mirror of https://github.com/x64dbg/TitanEngine
1399 lines
63 KiB
Python
1399 lines
63 KiB
Python
# -*- coding: utf-8 -*-
|
|
import sys
|
|
from ctypes import *
|
|
from ctypes.wintypes import *
|
|
|
|
_WIN64 = sys.maxsize > 0x7fffffff
|
|
LONGLONG = c_longlong
|
|
ULONGLONG = c_ulonglong
|
|
DWORD64 = c_ulonglong
|
|
ULONG_PTR = POINTER(ULONG)
|
|
SIZE_T = ULONG_PTR
|
|
LPDWORD = POINTER(DWORD)
|
|
PULONG_PTR = POINTER(ULONG_PTR)
|
|
PBYTE = POINTER(BYTE)
|
|
LPBYTE = POINTER(BYTE)
|
|
DWORD_PTR = POINTER(DWORD)
|
|
LPHANDLE = POINTER(HANDLE)
|
|
PVOID = c_void_p
|
|
LPTHREAD_START_ROUTINE = c_void_p
|
|
|
|
TE = windll.LoadLibrary("TitanEngine.dll")
|
|
|
|
# Global.Constant.Structure.Declaration:
|
|
# Engine.External:
|
|
UE_STRUCT_PE32STRUCT = 1
|
|
UE_STRUCT_PE64STRUCT = 2
|
|
UE_STRUCT_PESTRUCT = 3
|
|
UE_STRUCT_IMPORTENUMDATA = 4
|
|
UE_STRUCT_THREAD_ITEM_DATA = 5
|
|
UE_STRUCT_LIBRARY_ITEM_DATA = 6
|
|
UE_STRUCT_LIBRARY_ITEM_DATAW = 7
|
|
UE_STRUCT_PROCESS_ITEM_DATA = 8
|
|
UE_STRUCT_HANDLERARRAY = 9
|
|
UE_STRUCT_PLUGININFORMATION = 10
|
|
UE_STRUCT_HOOK_ENTRY = 11
|
|
UE_STRUCT_FILE_STATUS_INFO = 12
|
|
UE_STRUCT_FILE_FIX_INFO = 13
|
|
UE_STRUCT_X87FPUREGISTER = 14
|
|
UE_STRUCT_X87FPU = 15
|
|
UE_STRUCT_TITAN_ENGINE_CONTEXT = 16
|
|
|
|
UE_ACCESS_READ = 0
|
|
UE_ACCESS_WRITE = 1
|
|
UE_ACCESS_ALL = 2
|
|
|
|
UE_HIDE_PEBONLY = 0
|
|
UE_HIDE_BASIC = 1
|
|
|
|
UE_PLUGIN_CALL_REASON_PREDEBUG = 1
|
|
UE_PLUGIN_CALL_REASON_EXCEPTION = 2
|
|
UE_PLUGIN_CALL_REASON_POSTDEBUG = 3
|
|
UE_PLUGIN_CALL_REASON_UNHANDLEDEXCEPTION = 4
|
|
|
|
TEE_HOOK_NRM_JUMP = 1
|
|
TEE_HOOK_NRM_CALL = 3
|
|
TEE_HOOK_IAT = 5
|
|
|
|
UE_ENGINE_ALOW_MODULE_LOADING = 1
|
|
UE_ENGINE_AUTOFIX_FORWARDERS = 2
|
|
UE_ENGINE_PASS_ALL_EXCEPTIONS = 3
|
|
UE_ENGINE_NO_CONSOLE_WINDOW = 4
|
|
UE_ENGINE_BACKUP_FOR_CRITICAL_FUNCTIONS = 5
|
|
UE_ENGINE_CALL_PLUGIN_CALLBACK = 6
|
|
UE_ENGINE_RESET_CUSTOM_HANDLER = 7
|
|
UE_ENGINE_CALL_PLUGIN_DEBUG_CALLBACK = 8
|
|
UE_ENGINE_SET_DEBUG_PRIVILEGE = 9
|
|
UE_ENGINE_SAFE_ATTACH = 10
|
|
|
|
UE_OPTION_REMOVEALL = 1
|
|
UE_OPTION_DISABLEALL = 2
|
|
UE_OPTION_REMOVEALLDISABLED = 3
|
|
UE_OPTION_REMOVEALLENABLED = 4
|
|
|
|
UE_STATIC_DECRYPTOR_XOR = 1
|
|
UE_STATIC_DECRYPTOR_SUB = 2
|
|
UE_STATIC_DECRYPTOR_ADD = 3
|
|
|
|
UE_STATIC_DECRYPTOR_FOREWARD = 1
|
|
UE_STATIC_DECRYPTOR_BACKWARD = 2
|
|
|
|
UE_STATIC_KEY_SIZE_1 = 1
|
|
UE_STATIC_KEY_SIZE_2 = 2
|
|
UE_STATIC_KEY_SIZE_4 = 4
|
|
UE_STATIC_KEY_SIZE_8 = 8
|
|
|
|
UE_STATIC_APLIB = 1
|
|
UE_STATIC_APLIB_DEPACK = 2
|
|
UE_STATIC_LZMA = 3
|
|
|
|
UE_STATIC_HASH_MD5 = 1
|
|
UE_STATIC_HASH_SHA1 = 2
|
|
UE_STATIC_HASH_CRC32 = 3
|
|
|
|
UE_RESOURCE_LANGUAGE_ANY = -1
|
|
|
|
UE_PE_OFFSET = 0
|
|
UE_IMAGEBASE = 1
|
|
UE_OEP = 2
|
|
UE_SIZEOFIMAGE = 3
|
|
UE_SIZEOFHEADERS = 4
|
|
UE_SIZEOFOPTIONALHEADER = 5
|
|
UE_SECTIONALIGNMENT = 6
|
|
UE_IMPORTTABLEADDRESS = 7
|
|
UE_IMPORTTABLESIZE = 8
|
|
UE_RESOURCETABLEADDRESS = 9
|
|
UE_RESOURCETABLESIZE = 10
|
|
UE_EXPORTTABLEADDRESS = 11
|
|
UE_EXPORTTABLESIZE = 12
|
|
UE_TLSTABLEADDRESS = 13
|
|
UE_TLSTABLESIZE = 14
|
|
UE_RELOCATIONTABLEADDRESS = 15
|
|
UE_RELOCATIONTABLESIZE = 16
|
|
UE_TIMEDATESTAMP = 17
|
|
UE_SECTIONNUMBER = 18
|
|
UE_CHECKSUM = 19
|
|
UE_SUBSYSTEM = 20
|
|
UE_CHARACTERISTICS = 21
|
|
UE_NUMBEROFRVAANDSIZES = 22
|
|
UE_BASEOFCODE = 23
|
|
UE_BASEOFDATA = 24
|
|
UE_DLLCHARACTERISTICS = 25
|
|
# leaving some enum space here for future additions
|
|
UE_SECTIONNAME = 40
|
|
UE_SECTIONVIRTUALOFFSET = 41
|
|
UE_SECTIONVIRTUALSIZE = 42
|
|
UE_SECTIONRAWOFFSET = 43
|
|
UE_SECTIONRAWSIZE = 44
|
|
UE_SECTIONFLAGS = 45
|
|
|
|
UE_VANOTFOUND = -2
|
|
|
|
UE_CH_BREAKPOINT = 1
|
|
UE_CH_SINGLESTEP = 2
|
|
UE_CH_ACCESSVIOLATION = 3
|
|
UE_CH_ILLEGALINSTRUCTION = 4
|
|
UE_CH_NONCONTINUABLEEXCEPTION = 5
|
|
UE_CH_ARRAYBOUNDSEXCEPTION = 6
|
|
UE_CH_FLOATDENORMALOPERAND = 7
|
|
UE_CH_FLOATDEVIDEBYZERO = 8
|
|
UE_CH_INTEGERDEVIDEBYZERO = 9
|
|
UE_CH_INTEGEROVERFLOW = 10
|
|
UE_CH_PRIVILEGEDINSTRUCTION = 11
|
|
UE_CH_PAGEGUARD = 12
|
|
UE_CH_EVERYTHINGELSE = 13
|
|
UE_CH_CREATETHREAD = 14
|
|
UE_CH_EXITTHREAD = 15
|
|
UE_CH_CREATEPROCESS = 16
|
|
UE_CH_EXITPROCESS = 17
|
|
UE_CH_LOADDLL = 18
|
|
UE_CH_UNLOADDLL = 19
|
|
UE_CH_OUTPUTDEBUGSTRING = 20
|
|
UE_CH_AFTEREXCEPTIONPROCESSING = 21
|
|
UE_CH_SYSTEMBREAKPOINT = 23
|
|
UE_CH_UNHANDLEDEXCEPTION = 24
|
|
UE_CH_RIPEVENT = 25
|
|
UE_CH_DEBUGEVENT = 26
|
|
|
|
UE_OPTION_HANDLER_RETURN_HANDLECOUNT = 1
|
|
UE_OPTION_HANDLER_RETURN_ACCESS = 2
|
|
UE_OPTION_HANDLER_RETURN_FLAGS = 3
|
|
UE_OPTION_HANDLER_RETURN_TYPENAME = 4
|
|
|
|
UE_BREAKPOINT_INT3 = 1
|
|
UE_BREAKPOINT_LONG_INT3 = 2
|
|
UE_BREAKPOINT_UD2 = 3
|
|
|
|
UE_BPXREMOVED = 0
|
|
UE_BPXACTIVE = 1
|
|
UE_BPXINACTIVE = 2
|
|
|
|
UE_BREAKPOINT = 0
|
|
UE_SINGLESHOOT = 1
|
|
UE_HARDWARE = 2
|
|
UE_MEMORY = 3
|
|
UE_MEMORY_READ = 4
|
|
UE_MEMORY_WRITE = 5
|
|
UE_MEMORY_EXECUTE = 6
|
|
UE_BREAKPOINT_TYPE_INT3 = 0x10000000
|
|
UE_BREAKPOINT_TYPE_LONG_INT3 = 0x20000000
|
|
UE_BREAKPOINT_TYPE_UD2 = 0x30000000
|
|
|
|
UE_HARDWARE_EXECUTE = 4
|
|
UE_HARDWARE_WRITE = 5
|
|
UE_HARDWARE_READWRITE = 6
|
|
|
|
UE_HARDWARE_SIZE_1 = 7
|
|
UE_HARDWARE_SIZE_2 = 8
|
|
UE_HARDWARE_SIZE_4 = 9
|
|
UE_HARDWARE_SIZE_8 = 10
|
|
|
|
UE_ON_LIB_LOAD = 1
|
|
UE_ON_LIB_UNLOAD = 2
|
|
UE_ON_LIB_ALL = 3
|
|
|
|
UE_APISTART = 0
|
|
UE_APIEND = 1
|
|
|
|
UE_PLATFORM_x86 = 1
|
|
UE_PLATFORM_x64 = 2
|
|
UE_PLATFORM_ALL = 3
|
|
|
|
UE_FUNCTION_STDCALL = 1
|
|
UE_FUNCTION_CCALL = 2
|
|
UE_FUNCTION_FASTCALL = 3
|
|
UE_FUNCTION_STDCALL_RET = 4
|
|
UE_FUNCTION_CCALL_RET = 5
|
|
UE_FUNCTION_FASTCALL_RET = 6
|
|
UE_FUNCTION_STDCALL_CALL = 7
|
|
UE_FUNCTION_CCALL_CALL = 8
|
|
UE_FUNCTION_FASTCALL_CALL = 9
|
|
UE_PARAMETER_BYTE = 0
|
|
UE_PARAMETER_WORD = 1
|
|
UE_PARAMETER_DWORD = 2
|
|
UE_PARAMETER_QWORD = 3
|
|
UE_PARAMETER_PTR_BYTE = 4
|
|
UE_PARAMETER_PTR_WORD = 5
|
|
UE_PARAMETER_PTR_DWORD = 6
|
|
UE_PARAMETER_PTR_QWORD = 7
|
|
UE_PARAMETER_STRING = 8
|
|
UE_PARAMETER_UNICODE = 9
|
|
|
|
UE_EAX = 1
|
|
UE_EBX = 2
|
|
UE_ECX = 3
|
|
UE_EDX = 4
|
|
UE_EDI = 5
|
|
UE_ESI = 6
|
|
UE_EBP = 7
|
|
UE_ESP = 8
|
|
UE_EIP = 9
|
|
UE_EFLAGS = 10
|
|
UE_DR0 = 11
|
|
UE_DR1 = 12
|
|
UE_DR2 = 13
|
|
UE_DR3 = 14
|
|
UE_DR6 = 15
|
|
UE_DR7 = 16
|
|
UE_RAX = 17
|
|
UE_RBX = 18
|
|
UE_RCX = 19
|
|
UE_RDX = 20
|
|
UE_RDI = 21
|
|
UE_RSI = 22
|
|
UE_RBP = 23
|
|
UE_RSP = 24
|
|
UE_RIP = 25
|
|
UE_RFLAGS = 26
|
|
UE_R8 = 27
|
|
UE_R9 = 28
|
|
UE_R10 = 29
|
|
UE_R11 = 30
|
|
UE_R12 = 31
|
|
UE_R13 = 32
|
|
UE_R14 = 33
|
|
UE_R15 = 34
|
|
UE_CIP = 35
|
|
UE_CSP = 36
|
|
|
|
if _WIN64:
|
|
UE_CFLAGS = UE_RFLAGS
|
|
else:
|
|
UE_CFLAGS = UE_EFLAGS
|
|
|
|
UE_SEG_GS = 37
|
|
UE_SEG_FS = 38
|
|
UE_SEG_ES = 39
|
|
UE_SEG_DS = 40
|
|
UE_SEG_CS = 41
|
|
UE_SEG_SS = 42
|
|
UE_x87_r0 = 43
|
|
UE_x87_r1 = 44
|
|
UE_x87_r2 = 45
|
|
UE_x87_r3 = 46
|
|
UE_x87_r4 = 47
|
|
UE_x87_r5 = 48
|
|
UE_x87_r6 = 49
|
|
UE_x87_r7 = 50
|
|
UE_X87_STATUSWORD = 51
|
|
UE_X87_CONTROLWORD = 52
|
|
UE_X87_TAGWORD = 53
|
|
UE_MXCSR = 54
|
|
UE_MMX0 = 55
|
|
UE_MMX1 = 56
|
|
UE_MMX2 = 57
|
|
UE_MMX3 = 58
|
|
UE_MMX4 = 59
|
|
UE_MMX5 = 60
|
|
UE_MMX6 = 61
|
|
UE_MMX7 = 62
|
|
UE_XMM0 = 63
|
|
UE_XMM1 = 64
|
|
UE_XMM2 = 65
|
|
UE_XMM3 = 66
|
|
UE_XMM4 = 67
|
|
UE_XMM5 = 68
|
|
UE_XMM6 = 69
|
|
UE_XMM7 = 70
|
|
UE_XMM8 = 71
|
|
UE_XMM9 = 72
|
|
UE_XMM10 = 73
|
|
UE_XMM11 = 74
|
|
UE_XMM12 = 75
|
|
UE_XMM13 = 76
|
|
UE_XMM14 = 77
|
|
UE_XMM15 = 78
|
|
UE_x87_ST0 = 79
|
|
UE_x87_ST1 = 80
|
|
UE_x87_ST2 = 81
|
|
UE_x87_ST3 = 82
|
|
UE_x87_ST4 = 83
|
|
UE_x87_ST5 = 84
|
|
UE_x87_ST6 = 85
|
|
UE_x87_ST7 = 86
|
|
UE_YMM0 = 87
|
|
UE_YMM1 = 88
|
|
UE_YMM2 = 89
|
|
UE_YMM3 = 90
|
|
UE_YMM4 = 91
|
|
UE_YMM5 = 92
|
|
UE_YMM6 = 93
|
|
UE_YMM7 = 94
|
|
UE_YMM8 = 95
|
|
UE_YMM9 = 96
|
|
UE_YMM10 = 97
|
|
UE_YMM11 = 98
|
|
UE_YMM12 = 99
|
|
UE_YMM13 = 100
|
|
UE_YMM14 = 101
|
|
UE_YMM15 = 102
|
|
|
|
CONTEXT_EXTENDED_REGISTERS = 0
|
|
|
|
|
|
class PE32Struct(Structure):
|
|
_pack_ = 1
|
|
_fields_ = [
|
|
("PE32Offset", DWORD),
|
|
("ImageBase", DWORD),
|
|
("OriginalEntryPoint", DWORD),
|
|
("NtSizeOfImage", DWORD),
|
|
("NtSizeOfHeaders", DWORD),
|
|
("SizeOfOptionalHeaders", WORD),
|
|
("FileAlignment", DWORD),
|
|
("SectionAligment", DWORD),
|
|
("ImportTableAddress", DWORD),
|
|
("ImportTableSize", DWORD),
|
|
