec(dllexport) bool TITCALL RemoteFreeLibraryW(HANDLE hProcess, HMODULE h
if(hProcess != NULL)
{
RtlZeroMemory(&APIData, sizeof InjectCodeData);
RtlZeroMemory(&APIData, sizeof(InjectCodeData));
APIData.fLoadLibrary = (ULONG_PTR)ImporterGetRemoteAPIAddress(hProcess, (ULONG_PTR)GetProcAddress(GetModuleHandleA("kernel32.dll"), "LoadLibraryW"));
APIData.fFreeLibrary = (ULONG_PTR)ImporterGetRemoteAPIAddress(hProcess, (ULONG_PTR)GetProcAddress(GetModuleHandleA("kernel32.dll"), "FreeLibrary"));
APIData.fGetModuleHandle = (ULONG_PTR)ImporterGetRemoteAPIAddress(hProcess, (ULONG_PTR)GetProcAddress(GetModuleHandleA("kernel32.dll"), "GetModuleHandleW"));
@ -132,9 +132,9 @@ __declspec(dllexport) bool TITCALL RemoteFreeLibraryW(HANDLE hProcess, HMODULE h
if(hModule == NULL)
{
remStringData = VirtualAllocEx(hProcess, NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE);
if(WriteProcessMemory(hProcess, (LPVOID)((ULONG_PTR)remStringData + sizeof InjectCodeData), (LPCVOID)szLibraryFile, lstrlenW(szLibraryFile) * 2, &NumberOfBytesWritten))
if(WriteProcessMemory(hProcess, (LPVOID)((ULONG_PTR)remStringData + sizeof(InjectCodeData)), (LPCVOID)szLibraryFile, lstrlenW(szLibraryFile) * 2, &NumberOfBytesWritten))
{
WriteProcessMemory(hProcess, remStringData, &APIData, sizeof InjectCodeData, &NumberOfBytesWritten);
WriteProcessMemory(hProcess, remStringData, &APIData, sizeof(InjectCodeData), &NumberOfBytesWritten);
WriteProcessMemory(hProcess, remCodeData, (LPCVOID)&injectedRemoteFreeLibrarySimple, remInjectSize1, &NumberOfBytesWritten);
if(WaitForThreadExit)
{
@ -179,7 +179,7 @@ __declspec(dllexport) bool TITCALL RemoteFreeLibraryW(HANDLE hProcess, HMODULE h
else
{
remStringData = VirtualAllocEx(hProcess, NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE);
if(WriteProcessMemory(hProcess, remStringData, &APIData, sizeof InjectCodeData, &NumberOfBytesWritten))
if(WriteProcessMemory(hProcess, remStringData, &APIData, sizeof(InjectCodeData), &NumberOfBytesWritten))
{
WriteProcessMemory(hProcess, remCodeData, (LPCVOID)&injectedRemoteFreeLibrary, remInjectSize2, &NumberOfBytesWritten);
if(WaitForThreadExit)
@ -235,7 +235,7 @@ __declspec(dllexport) bool TITCALL RemoteExitProcess(HANDLE hProcess, DWORD Exit
if(hProcess != NULL)
{
RtlZeroMemory(&APIData, sizeof InjectCodeData);
RtlZeroMemory(&APIData, sizeof(InjectCodeData));
APIData.fLoadLibrary = (ULONG_PTR)ImporterGetRemoteAPIAddress(hProcess, (ULONG_PTR)GetProcAddress(GetModuleHandleA("kernel32.dll"), "LoadLibraryA"));
APIData.fFreeLibrary = (ULONG_PTR)ImporterGetRemoteAPIAddress(hProcess, (ULONG_PTR)GetProcAddress(GetModuleHandleA("kernel32.dll"), "FreeLibrary"));
APIData.fGetModuleHandle = (ULONG_PTR)ImporterGetRemoteAPIAddress(hProcess, (ULONG_PTR)GetProcAddress(GetModuleHandleA("kernel32.dll"), "GetModuleHandleA"));
@ -247,7 +247,7 @@ __declspec(dllexport) bool TITCALL RemoteExitProcess(HANDLE hProcess, DWORD Exit
remCodeData = VirtualAllocEx(hProcess, NULL, remInjectSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
if(WriteProcessMemory(hProcess, remCodeData, (LPCVOID)&injectedExitProcess, remInjectSize, &NumberOfBytesWritten))
{
WriteProcessMemory(hProcess, remStringData, &APIData, sizeof InjectCodeData, &NumberOfBytesWritten);
WriteProcessMemory(hProcess, remStringData, &APIData, sizeof(InjectCodeData), &NumberOfBytesWritten);
hThread = CreateRemoteThread(hProcess, NULL, NULL, (LPTHREAD_START_ROUTINE)remCodeData, remStringData, NULL, &ThreadId);
VirtualFreeEx(hProcess, remCodeData, NULL, MEM_RELEASE);
return true;

12
TitanEngine/TitanEngine.Librarian.cpp
View File

@ -42,13 +42,13 @@ __declspec(dllexport) void* TITCALL LibrarianGetLibraryInfo(char* szLibraryName)
LibInfo = (PLIBRARY_ITEM_DATAW)LibrarianGetLibraryInfoW(uniLibraryName);
if(LibInfo)
{
RtlZeroMemory(&LibraryInfoData, sizeof LIBRARY_ITEM_DATA);
RtlZeroMemory(&LibraryInfoData, sizeof(LIBRARY_ITEM_DATA));
LibraryInfoData.hFile = LibInfo->hFile;
LibraryInfoData.BaseOfDll = LibInfo->BaseOfDll;
LibraryInfoData.hFileMapping = LibInfo->hFileMapping;
LibraryInfoData.hFileMappingView = LibInfo->hFileMappingView;
WideCharToMultiByte(CP_ACP, NULL, LibInfo->szLibraryName, -1, &LibraryInfoData.szLibraryName[0], sizeof LibraryInfoData.szLibraryName, NULL, NULL);
WideCharToMultiByte(CP_ACP, NULL, LibInfo->szLibraryPath, -1, &LibraryInfoData.szLibraryPath[0], sizeof LibraryInfoData.szLibraryPath, NULL, NULL);
WideCharToMultiByte(CP_ACP, NULL, LibInfo->szLibraryName, -1, &LibraryInfoData.szLibraryName[0], sizeof(LibraryInfoData).szLibraryName, NULL, NULL);
WideCharToMultiByte(CP_ACP, NULL, LibInfo->szLibraryPath, -1, &LibraryInfoData.szLibraryPath[0], sizeof(LibraryInfoData).szLibraryPath, NULL, NULL);
return((void*)&LibraryInfoData);
}
@ -79,13 +79,13 @@ __declspec(dllexport) void* TITCALL LibrarianGetLibraryInfoEx(void* BaseOfDll)
LibInfo = (PLIBRARY_ITEM_DATAW)LibrarianGetLibraryInfoExW(BaseOfDll);
if(LibInfo)
{
RtlZeroMemory(&LibraryInfoData, sizeof LIBRARY_ITEM_DATA);
RtlZeroMemory(&LibraryInfoData, sizeof(LIBRARY_ITEM_DATA));
LibraryInfoData.hFile = LibInfo->hFile;
LibraryInfoData.BaseOfDll = LibInfo->BaseOfDll;
LibraryInfoData.hFileMapping = LibInfo->hFileMapping;
LibraryInfoData.hFileMappingView = LibInfo->hFileMappingView;
WideCharToMultiByte(CP_ACP, NULL, LibInfo->szLibraryName, -1, &LibraryInfoData.szLibraryName[0], sizeof LibraryInfoData.szLibraryName, NULL, NULL);
WideCharToMultiByte(CP_ACP, NULL, LibInfo->szLibraryPath, -1, &LibraryInfoData.szLibraryPath[0], sizeof LibraryInfoData.szLibraryPath, NULL, NULL);
WideCharToMultiByte(CP_ACP, NULL, LibInfo->szLibraryName, -1, &LibraryInfoData.szLibraryName[0], sizeof(LibraryInfoData).szLibraryName, NULL, NULL);
WideCharToMultiByte(CP_ACP, NULL, LibInfo->szLibraryPath, -1, &LibraryInfoData.szLibraryPath[0], sizeof(LibraryInfoData).szLibraryPath, NULL, NULL);
return (void*)&LibraryInfoData;
}

2
TitanEngine/TitanEngine.OEPFinder.cpp
View File

@ -29,7 +29,7 @@ __declspec(dllexport) bool TITCALL FindOEPGenericallyW(wchar_t* szFileName, LPVO
if(GenericOEPFileInitW(szFileName, TraceInitCallBack, CallBack))
{
InitDebugExW(szFileName, NULL, NULL, &GenericOEPTraceInit);
InitDebugExW(szFileName, NULL, NULL, CallbackToObjectPointer(&GenericOEPTraceInit));
DebugLoop();
for(i = 0; i < glbEntryTracerData.SectionNumber; i++)
{

