x64dbg
/
TitanEngine
mirror of https://github.com/x64dbg/TitanEngine
1
0
Fork 0
Code Releases Activity

Merged mrexodia/titanengine-update into master

This commit is contained in:
AVJoKe 2014-04-03 14:09:10 +02:00
parent a4ab93e00a 2a635dee7e
commit de9270d9e4
47 changed files with 815 additions and 1527 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
SDK/C/TitanEngine.h
View File

@ -13,6 +13,20 @@
// Global.Constant.Structure.Declaration: // Global.Constant.Structure.Declaration:
// Engine.External: // Engine.External:
#define UE_STRUCT_PE32STRUCT 1
#define UE_STRUCT_PE64STRUCT 2
#define UE_STRUCT_PESTRUCT 3
#define UE_STRUCT_IMPORTENUMDATA 4
#define UE_STRUCT_THREAD_ITEM_DATA 5
#define UE_STRUCT_LIBRARY_ITEM_DATA 6
#define UE_STRUCT_LIBRARY_ITEM_DATAW 7
#define UE_STRUCT_PROCESS_ITEM_DATA 8
#define UE_STRUCT_HANDLERARRAY 9
#define UE_STRUCT_PLUGININFORMATION 10
#define UE_STRUCT_HOOK_ENTRY 11
#define UE_STRUCT_FILE_STATUS_INFO 12
#define UE_STRUCT_FILE_FIX_INFO 13
#define UE_ACCESS_READ 0 #define UE_ACCESS_READ 0
#define UE_ACCESS_WRITE 1 #define UE_ACCESS_WRITE 1
#define UE_ACCESS_ALL 2 #define UE_ACCESS_ALL 2
@ -321,6 +335,13 @@ typedef struct
DWORD dwThreadId; DWORD dwThreadId;
void* ThreadStartAddress; void* ThreadStartAddress;
void* ThreadLocalBase; void* ThreadLocalBase;
void* TebAddress;
ULONG WaitTime;
LONG Priority;
LONG BasePriority;
ULONG ContextSwitches;
ULONG ThreadState;
ULONG WaitReason;
} THREAD_ITEM_DATA, *PTHREAD_ITEM_DATA; } THREAD_ITEM_DATA, *PTHREAD_ITEM_DATA;
typedef struct typedef struct
@ -920,6 +941,7 @@ __declspec(dllexport) bool TITCALL EngineFakeMissingDependencies(HANDLE hProcess
__declspec(dllexport) bool TITCALL EngineDeleteCreatedDependencies(); __declspec(dllexport) bool TITCALL EngineDeleteCreatedDependencies();
__declspec(dllexport) bool TITCALL EngineCreateUnpackerWindow(char* WindowUnpackerTitle, char* WindowUnpackerLongTitle, char* WindowUnpackerName, char* WindowUnpackerAuthor, void* StartUnpackingCallBack); __declspec(dllexport) bool TITCALL EngineCreateUnpackerWindow(char* WindowUnpackerTitle, char* WindowUnpackerLongTitle, char* WindowUnpackerName, char* WindowUnpackerAuthor, void* StartUnpackingCallBack);
__declspec(dllexport) void TITCALL EngineAddUnpackerWindowLogMessage(char* szLogMessage); __declspec(dllexport) void TITCALL EngineAddUnpackerWindowLogMessage(char* szLogMessage);
__declspec(dllexport) bool TITCALL EngineCheckStructAlignment(DWORD StructureType, ULONG_PTR StructureSize);
// Global.Engine.Extension.Functions: // Global.Engine.Extension.Functions:
__declspec(dllexport) bool TITCALL ExtensionManagerIsPluginLoaded(char* szPluginName); __declspec(dllexport) bool TITCALL ExtensionManagerIsPluginLoaded(char* szPluginName);
__declspec(dllexport) bool TITCALL ExtensionManagerIsPluginEnabled(char* szPluginName); __declspec(dllexport) bool TITCALL ExtensionManagerIsPluginEnabled(char* szPluginName);

22
SDK/CPP/TitanEngine.h
View File

@ -13,6 +13,20 @@
// Global.Constant.Structure.Declaration: // Global.Constant.Structure.Declaration:
// Engine.External: // Engine.External:
const BYTE UE_STRUCT_PE32STRUCT = 1;
const BYTE UE_STRUCT_PE64STRUCT = 2;
const BYTE UE_STRUCT_PESTRUCT = 3;
const BYTE UE_STRUCT_IMPORTENUMDATA = 4;
const BYTE UE_STRUCT_THREAD_ITEM_DATA = 5;
const BYTE UE_STRUCT_LIBRARY_ITEM_DATA = 6;
const BYTE UE_STRUCT_LIBRARY_ITEM_DATAW = 7;
const BYTE UE_STRUCT_PROCESS_ITEM_DATA = 8;
const BYTE UE_STRUCT_HANDLERARRAY = 9;
const BYTE UE_STRUCT_PLUGININFORMATION = 10;
const BYTE UE_STRUCT_HOOK_ENTRY = 11;
const BYTE UE_STRUCT_FILE_STATUS_INFO = 12;
const BYTE UE_STRUCT_FILE_FIX_INFO = 13;
const BYTE UE_ACCESS_READ = 0; const BYTE UE_ACCESS_READ = 0;
const BYTE UE_ACCESS_WRITE = 1; const BYTE UE_ACCESS_WRITE = 1;
const BYTE UE_ACCESS_ALL = 2; const BYTE UE_ACCESS_ALL = 2;
@ -321,6 +335,13 @@ typedef struct
DWORD dwThreadId; DWORD dwThreadId;
void* ThreadStartAddress; void* ThreadStartAddress;
void* ThreadLocalBase; void* ThreadLocalBase;
void* TebAddress;
ULONG WaitTime;
LONG Priority;
LONG BasePriority;
ULONG ContextSwitches;
ULONG ThreadState;
ULONG WaitReason;
} THREAD_ITEM_DATA, *PTHREAD_ITEM_DATA; } THREAD_ITEM_DATA, *PTHREAD_ITEM_DATA;
typedef struct typedef struct
@ -914,6 +935,7 @@ __declspec(dllimport) bool TITCALL EngineFakeMissingDependencies(HANDLE hProcess
__declspec(dllimport) bool TITCALL EngineDeleteCreatedDependencies(); __declspec(dllimport) bool TITCALL EngineDeleteCreatedDependencies();
__declspec(dllimport) bool TITCALL EngineCreateUnpackerWindow(char* WindowUnpackerTitle, char* WindowUnpackerLongTitle, char* WindowUnpackerName, char* WindowUnpackerAuthor, void* StartUnpackingCallBack); __declspec(dllimport) bool TITCALL EngineCreateUnpackerWindow(char* WindowUnpackerTitle, char* WindowUnpackerLongTitle, char* WindowUnpackerName, char* WindowUnpackerAuthor, void* StartUnpackingCallBack);
__declspec(dllimport) void TITCALL EngineAddUnpackerWindowLogMessage(char* szLogMessage); __declspec(dllimport) void TITCALL EngineAddUnpackerWindowLogMessage(char* szLogMessage);
__declspec(dllimport) bool TITCALL EngineCheckStructAlignment(DWORD StructureType, ULONG_PTR StructureSize);
// Global.Engine.Extension.Functions: // Global.Engine.Extension.Functions:
__declspec(dllimport) bool TITCALL ExtensionManagerIsPluginLoaded(char* szPluginName); __declspec(dllimport) bool TITCALL ExtensionManagerIsPluginLoaded(char* szPluginName);
__declspec(dllimport) bool TITCALL ExtensionManagerIsPluginEnabled(char* szPluginName); __declspec(dllimport) bool TITCALL ExtensionManagerIsPluginEnabled(char* szPluginName);

24
SDK/CPP/TitanEngine.hpp
View File

@ -23,6 +23,23 @@ namespace UE
// ---- // ----
enum eStructType : DWORD
{
UE_STRUCT_PE32STRUCT = UE::UE_STRUCT_PE32STRUCT,
UE_STRUCT_PE64STRUCT = UE::UE_STRUCT_PE64STRUCT,
UE_STRUCT_PESTRUCT = UE::UE_STRUCT_PESTRUCT,
UE_STRUCT_IMPORTENUMDATA = UE::UE_STRUCT_IMPORTENUMDATA,
UE_STRUCT_THREAD_ITEM_DATA = UE::UE_STRUCT_THREAD_ITEM_DATA,
UE_STRUCT_LIBRARY_ITEM_DATA = UE::UE_STRUCT_LIBRARY_ITEM_DATA,
UE_STRUCT_LIBRARY_ITEM_DATAW = UE::UE_STRUCT_LIBRARY_ITEM_DATAW,
UE_STRUCT_PROCESS_ITEM_DATA = UE::UE_STRUCT_PROCESS_ITEM_DATA,
UE_STRUCT_HANDLERARRAY = UE::UE_STRUCT_HANDLERARRAY,
UE_STRUCT_PLUGININFORMATION = UE::UE_STRUCT_PLUGININFORMATION,
UE_STRUCT_HOOK_ENTRY = UE::UE_STRUCT_HOOK_ENTRY,
UE_STRUCT_FILE_STATUS_INFO = UE::UE_STRUCT_FILE_STATUS_INFO,
UE_STRUCT_FILE_FIX_INFO = UE::UE_STRUCT_FILE_FIX_INFO
};
enum eHideLevel : DWORD enum eHideLevel : DWORD
{ {
UE_HIDE_PEBONLY = UE::UE_HIDE_PEBONLY, UE_HIDE_PEBONLY = UE::UE_HIDE_PEBONLY,
@ -709,6 +726,8 @@ public:
using DumperX::ConvertVAtoFileOffsetEx; using DumperX::ConvertVAtoFileOffsetEx;
using DumperX::ConvertFileOffsetToVA; using DumperX::ConvertFileOffsetToVA;
using DumperX::ConvertFileOffsetToVAEx; using DumperX::ConvertFileOffsetToVAEx;
using DumperX::MemoryReadSafe;
using DumperX::MemoryWriteSafe;
}; };
class RealignerA; class RealignerA;
@ -2740,6 +2759,10 @@ protected:
{ {
return UE::EngineAddUnpackerWindowLogMessage(szLogMessage); return UE::EngineAddUnpackerWindowLogMessage(szLogMessage);
} }
static bool EngineCheckStructAlignment(DWORD StructureType, ULONG_PTR StructureSize)
{
return UE::EngineCheckStructAlignment(StructureType, StructureSize);
}
}; };
class EngineA class EngineA
@ -2773,6 +2796,7 @@ public:
using EngineX::DeleteCreatedDependencies; using EngineX::DeleteCreatedDependencies;
using EngineX::CreateUnpackerWindow; using EngineX::CreateUnpackerWindow;
using EngineX::AddUnpackerWindowLogMessage; using EngineX::AddUnpackerWindowLogMessage;
using EngineX::EngineCheckStructAlignment;
}; };
class ExtensionManager class ExtensionManager

26
TitanEngine.sln
View File

@ -3,16 +3,6 @@ Microsoft Visual Studio Solution File, Format Version 11.00
# Visual Studio 2010 # Visual Studio 2010
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "TitanEngine", "TitanEngine\TitanEngine.vcxproj", "{9C7B8246-FDDA-48C7-9634-044969701E40}" Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "TitanEngine", "TitanEngine\TitanEngine.vcxproj", "{9C7B8246-FDDA-48C7-9634-044969701E40}"
EndProject EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "TitanUnitTest", "TitanUnitTest\TitanUnitTest.vcxproj", "{5B5AB3CD-4D32-43B0-8840-E05C9483381D}"
ProjectSection(ProjectDependencies) = postProject
{9C7B8246-FDDA-48C7-9634-044969701E40} = {9C7B8246-FDDA-48C7-9634-044969701E40}
EndProjectSection
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "TitanScriptGui", "TitanScriptGui\TitanScriptGui.vcxproj", "{49C88677-C374-4AE2-B431-8F3B424BF245}"
ProjectSection(ProjectDependencies) = postProject
{9C7B8246-FDDA-48C7-9634-044969701E40} = {9C7B8246-FDDA-48C7-9634-044969701E40}
EndProjectSection
EndProject
Global Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Win32 = Debug|Win32 Debug|Win32 = Debug|Win32
@ -29,22 +19,6 @@ Global
{9C7B8246-FDDA-48C7-9634-044969701E40}.Release|Win32.Build.0 = Release|Win32 {9C7B8246-FDDA-48C7-9634-044969701E40}.Release|Win32.Build.0 = Release|Win32
{9C7B8246-FDDA-48C7-9634-044969701E40}.Release|x64.ActiveCfg = Release|x64 {9C7B8246-FDDA-48C7-9634-044969701E40}.Release|x64.ActiveCfg = Release|x64
{9C7B8246-FDDA-48C7-9634-044969701E40}.Release|x64.Build.0 = Release|x64 {9C7B8246-FDDA-48C7-9634-044969701E40}.Release|x64.Build.0 = Release|x64
{5B5AB3CD-4D32-43B0-8840-E05C9483381D}.Debug|Win32.ActiveCfg = Debug|Win32
{5B5AB3CD-4D32-43B0-8840-E05C9483381D}.Debug|Win32.Build.0 = Debug|Win32
{5B5AB3CD-4D32-43B0-8840-E05C9483381D}.Debug|x64.ActiveCfg = Debug|x64
{5B5AB3CD-4D32-43B0-8840-E05C9483381D}.Debug|x64.Build.0 = Debug|x64
{5B5AB3CD-4D32-43B0-8840-E05C9483381D}.Release|Win32.ActiveCfg = Release|Win32
{5B5AB3CD-4D32-43B0-8840-E05C9483381D}.Release|Win32.Build.0 = Release|Win32
{5B5AB3CD-4D32-43B0-8840-E05C9483381D}.Release|x64.ActiveCfg = Release|x64
{5B5AB3CD-4D32-43B0-8840-E05C9483381D}.Release|x64.Build.0 = Release|x64
{49C88677-C374-4AE2-B431-8F3B424BF245}.Debug|Win32.ActiveCfg = Debug|Win32
{49C88677-C374-4AE2-B431-8F3B424BF245}.Debug|Win32.Build.0 = Debug|Win32
{49C88677-C374-4AE2-B431-8F3B424BF245}.Debug|x64.ActiveCfg = Debug|x64
{49C88677-C374-4AE2-B431-8F3B424BF245}.Debug|x64.Build.0 = Debug|x64
{49C88677-C374-4AE2-B431-8F3B424BF245}.Release|Win32.ActiveCfg = Release|Win32
{49C88677-C374-4AE2-B431-8F3B424BF245}.Release|Win32.Build.0 = Release|Win32
{49C88677-C374-4AE2-B431-8F3B424BF245}.Release|x64.ActiveCfg = Release|x64
{49C88677-C374-4AE2-B431-8F3B424BF245}.Release|x64.Build.0 = Release|x64
EndGlobalSection EndGlobalSection
GlobalSection(SolutionProperties) = preSolution GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE HideSolutionNode = FALSE

7
TitanEngine/Global.Debugger.cpp
View File

@ -25,7 +25,7 @@ DEBUG_EVENT DBGEvent = {};
DEBUG_EVENT TerminateDBGEvent = {}; DEBUG_EVENT TerminateDBGEvent = {};
DWORD ProcessExitCode = 0; DWORD ProcessExitCode = 0;
HANDLE DBGFileHandle; HANDLE DBGFileHandle;
ULONG_PTR tlsCallBackList[100]; std::vector<ULONG_PTR> tlsCallBackList;
std::vector<PROCESS_ITEM_DATA> hListProcess; std::vector<PROCESS_ITEM_DATA> hListProcess;
int engineStepCount = INFINITE; int engineStepCount = INFINITE;
LPVOID engineStepCallBack = NULL; LPVOID engineStepCallBack = NULL;
@ -74,6 +74,11 @@ void ClearProcessList()
std::vector<PROCESS_ITEM_DATA>().swap(hListProcess); std::vector<PROCESS_ITEM_DATA>().swap(hListProcess);
} }
void ClearTlsCallBackList()
{
std::vector<ULONG_PTR>().swap(tlsCallBackList);
}
void StepOutStepCallBack() void StepOutStepCallBack()
{ {
BYTE cipch = 0x90; BYTE cipch = 0x90;

3
TitanEngine/Global.Debugger.h
View File

@ -25,7 +25,7 @@ extern DEBUG_EVENT DBGEvent;
extern DEBUG_EVENT TerminateDBGEvent; extern DEBUG_EVENT TerminateDBGEvent;
extern DWORD ProcessExitCode; extern DWORD ProcessExitCode;
extern HANDLE DBGFileHandle; extern HANDLE DBGFileHandle;
extern ULONG_PTR tlsCallBackList[100]; extern std::vector<ULONG_PTR> tlsCallBackList;
extern std::vector<PROCESS_ITEM_DATA> hListProcess; extern std::vector<PROCESS_ITEM_DATA> hListProcess;
extern int engineStepCount; extern int engineStepCount;
extern LPVOID engineStepCallBack; extern LPVOID engineStepCallBack;
@ -42,6 +42,7 @@ extern LPVOID StepOutCallBack;
long DebugLoopInSecondThread(LPVOID InputParameter); long DebugLoopInSecondThread(LPVOID InputParameter);
void DebuggerReset(); void DebuggerReset();
void ClearProcessList(); void ClearProcessList();
void ClearTlsCallBackList();
void StepOutStepCallBack(); void StepOutStepCallBack();
#endif //_GLOBAL_DEBUGGER_H #endif //_GLOBAL_DEBUGGER_H

5
TitanEngine/Global.TLS.cpp
View File

@ -4,3 +4,8 @@
ULONG_PTR engineTLSBreakOnCallBackAddress; ULONG_PTR engineTLSBreakOnCallBackAddress;
bool engineTLSBreakOnCallBack = false; bool engineTLSBreakOnCallBack = false;
void ClearTlsVector(std::vector<ULONG_PTR>* vec)
{
std::vector<ULONG_PTR>().swap(*vec);
}

4
TitanEngine/Global.TLS.h
View File

@ -1,7 +1,11 @@
#ifndef _GLOBAL_TLS_H #ifndef _GLOBAL_TLS_H
#define _GLOBAL_TLS_H #define _GLOBAL_TLS_H
#include <vector>
extern ULONG_PTR engineTLSBreakOnCallBackAddress; extern ULONG_PTR engineTLSBreakOnCallBackAddress;
extern bool engineTLSBreakOnCallBack; extern bool engineTLSBreakOnCallBack;
void ClearTlsVector(std::vector<ULONG_PTR>* vec);
#endif //_GLOBAL_TLS_H #endif //_GLOBAL_TLS_H