("ResourceTableAddress", DWORD),
|
|
("ResourceTableSize", DWORD),
|
|
("ExportTableAddress", DWORD),
|
|
("ExportTableSize", DWORD),
|
|
("TLSTableAddress", DWORD),
|
|
("TLSTableSize", DWORD),
|
|
("RelocationTableAddress", DWORD),
|
|
("RelocationTableSize", DWORD),
|
|
("TimeDateStamp", DWORD),
|
|
("SectionNumber", WORD),
|
|
("CheckSum", DWORD),
|
|
("SubSystem", WORD),
|
|
("Characteristics", WORD),
|
|
("NumberOfRvaAndSizes", DWORD)
|
|
]
|
|
|
|
class PE64Struct(Structure):
|
|
_pack_ = 1
|
|
_fields_ = [
|
|
("PE64Offset", DWORD),
|
|
("ImageBase", DWORD64),
|
|
("OriginalEntryPoint", DWORD),
|
|
("NtSizeOfImage", DWORD),
|
|
("NtSizeOfHeaders", DWORD),
|
|
("SizeOfOptionalHeaders", WORD),
|
|
("FileAlignment", DWORD),
|
|
("SectionAligment", DWORD),
|
|
("ImportTableAddress", DWORD),
|
|
("ImportTableSize", DWORD),
|
|
("ResourceTableAddress", DWORD),
|
|
("ResourceTableSize", DWORD),
|
|
("ExportTableAddress", DWORD),
|
|
("ExportTableSize", DWORD),
|
|
("TLSTableAddress", DWORD),
|
|
("TLSTableSize", DWORD),
|
|
("RelocationTableAddress", DWORD),
|
|
("RelocationTableSize", DWORD),
|
|
("TimeDateStamp", DWORD),
|
|
("SectionNumber", WORD),
|
|
("CheckSum", DWORD),
|
|
("SubSystem", WORD),
|
|
("Characteristics", WORD),
|
|
("NumberOfRvaAndSizes", DWORD)
|
|
]
|
|
|
|
if _WIN64:
|
|
PEStruct = PE64Struct
|
|
else:
|
|
PEStruct = PE32Struct
|
|
|
|
class ImportEnumData(Structure):
|
|
_pack_ = 1
|
|
_fields_ = [
|
|
("NewDll", c_bool),
|
|
("NumberOfImports", c_int),
|
|
("ImageBase", ULONG_PTR),
|
|
("BaseImportThunk", ULONG_PTR),
|
|
("ImportThunk", ULONG_PTR),
|
|
("APIName", c_char_p),
|
|
("DLLName", c_char_p)
|
|
]
|
|
|
|
class THREAD_ITEM_DATA(Structure):
|
|
_pack_ = 1
|
|
_fields_ = [
|
|
("hThread", HANDLE),
|
|
("dwThreadId", DWORD),
|
|
("ThreadStartAddress", c_void_p),
|
|
("ThreadLocalBase", c_void_p),
|
|
("TebAddress", c_void_p),
|
|
("WaitTime", ULONG),
|
|
("Priority", LONG),
|
|
("BasePriority", LONG),
|
|
("ContextSwitches", ULONG),
|
|
("ThreadState", ULONG),
|
|
("WaitReason", ULONG)
|
|
]
|
|
|
|
class LIBRARY_ITEM_DATA(Structure):
|
|
_pack_ = 1
|
|
_fields_ = [
|
|
("hFile", HANDLE),
|
|
("BaseOfDll", c_void_p),
|
|
("hFileMapping", HANDLE),
|
|
("hFileMappingView", c_void_p),
|
|
("szLibraryPath", c_char * MAX_PATH),
|
|
("szLibraryName", c_char * MAX_PATH)
|
|
]
|
|
|
|
class LIBRARY_ITEM_DATAW(Structure):
|
|
_pack_ = 1
|
|
_fields_ = [
|
|
("hFile", HANDLE),
|
|
("BaseOfDll", c_void_p),
|
|
("hFileMapping", HANDLE),
|
|
("hFileMappingView", c_void_p),
|
|
("szLibraryPath", c_wchar * MAX_PATH),
|
|
("szLibraryName", c_wchar * MAX_PATH)
|
|
]
|
|
|
|
class PROCESS_ITEM_DATA(Structure):
|
|
_pack_ = 1
|
|
_fields_ = [
|
|
("hProcess", HANDLE),
|
|
("dwProcessId", DWORD),
|
|
("hThread", HANDLE),
|
|
("dwThreadId", DWORD),
|
|
("hFile", HANDLE),
|
|
("BaseOfImage", c_void_p),
|
|
("ThreadStartAddress", c_void_p),
|
|
("ThreadLocalBase", c_void_p)
|
|
]
|
|
|
|
class HandlerArray(Structure):
|
|
_pack_ = 1
|
|
_fields_ = [
|
|
("ProcessId", ULONG),
|
|
("hHandle", HANDLE)
|
|
]
|
|
|
|
class PluginInformation(Structure):
|
|
_pack_ = 1
|
|
_fields_ = [
|
|
("PluginName", c_char * 64),
|
|
("PluginMajorVersion", DWORD),
|
|
("PluginMinorVersion", DWORD),
|
|
("PluginBaseAddress", HMODULE),
|
|
("TitanDebuggingCallBack", c_void_p),
|
|
("TitanRegisterPlugin", c_void_p),
|
|
("TitanReleasePlugin", c_void_p),
|
|
("TitanResetPlugin", c_void_p),
|
|
("PluginDisabled", c_bool)
|
|
]
|
|
|
|
TEE_MAXIMUM_HOOK_SIZE = 14
|
|
TEE_MAXIMUM_HOOK_RELOCS = 7
|
|
|
|
if _WIN64:
|
|
TEE_MAXIMUM_HOOK_INSERT_SIZE = 14
|
|
else:
|
|
TEE_MAXIMUM_HOOK_INSERT_SIZE = 5
|
|
|
|
class HOOK_ENTRY(Structure):
|
|
_pack_ = 1
|
|
_fields_ = [
|
|
("IATHook", c_bool),
|
|
("HookType", BYTE),
|
|
("HookSize", DWORD),
|
|
("HookAddress", c_void_p),
|
|
("RedirectionAddress", c_void_p),
|
|
("HookBytes", BYTE * TEE_MAXIMUM_HOOK_SIZE),
|
|
("OriginalBytes", BYTE * TEE_MAXIMUM_HOOK_SIZE),
|
|
("IATHookModuleBase", c_void_p),
|
|
("IATHookNameHash", DWORD),
|
|
("HookIsEnabled", c_bool),
|
|
("HookIsRemote", c_bool),
|
|
("PatchedEntry", c_void_p),
|
|
("RelocationInfo", DWORD * TEE_MAXIMUM_HOOK_RELOCS),
|
|
("RelocationCount", c_int)
|
|
]
|
|
|
|
UE_DEPTH_SURFACE = 0
|
|
UE_DEPTH_DEEP = 1
|
|
|
|
UE_UNPACKER_CONDITION_SEARCH_FROM_EP = 1
|
|
|
|
UE_UNPACKER_CONDITION_LOADLIBRARY = 1
|
|
UE_UNPACKER_CONDITION_GETPROCADDRESS = 2
|
|
UE_UNPACKER_CONDITION_ENTRYPOINTBREAK = 3
|
|
UE_UNPACKER_CONDITION_RELOCSNAPSHOT1 = 4
|
|
UE_UNPACKER_CONDITION_RELOCSNAPSHOT2 = 5
|
|
|
|
UE_FIELD_OK = 0
|
|
UE_FIELD_BROKEN_NON_FIXABLE = 1
|
|
UE_FIELD_BROKEN_NON_CRITICAL = 2
|
|
UE_FIELD_BROKEN_FIXABLE_FOR_STATIC_USE = 3
|
|
UE_FIELD_BROKEN_BUT_CAN_BE_EMULATED = 4
|
|
UE_FIELD_FIXABLE_NON_CRITICAL = 5
|
|
UE_FILED_FIXABLE_CRITICAL = 6
|
|
UE_FIELD_NOT_PRESET = 7
|
|
UE_FIELD_NOT_PRESET_WARNING = 8
|
|
|
|
UE_RESULT_FILE_OK = 10
|
|
UE_RESULT_FILE_INVALID_BUT_FIXABLE = 11
|
|
UE_RESULT_FILE_INVALID_AND_NON_FIXABLE = 12
|
|
UE_RESULT_FILE_INVALID_FORMAT = 13
|
|
|
|
class FILE_STATUS_INFO(Structure):
|
|
_pack_ = 1
|
|
_fields_ = [
|
|
("OveralEvaluation", BYTE),
|
|
("EvaluationTerminatedByException", c_bool),
|
|
("FileIs64Bit", c_bool),
|
|
("FileIsDLL", c_bool),
|
|
("FileIsConsole", c_bool),
|
|
("MissingDependencies", c_bool),
|
|
("MissingDeclaredAPIs", c_bool),
|
|
("SignatureMZ", BYTE),
|
|
("SignaturePE", BYTE),
|
|
("EntryPoint", BYTE),
|
|
("ImageBase", BYTE),
|
|
("SizeOfImage", BYTE),
|
|
("FileAlignment", BYTE),
|
|
("SectionAlignment", BYTE),
|
|
("ExportTable", BYTE),
|
|
("RelocationTable", BYTE),
|
|
("ImportTable", BYTE),
|
|
("ImportTableSection", BYTE),
|
|
("ImportTableData", BYTE),
|
|
("IATTable", BYTE),
|
|
("TLSTable", BYTE),
|
|
("LoadConfigTable", BYTE),
|
|
("BoundImportTable", BYTE),
|
|
("COMHeaderTable", BYTE),
|
|
("ResourceTable", BYTE),
|
|
("ResourceData", BYTE),
|
|
("SectionTable", BYTE)
|
|
]
|
|
|
|
class FILE_FIX_INFO(Structure):
|
|
_pack_ = 1
|
|
_fields_ = [
|
|
("OveralEvaluation", BYTE),
|
|
("FixingTerminatedByException", c_bool),
|
|
("FileFixPerformed", c_bool),
|
|
("StrippedRelocation", c_bool),
|
|
("DontFixRelocations", c_bool),
|
|
("OriginalRelocationTableAddress", DWORD),
|
|
("OriginalRelocationTableSize", DWORD),
|
|
("StrippedExports", c_bool),
|
|
("DontFixExports", c_bool),
|
|
("OriginalExportTableAddress", DWORD),
|
|
("OriginalExportTableSize", DWORD),
|
|
("StrippedResources", c_bool),
|
|
("DontFixResources", c_bool),
|
|
("OriginalResourceTableAddress", DWORD),
|
|
("OriginalResourceTableSize", DWORD),
|
|
("StrippedTLS", c_bool),
|
|
("DontFixTLS", c_bool),
|
|
("OriginalTLSTableAddress", DWORD),
|
|
("OriginalTLSTableSize", DWORD),
|
|
("StrippedLoadConfig", c_bool),
|
|
("DontFixLoadConfig", c_bool),
|
|
("OriginalLoadConfigTableAddress", DWORD),
|
|
("OriginalLoadConfigTableSize", DWORD),
|
|
("StrippedBoundImports", c_bool),
|
|
("DontFixBoundImports", c_bool),
|
|
("OriginalBoundImportTableAddress", DWORD),
|
|
("OriginalBoundImportTableSize", DWORD),
|
|
("StrippedIAT", c_bool),
|
|
("DontFixIAT", c_bool),
|
|
("OriginalImportAddressTableAddress", DWORD),
|
|
("OriginalImportAddressTableSize", DWORD),
|
|
("StrippedCOM", c_bool),
|
|
("DontFixCOM", c_bool),
|
|
("OriginalCOMTableAddress", DWORD),
|
|
("OriginalCOMTableSize", DWORD)
|
|
]
|
|
|
|
class XmmRegister_t(Structure):
|
|
_pack_ = 1
|
|
_fields_ = [
|
|
("Low", ULONGLONG),
|
|
("High", LONGLONG)
|
|
]
|
|
|
|
class YmmRegister_t(Structure):
|
|
_pack_ = 1
|
|
_fields_ = [
|
|
("Low", XmmRegister_t),
|
|
("High", XmmRegister_t)
|
|
]
|
|
|
|
class x87FPURegister_t(Structure):
|
|
_pack_ = 1
|
|
_fields_ = [
|
|
("data", BYTE * 10),
|
|
("st_value", c_int),
|
|
("tag", c_int)
|
|
]
|
|
|
|
class x87FPU_t(Structure):
|
|
_pack_ = 1
|
|
_fields_ = [
|
|
("ControlWord", WORD),
|
|
("StatusWord", WORD),
|
|
("TagWord", WORD),
|
|
("ErrorOffset", DWORD),
|
|
("ErrorSelector", DWORD),
|
|
("DataOffset", DWORD),
|
|
("DataSelector", DWORD),
|
|
("Cr0NpxState", DWORD)
|
|
]
|
|
|
|
class TITAN_ENGINE_CONTEXT32_t(Structure):
|
|
_pack_ = 1
|
|
_fields_ = [
|
|
("cax", ULONG_PTR),
|
|
("ccx", ULONG_PTR),
|
|
("cdx", ULONG_PTR),
|
|
("cbx", ULONG_PTR),
|
|
("csp", ULONG_PTR),
|
|
("cbp", ULONG_PTR),
|
|