44
TitanEngine/TitanEngine.PE.Fixer.cpp
View File

@ -57,7 +57,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
ULONG_PTR FileMapVA;
WORD ResourceNamesTable[22] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 16, 17, 18, 19, 20, 21, 22, 23, 24};
RtlZeroMemory(&myFileStatusInfo, sizeof FILE_STATUS_INFO);
RtlZeroMemory(&myFileStatusInfo, sizeof(FILE_STATUS_INFO));
if(MapFileExW(szFileName, UE_ACCESS_READ, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL))
{
DOSHeader = (PIMAGE_DOS_HEADER)FileMapVA;
@ -81,7 +81,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
myFileStatusInfo.SignaturePE = UE_FIELD_BROKEN_NON_FIXABLE;
if(FileStatusInfo != NULL)
{
RtlMoveMemory(FileStatusInfo, &myFileStatusInfo, sizeof FILE_STATUS_INFO);
RtlMoveMemory(FileStatusInfo, &myFileStatusInfo, sizeof(FILE_STATUS_INFO));
}
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return false;
@ -489,7 +489,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
}
}
CurrentThunk = CurrentThunk + 4;
ThunkData32 = (PIMAGE_THUNK_DATA32)((ULONG_PTR)ThunkData32 + sizeof IMAGE_THUNK_DATA32);
ThunkData32 = (PIMAGE_THUNK_DATA32)((ULONG_PTR)ThunkData32 + sizeof(IMAGE_THUNK_DATA32));
}
}
else
@ -500,7 +500,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
{
VirtualFree((LPVOID)hLoadedModule, NULL, MEM_RELEASE);
}
ImportIID = (PIMAGE_IMPORT_DESCRIPTOR)((ULONG_PTR)ImportIID + sizeof IMAGE_IMPORT_DESCRIPTOR);
ImportIID = (PIMAGE_IMPORT_DESCRIPTOR)((ULONG_PTR)ImportIID + sizeof(IMAGE_IMPORT_DESCRIPTOR));
}
}
}
@ -630,7 +630,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
{
myFileStatusInfo.BoundImportTable = UE_FIELD_FIXABLE_CRITICAL;
}
BoundIID = (PIMAGE_BOUND_IMPORT_DESCRIPTOR)((ULONG_PTR)BoundIID + sizeof IMAGE_BOUND_IMPORT_DESCRIPTOR);
BoundIID = (PIMAGE_BOUND_IMPORT_DESCRIPTOR)((ULONG_PTR)BoundIID + sizeof(IMAGE_BOUND_IMPORT_DESCRIPTOR));
}
}
}
@ -750,7 +750,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
}
if(NumberOfSections > 1)
{
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + sizeof IMAGE_SECTION_HEADER);
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + sizeof(IMAGE_SECTION_HEADER));
if(SectionVirtualSize > PESections->VirtualAddress || SectionVirtualSizeFixed > PESections->VirtualAddress)
{
myFileStatusInfo.SectionTable = UE_FIELD_FIXABLE_CRITICAL;
@ -804,7 +804,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
*/
if(FileStatusInfo != NULL)
{
RtlMoveMemory(FileStatusInfo, &myFileStatusInfo, sizeof FILE_STATUS_INFO);
RtlMoveMemory(FileStatusInfo, &myFileStatusInfo, sizeof(FILE_STATUS_INFO));
}
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
if(myFileStatusInfo.OveralEvaluation == UE_RESULT_FILE_OK)
@ -819,7 +819,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
myFileStatusInfo.SignaturePE = UE_FIELD_BROKEN_NON_FIXABLE;
if(FileStatusInfo != NULL)
{
RtlMoveMemory(FileStatusInfo, &myFileStatusInfo, sizeof FILE_STATUS_INFO);
RtlMoveMemory(FileStatusInfo, &myFileStatusInfo, sizeof(FILE_STATUS_INFO));
}
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return false;
@ -1228,7 +1228,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
}
}
CurrentThunk = CurrentThunk + 8;
ThunkData64 = (PIMAGE_THUNK_DATA64)((ULONG_PTR)ThunkData64 + sizeof IMAGE_THUNK_DATA64);
ThunkData64 = (PIMAGE_THUNK_DATA64)((ULONG_PTR)ThunkData64 + sizeof(IMAGE_THUNK_DATA64));
}
}
else
@ -1239,7 +1239,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
{
VirtualFree((LPVOID)hLoadedModule, NULL, MEM_RELEASE);
}
ImportIID = (PIMAGE_IMPORT_DESCRIPTOR)((ULONG_PTR)ImportIID + sizeof IMAGE_IMPORT_DESCRIPTOR);
ImportIID = (PIMAGE_IMPORT_DESCRIPTOR)((ULONG_PTR)ImportIID + sizeof(IMAGE_IMPORT_DESCRIPTOR));
}
}
}
@ -1369,7 +1369,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
{
myFileStatusInfo.BoundImportTable = UE_FIELD_FIXABLE_CRITICAL;
}
BoundIID = (PIMAGE_BOUND_IMPORT_DESCRIPTOR)((ULONG_PTR)BoundIID + sizeof IMAGE_BOUND_IMPORT_DESCRIPTOR);
BoundIID = (PIMAGE_BOUND_IMPORT_DESCRIPTOR)((ULONG_PTR)BoundIID + sizeof(IMAGE_BOUND_IMPORT_DESCRIPTOR));
}
}
}
@ -1489,7 +1489,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
}
if(NumberOfSections > 1)
{
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + sizeof IMAGE_SECTION_HEADER);
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + sizeof(IMAGE_SECTION_HEADER));
if(SectionVirtualSize > PESections->VirtualAddress || SectionVirtualSizeFixed > PESections->VirtualAddress)
{
myFileStatusInfo.SectionTable = UE_FIELD_FIXABLE_CRITICAL;
@ -1543,7 +1543,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
*/
if(FileStatusInfo != NULL)
{
RtlMoveMemory(FileStatusInfo, &myFileStatusInfo, sizeof FILE_STATUS_INFO);
RtlMoveMemory(FileStatusInfo, &myFileStatusInfo, sizeof(FILE_STATUS_INFO));
}
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
if(myFileStatusInfo.OveralEvaluation == UE_RESULT_FILE_OK)
@ -1558,7 +1558,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
myFileStatusInfo.SignaturePE = UE_FIELD_BROKEN_NON_FIXABLE;
if(FileStatusInfo != NULL)
{
RtlMoveMemory(FileStatusInfo, &myFileStatusInfo, sizeof FILE_STATUS_INFO);
RtlMoveMemory(FileStatusInfo, &myFileStatusInfo, sizeof(FILE_STATUS_INFO));
}
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return false;
@ -1571,7 +1571,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
myFileStatusInfo.SignatureMZ = UE_FIELD_BROKEN_NON_FIXABLE;
if(FileStatusInfo != NULL)
{
RtlMoveMemory(FileStatusInfo, &myFileStatusInfo, sizeof FILE_STATUS_INFO);
RtlMoveMemory(FileStatusInfo, &myFileStatusInfo, sizeof(FILE_STATUS_INFO));
}
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return false;
@ -1579,7 +1579,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
}
if(FileStatusInfo != NULL)
{
RtlMoveMemory(FileStatusInfo, &myFileStatusInfo, sizeof FILE_STATUS_INFO);
RtlMoveMemory(FileStatusInfo, &myFileStatusInfo, sizeof(FILE_STATUS_INFO));
}
return false;
}
@ -1811,14 +1811,14 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
}
}
CurrentThunk = CurrentThunk + 4;
ThunkData32 = (PIMAGE_THUNK_DATA32)((ULONG_PTR)ThunkData32 + sizeof IMAGE_THUNK_DATA32);
ThunkData32 = (PIMAGE_THUNK_DATA32)((ULONG_PTR)ThunkData32 + sizeof(IMAGE_THUNK_DATA32));
}
}
if(hLoadedModuleSimulated)
{
VirtualFree((LPVOID)hLoadedModule, NULL, MEM_RELEASE);
}
ImportIID = (PIMAGE_IMPORT_DESCRIPTOR)((ULONG_PTR)ImportIID + sizeof IMAGE_IMPORT_DESCRIPTOR);
ImportIID = (PIMAGE_IMPORT_DESCRIPTOR)((ULONG_PTR)ImportIID + sizeof(IMAGE_IMPORT_DESCRIPTOR));
}
}
}
@ -2230,7 +2230,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
}
if(NumberOfSections > 1)
{
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + sizeof IMAGE_SECTION_HEADER);
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + sizeof(IMAGE_SECTION_HEADER));
if(SectionVirtualSize > PESections->VirtualAddress || SectionVirtualSizeFixed > PESections->VirtualAddress)
{
PESections->Misc.VirtualSize = SectionVirtualSizeFixed;
@ -2404,14 +2404,14 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
}
}
CurrentThunk = CurrentThunk + 8;
ThunkData64 = (PIMAGE_THUNK_DATA64)((ULONG_PTR)ThunkData64 + sizeof IMAGE_THUNK_DATA64);
ThunkData64 = (PIMAGE_THUNK_DATA64)((ULONG_PTR)ThunkData64 + sizeof(IMAGE_THUNK_DATA64));
}
}
if(hLoadedModuleSimulated)
{
VirtualFree((LPVOID)hLoadedModule, NULL, MEM_RELEASE);
}
ImportIID = (PIMAGE_IMPORT_DESCRIPTOR)((ULONG_PTR)ImportIID + sizeof IMAGE_IMPORT_DESCRIPTOR);
ImportIID = (PIMAGE_IMPORT_DESCRIPTOR)((ULONG_PTR)ImportIID + sizeof(IMAGE_IMPORT_DESCRIPTOR));
}
}
}
@ -2823,7 +2823,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV
}
if(NumberOfSections > 1)
{
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + sizeof IMAGE_SECTION_HEADER);
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + sizeof(IMAGE_SECTION_HEADER));
if(SectionVirtualSize > PESections->VirtualAddress || SectionVirtualSizeFixed > PESections->VirtualAddress)
{
PESections->Misc.VirtualSize = SectionVirtualSizeFixed;

