From a62925db7a49e53961121be3ee319c5db0afccce Mon Sep 17 00:00:00 2001 From: Duncan Ogilvie Date: Sun, 12 Apr 2026 17:38:04 +0200 Subject: [PATCH] Make everything standards-compliant --- CMakeLists.txt | 4 + SDK/C/TitanEngine.h | 1131 ----------------- TitanEngine/Global.Debugger.cpp | 6 +- TitanEngine/Global.Engine.Hider.cpp | 16 +- TitanEngine/Global.Engine.cpp | 42 +- TitanEngine/Global.Engine.h | 2 +- TitanEngine/Global.Injector.cpp | 6 +- TitanEngine/Global.Mapping.cpp | 12 +- TitanEngine/Global.OEPFinder.cpp | 26 +- TitanEngine/TitanEngine.Breakpoints.cpp | 4 +- TitanEngine/TitanEngine.Debugger.Control.cpp | 4 +- .../TitanEngine.Debugger.DebugLoop.cpp | 16 +- TitanEngine/TitanEngine.Debugger.Helper.cpp | 34 +- TitanEngine/TitanEngine.Debugger.Memory.cpp | 12 +- TitanEngine/TitanEngine.Debugger.cpp | 34 +- TitanEngine/TitanEngine.Dumper.cpp | 2 +- .../TitanEngine.Engine.Simplification.cpp | 14 +- TitanEngine/TitanEngine.Engine.cpp | 8 +- TitanEngine/TitanEngine.Exporter.cpp | 10 +- TitanEngine/TitanEngine.Handler.cpp | 96 +- TitanEngine/TitanEngine.Hooks.cpp | 68 +- TitanEngine/TitanEngine.Importer.cpp | 22 +- TitanEngine/TitanEngine.Injector.cpp | 18 +- TitanEngine/TitanEngine.Librarian.cpp | 12 +- TitanEngine/TitanEngine.OEPFinder.cpp | 2 +- TitanEngine/TitanEngine.PE.Fixer.cpp | 44 +- TitanEngine/TitanEngine.PE.Section.cpp | 64 +- TitanEngine/TitanEngine.PE.cpp | 6 +- TitanEngine/TitanEngine.Realigner.cpp | 8 +- TitanEngine/TitanEngine.Relocator.cpp | 26 +- TitanEngine/TitanEngine.Resourcer.cpp | 28 +- TitanEngine/TitanEngine.Static.cpp | 10 +- TitanEngine/TitanEngine.TLS.cpp | 50 +- TitanEngine/TitanEngine.Tracer.cpp | 18 +- TitanEngine/definitions.h | 10 +- TitanEngine/stdafx.h | 14 + cmake.toml | 1 + scylla_wrapper/ApiReader.cpp | 2 +- scylla_wrapper/ImportRebuilder.cpp | 2 +- scylla_wrapper/ImportRebuilder.h | 2 +- scylla_wrapper/PeParser.cpp | 3 +- scylla_wrapper/StringConversion.cpp | 16 +- scylla_wrapper/SystemInformation.cpp | 15 +- scylla_wrapper/scylla_wrapper.cpp | 2 +- 44 files changed, 416 insertions(+), 1506 deletions(-) delete mode 100644 SDK/C/TitanEngine.h diff --git a/CMakeLists.txt b/CMakeLists.txt index ff9f016..325f6a8 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -99,6 +99,10 @@ add_library(scylla_wrapper STATIC) target_sources(scylla_wrapper PRIVATE ${scylla_wrapper_SOURCES}) source_group(TREE ${CMAKE_CURRENT_SOURCE_DIR} FILES ${scylla_wrapper_SOURCES}) +target_compile_features(scylla_wrapper PUBLIC + cxx_std_11 +) + target_include_directories(scylla_wrapper PUBLIC "scylla_wrapper/include" ) diff --git a/SDK/C/TitanEngine.h b/SDK/C/TitanEngine.h deleted file mode 100644 index 9c8b63a..0000000 --- a/SDK/C/TitanEngine.h +++ /dev/null @@ -1,1131 +0,0 @@ -#ifndef TITANENGINE -#define TITANENGINE - -#define TITCALL - -#if _MSC_VER > 1000 -#pragma once -#endif - -#include -#include - -#pragma pack(push, 1) - -// Global.Constant.Structure.Declaration: -// Engine.External: -#define UE_STRUCT_PE32STRUCT 1 -#define UE_STRUCT_PE64STRUCT 2 -#define UE_STRUCT_PESTRUCT 3 -#define UE_STRUCT_IMPORTENUMDATA 4 -#define UE_STRUCT_THREAD_ITEM_DATA 5 -#define UE_STRUCT_LIBRARY_ITEM_DATA 6 -#define UE_STRUCT_LIBRARY_ITEM_DATAW 7 -#define UE_STRUCT_PROCESS_ITEM_DATA 8 -#define UE_STRUCT_HANDLERARRAY 9 -#define UE_STRUCT_PLUGININFORMATION 10 -#define UE_STRUCT_HOOK_ENTRY 11 -#define UE_STRUCT_FILE_STATUS_INFO 12 -#define UE_STRUCT_FILE_FIX_INFO 13 -#define UE_STRUCT_X87FPUREGISTER 14 -#define UE_STRUCT_X87FPU 15 -#define UE_STRUCT_TITAN_ENGINE_CONTEXT 16 - -#define UE_ACCESS_READ 0 -#define UE_ACCESS_WRITE 1 -#define UE_ACCESS_ALL 2 - -#define UE_HIDE_PEBONLY 0 -#define UE_HIDE_BASIC 1 - -#define UE_PLUGIN_CALL_REASON_PREDEBUG 1 -#define UE_PLUGIN_CALL_REASON_EXCEPTION 2 -#define UE_PLUGIN_CALL_REASON_POSTDEBUG 3 -#define UE_PLUGIN_CALL_REASON_UNHANDLEDEXCEPTION 4 - -#define TEE_HOOK_NRM_JUMP 1 -#define TEE_HOOK_NRM_CALL 3 -#define TEE_HOOK_IAT 5 - -#define UE_ENGINE_ALOW_MODULE_LOADING 1 -#define UE_ENGINE_AUTOFIX_FORWARDERS 2 -#define UE_ENGINE_PASS_ALL_EXCEPTIONS 3 -#define UE_ENGINE_NO_CONSOLE_WINDOW 4 -#define UE_ENGINE_BACKUP_FOR_CRITICAL_FUNCTIONS 5 -#define UE_ENGINE_CALL_PLUGIN_CALLBACK 6 -#define UE_ENGINE_RESET_CUSTOM_HANDLER 7 -#define UE_ENGINE_CALL_PLUGIN_DEBUG_CALLBACK 8 -#define UE_ENGINE_SET_DEBUG_PRIVILEGE 9 -#define UE_ENGINE_SAFE_ATTACH 10 -#define UE_ENGINE_MEMBP_ALT 11 -#define UE_ENGINE_DISABLE_ASLR 12 -#define UE_ENGINE_SAFE_STEP 13 - -#define UE_OPTION_REMOVEALL 1 -#define UE_OPTION_DISABLEALL 2 -#define UE_OPTION_REMOVEALLDISABLED 3 -#define UE_OPTION_REMOVEALLENABLED 4 - -#define UE_STATIC_DECRYPTOR_XOR 1 -#define UE_STATIC_DECRYPTOR_SUB 2 -#define UE_STATIC_DECRYPTOR_ADD 3 - -#define UE_STATIC_DECRYPTOR_FOREWARD 1 -#define UE_STATIC_DECRYPTOR_BACKWARD 2 - -#define UE_STATIC_KEY_SIZE_1 1 -#define UE_STATIC_KEY_SIZE_2 2 -#define UE_STATIC_KEY_SIZE_4 4 -#define UE_STATIC_KEY_SIZE_8 8 - -#define UE_STATIC_APLIB 1 -#define UE_STATIC_APLIB_DEPACK 2 -#define UE_STATIC_LZMA 3 - -#define UE_STATIC_HASH_MD5 1 -#define UE_STATIC_HASH_SHA1 2 -#define UE_STATIC_HASH_CRC32 3 - -#define UE_RESOURCE_LANGUAGE_ANY -1 - -#define UE_PE_OFFSET 0 -#define UE_IMAGEBASE 1 -#define UE_OEP 2 -#define UE_SIZEOFIMAGE 3 -#define UE_SIZEOFHEADERS 4 -#define UE_SIZEOFOPTIONALHEADER 5 -#define UE_SECTIONALIGNMENT 6 -#define UE_IMPORTTABLEADDRESS 7 -#define UE_IMPORTTABLESIZE 8 -#define UE_RESOURCETABLEADDRESS 9 -#define UE_RESOURCETABLESIZE 10 -#define UE_EXPORTTABLEADDRESS 11 -#define UE_EXPORTTABLESIZE 12 -#define UE_TLSTABLEADDRESS 13 -#define UE_TLSTABLESIZE 14 -#define UE_RELOCATIONTABLEADDRESS 15 -#define UE_RELOCATIONTABLESIZE 16 -#define UE_TIMEDATESTAMP 17 -#define UE_SECTIONNUMBER 18 -#define UE_CHECKSUM 19 -#define UE_SUBSYSTEM 20 -#define UE_CHARACTERISTICS 21 -#define UE_NUMBEROFRVAANDSIZES 22 -#define UE_BASEOFCODE 23 -#define UE_BASEOFDATA 24 -#define UE_DLLCHARACTERISTICS 25 -//leaving some enum space here for future additions -#define UE_SECTIONNAME 40 -#define UE_SECTIONVIRTUALOFFSET 41 -#define UE_SECTIONVIRTUALSIZE 42 -#define UE_SECTIONRAWOFFSET 43 -#define UE_SECTIONRAWSIZE 44 -#define UE_SECTIONFLAGS 45 - -#define UE_VANOTFOUND = -2; - -#define UE_CH_BREAKPOINT 1 -#define UE_CH_SINGLESTEP 2 -#define UE_CH_ACCESSVIOLATION 3 -#define UE_CH_ILLEGALINSTRUCTION 4 -#define UE_CH_NONCONTINUABLEEXCEPTION 5 -#define UE_CH_ARRAYBOUNDSEXCEPTION 6 -#define UE_CH_FLOATDENORMALOPERAND 7 -#define UE_CH_FLOATDEVIDEBYZERO 8 -#define UE_CH_INTEGERDEVIDEBYZERO 9 -#define UE_CH_INTEGEROVERFLOW 10 -#define UE_CH_PRIVILEGEDINSTRUCTION 11 -#define UE_CH_PAGEGUARD 12 -#define UE_CH_EVERYTHINGELSE 13 -#define UE_CH_CREATETHREAD 14 -#define UE_CH_EXITTHREAD 15 -#define UE_CH_CREATEPROCESS 16 -#define UE_CH_EXITPROCESS 17 -#define UE_CH_LOADDLL 18 -#define UE_CH_UNLOADDLL 19 -#define UE_CH_OUTPUTDEBUGSTRING 20 -#define UE_CH_AFTEREXCEPTIONPROCESSING 21 -#define UE_CH_SYSTEMBREAKPOINT 23 -#define UE_CH_UNHANDLEDEXCEPTION 24 -#define UE_CH_RIPEVENT 25 -#define UE_CH_DEBUGEVENT 26 - -#define UE_OPTION_HANDLER_RETURN_HANDLECOUNT 1 -#define UE_OPTION_HANDLER_RETURN_ACCESS 2 -#define UE_OPTION_HANDLER_RETURN_FLAGS 3 -#define UE_OPTION_HANDLER_RETURN_TYPENAME 4 - -#define UE_BREAKPOINT_INT3 1 -#define UE_BREAKPOINT_LONG_INT3 2 -#define UE_BREAKPOINT_UD2 3 - -#define UE_BPXREMOVED 0 -#define UE_BPXACTIVE 1 -#define UE_BPXINACTIVE 2 - -#define UE_BREAKPOINT 0 -#define UE_SINGLESHOOT 1 -#define UE_HARDWARE 2 -#define UE_MEMORY 3 -#define UE_MEMORY_READ 4 -#define UE_MEMORY_WRITE 5 -#define UE_MEMORY_EXECUTE 6 -#define UE_BREAKPOINT_TYPE_INT3 0x10000000 -#define UE_BREAKPOINT_TYPE_LONG_INT3 0x20000000 -#define UE_BREAKPOINT_TYPE_UD2 0x30000000 - -#define UE_HARDWARE_EXECUTE 4 -#define UE_HARDWARE_WRITE 5 -#define UE_HARDWARE_READWRITE 6 - -#define UE_HARDWARE_SIZE_1 7 -#define UE_HARDWARE_SIZE_2 8 -#define UE_HARDWARE_SIZE_4 9 -#define UE_HARDWARE_SIZE_8 10 - -#define UE_ON_LIB_LOAD 1 -#define UE_ON_LIB_UNLOAD 2 -#define UE_ON_LIB_ALL 3 - -#define UE_APISTART 0 -#define UE_APIEND 1 - -#define UE_PLATFORM_x86 1 -#define UE_PLATFORM_x64 2 -#define UE_PLATFORM_ALL 3 - -#define UE_FUNCTION_STDCALL 1 -#define UE_FUNCTION_CCALL 2 -#define UE_FUNCTION_FASTCALL 3 -#define UE_FUNCTION_STDCALL_RET 4 -#define UE_FUNCTION_CCALL_RET 5 -#define UE_FUNCTION_FASTCALL_RET 6 -#define UE_FUNCTION_STDCALL_CALL 7 -#define UE_FUNCTION_CCALL_CALL 8 -#define UE_FUNCTION_FASTCALL_CALL 9 -#define UE_PARAMETER_BYTE 0 -#define UE_PARAMETER_WORD 1 -#define UE_PARAMETER_DWORD 2 -#define UE_PARAMETER_QWORD 3 -#define UE_PARAMETER_PTR_BYTE 4 -#define UE_PARAMETER_PTR_WORD 5 -#define UE_PARAMETER_PTR_DWORD 6 -#define UE_PARAMETER_PTR_QWORD 7 -#define UE_PARAMETER_STRING 8 -#define UE_PARAMETER_UNICODE 9 - -#define UE_EAX 1 -#define UE_EBX 2 -#define UE_ECX 3 -#define UE_EDX 4 -#define UE_EDI 5 -#define UE_ESI 6 -#define UE_EBP 7 -#define UE_ESP 8 -#define UE_EIP 9 -#define UE_EFLAGS 10 -#define UE_DR0 11 -#define UE_DR1 12 -#define UE_DR2 13 -#define UE_DR3 14 -#define UE_DR6 15 -#define UE_DR7 16 -#define UE_RAX 17 -#define UE_RBX 18 -#define UE_RCX 19 -#define UE_RDX 20 -#define UE_RDI 21 -#define UE_RSI 22 -#define UE_RBP 23 -#define UE_RSP 24 -#define UE_RIP 25 -#define UE_RFLAGS 26 -#define UE_R8 27 -#define UE_R9 28 -#define UE_R10 29 -#define UE_R11 30 -#define UE_R12 31 -#define UE_R13 32 -#define UE_R14 33 -#define UE_R15 34 -#define UE_CIP 35 -#define UE_CSP 36 -#ifdef _WIN64 -#define UE_CFLAGS UE_RFLAGS -#else -#define UE_CFLAGS UE_EFLAGS -#endif -#define UE_SEG_GS 37 -#define UE_SEG_FS 38 -#define UE_SEG_ES 39 -#define UE_SEG_DS 40 -#define UE_SEG_CS 41 -#define UE_SEG_SS 42 -#define UE_x87_r0 43 -#define UE_x87_r1 44 -#define UE_x87_r2 45 -#define UE_x87_r3 46 -#define UE_x87_r4 47 -#define UE_x87_r5 48 -#define UE_x87_r6 49 -#define UE_x87_r7 50 -#define UE_X87_STATUSWORD 51 -#define UE_X87_CONTROLWORD 52 -#define UE_X87_TAGWORD 53 -#define UE_MXCSR 54 -#define UE_MMX0 55 -#define UE_MMX1 56 -#define UE_MMX2 57 -#define UE_MMX3 58 -#define UE_MMX4 59 -#define UE_MMX5 60 -#define UE_MMX6 61 -#define UE_MMX7 62 -#define UE_XMM0 63 -#define UE_XMM1 64 -#define UE_XMM2 65 -#define UE_XMM3 66 -#define UE_XMM4 67 -#define UE_XMM5 68 -#define UE_XMM6 69 -#define UE_XMM7 70 -#define UE_XMM8 71 -#define UE_XMM9 72 -#define UE_XMM10 73 -#define UE_XMM11 74 -#define UE_XMM12 75 -#define UE_XMM13 76 -#define UE_XMM14 77 -#define UE_XMM15 78 -#define UE_x87_ST0 79 -#define UE_x87_ST1 80 -#define UE_x87_ST2 81 -#define UE_x87_ST3 82 -#define UE_x87_ST4 83 -#define UE_x87_ST5 84 -#define UE_x87_ST6 85 -#define UE_x87_ST7 86 -#define UE_YMM0 87 -#define UE_YMM1 88 -#define UE_YMM2 89 -#define UE_YMM3 90 -#define UE_YMM4 91 -#define UE_YMM5 92 -#define UE_YMM6 93 -#define UE_YMM7 94 -#define UE_YMM8 95 -#define UE_YMM9 96 -#define UE_YMM10 97 -#define UE_YMM11 98 -#define UE_YMM12 99 -#define UE_YMM13 100 -#define UE_YMM14 101 -#define UE_YMM15 102 - -#ifndef CONTEXT_EXTENDED_REGISTERS -#define CONTEXT_EXTENDED_REGISTERS 0 -#endif - -typedef struct -{ - DWORD PE32Offset; - DWORD ImageBase; - DWORD OriginalEntryPoint; - DWORD BaseOfCode; - DWORD BaseOfData; - DWORD NtSizeOfImage; - DWORD NtSizeOfHeaders; - WORD SizeOfOptionalHeaders; - DWORD FileAlignment; - DWORD SectionAligment; - DWORD ImportTableAddress; - DWORD ImportTableSize; - DWORD ResourceTableAddress; - DWORD ResourceTableSize; - DWORD ExportTableAddress; - DWORD ExportTableSize; - DWORD TLSTableAddress; - DWORD TLSTableSize; - DWORD RelocationTableAddress; - DWORD RelocationTableSize; - DWORD TimeDateStamp; - WORD SectionNumber; - DWORD CheckSum; - WORD SubSystem; - WORD Characteristics; - DWORD NumberOfRvaAndSizes; -} PE32Struct, *PPE32Struct; - -typedef struct -{ - DWORD PE64Offset; - DWORD64 ImageBase; - DWORD OriginalEntryPoint; - DWORD BaseOfCode; - DWORD BaseOfData; - DWORD NtSizeOfImage; - DWORD NtSizeOfHeaders; - WORD SizeOfOptionalHeaders; - DWORD FileAlignment; - DWORD SectionAligment; - DWORD ImportTableAddress; - DWORD ImportTableSize; - DWORD ResourceTableAddress; - DWORD ResourceTableSize; - DWORD ExportTableAddress; - DWORD ExportTableSize; - DWORD TLSTableAddress; - DWORD TLSTableSize; - DWORD RelocationTableAddress; - DWORD RelocationTableSize; - DWORD TimeDateStamp; - WORD SectionNumber; - DWORD CheckSum; - WORD SubSystem; - WORD Characteristics; - DWORD NumberOfRvaAndSizes; -} PE64Struct, *PPE64Struct; - -#if defined(_WIN64) -typedef PE64Struct PEStruct; -#else -typedef PE32Struct PEStruct; -#endif - -typedef struct -{ - bool NewDll; - int NumberOfImports; - ULONG_PTR ImageBase; - ULONG_PTR BaseImportThunk; - ULONG_PTR ImportThunk; - char* APIName; - char* DLLName; -} ImportEnumData, *PImportEnumData; - -typedef struct -{ - HANDLE hThread; - DWORD dwThreadId; - void* ThreadStartAddress; - void* ThreadLocalBase; - void* TebAddress; - ULONG WaitTime; - LONG Priority; - LONG BasePriority; - ULONG ContextSwitches; - ULONG ThreadState; - ULONG WaitReason; -} THREAD_ITEM_DATA, *PTHREAD_ITEM_DATA; - -typedef struct -{ - HANDLE hFile; - void* BaseOfDll; - HANDLE hFileMapping; - void* hFileMappingView; - char szLibraryPath[MAX_PATH]; - char szLibraryName[MAX_PATH]; -} LIBRARY_ITEM_DATA, *PLIBRARY_ITEM_DATA; - -typedef struct -{ - HANDLE hFile; - void* BaseOfDll; - HANDLE hFileMapping; - void* hFileMappingView; - wchar_t szLibraryPath[MAX_PATH]; - wchar_t szLibraryName[MAX_PATH]; -} LIBRARY_ITEM_DATAW, *PLIBRARY_ITEM_DATAW; - -typedef struct -{ - HANDLE hProcess; - DWORD dwProcessId; - HANDLE hThread; - DWORD dwThreadId; - HANDLE hFile; - void* BaseOfImage; - void* ThreadStartAddress; - void* ThreadLocalBase; -} PROCESS_ITEM_DATA, *PPROCESS_ITEM_DATA; - -typedef struct -{ - ULONG ProcessId; - HANDLE hHandle; -} HandlerArray, *PHandlerArray; - -typedef struct -{ - char PluginName[64]; - DWORD PluginMajorVersion; - DWORD PluginMinorVersion; - HMODULE PluginBaseAddress; - void* TitanDebuggingCallBack; - void* TitanRegisterPlugin; - void* TitanReleasePlugin; - void* TitanResetPlugin; - bool PluginDisabled; -} PluginInformation, *PPluginInformation; - -#define TEE_MAXIMUM_HOOK_SIZE 14 -#define TEE_MAXIMUM_HOOK_RELOCS 7 -#if defined(_WIN64) -#define TEE_MAXIMUM_HOOK_INSERT_SIZE 14 -#else -#define TEE_MAXIMUM_HOOK_INSERT_SIZE 5 -#endif - -typedef struct HOOK_ENTRY -{ - bool IATHook; - BYTE HookType; - DWORD HookSize; - void* HookAddress; - void* RedirectionAddress; - BYTE HookBytes[TEE_MAXIMUM_HOOK_SIZE]; - BYTE OriginalBytes[TEE_MAXIMUM_HOOK_SIZE]; - void* IATHookModuleBase; - DWORD IATHookNameHash; - bool HookIsEnabled; - bool HookIsRemote; - void* PatchedEntry; - DWORD RelocationInfo[TEE_MAXIMUM_HOOK_RELOCS]; - int RelocationCount; -} HOOK_ENTRY, *PHOOK_ENTRY; - -#define UE_DEPTH_SURFACE 0 -#define UE_DEPTH_DEEP 1 - -#define UE_UNPACKER_CONDITION_SEARCH_FROM_EP 1 - -#define UE_UNPACKER_CONDITION_LOADLIBRARY 1 -#define UE_UNPACKER_CONDITION_GETPROCADDRESS 2 -#define UE_UNPACKER_CONDITION_ENTRYPOINTBREAK 3 -#define UE_UNPACKER_CONDITION_RELOCSNAPSHOT1 4 -#define UE_UNPACKER_CONDITION_RELOCSNAPSHOT2 5 - -#define UE_FIELD_OK 0 -#define UE_FIELD_BROKEN_NON_FIXABLE 1 -#define UE_FIELD_BROKEN_NON_CRITICAL 2 -#define UE_FIELD_BROKEN_FIXABLE_FOR_STATIC_USE 3 -#define UE_FIELD_BROKEN_BUT_CAN_BE_EMULATED 4 -#define UE_FIELD_FIXABLE_NON_CRITICAL 5 -#define UE_FIELD_FIXABLE_CRITICAL 6 -#define UE_FIELD_NOT_PRESET 7 -#define UE_FIELD_NOT_PRESET_WARNING 8 - -#define UE_RESULT_FILE_OK 10 -#define UE_RESULT_FILE_INVALID_BUT_FIXABLE 11 -#define UE_RESULT_FILE_INVALID_AND_NON_FIXABLE 12 -#define UE_RESULT_FILE_INVALID_FORMAT 13 - -typedef struct -{ - BYTE OveralEvaluation; - bool EvaluationTerminatedByException; - bool FileIs64Bit; - bool FileIsDLL; - bool FileIsConsole; - bool MissingDependencies; - bool MissingDeclaredAPIs; - BYTE SignatureMZ; - BYTE SignaturePE; - BYTE EntryPoint; - BYTE ImageBase; - BYTE SizeOfImage; - BYTE FileAlignment; - BYTE SectionAlignment; - BYTE ExportTable; - BYTE RelocationTable; - BYTE ImportTable; - BYTE ImportTableSection; - BYTE ImportTableData; - BYTE IATTable; - BYTE TLSTable; - BYTE LoadConfigTable; - BYTE BoundImportTable; - BYTE COMHeaderTable; - BYTE ResourceTable; - BYTE ResourceData; - BYTE SectionTable; -} FILE_STATUS_INFO, *PFILE_STATUS_INFO; - -typedef struct -{ - BYTE OveralEvaluation; - bool FixingTerminatedByException; - bool FileFixPerformed; - bool StrippedRelocation; - bool DontFixRelocations; - DWORD OriginalRelocationTableAddress; - DWORD OriginalRelocationTableSize; - bool StrippedExports; - bool DontFixExports; - DWORD OriginalExportTableAddress; - DWORD OriginalExportTableSize; - bool StrippedResources; - bool DontFixResources; - DWORD OriginalResourceTableAddress; - DWORD OriginalResourceTableSize; - bool StrippedTLS; - bool DontFixTLS; - DWORD OriginalTLSTableAddress; - DWORD OriginalTLSTableSize; - bool StrippedLoadConfig; - bool DontFixLoadConfig; - DWORD OriginalLoadConfigTableAddress; - DWORD OriginalLoadConfigTableSize; - bool StrippedBoundImports; - bool DontFixBoundImports; - DWORD OriginalBoundImportTableAddress; - DWORD OriginalBoundImportTableSize; - bool StrippedIAT; - bool DontFixIAT; - DWORD OriginalImportAddressTableAddress; - DWORD OriginalImportAddressTableSize; - bool StrippedCOM; - bool DontFixCOM; - DWORD OriginalCOMTableAddress; - DWORD OriginalCOMTableSize; -} FILE_FIX_INFO, *PFILE_FIX_INFO; - -typedef struct DECLSPEC_ALIGN(16) _XmmRegister_t -{ - ULONGLONG Low; - LONGLONG High; -} XmmRegister_t; - -typedef struct -{ - XmmRegister_t Low; //XMM/SSE part - XmmRegister_t High; //AVX part -} YmmRegister_t; - -typedef struct -{ - YmmRegister_t Low; //AVX part - YmmRegister_t High; //AVX-512 part -} ZmmRegister_t; - -typedef struct -{ - BYTE data[10]; - int st_value; - int tag; -} x87FPURegister_t; - -typedef struct -{ - WORD ControlWord; - WORD StatusWord; - WORD TagWord; - DWORD ErrorOffset; - DWORD ErrorSelector; - DWORD DataOffset; - DWORD DataSelector; - DWORD Cr0NpxState; -} x87FPU_t; - -typedef struct -{ - ULONG_PTR cax; - ULONG_PTR ccx; - ULONG_PTR cdx; - ULONG_PTR cbx; - ULONG_PTR csp; - ULONG_PTR cbp; - ULONG_PTR csi; - ULONG_PTR cdi; -#ifdef _WIN64 - ULONG_PTR r8; - ULONG_PTR r9; - ULONG_PTR r10; - ULONG_PTR r11; - ULONG_PTR r12; - ULONG_PTR r13; - ULONG_PTR r14; - ULONG_PTR r15; -#endif //_WIN64 - ULONG_PTR cip; - ULONG_PTR eflags; - unsigned short gs; - unsigned short fs; - unsigned short es; - unsigned short ds; - unsigned short cs; - unsigned short ss; - ULONG_PTR dr0; - ULONG_PTR dr1; - ULONG_PTR dr2; - ULONG_PTR dr3; - ULONG_PTR dr6; - ULONG_PTR dr7; - BYTE RegisterArea[80]; - x87FPU_t x87fpu; - DWORD MxCsr; -#ifdef _WIN64 - XmmRegister_t XmmRegisters[16]; - YmmRegister_t YmmRegisters[16]; -#else // x86 - XmmRegister_t XmmRegisters[8]; - YmmRegister_t YmmRegisters[8]; -#endif -} TITAN_ENGINE_CONTEXT_t; - -typedef struct -{ -#ifdef _WIN64 - ZmmRegister_t ZmmRegisters[32]; -#else // x86 - ZmmRegister_t ZmmRegisters[8]; -#endif - ULONGLONG Opmask[8]; -} TITAN_ENGINE_CONTEXT_AVX512_t; - -#ifdef __cplusplus -extern "C" -{ -#endif - -// Global.Function.Declaration: -// TitanEngine.Dumper.functions: -__declspec(dllexport) bool TITCALL DumpProcess(HANDLE hProcess, LPVOID ImageBase, const char* szDumpFileName, ULONG_PTR EntryPoint); -__declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBase, const wchar_t* szDumpFileName, ULONG_PTR EntryPoint); -__declspec(dllexport) bool TITCALL DumpProcessEx(DWORD ProcessId, LPVOID ImageBase, const char* szDumpFileName, ULONG_PTR EntryPoint); -__declspec(dllexport) bool TITCALL DumpProcessExW(DWORD ProcessId, LPVOID ImageBase, const wchar_t* szDumpFileName, ULONG_PTR EntryPoint); -__declspec(dllexport) bool TITCALL DumpMemory(HANDLE hProcess, LPVOID MemoryStart, ULONG_PTR MemorySize, const char* szDumpFileName); -__declspec(dllexport) bool TITCALL DumpMemoryW(HANDLE hProcess, LPVOID MemoryStart, ULONG_PTR MemorySize, const wchar_t* szDumpFileName); -__declspec(dllexport) bool TITCALL DumpMemoryEx(DWORD ProcessId, LPVOID MemoryStart, ULONG_PTR MemorySize, const char* szDumpFileName); -__declspec(dllexport) bool TITCALL DumpMemoryExW(DWORD ProcessId, LPVOID MemoryStart, ULONG_PTR MemorySize, const wchar_t* szDumpFileName); -__declspec(dllexport) bool TITCALL DumpRegions(HANDLE hProcess, const char* szDumpFolder, bool DumpAboveImageBaseOnly); -__declspec(dllexport) bool TITCALL DumpRegionsW(HANDLE hProcess, const wchar_t* szDumpFolder, bool DumpAboveImageBaseOnly); -__declspec(dllexport) bool TITCALL DumpRegionsEx(DWORD ProcessId, const char* szDumpFolder, bool DumpAboveImageBaseOnly); -__declspec(dllexport) bool TITCALL DumpRegionsExW(DWORD ProcessId, const wchar_t* szDumpFolder, bool DumpAboveImageBaseOnly); -__declspec(dllexport) bool TITCALL DumpModule(HANDLE hProcess, LPVOID ModuleBase, const char* szDumpFileName); -__declspec(dllexport) bool TITCALL DumpModuleW(HANDLE hProcess, LPVOID ModuleBase, const wchar_t* szDumpFileName); -__declspec(dllexport) bool TITCALL DumpModuleEx(DWORD ProcessId, LPVOID ModuleBase, const char* szDumpFileName); -__declspec(dllexport) bool TITCALL DumpModuleExW(DWORD ProcessId, LPVOID ModuleBase, const wchar_t* szDumpFileName); -__declspec(dllexport) bool TITCALL PastePEHeader(HANDLE hProcess, LPVOID ImageBase, const char* szDebuggedFileName); -__declspec(dllexport) bool TITCALL PastePEHeaderW(HANDLE hProcess, LPVOID ImageBase, const wchar_t* szDebuggedFileName); -__declspec(dllexport) bool TITCALL ExtractSection(const char* szFileName, const char* szDumpFileName, DWORD SectionNumber); -__declspec(dllexport) bool TITCALL ExtractSectionW(const wchar_t* szFileName, const wchar_t* szDumpFileName, DWORD SectionNumber); -__declspec(dllexport) bool TITCALL ResortFileSections(const char* szFileName); -__declspec(dllexport) bool TITCALL ResortFileSectionsW(const wchar_t* szFileName); -__declspec(dllexport) bool TITCALL FindOverlay(const char* szFileName, LPDWORD OverlayStart, LPDWORD OverlaySize); -__declspec(dllexport) bool TITCALL FindOverlayW(const wchar_t* szFileName, LPDWORD OverlayStart, LPDWORD OverlaySize); -__declspec(dllexport) bool TITCALL ExtractOverlay(const char* szFileName, const char* szExtactedFileName); -__declspec(dllexport) bool TITCALL ExtractOverlayW(const wchar_t* szFileName, const wchar_t* szExtactedFileName); -__declspec(dllexport) bool TITCALL AddOverlay(const char* szFileName, const char* szOverlayFileName); -__declspec(dllexport) bool TITCALL AddOverlayW(const wchar_t* szFileName, const wchar_t* szOverlayFileName); -__declspec(dllexport) bool TITCALL CopyOverlay(const char* szInFileName, const char* szOutFileName); -__declspec(dllexport) bool TITCALL CopyOverlayW(const wchar_t* szInFileName, const wchar_t* szOutFileName); -__declspec(dllexport) bool TITCALL RemoveOverlay(const char* szFileName); -__declspec(dllexport) bool TITCALL RemoveOverlayW(const wchar_t* szFileName); -__declspec(dllexport) bool TITCALL MakeAllSectionsRWE(const char* szFileName); -__declspec(dllexport) bool TITCALL MakeAllSectionsRWEW(const wchar_t* szFileName); -__declspec(dllexport) long TITCALL AddNewSectionEx(const char* szFileName, const char* szSectionName, DWORD SectionSize, DWORD SectionAttributes, LPVOID SectionContent, DWORD ContentSize); -__declspec(dllexport) long TITCALL AddNewSectionExW(const wchar_t* szFileName, const char* szSectionName, DWORD SectionSize, DWORD SectionAttributes, LPVOID SectionContent, DWORD ContentSize); -__declspec(dllexport) long TITCALL AddNewSection(const char* szFileName, const char* szSectionName, DWORD SectionSize); -__declspec(dllexport) long TITCALL AddNewSectionW(const wchar_t* szFileName, const char* szSectionName, DWORD SectionSize); -__declspec(dllexport) bool TITCALL ResizeLastSection(const char* szFileName, DWORD NumberOfExpandBytes, bool AlignResizeData); -__declspec(dllexport) bool TITCALL ResizeLastSectionW(const wchar_t* szFileName, DWORD NumberOfExpandBytes, bool AlignResizeData); -__declspec(dllexport) void TITCALL SetSharedOverlay(const char* szFileName); -__declspec(dllexport) void TITCALL SetSharedOverlayW(const wchar_t* szFileName); -__declspec(dllexport) char* TITCALL GetSharedOverlay(); -__declspec(dllexport) wchar_t* TITCALL GetSharedOverlayW(); -__declspec(dllexport) bool TITCALL DeleteLastSection(const char* szFileName); -__declspec(dllexport) bool TITCALL DeleteLastSectionW(const wchar_t* szFileName); -__declspec(dllexport) bool TITCALL DeleteLastSectionEx(const char* szFileName, DWORD NumberOfSections); -__declspec(dllexport) bool TITCALL DeleteLastSectionExW(const wchar_t* szFileName, DWORD NumberOfSections); -__declspec(dllexport) ULONG_PTR TITCALL GetPE32DataFromMappedFile(ULONG_PTR FileMapVA, DWORD WhichSection, DWORD WhichData); -__declspec(dllexport) ULONG_PTR TITCALL GetPE32Data(const char* szFileName, DWORD WhichSection, DWORD WhichData); -__declspec(dllexport) ULONG_PTR TITCALL GetPE32DataW(const wchar_t* szFileName, DWORD WhichSection, DWORD WhichData); -__declspec(dllexport) bool TITCALL GetPE32DataFromMappedFileEx(ULONG_PTR FileMapVA, LPVOID DataStorage); -__declspec(dllexport) bool TITCALL GetPE32DataEx(const char* szFileName, LPVOID DataStorage); -__declspec(dllexport) bool TITCALL GetPE32DataExW(const wchar_t* szFileName, LPVOID DataStorage); -__declspec(dllexport) bool TITCALL SetPE32DataForMappedFile(ULONG_PTR FileMapVA, DWORD WhichSection, DWORD WhichData, ULONG_PTR NewDataValue); -__declspec(dllexport) bool TITCALL SetPE32Data(const char* szFileName, DWORD WhichSection, DWORD WhichData, ULONG_PTR NewDataValue); -__declspec(dllexport) bool TITCALL SetPE32DataW(const wchar_t* szFileName, DWORD WhichSection, DWORD WhichData, ULONG_PTR NewDataValue); -__declspec(dllexport) bool TITCALL SetPE32DataForMappedFileEx(ULONG_PTR FileMapVA, LPVOID DataStorage); -__declspec(dllexport) bool TITCALL SetPE32DataEx(const char* szFileName, LPVOID DataStorage); -__declspec(dllexport) bool TITCALL SetPE32DataExW(const wchar_t* szFileName, LPVOID DataStorage); -__declspec(dllexport) long TITCALL GetPE32SectionNumberFromVA(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert); -__declspec(dllexport) ULONG_PTR TITCALL ConvertVAtoFileOffset(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType); -__declspec(dllexport) ULONG_PTR TITCALL ConvertVAtoFileOffsetEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool AddressIsRVA, bool ReturnType); -__declspec(dllexport) ULONG_PTR TITCALL ConvertFileOffsetToVA(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType); -__declspec(dllexport) ULONG_PTR TITCALL ConvertFileOffsetToVAEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool ReturnType); -__declspec(dllexport) bool TITCALL MemoryReadSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T* lpNumberOfBytesRead); -__declspec(dllexport) bool TITCALL MemoryWriteSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID lpBuffer, SIZE_T nSize, SIZE_T* lpNumberOfBytesWritten); -// TitanEngine.Realigner.functions: -__declspec(dllexport) bool TITCALL FixHeaderCheckSum(const char* szFileName); -__declspec(dllexport) bool TITCALL FixHeaderCheckSumW(const