("csi", ULONG_PTR),
|
|
("cdi", ULONG_PTR),
|
|
("cip", ULONG_PTR),
|
|
("eflags", ULONG_PTR),
|
|
("gs", c_ushort),
|
|
("fs", c_ushort),
|
|
("es", c_ushort),
|
|
("ds", c_ushort),
|
|
("cs", c_ushort),
|
|
("ss", c_ushort),
|
|
("dr0", ULONG_PTR),
|
|
("dr1", ULONG_PTR),
|
|
("dr2", ULONG_PTR),
|
|
("dr3", ULONG_PTR),
|
|
("dr4", ULONG_PTR),
|
|
("dr5", ULONG_PTR),
|
|
("dr6", ULONG_PTR),
|
|
("dr7", ULONG_PTR),
|
|
("RegisterArea", BYTE * 80),
|
|
("x87fpu", x87FPU_t),
|
|
("MxCsr", DWORD),
|
|
("XmmRegisters", XmmRegister_t * 8),
|
|
("YmmRegisters", YmmRegister_t * 8)
|
|
]
|
|
|
|
class TITAN_ENGINE_CONTEXT64_t(Structure):
|
|
_pack_ = 1
|
|
_fields_ = [
|
|
("cax", ULONG_PTR),
|
|
("ccx", ULONG_PTR),
|
|
("cdx", ULONG_PTR),
|
|
("cbx", ULONG_PTR),
|
|
("csp", ULONG_PTR),
|
|
("cbp", ULONG_PTR),
|
|
("csi", ULONG_PTR),
|
|
("cdi", ULONG_PTR),
|
|
("r8", ULONG_PTR),
|
|
("r9", ULONG_PTR),
|
|
("r10", ULONG_PTR),
|
|
("r11", ULONG_PTR),
|
|
("r12", ULONG_PTR),
|
|
("r13", ULONG_PTR),
|
|
("r14", ULONG_PTR),
|
|
("r15", ULONG_PTR),
|
|
("cip", ULONG_PTR),
|
|
("eflags", ULONG_PTR),
|
|
("gs", c_ushort),
|
|
("fs", c_ushort),
|
|
("es", c_ushort),
|
|
("ds", c_ushort),
|
|
("cs", c_ushort),
|
|
("ss", c_ushort),
|
|
("dr0", ULONG_PTR),
|
|
("dr1", ULONG_PTR),
|
|
("dr2", ULONG_PTR),
|
|
("dr3", ULONG_PTR),
|
|
("dr4", ULONG_PTR),
|
|
("dr5", ULONG_PTR),
|
|
("dr6", ULONG_PTR),
|
|
("dr7", ULONG_PTR),
|
|
("RegisterArea", BYTE * 80),
|
|
("x87fpu", x87FPU_t),
|
|
("MxCsr", DWORD),
|
|
("XmmRegisters", XmmRegister_t * 16),
|
|
("YmmRegisters", YmmRegister_t * 16)
|
|
]
|
|
|
|
if _WIN64:
|
|
TITAN_ENGINE_CONTEXT_t = TITAN_ENGINE_CONTEXT64_t
|
|
else:
|
|
TITAN_ENGINE_CONTEXT_t = TITAN_ENGINE_CONTEXT32_t
|
|
|
|
class PROCESS_INFORMATION(Structure):
|
|
_pack_ = 1
|
|
_fields_ = [
|
|
("hProcess", HANDLE),
|
|
("hThread", HANDLE),
|
|
("dwProcessId", DWORD),
|
|
("dwThreadId", DWORD)
|
|
]
|
|
|
|
EXCEPTION_MAXIMUM_PARAMETERS = 15
|
|
|
|
class EXCEPTION_RECORD(Structure):
|
|
_pack_ = 1
|
|
|
|
EXCEPTION_RECORD._fields_ = [
|
|
("ExceptionCode", DWORD),
|
|
("ExceptionFlags", DWORD),
|
|
("ExceptionRecord", POINTER(EXCEPTION_RECORD)),
|
|
("ExceptionAddress", PVOID),
|
|
("NumberParameters", DWORD),
|
|
("ExceptionInformation", ULONG_PTR * EXCEPTION_MAXIMUM_PARAMETERS)
|
|
]
|
|
|
|
class EXCEPTION_DEBUG_INFO(Structure):
|
|
_pack_ = 1
|
|
_fields_ = [
|
|
("ExceptionRecord", EXCEPTION_RECORD),
|
|
("dwFirstChance", DWORD)
|
|
]
|
|
|
|
class CREATE_THREAD_DEBUG_INFO(Structure):
|
|
_pack_ = 1
|
|
_fields_ = [
|
|
("hThread", HANDLE),
|
|
("lpThreadLocalBase", LPVOID),
|
|
("lpStartAddress", LPTHREAD_START_ROUTINE)
|
|
]
|
|
|
|
class CREATE_PROCESS_DEBUG_INFO(Structure):
|
|
_pack_ = 1
|
|
_fields_ = [
|
|
("hFile", HANDLE),
|
|
("hProcess", HANDLE),
|
|
("hThread", HANDLE),
|
|
("lpBaseOfImage", LPVOID),
|
|
("dwDebugInfoFileOffset", DWORD),
|
|
("nDebugInfoSize", DWORD),
|
|
("lpThreadLocalBase", LPVOID),
|
|
("lpStartAddress", LPTHREAD_START_ROUTINE),
|
|
("lpImageName", LPVOID),
|
|
("fUnicode", WORD)
|
|
]
|
|
|
|
class EXIT_THREAD_DEBUG_INFO(Structure):
|
|
_pack_ = 1
|
|
_fields_ = [
|
|
("dwExitCode", DWORD)
|
|
]
|
|
|
|
class EXIT_PROCESS_DEBUG_INFO(Structure):
|
|
_pack_ = 1
|
|
_fields_ = [
|
|
("dwExitCode", DWORD)
|
|
]
|
|
|
|
class LOAD_DLL_DEBUG_INFO(Structure):
|
|
_pack_ = 1
|
|
_fields_ = [
|
|
("hFile", HANDLE),
|
|
("lpBaseOfDll", LPVOID),
|
|
("dwDebugInfoFileOffset", DWORD),
|
|
("nDebugInfoSize", DWORD),
|
|
("lpImageName", LPVOID),
|
|
("fUnicode", WORD)
|
|
]
|
|
|
|
class UNLOAD_DLL_DEBUG_INFO(Structure):
|
|
_pack_ = 1
|
|
_fields_ = [
|
|
("lpBaseOfDll", LPVOID)
|
|
]
|
|
|
|
class OUTPUT_DEBUG_STRING_INFO(Structure):
|
|
_pack_ = 1
|
|
_fields_ = [
|
|
("lpDebugStringData", LPSTR),
|
|
("fUnicode", WORD),
|
|
("nDebugStringLength", WORD)
|
|
]
|
|
|
|
class RIP_INFO(Structure):
|
|
_pack_ = 1
|
|
_fields_ = [
|
|
("dwError", DWORD),
|
|
("dwType", DWORD)
|
|
]
|
|
|
|
class _U(Union):
|
|
_pack_ = 1
|
|
_fields_ = [
|
|
("Exception", EXCEPTION_DEBUG_INFO),
|
|
("CreateThread", CREATE_THREAD_DEBUG_INFO),
|
|
("CreateProcessInfo", CREATE_PROCESS_DEBUG_INFO),
|
|
("ExitThread", EXIT_THREAD_DEBUG_INFO),
|
|
("ExitProcess", EXIT_PROCESS_DEBUG_INFO),
|
|
("LoadDll", LOAD_DLL_DEBUG_INFO),
|
|
("UnloadDll", UNLOAD_DLL_DEBUG_INFO),
|
|
("DebugString", OUTPUT_DEBUG_STRING_INFO),
|
|
("RipInfo", RIP_INFO)
|
|
]
|
|
|
|
class DEBUG_EVENT(Structure):
|
|
_pack_ = 1
|
|
_anonymous_ = ("u",)
|
|
_fields_ = [
|
|
("dwDebugEventCode", DWORD),
|
|
("dwProcessId", DWORD),
|
|
("dwThreadId", DWORD),
|
|
("u", _U)
|
|
]
|
|
|
|
class STARTUPINFOW(Structure):
|
|
_pack_ = 1
|
|
_fields_ = [
|
|
("cb", DWORD),
|
|
("lpReserved", LPWSTR),
|
|
("lpDesktop", LPWSTR),
|
|
("lpTitle", LPWSTR),
|
|
("dwX", DWORD),
|
|
("dwY", DWORD),
|
|
("dwXSize", DWORD),
|
|
("dwYSize", DWORD),
|
|
("dwXCountChars", DWORD),
|
|
("dwYCountChars", DWORD),
|
|
("dwFillAttribute", DWORD),
|
|
("dwFlags", DWORD),
|
|
("wShowWindow", WORD),
|
|
("cbReserved2", WORD),
|
|
("lpReserved2", LPBYTE),
|
|
("hStdInput", HANDLE),
|
|
("hStdOutput", HANDLE),
|
|
("hStdError", HANDLE)
|
|
]
|
|
|
|
fImportEnum = WINFUNCTYPE(None, POINTER(ImportEnumData))
|
|
fImportFix = WINFUNCTYPE(c_void_p, c_void_p)
|
|
fResourceEnum = WINFUNCTYPE(None, c_wchar_p, DWORD, c_wchar_p, DWORD, DWORD, DWORD, DWORD)
|
|
fThreadEnum = WINFUNCTYPE(None, POINTER(THREAD_ITEM_DATA))
|
|
fThreadExit = WINFUNCTYPE(None, POINTER(EXIT_THREAD_DEBUG_INFO))
|
|
fBreakPoint = WINFUNCTYPE(None)
|
|
fCustomHandler = WINFUNCTYPE(None, c_void_p)
|
|
fLibraryBreakPoint = WINFUNCTYPE(None, POINTER(LOAD_DLL_DEBUG_INFO))
|
|
fLibraryEnum = WINFUNCTYPE(None, POINTER(LIBRARY_ITEM_DATA))
|
|
fLibraryEnumW = WINFUNCTYPE(None, POINTER(LIBRARY_ITEM_DATAW))
|
|
fHookEnum = WINFUNCTYPE(c_bool, POINTER(HOOK_ENTRY), c_void_p, POINTER(LIBRARY_ITEM_DATA), DWORD)
|
|
fProcessWithLibraryEnum = WINFUNCTYPE(None, DWORD, HMODULE)
|
|
fStaticDecrypt = WINFUNCTYPE(c_bool, c_void_p, c_long)
|
|
fInitializeDbg = WINFUNCTYPE(None, c_char_p, c_ubyte, c_ubyte)
|
|
|
|
# Global.Function.Declaration:
|
|
# TitanEngine.Dumper.functions:
|
|
DumpProcess = WINFUNCTYPE(c_bool, HANDLE, LPVOID, c_char_p, ULONG_PTR)(TE.DumpProcess)
|
|
DumpProcessW = WINFUNCTYPE(c_bool, HANDLE, LPVOID, c_wchar_p, ULONG_PTR)(TE.DumpProcessW)
|
|
DumpProcessEx = WINFUNCTYPE(c_bool, DWORD, LPVOID, c_char_p, ULONG_PTR)(TE.DumpProcessEx)
|
|
DumpProcessExW = WINFUNCTYPE(c_bool, DWORD, LPVOID, c_wchar_p, ULONG_PTR)(TE.DumpProcessExW)
|
|
DumpMemory = WINFUNCTYPE(c_bool, HANDLE, LPVOID, ULONG_PTR, c_char_p)(TE.DumpMemory)
|
|
DumpMemoryW = WINFUNCTYPE(c_bool, HANDLE, LPVOID, ULONG_PTR, c_wchar_p)(TE.DumpMemoryW)
|
|
DumpMemoryEx = WINFUNCTYPE(c_bool, DWORD, LPVOID, ULONG_PTR, c_char_p)(TE.DumpMemoryEx)
|
|
DumpMemoryExW = WINFUNCTYPE(c_bool, DWORD, LPVOID, ULONG_PTR, c_wchar_p)(TE.DumpMemoryExW)
|
|
DumpRegions = WINFUNCTYPE(c_bool, HANDLE, c_char_p, c_bool)(TE.DumpRegions)
|
|
DumpRegionsW = WINFUNCTYPE(c_bool, HANDLE, c_wchar_p, c_bool)(TE.DumpRegionsW)
|
|
DumpRegionsEx = WINFUNCTYPE(c_bool, DWORD, c_char_p, c_bool)(TE.DumpRegionsEx)
|
|
DumpRegionsExW = WINFUNCTYPE(c_bool, DWORD, c_wchar_p, c_bool)(TE.DumpRegionsExW)
|
|
DumpModule = WINFUNCTYPE(c_bool, HANDLE, LPVOID, c_char_p)(TE.DumpModule)
|
|
DumpModuleW = WINFUNCTYPE(c_bool, HANDLE, LPVOID, c_wchar_p)(TE.DumpModuleW)
|
|
DumpModuleEx = WINFUNCTYPE(c_bool, DWORD, LPVOID, c_char_p)(TE.DumpModuleEx)
|
|
DumpModuleExW = WINFUNCTYPE(c_bool, DWORD, LPVOID, c_wchar_p)(TE.DumpModuleExW)
|
|
PastePEHeader = WINFUNCTYPE(c_bool, HANDLE, LPVOID, c_char_p)(TE.PastePEHeader)
|
|
PastePEHeaderW = WINFUNCTYPE(c_bool, HANDLE, LPVOID, c_wchar_p)(TE.PastePEHeaderW)
|
|
ExtractSection = WINFUNCTYPE(c_bool, c_char_p, c_char_p, DWORD)(TE.ExtractSection)
|
|
ExtractSectionW = WINFUNCTYPE(c_bool, c_wchar_p, c_wchar_p, DWORD)(TE.ExtractSectionW)
|
|
ResortFileSections = WINFUNCTYPE(c_bool, c_char_p)(TE.ResortFileSections)
|
|
ResortFileSectionsW = WINFUNCTYPE(c_bool, c_wchar_p)(TE.ResortFileSectionsW)
|
|
FindOverlay = WINFUNCTYPE(c_bool, c_char_p, LPDWORD, LPDWORD)(TE.FindOverlay)
|
|
FindOverlayW = WINFUNCTYPE(c_bool, c_wchar_p, LPDWORD, LPDWORD)(TE.FindOverlayW)
|
|
