x64dbg
/
TitanEngine
mirror of https://github.com/x64dbg/TitanEngine
1
0
Fork 0
Code Releases Activity

- replaced all 'long long' with 'ULONG_PTR' 

- fixed various bugs in TitanEngine.Debugger.Context (invalid OpenThread access flags)
- added SDK to the project (for easy editing)
This commit is contained in:
Mr. eXoDia 2014-04-04 14:53:18 +02:00
parent 46fe89b5c6
commit ddf87c22c0
20 changed files with 395 additions and 449 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
SDK/C/TitanEngine.h
View File

@ -572,9 +572,9 @@ __declspec(dllexport) bool TITCALL DeleteLastSection(char* szFileName);
__declspec(dllexport) bool TITCALL DeleteLastSectionW(wchar_t* szFileName);
__declspec(dllexport) bool TITCALL DeleteLastSectionEx(char* szFileName, DWORD NumberOfSections);
__declspec(dllexport) bool TITCALL DeleteLastSectionExW(wchar_t* szFileName, DWORD NumberOfSections);
__declspec(dllexport) long long TITCALL GetPE32DataFromMappedFile(ULONG_PTR FileMapVA, DWORD WhichSection, DWORD WhichData);
__declspec(dllexport) long long TITCALL GetPE32Data(char* szFileName, DWORD WhichSection, DWORD WhichData);
__declspec(dllexport) long long TITCALL GetPE32DataW(wchar_t* szFileName, DWORD WhichSection, DWORD WhichData);
__declspec(dllexport) ULONG_PTR TITCALL GetPE32DataFromMappedFile(ULONG_PTR FileMapVA, DWORD WhichSection, DWORD WhichData);
__declspec(dllexport) ULONG_PTR TITCALL GetPE32Data(char* szFileName, DWORD WhichSection, DWORD WhichData);
__declspec(dllexport) ULONG_PTR TITCALL GetPE32DataW(wchar_t* szFileName, DWORD WhichSection, DWORD WhichData);
__declspec(dllexport) bool TITCALL GetPE32DataFromMappedFileEx(ULONG_PTR FileMapVA, LPVOID DataStorage);
__declspec(dllexport) bool TITCALL GetPE32DataEx(char* szFileName, LPVOID DataStorage);
__declspec(dllexport) bool TITCALL GetPE32DataExW(wchar_t* szFileName, LPVOID DataStorage);
@ -585,10 +585,10 @@ __declspec(dllexport) bool TITCALL SetPE32DataForMappedFileEx(ULONG_PTR FileMapV
__declspec(dllexport) bool TITCALL SetPE32DataEx(char* szFileName, LPVOID DataStorage);
__declspec(dllexport) bool TITCALL SetPE32DataExW(wchar_t* szFileName, LPVOID DataStorage);
__declspec(dllexport) long TITCALL GetPE32SectionNumberFromVA(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert);
__declspec(dllexport) long long TITCALL ConvertVAtoFileOffset(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType);
__declspec(dllexport) long long TITCALL ConvertVAtoFileOffsetEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool AddressIsRVA, bool ReturnType);
__declspec(dllexport) long long TITCALL ConvertFileOffsetToVA(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType);
__declspec(dllexport) long long TITCALL ConvertFileOffsetToVAEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool ReturnType);
__declspec(dllexport) ULONG_PTR TITCALL ConvertVAtoFileOffset(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType);
__declspec(dllexport) ULONG_PTR TITCALL ConvertVAtoFileOffsetEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool AddressIsRVA, bool ReturnType);
__declspec(dllexport) ULONG_PTR TITCALL ConvertFileOffsetToVA(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType);
__declspec(dllexport) ULONG_PTR TITCALL ConvertFileOffsetToVAEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool ReturnType);
__declspec(dllexport) bool TITCALL MemoryReadSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T * lpNumberOfBytesRead);
__declspec(dllexport) bool TITCALL MemoryWriteSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID lpBuffer, SIZE_T nSize, SIZE_T * lpNumberOfBytesWritten);
// TitanEngine.Realigner.functions:
@ -632,8 +632,8 @@ __declspec(dllexport) bool TITCALL RelocaterRelocateMemoryBlock(ULONG_PTR FileMa
__declspec(dllexport) bool TITCALL RelocaterWipeRelocationTable(char* szFileName);
__declspec(dllexport) bool TITCALL RelocaterWipeRelocationTableW(wchar_t* szFileName);
// TitanEngine.Resourcer.functions:
__declspec(dllexport) long long TITCALL ResourcerLoadFileForResourceUse(char* szFileName);
__declspec(dllexport) long long TITCALL ResourcerLoadFileForResourceUseW(wchar_t* szFileName);
__declspec(dllexport) ULONG_PTR TITCALL ResourcerLoadFileForResourceUse(char* szFileName);
__declspec(dllexport) ULONG_PTR TITCALL ResourcerLoadFileForResourceUseW(wchar_t* szFileName);
__declspec(dllexport) bool TITCALL ResourcerFreeLoadedFile(LPVOID LoadedFileBase);
__declspec(dllexport) bool TITCALL ResourcerExtractResourceFromFileEx(ULONG_PTR FileMapVA, char* szResourceType, char* szResourceName, char* szExtractedFileName);
__declspec(dllexport) bool TITCALL ResourcerExtractResourceFromFile(char* szFileName, char* szResourceType, char* szResourceName, char* szExtractedFileName);
@ -655,16 +655,16 @@ __declspec(dllexport) bool TITCALL ThreaderPauseAllThreads(bool LeaveMainRunning
__declspec(dllexport) bool TITCALL ThreaderResumeAllThreads(bool LeaveMainPaused);
__declspec(dllexport) bool TITCALL ThreaderPauseProcess();
__declspec(dllexport) bool TITCALL ThreaderResumeProcess();
__declspec(dllexport) long long TITCALL ThreaderCreateRemoteThread(ULONG_PTR ThreadStartAddress, bool AutoCloseTheHandle, LPVOID ThreadPassParameter, LPDWORD ThreadId);
__declspec(dllexport) ULONG_PTR TITCALL ThreaderCreateRemoteThread(ULONG_PTR ThreadStartAddress, bool AutoCloseTheHandle, LPVOID ThreadPassParameter, LPDWORD ThreadId);
__declspec(dllexport) bool TITCALL ThreaderInjectAndExecuteCode(LPVOID InjectCode, DWORD StartDelta, DWORD InjectSize);
__declspec(dllexport) long long TITCALL ThreaderCreateRemoteThreadEx(HANDLE hProcess, ULONG_PTR ThreadStartAddress, bool AutoCloseTheHandle, LPVOID ThreadPassParameter, LPDWORD ThreadId);
__declspec(dllexport) ULONG_PTR TITCALL ThreaderCreateRemoteThreadEx(HANDLE hProcess, ULONG_PTR ThreadStartAddress, bool AutoCloseTheHandle, LPVOID ThreadPassParameter, LPDWORD ThreadId);
__declspec(dllexport) bool TITCALL ThreaderInjectAndExecuteCodeEx(HANDLE hProcess, LPVOID InjectCode, DWORD StartDelta, DWORD InjectSize);
__declspec(dllexport) void TITCALL ThreaderSetCallBackForNextExitThreadEvent(LPVOID exitThreadCallBack);
__declspec(dllexport) bool TITCALL ThreaderIsThreadStillRunning(HANDLE hThread);
__declspec(dllexport) bool TITCALL ThreaderIsThreadActive(HANDLE hThread);
__declspec(dllexport) bool TITCALL ThreaderIsAnyThreadActive();
__declspec(dllexport) bool TITCALL ThreaderExecuteOnlyInjectedThreads();
__declspec(dllexport) long long TITCALL ThreaderGetOpenHandleForThread(DWORD ThreadId);
__declspec(dllexport) ULONG_PTR TITCALL ThreaderGetOpenHandleForThread(DWORD ThreadId);
__declspec(dllexport) bool TITCALL ThreaderIsExceptionInMainThread();
// TitanEngine.Debugger.functions:
__declspec(dllexport) void* TITCALL StaticDisassembleEx(ULONG_PTR DisassmStart, LPVOID DisassmAddress);
@ -695,8 +695,8 @@ __declspec(dllexport) bool TITCALL SetMemoryBPX(ULONG_PTR MemoryStart, SIZE_T Si
__declspec(dllexport) bool TITCALL SetMemoryBPXEx(ULONG_PTR MemoryStart, SIZE_T SizeOfMemory, DWORD BreakPointType, bool RestoreOnHit, LPVOID bpxCallBack);
__declspec(dllexport) bool TITCALL RemoveMemoryBPX(ULONG_PTR MemoryStart, SIZE_T SizeOfMemory);
__declspec(dllexport) bool TITCALL GetContextFPUDataEx(HANDLE hActiveThread, void* FPUSaveArea);
__declspec(dllexport) long long TITCALL GetContextDataEx(HANDLE hActiveThread, DWORD IndexOfRegister);
__declspec(dllexport) long long TITCALL GetContextData(DWORD IndexOfRegister);
__declspec(dllexport) ULONG_PTR TITCALL GetContextDataEx(HANDLE hActiveThread, DWORD IndexOfRegister);
__declspec(dllexport) ULONG_PTR TITCALL GetContextData(DWORD IndexOfRegister);
__declspec(dllexport) bool TITCALL SetContextFPUDataEx(HANDLE hActiveThread, void* FPUSaveArea);
__declspec(dllexport) bool TITCALL SetContextDataEx(HANDLE hActiveThread, DWORD IndexOfRegister, ULONG_PTR NewRegisterValue);
__declspec(dllexport) bool TITCALL SetContextData(DWORD IndexOfRegister, ULONG_PTR NewRegisterValue);
@ -704,8 +704,8 @@ __declspec(dllexport) void TITCALL ClearExceptionNumber();
__declspec(dllexport) long TITCALL CurrentExceptionNumber();
__declspec(dllexport) bool TITCALL MatchPatternEx(HANDLE hProcess, void* MemoryToCheck, int SizeOfMemoryToCheck, void* PatternToMatch, int SizeOfPatternToMatch, PBYTE WildCard);
__declspec(dllexport) bool TITCALL MatchPattern(void* MemoryToCheck, int SizeOfMemoryToCheck, void* PatternToMatch, int SizeOfPatternToMatch, PBYTE WildCard);
__declspec(dllexport) long long TITCALL FindEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, LPBYTE WildCard);
extern "C" __declspec(dllexport) long long TITCALL Find(LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, LPBYTE WildCard);
__declspec(dllexport) ULONG_PTR TITCALL FindEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, LPBYTE WildCard);
extern "C" __declspec(dllexport) ULONG_PTR TITCALL Find(LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, LPBYTE WildCard);
__declspec(dllexport) bool TITCALL FillEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, PBYTE FillByte);
__declspec(dllexport) bool TITCALL Fill(LPVOID MemoryStart, DWORD MemorySize, PBYTE FillByte);
__declspec(dllexport) bool TITCALL PatchEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, LPVOID ReplacePattern, DWORD ReplaceSize, bool AppendNOP, bool PrependNOP);
@ -715,12 +715,12 @@ __declspec(dllexport) bool TITCALL Replace(LPVOID MemoryStart, DWORD MemorySize,
