x64dbg
/
TitanEngine
mirror of https://github.com/x64dbg/TitanEngine
1
0
Fork 0
Code Releases Activity

UNICODE-FIX new ImporterGetRemoteDLLBaseExW

This commit is contained in:
NtQuery 2014-03-11 12:33:06 +01:00
parent 7d8be98087
commit a742815814
6 changed files with 33 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
SDK/C/TitanEngine.h
View File

@ -756,6 +756,7 @@ __declspec(dllexport) long TITCALL ImporterGetDLLIndexEx(ULONG_PTR APIAddress, U
__declspec(dllexport) long TITCALL ImporterGetDLLIndex(HANDLE hProcess, ULONG_PTR APIAddress, ULONG_PTR DLLBasesList);
__declspec(dllexport) long long TITCALL ImporterGetRemoteDLLBase(HANDLE hProcess, HMODULE LocalModuleBase);
__declspec(dllexport) long long TITCALL ImporterGetRemoteDLLBaseEx(HANDLE hProcess, char* szModuleName);
__declspec(dllexport) void* TITCALL ImporterGetRemoteDLLBaseExW(HANDLE hProcess, wchar_t* szModuleName);
__declspec(dllexport) bool TITCALL ImporterIsForwardedAPI(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllexport) void* TITCALL ImporterGetForwardedAPIName(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllexport) void* TITCALL ImporterGetForwardedDLLName(HANDLE hProcess, ULONG_PTR APIAddress);

2
SDK/CPP/TitanEngine.h
View File

@ -754,6 +754,8 @@ __declspec(dllimport) long long TITCALL ImporterGetAPIOrdinalNumberFromDebugee(H
__declspec(dllimport) long TITCALL ImporterGetDLLIndexEx(ULONG_PTR APIAddress, ULONG_PTR DLLBasesList);
__declspec(dllimport) long TITCALL ImporterGetDLLIndex(HANDLE hProcess, ULONG_PTR APIAddress, ULONG_PTR DLLBasesList);
__declspec(dllimport) long long TITCALL ImporterGetRemoteDLLBase(HANDLE hProcess, HMODULE LocalModuleBase);
__declspec(dllimport) long long TITCALL ImporterGetRemoteDLLBaseEx(HANDLE hProcess, char* szModuleName);
__declspec(dllimport) void* TITCALL ImporterGetRemoteDLLBaseExW(HANDLE hProcess, wchar_t* szModuleName);
__declspec(dllimport) bool TITCALL ImporterIsForwardedAPI(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllimport) void* TITCALL ImporterGetForwardedAPIName(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllimport) void* TITCALL ImporterGetForwardedDLLName(HANDLE hProcess, ULONG_PTR APIAddress);

8
SDK/CPP/TitanEngine.hpp
View File

@ -1737,6 +1737,14 @@ protected:
{
return UE::ImporterGetRemoteDLLBase(hProcess, LocalModuleBase);
}
static long long GetRemoteDLLBaseEx(HANDLE hProcess, char* szModuleName)
{
return UE::ImporterGetRemoteDLLBaseEx(hProcess, szModuleName);
}
static void* GetRemoteDLLBaseExW(HANDLE hProcess, WCHAR* szModuleName)
{
return UE::ImporterGetRemoteDLLBaseExW(hProcess, szModuleName);
}
static bool IsForwardedAPI(HANDLE hProcess, ULONG_PTR APIAddress)
{
return UE::ImporterIsForwardedAPI(hProcess, APIAddress);