ExtractOverlay = WINFUNCTYPE(c_bool, c_char_p, c_char_p)(TE.ExtractOverlay)
|
|
ExtractOverlayW = WINFUNCTYPE(c_bool, c_wchar_p, c_wchar_p)(TE.ExtractOverlayW)
|
|
AddOverlay = WINFUNCTYPE(c_bool, c_char_p, c_char_p)(TE.AddOverlay)
|
|
AddOverlayW = WINFUNCTYPE(c_bool, c_wchar_p, c_wchar_p)(TE.AddOverlayW)
|
|
CopyOverlay = WINFUNCTYPE(c_bool, c_char_p, c_char_p)(TE.CopyOverlay)
|
|
CopyOverlayW = WINFUNCTYPE(c_bool, c_wchar_p, c_wchar_p)(TE.CopyOverlayW)
|
|
RemoveOverlay = WINFUNCTYPE(c_bool, c_char_p)(TE.RemoveOverlay)
|
|
RemoveOverlayW = WINFUNCTYPE(c_bool, c_wchar_p)(TE.RemoveOverlayW)
|
|
MakeAllSectionsRWE = WINFUNCTYPE(c_bool, c_char_p)(TE.MakeAllSectionsRWE)
|
|
MakeAllSectionsRWEW = WINFUNCTYPE(c_bool, c_wchar_p)(TE.MakeAllSectionsRWEW)
|
|
AddNewSectionEx = WINFUNCTYPE(c_long, c_char_p, c_char_p, DWORD, DWORD, LPVOID, DWORD)(TE.AddNewSectionEx)
|
|
AddNewSectionExW = WINFUNCTYPE(c_long, c_wchar_p, c_char_p, DWORD, DWORD, LPVOID, DWORD)(TE.AddNewSectionExW)
|
|
AddNewSection = WINFUNCTYPE(c_long, c_char_p, c_char_p, DWORD)(TE.AddNewSection)
|
|
AddNewSectionW = WINFUNCTYPE(c_long, c_wchar_p, c_char_p, DWORD)(TE.AddNewSectionW)
|
|
ResizeLastSection = WINFUNCTYPE(c_bool, c_char_p, DWORD, c_bool)(TE.ResizeLastSection)
|
|
ResizeLastSectionW = WINFUNCTYPE(c_bool, c_wchar_p, DWORD, c_bool)(TE.ResizeLastSectionW)
|
|
SetSharedOverlay = WINFUNCTYPE(None, c_char_p)(TE.SetSharedOverlay)
|
|
SetSharedOverlayW = WINFUNCTYPE(None, c_wchar_p)(TE.SetSharedOverlayW)
|
|
GetSharedOverlay = WINFUNCTYPE(c_char_p)(TE.GetSharedOverlay)
|
|
GetSharedOverlayW = WINFUNCTYPE(c_wchar_p)(TE.GetSharedOverlayW)
|
|
DeleteLastSection = WINFUNCTYPE(c_bool, c_char_p)(TE.DeleteLastSection)
|
|
DeleteLastSectionW = WINFUNCTYPE(c_bool, c_wchar_p)(TE.DeleteLastSectionW)
|
|
DeleteLastSectionEx = WINFUNCTYPE(c_bool, c_char_p, DWORD)(TE.DeleteLastSectionEx)
|
|
DeleteLastSectionExW = WINFUNCTYPE(c_bool, c_wchar_p, DWORD)(TE.DeleteLastSectionExW)
|
|
GetPE32DataFromMappedFile = WINFUNCTYPE(c_void_p, ULONG_PTR, DWORD, DWORD)(TE.GetPE32DataFromMappedFile)
|
|
GetPE32DataFromMappedFile.restype = ULONG_PTR
|
|
GetPE32Data = WINFUNCTYPE(c_void_p, c_char_p, DWORD, DWORD)(TE.GetPE32Data)
|
|
GetPE32Data.restype = ULONG_PTR
|
|
GetPE32DataW = WINFUNCTYPE(c_void_p, c_wchar_p, DWORD, DWORD)(TE.GetPE32DataW)
|
|
GetPE32DataW.restype = ULONG_PTR
|
|
GetPE32DataFromMappedFileEx = WINFUNCTYPE(c_bool, ULONG_PTR, LPVOID)(TE.GetPE32DataFromMappedFileEx)
|
|
GetPE32DataEx = WINFUNCTYPE(c_bool, c_char_p, LPVOID)(TE.GetPE32DataEx)
|
|
GetPE32DataExW = WINFUNCTYPE(c_bool, c_wchar_p, LPVOID)(TE.GetPE32DataExW)
|
|
SetPE32DataForMappedFile = WINFUNCTYPE(c_bool, ULONG_PTR, DWORD, DWORD, ULONG_PTR)(TE.SetPE32DataForMappedFile)
|
|
SetPE32Data = WINFUNCTYPE(c_bool, c_char_p, DWORD, DWORD, ULONG_PTR)(TE.SetPE32Data)
|
|
SetPE32DataW = WINFUNCTYPE(c_bool, c_wchar_p, DWORD, DWORD, ULONG_PTR)(TE.SetPE32DataW)
|
|
SetPE32DataForMappedFileEx = WINFUNCTYPE(c_bool, ULONG_PTR, LPVOID)(TE.SetPE32DataForMappedFileEx)
|
|
SetPE32DataEx = WINFUNCTYPE(c_bool, c_char_p, LPVOID)(TE.SetPE32DataEx)
|
|
SetPE32DataExW = WINFUNCTYPE(c_bool, c_wchar_p, LPVOID)(TE.SetPE32DataExW)
|
|
GetPE32SectionNumberFromVA = WINFUNCTYPE(c_long, ULONG_PTR, ULONG_PTR)(TE.GetPE32SectionNumberFromVA)
|
|
ConvertVAtoFileOffset = WINFUNCTYPE(c_void_p, ULONG_PTR, ULONG_PTR, c_bool)(TE.ConvertVAtoFileOffset)
|
|
ConvertVAtoFileOffset.restype = ULONG_PTR
|
|
ConvertVAtoFileOffsetEx = WINFUNCTYPE(c_void_p, ULONG_PTR, DWORD, ULONG_PTR, ULONG_PTR, c_bool, c_bool)(TE.ConvertVAtoFileOffsetEx)
|
|
ConvertVAtoFileOffsetEx.restype = ULONG_PTR
|
|
ConvertFileOffsetToVA = WINFUNCTYPE(c_void_p, ULONG_PTR, ULONG_PTR, c_bool)(TE.ConvertFileOffsetToVA)
|
|
ConvertFileOffsetToVA.restype = ULONG_PTR
|
|
ConvertFileOffsetToVAEx = WINFUNCTYPE(c_void_p, ULONG_PTR, DWORD, ULONG_PTR, ULONG_PTR, c_bool)(TE.ConvertFileOffsetToVAEx)
|
|
ConvertFileOffsetToVAEx.restype = ULONG_PTR
|
|
MemoryReadSafe = WINFUNCTYPE(c_bool, HANDLE, LPVOID, LPVOID, SIZE_T, POINTER(SIZE_T))(TE.MemoryReadSafe)
|
|
MemoryWriteSafe = WINFUNCTYPE(c_bool, HANDLE, LPVOID, LPCVOID, SIZE_T, POINTER(SIZE_T))(TE.MemoryWriteSafe)
|
|
|
|
# TitanEngine.Realigner.functions:
|
|
FixHeaderCheckSum = WINFUNCTYPE(c_bool, c_char_p)(TE.FixHeaderCheckSum)
|
|
FixHeaderCheckSumW = WINFUNCTYPE(c_bool, c_wchar_p)(TE.FixHeaderCheckSumW)
|
|
RealignPE = WINFUNCTYPE(c_long, ULONG_PTR, DWORD, DWORD)(TE.RealignPE)
|
|
RealignPEEx = WINFUNCTYPE(c_long, c_char_p, DWORD, DWORD)(TE.RealignPEEx)
|
|
RealignPEExW = WINFUNCTYPE(c_long, c_wchar_p, DWORD, DWORD)(TE.RealignPEExW)
|
|
WipeSection = WINFUNCTYPE(c_bool, c_char_p, c_int, c_bool)(TE.WipeSection)
|
|
WipeSectionW = WINFUNCTYPE(c_bool, c_wchar_p, c_int, c_bool)(TE.WipeSectionW)
|
|
IsPE32FileValidEx = WINFUNCTYPE(c_bool, c_char_p, DWORD, LPVOID)(TE.IsPE32FileValidEx)
|
|
IsPE32FileValidExW = WINFUNCTYPE(c_bool, c_wchar_p, DWORD, LPVOID)(TE.IsPE32FileValidExW)
|
|
FixBrokenPE32FileEx = WINFUNCTYPE(c_bool, c_char_p, LPVOID, LPVOID)(TE.FixBrokenPE32FileEx)
|
|
FixBrokenPE32FileExW = WINFUNCTYPE(c_bool, c_wchar_p, LPVOID, LPVOID)(TE.FixBrokenPE32FileExW)
|
|
IsFileDLL = WINFUNCTYPE(c_bool, c_char_p, ULONG_PTR)(TE.IsFileDLL)
|
|
IsFileDLLW = WINFUNCTYPE(c_bool, c_wchar_p, ULONG_PTR)(TE.IsFileDLLW)
|
|
|
|
# TitanEngine.Hider.functions:
|
|
GetPEBLocation = WINFUNCTYPE(c_void_p, HANDLE)(TE.GetPEBLocation)
|
|
GetPEBLocation64 = WINFUNCTYPE(c_void_p, HANDLE)(TE.GetPEBLocation64)
|
|
GetTEBLocation = WINFUNCTYPE(c_void_p, HANDLE)(TE.GetTEBLocation)
|
|
GetTEBLocation64 = WINFUNCTYPE(c_void_p, HANDLE)(TE.GetTEBLocation64)
|
|
HideDebugger = WINFUNCTYPE(c_bool, HANDLE, DWORD)(TE.HideDebugger)
|
|
UnHideDebugger = WINFUNCTYPE(c_bool, HANDLE, DWORD)(TE.UnHideDebugger)
|
|
|
|
# TitanEngine.Relocater.functions:
|
|
RelocaterCleanup = WINFUNCTYPE(None)(TE.RelocaterCleanup)
|
|
RelocaterInit = WINFUNCTYPE(None, DWORD, ULONG_PTR, ULONG_PTR)(TE.RelocaterInit)
|
|
RelocaterAddNewRelocation = WINFUNCTYPE(None, HANDLE, ULONG_PTR, DWORD)(TE.RelocaterAddNewRelocation)
|
|
RelocaterEstimatedSize = WINFUNCTYPE(c_long)(TE.RelocaterEstimatedSize)
|
|
RelocaterExportRelocation = WINFUNCTYPE(c_bool, ULONG_PTR, DWORD, ULONG_PTR)(TE.RelocaterExportRelocation)
|
|
RelocaterExportRelocationEx = WINFUNCTYPE(c_bool, c_char_p, c_char_p)(TE.RelocaterExportRelocationEx)
|
|
RelocaterExportRelocationExW = WINFUNCTYPE(c_bool, c_wchar_p, c_char_p)(TE.RelocaterExportRelocationExW)
|
|
RelocaterGrabRelocationTable = WINFUNCTYPE(c_bool, HANDLE, ULONG_PTR, DWORD)(TE.RelocaterGrabRelocationTable)
|
|
RelocaterGrabRelocationTableEx = WINFUNCTYPE(c_bool, HANDLE, ULONG_PTR, ULONG_PTR, DWORD)(TE.RelocaterGrabRelocationTableEx)
|
|
RelocaterMakeSnapshot = WINFUNCTYPE(c_bool, HANDLE, c_char_p, LPVOID, ULONG_PTR)(TE.RelocaterMakeSnapshot)
|
|
RelocaterMakeSnapshotW = WINFUNCTYPE(c_bool, HANDLE, c_wchar_p, LPVOID, ULONG_PTR)(TE.RelocaterMakeSnapshotW)
|
|
RelocaterCompareTwoSnapshots = WINFUNCTYPE(c_bool, HANDLE, ULONG_PTR, ULONG_PTR, c_char_p, c_char_p, ULONG_PTR)(TE.RelocaterCompareTwoSnapshots)
|
|
RelocaterCompareTwoSnapshotsW = WINFUNCTYPE(c_bool, HANDLE, ULONG_PTR, ULONG_PTR, c_wchar_p, c_wchar_p, ULONG_PTR)(TE.RelocaterCompareTwoSnapshotsW)
|
|
RelocaterChangeFileBase = WINFUNCTYPE(c_bool, c_char_p, ULONG_PTR)(TE.RelocaterChangeFileBase)
|
|
RelocaterChangeFileBaseW = WINFUNCTYPE(c_bool, c_wchar_p, ULONG_PTR)(TE.RelocaterChangeFileBaseW)
|
|
RelocaterRelocateMemoryBlock = WINFUNCTYPE(c_bool, ULONG_PTR, ULONG_PTR, c_void_p, DWORD, ULONG_PTR, ULONG_PTR)(TE.RelocaterRelocateMemoryBlock)
|
|
RelocaterWipeRelocationTable = WINFUNCTYPE(c_bool, c_char_p)(TE.RelocaterWipeRelocationTable)
|
|
RelocaterWipeRelocationTableW = WINFUNCTYPE(c_bool, c_wchar_p)(TE.RelocaterWipeRelocationTableW)
|
|
|
|
# TitanEngine.Resourcer.functions:
|
|
ResourcerLoadFileForResourceUse = WINFUNCTYPE(c_void_p, c_char_p)(TE.ResourcerLoadFileForResourceUse)
|
|
ResourcerLoadFileForResourceUse.restype = ULONG_PTR
|
|
ResourcerLoadFileForResourceUseW = WINFUNCTYPE(c_void_p, c_wchar_p)(TE.ResourcerLoadFileForResourceUseW)
|
|
ResourcerLoadFileForResourceUseW.restype = ULONG_PTR
|
|
ResourcerFreeLoadedFile = WINFUNCTYPE(c_bool, LPVOID)(TE.ResourcerFreeLoadedFile)
|
|
ResourcerExtractResourceFromFileEx = WINFUNCTYPE(c_bool, HMODULE, c_char_p, c_char_p, c_char_p)(TE.ResourcerExtractResourceFromFileEx)
