x64dbg
/
TitanEngine
mirror of https://github.com/x64dbg/TitanEngine
1
0
Fork 0
Code Releases Activity

- moved DebugLoop 

- moved more breakpoint stuff
- moved more
- moved more
- getting crazy
This commit is contained in:
mr.exodia 2014-03-03 21:31:28 +01:00
parent 4f4f547d30
commit a781684106
20 changed files with 4403 additions and 4296 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

107
TitanEngine/Global.Breakpoints.cpp
View File

@ -4,3 +4,110 @@
int BreakPointSetCount = 0; int BreakPointSetCount = 0;
extern BreakPointDetail BreakPointBuffer[MAXIMUM_BREAKPOINTS] = {}; extern BreakPointDetail BreakPointBuffer[MAXIMUM_BREAKPOINTS] = {};
ULONG_PTR dr7uint(DR7* dr7)
{
ULONG_PTR ret=0;
if(BITGET(dr7->HWBP_MODE[0],0))
BITSET(ret,0);
if(BITGET(dr7->HWBP_MODE[0],1))
BITSET(ret,1);
if(BITGET(dr7->HWBP_MODE[1],0))
BITSET(ret,2);
if(BITGET(dr7->HWBP_MODE[1],1))
BITSET(ret,3);
if(BITGET(dr7->HWBP_MODE[2],0))
BITSET(ret,4);
if(BITGET(dr7->HWBP_MODE[2],1))
BITSET(ret,5);
if(BITGET(dr7->HWBP_MODE[3],0))
BITSET(ret,6);
if(BITGET(dr7->HWBP_MODE[3],1))
BITSET(ret,7);
if(BITGET(dr7->HWBP_TYPE[0],0))
BITSET(ret,16);
if(BITGET(dr7->HWBP_TYPE[0],1))
BITSET(ret,17);
if(BITGET(dr7->HWBP_SIZE[0],0))
BITSET(ret,18);
if(BITGET(dr7->HWBP_SIZE[0],1))
BITSET(ret,19);
if(BITGET(dr7->HWBP_TYPE[1],0))
BITSET(ret,20);
if(BITGET(dr7->HWBP_TYPE[1],1))
BITSET(ret,21);
if(BITGET(dr7->HWBP_SIZE[1],0))
BITSET(ret,22);
if(BITGET(dr7->HWBP_SIZE[1],1))
BITSET(ret,23);
if(BITGET(dr7->HWBP_TYPE[2],0))
BITSET(ret,24);
if(BITGET(dr7->HWBP_TYPE[2],1))
BITSET(ret,25);
if(BITGET(dr7->HWBP_SIZE[2],0))
BITSET(ret,26);
if(BITGET(dr7->HWBP_SIZE[2],1))
BITSET(ret,27);
if(BITGET(dr7->HWBP_TYPE[3],0))
BITSET(ret,28);
if(BITGET(dr7->HWBP_TYPE[3],1))
BITSET(ret,29);
if(BITGET(dr7->HWBP_SIZE[3],0))
BITSET(ret,30);
if(BITGET(dr7->HWBP_SIZE[3],1))
BITSET(ret,31);
return ret;
}
void uintdr7(ULONG_PTR dr7, DR7* ret)
{
memset(ret, 0, sizeof(DR7));
if(BITGET(dr7,0))
BITSET(ret->HWBP_MODE[0],0);
if(BITGET(dr7,1))
BITSET(ret->HWBP_MODE[0],1);
if(BITGET(dr7,2))
BITSET(ret->HWBP_MODE[1],0);
if(BITGET(dr7,3))
BITSET(ret->HWBP_MODE[1],1);
if(BITGET(dr7,4))
BITSET(ret->HWBP_MODE[2],0);
if(BITGET(dr7,5))
BITSET(ret->HWBP_MODE[2],1);
if(BITGET(dr7,6))
BITSET(ret->HWBP_MODE[3],0);
if(BITGET(dr7,7))
BITSET(ret->HWBP_MODE[3],1);
if(BITGET(dr7,16))
BITSET(ret->HWBP_TYPE[0],0);
if(BITGET(dr7,17))
BITSET(ret->HWBP_TYPE[0],1);
if(BITGET(dr7,18))
BITSET(ret->HWBP_SIZE[0],0);
if(BITGET(dr7,19))
BITSET(ret->HWBP_SIZE[0],1);
if(BITGET(dr7,20))
BITSET(ret->HWBP_TYPE[1],0);
if(BITGET(dr7,21))
BITSET(ret->HWBP_TYPE[1],1);
if(BITGET(dr7,22))
BITSET(ret->HWBP_SIZE[1],0);
if(BITGET(dr7,23))
BITSET(ret->HWBP_SIZE[1],1);
if(BITGET(dr7,24))
BITSET(ret->HWBP_TYPE[2],0);
if(BITGET(dr7,25))
BITSET(ret->HWBP_TYPE[2],1);
if(BITGET(dr7,26))
BITSET(ret->HWBP_SIZE[2],0);
if(BITGET(dr7,27))
BITSET(ret->HWBP_SIZE[2],1);
if(BITGET(dr7,28))
BITSET(ret->HWBP_TYPE[3],0);
if(BITGET(dr7,29))
BITSET(ret->HWBP_TYPE[3],1);
if(BITGET(dr7,30))
BITSET(ret->HWBP_SIZE[3],0);
if(BITGET(dr7,31))
BITSET(ret->HWBP_SIZE[3],1);
}

3
TitanEngine/Global.Breakpoints.h
View File

@ -4,4 +4,7 @@
extern int BreakPointSetCount; extern int BreakPointSetCount;
extern BreakPointDetail BreakPointBuffer[MAXIMUM_BREAKPOINTS]; extern BreakPointDetail BreakPointBuffer[MAXIMUM_BREAKPOINTS];
void uintdr7(ULONG_PTR dr7, DR7* ret);
ULONG_PTR dr7uint(DR7* dr7);
#endif //_GLOBAL_BREAKPOINTS_H #endif //_GLOBAL_BREAKPOINTS_H

31
TitanEngine/Global.Debugger.cpp
View File

@ -13,15 +13,28 @@ LPVOID DebugModuleEntryPointCallBack;
LPVOID DebugExeFileEntryPointCallBack; LPVOID DebugExeFileEntryPointCallBack;
ULONG_PTR DebugModuleEntryPoint; ULONG_PTR DebugModuleEntryPoint;
ULONG_PTR DebugModuleImageBase; ULONG_PTR DebugModuleImageBase;
ULONG_PTR DebugAttachedProcessCallBack = NULL;
ULONG_PTR engineAttachedProcessCallBack = NULL; ULONG_PTR DebugReserveModuleBase = NULL;
ULONG_PTR engineReserveModuleBase = NULL; ULONG_PTR DebugDebuggingMainModuleBase = NULL;
unsigned long long engineDebuggingMainModuleBase = NULL; ULONG_PTR DebugDebuggingDLLBase = NULL;
ULONG_PTR engineDebuggingDLLBase = NULL; bool DebugAttachedToProcess = false;
bool engineAttachedToProcess = false; bool DebugDebuggingDLL = false;
bool engineDebuggingDLL = false; wchar_t* DebugDebuggingDLLFullFileName;
wchar_t* engineDebuggingDLLFullFileName; wchar_t* DebugDebuggingDLLFileName;
wchar_t* engineDebuggingDLLFileName; DEBUG_EVENT DBGEvent = {};
DEBUG_EVENT TerminateDBGEvent = {};
DWORD ProcessExitCode = 0;
HANDLE DBGFileHandle;
ULONG_PTR tlsCallBackList[100];
LPVOID hListProcess = 0;
int engineStepCount = INFINITE;
LPVOID engineStepCallBack = NULL;
bool engineStepActive = false;
bool engineProcessIsNowDetached = false;
DWORD DBGCode = DBG_CONTINUE;
bool engineFileIsBeingDebugged = false;
ULONG_PTR engineFakeDLLHandle = NULL;
LPVOID engineAttachedProcessDebugInfo = NULL;
// Global.Debugger.functions: // Global.Debugger.functions:
long DebugLoopInSecondThread(LPVOID InputParameter) long DebugLoopInSecondThread(LPVOID InputParameter)

31
TitanEngine/Global.Debugger.h
View File

@ -11,15 +11,28 @@ extern LPVOID DebugModuleEntryPointCallBack;
extern LPVOID DebugExeFileEntryPointCallBack; extern LPVOID DebugExeFileEntryPointCallBack;
extern ULONG_PTR DebugModuleEntryPoint; extern ULONG_PTR DebugModuleEntryPoint;
extern ULONG_PTR DebugModuleImageBase; extern ULONG_PTR DebugModuleImageBase;
extern ULONG_PTR DebugAttachedProcessCallBack;
extern ULONG_PTR engineAttachedProcessCallBack; extern bool DebugAttachedToProcess;
extern bool engineAttachedToProcess; extern ULONG_PTR DebugReserveModuleBase;
extern ULONG_PTR engineReserveModuleBase; extern ULONG_PTR DebugDebuggingMainModuleBase;
extern unsigned long long engineDebuggingMainModuleBase; extern ULONG_PTR DebugDebuggingDLLBase;
extern ULONG_PTR engineDebuggingDLLBase; extern bool DebugDebuggingDLL;
extern bool engineDebuggingDLL; extern wchar_t* DebugDebuggingDLLFullFileName;
extern wchar_t* engineDebuggingDLLFullFileName; extern wchar_t* DebugDebuggingDLLFileName;
extern wchar_t* engineDebuggingDLLFileName; extern DEBUG_EVENT DBGEvent;
extern DEBUG_EVENT TerminateDBGEvent;
extern DWORD ProcessExitCode;
extern HANDLE DBGFileHandle;
extern ULONG_PTR tlsCallBackList[100];
extern LPVOID hListProcess;
extern int engineStepCount;
extern LPVOID engineStepCallBack;
extern bool engineStepActive;
extern bool engineProcessIsNowDetached;
extern DWORD DBGCode;
extern bool engineFileIsBeingDebugged;
extern ULONG_PTR engineFakeDLLHandle;
extern LPVOID engineAttachedProcessDebugInfo;
long DebugLoopInSecondThread(LPVOID InputParameter); long DebugLoopInSecondThread(LPVOID InputParameter);
void DebuggerReset(); void DebuggerReset();

3
TitanEngine/Global.Engine.cpp
View File

@ -15,6 +15,9 @@ bool engineBackupForCriticalFunctions = true;
bool engineResumeProcessIfNoThreadIsActive = false; bool engineResumeProcessIfNoThreadIsActive = false;
bool engineResetCustomHandler = true; bool engineResetCustomHandler = true;
bool engineRemoveConsoleForDebugee = false; bool engineRemoveConsoleForDebugee = false;
bool enginePassAllExceptions = true;
bool engineExecutePluginCallBack = true;
bool engineAutoHideFromDebugger = false; // hardcoded
char engineExtractedFolderName[512]; char engineExtractedFolderName[512];
char engineFoundDLLName[512]; char engineFoundDLLName[512];

3
TitanEngine/Global.Engine.h
View File

@ -12,6 +12,9 @@ extern bool engineBackupForCriticalFunctions;
extern bool engineResumeProcessIfNoThreadIsActive; extern bool engineResumeProcessIfNoThreadIsActive;
extern bool engineResetCustomHandler; extern bool engineResetCustomHandler;
extern bool engineRemoveConsoleForDebugee; extern bool engineRemoveConsoleForDebugee;
extern bool enginePassAllExceptions;
extern bool engineExecutePluginCallBack;
extern bool engineAutoHideFromDebugger;
extern wchar_t engineSzEngineGarbageFolder[MAX_PATH]; extern wchar_t engineSzEngineGarbageFolder[MAX_PATH];

8
TitanEngine/Global.Librarian.cpp Normal file
View File

@ -0,0 +1,8 @@
#include "stdafx.h"
#include "definitions.h"
#include "Global.Librarian.h"
// Global.Engine.Librarian:
LIBRARY_ITEM_DATA LibraryInfoData = {};
LPVOID LibrarianData = VirtualAlloc(NULL, MAX_LIBRARY_BPX * sizeof LIBRARY_BREAK_DATA, MEM_COMMIT, PAGE_READWRITE);
LPVOID hListLibrary = 0;

8
TitanEngine/Global.Librarian.h Normal file
View File

@ -0,0 +1,8 @@
#ifndef _GLOBAL_LIBRARIAN_H
#define _GLOBAL_LIBRARIAN_H
extern LIBRARY_ITEM_DATA LibraryInfoData;
extern LPVOID LibrarianData;
extern LPVOID hListLibrary;
#endif //_GLOBAL_LIBRARIAN_H

6
TitanEngine/Global.TLS.cpp Normal file
View File

@ -0,0 +1,6 @@
#include "stdafx.h"
#include "definitions.h"
#include "Global.TLS.h"
ULONG_PTR engineTLSBreakOnCallBackAddress;
bool engineTLSBreakOnCallBack = false;

7
TitanEngine/Global.TLS.h Normal file
View File

@ -0,0 +1,7 @@
#ifndef _GLOBAL_TLS_H
#define _GLOBAL_TLS_H
extern ULONG_PTR engineTLSBreakOnCallBackAddress;
extern bool engineTLSBreakOnCallBack;
#endif //_GLOBAL_TLS_H

371
TitanEngine/TitanEngine.Breakpoints.cpp
View File

@ -1003,3 +1003,374 @@ __declspec(dllexport) bool TITCALL RemoveMemoryBPX(ULONG_PTR MemoryStart, SIZE_T
return(false); return(false);
} }
} }
__declspec(dllexport) bool TITCALL GetUnusedHardwareBreakPointRegister(LPDWORD RegisterIndex)
{
return(EngineIsThereFreeHardwareBreakSlot(RegisterIndex));
}
__declspec(dllexport) bool TITCALL SetHardwareBreakPoint(ULONG_PTR bpxAddress, DWORD IndexOfRegister, DWORD bpxType, DWORD bpxSize, LPVOID bpxCallBack)
{
HWBP_SIZE hwbpSize;
HWBP_MODE hwbpMode;
HWBP_TYPE hwbpType;
int hwbpIndex=-1;
DR7 dr7;
switch(bpxSize)
{
case UE_HARDWARE_SIZE_1:
hwbpSize=SIZE_1;
break;
case UE_HARDWARE_SIZE_2:
hwbpSize=SIZE_2;
if((bpxAddress%2)!=0)
return false;
break;
case UE_HARDWARE_SIZE_4:
hwbpSize=SIZE_4;
if((bpxAddress%4)!=0)
return false;
break;
case UE_HARDWARE_SIZE_8:
hwbpSize=SIZE_8;
if((bpxAddress%8)!=0)
return false;
break;
default:
return false;
}
if(!IndexOfRegister)
{
if(!DebugRegister[0].DrxEnabled)
IndexOfRegister = UE_DR0;
else if(!DebugRegister[1].DrxEnabled)
IndexOfRegister = UE_DR1;
else if(!DebugRegister[2].DrxEnabled)
IndexOfRegister = UE_DR2;
else if(!DebugRegister[3].DrxEnabled)
IndexOfRegister = UE_DR3;
else
return false;
}
switch(IndexOfRegister)
{
case UE_DR0:
hwbpIndex=0;
break;
case UE_DR1:
hwbpIndex=1;
break;
case UE_DR2:
hwbpIndex=2;
break;
case UE_DR3:
hwbpIndex=3;
break;
default:
return false;
}
uintdr7((ULONG_PTR)GetContextData(UE_DR7), &dr7);
DebugRegister[hwbpIndex].DrxExecution=false;
switch(bpxType)
{
case UE_HARDWARE_EXECUTE:
hwbpSize=SIZE_1;
hwbpType=TYPE_EXECUTE;
DebugRegister[hwbpIndex].DrxExecution=true;
break;
case UE_HARDWARE_WRITE:
hwbpType=TYPE_WRITE;
break;
case UE_HARDWARE_READWRITE:
hwbpType=TYPE_READWRITE;
break;
default:
return false;
}
hwbpMode=MODE_LOCAL;
dr7.HWBP_MODE[hwbpIndex]=hwbpMode;
dr7.HWBP_SIZE[hwbpIndex]=hwbpSize;
dr7.HWBP_TYPE[hwbpIndex]=hwbpType;
SetContextData(UE_DR7, dr7uint(&dr7)); //NOTE: MUST SET THIS FIRST FOR X64!
SetContextData(IndexOfRegister, (ULONG_PTR)bpxAddress);
DebugRegister[hwbpIndex].DrxBreakPointType=bpxType;
DebugRegister[hwbpIndex].DrxBreakPointSize=bpxSize;
DebugRegister[hwbpIndex].DrxEnabled=true;
DebugRegister[hwbpIndex].DrxBreakAddress=(ULONG_PTR)bpxAddress;
DebugRegister[hwbpIndex].DrxCallBack=(ULONG_PTR)bpxCallBack;
return true;
}
__declspec(dllexport) bool TITCALL DeleteHardwareBreakPoint(DWORD IndexOfRegister)
{
ULONG_PTR HardwareBPX = NULL;
ULONG_PTR bpxAddress = NULL;
if(IndexOfRegister == UE_DR0)
{
HardwareBPX = (ULONG_PTR)GetContextData(UE_DR7);
HardwareBPX = HardwareBPX &~ (1 << 0);
HardwareBPX = HardwareBPX &~ (1 << 1);
SetContextData(UE_DR0, (ULONG_PTR)bpxAddress);
SetContextData(UE_DR7, HardwareBPX);
DebugRegister[0].DrxEnabled = false;
DebugRegister[0].DrxBreakAddress = NULL;
DebugRegister[0].DrxCallBack = NULL;
return(true);
}
else if(IndexOfRegister == UE_DR1)
{
HardwareBPX = (ULONG_PTR)GetContextData(UE_DR7);
HardwareBPX = HardwareBPX &~ (1 << 2);
HardwareBPX = HardwareBPX &~ (1 << 3);
SetContextData(UE_DR1, (ULONG_PTR)bpxAddress);
SetContextData(UE_DR7, HardwareBPX);
DebugRegister[1].DrxEnabled = false;
DebugRegister[1].DrxBreakAddress = NULL;
DebugRegister[1].DrxCallBack = NULL;
return(true);
}
else if(IndexOfRegister == UE_DR2)
{
HardwareBPX = (ULONG_PTR)GetContextData(UE_DR7);
HardwareBPX = HardwareBPX &~ (1 << 4);
HardwareBPX = HardwareBPX &~ (1 << 5);
SetContextData(UE_DR2, (ULONG_PTR)bpxAddress);
SetContextData(UE_DR7, HardwareBPX);
DebugRegister[2].DrxEnabled = false;
DebugRegister[2].DrxBreakAddress = NULL;
DebugRegister[2].DrxCallBack = NULL;
return(true);
}
else if(IndexOfRegister == UE_DR3)
{
HardwareBPX = (ULONG_PTR)GetContextData(UE_DR7);
HardwareBPX = HardwareBPX &~ (1 << 6);
HardwareBPX = HardwareBPX &~ (1 << 7);
SetContextData(UE_DR3, (ULONG_PTR)bpxAddress);
SetContextData(UE_DR7, HardwareBPX);
DebugRegister[3].DrxEnabled = false;
DebugRegister[3].DrxBreakAddress = NULL;
DebugRegister[3].DrxCallBack = NULL;
return(true);
}
else
{
return(false);
}
return(false);
}
__declspec(dllexport) bool TITCALL SetHardwareBreakPointEx(HANDLE hActiveThread, ULONG_PTR bpxAddress, DWORD IndexOfRegister, DWORD bpxType, DWORD bpxSize, LPVOID bpxCallBack, LPDWORD IndexOfSelectedRegister)
{
HWBP_SIZE hwbpSize;
HWBP_MODE hwbpMode;
HWBP_TYPE hwbpType;
int hwbpIndex=-1;
DR7 dr7;
switch(bpxSize)
{
case UE_HARDWARE_SIZE_1:
hwbpSize=SIZE_1;
break;
case UE_HARDWARE_SIZE_2:
hwbpSize=SIZE_2;
if((bpxAddress%2)!=0)
return false;
break;
case UE_HARDWARE_SIZE_4:
hwbpSize=SIZE_4;
if((bpxAddress%4)!=0)
return false;
break;
case UE_HARDWARE_SIZE_8:
hwbpSize=SIZE_8;
if((bpxAddress%8)!=0)
return false;
break;
default:
return false;
}
if(!IndexOfRegister)
{
if(!DebugRegister[0].DrxEnabled)
IndexOfRegister = UE_DR0;
else if(!DebugRegister[1].DrxEnabled)
IndexOfRegister = UE_DR1;
else if(!DebugRegister[2].DrxEnabled)
IndexOfRegister = UE_DR2;
else if(!DebugRegister[3].DrxEnabled)
IndexOfRegister = UE_DR3;
else
return false;
}
if(IndexOfSelectedRegister)
*IndexOfSelectedRegister=IndexOfRegister;
switch(IndexOfRegister)
{
case UE_DR0:
hwbpIndex=0;
break;
case UE_DR1:
hwbpIndex=1;
break;
case UE_DR2:
hwbpIndex=2;
break;
case UE_DR3:
hwbpIndex=3;
break;
default:
return false;
}
uintdr7((ULONG_PTR)GetContextDataEx(hActiveThread, UE_DR7), &dr7);
DebugRegister[hwbpIndex].DrxExecution=false;
switch(bpxType)
{
case UE_HARDWARE_EXECUTE:
hwbpSize=SIZE_1;
hwbpType=TYPE_EXECUTE;
DebugRegister[hwbpIndex].DrxExecution=true;
break;
case UE_HARDWARE_WRITE:
hwbpType=TYPE_WRITE;
break;
case UE_HARDWARE_READWRITE:
hwbpType=TYPE_READWRITE;
break;
default:
return false;
}
hwbpMode=MODE_LOCAL;
dr7.HWBP_MODE[hwbpIndex]=hwbpMode;
dr7.HWBP_SIZE[hwbpIndex]=hwbpSize;
dr7.HWBP_TYPE[hwbpIndex]=hwbpType;
SetContextDataEx(hActiveThread, UE_DR7, dr7uint(&dr7));
SetContextDataEx(hActiveThread, IndexOfRegister, (ULONG_PTR)bpxAddress);
DebugRegister[hwbpIndex].DrxBreakPointType=bpxType;
DebugRegister[hwbpIndex].DrxBreakPointSize=bpxSize;
DebugRegister[hwbpIndex].DrxEnabled=true;
DebugRegister[hwbpIndex].DrxBreakAddress=(ULONG_PTR)bpxAddress;
DebugRegister[hwbpIndex].DrxCallBack=(ULONG_PTR)bpxCallBack;
return true;
}
__declspec(dllexport) bool TITCALL RemoveAllBreakPoints(DWORD RemoveOption)
{
int i = 0;
int CurrentBreakPointSetCount = -1;
if(RemoveOption == UE_OPTION_REMOVEALL)
{
for(i = BreakPointSetCount - 1; i >= 0; i--)
{
if(BreakPointBuffer[i].BreakPointType == UE_BREAKPOINT)
{
DeleteBPX((ULONG_PTR)BreakPointBuffer[i].BreakPointAddress);
}
else if(BreakPointBuffer[i].BreakPointType >= UE_MEMORY && BreakPointBuffer[i].BreakPointType <= UE_MEMORY_EXECUTE)
{
RemoveMemoryBPX((ULONG_PTR)BreakPointBuffer[i].BreakPointAddress, BreakPointBuffer[i].BreakPointSize);
}
else if(CurrentBreakPointSetCount == -1 && BreakPointBuffer[i].BreakPointActive != UE_BPXREMOVED)
{
CurrentBreakPointSetCount = BreakPointSetCount;
}
RtlZeroMemory(&BreakPointBuffer[i], sizeof BreakPointDetail);
}
DeleteHardwareBreakPoint(UE_DR0);
DeleteHardwareBreakPoint(UE_DR1);
DeleteHardwareBreakPoint(UE_DR2);
DeleteHardwareBreakPoint(UE_DR3);
BreakPointSetCount = 0;
return(true);
}
else if(RemoveOption == UE_OPTION_DISABLEALL)
{
for(i = BreakPointSetCount - 1; i >= 0; i--)
{
if(BreakPointBuffer[i].BreakPointType == UE_BREAKPOINT && BreakPointBuffer[i].BreakPointActive == UE_BPXACTIVE)
{
DisableBPX((ULONG_PTR)BreakPointBuffer[i].BreakPointAddress);
}
else if(BreakPointBuffer[i].BreakPointType >= UE_MEMORY && BreakPointBuffer[i].BreakPointType <= UE_MEMORY_EXECUTE)
{
RemoveMemoryBPX((ULONG_PTR)BreakPointBuffer[i].BreakPointAddress, BreakPointBuffer[i].BreakPointSize);
RtlZeroMemory(&BreakPointBuffer[i], sizeof BreakPointDetail);
}
}
return(true);
}
else if(RemoveOption == UE_OPTION_REMOVEALLDISABLED)
{
for(i = BreakPointSetCount - 1; i >= 0; i--)
{
if(BreakPointBuffer[i].BreakPointType == UE_BREAKPOINT && BreakPointBuffer[i].BreakPointActive == UE_BPXINACTIVE)
{
DeleteBPX((ULONG_PTR)BreakPointBuffer[i].BreakPointAddress);
}
else if(CurrentBreakPointSetCount == -1 && BreakPointBuffer[i].BreakPointActive != UE_BPXREMOVED)
{
CurrentBreakPointSetCount = BreakPointSetCount;
}
}
if(CurrentBreakPointSetCount == -1)
{
BreakPointSetCount = 0;
}
else
{
BreakPointSetCount = CurrentBreakPointSetCount;
}
return(true);
}
else if(RemoveOption == UE_OPTION_REMOVEALLENABLED)
{
for(i = BreakPointSetCount - 1; i >= 0; i--)
{
if(BreakPointBuffer[i].BreakPointType == UE_BREAKPOINT && BreakPointBuffer[i].BreakPointActive == UE_BPXACTIVE)
{
DeleteBPX((ULONG_PTR)BreakPointBuffer[i].BreakPointAddress);
}
else if(CurrentBreakPointSetCount == -1 && BreakPointBuffer[i].BreakPointActive != UE_BPXREMOVED)
{
CurrentBreakPointSetCount = BreakPointSetCount;
}
}
if(CurrentBreakPointSetCount == -1)
{
BreakPointSetCount = 0;
}
else
{
BreakPointSetCount = CurrentBreakPointSetCount;
}
return(true);
}
return(false);
}