64
TitanEngine/TitanEngine.PE.Section.cpp
View File

@ -160,17 +160,17 @@ __declspec(dllexport) bool TITCALL ResortFileSectionsW(wchar_t* szFileName)
LPVOID sortedFileName;
DynBuf sortedFileNameBuf;
if(engineBackupForCriticalFunctions && CreateGarbageItem(&szBackupItem, sizeof szBackupItem))
if(engineBackupForCriticalFunctions && CreateGarbageItem(&szBackupItem, sizeof(szBackupItem)))
{
if(!FillGarbageItem(szBackupItem, szFileName, &szBackupFile, sizeof szBackupItem))
if(!FillGarbageItem(szBackupItem, szFileName, &szBackupFile, sizeof(szBackupItem)))
{
RtlZeroMemory(&szBackupItem, sizeof szBackupItem);
RtlZeroMemory(&szBackupItem, sizeof(szBackupItem));
lstrcpyW(szBackupFile, szFileName);
}
}
else
{
RtlZeroMemory(&szBackupItem, sizeof szBackupItem);
RtlZeroMemory(&szBackupItem, sizeof(szBackupItem));
lstrcpyW(szBackupFile, szFileName);
}
if(MapFileExW(szBackupFile, UE_ACCESS_ALL, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL))
@ -370,17 +370,17 @@ __declspec(dllexport) bool TITCALL MakeAllSectionsRWEW(wchar_t* szFileName)
HANDLE FileMap;
ULONG_PTR FileMapVA;
if(engineBackupForCriticalFunctions && CreateGarbageItem(&szBackupItem, sizeof szBackupItem))
if(engineBackupForCriticalFunctions && CreateGarbageItem(&szBackupItem, sizeof(szBackupItem)))
{
if(!FillGarbageItem(szBackupItem, szFileName, &szBackupFile, sizeof szBackupItem))
if(!FillGarbageItem(szBackupItem, szFileName, &szBackupFile, sizeof(szBackupItem)))
{
RtlZeroMemory(&szBackupItem, sizeof szBackupItem);
RtlZeroMemory(&szBackupItem, sizeof(szBackupItem));
lstrcpyW(szBackupFile, szFileName);
}
}
else
{
RtlZeroMemory(&szBackupItem, sizeof szBackupItem);
RtlZeroMemory(&szBackupItem, sizeof(szBackupItem));
lstrcpyW(szBackupFile, szFileName);
}
if(MapFileExW(szBackupFile, UE_ACCESS_ALL, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL))
@ -509,7 +509,7 @@ __declspec(dllexport) long TITCALL AddNewSectionEx(char* szFileName, char* szSec
}
}
__declspec(dllexport) long TITCALL AddNewSectionExW(wchar_t* szFileName, char* szSectionName, DWORD SectionSize, DWORD SectionAttributes, LPVOID SectionContent, DWORD ContentSize)
__declspec(dllexport) long TITCALL AddNewSectionExW(wchar_t* szFileName, const char* szSectionName, DWORD SectionSize, DWORD SectionAttributes, LPVOID SectionContent, DWORD ContentSize)
{
bool OverlayHasBeenRemoved = false;
wchar_t szBackupOverlayFile[MAX_PATH] = {};
@ -544,18 +544,18 @@ __declspec(dllexport) long TITCALL AddNewSectionExW(wchar_t* szFileName, char* s
SectionSize = ContentSize;
}
if(engineBackupForCriticalFunctions && CreateGarbageItem(&szBackupItem, sizeof szBackupItem))
if(engineBackupForCriticalFunctions && CreateGarbageItem(&szBackupItem, sizeof(szBackupItem)))
{
if(!FillGarbageItem(szBackupItem, szFileName, &szBackupFile, sizeof szBackupItem))
if(!FillGarbageItem(szBackupItem, szFileName, &szBackupFile, sizeof(szBackupItem)))
{
RtlZeroMemory(&szBackupItem, sizeof szBackupItem);
RtlZeroMemory(&szBackupItem, sizeof(szBackupItem));
lstrcpyW(szBackupFile, szFileName);
}
if(FindOverlayW(szBackupFile, NULL, NULL))
{
if(!FillGarbageItem(szBackupItem, NULL, &szBackupOverlayFile, sizeof szBackupItem))
if(!FillGarbageItem(szBackupItem, NULL, &szBackupOverlayFile, sizeof(szBackupItem)))
{
RtlZeroMemory(&szBackupOverlayFile, sizeof szBackupOverlayFile);
RtlZeroMemory(&szBackupOverlayFile, sizeof(szBackupOverlayFile));
}
else
{
@ -568,7 +568,7 @@ __declspec(dllexport) long TITCALL AddNewSectionExW(wchar_t* szFileName, char* s
}
else
{
RtlZeroMemory(&szBackupItem, sizeof szBackupItem);
RtlZeroMemory(&szBackupItem, sizeof(szBackupItem));
lstrcpyW(szBackupFile, szFileName);
}
if(MapFileExW(szBackupFile, UE_ACCESS_READ, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL))
@ -608,7 +608,7 @@ __declspec(dllexport) long TITCALL AddNewSectionExW(wchar_t* szFileName, char* s
{
SectionSize = alignedSectionSize;
}
SpaceLeft = PESections->PointerToRawData - (SectionNumber * IMAGE_SIZEOF_SECTION_HEADER) - DOSHeader->e_lfanew - sizeof IMAGE_NT_HEADERS32;
SpaceLeft = PESections->PointerToRawData - (SectionNumber * IMAGE_SIZEOF_SECTION_HEADER) - DOSHeader->e_lfanew - sizeof(IMAGE_NT_HEADERS32);
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + (SectionNumber - 1) * IMAGE_SIZEOF_SECTION_HEADER);
LastSectionRawSize = (PESections->SizeOfRawData / PEHeader32->OptionalHeader.FileAlignment) * PEHeader32->OptionalHeader.FileAlignment;
if(LastSectionRawSize < PESections->SizeOfRawData)
@ -641,7 +641,7 @@ __declspec(dllexport) long TITCALL AddNewSectionExW(wchar_t* szFileName, char* s
{
SectionSize = alignedSectionSize;
}
SpaceLeft = PESections->PointerToRawData - (SectionNumber * IMAGE_SIZEOF_SECTION_HEADER) - DOSHeader->e_lfanew - sizeof IMAGE_NT_HEADERS64;
SpaceLeft = PESections->PointerToRawData - (SectionNumber * IMAGE_SIZEOF_SECTION_HEADER) - DOSHeader->e_lfanew - sizeof(IMAGE_NT_HEADERS64);
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + (SectionNumber - 1) * IMAGE_SIZEOF_SECTION_HEADER);
LastSectionRawSize = (PESections->SizeOfRawData / PEHeader64->OptionalHeader.FileAlignment) * PEHeader64->OptionalHeader.FileAlignment;
if(LastSectionRawSize < PESections->SizeOfRawData)
@ -746,7 +746,7 @@ __declspec(dllexport) long TITCALL AddNewSectionExW(wchar_t* szFileName, char* s
{
if(CopyFileW(szBackupFile, szFileName, false))
{
if(OverlayHasBeenRemoved && !AddOverlayW(szFileName, szBackupOverlayFile))
if(OverlayHasBeenRemoved && !AddOverlayW((wchar_t*)szFileName, szBackupOverlayFile))
{
RemoveGarbageItem(szBackupItem, true);
return(0);
@ -828,7 +828,7 @@ __declspec(dllexport) long TITCALL AddNewSectionExW(wchar_t* szFileName, char* s
{
if(CopyFileW(szBackupFile, szFileName, false))
{
if(OverlayHasBeenRemoved && !AddOverlayW(szFileName, szBackupOverlayFile))
if(OverlayHasBeenRemoved && !AddOverlayW((wchar_t*)szFileName, szBackupOverlayFile))
{
RemoveGarbageItem(szBackupItem, true);
return(0);
@ -872,7 +872,7 @@ __declspec(dllexport) long TITCALL AddNewSection(char* szFileName, char* szSecti
return AddNewSectionEx(szFileName, szSectionName, SectionSize, NULL, NULL, NULL);
}
__declspec(dllexport) long TITCALL AddNewSectionW(wchar_t* szFileName, char* szSectionName, DWORD SectionSize)
__declspec(dllexport) long TITCALL AddNewSectionW(wchar_t* szFileName, const char* szSectionName, DWORD SectionSize)
{
return AddNewSectionExW(szFileName, szSectionName, SectionSize, NULL, NULL, NULL);
}
@ -908,17 +908,17 @@ __declspec(dllexport) bool TITCALL ResizeLastSectionW(wchar_t* szFileName, DWORD
HANDLE FileMap;
ULONG_PTR FileMapVA;
if(engineBackupForCriticalFunctions && CreateGarbageItem(&szBackupItem, sizeof szBackupItem))
if(engineBackupForCriticalFunctions && CreateGarbageItem(&szBackupItem, sizeof(szBackupItem)))
{
if(!FillGarbageItem(szBackupItem, szFileName, &szBackupFile, sizeof szBackupItem))
if(!FillGarbageItem(szBackupItem, szFileName, &szBackupFile, sizeof(szBackupItem)))
{
RtlZeroMemory(&szBackupItem, sizeof szBackupItem);
RtlZeroMemory(&szBackupItem, sizeof(szBackupItem));
lstrcpyW(szBackupFile, szFileName);
}
}
else
{
RtlZeroMemory(&szBackupItem, sizeof szBackupItem);
RtlZeroMemory(&szBackupItem, sizeof(szBackupItem));
lstrcpyW(szBackupFile, szFileName);
}
if(MapFileExW(szBackupFile, UE_ACCESS_ALL, &FileHandle, &FileSize, &FileMap, &FileMapVA, NumberOfExpandBytes))
@ -1125,17 +1125,17 @@ __declspec(dllexport) bool TITCALL DeleteLastSectionW(wchar_t* szFileName)
HANDLE FileMap;
ULONG_PTR FileMapVA;
if(engineBackupForCriticalFunctions && CreateGarbageItem(&szBackupItem, sizeof szBackupItem))
if(engineBackupForCriticalFunctions && CreateGarbageItem(&szBackupItem, sizeof(szBackupItem)))
{
if(!FillGarbageItem(szBackupItem, szFileName, &szBackupFile, sizeof szBackupItem))
if(!FillGarbageItem(szBackupItem, szFileName, &szBackupFile, sizeof(szBackupItem)))
{
RtlZeroMemory(&szBackupItem, sizeof szBackupItem);
RtlZeroMemory(&szBackupItem, sizeof(szBackupItem));
lstrcpyW(szBackupFile, szFileName);
}
}
else
{
RtlZeroMemory(&szBackupItem, sizeof szBackupItem);
RtlZeroMemory(&szBackupItem, sizeof(szBackupItem));
lstrcpyW(szBackupFile, szFileName);
}
if(MapFileExW(szBackupFile, UE_ACCESS_ALL, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL))
@ -1322,17 +1322,17 @@ __declspec(dllexport) bool TITCALL WipeSectionW(wchar_t* szFileName, int WipeSec
HANDLE FileMap;
ULONG_PTR FileMapVA;
if(engineBackupForCriticalFunctions && CreateGarbageItem(&szBackupItem, sizeof szBackupItem))
if(engineBackupForCriticalFunctions && CreateGarbageItem(&szBackupItem, sizeof(szBackupItem)))
{
if(!FillGarbageItem(szBackupItem, szFileName, &szBackupFile, sizeof szBackupItem))
if(!FillGarbageItem(szBackupItem, szFileName, &szBackupFile, sizeof(szBackupItem)))
{
RtlZeroMemory(&szBackupItem, sizeof szBackupItem);
RtlZeroMemory(&szBackupItem, sizeof(szBackupItem));
lstrcpyW(szBackupFile, szFileName);
}
}
else
{
RtlZeroMemory(&szBackupItem, sizeof szBackupItem);
RtlZeroMemory(&szBackupItem, sizeof(szBackupItem));
lstrcpyW(szBackupFile, szFileName);
}
if(MapFileExW(szBackupFile, UE_ACCESS_ALL, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL))

