diff --git a/TitanEngine.sln b/TitanEngine.sln index 8b4e093..b19ed88 100644 --- a/TitanEngine.sln +++ b/TitanEngine.sln @@ -3,6 +3,8 @@ Microsoft Visual Studio Solution File, Format Version 11.00 # Visual Studio 2010 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "TitanEngine", "TitanEngine\TitanEngine.vcxproj", "{9C7B8246-FDDA-48C7-9634-044969701E40}" EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "TitanUnitTest", "TitanUnitTest\TitanUnitTest.vcxproj", "{5B5AB3CD-4D32-43B0-8840-E05C9483381D}" +EndProject Global GlobalSection(SolutionConfigurationPlatforms) = preSolution Debug|Win32 = Debug|Win32 @@ -19,6 +21,12 @@ Global {9C7B8246-FDDA-48C7-9634-044969701E40}.Release|Win32.Build.0 = Release|Win32 {9C7B8246-FDDA-48C7-9634-044969701E40}.Release|x64.ActiveCfg = Release|x64 {9C7B8246-FDDA-48C7-9634-044969701E40}.Release|x64.Build.0 = Release|x64 + {5B5AB3CD-4D32-43B0-8840-E05C9483381D}.Debug|Win32.ActiveCfg = Debug|Win32 + {5B5AB3CD-4D32-43B0-8840-E05C9483381D}.Debug|Win32.Build.0 = Debug|Win32 + {5B5AB3CD-4D32-43B0-8840-E05C9483381D}.Debug|x64.ActiveCfg = Debug|Win32 + {5B5AB3CD-4D32-43B0-8840-E05C9483381D}.Release|Win32.ActiveCfg = Release|Win32 + {5B5AB3CD-4D32-43B0-8840-E05C9483381D}.Release|Win32.Build.0 = Release|Win32 + {5B5AB3CD-4D32-43B0-8840-E05C9483381D}.Release|x64.ActiveCfg = Release|Win32 EndGlobalSection GlobalSection(SolutionProperties) = preSolution HideSolutionNode = FALSE diff --git a/TitanUnitTest/README b/TitanUnitTest/README new file mode 100644 index 0000000..a496c61 --- /dev/null +++ b/TitanUnitTest/README @@ -0,0 +1,16 @@ +Setup: +- Put disasm.dll into Debug/Release folder. +- Put TitanEngine.dll into Debug/Release folder. +- Put TitanScript.dll into plugins/x86/ folder in Debug/Release folder. +(Can be found here https://bitbucket.org/cypherpunk/titanscript-update) + +Usage: +- TitanUnitTest.exe script.osc target.exe + +It understands complete OllyDbgScript language and adds additional TE commands + +Example script: +#log + +GPA "IsDebuggerPresent", "kernel32.dll" +LOG $RESULT \ No newline at end of file diff --git a/TitanUnitTest/TitanEngine.h b/TitanUnitTest/TitanEngine.h new file mode 100644 index 0000000..4db1828 --- /dev/null +++ b/TitanUnitTest/TitanEngine.h @@ -0,0 +1,928 @@ +#ifndef TITANENGINE +#define TITANENGINE + +#define TITCALL + +#if _MSC_VER > 1000 +#pragma once +#endif + +#include + +#pragma pack(push, 1) + +// Global.Constant.Structure.Declaration: +// Engine.External: +const BYTE UE_ACCESS_READ = 0; +const BYTE UE_ACCESS_WRITE = 1; +const BYTE UE_ACCESS_ALL = 2; + +const BYTE UE_HIDE_PEBONLY = 0; +const BYTE UE_HIDE_BASIC = 1; + +const BYTE UE_PLUGIN_CALL_REASON_PREDEBUG = 1; +const BYTE UE_PLUGIN_CALL_REASON_EXCEPTION = 2; +const BYTE UE_PLUGIN_CALL_REASON_POSTDEBUG = 3; + +const BYTE TEE_HOOK_NRM_JUMP = 1; +const BYTE TEE_HOOK_NRM_CALL = 3; +const BYTE TEE_HOOK_IAT = 5; + +const BYTE UE_ENGINE_ALOW_MODULE_LOADING = 1; +const BYTE UE_ENGINE_AUTOFIX_FORWARDERS = 2; +const BYTE UE_ENGINE_PASS_ALL_EXCEPTIONS = 3; +const BYTE UE_ENGINE_NO_CONSOLE_WINDOW = 4; +const BYTE UE_ENGINE_BACKUP_FOR_CRITICAL_FUNCTIONS = 5; +const BYTE UE_ENGINE_CALL_PLUGIN_CALLBACK = 6; +const BYTE UE_ENGINE_RESET_CUSTOM_HANDLER = 7; +const BYTE UE_ENGINE_CALL_PLUGIN_DEBUG_CALLBACK = 8; + +const BYTE UE_OPTION_REMOVEALL = 1; +const BYTE UE_OPTION_DISABLEALL = 2; +const BYTE UE_OPTION_REMOVEALLDISABLED = 3; +const BYTE UE_OPTION_REMOVEALLENABLED = 4; + +const BYTE UE_STATIC_DECRYPTOR_XOR = 1; +const BYTE UE_STATIC_DECRYPTOR_SUB = 2; +const BYTE UE_STATIC_DECRYPTOR_ADD = 3; + +const BYTE UE_STATIC_DECRYPTOR_FOREWARD = 1; +const BYTE UE_STATIC_DECRYPTOR_BACKWARD = 2; + +const BYTE UE_STATIC_KEY_SIZE_1 = 1; +const BYTE UE_STATIC_KEY_SIZE_2 = 2; +const BYTE UE_STATIC_KEY_SIZE_4 = 4; +const BYTE UE_STATIC_KEY_SIZE_8 = 8; + +const BYTE UE_STATIC_APLIB = 1; +const BYTE UE_STATIC_APLIB_DEPACK = 2; +const BYTE UE_STATIC_LZMA = 3; + +const BYTE UE_STATIC_HASH_MD5 = 1; +const BYTE UE_STATIC_HASH_SHA1 = 2; +const BYTE UE_STATIC_HASH_CRC32 = 3; + +const DWORD UE_RESOURCE_LANGUAGE_ANY = -1; + +const BYTE UE_PE_OFFSET = 0; +const BYTE UE_IMAGEBASE = 1; +const BYTE UE_OEP = 2; +const BYTE UE_SIZEOFIMAGE = 3; +const BYTE UE_SIZEOFHEADERS = 4; +const BYTE UE_SIZEOFOPTIONALHEADER = 5; +const BYTE UE_SECTIONALIGNMENT = 6; +const BYTE UE_IMPORTTABLEADDRESS = 7; +const BYTE UE_IMPORTTABLESIZE = 8; +const BYTE UE_RESOURCETABLEADDRESS = 9; +const BYTE UE_RESOURCETABLESIZE = 10; +const BYTE UE_EXPORTTABLEADDRESS = 11; +const BYTE UE_EXPORTTABLESIZE = 12; +const BYTE UE_TLSTABLEADDRESS = 13; +const BYTE UE_TLSTABLESIZE = 14; +const BYTE UE_RELOCATIONTABLEADDRESS = 15; +const BYTE UE_RELOCATIONTABLESIZE = 16; +const BYTE UE_TIMEDATESTAMP = 17; +const BYTE UE_SECTIONNUMBER = 18; +const BYTE UE_CHECKSUM = 19; +const BYTE UE_SUBSYSTEM = 20; +const BYTE UE_CHARACTERISTICS = 21; +const BYTE UE_NUMBEROFRVAANDSIZES = 22; +const BYTE UE_BASEOFCODE = 23; +const BYTE UE_BASEOFDATA = 24; +//leaving some enum space here for future additions +const BYTE UE_SECTIONNAME = 40; +const BYTE UE_SECTIONVIRTUALOFFSET = 41; +const BYTE UE_SECTIONVIRTUALSIZE = 42; +const BYTE UE_SECTIONRAWOFFSET = 43; +const BYTE UE_SECTIONRAWSIZE = 44; +const BYTE UE_SECTIONFLAGS = 45; + +const long UE_VANOTFOUND = -2; + +const BYTE UE_CH_BREAKPOINT = 1; +const BYTE UE_CH_SINGLESTEP = 2; +const BYTE UE_CH_ACCESSVIOLATION = 3; +const BYTE UE_CH_ILLEGALINSTRUCTION = 4; +const BYTE UE_CH_NONCONTINUABLEEXCEPTION = 5; +const BYTE UE_CH_ARRAYBOUNDSEXCEPTION = 6; +const BYTE UE_CH_FLOATDENORMALOPERAND = 7; +const BYTE UE_CH_FLOATDEVIDEBYZERO = 8; +const BYTE UE_CH_INTEGERDEVIDEBYZERO = 9; +const BYTE UE_CH_INTEGEROVERFLOW = 10; +const BYTE UE_CH_PRIVILEGEDINSTRUCTION = 11; +const BYTE UE_CH_PAGEGUARD = 12; +const BYTE UE_CH_EVERYTHINGELSE = 13; +const BYTE UE_CH_CREATETHREAD = 14; +const BYTE UE_CH_EXITTHREAD = 15; +const BYTE UE_CH_CREATEPROCESS = 16; +const BYTE UE_CH_EXITPROCESS = 17; +const BYTE UE_CH_LOADDLL = 18; +const BYTE UE_CH_UNLOADDLL = 19; +const BYTE UE_CH_OUTPUTDEBUGSTRING = 20; +const BYTE UE_CH_AFTEREXCEPTIONPROCESSING = 21; +const BYTE UE_CH_ALLEVENTS = 22; +const BYTE UE_CH_SYSTEMBREAKPOINT = 23; +const BYTE UE_CH_UNHANDLEDEXCEPTION = 24; +const BYTE UE_CH_RIPEVENT = 25; + +const BYTE UE_OPTION_HANDLER_RETURN_HANDLECOUNT = 1; +const BYTE UE_OPTION_HANDLER_RETURN_ACCESS = 2; +const BYTE UE_OPTION_HANDLER_RETURN_FLAGS = 3; +const BYTE UE_OPTION_HANDLER_RETURN_TYPENAME = 4; + +const BYTE UE_BREAKPOINT_INT3 = 1; +const BYTE UE_BREAKPOINT_LONG_INT3 = 2; +const BYTE UE_BREAKPOINT_UD2 = 3; + +const BYTE UE_BPXREMOVED = 0; +const BYTE UE_BPXACTIVE = 1; +const BYTE UE_BPXINACTIVE = 2; + +const BYTE UE_BREAKPOINT = 0; +const BYTE UE_SINGLESHOOT = 1; +const BYTE UE_HARDWARE = 2; +const BYTE UE_MEMORY = 3; +const BYTE UE_MEMORY_READ = 4; +const BYTE UE_MEMORY_WRITE = 5; +const BYTE UE_MEMORY_EXECUTE = 6; +const DWORD UE_BREAKPOINT_TYPE_INT3 = 0x10000000; +const DWORD UE_BREAKPOINT_TYPE_LONG_INT3 = 0x20000000; +const DWORD UE_BREAKPOINT_TYPE_UD2 = 0x30000000; + +const BYTE UE_HARDWARE_EXECUTE = 4; +const BYTE UE_HARDWARE_WRITE = 5; +const BYTE UE_HARDWARE_READWRITE = 6; + +const BYTE UE_HARDWARE_SIZE_1 = 7; +const BYTE UE_HARDWARE_SIZE_2 = 8; +const BYTE UE_HARDWARE_SIZE_4 = 9; +const BYTE UE_HARDWARE_SIZE_8 = 10; + +const BYTE UE_ON_LIB_LOAD = 1; +const BYTE UE_ON_LIB_UNLOAD = 2; +const BYTE UE_ON_LIB_ALL = 3; + +const BYTE UE_APISTART = 0; +const BYTE UE_APIEND = 1; + +const BYTE UE_PLATFORM_x86 = 1; +const BYTE UE_PLATFORM_x64 = 2; +const BYTE UE_PLATFORM_ALL = 3; + +const BYTE UE_FUNCTION_STDCALL = 1; +const BYTE UE_FUNCTION_CCALL = 2; +const BYTE UE_FUNCTION_FASTCALL = 3; +const BYTE UE_FUNCTION_STDCALL_RET = 4; +const BYTE UE_FUNCTION_CCALL_RET = 5; +const BYTE UE_FUNCTION_FASTCALL_RET = 6; +const BYTE UE_FUNCTION_STDCALL_CALL = 7; +const BYTE UE_FUNCTION_CCALL_CALL = 8; +const BYTE UE_FUNCTION_FASTCALL_CALL = 9; +const BYTE UE_PARAMETER_BYTE = 0; +const BYTE UE_PARAMETER_WORD = 1; +const BYTE UE_PARAMETER_DWORD = 2; +const BYTE UE_PARAMETER_QWORD = 3; +const BYTE UE_PARAMETER_PTR_BYTE = 4; +const BYTE UE_PARAMETER_PTR_WORD = 5; +const BYTE UE_PARAMETER_PTR_DWORD = 6; +const BYTE UE_PARAMETER_PTR_QWORD = 7; +const BYTE UE_PARAMETER_STRING = 8; +const BYTE UE_PARAMETER_UNICODE = 9; + +const BYTE UE_EAX = 1; +const BYTE UE_EBX = 2; +const BYTE UE_ECX = 3; +const BYTE UE_EDX = 4; +const BYTE UE_EDI = 5; +const BYTE UE_ESI = 6; +const BYTE UE_EBP = 7; +const BYTE UE_ESP = 8; +const BYTE UE_EIP = 9; +const BYTE UE_EFLAGS = 10; +const BYTE UE_DR0 = 11; +const BYTE UE_DR1 = 12; +const BYTE UE_DR2 = 13; +const BYTE UE_DR3 = 14; +const BYTE UE_DR6 = 15; +const BYTE UE_DR7 = 16; +const BYTE UE_RAX = 17; +const BYTE UE_RBX = 18; +const BYTE UE_RCX = 19; +const BYTE UE_RDX = 20; +const BYTE UE_RDI = 21; +const BYTE UE_RSI = 22; +const BYTE UE_RBP = 23; +const BYTE UE_RSP = 24; +const BYTE UE_RIP = 25; +const BYTE UE_RFLAGS = 26; +const BYTE UE_R8 = 27; +const BYTE UE_R9 = 28; +const BYTE UE_R10 = 29; +const BYTE UE_R11 = 30; +const BYTE UE_R12 = 31; +const BYTE UE_R13 = 32; +const BYTE UE_R14 = 33; +const BYTE UE_R15 = 34; +const BYTE UE_CIP = 35; +const BYTE UE_CSP = 36; +#ifdef _WIN64 +const BYTE UE_CFLAGS = UE_RFLAGS; +#else +const BYTE UE_CFLAGS = UE_EFLAGS; +#endif +const BYTE UE_SEG_GS = 37; +const BYTE UE_SEG_FS = 38; +const BYTE UE_SEG_ES = 39; +const BYTE UE_SEG_DS = 40; +const BYTE UE_SEG_CS = 41; +const BYTE UE_SEG_SS = 42; + +typedef struct +{ + DWORD PE32Offset; + DWORD ImageBase; + DWORD OriginalEntryPoint; + DWORD BaseOfCode; + DWORD BaseOfData; + DWORD NtSizeOfImage; + DWORD NtSizeOfHeaders; + WORD SizeOfOptionalHeaders; + DWORD FileAlignment; + DWORD SectionAligment; + DWORD ImportTableAddress; + DWORD ImportTableSize; + DWORD ResourceTableAddress; + DWORD ResourceTableSize; + DWORD ExportTableAddress; + DWORD ExportTableSize; + DWORD TLSTableAddress; + DWORD TLSTableSize; + DWORD RelocationTableAddress; + DWORD RelocationTableSize; + DWORD TimeDateStamp; + WORD SectionNumber; + DWORD CheckSum; + WORD SubSystem; + WORD Characteristics; + DWORD NumberOfRvaAndSizes; +} PE32Struct, *PPE32Struct; + +typedef struct +{ + DWORD PE64Offset; + DWORD64 ImageBase; + DWORD OriginalEntryPoint; + DWORD BaseOfCode; + DWORD BaseOfData; + DWORD NtSizeOfImage; + DWORD NtSizeOfHeaders; + WORD SizeOfOptionalHeaders; + DWORD FileAlignment; + DWORD SectionAligment; + DWORD ImportTableAddress; + DWORD ImportTableSize; + DWORD ResourceTableAddress; + DWORD ResourceTableSize; + DWORD ExportTableAddress; + DWORD ExportTableSize; + DWORD TLSTableAddress; + DWORD TLSTableSize; + DWORD RelocationTableAddress; + DWORD RelocationTableSize; + DWORD TimeDateStamp; + WORD SectionNumber; + DWORD CheckSum; + WORD SubSystem; + WORD Characteristics; + DWORD NumberOfRvaAndSizes; +} PE64Struct, *PPE64Struct; + +#if defined(_WIN64) +typedef PE64Struct PEStruct; +#else +typedef PE32Struct PEStruct; +#endif + +typedef struct +{ + bool NewDll; + int NumberOfImports; + ULONG_PTR ImageBase; + ULONG_PTR BaseImportThunk; + ULONG_PTR ImportThunk; + char* APIName; + char* DLLName; +} ImportEnumData, *PImportEnumData; + +typedef struct +{ + HANDLE hThread; + DWORD dwThreadId; + void* ThreadStartAddress; + void* ThreadLocalBase; +} THREAD_ITEM_DATA, *PTHREAD_ITEM_DATA; + +typedef struct +{ + HANDLE hFile; + void* BaseOfDll; + HANDLE hFileMapping; + void* hFileMappingView; + char szLibraryPath[MAX_PATH]; + char szLibraryName[MAX_PATH]; +} LIBRARY_ITEM_DATA, *PLIBRARY_ITEM_DATA; + +typedef struct +{ + HANDLE hFile; + void* BaseOfDll; + HANDLE hFileMapping; + void* hFileMappingView; + wchar_t szLibraryPath[MAX_PATH]; + wchar_t szLibraryName[MAX_PATH]; +} LIBRARY_ITEM_DATAW, *PLIBRARY_ITEM_DATAW; + +typedef struct +{ + HANDLE hProcess; + DWORD dwProcessId; + HANDLE hThread; + DWORD dwThreadId; + HANDLE hFile; + void* BaseOfImage; + void* ThreadStartAddress; + void* ThreadLocalBase; +} PROCESS_ITEM_DATA, *PPROCESS_ITEM_DATA; + +typedef struct +{ + ULONG ProcessId; + HANDLE hHandle; +} HandlerArray, *PHandlerArray; + +typedef struct +{ + char PluginName[64]; + DWORD PluginMajorVersion; + DWORD PluginMinorVersion; + HMODULE PluginBaseAddress; + void* TitanDebuggingCallBack; + void* TitanRegisterPlugin; + void* TitanReleasePlugin; + void* TitanResetPlugin; + bool PluginDisabled; +} PluginInformation, *PPluginInformation; + +const size_t TEE_MAXIMUM_HOOK_SIZE = 14; +const size_t TEE_MAXIMUM_HOOK_RELOCS = 7; +#if defined(_WIN64) +const size_t TEE_MAXIMUM_HOOK_INSERT_SIZE = 14; +#else +const size_t TEE_MAXIMUM_HOOK_INSERT_SIZE = 5; +#endif + +typedef struct HOOK_ENTRY +{ + bool IATHook; + BYTE HookType; + DWORD HookSize; + void* HookAddress; + void* RedirectionAddress; + BYTE HookBytes[TEE_MAXIMUM_HOOK_SIZE]; + BYTE OriginalBytes[TEE_MAXIMUM_HOOK_SIZE]; + void* IATHookModuleBase; + DWORD IATHookNameHash; + bool HookIsEnabled; + bool HookIsRemote; + void* PatchedEntry; + DWORD RelocationInfo[TEE_MAXIMUM_HOOK_RELOCS]; + int RelocationCount; +} HOOK_ENTRY, *PHOOK_ENTRY; + +const BYTE UE_DEPTH_SURFACE = 0; +const BYTE UE_DEPTH_DEEP = 1; + +const BYTE UE_UNPACKER_CONDITION_SEARCH_FROM_EP = 1; + +const BYTE UE_UNPACKER_CONDITION_LOADLIBRARY = 1; +const BYTE UE_UNPACKER_CONDITION_GETPROCADDRESS = 2; +const BYTE UE_UNPACKER_CONDITION_ENTRYPOINTBREAK = 3; +const BYTE UE_UNPACKER_CONDITION_RELOCSNAPSHOT1 = 4; +const BYTE UE_UNPACKER_CONDITION_RELOCSNAPSHOT2 = 5; + +const BYTE UE_FIELD_OK = 0; +const BYTE UE_FIELD_BROKEN_NON_FIXABLE = 1; +const BYTE UE_FIELD_BROKEN_NON_CRITICAL = 2; +const BYTE UE_FIELD_BROKEN_FIXABLE_FOR_STATIC_USE = 3; +const BYTE UE_FIELD_BROKEN_BUT_CAN_BE_EMULATED = 4; +const BYTE UE_FIELD_FIXABLE_NON_CRITICAL = 5; +const BYTE UE_FIELD_FIXABLE_CRITICAL = 6; +const BYTE UE_FIELD_NOT_PRESET = 7; +const BYTE UE_FIELD_NOT_PRESET_WARNING = 8; + +const BYTE UE_RESULT_FILE_OK = 10; +const BYTE UE_RESULT_FILE_INVALID_BUT_FIXABLE = 11; +const BYTE UE_RESULT_FILE_INVALID_AND_NON_FIXABLE = 12; +const BYTE UE_RESULT_FILE_INVALID_FORMAT = 13; + +typedef struct +{ + BYTE OveralEvaluation; + bool EvaluationTerminatedByException; + bool FileIs64Bit; + bool FileIsDLL; + bool FileIsConsole; + bool MissingDependencies; + bool MissingDeclaredAPIs; + BYTE SignatureMZ; + BYTE SignaturePE; + BYTE EntryPoint; + BYTE ImageBase; + BYTE SizeOfImage; + BYTE FileAlignment; + BYTE SectionAlignment; + BYTE ExportTable; + BYTE RelocationTable; + BYTE ImportTable; + BYTE ImportTableSection; + BYTE ImportTableData; + BYTE IATTable; + BYTE TLSTable; + BYTE LoadConfigTable; + BYTE BoundImportTable; + BYTE COMHeaderTable; + BYTE ResourceTable; + BYTE ResourceData; + BYTE SectionTable; +} FILE_STATUS_INFO, *PFILE_STATUS_INFO; + +typedef struct +{ + BYTE OveralEvaluation; + bool FixingTerminatedByException; + bool FileFixPerformed; + bool StrippedRelocation; + bool DontFixRelocations; + DWORD OriginalRelocationTableAddress; + DWORD OriginalRelocationTableSize; + bool StrippedExports; + bool DontFixExports; + DWORD OriginalExportTableAddress; + DWORD OriginalExportTableSize; + bool StrippedResources; + bool DontFixResources; + DWORD OriginalResourceTableAddress; + DWORD OriginalResourceTableSize; + bool StrippedTLS; + bool DontFixTLS; + DWORD OriginalTLSTableAddress; + DWORD OriginalTLSTableSize; + bool StrippedLoadConfig; + bool DontFixLoadConfig; + DWORD OriginalLoadConfigTableAddress; + DWORD OriginalLoadConfigTableSize; + bool StrippedBoundImports; + bool DontFixBoundImports; + DWORD OriginalBoundImportTableAddress; + DWORD OriginalBoundImportTableSize; + bool StrippedIAT; + bool DontFixIAT; + DWORD OriginalImportAddressTableAddress; + DWORD OriginalImportAddressTableSize; + bool StrippedCOM; + bool DontFixCOM; + DWORD OriginalCOMTableAddress; + DWORD OriginalCOMTableSize; +} FILE_FIX_INFO, *PFILE_FIX_INFO; + +#ifdef __cplusplus +extern "C" { +#endif /*__cplusplus*/ + +// Global.Function.Declaration: +// TitanEngine.Dumper.functions: +__declspec(dllimport) bool TITCALL DumpProcess(HANDLE hProcess, LPVOID ImageBase, char* szDumpFileName, ULONG_PTR EntryPoint); +__declspec(dllimport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBase, wchar_t* szDumpFileName, ULONG_PTR EntryPoint); +__declspec(dllimport) bool TITCALL DumpProcessEx(DWORD ProcessId, LPVOID ImageBase, char* szDumpFileName, ULONG_PTR EntryPoint); +__declspec(dllimport) bool TITCALL DumpProcessExW(DWORD ProcessId, LPVOID ImageBase, wchar_t* szDumpFileName, ULONG_PTR EntryPoint); +__declspec(dllimport) bool TITCALL DumpMemory(HANDLE hProcess, LPVOID MemoryStart, ULONG_PTR MemorySize, char* szDumpFileName); +__declspec(dllimport) bool TITCALL DumpMemoryW(HANDLE hProcess, LPVOID MemoryStart, ULONG_PTR MemorySize, wchar_t* szDumpFileName); +__declspec(dllimport) bool TITCALL DumpMemoryEx(DWORD ProcessId, LPVOID MemoryStart, ULONG_PTR MemorySize, char* szDumpFileName); +__declspec(dllimport) bool TITCALL DumpMemoryExW(DWORD ProcessId, LPVOID MemoryStart, ULONG_PTR MemorySize, wchar_t* szDumpFileName); +__declspec(dllimport) bool TITCALL DumpRegions(HANDLE hProcess, char* szDumpFolder, bool DumpAboveImageBaseOnly); +__declspec(dllimport) bool TITCALL DumpRegionsW(HANDLE hProcess, wchar_t* szDumpFolder, bool DumpAboveImageBaseOnly); +__declspec(dllimport) bool TITCALL DumpRegionsEx(DWORD ProcessId, char* szDumpFolder, bool DumpAboveImageBaseOnly); +__declspec(dllimport) bool TITCALL DumpRegionsExW(DWORD ProcessId, wchar_t* szDumpFolder, bool DumpAboveImageBaseOnly); +__declspec(dllimport) bool TITCALL DumpModule(HANDLE hProcess, LPVOID ModuleBase, char* szDumpFileName); +__declspec(dllimport) bool TITCALL DumpModuleW(HANDLE hProcess, LPVOID ModuleBase, wchar_t* szDumpFileName); +__declspec(dllimport) bool TITCALL DumpModuleEx(DWORD ProcessId, LPVOID ModuleBase, char* szDumpFileName); +__declspec(dllimport) bool TITCALL DumpModuleExW(DWORD ProcessId, LPVOID ModuleBase, wchar_t* szDumpFileName); +__declspec(dllimport) bool TITCALL PastePEHeader(HANDLE hProcess, LPVOID ImageBase, char* szDebuggedFileName); +__declspec(dllimport) bool TITCALL PastePEHeaderW(HANDLE hProcess, LPVOID ImageBase, wchar_t* szDebuggedFileName); +__declspec(dllimport) bool TITCALL ExtractSection(char* szFileName, char* szDumpFileName, DWORD SectionNumber); +__declspec(dllimport) bool TITCALL ExtractSectionW(wchar_t* szFileName, wchar_t* szDumpFileName, DWORD SectionNumber); +__declspec(dllimport) bool TITCALL ResortFileSections(char* szFileName); +__declspec(dllimport) bool TITCALL ResortFileSectionsW(wchar_t* szFileName); +__declspec(dllimport) bool TITCALL FindOverlay(char* szFileName, LPDWORD OverlayStart, LPDWORD OverlaySize); +__declspec(dllimport) bool TITCALL FindOverlayW(wchar_t* szFileName, LPDWORD OverlayStart, LPDWORD OverlaySize); +__declspec(dllimport) bool TITCALL ExtractOverlay(char* szFileName, char* szExtractedFileName); +__declspec(dllimport) bool TITCALL ExtractOverlayW(wchar_t* szFileName, wchar_t* szExtractedFileName); +__declspec(dllimport) bool TITCALL AddOverlay(char* szFileName, char* szOverlayFileName); +__declspec(dllimport) bool TITCALL AddOverlayW(wchar_t* szFileName, wchar_t* szOverlayFileName); +__declspec(dllimport) bool TITCALL CopyOverlay(char* szInFileName, char* szOutFileName); +__declspec(dllimport) bool TITCALL CopyOverlayW(wchar_t* szInFileName, wchar_t* szOutFileName); +__declspec(dllimport) bool TITCALL RemoveOverlay(char* szFileName); +__declspec(dllimport) bool TITCALL RemoveOverlayW(wchar_t* szFileName); +__declspec(dllimport) bool TITCALL MakeAllSectionsRWE(char* szFileName); +__declspec(dllimport) bool TITCALL MakeAllSectionsRWEW(wchar_t* szFileName); +__declspec(dllimport) long TITCALL AddNewSectionEx(char* szFileName, char* szSectionName, DWORD SectionSize, DWORD SectionAttributes, LPVOID SectionContent, DWORD ContentSize); +__declspec(dllimport) long TITCALL AddNewSectionExW(wchar_t* szFileName, char* szSectionName, DWORD SectionSize, DWORD SectionAttributes, LPVOID SectionContent, DWORD ContentSize); +__declspec(dllimport) long TITCALL AddNewSection(char* szFileName, char* szSectionName, DWORD SectionSize); +__declspec(dllimport) long TITCALL AddNewSectionW(wchar_t* szFileName, char* szSectionName, DWORD SectionSize); +__declspec(dllimport) bool TITCALL ResizeLastSection(char* szFileName, DWORD NumberOfExpandBytes, bool AlignResizeData); +__declspec(dllimport) bool TITCALL ResizeLastSectionW(wchar_t* szFileName, DWORD NumberOfExpandBytes, bool AlignResizeData); +__declspec(dllimport) void TITCALL SetSharedOverlay(char* szFileName); +__declspec(dllimport) void TITCALL SetSharedOverlayW(wchar_t* szFileName); +__declspec(dllimport) char* TITCALL GetSharedOverlay(); +__declspec(dllimport) wchar_t* TITCALL GetSharedOverlayW(); +__declspec(dllimport) bool TITCALL DeleteLastSection(char* szFileName); +__declspec(dllimport) bool TITCALL DeleteLastSectionW(wchar_t* szFileName); +__declspec(dllimport) bool TITCALL DeleteLastSectionEx(char* szFileName, DWORD NumberOfSections); +__declspec(dllimport) bool TITCALL DeleteLastSectionExW(wchar_t* szFileName, DWORD NumberOfSections); +__declspec(dllimport) long long TITCALL GetPE32DataFromMappedFile(ULONG_PTR FileMapVA, DWORD WhichSection, DWORD WhichData); +__declspec(dllimport) long long TITCALL GetPE32Data(char* szFileName, DWORD WhichSection, DWORD WhichData); +__declspec(dllimport) long long TITCALL GetPE32DataW(wchar_t* szFileName, DWORD WhichSection, DWORD WhichData); +__declspec(dllimport) bool TITCALL GetPE32DataFromMappedFileEx(ULONG_PTR FileMapVA, LPVOID DataStorage); +__declspec(dllimport) bool TITCALL GetPE32DataEx(char* szFileName, LPVOID DataStorage); +__declspec(dllimport) bool TITCALL GetPE32DataExW(wchar_t* szFileName, LPVOID DataStorage); +__declspec(dllimport) bool TITCALL SetPE32DataForMappedFile(ULONG_PTR FileMapVA, DWORD WhichSection, DWORD WhichData, ULONG_PTR NewDataValue); +__declspec(dllimport) bool TITCALL SetPE32Data(char* szFileName, DWORD WhichSection, DWORD WhichData, ULONG_PTR NewDataValue); +__declspec(dllimport) bool TITCALL SetPE32DataW(wchar_t* szFileName, DWORD WhichSection, DWORD WhichData, ULONG_PTR NewDataValue); +__declspec(dllimport) bool TITCALL SetPE32DataForMappedFileEx(ULONG_PTR FileMapVA, LPVOID DataStorage); +__declspec(dllimport) bool TITCALL SetPE32DataEx(char* szFileName, LPVOID DataStorage); +__declspec(dllimport) bool TITCALL SetPE32DataExW(wchar_t* szFileName, LPVOID DataStorage); +__declspec(dllimport) long TITCALL GetPE32SectionNumberFromVA(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert); +__declspec(dllimport) long long TITCALL ConvertVAtoFileOffset(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType); +__declspec(dllimport) long long TITCALL ConvertVAtoFileOffsetEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool AddressIsRVA, bool ReturnType); +__declspec(dllimport) long long TITCALL ConvertFileOffsetToVA(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType); +__declspec(dllimport) long long TITCALL ConvertFileOffsetToVAEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool ReturnType); +__declspec(dllexport) bool TITCALL MemoryReadSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T * lpNumberOfBytesRead); +__declspec(dllexport) bool TITCALL MemoryWriteSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID lpBuffer, SIZE_T nSize, SIZE_T * lpNumberOfBytesWritten); +// TitanEngine.Realigner.functions: +__declspec(dllimport) bool TITCALL FixHeaderCheckSum(char* szFileName); +__declspec(dllimport) bool TITCALL FixHeaderCheckSumW(wchar_t* szFileName); +__declspec(dllimport) long TITCALL RealignPE(ULONG_PTR FileMapVA, DWORD FileSize, DWORD RealingMode); +__declspec(dllimport) long TITCALL RealignPEEx(char* szFileName, DWORD RealingFileSize, DWORD ForcedFileAlignment); +__declspec(dllimport) long TITCALL RealignPEExW(wchar_t* szFileName, DWORD RealingFileSize, DWORD ForcedFileAlignment); +__declspec(dllimport) bool TITCALL WipeSection(char* szFileName, int WipeSectionNumber, bool RemovePhysically); +__declspec(dllimport) bool TITCALL WipeSectionW(wchar_t* szFileName, int WipeSectionNumber, bool RemovePhysically); +__declspec(dllimport) bool TITCALL IsPE32FileValidEx(char* szFileName, DWORD CheckDepth, LPVOID FileStatusInfo); +__declspec(dllimport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD CheckDepth, LPVOID FileStatusInfo); +__declspec(dllimport) bool TITCALL FixBrokenPE32FileEx(char* szFileName, LPVOID FileStatusInfo, LPVOID FileFixInfo); +__declspec(dllimport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPVOID FileStatusInfo, LPVOID FileFixInfo); +__declspec(dllimport) bool TITCALL IsFileDLL(char* szFileName, ULONG_PTR FileMapVA); +__declspec(dllimport) bool TITCALL IsFileDLLW(wchar_t* szFileName, ULONG_PTR FileMapVA); +// TitanEngine.Hider.functions: +__declspec(dllimport) void* TITCALL GetPEBLocation(HANDLE hProcess); +__declspec(dllimport) void* TITCALL GetPEBLocation64(HANDLE hProcess); +__declspec(dllimport) void* TITCALL GetTEBLocation(HANDLE hThread); +__declspec(dllimport) void* TITCALL GetTEBLocation64(HANDLE hThread); +__declspec(dllimport) bool TITCALL HideDebugger(HANDLE hProcess, DWORD PatchAPILevel); +__declspec(dllimport) bool TITCALL UnHideDebugger(HANDLE hProcess, DWORD PatchAPILevel); +// TitanEngine.Relocater.functions: +__declspec(dllimport) void TITCALL RelocaterCleanup(); +__declspec(dllimport) void TITCALL RelocaterInit(DWORD MemorySize, ULONG_PTR OldImageBase, ULONG_PTR NewImageBase); +__declspec(dllimport) void TITCALL RelocaterAddNewRelocation(HANDLE hProcess, ULONG_PTR RelocateAddress, DWORD RelocateState); +__declspec(dllimport) long TITCALL RelocaterEstimatedSize(); +__declspec(dllimport) bool TITCALL RelocaterExportRelocation(ULONG_PTR StorePlace, DWORD StorePlaceRVA, ULONG_PTR FileMapVA); +__declspec(dllimport) bool TITCALL RelocaterExportRelocationEx(char* szFileName, char* szSectionName); +__declspec(dllimport) bool TITCALL RelocaterExportRelocationExW(wchar_t* szFileName, char* szSectionName); +__declspec(dllimport) bool TITCALL RelocaterGrabRelocationTable(HANDLE hProcess, ULONG_PTR MemoryStart, DWORD MemorySize); +__declspec(dllimport) bool TITCALL RelocaterGrabRelocationTableEx(HANDLE hProcess, ULONG_PTR MemoryStart, ULONG_PTR MemorySize, DWORD NtSizeOfImage); +__declspec(dllimport) bool TITCALL RelocaterMakeSnapshot(HANDLE hProcess, char* szSaveFileName, LPVOID MemoryStart, ULONG_PTR MemorySize); +__declspec(dllimport) bool TITCALL RelocaterMakeSnapshotW(HANDLE hProcess, wchar_t* szSaveFileName, LPVOID MemoryStart, ULONG_PTR MemorySize); +__declspec(dllimport) bool TITCALL RelocaterCompareTwoSnapshots(HANDLE hProcess, ULONG_PTR LoadedImageBase, ULONG_PTR NtSizeOfImage, char* szDumpFile1, char* szDumpFile2, ULONG_PTR MemStart); +__declspec(dllimport) bool TITCALL RelocaterCompareTwoSnapshotsW(HANDLE hProcess, ULONG_PTR LoadedImageBase, ULONG_PTR NtSizeOfImage, wchar_t* szDumpFile1, wchar_t* szDumpFile2, ULONG_PTR MemStart); +__declspec(dllimport) bool TITCALL RelocaterChangeFileBase(char* szFileName, ULONG_PTR NewImageBase); +__declspec(dllimport) bool TITCALL RelocaterChangeFileBaseW(wchar_t* szFileName, ULONG_PTR NewImageBase); +__declspec(dllimport) bool TITCALL RelocaterRelocateMemoryBlock(ULONG_PTR FileMapVA, ULONG_PTR MemoryLocation, void* RelocateMemory, DWORD RelocateMemorySize, ULONG_PTR CurrentLoadedBase, ULONG_PTR RelocateBase); +__declspec(dllimport) bool TITCALL RelocaterWipeRelocationTable(char* szFileName); +__declspec(dllimport) bool TITCALL RelocaterWipeRelocationTableW(wchar_t* szFileName); +// TitanEngine.Resourcer.functions: +__declspec(dllimport) long long TITCALL ResourcerLoadFileForResourceUse(char* szFileName); +__declspec(dllimport) long long TITCALL ResourcerLoadFileForResourceUseW(wchar_t* szFileName); +__declspec(dllimport) bool TITCALL ResourcerFreeLoadedFile(LPVOID LoadedFileBase); +__declspec(dllimport) bool TITCALL ResourcerExtractResourceFromFileEx(ULONG_PTR FileMapVA, char* szResourceType, char* szResourceName, char* szExtractedFileName); +__declspec(dllimport) bool TITCALL ResourcerExtractResourceFromFile(char* szFileName, char* szResourceType, char* szResourceName, char* szExtractedFileName); +__declspec(dllimport) bool TITCALL ResourcerExtractResourceFromFileW(wchar_t* szFileName, char* szResourceType, char* szResourceName, char* szExtractedFileName); +__declspec(dllimport) bool TITCALL ResourcerFindResource(char* szFileName, char* szResourceType, DWORD ResourceType, char* szResourceName, DWORD ResourceName, DWORD ResourceLanguage, PULONG_PTR pResourceData, LPDWORD pResourceSize); +__declspec(dllimport) bool TITCALL ResourcerFindResourceW(wchar_t* szFileName, wchar_t* szResourceType, DWORD ResourceType, wchar_t* szResourceName, DWORD ResourceName, DWORD ResourceLanguage, PULONG_PTR pResourceData, LPDWORD pResourceSize); +__declspec(dllimport) bool TITCALL ResourcerFindResourceEx(ULONG_PTR FileMapVA, DWORD FileSize, wchar_t* szResourceType, DWORD ResourceType, wchar_t* szResourceName, DWORD ResourceName, DWORD ResourceLanguage, PULONG_PTR pResourceData, LPDWORD pResourceSize); +__declspec(dllimport) void TITCALL ResourcerEnumerateResource(char* szFileName, void* CallBack); +__declspec(dllimport) void TITCALL ResourcerEnumerateResourceW(wchar_t* szFileName, void* CallBack); +__declspec(dllimport) void TITCALL ResourcerEnumerateResourceEx(ULONG_PTR FileMapVA, DWORD FileSize, void* CallBack); +// TitanEngine.Threader.functions: +__declspec(dllimport) bool TITCALL ThreaderImportRunningThreadData(DWORD ProcessId); +__declspec(dllimport) void* TITCALL ThreaderGetThreadInfo(HANDLE hThread, DWORD ThreadId); +__declspec(dllimport) void TITCALL ThreaderEnumThreadInfo(void* EnumCallBack); +__declspec(dllimport) bool TITCALL ThreaderPauseThread(HANDLE hThread); +__declspec(dllimport) bool TITCALL ThreaderResumeThread(HANDLE hThread); +__declspec(dllimport) bool TITCALL ThreaderTerminateThread(HANDLE hThread, DWORD ThreadExitCode); +__declspec(dllimport) bool TITCALL ThreaderPauseAllThreads(bool LeaveMainRunning); +__declspec(dllimport) bool TITCALL ThreaderResumeAllThreads(bool LeaveMainPaused); +__declspec(dllimport) bool TITCALL ThreaderPauseProcess(); +__declspec(dllimport) bool TITCALL ThreaderResumeProcess(); +__declspec(dllimport) long long TITCALL ThreaderCreateRemoteThread(ULONG_PTR ThreadStartAddress, bool AutoCloseTheHandle, LPVOID ThreadPassParameter, LPDWORD ThreadId); +__declspec(dllimport) bool TITCALL ThreaderInjectAndExecuteCode(LPVOID InjectCode, DWORD StartDelta, DWORD InjectSize); +__declspec(dllimport) long long TITCALL ThreaderCreateRemoteThreadEx(HANDLE hProcess, ULONG_PTR ThreadStartAddress, bool AutoCloseTheHandle, LPVOID ThreadPassParameter, LPDWORD ThreadId); +__declspec(dllimport) bool TITCALL ThreaderInjectAndExecuteCodeEx(HANDLE hProcess, LPVOID InjectCode, DWORD StartDelta, DWORD InjectSize); +__declspec(dllimport) void TITCALL ThreaderSetCallBackForNextExitThreadEvent(LPVOID exitThreadCallBack); +__declspec(dllimport) bool TITCALL ThreaderIsThreadStillRunning(HANDLE hThread); +__declspec(dllimport) bool TITCALL ThreaderIsThreadActive(HANDLE hThread); +__declspec(dllimport) bool TITCALL ThreaderIsAnyThreadActive(); +__declspec(dllimport) bool TITCALL ThreaderExecuteOnlyInjectedThreads(); +__declspec(dllimport) long long TITCALL ThreaderGetOpenHandleForThread(DWORD ThreadId); +__declspec(dllimport) bool TITCALL ThreaderIsExceptionInMainThread(); +// TitanEngine.Debugger.functions: +__declspec(dllimport) void* TITCALL StaticDisassembleEx(ULONG_PTR DisassmStart, LPVOID DisassmAddress); +__declspec(dllimport) void* TITCALL StaticDisassemble(LPVOID DisassmAddress); +__declspec(dllimport) void* TITCALL DisassembleEx(HANDLE hProcess, LPVOID DisassmAddress, bool ReturnInstructionType); +__declspec(dllimport) void* TITCALL Disassemble(LPVOID DisassmAddress); +__declspec(dllimport) long TITCALL StaticLengthDisassemble(LPVOID DisassmAddress); +__declspec(dllimport) long TITCALL LengthDisassembleEx(HANDLE hProcess, LPVOID DisassmAddress); +__declspec(dllimport) long TITCALL LengthDisassemble(LPVOID DisassmAddress); +__declspec(dllimport) void* TITCALL InitDebug(char* szFileName, char* szCommandLine, char* szCurrentFolder); +__declspec(dllimport) void* TITCALL InitDebugW(wchar_t* szFileName, wchar_t* szCommandLine, wchar_t* szCurrentFolder); +__declspec(dllimport) void* TITCALL InitDebugEx(char* szFileName, char* szCommandLine, char* szCurrentFolder, LPVOID EntryCallBack); +__declspec(dllimport) void* TITCALL InitDebugExW(wchar_t* szFileName, wchar_t* szCommandLine, wchar_t* szCurrentFolder, LPVOID EntryCallBack); +__declspec(dllimport) void* TITCALL InitDLLDebug(char* szFileName, bool ReserveModuleBase, char* szCommandLine, char* szCurrentFolder, LPVOID EntryCallBack); +__declspec(dllimport) void* TITCALL InitDLLDebugW(wchar_t* szFileName, bool ReserveModuleBase, wchar_t* szCommandLine, wchar_t* szCurrentFolder, LPVOID EntryCallBack); +__declspec(dllimport) bool TITCALL StopDebug(); +__declspec(dllimport) void TITCALL SetBPXOptions(long DefaultBreakPointType); +__declspec(dllimport) bool TITCALL IsBPXEnabled(ULONG_PTR bpxAddress); +__declspec(dllimport) bool TITCALL EnableBPX(ULONG_PTR bpxAddress); +__declspec(dllimport) bool TITCALL DisableBPX(ULONG_PTR bpxAddress); +__declspec(dllimport) bool TITCALL SetBPX(ULONG_PTR bpxAddress, DWORD bpxType, LPVOID bpxCallBack); +__declspec(dllimport) bool TITCALL DeleteBPX(ULONG_PTR bpxAddress); +__declspec(dllimport) bool TITCALL SafeDeleteBPX(ULONG_PTR bpxAddress); +__declspec(dllimport) bool TITCALL SetAPIBreakPoint(const char* szDLLName, const char* szAPIName, DWORD bpxType, DWORD bpxPlace, LPVOID bpxCallBack); +__declspec(dllimport) bool TITCALL DeleteAPIBreakPoint(const char* szDLLName, const char* szAPIName, DWORD bpxPlace); +__declspec(dllimport) bool TITCALL SafeDeleteAPIBreakPoint(const char* szDLLName, const char* szAPIName, DWORD bpxPlace); +__declspec(dllimport) bool TITCALL SetMemoryBPX(ULONG_PTR MemoryStart, SIZE_T SizeOfMemory, LPVOID bpxCallBack); +__declspec(dllimport) bool TITCALL SetMemoryBPXEx(ULONG_PTR MemoryStart, SIZE_T SizeOfMemory, DWORD BreakPointType, bool RestoreOnHit, LPVOID bpxCallBack); +__declspec(dllimport) bool TITCALL RemoveMemoryBPX(ULONG_PTR MemoryStart, SIZE_T SizeOfMemory); +__declspec(dllimport) bool TITCALL GetContextFPUDataEx(HANDLE hActiveThread, void* FPUSaveArea); +__declspec(dllimport) long long TITCALL GetContextDataEx(HANDLE hActiveThread, DWORD IndexOfRegister); +__declspec(dllimport) long long TITCALL GetContextData(DWORD IndexOfRegister); +__declspec(dllimport) bool TITCALL SetContextFPUDataEx(HANDLE hActiveThread, void* FPUSaveArea); +__declspec(dllimport) bool TITCALL SetContextDataEx(HANDLE hActiveThread, DWORD IndexOfRegister, ULONG_PTR NewRegisterValue); +__declspec(dllimport) bool TITCALL SetContextData(DWORD IndexOfRegister, ULONG_PTR NewRegisterValue); +__declspec(dllimport) void TITCALL ClearExceptionNumber(); +__declspec(dllimport) long TITCALL CurrentExceptionNumber(); +__declspec(dllimport) bool TITCALL MatchPatternEx(HANDLE hProcess, void* MemoryToCheck, int SizeOfMemoryToCheck, void* PatternToMatch, int SizeOfPatternToMatch, PBYTE WildCard); +__declspec(dllimport) bool TITCALL MatchPattern(void* MemoryToCheck, int SizeOfMemoryToCheck, void* PatternToMatch, int SizeOfPatternToMatch, PBYTE WildCard); +__declspec(dllimport) long long TITCALL FindEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, LPBYTE WildCard); +__declspec(dllimport) long long TITCALL Find(LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, LPBYTE WildCard); +__declspec(dllimport) bool TITCALL FillEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, PBYTE FillByte); +__declspec(dllimport) bool TITCALL Fill(LPVOID MemoryStart, DWORD MemorySize, PBYTE FillByte); +__declspec(dllimport) bool TITCALL PatchEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, LPVOID ReplacePattern, DWORD ReplaceSize, bool AppendNOP, bool PrependNOP); +__declspec(dllimport) bool TITCALL Patch(LPVOID MemoryStart, DWORD MemorySize, LPVOID ReplacePattern, DWORD ReplaceSize, bool AppendNOP, bool PrependNOP); +__declspec(dllimport) bool TITCALL ReplaceEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, DWORD NumberOfRepetitions, LPVOID ReplacePattern, DWORD ReplaceSize, PBYTE WildCard); +__declspec(dllimport) bool TITCALL Replace(LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, DWORD NumberOfRepetitions, LPVOID ReplacePattern, DWORD ReplaceSize, PBYTE WildCard); +__declspec(dllimport) void* TITCALL GetDebugData(); +__declspec(dllimport) void* TITCALL GetTerminationData(); +__declspec(dllimport) long TITCALL GetExitCode(); +__declspec(dllimport) long long TITCALL GetDebuggedDLLBaseAddress(); +__declspec(dllimport) long long TITCALL GetDebuggedFileBaseAddress(); +__declspec(dllimport) bool TITCALL GetRemoteString(HANDLE hProcess, LPVOID StringAddress, LPVOID StringStorage, int MaximumStringSize); +__declspec(dllimport) long long TITCALL GetFunctionParameter(HANDLE hProcess, DWORD FunctionType, DWORD ParameterNumber, DWORD ParameterType); +__declspec(dllimport) long long TITCALL GetJumpDestinationEx(HANDLE hProcess, ULONG_PTR InstructionAddress, bool JustJumps); +__declspec(dllimport) long long TITCALL GetJumpDestination(HANDLE hProcess, ULONG_PTR InstructionAddress); +__declspec(dllimport) bool TITCALL IsJumpGoingToExecuteEx(HANDLE hProcess, HANDLE hThread, ULONG_PTR InstructionAddress, ULONG_PTR RegFlags); +__declspec(dllimport) bool TITCALL IsJumpGoingToExecute(); +__declspec(dllimport) void TITCALL SetCustomHandler(DWORD ExceptionId, LPVOID CallBack); +__declspec(dllimport) void TITCALL ForceClose(); +__declspec(dllimport) void TITCALL StepInto(LPVOID traceCallBack); +__declspec(dllimport) void TITCALL StepOver(LPVOID traceCallBack); +__declspec(dllimport) void TITCALL SingleStep(DWORD StepCount, LPVOID StepCallBack); +__declspec(dllimport) bool TITCALL GetUnusedHardwareBreakPointRegister(LPDWORD RegisterIndex); +__declspec(dllimport) bool TITCALL SetHardwareBreakPointEx(HANDLE hActiveThread, ULONG_PTR bpxAddress, DWORD IndexOfRegister, DWORD bpxType, DWORD bpxSize, LPVOID bpxCallBack, LPDWORD IndexOfSelectedRegister); +__declspec(dllimport) bool TITCALL SetHardwareBreakPoint(ULONG_PTR bpxAddress, DWORD IndexOfRegister, DWORD bpxType, DWORD bpxSize, LPVOID bpxCallBack); +__declspec(dllimport) bool TITCALL DeleteHardwareBreakPoint(DWORD IndexOfRegister); +__declspec(dllimport) bool TITCALL RemoveAllBreakPoints(DWORD RemoveOption); +__declspec(dllimport) void* TITCALL GetProcessInformation(); +__declspec(dllimport) void* TITCALL GetStartupInformation(); +__declspec(dllimport) void TITCALL DebugLoop(); +__declspec(dllimport) void TITCALL SetDebugLoopTimeOut(DWORD TimeOut); +__declspec(dllimport) void TITCALL SetNextDbgContinueStatus(DWORD SetDbgCode); +__declspec(dllimport) bool TITCALL AttachDebugger(DWORD ProcessId, bool KillOnExit, LPVOID DebugInfo, LPVOID CallBack); +__declspec(dllimport) bool TITCALL DetachDebugger(DWORD ProcessId); +__declspec(dllimport) bool TITCALL DetachDebuggerEx(DWORD ProcessId); +__declspec(dllimport) void TITCALL DebugLoopEx(DWORD TimeOut); +__declspec(dllimport) void TITCALL AutoDebugEx(char* szFileName, bool ReserveModuleBase, char* szCommandLine, char* szCurrentFolder, DWORD TimeOut, LPVOID EntryCallBack); +__declspec(dllimport) void TITCALL AutoDebugExW(wchar_t* szFileName, bool ReserveModuleBase, wchar_t* szCommandLine, wchar_t* szCurrentFolder, DWORD TimeOut, LPVOID EntryCallBack); +__declspec(dllimport) bool TITCALL IsFileBeingDebugged(); +__declspec(dllimport) void TITCALL SetErrorModel(bool DisplayErrorMessages); +// TitanEngine.FindOEP.functions: +__declspec(dllimport) void TITCALL FindOEPInit(); +__declspec(dllimport) bool TITCALL FindOEPGenerically(char* szFileName, LPVOID TraceInitCallBack, LPVOID CallBack); +__declspec(dllimport) bool TITCALL FindOEPGenericallyW(wchar_t* szFileName, LPVOID TraceInitCallBack, LPVOID CallBack); +// TitanEngine.Importer.functions: +__declspec(dllimport) void TITCALL ImporterAddNewDll(char* szDLLName, ULONG_PTR FirstThunk); +__declspec(dllimport) void TITCALL ImporterAddNewAPI(char* szAPIName, ULONG_PTR ThunkValue); +__declspec(dllimport) void TITCALL ImporterAddNewOrdinalAPI(ULONG_PTR OrdinalNumber, ULONG_PTR ThunkValue); +__declspec(dllimport) long TITCALL ImporterGetAddedDllCount(); +__declspec(dllimport) long TITCALL ImporterGetAddedAPICount(); +__declspec(dllimport) bool TITCALL ImporterExportIAT(ULONG_PTR StorePlace, ULONG_PTR FileMapVA, HANDLE hFileMap); +__declspec(dllimport) long TITCALL ImporterEstimatedSize(); +__declspec(dllimport) bool TITCALL ImporterExportIATEx(char* szDumpFileName, char* szExportFileName, char* szSectionName); +__declspec(dllimport) bool TITCALL ImporterExportIATExW(wchar_t* szDumpFileName, wchar_t* szExportFileName, wchar_t* szSectionName = L".RL!TEv2"); +__declspec(dllimport) long long TITCALL ImporterFindAPIWriteLocation(char* szAPIName); +__declspec(dllimport) long long TITCALL ImporterFindOrdinalAPIWriteLocation(ULONG_PTR OrdinalNumber); +__declspec(dllimport) long long TITCALL ImporterFindAPIByWriteLocation(ULONG_PTR APIWriteLocation); +__declspec(dllimport) long long TITCALL ImporterFindDLLByWriteLocation(ULONG_PTR APIWriteLocation); +__declspec(dllimport) void* TITCALL ImporterGetDLLName(ULONG_PTR APIAddress); +__declspec(dllimport) void* TITCALL ImporterGetAPIName(ULONG_PTR APIAddress); +__declspec(dllimport) long long TITCALL ImporterGetAPIOrdinalNumber(ULONG_PTR APIAddress); +__declspec(dllimport) void* TITCALL ImporterGetAPINameEx(ULONG_PTR APIAddress, ULONG_PTR DLLBasesList); +__declspec(dllimport) long long TITCALL ImporterGetRemoteAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress); +__declspec(dllimport) long long TITCALL ImporterGetRemoteAPIAddressEx(char* szDLLName, char* szAPIName); +__declspec(dllimport) long long TITCALL ImporterGetLocalAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress); +__declspec(dllimport) void* TITCALL ImporterGetDLLNameFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress); +__declspec(dllimport) void* TITCALL ImporterGetAPINameFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress); +__declspec(dllimport) long long TITCALL ImporterGetAPIOrdinalNumberFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress); +__declspec(dllimport) long TITCALL ImporterGetDLLIndexEx(ULONG_PTR APIAddress, ULONG_PTR DLLBasesList); +__declspec(dllimport) long TITCALL ImporterGetDLLIndex(HANDLE hProcess, ULONG_PTR APIAddress, ULONG_PTR DLLBasesList); +__declspec(dllimport) long long TITCALL ImporterGetRemoteDLLBase(HANDLE hProcess, HMODULE LocalModuleBase); +__declspec(dllimport) bool TITCALL ImporterIsForwardedAPI(HANDLE hProcess, ULONG_PTR APIAddress); +__declspec(dllimport) void* TITCALL ImporterGetForwardedAPIName(HANDLE hProcess, ULONG_PTR APIAddress); +__declspec(dllimport) void* TITCALL ImporterGetForwardedDLLName(HANDLE hProcess, ULONG_PTR APIAddress); +__declspec(dllimport) long TITCALL ImporterGetForwardedDLLIndex(HANDLE hProcess, ULONG_PTR APIAddress, ULONG_PTR DLLBasesList); +__declspec(dllimport) long long TITCALL ImporterGetForwardedAPIOrdinalNumber(HANDLE hProcess, ULONG_PTR APIAddress); +__declspec(dllimport) long long TITCALL ImporterGetNearestAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress); +__declspec(dllimport) void* TITCALL ImporterGetNearestAPIName(HANDLE hProcess, ULONG_PTR APIAddress); +__declspec(dllimport) bool TITCALL ImporterCopyOriginalIAT(char* szOriginalFile, char* szDumpFile); +__declspec(dllimport) bool TITCALL ImporterCopyOriginalIATW(wchar_t* szOriginalFile, wchar_t* szDumpFile); +__declspec(dllimport) bool TITCALL ImporterLoadImportTable(char* szFileName); +__declspec(dllimport) bool TITCALL ImporterLoadImportTableW(wchar_t* szFileName); +__declspec(dllimport) bool TITCALL ImporterMoveOriginalIAT(char* szOriginalFile, char* szDumpFile, char* szSectionName); +__declspec(dllimport) bool TITCALL ImporterMoveOriginalIATW(wchar_t* szOriginalFile, wchar_t* szDumpFile, char* szSectionName); +__declspec(dllimport) void TITCALL ImporterAutoSearchIAT(DWORD ProcessId, char* szFileName, ULONG_PTR SearchStart, LPVOID pIATStart, LPVOID pIATSize); +__declspec(dllimport) void TITCALL ImporterAutoSearchIATW(DWORD ProcessIds, wchar_t* szFileName, ULONG_PTR SearchStart, LPVOID pIATStart, LPVOID pIATSize); +__declspec(dllimport) void TITCALL ImporterAutoSearchIATEx(DWORD ProcessId, ULONG_PTR ImageBase, ULONG_PTR SearchStart, LPVOID pIATStart, LPVOID pIATSize); +__declspec(dllimport) void TITCALL ImporterEnumAddedData(LPVOID EnumCallBack); +__declspec(dllimport) long TITCALL ImporterAutoFixIATEx(DWORD ProcessId, char* szDumpedFile, char* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, bool TryAutoFix, bool FixEliminations, LPVOID UnknownPointerFixCallback); +__declspec(dllimport) long TITCALL ImporterAutoFixIATExW(DWORD ProcessId, wchar_t* szDumpedFile, char* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, bool TryAutoFix, bool FixEliminations, LPVOID UnknownPointerFixCallback); +__declspec(dllimport) long TITCALL ImporterAutoFixIAT(DWORD ProcessId, char* szDumpedFile, ULONG_PTR SearchStart); +__declspec(dllimport) long TITCALL ImporterAutoFixIATW(DWORD ProcessId, wchar_t* szDumpedFile, ULONG_PTR SearchStart); +__declspec(dllimport) bool TITCALL ImporterDeleteAPI(DWORD_PTR apiAddr); +// Global.Engine.Hook.functions: +__declspec(dllimport) bool TITCALL HooksSafeTransitionEx(LPVOID HookAddressArray, int NumberOfHooks, bool TransitionStart); +__declspec(dllimport) bool TITCALL HooksSafeTransition(LPVOID HookAddress, bool TransitionStart); +__declspec(dllimport) bool TITCALL HooksIsAddressRedirected(LPVOID HookAddress); +__declspec(dllimport) void* TITCALL HooksGetTrampolineAddress(LPVOID HookAddress); +__declspec(dllimport) void* TITCALL HooksGetHookEntryDetails(LPVOID HookAddress); +__declspec(dllimport) bool TITCALL HooksInsertNewRedirection(LPVOID HookAddress, LPVOID RedirectTo, int HookType); +__declspec(dllimport) bool TITCALL HooksInsertNewIATRedirectionEx(ULONG_PTR FileMapVA, ULONG_PTR LoadedModuleBase, char* szHookFunction, LPVOID RedirectTo); +__declspec(dllimport) bool TITCALL HooksInsertNewIATRedirection(char* szModuleName, char* szHookFunction, LPVOID RedirectTo); +__declspec(dllimport) bool TITCALL HooksRemoveRedirection(LPVOID HookAddress, bool RemoveAll); +__declspec(dllimport) bool TITCALL HooksRemoveRedirectionsForModule(HMODULE ModuleBase); +__declspec(dllimport) bool TITCALL HooksRemoveIATRedirection(char* szModuleName, char* szHookFunction, bool RemoveAll); +__declspec(dllimport) bool TITCALL HooksDisableRedirection(LPVOID HookAddress, bool DisableAll); +__declspec(dllimport) bool TITCALL HooksDisableRedirectionsForModule(HMODULE ModuleBase); +__declspec(dllimport) bool TITCALL HooksDisableIATRedirection(char* szModuleName, char* szHookFunction, bool DisableAll); +__declspec(dllimport) bool TITCALL HooksEnableRedirection(LPVOID HookAddress, bool EnableAll); +__declspec(dllimport) bool TITCALL HooksEnableRedirectionsForModule(HMODULE ModuleBase); +__declspec(dllimport) bool TITCALL HooksEnableIATRedirection(char* szModuleName, char* szHookFunction, bool EnableAll); +__declspec(dllimport) void TITCALL HooksScanModuleMemory(HMODULE ModuleBase, LPVOID CallBack); +__declspec(dllimport) void TITCALL HooksScanEntireProcessMemory(LPVOID CallBack); +__declspec(dllimport) void TITCALL HooksScanEntireProcessMemoryEx(); +// TitanEngine.Tracer.functions: +__declspec(dllimport) void TITCALL TracerInit(); +__declspec(dllimport) long long TITCALL TracerLevel1(HANDLE hProcess, ULONG_PTR AddressToTrace); +__declspec(dllimport) long long TITCALL HashTracerLevel1(HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD InputNumberOfInstructions); +__declspec(dllimport) long TITCALL TracerDetectRedirection(HANDLE hProcess, ULONG_PTR AddressToTrace); +__declspec(dllimport) long long TITCALL TracerFixKnownRedirection(HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD RedirectionId); +__declspec(dllimport) long long TITCALL TracerFixRedirectionViaModule(HMODULE hModuleHandle, HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD IdParameter); +__declspec(dllimport) long long TITCALL TracerDetectRedirectionViaModule(HMODULE hModuleHandle, HANDLE hProcess, ULONG_PTR AddressToTrace, PDWORD ReturnedId); +__declspec(dllimport) long TITCALL TracerFixRedirectionViaImpRecPlugin(HANDLE hProcess, char* szPluginName, ULONG_PTR AddressToTrace); +// TitanEngine.Exporter.functions: +__declspec(dllimport) void TITCALL ExporterCleanup(); +__declspec(dllimport) void TITCALL ExporterSetImageBase(ULONG_PTR ImageBase); +__declspec(dllimport) void TITCALL ExporterInit(DWORD MemorySize, ULONG_PTR ImageBase, DWORD ExportOrdinalBase, char* szExportModuleName); +__declspec(dllimport) bool TITCALL ExporterAddNewExport(char* szExportName, DWORD ExportRelativeAddress); +__declspec(dllimport) bool TITCALL ExporterAddNewOrdinalExport(DWORD OrdinalNumber, DWORD ExportRelativeAddress); +__declspec(dllimport) long TITCALL ExporterGetAddedExportCount(); +__declspec(dllimport) long TITCALL ExporterEstimatedSize(); +__declspec(dllimport) bool TITCALL ExporterBuildExportTable(ULONG_PTR StorePlace, ULONG_PTR FileMapVA); +__declspec(dllimport) bool TITCALL ExporterBuildExportTableEx(char* szExportFileName, char* szSectionName); +__declspec(dllimport) bool TITCALL ExporterBuildExportTableExW(wchar_t* szExportFileName, char* szSectionName); +__declspec(dllimport) bool TITCALL ExporterLoadExportTable(char* szFileName); +__declspec(dllimport) bool TITCALL ExporterLoadExportTableW(wchar_t* szFileName); +// TitanEngine.Librarian.functions: +__declspec(dllimport) bool TITCALL LibrarianSetBreakPoint(char* szLibraryName, DWORD bpxType, bool SingleShoot, LPVOID bpxCallBack); +__declspec(dllimport) bool TITCALL LibrarianRemoveBreakPoint(char* szLibraryName, DWORD bpxType); +__declspec(dllimport) void* TITCALL LibrarianGetLibraryInfo(char* szLibraryName); +__declspec(dllimport) void* TITCALL LibrarianGetLibraryInfoW(wchar_t* szLibraryName); +__declspec(dllimport) void* TITCALL LibrarianGetLibraryInfoEx(void* BaseOfDll); +__declspec(dllimport) void* TITCALL LibrarianGetLibraryInfoExW(void* BaseOfDll); +__declspec(dllimport) void TITCALL LibrarianEnumLibraryInfo(void* EnumCallBack); +__declspec(dllimport) void TITCALL LibrarianEnumLibraryInfoW(void* EnumCallBack); +// TitanEngine.Process.functions: +__declspec(dllimport) long TITCALL GetActiveProcessId(char* szImageName); +__declspec(dllimport) long TITCALL GetActiveProcessIdW(wchar_t* szImageName); +__declspec(dllimport) void TITCALL EnumProcessesWithLibrary(char* szLibraryName, void* EnumFunction); +// TitanEngine.TLSFixer.functions: +__declspec(dllimport) bool TITCALL TLSBreakOnCallBack(LPVOID ArrayOfCallBacks, DWORD NumberOfCallBacks, LPVOID bpxCallBack); +__declspec(dllimport) bool TITCALL TLSGrabCallBackData(char* szFileName, LPVOID ArrayOfCallBacks, LPDWORD NumberOfCallBacks); +__declspec(dllimport) bool TITCALL TLSGrabCallBackDataW(wchar_t* szFileName, LPVOID ArrayOfCallBacks, LPDWORD NumberOfCallBacks); +__declspec(dllimport) bool TITCALL TLSBreakOnCallBackEx(char* szFileName, LPVOID bpxCallBack); +__declspec(dllimport) bool TITCALL TLSBreakOnCallBackExW(wchar_t* szFileName, LPVOID bpxCallBack); +__declspec(dllimport) bool TITCALL TLSRemoveCallback(char* szFileName); +__declspec(dllimport) bool TITCALL TLSRemoveCallbackW(wchar_t* szFileName); +__declspec(dllimport) bool TITCALL TLSRemoveTable(char* szFileName); +__declspec(dllimport) bool TITCALL TLSRemoveTableW(wchar_t* szFileName); +__declspec(dllimport) bool TITCALL TLSBackupData(char* szFileName); +__declspec(dllimport) bool TITCALL TLSBackupDataW(wchar_t* szFileName); +__declspec(dllimport) bool TITCALL TLSRestoreData(); +__declspec(dllimport) bool TITCALL TLSBuildNewTable(ULONG_PTR FileMapVA, ULONG_PTR StorePlace, ULONG_PTR StorePlaceRVA, LPVOID ArrayOfCallBacks, DWORD NumberOfCallBacks); +__declspec(dllimport) bool TITCALL TLSBuildNewTableEx(char* szFileName, char* szSectionName, LPVOID ArrayOfCallBacks, DWORD NumberOfCallBacks); +__declspec(dllimport) bool TITCALL TLSBuildNewTableExW(wchar_t* szFileName, char* szSectionName, LPVOID ArrayOfCallBacks, DWORD NumberOfCallBacks); +// TitanEngine.TranslateName.functions: +__declspec(dllimport) void* TITCALL TranslateNativeName(char* szNativeName); +__declspec(dllimport) void* TITCALL TranslateNativeNameW(wchar_t* szNativeName); +// TitanEngine.Handler.functions: +__declspec(dllimport) long TITCALL HandlerGetActiveHandleCount(DWORD ProcessId); +__declspec(dllimport) bool TITCALL HandlerIsHandleOpen(DWORD ProcessId, HANDLE hHandle); +__declspec(dllimport) void* TITCALL HandlerGetHandleName(HANDLE hProcess, DWORD ProcessId, HANDLE hHandle, bool TranslateName); +__declspec(dllimport) void* TITCALL HandlerGetHandleNameW(HANDLE hProcess, DWORD ProcessId, HANDLE hHandle, bool TranslateName); +__declspec(dllimport) long TITCALL HandlerEnumerateOpenHandles(DWORD ProcessId, LPVOID HandleBuffer, DWORD MaxHandleCount); +__declspec(dllimport) long long TITCALL HandlerGetHandleDetails(HANDLE hProcess, DWORD ProcessId, HANDLE hHandle, DWORD InformationReturn); +__declspec(dllimport) bool TITCALL HandlerCloseRemoteHandle(HANDLE hProcess, HANDLE hHandle); +__declspec(dllimport) long TITCALL HandlerEnumerateLockHandles(char* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated, LPVOID HandleDataBuffer, DWORD MaxHandleCount); +__declspec(dllimport) long TITCALL HandlerEnumerateLockHandlesW(wchar_t* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated, LPVOID HandleDataBuffer, DWORD MaxHandleCount); +__declspec(dllimport) bool TITCALL HandlerCloseAllLockHandles(char* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated); +__declspec(dllimport) bool TITCALL HandlerCloseAllLockHandlesW(wchar_t* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated); +__declspec(dllimport) bool TITCALL HandlerIsFileLocked(char* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated); +__declspec(dllimport) bool TITCALL HandlerIsFileLockedW(wchar_t* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated); +// TitanEngine.Handler[Mutex].functions: +__declspec(dllimport) long TITCALL HandlerEnumerateOpenMutexes(HANDLE hProcess, DWORD ProcessId, LPVOID HandleBuffer, DWORD MaxHandleCount); +__declspec(dllimport) long long TITCALL HandlerGetOpenMutexHandle(HANDLE hProcess, DWORD ProcessId, char* szMutexString); +__declspec(dllimport) long long TITCALL HandlerGetOpenMutexHandleW(HANDLE hProcess, DWORD ProcessId, wchar_t* szMutexString); +__declspec(dllimport) long TITCALL HandlerGetProcessIdWhichCreatedMutex(char* szMutexString); +__declspec(dllimport) long TITCALL HandlerGetProcessIdWhichCreatedMutexW(wchar_t* szMutexString); +// TitanEngine.Injector.functions: +__declspec(dllimport) bool TITCALL RemoteLoadLibrary(HANDLE hProcess, char* szLibraryFile, bool WaitForThreadExit); +__declspec(dllimport) bool TITCALL RemoteLoadLibraryW(HANDLE hProcess, wchar_t* szLibraryFile, bool WaitForThreadExit); +__declspec(dllimport) bool TITCALL RemoteFreeLibrary(HANDLE hProcess, HMODULE hModule, char* szLibraryFile, bool WaitForThreadExit); +__declspec(dllimport) bool TITCALL RemoteFreeLibraryW(HANDLE hProcess, HMODULE hModule, wchar_t* szLibraryFile, bool WaitForThreadExit); +__declspec(dllimport) bool TITCALL RemoteExitProcess(HANDLE hProcess, DWORD ExitCode); +// TitanEngine.StaticUnpacker.functions: +__declspec(dllimport) bool TITCALL StaticFileLoad(char* szFileName, DWORD DesiredAccess, bool SimulateLoad, LPHANDLE FileHandle, LPDWORD LoadedSize, LPHANDLE FileMap, PULONG_PTR FileMapVA); +__declspec(dllimport) bool TITCALL StaticFileLoadW(wchar_t* szFileName, DWORD DesiredAccess, bool SimulateLoad, LPHANDLE FileHandle, LPDWORD LoadedSize, LPHANDLE FileMap, PULONG_PTR FileMapVA); +__declspec(dllimport) bool TITCALL StaticFileUnload(char* szFileName, bool CommitChanges, HANDLE FileHandle, DWORD LoadedSize, HANDLE FileMap, ULONG_PTR FileMapVA); +__declspec(dllimport) bool TITCALL StaticFileUnloadW(wchar_t* szFileName, bool CommitChanges, HANDLE FileHandle, DWORD LoadedSize, HANDLE FileMap, ULONG_PTR FileMapVA); +__declspec(dllimport) bool TITCALL StaticFileOpen(char* szFileName, DWORD DesiredAccess, LPHANDLE FileHandle, LPDWORD FileSizeLow, LPDWORD FileSizeHigh); +__declspec(dllimport) bool TITCALL StaticFileOpenW(wchar_t* szFileName, DWORD DesiredAccess, LPHANDLE FileHandle, LPDWORD FileSizeLow, LPDWORD FileSizeHigh); +__declspec(dllimport) bool TITCALL StaticFileGetContent(HANDLE FileHandle, DWORD FilePositionLow, LPDWORD FilePositionHigh, void* Buffer, DWORD Size); +__declspec(dllimport) void TITCALL StaticFileClose(HANDLE FileHandle); +__declspec(dllimport) void TITCALL StaticMemoryDecrypt(LPVOID MemoryStart, DWORD MemorySize, DWORD DecryptionType, DWORD DecryptionKeySize, ULONG_PTR DecryptionKey); +__declspec(dllimport) void TITCALL StaticMemoryDecryptEx(LPVOID MemoryStart, DWORD MemorySize, DWORD DecryptionKeySize, void* DecryptionCallBack); +__declspec(dllimport) void TITCALL StaticMemoryDecryptSpecial(LPVOID MemoryStart, DWORD MemorySize, DWORD DecryptionKeySize, DWORD SpecDecryptionType, void* DecryptionCallBack); +__declspec(dllimport) void TITCALL StaticSectionDecrypt(ULONG_PTR FileMapVA, DWORD SectionNumber, bool SimulateLoad, DWORD DecryptionType, DWORD DecryptionKeySize, ULONG_PTR DecryptionKey); +__declspec(dllimport) bool TITCALL StaticMemoryDecompress(void* Source, DWORD SourceSize, void* Destination, DWORD DestinationSize, int Algorithm); +__declspec(dllimport) bool TITCALL StaticRawMemoryCopy(HANDLE hFile, ULONG_PTR FileMapVA, ULONG_PTR VitualAddressToCopy, DWORD Size, bool AddressIsRVA, char* szDumpFileName); +__declspec(dllimport) bool TITCALL StaticRawMemoryCopyW(HANDLE hFile, ULONG_PTR FileMapVA, ULONG_PTR VitualAddressToCopy, DWORD Size, bool AddressIsRVA, wchar_t* szDumpFileName); +__declspec(dllexport) bool TITCALL StaticRawMemoryCopyEx(HANDLE hFile, DWORD RawAddressToCopy, DWORD Size, char* szDumpFileName); +__declspec(dllexport) bool TITCALL StaticRawMemoryCopyExW(HANDLE hFile, DWORD RawAddressToCopy, DWORD Size, wchar_t* szDumpFileName); +__declspec(dllexport) bool TITCALL StaticRawMemoryCopyEx64(HANDLE hFile, DWORD64 RawAddressToCopy, DWORD64 Size, char* szDumpFileName); +__declspec(dllexport) bool TITCALL StaticRawMemoryCopyEx64W(HANDLE hFile, DWORD64 RawAddressToCopy, DWORD64 Size, wchar_t* szDumpFileName); +__declspec(dllimport) bool TITCALL StaticHashMemory(void* MemoryToHash, DWORD SizeOfMemory, void* HashDigest, bool OutputString, int Algorithm); +__declspec(dllimport) bool TITCALL StaticHashFile(char* szFileName, char* HashDigest, bool OutputString, int Algorithm); +__declspec(dllimport) bool TITCALL StaticHashFileW(wchar_t* szFileName, char* HashDigest, bool OutputString, int Algorithm); +// TitanEngine.Engine.functions: +__declspec(dllimport) void TITCALL SetEngineVariable(DWORD VariableId, bool VariableSet); +__declspec(dllimport) bool TITCALL EngineCreateMissingDependencies(char* szFileName, char* szOutputFolder, bool LogCreatedFiles); +__declspec(dllimport) bool TITCALL EngineCreateMissingDependenciesW(wchar_t* szFileName, wchar_t* szOutputFolder, bool LogCreatedFiles); +__declspec(dllimport) bool TITCALL EngineFakeMissingDependencies(HANDLE hProcess); +__declspec(dllimport) bool TITCALL EngineDeleteCreatedDependencies(); +__declspec(dllimport) bool TITCALL EngineCreateUnpackerWindow(char* WindowUnpackerTitle, char* WindowUnpackerLongTitle, char* WindowUnpackerName, char* WindowUnpackerAuthor, void* StartUnpackingCallBack); +__declspec(dllimport) void TITCALL EngineAddUnpackerWindowLogMessage(char* szLogMessage); +// Global.Engine.Extension.Functions: +__declspec(dllimport) bool TITCALL ExtensionManagerIsPluginLoaded(char* szPluginName); +__declspec(dllimport) bool TITCALL ExtensionManagerIsPluginEnabled(char* szPluginName); +__declspec(dllimport) bool TITCALL ExtensionManagerDisableAllPlugins(); +__declspec(dllimport) bool TITCALL ExtensionManagerDisablePlugin(char* szPluginName); +__declspec(dllimport) bool TITCALL ExtensionManagerEnableAllPlugins(); +__declspec(dllimport) bool TITCALL ExtensionManagerEnablePlugin(char* szPluginName); +__declspec(dllimport) bool TITCALL ExtensionManagerUnloadAllPlugins(); +__declspec(dllimport) bool TITCALL ExtensionManagerUnloadPlugin(char* szPluginName); +__declspec(dllimport) void* TITCALL ExtensionManagerGetPluginInfo(char* szPluginName); + +#ifdef __cplusplus +} +#endif /*__cplusplus*/ + +#pragma pack(pop) + +#endif /*TITANENGINE*/ diff --git a/TitanUnitTest/TitanEngine.hpp b/TitanUnitTest/TitanEngine.hpp new file mode 100644 index 0000000..82b5e15 --- /dev/null +++ b/TitanUnitTest/TitanEngine.hpp @@ -0,0 +1,2800 @@ +#ifndef TITANENGINE_CPP +#define TITANENGINE_CPP + +#define TITCALL + +#if _MSC_VER > 1000 +#pragma once +#endif + +namespace TE +{ + +#include + +namespace UE +{ +#ifdef TITANENGINE +#undef TITANENGINE +#endif + +#include "TitanEngine.h" +} + +// ---- + +enum eHideLevel : DWORD +{ + UE_HIDE_PEBONLY = UE::UE_HIDE_PEBONLY, + UE_HIDE_BASIC = UE::UE_HIDE_BASIC +}; + +enum ePluginCallReason : int +{ + UE_PLUGIN_CALL_REASON_PREDEBUG = UE::UE_PLUGIN_CALL_REASON_PREDEBUG, + UE_PLUGIN_CALL_REASON_EXCEPTION = UE::UE_PLUGIN_CALL_REASON_EXCEPTION, + UE_PLUGIN_CALL_REASON_POSTDEBUG = UE::UE_PLUGIN_CALL_REASON_POSTDEBUG +}; + +enum eHookType : int +{ + TEE_HOOK_NRM_JUMP = UE::TEE_HOOK_NRM_JUMP, + TEE_HOOK_NRM_CALL = UE::TEE_HOOK_NRM_CALL, + TEE_HOOK_IAT = UE::TEE_HOOK_IAT +}; + +enum eEngineVariable : DWORD +{ + UE_ENGINE_ALOW_MODULE_LOADING = UE::UE_ENGINE_ALOW_MODULE_LOADING, + UE_ENGINE_AUTOFIX_FORWARDERS = UE::UE_ENGINE_AUTOFIX_FORWARDERS, + UE_ENGINE_PASS_ALL_EXCEPTIONS = UE::UE_ENGINE_PASS_ALL_EXCEPTIONS, + UE_ENGINE_NO_CONSOLE_WINDOW = UE::UE_ENGINE_NO_CONSOLE_WINDOW, + UE_ENGINE_BACKUP_FOR_CRITICAL_FUNCTIONS = UE::UE_ENGINE_BACKUP_FOR_CRITICAL_FUNCTIONS, + UE_ENGINE_CALL_PLUGIN_CALLBACK = UE::UE_ENGINE_CALL_PLUGIN_CALLBACK, + UE_ENGINE_RESET_CUSTOM_HANDLER = UE::UE_ENGINE_RESET_CUSTOM_HANDLER, + UE_ENGINE_CALL_PLUGIN_DEBUG_CALLBACK = UE::UE_ENGINE_CALL_PLUGIN_DEBUG_CALLBACK +}; + +enum eBPRemoveOption : DWORD +{ + UE_OPTION_REMOVEALL = UE::UE_OPTION_REMOVEALL, + UE_OPTION_DISABLEALL = UE::UE_OPTION_DISABLEALL, + UE_OPTION_REMOVEALLDISABLED = UE::UE_OPTION_REMOVEALLDISABLED, + UE_OPTION_REMOVEALLENABLED = UE::UE_OPTION_REMOVEALLENABLED +}; + +enum eAccess : DWORD +{ + UE_ACCESS_READ = UE::UE_ACCESS_READ, + UE_ACCESS_WRITE = UE::UE_ACCESS_WRITE, + UE_ACCESS_ALL = UE::UE_ACCESS_ALL +}; + +enum eDecryptionType : DWORD +{ + UE_STATIC_DECRYPTOR_XOR = UE::UE_STATIC_DECRYPTOR_XOR, + UE_STATIC_DECRYPTOR_SUB = UE::UE_STATIC_DECRYPTOR_SUB, + UE_STATIC_DECRYPTOR_ADD = UE::UE_STATIC_DECRYPTOR_ADD +}; + +enum eDecryptionDirection : DWORD +{ + UE_STATIC_DECRYPTOR_FOREWARD = UE::UE_STATIC_DECRYPTOR_FOREWARD, + UE_STATIC_DECRYPTOR_BACKWARD = UE::UE_STATIC_DECRYPTOR_BACKWARD +}; + +enum eDecryptionKeySize : DWORD +{ + UE_STATIC_KEY_SIZE_1 = UE::UE_STATIC_KEY_SIZE_1, + UE_STATIC_KEY_SIZE_2 = UE::UE_STATIC_KEY_SIZE_2, + UE_STATIC_KEY_SIZE_4 = UE::UE_STATIC_KEY_SIZE_4, + UE_STATIC_KEY_SIZE_8 = UE::UE_STATIC_KEY_SIZE_8 +}; + +enum eCompressionAlgorithm : int +{ + UE_STATIC_APLIB = UE::UE_STATIC_APLIB, + UE_STATIC_APLIB_DEPACK = UE::UE_STATIC_APLIB_DEPACK, + UE_STATIC_LZMA = UE::UE_STATIC_LZMA +}; + +enum eHashAlgorithm : int +{ + UE_STATIC_HASH_MD5 = UE::UE_STATIC_HASH_MD5, + UE_STATIC_HASH_SHA1 = UE::UE_STATIC_HASH_SHA1, + UE_STATIC_HASH_CRC32 = UE::UE_STATIC_HASH_CRC32 +}; + +const DWORD UE_RESOURCE_LANGUAGE_ANY = UE::UE_RESOURCE_LANGUAGE_ANY; + +enum ePE32Data : DWORD +{ + UE_PE_OFFSET = UE::UE_PE_OFFSET, + UE_IMAGEBASE = UE::UE_IMAGEBASE, + UE_OEP = UE::UE_OEP, + UE_BASEOFCODE = UE::UE_BASEOFCODE, + UE_BASEOFDATA = UE::UE_BASEOFDATA, + UE_SIZEOFIMAGE = UE::UE_SIZEOFIMAGE, + UE_SIZEOFHEADERS = UE::UE_SIZEOFHEADERS, + UE_SIZEOFOPTIONALHEADER = UE::UE_SIZEOFOPTIONALHEADER, + UE_SECTIONALIGNMENT = UE::UE_SECTIONALIGNMENT, + UE_IMPORTTABLEADDRESS = UE::UE_IMPORTTABLEADDRESS, + UE_IMPORTTABLESIZE = UE::UE_IMPORTTABLESIZE, + UE_RESOURCETABLEADDRESS = UE::UE_RESOURCETABLEADDRESS, + UE_RESOURCETABLESIZE = UE::UE_RESOURCETABLESIZE, + UE_EXPORTTABLEADDRESS = UE::UE_EXPORTTABLEADDRESS, + UE_EXPORTTABLESIZE = UE::UE_EXPORTTABLESIZE, + UE_TLSTABLEADDRESS = UE::UE_TLSTABLEADDRESS, + UE_TLSTABLESIZE = UE::UE_TLSTABLESIZE, + UE_RELOCATIONTABLEADDRESS = UE::UE_RELOCATIONTABLEADDRESS, + UE_RELOCATIONTABLESIZE = UE::UE_RELOCATIONTABLESIZE, + UE_TIMEDATESTAMP = UE::UE_TIMEDATESTAMP, + UE_SECTIONNUMBER = UE::UE_SECTIONNUMBER, + UE_CHECKSUM = UE::UE_CHECKSUM, + UE_SUBSYSTEM = UE::UE_SUBSYSTEM, + UE_CHARACTERISTICS = UE::UE_CHARACTERISTICS, + UE_NUMBEROFRVAANDSIZES = UE::UE_NUMBEROFRVAANDSIZES, + UE_SECTIONNAME = UE::UE_SECTIONNAME, + UE_SECTIONVIRTUALOFFSET = UE::UE_SECTIONVIRTUALOFFSET, + UE_SECTIONVIRTUALSIZE = UE::UE_SECTIONVIRTUALSIZE, + UE_SECTIONRAWOFFSET = UE::UE_SECTIONRAWOFFSET, + UE_SECTIONRAWSIZE = UE::UE_SECTIONRAWSIZE, + UE_SECTIONFLAGS = UE::UE_SECTIONFLAGS +}; + +const long UE_VANOTFOUND = UE::UE_VANOTFOUND; + +enum eCustomException : DWORD +{ + UE_CH_BREAKPOINT = UE::UE_CH_BREAKPOINT, + UE_CH_SINGLESTEP = UE::UE_CH_SINGLESTEP, + UE_CH_ACCESSVIOLATION = UE::UE_CH_ACCESSVIOLATION, + UE_CH_ILLEGALINSTRUCTION = UE::UE_CH_ILLEGALINSTRUCTION, + UE_CH_NONCONTINUABLEEXCEPTION = UE::UE_CH_NONCONTINUABLEEXCEPTION, + UE_CH_ARRAYBOUNDSEXCEPTION = UE::UE_CH_ARRAYBOUNDSEXCEPTION, + UE_CH_FLOATDENORMALOPERAND = UE::UE_CH_FLOATDENORMALOPERAND, + UE_CH_FLOATDEVIDEBYZERO = UE::UE_CH_FLOATDEVIDEBYZERO, + UE_CH_INTEGERDEVIDEBYZERO = UE::UE_CH_INTEGERDEVIDEBYZERO, + UE_CH_INTEGEROVERFLOW = UE::UE_CH_INTEGEROVERFLOW, + UE_CH_PRIVILEGEDINSTRUCTION = UE::UE_CH_PRIVILEGEDINSTRUCTION, + UE_CH_PAGEGUARD = UE::UE_CH_PAGEGUARD, + UE_CH_EVERYTHINGELSE = UE::UE_CH_EVERYTHINGELSE, + UE_CH_CREATETHREAD = UE::UE_CH_CREATETHREAD, + UE_CH_EXITTHREAD = UE::UE_CH_EXITTHREAD, + UE_CH_CREATEPROCESS = UE::UE_CH_CREATEPROCESS, + UE_CH_EXITPROCESS = UE::UE_CH_EXITPROCESS, + UE_CH_LOADDLL = UE::UE_CH_LOADDLL, + UE_CH_UNLOADDLL = UE::UE_CH_UNLOADDLL, + UE_CH_OUTPUTDEBUGSTRING = UE::UE_CH_OUTPUTDEBUGSTRING, + UE_CH_AFTEREXCEPTIONPROCESSING = UE::UE_CH_AFTEREXCEPTIONPROCESSING, + UE_CH_ALLEVENTS = UE::UE_CH_ALLEVENTS, + UE_CH_SYSTEMBREAKPOINT = UE::UE_CH_SYSTEMBREAKPOINT, + UE_CH_UNHANDLEDEXCEPTION = UE::UE_CH_UNHANDLEDEXCEPTION, + UE_CH_RIPEVENT = UE::UE_CH_RIPEVENT +}; + +enum eHandlerReturnType : DWORD +{ + UE_OPTION_HANDLER_RETURN_HANDLECOUNT = UE::UE_OPTION_HANDLER_RETURN_HANDLECOUNT, + UE_OPTION_HANDLER_RETURN_ACCESS = UE::UE_OPTION_HANDLER_RETURN_ACCESS, + UE_OPTION_HANDLER_RETURN_FLAGS = UE::UE_OPTION_HANDLER_RETURN_FLAGS, + UE_OPTION_HANDLER_RETURN_TYPENAME = UE::UE_OPTION_HANDLER_RETURN_TYPENAME +}; + +enum eBPState +{ + UE_BPXREMOVED = UE::UE_BPXREMOVED, + UE_BPXACTIVE = UE::UE_BPXACTIVE, + UE_BPXINACTIVE = UE::UE_BPXINACTIVE +}; + +enum eBPType +{ + UE_BREAKPOINT = UE::UE_BREAKPOINT, + UE_SINGLESHOOT = UE::UE_SINGLESHOOT, + //UE_HARDWARE = UE::UE_HARDWARE, +}; + +enum eMemoryBPType +{ + UE_MEMORY = UE::UE_MEMORY, + UE_MEMORY_READ = UE::UE_MEMORY_READ, + UE_MEMORY_WRITE = UE::UE_MEMORY_WRITE, + UE_MEMORY_EXECUTE = UE::UE_MEMORY_EXECUTE +}; + +enum eHWBPType : DWORD +{ + UE_HARDWARE_EXECUTE = UE::UE_HARDWARE_EXECUTE, + UE_HARDWARE_WRITE = UE::UE_HARDWARE_WRITE, + UE_HARDWARE_READWRITE = UE::UE_HARDWARE_READWRITE +}; + +enum eHWBPSize : DWORD +{ + UE_HARDWARE_SIZE_1 = UE::UE_HARDWARE_SIZE_1, + UE_HARDWARE_SIZE_2 = UE::UE_HARDWARE_SIZE_2, + UE_HARDWARE_SIZE_4 = UE::UE_HARDWARE_SIZE_4, + UE_HARDWARE_SIZE_8 = UE::UE_HARDWARE_SIZE_8 +}; + +enum eLibraryEvent : DWORD +{ + UE_ON_LIB_LOAD = UE::UE_ON_LIB_LOAD, + UE_ON_LIB_UNLOAD = UE::UE_ON_LIB_UNLOAD, + UE_ON_LIB_ALL = UE::UE_ON_LIB_ALL +}; + +enum eBPPlace : DWORD +{ + UE_APISTART = UE::UE_APISTART, + UE_APIEND = UE::UE_APIEND +}; + +enum ePlatform : int +{ + UE_PLATFORM_x86 = UE::UE_PLATFORM_x86, + UE_PLATFORM_x64 = UE::UE_PLATFORM_x64, + UE_PLATFORM_ALL = UE::UE_PLATFORM_ALL +}; + +enum eFunctionType : DWORD +{ + UE_FUNCTION_STDCALL = UE::UE_FUNCTION_STDCALL, + UE_FUNCTION_CCALL = UE::UE_FUNCTION_CCALL, + UE_FUNCTION_FASTCALL = UE::UE_FUNCTION_FASTCALL, + UE_FUNCTION_STDCALL_RET = UE::UE_FUNCTION_STDCALL_RET, + UE_FUNCTION_CCALL_RET = UE::UE_FUNCTION_CCALL_RET, + UE_FUNCTION_FASTCALL_RET = UE::UE_FUNCTION_FASTCALL_RET, + UE_FUNCTION_STDCALL_CALL = UE::UE_FUNCTION_STDCALL_CALL, + UE_FUNCTION_CCALL_CALL = UE::UE_FUNCTION_CCALL_CALL, + UE_FUNCTION_FASTCALL_CALL = UE::UE_FUNCTION_FASTCALL_CALL +}; + +enum eParameterType : DWORD +{ + UE_PARAMETER_BYTE = UE::UE_PARAMETER_BYTE, + UE_PARAMETER_WORD = UE::UE_PARAMETER_WORD, + UE_PARAMETER_DWORD = UE::UE_PARAMETER_DWORD, + UE_PARAMETER_QWORD = UE::UE_PARAMETER_QWORD, + UE_PARAMETER_PTR_BYTE = UE::UE_PARAMETER_PTR_BYTE, + UE_PARAMETER_PTR_WORD = UE::UE_PARAMETER_PTR_WORD, + UE_PARAMETER_PTR_DWORD = UE::UE_PARAMETER_PTR_DWORD, + UE_PARAMETER_PTR_QWORD = UE::UE_PARAMETER_PTR_QWORD, + UE_PARAMETER_STRING = UE::UE_PARAMETER_STRING, + UE_PARAMETER_UNICODE = UE::UE_PARAMETER_UNICODE +}; + +enum eContextData : DWORD +{ + UE_EAX = UE::UE_EAX, + UE_EBX = UE::UE_EBX, + UE_ECX = UE::UE_ECX, + UE_EDX = UE::UE_EDX, + UE_EDI = UE::UE_EDI, + UE_ESI = UE::UE_ESI, + UE_EBP = UE::UE_EBP, + UE_ESP = UE::UE_ESP, + UE_EIP = UE::UE_EIP, + UE_EFLAGS = UE::UE_EFLAGS, + UE_DR0 = UE::UE_DR0, + UE_DR1 = UE::UE_DR1, + UE_DR2 = UE::UE_DR2, + UE_DR3 = UE::UE_DR3, + UE_DR6 = UE::UE_DR6, + UE_DR7 = UE::UE_DR7, + UE_RAX = UE::UE_RAX, + UE_RBX = UE::UE_RBX, + UE_RCX = UE::UE_RCX, + UE_RDX = UE::UE_RDX, + UE_RDI = UE::UE_RDI, + UE_RSI = UE::UE_RSI, + UE_RBP = UE::UE_RBP, + UE_RSP = UE::UE_RSP, + UE_RIP = UE::UE_RIP, + UE_RFLAGS = UE::UE_RFLAGS, + UE_R8 = UE::UE_R8, + UE_R9 = UE::UE_R9, + UE_R10 = UE::UE_R10, + UE_R11 = UE::UE_R11, + UE_R12 = UE::UE_R12, + UE_R13 = UE::UE_R13, + UE_R14 = UE::UE_R14, + UE_R15 = UE::UE_R15, + UE_CIP = UE::UE_CIP, + UE_CSP = UE::UE_CSP, + UE_SEG_GS = UE::UE_SEG_GS, + UE_SEG_FS = UE::UE_SEG_FS, + UE_SEG_ES = UE::UE_SEG_ES, + UE_SEG_DS = UE::UE_SEG_DS, + UE_SEG_CS = UE::UE_SEG_CS, + UE_SEG_SS = UE::UE_SEG_SS +}; + +enum eCheckDepth : DWORD +{ + UE_DEPTH_SURFACE = UE::UE_DEPTH_SURFACE, + UE_DEPTH_DEEP = UE::UE_DEPTH_DEEP +}; + +enum eFieldState : BYTE +{ + UE_FIELD_OK = UE::UE_FIELD_OK, + UE_FIELD_BROKEN_NON_FIXABLE = UE::UE_FIELD_BROKEN_NON_FIXABLE, + UE_FIELD_BROKEN_NON_CRITICAL = UE::UE_FIELD_BROKEN_NON_CRITICAL, + UE_FIELD_BROKEN_FIXABLE_FOR_STATIC_USE = UE::UE_FIELD_BROKEN_FIXABLE_FOR_STATIC_USE, + UE_FIELD_BROKEN_BUT_CAN_BE_EMULATED = UE::UE_FIELD_BROKEN_BUT_CAN_BE_EMULATED, + UE_FIELD_FIXABLE_NON_CRITICAL = UE::UE_FIELD_FIXABLE_NON_CRITICAL, + UE_FIELD_FIXABLE_CRITICAL = UE::UE_FIELD_FIXABLE_CRITICAL, + UE_FIELD_NOT_PRESET = UE::UE_FIELD_NOT_PRESET, + UE_FIELD_NOT_PRESET_WARNING = UE::UE_FIELD_NOT_PRESET_WARNING +}; + +enum eFileState : BYTE +{ + UE_RESULT_FILE_OK = UE::UE_RESULT_FILE_OK, + UE_RESULT_FILE_INVALID_BUT_FIXABLE = UE::UE_RESULT_FILE_INVALID_BUT_FIXABLE, + UE_RESULT_FILE_INVALID_AND_NON_FIXABLE = UE::UE_RESULT_FILE_INVALID_AND_NON_FIXABLE, + UE_RESULT_FILE_INVALID_FORMAT = UE::UE_RESULT_FILE_INVALID_FORMAT +}; + +// ---- + +class DumperA; +class DumperW; + +class DumperX +{ + friend class DumperA; + friend class DumperW; + +protected: + + typedef UE::PEStruct PEStruct; + + static long long GetPE32DataFromMappedFile(ULONG_PTR FileMapVA, DWORD WhichSection, ePE32Data WhichData) + { + return UE::GetPE32DataFromMappedFile(FileMapVA, WhichSection, WhichData); + } + static bool GetPE32DataFromMappedFileEx(ULONG_PTR FileMapVA, PEStruct* DataStorage) + { + return UE::GetPE32DataFromMappedFileEx(FileMapVA, (void*)DataStorage); + } + static bool SetPE32DataForMappedFile(ULONG_PTR FileMapVA, DWORD WhichSection, ePE32Data WhichData, ULONG_PTR NewDataValue) + { + return UE::SetPE32DataForMappedFile(FileMapVA, WhichSection, WhichData, NewDataValue); + } + static bool SetPE32DataForMappedFileEx(ULONG_PTR FileMapVA, PEStruct* DataStorage) + { + return UE::SetPE32DataForMappedFileEx(FileMapVA, (void*)DataStorage); + } + static long GetPE32SectionNumberFromVA(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert) + { + return UE::GetPE32SectionNumberFromVA(FileMapVA, AddressToConvert); + } + static long long ConvertVAtoFileOffset(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType) + { + return UE::ConvertVAtoFileOffset(FileMapVA, AddressToConvert, ReturnType); + } + static long long ConvertVAtoFileOffsetEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool AddressIsRVA, bool ReturnType) + { + return UE::ConvertVAtoFileOffsetEx(FileMapVA, FileSize, ImageBase, AddressToConvert, AddressIsRVA, ReturnType); + } + static long long ConvertFileOffsetToVA(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType) + { + return UE::ConvertFileOffsetToVA(FileMapVA, AddressToConvert, ReturnType); + } + static long long ConvertFileOffsetToVAEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool ReturnType) + { + return UE::ConvertFileOffsetToVAEx(FileMapVA, FileSize, ImageBase, AddressToConvert, ReturnType); + } + static bool MemoryReadSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T * lpNumberOfBytesRead) + { + return UE::MemoryReadSafe(hProcess, lpBaseAddress, lpBuffer, nSize, lpNumberOfBytesRead); + } + static bool MemoryWriteSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID lpBuffer, SIZE_T nSize, SIZE_T * lpNumberOfBytesWritten) + { + return UE::MemoryWriteSafe(hProcess, lpBaseAddress, lpBuffer, nSize, lpNumberOfBytesWritten); + } +}; + +class DumperA +{ +public: + + static bool DumpProcess(HANDLE hProcess, void* ImageBase, const char* szDumpFileName, ULONG_PTR EntryPoint) + { + return UE::DumpProcess(hProcess, ImageBase, (char*)szDumpFileName, EntryPoint); + } + static bool DumpProcessEx(DWORD ProcessId, void* ImageBase, const char* szDumpFileName, ULONG_PTR EntryPoint) + { + return UE::DumpProcessEx(ProcessId, ImageBase, (char*)szDumpFileName, EntryPoint); + } + static bool DumpMemory(HANDLE hProcess, void* MemoryStart, ULONG_PTR MemorySize, const char* szDumpFileName) + { + return UE::DumpMemory(hProcess, MemoryStart, MemorySize, (char*)szDumpFileName); + } + static bool DumpMemoryEx(DWORD ProcessId, void* MemoryStart, ULONG_PTR MemorySize, const char* szDumpFileName) + { + return UE::DumpMemoryEx(ProcessId, MemoryStart, MemorySize, (char*)szDumpFileName); + } + static bool DumpRegions(HANDLE hProcess, const char* szDumpFolder, bool DumpAboveImageBaseOnly) + { + return UE::DumpRegions(hProcess, (char*)szDumpFolder, DumpAboveImageBaseOnly); + } + static bool DumpRegionsEx(DWORD ProcessId, const char* szDumpFolder, bool DumpAboveImageBaseOnly) + { + return UE::DumpRegionsEx(ProcessId, (char*)szDumpFolder, DumpAboveImageBaseOnly); + } + static bool DumpModule(HANDLE hProcess, void* ModuleBase, const char* szDumpFileName) + { + return UE::DumpModule(hProcess, ModuleBase, (char*)szDumpFileName); + } + static bool DumpModuleEx(DWORD ProcessId, void* ModuleBase, const char* szDumpFileName) + { + return UE::DumpModuleEx(ProcessId, ModuleBase, (char*)szDumpFileName); + } + static bool PastePEHeader(HANDLE hProcess, void* ImageBase, const char* szDebuggedFileName) + { + return UE::PastePEHeader(hProcess, ImageBase, (char*)szDebuggedFileName); + } + static bool ExtractSection(const char* szFileName, const char* szDumpFileName, DWORD SectionNumber) + { + return UE::ExtractSection((char*)szFileName, (char*)szDumpFileName, SectionNumber); + } + static bool ResortFileSections(const char* szFileName) + { + return UE::ResortFileSections((char*)szFileName); + } + static bool FindOverlay(const char* szFileName, DWORD* OverlayStart, DWORD* OverlaySize) + { + return UE::FindOverlay((char*)szFileName, OverlayStart, OverlaySize); + } + static bool ExtractOverlay(const char* szFileName, const char* szExtractedFileName) + { + return UE::ExtractOverlay((char*)szFileName, (char*)szExtractedFileName); + } + static bool AddOverlay(const char* szFileName, const char* szOverlayFileName) + { + return UE::AddOverlay((char*)szFileName, (char*)szOverlayFileName); + } + static bool CopyOverlay(const char* szInFileName, const char* szOutFileName) + { + return UE::CopyOverlay((char*)szInFileName, (char*)szOutFileName); + } + static bool RemoveOverlay(const char* szFileName) + { + return UE::RemoveOverlay((char*)szFileName); + } + static bool MakeAllSectionsRWE(const char* szFileName) + { + return UE::MakeAllSectionsRWE((char*)szFileName); + } + static long AddNewSectionEx(const char* szFileName, const char* szSectionName, DWORD SectionSize, DWORD SectionAttributes, const void* SectionContent, DWORD ContentSize) + { + return UE::AddNewSectionEx((char*)szFileName, (char*)szSectionName, SectionSize, SectionAttributes, (void*)SectionContent, ContentSize); + } + static long AddNewSection(const char* szFileName, const char* szSectionName, DWORD SectionSize) + { + return UE::AddNewSection((char*)szFileName, (char*)szSectionName, SectionSize); + } + static bool ResizeLastSection(const char* szFileName, DWORD NumberOfExpandBytes, bool AlignResizeData) + { + return UE::ResizeLastSection((char*)szFileName, NumberOfExpandBytes, AlignResizeData); + } + static void SetSharedOverlay(const char* szFileName) + { + return UE::SetSharedOverlay((char*)szFileName); + } + static const char* GetSharedOverlay() + { + return UE::GetSharedOverlay(); + } + static bool DeleteLastSection(const char* szFileName) + { + return UE::DeleteLastSection((char*)szFileName); + } + static bool DeleteLastSectionEx(const char* szFileName, DWORD NumberOfSections) + { + return UE::DeleteLastSectionEx((char*)szFileName, NumberOfSections); + } + static long long GetPE32Data(const char* szFileName, DWORD WhichSection, ePE32Data WhichData) + { + return UE::GetPE32Data((char*)szFileName, WhichSection, WhichData); + } + static bool GetPE32DataEx(const char* szFileName, DumperX::PEStruct* DataStorage) + { + return UE::GetPE32DataEx((char*)szFileName, DataStorage); + } + static bool SetPE32Data(const char* szFileName, DWORD WhichSection, ePE32Data WhichData, ULONG_PTR NewDataValue) + { + return UE::SetPE32Data((char*)szFileName, WhichSection, WhichData, NewDataValue); + } + static bool SetPE32DataEx(const char* szFileName, const DumperX::PEStruct* DataStorage) + { + return UE::SetPE32DataEx((char*)szFileName, (void*)DataStorage); + } +}; + +class DumperW +{ +public: + + static bool DumpProcess(HANDLE hProcess, void* ImageBase, const wchar_t* szDumpFileName, ULONG_PTR EntryPoint) + { + return UE::DumpProcessW(hProcess, ImageBase, (wchar_t*)szDumpFileName, EntryPoint); + } + static bool DumpProcessEx(DWORD ProcessId, void* ImageBase, const wchar_t* szDumpFileName, ULONG_PTR EntryPoint) + { + return UE::DumpProcessExW(ProcessId, ImageBase, (wchar_t*)szDumpFileName, EntryPoint); + } + static bool DumpMemory(HANDLE hProcess, void* MemoryStart, ULONG_PTR MemorySize, const wchar_t* szDumpFileName) + { + return UE::DumpMemoryW(hProcess, MemoryStart, MemorySize, (wchar_t*)szDumpFileName); + } + static bool DumpMemoryEx(DWORD ProcessId, void* MemoryStart, ULONG_PTR MemorySize, const wchar_t* szDumpFileName) + { + return UE::DumpMemoryExW(ProcessId, MemoryStart, MemorySize, (wchar_t*)szDumpFileName); + } + static bool DumpRegions(HANDLE hProcess, const wchar_t* szDumpFolder, bool DumpAboveImageBaseOnly) + { + return UE::DumpRegionsW(hProcess, (wchar_t*)szDumpFolder, DumpAboveImageBaseOnly); + } + static bool DumpRegionsEx(DWORD ProcessId, const wchar_t* szDumpFolder, bool DumpAboveImageBaseOnly) + { + return UE::DumpRegionsExW(ProcessId, (wchar_t*)szDumpFolder, DumpAboveImageBaseOnly); + } + static bool DumpModule(HANDLE hProcess, void* ModuleBase, const wchar_t* szDumpFileName) + { + return UE::DumpModuleW(hProcess, ModuleBase, (wchar_t*)szDumpFileName); + } + static bool DumpModuleEx(DWORD ProcessId, void* ModuleBase, const wchar_t* szDumpFileName) + { + return UE::DumpModuleExW(ProcessId, ModuleBase, (wchar_t*)szDumpFileName); + } + static bool PastePEHeader(HANDLE hProcess, void* ImageBase, const wchar_t* szDebuggedFileName) + { + return UE::PastePEHeaderW(hProcess, ImageBase, (wchar_t*)szDebuggedFileName); + } + static bool ExtractSection(const wchar_t* szFileName, const wchar_t* szDumpFileName, DWORD SectionNumber) + { + return UE::ExtractSectionW((wchar_t*)szFileName, (wchar_t*)szDumpFileName, SectionNumber); + } + static bool ResortFileSections(const wchar_t* szFileName) + { + return UE::ResortFileSectionsW((wchar_t*)szFileName); + } + static bool FindOverlay(const wchar_t* szFileName, DWORD* OverlayStart, DWORD* OverlaySize) + { + return UE::FindOverlayW((wchar_t*)szFileName, OverlayStart, OverlaySize); + } + static bool ExtractOverlay(const wchar_t* szFileName, const wchar_t* szExtractedFileName) + { + return UE::ExtractOverlayW((wchar_t*)szFileName, (wchar_t*)szExtractedFileName); + } + static bool AddOverlay(const wchar_t* szFileName, const wchar_t* szOverlayFileName) + { + return UE::AddOverlayW((wchar_t*)szFileName, (wchar_t*)szOverlayFileName); + } + static bool CopyOverlay(const wchar_t* szInFileName, const wchar_t* szOutFileName) + { + return UE::CopyOverlayW((wchar_t*)szInFileName, (wchar_t*)szOutFileName); + } + static bool RemoveOverlay(const wchar_t* szFileName) + { + return UE::RemoveOverlayW((wchar_t*)szFileName); + } + static bool MakeAllSectionsRWE(const wchar_t* szFileName) + { + return UE::MakeAllSectionsRWEW((wchar_t*)szFileName); + } + static long AddNewSectionEx(const wchar_t* szFileName, const char* szSectionName, DWORD SectionSize, DWORD SectionAttributes, const void* SectionContent, DWORD ContentSize) + { + return UE::AddNewSectionExW((wchar_t*)szFileName, (char*)szSectionName, SectionSize, SectionAttributes, (void*)SectionContent, ContentSize); + } + static long AddNewSection(const wchar_t* szFileName, const char* szSectionName, DWORD SectionSize) + { + return UE::AddNewSectionW((wchar_t*)szFileName, (char*)szSectionName, SectionSize); + } + static bool ResizeLastSection(const wchar_t* szFileName, DWORD NumberOfExpandBytes, bool AlignResizeData) + { + return UE::ResizeLastSectionW((wchar_t*)szFileName, NumberOfExpandBytes, AlignResizeData); + } + static void SetSharedOverlay(const wchar_t* szFileName) + { + return UE::SetSharedOverlayW((wchar_t*)szFileName); + } + static const wchar_t* GetSharedOverlay() + { + return UE::GetSharedOverlayW(); + } + static bool DeleteLastSection(const wchar_t* szFileName) + { + return UE::DeleteLastSectionW((wchar_t*)szFileName); + } + static bool DeleteLastSectionEx(const wchar_t* szFileName, DWORD NumberOfSections) + { + return UE::DeleteLastSectionExW((wchar_t*)szFileName, NumberOfSections); + } + static long long GetPE32Data(const wchar_t* szFileName, DWORD WhichSection, ePE32Data WhichData) + { + return UE::GetPE32DataW((wchar_t*)szFileName, WhichSection, WhichData); + } + static bool GetPE32DataEx(const wchar_t* szFileName, DumperX::PEStruct* DataStorage) + { + return UE::GetPE32DataExW((wchar_t*)szFileName, DataStorage); + } + static bool SetPE32Data(const wchar_t* szFileName, DWORD WhichSection, ePE32Data WhichData, ULONG_PTR NewDataValue) + { + return UE::SetPE32DataW((wchar_t*)szFileName, WhichSection, WhichData, NewDataValue); + } + static bool SetPE32DataEx(const wchar_t* szFileName, const DumperX::PEStruct* DataStorage) + { + return UE::SetPE32DataExW((wchar_t*)szFileName, (void*)DataStorage); + } +}; + +class Dumper : DumperX, DumperA, DumperW +{ +public: + + using DumperX::PEStruct; + + using DumperA::DumpProcess; + using DumperW::DumpProcess; + using DumperA::DumpProcessEx; + using DumperW::DumpProcessEx; + using DumperA::DumpMemory; + using DumperW::DumpMemory; + using