661
TitanEngine/TitanEngine.Debugger.Context.cpp Normal file
View File

@ -0,0 +1,661 @@
#include "stdafx.h"
#include "definitions.h"
#include "Global.Debugger.h"
#include "Global.Engine.h"
#include "Global.Handle.h"
static CONTEXT DBGContext = {};
__declspec(dllexport) bool TITCALL GetContextFPUDataEx(HANDLE hActiveThread, void* FPUSaveArea)
{
if(FPUSaveArea != NULL)
{
RtlZeroMemory(&DBGContext, sizeof CONTEXT);
DBGContext.ContextFlags = CONTEXT_ALL;
if(!GetThreadContext(hActiveThread, &DBGContext))
return(false);
#if !defined (_WIN64)
RtlMoveMemory(FPUSaveArea, &DBGContext.FloatSave, sizeof FLOATING_SAVE_AREA);
#else
RtlMoveMemory(FPUSaveArea, &DBGContext.FltSave, sizeof XMM_SAVE_AREA32);
#endif
return(true);
}
else
{
return(false);
}
}
__declspec(dllexport) long long TITCALL GetContextDataEx(HANDLE hActiveThread, DWORD IndexOfRegister)
{
RtlZeroMemory(&DBGContext, sizeof CONTEXT);
DBGContext.ContextFlags = CONTEXT_ALL;
#if defined(_WIN64)
GetThreadContext(hActiveThread, &DBGContext);
if(IndexOfRegister == UE_EAX)
{
return((DWORD)DBGContext.Rax);
}
else if(IndexOfRegister == UE_EBX)
{
return((DWORD)DBGContext.Rbx);
}
else if(IndexOfRegister == UE_ECX)
{
return((DWORD)DBGContext.Rcx);
}
else if(IndexOfRegister == UE_EDX)
{
return((DWORD)DBGContext.Rdx);
}
else if(IndexOfRegister == UE_EDI)
{
return((DWORD)DBGContext.Rdi);
}
else if(IndexOfRegister == UE_ESI)
{
return((DWORD)DBGContext.Rsi);
}
else if(IndexOfRegister == UE_EBP)
{
return((DWORD)DBGContext.Rbp);
}
else if(IndexOfRegister == UE_ESP)
{
return((DWORD)DBGContext.Rsp);
}
else if(IndexOfRegister == UE_EIP)
{
return((DWORD)DBGContext.Rip);
}
else if(IndexOfRegister == UE_EFLAGS)
{
return((DWORD)DBGContext.EFlags);
}
else if(IndexOfRegister == UE_RAX)
{
return(DBGContext.Rax);
}
else if(IndexOfRegister == UE_RBX)
{
return(DBGContext.Rbx);
}
else if(IndexOfRegister == UE_RCX)
{
return(DBGContext.Rcx);
}
else if(IndexOfRegister == UE_RDX)
{
return(DBGContext.Rdx);
}
else if(IndexOfRegister == UE_RDI)
{
return(DBGContext.Rdi);
}
else if(IndexOfRegister == UE_RSI)
{
return(DBGContext.Rsi);
}
else if(IndexOfRegister == UE_RBP)
{
return(DBGContext.Rbp);
}
else if(IndexOfRegister == UE_RSP)
{
return(DBGContext.Rsp);
}
else if(IndexOfRegister == UE_RIP)
{
return(DBGContext.Rip);
}
else if(IndexOfRegister == UE_RFLAGS)
{
return(DBGContext.EFlags);
}
else if(IndexOfRegister == UE_DR0)
{
return(DBGContext.Dr0);
}
else if(IndexOfRegister == UE_DR1)
{
return(DBGContext.Dr1);
}
else if(IndexOfRegister == UE_DR2)
{
return(DBGContext.Dr2);
}
else if(IndexOfRegister == UE_DR3)
{
return(DBGContext.Dr3);
}
else if(IndexOfRegister == UE_DR6)
{
return(DBGContext.Dr6);
}
else if(IndexOfRegister == UE_DR7)
{
return(DBGContext.Dr7);
}
else if(IndexOfRegister == UE_R8)
{
return(DBGContext.R8);
}
else if(IndexOfRegister == UE_R9)
{
return(DBGContext.R9);
}
else if(IndexOfRegister == UE_R10)
{
return(DBGContext.R10);
}
else if(IndexOfRegister == UE_R11)
{
return(DBGContext.R11);
}
else if(IndexOfRegister == UE_R12)
{
return(DBGContext.R12);
}
else if(IndexOfRegister == UE_R13)
{
return(DBGContext.R13);
}
else if(IndexOfRegister == UE_R14)
{
return(DBGContext.R14);
}
else if(IndexOfRegister == UE_R15)
{
return(DBGContext.R15);
}
else if(IndexOfRegister == UE_CIP)
{
return(DBGContext.Rip);
}
else if(IndexOfRegister == UE_CSP)
{
return(DBGContext.Rsp);
}
else if(IndexOfRegister == UE_SEG_GS)
{
return(DBGContext.SegGs);
}
else if(IndexOfRegister == UE_SEG_FS)
{
return(DBGContext.SegFs);
}
else if(IndexOfRegister == UE_SEG_ES)
{
return(DBGContext.SegEs);
}
else if(IndexOfRegister == UE_SEG_DS)
{
return(DBGContext.SegDs);
}
else if(IndexOfRegister == UE_SEG_CS)
{
return(DBGContext.SegCs);
}
else if(IndexOfRegister == UE_SEG_SS)
{
return(DBGContext.SegSs);
}
#else
GetThreadContext(hActiveThread, &DBGContext);
if(IndexOfRegister == UE_EAX)
{
return(DBGContext.Eax);
}
else if(IndexOfRegister == UE_EBX)
{
return(DBGContext.Ebx);
}
else if(IndexOfRegister == UE_ECX)
{
return(DBGContext.Ecx);
}
else if(IndexOfRegister == UE_EDX)
{
return(DBGContext.Edx);
}
else if(IndexOfRegister == UE_EDI)
{
return(DBGContext.Edi);
}
else if(IndexOfRegister == UE_ESI)
{
return(DBGContext.Esi);
}
else if(IndexOfRegister == UE_EBP)
{
return(DBGContext.Ebp);
}
else if(IndexOfRegister == UE_ESP)
{
return(DBGContext.Esp);
}
else if(IndexOfRegister == UE_EIP)
{
return(DBGContext.Eip);
}
else if(IndexOfRegister == UE_EFLAGS)
{
return(DBGContext.EFlags);
}
else if(IndexOfRegister == UE_DR0)
{
return(DBGContext.Dr0);
}
else if(IndexOfRegister == UE_DR1)
{
return(DBGContext.Dr1);
}
else if(IndexOfRegister == UE_DR2)
{
return(DBGContext.Dr2);
}
else if(IndexOfRegister == UE_DR3)
{
return(DBGContext.Dr3);
}
else if(IndexOfRegister == UE_DR6)
{
return(DBGContext.Dr6);
}
else if(IndexOfRegister == UE_DR7)
{
return(DBGContext.Dr7);
}
else if(IndexOfRegister == UE_CIP)
{
return(DBGContext.Eip);
}
else if(IndexOfRegister == UE_CSP)
{
return(DBGContext.Esp);
}
else if(IndexOfRegister == UE_SEG_GS)
{
return(DBGContext.SegGs);
}
else if(IndexOfRegister == UE_SEG_FS)
{
return(DBGContext.SegFs);
}
else if(IndexOfRegister == UE_SEG_ES)
{
return(DBGContext.SegEs);
}
else if(IndexOfRegister == UE_SEG_DS)
{
return(DBGContext.SegDs);
}
else if(IndexOfRegister == UE_SEG_CS)
{
return(DBGContext.SegCs);
}
else if(IndexOfRegister == UE_SEG_SS)
{
return(DBGContext.SegSs);
}
#endif
return(NULL);
}
__declspec(dllexport) long long TITCALL GetContextData(DWORD IndexOfRegister)
{
HANDLE hActiveThread = 0;
long long ContextReturn;
hActiveThread = OpenThread(THREAD_GET_CONTEXT|THREAD_SET_CONTEXT|THREAD_QUERY_INFORMATION, false, DBGEvent.dwThreadId);
ContextReturn = GetContextDataEx(hActiveThread, IndexOfRegister);
EngineCloseHandle(hActiveThread);
return(ContextReturn);
}
__declspec(dllexport) bool TITCALL SetContextFPUDataEx(HANDLE hActiveThread, void* FPUSaveArea)
{
if(FPUSaveArea != NULL)
{
RtlZeroMemory(&DBGContext, sizeof CONTEXT);
DBGContext.ContextFlags = CONTEXT_ALL;
if(!GetThreadContext(hActiveThread, &DBGContext))
return(false);
#if !defined (_WIN64)
RtlMoveMemory(&DBGContext.FloatSave, FPUSaveArea, sizeof FLOATING_SAVE_AREA);
#else
RtlMoveMemory(&DBGContext.FltSave, FPUSaveArea, sizeof XMM_SAVE_AREA32);
#endif
if(SetThreadContext(hActiveThread, &DBGContext))
{
return(true);
}
}
return(false);
}
__declspec(dllexport) bool TITCALL SetContextDataEx(HANDLE hActiveThread, DWORD IndexOfRegister, ULONG_PTR NewRegisterValue)
{
SuspendThread(hActiveThread);
RtlZeroMemory(&DBGContext, sizeof CONTEXT);
DBGContext.ContextFlags = CONTEXT_ALL;
#ifdef _WIN64
if(!GetThreadContext(hActiveThread, &DBGContext))
{
ResumeThread(hActiveThread);
return(false);
}
if(IndexOfRegister == UE_EAX)
{
NewRegisterValue = DBGContext.Rax - (DWORD)DBGContext.Rax + NewRegisterValue;
DBGContext.Rax = NewRegisterValue;
}
else if(IndexOfRegister == UE_EBX)
{
NewRegisterValue = DBGContext.Rbx - (DWORD)DBGContext.Rbx + NewRegisterValue;
DBGContext.Rbx = NewRegisterValue;
}
else if(IndexOfRegister == UE_ECX)
{
NewRegisterValue = DBGContext.Rcx - (DWORD)DBGContext.Rcx + NewRegisterValue;
DBGContext.Rcx = NewRegisterValue;
}
else if(IndexOfRegister == UE_EDX)
{
NewRegisterValue = DBGContext.Rdx - (DWORD)DBGContext.Rdx + NewRegisterValue;
DBGContext.Rdx = NewRegisterValue;
}
else if(IndexOfRegister == UE_EDI)
{
NewRegisterValue = DBGContext.Rdi - (DWORD)DBGContext.Rdi + NewRegisterValue;
DBGContext.Rdi = NewRegisterValue;
}
else if(IndexOfRegister == UE_ESI)
{
NewRegisterValue = DBGContext.Rsi - (DWORD)DBGContext.Rsi + NewRegisterValue;
DBGContext.Rsi = NewRegisterValue;
}
else if(IndexOfRegister == UE_EBP)
{
NewRegisterValue = DBGContext.Rbp - (DWORD)DBGContext.Rbp + NewRegisterValue;
DBGContext.Rbp = NewRegisterValue;
}
else if(IndexOfRegister == UE_ESP)
{
NewRegisterValue = DBGContext.Rsp - (DWORD)DBGContext.Rsp + NewRegisterValue;
DBGContext.Rsp = NewRegisterValue;
}
else if(IndexOfRegister == UE_EIP)
{
NewRegisterValue = DBGContext.Rip - (DWORD)DBGContext.Rip + NewRegisterValue;
DBGContext.Rip = NewRegisterValue;
}
else if(IndexOfRegister == UE_EFLAGS)
{
DBGContext.EFlags = (DWORD)NewRegisterValue;
}
else if(IndexOfRegister == UE_RAX)
{
DBGContext.Rax = NewRegisterValue;
}
else if(IndexOfRegister == UE_RBX)
{
DBGContext.Rbx = NewRegisterValue;
}
else if(IndexOfRegister == UE_RCX)
{
DBGContext.Rcx = NewRegisterValue;
}
else if(IndexOfRegister == UE_RDX)
{
DBGContext.Rdx = NewRegisterValue;
}
else if(IndexOfRegister == UE_RDI)
{
DBGContext.Rdi = NewRegisterValue;
}
else if(IndexOfRegister == UE_RSI)
{
DBGContext.Rsi = NewRegisterValue;
}
else if(IndexOfRegister == UE_RBP)
{
DBGContext.Rbp = NewRegisterValue;
}
else if(IndexOfRegister == UE_RSP)
{
DBGContext.Rsp = NewRegisterValue;
}
else if(IndexOfRegister == UE_RIP)
{
DBGContext.Rip = NewRegisterValue;
}
else if(IndexOfRegister == UE_RFLAGS)
{
DBGContext.EFlags = (DWORD)NewRegisterValue;
}
else if(IndexOfRegister == UE_DR0)
{
DBGContext.Dr0 = NewRegisterValue;
}
else if(IndexOfRegister == UE_DR1)
{
DBGContext.Dr1 = NewRegisterValue;
}
else if(IndexOfRegister == UE_DR2)
{
DBGContext.Dr2 = NewRegisterValue;
}
else if(IndexOfRegister == UE_DR3)
{
DBGContext.Dr3 = NewRegisterValue;
}
else if(IndexOfRegister == UE_DR6)
{
DBGContext.Dr6 = NewRegisterValue;
}
else if(IndexOfRegister == UE_DR7)
{
DBGContext.Dr7 = NewRegisterValue;
}
else if(IndexOfRegister == UE_R8)
{
DBGContext.R8 = NewRegisterValue;
}
else if(IndexOfRegister == UE_R9)
{
DBGContext.R9 = NewRegisterValue;
}
else if(IndexOfRegister == UE_R10)
{
DBGContext.R10 = NewRegisterValue;
}
else if(IndexOfRegister == UE_R11)
{
DBGContext.R11 = NewRegisterValue;
}
else if(IndexOfRegister == UE_R12)
{
DBGContext.R12 = NewRegisterValue;
}
else if(IndexOfRegister == UE_R13)
{
DBGContext.R13 = NewRegisterValue;
}
else if(IndexOfRegister == UE_R14)
{
DBGContext.R14 = NewRegisterValue;
}
else if(IndexOfRegister == UE_R15)
{
DBGContext.R15 = NewRegisterValue;
}
else if(IndexOfRegister == UE_CIP)
{
DBGContext.Rip = NewRegisterValue;
}
else if(IndexOfRegister == UE_CSP)
{
DBGContext.Rsp = NewRegisterValue;
}
else if(IndexOfRegister == UE_SEG_GS)
{
DBGContext.SegGs = (WORD)NewRegisterValue;
}
else if(IndexOfRegister == UE_SEG_FS)
{
DBGContext.SegFs = (WORD)NewRegisterValue;
}
else if(IndexOfRegister == UE_SEG_ES)
{
DBGContext.SegEs = (WORD)NewRegisterValue;
}
else if(IndexOfRegister == UE_SEG_DS)
{
DBGContext.SegDs = (WORD)NewRegisterValue;
}
else if(IndexOfRegister == UE_SEG_CS)
{
DBGContext.SegCs = (WORD)NewRegisterValue;
}
else if(IndexOfRegister == UE_SEG_SS)
{
DBGContext.SegSs = (WORD)NewRegisterValue;
}
else
{
ResumeThread(hActiveThread);
return(false);
}
if(SetThreadContext(hActiveThread, &DBGContext))
{
ResumeThread(hActiveThread);
return(true);
}
#else
if(!GetThreadContext(hActiveThread, &DBGContext))
{
ResumeThread(hActiveThread);
return(false);
}
if(IndexOfRegister == UE_EAX)
{
DBGContext.Eax = NewRegisterValue;
}
else if(IndexOfRegister == UE_EBX)
{
DBGContext.Ebx = NewRegisterValue;
}
else if(IndexOfRegister == UE_ECX)
{
DBGContext.Ecx = NewRegisterValue;
}
else if(IndexOfRegister == UE_EDX)
{
DBGContext.Edx = NewRegisterValue;
}
else if(IndexOfRegister == UE_EDI)
{
DBGContext.Edi = NewRegisterValue;
}
else if(IndexOfRegister == UE_ESI)
{
DBGContext.Esi = NewRegisterValue;
}
else if(IndexOfRegister == UE_EBP)
{
DBGContext.Ebp = NewRegisterValue;
}
else if(IndexOfRegister == UE_ESP)
{
DBGContext.Esp = NewRegisterValue;
}
else if(IndexOfRegister == UE_EIP)
{
DBGContext.Eip = NewRegisterValue;
}
else if(IndexOfRegister == UE_EFLAGS)
{
DBGContext.EFlags = NewRegisterValue;
}
else if(IndexOfRegister == UE_DR0)
{
DBGContext.Dr0 = NewRegisterValue;
}
else if(IndexOfRegister == UE_DR1)
{
DBGContext.Dr1 = NewRegisterValue;
}
else if(IndexOfRegister == UE_DR2)
{
DBGContext.Dr2 = NewRegisterValue;
}
else if(IndexOfRegister == UE_DR3)
{
DBGContext.Dr3 = NewRegisterValue;
}
else if(IndexOfRegister == UE_DR6)
{
DBGContext.Dr6 = NewRegisterValue;
}
else if(IndexOfRegister == UE_DR7)
{
DBGContext.Dr7 = NewRegisterValue;
}
else if(IndexOfRegister == UE_CIP)
{
DBGContext.Eip = NewRegisterValue;
}
else if(IndexOfRegister == UE_CSP)
{
DBGContext.Esp = NewRegisterValue;
}
else if(IndexOfRegister == UE_SEG_GS)
{
DBGContext.SegGs = NewRegisterValue;
}
else if(IndexOfRegister == UE_SEG_FS)
{
DBGContext.SegFs = NewRegisterValue;
}
else if(IndexOfRegister == UE_SEG_ES)
{
DBGContext.SegEs = NewRegisterValue;
}
else if(IndexOfRegister == UE_SEG_DS)
{
DBGContext.SegDs = NewRegisterValue;
}
else if(IndexOfRegister == UE_SEG_CS)
{
DBGContext.SegCs = NewRegisterValue;
}
else if(IndexOfRegister == UE_SEG_SS)
{
DBGContext.SegSs = NewRegisterValue;
}
else
{
ResumeThread(hActiveThread);
return(false);
}
if(SetThreadContext(hActiveThread, &DBGContext))
{
ResumeThread(hActiveThread);
return(true);
}
#endif
ResumeThread(hActiveThread);
return(false);
}
__declspec(dllexport) bool TITCALL SetContextData(DWORD IndexOfRegister, ULONG_PTR NewRegisterValue)
{
HANDLE hActiveThread = 0;
bool ContextReturn;
hActiveThread = OpenThread(THREAD_ALL_ACCESS, false, DBGEvent.dwThreadId);
ContextReturn = SetContextDataEx(hActiveThread, IndexOfRegister, NewRegisterValue);
EngineCloseHandle(hActiveThread);
return(ContextReturn);
}