|
|
ResourcerExtractResourceFromFile = WINFUNCTYPE(c_bool, c_char_p, c_char_p, c_char_p, c_char_p)(TE.ResourcerExtractResourceFromFile)
|
|
ResourcerExtractResourceFromFileW = WINFUNCTYPE(c_bool, c_wchar_p, c_char_p, c_char_p, c_char_p)(TE.ResourcerExtractResourceFromFileW)
|
|
ResourcerFindResource = WINFUNCTYPE(c_bool, c_char_p, c_char_p, DWORD, c_char_p, DWORD, DWORD, PULONG_PTR, LPDWORD)(TE.ResourcerFindResource)
|
|
ResourcerFindResourceW = WINFUNCTYPE(c_bool, c_wchar_p, c_wchar_p, DWORD, c_wchar_p, DWORD, DWORD, PULONG_PTR, LPDWORD)(TE.ResourcerFindResourceW)
|
|
ResourcerFindResourceEx = WINFUNCTYPE(c_bool, ULONG_PTR, DWORD, c_wchar_p, DWORD, c_wchar_p, DWORD, DWORD, PULONG_PTR, LPDWORD)(TE.ResourcerFindResourceEx)
|
|
ResourcerEnumerateResource = WINFUNCTYPE(None, c_char_p, c_void_p)(TE.ResourcerEnumerateResource)
|
|
ResourcerEnumerateResourceW = WINFUNCTYPE(None, c_wchar_p, c_void_p)(TE.ResourcerEnumerateResourceW)
|
|
ResourcerEnumerateResourceEx = WINFUNCTYPE(None, ULONG_PTR, DWORD, c_void_p)(TE.ResourcerEnumerateResourceEx)
|
|
|
|
# TitanEngine.Threader.functions:
|
|
ThreaderImportRunningThreadData = WINFUNCTYPE(c_bool, DWORD)(TE.ThreaderImportRunningThreadData)
|
|
ThreaderGetThreadInfo = WINFUNCTYPE(c_void_p, HANDLE, DWORD)(TE.ThreaderGetThreadInfo)
|
|
ThreaderGetThreadInfo.restype = POINTER(THREAD_ITEM_DATA)
|
|
ThreaderEnumThreadInfo = WINFUNCTYPE(None, c_void_p)(TE.ThreaderEnumThreadInfo)
|
|
ThreaderPauseThread = WINFUNCTYPE(c_bool, HANDLE)(TE.ThreaderPauseThread)
|
|
ThreaderResumeThread = WINFUNCTYPE(c_bool, HANDLE)(TE.ThreaderResumeThread)
|
|
ThreaderTerminateThread = WINFUNCTYPE(c_bool, HANDLE, DWORD)(TE.ThreaderTerminateThread)
|
|
ThreaderPauseAllThreads = WINFUNCTYPE(c_bool, c_bool)(TE.ThreaderPauseAllThreads)
|
|
ThreaderResumeAllThreads = WINFUNCTYPE(c_bool, c_bool)(TE.ThreaderResumeAllThreads)
|
|
ThreaderPauseProcess = WINFUNCTYPE(c_bool)(TE.ThreaderPauseProcess)
|
|
ThreaderResumeProcess = WINFUNCTYPE(c_bool)(TE.ThreaderResumeProcess)
|
|
ThreaderCreateRemoteThread = WINFUNCTYPE(c_void_p, ULONG_PTR, c_bool, LPVOID, LPDWORD)(TE.ThreaderCreateRemoteThread)
|
|
ThreaderCreateRemoteThread.restype = ULONG_PTR
|
|
ThreaderInjectAndExecuteCode = WINFUNCTYPE(c_bool, LPVOID, DWORD, DWORD)(TE.ThreaderInjectAndExecuteCode)
|
|
ThreaderCreateRemoteThreadEx = WINFUNCTYPE(c_void_p, HANDLE, ULONG_PTR, c_bool, LPVOID, LPDWORD)(TE.ThreaderCreateRemoteThreadEx)
|
|
ThreaderCreateRemoteThreadEx.restype = ULONG_PTR
|
|
ThreaderInjectAndExecuteCodeEx = WINFUNCTYPE(c_bool, HANDLE, LPVOID, DWORD, DWORD)(TE.ThreaderInjectAndExecuteCodeEx)
|
|
ThreaderSetCallBackForNextExitThreadEvent = WINFUNCTYPE(None, LPVOID)(TE.ThreaderSetCallBackForNextExitThreadEvent)
|
|
ThreaderIsThreadStillRunning = WINFUNCTYPE(c_bool, HANDLE)(TE.ThreaderIsThreadStillRunning)
|
|
ThreaderIsThreadActive = WINFUNCTYPE(c_bool, HANDLE)(TE.ThreaderIsThreadActive)
|
|
ThreaderIsAnyThreadActive = WINFUNCTYPE(c_bool)(TE.ThreaderIsAnyThreadActive)
|
|
ThreaderExecuteOnlyInjectedThreads = WINFUNCTYPE(c_bool)(TE.ThreaderExecuteOnlyInjectedThreads)
|
|
ThreaderGetOpenHandleForThread = WINFUNCTYPE(c_void_p, DWORD)(TE.ThreaderGetOpenHandleForThread)
|
|
ThreaderGetOpenHandleForThread.restype = ULONG_PTR
|
|
ThreaderIsExceptionInMainThread = WINFUNCTYPE(c_bool)(TE.ThreaderIsExceptionInMainThread)
|
|
|
|
# TitanEngine.Debugger.functions:
|
|
StaticDisassembleEx = WINFUNCTYPE(c_void_p, ULONG_PTR, LPVOID)(TE.StaticDisassembleEx)
|
|
StaticDisassemble = WINFUNCTYPE(c_void_p, LPVOID)(TE.StaticDisassemble)
|
|
DisassembleEx = WINFUNCTYPE(c_void_p, HANDLE, LPVOID, c_bool)(TE.DisassembleEx)
|
|
Disassemble = WINFUNCTYPE(c_void_p, LPVOID)(TE.Disassemble)
|
|
StaticLengthDisassemble = WINFUNCTYPE(c_long, LPVOID)(TE.StaticLengthDisassemble)
|
|
LengthDisassembleEx = WINFUNCTYPE(c_long, HANDLE, LPVOID)(TE.LengthDisassembleEx)
|
|
LengthDisassemble = WINFUNCTYPE(c_long, LPVOID)(TE.LengthDisassemble)
|
|
InitDebug = WINFUNCTYPE(c_void_p, c_char_p, c_char_p, c_char_p)(TE.InitDebug)
|
|
InitDebug.restype = POINTER(PROCESS_INFORMATION)
|
|
InitDebugW = WINFUNCTYPE(c_void_p, c_wchar_p, c_wchar_p, c_wchar_p)(TE.InitDebugW)
|
|
InitDebugW.restype = POINTER(PROCESS_INFORMATION)
|
|
InitNativeDebug = WINFUNCTYPE(c_void_p, c_char_p, c_char_p, c_char_p)(TE.InitNativeDebug)
|
|
InitNativeDebug.restype = POINTER(PROCESS_INFORMATION)
|
|
InitNativeDebugW = WINFUNCTYPE(c_void_p, c_wchar_p, c_wchar_p, c_wchar_p)(TE.InitNativeDebugW)
|
|
InitNativeDebugW.restype = POINTER(PROCESS_INFORMATION)
|
|
InitDebugEx = WINFUNCTYPE(c_void_p, c_char_p, c_char_p, c_char_p, LPVOID)(TE.InitDebugEx)
|
|
InitDebugEx.restype = POINTER(PROCESS_INFORMATION)
|
|
InitDebugExW = WINFUNCTYPE(c_void_p, c_wchar_p, c_wchar_p, c_wchar_p, LPVOID)(TE.InitDebugExW)
|
|
InitDebugExW.restype = POINTER(PROCESS_INFORMATION)
|
|
InitDLLDebug = WINFUNCTYPE(c_void_p, c_char_p, c_bool, c_char_p, c_char_p, LPVOID)(TE.InitDLLDebug)
|
|
InitDLLDebug.restype = POINTER(PROCESS_INFORMATION)
|
|
InitDLLDebugW = WINFUNCTYPE(c_void_p, c_wchar_p, c_bool, c_wchar_p, c_wchar_p, LPVOID)(TE.InitDLLDebugW)
|
|
InitDLLDebugW.restype = POINTER(PROCESS_INFORMATION)
|
|
StopDebug = WINFUNCTYPE(c_bool)(TE.StopDebug)
|
|
SetBPXOptions = WINFUNCTYPE(None, c_long)(TE.SetBPXOptions)
|
|
IsBPXEnabled = WINFUNCTYPE(c_bool, ULONG_PTR)(TE.IsBPXEnabled)
|
|
EnableBPX = WINFUNCTYPE(c_bool, ULONG_PTR)(TE.EnableBPX)
|
|
DisableBPX = WINFUNCTYPE(c_bool, ULONG_PTR)(TE.DisableBPX)
|
|
SetBPX = WINFUNCTYPE(c_bool, ULONG_PTR, DWORD, LPVOID)(TE.SetBPX)
|
|
DeleteBPX = WINFUNCTYPE(c_bool, ULONG_PTR)(TE.DeleteBPX)
|
|
SafeDeleteBPX = WINFUNCTYPE(c_bool, ULONG_PTR)(TE.SafeDeleteBPX)
|
|
SetAPIBreakPoint = WINFUNCTYPE(c_bool, c_char_p, c_char_p, DWORD, DWORD, LPVOID)(TE.SetAPIBreakPoint)
|
|
DeleteAPIBreakPoint = WINFUNCTYPE(c_bool, c_char_p, c_char_p, DWORD)(TE.DeleteAPIBreakPoint)
|
|
SafeDeleteAPIBreakPoint = WINFUNCTYPE(c_bool, c_char_p, c_char_p, DWORD)(TE.SafeDeleteAPIBreakPoint)
|
|
SetMemoryBPX = WINFUNCTYPE(c_bool, ULONG_PTR, SIZE_T, LPVOID)(TE.SetMemoryBPX)
|
|
SetMemoryBPXEx = WINFUNCTYPE(c_bool, ULONG_PTR, SIZE_T, DWORD, c_bool, LPVOID)(TE.SetMemoryBPXEx)
|
|
RemoveMemoryBPX = WINFUNCTYPE(c_bool, ULONG_PTR, SIZE_T)(TE.RemoveMemoryBPX)
|
|
GetContextFPUDataEx = WINFUNCTYPE(c_bool, HANDLE, c_void_p)(TE.GetContextFPUDataEx)
|
|
Getx87FPURegisters = WINFUNCTYPE(None, x87FPURegister_t, POINTER(TITAN_ENGINE_CONTEXT_t))(TE.Getx87FPURegisters)
|
|
GetMMXRegisters = WINFUNCTYPE(None, c_ulonglong, POINTER(TITAN_ENGINE_CONTEXT_t))(TE.GetMMXRegisters)
|
|
GetFullContextDataEx = WINFUNCTYPE(c_bool, HANDLE, POINTER(TITAN_ENGINE_CONTEXT_t))(TE.GetFullContextDataEx)
|
|
SetFullContextDataEx = WINFUNCTYPE(c_bool, HANDLE, POINTER(TITAN_ENGINE_CONTEXT_t))(TE.SetFullContextDataEx)
|
|
GetContextDataEx = WINFUNCTYPE(c_void_p, HANDLE, DWORD)(TE.GetContextDataEx)
|
|
GetContextDataEx.restype = ULONG_PTR
|
|
GetContextData = WINFUNCTYPE(c_void_p, DWORD)(TE.GetContextData)
|
|
GetContextData.restype = ULONG_PTR
|
|
SetContextFPUDataEx = WINFUNCTYPE(c_bool, HANDLE, c_void_p)(TE.SetContextFPUDataEx)
|
|
SetContextDataEx = WINFUNCTYPE(c_bool, HANDLE, DWORD, ULONG_PTR)(TE.SetContextDataEx)
|
|
SetContextData = WINFUNCTYPE(c_bool, DWORD, ULONG_PTR)(TE.SetContextData)
|
|
GetAVXContext = WINFUNCTYPE(c_bool, HANDLE, POINTER(TITAN_ENGINE_CONTEXT_t))(TE.GetAVXContext)
|
|
SetAVXContext = WINFUNCTYPE(c_bool, HANDLE, POINTER(TITAN_ENGINE_CONTEXT_t))(TE.SetAVXContext)
|
|
ClearExceptionNumber = WINFUNCTYPE(None)(TE.ClearExceptionNumber)
|
|
CurrentExceptionNumber = WINFUNCTYPE(c_long)(TE.CurrentExceptionNumber)
|
|
MatchPatternEx = WINFUNCTYPE(c_bool, HANDLE, c_void_p, c_int, c_void_p, c_int, PBYTE)(TE.MatchPatternEx)
|
|
MatchPattern = WINFUNCTYPE(c_bool, c_void_p, c_int, c_void_p, c_int, PBYTE)(TE.MatchPattern)
|
|
FindEx = WINFUNCTYPE(c_void_p, HANDLE, LPVOID, DWORD, LPVOID, DWORD, LPBYTE)(TE.FindEx)
|
|
FindEx.restype = ULONG_PTR
|
|
FillEx = WINFUNCTYPE(c_bool, HANDLE, LPVOID, DWORD, PBYTE)(TE.FillEx)
|
|
Fill = WINFUNCTYPE(c_bool, LPVOID, DWORD, PBYTE)(TE.Fill)
|
|
PatchEx = WINFUNCTYPE(c_bool, HANDLE, LPVOID, DWORD, LPVOID, DWORD, c_bool, c_bool)(TE.PatchEx)
|
|