28
TitanEngine/TitanEngine.Importer.cpp
View File

@ -127,7 +127,7 @@ __declspec(dllexport) long long TITCALL ImporterGetRemoteAPIAddressEx(char* szDL
WCHAR uniDLLName[MAX_PATH] = {0};
if (MultiByteToWideChar(CP_ACP, NULL, szDLLName, -1, uniDLLName, _countof(uniDLLName)))
{
return EngineGetProcAddressRemote(szDLLName, szAPIName);
return EngineGetProcAddressRemote(uniDLLName, szAPIName);
}
else
{
@ -162,27 +162,39 @@ __declspec(dllexport) long long TITCALL ImporterGetRemoteDLLBase(HANDLE hProcess
{
return((ULONG_PTR)EngineGlobalAPIHandler(hProcess, NULL, (ULONG_PTR)LocalModuleBase, NULL, UE_OPTION_IMPORTER_RETURN_DLLBASE));
}
__declspec(dllexport) long long TITCALL ImporterGetRemoteDLLBaseEx(HANDLE hProcess, char* szModuleName)
__declspec(dllexport) void* TITCALL ImporterGetRemoteDLLBaseExW(HANDLE hProcess, WCHAR * szModuleName)
{
DWORD cbNeeded = NULL;
HMODULE EnumeratedModules[0x1024] = {0};
char RemoteDLLName[MAX_PATH] = {0};
HMODULE EnumeratedModules[1024] = {0};
WCHAR RemoteDLLName[MAX_PATH] = {0};
if(EnumProcessModules(hProcess, EnumeratedModules, sizeof(EnumeratedModules), &cbNeeded))
{
for(int i = 0; i < (int)(cbNeeded / sizeof(HMODULE)); i++)
{
RemoteDLLName[0] = 0;
if(GetModuleBaseNameA(hProcess, EnumeratedModules[i], (LPSTR)RemoteDLLName, _countof(RemoteDLLName)) > NULL)
if(GetModuleBaseNameW(hProcess, EnumeratedModules[i], RemoteDLLName, _countof(RemoteDLLName)) > NULL)
{
if(lstrcmpiA((LPCSTR)RemoteDLLName, (LPCSTR)szModuleName))
if(_wcsicmp(RemoteDLLName, szModuleName) == 0)
{
return((ULONG_PTR)EnumeratedModules[i]);
return (void*)EnumeratedModules[i];
}
}
}
}
return(NULL);
return 0;
}
__declspec(dllexport) long long TITCALL ImporterGetRemoteDLLBaseEx(HANDLE hProcess, char* szModuleName)
{
WCHAR uniModuleName[MAX_PATH] = {0};
if (MultiByteToWideChar(CP_ACP, NULL, szModuleName, -1, uniModuleName, _countof(uniModuleName)))
{
return (long long)ImporterGetRemoteDLLBaseExW(hProcess, uniModuleName);
}
else
{
return 0;
}
}
__declspec(dllexport) bool TITCALL ImporterIsForwardedAPI(HANDLE hProcess, ULONG_PTR APIAddress)

1
TitanEngine/TitanEngine.def
View File

@ -186,6 +186,7 @@ ImporterGetDLLIndexEx
ImporterGetDLLIndex
ImporterGetRemoteDLLBase
ImporterGetRemoteDLLBaseEx
ImporterGetRemoteDLLBaseExW
ImporterIsForwardedAPI
ImporterAutoSearchIAT
ImporterAutoSearchIATW

1
TitanEngine/definitions.h
View File

@ -262,6 +262,7 @@ __declspec(dllexport) long TITCALL ImporterGetDLLIndexEx(ULONG_PTR APIAddress, U
__declspec(dllexport) long TITCALL ImporterGetDLLIndex(HANDLE hProcess, ULONG_PTR APIAddress, ULONG_PTR DLLBasesList);
__declspec(dllexport) long long TITCALL ImporterGetRemoteDLLBase(HANDLE hProcess, HMODULE LocalModuleBase);
__declspec(dllexport) long long TITCALL ImporterGetRemoteDLLBaseEx(HANDLE hProcess, char* szModuleName);
__declspec(dllexport) void* TITCALL ImporterGetRemoteDLLBaseExW(HANDLE hProcess, WCHAR* szModuleName);
__declspec(dllexport) bool TITCALL ImporterIsForwardedAPI(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllexport) void* TITCALL ImporterGetForwardedAPIName(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllexport) void* TITCALL ImporterGetForwardedDLLName(HANDLE hProcess, ULONG_PTR APIAddress);