25
TitanEngine/TitanEngine.Breakpoints.cpp
View File

@ -13,7 +13,14 @@ static BYTE INT3LongBreakPoint[2] = {0xCD, 0x03};
__declspec(dllexport) void TITCALL SetBPXOptions(long DefaultBreakPointType) __declspec(dllexport) void TITCALL SetBPXOptions(long DefaultBreakPointType)
{ {
engineDefaultBreakPointType = DefaultBreakPointType; if(DefaultBreakPointType == UE_BREAKPOINT_INT3 || DefaultBreakPointType == UE_BREAKPOINT_LONG_INT3 || DefaultBreakPointType == UE_BREAKPOINT_UD2)
engineDefaultBreakPointType = DefaultBreakPointType;
else if(DefaultBreakPointType == UE_BREAKPOINT_TYPE_INT3)
engineDefaultBreakPointType = UE_BREAKPOINT_INT3;
else if(DefaultBreakPointType == UE_BREAKPOINT_TYPE_LONG_INT3)
engineDefaultBreakPointType = UE_BREAKPOINT_LONG_INT3;
else if(DefaultBreakPointType == UE_BREAKPOINT_TYPE_UD2)
engineDefaultBreakPointType = UE_BREAKPOINT_UD2;
} }
__declspec(dllexport) bool TITCALL IsBPXEnabled(ULONG_PTR bpxAddress) __declspec(dllexport) bool TITCALL IsBPXEnabled(ULONG_PTR bpxAddress)
@ -191,13 +198,7 @@ __declspec(dllexport) bool TITCALL SetBPX(ULONG_PTR bpxAddress, DWORD bpxType, L
memset(&NewBreakPoint, 0, sizeof(BreakPointDetail)); memset(&NewBreakPoint, 0, sizeof(BreakPointDetail));
if(bpxType < UE_BREAKPOINT_TYPE_INT3) if(bpxType < UE_BREAKPOINT_TYPE_INT3)
{ {
if(engineDefaultBreakPointType == UE_BREAKPOINT_INT3) if(engineDefaultBreakPointType == UE_BREAKPOINT_LONG_INT3)
{
SelectedBreakPointType = UE_BREAKPOINT_INT3;
NewBreakPoint.BreakPointSize = 1;
bpxDataPrt = &INT3BreakPoint;
}
else if(engineDefaultBreakPointType == UE_BREAKPOINT_LONG_INT3)
{ {
SelectedBreakPointType = UE_BREAKPOINT_LONG_INT3; SelectedBreakPointType = UE_BREAKPOINT_LONG_INT3;
NewBreakPoint.BreakPointSize = 2; NewBreakPoint.BreakPointSize = 2;
@ -209,6 +210,12 @@ __declspec(dllexport) bool TITCALL SetBPX(ULONG_PTR bpxAddress, DWORD bpxType, L
NewBreakPoint.BreakPointSize = 2; NewBreakPoint.BreakPointSize = 2;
bpxDataPrt = &UD2BreakPoint; bpxDataPrt = &UD2BreakPoint;
} }
else //default
{
SelectedBreakPointType = UE_BREAKPOINT_INT3;
NewBreakPoint.BreakPointSize = 1;
bpxDataPrt = &INT3BreakPoint;
}
} }
else else
{ {
@ -235,8 +242,6 @@ __declspec(dllexport) bool TITCALL SetBPX(ULONG_PTR bpxAddress, DWORD bpxType, L
} }
//set breakpoint in process //set breakpoint in process
bpxDataCmpPtr = (PMEMORY_COMPARE_HANDLER)bpxDataPrt; bpxDataCmpPtr = (PMEMORY_COMPARE_HANDLER)bpxDataPrt;
VirtualQueryEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
OldProtect = MemInfo.Protect;
VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, NewBreakPoint.BreakPointSize, PAGE_EXECUTE_READWRITE, &OldProtect); VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, NewBreakPoint.BreakPointSize, PAGE_EXECUTE_READWRITE, &OldProtect);
if(ReadProcessMemory(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, &NewBreakPoint.OriginalByte[0], NewBreakPoint.BreakPointSize, &NumberOfBytesReadWritten)) if(ReadProcessMemory(dbgProcessInformation.hProcess, (LPVOID)bpxAddress, &NewBreakPoint.OriginalByte[0], NewBreakPoint.BreakPointSize, &NumberOfBytesReadWritten))
{ {

10
TitanEngine/TitanEngine.Debugger.DebugLoop.cpp
View File

@ -588,13 +588,9 @@ __declspec(dllexport) void TITCALL DebugLoop()
} }
if(engineTLSBreakOnCallBack) //set TLS callback breakpoints if(engineTLSBreakOnCallBack) //set TLS callback breakpoints
{ {
int i = NULL; for(unsigned int i=0; i<tlsCallBackList.size(); i++)
while(tlsCallBackList[i] != NULL) SetBPX(tlsCallBackList.at(i), UE_SINGLESHOOT, (LPVOID)engineTLSBreakOnCallBackAddress);
{ ClearTlsCallBackList();
SetBPX((ULONG_PTR)tlsCallBackList[i], UE_SINGLESHOOT, (LPVOID)engineTLSBreakOnCallBackAddress);
tlsCallBackList[i] = NULL;
i++;
}
engineTLSBreakOnCallBackAddress = NULL; engineTLSBreakOnCallBackAddress = NULL;
engineTLSBreakOnCallBack = false; engineTLSBreakOnCallBack = false;
} }

3
TitanEngine/TitanEngine.Disassembler.cpp
View File

@ -50,7 +50,8 @@ long IsBadReadPtrRemote(HANDLE hProcess, const VOID *lp, SIZE_T length)
section += (ULONG_PTR)MemInfo.RegionSize; section += (ULONG_PTR)MemInfo.RegionSize;
} while (res < length); }
while (res < length);
return length; //good return length; //good
} }

13
TitanEngine/TitanEngine.Dumper.cpp
View File

@ -45,11 +45,18 @@ __declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBas
DOSHeader = (PIMAGE_DOS_HEADER)ueReadBuffer; DOSHeader = (PIMAGE_DOS_HEADER)ueReadBuffer;
PEHeader32 = (PIMAGE_NT_HEADERS32)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew); PEHeader32 = (PIMAGE_NT_HEADERS32)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
if((DOSHeader->e_lfanew > 0x500) || (DOSHeader->e_magic != IMAGE_DOS_SIGNATURE) || (PEHeader32->Signature != IMAGE_NT_SIGNATURE)) if ((DOSHeader->e_lfanew > 0x500) || (DOSHeader->e_magic != IMAGE_DOS_SIGNATURE) || (PEHeader32->Signature != IMAGE_NT_SIGNATURE))
{ {
if(CalculatedHeaderSize % 0x1000 == NULL) return false;
}
CalculatedHeaderSize = DOSHeader->e_lfanew + sizeof(IMAGE_NT_HEADERS64) + (sizeof(IMAGE_SECTION_HEADER) * PEHeader32->FileHeader.NumberOfSections);
if(CalculatedHeaderSize > 0x1000)
{
if(CalculatedHeaderSize % 0x1000 != NULL)
{ {
AlignedHeaderSize = 0x1000; AlignedHeaderSize = ((CalculatedHeaderSize / 0x1000) + 1) * 0x1000;
} }
else else
{ {

41
TitanEngine/TitanEngine.Engine.cpp
View File

@ -4,6 +4,7 @@
#include "Global.Mapping.h" #include "Global.Mapping.h"
#include "Global.Engine.Hook.h" #include "Global.Engine.Hook.h"
#include "Global.Engine.GUI.h" #include "Global.Engine.GUI.h"
#include "Global.Engine.Extension.h"
// TitanEngine.Engine.functions: // TitanEngine.Engine.functions:
__declspec(dllexport) void TITCALL SetEngineVariable(DWORD VariableId, bool VariableSet) __declspec(dllexport) void TITCALL SetEngineVariable(DWORD VariableId, bool VariableSet)
@ -56,6 +57,7 @@ __declspec(dllexport) bool TITCALL EngineCreateMissingDependencies(char* szFileN
return(NULL); return(NULL);
} }
} }
__declspec(dllexport) bool TITCALL EngineCreateMissingDependenciesW(wchar_t* szFileName, wchar_t* szOutputFolder, bool LogCreatedFiles) __declspec(dllexport) bool TITCALL EngineCreateMissingDependenciesW(wchar_t* szFileName, wchar_t* szOutputFolder, bool LogCreatedFiles)
{ {
@ -226,6 +228,7 @@ __declspec(dllexport) bool TITCALL EngineCreateMissingDependenciesW(wchar_t* szF
} }
return false; return false;
} }
__declspec(dllexport) bool TITCALL EngineFakeMissingDependencies(HANDLE hProcess) __declspec(dllexport) bool TITCALL EngineFakeMissingDependencies(HANDLE hProcess)
{ {
@ -236,6 +239,7 @@ __declspec(dllexport) bool TITCALL EngineFakeMissingDependencies(HANDLE hProcess
} }
return false; return false;
} }
__declspec(dllexport) bool TITCALL EngineDeleteCreatedDependencies() __declspec(dllexport) bool TITCALL EngineDeleteCreatedDependencies()
{ {
@ -292,9 +296,9 @@ __declspec(dllexport) bool TITCALL EngineCreateUnpackerWindow(char* WindowUnpack
return false; return false;
} }
} }
__declspec(dllexport) void TITCALL EngineAddUnpackerWindowLogMessage(char* szLogMessage) __declspec(dllexport) void TITCALL EngineAddUnpackerWindowLogMessage(char* szLogMessage)
{ {
int cSelect; int cSelect;
SendMessageA(EngineBoxHandle, LB_ADDSTRING, NULL, (LPARAM)szLogMessage); SendMessageA(EngineBoxHandle, LB_ADDSTRING, NULL, (LPARAM)szLogMessage);
@ -302,3 +306,38 @@ __declspec(dllexport) void TITCALL EngineAddUnpackerWindowLogMessage(char* szLog
cSelect--; cSelect--;
SendMessageA(EngineBoxHandle, LB_SETCURSEL, (WPARAM)cSelect, NULL); SendMessageA(EngineBoxHandle, LB_SETCURSEL, (WPARAM)cSelect, NULL);
} }
__declspec(dllexport) bool TITCALL EngineCheckStructAlignment(DWORD StructureType, ULONG_PTR StructureSize)
{
int blub=1;
switch(StructureType)
{
case UE_STRUCT_PE32STRUCT:
return (sizeof(PE32Struct)==StructureSize);
case UE_STRUCT_PE64STRUCT:
return (sizeof(PE64Struct)==StructureSize);
case UE_STRUCT_PESTRUCT:
return (sizeof(PEStruct)==StructureSize);
case UE_STRUCT_IMPORTENUMDATA:
return (sizeof(ImportEnumData)==StructureSize);
case UE_STRUCT_THREAD_ITEM_DATA:
return (sizeof(THREAD_ITEM_DATA)==StructureSize);
case UE_STRUCT_LIBRARY_ITEM_DATA:
return (sizeof(LIBRARY_ITEM_DATA)==StructureSize);
case UE_STRUCT_LIBRARY_ITEM_DATAW:
return (sizeof(LIBRARY_ITEM_DATAW)==StructureSize);
case UE_STRUCT_PROCESS_ITEM_DATA:
return (sizeof(PROCESS_ITEM_DATA)==StructureSize);
case UE_STRUCT_HANDLERARRAY:
return (sizeof(HandlerArray)==StructureSize);
case UE_STRUCT_PLUGININFORMATION:
return (sizeof(PluginInformation)==StructureSize);
case UE_STRUCT_HOOK_ENTRY:
return (sizeof(HOOK_ENTRY)==StructureSize);
case UE_STRUCT_FILE_STATUS_INFO:
return (sizeof(FILE_STATUS_INFO)==StructureSize);
case UE_STRUCT_FILE_FIX_INFO:
return (sizeof(FILE_FIX_INFO)==StructureSize);
}
return false;
}

