x64dbg
/
TitanEngine
mirror of https://github.com/x64dbg/TitanEngine
1
0
Fork 0
Code Releases Activity

added UE_BASEOFCODE / UE_BASEOFDATA to Dumper::GetPE32 / Dumper::SetPE32 functions

This commit is contained in:
cypherpunk 2013-12-18 15:03:25 +01:00
parent e7714c7c27
commit d251983720
5 changed files with 85 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
SDK/C/TitanEngine.h
View File

@ -87,12 +87,15 @@
#define UE_SUBSYSTEM 20
#define UE_CHARACTERISTICS 21
#define UE_NUMBEROFRVAANDSIZES 22
#define UE_SECTIONNAME 23
#define UE_SECTIONVIRTUALOFFSET 24
#define UE_SECTIONVIRTUALSIZE 25
#define UE_SECTIONRAWOFFSET 26
#define UE_SECTIONRAWSIZE 27
#define UE_SECTIONFLAGS 28
#define UE_BASEOFCODE 23
#define UE_BASEOFDATA 24
//leaving some enum space here for future additions
#define UE_SECTIONNAME 40
#define UE_SECTIONVIRTUALOFFSET 41
#define UE_SECTIONVIRTUALSIZE 42
#define UE_SECTIONRAWOFFSET 43
#define UE_SECTIONRAWSIZE 44
#define UE_SECTIONFLAGS 45
#define UE_VANOTFOUND = -2;
@ -253,6 +256,8 @@ typedef struct
DWORD PE32Offset;
DWORD ImageBase;
DWORD OriginalEntryPoint;
DWORD BaseOfCode;
DWORD BaseOfData;
DWORD NtSizeOfImage;
DWORD NtSizeOfHeaders;
WORD SizeOfOptionalHeaders;
@ -281,6 +286,8 @@ typedef struct
DWORD PE64Offset;
DWORD64 ImageBase;
DWORD OriginalEntryPoint;
DWORD BaseOfCode;
DWORD BaseOfData;
DWORD NtSizeOfImage;
DWORD NtSizeOfHeaders;
WORD SizeOfOptionalHeaders;

19
SDK/CPP/TitanEngine.h
View File

@ -87,12 +87,15 @@ const BYTE UE_CHECKSUM = 19;
const BYTE UE_SUBSYSTEM = 20;
const BYTE UE_CHARACTERISTICS = 21;
const BYTE UE_NUMBEROFRVAANDSIZES = 22;
const BYTE UE_SECTIONNAME = 23;
const BYTE UE_SECTIONVIRTUALOFFSET = 24;
const BYTE UE_SECTIONVIRTUALSIZE = 25;
const BYTE UE_SECTIONRAWOFFSET = 26;
const BYTE UE_SECTIONRAWSIZE = 27;
const BYTE UE_SECTIONFLAGS = 28;
const BYTE UE_BASEOFCODE = 23;
const BYTE UE_BASEOFDATA = 24;
//leaving some enum space here for future additions
const BYTE UE_SECTIONNAME = 40;
const BYTE UE_SECTIONVIRTUALOFFSET = 41;
const BYTE UE_SECTIONVIRTUALSIZE = 42;
const BYTE UE_SECTIONRAWOFFSET = 43;
const BYTE UE_SECTIONRAWSIZE = 44;
const BYTE UE_SECTIONFLAGS = 45;
const long UE_VANOTFOUND = -2;
@ -253,6 +256,8 @@ typedef struct
DWORD PE32Offset;
DWORD ImageBase;
DWORD OriginalEntryPoint;
DWORD BaseOfCode;
DWORD BaseOfData;
DWORD NtSizeOfImage;
DWORD NtSizeOfHeaders;
WORD SizeOfOptionalHeaders;
@ -281,6 +286,8 @@ typedef struct
DWORD PE64Offset;
DWORD64 ImageBase;
DWORD OriginalEntryPoint;
DWORD BaseOfCode;
DWORD BaseOfData;
DWORD NtSizeOfImage;
DWORD NtSizeOfHeaders;
WORD SizeOfOptionalHeaders;

2
SDK/CPP/TitanEngine.hpp
View File

@ -112,6 +112,8 @@ enum ePE32Data : DWORD
UE_PE_OFFSET = UE::UE_PE_OFFSET,
UE_IMAGEBASE = UE::UE_IMAGEBASE,
UE_OEP = UE::UE_OEP,
UE_BASEOFCODE = UE::UE_BASEOFCODE,
UE_BASEOFDATA = UE::UE_BASEOFDATA,
UE_SIZEOFIMAGE = UE::UE_SIZEOFIMAGE,
UE_SIZEOFHEADERS = UE::UE_SIZEOFHEADERS,
UE_SIZEOFOPTIONALHEADER = UE::UE_SIZEOFOPTIONALHEADER,