159
TitanEngine/TitanEngine.Debugger.Data.cpp Normal file
View File

@ -0,0 +1,159 @@
#include "stdafx.h"
#include "definitions.h"
#include "Global.Debugger.h"
//TODO: never changed LOL
static DWORD CurrentExceptionsNumber = 0;
__declspec(dllexport) void TITCALL ClearExceptionNumber()
{
CurrentExceptionsNumber = 0;
}
__declspec(dllexport) long TITCALL CurrentExceptionNumber()
{
return(CurrentExceptionsNumber);
}
__declspec(dllexport) void* TITCALL GetDebugData()
{
return(&DBGEvent);
}
__declspec(dllexport) void* TITCALL GetTerminationData()
{
return(&TerminateDBGEvent);
}
__declspec(dllexport) long TITCALL GetExitCode()
{
return(ProcessExitCode);
}
__declspec(dllexport) long long TITCALL GetDebuggedDLLBaseAddress()
{
return((ULONG_PTR)DebugDebuggingDLLBase);
}
__declspec(dllexport) unsigned long long TITCALL GetDebuggedFileBaseAddress()
{
return (unsigned long long)DebugDebuggingMainModuleBase;
}
__declspec(dllexport) void TITCALL SetCustomHandler(DWORD ExceptionId, LPVOID CallBack)
{
if(ExceptionId == UE_CH_BREAKPOINT)
{
DBGCustomHandler->chBreakPoint = (ULONG_PTR)CallBack;
}
else if(ExceptionId == UE_CH_SINGLESTEP)
{
DBGCustomHandler->chSingleStep = (ULONG_PTR)CallBack;
}
else if(ExceptionId == UE_CH_ACCESSVIOLATION)
{
DBGCustomHandler->chAccessViolation = (ULONG_PTR)CallBack;
}
else if(ExceptionId == UE_CH_ILLEGALINSTRUCTION)
{
DBGCustomHandler->chIllegalInstruction = (ULONG_PTR)CallBack;
}
else if(ExceptionId == UE_CH_NONCONTINUABLEEXCEPTION)
{
DBGCustomHandler->chNonContinuableException = (ULONG_PTR)CallBack;
}
else if(ExceptionId == UE_CH_ARRAYBOUNDSEXCEPTION)
{
DBGCustomHandler->chArrayBoundsException = (ULONG_PTR)CallBack;
}
else if(ExceptionId == UE_CH_FLOATDENORMALOPERAND)
{
DBGCustomHandler->chFloatDenormalOperand = (ULONG_PTR)CallBack;
}
else if(ExceptionId == UE_CH_FLOATDEVIDEBYZERO)
{
DBGCustomHandler->chFloatDevideByZero = (ULONG_PTR)CallBack;
}
else if(ExceptionId == UE_CH_INTEGERDEVIDEBYZERO)
{
DBGCustomHandler->chIntegerDevideByZero = (ULONG_PTR)CallBack;
}
else if(ExceptionId == UE_CH_INTEGEROVERFLOW)
{
DBGCustomHandler->chIntegerOverflow = (ULONG_PTR)CallBack;
}
else if(ExceptionId == UE_CH_PRIVILEGEDINSTRUCTION)
{
DBGCustomHandler->chPrivilegedInstruction = (ULONG_PTR)CallBack;
}
else if(ExceptionId == UE_CH_PAGEGUARD)
{
DBGCustomHandler->chPageGuard = (ULONG_PTR)CallBack;
}
else if(ExceptionId == UE_CH_EVERYTHINGELSE)
{
DBGCustomHandler->chEverythingElse = (ULONG_PTR)CallBack;
}
else if(ExceptionId == UE_CH_CREATETHREAD)
{
DBGCustomHandler->chCreateThread = (ULONG_PTR)CallBack;
}
else if(ExceptionId == UE_CH_EXITTHREAD)
{
DBGCustomHandler->chExitThread = (ULONG_PTR)CallBack;
}
else if(ExceptionId == UE_CH_CREATEPROCESS)
{
DBGCustomHandler->chCreateProcess = (ULONG_PTR)CallBack;
}
else if(ExceptionId == UE_CH_EXITPROCESS)
{
DBGCustomHandler->chExitProcess = (ULONG_PTR)CallBack;
}
else if(ExceptionId == UE_CH_LOADDLL)
{
DBGCustomHandler->chLoadDll = (ULONG_PTR)CallBack;
}
else if(ExceptionId == UE_CH_UNLOADDLL)
{
DBGCustomHandler->chUnloadDll = (ULONG_PTR)CallBack;
}
else if(ExceptionId == UE_CH_OUTPUTDEBUGSTRING)
{
DBGCustomHandler->chOutputDebugString = (ULONG_PTR)CallBack;
}
else if(ExceptionId == UE_CH_AFTEREXCEPTIONPROCESSING)
{
DBGCustomHandler->chAfterException = (ULONG_PTR)CallBack;
}
else if(ExceptionId == UE_CH_SYSTEMBREAKPOINT)
{
DBGCustomHandler->chSystemBreakpoint = (ULONG_PTR)CallBack;
}
else if(ExceptionId == UE_CH_UNHANDLEDEXCEPTION)
{
DBGCustomHandler->chUnhandledException = (ULONG_PTR)CallBack;
}
else if(ExceptionId == UE_CH_RIPEVENT)
{
DBGCustomHandler->chRipEvent = (ULONG_PTR)CallBack;
}
else if(ExceptionId == UE_CH_ALLEVENTS)
{
DBGCustomHandler->chEverythingElse = (ULONG_PTR)CallBack;
DBGCustomHandler->chCreateThread = (ULONG_PTR)CallBack;
DBGCustomHandler->chExitThread = (ULONG_PTR)CallBack;
DBGCustomHandler->chCreateProcess = (ULONG_PTR)CallBack;
DBGCustomHandler->chExitProcess = (ULONG_PTR)CallBack;
DBGCustomHandler->chLoadDll = (ULONG_PTR)CallBack;
DBGCustomHandler->chUnloadDll = (ULONG_PTR)CallBack;
DBGCustomHandler->chOutputDebugString = (ULONG_PTR)CallBack;
DBGCustomHandler->chSystemBreakpoint = (ULONG_PTR)CallBack;
DBGCustomHandler->chRipEvent = (ULONG_PTR)CallBack;
}
}
__declspec(dllexport) void* TITCALL GetProcessInformation()
{
return(&dbgProcessInformation);
}
__declspec(dllexport) void* TITCALL GetStartupInformation()
{
return(&dbgStartupInfo);
}

