x64dbg
/
TitanEngine
mirror of https://github.com/x64dbg/TitanEngine
1
0
Fork 0
Code Releases Activity

- various fixes (DMichael)

This commit is contained in:
mr.exodia 2013-10-13 14:52:41 +02:00
parent ca9774cc5a
commit fd1ebea613
7 changed files with 195 additions and 235 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
Release/x32/TitanEngine.dll
View File

Binary file not shown.

BIN
Release/x32/TitanEngine.exp
View File

Binary file not shown.

BIN
Release/x32/TitanEngine.lib
View File

Binary file not shown.

BIN
Release/x64/TitanEngine.dll
View File

Binary file not shown.

BIN
Release/x64/TitanEngine.exp
View File

Binary file not shown.

BIN
Release/x64/TitanEngine.lib
View File

Binary file not shown.

144
TitanEngine/TitanEngine.cpp
View File

@ -483,9 +483,8 @@ bool EngineFileExists(char* szFileName)
return(false); return(false);
} }
} }
char* EngineExtractPath(char* szFileName) static char* EngineExtractPath(char* szFileName)
{ {
int i; int i;
RtlZeroMemory(&engineExtractedFolderName, 512); RtlZeroMemory(&engineExtractedFolderName, 512);
@ -920,7 +919,6 @@ bool EngineExtractResource(char* szResourceName, wchar_t* szExtractedFileName)
} }
bool EngineIsDependencyPresent(char* szFileName, char* szDependencyForFile, char* szPresentInFolder) bool EngineIsDependencyPresent(char* szFileName, char* szDependencyForFile, char* szPresentInFolder)
{ {
int i,j; int i,j;
HANDLE hFile; HANDLE hFile;
char szTryFileName[512]; char szTryFileName[512];
@ -1657,8 +1655,6 @@ long long EngineGetProcAddress(ULONG_PTR ModuleBase, char* szAPIName)
ExportedFunctionOrdinals = (PEXPORTED_DATA_WORD)(ModuleBase + (ULONG_PTR)PEExports->AddressOfNameOrdinals); ExportedFunctionOrdinals = (PEXPORTED_DATA_WORD)(ModuleBase + (ULONG_PTR)PEExports->AddressOfNameOrdinals);
} }
for(j = 0; j < (int)PEExports->NumberOfNames; j++) for(j = 0; j < (int)PEExports->NumberOfNames; j++)
{
if(!FileIs64)
{ {
if(lstrcmpiA((LPCSTR)szAPIName, (LPCSTR)(ModuleBase + (ULONG_PTR)ExportedFunctionNames->ExportedItem)) == NULL) if(lstrcmpiA((LPCSTR)szAPIName, (LPCSTR)(ModuleBase + (ULONG_PTR)ExportedFunctionNames->ExportedItem)) == NULL)
{ {
@ -1667,17 +1663,6 @@ long long EngineGetProcAddress(ULONG_PTR ModuleBase, char* szAPIName)
APIFoundAddress = ExportedFunctions->ExportedItem + (ULONG_PTR)ModuleBase; APIFoundAddress = ExportedFunctions->ExportedItem + (ULONG_PTR)ModuleBase;
return((ULONG_PTR)APIFoundAddress); return((ULONG_PTR)APIFoundAddress);
} }
}
else
{
if(lstrcmpiA((LPCSTR)szAPIName, (LPCSTR)(ModuleBase + (ULONG_PTR)ExportedFunctionNames->ExportedItem)) == NULL)
{
ExportedFunctionOrdinals = (PEXPORTED_DATA_WORD)((ULONG_PTR)ExportedFunctionOrdinals + j * 2);
ExportedFunctions = (PEXPORTED_DATA)((ULONG_PTR)ExportedFunctions + (ExportedFunctionOrdinals->OrdinalNumber) * 4);
APIFoundAddress = ExportedFunctions->ExportedItem + (ULONG_PTR)ModuleBase;
return((ULONG_PTR)APIFoundAddress);
}
}
ExportedFunctionNames = (PEXPORTED_DATA)((ULONG_PTR)ExportedFunctionNames + 4); ExportedFunctionNames = (PEXPORTED_DATA)((ULONG_PTR)ExportedFunctionNames + 4);
} }
return(NULL); return(NULL);
@ -1973,16 +1958,8 @@ long long EngineGlobalAPIHandler(HANDLE handleProcess, ULONG_PTR EnumedModulesBa