6
TitanEngine/TitanEngine.PE.cpp
View File

@ -60,7 +60,7 @@ __declspec(dllexport) bool TITCALL PastePEHeaderW(HANDLE hProcess, LPVOID ImageB
{
PEHeader32 = (PIMAGE_NT_HEADERS32)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
PEHeader64 = (PIMAGE_NT_HEADERS64)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
CalculatedHeaderSize = DOSHeader->e_lfanew + sizeof IMAGE_DOS_HEADER + sizeof IMAGE_NT_HEADERS64;
CalculatedHeaderSize = DOSHeader->e_lfanew + sizeof(IMAGE_DOS_HEADER) + sizeof(IMAGE_NT_HEADERS64);
if(CalculatedHeaderSize > 0x1000)
{
SetFilePointer(hFile, NULL, NULL, FILE_BEGIN);
@ -73,7 +73,7 @@ __declspec(dllexport) bool TITCALL PastePEHeaderW(HANDLE hProcess, LPVOID ImageB
}
if(PEHeader32->OptionalHeader.Magic == 0x10B)
{
if(ReadProcessMemory(hProcess, (LPVOID)((ULONG_PTR)ImageBase + DOSHeader->e_lfanew), &RemotePEHeader32, sizeof IMAGE_NT_HEADERS32, &ueNumberOfBytesRead))
if(ReadProcessMemory(hProcess, (LPVOID)((ULONG_PTR)ImageBase + DOSHeader->e_lfanew), &RemotePEHeader32, sizeof(IMAGE_NT_HEADERS32), &ueNumberOfBytesRead))
{
PEHeaderSize = PEHeader32->FileHeader.NumberOfSections * IMAGE_SIZEOF_SECTION_HEADER + PEHeader32->FileHeader.SizeOfOptionalHeader + sizeof(IMAGE_FILE_HEADER) + 4;
FileIs64 = false;
@ -81,7 +81,7 @@ __declspec(dllexport) bool TITCALL PastePEHeaderW(HANDLE hProcess, LPVOID ImageB
}
else if(PEHeader32->OptionalHeader.Magic == 0x20B)
{
if(ReadProcessMemory(hProcess, (LPVOID)((ULONG_PTR)ImageBase + DOSHeader->e_lfanew), &RemotePEHeader64, sizeof IMAGE_NT_HEADERS32, &ueNumberOfBytesRead))
if(ReadProcessMemory(hProcess, (LPVOID)((ULONG_PTR)ImageBase + DOSHeader->e_lfanew), &RemotePEHeader64, sizeof(IMAGE_NT_HEADERS32), &ueNumberOfBytesRead))
{
PEHeaderSize = PEHeader64->FileHeader.NumberOfSections * IMAGE_SIZEOF_SECTION_HEADER + PEHeader64->FileHeader.SizeOfOptionalHeader + sizeof(IMAGE_FILE_HEADER) + 4;
FileIs64 = true;

8
TitanEngine/TitanEngine.Realigner.cpp
View File

@ -250,17 +250,17 @@ __declspec(dllexport) long TITCALL RealignPEExW(wchar_t* szFileName, DWORD Reali
HANDLE FileMap;
ULONG_PTR FileMapVA;
if(engineBackupForCriticalFunctions && CreateGarbageItem(&szBackupItem, sizeof szBackupItem))
if(engineBackupForCriticalFunctions && CreateGarbageItem(&szBackupItem, sizeof(szBackupItem)))
{
if(!FillGarbageItem(szBackupItem, szFileName, &szBackupFile, sizeof szBackupItem))
if(!FillGarbageItem(szBackupItem, szFileName, &szBackupFile, sizeof(szBackupItem)))
{
RtlZeroMemory(&szBackupItem, sizeof szBackupItem);
RtlZeroMemory(&szBackupItem, sizeof(szBackupItem));
lstrcpyW(szBackupFile, szFileName);
}
}
else
{
RtlZeroMemory(&szBackupItem, sizeof szBackupItem);
RtlZeroMemory(&szBackupItem, sizeof(szBackupItem));
lstrcpyW(szBackupFile, szFileName);
}
if(MapFileExW(szBackupFile, UE_ACCESS_ALL, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL))

26
TitanEngine/TitanEngine.Relocator.cpp
View File

@ -48,7 +48,7 @@ __declspec(dllexport) void TITCALL RelocaterAddNewRelocation(HANDLE hProcess, UL
DWORD CompareDummy = NULL;
DWORD CopyDummy = NULL;
VirtualQueryEx(hProcess, (LPVOID)RelocateAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
VirtualQueryEx(hProcess, (LPVOID)RelocateAddress, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION));
if(MemInfo.BaseAddress != RelocationLastPage || RelocationLastPage == NULL)
{
RelocationLastPage = MemInfo.BaseAddress;
@ -243,7 +243,7 @@ __declspec(dllexport) bool TITCALL RelocaterGrabRelocationTable(HANDLE hProcess,
if(RelocationData != NULL)
{
VirtualQueryEx(hProcess, (LPVOID)MemoryStart, &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
VirtualQueryEx(hProcess, (LPVOID)MemoryStart, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION));
OldProtect = MemInfo.Protect;
VirtualProtectEx(hProcess, (LPVOID)MemoryStart, MemorySize, PAGE_EXECUTE_READWRITE, &OldProtect);
if(ReadProcessMemory(hProcess, (LPVOID)MemoryStart, RelocationData, MemorySize, &ueNumberOfBytesRead))
@ -271,9 +271,9 @@ __declspec(dllexport) bool TITCALL RelocaterGrabRelocationTableEx(HANDLE hProces
if(RelocationData != NULL)
{
VirtualQueryEx(hProcess, (LPVOID)MemoryStart, &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
VirtualQueryEx(hProcess, (LPVOID)MemoryStart, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION));
OldProtect = MemInfo.Protect;
VirtualQueryEx(hProcess, (LPVOID)MemInfo.BaseAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
VirtualQueryEx(hProcess, (LPVOID)MemInfo.BaseAddress, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION));
if(MemInfo.RegionSize < MemorySize || MemorySize == NULL)
{
MemorySize = MemInfo.RegionSize;
@ -382,7 +382,7 @@ __declspec(dllexport) bool TITCALL RelocaterCompareTwoSnapshotsW(HANDLE hProcess
{
if(memcmp(Search1, Search2, 1) != 0)
{
i = sizeof HANDLE;
i = sizeof(HANDLE);
RelativeBase = NULL;
bkSearch1 = Search1;
bkSearch2 = Search2;
@ -395,7 +395,7 @@ __declspec(dllexport) bool TITCALL RelocaterCompareTwoSnapshotsW(HANDLE hProcess
}
while(i > NULL && RelativeBase == NULL)
{
RtlMoveMemory(&ReadData, Search2, sizeof HANDLE);
RtlMoveMemory(&ReadData, Search2, sizeof(HANDLE));
if(ReadData >= LoadedImageBase && ReadData <= NtSizeOfImage)
{
RelativeBase++;
@ -417,9 +417,9 @@ __declspec(dllexport) bool TITCALL RelocaterCompareTwoSnapshotsW(HANDLE hProcess
else
{
RelocaterAddNewRelocation(hProcess, MemStart + ((ULONG_PTR)Search2 - (ULONG_PTR)FileMapVA2), NULL);
Search1 = (LPVOID)((ULONG_PTR)Search1 + sizeof HANDLE - 1);
Search2 = (LPVOID)((ULONG_PTR)Search2 + sizeof HANDLE - 1);
SearchSize = SearchSize - sizeof HANDLE + 1;
Search1 = (LPVOID)((ULONG_PTR)Search1 + sizeof(HANDLE) - 1);
Search2 = (LPVOID)((ULONG_PTR)Search2 + sizeof(HANDLE) - 1);
SearchSize = SearchSize - sizeof(HANDLE) + 1;
}
}
Search1 = (LPVOID)((ULONG_PTR)Search1 + 1);
@ -482,17 +482,17 @@ __declspec(dllexport) bool TITCALL RelocaterChangeFileBaseW(wchar_t* szFileName,
wchar_t szBackupFile[MAX_PATH] = {};
wchar_t szBackupItem[MAX_PATH] = {};
if(engineBackupForCriticalFunctions && CreateGarbageItem(&szBackupItem, sizeof szBackupItem))
if(engineBackupForCriticalFunctions && CreateGarbageItem(&szBackupItem, sizeof(szBackupItem)))
{
if(!FillGarbageItem(szBackupItem, szFileName, &szBackupFile, sizeof szBackupItem))
if(!FillGarbageItem(szBackupItem, szFileName, &szBackupFile, sizeof(szBackupItem)))
{
RtlZeroMemory(&szBackupItem, sizeof szBackupItem);
RtlZeroMemory(&szBackupItem, sizeof(szBackupItem));
lstrcpyW(szBackupFile, szFileName);
}
}
else
{
RtlZeroMemory(&szBackupItem, sizeof szBackupItem);
RtlZeroMemory(&szBackupItem, sizeof(szBackupItem));
lstrcpyW(szBackupFile, szFileName);
}
if(MapFileExW(szBackupFile, UE_ACCESS_ALL, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL))

