x64dbg
/
TitanEngine
mirror of https://github.com/x64dbg/TitanEngine
1
0
Fork 0
Code Releases Activity

- formatting lol 

- rewrote TitanEngine.Threader to use a vector (decreased memory footprint)
- Removed function ThreadGetThreadData
This commit is contained in:
mr.exodia 2014-03-05 17:48:06 +01:00
parent 4dfc0351f7
commit bc7906460c
23 changed files with 1386 additions and 1716 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
SDK/C/TitanEngine.h
View File

@ -639,7 +639,6 @@ __declspec(dllexport) bool TITCALL ThreaderIsThreadActive(HANDLE hThread);
__declspec(dllexport) bool TITCALL ThreaderIsAnyThreadActive();
__declspec(dllexport) bool TITCALL ThreaderExecuteOnlyInjectedThreads();
__declspec(dllexport) long long TITCALL ThreaderGetOpenHandleForThread(DWORD ThreadId);
__declspec(dllexport) void* TITCALL ThreaderGetThreadData();
__declspec(dllexport) bool TITCALL ThreaderIsExceptionInMainThread();
// TitanEngine.Debugger.functions:
__declspec(dllexport) void* TITCALL StaticDisassembleEx(ULONG_PTR DisassmStart, LPVOID DisassmAddress);

1
SDK/CPP/TitanEngine.h
View File

@ -638,7 +638,6 @@ __declspec(dllimport) bool TITCALL ThreaderIsThreadActive(HANDLE hThread);
__declspec(dllimport) bool TITCALL ThreaderIsAnyThreadActive();
__declspec(dllimport) bool TITCALL ThreaderExecuteOnlyInjectedThreads();
__declspec(dllimport) long long TITCALL ThreaderGetOpenHandleForThread(DWORD ThreadId);
__declspec(dllimport) void* TITCALL ThreaderGetThreadData();
__declspec(dllimport) bool TITCALL ThreaderIsExceptionInMainThread();
// TitanEngine.Debugger.functions:
__declspec(dllimport) void* TITCALL StaticDisassembleEx(ULONG_PTR DisassmStart, LPVOID DisassmAddress);

4
SDK/CPP/TitanEngine.hpp
View File

@ -1122,10 +1122,6 @@ public:
{
return UE::ThreaderGetOpenHandleForThread(ThreadId);
}
static const THREAD_ITEM_DATA* GetThreadData()
{
return (const THREAD_ITEM_DATA*)UE::ThreaderGetThreadData();
}
static bool IsExceptionInMainThread()
{
return UE::ThreaderIsExceptionInMainThread();

1
SDK/Delphi/TitanEngine.pas
View File

@ -496,7 +496,6 @@ const
function ThreaderIsAnyThreadActive():boolean; stdcall; external 'TitanEngine.dll' name 'ThreaderIsAnyThreadActive';
function ThreaderExecuteOnlyInjectedThreads():boolean; stdcall; external 'TitanEngine.dll' name 'ThreaderExecuteOnlyInjectedThreads';
function ThreaderGetOpenHandleForThread(ThreadId:LongInt):THandle; stdcall; external 'TitanEngine.dll' name 'ThreaderGetOpenHandleForThread';
function ThreaderGetThreadData():Pointer; stdcall; external 'TitanEngine.dll' name 'ThreaderGetThreadData';
function ThreaderIsExceptionInMainThread():boolean; stdcall; external 'TitanEngine.dll' name 'ThreaderIsExceptionInMainThread';
{TitanEngine.Debugger.functions}
function StaticDisassembleEx(DisassmStart:LongInt; DisassmAddress:Pointer):PAnsiChar; stdcall; external 'TitanEngine.dll' name 'StaticDisassembleEx';

3
SDK/LUA/TitanEngine.lua
View File

@ -747,9 +747,6 @@ PROCESS_INFORMATION = alien.defstruct{
-- __declspec(dllexport) long long __stdcall ThreaderGetOpenHandleForThread(DWORD ThreadId);
TitanEngine.ThreaderGetOpenHandleForThread:types {"long",abi="stdcall",ret="long"}
TE_ThreaderGetOpenHandleForThread = TitanEngine.ThreaderGetOpenHandleForThread
-- __declspec(dllexport) void* __stdcall ThreaderGetThreadData();
TitanEngine.ThreaderGetThreadData:types {abi="stdcall",ret="pointer"}
TE_ThreaderGetThreadData = TitanEngine.ThreaderGetThreadData
-- __declspec(dllexport) bool __stdcall ThreaderIsExceptionInMainThread();
TitanEngine.ThreaderIsExceptionInMainThread:types {abi="stdcall",ret="byte"}
TE_ThreaderIsExceptionInMainThread = TitanEngine.ThreaderIsExceptionInMainThread

1
SDK/MASM/TitanEngine.INC
View File

@ -549,7 +549,6 @@ ThreaderIsThreadActive proto stdcall :HANDLE
ThreaderIsAnyThreadActive proto stdcall
ThreaderExecuteOnlyInjectedThreads proto stdcall
ThreaderGetOpenHandleForThread proto stdcall :DWORD
ThreaderGetThreadData proto stdcall
ThreaderIsExceptionInMainThread proto stdcall
StaticDisassembleEx proto stdcall :DWORD, :LPVOID
StaticDisassemble proto stdcall :LPVOID

1
SDK/Python/TitanEngine.py
View File

@ -644,7 +644,6 @@ TE.GetPEBLocation.restype = c_void_p
TE.GetPEBLocation64.restype = c_void_p
TE.ThreaderGetThreadInfo.restype = POINTER(THREAD_ITEM_DATA)
TE.ThreaderGetThreadData.restype = POINTER(THREAD_ITEM_DATA)
TE.InitDebug.restype = POINTER(PROCESS_INFORMATION)
TE.InitDebugW.restype = POINTER(PROCESS_INFORMATION)

7
TitanEngine/Global.Threader.cpp
View File

@ -2,4 +2,9 @@
#include "definitions.h"
#include "Global.Threader.h"
LPVOID hListThread = 0;
std::vector<THREAD_ITEM_DATA> hListThread;
void ClearThreadList()
{
std::vector<THREAD_ITEM_DATA>().swap(hListThread);
}

6
TitanEngine/Global.Threader.h
View File

@ -1,6 +1,10 @@
#ifndef _GLOBAL_THREADER_H
#define _GLOBAL_THREADER_H
extern LPVOID hListThread;
#include <vector>
extern std::vector<THREAD_ITEM_DATA> hListThread;
void ClearThreadList();
#endif //_GLOBAL_THREADER_H

56
TitanEngine/TitanEngine.Debugger.Control.cpp
View File

@ -4,6 +4,7 @@
#include "Global.Handle.h"
#include "Global.Threader.h"
#include "Global.Librarian.h"
#include <vector>
__declspec(dllexport) void TITCALL ForceClose()
{
@ -12,7 +13,7 @@ __declspec(dllexport) void TITCALL ForceClose()
PPROCESS_ITEM_DATA hListProcessPtr = NULL;
PTHREAD_ITEM_DATA hListThreadPtr = NULL;
PLIBRARY_ITEM_DATAW hListLibraryPtr = NULL;
//manage lists
if(hListProcess != NULL)
{
hListProcessPtr = (PPROCESS_ITEM_DATA)hListProcess;
@ -31,35 +32,12 @@ __declspec(dllexport) void TITCALL ForceClose()
}
RtlZeroMemory(hListProcess, MAX_DEBUG_DATA * sizeof PROCESS_ITEM_DATA);
}
if(hListThread != NULL)
{
hListThreadPtr = (PTHREAD_ITEM_DATA)hListThread;
while(hListThreadPtr->hThread != NULL)
{
if(hListThreadPtr->hThread != (HANDLE)-1)
{
__try
{
if(EngineCloseHandle(hListThreadPtr->hThread))
{
hListThreadPtr->hThread = NULL;
hListThreadPtr->dwThreadId = NULL;
hListThreadPtr->ThreadLocalBase = NULL;
hListThreadPtr->ThreadStartAddress = NULL;
}
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
hListThreadPtr->hThread = NULL;
hListThreadPtr->dwThreadId = NULL;
hListThreadPtr->ThreadLocalBase = NULL;
hListThreadPtr->ThreadStartAddress = NULL;
}
}
hListThreadPtr = (PTHREAD_ITEM_DATA)((ULONG_PTR)hListThreadPtr + sizeof THREAD_ITEM_DATA);
}
RtlZeroMemory(hListThread, MAX_DEBUG_DATA * sizeof THREAD_ITEM_DATA);
}
int threadcount=hListThread.size();
for(int i=threadcount-1; i>-1; i--)
EngineCloseHandle(hListThread.at(i).hThread);
ClearThreadList();
if(hListLibrary != NULL)
{
hListLibraryPtr = (PLIBRARY_ITEM_DATAW)hListLibrary;
@ -70,23 +48,9 @@ __declspec(dllexport) void TITCALL ForceClose()
if(hListLibraryPtr->hFileMappingView != NULL)
{
UnmapViewOfFile(hListLibraryPtr->hFileMappingView);
__try
{
EngineCloseHandle(hListLibraryPtr->hFileMapping);
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
}
}
__try
{
EngineCloseHandle(hListLibraryPtr->hFile);
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
EngineCloseHandle(hListLibraryPtr->hFileMapping);
}
EngineCloseHandle(hListLibraryPtr->hFile);
}
hListLibraryPtr = (PLIBRARY_ITEM_DATAW)((ULONG_PTR)hListLibraryPtr + sizeof LIBRARY_ITEM_DATAW);
}

