mirror of https://github.com/x64dbg/TitanEngine
- formatting lol
- rewrote TitanEngine.Threader to use a vector (decreased memory footprint) - Removed function ThreadGetThreadData
This commit is contained in:
parent
4dfc0351f7
commit
bc7906460c
|
|
@ -639,7 +639,6 @@ __declspec(dllexport) bool TITCALL ThreaderIsThreadActive(HANDLE hThread);
|
||||||
__declspec(dllexport) bool TITCALL ThreaderIsAnyThreadActive();
|
__declspec(dllexport) bool TITCALL ThreaderIsAnyThreadActive();
|
||||||
__declspec(dllexport) bool TITCALL ThreaderExecuteOnlyInjectedThreads();
|
__declspec(dllexport) bool TITCALL ThreaderExecuteOnlyInjectedThreads();
|
||||||
__declspec(dllexport) long long TITCALL ThreaderGetOpenHandleForThread(DWORD ThreadId);
|
__declspec(dllexport) long long TITCALL ThreaderGetOpenHandleForThread(DWORD ThreadId);
|
||||||
__declspec(dllexport) void* TITCALL ThreaderGetThreadData();
|
|
||||||
__declspec(dllexport) bool TITCALL ThreaderIsExceptionInMainThread();
|
__declspec(dllexport) bool TITCALL ThreaderIsExceptionInMainThread();
|
||||||
// TitanEngine.Debugger.functions:
|
// TitanEngine.Debugger.functions:
|
||||||
__declspec(dllexport) void* TITCALL StaticDisassembleEx(ULONG_PTR DisassmStart, LPVOID DisassmAddress);
|
__declspec(dllexport) void* TITCALL StaticDisassembleEx(ULONG_PTR DisassmStart, LPVOID DisassmAddress);
|
||||||
|
|
|
||||||
|
|
@ -638,7 +638,6 @@ __declspec(dllimport) bool TITCALL ThreaderIsThreadActive(HANDLE hThread);
|
||||||
__declspec(dllimport) bool TITCALL ThreaderIsAnyThreadActive();
|
__declspec(dllimport) bool TITCALL ThreaderIsAnyThreadActive();
|
||||||
__declspec(dllimport) bool TITCALL ThreaderExecuteOnlyInjectedThreads();
|
__declspec(dllimport) bool TITCALL ThreaderExecuteOnlyInjectedThreads();
|
||||||
__declspec(dllimport) long long TITCALL ThreaderGetOpenHandleForThread(DWORD ThreadId);
|
__declspec(dllimport) long long TITCALL ThreaderGetOpenHandleForThread(DWORD ThreadId);
|
||||||
__declspec(dllimport) void* TITCALL ThreaderGetThreadData();
|
|
||||||
__declspec(dllimport) bool TITCALL ThreaderIsExceptionInMainThread();
|
__declspec(dllimport) bool TITCALL ThreaderIsExceptionInMainThread();
|
||||||
// TitanEngine.Debugger.functions:
|
// TitanEngine.Debugger.functions:
|
||||||
__declspec(dllimport) void* TITCALL StaticDisassembleEx(ULONG_PTR DisassmStart, LPVOID DisassmAddress);
|
__declspec(dllimport) void* TITCALL StaticDisassembleEx(ULONG_PTR DisassmStart, LPVOID DisassmAddress);
|
||||||
|
|
|
||||||
|
|
@ -1122,10 +1122,6 @@ public:
|
||||||
{
|
{
|
||||||
return UE::ThreaderGetOpenHandleForThread(ThreadId);
|
return UE::ThreaderGetOpenHandleForThread(ThreadId);
|
||||||
}
|
}
|
||||||
static const THREAD_ITEM_DATA* GetThreadData()
|
|
||||||
{
|
|
||||||
return (const THREAD_ITEM_DATA*)UE::ThreaderGetThreadData();
|
|
||||||
}
|
|
||||||
static bool IsExceptionInMainThread()
|
static bool IsExceptionInMainThread()
|
||||||
{
|
{
|
||||||
return UE::ThreaderIsExceptionInMainThread();
|
return UE::ThreaderIsExceptionInMainThread();
|
||||||
|
|
|
||||||
|
|
@ -496,7 +496,6 @@ const
|
||||||
function ThreaderIsAnyThreadActive():boolean; stdcall; external 'TitanEngine.dll' name 'ThreaderIsAnyThreadActive';
|
function ThreaderIsAnyThreadActive():boolean; stdcall; external 'TitanEngine.dll' name 'ThreaderIsAnyThreadActive';
|
||||||
function ThreaderExecuteOnlyInjectedThreads():boolean; stdcall; external 'TitanEngine.dll' name 'ThreaderExecuteOnlyInjectedThreads';
|
function ThreaderExecuteOnlyInjectedThreads():boolean; stdcall; external 'TitanEngine.dll' name 'ThreaderExecuteOnlyInjectedThreads';
|
||||||
function ThreaderGetOpenHandleForThread(ThreadId:LongInt):THandle; stdcall; external 'TitanEngine.dll' name 'ThreaderGetOpenHandleForThread';
|
function ThreaderGetOpenHandleForThread(ThreadId:LongInt):THandle; stdcall; external 'TitanEngine.dll' name 'ThreaderGetOpenHandleForThread';
|
||||||
function ThreaderGetThreadData():Pointer; stdcall; external 'TitanEngine.dll' name 'ThreaderGetThreadData';
|
|
||||||
function ThreaderIsExceptionInMainThread():boolean; stdcall; external 'TitanEngine.dll' name 'ThreaderIsExceptionInMainThread';
|
function ThreaderIsExceptionInMainThread():boolean; stdcall; external 'TitanEngine.dll' name 'ThreaderIsExceptionInMainThread';
|
||||||
{TitanEngine.Debugger.functions}
|
{TitanEngine.Debugger.functions}
|
||||||
function StaticDisassembleEx(DisassmStart:LongInt; DisassmAddress:Pointer):PAnsiChar; stdcall; external 'TitanEngine.dll' name 'StaticDisassembleEx';
|
function StaticDisassembleEx(DisassmStart:LongInt; DisassmAddress:Pointer):PAnsiChar; stdcall; external 'TitanEngine.dll' name 'StaticDisassembleEx';
|
||||||
|
|
|
||||||
|
|
@ -747,9 +747,6 @@ PROCESS_INFORMATION = alien.defstruct{
|
||||||
-- __declspec(dllexport) long long __stdcall ThreaderGetOpenHandleForThread(DWORD ThreadId);
|
-- __declspec(dllexport) long long __stdcall ThreaderGetOpenHandleForThread(DWORD ThreadId);
|
||||||
TitanEngine.ThreaderGetOpenHandleForThread:types {"long",abi="stdcall",ret="long"}
|
TitanEngine.ThreaderGetOpenHandleForThread:types {"long",abi="stdcall",ret="long"}
|
||||||
TE_ThreaderGetOpenHandleForThread = TitanEngine.ThreaderGetOpenHandleForThread
|
TE_ThreaderGetOpenHandleForThread = TitanEngine.ThreaderGetOpenHandleForThread
|
||||||
-- __declspec(dllexport) void* __stdcall ThreaderGetThreadData();
|
|
||||||
TitanEngine.ThreaderGetThreadData:types {abi="stdcall",ret="pointer"}
|
|
||||||
TE_ThreaderGetThreadData = TitanEngine.ThreaderGetThreadData
|
|
||||||
-- __declspec(dllexport) bool __stdcall ThreaderIsExceptionInMainThread();
|
-- __declspec(dllexport) bool __stdcall ThreaderIsExceptionInMainThread();
|
||||||
TitanEngine.ThreaderIsExceptionInMainThread:types {abi="stdcall",ret="byte"}
|
TitanEngine.ThreaderIsExceptionInMainThread:types {abi="stdcall",ret="byte"}
|
||||||
TE_ThreaderIsExceptionInMainThread = TitanEngine.ThreaderIsExceptionInMainThread
|
TE_ThreaderIsExceptionInMainThread = TitanEngine.ThreaderIsExceptionInMainThread
|
||||||
|
|
|
||||||
|
|
@ -549,7 +549,6 @@ ThreaderIsThreadActive proto stdcall :HANDLE
|
||||||
ThreaderIsAnyThreadActive proto stdcall
|
ThreaderIsAnyThreadActive proto stdcall
|
||||||
ThreaderExecuteOnlyInjectedThreads proto stdcall
|
ThreaderExecuteOnlyInjectedThreads proto stdcall
|
||||||
ThreaderGetOpenHandleForThread proto stdcall :DWORD
|
ThreaderGetOpenHandleForThread proto stdcall :DWORD
|
||||||
ThreaderGetThreadData proto stdcall
|
|
||||||
ThreaderIsExceptionInMainThread proto stdcall
|
ThreaderIsExceptionInMainThread proto stdcall
|
||||||
StaticDisassembleEx proto stdcall :DWORD, :LPVOID
|
StaticDisassembleEx proto stdcall :DWORD, :LPVOID
|
||||||
StaticDisassemble proto stdcall :LPVOID
|
StaticDisassemble proto stdcall :LPVOID
|
||||||
|
|
|
||||||
|
|
@ -644,7 +644,6 @@ TE.GetPEBLocation.restype = c_void_p
|
||||||
TE.GetPEBLocation64.restype = c_void_p
|
TE.GetPEBLocation64.restype = c_void_p
|
||||||
|
|
||||||
TE.ThreaderGetThreadInfo.restype = POINTER(THREAD_ITEM_DATA)
|
TE.ThreaderGetThreadInfo.restype = POINTER(THREAD_ITEM_DATA)
|
||||||
TE.ThreaderGetThreadData.restype = POINTER(THREAD_ITEM_DATA)
|
|
||||||
|
|
||||||
TE.InitDebug.restype = POINTER(PROCESS_INFORMATION)
|
TE.InitDebug.restype = POINTER(PROCESS_INFORMATION)
|
||||||
TE.InitDebugW.restype = POINTER(PROCESS_INFORMATION)
|
TE.InitDebugW.restype = POINTER(PROCESS_INFORMATION)
|
||||||
|
|
|
||||||
|
|
@ -2,4 +2,9 @@
|
||||||
#include "definitions.h"
|
#include "definitions.h"
|
||||||
#include "Global.Threader.h"
|
#include "Global.Threader.h"
|
||||||
|
|
||||||
LPVOID hListThread = 0;
|
std::vector<THREAD_ITEM_DATA> hListThread;
|
||||||
|
|
||||||
|
void ClearThreadList()
|
||||||
|
{
|
||||||
|
std::vector<THREAD_ITEM_DATA>().swap(hListThread);
|
||||||
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,10 @@
|
||||||
#ifndef _GLOBAL_THREADER_H
|
#ifndef _GLOBAL_THREADER_H
|
||||||
#define _GLOBAL_THREADER_H
|
#define _GLOBAL_THREADER_H
|
||||||
|
|
||||||
extern LPVOID hListThread;
|
#include <vector>
|
||||||
|
|
||||||
|
extern std::vector<THREAD_ITEM_DATA> hListThread;
|
||||||
|
|
||||||
|
void ClearThreadList();
|
||||||
|
|
||||||
#endif //_GLOBAL_THREADER_H
|
#endif //_GLOBAL_THREADER_H
|
||||||
|
|
@ -4,6 +4,7 @@
|
||||||
#include "Global.Handle.h"
|
#include "Global.Handle.h"
|
||||||
#include "Global.Threader.h"
|
#include "Global.Threader.h"
|
||||||
#include "Global.Librarian.h"
|
#include "Global.Librarian.h"
|
||||||
|
#include <vector>
|
||||||
|
|
||||||
__declspec(dllexport) void TITCALL ForceClose()
|
__declspec(dllexport) void TITCALL ForceClose()
|
||||||
{
|
{
|
||||||
|
|
@ -12,7 +13,7 @@ __declspec(dllexport) void TITCALL ForceClose()
|
||||||
PPROCESS_ITEM_DATA hListProcessPtr = NULL;
|
PPROCESS_ITEM_DATA hListProcessPtr = NULL;
|
||||||
PTHREAD_ITEM_DATA hListThreadPtr = NULL;
