x64dbg
/
TitanEngine
mirror of https://github.com/x64dbg/TitanEngine
1
0
Fork 0
Code Releases Activity

bug fixes, unicode fixes

This commit is contained in:
NtQuery 2014-03-11 22:45:06 +01:00
parent 3675215bf3
commit b476b0cc5b
5 changed files with 104 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

99
TitanEngine/Global.Engine.cpp
View File

@ -607,52 +607,69 @@ bool EngineIsDependencyPresentW(wchar_t* szFileName, wchar_t* szDependencyForFil
}
bool EngineGetDependencyLocation(char* szFileName, char* szDependencyForFile, void* szLocationOfTheFile, int MaxStringSize)
{
wchar_t uniFileName[MAX_PATH] = {0};
wchar_t uniDependencyForFile[MAX_PATH] = {0};
wchar_t * uniLocationOfTheFile = (WCHAR *)malloc(sizeof(WCHAR) * MaxStringSize);
MultiByteToWideChar(CP_ACP, NULL, szFileName, -1, uniFileName, _countof(uniFileName));
MultiByteToWideChar(CP_ACP, NULL, szDependencyForFile, -1, uniDependencyForFile, _countof(uniDependencyForFile));
if (EngineGetDependencyLocationW(uniFileName, uniDependencyForFile, uniLocationOfTheFile, MaxStringSize))
{
bool retVal = (WideCharToMultiByte(CP_ACP, NULL, uniLocationOfTheFile, -1, (char *)szLocationOfTheFile, MaxStringSize, NULL, NULL) != 0);
free(uniLocationOfTheFile);
return retVal;
}
return false;
}
bool EngineGetDependencyLocationW(wchar_t* szFileName, wchar_t* szDependencyForFile, void* szLocationOfTheFile, int MaxStringSize)
{
int i,j;
HANDLE hFile;
char szTryFileName[512] = {0};
wchar_t szTryFileName[512] = {0};
if(szFileName != NULL)
{
hFile = CreateFileA(szFileName, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
RtlZeroMemory(szLocationOfTheFile, MaxStringSize * sizeof(WCHAR));
hFile = CreateFileW(szFileName, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
if(hFile != INVALID_HANDLE_VALUE)
{
RtlZeroMemory(szLocationOfTheFile, MaxStringSize);
if(lstrlenA(szFileName) <= MaxStringSize)
if((int)wcslen(szFileName) <= MaxStringSize)
{
RtlCopyMemory(szLocationOfTheFile, szFileName, lstrlenA(szFileName));
RtlCopyMemory(szLocationOfTheFile, szFileName, wcslen(szFileName) * sizeof(WCHAR));
}
EngineCloseHandle(hFile);
return true;
}
if(GetSystemDirectoryA(szTryFileName, 512) > NULL)
if(GetSystemDirectoryW(szTryFileName, _countof(szTryFileName)) > NULL)
{
lstrcatA(szTryFileName, "\\");
lstrcatA(szTryFileName, szFileName);
hFile = CreateFileA(szTryFileName, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
wcscat(szTryFileName, L"\\");
wcscat(szTryFileName, szFileName);
hFile = CreateFileW(szTryFileName, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
if(hFile != INVALID_HANDLE_VALUE)
{
RtlZeroMemory(szLocationOfTheFile, MaxStringSize);
if(lstrlenA(szTryFileName) <= MaxStringSize)
if((int)wcslen(szTryFileName) <= MaxStringSize)
{
RtlCopyMemory(szLocationOfTheFile, &szTryFileName, lstrlenA(szTryFileName));
RtlCopyMemory(szLocationOfTheFile, &szTryFileName, wcslen(szTryFileName) * sizeof(WCHAR));
}
EngineCloseHandle(hFile);
return true;
}
}
if(GetWindowsDirectoryA(szTryFileName, 512) > NULL)
if(GetWindowsDirectoryW(szTryFileName, _countof(szTryFileName)) > NULL)
{
lstrcatA(szTryFileName, "\\");
lstrcatA(szTryFileName, szFileName);
hFile = CreateFileA(szTryFileName, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
wcscat(szTryFileName, L"\\");
wcscat(szTryFileName, szFileName);
hFile = CreateFileW(szTryFileName, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
if(hFile != INVALID_HANDLE_VALUE)
{