if(APIAddress - (ExportedFunctions->ExportedItem + LoadedModules[i][0]) < ClosestAPI) if(APIAddress - (ExportedFunctions->ExportedItem + LoadedModules[i][0]) < ClosestAPI)
{ {
ClosestAPI = (unsigned int)(APIAddress - (ExportedFunctions->ExportedItem + LoadedModules[i][0])); ClosestAPI = (unsigned int)(APIAddress - (ExportedFunctions->ExportedItem + LoadedModules[i][0]));
if(!FileIs64)
{
ExportedFunctionNames = (PEXPORTED_DATA)(PEExports->AddressOfNames + LoadedModules[i][1]); ExportedFunctionNames = (PEXPORTED_DATA)(PEExports->AddressOfNames + LoadedModules[i][1]);
ExportedFunctionOrdinals = (PEXPORTED_DATA_WORD)(PEExports->AddressOfNameOrdinals + LoadedModules[i][1]); ExportedFunctionOrdinals = (PEXPORTED_DATA_WORD)(PEExports->AddressOfNameOrdinals + LoadedModules[i][1]);
}
else
{
ExportedFunctionNames = (PEXPORTED_DATA)(PEExports->AddressOfNames + LoadedModules[i][1]);
ExportedFunctionOrdinals = (PEXPORTED_DATA_WORD)(PEExports->AddressOfNameOrdinals + LoadedModules[i][1]);
}
GetModuleBaseNameA(hProcess, (HMODULE)LoadedModules[i][0], (LPSTR)engineFoundDLLName, 512); GetModuleBaseNameA(hProcess, (HMODULE)LoadedModules[i][0], (LPSTR)engineFoundDLLName, 512);
RtlZeroMemory(&engineFoundAPIName, 512); RtlZeroMemory(&engineFoundAPIName, 512);
x = n; x = n;
@ -4685,7 +4662,7 @@ __declspec(dllexport) bool TITCALL ResizeLastSectionW(wchar_t* szFileName, DWORD
{ {
PESections->SizeOfRawData = (((PESections->SizeOfRawData + NumberOfExpandBytes) / PEHeader32->OptionalHeader.FileAlignment) + 1) * PEHeader32->OptionalHeader.FileAlignment; PESections->SizeOfRawData = (((PESections->SizeOfRawData + NumberOfExpandBytes) / PEHeader32->OptionalHeader.FileAlignment) + 1) * PEHeader32->OptionalHeader.FileAlignment;
} }
if(SectionRawSize < NULL) if(SectionRawSize > 0x7FFFFFFF)
{ {
SectionRawSize = NULL; SectionRawSize = NULL;
} }
@ -4713,14 +4690,13 @@ __declspec(dllexport) bool TITCALL ResizeLastSectionW(wchar_t* szFileName, DWORD
UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA); UnMapFileEx(FileHandle, FileSize, FileMap, FileMapVA);
if(szBackupItem[0] != NULL) if(szBackupItem[0] != NULL)
{ {
RemoveGarbageItem(szBackupItem, true);
if(CopyFileW(szBackupFile, szFileName, false)) if(CopyFileW(szBackupFile, szFileName, false))
{ {
RemoveGarbageItem(szBackupItem, true);
return(true); return(true);
} }
else else
{ {
RemoveGarbageItem(szBackupItem, true);
return(false); return(false);
} }
} }
@ -4755,7 +4731,7 @@ __declspec(dllexport) bool TITCALL ResizeLastSectionW(wchar_t* szFileName, DWORD
{ {
PESections->SizeOfRawData = (((PESections->SizeOfRawData + NumberOfExpandBytes) / PEHeader64->OptionalHeader.FileAlignment) + 1) * PEHeader64->OptionalHeader.FileAlignment; PESections->SizeOfRawData = (((PESections->SizeOfRawData + NumberOfExpandBytes) / PEHeader64->OptionalHeader.FileAlignment) + 1) * PEHeader64->OptionalHeader.FileAlignment;
} }
if(SectionRawSize < NULL) if(SectionRawSize > 0x7FFFFFFF)
{ {
SectionRawSize = NULL; SectionRawSize = NULL;
} }
@ -7813,7 +7789,7 @@ __declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD
else else
{ {
SectionNumber = GetPE32SectionNumberFromVA(FileMapVA, PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress + PEHeader32->OptionalHeader.ImageBase); SectionNumber = GetPE32SectionNumberFromVA(FileMapVA, PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress + PEHeader32->OptionalHeader.ImageBase);