|
PTHREAD_ITEM_DATA hListThreadPtr = NULL;
|
||||||
PLIBRARY_ITEM_DATAW hListLibraryPtr = NULL;
|
PLIBRARY_ITEM_DATAW hListLibraryPtr = NULL;
|
||||||
|
//manage lists
|
||||||
if(hListProcess != NULL)
|
if(hListProcess != NULL)
|
||||||
{
|
{
|
||||||
hListProcessPtr = (PPROCESS_ITEM_DATA)hListProcess;
|
hListProcessPtr = (PPROCESS_ITEM_DATA)hListProcess;
|
||||||
|
|
@ -31,35 +32,12 @@ __declspec(dllexport) void TITCALL ForceClose()
|
||||||
}
|
}
|
||||||
RtlZeroMemory(hListProcess, MAX_DEBUG_DATA * sizeof PROCESS_ITEM_DATA);
|
RtlZeroMemory(hListProcess, MAX_DEBUG_DATA * sizeof PROCESS_ITEM_DATA);
|
||||||
}
|
}
|
||||||
if(hListThread != NULL)
|
|
||||||
{
|
int threadcount=hListThread.size();
|
||||||
hListThreadPtr = (PTHREAD_ITEM_DATA)hListThread;
|
for(int i=threadcount-1; i>-1; i--)
|
||||||
while(hListThreadPtr->hThread != NULL)
|
EngineCloseHandle(hListThread.at(i).hThread);
|
||||||
{
|
ClearThreadList();
|
||||||
if(hListThreadPtr->hThread != (HANDLE)-1)
|
|
||||||
{
|
|
||||||
__try
|
|
||||||
{
|
|
||||||
if(EngineCloseHandle(hListThreadPtr->hThread))
|
|
||||||
{
|
|
||||||
hListThreadPtr->hThread = NULL;
|
|
||||||
hListThreadPtr->dwThreadId = NULL;
|
|
||||||
hListThreadPtr->ThreadLocalBase = NULL;
|
|
||||||
hListThreadPtr->ThreadStartAddress = NULL;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
__except(EXCEPTION_EXECUTE_HANDLER)
|
|
||||||
{
|
|
||||||
hListThreadPtr->hThread = NULL;
|
|
||||||
hListThreadPtr->dwThreadId = NULL;
|
|
||||||
hListThreadPtr->ThreadLocalBase = NULL;
|
|
||||||
hListThreadPtr->ThreadStartAddress = NULL;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
hListThreadPtr = (PTHREAD_ITEM_DATA)((ULONG_PTR)hListThreadPtr + sizeof THREAD_ITEM_DATA);
|
|
||||||
}
|
|
||||||
RtlZeroMemory(hListThread, MAX_DEBUG_DATA * sizeof THREAD_ITEM_DATA);
|
|
||||||
}
|
|
||||||
if(hListLibrary != NULL)
|
if(hListLibrary != NULL)
|
||||||
{
|
{
|
||||||
hListLibraryPtr = (PLIBRARY_ITEM_DATAW)hListLibrary;
|
hListLibraryPtr = (PLIBRARY_ITEM_DATAW)hListLibrary;
|
||||||
|
|
@ -70,24 +48,10 @@ __declspec(dllexport) void TITCALL ForceClose()
|
||||||
if(hListLibraryPtr->hFileMappingView != NULL)
|
if(hListLibraryPtr->hFileMappingView != NULL)
|
||||||
{
|
{
|
||||||
UnmapViewOfFile(hListLibraryPtr->hFileMappingView);
|
UnmapViewOfFile(hListLibraryPtr->hFileMappingView);
|
||||||
__try
|
|
||||||
{
|
|
||||||
EngineCloseHandle(hListLibraryPtr->hFileMapping);
|
EngineCloseHandle(hListLibraryPtr->hFileMapping);
|
||||||
}
|
}
|
||||||
__except(EXCEPTION_EXECUTE_HANDLER)
|
|
||||||
{
|
|
||||||
|
|
||||||
}
|
|
||||||
}
|
|
||||||
__try
|
|
||||||
{
|
|
||||||
EngineCloseHandle(hListLibraryPtr->hFile);
|
EngineCloseHandle(hListLibraryPtr->hFile);
|
||||||
}
|
}
|
||||||
__except(EXCEPTION_EXECUTE_HANDLER)
|
|
||||||
{
|
|
||||||
|
|
||||||
}
|
|
||||||
}
|
|
||||||
hListLibraryPtr = (PLIBRARY_ITEM_DATAW)((ULONG_PTR)hListLibraryPtr + sizeof LIBRARY_ITEM_DATAW);
|
hListLibraryPtr = (PLIBRARY_ITEM_DATAW)((ULONG_PTR)hListLibraryPtr + sizeof LIBRARY_ITEM_DATAW);
|
||||||
}
|
}
|
||||||
RtlZeroMemory(hListLibrary, MAX_DEBUG_DATA * sizeof LIBRARY_ITEM_DATAW);
|
RtlZeroMemory(hListLibrary, MAX_DEBUG_DATA * sizeof LIBRARY_ITEM_DATAW);
|
||||||
|
|
|
||||||
|
|
@ -32,7 +32,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
|
||||||
bool hListThreadFirst = true;
|
bool hListThreadFirst = true;
|
||||||
bool hListLibraryFirst = true;
|
bool hListLibraryFirst = true;
|
||||||
PPROCESS_ITEM_DATA hListProcessPtr = NULL;
|
PPROCESS_ITEM_DATA hListProcessPtr = NULL;
|
||||||
PTHREAD_ITEM_DATA hListThreadPtr = NULL;
|
//PTHREAD_ITEM_DATA hListThreadPtr = NULL;
|
||||||
PLIBRARY_ITEM_DATAW hListLibraryPtr = NULL;
|
PLIBRARY_ITEM_DATAW hListLibraryPtr = NULL;
|
||||||
PLIBRARY_ITEM_DATAW hLoadedLibData = NULL;
|
PLIBRARY_ITEM_DATAW hLoadedLibData = NULL;
|
||||||
PLIBRARY_BREAK_DATA ptrLibrarianData = NULL;
|
PLIBRARY_BREAK_DATA ptrLibrarianData = NULL;
|
||||||
|
|
@ -142,17 +142,9 @@ __declspec(dllexport) void TITCALL DebugLoop()
|
||||||
RtlZeroMemory(hListProcess, MAX_DEBUG_DATA * sizeof PROCESS_ITEM_DATA);
|
RtlZeroMemory(hListProcess, MAX_DEBUG_DATA * sizeof PROCESS_ITEM_DATA);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if(hListThread == NULL)
|
if(hListThreadFirst) //clear thread list
|
||||||
{
|
ClearThreadList();
|
||||||
hListThread = VirtualAlloc(NULL, MAX_DEBUG_DATA * sizeof THREAD_ITEM_DATA, MEM_COMMIT, PAGE_READWRITE);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
if(hListThreadFirst == true)
|
|
||||||
{
|
|
||||||
RtlZeroMemory(hListThread, MAX_DEBUG_DATA * sizeof THREAD_ITEM_DATA);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
hListProcessPtr = (PPROCESS_ITEM_DATA)hListProcess;
|
hListProcessPtr = (PPROCESS_ITEM_DATA)hListProcess;
|
||||||
hListProcessPtr->hFile = DBGEvent.u.CreateProcessInfo.hFile;
|
hListProcessPtr->hFile = DBGEvent.u.CreateProcessInfo.hFile;
|
||||||
hListProcessPtr->hProcess = DBGEvent.u.CreateProcessInfo.hProcess;
|
hListProcessPtr->hProcess = DBGEvent.u.CreateProcessInfo.hProcess;
|
||||||
|
|
@ -163,11 +155,13 @@ __declspec(dllexport) void TITCALL DebugLoop()
|
||||||
hListProcessPtr->ThreadStartAddress = (void*)DBGEvent.u.CreateProcessInfo.lpStartAddress;
|
hListProcessPtr->ThreadStartAddress = (void*)DBGEvent.u.CreateProcessInfo.lpStartAddress;
|
||||||
hListProcessPtr->ThreadLocalBase = (void*)DBGEvent.u.CreateProcessInfo.lpThreadLocalBase;
|
hListProcessPtr->ThreadLocalBase = (void*)DBGEvent.u.CreateProcessInfo.lpThreadLocalBase;
|
||||||
|
|
||||||
hListThreadPtr = (PTHREAD_ITEM_DATA)hListThread;
|
THREAD_ITEM_DATA NewThreadData;
|
||||||
hListThreadPtr->dwThreadId = DBGEvent.dwThreadId;
|
memset(&NewThreadData, 0, sizeof(THREAD_ITEM_DATA));
|
||||||
hListThreadPtr->hThread = DBGEvent.u.CreateProcessInfo.hThread;
|
NewThreadData.dwThreadId = DBGEvent.dwThreadId;
|
||||||
hListThreadPtr->ThreadStartAddress = (void*)DBGEvent.u.CreateProcessInfo.lpStartAddress;
|
NewThreadData.hThread = DBGEvent.u.CreateProcessInfo.hThread;
|
||||||
hListThreadPtr->ThreadLocalBase = (void*)DBGEvent.u.CreateProcessInfo.lpThreadLocalBase;
|
NewThreadData.ThreadStartAddress = (void*)DBGEvent.u.CreateProcessInfo.lpStartAddress;
|
||||||
|
NewThreadData.ThreadLocalBase = (void*)DBGEvent.u.CreateProcessInfo.lpThreadLocalBase;
|
||||||
|
hListThread.push_back(NewThreadData);
|
||||||
hListThreadFirst = false;
|
hListThreadFirst = false;
|
||||||
}
|
}
|
||||||
else //we have a valid handle already (which means a child process started)
|
else //we have a valid handle already (which means a child process started)
|
||||||
|
|
@ -233,26 +227,13 @@ __declspec(dllexport) void TITCALL DebugLoop()
|
||||||
case CREATE_THREAD_DEBUG_EVENT:
|
case CREATE_THREAD_DEBUG_EVENT:
|
||||||
{
|
{
|
||||||
//maintain thread list
|
//maintain thread list
|
||||||
if(hListThread == NULL)
|
THREAD_ITEM_DATA NewThreadData;
|
||||||
{
|
memset(&NewThreadData, 0, sizeof(THREAD_ITEM_DATA));
|
||||||
hListThread = VirtualAlloc(NULL, MAX_DEBUG_DATA * sizeof THREAD_ITEM_DATA, MEM_COMMIT, PAGE_READWRITE);
|
NewThreadData.dwThreadId = DBGEvent.dwThreadId;
|
||||||
}
|
NewThreadData.hThread = DBGEvent.u.CreateThread.hThread;
|
||||||
hListThreadPtr = (PTHREAD_ITEM_DATA)hListThread;
|
NewThreadData.ThreadStartAddress = (void*)DBGEvent.u.CreateThread.lpStartAddress;
|
||||||
__try
|
NewThreadData.ThreadLocalBase = (void*)DBGEvent.u.CreateThread.lpThreadLocalBase;
|
||||||
{
|
hListThread.push_back(NewThreadData);
|
||||||
while(hListThreadPtr->hThread != NULL)
|
|
||||||
{
|
|
||||||
hListThreadPtr = (PTHREAD_ITEM_DATA)((ULONG_PTR)hListThreadPtr + sizeof THREAD_ITEM_DATA);
|
|
||||||
}
|
|
||||||
hListThreadPtr->dwThreadId = DBGEvent.dwThreadId;
|
|
||||||
hListThreadPtr->hThread = DBGEvent.u.CreateThread.hThread;
|
|
||||||
hListThreadPtr->ThreadStartAddress = (void*)DBGEvent.u.CreateThread.lpStartAddress;
|
|
||||||
hListThreadPtr->ThreadLocalBase = (void*)DBGEvent.u.CreateThread.lpThreadLocalBase;
|
|
||||||
}
|
|
||||||
__except(EXCEPTION_EXECUTE_HANDLER)
|
|
||||||
{
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
//custom handler
|
//custom handler
|
||||||
if(DBGCustomHandler->chCreateThread != NULL)
|
if(DBGCustomHandler->chCreateThread != NULL)
|
||||||
|
|
@ -300,17 +281,15 @@ __declspec(dllexport) void TITCALL DebugLoop()
|
||||||
}
|
}
|
||||||
|
|
||||||
//maintain thread list
|
//maintain thread list
|
||||||
hListThreadPtr = (PTHREAD_ITEM_DATA)hListThread;
|
int threadcount=hListThread.size();
|
||||||
while(hListThreadPtr->hThread != NULL && hListThreadPtr->dwThreadId != DBGEvent.dwThreadId)
|
for(int i=0; i<threadcount; i++)
|
||||||
{
|
{
|
||||||
hListThreadPtr = (PTHREAD_ITEM_DATA)((ULONG_PTR)hListThreadPtr + sizeof THREAD_ITEM_DATA);
|
if(hListThread.at(i).dwThreadId == DBGEvent.dwThreadId) //found the thread to remove
|
||||||
|
{
|
||||||
|
//TODO: close handle?