1776
TitanEngine/TitanEngine.Debugger.DebugLoop.cpp Normal file
View File

File diff suppressed because it is too large Load Diff

822
TitanEngine/TitanEngine.Debugger.Helper.cpp Normal file
View File

@ -0,0 +1,822 @@
#include "stdafx.h"
#include "definitions.h"
#include "Global.Debugger.h"
static char szParameterString[512];
__declspec(dllexport) bool TITCALL GetRemoteString(HANDLE hProcess, LPVOID StringAddress, LPVOID StringStorage, int MaximumStringSize)
{
MEMORY_BASIC_INFORMATION MemInfo;
ULONG_PTR ueNumberOfBytesRW = NULL;
DWORD StringReadSize = NULL;
if(MaximumStringSize == NULL)
{
MaximumStringSize = 512;
}
VirtualQueryEx(hProcess, (LPVOID)StringAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
if((int)((ULONG_PTR)MemInfo.BaseAddress + (ULONG_PTR)MemInfo.RegionSize - (ULONG_PTR)StringAddress) < MaximumStringSize)
{
StringReadSize = (DWORD)((ULONG_PTR)StringAddress - (ULONG_PTR)MemInfo.BaseAddress);
VirtualQueryEx(hProcess, (LPVOID)((ULONG_PTR)StringAddress + (ULONG_PTR)MemInfo.RegionSize), &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
if(MemInfo.State == MEM_COMMIT)
{
StringReadSize = MaximumStringSize;
}
}
else
{
StringReadSize = MaximumStringSize;
}
RtlZeroMemory(StringStorage, MaximumStringSize);
if(ReadProcessMemory(hProcess, (LPVOID)StringAddress, StringStorage, StringReadSize, &ueNumberOfBytesRW))
{
return(true);
}
else
{
return(false);
}
}
__declspec(dllexport) long long TITCALL GetFunctionParameter(HANDLE hProcess, DWORD FunctionType, DWORD ParameterNumber, DWORD ParameterType)
{
MEMORY_BASIC_INFORMATION MemInfo;
ULONG_PTR ueNumberOfBytesRW = NULL;
ULONG_PTR StackReadBuffer = NULL;
ULONG_PTR StackFinalBuffer = NULL;
ULONG_PTR StackReadAddress = NULL;
DWORD StackSecondReadSize = NULL;
DWORD StackReadSize = 512;
DWORD StringReadSize = 512;
bool ValueIsPointer = false;
if(ParameterType == UE_PARAMETER_BYTE)
{
StackReadSize = 1;
}
else if(ParameterType == UE_PARAMETER_WORD)
{
StackReadSize = 2;
}
else if(ParameterType == UE_PARAMETER_DWORD)
{
StackReadSize = 4;
}
else if(ParameterType == UE_PARAMETER_QWORD)
{
StackReadSize = 8;
}
else
{
if(ParameterType >= UE_PARAMETER_PTR_BYTE && ParameterType <= UE_PARAMETER_UNICODE)
{
ValueIsPointer = true;
}
if(ParameterType == UE_PARAMETER_PTR_BYTE)
{
StackSecondReadSize = 1;
}
else if(ParameterType == UE_PARAMETER_PTR_WORD)
{
StackSecondReadSize = 2;
}
else if(ParameterType == UE_PARAMETER_PTR_DWORD)
{
StackSecondReadSize = 4;
}
else if(ParameterType == UE_PARAMETER_PTR_QWORD)
{
StackSecondReadSize = 8;
}
else
{
StackSecondReadSize = 0;
}
StackReadSize = sizeof ULONG_PTR;
}
if(FunctionType >= UE_FUNCTION_STDCALL && FunctionType <= UE_FUNCTION_CCALL_CALL && FunctionType != UE_FUNCTION_FASTCALL_RET)
{
StackReadAddress = (ULONG_PTR)GetContextData(UE_CSP);
if(FunctionType != UE_FUNCTION_FASTCALL_CALL)
{
StackReadAddress = StackReadAddress + (ParameterNumber * sizeof ULONG_PTR);
if(FunctionType >= UE_FUNCTION_STDCALL_CALL)
{
StackReadAddress = StackReadAddress - sizeof ULONG_PTR;
}
}
else
{
if(ParameterNumber <= 4)
{
if(!ValueIsPointer)
{
if(ParameterNumber == 1)
{
return((ULONG_PTR)GetContextData(UE_RCX));
}
else if(ParameterNumber == 2)
{
return((ULONG_PTR)GetContextData(UE_RDX));
}
else if(ParameterNumber == 3)
{
return((ULONG_PTR)GetContextData(UE_R8));
}
else if(ParameterNumber == 4)
{
return((ULONG_PTR)GetContextData(UE_R9));
}
}
else
{
if(ParameterNumber == 1)
{
StackReadAddress = (ULONG_PTR)GetContextData(UE_RCX);
}
else if(ParameterNumber == 2)
{
StackReadAddress = (ULONG_PTR)GetContextData(UE_RDX);
}
else if(ParameterNumber == 3)
{
StackReadAddress = (ULONG_PTR)GetContextData(UE_R8);
}
else if(ParameterNumber == 4)
{
StackReadAddress = (ULONG_PTR)GetContextData(UE_R9);
}
}
}
else
{
StackReadAddress = StackReadAddress + 0x20 + ((ParameterNumber - 4) * sizeof ULONG_PTR) - sizeof ULONG_PTR;
}
}
if(ReadProcessMemory(hProcess, (LPVOID)StackReadAddress, &StackReadBuffer, sizeof ULONG_PTR, &ueNumberOfBytesRW))
{
if(!ValueIsPointer)
{
RtlMoveMemory((LPVOID)((ULONG_PTR)&StackFinalBuffer + sizeof ULONG_PTR - StackReadSize), (LPVOID)((ULONG_PTR)&StackReadBuffer + sizeof ULONG_PTR - StackReadSize), StackReadSize);
}
else
{
StackReadAddress = StackReadBuffer;
if(StackSecondReadSize > NULL)
{
if(ReadProcessMemory(hProcess, (LPVOID)StackReadAddress, &StackReadBuffer, sizeof ULONG_PTR, &ueNumberOfBytesRW))
{
RtlMoveMemory((LPVOID)((ULONG_PTR)&StackFinalBuffer + sizeof ULONG_PTR - StackSecondReadSize), (LPVOID)((ULONG_PTR)&StackReadBuffer + sizeof ULONG_PTR - StackSecondReadSize), StackSecondReadSize);
}
else
{
return(-1);
}
}
else
{
VirtualQueryEx(hProcess, (LPVOID)StackReadAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
if((ULONG_PTR)MemInfo.BaseAddress + (ULONG_PTR)MemInfo.RegionSize - StackReadAddress < 512)
{
StringReadSize = (DWORD)((ULONG_PTR)StackReadAddress - (ULONG_PTR)MemInfo.BaseAddress);
VirtualQueryEx(hProcess, (LPVOID)(StackReadAddress + (ULONG_PTR)MemInfo.RegionSize), &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
if(MemInfo.State == MEM_COMMIT)
{
StringReadSize = 512;
}
}
RtlZeroMemory(&szParameterString, 512);
if(ReadProcessMemory(hProcess, (LPVOID)StackReadAddress, &szParameterString, StringReadSize, &ueNumberOfBytesRW))
{
return((ULONG_PTR)&szParameterString);
}
else
{
return(-1);
}
}
}
return(StackFinalBuffer);
}
else
{
return(-1);
}
}
return(-1);
}
__declspec(dllexport) long long TITCALL GetJumpDestinationEx(HANDLE hProcess, ULONG_PTR InstructionAddress, bool JustJumps)
{
LPVOID ReadMemory;
MEMORY_BASIC_INFORMATION MemInfo;
ULONG_PTR ueNumberOfBytesRead = NULL;
PMEMORY_CMP_HANDLER CompareMemory;
ULONG_PTR TargetedAddress = NULL;
DWORD CurrentInstructionSize;
int ReadMemData = NULL;
BYTE ReadByteData = NULL;
if(hProcess != NULL)
{
VirtualQueryEx(hProcess, (LPVOID)InstructionAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
if(MemInfo.RegionSize > NULL)
{
ReadMemory = VirtualAlloc(NULL, MAXIMUM_INSTRUCTION_SIZE, MEM_COMMIT, PAGE_READWRITE);
if(!ReadMemory)
return 0;
if(ReadProcessMemory(hProcess, (LPVOID)InstructionAddress, ReadMemory, MAXIMUM_INSTRUCTION_SIZE, &ueNumberOfBytesRead))
{
CompareMemory = (PMEMORY_CMP_HANDLER)ReadMemory;
CurrentInstructionSize = StaticLengthDisassemble(ReadMemory);
if(CompareMemory->DataByte[0] == 0xE9 && CurrentInstructionSize == 5)
{
RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)ReadMemory + 1), 4);
TargetedAddress = ReadMemData + InstructionAddress + CurrentInstructionSize;
}
else if(CompareMemory->DataByte[0] == 0xEB && CurrentInstructionSize == 2)
{
RtlMoveMemory(&ReadByteData, (LPVOID)((ULONG_PTR)ReadMemory + 1), 1);
if(ReadByteData > 0x7F)
{
ReadByteData = 0xFF - ReadByteData;
ReadMemData = NULL - ReadByteData - CurrentInstructionSize + 1;
}
else
{
ReadMemData = ReadByteData;
}
TargetedAddress = InstructionAddress + ReadMemData + CurrentInstructionSize;
}
else if(CompareMemory->DataByte[0] == 0xE3 && CurrentInstructionSize == 2)
{
RtlMoveMemory(&ReadByteData, (LPVOID)((ULONG_PTR)ReadMemory + 1), 1);
if(ReadByteData > 0x7F)
{
ReadByteData = 0xFF - ReadByteData;
ReadMemData = NULL - ReadByteData - CurrentInstructionSize + 1;
}
else
{
ReadMemData = ReadByteData;
}
TargetedAddress = InstructionAddress + ReadMemData + CurrentInstructionSize;
}
else if(CompareMemory->DataByte[0] >= 0x71 && CompareMemory->DataByte[0] <= 0x7F && CurrentInstructionSize == 2)
{
RtlMoveMemory(&ReadByteData, (LPVOID)((ULONG_PTR)ReadMemory + 1), 1);
if(ReadByteData > 0x7F)
{
ReadByteData = 0xFF - ReadByteData;
ReadMemData = NULL - ReadByteData - CurrentInstructionSize + 1;
}
TargetedAddress = InstructionAddress + ReadMemData + CurrentInstructionSize;
}
else if(CompareMemory->DataByte[0] >= 0xE0 && CompareMemory->DataByte[0] <= 0xE2 && CurrentInstructionSize == 2)
{
RtlMoveMemory(&ReadByteData, (LPVOID)((ULONG_PTR)ReadMemory + 1), 1);
if(ReadByteData > 0x7F)
{
ReadByteData = 0xFF - ReadByteData;
ReadMemData = NULL - ReadByteData - CurrentInstructionSize + 1;
}
else
{
ReadMemData = ReadByteData;
}
TargetedAddress = InstructionAddress + ReadMemData + CurrentInstructionSize;
}
else if(CompareMemory->DataByte[0] == 0x0F && CompareMemory->DataByte[1] >= 0x81 && CompareMemory->DataByte[1] <= 0x8F && CurrentInstructionSize == 6)
{
RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)ReadMemory + 2), 4);
TargetedAddress = ReadMemData + InstructionAddress + CurrentInstructionSize;
}
else if(CompareMemory->DataByte[0] == 0x0F && CompareMemory->DataByte[1] >= 0x81 && CompareMemory->DataByte[1] <= 0x8F && CurrentInstructionSize == 4)
{
RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)ReadMemory + 2), 2);
TargetedAddress = ReadMemData + InstructionAddress + CurrentInstructionSize;
}
else if(CompareMemory->DataByte[0] == 0xE8 && CurrentInstructionSize == 5 && JustJumps == false)
{
RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)ReadMemory + 1), 4);
TargetedAddress = ReadMemData + InstructionAddress + CurrentInstructionSize;
}
else if(CompareMemory->DataByte[0] == 0xFF && CompareMemory->DataByte[1] == 0x25 && CurrentInstructionSize == 6)
{
RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)ReadMemory + 2), 4);
TargetedAddress = ReadMemData;
if(sizeof HANDLE == 8)
{
TargetedAddress = TargetedAddress + InstructionAddress;
}
}
else if(CompareMemory->DataByte[0] == 0xFF && CompareMemory->DataByte[1] == 0x15 && CurrentInstructionSize == 6 && JustJumps == false)
{
RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)ReadMemory + 2), 4);
TargetedAddress = ReadMemData;
if(sizeof HANDLE == 8)
{
TargetedAddress = TargetedAddress + InstructionAddress;
}
}
else if(CompareMemory->DataByte[0] == 0xFF && CompareMemory->DataByte[1] != 0x64 && CompareMemory->DataByte[1] >= 0x60 && CompareMemory->DataByte[1] <= 0x67 && CurrentInstructionSize == 3)
{
RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)ReadMemory + 2), 1);
TargetedAddress = ReadMemData;
if(CompareMemory->DataByte[1] == 0x60)
{
TargetedAddress = TargetedAddress + (ULONG_PTR)GetContextData(UE_EAX);
}
else if(CompareMemory->DataByte[1] == 0x61)
{
TargetedAddress = TargetedAddress + (ULONG_PTR)GetContextData(UE_ECX);
}
else if(CompareMemory->DataByte[1] == 0x62)
{
TargetedAddress = TargetedAddress + (ULONG_PTR)GetContextData(UE_EDX);
}
else if(CompareMemory->DataByte[1] == 0x63)
{
TargetedAddress = TargetedAddress + (ULONG_PTR)GetContextData(UE_EBX);