242
TitanEngine/TitanEngine.Handler.cpp
View File

@ -3,117 +3,110 @@
#include "Global.Handle.h" #include "Global.Handle.h"
void NtQuerySysHandleInfo(DynBuf& buf) bool NtQuerySysHandleInfo(DynBuf& buf)
{ {
DynBuf QSB;
ULONG RequiredSize = NULL; ULONG RequiredSize = NULL;
QSB.Allocate(0x2000); buf.Allocate(sizeof(SYSTEM_HANDLE_INFORMATION));
while(NtQuerySystemInformation(SystemHandleInformation, QSB.GetPtr(), QSB.Size(), &RequiredSize) == (NTSTATUS)0xC0000004L)
{ NtQuerySystemInformation(SystemHandleInformation, buf.GetPtr(), (ULONG)buf.Size(), &RequiredSize);
QSB.Allocate(RequiredSize);
} buf.Allocate(RequiredSize + sizeof(SYSTEM_HANDLE_INFORMATION));
return (NtQuerySystemInformation(SystemHandleInformation, buf.GetPtr(), (ULONG)buf.Size(), &RequiredSize) >= 0);
} }
// TitanEngine.Handler.functions: // TitanEngine.Handler.functions:
__declspec(dllexport) long TITCALL HandlerGetActiveHandleCount(DWORD ProcessId) __declspec(dllexport) long TITCALL HandlerGetActiveHandleCount(DWORD ProcessId)
{ {
int HandleCount = 0; int HandleCount = 0;
ULONG TotalHandleCount = 0;
PNTDLL_QUERY_HANDLE_INFO HandleInfo;
DynBuf hinfo; DynBuf hinfo;
NtQuerySysHandleInfo(hinfo); if (!NtQuerySysHandleInfo(hinfo))
return 0;
LPVOID QuerySystemBuffer = hinfo.GetPtr(); LPVOID QuerySystemBuffer = hinfo.GetPtr();
PSYSTEM_HANDLE_INFORMATION HandleInfo = (PSYSTEM_HANDLE_INFORMATION)QuerySystemBuffer;
PSYSTEM_HANDLE_TABLE_ENTRY_INFO pHandle = HandleInfo->Handles;
RtlMoveMemory(&TotalHandleCount, QuerySystemBuffer, sizeof ULONG); for (ULONG i = 0; i < HandleInfo->NumberOfHandles; i++)
QuerySystemBuffer = (LPVOID)((ULONG_PTR)QuerySystemBuffer + 4);
HandleInfo = (PNTDLL_QUERY_HANDLE_INFO)QuerySystemBuffer;
while(TotalHandleCount > NULL)
{ {
if(HandleInfo->ProcessId == ProcessId) if((DWORD)pHandle->UniqueProcessId == ProcessId)
{ {
HandleCount++; HandleCount++;
} }
HandleInfo = (PNTDLL_QUERY_HANDLE_INFO)((ULONG_PTR)HandleInfo + sizeof NTDLL_QUERY_HANDLE_INFO);
TotalHandleCount--; pHandle++;
} }
return(HandleCount); return HandleCount;
} }
__declspec(dllexport) bool TITCALL HandlerIsHandleOpen(DWORD ProcessId, HANDLE hHandle) __declspec(dllexport) bool TITCALL HandlerIsHandleOpen(DWORD ProcessId, HANDLE hHandle)
{ {
bool HandleActive = false; bool HandleActive = false;
ULONG TotalHandleCount = NULL;
PNTDLL_QUERY_HANDLE_INFO HandleInfo;
DynBuf hinfo; DynBuf hinfo;
NtQuerySysHandleInfo(hinfo); if (!NtQuerySysHandleInfo(hinfo))
return false;
LPVOID QuerySystemBuffer = hinfo.GetPtr(); LPVOID QuerySystemBuffer = hinfo.GetPtr();
RtlMoveMemory(&TotalHandleCount, QuerySystemBuffer, sizeof ULONG); PSYSTEM_HANDLE_INFORMATION HandleInfo = (PSYSTEM_HANDLE_INFORMATION)QuerySystemBuffer;
QuerySystemBuffer = (LPVOID)((ULONG_PTR)QuerySystemBuffer + 4); PSYSTEM_HANDLE_TABLE_ENTRY_INFO pHandle = HandleInfo->Handles;
HandleInfo = (PNTDLL_QUERY_HANDLE_INFO)QuerySystemBuffer;
while(TotalHandleCount > NULL)
for (ULONG i = 0; i < HandleInfo->NumberOfHandles; i++)
{ {
if(HandleInfo->ProcessId == ProcessId && (HANDLE)HandleInfo->hHandle == hHandle) if((DWORD)pHandle->UniqueProcessId == ProcessId && (HANDLE)pHandle->HandleValue == hHandle)
{ {
HandleActive = true; HandleActive = true;
break; break;
} }
HandleInfo = (PNTDLL_QUERY_HANDLE_INFO)((ULONG_PTR)HandleInfo + sizeof NTDLL_QUERY_HANDLE_INFO);
TotalHandleCount--; pHandle++;
} }
return HandleActive; return HandleActive;
} }
__declspec(dllexport) void* TITCALL HandlerGetHandleName(HANDLE hProcess, DWORD ProcessId, HANDLE hHandle, bool TranslateName) __declspec(dllexport) void* TITCALL HandlerGetHandleNameW(HANDLE hProcess, DWORD ProcessId, HANDLE hHandle, bool TranslateName)
{ {
bool NameFound = false; bool NameFound = false;
HANDLE myHandle = NULL; HANDLE myHandle = NULL;
ULONG RequiredSize = NULL; ULONG RequiredSize = NULL;
ULONG TotalHandleCount = NULL; char ObjectNameInfo[0x1000] = {0};
PNTDLL_QUERY_HANDLE_INFO HandleInfo; POBJECT_NAME_INFORMATION pObjectNameInfo = (POBJECT_NAME_INFORMATION)ObjectNameInfo;
PUBLIC_OBJECT_BASIC_INFORMATION ObjectBasicInfo;
char ObjectNameInfo[0x2000] = {0};
PPUBLIC_OBJECT_NAME_INFORMATION pObjectNameInfo = (PPUBLIC_OBJECT_NAME_INFORMATION)ObjectNameInfo;
LPVOID HandleFullName = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE); LPVOID HandleFullName = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE);
LPVOID tmpHandleFullName = NULL;
DynBuf hinfo; DynBuf hinfo;
NtQuerySysHandleInfo(hinfo); if (!NtQuerySysHandleInfo(hinfo))
{
VirtualFree(HandleFullName, NULL, MEM_RELEASE);
return 0;
}
LPVOID QuerySystemBuffer = hinfo.GetPtr(); LPVOID QuerySystemBuffer = hinfo.GetPtr();
PSYSTEM_HANDLE_INFORMATION HandleInfo = (PSYSTEM_HANDLE_INFORMATION)QuerySystemBuffer;
PSYSTEM_HANDLE_TABLE_ENTRY_INFO pHandle = HandleInfo->Handles;
RtlMoveMemory(&TotalHandleCount, QuerySystemBuffer, sizeof ULONG); for (ULONG i = 0; i < HandleInfo->NumberOfHandles; i++)
QuerySystemBuffer = (LPVOID)((ULONG_PTR)QuerySystemBuffer + 4);
HandleInfo = (PNTDLL_QUERY_HANDLE_INFO)QuerySystemBuffer;
while(TotalHandleCount > NULL)
{ {
if(HandleInfo->ProcessId == ProcessId && (HANDLE)HandleInfo->hHandle == hHandle) if((DWORD)pHandle->UniqueProcessId == ProcessId && (HANDLE)pHandle->HandleValue == hHandle)
{ {
//if(!(HandleInfo->GrantedAccess & SYNCHRONIZE) || ((HandleInfo->GrantedAccess & SYNCHRONIZE) && ((WORD)HandleInfo->GrantedAccess != 0x19F9))){// && (WORD)HandleInfo->GrantedAccess != 0x89))){ if(pHandle->GrantedAccess != 0x0012019F) //Filter, because this GrantedAccess type can cause deadlocks!
if(HandleInfo->GrantedAccess != 0x0012019F)
{ {
if(DuplicateHandle(hProcess, hHandle, GetCurrentProcess(), &myHandle, NULL, false, DUPLICATE_SAME_ACCESS)) if(DuplicateHandle(hProcess, hHandle, GetCurrentProcess(), &myHandle, NULL, FALSE, DUPLICATE_SAME_ACCESS))
{ {
RtlZeroMemory(&ObjectBasicInfo, sizeof PUBLIC_OBJECT_BASIC_INFORMATION); NtQueryObject(myHandle, ObjectNameInformation, ObjectNameInfo, sizeof(ObjectNameInfo), &RequiredSize);
NtQueryObject(myHandle, ObjectBasicInformation, &ObjectBasicInfo, sizeof PUBLIC_OBJECT_BASIC_INFORMATION, &RequiredSize); ZeroMemory(HandleFullName, 0x1000);
NtQueryObject(myHandle, ObjectNameInformation, ObjectNameInfo, 8, &RequiredSize);
NtQueryObject(myHandle, ObjectNameInformation, ObjectNameInfo, RequiredSize, &RequiredSize);
RtlZeroMemory(HandleFullName, 0x1000);
if(pObjectNameInfo->Name.Length != NULL) if(pObjectNameInfo->Name.Length != NULL)
{ {
WideCharToMultiByte(CP_ACP, NULL, (LPCWSTR)pObjectNameInfo->Name.Buffer, -1, (LPSTR)HandleFullName, 0x1000, NULL, NULL); wcscpy((wchar_t*)HandleFullName, pObjectNameInfo->Name.Buffer);
NameFound = true; NameFound = true;
if(TranslateName) if(TranslateName)
{ {
tmpHandleFullName = TranslateNativeName((char*)HandleFullName); LPVOID tmpHandleFullName = TranslateNativeNameW((wchar_t*)HandleFullName);
if(tmpHandleFullName != NULL) if(tmpHandleFullName != NULL)
{ {
VirtualFree(HandleFullName, NULL, MEM_RELEASE); VirtualFree(HandleFullName, NULL, MEM_RELEASE);
@ -126,8 +119,8 @@ __declspec(dllexport) void* TITCALL HandlerGetHandleName(HANDLE hProcess, DWORD
} }
} }
} }
HandleInfo = (PNTDLL_QUERY_HANDLE_INFO)((ULONG_PTR)HandleInfo + sizeof NTDLL_QUERY_HANDLE_INFO);
TotalHandleCount--; pHandle++;
} }
if(!NameFound) if(!NameFound)
@ -140,77 +133,20 @@ __declspec(dllexport) void* TITCALL HandlerGetHandleName(HANDLE hProcess, DWORD
return(HandleFullName); return(HandleFullName);
} }
} }
__declspec(dllexport) void* TITCALL HandlerGetHandleNameW(HANDLE hProcess, DWORD ProcessId, HANDLE hHandle, bool TranslateName) __declspec(dllexport) void* TITCALL HandlerGetHandleName(HANDLE hProcess, DWORD ProcessId, HANDLE hHandle, bool TranslateName)
{ {
wchar_t * name = (wchar_t *)HandlerGetHandleNameW(hProcess, ProcessId, hHandle, TranslateName);
bool NameFound = false; if (name)
HANDLE myHandle = NULL;
ULONG RequiredSize = NULL;
ULONG TotalHandleCount = NULL;
PNTDLL_QUERY_HANDLE_INFO HandleInfo;
PUBLIC_OBJECT_BASIC_INFORMATION ObjectBasicInfo;
char ObjectNameInfo[0x2000] = {0};
PPUBLIC_OBJECT_NAME_INFORMATION pObjectNameInfo = (PPUBLIC_OBJECT_NAME_INFORMATION)ObjectNameInfo;
LPVOID HandleFullName = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE);
LPVOID tmpHandleFullName = NULL;
DynBuf hinfo;
NtQuerySysHandleInfo(hinfo);
LPVOID QuerySystemBuffer = hinfo.GetPtr();
RtlMoveMemory(&TotalHandleCount, QuerySystemBuffer, sizeof ULONG);
QuerySystemBuffer = (LPVOID)((ULONG_PTR)QuerySystemBuffer + 4);
HandleInfo = (PNTDLL_QUERY_HANDLE_INFO)QuerySystemBuffer;
while(TotalHandleCount > NULL)
{ {
if(HandleInfo->ProcessId == ProcessId && (HANDLE)HandleInfo->hHandle == hHandle) LPVOID HandleFullName = VirtualAlloc(NULL, wcslen(name) + 1, MEM_COMMIT|MEM_RESERVE, PAGE_READWRITE);
{ WideCharToMultiByte(CP_ACP, NULL, name, -1, (LPSTR)HandleFullName, (int)wcslen(name) + 1, NULL, NULL);
//if(!(HandleInfo->GrantedAccess & SYNCHRONIZE) || ((HandleInfo->GrantedAccess & SYNCHRONIZE) && ((WORD)HandleInfo->GrantedAccess != 0x19F9))){// && (WORD)HandleInfo->GrantedAccess != 0x89))){ VirtualFree(name, NULL, MEM_RELEASE);
if(HandleInfo->GrantedAccess != 0x0012019F)
{ return HandleFullName;
if(DuplicateHandle(hProcess, hHandle, GetCurrentProcess(), &myHandle, NULL, false, DUPLICATE_SAME_ACCESS))
{
RtlZeroMemory(&ObjectBasicInfo, sizeof PUBLIC_OBJECT_BASIC_INFORMATION);
NtQueryObject(myHandle, ObjectBasicInformation, &ObjectBasicInfo, sizeof PUBLIC_OBJECT_BASIC_INFORMATION, &RequiredSize);
NtQueryObject(myHandle, ObjectNameInformation, ObjectNameInfo, 8, &RequiredSize);
NtQueryObject(myHandle, ObjectNameInformation, ObjectNameInfo, RequiredSize, &RequiredSize);
RtlZeroMemory(HandleFullName, 0x1000);
if(pObjectNameInfo->Name.Length != NULL)
{
//WideCharToMultiByte(CP_ACP, NULL, (LPCWSTR)pObjectNameInfo->Name.Buffer, -1, (LPSTR)HandleFullName, 0x1000, NULL, NULL);
NameFound = true;
lstrcpyW((wchar_t*)HandleFullName, (wchar_t*)pObjectNameInfo->Name.Buffer);
if(TranslateName)
{
tmpHandleFullName = TranslateNativeNameW((wchar_t*)HandleFullName);
if(tmpHandleFullName != NULL)
{
VirtualFree(HandleFullName, NULL, MEM_RELEASE);
HandleFullName = tmpHandleFullName;
}
}
}
EngineCloseHandle(myHandle);
break;
}
}
}
HandleInfo = (PNTDLL_QUERY_HANDLE_INFO)((ULONG_PTR)HandleInfo + sizeof NTDLL_QUERY_HANDLE_INFO);
TotalHandleCount--;
} }
if(!NameFound) return 0;
{
VirtualFree(HandleFullName, NULL, MEM_RELEASE);
return(NULL);
}
else
{
return(HandleFullName);
}
return(NULL);
} }
__declspec(dllexport) long TITCALL HandlerEnumerateOpenHandles(DWORD ProcessId, LPVOID HandleBuffer, DWORD MaxHandleCount) __declspec(dllexport) long TITCALL HandlerEnumerateOpenHandles(DWORD ProcessId, LPVOID HandleBuffer, DWORD MaxHandleCount)
{ {
@ -222,7 +158,8 @@ __declspec(dllexport) long TITCALL HandlerEnumerateOpenHandles(DWORD ProcessId,
PNTDLL_QUERY_HANDLE_INFO HandleInfo; PNTDLL_QUERY_HANDLE_INFO HandleInfo;
DynBuf hinfo; DynBuf hinfo;
NtQuerySysHandleInfo(hinfo); if (!NtQuerySysHandleInfo(hinfo))
return 0;
LPVOID QuerySystemBuffer = hinfo.GetPtr(); LPVOID QuerySystemBuffer = hinfo.GetPtr();
RtlMoveMemory(&TotalHandleCount, QuerySystemBuffer, sizeof ULONG); RtlMoveMemory(&TotalHandleCount, QuerySystemBuffer, sizeof ULONG);
@ -249,7 +186,7 @@ __declspec(dllexport) long long TITCALL HandlerGetHandleDetails(HANDLE hProcess,
ULONG RequiredSize = NULL; ULONG RequiredSize = NULL;
ULONG TotalHandleCount = NULL; ULONG TotalHandleCount = NULL;
PNTDLL_QUERY_HANDLE_INFO HandleInfo; PNTDLL_QUERY_HANDLE_INFO HandleInfo;
PUBLIC_OBJECT_BASIC_INFORMATION ObjectBasicInfo; OBJECT_BASIC_INFORMATION ObjectBasicInfo;
char HandleFullData[0x1000] = {0}; char HandleFullData[0x1000] = {0};
LPVOID HandleNameData = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE); LPVOID HandleNameData = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE);
PPUBLIC_OBJECT_TYPE_INFORMATION pObjectTypeInfo = (PPUBLIC_OBJECT_TYPE_INFORMATION)HandleFullData; PPUBLIC_OBJECT_TYPE_INFORMATION pObjectTypeInfo = (PPUBLIC_OBJECT_TYPE_INFORMATION)HandleFullData;
@ -258,7 +195,8 @@ __declspec(dllexport) long long TITCALL HandlerGetHandleDetails(HANDLE hProcess,
DynBuf hinfo; DynBuf hinfo;
NtQuerySysHandleInfo(hinfo); if (!NtQuerySysHandleInfo(hinfo))
return 0;
LPVOID QuerySystemBuffer = hinfo.GetPtr(); LPVOID QuerySystemBuffer = hinfo.GetPtr();
RtlMoveMemory(&TotalHandleCount, QuerySystemBuffer, sizeof ULONG); RtlMoveMemory(&TotalHandleCount, QuerySystemBuffer, sizeof ULONG);
@ -270,8 +208,8 @@ __declspec(dllexport) long long TITCALL HandlerGetHandleDetails(HANDLE hProcess,
{ {
if(DuplicateHandle(hProcess, hHandle, GetCurrentProcess(), &myHandle, NULL, false, DUPLICATE_SAME_ACCESS)) if(DuplicateHandle(hProcess, hHandle, GetCurrentProcess(), &myHandle, NULL, false, DUPLICATE_SAME_ACCESS))
{ {
RtlZeroMemory(&ObjectBasicInfo, sizeof PUBLIC_OBJECT_BASIC_INFORMATION); RtlZeroMemory(&ObjectBasicInfo, sizeof OBJECT_BASIC_INFORMATION);
NtQueryObject(myHandle, ObjectBasicInformation, &ObjectBasicInfo, sizeof PUBLIC_OBJECT_BASIC_INFORMATION, &RequiredSize); NtQueryObject(myHandle, ObjectBasicInformation, &ObjectBasicInfo, sizeof OBJECT_BASIC_INFORMATION, &RequiredSize);
if(InformationReturn == UE_OPTION_HANDLER_RETURN_HANDLECOUNT) if(InformationReturn == UE_OPTION_HANDLER_RETURN_HANDLECOUNT)
{ {
ReturnData = (ULONG_PTR)ObjectBasicInfo.HandleCount; ReturnData = (ULONG_PTR)ObjectBasicInfo.HandleCount;
@ -371,16 +309,17 @@ __declspec(dllexport) long TITCALL HandlerEnumerateLockHandlesW(wchar_t* szFileO
DWORD LastProcessId = NULL; DWORD LastProcessId = NULL;
PNTDLL_QUERY_HANDLE_INFO HandleInfo; PNTDLL_QUERY_HANDLE_INFO HandleInfo;
PUBLIC_OBJECT_BASIC_INFORMATION ObjectBasicInfo; OBJECT_BASIC_INFORMATION ObjectBasicInfo;
char ObjectNameInfo[0x2000] = {0}; char ObjectNameInfo[0x2000] = {0};
PPUBLIC_OBJECT_NAME_INFORMATION pObjectNameInfo = (PPUBLIC_OBJECT_NAME_INFORMATION)ObjectNameInfo; POBJECT_NAME_INFORMATION pObjectNameInfo = (POBJECT_NAME_INFORMATION)ObjectNameInfo;
char HandleFullNameB[0x1000] = {0}; char HandleFullNameB[0x1000] = {0};
LPVOID HandleFullName = HandleFullNameB; LPVOID HandleFullName = HandleFullNameB;
int LenFileOrFolderName = lstrlenW(szFileOrFolderName); int LenFileOrFolderName = lstrlenW(szFileOrFolderName);
LPVOID tmpHandleFullName = NULL; LPVOID tmpHandleFullName = NULL;
DynBuf hinfo; DynBuf hinfo;
NtQuerySysHandleInfo(hinfo); if (!NtQuerySysHandleInfo(hinfo))
return 0;
LPVOID QuerySystemBuffer = hinfo.GetPtr(); LPVOID QuerySystemBuffer = hinfo.GetPtr();
@ -405,8 +344,8 @@ __declspec(dllexport) long TITCALL HandlerEnumerateLockHandlesW(wchar_t* szFileO
{ {
if(DuplicateHandle(hProcess, (HANDLE)HandleInfo->hHandle, GetCurrentProcess(), &myHandle, NULL, false, DUPLICATE_SAME_ACCESS)) if(DuplicateHandle(hProcess, (HANDLE)HandleInfo->hHandle, GetCurrentProcess(), &myHandle, NULL, false, DUPLICATE_SAME_ACCESS))
{ {
RtlZeroMemory(&ObjectBasicInfo, sizeof PUBLIC_OBJECT_BASIC_INFORMATION); RtlZeroMemory(&ObjectBasicInfo, sizeof OBJECT_BASIC_INFORMATION);
NtQueryObject(myHandle, ObjectBasicInformation, &ObjectBasicInfo, sizeof PUBLIC_OBJECT_BASIC_INFORMATION, &RequiredSize); NtQueryObject(myHandle, ObjectBasicInformation, &ObjectBasicInfo, sizeof OBJECT_BASIC_INFORMATION, &RequiredSize);
NtQueryObject(myHandle, ObjectNameInformation, ObjectNameInfo, 8, &RequiredSize); NtQueryObject(myHandle, ObjectNameInformation, ObjectNameInfo, 8, &RequiredSize);
NtQueryObject(myHandle, ObjectNameInformation, ObjectNameInfo, RequiredSize, &RequiredSize); NtQueryObject(myHandle, ObjectNameInformation, ObjectNameInfo, RequiredSize, &RequiredSize);
RtlZeroMemory(HandleFullName, 0x1000); RtlZeroMemory(HandleFullName, 0x1000);
@ -476,9 +415,9 @@ __declspec(dllexport) bool TITCALL HandlerCloseAllLockHandlesW(wchar_t* szFileOr
ULONG TotalHandleCount = NULL; ULONG TotalHandleCount = NULL;
DWORD LastProcessId = NULL; DWORD LastProcessId = NULL;
PNTDLL_QUERY_HANDLE_INFO HandleInfo; PNTDLL_QUERY_HANDLE_INFO HandleInfo;
PUBLIC_OBJECT_BASIC_INFORMATION ObjectBasicInfo; OBJECT_BASIC_INFORMATION ObjectBasicInfo;
char ObjectNameInfo[0x2000] = {0}; char ObjectNameInfo[0x2000] = {0};
PPUBLIC_OBJECT_NAME_INFORMATION pObjectNameInfo = (PPUBLIC_OBJECT_NAME_INFORMATION)ObjectNameInfo; POBJECT_NAME_INFORMATION pObjectNameInfo = (POBJECT_NAME_INFORMATION)ObjectNameInfo;
char HandleFullNameB[0x1000] = {0}; char HandleFullNameB[0x1000] = {0};
LPVOID HandleFullName = HandleFullNameB; LPVOID HandleFullName = HandleFullNameB;
int LenFileOrFolderName = lstrlenW(szFileOrFolderName); int LenFileOrFolderName = lstrlenW(szFileOrFolderName);
@ -486,7 +425,8 @@ __declspec(dllexport) bool TITCALL HandlerCloseAllLockHandlesW(wchar_t* szFileOr
DynBuf hinfo; DynBuf hinfo;
NtQuerySysHandleInfo(hinfo); if (!NtQuerySysHandleInfo(hinfo))
return 0;
LPVOID QuerySystemBuffer = hinfo.GetPtr(); LPVOID QuerySystemBuffer = hinfo.GetPtr();
@ -511,8 +451,8 @@ __declspec(dllexport) bool TITCALL HandlerCloseAllLockHandlesW(wchar_t* szFileOr
{ {
if(DuplicateHandle(hProcess, (HANDLE)HandleInfo->hHandle, GetCurrentProcess(), &myHandle, NULL, false, DUPLICATE_SAME_ACCESS)) if(DuplicateHandle(hProcess, (HANDLE)HandleInfo->hHandle, GetCurrentProcess(), &myHandle, NULL, false, DUPLICATE_SAME_ACCESS))
{ {
RtlZeroMemory(&ObjectBasicInfo, sizeof PUBLIC_OBJECT_BASIC_INFORMATION); RtlZeroMemory(&ObjectBasicInfo, sizeof OBJECT_BASIC_INFORMATION);
NtQueryObject(myHandle, ObjectBasicInformation, &ObjectBasicInfo, sizeof PUBLIC_OBJECT_BASIC_INFORMATION, &RequiredSize); NtQueryObject(myHandle, ObjectBasicInformation, &ObjectBasicInfo, sizeof OBJECT_BASIC_INFORMATION, &RequiredSize);
NtQueryObject(myHandle, ObjectNameInformation, ObjectNameInfo, 8, &RequiredSize); NtQueryObject(myHandle, ObjectNameInformation, ObjectNameInfo, 8, &RequiredSize);
NtQueryObject(myHandle, ObjectNameInformation, ObjectNameInfo, RequiredSize, &RequiredSize); NtQueryObject(myHandle, ObjectNameInformation, ObjectNameInfo, RequiredSize, &RequiredSize);
RtlZeroMemory(HandleFullName, 0x1000); RtlZeroMemory(HandleFullName, 0x1000);
@ -579,16 +519,17 @@ __declspec(dllexport) bool TITCALL HandlerIsFileLockedW(wchar_t* szFileOrFolderN
DWORD LastProcessId = NULL; DWORD LastProcessId = NULL;
PNTDLL_QUERY_HANDLE_INFO HandleInfo; PNTDLL_QUERY_HANDLE_INFO HandleInfo;
PUBLIC_OBJECT_BASIC_INFORMATION ObjectBasicInfo; OBJECT_BASIC_INFORMATION ObjectBasicInfo;
char ObjectNameInfo[0x2000] = {0}; char ObjectNameInfo[0x2000] = {0};
PPUBLIC_OBJECT_NAME_INFORMATION pObjectNameInfo = (PPUBLIC_OBJECT_NAME_INFORMATION)ObjectNameInfo; POBJECT_NAME_INFORMATION pObjectNameInfo = (POBJECT_NAME_INFORMATION)ObjectNameInfo;
char HandleFullNameB[0x1000] = {0}; char HandleFullNameB[0x1000] = {0};
LPVOID HandleFullName = HandleFullNameB; LPVOID HandleFullName = HandleFullNameB;
int LenFileOrFolderName = lstrlenW(szFileOrFolderName); int LenFileOrFolderName = lstrlenW(szFileOrFolderName);
LPVOID tmpHandleFullName = NULL; LPVOID tmpHandleFullName = NULL;
DynBuf hinfo; DynBuf hinfo;
NtQuerySysHandleInfo(hinfo); if (!NtQuerySysHandleInfo(hinfo))
return 0;
LPVOID QuerySystemBuffer = hinfo.GetPtr(); LPVOID QuerySystemBuffer = hinfo.GetPtr();
@ -613,8 +554,8 @@ __declspec(dllexport) bool TITCALL HandlerIsFileLockedW(wchar_t* szFileOrFolderN
{ {
if(DuplicateHandle(hProcess, (HANDLE)HandleInfo->hHandle, GetCurrentProcess(), &myHandle, NULL, false, DUPLICATE_SAME_ACCESS)) if(DuplicateHandle(hProcess, (HANDLE)HandleInfo->hHandle, GetCurrentProcess(), &myHandle, NULL, false, DUPLICATE_SAME_ACCESS))
{ {
RtlZeroMemory(&ObjectBasicInfo, sizeof PUBLIC_OBJECT_BASIC_INFORMATION); RtlZeroMemory(&ObjectBasicInfo, sizeof OBJECT_BASIC_INFORMATION);
NtQueryObject(myHandle, ObjectBasicInformation, &ObjectBasicInfo, sizeof PUBLIC_OBJECT_BASIC_INFORMATION, &RequiredSize); NtQueryObject(myHandle, ObjectBasicInformation, &ObjectBasicInfo, sizeof OBJECT_BASIC_INFORMATION, &RequiredSize);
NtQueryObject(myHandle, ObjectNameInformation, ObjectNameInfo, 8, &RequiredSize); NtQueryObject(myHandle, ObjectNameInformation, ObjectNameInfo, 8, &RequiredSize);
NtQueryObject(myHandle, ObjectNameInformation, ObjectNameInfo, RequiredSize, &RequiredSize); NtQueryObject(myHandle, ObjectNameInformation, ObjectNameInfo, RequiredSize, &RequiredSize);
RtlZeroMemory(HandleFullName, 0x1000); RtlZeroMemory(HandleFullName, 0x1000);
@ -670,7 +611,8 @@ __declspec(dllexport) long TITCALL HandlerEnumerateOpenMutexes(HANDLE hProcess,
PPUBLIC_OBJECT_TYPE_INFORMATION pObjectTypeInfo = (PPUBLIC_OBJECT_TYPE_INFORMATION)HandleFullData; PPUBLIC_OBJECT_TYPE_INFORMATION pObjectTypeInfo = (PPUBLIC_OBJECT_TYPE_INFORMATION)HandleFullData;
DynBuf hinfo; DynBuf hinfo;
NtQuerySysHandleInfo(hinfo); if (!NtQuerySysHandleInfo(hinfo))
return 0;
LPVOID QuerySystemBuffer = hinfo.GetPtr(); LPVOID QuerySystemBuffer = hinfo.GetPtr();
RtlMoveMemory(&TotalHandleCount, QuerySystemBuffer, sizeof ULONG); RtlMoveMemory(&TotalHandleCount, QuerySystemBuffer, sizeof ULONG);
@ -758,12 +700,11 @@ __declspec(dllexport) long long TITCALL HandlerGetOpenMutexHandleW(HANDLE hProce
} }
__declspec(dllexport) long TITCALL HandlerGetProcessIdWhichCreatedMutex(char* szMutexString) __declspec(dllexport) long TITCALL HandlerGetProcessIdWhichCreatedMutex(char* szMutexString)
{ {
wchar_t uniMutexString[MAX_PATH] = {0};
wchar_t uniMutexString[MAX_PATH] = {};
if(szMutexString != NULL) if(szMutexString != NULL)
{ {
MultiByteToWideChar(CP_ACP, NULL, szMutexString, lstrlenA(szMutexString)+1, uniMutexString, sizeof(uniMutexString)/(sizeof(uniMutexString[0]))); MultiByteToWideChar(CP_ACP, NULL, szMutexString, -1, uniMutexString, _countof(uniMutexString));
return(HandlerGetProcessIdWhichCreatedMutexW(uniMutexString)); return(HandlerGetProcessIdWhichCreatedMutexW(uniMutexString));
} }
else else
@ -773,7 +714,7 @@ __declspec(dllexport) long TITCALL HandlerGetProcessIdWhichCreatedMutex(char* sz
} }
__declspec(dllexport) long TITCALL HandlerGetProcessIdWhichCreatedMutexW(wchar_t* szMutexString) __declspec(dllexport) long TITCALL HandlerGetProcessIdWhichCreatedMutexW(wchar_t* szMutexString)
{ {
if(!szMutexString || lstrlenW(szMutexString)>=512) if(!szMutexString || wcslen(szMutexString) >= 450)
return 0; return 0;
HANDLE hProcess = NULL; HANDLE hProcess = NULL;
DWORD ReturnData = NULL; DWORD ReturnData = NULL;
@ -786,14 +727,15 @@ __declspec(dllexport) long TITCALL HandlerGetProcessIdWhichCreatedMutexW(wchar_t
char HandleNameData[0x1000] = {0}; char HandleNameData[0x1000] = {0};
PPUBLIC_OBJECT_TYPE_INFORMATION pObjectTypeInfo = (PPUBLIC_OBJECT_TYPE_INFORMATION)HandleFullData; PPUBLIC_OBJECT_TYPE_INFORMATION pObjectTypeInfo = (PPUBLIC_OBJECT_TYPE_INFORMATION)HandleFullData;
char ObjectNameInfo[0x2000] = {0}; char ObjectNameInfo[0x2000] = {0};
PPUBLIC_OBJECT_NAME_INFORMATION pObjectNameInfo = (PPUBLIC_OBJECT_NAME_INFORMATION)ObjectNameInfo; POBJECT_NAME_INFORMATION pObjectNameInfo = (POBJECT_NAME_INFORMATION)ObjectNameInfo;
wchar_t RealMutexName[512] = L"\\BaseNamedObjects\\"; wchar_t RealMutexName[512] = L"\\BaseNamedObjects\\";
lstrcatW(RealMutexName, szMutexString); lstrcatW(RealMutexName, szMutexString);
DynBuf hinfo; DynBuf hinfo;
NtQuerySysHandleInfo(hinfo); if (!NtQuerySysHandleInfo(hinfo))
return 0;
LPVOID QuerySystemBuffer = hinfo.GetPtr(); LPVOID QuerySystemBuffer = hinfo.GetPtr();
RtlMoveMemory(&TotalHandleCount, QuerySystemBuffer, sizeof ULONG); RtlMoveMemory(&TotalHandleCount, QuerySystemBuffer, sizeof ULONG);
@ -807,7 +749,7 @@ __declspec(dllexport) long TITCALL HandlerGetProcessIdWhichCreatedMutexW(wchar_t
{ {
EngineCloseHandle(hProcess); EngineCloseHandle(hProcess);
} }
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_DUP_HANDLE, false, HandleInfo->ProcessId); hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_DUP_HANDLE, FALSE, HandleInfo->ProcessId);
LastProcessId = HandleInfo->ProcessId; LastProcessId = HandleInfo->ProcessId;
} }
if(hProcess != NULL) if(hProcess != NULL)

362
TitanEngine/TitanEngine.TLS.cpp
View File

@ -9,72 +9,52 @@ static bool engineBackupTLSx64 = false;
static IMAGE_TLS_DIRECTORY32 engineBackupTLSDataX86 = {}; static IMAGE_TLS_DIRECTORY32 engineBackupTLSDataX86 = {};
static IMAGE_TLS_DIRECTORY64 engineBackupTLSDataX64 = {}; static IMAGE_TLS_DIRECTORY64 engineBackupTLSDataX64 = {};
static DWORD engineBackupNumberOfCallBacks = NULL; static DWORD engineBackupNumberOfCallBacks = NULL;
static LPVOID engineBackupArrayOfCallBacks = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE); static std::vector<ULONG_PTR> engineBackupArrayOfCallBacks;
static DWORD engineBackupTLSAddress = NULL; static DWORD engineBackupTLSAddress = NULL;
// TitanEngine.TLSFixer.functions: // TitanEngine.TLS.functions:
__declspec(dllexport) bool TITCALL TLSBreakOnCallBack(LPVOID ArrayOfCallBacks, DWORD NumberOfCallBacks, LPVOID bpxCallBack) __declspec(dllexport) bool TITCALL TLSBreakOnCallBack(LPVOID ArrayOfCallBacks, DWORD NumberOfCallBacks, LPVOID bpxCallBack)
{ {
ULONG_PTR* ReadArrayOfCallBacks = (ULONG_PTR*)ArrayOfCallBacks;
unsigned int i; if(NumberOfCallBacks && EngineIsValidReadPtrEx(ReadArrayOfCallBacks, sizeof(ULONG_PTR)*NumberOfCallBacks) && bpxCallBack)
LPVOID ReadArrayOfCallBacks = ArrayOfCallBacks;
if(NumberOfCallBacks > NULL)
{ {
for(i = 0; i < NumberOfCallBacks; i++) ClearTlsCallBackList(); //clear TLS cb list
{ for(unsigned int i=0; i<NumberOfCallBacks; i++)
RtlMoveMemory(&tlsCallBackList[i], ReadArrayOfCallBacks, sizeof ULONG_PTR); tlsCallBackList.push_back(ReadArrayOfCallBacks[i]);
ReadArrayOfCallBacks = (LPVOID)((ULONG_PTR)ReadArrayOfCallBacks + sizeof ULONG_PTR);
}
engineTLSBreakOnCallBackAddress = (ULONG_PTR)bpxCallBack; engineTLSBreakOnCallBackAddress = (ULONG_PTR)bpxCallBack;
engineTLSBreakOnCallBack = true; engineTLSBreakOnCallBack = true;
return true; return true;
} }
else return false;
{
return false;
}
} }
__declspec(dllexport) bool TITCALL TLSGrabCallBackData(char* szFileName, LPVOID ArrayOfCallBacks, LPDWORD NumberOfCallBacks) __declspec(dllexport) bool TITCALL TLSGrabCallBackData(char* szFileName, LPVOID ArrayOfCallBacks, LPDWORD NumberOfCallBacks)
{ {
wchar_t uniFileName[MAX_PATH] = {}; wchar_t uniFileName[MAX_PATH] = {};
if(szFileName)
if(szFileName != NULL)
{ {
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
return(TLSGrabCallBackDataW(uniFileName, ArrayOfCallBacks, NumberOfCallBacks)); return TLSGrabCallBackDataW(uniFileName, ArrayOfCallBacks, NumberOfCallBacks);
}
else
{
return false;
} }
return false;
} }
__declspec(dllexport) bool TITCALL TLSGrabCallBackDataW(wchar_t* szFileName, LPVOID ArrayOfCallBacks, LPDWORD NumberOfCallBacks) __declspec(dllexport) bool TITCALL TLSGrabCallBackDataW(wchar_t* szFileName, LPVOID ArrayOfCallBacks, LPDWORD NumberOfCallBacks)
{ {
PIMAGE_DOS_HEADER DOSHeader;
PIMAGE_NT_HEADERS32 PEHeader32;
PIMAGE_NT_HEADERS64 PEHeader64;
HANDLE FileHandle; HANDLE FileHandle;
DWORD FileSize; DWORD FileSize;
HANDLE FileMap; HANDLE FileMap;
ULONG_PTR FileMapVA; ULONG_PTR FileMapVA;
BOOL FileIs64;
PIMAGE_TLS_DIRECTORY32 TLSDirectoryX86;
PIMAGE_TLS_DIRECTORY64 TLSDirectoryX64;
ULONG_PTR TLSDirectoryAddress;
ULONG_PTR TLSCallBackAddress;
ULONG_PTR TLSCompareData = NULL;
DWORD NumberOfTLSCallBacks = NULL;
if(MapFileExW(szFileName, UE_ACCESS_READ, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL)) if(MapFileExW(szFileName, UE_ACCESS_READ, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL))
{ {
DOSHeader = (PIMAGE_DOS_HEADER)FileMapVA; PIMAGE_DOS_HEADER DOSHeader = (PIMAGE_DOS_HEADER)FileMapVA;
if(EngineValidateHeader(FileMapVA, FileHandle, NULL, DOSHeader, true)) if(EngineValidateHeader(FileMapVA, FileHandle, NULL, DOSHeader, true))
{ {
PEHeader32 = (PIMAGE_NT_HEADERS32)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew); DWORD NumberOfTLSCallBacks = 0;
PEHeader64 = (PIMAGE_NT_HEADERS64)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew); PIMAGE_NT_HEADERS32 PEHeader32 = (PIMAGE_NT_HEADERS32)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
PIMAGE_NT_HEADERS64 PEHeader64 = (PIMAGE_NT_HEADERS64)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
bool FileIs64;
if(PEHeader32->OptionalHeader.Magic == 0x10B) if(PEHeader32->OptionalHeader.Magic == 0x10B)
{ {
FileIs64 = false; FileIs64 = false;
@ -88,70 +68,84 @@ __declspec(dllexport) bool TITCALL TLSGrabCallBackDataW(wchar_t* szFileName, LPV
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA); UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return false; return false;
} }
if(!FileIs64) if(!FileIs64) //x86
{ {
if(PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress != NULL) if(PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress != NULL)
{ {
TLSDirectoryAddress = (ULONG_PTR)((ULONG_PTR)PEHeader32->OptionalHeader.ImageBase + PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress); ULONG_PTR TLSDirectoryAddress = (ULONG_PTR)((ULONG_PTR)PEHeader32->OptionalHeader.ImageBase + PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress);
TLSDirectoryX86 = (PIMAGE_TLS_DIRECTORY32)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)TLSDirectoryAddress, true); PIMAGE_TLS_DIRECTORY32 TLSDirectoryX86 = (PIMAGE_TLS_DIRECTORY32)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)TLSDirectoryAddress, true);
if(TLSDirectoryX86->AddressOfCallBacks != NULL) if(TLSDirectoryX86->AddressOfCallBacks != NULL)
{ {
TLSCallBackAddress = (ULONG_PTR)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)TLSDirectoryX86->AddressOfCallBacks, true); ULONG_PTR TLSCompareData = 0;
ULONG_PTR TLSCallBackAddress = (ULONG_PTR)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)TLSDirectoryX86->AddressOfCallBacks, true);
while(memcmp((LPVOID)TLSCallBackAddress, &TLSCompareData, sizeof ULONG_PTR) != NULL) while(memcmp((LPVOID)TLSCallBackAddress, &TLSCompareData, sizeof ULONG_PTR) != NULL)
{ {
RtlMoveMemory(ArrayOfCallBacks, (LPVOID)TLSCallBackAddress, sizeof ULONG_PTR); if(ArrayOfCallBacks)
ArrayOfCallBacks = (LPVOID)((ULONG_PTR)ArrayOfCallBacks + sizeof ULONG_PTR); {
RtlMoveMemory(ArrayOfCallBacks, (LPVOID)TLSCallBackAddress, sizeof ULONG_PTR);
ArrayOfCallBacks = (LPVOID)((ULONG_PTR)ArrayOfCallBacks + sizeof ULONG_PTR);
}
TLSCallBackAddress = TLSCallBackAddress + sizeof ULONG_PTR; TLSCallBackAddress = TLSCallBackAddress + sizeof ULONG_PTR;
NumberOfTLSCallBacks++; NumberOfTLSCallBacks++;
} }
*NumberOfCallBacks = NumberOfTLSCallBacks; if(NumberOfCallBacks)
*NumberOfCallBacks = NumberOfTLSCallBacks;
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA); UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return true; return true;
} }
else else
{ {
*NumberOfCallBacks = NULL; if(NumberOfCallBacks)
*NumberOfCallBacks = 0;
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA); UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return false; return false;
} }
} }
else else
{ {
*NumberOfCallBacks = NULL; if(NumberOfCallBacks)
*NumberOfCallBacks = 0;
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA); UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return false; return false;
} }
} }
else else //x64
{ {
if(PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress != NULL) if(PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress != NULL)
{ {
TLSDirectoryAddress = (ULONG_PTR)((ULONG_PTR)PEHeader64->OptionalHeader.ImageBase + PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress); ULONG_PTR TLSDirectoryAddress = (ULONG_PTR)((ULONG_PTR)PEHeader64->OptionalHeader.ImageBase + PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress);
TLSDirectoryX64 = (PIMAGE_TLS_DIRECTORY64)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)TLSDirectoryAddress, true); PIMAGE_TLS_DIRECTORY64 TLSDirectoryX64 = (PIMAGE_TLS_DIRECTORY64)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)TLSDirectoryAddress, true);
if(TLSDirectoryX64->AddressOfCallBacks != NULL) if(TLSDirectoryX64->AddressOfCallBacks != NULL)
{ {
TLSCallBackAddress = (ULONG_PTR)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)TLSDirectoryX64->AddressOfCallBacks, true); ULONG_PTR TLSCompareData = NULL;
ULONG_PTR TLSCallBackAddress = (ULONG_PTR)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)TLSDirectoryX64->AddressOfCallBacks, true);
while(memcmp((LPVOID)TLSCallBackAddress, &TLSCompareData, sizeof ULONG_PTR) != NULL) while(memcmp((LPVOID)TLSCallBackAddress, &TLSCompareData, sizeof ULONG_PTR) != NULL)
{ {
RtlMoveMemory(ArrayOfCallBacks, (LPVOID)TLSCallBackAddress, sizeof ULONG_PTR); if(ArrayOfCallBacks)
ArrayOfCallBacks = (LPVOID)((ULONG_PTR)ArrayOfCallBacks + sizeof ULONG_PTR); {
RtlMoveMemory(ArrayOfCallBacks, (LPVOID)TLSCallBackAddress, sizeof ULONG_PTR);
ArrayOfCallBacks = (LPVOID)((ULONG_PTR)ArrayOfCallBacks + sizeof ULONG_PTR);
}
TLSCallBackAddress = TLSCallBackAddress + sizeof ULONG_PTR; TLSCallBackAddress = TLSCallBackAddress + sizeof ULONG_PTR;
NumberOfTLSCallBacks++; NumberOfTLSCallBacks++;
} }
*NumberOfCallBacks = NumberOfTLSCallBacks; if(NumberOfCallBacks)
*NumberOfCallBacks = NumberOfTLSCallBacks;
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA); UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return true; return true;
} }
else else
{ {
*NumberOfCallBacks = NULL; if(NumberOfCallBacks)
*NumberOfCallBacks = 0;
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA); UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return false; return false;
} }
} }
else else
{ {
*NumberOfCallBacks = NULL; if(NumberOfCallBacks)
*NumberOfCallBacks = 0;
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA); UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return false; return false;
} }
@ -159,89 +153,65 @@ __declspec(dllexport) bool TITCALL TLSGrabCallBackDataW(wchar_t* szFileName, LPV
} }
else else
{ {
*NumberOfCallBacks = NULL; if(NumberOfCallBacks)
*NumberOfCallBacks = 0;
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA); UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return false; return false;
} }
} }
return false; return false;
} }
__declspec(dllexport) bool TITCALL TLSBreakOnCallBackEx(char* szFileName, LPVOID bpxCallBack) __declspec(dllexport) bool TITCALL TLSBreakOnCallBackEx(char* szFileName, LPVOID bpxCallBack)
{ {
wchar_t uniFileName[MAX_PATH] = {}; wchar_t uniFileName[MAX_PATH] = {};
if(szFileName)
if(szFileName != NULL)
{ {
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
return(TLSBreakOnCallBackExW(uniFileName, bpxCallBack)); return TLSBreakOnCallBackExW(uniFileName, bpxCallBack);
}
else
{
return false;
} }
return false;
} }
__declspec(dllexport) bool TITCALL TLSBreakOnCallBackExW(wchar_t* szFileName, LPVOID bpxCallBack) __declspec(dllexport) bool TITCALL TLSBreakOnCallBackExW(wchar_t* szFileName, LPVOID bpxCallBack)
{ {
DWORD NumberOfCallBacks;
ULONG_PTR TlsArrayOfCallBacks[100]; if(TLSGrabCallBackDataW(szFileName, NULL, &NumberOfCallBacks))
DWORD TlsNumberOfCallBacks;
RtlZeroMemory(&TlsArrayOfCallBacks, 100 * sizeof ULONG_PTR);
if(szFileName != NULL)
{ {
if(TLSGrabCallBackDataW(szFileName, &TlsArrayOfCallBacks, &TlsNumberOfCallBacks)) DynBuf TlsArrayOfCallBacks(NumberOfCallBacks*sizeof(ULONG_PTR));
if(TLSGrabCallBackDataW(szFileName, TlsArrayOfCallBacks.GetPtr(), &NumberOfCallBacks))
{ {
TLSBreakOnCallBack(&TlsArrayOfCallBacks, TlsNumberOfCallBacks, bpxCallBack); return TLSBreakOnCallBack(TlsArrayOfCallBacks.GetPtr(), NumberOfCallBacks, bpxCallBack);
return true;
}
else
{
return false;
} }
} }
else return false;
{
return false;
}
} }
__declspec(dllexport) bool TITCALL TLSRemoveCallback(char* szFileName) __declspec(dllexport) bool TITCALL TLSRemoveCallback(char* szFileName)
{ {
wchar_t uniFileName[MAX_PATH] = {}; wchar_t uniFileName[MAX_PATH] = {};
if(szFileName)
if(szFileName != NULL)
{ {
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
return(TLSRemoveCallbackW(uniFileName)); return TLSRemoveCallbackW(uniFileName);
}
else
{
return false;
} }
return false;
} }
__declspec(dllexport) bool TITCALL TLSRemoveCallbackW(wchar_t* szFileName) __declspec(dllexport) bool TITCALL TLSRemoveCallbackW(wchar_t* szFileName)
{ {
PIMAGE_DOS_HEADER DOSHeader;
PIMAGE_NT_HEADERS32 PEHeader32;
PIMAGE_NT_HEADERS64 PEHeader64;
HANDLE FileHandle; HANDLE FileHandle;
DWORD FileSize; DWORD FileSize;
HANDLE FileMap; HANDLE FileMap;
ULONG_PTR FileMapVA; ULONG_PTR FileMapVA;
BOOL FileIs64;
PIMAGE_TLS_DIRECTORY32 TLSDirectoryX86;
PIMAGE_TLS_DIRECTORY64 TLSDirectoryX64;
ULONG_PTR TLSDirectoryAddress;
if(MapFileExW(szFileName, UE_ACCESS_ALL, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL)) if(MapFileExW(szFileName, UE_ACCESS_ALL, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL))
{ {
DOSHeader = (PIMAGE_DOS_HEADER)FileMapVA; PIMAGE_DOS_HEADER DOSHeader = (PIMAGE_DOS_HEADER)FileMapVA;
if(EngineValidateHeader(FileMapVA, FileHandle, NULL, DOSHeader, true)) if(EngineValidateHeader(FileMapVA, FileHandle, NULL, DOSHeader, true))
{ {
PEHeader32 = (PIMAGE_NT_HEADERS32)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew); PIMAGE_NT_HEADERS32 PEHeader32 = (PIMAGE_NT_HEADERS32)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
PEHeader64 = (PIMAGE_NT_HEADERS64)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew); PIMAGE_NT_HEADERS64 PEHeader64 = (PIMAGE_NT_HEADERS64)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
bool FileIs64;
if(PEHeader32->OptionalHeader.Magic == 0x10B) if(PEHeader32->OptionalHeader.Magic == 0x10B)
{ {
FileIs64 = false; FileIs64 = false;
@ -261,8 +231,8 @@ __declspec(dllexport) bool TITCALL TLSRemoveCallbackW(wchar_t* szFileName)
{ {
__try __try
{ {
TLSDirectoryAddress = (ULONG_PTR)((ULONG_PTR)PEHeader32->OptionalHeader.ImageBase + PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress); ULONG_PTR TLSDirectoryAddress = (ULONG_PTR)((ULONG_PTR)PEHeader32->OptionalHeader.ImageBase + PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress);
TLSDirectoryX86 = (PIMAGE_TLS_DIRECTORY32)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)TLSDirectoryAddress, true); PIMAGE_TLS_DIRECTORY32 TLSDirectoryX86 = (PIMAGE_TLS_DIRECTORY32)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)TLSDirectoryAddress, true);
if(TLSDirectoryX86->AddressOfCallBacks != NULL) if(TLSDirectoryX86->AddressOfCallBacks != NULL)
{ {
TLSDirectoryX86->AddressOfCallBacks = NULL; TLSDirectoryX86->AddressOfCallBacks = NULL;
@ -293,8 +263,8 @@ __declspec(dllexport) bool TITCALL TLSRemoveCallbackW(wchar_t* szFileName)
{ {
__try __try
{ {
TLSDirectoryAddress = (ULONG_PTR)((ULONG_PTR)PEHeader64->OptionalHeader.ImageBase + PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress); ULONG_PTR TLSDirectoryAddress = (ULONG_PTR)((ULONG_PTR)PEHeader64->OptionalHeader.ImageBase + PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress);
TLSDirectoryX64 = (PIMAGE_TLS_DIRECTORY64)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)TLSDirectoryAddress, true); PIMAGE_TLS_DIRECTORY64 TLSDirectoryX64 = (PIMAGE_TLS_DIRECTORY64)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)TLSDirectoryAddress, true);
if(TLSDirectoryX64->AddressOfCallBacks != NULL) if(TLSDirectoryX64->AddressOfCallBacks != NULL)
{ {
TLSDirectoryX64->AddressOfCallBacks = NULL; TLSDirectoryX64->AddressOfCallBacks = NULL;
@ -328,43 +298,32 @@ __declspec(dllexport) bool TITCALL TLSRemoveCallbackW(wchar_t* szFileName)
} }
return false; return false;
} }
__declspec(dllexport) bool TITCALL TLSRemoveTable(char* szFileName) __declspec(dllexport) bool TITCALL TLSRemoveTable(char* szFileName)
{ {
wchar_t uniFileName[MAX_PATH] = {}; wchar_t uniFileName[MAX_PATH] = {};
if(szFileName)
if(szFileName != NULL)
{ {
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
return(TLSRemoveTableW(uniFileName)); return TLSRemoveTableW(uniFileName);
}
else
{
return false;
} }
return false;
} }
__declspec(dllexport) bool TITCALL TLSRemoveTableW(wchar_t* szFileName) __declspec(dllexport) bool TITCALL TLSRemoveTableW(wchar_t* szFileName)
{ {
PIMAGE_DOS_HEADER DOSHeader;
PIMAGE_NT_HEADERS32 PEHeader32;
PIMAGE_NT_HEADERS64 PEHeader64;
HANDLE FileHandle; HANDLE FileHandle;
DWORD FileSize; DWORD FileSize;
HANDLE FileMap; HANDLE FileMap;
ULONG_PTR FileMapVA; ULONG_PTR FileMapVA;
BOOL FileIs64;
PIMAGE_TLS_DIRECTORY32 TLSDirectoryX86;
PIMAGE_TLS_DIRECTORY64 TLSDirectoryX64;
ULONG_PTR TLSDirectoryAddress;
if(MapFileExW(szFileName, UE_ACCESS_ALL, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL)) if(MapFileExW(szFileName, UE_ACCESS_ALL, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL))
{ {
DOSHeader = (PIMAGE_DOS_HEADER)FileMapVA; PIMAGE_DOS_HEADER DOSHeader = (PIMAGE_DOS_HEADER)FileMapVA;
if(EngineValidateHeader(FileMapVA, FileHandle, NULL, DOSHeader, true)) if(EngineValidateHeader(FileMapVA, FileHandle, NULL, DOSHeader, true))
{ {
PEHeader32 = (PIMAGE_NT_HEADERS32)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew); PIMAGE_NT_HEADERS32 PEHeader32 = (PIMAGE_NT_HEADERS32)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
PEHeader64 = (PIMAGE_NT_HEADERS64)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew); PIMAGE_NT_HEADERS64 PEHeader64 = (PIMAGE_NT_HEADERS64)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
bool FileIs64;
if(PEHeader32->OptionalHeader.Magic == 0x10B) if(PEHeader32->OptionalHeader.Magic == 0x10B)
{ {
FileIs64 = false; FileIs64 = false;
@ -384,8 +343,8 @@ __declspec(dllexport) bool TITCALL TLSRemoveTableW(wchar_t* szFileName)
{ {
__try __try
{ {
TLSDirectoryAddress = (ULONG_PTR)((ULONG_PTR)PEHeader32->OptionalHeader.ImageBase + PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress); ULONG_PTR TLSDirectoryAddress = (ULONG_PTR)((ULONG_PTR)PEHeader32->OptionalHeader.ImageBase + PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress);
TLSDirectoryX86 = (PIMAGE_TLS_DIRECTORY32)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)TLSDirectoryAddress, true); PIMAGE_TLS_DIRECTORY32 TLSDirectoryX86 = (PIMAGE_TLS_DIRECTORY32)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)TLSDirectoryAddress, true);
PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress = NULL; PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress = NULL;
PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].Size = NULL; PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].Size = NULL;
RtlZeroMemory(TLSDirectoryX86, sizeof IMAGE_TLS_DIRECTORY32); RtlZeroMemory(TLSDirectoryX86, sizeof IMAGE_TLS_DIRECTORY32);
@ -410,8 +369,8 @@ __declspec(dllexport) bool TITCALL TLSRemoveTableW(wchar_t* szFileName)
{ {
__try __try
{ {
TLSDirectoryAddress = (ULONG_PTR)((ULONG_PTR)PEHeader64->OptionalHeader.ImageBase + PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress); ULONG_PTR TLSDirectoryAddress = (ULONG_PTR)((ULONG_PTR)PEHeader64->OptionalHeader.ImageBase + PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress);
TLSDirectoryX64 = (PIMAGE_TLS_DIRECTORY64)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)TLSDirectoryAddress, true); PIMAGE_TLS_DIRECTORY64 TLSDirectoryX64 = (PIMAGE_TLS_DIRECTORY64)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)TLSDirectoryAddress, true);
PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress = NULL; PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress = NULL;
PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].Size = NULL; PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].Size = NULL;
RtlZeroMemory(TLSDirectoryX64, sizeof IMAGE_TLS_DIRECTORY64); RtlZeroMemory(TLSDirectoryX64, sizeof IMAGE_TLS_DIRECTORY64);
@ -439,52 +398,41 @@ __declspec(dllexport) bool TITCALL TLSRemoveTableW(wchar_t* szFileName)
} }
return false; return false;
} }
__declspec(dllexport) bool TITCALL TLSBackupData(char* szFileName) __declspec(dllexport) bool TITCALL TLSBackupData(char* szFileName)
{ {
wchar_t uniFileName[MAX_PATH] = {}; wchar_t uniFileName[MAX_PATH] = {};
if(szFileName)
if(szFileName != NULL)
{ {
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
return(TLSBackupDataW(uniFileName)); return TLSBackupDataW(uniFileName);
}
else
{
return false;
} }
return false;
} }
__declspec(dllexport) bool TITCALL TLSBackupDataW(wchar_t* szFileName) __declspec(dllexport) bool TITCALL TLSBackupDataW(wchar_t* szFileName)
{ {
PIMAGE_DOS_HEADER DOSHeader;
PIMAGE_NT_HEADERS32 PEHeader32;
PIMAGE_NT_HEADERS64 PEHeader64;
HANDLE FileHandle; HANDLE FileHandle;
DWORD FileSize; DWORD FileSize;
HANDLE FileMap; HANDLE FileMap;
ULONG_PTR FileMapVA; ULONG_PTR FileMapVA;
BOOL FileIs64;
PIMAGE_TLS_DIRECTORY32 TLSDirectoryX86;
PIMAGE_TLS_DIRECTORY64 TLSDirectoryX64;
ULONG_PTR TLSDirectoryAddress;
ULONG_PTR TLSCallBackAddress;
ULONG_PTR TLSCompareData = NULL;
DWORD NumberOfTLSCallBacks = NULL;
LPVOID ArrayOfCallBacks = &engineBackupArrayOfCallBacks;
LPDWORD NumberOfCallBacks = &engineBackupNumberOfCallBacks;
engineBackupTLSAddress = NULL;
RtlZeroMemory(engineBackupArrayOfCallBacks, 0x1000);
RtlZeroMemory(&engineBackupTLSDataX86, sizeof IMAGE_TLS_DIRECTORY32);
RtlZeroMemory(&engineBackupTLSDataX64, sizeof IMAGE_TLS_DIRECTORY64);
if(MapFileExW(szFileName, UE_ACCESS_READ, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL)) if(MapFileExW(szFileName, UE_ACCESS_READ, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL))
{ {
DOSHeader = (PIMAGE_DOS_HEADER)FileMapVA; PIMAGE_DOS_HEADER DOSHeader = (PIMAGE_DOS_HEADER)FileMapVA;
if(EngineValidateHeader(FileMapVA, FileHandle, NULL, DOSHeader, true)) if(EngineValidateHeader(FileMapVA, FileHandle, NULL, DOSHeader, true))
{ {
PEHeader32 = (PIMAGE_NT_HEADERS32)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew); DWORD NumberOfTLSCallBacks = NULL;
PEHeader64 = (PIMAGE_NT_HEADERS64)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew); engineBackupTLSAddress = NULL;
RtlZeroMemory(&engineBackupTLSDataX86, sizeof IMAGE_TLS_DIRECTORY32);
RtlZeroMemory(&engineBackupTLSDataX64, sizeof IMAGE_TLS_DIRECTORY64);
ClearTlsVector(&engineBackupArrayOfCallBacks); //clear backup array
std::vector<ULONG_PTR>* ArrayOfCallBacks = &engineBackupArrayOfCallBacks;
LPDWORD NumberOfCallBacks = &engineBackupNumberOfCallBacks;
PIMAGE_NT_HEADERS32 PEHeader32 = (PIMAGE_NT_HEADERS32)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
PIMAGE_NT_HEADERS64 PEHeader64 = (PIMAGE_NT_HEADERS64)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
bool FileIs64;
if(PEHeader32->OptionalHeader.Magic == 0x10B) if(PEHeader32->OptionalHeader.Magic == 0x10B)
{ {
FileIs64 = false; FileIs64 = false;
@ -498,7 +446,7 @@ __declspec(dllexport) bool TITCALL TLSBackupDataW(wchar_t* szFileName)
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA); UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return false; return false;
} }
if(!FileIs64) if(!FileIs64) //x86
{ {
if(PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress != NULL) if(PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress != NULL)
{ {
@ -506,17 +454,17 @@ __declspec(dllexport) bool TITCALL TLSBackupDataW(wchar_t* szFileName)
{ {
engineBackupTLSx64 = false; engineBackupTLSx64 = false;
engineBackupTLSAddress = PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress; engineBackupTLSAddress = PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress;
TLSDirectoryAddress = (ULONG_PTR)((ULONG_PTR)PEHeader32->OptionalHeader.ImageBase + PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress); ULONG_PTR TLSDirectoryAddress = (ULONG_PTR)((ULONG_PTR)PEHeader32->OptionalHeader.ImageBase + PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress);
TLSDirectoryX86 = (PIMAGE_TLS_DIRECTORY32)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)TLSDirectoryAddress, true); PIMAGE_TLS_DIRECTORY32 TLSDirectoryX86 = (PIMAGE_TLS_DIRECTORY32)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)TLSDirectoryAddress, true);
RtlMoveMemory(&engineBackupTLSDataX86, (LPVOID)TLSDirectoryX86, sizeof IMAGE_TLS_DIRECTORY32); RtlMoveMemory(&engineBackupTLSDataX86, (LPVOID)TLSDirectoryX86, sizeof IMAGE_TLS_DIRECTORY32);
if(TLSDirectoryX86->AddressOfCallBacks != NULL) if(TLSDirectoryX86->AddressOfCallBacks != NULL)
{ {
TLSCallBackAddress = (ULONG_PTR)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)TLSDirectoryX86->AddressOfCallBacks, true); ULONG_PTR TLSCompareData = 0;
ULONG_PTR* TLSCallBackAddress = (ULONG_PTR*)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)TLSDirectoryX86->AddressOfCallBacks, true);
while(memcmp((LPVOID)TLSCallBackAddress, &TLSCompareData, sizeof ULONG_PTR) != NULL) while(memcmp((LPVOID)TLSCallBackAddress, &TLSCompareData, sizeof ULONG_PTR) != NULL)
{ {
RtlMoveMemory(ArrayOfCallBacks, (LPVOID)TLSCallBackAddress, sizeof ULONG_PTR); ArrayOfCallBacks->push_back(*TLSCallBackAddress);
ArrayOfCallBacks = (LPVOID)((ULONG_PTR)ArrayOfCallBacks + sizeof ULONG_PTR); TLSCallBackAddress++; //next callback
TLSCallBackAddress = TLSCallBackAddress + sizeof ULONG_PTR;
NumberOfTLSCallBacks++; NumberOfTLSCallBacks++;
} }
*NumberOfCallBacks = NumberOfTLSCallBacks; *NumberOfCallBacks = NumberOfTLSCallBacks;
@ -544,7 +492,7 @@ __declspec(dllexport) bool TITCALL TLSBackupDataW(wchar_t* szFileName)
return false; return false;
} }
} }
else else //x64
{ {
if(PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress != NULL) if(PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress != NULL)
{ {
@ -552,17 +500,17 @@ __declspec(dllexport) bool TITCALL TLSBackupDataW(wchar_t* szFileName)
{ {
engineBackupTLSx64 = true; engineBackupTLSx64 = true;
engineBackupTLSAddress = PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress; engineBackupTLSAddress = PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress;
TLSDirectoryAddress = (ULONG_PTR)((ULONG_PTR)PEHeader64->OptionalHeader.ImageBase + PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress); ULONG_PTR TLSDirectoryAddress = (ULONG_PTR)((ULONG_PTR)PEHeader64->OptionalHeader.ImageBase + PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress);
TLSDirectoryX64 = (PIMAGE_TLS_DIRECTORY64)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)TLSDirectoryAddress, true); PIMAGE_TLS_DIRECTORY64 TLSDirectoryX64 = (PIMAGE_TLS_DIRECTORY64)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)TLSDirectoryAddress, true);
RtlMoveMemory(&engineBackupTLSDataX64, (LPVOID)TLSDirectoryX64, sizeof IMAGE_TLS_DIRECTORY64); RtlMoveMemory(&engineBackupTLSDataX64, (LPVOID)TLSDirectoryX64, sizeof IMAGE_TLS_DIRECTORY64);
if(TLSDirectoryX64->AddressOfCallBacks != NULL) if(TLSDirectoryX64->AddressOfCallBacks != NULL)
{ {
TLSCallBackAddress = (ULONG_PTR)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)TLSDirectoryX64->AddressOfCallBacks, true); ULONG_PTR TLSCompareData = 0;
ULONG_PTR* TLSCallBackAddress = (ULONG_PTR*)ConvertVAtoFileOffset(FileMapVA, (ULONG_PTR)TLSDirectoryX64->AddressOfCallBacks, true);
while(memcmp((LPVOID)TLSCallBackAddress, &TLSCompareData, sizeof ULONG_PTR) != NULL) while(memcmp((LPVOID)TLSCallBackAddress, &TLSCompareData, sizeof ULONG_PTR) != NULL)
{ {
RtlMoveMemory(ArrayOfCallBacks, (LPVOID)TLSCallBackAddress, sizeof ULONG_PTR); ArrayOfCallBacks->push_back(*TLSCallBackAddress);
ArrayOfCallBacks = (LPVOID)((ULONG_PTR)ArrayOfCallBacks + sizeof ULONG_PTR); TLSCallBackAddress++; //next callback
TLSCallBackAddress = TLSCallBackAddress + sizeof ULONG_PTR;
NumberOfTLSCallBacks++; NumberOfTLSCallBacks++;
} }
*NumberOfCallBacks = NumberOfTLSCallBacks; *NumberOfCallBacks = NumberOfTLSCallBacks;
@ -593,18 +541,16 @@ __declspec(dllexport) bool TITCALL TLSBackupDataW(wchar_t* szFileName)
} }
else else
{ {
*NumberOfCallBacks = NULL;
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA); UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
return false; return false;
} }
} }
return false; return false;
} }
__declspec(dllexport) bool TITCALL TLSRestoreData() __declspec(dllexport) bool TITCALL TLSRestoreData()
{ {
ULONG_PTR ueNumberOfBytesRead = NULL; ULONG_PTR ueNumberOfBytesRead = NULL;
if(dbgProcessInformation.hProcess != NULL && engineBackupTLSAddress != NULL) if(dbgProcessInformation.hProcess != NULL && engineBackupTLSAddress != NULL)
{ {
if(engineBackupTLSx64) if(engineBackupTLSx64)
@ -613,7 +559,11 @@ __declspec(dllexport) bool TITCALL TLSRestoreData()
{ {
if(engineBackupTLSDataX64.AddressOfCallBacks != NULL && engineBackupNumberOfCallBacks != NULL) if(engineBackupTLSDataX64.AddressOfCallBacks != NULL && engineBackupNumberOfCallBacks != NULL)
{ {
if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)(engineBackupTLSDataX64.AddressOfCallBacks + GetDebuggedFileBaseAddress()), engineBackupArrayOfCallBacks, sizeof IMAGE_TLS_DIRECTORY64, &ueNumberOfBytesRead)) DynBuf BackupData(sizeof(ULONG_PTR)*engineBackupArrayOfCallBacks.size());
ULONG_PTR* Backup=(ULONG_PTR*)BackupData.GetPtr();
for(unsigned int i=0; i<engineBackupArrayOfCallBacks.size(); i++)
Backup[i]=engineBackupArrayOfCallBacks.at(i);
if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)(engineBackupTLSDataX64.AddressOfCallBacks + GetDebuggedFileBaseAddress()), Backup, BackupData.Size(), &ueNumberOfBytesRead))
{ {
engineBackupTLSAddress = NULL; engineBackupTLSAddress = NULL;
return true; return true;
@ -632,7 +582,11 @@ __declspec(dllexport) bool TITCALL TLSRestoreData()
{ {
if(engineBackupTLSDataX86.AddressOfCallBacks != NULL && engineBackupNumberOfCallBacks != NULL) if(engineBackupTLSDataX86.AddressOfCallBacks != NULL && engineBackupNumberOfCallBacks != NULL)
{ {
if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)(engineBackupTLSDataX86.AddressOfCallBacks + GetDebuggedFileBaseAddress()), engineBackupArrayOfCallBacks, sizeof IMAGE_TLS_DIRECTORY32, &ueNumberOfBytesRead)) DynBuf BackupData(sizeof(ULONG_PTR)*engineBackupArrayOfCallBacks.size());
ULONG_PTR* Backup=(ULONG_PTR*)BackupData.GetPtr();
for(unsigned int i=0; i<engineBackupArrayOfCallBacks.size(); i++)
Backup[i]=engineBackupArrayOfCallBacks.at(i);
if(WriteProcessMemory(dbgProcessInformation.hProcess, (LPVOID)(engineBackupTLSDataX86.AddressOfCallBacks + GetDebuggedFileBaseAddress()), Backup, BackupData.Size(), &ueNumberOfBytesRead))
{ {
engineBackupTLSAddress = NULL; engineBackupTLSAddress = NULL;
return true; return true;
@ -648,24 +602,18 @@ __declspec(dllexport) bool TITCALL TLSRestoreData()
} }
return false; return false;
} }
__declspec(dllexport) bool TITCALL TLSBuildNewTable(ULONG_PTR FileMapVA, ULONG_PTR StorePlace, ULONG_PTR StorePlaceRVA, LPVOID ArrayOfCallBacks, DWORD NumberOfCallBacks) __declspec(dllexport) bool TITCALL TLSBuildNewTable(ULONG_PTR FileMapVA, ULONG_PTR StorePlace, ULONG_PTR StorePlaceRVA, LPVOID ArrayOfCallBacks, DWORD NumberOfCallBacks)
{ {
BOOL FileIs64;
PIMAGE_DOS_HEADER DOSHeader;
PIMAGE_NT_HEADERS32 PEHeader32;
PIMAGE_NT_HEADERS64 PEHeader64;
PIMAGE_TLS_DIRECTORY32 TLSDirectoryX86;
PIMAGE_TLS_DIRECTORY64 TLSDirectoryX64;
ULONG_PTR TLSWriteData = StorePlaceRVA;
if(FileMapVA != NULL) if(FileMapVA != NULL)
{ {
DOSHeader = (PIMAGE_DOS_HEADER)FileMapVA; PIMAGE_DOS_HEADER DOSHeader = (PIMAGE_DOS_HEADER)FileMapVA;
if(EngineValidateHeader(FileMapVA, NULL, NULL, DOSHeader, true)) if(EngineValidateHeader(FileMapVA, NULL, NULL, DOSHeader, true))
{ {
PEHeader32 = (PIMAGE_NT_HEADERS32)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew); PIMAGE_NT_HEADERS32 PEHeader32 = (PIMAGE_NT_HEADERS32)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
PEHeader64 = (PIMAGE_NT_HEADERS64)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew); PIMAGE_NT_HEADERS64 PEHeader64 = (PIMAGE_NT_HEADERS64)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
bool FileIs64;
ULONG_PTR TLSWriteData = StorePlaceRVA;
if(PEHeader32->OptionalHeader.Magic == 0x10B) if(PEHeader32->OptionalHeader.Magic == 0x10B)
{ {
FileIs64 = false; FileIs64 = false;
@ -684,7 +632,7 @@ __declspec(dllexport) bool TITCALL TLSBuildNewTable(ULONG_PTR FileMapVA, ULONG_P
{ {
PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress = (DWORD)StorePlaceRVA; PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress = (DWORD)StorePlaceRVA;
PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].Size = sizeof IMAGE_TLS_DIRECTORY32; PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].Size = sizeof IMAGE_TLS_DIRECTORY32;
TLSDirectoryX86 = (PIMAGE_TLS_DIRECTORY32)StorePlace; PIMAGE_TLS_DIRECTORY32 TLSDirectoryX86 = (PIMAGE_TLS_DIRECTORY32)StorePlace;
TLSDirectoryX86->StartAddressOfRawData = (DWORD)TLSWriteData; TLSDirectoryX86->StartAddressOfRawData = (DWORD)TLSWriteData;
TLSDirectoryX86->EndAddressOfRawData = (DWORD)TLSWriteData + 0x10; TLSDirectoryX86->EndAddressOfRawData = (DWORD)TLSWriteData + 0x10;
TLSDirectoryX86->AddressOfIndex = (DWORD)TLSWriteData + 0x14; TLSDirectoryX86->AddressOfIndex = (DWORD)TLSWriteData + 0x14;
@ -703,7 +651,7 @@ __declspec(dllexport) bool TITCALL TLSBuildNewTable(ULONG_PTR FileMapVA, ULONG_P
{ {
PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress = (DWORD)StorePlaceRVA; PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress = (DWORD)StorePlaceRVA;
PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].Size = sizeof IMAGE_TLS_DIRECTORY64; PEHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].Size = sizeof IMAGE_TLS_DIRECTORY64;
TLSDirectoryX64 = (PIMAGE_TLS_DIRECTORY64)StorePlace; PIMAGE_TLS_DIRECTORY64 TLSDirectoryX64 = (PIMAGE_TLS_DIRECTORY64)StorePlace;
TLSDirectoryX64->StartAddressOfRawData = TLSWriteData; TLSDirectoryX64->StartAddressOfRawData = TLSWriteData;
TLSDirectoryX64->EndAddressOfRawData = TLSWriteData + 0x20; TLSDirectoryX64->EndAddressOfRawData = TLSWriteData + 0x20;
TLSDirectoryX64->AddressOfIndex = TLSWriteData + 0x28; TLSDirectoryX64->AddressOfIndex = TLSWriteData + 0x28;
@ -724,39 +672,30 @@ __declspec(dllexport) bool TITCALL TLSBuildNewTable(ULONG_PTR FileMapVA, ULONG_P
} }
return false; return false;
} }
__declspec(dllexport) bool TITCALL TLSBuildNewTableEx(char* szFileName, char* szSectionName, LPVOID ArrayOfCallBacks, DWORD NumberOfCallBacks) __declspec(dllexport) bool TITCALL TLSBuildNewTableEx(char* szFileName, char* szSectionName, LPVOID ArrayOfCallBacks, DWORD NumberOfCallBacks)
{ {
wchar_t uniFileName[MAX_PATH] = {}; wchar_t uniFileName[MAX_PATH] = {};
if(szFileName)
if(szFileName != NULL)
{ {
MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0]))); MultiByteToWideChar(CP_ACP, NULL, szFileName, lstrlenA(szFileName)+1, uniFileName, sizeof(uniFileName)/(sizeof(uniFileName[0])));
return(TLSBuildNewTableExW(uniFileName, szSectionName, ArrayOfCallBacks, NumberOfCallBacks)); return TLSBuildNewTableExW(uniFileName, szSectionName, ArrayOfCallBacks, NumberOfCallBacks);
}
else
{
return false;
} }
return false;
} }
__declspec(dllexport) bool TITCALL TLSBuildNewTableExW(wchar_t* szFileName, char* szSectionName, LPVOID ArrayOfCallBacks, DWORD NumberOfCallBacks) __declspec(dllexport) bool TITCALL TLSBuildNewTableExW(wchar_t* szFileName, char* szSectionName, LPVOID ArrayOfCallBacks, DWORD NumberOfCallBacks)
{ {
ULONG_PTR tlsImageBase = (ULONG_PTR)GetPE32DataW(szFileName, NULL, UE_IMAGEBASE);
DWORD NewSectionVO = AddNewSectionW(szFileName, szSectionName, sizeof IMAGE_TLS_DIRECTORY64 * 2);
HANDLE FileHandle; HANDLE FileHandle;
DWORD FileSize; DWORD FileSize;
HANDLE FileMap; HANDLE FileMap;
ULONG_PTR FileMapVA; ULONG_PTR FileMapVA;
DWORD NewSectionVO = NULL;
DWORD NewSectionFO = NULL;
bool ReturnValue = false;
ULONG_PTR tlsImageBase;
tlsImageBase = (ULONG_PTR)GetPE32DataW(szFileName, NULL, UE_IMAGEBASE);
NewSectionVO = AddNewSectionW(szFileName, szSectionName, sizeof IMAGE_TLS_DIRECTORY64 * 2);
if(MapFileExW(szFileName, UE_ACCESS_ALL, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL)) if(MapFileExW(szFileName, UE_ACCESS_ALL, &FileHandle, &FileSize, &FileMap, &FileMapVA, NULL))
{ {
NewSectionFO = (DWORD)ConvertVAtoFileOffset(FileMapVA, NewSectionVO + tlsImageBase, true); DWORD NewSectionFO = (DWORD)ConvertVAtoFileOffset(FileMapVA, NewSectionVO + tlsImageBase, true);
ReturnValue = TLSBuildNewTable(FileMapVA, NewSectionFO, NewSectionVO, ArrayOfCallBacks, NumberOfCallBacks); bool ReturnValue = TLSBuildNewTable(FileMapVA, NewSectionFO, NewSectionVO, ArrayOfCallBacks, NumberOfCallBacks);
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA); UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
if(ReturnValue) if(ReturnValue)
{ {
@ -767,8 +706,5 @@ __declspec(dllexport) bool TITCALL TLSBuildNewTableExW(wchar_t* szFileName, char
return false; return false;
} }
} }
else return false;
{
return false;
}
} }

157
TitanEngine/TitanEngine.Threader.cpp
View File

@ -5,36 +5,152 @@
#include "Global.Threader.h" #include "Global.Threader.h"
#include "Global.Debugger.h" #include "Global.Debugger.h"
void updateThreadList( THREAD_ITEM_DATA* NewThreadData )
{
bool notInList = true;
unsigned int count = hListThread.size();
for (unsigned int i = 0; i < count; i++)
{
if (hListThread.at(i).dwThreadId == NewThreadData->dwThreadId)
{
notInList = false;
CloseHandle(NewThreadData->hThread); //handle not needed
hListThread.at(i).BasePriority = NewThreadData->BasePriority;
hListThread.at(i).ContextSwitches = NewThreadData->ContextSwitches;
hListThread.at(i).Priority = NewThreadData->Priority;
hListThread.at(i).TebAddress = NewThreadData->TebAddress;
hListThread.at(i).ThreadStartAddress = NewThreadData->ThreadStartAddress;
hListThread.at(i).WaitReason = NewThreadData->WaitReason;
hListThread.at(i).WaitTime = NewThreadData->WaitTime;
hListThread.at(i).ThreadState = NewThreadData->ThreadState;
break;
}
}
if (notInList)
{
hListThread.push_back(*NewThreadData);
}
}
// TitanEngine.Threader.functions: // TitanEngine.Threader.functions:
__declspec(dllexport) bool TITCALL ThreaderImportRunningThreadData(DWORD ProcessId) __declspec(dllexport) bool TITCALL ThreaderImportRunningThreadData(DWORD ProcessId)
{ {
if(dbgProcessInformation.hProcess != NULL || ProcessId == NULL) bool updateList = false;
return false; DWORD dwProcessId = 0;
std::vector<THREAD_ITEM_DATA>().swap(hListThread); //clear thread list
THREADENTRY32 ThreadEntry = {}; if (ProcessId == NULL && dbgProcessInformation.hProcess != NULL)
ThreadEntry.dwSize = sizeof THREADENTRY32;
HANDLE hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, ProcessId);
if(hSnapShot != INVALID_HANDLE_VALUE)
{ {
if(Thread32First(hSnapShot, &ThreadEntry)) updateList = true;
dwProcessId = GetProcessId(dbgProcessInformation.hProcess);
}
else if (ProcessId != NULL && dbgProcessInformation.hProcess != NULL)
{
updateList = true;
dwProcessId = ProcessId;
}
else if (ProcessId != NULL && dbgProcessInformation.hProcess == NULL)
{
updateList = false;
dwProcessId = ProcessId;
}
else if (ProcessId == NULL && dbgProcessInformation.hProcess == NULL)
{
return false;
}
if (updateList == false)
{
std::vector<THREAD_ITEM_DATA>().swap(hListThread); //clear thread list
}
THREAD_ITEM_DATA NewThreadData;
ULONG retLength = 0;
ULONG bufferLength = 1;
PSYSTEM_PROCESS_INFORMATION pBuffer = (PSYSTEM_PROCESS_INFORMATION)malloc(bufferLength);
PSYSTEM_PROCESS_INFORMATION pIter;
PSYSTEM_THREAD_INFORMATION pIterThread;
if (NtQuerySystemInformation(SystemProcessInformation, pBuffer, bufferLength, &retLength) == STATUS_INFO_LENGTH_MISMATCH)
{
free(pBuffer);
bufferLength = retLength + sizeof(SYSTEM_PROCESS_INFORMATION);
pBuffer = (PSYSTEM_PROCESS_INFORMATION)malloc(bufferLength);
if (!pBuffer)
return false;
if (NtQuerySystemInformation(SystemProcessInformation, pBuffer, bufferLength, &retLength) != STATUS_SUCCESS)
{ {
do return false;
}
}
else
{
return false;
}
pIter = pBuffer;
while(TRUE)
{
if (pIter->UniqueProcessId == (HANDLE)dwProcessId)
{
pIterThread = &pIter->Threads[0];
for (ULONG i = 0; i < pIter->NumberOfThreads; i++)
{ {
if(ThreadEntry.th32OwnerProcessID == ProcessId) ZeroMemory(&NewThreadData, sizeof(THREAD_ITEM_DATA));
NewThreadData.BasePriority = pIterThread->BasePriority;
NewThreadData.ContextSwitches = pIterThread->ContextSwitches;
NewThreadData.Priority = pIterThread->Priority;
NewThreadData.BasePriority = pIterThread->BasePriority;
//NewThreadData.ThreadStartAddress = pIterThread->StartAddress; <- wrong value
NewThreadData.ThreadState = pIterThread->ThreadState;
NewThreadData.WaitReason = pIterThread->WaitReason;
NewThreadData.WaitTime = pIterThread->WaitTime;
NewThreadData.dwThreadId = (DWORD)pIterThread->ClientId.UniqueThread;
NewThreadData.hThread = OpenThread(THREAD_ALL_ACCESS, FALSE, NewThreadData.dwThreadId);
if (NewThreadData.hThread)
{
NewThreadData.TebAddress = GetTEBLocation(NewThreadData.hThread);
PVOID startAddress = 0;
if (NtQueryInformationThread(NewThreadData.hThread, ThreadQuerySetWin32StartAddress, &startAddress, sizeof(PVOID), NULL) == STATUS_SUCCESS)
{
NewThreadData.ThreadStartAddress = startAddress;
}
}
if (updateList == false)
{ {
THREAD_ITEM_DATA NewThreadData;
memset(&NewThreadData, 0, sizeof(THREAD_ITEM_DATA));
NewThreadData.dwThreadId = ThreadEntry.th32ThreadID;
NewThreadData.hThread = OpenThread(THREAD_ALL_ACCESS, false, NewThreadData.dwThreadId);
hListThread.push_back(NewThreadData); hListThread.push_back(NewThreadData);
} }
else
{
updateThreadList(&NewThreadData);
}
pIterThread++;
} }
while(Thread32Next(hSnapShot, &ThreadEntry));
break;
}
if (pIter->NextEntryOffset == 0)
{
break;
}
else
{
pIter = (PSYSTEM_PROCESS_INFORMATION)((DWORD_PTR)pIter + (DWORD_PTR)pIter->NextEntryOffset);
} }
EngineCloseHandle(hSnapShot);
return true;
} }
return false;
free(pBuffer);
return (hListThread.size() > 0);
} }
__declspec(dllexport) void* TITCALL ThreaderGetThreadInfo(HANDLE hThread, DWORD ThreadId) __declspec(dllexport) void* TITCALL ThreaderGetThreadInfo(HANDLE hThread, DWORD ThreadId)
@ -208,9 +324,10 @@ __declspec(dllexport) bool TITCALL ThreaderIsThreadActive(HANDLE hThread)
if(SuspendThread(hThread)) //if previous suspend count is above 0 (which means thread is suspended) if(SuspendThread(hThread)) //if previous suspend count is above 0 (which means thread is suspended)
{ {
ResumeThread(hThread); //decrement suspend count ResumeThread(hThread); //decrement suspend count
return true; return false; //meaning the thread is not active
} }
return false; ResumeThread(hThread); //decrement suspend count
return true;
} }
__declspec(dllexport) bool TITCALL ThreaderIsAnyThreadActive() __declspec(dllexport) bool TITCALL ThreaderIsAnyThreadActive()

1
TitanEngine/TitanEngine.def
View File

@ -390,6 +390,7 @@ EngineCreateMissingDependencies
EngineCreateMissingDependenciesW EngineCreateMissingDependenciesW
EngineCreateUnpackerWindow EngineCreateUnpackerWindow
EngineAddUnpackerWindowLogMessage EngineAddUnpackerWindowLogMessage
EngineCheckStructAlignment
ExtensionManagerIsPluginLoaded ExtensionManagerIsPluginLoaded
ExtensionManagerIsPluginEnabled ExtensionManagerIsPluginEnabled
ExtensionManagerDisablePlugin ExtensionManagerDisablePlugin

2
TitanEngine/TitanEngine.vcxproj.filters
View File

@ -208,7 +208,7 @@
<Filter>Source Files\TitanEngine</Filter> <Filter>Source Files\TitanEngine</Filter>
</ClCompile> </ClCompile>
<ClCompile Include="Global.Helper.cpp"> <ClCompile Include="Global.Helper.cpp">
<Filter>Source Files</Filter> <Filter>Source Files\TitanEngine</Filter>
</ClCompile> </ClCompile>
</ItemGroup> </ItemGroup>
<ItemGroup> <ItemGroup>

1
TitanEngine/definitions.h
View File

@ -425,6 +425,7 @@ __declspec(dllexport) bool TITCALL EngineFakeMissingDependencies(HANDLE hProcess
__declspec(dllexport) bool TITCALL EngineDeleteCreatedDependencies(); __declspec(dllexport) bool TITCALL EngineDeleteCreatedDependencies();
__declspec(dllexport) bool TITCALL EngineCreateUnpackerWindow(char* WindowUnpackerTitle, char* WindowUnpackerLongTitle, char* WindowUnpackerName, char* WindowUnpackerAuthor, void* StartUnpackingCallBack); __declspec(dllexport) bool TITCALL EngineCreateUnpackerWindow(char* WindowUnpackerTitle, char* WindowUnpackerLongTitle, char* WindowUnpackerName, char* WindowUnpackerAuthor, void* StartUnpackingCallBack);
__declspec(dllexport) void TITCALL EngineAddUnpackerWindowLogMessage(char* szLogMessage); __declspec(dllexport) void TITCALL EngineAddUnpackerWindowLogMessage(char* szLogMessage);
__declspec(dllexport) bool TITCALL EngineCheckStructAlignment(DWORD StructureType, ULONG_PTR StructureSize);
// Global.Engine.Extension.Functions: // Global.Engine.Extension.Functions:
__declspec(dllexport) bool TITCALL ExtensionManagerIsPluginLoaded(char* szPluginName); __declspec(dllexport) bool TITCALL ExtensionManagerIsPluginLoaded(char* szPluginName);
__declspec(dllexport) bool TITCALL ExtensionManagerIsPluginEnabled(char* szPluginName); __declspec(dllexport) bool TITCALL ExtensionManagerIsPluginEnabled(char* szPluginName);

249
TitanEngine/ntdll.h
View File

@ -8,6 +8,8 @@
#pragma comment(lib, "ntdll_x64.lib") #pragma comment(lib, "ntdll_x64.lib")
#endif #endif
#define STATUS_INFO_LENGTH_MISMATCH ((NTSTATUS)0xC0000004L)
typedef LONG NTSTATUS; typedef LONG NTSTATUS;
typedef LONG KPRIORITY; typedef LONG KPRIORITY;
@ -17,6 +19,61 @@ typedef struct _CLIENT_ID
HANDLE UniqueThread; HANDLE UniqueThread;
} CLIENT_ID, *PCLIENT_ID; } CLIENT_ID, *PCLIENT_ID;
typedef enum _KTHREAD_STATE
{
Initialized,
Ready,
Running,
Standby,
Terminated,
Waiting,
Transition,
DeferredReady,
GateWait
} KTHREAD_STATE;
typedef enum _KWAIT_REASON
{
Executive,
FreePage,
PageIn,
PoolAllocation,
DelayExecution,
Suspended,
UserRequest,
WrExecutive,
WrFreePage,
WrPageIn,
WrPoolAllocation,
WrDelayExecution,
WrSuspended,
WrUserRequest,
WrEventPair,
WrQueue,
WrLpcReceive,
WrLpcReply,
WrVirtualMemory,
WrPageOut,
WrRendezvous,
Spare2,
Spare3,
Spare4,
Spare5,
Spare6,
WrKernel,
WrResource,
WrPushLock,
WrMutex,
WrQuantumEnd,
WrDispatchInt,
WrPreempted,
WrYieldExecution,
WrFastMutex,
WrGuardedMutex,
WrRundown,
MaximumWaitReason
} KWAIT_REASON;
typedef struct _UNICODE_STRING typedef struct _UNICODE_STRING
{ {
USHORT Length; USHORT Length;
@ -24,16 +81,157 @@ typedef struct _UNICODE_STRING
PWSTR Buffer; PWSTR Buffer;
} UNICODE_STRING, *PUNICODE_STRING; } UNICODE_STRING, *PUNICODE_STRING;
typedef struct _PUBLIC_OBJECT_BASIC_INFORMATION typedef struct _SYSTEM_SESSION_PROCESS_INFORMATION
{
ULONG SessionId;
ULONG SizeOfBuf;
PVOID Buffer;
} SYSTEM_SESSION_PROCESS_INFORMATION, *PSYSTEM_SESSION_PROCESS_INFORMATION;
typedef struct _SYSTEM_THREAD_INFORMATION
{
LARGE_INTEGER KernelTime;
LARGE_INTEGER UserTime;
LARGE_INTEGER CreateTime;
ULONG WaitTime;
PVOID StartAddress;
CLIENT_ID ClientId;
KPRIORITY Priority;
LONG BasePriority;
ULONG ContextSwitches;
ULONG ThreadState;
ULONG WaitReason;
} SYSTEM_THREAD_INFORMATION, *PSYSTEM_THREAD_INFORMATION;
typedef struct _SYSTEM_HANDLE_TABLE_ENTRY_INFO
{
USHORT UniqueProcessId;
USHORT CreatorBackTraceIndex;
UCHAR ObjectTypeIndex;
UCHAR HandleAttributes;
USHORT HandleValue;
PVOID Object;
ULONG GrantedAccess;
} SYSTEM_HANDLE_TABLE_ENTRY_INFO, *PSYSTEM_HANDLE_TABLE_ENTRY_INFO;
typedef struct _SYSTEM_HANDLE_INFORMATION
{
ULONG NumberOfHandles;
SYSTEM_HANDLE_TABLE_ENTRY_INFO Handles[1];
} SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION;
typedef struct _SYSTEM_EXTENDED_THREAD_INFORMATION
{
SYSTEM_THREAD_INFORMATION ThreadInfo;
PVOID StackBase;
PVOID StackLimit;
PVOID Win32StartAddress;
PVOID TebAddress; /* This is only filled in on Vista and above */
ULONG_PTR Reserved2;
ULONG_PTR Reserved3;
ULONG_PTR Reserved4;
} SYSTEM_EXTENDED_THREAD_INFORMATION, *PSYSTEM_EXTENDED_THREAD_INFORMATION;
typedef struct _SYSTEM_PROCESS_INFORMATION
{
ULONG NextEntryOffset;
ULONG NumberOfThreads;
LARGE_INTEGER SpareLi1;
LARGE_INTEGER SpareLi2;
LARGE_INTEGER SpareLi3;
LARGE_INTEGER CreateTime;
LARGE_INTEGER UserTime;
LARGE_INTEGER KernelTime;
UNICODE_STRING ImageName;
KPRIORITY BasePriority;
HANDLE UniqueProcessId;
HANDLE InheritedFromUniqueProcessId;
ULONG HandleCount;
ULONG SessionId;
ULONG_PTR PageDirectoryBase;
SIZE_T PeakVirtualSize;
SIZE_T VirtualSize;
ULONG PageFaultCount;
SIZE_T PeakWorkingSetSize;
SIZE_T WorkingSetSize;
SIZE_T QuotaPeakPagedPoolUsage;
SIZE_T QuotaPagedPoolUsage;
SIZE_T QuotaPeakNonPagedPoolUsage;
SIZE_T QuotaNonPagedPoolUsage;
SIZE_T PagefileUsage;
SIZE_T PeakPagefileUsage;
SIZE_T PrivatePageCount;
LARGE_INTEGER ReadOperationCount;
LARGE_INTEGER WriteOperationCount;
LARGE_INTEGER OtherOperationCount;
LARGE_INTEGER ReadTransferCount;
LARGE_INTEGER WriteTransferCount;
LARGE_INTEGER OtherTransferCount;
SYSTEM_THREAD_INFORMATION Threads[1];
} SYSTEM_PROCESS_INFORMATION, *PSYSTEM_PROCESS_INFORMATION;
typedef struct _OBJECT_BASIC_INFORMATION
{ {
ULONG Attributes; ULONG Attributes;
ACCESS_MASK GrantedAccess; ACCESS_MASK GrantedAccess;
ULONG HandleCount; ULONG HandleCount;
ULONG PointerCount; ULONG PointerCount;
ULONG PagedPoolCharge;
ULONG NonPagedPoolCharge;
ULONG Reserved[ 3 ];
ULONG NameInfoSize;
ULONG TypeInfoSize;
ULONG SecurityDescriptorSize;
LARGE_INTEGER CreationTime;
} OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION;
ULONG Reserved[10]; // reserved for internal use typedef struct _OBJECT_NAME_INFORMATION
{
UNICODE_STRING Name;
} OBJECT_NAME_INFORMATION, *POBJECT_NAME_INFORMATION;
} PUBLIC_OBJECT_BASIC_INFORMATION, *PPUBLIC_OBJECT_BASIC_INFORMATION; typedef struct _OBJECT_TYPE_INFORMATION
{
UNICODE_STRING TypeName;
ULONG TotalNumberOfObjects;
ULONG TotalNumberOfHandles;
ULONG TotalPagedPoolUsage;
ULONG TotalNonPagedPoolUsage;
ULONG TotalNamePoolUsage;
ULONG TotalHandleTableUsage;
ULONG HighWaterNumberOfObjects;
ULONG HighWaterNumberOfHandles;
ULONG HighWaterPagedPoolUsage;
ULONG HighWaterNonPagedPoolUsage;
ULONG HighWaterNamePoolUsage;
ULONG HighWaterHandleTableUsage;
ULONG InvalidAttributes;
GENERIC_MAPPING GenericMapping;
ULONG ValidAccessMask;
BOOLEAN SecurityRequired;
BOOLEAN MaintainHandleCount;
ULONG PoolType;
ULONG DefaultPagedPoolCharge;
ULONG DefaultNonPagedPoolCharge;
} OBJECT_TYPE_INFORMATION, *POBJECT_TYPE_INFORMATION;
typedef struct _OBJECT_TYPES_INFORMATION
{
ULONG NumberOfTypes;
OBJECT_TYPE_INFORMATION TypeInformation[1];
} OBJECT_TYPES_INFORMATION, *POBJECT_TYPES_INFORMATION;
//typedef struct _PUBLIC_OBJECT_BASIC_INFORMATION
//{
// ULONG Attributes;
// ACCESS_MASK GrantedAccess;
// ULONG HandleCount;
// ULONG PointerCount;
//
// ULONG Reserved[10]; // reserved for internal use
//
//} PUBLIC_OBJECT_BASIC_INFORMATION, *PPUBLIC_OBJECT_BASIC_INFORMATION;
typedef struct __PUBLIC_OBJECT_TYPE_INFORMATION typedef struct __PUBLIC_OBJECT_TYPE_INFORMATION
{ {
@ -54,8 +252,7 @@ typedef struct _PROCESS_BASIC_INFORMATION
} PROCESS_BASIC_INFORMATION; } PROCESS_BASIC_INFORMATION;
typedef PROCESS_BASIC_INFORMATION *PPROCESS_BASIC_INFORMATION; typedef PROCESS_BASIC_INFORMATION *PPROCESS_BASIC_INFORMATION;
typedef struct _THREAD_BASIC_INFORMATION typedef struct _THREAD_BASIC_INFORMATION {
{
NTSTATUS ExitStatus; NTSTATUS ExitStatus;
PVOID TebBaseAddress; PVOID TebBaseAddress;
CLIENT_ID ClientId; CLIENT_ID ClientId;
@ -365,6 +562,48 @@ NtQueueApcThread (
__in_opt PVOID ApcArgument3 __in_opt PVOID ApcArgument3
); );
NTSYSCALLAPI
NTSTATUS
NTAPI
RtlGetCompressionWorkSpaceSize (
IN USHORT CompressionFormatAndEngine,
OUT PULONG CompressBufferWorkSpaceSize,
OUT PULONG CompressFragmentWorkSpaceSize
);
NTSYSCALLAPI
NTSTATUS
NTAPI
RtlCompressBuffer (
IN USHORT CompressionFormatAndEngine,
IN PUCHAR UncompressedBuffer,
IN ULONG UncompressedBufferSize,
OUT PUCHAR CompressedBuffer,
IN ULONG CompressedBufferSize,
IN ULONG UncompressedChunkSize,
OUT PULONG FinalCompressedSize,
IN PVOID WorkSpace
);
NTSYSCALLAPI
NTSTATUS
NTAPI
RtlDecompressBuffer (
IN USHORT CompressionFormat,
OUT PUCHAR UncompressedBuffer,
IN ULONG UncompressedBufferSize,
IN PUCHAR CompressedBuffer,
IN ULONG CompressedBufferSize,
OUT PULONG FinalUncompressedSize
);
NTSYSCALLAPI
ULONG
NTAPI
RtlNtStatusToDosError (
NTSTATUS Status
);
#ifdef __cplusplus #ifdef __cplusplus
}; };
#endif #endif

BIN
TitanEngine/scylla_wrapper_x64.lib
View File

Binary file not shown.

BIN
TitanEngine/scylla_wrapper_x86.lib
View File

Binary file not shown.

63
TitanEngine/stdafx.h
View File

@ -70,6 +70,21 @@
#pragma pack(push) #pragma pack(push)
#pragma pack(1) #pragma pack(1)
//EngineCheckStructAlignment
#define UE_STRUCT_PE32STRUCT 1
#define UE_STRUCT_PE64STRUCT 2
#define UE_STRUCT_PESTRUCT 3
#define UE_STRUCT_IMPORTENUMDATA 4
#define UE_STRUCT_THREAD_ITEM_DATA 5
#define UE_STRUCT_LIBRARY_ITEM_DATA 6
#define UE_STRUCT_LIBRARY_ITEM_DATAW 7
#define UE_STRUCT_PROCESS_ITEM_DATA 8
#define UE_STRUCT_HANDLERARRAY 9
#define UE_STRUCT_PLUGININFORMATION 10
#define UE_STRUCT_HOOK_ENTRY 11
#define UE_STRUCT_FILE_STATUS_INFO 12
#define UE_STRUCT_FILE_FIX_INFO 13
typedef struct typedef struct
{ {
ULONG_PTR BreakPointAddress; ULONG_PTR BreakPointAddress;
@ -243,6 +258,13 @@ typedef struct
DWORD dwThreadId; DWORD dwThreadId;
void* ThreadStartAddress; void* ThreadStartAddress;
void* ThreadLocalBase; void* ThreadLocalBase;
void* TebAddress;
ULONG WaitTime;
LONG Priority;
LONG BasePriority;
ULONG ContextSwitches;
ULONG ThreadState;
ULONG WaitReason;
} THREAD_ITEM_DATA, *PTHREAD_ITEM_DATA; } THREAD_ITEM_DATA, *PTHREAD_ITEM_DATA;
typedef struct typedef struct
@ -588,6 +610,12 @@ typedef struct
DWORD NumberOfRvaAndSizes; DWORD NumberOfRvaAndSizes;
} PE64Struct, *PPE64Struct; } PE64Struct, *PPE64Struct;
#ifdef _WIN64
typedef PE64Struct PEStruct;
#else
typedef PE32Struct PEStruct;
#endif
typedef struct typedef struct
{ {
bool NewDll; bool NewDll;
@ -756,42 +784,7 @@ typedef struct
ACCESS_MASK GrantedAccess; ACCESS_MASK GrantedAccess;
} NTDLL_QUERY_HANDLE_INFO, *PNTDLL_QUERY_HANDLE_INFO; } NTDLL_QUERY_HANDLE_INFO, *PNTDLL_QUERY_HANDLE_INFO;
/*typedef struct _PUBLIC_OBJECT_BASIC_INFORMATION {
ULONG Attributes;
ACCESS_MASK GrantedAccess;
ULONG HandleCount;
ULONG PointerCount;
ULONG PagedPoolUsage;
ULONG NonPagedPoolUsage;
ULONG Reserved[3];
ULONG NameInformationLength;
ULONG TypeInformationLength;
ULONG SecurityDescriptorLength;
LARGE_INTEGER CreateTime;
} PUBLIC_OBJECT_BASIC_INFORMATION, *PPUBLIC_OBJECT_BASIC_INFORMATION;*/
typedef struct _PUBLIC_OBJECT_NAME_INFORMATION // Information Class 1
{
UNICODE_STRING Name;
} PUBLIC_OBJECT_NAME_INFORMATION, *PPUBLIC_OBJECT_NAME_INFORMATION;
/*typedef struct _PUBLIC_OBJECT_TYPE_INFORMATION { // Information Class 2
UNICODE_STRING Name;
ULONG ObjectCount;
ULONG HandleCount;
ULONG Reserved1[4];
ULONG PeakObjectCount;
ULONG PeakHandleCount;
ULONG Reserved2[4];
ULONG InvalidAttributes;
GENERIC_MAPPING GenericMapping;
ULONG ValidAccess;
UCHAR Unknown;
BOOLEAN MaintainHandleDatabase;
POOL_TYPE PoolType;
ULONG PagedPoolUsage;
ULONG NonPagedPoolUsage;
} PUBLIC_OBJECT_TYPE_INFORMATION, *PPUBLIC_OBJECT_TYPE_INFORMATION;*/
typedef void (*PPEBLOCKROUTINE)( typedef void (*PPEBLOCKROUTINE)(
PVOID PebLock PVOID PebLock

BIN
TitanScriptGui/MAINICON.ico
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 15 KiB

27
TitanScriptGui/TitanScript.h
View File

@ -1,27 +0,0 @@
#ifndef TITANSCRIPT_H
#define TITANSCRIPT_H
#if _MSC_VER > 1000
//#pragma once
#endif
#include <windows.h>
enum eLogType {TS_LOG_NORMAL, TS_LOG_ERROR, TS_LOG_COMMAND, TS_LOG_DEBUG};
typedef void(*fLogCallback)(const char* szString, eLogType Type);
typedef bool (*tScripterLoadFileA)(const char*);
typedef bool (*tScripterLoadFileW)(const wchar_t*);
typedef bool (*tScripterLoadBuffer)(const char*);
typedef bool (*tScripterResume)();
typedef bool (*tScripterPause)();
typedef bool (*tScripterAutoDebugA)(const char*);
typedef bool (*tScripterAutoDebugW)(const wchar_t*);
typedef void (*tScripterSetLogCallback)(fLogCallback Callback);
typedef bool (*tScripterExecuteWithTitanMistA)(const char*, const char*);
typedef bool (*tScripterExecuteWithTitanMistW)(const wchar_t*, const wchar_t*);
// use like this: tScripterResume foo = GetTSFunctionPointer(Resume);
#define GetTSFunctionPointer(x) ((tScripter ## x)GetProcAddress(GetModuleHandleA("TitanScript"), "Scripter" #x))
#endif /*TITANSCRIPT_H*/

343
TitanScriptGui/TitanScriptGui.cpp
View File

@ -1,343 +0,0 @@
#include "stdafx.h"
#include "TitanScriptGui.h"
#include "..\SDK\CPP\TitanEngine.h"
#include "TitanScript.h"
#define MAX_LOG_LINE_LENGTH 100
#define MAX_LOG_LINE_COUNT 100
#ifdef _WIN64
const WCHAR WindowTitle[] = L"TitanScriptGUI x64";
#else
const WCHAR WindowTitle[] = L"TitanScriptGUI x86";
#endif
//variables
static HINSTANCE hInst;
static HWND hLogBox;
static HWND hRunBtn;
static bool bRunning;
static TCHAR FileNameTarget[MAX_PATH] = {};
static TCHAR FileNameScript[MAX_PATH] = {};
static TCHAR FileNameIni[MAX_PATH] = {};
//functions
static INT_PTR CALLBACK WndProc(HWND, UINT, WPARAM, LPARAM);
static bool GetFileDialog(TCHAR[MAX_PATH]);
static void AddLogMessage(const char* szLogMessage, eLogType Type);
static void AddLogMessageW(const wchar_t* szLogMessage, eLogType Type);
static void SettingSet(const TCHAR* name, const TCHAR* value);
static void SettingGet(const TCHAR* name, TCHAR* value, int value_size);
static bool FileExists(LPCTSTR szPath);
static void CreateDummyUnicodeFile(const TCHAR* szFileName);
static DWORD WINAPI TitanScriptExecThread(LPVOID lpParam);
//TitanScript functions
static tScripterLoadFileW load_file = NULL;
static tScripterExecuteWithTitanMistW exec = NULL;
static tScripterSetLogCallback set_log_callback = NULL;
int APIENTRY _tWinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPTSTR lpCmdLine, int nCmdShow)
{
UNREFERENCED_PARAMETER(hPrevInstance);
UNREFERENCED_PARAMETER(lpCmdLine);
hInst = hInstance;
DialogBox(hInstance, MAKEINTRESOURCE(IDD_MAINWINDOW), NULL, &WndProc);
ExitProcess(NULL);
}
INT_PTR CALLBACK WndProc(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam)
{
switch (message)
{
case WM_INITDIALOG:
{
SetWindowTextW(hWnd, WindowTitle);
//set icon
HICON hIconLarge = (HICON)LoadImage(hInst, MAKEINTRESOURCE(IDI_ICON1), IMAGE_ICON, 32, 32, LR_DEFAULTSIZE);
SendMessage(hWnd, WM_SETICON, ICON_BIG, (LPARAM)hIconLarge);
HICON hIconSmall = (HICON)LoadImage(hInst, MAKEINTRESOURCE(IDI_ICON1), IMAGE_ICON, 16, 16, LR_DEFAULTSIZE);
SendMessage(hWnd, WM_SETICON, ICON_SMALL, (LPARAM)hIconSmall);
//initialize variables
hLogBox = GetDlgItem(hWnd, IDC_LOG);
hRunBtn = GetDlgItem(hWnd, IDC_RUN);
int i = GetModuleFileName(hInst, FileNameIni, _countof(FileNameIni));
while(FileNameIni[i] != TCHAR('\\') && i)
i--;
if(i)
{
int len = lstrlen(FileNameIni);
while(FileNameIni[i] != TCHAR('.') && i < len)
i++;
if(i+1 < len)
FileNameIni[i] = TCHAR('\0');
}
lstrcat(FileNameIni, _T(".ini"));
CreateDummyUnicodeFile(FileNameIni);
//restore last files
SettingGet(_T("Target"), FileNameTarget, _countof(FileNameTarget));
if(lstrlen(FileNameTarget))
SetDlgItemText(hWnd, IDC_TARGETPATH, FileNameTarget);
SettingGet(_T("Script"), FileNameScript, _countof(FileNameScript));
if(lstrlen(FileNameScript))
SetDlgItemText(hWnd, IDC_SCRIPTPATH, FileNameScript);
//make sure TitanScript is available
if ( !ExtensionManagerIsPluginLoaded( "TitanScript" ) || !ExtensionManagerIsPluginEnabled( "TitanScript" ) )
{
AddLogMessageW(L"TitanScript failed to load", TS_LOG_ERROR);
#ifdef _WIN64
AddLogMessageW(L"Ensure plugins\\x64\\TitanScript.dll exists !", TS_LOG_ERROR);
#else
AddLogMessageW(L"Ensure plugins\\x86\\TitanScript.dll exists !", TS_LOG_ERROR);
#endif //_WIN64
EnableWindow(GetDlgItem(hWnd, IDC_RUN ), FALSE);
}
else
{
load_file = GetTSFunctionPointer( LoadFileW );
exec = GetTSFunctionPointer( ExecuteWithTitanMistW );
set_log_callback = GetTSFunctionPointer( SetLogCallback );
set_log_callback(&AddLogMessage);
}
break;
}
case WM_COMMAND:
{
switch (LOWORD(wParam))
{
case IDC_BROWSETARGET:
{
if(GetFileDialog(FileNameTarget))
{
SetDlgItemText(hWnd, IDC_TARGETPATH, FileNameTarget);
SettingSet(_T("Target"), FileNameTarget);
}
break;
}
case IDC_BROWSESCRIPT:
{
if(GetFileDialog(FileNameScript))
{
SetDlgItemText(hWnd, IDC_SCRIPTPATH, FileNameScript);
SettingSet(_T("Script"), FileNameScript);
}
break;
}
case IDC_RUN:
{
if(!bRunning)
CreateThread(0, 0, TitanScriptExecThread, 0, 0, 0);
else
StopDebug();
break;
}
case IDC_COPY: {
//get lines
LRESULT cnt = SendMessageW(hLogBox, LB_GETCOUNT, 0, 0);
if (cnt != 0 && cnt != LB_ERR)
{
WCHAR * copy = (WCHAR *)calloc(1, sizeof(WCHAR));
int copyLength = 1;
for(LRESULT i=0; i<cnt; i++) {
LRESULT stringLength = SendMessageW(hLogBox, LB_GETTEXTLEN, i, 0);
copyLength += (int)stringLength + 2;
copy = (WCHAR *)realloc(copy, copyLength * sizeof(WCHAR));
if (copy)
{
copy[copyLength - (int)stringLength - 2] = 0;
}
else
{
return FALSE;
}
WCHAR * buf = (WCHAR *)calloc(stringLength + 1, sizeof(WCHAR));
if (buf && (SendMessageW(hLogBox, LB_GETTEXT, i, (LPARAM)buf) != LB_ERR))
{
wcscat(copy, buf);
wcscat(copy, L"\r\n");
free(buf);
}
}
//copy to clipboard
HGLOBAL clipbuffer;
WCHAR* buffer;
clipbuffer = GlobalAlloc(GMEM_MOVEABLE, (wcslen(copy) + 1) * sizeof(WCHAR));
if (clipbuffer)
{
buffer = (TCHAR*)GlobalLock(clipbuffer);
wcscpy(buffer, copy);
GlobalUnlock(clipbuffer);
OpenClipboard(NULL);
EmptyClipboard();
UINT format;
#ifdef UNICODE
format = CF_UNICODETEXT;
#else
format = CF_OEMTEXT;
#endif
SetClipboardData(format, clipbuffer);
}
CloseClipboard();
free(copy);
}
break;
}
}
}
break;
case WM_CLOSE:
{
EndDialog(hWnd, NULL);
}
break;
default:
{
return FALSE;
}
}
return 0;
}
static bool GetFileDialog(TCHAR Buffer[MAX_PATH])
{
OPENFILENAME sOpenFileName = {0};
const TCHAR szFilterString[] = _T("All Files \0*.*\0\0");
const TCHAR szDialogTitle[] = _T("TitanScriptGUI");
Buffer[0] = 0;
sOpenFileName.lStructSize = sizeof(sOpenFileName);
sOpenFileName.lpstrFilter = szFilterString;
sOpenFileName.lpstrFile = Buffer;
sOpenFileName.nMaxFile = MAX_PATH;
sOpenFileName.Flags = OFN_FILEMUSTEXIST | OFN_PATHMUSTEXIST | OFN_LONGNAMES | OFN_EXPLORER | OFN_HIDEREADONLY;
sOpenFileName.lpstrTitle = szDialogTitle;
return (TRUE == GetOpenFileName(&sOpenFileName));
}
static void AddLogMessageW(const wchar_t* szLogMessage, eLogType Type)
{
LRESULT cSelect = SendMessage(hLogBox, LB_INSERTSTRING, (WPARAM)-1, (LPARAM)szLogMessage);
if (cSelect == LB_ERR)
{
MessageBoxW(0, L"ERROR LOG MESSAGE - LB_INSERTSTRING", L"ERROR", MB_ICONWARNING);
} else if (cSelect == LB_ERRSPACE)
{
MessageBoxW(0, L"ERROR LOG MESSAGE - LB_ERRSPACE - Not enough space!", L"ERROR", MB_ICONWARNING);
}
else
{
SendMessage(hLogBox, LB_SETCURSEL, cSelect, NULL);
}
}
static bool IsValidChar(char s)
{
if (isalnum(s))
{
return true;
}
else if (s == '$' || s == '-' || s == '>')
{
return true;
}
else
{
return false;
}
}
static void AddLogMessage(const char* szLogMessage, eLogType Type)
{
if (strlen(szLogMessage) > 0)
{
if (IsValidChar(szLogMessage[0]))
{
TCHAR * buf = (TCHAR *)calloc(strlen(szLogMessage) + 1, sizeof(TCHAR));
if (buf)
{
mbstowcs(buf, szLogMessage, strlen(szLogMessage) + 1);
AddLogMessageW(buf, Type);
free(buf);
}
}
else
{
AddLogMessageW(L"ERROR INVALID LOG MESSAGE", Type);
}
}
}
static void SettingSet(const TCHAR* name, const TCHAR* value)
{
WritePrivateProfileString(_T("Settings"), name, value, FileNameIni);
}
static void SettingGet(const TCHAR* name, TCHAR* value, int value_size)
{
GetPrivateProfileString(_T("Settings"), name, _T(""), value, value_size, FileNameIni);
}
static bool FileExists(LPCTSTR szPath)
{
DWORD dwAttrib = GetFileAttributes(szPath);
return (dwAttrib != INVALID_FILE_ATTRIBUTES && !(dwAttrib & FILE_ATTRIBUTE_DIRECTORY));
}
static void CreateDummyUnicodeFile(const TCHAR* szFileName)
{
//http://www.codeproject.com/Articles/9071/Using-Unicode-in-INI-files
if (!FileExists(szFileName))
{
// UTF16-LE BOM(FFFE)
WORD wBOM = 0xFEFF;
DWORD NumberOfBytesWritten;
HANDLE hFile = CreateFile(szFileName, GENERIC_WRITE, 0, NULL, CREATE_NEW, FILE_ATTRIBUTE_NORMAL, NULL);
WriteFile(hFile, &wBOM, sizeof(WORD), &NumberOfBytesWritten, NULL);
CloseHandle(hFile);
}
}
static DWORD WINAPI TitanScriptExecThread(LPVOID lpParam)
{
if(!load_file(FileNameScript))
{
AddLogMessageW(L"Script failed to load", TS_LOG_ERROR);
return 0;
}
SetWindowText(hRunBtn, _T("Stop"));
bRunning = true;
if(!exec(FileNameTarget, L"")) //TitanScript will generate the output filename
{
AddLogMessageW(L"Failed to execute", TS_LOG_ERROR);
}
else
AddLogMessageW(L"Debugging stopped", TS_LOG_NORMAL);
bRunning = false;
SetWindowText(hRunBtn, _T("Run"));
return 0;
}

3
TitanScriptGui/TitanScriptGui.h
View File

@ -1,3 +0,0 @@
#pragma once
#include "resource.h"

BIN
TitanScriptGui/TitanScriptGui.rc
View File

Binary file not shown.

188
TitanScriptGui/TitanScriptGui.vcxproj
View File

@ -1,188 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Debug|Win32">
<Configuration>Debug</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Debug|x64">
<Configuration>Debug</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|x64">
<Configuration>Release</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
</ItemGroup>
<PropertyGroup Label="Globals">
<ProjectGuid>{49C88677-C374-4AE2-B431-8F3B424BF245}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>TitanScriptGui</RootNamespace>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<PropertyGroup Label="UserMacros" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<LinkIncremental>true</LinkIncremental>
<OutDir>$(SolutionDir)\$(Configuration)\x32\</OutDir>
<IntDir>$(Configuration)\x32\</IntDir>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<LinkIncremental>true</LinkIncremental>
<OutDir>$(SolutionDir)\$(Configuration)\x64\</OutDir>
<IntDir>$(Configuration)\x64\</IntDir>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<LinkIncremental>false</LinkIncremental>
<OutDir>$(SolutionDir)\$(Configuration)\x32\</OutDir>
<IntDir>$(Configuration)\x32\</IntDir>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<LinkIncremental>false</LinkIncremental>
<OutDir>$(SolutionDir)\$(Configuration)\x64\</OutDir>
<IntDir>$(Configuration)\x64\</IntDir>
</PropertyGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<ClCompile>
<PrecompiledHeader>Use</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<AdditionalDependencies>$(OutDir)TitanEngine.lib;comdlg32.lib;user32.lib</AdditionalDependencies>
</Link>
<Manifest>
<AdditionalManifestFiles>manifest.xml</AdditionalManifestFiles>
</Manifest>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<ClCompile>
<PrecompiledHeader>Use</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<AdditionalDependencies>$(OutDir)TitanEngine.lib;comdlg32.lib;user32.lib</AdditionalDependencies>
</Link>
<Manifest>
<AdditionalManifestFiles>manifest.xml</AdditionalManifestFiles>
</Manifest>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<ClCompile>
<WarningLevel>Level3</WarningLevel>
<PrecompiledHeader>Use</PrecompiledHeader>
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
<GenerateDebugInformation>false</GenerateDebugInformation>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalDependencies>$(OutDir)TitanEngine.lib;comdlg32.lib;user32.lib</AdditionalDependencies>
<GenerateMapFile>true</GenerateMapFile>
</Link>
<Manifest>
<AdditionalManifestFiles>manifest.xml</AdditionalManifestFiles>
</Manifest>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<ClCompile>
<WarningLevel>Level3</WarningLevel>
<PrecompiledHeader>Use</PrecompiledHeader>
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
<GenerateDebugInformation>false</GenerateDebugInformation>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalDependencies>$(OutDir)TitanEngine.lib;comdlg32.lib;user32.lib</AdditionalDependencies>
<GenerateMapFile>true</GenerateMapFile>
</Link>
<Manifest>
<AdditionalManifestFiles>manifest.xml</AdditionalManifestFiles>
</Manifest>
</ItemDefinitionGroup>
<ItemGroup>
<None Include="MAINICON.ico" />
</ItemGroup>
<ItemGroup>
<ClInclude Include="..\SDK\CPP\TitanEngine.h" />
<ClInclude Include="..\SDK\CPP\TitanEngine.hpp" />
<ClInclude Include="Resource.h" />
<ClInclude Include="stdafx.h" />
<ClInclude Include="targetver.h" />
<ClInclude Include="TitanScript.h" />
<ClInclude Include="TitanScriptGui.h" />
</ItemGroup>
<ItemGroup>
<ClCompile Include="stdafx.cpp">
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Create</PrecompiledHeader>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Create</PrecompiledHeader>
</ClCompile>
<ClCompile Include="TitanScriptGui.cpp" />
</ItemGroup>
<ItemGroup>
<ResourceCompile Include="TitanScriptGui.rc" />
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
</ImportGroup>
</Project>

64
TitanScriptGui/TitanScriptGui.vcxproj.filters
View File

@ -1,64 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup>
<Filter Include="Header Files">
<UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
<Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
</Filter>
<Filter Include="Source Files">
<UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
<Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
</Filter>
<Filter Include="Resource Files">
<UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
<Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
</Filter>
<Filter Include="Resource Files\Images">
<UniqueIdentifier>{6072cfa4-c101-4f1a-9920-89951ba83a2b}</UniqueIdentifier>
</Filter>
<Filter Include="Header Files\SDK">
<UniqueIdentifier>{a0cc27fd-de5f-4551-9fe5-4a45f9ae862c}</UniqueIdentifier>
</Filter>
</ItemGroup>
<ItemGroup>
<None Include="MAINICON.ico">
<Filter>Resource Files\Images</Filter>
</None>
</ItemGroup>
<ItemGroup>
<ClInclude Include="stdafx.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="targetver.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="Resource.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="TitanScriptGui.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="TitanScript.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="..\SDK\CPP\TitanEngine.h">
<Filter>Header Files\SDK</Filter>
</ClInclude>
<ClInclude Include="..\SDK\CPP\TitanEngine.hpp">
<Filter>Header Files\SDK</Filter>
</ClInclude>
</ItemGroup>
<ItemGroup>
<ClCompile Include="stdafx.cpp">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="TitanScriptGui.cpp">
<Filter>Source Files</Filter>
</ClCompile>
</ItemGroup>
<ItemGroup>
<ResourceCompile Include="TitanScriptGui.rc">
<Filter>Resource Files</Filter>
</ResourceCompile>
</ItemGroup>
</Project>

17
TitanScriptGui/manifest.xml
View File

@ -1,17 +0,0 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<dependency>
<dependentAssembly>
<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"/>
</dependentAssembly>
</dependency>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel
level="asInvoker"
uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>

BIN
TitanScriptGui/resource.h
View File

Binary file not shown.

1
TitanScriptGui/stdafx.cpp
View File

@ -1 +0,0 @@
#include "stdafx.h"

12
TitanScriptGui/stdafx.h
View File

@ -1,12 +0,0 @@
#pragma once
#define _CRT_SECURE_NO_WARNINGS
#include "targetver.h"
#define WIN32_LEAN_AND_MEAN
#include <windows.h>
#include <commdlg.h>
#include <stdlib.h>
#include <malloc.h>
#include <memory.h>
#include <tchar.h>

3
TitanScriptGui/targetver.h
View File

@ -1,3 +0,0 @@
#pragma once
#include <SDKDDKVer.h>

16
TitanUnitTest/README
View File

@ -1,16 +0,0 @@
Setup:
- Put disasm.dll into Debug/Release folder.
- Put TitanEngine.dll into Debug/Release folder.
- Put TitanScript.dll into plugins/x86/ folder in Debug/Release folder.
(Can be found here https://bitbucket.org/cypherpunk/titanscript-update)
Usage:
- TitanUnitTest.exe script.osc target.exe
It understands complete OllyDbgScript language and adds additional TE commands
Example script:
#log
GPA "IsDebuggerPresent", "kernel32.dll"
LOG $RESULT

26
TitanUnitTest/TitanScript.h
View File

@ -1,26 +0,0 @@
#ifndef TITANSCRIPT_H
#define TITANSCRIPT_H
#if _MSC_VER > 1000
//#pragma once
#endif
#include <windows.h>
enum eLogType {TS_LOG_NORMAL, TS_LOG_ERROR, TS_LOG_COMMAND, TS_LOG_DEBUG};
typedef void(*fLogCallback)(const char* szString, eLogType Type);
typedef bool (*tScripterLoadFileA)(const char*);
typedef bool (*tScripterLoadFileW)(const wchar_t*);
typedef bool (*tScripterLoadBuffer)(const char*);
typedef bool (*tScripterResume)();
typedef bool (*tScripterPause)();
typedef bool (*tScripterAutoDebugA)(const char*);
typedef bool (*tScripterAutoDebugW)(const wchar_t*);
typedef void (*tScripterSetLogCallback)(fLogCallback Callback);
typedef bool (*tScripterExecuteWithTitanMistA)(const char*, const char*);
// use like this: tScripterResume foo = GetTSFunctionPointer(Resume);
#define GetTSFunctionPointer(x) ((tScripter ## x)GetProcAddress(GetModuleHandleA("TitanScript"), "Scripter" #x))
#endif /*TITANSCRIPT_H*/

43
TitanUnitTest/TitanUnitTest.cpp
View File

@ -1,43 +0,0 @@
#include "stdafx.h"
#include "..\SDK\CPP\TitanEngine.h"
#include "TitanScript.h"
#include <iostream>
void log_callback( const char* str, eLogType log_type );
int main(int argc, char* argv[])
{
if(argc < 3)
{
log_callback("Usage: titan_unittest.exe script.osc target.exe", TS_LOG_ERROR);
return -1;
}
if ( !ExtensionManagerIsPluginLoaded( "TitanScript" ) || !ExtensionManagerIsPluginEnabled( "TitanScript" ) )
{
throw std::runtime_error( "TitanScript failed to load!" );
}
tScripterLoadFileA load_file = GetTSFunctionPointer( LoadFileA );
tScripterExecuteWithTitanMistA exec = GetTSFunctionPointer( ExecuteWithTitanMistA );
tScripterSetLogCallback set_log_callback = GetTSFunctionPointer( SetLogCallback );
set_log_callback(&log_callback );
if(!load_file(argv[1]))
{
log_callback("Error loading script", TS_LOG_ERROR);
return -1;
}
exec(argv[2], "dump.exe" );
return 0;
}
void log_callback( const char* str, eLogType log_type )
{
std::cout << str << "\n" << std::flush;
}

174
TitanUnitTest/TitanUnitTest.vcxproj
View File

@ -1,174 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Debug|Win32">
<Configuration>Debug</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Debug|x64">
<Configuration>Debug</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|x64">
<Configuration>Release</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
</ItemGroup>
<PropertyGroup Label="Globals">
<ProjectGuid>{5B5AB3CD-4D32-43B0-8840-E05C9483381D}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>titan_unittest</RootNamespace>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<CharacterSet>Unicode</CharacterSet>
<CLRSupport>true</CLRSupport>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<CharacterSet>Unicode</CharacterSet>
<CLRSupport>true</CLRSupport>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<PropertyGroup Label="UserMacros" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<LinkIncremental>true</LinkIncremental>
<OutDir>$(SolutionDir)\$(Configuration)\x32\</OutDir>
<IntDir>$(Configuration)\x32\</IntDir>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<LinkIncremental>true</LinkIncremental>
<OutDir>$(SolutionDir)\$(Configuration)\x64\</OutDir>
<IntDir>$(Configuration)\x64\</IntDir>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<LinkIncremental>false</LinkIncremental>
<OutDir>$(SolutionDir)\$(Configuration)\x32\</OutDir>
<IntDir>$(Configuration)\x32\</IntDir>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<LinkIncremental>false</LinkIncremental>
<OutDir>$(SolutionDir)\$(Configuration)\x64\</OutDir>
<IntDir>$(Configuration)\x64\</IntDir>
</PropertyGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<ClCompile>
<PrecompiledHeader>Use</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<AdditionalDependencies>$(OutDir)TitanEngine.lib;%(AdditionalDependencies)</AdditionalDependencies>
<EntryPointSymbol>
</EntryPointSymbol>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<ClCompile>
<PrecompiledHeader>Use</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<AdditionalDependencies>$(OutDir)TitanEngine.lib;%(AdditionalDependencies)</AdditionalDependencies>
<EntryPointSymbol>
</EntryPointSymbol>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<ClCompile>
<WarningLevel>Level3</WarningLevel>
<PrecompiledHeader>Use</PrecompiledHeader>
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalDependencies>$(OutDir)TitanEngine.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<ClCompile>
<WarningLevel>Level3</WarningLevel>
<PrecompiledHeader>Use</PrecompiledHeader>
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<AdditionalDependencies>$(OutDir)TitanEngine.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemGroup>
<ClInclude Include="..\SDK\CPP\TitanEngine.h" />
<ClInclude Include="..\SDK\CPP\TitanEngine.hpp" />
<ClInclude Include="stdafx.h" />
<ClInclude Include="targetver.h" />
<ClInclude Include="TitanScript.h" />
</ItemGroup>
<ItemGroup>
<ClCompile Include="stdafx.cpp">
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Create</PrecompiledHeader>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Create</PrecompiledHeader>
</ClCompile>
<ClCompile Include="TitanUnitTest.cpp" />
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
</ImportGroup>
</Project>

41
TitanUnitTest/TitanUnitTest.vcxproj.filters
View File

@ -1,41 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup>
<Filter Include="Source Files">
<UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
<Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
</Filter>
<Filter Include="Header Files">
<UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
<Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
</Filter>
<Filter Include="Header Files\SDK">
<UniqueIdentifier>{dcabac3b-acfe-4e79-a827-01d97b369669}</UniqueIdentifier>
</Filter>
</ItemGroup>
<ItemGroup>
<ClCompile Include="stdafx.cpp">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="TitanUnitTest.cpp">
<Filter>Source Files</Filter>
</ClCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="stdafx.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="targetver.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="TitanScript.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="..\SDK\CPP\TitanEngine.h">
<Filter>Header Files\SDK</Filter>
</ClInclude>
<ClInclude Include="..\SDK\CPP\TitanEngine.hpp">
<Filter>Header Files\SDK</Filter>
</ClInclude>
</ItemGroup>
</Project>

BIN
TitanUnitTest/disasm.dll
View File

Binary file not shown.

1
TitanUnitTest/stdafx.cpp
View File

@ -1 +0,0 @@
#include "stdafx.h"

6
TitanUnitTest/stdafx.h
View File

@ -1,6 +0,0 @@
#pragma once
#include "targetver.h"
#include <stdio.h>
#include <tchar.h>

3
TitanUnitTest/targetver.h
View File

@ -1,3 +0,0 @@
#pragma once
#include <SDKDDKVer.h>

16
release_titanscript.bat
View File

@ -1,16 +0,0 @@
@echo off
IF EXIST TitanScriptRelease rmdir TitanScriptRelease /s /q
mkdir TitanScriptRelease
mkdir .\TitanScriptRelease\x86
mkdir .\TitanScriptRelease\x64
copy .\Release\x32\TitanScriptGui.exe .\TitanScriptRelease\x86\TitanScriptGuix86.exe
copy .\Release\x32\TitanScriptGui.map .\TitanScriptRelease\x86\TitanScriptGuix86.map
copy .\Release\x32\TitanEngine.dll .\TitanScriptRelease\x86\TitanEngine.dll
copy .\Release\x64\TitanScriptGui.exe .\TitanScriptRelease\x64\TitanScriptGuix64.exe
copy .\Release\x64\TitanScriptGui.map .\TitanScriptRelease\x64\TitanScriptGuix64.map
copy .\Release\x64\TitanEngine.dll .\TitanScriptRelease\x64\TitanEngine.dll
exit

62
scylla_integration.txt
View File

@ -1,62 +0,0 @@
obsolete/removed vars:
impDLLNumber
impDeltaStart
impDeltaCurrent
impImageBase
impAllocSize
impDLLNumber
impMoveIAT
impDLLDataList
impDLLStringList
impOrdinalList
obsolete/removed functions:
__declspec(dllexport) void TITCALL ImporterCleanup()
__declspec(dllexport) void TITCALL ImporterSetImageBase(ULONG_PTR ImageBase)
__declspec(dllexport) void TITCALL ImporterSetUnknownDelta(ULONG_PTR DeltaAddress)
__declspec(dllexport) long long TITCALL ImporterGetCurrentDelta()
__declspec(dllexport) void TITCALL ImporterInit(DWORD MemorySize, ULONG_PTR ImageBase
__declspec(dllexport) bool TITCALL ImporterRelocateWriteLocation(ULONG_PTR AddValue)
__declspec(dllexport) void TITCALL ImporterMoveIAT()
__declspec(dllexport) void TITCALL getLastAddedDLLName()
defunct until scylla-enabled:
* LoadImportTable
* MoveOriginalIAT
questionable if working, all proxy to EngineGlobalAPIHandler which is buggy
GetDLLName -> EngineGlobalAPIHandler
GetAPIName -> EngineGlobalAPIHandler
GetAPINameEx -> EngineGlobalAPIHandler
GetAPIOrdinalNumber -> EngineGlobalAPIHandler
GetRemoteAPIAddress -> EngineGlobalAPIHandler
GetLocalAPIAddress-> EngineGlobalAPIHandler
GetDLLNameFromDebuggee-> EngineGlobalAPIHandler
GetAPIOrdinalNumberFromDebuggee -> EngineGlobalAPIHandler
GetRemoteDLLBase -> EngineGlobalAPIHandler
IsForwardedAPI -> EngineGlobalAPIHandler
GetForwardedAPIName- > EngineGlobalAPIHandler
GetForwardedAPIOrdinalNumber -> EngineGlobalAPIHandler
GetForwardedDLLName -> EngineGlobalAPIHandler
GetNearestAPIAddress -> EngineGlobalAPIHandler
GetNearestAPIName -> EngineGlobalAPIHandler
no change required:
CopyOriginalIAT
GetRemoteAPIAddressEX
GetRemoteDLLBaseEX
fixup exception handling:
- enumaddeddata; around callback call
- autofixiat: around fixer callback
- exportiat