Patch = WINFUNCTYPE(c_bool, LPVOID, DWORD, LPVOID, DWORD, c_bool, c_bool)(TE.Patch)
|
|
ReplaceEx = WINFUNCTYPE(c_bool, HANDLE, LPVOID, DWORD, LPVOID, DWORD, DWORD, LPVOID, DWORD, PBYTE)(TE.ReplaceEx)
|
|
Replace = WINFUNCTYPE(c_bool, LPVOID, DWORD, LPVOID, DWORD, DWORD, LPVOID, DWORD, PBYTE)(TE.Replace)
|
|
GetDebugData = WINFUNCTYPE(c_void_p)(TE.GetDebugData)
|
|
GetDebugData.restype = POINTER(DEBUG_EVENT)
|
|
GetTerminationData = WINFUNCTYPE(c_void_p)(TE.GetTerminationData)
|
|
GetTerminationData.restype = POINTER(DEBUG_EVENT)
|
|
GetExitCode = WINFUNCTYPE(c_long)(TE.GetExitCode)
|
|
GetDebuggedDLLBaseAddress = WINFUNCTYPE(c_void_p)(TE.GetDebuggedDLLBaseAddress)
|
|
GetDebuggedDLLBaseAddress.restype = ULONG_PTR
|
|
GetDebuggedFileBaseAddress = WINFUNCTYPE(c_void_p)(TE.GetDebuggedFileBaseAddress)
|
|
GetDebuggedFileBaseAddress.restype = ULONG_PTR
|
|
GetRemoteString = WINFUNCTYPE(c_bool, HANDLE, LPVOID, LPVOID, c_int)(TE.GetRemoteString)
|
|
GetFunctionParameter = WINFUNCTYPE(c_void_p, HANDLE, DWORD, DWORD, DWORD)(TE.GetFunctionParameter)
|
|
GetFunctionParameter.restype = ULONG_PTR
|
|
GetJumpDestinationEx = WINFUNCTYPE(c_void_p, HANDLE, ULONG_PTR, c_bool)(TE.GetJumpDestinationEx)
|
|
GetJumpDestinationEx.restype = ULONG_PTR
|
|
GetJumpDestination = WINFUNCTYPE(c_void_p, HANDLE, ULONG_PTR)(TE.GetJumpDestination)
|
|
GetJumpDestination.restype = ULONG_PTR
|
|
IsJumpGoingToExecuteEx = WINFUNCTYPE(c_bool, HANDLE, HANDLE, ULONG_PTR, ULONG_PTR)(TE.IsJumpGoingToExecuteEx)
|
|
IsJumpGoingToExecute = WINFUNCTYPE(c_bool)(TE.IsJumpGoingToExecute)
|
|
SetCustomHandler = WINFUNCTYPE(None, DWORD, LPVOID)(TE.SetCustomHandler)
|
|
ForceClose = WINFUNCTYPE(None)(TE.ForceClose)
|
|
StepInto = WINFUNCTYPE(None, LPVOID)(TE.StepInto)
|
|
StepOver = WINFUNCTYPE(None, LPVOID)(TE.StepOver)
|
|
StepOut = WINFUNCTYPE(None, LPVOID, c_bool)(TE.StepOut)
|
|
SingleStep = WINFUNCTYPE(None, DWORD, LPVOID)(TE.SingleStep)
|
|
GetUnusedHardwareBreakPointRegister = WINFUNCTYPE(c_bool, LPDWORD)(TE.GetUnusedHardwareBreakPointRegister)
|
|
SetHardwareBreakPointEx = WINFUNCTYPE(c_bool, HANDLE, ULONG_PTR, DWORD, DWORD, DWORD, LPVOID, LPDWORD)(TE.SetHardwareBreakPointEx)
|
|
SetHardwareBreakPoint = WINFUNCTYPE(c_bool, ULONG_PTR, DWORD, DWORD, DWORD, LPVOID)(TE.SetHardwareBreakPoint)
|
|
DeleteHardwareBreakPoint = WINFUNCTYPE(c_bool, DWORD)(TE.DeleteHardwareBreakPoint)
|
|
RemoveAllBreakPoints = WINFUNCTYPE(c_bool, DWORD)(TE.RemoveAllBreakPoints)
|
|
TitanGetProcessInformation = WINFUNCTYPE(c_void_p)(TE.TitanGetProcessInformation)
|
|
TitanGetProcessInformation.restype = POINTER(PROCESS_INFORMATION)
|
|
TitanGetStartupInformation = WINFUNCTYPE(c_void_p)(TE.TitanGetStartupInformation)
|
|
TitanGetStartupInformation.restype = POINTER(STARTUPINFOW)
|
|
DebugLoop = WINFUNCTYPE(None)(TE.DebugLoop)
|
|
SetDebugLoopTimeOut = WINFUNCTYPE(None, DWORD)(TE.SetDebugLoopTimeOut)
|
|
SetNextDbgContinueStatus = WINFUNCTYPE(None, DWORD)(TE.SetNextDbgContinueStatus)
|
|
AttachDebugger = WINFUNCTYPE(c_bool, DWORD, c_bool, LPVOID, LPVOID)(TE.AttachDebugger)
|
|
DetachDebugger = WINFUNCTYPE(c_bool, DWORD)(TE.DetachDebugger)
|
|
DetachDebuggerEx = WINFUNCTYPE(c_bool, DWORD)(TE.DetachDebuggerEx)
|
|
DebugLoopEx = WINFUNCTYPE(None, DWORD)(TE.DebugLoopEx)
|
|
AutoDebugEx = WINFUNCTYPE(None, c_char_p, c_bool, c_char_p, c_char_p, DWORD, LPVOID)(TE.AutoDebugEx)
|
|
AutoDebugExW = WINFUNCTYPE(None, c_wchar_p, c_bool, c_wchar_p, c_wchar_p, DWORD, LPVOID)(TE.AutoDebugExW)
|
|
IsFileBeingDebugged = WINFUNCTYPE(c_bool)(TE.IsFileBeingDebugged)
|
|
SetErrorModel = WINFUNCTYPE(None, c_bool)(TE.SetErrorModel)
|
|
|
|
# TitanEngine.FindOEP.functions:
|
|
FindOEPInit = WINFUNCTYPE(None)(TE.FindOEPInit)
|
|
FindOEPGenerically = WINFUNCTYPE(c_bool, c_char_p, LPVOID, LPVOID)(TE.FindOEPGenerically)
|
|
FindOEPGenericallyW = WINFUNCTYPE(c_bool, c_wchar_p, LPVOID, LPVOID)(TE.FindOEPGenericallyW)
|
|
|
|
# TitanEngine.Importer.functions:
|
|
ImporterAddNewDll = WINFUNCTYPE(None, c_char_p, ULONG_PTR)(TE.ImporterAddNewDll)
|
|
ImporterAddNewAPI = WINFUNCTYPE(None, c_char_p, ULONG_PTR)(TE.ImporterAddNewAPI)
|
|
ImporterAddNewOrdinalAPI = WINFUNCTYPE(None, ULONG_PTR, ULONG_PTR)(TE.ImporterAddNewOrdinalAPI)
|
|
ImporterGetAddedDllCount = WINFUNCTYPE(c_long)(TE.ImporterGetAddedDllCount)
|
|
ImporterGetAddedAPICount = WINFUNCTYPE(c_long)(TE.ImporterGetAddedAPICount)
|
|
ImporterExportIAT = WINFUNCTYPE(c_bool, ULONG_PTR, ULONG_PTR, HANDLE)(TE.ImporterExportIAT)
|
|
ImporterEstimatedSize = WINFUNCTYPE(c_long)(TE.ImporterEstimatedSize)
|
|
ImporterExportIATEx = WINFUNCTYPE(c_bool, c_char_p, c_char_p, c_char_p)(TE.ImporterExportIATEx)
|
|
ImporterExportIATExW = WINFUNCTYPE(c_bool, c_wchar_p, c_wchar_p, c_wchar_p)(TE.ImporterExportIATExW)
|
|
ImporterFindAPIWriteLocation = WINFUNCTYPE(c_void_p, c_char_p)(TE.ImporterFindAPIWriteLocation)
|
|
ImporterFindAPIWriteLocation.restype = ULONG_PTR
|
|
ImporterFindOrdinalAPIWriteLocation = WINFUNCTYPE(c_void_p, ULONG_PTR)(TE.ImporterFindOrdinalAPIWriteLocation)
|
|
ImporterFindOrdinalAPIWriteLocation.restype = ULONG_PTR
|
|
ImporterFindAPIByWriteLocation = WINFUNCTYPE(c_void_p, ULONG_PTR)(TE.ImporterFindAPIByWriteLocation)
|
|
ImporterFindAPIByWriteLocation.restype = ULONG_PTR
|
|
ImporterFindDLLByWriteLocation = WINFUNCTYPE(c_void_p, ULONG_PTR)(TE.ImporterFindDLLByWriteLocation)
|
|
ImporterFindDLLByWriteLocation.restype = ULONG_PTR
|
|
ImporterGetDLLName = WINFUNCTYPE(c_void_p, ULONG_PTR)(TE.ImporterGetDLLName)
|
|
ImporterGetDLLNameW = WINFUNCTYPE(c_void_p, ULONG_PTR)(TE.ImporterGetDLLNameW)
|
|
ImporterGetAPIName = WINFUNCTYPE(c_void_p, ULONG_PTR)(TE.ImporterGetAPIName)
|
|
ImporterGetAPIOrdinalNumber = WINFUNCTYPE(c_void_p, ULONG_PTR)(TE.ImporterGetAPIOrdinalNumber)
|
|
ImporterGetAPIOrdinalNumber.restype = ULONG_PTR
|
|
ImporterGetAPINameEx = WINFUNCTYPE(c_void_p, ULONG_PTR, ULONG_PTR)(TE.ImporterGetAPINameEx)
|
|
ImporterGetRemoteAPIAddress = WINFUNCTYPE(c_void_p, HANDLE, ULONG_PTR)(TE.ImporterGetRemoteAPIAddress)
|
|
ImporterGetRemoteAPIAddress.restype = ULONG_PTR
|
|
ImporterGetRemoteAPIAddressEx = WINFUNCTYPE(c_void_p, c_char_p, c_char_p)(TE.ImporterGetRemoteAPIAddressEx)
|
|
ImporterGetRemoteAPIAddressEx.restype = ULONG_PTR
|
|
ImporterGetLocalAPIAddress = WINFUNCTYPE(c_void_p, HANDLE, ULONG_PTR)(TE.ImporterGetLocalAPIAddress)
|
|
ImporterGetLocalAPIAddress.restype = ULONG_PTR
|
|
ImporterGetDLLNameFromDebugee = WINFUNCTYPE(c_void_p, HANDLE, ULONG_PTR)(TE.ImporterGetDLLNameFromDebugee)
|
|
ImporterGetDLLNameFromDebugeeW = WINFUNCTYPE(c_void_p, HANDLE, ULONG_PTR)(TE.ImporterGetDLLNameFromDebugeeW)
|
|
ImporterGetAPINameFromDebugee = WINFUNCTYPE(c_void_p, HANDLE, ULONG_PTR)(TE.ImporterGetAPINameFromDebugee)
|
|
ImporterGetAPIOrdinalNumberFromDebugee = WINFUNCTYPE(c_void_p, HANDLE, ULONG_PTR)(TE.ImporterGetAPIOrdinalNumberFromDebugee)
|
|
ImporterGetAPIOrdinalNumberFromDebugee.restype = ULONG_PTR
|
|
ImporterGetDLLIndexEx = WINFUNCTYPE(c_long, ULONG_PTR, ULONG_PTR)(TE.ImporterGetDLLIndexEx)
|
|
ImporterGetDLLIndex = WINFUNCTYPE(c_long, HANDLE, ULONG_PTR, ULONG_PTR)(TE.ImporterGetDLLIndex)
|
|
ImporterGetRemoteDLLBase = WINFUNCTYPE(c_void_p, HANDLE, HMODULE)(TE.ImporterGetRemoteDLLBase)
|
|
ImporterGetRemoteDLLBase.restype = ULONG_PTR
|
|
ImporterGetRemoteDLLBaseEx = WINFUNCTYPE(c_void_p, HANDLE, c_char_p)(TE.ImporterGetRemoteDLLBaseEx)
|
|
ImporterGetRemoteDLLBaseEx.restype = ULONG_PTR
|
|
ImporterGetRemoteDLLBaseExW = WINFUNCTYPE(c_void_p, HANDLE, c_wchar_p)(TE.ImporterGetRemoteDLLBaseExW)
|
|
ImporterIsForwardedAPI = WINFUNCTYPE(c_bool, HANDLE, ULONG_PTR)(TE.ImporterIsForwardedAPI)
|
|
ImporterGetForwardedAPIName = WINFUNCTYPE(c_void_p, HANDLE, ULONG_PTR)(TE.ImporterGetForwardedAPIName)
|
|
ImporterGetForwardedDLLName = WINFUNCTYPE(c_void_p, HANDLE, ULONG_PTR)(TE.ImporterGetForwardedDLLName)
|
|
ImporterGetForwardedDLLIndex = WINFUNCTYPE(c_long, HANDLE, ULONG_PTR, ULONG_PTR)(TE.ImporterGetForwardedDLLIndex)
|
|
ImporterGetForwardedAPIOrdinalNumber = WINFUNCTYPE(c_void_p, HANDLE, ULONG_PTR)(TE.ImporterGetForwardedAPIOrdinalNumber)
|
|
ImporterGetForwardedAPIOrdinalNumber.restype = ULONG_PTR
|
|
ImporterGetNearestAPIAddress = WINFUNCTYPE(c_void_p, HANDLE, ULONG_PTR)(TE.ImporterGetNearestAPIAddress)
|
|
ImporterGetNearestAPIAddress.restype = ULONG_PTR
|
|