45
TitanEngine/TitanEngine.cpp
View File

@ -5044,6 +5044,14 @@ __declspec(dllexport) long long TITCALL GetPE32DataFromMappedFile(ULONG_PTR File
{
return(PEHeader32->OptionalHeader.AddressOfEntryPoint);
}
else if(WhichData == UE_BASEOFCODE)
{
return(PEHeader32->OptionalHeader.BaseOfCode);
}
else if(WhichData == UE_BASEOFDATA)
{
return(PEHeader32->OptionalHeader.BaseOfData);
}
else if(WhichData == UE_SIZEOFIMAGE)
{
return(PEHeader32->OptionalHeader.SizeOfImage);
@ -5185,6 +5193,15 @@ __declspec(dllexport) long long TITCALL GetPE32DataFromMappedFile(ULONG_PTR File
{
return(PEHeader64->OptionalHeader.AddressOfEntryPoint);
}
else if(WhichData == UE_BASEOFCODE)
{
return(PEHeader64->OptionalHeader.BaseOfCode);
}
/* non-existent in IMAGE_OPTIONAL_HEADER64
else if(WhichData == UE_BASEOFDATA)
{
return(PEHeader64->OptionalHeader.BaseOfData);
}*/
else if(WhichData == UE_SIZEOFIMAGE)
{
return(PEHeader64->OptionalHeader.SizeOfImage);
@ -5389,6 +5406,8 @@ __declspec(dllexport) bool TITCALL GetPE32DataFromMappedFileEx(ULONG_PTR FileMap
PE32Structure->PE32Offset = DOSHeader->e_lfanew;
PE32Structure->ImageBase = PEHeader32->OptionalHeader.ImageBase;
PE32Structure->OriginalEntryPoint = PEHeader32->OptionalHeader.AddressOfEntryPoint;
PE32Structure->BaseOfCode = PEHeader32->OptionalHeader.BaseOfCode;
PE32Structure->BaseOfData = PEHeader32->OptionalHeader.BaseOfData;
PE32Structure->NtSizeOfImage = PEHeader32->OptionalHeader.SizeOfImage;
PE32Structure->NtSizeOfHeaders = PEHeader32->OptionalHeader.SizeOfHeaders;
PE32Structure->SizeOfOptionalHeaders = PEHeader32->FileHeader.SizeOfOptionalHeader;
@ -5417,6 +5436,8 @@ __declspec(dllexport) bool TITCALL GetPE32DataFromMappedFileEx(ULONG_PTR FileMap
PE64Structure->PE64Offset = DOSHeader->e_lfanew;
PE64Structure->ImageBase = PEHeader64->OptionalHeader.ImageBase;
PE64Structure->OriginalEntryPoint = PEHeader64->OptionalHeader.AddressOfEntryPoint;
PE64Structure->BaseOfCode = PEHeader32->OptionalHeader.BaseOfCode;
PE64Structure->BaseOfData = PEHeader32->OptionalHeader.BaseOfData;
PE64Structure->NtSizeOfImage = PEHeader64->OptionalHeader.SizeOfImage;
PE64Structure->NtSizeOfHeaders = PEHeader64->OptionalHeader.SizeOfHeaders;
PE64Structure->SizeOfOptionalHeaders = PEHeader64->FileHeader.SizeOfOptionalHeader;
@ -5554,6 +5575,16 @@ __declspec(dllexport) bool TITCALL SetPE32DataForMappedFile(ULONG_PTR FileMapVA,
PEHeader32->OptionalHeader.AddressOfEntryPoint = (DWORD)NewDataValue;
return(true);
}
else if(WhichData == UE_BASEOFCODE)
{
PEHeader32->OptionalHeader.BaseOfCode = (DWORD)NewDataValue;
return(true);
}
else if(WhichData == UE_BASEOFDATA)
{
PEHeader32->OptionalHeader.BaseOfData = (DWORD)NewDataValue;
return(true);
}
else if(WhichData == UE_SIZEOFIMAGE)
{
PEHeader32->OptionalHeader.SizeOfImage = (DWORD)NewDataValue;
@ -5729,6 +5760,16 @@ __declspec(dllexport) bool TITCALL SetPE32DataForMappedFile(ULONG_PTR FileMapVA,
PEHeader64->OptionalHeader.AddressOfEntryPoint = (DWORD)NewDataValue;
return(true);
}
else if(WhichData == UE_BASEOFCODE)
{
PEHeader64->OptionalHeader.BaseOfCode = (DWORD)NewDataValue;
return(true);
}
else if(WhichData == UE_BASEOFDATA)
{
//non-existant in IMAGE_OPTIONAL_HEADER64
return(false);
}
else if(WhichData == UE_SIZEOFIMAGE)
{
PEHeader64->OptionalHeader.SizeOfImage = (DWORD)NewDataValue;
@ -5979,6 +6020,8 @@ __declspec(dllexport) bool TITCALL SetPE32DataForMappedFileEx(ULONG_PTR FileMapV
DOSHeader->e_lfanew = PE32Structure->PE32Offset;
PEHeader32->OptionalHeader.ImageBase = PE32Structure->ImageBase;
PEHeader32->OptionalHeader.AddressOfEntryPoint = PE32Structure->OriginalEntryPoint;
PEHeader32->OptionalHeader.BaseOfCode = PE32Structure->BaseOfCode;
PEHeader32->OptionalHeader.BaseOfData = PE32Structure->BaseOfData;
PEHeader32->OptionalHeader.SizeOfImage = PE32Structure->NtSizeOfImage;
PEHeader32->OptionalHeader.SizeOfHeaders = PE32Structure->NtSizeOfHeaders;
PEHeader32->FileHeader.SizeOfOptionalHeader = PE32Structure->SizeOfOptionalHeaders;
@ -6014,6 +6057,7 @@ __declspec(dllexport) bool TITCALL SetPE32DataForMappedFileEx(ULONG_PTR FileMapV
DOSHeader->e_lfanew = PE64Structure->PE64Offset;
PEHeader64->OptionalHeader.ImageBase = PE64Structure->ImageBase;
PEHeader64->OptionalHeader.AddressOfEntryPoint = PE64Structure->OriginalEntryPoint;
PEHeader64->OptionalHeader.BaseOfCode = PE64Structure->BaseOfCode;
PEHeader64->OptionalHeader.SizeOfImage = PE64Structure->NtSizeOfImage;
PEHeader64->OptionalHeader.SizeOfHeaders = PE64Structure->NtSizeOfHeaders;
PEHeader64->FileHeader.SizeOfOptionalHeader = PE64Structure->SizeOfOptionalHeaders;
@ -6077,7 +6121,6 @@ __declspec(dllexport) bool TITCALL SetPE32DataEx(char* szFileName, LPVOID DataSt
return(false);
}
}
__declspec(dllexport) bool TITCALL SetPE32DataExW(wchar_t* szFileName, LPVOID DataStorage)
{