if(SectionNumber >= NULL) if(SectionNumber < 0x7FFFFFFF)
{ {
SectionAttributes = (DWORD)GetPE32DataFromMappedFile(FileMapVA, SectionNumber, UE_SECTIONFLAGS); SectionAttributes = (DWORD)GetPE32DataFromMappedFile(FileMapVA, SectionNumber, UE_SECTIONFLAGS);
if(SectionAttributes & IMAGE_SCN_MEM_EXECUTE || SectionAttributes & IMAGE_SCN_CNT_CODE || SectionAttributes & IMAGE_SCN_MEM_WRITE || SectionAttributes & IMAGE_SCN_CNT_INITIALIZED_DATA) if(SectionAttributes & IMAGE_SCN_MEM_EXECUTE || SectionAttributes & IMAGE_SCN_CNT_CODE || SectionAttributes & IMAGE_SCN_MEM_WRITE || SectionAttributes & IMAGE_SCN_CNT_INITIALIZED_DATA)
@ -12064,10 +12040,9 @@ __declspec(dllexport) bool TITCALL ThreaderIsThreadStillRunning(HANDLE hThread)
} }
__declspec(dllexport) bool TITCALL ThreaderIsThreadActive(HANDLE hThread) __declspec(dllexport) bool TITCALL ThreaderIsThreadActive(HANDLE hThread)
{ {
if(SuspendThread(hThread)) //if previous suspend count is above 0 (which means thread is suspended)
if(SuspendThread(hThread) < 0)
{ {
ResumeThread(hThread); ResumeThread(hThread); //decrement suspend count
return(true); return(true);
} }
return(false); return(false);
@ -15429,13 +15404,6 @@ __declspec(dllexport) bool TITCALL IsJumpGoingToExecuteEx(HANDLE hProcess, HANDL
return(true); return(true);
} }
} }
else if(lstrcmpiA(DisassembledString, "JC") == NULL)
{
if(bCF)
{
return(true);
}
}
} }
} }
return(false); return(false);
@ -16587,7 +16555,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
} }
if(engineReserveModuleBase) //reserve original image base if(engineReserveModuleBase) //reserve original image base
{ {
VirtualAllocEx(dbgProcessInformation.hProcess, (void*)engineReserveModuleBase, 0x1000, MEM_RESERVE, PAGE_READWRITE); VirtualAllocEx(dbgProcessInformation.hProcess, (void*)engineReserveModuleBase, 0x1000, MEM_RESERVE, PAGE_READWRITE); //return value nt used, yea just ignore. return value doesnt matter and there is no possible fix when failed :D this is only used to make sure DLL loads on another image base
} }
} }
if(hListProcess == NULL) if(hListProcess == NULL)
@ -16791,7 +16759,7 @@ __declspec(dllexport) void TITCALL DebugLoop()
{ {
hListLibraryPtr->hFileMapping = hFileMapping; hListLibraryPtr->hFileMapping = hFileMapping;
hListLibraryPtr->hFileMappingView = hFileMappingView; hListLibraryPtr->hFileMappingView = hFileMappingView;
if(GetMappedFileNameW(GetCurrentProcess(), hFileMappingView, DLLDebugFileName, sizeof DLLDebugFileName) > NULL) if(GetMappedFileNameW(GetCurrentProcess(), hFileMappingView, DLLDebugFileName, sizeof(DLLDebugFileName)/sizeof(DLLDebugFileName[0])) > NULL)
{ {
i = lstrlenW(DLLDebugFileName); i = lstrlenW(DLLDebugFileName);
while(DLLDebugFileName[i] != 0x5C && i >= NULL) while(DLLDebugFileName[i] != 0x5C && i >= NULL)
@ -22114,9 +22082,7 @@ long long EngineGlobalTracerHandler1(HANDLE hProcess, ULONG_PTR AddressToTrace,
if(ReadProcessMemory(hProcess, (LPVOID)MemInfo.BaseAddress, TraceMemory, memSize, &ueNumberOfBytesRead)) if(ReadProcessMemory(hProcess, (LPVOID)MemInfo.BaseAddress, TraceMemory, memSize, &ueNumberOfBytesRead))
{ {
TraceStartAddress = AddressToTrace - (ULONG_PTR)MemInfo.BaseAddress + (ULONG_PTR)TraceMemory; TraceStartAddress = AddressToTrace - (ULONG_PTR)MemInfo.BaseAddress + (ULONG_PTR)TraceMemory;