RtlZeroMemory(szLocationOfTheFile, MaxStringSize);
if(lstrlenA(szTryFileName) <= MaxStringSize)
if((int)wcslen(szTryFileName) <= MaxStringSize)
{
RtlCopyMemory(szLocationOfTheFile, &szTryFileName, lstrlenA(szTryFileName));
RtlCopyMemory(szLocationOfTheFile, &szTryFileName, wcslen(szTryFileName) * sizeof(WCHAR));
}
EngineCloseHandle(hFile);
return true;
@ -660,9 +677,9 @@ bool EngineGetDependencyLocation(char* szFileName, char* szDependencyForFile, vo
}
if(szDependencyForFile != NULL)
{
RtlZeroMemory(&szTryFileName, 512);
i = lstrlenA(szDependencyForFile);
while(i > 0 && szDependencyForFile[i] != 0x5C)
RtlZeroMemory(szTryFileName, sizeof(szTryFileName));
i = wcslen(szDependencyForFile);
while(i > 0 && szDependencyForFile[i] != L'\\')
{
i--;
}
@ -670,14 +687,13 @@ bool EngineGetDependencyLocation(char* szFileName, char* szDependencyForFile, vo
{
szTryFileName[j] = szDependencyForFile[j];
}
lstrcatA(szTryFileName, szFileName);
hFile = CreateFileA(szTryFileName, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
wcscat(szTryFileName, szFileName);
hFile = CreateFileW(szTryFileName, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
if(hFile != INVALID_HANDLE_VALUE)
{
RtlZeroMemory(szLocationOfTheFile, MaxStringSize);
if(lstrlenA(szTryFileName) <= MaxStringSize)
if((int)wcslen(szTryFileName) <= MaxStringSize)
{
RtlCopyMemory(szLocationOfTheFile, &szTryFileName, lstrlenA(szTryFileName));
RtlCopyMemory(szLocationOfTheFile, &szTryFileName, wcslen(szTryFileName) * sizeof(WCHAR));
}
EngineCloseHandle(hFile);
return true;
@ -947,7 +963,19 @@ long long EngineSimulateNtLoader(char* szFileName)
long long EngineSimulateDllLoader(HANDLE hProcess, char* szFileName)
{
WCHAR uniFileName[MAX_PATH] = {0};
if (hProcess && szFileName)
{
MultiByteToWideChar(CP_ACP, NULL, szFileName, -1, uniFileName, _countof(uniFileName));
return EngineSimulateDllLoaderW(hProcess, uniFileName);
}
return 0;
}
long long EngineSimulateDllLoaderW(HANDLE hProcess, wchar_t* szFileName)
{
int n;
BOOL FileIs64;
DWORD FileSize;
@ -963,18 +991,19 @@ long long EngineSimulateDllLoader(HANDLE hProcess, char* szFileName)
PIMAGE_EXPORT_DIRECTORY PEExports;
PEXPORTED_DATA ExportedFunctionNames;
ULONG_PTR ConvertedExport = NULL;
char szFileRemoteProc[1024]= {0};
char szDLLFileLocation[512]= {0};
char* szTranslatedProcName=0;
WCHAR szFileRemoteProc[1024]= {0};
WCHAR szDLLFileLocation[512]= {0};
WCHAR* szTranslatedProcName=0;
GetProcessImageFileNameA(hProcess, szFileRemoteProc, sizeof(szFileRemoteProc));
szTranslatedProcName = (char*)TranslateNativeName(szFileRemoteProc);
if(EngineIsDependencyPresent(szFileName, NULL, NULL))
GetProcessImageFileNameW(hProcess, szFileRemoteProc, _countof(szFileRemoteProc));
szTranslatedProcName = (WCHAR*)TranslateNativeNameW(szFileRemoteProc);
if(EngineIsDependencyPresentW(szFileName, NULL, NULL))
{
if(EngineGetDependencyLocation(szFileName, szTranslatedProcName, &szDLLFileLocation, sizeof(szDLLFileLocation)))
if(EngineGetDependencyLocationW(szFileName, szTranslatedProcName, &szDLLFileLocation, _countof(szDLLFileLocation)))
{
VirtualFree((void*)szTranslatedProcName, NULL, MEM_RELEASE);
if(MapFileEx(szDLLFileLocation, UE_ACCESS_READ, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL))
if(MapFileExW(szDLLFileLocation, UE_ACCESS_READ, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL))
{
DOSHeader = (PIMAGE_DOS_HEADER)FileMapVA;
if(EngineValidateHeader(FileMapVA, FileHandle, NULL, DOSHeader, true))

