x64dbg
/
TitanEngine
mirror of https://github.com/x64dbg/TitanEngine
1
0
Fork 0
Code Releases Activity

AStyle formatting

This commit is contained in:
Duncan Ogilvie 2021-11-14 14:05:53 +01:00
parent cda4385d6d
commit f0832465c6
6 changed files with 86 additions and 86 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
TitanEngine/Global.Debugger.cpp
View File

@ -116,11 +116,11 @@ static HANDLE WINAPI ProcessIdToHandle(IN DWORD dwProcessId)
ClientId.UniqueProcess = UlongToHandle(dwProcessId);
InitializeObjectAttributes(&ObjectAttributes, NULL, 0, NULL, NULL);
Status = NtOpenProcess(&Handle,
PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION |
PROCESS_VM_WRITE | PROCESS_VM_READ |
PROCESS_SUSPEND_RESUME | PROCESS_QUERY_INFORMATION,
&ObjectAttributes,
&ClientId);
PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION |
PROCESS_VM_WRITE | PROCESS_VM_READ |
PROCESS_SUSPEND_RESUME | PROCESS_QUERY_INFORMATION,
&ObjectAttributes,
&ClientId);
if(!NT_SUCCESS(Status))
{
/* Fail */
@ -144,7 +144,7 @@ static NTSTATUS CreateThreadSkipAttach(IN HANDLE ProcessHandle, IN PUSER_THREAD_
NTSTATUS Status;
HANDLE hThread;
typedef NTSTATUS(NTAPI *t_NtCreateThreadEx)(
typedef NTSTATUS(NTAPI * t_NtCreateThreadEx)(
PHANDLE /* ThreadHandle */,
ACCESS_MASK /* DesiredAccess */,
POBJECT_ATTRIBUTES /* ObjectAttributes */,
@ -156,37 +156,37 @@ static NTSTATUS CreateThreadSkipAttach(IN HANDLE ProcessHandle, IN PUSER_THREAD_
SIZE_T /* StackSize */,
SIZE_T /* MaximumStackSize */,
PPS_ATTRIBUTE_LIST /* AttributeList */
);
);
auto p_NtCreateThreadEx = (t_NtCreateThreadEx)GetProcAddress(GetModuleHandleW(L"ntdll.dll"), "NtCreateThreadEx");
if(p_NtCreateThreadEx)
{
// Based on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/339263/16/client/crashpad_client_win.cc#697
Status = p_NtCreateThreadEx(&hThread,
STANDARD_RIGHTS_ALL | SPECIFIC_RIGHTS_ALL,
nullptr,
ProcessHandle,
StartRoutine,
Argument,
THREAD_CREATE_FLAGS_SKIP_THREAD_ATTACH,
0,
0x4000 /* PAGE_SIZE * 4 */,
0x4000,
nullptr);
STANDARD_RIGHTS_ALL | SPECIFIC_RIGHTS_ALL,
nullptr,
ProcessHandle,
StartRoutine,
Argument,
THREAD_CREATE_FLAGS_SKIP_THREAD_ATTACH,
0,
0x4000 /* PAGE_SIZE * 4 */,
0x4000,
nullptr);
}
else
{
CLIENT_ID ClientId;
Status = RtlCreateUserThread(ProcessHandle,
NULL,
FALSE,
0,
0x4000,
0x4000 /* PAGE_SIZE * 4 */,
StartRoutine,
Argument,
&hThread,
&ClientId);
NULL,
FALSE,
0,
0x4000,
0x4000 /* PAGE_SIZE * 4 */,
StartRoutine,
Argument,
&hThread,
&ClientId);
}
if(NT_SUCCESS(Status))

