x64dbg/x64dbg
x64dbg
/
x64dbg
1
0
Fork 0
Code Releases 2 Activity

first commit

This commit is contained in:
mr.exodia 2013-11-14 21:55:18 +01:00
commit 6c9de40fbc
267 changed files with 52814 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
.gitignore vendored Normal file
View File

@ -0,0 +1,49 @@
#ignore directories
*/obj/
bin/*/*
ipch/*
*/Win32/
*/x64/
#global filetypes to ignore
*.depend
*.layout
*.cscope_file_list
*.bmarks
*.chw
*.cbTemp
*.ini
*.opensdf
*.sdf
*.suo
#whitelisted bin files
!bin/*/TitanEngine.dll
!bin/*/test.dll
!bin/*/test.exe
!bin/*/dbghelp.dll
!bin/*/sqlite.dll
!bin/*/BeaEngine.dll
!bin/*/Scylla.dll
#files to ignore
todo_bridge.txt
#debugger files to ignore
x64_dbg_dbg/ODbgScript.chm
x64_dbg_dbg/ODbgScript.chw
x64_dbg_dbg/CppCheckResults.xml
x64_dbg_dbg/.cccc/
x64_dbg_dbg/suggestions.txt
# For GUI
*.pro.user
x64_dbg_gui/DebuggerX64-build-Debug
x64_dbg_gui/DebuggerX64-build-Release
x64_dbg_gui/bin
x64_dbg_gui/Project/GeneratedFiles/
x64_dbg_gui/Project/release/
x64_dbg_gui/Project/Win32/
x64_dbg_gui/Project/x64/
x64_dbg_gui/Project/Src/Bridge/libx32_bridge.a
x64_dbg_gui/Project/Src/Bridge/libx64_bridge.a

BIN
bin/x32/BeaEngine.dll Normal file
View File

Binary file not shown.

BIN
bin/x32/Scylla.dll Normal file
View File

Binary file not shown.

BIN
bin/x32/TitanEngine.dll Normal file
View File

Binary file not shown.

BIN
bin/x32/dbghelp.dll Normal file
View File

Binary file not shown.

BIN
bin/x32/sqlite.dll Normal file
View File

Binary file not shown.

BIN
bin/x32/test.dll Normal file
View File

Binary file not shown.

BIN
bin/x32/test.exe Normal file
View File

Binary file not shown.

BIN
bug.ico Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 105 KiB

50
help/Calculations.htm Normal file
View File

@ -0,0 +1,50 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Calculations</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>Calculations<BR></STRONG>The debugger allows usage of basic math
operations, just type an expression in the
command window and the result will be displayed in the console. Apart from
calculations, it allows quick&nbsp;variable changes using a C-like syntax.</P>
<P><STRONG>Operators</STRONG><BR> You can use the
following operators in your expression. They are processed in the following order:</P>
<P><U>1:</U><U>brackets</U>: '(' and ')' Brackets are
resolved first, there is no need for a terminating bracket, unless you want to
use one.</P>
<P><U>2:not</U>: '~' The not operator can be used before a
number of a variable, like in C.</P>
<P><U>3:addition/substraction</U>
: '+' and '-'</P>
<P><U>4:muliplication/devision</U>: '*'
= regular multiplication (signed/unsigned), '#' = get the higher part of the
multiplication, '/' = regular devision (signed/unsigned, devide by zero=error)
and '%' = get the modulo (remainder) of the devision.</P>
<P><U>5:shift</U>: '&lt;' = shift left (shl for unsigned,
sal for signed), '&gt;' = shift right (shr for unsigned, sar for signed).</P>
<P><U>6:and</U>: '&amp;' Just the regular AND operation like
in C.</P>
<P><U>7:xor</U>: '^' Just the regular XOR operation like in
C.</P>
<P><U>8:or</U>: '|' Just the regular OR operation like in
C.</P>
<P><STRONG>Quick-Assigning<BR></STRONG>Changing memory, a
variable, register or&nbsp;flag can be easily done using a C-like
syntax:</P>
<P><U>a?=b</U>: '?' can be any mathematical operation. 'a'
can be any register, flag, variable or memory location. 'b' can be anything that is recognized as a mathmatical
input.</P>
<P><U>a++/a--</U>: 'a' can be any register, flag, variable or memory
location.</P></body>

35
help/Commands.htm Normal file
View File

@ -0,0 +1,35 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Commands</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P class=rvps3><SPAN class=rvts10><STRONG>
command[,alias1,alias2]</STRONG><BR></SPAN><SPAN class=rvts9>Command description
here.</SPAN><SPAN class=rvts9><BR></SPAN></P>
<P class=rvps3><SPAN class=rvts11><U>arguments</U><BR></SPAN><SPAN
class=rvts9>&nbsp; arg1: </SPAN><SPAN class=rvts9>Argument description.</SPAN></P>
<P class=rvps3><SPAN class=rvts9></SPAN><SPAN class=rvts9>[arg2]: </SPAN><SPAN
class=rvts9></SPAN><SPAN class=rvts9>Optional argument.</SPAN></P>
<P class=rvps3><SPAN class=rvts9></SPAN><SPAN
class=rvts9>[arg3]: </SPAN><SPAN class=rvts9></SPAN><SPAN class=rvts9>Another optional argument (can only be given when the
previous argument is also
given).</SPAN><SPAN class=rvts9><BR></P></SPAN>
<P class=rvps3><SPAN class=rvts11><U>result</U><BR></SPAN><SPAN
class=rvts9>Description of the command result.</SPAN><SPAN
class=rvts9><BR></SPAN></P>
<P class=rvps3><SPAN class=rvts12><U><STRONG>REMARK</STRONG></U></SPAN><SPAN
class=rvts9>: Commands cannot contain any of the following characters: ","
(comma), " " (space) and "\" (backslash). They need to be
prefixed.</SPAN></P></head>