|
||||||
|
hListThread.erase(hListThread.begin()+i);
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
if(hListThreadPtr->dwThreadId == DBGEvent.dwThreadId)
|
|
||||||
{
|
|
||||||
hListThreadPtr->hThread = (HANDLE)-1;
|
|
||||||
hListThreadPtr->dwThreadId = NULL;
|
|
||||||
hListThreadPtr->ThreadLocalBase = NULL;
|
|
||||||
hListThreadPtr->ThreadStartAddress = NULL;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
@ -590,16 +569,8 @@ __declspec(dllexport) void TITCALL DebugLoop()
|
||||||
myDBGContext.ContextFlags = CONTEXT_CONTROL;
|
myDBGContext.ContextFlags = CONTEXT_CONTROL;
|
||||||
GetThreadContext(hActiveThread, &myDBGContext);
|
GetThreadContext(hActiveThread, &myDBGContext);
|
||||||
if(FoundBreakPoint.BreakPointType != UE_SINGLESHOOT)
|
if(FoundBreakPoint.BreakPointType != UE_SINGLESHOOT)
|
||||||
{
|
myDBGContext.EFlags |= UE_TRAP_FLAG;
|
||||||
if(!(myDBGContext.EFlags & 0x100))
|
myDBGContext.EFlags |= UE_RESUME_FLAG;
|
||||||
{
|
|
||||||
myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if(!(myDBGContext.EFlags & 0x10000))
|
|
||||||
{
|
|
||||||
myDBGContext.EFlags = myDBGContext.EFlags ^ 0x10000;
|
|
||||||
}
|
|
||||||
#if defined(_WIN64)
|
#if defined(_WIN64)
|
||||||
myDBGContext.Rip = myDBGContext.Rip - FoundBreakPoint.BreakPointSize;
|
myDBGContext.Rip = myDBGContext.Rip - FoundBreakPoint.BreakPointSize;
|
||||||
#else
|
#else
|
||||||
|
|
@ -748,10 +719,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
|
||||||
hActiveThread = OpenThread(THREAD_GET_CONTEXT|THREAD_SET_CONTEXT|THREAD_QUERY_INFORMATION, false, DBGEvent.dwThreadId);
|
hActiveThread = OpenThread(THREAD_GET_CONTEXT|THREAD_SET_CONTEXT|THREAD_QUERY_INFORMATION, false, DBGEvent.dwThreadId);
|
||||||
myDBGContext.ContextFlags = CONTEXT_CONTROL;
|
myDBGContext.ContextFlags = CONTEXT_CONTROL;
|
||||||
GetThreadContext(hActiveThread, &myDBGContext);
|
GetThreadContext(hActiveThread, &myDBGContext);
|
||||||
if(!(myDBGContext.EFlags & 0x100))
|
myDBGContext.EFlags |= UE_TRAP_FLAG;
|
||||||
{
|
|
||||||
myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100;
|
|
||||||
}
|
|
||||||
SetThreadContext(hActiveThread, &myDBGContext);
|
SetThreadContext(hActiveThread, &myDBGContext);
|
||||||
EngineCloseHandle(hActiveThread);
|
EngineCloseHandle(hActiveThread);
|
||||||
}
|
}
|
||||||
|
|
@ -846,10 +814,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
|
||||||
if(DebugRegister[0].DrxEnabled)
|
if(DebugRegister[0].DrxEnabled)
|
||||||
{
|
{
|
||||||
DBGCode = DBG_CONTINUE;
|
DBGCode = DBG_CONTINUE;
|
||||||
if(!(myDBGContext.EFlags & 0x100))
|
myDBGContext.EFlags |= UE_TRAP_FLAG;
|
||||||
{
|
|
||||||
myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100;
|
|
||||||
}
|
|
||||||
SetThreadContext(hActiveThread, &myDBGContext);
|
SetThreadContext(hActiveThread, &myDBGContext);
|
||||||
myCustomHandler = (fCustomHandler)(DebugRegister[0].DrxCallBack);
|
myCustomHandler = (fCustomHandler)(DebugRegister[0].DrxCallBack);
|
||||||
__try
|
__try
|
||||||
|
|
@ -876,10 +841,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
|
||||||
if(DebugRegister[1].DrxEnabled)
|
if(DebugRegister[1].DrxEnabled)
|
||||||
{
|
{
|
||||||
DBGCode = DBG_CONTINUE;
|
DBGCode = DBG_CONTINUE;
|
||||||
if(!(myDBGContext.EFlags & 0x100))
|
myDBGContext.EFlags |= UE_TRAP_FLAG;
|
||||||
{
|
|
||||||
myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100;
|
|
||||||
}
|
|
||||||
SetThreadContext(hActiveThread, &myDBGContext);
|
SetThreadContext(hActiveThread, &myDBGContext);
|
||||||
myCustomHandler = (fCustomHandler)(DebugRegister[1].DrxCallBack);
|
myCustomHandler = (fCustomHandler)(DebugRegister[1].DrxCallBack);
|
||||||
__try
|
__try
|
||||||
|
|
@ -906,10 +868,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
|
||||||
if(DebugRegister[2].DrxEnabled)
|
if(DebugRegister[2].DrxEnabled)
|
||||||
{
|
{
|
||||||
DBGCode = DBG_CONTINUE;
|
DBGCode = DBG_CONTINUE;
|
||||||
if(!(myDBGContext.EFlags & 0x100))
|
myDBGContext.EFlags |= UE_TRAP_FLAG;
|
||||||
{
|
|
||||||
myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100;
|
|
||||||
}
|
|
||||||
SetThreadContext(hActiveThread, &myDBGContext);
|
SetThreadContext(hActiveThread, &myDBGContext);
|
||||||
myCustomHandler = (fCustomHandler)(DebugRegister[2].DrxCallBack);
|
myCustomHandler = (fCustomHandler)(DebugRegister[2].DrxCallBack);
|
||||||
__try
|
__try
|
||||||
|
|
@ -936,10 +895,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
|
||||||
if(DebugRegister[3].DrxEnabled)
|
if(DebugRegister[3].DrxEnabled)
|
||||||
{
|
{
|
||||||
DBGCode = DBG_CONTINUE;
|
DBGCode = DBG_CONTINUE;
|
||||||
if(!(myDBGContext.EFlags & 0x100))
|
myDBGContext.EFlags |= UE_TRAP_FLAG;
|
||||||
{
|
|
||||||
myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100;
|
|
||||||
}
|
|
||||||
SetThreadContext(hActiveThread, &myDBGContext);
|
SetThreadContext(hActiveThread, &myDBGContext);
|
||||||
myCustomHandler = (fCustomHandler)(DebugRegister[3].DrxCallBack);
|
myCustomHandler = (fCustomHandler)(DebugRegister[3].DrxCallBack);
|
||||||
__try
|
__try
|
||||||
|
|
@ -1023,10 +979,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
if(!(myDBGContext.EFlags & 0x100))
|
myDBGContext.EFlags |= UE_TRAP_FLAG;
|
||||||
{
|
|
||||||
myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100;
|
|
||||||
}
|
|
||||||
SetThreadContext(hActiveThread, &myDBGContext);
|
SetThreadContext(hActiveThread, &myDBGContext);
|
||||||
ResetMemBPXAddress = FoundBreakPoint.BreakPointAddress;
|
ResetMemBPXAddress = FoundBreakPoint.BreakPointAddress;
|
||||||
ResetMemBPXSize = FoundBreakPoint.BreakPointSize;
|
ResetMemBPXSize = FoundBreakPoint.BreakPointSize;
|
||||||
|
|
@ -1051,10 +1004,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
|
||||||
}
|
}
|
||||||
else //restore the memory breakpoint
|
else //restore the memory breakpoint
|
||||||
{
|
{
|
||||||
if(!(myDBGContext.EFlags & 0x100))
|
myDBGContext.EFlags |= UE_TRAP_FLAG;
|
||||||
{
|
|
||||||
myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100;
|
|
||||||
}
|
|
||||||
SetThreadContext(hActiveThread, &myDBGContext);
|
SetThreadContext(hActiveThread, &myDBGContext);
|
||||||
ResetMemBPXAddress = FoundBreakPoint.BreakPointAddress;
|
ResetMemBPXAddress = FoundBreakPoint.BreakPointAddress;
|
||||||
ResetMemBPXSize = FoundBreakPoint.BreakPointSize;
|
ResetMemBPXSize = FoundBreakPoint.BreakPointSize;
|
||||||
|
|
@ -1074,10 +1024,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
|
||||||
}
|
}
|
||||||
else //no read operation, restore breakpoint
|
else //no read operation, restore breakpoint
|
||||||
{
|
{
|
||||||
if(!(myDBGContext.EFlags & 0x100))
|
myDBGContext.EFlags |= UE_TRAP_FLAG;
|
||||||
{
|
|
||||||
myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100;
|
|
||||||
}
|
|
||||||
SetThreadContext(hActiveThread, &myDBGContext);
|
SetThreadContext(hActiveThread, &myDBGContext);
|
||||||
ResetMemBPXAddress = FoundBreakPoint.BreakPointAddress;
|
ResetMemBPXAddress = FoundBreakPoint.BreakPointAddress;
|
||||||
ResetMemBPXSize = FoundBreakPoint.BreakPointSize;
|
ResetMemBPXSize = FoundBreakPoint.BreakPointSize;
|
||||||
|
|
@ -1093,10 +1040,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
|
||||||
}
|
}
|
||||||
else //restore breakpoint after trap flag
|
else //restore breakpoint after trap flag
|
||||||
{
|
{
|
||||||
if(!(myDBGContext.EFlags & 0x100))
|
myDBGContext.EFlags |= UE_TRAP_FLAG;
|
||||||
{
|
|
||||||
myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100;
|
|
||||||
}
|
|
||||||
SetThreadContext(hActiveThread, &myDBGContext);
|
SetThreadContext(hActiveThread, &myDBGContext);
|
||||||
ResetMemBPXAddress = FoundBreakPoint.BreakPointAddress;
|
ResetMemBPXAddress = FoundBreakPoint.BreakPointAddress;
|
||||||
ResetMemBPXSize = FoundBreakPoint.BreakPointSize;
|