157
TitanEngine/TitanEngine.Debugger.DebugLoop.cpp
View File

@ -32,7 +32,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
bool hListThreadFirst = true;
bool hListLibraryFirst = true;
PPROCESS_ITEM_DATA hListProcessPtr = NULL;
PTHREAD_ITEM_DATA hListThreadPtr = NULL;
//PTHREAD_ITEM_DATA hListThreadPtr = NULL;
PLIBRARY_ITEM_DATAW hListLibraryPtr = NULL;
PLIBRARY_ITEM_DATAW hLoadedLibData = NULL;
PLIBRARY_BREAK_DATA ptrLibrarianData = NULL;
@ -142,17 +142,9 @@ __declspec(dllexport) void TITCALL DebugLoop()
RtlZeroMemory(hListProcess, MAX_DEBUG_DATA * sizeof PROCESS_ITEM_DATA);
}
}
if(hListThread == NULL)
{
hListThread = VirtualAlloc(NULL, MAX_DEBUG_DATA * sizeof THREAD_ITEM_DATA, MEM_COMMIT, PAGE_READWRITE);
}
else
{
if(hListThreadFirst == true)
{
RtlZeroMemory(hListThread, MAX_DEBUG_DATA * sizeof THREAD_ITEM_DATA);
}
}
if(hListThreadFirst) //clear thread list
ClearThreadList();
hListProcessPtr = (PPROCESS_ITEM_DATA)hListProcess;
hListProcessPtr->hFile = DBGEvent.u.CreateProcessInfo.hFile;
hListProcessPtr->hProcess = DBGEvent.u.CreateProcessInfo.hProcess;
@ -163,11 +155,13 @@ __declspec(dllexport) void TITCALL DebugLoop()
hListProcessPtr->ThreadStartAddress = (void*)DBGEvent.u.CreateProcessInfo.lpStartAddress;
hListProcessPtr->ThreadLocalBase = (void*)DBGEvent.u.CreateProcessInfo.lpThreadLocalBase;
hListThreadPtr = (PTHREAD_ITEM_DATA)hListThread;
hListThreadPtr->dwThreadId = DBGEvent.dwThreadId;
hListThreadPtr->hThread = DBGEvent.u.CreateProcessInfo.hThread;
hListThreadPtr->ThreadStartAddress = (void*)DBGEvent.u.CreateProcessInfo.lpStartAddress;
hListThreadPtr->ThreadLocalBase = (void*)DBGEvent.u.CreateProcessInfo.lpThreadLocalBase;
THREAD_ITEM_DATA NewThreadData;
memset(&NewThreadData, 0, sizeof(THREAD_ITEM_DATA));
NewThreadData.dwThreadId = DBGEvent.dwThreadId;
NewThreadData.hThread = DBGEvent.u.CreateProcessInfo.hThread;
NewThreadData.ThreadStartAddress = (void*)DBGEvent.u.CreateProcessInfo.lpStartAddress;
NewThreadData.ThreadLocalBase = (void*)DBGEvent.u.CreateProcessInfo.lpThreadLocalBase;
hListThread.push_back(NewThreadData);
hListThreadFirst = false;
}
else //we have a valid handle already (which means a child process started)
@ -233,26 +227,13 @@ __declspec(dllexport) void TITCALL DebugLoop()
case CREATE_THREAD_DEBUG_EVENT:
{
//maintain thread list
if(hListThread == NULL)
{
hListThread = VirtualAlloc(NULL, MAX_DEBUG_DATA * sizeof THREAD_ITEM_DATA, MEM_COMMIT, PAGE_READWRITE);
}
hListThreadPtr = (PTHREAD_ITEM_DATA)hListThread;
__try
{
while(hListThreadPtr->hThread != NULL)
{
hListThreadPtr = (PTHREAD_ITEM_DATA)((ULONG_PTR)hListThreadPtr + sizeof THREAD_ITEM_DATA);
}
hListThreadPtr->dwThreadId = DBGEvent.dwThreadId;
hListThreadPtr->hThread = DBGEvent.u.CreateThread.hThread;
hListThreadPtr->ThreadStartAddress = (void*)DBGEvent.u.CreateThread.lpStartAddress;
hListThreadPtr->ThreadLocalBase = (void*)DBGEvent.u.CreateThread.lpThreadLocalBase;
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
}
THREAD_ITEM_DATA NewThreadData;
memset(&NewThreadData, 0, sizeof(THREAD_ITEM_DATA));
NewThreadData.dwThreadId = DBGEvent.dwThreadId;
NewThreadData.hThread = DBGEvent.u.CreateThread.hThread;
NewThreadData.ThreadStartAddress = (void*)DBGEvent.u.CreateThread.lpStartAddress;
NewThreadData.ThreadLocalBase = (void*)DBGEvent.u.CreateThread.lpThreadLocalBase;
hListThread.push_back(NewThreadData);
//custom handler
if(DBGCustomHandler->chCreateThread != NULL)
@ -300,17 +281,15 @@ __declspec(dllexport) void TITCALL DebugLoop()
}
//maintain thread list
hListThreadPtr = (PTHREAD_ITEM_DATA)hListThread;
while(hListThreadPtr->hThread != NULL && hListThreadPtr->dwThreadId != DBGEvent.dwThreadId)
int threadcount=hListThread.size();
for(int i=0; i<threadcount; i++)
{
hListThreadPtr = (PTHREAD_ITEM_DATA)((ULONG_PTR)hListThreadPtr + sizeof THREAD_ITEM_DATA);
}
if(hListThreadPtr->dwThreadId == DBGEvent.dwThreadId)
{
hListThreadPtr->hThread = (HANDLE)-1;
hListThreadPtr->dwThreadId = NULL;
hListThreadPtr->ThreadLocalBase = NULL;
hListThreadPtr->ThreadStartAddress = NULL;
if(hListThread.at(i).dwThreadId == DBGEvent.dwThreadId) //found the thread to remove
{
//TODO: close handle?
hListThread.erase(hListThread.begin()+i);
break;
}
}
}
break;
@ -590,16 +569,8 @@ __declspec(dllexport) void TITCALL DebugLoop()
myDBGContext.ContextFlags = CONTEXT_CONTROL;
GetThreadContext(hActiveThread, &myDBGContext);
if(FoundBreakPoint.BreakPointType != UE_SINGLESHOOT)
{
if(!(myDBGContext.EFlags & 0x100))
{
myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100;
}
}
if(!(myDBGContext.EFlags & 0x10000))
{
myDBGContext.EFlags = myDBGContext.EFlags ^ 0x10000;
}
myDBGContext.EFlags |= UE_TRAP_FLAG;
myDBGContext.EFlags |= UE_RESUME_FLAG;
#if defined(_WIN64)
myDBGContext.Rip = myDBGContext.Rip - FoundBreakPoint.BreakPointSize;
#else
@ -748,10 +719,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
hActiveThread = OpenThread(THREAD_GET_CONTEXT|THREAD_SET_CONTEXT|THREAD_QUERY_INFORMATION, false, DBGEvent.dwThreadId);
myDBGContext.ContextFlags = CONTEXT_CONTROL;
GetThreadContext(hActiveThread, &myDBGContext);
if(!(myDBGContext.EFlags & 0x100))
{
myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100;
}
myDBGContext.EFlags |= UE_TRAP_FLAG;
SetThreadContext(hActiveThread, &myDBGContext);
EngineCloseHandle(hActiveThread);
}
@ -846,10 +814,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
if(DebugRegister[0].DrxEnabled)
{
DBGCode = DBG_CONTINUE;
if(!(myDBGContext.EFlags & 0x100))
{
myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100;
}
myDBGContext.EFlags |= UE_TRAP_FLAG;
SetThreadContext(hActiveThread, &myDBGContext);
myCustomHandler = (fCustomHandler)(DebugRegister[0].DrxCallBack);
__try
@ -876,10 +841,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
if(DebugRegister[1].DrxEnabled)
{
DBGCode = DBG_CONTINUE;
if(!(myDBGContext.EFlags & 0x100))
{
myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100;
}
myDBGContext.EFlags |= UE_TRAP_FLAG;
SetThreadContext(hActiveThread, &myDBGContext);
myCustomHandler = (fCustomHandler)(DebugRegister[1].DrxCallBack);
__try
@ -906,10 +868,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
if(DebugRegister[2].DrxEnabled)
{
DBGCode = DBG_CONTINUE;
if(!(myDBGContext.EFlags & 0x100))
{
myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100;
}
myDBGContext.EFlags |= UE_TRAP_FLAG;
SetThreadContext(hActiveThread, &myDBGContext);
myCustomHandler = (fCustomHandler)(DebugRegister[2].DrxCallBack);
__try
@ -936,10 +895,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
if(DebugRegister[3].DrxEnabled)
{
DBGCode = DBG_CONTINUE;
if(!(myDBGContext.EFlags & 0x100))
{
myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100;
}
myDBGContext.EFlags |= UE_TRAP_FLAG;
SetThreadContext(hActiveThread, &myDBGContext);
myCustomHandler = (fCustomHandler)(DebugRegister[3].DrxCallBack);
__try
@ -1023,10 +979,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
}
else
{
if(!(myDBGContext.EFlags & 0x100))
{
myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100;
}
myDBGContext.EFlags |= UE_TRAP_FLAG;
SetThreadContext(hActiveThread, &myDBGContext);
ResetMemBPXAddress = FoundBreakPoint.BreakPointAddress;
ResetMemBPXSize = FoundBreakPoint.BreakPointSize;
@ -1051,10 +1004,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
}
else //restore the memory breakpoint
{
if(!(myDBGContext.EFlags & 0x100))
{
myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100;
}
myDBGContext.EFlags |= UE_TRAP_FLAG;
SetThreadContext(hActiveThread, &myDBGContext);
ResetMemBPXAddress = FoundBreakPoint.BreakPointAddress;
ResetMemBPXSize = FoundBreakPoint.BreakPointSize;
@ -1074,10 +1024,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
}
else //no read operation, restore breakpoint
{
if(!(myDBGContext.EFlags & 0x100))
{
myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100;
}
myDBGContext.EFlags |= UE_TRAP_FLAG;
SetThreadContext(hActiveThread, &myDBGContext);
ResetMemBPXAddress = FoundBreakPoint.BreakPointAddress;
ResetMemBPXSize = FoundBreakPoint.BreakPointSize;
@ -1093,10 +1040,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
}
else //restore breakpoint after trap flag
{
if(!(myDBGContext.EFlags & 0x100))
{
myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100;
}
myDBGContext.EFlags |= UE_TRAP_FLAG;
SetThreadContext(hActiveThread, &myDBGContext);
ResetMemBPXAddress = FoundBreakPoint.BreakPointAddress;
ResetMemBPXSize = FoundBreakPoint.BreakPointSize;
@ -1116,10 +1060,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
}
else //no write operation, restore breakpoint
{
if(!(myDBGContext.EFlags & 0x100))
{
myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100;
}
myDBGContext.EFlags |= UE_TRAP_FLAG;
SetThreadContext(hActiveThread, &myDBGContext);
ResetMemBPXAddress = FoundBreakPoint.BreakPointAddress;
ResetMemBPXSize = FoundBreakPoint.BreakPointSize;
@ -1136,10 +1077,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
}
else
{
if(!(myDBGContext.EFlags & 0x100))
{
myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100;
}
myDBGContext.EFlags |= UE_TRAP_FLAG;
SetThreadContext(hActiveThread, &myDBGContext);
ResetMemBPXAddress = FoundBreakPoint.BreakPointAddress;
ResetMemBPXSize = FoundBreakPoint.BreakPointSize;
@ -1160,10 +1098,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
}
else //no execute operation, restore breakpoint
{
if(!(myDBGContext.EFlags & 0x100))
{
myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100;
}
myDBGContext.EFlags |= UE_TRAP_FLAG;
SetThreadContext(hActiveThread, &myDBGContext);
ResetMemBPXAddress = FoundBreakPoint.BreakPointAddress;
ResetMemBPXSize = FoundBreakPoint.BreakPointSize;
@ -1241,16 +1176,8 @@ __declspec(dllexport) void TITCALL DebugLoop()
myDBGContext.ContextFlags = CONTEXT_CONTROL;
GetThreadContext(hActiveThread, &myDBGContext);
if(FoundBreakPoint.BreakPointType != UE_SINGLESHOOT)
{
if(!(myDBGContext.EFlags & 0x100))
{
myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100;
}
}
if(!(myDBGContext.EFlags & 0x10000))
{
myDBGContext.EFlags = myDBGContext.EFlags ^ 0x10000;
}
myDBGContext.EFlags |= UE_TRAP_FLAG;
myDBGContext.EFlags |= UE_RESUME_FLAG;
SetThreadContext(hActiveThread, &myDBGContext);
EngineCloseHandle(hActiveThread);
VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)FoundBreakPoint.BreakPointAddress, FoundBreakPoint.BreakPointSize, OldProtect, &OldProtect);