23
help/DeleteBPX_bpc_bc.htm Normal file
View File

@ -0,0 +1,23 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>DeleteBPX/bpc/bc</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>DeleteBPX[,bpc,bc]</STRONG><BR>Delete&nbsp;a
breakpoint set using the SetBPX command.</P>
<P><U>arguments</U><BR>[arg1]: Name or address of the breakpoint to delete. If this argument is not specified, all breakpoints will be
enabled.</P>
<P><U>result<BR></U>This command does not set any result variables.</P>
<P>&nbsp;</P></body>

26
help/DisableBPX_bpd_bd.htm Normal file
View File

@ -0,0 +1,26 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>DisableBPX/bpd/bd</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body><STRONG>DisableBPX[,bpd,bd]<BR></STRONG>Disable&nbsp;a breakpoint set using the SetBPX
command.
<P><U>arguments</U><BR>[arg1]: Name or address of the breakpoint to disable. If
this argument is not specified, all breakpoints will be enabled.</P>
<P>
<U>
result
<BR>
</U>This command does not set any result
variables.</P></BODY></HTML>

25
help/EnableBPX_bpe_be.htm Normal file
View File

@ -0,0 +1,25 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>EnableBPX/bpe/be</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>EnableBPX[,bpe,be]</STRONG><BR>Enable
a breakpoint set using the SetBPX
command.</P>
<P><U>arguments</U><BR> [arg1]: Name or address of the breakpoint to enable. If this
argument is not specified, all breakpoints
will be enabled.</P>
<P><U>result<BR></U>This command does not set any result
variables.</P></head>

25
help/Fill_memset.htm Normal file
View File

@ -0,0 +1,25 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Fill/memset</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>Fill[,memset]</STRONG><BR>Set memory of the
debuggee to a specified byte.</P>
<P><U>arguments</U><BR>&nbsp; arg1: Memory address to start setting bytes.</P>
<P>&nbsp; arg2: Value (byte) to set memory with.</P>
<P>[arg3]: Size to set. When not specified the rest of the
page is used.</P>
<P><U>result</U><BR>This command does not set any result
variables.</P></body>

31
help/HideDebugger_dbh_hide.htm Normal file
View File

@ -0,0 +1,31 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>HideDebugger/dbh/hide</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>HideDebugger[,dbh,hide]<BR></STRONG> Hide the debugger from (very) simple detection
methods.</P>
<P class=rvps3><SPAN class=rvts11><U>arguments</U><BR></SPAN><SPAN class=rvts9>This command has no arguments.</SPAN></P>
<P class=rvps3>
<SPAN class=rvts11>
<U>
result
<BR>
</U>
</SPAN>
<SPAN class=rvts9 >
This command does not set any result
variables.</SPAN></P></body>

24
help/Hotkeys.htm Normal file
View File

@ -0,0 +1,24 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Hotkeys</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>Hotkeys</STRONG><BR>This section is a listing of
all hotkeys.</P>
<P><U>RIGHT-ALT</U>: Use right-alt to toggle between the last
selected window the process has access to and the console window. This is useful
when you quickly need to enter a command and then switch back to the previous
window. The window selected will be set to
the foreground.</P></body>

41
help/InitDebug_initdbg_init.htm Normal file
View File

@ -0,0 +1,41 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>InitDebug/initdbg/init</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>InitDebug[,init,initdbg]<BR></STRONG>Initializes the debugger. This command will load
the executable (do some basic checks),&nbsp;set breakpoints on TLS callbacks
(if present), set a breakpoint at the process entry point&nbsp;and
break at the system breakpoint before giving back control to the
user.</P>
<P><U>arguments</U><BR>&nbsp; arg1 : Path to the executable file to debug. If no full path is given, the GetCurrentDirectory API will be
called to retrieve a full path. Use quotation marks to include spaces in your path.
</P>
<P> [arg2]: Commandline to create the process with.
</P>
<P>[arg3]: Current folder (passed to the CreateProcess API).
</P>
<P><U>result<BR></U> This command will
give control back to the user&nbsp;after the&nbsp;system breakpoint&nbsp;is reached. It will set
<U>$pid</U> and&nbsp;<U>$hp/$hProcess</U>variables.
</P></BODY></HTML>