ImporterGetNearestAPIName = WINFUNCTYPE(c_void_p, HANDLE, ULONG_PTR)(TE.ImporterGetNearestAPIName)
|
|
ImporterCopyOriginalIAT = WINFUNCTYPE(c_bool, c_char_p, c_char_p)(TE.ImporterCopyOriginalIAT)
|
|
ImporterCopyOriginalIATW = WINFUNCTYPE(c_bool, c_wchar_p, c_wchar_p)(TE.ImporterCopyOriginalIATW)
|
|
ImporterLoadImportTable = WINFUNCTYPE(c_bool, c_char_p)(TE.ImporterLoadImportTable)
|
|
ImporterLoadImportTableW = WINFUNCTYPE(c_bool, c_wchar_p)(TE.ImporterLoadImportTableW)
|
|
ImporterMoveOriginalIAT = WINFUNCTYPE(c_bool, c_char_p, c_char_p, c_char_p)(TE.ImporterMoveOriginalIAT)
|
|
ImporterMoveOriginalIATW = WINFUNCTYPE(c_bool, c_wchar_p, c_wchar_p, c_char_p)(TE.ImporterMoveOriginalIATW)
|
|
ImporterAutoSearchIAT = WINFUNCTYPE(None, DWORD, c_char_p, ULONG_PTR, LPVOID, LPVOID)(TE.ImporterAutoSearchIAT)
|
|
ImporterAutoSearchIATW = WINFUNCTYPE(None, DWORD, c_wchar_p, ULONG_PTR, LPVOID, LPVOID)(TE.ImporterAutoSearchIATW)
|
|
ImporterAutoSearchIATEx = WINFUNCTYPE(None, DWORD, ULONG_PTR, ULONG_PTR, LPVOID, LPVOID)(TE.ImporterAutoSearchIATEx)
|
|
ImporterEnumAddedData = WINFUNCTYPE(None, LPVOID)(TE.ImporterEnumAddedData)
|
|
ImporterAutoFixIATEx = WINFUNCTYPE(c_long, DWORD, c_char_p, c_char_p, c_bool, c_bool, ULONG_PTR, ULONG_PTR, ULONG_PTR, c_bool, c_bool, LPVOID)(TE.ImporterAutoFixIATEx)
|
|
ImporterAutoFixIATExW = WINFUNCTYPE(c_long, DWORD, c_wchar_p, c_wchar_p, c_bool, c_bool, ULONG_PTR, ULONG_PTR, ULONG_PTR, c_bool, c_bool, LPVOID)(TE.ImporterAutoFixIATExW)
|
|
ImporterAutoFixIAT = WINFUNCTYPE(c_long, DWORD, c_char_p, ULONG_PTR)(TE.ImporterAutoFixIAT)
|
|
ImporterAutoFixIATW = WINFUNCTYPE(c_long, DWORD, c_wchar_p, ULONG_PTR)(TE.ImporterAutoFixIATW)
|
|
ImporterDeleteAPI = WINFUNCTYPE(c_bool, DWORD_PTR)(TE.ImporterDeleteAPI)
|
|
|
|
# Global.Engine.Hook.functions:
|
|
HooksSafeTransitionEx = WINFUNCTYPE(c_bool, LPVOID, c_int, c_bool)(TE.HooksSafeTransitionEx)
|
|
HooksSafeTransition = WINFUNCTYPE(c_bool, LPVOID, c_bool)(TE.HooksSafeTransition)
|
|
HooksIsAddressRedirected = WINFUNCTYPE(c_bool, LPVOID)(TE.HooksIsAddressRedirected)
|
|
HooksGetTrampolineAddress = WINFUNCTYPE(c_void_p, LPVOID)(TE.HooksGetTrampolineAddress)
|
|
HooksGetHookEntryDetails = WINFUNCTYPE(c_void_p, LPVOID)(TE.HooksGetHookEntryDetails)
|
|
HooksGetHookEntryDetails.restype = POINTER(HOOK_ENTRY)
|
|
HooksInsertNewRedirection = WINFUNCTYPE(c_bool, LPVOID, LPVOID, c_int)(TE.HooksInsertNewRedirection)
|
|
HooksInsertNewIATRedirectionEx = WINFUNCTYPE(c_bool, ULONG_PTR, ULONG_PTR, c_char_p, LPVOID)(TE.HooksInsertNewIATRedirectionEx)
|
|
HooksInsertNewIATRedirection = WINFUNCTYPE(c_bool, c_char_p, c_char_p, LPVOID)(TE.HooksInsertNewIATRedirection)
|
|
HooksRemoveRedirection = WINFUNCTYPE(c_bool, LPVOID, c_bool)(TE.HooksRemoveRedirection)
|
|
HooksRemoveRedirectionsForModule = WINFUNCTYPE(c_bool, HMODULE)(TE.HooksRemoveRedirectionsForModule)
|
|
HooksRemoveIATRedirection = WINFUNCTYPE(c_bool, c_char_p, c_char_p, c_bool)(TE.HooksRemoveIATRedirection)
|
|
HooksDisableRedirection = WINFUNCTYPE(c_bool, LPVOID, c_bool)(TE.HooksDisableRedirection)
|
|
HooksDisableRedirectionsForModule = WINFUNCTYPE(c_bool, HMODULE)(TE.HooksDisableRedirectionsForModule)
|
|
HooksDisableIATRedirection = WINFUNCTYPE(c_bool, c_char_p, c_char_p, c_bool)(TE.HooksDisableIATRedirection)
|
|
HooksEnableRedirection = WINFUNCTYPE(c_bool, LPVOID, c_bool)(TE.HooksEnableRedirection)
|
|
HooksEnableRedirectionsForModule = WINFUNCTYPE(c_bool, HMODULE)(TE.HooksEnableRedirectionsForModule)
|
|
HooksEnableIATRedirection = WINFUNCTYPE(c_bool, c_char_p, c_char_p, c_bool)(TE.HooksEnableIATRedirection)
|
|
HooksScanModuleMemory = WINFUNCTYPE(None, HMODULE, LPVOID)(TE.HooksScanModuleMemory)
|
|
HooksScanEntireProcessMemory = WINFUNCTYPE(None, LPVOID)(TE.HooksScanEntireProcessMemory)
|
|
HooksScanEntireProcessMemoryEx = WINFUNCTYPE(None)(TE.HooksScanEntireProcessMemoryEx)
|
|
|
|
# TitanEngine.Tracer.functions:
|
|
TracerInit = WINFUNCTYPE(None)(TE.TracerInit)
|
|
TracerLevel1 = WINFUNCTYPE(c_void_p, HANDLE, ULONG_PTR)(TE.TracerLevel1)
|
|
TracerLevel1.restype = ULONG_PTR
|
|
HashTracerLevel1 = WINFUNCTYPE(c_void_p, HANDLE, ULONG_PTR, DWORD)(TE.HashTracerLevel1)
|
|
HashTracerLevel1.restype = ULONG_PTR
|
|
TracerDetectRedirection = WINFUNCTYPE(c_long, HANDLE, ULONG_PTR)(TE.TracerDetectRedirection)
|
|
TracerFixKnownRedirection = WINFUNCTYPE(c_void_p, HANDLE, ULONG_PTR, DWORD)(TE.TracerFixKnownRedirection)
|
|
TracerFixKnownRedirection.restype = ULONG_PTR
|
|
TracerFixRedirectionViaImpRecPlugin = WINFUNCTYPE(c_long, HANDLE, c_char_p, ULONG_PTR)(TE.TracerFixRedirectionViaImpRecPlugin)
|
|
|
|
# TitanEngine.Exporter.functions:
|
|
ExporterCleanup = WINFUNCTYPE(None)(TE.ExporterCleanup)
|
|
ExporterSetImageBase = WINFUNCTYPE(None, ULONG_PTR)(TE.ExporterSetImageBase)
|
|
ExporterInit = WINFUNCTYPE(None, DWORD, ULONG_PTR, DWORD, c_char_p)(TE.ExporterInit)
|
|
ExporterAddNewExport = WINFUNCTYPE(c_bool, c_char_p, DWORD)(TE.ExporterAddNewExport)
|
|
ExporterAddNewOrdinalExport = WINFUNCTYPE(c_bool, DWORD, DWORD)(TE.ExporterAddNewOrdinalExport)
|
|
ExporterGetAddedExportCount = WINFUNCTYPE(c_long)(TE.ExporterGetAddedExportCount)
|
|
ExporterEstimatedSize = WINFUNCTYPE(c_long)(TE.ExporterEstimatedSize)
|
|
ExporterBuildExportTable = WINFUNCTYPE(c_bool, ULONG_PTR, ULONG_PTR)(TE.ExporterBuildExportTable)
|
|
ExporterBuildExportTableEx = WINFUNCTYPE(c_bool, c_char_p, c_char_p)(TE.ExporterBuildExportTableEx)
|
|
ExporterBuildExportTableExW = WINFUNCTYPE(c_bool, c_wchar_p, c_char_p)(TE.ExporterBuildExportTableExW)
|
|
ExporterLoadExportTable = WINFUNCTYPE(c_bool, c_char_p)(TE.ExporterLoadExportTable)
|
|
ExporterLoadExportTableW = WINFUNCTYPE(c_bool, c_wchar_p)(TE.ExporterLoadExportTableW)
|
|
|
|
# TitanEngine.Librarian.functions:
|
|
LibrarianSetBreakPoint = WINFUNCTYPE(c_bool, c_char_p, DWORD, c_bool, LPVOID)(TE.LibrarianSetBreakPoint)
|
|
LibrarianRemoveBreakPoint = WINFUNCTYPE(c_bool, c_char_p, DWORD)(TE.LibrarianRemoveBreakPoint)
|
|
LibrarianGetLibraryInfo = WINFUNCTYPE(c_void_p, c_char_p)(TE.LibrarianGetLibraryInfo)
|
|
LibrarianGetLibraryInfo.restype = POINTER(LIBRARY_ITEM_DATA)
|
|
LibrarianGetLibraryInfoW = WINFUNCTYPE(c_void_p, c_wchar_p)(TE.LibrarianGetLibraryInfoW)
|
|
LibrarianGetLibraryInfoW.restype = POINTER(LIBRARY_ITEM_DATAW)
|
|
LibrarianGetLibraryInfoEx = WINFUNCTYPE(c_void_p, c_void_p)(TE.LibrarianGetLibraryInfoEx)
|
|
LibrarianGetLibraryInfoEx.restype = POINTER(LIBRARY_ITEM_DATA)
|
|
LibrarianGetLibraryInfoExW = WINFUNCTYPE(c_void_p, c_void_p)(TE.LibrarianGetLibraryInfoExW)
|
|
LibrarianGetLibraryInfoExW.restype = POINTER(LIBRARY_ITEM_DATAW)
|
|
LibrarianEnumLibraryInfo = WINFUNCTYPE(None, c_void_p)(TE.LibrarianEnumLibraryInfo)
|
|
LibrarianEnumLibraryInfoW = WINFUNCTYPE(None, c_void_p)(TE.LibrarianEnumLibraryInfoW)
|
|
|
|
# TitanEngine.Process.functions:
|
|
GetActiveProcessId = WINFUNCTYPE(c_long, c_char_p)(TE.GetActiveProcessId)
|
|
GetActiveProcessIdW = WINFUNCTYPE(c_long, c_wchar_p)(TE.GetActiveProcessIdW)
|
|
EnumProcessesWithLibrary = WINFUNCTYPE(None, c_char_p, c_void_p)(TE.EnumProcessesWithLibrary)
|
|
TitanOpenProcess = WINFUNCTYPE(HANDLE, DWORD, c_bool, DWORD)(TE.TitanOpenProcess)
|
|
TitanOpenThread = WINFUNCTYPE(HANDLE, DWORD, c_bool, DWORD)(TE.TitanOpenThread)
|
|
|
|
# TitanEngine.TLSFixer.functions:
|
|
TLSBreakOnCallBack = WINFUNCTYPE(c_bool, LPVOID, DWORD, LPVOID)(TE.TLSBreakOnCallBack)
|
|
TLSGrabCallBackData = WINFUNCTYPE(c_bool, c_char_p, LPVOID, LPDWORD)(TE.TLSGrabCallBackData)
|
|
TLSGrabCallBackDataW = WINFUNCTYPE(c_bool, c_wchar_p, LPVOID, LPDWORD)(TE.TLSGrabCallBackDataW)
|
|
TLSBreakOnCallBackEx = WINFUNCTYPE(c_bool, c_char_p, LPVOID)(TE.TLSBreakOnCallBackEx)
|
|
TLSBreakOnCallBackExW = WINFUNCTYPE(c_bool, c_wchar_p, LPVOID)(TE.TLSBreakOnCallBackExW)
|
|
TLSRemoveCallback = WINFUNCTYPE(c_bool, c_char_p)(TE.TLSRemoveCallback)
|
|
TLSRemoveCallbackW = WINFUNCTYPE(c_bool, c_wchar_p)(TE.TLSRemoveCallbackW)
|
|
TLSRemoveTable = WINFUNCTYPE(c_bool, c_char_p)(TE.TLSRemoveTable)
|
|
TLSRemoveTableW = WINFUNCTYPE(c_bool, c_wchar_p)(TE.TLSRemoveTableW)
|
|
TLSBackupData = WINFUNCTYPE(c_bool, c_char_p)(TE.TLSBackupData)
|
|
TLSBackupDataW = WINFUNCTYPE(c_bool, c_wchar_p)(TE.TLSBackupDataW)
|
|
TLSRestoreData = WINFUNCTYPE(c_bool)(TE.TLSRestoreData)
|
|
TLSBuildNewTable = WINFUNCTYPE(c_bool, ULONG_PTR, ULONG_PTR, ULONG_PTR, LPVOID, DWORD)(TE.TLSBuildNewTable)