10
TitanEngine/Global.Engine.cpp
View File

@ -819,8 +819,8 @@ bool EngineValidateHeader(ULONG_PTR FileMapVA, HANDLE hFileProc, LPVOID ImageBas
{
DWORD LfaNew = DOSHeader->e_lfanew;
if((PESize == 0 || (LfaNew < PESize && LfaNew + sizeof(IMAGE_NT_SIGNATURE) + sizeof(IMAGE_FILE_HEADER) < PESize)) &&
MaxPESize != 0 &&
LfaNew < (MaxPESize - sizeof(IMAGE_NT_SIGNATURE) - sizeof(IMAGE_FILE_HEADER)))
MaxPESize != 0 &&
LfaNew < (MaxPESize - sizeof(IMAGE_NT_SIGNATURE) - sizeof(IMAGE_FILE_HEADER)))
{
PEHeader = (PIMAGE_NT_HEADERS)((ULONG_PTR)DOSHeader + LfaNew);
return PEHeader->Signature == IMAGE_NT_SIGNATURE;
@ -842,7 +842,7 @@ bool EngineValidateHeader(ULONG_PTR FileMapVA, HANDLE hFileProc, LPVOID ImageBas
{
DWORD LfaNew = DOSHeader->e_lfanew;
if((LfaNew < PESize && LfaNew + sizeof(IMAGE_NT_SIGNATURE) + sizeof(IMAGE_FILE_HEADER) < PESize) &&
LfaNew < (PESize - sizeof(IMAGE_NT_SIGNATURE) - sizeof(IMAGE_FILE_HEADER)))
LfaNew < (PESize - sizeof(IMAGE_NT_SIGNATURE) - sizeof(IMAGE_FILE_HEADER)))
{
if(ReadProcessMemory(hFileProc, (LPVOID)((ULONG_PTR)ImageBase + LfaNew), &RemotePEHeader, sizeof(IMAGE_NT_HEADERS), &NumberOfBytesRW))
{
@ -2037,7 +2037,7 @@ DWORD EngineSetDebugPrivilege(HANDLE hProcess, bool bEnablePrivilege)
NTSTATUS Status = NtOpenProcessToken(hProcess,
TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES,
&TokenHandle);
if (!NT_SUCCESS(Status))
if(!NT_SUCCESS(Status))
return RtlNtStatusToDosError(Status);
LUID LuidPrivilege;
@ -2060,7 +2060,7 @@ DWORD EngineSetDebugPrivilege(HANDLE hProcess, bool bEnablePrivilege)
// Map the success code NOT_ALL_ASSIGNED to an appropriate error
// since we're only trying to adjust one privilege.
if (Status == STATUS_NOT_ALL_ASSIGNED)
if(Status == STATUS_NOT_ALL_ASSIGNED)
Status = STATUS_PRIVILEGE_NOT_HELD;
return NT_SUCCESS(Status) ? ERROR_SUCCESS : RtlNtStatusToDosError(Status);

12
TitanEngine/LzmaDec.cpp
View File

@ -323,7 +323,7 @@ static int MY_FAST_CALL LzmaDec_DecodeReal(CLzmaDec* p, SizeT limit, const Byte*
unsigned i = 1;
do
{
GET_BIT2(prob + i, i, ; , distance |= mask);
GET_BIT2(prob + i, i, ;, distance |= mask);
mask <<= 1;
}
while(--numDirectBits != 0);
@ -358,10 +358,10 @@ static int MY_FAST_CALL LzmaDec_DecodeReal(CLzmaDec* p, SizeT limit, const Byte*
distance <<= kNumAlignBits;
{
unsigned i = 1;
GET_BIT2(prob + i, i, ; , distance |= 1);
GET_BIT2(prob + i, i, ; , distance |= 2);
GET_BIT2(prob + i, i, ; , distance |= 4);
GET_BIT2(prob + i, i, ; , distance |= 8);
GET_BIT2(prob + i, i, ;, distance |= 1);
GET_BIT2(prob + i, i, ;, distance |= 2);
GET_BIT2(prob + i, i, ;, distance |= 4);
GET_BIT2(prob + i, i, ;, distance |= 8);
}
if(distance == (UInt32)0xFFFFFFFF)
{
@ -537,7 +537,7 @@ static ELzmaDummy LzmaDec_TryDummy(const CLzmaDec* p, const Byte* buf, SizeT inS
else
{
unsigned matchByte = p->dic[p->dicPos - p->reps[0] +
((p->dicPos < p->reps[0]) ? p->dicBufSize : 0)];
((p->dicPos < p->reps[0]) ? p->dicBufSize : 0)];
unsigned offs = 0x100;
unsigned symbol = 1;
do

10
TitanEngine/TitanEngine.Breakpoints.cpp
View File

@ -469,11 +469,11 @@ __declspec(dllexport) bool TITCALL SetMemoryBPXEx(ULONG_PTR MemoryStart, SIZE_T
VirtualQueryEx(dbgProcessInformation.hProcess, curPage, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION));
if (OldProtect == 0)
if(OldProtect == 0)
OldProtect = MemInfo.Protect;
// Check if the alternative memory breakpoint method should be used
if (engineMembpAlt)
if(engineMembpAlt)
{
if(!(MemInfo.Protect & PAGE_NOACCESS))
{
@ -544,12 +544,12 @@ __declspec(dllexport) bool TITCALL RemoveMemoryBPX(ULONG_PTR MemoryStart, SIZE_T
VirtualQueryEx(dbgProcessInformation.hProcess, curPage, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION));
// Check if the alternative memory breakpoint method is being used
if (engineMembpAlt)
if(engineMembpAlt)
{
if(MemInfo.Protect & PAGE_NOACCESS)
{
VirtualProtectEx(dbgProcessInformation.hProcess, curPage, TITANENGINE_PAGESIZE,
BreakPointBuffer.at(found).OldProtect, &MemInfo.Protect);
VirtualProtectEx(dbgProcessInformation.hProcess, curPage, TITANENGINE_PAGESIZE,
BreakPointBuffer.at(found).OldProtect, &MemInfo.Protect);
}
}
else

68
TitanEngine/TitanEngine.Debugger.DebugLoop.cpp
View File

@ -55,11 +55,11 @@ __declspec(dllexport) void TITCALL DebugLoop()
DWORD ThreadBeingProcessed = 0;
std::vector<THREAD_ITEM_DATA> SuspendedThreads;
bool IsDbgReplyLaterSupported = false;
// Check if DBG_REPLY_LATER is supported based on Windows version (Windows 10, version 1507 or above)
// https://www.gaijin.at/en/infos/windows-version-numbers
const uint32_t NtBuildNumber = *(uint32_t*)(0x7FFE0000 + 0x260);
if (NtBuildNumber != 0 && NtBuildNumber >= 10240)
if(NtBuildNumber != 0 && NtBuildNumber >= 10240)
{
IsDbgReplyLaterSupported = true;
}
@ -109,12 +109,12 @@ __declspec(dllexport) void TITCALL DebugLoop()
}
}
if (IsDbgReplyLaterSupported)
if(IsDbgReplyLaterSupported)
{
if (DBGEvent.dwDebugEventCode == EXCEPTION_DEBUG_EVENT)
if(DBGEvent.dwDebugEventCode == EXCEPTION_DEBUG_EVENT)
{
// Check if there is a thread processing a single step
if (ThreadBeingProcessed != 0 && DBGEvent.dwThreadId != ThreadBeingProcessed)
if(ThreadBeingProcessed != 0 && DBGEvent.dwThreadId != ThreadBeingProcessed)
{
// Reply to the dbg event later
DBGCode = DBG_REPLY_LATER;
@ -122,12 +122,12 @@ __declspec(dllexport) void TITCALL DebugLoop()
goto continue_dbg_event;
}
}
else if (DBGEvent.dwDebugEventCode == EXIT_THREAD_DEBUG_EVENT)
else if(DBGEvent.dwDebugEventCode == EXIT_THREAD_DEBUG_EVENT)
{
if (ThreadBeingProcessed != 0 && DBGEvent.dwThreadId == ThreadBeingProcessed)
if(ThreadBeingProcessed != 0 && DBGEvent.dwThreadId == ThreadBeingProcessed)
{
// Resume the other threads since the thread being processed is exiting
for (auto& Thread : SuspendedThreads)
for(auto & Thread : SuspendedThreads)
ResumeThread(Thread.hThread);
SuspendedThreads.clear();
@ -612,10 +612,10 @@ __declspec(dllexport) void TITCALL DebugLoop()
case STATUS_SINGLE_STEP:
{
if (IsDbgReplyLaterSupported)
if(IsDbgReplyLaterSupported)
{
// Resume the other threads since we are done processing the single step
for (auto& Thread : SuspendedThreads)
for(auto & Thread : SuspendedThreads)
ResumeThread(Thread.hThread);
SuspendedThreads.clear();
@ -691,21 +691,21 @@ __declspec(dllexport) void TITCALL DebugLoop()
ResetMemBPX = false;
// Check if the alternative memory breakpoint method should be used
if (engineMembpAlt)
if(engineMembpAlt)
{
// Check if the breakpoint is still enabled/present and has not been removed
for(int i = 0; i < BreakPointBuffer.size(); i++)
{
if (BreakPointBuffer.at(i).BreakPointAddress == ResetMemBPXAddress &&
(BreakPointBuffer.at(i).BreakPointType == UE_MEMORY ||
BreakPointBuffer.at(i).BreakPointType == UE_MEMORY_READ ||
BreakPointBuffer.at(i).BreakPointType == UE_MEMORY_WRITE ||
BreakPointBuffer.at(i).BreakPointType == UE_MEMORY_EXECUTE) &&
BreakPointBuffer.at(i).BreakPointActive == UE_BPXACTIVE)
if(BreakPointBuffer.at(i).BreakPointAddress == ResetMemBPXAddress &&
(BreakPointBuffer.at(i).BreakPointType == UE_MEMORY ||
BreakPointBuffer.at(i).BreakPointType == UE_MEMORY_READ ||
BreakPointBuffer.at(i).BreakPointType == UE_MEMORY_WRITE ||
BreakPointBuffer.at(i).BreakPointType == UE_MEMORY_EXECUTE) &&
BreakPointBuffer.at(i).BreakPointActive == UE_BPXACTIVE)
{
// Restore the breakpoint
VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)ResetMemBPXAddress,
ResetMemBPXSize, PAGE_NOACCESS, &OldProtect);
ResetMemBPXSize, PAGE_NOACCESS, &OldProtect);
break;
}
@ -718,7 +718,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
NewProtect = OldProtect | PAGE_GUARD; //guard page protection
VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)ResetMemBPXAddress, ResetMemBPXSize, NewProtect, &OldProtect);
}
if(engineStepActive)
{
if(engineStepCount == 0)
@ -1107,7 +1107,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
ResetMemBPXSize = FoundBreakPoint.BreakPointSize;
ResetMemBPX = true;
}
bCallCustomHandler = true;
}
else if(FoundBreakPoint.BreakPointType == UE_MEMORY_READ) //READ
@ -1198,20 +1198,20 @@ __declspec(dllexport) void TITCALL DebugLoop()
}
// If the breakpoint has to be restored...
if (ResetMemBPX)
if(ResetMemBPX)
{
// ...temporarily revert the PAGE_NOACCESS permission
VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)ResetMemBPXAddress,
ResetMemBPXSize, FoundBreakPoint.OldProtect, &OldProtect);
ResetMemBPXSize, FoundBreakPoint.OldProtect, &OldProtect);
}
// Call the custom memory breakpoint handler
if (bCallCustomHandler)
if(bCallCustomHandler)
{
myCustomHandler = (fCustomHandler)(MemoryBpxCallBack);
myCustomHandler((void*)bpaddr);
}
EngineCloseHandle(hActiveThread);
}
else //no memory breakpoint found
@ -1422,32 +1422,32 @@ __declspec(dllexport) void TITCALL DebugLoop()
break;
}
if (IsDbgReplyLaterSupported && DBGEvent.dwDebugEventCode != EXIT_THREAD_DEBUG_EVENT)
if(IsDbgReplyLaterSupported && DBGEvent.dwDebugEventCode != EXIT_THREAD_DEBUG_EVENT)
{
CONTEXT DbgCtx;
CONTEXT DbgCtx;
DbgCtx.ContextFlags = CONTEXT_CONTROL;
hActiveThread = EngineOpenThread(THREAD_GETSETSUSPEND, false, DBGEvent.dwThreadId);
if (hActiveThread != NULL)
if(hActiveThread != NULL)
{
// If TF is set (single step), then suspend all the other threads
if (GetThreadContext(hActiveThread, &DbgCtx) && (DbgCtx.EFlags & UE_TRAP_FLAG))
if(GetThreadContext(hActiveThread, &DbgCtx) && (DbgCtx.EFlags & UE_TRAP_FLAG))
{
ThreadBeingProcessed = DBGEvent.dwThreadId;
for (auto& Thread : hListThread)
for(auto & Thread : hListThread)
{
if (ThreadBeingProcessed == Thread.dwThreadId)
if(ThreadBeingProcessed == Thread.dwThreadId)
continue;
// Check if the thread is already suspended
for (auto& SuspendedThread : SuspendedThreads)
if (SuspendedThread.dwThreadId == Thread.dwThreadId)
for(auto & SuspendedThread : SuspendedThreads)
if(SuspendedThread.dwThreadId == Thread.dwThreadId)
continue;
if (SuspendThread(Thread.hThread) != -1)
if(SuspendThread(Thread.hThread) != -1)
SuspendedThreads.push_back(Thread);
}
}

20
TitanEngine/TitanEngine.Debugger.cpp
View File

@ -300,16 +300,16 @@ __declspec(dllexport) void* TITCALL InitNativeDebugW(wchar_t* szFileName, wchar_
PRTL_USER_PROCESS_PARAMETERS ProcessParameters = NULL;
PRTL_USER_PROCESS_PARAMETERS OwnParameters = NtCurrentPeb()->ProcessParameters;
NTSTATUS Status = fnRtlCreateProcessParametersEx(&ProcessParameters,
&ImagePath,
NULL, // Create a new DLL path
PtrCurrentDirectory,
&CommandLine,
NULL, // If null, a new environment will be created
&ImagePath, // Window title is the exe path - needed for console apps
&OwnParameters->DesktopInfo, // Copy our desktop name
NULL,
NULL,
RTL_USER_PROCESS_PARAMETERS_NORMALIZED);
&ImagePath,
NULL, // Create a new DLL path
PtrCurrentDirectory,
&CommandLine,
NULL, // If null, a new environment will be created
&ImagePath, // Window title is the exe path - needed for console apps
&OwnParameters->DesktopInfo, // Copy our desktop name
NULL,
NULL,
RTL_USER_PROCESS_PARAMETERS_NORMALIZED);
if(!NT_SUCCESS(Status))
goto finished;