28
TitanEngine/TitanEngine.Resourcer.cpp
View File

@ -181,13 +181,13 @@ __declspec(dllexport) bool TITCALL ResourcerFindResourceEx(ULONG_PTR FileMapVA,
PEResource = (PIMAGE_RESOURCE_DIRECTORY)(ConvertVAtoFileOffsetEx(FileMapVA, FileSize, (ULONG_PTR)GetPE32DataFromMappedFile(FileMapVA, NULL, UE_IMAGEBASE), (ULONG_PTR)GetPE32DataFromMappedFile(FileMapVA, NULL, UE_RESOURCETABLEADDRESS), true, true));
if(PEResource != NULL)
{
PEResourceDir = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PEResource + sizeof IMAGE_RESOURCE_DIRECTORY);
PEResourceDir = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PEResource + sizeof(IMAGE_RESOURCE_DIRECTORY));
i = PEResource->NumberOfIdEntries + PEResource->NumberOfNamedEntries;
PEResourcePtr = PEResource;
while(i > NULL)
{
PESubResourcePtr1 = (PIMAGE_RESOURCE_DIRECTORY)((ULONG_PTR)PEResourcePtr + (PEResourceDir->OffsetToData ^ IMAGE_RESOURCE_DATA_IS_DIRECTORY));
PEResourceDir1 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PESubResourcePtr1 + sizeof IMAGE_RESOURCE_DIRECTORY);
PEResourceDir1 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PESubResourcePtr1 + sizeof(IMAGE_RESOURCE_DIRECTORY));
j = PESubResourcePtr1->NumberOfIdEntries + PESubResourcePtr1->NumberOfNamedEntries;
uniResourceType = (wchar_t*)((ULONG_PTR)PEResourcePtr + PEResourceDir->NameOffset);
if(((bool)PEResourceDir->NameIsString == true && EngineCompareResourceString(uniResourceType, szResourceType) == true) || ((bool)PEResourceDir->NameIsString == false && PEResourceDir->Id == ResourceType))
@ -195,7 +195,7 @@ __declspec(dllexport) bool TITCALL ResourcerFindResourceEx(ULONG_PTR FileMapVA,
while(j > NULL)
{
PESubResourcePtr2 = (PIMAGE_RESOURCE_DIRECTORY)((ULONG_PTR)PEResourcePtr + (PEResourceDir1->OffsetToData ^ IMAGE_RESOURCE_DATA_IS_DIRECTORY));
PEResourceDir2 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PESubResourcePtr2 + sizeof IMAGE_RESOURCE_DIRECTORY);
PEResourceDir2 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PESubResourcePtr2 + sizeof(IMAGE_RESOURCE_DIRECTORY));
n = PESubResourcePtr2->NumberOfIdEntries + PESubResourcePtr2->NumberOfNamedEntries;
uniResourceName = (wchar_t*)((ULONG_PTR)PEResourcePtr + PEResourceDir1->NameOffset);
if(((bool)PEResourceDir1->NameIsString == true && EngineCompareResourceString(uniResourceName, szResourceName) == true) || ((bool)PEResourceDir1->NameIsString == false && PEResourceDir1->Id == ResourceName))
@ -209,23 +209,23 @@ __declspec(dllexport) bool TITCALL ResourcerFindResourceEx(ULONG_PTR FileMapVA,
*pResourceSize = PEResourceItem->Size;
return true;
}
PEResourceDir2 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PEResourceDir2 + sizeof IMAGE_RESOURCE_DIRECTORY_ENTRY);
PEResourceDir2 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PEResourceDir2 + sizeof(IMAGE_RESOURCE_DIRECTORY_ENTRY));
n--;
}
}
else
{
PEResourceDir2 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PEResourceDir2 + sizeof IMAGE_RESOURCE_DIRECTORY_ENTRY * n);
PEResourceDir2 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PEResourceDir2 + sizeof(IMAGE_RESOURCE_DIRECTORY_ENTRY) * n);
}
PEResourceDir1 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PEResourceDir1 + sizeof IMAGE_RESOURCE_DIRECTORY_ENTRY);
PEResourceDir1 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PEResourceDir1 + sizeof(IMAGE_RESOURCE_DIRECTORY_ENTRY));
j--;
}
}
else
{
PEResourceDir1 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PEResourceDir1 + sizeof IMAGE_RESOURCE_DIRECTORY_ENTRY * j);
PEResourceDir1 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PEResourceDir1 + sizeof(IMAGE_RESOURCE_DIRECTORY_ENTRY) * j);
}
PEResourceDir = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PEResourceDir + sizeof IMAGE_RESOURCE_DIRECTORY_ENTRY);
PEResourceDir = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PEResourceDir + sizeof(IMAGE_RESOURCE_DIRECTORY_ENTRY));
i--;
}
}
@ -295,18 +295,18 @@ __declspec(dllexport) void TITCALL ResourcerEnumerateResourceEx(ULONG_PTR FileMa
PEResource = (PIMAGE_RESOURCE_DIRECTORY)(ConvertVAtoFileOffsetEx(FileMapVA, FileSize, (ULONG_PTR)GetPE32DataFromMappedFile(FileMapVA, NULL, UE_IMAGEBASE), (ULONG_PTR)GetPE32DataFromMappedFile(FileMapVA, NULL, UE_RESOURCETABLEADDRESS), true, true));
if(PEResource != NULL)
{
PEResourceDir = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PEResource + sizeof IMAGE_RESOURCE_DIRECTORY);
PEResourceDir = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PEResource + sizeof(IMAGE_RESOURCE_DIRECTORY));
i = PEResource->NumberOfIdEntries + PEResource->NumberOfNamedEntries;
PEResourcePtr = PEResource;
while(i > NULL)
{
PESubResourcePtr1 = (PIMAGE_RESOURCE_DIRECTORY)((ULONG_PTR)PEResourcePtr + (PEResourceDir->OffsetToData ^ IMAGE_RESOURCE_DATA_IS_DIRECTORY));
PEResourceDir1 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PESubResourcePtr1 + sizeof IMAGE_RESOURCE_DIRECTORY);
PEResourceDir1 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PESubResourcePtr1 + sizeof(IMAGE_RESOURCE_DIRECTORY));
j = PESubResourcePtr1->NumberOfIdEntries + PESubResourcePtr1->NumberOfNamedEntries;
while(j > NULL)
{
PESubResourcePtr2 = (PIMAGE_RESOURCE_DIRECTORY)((ULONG_PTR)PEResourcePtr + (PEResourceDir1->OffsetToData ^ IMAGE_RESOURCE_DATA_IS_DIRECTORY));
PEResourceDir2 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PESubResourcePtr2 + sizeof IMAGE_RESOURCE_DIRECTORY);
PEResourceDir2 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PESubResourcePtr2 + sizeof(IMAGE_RESOURCE_DIRECTORY));
n = PESubResourcePtr2->NumberOfIdEntries + PESubResourcePtr2->NumberOfNamedEntries;
while(n > NULL)
{
@ -337,13 +337,13 @@ __declspec(dllexport) void TITCALL ResourcerEnumerateResourceEx(ULONG_PTR FileMa
{
return;
}
PEResourceDir2 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PEResourceDir2 + sizeof IMAGE_RESOURCE_DIRECTORY_ENTRY);
PEResourceDir2 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PEResourceDir2 + sizeof(IMAGE_RESOURCE_DIRECTORY_ENTRY));
n--;
}
PEResourceDir1 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PEResourceDir1 + sizeof IMAGE_RESOURCE_DIRECTORY_ENTRY);
PEResourceDir1 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PEResourceDir1 + sizeof(IMAGE_RESOURCE_DIRECTORY_ENTRY));
j--;
}
PEResourceDir = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PEResourceDir + sizeof IMAGE_RESOURCE_DIRECTORY_ENTRY);
PEResourceDir = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PEResourceDir + sizeof(IMAGE_RESOURCE_DIRECTORY_ENTRY));
i--;
}
}

10
TitanEngine/TitanEngine.Static.cpp
View File

@ -89,7 +89,11 @@ __declspec(dllexport) bool TITCALL StaticFileUnloadW(wchar_t* szFileName, bool C
if(FileHandle != NULL && FileMap != NULL)
{
UnMapFileEx(FileHandle, LoadedSize, FileMap, FileMapVA);
// HACK: compatibility with x64dbg
if(FileHandle != (HANDLE)-1)
{
UnMapFileEx(FileHandle, LoadedSize, FileMap, FileMapVA);
}
return true;
}
@ -882,7 +886,7 @@ __declspec(dllexport) bool TITCALL StaticHashMemory(void* MemoryToHash, DWORD Si
}
else
{
RtlMoveMemory(HashDigest, &crc32, sizeof crc32);
RtlMoveMemory(HashDigest, &crc32, sizeof(crc32));
}
return true;
@ -1094,7 +1098,7 @@ __declspec(dllexport) bool TITCALL StaticHashFileW(wchar_t* szFileName, char* Ha
}
else
{
RtlMoveMemory(HashDigest, &crc32, sizeof crc32);
RtlMoveMemory(HashDigest, &crc32, sizeof(crc32));
}
CloseHandle(hFile);