wchar_t* szFileName); -__declspec(dllexport) long TITCALL RealignPE(ULONG_PTR FileMapVA, DWORD FileSize, DWORD RealingMode); -__declspec(dllexport) long TITCALL RealignPEEx(const char* szFileName, DWORD RealingFileSize, DWORD ForcedFileAlignment); -__declspec(dllexport) long TITCALL RealignPEExW(const wchar_t* szFileName, DWORD RealingFileSize, DWORD ForcedFileAlignment); -__declspec(dllexport) bool TITCALL WipeSection(const char* szFileName, int WipeSectionNumber, bool RemovePhysically); -__declspec(dllexport) bool TITCALL WipeSectionW(const wchar_t* szFileName, int WipeSectionNumber, bool RemovePhysically); -__declspec(dllexport) bool TITCALL IsPE32FileValidEx(const char* szFileName, DWORD CheckDepth, LPVOID FileStatusInfo); -__declspec(dllexport) bool TITCALL IsPE32FileValidExW(const wchar_t* szFileName, DWORD CheckDepth, LPVOID FileStatusInfo); -__declspec(dllexport) bool TITCALL FixBrokenPE32FileEx(const char* szFileName, LPVOID FileStatusInfo, LPVOID FileFixInfo); -__declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(const wchar_t* szFileName, LPVOID FileStatusInfo, LPVOID FileFixInfo); -__declspec(dllexport) bool TITCALL IsFileDLL(const char* szFileName, ULONG_PTR FileMapVA); -__declspec(dllexport) bool TITCALL IsFileDLLW(const wchar_t* szFileName, ULONG_PTR FileMapVA); -// TitanEngine.Hider.functions: -__declspec(dllexport) void* TITCALL GetPEBLocation(HANDLE hProcess); -__declspec(dllexport) void* TITCALL GetPEBLocation64(HANDLE hProcess); -__declspec(dllexport) void* TITCALL GetTEBLocation(HANDLE hThread); -__declspec(dllexport) void* TITCALL GetTEBLocation64(HANDLE hThread); -__declspec(dllexport) bool TITCALL HideDebugger(HANDLE hProcess, DWORD PatchAPILevel); -__declspec(dllexport) bool TITCALL UnHideDebugger(HANDLE hProcess, DWORD PatchAPILevel); -// TitanEngine.Relocater.functions: -__declspec(dllexport) void TITCALL RelocaterCleanup(); -__declspec(dllexport) void TITCALL RelocaterInit(DWORD MemorySize, ULONG_PTR OldImageBase, ULONG_PTR NewImageBase); -__declspec(dllexport) void TITCALL RelocaterAddNewRelocation(HANDLE hProcess, ULONG_PTR RelocateAddress, DWORD RelocateState); -__declspec(dllexport) long TITCALL RelocaterEstimatedSize(); -__declspec(dllexport) bool TITCALL RelocaterExportRelocation(ULONG_PTR StorePlace, DWORD StorePlaceRVA, ULONG_PTR FileMapVA); -__declspec(dllexport) bool TITCALL RelocaterExportRelocationEx(const char* szFileName, const char* szSectionName); -__declspec(dllexport) bool TITCALL RelocaterExportRelocationExW(const wchar_t* szFileName, const char* szSectionName); -__declspec(dllexport) bool TITCALL RelocaterGrabRelocationTable(HANDLE hProcess, ULONG_PTR MemoryStart, DWORD MemorySize); -__declspec(dllexport) bool TITCALL RelocaterGrabRelocationTableEx(HANDLE hProcess, ULONG_PTR MemoryStart, ULONG_PTR MemorySize, DWORD NtSizeOfImage); -__declspec(dllexport) bool TITCALL RelocaterMakeSnapshot(HANDLE hProcess, const char* szSaveFileName, LPVOID MemoryStart, ULONG_PTR MemorySize); -__declspec(dllexport) bool TITCALL RelocaterMakeSnapshotW(HANDLE hProcess, const wchar_t* szSaveFileName, LPVOID MemoryStart, ULONG_PTR MemorySize); -__declspec(dllexport) bool TITCALL RelocaterCompareTwoSnapshots(HANDLE hProcess, ULONG_PTR LoadedImageBase, ULONG_PTR NtSizeOfImage, const char* szDumpFile1, const char* szDumpFile2, ULONG_PTR MemStart); -__declspec(dllexport) bool TITCALL RelocaterCompareTwoSnapshotsW(HANDLE hProcess, ULONG_PTR LoadedImageBase, ULONG_PTR NtSizeOfImage, const wchar_t* szDumpFile1, const wchar_t* szDumpFile2, ULONG_PTR MemStart); -__declspec(dllexport) bool TITCALL RelocaterChangeFileBase(const char* szFileName, ULONG_PTR NewImageBase); -__declspec(dllexport) bool TITCALL RelocaterChangeFileBaseW(const wchar_t* szFileName, ULONG_PTR NewImageBase); -__declspec(dllexport) bool TITCALL RelocaterRelocateMemoryBlock(ULONG_PTR FileMapVA, ULONG_PTR MemoryLocation, void* RelocateMemory, DWORD RelocateMemorySize, ULONG_PTR CurrentLoadedBase, ULONG_PTR RelocateBase); -__declspec(dllexport) bool TITCALL RelocaterWipeRelocationTable(const char* szFileName); -__declspec(dllexport) bool TITCALL RelocaterWipeRelocationTableW(const wchar_t* szFileName); -// TitanEngine.Resourcer.functions: -__declspec(dllexport) ULONG_PTR TITCALL ResourcerLoadFileForResourceUse(const char* szFileName); -__declspec(dllexport) ULONG_PTR TITCALL ResourcerLoadFileForResourceUseW(const wchar_t* szFileName); -__declspec(dllexport) bool TITCALL ResourcerFreeLoadedFile(LPVOID LoadedFileBase); -__declspec(dllexport) bool TITCALL ResourcerExtractResourceFromFileEx(HMODULE hFile, const char* szResourceType, const char* szResourceName, const char* szExtractedFileName); -__declspec(dllexport) bool TITCALL ResourcerExtractResourceFromFile(const char* szFileName, const char* szResourceType, const char* szResourceName, const char* szExtractedFileName); -__declspec(dllexport) bool TITCALL ResourcerExtractResourceFromFileW(const wchar_t* szFileName, char* szResourceType, const char* szResourceName, const char* szExtractedFileName); -__declspec(dllexport) bool TITCALL ResourcerFindResource(const char* szFileName, const char* szResourceType, DWORD ResourceType, const char* szResourceName, DWORD ResourceName, DWORD ResourceLanguage, PULONG_PTR pResourceData, LPDWORD pResourceSize); -__declspec(dllexport) bool TITCALL ResourcerFindResourceW(const wchar_t* szFileName, const wchar_t* szResourceType, DWORD ResourceType, const wchar_t* szResourceName, DWORD ResourceName, DWORD ResourceLanguage, PULONG_PTR pResourceData, LPDWORD pResourceSize); -__declspec(dllexport) bool TITCALL ResourcerFindResourceEx(ULONG_PTR FileMapVA, DWORD FileSize, const wchar_t* szResourceType, DWORD ResourceType, const wchar_t* szResourceName, DWORD ResourceName, DWORD ResourceLanguage, PULONG_PTR pResourceData, LPDWORD pResourceSize); -__declspec(dllexport) void TITCALL ResourcerEnumerateResource(const char* szFileName, void* CallBack); -__declspec(dllexport) void TITCALL ResourcerEnumerateResourceW(const wchar_t* szFileName, void* CallBack); -__declspec(dllexport) void TITCALL ResourcerEnumerateResourceEx(ULONG_PTR FileMapVA, DWORD FileSize, void* CallBack); -// TitanEngine.Threader.functions: -__declspec(dllexport) bool TITCALL ThreaderImportRunningThreadData(DWORD ProcessId); -__declspec(dllexport) void* TITCALL ThreaderGetThreadInfo(HANDLE hThread, DWORD ThreadId); -__declspec(dllexport) void TITCALL ThreaderEnumThreadInfo(void* EnumCallBack); -__declspec(dllexport) bool TITCALL ThreaderPauseThread(HANDLE hThread); -__declspec(dllexport) bool TITCALL ThreaderResumeThread(HANDLE hThread); -__declspec(dllexport) bool TITCALL ThreaderTerminateThread(HANDLE hThread, DWORD ThreadExitCode); -__declspec(dllexport) bool TITCALL ThreaderPauseAllThreads(bool LeaveMainRunning); -__declspec(dllexport) bool TITCALL ThreaderResumeAllThreads(bool LeaveMainPaused); -__declspec(dllexport) bool TITCALL ThreaderPauseProcess(); -__declspec(dllexport) bool TITCALL ThreaderResumeProcess(); -__declspec(dllexport) ULONG_PTR TITCALL ThreaderCreateRemoteThread(ULONG_PTR ThreadStartAddress, bool AutoCloseTheHandle, LPVOID ThreadPassParameter, LPDWORD ThreadId); -__declspec(dllexport) bool TITCALL ThreaderInjectAndExecuteCode(LPVOID InjectCode, DWORD StartDelta, DWORD InjectSize); -__declspec(dllexport) ULONG_PTR TITCALL ThreaderCreateRemoteThreadEx(HANDLE hProcess, ULONG_PTR ThreadStartAddress, bool AutoCloseTheHandle, LPVOID ThreadPassParameter, LPDWORD ThreadId); -__declspec(dllexport) bool TITCALL ThreaderInjectAndExecuteCodeEx(HANDLE hProcess, LPVOID InjectCode, DWORD StartDelta, DWORD InjectSize); -__declspec(dllexport) void TITCALL ThreaderSetCallBackForNextExitThreadEvent(LPVOID exitThreadCallBack); -__declspec(dllexport) bool TITCALL ThreaderIsThreadStillRunning(HANDLE hThread); -__declspec(dllexport) bool TITCALL ThreaderIsThreadActive(HANDLE hThread); -__declspec(dllexport) bool TITCALL ThreaderIsAnyThreadActive(); -__declspec(dllexport) bool TITCALL ThreaderExecuteOnlyInjectedThreads(); -__declspec(dllexport) ULONG_PTR TITCALL ThreaderGetOpenHandleForThread(DWORD ThreadId); -__declspec(dllexport) bool TITCALL ThreaderIsExceptionInMainThread(); -// TitanEngine.Debugger.functions: -__declspec(dllexport) void* TITCALL StaticDisassembleEx(ULONG_PTR DisassmStart, LPVOID DisassmAddress); -__declspec(dllexport) void* TITCALL StaticDisassemble(LPVOID DisassmAddress); -__declspec(dllexport) void* TITCALL DisassembleEx(HANDLE hProcess, LPVOID DisassmAddress, bool ReturnInstructionType); -__declspec(dllexport) void* TITCALL Disassemble(LPVOID DisassmAddress); -__declspec(dllexport) long TITCALL StaticLengthDisassemble(LPVOID DisassmAddress); -__declspec(dllexport) long TITCALL LengthDisassembleEx(HANDLE hProcess, LPVOID DisassmAddress); -__declspec(dllexport) long TITCALL LengthDisassemble(LPVOID DisassmAddress); -__declspec(dllexport) void* TITCALL InitDebug(char* szFileName, char* szCommandLine, char* szCurrentFolder); -__declspec(dllexport) void* TITCALL InitDebugW(const wchar_t* szFileName, const wchar_t* szCommandLine, const wchar_t* szCurrentFolder); -__declspec(dllexport) void* TITCALL InitNativeDebug(char* szFileName, char* szCommandLine, char* szCurrentFolder); -__declspec(dllexport) void* TITCALL InitNativeDebugW(const wchar_t* szFileName, const wchar_t* szCommandLine, const wchar_t* szCurrentFolder); -__declspec(dllexport) void* TITCALL InitDebugEx(const char* szFileName, const char* szCommandLine, const char* szCurrentFolder, LPVOID EntryCallBack); -__declspec(dllexport) void* TITCALL InitDebugExW(const wchar_t* szFileName, const wchar_t* szCommandLine, const wchar_t* szCurrentFolder, LPVOID EntryCallBack); -__declspec(dllexport) void* TITCALL InitDLLDebug(const char* szFileName, bool ReserveModuleBase, const char* szCommandLine, const char* szCurrentFolder, LPVOID EntryCallBack); -__declspec(dllexport) void* TITCALL InitDLLDebugW(const wchar_t* szFileName, bool ReserveModuleBase, const wchar_t* szCommandLine, const wchar_t* szCurrentFolder, LPVOID EntryCallBack); -__declspec(dllexport) bool TITCALL StopDebug(); -__declspec(dllexport) void TITCALL SetBPXOptions(long DefaultBreakPointType); -__declspec(dllexport) bool TITCALL IsBPXEnabled(ULONG_PTR bpxAddress); -__declspec(dllexport) bool TITCALL EnableBPX(ULONG_PTR bpxAddress); -__declspec(dllexport) bool TITCALL DisableBPX(ULONG_PTR bpxAddress); -__declspec(dllexport) bool TITCALL SetBPX(ULONG_PTR bpxAddress, DWORD bpxType, LPVOID bpxCallBack); -__declspec(dllexport) bool TITCALL DeleteBPX(ULONG_PTR bpxAddress); -__declspec(dllexport) bool TITCALL SafeDeleteBPX(ULONG_PTR bpxAddress); -__declspec(dllexport) bool TITCALL SetAPIBreakPoint(const char* szDLLName, const char* szAPIName, DWORD bpxType, DWORD bpxPlace, LPVOID bpxCallBack); -__declspec(dllexport) bool TITCALL DeleteAPIBreakPoint(const char* szDLLName, const char* szAPIName, DWORD bpxPlace); -__declspec(dllexport) bool TITCALL SafeDeleteAPIBreakPoint(const char* szDLLName, const char* szAPIName, DWORD bpxPlace); -__declspec(dllexport) bool TITCALL SetMemoryBPX(ULONG_PTR MemoryStart, SIZE_T SizeOfMemory, LPVOID bpxCallBack); -__declspec(dllexport) bool TITCALL SetMemoryBPXEx(ULONG_PTR MemoryStart, SIZE_T SizeOfMemory, DWORD BreakPointType, bool RestoreOnHit, LPVOID bpxCallBack); -__declspec(dllexport) bool TITCALL RemoveMemoryBPX(ULONG_PTR MemoryStart, SIZE_T SizeOfMemory); -__declspec(dllexport) bool TITCALL GetContextFPUDataEx(HANDLE hActiveThread, void* FPUSaveArea); -__declspec(dllexport) void TITCALL Getx87FPURegisters(x87FPURegister_t x87FPURegisters[8], TITAN_ENGINE_CONTEXT_t* titcontext); -__declspec(dllexport) void TITCALL GetMMXRegisters(uint64_t mmx[8], TITAN_ENGINE_CONTEXT_t* titcontext); -__declspec(dllexport) bool TITCALL GetFullContextDataEx(HANDLE hActiveThread, TITAN_ENGINE_CONTEXT_t* titcontext); -__declspec(dllexport) bool TITCALL SetFullContextDataEx(HANDLE hActiveThread, TITAN_ENGINE_CONTEXT_t* titcontext); -__declspec(dllexport) ULONG_PTR TITCALL GetContextDataEx(HANDLE hActiveThread, DWORD IndexOfRegister); -__declspec(dllexport) ULONG_PTR TITCALL GetContextData(DWORD IndexOfRegister); -__declspec(dllexport) bool TITCALL SetContextFPUDataEx(HANDLE hActiveThread, void* FPUSaveArea); -__declspec(dllexport) bool TITCALL SetContextDataEx(HANDLE hActiveThread, DWORD IndexOfRegister, ULONG_PTR NewRegisterValue); -__declspec(dllexport) bool TITCALL SetContextData(DWORD IndexOfRegister, ULONG_PTR NewRegisterValue); -__declspec(dllexport) bool TITCALL GetAVXContext(HANDLE hActiveThread, TITAN_ENGINE_CONTEXT_t* titcontext); -__declspec(dllexport) bool TITCALL SetAVXContext(HANDLE hActiveThread, TITAN_ENGINE_CONTEXT_t* titcontext); -__declspec(dllexport) bool TITCALL GetAVX512Context(HANDLE hActiveThread, TITAN_ENGINE_CONTEXT_AVX512_t* titcontext); -__declspec(dllexport) bool TITCALL SetAVX512Context(HANDLE hActiveThread, TITAN_ENGINE_CONTEXT_AVX512_t* titcontext); -__declspec(dllexport) void TITCALL ClearExceptionNumber(); -__declspec(dllexport) long TITCALL CurrentExceptionNumber(); -__declspec(dllexport) bool TITCALL MatchPatternEx(HANDLE hProcess, void* MemoryToCheck, int SizeOfMemoryToCheck, void* PatternToMatch, int SizeOfPatternToMatch, PBYTE WildCard); -__declspec(dllexport) bool TITCALL MatchPattern(void* MemoryToCheck, int SizeOfMemoryToCheck, void* PatternToMatch, int SizeOfPatternToMatch, PBYTE WildCard); -__declspec(dllexport) ULONG_PTR TITCALL FindEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, LPBYTE WildCard); -extern "C" __declspec(dllexport) ULONG_PTR TITCALL Find(LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, LPBYTE WildCard); -__declspec(dllexport) bool TITCALL FillEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, PBYTE FillByte); -__declspec(dllexport) bool TITCALL Fill(LPVOID MemoryStart, DWORD MemorySize, PBYTE FillByte); -__declspec(dllexport) bool TITCALL PatchEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, LPVOID ReplacePattern, DWORD ReplaceSize, bool AppendNOP, bool PrependNOP); -__declspec(dllexport) bool TITCALL Patch(LPVOID MemoryStart, DWORD MemorySize, LPVOID ReplacePattern, DWORD ReplaceSize, bool AppendNOP, bool PrependNOP); -__declspec(dllexport) bool TITCALL ReplaceEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, DWORD NumberOfRepetitions, LPVOID ReplacePattern, DWORD ReplaceSize, PBYTE WildCard); -__declspec(dllexport) bool TITCALL Replace(LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, DWORD NumberOfRepetitions, LPVOID ReplacePattern, DWORD ReplaceSize, PBYTE WildCard); -__declspec(dllexport) void* TITCALL GetDebugData(); -__declspec(dllexport) void* TITCALL GetTerminationData(); -__declspec(dllexport) long TITCALL GetExitCode(); -__declspec(dllexport) ULONG_PTR TITCALL GetDebuggedDLLBaseAddress(); -__declspec(dllexport) ULONG_PTR TITCALL GetDebuggedFileBaseAddress(); -__declspec(dllexport) bool TITCALL GetRemoteString(HANDLE hProcess, LPVOID StringAddress, LPVOID StringStorage, int MaximumStringSize); -__declspec(dllexport) ULONG_PTR TITCALL GetFunctionParameter(HANDLE hProcess, DWORD FunctionType, DWORD ParameterNumber, DWORD ParameterType); -__declspec(dllexport) ULONG_PTR TITCALL GetJumpDestinationEx(HANDLE hProcess, ULONG_PTR InstructionAddress, bool JustJumps); -__declspec(dllexport) ULONG_PTR TITCALL GetJumpDestination(HANDLE hProcess, ULONG_PTR InstructionAddress); -__declspec(dllexport) bool TITCALL IsJumpGoingToExecuteEx(HANDLE hProcess, HANDLE hThread, ULONG_PTR InstructionAddress, ULONG_PTR RegFlags); -__declspec(dllexport) bool TITCALL IsJumpGoingToExecute(); -__declspec(dllexport) void TITCALL SetCustomHandler(DWORD ExceptionId, LPVOID CallBack); -__declspec(dllexport) void TITCALL ForceClose(); -__declspec(dllexport) void TITCALL StepInto(LPVOID traceCallBack); -__declspec(dllexport) void TITCALL StepOver(LPVOID traceCallBack); -__declspec(dllexport) void TITCALL StepOut(LPVOID StepOut, bool StepFinal); -__declspec(dllexport) void TITCALL SingleStep(DWORD StepCount, LPVOID StepCallBack); -__declspec(dllexport) bool TITCALL GetUnusedHardwareBreakPointRegister(LPDWORD RegisterIndex); -__declspec(dllexport) bool TITCALL SetHardwareBreakPointEx(HANDLE hActiveThread, ULONG_PTR bpxAddress, DWORD IndexOfRegister, DWORD bpxType, DWORD bpxSize, LPVOID bpxCallBack, LPDWORD IndexOfSelectedRegister); -__declspec(dllexport) bool TITCALL SetHardwareBreakPoint(ULONG_PTR bpxAddress, DWORD IndexOfRegister, DWORD bpxType, DWORD bpxSize, LPVOID bpxCallBack); -__declspec(dllexport) bool TITCALL DeleteHardwareBreakPoint(DWORD IndexOfRegister); -__declspec(dllexport) bool TITCALL RemoveAllBreakPoints(DWORD RemoveOption); -__declspec(dllexport) PROCESS_INFORMATION* TITCALL TitanGetProcessInformation(); -__declspec(dllexport) STARTUPINFOW* TITCALL TitanGetStartupInformation(); -__declspec(dllexport) void TITCALL DebugLoop(); -__declspec(dllexport) void TITCALL SetDebugLoopTimeOut(DWORD TimeOut); -__declspec(dllexport) void TITCALL SetNextDbgContinueStatus(DWORD SetDbgCode); -__declspec(dllexport) bool TITCALL AttachDebugger(DWORD ProcessId, bool KillOnExit, LPVOID DebugInfo, LPVOID CallBack); -__declspec(dllexport) bool TITCALL DetachDebugger(DWORD ProcessId); -__declspec(dllexport) bool TITCALL DetachDebuggerEx(DWORD ProcessId); -__declspec(dllexport) void TITCALL DebugLoopEx(DWORD TimeOut); -__declspec(dllexport) void TITCALL AutoDebugEx(const char* szFileName, bool ReserveModuleBase, const char* szCommandLine, const char* szCurrentFolder, DWORD TimeOut, LPVOID EntryCallBack); -__declspec(dllexport) void TITCALL AutoDebugExW(const wchar_t* szFileName, bool ReserveModuleBase, const wchar_t* szCommandLine, const wchar_t* szCurrentFolder, DWORD TimeOut, LPVOID EntryCallBack); -__declspec(dllexport) bool TITCALL IsFileBeingDebugged(); -__declspec(dllexport) void TITCALL SetErrorModel(bool DisplayErrorMessages); -// TitanEngine.FindOEP.functions: -__declspec(dllexport) void TITCALL FindOEPInit(); -__declspec(dllexport) bool TITCALL FindOEPGenerically(const char* szFileName, LPVOID TraceInitCallBack, LPVOID CallBack); -__declspec(dllexport) bool TITCALL FindOEPGenericallyW(const wchar_t* szFileName, LPVOID TraceInitCallBack, LPVOID CallBack); -// TitanEngine.Importer.functions: -__declspec(dllexport) void TITCALL ImporterAddNewDll(const char* szDLLName, ULONG_PTR FirstThunk); -__declspec(dllexport) void TITCALL ImporterAddNewAPI(const char* szAPIName, ULONG_PTR ThunkValue); -__declspec(dllexport) void TITCALL ImporterAddNewOrdinalAPI(ULONG_PTR OrdinalNumber, ULONG_PTR ThunkValue); -__declspec(dllexport) long TITCALL ImporterGetAddedDllCount(); -__declspec(dllexport) long TITCALL ImporterGetAddedAPICount(); -__declspec(dllexport) bool TITCALL ImporterExportIAT(ULONG_PTR StorePlace, ULONG_PTR FileMapVA, HANDLE hFileMap); -__declspec(dllexport) long TITCALL ImporterEstimatedSize(); -__declspec(dllexport) bool TITCALL ImporterExportIATEx(const char* szDumpFileName, const char* szExportFileName, const char* szSectionName); -__declspec(dllexport) bool TITCALL ImporterExportIATExW(const wchar_t* szDumpFileName, const wchar_t* szExportFileName, const wchar_t* szSectionName = L".RL!TEv2"); -__declspec(dllexport) ULONG_PTR TITCALL ImporterFindAPIWriteLocation(const char* szAPIName); -__declspec(dllexport) ULONG_PTR TITCALL ImporterFindOrdinalAPIWriteLocation(ULONG_PTR OrdinalNumber); -__declspec(dllexport) ULONG_PTR TITCALL ImporterFindAPIByWriteLocation(ULONG_PTR APIWriteLocation); -__declspec(dllexport) ULONG_PTR TITCALL ImporterFindDLLByWriteLocation(ULONG_PTR APIWriteLocation); -__declspec(dllexport) void* TITCALL ImporterGetDLLName(ULONG_PTR APIAddress); -__declspec(dllexport) void* TITCALL ImporterGetDLLNameW(ULONG_PTR APIAddress); -__declspec(dllexport) void* TITCALL ImporterGetAPIName(ULONG_PTR APIAddress); -__declspec(dllexport) ULONG_PTR TITCALL ImporterGetAPIOrdinalNumber(ULONG_PTR APIAddress); -__declspec(dllexport) void* TITCALL ImporterGetAPINameEx(ULONG_PTR APIAddress, ULONG_PTR DLLBasesList); -__declspec(dllexport) ULONG_PTR TITCALL ImporterGetRemoteAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress); -__declspec(dllexport) ULONG_PTR TITCALL ImporterGetRemoteAPIAddressEx(const char* szDLLName, const char* szAPIName); -__declspec(dllexport) ULONG_PTR TITCALL ImporterGetLocalAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress); -__declspec(dllexport) void* TITCALL ImporterGetDLLNameFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress); -__declspec(dllexport) void* TITCALL ImporterGetDLLNameFromDebugeeW(HANDLE hProcess, ULONG_PTR APIAddress); -__declspec(dllexport) void* TITCALL ImporterGetAPINameFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress); -__declspec(dllexport) ULONG_PTR TITCALL ImporterGetAPIOrdinalNumberFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress); -__declspec(dllexport) long TITCALL ImporterGetDLLIndexEx(ULONG_PTR APIAddress, ULONG_PTR DLLBasesList); -__declspec(dllexport) long TITCALL ImporterGetDLLIndex(HANDLE hProcess, ULONG_PTR APIAddress, ULONG_PTR DLLBasesList); -__declspec(dllexport) ULONG_PTR TITCALL ImporterGetRemoteDLLBase(HANDLE hProcess, HMODULE LocalModuleBase); -__declspec(dllexport) ULONG_PTR TITCALL ImporterGetRemoteDLLBaseEx(HANDLE hProcess, const char* szModuleName); -__declspec(dllexport) void* TITCALL ImporterGetRemoteDLLBaseExW(HANDLE hProcess, const wchar_t* szModuleName); -__declspec(dllexport) bool TITCALL ImporterIsForwardedAPI(HANDLE hProcess, ULONG_PTR APIAddress); -__declspec(dllexport) void* TITCALL ImporterGetForwardedAPIName(HANDLE hProcess, ULONG_PTR APIAddress); -__declspec(dllexport) void* TITCALL ImporterGetForwardedDLLName(HANDLE hProcess, ULONG_PTR APIAddress); -__declspec(dllexport) long TITCALL ImporterGetForwardedDLLIndex(HANDLE hProcess, ULONG_PTR APIAddress, ULONG_PTR DLLBasesList); -__declspec(dllexport) ULONG_PTR TITCALL ImporterGetForwardedAPIOrdinalNumber(HANDLE hProcess, ULONG_PTR APIAddress); -__declspec(dllexport) ULONG_PTR TITCALL ImporterGetNearestAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress); -__declspec(dllexport) void* TITCALL ImporterGetNearestAPIName(HANDLE hProcess, ULONG_PTR APIAddress); -__declspec(dllexport) bool TITCALL ImporterCopyOriginalIAT(const char* szOriginalFile, const char* szDumpFile); -__declspec(dllexport) bool TITCALL ImporterCopyOriginalIATW(const wchar_t* szOriginalFile, const wchar_t* szDumpFile); -__declspec(dllexport) bool TITCALL ImporterLoadImportTable(const char* szFileName); -__declspec(dllexport) bool TITCALL ImporterLoadImportTableW(const wchar_t* szFileName); -__declspec(dllexport) bool TITCALL ImporterMoveOriginalIAT(const char* szOriginalFile, const char* szDumpFile, const char* szSectionName); -__declspec(dllexport) bool TITCALL ImporterMoveOriginalIATW(const wchar_t* szOriginalFile, const wchar_t* szDumpFile, const char* szSectionName); -__declspec(dllexport) void TITCALL ImporterAutoSearchIAT(DWORD ProcessId, const char* szFileName, ULONG_PTR SearchStart, LPVOID pIATStart, LPVOID pIATSize); -__declspec(dllexport) void TITCALL ImporterAutoSearchIATW(DWORD ProcessIds, const wchar_t* szFileName, ULONG_PTR SearchStart, LPVOID pIATStart, LPVOID pIATSize); -__declspec(dllexport) void TITCALL ImporterAutoSearchIATEx(DWORD ProcessId, ULONG_PTR ImageBase, ULONG_PTR SearchStart, LPVOID pIATStart, LPVOID pIATSize); -__declspec(dllexport) void TITCALL ImporterEnumAddedData(LPVOID EnumCallBack); -__declspec(dllexport) long TITCALL ImporterAutoFixIATEx(DWORD ProcessId, const char* szDumpedFile, const char* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, bool TryAutoFix, bool FixEliminations, LPVOID UnknownPointerFixCallback); -__declspec(dllexport) long TITCALL ImporterAutoFixIATExW(DWORD ProcessId, const wchar_t* szDumpedFile, const wchar_t* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, bool TryAutoFix, bool FixEliminations, LPVOID UnknownPointerFixCallback); -__declspec(dllexport) long TITCALL ImporterAutoFixIAT(DWORD ProcessId, const char* szDumpedFile, ULONG_PTR SearchStart); -__declspec(dllexport) long TITCALL ImporterAutoFixIATW(DWORD ProcessId, const wchar_t* szDumpedFile, ULONG_PTR SearchStart); -__declspec(dllexport) bool TITCALL ImporterDeleteAPI(DWORD_PTR apiAddr); -// Global.Engine.Hook.functions: -__declspec(dllexport) bool TITCALL HooksSafeTransitionEx(LPVOID HookAddressArray, int NumberOfHooks, bool TransitionStart); -__declspec(dllexport) bool TITCALL HooksSafeTransition(LPVOID HookAddress, bool TransitionStart); -__declspec(dllexport) bool TITCALL HooksIsAddressRedirected(LPVOID HookAddress); -__declspec(dllexport) void* TITCALL HooksGetTrampolineAddress(LPVOID HookAddress); -__declspec(dllexport) void* TITCALL HooksGetHookEntryDetails(LPVOID HookAddress); -__declspec(dllexport) bool TITCALL HooksInsertNewRedirection(LPVOID HookAddress, LPVOID RedirectTo, int HookType); -__declspec(dllexport) bool TITCALL HooksInsertNewIATRedirectionEx(ULONG_PTR FileMapVA, ULONG_PTR LoadedModuleBase, const char* szHookFunction, LPVOID RedirectTo); -__declspec(dllexport) bool TITCALL HooksInsertNewIATRedirection(const char* szModuleName, const char* szHookFunction, LPVOID RedirectTo); -__declspec(dllexport) bool TITCALL HooksRemoveRedirection(LPVOID HookAddress, bool RemoveAll); -__declspec(dllexport) bool TITCALL HooksRemoveRedirectionsForModule(HMODULE ModuleBase); -__declspec(dllexport) bool TITCALL HooksRemoveIATRedirection(const char* szModuleName, const char* szHookFunction, bool RemoveAll); -__declspec(dllexport) bool TITCALL HooksDisableRedirection(LPVOID HookAddress, bool DisableAll); -__declspec(dllexport) bool TITCALL HooksDisableRedirectionsForModule(HMODULE ModuleBase); -__declspec(dllexport) bool TITCALL HooksDisableIATRedirection(const char* szModuleName, const char* szHookFunction, bool DisableAll); -__declspec(dllexport) bool TITCALL HooksEnableRedirection(LPVOID HookAddress, bool EnableAll); -__declspec(dllexport) bool TITCALL HooksEnableRedirectionsForModule(HMODULE ModuleBase); -__declspec(dllexport) bool TITCALL HooksEnableIATRedirection(const char* szModuleName, const char* szHookFunction, bool EnableAll); -__declspec(dllexport) void TITCALL HooksScanModuleMemory(HMODULE ModuleBase, LPVOID CallBack); -__declspec(dllexport) void TITCALL HooksScanEntireProcessMemory(LPVOID CallBack); -__declspec(dllexport) void TITCALL HooksScanEntireProcessMemoryEx(); -// TitanEngine.Tracer.functions: -__declspec(dllexport) void TITCALL TracerInit(); -__declspec(dllexport) ULONG_PTR TITCALL TracerLevel1(HANDLE hProcess, ULONG_PTR AddressToTrace); -__declspec(dllexport) ULONG_PTR TITCALL HashTracerLevel1(HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD InputNumberOfInstructions); -__declspec(dllexport) long TITCALL TracerDetectRedirection(HANDLE hProcess, ULONG_PTR AddressToTrace); -__declspec(dllexport) ULONG_PTR TITCALL TracerFixKnownRedirection(HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD RedirectionId); -__declspec(dllexport) ULONG_PTR TITCALL TracerFixRedirectionViaModule(HMODULE hModuleHandle, HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD IdParameter); -__declspec(dllexport) long TITCALL TracerFixRedirectionViaImpRecPlugin(HANDLE hProcess, const char* szPluginName, ULONG_PTR AddressToTrace); -// TitanEngine.Exporter.functions: -__declspec(dllexport) void TITCALL ExporterCleanup(); -__declspec(dllexport) void TITCALL ExporterSetImageBase(ULONG_PTR ImageBase); -__declspec(dllexport) void TITCALL ExporterInit(DWORD MemorySize, ULONG_PTR ImageBase, DWORD ExportOrdinalBase, const char* szExportModuleName); -__declspec(dllexport) bool TITCALL ExporterAddNewExport(const char* szExportName, DWORD ExportRelativeAddress); -__declspec(dllexport) bool TITCALL ExporterAddNewOrdinalExport(DWORD OrdinalNumber, DWORD ExportRelativeAddress); -__declspec(dllexport) long TITCALL ExporterGetAddedExportCount(); -__declspec(dllexport) long TITCALL ExporterEstimatedSize(); -__declspec(dllexport) bool TITCALL ExporterBuildExportTable(ULONG_PTR StorePlace, ULONG_PTR FileMapVA); -__declspec(dllexport) bool TITCALL ExporterBuildExportTableEx(const char* szExportFileName, const char* szSectionName); -__declspec(dllexport) bool TITCALL ExporterBuildExportTableExW(const wchar_t* szExportFileName, const char* szSectionName); -__declspec(dllexport) bool TITCALL ExporterLoadExportTable(const char* szFileName); -__declspec(dllexport) bool TITCALL ExporterLoadExportTableW(const wchar_t* szFileName); -// TitanEngine.Librarian.functions: -__declspec(dllexport) bool TITCALL LibrarianSetBreakPoint(const char* szLibraryName, DWORD bpxType, bool SingleShoot, LPVOID bpxCallBack); -__declspec(dllexport) bool TITCALL LibrarianRemoveBreakPoint(const char* szLibraryName, DWORD bpxType); -__declspec(dllexport) void* TITCALL LibrarianGetLibraryInfo(const char* szLibraryName); -__declspec(dllexport) void* TITCALL LibrarianGetLibraryInfoW(const wchar_t* szLibraryName); -__declspec(dllexport) void* TITCALL LibrarianGetLibraryInfoEx(void* BaseOfDll); -__declspec(dllexport) void* TITCALL LibrarianGetLibraryInfoExW(void* BaseOfDll); -__declspec(dllexport) void TITCALL LibrarianEnumLibraryInfo(void* EnumCallBack); -__declspec(dllexport) void TITCALL LibrarianEnumLibraryInfoW(void* EnumCallBack); -// TitanEngine.Process.functions: -__declspec(dllexport) long TITCALL GetActiveProcessId(const char* szImageName); -__declspec(dllexport) long TITCALL GetActiveProcessIdW(const wchar_t* szImageName); -__declspec(dllexport) void TITCALL EnumProcessesWithLibrary(const char* szLibraryName, void* EnumFunction); -__declspec(dllexport) HANDLE TITCALL TitanOpenProcess(DWORD dwDesiredAccess, bool bInheritHandle, DWORD dwProcessId); -__declspec(dllexport) HANDLE TITCALL TitanOpenThread(DWORD dwDesiredAccess, bool bInheritHandle, DWORD dwThreadId); -// TitanEngine.TLSFixer.functions: -__declspec(dllexport) bool TITCALL TLSBreakOnCallBack(LPVOID ArrayOfCallBacks, DWORD NumberOfCallBacks, LPVOID bpxCallBack); -__declspec(dllexport) bool TITCALL TLSGrabCallBackData(const char* szFileName, LPVOID ArrayOfCallBacks, LPDWORD NumberOfCallBacks); -__declspec(dllexport) bool TITCALL TLSGrabCallBackDataW(const wchar_t* szFileName, LPVOID ArrayOfCallBacks, LPDWORD NumberOfCallBacks); -__declspec(dllexport) bool TITCALL TLSBreakOnCallBackEx(const char* szFileName, LPVOID bpxCallBack); -__declspec(dllexport) bool TITCALL TLSBreakOnCallBackExW(const wchar_t* szFileName, LPVOID bpxCallBack); -__declspec(dllexport) bool TITCALL TLSRemoveCallback(const char* szFileName); -__declspec(dllexport) bool TITCALL TLSRemoveCallbackW(const wchar_t* szFileName); -__declspec(dllexport) bool TITCALL TLSRemoveTable(const char* szFileName); -__declspec(dllexport) bool TITCALL TLSRemoveTableW(const wchar_t* szFileName); -__declspec(dllexport) bool TITCALL TLSBackupData(const char* szFileName); -__declspec(dllexport) bool TITCALL TLSBackupDataW(const wchar_t* szFileName); -__declspec(dllexport) bool TITCALL TLSRestoreData(); -__declspec(dllexport) bool TITCALL TLSBuildNewTable(ULONG_PTR FileMapVA, ULONG_PTR StorePlace, ULONG_PTR StorePlaceRVA, LPVOID ArrayOfCallBacks, DWORD NumberOfCallBacks); -__declspec(dllexport) bool TITCALL TLSBuildNewTableEx(const char* szFileName, const char* szSectionName, LPVOID ArrayOfCallBacks, DWORD NumberOfCallBacks); -__declspec(dllexport) bool TITCALL TLSBuildNewTableExW(const wchar_t* szFileName, const char* szSectionName, LPVOID ArrayOfCallBacks, DWORD NumberOfCallBacks); -// TitanEngine.TranslateName.functions: -__declspec(dllexport) void* TITCALL TranslateNativeName(const char* szNativeName); -__declspec(dllexport) void* TITCALL TranslateNativeNameW(const wchar_t* szNativeName); -// TitanEngine.Handler.functions: -__declspec(dllexport) long TITCALL HandlerGetActiveHandleCount(DWORD ProcessId); -__declspec(dllexport) bool TITCALL HandlerIsHandleOpen(DWORD ProcessId, HANDLE hHandle); -__declspec(dllexport) void* TITCALL HandlerGetHandleName(HANDLE hProcess, DWORD ProcessId, HANDLE hHandle, bool TranslateName); -__declspec(dllexport) void* TITCALL HandlerGetHandleNameW(HANDLE hProcess, DWORD ProcessId, HANDLE hHandle, bool TranslateName); -__declspec(dllexport) long TITCALL HandlerEnumerateOpenHandles(DWORD ProcessId, LPVOID HandleBuffer, DWORD MaxHandleCount); -__declspec(dllexport) ULONG_PTR TITCALL HandlerGetHandleDetails(HANDLE hProcess, DWORD ProcessId, HANDLE hHandle, DWORD InformationReturn); -__declspec(dllexport) bool TITCALL HandlerCloseRemoteHandle(HANDLE hProcess, HANDLE hHandle); -__declspec(dllexport) long TITCALL HandlerEnumerateLockHandles(char* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated, LPVOID HandleDataBuffer, DWORD MaxHandleCount); -__declspec(dllexport) long TITCALL HandlerEnumerateLockHandlesW(const wchar_t* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated, LPVOID HandleDataBuffer, DWORD MaxHandleCount); -__declspec(dllexport) bool TITCALL HandlerCloseAllLockHandles(const char* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated); -__declspec(dllexport) bool TITCALL HandlerCloseAllLockHandlesW(const wchar_t* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated); -__declspec(dllexport) bool TITCALL HandlerIsFileLocked(const char* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated); -__declspec(dllexport) bool TITCALL HandlerIsFileLockedW(const wchar_t* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated); -// TitanEngine.Handler[Mutex].functions: -__declspec(dllexport) long TITCALL HandlerEnumerateOpenMutexes(HANDLE hProcess, DWORD ProcessId, LPVOID HandleBuffer, DWORD MaxHandleCount); -__declspec(dllexport) ULONG_PTR TITCALL HandlerGetOpenMutexHandle(HANDLE hProcess, DWORD ProcessId, const char* szMutexString); -__declspec(dllexport) ULONG_PTR TITCALL HandlerGetOpenMutexHandleW(HANDLE hProcess, DWORD ProcessId, const wchar_t* szMutexString); -__declspec(dllexport) long TITCALL HandlerGetProcessIdWhichCreatedMutex(const char* szMutexString); -__declspec(dllexport) long TITCALL HandlerGetProcessIdWhichCreatedMutexW(const wchar_t* szMutexString); -// TitanEngine.Injector.functions: -__declspec(dllexport) bool TITCALL RemoteLoadLibrary(HANDLE hProcess, const char* szLibraryFile, bool WaitForThreadExit); -__declspec(dllexport) bool TITCALL RemoteLoadLibraryW(HANDLE hProcess, const wchar_t* szLibraryFile, bool WaitForThreadExit); -__declspec(dllexport) bool TITCALL RemoteFreeLibrary(HANDLE hProcess, HMODULE hModule, const char* szLibraryFile, bool WaitForThreadExit); -__declspec(dllexport) bool TITCALL RemoteFreeLibraryW(HANDLE hProcess, HMODULE hModule, const wchar_t* szLibraryFile, bool WaitForThreadExit); -__declspec(dllexport) bool TITCALL RemoteExitProcess(HANDLE hProcess, DWORD ExitCode); -// TitanEngine.StaticUnpacker.functions: -__declspec(dllexport) bool TITCALL StaticFileLoad(const char* szFileName, DWORD DesiredAccess, bool SimulateLoad, LPHANDLE FileHandle, LPDWORD LoadedSize, LPHANDLE FileMap, PULONG_PTR FileMapVA); -__declspec(dllexport) bool TITCALL StaticFileLoadW(const wchar_t* szFileName, DWORD DesiredAccess, bool SimulateLoad, LPHANDLE FileHandle, LPDWORD LoadedSize, LPHANDLE FileMap, PULONG_PTR FileMapVA); -__declspec(dllexport) bool TITCALL StaticFileUnload(const char* szFileName, bool CommitChanges, HANDLE FileHandle, DWORD LoadedSize, HANDLE FileMap, ULONG_PTR FileMapVA); -__declspec(dllexport) bool TITCALL StaticFileUnloadW(const wchar_t* szFileName, bool CommitChanges, HANDLE FileHandle, DWORD LoadedSize, HANDLE FileMap, ULONG_PTR FileMapVA); -__declspec(dllexport) bool TITCALL StaticFileOpen(const char* szFileName, DWORD DesiredAccess, LPHANDLE FileHandle, LPDWORD FileSizeLow, LPDWORD FileSizeHigh); -__declspec(dllexport) bool TITCALL StaticFileOpenW(const wchar_t* szFileName, DWORD DesiredAccess, LPHANDLE FileHandle, LPDWORD FileSizeLow, LPDWORD FileSizeHigh); -__declspec(dllexport) bool TITCALL StaticFileGetContent(HANDLE FileHandle, DWORD FilePositionLow, LPDWORD FilePositionHigh, void* Buffer, DWORD Size); -__declspec(dllexport) void TITCALL StaticFileClose(HANDLE FileHandle); -__declspec(dllexport) void TITCALL StaticMemoryDecrypt(LPVOID MemoryStart, DWORD MemorySize, DWORD DecryptionType, DWORD DecryptionKeySize, ULONG_PTR DecryptionKey); -__declspec(dllexport) void TITCALL StaticMemoryDecryptEx(LPVOID MemoryStart, DWORD MemorySize, DWORD DecryptionKeySize, void* DecryptionCallBack); -__declspec(dllexport) void TITCALL StaticMemoryDecryptSpecial(LPVOID MemoryStart, DWORD MemorySize, DWORD DecryptionKeySize, DWORD SpecDecryptionType, void* DecryptionCallBack); -__declspec(dllexport) void TITCALL StaticSectionDecrypt(ULONG_PTR FileMapVA, DWORD SectionNumber, bool SimulateLoad, DWORD DecryptionType, DWORD DecryptionKeySize, ULONG_PTR DecryptionKey); -__declspec(dllexport) bool TITCALL StaticMemoryDecompress(void* Source, DWORD SourceSize, void* Destination, DWORD DestinationSize, int Algorithm); -__declspec(dllexport) bool TITCALL StaticRawMemoryCopy(HANDLE hFile, ULONG_PTR FileMapVA, ULONG_PTR VitualAddressToCopy, DWORD Size, bool AddressIsRVA, const char* szDumpFileName); -__declspec(dllexport) bool TITCALL StaticRawMemoryCopyW(HANDLE hFile, ULONG_PTR FileMapVA, ULONG_PTR VitualAddressToCopy, DWORD Size, bool AddressIsRVA, const wchar_t* szDumpFileName); -__declspec(dllexport) bool TITCALL StaticRawMemoryCopyEx(HANDLE hFile, DWORD RawAddressToCopy, DWORD Size, const char* szDumpFileName); -__declspec(dllexport) bool TITCALL StaticRawMemoryCopyExW(HANDLE hFile, DWORD RawAddressToCopy, DWORD Size, const wchar_t* szDumpFileName); -__declspec(dllexport) bool TITCALL StaticRawMemoryCopyEx64(HANDLE hFile, DWORD64 RawAddressToCopy, DWORD64 Size, const char* szDumpFileName); -__declspec(dllexport) bool TITCALL StaticRawMemoryCopyEx64W(HANDLE hFile, DWORD64 RawAddressToCopy, DWORD64 Size, const wchar_t* szDumpFileName); -__declspec(dllexport) bool TITCALL StaticHashMemory(void* MemoryToHash, DWORD SizeOfMemory, void* HashDigest, bool OutputString, int Algorithm); -__declspec(dllexport) bool TITCALL StaticHashFileW(const wchar_t* szFileName, char* HashDigest, bool OutputString, int Algorithm); -__declspec(dllexport) bool TITCALL StaticHashFile(const char* szFileName, char* HashDigest, bool OutputString, int Algorithm); -// TitanEngine.Engine.functions: -__declspec(dllexport) void TITCALL EngineUnpackerInitialize(const char* szFileName, const char* szUnpackedFileName, bool DoLogData, bool DoRealignFile, bool DoMoveOverlay, void* EntryCallBack); -__declspec(dllexport) void TITCALL EngineUnpackerInitializeW(const wchar_t* szFileName, const wchar_t* szUnpackedFileName, bool DoLogData, bool DoRealignFile, bool DoMoveOverlay, void* EntryCallBack); -__declspec(dllexport) bool TITCALL EngineUnpackerSetBreakCondition(void* SearchStart, DWORD SearchSize, void* SearchPattern, DWORD PatternSize, DWORD PatternDelta, ULONG_PTR BreakType, bool SingleBreak, DWORD Parameter1, DWORD Parameter2); -__declspec(dllexport) void TITCALL EngineUnpackerSetEntryPointAddress(ULONG_PTR UnpackedEntryPointAddress); -__declspec(dllexport) void TITCALL EngineUnpackerFinalizeUnpacking(); -// TitanEngine.Engine.functions: -__declspec(dllexport) void TITCALL SetEngineVariable(DWORD VariableId, bool VariableSet); -__declspec(dllexport) bool TITCALL EngineCreateMissingDependencies(const char* szFileName, const char* szOutputFolder, bool LogCreatedFiles); -__declspec(dllexport) bool TITCALL EngineCreateMissingDependenciesW(const wchar_t* szFileName, const wchar_t* szOutputFolder, bool LogCreatedFiles); -__declspec(dllexport) bool TITCALL EngineFakeMissingDependencies(HANDLE hProcess); -__declspec(dllexport) bool TITCALL EngineDeleteCreatedDependencies(); -__declspec(dllexport) bool TITCALL EngineCreateUnpackerWindow(const char* WindowUnpackerTitle, const char* WindowUnpackerLongTitle, const char* WindowUnpackerName, const char* WindowUnpackerAuthor, void* StartUnpackingCallBack); -__declspec(dllexport) void TITCALL EngineAddUnpackerWindowLogMessage(const char* szLogMessage); -__declspec(dllexport) bool TITCALL EngineCheckStructAlignment(DWORD StructureType, ULONG_PTR StructureSize); - -#ifdef __cplusplus -} -#endif - -#pragma pack(pop) - -#endif /*TITANENGINE*/ diff --git a/TitanEngine/Global.Debugger.cpp b/TitanEngine/Global.Debugger.cpp index d50042b..f267967 100644 --- a/TitanEngine/Global.Debugger.cpp +++ b/TitanEngine/Global.Debugger.cpp @@ -85,7 +85,7 @@ void DebuggerReset() { if(engineResetCustomHandler) { - RtlZeroMemory(&myDBGCustomHandler, sizeof CustomHandler); + RtlZeroMemory(&myDBGCustomHandler, sizeof(CustomHandler)); } std::vector().swap(BreakPointBuffer); std::unordered_map().swap(MemoryBreakpointPages); @@ -113,11 +113,11 @@ void StepOutStepCallBack() else { typedef void(TITCALL * fCustomBreakPoint)(); - ((fCustomBreakPoint)StepOutCallBack)(); + ObjectPointerToCallback(StepOutCallBack)(); } } else - StepOver(StepOutStepCallBack); + StepOver(CallbackToObjectPointer(&StepOutStepCallBack)); } static DWORD BaseSetLastNTError(IN NTSTATUS Status) diff --git a/TitanEngine/Global.Engine.Hider.cpp b/TitanEngine/Global.Engine.Hider.cpp index 111a6e7..1219afe 100644 --- a/TitanEngine/Global.Engine.Hider.cpp +++ b/TitanEngine/Global.Engine.Hider.cpp @@ -12,10 +12,18 @@ static bool isAtleastVista() static bool isSet = false; if(isSet) return isAtleastVista; - OSVERSIONINFO versionInfo = {0}; - versionInfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO); - GetVersionEx(&versionInfo); - isAtleastVista = versionInfo.dwMajorVersion >= 6; + RTL_OSVERSIONINFOW versionInfo = {0}; + versionInfo.dwOSVersionInfoSize = sizeof(RTL_OSVERSIONINFOW); + typedef NTSTATUS (WINAPI* tRtlGetVersion)(PRTL_OSVERSIONINFOW); + tRtlGetVersion pRtlGetVersion = (tRtlGetVersion)GetProcAddress(GetModuleHandleW(L"ntdll.dll"), "RtlGetVersion"); + if(!pRtlGetVersion || !NT_SUCCESS(pRtlGetVersion(&versionInfo))) + { + isAtleastVista = false; + } + else + { + isAtleastVista = versionInfo.dwMajorVersion >= 6; + } isSet = true; return isAtleastVista; } diff --git a/TitanEngine/Global.Engine.cpp b/TitanEngine/Global.Engine.cpp index 6e3b1dd..3a6a088 100644 --- a/TitanEngine/Global.Engine.cpp +++ b/TitanEngine/Global.Engine.cpp @@ -145,7 +145,7 @@ wchar_t* EngineExtractFileNameW(wchar_t* szFileName) int x = 0; i = lstrlenW(szFileName); - RtlZeroMemory(&engineExtractedFileNameW, sizeof engineExtractedFileNameW); + RtlZeroMemory(&engineExtractedFileNameW, sizeof(engineExtractedFileNameW)); while(i > 0 && szFileName[i] != 0x5C) { i--; @@ -175,13 +175,13 @@ bool EngineIsPointedMemoryString(ULONG_PTR PossibleStringPtr) DWORD MaxDisassmSize = 512; BYTE TestChar; - VirtualQueryEx(GetCurrentProcess(), (LPVOID)PossibleStringPtr, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); + VirtualQueryEx(GetCurrentProcess(), (LPVOID)PossibleStringPtr, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION)); if(MemInfo.State == MEM_COMMIT) { if((ULONG_PTR)MemInfo.BaseAddress + (ULONG_PTR)MemInfo.RegionSize - PossibleStringPtr <= 512) { MaxDisassmSize = (DWORD)((ULONG_PTR)MemInfo.BaseAddress + (ULONG_PTR)MemInfo.RegionSize - PossibleStringPtr - 1); - VirtualQueryEx(GetCurrentProcess(), (LPVOID)(PossibleStringPtr + (ULONG_PTR)MemInfo.RegionSize), &MemInfo, sizeof MEMORY_BASIC_INFORMATION); + VirtualQueryEx(GetCurrentProcess(), (LPVOID)(PossibleStringPtr + (ULONG_PTR)MemInfo.RegionSize), &MemInfo, sizeof(MEMORY_BASIC_INFORMATION)); if(MemInfo.State != MEM_COMMIT) { i = MaxDisassmSize; @@ -228,13 +228,13 @@ int EnginePointedMemoryStringLength(ULONG_PTR PossibleStringPtr) DWORD MaxDisassmSize = 512; BYTE TestChar; - VirtualQueryEx(GetCurrentProcess(), (LPVOID)PossibleStringPtr, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); + VirtualQueryEx(GetCurrentProcess(), (LPVOID)PossibleStringPtr, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION)); if(MemInfo.State == MEM_COMMIT) { if((ULONG_PTR)MemInfo.BaseAddress + (ULONG_PTR)MemInfo.RegionSize - PossibleStringPtr <= 512) { MaxDisassmSize = (DWORD)((ULONG_PTR)MemInfo.BaseAddress + (ULONG_PTR)MemInfo.RegionSize - PossibleStringPtr - 1); - VirtualQueryEx(GetCurrentProcess(), (LPVOID)(PossibleStringPtr + (ULONG_PTR)MemInfo.RegionSize), &MemInfo, sizeof MEMORY_BASIC_INFORMATION); + VirtualQueryEx(GetCurrentProcess(), (LPVOID)(PossibleStringPtr + (ULONG_PTR)MemInfo.RegionSize), &MemInfo, sizeof(MEMORY_BASIC_INFORMATION)); if(MemInfo.State != MEM_COMMIT) { i = MaxDisassmSize; @@ -403,7 +403,7 @@ bool EngineGrabDataFromMappedFile(HANDLE hFile, ULONG_PTR FileMapVA, ULONG_PTR F return !!ReadFile(hFile, CopyToMemory, CopySize, &rfNumberOfBytesRead, NULL); } -bool EngineExtractResource(char* szResourceName, wchar_t* szExtractedFileName) +bool EngineExtractResource(const char* szResourceName, wchar_t* szExtractedFileName) { HRSRC hResource; @@ -727,7 +727,7 @@ bool EngineIsValidReadPtrEx(LPVOID DataPointer, DWORD DataSize) while(DataSize > NULL) { - VirtualQuery(DataPointer, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); + VirtualQuery(DataPointer, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION)); if(MemInfo.AllocationProtect == MEM_FREE || MemInfo.AllocationProtect == MEM_PRIVATE) { return false; @@ -814,7 +814,7 @@ bool EngineValidateHeader(ULONG_PTR FileMapVA, HANDLE hFileProc, LPVOID ImageBas } else { - RtlZeroMemory(&ModuleInfo, sizeof MODULEINFO); + RtlZeroMemory(&ModuleInfo, sizeof(MODULEINFO)); GetModuleInformation(hFileProc, (HMODULE)ImageBase, &ModuleInfo, sizeof(MODULEINFO)); PESize = ModuleInfo.SizeOfImage; __try @@ -1404,9 +1404,9 @@ ULONG_PTR EngineGlobalAPIHandler(HANDLE handleProcess, ULONG_PTR EnumedModulesBa { if(szAPIName == NULL && ReturnType == UE_OPTION_IMPORTER_REALIGN_APIADDRESS) { - RtlZeroMemory(&RemoteModuleInfo, sizeof MODULEINFO); - //GetModuleInformation(GetCurrentProcess(), (HMODULE)LoadedModules[i][1], &RemoteModuleInfo, sizeof MODULEINFO); - GetModuleInformation(hProcess, (HMODULE)LoadedModules[i][0], &RemoteModuleInfo, sizeof MODULEINFO); + RtlZeroMemory(&RemoteModuleInfo, sizeof(MODULEINFO)); + //GetModuleInformation(GetCurrentProcess(), (HMODULE)LoadedModules[i][1], &RemoteModuleInfo, sizeof(MODULEINFO)); + GetModuleInformation(hProcess, (HMODULE)LoadedModules[i][0], &RemoteModuleInfo, sizeof(MODULEINFO)); if(APIAddress >= LoadedModules[i][1] && APIAddress <= LoadedModules[i][1] + RemoteModuleInfo.SizeOfImage) { GetModuleBaseNameA(hProcess, (HMODULE)LoadedModules[i][0], (LPSTR)engineFoundDLLName, 512); @@ -1418,8 +1418,8 @@ ULONG_PTR EngineGlobalAPIHandler(HANDLE handleProcess, ULONG_PTR EnumedModulesBa } else if(szAPIName == NULL && ReturnType == UE_OPTION_IMPORTER_REALIGN_LOCAL_APIADDRESS) { - RtlZeroMemory(&RemoteModuleInfo, sizeof MODULEINFO); - GetModuleInformation(hProcess, (HMODULE)LoadedModules[i][0], &RemoteModuleInfo, sizeof MODULEINFO); + RtlZeroMemory(&RemoteModuleInfo, sizeof(MODULEINFO)); + GetModuleInformation(hProcess, (HMODULE)LoadedModules[i][0], &RemoteModuleInfo, sizeof(MODULEINFO)); if(APIAddress >= LoadedModules[i][0] && APIAddress <= LoadedModules[i][0] + RemoteModuleInfo.SizeOfImage) { GetModuleBaseNameA(hProcess, (HMODULE)LoadedModules[i][0], (LPSTR)engineFoundDLLName, 512); @@ -1441,8 +1441,8 @@ ULONG_PTR EngineGlobalAPIHandler(HANDLE handleProcess, ULONG_PTR EnumedModulesBa } else if(ReturnType == UE_OPTION_IMPORTER_RETURN_NEAREST_APIADDRESS || ReturnType == UE_OPTION_IMPORTER_RETURN_NEAREST_APINAME) { - RtlZeroMemory(&RemoteModuleInfo, sizeof MODULEINFO); - GetModuleInformation(hProcess, (HMODULE)LoadedModules[i][0], &RemoteModuleInfo, sizeof MODULEINFO); + RtlZeroMemory(&RemoteModuleInfo, sizeof(MODULEINFO)); + GetModuleInformation(hProcess, (HMODULE)LoadedModules[i][0], &RemoteModuleInfo, sizeof(MODULEINFO)); if(APIAddress >= LoadedModules[i][0] && APIAddress <= LoadedModules[i][0] + RemoteModuleInfo.SizeOfImage) { DOSHeader = (PIMAGE_DOS_HEADER)LoadedModules[i][1]; @@ -1520,10 +1520,10 @@ ULONG_PTR EngineGlobalAPIHandler(HANDLE handleProcess, ULONG_PTR EnumedModulesBa if((ReturnType == UE_OPTION_IMPORTER_RETURN_API_ORDINAL_NUMBER || (ReturnType > UE_OPTION_IMPORTER_REALIGN_APIADDRESS && ReturnType < UE_OPTION_IMPORTER_RETURN_FORWARDER_DLLNAME)) && ReturnType != UE_OPTION_IMPORTER_RETURN_DLLBASE && LoadedModules[i][1] != NULL) { - RtlZeroMemory(&RemoteModuleInfo, sizeof MODULEINFO); + RtlZeroMemory(&RemoteModuleInfo, sizeof(MODULEINFO)); DOSHeader = (PIMAGE_DOS_HEADER)LoadedModules[i][1]; - //GetModuleInformation(GetCurrentProcess(), (HMODULE)LoadedModules[i][1], &RemoteModuleInfo, sizeof MODULEINFO); - GetModuleInformation(hProcess, (HMODULE)LoadedModules[i][0], &RemoteModuleInfo, sizeof MODULEINFO); + //GetModuleInformation(GetCurrentProcess(), (HMODULE)LoadedModules[i][1], &RemoteModuleInfo, sizeof(MODULEINFO)); + GetModuleInformation(hProcess, (HMODULE)LoadedModules[i][0], &RemoteModuleInfo, sizeof(MODULEINFO)); if(APIAddress >= LoadedModules[i][0] && APIAddress <= LoadedModules[i][0] + RemoteModuleInfo.SizeOfImage) { if(ValidateHeader || EngineValidateHeader((ULONG_PTR)LoadedModules[i][1], GetCurrentProcess(), RemoteModuleInfo.lpBaseOfDll, DOSHeader, false)) @@ -1637,9 +1637,9 @@ ULONG_PTR EngineGlobalAPIHandler(HANDLE handleProcess, ULONG_PTR EnumedModulesBa if(FileMapVA != NULL) { DOSHeader = (PIMAGE_DOS_HEADER)FileMapVA; - RtlZeroMemory(&RemoteModuleInfo, sizeof MODULEINFO); - //GetModuleInformation(GetCurrentProcess(), (HMODULE)LoadedModules[i][1], &RemoteModuleInfo, sizeof MODULEINFO); - GetModuleInformation(hProcess, (HMODULE)LoadedModules[i][0], &RemoteModuleInfo, sizeof MODULEINFO); + RtlZeroMemory(&RemoteModuleInfo, sizeof(MODULEINFO)); + //GetModuleInformation(GetCurrentProcess(), (HMODULE)LoadedModules[i][1], &RemoteModuleInfo, sizeof(MODULEINFO)); + GetModuleInformation(hProcess, (HMODULE)LoadedModules[i][0], &RemoteModuleInfo, sizeof(MODULEINFO)); if(ValidateHeader || EngineValidateHeader((ULONG_PTR)LoadedModules[i][1], GetCurrentProcess(), RemoteModuleInfo.lpBaseOfDll, DOSHeader, false)) { __try diff --git a/TitanEngine/Global.Engine.h b/TitanEngine/Global.Engine.h index f3379b3..dffe3cd 100644 --- a/TitanEngine/Global.Engine.h +++ b/TitanEngine/Global.Engine.h @@ -37,7 +37,7 @@ bool EngineCompareResourceString(wchar_t* String1, wchar_t* String2); ULONG_PTR EngineEstimateNewSectionRVA(ULONG_PTR FileMapVA); bool EngineExtractForwarderData(ULONG_PTR PossibleStringPtr, LPVOID szFwdDLLName, LPVOID szFwdAPIName); bool EngineGrabDataFromMappedFile(HANDLE hFile, ULONG_PTR FileMapVA, ULONG_PTR FileOffset, DWORD CopySize, LPVOID CopyToMemory); -bool EngineExtractResource(char* szResourceName, wchar_t* szExtractedFileName); +bool EngineExtractResource(const char* szResourceName, wchar_t* szExtractedFileName); bool EngineIsDependencyPresent(char* szFileName, char* szDependencyForFile, char* szPresentInFolder); bool EngineIsDependencyPresentW(wchar_t* szFileName, wchar_t* szDependencyForFile, wchar_t* szPresentInFolder); bool EngineGetDependencyLocation(char* szFileName, char* szDependencyForFile, void* szLocationOfTheFile, int MaxStringSize); diff --git a/TitanEngine/Global.Injector.cpp b/TitanEngine/Global.Injector.cpp index 1202171..52613bd 100644 --- a/TitanEngine/Global.Injector.cpp +++ b/TitanEngine/Global.Injector.cpp @@ -8,7 +8,7 @@ ULONG_PTR engineReservedMemoryLeft[UE_MAX_RESERVED_MEMORY_LEFT]; long injectedRemoteLoadLibrary(LPVOID Parameter) { PInjectCodeData APIData = (PInjectCodeData)Parameter; - Parameter = (LPVOID)((ULONG_PTR)Parameter + sizeof InjectCodeData); + Parameter = (LPVOID)((ULONG_PTR)Parameter + sizeof(InjectCodeData)); #if !defined(_WIN64) typedef ULONG_PTR(WINAPI * fLoadLibraryW)(LPCWSTR fLibraryName); typedef ULONG_PTR(WINAPI * fVirtualFree)(LPVOID fMemBase, SIZE_T fMemSize, DWORD fFreeType); @@ -56,7 +56,7 @@ long injectedRemoteFreeLibrarySimple(LPVOID Parameter) PInjectCodeData APIData = (PInjectCodeData)Parameter; LPVOID orgParameter = Parameter; - Parameter = (LPVOID)((ULONG_PTR)Parameter + sizeof InjectCodeData); + Parameter = (LPVOID)((ULONG_PTR)Parameter + sizeof(InjectCodeData)); #if !defined(_WIN64) typedef ULONG_PTR(WINAPI * fFreeLibrary)(HMODULE fLibBase); typedef HMODULE(WINAPI * fGetModuleHandleW)(LPCWSTR fLibraryName); @@ -125,7 +125,7 @@ long injectedImpRec(LPVOID Parameter) HANDLE hFile; HANDLE hFileMap; PInjectImpRecCodeData APIData = (PInjectImpRecCodeData)Parameter; - LPVOID szFileName = (LPVOID)((ULONG_PTR)Parameter + sizeof InjectImpRecCodeData); + LPVOID szFileName = (LPVOID)((ULONG_PTR)Parameter + sizeof(InjectImpRecCodeData)); typedef ULONG_PTR(__cdecl * fTrace)(HANDLE hFileMap, DWORD dwSizeMap, DWORD dwTimeOut, DWORD dwToTrace, DWORD dwExactCall); typedef HANDLE(WINAPI * fCreateFileW)(LPCWSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile); typedef HANDLE(WINAPI * fCreateFileMappingA)(HANDLE hFile, LPSECURITY_ATTRIBUTES lpFileMappingAttributes, DWORD flProtect, DWORD dwMaximumSizeHigh, DWORD dwMaximumSizeLow, LPCSTR lpName); diff --git a/TitanEngine/Global.Mapping.cpp b/TitanEngine/Global.Mapping.cpp index 188c2dc..ef76106 100644 --- a/TitanEngine/Global.Mapping.cpp +++ b/TitanEngine/Global.Mapping.cpp @@ -49,18 +49,18 @@ bool MapFileEx(const char* szFileName, DWORD ReadOrWrite, LPHANDLE FileHandle, L LPVOID mfFileMapVA = MapViewOfFile(mfFileMap, FileMapViewType, NULL, NULL, NULL); if(mfFileMapVA != NULL) { - RtlMoveMemory(FileMapVA, &mfFileMapVA, sizeof ULONG_PTR); + RtlMoveMemory(FileMapVA, &mfFileMapVA, sizeof(ULONG_PTR)); return true; } } - RtlZeroMemory(FileMapVA, sizeof ULONG_PTR); + RtlZeroMemory(FileMapVA, sizeof(ULONG_PTR)); *FileHandle = NULL; *FileSize = NULL; EngineCloseHandle(hFile); } else { - RtlZeroMemory(FileMapVA, sizeof ULONG_PTR); + RtlZeroMemory(FileMapVA, sizeof(ULONG_PTR)); } return false; } @@ -110,18 +110,18 @@ bool MapFileExW(const wchar_t* szFileName, DWORD ReadOrWrite, LPHANDLE FileHandl LPVOID mfFileMapVA = MapViewOfFile(mfFileMap, FileMapViewType, NULL, NULL, NULL); if(mfFileMapVA != NULL) { - RtlMoveMemory(FileMapVA, &mfFileMapVA, sizeof ULONG_PTR); + RtlMoveMemory(FileMapVA, &mfFileMapVA, sizeof(ULONG_PTR)); return true; } } - RtlZeroMemory(FileMapVA, sizeof ULONG_PTR); + RtlZeroMemory(FileMapVA, sizeof(ULONG_PTR)); *FileHandle = NULL; *FileSize = NULL; EngineCloseHandle(hFile); } else { - RtlZeroMemory(FileMapVA, sizeof ULONG_PTR); + RtlZeroMemory(FileMapVA, sizeof(ULONG_PTR)); } return false; } diff --git a/TitanEngine/Global.OEPFinder.cpp b/TitanEngine/Global.OEPFinder.cpp index e70db2f..bffcf7f 100644 --- a/TitanEngine/Global.OEPFinder.cpp +++ b/TitanEngine/Global.OEPFinder.cpp @@ -23,7 +23,7 @@ void GenericOEPVirtualProtectHit() BreakPointDetail curDetail = BreakPointBuffer.at(i); if(curDetail.BreakPointType == UE_MEMORY && curDetail.BreakPointActive == UE_BPXACTIVE) { - VirtualQueryEx(dbgProcessInformation.hProcess, (LPVOID)curDetail.BreakPointAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); + VirtualQueryEx(dbgProcessInformation.hProcess, (LPVOID)curDetail.BreakPointAddress, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION)); OldProtect = MemInfo.Protect; if(!