62
help/Input.htm Normal file
View File

@ -0,0 +1,62 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Input</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P class=rvps3><SPAN class=rvts10><STRONG>Input</STRONG><BR></SPAN><SPAN
class=rvts9>This program accepts various options of input:</SPAN><SPAN
class=rvts9><BR></SPAN></P>
<P class=rvps3><SPAN class=rvts11><U>commands</U></SPAN><SPAN class=rvts9>:
Commands have the following format: "</SPAN><SPAN
class=rvts10>command[space]arg1,[optional space]arg2,argN</SPAN><SPAN
class=rvts9>".</SPAN><SPAN class=rvts9><BR></SPAN></P>
<P class=rvps3><SPAN class=rvts11><U>variables</U></SPAN><SPAN class=rvts9>:
Variables optionally start with a $ and can only store one DWORD (QWORD on
x64).</SPAN><SPAN class=rvts9><BR></SPAN></P>
<P class=rvps3><SPAN class=rvts11><U>debug registers</U></SPAN><SPAN
class=rvts9>: All debug registers (all sizes) can be used as
variables.</SPAN><SPAN class=rvts9><BR></SPAN></P>
<P class=rvps3><SPAN class=rvts11><U>memory locations</U></SPAN><SPAN
class=rvts9>: You can read from a memory location by using one of the
following expressions:<BR>@addr<BR>
@n:addr (where n is the amount of bytes to read,
this can be anything smaller then 4 on x32 and smaller then
8 on x64, when specified otherwise, there will be an error). addr is directly interpreted
as a value, when you want to read [addr+1] you should use
brackets: @(addr+1), @addr+1 will read: [addr]+1.</SPAN></P>
<P class=rvps3><SPAN
class=rvts9>
</SPAN><SPAN
class=rvts9><U>flags</U>: Debug flags (interpreted as integer) can be used
as input. Flags are prefixed with a '!' following the flag name or the bit number their on.
Valid flags are: !cf, !pf, !af, !zf, !sf, !tf, !if, !df, !of, !rf, !vm, !ac, !vif, !vip and !id.</SPAN><SPAN class=rvts9></P></SPAN>
<P class=rvps3><SPAN class=rvts11><U>numbers</U></SPAN><SPAN class=rvts9>: All
numbers are interpreted as hex by default. If you want to be sure, you can use
the "x" prefix. Decimal numbers can be used by prefixing the number with a "."
(.123=7B).</SPAN></P>
<P class=rvps3><SPAN class=rvts9><U>basic calculations</U> :
See "Calculations" for more
information.</SPAN></P>
<P class=rvps3><SPAN class=rvts9>
Input
for arguments can always be done in any of the above forms, except if stated
otherwise.</SPAN></P></body></HTML>

20
help/Introduction.htm Normal file
View File

@ -0,0 +1,20 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Introduction</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>Introduction<BR></STRONG>[introductional talk
with motivation here].</P></body>
</html>

23
help/SetBPXOptions_bptype.htm Normal file
View File

@ -0,0 +1,23 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>SetBPXOptions/bptype</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>SetBPXOptions[,bptype]</STRONG><BR>Set the default type for the "SetBPX" command.</P>
<P><U>arguments<BR></U>&nbsp; arg1: Default type. This can be "short" (CC),
"long" (CD03) or "ud2" (0F0B). Type default type affects
both NORMAL and SINGLESHOT breakpoints.</P>
<P><U>result<BR></U>This command does not set any result
variables.</P></body>

46
help/SetBPX_bp_bpx.htm Normal file
View File

@ -0,0 +1,46 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>SetBPX/bp/bpx</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>SetBPX[,bp,bpx]</STRONG><BR>Set an INT3 (SHORT/LONG)&nbsp;or UD2 breakpoint
and optionally assign a name to it.</P>
<P><U>arguments<BR></U>&nbsp; arg1: Address to put a breakpoint on. This can be an API name&nbsp;[not
implemented].</P>
<P>
[arg2]: Name of the breakpoint, use quotation marks to
include spaces. This name can be used
by the EnableBPX, DisableBPX and DeleteBPX functions as alias,
but is mainly intended to provide a single line of information about the
currently-hit breakpoint. When arg2 equals to a
valid type (arg3) the type is used and arg2
is
ignored.</P>
<P>
[arg3]: Breakpoint type. Can be one of the following
options
in random order: "ss" (single shot breakpoint), "long" (CD03),
"ud2" (0F0B) and "short" (CC). You can combine the "ss" option
with one of the type options in one string. Example: "SetBPX 00401000,"entrypoint",ssud2" will set a
single shot&nbsp;UD2&nbsp;breakpoint at 00401000 with the name "entrypoint".
When specifying no type or just the type "ss"
the default type will be used. Per default this equals to the
"short" type. You can change the default type using the "SetBPXOptions"
command.</P>
<P><U>result<BR></U>
This command&nbsp;does&nbsp;not any&nbsp;result
variables.</P></body></HTML>

34
help/SetHardwareBreakpoint_bph_bphws.htm Normal file
View File

@ -0,0 +1,34 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>SetHardwareBreakpoint/bph/bphws</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>SetHardwareBreakpoint[,bph,bphws]<BR></STRONG>Set a
hardware breakpoint (using debug registers).</P>
<P class=rvps3><SPAN class=rvts11><U>arguments</U> <BR></SPAN><SPAN
class=rvts9> &nbsp;
arg1: Address&nbsp;of the hardware breakpoint.</SPAN>&nbsp; </P>
<P class=rvps3><SPAN class=rvts9>[arg2]:&nbsp;Hardware breakpoint type. Can be either 'r'
(readwrite), 'w' (write) or 'x' (execute). When not specified, 'x' is
assumed.</SPAN>&nbsp; </P>
<P class=rvps3><SPAN class=rvts9>
[arg3]:&nbsp;Hardware breakpoint
size.</SPAN>&nbsp;Can be
either '1', '2', '4' or '8' (x64 only). Per default, '1' is assumed. The address
you're putting the hardware breakpoint on must be aligned to the specified
size. </P>
<P class=rvps3><SPAN class=rvts11><U>result <BR></U></SPAN><SPAN
class=rvts9>This command does not set any result
variables.</SPAN> </P></body>