ResetMemBPXSize = FoundBreakPoint.BreakPointSize;
|
||||||
|
|
@ -1116,10 +1060,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
|
||||||
}
|
}
|
||||||
else //no write operation, restore breakpoint
|
else //no write operation, restore breakpoint
|
||||||
{
|
{
|
||||||
if(!(myDBGContext.EFlags & 0x100))
|
myDBGContext.EFlags |= UE_TRAP_FLAG;
|
||||||
{
|
|
||||||
myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100;
|
|
||||||
}
|
|
||||||
SetThreadContext(hActiveThread, &myDBGContext);
|
SetThreadContext(hActiveThread, &myDBGContext);
|
||||||
ResetMemBPXAddress = FoundBreakPoint.BreakPointAddress;
|
ResetMemBPXAddress = FoundBreakPoint.BreakPointAddress;
|
||||||
ResetMemBPXSize = FoundBreakPoint.BreakPointSize;
|
ResetMemBPXSize = FoundBreakPoint.BreakPointSize;
|
||||||
|
|
@ -1136,10 +1077,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
if(!(myDBGContext.EFlags & 0x100))
|
myDBGContext.EFlags |= UE_TRAP_FLAG;
|
||||||
{
|
|
||||||
myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100;
|
|
||||||
}
|
|
||||||
SetThreadContext(hActiveThread, &myDBGContext);
|
SetThreadContext(hActiveThread, &myDBGContext);
|
||||||
ResetMemBPXAddress = FoundBreakPoint.BreakPointAddress;
|
ResetMemBPXAddress = FoundBreakPoint.BreakPointAddress;
|
||||||
ResetMemBPXSize = FoundBreakPoint.BreakPointSize;
|
ResetMemBPXSize = FoundBreakPoint.BreakPointSize;
|
||||||
|
|
@ -1160,10 +1098,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
|
||||||
}
|
}
|
||||||
else //no execute operation, restore breakpoint
|
else //no execute operation, restore breakpoint
|
||||||
{
|
{
|
||||||
if(!(myDBGContext.EFlags & 0x100))
|
myDBGContext.EFlags |= UE_TRAP_FLAG;
|
||||||
{
|
|
||||||
myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100;
|
|
||||||
}
|
|
||||||
SetThreadContext(hActiveThread, &myDBGContext);
|
SetThreadContext(hActiveThread, &myDBGContext);
|
||||||
ResetMemBPXAddress = FoundBreakPoint.BreakPointAddress;
|
ResetMemBPXAddress = FoundBreakPoint.BreakPointAddress;
|
||||||
ResetMemBPXSize = FoundBreakPoint.BreakPointSize;
|
ResetMemBPXSize = FoundBreakPoint.BreakPointSize;
|
||||||
|
|
@ -1241,16 +1176,8 @@ __declspec(dllexport) void TITCALL DebugLoop()
|
||||||
myDBGContext.ContextFlags = CONTEXT_CONTROL;
|
myDBGContext.ContextFlags = CONTEXT_CONTROL;
|
||||||
GetThreadContext(hActiveThread, &myDBGContext);
|
GetThreadContext(hActiveThread, &myDBGContext);
|
||||||
if(FoundBreakPoint.BreakPointType != UE_SINGLESHOOT)
|
if(FoundBreakPoint.BreakPointType != UE_SINGLESHOOT)
|
||||||
{
|
myDBGContext.EFlags |= UE_TRAP_FLAG;
|
||||||
if(!(myDBGContext.EFlags & 0x100))
|
myDBGContext.EFlags |= UE_RESUME_FLAG;
|
||||||
{
|
|
||||||
myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if(!(myDBGContext.EFlags & 0x10000))
|
|
||||||
{
|
|
||||||
myDBGContext.EFlags = myDBGContext.EFlags ^ 0x10000;
|
|
||||||
}
|
|
||||||
SetThreadContext(hActiveThread, &myDBGContext);
|
SetThreadContext(hActiveThread, &myDBGContext);
|
||||||
EngineCloseHandle(hActiveThread);
|
EngineCloseHandle(hActiveThread);
|
||||||
VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)FoundBreakPoint.BreakPointAddress, FoundBreakPoint.BreakPointSize, OldProtect, &OldProtect);
|
VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)FoundBreakPoint.BreakPointAddress, FoundBreakPoint.BreakPointSize, OldProtect, &OldProtect);
|
||||||
|
|
|
||||||
|
|
@ -306,40 +306,23 @@ __declspec(dllexport) bool TITCALL DetachDebugger(DWORD ProcessId)
|
||||||
}
|
}
|
||||||
|
|
||||||
__declspec(dllexport) bool TITCALL DetachDebuggerEx(DWORD ProcessId)
|
__declspec(dllexport) bool TITCALL DetachDebuggerEx(DWORD ProcessId)
|
||||||
{
|
|
||||||
|
|
||||||
HANDLE hActiveThread;
|
|
||||||
CONTEXT myDBGContext;
|
|
||||||
PTHREAD_ITEM_DATA hListThreadPtr = (PTHREAD_ITEM_DATA)hListThread;
|
|
||||||
|
|
||||||
if(hListThreadPtr != NULL)
|
|
||||||
{
|
{
|
||||||
ThreaderPauseProcess();
|
ThreaderPauseProcess();
|
||||||
while(hListThreadPtr->hThread != NULL)
|
int threadcount=hListThread.size();
|
||||||
|
for(int i=0; i<threadcount; i++)
|
||||||
{
|
{
|
||||||
hActiveThread = OpenThread(THREAD_GET_CONTEXT|THREAD_SET_CONTEXT|THREAD_QUERY_INFORMATION, false, hListThreadPtr->dwThreadId);
|
HANDLE hActiveThread = OpenThread(THREAD_GET_CONTEXT|THREAD_SET_CONTEXT, false, hListThread.at(i).dwThreadId);
|
||||||
|
CONTEXT myDBGContext;
|
||||||
myDBGContext.ContextFlags = CONTEXT_CONTROL;
|
myDBGContext.ContextFlags = CONTEXT_CONTROL;
|
||||||
GetThreadContext(hActiveThread, &myDBGContext);
|
GetThreadContext(hActiveThread, &myDBGContext);
|
||||||
if((myDBGContext.EFlags & 0x100))
|
myDBGContext.EFlags &= ~UE_TRAP_FLAG;
|
||||||
{
|
myDBGContext.EFlags &= ~UE_RESUME_FLAG;
|
||||||
myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100;
|
|
||||||
}
|
|
||||||
if(!(myDBGContext.EFlags & 0x10000))
|
|
||||||
{
|
|
||||||
myDBGContext.EFlags = myDBGContext.EFlags ^ 0x10000;
|
|
||||||
}
|
|
||||||
SetThreadContext(hActiveThread, &myDBGContext);
|
SetThreadContext(hActiveThread, &myDBGContext);
|
||||||
EngineCloseHandle(hActiveThread);
|
EngineCloseHandle(hActiveThread);
|
||||||
hListThreadPtr = (PTHREAD_ITEM_DATA)((ULONG_PTR)hListThreadPtr + sizeof THREAD_ITEM_DATA);
|
|
||||||
}
|
}
|
||||||
ContinueDebugEvent(DBGEvent.dwProcessId, DBGEvent.dwThreadId, DBG_CONTINUE);
|
ContinueDebugEvent(DBGEvent.dwProcessId, DBGEvent.dwThreadId, DBG_CONTINUE);
|
||||||
ThreaderResumeProcess();
|
ThreaderResumeProcess();
|
||||||
return(DetachDebugger(ProcessId));
|
return DetachDebugger(ProcessId);
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
__declspec(dllexport) void TITCALL AutoDebugEx(char* szFileName, bool ReserveModuleBase, char* szCommandLine, char* szCurrentFolder, DWORD TimeOut, LPVOID EntryCallBack)
|
__declspec(dllexport) void TITCALL AutoDebugEx(char* szFileName, bool ReserveModuleBase, char* szCommandLine, char* szCurrentFolder, DWORD TimeOut, LPVOID EntryCallBack)
|
||||||
|
|
|
||||||
|
|
@ -28,22 +28,14 @@ static bool ProcessHookScanAddNewHook(PHOOK_ENTRY HookDetails, void* ptrOriginal
|
||||||
// Global.Engine.Hook.functions:
|
// Global.Engine.Hook.functions:
|
||||||
__declspec(dllexport) bool TITCALL HooksSafeTransitionEx(LPVOID HookAddressArray, int NumberOfHooks, bool TransitionStart)
|
__declspec(dllexport) bool TITCALL HooksSafeTransitionEx(LPVOID HookAddressArray, int NumberOfHooks, bool TransitionStart)
|
||||||
{
|
{
|
||||||
|
if(dbgProcessInformation.hProcess == NULL) //TODO: check
|
||||||
int i;
|
|
||||||
ULONG_PTR CurrentIP;
|
|
||||||
ULONG_PTR HookAddress;
|
|
||||||
PTHREAD_ITEM_DATA hListThreadPtr = (PTHREAD_ITEM_DATA)hListThread;
|
|
||||||
PMEMORY_COMPARE_HANDLER myHookAddressArray;
|
|
||||||
|
|
||||||
if(dbgProcessInformation.hProcess == NULL)
|
|
||||||
{
|
{
|
||||||
if(!TransitionStart || ThreaderImportRunningThreadData(GetCurrentProcessId()))
|
if(!TransitionStart || ThreaderImportRunningThreadData(GetCurrentProcessId()))
|
||||||
{
|
{
|
||||||
hListThreadPtr = (PTHREAD_ITEM_DATA)hListThread;
|
int threadcount=hListThread.size();
|
||||||
if(hListThreadPtr != NULL)
|
for(int i=0; i<threadcount; i++)
|
||||||
{
|
|
||||||
while(hListThreadPtr->hThread != NULL)
|
|
||||||
{
|
{
|
||||||
|
PTHREAD_ITEM_DATA hListThreadPtr=&hListThread.at(i);
|
||||||
if(hListThreadPtr->hThread != INVALID_HANDLE_VALUE)
|
if(hListThreadPtr->hThread != INVALID_HANDLE_VALUE)
|
||||||
{
|
{
|
||||||
if(TransitionStart)
|
if(TransitionStart)
|
||||||
|
|
@ -51,15 +43,15 @@ __declspec(dllexport) bool TITCALL HooksSafeTransitionEx(LPVOID HookAddressArray
|
||||||
if(hListThreadPtr->dwThreadId != GetCurrentThreadId())
|
if(hListThreadPtr->dwThreadId != GetCurrentThreadId())
|
||||||
{
|
{
|
||||||
SuspendThread(hListThreadPtr->hThread);
|
SuspendThread(hListThreadPtr->hThread);