19
TitanEngine/stdafx.h
View File

@ -393,12 +393,15 @@ typedef struct HOOK_ENTRY
#define UE_SUBSYSTEM 20
#define UE_CHARACTERISTICS 21
#define UE_NUMBEROFRVAANDSIZES 22
#define UE_SECTIONNAME 23
#define UE_SECTIONVIRTUALOFFSET 24
#define UE_SECTIONVIRTUALSIZE 25
#define UE_SECTIONRAWOFFSET 26
#define UE_SECTIONRAWSIZE 27
#define UE_SECTIONFLAGS 28
#define UE_BASEOFCODE 23
#define UE_BASEOFDATA 24
//leaving some enum space here for future additions
#define UE_SECTIONNAME 40
#define UE_SECTIONVIRTUALOFFSET 41
#define UE_SECTIONVIRTUALSIZE 42
#define UE_SECTIONRAWOFFSET 43
#define UE_SECTIONRAWSIZE 44
#define UE_SECTIONFLAGS 45
#define UE_CH_BREAKPOINT 1
#define UE_CH_SINGLESTEP 2
@ -547,6 +550,8 @@ typedef struct
DWORD PE32Offset;
DWORD ImageBase;
DWORD OriginalEntryPoint;
DWORD BaseOfCode;
DWORD BaseOfData;
DWORD NtSizeOfImage;
DWORD NtSizeOfHeaders;
WORD SizeOfOptionalHeaders;
@ -575,6 +580,8 @@ typedef struct
DWORD PE64Offset;
DWORD64 ImageBase;
DWORD OriginalEntryPoint;
DWORD BaseOfCode;
DWORD BaseOfData;
DWORD NtSizeOfImage;
DWORD NtSizeOfHeaders;
WORD SizeOfOptionalHeaders;