__declspec(dllexport) void* TITCALL GetDebugData();
__declspec(dllexport) void* TITCALL GetTerminationData();
__declspec(dllexport) long TITCALL GetExitCode();
__declspec(dllexport) long long TITCALL GetDebuggedDLLBaseAddress();
__declspec(dllexport) unsigned long long TITCALL GetDebuggedFileBaseAddress();
__declspec(dllexport) ULONG_PTR TITCALL GetDebuggedDLLBaseAddress();
__declspec(dllexport) ULONG_PTR TITCALL GetDebuggedFileBaseAddress();
__declspec(dllexport) bool TITCALL GetRemoteString(HANDLE hProcess, LPVOID StringAddress, LPVOID StringStorage, int MaximumStringSize);
__declspec(dllexport) long long TITCALL GetFunctionParameter(HANDLE hProcess, DWORD FunctionType, DWORD ParameterNumber, DWORD ParameterType);
__declspec(dllexport) long long TITCALL GetJumpDestinationEx(HANDLE hProcess, ULONG_PTR InstructionAddress, bool JustJumps);
__declspec(dllexport) long long TITCALL GetJumpDestination(HANDLE hProcess, ULONG_PTR InstructionAddress);
__declspec(dllexport) ULONG_PTR TITCALL GetFunctionParameter(HANDLE hProcess, DWORD FunctionType, DWORD ParameterNumber, DWORD ParameterType);
__declspec(dllexport) ULONG_PTR TITCALL GetJumpDestinationEx(HANDLE hProcess, ULONG_PTR InstructionAddress, bool JustJumps);
__declspec(dllexport) ULONG_PTR TITCALL GetJumpDestination(HANDLE hProcess, ULONG_PTR InstructionAddress);
__declspec(dllexport) bool TITCALL IsJumpGoingToExecuteEx(HANDLE hProcess, HANDLE hThread, ULONG_PTR InstructionAddress, ULONG_PTR RegFlags);
__declspec(dllexport) bool TITCALL IsJumpGoingToExecute();
__declspec(dllexport) void TITCALL SetCustomHandler(DWORD ExceptionId, LPVOID CallBack);
@ -761,33 +761,33 @@ __declspec(dllexport) bool TITCALL ImporterExportIAT(ULONG_PTR StorePlace, ULONG
__declspec(dllexport) long TITCALL ImporterEstimatedSize();
__declspec(dllexport) bool TITCALL ImporterExportIATEx(char* szDumpFileName, char* szExportFileName, char* szSectionName);
__declspec(dllexport) bool TITCALL ImporterExportIATExW(wchar_t* szDumpFileName, wchar_t* szExportFileName, wchar_t* szSectionName = L".RL!TEv2");
__declspec(dllexport) long long TITCALL ImporterFindAPIWriteLocation(char* szAPIName);
__declspec(dllexport) long long TITCALL ImporterFindOrdinalAPIWriteLocation(ULONG_PTR OrdinalNumber);
__declspec(dllexport) long long TITCALL ImporterFindAPIByWriteLocation(ULONG_PTR APIWriteLocation);
__declspec(dllexport) long long TITCALL ImporterFindDLLByWriteLocation(ULONG_PTR APIWriteLocation);
__declspec(dllexport) ULONG_PTR TITCALL ImporterFindAPIWriteLocation(char* szAPIName);
__declspec(dllexport) ULONG_PTR TITCALL ImporterFindOrdinalAPIWriteLocation(ULONG_PTR OrdinalNumber);
__declspec(dllexport) ULONG_PTR TITCALL ImporterFindAPIByWriteLocation(ULONG_PTR APIWriteLocation);
__declspec(dllexport) ULONG_PTR TITCALL ImporterFindDLLByWriteLocation(ULONG_PTR APIWriteLocation);
__declspec(dllexport) void* TITCALL ImporterGetDLLName(ULONG_PTR APIAddress);
__declspec(dllexport) void* TITCALL ImporterGetDLLNameW(ULONG_PTR APIAddress);
__declspec(dllexport) void* TITCALL ImporterGetAPIName(ULONG_PTR APIAddress);
__declspec(dllexport) long long TITCALL ImporterGetAPIOrdinalNumber(ULONG_PTR APIAddress);
__declspec(dllexport) ULONG_PTR TITCALL ImporterGetAPIOrdinalNumber(ULONG_PTR APIAddress);
__declspec(dllexport) void* TITCALL ImporterGetAPINameEx(ULONG_PTR APIAddress, ULONG_PTR DLLBasesList);
__declspec(dllexport) long long TITCALL ImporterGetRemoteAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllexport) long long TITCALL ImporterGetRemoteAPIAddressEx(char* szDLLName, char* szAPIName);
__declspec(dllexport) long long TITCALL ImporterGetLocalAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllexport) ULONG_PTR TITCALL ImporterGetRemoteAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllexport) ULONG_PTR TITCALL ImporterGetRemoteAPIAddressEx(char* szDLLName, char* szAPIName);
__declspec(dllexport) ULONG_PTR TITCALL ImporterGetLocalAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllexport) void* TITCALL ImporterGetDLLNameFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllexport) void* TITCALL ImporterGetDLLNameFromDebugeeW(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllexport) void* TITCALL ImporterGetAPINameFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllexport) long long TITCALL ImporterGetAPIOrdinalNumberFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllexport) ULONG_PTR TITCALL ImporterGetAPIOrdinalNumberFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllexport) long TITCALL ImporterGetDLLIndexEx(ULONG_PTR APIAddress, ULONG_PTR DLLBasesList);
__declspec(dllexport) long TITCALL ImporterGetDLLIndex(HANDLE hProcess, ULONG_PTR APIAddress, ULONG_PTR DLLBasesList);
__declspec(dllexport) long long TITCALL ImporterGetRemoteDLLBase(HANDLE hProcess, HMODULE LocalModuleBase);
__declspec(dllexport) long long TITCALL ImporterGetRemoteDLLBaseEx(HANDLE hProcess, char* szModuleName);
__declspec(dllexport) ULONG_PTR TITCALL ImporterGetRemoteDLLBase(HANDLE hProcess, HMODULE LocalModuleBase);
__declspec(dllexport) ULONG_PTR TITCALL ImporterGetRemoteDLLBaseEx(HANDLE hProcess, char* szModuleName);
__declspec(dllexport) void* TITCALL ImporterGetRemoteDLLBaseExW(HANDLE hProcess, wchar_t* szModuleName);
__declspec(dllexport) bool TITCALL ImporterIsForwardedAPI(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllexport) void* TITCALL ImporterGetForwardedAPIName(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllexport) void* TITCALL ImporterGetForwardedDLLName(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllexport) long TITCALL ImporterGetForwardedDLLIndex(HANDLE hProcess, ULONG_PTR APIAddress, ULONG_PTR DLLBasesList);
__declspec(dllexport) long long TITCALL ImporterGetForwardedAPIOrdinalNumber(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllexport) long long TITCALL ImporterGetNearestAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllexport) ULONG_PTR TITCALL ImporterGetForwardedAPIOrdinalNumber(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllexport) ULONG_PTR TITCALL ImporterGetNearestAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllexport) void* TITCALL ImporterGetNearestAPIName(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllexport) bool TITCALL ImporterCopyOriginalIAT(char* szOriginalFile, char* szDumpFile);
__declspec(dllexport) bool TITCALL ImporterCopyOriginalIATW(wchar_t* szOriginalFile, wchar_t* szDumpFile);
@ -827,11 +827,11 @@ __declspec(dllexport) void TITCALL HooksScanEntireProcessMemory(LPVOID CallBack)
__declspec(dllexport) void TITCALL HooksScanEntireProcessMemoryEx();
// TitanEngine.Tracer.functions:
__declspec(dllexport) void TITCALL TracerInit();
__declspec(dllexport) long long TITCALL TracerLevel1(HANDLE hProcess, ULONG_PTR AddressToTrace);
__declspec(dllexport) long long TITCALL HashTracerLevel1(HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD InputNumberOfInstructions);
__declspec(dllexport) ULONG_PTR TITCALL TracerLevel1(HANDLE hProcess, ULONG_PTR AddressToTrace);
__declspec(dllexport) ULONG_PTR TITCALL HashTracerLevel1(HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD InputNumberOfInstructions);
__declspec(dllexport) long TITCALL TracerDetectRedirection(HANDLE hProcess, ULONG_PTR AddressToTrace);
__declspec(dllexport) long long TITCALL TracerFixKnownRedirection(HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD RedirectionId);
__declspec(dllexport) long long TITCALL TracerFixRedirectionViaModule(HMODULE hModuleHandle, HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD IdParameter);
__declspec(dllexport) ULONG_PTR TITCALL TracerFixKnownRedirection(HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD RedirectionId);
__declspec(dllexport) ULONG_PTR TITCALL TracerFixRedirectionViaModule(HMODULE hModuleHandle, HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD IdParameter);
__declspec(dllexport) long TITCALL TracerFixRedirectionViaImpRecPlugin(HANDLE hProcess, char* szPluginName, ULONG_PTR AddressToTrace);
// TitanEngine.Exporter.functions:
__declspec(dllexport) void TITCALL ExporterCleanup();
@ -884,7 +884,7 @@ __declspec(dllexport) bool TITCALL HandlerIsHandleOpen(DWORD ProcessId, HANDLE h
__declspec(dllexport) void* TITCALL HandlerGetHandleName(HANDLE hProcess, DWORD ProcessId, HANDLE hHandle, bool TranslateName);
__declspec(dllexport) void* TITCALL HandlerGetHandleNameW(HANDLE hProcess, DWORD ProcessId, HANDLE hHandle, bool TranslateName);
__declspec(dllexport) long TITCALL HandlerEnumerateOpenHandles(DWORD ProcessId, LPVOID HandleBuffer, DWORD MaxHandleCount);
__declspec(dllexport) long long TITCALL HandlerGetHandleDetails(HANDLE hProcess, DWORD ProcessId, HANDLE hHandle, DWORD InformationReturn);
__declspec(dllexport) ULONG_PTR TITCALL HandlerGetHandleDetails(HANDLE hProcess, DWORD ProcessId, HANDLE hHandle, DWORD InformationReturn);
__declspec(dllexport) bool TITCALL HandlerCloseRemoteHandle(HANDLE hProcess, HANDLE hHandle);
__declspec(dllexport) long TITCALL HandlerEnumerateLockHandles(char* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated, LPVOID HandleDataBuffer, DWORD MaxHandleCount);
__declspec(dllexport) long TITCALL HandlerEnumerateLockHandlesW(wchar_t* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated, LPVOID HandleDataBuffer, DWORD MaxHandleCount);
@ -894,8 +894,8 @@ __declspec(dllexport) bool TITCALL HandlerIsFileLocked(char* szFileOrFolderName,
__declspec(dllexport) bool TITCALL HandlerIsFileLockedW(wchar_t* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated);
// TitanEngine.Handler[Mutex].functions:
__declspec(dllexport) long TITCALL HandlerEnumerateOpenMutexes(HANDLE hProcess, DWORD ProcessId, LPVOID HandleBuffer, DWORD MaxHandleCount);
__declspec(dllexport) long long TITCALL HandlerGetOpenMutexHandle(HANDLE hProcess, DWORD ProcessId, char* szMutexString);
__declspec(dllexport) long long TITCALL HandlerGetOpenMutexHandleW(HANDLE hProcess, DWORD ProcessId, wchar_t* szMutexString);
__declspec(dllexport) ULONG_PTR TITCALL HandlerGetOpenMutexHandle(HANDLE hProcess, DWORD ProcessId, char* szMutexString);
__declspec(dllexport) ULONG_PTR TITCALL HandlerGetOpenMutexHandleW(HANDLE hProcess, DWORD ProcessId, wchar_t* szMutexString);
__declspec(dllexport) long TITCALL HandlerGetProcessIdWhichCreatedMutex(char* szMutexString);
__declspec(dllexport) long TITCALL HandlerGetProcessIdWhichCreatedMutexW(wchar_t* szMutexString);
// TitanEngine.Injector.functions:

