mirror of https://github.com/x64dbg/TitanEngine
150 lines
5.6 KiB
C++
150 lines
5.6 KiB
C++
#include "stdafx.h"
|
|
#include "definitions.h"
|
|
#include "Global.Injector.h"
|
|
|
|
HANDLE engineReservedMemoryProcess = NULL;
|
|
ULONG_PTR engineReservedMemoryLeft[UE_MAX_RESERVED_MEMORY_LEFT];
|
|
|
|
long injectedRemoteLoadLibrary(LPVOID Parameter)
|
|
{
|
|
PInjectCodeData APIData = (PInjectCodeData)Parameter;
|
|
Parameter = (LPVOID)((ULONG_PTR)Parameter + sizeof InjectCodeData);
|
|
#if !defined(_WIN64)
|
|
typedef ULONG_PTR(WINAPI * fLoadLibraryW)(LPCWSTR fLibraryName);
|
|
typedef ULONG_PTR(WINAPI * fVirtualFree)(LPVOID fMemBase, SIZE_T fMemSize, DWORD fFreeType);
|
|
#else
|
|
typedef ULONG_PTR(__fastcall * fLoadLibraryW)(LPCWSTR fLibraryName);
|
|
typedef ULONG_PTR(__fastcall * fVirtualFree)(LPVOID fMemBase, SIZE_T fMemSize, DWORD fFreeType);
|
|
#endif
|
|
fLoadLibraryW cLoadLibraryW = (fLoadLibraryW)(APIData->fLoadLibrary);
|
|
fVirtualFree cVirtualFree = (fVirtualFree)(APIData->fVirtualFree);
|
|
long retValue = NULL;
|
|
|
|
if(cLoadLibraryW((LPCWSTR)Parameter) != NULL)
|
|
{
|
|
retValue++;
|
|
}
|
|
cVirtualFree(Parameter, NULL, MEM_RELEASE);
|
|
return(retValue);
|
|
}
|
|
|
|
long injectedRemoteFreeLibrary(LPVOID Parameter)
|
|
{
|
|
|
|
PInjectCodeData APIData = (PInjectCodeData)Parameter;
|
|
#if !defined(_WIN64)
|
|
typedef ULONG_PTR(WINAPI * fFreeLibrary)(HMODULE fLibBase);
|
|
typedef ULONG_PTR(WINAPI * fVirtualFree)(LPVOID fMemBase, SIZE_T fMemSize, DWORD fFreeType);
|
|
#else
|
|
typedef ULONG_PTR(__fastcall * fFreeLibrary)(HMODULE fLibBase);
|
|
typedef ULONG_PTR(__fastcall * fVirtualFree)(LPVOID fMemBase, SIZE_T fMemSize, DWORD fFreeType);
|
|
#endif
|
|
fFreeLibrary cFreeLibrary = (fFreeLibrary)(APIData->fFreeLibrary);
|
|
fVirtualFree cVirtualFree = (fVirtualFree)(APIData->fVirtualFree);
|
|
long retValue = NULL;
|
|
|
|
if(cFreeLibrary(APIData->fFreeLibraryHandle))
|
|
{
|
|
retValue++;
|
|
}
|
|
cVirtualFree(Parameter, NULL, MEM_RELEASE);
|
|
return(retValue);
|
|
}
|
|
|
|
long injectedRemoteFreeLibrarySimple(LPVOID Parameter)
|
|
{
|
|
|
|
PInjectCodeData APIData = (PInjectCodeData)Parameter;
|
|
LPVOID orgParameter = Parameter;
|
|
Parameter = (LPVOID)((ULONG_PTR)Parameter + sizeof InjectCodeData);
|
|
#if !defined(_WIN64)
|
|
typedef ULONG_PTR(WINAPI * fFreeLibrary)(HMODULE fLibBase);
|
|
typedef HMODULE(WINAPI * fGetModuleHandleW)(LPCWSTR fLibraryName);
|
|
typedef ULONG_PTR(WINAPI * fVirtualFree)(LPVOID fMemBase, SIZE_T fMemSize, DWORD fFreeType);
|
|
#else
|
|
typedef ULONG_PTR(__fastcall * fFreeLibrary)(HMODULE fLibBase);
|
|
typedef HMODULE(__fastcall * fGetModuleHandleW)(LPCWSTR fLibraryName);
|
|
typedef ULONG_PTR(__fastcall * fVirtualFree)(LPVOID fMemBase, SIZE_T fMemSize, DWORD fFreeType);
|
|
#endif
|
|