(OldProtect & PAGE_GUARD)) { @@ -40,14 +40,14 @@ void GenericOEPTraceHit() char* szInstructionType; typedef void(TITCALL * fEPCallBack)(); - fEPCallBack myEPCallBack = (fEPCallBack)glbEntryTracerData.EPCallBack; + fEPCallBack myEPCallBack = ObjectPointerToCallback(glbEntryTracerData.EPCallBack); LPDEBUG_EVENT myDbgEvent = (LPDEBUG_EVENT)GetDebugData(); glbEntryTracerData.MemoryAccessedFrom = (ULONG_PTR)GetContextData(UE_CIP); glbEntryTracerData.MemoryAccessed = myDbgEvent->u.Exception.ExceptionRecord.ExceptionInformation[1]; glbEntryTracerData.AccessType = myDbgEvent->u.Exception.ExceptionRecord.ExceptionInformation[0]; szInstructionType = (char*)DisassembleEx(dbgProcessInformation.hProcess, (void*)glbEntryTracerData.MemoryAccessedFrom, true); - StepInto(&GenericOEPTraceHited); + StepInto(CallbackToObjectPointer(&GenericOEPTraceHited)); } void GenericOEPTraceHited() @@ -60,7 +60,7 @@ void GenericOEPTraceHited() ULONG_PTR NumberOfBytesRW; LPDEBUG_EVENT myDbgEvent = (LPDEBUG_EVENT)GetDebugData(); typedef void(TITCALL * fEPCallBack)(); - fEPCallBack myEPCallBack = (fEPCallBack)glbEntryTracerData.EPCallBack; + fEPCallBack myEPCallBack = ObjectPointerToCallback(glbEntryTracerData.EPCallBack); PMEMORY_COMPARE_HANDLER myCmpHandler; ULONG_PTR memBpxAddress; ULONG_PTR memBpxSize; @@ -134,12 +134,12 @@ void GenericOEPTraceHited() } else { - SetMemoryBPXEx((ULONG_PTR)(glbEntryTracerData.SectionData[i].SectionVirtualOffset + glbEntryTracerData.LoadedImageBase), glbEntryTracerData.SectionData[i].SectionVirtualSize, UE_MEMORY, false, &GenericOEPTraceHit); + SetMemoryBPXEx((ULONG_PTR)(glbEntryTracerData.SectionData[i].SectionVirtualOffset + glbEntryTracerData.LoadedImageBase), glbEntryTracerData.SectionData[i].SectionVirtualSize, UE_MEMORY, false, CallbackToObjectPointer(&GenericOEPTraceHit)); } } else { - SetMemoryBPXEx((ULONG_PTR)(glbEntryTracerData.SectionData[i].SectionVirtualOffset + glbEntryTracerData.LoadedImageBase), glbEntryTracerData.SectionData[i].SectionVirtualSize, UE_MEMORY, false, &GenericOEPTraceHit); + SetMemoryBPXEx((ULONG_PTR)(glbEntryTracerData.SectionData[i].SectionVirtualOffset + glbEntryTracerData.LoadedImageBase), glbEntryTracerData.SectionData[i].SectionVirtualSize, UE_MEMORY, false, CallbackToObjectPointer(&GenericOEPTraceHit)); } } } @@ -162,7 +162,7 @@ void GenericOEPLibraryDetailsHit() int inReg = UE_RAX; #endif - if(GetModuleBaseNameA(dbgProcessInformation.hProcess, (HMODULE)GetContextData(inReg), szModuleName, sizeof szModuleName) > NULL) + if(GetModuleBaseNameA(dbgProcessInformation.hProcess, (HMODULE)GetContextData(inReg), szModuleName, sizeof(szModuleName)) > NULL) { if(lstrcmpiA(szModuleName, "kernel32.dll") != NULL) { @@ -178,7 +178,7 @@ void GenericOEPLibraryDetailsHit() { if(glbEntryTracerData.SectionData[i].SectionAttributes & IMAGE_SCN_MEM_EXECUTE || glbEntryTracerData.SectionData[i].SectionAttributes & IMAGE_SCN_CNT_CODE) { - SetMemoryBPXEx((ULONG_PTR)(glbEntryTracerData.SectionData[i].SectionVirtualOffset + glbEntryTracerData.LoadedImageBase), glbEntryTracerData.SectionData[i].SectionVirtualSize, UE_MEMORY, false, &GenericOEPTraceHit); + SetMemoryBPXEx((ULONG_PTR)(glbEntryTracerData.SectionData[i].SectionVirtualOffset + glbEntryTracerData.LoadedImageBase), glbEntryTracerData.SectionData[i].SectionVirtualSize, UE_MEMORY, false, CallbackToObjectPointer(&GenericOEPTraceHit)); memBreakPointSet = true; } } @@ -202,7 +202,7 @@ void GenericOEPTraceInit() void* lpHashBuffer; ULONG_PTR NumberOfBytesRW; typedef void(TITCALL * fInitCallBack)(); - fInitCallBack myInitCallBack = (fInitCallBack)glbEntryTracerData.InitCallBack; + fInitCallBack myInitCallBack = ObjectPointerToCallback(glbEntryTracerData.InitCallBack); if(glbEntryTracerData.FileIsDLL) { @@ -223,9 +223,9 @@ void GenericOEPTraceInit() } } } - SetAPIBreakPoint("kernel32.dll", "VirtualProtect", UE_BREAKPOINT, UE_APIEND, &GenericOEPVirtualProtectHit); - SetAPIBreakPoint("kernel32.dll", "GetModuleHandleW", UE_BREAKPOINT, UE_APIEND, &GenericOEPLibraryDetailsHit); - SetAPIBreakPoint("kernel32.dll", "LoadLibraryExW", UE_BREAKPOINT, UE_APIEND, &GenericOEPLibraryDetailsHit); + SetAPIBreakPoint("kernel32.dll", "VirtualProtect", UE_BREAKPOINT, UE_APIEND, CallbackToObjectPointer(&GenericOEPVirtualProtectHit)); + SetAPIBreakPoint("kernel32.dll", "GetModuleHandleW", UE_BREAKPOINT, UE_APIEND, CallbackToObjectPointer(&GenericOEPLibraryDetailsHit)); + SetAPIBreakPoint("kernel32.dll", "LoadLibraryExW", UE_BREAKPOINT, UE_APIEND, CallbackToObjectPointer(&GenericOEPLibraryDetailsHit)); if(glbEntryTracerData.InitCallBack != NULL) { __try @@ -257,7 +257,7 @@ bool GenericOEPFileInitW(wchar_t* szFileName, LPVOID TraceInitCallBack, LPVOID C { if(GetPE32DataFromMappedFileEx(FileMapVA, &PEStruct)) { - RtlZeroMemory(&glbEntryTracerData, sizeof GenericOEPTracerData); + RtlZeroMemory(&glbEntryTracerData, sizeof(GenericOEPTracerData)); glbEntryTracerData.OriginalImageBase = PEStruct.ImageBase; glbEntryTracerData.OriginalEntryPoint = PEStruct.OriginalEntryPoint; glbEntryTracerData.SizeOfImage = PEStruct.NtSizeOfImage; diff --git a/TitanEngine/TitanEngine.Breakpoints.cpp b/TitanEngine/TitanEngine.Breakpoints.cpp index e4465a8..4e5e945 100644 --- a/TitanEngine/TitanEngine.Breakpoints.cpp +++ b/TitanEngine/TitanEngine.Breakpoints.cpp @@ -72,7 +72,7 @@ __declspec(dllexport) bool TITCALL EnableBPX(ULONG_PTR bpxAddress) { if(BreakPointBuffer.at(i).BreakPointAddress == bpxAddress) { - VirtualQueryEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); + VirtualQueryEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION)); OldProtect = MemInfo.Protect; VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer.at(i).BreakPointSize, PAGE_EXECUTE_READWRITE, &OldProtect); if(BreakPointBuffer.at(i).BreakPointActive == UE_BPXINACTIVE && (BreakPointBuffer.at(i).BreakPointType == UE_BREAKPOINT || BreakPointBuffer.at(i).BreakPointType == UE_SINGLESHOOT)) @@ -144,7 +144,7 @@ __declspec(dllexport) bool TITCALL DisableBPX(ULONG_PTR bpxAddress) { if(BreakPointBuffer.at(i).BreakPointAddress == bpxAddress) { - VirtualQueryEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); + VirtualQueryEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION)); OldProtect = MemInfo.Protect; VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, BreakPointBuffer.at(i).BreakPointSize, PAGE_EXECUTE_READWRITE, &OldProtect); if(BreakPointBuffer.at(i).BreakPointActive == UE_BPXACTIVE && (BreakPointBuffer.at(i).BreakPointType == UE_BREAKPOINT || BreakPointBuffer.at(i).BreakPointType == UE_SINGLESHOOT)) diff --git a/TitanEngine/TitanEngine.Debugger.Control.cpp b/TitanEngine/TitanEngine.Debugger.Control.cpp index 9807b66..548f746 100644 --- a/TitanEngine/TitanEngine.Debugger.Control.cpp +++ b/TitanEngine/TitanEngine.Debugger.Control.cpp @@ -28,7 +28,7 @@ __declspec(dllexport) void TITCALL ForceClose() { StopDebug(); } - RtlZeroMemory(&dbgProcessInformation, sizeof PROCESS_INFORMATION); + RtlZeroMemory(&dbgProcessInformation, sizeof(PROCESS_INFORMATION)); if(DebugDebuggingDLL) DeleteFileW(szDebuggerName); DebugDebuggingDLL = false; @@ -87,7 +87,7 @@ __declspec(dllexport) void TITCALL StepOut(LPVOID StepOut, bool StepFinal) { DebugStepFinal = StepFinal; StepOutCallBack = StepOut; - StepOver(StepOutStepCallBack); + StepOver(CallbackToObjectPointer(&StepOutStepCallBack)); } __declspec(dllexport) void TITCALL SingleStep(DWORD StepCount, LPVOID StepCallBack) diff --git a/TitanEngine/TitanEngine.Debugger.DebugLoop.cpp b/TitanEngine/TitanEngine.Debugger.DebugLoop.cpp index 0b1af38..d11889f 100644 --- a/TitanEngine/TitanEngine.Debugger.DebugLoop.cpp +++ b/TitanEngine/TitanEngine.Debugger.DebugLoop.cpp @@ -184,7 +184,7 @@ __declspec(dllexport) void TITCALL DebugLoop() { startAddress -= ULONG_PTR(DBGEvent.u.CreateProcessInfo.lpBaseOfImage); startAddress += DebugModuleImageBase; - DBGEvent.u.CreateProcessInfo.lpStartAddress = LPTHREAD_START_ROUTINE(startAddress); + DBGEvent.u.CreateProcessInfo.lpStartAddress = reinterpret_cast(reinterpret_cast(startAddress)); } DBGEvent.u.CreateProcessInfo.lpBaseOfImage = LPVOID(DebugModuleImageBase); } @@ -192,7 +192,7 @@ __declspec(dllexport) void TITCALL DebugLoop() bool attachBreakpoint = false; if(DBGFileHandle == NULL) //we didn't set the handle yet (initial process) { - DBGEntryPoint = DBGEvent.u.CreateProcessInfo.lpStartAddress; + DBGEntryPoint = CallbackToObjectPointer(DBGEvent.u.CreateProcessInfo.lpStartAddress); DBGFileHandle = DBGEvent.u.CreateProcessInfo.hFile; DebugDebuggingMainModuleBase = (ULONG_PTR) DBGEvent.u.CreateProcessInfo.lpBaseOfImage; if(DebugAttachedToProcess) //we attached, set information @@ -202,7 +202,7 @@ __declspec(dllexport) void TITCALL DebugLoop() dbgProcessInformation.dwThreadId = NULL; if(engineAttachedProcessDebugInfo != NULL) { - RtlMoveMemory(engineAttachedProcessDebugInfo, &dbgProcessInformation, sizeof PROCESS_INFORMATION); + RtlMoveMemory(engineAttachedProcessDebugInfo, &dbgProcessInformation, sizeof(PROCESS_INFORMATION)); } attachBreakpoint = true; } @@ -394,7 +394,7 @@ __declspec(dllexport) void TITCALL DebugLoop() VirtualFree((void*)szTranslatedNativeName, NULL, MEM_RELEASE); } RtlZeroMemory(szAnsiLibraryName, sizeof(szAnsiLibraryName)); - WideCharToMultiByte(CP_ACP, NULL, NewLibraryData.szLibraryName, -1, szAnsiLibraryName, sizeof szAnsiLibraryName, NULL, NULL); + WideCharToMultiByte(CP_ACP, NULL, NewLibraryData.szLibraryName, -1, szAnsiLibraryName, sizeof(szAnsiLibraryName), NULL, NULL); //library breakpoint for(int i = (int)LibrarianData.size() - 1; i >= 0; i--) @@ -444,7 +444,7 @@ __declspec(dllexport) void TITCALL DebugLoop() if(hLoadedLibData) { RtlZeroMemory(szAnsiLibraryName, sizeof(szAnsiLibraryName)); - WideCharToMultiByte(CP_ACP, NULL, hLoadedLibData->szLibraryName, -1, szAnsiLibraryName, sizeof szAnsiLibraryName, NULL, NULL); + WideCharToMultiByte(CP_ACP, NULL, hLoadedLibData->szLibraryName, -1, szAnsiLibraryName, sizeof(szAnsiLibraryName), NULL, NULL); for(int i = (int)LibrarianData.size() - 1; i >= 0; i--) { @@ -514,11 +514,11 @@ __declspec(dllexport) void TITCALL DebugLoop() { DBGCode = DBG_EXCEPTION_NOT_HANDLED; //let debuggee handle the exception } - RtlMoveMemory(&TerminateDBGEvent, &DBGEvent, sizeof DEBUG_EVENT); + RtlMoveMemory(&TerminateDBGEvent, &DBGEvent, sizeof(DEBUG_EVENT)); } //handle different exception codes - switch(DBGEvent.u.Exception.ExceptionRecord.ExceptionCode) + switch((LONG)DBGEvent.u.Exception.ExceptionRecord.ExceptionCode) { case STATUS_BREAKPOINT: { @@ -1373,7 +1373,7 @@ continue_dbg_event: if(!SecondChance) //debugger didn't close with a second chance exception (normal exit) { - RtlMoveMemory(&TerminateDBGEvent, &DBGEvent, sizeof DEBUG_EVENT); + RtlMoveMemory(&TerminateDBGEvent, &DBGEvent, sizeof(DEBUG_EVENT)); } ForceClose(); engineFileIsBeingDebugged = false; diff --git a/TitanEngine/TitanEngine.Debugger.Helper.cpp b/TitanEngine/TitanEngine.Debugger.Helper.cpp index 1e97c4c..3793cbd 100644 --- a/TitanEngine/TitanEngine.Debugger.Helper.cpp +++ b/TitanEngine/TitanEngine.Debugger.Helper.cpp @@ -15,11 +15,11 @@ __declspec(dllexport) bool TITCALL GetRemoteString(HANDLE hProcess, LPVOID Strin { MaximumStringSize = 512; } - VirtualQueryEx(hProcess, (LPVOID)StringAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); + VirtualQueryEx(hProcess, (LPVOID)StringAddress, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION)); if((int)((ULONG_PTR)MemInfo.BaseAddress + (ULONG_PTR)MemInfo.RegionSize - (ULONG_PTR)StringAddress) < MaximumStringSize) { StringReadSize = (DWORD)((ULONG_PTR)StringAddress - (ULONG_PTR)MemInfo.BaseAddress); - VirtualQueryEx(hProcess, (LPVOID)((ULONG_PTR)StringAddress + (ULONG_PTR)MemInfo.RegionSize), &MemInfo, sizeof MEMORY_BASIC_INFORMATION); + VirtualQueryEx(hProcess, (LPVOID)((ULONG_PTR)StringAddress + (ULONG_PTR)MemInfo.RegionSize), &MemInfo, sizeof(MEMORY_BASIC_INFORMATION)); if(MemInfo.State == MEM_COMMIT) { StringReadSize = MaximumStringSize; @@ -94,17 +94,17 @@ __declspec(dllexport) ULONG_PTR TITCALL GetFunctionParameter(HANDLE hProcess, DW { StackSecondReadSize = 0; } - StackReadSize = sizeof ULONG_PTR; + StackReadSize = sizeof(ULONG_PTR); } if(FunctionType >= UE_FUNCTION_STDCALL && FunctionType <= UE_FUNCTION_CCALL_CALL && FunctionType != UE_FUNCTION_FASTCALL_RET) { StackReadAddress = (ULONG_PTR)GetContextData(UE_CSP); if(FunctionType != UE_FUNCTION_FASTCALL_CALL) { - StackReadAddress = StackReadAddress + (ParameterNumber * sizeof ULONG_PTR); + StackReadAddress = StackReadAddress + (ParameterNumber * sizeof(ULONG_PTR)); if(FunctionType >= UE_FUNCTION_STDCALL_CALL) { - StackReadAddress = StackReadAddress - sizeof ULONG_PTR; + StackReadAddress = StackReadAddress - sizeof(ULONG_PTR); } } else @@ -152,23 +152,23 @@ __declspec(dllexport) ULONG_PTR TITCALL GetFunctionParameter(HANDLE hProcess, DW } else { - StackReadAddress = StackReadAddress + 0x20 + ((ParameterNumber - 4) * sizeof ULONG_PTR) - sizeof ULONG_PTR; + StackReadAddress = StackReadAddress + 0x20 + ((ParameterNumber - 4) * sizeof(ULONG_PTR)) - sizeof(ULONG_PTR); } } - if(ReadProcessMemory(hProcess, (LPVOID)StackReadAddress, &StackReadBuffer, sizeof ULONG_PTR, &ueNumberOfBytesRW)) + if(ReadProcessMemory(hProcess, (LPVOID)StackReadAddress, &StackReadBuffer, sizeof(ULONG_PTR), &ueNumberOfBytesRW)) { if(!ValueIsPointer) { - RtlMoveMemory((LPVOID)((ULONG_PTR)&StackFinalBuffer + sizeof ULONG_PTR - StackReadSize), (LPVOID)((ULONG_PTR)&StackReadBuffer + sizeof ULONG_PTR - StackReadSize), StackReadSize); + RtlMoveMemory((LPVOID)((ULONG_PTR)&StackFinalBuffer + sizeof(ULONG_PTR) - StackReadSize), (LPVOID)((ULONG_PTR)&StackReadBuffer + sizeof(ULONG_PTR) - StackReadSize), StackReadSize); } else { StackReadAddress = StackReadBuffer; if(StackSecondReadSize > NULL) { - if(ReadProcessMemory(hProcess, (LPVOID)StackReadAddress, &StackReadBuffer, sizeof ULONG_PTR, &ueNumberOfBytesRW)) + if(ReadProcessMemory(hProcess, (LPVOID)StackReadAddress, &StackReadBuffer, sizeof(ULONG_PTR), &ueNumberOfBytesRW)) { - RtlMoveMemory((LPVOID)((ULONG_PTR)&StackFinalBuffer + sizeof ULONG_PTR - StackSecondReadSize), (LPVOID)((ULONG_PTR)&StackReadBuffer + sizeof ULONG_PTR - StackSecondReadSize), StackSecondReadSize); + RtlMoveMemory((LPVOID)((ULONG_PTR)&StackFinalBuffer + sizeof(ULONG_PTR) - StackSecondReadSize), (LPVOID)((ULONG_PTR)&StackReadBuffer + sizeof(ULONG_PTR) - StackSecondReadSize), StackSecondReadSize); } else { @@ -177,11 +177,11 @@ __declspec(dllexport) ULONG_PTR TITCALL GetFunctionParameter(HANDLE hProcess, DW } else { - VirtualQueryEx(hProcess, (LPVOID)StackReadAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); + VirtualQueryEx(hProcess, (LPVOID)StackReadAddress, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION)); if((ULONG_PTR)MemInfo.BaseAddress + (ULONG_PTR)MemInfo.RegionSize - StackReadAddress < 512) { StringReadSize = (DWORD)((ULONG_PTR)StackReadAddress - (ULONG_PTR)MemInfo.BaseAddress); - VirtualQueryEx(hProcess, (LPVOID)(StackReadAddress + (ULONG_PTR)MemInfo.RegionSize), &MemInfo, sizeof MEMORY_BASIC_INFORMATION); + VirtualQueryEx(hProcess, (LPVOID)(StackReadAddress + (ULONG_PTR)MemInfo.RegionSize), &MemInfo, sizeof(MEMORY_BASIC_INFORMATION)); if(MemInfo.State == MEM_COMMIT) { StringReadSize = 512; @@ -221,7 +221,7 @@ __declspec(dllexport) ULONG_PTR TITCALL GetJumpDestinationEx(HANDLE hProcess, UL if(hProcess != NULL) { - VirtualQueryEx(hProcess, (LPVOID)InstructionAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); + VirtualQueryEx(hProcess, (LPVOID)InstructionAddress, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION)); if(MemInfo.RegionSize > NULL) { if(ReadProcessMemory(hProcess, (LPVOID)InstructionAddress, ReadMemory, MAXIMUM_INSTRUCTION_SIZE, &ueNumberOfBytesRead)) @@ -305,7 +305,7 @@ __declspec(dllexport) ULONG_PTR TITCALL GetJumpDestinationEx(HANDLE hProcess, UL { RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)ReadMemory + 2), 4); TargetedAddress = ReadMemData; - if(sizeof HANDLE == 8) + if(sizeof(HANDLE) == 8) { TargetedAddress = TargetedAddress + InstructionAddress; } @@ -314,7 +314,7 @@ __declspec(dllexport) ULONG_PTR TITCALL GetJumpDestinationEx(HANDLE hProcess, UL { RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)ReadMemory + 2), 4); TargetedAddress = ReadMemData; - if(sizeof HANDLE == 8) + if(sizeof(HANDLE) == 8) { TargetedAddress = TargetedAddress + InstructionAddress; } @@ -440,7 +440,7 @@ __declspec(dllexport) ULONG_PTR TITCALL GetJumpDestinationEx(HANDLE hProcess, UL { RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)InstructionAddress + 2), 4); TargetedAddress = ReadMemData; - if(sizeof HANDLE == 8) + if(sizeof(HANDLE) == 8) { TargetedAddress = TargetedAddress + InstructionAddress; } @@ -449,7 +449,7 @@ __declspec(dllexport) ULONG_PTR TITCALL GetJumpDestinationEx(HANDLE hProcess, UL { RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)InstructionAddress + 2), 4); TargetedAddress = ReadMemData; - if(sizeof HANDLE == 8) + if(sizeof(HANDLE) == 8) { TargetedAddress = TargetedAddress + InstructionAddress; } diff --git a/TitanEngine/TitanEngine.Debugger.Memory.cpp b/TitanEngine/TitanEngine.Debugger.Memory.cpp index a3fefe6..80bdd52 100644 --- a/TitanEngine/TitanEngine.Debugger.Memory.cpp +++ b/TitanEngine/TitanEngine.Debugger.Memory.cpp @@ -30,7 +30,7 @@ __declspec(dllexport) bool TITCALL MatchPatternEx(HANDLE hProcess, void* MemoryT { if(ueNumberOfBytesRead == 0) { - if(VirtualQueryEx(hProcess, MemoryToCheck, &memoryInformation, sizeof memoryInformation) != NULL) + if(VirtualQueryEx(hProcess, MemoryToCheck, &memoryInformation, sizeof(memoryInformation)) != NULL) { SizeOfMemoryToCheck = (int)((ULONG_PTR)memoryInformation.BaseAddress + memoryInformation.RegionSize - (ULONG_PTR)MemoryToCheck); if(!ReadProcessMemory(hProcess, MemoryToCheck, ueReadBuffer, SizeOfMemoryToCheck, &ueNumberOfBytesRead)) @@ -104,7 +104,7 @@ __declspec(dllexport) ULONG_PTR TITCALL FindEx(HANDLE hProcess, LPVOID MemorySta { if(ueNumberOfBytesRead == NULL) { - if(VirtualQueryEx(hProcess, MemoryStart, &memoryInformation, sizeof memoryInformation) != NULL) + if(VirtualQueryEx(hProcess, MemoryStart, &memoryInformation, sizeof(memoryInformation)) != NULL) { MemorySize = (DWORD)((ULONG_PTR)memoryInformation.BaseAddress + memoryInformation.RegionSize - (ULONG_PTR)MemoryStart); if(!MemoryReadSafe(hProcess, MemoryStart, ueReadBuffer, MemorySize, &ueNumberOfBytesRead)) @@ -175,7 +175,7 @@ __declspec(dllexport) bool TITCALL FillEx(HANDLE hProcess, LPVOID MemoryStart, D { FillByte = &defFillByte; } - VirtualQueryEx(hProcess, MemoryStart, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); + VirtualQueryEx(hProcess, MemoryStart, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION)); OldProtect = MemInfo.Protect; VirtualProtectEx(hProcess, MemoryStart, MemorySize, PAGE_EXECUTE_READWRITE, &OldProtect); for(i = 0; i < MemorySize; i++) @@ -214,7 +214,7 @@ __declspec(dllexport) bool TITCALL PatchEx(HANDLE hProcess, LPVOID MemoryStart, if(hProcess != NULL) { - VirtualQueryEx(hProcess, MemoryStart, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); + VirtualQueryEx(hProcess, MemoryStart, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION)); OldProtect = MemInfo.Protect; VirtualProtectEx(hProcess, MemoryStart, MemorySize, PAGE_EXECUTE_READWRITE, &OldProtect); @@ -358,7 +358,7 @@ __declspec(dllexport) bool TITCALL MemoryReadSafe(HANDLE hProcess, LPVOID lpBase ULONG_PTR endAddr = (ULONG_PTR)lpBaseAddress + nSize; for(ULONG_PTR page = ALIGN_DOWN_BY(lpBaseAddress, TITANENGINE_PAGESIZE); page < endAddr; page += memInfo.RegionSize) { - if(0 == VirtualQueryEx(hProcess, (LPCVOID)page, &memInfo, sizeof memInfo)) + if(0 == VirtualQueryEx(hProcess, (LPCVOID)page, &memInfo, sizeof(memInfo))) break; // failure ('VirtualProtectEx' will fail too) memRegions.push_back(memInfo); } @@ -430,7 +430,7 @@ __declspec(dllexport) bool TITCALL MemoryWriteSafe(HANDLE hProcess, LPVOID lpBas ULONG_PTR endAddr = (ULONG_PTR)lpBaseAddress + nSize; for(ULONG_PTR page = ALIGN_DOWN_BY(lpBaseAddress, TITANENGINE_PAGESIZE); page < endAddr; page += memInfo.RegionSize) { - if(0 == VirtualQueryEx(hProcess, (LPCVOID)page, &memInfo, sizeof memInfo)) + if(0 == VirtualQueryEx(hProcess, (LPCVOID)page, &memInfo, sizeof(memInfo))) break; // failure memRegions.push_back(memInfo); } diff --git a/TitanEngine/TitanEngine.Debugger.cpp b/TitanEngine/TitanEngine.Debugger.cpp index d01a5a2..aaa9617 100644 --- a/TitanEngine/TitanEngine.Debugger.cpp +++ b/TitanEngine/TitanEngine.Debugger.cpp @@ -402,6 +402,17 @@ __declspec(dllexport) void* TITCALL InitNativeDebugW(wchar_t* szFileName, wchar_ HANDLE ProcessHandle = NULL, ThreadHandle = NULL; UNICODE_STRING CommandLine = { 0 }; PUNICODE_STRING PtrCurrentDirectory = NULL; + OBJECT_ATTRIBUTES ObjectAttributes = {}; + HANDLE DebugPort = NULL; + PS_CREATE_INFO CreateInfo = {}; + SIZE_T NumAttributes = 0; + SIZE_T AttributesSize = 0; + PPS_ATTRIBUTE_LIST AttributeList = NULL; + ULONG N = 0; + CLIENT_ID Cid = {}; + PCLIENT_ID ClientId = NULL; + ULONG NtProcessFlags = 0; + ULONG NtThreadFlags = 0; // Convert the application path to its NT equivalent UNICODE_STRING ImagePath, NtImagePath; @@ -461,9 +472,7 @@ __declspec(dllexport) void* TITCALL InitNativeDebugW(wchar_t* szFileName, wchar_ ProcessParameters->ShowWindowFlags = STARTF_USESHOWWINDOW | SW_SHOWDEFAULT; // Create a debug port object - OBJECT_ATTRIBUTES ObjectAttributes; InitializeObjectAttributes(&ObjectAttributes, NULL, 0, NULL, NULL); - HANDLE DebugPort = NULL; Status = NtCreateDebugObject(&DebugPort, DEBUG_ALL_ACCESS, &ObjectAttributes, @@ -478,7 +487,6 @@ __declspec(dllexport) void* TITCALL InitNativeDebugW(wchar_t* szFileName, wchar_ NtCurrentTeb()->DbgSsReserved[1] = DebugPort; // Initialize the PS_CREATE_INFO structure - PS_CREATE_INFO CreateInfo; RtlZeroMemory(&CreateInfo, sizeof(CreateInfo)); CreateInfo.Size = sizeof(CreateInfo); CreateInfo.State = PsCreateInitialState; @@ -488,16 +496,16 @@ __declspec(dllexport) void* TITCALL InitNativeDebugW(wchar_t* szFileName, wchar_ CreateInfo.u1.InitState.AdditionalFileAccess = FILE_READ_ATTRIBUTES | FILE_READ_DATA; // Initialize the PS_ATTRIBUTE_LIST that contains the process creation attributes - const SIZE_T NumAttributes = 3; - const SIZE_T AttributesSize = sizeof(SIZE_T) + NumAttributes * sizeof(PS_ATTRIBUTE); - PPS_ATTRIBUTE_LIST AttributeList = reinterpret_cast( + NumAttributes = 3; + AttributesSize = sizeof(SIZE_T) + NumAttributes * sizeof(PS_ATTRIBUTE); + AttributeList = reinterpret_cast( RtlAllocateHeap(RtlProcessHeap(), HEAP_ZERO_MEMORY, // Not optional AttributesSize)); AttributeList->TotalLength = AttributesSize; // In: NT style absolute image path. This is the only required attribute - ULONG N = 0; + N = 0; AttributeList->Attributes[N].Attribute = PS_ATTRIBUTE_IMAGE_NAME; AttributeList->Attributes[N].Size = NtImagePath.Length; AttributeList->Attributes[N].Value = reinterpret_cast(NtImagePath.Buffer); @@ -510,15 +518,15 @@ __declspec(dllexport) void* TITCALL InitNativeDebugW(wchar_t* szFileName, wchar_ // Out: client ID N++; - CLIENT_ID Cid; - PCLIENT_ID ClientId = &Cid; + Cid = {}; + ClientId = &Cid; AttributeList->Attributes[N].Attribute = PS_ATTRIBUTE_CLIENT_ID; AttributeList->Attributes[N].Size = sizeof(CLIENT_ID); AttributeList->Attributes[N].Value = reinterpret_cast(ClientId); // Set process and thread flags - ULONG NtProcessFlags = PROCESS_CREATE_FLAGS_NO_DEBUG_INHERIT; // Same as DEBUG_ONLY_THIS_PROCESS. DEBUG_PROCESS is implied by the debug port - ULONG NtThreadFlags = THREAD_CREATE_FLAGS_CREATE_SUSPENDED; // Always set this, because we need to do some bookkeeping before resuming + NtProcessFlags = PROCESS_CREATE_FLAGS_NO_DEBUG_INHERIT; // Same as DEBUG_ONLY_THIS_PROCESS. DEBUG_PROCESS is implied by the debug port + NtThreadFlags = THREAD_CREATE_FLAGS_CREATE_SUSPENDED; // Always set this, because we need to do some bookkeeping before resuming // Create the process Status = fnNtCreateUserProcess(&ProcessHandle, @@ -822,7 +830,7 @@ __declspec(dllexport) void TITCALL AutoDebugExW(wchar_t* szFileName, bool Reserv if(szFileName != NULL) { - RtlZeroMemory(&expertDebug, sizeof ExpertDebug); + RtlZeroMemory(&expertDebug, sizeof(ExpertDebug)); expertDebug.ExpertModeActive = true; expertDebug.szFileName = szFileName; expertDebug.szCommandLine = szCommandLine; @@ -844,7 +852,7 @@ __declspec(dllexport) void TITCALL AutoDebugExW(wchar_t* szFileName, bool Reserv ForceClose(); } } - RtlZeroMemory(&expertDebug, sizeof ExpertDebug); + RtlZeroMemory(&expertDebug, sizeof(ExpertDebug)); SetDebugLoopTimeOut(INFINITE); } } diff --git a/TitanEngine/TitanEngine.Dumper.cpp b/TitanEngine/TitanEngine.Dumper.cpp index f8bc7e4..adb851f 100644 --- a/TitanEngine/TitanEngine.Dumper.cpp +++ b/TitanEngine/TitanEngine.Dumper.cpp @@ -408,7 +408,7 @@ __declspec(dllexport) bool TITCALL DumpRegionsW(HANDLE hProcess, wchar_t* szDump return false; } - while(VirtualQueryEx(hProcess, (LPVOID)DumpAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION) != NULL) + while(VirtualQueryEx(hProcess, (LPVOID)DumpAddress, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION)) != NULL) { AddressIsModuleBase = false; for(i = 0; i < (int)(cbNeeded / sizeof(HMODULE)); i++) diff --git a/TitanEngine/TitanEngine.Engine.Simplification.cpp b/TitanEngine/TitanEngine.Engine.Simplification.cpp index 82648df..f700501 100644 --- a/TitanEngine/TitanEngine.Engine.Simplification.cpp +++ b/TitanEngine/TitanEngine.Engine.Simplification.cpp @@ -33,7 +33,7 @@ __declspec(dllexport) void TITCALL EngineUnpackerInitializeW(wchar_t* szFileName { RtlZeroMemory(&szEngineUnpackerSnapShot1[0], MAX_PATH * 2); RtlZeroMemory(&szEngineUnpackerSnapShot2[0], MAX_PATH * 2); - RtlZeroMemory(&EngineUnpackerFileStatus, sizeof FILE_STATUS_INFO); + RtlZeroMemory(&EngineUnpackerFileStatus, sizeof(FILE_STATUS_INFO)); if(IsPE32FileValidExW(szFileName, UE_DEPTH_DEEP, &EngineUnpackerFileStatus)) { if(!EngineUnpackerFileStatus.FileIsDLL) @@ -119,7 +119,7 @@ __declspec(dllexport) bool TITCALL EngineUnpackerSetBreakCondition(void* SearchS if(BreakType == UE_UNPACKER_CONDITION_LOADLIBRARY) { - if(SetBPX(fPatternLocation, UE_BREAKPOINT, &EngineSimplifyLoadLibraryCallBack)) + if(SetBPX(fPatternLocation, UE_BREAKPOINT, CallbackToObjectPointer(&EngineSimplifyLoadLibraryCallBack))) { EngineUnpackerBreakInfo.push_back(fUnpackerInformation); return