50
TitanEngine/TitanEngine.TLS.cpp
View File

@ -80,14 +80,14 @@ __declspec(dllexport) bool TITCALL TLSGrabCallBackDataW(wchar_t* szFileName, LPV
ULONG_PTR TLSCallBackAddress = (ULONG_PTR)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)TLSDirectoryX86->AddressOfCallBacks, true);
if(TLSCallBackAddress)
{
while(memcmp((LPVOID)TLSCallBackAddress, &TLSCompareData, sizeof ULONG_PTR) != NULL)
while(memcmp((LPVOID)TLSCallBackAddress, &TLSCompareData, sizeof(ULONG_PTR)) != NULL)
{
if(ArrayOfCallBacks)
{
RtlMoveMemory(ArrayOfCallBacks, (LPVOID)TLSCallBackAddress, sizeof ULONG_PTR);
ArrayOfCallBacks = (LPVOID)((ULONG_PTR)ArrayOfCallBacks + sizeof ULONG_PTR);
RtlMoveMemory(ArrayOfCallBacks, (LPVOID)TLSCallBackAddress, sizeof(ULONG_PTR));
ArrayOfCallBacks = (LPVOID)((ULONG_PTR)ArrayOfCallBacks + sizeof(ULONG_PTR));
}
TLSCallBackAddress = TLSCallBackAddress + sizeof ULONG_PTR;
TLSCallBackAddress = TLSCallBackAddress + sizeof(ULONG_PTR);
NumberOfTLSCallBacks++;
}
if(NumberOfCallBacks)
@ -131,14 +131,14 @@ __declspec(dllexport) bool TITCALL TLSGrabCallBackDataW(wchar_t* szFileName, LPV
ULONG_PTR TLSCallBackAddress = (ULONG_PTR)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)TLSDirectoryX64->AddressOfCallBacks, true);
if(TLSCallBackAddress)
{
while(memcmp((LPVOID)TLSCallBackAddress, &TLSCompareData, sizeof ULONG_PTR) != NULL)
while(memcmp((LPVOID)TLSCallBackAddress, &TLSCompareData, sizeof(ULONG_PTR)) != NULL)
{
if(ArrayOfCallBacks)
{
RtlMoveMemory(ArrayOfCallBacks, (LPVOID)TLSCallBackAddress, sizeof ULONG_PTR);
ArrayOfCallBacks = (LPVOID)((ULONG_PTR)ArrayOfCallBacks + sizeof ULONG_PTR);
RtlMoveMemory(ArrayOfCallBacks, (LPVOID)TLSCallBackAddress, sizeof(ULONG_PTR));
ArrayOfCallBacks = (LPVOID)((ULONG_PTR)ArrayOfCallBacks + sizeof(ULONG_PTR));
}
TLSCallBackAddress = TLSCallBackAddress + sizeof ULONG_PTR;
TLSCallBackAddress = TLSCallBackAddress + sizeof(ULONG_PTR);
NumberOfTLSCallBacks++;
}
if(NumberOfCallBacks)
@ -367,7 +367,7 @@ __declspec(dllexport) bool TITCALL TLSRemoveTableW(wchar_t* szFileName)
PIMAGE_TLS_DIRECTORY32 TLSDirectoryX86 = (PIMAGE_TLS_DIRECTORY32)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)TLSDirectoryAddress, true);
PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress = NULL;
PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].Size = NULL;
RtlZeroMemory(TLSDirectoryX86, sizeof IMAGE_TLS_DIRECTORY32);
RtlZeroMemory(TLSDirectoryX86, sizeof(IMAGE_TLS_DIRECTORY32));
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return true;
}
@ -393,7 +393,7 @@ __declspec(dllexport) bool TITCALL TLSRemoveTableW(wchar_t* szFileName)
PIMAGE_TLS_DIRECTORY64 TLSDirectoryX64 = (PIMAGE_TLS_DIRECTORY64)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)TLSDirectoryAddress, true);
PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress = NULL;
PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].Size = NULL;
RtlZeroMemory(TLSDirectoryX64, sizeof IMAGE_TLS_DIRECTORY64);
RtlZeroMemory(TLSDirectoryX64, sizeof(IMAGE_TLS_DIRECTORY64));
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return true;
}
@ -443,8 +443,8 @@ __declspec(dllexport) bool TITCALL TLSBackupDataW(wchar_t* szFileName)
{
DWORD NumberOfTLSCallBacks = NULL;
engineBackupTLSAddress = NULL;
RtlZeroMemory(&engineBackupTLSDataX86, sizeof IMAGE_TLS_DIRECTORY32);
RtlZeroMemory(&engineBackupTLSDataX64, sizeof IMAGE_TLS_DIRECTORY64);
RtlZeroMemory(&engineBackupTLSDataX86, sizeof(IMAGE_TLS_DIRECTORY32));
RtlZeroMemory(&engineBackupTLSDataX64, sizeof(IMAGE_TLS_DIRECTORY64));
ClearTlsVector(&engineBackupArrayOfCallBacks); //clear backup array
std::vector<ULONG_PTR>* ArrayOfCallBacks = &engineBackupArrayOfCallBacks;
@ -476,12 +476,12 @@ __declspec(dllexport) bool TITCALL TLSBackupDataW(wchar_t* szFileName)
engineBackupTLSAddress = PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress;
ULONG_PTR TLSDirectoryAddress = (ULONG_PTR)((ULONG_PTR)PEHeader32->OptionalHeader.ImageBase + PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress);
PIMAGE_TLS_DIRECTORY32 TLSDirectoryX86 = (PIMAGE_TLS_DIRECTORY32)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)TLSDirectoryAddress, true);
RtlMoveMemory(&engineBackupTLSDataX86, (LPVOID)TLSDirectoryX86, sizeof IMAGE_TLS_DIRECTORY32);
RtlMoveMemory(&engineBackupTLSDataX86, (LPVOID)TLSDirectoryX86, sizeof(IMAGE_TLS_DIRECTORY32));
if(TLSDirectoryX86->AddressOfCallBacks != NULL)
{
ULONG_PTR TLSCompareData = 0;
ULONG_PTR* TLSCallBackAddress = (ULONG_PTR*)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)TLSDirectoryX86->AddressOfCallBacks, true);
while(memcmp((LPVOID)TLSCallBackAddress, &TLSCompareData, sizeof ULONG_PTR) != NULL)
while(memcmp((LPVOID)TLSCallBackAddress, &TLSCompareData, sizeof(ULONG_PTR)) != NULL)
{
ArrayOfCallBacks->push_back(*TLSCallBackAddress);
TLSCallBackAddress++; //next callback
@ -522,12 +522,12 @@ __declspec(dllexport) bool TITCALL TLSBackupDataW(wchar_t* szFileName)
engineBackupTLSAddress = PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress;
ULONG_PTR TLSDirectoryAddress = (ULONG_PTR)((ULONG_PTR)PEHeader64->OptionalHeader.ImageBase + PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress);
PIMAGE_TLS_DIRECTORY64 TLSDirectoryX64 = (PIMAGE_TLS_DIRECTORY64)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)TLSDirectoryAddress, true);
RtlMoveMemory(&engineBackupTLSDataX64, (LPVOID)TLSDirectoryX64, sizeof IMAGE_TLS_DIRECTORY64);
RtlMoveMemory(&engineBackupTLSDataX64, (LPVOID)TLSDirectoryX64, sizeof(IMAGE_TLS_DIRECTORY64));
if(TLSDirectoryX64->AddressOfCallBacks != NULL)
{
ULONG_PTR TLSCompareData = 0;
ULONG_PTR* TLSCallBackAddress = (ULONG_PTR*)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)TLSDirectoryX64->AddressOfCallBacks, true);
while(memcmp((LPVOID)TLSCallBackAddress, &TLSCompareData, sizeof ULONG_PTR) != NULL)
while(memcmp((LPVOID)TLSCallBackAddress, &TLSCompareData, sizeof(ULONG_PTR)) != NULL)
{
ArrayOfCallBacks->push_back(*TLSCallBackAddress);
TLSCallBackAddress++; //next callback
@ -575,7 +575,7 @@ __declspec(dllexport) bool TITCALL TLSRestoreData()
{
if(engineBackupTLSx64)
{
if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)(engineBackupTLSAddress + GetDebuggedFileBaseAddress()), &engineBackupTLSDataX64, sizeof IMAGE_TLS_DIRECTORY64, &ueNumberOfBytesRead))
if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)(engineBackupTLSAddress + GetDebuggedFileBaseAddress()), &engineBackupTLSDataX64, sizeof(IMAGE_TLS_DIRECTORY64), &ueNumberOfBytesRead))
{
if(engineBackupTLSDataX64.AddressOfCallBacks != NULL && engineBackupNumberOfCallBacks != NULL)
{
@ -598,7 +598,7 @@ __declspec(dllexport) bool TITCALL TLSRestoreData()
}
else
{
if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)(engineBackupTLSAddress + GetDebuggedFileBaseAddress()), &engineBackupTLSDataX86, sizeof IMAGE_TLS_DIRECTORY32, &ueNumberOfBytesRead))
if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)(engineBackupTLSAddress + GetDebuggedFileBaseAddress()), &engineBackupTLSDataX86, sizeof(IMAGE_TLS_DIRECTORY32), &ueNumberOfBytesRead))
{
if(engineBackupTLSDataX86.AddressOfCallBacks != NULL && engineBackupNumberOfCallBacks != NULL)
{
@ -651,13 +651,13 @@ __declspec(dllexport) bool TITCALL TLSBuildNewTable(ULONG_PTR FileMapVA, ULONG_P
__try
{
PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress = (DWORD)StorePlaceRVA;
PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].Size = sizeof IMAGE_TLS_DIRECTORY32;
PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].Size = sizeof(IMAGE_TLS_DIRECTORY32);
PIMAGE_TLS_DIRECTORY32 TLSDirectoryX86 = (PIMAGE_TLS_DIRECTORY32)StorePlace;
TLSDirectoryX86->StartAddressOfRawData = (DWORD)TLSWriteData;
TLSDirectoryX86->EndAddressOfRawData = (DWORD)TLSWriteData + 0x10;
TLSDirectoryX86->AddressOfIndex = (DWORD)TLSWriteData + 0x14;
TLSDirectoryX86->AddressOfCallBacks = (DWORD)TLSWriteData + sizeof IMAGE_TLS_DIRECTORY32 + 8;
RtlMoveMemory((LPVOID)(StorePlace + sizeof IMAGE_TLS_DIRECTORY32 + 8), ArrayOfCallBacks, NumberOfCallBacks * 4);
TLSDirectoryX86->AddressOfCallBacks = (DWORD)TLSWriteData + sizeof(IMAGE_TLS_DIRECTORY32) + 8;
RtlMoveMemory((LPVOID)(StorePlace + sizeof(IMAGE_TLS_DIRECTORY32) + 8), ArrayOfCallBacks, NumberOfCallBacks * 4);
return true;
}
__except(EXCEPTION_EXECUTE_HANDLER)
@ -670,13 +670,13 @@ __declspec(dllexport) bool TITCALL TLSBuildNewTable(ULONG_PTR FileMapVA, ULONG_P
__try
{
PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress = (DWORD)StorePlaceRVA;
PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].Size = sizeof IMAGE_TLS_DIRECTORY64;
PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].Size = sizeof(IMAGE_TLS_DIRECTORY64);
PIMAGE_TLS_DIRECTORY64 TLSDirectoryX64 = (PIMAGE_TLS_DIRECTORY64)StorePlace;
TLSDirectoryX64->StartAddressOfRawData = TLSWriteData;
TLSDirectoryX64->EndAddressOfRawData = TLSWriteData + 0x20;
TLSDirectoryX64->AddressOfIndex = TLSWriteData + 0x28;
TLSDirectoryX64->AddressOfCallBacks = TLSWriteData + sizeof IMAGE_TLS_DIRECTORY64 + 12;
RtlMoveMemory((LPVOID)(StorePlace + sizeof IMAGE_TLS_DIRECTORY64 + 12), ArrayOfCallBacks, NumberOfCallBacks * 8);
TLSDirectoryX64->AddressOfCallBacks = TLSWriteData + sizeof(IMAGE_TLS_DIRECTORY64) + 12;
RtlMoveMemory((LPVOID)(StorePlace + sizeof(IMAGE_TLS_DIRECTORY64) + 12), ArrayOfCallBacks, NumberOfCallBacks * 8);
return true;
}
__except(EXCEPTION_EXECUTE_HANDLER)
@ -707,7 +707,7 @@ __declspec(dllexport) bool TITCALL TLSBuildNewTableEx(char* szFileName, char* sz
__declspec(dllexport) bool TITCALL TLSBuildNewTableExW(wchar_t* szFileName, char* szSectionName, LPVOID ArrayOfCallBacks, DWORD NumberOfCallBacks)
{
ULONG_PTR tlsImageBase = (ULONG_PTR)GetPE32DataW(szFileName, NULL, UE_IMAGEBASE);
DWORD NewSectionVO = AddNewSectionW(szFileName, szSectionName, sizeof IMAGE_TLS_DIRECTORY64 * 2);
DWORD NewSectionVO = AddNewSectionW(szFileName, szSectionName, sizeof(IMAGE_TLS_DIRECTORY64) * 2);
HANDLE FileHandle;
DWORD FileSize;
HANDLE FileMap;

