x64dbg
/
TitanEngine
mirror of https://github.com/x64dbg/TitanEngine
1
0
Fork 0
Code Releases Activity

- merge conflicts

This commit is contained in:
Mr. eXoDia 2014-03-09 22:48:20 +01:00
parent 97e00e86a4
commit a8628215dc
1 changed files with 147 additions and 153 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
TitanEngine/TitanEngine.Dumper.cpp
View File

@ -41,7 +41,8 @@ __declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBas
LPVOID ueCopyBuffer = VirtualAlloc(NULL, 0x2000, MEM_COMMIT, PAGE_READWRITE);
if(ReadProcessMemory(hProcess, ImageBase, ueReadBuffer, 0x1000, &ueNumberOfBytesRead))
{//ReadProcessMemory
{
//ReadProcessMemory
DOSHeader = (PIMAGE_DOS_HEADER)ueReadBuffer;
PEHeader32 = (PIMAGE_NT_HEADERS32)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
@ -84,7 +85,8 @@ __declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBas
AlignedHeaderSize = 0x1000;
}
if(EngineValidateHeader((ULONG_PTR)ueReadBuffer, hProcess, ImageBase, DOSHeader, false))
{//EngineValidateHeader
{
//EngineValidateHeader
PEHeader32 = (PIMAGE_NT_HEADERS32)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
PEHeader64 = (PIMAGE_NT_HEADERS64)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
if(PEHeader32->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR32_MAGIC)
@ -102,7 +104,8 @@ __declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBas
return false;
}
if(!FileIs64)
{//PE32 Handler
{
//PE32 Handler
NumberOfSections = PEHeader32->FileHeader.NumberOfSections;
NumberOfSections++;
if(PEHeader32->OptionalHeader.SizeOfImage % PEHeader32->OptionalHeader.SectionAlignment == NULL)
@ -114,8 +117,7 @@ __declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBas
SizeOfImageDump = ((PEHeader32->OptionalHeader.SizeOfImage / PEHeader32->OptionalHeader.SectionAlignment) + 1) * PEHeader32->OptionalHeader.SectionAlignment;
}
SizeOfImageDump = SizeOfImageDump - (DWORD)AlignedHeaderSize;
if(EngineCreatePathForFileW(szDumpFileName))
{
EngineCreatePathForFileW(szDumpFileName);
hFile = CreateFileW(szDumpFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
if(hFile != INVALID_HANDLE_VALUE)
{
@ -182,10 +184,10 @@ __declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBas
}
}
}
}
}//PE32 Handler
else
{//PE64 Handler
{
//PE64 Handler
NumberOfSections = PEHeader64->FileHeader.NumberOfSections;
NumberOfSections++;
if(PEHeader64->OptionalHeader.SizeOfImage % PEHeader64->OptionalHeader.SectionAlignment == NULL)
@ -197,8 +199,7 @@ __declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBas
SizeOfImageDump = ((PEHeader64->OptionalHeader.SizeOfImage / PEHeader64->OptionalHeader.SectionAlignment) + 1) * PEHeader64->OptionalHeader.SectionAlignment;
}
SizeOfImageDump = SizeOfImageDump - (DWORD)AlignedHeaderSize;
if(EngineCreatePathForFileW(szDumpFileName))
{
EngineCreatePathForFileW(szDumpFileName);
hFile = CreateFileW(szDumpFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
if(hFile != INVALID_HANDLE_VALUE)
{
@ -265,7 +266,6 @@ __declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBas
}
}
}
}
}//PE64 Handler
}//EngineValidateHeader
}//ReadProcessMemory
@ -382,8 +382,7 @@ __declspec(dllexport) bool TITCALL DumpMemoryW(HANDLE hProcess, LPVOID MemorySta
ULONG_PTR ProcReadBase = (ULONG_PTR)ReadBase;
LPVOID ueCopyBuffer = VirtualAlloc(NULL, 0x2000, MEM_COMMIT, PAGE_READWRITE);
if(EngineCreatePathForFileW(szDumpFileName))
{
EngineCreatePathForFileW(szDumpFileName);
hFile = CreateFileW(szDumpFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
if(hFile != INVALID_HANDLE_VALUE)
{
@ -414,14 +413,9 @@ __declspec(dllexport) bool TITCALL DumpMemoryW(HANDLE hProcess, LPVOID MemorySta
VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE);
return true;
}
else
{
VirtualFree(ueCopyBuffer, NULL, MEM_RELEASE);
return false;
}
}
return true;
}
__declspec(dllexport) bool TITCALL DumpMemoryEx(DWORD ProcessId, LPVOID MemoryStart, ULONG_PTR MemorySize, char* szDumpFileName)
{