fGetModuleHandleW cGetModuleHandleW = (fGetModuleHandleW)(APIData->fGetModuleHandle);
|
|
fFreeLibrary cFreeLibrary = (fFreeLibrary)(APIData->fFreeLibrary);
|
|
fVirtualFree cVirtualFree = (fVirtualFree)(APIData->fVirtualFree);
|
|
long retValue = NULL;
|
|
HMODULE hModule;
|
|
|
|
hModule = cGetModuleHandleW((LPCWSTR)Parameter);
|
|
if(hModule != NULL)
|
|
{
|
|
if(cFreeLibrary(hModule))
|
|
{
|
|
retValue++;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
retValue++;
|
|
}
|
|
cVirtualFree(orgParameter, NULL, MEM_RELEASE);
|
|
return(retValue);
|
|
}
|
|
|
|
long injectedExitProcess(LPVOID Parameter)
|
|
{
|
|
|
|
PInjectCodeData APIData = (PInjectCodeData)Parameter;
|
|
#if !defined(_WIN64)
|
|
typedef ULONG_PTR(WINAPI * fExitProcess)(DWORD fExitCode);
|
|
#else
|
|
typedef ULONG_PTR(__fastcall * fExitProcess)(DWORD fExitCode);
|
|
#endif
|
|
fExitProcess cExitProcess = (fExitProcess)(APIData->fExitProcess);
|
|
long retValue = NULL;
|
|
|
|
cExitProcess(APIData->fExitProcessCode);
|
|
return(NULL);
|
|
}
|
|
|
|
void injectedTerminator()
|
|
{
|
|
|
|
int i;
|
|
|
|
for(i = 0; i < UE_MAX_RESERVED_MEMORY_LEFT; i++)
|
|
{
|
|
if(engineReservedMemoryLeft[i] != NULL)
|
|
{
|
|
VirtualFreeEx(engineReservedMemoryProcess, (LPVOID)engineReservedMemoryLeft[i], NULL, MEM_RELEASE);
|
|
engineReservedMemoryLeft[i] = NULL;
|
|
}
|
|
}
|
|
}
|
|
|
|
// Global.Injector.functions: {DO NOT REORDER! USE ONLY IN RELEASE MODE!}
|
|
long injectedImpRec(LPVOID Parameter)
|
|
{
|
|
HANDLE hFile;
|
|
HANDLE hFileMap;
|
|
PInjectImpRecCodeData APIData = (PInjectImpRecCodeData)Parameter;
|
|
LPVOID szFileName = (LPVOID)((ULONG_PTR)Parameter + sizeof InjectImpRecCodeData);
|
|
typedef ULONG_PTR(__cdecl * fTrace)(DWORD hFileMap, DWORD dwSizeMap, DWORD dwTimeOut, DWORD dwToTrace, DWORD dwExactCall);
|
|
typedef HANDLE(WINAPI * fCreateFileW)(LPCWSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile);
|
|
typedef HANDLE(WINAPI * fCreateFileMappingA)(HANDLE hFile, LPSECURITY_ATTRIBUTES lpFileMappingAttributes, DWORD flProtect, DWORD dwMaximumSizeHigh, DWORD dwMaximumSizeLow, LPCSTR lpName);
|
|
typedef BOOL(__cdecl * fCloseHandle)(HANDLE hHandle);
|
|
fTrace cTrace = (fTrace)(APIData->fTrace);
|
|
fCreateFileW cCreateFileW = (fCreateFileW)(APIData->fCreateFileA);
|
|
fCloseHandle cCloseHandle = (fCloseHandle)(APIData->fCloseHandle);
|
|
fCreateFileMappingA cCreateFileMappingA = (fCreateFileMappingA)(APIData->fCreateFileMappingA);
|
|
|
|
hFile = cCreateFileW((LPCWSTR)szFileName, GENERIC_READ + GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
|
|
if(hFile != INVALID_HANDLE_VALUE)
|
|
{
|
|
hFileMap = cCreateFileMappingA(hFile, NULL, 4, NULL, 0x100, NULL);
|
|
cTrace((DWORD)hFileMap, 0x100, -1, (DWORD)APIData->AddressToTrace, NULL);
|
|
cCloseHandle(hFile);
|
|
return(1);
|
|
}
|
|
else
|
|
{
|
|
return(0);
|
|
}
|
|
} |