18
TitanEngine/TitanEngine.Tracer.cpp
View File

@ -33,7 +33,7 @@ static ULONG_PTR EngineGlobalTracerHandler1(HANDLE hProcess, ULONG_PTR AddressTo
bool SkipHashing = false;
BYTE EmptyCall[5] = {0xE8, 0x00, 0x00, 0x00, 0x00};
if(VirtualQueryEx(hProcess, (LPVOID)AddressToTrace, &MemInfo, sizeof MEMORY_BASIC_INFORMATION) != NULL)
if(VirtualQueryEx(hProcess, (LPVOID)AddressToTrace, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION)) != NULL)
{
if(MemInfo.RegionSize > NULL)
{
@ -640,8 +640,8 @@ __declspec(dllexport) ULONG_PTR TITCALL HashTracerLevel1(HANDLE hProcess, ULONG_
if(!FoundAPI)
{
DOSHeader = (PIMAGE_DOS_HEADER)LoadedModules[i][1];
RtlZeroMemory(&RemoteModuleInfo, sizeof MODULEINFO);
GetModuleInformation(hProcess, (HMODULE)LoadedModules[i][1], &RemoteModuleInfo, sizeof MODULEINFO);
RtlZeroMemory(&RemoteModuleInfo, sizeof(MODULEINFO));
GetModuleInformation(hProcess, (HMODULE)LoadedModules[i][1], &RemoteModuleInfo, sizeof(MODULEINFO));
if(ValidateHeader || EngineValidateHeader((ULONG_PTR)LoadedModules[i][1], hProcess, RemoteModuleInfo.lpBaseOfDll, DOSHeader, false))
{
PEHeader32 = (PIMAGE_NT_HEADERS32)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
@ -719,7 +719,7 @@ __declspec(dllexport) long TITCALL TracerDetectRedirection(HANDLE hProcess, ULON
LPVOID TraceMemory;
bool HashCheck = false;
VirtualQueryEx(hProcess, (LPVOID)AddressToTrace, &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
VirtualQueryEx(hProcess, (LPVOID)AddressToTrace, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION));
if(MemInfo.RegionSize > NULL)
{
MaximumReadSize = (DWORD)((ULONG_PTR)MemInfo.AllocationBase + MemInfo.RegionSize - AddressToTrace);
@ -732,7 +732,7 @@ __declspec(dllexport) long TITCALL TracerDetectRedirection(HANDLE hProcess, ULON
{
HashCheck = true;
}
if(sizeof HANDLE == 4)
if(sizeof(HANDLE) == 4)
{
TraceMemory = tracemem.Allocate(MaximumReadSize);
if(!TraceMemory)
@ -1126,7 +1126,7 @@ __declspec(dllexport) ULONG_PTR TITCALL TracerFixKnownRedirection(HANDLE hProces
DWORD MaximumReadSize = 0x1000;
cMem = (PMEMORY_CMP_HANDLER)TracerReadMemory;
VirtualQueryEx(hProcess, (LPVOID)AddressToTrace, &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
VirtualQueryEx(hProcess, (LPVOID)AddressToTrace, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION));
if(MemInfo.RegionSize > NULL)
{
MaximumReadSize = (DWORD)((ULONG_PTR)MemInfo.BaseAddress + MemInfo.RegionSize - AddressToTrace);
@ -1475,7 +1475,7 @@ __declspec(dllexport) long TITCALL TracerFixRedirectionViaImpRecPlugin(HANDLE hP
fImpRecTrace = fImpRecTrace - (ULONG_PTR)hImpRecModule;
remCodeData = VirtualAllocEx(hProcess, NULL, remInjectSize, MEM_COMMIT, PAGE_READWRITE);
remStringData = VirtualAllocEx(hProcess, NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE);
RtlZeroMemory(&APIData, sizeof InjectImpRecCodeData);
RtlZeroMemory(&APIData, sizeof(InjectImpRecCodeData));
APIData.fTrace = fImpRecTrace + (ULONG_PTR)ImporterGetRemoteDLLBase(hProcess, hImpRecModule);
APIData.AddressToTrace = (ULONG_PTR)TraceAddress;
APIData.fCreateFileA = (ULONG_PTR)ImporterGetRemoteAPIAddress(hProcess, (ULONG_PTR)GetProcAddress(GetModuleHandleA("kernel32.dll"), "CreateFileA"));
@ -1483,8 +1483,8 @@ __declspec(dllexport) long TITCALL TracerFixRedirectionViaImpRecPlugin(HANDLE hP
APIData.fCloseHandle = (ULONG_PTR)ImporterGetRemoteAPIAddress(hProcess, (ULONG_PTR)GetProcAddress(GetModuleHandleA("kernel32.dll"), "CloseHandle"));
if(WriteProcessMemory(hProcess, remCodeData, (LPCVOID)&injectedImpRec, remInjectSize, &NumberOfBytesWritten))
{
WriteProcessMemory(hProcess, remStringData, &APIData, sizeof InjectImpRecCodeData, &NumberOfBytesWritten);
WriteProcessMemory(hProcess, (LPVOID)((ULONG_PTR)remStringData + sizeof InjectImpRecCodeData), (LPCVOID)szGarbageFile, lstrlenA((LPSTR)szGarbageFile), &NumberOfBytesWritten);
WriteProcessMemory(hProcess, remStringData, &APIData, sizeof(InjectImpRecCodeData), &NumberOfBytesWritten);
WriteProcessMemory(hProcess, (LPVOID)((ULONG_PTR)remStringData + sizeof(InjectImpRecCodeData)), (LPCVOID)szGarbageFile, lstrlenA((LPSTR)szGarbageFile), &NumberOfBytesWritten);
hThread = CreateRemoteThread(hProcess, NULL, NULL, (LPTHREAD_START_ROUTINE)remCodeData, remStringData, CREATE_SUSPENDED, &ThreadId);
NtSetInformationThread(hThread, ThreadHideFromDebugger, NULL, NULL);