true; @@ -127,7 +127,7 @@ __declspec(dllexport) bool TITCALL EngineUnpackerSetBreakCondition(void* SearchS } else if(BreakType == UE_UNPACKER_CONDITION_GETPROCADDRESS) { - if(SetBPX(fPatternLocation, UE_BREAKPOINT, &EngineSimplifyGetProcAddressCallBack)) + if(SetBPX(fPatternLocation, UE_BREAKPOINT, CallbackToObjectPointer(&EngineSimplifyGetProcAddressCallBack))) { EngineUnpackerBreakInfo.push_back(fUnpackerInformation); return true; @@ -135,7 +135,7 @@ __declspec(dllexport) bool TITCALL EngineUnpackerSetBreakCondition(void* SearchS } else if(BreakType == UE_UNPACKER_CONDITION_ENTRYPOINTBREAK) { - if(SetBPX(fPatternLocation, UE_BREAKPOINT, &EngineSimplifyGetProcAddressCallBack)) + if(SetBPX(fPatternLocation, UE_BREAKPOINT, CallbackToObjectPointer(&EngineSimplifyGetProcAddressCallBack))) { EngineUnpackerBreakInfo.push_back(fUnpackerInformation); return true; @@ -143,7 +143,7 @@ __declspec(dllexport) bool TITCALL EngineUnpackerSetBreakCondition(void* SearchS } else if(BreakType == UE_UNPACKER_CONDITION_RELOCSNAPSHOT1) { - if(SetBPX(fPatternLocation, UE_BREAKPOINT, &EngineSimplifyMakeSnapshotCallBack)) + if(SetBPX(fPatternLocation, UE_BREAKPOINT, CallbackToObjectPointer(&EngineSimplifyMakeSnapshotCallBack))) { fUnpackerInformation.SnapShotNumber = 1; EngineUnpackerBreakInfo.push_back(fUnpackerInformation); @@ -152,7 +152,7 @@ __declspec(dllexport) bool TITCALL EngineUnpackerSetBreakCondition(void* SearchS } else if(BreakType == UE_UNPACKER_CONDITION_RELOCSNAPSHOT2) { - if(SetBPX(fPatternLocation, UE_BREAKPOINT, &EngineSimplifyMakeSnapshotCallBack)) + if(SetBPX(fPatternLocation, UE_BREAKPOINT, CallbackToObjectPointer(&EngineSimplifyMakeSnapshotCallBack))) { fUnpackerInformation.SnapShotNumber = 2; EngineUnpackerBreakInfo.push_back(fUnpackerInformation); @@ -161,7 +161,7 @@ __declspec(dllexport) bool TITCALL EngineUnpackerSetBreakCondition(void* SearchS } else { - if(SetBPX(fPatternLocation, fBreakPointType, (void*)BreakType)) + if(SetBPX(fPatternLocation, fBreakPointType, (void*)(ULONG_PTR)BreakType)) { EngineUnpackerBreakInfo.push_back(fUnpackerInformation); return true; diff --git a/TitanEngine/TitanEngine.Engine.cpp b/TitanEngine/TitanEngine.Engine.cpp index 07809ff..c3f497f 100644 --- a/TitanEngine/TitanEngine.Engine.cpp +++ b/TitanEngine/TitanEngine.Engine.cpp @@ -180,7 +180,7 @@ __declspec(dllexport) bool TITCALL EngineCreateMissingDependenciesW(wchar_t* szF } ExporterBuildExportTableExW(BuildExportName, ".export"); } - ImportPointer = (PIMAGE_IMPORT_DESCRIPTOR)((ULONG_PTR)ImportPointer + sizeof IMAGE_IMPORT_DESCRIPTOR); + ImportPointer = (PIMAGE_IMPORT_DESCRIPTOR)((ULONG_PTR)ImportPointer + sizeof(IMAGE_IMPORT_DESCRIPTOR)); } } } @@ -238,7 +238,7 @@ __declspec(dllexport) bool TITCALL EngineCreateMissingDependenciesW(wchar_t* szF } ExporterBuildExportTableExW(BuildExportName, ".export"); } - ImportPointer = (PIMAGE_IMPORT_DESCRIPTOR)((ULONG_PTR)ImportPointer + sizeof IMAGE_IMPORT_DESCRIPTOR); + ImportPointer = (PIMAGE_IMPORT_DESCRIPTOR)((ULONG_PTR)ImportPointer + sizeof(IMAGE_IMPORT_DESCRIPTOR)); } } } @@ -276,8 +276,8 @@ __declspec(dllexport) bool TITCALL EngineDeleteCreatedDependencies() engineDependencyFilesCWP = engineDependencyFiles; while(*((char*)engineDependencyFilesCWP) != 0) { - RtlZeroMemory(&szTempName, sizeof szTempName); - RtlZeroMemory(&szTempFolder, sizeof szTempFolder); + RtlZeroMemory(&szTempName, sizeof(szTempName)); + RtlZeroMemory(&szTempFolder, sizeof(szTempFolder)); if(GetTempPathW(MAX_PATH, szTempFolder) < MAX_PATH) { if(GetTempFileNameW(szTempFolder, L"DeleteTempGenFile", GetTickCount(), szTempName)) diff --git a/TitanEngine/TitanEngine.Exporter.cpp b/TitanEngine/TitanEngine.Exporter.cpp index 0591297..ef18b82 100644 --- a/TitanEngine/TitanEngine.Exporter.cpp +++ b/TitanEngine/TitanEngine.Exporter.cpp @@ -30,7 +30,7 @@ __declspec(dllexport) void TITCALL ExporterCleanup() expOrdinals[i] = 0; } //RtlZeroMemory(&szExportFileName, 512); - RtlZeroMemory(&expExportData, sizeof IMAGE_EXPORT_DIRECTORY); + RtlZeroMemory(&expExportData, sizeof(IMAGE_EXPORT_DIRECTORY)); VirtualFree(expTableData, NULL, MEM_RELEASE); expExportNumber = NULL; expTableData = NULL; @@ -139,7 +139,7 @@ __declspec(dllexport) long TITCALL ExporterEstimatedSize() DWORD EstimatedSize = NULL; EstimatedSize = (DWORD)((ULONG_PTR)expTableDataCWP - (ULONG_PTR)expTableData); - EstimatedSize = EstimatedSize + (expExportNumber * 12) + sizeof IMAGE_EXPORT_DIRECTORY; + EstimatedSize = EstimatedSize + (expExportNumber * 12) + sizeof(IMAGE_EXPORT_DIRECTORY); return(EstimatedSize); } __declspec(dllexport) bool TITCALL ExporterBuildExportTable(ULONG_PTR StorePlace, ULONG_PTR FileMapVA) @@ -162,7 +162,7 @@ __declspec(dllexport) bool TITCALL ExporterBuildExportTable(ULONG_PTR StorePlace if(expTableDataCWP != NULL) { expBuildExportData = expBuildExportDyn.Allocate(ExporterEstimatedSize()); - expBuildExportDataCWP = (LPVOID)((ULONG_PTR)expBuildExportData + sizeof IMAGE_EXPORT_DIRECTORY); + expBuildExportDataCWP = (LPVOID)((ULONG_PTR)expBuildExportData + sizeof(IMAGE_EXPORT_DIRECTORY)); expExportData.NumberOfNames = expExportNumber; expExportData.NumberOfFunctions = expExportNumber; @@ -204,7 +204,7 @@ __declspec(dllexport) bool TITCALL ExporterBuildExportTable(ULONG_PTR StorePlace expExportData.AddressOfNameOrdinals = StorePlaceRVA + (DWORD)((ULONG_PTR)expBuildExportDataCWP - (ULONG_PTR)expBuildExportData); RtlMoveMemory(expBuildExportDataCWP, &expOrdinals, 2 * expExportNumber); expBuildExportDataCWP = (LPVOID)((ULONG_PTR)expBuildExportDataCWP + 2 * expExportNumber); - RtlMoveMemory(expBuildExportData, &expExportData, sizeof IMAGE_EXPORT_DIRECTORY); + RtlMoveMemory(expBuildExportData, &expExportData, sizeof(IMAGE_EXPORT_DIRECTORY)); RtlMoveMemory((LPVOID)StorePlace, expBuildExportData, (DWORD)((ULONG_PTR)expBuildExportDataCWP - (ULONG_PTR)expBuildExportData)); @@ -259,7 +259,7 @@ __declspec(dllexport) bool TITCALL ExporterBuildExportTableEx(char* szExportFile return false; } } -__declspec(dllexport) bool TITCALL ExporterBuildExportTableExW(wchar_t* szExportFileName, char* szSectionName) +__declspec(dllexport) bool TITCALL ExporterBuildExportTableExW(wchar_t* szExportFileName, const char* szSectionName) { HANDLE FileHandle; diff --git a/TitanEngine/TitanEngine.Handler.cpp b/TitanEngine/TitanEngine.Handler.cpp index 3978ff0..222d70f 100644 --- a/TitanEngine/TitanEngine.Handler.cpp +++ b/TitanEngine/TitanEngine.Handler.cpp @@ -1,5 +1,11 @@ #include "stdafx.h" #include "definitions.h" + +static inline HANDLE HandleFromNtHandle(USHORT handle) +{ + return (HANDLE)(ULONG_PTR)handle; +} + #include "Global.Handle.h" #include "Global.Engine.h" @@ -59,7 +65,7 @@ __declspec(dllexport) bool TITCALL HandlerIsHandleOpen(DWORD ProcessId, HANDLE h for(ULONG i = 0; i < HandleInfo->NumberOfHandles; i++) { - if((DWORD)pHandle->UniqueProcessId == ProcessId && (HANDLE)pHandle->HandleValue == hHandle) + if((DWORD)pHandle->UniqueProcessId == ProcessId && (HANDLE)(ULONG_PTR)pHandle->HandleValue == hHandle) { HandleActive = true; break; @@ -92,7 +98,7 @@ __declspec(dllexport) void* TITCALL HandlerGetHandleNameW(HANDLE hProcess, DWORD for(ULONG i = 0; i < HandleInfo->NumberOfHandles; i++) { - if((DWORD)pHandle->UniqueProcessId == ProcessId && (HANDLE)pHandle->HandleValue == hHandle) + if((DWORD)pHandle->UniqueProcessId == ProcessId && (HANDLE)(ULONG_PTR)pHandle->HandleValue == hHandle) { if(pHandle->GrantedAccess != 0x0012019F) //Filter, because this GrantedAccess type can cause deadlocks! { @@ -162,19 +168,19 @@ __declspec(dllexport) long TITCALL HandlerEnumerateOpenHandles(DWORD ProcessId, return 0; LPVOID QuerySystemBuffer = hinfo.GetPtr(); - RtlMoveMemory(&TotalHandleCount, QuerySystemBuffer, sizeof ULONG); + RtlMoveMemory(&TotalHandleCount, QuerySystemBuffer, sizeof(ULONG)); QuerySystemBuffer = (LPVOID)((ULONG_PTR)QuerySystemBuffer + 4); HandleInfo = (PNTDLL_QUERY_HANDLE_INFO)QuerySystemBuffer; while(TotalHandleCount > NULL) { if(HandleInfo->ProcessId == ProcessId && HandleCount < MaxHandleCount) { - myHandle = (HANDLE)HandleInfo->hHandle; - RtlMoveMemory(HandleBuffer, &myHandle, sizeof HANDLE); - HandleBuffer = (LPVOID)((ULONG_PTR)HandleBuffer + sizeof HANDLE); + myHandle = HandleFromNtHandle(HandleInfo->hHandle); + RtlMoveMemory(HandleBuffer, &myHandle, sizeof(HANDLE)); + HandleBuffer = (LPVOID)((ULONG_PTR)HandleBuffer + sizeof(HANDLE)); HandleCount++; } - HandleInfo = (PNTDLL_QUERY_HANDLE_INFO)((ULONG_PTR)HandleInfo + sizeof NTDLL_QUERY_HANDLE_INFO); + HandleInfo = (PNTDLL_QUERY_HANDLE_INFO)((ULONG_PTR)HandleInfo + sizeof(NTDLL_QUERY_HANDLE_INFO)); TotalHandleCount--; } return(HandleCount); @@ -199,17 +205,17 @@ __declspec(dllexport) ULONG_PTR TITCALL HandlerGetHandleDetails(HANDLE hProcess, return 0; LPVOID QuerySystemBuffer = hinfo.GetPtr(); - RtlMoveMemory(&TotalHandleCount, QuerySystemBuffer, sizeof ULONG); + RtlMoveMemory(&TotalHandleCount, QuerySystemBuffer, sizeof(ULONG)); QuerySystemBuffer = (LPVOID)((ULONG_PTR)QuerySystemBuffer + 4); HandleInfo = (PNTDLL_QUERY_HANDLE_INFO)QuerySystemBuffer; while(TotalHandleCount > NULL) { - if(HandleInfo->ProcessId == ProcessId && (HANDLE)HandleInfo->hHandle == hHandle) + if(HandleInfo->ProcessId == ProcessId && HandleFromNtHandle(HandleInfo->hHandle) == hHandle) { if(DuplicateHandle(hProcess, hHandle, GetCurrentProcess(), &myHandle, NULL, false, DUPLICATE_SAME_ACCESS)) { - RtlZeroMemory(&ObjectBasicInfo, sizeof OBJECT_BASIC_INFORMATION); - NtQueryObject(myHandle, ObjectBasicInformation, &ObjectBasicInfo, sizeof OBJECT_BASIC_INFORMATION, &RequiredSize); + RtlZeroMemory(&ObjectBasicInfo, sizeof(OBJECT_BASIC_INFORMATION)); + NtQueryObject(myHandle, ObjectBasicInformation, &ObjectBasicInfo, sizeof(OBJECT_BASIC_INFORMATION), &RequiredSize); if(InformationReturn == UE_OPTION_HANDLER_RETURN_HANDLECOUNT) { ReturnData = (ULONG_PTR)ObjectBasicInfo.HandleCount; @@ -261,7 +267,7 @@ __declspec(dllexport) ULONG_PTR TITCALL HandlerGetHandleDetails(HANDLE hProcess, break; } } - HandleInfo = (PNTDLL_QUERY_HANDLE_INFO)((ULONG_PTR)HandleInfo + sizeof NTDLL_QUERY_HANDLE_INFO); + HandleInfo = (PNTDLL_QUERY_HANDLE_INFO)((ULONG_PTR)HandleInfo + sizeof(NTDLL_QUERY_HANDLE_INFO)); TotalHandleCount--; } if(!DontFreeStringMemory) @@ -323,7 +329,7 @@ __declspec(dllexport) long TITCALL HandlerEnumerateLockHandlesW(wchar_t* szFileO LPVOID QuerySystemBuffer = hinfo.GetPtr(); - RtlMoveMemory(&TotalHandleCount, QuerySystemBuffer, sizeof ULONG); + RtlMoveMemory(&TotalHandleCount, QuerySystemBuffer, sizeof(ULONG)); QuerySystemBuffer = (LPVOID)((ULONG_PTR)QuerySystemBuffer + 4); HandleInfo = (PNTDLL_QUERY_HANDLE_INFO)QuerySystemBuffer; while(TotalHandleCount > NULL) @@ -342,10 +348,10 @@ __declspec(dllexport) long TITCALL HandlerEnumerateLockHandlesW(wchar_t* szFileO //if(!(HandleInfo->GrantedAccess & SYNCHRONIZE) || ((HandleInfo->GrantedAccess & SYNCHRONIZE) && ((WORD)HandleInfo->GrantedAccess != 0x19F9))){// && (WORD)HandleInfo->GrantedAccess != 0x89))){ if(HandleInfo->GrantedAccess != 0x0012019F) { - if(DuplicateHandle(hProcess, (HANDLE)HandleInfo->hHandle, GetCurrentProcess(), &myHandle, NULL, false, DUPLICATE_SAME_ACCESS)) + if(DuplicateHandle(hProcess, HandleFromNtHandle(HandleInfo->hHandle), GetCurrentProcess(), &myHandle, NULL, false, DUPLICATE_SAME_ACCESS)) { - RtlZeroMemory(&ObjectBasicInfo, sizeof OBJECT_BASIC_INFORMATION); - NtQueryObject(myHandle, ObjectBasicInformation, &ObjectBasicInfo, sizeof OBJECT_BASIC_INFORMATION, &RequiredSize); + RtlZeroMemory(&ObjectBasicInfo, sizeof(OBJECT_BASIC_INFORMATION)); + NtQueryObject(myHandle, ObjectBasicInformation, &ObjectBasicInfo, sizeof(OBJECT_BASIC_INFORMATION), &RequiredSize); NtQueryObject(myHandle, ObjectNameInformation, ObjectNameInfo, 8, &RequiredSize); NtQueryObject(myHandle, ObjectNameInformation, ObjectNameInfo, RequiredSize, &RequiredSize); RtlZeroMemory(HandleFullName, 0x1000); @@ -370,11 +376,11 @@ __declspec(dllexport) long TITCALL HandlerEnumerateLockHandlesW(wchar_t* szFileO } if(lstrcmpiW((LPCWSTR)HandleFullName, szFileOrFolderName) == NULL && MaxHandleCount > NULL) { - RtlMoveMemory(HandleDataBuffer, &HandleInfo->ProcessId, sizeof ULONG); - HandleDataBuffer = (LPVOID)((ULONG_PTR)HandleDataBuffer + sizeof ULONG); - CopyHandle = (HANDLE)HandleInfo->hHandle; - RtlMoveMemory(HandleDataBuffer, &CopyHandle, sizeof HANDLE); - HandleDataBuffer = (LPVOID)((ULONG_PTR)HandleDataBuffer + sizeof HANDLE); + RtlMoveMemory(HandleDataBuffer, &HandleInfo->ProcessId, sizeof(ULONG)); + HandleDataBuffer = (LPVOID)((ULONG_PTR)HandleDataBuffer + sizeof(ULONG)); + CopyHandle = HandleFromNtHandle(HandleInfo->hHandle); + RtlMoveMemory(HandleDataBuffer, &CopyHandle, sizeof(HANDLE)); + HandleDataBuffer = (LPVOID)((ULONG_PTR)HandleDataBuffer + sizeof(HANDLE)); FoundHandles++; MaxHandleCount--; } @@ -383,7 +389,7 @@ __declspec(dllexport) long TITCALL HandlerEnumerateLockHandlesW(wchar_t* szFileO } } } - HandleInfo = (PNTDLL_QUERY_HANDLE_INFO)((ULONG_PTR)HandleInfo + sizeof NTDLL_QUERY_HANDLE_INFO); + HandleInfo = (PNTDLL_QUERY_HANDLE_INFO)((ULONG_PTR)HandleInfo + sizeof(NTDLL_QUERY_HANDLE_INFO)); TotalHandleCount--; } @@ -430,7 +436,7 @@ __declspec(dllexport) bool TITCALL HandlerCloseAllLockHandlesW(wchar_t* szFileOr LPVOID QuerySystemBuffer = hinfo.GetPtr(); - RtlMoveMemory(&TotalHandleCount, QuerySystemBuffer, sizeof ULONG); + RtlMoveMemory(&TotalHandleCount, QuerySystemBuffer, sizeof(ULONG)); QuerySystemBuffer = (LPVOID)((ULONG_PTR)QuerySystemBuffer + 4); HandleInfo = (PNTDLL_QUERY_HANDLE_INFO)QuerySystemBuffer; while(TotalHandleCount > NULL) @@ -449,10 +455,10 @@ __declspec(dllexport) bool TITCALL HandlerCloseAllLockHandlesW(wchar_t* szFileOr //if(!(HandleInfo->GrantedAccess & SYNCHRONIZE) || ((HandleInfo->GrantedAccess & SYNCHRONIZE) && ((WORD)HandleInfo->GrantedAccess != 0x19F9))){// && (WORD)HandleInfo->GrantedAccess != 0x89))){ if(HandleInfo->GrantedAccess != 0x0012019F) { - if(DuplicateHandle(hProcess, (HANDLE)HandleInfo->hHandle, GetCurrentProcess(), &myHandle, NULL, false, DUPLICATE_SAME_ACCESS)) + if(DuplicateHandle(hProcess, HandleFromNtHandle(HandleInfo->hHandle), GetCurrentProcess(), &myHandle, NULL, false, DUPLICATE_SAME_ACCESS)) { - RtlZeroMemory(&ObjectBasicInfo, sizeof OBJECT_BASIC_INFORMATION); - NtQueryObject(myHandle, ObjectBasicInformation, &ObjectBasicInfo, sizeof OBJECT_BASIC_INFORMATION, &RequiredSize); + RtlZeroMemory(&ObjectBasicInfo, sizeof(OBJECT_BASIC_INFORMATION)); + NtQueryObject(myHandle, ObjectBasicInformation, &ObjectBasicInfo, sizeof(OBJECT_BASIC_INFORMATION), &RequiredSize); NtQueryObject(myHandle, ObjectNameInformation, ObjectNameInfo, 8, &RequiredSize); NtQueryObject(myHandle, ObjectNameInformation, ObjectNameInfo, RequiredSize, &RequiredSize); RtlZeroMemory(HandleFullName, 0x1000); @@ -477,7 +483,7 @@ __declspec(dllexport) bool TITCALL HandlerCloseAllLockHandlesW(wchar_t* szFileOr } if(lstrcmpiW((LPCWSTR)HandleFullName, szFileOrFolderName) == NULL) { - if(!HandlerCloseRemoteHandle(hProcess, (HANDLE)HandleInfo->hHandle)) + if(!HandlerCloseRemoteHandle(hProcess, HandleFromNtHandle(HandleInfo->hHandle))) { AllHandled = false; } @@ -487,7 +493,7 @@ __declspec(dllexport) bool TITCALL HandlerCloseAllLockHandlesW(wchar_t* szFileOr } } } - HandleInfo = (PNTDLL_QUERY_HANDLE_INFO)((ULONG_PTR)HandleInfo + sizeof NTDLL_QUERY_HANDLE_INFO); + HandleInfo = (PNTDLL_QUERY_HANDLE_INFO)((ULONG_PTR)HandleInfo + sizeof(NTDLL_QUERY_HANDLE_INFO)); TotalHandleCount--; } @@ -533,7 +539,7 @@ __declspec(dllexport) bool TITCALL HandlerIsFileLockedW(wchar_t* szFileOrFolderN LPVOID QuerySystemBuffer = hinfo.GetPtr(); - RtlMoveMemory(&TotalHandleCount, QuerySystemBuffer, sizeof ULONG); + RtlMoveMemory(&TotalHandleCount, QuerySystemBuffer, sizeof(ULONG)); QuerySystemBuffer = (LPVOID)((ULONG_PTR)QuerySystemBuffer + 4); HandleInfo = (PNTDLL_QUERY_HANDLE_INFO)QuerySystemBuffer; while(TotalHandleCount > NULL) @@ -552,10 +558,10 @@ __declspec(dllexport) bool TITCALL HandlerIsFileLockedW(wchar_t* szFileOrFolderN //if(!(HandleInfo->GrantedAccess & SYNCHRONIZE) || ((HandleInfo->GrantedAccess & SYNCHRONIZE) && ((WORD)HandleInfo->GrantedAccess != 0x19F9))){// && (WORD)HandleInfo->GrantedAccess != 0x89))){ if(HandleInfo->GrantedAccess != 0x0012019F) { - if(DuplicateHandle(hProcess, (HANDLE)HandleInfo->hHandle, GetCurrentProcess(), &myHandle, NULL, false, DUPLICATE_SAME_ACCESS)) + if(DuplicateHandle(hProcess, HandleFromNtHandle(HandleInfo->hHandle), GetCurrentProcess(), &myHandle, NULL, false, DUPLICATE_SAME_ACCESS)) { - RtlZeroMemory(&ObjectBasicInfo, sizeof OBJECT_BASIC_INFORMATION); - NtQueryObject(myHandle, ObjectBasicInformation, &ObjectBasicInfo, sizeof OBJECT_BASIC_INFORMATION, &RequiredSize); + RtlZeroMemory(&ObjectBasicInfo, sizeof(OBJECT_BASIC_INFORMATION)); + NtQueryObject(myHandle, ObjectBasicInformation, &ObjectBasicInfo, sizeof(OBJECT_BASIC_INFORMATION), &RequiredSize); NtQueryObject(myHandle, ObjectNameInformation, ObjectNameInfo, 8, &RequiredSize); NtQueryObject(myHandle, ObjectNameInformation, ObjectNameInfo, RequiredSize, &RequiredSize); RtlZeroMemory(HandleFullName, 0x1000); @@ -588,7 +594,7 @@ __declspec(dllexport) bool TITCALL HandlerIsFileLockedW(wchar_t* szFileOrFolderN } } } - HandleInfo = (PNTDLL_QUERY_HANDLE_INFO)((ULONG_PTR)HandleInfo + sizeof NTDLL_QUERY_HANDLE_INFO); + HandleInfo = (PNTDLL_QUERY_HANDLE_INFO)((ULONG_PTR)HandleInfo + sizeof(NTDLL_QUERY_HANDLE_INFO)); TotalHandleCount--; } return false; @@ -615,7 +621,7 @@ __declspec(dllexport) long TITCALL HandlerEnumerateOpenMutexes(HANDLE hProcess, return 0; LPVOID QuerySystemBuffer = hinfo.GetPtr(); - RtlMoveMemory(&TotalHandleCount, QuerySystemBuffer, sizeof ULONG); + RtlMoveMemory(&TotalHandleCount, QuerySystemBuffer, sizeof(ULONG)); QuerySystemBuffer = (LPVOID)((ULONG_PTR)QuerySystemBuffer + 4); HandleInfo = (PNTDLL_QUERY_HANDLE_INFO)QuerySystemBuffer; while(TotalHandleCount > NULL) @@ -625,7 +631,7 @@ __declspec(dllexport) long TITCALL HandlerEnumerateOpenMutexes(HANDLE hProcess, //if(!(HandleInfo->GrantedAccess & SYNCHRONIZE) || ((HandleInfo->GrantedAccess & SYNCHRONIZE) && ((WORD)HandleInfo->GrantedAccess != 0x19F9))){// && (WORD)HandleInfo->GrantedAccess != 0x89))){ if(HandleInfo->GrantedAccess != 0x0012019F) { - if(DuplicateHandle(hProcess, (HANDLE)HandleInfo->hHandle, GetCurrentProcess(), &myHandle, NULL, false, DUPLICATE_SAME_ACCESS)) + if(DuplicateHandle(hProcess, HandleFromNtHandle(HandleInfo->hHandle), GetCurrentProcess(), &myHandle, NULL, false, DUPLICATE_SAME_ACCESS)) { RtlZeroMemory(HandleFullData, sizeof(HandleFullData)); NtQueryObject(myHandle, ObjectTypeInformation, HandleFullData, 8, &RequiredSize); @@ -636,9 +642,9 @@ __declspec(dllexport) long TITCALL HandlerEnumerateOpenMutexes(HANDLE hProcess, WideCharToMultiByte(CP_ACP, NULL, (LPCWSTR)pObjectTypeInfo->TypeName.Buffer, -1, (LPSTR)HandleNameData, 0x1000, NULL, NULL); if(lstrcmpiA((LPCSTR)HandleNameData, "Mutant") == NULL) { - copyHandle = (HANDLE)HandleInfo->hHandle; - RtlMoveMemory(HandleBuffer, ©Handle, sizeof HANDLE); - HandleBuffer = (LPVOID)((ULONG_PTR)HandleBuffer + sizeof HANDLE); + copyHandle = HandleFromNtHandle(HandleInfo->hHandle); + RtlMoveMemory(HandleBuffer, ©Handle, sizeof(HANDLE)); + HandleBuffer = (LPVOID)((ULONG_PTR)HandleBuffer + sizeof(HANDLE)); HandleCount++; } } @@ -646,7 +652,7 @@ __declspec(dllexport) long TITCALL HandlerEnumerateOpenMutexes(HANDLE hProcess, } } } - HandleInfo = (PNTDLL_QUERY_HANDLE_INFO)((ULONG_PTR)HandleInfo + sizeof NTDLL_QUERY_HANDLE_INFO); + HandleInfo = (PNTDLL_QUERY_HANDLE_INFO)((ULONG_PTR)HandleInfo + sizeof(NTDLL_QUERY_HANDLE_INFO)); TotalHandleCount--; } return(HandleCount); @@ -675,7 +681,7 @@ __declspec(dllexport) ULONG_PTR TITCALL HandlerGetOpenMutexHandleW(HANDLE hProce HANDLE myHandle; char HandleBuffer[0x1000] = {0}; LPVOID cHandleBuffer = HandleBuffer; - int OpenHandleCount = HandlerEnumerateOpenMutexes(hProcess, ProcessId, HandleBuffer, 0x1000 / sizeof HANDLE); + int OpenHandleCount = HandlerEnumerateOpenMutexes(hProcess, ProcessId, HandleBuffer, 0x1000 / sizeof(HANDLE)); wchar_t RealMutexName[512] = L"\\BaseNamedObjects\\"; wchar_t* HandleName; @@ -684,7 +690,7 @@ __declspec(dllexport) ULONG_PTR TITCALL HandlerGetOpenMutexHandleW(HANDLE hProce lstrcatW(RealMutexName, szMutexString); for(i = 0; i < OpenHandleCount; i++) { - RtlMoveMemory(&myHandle, cHandleBuffer, sizeof HANDLE); + RtlMoveMemory(&myHandle, cHandleBuffer, sizeof(HANDLE)); HandleName = (wchar_t*)HandlerGetHandleNameW(hProcess, ProcessId, myHandle, true); if(HandleName != NULL) { @@ -693,7 +699,7 @@ __declspec(dllexport) ULONG_PTR TITCALL HandlerGetOpenMutexHandleW(HANDLE hProce return((ULONG_PTR)myHandle); } } - cHandleBuffer = (LPVOID)((ULONG_PTR)cHandleBuffer + sizeof HANDLE); + cHandleBuffer = (LPVOID)((ULONG_PTR)cHandleBuffer + sizeof(HANDLE)); } } return(NULL); @@ -738,7 +744,7 @@ __declspec(dllexport) long TITCALL HandlerGetProcessIdWhichCreatedMutexW(wchar_t return 0; LPVOID QuerySystemBuffer = hinfo.GetPtr(); - RtlMoveMemory(&TotalHandleCount, QuerySystemBuffer, sizeof ULONG); + RtlMoveMemory(&TotalHandleCount, QuerySystemBuffer, sizeof(ULONG)); QuerySystemBuffer = (LPVOID)((ULONG_PTR)QuerySystemBuffer + 4); HandleInfo = (PNTDLL_QUERY_HANDLE_INFO)QuerySystemBuffer; while(TotalHandleCount > NULL) @@ -757,7 +763,7 @@ __declspec(dllexport) long TITCALL HandlerGetProcessIdWhichCreatedMutexW(wchar_t //if(!(HandleInfo->GrantedAccess & SYNCHRONIZE) || ((HandleInfo->GrantedAccess & SYNCHRONIZE) && ((WORD)HandleInfo->GrantedAccess != 0x19F9))){// && (WORD)HandleInfo->GrantedAccess != 0x89))){ if(HandleInfo->GrantedAccess != 0x0012019F) { - if(DuplicateHandle(hProcess, (HANDLE)HandleInfo->hHandle, GetCurrentProcess(), &myHandle, NULL, false, DUPLICATE_SAME_ACCESS)) + if(DuplicateHandle(hProcess, HandleFromNtHandle(HandleInfo->hHandle), GetCurrentProcess(), &myHandle, NULL, false, DUPLICATE_SAME_ACCESS)) { RtlZeroMemory(HandleFullData, sizeof(HandleFullData)); NtQueryObject(myHandle, ObjectTypeInformation, HandleFullData, 8, &RequiredSize); @@ -788,7 +794,7 @@ __declspec(dllexport) long TITCALL HandlerGetProcessIdWhichCreatedMutexW(wchar_t } } } - HandleInfo = (PNTDLL_QUERY_HANDLE_INFO)((ULONG_PTR)HandleInfo + sizeof NTDLL_QUERY_HANDLE_INFO); + HandleInfo = (PNTDLL_QUERY_HANDLE_INFO)((ULONG_PTR)HandleInfo + sizeof(NTDLL_QUERY_HANDLE_INFO)); TotalHandleCount--; } return(ReturnData); diff --git a/TitanEngine/TitanEngine.Hooks.cpp b/TitanEngine/TitanEngine.Hooks.cpp index 62a1d98..0d9eb05 100644 --- a/TitanEngine/TitanEngine.Hooks.cpp +++ b/TitanEngine/TitanEngine.Hooks.cpp @@ -17,7 +17,7 @@ static bool ProcessHookScanAddNewHook(PHOOK_ENTRY HookDetails, void* ptrOriginal { HOOK_ENTRY MyhookEntry = {}; - RtlMoveMemory(&MyhookEntry, HookDetails, sizeof HOOK_ENTRY); + RtlMoveMemory(&MyhookEntry, HookDetails, sizeof(HOOK_ENTRY)); hookEntry.push_back(MyhookEntry); return true; } @@ -46,10 +46,10 @@ __declspec(dllexport) bool TITCALL HooksSafeTransitionEx(LPVOID HookAddressArray { #if defined (_WIN64) ULONG_PTR HookAddress = (ULONG_PTR)myHookAddressArray->Array.qwArrayEntry[0]; - myHookAddressArray = (PMEMORY_COMPARE_HANDLER)((ULONG_PTR)myHookAddressArray + sizeof ULONG_PTR); + myHookAddressArray = (PMEMORY_COMPARE_HANDLER)((ULONG_PTR)myHookAddressArray + sizeof(ULONG_PTR)); #else ULONG_PTR HookAddress = (ULONG_PTR)myHookAddressArray->Array.dwArrayEntry[0]; - myHookAddressArray = (PMEMORY_COMPARE_HANDLER)((ULONG_PTR)myHookAddressArray + sizeof ULONG_PTR); + myHookAddressArray = (PMEMORY_COMPARE_HANDLER)((ULONG_PTR)myHookAddressArray + sizeof(ULONG_PTR)); #endif while(CurrentIP >= (ULONG_PTR)HookAddress && CurrentIP <= (ULONG_PTR)HookAddress + 5) { @@ -84,7 +84,7 @@ __declspec(dllexport) bool TITCALL HooksSafeTransition(LPVOID HookAddress, bool void* aHookAddress[1]; aHookAddress[0] = HookAddress; - return(HooksSafeTransitionEx(&aHookAddress[0], sizeof aHookAddress, TransitionStart)); + return(HooksSafeTransitionEx(&aHookAddress[0], sizeof(aHookAddress), TransitionStart)); } __declspec(dllexport) bool TITCALL HooksIsAddressRedirected(LPVOID HookAddress) @@ -176,22 +176,22 @@ __declspec(dllexport) bool TITCALL HooksInsertNewRedirection(LPVOID HookAddress, if(CompareMemory->Array.bArrayEntry[0] == 0xE9 && CurrentInstructionSize == 5) { CalculatedRealingJump = (DWORD)((ULONG_PTR)RealignAddressTarget - (ULONG_PTR)RelocateMemory - CurrentInstructionSize); - RtlMoveMemory(&RelocateMemory->Array.bArrayEntry[1], &CalculatedRealingJump, sizeof CalculatedRealingJump); + RtlMoveMemory(&RelocateMemory->Array.bArrayEntry[1], &CalculatedRealingJump, sizeof(CalculatedRealingJump)); } else if(CompareMemory->Array.bArrayEntry[0] >= 0x70 && CompareMemory->Array.bArrayEntry[0] <= 0x7F && CurrentInstructionSize == 2) { CalculatedRealingJump = (DWORD)((ULONG_PTR)RealignAddressTarget - (ULONG_PTR)RelocateMemory - CurrentInstructionSize); - RtlMoveMemory(&RelocateMemory->Array.bArrayEntry[2], &CalculatedRealingJump, sizeof CalculatedRealingJump); + RtlMoveMemory(&RelocateMemory->Array.bArrayEntry[2], &CalculatedRealingJump, sizeof(CalculatedRealingJump)); } else if(CompareMemory->Array.bArrayEntry[0] == 0x0F && CompareMemory->Array.bArrayEntry[1] >= 0x80 && CompareMemory->Array.bArrayEntry[1] <= 0x8F && CurrentInstructionSize == 6) { CalculatedRealingJump = (DWORD)((ULONG_PTR)RealignAddressTarget - (ULONG_PTR)RelocateMemory - CurrentInstructionSize); - RtlMoveMemory(&RelocateMemory->Array.bArrayEntry[2], &CalculatedRealingJump, sizeof CalculatedRealingJump); + RtlMoveMemory(&RelocateMemory->Array.bArrayEntry[2], &CalculatedRealingJump, sizeof(CalculatedRealingJump)); } else if(CompareMemory->Array.bArrayEntry[0] == 0xE8 && CurrentInstructionSize == 5) { CalculatedRealingJump = (DWORD)((ULONG_PTR)RealignAddressTarget - (ULONG_PTR)RelocateMemory - CurrentInstructionSize); - RtlMoveMemory(&RelocateMemory->Array.bArrayEntry[1], &CalculatedRealingJump, sizeof CalculatedRealingJump); + RtlMoveMemory(&RelocateMemory->Array.bArrayEntry[1], &CalculatedRealingJump, sizeof(CalculatedRealingJump)); } } } @@ -236,7 +236,7 @@ __declspec(dllexport) bool TITCALL HooksInsertNewRedirection(LPVOID HookAddress, } CalculatedRealingJump = (DWORD)((ULONG_PTR)RealignAddressTarget - (ULONG_PTR)WriteMemory - CurrentInstructionSize); WriteMemory->Array.bArrayEntry[0] = 0xE9; - RtlMoveMemory(&WriteMemory->Array.bArrayEntry[1], &CalculatedRealingJump, sizeof CalculatedRealingJump); + RtlMoveMemory(&WriteMemory->Array.bArrayEntry[1], &CalculatedRealingJump, sizeof(CalculatedRealingJump)); myHook.RelocationInfo[myHook.RelocationCount] = (DWORD)((ULONG_PTR)WriteMemory - (ULONG_PTR)buffPatchedEntry); WriteMemory = (PMEMORY_COMPARE_HANDLER)((ULONG_PTR)WriteMemory + CurrentInstructionSize); myHook.RelocationCount++; @@ -245,7 +245,7 @@ __declspec(dllexport) bool TITCALL HooksInsertNewRedirection(LPVOID HookAddress, { CalculatedRealingJump = (DWORD)((ULONG_PTR)RealignAddressTarget - (ULONG_PTR)WriteMemory - 5); WriteMemory->Array.bArrayEntry[0] = 0xE9; - RtlMoveMemory(&WriteMemory->Array.bArrayEntry[1], &CalculatedRealingJump, sizeof