|
||||||
CurrentIP = (ULONG_PTR)GetContextDataEx(hListThreadPtr->hThread, UE_CIP);
|
ULONG_PTR CurrentIP = (ULONG_PTR)GetContextDataEx(hListThreadPtr->hThread, UE_CIP);
|
||||||
myHookAddressArray = (PMEMORY_COMPARE_HANDLER)HookAddressArray;
|
PMEMORY_COMPARE_HANDLER myHookAddressArray = (PMEMORY_COMPARE_HANDLER)HookAddressArray;
|
||||||
for(i = 0; i < NumberOfHooks; i++)
|
for(int j=0; j<NumberOfHooks; j++)
|
||||||
{
|
{
|
||||||
#if defined (_WIN64)
|
#if defined (_WIN64)
|
||||||
HookAddress = (ULONG_PTR)myHookAddressArray->Array.qwArrayEntry[0];
|
ULONG_PTR HookAddress = (ULONG_PTR)myHookAddressArray->Array.qwArrayEntry[0];
|
||||||
myHookAddressArray = (PMEMORY_COMPARE_HANDLER)((ULONG_PTR)myHookAddressArray + sizeof ULONG_PTR);
|
myHookAddressArray = (PMEMORY_COMPARE_HANDLER)((ULONG_PTR)myHookAddressArray + sizeof ULONG_PTR);
|
||||||
#else
|
#else
|
||||||
HookAddress = (ULONG_PTR)myHookAddressArray->Array.dwArrayEntry[0];
|
ULONG_PTR HookAddress = (ULONG_PTR)myHookAddressArray->Array.dwArrayEntry[0];
|
||||||
myHookAddressArray = (PMEMORY_COMPARE_HANDLER)((ULONG_PTR)myHookAddressArray + sizeof ULONG_PTR);
|
myHookAddressArray = (PMEMORY_COMPARE_HANDLER)((ULONG_PTR)myHookAddressArray + sizeof ULONG_PTR);
|
||||||
#endif
|
#endif
|
||||||
while(CurrentIP >= (ULONG_PTR)HookAddress && CurrentIP <= (ULONG_PTR)HookAddress + 5)
|
while(CurrentIP >= (ULONG_PTR)HookAddress && CurrentIP <= (ULONG_PTR)HookAddress + 5)
|
||||||
|
|
@ -68,7 +60,7 @@ __declspec(dllexport) bool TITCALL HooksSafeTransitionEx(LPVOID HookAddressArray
|
||||||
Sleep(5);
|
Sleep(5);
|
||||||
SuspendThread(hListThreadPtr->hThread);
|
SuspendThread(hListThreadPtr->hThread);
|
||||||
CurrentIP = (ULONG_PTR)GetContextDataEx(hListThreadPtr->hThread, UE_CIP);
|
CurrentIP = (ULONG_PTR)GetContextDataEx(hListThreadPtr->hThread, UE_CIP);
|
||||||
i = 0;
|
j = 0;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -79,16 +71,9 @@ __declspec(dllexport) bool TITCALL HooksSafeTransitionEx(LPVOID HookAddressArray
|
||||||
EngineCloseHandle(hListThreadPtr->hThread);
|
EngineCloseHandle(hListThreadPtr->hThread);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
hListThreadPtr = (PTHREAD_ITEM_DATA)((ULONG_PTR)hListThreadPtr + sizeof THREAD_ITEM_DATA);
|
|
||||||
}
|
|
||||||
if(!TransitionStart)
|
|
||||||
{
|
|
||||||
VirtualFree(hListThread, NULL, MEM_RELEASE);
|
|
||||||
hListThread = NULL;
|
|
||||||
}
|
}
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
}
|
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
return false;
|
return false;
|
||||||
|
|
|
||||||
|
|
@ -9,24 +9,12 @@
|
||||||
// TitanEngine.Threader.functions:
|
// TitanEngine.Threader.functions:
|
||||||
__declspec(dllexport) bool TITCALL ThreaderImportRunningThreadData(DWORD ProcessId)
|
__declspec(dllexport) bool TITCALL ThreaderImportRunningThreadData(DWORD ProcessId)
|
||||||
{
|
{
|
||||||
|
if(dbgProcessInformation.hProcess != NULL || ProcessId == NULL)
|
||||||
HANDLE hSnapShot;
|
return false;
|
||||||
|
std::vector<THREAD_ITEM_DATA>().swap(hListThread); //clear thread list
|
||||||
THREADENTRY32 ThreadEntry = {};
|
THREADENTRY32 ThreadEntry = {};
|
||||||
PTHREAD_ITEM_DATA hListThreadPtr = NULL;
|
|
||||||
|
|
||||||
if(dbgProcessInformation.hProcess == NULL && ProcessId != NULL)
|
|
||||||
{
|
|
||||||
if(hListThread == NULL)
|
|
||||||
{
|
|
||||||
hListThread = VirtualAlloc(NULL, MAX_DEBUG_DATA * sizeof THREAD_ITEM_DATA, MEM_COMMIT, PAGE_READWRITE);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
RtlZeroMemory(hListThread, MAX_DEBUG_DATA * sizeof THREAD_ITEM_DATA);
|
|
||||||
}
|
|
||||||
ThreadEntry.dwSize = sizeof THREADENTRY32;
|
ThreadEntry.dwSize = sizeof THREADENTRY32;
|
||||||
hListThreadPtr = (PTHREAD_ITEM_DATA)hListThread;
|
HANDLE hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, ProcessId);
|
||||||
hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, ProcessId);
|
|
||||||
if(hSnapShot != INVALID_HANDLE_VALUE)
|
if(hSnapShot != INVALID_HANDLE_VALUE)
|
||||||
{
|
{
|
||||||
if(Thread32First(hSnapShot, &ThreadEntry))
|
if(Thread32First(hSnapShot, &ThreadEntry))
|
||||||
|
|
@ -35,9 +23,11 @@ __declspec(dllexport) bool TITCALL ThreaderImportRunningThreadData(DWORD Process
|
||||||
{
|
{
|
||||||
if(ThreadEntry.th32OwnerProcessID == ProcessId)
|
if(ThreadEntry.th32OwnerProcessID == ProcessId)
|
||||||
{
|
{
|
||||||
hListThreadPtr->dwThreadId = ThreadEntry.th32ThreadID;
|
THREAD_ITEM_DATA NewThreadData;
|
||||||
hListThreadPtr->hThread = OpenThread(THREAD_GET_CONTEXT|THREAD_SET_CONTEXT|THREAD_QUERY_INFORMATION|THREAD_SUSPEND_RESUME, false, hListThreadPtr->dwThreadId);
|
memset(&NewThreadData, 0, sizeof(THREAD_ITEM_DATA));
|
||||||
hListThreadPtr = (PTHREAD_ITEM_DATA)((ULONG_PTR)hListThreadPtr + sizeof THREAD_ITEM_DATA);
|
NewThreadData.dwThreadId = ThreadEntry.th32ThreadID;
|
||||||
|
NewThreadData.hThread = OpenThread(THREAD_ALL_ACCESS, false, NewThreadData.dwThreadId);
|
||||||
|
hListThread.push_back(NewThreadData);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
while(Thread32Next(hSnapShot, &ThreadEntry));
|
while(Thread32Next(hSnapShot, &ThreadEntry));
|
||||||
|
|
@ -45,329 +35,175 @@ __declspec(dllexport) bool TITCALL ThreaderImportRunningThreadData(DWORD Process
|
||||||
EngineCloseHandle(hSnapShot);
|
EngineCloseHandle(hSnapShot);
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
}
|
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
__declspec(dllexport) void* TITCALL ThreaderGetThreadInfo(HANDLE hThread, DWORD ThreadId)
|
__declspec(dllexport) void* TITCALL ThreaderGetThreadInfo(HANDLE hThread, DWORD ThreadId)
|
||||||
{
|
{
|
||||||
|
if(!hThread && !ThreadId)
|
||||||
|
return NULL;
|
||||||
|
static THREAD_ITEM_DATA ThreadData;
|
||||||
|
memset(&ThreadData, 0, sizeof(THREAD_ITEM_DATA));
|
||||||
|
int threadcount=hListThread.size();
|
||||||
|
for(int i=0; i<threadcount; i++)
|
||||||
|
if(hListThread.at(i).hThread == hThread || hListThread.at(i).dwThreadId == ThreadId)
|
||||||
|
{
|
||||||
|
memcpy(&ThreadData, &hListThread.at(i), sizeof(THREAD_ITEM_DATA));
|
||||||
|
return &ThreadData;
|
||||||
|
}
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
PTHREAD_ITEM_DATA hListThreadPtr = (PTHREAD_ITEM_DATA)hListThread;
|
|
||||||
|
|
||||||
if(hListThreadPtr != NULL)
|
|
||||||
{
|
|
||||||
if(hThread != NULL)
|
|
||||||
{
|
|
||||||
while(hListThreadPtr->hThread != NULL && hListThreadPtr->hThread != hThread)
|
|
||||||
{
|
|
||||||
hListThreadPtr = (PTHREAD_ITEM_DATA)((ULONG_PTR)hListThreadPtr + sizeof THREAD_ITEM_DATA);
|
|
||||||
}
|
|
||||||
if(hListThreadPtr->hThread == hThread)
|
|
||||||
{
|
|
||||||
return((void*)hListThreadPtr);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else if(ThreadId != NULL)
|
|
||||||
{
|
|
||||||
while(hListThreadPtr->hThread != NULL && hListThreadPtr->dwThreadId != ThreadId)
|
|
||||||
{
|
|
||||||
hListThreadPtr = (PTHREAD_ITEM_DATA)((ULONG_PTR)hListThreadPtr + sizeof THREAD_ITEM_DATA);
|
|
||||||
}
|
|
||||||
if(hListThreadPtr->dwThreadId == ThreadId)
|
|
||||||
{
|
|
||||||
return((void*)hListThreadPtr);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return(NULL);
|
|
||||||
}
|
|
||||||
__declspec(dllexport) void TITCALL ThreaderEnumThreadInfo(void* EnumCallBack)
|
__declspec(dllexport) void TITCALL ThreaderEnumThreadInfo(void* EnumCallBack)
|
||||||
{
|
{
|
||||||
|
|
||||||
PTHREAD_ITEM_DATA hListThreadPtr = (PTHREAD_ITEM_DATA)hListThread;
|
|
||||||
typedef void(TITCALL *fEnumCallBack)(LPVOID fThreadDetail);
|
typedef void(TITCALL *fEnumCallBack)(LPVOID fThreadDetail);
|
||||||
fEnumCallBack myEnumCallBack = (fEnumCallBack)EnumCallBack;
|
fEnumCallBack myEnumCallBack = (fEnumCallBack)EnumCallBack;
|
||||||
|
int threadcount=hListThread.size();
|
||||||