84
SDK/CPP/TitanEngine.h
View File

@ -571,9 +571,9 @@ __declspec(dllimport) bool TITCALL DeleteLastSection(char* szFileName);
__declspec(dllimport) bool TITCALL DeleteLastSectionW(wchar_t* szFileName);
__declspec(dllimport) bool TITCALL DeleteLastSectionEx(char* szFileName, DWORD NumberOfSections);
__declspec(dllimport) bool TITCALL DeleteLastSectionExW(wchar_t* szFileName, DWORD NumberOfSections);
__declspec(dllimport) long long TITCALL GetPE32DataFromMappedFile(ULONG_PTR FileMapVA, DWORD WhichSection, DWORD WhichData);
__declspec(dllimport) long long TITCALL GetPE32Data(char* szFileName, DWORD WhichSection, DWORD WhichData);
__declspec(dllimport) long long TITCALL GetPE32DataW(wchar_t* szFileName, DWORD WhichSection, DWORD WhichData);
__declspec(dllimport) ULONG_PTR TITCALL GetPE32DataFromMappedFile(ULONG_PTR FileMapVA, DWORD WhichSection, DWORD WhichData);
__declspec(dllimport) ULONG_PTR TITCALL GetPE32Data(char* szFileName, DWORD WhichSection, DWORD WhichData);
__declspec(dllimport) ULONG_PTR TITCALL GetPE32DataW(wchar_t* szFileName, DWORD WhichSection, DWORD WhichData);
__declspec(dllimport) bool TITCALL GetPE32DataFromMappedFileEx(ULONG_PTR FileMapVA, LPVOID DataStorage);
__declspec(dllimport) bool TITCALL GetPE32DataEx(char* szFileName, LPVOID DataStorage);
__declspec(dllimport) bool TITCALL GetPE32DataExW(wchar_t* szFileName, LPVOID DataStorage);
@ -584,10 +584,10 @@ __declspec(dllimport) bool TITCALL SetPE32DataForMappedFileEx(ULONG_PTR FileMapV
__declspec(dllimport) bool TITCALL SetPE32DataEx(char* szFileName, LPVOID DataStorage);
__declspec(dllimport) bool TITCALL SetPE32DataExW(wchar_t* szFileName, LPVOID DataStorage);
__declspec(dllimport) long TITCALL GetPE32SectionNumberFromVA(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert);
__declspec(dllimport) long long TITCALL ConvertVAtoFileOffset(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType);
__declspec(dllimport) long long TITCALL ConvertVAtoFileOffsetEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool AddressIsRVA, bool ReturnType);
__declspec(dllimport) long long TITCALL ConvertFileOffsetToVA(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType);
__declspec(dllimport) long long TITCALL ConvertFileOffsetToVAEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool ReturnType);
__declspec(dllimport) ULONG_PTR TITCALL ConvertVAtoFileOffset(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType);
__declspec(dllimport) ULONG_PTR TITCALL ConvertVAtoFileOffsetEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool AddressIsRVA, bool ReturnType);
__declspec(dllimport) ULONG_PTR TITCALL ConvertFileOffsetToVA(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType);
__declspec(dllimport) ULONG_PTR TITCALL ConvertFileOffsetToVAEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool ReturnType);
__declspec(dllimport) bool TITCALL MemoryReadSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T * lpNumberOfBytesRead);
__declspec(dllimport) bool TITCALL MemoryWriteSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID lpBuffer, SIZE_T nSize, SIZE_T * lpNumberOfBytesWritten);
// TitanEngine.Realigner.functions:
@ -631,8 +631,8 @@ __declspec(dllimport) bool TITCALL RelocaterRelocateMemoryBlock(ULONG_PTR FileMa
__declspec(dllimport) bool TITCALL RelocaterWipeRelocationTable(char* szFileName);
__declspec(dllimport) bool TITCALL RelocaterWipeRelocationTableW(wchar_t* szFileName);
// TitanEngine.Resourcer.functions:
__declspec(dllimport) long long TITCALL ResourcerLoadFileForResourceUse(char* szFileName);
__declspec(dllimport) long long TITCALL ResourcerLoadFileForResourceUseW(wchar_t* szFileName);
__declspec(dllimport) ULONG_PTR TITCALL ResourcerLoadFileForResourceUse(char* szFileName);
__declspec(dllimport) ULONG_PTR TITCALL ResourcerLoadFileForResourceUseW(wchar_t* szFileName);
__declspec(dllimport) bool TITCALL ResourcerFreeLoadedFile(LPVOID LoadedFileBase);
__declspec(dllimport) bool TITCALL ResourcerExtractResourceFromFileEx(ULONG_PTR FileMapVA, char* szResourceType, char* szResourceName, char* szExtractedFileName);
__declspec(dllimport) bool TITCALL ResourcerExtractResourceFromFile(char* szFileName, char* szResourceType, char* szResourceName, char* szExtractedFileName);
@ -654,16 +654,16 @@ __declspec(dllimport) bool TITCALL ThreaderPauseAllThreads(bool LeaveMainRunning
__declspec(dllimport) bool TITCALL ThreaderResumeAllThreads(bool LeaveMainPaused);
__declspec(dllimport) bool TITCALL ThreaderPauseProcess();
__declspec(dllimport) bool TITCALL ThreaderResumeProcess();
__declspec(dllimport) long long TITCALL ThreaderCreateRemoteThread(ULONG_PTR ThreadStartAddress, bool AutoCloseTheHandle, LPVOID ThreadPassParameter, LPDWORD ThreadId);
__declspec(dllimport) ULONG_PTR TITCALL ThreaderCreateRemoteThread(ULONG_PTR ThreadStartAddress, bool AutoCloseTheHandle, LPVOID ThreadPassParameter, LPDWORD ThreadId);
__declspec(dllimport) bool TITCALL ThreaderInjectAndExecuteCode(LPVOID InjectCode, DWORD StartDelta, DWORD InjectSize);
__declspec(dllimport) long long TITCALL ThreaderCreateRemoteThreadEx(HANDLE hProcess, ULONG_PTR ThreadStartAddress, bool AutoCloseTheHandle, LPVOID ThreadPassParameter, LPDWORD ThreadId);
__declspec(dllimport) ULONG_PTR TITCALL ThreaderCreateRemoteThreadEx(HANDLE hProcess, ULONG_PTR ThreadStartAddress, bool AutoCloseTheHandle, LPVOID ThreadPassParameter, LPDWORD ThreadId);
__declspec(dllimport) bool TITCALL ThreaderInjectAndExecuteCodeEx(HANDLE hProcess, LPVOID InjectCode, DWORD StartDelta, DWORD InjectSize);
__declspec(dllimport) void TITCALL ThreaderSetCallBackForNextExitThreadEvent(LPVOID exitThreadCallBack);
__declspec(dllimport) bool TITCALL ThreaderIsThreadStillRunning(HANDLE hThread);
__declspec(dllimport) bool TITCALL ThreaderIsThreadActive(HANDLE hThread);
__declspec(dllimport) bool TITCALL ThreaderIsAnyThreadActive();
__declspec(dllimport) bool TITCALL ThreaderExecuteOnlyInjectedThreads();
__declspec(dllimport) long long TITCALL ThreaderGetOpenHandleForThread(DWORD ThreadId);
__declspec(dllimport) ULONG_PTR TITCALL ThreaderGetOpenHandleForThread(DWORD ThreadId);
__declspec(dllimport) bool TITCALL ThreaderIsExceptionInMainThread();
// TitanEngine.Debugger.functions:
__declspec(dllimport) void* TITCALL StaticDisassembleEx(ULONG_PTR DisassmStart, LPVOID DisassmAddress);
@ -694,8 +694,8 @@ __declspec(dllimport) bool TITCALL SetMemoryBPX(ULONG_PTR MemoryStart, SIZE_T Si
__declspec(dllimport) bool TITCALL SetMemoryBPXEx(ULONG_PTR MemoryStart, SIZE_T SizeOfMemory, DWORD BreakPointType, bool RestoreOnHit, LPVOID bpxCallBack);
__declspec(dllimport) bool TITCALL RemoveMemoryBPX(ULONG_PTR MemoryStart, SIZE_T SizeOfMemory);
__declspec(dllimport) bool TITCALL GetContextFPUDataEx(HANDLE hActiveThread, void* FPUSaveArea);
__declspec(dllimport) long long TITCALL GetContextDataEx(HANDLE hActiveThread, DWORD IndexOfRegister);
__declspec(dllimport) long long TITCALL GetContextData(DWORD IndexOfRegister);
__declspec(dllimport) ULONG_PTR TITCALL GetContextDataEx(HANDLE hActiveThread, DWORD IndexOfRegister);
__declspec(dllimport) ULONG_PTR TITCALL GetContextData(DWORD IndexOfRegister);
__declspec(dllimport) bool TITCALL SetContextFPUDataEx(HANDLE hActiveThread, void* FPUSaveArea);
__declspec(dllimport) bool TITCALL SetContextDataEx(HANDLE hActiveThread, DWORD IndexOfRegister, ULONG_PTR NewRegisterValue);
__declspec(dllimport) bool TITCALL SetContextData(DWORD IndexOfRegister, ULONG_PTR NewRegisterValue);
@ -703,8 +703,8 @@ __declspec(dllimport) void TITCALL ClearExceptionNumber();
__declspec(dllimport) long TITCALL CurrentExceptionNumber();
__declspec(dllimport) bool TITCALL MatchPatternEx(HANDLE hProcess, void* MemoryToCheck, int SizeOfMemoryToCheck, void* PatternToMatch, int SizeOfPatternToMatch, PBYTE WildCard);
__declspec(dllimport) bool TITCALL MatchPattern(void* MemoryToCheck, int SizeOfMemoryToCheck, void* PatternToMatch, int SizeOfPatternToMatch, PBYTE WildCard);
__declspec(dllimport) long long TITCALL FindEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, LPBYTE WildCard);
__declspec(dllimport) long long TITCALL Find(LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, LPBYTE WildCard);
__declspec(dllimport) ULONG_PTR TITCALL FindEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, LPBYTE WildCard);
__declspec(dllimport) ULONG_PTR TITCALL Find(LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, LPBYTE WildCard);
__declspec(dllimport) bool TITCALL FillEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, PBYTE FillByte);
__declspec(dllimport) bool TITCALL Fill(LPVOID MemoryStart, DWORD MemorySize, PBYTE FillByte);
__declspec(dllimport) bool TITCALL PatchEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, LPVOID ReplacePattern, DWORD ReplaceSize, bool AppendNOP, bool PrependNOP);
@ -714,12 +714,12 @@ __declspec(dllimport) bool TITCALL Replace(LPVOID MemoryStart, DWORD MemorySize,
__declspec(dllimport) void* TITCALL GetDebugData();
__declspec(dllimport) void* TITCALL GetTerminationData();
__declspec(dllimport) long TITCALL GetExitCode();
__declspec(dllimport) long long TITCALL GetDebuggedDLLBaseAddress();
__declspec(dllimport) long long TITCALL GetDebuggedFileBaseAddress();
__declspec(dllimport) ULONG_PTR TITCALL GetDebuggedDLLBaseAddress();
__declspec(dllimport) ULONG_PTR TITCALL GetDebuggedFileBaseAddress();
__declspec(dllimport) bool TITCALL GetRemoteString(HANDLE hProcess, LPVOID StringAddress, LPVOID StringStorage, int MaximumStringSize);
__declspec(dllimport) long long TITCALL GetFunctionParameter(HANDLE hProcess, DWORD FunctionType, DWORD ParameterNumber, DWORD ParameterType);
__declspec(dllimport) long long TITCALL GetJumpDestinationEx(HANDLE hProcess, ULONG_PTR InstructionAddress, bool JustJumps);
__declspec(dllimport) long long TITCALL GetJumpDestination(HANDLE hProcess, ULONG_PTR InstructionAddress);
__declspec(dllimport) ULONG_PTR TITCALL GetFunctionParameter(HANDLE hProcess, DWORD FunctionType, DWORD ParameterNumber, DWORD ParameterType);
__declspec(dllimport) ULONG_PTR TITCALL GetJumpDestinationEx(HANDLE hProcess, ULONG_PTR InstructionAddress, bool JustJumps);
__declspec(dllimport) ULONG_PTR TITCALL GetJumpDestination(HANDLE hProcess, ULONG_PTR InstructionAddress);
__declspec(dllimport) bool TITCALL IsJumpGoingToExecuteEx(HANDLE hProcess, HANDLE hThread, ULONG_PTR InstructionAddress, ULONG_PTR RegFlags);
__declspec(dllimport) bool TITCALL IsJumpGoingToExecute();
__declspec(dllimport) void TITCALL SetCustomHandler(DWORD ExceptionId, LPVOID CallBack);
@ -760,33 +760,33 @@ __declspec(dllimport) bool TITCALL ImporterExportIAT(ULONG_PTR StorePlace, ULONG
__declspec(dllimport) long TITCALL ImporterEstimatedSize();
__declspec(dllimport) bool TITCALL ImporterExportIATEx(char* szDumpFileName, char* szExportFileName, char* szSectionName);
__declspec(dllimport) bool TITCALL ImporterExportIATExW(wchar_t* szDumpFileName, wchar_t* szExportFileName, wchar_t* szSectionName = L".RL!TEv2");
__declspec(dllimport) long long TITCALL ImporterFindAPIWriteLocation(char* szAPIName);
__declspec(dllimport) long long TITCALL ImporterFindOrdinalAPIWriteLocation(ULONG_PTR OrdinalNumber);
__declspec(dllimport) long long TITCALL ImporterFindAPIByWriteLocation(ULONG_PTR APIWriteLocation);
__declspec(dllimport) long long TITCALL ImporterFindDLLByWriteLocation(ULONG_PTR APIWriteLocation);
__declspec(dllimport) ULONG_PTR TITCALL ImporterFindAPIWriteLocation(char* szAPIName);
__declspec(dllimport) ULONG_PTR TITCALL ImporterFindOrdinalAPIWriteLocation(ULONG_PTR OrdinalNumber);
__declspec(dllimport) ULONG_PTR TITCALL ImporterFindAPIByWriteLocation(ULONG_PTR APIWriteLocation);
__declspec(dllimport) ULONG_PTR TITCALL ImporterFindDLLByWriteLocation(ULONG_PTR APIWriteLocation);
__declspec(dllimport) void* TITCALL ImporterGetDLLName(ULONG_PTR APIAddress);
__declspec(dllimport) void* TITCALL ImporterGetDLLNameW(ULONG_PTR APIAddress);
__declspec(dllimport) void* TITCALL ImporterGetAPIName(ULONG_PTR APIAddress);
__declspec(dllimport) long long TITCALL ImporterGetAPIOrdinalNumber(ULONG_PTR APIAddress);
__declspec(dllimport) ULONG_PTR TITCALL ImporterGetAPIOrdinalNumber(ULONG_PTR APIAddress);
__declspec(dllimport) void* TITCALL ImporterGetAPINameEx(ULONG_PTR APIAddress, ULONG_PTR DLLBasesList);
__declspec(dllimport) long long TITCALL ImporterGetRemoteAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllimport) long long TITCALL ImporterGetRemoteAPIAddressEx(char* szDLLName, char* szAPIName);
__declspec(dllimport) long long TITCALL ImporterGetLocalAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllimport) ULONG_PTR TITCALL ImporterGetRemoteAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllimport) ULONG_PTR TITCALL ImporterGetRemoteAPIAddressEx(char* szDLLName, char* szAPIName);
__declspec(dllimport) ULONG_PTR TITCALL ImporterGetLocalAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllimport) void* TITCALL ImporterGetDLLNameFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllimport) void* TITCALL ImporterGetDLLNameFromDebugeeW(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllimport) void* TITCALL ImporterGetAPINameFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllimport) long long TITCALL ImporterGetAPIOrdinalNumberFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllimport) ULONG_PTR TITCALL ImporterGetAPIOrdinalNumberFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllimport) long TITCALL ImporterGetDLLIndexEx(ULONG_PTR APIAddress, ULONG_PTR DLLBasesList);
__declspec(dllimport) long TITCALL ImporterGetDLLIndex(HANDLE hProcess, ULONG_PTR APIAddress, ULONG_PTR DLLBasesList);
__declspec(dllimport) long long TITCALL ImporterGetRemoteDLLBase(HANDLE hProcess, HMODULE LocalModuleBase);
__declspec(dllimport) long long TITCALL ImporterGetRemoteDLLBaseEx(HANDLE hProcess, char* szModuleName);
__declspec(dllimport) ULONG_PTR TITCALL ImporterGetRemoteDLLBase(HANDLE hProcess, HMODULE LocalModuleBase);
__declspec(dllimport) ULONG_PTR TITCALL ImporterGetRemoteDLLBaseEx(HANDLE hProcess, char* szModuleName);
__declspec(dllimport) void* TITCALL ImporterGetRemoteDLLBaseExW(HANDLE hProcess, wchar_t* szModuleName);
__declspec(dllimport) bool TITCALL ImporterIsForwardedAPI(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllimport) void* TITCALL ImporterGetForwardedAPIName(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllimport) void* TITCALL ImporterGetForwardedDLLName(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllimport) long TITCALL ImporterGetForwardedDLLIndex(HANDLE hProcess, ULONG_PTR APIAddress, ULONG_PTR DLLBasesList);
__declspec(dllimport) long long TITCALL ImporterGetForwardedAPIOrdinalNumber(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllimport) long long TITCALL ImporterGetNearestAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllimport) ULONG_PTR TITCALL ImporterGetForwardedAPIOrdinalNumber(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllimport) ULONG_PTR TITCALL ImporterGetNearestAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllimport) void* TITCALL ImporterGetNearestAPIName(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllimport) bool TITCALL ImporterCopyOriginalIAT(char* szOriginalFile, char* szDumpFile);
__declspec(dllimport) bool TITCALL ImporterCopyOriginalIATW(wchar_t* szOriginalFile, wchar_t* szDumpFile);
@ -826,12 +826,12 @@ __declspec(dllimport) void TITCALL HooksScanEntireProcessMemory(LPVOID CallBack)
__declspec(dllimport) void TITCALL HooksScanEntireProcessMemoryEx();
// TitanEngine.Tracer.functions:
__declspec(dllimport) void TITCALL TracerInit();
__declspec(dllimport) long long TITCALL TracerLevel1(HANDLE hProcess, ULONG_PTR AddressToTrace);
__declspec(dllimport) long long TITCALL HashTracerLevel1(HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD InputNumberOfInstructions);
__declspec(dllimport) ULONG_PTR TITCALL TracerLevel1(HANDLE hProcess, ULONG_PTR AddressToTrace);
__declspec(dllimport) ULONG_PTR TITCALL HashTracerLevel1(HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD InputNumberOfInstructions);
__declspec(dllimport) long TITCALL TracerDetectRedirection(HANDLE hProcess, ULONG_PTR AddressToTrace);
__declspec(dllimport) long long TITCALL TracerFixKnownRedirection(HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD RedirectionId);
__declspec(dllimport) long long TITCALL TracerFixRedirectionViaModule(HMODULE hModuleHandle, HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD IdParameter);
__declspec(dllimport) long long TITCALL TracerDetectRedirectionViaModule(HMODULE hModuleHandle, HANDLE hProcess, ULONG_PTR AddressToTrace, PDWORD ReturnedId);
__declspec(dllimport) ULONG_PTR TITCALL TracerFixKnownRedirection(HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD RedirectionId);
__declspec(dllimport) ULONG_PTR TITCALL TracerFixRedirectionViaModule(HMODULE hModuleHandle, HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD IdParameter);
__declspec(dllimport) ULONG_PTR TITCALL TracerDetectRedirectionViaModule(HMODULE hModuleHandle, HANDLE hProcess, ULONG_PTR AddressToTrace, PDWORD ReturnedId);
__declspec(dllimport) long TITCALL TracerFixRedirectionViaImpRecPlugin(HANDLE hProcess, char* szPluginName, ULONG_PTR AddressToTrace);
// TitanEngine.Exporter.functions:
__declspec(dllimport) void TITCALL ExporterCleanup();
@ -884,7 +884,7 @@ __declspec(dllimport) bool TITCALL HandlerIsHandleOpen(DWORD ProcessId, HANDLE h
__declspec(dllimport) void* TITCALL HandlerGetHandleName(HANDLE hProcess, DWORD ProcessId, HANDLE hHandle, bool TranslateName);
__declspec(dllimport) void* TITCALL HandlerGetHandleNameW(HANDLE hProcess, DWORD ProcessId, HANDLE hHandle, bool TranslateName);
__declspec(dllimport) long TITCALL HandlerEnumerateOpenHandles(DWORD ProcessId, LPVOID HandleBuffer, DWORD MaxHandleCount);
__declspec(dllimport) long long TITCALL HandlerGetHandleDetails(HANDLE hProcess, DWORD ProcessId, HANDLE hHandle, DWORD InformationReturn);
__declspec(dllimport) ULONG_PTR TITCALL HandlerGetHandleDetails(HANDLE hProcess, DWORD ProcessId, HANDLE hHandle, DWORD InformationReturn);
__declspec(dllimport) bool TITCALL HandlerCloseRemoteHandle(HANDLE hProcess, HANDLE hHandle);
__declspec(dllimport) long TITCALL HandlerEnumerateLockHandles(char* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated, LPVOID HandleDataBuffer, DWORD MaxHandleCount);
__declspec(dllimport) long TITCALL HandlerEnumerateLockHandlesW(wchar_t* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated, LPVOID HandleDataBuffer, DWORD MaxHandleCount);
@ -894,8 +894,8 @@ __declspec(dllimport) bool TITCALL HandlerIsFileLocked(char* szFileOrFolderName,
__declspec(dllimport) bool TITCALL HandlerIsFileLockedW(wchar_t* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated);
// TitanEngine.Handler[Mutex].functions:
__declspec(dllimport) long TITCALL HandlerEnumerateOpenMutexes(HANDLE hProcess, DWORD ProcessId, LPVOID HandleBuffer, DWORD MaxHandleCount);
__declspec(dllimport) long long TITCALL HandlerGetOpenMutexHandle(HANDLE hProcess, DWORD ProcessId, char* szMutexString);
__declspec(dllimport) long long TITCALL HandlerGetOpenMutexHandleW(HANDLE hProcess, DWORD ProcessId, wchar_t* szMutexString);
__declspec(dllimport) ULONG_PTR TITCALL HandlerGetOpenMutexHandle(HANDLE hProcess, DWORD ProcessId, char* szMutexString);
__declspec(dllimport) ULONG_PTR TITCALL HandlerGetOpenMutexHandleW(HANDLE hProcess, DWORD ProcessId, wchar_t* szMutexString);
__declspec(dllimport) long TITCALL HandlerGetProcessIdWhichCreatedMutex(char* szMutexString);
__declspec(dllimport) long TITCALL HandlerGetProcessIdWhichCreatedMutexW(wchar_t* szMutexString);
// TitanEngine.Injector.functions:

84
SDK/CPP/TitanEngine.hpp
View File

@ -370,7 +370,7 @@ protected:
typedef UE::PEStruct PEStruct;
static long long GetPE32DataFromMappedFile(ULONG_PTR FileMapVA, DWORD WhichSection, ePE32Data WhichData)
static ULONG_PTR GetPE32DataFromMappedFile(ULONG_PTR FileMapVA, DWORD WhichSection, ePE32Data WhichData)
{
return UE::GetPE32DataFromMappedFile(FileMapVA, WhichSection, WhichData);
}
@ -390,19 +390,19 @@ protected:
{
return UE::GetPE32SectionNumberFromVA(FileMapVA, AddressToConvert);
}
static long long ConvertVAtoFileOffset(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType)
static ULONG_PTR ConvertVAtoFileOffset(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType)
{
return UE::ConvertVAtoFileOffset(FileMapVA, AddressToConvert, ReturnType);
}
static long long ConvertVAtoFileOffsetEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool AddressIsRVA, bool ReturnType)
static ULONG_PTR ConvertVAtoFileOffsetEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool AddressIsRVA, bool ReturnType)
{
return UE::ConvertVAtoFileOffsetEx(FileMapVA, FileSize, ImageBase, AddressToConvert, AddressIsRVA, ReturnType);
}
static long long ConvertFileOffsetToVA(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType)
static ULONG_PTR ConvertFileOffsetToVA(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType)
{
return UE::ConvertFileOffsetToVA(FileMapVA, AddressToConvert, ReturnType);
}
static long long ConvertFileOffsetToVAEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool ReturnType)
static ULONG_PTR ConvertFileOffsetToVAEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool ReturnType)
{
return UE::ConvertFileOffsetToVAEx(FileMapVA, FileSize, ImageBase, AddressToConvert, ReturnType);
}
@ -516,7 +516,7 @@ public:
{
return UE::DeleteLastSectionEx((char*)szFileName, NumberOfSections);
}
static long long GetPE32Data(const char* szFileName, DWORD WhichSection, ePE32Data WhichData)
static ULONG_PTR GetPE32Data(const char* szFileName, DWORD WhichSection, ePE32Data WhichData)
{
return UE::GetPE32Data((char*)szFileName, WhichSection, WhichData);
}
@ -634,7 +634,7 @@ public:
{
return UE::DeleteLastSectionExW((wchar_t*)szFileName, NumberOfSections);
}
static long long GetPE32Data(const wchar_t* szFileName, DWORD WhichSection, ePE32Data WhichData)
static ULONG_PTR GetPE32Data(const wchar_t* szFileName, DWORD WhichSection, ePE32Data WhichData)
{
return UE::GetPE32DataW((wchar_t*)szFileName, WhichSection, WhichData);
}
@ -1009,7 +1009,7 @@ class ResourcerA
{
public:
static long long LoadFileForResourceUse(char* szFileName)
static ULONG_PTR LoadFileForResourceUse(char* szFileName)
{
return UE::ResourcerLoadFileForResourceUse(szFileName);
}
@ -1031,7 +1031,7 @@ class ResourcerW
{
public:
static long long LoadFileForResourceUse(wchar_t* szFileName)
static ULONG_PTR LoadFileForResourceUse(wchar_t* szFileName)
{
return UE::ResourcerLoadFileForResourceUseW(szFileName);
}
@ -1118,7 +1118,7 @@ public:
{
return UE::ThreaderResumeProcess();
}
static long long CreateRemoteThread(ULONG_PTR ThreadStartAddress, bool AutoCloseTheHandle, void* ThreadPassParameter, DWORD* ThreadId)
static ULONG_PTR CreateRemoteThread(ULONG_PTR ThreadStartAddress, bool AutoCloseTheHandle, void* ThreadPassParameter, DWORD* ThreadId)
{
return UE::ThreaderCreateRemoteThread(ThreadStartAddress, AutoCloseTheHandle, ThreadPassParameter, ThreadId);
}
@ -1126,7 +1126,7 @@ public:
{
return UE::ThreaderInjectAndExecuteCode(InjectCode, StartDelta, InjectSize);
}
static long long CreateRemoteThreadEx(HANDLE hProcess, ULONG_PTR ThreadStartAddress, bool AutoCloseTheHandle, void* ThreadPassParameter, DWORD* ThreadId)
static ULONG_PTR CreateRemoteThreadEx(HANDLE hProcess, ULONG_PTR ThreadStartAddress, bool AutoCloseTheHandle, void* ThreadPassParameter, DWORD* ThreadId)
{
return UE::ThreaderCreateRemoteThreadEx(hProcess, ThreadStartAddress, AutoCloseTheHandle, ThreadPassParameter, ThreadId);
}
@ -1154,7 +1154,7 @@ public:
{
return UE::ThreaderExecuteOnlyInjectedThreads();
}
static long long GetOpenHandleForThread(DWORD ThreadId)
static ULONG_PTR GetOpenHandleForThread(DWORD ThreadId)
{
return UE::ThreaderGetOpenHandleForThread(ThreadId);
}
@ -1271,11 +1271,11 @@ protected:
{
return UE::GetContextFPUDataEx(hActiveThread, FPUSaveArea);
}
static long long GetContextDataEx(HANDLE hActiveThread, eContextData IndexOfRegister)
static ULONG_PTR GetContextDataEx(HANDLE hActiveThread, eContextData IndexOfRegister)
{
return UE::GetContextDataEx(hActiveThread, IndexOfRegister);
}
static long long GetContextData(eContextData IndexOfRegister)
static ULONG_PTR GetContextData(eContextData IndexOfRegister)
{
return UE::GetContextData(IndexOfRegister);
}
@ -1311,11 +1311,11 @@ protected:
{
return UE::MatchPattern(MemoryToCheck, SizeOfMemoryToCheck, (void*)PatternToMatch, SizeOfPatternToMatch, (BYTE*)WildCard);
}
static long long FindEx(HANDLE hProcess, void* MemoryStart, DWORD MemorySize, const void* SearchPattern, DWORD PatternSize, const BYTE* WildCard)
static ULONG_PTR FindEx(HANDLE hProcess, void* MemoryStart, DWORD MemorySize, const void* SearchPattern, DWORD PatternSize, const BYTE* WildCard)
{
return UE::FindEx(hProcess, MemoryStart, MemorySize, (void*)SearchPattern, PatternSize, (BYTE*)WildCard);
}
static long long Find(void* MemoryStart, DWORD MemorySize, const void* SearchPattern, DWORD PatternSize, const BYTE* WildCard)
static ULONG_PTR Find(void* MemoryStart, DWORD MemorySize, const void* SearchPattern, DWORD PatternSize, const BYTE* WildCard)
{
return UE::Find(MemoryStart, MemorySize, (void*)SearchPattern, PatternSize, (BYTE*)WildCard);
}
@ -1355,11 +1355,11 @@ protected:
{
return UE::GetExitCode();
}
static long long GetDebuggedDLLBaseAddress()
static ULONG_PTR GetDebuggedDLLBaseAddress()
{
return UE::GetDebuggedDLLBaseAddress();
}
static long long GetDebuggedFileBaseAddress()
static ULONG_PTR GetDebuggedFileBaseAddress()
{
return UE::GetDebuggedFileBaseAddress();
}
@ -1367,15 +1367,15 @@ protected:
{
return UE::GetRemoteString(hProcess, StringAddress, StringStorage, MaximumStringSize);
}
static long long GetFunctionParameter(HANDLE hProcess, eFunctionType FunctionType, DWORD ParameterNumber, eParameterType ParameterType)
static ULONG_PTR GetFunctionParameter(HANDLE hProcess, eFunctionType FunctionType, DWORD ParameterNumber, eParameterType ParameterType)
{
return UE::GetFunctionParameter(hProcess, FunctionType, ParameterNumber, ParameterType);
}
static long long GetJumpDestinationEx(HANDLE hProcess, ULONG_PTR InstructionAddress, bool JustJumps)
static ULONG_PTR GetJumpDestinationEx(HANDLE hProcess, ULONG_PTR InstructionAddress, bool JustJumps)
{
return UE::GetJumpDestinationEx(hProcess, InstructionAddress, JustJumps);
}
static long long GetJumpDestination(HANDLE hProcess, ULONG_PTR InstructionAddress)
static ULONG_PTR GetJumpDestination(HANDLE hProcess, ULONG_PTR InstructionAddress)
{
return UE::GetJumpDestination(hProcess, InstructionAddress);
}
@ -1694,19 +1694,19 @@ protected:
{
return UE::ImporterEstimatedSize();
}
static long long FindAPIWriteLocation(const char* szAPIName)
static ULONG_PTR FindAPIWriteLocation(const char* szAPIName)
{
return UE::ImporterFindAPIWriteLocation((char*)szAPIName);
}
static long long FindOrdinalAPIWriteLocation(ULONG_PTR OrdinalNumber)
static ULONG_PTR FindOrdinalAPIWriteLocation(ULONG_PTR OrdinalNumber)
{
return UE::ImporterFindOrdinalAPIWriteLocation(OrdinalNumber);
}
static long long FindAPIByWriteLocation(ULONG_PTR APIWriteLocation)
static ULONG_PTR FindAPIByWriteLocation(ULONG_PTR APIWriteLocation)
{
return UE::ImporterFindAPIByWriteLocation(APIWriteLocation);
}
static long long FindDLLByWriteLocation(ULONG_PTR APIWriteLocation)
static ULONG_PTR FindDLLByWriteLocation(ULONG_PTR APIWriteLocation)
{
return UE::ImporterFindDLLByWriteLocation(APIWriteLocation);
}
@ -1722,7 +1722,7 @@ protected:
{
return (const char*)UE::ImporterGetAPIName(APIAddress);
}
static long long GetAPIOrdinalNumber(ULONG_PTR APIAddress)
static ULONG_PTR GetAPIOrdinalNumber(ULONG_PTR APIAddress)
{
return UE::ImporterGetAPIOrdinalNumber(APIAddress);
}
@ -1730,15 +1730,15 @@ protected:
{
return (const char*)UE::ImporterGetAPINameEx(APIAddress, (ULONG_PTR)DLLBasesList);
}
static long long GetRemoteAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress)
static ULONG_PTR GetRemoteAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress)
{
return UE::ImporterGetRemoteAPIAddress(hProcess, APIAddress);
}
static long long GetRemoteAPIAddressEx(const char* szDLLName, const char* szAPIName)
static ULONG_PTR GetRemoteAPIAddressEx(const char* szDLLName, const char* szAPIName)
{
return UE::ImporterGetRemoteAPIAddressEx((char*)szDLLName, (char*)szAPIName);
}
static long long GetLocalAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress)
static ULONG_PTR GetLocalAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress)
{
return UE::ImporterGetLocalAPIAddress(hProcess, APIAddress);
}
@ -1754,7 +1754,7 @@ protected:
{
return (const char*)UE::ImporterGetAPINameFromDebugee(hProcess, APIAddress);
}
static long long GetAPIOrdinalNumberFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress)
static ULONG_PTR GetAPIOrdinalNumberFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress)
{
return UE::ImporterGetAPIOrdinalNumberFromDebugee(hProcess, APIAddress);
}
@ -1766,11 +1766,11 @@ protected:
{
return UE::ImporterGetDLLIndex(hProcess, APIAddress, (ULONG_PTR)DLLBasesList);
}
static long long GetRemoteDLLBase(HANDLE hProcess, HMODULE LocalModuleBase)
static ULONG_PTR GetRemoteDLLBase(HANDLE hProcess, HMODULE LocalModuleBase)
{
return UE::ImporterGetRemoteDLLBase(hProcess, LocalModuleBase);
}
static long long GetRemoteDLLBaseEx(HANDLE hProcess, char* szModuleName)
static ULONG_PTR GetRemoteDLLBaseEx(HANDLE hProcess, char* szModuleName)
{
return UE::ImporterGetRemoteDLLBaseEx(hProcess, szModuleName);
}
@ -1794,11 +1794,11 @@ protected:
{
return UE::ImporterGetForwardedDLLIndex(hProcess, APIAddress, (ULONG_PTR)DLLBasesList);
}
static long long GetForwardedAPIOrdinalNumber(HANDLE hProcess, ULONG_PTR APIAddress)
static ULONG_PTR GetForwardedAPIOrdinalNumber(HANDLE hProcess, ULONG_PTR APIAddress)
{
return UE::ImporterGetForwardedAPIOrdinalNumber(hProcess, APIAddress);
}
static long long GetNearestAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress)
static ULONG_PTR GetNearestAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress)
{
return UE::ImporterGetNearestAPIAddress(hProcess, APIAddress);
}
@ -2137,11 +2137,11 @@ public:
{
UE::TracerInit();
}
static long long Level1(HANDLE hProcess, ULONG_PTR AddressToTrace)
static ULONG_PTR Level1(HANDLE hProcess, ULONG_PTR AddressToTrace)
{
return UE::TracerLevel1(hProcess, AddressToTrace);
}
static long long HashTracerLevel1(HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD InputNumberOfInstructions)
static ULONG_PTR HashTracerLevel1(HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD InputNumberOfInstructions)
{
return UE::HashTracerLevel1(hProcess, AddressToTrace, InputNumberOfInstructions);
}
@ -2149,15 +2149,15 @@ public:
{
return UE::TracerDetectRedirection(hProcess, AddressToTrace);
}
static long long FixKnownRedirection(HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD RedirectionId)
static ULONG_PTR FixKnownRedirection(HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD RedirectionId)
{
return UE::TracerFixKnownRedirection(hProcess, AddressToTrace, RedirectionId);
}
static long long FixRedirectionViaModule(HMODULE hModuleHandle, HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD IdParameter)
static ULONG_PTR FixRedirectionViaModule(HMODULE hModuleHandle, HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD IdParameter)
{
return UE::TracerFixRedirectionViaModule(hModuleHandle, hProcess, AddressToTrace, IdParameter);
}
static long long DetectRedirectionViaModule(HMODULE hModuleHandle, HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD* ReturnedId)
static ULONG_PTR DetectRedirectionViaModule(HMODULE hModuleHandle, HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD* ReturnedId)
{
return UE::TracerDetectRedirectionViaModule(hModuleHandle, hProcess, AddressToTrace, ReturnedId);
}
@ -2445,7 +2445,7 @@ protected:
{
return UE::HandlerEnumerateOpenHandles(ProcessId, HandleBuffer, MaxHandleCount);
}
static long long GetHandleDetails(HANDLE hProcess, DWORD ProcessId, HANDLE hHandle, eHandlerReturnType InformationReturn)
static ULONG_PTR GetHandleDetails(HANDLE hProcess, DWORD ProcessId, HANDLE hHandle, eHandlerReturnType InformationReturn)
{
return UE::HandlerGetHandleDetails(hProcess, ProcessId, hHandle, InformationReturn);
}
@ -2479,7 +2479,7 @@ public:
{
return UE::HandlerIsFileLocked(szFileOrFolderName, NameIsFolder, NameIsTranslated);
}
static long long GetOpenMutexHandle(HANDLE hProcess, DWORD ProcessId, char* szMutexString)
static ULONG_PTR GetOpenMutexHandle(HANDLE hProcess, DWORD ProcessId, char* szMutexString)
{
return UE::HandlerGetOpenMutexHandle(hProcess, ProcessId, szMutexString);
}
@ -2509,7 +2509,7 @@ public:
{
return UE::HandlerIsFileLockedW(szFileOrFolderName, NameIsFolder, NameIsTranslated);
}
static long long GetOpenMutexHandle(HANDLE hProcess, DWORD ProcessId, wchar_t* szMutexString)
static ULONG_PTR GetOpenMutexHandle(HANDLE hProcess, DWORD ProcessId, wchar_t* szMutexString)
{
return UE::HandlerGetOpenMutexHandleW(hProcess, ProcessId, szMutexString);
}

14
TitanEngine/Global.Engine.cpp
View File

@ -295,7 +295,7 @@ bool EngineCompareResourceString(wchar_t* String1, wchar_t* String2)
return false;
}
long long EngineEstimateNewSectionRVA(ULONG_PTR FileMapVA)
ULONG_PTR EngineEstimateNewSectionRVA(ULONG_PTR FileMapVA)
{
PIMAGE_DOS_HEADER DOSHeader;
@ -850,7 +850,7 @@ bool EngineValidateHeader(ULONG_PTR FileMapVA, HANDLE hFileProc, LPVOID ImageBas
return false;
}
long long EngineSimulateNtLoaderW(wchar_t* szFileName)
ULONG_PTR EngineSimulateNtLoaderW(wchar_t* szFileName)
{
DWORD PeHeaderSize;
@ -946,7 +946,7 @@ long long EngineSimulateNtLoaderW(wchar_t* szFileName)
return(NULL);
}
long long EngineSimulateNtLoader(char* szFileName)
ULONG_PTR EngineSimulateNtLoader(char* szFileName)
{
wchar_t uniFileName[MAX_PATH] = {0};
@ -961,7 +961,7 @@ long long EngineSimulateNtLoader(char* szFileName)
}
}
long long EngineSimulateDllLoader(HANDLE hProcess, char* szFileName)
ULONG_PTR EngineSimulateDllLoader(HANDLE hProcess, char* szFileName)
{
WCHAR uniFileName[MAX_PATH] = {0};
@ -974,7 +974,7 @@ long long EngineSimulateDllLoader(HANDLE hProcess, char* szFileName)
return 0;
}
long long EngineSimulateDllLoaderW(HANDLE hProcess, wchar_t* szFileName)
ULONG_PTR EngineSimulateDllLoaderW(HANDLE hProcess, wchar_t* szFileName)
{
int n;
BOOL FileIs64;
@ -1136,7 +1136,7 @@ long long EngineSimulateDllLoaderW(HANDLE hProcess, wchar_t* szFileName)
return(NULL);
}
long long EngineGetProcAddress(ULONG_PTR ModuleBase, char* szAPIName)
ULONG_PTR EngineGetProcAddress(ULONG_PTR ModuleBase, char* szAPIName)
{
int i = 0;
@ -1257,7 +1257,7 @@ bool EngineGetLibraryOrdinalData(ULONG_PTR ModuleBase, LPDWORD ptrOrdinalBase, L
return false;
}
long long EngineGlobalAPIHandler(HANDLE handleProcess, ULONG_PTR EnumedModulesBases, ULONG_PTR APIAddress, const char* szAPIName, DWORD ReturnType)
ULONG_PTR EngineGlobalAPIHandler(HANDLE handleProcess, ULONG_PTR EnumedModulesBases, ULONG_PTR APIAddress, const char* szAPIName, DWORD ReturnType)
{
unsigned int i = 0;

14
TitanEngine/Global.Engine.h
View File

@ -31,7 +31,7 @@ wchar_t* EngineExtractFileNameW(wchar_t* szFileName);
bool EngineIsPointedMemoryString(ULONG_PTR PossibleStringPtr);
int EnginePointedMemoryStringLength(ULONG_PTR PossibleStringPtr);
bool EngineCompareResourceString(wchar_t* String1, wchar_t* String2);
long long EngineEstimateNewSectionRVA(ULONG_PTR FileMapVA);
ULONG_PTR EngineEstimateNewSectionRVA(ULONG_PTR FileMapVA);
bool EngineExtractForwarderData(ULONG_PTR PossibleStringPtr, LPVOID szFwdDLLName, LPVOID szFwdAPIName);
bool EngineGrabDataFromMappedFile(HANDLE hFile, ULONG_PTR FileMapVA, ULONG_PTR FileOffset, DWORD CopySize, LPVOID CopyToMemory);
bool EngineExtractResource(char* szResourceName, wchar_t* szExtractedFileName);
@ -44,12 +44,12 @@ long EngineHashMemory(char* MemoryAddress, int MemorySize, DWORD InitialHashValu
bool EngineIsValidReadPtrEx(LPVOID DataPointer, DWORD DataSize);
bool EngineValidateResource(HMODULE hModule, LPCTSTR lpszType, LPTSTR lpszName, LONG_PTR lParam);
bool EngineValidateHeader(ULONG_PTR FileMapVA, HANDLE hFileProc, LPVOID ImageBase, PIMAGE_DOS_HEADER DOSHeader, bool IsFile);
long long EngineSimulateNtLoaderW(wchar_t* szFileName);
long long EngineSimulateNtLoader(char* szFileName);
long long EngineSimulateDllLoader(HANDLE hProcess, char* szFileName);
long long EngineSimulateDllLoaderW(HANDLE hProcess, wchar_t* szFileName);
long long EngineGetProcAddress(ULONG_PTR ModuleBase, char* szAPIName);
ULONG_PTR EngineSimulateNtLoaderW(wchar_t* szFileName);
ULONG_PTR EngineSimulateNtLoader(char* szFileName);
ULONG_PTR EngineSimulateDllLoader(HANDLE hProcess, char* szFileName);
ULONG_PTR EngineSimulateDllLoaderW(HANDLE hProcess, wchar_t* szFileName);
ULONG_PTR EngineGetProcAddress(ULONG_PTR ModuleBase, char* szAPIName);
bool EngineGetLibraryOrdinalData(ULONG_PTR ModuleBase, LPDWORD ptrOrdinalBase, LPDWORD ptrOrdinalCount);
long long EngineGlobalAPIHandler(HANDLE handleProcess, ULONG_PTR EnumedModulesBases, ULONG_PTR APIAddress, const char* szAPIName, DWORD ReturnType);
ULONG_PTR EngineGlobalAPIHandler(HANDLE handleProcess, ULONG_PTR EnumedModulesBases, ULONG_PTR APIAddress, const char* szAPIName, DWORD ReturnType);
#endif //_GLOBAL_ENGINE_H