}
else if(CompareMemory->DataByte[1] == 0x65)
{
TargetedAddress = TargetedAddress + (ULONG_PTR)GetContextData(UE_EBP);
}
else if(CompareMemory->DataByte[1] == 0x66)
{
TargetedAddress = TargetedAddress + (ULONG_PTR)GetContextData(UE_ESI);
}
else if(CompareMemory->DataByte[1] == 0x67)
{
TargetedAddress = TargetedAddress + (ULONG_PTR)GetContextData(UE_EDI);
}
ReadProcessMemory(hProcess, (LPVOID)TargetedAddress, &TargetedAddress, 4, &ueNumberOfBytesRead);
}
}
VirtualFree(ReadMemory, NULL, MEM_RELEASE);
return((ULONG_PTR)TargetedAddress);
}
return(NULL);
}
else
{
CompareMemory = (PMEMORY_CMP_HANDLER)InstructionAddress;
CurrentInstructionSize = StaticLengthDisassemble((LPVOID)InstructionAddress);
if(CompareMemory->DataByte[0] == 0xE9 && CurrentInstructionSize == 5)
{
RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)InstructionAddress + 1), 4);
TargetedAddress = ReadMemData + InstructionAddress + CurrentInstructionSize;
}
else if(CompareMemory->DataByte[0] == 0xEB && CurrentInstructionSize == 2)
{
RtlMoveMemory(&ReadByteData, (LPVOID)((ULONG_PTR)InstructionAddress + 1), 1);
if(ReadByteData > 0x7F)
{
ReadByteData = 0xFF - ReadByteData;
ReadMemData = NULL - ReadByteData - CurrentInstructionSize + 1;
}
else
{
ReadMemData = ReadByteData;
}
TargetedAddress = InstructionAddress + ReadMemData + CurrentInstructionSize;
}
else if(CompareMemory->DataByte[0] == 0xE3 && CurrentInstructionSize == 2)
{
RtlMoveMemory(&ReadByteData, (LPVOID)((ULONG_PTR)InstructionAddress + 1), 1);
if(ReadByteData > 0x7F)
{
ReadByteData = 0xFF - ReadByteData;
ReadMemData = NULL - ReadByteData - CurrentInstructionSize + 1;
}
else
{
ReadMemData = ReadByteData;
}
TargetedAddress = InstructionAddress + ReadMemData + CurrentInstructionSize;
}
else if(CompareMemory->DataByte[0] >= 0x71 && CompareMemory->DataByte[0] <= 0x7F && CurrentInstructionSize == 2)
{
RtlMoveMemory(&ReadByteData, (LPVOID)((ULONG_PTR)InstructionAddress + 1), 1);
if(ReadByteData > 0x7F)
{
ReadByteData = 0xFF - ReadByteData;
ReadMemData = NULL - ReadByteData - CurrentInstructionSize + 1;
}
TargetedAddress = InstructionAddress + ReadMemData + CurrentInstructionSize;
}
else if(CompareMemory->DataByte[0] >= 0xE0 && CompareMemory->DataByte[0] <= 0xE2 && CurrentInstructionSize == 2)
{
RtlMoveMemory(&ReadByteData, (LPVOID)((ULONG_PTR)InstructionAddress + 1), 1);
if(ReadByteData > 0x7F)
{
ReadByteData = 0xFF - ReadByteData;
ReadMemData = NULL - ReadByteData - CurrentInstructionSize + 1;
}
else
{
ReadMemData = ReadByteData;
}
TargetedAddress = InstructionAddress + ReadMemData + CurrentInstructionSize;
}
else if(CompareMemory->DataByte[0] == 0x0F && CompareMemory->DataByte[1] >= 0x81 && CompareMemory->DataByte[1] <= 0x8F && CurrentInstructionSize == 6)
{
RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)InstructionAddress + 2), 4);
TargetedAddress = ReadMemData + InstructionAddress + CurrentInstructionSize;
}
else if(CompareMemory->DataByte[0] == 0x0F && CompareMemory->DataByte[1] >= 0x81 && CompareMemory->DataByte[1] <= 0x8F && CurrentInstructionSize == 4)
{
RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)InstructionAddress + 2), 2);
TargetedAddress = ReadMemData + InstructionAddress + CurrentInstructionSize;
}
else if(CompareMemory->DataByte[0] == 0xE8 && CurrentInstructionSize == 5 && JustJumps == false)
{
RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)InstructionAddress + 1), 4);
TargetedAddress = ReadMemData + InstructionAddress + CurrentInstructionSize;
}
else if(CompareMemory->DataByte[0] == 0xFF && CompareMemory->DataByte[1] == 0x25 && CurrentInstructionSize == 6)
{
RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)InstructionAddress + 2), 4);
TargetedAddress = ReadMemData;
if(sizeof HANDLE == 8)
{
TargetedAddress = TargetedAddress + InstructionAddress;
}
}
else if(CompareMemory->DataByte[0] == 0xFF && CompareMemory->DataByte[1] == 0x15 && CurrentInstructionSize == 6 && JustJumps == false)
{
RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)InstructionAddress + 2), 4);
TargetedAddress = ReadMemData;
if(sizeof HANDLE == 8)
{
TargetedAddress = TargetedAddress + InstructionAddress;
}
}
else if(CompareMemory->DataByte[0] == 0xFF && CompareMemory->DataByte[1] != 0x64 && CompareMemory->DataByte[1] >= 0x60 && CompareMemory->DataByte[1] <= 0x67 && CurrentInstructionSize == 3)
{
RtlMoveMemory(&ReadMemData, (LPVOID)((ULONG_PTR)InstructionAddress + 2), 1);
TargetedAddress = ReadMemData;
if(CompareMemory->DataByte[1] == 0x60)
{
TargetedAddress = TargetedAddress + (ULONG_PTR)GetContextData(UE_EAX);
}
else if(CompareMemory->DataByte[1] == 0x61)
{
TargetedAddress = TargetedAddress + (ULONG_PTR)GetContextData(UE_ECX);
}
else if(CompareMemory->DataByte[1] == 0x62)
{
TargetedAddress = TargetedAddress + (ULONG_PTR)GetContextData(UE_EDX);
}
else if(CompareMemory->DataByte[1] == 0x63)
{
TargetedAddress = TargetedAddress + (ULONG_PTR)GetContextData(UE_EBX);
}
else if(CompareMemory->DataByte[1] == 0x65)
{
TargetedAddress = TargetedAddress + (ULONG_PTR)GetContextData(UE_EBP);
}
else if(CompareMemory->DataByte[1] == 0x66)
{
TargetedAddress = TargetedAddress + (ULONG_PTR)GetContextData(UE_ESI);
}
else if(CompareMemory->DataByte[1] == 0x67)
{
TargetedAddress = TargetedAddress + (ULONG_PTR)GetContextData(UE_EDI);
}
RtlMoveMemory(&TargetedAddress, (LPVOID)((ULONG_PTR)TargetedAddress), 4);
}
return((ULONG_PTR)TargetedAddress);
}
return(NULL);
}
__declspec(dllexport) long long TITCALL GetJumpDestination(HANDLE hProcess, ULONG_PTR InstructionAddress)
{
return((ULONG_PTR)GetJumpDestinationEx(hProcess, InstructionAddress, false));
}
__declspec(dllexport) bool TITCALL IsJumpGoingToExecuteEx(HANDLE hProcess, HANDLE hThread, ULONG_PTR InstructionAddress, ULONG_PTR RegFlags)
{
ULONG_PTR ThreadCIP = NULL;
DWORD ThreadEflags = NULL;
char* DisassembledString;
bool bCF = false;
bool bPF = false;
bool bAF = false;
bool bZF = false;
bool bSF = false;
bool bTF = false;
bool bIF = false;
bool bDF = false;
bool bOF = false;
if(hProcess != NULL && (hThread || RegFlags))
{
if(InstructionAddress == NULL)
{
ThreadCIP = (ULONG_PTR)GetContextDataEx(hThread, UE_CIP);
}
else
{
ThreadCIP = InstructionAddress;
}
if(RegFlags == NULL)
{
ThreadEflags = (DWORD)GetContextDataEx(hThread, UE_EFLAGS);
}
else
{
ThreadEflags = (DWORD)RegFlags;
}
DisassembledString = (char*)DisassembleEx(hProcess, (LPVOID)ThreadCIP, true);
if(DisassembledString != NULL)
{
if(ThreadEflags & (1 << 0))
{
bCF = true;
}
if(ThreadEflags & (1 << 2))
{
bPF = true;
}
if(ThreadEflags & (1 << 4))
{
bAF = true;
}
if(ThreadEflags & (1 << 6))
{
bZF = true;
}
if(ThreadEflags & (1 << 7))
{
bSF = true;
}
if(ThreadEflags & (1 << 8))
{
bTF = true;
}
if(ThreadEflags & (1 << 9))
{
bIF = true;
}
if(ThreadEflags & (1 << 10))
{
bDF = true;
}
if(ThreadEflags & (1 << 11))
{
bOF = true;
}
if(lstrcmpiA(DisassembledString, "RET") == NULL)
{
return (true);
}
else if(lstrcmpiA(DisassembledString, "RETF") == NULL)
{
return (true);
}
else if(lstrcmpiA(DisassembledString, "JMP") == NULL)
{
return(true);
}
else if(lstrcmpiA(DisassembledString, "JA") == NULL)
{
if(bCF == false && bZF == false)
{
return(true);
}
}
else if(lstrcmpiA(DisassembledString, "JAE") == NULL)
{
if(!bCF)
{
return(true);
}
}
else if(lstrcmpiA(DisassembledString, "JB") == NULL)
{
if(bCF)
{
return(true);
}
}
else if(lstrcmpiA(DisassembledString, "JBE") == NULL)
{
if(bCF == true || bZF == true)
{
return(true);
}
}
else if(lstrcmpiA(DisassembledString, "JC") == NULL)
{
if(bCF)
{
return(true);
}
}
else if(lstrcmpiA(DisassembledString, "JCXZ") == NULL)
{
if((WORD)GetContextDataEx(hThread, UE_ECX) == NULL)
{
return(true);
}
}
else if(lstrcmpiA(DisassembledString, "JECXZ") == NULL)
{
if((DWORD)GetContextDataEx(hThread, UE_ECX) == NULL)
{
return(true);
}
}
else if(lstrcmpiA(DisassembledString, "JRCXZ") == NULL)
{
if((ULONG_PTR)GetContextDataEx(hThread, UE_RCX) == NULL)
{
return(true);
}
}
else if(lstrcmpiA(DisassembledString, "JZ") == NULL)
{
if(bZF)
{
return(true);
}
}
else if(lstrcmpiA(DisassembledString, "JNZ") == NULL)
{
if(!bZF)
{
return(true);
}
}
else if(lstrcmpiA(DisassembledString, "JE") == NULL)
{
if(bZF)
{
return(true);
}
}
else if(lstrcmpiA(DisassembledString, "JNE") == NULL)
{
if(!bZF)
{
return(true);
}
}
else if(lstrcmpiA(DisassembledString, "JG") == NULL)
{
if(bZF == false && bSF == bOF)
{
return(true);
}
}
else if(lstrcmpiA(DisassembledString, "JGE") == NULL)
{
if(bSF == bOF)
{
return(true);
}
}
else if(lstrcmpiA(DisassembledString, "JL") == NULL)
{
if(bSF != bOF)
{
return(true);
}
}
else if(lstrcmpiA(DisassembledString, "JLE") == NULL)
{
if(bZF == true || bSF != bOF)
{
return(true);
}
}
else if(lstrcmpiA(DisassembledString, "JNA") == NULL)
{
if(bCF == true || bZF == true)
{
return(true);
}
}
else if(lstrcmpiA(DisassembledString, "JNAE") == NULL)
{
if(bCF)
{
return(true);
}
}
else if(lstrcmpiA(DisassembledString, "JNB") == NULL)
{
if(!bCF)
{
return(true);
}
}
else if(lstrcmpiA(DisassembledString, "JNBE") == NULL)
{
if(bCF == false && bZF == false)
{
return(true);
}
}
else if(lstrcmpiA(DisassembledString, "JNC") == NULL)
{
if(!bCF)
{
return(true);
}
}
else if(lstrcmpiA(DisassembledString, "JNG") == NULL)
{
if(bZF == true || bSF != bOF)
{
return(true);
}
}
else if(lstrcmpiA(DisassembledString, "JNGE") == NULL)
{
if(bSF != bOF)
{
return(true);
}
}
else if(lstrcmpiA(DisassembledString, "JNL") == NULL)
{
if(bSF == bOF)
{
return(true);
}
}
else if(lstrcmpiA(DisassembledString, "JNLE") == NULL)
{
if(bZF == false && bSF == bOF)
{
return(true);
}
}
else if(lstrcmpiA(DisassembledString, "JNO") == NULL)
{
if(!bOF)
{
return(true);
}
}
else if(lstrcmpiA(DisassembledString, "JNP") == NULL)
{
if(!bPF)
{
return(true);
}
}
else if(lstrcmpiA(DisassembledString, "JNS") == NULL)
{
if(!bSF)
{
return(true);
}
}
else if(lstrcmpiA(DisassembledString, "JO") == NULL)
{
if(bOF)
{
return(true);
}
}
else if(lstrcmpiA(DisassembledString, "JP") == NULL)
{
if(bPF)
{
return(true);
}
}
else if(lstrcmpiA(DisassembledString, "JPE") == NULL)
{
if(bPF)
{
return(true);
}
}
else if(lstrcmpiA(DisassembledString, "JPO") == NULL)
{
if(!bPF)
{
return(true);
}
}
else if(lstrcmpiA(DisassembledString, "JS") == NULL)
{
if(bSF)
{
return(true);
}
}
}
}
return(false);
}
__declspec(dllexport) bool TITCALL IsJumpGoingToExecute()
{
return(IsJumpGoingToExecuteEx(dbgProcessInformation.hProcess, dbgProcessInformation.hThread, NULL, NULL));
}