if(hListThreadPtr != NULL)
|
for(int i=0; i<threadcount; i++)
|
||||||
{
|
|
||||||
while(EnumCallBack != NULL && hListThreadPtr->hThread != NULL)
|
|
||||||
{
|
|
||||||
if(hListThreadPtr->hThread != NULL)
|
|
||||||
{
|
{
|
||||||
__try
|
__try
|
||||||
{
|
{
|
||||||
myEnumCallBack((void*)hListThreadPtr);
|
myEnumCallBack(&hListThread.at(i));
|
||||||
}
|
}
|
||||||
__except(EXCEPTION_EXECUTE_HANDLER)
|
__except(EXCEPTION_EXECUTE_HANDLER)
|
||||||
{
|
{
|
||||||
EnumCallBack = NULL;
|
break;
|
||||||
}
|
|
||||||
}
|
|
||||||
hListThreadPtr = (PTHREAD_ITEM_DATA)((ULONG_PTR)hListThreadPtr + sizeof THREAD_ITEM_DATA);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
__declspec(dllexport) bool TITCALL ThreaderPauseThread(HANDLE hThread)
|
__declspec(dllexport) bool TITCALL ThreaderPauseThread(HANDLE hThread)
|
||||||
{
|
{
|
||||||
|
int threadcount=hListThread.size();
|
||||||
PTHREAD_ITEM_DATA hListThreadPtr = (PTHREAD_ITEM_DATA)hListThread;
|
for(int i=0; i<threadcount; i++)
|
||||||
|
if(hListThread.at(i).hThread == hThread && SuspendThread(hThread) != -1)
|
||||||
if(hListThreadPtr != NULL)
|
|
||||||
{
|
|
||||||
if(hThread != NULL)
|
|
||||||
{
|
|
||||||
while(hListThreadPtr->hThread != NULL && hListThreadPtr->hThread != hThread)
|
|
||||||
{
|
|
||||||
hListThreadPtr = (PTHREAD_ITEM_DATA)((ULONG_PTR)hListThreadPtr + sizeof THREAD_ITEM_DATA);
|
|
||||||
}
|
|
||||||
if(hListThreadPtr->hThread == hThread)
|
|
||||||
{
|
|
||||||
if(SuspendThread(hThread) != -1)
|
|
||||||
{
|
|
||||||
return true;
|
return true;
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
__declspec(dllexport) bool TITCALL ThreaderResumeThread(HANDLE hThread)
|
__declspec(dllexport) bool TITCALL ThreaderResumeThread(HANDLE hThread)
|
||||||
{
|
{
|
||||||
|
int threadcount=hListThread.size();
|
||||||
PTHREAD_ITEM_DATA hListThreadPtr = (PTHREAD_ITEM_DATA)hListThread;
|
for(int i=0; i<threadcount; i++)
|
||||||
|
if(hListThread.at(i).hThread == hThread && ResumeThread(hThread) != -1)
|
||||||
if(hListThreadPtr != NULL)
|
|
||||||
{
|
|
||||||
if(hThread != NULL)
|
|
||||||
{
|
|
||||||
while(hListThreadPtr->hThread != NULL && hListThreadPtr->hThread != hThread)
|
|
||||||
{
|
|
||||||
hListThreadPtr = (PTHREAD_ITEM_DATA)((ULONG_PTR)hListThreadPtr + sizeof THREAD_ITEM_DATA);
|
|
||||||
}
|
|
||||||
if(hListThreadPtr->hThread == hThread)
|
|
||||||
{
|
|
||||||
if(ResumeThread(hThread) != -1)
|
|
||||||
{
|
|
||||||
return true;
|
return true;
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
__declspec(dllexport) bool TITCALL ThreaderTerminateThread(HANDLE hThread, DWORD ThreadExitCode)
|
__declspec(dllexport) bool TITCALL ThreaderTerminateThread(HANDLE hThread, DWORD ThreadExitCode)
|
||||||
{
|
{
|
||||||
|
int threadcount=hListThread.size();
|
||||||
PTHREAD_ITEM_DATA hListThreadPtr = (PTHREAD_ITEM_DATA)hListThread;
|
for(int i=0; i<threadcount; i++)
|
||||||
|
if(hListThread.at(i).hThread == hThread && TerminateThread(hThread, ThreadExitCode) != NULL)
|
||||||
if(hListThreadPtr != NULL)
|
|
||||||
{
|
{
|
||||||
if(hThread != NULL)
|
hListThread.erase(hListThread.begin()+i);
|
||||||
{
|
|
||||||
while(hListThreadPtr->hThread != NULL && hListThreadPtr->hThread != hThread)
|
|
||||||
{
|
|
||||||
hListThreadPtr = (PTHREAD_ITEM_DATA)((ULONG_PTR)hListThreadPtr + sizeof THREAD_ITEM_DATA);
|
|
||||||
}
|
|
||||||
if(hListThreadPtr->hThread == hThread)
|
|
||||||
{
|
|
||||||
if(TerminateThread(hThread, ThreadExitCode) != NULL)
|
|
||||||
{
|
|
||||||
hListThreadPtr->hThread = (HANDLE)-1;
|
|
||||||
hListThreadPtr->dwThreadId = NULL;
|
|
||||||
hListThreadPtr->ThreadLocalBase = NULL;
|
|
||||||
hListThreadPtr->ThreadStartAddress = NULL;
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
else
|
|
||||||
{
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
__declspec(dllexport) bool TITCALL ThreaderPauseAllThreads(bool LeaveMainRunning)
|
__declspec(dllexport) bool TITCALL ThreaderPauseAllThreads(bool LeaveMainRunning)
|
||||||
{
|
{
|
||||||
|
bool ret=true;
|
||||||
PTHREAD_ITEM_DATA hListThreadPtr = (PTHREAD_ITEM_DATA)hListThread;
|
int threadcount=hListThread.size();
|
||||||
|
for(int i=0; i<threadcount; i++)
|
||||||
if(hListThreadPtr != NULL)
|
|
||||||
{
|
{
|
||||||
while(hListThreadPtr->hThread != NULL)
|
DWORD suspended;
|
||||||
{
|
if(LeaveMainRunning && hListThread.at(i).hThread != dbgProcessInformation.hThread)
|
||||||
if(LeaveMainRunning)
|
suspended=SuspendThread(hListThread.at(i).hThread);
|
||||||
{
|
|
||||||
if(hListThreadPtr->hThread != dbgProcessInformation.hThread)
|
|
||||||
{
|
|
||||||
SuspendThread((HANDLE)hListThreadPtr->hThread);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else
|
else
|
||||||
{
|
suspended=SuspendThread(hListThread.at(i).hThread);
|
||||||
SuspendThread(hListThreadPtr->hThread);
|
if(suspended==-1)
|
||||||
|
ret=false;
|
||||||
}
|
}
|
||||||
hListThreadPtr = (PTHREAD_ITEM_DATA)((ULONG_PTR)hListThreadPtr + sizeof THREAD_ITEM_DATA);
|
return ret;
|
||||||
}
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
return false;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
__declspec(dllexport) bool TITCALL ThreaderResumeAllThreads(bool LeaveMainPaused)
|
__declspec(dllexport) bool TITCALL ThreaderResumeAllThreads(bool LeaveMainPaused)
|
||||||
{
|
{
|
||||||
|
bool ret=true;
|
||||||
PTHREAD_ITEM_DATA hListThreadPtr = (PTHREAD_ITEM_DATA)hListThread;
|
int threadcount=hListThread.size();
|
||||||
|
for(int i=0; i<threadcount; i++)
|
||||||
if(hListThreadPtr != NULL)
|
|
||||||
{
|
{
|
||||||
while(hListThreadPtr->hThread != NULL)
|
DWORD resumed;
|
||||||
{
|
if(LeaveMainPaused && hListThread.at(i).hThread != dbgProcessInformation.hThread)
|
||||||
if(LeaveMainPaused)
|
resumed=ResumeThread(hListThread.at(i).hThread);
|
||||||
{
|
|
||||||
if(hListThreadPtr->hThread != dbgProcessInformation.hThread)
|
|
||||||
{
|
|
||||||
ResumeThread(hListThreadPtr->hThread);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else
|
else
|
||||||
{
|
resumed=ResumeThread(hListThread.at(i).hThread);
|
||||||
ResumeThread(hListThreadPtr->hThread);
|
if(resumed==-1)
|
||||||
|
ret=false;
|
||||||
}
|
}
|
||||||
hListThreadPtr = (PTHREAD_ITEM_DATA)((ULONG_PTR)hListThreadPtr + sizeof THREAD_ITEM_DATA);
|
return ret;
|
||||||
}
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
return false;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
__declspec(dllexport) bool TITCALL ThreaderPauseProcess()
|
__declspec(dllexport) bool TITCALL ThreaderPauseProcess()
|
||||||
{
|
{
|
||||||
return(ThreaderPauseAllThreads(false));
|
return ThreaderPauseAllThreads(false);
|
||||||
}
|
}
|
||||||
|
|
||||||
__declspec(dllexport) bool TITCALL ThreaderResumeProcess()
|
__declspec(dllexport) bool TITCALL ThreaderResumeProcess()
|
||||||
{
|
{
|
||||||
return(ThreaderResumeAllThreads(false));
|
return ThreaderResumeAllThreads(false);
|
||||||
}
|
}
|
||||||
|
|
||||||
__declspec(dllexport) long long TITCALL ThreaderCreateRemoteThread(ULONG_PTR ThreadStartAddress, bool AutoCloseTheHandle, LPVOID ThreadPassParameter, LPDWORD ThreadId)
|
__declspec(dllexport) long long TITCALL ThreaderCreateRemoteThread(ULONG_PTR ThreadStartAddress, bool AutoCloseTheHandle, LPVOID ThreadPassParameter, LPDWORD ThreadId)
|
||||||
{
|
{
|
||||||
|
return ThreaderCreateRemoteThreadEx(dbgProcessInformation.hProcess, ThreadStartAddress, AutoCloseTheHandle, ThreadPassParameter, ThreadId);
|
||||||
|
}
|
||||||
|
|
||||||
HANDLE myThread;
|
|
||||||
|
|
||||||
if(dbgProcessInformation.hProcess != NULL)
|
|
||||||
{
|
|
||||||
if(!AutoCloseTheHandle)
|
|
||||||
{
|
|
||||||
return((ULONG_PTR)CreateRemoteThread(dbgProcessInformation.hProcess, NULL, NULL, (LPTHREAD_START_ROUTINE)ThreadStartAddress, ThreadPassParameter, NULL, ThreadId));