51
help/SetMemoryBPX_membp_bpm.htm Normal file
View File

@ -0,0 +1,51 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>SetMemoryBPX/membp/bpm</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>SetMemoryBPX[,membp,bpm]<BR></STRONG>Set a memory
breakpoint (GUARD_PAGE) on the whole memory region the provided address is
in.</P>
<P class=rvps3>
<SPAN class=rvts11>
<U>arguments</U>
<BR >
</SPAN>
<SPAN
class=rvts9> &nbsp; arg1:&nbsp;Address&nbsp;of or
inside a memory region that will be watched.</SPAN>
</P>
<P class=rvps3>
<SPAN
class=rvts9> [arg2]:
1/0 restore the memory breakpoint once it's hit?</SPAN> When this value is not equal to one, it's assumed to be arg3. This
means "<EM>bpm eax,r</EM>" would be the same command as: "<EM>bpm
eax,0,r</EM>".
</P>
<P class=rvps3>
<SPAN
class=rvts9>[arg3]: Breakpoint type, it
can be 'r' (execute+read),&nbsp;'w' (write) or 'x' (execute). Per default,
it's a combination of execute, read and write.</SPAN>
</P>
<P class=rvps3><SPAN class=rvts11><U>result
<BR></U></SPAN><SPAN class=rvts9>This command does not set any result variables.</SPAN>
</P>
<P>&nbsp;</P></BODY></HTML>

25
help/SingleStep.htm Normal file
View File

@ -0,0 +1,25 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>SingleStep/sstep/sst</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>SingleStep[,sstep,sst]<BR></STRONG>Step a
specified number of instructions using the Trap-Flag.</P>
<P class=rvps3><SPAN class=rvts11><U>arguments</U><BR></SPAN><SPAN
class=rvts9> </SPAN><SPAN
class=rvts9>[arg1]: The number of instructions to executre (this can be
any valid expression). When not specified, a StepInto is performed.<BR></SPAN></P>
<P class=rvps3><SPAN class=rvts11><U>result<BR></U></SPAN><SPAN class=rvts9>This command does not set any result
variables.</SPAN></P></body>

24
help/Special_Thanks.htm Normal file
View File

@ -0,0 +1,24 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Special Thanks</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>Special Thanks</STRONG><BR>This page is reserved
to companies/people who get credit for their used work or support.</P>
<P><A href="http://www.visualpharm.com"
target=_blank>VisualPharm</A>&nbsp;for their great icon!<BR><A href="http://www.reversinglabs.com/"
target=_blank>ReversingLabs</A> for TitanEngine!<BR><A
href="http://beaengine.org/" target=_blank>BeatriX</A>&nbsp;for
BeaEngine! </P></body>

24
help/StepInto.htm Normal file
View File

@ -0,0 +1,24 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>StepInto/sti</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>StepInto[,sti]<BR></STRONG>Single Step (using
Trap-Flag).</P>
<P class=rvps3><SPAN class=rvts11><U>arguments</U><BR></SPAN><SPAN
class=rvts9>This command has no arguments.</SPAN><SPAN
class=rvts9><BR></SPAN></P>
<P class=rvps3><SPAN class=rvts11><U>result<BR></U></SPAN><SPAN class=rvts9>This command does not set any result
variables.</SPAN></P></body>

25
help/StepOver.htm Normal file
View File

@ -0,0 +1,25 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>StepOver/step/sto/st</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>StepOver[,step,sto,st]<BR></STRONG>Step over
calls, when the instruction at CIP isn't a call,&nbsp;a StepInto is performed.</P>
<P><SPAN class=rvts11><U>arguments</U><BR></SPAN><SPAN
class=rvts9>This command has no arguments.</SPAN><SPAN
class=rvts9>
</P></SPAN>
<P class=rvps3><SPAN class=rvts11><U>result<BR></U></SPAN><SPAN class=rvts9>This command does not set any result
variables.</SPAN></P></body>

26
help/ToggleBPX_bpt_bt.htm Normal file
View File

@ -0,0 +1,26 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>ToggleBPX/bpt/bt</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>ToggleBPX[,bpt,bt]<BR></STRONG>Toggle
(enable/disable) a breakpoint.</P>
<P><U>arguments<BR></U>&nbsp; arg1:
Name or address of the
breakpoint to toggle.</P>
<P><U>result<BR></U>The $result variable will be set to the
state of the breakpoint before it was toggled. 1: breakpoint was enabled before,
0: breakpoint
was disabled before.</P></body>