45
TitanEngine/TitanEngine.Debugger.cpp
View File

@ -307,39 +307,22 @@ __declspec(dllexport) bool TITCALL DetachDebugger(DWORD ProcessId)
__declspec(dllexport) bool TITCALL DetachDebuggerEx(DWORD ProcessId)
{
HANDLE hActiveThread;
CONTEXT myDBGContext;
PTHREAD_ITEM_DATA hListThreadPtr = (PTHREAD_ITEM_DATA)hListThread;
if(hListThreadPtr != NULL)
ThreaderPauseProcess();
int threadcount=hListThread.size();
for(int i=0; i<threadcount; i++)
{
ThreaderPauseProcess();
while(hListThreadPtr->hThread != NULL)
{
hActiveThread = OpenThread(THREAD_GET_CONTEXT|THREAD_SET_CONTEXT|THREAD_QUERY_INFORMATION, false, hListThreadPtr->dwThreadId);
myDBGContext.ContextFlags = CONTEXT_CONTROL;
GetThreadContext(hActiveThread, &myDBGContext);
if((myDBGContext.EFlags & 0x100))
{
myDBGContext.EFlags = myDBGContext.EFlags ^ 0x100;
}
if(!(myDBGContext.EFlags & 0x10000))
{
myDBGContext.EFlags = myDBGContext.EFlags ^ 0x10000;
}
SetThreadContext(hActiveThread, &myDBGContext);
EngineCloseHandle(hActiveThread);
hListThreadPtr = (PTHREAD_ITEM_DATA)((ULONG_PTR)hListThreadPtr + sizeof THREAD_ITEM_DATA);
}
ContinueDebugEvent(DBGEvent.dwProcessId, DBGEvent.dwThreadId, DBG_CONTINUE);
ThreaderResumeProcess();
return(DetachDebugger(ProcessId));
}
else
{
return false;
HANDLE hActiveThread = OpenThread(THREAD_GET_CONTEXT|THREAD_SET_CONTEXT, false, hListThread.at(i).dwThreadId);
CONTEXT myDBGContext;
myDBGContext.ContextFlags = CONTEXT_CONTROL;
GetThreadContext(hActiveThread, &myDBGContext);
myDBGContext.EFlags &= ~UE_TRAP_FLAG;
myDBGContext.EFlags &= ~UE_RESUME_FLAG;
SetThreadContext(hActiveThread, &myDBGContext);
EngineCloseHandle(hActiveThread);
}
ContinueDebugEvent(DBGEvent.dwProcessId, DBGEvent.dwThreadId, DBG_CONTINUE);
ThreaderResumeProcess();
return DetachDebugger(ProcessId);
}
__declspec(dllexport) void TITCALL AutoDebugEx(char* szFileName, bool ReserveModuleBase, char* szCommandLine, char* szCurrentFolder, DWORD TimeOut, LPVOID EntryCallBack)

1668
TitanEngine/TitanEngine.Handler.cpp
View File

File diff suppressed because it is too large Load Diff

46
TitanEngine/TitanEngine.Hider.cpp
View File

@ -5,28 +5,28 @@
// TitanEngine.Hider.functions:
__declspec(dllexport) void* TITCALL GetPEBLocation(HANDLE hProcess)
{
ULONG RequiredLen = 0;
void * PebAddress = 0;
PPROCESS_BASIC_INFORMATION myProcessBasicInformation = (PPROCESS_BASIC_INFORMATION)VirtualAlloc(NULL, sizeof(PROCESS_BASIC_INFORMATION) * 4, MEM_COMMIT|MEM_RESERVE, PAGE_READWRITE);
ULONG RequiredLen = 0;
void * PebAddress = 0;
PPROCESS_BASIC_INFORMATION myProcessBasicInformation = (PPROCESS_BASIC_INFORMATION)VirtualAlloc(NULL, sizeof(PROCESS_BASIC_INFORMATION) * 4, MEM_COMMIT|MEM_RESERVE, PAGE_READWRITE);
if(!myProcessBasicInformation)
return 0;
if(!myProcessBasicInformation)
return 0;
if(NtQueryInformationProcess(hProcess, ProcessBasicInformation, myProcessBasicInformation, sizeof(PROCESS_BASIC_INFORMATION), &RequiredLen) == STATUS_SUCCESS)
{
PebAddress = (void*)myProcessBasicInformation->PebBaseAddress;
}
else
{
if(NtQueryInformationProcess(hProcess, ProcessBasicInformation, myProcessBasicInformation, RequiredLen, &RequiredLen) == STATUS_SUCCESS)
{
PebAddress = (void*)myProcessBasicInformation->PebBaseAddress;
}
}
if(NtQueryInformationProcess(hProcess, ProcessBasicInformation, myProcessBasicInformation, sizeof(PROCESS_BASIC_INFORMATION), &RequiredLen) == STATUS_SUCCESS)
{
PebAddress = (void*)myProcessBasicInformation->PebBaseAddress;
}
else
{
if(NtQueryInformationProcess(hProcess, ProcessBasicInformation, myProcessBasicInformation, RequiredLen, &RequiredLen) == STATUS_SUCCESS)
{
PebAddress = (void*)myProcessBasicInformation->PebBaseAddress;
}
}
VirtualFree(myProcessBasicInformation, 0, MEM_RELEASE);
return PebAddress;
VirtualFree(myProcessBasicInformation, 0, MEM_RELEASE);
return PebAddress;
}
__declspec(dllexport) void* TITCALL GetPEBLocation64(HANDLE hProcess)
@ -36,11 +36,11 @@ __declspec(dllexport) void* TITCALL GetPEBLocation64(HANDLE hProcess)
{
//Only WOW64 processes have 2 PEBs
DWORD peb32 = (DWORD)GetPEBLocation(hProcess);
if (peb32)
{
peb32 += 0x1000; //PEB64 after PEB32
return (void *)peb32;
}
if (peb32)
{
peb32 += 0x1000; //PEB64 after PEB32
return (void *)peb32;
}
}
#endif //_WIN64
return 0;