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
myThread = CreateRemoteThread(dbgProcessInformation.hProcess, NULL, NULL, (LPTHREAD_START_ROUTINE)ThreadStartAddress, ThreadPassParameter, NULL, ThreadId);
|
|
||||||
EngineCloseHandle(myThread);
|
|
||||||
return(NULL);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return(NULL);
|
|
||||||
}
|
|
||||||
__declspec(dllexport) bool TITCALL ThreaderInjectAndExecuteCode(LPVOID InjectCode, DWORD StartDelta, DWORD InjectSize)
|
__declspec(dllexport) bool TITCALL ThreaderInjectAndExecuteCode(LPVOID InjectCode, DWORD StartDelta, DWORD InjectSize)
|
||||||
{
|
{
|
||||||
|
return ThreaderInjectAndExecuteCodeEx(dbgProcessInformation.hProcess, InjectCode, StartDelta, InjectSize);
|
||||||
|
}
|
||||||
|
|
||||||
LPVOID ThreadBase = 0;
|
|
||||||
ULONG_PTR ueNumberOfBytesRead = 0;
|
|
||||||
|
|
||||||
if(dbgProcessInformation.hProcess != NULL)
|
|
||||||
{
|
|
||||||
ThreadBase = VirtualAllocEx(dbgProcessInformation.hProcess, NULL, InjectSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
|
|
||||||
if(WriteProcessMemory(dbgProcessInformation.hProcess, ThreadBase, InjectCode, InjectSize, &ueNumberOfBytesRead))
|
|
||||||
{
|
|
||||||
ThreaderCreateRemoteThread((ULONG_PTR)((ULONG_PTR)InjectCode + StartDelta), true, NULL, NULL);
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
__declspec(dllexport) long long TITCALL ThreaderCreateRemoteThreadEx(HANDLE hProcess, ULONG_PTR ThreadStartAddress, bool AutoCloseTheHandle, LPVOID ThreadPassParameter, LPDWORD ThreadId)
|
__declspec(dllexport) long long TITCALL ThreaderCreateRemoteThreadEx(HANDLE hProcess, ULONG_PTR ThreadStartAddress, bool AutoCloseTheHandle, LPVOID ThreadPassParameter, LPDWORD ThreadId)
|
||||||
{
|
{
|
||||||
|
|
||||||
HANDLE myThread;
|
|
||||||
|
|
||||||
if(hProcess != NULL)
|
if(hProcess != NULL)
|
||||||
{
|
{
|
||||||
if(!AutoCloseTheHandle)
|
if(!AutoCloseTheHandle)
|
||||||
{
|
{
|
||||||
return((ULONG_PTR)CreateRemoteThread(hProcess, NULL, NULL, (LPTHREAD_START_ROUTINE)ThreadStartAddress, ThreadPassParameter, NULL, ThreadId));
|
return (ULONG_PTR)CreateRemoteThread(hProcess, NULL, NULL, (LPTHREAD_START_ROUTINE)ThreadStartAddress, ThreadPassParameter, NULL, ThreadId);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
myThread = CreateRemoteThread(hProcess, NULL, NULL, (LPTHREAD_START_ROUTINE)ThreadStartAddress, ThreadPassParameter, NULL, ThreadId);
|
HANDLE myThread = CreateRemoteThread(hProcess, NULL, NULL, (LPTHREAD_START_ROUTINE)ThreadStartAddress, ThreadPassParameter, NULL, ThreadId);
|
||||||
EngineCloseHandle(myThread);
|
EngineCloseHandle(myThread);
|
||||||
return(NULL);
|
return NULL;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return(NULL);
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
__declspec(dllexport) bool TITCALL ThreaderInjectAndExecuteCodeEx(HANDLE hProcess, LPVOID InjectCode, DWORD StartDelta, DWORD InjectSize)
|
__declspec(dllexport) bool TITCALL ThreaderInjectAndExecuteCodeEx(HANDLE hProcess, LPVOID InjectCode, DWORD StartDelta, DWORD InjectSize)
|
||||||
{
|
{
|
||||||
|
|
||||||
LPVOID ThreadBase = 0;
|
|
||||||
ULONG_PTR ueNumberOfBytesRead = 0;
|
|
||||||
|
|
||||||
if(hProcess != NULL)
|
if(hProcess != NULL)
|
||||||
{
|
{
|
||||||
ThreadBase = VirtualAllocEx(hProcess, NULL, InjectSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
|
LPVOID ThreadBase = VirtualAllocEx(hProcess, NULL, InjectSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
|
||||||
|
ULONG_PTR ueNumberOfBytesRead = 0;
|
||||||
if(WriteProcessMemory(hProcess, ThreadBase, InjectCode, InjectSize, &ueNumberOfBytesRead))
|
if(WriteProcessMemory(hProcess, ThreadBase, InjectCode, InjectSize, &ueNumberOfBytesRead))
|
||||||
{
|
{
|
||||||
ThreaderCreateRemoteThread((ULONG_PTR)((ULONG_PTR)InjectCode + StartDelta), true, NULL, NULL);
|
ThreaderCreateRemoteThread((ULONG_PTR)((ULONG_PTR)InjectCode + StartDelta), true, NULL, NULL);
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
__declspec(dllexport) void TITCALL ThreaderSetCallBackForNextExitThreadEvent(LPVOID exitThreadCallBack)
|
__declspec(dllexport) void TITCALL ThreaderSetCallBackForNextExitThreadEvent(LPVOID exitThreadCallBack)
|
||||||
{
|
{
|
||||||
engineExitThreadOneShootCallBack = exitThreadCallBack;
|
engineExitThreadOneShootCallBack = exitThreadCallBack;
|
||||||
}
|
}
|
||||||
|
|
||||||
__declspec(dllexport) bool TITCALL ThreaderIsThreadStillRunning(HANDLE hThread)
|
__declspec(dllexport) bool TITCALL ThreaderIsThreadStillRunning(HANDLE hThread)
|
||||||
{
|
{
|
||||||
|
|
||||||
CONTEXT myDBGContext;
|
CONTEXT myDBGContext;
|
||||||
|
memset(&myDBGContext, 0, sizeof(CONTEXT));
|
||||||
RtlZeroMemory(&myDBGContext, sizeof CONTEXT);
|
|
||||||
myDBGContext.ContextFlags = CONTEXT_ALL;
|
myDBGContext.ContextFlags = CONTEXT_ALL;
|
||||||
if(GetThreadContext(hThread, &myDBGContext))
|
return GetThreadContext(hThread, &myDBGContext);
|
||||||
{
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
__declspec(dllexport) bool TITCALL ThreaderIsThreadActive(HANDLE hThread)
|
__declspec(dllexport) bool TITCALL ThreaderIsThreadActive(HANDLE hThread)
|
||||||
{
|
{
|
||||||
if(SuspendThread(hThread)) //if previous suspend count is above 0 (which means thread is suspended)
|
if(SuspendThread(hThread)) //if previous suspend count is above 0 (which means thread is suspended)
|
||||||
|
|
@ -377,30 +213,18 @@ __declspec(dllexport) bool TITCALL ThreaderIsThreadActive(HANDLE hThread)
|
||||||
}
|
}
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
__declspec(dllexport) bool TITCALL ThreaderIsAnyThreadActive()
|
__declspec(dllexport) bool TITCALL ThreaderIsAnyThreadActive()
|
||||||
{
|
{
|
||||||
|
int threadcount=hListThread.size();
|
||||||
PTHREAD_ITEM_DATA hListThreadPtr = (PTHREAD_ITEM_DATA)hListThread;
|
for(int i=0; i<threadcount; i++)
|
||||||
|
if(ThreaderIsThreadActive(hListThread.at(i).hThread))
|
||||||
if(hListThreadPtr != NULL)
|
|
||||||
{
|
|
||||||
while(hListThreadPtr->hThread != NULL)
|
|
||||||
{
|
|
||||||
if(hListThreadPtr->hThread != (HANDLE)-1)
|
|
||||||
{
|
|
||||||
if(ThreaderIsThreadActive(hListThreadPtr->hThread))
|
|
||||||
{
|
|
||||||
return true;
|
return true;
|
||||||
}
|
|
||||||
}
|
|
||||||
hListThreadPtr = (PTHREAD_ITEM_DATA)((ULONG_PTR)hListThreadPtr + sizeof THREAD_ITEM_DATA);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
__declspec(dllexport) bool TITCALL ThreaderExecuteOnlyInjectedThreads()
|
__declspec(dllexport) bool TITCALL ThreaderExecuteOnlyInjectedThreads()
|
||||||
{
|
{
|
||||||
|
|
||||||
if(ThreaderPauseProcess())
|
if(ThreaderPauseProcess())
|
||||||
{
|
{
|
||||||
engineResumeProcessIfNoThreadIsActive = true;
|
engineResumeProcessIfNoThreadIsActive = true;
|
||||||
|
|
@ -408,37 +232,19 @@ __declspec(dllexport) bool TITCALL ThreaderExecuteOnlyInjectedThreads()
|
||||||
}
|
}
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
__declspec(dllexport) long long TITCALL ThreaderGetOpenHandleForThread(DWORD ThreadId)
|
__declspec(dllexport) long long TITCALL ThreaderGetOpenHandleForThread(DWORD ThreadId)
|
||||||
{
|
{
|
||||||
|
int threadcount=hListThread.size();
|
||||||
|
for(int i=0; i<threadcount; i++)
|
||||||
|
if(hListThread.at(i).dwThreadId == ThreadId)
|
||||||
|
return (ULONG_PTR)hListThread.at(i).hThread;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
PTHREAD_ITEM_DATA hListThreadPtr = (PTHREAD_ITEM_DATA)hListThread;
|
|
||||||
|
|
||||||
if(hListThread != NULL)
|
|
||||||
{
|
|
||||||
while(hListThreadPtr->hThread != NULL)
|
|
||||||
{
|
|
||||||
if(hListThreadPtr->hThread != (HANDLE)-1 && hListThreadPtr->dwThreadId == ThreadId)
|
|
||||||
{
|
|
||||||
return((ULONG_PTR)hListThreadPtr->hThread);
|
|
||||||
}
|
|
||||||