10
TitanEngine/definitions.h
View File

@ -43,9 +43,9 @@ __declspec(dllexport) bool TITCALL RemoveOverlayW(wchar_t* szFileName);
__declspec(dllexport) bool TITCALL MakeAllSectionsRWE(char* szFileName);
__declspec(dllexport) bool TITCALL MakeAllSectionsRWEW(wchar_t* szFileName);
__declspec(dllexport) long TITCALL AddNewSectionEx(char* szFileName, char* szSectionName, DWORD SectionSize, DWORD SectionAttributes, LPVOID SectionContent, DWORD ContentSize);
__declspec(dllexport) long TITCALL AddNewSectionExW(wchar_t* szFileName, char* szSectionName, DWORD SectionSize, DWORD SectionAttributes, LPVOID SectionContent, DWORD ContentSize);
__declspec(dllexport) long TITCALL AddNewSectionExW(wchar_t* szFileName, const char* szSectionName, DWORD SectionSize, DWORD SectionAttributes, LPVOID SectionContent, DWORD ContentSize);
__declspec(dllexport) long TITCALL AddNewSection(char* szFileName, char* szSectionName, DWORD SectionSize);
__declspec(dllexport) long TITCALL AddNewSectionW(wchar_t* szFileName, char* szSectionName, DWORD SectionSize);
__declspec(dllexport) long TITCALL AddNewSectionW(wchar_t* szFileName, const char* szSectionName, DWORD SectionSize);
__declspec(dllexport) bool TITCALL ResizeLastSection(char* szFileName, DWORD NumberOfExpandBytes, bool AlignResizeData);
__declspec(dllexport) bool TITCALL ResizeLastSectionW(wchar_t* szFileName, DWORD NumberOfExpandBytes, bool AlignResizeData);
__declspec(dllexport) void TITCALL SetSharedOverlay(char* szFileName);
@ -293,8 +293,8 @@ __declspec(dllexport) void TITCALL ImporterAutoSearchIAT(DWORD ProcessId, char*
__declspec(dllexport) void TITCALL ImporterAutoSearchIATW(DWORD ProcessIds, wchar_t* szFileName, ULONG_PTR SearchStart, LPVOID pIATStart, LPVOID pIATSize);
__declspec(dllexport) void TITCALL ImporterAutoSearchIATEx(DWORD ProcessId, ULONG_PTR ImageBase, ULONG_PTR SearchStart, LPVOID pIATStart, LPVOID pIATSize);
__declspec(dllexport) void TITCALL ImporterEnumAddedData(LPVOID EnumCallBack);
__declspec(dllexport) long TITCALL ImporterAutoFixIATEx(DWORD ProcessId, char* szDumpedFile, char* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, bool TryAutoFix, bool FixEliminations, LPVOID UnknownPointerFixCallback);
__declspec(dllexport) long TITCALL ImporterAutoFixIATExW(DWORD ProcessId, wchar_t* szDumpedFile, wchar_t* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, bool TryAutoFix, bool FixEliminations, LPVOID UnknownPointerFixCallback);
__declspec(dllexport) long TITCALL ImporterAutoFixIATEx(DWORD ProcessId, const char* szDumpedFile, const char* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, bool TryAutoFix, bool FixEliminations, LPVOID UnknownPointerFixCallback);
__declspec(dllexport) long TITCALL ImporterAutoFixIATExW(DWORD ProcessId, const wchar_t* szDumpedFile, const wchar_t* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, bool TryAutoFix, bool FixEliminations, LPVOID UnknownPointerFixCallback);
__declspec(dllexport) long TITCALL ImporterAutoFixIAT(DWORD ProcessId, char* szDumpedFile, ULONG_PTR SearchStart);
__declspec(dllexport) long TITCALL ImporterAutoFixIATW(DWORD ProcessId, wchar_t* szDumpedFile, ULONG_PTR SearchStart);
__declspec(dllexport) bool TITCALL ImporterDeleteAPI(DWORD_PTR apiAddr);
@ -337,7 +337,7 @@ __declspec(dllexport) long TITCALL ExporterGetAddedExportCount();
__declspec(dllexport) long TITCALL ExporterEstimatedSize();
__declspec(dllexport) bool TITCALL ExporterBuildExportTable(ULONG_PTR StorePlace, ULONG_PTR FileMapVA);
__declspec(dllexport) bool TITCALL ExporterBuildExportTableEx(char* szExportFileName, char* szSectionName);
__declspec(dllexport) bool TITCALL ExporterBuildExportTableExW(wchar_t* szExportFileName, char* szSectionName);
__declspec(dllexport) bool TITCALL ExporterBuildExportTableExW(wchar_t* szExportFileName, const char* szSectionName);
__declspec(dllexport) bool TITCALL ExporterLoadExportTable(char* szFileName);
__declspec(dllexport) bool TITCALL ExporterLoadExportTableW(wchar_t* szFileName);
// TitanEngine.Librarian.functions:

14
TitanEngine/stdafx.h
View File

@ -37,6 +37,20 @@
#define _Out_writes_opt_(x)
#endif
// Utility helpers for legacy TitanEngine callback APIs that use void* handles
// for callbacks while still allowing typed function pointer usage internally.
template<typename T>
static inline LPVOID CallbackToObjectPointer(T functionPointer)
{
return reinterpret_cast<LPVOID>(reinterpret_cast<ULONG_PTR>(functionPointer));
}
template<typename T>
static inline T ObjectPointerToCallback(LPVOID callbackData)
{
return reinterpret_cast<T>(reinterpret_cast<ULONG_PTR>(callbackData));
}
#ifndef _In_reads_
#define _In_reads_(x)
#endif

1
cmake.toml
View File

@ -17,6 +17,7 @@ sources = ["scylla_wrapper/*.cpp"]
headers = ["scylla_wrapper/*.h", "scylla_wrapper/include/*.h"]
link-libraries = ["::distorm"]
include-directories = ["scylla_wrapper/include"]
compile-features = ["cxx_std_11"]
[target.TitanEngine]
type = "shared"

2
scylla_wrapper/ApiReader.cpp
View File

@ -453,7 +453,7 @@ void ApiReader::findApiByModule(ModuleInfo* module, char* searchFunctionName, WO
{
if(ordinal)
{
*vaApi = (DWORD_PTR)GetProcAddress(hModule, (LPCSTR)ordinal);
*vaApi = (DWORD_PTR)GetProcAddress(hModule, (LPCSTR)MAKEINTRESOURCEA(ordinal));
}
else
{

2
scylla_wrapper/ImportRebuilder.cpp
View File

@ -185,7 +185,7 @@ bool ImportRebuilder::buildNewMappedImportTable(std::map<DWORD_PTR, ImportModule
}
//setFlagToIATSection
headerOffset += sizeof(IMAGE_SECTION_HEADER) * importSectionIndex;
headerOffset += (DWORD)(sizeof(IMAGE_SECTION_HEADER) * importSectionIndex);
PIMAGE_SECTION_HEADER pImportSection = (PIMAGE_SECTION_HEADER)(fileMapVA + headerOffset);
pImportSection->Characteristics |= IMAGE_SCN_MEM_READ | IMAGE_SCN_MEM_WRITE;

2
scylla_wrapper/ImportRebuilder.h
View File

@ -52,7 +52,7 @@ public:
int getIATSectionSize(std::map<DWORD_PTR, ImportModuleThunk> & moduleList)
{
this->calculateImportSizes(moduleList);
return this->sizeOfImportSection;
return (int)this->sizeOfImportSection;
} ;
IATReferenceScan* iatReferenceScan;

3
scylla_wrapper/PeParser.cpp
View File

@ -986,7 +986,8 @@ DWORD_PTR PeParser::getStandardImagebase()
}
else
{
return pNTHeader64->OptionalHeader.ImageBase;
// NOTE: this is broken, but code is never executed
return (DWORD_PTR)pNTHeader64->OptionalHeader.ImageBase;
}
}

16
scylla_wrapper/StringConversion.cpp
View File

@ -6,22 +6,14 @@
const char* StringConversion::ToASCII(const wchar_t* str, char* buf, size_t bufsize)
{
wcstombs(buf, str, bufsize);
/*
ATL::CW2A str_a = str;
strncpy_s(buf, bufsize, str_a, bufsize);
buf[bufsize - 1] = '\0';
*/
size_t charsConverted = 0;
wcstombs_s(&charsConverted, buf, bufsize, str, _TRUNCATE);
return buf;
}
const wchar_t* StringConversion::ToUTF16(const char* str, wchar_t* buf, size_t bufsize)
{
mbstowcs(buf, str, bufsize);
/*
ATL::CA2W str_w = str;
wcsncpy_s(buf, bufsize, str_w, bufsize);
buf[bufsize - 1] = L'\0';
*/
size_t charsConverted = 0;
mbstowcs_s(&charsConverted, buf, bufsize, str, _TRUNCATE);
return buf;
}

15
scylla_wrapper/SystemInformation.cpp
View File

@ -5,15 +5,17 @@ OPERATING_SYSTEM SystemInformation::currenOS = UNKNOWN_OS;
bool SystemInformation::getSystemInformation()
{
OSVERSIONINFOEX osvi = {0};
RTL_OSVERSIONINFOW osvi = {0};
osvi.dwOSVersionInfoSize = sizeof(RTL_OSVERSIONINFOW);
SYSTEM_INFO si = {0};
def_GetNativeSystemInfo _GetNativeSystemInfo = 0;
osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFOEX);
if(!GetVersionEx((OSVERSIONINFO*) &osvi))
{
typedef LONG (WINAPI* tRtlGetVersion)(PRTL_OSVERSIONINFOW);
tRtlGetVersion pRtlGetVersion = (tRtlGetVersion)GetProcAddress(GetModuleHandleW(L"ntdll.dll"), "RtlGetVersion");
if(!pRtlGetVersion)
return false;
if(pRtlGetVersion(&osvi) != 0)
return false;
}
if((osvi.dwMajorVersion < 5) || ((osvi.dwMajorVersion == 5) && (osvi.dwMinorVersion == 0)))
{
@ -33,6 +35,7 @@ bool SystemInformation::getSystemInformation()
bool isX64 = si.wProcessorArchitecture == PROCESSOR_ARCHITECTURE_AMD64;
bool isX86 = si.wProcessorArchitecture == PROCESSOR_ARCHITECTURE_INTEL;
DWORD major = osvi.dwMajorVersion;
DWORD minor = osvi.dwMinorVersion;

2
scylla_wrapper/scylla_wrapper.cpp
View File

@ -405,7 +405,7 @@ void scylla_enumImportTree(LPVOID enumCallback)
//module
myImportEnumData.NewDll = true;
myImportEnumData.NumberOfImports = moduleThunk.thunkList.size();
myImportEnumData.NumberOfImports = (int)moduleThunk.thunkList.size();
StringConversion::ToASCII(moduleThunk.moduleName, myImportEnumData.DLLName, sizeof(char)*MAX_PATH);
myImportEnumData.BaseImportThunk = moduleThunk.firstThunk;