71
TitanEngine/TitanEngine.Hooks.cpp
View File

@ -28,66 +28,51 @@ static bool ProcessHookScanAddNewHook(PHOOK_ENTRY HookDetails, void* ptrOriginal
// Global.Engine.Hook.functions:
__declspec(dllexport) bool TITCALL HooksSafeTransitionEx(LPVOID HookAddressArray, int NumberOfHooks, bool TransitionStart)
{
int i;
ULONG_PTR CurrentIP;
ULONG_PTR HookAddress;
PTHREAD_ITEM_DATA hListThreadPtr = (PTHREAD_ITEM_DATA)hListThread;
PMEMORY_COMPARE_HANDLER myHookAddressArray;
if(dbgProcessInformation.hProcess == NULL)
if(dbgProcessInformation.hProcess == NULL) //TODO: check
{
if(!TransitionStart || ThreaderImportRunningThreadData(GetCurrentProcessId()))
{
hListThreadPtr = (PTHREAD_ITEM_DATA)hListThread;
if(hListThreadPtr != NULL)
int threadcount=hListThread.size();
for(int i=0; i<threadcount; i++)
{
while(hListThreadPtr->hThread != NULL)
PTHREAD_ITEM_DATA hListThreadPtr=&hListThread.at(i);
if(hListThreadPtr->hThread != INVALID_HANDLE_VALUE)
{
if(hListThreadPtr->hThread != INVALID_HANDLE_VALUE)
if(TransitionStart)
{
if(TransitionStart)
if(hListThreadPtr->dwThreadId != GetCurrentThreadId())
{
if(hListThreadPtr->dwThreadId != GetCurrentThreadId())
SuspendThread(hListThreadPtr->hThread);
ULONG_PTR CurrentIP = (ULONG_PTR)GetContextDataEx(hListThreadPtr->hThread, UE_CIP);
PMEMORY_COMPARE_HANDLER myHookAddressArray = (PMEMORY_COMPARE_HANDLER)HookAddressArray;
for(int j=0; j<NumberOfHooks; j++)
{
SuspendThread(hListThreadPtr->hThread);
CurrentIP = (ULONG_PTR)GetContextDataEx(hListThreadPtr->hThread, UE_CIP);
myHookAddressArray = (PMEMORY_COMPARE_HANDLER)HookAddressArray;
for(i = 0; i < NumberOfHooks; i++)
{
#if defined (_WIN64)
HookAddress = (ULONG_PTR)myHookAddressArray->Array.qwArrayEntry[0];
myHookAddressArray = (PMEMORY_COMPARE_HANDLER)((ULONG_PTR)myHookAddressArray + sizeof ULONG_PTR);
ULONG_PTR HookAddress = (ULONG_PTR)myHookAddressArray->Array.qwArrayEntry[0];
myHookAddressArray = (PMEMORY_COMPARE_HANDLER)((ULONG_PTR)myHookAddressArray + sizeof ULONG_PTR);
#else
HookAddress = (ULONG_PTR)myHookAddressArray->Array.dwArrayEntry[0];
myHookAddressArray = (PMEMORY_COMPARE_HANDLER)((ULONG_PTR)myHookAddressArray + sizeof ULONG_PTR);
ULONG_PTR HookAddress = (ULONG_PTR)myHookAddressArray->Array.dwArrayEntry[0];
myHookAddressArray = (PMEMORY_COMPARE_HANDLER)((ULONG_PTR)myHookAddressArray + sizeof ULONG_PTR);
#endif
while(CurrentIP >= (ULONG_PTR)HookAddress && CurrentIP <= (ULONG_PTR)HookAddress + 5)
{
ResumeThread(hListThreadPtr->hThread);
Sleep(5);
SuspendThread(hListThreadPtr->hThread);
CurrentIP = (ULONG_PTR)GetContextDataEx(hListThreadPtr->hThread, UE_CIP);
i = 0;
}
while(CurrentIP >= (ULONG_PTR)HookAddress && CurrentIP <= (ULONG_PTR)HookAddress + 5)
{
ResumeThread(hListThreadPtr->hThread);
Sleep(5);
SuspendThread(hListThreadPtr->hThread);
CurrentIP = (ULONG_PTR)GetContextDataEx(hListThreadPtr->hThread, UE_CIP);
j = 0;
}
}
}
else
{
ResumeThread(hListThreadPtr->hThread);
EngineCloseHandle(hListThreadPtr->hThread);
}
}
hListThreadPtr = (PTHREAD_ITEM_DATA)((ULONG_PTR)hListThreadPtr + sizeof THREAD_ITEM_DATA);
else
{
ResumeThread(hListThreadPtr->hThread);
EngineCloseHandle(hListThreadPtr->hThread);
}
}
if(!TransitionStart)
{
VirtualFree(hListThread, NULL, MEM_RELEASE);
hListThread = NULL;
}
return true;
}
return true;
}
else
{

2
TitanEngine/TitanEngine.Injector.cpp
View File

@ -185,7 +185,7 @@ __declspec(dllexport) bool TITCALL RemoteFreeLibraryW(HANDLE hProcess, HMODULE h
if(WaitForThreadExit)
{
hThread = CreateRemoteThread(hProcess, NULL, NULL, (LPTHREAD_START_ROUTINE)remCodeData, remStringData, CREATE_SUSPENDED, &ThreadId);
NtSetInformationThread(hThread, ThreadHideFromDebugger, NULL, NULL);
NtSetInformationThread(hThread, ThreadHideFromDebugger, NULL, NULL);
ResumeThread(hThread);
WaitForSingleObject(hThread, INFINITE);
VirtualFreeEx(hProcess, remCodeData, NULL, MEM_RELEASE);