38
help/Variables.htm Normal file
View File

@ -0,0 +1,38 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Variables</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P class=rvps3><SPAN class=rvts10><STRONG>Variables</STRONG><BR></SPAN><SPAN
class=rvts9>This program supports variables. There are three types of
variables:</SPAN><SPAN class=rvts9><BR></SPAN></P>
<P class=rvps3><SPAN class=rvts11><U>USER</U></SPAN><SPAN class=rvts9>:
Variables created by the user using the "var" command. These variables have no
access restrictions.</SPAN><SPAN class=rvts9><BR></SPAN></P>
<P class=rvps3><SPAN class=rvts11><U>SYSTEM</U></SPAN><SPAN class=rvts9>:
Variables created by the system, that can be read and written, but cannot be
deleted.</SPAN><SPAN class=rvts9><BR></SPAN></P>
<P class=rvps3><SPAN class=rvts11><U>READONLY</U></SPAN><SPAN class=rvts9>:
Variables created by the system, that can be read, but not written or
deleted.</SPAN><SPAN class=rvts9><BR></SPAN></P>
<P class=rvps3><SPAN class=rvts10><STRONG>Reserved
Variables</STRONG><BR></SPAN><SPAN class=rvts9>There are a few reserved
variables:</SPAN><SPAN class=rvts9><BR></SPAN></P>
<P class=rvps3><SPAN class=rvts11><U>$res/$result</U></SPAN><SPAN class=rvts9>: General result variable.<BR><U>$resN/$resultN</U>:
Optional other result variables (N=
1-4).<BR><U>$pid</U>: Project ID of the debugged
executable.<BR><U>$hp/$hProcess</U>: Debugged executable
handle.<BR><U>$lastalloc</U>: Last result of the
'alloc' command.</SPAN></P></head>

25
help/alloc.htm Normal file
View File

@ -0,0 +1,25 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>alloc</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>alloc<BR></STRONG>Allocate memory in the debuggee (using
VirtualAllocEx). The memory is allocated
with PAGE_EXECUTE_READWRITE protection.</P>
<P><U>arguments</U><BR>[arg1]: Size of the memory to
allocate. When not specified, a default size of 0x1000 is used.</P>
<P><U>result</U><BR>This command sets $result to the allocated memory address. It also sets the $lastalloc
variable to the allocated memory address when VirtualAllocEx
succeeded.</P></body>

35
help/bplist.htm Normal file
View File

@ -0,0 +1,35 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>bplist</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>bplist</STRONG><BR>Get a list of breakpoints.
This list includes their state (enabled/disabled), their type, their address and
(optionally) their names.</P>
<P><U>arguments</U><BR>This command has no arguments.</P>
<P><U>result</U><BR>
This command does not set any result variables. A list entry has the
following format:</P>
<P><EM>STATE</EM>:<EM>TYPE</EM>:<EM>ADDRESS</EM>[:<EM>NAME</EM>]</P>
<P><EM>STATE</EM> can be 0 or 1. 0 means disabled, 1 means
enabled. Only singleshoot and 'normal' breakpoints can be disabled.</P>
<P><EM>TYPE</EM> can be one of the following values: BP,
SS, HW and GP. BP stands for a normal breakpoint (set using the SetBPX command),
SS stands for SINGLESHOT, HW stands for HARDWARE and GP stand for Guard Page,
the way of setting memory breakpoints.</P>
<P><EM>ADDRESS</EM> is the breakpoint address, given in 32 and 64
bits for the x32 and x64 debugger respectively.</P>
<P><EM>NAME</EM> is the name assigned
to the breakpoint.</P></body>

23
help/chd.htm Normal file
View File

@ -0,0 +1,23 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>chd</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>chd</STRONG><BR>Change current directory
(SetCurrentDirectory).</P>
<P><U>arguments</U><BR>&nbsp; arg1: Path of a directory to change
to.</P>
<P><U>result<BR></U><SPAN class=rvts9>This command does not set any result
variables.</SPAN></P></head>

21
help/cls.htm Normal file
View File

@ -0,0 +1,21 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>cls</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P class=rvps3><SPAN class=rvts10><STRONG>cls</STRONG><BR></SPAN><SPAN class=rvts9>Clear the console screen.</SPAN><SPAN class=rvts9><BR></SPAN></P>
<P class=rvps3><SPAN class=rvts11><U>arguments</U><BR></SPAN><SPAN class=rvts9>This command has no arguments.</SPAN><SPAN class=rvts9><BR></SPAN></P>
<P class=rvps3><SPAN class=rvts11><U>result<BR></U></SPAN><SPAN class=rvts9>This command does not set any result
variables.</SPAN></P></head>

32
help/disasm_dis_d.htm Normal file
View File

@ -0,0 +1,32 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>disasm/dis/d</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>disasm[,dis,d]<BR></STRONG>Disassemble 500
instructions and put the result in the disassembly window.</P>
<P class=rvps3>
<SPAN class=rvts11>
<U>arguments</U>
<BR >
</SPAN>
<SPAN class=rvts9 ></SPAN>
<SPAN class=rvts9>
[arg1]: The address to disassemble at. When not specified,
there will be assembled at CIP.</SPAN>
</P><P class=rvps3><SPAN class=rvts11><U>result<BR></U></SPAN><SPAN class=rvts9>This command does not set any result
variables.</SPAN></P></body>

