From a74281581444821fd0fa12d7f49e0d7b85a4504c Mon Sep 17 00:00:00 2001 From: NtQuery Date: Tue, 11 Mar 2014 12:33:06 +0100 Subject: [PATCH] UNICODE-FIX new ImporterGetRemoteDLLBaseExW --- SDK/C/TitanEngine.h | 1 + SDK/CPP/TitanEngine.h | 2 ++ SDK/CPP/TitanEngine.hpp | 8 ++++++++ TitanEngine/TitanEngine.Importer.cpp | 28 ++++++++++++++++++++-------- TitanEngine/TitanEngine.def | 1 + TitanEngine/definitions.h | 1 + 6 files changed, 33 insertions(+), 8 deletions(-) diff --git a/SDK/C/TitanEngine.h b/SDK/C/TitanEngine.h index b725920..e6d5ef4 100644 --- a/SDK/C/TitanEngine.h +++ b/SDK/C/TitanEngine.h @@ -756,6 +756,7 @@ __declspec(dllexport) long TITCALL ImporterGetDLLIndexEx(ULONG_PTR APIAddress, U __declspec(dllexport) long TITCALL ImporterGetDLLIndex(HANDLE hProcess, ULONG_PTR APIAddress, ULONG_PTR DLLBasesList); __declspec(dllexport) long long TITCALL ImporterGetRemoteDLLBase(HANDLE hProcess, HMODULE LocalModuleBase); __declspec(dllexport) long long TITCALL ImporterGetRemoteDLLBaseEx(HANDLE hProcess, char* szModuleName); +__declspec(dllexport) void* TITCALL ImporterGetRemoteDLLBaseExW(HANDLE hProcess, wchar_t* szModuleName); __declspec(dllexport) bool TITCALL ImporterIsForwardedAPI(HANDLE hProcess, ULONG_PTR APIAddress); __declspec(dllexport) void* TITCALL ImporterGetForwardedAPIName(HANDLE hProcess, ULONG_PTR APIAddress); __declspec(dllexport) void* TITCALL ImporterGetForwardedDLLName(HANDLE hProcess, ULONG_PTR APIAddress); diff --git a/SDK/CPP/TitanEngine.h b/SDK/CPP/TitanEngine.h index e520e2e..e648e01 100644 --- a/SDK/CPP/TitanEngine.h +++ b/SDK/CPP/TitanEngine.h @@ -754,6 +754,8 @@ __declspec(dllimport) long long TITCALL ImporterGetAPIOrdinalNumberFromDebugee(H __declspec(dllimport) long TITCALL ImporterGetDLLIndexEx(ULONG_PTR APIAddress, ULONG_PTR DLLBasesList); __declspec(dllimport) long TITCALL ImporterGetDLLIndex(HANDLE hProcess, ULONG_PTR APIAddress, ULONG_PTR DLLBasesList); __declspec(dllimport) long long TITCALL ImporterGetRemoteDLLBase(HANDLE hProcess, HMODULE LocalModuleBase); +__declspec(dllimport) long long TITCALL ImporterGetRemoteDLLBaseEx(HANDLE hProcess, char* szModuleName); +__declspec(dllimport) void* TITCALL ImporterGetRemoteDLLBaseExW(HANDLE hProcess, wchar_t* szModuleName); __declspec(dllimport) bool TITCALL ImporterIsForwardedAPI(HANDLE hProcess, ULONG_PTR APIAddress); __declspec(dllimport) void* TITCALL ImporterGetForwardedAPIName(HANDLE hProcess, ULONG_PTR APIAddress); __declspec(dllimport) void* TITCALL ImporterGetForwardedDLLName(HANDLE hProcess, ULONG_PTR APIAddress); diff --git a/SDK/CPP/TitanEngine.hpp b/SDK/CPP/TitanEngine.hpp index c0a9faf..603a486 100644 --- a/SDK/CPP/TitanEngine.hpp +++ b/SDK/CPP/TitanEngine.hpp @@ -1737,6 +1737,14 @@ protected: { return UE::ImporterGetRemoteDLLBase(hProcess, LocalModuleBase); } + static long long GetRemoteDLLBaseEx(HANDLE hProcess, char* szModuleName) + { + return UE::ImporterGetRemoteDLLBaseEx(hProcess, szModuleName); + } + static void* GetRemoteDLLBaseExW(HANDLE hProcess, WCHAR* szModuleName) + { + return UE::ImporterGetRemoteDLLBaseExW(hProcess, szModuleName); + } static bool IsForwardedAPI(HANDLE hProcess, ULONG_PTR APIAddress) { return UE::ImporterIsForwardedAPI(hProcess, APIAddress); diff --git a/TitanEngine/TitanEngine.Importer.cpp b/TitanEngine/TitanEngine.Importer.cpp index 8be61f0..7b72361 100644 --- a/TitanEngine/TitanEngine.Importer.cpp +++ b/TitanEngine/TitanEngine.Importer.cpp @@ -127,7 +127,7 @@ __declspec(dllexport) long long TITCALL ImporterGetRemoteAPIAddressEx(char* szDL WCHAR uniDLLName[MAX_PATH] = {0}; if (MultiByteToWideChar(CP_ACP, NULL, szDLLName, -1, uniDLLName, _countof(uniDLLName))) { - return EngineGetProcAddressRemote(szDLLName, szAPIName); + return EngineGetProcAddressRemote(uniDLLName, szAPIName); } else { @@ -162,27 +162,39 @@ __declspec(dllexport) long long TITCALL ImporterGetRemoteDLLBase(HANDLE hProcess { return((ULONG_PTR)EngineGlobalAPIHandler(hProcess, NULL, (ULONG_PTR)LocalModuleBase, NULL, UE_OPTION_IMPORTER_RETURN_DLLBASE)); } -__declspec(dllexport) long long TITCALL ImporterGetRemoteDLLBaseEx(HANDLE hProcess, char* szModuleName) +__declspec(dllexport) void* TITCALL ImporterGetRemoteDLLBaseExW(HANDLE hProcess, WCHAR * szModuleName) { DWORD cbNeeded = NULL; - HMODULE EnumeratedModules[0x1024] = {0}; - char RemoteDLLName[MAX_PATH] = {0}; + HMODULE EnumeratedModules[1024] = {0}; + WCHAR RemoteDLLName[MAX_PATH] = {0}; if(EnumProcessModules(hProcess, EnumeratedModules, sizeof(EnumeratedModules), &cbNeeded)) { for(int i = 0; i < (int)(cbNeeded / sizeof(HMODULE)); i++) { RemoteDLLName[0] = 0; - if(GetModuleBaseNameA(hProcess, EnumeratedModules[i], (LPSTR)RemoteDLLName, _countof(RemoteDLLName)) > NULL) + if(GetModuleBaseNameW(hProcess, EnumeratedModules[i], RemoteDLLName, _countof(RemoteDLLName)) > NULL) { - if(lstrcmpiA((LPCSTR)RemoteDLLName, (LPCSTR)szModuleName)) + if(_wcsicmp(RemoteDLLName, szModuleName) == 0) { - return((ULONG_PTR)EnumeratedModules[i]); + return (void*)EnumeratedModules[i]; } } } } - return(NULL); + return 0; +} +__declspec(dllexport) long long TITCALL ImporterGetRemoteDLLBaseEx(HANDLE hProcess, char* szModuleName) +{ + WCHAR uniModuleName[MAX_PATH] = {0}; + if (MultiByteToWideChar(CP_ACP, NULL, szModuleName, -1, uniModuleName, _countof(uniModuleName))) + { + return (long long)ImporterGetRemoteDLLBaseExW(hProcess, uniModuleName); + } + else + { + return 0; + } } __declspec(dllexport) bool TITCALL ImporterIsForwardedAPI(HANDLE hProcess, ULONG_PTR APIAddress) diff --git a/TitanEngine/TitanEngine.def b/TitanEngine/TitanEngine.def index bfca8e9..a524268 100644 --- a/TitanEngine/TitanEngine.def +++ b/TitanEngine/TitanEngine.def @@ -186,6 +186,7 @@ ImporterGetDLLIndexEx ImporterGetDLLIndex ImporterGetRemoteDLLBase ImporterGetRemoteDLLBaseEx +ImporterGetRemoteDLLBaseExW ImporterIsForwardedAPI ImporterAutoSearchIAT ImporterAutoSearchIATW diff --git a/TitanEngine/definitions.h b/TitanEngine/definitions.h index 148f0fd..f6075c9 100644 --- a/TitanEngine/definitions.h +++ b/TitanEngine/definitions.h @@ -262,6 +262,7 @@ __declspec(dllexport) long TITCALL ImporterGetDLLIndexEx(ULONG_PTR APIAddress, U __declspec(dllexport) long TITCALL ImporterGetDLLIndex(HANDLE hProcess, ULONG_PTR APIAddress, ULONG_PTR DLLBasesList); __declspec(dllexport) long long TITCALL ImporterGetRemoteDLLBase(HANDLE hProcess, HMODULE LocalModuleBase); __declspec(dllexport) long long TITCALL ImporterGetRemoteDLLBaseEx(HANDLE hProcess, char* szModuleName); +__declspec(dllexport) void* TITCALL ImporterGetRemoteDLLBaseExW(HANDLE hProcess, WCHAR* szModuleName); __declspec(dllexport) bool TITCALL ImporterIsForwardedAPI(HANDLE hProcess, ULONG_PTR APIAddress); __declspec(dllexport) void* TITCALL ImporterGetForwardedAPIName(HANDLE hProcess, ULONG_PTR APIAddress); __declspec(dllexport) void* TITCALL ImporterGetForwardedDLLName(HANDLE hProcess, ULONG_PTR APIAddress);