CalculatedRealingJump); + RtlMoveMemory(&WriteMemory->Array.bArrayEntry[1], &CalculatedRealingJump, sizeof(CalculatedRealingJump)); myHook.RelocationInfo[myHook.RelocationCount] = (DWORD)((ULONG_PTR)WriteMemory - (ULONG_PTR)buffPatchedEntry); WriteMemory = (PMEMORY_COMPARE_HANDLER)((ULONG_PTR)WriteMemory + 5); myHook.RelocationCount++; @@ -256,7 +256,7 @@ __declspec(dllexport) bool TITCALL HooksInsertNewRedirection(LPVOID HookAddress, CalculatedRealingJump = (DWORD)((ULONG_PTR)RealignAddressTarget - (ULONG_PTR)WriteMemory - 6); WriteMemory->Array.bArrayEntry[0] = 0x0F; WriteMemory->Array.bArrayEntry[1] = CompareMemory->Array.bArrayEntry[0] + 0x10; - RtlMoveMemory(&WriteMemory->Array.bArrayEntry[2], &CalculatedRealingJump, sizeof CalculatedRealingJump); + RtlMoveMemory(&WriteMemory->Array.bArrayEntry[2], &CalculatedRealingJump, sizeof(CalculatedRealingJump)); myHook.RelocationInfo[myHook.RelocationCount] = (DWORD)((ULONG_PTR)WriteMemory - (ULONG_PTR)buffPatchedEntry); WriteMemory = (PMEMORY_COMPARE_HANDLER)((ULONG_PTR)WriteMemory + 6); myHook.RelocationCount++; @@ -269,7 +269,7 @@ __declspec(dllexport) bool TITCALL HooksInsertNewRedirection(LPVOID HookAddress, WriteMemory->Array.bArrayEntry[4] = 0xFF; WriteMemory->Array.bArrayEntry[5] = 0x25; RtlZeroMemory(&WriteMemory->Array.bArrayEntry[6], 4); - RtlMoveMemory(&WriteMemory->Array.bArrayEntry[10], &x64CalculatedRealingJump, sizeof x64CalculatedRealingJump); + RtlMoveMemory(&WriteMemory->Array.bArrayEntry[10], &x64CalculatedRealingJump, sizeof(x64CalculatedRealingJump)); WriteMemory = (PMEMORY_COMPARE_HANDLER)((ULONG_PTR)WriteMemory + 18); #endif } @@ -278,7 +278,7 @@ __declspec(dllexport) bool TITCALL HooksInsertNewRedirection(LPVOID HookAddress, #if !defined(_WIN64) CalculatedRealingJump = (DWORD)((ULONG_PTR)RealignAddressTarget - (ULONG_PTR)WriteMemory - CurrentInstructionSize); RtlMoveMemory(&WriteMemory->Array.bArrayEntry[0], &CompareMemory->Array.bArrayEntry[0], 2); - RtlMoveMemory(&WriteMemory->Array.bArrayEntry[2], &CalculatedRealingJump, sizeof CalculatedRealingJump); + RtlMoveMemory(&WriteMemory->Array.bArrayEntry[2], &CalculatedRealingJump, sizeof(CalculatedRealingJump)); myHook.RelocationInfo[myHook.RelocationCount] = (DWORD)((ULONG_PTR)WriteMemory - (ULONG_PTR)buffPatchedEntry); WriteMemory = (PMEMORY_COMPARE_HANDLER)((ULONG_PTR)WriteMemory + CurrentInstructionSize); myHook.RelocationCount++; @@ -295,7 +295,7 @@ __declspec(dllexport) bool TITCALL HooksInsertNewRedirection(LPVOID HookAddress, WriteMemory->Array.bArrayEntry[8] = 0xFF; WriteMemory->Array.bArrayEntry[9] = 0x25; RtlZeroMemory(&WriteMemory->Array.bArrayEntry[10], 4); - RtlMoveMemory(&WriteMemory->Array.bArrayEntry[14], &x64CalculatedRealingJump, sizeof x64CalculatedRealingJump); + RtlMoveMemory(&WriteMemory->Array.bArrayEntry[14], &x64CalculatedRealingJump, sizeof(x64CalculatedRealingJump)); WriteMemory = (PMEMORY_COMPARE_HANDLER)((ULONG_PTR)WriteMemory + 22); #endif } @@ -303,7 +303,7 @@ __declspec(dllexport) bool TITCALL HooksInsertNewRedirection(LPVOID HookAddress, { CalculatedRealingJump = (DWORD)((ULONG_PTR)RealignAddressTarget - (ULONG_PTR)WriteMemory - CurrentInstructionSize); WriteMemory->Array.bArrayEntry[0] = 0xE8; - RtlMoveMemory(&WriteMemory->Array.bArrayEntry[1], &CalculatedRealingJump, sizeof CalculatedRealingJump); + RtlMoveMemory(&WriteMemory->Array.bArrayEntry[1], &CalculatedRealingJump, sizeof(CalculatedRealingJump)); myHook.RelocationInfo[myHook.RelocationCount] = (DWORD)((ULONG_PTR)WriteMemory - (ULONG_PTR)buffPatchedEntry); WriteMemory = (PMEMORY_COMPARE_HANDLER)((ULONG_PTR)WriteMemory + CurrentInstructionSize); myHook.RelocationCount++; @@ -313,7 +313,7 @@ __declspec(dllexport) bool TITCALL HooksInsertNewRedirection(LPVOID HookAddress, { CalculatedRealingJump = (DWORD)((ULONG_PTR)RealignAddressTarget - (ULONG_PTR)WriteMemory - CurrentInstructionSize); RtlMoveMemory(&WriteMemory->Array.bArrayEntry[0], &CompareMemory->Array.bArrayEntry[0], 2); - RtlMoveMemory(&WriteMemory->Array.bArrayEntry[2], &CalculatedRealingJump, sizeof CalculatedRealingJump); + RtlMoveMemory(&WriteMemory->Array.bArrayEntry[2], &CalculatedRealingJump, sizeof(CalculatedRealingJump)); WriteMemory = (PMEMORY_COMPARE_HANDLER)((ULONG_PTR)WriteMemory + CurrentInstructionSize); #endif } @@ -340,9 +340,9 @@ __declspec(dllexport) bool TITCALL HooksInsertNewRedirection(LPVOID HookAddress, #else CalculatedRealingJump = NULL; #endif - RtlMoveMemory(&WriteMemory->Array.bArrayEntry[2], &CalculatedRealingJump, sizeof CalculatedRealingJump); - RtlMoveMemory(&WriteMemory->Array.bArrayEntry[6], &cHookAddress, sizeof CalculatedRealingJump); - WriteMemory = (PMEMORY_COMPARE_HANDLER)((ULONG_PTR)WriteMemory + 6 + sizeof ULONG_PTR); + RtlMoveMemory(&WriteMemory->Array.bArrayEntry[2], &CalculatedRealingJump, sizeof(CalculatedRealingJump)); + RtlMoveMemory(&WriteMemory->Array.bArrayEntry[6], &cHookAddress, sizeof(CalculatedRealingJump)); + WriteMemory = (PMEMORY_COMPARE_HANDLER)((ULONG_PTR)WriteMemory + 6 + sizeof(ULONG_PTR)); myHook.HookIsEnabled = true; myHook.HookType = (BYTE)HookType; myHook.HookAddress = HookAddress; @@ -360,7 +360,7 @@ __declspec(dllexport) bool TITCALL HooksInsertNewRedirection(LPVOID HookAddress, if(VirtualProtect(HookAddress, TEE_MAXIMUM_HOOK_SIZE, PAGE_EXECUTE_READWRITE, &OldProtect)) { WriteMemory->Array.bArrayEntry[0] = 0xE9; - RtlMoveMemory(&WriteMemory->Array.bArrayEntry[1], &CalculatedRealingJump, sizeof CalculatedRealingJump); + RtlMoveMemory(&WriteMemory->Array.bArrayEntry[1], &CalculatedRealingJump, sizeof(CalculatedRealingJump)); RtlMoveMemory(&myHook.HookBytes[0], HookAddress, TEE_MAXIMUM_HOOK_SIZE); VirtualProtect(HookAddress, TEE_MAXIMUM_HOOK_SIZE, OldProtect, &OldProtect); hookEntry.push_back(myHook); @@ -372,7 +372,7 @@ __declspec(dllexport) bool TITCALL HooksInsertNewRedirection(LPVOID HookAddress, WriteMemory->Array.bArrayEntry[0] = 0xFF; WriteMemory->Array.bArrayEntry[1] = 0x25; RtlZeroMemory(&WriteMemory->Array.bArrayEntry[2], 4); - RtlMoveMemory(&WriteMemory->Array.bArrayEntry[6], &RedirectTo, sizeof RedirectTo); + RtlMoveMemory(&WriteMemory->Array.bArrayEntry[6], &RedirectTo, sizeof(RedirectTo)); RtlMoveMemory(&myHook.HookBytes[0], HookAddress, TEE_MAXIMUM_HOOK_SIZE); VirtualProtect(HookAddress, TEE_MAXIMUM_HOOK_SIZE, OldProtect, &OldProtect); hookEntry.push_back(myHook); @@ -387,7 +387,7 @@ __declspec(dllexport) bool TITCALL HooksInsertNewRedirection(LPVOID HookAddress, if(VirtualProtect(HookAddress, TEE_MAXIMUM_HOOK_SIZE, PAGE_EXECUTE_READWRITE, &OldProtect)) { WriteMemory->Array.bArrayEntry[0] = 0xE8; - RtlMoveMemory(&WriteMemory->Array.bArrayEntry[1], &CalculatedRealingJump, sizeof CalculatedRealingJump); + RtlMoveMemory(&WriteMemory->Array.bArrayEntry[1], &CalculatedRealingJump, sizeof(CalculatedRealingJump)); RtlMoveMemory(&myHook.HookBytes[0], HookAddress, TEE_MAXIMUM_HOOK_SIZE); VirtualProtect(HookAddress, TEE_MAXIMUM_HOOK_SIZE, OldProtect, &OldProtect); hookEntry.push_back(myHook); @@ -399,7 +399,7 @@ __declspec(dllexport) bool TITCALL HooksInsertNewRedirection(LPVOID HookAddress, WriteMemory->Array.bArrayEntry[0] = 0xFF; WriteMemory->Array.bArrayEntry[1] = 0x15; RtlZeroMemory(&WriteMemory->Array.bArrayEntry[2], 4); - RtlMoveMemory(&WriteMemory->Array.bArrayEntry[6], &RedirectTo, sizeof RedirectTo); + RtlMoveMemory(&WriteMemory->Array.bArrayEntry[6], &RedirectTo, sizeof(RedirectTo)); RtlMoveMemory(&myHook.HookBytes[0], HookAddress, TEE_MAXIMUM_HOOK_SIZE); VirtualProtect(HookAddress, TEE_MAXIMUM_HOOK_SIZE, OldProtect, &OldProtect); hookEntry.push_back(myHook); @@ -430,7 +430,7 @@ __declspec(dllexport) bool TITCALL HooksInsertNewIATRedirectionEx(ULONG_PTR File myHook.IATHook = true; myHook.HookIsEnabled = true; myHook.HookType = TEE_HOOK_IAT; - myHook.HookSize = sizeof ULONG_PTR; + myHook.HookSize = sizeof(ULONG_PTR); myHook.RedirectionAddress = RedirectTo; myHook.IATHookModuleBase = (void*)LoadedModuleBase; myHook.IATHookNameHash = EngineHashString(szHookFunction); @@ -488,9 +488,9 @@ __declspec(dllexport) bool TITCALL HooksInsertNewIATRedirectionEx(ULONG_PTR File } } CurrentThunk = CurrentThunk + 4; - ThunkData32 = (PIMAGE_THUNK_DATA32)((ULONG_PTR)ThunkData32 + sizeof IMAGE_THUNK_DATA32); + ThunkData32 = (PIMAGE_THUNK_DATA32)((ULONG_PTR)ThunkData32 + sizeof(IMAGE_THUNK_DATA32)); } - ImportIID = (PIMAGE_IMPORT_DESCRIPTOR)((ULONG_PTR)ImportIID + sizeof IMAGE_IMPORT_DESCRIPTOR); + ImportIID = (PIMAGE_IMPORT_DESCRIPTOR)((ULONG_PTR)ImportIID + sizeof(IMAGE_IMPORT_DESCRIPTOR)); } return true; } @@ -537,9 +537,9 @@ __declspec(dllexport) bool TITCALL HooksInsertNewIATRedirectionEx(ULONG_PTR File } } CurrentThunk = CurrentThunk + 8; - ThunkData64 = (PIMAGE_THUNK_DATA64)((ULONG_PTR)ThunkData64 + sizeof IMAGE_THUNK_DATA64); + ThunkData64 = (PIMAGE_THUNK_DATA64)((ULONG_PTR)ThunkData64 + sizeof(IMAGE_THUNK_DATA64)); } - ImportIID = (PIMAGE_IMPORT_DESCRIPTOR)((ULONG_PTR)ImportIID + sizeof IMAGE_IMPORT_DESCRIPTOR); + ImportIID = (PIMAGE_IMPORT_DESCRIPTOR)((ULONG_PTR)ImportIID + sizeof(IMAGE_IMPORT_DESCRIPTOR)); } return true; } @@ -634,7 +634,7 @@ __declspec(dllexport) bool TITCALL HooksRemoveRedirectionsForModule(HMODULE Modu DWORD OldProtect = PAGE_READONLY; MODULEINFO RemoteModuleInfo; - if(GetModuleInformation(GetCurrentProcess(), ModuleBase, &RemoteModuleInfo, sizeof MODULEINFO)) + if(GetModuleInformation(GetCurrentProcess(), ModuleBase, &RemoteModuleInfo, sizeof(MODULEINFO))) { while(i > NULL) { @@ -731,7 +731,7 @@ __declspec(dllexport) bool TITCALL HooksDisableRedirectionsForModule(HMODULE Mod DWORD OldProtect = PAGE_READONLY; MODULEINFO RemoteModuleInfo; - if(GetModuleInformation(GetCurrentProcess(), ModuleBase, &RemoteModuleInfo, sizeof MODULEINFO)) + if(GetModuleInformation(GetCurrentProcess(), ModuleBase, &RemoteModuleInfo, sizeof(MODULEINFO))) { while(i > NULL) { @@ -831,7 +831,7 @@ __declspec(dllexport) bool TITCALL HooksEnableRedirectionsForModule(HMODULE Modu DWORD OldProtect = PAGE_READONLY; MODULEINFO RemoteModuleInfo; - if(GetModuleInformation(GetCurrentProcess(), ModuleBase, &RemoteModuleInfo, sizeof MODULEINFO)) + if(GetModuleInformation(GetCurrentProcess(), ModuleBase, &RemoteModuleInfo, sizeof(MODULEINFO))) { while(i > NULL) { @@ -950,12 +950,12 @@ __declspec(dllexport) void TITCALL HooksScanModuleMemory(HMODULE ModuleBase, LPV } else { - RtlMoveMemory(&RemoteLibInfo, pRemoteLibInfo, sizeof LIBRARY_ITEM_DATA); + RtlMoveMemory(&RemoteLibInfo, pRemoteLibInfo, sizeof(LIBRARY_ITEM_DATA)); } if(!FileError) { hSize = GetFileSize(RemoteLibInfo.hFile, NULL); - GetModuleInformation(hProcess, ModuleBase, &ModuleInfo, sizeof MODULEINFO); + GetModuleInformation(hProcess, ModuleBase, &ModuleInfo, sizeof(MODULEINFO)); DOSHeader = (PIMAGE_DOS_HEADER)RemoteLibInfo.hFileMappingView; __try { @@ -1125,5 +1125,5 @@ __declspec(dllexport) void TITCALL HooksScanEntireProcessMemory(LPVOID CallBack) __declspec(dllexport) void TITCALL HooksScanEntireProcessMemoryEx() { - HooksScanEntireProcessMemory(&ProcessHookScanAddNewHook); + HooksScanEntireProcessMemory(CallbackToObjectPointer(&ProcessHookScanAddNewHook)); } diff --git a/TitanEngine/TitanEngine.Importer.cpp b/TitanEngine/TitanEngine.Importer.cpp index c611e66..f11e659 100644 --- a/TitanEngine/TitanEngine.Importer.cpp +++ b/TitanEngine/TitanEngine.Importer.cpp @@ -420,9 +420,9 @@ __declspec(dllexport) bool TITCALL ImporterLoadImportTableW(wchar_t* szFileName) ImporterAddNewAPI((char*)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)((ULONG_PTR)ThunkData32->u1.AddressOfData + 2 + PEHeader32->OptionalHeader.ImageBase), true), (ULONG_PTR)CurrentThunk + PEHeader32->OptionalHeader.ImageBase); } CurrentThunk = CurrentThunk + 4; - ThunkData32 = (PIMAGE_THUNK_DATA32)((ULONG_PTR)ThunkData32 + sizeof IMAGE_THUNK_DATA32); + ThunkData32 = (PIMAGE_THUNK_DATA32)((ULONG_PTR)ThunkData32 + sizeof(IMAGE_THUNK_DATA32)); } - ImportIID = (PIMAGE_IMPORT_DESCRIPTOR)((ULONG_PTR)ImportIID + sizeof IMAGE_IMPORT_DESCRIPTOR); + ImportIID = (PIMAGE_IMPORT_DESCRIPTOR)((ULONG_PTR)ImportIID + sizeof(IMAGE_IMPORT_DESCRIPTOR)); } UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA); return true; @@ -467,9 +467,9 @@ __declspec(dllexport) bool TITCALL ImporterLoadImportTableW(wchar_t* szFileName) ImporterAddNewAPI((char*)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)((ULONG_PTR)ThunkData64->u1.AddressOfData + 2 + (ULONG_PTR)PEHeader64->OptionalHeader.ImageBase), true), (ULONG_PTR)CurrentThunk + (ULONG_PTR)PEHeader64->OptionalHeader.ImageBase); } CurrentThunk = CurrentThunk + 8; - ThunkData64 = (PIMAGE_THUNK_DATA64)((ULONG_PTR)ThunkData64 + sizeof IMAGE_THUNK_DATA64); + ThunkData64 = (PIMAGE_THUNK_DATA64)((ULONG_PTR)ThunkData64 + sizeof(IMAGE_THUNK_DATA64)); } - ImportIID = (PIMAGE_IMPORT_DESCRIPTOR)((ULONG_PTR)ImportIID + sizeof IMAGE_IMPORT_DESCRIPTOR); + ImportIID = (PIMAGE_IMPORT_DESCRIPTOR)((ULONG_PTR)ImportIID + sizeof(IMAGE_IMPORT_DESCRIPTOR)); } UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA); return true; @@ -539,8 +539,8 @@ __declspec(dllexport) void TITCALL ImporterAutoSearchIATW(DWORD ProcessId, wchar scylla_getImports(iatStart, iatSize, ProcessId); } - RtlMoveMemory(pIATStart, &iatStart, sizeof ULONG_PTR); - RtlMoveMemory(pIATSize, &iatSize, sizeof ULONG_PTR); + RtlMoveMemory(pIATStart, &iatStart, sizeof(ULONG_PTR)); + RtlMoveMemory(pIATSize, &iatSize, sizeof(ULONG_PTR)); return; } @@ -550,8 +550,8 @@ __declspec(dllexport) void TITCALL ImporterAutoSearchIATEx(DWORD ProcessId, ULON wchar_t szTempName[MAX_PATH]; wchar_t szTempFolder[MAX_PATH]; - RtlZeroMemory(&szTempName, sizeof szTempName); - RtlZeroMemory(&szTempFolder, sizeof szTempFolder); + RtlZeroMemory(&szTempName, sizeof(szTempName)); + RtlZeroMemory(&szTempFolder, sizeof(szTempFolder)); if(GetTempPathW(MAX_PATH, szTempFolder) < MAX_PATH) { if(GetTempFileNameW(szTempFolder, L"DumpTemp", GetTickCount() + 102, szTempName)) @@ -568,7 +568,7 @@ __declspec(dllexport) void TITCALL ImporterEnumAddedData(LPVOID EnumCallBack) { return scylla_enumImportTree(EnumCallBack); } -__declspec(dllexport) long TITCALL ImporterAutoFixIATEx(DWORD ProcessId, char* szDumpedFile, char* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, bool TryAutoFix, bool FixEliminations, LPVOID UnknownPointerFixCallback) +__declspec(dllexport) long TITCALL ImporterAutoFixIATEx(DWORD ProcessId, const char* szDumpedFile, const char* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, bool TryAutoFix, bool FixEliminations, LPVOID UnknownPointerFixCallback) { wchar_t uniDumpedFile[MAX_PATH] = {}; @@ -585,7 +585,7 @@ __declspec(dllexport) long TITCALL ImporterAutoFixIATEx(DWORD ProcessId, char* s return(NULL); // Critical error! *just to be safe, but it should never happen! } } -__declspec(dllexport) long TITCALL ImporterAutoFixIATExW(DWORD ProcessId, wchar_t* szDumpedFile, wchar_t* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, bool TryAutoFix, bool FixEliminations, LPVOID UnknownPointerFixCallback) +__declspec(dllexport) long TITCALL ImporterAutoFixIATExW(DWORD ProcessId, const wchar_t* szDumpedFile, const wchar_t* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, bool TryAutoFix, bool FixEliminations, LPVOID UnknownPointerFixCallback) { HANDLE FileHandle; DWORD FileSize; @@ -612,7 +612,7 @@ __declspec(dllexport) long TITCALL ImporterAutoFixIATExW(DWORD ProcessId, wchar_ { HANDLE hProcess = EngineOpenProcess(PROCESS_VM_READ | PROCESS_QUERY_INFORMATION, FALSE, ProcessId); - if(!DumpProcessW(hProcess, (LPVOID)ImageBase, szDumpedFile, EntryPointAddress)) + if(!DumpProcessW(hProcess, (LPVOID)ImageBase, DumpFileName, EntryPointAddress)) { return(NULL); // Critical error! *just to be safe, but it should never happen! } diff --git a/TitanEngine/TitanEngine.Injector.cpp b/TitanEngine/TitanEngine.Injector.cpp index 9f1e53f..6cd9b74 100644 --- a/TitanEngine/TitanEngine.Injector.cpp +++ b/TitanEngine/TitanEngine.Injector.cpp @@ -34,7 +34,7 @@ __declspec(dllexport) bool TITCALL RemoteLoadLibraryW(HANDLE hProcess, wchar_t* if(hProcess != NULL) { - RtlZeroMemory(&APIData, sizeof InjectCodeData); + RtlZeroMemory(&APIData, sizeof(InjectCodeData)); APIData.fLoadLibrary = (ULONG_PTR)ImporterGetRemoteAPIAddress(hProcess, (ULONG_PTR)GetProcAddress(GetModuleHandleA("kernel32.dll"), "LoadLibraryW")); APIData.fFreeLibrary = (ULONG_PTR)ImporterGetRemoteAPIAddress(hProcess, (ULONG_PTR)GetProcAddress(GetModuleHandleA("kernel32.dll"), "FreeLibrary")); APIData.fGetModuleHandle = (ULONG_PTR)ImporterGetRemoteAPIAddress(hProcess, (ULONG_PTR)GetProcAddress(GetModuleHandleA("kernel32.dll"), "GetModuleHandleW")); @@ -43,9 +43,9 @@ __declspec(dllexport) bool TITCALL RemoteLoadLibraryW(HANDLE hProcess, wchar_t* APIData.fExitProcess = (ULONG_PTR)ImporterGetRemoteAPIAddress(hProcess, (ULONG_PTR)GetProcAddress(GetModuleHandleA("kernel32.dll"), "ExitProcess")); remCodeData = VirtualAllocEx(hProcess, NULL, remInjectSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE); remStringData = VirtualAllocEx(hProcess, NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE); - if(WriteProcessMemory(hProcess, (LPVOID)((ULONG_PTR)remStringData + sizeof InjectCodeData), (LPCVOID)szLibraryFile, lstrlenW(szLibraryFile) * 2, &NumberOfBytesWritten)) + if(WriteProcessMemory(hProcess, (LPVOID)((ULONG_PTR)remStringData + sizeof(InjectCodeData)), (LPCVOID)szLibraryFile, lstrlenW(szLibraryFile) * 2, &NumberOfBytesWritten)) { - WriteProcessMemory(hProcess, remStringData, &APIData, sizeof InjectCodeData, &NumberOfBytesWritten); + WriteProcessMemory(hProcess, remStringData, &APIData, sizeof(InjectCodeData), &NumberOfBytesWritten); WriteProcessMemory(hProcess, remCodeData, (LPCVOID)&injectedRemoteLoadLibrary, remInjectSize, &NumberOfBytesWritten); if(WaitForThreadExit) { @@ -120,7 +120,7 @@ __declspec(dllexport) bool TITCALL RemoteFreeLibraryW(HANDLE hProcess, HMODULE h if(hProcess != NULL) { - RtlZeroMemory(&APIData, sizeof InjectCodeData); + RtlZeroMemory(&APIData, sizeof(InjectCodeData)); APIData.fLoadLibrary = (ULONG_PTR)ImporterGetRemoteAPIAddress(hProcess, (ULONG_PTR)GetProcAddress(GetModuleHandleA("kernel32.dll"), "LoadLibraryW")); APIData.fFreeLibrary = (ULONG_PTR)ImporterGetRemoteAPIAddress(hProcess, (ULONG_PTR)GetProcAddress(GetModuleHandleA("kernel32.dll"), "FreeLibrary")); APIData.fGetModuleHandle = (ULONG_PTR)ImporterGetRemoteAPIAddress(hProcess, (ULONG_PTR)GetProcAddress(GetModuleHandleA("kernel32.dll"), "GetModuleHandleW")); @@ -132,9 +132,9 @@ __declspec(dllexport) bool TITCALL RemoteFreeLibraryW(HANDLE hProcess, HMODULE h if(hModule == NULL) { remStringData = VirtualAllocEx(hProcess, NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE); - if(WriteProcessMemory(hProcess, (LPVOID)((ULONG_PTR)remStringData + sizeof InjectCodeData), (LPCVOID)szLibraryFile, lstrlenW(szLibraryFile) * 2, &NumberOfBytesWritten)) + if(WriteProcessMemory(hProcess, (LPVOID)((ULONG_PTR)remStringData + sizeof(InjectCodeData)), (LPCVOID)szLibraryFile, lstrlenW(szLibraryFile) * 2, &NumberOfBytesWritten)) { - WriteProcessMemory(hProcess, remStringData, &APIData, sizeof InjectCodeData, &NumberOfBytesWritten); + WriteProcessMemory(hProcess, remStringData, &APIData, sizeof(InjectCodeData), &NumberOfBytesWritten); WriteProcessMemory(hProcess, remCodeData, (LPCVOID)&injectedRemoteFreeLibrarySimple, remInjectSize1, &NumberOfBytesWritten); if(WaitForThreadExit) { @@ -179,7 +179,7 @@ __declspec(dllexport) bool TITCALL RemoteFreeLibraryW(HANDLE hProcess, HMODULE h else { remStringData = VirtualAllocEx(hProcess, NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE); - if(WriteProcessMemory(hProcess, remStringData, &APIData, sizeof InjectCodeData, &NumberOfBytesWritten)) + if(WriteProcessMemory(hProcess, remStringData, &APIData, sizeof(InjectCodeData), &NumberOfBytesWritten)) { WriteProcessMemory(hProcess, remCodeData, (LPCVOID)&injectedRemoteFreeLibrary, remInjectSize2, &NumberOfBytesWritten); if(WaitForThreadExit) @@ -235,7 +235,7 @@ __declspec(dllexport) bool TITCALL RemoteExitProcess(HANDLE hProcess, DWORD Exit if(hProcess != NULL) { - RtlZeroMemory(&APIData, sizeof InjectCodeData); + RtlZeroMemory(&APIData, sizeof(InjectCodeData)); APIData.fLoadLibrary = (ULONG_PTR)ImporterGetRemoteAPIAddress(hProcess, (ULONG_PTR)GetProcAddress(GetModuleHandleA("kernel32.dll"), "LoadLibraryA")); APIData.fFreeLibrary = (ULONG_PTR)ImporterGetRemoteAPIAddress(hProcess, (ULONG_PTR)GetProcAddress(GetModuleHandleA("kernel32.dll"), "FreeLibrary")); APIData.fGetModuleHandle = (ULONG_PTR)ImporterGetRemoteAPIAddress(hProcess, (ULONG_PTR)GetProcAddress(GetModuleHandleA("kernel32.dll"), "GetModuleHandleA")); @@ -247,7 +247,7 @@ __declspec(dllexport) bool TITCALL RemoteExitProcess(HANDLE hProcess, DWORD Exit remCodeData = VirtualAllocEx(hProcess, NULL, remInjectSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE); if(WriteProcessMemory(hProcess, remCodeData, (LPCVOID)&injectedExitProcess, remInjectSize, &NumberOfBytesWritten)) { - WriteProcessMemory(hProcess, remStringData, &APIData, sizeof InjectCodeData, &NumberOfBytesWritten); + WriteProcessMemory(hProcess, remStringData, &APIData, sizeof(InjectCodeData), &NumberOfBytesWritten); hThread = CreateRemoteThread(hProcess, NULL, NULL, (LPTHREAD_START_ROUTINE)remCodeData, remStringData, NULL, &ThreadId); VirtualFreeEx(hProcess, remCodeData, NULL, MEM_RELEASE); return true; diff --git a/TitanEngine/TitanEngine.Librarian.cpp b/TitanEngine/TitanEngine.Librarian.cpp index e23e23a..8825841 100644 --- a/TitanEngine/TitanEngine.Librarian.cpp +++ b/TitanEngine/TitanEngine.Librarian.cpp @@ -42,13 +42,13 @@ __declspec(dllexport) void* TITCALL LibrarianGetLibraryInfo(char* szLibraryName) LibInfo = (PLIBRARY_ITEM_DATAW)LibrarianGetLibraryInfoW(uniLibraryName); if(LibInfo) { - RtlZeroMemory(&LibraryInfoData, sizeof LIBRARY_ITEM_DATA); + RtlZeroMemory(&LibraryInfoData, sizeof(LIBRARY_ITEM_DATA)); LibraryInfoData.hFile = LibInfo->hFile; LibraryInfoData.BaseOfDll = LibInfo->BaseOfDll; LibraryInfoData.hFileMapping = LibInfo->hFileMapping; LibraryInfoData.hFileMappingView = LibInfo->hFileMappingView; - WideCharToMultiByte(CP_ACP, NULL, LibInfo->szLibraryName, -1, &LibraryInfoData.szLibraryName[0], sizeof LibraryInfoData.szLibraryName, NULL, NULL); - WideCharToMultiByte(CP_ACP, NULL, LibInfo->szLibraryPath, -1, &LibraryInfoData.szLibraryPath[0], sizeof LibraryInfoData.szLibraryPath, NULL, NULL); + WideCharToMultiByte(CP_ACP, NULL, LibInfo->szLibraryName, -1, &LibraryInfoData.szLibraryName[0], sizeof(LibraryInfoData).szLibraryName, NULL, NULL); + WideCharToMultiByte(CP_ACP, NULL, LibInfo->szLibraryPath, -1, &LibraryInfoData.szLibraryPath[0], sizeof(LibraryInfoData).szLibraryPath, NULL, NULL); return((void*)&LibraryInfoData); } @@ -79,13 +79,13 @@ __declspec(dllexport) void* TITCALL LibrarianGetLibraryInfoEx(void* BaseOfDll) LibInfo = (PLIBRARY_ITEM_DATAW)LibrarianGetLibraryInfoExW(BaseOfDll); if(LibInfo) { - RtlZeroMemory(&LibraryInfoData, sizeof LIBRARY_ITEM_DATA); + RtlZeroMemory(&LibraryInfoData, sizeof(LIBRARY_ITEM_DATA)); LibraryInfoData.hFile = LibInfo->hFile; LibraryInfoData.BaseOfDll = LibInfo->BaseOfDll; LibraryInfoData.hFileMapping = LibInfo->hFileMapping; LibraryInfoData.hFileMappingView = LibInfo->hFileMappingView; - WideCharToMultiByte(CP_ACP, NULL, LibInfo->szLibraryName, -1, &LibraryInfoData.szLibraryName[0], sizeof LibraryInfoData.szLibraryName, NULL, NULL); - WideCharToMultiByte(CP_ACP, NULL, LibInfo->szLibraryPath, -1, &LibraryInfoData.szLibraryPath[0], sizeof LibraryInfoData.szLibraryPath, NULL, NULL); + WideCharToMultiByte(CP_ACP, NULL, LibInfo->szLibraryName, -1, &LibraryInfoData.szLibraryName[0], sizeof(LibraryInfoData).szLibraryName, NULL, NULL); + WideCharToMultiByte(CP_ACP, NULL, LibInfo->szLibraryPath, -1, &LibraryInfoData.szLibraryPath[0], sizeof(LibraryInfoData).szLibraryPath, NULL, NULL); return (void*)&LibraryInfoData; } diff --git a/TitanEngine/TitanEngine.OEPFinder.cpp b/TitanEngine/TitanEngine.OEPFinder.cpp index 253cd1b..862e774 100644 --- a/TitanEngine/TitanEngine.OEPFinder.cpp +++ b/TitanEngine/TitanEngine.OEPFinder.cpp @@ -29,7 +29,7 @@ __declspec(dllexport) bool TITCALL FindOEPGenericallyW(wchar_t* szFileName, LPVO if(GenericOEPFileInitW(szFileName, TraceInitCallBack, CallBack)) { - InitDebugExW(szFileName, NULL, NULL, &GenericOEPTraceInit); + InitDebugExW(szFileName, NULL, NULL, CallbackToObjectPointer(&GenericOEPTraceInit)); DebugLoop(); for(i = 0; i < glbEntryTracerData.SectionNumber; i++) { diff --git a/TitanEngine/TitanEngine.PE.Fixer.cpp b/TitanEngine/TitanEngine.PE.Fixer.cpp index d38b4b4..0c8fdfb 100644 --- a/TitanEngine/TitanEngine.PE.Fixer.cpp +++ b/TitanEngine/TitanEngine.PE.Fixer.cpp @@ -57,7 +57,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD ULONG_PTR FileMapVA; WORD ResourceNamesTable[22] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 16, 17, 18, 19, 20, 21, 22, 23, 24}; - RtlZeroMemory(&myFileStatusInfo, sizeof FILE_STATUS_INFO); + RtlZeroMemory(&myFileStatusInfo, sizeof(FILE_STATUS_INFO)); if(MapFileExW(szFileName, UE_ACCESS_READ, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL)) { DOSHeader = (PIMAGE_DOS_HEADER)FileMapVA; @@ -81,7 +81,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD myFileStatusInfo.SignaturePE = UE_FIELD_BROKEN_NON_FIXABLE; if(FileStatusInfo != NULL) { - RtlMoveMemory(FileStatusInfo, &myFileStatusInfo, sizeof FILE_STATUS_INFO); + RtlMoveMemory(FileStatusInfo, &myFileStatusInfo, sizeof(FILE_STATUS_INFO)); } UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA); return false; @@ -489,7 +489,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD } } CurrentThunk = CurrentThunk + 4; - ThunkData32 = (PIMAGE_THUNK_DATA32)((ULONG_PTR)ThunkData32 + sizeof IMAGE_THUNK_DATA32); + ThunkData32 = (PIMAGE_THUNK_DATA32)((ULONG_PTR)ThunkData32 + sizeof(IMAGE_THUNK_DATA32)); } } else @@ -500,7 +500,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD { VirtualFree((LPVOID)hLoadedModule, NULL, MEM_RELEASE); } - ImportIID = (PIMAGE_IMPORT_DESCRIPTOR)((ULONG_PTR)ImportIID + sizeof IMAGE_IMPORT_DESCRIPTOR); + ImportIID = (PIMAGE_IMPORT_DESCRIPTOR)((ULONG_PTR)ImportIID + sizeof(IMAGE_IMPORT_DESCRIPTOR)); } } } @@ -630,7 +630,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD { myFileStatusInfo.BoundImportTable = UE_FIELD_FIXABLE_CRITICAL; } - BoundIID = (PIMAGE_BOUND_IMPORT_DESCRIPTOR)((ULONG_PTR)BoundIID + sizeof IMAGE_BOUND_IMPORT_DESCRIPTOR); + BoundIID = (PIMAGE_BOUND_IMPORT_DESCRIPTOR)((ULONG_PTR)BoundIID + sizeof(IMAGE_BOUND_IMPORT_DESCRIPTOR)); } } } @@ -750,7 +750,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD } if(NumberOfSections > 1) { - PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + sizeof IMAGE_SECTION_HEADER); + PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + sizeof(IMAGE_SECTION_HEADER)); if(SectionVirtualSize > PESections->VirtualAddress || SectionVirtualSizeFixed > PESections->VirtualAddress) { myFileStatusInfo.SectionTable = UE_FIELD_FIXABLE_CRITICAL; @@ -804,7 +804,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD */ if(FileStatusInfo != NULL) { - RtlMoveMemory(FileStatusInfo, &myFileStatusInfo, sizeof