31
help/free.htm Normal file
View File

@ -0,0 +1,31 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>free</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>free</STRONG><BR>
Free&nbsp;memory in the debuggee (using VirtualFreeEx).</P>
<P>
<U>arguments</U><BR> [arg1]: Address of the memory to free. When not
specified, the value at $lastalloc is used.</P>
<P>
<U>
result
</U>
<BR>
This command sets $result
to 1 if VirtualFreeEx succeeded, otherwise it's set to
0. $lastalloc is set to zero when the address specified is equal
to $lastalloc.</P></body>

29
help/mov_set.htm Normal file
View File

@ -0,0 +1,29 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>mov/set</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P class=rvps3><SPAN class=rvts10><STRONG>mov[,set]</STRONG><BR></SPAN><SPAN class=rvts9>Set a variable.</SPAN><SPAN class=rvts9><BR></SPAN></P>
<P class=rvps3><SPAN class=rvts11><U>arguments</U><BR></SPAN><SPAN class=rvts9>&nbsp; arg1:</SPAN><SPAN class=rvts9> </SPAN><SPAN
class=rvts9></SPAN><SPAN class=rvts9>Variable name (optionally prefixed with a $) to
set. When the variable does not exist, it will be
created.
</SPAN></P>
<P class=rvps3><SPAN class=rvts9>
</SPAN><SPAN class=rvts9>&nbsp;
arg2:</SPAN><SPAN class=rvts9> </SPAN><SPAN
class=rvts9></SPAN><SPAN class=rvts9>Value to store in the variable.</SPAN><SPAN class=rvts9><BR></P></SPAN>
<P class=rvps3><SPAN class=rvts11><U>result<BR></U></SPAN><SPAN class=rvts9>This command does not set any result
variables.</SPAN></P></head>

36
help/rtr.htm Normal file
View File

@ -0,0 +1,36 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>rtr</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>rtr<BR></STRONG>Return from function by calling
StepOver until the current instruction is a RET.</P>
<P class=rvps3>
<SPAN class=rvts11>
<U>
arguments
</U>
<BR>
</SPAN>
<SPAN class=rvts9 >
This command has no arguments.</SPAN></P>
<P class=rvps3 >
<SPAN class=rvts11>
<U>result<BR>
</U></SPAN><SPAN
class=rvts9>This command does not set any result
variables.</SPAN></P></body>

24
help/run_go_r_g.htm Normal file
View File

@ -0,0 +1,24 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>run/go/r/g</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P><STRONG>run[,go,r,g]</STRONG><BR>Free the lock and allow
the program to run.</P>
<P><U>arguments</U><BR>This command has no arguments.</P>
<P><U>result</U>
<BR>
This command does not set any result
variables.</P></body>

27
help/strlen_charcount_ccount.htm Normal file
View File

@ -0,0 +1,27 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>strlen/charcount/ccount</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P class=rvps3><SPAN
class=rvts10><STRONG>strlen[,charcount,ccount]</STRONG><BR></SPAN><SPAN
class=rvts9>Get the
length of a string. This was the first command ever, left in for historical reasons.</SPAN><SPAN class=rvts9><BR></SPAN></P>
<P class=rvps3><SPAN class=rvts11><U>arguments</U><BR></SPAN><SPAN
class=rvts9>&nbsp; arg1:</SPAN><SPAN class=rvts9> </SPAN><SPAN class=rvts9></SPAN><SPAN
class=rvts9>String you want to get the length of.</SPAN><SPAN
class=rvts9><BR></SPAN></P>
<P class=rvps3><SPAN class=rvts11><U>result</U><BR></SPAN><SPAN class=rvts9>This
command does not set any result variables.</SPAN></P></head>

BIN
help/template/btn_next_g.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.3 KiB

BIN
help/template/btn_next_n.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.4 KiB

BIN
help/template/btn_prev_g.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.4 KiB

BIN
help/template/btn_prev_n.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.4 KiB

59
help/template/fixedtop.htm Normal file
View File

@ -0,0 +1,59 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>($title$)</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<link href="winchm_template_style.css" rel="stylesheet" type="text/css">
<script type="text/javascript">
function d_onresize(){
if (window.navigator.userAgent.indexOf("MSIE")>=1){
document.getElementById('winchm_template_content').style.pixelWidth = document.body.offsetWidth - 3;
document.getElementById('winchm_template_content').style.pixelHeight = document.body.offsetHeight - document.getElementById('winchm_template_top').offsetHeight - 4;
}
document.getElementById('winchm_template_content').style.top = document.getElementById('winchm_template_top').offsetHeight + 'px';
}
function d_onbeforeprint(){
document.getElementById('winchm_template_content').style.width = 'auto';
document.getElementById('winchm_template_content').style.height = 'auto';
}
function d_onafterprint(){
d_onresize();
}
window.onload = d_onresize;
window.onresize = d_onresize;
window.onbeforeprint = d_onbeforeprint;
window.onafterprint = d_onafterprint;
</script>
</head>
<body>
<div id="winchm_template_top">
<table width="100%" height="50" bgcolor="#c4d0f4" style="WIDTH: 100%" cellSpacing=0 cellPadding=3 border=0>
<tr>
<td>
<div id="winchm_template_navigation">
<em><FONT face=Courier>New&nbsp;Help &gt;
($navigation$)</FONT> </em> </div>
<div id="winchm_template_title"><FONT
face=Courier>($title$)</FONT>
</div>
</td>
<td align="right" style="WIDTH: 90px">
<IMG alt=Previous src="btn_prev_n.gif"><IMG alt=Next src="btn_next_n.gif">
</td>
</tr>
</table>
</div>
<div id="winchm_template_content">
<p><FONT face=Courier>($content$)</FONT></p>
<hr>
<font face="Courier" color="#808080" size="1"> No
Copyright</font> </div>
</body>
</html>