hListThreadPtr = (PTHREAD_ITEM_DATA)((ULONG_PTR)hListThreadPtr + sizeof THREAD_ITEM_DATA);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return(NULL);
|
|
||||||
}
|
|
||||||
__declspec(dllexport) void* TITCALL ThreaderGetThreadData()
|
|
||||||
{
|
|
||||||
return(hListThread);
|
|
||||||
}
|
|
||||||
__declspec(dllexport) bool TITCALL ThreaderIsExceptionInMainThread()
|
__declspec(dllexport) bool TITCALL ThreaderIsExceptionInMainThread()
|
||||||
{
|
{
|
||||||
|
|
||||||
LPDEBUG_EVENT myDBGEvent;
|
LPDEBUG_EVENT myDBGEvent;
|
||||||
|
|
||||||
myDBGEvent = (LPDEBUG_EVENT)GetDebugData();
|
myDBGEvent = (LPDEBUG_EVENT)GetDebugData();
|
||||||
if(myDBGEvent->dwThreadId == dbgProcessInformation.dwThreadId)
|
return (myDBGEvent->dwThreadId == dbgProcessInformation.dwThreadId);
|
||||||
{
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
return false;
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -139,6 +139,7 @@
|
||||||
<Unit filename="aplib.h" />
|
<Unit filename="aplib.h" />
|
||||||
<Unit filename="definitions.h" />
|
<Unit filename="definitions.h" />
|
||||||
<Unit filename="distorm.h" />
|
<Unit filename="distorm.h" />
|
||||||
|
<Unit filename="ntdll.h" />
|
||||||
<Unit filename="resource.h" />
|
<Unit filename="resource.h" />
|
||||||
<Unit filename="scylla_wrapper.h" />
|
<Unit filename="scylla_wrapper.h" />
|
||||||
<Unit filename="stdafx.cpp" />
|
<Unit filename="stdafx.cpp" />
|
||||||
|
|
|
||||||
|
|
@ -324,7 +324,6 @@ ThreaderIsThreadActive
|
||||||
ThreaderIsAnyThreadActive
|
ThreaderIsAnyThreadActive
|
||||||
ThreaderExecuteOnlyInjectedThreads
|
ThreaderExecuteOnlyInjectedThreads
|
||||||
ThreaderGetOpenHandleForThread
|
ThreaderGetOpenHandleForThread
|
||||||
ThreaderGetThreadData
|
|
||||||
StaticFileLoad
|
StaticFileLoad
|
||||||
StaticFileLoadW
|
StaticFileLoadW
|
||||||
StaticFileUnload
|
StaticFileUnload
|
||||||
|
|
|
||||||
|
|
@ -145,7 +145,6 @@ __declspec(dllexport) bool TITCALL ThreaderIsThreadActive(HANDLE hThread);
|
||||||
__declspec(dllexport) bool TITCALL ThreaderIsAnyThreadActive();
|
__declspec(dllexport) bool TITCALL ThreaderIsAnyThreadActive();
|
||||||
__declspec(dllexport) bool TITCALL ThreaderExecuteOnlyInjectedThreads();
|
__declspec(dllexport) bool TITCALL ThreaderExecuteOnlyInjectedThreads();
|
||||||
__declspec(dllexport) long long TITCALL ThreaderGetOpenHandleForThread(DWORD ThreadId);
|
__declspec(dllexport) long long TITCALL ThreaderGetOpenHandleForThread(DWORD ThreadId);
|
||||||
__declspec(dllexport) void* TITCALL ThreaderGetThreadData();
|
|
||||||
__declspec(dllexport) bool TITCALL ThreaderIsExceptionInMainThread();
|
__declspec(dllexport) bool TITCALL ThreaderIsExceptionInMainThread();
|
||||||
// TitanEngine.Debugger.functions:
|
// TitanEngine.Debugger.functions:
|
||||||
__declspec(dllexport) void* TITCALL StaticDisassembleEx(ULONG_PTR DisassmStart, LPVOID DisassmAddress);
|
__declspec(dllexport) void* TITCALL StaticDisassembleEx(ULONG_PTR DisassmStart, LPVOID DisassmAddress);
|
||||||
|
|
|
||||||
|
|
@ -8,17 +8,17 @@
|
||||||
#pragma comment(lib, "ntdll_x64.lib")
|
#pragma comment(lib, "ntdll_x64.lib")
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
typedef LONG NTSTATUS;
|
typedef LONG NTSTATUS;
|
||||||
|
|
||||||
typedef struct _UNICODE_STRING {
|
typedef struct _UNICODE_STRING
|
||||||
|
{
|
||||||
USHORT Length;
|
USHORT Length;
|
||||||
USHORT MaximumLength;
|
USHORT MaximumLength;
|
||||||
PWSTR Buffer;
|
PWSTR Buffer;
|
||||||
} UNICODE_STRING, *PUNICODE_STRING;
|
} UNICODE_STRING, *PUNICODE_STRING;
|
||||||
|
|
||||||
typedef struct _PUBLIC_OBJECT_BASIC_INFORMATION {
|
typedef struct _PUBLIC_OBJECT_BASIC_INFORMATION
|
||||||
|
{
|
||||||
ULONG Attributes;
|
ULONG Attributes;
|
||||||
ACCESS_MASK GrantedAccess;
|
ACCESS_MASK GrantedAccess;
|
||||||
ULONG HandleCount;
|
ULONG HandleCount;
|
||||||
|
|
@ -28,7 +28,8 @@ typedef struct _PUBLIC_OBJECT_BASIC_INFORMATION {
|
||||||
|
|
||||||
} PUBLIC_OBJECT_BASIC_INFORMATION, *PPUBLIC_OBJECT_BASIC_INFORMATION;
|
} PUBLIC_OBJECT_BASIC_INFORMATION, *PPUBLIC_OBJECT_BASIC_INFORMATION;
|
||||||
|
|
||||||
typedef struct __PUBLIC_OBJECT_TYPE_INFORMATION {
|
typedef struct __PUBLIC_OBJECT_TYPE_INFORMATION
|
||||||
|
{
|
||||||
|
|
||||||
UNICODE_STRING TypeName;
|
UNICODE_STRING TypeName;
|
||||||
|
|
||||||
|
|
@ -36,7 +37,8 @@ typedef struct __PUBLIC_OBJECT_TYPE_INFORMATION {
|
||||||
|
|
||||||
} PUBLIC_OBJECT_TYPE_INFORMATION, *PPUBLIC_OBJECT_TYPE_INFORMATION;
|
} PUBLIC_OBJECT_TYPE_INFORMATION, *PPUBLIC_OBJECT_TYPE_INFORMATION;
|
||||||
|
|
||||||
typedef struct _PROCESS_BASIC_INFORMATION {
|
typedef struct _PROCESS_BASIC_INFORMATION
|
||||||
|
{
|
||||||
PVOID Reserved1;
|
PVOID Reserved1;
|
||||||
PVOID PebBaseAddress;
|
PVOID PebBaseAddress;
|
||||||
PVOID Reserved2[2];
|
PVOID Reserved2[2];
|
||||||
|
|
@ -45,7 +47,8 @@ typedef struct _PROCESS_BASIC_INFORMATION {
|
||||||
} PROCESS_BASIC_INFORMATION;
|
} PROCESS_BASIC_INFORMATION;
|
||||||
typedef PROCESS_BASIC_INFORMATION *PPROCESS_BASIC_INFORMATION;
|
typedef PROCESS_BASIC_INFORMATION *PPROCESS_BASIC_INFORMATION;
|
||||||
|
|
||||||
typedef enum _PROCESSINFOCLASS {
|
typedef enum _PROCESSINFOCLASS
|
||||||
|
{
|
||||||
ProcessBasicInformation,
|
ProcessBasicInformation,
|
||||||
ProcessQuotaLimits,
|
ProcessQuotaLimits,
|
||||||
ProcessIoCounters,
|
ProcessIoCounters,
|
||||||
|
|
@ -87,7 +90,8 @@ typedef enum _PROCESSINFOCLASS {
|
||||||
MaxProcessInfoClass // MaxProcessInfoClass should always be the last enum
|
MaxProcessInfoClass // MaxProcessInfoClass should always be the last enum
|
||||||
} PROCESSINFOCLASS;
|
} PROCESSINFOCLASS;
|
||||||
|
|
||||||
typedef enum _SYSTEM_INFORMATION_CLASS {
|
typedef enum _SYSTEM_INFORMATION_CLASS
|
||||||
|
{
|
||||||
SystemBasicInformation,
|
SystemBasicInformation,
|
||||||
SystemProcessorInformation, // obsolete...delete
|
SystemProcessorInformation, // obsolete...delete
|
||||||
SystemPerformanceInformation,
|
SystemPerformanceInformation,
|
||||||
|
|
@ -173,7 +177,8 @@ typedef enum _SYSTEM_INFORMATION_CLASS {
|
||||||
MaxSystemInfoClass // MaxSystemInfoClass should always be the last enum
|
MaxSystemInfoClass // MaxSystemInfoClass should always be the last enum
|
||||||
} SYSTEM_INFORMATION_CLASS;
|
} SYSTEM_INFORMATION_CLASS;
|
||||||
|
|
||||||
typedef enum _OBJECT_INFORMATION_CLASS {
|
typedef enum _OBJECT_INFORMATION_CLASS
|
||||||
|
{
|
||||||
ObjectBasicInformation,
|
ObjectBasicInformation,
|
||||||
ObjectNameInformation,
|
ObjectNameInformation,
|
||||||
ObjectTypeInformation,
|
ObjectTypeInformation,
|
||||||
|
|
@ -183,7 +188,8 @@ typedef enum _OBJECT_INFORMATION_CLASS {
|
||||||
MaxObjectInfoClass // MaxObjectInfoClass should always be the last enum
|
MaxObjectInfoClass // MaxObjectInfoClass should always be the last enum
|
||||||
} OBJECT_INFORMATION_CLASS;
|
} OBJECT_INFORMATION_CLASS;
|
||||||
|
|
||||||
typedef enum _THREADINFOCLASS {
|
typedef enum _THREADINFOCLASS
|
||||||
|
{
|
||||||
ThreadBasicInformation,
|
ThreadBasicInformation,
|
||||||
ThreadTimes,
|
ThreadTimes,
|
||||||
ThreadPriority,
|
ThreadPriority,
|
||||||
|
|
|
||||||
|
|
@ -31,6 +31,9 @@
|
||||||
#define MAXIMUM_INSTRUCTION_SIZE (40)
|
#define MAXIMUM_INSTRUCTION_SIZE (40)
|
||||||
#define MAX_RET_SEARCH_INSTRUCTIONS (100)
|
#define MAX_RET_SEARCH_INSTRUCTIONS (100)
|
||||||
|
|
||||||
|
#define UE_TRAP_FLAG (0x100)
|
||||||
|
#define UE_RESUME_FLAG (0x10000)
|
||||||
|
|
||||||
#define UE_OPTION_IMPORTER_REALIGN_LOCAL_APIADDRESS 0
|
#define UE_OPTION_IMPORTER_REALIGN_LOCAL_APIADDRESS 0
|
||||||
#define UE_OPTION_IMPORTER_REALIGN_APIADDRESS 1
|
#define UE_OPTION_IMPORTER_REALIGN_APIADDRESS 1
|
||||||
#define UE_OPTION_IMPORTER_RETURN_APINAME 2 //no kernelbase
|
#define UE_OPTION_IMPORTER_RETURN_APINAME 2 //no kernelbase
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue