x64dbg
/
TitanEngine
mirror of https://github.com/x64dbg/TitanEngine
1
0
Fork 0
Code Releases Activity

replaced some RtlMemMove opartions by proper casts (far from all)

This commit is contained in:
deepzero 2014-01-15 11:36:22 +01:00
parent 2677e3f1cd
commit e22d5b1131
1 changed files with 21 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
TitanEngine/TitanEngine.cpp
View File

@ -636,8 +636,8 @@ bool EngineIsPointedMemoryString(ULONG_PTR PossibleStringPtr)
bool StringIsValid = true; bool StringIsValid = true;
unsigned int i = 512; unsigned int i = 512;
MEMORY_BASIC_INFORMATION MemInfo; MEMORY_BASIC_INFORMATION MemInfo = {0};
DWORD MaxDisassmSize; DWORD MaxDisassmSize = 512;
BYTE TestChar; BYTE TestChar;
VirtualQueryEx(GetCurrentProcess(), (LPVOID)PossibleStringPtr, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); VirtualQueryEx(GetCurrentProcess(), (LPVOID)PossibleStringPtr, &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
@ -651,19 +651,13 @@ bool EngineIsPointedMemoryString(ULONG_PTR PossibleStringPtr)
{ {
i = MaxDisassmSize; i = MaxDisassmSize;
} }
else
{
MaxDisassmSize = 512;
} }
}
else TestChar = *((BYTE*)PossibleStringPtr);
{
MaxDisassmSize = 512;
}
RtlMoveMemory(&TestChar, (LPVOID)PossibleStringPtr, 1);
while(i > NULL && StringIsValid == true && TestChar != 0x00) while(i > NULL && StringIsValid == true && TestChar != 0x00)
{ {
RtlMoveMemory(&TestChar, (LPVOID)PossibleStringPtr, 1); TestChar = *((BYTE*)PossibleStringPtr);
if(TestChar < 32 || TestChar > 126) if(TestChar < 32 || TestChar > 126)
{ {
if(TestChar != 0x00) if(TestChar != 0x00)
@ -691,7 +685,7 @@ int EnginePointedMemoryStringLength(ULONG_PTR PossibleStringPtr)
bool StringIsValid = true; bool StringIsValid = true;
unsigned int i = 512; unsigned int i = 512;
MEMORY_BASIC_INFORMATION MemInfo; MEMORY_BASIC_INFORMATION MemInfo;
DWORD MaxDisassmSize; DWORD MaxDisassmSize = 512;
BYTE TestChar; BYTE TestChar;
VirtualQueryEx(GetCurrentProcess(), (LPVOID)PossibleStringPtr, &MemInfo, sizeof MEMORY_BASIC_INFORMATION); VirtualQueryEx(GetCurrentProcess(), (LPVOID)PossibleStringPtr, &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
@ -705,19 +699,13 @@ int EnginePointedMemoryStringLength(ULONG_PTR PossibleStringPtr)
{ {
i = MaxDisassmSize; i = MaxDisassmSize;
} }
else
{
MaxDisassmSize = 512;
} }
}
else TestChar = *((BYTE*)PossibleStringPtr);
{
MaxDisassmSize = 512;
}
RtlMoveMemory(&TestChar, (LPVOID)PossibleStringPtr, 1);
while(i > NULL && StringIsValid == true && TestChar != 0x00) while(i > NULL && StringIsValid == true && TestChar != 0x00)
{ {
RtlMoveMemory(&TestChar, (LPVOID)PossibleStringPtr, 1); TestChar = *((BYTE*)PossibleStringPtr);
if(TestChar < 32 || TestChar > 126) if(TestChar < 32 || TestChar > 126)
{ {
if(TestChar != 0x00) if(TestChar != 0x00)
@ -831,10 +819,11 @@ bool EngineExtractForwarderData(ULONG_PTR PossibleStringPtr, LPVOID szFwdDLLName
LPVOID lpPossibleStringPtr = (LPVOID)PossibleStringPtr; LPVOID lpPossibleStringPtr = (LPVOID)PossibleStringPtr;
BYTE TestChar; BYTE TestChar;
RtlMoveMemory(&TestChar, (LPVOID)PossibleStringPtr, 1); TestChar = *((BYTE*)PossibleStringPtr);
while(TestChar != 0x2E && TestChar != 0x00) while(TestChar != 0x2E && TestChar != 0x00)
{ {
RtlMoveMemory(&TestChar, (LPVOID)PossibleStringPtr, 1); TestChar = *((BYTE*)PossibleStringPtr);
PossibleStringPtr++; PossibleStringPtr++;
} }
if(TestChar == 0x00) if(TestChar == 0x00)
@ -845,14 +834,15 @@ bool EngineExtractForwarderData(ULONG_PTR PossibleStringPtr, LPVOID szFwdDLLName
RtlCopyMemory(szFwdDLLName, lpPossibleStringPtr, PossibleStringPtr - (ULONG_PTR)lpPossibleStringPtr); RtlCopyMemory(szFwdDLLName, lpPossibleStringPtr, PossibleStringPtr - (ULONG_PTR)lpPossibleStringPtr);
lstrcatA((LPSTR)szFwdDLLName, ".dll"); lstrcatA((LPSTR)szFwdDLLName, ".dll");
lpPossibleStringPtr = (LPVOID)(PossibleStringPtr + 1); lpPossibleStringPtr = (LPVOID)(PossibleStringPtr + 1);
RtlMoveMemory(&TestChar, (LPVOID)PossibleStringPtr, 1); TestChar = *((BYTE*)PossibleStringPtr);
if(TestChar == 0x23) if(TestChar == 0x23)
{ {
lpPossibleStringPtr = (LPVOID)(PossibleStringPtr + 1); lpPossibleStringPtr = (LPVOID)(PossibleStringPtr + 1);
} }
while(TestChar != 0x00) while(TestChar != 0x00)
{ {
RtlMoveMemory(&TestChar, (LPVOID)PossibleStringPtr, 1); TestChar = *((BYTE*)PossibleStringPtr);
PossibleStringPtr++; PossibleStringPtr++;
} }
RtlCopyMemory(szFwdAPIName, lpPossibleStringPtr, PossibleStringPtr - (ULONG_PTR)lpPossibleStringPtr); RtlCopyMemory(szFwdAPIName, lpPossibleStringPtr, PossibleStringPtr - (ULONG_PTR)lpPossibleStringPtr);
@ -1218,19 +1208,20 @@ bool EngineValidateResource(HMODULE hModule, LPCTSTR lpszType, LPTSTR lpszName,
{ {
if(!EngineIsBadReadPtrEx(ResourceData, ResourceSize)) if(!EngineIsBadReadPtrEx(ResourceData, ResourceSize))
{ {
RtlMoveMemory((LPVOID)lParam, &ReturnData, 1); *((LONG*)lParam) = ReturnData;
return(false); return(false);
} }
} }
else else
{ {
RtlMoveMemory((LPVOID)lParam, &ReturnData, 1); *((LONG*)lParam) = ReturnData;
return(false); return(false);
} }
} }
return(true); return(true);
} }
RtlMoveMemory((LPVOID)lParam, &ReturnData, 1);
*((LONG*)lParam) = ReturnData;
return(false); return(false);
} }
bool EngineValidateHeader(ULONG_PTR FileMapVA, HANDLE hFileProc, LPVOID ImageBase, PIMAGE_DOS_HEADER DOSHeader, bool IsFile) bool EngineValidateHeader(ULONG_PTR FileMapVA, HANDLE hFileProc, LPVOID ImageBase, PIMAGE_DOS_HEADER DOSHeader, bool IsFile)