359
TitanEngine/TitanEngine.Debugger.Memory.cpp Normal file
View File

@ -0,0 +1,359 @@
#include "stdafx.h"
#include "definitions.h"
#include "Global.Debugger.h"
#include <stdlib.h>
__declspec(dllexport) bool TITCALL MatchPatternEx(HANDLE hProcess, void* MemoryToCheck, int SizeOfMemoryToCheck, void* PatternToMatch, int SizeOfPatternToMatch, PBYTE WildCard)
{
if(!MemoryToCheck || !PatternToMatch)
return false;
int i = NULL;
BYTE intWildCard = NULL;
LPVOID ueReadBuffer = NULL;
ULONG_PTR ueNumberOfBytesRead = NULL;
MEMORY_BASIC_INFORMATION memoryInformation = {};
PMEMORY_COMPARE_HANDLER memCmp = (PMEMORY_COMPARE_HANDLER)MemoryToCheck;
PMEMORY_COMPARE_HANDLER memPattern = (PMEMORY_COMPARE_HANDLER)PatternToMatch;
if(WildCard == NULL)
{
WildCard = &intWildCard;
}
if(SizeOfMemoryToCheck >= SizeOfPatternToMatch)
{
if(hProcess != GetCurrentProcess())
{
ueReadBuffer = VirtualAlloc(NULL, SizeOfMemoryToCheck, MEM_COMMIT, PAGE_READWRITE);
if(!ReadProcessMemory(hProcess, MemoryToCheck, ueReadBuffer, SizeOfMemoryToCheck, &ueNumberOfBytesRead))
{
if(ueNumberOfBytesRead == NULL)
{
if(VirtualQueryEx(hProcess, MemoryToCheck, &memoryInformation, sizeof memoryInformation) != NULL)
{
SizeOfMemoryToCheck = (int)((ULONG_PTR)memoryInformation.BaseAddress + memoryInformation.RegionSize - (ULONG_PTR)MemoryToCheck);
if(!ReadProcessMemory(hProcess, MemoryToCheck, ueReadBuffer, SizeOfMemoryToCheck, &ueNumberOfBytesRead))
{
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
return(NULL);
}
else
{
memCmp = (PMEMORY_COMPARE_HANDLER)ueReadBuffer;
}
}
else
{
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
return(NULL);
}
}
else
{
memCmp = (PMEMORY_COMPARE_HANDLER)ueReadBuffer;
}
}
else
{
memCmp = (PMEMORY_COMPARE_HANDLER)ueReadBuffer;
}
}
__try
{
while(SizeOfPatternToMatch > NULL)
{
if(memCmp->Array.bArrayEntry[i] != memPattern->Array.bArrayEntry[i] && memPattern->Array.bArrayEntry[i] != *WildCard)
{
return(false);
}
SizeOfPatternToMatch--;
i++;
}
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
return(true);
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
return(false);
}
}
else
{
return(false);
}
}
__declspec(dllexport) bool TITCALL MatchPattern(void* MemoryToCheck, int SizeOfMemoryToCheck, void* PatternToMatch, int SizeOfPatternToMatch, PBYTE WildCard)
{
if(dbgProcessInformation.hProcess != NULL)
{
return(MatchPatternEx(dbgProcessInformation.hProcess, MemoryToCheck, SizeOfMemoryToCheck, PatternToMatch, SizeOfPatternToMatch, WildCard));
}
else
{
return(MatchPatternEx(GetCurrentProcess(), MemoryToCheck, SizeOfMemoryToCheck, PatternToMatch, SizeOfPatternToMatch, WildCard));
}
}
__declspec(dllexport) long long TITCALL FindEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, LPBYTE WildCard)
{
int i = NULL;
int j = NULL;
ULONG_PTR Return = NULL;
LPVOID ueReadBuffer = NULL;
PUCHAR SearchBuffer = NULL;
PUCHAR CompareBuffer = NULL;
MEMORY_BASIC_INFORMATION memoryInformation = {};
ULONG_PTR ueNumberOfBytesRead = NULL;
LPVOID currentSearchPosition = NULL;
DWORD currentSizeOfSearch = NULL;
BYTE nWildCard = NULL;
if(WildCard == NULL)
{
WildCard = &nWildCard;
}
if(hProcess != NULL && MemoryStart != NULL && MemorySize != NULL)
{
if(hProcess != GetCurrentProcess())
{
ueReadBuffer = VirtualAlloc(NULL, MemorySize, MEM_COMMIT, PAGE_READWRITE);
if(!ReadProcessMemory(hProcess, MemoryStart, ueReadBuffer, MemorySize, &ueNumberOfBytesRead))
{
if(ueNumberOfBytesRead == NULL)
{
if(VirtualQueryEx(hProcess, MemoryStart, &memoryInformation, sizeof memoryInformation) != NULL)
{
MemorySize = (DWORD)((ULONG_PTR)memoryInformation.BaseAddress + memoryInformation.RegionSize - (ULONG_PTR)MemoryStart);
if(!ReadProcessMemory(hProcess, MemoryStart, ueReadBuffer, MemorySize, &ueNumberOfBytesRead))
{
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
return(NULL);
}
else
{
SearchBuffer = (PUCHAR)ueReadBuffer;
}
}
else
{
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
return(NULL);
}
}
else
{
SearchBuffer = (PUCHAR)ueReadBuffer;
}
}
else
{
SearchBuffer = (PUCHAR)ueReadBuffer;
}
}
else
{
SearchBuffer = (PUCHAR)MemoryStart;
}
__try
{
CompareBuffer = (PUCHAR)SearchPattern;
for(i = 0; i < (int)MemorySize && Return == NULL; i++)
{
for(j = 0; j < (int)PatternSize; j++)
{
if(CompareBuffer[j] != *(PUCHAR)WildCard && SearchBuffer[i + j] != CompareBuffer[j])
{
break;
}
}
if(j == (int)PatternSize)
{
Return = (ULONG_PTR)MemoryStart + i;
}
}
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
return(Return);
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
VirtualFree(ueReadBuffer, NULL, MEM_RELEASE);
return(NULL);
}
}
else
{
return(NULL);
}
}
extern "C" __declspec(dllexport) long long TITCALL Find(LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, LPBYTE WildCard)
{
if(dbgProcessInformation.hProcess != NULL)
{
return(FindEx(dbgProcessInformation.hProcess, MemoryStart, MemorySize, SearchPattern, PatternSize, WildCard));
}
else
{
return(FindEx(GetCurrentProcess(), MemoryStart, MemorySize, SearchPattern, PatternSize, WildCard));
}
}
__declspec(dllexport) bool TITCALL FillEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, PBYTE FillByte)
{
unsigned int i;
MEMORY_BASIC_INFORMATION MemInfo;
ULONG_PTR ueNumberOfBytesRead;
BYTE defFillByte = 0x90;
DWORD OldProtect;
if(hProcess != NULL)
{
if(FillByte == NULL)
{
FillByte = &defFillByte;
}
VirtualQueryEx(hProcess, MemoryStart, &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
OldProtect = MemInfo.Protect;
VirtualProtectEx(hProcess, MemoryStart, MemorySize, PAGE_EXECUTE_READWRITE, &OldProtect);
for(i = 0; i < MemorySize; i++)
{
WriteProcessMemory(hProcess, MemoryStart, FillByte, 1, &ueNumberOfBytesRead);
MemoryStart = (LPVOID)((ULONG_PTR)MemoryStart + 1);
}
VirtualProtectEx(hProcess, MemoryStart, MemorySize, OldProtect, &OldProtect);
return(true);
}
return(false);
}
__declspec(dllexport) bool TITCALL Fill(LPVOID MemoryStart, DWORD MemorySize, PBYTE FillByte)
{
if(dbgProcessInformation.hProcess != NULL)
{
return(FillEx(dbgProcessInformation.hProcess, MemoryStart, MemorySize, FillByte));
}
else
{
return(FillEx(GetCurrentProcess(), MemoryStart, MemorySize, FillByte));
}
}
__declspec(dllexport) bool TITCALL PatchEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, LPVOID ReplacePattern, DWORD ReplaceSize, bool AppendNOP, bool PrependNOP)
{
unsigned int i,recalcSize;
LPVOID lpMemoryStart = MemoryStart;
MEMORY_BASIC_INFORMATION MemInfo;
ULONG_PTR ueNumberOfBytesRead;
BYTE FillByte = 0x90;
DWORD OldProtect;
if(hProcess != NULL)
{
VirtualQueryEx(hProcess, MemoryStart, &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
OldProtect = MemInfo.Protect;
VirtualProtectEx(hProcess, MemoryStart, MemorySize, PAGE_EXECUTE_READWRITE, &OldProtect);
if(MemorySize - ReplaceSize != NULL)
{
recalcSize = abs((long)(MemorySize - ReplaceSize));
if(AppendNOP)
{
WriteProcessMemory(hProcess, MemoryStart, ReplacePattern, ReplaceSize, &ueNumberOfBytesRead);
lpMemoryStart = (LPVOID)((ULONG_PTR)MemoryStart + ReplaceSize);
for(i = 0; i < recalcSize; i++)
{
WriteProcessMemory(hProcess, lpMemoryStart, &FillByte, 1, &ueNumberOfBytesRead);
lpMemoryStart = (LPVOID)((ULONG_PTR)lpMemoryStart + 1);
}
}
else if(PrependNOP)
{
lpMemoryStart = MemoryStart;
for(i = 0; i < recalcSize; i++)
{
WriteProcessMemory(hProcess, lpMemoryStart, &FillByte, 1, &ueNumberOfBytesRead);
lpMemoryStart = (LPVOID)((ULONG_PTR)lpMemoryStart + 1);
}
WriteProcessMemory(hProcess, lpMemoryStart, ReplacePattern, ReplaceSize, &ueNumberOfBytesRead);
}
else
{
WriteProcessMemory(hProcess, MemoryStart, ReplacePattern, ReplaceSize, &ueNumberOfBytesRead);
}
}
else
{
WriteProcessMemory(hProcess, MemoryStart, ReplacePattern, ReplaceSize, &ueNumberOfBytesRead);
}
VirtualProtectEx(hProcess, MemoryStart, MemorySize, OldProtect, &OldProtect);
return(true);
}
return(false);
}
__declspec(dllexport) bool TITCALL Patch(LPVOID MemoryStart, DWORD MemorySize, LPVOID ReplacePattern, DWORD ReplaceSize, bool AppendNOP, bool PrependNOP)
{
if(dbgProcessInformation.hProcess != NULL)
{
return(PatchEx(dbgProcessInformation.hProcess, MemoryStart, MemorySize, ReplacePattern, ReplaceSize, AppendNOP, PrependNOP));
}
else
{
return(PatchEx(GetCurrentProcess(), MemoryStart, MemorySize, ReplacePattern, ReplaceSize, AppendNOP, PrependNOP));
}
}
__declspec(dllexport) bool TITCALL ReplaceEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, DWORD NumberOfRepetitions, LPVOID ReplacePattern, DWORD ReplaceSize, PBYTE WildCard)
{
unsigned int i;
ULONG_PTR ueNumberOfBytesRead;
ULONG_PTR CurrentFoundPattern;
LPVOID cMemoryStart = MemoryStart;
DWORD cMemorySize = MemorySize;
LPVOID lpReadMemory = VirtualAlloc(NULL, PatternSize, MEM_COMMIT, PAGE_READWRITE);
CurrentFoundPattern = (ULONG_PTR)FindEx(hProcess, cMemoryStart, cMemorySize, SearchPattern, PatternSize, WildCard);
NumberOfRepetitions--;
while(CurrentFoundPattern != NULL && NumberOfRepetitions != NULL)
{
if(ReadProcessMemory(hProcess, (LPVOID)CurrentFoundPattern, lpReadMemory, PatternSize, &ueNumberOfBytesRead))
{
for(i = 0; i < ReplaceSize; i++)
{
if(memcmp((LPVOID)((ULONG_PTR)ReplacePattern + i), WildCard, 1) != NULL)
{
RtlMoveMemory((LPVOID)((ULONG_PTR)lpReadMemory + i), (LPVOID)((ULONG_PTR)ReplacePattern + i), 1);
}
}
PatchEx(hProcess, (LPVOID)CurrentFoundPattern, PatternSize, lpReadMemory, ReplaceSize, true, false);
}
cMemoryStart = (LPVOID)(CurrentFoundPattern + PatternSize);
cMemorySize = (DWORD)((ULONG_PTR)MemoryStart + MemorySize - CurrentFoundPattern);
CurrentFoundPattern = (ULONG_PTR)FindEx(hProcess, cMemoryStart, cMemorySize, SearchPattern, PatternSize, WildCard);
NumberOfRepetitions--;
}
VirtualFree(lpReadMemory, NULL, MEM_RELEASE);
if(NumberOfRepetitions != NULL)
{
return(false);
}
else
{
return(true);
}
}
__declspec(dllexport) bool TITCALL Replace(LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, DWORD NumberOfRepetitions, LPVOID ReplacePattern, DWORD ReplaceSize, PBYTE WildCard)
{
if(dbgProcessInformation.hProcess != NULL)
{
return(ReplaceEx(dbgProcessInformation.hProcess, MemoryStart, MemorySize, SearchPattern, PatternSize, NumberOfRepetitions, ReplacePattern, ReplaceSize, WildCard));
}
else
{
return(ReplaceEx(GetCurrentProcess(), MemoryStart, MemorySize, SearchPattern, PatternSize, NumberOfRepetitions, ReplacePattern, ReplaceSize, WildCard));
}
}