462
TitanEngine/TitanEngine.Threader.cpp
View File

@ -9,365 +9,201 @@
// TitanEngine.Threader.functions:
__declspec(dllexport) bool TITCALL ThreaderImportRunningThreadData(DWORD ProcessId)
{
HANDLE hSnapShot;
if(dbgProcessInformation.hProcess != NULL || ProcessId == NULL)
return false;
std::vector<THREAD_ITEM_DATA>().swap(hListThread); //clear thread list
THREADENTRY32 ThreadEntry = {};
PTHREAD_ITEM_DATA hListThreadPtr = NULL;
if(dbgProcessInformation.hProcess == NULL && ProcessId != NULL)
ThreadEntry.dwSize = sizeof THREADENTRY32;
HANDLE hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, ProcessId);
if(hSnapShot != INVALID_HANDLE_VALUE)
{
if(hListThread == NULL)
if(Thread32First(hSnapShot, &ThreadEntry))
{
hListThread = VirtualAlloc(NULL, MAX_DEBUG_DATA * sizeof THREAD_ITEM_DATA, MEM_COMMIT, PAGE_READWRITE);
}
else
{
RtlZeroMemory(hListThread, MAX_DEBUG_DATA * sizeof THREAD_ITEM_DATA);
}
ThreadEntry.dwSize = sizeof THREADENTRY32;
hListThreadPtr = (PTHREAD_ITEM_DATA)hListThread;
hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, ProcessId);
if(hSnapShot != INVALID_HANDLE_VALUE)
{
if(Thread32First(hSnapShot, &ThreadEntry))
do
{
do
if(ThreadEntry.th32OwnerProcessID == ProcessId)
{
if(ThreadEntry.th32OwnerProcessID == ProcessId)
{
hListThreadPtr->dwThreadId = ThreadEntry.th32ThreadID;
hListThreadPtr->hThread = OpenThread(THREAD_GET_CONTEXT|THREAD_SET_CONTEXT|THREAD_QUERY_INFORMATION|THREAD_SUSPEND_RESUME, false, hListThreadPtr->dwThreadId);
hListThreadPtr = (PTHREAD_ITEM_DATA)((ULONG_PTR)hListThreadPtr + sizeof THREAD_ITEM_DATA);
}
THREAD_ITEM_DATA NewThreadData;
memset(&NewThreadData, 0, sizeof(THREAD_ITEM_DATA));
NewThreadData.dwThreadId = ThreadEntry.th32ThreadID;
NewThreadData.hThread = OpenThread(THREAD_ALL_ACCESS, false, NewThreadData.dwThreadId);
hListThread.push_back(NewThreadData);
}
while(Thread32Next(hSnapShot, &ThreadEntry));
}
EngineCloseHandle(hSnapShot);
return true;
while(Thread32Next(hSnapShot, &ThreadEntry));
}
EngineCloseHandle(hSnapShot);
return true;
}
return false;
}
__declspec(dllexport) void* TITCALL ThreaderGetThreadInfo(HANDLE hThread, DWORD ThreadId)
{
PTHREAD_ITEM_DATA hListThreadPtr = (PTHREAD_ITEM_DATA)hListThread;
if(hListThreadPtr != NULL)
{
if(hThread != NULL)
if(!hThread && !ThreadId)
return NULL;
static THREAD_ITEM_DATA ThreadData;
memset(&ThreadData, 0, sizeof(THREAD_ITEM_DATA));
int threadcount=hListThread.size();
for(int i=0; i<threadcount; i++)
if(hListThread.at(i).hThread == hThread || hListThread.at(i).dwThreadId == ThreadId)
{
while(hListThreadPtr->hThread != NULL && hListThreadPtr->hThread != hThread)
{
hListThreadPtr = (PTHREAD_ITEM_DATA)((ULONG_PTR)hListThreadPtr + sizeof THREAD_ITEM_DATA);
}
if(hListThreadPtr->hThread == hThread)
{
return((void*)hListThreadPtr);
}
memcpy(&ThreadData, &hListThread.at(i), sizeof(THREAD_ITEM_DATA));
return &ThreadData;
}
else if(ThreadId != NULL)
{
while(hListThreadPtr->hThread != NULL && hListThreadPtr->dwThreadId != ThreadId)
{
hListThreadPtr = (PTHREAD_ITEM_DATA)((ULONG_PTR)hListThreadPtr + sizeof THREAD_ITEM_DATA);
}
if(hListThreadPtr->dwThreadId == ThreadId)
{
return((void*)hListThreadPtr);
}
}
}
return(NULL);
return NULL;
}
__declspec(dllexport) void TITCALL ThreaderEnumThreadInfo(void* EnumCallBack)
{
PTHREAD_ITEM_DATA hListThreadPtr = (PTHREAD_ITEM_DATA)hListThread;
typedef void(TITCALL *fEnumCallBack)(LPVOID fThreadDetail);
fEnumCallBack myEnumCallBack = (fEnumCallBack)EnumCallBack;
if(hListThreadPtr != NULL)
int threadcount=hListThread.size();
for(int i=0; i<threadcount; i++)
{
while(EnumCallBack != NULL && hListThreadPtr->hThread != NULL)
__try
{
if(hListThreadPtr->hThread != NULL)
{
__try
{
myEnumCallBack((void*)hListThreadPtr);
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
EnumCallBack = NULL;
}
}
hListThreadPtr = (PTHREAD_ITEM_DATA)((ULONG_PTR)hListThreadPtr + sizeof THREAD_ITEM_DATA);
myEnumCallBack(&hListThread.at(i));
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
break;
}
}
}
__declspec(dllexport) bool TITCALL ThreaderPauseThread(HANDLE hThread)
{
PTHREAD_ITEM_DATA hListThreadPtr = (PTHREAD_ITEM_DATA)hListThread;
if(hListThreadPtr != NULL)
{
if(hThread != NULL)
{
while(hListThreadPtr->hThread != NULL && hListThreadPtr->hThread != hThread)
{
hListThreadPtr = (PTHREAD_ITEM_DATA)((ULONG_PTR)hListThreadPtr + sizeof THREAD_ITEM_DATA);
}
if(hListThreadPtr->hThread == hThread)
{
if(SuspendThread(hThread) != -1)
{
return true;
}
else
{
return false;
}
}
else
{
return false;
}
}
}
int threadcount=hListThread.size();
for(int i=0; i<threadcount; i++)
if(hListThread.at(i).hThread == hThread && SuspendThread(hThread) != -1)
return true;
return false;
}
__declspec(dllexport) bool TITCALL ThreaderResumeThread(HANDLE hThread)
{
PTHREAD_ITEM_DATA hListThreadPtr = (PTHREAD_ITEM_DATA)hListThread;
if(hListThreadPtr != NULL)
{
if(hThread != NULL)
{
while(hListThreadPtr->hThread != NULL && hListThreadPtr->hThread != hThread)
{
hListThreadPtr = (PTHREAD_ITEM_DATA)((ULONG_PTR)hListThreadPtr + sizeof THREAD_ITEM_DATA);
}
if(hListThreadPtr->hThread == hThread)
{
if(ResumeThread(hThread) != -1)
{
return true;
}
else
{
return false;
}
}
else
{
return false;
}
}
}
int threadcount=hListThread.size();
for(int i=0; i<threadcount; i++)
if(hListThread.at(i).hThread == hThread && ResumeThread(hThread) != -1)
return true;
return false;
}
__declspec(dllexport) bool TITCALL ThreaderTerminateThread(HANDLE hThread, DWORD ThreadExitCode)
{
PTHREAD_ITEM_DATA hListThreadPtr = (PTHREAD_ITEM_DATA)hListThread;
if(hListThreadPtr != NULL)
{
if(hThread != NULL)
int threadcount=hListThread.size();
for(int i=0; i<threadcount; i++)
if(hListThread.at(i).hThread == hThread && TerminateThread(hThread, ThreadExitCode) != NULL)
{
while(hListThreadPtr->hThread != NULL && hListThreadPtr->hThread != hThread)
{
hListThreadPtr = (PTHREAD_ITEM_DATA)((ULONG_PTR)hListThreadPtr + sizeof THREAD_ITEM_DATA);
}
if(hListThreadPtr->hThread == hThread)
{
if(TerminateThread(hThread, ThreadExitCode) != NULL)
{
hListThreadPtr->hThread = (HANDLE)-1;
hListThreadPtr->dwThreadId = NULL;
hListThreadPtr->ThreadLocalBase = NULL;
hListThreadPtr->ThreadStartAddress = NULL;
return true;
}
else
{
return false;
}
}
else
{
return false;
}
}
}
return false;
}
__declspec(dllexport) bool TITCALL ThreaderPauseAllThreads(bool LeaveMainRunning)
{
PTHREAD_ITEM_DATA hListThreadPtr = (PTHREAD_ITEM_DATA)hListThread;
if(hListThreadPtr != NULL)
{
while(hListThreadPtr->hThread != NULL)
{
if(LeaveMainRunning)
{
if(hListThreadPtr->hThread != dbgProcessInformation.hThread)
{
SuspendThread((HANDLE)hListThreadPtr->hThread);
}
}
else
{
SuspendThread(hListThreadPtr->hThread);
}
hListThreadPtr = (PTHREAD_ITEM_DATA)((ULONG_PTR)hListThreadPtr + sizeof THREAD_ITEM_DATA);
}
return true;
}
return false;
}
__declspec(dllexport) bool TITCALL ThreaderResumeAllThreads(bool LeaveMainPaused)
{
PTHREAD_ITEM_DATA hListThreadPtr = (PTHREAD_ITEM_DATA)hListThread;
if(hListThreadPtr != NULL)
{
while(hListThreadPtr->hThread != NULL)
{
if(LeaveMainPaused)
{
if(hListThreadPtr->hThread != dbgProcessInformation.hThread)
{
ResumeThread(hListThreadPtr->hThread);
}
}
else
{
ResumeThread(hListThreadPtr->hThread);
}
hListThreadPtr = (PTHREAD_ITEM_DATA)((ULONG_PTR)hListThreadPtr + sizeof THREAD_ITEM_DATA);
}
return true;
}
return false;
}
__declspec(dllexport) bool TITCALL ThreaderPauseProcess()
{