2
TitanEngine/Global.Engine.h
View File

@ -38,6 +38,7 @@ bool EngineExtractResource(char* szResourceName, wchar_t* szExtractedFileName);
bool EngineIsDependencyPresent(char* szFileName, char* szDependencyForFile, char* szPresentInFolder);
bool EngineIsDependencyPresentW(wchar_t* szFileName, wchar_t* szDependencyForFile, wchar_t* szPresentInFolder);
bool EngineGetDependencyLocation(char* szFileName, char* szDependencyForFile, void* szLocationOfTheFile, int MaxStringSize);
bool EngineGetDependencyLocationW(wchar_t* szFileName, wchar_t* szDependencyForFile, void* szLocationOfTheFile, int MaxStringSize);
long EngineHashString(char* szStringToHash);
long EngineHashMemory(char* MemoryAddress, int MemorySize, DWORD InitialHashValue);
bool EngineIsValidReadPtrEx(LPVOID DataPointer, DWORD DataSize);
@ -46,6 +47,7 @@ bool EngineValidateHeader(ULONG_PTR FileMapVA, HANDLE hFileProc, LPVOID ImageBas
long long EngineSimulateNtLoaderW(wchar_t* szFileName);
long long EngineSimulateNtLoader(char* szFileName);
long long EngineSimulateDllLoader(HANDLE hProcess, char* szFileName);
long long EngineSimulateDllLoaderW(HANDLE hProcess, wchar_t* szFileName);
long long EngineGetProcAddress(ULONG_PTR ModuleBase, char* szAPIName);
bool EngineGetLibraryOrdinalData(ULONG_PTR ModuleBase, LPDWORD ptrOrdinalBase, LPDWORD ptrOrdinalCount);
long long EngineGlobalAPIHandler(HANDLE handleProcess, ULONG_PTR EnumedModulesBases, ULONG_PTR APIAddress, const char* szAPIName, DWORD ReturnType);

37
TitanEngine/TitanEngine.Process.cpp
View File

@ -7,12 +7,11 @@
// TitanEngine.Process.functions:
__declspec(dllexport) long TITCALL GetActiveProcessId(char* szImageName)
{
wchar_t uniImageName[MAX_PATH] = {};
wchar_t uniImageName[MAX_PATH] = {0};
if(szImageName != NULL)
{
MultiByteToWideChar(CP_ACP, NULL, szImageName, lstrlenA(szImageName)+1, uniImageName, sizeof(uniImageName)/(sizeof(uniImageName[0])));
MultiByteToWideChar(CP_ACP, NULL, szImageName, -1, uniImageName, _countof(uniImageName));
return(GetActiveProcessIdW(uniImageName));
}
else
@ -28,31 +27,41 @@ __declspec(dllexport) long TITCALL GetActiveProcessIdW(wchar_t* szImageName)
wchar_t* szTranslatedProcName;
DWORD bProcessId[1024] = {};
wchar_t szProcessPath[1024] = {};
DWORD pProcessIdCount = NULL;
DWORD cbNeeded = NULL;
HANDLE hProcess;
wchar_t * nameOnly = 0;
if(EnumProcesses(bProcessId, sizeof bProcessId, &pProcessIdCount))
if(EnumProcesses(bProcessId, sizeof(bProcessId), &cbNeeded))
{
for(i = 0; i < (int)pProcessIdCount; i++)
for(i = 0; i < (int)(cbNeeded / sizeof(DWORD)); i++)
{
if(bProcessId[i] != NULL)
{
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, false, bProcessId[i]);
if(hProcess != NULL)
{
if(GetProcessImageFileNameW(hProcess, szProcessPath, 1024) > NULL)
if(GetProcessImageFileNameW(hProcess, szProcessPath, _countof(szProcessPath)) > NULL)
{
szTranslatedProcName = (wchar_t*)TranslateNativeNameW(szProcessPath);
lstrcpyW(szProcessPath, szTranslatedProcName);
VirtualFree((void*)szTranslatedProcName, NULL, MEM_RELEASE);
EngineCloseHandle(hProcess);
if(lstrcmpiW(szProcessPath, szImageName) == NULL)
if(_wcsicmp(szProcessPath, szImageName) == 0)
{
return(bProcessId[i]);
}
else if(lstrcmpiW(EngineExtractFileNameW(szProcessPath), szImageName) == NULL)
else
{
return(bProcessId[i]);
nameOnly = wcsrchr(szProcessPath, L'\\');
if (nameOnly)
{
nameOnly++;
if(_wcsicmp(nameOnly, szImageName) == 0)
{
return(bProcessId[i]);
}
}
}
}
else
@ -82,13 +91,13 @@ __declspec(dllexport) void TITCALL EnumProcessesWithLibrary(char* szLibraryName,
if(EnumFunction != NULL)
{
if(EnumProcesses(bProcessId, sizeof bProcessId, &pProcessIdCount))
if(EnumProcesses(bProcessId, sizeof(bProcessId), &pProcessIdCount))
{
for(i = 0; i < (int)pProcessIdCount; i++)
for(i = 0; i < (int)(pProcessIdCount / sizeof(DWORD)); i++)
{
if(bProcessId[i] != NULL)
{
hProcess = OpenProcess(PROCESS_VM_READ|PROCESS_QUERY_INFORMATION, false, bProcessId[i]);
hProcess = OpenProcess(PROCESS_VM_READ|PROCESS_QUERY_INFORMATION, 0, bProcessId[i]);
if(hProcess != NULL)
{
RtlZeroMemory(EnumeratedModules, sizeof(EnumeratedModules));
@ -98,7 +107,7 @@ __declspec(dllexport) void TITCALL EnumProcessesWithLibrary(char* szLibraryName,
{
if(EnumeratedModules[j] != NULL)
{
if(GetModuleBaseNameA(hProcess, EnumeratedModules[j], szModuleName, 1024) > NULL)
if(GetModuleBaseNameA(hProcess, EnumeratedModules[j], szModuleName, _countof(szModuleName)) > NULL)
{
if(lstrcmpiA(szModuleName, szLibraryName) == NULL)
{