|
|
TLSBuildNewTableEx = WINFUNCTYPE(c_bool, c_char_p, c_char_p, LPVOID, DWORD)(TE.TLSBuildNewTableEx)
|
|
TLSBuildNewTableExW = WINFUNCTYPE(c_bool, c_wchar_p, c_char_p, LPVOID, DWORD)(TE.TLSBuildNewTableExW)
|
|
|
|
# TitanEngine.TranslateName.functions:
|
|
TranslateNativeName = WINFUNCTYPE(c_void_p, c_char_p)(TE.TranslateNativeName)
|
|
TranslateNativeNameW = WINFUNCTYPE(c_void_p, c_wchar_p)(TE.TranslateNativeNameW)
|
|
|
|
# TitanEngine.Handler.functions:
|
|
HandlerGetActiveHandleCount = WINFUNCTYPE(c_long, DWORD)(TE.HandlerGetActiveHandleCount)
|
|
HandlerIsHandleOpen = WINFUNCTYPE(c_bool, DWORD, HANDLE)(TE.HandlerIsHandleOpen)
|
|
HandlerGetHandleName = WINFUNCTYPE(c_void_p, HANDLE, DWORD, HANDLE, c_bool)(TE.HandlerGetHandleName)
|
|
HandlerGetHandleNameW = WINFUNCTYPE(c_void_p, HANDLE, DWORD, HANDLE, c_bool)(TE.HandlerGetHandleNameW)
|
|
HandlerEnumerateOpenHandles = WINFUNCTYPE(c_long, DWORD, LPVOID, DWORD)(TE.HandlerEnumerateOpenHandles)
|
|
HandlerGetHandleDetails = WINFUNCTYPE(c_void_p, HANDLE, DWORD, HANDLE, DWORD)(TE.HandlerGetHandleDetails)
|
|
HandlerGetHandleDetails.restype = ULONG_PTR
|
|
HandlerCloseRemoteHandle = WINFUNCTYPE(c_bool, HANDLE, HANDLE)(TE.HandlerCloseRemoteHandle)
|
|
HandlerEnumerateLockHandles = WINFUNCTYPE(c_long, c_char_p, c_bool, c_bool, LPVOID, DWORD)(TE.HandlerEnumerateLockHandles)
|
|
HandlerEnumerateLockHandlesW = WINFUNCTYPE(c_long, c_wchar_p, c_bool, c_bool, LPVOID, DWORD)(TE.HandlerEnumerateLockHandlesW)
|
|
HandlerCloseAllLockHandles = WINFUNCTYPE(c_bool, c_char_p, c_bool, c_bool)(TE.HandlerCloseAllLockHandles)
|
|
HandlerCloseAllLockHandlesW = WINFUNCTYPE(c_bool, c_wchar_p, c_bool, c_bool)(TE.HandlerCloseAllLockHandlesW)
|
|
HandlerIsFileLocked = WINFUNCTYPE(c_bool, c_char_p, c_bool, c_bool)(TE.HandlerIsFileLocked)
|
|
HandlerIsFileLockedW = WINFUNCTYPE(c_bool, c_wchar_p, c_bool, c_bool)(TE.HandlerIsFileLockedW)
|
|
|
|
# TitanEngine.Handler[Mutex].functions:
|
|
HandlerEnumerateOpenMutexes = WINFUNCTYPE(c_long, HANDLE, DWORD, LPVOID, DWORD)(TE.HandlerEnumerateOpenMutexes)
|
|
HandlerGetOpenMutexHandle = WINFUNCTYPE(c_void_p, HANDLE, DWORD, c_char_p)(TE.HandlerGetOpenMutexHandle)
|
|
HandlerGetOpenMutexHandle.restype = ULONG_PTR
|
|
HandlerGetOpenMutexHandleW = WINFUNCTYPE(c_void_p, HANDLE, DWORD, c_wchar_p)(TE.HandlerGetOpenMutexHandleW)
|
|
HandlerGetOpenMutexHandleW.restype = ULONG_PTR
|
|
HandlerGetProcessIdWhichCreatedMutex = WINFUNCTYPE(c_long, c_char_p)(TE.HandlerGetProcessIdWhichCreatedMutex)
|
|
HandlerGetProcessIdWhichCreatedMutexW = WINFUNCTYPE(c_long, c_wchar_p)(TE.HandlerGetProcessIdWhichCreatedMutexW)
|
|
|
|
# TitanEngine.Injector.functions:
|
|
RemoteLoadLibrary = WINFUNCTYPE(c_bool, HANDLE, c_char_p, c_bool)(TE.RemoteLoadLibrary)
|
|
RemoteLoadLibraryW = WINFUNCTYPE(c_bool, HANDLE, c_wchar_p, c_bool)(TE.RemoteLoadLibraryW)
|
|
RemoteFreeLibrary = WINFUNCTYPE(c_bool, HANDLE, HMODULE, c_char_p, c_bool)(TE.RemoteFreeLibrary)
|
|
RemoteFreeLibraryW = WINFUNCTYPE(c_bool, HANDLE, HMODULE, c_wchar_p, c_bool)(TE.RemoteFreeLibraryW)
|
|
RemoteExitProcess = WINFUNCTYPE(c_bool, HANDLE, DWORD)(TE.RemoteExitProcess)
|
|
|
|
# TitanEngine.StaticUnpacker.functions:
|
|
StaticFileLoad = WINFUNCTYPE(c_bool, c_char_p, DWORD, c_bool, LPHANDLE, LPDWORD, LPHANDLE, PULONG_PTR)(TE.StaticFileLoad)
|
|
StaticFileLoadW = WINFUNCTYPE(c_bool, c_wchar_p, DWORD, c_bool, LPHANDLE, LPDWORD, LPHANDLE, PULONG_PTR)(TE.StaticFileLoadW)
|
|
StaticFileUnload = WINFUNCTYPE(c_bool, c_char_p, c_bool, HANDLE, DWORD, HANDLE, ULONG_PTR)(TE.StaticFileUnload)
|
|
StaticFileUnloadW = WINFUNCTYPE(c_bool, c_wchar_p, c_bool, HANDLE, DWORD, HANDLE, ULONG_PTR)(TE.StaticFileUnloadW)
|
|
StaticFileOpen = WINFUNCTYPE(c_bool, c_char_p, DWORD, LPHANDLE, LPDWORD, LPDWORD)(TE.StaticFileOpen)
|
|
StaticFileOpenW = WINFUNCTYPE(c_bool, c_wchar_p, DWORD, LPHANDLE, LPDWORD, LPDWORD)(TE.StaticFileOpenW)
|
|
StaticFileGetContent = WINFUNCTYPE(c_bool, HANDLE, DWORD, LPDWORD, c_void_p, DWORD)(TE.StaticFileGetContent)
|
|
StaticFileClose = WINFUNCTYPE(None, HANDLE)(TE.StaticFileClose)
|
|
StaticMemoryDecrypt = WINFUNCTYPE(None, LPVOID, DWORD, DWORD, DWORD, ULONG_PTR)(TE.StaticMemoryDecrypt)
|
|
StaticMemoryDecryptEx = WINFUNCTYPE(None, LPVOID, DWORD, DWORD, c_void_p)(TE.StaticMemoryDecryptEx)
|
|
StaticMemoryDecryptSpecial = WINFUNCTYPE(None, LPVOID, DWORD, DWORD, DWORD, c_void_p)(TE.StaticMemoryDecryptSpecial)
|
|
StaticSectionDecrypt = WINFUNCTYPE(None, ULONG_PTR, DWORD, c_bool, DWORD, DWORD, ULONG_PTR)(TE.StaticSectionDecrypt)
|
|
StaticMemoryDecompress = WINFUNCTYPE(c_bool, c_void_p, DWORD, c_void_p, DWORD, c_int)(TE.StaticMemoryDecompress)
|
|
StaticRawMemoryCopy = WINFUNCTYPE(c_bool, HANDLE, ULONG_PTR, ULONG_PTR, DWORD, c_bool, c_char_p)(TE.StaticRawMemoryCopy)
|
|
StaticRawMemoryCopyW = WINFUNCTYPE(c_bool, HANDLE, ULONG_PTR, ULONG_PTR, DWORD, c_bool, c_wchar_p)(TE.StaticRawMemoryCopyW)
|
|
StaticRawMemoryCopyEx = WINFUNCTYPE(c_bool, HANDLE, DWORD, DWORD, c_char_p)(TE.StaticRawMemoryCopyEx)
|
|
StaticRawMemoryCopyExW = WINFUNCTYPE(c_bool, HANDLE, DWORD, DWORD, c_wchar_p)(TE.StaticRawMemoryCopyExW)
|
|
StaticRawMemoryCopyEx64 = WINFUNCTYPE(c_bool, HANDLE, DWORD64, DWORD64, c_char_p)(TE.StaticRawMemoryCopyEx64)
|
|
StaticRawMemoryCopyEx64W = WINFUNCTYPE(c_bool, HANDLE, DWORD64, DWORD64, c_wchar_p)(TE.StaticRawMemoryCopyEx64W)
|
|
StaticHashMemory = WINFUNCTYPE(c_bool, c_void_p, DWORD, c_void_p, c_bool, c_int)(TE.StaticHashMemory)
|
|
StaticHashFileW = WINFUNCTYPE(c_bool, c_wchar_p, c_char_p, c_bool, c_int)(TE.StaticHashFileW)
|
|
StaticHashFile = WINFUNCTYPE(c_bool, c_char_p, c_char_p, c_bool, c_int)(TE.StaticHashFile)
|
|
|
|
# TitanEngine.Engine.functions:
|
|
EngineUnpackerInitialize = WINFUNCTYPE(None, c_char_p, c_char_p, c_bool, c_bool, c_bool, c_void_p)(TE.EngineUnpackerInitialize)
|
|
EngineUnpackerInitializeW = WINFUNCTYPE(None, c_wchar_p, c_wchar_p, c_bool, c_bool, c_bool, c_void_p)(TE.EngineUnpackerInitializeW)
|
|
EngineUnpackerSetBreakCondition = WINFUNCTYPE(c_bool, c_void_p, DWORD, c_void_p, DWORD, DWORD, ULONG_PTR, c_bool, DWORD, DWORD)(TE.EngineUnpackerSetBreakCondition)
|
|
EngineUnpackerSetEntryPointAddress = WINFUNCTYPE(None, ULONG_PTR)(TE.EngineUnpackerSetEntryPointAddress)
|
|
EngineUnpackerFinalizeUnpacking = WINFUNCTYPE(None)(TE.EngineUnpackerFinalizeUnpacking)
|
|
|
|
# TitanEngine.Engine.functions:
|
|
SetEngineVariable = WINFUNCTYPE(None, DWORD, c_bool)(TE.SetEngineVariable)
|
|
EngineCreateMissingDependencies = WINFUNCTYPE(c_bool, c_char_p, c_char_p, c_bool)(TE.EngineCreateMissingDependencies)
|
|
EngineCreateMissingDependenciesW = WINFUNCTYPE(c_bool, c_wchar_p, c_wchar_p, c_bool)(TE.EngineCreateMissingDependenciesW)
|
|
EngineFakeMissingDependencies = WINFUNCTYPE(c_bool, HANDLE)(TE.EngineFakeMissingDependencies)
|
|
EngineDeleteCreatedDependencies = WINFUNCTYPE(c_bool)(TE.EngineDeleteCreatedDependencies)
|
|
EngineCreateUnpackerWindow = WINFUNCTYPE(c_bool, c_char_p, c_char_p, c_char_p, c_char_p, c_void_p)(TE.EngineCreateUnpackerWindow)
|
|
EngineAddUnpackerWindowLogMessage = WINFUNCTYPE(None, c_char_p)(TE.EngineAddUnpackerWindowLogMessage)
|
|
EngineCheckStructAlignment = WINFUNCTYPE(c_bool, DWORD, ULONG_PTR)(TE.EngineCheckStructAlignment)
|
|
|
|
# Global.Engine.Extension.Functions:
|
|
ExtensionManagerIsPluginLoaded = WINFUNCTYPE(c_bool, c_char_p)(TE.ExtensionManagerIsPluginLoaded)
|
|
ExtensionManagerIsPluginEnabled = WINFUNCTYPE(c_bool, c_char_p)(TE.ExtensionManagerIsPluginEnabled)
|
|
ExtensionManagerDisableAllPlugins = WINFUNCTYPE(c_bool)(TE.ExtensionManagerDisableAllPlugins)
|
|
ExtensionManagerDisablePlugin = WINFUNCTYPE(c_bool, c_char_p)(TE.ExtensionManagerDisablePlugin)
|
|
ExtensionManagerEnableAllPlugins = WINFUNCTYPE(c_bool)(TE.ExtensionManagerEnableAllPlugins)
|
|
ExtensionManagerEnablePlugin = WINFUNCTYPE(c_bool, c_char_p)(TE.ExtensionManagerEnablePlugin)
|
|
ExtensionManagerUnloadAllPlugins = WINFUNCTYPE(c_bool)(TE.ExtensionManagerUnloadAllPlugins)
|
|
ExtensionManagerUnloadPlugin = WINFUNCTYPE(c_bool, c_char_p)(TE.ExtensionManagerUnloadPlugin)
|
|
ExtensionManagerGetPluginInfo = WINFUNCTYPE(c_void_p, c_char_p)(TE.ExtensionManagerGetPluginInfo)
|
|
ExtensionManagerGetPluginInfo.restype = POINTER(PluginInformation)
|