if(HashInstructions) if(HashInstructions && InputNumberOfInstructions > NULL)
{
if(InputNumberOfInstructions > NULL)
{ {
LoopCondition = true; LoopCondition = true;
} }
@ -22124,18 +22090,7 @@ long long EngineGlobalTracerHandler1(HANDLE hProcess, ULONG_PTR AddressToTrace,
{ {
LoopCondition = false; LoopCondition = false;
} }
}
else
{
if(CurrentNumberOfInstructions < 1000 && FoundValidAPI == false)
{
LoopCondition = true;
}
else
{
LoopCondition = false;
}
}
while(LoopCondition) while(LoopCondition)
{ {
SkipHashing = false; SkipHashing = false;
@ -22336,151 +22291,152 @@ long long EngineGlobalTracerHandler1(HANDLE hProcess, ULONG_PTR AddressToTrace,
if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xC8 && CurrentInstructionSize == 2) if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xC8 && CurrentInstructionSize == 2)
{ {
SkipThisInstruction = true; SkipThisInstruction = true;
}
/* /*
MOV EBX,EBX (0x8B 0xC9) MOV EBX,EBX (0x8B 0xC9)
*/ */
}
else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xC9 && CurrentInstructionSize == 2) else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xC9 && CurrentInstructionSize == 2)
{ {
SkipThisInstruction = true; SkipThisInstruction = true;
}
/* /*
MOV ECX,ECX (0x8B 0xDB) MOV ECX,ECX (0x8B 0xDB)
*/ */
}
else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xDB && CurrentInstructionSize == 2) else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xDB && CurrentInstructionSize == 2)
{ {
SkipThisInstruction = true; SkipThisInstruction = true;
}
/* /*
MOV (0x8B 0xED) MOV (0x8B 0xED)
*/ */
}
else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xED && CurrentInstructionSize == 2) else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xED && CurrentInstructionSize == 2)
{ {
SkipThisInstruction = true; SkipThisInstruction = true;
}
/* /*
MOV (0x8B 0xF6) MOV (0x8B 0xF6)
*/ */
}
else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xF6 && CurrentInstructionSize == 2) else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xF6 && CurrentInstructionSize == 2)
{ {
SkipThisInstruction = true; SkipThisInstruction = true;
}
/* /*
MOV (0x8B 0xE4) MOV (0x8B 0xE4)
*/ */
}
else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xE4 && CurrentInstructionSize == 2) else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xE4 && CurrentInstructionSize == 2)
{ {
SkipThisInstruction = true; SkipThisInstruction = true;
}
/* /*
MOV EDX,EDX (0x8B 0xD2) MOV EDX,EDX (0x8B 0xD2)
*/ */
}
else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xD2 && CurrentNumberOfInstructions != 1 && CurrentInstructionSize == 2) else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xD2 && CurrentNumberOfInstructions != 1 && CurrentInstructionSize == 2)
{ {
SkipThisInstruction = true; SkipThisInstruction = true;
}
/* /*
MOV EDI,EDI (0x8B 0xFF) MOV EDI,EDI (0x8B 0xFF)
*/ */
}
else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xFF && CurrentNumberOfInstructions != 1 && CurrentInstructionSize == 2) else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xFF && CurrentNumberOfInstructions != 1 && CurrentInstructionSize == 2)
{ {
SkipThisInstruction = true; SkipThisInstruction = true;
}
/* /*