DumperA::DumpMemoryEx; + using DumperW::DumpMemoryEx; + using DumperA::DumpRegions; + using DumperW::DumpRegions; + using DumperA::DumpRegionsEx; + using DumperW::DumpRegionsEx; + using DumperA::DumpModule; + using DumperW::DumpModule; + using DumperA::DumpModuleEx; + using DumperW::DumpModuleEx; + using DumperA::PastePEHeader; + using DumperW::PastePEHeader; + using DumperA::ExtractSection; + using DumperW::ExtractSection; + using DumperA::ResortFileSections; + using DumperW::ResortFileSections; + using DumperA::FindOverlay; + using DumperW::FindOverlay; + using DumperA::ExtractOverlay; + using DumperW::ExtractOverlay; + using DumperA::AddOverlay; + using DumperW::AddOverlay; + using DumperA::CopyOverlay; + using DumperW::CopyOverlay; + using DumperA::RemoveOverlay; + using DumperW::RemoveOverlay; + using DumperA::MakeAllSectionsRWE; + using DumperW::MakeAllSectionsRWE; + using DumperA::AddNewSectionEx; + using DumperW::AddNewSectionEx; + using DumperA::AddNewSection; + using DumperW::AddNewSection; + using DumperA::ResizeLastSection; + using DumperW::ResizeLastSection; + using DumperA::SetSharedOverlay; + using DumperW::SetSharedOverlay; +#ifndef UNICODE + using DumperA::GetSharedOverlay; +#else + using DumperW::GetSharedOverlay; +#endif + using DumperA::DeleteLastSection; + using DumperW::DeleteLastSection; + using DumperA::DeleteLastSectionEx; + using DumperW::DeleteLastSectionEx; + using DumperX::GetPE32DataFromMappedFile; + using DumperA::GetPE32Data; + using DumperW::GetPE32Data; + using DumperX::GetPE32DataFromMappedFileEx; + using DumperA::GetPE32DataEx; + using DumperW::GetPE32DataEx; + using DumperX::SetPE32DataForMappedFile; + using DumperA::SetPE32Data; + using DumperW::SetPE32Data; + using DumperX::SetPE32DataForMappedFileEx; + using DumperA::SetPE32DataEx; + using DumperW::SetPE32DataEx; + using DumperX::GetPE32SectionNumberFromVA; + using DumperX::ConvertVAtoFileOffset; + using DumperX::ConvertVAtoFileOffsetEx; + using DumperX::ConvertFileOffsetToVA; + using DumperX::ConvertFileOffsetToVAEx; +}; + +class RealignerA; +class RealignerW; + +class RealignerX +{ + friend class RealignerA; + friend class RealignerW; + +protected: + + typedef UE::FILE_STATUS_INFO FILE_STATUS_INFO; + typedef UE::FILE_FIX_INFO FILE_FIX_INFO; + + static long RealignPE(ULONG_PTR FileMapVA, DWORD FileSize, DWORD RealingMode) + { + return UE::RealignPE(FileMapVA, FileSize, RealingMode); + } +}; + +class RealignerA +{ +public: + + static bool FixHeaderCheckSum(const char* szFileName) + { + return UE::FixHeaderCheckSum((char*)szFileName); + } + static long RealignPEEx(const char* szFileName, DWORD RealingFileSize, DWORD ForcedFileAlignment) + { + return UE::RealignPEEx((char*)szFileName, RealingFileSize, ForcedFileAlignment); + } + static bool WipeSection(const char* szFileName, int WipeSectionNumber, bool RemovePhysically) + { + return UE::WipeSection((char*)szFileName, WipeSectionNumber, RemovePhysically); + } + static bool IsPE32FileValidEx(const char* szFileName, eCheckDepth CheckDepth, RealignerX::FILE_STATUS_INFO* FileStatusInfo) + { + return UE::IsPE32FileValidEx((char*)szFileName, CheckDepth, (void*)FileStatusInfo); + } + static bool FixBrokenPE32FileEx(const char* szFileName, const RealignerX::FILE_STATUS_INFO* FileStatusInfo, RealignerX::FILE_FIX_INFO* FileFixInfo) + { + return UE::FixBrokenPE32FileEx((char*)szFileName, (void*)FileStatusInfo, (void*)FileFixInfo); + } + static bool IsFileDLL(const char* szFileName, ULONG_PTR FileMapVA) + { + return UE::IsFileDLL((char*)szFileName, FileMapVA); + } +}; + +class RealignerW +{ +public: + + static bool FixHeaderCheckSum(const wchar_t* szFileName) + { + return UE::FixHeaderCheckSumW((wchar_t*)szFileName); + } + static long RealignPEEx(const wchar_t* szFileName, DWORD RealingFileSize, DWORD ForcedFileAlignment) + { + return UE::RealignPEExW((wchar_t*)szFileName, RealingFileSize, ForcedFileAlignment); + } + static bool WipeSection(const wchar_t* szFileName, int WipeSectionNumber, bool RemovePhysically) + { + return UE::WipeSectionW((wchar_t*)szFileName, WipeSectionNumber, RemovePhysically); + } + static bool IsPE32FileValidEx(const wchar_t* szFileName, eCheckDepth CheckDepth, RealignerX::FILE_STATUS_INFO* FileStatusInfo) + { + return UE::IsPE32FileValidExW((wchar_t*)szFileName, CheckDepth, FileStatusInfo); + } + static bool FixBrokenPE32FileEx(const wchar_t* szFileName, const RealignerX::FILE_STATUS_INFO* FileStatusInfo, RealignerX::FILE_FIX_INFO* FileFixInfo) + { + return UE::FixBrokenPE32FileExW((wchar_t*)szFileName, (void*)FileStatusInfo, (void*)FileFixInfo); + } + static bool IsFileDLL(const wchar_t* szFileName, ULONG_PTR FileMapVA) + { + return UE::IsFileDLLW((wchar_t*)szFileName, FileMapVA); + } +}; + +class Realigner: RealignerX, RealignerA, RealignerW +{ +public: + + using RealignerX::FILE_STATUS_INFO; + using RealignerX::FILE_FIX_INFO; + + using RealignerA::FixHeaderCheckSum; + using RealignerW::FixHeaderCheckSum; + using RealignerX::RealignPE; + using RealignerA::RealignPEEx; + using RealignerW::RealignPEEx; + using RealignerA::WipeSection; + using RealignerW::WipeSection; + using RealignerA::IsPE32FileValidEx; + using RealignerW::IsPE32FileValidEx; + using RealignerA::FixBrokenPE32FileEx; + using RealignerW::FixBrokenPE32FileEx; + using RealignerA::IsFileDLL; + using RealignerW::IsFileDLL; +}; + +class Hider +{ +public: + + static void* GetPEBLocation(HANDLE hProcess) + { + return UE::GetPEBLocation(hProcess); + } + static void* GetPEBLocation64(HANDLE hProcess) + { + return UE::GetPEBLocation64(hProcess); + } + static void* GetTEBLocation(HANDLE hProcess) + { + return UE::GetTEBLocation(hProcess); + } + static void* GetTEBLocation64(HANDLE hProcess) + { + return UE::GetTEBLocation64(hProcess); + } + static bool HideDebugger(HANDLE hProcess, eHideLevel PatchAPILevel) + { + return UE::HideDebugger(hProcess, PatchAPILevel); + } + static bool UnHideDebugger(HANDLE hProcess, eHideLevel PatchAPILevel) + { + return UE::UnHideDebugger(hProcess, PatchAPILevel); + } +}; + +class RelocaterX +{ +protected: + + static void Cleanup() + { + UE::RelocaterCleanup(); + } + static void Init(DWORD MemorySize, ULONG_PTR OldImageBase, ULONG_PTR NewImageBase) + { + UE::RelocaterInit(MemorySize, OldImageBase, NewImageBase); + } + static void AddNewRelocation(HANDLE hProcess, ULONG_PTR RelocateAddress, DWORD RelocateState) + { + UE::RelocaterAddNewRelocation(hProcess, RelocateAddress, RelocateState); + } + static long EstimatedSize() + { + return UE::RelocaterEstimatedSize(); + } + static bool ExportRelocation(ULONG_PTR StorePlace, DWORD StorePlaceRVA, ULONG_PTR FileMapVA) + { + return UE::RelocaterExportRelocation(StorePlace, StorePlaceRVA, FileMapVA); + } + static bool GrabRelocationTable(HANDLE hProcess, ULONG_PTR MemoryStart, DWORD MemorySize) + { + return UE::RelocaterGrabRelocationTable(hProcess, MemoryStart, MemorySize); + } + static bool GrabRelocationTableEx(HANDLE hProcess, ULONG_PTR MemoryStart, ULONG_PTR MemorySize, DWORD NtSizeOfImage) + { + return UE::RelocaterGrabRelocationTableEx(hProcess, MemoryStart, MemorySize, NtSizeOfImage); + } + static bool RelocateMemoryBlock(ULONG_PTR FileMapVA, ULONG_PTR MemoryLocation, void* RelocateMemory, DWORD RelocateMemorySize, ULONG_PTR CurrentLoadedBase, ULONG_PTR RelocateBase) + { + return UE::RelocaterRelocateMemoryBlock(FileMapVA, MemoryLocation, RelocateMemory, RelocateMemorySize, CurrentLoadedBase, RelocateBase); + } +}; + +class RelocaterA +{ +public: + + static bool ExportRelocationEx(const char* szFileName, const char* szSectionName) + { + return UE::RelocaterExportRelocationEx((char*)szFileName, (char*)szSectionName); + } + static bool MakeSnapshot(HANDLE hProcess, const char* szSaveFileName, void* MemoryStart, ULONG_PTR MemorySize) + { + return UE::RelocaterMakeSnapshot(hProcess, (char*)szSaveFileName, MemoryStart, MemorySize); + } + static bool CompareTwoSnapshots(HANDLE hProcess, ULONG_PTR LoadedImageBase, ULONG_PTR NtSizeOfImage, const char* szDumpFile1, const char* szDumpFile2, ULONG_PTR MemStart) + { + return UE::RelocaterCompareTwoSnapshots(hProcess, LoadedImageBase, NtSizeOfImage, (char*)szDumpFile1, (char*)szDumpFile2, MemStart); + } + static bool ChangeFileBase(const char* szFileName, ULONG_PTR NewImageBase) + { + return UE::RelocaterChangeFileBase((char*)szFileName, NewImageBase); + } + static bool WipeRelocationTable(const char* szFileName) + { + return UE::RelocaterWipeRelocationTable((char*)szFileName); + } +}; + +class RelocaterW +{ +public: + + static bool ExportRelocationEx(const wchar_t* szFileName, char* szSectionName) + { + return UE::RelocaterExportRelocationExW((wchar_t*)szFileName, (char*)szSectionName); + } + static bool MakeSnapshot(HANDLE hProcess, const wchar_t* szSaveFileName, void* MemoryStart, ULONG_PTR MemorySize) + { + return UE::RelocaterMakeSnapshotW(hProcess, (wchar_t*)szSaveFileName, MemoryStart, MemorySize); + } + static bool CompareTwoSnapshots(HANDLE hProcess, ULONG_PTR LoadedImageBase, ULONG_PTR NtSizeOfImage, const wchar_t* szDumpFile1, const wchar_t* szDumpFile2, ULONG_PTR MemStart) + { + return UE::RelocaterCompareTwoSnapshotsW(hProcess, LoadedImageBase, NtSizeOfImage, (wchar_t*)szDumpFile1, (wchar_t*)szDumpFile2, MemStart); + } + static bool ChangeFileBase(const wchar_t* szFileName, ULONG_PTR NewImageBase) + { + return UE::RelocaterChangeFileBaseW((wchar_t*)szFileName, NewImageBase); + } + static bool WipeRelocationTable(const wchar_t* szFileName) + { + return UE::RelocaterWipeRelocationTableW((wchar_t*)szFileName); + } +}; + +class Relocater : RelocaterX, RelocaterA, RelocaterW +{ +public: + + using RelocaterX::Cleanup; + using RelocaterX::Init; + using RelocaterX::AddNewRelocation; + using RelocaterX::EstimatedSize; + using RelocaterX::ExportRelocation; + using RelocaterA::ExportRelocationEx; + using RelocaterW::ExportRelocationEx; + using RelocaterX::GrabRelocationTable; + using RelocaterX::GrabRelocationTableEx; + using RelocaterA::MakeSnapshot; + using RelocaterW::MakeSnapshot; + using RelocaterA::CompareTwoSnapshots; + using RelocaterW::CompareTwoSnapshots; + using RelocaterA::ChangeFileBase; + using RelocaterW::ChangeFileBase; + using RelocaterX::RelocateMemoryBlock; + using RelocaterA::WipeRelocationTable; + using RelocaterW::WipeRelocationTable; +}; + +class ResourcerA; +class ResourcerW; + +class ResourcerX +{ + friend class ResourcerA; + friend class ResourcerW; + +protected: + + typedef void(TITCALL *fResourceEnumCallback)(const wchar_t* szResourceType, DWORD ResourceType, const wchar_t* szResourceName, DWORD ResourceName, DWORD ResourceLanguage, DWORD ResourceData, DWORD ResourceSize); + + static bool FreeLoadedFile(void* LoadedFileBase) + { + return UE::ResourcerFreeLoadedFile(LoadedFileBase); + } + static bool ExtractResourceFromFileEx(ULONG_PTR FileMapVA, char* szResourceType, char* szResourceName, char* szExtractedFileName) + { + return UE::ResourcerExtractResourceFromFileEx(FileMapVA, szResourceType, szResourceName, szExtractedFileName); + } + static bool FindResourceEx(ULONG_PTR FileMapVA, DWORD FileSize, wchar_t* szResourceType, DWORD ResourceType, wchar_t* szResourceName, DWORD ResourceName, DWORD ResourceLanguage, ULONG_PTR* pResourceData, DWORD* pResourceSize) + { + return UE::ResourcerFindResourceEx(FileMapVA, FileSize, szResourceType, ResourceType, szResourceName, ResourceName, ResourceLanguage, pResourceData, pResourceSize); + } + static void EnumerateResourceEx(ULONG_PTR FileMapVA, DWORD FileSize, fResourceEnumCallback CallBack) + { + UE::ResourcerEnumerateResourceEx(FileMapVA, FileSize, (void*)CallBack); + } +}; + +class ResourcerA +{ +public: + + static long long LoadFileForResourceUse(char* szFileName) + { + return UE::ResourcerLoadFileForResourceUse(szFileName); + } + static bool ExtractResourceFromFile(char* szFileName, char* szResourceType, char* szResourceName, char* szExtractedFileName) + { + return UE::ResourcerExtractResourceFromFile(szFileName, szResourceType, szResourceName, szExtractedFileName); + } + static bool FindResource(char* szFileName, char* szResourceType, DWORD ResourceType, char* szResourceName, DWORD ResourceName, DWORD ResourceLanguage, ULONG_PTR* pResourceData, DWORD* pResourceSize) + { + return UE::ResourcerFindResource(szFileName, szResourceType, ResourceType, szResourceName, ResourceName, ResourceLanguage, pResourceData, pResourceSize); + } + static void EnumerateResource(char* szFileName, ResourcerX::fResourceEnumCallback CallBack) + { + UE::ResourcerEnumerateResource(szFileName, (void*)CallBack); + } +}; + +class ResourcerW +{ +public: + + static long long LoadFileForResourceUse(wchar_t* szFileName) + { + return UE::ResourcerLoadFileForResourceUseW(szFileName); + } + static bool ExtractResourceFromFile(wchar_t* szFileName, char* szResourceType, char* szResourceName, char* szExtractedFileName) + { + return UE::ResourcerExtractResourceFromFileW(szFileName, szResourceType, szResourceName, szExtractedFileName); + } + static bool FindResource(wchar_t* szFileName, wchar_t* szResourceType, DWORD ResourceType, wchar_t* szResourceName, DWORD ResourceName, DWORD ResourceLanguage, ULONG_PTR* pResourceData, DWORD* pResourceSize) + { + return UE::ResourcerFindResourceW(szFileName, szResourceType, ResourceType, szResourceName, ResourceName, ResourceLanguage, pResourceData, pResourceSize); + } + static void EnumerateResource(wchar_t* szFileName, ResourcerX::fResourceEnumCallback CallBack) + { + UE::ResourcerEnumerateResourceW(szFileName, (void*)CallBack); + } +}; + +class Resourcer : ResourcerX, ResourcerA, ResourcerW +{ +public: + + using ResourcerX::fResourceEnumCallback; + + using ResourcerA::LoadFileForResourceUse; + using ResourcerW::LoadFileForResourceUse; + using ResourcerX::FreeLoadedFile; + using ResourcerX::ExtractResourceFromFileEx; + using ResourcerA::ExtractResourceFromFile; + using ResourcerW::ExtractResourceFromFile; + using ResourcerA::FindResource; + using ResourcerW::FindResource; + using ResourcerX::FindResourceEx; + using ResourcerA::EnumerateResource; + using ResourcerW::EnumerateResource; + using ResourcerX::EnumerateResourceEx; +}; + +class Threader +{ +public: + + typedef UE::THREAD_ITEM_DATA THREAD_ITEM_DATA; + + typedef void(TITCALL *fThreadEnumCallback)(const THREAD_ITEM_DATA* fThreadDetail); + typedef void(TITCALL *fThreadExitCallback)(const EXIT_THREAD_DEBUG_INFO* SpecialDBG); + + static bool ImportRunningThreadData(DWORD ProcessId) + { + return UE::ThreaderImportRunningThreadData(ProcessId); + } + static const THREAD_ITEM_DATA* GetThreadInfo(HANDLE hThread, DWORD ThreadId) + { + return (const THREAD_ITEM_DATA*)UE::ThreaderGetThreadInfo(hThread, ThreadId); + } + static void EnumThreadInfo(fThreadEnumCallback EnumCallBack) + { + UE::ThreaderEnumThreadInfo((void*)EnumCallBack); + } + static bool PauseThread(HANDLE hThread) + { + return UE::ThreaderPauseThread(hThread); + } + static bool ResumeThread(HANDLE hThread) + { + return UE::ThreaderResumeThread(hThread); + } + static bool TerminateThread(HANDLE hThread, DWORD ThreadExitCode) + { + return UE::ThreaderTerminateThread(hThread, ThreadExitCode); + } + static bool PauseAllThreads(bool LeaveMainRunning) + { + return UE::ThreaderPauseAllThreads(LeaveMainRunning); + } + static bool ResumeAllThreads(bool LeaveMainPaused) + { + return UE::ThreaderResumeAllThreads(LeaveMainPaused); + } + static bool PauseProcess() + { + return UE::ThreaderPauseProcess(); + } + static bool ResumeProcess() + { + return UE::ThreaderResumeProcess(); + } + static long long CreateRemoteThread(ULONG_PTR ThreadStartAddress, bool AutoCloseTheHandle, void* ThreadPassParameter, DWORD* ThreadId) + { + return UE::ThreaderCreateRemoteThread(ThreadStartAddress, AutoCloseTheHandle, ThreadPassParameter, ThreadId); + } + static bool InjectAndExecuteCode(void* InjectCode, DWORD StartDelta, DWORD InjectSize) + { + return UE::ThreaderInjectAndExecuteCode(InjectCode, StartDelta, InjectSize); + } + static long long CreateRemoteThreadEx(HANDLE hProcess, ULONG_PTR ThreadStartAddress, bool AutoCloseTheHandle, void* ThreadPassParameter, DWORD* ThreadId) + { + return UE::ThreaderCreateRemoteThreadEx(hProcess, ThreadStartAddress, AutoCloseTheHandle, ThreadPassParameter, ThreadId); + } + static bool InjectAndExecuteCodeEx(HANDLE hProcess, void* InjectCode, DWORD StartDelta, DWORD InjectSize) + { + return UE::ThreaderInjectAndExecuteCodeEx(hProcess, InjectCode, StartDelta, InjectSize); + } + static void SetCallBackForNextExitThreadEvent(fThreadExitCallback exitThreadCallBack) + { + UE::ThreaderSetCallBackForNextExitThreadEvent((void*)exitThreadCallBack); + } + static bool IsThreadStillRunning(HANDLE hThread) + { + return UE::ThreaderIsThreadStillRunning(hThread); + } + static bool IsThreadActive(HANDLE hThread) + { + return UE::ThreaderIsThreadActive(hThread); + } + static bool IsAnyThreadActive() + { + return UE::ThreaderIsAnyThreadActive(); + } + static bool ExecuteOnlyInjectedThreads() + { + return UE::ThreaderExecuteOnlyInjectedThreads(); + } + static long long GetOpenHandleForThread(DWORD ThreadId) + { + return UE::ThreaderGetOpenHandleForThread(ThreadId); + } + static bool IsExceptionInMainThread() + { + return UE::ThreaderIsExceptionInMainThread(); + } +}; + +// -- + +class DebuggerA; +class DebuggerW; + +class DebuggerX +{ + friend class DebuggerA; + friend class DebuggerW; + +protected: + + typedef void (TITCALL *fBreakPointCallback)(); + typedef void (TITCALL *fCustomHandlerCallback)(const void* ExceptionData); + + static const char* StaticDisassembleEx(ULONG_PTR DisassmStart, const void* DisassmAddress) + { + return (const char*)UE::StaticDisassembleEx(DisassmStart, (void*)DisassmAddress); + } + static const char* StaticDisassemble(const void* DisassmAddress) + { + return (const char*)UE::StaticDisassemble((void*)DisassmAddress); + } + static const char* DisassembleEx(HANDLE hProcess, void* DisassmAddress, bool ReturnInstructionType) + { + return (const char*)UE::DisassembleEx(hProcess, DisassmAddress, ReturnInstructionType); + } + static const char* Disassemble(void* DisassmAddress) + { + return (const char*)UE::Disassemble(DisassmAddress); + } + static long StaticLengthDisassemble(const void* DisassmAddress) + { + return UE::StaticLengthDisassemble((void*)DisassmAddress); + } + static long LengthDisassembleEx(HANDLE hProcess, void* DisassmAddress) + { + return UE::LengthDisassembleEx(hProcess, DisassmAddress); + } + static long LengthDisassemble(void* DisassmAddress) + { + return UE::LengthDisassemble(DisassmAddress); + } + static bool StopDebug() + { + return UE::StopDebug(); + } + static void SetBPXOptions(long DefaultBreakPointType) + { + UE::SetBPXOptions(DefaultBreakPointType); + } + static bool IsBPXEnabled(ULONG_PTR bpxAddress) + { + return UE::IsBPXEnabled(bpxAddress); + } + static bool EnableBPX(ULONG_PTR bpxAddress) + { + return UE::EnableBPX(bpxAddress); + } + static bool DisableBPX(ULONG_PTR bpxAddress) + { + return UE::DisableBPX(bpxAddress); + } + static bool SetBPX(ULONG_PTR bpxAddress, eBPType bpxType, fBreakPointCallback bpxCallBack) + { + return UE::SetBPX(bpxAddress, bpxType, (void*)bpxCallBack); + } + static bool DeleteBPX(ULONG_PTR bpxAddress) + { + return UE::DeleteBPX(bpxAddress); + } + static bool SafeDeleteBPX(ULONG_PTR bpxAddress) + { + return UE::SafeDeleteBPX(bpxAddress); + } + static bool SetAPIBreakPoint(const char* szDLLName, const char* szAPIName, eBPType bpxType, eBPPlace bpxPlace, fBreakPointCallback bpxCallBack) + { + return UE::SetAPIBreakPoint(szDLLName, szAPIName, bpxType, bpxPlace, (void*)bpxCallBack); + } + static bool DeleteAPIBreakPoint(const char* szDLLName, const char* szAPIName, eBPPlace bpxPlace) + { + return UE::DeleteAPIBreakPoint(szDLLName, szAPIName, bpxPlace); + } + static bool SafeDeleteAPIBreakPoint(const char* szDLLName, const char* szAPIName, eBPPlace bpxPlace) + { + return UE::SafeDeleteAPIBreakPoint(szDLLName, szAPIName, bpxPlace); + } + static bool SetMemoryBPX(ULONG_PTR MemoryStart, SIZE_T SizeOfMemory, fBreakPointCallback bpxCallBack) + { + return UE::SetMemoryBPX(MemoryStart, SizeOfMemory, (void*)bpxCallBack); + } + static bool SetMemoryBPXEx(ULONG_PTR MemoryStart, SIZE_T SizeOfMemory, eMemoryBPType BreakPointType, bool RestoreOnHit, fBreakPointCallback bpxCallBack) + { + return UE::SetMemoryBPXEx(MemoryStart, SizeOfMemory, BreakPointType, RestoreOnHit, (void*)bpxCallBack); + } + static bool RemoveMemoryBPX(ULONG_PTR MemoryStart, SIZE_T SizeOfMemory) + { + return UE::RemoveMemoryBPX(MemoryStart, SizeOfMemory); + } +#ifdef _WIN64 + static bool GetContextFPUDataEx(HANDLE hActiveThread, XMM_SAVE_AREA32* FPUSaveArea) +#else + static bool GetContextFPUDataEx(HANDLE hActiveThread, FLOATING_SAVE_AREA* FPUSaveArea) +#endif + { + return UE::GetContextFPUDataEx(hActiveThread, FPUSaveArea); + } + static long long GetContextDataEx(HANDLE hActiveThread, eContextData IndexOfRegister) + { + return UE::GetContextDataEx(hActiveThread, IndexOfRegister); + } + static long long GetContextData(eContextData IndexOfRegister) + { + return UE::GetContextData(IndexOfRegister); + } +#ifdef _WIN64 + static bool SetContextFPUDataEx(HANDLE hActiveThread, const XMM_SAVE_AREA32* FPUSaveArea) +#else + static bool SetContextFPUDataEx(HANDLE hActiveThread, const FLOATING_SAVE_AREA* FPUSaveArea) +#endif + { + return UE::SetContextFPUDataEx(hActiveThread, (void*)FPUSaveArea); + } + static bool SetContextDataEx(HANDLE hActiveThread, eContextData IndexOfRegister, ULONG_PTR NewRegisterValue) + { + return UE::SetContextDataEx(hActiveThread, IndexOfRegister, NewRegisterValue); + } + static bool SetContextData(eContextData IndexOfRegister, ULONG_PTR NewRegisterValue) + { + return UE::SetContextData(IndexOfRegister, NewRegisterValue); + } + static void ClearExceptionNumber() + { + UE::ClearExceptionNumber(); + } + static long CurrentExceptionNumber() + { + return UE::CurrentExceptionNumber(); + } + static bool MatchPatternEx(HANDLE hProcess, void* MemoryToCheck, int SizeOfMemoryToCheck, const void* PatternToMatch, int SizeOfPatternToMatch, const BYTE* WildCard) + { + return UE::MatchPatternEx(hProcess, MemoryToCheck, SizeOfMemoryToCheck, (void*)PatternToMatch, SizeOfPatternToMatch, (BYTE*)WildCard); + } + static bool MatchPattern(void* MemoryToCheck, int SizeOfMemoryToCheck, const void* PatternToMatch, int SizeOfPatternToMatch, const BYTE* WildCard) + { + return UE::MatchPattern(MemoryToCheck, SizeOfMemoryToCheck, (void*)PatternToMatch, SizeOfPatternToMatch, (BYTE*)WildCard); + } + static long long FindEx(HANDLE hProcess, void* MemoryStart, DWORD MemorySize, const void* SearchPattern, DWORD PatternSize, const BYTE* WildCard) + { + return UE::FindEx(hProcess, MemoryStart, MemorySize, (void*)SearchPattern, PatternSize, (BYTE*)WildCard); + } + static long long Find(void* MemoryStart, DWORD MemorySize, const void* SearchPattern, DWORD PatternSize, const BYTE* WildCard) + { + return UE::Find(MemoryStart, MemorySize, (void*)SearchPattern, PatternSize, (BYTE*)WildCard); + } + static bool FillEx(HANDLE hProcess, void* MemoryStart, DWORD MemorySize, const BYTE* FillByte) + { + return UE::FillEx(hProcess, MemoryStart, MemorySize, (BYTE*)FillByte); + } + static bool Fill(void* MemoryStart, DWORD MemorySize, const BYTE* FillByte) + { + return UE::Fill(MemoryStart, MemorySize, (BYTE*)FillByte); + } + static bool PatchEx(HANDLE hProcess, void* MemoryStart, DWORD MemorySize, const void* ReplacePattern, DWORD ReplaceSize, bool AppendNOP, bool PrependNOP) + { + return UE::PatchEx(hProcess, MemoryStart, MemorySize, (void*)ReplacePattern, ReplaceSize, AppendNOP, PrependNOP); + } + static bool Patch(void* MemoryStart, DWORD MemorySize, const void* ReplacePattern, DWORD ReplaceSize, bool AppendNOP, bool PrependNOP) + { + return UE::Patch(MemoryStart, MemorySize, (void*)ReplacePattern, ReplaceSize, AppendNOP, PrependNOP); + } + static bool ReplaceEx(HANDLE hProcess, void* MemoryStart, DWORD MemorySize, const void* SearchPattern, DWORD PatternSize, DWORD NumberOfRepetitions, const void* ReplacePattern, DWORD ReplaceSize, const BYTE* WildCard) + { + return UE::ReplaceEx(hProcess, MemoryStart, MemorySize, (void*)SearchPattern, PatternSize, NumberOfRepetitions, (void*)ReplacePattern, ReplaceSize, (BYTE*)WildCard); + } + static bool Replace(void* MemoryStart, DWORD MemorySize, const void* SearchPattern, DWORD PatternSize, DWORD NumberOfRepetitions, const void* ReplacePattern, DWORD ReplaceSize, const BYTE* WildCard) + { + return UE::Replace(MemoryStart, MemorySize, (void*)SearchPattern, PatternSize, NumberOfRepetitions, (void*)ReplacePattern, ReplaceSize, (BYTE*)WildCard); + } + static const DEBUG_EVENT* GetDebugData() + { + return (const DEBUG_EVENT*)UE::GetDebugData(); + } + static const DEBUG_EVENT* GetTerminationData() + { + return (const DEBUG_EVENT*)UE::GetTerminationData(); + } + static long GetExitCode() + { + return UE::GetExitCode(); + } + static long long GetDebuggedDLLBaseAddress() + { + return UE::GetDebuggedDLLBaseAddress(); + } + static long long GetDebuggedFileBaseAddress() + { + return UE::GetDebuggedFileBaseAddress(); + } + static bool GetRemoteString(HANDLE hProcess, void* StringAddress, void* StringStorage, int MaximumStringSize) + { + return UE::GetRemoteString(hProcess, StringAddress, StringStorage, MaximumStringSize); + } + static long long GetFunctionParameter(HANDLE hProcess, eFunctionType FunctionType, DWORD ParameterNumber, eParameterType ParameterType) + { + return UE::GetFunctionParameter(hProcess, FunctionType, ParameterNumber, ParameterType); + } + static long long GetJumpDestinationEx(HANDLE hProcess, ULONG_PTR InstructionAddress, bool JustJumps) + { + return UE::GetJumpDestinationEx(hProcess, InstructionAddress, JustJumps); + } + static long long GetJumpDestination(HANDLE hProcess, ULONG_PTR InstructionAddress) + { + return UE::GetJumpDestination(hProcess, InstructionAddress); + } + static bool IsJumpGoingToExecuteEx(HANDLE hProcess, HANDLE hThread, ULONG_PTR InstructionAddress, ULONG_PTR RegFlags) + { + return UE::IsJumpGoingToExecuteEx(hProcess, hThread, InstructionAddress, RegFlags); + } + static bool IsJumpGoingToExecute() + { + return UE::IsJumpGoingToExecute(); + } + static void SetCustomHandler(eCustomException ExceptionId, fCustomHandlerCallback CallBack) + { + UE::SetCustomHandler(ExceptionId, (void*)CallBack); + } + static void ForceClose() + { + UE::ForceClose(); + } + static void StepInto(fBreakPointCallback traceCallBack) + { + UE::StepInto((void*)traceCallBack); + } + static void StepOver(fBreakPointCallback traceCallBack) + { + UE::StepOver((void*)traceCallBack); + } + static void SingleStep(DWORD StepCount, fBreakPointCallback StepCallBack) + { + UE::SingleStep(StepCount, (void*)StepCallBack); + } + static bool GetUnusedHardwareBreakPointRegister(DWORD* RegisterIndex) + { + return UE::GetUnusedHardwareBreakPointRegister(RegisterIndex); + } + static bool SetHardwareBreakPointEx(HANDLE hActiveThread, ULONG_PTR bpxAddress, DWORD IndexOfRegister, eHWBPType bpxType, eHWBPSize bpxSize, fBreakPointCallback bpxCallBack, DWORD* IndexOfSelectedRegister) + { + return UE::SetHardwareBreakPointEx(hActiveThread, bpxAddress, IndexOfRegister, bpxType, bpxSize, (void*)bpxCallBack, IndexOfSelectedRegister); + } + static bool SetHardwareBreakPoint(ULONG_PTR bpxAddress, DWORD IndexOfRegister, eHWBPType bpxType, eHWBPSize bpxSize, fBreakPointCallback bpxCallBack) + { + return UE::SetHardwareBreakPoint(bpxAddress, IndexOfRegister, bpxType, bpxSize, (void*)bpxCallBack); + } + static bool DeleteHardwareBreakPoint(DWORD IndexOfRegister) + { + return UE::DeleteHardwareBreakPoint(IndexOfRegister); + } + static bool RemoveAllBreakPoints(eBPRemoveOption RemoveOption) + { + return UE::RemoveAllBreakPoints(RemoveOption); + } + static const PROCESS_INFORMATION* GetProcessInformation() + { + return (const PROCESS_INFORMATION*)UE::GetProcessInformation(); + } + static const STARTUPINFOW* GetStartupInformation() + { + return (const STARTUPINFOW*)UE::GetStartupInformation(); + } + static void DebugLoop() + { + UE::DebugLoop(); + } + static void SetDebugLoopTimeOut(DWORD TimeOut) + { + UE::SetDebugLoopTimeOut(TimeOut); + } + static void SetNextDbgContinueStatus(DWORD SetDbgCode) + { + UE::SetNextDbgContinueStatus(SetDbgCode); + } + static bool AttachDebugger(DWORD ProcessId, bool KillOnExit, PROCESS_INFORMATION* DebugInfo, fBreakPointCallback CallBack) + { + return UE::AttachDebugger(ProcessId, KillOnExit, DebugInfo, (void*)CallBack); + } + static bool DetachDebugger(DWORD ProcessId) + { + return UE::DetachDebugger(ProcessId); + } + static bool DetachDebuggerEx(DWORD ProcessId) + { + return UE::DetachDebuggerEx(ProcessId); + } + static void DebugLoopEx(DWORD TimeOut) + { + UE::DebugLoopEx(TimeOut); + } + static bool IsFileBeingDebugged() + { + return UE::IsFileBeingDebugged(); + } + static void SetErrorModel(bool DisplayErrorMessages) + { + UE::SetErrorModel(DisplayErrorMessages); + } +}; + +class DebuggerA +{ +public: + + static const PROCESS_INFORMATION* InitDebug(const char* szFileName, const char* szCommandLine, const char* szCurrentFolder) + { + return (const PROCESS_INFORMATION*)UE::InitDebug((char*)szFileName, (char*)szCommandLine, (char*)szCurrentFolder); + } + static const PROCESS_INFORMATION* InitDebugEx(const char* szFileName, const char* szCommandLine, const char* szCurrentFolder, DebuggerX::fBreakPointCallback EntryCallBack) + { + return (const PROCESS_INFORMATION*)UE::InitDebugEx((char*)szFileName, (char*)szCommandLine, (char*)szCurrentFolder, (void*)EntryCallBack); + } + static const PROCESS_INFORMATION* InitDLLDebug(const char* szFileName, bool ReserveModuleBase, const char* szCommandLine, const char* szCurrentFolder, DebuggerX::fBreakPointCallback EntryCallBack) + { + return (const PROCESS_INFORMATION*)UE::InitDLLDebug((char*)szFileName, ReserveModuleBase, (char*)szCommandLine, (char*)szCurrentFolder, (void*)EntryCallBack); + } + static void AutoDebugEx(const char* szFileName, bool ReserveModuleBase, const char* szCommandLine, const char* szCurrentFolder, DWORD TimeOut, DebuggerX::fBreakPointCallback EntryCallBack) + { + UE::AutoDebugEx((char*)szFileName, ReserveModuleBase, (char*)szCommandLine, (char*)szCurrentFolder, TimeOut, (void*)EntryCallBack); + } +}; + +class DebuggerW +{ +public: + + static const PROCESS_INFORMATION* InitDebug(const wchar_t* szFileName, const wchar_t* szCommandLine, const wchar_t* szCurrentFolder) + { + return (const PROCESS_INFORMATION*)UE::InitDebugW((wchar_t*)szFileName, (wchar_t*)szCommandLine, (wchar_t*)szCurrentFolder); + } + static const PROCESS_INFORMATION* InitDebugEx(const wchar_t* szFileName, const wchar_t* szCommandLine, const wchar_t* szCurrentFolder, DebuggerX::fBreakPointCallback EntryCallBack) + { + return (const PROCESS_INFORMATION*)UE::InitDebugExW((wchar_t*)szFileName, (wchar_t*)szCommandLine, (wchar_t*)szCurrentFolder, (void*)EntryCallBack); + } + static const PROCESS_INFORMATION* InitDLLDebug(const wchar_t* szFileName, bool ReserveModuleBase, const wchar_t* szCommandLine, const wchar_t* szCurrentFolder, DebuggerX::fBreakPointCallback EntryCallBack) + { + return (const PROCESS_INFORMATION*)UE::InitDLLDebugW((wchar_t*)szFileName, ReserveModuleBase, (wchar_t*)szCommandLine, (wchar_t*)szCurrentFolder, (void*)EntryCallBack); + } + static void AutoDebugEx(const wchar_t* szFileName, bool ReserveModuleBase, const wchar_t* szCommandLine, const wchar_t* szCurrentFolder, DWORD TimeOut, DebuggerX::fBreakPointCallback EntryCallBack) + { + UE::AutoDebugExW((wchar_t*)szFileName, ReserveModuleBase, (wchar_t*)szCommandLine, (wchar_t*)szCurrentFolder, TimeOut, (void*)EntryCallBack); + } +}; + +class Debugger : DebuggerX, DebuggerA, DebuggerW +{ +public: + + using DebuggerX::fBreakPointCallback; + using DebuggerX::fCustomHandlerCallback; + + using DebuggerX::StaticDisassembleEx; + using DebuggerX::StaticDisassemble; + using DebuggerX::DisassembleEx; + using DebuggerX::Disassemble; + using DebuggerX::StaticLengthDisassemble; + using DebuggerX::LengthDisassembleEx; + using DebuggerX::LengthDisassemble; + using DebuggerA::InitDebug; + using DebuggerW::InitDebug; + using DebuggerA::InitDebugEx; + using DebuggerW::InitDebugEx; + using DebuggerA::InitDLLDebug; + using DebuggerW::InitDLLDebug; + using DebuggerX::StopDebug; + using DebuggerX::SetBPXOptions; + using DebuggerX::IsBPXEnabled; + using DebuggerX::EnableBPX; + using DebuggerX::DisableBPX; + using DebuggerX::SetBPX; + using DebuggerX::DeleteBPX; + using DebuggerX::SafeDeleteBPX; + using DebuggerX::SetAPIBreakPoint; + using DebuggerX::DeleteAPIBreakPoint; + using DebuggerX::SafeDeleteAPIBreakPoint; + using DebuggerX::SetMemoryBPX; + using DebuggerX::SetMemoryBPXEx; + using DebuggerX::RemoveMemoryBPX; + using DebuggerX::GetContextFPUDataEx; + using DebuggerX::GetContextDataEx; + using DebuggerX::GetContextData; + using DebuggerX::SetContextFPUDataEx; + using DebuggerX::SetContextDataEx; + using DebuggerX::SetContextData; + using DebuggerX::ClearExceptionNumber; + using DebuggerX::CurrentExceptionNumber; + using DebuggerX::MatchPatternEx; + using DebuggerX::MatchPattern; + using DebuggerX::FindEx; + using DebuggerX::Find; + using DebuggerX::FillEx; + using DebuggerX::Fill; + using DebuggerX::PatchEx; + using DebuggerX::Patch; + using DebuggerX::ReplaceEx; + using DebuggerX::Replace; + using DebuggerX::GetDebugData; + using DebuggerX::GetTerminationData; + using DebuggerX::GetExitCode; + using DebuggerX::GetDebuggedDLLBaseAddress; + using DebuggerX::GetDebuggedFileBaseAddress; + using DebuggerX::GetRemoteString; + using DebuggerX::GetFunctionParameter; + using DebuggerX::GetJumpDestinationEx; + using DebuggerX::GetJumpDestination; + using DebuggerX::IsJumpGoingToExecuteEx; + using DebuggerX::IsJumpGoingToExecute; + using DebuggerX::SetCustomHandler; + using DebuggerX::ForceClose; + using DebuggerX::StepInto; + using DebuggerX::StepOver; + using DebuggerX::SingleStep; + using DebuggerX::GetUnusedHardwareBreakPointRegister; + using DebuggerX::SetHardwareBreakPointEx; + using DebuggerX::SetHardwareBreakPoint; + using DebuggerX::DeleteHardwareBreakPoint; + using DebuggerX::RemoveAllBreakPoints; + using DebuggerX::GetProcessInformation; + using DebuggerX::GetStartupInformation; + using DebuggerX::DebugLoop; + using DebuggerX::SetDebugLoopTimeOut; + using DebuggerX::SetNextDbgContinueStatus; + using DebuggerX::AttachDebugger; + using DebuggerX::DetachDebugger; + using DebuggerX::DetachDebuggerEx; + using DebuggerX::DebugLoopEx; + using DebuggerA::AutoDebugEx; + using DebuggerW::AutoDebugEx; + using DebuggerX::IsFileBeingDebugged; + using DebuggerX::SetErrorModel; +}; + +class FindOEPX +{ +protected: + + static void Init() + { + return UE::FindOEPInit(); + } +}; + +class FindOEPA +{ +public: + + static bool Generically(char* szFileName, Debugger::fBreakPointCallback TraceInitCallBack, Debugger::fBreakPointCallback CallBack) + { + return UE::FindOEPGenerically(szFileName, (void*)TraceInitCallBack, (void*)CallBack); + } +}; + +class FindOEPW +{ +public: + + static bool Generically(wchar_t* szFileName, Debugger::fBreakPointCallback TraceInitCallBack, Debugger::fBreakPointCallback CallBack) + { + return UE::FindOEPGenericallyW(szFileName, (void*)TraceInitCallBack, (void*)CallBack); + } +}; + +class FindOEP : FindOEPX, FindOEPA, FindOEPW +{ +public: + + using FindOEPX::Init; + using FindOEPA::Generically; + using FindOEPW::Generically; +}; + +class ImporterA; +class ImporterW; + +class ImporterX +{ + friend class ImporterA; + friend class ImporterW; + +public: + + typedef UE::ImportEnumData ImportEnumData; + +protected: + + typedef void (TITCALL *fImportEnumCallBack)(void* ptrImportEnumData); + typedef void* (TITCALL *fImportFixCallback)(void* fIATPointer); + + static void AddNewDll(const char* szDLLName, ULONG_PTR FirstThunk) + { + UE::ImporterAddNewDll((char*)szDLLName, FirstThunk); + } + static void AddNewAPI(const char* szAPIName, ULONG_PTR ThunkValue) + { + UE::ImporterAddNewAPI((char*)szAPIName, ThunkValue); + } + static void AddNewOrdinalAPI(ULONG_PTR OrdinalNumber, ULONG_PTR ThunkValue) + { + UE::ImporterAddNewOrdinalAPI(OrdinalNumber, ThunkValue); + } + static long GetAddedDllCount() + { + return UE::ImporterGetAddedDllCount(); + } + static long GetAddedAPICount() + { + return UE::ImporterGetAddedAPICount(); + } + static bool ExportIAT(ULONG_PTR StorePlace, ULONG_PTR FileMapVA, HANDLE hFileMap) + { + return UE::ImporterExportIAT(StorePlace, FileMapVA, hFileMap); + } + static long EstimatedSize() + { + return UE::ImporterEstimatedSize(); + } + static long long FindAPIWriteLocation(const char* szAPIName) + { + return UE::ImporterFindAPIWriteLocation((char*)szAPIName); + } + static long long FindOrdinalAPIWriteLocation(ULONG_PTR OrdinalNumber) + { + return UE::ImporterFindOrdinalAPIWriteLocation(OrdinalNumber); + } + static long long FindAPIByWriteLocation(ULONG_PTR APIWriteLocation) + { + return UE::ImporterFindAPIByWriteLocation(APIWriteLocation); + } + static long long FindDLLByWriteLocation(ULONG_PTR APIWriteLocation) + { + return UE::ImporterFindDLLByWriteLocation(APIWriteLocation); + } + static const char* GetDLLName(ULONG_PTR APIAddress) + { + return (const char*)UE::ImporterGetDLLName(APIAddress); + } + static const char* GetAPIName(ULONG_PTR APIAddress) + { + return (const char*)UE::ImporterGetAPIName(APIAddress); + } + static long long GetAPIOrdinalNumber(ULONG_PTR APIAddress) + { + return UE::ImporterGetAPIOrdinalNumber(APIAddress); + } + static const char* GetAPINameEx(ULONG_PTR APIAddress, const HMODULE* DLLBasesList) + { + return (const char*)UE::ImporterGetAPINameEx(APIAddress, (ULONG_PTR)DLLBasesList); + } + static long long GetRemoteAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress) + { + return UE::ImporterGetRemoteAPIAddress(hProcess, APIAddress); + } + static long long GetRemoteAPIAddressEx(const char* szDLLName, const char* szAPIName) + { + return UE::ImporterGetRemoteAPIAddressEx((char*)szDLLName, (char*)szAPIName); + } + static long long GetLocalAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress) + { + return UE::ImporterGetLocalAPIAddress(hProcess, APIAddress); + } + static const char* GetDLLNameFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress) + { + return (const char*)UE::ImporterGetDLLNameFromDebugee(hProcess, APIAddress); + } + static const char* GetAPINameFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress) + { + return (const char*)UE::ImporterGetAPINameFromDebugee(hProcess, APIAddress); + } + static long long GetAPIOrdinalNumberFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress) + { + return UE::ImporterGetAPIOrdinalNumberFromDebugee(hProcess, APIAddress); + } + static long GetDLLIndexEx(ULONG_PTR APIAddress, const HMODULE* DLLBasesList) + { + return UE::ImporterGetDLLIndexEx(APIAddress, (ULONG_PTR)DLLBasesList); + } + static long GetDLLIndex(HANDLE hProcess, ULONG_PTR APIAddress, const HMODULE* DLLBasesList) + { + return UE::ImporterGetDLLIndex(hProcess, APIAddress, (ULONG_PTR)DLLBasesList); + } + static long long GetRemoteDLLBase(HANDLE hProcess, HMODULE LocalModuleBase) + { + return UE::ImporterGetRemoteDLLBase(hProcess, LocalModuleBase); + } + static bool IsForwardedAPI(HANDLE hProcess, ULONG_PTR APIAddress) + { + return UE::ImporterIsForwardedAPI(hProcess, APIAddress); + } + static const char* GetForwardedAPIName(HANDLE hProcess, ULONG_PTR APIAddress) + { + return (const char*)UE::ImporterGetForwardedAPIName(hProcess, APIAddress); + } + static const char* GetForwardedDLLName(HANDLE hProcess, ULONG_PTR APIAddress) + { + return (const char*)UE::ImporterGetForwardedDLLName(hProcess, APIAddress); + } + static long GetForwardedDLLIndex(HANDLE hProcess, ULONG_PTR APIAddress, const HMODULE* DLLBasesList) + { + return UE::ImporterGetForwardedDLLIndex(hProcess, APIAddress, (ULONG_PTR)DLLBasesList); + } + static long long GetForwardedAPIOrdinalNumber(HANDLE hProcess, ULONG_PTR APIAddress) + { + return UE::ImporterGetForwardedAPIOrdinalNumber(hProcess, APIAddress); + } + static long long GetNearestAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress) + { + return UE::ImporterGetNearestAPIAddress(hProcess, APIAddress); + } + static const char* GetNearestAPIName(HANDLE hProcess, ULONG_PTR APIAddress) + { + return (const char*)UE::ImporterGetNearestAPIName(hProcess, APIAddress); + } + static void AutoSearchIATEx(DWORD ProcessId, ULONG_PTR ImageBase, ULONG_PTR SearchStart, ULONG_PTR* pIATStart, ULONG_PTR* pIATSize) + { + UE::ImporterAutoSearchIATEx(ProcessId, ImageBase, SearchStart, pIATStart, pIATSize); + } + static void EnumAddedData(fImportEnumCallBack EnumCallBack) + { + UE::ImporterEnumAddedData((void*)EnumCallBack); + } + static bool DeleteAPI(DWORD_PTR apiAddr) + { + return UE::ImporterDeleteAPI(apiAddr); + } +}; + +class ImporterA +{ +public: + + static bool ExportIATEx(const char* szDumpFileName, const char* szExportFileName, const char* szSectionName) + { + return UE::ImporterExportIATEx((char*)szDumpFileName, (char*)szExportFileName, (char*)szSectionName); + } + static bool CopyOriginalIAT(const char* szOriginalFile, const char* szDumpFile) + { + return UE::ImporterCopyOriginalIAT((char*)szOriginalFile, (char*)szDumpFile); + } + static bool LoadImportTable(const char* szFileName) + { + return UE::ImporterLoadImportTable((char*)szFileName); + } + static bool MoveOriginalIAT(const char* szOriginalFile, const char* szDumpFile, const char* szSectionName) + { + return UE::ImporterMoveOriginalIAT((char*)szOriginalFile, (char*)szDumpFile, (char*)szSectionName); + } + static void AutoSearchIAT(DWORD ProcessId, char* szFileName, ULONG_PTR SearchStart, LPVOID pIATStart, LPVOID pIATSize) + { + UE::ImporterAutoSearchIAT(ProcessId, (char*)szFileName, SearchStart, pIATStart, pIATSize); + } + static long AutoFixIATEx(DWORD ProcessId, const char* szDumpedFile, const char* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, DWORD SearchSize, DWORD SearchStep, bool TryAutoFix, bool FixEliminations, ImporterX::fImportFixCallback UnknownPointerFixCallback) + { + return UE::ImporterAutoFixIATEx(ProcessId, (char*)szDumpedFile, (char*)szSectionName, DumpRunningProcess, RealignFile, EntryPointAddress, ImageBase, SearchStart, TryAutoFix, FixEliminations, (void*)UnknownPointerFixCallback); + } + static long AutoFixIAT(DWORD ProcessId, const char* szDumpedFile, ULONG_PTR SearchStart) + { + return UE::ImporterAutoFixIAT(ProcessId, (char*)szDumpedFile, SearchStart); + } +}; + +class ImporterW +{ +public: + + static bool ExportIATEx(const wchar_t* szDumpFileName, const wchar_t* szExportFileName, const wchar_t* szSectionName) + { + return UE::ImporterExportIATExW((wchar_t*)szDumpFileName, (wchar_t*)szExportFileName, (wchar_t*)szSectionName); + } + static bool CopyOriginalIAT(const wchar_t* szOriginalFile, const wchar_t* szDumpFile) + { + return UE::ImporterCopyOriginalIATW((wchar_t*)szOriginalFile, (wchar_t*)szDumpFile); + } + static bool LoadImportTable(const wchar_t* szFileName) + { + return UE::ImporterLoadImportTableW((wchar_t*)szFileName); + } + static bool MoveOriginalIAT(const wchar_t* szOriginalFile, const wchar_t* szDumpFile, const char* szSectionName) + { + return UE::ImporterMoveOriginalIATW((wchar_t*)szOriginalFile, (wchar_t*)szDumpFile, (char*)szSectionName); + } + static void AutoSearchIAT(DWORD ProcessId, const wchar_t* szFileName, ULONG_PTR SearchStart, ULONG_PTR* pIATStart, ULONG_PTR* pIATSize) + { + UE::ImporterAutoSearchIATW(ProcessId, (wchar_t*)szFileName, SearchStart, pIATStart, pIATSize); + } + static long AutoFixIATEx(DWORD ProcessId, const wchar_t* szDumpedFile, const char* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, bool TryAutoFix, bool FixEliminations, ImporterX::fImportFixCallback UnknownPointerFixCallback) + { + return UE::ImporterAutoFixIATExW(ProcessId, (wchar_t*)szDumpedFile, (char*)szSectionName, DumpRunningProcess, RealignFile, EntryPointAddress, ImageBase, SearchStart, TryAutoFix, FixEliminations, (void*)UnknownPointerFixCallback); + } + static long AutoFixIAT(DWORD ProcessId, const wchar_t* szDumpedFile, ULONG_PTR SearchStart) + { + return UE::ImporterAutoFixIATW(ProcessId, (wchar_t*)szDumpedFile, SearchStart); + } +}; + +class Importer : public ImporterX, ImporterA, ImporterW +{ +public: + + using ImporterX::fImportEnumCallBack; + using ImporterX::fImportFixCallback; + + using ImporterX::AddNewDll; + using ImporterX::AddNewAPI; + using ImporterX::AddNewOrdinalAPI; + using ImporterX::GetAddedDllCount; + using ImporterX::GetAddedAPICount; + using ImporterX::ExportIAT; + using ImporterX::EstimatedSize; + using ImporterA::ExportIATEx; + using ImporterW::ExportIATEx; + using ImporterX::FindAPIWriteLocation; + using ImporterX::FindOrdinalAPIWriteLocation; + using ImporterX::FindAPIByWriteLocation; + using ImporterX::FindDLLByWriteLocation; + using ImporterX::GetDLLName; + using ImporterX::GetAPIName; + using ImporterX::GetAPIOrdinalNumber; + using ImporterX::GetAPINameEx; + using ImporterX::GetRemoteAPIAddress; + using ImporterX::GetRemoteAPIAddressEx; + using ImporterX::GetLocalAPIAddress; + using ImporterX::GetDLLNameFromDebugee; + using ImporterX::GetAPINameFromDebugee; + using ImporterX::GetAPIOrdinalNumberFromDebugee; + using ImporterX::GetDLLIndexEx; + using ImporterX::GetDLLIndex; + using ImporterX::GetRemoteDLLBase; + using ImporterX::IsForwardedAPI; + using ImporterX::GetForwardedAPIName; + using ImporterX::GetForwardedDLLName; + using ImporterX::GetForwardedDLLIndex; + using ImporterX::GetForwardedAPIOrdinalNumber; + using ImporterX::GetNearestAPIAddress; + using ImporterX::GetNearestAPIName; + using ImporterA::CopyOriginalIAT; + using ImporterW::CopyOriginalIAT; + using ImporterA::LoadImportTable; + using ImporterW::LoadImportTable; + using ImporterA::MoveOriginalIAT; + using ImporterW::MoveOriginalIAT; + using ImporterA::AutoSearchIAT; + using ImporterW::AutoSearchIAT; + using ImporterX::AutoSearchIATEx; + using ImporterX::EnumAddedData; + using ImporterX::DeleteAPI; + using ImporterA::AutoFixIATEx; + using ImporterW::AutoFixIATEx; + using ImporterA::AutoFixIAT; + using ImporterW::AutoFixIAT; +}; + +// --- + +class LibrarianX +{ +protected: + + typedef void (TITCALL *fLibraryBreakPointCallback)(const LOAD_DLL_DEBUG_INFO* SpecialDBG); + + static bool SetBreakPoint(const char* szLibraryName, eLibraryEvent bpxType, bool SingleShoot, fLibraryBreakPointCallback bpxCallBack) + { + return UE::LibrarianSetBreakPoint((char*)szLibraryName, bpxType, SingleShoot, (void*)bpxCallBack); + } + static bool RemoveBreakPoint(const char* szLibraryName, eLibraryEvent bpxType) + { + return UE::LibrarianRemoveBreakPoint((char*)szLibraryName, bpxType); + } +}; + +class LibrarianA +{ +public: + + typedef UE::LIBRARY_ITEM_DATA LIBRARY_ITEM_DATA; + + typedef void (TITCALL *fLibraryEnumCallback)(const LIBRARY_ITEM_DATA* fLibraryDetail); + + static const LIBRARY_ITEM_DATA* GetLibraryInfo(const char* szLibraryName) + { + return (const LIBRARY_ITEM_DATA*)UE::LibrarianGetLibraryInfo((char*)szLibraryName); + } + static const LIBRARY_ITEM_DATA* GetLibraryInfoEx(void* BaseOfDll) + { + return (const LIBRARY_ITEM_DATA*)UE::LibrarianGetLibraryInfoEx(BaseOfDll); + } + static void EnumLibraryInfo(fLibraryEnumCallback EnumCallBack) + { + UE::LibrarianEnumLibraryInfo((void*)EnumCallBack); + } +}; + +class LibrarianW +{ +public: + + typedef UE::LIBRARY_ITEM_DATAW LIBRARY_ITEM_DATA; + + typedef void (TITCALL *fLibraryEnumCallback)(const LIBRARY_ITEM_DATA* fLibraryDetail); + + static const LIBRARY_ITEM_DATA* GetLibraryInfo(const wchar_t* szLibraryName) + { + return (const LIBRARY_ITEM_DATA*)UE::LibrarianGetLibraryInfoW((wchar_t*)szLibraryName); + } + static const LIBRARY_ITEM_DATA* GetLibraryInfoEx(void* BaseOfDll) + { + return (const LIBRARY_ITEM_DATA*)UE::LibrarianGetLibraryInfoExW(BaseOfDll); + } + static void EnumLibraryInfo(fLibraryEnumCallback EnumCallBack) + { + UE::LibrarianEnumLibraryInfoW((void*)EnumCallBack); + } +}; + +class Librarian : LibrarianX, LibrarianA, LibrarianW +{ +public: + +#ifndef UNICODE + typedef LibrarianA::LIBRARY_ITEM_DATA LIBRARY_ITEM_DATA; +#else + typedef LibrarianW::LIBRARY_ITEM_DATA LIBRARY_ITEM_DATA; +#endif + + using LibrarianX::fLibraryBreakPointCallback; +#ifndef UNICODE + typedef LibrarianA::fLibraryEnumCallback fLibraryEnumCallback; +#else + typedef LibrarianW::fLibraryEnumCallback fLibraryEnumCallback; +#endif + + using LibrarianX::SetBreakPoint; + using LibrarianX::RemoveBreakPoint; + using LibrarianA::GetLibraryInfo; + using LibrarianW::GetLibraryInfo; +#ifndef UNICODE + using LibrarianA::GetLibraryInfoEx; +#else + using LibrarianW::GetLibraryInfoEx; +#endif + using LibrarianA::EnumLibraryInfo; + using LibrarianW::EnumLibraryInfo; +}; + +class Hooks +{ +public: + + typedef UE::HOOK_ENTRY HOOK_ENTRY; + + typedef bool(TITCALL *fHookEnumCallBack)(const HOOK_ENTRY* HookDetails, void* ptrOriginalInstructions, const LibrarianA::LIBRARY_ITEM_DATA* ModuleInformation, DWORD SizeOfImage); + + static bool SafeTransitionEx(void** HookAddressArray, int NumberOfHooks, bool TransitionStart) + { + return UE::HooksSafeTransitionEx(HookAddressArray, NumberOfHooks, TransitionStart); + } + static bool SafeTransition(void* HookAddress, bool TransitionStart) + { + return UE::HooksSafeTransition(HookAddress, TransitionStart); + } + static bool IsAddressRedirected(void* HookAddress) + { + return UE::HooksIsAddressRedirected(HookAddress); + } + static void* GetTrampolineAddress(void* HookAddress) + { + return UE::HooksGetTrampolineAddress(HookAddress); + } + static HOOK_ENTRY* GetHookEntryDetails(void* HookAddress) + { + return (HOOK_ENTRY*)UE::HooksGetHookEntryDetails(HookAddress); + } + static bool InsertNewRedirection(void* HookAddress, void* RedirectTo, eHookType HookType) + { + return UE::HooksInsertNewRedirection(HookAddress, RedirectTo, HookType); + } + static bool InsertNewIATRedirectionEx(ULONG_PTR FileMapVA, ULONG_PTR LoadedModuleBase, char* szHookFunction, void* RedirectTo) + { + return UE::HooksInsertNewIATRedirectionEx(FileMapVA, LoadedModuleBase, szHookFunction, RedirectTo); + } + static bool InsertNewIATRedirection(char* szModuleName, char* szHookFunction, void* RedirectTo) + { + return UE::HooksInsertNewIATRedirection(szModuleName, szHookFunction, RedirectTo); + } + static bool RemoveRedirection(void* HookAddress, bool RemoveAll) + { + return UE::HooksRemoveRedirection(HookAddress, RemoveAll); + } + static bool RemoveRedirectionsForModule(HMODULE ModuleBase) + { + return UE::HooksRemoveRedirectionsForModule(ModuleBase); + } + static bool RemoveIATRedirection(char* szModuleName, char* szHookFunction, bool RemoveAll) + { + return UE::HooksRemoveIATRedirection(szModuleName, szHookFunction, RemoveAll); + } + static bool DisableRedirection(void* HookAddress, bool DisableAll) + { + return UE::HooksDisableRedirection(HookAddress, DisableAll); + } + static bool DisableRedirectionsForModule(HMODULE ModuleBase) + { + return UE::HooksDisableRedirectionsForModule(ModuleBase); + } + static bool DisableIATRedirection(char* szModuleName, char* szHookFunction, bool DisableAll) + { + return UE::HooksDisableIATRedirection(szModuleName, szHookFunction, DisableAll); + } + static bool EnableRedirection(void* HookAddress, bool EnableAll) + { + return UE::HooksEnableRedirection(HookAddress, EnableAll); + } + static bool EnableRedirectionsForModule(HMODULE ModuleBase) + { + return UE::HooksEnableRedirectionsForModule(ModuleBase); + } + static bool EnableIATRedirection(char* szModuleName, char* szHookFunction, bool EnableAll) + { + return UE::HooksEnableIATRedirection(szModuleName, szHookFunction, EnableAll); + } + static void ScanModuleMemory(HMODULE ModuleBase, fHookEnumCallBack CallBack) + { + UE::HooksScanModuleMemory(ModuleBase, (void*)CallBack); + } + static void ScanEntireProcessMemory(fHookEnumCallBack CallBack) + { + UE::HooksScanEntireProcessMemory((void*)CallBack); + } + static void ScanEntireProcessMemoryEx() + { + UE::HooksScanEntireProcessMemoryEx(); + } +}; + +class Tracer +{ +public: + + static void Init() + { + UE::TracerInit(); + } + static long long Level1(HANDLE hProcess, ULONG_PTR AddressToTrace) + { + return UE::TracerLevel1(hProcess, AddressToTrace); + } + static long long HashTracerLevel1(HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD InputNumberOfInstructions) + { + return UE::HashTracerLevel1(hProcess, AddressToTrace, InputNumberOfInstructions); + } + static long DetectRedirection(HANDLE hProcess, ULONG_PTR AddressToTrace) + { + return UE::TracerDetectRedirection(hProcess, AddressToTrace); + } + static long long FixKnownRedirection(HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD RedirectionId) + { + return UE::TracerFixKnownRedirection(hProcess, AddressToTrace, RedirectionId); + } + static long long FixRedirectionViaModule(HMODULE hModuleHandle, HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD IdParameter) + { + return UE::TracerFixRedirectionViaModule(hModuleHandle, hProcess, AddressToTrace, IdParameter); + } + static long long DetectRedirectionViaModule(HMODULE hModuleHandle, HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD* ReturnedId) + { + return UE::TracerDetectRedirectionViaModule(hModuleHandle, hProcess, AddressToTrace, ReturnedId); + } + static long FixRedirectionViaImpRecPlugin(HANDLE hProcess, const char* szPluginName, ULONG_PTR AddressToTrace) + { + return UE::TracerFixRedirectionViaImpRecPlugin(hProcess, (char*)szPluginName, AddressToTrace); + } +}; + +class ExporterX +{ +protected: + + static void Cleanup() + { + UE::ExporterCleanup(); + } + static void SetImageBase(ULONG_PTR ImageBase) + { + UE::ExporterSetImageBase(ImageBase); + } + static void Init(DWORD MemorySize, ULONG_PTR ImageBase, DWORD ExportOrdinalBase, const char* szExportModuleName) + { + UE::ExporterInit(MemorySize, ImageBase, ExportOrdinalBase, (char*)szExportModuleName); + } + static bool AddNewExport(const char* szExportName, DWORD ExportRelativeAddress) + { + return UE::ExporterAddNewExport((char*)szExportName, ExportRelativeAddress); + } + static bool AddNewOrdinalExport(DWORD OrdinalNumber, DWORD ExportRelativeAddress) + { + return UE::ExporterAddNewOrdinalExport(OrdinalNumber, ExportRelativeAddress); + } + static long GetAddedExportCount() + { + return UE::ExporterGetAddedExportCount(); + } + static long EstimatedSize() + { + return UE::ExporterEstimatedSize(); + } + static bool BuildExportTable(ULONG_PTR StorePlace, ULONG_PTR FileMapVA) + { + return UE::ExporterBuildExportTable(StorePlace, FileMapVA); + } +}; + +class ExporterA +{ +public: + + static bool BuildExportTableEx(const char* szExportFileName, const char* szSectionName) + { + return UE::ExporterBuildExportTableEx((char*)szExportFileName, (char*)szSectionName); + } + static bool LoadExportTable(const char* szFileName) + { + return UE::ExporterLoadExportTable((char*)szFileName); + } +}; + +class ExporterW +{ +public: + + static bool BuildExportTableEx(const wchar_t* szExportFileName, const char* szSectionName) + { + return UE::ExporterBuildExportTableExW((wchar_t*)szExportFileName, (char*)szSectionName); + } + static bool LoadExportTable(const wchar_t* szFileName) + { + return UE::ExporterLoadExportTableW((wchar_t*)szFileName); + } +}; + +class Exporter : ExporterX, ExporterA, ExporterW +{ +public: + + using ExporterX::Cleanup; + using ExporterX::SetImageBase; + using ExporterX::Init; + using ExporterX::AddNewExport; + using ExporterX::AddNewOrdinalExport; + using ExporterX::GetAddedExportCount; + using ExporterX::EstimatedSize; + using ExporterX::BuildExportTable; + using ExporterA::BuildExportTableEx; + using ExporterW::BuildExportTableEx; + using ExporterA::LoadExportTable; + using ExporterW::LoadExportTable; +}; + +class ProcessX +{ +protected: + + typedef void(TITCALL *fProcessWithLibraryEnumCallback)(DWORD ProcessId, HMODULE ModuleBaseAddress); + + static void EnumProcessesWithLibrary(char* szLibraryName, fProcessWithLibraryEnumCallback EnumFunction) + { + UE::EnumProcessesWithLibrary(szLibraryName, (void*)EnumFunction); + } +}; + +class ProcessA +{ +public: + + static long GetActiveProcessId(char* szImageName) + { + return UE::GetActiveProcessId(szImageName); + } +}; + +class ProcessW +{ +public: + + static long GetActiveProcessId(wchar_t* szImageName) + { + return UE::GetActiveProcessIdW(szImageName); + } +}; + +class Process : ProcessX, ProcessA, ProcessW +{ +public: + + using ProcessX::fProcessWithLibraryEnumCallback; + + using ProcessA::GetActiveProcessId; + using ProcessW::GetActiveProcessId; + using ProcessX::EnumProcessesWithLibrary; +}; + +class TLSX +{ +protected: + + static bool BreakOnCallBack(const ULONG_PTR* ArrayOfCallBacks, DWORD NumberOfCallBacks, Debugger::fBreakPointCallback bpxCallBack) + { + return UE::TLSBreakOnCallBack((void*)ArrayOfCallBacks, NumberOfCallBacks, (void*)bpxCallBack); + } + static bool RestoreData() + { + return UE::TLSRestoreData(); + } + static bool BuildNewTable(ULONG_PTR FileMapVA, ULONG_PTR StorePlace, ULONG_PTR StorePlaceRVA, const ULONG_PTR* ArrayOfCallBacks, DWORD NumberOfCallBacks) + { + return UE::TLSBuildNewTable(FileMapVA, StorePlace, StorePlaceRVA, (void*)ArrayOfCallBacks, NumberOfCallBacks); + } +}; + +class TLSA +{ +public: + + static bool GrabCallBackData(const char* szFileName, ULONG_PTR* ArrayOfCallBacks, DWORD* NumberOfCallBacks) + { + return UE::TLSGrabCallBackData((char*)szFileName, (void*)ArrayOfCallBacks, NumberOfCallBacks); + } + static bool BreakOnCallBackEx(const char* szFileName, Debugger::fBreakPointCallback bpxCallBack) + { + return UE::TLSBreakOnCallBackEx((char*)szFileName, (void*)bpxCallBack); + } + static bool RemoveCallback(const char* szFileName) + { + return UE::TLSRemoveCallback((char*)szFileName); + } + static bool RemoveTable(const char* szFileName) + { + return UE::TLSRemoveTable((char*)szFileName); + } + static bool BackupData(const char* szFileName) + { + return UE::TLSBackupData((char*)szFileName); + } + static bool BuildNewTableEx(const char* szFileName, const char* szSectionName, const ULONG_PTR* ArrayOfCallBacks, DWORD NumberOfCallBacks) + { + return UE::TLSBuildNewTableEx((char*)szFileName, (char*)szSectionName, (void*)ArrayOfCallBacks, NumberOfCallBacks); + } +}; + +class TLSW +{ +public: + + static bool GrabCallBackData(const wchar_t* szFileName, ULONG_PTR* ArrayOfCallBacks, DWORD* NumberOfCallBacks) + { + return UE::TLSGrabCallBackDataW((wchar_t*)szFileName, (void*)ArrayOfCallBacks, NumberOfCallBacks); + } + static bool BreakOnCallBackEx(const wchar_t* szFileName, Debugger::fBreakPointCallback bpxCallBack) + { + return UE::TLSBreakOnCallBackExW((wchar_t*)szFileName, (void*)bpxCallBack); + } + static bool RemoveCallback(const wchar_t* szFileName) + { + return UE::TLSRemoveCallbackW((wchar_t*)szFileName); + } + static bool RemoveTable(const wchar_t* szFileName) + { + return UE::TLSRemoveTableW((wchar_t*)szFileName); + } + static bool BackupData(const wchar_t* szFileName) + { + return UE::TLSBackupDataW((wchar_t*)szFileName); + } + static bool BuildNewTableEx(const wchar_t* szFileName, const char* szSectionName, const ULONG_PTR* ArrayOfCallBacks, DWORD NumberOfCallBacks) + { + return UE::TLSBuildNewTableExW((wchar_t*)szFileName, (char*)szSectionName, (void*)ArrayOfCallBacks, NumberOfCallBacks); + } +}; + +class TLS : TLSX, TLSA, TLSW +{ +public: + + using TLSX::BreakOnCallBack; + using TLSA::GrabCallBackData; + using TLSW::GrabCallBackData; + using TLSA::BreakOnCallBackEx; + using TLSW::BreakOnCallBackEx; + using TLSA::RemoveCallback; + using TLSW::RemoveCallback; + using TLSA::RemoveTable; + using TLSW::RemoveTable; + using TLSA::BackupData; + using TLSW::BackupData; + using TLSX::RestoreData; + using TLSX::BuildNewTable; + using TLSA::BuildNewTableEx; + using TLSW::BuildNewTableEx; +}; + +class TranslateA +{ +public: + + static const char* NativeName(char* szNativeName) + { + return (const char*)UE::TranslateNativeName(szNativeName); + } +}; + +class TranslateW +{ +public: + + static const wchar_t* NativeName(wchar_t* szNativeName) + { + return (const wchar_t*)UE::TranslateNativeNameW(szNativeName); + } +}; + +class Translate : TranslateA, TranslateW +{ +public: + + using TranslateA::NativeName; + using TranslateW::NativeName; +}; + +class HandlerA; +class HandlerW; + +class HandlerX +{ + friend class HandlerA; + friend class HandlerW; + +protected: + + typedef UE::HandlerArray HandlerArray; + + static long GetActiveHandleCount(DWORD ProcessId) + { + return UE::HandlerGetActiveHandleCount(ProcessId); + } + static bool IsHandleOpen(DWORD ProcessId, HANDLE hHandle) + { + return UE::HandlerIsHandleOpen(ProcessId, hHandle); + } + static long EnumerateOpenHandles(DWORD ProcessId, HandlerArray* HandleBuffer, DWORD MaxHandleCount) + { + return UE::HandlerEnumerateOpenHandles(ProcessId, HandleBuffer, MaxHandleCount); + } + static long long GetHandleDetails(HANDLE hProcess, DWORD ProcessId, HANDLE hHandle, eHandlerReturnType InformationReturn) + { + return UE::HandlerGetHandleDetails(hProcess, ProcessId, hHandle, InformationReturn); + } + static bool CloseRemoteHandle(HANDLE hProcess, HANDLE hHandle) + { + return UE::HandlerCloseRemoteHandle(hProcess, hHandle); + } + static long EnumerateOpenMutexes(HANDLE hProcess, DWORD ProcessId, HANDLE* HandleBuffer, DWORD MaxHandleCount) + { + return UE::HandlerEnumerateOpenMutexes(hProcess, ProcessId, HandleBuffer, MaxHandleCount); + } +}; + +class HandlerA +{ +public: + + static const char* GetHandleName(HANDLE hProcess, DWORD ProcessId, HANDLE hHandle, bool TranslateName) + { + return (const char*)UE::HandlerGetHandleName(hProcess, ProcessId, hHandle, TranslateName); + } + static long EnumerateLockHandles(char* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated, HandlerX::HandlerArray* HandleDataBuffer, DWORD MaxHandleCount) + { + return UE::HandlerEnumerateLockHandles(szFileOrFolderName, NameIsFolder, NameIsTranslated, HandleDataBuffer, MaxHandleCount); + } + static bool CloseAllLockHandles(char* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated) + { + return UE::HandlerCloseAllLockHandles(szFileOrFolderName, NameIsFolder, NameIsTranslated); + } + static bool IsFileLocked(char* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated) + { + return UE::HandlerIsFileLocked(szFileOrFolderName, NameIsFolder, NameIsTranslated); + } + static long long GetOpenMutexHandle(HANDLE hProcess, DWORD ProcessId, char* szMutexString) + { + return UE::HandlerGetOpenMutexHandle(hProcess, ProcessId, szMutexString); + } + static long GetProcessIdWhichCreatedMutex(char* szMutexString) + { + return UE::HandlerGetProcessIdWhichCreatedMutex(szMutexString); + } +}; + +class HandlerW +{ +public: + + static const wchar_t* GetHandleName(HANDLE hProcess, DWORD ProcessId, HANDLE hHandle, bool TranslateName) + { + return (const wchar_t*)UE::HandlerGetHandleNameW(hProcess, ProcessId, hHandle, TranslateName); + } + static long