69
help/template/winchm_template_style.css Normal file
View File

@ -0,0 +1,69 @@
div { margin: 0; padding: 0; outline: 0; }
html,body {
padding: 0px;
margin: 0px;
overflow: hidden;
height: 100%;
}
#winchm_template_top {
padding: 0px;
margin: 0px;
border-bottom: 1px solid #B7B7B7;
}
#winchm_template_navigation{
PADDING-RIGHT: 2px;
PADDING-LEFT: 2px;
FONT-SIZE: 11px;
PADDING-BOTTOM: 2px;
MARGIN: 0px;
PADDING-TOP: 2px;
FONT-FAMILY: Courier New;
}
#winchm_template_title{
PADDING-RIGHT: 2px;
PADDING-LEFT: 2px;
FONT-WEIGHT: bold;
FONT-SIZE: 14px;
PADDING-BOTTOM: 2px;
MARGIN: 0px;
PADDING-TOP: 2px;
FONT-FAMILY: Courier New;
}
@media screen
{
#winchm_template_content{
margin: 0px;
padding: 15px;
position: absolute;
top : 51px;
right: 0px;
bottom: 0px;
left: 0px;
overflow: auto;
}
}
@media print
{
#winchm_template_content{
position: static;
margin: 0px;
padding: 5px;
width: auto;
height: auto;
overflow: auto;
}
#winchm_template_prev{
visibility:hidden;
}
#winchm_template_next{
visibility:hidden;
}
}

19
help/template_courier.htm Normal file
View File

@ -0,0 +1,19 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>New Item2</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P>&nbsp;</P></body>
</html>

27
help/var_varnew.htm Normal file
View File

@ -0,0 +1,27 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>var/varnew</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P class=rvps3><SPAN class=rvts10><STRONG>var[,varnew]</STRONG><BR></SPAN><SPAN class=rvts9>Declare a new variable.</SPAN><SPAN class=rvts9><BR></SPAN></P>
<P class=rvps3><SPAN class=rvts11><U>arguments<BR></U></SPAN><SPAN class=rvts9>&nbsp; arg1:</SPAN><SPAN class=rvts9> </SPAN><SPAN
class=rvts9></SPAN><SPAN class=rvts9>Variable name (will be prefixed with '$' if not
done).
</SPAN></P>
<P class=rvps3><SPAN class=rvts9>
</SPAN><SPAN class=rvts9>[arg2]:</SPAN><SPAN class=rvts9> </SPAN><SPAN
class=rvts9>Initial variable value (see console input for details).</SPAN></P>
<P class=rvps3><SPAN class=rvts11><U>result<BR></U></SPAN><SPAN class=rvts9>This command does not set any result
variables.</SPAN></P></body>

23
help/vardel.htm Normal file
View File

@ -0,0 +1,23 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>vardel</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P class=rvps3><SPAN class=rvts10><STRONG>vardel</STRONG><BR></SPAN><SPAN class=rvts9>Delete a user-defined variable.</SPAN><SPAN class=rvts9><BR></SPAN></P>
<P class=rvps3><SPAN class=rvts11><U>arguments</U><BR></SPAN><SPAN class=rvts9>&nbsp; arg1:</SPAN><SPAN class=rvts9> </SPAN><SPAN
class=rvts9></SPAN><SPAN class=rvts9>Name of the variable to delete ($ will be
prepended when not present).</SPAN><SPAN class=rvts9><BR></SPAN></P>
<P class=rvps3><SPAN class=rvts11><U>result<BR></U></SPAN><SPAN class=rvts9>This command does not set any result
variables.</SPAN></P></body>

23
help/varlist.htm Normal file
View File

@ -0,0 +1,23 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>varlist</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P class=rvps3><SPAN class=rvts10><STRONG>varlist</STRONG><BR></SPAN><SPAN class=rvts9>Get a list of all variables and their
values.</SPAN><SPAN class=rvts9><BR></SPAN></P>
<P class=rvps3><SPAN class=rvts11><U>arguments</U><BR></SPAN><SPAN class=rvts9>[arg1]:</SPAN><SPAN class=rvts9> </SPAN><SPAN
class=rvts9>Filter (USER, SYSTEM, READONLY).</SPAN><SPAN class=rvts9><BR></SPAN></P>
<P class=rvps3><SPAN class=rvts11><U>result<BR></U></SPAN><SPAN class=rvts9>This command does not set any result
variables.</SPAN></P></body>