return(ThreaderPauseAllThreads(false));
}
__declspec(dllexport) bool TITCALL ThreaderResumeProcess()
{
return(ThreaderResumeAllThreads(false));
}
__declspec(dllexport) long long TITCALL ThreaderCreateRemoteThread(ULONG_PTR ThreadStartAddress, bool AutoCloseTheHandle, LPVOID ThreadPassParameter, LPDWORD ThreadId)
{
HANDLE myThread;
if(dbgProcessInformation.hProcess != NULL)
{
if(!AutoCloseTheHandle)
{
return((ULONG_PTR)CreateRemoteThread(dbgProcessInformation.hProcess, NULL, NULL, (LPTHREAD_START_ROUTINE)ThreadStartAddress, ThreadPassParameter, NULL, ThreadId));
}
else
{
myThread = CreateRemoteThread(dbgProcessInformation.hProcess, NULL, NULL, (LPTHREAD_START_ROUTINE)ThreadStartAddress, ThreadPassParameter, NULL, ThreadId);
EngineCloseHandle(myThread);
return(NULL);
}
}
return(NULL);
}
__declspec(dllexport) bool TITCALL ThreaderInjectAndExecuteCode(LPVOID InjectCode, DWORD StartDelta, DWORD InjectSize)
{
LPVOID ThreadBase = 0;
ULONG_PTR ueNumberOfBytesRead = 0;
if(dbgProcessInformation.hProcess != NULL)
{
ThreadBase = VirtualAllocEx(dbgProcessInformation.hProcess, NULL, InjectSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
if(WriteProcessMemory(dbgProcessInformation.hProcess, ThreadBase, InjectCode, InjectSize, &ueNumberOfBytesRead))
{
ThreaderCreateRemoteThread((ULONG_PTR)((ULONG_PTR)InjectCode + StartDelta), true, NULL, NULL);
hListThread.erase(hListThread.begin()+i);
return true;
}
else
{
return false;
}
}
return false;
}
__declspec(dllexport) bool TITCALL ThreaderPauseAllThreads(bool LeaveMainRunning)
{
bool ret=true;
int threadcount=hListThread.size();
for(int i=0; i<threadcount; i++)
{
DWORD suspended;
if(LeaveMainRunning && hListThread.at(i).hThread != dbgProcessInformation.hThread)
suspended=SuspendThread(hListThread.at(i).hThread);
else
suspended=SuspendThread(hListThread.at(i).hThread);
if(suspended==-1)
ret=false;
}
return ret;
}
__declspec(dllexport) bool TITCALL ThreaderResumeAllThreads(bool LeaveMainPaused)
{
bool ret=true;
int threadcount=hListThread.size();
for(int i=0; i<threadcount; i++)
{
DWORD resumed;
if(LeaveMainPaused && hListThread.at(i).hThread != dbgProcessInformation.hThread)
resumed=ResumeThread(hListThread.at(i).hThread);
else
resumed=ResumeThread(hListThread.at(i).hThread);
if(resumed==-1)
ret=false;
}
return ret;
}
__declspec(dllexport) bool TITCALL ThreaderPauseProcess()
{
return ThreaderPauseAllThreads(false);
}
__declspec(dllexport) bool TITCALL ThreaderResumeProcess()
{
return ThreaderResumeAllThreads(false);
}
__declspec(dllexport) long long TITCALL ThreaderCreateRemoteThread(ULONG_PTR ThreadStartAddress, bool AutoCloseTheHandle, LPVOID ThreadPassParameter, LPDWORD ThreadId)
{
return ThreaderCreateRemoteThreadEx(dbgProcessInformation.hProcess, ThreadStartAddress, AutoCloseTheHandle, ThreadPassParameter, ThreadId);
}
__declspec(dllexport) bool TITCALL ThreaderInjectAndExecuteCode(LPVOID InjectCode, DWORD StartDelta, DWORD InjectSize)
{
return ThreaderInjectAndExecuteCodeEx(dbgProcessInformation.hProcess, InjectCode, StartDelta, InjectSize);
}
__declspec(dllexport) long long TITCALL ThreaderCreateRemoteThreadEx(HANDLE hProcess, ULONG_PTR ThreadStartAddress, bool AutoCloseTheHandle, LPVOID ThreadPassParameter, LPDWORD ThreadId)
{
HANDLE myThread;
if(hProcess != NULL)
{
if(!AutoCloseTheHandle)
{
return((ULONG_PTR)CreateRemoteThread(hProcess, NULL, NULL, (LPTHREAD_START_ROUTINE)ThreadStartAddress, ThreadPassParameter, NULL, ThreadId));
return (ULONG_PTR)CreateRemoteThread(hProcess, NULL, NULL, (LPTHREAD_START_ROUTINE)ThreadStartAddress, ThreadPassParameter, NULL, ThreadId);
}
else
{
myThread = CreateRemoteThread(hProcess, NULL, NULL, (LPTHREAD_START_ROUTINE)ThreadStartAddress, ThreadPassParameter, NULL, ThreadId);
HANDLE myThread = CreateRemoteThread(hProcess, NULL, NULL, (LPTHREAD_START_ROUTINE)ThreadStartAddress, ThreadPassParameter, NULL, ThreadId);
EngineCloseHandle(myThread);
return(NULL);
return NULL;
}
}
return(NULL);
return NULL;
}
__declspec(dllexport) bool TITCALL ThreaderInjectAndExecuteCodeEx(HANDLE hProcess, LPVOID InjectCode, DWORD StartDelta, DWORD InjectSize)
{
LPVOID ThreadBase = 0;
ULONG_PTR ueNumberOfBytesRead = 0;
if(hProcess != NULL)
{
ThreadBase = VirtualAllocEx(hProcess, NULL, InjectSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
LPVOID ThreadBase = VirtualAllocEx(hProcess, NULL, InjectSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
ULONG_PTR ueNumberOfBytesRead = 0;
if(WriteProcessMemory(hProcess, ThreadBase, InjectCode, InjectSize, &ueNumberOfBytesRead))
{
ThreaderCreateRemoteThread((ULONG_PTR)((ULONG_PTR)InjectCode + StartDelta), true, NULL, NULL);
return true;
}
else
{
return false;
}
}
return false;
}
__declspec(dllexport) void TITCALL ThreaderSetCallBackForNextExitThreadEvent(LPVOID exitThreadCallBack)
{
engineExitThreadOneShootCallBack = exitThreadCallBack;
}
__declspec(dllexport) bool TITCALL ThreaderIsThreadStillRunning(HANDLE hThread)
{
CONTEXT myDBGContext;
RtlZeroMemory(&myDBGContext, sizeof CONTEXT);
memset(&myDBGContext, 0, sizeof(CONTEXT));
myDBGContext.ContextFlags = CONTEXT_ALL;
if(GetThreadContext(hThread, &myDBGContext))
{
return true;
}
else
{
return false;
}
return GetThreadContext(hThread, &myDBGContext);
}
__declspec(dllexport) bool TITCALL ThreaderIsThreadActive(HANDLE hThread)
{
if(SuspendThread(hThread)) //if previous suspend count is above 0 (which means thread is suspended)
@ -377,30 +213,18 @@ __declspec(dllexport) bool TITCALL ThreaderIsThreadActive(HANDLE hThread)
}
return false;
}
__declspec(dllexport) bool TITCALL ThreaderIsAnyThreadActive()
{
PTHREAD_ITEM_DATA hListThreadPtr = (PTHREAD_ITEM_DATA)hListThread;
if(hListThreadPtr != NULL)
{
while(hListThreadPtr->hThread != NULL)
{
if(hListThreadPtr->hThread != (HANDLE)-1)
{
if(ThreaderIsThreadActive(hListThreadPtr->hThread))
{
return true;
}
}
hListThreadPtr = (PTHREAD_ITEM_DATA)((ULONG_PTR)hListThreadPtr + sizeof THREAD_ITEM_DATA);
}
}
return false;
int threadcount=hListThread.size();
for(int i=0; i<threadcount; i++)
if(ThreaderIsThreadActive(hListThread.at(i).hThread))
return true;
return false;
}
__declspec(dllexport) bool TITCALL ThreaderExecuteOnlyInjectedThreads()
{
if(ThreaderPauseProcess())
{
engineResumeProcessIfNoThreadIsActive = true;
@ -408,37 +232,19 @@ __declspec(dllexport) bool TITCALL ThreaderExecuteOnlyInjectedThreads()
}
return false;
}
__declspec(dllexport) long long TITCALL ThreaderGetOpenHandleForThread(DWORD ThreadId)
{
PTHREAD_ITEM_DATA hListThreadPtr = (PTHREAD_ITEM_DATA)hListThread;
if(hListThread != NULL)
{
while(hListThreadPtr->hThread != NULL)
{
if(hListThreadPtr->hThread != (HANDLE)-1 && hListThreadPtr->dwThreadId == ThreadId)
{
return((ULONG_PTR)hListThreadPtr->hThread);
}
hListThreadPtr = (PTHREAD_ITEM_DATA)((ULONG_PTR)hListThreadPtr + sizeof THREAD_ITEM_DATA);
}
}
return(NULL);
}
__declspec(dllexport) void* TITCALL ThreaderGetThreadData()
{
return(hListThread);
int threadcount=hListThread.size();
for(int i=0; i<threadcount; i++)
if(hListThread.at(i).dwThreadId == ThreadId)
return (ULONG_PTR)hListThread.at(i).hThread;
return 0;
}
__declspec(dllexport) bool TITCALL ThreaderIsExceptionInMainThread()
{
LPDEBUG_EVENT myDBGEvent;
myDBGEvent = (LPDEBUG_EVENT)GetDebugData();
if(myDBGEvent->dwThreadId == dbgProcessInformation.dwThreadId)
{
return true;
}
return false;
return (myDBGEvent->dwThreadId == dbgProcessInformation.dwThreadId);
}