MOV AL,AL (0x8A 0xC0) MOV AL,AL (0x8A 0xC0)
*/ */
}
else if(CompareMemory->DataByte[0] == 0x8A && CompareMemory->DataByte[1] == 0xC0 && CurrentInstructionSize == 2) else if(CompareMemory->DataByte[0] == 0x8A && CompareMemory->DataByte[1] == 0xC0 && CurrentInstructionSize == 2)
{ {
SkipThisInstruction = true; SkipThisInstruction = true;
}
/* /*
MOV BL,BL (0x8A 0xDB) MOV BL,BL (0x8A 0xDB)
*/ */
}
else if(CompareMemory->DataByte[0] == 0x8A && CompareMemory->DataByte[1] == 0xDB && CurrentInstructionSize == 2) else if(CompareMemory->DataByte[0] == 0x8A && CompareMemory->DataByte[1] == 0xDB && CurrentInstructionSize == 2)
{ {
SkipThisInstruction = true; SkipThisInstruction = true;
}
/* /*
MOV CL,CL (0x8A 0xC9) MOV CL,CL (0x8A 0xC9)
*/ */
}
else if(CompareMemory->DataByte[0] == 0x8A && CompareMemory->DataByte[1] == 0xC9 && CurrentInstructionSize == 2) else if(CompareMemory->DataByte[0] == 0x8A && CompareMemory->DataByte[1] == 0xC9 && CurrentInstructionSize == 2)
{ {
SkipThisInstruction = true; SkipThisInstruction = true;
}
/* /*
MOV (0x8A 0xD2) MOV (0x8A 0xD2)
*/ */
}
else if(CompareMemory->DataByte[0] == 0x8A && CompareMemory->DataByte[1] == 0xD2 && CurrentInstructionSize == 2) else if(CompareMemory->DataByte[0] == 0x8A && CompareMemory->DataByte[1] == 0xD2 && CurrentInstructionSize == 2)
{ {
SkipThisInstruction = true; SkipThisInstruction = true;
}
/* /*
MOV (0x8A 0xE4) MOV (0x8A 0xE4)
*/ */
}
else if(CompareMemory->DataByte[0] == 0x8A && CompareMemory->DataByte[1] == 0xE4 && CurrentInstructionSize == 2) else if(CompareMemory->DataByte[0] == 0x8A && CompareMemory->DataByte[1] == 0xE4 && CurrentInstructionSize == 2)
{ {
SkipThisInstruction = true; SkipThisInstruction = true;
}
/* /*
MOV (0x8A 0xED) MOV (0x8A 0xED)
*/ */
}
else if(CompareMemory->DataByte[0] == 0x8A && CompareMemory->DataByte[1] == 0xED && CurrentInstructionSize == 2) else if(CompareMemory->DataByte[0] == 0x8A && CompareMemory->DataByte[1] == 0xED && CurrentInstructionSize == 2)
{ {
SkipThisInstruction = true; SkipThisInstruction = true;
}
/* /*
MOV (0x8A 0xFF) MOV (0x8A 0xFF)
*/ */
}
else if(CompareMemory->DataByte[0] == 0x8A && CompareMemory->DataByte[1] == 0xFF && CurrentInstructionSize == 2) else if(CompareMemory->DataByte[0] == 0x8A && CompareMemory->DataByte[1] == 0xFF && CurrentInstructionSize == 2)
{ {
SkipThisInstruction = true; SkipThisInstruction = true;
}
/* /*
MOV (0x8A 0xF6) MOV (0x8A 0xF6)
*/ */
}
else if(CompareMemory->DataByte[0] == 0x8A && CompareMemory->DataByte[1] == 0xF6 && CurrentInstructionSize == 2) else if(CompareMemory->DataByte[0] == 0x8A && CompareMemory->DataByte[1] == 0xF6 && CurrentInstructionSize == 2)
{ {
SkipThisInstruction = true; SkipThisInstruction = true;
}
/* /*
MOV AX,AX (0x8B 0xC0) MOV AX,AX (0x8B 0xC0)
*/ */
}
else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xC0 && CurrentInstructionSize == 2) else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xC0 && CurrentInstructionSize == 2)
{ {
SkipThisInstruction = true; SkipThisInstruction = true;
}
/* /*
MOV (0x8B 0xDB) MOV (0x8B 0xDB)
*/ */
}
else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xDB && CurrentInstructionSize == 2) else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xDB && CurrentInstructionSize == 2)
{ {
SkipThisInstruction = true; SkipThisInstruction = true;