FILE_STATUS_INFO); + RtlMoveMemory(FileStatusInfo, &myFileStatusInfo, sizeof(FILE_STATUS_INFO)); } UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA); if(myFileStatusInfo.OveralEvaluation == UE_RESULT_FILE_OK) @@ -819,7 +819,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD myFileStatusInfo.SignaturePE = UE_FIELD_BROKEN_NON_FIXABLE; if(FileStatusInfo != NULL) { - RtlMoveMemory(FileStatusInfo, &myFileStatusInfo, sizeof FILE_STATUS_INFO); + RtlMoveMemory(FileStatusInfo, &myFileStatusInfo, sizeof(FILE_STATUS_INFO)); } UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA); return false; @@ -1228,7 +1228,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD } } CurrentThunk = CurrentThunk + 8; - ThunkData64 = (PIMAGE_THUNK_DATA64)((ULONG_PTR)ThunkData64 + sizeof IMAGE_THUNK_DATA64); + ThunkData64 = (PIMAGE_THUNK_DATA64)((ULONG_PTR)ThunkData64 + sizeof(IMAGE_THUNK_DATA64)); } } else @@ -1239,7 +1239,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD { VirtualFree((LPVOID)hLoadedModule, NULL, MEM_RELEASE); } - ImportIID = (PIMAGE_IMPORT_DESCRIPTOR)((ULONG_PTR)ImportIID + sizeof IMAGE_IMPORT_DESCRIPTOR); + ImportIID = (PIMAGE_IMPORT_DESCRIPTOR)((ULONG_PTR)ImportIID + sizeof(IMAGE_IMPORT_DESCRIPTOR)); } } } @@ -1369,7 +1369,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD { myFileStatusInfo.BoundImportTable = UE_FIELD_FIXABLE_CRITICAL; } - BoundIID = (PIMAGE_BOUND_IMPORT_DESCRIPTOR)((ULONG_PTR)BoundIID + sizeof IMAGE_BOUND_IMPORT_DESCRIPTOR); + BoundIID = (PIMAGE_BOUND_IMPORT_DESCRIPTOR)((ULONG_PTR)BoundIID + sizeof(IMAGE_BOUND_IMPORT_DESCRIPTOR)); } } } @@ -1489,7 +1489,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD } if(NumberOfSections > 1) { - PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + sizeof IMAGE_SECTION_HEADER); + PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + sizeof(IMAGE_SECTION_HEADER)); if(SectionVirtualSize > PESections->VirtualAddress || SectionVirtualSizeFixed > PESections->VirtualAddress) { myFileStatusInfo.SectionTable = UE_FIELD_FIXABLE_CRITICAL; @@ -1543,7 +1543,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD */ if(FileStatusInfo != NULL) { - RtlMoveMemory(FileStatusInfo, &myFileStatusInfo, sizeof FILE_STATUS_INFO); + RtlMoveMemory(FileStatusInfo, &myFileStatusInfo, sizeof(FILE_STATUS_INFO)); } UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA); if(myFileStatusInfo.OveralEvaluation == UE_RESULT_FILE_OK) @@ -1558,7 +1558,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD myFileStatusInfo.SignaturePE = UE_FIELD_BROKEN_NON_FIXABLE; if(FileStatusInfo != NULL) { - RtlMoveMemory(FileStatusInfo, &myFileStatusInfo, sizeof FILE_STATUS_INFO); + RtlMoveMemory(FileStatusInfo, &myFileStatusInfo, sizeof(FILE_STATUS_INFO)); } UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA); return false; @@ -1571,7 +1571,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD myFileStatusInfo.SignatureMZ = UE_FIELD_BROKEN_NON_FIXABLE; if(FileStatusInfo != NULL) { - RtlMoveMemory(FileStatusInfo, &myFileStatusInfo, sizeof FILE_STATUS_INFO); + RtlMoveMemory(FileStatusInfo, &myFileStatusInfo, sizeof(FILE_STATUS_INFO)); } UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA); return false; @@ -1579,7 +1579,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD } if(FileStatusInfo != NULL) { - RtlMoveMemory(FileStatusInfo, &myFileStatusInfo, sizeof FILE_STATUS_INFO); + RtlMoveMemory(FileStatusInfo, &myFileStatusInfo, sizeof(FILE_STATUS_INFO)); } return false; } @@ -1811,14 +1811,14 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV } } CurrentThunk = CurrentThunk + 4; - ThunkData32 = (PIMAGE_THUNK_DATA32)((ULONG_PTR)ThunkData32 + sizeof IMAGE_THUNK_DATA32); + ThunkData32 = (PIMAGE_THUNK_DATA32)((ULONG_PTR)ThunkData32 + sizeof(IMAGE_THUNK_DATA32)); } } if(hLoadedModuleSimulated) { VirtualFree((LPVOID)hLoadedModule, NULL, MEM_RELEASE); } - ImportIID = (PIMAGE_IMPORT_DESCRIPTOR)((ULONG_PTR)ImportIID + sizeof IMAGE_IMPORT_DESCRIPTOR); + ImportIID = (PIMAGE_IMPORT_DESCRIPTOR)((ULONG_PTR)ImportIID + sizeof(IMAGE_IMPORT_DESCRIPTOR)); } } } @@ -2230,7 +2230,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV } if(NumberOfSections > 1) { - PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + sizeof IMAGE_SECTION_HEADER); + PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + sizeof(IMAGE_SECTION_HEADER)); if(SectionVirtualSize > PESections->VirtualAddress || SectionVirtualSizeFixed > PESections->VirtualAddress) { PESections->Misc.VirtualSize = SectionVirtualSizeFixed; @@ -2404,14 +2404,14 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV } } CurrentThunk = CurrentThunk + 8; - ThunkData64 = (PIMAGE_THUNK_DATA64)((ULONG_PTR)ThunkData64 + sizeof IMAGE_THUNK_DATA64); + ThunkData64 = (PIMAGE_THUNK_DATA64)((ULONG_PTR)ThunkData64 + sizeof(IMAGE_THUNK_DATA64)); } } if(hLoadedModuleSimulated) { VirtualFree((LPVOID)hLoadedModule, NULL, MEM_RELEASE); } - ImportIID = (PIMAGE_IMPORT_DESCRIPTOR)((ULONG_PTR)ImportIID + sizeof IMAGE_IMPORT_DESCRIPTOR); + ImportIID = (PIMAGE_IMPORT_DESCRIPTOR)((ULONG_PTR)ImportIID + sizeof(IMAGE_IMPORT_DESCRIPTOR)); } } } @@ -2823,7 +2823,7 @@ __declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPV } if(NumberOfSections > 1) { - PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + sizeof IMAGE_SECTION_HEADER); + PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + sizeof(IMAGE_SECTION_HEADER)); if(SectionVirtualSize > PESections->VirtualAddress || SectionVirtualSizeFixed > PESections->VirtualAddress) { PESections->Misc.VirtualSize = SectionVirtualSizeFixed; diff --git a/TitanEngine/TitanEngine.PE.Section.cpp b/TitanEngine/TitanEngine.PE.Section.cpp index 0c158d9..b42deb9 100644 --- a/TitanEngine/TitanEngine.PE.Section.cpp +++ b/TitanEngine/TitanEngine.PE.Section.cpp @@ -160,17 +160,17 @@ __declspec(dllexport) bool TITCALL ResortFileSectionsW(wchar_t* szFileName) LPVOID sortedFileName; DynBuf sortedFileNameBuf; - if(engineBackupForCriticalFunctions && CreateGarbageItem(&szBackupItem, sizeof szBackupItem)) + if(engineBackupForCriticalFunctions && CreateGarbageItem(&szBackupItem, sizeof(szBackupItem))) { - if(!FillGarbageItem(szBackupItem, szFileName, &szBackupFile, sizeof szBackupItem)) + if(!FillGarbageItem(szBackupItem, szFileName, &szBackupFile, sizeof(szBackupItem))) { - RtlZeroMemory(&szBackupItem, sizeof szBackupItem); + RtlZeroMemory(&szBackupItem, sizeof(szBackupItem)); lstrcpyW(szBackupFile, szFileName); } } else { - RtlZeroMemory(&szBackupItem, sizeof szBackupItem); + RtlZeroMemory(&szBackupItem, sizeof(szBackupItem)); lstrcpyW(szBackupFile, szFileName); } if(MapFileExW(szBackupFile, UE_ACCESS_ALL, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL)) @@ -370,17 +370,17 @@ __declspec(dllexport) bool TITCALL MakeAllSectionsRWEW(wchar_t* szFileName) HANDLE FileMap; ULONG_PTR FileMapVA; - if(engineBackupForCriticalFunctions && CreateGarbageItem(&szBackupItem, sizeof szBackupItem)) + if(engineBackupForCriticalFunctions && CreateGarbageItem(&szBackupItem, sizeof(szBackupItem))) { - if(!FillGarbageItem(szBackupItem, szFileName, &szBackupFile, sizeof szBackupItem)) + if(!FillGarbageItem(szBackupItem, szFileName, &szBackupFile, sizeof(szBackupItem))) { - RtlZeroMemory(&szBackupItem, sizeof szBackupItem); + RtlZeroMemory(&szBackupItem, sizeof(szBackupItem)); lstrcpyW(szBackupFile, szFileName); } } else { - RtlZeroMemory(&szBackupItem, sizeof szBackupItem); + RtlZeroMemory(&szBackupItem, sizeof(szBackupItem)); lstrcpyW(szBackupFile, szFileName); } if(MapFileExW(szBackupFile, UE_ACCESS_ALL, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL)) @@ -509,7 +509,7 @@ __declspec(dllexport) long TITCALL AddNewSectionEx(char* szFileName, char* szSec } } -__declspec(dllexport) long TITCALL AddNewSectionExW(wchar_t* szFileName, char* szSectionName, DWORD SectionSize, DWORD SectionAttributes, LPVOID SectionContent, DWORD ContentSize) +__declspec(dllexport) long TITCALL AddNewSectionExW(wchar_t* szFileName, const char* szSectionName, DWORD SectionSize, DWORD SectionAttributes, LPVOID SectionContent, DWORD ContentSize) { bool OverlayHasBeenRemoved = false; wchar_t szBackupOverlayFile[MAX_PATH] = {}; @@ -544,18 +544,18 @@ __declspec(dllexport) long TITCALL AddNewSectionExW(wchar_t* szFileName, char* s SectionSize = ContentSize; } - if(engineBackupForCriticalFunctions && CreateGarbageItem(&szBackupItem, sizeof szBackupItem)) + if(engineBackupForCriticalFunctions && CreateGarbageItem(&szBackupItem, sizeof(szBackupItem))) { - if(!FillGarbageItem(szBackupItem, szFileName, &szBackupFile, sizeof szBackupItem)) + if(!FillGarbageItem(szBackupItem, szFileName, &szBackupFile, sizeof(szBackupItem))) { - RtlZeroMemory(&szBackupItem, sizeof szBackupItem); + RtlZeroMemory(&szBackupItem, sizeof(szBackupItem)); lstrcpyW(szBackupFile, szFileName); } if(FindOverlayW(szBackupFile, NULL, NULL)) { - if(!FillGarbageItem(szBackupItem, NULL, &szBackupOverlayFile, sizeof szBackupItem)) + if(!FillGarbageItem(szBackupItem, NULL, &szBackupOverlayFile, sizeof(szBackupItem))) { - RtlZeroMemory(&szBackupOverlayFile, sizeof szBackupOverlayFile); + RtlZeroMemory(&szBackupOverlayFile, sizeof(szBackupOverlayFile)); } else { @@ -568,7 +568,7 @@ __declspec(dllexport) long TITCALL AddNewSectionExW(wchar_t* szFileName, char* s } else { - RtlZeroMemory(&szBackupItem, sizeof szBackupItem); + RtlZeroMemory(&szBackupItem, sizeof(szBackupItem)); lstrcpyW(szBackupFile, szFileName); } if(MapFileExW(szBackupFile, UE_ACCESS_READ, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL)) @@ -608,7 +608,7 @@ __declspec(dllexport) long TITCALL AddNewSectionExW(wchar_t* szFileName, char* s { SectionSize = alignedSectionSize; } - SpaceLeft = PESections->PointerToRawData - (SectionNumber * IMAGE_SIZEOF_SECTION_HEADER) - DOSHeader->e_lfanew - sizeof IMAGE_NT_HEADERS32; + SpaceLeft = PESections->PointerToRawData - (SectionNumber * IMAGE_SIZEOF_SECTION_HEADER) - DOSHeader->e_lfanew - sizeof(IMAGE_NT_HEADERS32); PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + (SectionNumber - 1) * IMAGE_SIZEOF_SECTION_HEADER); LastSectionRawSize = (PESections->SizeOfRawData / PEHeader32->OptionalHeader.FileAlignment) * PEHeader32->OptionalHeader.FileAlignment; if(LastSectionRawSize < PESections->SizeOfRawData) @@ -641,7 +641,7 @@ __declspec(dllexport) long TITCALL AddNewSectionExW(wchar_t* szFileName, char* s { SectionSize = alignedSectionSize; } - SpaceLeft = PESections->PointerToRawData - (SectionNumber * IMAGE_SIZEOF_SECTION_HEADER) - DOSHeader->e_lfanew - sizeof IMAGE_NT_HEADERS64; + SpaceLeft = PESections->PointerToRawData - (SectionNumber * IMAGE_SIZEOF_SECTION_HEADER) - DOSHeader->e_lfanew - sizeof(IMAGE_NT_HEADERS64); PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + (SectionNumber - 1) * IMAGE_SIZEOF_SECTION_HEADER); LastSectionRawSize = (PESections->SizeOfRawData / PEHeader64->OptionalHeader.FileAlignment) * PEHeader64->OptionalHeader.FileAlignment; if(LastSectionRawSize < PESections->SizeOfRawData) @@ -746,7 +746,7 @@ __declspec(dllexport) long TITCALL AddNewSectionExW(wchar_t* szFileName, char* s { if(CopyFileW(szBackupFile, szFileName, false)) { - if(OverlayHasBeenRemoved && !AddOverlayW(szFileName, szBackupOverlayFile)) + if(OverlayHasBeenRemoved && !AddOverlayW((wchar_t*)szFileName, szBackupOverlayFile)) { RemoveGarbageItem(szBackupItem, true); return(0); @@ -828,7 +828,7 @@ __declspec(dllexport) long TITCALL AddNewSectionExW(wchar_t* szFileName, char* s { if(CopyFileW(szBackupFile, szFileName, false)) { - if(OverlayHasBeenRemoved && !AddOverlayW(szFileName, szBackupOverlayFile)) + if(OverlayHasBeenRemoved && !AddOverlayW((wchar_t*)szFileName, szBackupOverlayFile)) { RemoveGarbageItem(szBackupItem, true); return(0); @@ -872,7 +872,7 @@ __declspec(dllexport) long TITCALL AddNewSection(char* szFileName, char* szSecti return AddNewSectionEx(szFileName, szSectionName, SectionSize, NULL, NULL, NULL); } -__declspec(dllexport) long TITCALL AddNewSectionW(wchar_t* szFileName, char* szSectionName, DWORD SectionSize) +__declspec(dllexport) long TITCALL AddNewSectionW(wchar_t* szFileName, const char* szSectionName, DWORD SectionSize) { return AddNewSectionExW(szFileName, szSectionName, SectionSize, NULL, NULL, NULL); } @@ -908,17 +908,17 @@ __declspec(dllexport) bool TITCALL ResizeLastSectionW(wchar_t* szFileName, DWORD HANDLE FileMap; ULONG_PTR FileMapVA; - if(engineBackupForCriticalFunctions && CreateGarbageItem(&szBackupItem, sizeof szBackupItem)) + if(engineBackupForCriticalFunctions && CreateGarbageItem(&szBackupItem, sizeof(szBackupItem))) { - if(!FillGarbageItem(szBackupItem, szFileName, &szBackupFile, sizeof szBackupItem)) + if(!FillGarbageItem(szBackupItem, szFileName, &szBackupFile, sizeof(szBackupItem))) { - RtlZeroMemory(&szBackupItem, sizeof szBackupItem); + RtlZeroMemory(&szBackupItem, sizeof(szBackupItem)); lstrcpyW(szBackupFile, szFileName); } } else { - RtlZeroMemory(&szBackupItem, sizeof szBackupItem); + RtlZeroMemory(&szBackupItem, sizeof(szBackupItem)); lstrcpyW(szBackupFile, szFileName); } if(MapFileExW(szBackupFile, UE_ACCESS_ALL, &FileHandle, &FileSize, &FileMap, &FileMapVA, NumberOfExpandBytes)) @@ -1125,17 +1125,17 @@ __declspec(dllexport) bool TITCALL DeleteLastSectionW(wchar_t* szFileName) HANDLE FileMap; ULONG_PTR FileMapVA; - if(engineBackupForCriticalFunctions && CreateGarbageItem(&szBackupItem, sizeof szBackupItem)) + if(engineBackupForCriticalFunctions && CreateGarbageItem(&szBackupItem, sizeof(szBackupItem))) { - if(!FillGarbageItem(szBackupItem, szFileName, &szBackupFile, sizeof szBackupItem)) + if(!FillGarbageItem(szBackupItem, szFileName, &szBackupFile, sizeof(szBackupItem))) { - RtlZeroMemory(&szBackupItem, sizeof szBackupItem); + RtlZeroMemory(&szBackupItem, sizeof(szBackupItem)); lstrcpyW(szBackupFile, szFileName); } } else { - RtlZeroMemory(&szBackupItem, sizeof szBackupItem); + RtlZeroMemory(&szBackupItem, sizeof(szBackupItem)); lstrcpyW(szBackupFile, szFileName); } if(MapFileExW(szBackupFile, UE_ACCESS_ALL, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL)) @@ -1322,17 +1322,17 @@ __declspec(dllexport) bool TITCALL WipeSectionW(wchar_t* szFileName, int WipeSec HANDLE FileMap; ULONG_PTR FileMapVA; - if(engineBackupForCriticalFunctions && CreateGarbageItem(&szBackupItem, sizeof szBackupItem)) + if(engineBackupForCriticalFunctions && CreateGarbageItem(&szBackupItem, sizeof(szBackupItem))) { - if(!FillGarbageItem(szBackupItem, szFileName, &szBackupFile, sizeof szBackupItem)) + if(!FillGarbageItem(szBackupItem, szFileName, &szBackupFile, sizeof(szBackupItem))) { - RtlZeroMemory(&szBackupItem, sizeof szBackupItem); + RtlZeroMemory(&szBackupItem, sizeof(szBackupItem)); lstrcpyW(szBackupFile, szFileName); } } else { - RtlZeroMemory(&szBackupItem, sizeof szBackupItem); + RtlZeroMemory(&szBackupItem, sizeof(szBackupItem)); lstrcpyW(szBackupFile, szFileName); } if(MapFileExW(szBackupFile, UE_ACCESS_ALL, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL)) diff --git a/TitanEngine/TitanEngine.PE.cpp b/TitanEngine/TitanEngine.PE.cpp index 7ba2837..dd87614 100644 --- a/TitanEngine/TitanEngine.PE.cpp +++ b/TitanEngine/TitanEngine.PE.cpp @@ -60,7 +60,7 @@ __declspec(dllexport) bool TITCALL PastePEHeaderW(HANDLE hProcess, LPVOID ImageB { PEHeader32 = (PIMAGE_NT_HEADERS32)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew); PEHeader64 = (PIMAGE_NT_HEADERS64)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew); - CalculatedHeaderSize = DOSHeader->e_lfanew + sizeof IMAGE_DOS_HEADER + sizeof IMAGE_NT_HEADERS64; + CalculatedHeaderSize = DOSHeader->e_lfanew + sizeof(IMAGE_DOS_HEADER) + sizeof(IMAGE_NT_HEADERS64); if(CalculatedHeaderSize > 0x1000) { SetFilePointer(hFile, NULL, NULL, FILE_BEGIN); @@ -73,7 +73,7 @@ __declspec(dllexport) bool TITCALL PastePEHeaderW(HANDLE hProcess, LPVOID ImageB } if(PEHeader32->OptionalHeader.Magic == 0x10B) { - if(ReadProcessMemory(hProcess, (LPVOID)((ULONG_PTR)ImageBase + DOSHeader->e_lfanew), &RemotePEHeader32, sizeof IMAGE_NT_HEADERS32, &ueNumberOfBytesRead)) + if(ReadProcessMemory(hProcess, (LPVOID)((ULONG_PTR)ImageBase + DOSHeader->e_lfanew), &RemotePEHeader32, sizeof(IMAGE_NT_HEADERS32), &ueNumberOfBytesRead)) { PEHeaderSize = PEHeader32->FileHeader.NumberOfSections * IMAGE_SIZEOF_SECTION_HEADER + PEHeader32->FileHeader.SizeOfOptionalHeader + sizeof(IMAGE_FILE_HEADER) + 4; FileIs64 = false; @@ -81,7 +81,7 @@ __declspec(dllexport) bool TITCALL PastePEHeaderW(HANDLE hProcess, LPVOID ImageB } else if(PEHeader32->OptionalHeader.Magic == 0x20B) { - if(ReadProcessMemory(hProcess, (LPVOID)((ULONG_PTR)ImageBase + DOSHeader->e_lfanew), &RemotePEHeader64, sizeof IMAGE_NT_HEADERS32, &ueNumberOfBytesRead)) + if(ReadProcessMemory(hProcess, (LPVOID)((ULONG_PTR)ImageBase + DOSHeader->e_lfanew), &RemotePEHeader64, sizeof(IMAGE_NT_HEADERS32), &ueNumberOfBytesRead)) { PEHeaderSize = PEHeader64->FileHeader.NumberOfSections * IMAGE_SIZEOF_SECTION_HEADER + PEHeader64->FileHeader.SizeOfOptionalHeader + sizeof(IMAGE_FILE_HEADER) + 4; FileIs64 = true; diff --git a/TitanEngine/TitanEngine.Realigner.cpp b/TitanEngine/TitanEngine.Realigner.cpp index 1890bfa..a7a2456 100644 --- a/TitanEngine/TitanEngine.Realigner.cpp +++ b/TitanEngine/TitanEngine.Realigner.cpp @@ -250,17 +250,17 @@ __declspec(dllexport) long TITCALL RealignPEExW(wchar_t* szFileName, DWORD Reali HANDLE FileMap; ULONG_PTR FileMapVA; - if(engineBackupForCriticalFunctions && CreateGarbageItem(&szBackupItem, sizeof szBackupItem)) + if(engineBackupForCriticalFunctions && CreateGarbageItem(&szBackupItem, sizeof(szBackupItem))) { - if(!FillGarbageItem(szBackupItem, szFileName, &szBackupFile, sizeof szBackupItem)) + if(!FillGarbageItem(szBackupItem, szFileName, &szBackupFile, sizeof(szBackupItem))) { - RtlZeroMemory(&szBackupItem, sizeof szBackupItem); + RtlZeroMemory(&szBackupItem, sizeof(szBackupItem)); lstrcpyW(szBackupFile, szFileName); } } else { - RtlZeroMemory(&szBackupItem, sizeof szBackupItem); + RtlZeroMemory(&szBackupItem, sizeof(szBackupItem)); lstrcpyW(szBackupFile, szFileName); } if(MapFileExW(szBackupFile, UE_ACCESS_ALL, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL)) diff --git a/TitanEngine/TitanEngine.Relocator.cpp b/TitanEngine/TitanEngine.Relocator.cpp index 7456158..99fa44c 100644 --- a/TitanEngine/TitanEngine.Relocator.cpp +++ b/TitanEngine/TitanEngine.Relocator.cpp @@ -48,7 +48,7 @@ __declspec(dllexport) void TITCALL RelocaterAddNewRelocation(HANDLE hProcess, UL DWORD CompareDummy = NULL; DWORD CopyDummy = NULL; - VirtualQueryEx(hProcess, (LPVOID)RelocateAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); + VirtualQueryEx(hProcess, (LPVOID)RelocateAddress, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION)); if(MemInfo.BaseAddress != RelocationLastPage || RelocationLastPage == NULL) { RelocationLastPage = MemInfo.BaseAddress; @@ -243,7 +243,7 @@ __declspec(dllexport) bool TITCALL RelocaterGrabRelocationTable(HANDLE hProcess, if(RelocationData != NULL) { - VirtualQueryEx(hProcess, (LPVOID)MemoryStart, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); + VirtualQueryEx(hProcess, (LPVOID)MemoryStart, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION)); OldProtect = MemInfo.Protect; VirtualProtectEx(hProcess, (LPVOID)MemoryStart, MemorySize, PAGE_EXECUTE_READWRITE, &OldProtect); if(ReadProcessMemory(hProcess, (LPVOID)MemoryStart, RelocationData, MemorySize, &ueNumberOfBytesRead)) @@ -271,9 +271,9 @@ __declspec(dllexport) bool TITCALL RelocaterGrabRelocationTableEx(HANDLE hProces if(RelocationData != NULL) { - VirtualQueryEx(hProcess, (LPVOID)MemoryStart, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); + VirtualQueryEx(hProcess, (LPVOID)MemoryStart, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION)); OldProtect = MemInfo.Protect; - VirtualQueryEx(hProcess, (LPVOID)MemInfo.BaseAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); + VirtualQueryEx(hProcess, (LPVOID)MemInfo.BaseAddress, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION)); if(MemInfo.RegionSize < MemorySize || MemorySize == NULL) { MemorySize = MemInfo.RegionSize; @@ -382,7 +382,7 @@ __declspec(dllexport) bool TITCALL RelocaterCompareTwoSnapshotsW(HANDLE hProcess { if(memcmp(Search1, Search2, 1) != 0) { - i = sizeof HANDLE; + i = sizeof(HANDLE); RelativeBase = NULL; bkSearch1 = Search1; bkSearch2 = Search2; @@ -395,7 +395,7 @@ __declspec(dllexport) bool TITCALL RelocaterCompareTwoSnapshotsW(HANDLE hProcess } while(i > NULL && RelativeBase == NULL) { - RtlMoveMemory(&ReadData, Search2, sizeof HANDLE); + RtlMoveMemory(&ReadData, Search2, sizeof(HANDLE)); if(ReadData >= LoadedImageBase && ReadData <= NtSizeOfImage) { RelativeBase++; @@ -417,9 +417,9 @@ __declspec(dllexport) bool TITCALL RelocaterCompareTwoSnapshotsW(HANDLE hProcess else { RelocaterAddNewRelocation(hProcess, MemStart + ((ULONG_PTR)Search2 - (ULONG_PTR)FileMapVA2), NULL); - Search1 = (LPVOID)((ULONG_PTR)Search1 + sizeof HANDLE - 1); - Search2 = (LPVOID)((ULONG_PTR)Search2 + sizeof HANDLE - 1); - SearchSize = SearchSize - sizeof HANDLE + 1; + Search1 = (LPVOID)((ULONG_PTR)Search1 + sizeof(HANDLE) - 1); + Search2 = (LPVOID)((ULONG_PTR)Search2 + sizeof(HANDLE) - 1); + SearchSize = SearchSize - sizeof(HANDLE) + 1; } } Search1 = (LPVOID)((ULONG_PTR)Search1 + 1); @@ -482,17 +482,17 @@ __declspec(dllexport) bool TITCALL RelocaterChangeFileBaseW(wchar_t* szFileName, wchar_t szBackupFile[MAX_PATH] = {}; wchar_t szBackupItem[MAX_PATH] = {}; - if(engineBackupForCriticalFunctions && CreateGarbageItem(&szBackupItem, sizeof szBackupItem)) + if(engineBackupForCriticalFunctions && CreateGarbageItem(&szBackupItem, sizeof(szBackupItem))) { - if(!FillGarbageItem(szBackupItem, szFileName, &szBackupFile, sizeof szBackupItem)) + if(!FillGarbageItem(szBackupItem, szFileName, &szBackupFile, sizeof(szBackupItem))) { - RtlZeroMemory(&szBackupItem, sizeof szBackupItem); + RtlZeroMemory(&szBackupItem, sizeof(szBackupItem)); lstrcpyW(szBackupFile, szFileName); } } else { - RtlZeroMemory(&szBackupItem, sizeof szBackupItem); + RtlZeroMemory(&szBackupItem, sizeof(szBackupItem)); lstrcpyW(szBackupFile, szFileName); } if(MapFileExW(szBackupFile, UE_ACCESS_ALL, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL)) diff --git a/TitanEngine/TitanEngine.Resourcer.cpp b/TitanEngine/TitanEngine.Resourcer.cpp index d9e6413..1abace5 100644 --- a/TitanEngine/TitanEngine.Resourcer.cpp +++ b/TitanEngine/TitanEngine.Resourcer.cpp @@ -181,13 +181,13 @@ __declspec(dllexport) bool TITCALL ResourcerFindResourceEx(ULONG_PTR FileMapVA, PEResource = (PIMAGE_RESOURCE_DIRECTORY)(ConvertVAtoFileOffsetEx(FileMapVA, FileSize, (ULONG_PTR)GetPE32DataFromMappedFile(FileMapVA, NULL, UE_IMAGEBASE), (ULONG_PTR)GetPE32DataFromMappedFile(FileMapVA, NULL, UE_RESOURCETABLEADDRESS), true, true)); if(PEResource != NULL) { - PEResourceDir = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PEResource + sizeof IMAGE_RESOURCE_DIRECTORY); + PEResourceDir = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PEResource + sizeof(IMAGE_RESOURCE_DIRECTORY)); i = PEResource->NumberOfIdEntries + PEResource->NumberOfNamedEntries; PEResourcePtr = PEResource; while(i > NULL) { PESubResourcePtr1 = (PIMAGE_RESOURCE_DIRECTORY)((ULONG_PTR)PEResourcePtr + (PEResourceDir->OffsetToData ^ IMAGE_RESOURCE_DATA_IS_DIRECTORY)); - PEResourceDir1 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PESubResourcePtr1 + sizeof IMAGE_RESOURCE_DIRECTORY); + PEResourceDir1 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PESubResourcePtr1 + sizeof(IMAGE_RESOURCE_DIRECTORY)); j = PESubResourcePtr1->NumberOfIdEntries + PESubResourcePtr1->NumberOfNamedEntries; uniResourceType = (wchar_t*)((ULONG_PTR)PEResourcePtr + PEResourceDir->NameOffset); if(((bool)PEResourceDir->NameIsString == true && EngineCompareResourceString(uniResourceType, szResourceType) == true) || ((bool)PEResourceDir->NameIsString == false && PEResourceDir->Id == ResourceType)) @@ -195,7 +195,7 @@ __declspec(dllexport) bool TITCALL ResourcerFindResourceEx(ULONG_PTR FileMapVA, while(j > NULL) { PESubResourcePtr2 = (PIMAGE_RESOURCE_DIRECTORY)((ULONG_PTR)PEResourcePtr + (PEResourceDir1->OffsetToData ^ IMAGE_RESOURCE_DATA_IS_DIRECTORY)); - PEResourceDir2 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PESubResourcePtr2 + sizeof IMAGE_RESOURCE_DIRECTORY); + PEResourceDir2 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PESubResourcePtr2 + sizeof(IMAGE_RESOURCE_DIRECTORY)); n = PESubResourcePtr2->NumberOfIdEntries + PESubResourcePtr2->NumberOfNamedEntries; uniResourceName = (wchar_t*)((ULONG_PTR)PEResourcePtr + PEResourceDir1->NameOffset); if(((bool)PEResourceDir1->NameIsString == true && EngineCompareResourceString(uniResourceName, szResourceName) == true) || ((bool)PEResourceDir1->NameIsString == false && PEResourceDir1->Id == ResourceName)) @@ -209,23 +209,23 @@ __declspec(dllexport) bool TITCALL ResourcerFindResourceEx(ULONG_PTR FileMapVA, *pResourceSize = PEResourceItem->Size; return true; } - PEResourceDir2 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PEResourceDir2 + sizeof IMAGE_RESOURCE_DIRECTORY_ENTRY); + PEResourceDir2 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PEResourceDir2 + sizeof(IMAGE_RESOURCE_DIRECTORY_ENTRY)); n--; } } else { - PEResourceDir2 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PEResourceDir2 + sizeof IMAGE_RESOURCE_DIRECTORY_ENTRY * n); + PEResourceDir2 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PEResourceDir2 + sizeof(IMAGE_RESOURCE_DIRECTORY_ENTRY) * n); } - PEResourceDir1 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PEResourceDir1 + sizeof IMAGE_RESOURCE_DIRECTORY_ENTRY); + PEResourceDir1 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PEResourceDir1 + sizeof(IMAGE_RESOURCE_DIRECTORY_ENTRY)); j--; } } else { - PEResourceDir1 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PEResourceDir1 + sizeof IMAGE_RESOURCE_DIRECTORY_ENTRY * j); + PEResourceDir1 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PEResourceDir1 + sizeof(IMAGE_RESOURCE_DIRECTORY_ENTRY) * j); } - PEResourceDir = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PEResourceDir + sizeof IMAGE_RESOURCE_DIRECTORY_ENTRY); + PEResourceDir = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PEResourceDir + sizeof(IMAGE_RESOURCE_DIRECTORY_ENTRY)); i--; } } @@ -295,18 +295,18 @@ __declspec(dllexport) void TITCALL ResourcerEnumerateResourceEx(ULONG_PTR FileMa PEResource = (PIMAGE_RESOURCE_DIRECTORY)(ConvertVAtoFileOffsetEx(FileMapVA, FileSize, (ULONG_PTR)GetPE32DataFromMappedFile(FileMapVA, NULL, UE_IMAGEBASE), (ULONG_PTR)GetPE32DataFromMappedFile(FileMapVA, NULL, UE_RESOURCETABLEADDRESS), true, true)); if(PEResource != NULL) { - PEResourceDir = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PEResource + sizeof IMAGE_RESOURCE_DIRECTORY); + PEResourceDir = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PEResource + sizeof(IMAGE_RESOURCE_DIRECTORY)); i = PEResource->NumberOfIdEntries + PEResource->NumberOfNamedEntries; PEResourcePtr = PEResource; while(i > NULL) { PESubResourcePtr1 = (PIMAGE_RESOURCE_DIRECTORY)((ULONG_PTR)PEResourcePtr + (PEResourceDir->OffsetToData ^ IMAGE_RESOURCE_DATA_IS_DIRECTORY)); - PEResourceDir1 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PESubResourcePtr1 + sizeof IMAGE_RESOURCE_DIRECTORY); + PEResourceDir1 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PESubResourcePtr1 + sizeof(IMAGE_RESOURCE_DIRECTORY)); j = PESubResourcePtr1->NumberOfIdEntries + PESubResourcePtr1->NumberOfNamedEntries; while(j > NULL) { PESubResourcePtr2 = (PIMAGE_RESOURCE_DIRECTORY)((ULONG_PTR)PEResourcePtr + (PEResourceDir1->OffsetToData ^ IMAGE_RESOURCE_DATA_IS_DIRECTORY)); - PEResourceDir2 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PESubResourcePtr2 + sizeof IMAGE_RESOURCE_DIRECTORY); + PEResourceDir2 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PESubResourcePtr2 + sizeof(IMAGE_RESOURCE_DIRECTORY)); n = PESubResourcePtr2->NumberOfIdEntries + PESubResourcePtr2->NumberOfNamedEntries; while(n > NULL) { @@ -337,13 +337,13 @@ __declspec(dllexport) void TITCALL ResourcerEnumerateResourceEx(ULONG_PTR FileMa { return; } - PEResourceDir2 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PEResourceDir2 + sizeof IMAGE_RESOURCE_DIRECTORY_ENTRY); + PEResourceDir2 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PEResourceDir2 + sizeof(IMAGE_RESOURCE_DIRECTORY_ENTRY)); n--; } - PEResourceDir1 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PEResourceDir1 + sizeof IMAGE_RESOURCE_DIRECTORY_ENTRY); + PEResourceDir1 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PEResourceDir1 + sizeof(IMAGE_RESOURCE_DIRECTORY_ENTRY)); j--; } - PEResourceDir = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PEResourceDir + sizeof IMAGE_RESOURCE_DIRECTORY_ENTRY); + PEResourceDir = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ULONG_PTR)PEResourceDir + sizeof(IMAGE_RESOURCE_DIRECTORY_ENTRY)); i--; } } diff --git a/TitanEngine/TitanEngine.Static.cpp b/TitanEngine/TitanEngine.Static.cpp index 12e2319..65775ef 100644 --- a/TitanEngine/TitanEngine.Static.cpp +++ b/TitanEngine/TitanEngine.Static.cpp @@ -89,7 +89,11 @@ __declspec(dllexport) bool TITCALL StaticFileUnloadW(wchar_t* szFileName, bool C if(FileHandle != NULL && FileMap != NULL) { - UnMapFileEx(FileHandle, LoadedSize, FileMap, FileMapVA); + // HACK: compatibility with x64dbg + if(FileHandle != (HANDLE)-1) + { + UnMapFileEx(FileHandle, LoadedSize, FileMap, FileMapVA); + } return true; } @@ -882,7 +886,7 @@ __declspec(dllexport) bool TITCALL StaticHashMemory(void* MemoryToHash, DWORD Si } else { - RtlMoveMemory(HashDigest, &crc32, sizeof crc32); + RtlMoveMemory(HashDigest, &crc32, sizeof(crc32)); } return true; @@ -1094,7 +1098,7 @@ __declspec(dllexport) bool TITCALL StaticHashFileW(wchar_t* szFileName, char* Ha } else { - RtlMoveMemory(HashDigest, &crc32, sizeof crc32); + RtlMoveMemory(HashDigest, &crc32, sizeof(crc32)); } CloseHandle(hFile); diff --git a/TitanEngine/TitanEngine.TLS.cpp b/TitanEngine/TitanEngine.TLS.cpp index c18f36f..0423aef 100644 --- a/TitanEngine/TitanEngine.TLS.cpp +++ b/TitanEngine/TitanEngine.TLS.cpp @@ -80,14 +80,14 @@ __declspec(dllexport) bool TITCALL TLSGrabCallBackDataW(wchar_t* szFileName, LPV ULONG_PTR TLSCallBackAddress = (ULONG_PTR)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)TLSDirectoryX86->AddressOfCallBacks, true); if(TLSCallBackAddress) { - while(memcmp((LPVOID)TLSCallBackAddress, &TLSCompareData, sizeof ULONG_PTR) != NULL) + while(memcmp((LPVOID)TLSCallBackAddress, &TLSCompareData, sizeof(ULONG_PTR)) != NULL) { if(ArrayOfCallBacks) { - RtlMoveMemory(ArrayOfCallBacks, (LPVOID)TLSCallBackAddress, sizeof ULONG_PTR); - ArrayOfCallBacks = (LPVOID)((ULONG_PTR)ArrayOfCallBacks + sizeof ULONG_PTR); + RtlMoveMemory(ArrayOfCallBacks, (LPVOID)TLSCallBackAddress, sizeof(ULONG_PTR)); + ArrayOfCallBacks = (LPVOID)((ULONG_PTR)ArrayOfCallBacks + sizeof(ULONG_PTR)); } - TLSCallBackAddress = TLSCallBackAddress + sizeof ULONG_PTR; + TLSCallBackAddress = TLSCallBackAddress + sizeof(ULONG_PTR); NumberOfTLSCallBacks++; } if(NumberOfCallBacks) @@ -131,14 +131,14 @@ __declspec(dllexport) bool TITCALL TLSGrabCallBackDataW(wchar_t* szFileName, LPV ULONG_PTR TLSCallBackAddress = (ULONG_PTR)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)TLSDirectoryX64->AddressOfCallBacks, true); if(TLSCallBackAddress) { - while(memcmp((LPVOID)TLSCallBackAddress, &TLSCompareData, sizeof ULONG_PTR) != NULL) + while(memcmp((LPVOID)TLSCallBackAddress, &TLSCompareData, sizeof(ULONG_PTR)) != NULL) { if(ArrayOfCallBacks) { - RtlMoveMemory(ArrayOfCallBacks, (LPVOID)TLSCallBackAddress, sizeof ULONG_PTR); - ArrayOfCallBacks = (LPVOID)((ULONG_PTR)ArrayOfCallBacks + sizeof ULONG_PTR); + RtlMoveMemory(ArrayOfCallBacks, (LPVOID)TLSCallBackAddress, sizeof(ULONG_PTR)); + ArrayOfCallBacks = (LPVOID)((ULONG_PTR)ArrayOfCallBacks + sizeof(ULONG_PTR)); } - TLSCallBackAddress = TLSCallBackAddress + sizeof ULONG_PTR; + TLSCallBackAddress = TLSCallBackAddress + sizeof(ULONG_PTR); NumberOfTLSCallBacks++; } if(NumberOfCallBacks) @@ -367,7 +367,7 @@ __declspec(dllexport) bool TITCALL TLSRemoveTableW(wchar_t* szFileName) PIMAGE_TLS_DIRECTORY32 TLSDirectoryX86 = (PIMAGE_TLS_DIRECTORY32)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)TLSDirectoryAddress, true); PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress = NULL; PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].Size = NULL; - RtlZeroMemory(TLSDirectoryX86, sizeof IMAGE_TLS_DIRECTORY32); + RtlZeroMemory(TLSDirectoryX86, sizeof(IMAGE_TLS_DIRECTORY32)); UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA); return true; } @@ -393,7 +393,7 @@ __declspec(dllexport) bool TITCALL TLSRemoveTableW(wchar_t* szFileName) PIMAGE_TLS_DIRECTORY64 TLSDirectoryX64 = (PIMAGE_TLS_DIRECTORY64)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)TLSDirectoryAddress, true); PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress = NULL; PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].Size = NULL; - RtlZeroMemory(TLSDirectoryX64, sizeof IMAGE_TLS_DIRECTORY64); + RtlZeroMemory(TLSDirectoryX64, sizeof(IMAGE_TLS_DIRECTORY64)); UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA); return true; } @@ -443,8 +443,8 @@ __declspec(dllexport) bool TITCALL TLSBackupDataW(wchar_t* szFileName) { DWORD NumberOfTLSCallBacks = NULL; engineBackupTLSAddress = NULL; - RtlZeroMemory(&engineBackupTLSDataX86, sizeof IMAGE_TLS_DIRECTORY32); - RtlZeroMemory(&engineBackupTLSDataX64, sizeof IMAGE_TLS_DIRECTORY64); + RtlZeroMemory(&engineBackupTLSDataX86, sizeof(IMAGE_TLS_DIRECTORY32)); + RtlZeroMemory(&engineBackupTLSDataX64, sizeof(IMAGE_TLS_DIRECTORY64)); ClearTlsVector(&engineBackupArrayOfCallBacks); //clear backup array std::vector* ArrayOfCallBacks = &engineBackupArrayOfCallBacks; @@ -476,12 +476,12 @@ __declspec(dllexport) bool TITCALL TLSBackupDataW(wchar_t* szFileName) engineBackupTLSAddress = PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress; ULONG_PTR TLSDirectoryAddress = (ULONG_PTR)((ULONG_PTR)PEHeader32->OptionalHeader.ImageBase + PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress); PIMAGE_TLS_DIRECTORY32 TLSDirectoryX86 = (PIMAGE_TLS_DIRECTORY32)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)TLSDirectoryAddress, true); - RtlMoveMemory(&engineBackupTLSDataX86, (LPVOID)TLSDirectoryX86, sizeof IMAGE_TLS_DIRECTORY32); + RtlMoveMemory(&engineBackupTLSDataX86, (LPVOID)TLSDirectoryX86, sizeof(IMAGE_TLS_DIRECTORY32)); if(TLSDirectoryX86->AddressOfCallBacks != NULL) { ULONG_PTR TLSCompareData = 0; ULONG_PTR* TLSCallBackAddress = (ULONG_PTR*)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)TLSDirectoryX86->AddressOfCallBacks, true); - while(memcmp((LPVOID)TLSCallBackAddress, &TLSCompareData, sizeof ULONG_PTR) != NULL) + while(memcmp((LPVOID)TLSCallBackAddress, &TLSCompareData, sizeof(ULONG_PTR)) != NULL) { ArrayOfCallBacks->push_back(*TLSCallBackAddress); TLSCallBackAddress++; //next callback @@ -522,12 +522,12 @@ __declspec(dllexport) bool TITCALL TLSBackupDataW(wchar_t* szFileName) engineBackupTLSAddress = PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress; ULONG_PTR TLSDirectoryAddress = (ULONG_PTR)((ULONG_PTR)PEHeader64->OptionalHeader.ImageBase + PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress); PIMAGE_TLS_DIRECTORY64 TLSDirectoryX64 = (PIMAGE_TLS_DIRECTORY64)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)TLSDirectoryAddress, true); - RtlMoveMemory(&engineBackupTLSDataX64, (LPVOID)TLSDirectoryX64, sizeof IMAGE_TLS_DIRECTORY64); + RtlMoveMemory(&engineBackupTLSDataX64, (LPVOID)TLSDirectoryX64, sizeof(IMAGE_TLS_DIRECTORY64)); if(TLSDirectoryX64->AddressOfCallBacks != NULL) { ULONG_PTR TLSCompareData = 0; ULONG_PTR* TLSCallBackAddress = (ULONG_PTR*)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)TLSDirectoryX64->AddressOfCallBacks, true); - while(memcmp((LPVOID)TLSCallBackAddress, &TLSCompareData, sizeof ULONG_PTR) != NULL) + while(memcmp((LPVOID)TLSCallBackAddress, &TLSCompareData, sizeof(ULONG_PTR)) != NULL) { ArrayOfCallBacks->push_back(*TLSCallBackAddress); TLSCallBackAddress++; //next callback @@ -575,7 +575,7 @@ __declspec(dllexport) bool TITCALL TLSRestoreData() { if(engineBackupTLSx64) { - if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)(engineBackupTLSAddress + GetDebuggedFileBaseAddress()), &engineBackupTLSDataX64, sizeof IMAGE_TLS_DIRECTORY64, &ueNumberOfBytesRead)) + if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)(engineBackupTLSAddress + GetDebuggedFileBaseAddress()), &engineBackupTLSDataX64, sizeof(IMAGE_TLS_DIRECTORY64), &ueNumberOfBytesRead)) { if(engineBackupTLSDataX64.AddressOfCallBacks != NULL && engineBackupNumberOfCallBacks != NULL) { @@ -598,7 +598,7 @@ __declspec(dllexport) bool TITCALL TLSRestoreData() } else { - if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)(engineBackupTLSAddress + GetDebuggedFileBaseAddress()), &engineBackupTLSDataX86, sizeof IMAGE_TLS_DIRECTORY32, &ueNumberOfBytesRead)) + if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)(engineBackupTLSAddress + GetDebuggedFileBaseAddress()), &engineBackupTLSDataX86, sizeof(IMAGE_TLS_DIRECTORY32), &ueNumberOfBytesRead)) { if(engineBackupTLSDataX86.AddressOfCallBacks != NULL && engineBackupNumberOfCallBacks != NULL) { @@ -651,13 +651,13 @@ __declspec(dllexport) bool TITCALL TLSBuildNewTable(ULONG_PTR FileMapVA, ULONG_P __try { PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress = (DWORD)StorePlaceRVA; - PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].Size = sizeof IMAGE_TLS_DIRECTORY32; + PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].Size = sizeof(IMAGE_TLS_DIRECTORY32); PIMAGE_TLS_DIRECTORY32 TLSDirectoryX86 = (PIMAGE_TLS_DIRECTORY32)StorePlace; TLSDirectoryX86->StartAddressOfRawData = (DWORD)TLSWriteData; TLSDirectoryX86->EndAddressOfRawData = (DWORD)TLSWriteData + 0x10; TLSDirectoryX86->AddressOfIndex = (DWORD)TLSWriteData + 0x14; - TLSDirectoryX86->AddressOfCallBacks = (DWORD)TLSWriteData + sizeof IMAGE_TLS_DIRECTORY32 + 8; - RtlMoveMemory((LPVOID)(StorePlace + sizeof IMAGE_TLS_DIRECTORY32 + 8), ArrayOfCallBacks, NumberOfCallBacks * 4); + TLSDirectoryX86->AddressOfCallBacks = (DWORD)TLSWriteData + sizeof(IMAGE_TLS_DIRECTORY32) + 8; + RtlMoveMemory((LPVOID)(StorePlace + sizeof(IMAGE_TLS_DIRECTORY32) + 8), ArrayOfCallBacks, NumberOfCallBacks * 4); return true; } __except(EXCEPTION_EXECUTE_HANDLER) @@ -670,13 +670,13 @@ __declspec(dllexport) bool TITCALL TLSBuildNewTable(ULONG_PTR FileMapVA, ULONG_P __try { PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress = (DWORD)StorePlaceRVA; - PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].Size = sizeof IMAGE_TLS_DIRECTORY64; + PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].Size = sizeof(IMAGE_TLS_DIRECTORY64); PIMAGE_TLS_DIRECTORY64 TLSDirectoryX64 = (PIMAGE_TLS_DIRECTORY64)StorePlace; TLSDirectoryX64->StartAddressOfRawData = TLSWriteData; TLSDirectoryX64->EndAddressOfRawData = TLSWriteData + 0x20; TLSDirectoryX64->AddressOfIndex = TLSWriteData + 0x28; - TLSDirectoryX64->AddressOfCallBacks = TLSWriteData + sizeof IMAGE_TLS_DIRECTORY64 + 12; - RtlMoveMemory((LPVOID)(StorePlace + sizeof IMAGE_TLS_DIRECTORY64 + 12), ArrayOfCallBacks, NumberOfCallBacks * 8); + TLSDirectoryX64->AddressOfCallBacks = TLSWriteData + sizeof(IMAGE_TLS_DIRECTORY64) + 12; + RtlMoveMemory((LPVOID)(StorePlace + sizeof(IMAGE_TLS_DIRECTORY64) + 12), ArrayOfCallBacks, NumberOfCallBacks * 8); return true; } __except(EXCEPTION_EXECUTE_HANDLER) @@ -707,7 +707,7 @@ __declspec(dllexport) bool TITCALL TLSBuildNewTableEx(char* szFileName, char* sz __declspec(dllexport) bool TITCALL TLSBuildNewTableExW(wchar_t* szFileName, char* szSectionName, LPVOID ArrayOfCallBacks, DWORD NumberOfCallBacks) { ULONG_PTR tlsImageBase = (ULONG_PTR)GetPE32DataW(szFileName, NULL, UE_IMAGEBASE); - DWORD NewSectionVO = AddNewSectionW(szFileName, szSectionName, sizeof IMAGE_TLS_DIRECTORY64 * 2); + DWORD NewSectionVO = AddNewSectionW(szFileName, szSectionName, sizeof(IMAGE_TLS_DIRECTORY64) * 2); HANDLE FileHandle; DWORD FileSize; HANDLE FileMap; diff --git a/TitanEngine/TitanEngine.Tracer.cpp b/TitanEngine/TitanEngine.Tracer.cpp index 876f452..6cae88d 100644 --- a/TitanEngine/TitanEngine.Tracer.cpp +++ b/TitanEngine/TitanEngine.Tracer.cpp @@ -33,7 +33,7 @@ static ULONG_PTR EngineGlobalTracerHandler1(HANDLE hProcess, ULONG_PTR AddressTo bool SkipHashing = false; BYTE EmptyCall[5] = {0xE8, 0x00, 0x00, 0x00, 0x00}; - if(VirtualQueryEx(hProcess, (LPVOID)AddressToTrace, &MemInfo, sizeof MEMORY_BASIC_INFORMATION) != NULL) + if(VirtualQueryEx(hProcess, (LPVOID)AddressToTrace, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION)) != NULL) { if(MemInfo.RegionSize > NULL) { @@ -640,8 +640,8 @@ __declspec(dllexport) ULONG_PTR TITCALL HashTracerLevel1(HANDLE hProcess, ULONG_ if(!FoundAPI) { DOSHeader = (PIMAGE_DOS_HEADER)LoadedModules[i][1]; - RtlZeroMemory(&RemoteModuleInfo, sizeof MODULEINFO); - GetModuleInformation(hProcess, (HMODULE)LoadedModules[i][1], &RemoteModuleInfo, sizeof MODULEINFO); + RtlZeroMemory(&RemoteModuleInfo, sizeof(MODULEINFO)); + GetModuleInformation(hProcess, (HMODULE)LoadedModules[i][1], &RemoteModuleInfo, sizeof(MODULEINFO)); if(ValidateHeader || EngineValidateHeader((ULONG_PTR)LoadedModules[i][1], hProcess, RemoteModuleInfo.lpBaseOfDll, DOSHeader, false)) { PEHeader32 = (PIMAGE_NT_HEADERS32)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew); @@ -719,7 +719,7 @@ __declspec(dllexport) long TITCALL TracerDetectRedirection(HANDLE hProcess, ULON LPVOID TraceMemory; bool HashCheck = false; - VirtualQueryEx(hProcess, (LPVOID)AddressToTrace, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); + VirtualQueryEx(hProcess, (LPVOID)AddressToTrace, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION)); if(MemInfo.RegionSize > NULL) { MaximumReadSize = (DWORD)((ULONG_PTR)MemInfo.AllocationBase + MemInfo.RegionSize - AddressToTrace); @@ -732,7 +732,7 @@ __declspec(dllexport) long TITCALL TracerDetectRedirection(HANDLE hProcess, ULON { HashCheck = true; } - if(sizeof HANDLE == 4) + if(sizeof(HANDLE) == 4) { TraceMemory = tracemem.Allocate(MaximumReadSize); if(!TraceMemory) @@ -1126,7 +1126,7 @@ __declspec(dllexport) ULONG_PTR TITCALL TracerFixKnownRedirection(HANDLE hProces DWORD MaximumReadSize = 0x1000; cMem = (PMEMORY_CMP_HANDLER)TracerReadMemory; - VirtualQueryEx(hProcess, (LPVOID)AddressToTrace, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); + VirtualQueryEx(hProcess, (LPVOID)AddressToTrace, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION)); if(MemInfo.RegionSize > NULL) { MaximumReadSize = (DWORD)((ULONG_PTR)MemInfo.BaseAddress + MemInfo.RegionSize - AddressToTrace); @@ -1475,7 +1475,7 @@ __declspec(dllexport) long TITCALL TracerFixRedirectionViaImpRecPlugin(HANDLE hP fImpRecTrace = fImpRecTrace - (ULONG_PTR)hImpRecModule; remCodeData = VirtualAllocEx(hProcess, NULL, remInjectSize, MEM_COMMIT, PAGE_READWRITE); remStringData = VirtualAllocEx(hProcess, NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE); - RtlZeroMemory(&APIData, sizeof InjectImpRecCodeData); + RtlZeroMemory(&APIData, sizeof(InjectImpRecCodeData)); APIData.fTrace = fImpRecTrace + (ULONG_PTR)ImporterGetRemoteDLLBase(hProcess, hImpRecModule); APIData.AddressToTrace = (ULONG_PTR)TraceAddress; APIData.fCreateFileA = (ULONG_PTR)ImporterGetRemoteAPIAddress(hProcess, (ULONG_PTR)GetProcAddress(GetModuleHandleA("kernel32.dll"), "CreateFileA")); @@ -1483,8 +1483,8 @@ __declspec(dllexport) long TITCALL TracerFixRedirectionViaImpRecPlugin(HANDLE hP APIData.fCloseHandle = (ULONG_PTR)ImporterGetRemoteAPIAddress(hProcess, (ULONG_PTR)GetProcAddress(GetModuleHandleA("kernel32.dll"), "CloseHandle")); if(WriteProcessMemory(hProcess, remCodeData, (LPCVOID)&injectedImpRec, remInjectSize, &NumberOfBytesWritten)) { - WriteProcessMemory(hProcess, remStringData, &APIData, sizeof InjectImpRecCodeData, &NumberOfBytesWritten); - WriteProcessMemory(hProcess, (LPVOID)((ULONG_PTR)remStringData + sizeof InjectImpRecCodeData), (LPCVOID)szGarbageFile, lstrlenA((LPSTR)szGarbageFile), &NumberOfBytesWritten); + WriteProcessMemory(hProcess, remStringData, &APIData, sizeof(InjectImpRecCodeData), &NumberOfBytesWritten); + WriteProcessMemory(hProcess, (LPVOID)((ULONG_PTR)remStringData + sizeof(InjectImpRecCodeData)), (LPCVOID)szGarbageFile, lstrlenA((LPSTR)szGarbageFile), &NumberOfBytesWritten); hThread = CreateRemoteThread(hProcess, NULL, NULL, (LPTHREAD_START_ROUTINE)remCodeData, remStringData, CREATE_SUSPENDED, &ThreadId); NtSetInformationThread(hThread, ThreadHideFromDebugger, NULL, NULL); diff --git a/TitanEngine/definitions.h b/TitanEngine/definitions.h index 50ad883..2edf912 100644 --- a/TitanEngine/definitions.h +++ b/TitanEngine/definitions.h @@ -43,9 +43,9 @@ __declspec(dllexport) bool TITCALL RemoveOverlayW(wchar_t* szFileName); __declspec(dllexport) bool TITCALL MakeAllSectionsRWE(char* szFileName); __declspec(dllexport) bool TITCALL MakeAllSectionsRWEW(wchar_t* szFileName); __declspec(dllexport) long TITCALL AddNewSectionEx(char* szFileName, char* szSectionName, DWORD SectionSize, DWORD SectionAttributes, LPVOID SectionContent, DWORD ContentSize); -__declspec(dllexport) long TITCALL AddNewSectionExW(wchar_t* szFileName, char* szSectionName, DWORD SectionSize, DWORD SectionAttributes, LPVOID SectionContent, DWORD ContentSize); +__declspec(dllexport) long TITCALL AddNewSectionExW(wchar_t* szFileName, const char* szSectionName, DWORD SectionSize, DWORD SectionAttributes, LPVOID SectionContent, DWORD ContentSize); __declspec(dllexport) long TITCALL AddNewSection(char* szFileName, char* szSectionName, DWORD SectionSize); -__declspec(dllexport) long TITCALL AddNewSectionW(wchar_t* szFileName, char* szSectionName, DWORD SectionSize); +__declspec(dllexport) long TITCALL AddNewSectionW(wchar_t* szFileName, const char* szSectionName, DWORD SectionSize); __declspec(dllexport) bool TITCALL ResizeLastSection(char* szFileName, DWORD NumberOfExpandBytes, bool AlignResizeData); __declspec(dllexport) bool TITCALL ResizeLastSectionW(wchar_t* szFileName, DWORD NumberOfExpandBytes, bool AlignResizeData); __declspec(dllexport) void TITCALL SetSharedOverlay(char* szFileName); @@ -293,8 +293,8 @@ __declspec(dllexport) void TITCALL ImporterAutoSearchIAT(DWORD ProcessId, char* __declspec(dllexport) void TITCALL ImporterAutoSearchIATW(DWORD ProcessIds, wchar_t* szFileName, ULONG_PTR SearchStart, LPVOID pIATStart, LPVOID pIATSize); __declspec(dllexport) void TITCALL ImporterAutoSearchIATEx(DWORD ProcessId, ULONG_PTR ImageBase, ULONG_PTR SearchStart, LPVOID pIATStart, LPVOID pIATSize); __declspec(dllexport) void TITCALL ImporterEnumAddedData(LPVOID EnumCallBack); -__declspec(dllexport) long TITCALL ImporterAutoFixIATEx(DWORD ProcessId, char* szDumpedFile, char* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, bool TryAutoFix, bool FixEliminations, LPVOID UnknownPointerFixCallback); -__declspec(dllexport) long TITCALL ImporterAutoFixIATExW(DWORD ProcessId, wchar_t* szDumpedFile, wchar_t* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, bool TryAutoFix, bool FixEliminations, LPVOID UnknownPointerFixCallback); +__declspec(dllexport) long TITCALL ImporterAutoFixIATEx(DWORD ProcessId, const char* szDumpedFile, const char* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, bool TryAutoFix, bool FixEliminations, LPVOID UnknownPointerFixCallback); +__declspec(dllexport) long TITCALL ImporterAutoFixIATExW(DWORD ProcessId, const wchar_t* szDumpedFile, const wchar_t* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, bool TryAutoFix, bool FixEliminations, LPVOID UnknownPointerFixCallback); __declspec(dllexport) long TITCALL ImporterAutoFixIAT(DWORD ProcessId, char* szDumpedFile, ULONG_PTR SearchStart); __declspec(dllexport) long TITCALL ImporterAutoFixIATW(DWORD ProcessId, wchar_t* szDumpedFile, ULONG_PTR SearchStart); __declspec(dllexport) bool TITCALL ImporterDeleteAPI(DWORD_PTR apiAddr); @@ -337,7 +337,7 @@ __declspec(dllexport) long TITCALL ExporterGetAddedExportCount(); __declspec(dllexport) long TITCALL ExporterEstimatedSize(); __declspec(dllexport) bool TITCALL ExporterBuildExportTable(ULONG_PTR StorePlace, ULONG_PTR FileMapVA); __declspec(dllexport) bool TITCALL ExporterBuildExportTableEx(char* szExportFileName, char* szSectionName); -__declspec(dllexport) bool TITCALL ExporterBuildExportTableExW(wchar_t* szExportFileName, char* szSectionName); +__declspec(dllexport) bool TITCALL ExporterBuildExportTableExW(wchar_t* szExportFileName, const char* szSectionName); __declspec(dllexport) bool TITCALL ExporterLoadExportTable(char* szFileName); __declspec(dllexport) bool TITCALL ExporterLoadExportTableW(wchar_t* szFileName); // TitanEngine.Librarian.functions: diff --git a/TitanEngine/stdafx.h b/TitanEngine/stdafx.h index ec53d5d..a3b3ee8 100644 --- a/TitanEngine/stdafx.h +++ b/TitanEngine/stdafx.h @@ -37,6 +37,20 @@ #define _Out_writes_opt_(x) #endif +// Utility helpers for legacy TitanEngine callback APIs that use void* handles +// for callbacks while still allowing typed function pointer usage internally. +template +static inline LPVOID CallbackToObjectPointer(T functionPointer) +{ + return reinterpret_cast(reinterpret_cast(functionPointer)); +} + +template +static inline T ObjectPointerToCallback(LPVOID callbackData) +{ + return reinterpret_cast(reinterpret_cast(callbackData)); +} + #ifndef _In_reads_ #define _In_reads_(x) #endif diff --git a/cmake.toml b/cmake.toml index cc19038..81e2162 100644 --- a/cmake.toml +++ b/cmake.toml @@ -17,6 +17,7 @@ sources = ["scylla_wrapper/*.cpp"] headers = ["scylla_wrapper/*.h", "scylla_wrapper/include/*.h"] link-libraries = ["::distorm"] include-directories = ["scylla_wrapper/include"] +compile-features = ["cxx_std_11"] [target.TitanEngine] type = "shared" diff --git a/scylla_wrapper/ApiReader.cpp b/scylla_wrapper/ApiReader.cpp index f758bbd..cdd7110 100644 --- a/scylla_wrapper/ApiReader.cpp +++ b/scylla_wrapper/ApiReader.cpp @@ -453,7 +453,7 @@ void ApiReader::findApiByModule(ModuleInfo* module, char* searchFunctionName, WO { if(ordinal) { - *vaApi = (DWORD_PTR)GetProcAddress(hModule, (LPCSTR)ordinal); + *vaApi = (DWORD_PTR)GetProcAddress(hModule, (LPCSTR)MAKEINTRESOURCEA(ordinal)); } else { diff --git a/scylla_wrapper/ImportRebuilder.cpp b/scylla_wrapper/ImportRebuilder.cpp index d7f22e4..b0e88a8 100644 --- a/scylla_wrapper/ImportRebuilder.cpp +++ b/scylla_wrapper/ImportRebuilder.cpp @@ -185,7 +185,7 @@ bool ImportRebuilder::buildNewMappedImportTable(std::mapCharacteristics |= IMAGE_SCN_MEM_READ | IMAGE_SCN_MEM_WRITE; diff --git a/scylla_wrapper/ImportRebuilder.h b/scylla_wrapper/ImportRebuilder.h index 022bb0c..6bae562 100644 --- a/scylla_wrapper/ImportRebuilder.h +++ b/scylla_wrapper/ImportRebuilder.h @@ -52,7 +52,7 @@ public: int getIATSectionSize(std::map & moduleList) { this->calculateImportSizes(moduleList); - return this->sizeOfImportSection; + return (int)this->sizeOfImportSection; } ; IATReferenceScan* iatReferenceScan; diff --git a/scylla_wrapper/PeParser.cpp b/scylla_wrapper/PeParser.cpp index add853c..ffa6129 100644 --- a/scylla_wrapper/PeParser.cpp +++ b/scylla_wrapper/PeParser.cpp @@ -986,7 +986,8 @@ DWORD_PTR PeParser::getStandardImagebase() } else { - return pNTHeader64->OptionalHeader.ImageBase; + // NOTE: this is broken, but code is never executed + return (DWORD_PTR)pNTHeader64->OptionalHeader.ImageBase; } } diff --git a/scylla_wrapper/StringConversion.cpp b/scylla_wrapper/StringConversion.cpp index b7ea2ae..b31a69b 100644 --- a/scylla_wrapper/StringConversion.cpp +++ b/scylla_wrapper/StringConversion.cpp @@ -6,22 +6,14 @@ const char* StringConversion::ToASCII(const wchar_t* str, char* buf, size_t bufsize) { - wcstombs(buf, str, bufsize); - /* - ATL::CW2A str_a = str; - strncpy_s(buf, bufsize, str_a, bufsize); - buf[bufsize - 1] = '\0'; - */ + size_t charsConverted = 0; + wcstombs_s(&charsConverted, buf, bufsize, str, _TRUNCATE); return buf; } const wchar_t* StringConversion::ToUTF16(const char* str, wchar_t* buf, size_t bufsize) { - mbstowcs(buf, str, bufsize); - /* - ATL::CA2W str_w = str; - wcsncpy_s(buf, bufsize, str_w, bufsize); - buf[bufsize - 1] = L'\0'; - */ + size_t charsConverted = 0; + mbstowcs_s(&charsConverted, buf, bufsize, str, _TRUNCATE); return buf; } diff --git a/scylla_wrapper/SystemInformation.cpp b/scylla_wrapper/SystemInformation.cpp index 465fc21..3c652d2 100644 --- a/scylla_wrapper/SystemInformation.cpp +++ b/scylla_wrapper/SystemInformation.cpp @@ -5,15 +5,17 @@ OPERATING_SYSTEM SystemInformation::currenOS = UNKNOWN_OS; bool SystemInformation::getSystemInformation() { - OSVERSIONINFOEX osvi = {0}; + RTL_OSVERSIONINFOW osvi = {0}; + osvi.dwOSVersionInfoSize = sizeof(RTL_OSVERSIONINFOW); SYSTEM_INFO si = {0}; def_GetNativeSystemInfo _GetNativeSystemInfo = 0; - - osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFOEX); - if(!GetVersionEx((OSVERSIONINFO*) &osvi)) - { + typedef LONG (WINAPI* tRtlGetVersion)(PRTL_OSVERSIONINFOW); + tRtlGetVersion pRtlGetVersion = (tRtlGetVersion)GetProcAddress(GetModuleHandleW(L"ntdll.dll"), "RtlGetVersion"); + if(!pRtlGetVersion) + return false; + + if(pRtlGetVersion(&osvi) != 0) return false; - } if((osvi.dwMajorVersion < 5) || ((osvi.dwMajorVersion == 5) && (osvi.dwMinorVersion == 0))) { @@ -33,6 +35,7 @@ bool SystemInformation::getSystemInformation() bool isX64 = si.wProcessorArchitecture == PROCESSOR_ARCHITECTURE_AMD64; bool isX86 = si.wProcessorArchitecture == PROCESSOR_ARCHITECTURE_INTEL; + DWORD major = osvi.dwMajorVersion; DWORD minor = osvi.dwMinorVersion; diff --git a/scylla_wrapper/scylla_wrapper.cpp b/scylla_wrapper/scylla_wrapper.cpp index 3752728..ae4beb2 100644 --- a/scylla_wrapper/scylla_wrapper.cpp +++ b/scylla_wrapper/scylla_wrapper.cpp @@ -405,7 +405,7 @@ void scylla_enumImportTree(LPVOID enumCallback) //module myImportEnumData.NewDll = true; - myImportEnumData.NumberOfImports = moduleThunk.thunkList.size(); + myImportEnumData.NumberOfImports = (int)moduleThunk.thunkList.size(); StringConversion::ToASCII(moduleThunk.moduleName, myImportEnumData.DLLName, sizeof(char)*MAX_PATH); myImportEnumData.BaseImportThunk = moduleThunk.firstThunk;