1
TitanEngine/TitanEngine.cbp
View File

@ -139,6 +139,7 @@
<Unit filename="aplib.h" />
<Unit filename="definitions.h" />
<Unit filename="distorm.h" />
<Unit filename="ntdll.h" />
<Unit filename="resource.h" />
<Unit filename="scylla_wrapper.h" />
<Unit filename="stdafx.cpp" />

1
TitanEngine/TitanEngine.def
View File

@ -324,7 +324,6 @@ ThreaderIsThreadActive
ThreaderIsAnyThreadActive
ThreaderExecuteOnlyInjectedThreads
ThreaderGetOpenHandleForThread
ThreaderGetThreadData
StaticFileLoad
StaticFileLoadW
StaticFileUnload

32
TitanEngine/aplib.h
View File

@ -29,11 +29,11 @@ extern "C" {
#endif
unsigned int APLIB_CONVENTION aP_pack(const void *source,
void *destination,
unsigned int length,
void *workmem,
int (__cdecl *callback)(unsigned int, unsigned int, unsigned int, void *),
void *cbparam);
void *destination,
unsigned int length,
void *workmem,
int (__cdecl *callback)(unsigned int, unsigned int, unsigned int, void *),
void *cbparam);
unsigned int APLIB_CONVENTION aP_workmem_size(unsigned int inputsize);
@ -44,27 +44,27 @@ unsigned int APLIB_CONVENTION aP_depack_asm(const void *source, void *destinatio
unsigned int APLIB_CONVENTION aP_depack_asm_fast(const void *source, void *destination);
unsigned int APLIB_CONVENTION aP_depack_asm_safe(const void *source,
unsigned int srclen,
void *destination,
unsigned int dstlen);
unsigned int srclen,
void *destination,
unsigned int dstlen);
unsigned int APLIB_CONVENTION aP_crc32(const void *source, unsigned int length);
unsigned int APLIB_CONVENTION aPsafe_pack(const void *source,
void *destination,
unsigned int length,
void *workmem,
int (__cdecl *callback)(unsigned int, unsigned int, unsigned int, void *),
void *cbparam);
void *destination,
unsigned int length,
void *workmem,
int (__cdecl *callback)(unsigned int, unsigned int, unsigned int, void *),
void *cbparam);
unsigned int APLIB_CONVENTION aPsafe_check(const void *source);
unsigned int APLIB_CONVENTION aPsafe_get_orig_size(const void *source);
unsigned int APLIB_CONVENTION aPsafe_depack(const void *source,
unsigned int srclen,
void *destination,
unsigned int dstlen);
unsigned int srclen,
void *destination,
unsigned int dstlen);
#ifdef __cplusplus
} /* extern "C" */

1
TitanEngine/definitions.h
View File

@ -145,7 +145,6 @@ __declspec(dllexport) bool TITCALL ThreaderIsThreadActive(HANDLE hThread);
__declspec(dllexport) bool TITCALL ThreaderIsAnyThreadActive();
__declspec(dllexport) bool TITCALL ThreaderExecuteOnlyInjectedThreads();
__declspec(dllexport) long long TITCALL ThreaderGetOpenHandleForThread(DWORD ThreadId);
__declspec(dllexport) void* TITCALL ThreaderGetThreadData();
__declspec(dllexport) bool TITCALL ThreaderIsExceptionInMainThread();
// TitanEngine.Debugger.functions:
__declspec(dllexport) void* TITCALL StaticDisassembleEx(ULONG_PTR DisassmStart, LPVOID DisassmAddress);

434
TitanEngine/ntdll.h
View File

@ -8,204 +8,210 @@
#pragma comment(lib, "ntdll_x64.lib")
#endif
typedef LONG NTSTATUS;
typedef struct _UNICODE_STRING {
USHORT Length;
USHORT MaximumLength;
PWSTR Buffer;
typedef struct _UNICODE_STRING
{
USHORT Length;
USHORT MaximumLength;
PWSTR Buffer;
} UNICODE_STRING, *PUNICODE_STRING;
typedef struct _PUBLIC_OBJECT_BASIC_INFORMATION {
ULONG Attributes;
ACCESS_MASK GrantedAccess;
ULONG HandleCount;
ULONG PointerCount;
typedef struct _PUBLIC_OBJECT_BASIC_INFORMATION
{
ULONG Attributes;
ACCESS_MASK GrantedAccess;
ULONG HandleCount;
ULONG PointerCount;
ULONG Reserved[10]; // reserved for internal use
ULONG Reserved[10]; // reserved for internal use
} PUBLIC_OBJECT_BASIC_INFORMATION, *PPUBLIC_OBJECT_BASIC_INFORMATION;
typedef struct __PUBLIC_OBJECT_TYPE_INFORMATION {
typedef struct __PUBLIC_OBJECT_TYPE_INFORMATION
{
UNICODE_STRING TypeName;
UNICODE_STRING TypeName;
ULONG Reserved [22]; // reserved for internal use
ULONG Reserved [22]; // reserved for internal use
} PUBLIC_OBJECT_TYPE_INFORMATION, *PPUBLIC_OBJECT_TYPE_INFORMATION;
typedef struct _PROCESS_BASIC_INFORMATION {
PVOID Reserved1;
PVOID PebBaseAddress;
PVOID Reserved2[2];
ULONG_PTR UniqueProcessId;
PVOID Reserved3;
typedef struct _PROCESS_BASIC_INFORMATION
{
PVOID Reserved1;
PVOID PebBaseAddress;
PVOID Reserved2[2];
ULONG_PTR UniqueProcessId;
PVOID Reserved3;
} PROCESS_BASIC_INFORMATION;
typedef PROCESS_BASIC_INFORMATION *PPROCESS_BASIC_INFORMATION;
typedef enum _PROCESSINFOCLASS {
ProcessBasicInformation,
ProcessQuotaLimits,
ProcessIoCounters,
ProcessVmCounters,
ProcessTimes,
ProcessBasePriority,
ProcessRaisePriority,
ProcessDebugPort,
ProcessExceptionPort,
ProcessAccessToken,
ProcessLdtInformation,
ProcessLdtSize,
ProcessDefaultHardErrorMode,
ProcessIoPortHandlers, // Note: this is kernel mode only
ProcessPooledUsageAndLimits,
ProcessWorkingSetWatch,
ProcessUserModeIOPL,
ProcessEnableAlignmentFaultFixup,
ProcessPriorityClass,
ProcessWx86Information,
ProcessHandleCount,
ProcessAffinityMask,
ProcessPriorityBoost,
ProcessDeviceMap,
ProcessSessionInformation,
ProcessForegroundInformation,
ProcessWow64Information,
ProcessImageFileName,
ProcessLUIDDeviceMapsEnabled,
ProcessBreakOnTermination,
ProcessDebugObjectHandle,
ProcessDebugFlags,
ProcessHandleTracing,
ProcessIoPriority,
ProcessExecuteFlags,
ProcessResourceManagement,
ProcessCookie,
ProcessImageInformation,
MaxProcessInfoClass // MaxProcessInfoClass should always be the last enum
typedef enum _PROCESSINFOCLASS
{
ProcessBasicInformation,
ProcessQuotaLimits,
ProcessIoCounters,
ProcessVmCounters,
ProcessTimes,
ProcessBasePriority,
ProcessRaisePriority,
ProcessDebugPort,
ProcessExceptionPort,
ProcessAccessToken,
ProcessLdtInformation,
ProcessLdtSize,
ProcessDefaultHardErrorMode,
ProcessIoPortHandlers, // Note: this is kernel mode only
ProcessPooledUsageAndLimits,
ProcessWorkingSetWatch,
ProcessUserModeIOPL,
ProcessEnableAlignmentFaultFixup,
ProcessPriorityClass,
ProcessWx86Information,
ProcessHandleCount,
ProcessAffinityMask,
ProcessPriorityBoost,
ProcessDeviceMap,
ProcessSessionInformation,
ProcessForegroundInformation,
ProcessWow64Information,
ProcessImageFileName,
ProcessLUIDDeviceMapsEnabled,
ProcessBreakOnTermination,
ProcessDebugObjectHandle,
ProcessDebugFlags,
ProcessHandleTracing,
ProcessIoPriority,
ProcessExecuteFlags,
ProcessResourceManagement,
ProcessCookie,
ProcessImageInformation,
MaxProcessInfoClass // MaxProcessInfoClass should always be the last enum
} PROCESSINFOCLASS;
typedef enum _SYSTEM_INFORMATION_CLASS {
SystemBasicInformation,
SystemProcessorInformation, // obsolete...delete
SystemPerformanceInformation,
SystemTimeOfDayInformation,
SystemPathInformation,
SystemProcessInformation,
SystemCallCountInformation,
SystemDeviceInformation,
SystemProcessorPerformanceInformation,
SystemFlagsInformation,
SystemCallTimeInformation,
SystemModuleInformation,
SystemLocksInformation,
SystemStackTraceInformation,
SystemPagedPoolInformation,
SystemNonPagedPoolInformation,
SystemHandleInformation,
SystemObjectInformation,
SystemPageFileInformation,
SystemVdmInstemulInformation,
SystemVdmBopInformation,
SystemFileCacheInformation,
SystemPoolTagInformation,
SystemInterruptInformation,
SystemDpcBehaviorInformation,
SystemFullMemoryInformation,
SystemLoadGdiDriverInformation,
SystemUnloadGdiDriverInformation,
SystemTimeAdjustmentInformation,
SystemSummaryMemoryInformation,
SystemMirrorMemoryInformation,
SystemPerformanceTraceInformation,
SystemObsolete0,
SystemExceptionInformation,
SystemCrashDumpStateInformation,
SystemKernelDebuggerInformation,
SystemContextSwitchInformation,
SystemRegistryQuotaInformation,
SystemExtendServiceTableInformation,
SystemPrioritySeperation,
SystemVerifierAddDriverInformation,
SystemVerifierRemoveDriverInformation,
SystemProcessorIdleInformation,
SystemLegacyDriverInformation,
SystemCurrentTimeZoneInformation,
SystemLookasideInformation,
SystemTimeSlipNotification,
SystemSessionCreate,
SystemSessionDetach,
SystemSessionInformation,
SystemRangeStartInformation,
SystemVerifierInformation,
SystemVerifierThunkExtend,
SystemSessionProcessInformation,
SystemLoadGdiDriverInSystemSpace,
SystemNumaProcessorMap,
SystemPrefetcherInformation,
SystemExtendedProcessInformation,
SystemRecommendedSharedDataAlignment,
SystemComPlusPackage,
SystemNumaAvailableMemory,
SystemProcessorPowerInformation,
SystemEmulationBasicInformation,
SystemEmulationProcessorInformation,
SystemExtendedHandleInformation,
SystemLostDelayedWriteInformation,
SystemBigPoolInformation,
SystemSessionPoolTagInformation,
SystemSessionMappedViewInformation,
SystemHotpatchInformation,
SystemObjectSecurityMode,
SystemWatchdogTimerHandler,
SystemWatchdogTimerInformation,
SystemLogicalProcessorInformation,
SystemWow64SharedInformation,
SystemRegisterFirmwareTableInformationHandler,
SystemFirmwareTableInformation,
SystemModuleInformationEx,
SystemVerifierTriageInformation,
SystemSuperfetchInformation,
SystemMemoryListInformation,
SystemFileCacheInformationEx,
MaxSystemInfoClass // MaxSystemInfoClass should always be the last enum
typedef enum _SYSTEM_INFORMATION_CLASS
{
SystemBasicInformation,
SystemProcessorInformation, // obsolete...delete
SystemPerformanceInformation,
SystemTimeOfDayInformation,
SystemPathInformation,
SystemProcessInformation,
SystemCallCountInformation,
SystemDeviceInformation,
SystemProcessorPerformanceInformation,
SystemFlagsInformation,
SystemCallTimeInformation,
SystemModuleInformation,
SystemLocksInformation,
SystemStackTraceInformation,
SystemPagedPoolInformation,
SystemNonPagedPoolInformation,
SystemHandleInformation,
SystemObjectInformation,
SystemPageFileInformation,
SystemVdmInstemulInformation,
SystemVdmBopInformation,
SystemFileCacheInformation,
SystemPoolTagInformation,
SystemInterruptInformation,
SystemDpcBehaviorInformation,
SystemFullMemoryInformation,
SystemLoadGdiDriverInformation,
SystemUnloadGdiDriverInformation,
SystemTimeAdjustmentInformation,
SystemSummaryMemoryInformation,
SystemMirrorMemoryInformation,
SystemPerformanceTraceInformation,
SystemObsolete0,
SystemExceptionInformation,
SystemCrashDumpStateInformation,
SystemKernelDebuggerInformation,
SystemContextSwitchInformation,
SystemRegistryQuotaInformation,
SystemExtendServiceTableInformation,
SystemPrioritySeperation,
SystemVerifierAddDriverInformation,
SystemVerifierRemoveDriverInformation,
SystemProcessorIdleInformation,
SystemLegacyDriverInformation,
SystemCurrentTimeZoneInformation,
SystemLookasideInformation,
SystemTimeSlipNotification,
SystemSessionCreate,
SystemSessionDetach,
SystemSessionInformation,
SystemRangeStartInformation,
SystemVerifierInformation,
SystemVerifierThunkExtend,
SystemSessionProcessInformation,
SystemLoadGdiDriverInSystemSpace,
SystemNumaProcessorMap,
SystemPrefetcherInformation,
SystemExtendedProcessInformation,
SystemRecommendedSharedDataAlignment,
SystemComPlusPackage,
SystemNumaAvailableMemory,
SystemProcessorPowerInformation,
SystemEmulationBasicInformation,
SystemEmulationProcessorInformation,
SystemExtendedHandleInformation,
SystemLostDelayedWriteInformation,
SystemBigPoolInformation,
SystemSessionPoolTagInformation,
SystemSessionMappedViewInformation,
SystemHotpatchInformation,
SystemObjectSecurityMode,
SystemWatchdogTimerHandler,
SystemWatchdogTimerInformation,
SystemLogicalProcessorInformation,
SystemWow64SharedInformation,
SystemRegisterFirmwareTableInformationHandler,
SystemFirmwareTableInformation,
SystemModuleInformationEx,
SystemVerifierTriageInformation,
SystemSuperfetchInformation,
SystemMemoryListInformation,
SystemFileCacheInformationEx,
MaxSystemInfoClass // MaxSystemInfoClass should always be the last enum
} SYSTEM_INFORMATION_CLASS;
typedef enum _OBJECT_INFORMATION_CLASS {
ObjectBasicInformation,
ObjectNameInformation,
ObjectTypeInformation,
ObjectTypesInformation,
ObjectHandleFlagInformation,
ObjectSessionInformation,
MaxObjectInfoClass // MaxObjectInfoClass should always be the last enum
typedef enum _OBJECT_INFORMATION_CLASS
{
ObjectBasicInformation,
ObjectNameInformation,
ObjectTypeInformation,
ObjectTypesInformation,
ObjectHandleFlagInformation,
ObjectSessionInformation,
MaxObjectInfoClass // MaxObjectInfoClass should always be the last enum
} OBJECT_INFORMATION_CLASS;
typedef enum _THREADINFOCLASS {
ThreadBasicInformation,
ThreadTimes,
ThreadPriority,
ThreadBasePriority,
ThreadAffinityMask,
ThreadImpersonationToken,
ThreadDescriptorTableEntry,
ThreadEnableAlignmentFaultFixup,
ThreadEventPair_Reusable,
ThreadQuerySetWin32StartAddress,
ThreadZeroTlsCell,
ThreadPerformanceCount,
ThreadAmILastThread,
ThreadIdealProcessor,
ThreadPriorityBoost,
ThreadSetTlsArrayAddress,
ThreadIsIoPending,
ThreadHideFromDebugger,
ThreadBreakOnTermination,
ThreadSwitchLegacyState,
ThreadIsTerminated,
MaxThreadInfoClass
typedef enum _THREADINFOCLASS
{
ThreadBasicInformation,
ThreadTimes,
ThreadPriority,
ThreadBasePriority,
ThreadAffinityMask,
ThreadImpersonationToken,
ThreadDescriptorTableEntry,
ThreadEnableAlignmentFaultFixup,
ThreadEventPair_Reusable,
ThreadQuerySetWin32StartAddress,
ThreadZeroTlsCell,
ThreadPerformanceCount,
ThreadAmILastThread,
ThreadIdealProcessor,
ThreadPriorityBoost,
ThreadSetTlsArrayAddress,
ThreadIsIoPending,
ThreadHideFromDebugger,
ThreadBreakOnTermination,
ThreadSwitchLegacyState,
ThreadIsTerminated,
MaxThreadInfoClass
} THREADINFOCLASS;
@ -213,47 +219,47 @@ typedef enum _THREADINFOCLASS {
extern "C" {
#endif
NTSYSCALLAPI
NTSTATUS
NTAPI
NtQueryInformationProcess (
__in HANDLE ProcessHandle,
__in PROCESSINFOCLASS ProcessInformationClass,
__out_bcount(ProcessInformationLength) PVOID ProcessInformation,
__in ULONG ProcessInformationLength,
__out_opt PULONG ReturnLength
);
NTSYSCALLAPI
NTSTATUS
NTAPI
NtQueryInformationProcess (
__in HANDLE ProcessHandle,
__in PROCESSINFOCLASS ProcessInformationClass,
__out_bcount(ProcessInformationLength) PVOID ProcessInformation,
__in ULONG ProcessInformationLength,
__out_opt PULONG ReturnLength
);
NTSYSCALLAPI
NTSTATUS
NTAPI
NtQueryObject (
__in HANDLE Handle,
__in OBJECT_INFORMATION_CLASS ObjectInformationClass,
__out_bcount_opt(ObjectInformationLength) PVOID ObjectInformation,
__in ULONG ObjectInformationLength,
__out_opt PULONG ReturnLength
);
NTSYSCALLAPI
NTSTATUS
NTAPI
NtQueryObject (
__in HANDLE Handle,
__in OBJECT_INFORMATION_CLASS ObjectInformationClass,
__out_bcount_opt(ObjectInformationLength) PVOID ObjectInformation,
__in ULONG ObjectInformationLength,
__out_opt PULONG ReturnLength
);
NTSYSCALLAPI
NTSTATUS
NTAPI
NtQuerySystemInformation (
__in SYSTEM_INFORMATION_CLASS SystemInformationClass,
__out_bcount_opt(SystemInformationLength) PVOID SystemInformation,
__in ULONG SystemInformationLength,
__out_opt PULONG ReturnLength
);
NTSYSCALLAPI
NTSTATUS
NTAPI
NtQuerySystemInformation (
__in SYSTEM_INFORMATION_CLASS SystemInformationClass,
__out_bcount_opt(SystemInformationLength) PVOID SystemInformation,
__in ULONG SystemInformationLength,
__out_opt PULONG ReturnLength
);
NTSYSCALLAPI
NTSTATUS
NTAPI
NtSetInformationThread (
__in HANDLE ThreadHandle,
__in THREADINFOCLASS ThreadInformationClass,
__in_bcount(ThreadInformationLength) PVOID ThreadInformation,
__in ULONG ThreadInformationLength
);
NTSYSCALLAPI
NTSTATUS
NTAPI
NtSetInformationThread (
__in HANDLE ThreadHandle,
__in THREADINFOCLASS ThreadInformationClass,
__in_bcount(ThreadInformationLength) PVOID ThreadInformation,
__in ULONG ThreadInformationLength
);
#ifdef __cplusplus
};

5
TitanEngine/stdafx.h
View File

@ -31,6 +31,9 @@
#define MAXIMUM_INSTRUCTION_SIZE (40)
#define MAX_RET_SEARCH_INSTRUCTIONS (100)
#define UE_TRAP_FLAG (0x100)
#define UE_RESUME_FLAG (0x10000)
#define UE_OPTION_IMPORTER_REALIGN_LOCAL_APIADDRESS 0
#define UE_OPTION_IMPORTER_REALIGN_APIADDRESS 1
#define UE_OPTION_IMPORTER_RETURN_APINAME 2 //no kernelbase
@ -923,7 +926,7 @@ struct _PEB_T
T ProcessHeaps;
//FULL PEB not needed
/* T GdiSharedHandleTable;
/* T GdiSharedHandleTable;
T ProcessStarterHelper;
T GdiDCAttributeList;
T LoaderLock;