335
TitanEngine/TitanEngine.Debugger.Context.cpp
View File

@ -12,10 +12,10 @@ __declspec(dllexport) bool TITCALL GetContextFPUDataEx(HANDLE hActiveThread, voi
MutexLocker locker("DBGContext"); //lock DBGContext
if(FPUSaveArea)
{
RtlZeroMemory(&DBGContext, sizeof CONTEXT);
memset(&DBGContext, 0, sizeof(CONTEXT));
DBGContext.ContextFlags = CONTEXT_ALL;
if(-1 == SuspendThread(hActiveThread))
if(SuspendThread(hActiveThread) == (DWORD)-1)
return false;
if(!GetThreadContext(hActiveThread, &DBGContext))
@ -23,31 +23,27 @@ __declspec(dllexport) bool TITCALL GetContextFPUDataEx(HANDLE hActiveThread, voi
ResumeThread(hActiveThread);
return false;
}
#ifndef _WIN64
RtlMoveMemory(FPUSaveArea, &DBGContext.FloatSave, sizeof FLOATING_SAVE_AREA);
#else
RtlMoveMemory(FPUSaveArea, &DBGContext.FltSave, sizeof XMM_SAVE_AREA32);
#endif
ResumeThread(hActiveThread);
#ifndef _WIN64
memcpy(FPUSaveArea, &DBGContext.FloatSave, sizeof(FLOATING_SAVE_AREA));
#else
memcpy(FPUSaveArea, &DBGContext.FltSave, sizeof(XMM_SAVE_AREA32));
#endif
return true;
}
ResumeThread(hActiveThread);
return false;
}
__declspec(dllexport) long long TITCALL GetContextDataEx(HANDLE hActiveThread, DWORD IndexOfRegister)
__declspec(dllexport) ULONG_PTR TITCALL GetContextDataEx(HANDLE hActiveThread, DWORD IndexOfRegister)
{
MutexLocker locker("DBGContext"); //lock DBGContext
DWORD64 retValue = 0;
ULONG_PTR retValue = 0;
RtlZeroMemory(&DBGContext, sizeof CONTEXT);
memset(&DBGContext, 0, sizeof(CONTEXT));
DBGContext.ContextFlags = CONTEXT_ALL;
if(-1 == SuspendThread(hActiveThread))
if(SuspendThread(hActiveThread) == (DWORD)-1)
return retValue;
if(!GetThreadContext(hActiveThread, &DBGContext))
@ -55,8 +51,9 @@ __declspec(dllexport) long long TITCALL GetContextDataEx(HANDLE hActiveThread, D
ResumeThread(hActiveThread);
return retValue;
}
ResumeThread(hActiveThread);
#ifdef _WIN64
#ifdef _WIN64 //x64
if(IndexOfRegister == UE_EAX)
{
retValue = DBGContext.Rax&0xFFFFFFFF;
@ -137,30 +134,6 @@ __declspec(dllexport) long long TITCALL GetContextDataEx(HANDLE hActiveThread, D
{
retValue = DBGContext.EFlags;
}
else if(IndexOfRegister == UE_DR0)
{
retValue = DBGContext.Dr0;
}
else if(IndexOfRegister == UE_DR1)
{
retValue = DBGContext.Dr1;
}
else if(IndexOfRegister == UE_DR2)
{
retValue = DBGContext.Dr2;
}
else if(IndexOfRegister == UE_DR3)
{
retValue = DBGContext.Dr3;
}
else if(IndexOfRegister == UE_DR6)
{
retValue = DBGContext.Dr6;
}
else if(IndexOfRegister == UE_DR7)
{
retValue = DBGContext.Dr7;
}
else if(IndexOfRegister == UE_R8)
{
retValue = DBGContext.R8;
@ -201,6 +174,80 @@ __declspec(dllexport) long long TITCALL GetContextDataEx(HANDLE hActiveThread, D
{
retValue = DBGContext.Rsp;
}
#else //x86
if(IndexOfRegister == UE_EAX)
{
retValue = DBGContext.Eax;
}
else if(IndexOfRegister == UE_EBX)
{
retValue = DBGContext.Ebx;
}
else if(IndexOfRegister == UE_ECX)
{
retValue = DBGContext.Ecx;
}
else if(IndexOfRegister == UE_EDX)
{
retValue = DBGContext.Edx;
}
else if(IndexOfRegister == UE_EDI)
{
retValue = DBGContext.Edi;
}
else if(IndexOfRegister == UE_ESI)
{
retValue = DBGContext.Esi;
}
else if(IndexOfRegister == UE_EBP)
{
retValue = DBGContext.Ebp;
}
else if(IndexOfRegister == UE_ESP)
{
retValue = DBGContext.Esp;
}
else if(IndexOfRegister == UE_EIP)
{
retValue = DBGContext.Eip;
}
else if(IndexOfRegister == UE_CIP)
{
retValue = DBGContext.Eip;
}
else if(IndexOfRegister == UE_CSP)
{
retValue = DBGContext.Esp;
}
#endif
else if(IndexOfRegister == UE_EFLAGS)
{
retValue = DBGContext.EFlags;
}
else if(IndexOfRegister == UE_DR0)
{
retValue = DBGContext.Dr0;
}
else if(IndexOfRegister == UE_DR1)
{
retValue = DBGContext.Dr1;
}
else if(IndexOfRegister == UE_DR2)
{
retValue = DBGContext.Dr2;
}
else if(IndexOfRegister == UE_DR3)
{
retValue = DBGContext.Dr3;
}
else if(IndexOfRegister == UE_DR6)
{
retValue = DBGContext.Dr6;
}
else if(IndexOfRegister == UE_DR7)
{
retValue = DBGContext.Dr7;
}
else if(IndexOfRegister == UE_SEG_GS)
{
retValue = DBGContext.SegGs;
@ -225,116 +272,16 @@ __declspec(dllexport) long long TITCALL GetContextDataEx(HANDLE hActiveThread, D
{
retValue = DBGContext.SegSs;
}
#else
if(IndexOfRegister == UE_EAX)
{
retValue = (DWORD)DBGContext.Eax;
}
else if(IndexOfRegister == UE_EBX)
{
retValue = (DWORD)DBGContext.Ebx;
}
else if(IndexOfRegister == UE_ECX)
{
retValue = (DWORD)DBGContext.Ecx;
}
else if(IndexOfRegister == UE_EDX)
{
retValue = (DWORD)DBGContext.Edx;
}
else if(IndexOfRegister == UE_EDI)
{
retValue = (DWORD)DBGContext.Edi;
}
else if(IndexOfRegister == UE_ESI)
{
retValue = (DWORD)DBGContext.Esi;
}
else if(IndexOfRegister == UE_EBP)
{
retValue = (DWORD)DBGContext.Ebp;
}
else if(IndexOfRegister == UE_ESP)
{
retValue = (DWORD)DBGContext.Esp;
}
else if(IndexOfRegister == UE_EIP)
{
retValue = (DWORD)DBGContext.Eip;
}
else if(IndexOfRegister == UE_EFLAGS)
{
retValue = (DWORD)DBGContext.EFlags;
}
else if(IndexOfRegister == UE_DR0)
{
retValue = (DWORD)DBGContext.Dr0;
}
else if(IndexOfRegister == UE_DR1)
{
retValue = (DWORD)DBGContext.Dr1;
}
else if(IndexOfRegister == UE_DR2)
{
retValue = (DWORD)DBGContext.Dr2;
}
else if(IndexOfRegister == UE_DR3)
{
retValue = (DWORD)DBGContext.Dr3;
}
else if(IndexOfRegister == UE_DR6)
{
retValue = (DWORD)DBGContext.Dr6;
}
else if(IndexOfRegister == UE_DR7)
{
retValue = (DWORD)DBGContext.Dr7;
}
else if(IndexOfRegister == UE_CIP)
{
retValue = (DWORD)DBGContext.Eip;
}
else if(IndexOfRegister == UE_CSP)
{
retValue = (DWORD)DBGContext.Esp;
}
else if(IndexOfRegister == UE_SEG_GS)
{
retValue = (DWORD)DBGContext.SegGs;
}
else if(IndexOfRegister == UE_SEG_FS)
{
retValue = (DWORD)DBGContext.SegFs;
}
else if(IndexOfRegister == UE_SEG_ES)
{
retValue = (DWORD)DBGContext.SegEs;
}
else if(IndexOfRegister == UE_SEG_DS)
{
retValue = (DWORD)DBGContext.SegDs;
}
else if(IndexOfRegister == UE_SEG_CS)
{
retValue = (DWORD)DBGContext.SegCs;
}
else if(IndexOfRegister == UE_SEG_SS)
{
retValue = (DWORD)DBGContext.SegSs;
}
#endif
ResumeThread(hActiveThread);
return retValue;
}
__declspec(dllexport) long long TITCALL GetContextData(DWORD IndexOfRegister)
__declspec(dllexport) ULONG_PTR TITCALL GetContextData(DWORD IndexOfRegister)
{
MutexLocker locker("DBGContext"); //lock DBGContext
HANDLE hActiveThread = OpenThread(THREAD_GET_CONTEXT, false, DBGEvent.dwThreadId);
long long ContextReturn = GetContextDataEx(hActiveThread, IndexOfRegister);
HANDLE hActiveThread = OpenThread(THREAD_SUSPEND_RESUME|THREAD_GET_CONTEXT, false, DBGEvent.dwThreadId);
ULONG_PTR ContextReturn = GetContextDataEx(hActiveThread, IndexOfRegister);
EngineCloseHandle(hActiveThread);
return(ContextReturn);
return ContextReturn;
}
__declspec(dllexport) bool TITCALL SetContextFPUDataEx(HANDLE hActiveThread, void* FPUSaveArea)
@ -342,10 +289,10 @@ __declspec(dllexport) bool TITCALL SetContextFPUDataEx(HANDLE hActiveThread, voi
MutexLocker locker("DBGContext"); //lock DBGContext
if(FPUSaveArea)
{
RtlZeroMemory(&DBGContext, sizeof CONTEXT);
memset(&DBGContext, 0, sizeof(CONTEXT));
DBGContext.ContextFlags = CONTEXT_ALL;
if(-1 == SuspendThread(hActiveThread))
if(SuspendThread(hActiveThread) == (DWORD)-1)
return false;
if(!GetThreadContext(hActiveThread, &DBGContext))
@ -353,30 +300,28 @@ __declspec(dllexport) bool TITCALL SetContextFPUDataEx(HANDLE hActiveThread, voi
ResumeThread(hActiveThread);
return false;
}
#ifndef _WIN64
RtlMoveMemory(&DBGContext.FloatSave, FPUSaveArea, sizeof FLOATING_SAVE_AREA);
memcpy(&DBGContext.FloatSave, FPUSaveArea, sizeof(FLOATING_SAVE_AREA));
#else
RtlMoveMemory(&DBGContext.FltSave, FPUSaveArea, sizeof XMM_SAVE_AREA32);
memcpy(&DBGContext.FltSave, FPUSaveArea, sizeof(XMM_SAVE_AREA32));
#endif
if(SetThreadContext(hActiveThread, &DBGContext))
{
ResumeThread(hActiveThread);
return true;
}
ResumeThread(hActiveThread);
}
ResumeThread(hActiveThread);
return false;
}
__declspec(dllexport) bool TITCALL SetContextDataEx(HANDLE hActiveThread, DWORD IndexOfRegister, ULONG_PTR NewRegisterValue)
{
MutexLocker locker("DBGContext"); //lock DBGContext
RtlZeroMemory(&DBGContext, sizeof CONTEXT);
memset(&DBGContext, 0, sizeof(CONTEXT));
DBGContext.ContextFlags = CONTEXT_ALL;
if(-1 == SuspendThread(hActiveThread))
if(SuspendThread(hActiveThread) == (DWORD)-1)
return false;
if(!GetThreadContext(hActiveThread, &DBGContext))
@ -385,7 +330,7 @@ __declspec(dllexport) bool TITCALL SetContextDataEx(HANDLE hActiveThread, DWORD
return false;
}
#ifdef _WIN64
#ifdef _WIN64 //x64
if(IndexOfRegister == UE_EAX)
{
NewRegisterValue = DBGContext.Rax - (DWORD)DBGContext.Rax + NewRegisterValue;
@ -475,30 +420,6 @@ __declspec(dllexport) bool TITCALL SetContextDataEx(HANDLE hActiveThread, DWORD
{
DBGContext.EFlags = (DWORD)NewRegisterValue;
}
else if(IndexOfRegister == UE_DR0)
{
DBGContext.Dr0 = NewRegisterValue;
}
else if(IndexOfRegister == UE_DR1)
{
DBGContext.Dr1 = NewRegisterValue;
}
else if(IndexOfRegister == UE_DR2)
{
DBGContext.Dr2 = NewRegisterValue;
}
else if(IndexOfRegister == UE_DR3)
{
DBGContext.Dr3 = NewRegisterValue;
}
else if(IndexOfRegister == UE_DR6)
{
DBGContext.Dr6 = NewRegisterValue;
}
else if(IndexOfRegister == UE_DR7)
{
DBGContext.Dr7 = NewRegisterValue;
}
else if(IndexOfRegister == UE_R8)
{
DBGContext.R8 = NewRegisterValue;
@ -539,31 +460,7 @@ __declspec(dllexport) bool TITCALL SetContextDataEx(HANDLE hActiveThread, DWORD
{
DBGContext.Rsp = NewRegisterValue;
}
else if(IndexOfRegister == UE_SEG_GS)
{
DBGContext.SegGs = (WORD)NewRegisterValue;
}
else if(IndexOfRegister == UE_SEG_FS)
{
DBGContext.SegFs = (WORD)NewRegisterValue;
}
else if(IndexOfRegister == UE_SEG_ES)
{
DBGContext.SegEs = (WORD)NewRegisterValue;
}
else if(IndexOfRegister == UE_SEG_DS)
{
DBGContext.SegDs = (WORD)NewRegisterValue;
}
else if(IndexOfRegister == UE_SEG_CS)
{
DBGContext.SegCs = (WORD)NewRegisterValue;
}
else if(IndexOfRegister == UE_SEG_SS)
{
DBGContext.SegSs = (WORD)NewRegisterValue;
}
#else
#else //x86
if(IndexOfRegister == UE_EAX)
{
DBGContext.Eax = NewRegisterValue;
@ -604,6 +501,15 @@ __declspec(dllexport) bool TITCALL SetContextDataEx(HANDLE hActiveThread, DWORD
{
DBGContext.EFlags = NewRegisterValue;
}
else if(IndexOfRegister == UE_CIP)
{
DBGContext.Eip = NewRegisterValue;
}
else if(IndexOfRegister == UE_CSP)
{
DBGContext.Esp = NewRegisterValue;
}
#endif
else if(IndexOfRegister == UE_DR0)
{
DBGContext.Dr0 = NewRegisterValue;
@ -628,39 +534,30 @@ __declspec(dllexport) bool TITCALL SetContextDataEx(HANDLE hActiveThread, DWORD
{
DBGContext.Dr7 = NewRegisterValue;
}
else if(IndexOfRegister == UE_CIP)
{
DBGContext.Eip = NewRegisterValue;
}
else if(IndexOfRegister == UE_CSP)
{
DBGContext.Esp = NewRegisterValue;
}
else if(IndexOfRegister == UE_SEG_GS)
{
DBGContext.SegGs = NewRegisterValue;
DBGContext.SegGs = (WORD)NewRegisterValue;
}
else if(IndexOfRegister == UE_SEG_FS)
{
DBGContext.SegFs = NewRegisterValue;
DBGContext.SegFs = (WORD)NewRegisterValue;
}
else if(IndexOfRegister == UE_SEG_ES)
{
DBGContext.SegEs = NewRegisterValue;
DBGContext.SegEs = (WORD)NewRegisterValue;
}
else if(IndexOfRegister == UE_SEG_DS)
{
DBGContext.SegDs = NewRegisterValue;
DBGContext.SegDs = (WORD)NewRegisterValue;
}
else if(IndexOfRegister == UE_SEG_CS)
{
DBGContext.SegCs = NewRegisterValue;
DBGContext.SegCs = (WORD)NewRegisterValue;
}
else if(IndexOfRegister == UE_SEG_SS)
{
DBGContext.SegSs = NewRegisterValue;
DBGContext.SegSs = (WORD)NewRegisterValue;
}
#endif
else
{
ResumeThread(hActiveThread);
@ -683,5 +580,5 @@ __declspec(dllexport) bool TITCALL SetContextData(DWORD IndexOfRegister, ULONG_P
HANDLE hActiveThread = OpenThread(THREAD_SUSPEND_RESUME|THREAD_SET_CONTEXT|THREAD_GET_CONTEXT, false, DBGEvent.dwThreadId);
bool ContextReturn = SetContextDataEx(hActiveThread, IndexOfRegister, NewRegisterValue);
EngineCloseHandle(hActiveThread);
return(ContextReturn);
return ContextReturn;
}

6
TitanEngine/TitanEngine.Debugger.Data.cpp
View File

@ -30,14 +30,14 @@ __declspec(dllexport) long TITCALL GetExitCode()
return(ProcessExitCode);
}
__declspec(dllexport) long long TITCALL GetDebuggedDLLBaseAddress()
__declspec(dllexport) ULONG_PTR TITCALL GetDebuggedDLLBaseAddress()
{
return((ULONG_PTR)DebugDebuggingDLLBase);
}
__declspec(dllexport) unsigned long long TITCALL GetDebuggedFileBaseAddress()
__declspec(dllexport) ULONG_PTR TITCALL GetDebuggedFileBaseAddress()
{
return (unsigned long long)DebugDebuggingMainModuleBase;
return (ULONG_PTR)DebugDebuggingMainModuleBase;
}
__declspec(dllexport) void TITCALL SetCustomHandler(DWORD ExceptionId, LPVOID CallBack)

2
TitanEngine/TitanEngine.Debugger.DebugLoop.cpp
View File

@ -92,7 +92,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
DBGEntryPoint = DBGEvent.u.CreateProcessInfo.lpStartAddress;
DBGFileHandle = DBGEvent.u.CreateProcessInfo.hFile;
EngineCloseHandle(DBGFileHandle); //handle is never used inside the code
DebugDebuggingMainModuleBase = (unsigned long long) DBGEvent.u.CreateProcessInfo.lpBaseOfImage;
DebugDebuggingMainModuleBase = (ULONG_PTR) DBGEvent.u.CreateProcessInfo.lpBaseOfImage;
if(DebugAttachedToProcess) //we attached, set information
{
dbgProcessInformation.hProcess = DBGEvent.u.CreateProcessInfo.hProcess;

6
TitanEngine/TitanEngine.Debugger.Helper.cpp
View File

@ -39,7 +39,7 @@ __declspec(dllexport) bool TITCALL GetRemoteString(HANDLE hProcess, LPVOID Strin
return false;
}
}
__declspec(dllexport) long long TITCALL GetFunctionParameter(HANDLE hProcess, DWORD FunctionType, DWORD ParameterNumber, DWORD ParameterType)
__declspec(dllexport) ULONG_PTR TITCALL GetFunctionParameter(HANDLE hProcess, DWORD FunctionType, DWORD ParameterNumber, DWORD ParameterType)
{
MEMORY_BASIC_INFORMATION MemInfo;
@ -207,7 +207,7 @@ __declspec(dllexport) long long TITCALL GetFunctionParameter(HANDLE hProcess, DW
}
return(-1);
}
__declspec(dllexport) long long TITCALL GetJumpDestinationEx(HANDLE hProcess, ULONG_PTR InstructionAddress, bool JustJumps)
__declspec(dllexport) ULONG_PTR TITCALL GetJumpDestinationEx(HANDLE hProcess, ULONG_PTR InstructionAddress, bool JustJumps)
{
char ReadMemory[MAXIMUM_INSTRUCTION_SIZE] = {0};
@ -493,7 +493,7 @@ __declspec(dllexport) long long TITCALL GetJumpDestinationEx(HANDLE hProcess, UL
}
return(NULL);
}
__declspec(dllexport) long long TITCALL GetJumpDestination(HANDLE hProcess, ULONG_PTR InstructionAddress)
__declspec(dllexport) ULONG_PTR TITCALL GetJumpDestination(HANDLE hProcess, ULONG_PTR InstructionAddress)
{
return((ULONG_PTR)GetJumpDestinationEx(hProcess, InstructionAddress, false));
}

4
TitanEngine/TitanEngine.Debugger.Memory.cpp
View File

@ -76,7 +76,7 @@ __declspec(dllexport) bool TITCALL MatchPattern(void* MemoryToCheck, int SizeOfM
}
}
__declspec(dllexport) long long TITCALL FindEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, LPBYTE WildCard)
__declspec(dllexport) ULONG_PTR TITCALL FindEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, LPBYTE WildCard)
{
if(!hProcess || !MemoryStart ||!MemorySize || !SearchPattern || !PatternSize)
return 0;
@ -147,7 +147,7 @@ __declspec(dllexport) long long TITCALL FindEx(HANDLE hProcess, LPVOID MemorySta
return Return;
}
extern "C" __declspec(dllexport) long long TITCALL Find(LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, LPBYTE WildCard)
extern "C" __declspec(dllexport) ULONG_PTR TITCALL Find(LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, LPBYTE WildCard)
{
if(dbgProcessInformation.hProcess != NULL)

6
TitanEngine/TitanEngine.Handler.cpp
View File

@ -179,7 +179,7 @@ __declspec(dllexport) long TITCALL HandlerEnumerateOpenHandles(DWORD ProcessId,
}
return(HandleCount);
}
__declspec(dllexport) long long TITCALL HandlerGetHandleDetails(HANDLE hProcess, DWORD ProcessId, HANDLE hHandle, DWORD InformationReturn)
__declspec(dllexport) ULONG_PTR TITCALL HandlerGetHandleDetails(HANDLE hProcess, DWORD ProcessId, HANDLE hHandle, DWORD InformationReturn)
{
HANDLE myHandle = NULL;
@ -652,7 +652,7 @@ __declspec(dllexport) long TITCALL HandlerEnumerateOpenMutexes(HANDLE hProcess,
return(HandleCount);
}
__declspec(dllexport) long long TITCALL HandlerGetOpenMutexHandle(HANDLE hProcess, DWORD ProcessId, char* szMutexString)
__declspec(dllexport) ULONG_PTR TITCALL HandlerGetOpenMutexHandle(HANDLE hProcess, DWORD ProcessId, char* szMutexString)
{
wchar_t uniMutexString[MAX_PATH] = {};
@ -667,7 +667,7 @@ __declspec(dllexport) long long TITCALL HandlerGetOpenMutexHandle(HANDLE hProces
return(NULL);
}
}
__declspec(dllexport) long long TITCALL HandlerGetOpenMutexHandleW(HANDLE hProcess, DWORD ProcessId, wchar_t* szMutexString)
__declspec(dllexport) ULONG_PTR TITCALL HandlerGetOpenMutexHandleW(HANDLE hProcess, DWORD ProcessId, wchar_t* szMutexString)
{
if(!szMutexString || lstrlenW(szMutexString)>=512)
return 0;

26
TitanEngine/TitanEngine.Importer.cpp
View File

@ -71,22 +71,22 @@ __declspec(dllexport) bool TITCALL ImporterExportIATExW(wchar_t* szDumpFileName,
return (scylla_fixDump(szDumpFileName, szExportFileName, szSectionName) == SCY_ERROR_SUCCESS);
}
__declspec(dllexport) long long TITCALL ImporterFindAPIWriteLocation(char* szAPIName)
__declspec(dllexport) ULONG_PTR TITCALL ImporterFindAPIWriteLocation(char* szAPIName)
{
return scylla_findImportWriteLocation(szAPIName);
}
__declspec(dllexport) long long TITCALL ImporterFindOrdinalAPIWriteLocation(ULONG_PTR OrdinalNumber)
__declspec(dllexport) ULONG_PTR TITCALL ImporterFindOrdinalAPIWriteLocation(ULONG_PTR OrdinalNumber)
{
return scylla_findOrdinalImportWriteLocation(OrdinalNumber);
}
__declspec(dllexport) long long TITCALL ImporterFindAPIByWriteLocation(ULONG_PTR APIWriteLocation)
__declspec(dllexport) ULONG_PTR TITCALL ImporterFindAPIByWriteLocation(ULONG_PTR APIWriteLocation)
{
return scylla_findImportNameByWriteLocation(APIWriteLocation);
}
__declspec(dllexport) long long TITCALL ImporterFindDLLByWriteLocation(ULONG_PTR APIWriteLocation)
__declspec(dllexport) ULONG_PTR TITCALL ImporterFindDLLByWriteLocation(ULONG_PTR APIWriteLocation)
{
return scylla_findModuleNameByWriteLocation(APIWriteLocation);
}
@ -101,17 +101,17 @@ __declspec(dllexport) void* TITCALL ImporterGetDLLNameW(ULONG_PTR APIAddress)
return ImporterGetDLLNameFromDebugeeW(GetCurrentProcess(), APIAddress);
}
__declspec(dllexport) long long TITCALL ImporterGetRemoteAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress)
__declspec(dllexport) ULONG_PTR TITCALL ImporterGetRemoteAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress)
{
return EngineGetAddressRemote(hProcess, APIAddress);
}
__declspec(dllexport) long long TITCALL ImporterGetRemoteAPIAddressEx(char* szDLLName, char* szAPIName)
__declspec(dllexport) ULONG_PTR TITCALL ImporterGetRemoteAPIAddressEx(char* szDLLName, char* szAPIName)
{
return EngineGetProcAddressRemote(0, szDLLName, szAPIName);
}
__declspec(dllexport) long long TITCALL ImporterGetLocalAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress)
__declspec(dllexport) ULONG_PTR TITCALL ImporterGetLocalAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress)
{
return EngineGetAddressLocal(hProcess, APIAddress);
}
@ -145,12 +145,12 @@ __declspec(dllexport) void* TITCALL ImporterGetRemoteDLLBaseExW(HANDLE hProcess,
return (void*)EngineGetModuleBaseRemote(hProcess, szModuleName);
}
__declspec(dllexport) long long TITCALL ImporterGetRemoteDLLBaseEx(HANDLE hProcess, char* szModuleName)
__declspec(dllexport) ULONG_PTR TITCALL ImporterGetRemoteDLLBaseEx(HANDLE hProcess, char* szModuleName)
{
return EngineGetModuleBaseRemote(hProcess, szModuleName);
}
__declspec(dllexport) long long TITCALL ImporterGetRemoteDLLBase(HANDLE hProcess, HMODULE LocalModuleBase)
__declspec(dllexport) ULONG_PTR TITCALL ImporterGetRemoteDLLBase(HANDLE hProcess, HMODULE LocalModuleBase)
{
return EngineGetAddressRemote(hProcess, (ULONG_PTR)LocalModuleBase);
}
@ -160,7 +160,7 @@ __declspec(dllexport) void* TITCALL ImporterGetAPIName(ULONG_PTR APIAddress)
return ImporterGetAPINameFromDebugee(GetCurrentProcess(), APIAddress);
}
__declspec(dllexport) long long TITCALL ImporterGetAPIOrdinalNumber(ULONG_PTR APIAddress)
__declspec(dllexport) ULONG_PTR TITCALL ImporterGetAPIOrdinalNumber(ULONG_PTR APIAddress)
{
return ImporterGetAPIOrdinalNumberFromDebugee(GetCurrentProcess(), APIAddress);
}
@ -179,7 +179,7 @@ __declspec(dllexport) void* TITCALL ImporterGetAPINameFromDebugee(HANDLE hProces
return 0;
}
__declspec(dllexport) long long TITCALL ImporterGetAPIOrdinalNumberFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress)
__declspec(dllexport) ULONG_PTR TITCALL ImporterGetAPIOrdinalNumberFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress)
{
return EngineGetAPIOrdinalRemote(hProcess, APIAddress);
}
@ -219,11 +219,11 @@ __declspec(dllexport) long TITCALL ImporterGetForwardedDLLIndex(HANDLE hProcess,
{
return((DWORD)EngineGlobalAPIHandler(hProcess, NULL, APIAddress, NULL, UE_OPTION_IMPORTER_RETURN_FORWARDER_DLLINDEX));
}
__declspec(dllexport) long long TITCALL ImporterGetForwardedAPIOrdinalNumber(HANDLE hProcess, ULONG_PTR APIAddress)
__declspec(dllexport) ULONG_PTR TITCALL ImporterGetForwardedAPIOrdinalNumber(HANDLE hProcess, ULONG_PTR APIAddress)
{
return((DWORD)EngineGlobalAPIHandler(hProcess, NULL, APIAddress, NULL, UE_OPTION_IMPORTER_RETURN_FORWARDER_API_ORDINAL_NUMBER));
}
__declspec(dllexport) long long TITCALL ImporterGetNearestAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress)
__declspec(dllexport) ULONG_PTR TITCALL ImporterGetNearestAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress)
{
return((ULONG_PTR)EngineGlobalAPIHandler(hProcess, NULL, APIAddress, NULL, UE_OPTION_IMPORTER_RETURN_NEAREST_APIADDRESS));
}

8
TitanEngine/TitanEngine.PE.Convert.cpp
View File

@ -87,7 +87,7 @@ __declspec(dllexport) long TITCALL GetPE32SectionNumberFromVA(ULONG_PTR FileMapV
}
return(-2);
}
__declspec(dllexport) long long TITCALL ConvertVAtoFileOffset(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType)
__declspec(dllexport) ULONG_PTR TITCALL ConvertVAtoFileOffset(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType)
{
PIMAGE_DOS_HEADER DOSHeader;
@ -208,7 +208,7 @@ __declspec(dllexport) long long TITCALL ConvertVAtoFileOffset(ULONG_PTR FileMapV
}
return(0);
}
__declspec(dllexport) long long TITCALL ConvertVAtoFileOffsetEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool AddressIsRVA, bool ReturnType)
__declspec(dllexport) ULONG_PTR TITCALL ConvertVAtoFileOffsetEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool AddressIsRVA, bool ReturnType)
{
PIMAGE_DOS_HEADER DOSHeader;
@ -391,7 +391,7 @@ __declspec(dllexport) long long TITCALL ConvertVAtoFileOffsetEx(ULONG_PTR FileMa
}
return(0);
}
__declspec(dllexport) long long TITCALL ConvertFileOffsetToVA(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType)
__declspec(dllexport) ULONG_PTR TITCALL ConvertFileOffsetToVA(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType)
{
PIMAGE_DOS_HEADER DOSHeader;
@ -506,7 +506,7 @@ __declspec(dllexport) long long TITCALL ConvertFileOffsetToVA(ULONG_PTR FileMapV
}
return(0);
}
__declspec(dllexport) long long TITCALL ConvertFileOffsetToVAEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool ReturnType)
__declspec(dllexport) ULONG_PTR TITCALL ConvertFileOffsetToVAEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool ReturnType)
{
ULONG_PTR ConvertedAddress = NULL;

24
TitanEngine/TitanEngine.PE.Data.cpp
View File

@ -3,7 +3,7 @@
#include "Global.Engine.h"
#include "Global.Mapping.h"
__declspec(dllexport) long long TITCALL GetPE32DataFromMappedFile(ULONG_PTR FileMapVA, DWORD WhichSection, DWORD WhichData)
__declspec(dllexport) ULONG_PTR TITCALL GetPE32DataFromMappedFile(ULONG_PTR FileMapVA, DWORD WhichSection, DWORD WhichData)
{
PIMAGE_DOS_HEADER DOSHeader;
@ -152,7 +152,7 @@ __declspec(dllexport) long long TITCALL GetPE32DataFromMappedFile(ULONG_PTR File
if(WhichData == UE_SECTIONNAME)
{
memcpy(sectionName, PESections->Name, 8);
return (long long)sectionName;
return (ULONG_PTR)sectionName;
}
else if(WhichData == UE_SECTIONVIRTUALOFFSET)
{
@ -339,14 +339,14 @@ __declspec(dllexport) long long TITCALL GetPE32DataFromMappedFile(ULONG_PTR File
}
return(0);
}
__declspec(dllexport) long long TITCALL GetPE32Data(char* szFileName, DWORD WhichSection, DWORD WhichData)
__declspec(dllexport) ULONG_PTR TITCALL GetPE32Data(char* szFileName, DWORD WhichSection, DWORD WhichData)
{
HANDLE FileHandle;
DWORD FileSize;
HANDLE FileMap;
ULONG_PTR FileMapVA;
long long ReturnValue = 0;
ULONG_PTR ReturnValue = 0;
if(MapFileEx(szFileName, UE_ACCESS_READ, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL))
{
@ -359,14 +359,14 @@ __declspec(dllexport) long long TITCALL GetPE32Data(char* szFileName, DWORD Whic
return(0);
}
}
__declspec(dllexport) long long TITCALL GetPE32DataW(wchar_t* szFileName, DWORD WhichSection, DWORD WhichData)
__declspec(dllexport) ULONG_PTR TITCALL GetPE32DataW(wchar_t* szFileName, DWORD WhichSection, DWORD WhichData)
{
HANDLE FileHandle;
DWORD FileSize;
HANDLE FileMap;
ULONG_PTR FileMapVA;
long long ReturnValue = 0;
ULONG_PTR ReturnValue = 0;
if(MapFileExW(szFileName, UE_ACCESS_READ, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL))
{
@ -483,7 +483,7 @@ __declspec(dllexport) bool TITCALL GetPE32DataEx(char* szFileName, LPVOID DataSt
DWORD FileSize;
HANDLE FileMap;
ULONG_PTR FileMapVA;
long long ReturnValue = 0;
ULONG_PTR ReturnValue = 0;
if(MapFileEx(szFileName, UE_ACCESS_READ, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL))
{
@ -510,7 +510,7 @@ __declspec(dllexport) bool TITCALL GetPE32DataExW(wchar_t* szFileName, LPVOID Da
DWORD FileSize;
HANDLE FileMap;
ULONG_PTR FileMapVA;
long long ReturnValue = 0;
ULONG_PTR ReturnValue = 0;
if(MapFileExW(szFileName, UE_ACCESS_READ, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL))
{
@ -945,7 +945,7 @@ __declspec(dllexport) bool TITCALL SetPE32Data(char* szFileName, DWORD WhichSect
DWORD FileSize;
HANDLE FileMap;
ULONG_PTR FileMapVA;
long long ReturnValue = 0;
ULONG_PTR ReturnValue = 0;
if(MapFileEx(szFileName, UE_ACCESS_ALL, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL))
{
@ -972,7 +972,7 @@ __declspec(dllexport) bool TITCALL SetPE32DataW(wchar_t* szFileName, DWORD Which
DWORD FileSize;
HANDLE FileMap;
ULONG_PTR FileMapVA;
long long ReturnValue = 0;
ULONG_PTR ReturnValue = 0;
if(MapFileExW(szFileName, UE_ACCESS_ALL, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL))
{
@ -1109,7 +1109,7 @@ __declspec(dllexport) bool TITCALL SetPE32DataEx(char* szFileName, LPVOID DataSt
DWORD FileSize;
HANDLE FileMap;
ULONG_PTR FileMapVA;
long long ReturnValue = 0;
ULONG_PTR ReturnValue = 0;
if(MapFileEx(szFileName, UE_ACCESS_ALL, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL))
{
@ -1136,7 +1136,7 @@ __declspec(dllexport) bool TITCALL SetPE32DataExW(wchar_t* szFileName, LPVOID Da
DWORD FileSize;
HANDLE FileMap;
ULONG_PTR FileMapVA;
long long ReturnValue = 0;
ULONG_PTR ReturnValue = 0;
if(MapFileExW(szFileName, UE_ACCESS_ALL, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL))
{