}
/* /*
MOV (0x8B 0xC9) MOV (0x8B 0xC9)
*/ */
}
else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xC9 && CurrentInstructionSize == 2) else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xC9 && CurrentInstructionSize == 2)
{ {
SkipThisInstruction = true; SkipThisInstruction = true;
}
/* /*
MOV (0x8B 0xF6) MOV (0x8B 0xF6)
*/ */
}
else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xF6 && CurrentInstructionSize == 2) else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xF6 && CurrentInstructionSize == 2)
{ {
SkipThisInstruction = true; SkipThisInstruction = true;
}
/* /*
MOV (0x8B 0xED) MOV (0x8B 0xED)
*/ */
}
else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xED && CurrentInstructionSize == 2) else if(CompareMemory->DataByte[0] == 0x8B && CompareMemory->DataByte[1] == 0xED && CurrentInstructionSize == 2)
{ {
SkipThisInstruction = true; SkipThisInstruction = true;
} }
}
/* /*
RDTSC (0x0F 0x31) RDTSC (0x0F 0x31)
*/ */
}
else if(CompareMemory->DataByte[0] == 0x0F && CompareMemory->DataByte[1] == 0x31 && CurrentInstructionSize == 2) else if(CompareMemory->DataByte[0] == 0x0F && CompareMemory->DataByte[1] == 0x31 && CurrentInstructionSize == 2)
{ {
SkipThisInstruction = true; SkipThisInstruction = true;
@ -22792,7 +22748,7 @@ __declspec(dllexport) long TITCALL TracerDetectRedirection(HANDLE hProcess, ULON
ULONG_PTR ueNumberOfBytesRead = NULL; ULONG_PTR ueNumberOfBytesRead = NULL;
PMEMORY_CMP_HANDLER cMem; PMEMORY_CMP_HANDLER cMem;
DWORD MemoryHash = NULL; DWORD MemoryHash = NULL;
DWORD MaximumReadSize; DWORD MaximumReadSize = 0;
DWORD TestAddressX86; DWORD TestAddressX86;
LPVOID TraceMemory; LPVOID TraceMemory;
bool HashCheck = false; bool HashCheck = false;
@ -23665,7 +23621,7 @@ __declspec(dllexport) bool TITCALL ExporterBuildExportTable(ULONG_PTR StorePlace
DWORD StorePlaceRVA = (DWORD)ConvertFileOffsetToVA(FileMapVA, StorePlace, false); DWORD StorePlaceRVA = (DWORD)ConvertFileOffsetToVA(FileMapVA, StorePlace, false);
ULONG_PTR TempULONG; ULONG_PTR TempULONG;
DWORD TempDWORD; DWORD TempDWORD;
BOOL FileIs64; BOOL FileIs64 = false;
if(expTableDataCWP != NULL) if(expTableDataCWP != NULL)
{ {
@ -23739,6 +23695,10 @@ __declspec(dllexport) bool TITCALL ExporterBuildExportTable(ULONG_PTR StorePlace
{ {
FileIs64 = true; FileIs64 = true;
} }
else
{
return false;
}
if(!FileIs64) if(!FileIs64)
{ {
PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress = (DWORD)StorePlaceRVA; PEHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress = (DWORD)StorePlaceRVA;
@ -26059,7 +26019,8 @@ __declspec(dllexport) long long TITCALL HandlerGetOpenMutexHandle(HANDLE hProces
} }
__declspec(dllexport) long long TITCALL HandlerGetOpenMutexHandleW(HANDLE hProcess, DWORD ProcessId, wchar_t* szMutexString) __declspec(dllexport) long long TITCALL HandlerGetOpenMutexHandleW(HANDLE hProcess, DWORD ProcessId, wchar_t* szMutexString)
{ {
if(!szMutexString || lstrlenW(szMutexString)>=512)
return 0;
int i; int i;
HANDLE myHandle; HANDLE myHandle;
LPVOID HandleBuffer = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE); LPVOID HandleBuffer = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE);
@ -26106,7 +26067,8 @@ __declspec(dllexport) long TITCALL HandlerGetProcessIdWhichCreatedMutex(char* sz