34
TitanEngine/TitanEngine.Realigner.cpp
View File

@ -8,23 +8,17 @@
// TitanEngine.Realigner.functions:
__declspec(dllexport) bool TITCALL FixHeaderCheckSum(char* szFileName)
{
HANDLE FileHandle;
DWORD FileSize;
HANDLE FileMap;
ULONG_PTR FileMapVA;
if(MapFileEx(szFileName, UE_ACCESS_READ, &FileHandle, &FileSize, &FileMap, &FileMapVA, 0))
wchar_t uniFileName[MAX_PATH] = {0};
if(szFileName != NULL)
{
DWORD HeaderSum;
DWORD CheckSum;
if(CheckSumMappedFile((PVOID)FileMapVA, FileSize, &HeaderSum, &CheckSum) != NULL)
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return false;
}
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return SetPE32Data(szFileName, NULL, UE_CHECKSUM, (ULONG_PTR)CheckSum);
MultiByteToWideChar(CP_ACP, NULL, szFileName, -1, uniFileName, _countof(uniFileName));
return FixHeaderCheckSumW(uniFileName);
}
else
{
return 0;
}
return false;
}
__declspec(dllexport) bool TITCALL FixHeaderCheckSumW(wchar_t* szFileName)
@ -33,19 +27,19 @@ __declspec(dllexport) bool TITCALL FixHeaderCheckSumW(wchar_t* szFileName)
DWORD FileSize;
HANDLE FileMap;
ULONG_PTR FileMapVA;
bool retVal = false;
if(MapFileExW(szFileName, UE_ACCESS_READ, &FileHandle, &FileSize, &FileMap, &FileMapVA, 0))
{
DWORD HeaderSum;
DWORD CheckSum;
if(CheckSumMappedFile((PVOID)FileMapVA, FileSize, &HeaderSum, &CheckSum) != NULL)
if(CheckSumMappedFile((PVOID)FileMapVA, FileSize, &HeaderSum, &CheckSum))
{
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return false;
retVal = SetPE32DataW(szFileName, NULL, UE_CHECKSUM, (ULONG_PTR)CheckSum);
}
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return SetPE32DataW(szFileName, NULL, UE_CHECKSUM, (ULONG_PTR)CheckSum);
}
return false;
return retVal;
}
__declspec(dllexport) long TITCALL RealignPE(ULONG_PTR FileMapVA, DWORD FileSize, DWORD RealingMode)

1
TitanEngine/stdafx.h
View File

@ -4,6 +4,7 @@
//
#pragma once
#define _CRT_SECURE_NO_WARNINGS
#include "targetver.h"
// Build switches