4
TitanEngine/TitanEngine.Resourcer.cpp
View File

@ -5,12 +5,12 @@
#include "Global.Handle.h"
// TitanEngine.Resourcer.functions:
__declspec(dllexport) long long TITCALL ResourcerLoadFileForResourceUse(char* szFileName)
__declspec(dllexport) ULONG_PTR TITCALL ResourcerLoadFileForResourceUse(char* szFileName)
{
return((ULONG_PTR)EngineSimulateNtLoader(szFileName));
}
__declspec(dllexport) long long TITCALL ResourcerLoadFileForResourceUseW(wchar_t* szFileName)
__declspec(dllexport) ULONG_PTR TITCALL ResourcerLoadFileForResourceUseW(wchar_t* szFileName)
{
return((ULONG_PTR)EngineSimulateNtLoaderW(szFileName));
}

6
TitanEngine/TitanEngine.Threader.cpp
View File

@ -261,7 +261,7 @@ __declspec(dllexport) bool TITCALL ThreaderResumeProcess()
return ThreaderResumeAllThreads(false);
}
__declspec(dllexport) long long TITCALL ThreaderCreateRemoteThread(ULONG_PTR ThreadStartAddress, bool AutoCloseTheHandle, LPVOID ThreadPassParameter, LPDWORD ThreadId)
__declspec(dllexport) ULONG_PTR TITCALL ThreaderCreateRemoteThread(ULONG_PTR ThreadStartAddress, bool AutoCloseTheHandle, LPVOID ThreadPassParameter, LPDWORD ThreadId)
{
return ThreaderCreateRemoteThreadEx(dbgProcessInformation.hProcess, ThreadStartAddress, AutoCloseTheHandle, ThreadPassParameter, ThreadId);
}
@ -271,7 +271,7 @@ __declspec(dllexport) bool TITCALL ThreaderInjectAndExecuteCode(LPVOID InjectCod
return ThreaderInjectAndExecuteCodeEx(dbgProcessInformation.hProcess, InjectCode, StartDelta, InjectSize);
}
__declspec(dllexport) long long TITCALL ThreaderCreateRemoteThreadEx(HANDLE hProcess, ULONG_PTR ThreadStartAddress, bool AutoCloseTheHandle, LPVOID ThreadPassParameter, LPDWORD ThreadId)
__declspec(dllexport) ULONG_PTR TITCALL ThreaderCreateRemoteThreadEx(HANDLE hProcess, ULONG_PTR ThreadStartAddress, bool AutoCloseTheHandle, LPVOID ThreadPassParameter, LPDWORD ThreadId)
{
if(hProcess != NULL)
{
@ -349,7 +349,7 @@ __declspec(dllexport) bool TITCALL ThreaderExecuteOnlyInjectedThreads()
return false;
}
__declspec(dllexport) long long TITCALL ThreaderGetOpenHandleForThread(DWORD ThreadId)
__declspec(dllexport) ULONG_PTR TITCALL ThreaderGetOpenHandleForThread(DWORD ThreadId)
{
int threadcount=hListThread.size();
for(int i=0; i<threadcount; i++)

8
TitanEngine/TitanEngine.Tracer.cpp
View File

@ -8,7 +8,7 @@
// Global.Engine.Tracer.functions:
static long long EngineGlobalTracerHandler1(HANDLE hProcess, ULONG_PTR AddressToTrace, bool HashInstructions, DWORD InputNumberOfInstructions)
static ULONG_PTR EngineGlobalTracerHandler1(HANDLE hProcess, ULONG_PTR AddressToTrace, bool HashInstructions, DWORD InputNumberOfInstructions)
{
SIZE_T memSize = 0;
@ -530,12 +530,12 @@ __declspec(dllexport) void TITCALL TracerInit()
return; // UE 1.5 compatibility mode
}
__declspec(dllexport) long long TITCALL TracerLevel1(HANDLE hProcess, ULONG_PTR AddressToTrace)
__declspec(dllexport) ULONG_PTR TITCALL TracerLevel1(HANDLE hProcess, ULONG_PTR AddressToTrace)
{
return((ULONG_PTR)EngineGlobalTracerHandler1(hProcess, AddressToTrace, false, NULL));
}
__declspec(dllexport) long long TITCALL HashTracerLevel1(HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD InputNumberOfInstructions)
__declspec(dllexport) ULONG_PTR TITCALL HashTracerLevel1(HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD InputNumberOfInstructions)
{
unsigned int i = 0;
@ -1112,7 +1112,7 @@ __declspec(dllexport) long TITCALL TracerDetectRedirection(HANDLE hProcess, ULON
}
return(NULL);
}
__declspec(dllexport) long long TITCALL TracerFixKnownRedirection(HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD RedirectionId)
__declspec(dllexport) ULONG_PTR TITCALL TracerFixKnownRedirection(HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD RedirectionId)
{
int i = NULL;

7
TitanEngine/TitanEngine.vcxproj
View File

@ -288,6 +288,9 @@
<ClCompile Include="TitanEngine.TranslateName.cpp" />
</ItemGroup>
<ItemGroup>
<ClInclude Include="..\SDK\CPP\TitanEngine.h" />
<ClInclude Include="..\SDK\CPP\TitanEngine.hpp" />
<ClInclude Include="..\SDK\C\TitanEngine.h" />
<ClInclude Include="aplib.h" />
<ClInclude Include="definitions.h" />
<ClInclude Include="distorm.h" />
@ -323,6 +326,10 @@
<ResourceCompile Include="TitanEngine.rc" />
</ItemGroup>
<ItemGroup>
<None Include="..\SDK\Delphi\TitanEngine.pas" />
<None Include="..\SDK\LUA\TitanEngine.lua" />
<None Include="..\SDK\MASM\TitanEngine.INC" />
<None Include="..\SDK\Python\TitanEngine.py" />
<None Include="..\TitanEngineLoaders\LibraryLoader\x64\Release\LibraryLoader.exe" />
<None Include="..\TitanEngineLoaders\LibraryLoader\Release\LibraryLoader.exe" />
<None Include="Global.Engine.Hash.h" />

42
TitanEngine/TitanEngine.vcxproj.filters
View File

@ -31,6 +31,27 @@
<Filter Include="Header Files\ThirdParty">
<UniqueIdentifier>{db6d0b8a-e5c1-4a1e-9157-5818612589f8}</UniqueIdentifier>
</Filter>
<Filter Include="Header Files\SDK">
<UniqueIdentifier>{78336e4f-e571-4dd2-8769-e408515a5493}</UniqueIdentifier>
</Filter>
<Filter Include="Header Files\SDK\C">
<UniqueIdentifier>{2efe2f1a-4ee7-4249-a67c-c51a63aa8f0d}</UniqueIdentifier>
</Filter>
<Filter Include="Header Files\SDK\CPP">
<UniqueIdentifier>{a1fcc566-fbcf-45e0-a99e-0dc7c8f1f3b1}</UniqueIdentifier>
</Filter>
<Filter Include="Header Files\SDK\Delphi">
<UniqueIdentifier>{6ead5e95-3e59-431b-a190-f031c0195a6c}</UniqueIdentifier>
</Filter>
<Filter Include="Header Files\SDK\LUA">
<UniqueIdentifier>{4f08d968-e800-4208-b62a-147d69620060}</UniqueIdentifier>
</Filter>
<Filter Include="Header Files\SDK\MASM">
<UniqueIdentifier>{1012361d-2057-4706-9c0f-e864e2c7a7c5}</UniqueIdentifier>
</Filter>
<Filter Include="Header Files\SDK\Python">
<UniqueIdentifier>{a7ccfa4b-cc58-4f5f-88a1-35d65ab8b5a9}</UniqueIdentifier>
</Filter>
</ItemGroup>
<ItemGroup>
<ClCompile Include="stdafx.cpp">
@ -305,6 +326,15 @@
<ClInclude Include="scylla_wrapper.h">
<Filter>Header Files\ThirdParty</Filter>
</ClInclude>
<ClInclude Include="..\SDK\C\TitanEngine.h">
<Filter>Header Files\SDK\C</Filter>
</ClInclude>
<ClInclude Include="..\SDK\CPP\TitanEngine.h">
<Filter>Header Files\SDK\CPP</Filter>
</ClInclude>
<ClInclude Include="..\SDK\CPP\TitanEngine.hpp">
<Filter>Header Files\SDK\CPP</Filter>
</ClInclude>
</ItemGroup>
<ItemGroup>
<ResourceCompile Include="TitanEngine.rc">
@ -327,5 +357,17 @@
<None Include="Global.Engine.Hash.h">
<Filter>Header Files\TitanEngine</Filter>
</None>
<None Include="..\SDK\Delphi\TitanEngine.pas">
<Filter>Header Files\SDK\Delphi</Filter>
</None>
<None Include="..\SDK\LUA\TitanEngine.lua">
<Filter>Header Files\SDK\LUA</Filter>
</None>
<None Include="..\SDK\MASM\TitanEngine.INC">
<Filter>Header Files\SDK\MASM</Filter>
</None>
<None Include="..\SDK\Python\TitanEngine.py">
<Filter>Header Files\SDK\Python</Filter>
</None>
</ItemGroup>
</Project>

82
TitanEngine/definitions.h
View File

@ -56,9 +56,9 @@ __declspec(dllexport) bool TITCALL DeleteLastSection(char* szFileName);
__declspec(dllexport) bool TITCALL DeleteLastSectionW(wchar_t* szFileName);
__declspec(dllexport) bool TITCALL DeleteLastSectionEx(char* szFileName, DWORD NumberOfSections);
__declspec(dllexport) bool TITCALL DeleteLastSectionExW(wchar_t* szFileName, DWORD NumberOfSections);
__declspec(dllexport) long long TITCALL GetPE32DataFromMappedFile(ULONG_PTR FileMapVA, DWORD WhichSection, DWORD WhichData);
__declspec(dllexport) long long TITCALL GetPE32Data(char* szFileName, DWORD WhichSection, DWORD WhichData);
__declspec(dllexport) long long TITCALL GetPE32DataW(wchar_t* szFileName, DWORD WhichSection, DWORD WhichData);
__declspec(dllexport) ULONG_PTR TITCALL GetPE32DataFromMappedFile(ULONG_PTR FileMapVA, DWORD WhichSection, DWORD WhichData);
__declspec(dllexport) ULONG_PTR TITCALL GetPE32Data(char* szFileName, DWORD WhichSection, DWORD WhichData);
__declspec(dllexport) ULONG_PTR TITCALL GetPE32DataW(wchar_t* szFileName, DWORD WhichSection, DWORD WhichData);
__declspec(dllexport) bool TITCALL GetPE32DataFromMappedFileEx(ULONG_PTR FileMapVA, LPVOID DataStorage);
__declspec(dllexport) bool TITCALL GetPE32DataEx(char* szFileName, LPVOID DataStorage);
__declspec(dllexport) bool TITCALL GetPE32DataExW(wchar_t* szFileName, LPVOID DataStorage);
@ -69,10 +69,10 @@ __declspec(dllexport) bool TITCALL SetPE32DataForMappedFileEx(ULONG_PTR FileMapV
__declspec(dllexport) bool TITCALL SetPE32DataEx(char* szFileName, LPVOID DataStorage);
__declspec(dllexport) bool TITCALL SetPE32DataExW(wchar_t* szFileName, LPVOID DataStorage);
__declspec(dllexport) long TITCALL GetPE32SectionNumberFromVA(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert);
__declspec(dllexport) long long TITCALL ConvertVAtoFileOffset(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType);
__declspec(dllexport) long long TITCALL ConvertVAtoFileOffsetEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool AddressIsRVA, bool ReturnType);
__declspec(dllexport) long long TITCALL ConvertFileOffsetToVA(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType);
__declspec(dllexport) long long TITCALL ConvertFileOffsetToVAEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool ReturnType);
__declspec(dllexport) ULONG_PTR TITCALL ConvertVAtoFileOffset(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType);
__declspec(dllexport) ULONG_PTR TITCALL ConvertVAtoFileOffsetEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool AddressIsRVA, bool ReturnType);
__declspec(dllexport) ULONG_PTR TITCALL ConvertFileOffsetToVA(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType);
__declspec(dllexport) ULONG_PTR TITCALL ConvertFileOffsetToVAEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool ReturnType);
__declspec(dllexport) bool TITCALL MemoryReadSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T * lpNumberOfBytesRead);
__declspec(dllexport) bool TITCALL MemoryWriteSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID lpBuffer, SIZE_T nSize, SIZE_T * lpNumberOfBytesWritten);
// TitanEngine.Realigner.functions:
@ -116,8 +116,8 @@ __declspec(dllexport) bool TITCALL RelocaterRelocateMemoryBlock(ULONG_PTR FileMa
__declspec(dllexport) bool TITCALL RelocaterWipeRelocationTable(char* szFileName);
__declspec(dllexport) bool TITCALL RelocaterWipeRelocationTableW(wchar_t* szFileName);
// TitanEngine.Resourcer.functions:
__declspec(dllexport) long long TITCALL ResourcerLoadFileForResourceUse(char* szFileName);
__declspec(dllexport) long long TITCALL ResourcerLoadFileForResourceUseW(wchar_t* szFileName);
__declspec(dllexport) ULONG_PTR TITCALL ResourcerLoadFileForResourceUse(char* szFileName);
__declspec(dllexport) ULONG_PTR TITCALL ResourcerLoadFileForResourceUseW(wchar_t* szFileName);
__declspec(dllexport) bool TITCALL ResourcerFreeLoadedFile(LPVOID LoadedFileBase);
__declspec(dllexport) bool TITCALL ResourcerExtractResourceFromFileEx(ULONG_PTR FileMapVA, char* szResourceType, char* szResourceName, char* szExtractedFileName);
__declspec(dllexport) bool TITCALL ResourcerExtractResourceFromFile(char* szFileName, char* szResourceType, char* szResourceName, char* szExtractedFileName);
@ -139,16 +139,16 @@ __declspec(dllexport) bool TITCALL ThreaderPauseAllThreads(bool LeaveMainRunning
__declspec(dllexport) bool TITCALL ThreaderResumeAllThreads(bool LeaveMainPaused);
__declspec(dllexport) bool TITCALL ThreaderPauseProcess();
__declspec(dllexport) bool TITCALL ThreaderResumeProcess();
__declspec(dllexport) long long TITCALL ThreaderCreateRemoteThread(ULONG_PTR ThreadStartAddress, bool AutoCloseTheHandle, LPVOID ThreadPassParameter, LPDWORD ThreadId);
__declspec(dllexport) ULONG_PTR TITCALL ThreaderCreateRemoteThread(ULONG_PTR ThreadStartAddress, bool AutoCloseTheHandle, LPVOID ThreadPassParameter, LPDWORD ThreadId);
__declspec(dllexport) bool TITCALL ThreaderInjectAndExecuteCode(LPVOID InjectCode, DWORD StartDelta, DWORD InjectSize);
__declspec(dllexport) long long TITCALL ThreaderCreateRemoteThreadEx(HANDLE hProcess, ULONG_PTR ThreadStartAddress, bool AutoCloseTheHandle, LPVOID ThreadPassParameter, LPDWORD ThreadId);
__declspec(dllexport) ULONG_PTR TITCALL ThreaderCreateRemoteThreadEx(HANDLE hProcess, ULONG_PTR ThreadStartAddress, bool AutoCloseTheHandle, LPVOID ThreadPassParameter, LPDWORD ThreadId);
__declspec(dllexport) bool TITCALL ThreaderInjectAndExecuteCodeEx(HANDLE hProcess, LPVOID InjectCode, DWORD StartDelta, DWORD InjectSize);
__declspec(dllexport) void TITCALL ThreaderSetCallBackForNextExitThreadEvent(LPVOID exitThreadCallBack);
__declspec(dllexport) bool TITCALL ThreaderIsThreadStillRunning(HANDLE hThread);
__declspec(dllexport) bool TITCALL ThreaderIsThreadActive(HANDLE hThread);
__declspec(dllexport) bool TITCALL ThreaderIsAnyThreadActive();
__declspec(dllexport) bool TITCALL ThreaderExecuteOnlyInjectedThreads();
__declspec(dllexport) long long TITCALL ThreaderGetOpenHandleForThread(DWORD ThreadId);
__declspec(dllexport) ULONG_PTR TITCALL ThreaderGetOpenHandleForThread(DWORD ThreadId);
__declspec(dllexport) bool TITCALL ThreaderIsExceptionInMainThread();
// TitanEngine.Debugger.functions:
__declspec(dllexport) void* TITCALL StaticDisassembleEx(ULONG_PTR DisassmStart, LPVOID DisassmAddress);
@ -179,8 +179,8 @@ __declspec(dllexport) bool TITCALL SetMemoryBPX(ULONG_PTR MemoryStart, SIZE_T Si
__declspec(dllexport) bool TITCALL SetMemoryBPXEx(ULONG_PTR MemoryStart, SIZE_T SizeOfMemory, DWORD BreakPointType, bool RestoreOnHit, LPVOID bpxCallBack);
__declspec(dllexport) bool TITCALL RemoveMemoryBPX(ULONG_PTR MemoryStart, SIZE_T SizeOfMemory);
__declspec(dllexport) bool TITCALL GetContextFPUDataEx(HANDLE hActiveThread, void* FPUSaveArea);
__declspec(dllexport) long long TITCALL GetContextDataEx(HANDLE hActiveThread, DWORD IndexOfRegister);
__declspec(dllexport) long long TITCALL GetContextData(DWORD IndexOfRegister);
__declspec(dllexport) ULONG_PTR TITCALL GetContextDataEx(HANDLE hActiveThread, DWORD IndexOfRegister);
__declspec(dllexport) ULONG_PTR TITCALL GetContextData(DWORD IndexOfRegister);
__declspec(dllexport) bool TITCALL SetContextFPUDataEx(HANDLE hActiveThread, void* FPUSaveArea);
__declspec(dllexport) bool TITCALL SetContextDataEx(HANDLE hActiveThread, DWORD IndexOfRegister, ULONG_PTR NewRegisterValue);
__declspec(dllexport) bool TITCALL SetContextData(DWORD IndexOfRegister, ULONG_PTR NewRegisterValue);
@ -188,8 +188,8 @@ __declspec(dllexport) void TITCALL ClearExceptionNumber();
__declspec(dllexport) long TITCALL CurrentExceptionNumber();
__declspec(dllexport) bool TITCALL MatchPatternEx(HANDLE hProcess, void* MemoryToCheck, int SizeOfMemoryToCheck, void* PatternToMatch, int SizeOfPatternToMatch, PBYTE WildCard);
__declspec(dllexport) bool TITCALL MatchPattern(void* MemoryToCheck, int SizeOfMemoryToCheck, void* PatternToMatch, int SizeOfPatternToMatch, PBYTE WildCard);
__declspec(dllexport) long long TITCALL FindEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, LPBYTE WildCard);
extern "C" __declspec(dllexport) long long TITCALL Find(LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, LPBYTE WildCard);
__declspec(dllexport) ULONG_PTR TITCALL FindEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, LPBYTE WildCard);
extern "C" __declspec(dllexport) ULONG_PTR TITCALL Find(LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, LPBYTE WildCard);
__declspec(dllexport) bool TITCALL FillEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, PBYTE FillByte);
__declspec(dllexport) bool TITCALL Fill(LPVOID MemoryStart, DWORD MemorySize, PBYTE FillByte);
__declspec(dllexport) bool TITCALL PatchEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, LPVOID ReplacePattern, DWORD ReplaceSize, bool AppendNOP, bool PrependNOP);
@ -199,12 +199,12 @@ __declspec(dllexport) bool TITCALL Replace(LPVOID MemoryStart, DWORD MemorySize,
__declspec(dllexport) void* TITCALL GetDebugData();
__declspec(dllexport) void* TITCALL GetTerminationData();
__declspec(dllexport) long TITCALL GetExitCode();
__declspec(dllexport) long long TITCALL GetDebuggedDLLBaseAddress();
__declspec(dllexport) unsigned long long TITCALL GetDebuggedFileBaseAddress();
__declspec(dllexport) ULONG_PTR TITCALL GetDebuggedDLLBaseAddress();
__declspec(dllexport) ULONG_PTR TITCALL GetDebuggedFileBaseAddress();
__declspec(dllexport) bool TITCALL GetRemoteString(HANDLE hProcess, LPVOID StringAddress, LPVOID StringStorage, int MaximumStringSize);
__declspec(dllexport) long long TITCALL GetFunctionParameter(HANDLE hProcess, DWORD FunctionType, DWORD ParameterNumber, DWORD ParameterType);
__declspec(dllexport) long long TITCALL GetJumpDestinationEx(HANDLE hProcess, ULONG_PTR InstructionAddress, bool JustJumps);
__declspec(dllexport) long long TITCALL GetJumpDestination(HANDLE hProcess, ULONG_PTR InstructionAddress);
__declspec(dllexport) ULONG_PTR TITCALL GetFunctionParameter(HANDLE hProcess, DWORD FunctionType, DWORD ParameterNumber, DWORD ParameterType);
__declspec(dllexport) ULONG_PTR TITCALL GetJumpDestinationEx(HANDLE hProcess, ULONG_PTR InstructionAddress, bool JustJumps);
__declspec(dllexport) ULONG_PTR TITCALL GetJumpDestination(HANDLE hProcess, ULONG_PTR InstructionAddress);
__declspec(dllexport) bool TITCALL IsJumpGoingToExecuteEx(HANDLE hProcess, HANDLE hThread, ULONG_PTR InstructionAddress, ULONG_PTR RegFlags);
__declspec(dllexport) bool TITCALL IsJumpGoingToExecute();
__declspec(dllexport) void TITCALL SetCustomHandler(DWORD ExceptionId, LPVOID CallBack);
@ -245,33 +245,33 @@ __declspec(dllexport) bool TITCALL ImporterExportIAT(ULONG_PTR StorePlace, ULONG
__declspec(dllexport) long TITCALL ImporterEstimatedSize();
__declspec(dllexport) bool TITCALL ImporterExportIATEx(char* szDumpFileName, char* szExportFileName, char* szSectionName);
__declspec(dllexport) bool TITCALL ImporterExportIATExW(wchar_t* szDumpFileName, wchar_t* szExportFileName, wchar_t* szSectionName = L".RL!TEv2");
__declspec(dllexport) long long TITCALL ImporterFindAPIWriteLocation(char* szAPIName);
__declspec(dllexport) long long TITCALL ImporterFindOrdinalAPIWriteLocation(ULONG_PTR OrdinalNumber);
__declspec(dllexport) long long TITCALL ImporterFindAPIByWriteLocation(ULONG_PTR APIWriteLocation);
__declspec(dllexport) long long TITCALL ImporterFindDLLByWriteLocation(ULONG_PTR APIWriteLocation);
__declspec(dllexport) ULONG_PTR TITCALL ImporterFindAPIWriteLocation(char* szAPIName);
__declspec(dllexport) ULONG_PTR TITCALL ImporterFindOrdinalAPIWriteLocation(ULONG_PTR OrdinalNumber);
__declspec(dllexport) ULONG_PTR TITCALL ImporterFindAPIByWriteLocation(ULONG_PTR APIWriteLocation);
__declspec(dllexport) ULONG_PTR TITCALL ImporterFindDLLByWriteLocation(ULONG_PTR APIWriteLocation);
__declspec(dllexport) void* TITCALL ImporterGetDLLName(ULONG_PTR APIAddress);
__declspec(dllexport) void* TITCALL ImporterGetDLLNameW(ULONG_PTR APIAddress);
__declspec(dllexport) void* TITCALL ImporterGetAPIName(ULONG_PTR APIAddress);
__declspec(dllexport) long long TITCALL ImporterGetAPIOrdinalNumber(ULONG_PTR APIAddress);
__declspec(dllexport) ULONG_PTR TITCALL ImporterGetAPIOrdinalNumber(ULONG_PTR APIAddress);
__declspec(dllexport) void* TITCALL ImporterGetAPINameEx(ULONG_PTR APIAddress, ULONG_PTR DLLBasesList);
__declspec(dllexport) long long TITCALL ImporterGetRemoteAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllexport) long long TITCALL ImporterGetRemoteAPIAddressEx(char* szDLLName, char* szAPIName);
__declspec(dllexport) long long TITCALL ImporterGetLocalAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllexport) ULONG_PTR TITCALL ImporterGetRemoteAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllexport) ULONG_PTR TITCALL ImporterGetRemoteAPIAddressEx(char* szDLLName, char* szAPIName);
__declspec(dllexport) ULONG_PTR TITCALL ImporterGetLocalAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllexport) void* TITCALL ImporterGetDLLNameFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllexport) void* TITCALL ImporterGetDLLNameFromDebugeeW(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllexport) void* TITCALL ImporterGetAPINameFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllexport) long long TITCALL ImporterGetAPIOrdinalNumberFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllexport) ULONG_PTR TITCALL ImporterGetAPIOrdinalNumberFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllexport) long TITCALL ImporterGetDLLIndexEx(ULONG_PTR APIAddress, ULONG_PTR DLLBasesList);
__declspec(dllexport) long TITCALL ImporterGetDLLIndex(HANDLE hProcess, ULONG_PTR APIAddress, ULONG_PTR DLLBasesList);
__declspec(dllexport) long long TITCALL ImporterGetRemoteDLLBase(HANDLE hProcess, HMODULE LocalModuleBase);
__declspec(dllexport) long long TITCALL ImporterGetRemoteDLLBaseEx(HANDLE hProcess, char* szModuleName);
__declspec(dllexport) ULONG_PTR TITCALL ImporterGetRemoteDLLBase(HANDLE hProcess, HMODULE LocalModuleBase);
__declspec(dllexport) ULONG_PTR TITCALL ImporterGetRemoteDLLBaseEx(HANDLE hProcess, char* szModuleName);
__declspec(dllexport) void* TITCALL ImporterGetRemoteDLLBaseExW(HANDLE hProcess, WCHAR* szModuleName);
__declspec(dllexport) bool TITCALL ImporterIsForwardedAPI(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllexport) void* TITCALL ImporterGetForwardedAPIName(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllexport) void* TITCALL ImporterGetForwardedDLLName(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllexport) long TITCALL ImporterGetForwardedDLLIndex(HANDLE hProcess, ULONG_PTR APIAddress, ULONG_PTR DLLBasesList);
__declspec(dllexport) long long TITCALL ImporterGetForwardedAPIOrdinalNumber(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllexport) long long TITCALL ImporterGetNearestAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllexport) ULONG_PTR TITCALL ImporterGetForwardedAPIOrdinalNumber(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllexport) ULONG_PTR TITCALL ImporterGetNearestAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllexport) void* TITCALL ImporterGetNearestAPIName(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllexport) bool TITCALL ImporterCopyOriginalIAT(char* szOriginalFile, char* szDumpFile);
__declspec(dllexport) bool TITCALL ImporterCopyOriginalIATW(wchar_t* szOriginalFile, wchar_t* szDumpFile);
@ -311,11 +311,11 @@ __declspec(dllexport) void TITCALL HooksScanEntireProcessMemory(LPVOID CallBack)
__declspec(dllexport) void TITCALL HooksScanEntireProcessMemoryEx();
// TitanEngine.Tracer.functions:
__declspec(dllexport) void TITCALL TracerInit();
__declspec(dllexport) long long TITCALL TracerLevel1(HANDLE hProcess, ULONG_PTR AddressToTrace);
__declspec(dllexport) long long TITCALL HashTracerLevel1(HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD InputNumberOfInstructions);
__declspec(dllexport) ULONG_PTR TITCALL TracerLevel1(HANDLE hProcess, ULONG_PTR AddressToTrace);
__declspec(dllexport) ULONG_PTR TITCALL HashTracerLevel1(HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD InputNumberOfInstructions);
__declspec(dllexport) long TITCALL TracerDetectRedirection(HANDLE hProcess, ULONG_PTR AddressToTrace);
__declspec(dllexport) long long TITCALL TracerFixKnownRedirection(HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD RedirectionId);
__declspec(dllexport) long long TITCALL TracerFixRedirectionViaModule(HMODULE hModuleHandle, HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD IdParameter);
__declspec(dllexport) ULONG_PTR TITCALL TracerFixKnownRedirection(HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD RedirectionId);
__declspec(dllexport) ULONG_PTR TITCALL TracerFixRedirectionViaModule(HMODULE hModuleHandle, HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD IdParameter);
__declspec(dllexport) long TITCALL TracerFixRedirectionViaImpRecPlugin(HANDLE hProcess, char* szPluginName, ULONG_PTR AddressToTrace);
// TitanEngine.Exporter.functions:
__declspec(dllexport) void TITCALL ExporterCleanup();
@ -368,7 +368,7 @@ __declspec(dllexport) bool TITCALL HandlerIsHandleOpen(DWORD ProcessId, HANDLE h
__declspec(dllexport) void* TITCALL HandlerGetHandleName(HANDLE hProcess, DWORD ProcessId, HANDLE hHandle, bool TranslateName);
__declspec(dllexport) void* TITCALL HandlerGetHandleNameW(HANDLE hProcess, DWORD ProcessId, HANDLE hHandle, bool TranslateName);
__declspec(dllexport) long TITCALL HandlerEnumerateOpenHandles(DWORD ProcessId, LPVOID HandleBuffer, DWORD MaxHandleCount);
__declspec(dllexport) long long TITCALL HandlerGetHandleDetails(HANDLE hProcess, DWORD ProcessId, HANDLE hHandle, DWORD InformationReturn);
__declspec(dllexport) ULONG_PTR TITCALL HandlerGetHandleDetails(HANDLE hProcess, DWORD ProcessId, HANDLE hHandle, DWORD InformationReturn);
__declspec(dllexport) bool TITCALL HandlerCloseRemoteHandle(HANDLE hProcess, HANDLE hHandle);
__declspec(dllexport) long TITCALL HandlerEnumerateLockHandles(char* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated, LPVOID HandleDataBuffer, DWORD MaxHandleCount);
__declspec(dllexport) long TITCALL HandlerEnumerateLockHandlesW(wchar_t* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated, LPVOID HandleDataBuffer, DWORD MaxHandleCount);
@ -378,8 +378,8 @@ __declspec(dllexport) bool TITCALL HandlerIsFileLocked(char* szFileOrFolderName,
__declspec(dllexport) bool TITCALL HandlerIsFileLockedW(wchar_t* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated);
// TitanEngine.Handler[Mutex].functions:
__declspec(dllexport) long TITCALL HandlerEnumerateOpenMutexes(HANDLE hProcess, DWORD ProcessId, LPVOID HandleBuffer, DWORD MaxHandleCount);
__declspec(dllexport) long long TITCALL HandlerGetOpenMutexHandle(HANDLE hProcess, DWORD ProcessId, char* szMutexString);
__declspec(dllexport) long long TITCALL HandlerGetOpenMutexHandleW(HANDLE hProcess, DWORD ProcessId, wchar_t* szMutexString);
__declspec(dllexport) ULONG_PTR TITCALL HandlerGetOpenMutexHandle(HANDLE hProcess, DWORD ProcessId, char* szMutexString);
__declspec(dllexport) ULONG_PTR TITCALL HandlerGetOpenMutexHandleW(HANDLE hProcess, DWORD ProcessId, wchar_t* szMutexString);
__declspec(dllexport) long TITCALL HandlerGetProcessIdWhichCreatedMutex(char* szMutexString);
__declspec(dllexport) long TITCALL HandlerGetProcessIdWhichCreatedMutexW(wchar_t* szMutexString);
// TitanEngine.Injector.functions: