x64dbg
/
TitanEngine
mirror of https://github.com/x64dbg/TitanEngine
1
0
Fork 0
Code Releases Activity

AStyle formatting

This commit is contained in:
Duncan Ogilvie 2021-11-14 14:05:53 +01:00
parent cda4385d6d
commit f0832465c6
6 changed files with 86 additions and 86 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
TitanEngine/Global.Debugger.cpp
View File

@ -116,11 +116,11 @@ static HANDLE WINAPI ProcessIdToHandle(IN DWORD dwProcessId)
ClientId.UniqueProcess = UlongToHandle(dwProcessId); ClientId.UniqueProcess = UlongToHandle(dwProcessId);
InitializeObjectAttributes(&ObjectAttributes, NULL, 0, NULL, NULL); InitializeObjectAttributes(&ObjectAttributes, NULL, 0, NULL, NULL);
Status = NtOpenProcess(&Handle, Status = NtOpenProcess(&Handle,
PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION | PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION |
PROCESS_VM_WRITE | PROCESS_VM_READ | PROCESS_VM_WRITE | PROCESS_VM_READ |
PROCESS_SUSPEND_RESUME | PROCESS_QUERY_INFORMATION, PROCESS_SUSPEND_RESUME | PROCESS_QUERY_INFORMATION,
&ObjectAttributes, &ObjectAttributes,
&ClientId); &ClientId);
if(!NT_SUCCESS(Status)) if(!NT_SUCCESS(Status))
{ {
/* Fail */ /* Fail */
@ -144,7 +144,7 @@ static NTSTATUS CreateThreadSkipAttach(IN HANDLE ProcessHandle, IN PUSER_THREAD_
NTSTATUS Status; NTSTATUS Status;
HANDLE hThread; HANDLE hThread;
typedef NTSTATUS(NTAPI *t_NtCreateThreadEx)( typedef NTSTATUS(NTAPI * t_NtCreateThreadEx)(
PHANDLE /* ThreadHandle */, PHANDLE /* ThreadHandle */,
ACCESS_MASK /* DesiredAccess */, ACCESS_MASK /* DesiredAccess */,
POBJECT_ATTRIBUTES /* ObjectAttributes */, POBJECT_ATTRIBUTES /* ObjectAttributes */,
@ -156,37 +156,37 @@ static NTSTATUS CreateThreadSkipAttach(IN HANDLE ProcessHandle, IN PUSER_THREAD_
SIZE_T /* StackSize */, SIZE_T /* StackSize */,
SIZE_T /* MaximumStackSize */, SIZE_T /* MaximumStackSize */,
PPS_ATTRIBUTE_LIST /* AttributeList */ PPS_ATTRIBUTE_LIST /* AttributeList */
); );
auto p_NtCreateThreadEx = (t_NtCreateThreadEx)GetProcAddress(GetModuleHandleW(L"ntdll.dll"), "NtCreateThreadEx"); auto p_NtCreateThreadEx = (t_NtCreateThreadEx)GetProcAddress(GetModuleHandleW(L"ntdll.dll"), "NtCreateThreadEx");
if(p_NtCreateThreadEx) if(p_NtCreateThreadEx)
{ {
// Based on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/339263/16/client/crashpad_client_win.cc#697 // Based on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/339263/16/client/crashpad_client_win.cc#697
Status = p_NtCreateThreadEx(&hThread, Status = p_NtCreateThreadEx(&hThread,
STANDARD_RIGHTS_ALL | SPECIFIC_RIGHTS_ALL, STANDARD_RIGHTS_ALL | SPECIFIC_RIGHTS_ALL,
nullptr, nullptr,
ProcessHandle, ProcessHandle,
StartRoutine, StartRoutine,
Argument, Argument,
THREAD_CREATE_FLAGS_SKIP_THREAD_ATTACH, THREAD_CREATE_FLAGS_SKIP_THREAD_ATTACH,
0, 0,
0x4000 /* PAGE_SIZE * 4 */, 0x4000 /* PAGE_SIZE * 4 */,
0x4000, 0x4000,
nullptr); nullptr);
} }
else else
{ {
CLIENT_ID ClientId; CLIENT_ID ClientId;
Status = RtlCreateUserThread(ProcessHandle, Status = RtlCreateUserThread(ProcessHandle,
NULL, NULL,
FALSE, FALSE,
0, 0,
0x4000, 0x4000,
0x4000 /* PAGE_SIZE * 4 */, 0x4000 /* PAGE_SIZE * 4 */,
StartRoutine, StartRoutine,
Argument, Argument,
&hThread, &hThread,
&ClientId); &ClientId);
} }
if(NT_SUCCESS(Status)) if(NT_SUCCESS(Status))

10
TitanEngine/Global.Engine.cpp
View File

@ -819,8 +819,8 @@ bool EngineValidateHeader(ULONG_PTR FileMapVA, HANDLE hFileProc, LPVOID ImageBas
{ {
DWORD LfaNew = DOSHeader->e_lfanew; DWORD LfaNew = DOSHeader->e_lfanew;
if((PESize == 0 || (LfaNew < PESize && LfaNew + sizeof(IMAGE_NT_SIGNATURE) + sizeof(IMAGE_FILE_HEADER) < PESize)) && if((PESize == 0 || (LfaNew < PESize && LfaNew + sizeof(IMAGE_NT_SIGNATURE) + sizeof(IMAGE_FILE_HEADER) < PESize)) &&
MaxPESize != 0 && MaxPESize != 0 &&
LfaNew < (MaxPESize - sizeof(IMAGE_NT_SIGNATURE) - sizeof(IMAGE_FILE_HEADER))) LfaNew < (MaxPESize - sizeof(IMAGE_NT_SIGNATURE) - sizeof(IMAGE_FILE_HEADER)))
{ {
PEHeader = (PIMAGE_NT_HEADERS)((ULONG_PTR)DOSHeader + LfaNew); PEHeader = (PIMAGE_NT_HEADERS)((ULONG_PTR)DOSHeader + LfaNew);
return PEHeader->Signature == IMAGE_NT_SIGNATURE; return PEHeader->Signature == IMAGE_NT_SIGNATURE;
@ -842,7 +842,7 @@ bool EngineValidateHeader(ULONG_PTR FileMapVA, HANDLE hFileProc, LPVOID ImageBas
{ {
DWORD LfaNew = DOSHeader->e_lfanew; DWORD LfaNew = DOSHeader->e_lfanew;
if((LfaNew < PESize && LfaNew + sizeof(IMAGE_NT_SIGNATURE) + sizeof(IMAGE_FILE_HEADER) < PESize) && if((LfaNew < PESize && LfaNew + sizeof(IMAGE_NT_SIGNATURE) + sizeof(IMAGE_FILE_HEADER) < PESize) &&
LfaNew < (PESize - sizeof(IMAGE_NT_SIGNATURE) - sizeof(IMAGE_FILE_HEADER))) LfaNew < (PESize - sizeof(IMAGE_NT_SIGNATURE) - sizeof(IMAGE_FILE_HEADER)))
{ {
if(ReadProcessMemory(hFileProc, (LPVOID)((ULONG_PTR)ImageBase + LfaNew), &RemotePEHeader, sizeof(IMAGE_NT_HEADERS), &NumberOfBytesRW)) if(ReadProcessMemory(hFileProc, (LPVOID)((ULONG_PTR)ImageBase + LfaNew), &RemotePEHeader, sizeof(IMAGE_NT_HEADERS), &NumberOfBytesRW))
{ {
@ -2037,7 +2037,7 @@ DWORD EngineSetDebugPrivilege(HANDLE hProcess, bool bEnablePrivilege)
NTSTATUS Status = NtOpenProcessToken(hProcess, NTSTATUS Status = NtOpenProcessToken(hProcess,
TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES, TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES,
&TokenHandle); &TokenHandle);
if (!NT_SUCCESS(Status)) if(!NT_SUCCESS(Status))
return RtlNtStatusToDosError(Status); return RtlNtStatusToDosError(Status);
LUID LuidPrivilege; LUID LuidPrivilege;
@ -2060,7 +2060,7 @@ DWORD EngineSetDebugPrivilege(HANDLE hProcess, bool bEnablePrivilege)
// Map the success code NOT_ALL_ASSIGNED to an appropriate error // Map the success code NOT_ALL_ASSIGNED to an appropriate error
// since we're only trying to adjust one privilege. // since we're only trying to adjust one privilege.
if (Status == STATUS_NOT_ALL_ASSIGNED) if(Status == STATUS_NOT_ALL_ASSIGNED)
Status = STATUS_PRIVILEGE_NOT_HELD; Status = STATUS_PRIVILEGE_NOT_HELD;
return NT_SUCCESS(Status) ? ERROR_SUCCESS : RtlNtStatusToDosError(Status); return NT_SUCCESS(Status) ? ERROR_SUCCESS : RtlNtStatusToDosError(Status);

12
TitanEngine/LzmaDec.cpp
View File

@ -323,7 +323,7 @@ static int MY_FAST_CALL LzmaDec_DecodeReal(CLzmaDec* p, SizeT limit, const Byte*
unsigned i = 1; unsigned i = 1;
do do
{ {
GET_BIT2(prob + i, i, ; , distance |= mask); GET_BIT2(prob + i, i, ;, distance |= mask);
mask <<= 1; mask <<= 1;
} }
while(--numDirectBits != 0); while(--numDirectBits != 0);
@ -358,10 +358,10 @@ static int MY_FAST_CALL LzmaDec_DecodeReal(CLzmaDec* p, SizeT limit, const Byte*
distance <<= kNumAlignBits; distance <<= kNumAlignBits;
{ {
unsigned i = 1; unsigned i = 1;
GET_BIT2(prob + i, i, ; , distance |= 1); GET_BIT2(prob + i, i, ;, distance |= 1);
GET_BIT2(prob + i, i, ; , distance |= 2); GET_BIT2(prob + i, i, ;, distance |= 2);
GET_BIT2(prob + i, i, ; , distance |= 4); GET_BIT2(prob + i, i, ;, distance |= 4);
GET_BIT2(prob + i, i, ; , distance |= 8); GET_BIT2(prob + i, i, ;, distance |= 8);
} }
if(distance == (UInt32)0xFFFFFFFF) if(distance == (UInt32)0xFFFFFFFF)
{ {
@ -537,7 +537,7 @@ static ELzmaDummy LzmaDec_TryDummy(const CLzmaDec* p, const Byte* buf, SizeT inS
else else
{ {
unsigned matchByte = p->dic[p->dicPos - p->reps[0] + unsigned matchByte = p->dic[p->dicPos - p->reps[0] +
((p->dicPos < p->reps[0]) ? p->dicBufSize : 0)]; ((p->dicPos < p->reps[0]) ? p->dicBufSize : 0)];
unsigned offs = 0x100; unsigned offs = 0x100;
unsigned symbol = 1; unsigned symbol = 1;
do do

8
TitanEngine/TitanEngine.Breakpoints.cpp
View File

@ -469,11 +469,11 @@ __declspec(dllexport) bool TITCALL SetMemoryBPXEx(ULONG_PTR MemoryStart, SIZE_T
VirtualQueryEx(dbgProcessInformation.hProcess, curPage, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION)); VirtualQueryEx(dbgProcessInformation.hProcess, curPage, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION));
if (OldProtect == 0) if(OldProtect == 0)
OldProtect = MemInfo.Protect; OldProtect = MemInfo.Protect;
// Check if the alternative memory breakpoint method should be used // Check if the alternative memory breakpoint method should be used
if (engineMembpAlt) if(engineMembpAlt)
{ {
if(!(MemInfo.Protect & PAGE_NOACCESS)) if(!(MemInfo.Protect & PAGE_NOACCESS))
{ {
@ -544,12 +544,12 @@ __declspec(dllexport) bool TITCALL RemoveMemoryBPX(ULONG_PTR MemoryStart, SIZE_T
VirtualQueryEx(dbgProcessInformation.hProcess, curPage, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION)); VirtualQueryEx(dbgProcessInformation.hProcess, curPage, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION));
// Check if the alternative memory breakpoint method is being used // Check if the alternative memory breakpoint method is being used
if (engineMembpAlt) if(engineMembpAlt)
{ {
if(MemInfo.Protect & PAGE_NOACCESS) if(MemInfo.Protect & PAGE_NOACCESS)
{ {
VirtualProtectEx(dbgProcessInformation.hProcess, curPage, TITANENGINE_PAGESIZE, VirtualProtectEx(dbgProcessInformation.hProcess, curPage, TITANENGINE_PAGESIZE,
BreakPointBuffer.at(found).OldProtect, &MemInfo.Protect); BreakPointBuffer.at(found).OldProtect, &MemInfo.Protect);
} }
} }
else else

56
TitanEngine/TitanEngine.Debugger.DebugLoop.cpp
View File

@ -59,7 +59,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
// Check if DBG_REPLY_LATER is supported based on Windows version (Windows 10, version 1507 or above) // Check if DBG_REPLY_LATER is supported based on Windows version (Windows 10, version 1507 or above)
// https://www.gaijin.at/en/infos/windows-version-numbers // https://www.gaijin.at/en/infos/windows-version-numbers
const uint32_t NtBuildNumber = *(uint32_t*)(0x7FFE0000 + 0x260); const uint32_t NtBuildNumber = *(uint32_t*)(0x7FFE0000 + 0x260);
if (NtBuildNumber != 0 && NtBuildNumber >= 10240) if(NtBuildNumber != 0 && NtBuildNumber >= 10240)
{ {
IsDbgReplyLaterSupported = true; IsDbgReplyLaterSupported = true;
} }
@ -109,12 +109,12 @@ __declspec(dllexport) void TITCALL DebugLoop()
} }
} }
if (IsDbgReplyLaterSupported) if(IsDbgReplyLaterSupported)
{ {
if (DBGEvent.dwDebugEventCode == EXCEPTION_DEBUG_EVENT) if(DBGEvent.dwDebugEventCode == EXCEPTION_DEBUG_EVENT)
{ {
// Check if there is a thread processing a single step // Check if there is a thread processing a single step
if (ThreadBeingProcessed != 0 && DBGEvent.dwThreadId != ThreadBeingProcessed) if(ThreadBeingProcessed != 0 && DBGEvent.dwThreadId != ThreadBeingProcessed)
{ {
// Reply to the dbg event later // Reply to the dbg event later
DBGCode = DBG_REPLY_LATER; DBGCode = DBG_REPLY_LATER;
@ -122,12 +122,12 @@ __declspec(dllexport) void TITCALL DebugLoop()
goto continue_dbg_event; goto continue_dbg_event;
} }
} }
else if (DBGEvent.dwDebugEventCode == EXIT_THREAD_DEBUG_EVENT) else if(DBGEvent.dwDebugEventCode == EXIT_THREAD_DEBUG_EVENT)
{ {
if (ThreadBeingProcessed != 0 && DBGEvent.dwThreadId == ThreadBeingProcessed) if(ThreadBeingProcessed != 0 && DBGEvent.dwThreadId == ThreadBeingProcessed)
{ {
// Resume the other threads since the thread being processed is exiting // Resume the other threads since the thread being processed is exiting
for (auto& Thread : SuspendedThreads) for(auto & Thread : SuspendedThreads)
ResumeThread(Thread.hThread); ResumeThread(Thread.hThread);
SuspendedThreads.clear(); SuspendedThreads.clear();
@ -612,10 +612,10 @@ __declspec(dllexport) void TITCALL DebugLoop()
case STATUS_SINGLE_STEP: case STATUS_SINGLE_STEP:
{ {
if (IsDbgReplyLaterSupported) if(IsDbgReplyLaterSupported)
{ {
// Resume the other threads since we are done processing the single step // Resume the other threads since we are done processing the single step
for (auto& Thread : SuspendedThreads) for(auto & Thread : SuspendedThreads)
ResumeThread(Thread.hThread); ResumeThread(Thread.hThread);
SuspendedThreads.clear(); SuspendedThreads.clear();
@ -691,21 +691,21 @@ __declspec(dllexport) void TITCALL DebugLoop()
ResetMemBPX = false; ResetMemBPX = false;
// Check if the alternative memory breakpoint method should be used // Check if the alternative memory breakpoint method should be used
if (engineMembpAlt) if(engineMembpAlt)
{ {
// Check if the breakpoint is still enabled/present and has not been removed // Check if the breakpoint is still enabled/present and has not been removed
for(int i = 0; i < BreakPointBuffer.size(); i++) for(int i = 0; i < BreakPointBuffer.size(); i++)
{ {
if (BreakPointBuffer.at(i).BreakPointAddress == ResetMemBPXAddress && if(BreakPointBuffer.at(i).BreakPointAddress == ResetMemBPXAddress &&
(BreakPointBuffer.at(i).BreakPointType == UE_MEMORY || (BreakPointBuffer.at(i).BreakPointType == UE_MEMORY ||
BreakPointBuffer.at(i).BreakPointType == UE_MEMORY_READ || BreakPointBuffer.at(i).BreakPointType == UE_MEMORY_READ ||
BreakPointBuffer.at(i).BreakPointType == UE_MEMORY_WRITE || BreakPointBuffer.at(i).BreakPointType == UE_MEMORY_WRITE ||
BreakPointBuffer.at(i).BreakPointType == UE_MEMORY_EXECUTE) && BreakPointBuffer.at(i).BreakPointType == UE_MEMORY_EXECUTE) &&
BreakPointBuffer.at(i).BreakPointActive == UE_BPXACTIVE) BreakPointBuffer.at(i).BreakPointActive == UE_BPXACTIVE)
{ {
// Restore the breakpoint // Restore the breakpoint
VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)ResetMemBPXAddress, VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)ResetMemBPXAddress,
ResetMemBPXSize, PAGE_NOACCESS, &OldProtect); ResetMemBPXSize, PAGE_NOACCESS, &OldProtect);
break; break;
} }
@ -1198,15 +1198,15 @@ __declspec(dllexport) void TITCALL DebugLoop()
} }
// If the breakpoint has to be restored... // If the breakpoint has to be restored...
if (ResetMemBPX) if(ResetMemBPX)
{ {
// ...temporarily revert the PAGE_NOACCESS permission // ...temporarily revert the PAGE_NOACCESS permission
VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)ResetMemBPXAddress, VirtualProtectEx(dbgProcessInformation.hProcess, (LPVOID)ResetMemBPXAddress,
ResetMemBPXSize, FoundBreakPoint.OldProtect, &OldProtect); ResetMemBPXSize, FoundBreakPoint.OldProtect, &OldProtect);
} }
// Call the custom memory breakpoint handler // Call the custom memory breakpoint handler
if (bCallCustomHandler) if(bCallCustomHandler)
{ {
myCustomHandler = (fCustomHandler)(MemoryBpxCallBack); myCustomHandler = (fCustomHandler)(MemoryBpxCallBack);
myCustomHandler((void*)bpaddr); myCustomHandler((void*)bpaddr);
@ -1422,7 +1422,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
break; break;
} }
if (IsDbgReplyLaterSupported && DBGEvent.dwDebugEventCode != EXIT_THREAD_DEBUG_EVENT) if(IsDbgReplyLaterSupported && DBGEvent.dwDebugEventCode != EXIT_THREAD_DEBUG_EVENT)
{ {
CONTEXT DbgCtx; CONTEXT DbgCtx;
@ -1430,24 +1430,24 @@ __declspec(dllexport) void TITCALL DebugLoop()
hActiveThread = EngineOpenThread(THREAD_GETSETSUSPEND, false, DBGEvent.dwThreadId); hActiveThread = EngineOpenThread(THREAD_GETSETSUSPEND, false, DBGEvent.dwThreadId);
if (hActiveThread != NULL) if(hActiveThread != NULL)
{ {
// If TF is set (single step), then suspend all the other threads // If TF is set (single step), then suspend all the other threads
if (GetThreadContext(hActiveThread, &DbgCtx) && (DbgCtx.EFlags & UE_TRAP_FLAG)) if(GetThreadContext(hActiveThread, &DbgCtx) && (DbgCtx.EFlags & UE_TRAP_FLAG))
{ {
ThreadBeingProcessed = DBGEvent.dwThreadId; ThreadBeingProcessed = DBGEvent.dwThreadId;
for (auto& Thread : hListThread) for(auto & Thread : hListThread)
{ {
if (ThreadBeingProcessed == Thread.dwThreadId) if(ThreadBeingProcessed == Thread.dwThreadId)
continue; continue;
// Check if the thread is already suspended // Check if the thread is already suspended
for (auto& SuspendedThread : SuspendedThreads) for(auto & SuspendedThread : SuspendedThreads)
if (SuspendedThread.dwThreadId == Thread.dwThreadId) if(SuspendedThread.dwThreadId == Thread.dwThreadId)
continue; continue;
if (SuspendThread(Thread.hThread) != -1) if(SuspendThread(Thread.hThread) != -1)
SuspendedThreads.push_back(Thread); SuspendedThreads.push_back(Thread);
} }
} }

20
TitanEngine/TitanEngine.Debugger.cpp
View File

@ -300,16 +300,16 @@ __declspec(dllexport) void* TITCALL InitNativeDebugW(wchar_t* szFileName, wchar_
PRTL_USER_PROCESS_PARAMETERS ProcessParameters = NULL; PRTL_USER_PROCESS_PARAMETERS ProcessParameters = NULL;
PRTL_USER_PROCESS_PARAMETERS OwnParameters = NtCurrentPeb()->ProcessParameters; PRTL_USER_PROCESS_PARAMETERS OwnParameters = NtCurrentPeb()->ProcessParameters;
NTSTATUS Status = fnRtlCreateProcessParametersEx(&ProcessParameters, NTSTATUS Status = fnRtlCreateProcessParametersEx(&ProcessParameters,
&ImagePath, &ImagePath,
NULL, // Create a new DLL path NULL, // Create a new DLL path
PtrCurrentDirectory, PtrCurrentDirectory,
&CommandLine, &CommandLine,
NULL, // If null, a new environment will be created NULL, // If null, a new environment will be created
&ImagePath, // Window title is the exe path - needed for console apps &ImagePath, // Window title is the exe path - needed for console apps
&OwnParameters->DesktopInfo, // Copy our desktop name &OwnParameters->DesktopInfo, // Copy our desktop name
NULL, NULL,
NULL, NULL,
RTL_USER_PROCESS_PARAMETERS_NORMALIZED); RTL_USER_PROCESS_PARAMETERS_NORMALIZED);
if(!NT_SUCCESS(Status)) if(!NT_SUCCESS(Status))
goto finished; goto finished;