EnumerateLockHandles(wchar_t* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated, HandlerX::HandlerArray* HandleDataBuffer, DWORD MaxHandleCount) + { + return UE::HandlerEnumerateLockHandlesW(szFileOrFolderName, NameIsFolder, NameIsTranslated, HandleDataBuffer, MaxHandleCount); + } + static bool CloseAllLockHandles(wchar_t* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated) + { + return UE::HandlerCloseAllLockHandlesW(szFileOrFolderName, NameIsFolder, NameIsTranslated); + } + static bool IsFileLocked(wchar_t* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated) + { + return UE::HandlerIsFileLockedW(szFileOrFolderName, NameIsFolder, NameIsTranslated); + } + static long long GetOpenMutexHandle(HANDLE hProcess, DWORD ProcessId, wchar_t* szMutexString) + { + return UE::HandlerGetOpenMutexHandleW(hProcess, ProcessId, szMutexString); + } + static long GetProcessIdWhichCreatedMutex(wchar_t* szMutexString) + { + return UE::HandlerGetProcessIdWhichCreatedMutexW(szMutexString); + } +}; + +class Handler : HandlerX, HandlerA, HandlerW +{ +public: + + using HandlerX::HandlerArray; + + using HandlerX::GetActiveHandleCount; + using HandlerX::IsHandleOpen; +#ifndef UNICODE + using HandlerA::GetHandleName; +#else + using HandlerW::GetHandleName; +#endif + using HandlerX::EnumerateOpenHandles; + using HandlerX::GetHandleDetails; + using HandlerX::CloseRemoteHandle; + using HandlerA::EnumerateLockHandles; + using HandlerW::EnumerateLockHandles; + using HandlerA::CloseAllLockHandles; + using HandlerW::CloseAllLockHandles; + using HandlerA::IsFileLocked; + using HandlerW::IsFileLocked; + using HandlerX::EnumerateOpenMutexes; + using HandlerA::GetOpenMutexHandle; + using HandlerW::GetOpenMutexHandle; + using HandlerA::GetProcessIdWhichCreatedMutex; + using HandlerW::GetProcessIdWhichCreatedMutex; +}; + +class RemoteX +{ +protected: + + static bool ExitProcess(HANDLE hProcess, DWORD ExitCode) + { + return UE::RemoteExitProcess(hProcess, ExitCode); + } +}; + +class RemoteA +{ +public: + + static bool LoadLibrary(HANDLE hProcess, const char* szLibraryFile, bool WaitForThreadExit) + { + return UE::RemoteLoadLibrary(hProcess, (char*)szLibraryFile, WaitForThreadExit); + } + static bool FreeLibrary(HANDLE hProcess, HMODULE hModule, const char* szLibraryFile, bool WaitForThreadExit) + { + return UE::RemoteFreeLibrary(hProcess, hModule, (char*)szLibraryFile, WaitForThreadExit); + } +}; + +class RemoteW +{ +public: + + static bool LoadLibrary(HANDLE hProcess, const wchar_t* szLibraryFile, bool WaitForThreadExit) + { + return UE::RemoteLoadLibraryW(hProcess, (wchar_t*)szLibraryFile, WaitForThreadExit); + } + static bool FreeLibrary(HANDLE hProcess, HMODULE hModule, const wchar_t* szLibraryFile, bool WaitForThreadExit) + { + return UE::RemoteFreeLibraryW(hProcess, hModule, (wchar_t*)szLibraryFile, WaitForThreadExit); + } +}; + +class Remote : RemoteX, RemoteA, RemoteW +{ +public: + + using RemoteA::LoadLibrary; + using RemoteW::LoadLibrary; + using RemoteA::FreeLibrary; + using RemoteW::FreeLibrary; + using RemoteX::ExitProcess; +}; + +class StaticX +{ +protected: + + typedef bool (__stdcall *fStaticDecryptCallback)(void* sMemoryStart, int sKeySize); + + static bool FileGetContent(HANDLE FileHandle, DWORD FilePositionLow, const DWORD* FilePositionHigh, void* Buffer, DWORD Size) + { + return UE::StaticFileGetContent(FileHandle, FilePositionLow, (DWORD*)FilePositionHigh, Buffer, Size); + } + static void FileClose(HANDLE FileHandle) + { + UE::StaticFileClose(FileHandle); + } + static void MemoryDecrypt(void* MemoryStart, DWORD MemorySize, eDecryptionType DecryptionType, eDecryptionKeySize DecryptionKeySize, ULONG_PTR DecryptionKey) + { + UE::StaticMemoryDecrypt(MemoryStart, MemorySize, DecryptionType, DecryptionKeySize, DecryptionKey); + } + static void MemoryDecryptEx(void* MemoryStart, DWORD MemorySize, eDecryptionKeySize DecryptionKeySize, fStaticDecryptCallback DecryptionCallBack) + { + UE::StaticMemoryDecryptEx(MemoryStart, MemorySize, DecryptionKeySize, (void*)DecryptionCallBack); + } + static void MemoryDecryptSpecial(void* MemoryStart, DWORD MemorySize, eDecryptionKeySize DecryptionKeySize, eDecryptionDirection SpecDecryptionType, fStaticDecryptCallback DecryptionCallBack) + { + UE::StaticMemoryDecryptSpecial(MemoryStart, MemorySize, DecryptionKeySize, SpecDecryptionType, (void*)DecryptionCallBack); + } + static void SectionDecrypt(ULONG_PTR FileMapVA, DWORD SectionNumber, bool SimulateLoad, eDecryptionType DecryptionType, eDecryptionKeySize DecryptionKeySize, ULONG_PTR DecryptionKey) + { + UE::StaticSectionDecrypt(FileMapVA, SectionNumber, SimulateLoad, DecryptionType, DecryptionKeySize, DecryptionKey); + } + static bool MemoryDecompress(const void* Source, DWORD SourceSize, void* Destination, DWORD DestinationSize, eCompressionAlgorithm Algorithm) + { + return UE::StaticMemoryDecompress((void*)Source, SourceSize, Destination, DestinationSize, Algorithm); + } + static bool HashMemory(const void* MemoryToHash, DWORD SizeOfMemory, void* HashDigest, bool OutputString, eHashAlgorithm Algorithm) + { + return UE::StaticHashMemory((void*)MemoryToHash, SizeOfMemory, HashDigest, OutputString, Algorithm); + } +}; + +class StaticA +{ +public: + + static bool FileLoad(const char* szFileName, eAccess DesiredAccess, bool SimulateLoad, HANDLE* FileHandle, DWORD* LoadedSize, HANDLE* FileMap, ULONG_PTR* FileMapVA) + { + return UE::StaticFileLoad((char*)szFileName, DesiredAccess, SimulateLoad, FileHandle, LoadedSize, FileMap, FileMapVA); + } + static bool FileUnload(const char* szFileName, bool CommitChanges, HANDLE FileHandle, DWORD LoadedSize, HANDLE FileMap, ULONG_PTR FileMapVA) + { + return UE::StaticFileUnload((char*)szFileName, CommitChanges, FileHandle, LoadedSize, FileMap, FileMapVA); + } + static bool FileOpen(const char* szFileName, DWORD DesiredAccess, HANDLE* FileHandle, DWORD* FileSizeLow, DWORD* FileSizeHigh) + { + return UE::StaticFileOpen((char*)szFileName, DesiredAccess, FileHandle, FileSizeLow, FileSizeHigh); + } + static bool RawMemoryCopy(HANDLE hFile, ULONG_PTR FileMapVA, ULONG_PTR VitualAddressToCopy, DWORD Size, bool AddressIsRVA, const char* szDumpFileName) + { + return UE::StaticRawMemoryCopy(hFile, FileMapVA, VitualAddressToCopy, Size, AddressIsRVA, (char*)szDumpFileName); + } + static bool RawMemoryCopyEx(HANDLE hFile, DWORD RawAddressToCopy, DWORD Size, const char* szDumpFileName) + { + return UE::StaticRawMemoryCopyEx(hFile, RawAddressToCopy, Size, (char*)szDumpFileName); + } + static bool RawMemoryCopyEx64(HANDLE hFile, DWORD64 RawAddressToCopy, DWORD64 Size, const char* szDumpFileName) + { + return UE::StaticRawMemoryCopyEx64(hFile, RawAddressToCopy, Size, (char*)szDumpFileName); + } + static bool HashFile(const char* szFileName, void* HashDigest, bool OutputString, eHashAlgorithm Algorithm) + { + return UE::StaticHashFile((char*)szFileName, (char*)HashDigest, OutputString, Algorithm); + } +}; + +class StaticW +{ +public: + + static bool FileLoad(const wchar_t* szFileName, eAccess DesiredAccess, bool SimulateLoad, HANDLE* FileHandle, DWORD* LoadedSize, HANDLE* FileMap, ULONG_PTR* FileMapVA) + { + return UE::StaticFileLoadW((wchar_t*)szFileName, DesiredAccess, SimulateLoad, FileHandle, LoadedSize, FileMap, FileMapVA); + } + static bool FileUnload(const wchar_t* szFileName, bool CommitChanges, HANDLE FileHandle, DWORD LoadedSize, HANDLE FileMap, ULONG_PTR FileMapVA) + { + return UE::StaticFileUnloadW((wchar_t*)szFileName, CommitChanges, FileHandle, LoadedSize, FileMap, FileMapVA); + } + static bool FileOpen(const wchar_t* szFileName, DWORD DesiredAccess, HANDLE* FileHandle, DWORD* FileSizeLow, DWORD* FileSizeHigh) + { + return UE::StaticFileOpenW((wchar_t*)szFileName, DesiredAccess, FileHandle, FileSizeLow, FileSizeHigh); + } + static bool RawMemoryCopy(HANDLE hFile, ULONG_PTR FileMapVA, ULONG_PTR VitualAddressToCopy, DWORD Size, bool AddressIsRVA, const wchar_t* szDumpFileName) + { + return UE::StaticRawMemoryCopyW(hFile, FileMapVA, VitualAddressToCopy, Size, AddressIsRVA, (wchar_t*)szDumpFileName); + } + static bool RawMemoryCopyEx(HANDLE hFile, DWORD RawAddressToCopy, DWORD Size, const wchar_t* szDumpFileName) + { + return UE::StaticRawMemoryCopyExW(hFile, RawAddressToCopy, Size, (wchar_t*)szDumpFileName); + } + static bool RawMemoryCopyEx64(HANDLE hFile, DWORD64 RawAddressToCopy, DWORD64 Size, const wchar_t* szDumpFileName) + { + return UE::StaticRawMemoryCopyEx64W(hFile, RawAddressToCopy, Size, (wchar_t*)szDumpFileName); + } + static bool HashFile(const wchar_t* szFileName, void* HashDigest, bool OutputString, eHashAlgorithm Algorithm) + { + return UE::StaticHashFileW((wchar_t*)szFileName, (char*)HashDigest, OutputString, Algorithm); + } +}; + +class Static : StaticX, StaticA, StaticW +{ +public: + + using StaticX::fStaticDecryptCallback; + + using StaticA::FileLoad; + using StaticW::FileLoad; + using StaticA::FileUnload; + using StaticW::FileUnload; + using StaticA::FileOpen; + using StaticW::FileOpen; + using StaticX::FileGetContent; + using StaticX::FileClose; + using StaticX::MemoryDecrypt; + using StaticX::MemoryDecryptEx; + using StaticX::MemoryDecryptSpecial; + using StaticX::SectionDecrypt; + using StaticX::MemoryDecompress; + using StaticA::RawMemoryCopy; + using StaticW::RawMemoryCopy; + using StaticA::RawMemoryCopyEx; + using StaticW::RawMemoryCopyEx; + using StaticA::RawMemoryCopyEx64; + using StaticW::RawMemoryCopyEx64; + using StaticX::HashMemory; + using StaticA::HashFile; + using StaticW::HashFile; +}; + +class EngineX +{ +protected: + + static void SetEngineVariable(eEngineVariable VariableId, bool VariableSet) + { + UE::SetEngineVariable(VariableId, VariableSet); + } + static bool FakeMissingDependencies(HANDLE hProcess) + { + return UE::EngineFakeMissingDependencies(hProcess); + } + static bool DeleteCreatedDependencies() + { + return UE::EngineDeleteCreatedDependencies(); + } + static bool CreateUnpackerWindow(char* WindowUnpackerTitle, char* WindowUnpackerLongTitle, char* WindowUnpackerName, char* WindowUnpackerAuthor, void* StartUnpackingCallBack) + { + return UE::EngineCreateUnpackerWindow(WindowUnpackerTitle, WindowUnpackerLongTitle, WindowUnpackerName, WindowUnpackerAuthor, StartUnpackingCallBack); + } + static void AddUnpackerWindowLogMessage(char* szLogMessage) + { + return UE::EngineAddUnpackerWindowLogMessage(szLogMessage); + } +}; + +class EngineA +{ +public: + + static bool CreateMissingDependencies(char* szFileName, char* szOutputFolder, bool LogCreatedFiles) + { + return UE::EngineCreateMissingDependencies(szFileName, szOutputFolder, LogCreatedFiles); + } +}; + +class EngineW +{ +public: + + static bool CreateMissingDependencies(wchar_t* szFileName, wchar_t* szOutputFolder, bool LogCreatedFiles) + { + return UE::EngineCreateMissingDependenciesW(szFileName, szOutputFolder, LogCreatedFiles); + } +}; + +class Engine : EngineX, EngineA, EngineW +{ +public: + + using EngineX::SetEngineVariable; + using EngineA::CreateMissingDependencies; + using EngineW::CreateMissingDependencies; + using EngineX::FakeMissingDependencies; + using EngineX::DeleteCreatedDependencies; + using EngineX::CreateUnpackerWindow; + using EngineX::AddUnpackerWindowLogMessage; +}; + +class ExtensionManager +{ +public: + + typedef UE::PluginInformation PluginInformation; + + static bool IsPluginLoaded(char* szPluginName) + { + return UE::ExtensionManagerIsPluginLoaded(szPluginName); + } + static bool IsPluginEnabled(char* szPluginName) + { + return UE::ExtensionManagerIsPluginEnabled(szPluginName); + } + static bool DisableAllPlugins() + { + return UE::ExtensionManagerDisableAllPlugins(); + } + static bool DisablePlugin(char* szPluginName) + { + return UE::ExtensionManagerDisablePlugin(szPluginName); + } + static bool EnableAllPlugins() + { + return UE::ExtensionManagerEnableAllPlugins(); + } + static bool EnablePlugin(char* szPluginName) + { + return UE::ExtensionManagerEnablePlugin(szPluginName); + } + static bool UnloadAllPlugins() + { + return UE::ExtensionManagerUnloadAllPlugins(); + } + static bool UnloadPlugin(char* szPluginName) + { + return UE::ExtensionManagerUnloadPlugin(szPluginName); + } + static PluginInformation* GetPluginInfo(char* szPluginName) + { + return (PluginInformation*)UE::ExtensionManagerGetPluginInfo(szPluginName); + } +}; + +} /* namespace TE */ + +#endif /*TITANENGINE_CPP*/ diff --git a/TitanUnitTest/TitanEngine.lib b/TitanUnitTest/TitanEngine.lib new file mode 100644 index 0000000..4b6174a Binary files /dev/null and b/TitanUnitTest/TitanEngine.lib differ diff --git a/TitanUnitTest/TitanScript.h b/TitanUnitTest/TitanScript.h new file mode 100644 index 0000000..4eb75e2 --- /dev/null +++ b/TitanUnitTest/TitanScript.h @@ -0,0 +1,26 @@ +#ifndef TITANSCRIPT_H +#define TITANSCRIPT_H + +#if _MSC_VER > 1000 +//#pragma once +#endif + +#include + +enum eLogType {TS_LOG_NORMAL, TS_LOG_ERROR, TS_LOG_COMMAND, TS_LOG_DEBUG}; +typedef void(*fLogCallback)(const char* szString, eLogType Type); + +typedef bool (*tScripterLoadFileA)(const char*); +typedef bool (*tScripterLoadFileW)(const wchar_t*); +typedef bool (*tScripterLoadBuffer)(const char*); +typedef bool (*tScripterResume)(); +typedef bool (*tScripterPause)(); +typedef bool (*tScripterAutoDebugA)(const char*); +typedef bool (*tScripterAutoDebugW)(const wchar_t*); +typedef void (*tScripterSetLogCallback)(fLogCallback Callback); +typedef bool (*tScripterExecuteWithTitanMistA)(const char*, const char*); + +// use like this: tScripterResume foo = GetTSFunctionPointer(Resume); +#define GetTSFunctionPointer(x) ((tScripter ## x)GetProcAddress(GetModuleHandleA("TitanScript"), "Scripter" #x)) + +#endif /*TITANSCRIPT_H*/ diff --git a/TitanUnitTest/TitanScript.hpp b/TitanUnitTest/TitanScript.hpp new file mode 100644 index 0000000..3a0311d --- /dev/null +++ b/TitanUnitTest/TitanScript.hpp @@ -0,0 +1,122 @@ +#ifndef TITANSCRIPT_CPP +#define TITANSCRIPT_CPP + +#if _MSC_VER > 1000 + #pragma once +#endif + +namespace TS +{ + +namespace TSH +{ + #ifdef TITANSCRIPT_H + #undef TITANSCRIPT_H + #endif + + #include "TitanScript.h" +} + +typedef TSH::eLogType eLogType; + +class ScripterX +{ +protected: + + static TSH::tScripterLoadBuffer pLoadBuffer; + static TSH::tScripterResume pResume; + static TSH::tScripterPause pPause; + static TSH::tScripterSetLogCallback pSetLogCallback; + + typedef TSH::fLogCallback fLogCallback; + + //static bool Loaded; + + static bool LoadBuffer(const char* szScript) + { + return pLoadBuffer ? pLoadBuffer(szScript) : false; + } + static bool Resume() + { + return pResume ? pResume() : false; + } + static bool Pause() + { + return pPause ? pPause() : false; + } + static void SetLogCallback(fLogCallback Callback) + { + if(pSetLogCallback) pSetLogCallback(Callback); + } +}; + +class ScripterA +{ +private: + + static TSH::tScripterLoadFileA pLoadFile; + static TSH::tScripterAutoDebugA pAutoDebug; + +public: + + //static bool Loaded; + + static bool LoadFile(const char* szFileName) + { + return pLoadFile ? pLoadFile(szFileName) : false; + } + bool AutoDebug(const char* Debuggee) + { + return pAutoDebug ? pAutoDebug(Debuggee) : false; + } +}; + +class ScripterW +{ +private: + + static TSH::tScripterLoadFileW pLoadFile; + static TSH::tScripterAutoDebugW pAutoDebug; + +public: + + //static bool Loaded; + + static bool LoadFile(const wchar_t* szFileName) + { + return pLoadFile ? pLoadFile(szFileName) : false; + } + bool AutoDebug(const wchar_t* Debuggee) + { + return pAutoDebug ? pAutoDebug(Debuggee) : false; + } +}; + +class Scripter : ScripterX, ScripterA, ScripterW +{ +public: + + using ScripterX::fLogCallback; + + using ScripterA::LoadFile; + using ScripterW::LoadFile; + using ScripterX::LoadBuffer; + using ScripterX::Resume; + using ScripterX::Pause; + using ScripterA::AutoDebug; + using ScripterW::AutoDebug; + using ScripterX::SetLogCallback; +}; + +TSH::tScripterLoadFileA ScripterA::pLoadFile = GetTSFunctionPointer(LoadFileA); +TSH::tScripterLoadFileW ScripterW::pLoadFile = GetTSFunctionPointer(LoadFileW); +TSH::tScripterLoadBuffer ScripterX::pLoadBuffer = GetTSFunctionPointer(LoadBuffer); +TSH::tScripterResume ScripterX::pResume = GetTSFunctionPointer(Resume); +TSH::tScripterPause ScripterX::pPause = GetTSFunctionPointer(Pause); +TSH::tScripterAutoDebugA ScripterA::pAutoDebug = GetTSFunctionPointer(AutoDebugA); +TSH::tScripterAutoDebugW ScripterW::pAutoDebug = GetTSFunctionPointer(AutoDebugW); +TSH::tScripterSetLogCallback ScripterX::pSetLogCallback = GetTSFunctionPointer(SetLogCallback); + +} /* namespace TS */ + +#endif /*TITANSCRIPT_CPP*/ diff --git a/TitanUnitTest/TitanUnitTest.cpp b/TitanUnitTest/TitanUnitTest.cpp new file mode 100644 index 0000000..11c915a --- /dev/null +++ b/TitanUnitTest/TitanUnitTest.cpp @@ -0,0 +1,39 @@ +#include "stdafx.h" +#include "TitanEngine.h" +#include "TitanScript.h" +#include + +void log_callback( const char* str, eLogType log_type ); + +int main(int argc, char* argv[]) +{ + if(argc < 3) { + log_callback("Usage: titan_unittest.exe script.osc target.exe", TS_LOG_ERROR); + return -1; + } + + if ( !ExtensionManagerIsPluginLoaded( "TitanScript" ) || !ExtensionManagerIsPluginEnabled( "TitanScript" ) ) { + throw std::runtime_error( "TitanScript failed to load!" ); + } + + tScripterLoadFileA load_file = GetTSFunctionPointer( LoadFileA ); + tScripterExecuteWithTitanMistA exec = GetTSFunctionPointer( ExecuteWithTitanMistA ); + tScripterSetLogCallback set_log_callback = GetTSFunctionPointer( SetLogCallback ); + + set_log_callback(&log_callback ); + + if(!load_file(argv[1])) { + log_callback("Error loading script", TS_LOG_ERROR); + return -1; + } + + exec(argv[2], "dump.exe" ); + + return 0; +} + + +void log_callback( const char* str, eLogType log_type ) { + std::cout << str << "\n" << std::flush; +} + diff --git a/TitanUnitTest/TitanUnitTest.vcxproj b/TitanUnitTest/TitanUnitTest.vcxproj new file mode 100644 index 0000000..af59b54 --- /dev/null +++ b/TitanUnitTest/TitanUnitTest.vcxproj @@ -0,0 +1,98 @@ + + + + + Debug + Win32 + + + Release + Win32 + + + + {5B5AB3CD-4D32-43B0-8840-E05C9483381D} + Win32Proj + titan_unittest + + + + Application + true + Unicode + true + + + Application + false + true + Unicode + + + + + + + + + + + + + true + + + false + + + + Use + Level3 + Disabled + WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + MultiThreadedDebugDLL + + + Console + true + TitanEngine.lib;%(AdditionalDependencies) + + + + + + + Level3 + Use + MaxSpeed + true + true + WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + MultiThreadedDLL + + + Console + true + true + true + + + + + + + + + + + + + Create + Create + + + + + + + \ No newline at end of file diff --git a/TitanUnitTest/TitanUnitTest.vcxproj.filters b/TitanUnitTest/TitanUnitTest.vcxproj.filters new file mode 100644 index 0000000..573b3a2 --- /dev/null +++ b/TitanUnitTest/TitanUnitTest.vcxproj.filters @@ -0,0 +1,41 @@ + + + + + {4FC737F1-C7A5-4376-A066-2A32D752A2FF} + cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx + + + {93995380-89BD-4b04-88EB-625FBE52EBFB} + h;hpp;hxx;hm;inl;inc;xsd + + + + + Quelldateien + + + Quelldateien + + + + + Headerdateien + + + Headerdateien + + + Headerdateien + + + Headerdateien + + + Headerdateien + + + Headerdateien + + + \ No newline at end of file diff --git a/TitanUnitTest/disasm.dll b/TitanUnitTest/disasm.dll new file mode 100644 index 0000000..ef17bf1 Binary files /dev/null and b/TitanUnitTest/disasm.dll differ diff --git a/TitanUnitTest/stdafx.cpp b/TitanUnitTest/stdafx.cpp new file mode 100644 index 0000000..20e8cfa --- /dev/null +++ b/TitanUnitTest/stdafx.cpp @@ -0,0 +1,8 @@ +// stdafx.cpp : Quelldatei, die nur die Standard-Includes einbindet. +// titan_unittest.pch ist der vorkompilierte Header. +// stdafx.obj enthält die vorkompilierten Typinformationen. + +#include "stdafx.h" + +// TODO: Auf zusätzliche Header verweisen, die in STDAFX.H +// und nicht in dieser Datei erforderlich sind. diff --git a/TitanUnitTest/stdafx.h b/TitanUnitTest/stdafx.h new file mode 100644 index 0000000..b689b41 --- /dev/null +++ b/TitanUnitTest/stdafx.h @@ -0,0 +1,15 @@ +// stdafx.h : Includedatei für Standardsystem-Includedateien +// oder häufig verwendete projektspezifische Includedateien, +// die nur in unregelmäßigen Abständen geändert werden. +// + +#pragma once + +#include "targetver.h" + +#include +#include + + + +// TODO: Hier auf zusätzliche Header, die das Programm erfordert, verweisen. diff --git a/TitanUnitTest/targetver.h b/TitanUnitTest/targetver.h new file mode 100644 index 0000000..a765413 --- /dev/null +++ b/TitanUnitTest/targetver.h @@ -0,0 +1,8 @@ +#pragma once + +// Durch Einbeziehen von"SDKDDKVer.h" wird die höchste verfügbare Windows-Plattform definiert. + +// Wenn Sie die Anwendung für eine frühere Windows-Plattform erstellen möchten, schließen Sie "WinSDKVer.h" ein, und +// legen Sie das _WIN32_WINNT-Makro auf die zu unterstützende Plattform fest, bevor Sie "SDKDDKVer.h" einschließen. + +#include