24
TitanEngine/TitanEngine.Debugger.cpp
View File

@ -59,8 +59,8 @@ __declspec(dllexport) void* TITCALL InitDebugW(wchar_t* szFileName, wchar_t* szC
{ {
if(CreateProcessW(szFileName, NULL, NULL, NULL, false, DEBUG_PROCESS|DEBUG_ONLY_THIS_PROCESS|DebugConsoleFlag|CREATE_NEW_CONSOLE, NULL, szCurrentFolder, &dbgStartupInfo, &dbgProcessInformation)) if(CreateProcessW(szFileName, NULL, NULL, NULL, false, DEBUG_PROCESS|DEBUG_ONLY_THIS_PROCESS|DebugConsoleFlag|CREATE_NEW_CONSOLE, NULL, szCurrentFolder, &dbgStartupInfo, &dbgProcessInformation))
{ {
engineAttachedToProcess = false; DebugAttachedToProcess = false;
engineAttachedProcessCallBack = NULL; DebugAttachedProcessCallBack = NULL;
RtlZeroMemory(&BreakPointBuffer, sizeof BreakPointBuffer); RtlZeroMemory(&BreakPointBuffer, sizeof BreakPointBuffer);
return(&dbgProcessInformation); return(&dbgProcessInformation);
} }
@ -75,8 +75,8 @@ __declspec(dllexport) void* TITCALL InitDebugW(wchar_t* szFileName, wchar_t* szC
wsprintfW(szCreateWithCmdLine, L"\"%s\" %s", szFileName, szCommandLine); wsprintfW(szCreateWithCmdLine, L"\"%s\" %s", szFileName, szCommandLine);
if(CreateProcessW(NULL, szCreateWithCmdLine, NULL, NULL, false, DEBUG_PROCESS|DEBUG_ONLY_THIS_PROCESS|DebugConsoleFlag|CREATE_NEW_CONSOLE, NULL, szCurrentFolder, &dbgStartupInfo, &dbgProcessInformation)) if(CreateProcessW(NULL, szCreateWithCmdLine, NULL, NULL, false, DEBUG_PROCESS|DEBUG_ONLY_THIS_PROCESS|DebugConsoleFlag|CREATE_NEW_CONSOLE, NULL, szCurrentFolder, &dbgStartupInfo, &dbgProcessInformation))
{ {
engineAttachedToProcess = false; DebugAttachedToProcess = false;
engineAttachedProcessCallBack = NULL; DebugAttachedProcessCallBack = NULL;
RtlZeroMemory(&BreakPointBuffer, sizeof BreakPointBuffer); RtlZeroMemory(&BreakPointBuffer, sizeof BreakPointBuffer);
return(&dbgProcessInformation); return(&dbgProcessInformation);
} }
@ -137,7 +137,7 @@ __declspec(dllexport) void* TITCALL InitDLLDebugW(wchar_t* szFileName, bool Rese
int i = NULL; int i = NULL;
int j = NULL; int j = NULL;
bool ReturnData = false; bool ReturnData = false;
engineReserveModuleBase = NULL; DebugReserveModuleBase = NULL;
RtlZeroMemory(&szDebuggerName, sizeof szDebuggerName); RtlZeroMemory(&szDebuggerName, sizeof szDebuggerName);
if(lstrlenW(szFileName) < 512) if(lstrlenW(szFileName) < 512)
@ -187,7 +187,7 @@ __declspec(dllexport) void* TITCALL InitDLLDebugW(wchar_t* szFileName, bool Rese
#endif #endif
if(ReturnData) if(ReturnData)
{ {
engineDebuggingDLL = true; DebugDebuggingDLL = true;
i = lstrlenW(szFileName); i = lstrlenW(szFileName);
while(szFileName[i] != 0x5C && i >= NULL) while(szFileName[i] != 0x5C && i >= NULL)
{ {
@ -198,13 +198,13 @@ __declspec(dllexport) void* TITCALL InitDLLDebugW(wchar_t* szFileName, bool Rese
{ {
j--; j--;
}*/ }*/
engineDebuggingDLLBase = NULL; DebugDebuggingDLLBase = NULL;
engineDebuggingMainModuleBase = NULL; DebugDebuggingMainModuleBase = NULL;
engineDebuggingDLLFullFileName = szFileName; DebugDebuggingDLLFullFileName = szFileName;
engineDebuggingDLLFileName = &szFileName[i+1]; DebugDebuggingDLLFileName = &szFileName[i+1];
//engineDebuggingDLLReserveFileName = &szReserveModuleName[j+1]; //DebugDebuggingDLLReserveFileName = &szReserveModuleName[j+1];
DebugModuleImageBase = (ULONG_PTR)GetPE32DataW(szFileName, NULL, UE_IMAGEBASE); DebugModuleImageBase = (ULONG_PTR)GetPE32DataW(szFileName, NULL, UE_IMAGEBASE);
engineReserveModuleBase = DebugModuleImageBase; DebugReserveModuleBase = DebugModuleImageBase;
DebugModuleEntryPoint = (ULONG_PTR)GetPE32DataW(szFileName, NULL, UE_OEP); DebugModuleEntryPoint = (ULONG_PTR)GetPE32DataW(szFileName, NULL, UE_OEP);
DebugModuleEntryPointCallBack = EntryCallBack; DebugModuleEntryPointCallBack = EntryCallBack;
/*if(ReserveModuleBase) /*if(ReserveModuleBase)

4280
TitanEngine/TitanEngine.cpp
View File

File diff suppressed because it is too large Load Diff

11
TitanEngine/TitanEngine.vcxproj
View File

@ -222,9 +222,11 @@
<ClCompile Include="Global.Engine.Hash.cpp" /> <ClCompile Include="Global.Engine.Hash.cpp" />
<ClCompile Include="Global.Engine.Hider.cpp" /> <ClCompile Include="Global.Engine.Hider.cpp" />
<ClCompile Include="Global.Handle.cpp" /> <ClCompile Include="Global.Handle.cpp" />
<ClCompile Include="Global.Librarian.cpp" />
<ClCompile Include="Global.Mapping.cpp" /> <ClCompile Include="Global.Mapping.cpp" />
<ClCompile Include="Global.Realigner.cpp" /> <ClCompile Include="Global.Realigner.cpp" />
<ClCompile Include="Global.Threader.cpp" /> <ClCompile Include="Global.Threader.cpp" />
<ClCompile Include="Global.TLS.cpp" />
<ClCompile Include="stdafx.cpp"> <ClCompile Include="stdafx.cpp">
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader> <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Create</PrecompiledHeader> <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Create</PrecompiledHeader>
@ -234,7 +236,11 @@
<ClCompile Include="TitanEngine.Breakpoints.cpp" /> <ClCompile Include="TitanEngine.Breakpoints.cpp" />
<ClCompile Include="TitanEngine.cpp" /> <ClCompile Include="TitanEngine.cpp" />
<ClCompile Include="LzmaDec.cpp" /> <ClCompile Include="LzmaDec.cpp" />
<ClCompile Include="TitanEngine.Debugger.Context.cpp" />
<ClCompile Include="TitanEngine.Debugger.cpp" /> <ClCompile Include="TitanEngine.Debugger.cpp" />
<ClCompile Include="TitanEngine.Debugger.Data.cpp" />
<ClCompile Include="TitanEngine.Debugger.Helper.cpp" />
<ClCompile Include="TitanEngine.Debugger.Memory.cpp" />
<ClCompile Include="TitanEngine.Disassembler.cpp" /> <ClCompile Include="TitanEngine.Disassembler.cpp" />
<ClCompile Include="TitanEngine.Dumper.cpp" /> <ClCompile Include="TitanEngine.Dumper.cpp" />
<ClCompile Include="TitanEngine.Hider.cpp" /> <ClCompile Include="TitanEngine.Hider.cpp" />
@ -256,9 +262,11 @@
<ClInclude Include="Global.Engine.h" /> <ClInclude Include="Global.Engine.h" />
<ClInclude Include="Global.Engine.Hider.h" /> <ClInclude Include="Global.Engine.Hider.h" />
<ClInclude Include="Global.Handle.h" /> <ClInclude Include="Global.Handle.h" />
<ClInclude Include="Global.Librarian.h" />
<ClInclude Include="Global.Mapping.h" /> <ClInclude Include="Global.Mapping.h" />
<ClInclude Include="Global.Realigner.h" /> <ClInclude Include="Global.Realigner.h" />
<ClInclude Include="Global.Threader.h" /> <ClInclude Include="Global.Threader.h" />
<ClInclude Include="Global.TLS.h" />
<ClInclude Include="LzmaDec.h" /> <ClInclude Include="LzmaDec.h" />
<ClInclude Include="LzmaTypes.h" /> <ClInclude Include="LzmaTypes.h" />
<ClInclude Include="resource.h" /> <ClInclude Include="resource.h" />
@ -286,6 +294,9 @@
<ClCompile Include="TitanEngine.PE.Overlay.cpp"> <ClCompile Include="TitanEngine.PE.Overlay.cpp">
<FileType>Document</FileType> <FileType>Document</FileType>
</ClCompile> </ClCompile>
<ClCompile Include="TitanEngine.Debugger.DebugLoop.cpp">
<FileType>Document</FileType>
</ClCompile>
</ItemGroup> </ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" /> <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets"> <ImportGroup Label="ExtensionTargets">

27
TitanEngine/TitanEngine.vcxproj.filters
View File

@ -114,6 +114,27 @@
<ClCompile Include="Global.Breakpoints.cpp"> <ClCompile Include="Global.Breakpoints.cpp">
<Filter>Source Files\TitanEngine</Filter> <Filter>Source Files\TitanEngine</Filter>
</ClCompile> </ClCompile>
<ClCompile Include="TitanEngine.Debugger.Context.cpp">
<Filter>Source Files\TitanEngine</Filter>
</ClCompile>
<ClCompile Include="TitanEngine.Debugger.Memory.cpp">
<Filter>Source Files\TitanEngine</Filter>
</ClCompile>
<ClCompile Include="TitanEngine.Debugger.Helper.cpp">
<Filter>Source Files\TitanEngine</Filter>
</ClCompile>
<ClCompile Include="TitanEngine.Debugger.Data.cpp">
<Filter>Source Files\TitanEngine</Filter>
</ClCompile>
<ClCompile Include="TitanEngine.Debugger.DebugLoop.cpp">
<Filter>Source Files\TitanEngine</Filter>
</ClCompile>
<ClCompile Include="Global.Librarian.cpp">
<Filter>Source Files\TitanEngine</Filter>
</ClCompile>
<ClCompile Include="Global.TLS.cpp">
<Filter>Source Files\TitanEngine</Filter>
</ClCompile>
</ItemGroup> </ItemGroup>
<ItemGroup> <ItemGroup>
<ClInclude Include="resource.h"> <ClInclude Include="resource.h">
@ -170,6 +191,12 @@
<ClInclude Include="Global.Breakpoints.h"> <ClInclude Include="Global.Breakpoints.h">
<Filter>Header Files\TitanEngine</Filter> <Filter>Header Files\TitanEngine</Filter>
</ClInclude> </ClInclude>
<ClInclude Include="Global.Librarian.h">
<Filter>Header Files\TitanEngine</Filter>
</ClInclude>
<ClInclude Include="Global.TLS.h">
<Filter>Header Files\TitanEngine</Filter>
</ClInclude>
</ItemGroup> </ItemGroup>
<ItemGroup> <ItemGroup>
<ResourceCompile Include="TitanEngine.rc"> <ResourceCompile Include="TitanEngine.rc">