mirror of https://github.com/x64dbg/TitanEngine
- resolved issue #8
This commit is contained in:
parent
f0b9f919ee
commit
b5433a45b1
|
|
@ -824,7 +824,6 @@ bool EngineIsBadReadPtrEx(LPVOID DataPointer, DWORD DataSize)
|
||||||
|
|
||||||
bool EngineValidateResource(HMODULE hModule, LPCTSTR lpszType, LPTSTR lpszName, LONG_PTR lParam)
|
bool EngineValidateResource(HMODULE hModule, LPCTSTR lpszType, LPTSTR lpszName, LONG_PTR lParam)
|
||||||
{
|
{
|
||||||
|
|
||||||
HRSRC hResource;
|
HRSRC hResource;
|
||||||
HGLOBAL hResourceGlobal;
|
HGLOBAL hResourceGlobal;
|
||||||
DWORD ResourceSize;
|
DWORD ResourceSize;
|
||||||
|
|
@ -862,11 +861,10 @@ bool EngineValidateResource(HMODULE hModule, LPCTSTR lpszType, LPTSTR lpszName,
|
||||||
|
|
||||||
bool EngineValidateHeader(ULONG_PTR FileMapVA, HANDLE hFileProc, LPVOID ImageBase, PIMAGE_DOS_HEADER DOSHeader, bool IsFile)
|
bool EngineValidateHeader(ULONG_PTR FileMapVA, HANDLE hFileProc, LPVOID ImageBase, PIMAGE_DOS_HEADER DOSHeader, bool IsFile)
|
||||||
{
|
{
|
||||||
|
|
||||||
MODULEINFO ModuleInfo;
|
MODULEINFO ModuleInfo;
|
||||||
DWORD MemorySize = NULL;
|
DWORD MemorySize = NULL;
|
||||||
PIMAGE_NT_HEADERS32 PEHeader32;
|
PIMAGE_NT_HEADERS PEHeader;
|
||||||
IMAGE_NT_HEADERS32 RemotePEHeader32;
|
IMAGE_NT_HEADERS RemotePEHeader;
|
||||||
MEMORY_BASIC_INFORMATION MemoryInfo= {0};
|
MEMORY_BASIC_INFORMATION MemoryInfo= {0};
|
||||||
ULONG_PTR NumberOfBytesRW = NULL;
|
ULONG_PTR NumberOfBytesRW = NULL;
|
||||||
|
|
||||||
|
|
@ -874,8 +872,8 @@ bool EngineValidateHeader(ULONG_PTR FileMapVA, HANDLE hFileProc, LPVOID ImageBas
|
||||||
{
|
{
|
||||||
if(hFileProc == NULL)
|
if(hFileProc == NULL)
|
||||||
{
|
{
|
||||||
VirtualQueryEx(GetCurrentProcess(), (LPVOID)FileMapVA, &MemoryInfo, sizeof MEMORY_BASIC_INFORMATION);
|
VirtualQueryEx(GetCurrentProcess(), (LPVOID)FileMapVA, &MemoryInfo, sizeof(MEMORY_BASIC_INFORMATION));
|
||||||
VirtualQueryEx(GetCurrentProcess(), MemoryInfo.AllocationBase, &MemoryInfo, sizeof MEMORY_BASIC_INFORMATION);
|
VirtualQueryEx(GetCurrentProcess(), MemoryInfo.AllocationBase, &MemoryInfo, sizeof(MEMORY_BASIC_INFORMATION));
|
||||||
MemorySize = (DWORD)((ULONG_PTR)MemoryInfo.AllocationBase + (ULONG_PTR)MemoryInfo.RegionSize - (ULONG_PTR)FileMapVA);
|
MemorySize = (DWORD)((ULONG_PTR)MemoryInfo.AllocationBase + (ULONG_PTR)MemoryInfo.RegionSize - (ULONG_PTR)FileMapVA);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
|
@ -886,75 +884,40 @@ bool EngineValidateHeader(ULONG_PTR FileMapVA, HANDLE hFileProc, LPVOID ImageBas
|
||||||
{
|
{
|
||||||
if(DOSHeader->e_magic == 0x5A4D)
|
if(DOSHeader->e_magic == 0x5A4D)
|
||||||
{
|
{
|
||||||
if(DOSHeader->e_lfanew + sizeof IMAGE_DOS_HEADER + sizeof(IMAGE_NT_HEADERS64) < MemorySize)
|
if(DOSHeader->e_lfanew + sizeof(IMAGE_DOS_HEADER) + sizeof(IMAGE_NT_HEADERS) < MemorySize)
|
||||||
{
|
{
|
||||||
PEHeader32 = (PIMAGE_NT_HEADERS32)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
|
PEHeader = (PIMAGE_NT_HEADERS)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
|
||||||
if(PEHeader32->Signature != 0x4550)
|
return (PEHeader->Signature == 0x4550);
|
||||||
{
|
|
||||||
return false;
|
|
||||||
}
|
}
|
||||||
else
|
|
||||||
{
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return false;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
__except(EXCEPTION_EXECUTE_HANDLER)
|
__except(EXCEPTION_EXECUTE_HANDLER)
|
||||||
{
|
{
|
||||||
return false;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
RtlZeroMemory(&ModuleInfo, sizeof MODULEINFO);
|
RtlZeroMemory(&ModuleInfo, sizeof MODULEINFO);
|
||||||
GetModuleInformation(hFileProc, (HMODULE)ImageBase, &ModuleInfo, sizeof MODULEINFO);
|
GetModuleInformation(hFileProc, (HMODULE)ImageBase, &ModuleInfo, sizeof(MODULEINFO));
|
||||||
__try
|
__try
|
||||||
{
|
{
|
||||||
if(DOSHeader->e_magic == 0x5A4D)
|
if(DOSHeader->e_magic == 0x5A4D)
|
||||||
{
|
{
|
||||||
if(DOSHeader->e_lfanew + sizeof IMAGE_DOS_HEADER + sizeof(IMAGE_NT_HEADERS64) < ModuleInfo.SizeOfImage)
|
if(DOSHeader->e_lfanew + sizeof(IMAGE_DOS_HEADER) + sizeof(IMAGE_NT_HEADERS) < ModuleInfo.SizeOfImage)
|
||||||
{
|
{
|
||||||
if(ReadProcessMemory(hFileProc, (LPVOID)((ULONG_PTR)ImageBase + DOSHeader->e_lfanew), &RemotePEHeader32, sizeof IMAGE_NT_HEADERS32, &NumberOfBytesRW))
|
if(ReadProcessMemory(hFileProc, (LPVOID)((ULONG_PTR)ImageBase + DOSHeader->e_lfanew), &RemotePEHeader, sizeof(IMAGE_NT_HEADERS), &NumberOfBytesRW))
|
||||||
{
|
{
|
||||||
PEHeader32 = (PIMAGE_NT_HEADERS32)(&RemotePEHeader32);
|
PEHeader = (PIMAGE_NT_HEADERS)(&RemotePEHeader);
|
||||||
if(PEHeader32->Signature != 0x4550)
|
return (PEHeader->Signature == 0x4550);
|
||||||
{
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return true;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else
|
|
||||||
{
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return false;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
__except(EXCEPTION_EXECUTE_HANDLER)
|
__except(EXCEPTION_EXECUTE_HANDLER)
|
||||||
{
|
{
|
||||||
|
}
|
||||||
|
}
|
||||||
return false;
|
return false;
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
long long EngineSimulateNtLoaderW(wchar_t* szFileName)
|
long long EngineSimulateNtLoaderW(wchar_t* szFileName)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue