diff --git a/SDK/C/TitanEngine.h b/SDK/C/TitanEngine.h index 2196ccd..ef674f8 100644 --- a/SDK/C/TitanEngine.h +++ b/SDK/C/TitanEngine.h @@ -1013,6 +1013,7 @@ __declspec(dllexport) long TITCALL GetActiveProcessId(const char* szImageName); __declspec(dllexport) long TITCALL GetActiveProcessIdW(const wchar_t* szImageName); __declspec(dllexport) void TITCALL EnumProcessesWithLibrary(const char* szLibraryName, void* EnumFunction); __declspec(dllexport) HANDLE TITCALL TitanOpenProcess(DWORD dwDesiredAccess, bool bInheritHandle, DWORD dwProcessId); +__declspec(dllexport) HANDLE TITCALL TitanOpenThread(DWORD dwDesiredAccess, bool bInheritHandle, DWORD dwThreadId); // TitanEngine.TLSFixer.functions: __declspec(dllexport) bool TITCALL TLSBreakOnCallBack(LPVOID ArrayOfCallBacks, DWORD NumberOfCallBacks, LPVOID bpxCallBack); __declspec(dllexport) bool TITCALL TLSGrabCallBackData(const char* szFileName, LPVOID ArrayOfCallBacks, LPDWORD NumberOfCallBacks); diff --git a/SDK/CPP/TitanEngine.h b/SDK/CPP/TitanEngine.h index 9d9da86..d4e606c 100644 --- a/SDK/CPP/TitanEngine.h +++ b/SDK/CPP/TitanEngine.h @@ -862,6 +862,7 @@ __declspec(dllimport) long TITCALL GetActiveProcessId(char* szImageName); __declspec(dllimport) long TITCALL GetActiveProcessIdW(wchar_t* szImageName); __declspec(dllimport) void TITCALL EnumProcessesWithLibrary(char* szLibraryName, void* EnumFunction); __declspec(dllimport) HANDLE TITCALL TitanOpenProcess(DWORD dwDesiredAccess, bool bInheritHandle, DWORD dwProcessId); +__declspec(dllexport) HANDLE TITCALL TitanOpenThread(DWORD dwDesiredAccess, bool bInheritHandle, DWORD dwThreadId); // TitanEngine.TLSFixer.functions: __declspec(dllimport) bool TITCALL TLSBreakOnCallBack(LPVOID ArrayOfCallBacks, DWORD NumberOfCallBacks, LPVOID bpxCallBack); __declspec(dllimport) bool TITCALL TLSGrabCallBackData(char* szFileName, LPVOID ArrayOfCallBacks, LPDWORD NumberOfCallBacks); diff --git a/SDK/CPP/TitanEngine.hpp b/SDK/CPP/TitanEngine.hpp index 8fecbcf..89f8827 100644 --- a/SDK/CPP/TitanEngine.hpp +++ b/SDK/CPP/TitanEngine.hpp @@ -1164,6 +1164,10 @@ public: { return UE::ThreaderIsExceptionInMainThread(); } + static HANDLE OpenThread(DWORD dwDesiredAccess, bool bInheritHandle, DWORD dwThreadId) + { + return UE::TitanOpenThread(dwDesiredAccess, bInheritHandle, dwThreadId); + } }; // -- diff --git a/TitanEngine/Global.Engine.cpp b/TitanEngine/Global.Engine.cpp index 5f3142b..caf12c4 100644 --- a/TitanEngine/Global.Engine.cpp +++ b/TitanEngine/Global.Engine.cpp @@ -2066,3 +2066,15 @@ HANDLE EngineOpenProcess(DWORD dwDesiredAccess, bool bInheritHandle, DWORD dwPro SetLastError(dwLastError); return hProcess; } + +HANDLE EngineOpenThread(DWORD dwDesiredAccess, bool bInheritHandle, DWORD dwThreadId) +{ + if(engineEnableDebugPrivilege) + EngineSetDebugPrivilege(GetCurrentProcess(), true); + HANDLE hThread = OpenThread(dwDesiredAccess, bInheritHandle, dwThreadId); + DWORD dwLastError = GetLastError(); + if(engineEnableDebugPrivilege) + EngineSetDebugPrivilege(GetCurrentProcess(), false); + SetLastError(dwLastError); + return hThread; +} diff --git a/TitanEngine/Global.Engine.h b/TitanEngine/Global.Engine.h index 9f01ebf..8c9b368 100644 --- a/TitanEngine/Global.Engine.h +++ b/TitanEngine/Global.Engine.h @@ -54,5 +54,6 @@ bool EngineGetLibraryOrdinalData(ULONG_PTR ModuleBase, LPDWORD ptrOrdinalBase, L ULONG_PTR EngineGlobalAPIHandler(HANDLE handleProcess, ULONG_PTR EnumedModulesBases, ULONG_PTR APIAddress, const char* szAPIName, DWORD ReturnType); DWORD EngineSetDebugPrivilege(HANDLE hProcess, bool bEnablePrivilege); HANDLE EngineOpenProcess(DWORD dwDesiredAccess, bool bInheritHandle, DWORD dwProcessId); +HANDLE EngineOpenThread(DWORD dwDesiredAccess, bool bInheritHandle, DWORD dwThreadId); #endif //_GLOBAL_ENGINE_H \ No newline at end of file diff --git a/TitanEngine/TitanEngine.Debugger.Context.cpp b/TitanEngine/TitanEngine.Debugger.Context.cpp index 951101c..3b6111c 100644 --- a/TitanEngine/TitanEngine.Debugger.Context.cpp +++ b/TitanEngine/TitanEngine.Debugger.Context.cpp @@ -349,7 +349,7 @@ __declspec(dllexport) ULONG_PTR TITCALL GetContextDataEx(HANDLE hActiveThread, D __declspec(dllexport) ULONG_PTR TITCALL GetContextData(DWORD IndexOfRegister) { - HANDLE hActiveThread = OpenThread(THREAD_SUSPEND_RESUME | THREAD_GET_CONTEXT, false, DBGEvent.dwThreadId); + HANDLE hActiveThread = EngineOpenThread(THREAD_SUSPEND_RESUME | THREAD_GET_CONTEXT, false, DBGEvent.dwThreadId); ULONG_PTR ContextReturn = GetContextDataEx(hActiveThread, IndexOfRegister); EngineCloseHandle(hActiveThread); return ContextReturn; @@ -918,7 +918,7 @@ __declspec(dllexport) bool TITCALL SetContextDataEx(HANDLE hActiveThread, DWORD __declspec(dllexport) bool TITCALL SetContextData(DWORD IndexOfRegister, ULONG_PTR NewRegisterValue) { - HANDLE hActiveThread = OpenThread(THREAD_SUSPEND_RESUME | THREAD_SET_CONTEXT | THREAD_GET_CONTEXT, false, DBGEvent.dwThreadId); + HANDLE hActiveThread = EngineOpenThread(THREAD_SUSPEND_RESUME | THREAD_SET_CONTEXT | THREAD_GET_CONTEXT, false, DBGEvent.dwThreadId); bool ContextReturn = SetContextDataEx(hActiveThread, IndexOfRegister, NewRegisterValue); EngineCloseHandle(hActiveThread); return ContextReturn; diff --git a/TitanEngine/TitanEngine.Debugger.DebugLoop.cpp b/TitanEngine/TitanEngine.Debugger.DebugLoop.cpp index 51e427f..cfad8a0 100644 --- a/TitanEngine/TitanEngine.Debugger.DebugLoop.cpp +++ b/TitanEngine/TitanEngine.Debugger.DebugLoop.cpp @@ -453,7 +453,7 @@ __declspec(dllexport) void TITCALL DebugLoop() { FlushInstructionCache(dbgProcessInformation.hProcess, NULL, 0); DBGCode = DBG_CONTINUE; - hActiveThread = OpenThread(THREAD_GET_CONTEXT | THREAD_SET_CONTEXT, false, DBGEvent.dwThreadId); + hActiveThread = EngineOpenThread(THREAD_GET_CONTEXT | THREAD_SET_CONTEXT, false, DBGEvent.dwThreadId); myDBGContext.ContextFlags = CONTEXT_CONTROL; GetThreadContext(hActiveThread, &myDBGContext); if(FoundBreakPoint.BreakPointType != UE_SINGLESHOOT) @@ -583,7 +583,7 @@ __declspec(dllexport) void TITCALL DebugLoop() } else { - hActiveThread = OpenThread(THREAD_GET_CONTEXT | THREAD_SET_CONTEXT | THREAD_QUERY_INFORMATION, false, DBGEvent.dwThreadId); + hActiveThread = EngineOpenThread(THREAD_GET_CONTEXT | THREAD_SET_CONTEXT | THREAD_QUERY_INFORMATION, false, DBGEvent.dwThreadId); myDBGContext.ContextFlags = CONTEXT_CONTROL; GetThreadContext(hActiveThread, &myDBGContext); myDBGContext.EFlags |= UE_TRAP_FLAG; @@ -636,7 +636,7 @@ __declspec(dllexport) void TITCALL DebugLoop() else //no resetting needed (debugger reached hardware breakpoint or the user stepped) { //handle hardware breakpoints - hActiveThread = OpenThread(THREAD_GET_CONTEXT | THREAD_SET_CONTEXT, false, DBGEvent.dwThreadId); + hActiveThread = EngineOpenThread(THREAD_GET_CONTEXT | THREAD_SET_CONTEXT, false, DBGEvent.dwThreadId); myDBGContext.ContextFlags = CONTEXT_DEBUG_REGISTERS | CONTEXT_CONTROL; GetThreadContext(hActiveThread, &myDBGContext); if((ULONG_PTR)DBGEvent.u.Exception.ExceptionRecord.ExceptionAddress == myDBGContext.Dr0 || (myDBGContext.Dr6 & 0x1)) @@ -816,7 +816,7 @@ __declspec(dllexport) void TITCALL DebugLoop() } if(bFoundBreakPoint) //found memory breakpoint { - hActiveThread = OpenThread(THREAD_GET_CONTEXT | THREAD_SET_CONTEXT, false, DBGEvent.dwThreadId); + hActiveThread = EngineOpenThread(THREAD_GET_CONTEXT | THREAD_SET_CONTEXT, false, DBGEvent.dwThreadId); myDBGContext.ContextFlags = CONTEXT_CONTROL; GetThreadContext(hActiveThread, &myDBGContext); DBGCode = DBG_CONTINUE; //debugger handled the exception @@ -990,7 +990,7 @@ __declspec(dllexport) void TITCALL DebugLoop() { FlushInstructionCache(dbgProcessInformation.hProcess, NULL, 0); DBGCode = DBG_CONTINUE; - hActiveThread = OpenThread(THREAD_GET_CONTEXT | THREAD_SET_CONTEXT | THREAD_QUERY_INFORMATION, false, DBGEvent.dwThreadId); + hActiveThread = EngineOpenThread(THREAD_GET_CONTEXT | THREAD_SET_CONTEXT | THREAD_QUERY_INFORMATION, false, DBGEvent.dwThreadId); myDBGContext.ContextFlags = CONTEXT_CONTROL; GetThreadContext(hActiveThread, &myDBGContext); if(FoundBreakPoint.BreakPointType != UE_SINGLESHOOT) diff --git a/TitanEngine/TitanEngine.Debugger.cpp b/TitanEngine/TitanEngine.Debugger.cpp index 3feffc9..2b9a422 100644 --- a/TitanEngine/TitanEngine.Debugger.cpp +++ b/TitanEngine/TitanEngine.Debugger.cpp @@ -295,7 +295,7 @@ __declspec(dllexport) bool TITCALL DetachDebuggerEx(DWORD ProcessId) int threadcount = (int)hListThread.size(); for(int i = 0; i < threadcount; i++) { - HANDLE hActiveThread = OpenThread(THREAD_GET_CONTEXT | THREAD_SET_CONTEXT, false, hListThread.at(i).dwThreadId); + HANDLE hActiveThread = EngineOpenThread(THREAD_GET_CONTEXT | THREAD_SET_CONTEXT, false, hListThread.at(i).dwThreadId); CONTEXT myDBGContext; myDBGContext.ContextFlags = CONTEXT_CONTROL; GetThreadContext(hActiveThread, &myDBGContext); diff --git a/TitanEngine/TitanEngine.Process.cpp b/TitanEngine/TitanEngine.Process.cpp index 6010b61..0f256df 100644 --- a/TitanEngine/TitanEngine.Process.cpp +++ b/TitanEngine/TitanEngine.Process.cpp @@ -135,4 +135,9 @@ __declspec(dllexport) void TITCALL EnumProcessesWithLibrary(char* szLibraryName, __declspec(dllexport) HANDLE TITCALL TitanOpenProcess(DWORD dwDesiredAccess, bool bInheritHandle, DWORD dwProcessId) { return EngineOpenProcess(dwDesiredAccess, bInheritHandle, dwProcessId); +} + +__declspec(dllexport) HANDLE TITCALL TitanOpenThread(DWORD dwDesiredAccess, bool bInheritHandle, DWORD dwThreadId) +{ + return EngineOpenThread(dwDesiredAccess, bInheritHandle, dwThreadId); } \ No newline at end of file diff --git a/TitanEngine/TitanEngine.Threader.cpp b/TitanEngine/TitanEngine.Threader.cpp index 007548b..9ff7bda 100644 --- a/TitanEngine/TitanEngine.Threader.cpp +++ b/TitanEngine/TitanEngine.Threader.cpp @@ -112,7 +112,7 @@ __declspec(dllexport) bool TITCALL ThreaderImportRunningThreadData(DWORD Process NewThreadData.WaitTime = pIterThread->WaitTime; NewThreadData.dwThreadId = (DWORD)pIterThread->ClientId.UniqueThread; - NewThreadData.hThread = OpenThread(THREAD_ALL_ACCESS, FALSE, NewThreadData.dwThreadId); + NewThreadData.hThread = EngineOpenThread(THREAD_ALL_ACCESS, FALSE, NewThreadData.dwThreadId); if(NewThreadData.hThread) { NewThreadData.TebAddress = GetTEBLocation(NewThreadData.hThread); diff --git a/TitanEngine/definitions.h b/TitanEngine/definitions.h index 863f085..e2c23e1 100644 --- a/TitanEngine/definitions.h +++ b/TitanEngine/definitions.h @@ -350,6 +350,7 @@ __declspec(dllexport) long TITCALL GetActiveProcessId(char* szImageName); __declspec(dllexport) long TITCALL GetActiveProcessIdW(wchar_t* szImageName); __declspec(dllexport) void TITCALL EnumProcessesWithLibrary(char* szLibraryName, void* EnumFunction); __declspec(dllexport) HANDLE TITCALL TitanOpenProcess(DWORD dwDesiredAccess, bool bInheritHandle, DWORD dwProcessId); +__declspec(dllexport) HANDLE TITCALL TitanOpenThread(DWORD dwDesiredAccess, bool bInheritHandle, DWORD dwThreadId); // TitanEngine.TLSFixer.functions: __declspec(dllexport) bool TITCALL TLSBreakOnCallBack(LPVOID ArrayOfCallBacks, DWORD NumberOfCallBacks, LPVOID bpxCallBack); __declspec(dllexport) bool TITCALL TLSGrabCallBackData(char* szFileName, LPVOID ArrayOfCallBacks, LPDWORD NumberOfCallBacks);