diff --git a/TitanEngine/Global.Engine.cpp b/TitanEngine/Global.Engine.cpp index 5b3b453..2d45b6c 100644 --- a/TitanEngine/Global.Engine.cpp +++ b/TitanEngine/Global.Engine.cpp @@ -607,52 +607,69 @@ bool EngineIsDependencyPresentW(wchar_t* szFileName, wchar_t* szDependencyForFil } bool EngineGetDependencyLocation(char* szFileName, char* szDependencyForFile, void* szLocationOfTheFile, int MaxStringSize) +{ + wchar_t uniFileName[MAX_PATH] = {0}; + wchar_t uniDependencyForFile[MAX_PATH] = {0}; + wchar_t * uniLocationOfTheFile = (WCHAR *)malloc(sizeof(WCHAR) * MaxStringSize); + + MultiByteToWideChar(CP_ACP, NULL, szFileName, -1, uniFileName, _countof(uniFileName)); + MultiByteToWideChar(CP_ACP, NULL, szDependencyForFile, -1, uniDependencyForFile, _countof(uniDependencyForFile)); + if (EngineGetDependencyLocationW(uniFileName, uniDependencyForFile, uniLocationOfTheFile, MaxStringSize)) + { + bool retVal = (WideCharToMultiByte(CP_ACP, NULL, uniLocationOfTheFile, -1, (char *)szLocationOfTheFile, MaxStringSize, NULL, NULL) != 0); + free(uniLocationOfTheFile); + return retVal; + } + + return false; +} + +bool EngineGetDependencyLocationW(wchar_t* szFileName, wchar_t* szDependencyForFile, void* szLocationOfTheFile, int MaxStringSize) { int i,j; HANDLE hFile; - char szTryFileName[512] = {0}; + wchar_t szTryFileName[512] = {0}; if(szFileName != NULL) { - hFile = CreateFileA(szFileName, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); + RtlZeroMemory(szLocationOfTheFile, MaxStringSize * sizeof(WCHAR)); + + hFile = CreateFileW(szFileName, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); if(hFile != INVALID_HANDLE_VALUE) { - RtlZeroMemory(szLocationOfTheFile, MaxStringSize); - if(lstrlenA(szFileName) <= MaxStringSize) + if((int)wcslen(szFileName) <= MaxStringSize) { - RtlCopyMemory(szLocationOfTheFile, szFileName, lstrlenA(szFileName)); + RtlCopyMemory(szLocationOfTheFile, szFileName, wcslen(szFileName) * sizeof(WCHAR)); } EngineCloseHandle(hFile); return true; } - if(GetSystemDirectoryA(szTryFileName, 512) > NULL) + if(GetSystemDirectoryW(szTryFileName, _countof(szTryFileName)) > NULL) { - lstrcatA(szTryFileName, "\\"); - lstrcatA(szTryFileName, szFileName); - hFile = CreateFileA(szTryFileName, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); + wcscat(szTryFileName, L"\\"); + wcscat(szTryFileName, szFileName); + hFile = CreateFileW(szTryFileName, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); if(hFile != INVALID_HANDLE_VALUE) { - RtlZeroMemory(szLocationOfTheFile, MaxStringSize); - if(lstrlenA(szTryFileName) <= MaxStringSize) + if((int)wcslen(szTryFileName) <= MaxStringSize) { - RtlCopyMemory(szLocationOfTheFile, &szTryFileName, lstrlenA(szTryFileName)); + RtlCopyMemory(szLocationOfTheFile, &szTryFileName, wcslen(szTryFileName) * sizeof(WCHAR)); } EngineCloseHandle(hFile); return true; } } - if(GetWindowsDirectoryA(szTryFileName, 512) > NULL) + if(GetWindowsDirectoryW(szTryFileName, _countof(szTryFileName)) > NULL) { - lstrcatA(szTryFileName, "\\"); - lstrcatA(szTryFileName, szFileName); - hFile = CreateFileA(szTryFileName, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); + wcscat(szTryFileName, L"\\"); + wcscat(szTryFileName, szFileName); + hFile = CreateFileW(szTryFileName, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); if(hFile != INVALID_HANDLE_VALUE) { - RtlZeroMemory(szLocationOfTheFile, MaxStringSize); - if(lstrlenA(szTryFileName) <= MaxStringSize) + if((int)wcslen(szTryFileName) <= MaxStringSize) { - RtlCopyMemory(szLocationOfTheFile, &szTryFileName, lstrlenA(szTryFileName)); + RtlCopyMemory(szLocationOfTheFile, &szTryFileName, wcslen(szTryFileName) * sizeof(WCHAR)); } EngineCloseHandle(hFile); return true; @@ -660,9 +677,9 @@ bool EngineGetDependencyLocation(char* szFileName, char* szDependencyForFile, vo } if(szDependencyForFile != NULL) { - RtlZeroMemory(&szTryFileName, 512); - i = lstrlenA(szDependencyForFile); - while(i > 0 && szDependencyForFile[i] != 0x5C) + RtlZeroMemory(szTryFileName, sizeof(szTryFileName)); + i = wcslen(szDependencyForFile); + while(i > 0 && szDependencyForFile[i] != L'\\') { i--; } @@ -670,14 +687,13 @@ bool EngineGetDependencyLocation(char* szFileName, char* szDependencyForFile, vo { szTryFileName[j] = szDependencyForFile[j]; } - lstrcatA(szTryFileName, szFileName); - hFile = CreateFileA(szTryFileName, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); + wcscat(szTryFileName, szFileName); + hFile = CreateFileW(szTryFileName, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); if(hFile != INVALID_HANDLE_VALUE) { - RtlZeroMemory(szLocationOfTheFile, MaxStringSize); - if(lstrlenA(szTryFileName) <= MaxStringSize) + if((int)wcslen(szTryFileName) <= MaxStringSize) { - RtlCopyMemory(szLocationOfTheFile, &szTryFileName, lstrlenA(szTryFileName)); + RtlCopyMemory(szLocationOfTheFile, &szTryFileName, wcslen(szTryFileName) * sizeof(WCHAR)); } EngineCloseHandle(hFile); return true; @@ -947,7 +963,19 @@ long long EngineSimulateNtLoader(char* szFileName) long long EngineSimulateDllLoader(HANDLE hProcess, char* szFileName) { + WCHAR uniFileName[MAX_PATH] = {0}; + if (hProcess && szFileName) + { + MultiByteToWideChar(CP_ACP, NULL, szFileName, -1, uniFileName, _countof(uniFileName)); + return EngineSimulateDllLoaderW(hProcess, uniFileName); + } + + return 0; +} + +long long EngineSimulateDllLoaderW(HANDLE hProcess, wchar_t* szFileName) +{ int n; BOOL FileIs64; DWORD FileSize; @@ -963,18 +991,19 @@ long long EngineSimulateDllLoader(HANDLE hProcess, char* szFileName) PIMAGE_EXPORT_DIRECTORY PEExports; PEXPORTED_DATA ExportedFunctionNames; ULONG_PTR ConvertedExport = NULL; - char szFileRemoteProc[1024]= {0}; - char szDLLFileLocation[512]= {0}; - char* szTranslatedProcName=0; + WCHAR szFileRemoteProc[1024]= {0}; + WCHAR szDLLFileLocation[512]= {0}; + WCHAR* szTranslatedProcName=0; - GetProcessImageFileNameA(hProcess, szFileRemoteProc, sizeof(szFileRemoteProc)); - szTranslatedProcName = (char*)TranslateNativeName(szFileRemoteProc); - if(EngineIsDependencyPresent(szFileName, NULL, NULL)) + GetProcessImageFileNameW(hProcess, szFileRemoteProc, _countof(szFileRemoteProc)); + + szTranslatedProcName = (WCHAR*)TranslateNativeNameW(szFileRemoteProc); + if(EngineIsDependencyPresentW(szFileName, NULL, NULL)) { - if(EngineGetDependencyLocation(szFileName, szTranslatedProcName, &szDLLFileLocation, sizeof(szDLLFileLocation))) + if(EngineGetDependencyLocationW(szFileName, szTranslatedProcName, &szDLLFileLocation, _countof(szDLLFileLocation))) { VirtualFree((void*)szTranslatedProcName, NULL, MEM_RELEASE); - if(MapFileEx(szDLLFileLocation, UE_ACCESS_READ, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL)) + if(MapFileExW(szDLLFileLocation, UE_ACCESS_READ, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL)) { DOSHeader = (PIMAGE_DOS_HEADER)FileMapVA; if(EngineValidateHeader(FileMapVA, FileHandle, NULL, DOSHeader, true)) diff --git a/TitanEngine/Global.Engine.h b/TitanEngine/Global.Engine.h index b265400..119a188 100644 --- a/TitanEngine/Global.Engine.h +++ b/TitanEngine/Global.Engine.h @@ -38,6 +38,7 @@ bool EngineExtractResource(char* szResourceName, wchar_t* szExtractedFileName); bool EngineIsDependencyPresent(char* szFileName, char* szDependencyForFile, char* szPresentInFolder); bool EngineIsDependencyPresentW(wchar_t* szFileName, wchar_t* szDependencyForFile, wchar_t* szPresentInFolder); bool EngineGetDependencyLocation(char* szFileName, char* szDependencyForFile, void* szLocationOfTheFile, int MaxStringSize); +bool EngineGetDependencyLocationW(wchar_t* szFileName, wchar_t* szDependencyForFile, void* szLocationOfTheFile, int MaxStringSize); long EngineHashString(char* szStringToHash); long EngineHashMemory(char* MemoryAddress, int MemorySize, DWORD InitialHashValue); bool EngineIsValidReadPtrEx(LPVOID DataPointer, DWORD DataSize); @@ -46,6 +47,7 @@ bool EngineValidateHeader(ULONG_PTR FileMapVA, HANDLE hFileProc, LPVOID ImageBas long long EngineSimulateNtLoaderW(wchar_t* szFileName); long long EngineSimulateNtLoader(char* szFileName); long long EngineSimulateDllLoader(HANDLE hProcess, char* szFileName); +long long EngineSimulateDllLoaderW(HANDLE hProcess, wchar_t* szFileName); long long EngineGetProcAddress(ULONG_PTR ModuleBase, char* szAPIName); bool EngineGetLibraryOrdinalData(ULONG_PTR ModuleBase, LPDWORD ptrOrdinalBase, LPDWORD ptrOrdinalCount); long long EngineGlobalAPIHandler(HANDLE handleProcess, ULONG_PTR EnumedModulesBases, ULONG_PTR APIAddress, const char* szAPIName, DWORD ReturnType); diff --git a/TitanEngine/TitanEngine.Process.cpp b/TitanEngine/TitanEngine.Process.cpp index a0f3269..e688077 100644 --- a/TitanEngine/TitanEngine.Process.cpp +++ b/TitanEngine/TitanEngine.Process.cpp @@ -7,12 +7,11 @@ // TitanEngine.Process.functions: __declspec(dllexport) long TITCALL GetActiveProcessId(char* szImageName) { - - wchar_t uniImageName[MAX_PATH] = {}; + wchar_t uniImageName[MAX_PATH] = {0}; if(szImageName != NULL) { - MultiByteToWideChar(CP_ACP, NULL, szImageName, lstrlenA(szImageName)+1, uniImageName, sizeof(uniImageName)/(sizeof(uniImageName[0]))); + MultiByteToWideChar(CP_ACP, NULL, szImageName, -1, uniImageName, _countof(uniImageName)); return(GetActiveProcessIdW(uniImageName)); } else @@ -28,31 +27,41 @@ __declspec(dllexport) long TITCALL GetActiveProcessIdW(wchar_t* szImageName) wchar_t* szTranslatedProcName; DWORD bProcessId[1024] = {}; wchar_t szProcessPath[1024] = {}; - DWORD pProcessIdCount = NULL; + DWORD cbNeeded = NULL; HANDLE hProcess; + wchar_t * nameOnly = 0; - if(EnumProcesses(bProcessId, sizeof bProcessId, &pProcessIdCount)) + if(EnumProcesses(bProcessId, sizeof(bProcessId), &cbNeeded)) { - for(i = 0; i < (int)pProcessIdCount; i++) + for(i = 0; i < (int)(cbNeeded / sizeof(DWORD)); i++) { if(bProcessId[i] != NULL) { hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, false, bProcessId[i]); if(hProcess != NULL) { - if(GetProcessImageFileNameW(hProcess, szProcessPath, 1024) > NULL) + if(GetProcessImageFileNameW(hProcess, szProcessPath, _countof(szProcessPath)) > NULL) { szTranslatedProcName = (wchar_t*)TranslateNativeNameW(szProcessPath); lstrcpyW(szProcessPath, szTranslatedProcName); VirtualFree((void*)szTranslatedProcName, NULL, MEM_RELEASE); EngineCloseHandle(hProcess); - if(lstrcmpiW(szProcessPath, szImageName) == NULL) + + if(_wcsicmp(szProcessPath, szImageName) == 0) { return(bProcessId[i]); } - else if(lstrcmpiW(EngineExtractFileNameW(szProcessPath), szImageName) == NULL) + else { - return(bProcessId[i]); + nameOnly = wcsrchr(szProcessPath, L'\\'); + if (nameOnly) + { + nameOnly++; + if(_wcsicmp(nameOnly, szImageName) == 0) + { + return(bProcessId[i]); + } + } } } else @@ -82,13 +91,13 @@ __declspec(dllexport) void TITCALL EnumProcessesWithLibrary(char* szLibraryName, if(EnumFunction != NULL) { - if(EnumProcesses(bProcessId, sizeof bProcessId, &pProcessIdCount)) + if(EnumProcesses(bProcessId, sizeof(bProcessId), &pProcessIdCount)) { - for(i = 0; i < (int)pProcessIdCount; i++) + for(i = 0; i < (int)(pProcessIdCount / sizeof(DWORD)); i++) { if(bProcessId[i] != NULL) { - hProcess = OpenProcess(PROCESS_VM_READ|PROCESS_QUERY_INFORMATION, false, bProcessId[i]); + hProcess = OpenProcess(PROCESS_VM_READ|PROCESS_QUERY_INFORMATION, 0, bProcessId[i]); if(hProcess != NULL) { RtlZeroMemory(EnumeratedModules, sizeof(EnumeratedModules)); @@ -98,7 +107,7 @@ __declspec(dllexport) void TITCALL EnumProcessesWithLibrary(char* szLibraryName, { if(EnumeratedModules[j] != NULL) { - if(GetModuleBaseNameA(hProcess, EnumeratedModules[j], szModuleName, 1024) > NULL) + if(GetModuleBaseNameA(hProcess, EnumeratedModules[j], szModuleName, _countof(szModuleName)) > NULL) { if(lstrcmpiA(szModuleName, szLibraryName) == NULL) { diff --git a/TitanEngine/TitanEngine.Realigner.cpp b/TitanEngine/TitanEngine.Realigner.cpp index e7c785e..50d02b7 100644 --- a/TitanEngine/TitanEngine.Realigner.cpp +++ b/TitanEngine/TitanEngine.Realigner.cpp @@ -8,23 +8,17 @@ // TitanEngine.Realigner.functions: __declspec(dllexport) bool TITCALL FixHeaderCheckSum(char* szFileName) { - HANDLE FileHandle; - DWORD FileSize; - HANDLE FileMap; - ULONG_PTR FileMapVA; - if(MapFileEx(szFileName, UE_ACCESS_READ, &FileHandle, &FileSize, &FileMap, &FileMapVA, 0)) + wchar_t uniFileName[MAX_PATH] = {0}; + + if(szFileName != NULL) { - DWORD HeaderSum; - DWORD CheckSum; - if(CheckSumMappedFile((PVOID)FileMapVA, FileSize, &HeaderSum, &CheckSum) != NULL) - { - UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA); - return false; - } - UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA); - return SetPE32Data(szFileName, NULL, UE_CHECKSUM, (ULONG_PTR)CheckSum); + MultiByteToWideChar(CP_ACP, NULL, szFileName, -1, uniFileName, _countof(uniFileName)); + return FixHeaderCheckSumW(uniFileName); + } + else + { + return 0; } - return false; } __declspec(dllexport) bool TITCALL FixHeaderCheckSumW(wchar_t* szFileName) @@ -33,19 +27,19 @@ __declspec(dllexport) bool TITCALL FixHeaderCheckSumW(wchar_t* szFileName) DWORD FileSize; HANDLE FileMap; ULONG_PTR FileMapVA; + bool retVal = false; + if(MapFileExW(szFileName, UE_ACCESS_READ, &FileHandle, &FileSize, &FileMap, &FileMapVA, 0)) { DWORD HeaderSum; DWORD CheckSum; - if(CheckSumMappedFile((PVOID)FileMapVA, FileSize, &HeaderSum, &CheckSum) != NULL) + if(CheckSumMappedFile((PVOID)FileMapVA, FileSize, &HeaderSum, &CheckSum)) { - UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA); - return false; + retVal = SetPE32DataW(szFileName, NULL, UE_CHECKSUM, (ULONG_PTR)CheckSum); } UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA); - return SetPE32DataW(szFileName, NULL, UE_CHECKSUM, (ULONG_PTR)CheckSum); } - return false; + return retVal; } __declspec(dllexport) long TITCALL RealignPE(ULONG_PTR FileMapVA, DWORD FileSize, DWORD RealingMode) diff --git a/TitanEngine/stdafx.h b/TitanEngine/stdafx.h index 40ec07b..cdd203a 100644 --- a/TitanEngine/stdafx.h +++ b/TitanEngine/stdafx.h @@ -4,6 +4,7 @@ // #pragma once +#define _CRT_SECURE_NO_WARNINGS #include "targetver.h" // Build switches