diff --git a/SDK/C/TitanEngine.h b/SDK/C/TitanEngine.h index be19101..5877521 100644 --- a/SDK/C/TitanEngine.h +++ b/SDK/C/TitanEngine.h @@ -87,12 +87,15 @@ #define UE_SUBSYSTEM 20 #define UE_CHARACTERISTICS 21 #define UE_NUMBEROFRVAANDSIZES 22 -#define UE_SECTIONNAME 23 -#define UE_SECTIONVIRTUALOFFSET 24 -#define UE_SECTIONVIRTUALSIZE 25 -#define UE_SECTIONRAWOFFSET 26 -#define UE_SECTIONRAWSIZE 27 -#define UE_SECTIONFLAGS 28 +#define UE_BASEOFCODE 23 +#define UE_BASEOFDATA 24 +//leaving some enum space here for future additions +#define UE_SECTIONNAME 40 +#define UE_SECTIONVIRTUALOFFSET 41 +#define UE_SECTIONVIRTUALSIZE 42 +#define UE_SECTIONRAWOFFSET 43 +#define UE_SECTIONRAWSIZE 44 +#define UE_SECTIONFLAGS 45 #define UE_VANOTFOUND = -2; @@ -253,6 +256,8 @@ typedef struct DWORD PE32Offset; DWORD ImageBase; DWORD OriginalEntryPoint; + DWORD BaseOfCode; + DWORD BaseOfData; DWORD NtSizeOfImage; DWORD NtSizeOfHeaders; WORD SizeOfOptionalHeaders; @@ -281,6 +286,8 @@ typedef struct DWORD PE64Offset; DWORD64 ImageBase; DWORD OriginalEntryPoint; + DWORD BaseOfCode; + DWORD BaseOfData; DWORD NtSizeOfImage; DWORD NtSizeOfHeaders; WORD SizeOfOptionalHeaders; diff --git a/SDK/CPP/TitanEngine.h b/SDK/CPP/TitanEngine.h index 4e2672f..599c43f 100644 --- a/SDK/CPP/TitanEngine.h +++ b/SDK/CPP/TitanEngine.h @@ -87,12 +87,15 @@ const BYTE UE_CHECKSUM = 19; const BYTE UE_SUBSYSTEM = 20; const BYTE UE_CHARACTERISTICS = 21; const BYTE UE_NUMBEROFRVAANDSIZES = 22; -const BYTE UE_SECTIONNAME = 23; -const BYTE UE_SECTIONVIRTUALOFFSET = 24; -const BYTE UE_SECTIONVIRTUALSIZE = 25; -const BYTE UE_SECTIONRAWOFFSET = 26; -const BYTE UE_SECTIONRAWSIZE = 27; -const BYTE UE_SECTIONFLAGS = 28; +const BYTE UE_BASEOFCODE = 23; +const BYTE UE_BASEOFDATA = 24; +//leaving some enum space here for future additions +const BYTE UE_SECTIONNAME = 40; +const BYTE UE_SECTIONVIRTUALOFFSET = 41; +const BYTE UE_SECTIONVIRTUALSIZE = 42; +const BYTE UE_SECTIONRAWOFFSET = 43; +const BYTE UE_SECTIONRAWSIZE = 44; +const BYTE UE_SECTIONFLAGS = 45; const long UE_VANOTFOUND = -2; @@ -253,6 +256,8 @@ typedef struct DWORD PE32Offset; DWORD ImageBase; DWORD OriginalEntryPoint; + DWORD BaseOfCode; + DWORD BaseOfData; DWORD NtSizeOfImage; DWORD NtSizeOfHeaders; WORD SizeOfOptionalHeaders; @@ -281,6 +286,8 @@ typedef struct DWORD PE64Offset; DWORD64 ImageBase; DWORD OriginalEntryPoint; + DWORD BaseOfCode; + DWORD BaseOfData; DWORD NtSizeOfImage; DWORD NtSizeOfHeaders; WORD SizeOfOptionalHeaders; diff --git a/SDK/CPP/TitanEngine.hpp b/SDK/CPP/TitanEngine.hpp index 8b624c4..70e7463 100644 --- a/SDK/CPP/TitanEngine.hpp +++ b/SDK/CPP/TitanEngine.hpp @@ -112,6 +112,8 @@ enum ePE32Data : DWORD UE_PE_OFFSET = UE::UE_PE_OFFSET, UE_IMAGEBASE = UE::UE_IMAGEBASE, UE_OEP = UE::UE_OEP, + UE_BASEOFCODE = UE::UE_BASEOFCODE, + UE_BASEOFDATA = UE::UE_BASEOFDATA, UE_SIZEOFIMAGE = UE::UE_SIZEOFIMAGE, UE_SIZEOFHEADERS = UE::UE_SIZEOFHEADERS, UE_SIZEOFOPTIONALHEADER = UE::UE_SIZEOFOPTIONALHEADER, diff --git a/TitanEngine/TitanEngine.cpp b/TitanEngine/TitanEngine.cpp index f26aa7a..c6e7907 100644 --- a/TitanEngine/TitanEngine.cpp +++ b/TitanEngine/TitanEngine.cpp @@ -5044,6 +5044,14 @@ __declspec(dllexport) long long TITCALL GetPE32DataFromMappedFile(ULONG_PTR File { return(PEHeader32->OptionalHeader.AddressOfEntryPoint); } + else if(WhichData == UE_BASEOFCODE) + { + return(PEHeader32->OptionalHeader.BaseOfCode); + } + else if(WhichData == UE_BASEOFDATA) + { + return(PEHeader32->OptionalHeader.BaseOfData); + } else if(WhichData == UE_SIZEOFIMAGE) { return(PEHeader32->OptionalHeader.SizeOfImage); @@ -5185,6 +5193,15 @@ __declspec(dllexport) long long TITCALL GetPE32DataFromMappedFile(ULONG_PTR File { return(PEHeader64->OptionalHeader.AddressOfEntryPoint); } + else if(WhichData == UE_BASEOFCODE) + { + return(PEHeader64->OptionalHeader.BaseOfCode); + } + /* non-existent in IMAGE_OPTIONAL_HEADER64 + else if(WhichData == UE_BASEOFDATA) + { + return(PEHeader64->OptionalHeader.BaseOfData); + }*/ else if(WhichData == UE_SIZEOFIMAGE) { return(PEHeader64->OptionalHeader.SizeOfImage); @@ -5389,6 +5406,8 @@ __declspec(dllexport) bool TITCALL GetPE32DataFromMappedFileEx(ULONG_PTR FileMap PE32Structure->PE32Offset = DOSHeader->e_lfanew; PE32Structure->ImageBase = PEHeader32->OptionalHeader.ImageBase; PE32Structure->OriginalEntryPoint = PEHeader32->OptionalHeader.AddressOfEntryPoint; + PE32Structure->BaseOfCode = PEHeader32->OptionalHeader.BaseOfCode; + PE32Structure->BaseOfData = PEHeader32->OptionalHeader.BaseOfData; PE32Structure->NtSizeOfImage = PEHeader32->OptionalHeader.SizeOfImage; PE32Structure->NtSizeOfHeaders = PEHeader32->OptionalHeader.SizeOfHeaders; PE32Structure->SizeOfOptionalHeaders = PEHeader32->FileHeader.SizeOfOptionalHeader; @@ -5417,6 +5436,8 @@ __declspec(dllexport) bool TITCALL GetPE32DataFromMappedFileEx(ULONG_PTR FileMap PE64Structure->PE64Offset = DOSHeader->e_lfanew; PE64Structure->ImageBase = PEHeader64->OptionalHeader.ImageBase; PE64Structure->OriginalEntryPoint = PEHeader64->OptionalHeader.AddressOfEntryPoint; + PE64Structure->BaseOfCode = PEHeader32->OptionalHeader.BaseOfCode; + PE64Structure->BaseOfData = PEHeader32->OptionalHeader.BaseOfData; PE64Structure->NtSizeOfImage = PEHeader64->OptionalHeader.SizeOfImage; PE64Structure->NtSizeOfHeaders = PEHeader64->OptionalHeader.SizeOfHeaders; PE64Structure->SizeOfOptionalHeaders = PEHeader64->FileHeader.SizeOfOptionalHeader; @@ -5554,6 +5575,16 @@ __declspec(dllexport) bool TITCALL SetPE32DataForMappedFile(ULONG_PTR FileMapVA, PEHeader32->OptionalHeader.AddressOfEntryPoint = (DWORD)NewDataValue; return(true); } + else if(WhichData == UE_BASEOFCODE) + { + PEHeader32->OptionalHeader.BaseOfCode = (DWORD)NewDataValue; + return(true); + } + else if(WhichData == UE_BASEOFDATA) + { + PEHeader32->OptionalHeader.BaseOfData = (DWORD)NewDataValue; + return(true); + } else if(WhichData == UE_SIZEOFIMAGE) { PEHeader32->OptionalHeader.SizeOfImage = (DWORD)NewDataValue; @@ -5729,6 +5760,16 @@ __declspec(dllexport) bool TITCALL SetPE32DataForMappedFile(ULONG_PTR FileMapVA, PEHeader64->OptionalHeader.AddressOfEntryPoint = (DWORD)NewDataValue; return(true); } + else if(WhichData == UE_BASEOFCODE) + { + PEHeader64->OptionalHeader.BaseOfCode = (DWORD)NewDataValue; + return(true); + } + else if(WhichData == UE_BASEOFDATA) + { + //non-existant in IMAGE_OPTIONAL_HEADER64 + return(false); + } else if(WhichData == UE_SIZEOFIMAGE) { PEHeader64->OptionalHeader.SizeOfImage = (DWORD)NewDataValue; @@ -5979,6 +6020,8 @@ __declspec(dllexport) bool TITCALL SetPE32DataForMappedFileEx(ULONG_PTR FileMapV DOSHeader->e_lfanew = PE32Structure->PE32Offset; PEHeader32->OptionalHeader.ImageBase = PE32Structure->ImageBase; PEHeader32->OptionalHeader.AddressOfEntryPoint = PE32Structure->OriginalEntryPoint; + PEHeader32->OptionalHeader.BaseOfCode = PE32Structure->BaseOfCode; + PEHeader32->OptionalHeader.BaseOfData = PE32Structure->BaseOfData; PEHeader32->OptionalHeader.SizeOfImage = PE32Structure->NtSizeOfImage; PEHeader32->OptionalHeader.SizeOfHeaders = PE32Structure->NtSizeOfHeaders; PEHeader32->FileHeader.SizeOfOptionalHeader = PE32Structure->SizeOfOptionalHeaders; @@ -6014,6 +6057,7 @@ __declspec(dllexport) bool TITCALL SetPE32DataForMappedFileEx(ULONG_PTR FileMapV DOSHeader->e_lfanew = PE64Structure->PE64Offset; PEHeader64->OptionalHeader.ImageBase = PE64Structure->ImageBase; PEHeader64->OptionalHeader.AddressOfEntryPoint = PE64Structure->OriginalEntryPoint; + PEHeader64->OptionalHeader.BaseOfCode = PE64Structure->BaseOfCode; PEHeader64->OptionalHeader.SizeOfImage = PE64Structure->NtSizeOfImage; PEHeader64->OptionalHeader.SizeOfHeaders = PE64Structure->NtSizeOfHeaders; PEHeader64->FileHeader.SizeOfOptionalHeader = PE64Structure->SizeOfOptionalHeaders; @@ -6077,7 +6121,6 @@ __declspec(dllexport) bool TITCALL SetPE32DataEx(char* szFileName, LPVOID DataSt return(false); } } - __declspec(dllexport) bool TITCALL SetPE32DataExW(wchar_t* szFileName, LPVOID DataStorage) { diff --git a/TitanEngine/stdafx.h b/TitanEngine/stdafx.h index 7797fc6..f50c889 100644 --- a/TitanEngine/stdafx.h +++ b/TitanEngine/stdafx.h @@ -393,12 +393,15 @@ typedef struct HOOK_ENTRY #define UE_SUBSYSTEM 20 #define UE_CHARACTERISTICS 21 #define UE_NUMBEROFRVAANDSIZES 22 -#define UE_SECTIONNAME 23 -#define UE_SECTIONVIRTUALOFFSET 24 -#define UE_SECTIONVIRTUALSIZE 25 -#define UE_SECTIONRAWOFFSET 26 -#define UE_SECTIONRAWSIZE 27 -#define UE_SECTIONFLAGS 28 +#define UE_BASEOFCODE 23 +#define UE_BASEOFDATA 24 +//leaving some enum space here for future additions +#define UE_SECTIONNAME 40 +#define UE_SECTIONVIRTUALOFFSET 41 +#define UE_SECTIONVIRTUALSIZE 42 +#define UE_SECTIONRAWOFFSET 43 +#define UE_SECTIONRAWSIZE 44 +#define UE_SECTIONFLAGS 45 #define UE_CH_BREAKPOINT 1 #define UE_CH_SINGLESTEP 2 @@ -547,6 +550,8 @@ typedef struct DWORD PE32Offset; DWORD ImageBase; DWORD OriginalEntryPoint; + DWORD BaseOfCode; + DWORD BaseOfData; DWORD NtSizeOfImage; DWORD NtSizeOfHeaders; WORD SizeOfOptionalHeaders; @@ -575,6 +580,8 @@ typedef struct DWORD PE64Offset; DWORD64 ImageBase; DWORD OriginalEntryPoint; + DWORD BaseOfCode; + DWORD BaseOfData; DWORD NtSizeOfImage; DWORD NtSizeOfHeaders; WORD SizeOfOptionalHeaders;