} }
__declspec(dllexport) long TITCALL HandlerGetProcessIdWhichCreatedMutexW(wchar_t* szMutexString) __declspec(dllexport) long TITCALL HandlerGetProcessIdWhichCreatedMutexW(wchar_t* szMutexString)
{ {
if(!szMutexString || lstrlenW(szMutexString)>=512)
return 0;
HANDLE hProcess = NULL; HANDLE hProcess = NULL;
DWORD ReturnData = NULL; DWORD ReturnData = NULL;
HANDLE myHandle = NULL; HANDLE myHandle = NULL;
@ -27135,7 +27097,8 @@ __declspec(dllexport) void TITCALL StaticSectionDecrypt(ULONG_PTR FileMapVA, DWO
} }
__declspec(dllexport) bool TITCALL StaticMemoryDecompress(void* Source, DWORD SourceSize, void* Destination, DWORD DestinationSize, int Algorithm) __declspec(dllexport) bool TITCALL StaticMemoryDecompress(void* Source, DWORD SourceSize, void* Destination, DWORD DestinationSize, int Algorithm)
{ {
if(!Source || !Destination)
return false;
ELzmaStatus lzStatus; ELzmaStatus lzStatus;
CLzmaProps lzProps = {}; CLzmaProps lzProps = {};
ISzAlloc lzAlloc = {&LzmaAllocMem, &LzmaFreeMem}; ISzAlloc lzAlloc = {&LzmaAllocMem, &LzmaFreeMem};
@ -27147,12 +27110,7 @@ __declspec(dllexport) bool TITCALL StaticMemoryDecompress(void* Source, DWORD So
{ {
return(true); return(true);
} }
#endif else if(aPsafe_depack(Source, SourceSize, Destination, DestinationSize) != APLIB_ERROR)
}
else if(Algorithm == UE_STATIC_APLIB)
{
#if !defined (_WIN64)
if(aPsafe_depack(Source, SourceSize, Destination, DestinationSize) != APLIB_ERROR)
{ {
return(true); return(true);
} }
@ -28157,8 +28115,8 @@ void EngineSimplifyMakeSnapshotCallBack()
void EngineSimplifyEntryPointCallBack() void EngineSimplifyEntryPointCallBack()
{ {
int i; int i = 0;
int j; int j = 0;
DWORD FileSize; DWORD FileSize;
HANDLE FileMap; HANDLE FileMap;
ULONG_PTR FileMapVA; ULONG_PTR FileMapVA;
@ -28719,7 +28677,8 @@ __declspec(dllexport) bool TITCALL EngineDeleteCreatedDependencies()
__declspec(dllexport) bool TITCALL EngineCreateUnpackerWindow(char* WindowUnpackerTitle, char* WindowUnpackerLongTitle, char* WindowUnpackerName, char* WindowUnpackerAuthor, void* StartUnpackingCallBack) __declspec(dllexport) bool TITCALL EngineCreateUnpackerWindow(char* WindowUnpackerTitle, char* WindowUnpackerLongTitle, char* WindowUnpackerName, char* WindowUnpackerAuthor, void* StartUnpackingCallBack)
{ {
if(!WindowUnpackerTitle || !WindowUnpackerLongTitle || !WindowUnpackerName || !WindowUnpackerAuthor || !StartUnpackingCallBack)
return false;
EngineStartUnpackingCallBack = StartUnpackingCallBack; EngineStartUnpackingCallBack = StartUnpackingCallBack;
lstrcpyA(szWindowUnpackerTitle, WindowUnpackerTitle); lstrcpyA(szWindowUnpackerTitle, WindowUnpackerTitle);
lstrcpyA(szWindowUnpackerLongTitle, WindowUnpackerLongTitle); lstrcpyA(szWindowUnpackerLongTitle, WindowUnpackerLongTitle);
@ -28983,7 +28942,8 @@ bool RemoveGarbageItem(wchar_t* szGarbageItem, bool RemoveFolder)
} }
bool FillGarbageItem(wchar_t* szGarbageItem, wchar_t* szFileName, void* outGargabeItem, int MaxGargabeStringSize) bool FillGarbageItem(wchar_t* szGarbageItem, wchar_t* szFileName, void* outGargabeItem, int MaxGargabeStringSize)
{ {
if(!szGarbageItem || !szFileName || !outGargabeItem)
return false;
wchar_t szCopyFileName[512]; wchar_t szCopyFileName[512];
wchar_t szGargabeItemBuff[128]; wchar_t szGargabeItemBuff[128];