460
help/x64_dbg.wcp Normal file
View File

@ -0,0 +1,460 @@
[GENERAL]
Ver=2
Title=x64_dbg
RootDir=
DefaultTopic=
CompiledFile=<Project_Folder>\x64_dbg.chm
CustomTemplate=<Project_Folder>\template_courier.htm
DefaultTemplate=0
Language=0x0413
Encoding=UTF-8
DeleteProject=0
ViewCompiledFile=0
HasChild=0
NoChild=10
HtmlHelpTemplate=template\fixedtop.htm
HtmlHelpTitle=x64_dbg
HtmlHelpTitleSame=1
HtmlHelpOutputEncoding=Windows-1252
WebHelpDefault=
WebHelpOutputFolder=<Project_Folder>\output\WebHelp\
WebHelpTemplate=template\fixedtop.htm
WebHelpTitle=x64_dbg
WebHelpDefaultSame=1
WebHelpTemplateSame=1
WebHelpTilteSame=1
WebHelpLanguage=1
StartFromRoot=1
AutoCollapse=0
DrawLines=1
SingleHtmlFilename=all.htm
SingleHtmlOutputFolder=<Project_Folder>\output\SingleHTML\
SingleHtmlTitle=x64_dbg
SingleHtmlHasToc=0
SingleHtmlSame=1
HeadProperties=1
PageProperties=1
RealColorIcon=0
ShowIndex=1
NavWidth=270
WebFontColor=#DBEFF9
WebBackColor=
WebBackground=1
HHPFolder=
[CHMSetting]
Top=50
Left=50
Height=650
Width=900
PaneWidth=270
DefaultTab=0
ShowMSDNMenu=0
ShowPanesToolbar=1
ShowPane=1
HideToolbar=0
HideToolbarText=0
StayOnTop=0
Maximize=0
Hide=1
Locate=1
Back=1
bForward=1
Stop=1
Refresh=1
Home=1
Print=1
Option=1
Jump1=0
Jump2=0
AutoShowHide=0
AutoSync=1
Content=1
Index=1
Search=1
Favorite=1
UseFolder=0
AutoTrack=0
SelectRow=0
PlusMinus=1
ShowSelection=1
ShowRoot=1
DrawLines=1
AutoExpand=0
RightToLeft=0
LeftScroll=0
Border=0
DialogFrame=0
RaisedEdge=0
SunkenEdge=0
SavePosition=0
ContentsFont=Courier New,8,0
IndexFont=Courier New,8,0
Title=x64_dbg
Language=0x0413
Font=
DefaultTopic=Introduction.htm
[TOPICS]
TitleList=36
TitleList.Title.0=Introduction
TitleList.Level.0=0
TitleList.Url.0=Introduction.htm
TitleList.Icon.0=0
TitleList.Status.0=0
TitleList.Keywords.0=
TitleList.ContextNumber.0=1000
TitleList.ApplyTemp.0=0
TitleList.Expanded.0=1
TitleList.Kind.0=0
TitleList.Title.1=Input
TitleList.Level.1=1
TitleList.Url.1=Input.htm
TitleList.Icon.1=0
TitleList.Status.1=0
TitleList.Keywords.1=
TitleList.ContextNumber.1=1001
TitleList.ApplyTemp.1=0
TitleList.Expanded.1=0
TitleList.Kind.1=0
TitleList.Title.2=Variables
TitleList.Level.2=1
TitleList.Url.2=Variables.htm
TitleList.Icon.2=0
TitleList.Status.2=0
TitleList.Keywords.2=
TitleList.ContextNumber.2=1002
TitleList.ApplyTemp.2=0
TitleList.Expanded.2=0
TitleList.Kind.2=0
TitleList.Title.3=Calculations
TitleList.Level.3=1
TitleList.Url.3=Calculations.htm
TitleList.Icon.3=0
TitleList.Status.3=0
TitleList.Keywords.3=
TitleList.ContextNumber.3=1020
TitleList.ApplyTemp.3=0
TitleList.Expanded.3=0
TitleList.Kind.3=0
TitleList.Title.4=Hotkeys
TitleList.Level.4=1
TitleList.Url.4=Hotkeys.htm
TitleList.Icon.4=0
TitleList.Status.4=0
TitleList.Keywords.4=
TitleList.ContextNumber.4=1034
TitleList.ApplyTemp.4=0
TitleList.Expanded.4=0
TitleList.Kind.4=0
TitleList.Title.5=Commands
TitleList.Level.5=0
TitleList.Url.5=Commands.htm
TitleList.Icon.5=0
TitleList.Status.5=0
TitleList.Keywords.5=
TitleList.ContextNumber.5=1003
TitleList.ApplyTemp.5=0
TitleList.Expanded.5=0
TitleList.Kind.5=0
TitleList.Title.6=x/exit
TitleList.Level.6=1
TitleList.Url.6=x_exit.htm
TitleList.Icon.6=0
TitleList.Status.6=0
TitleList.Keywords.6=
TitleList.ContextNumber.6=1004
TitleList.ApplyTemp.6=0
TitleList.Expanded.6=0
TitleList.Kind.6=0
TitleList.Title.7=strlen/charcount/ccount
TitleList.Level.7=1
TitleList.Url.7=strlen_charcount_ccount.htm
TitleList.Icon.7=0
TitleList.Status.7=0
TitleList.Keywords.7=
TitleList.ContextNumber.7=1005
TitleList.ApplyTemp.7=0
TitleList.Expanded.7=0
TitleList.Kind.7=0
TitleList.Title.8=var/varnew
TitleList.Level.8=1
TitleList.Url.8=var_varnew.htm
TitleList.Icon.8=0
TitleList.Status.8=0
TitleList.Keywords.8=
TitleList.ContextNumber.8=1006
TitleList.ApplyTemp.8=0
TitleList.Expanded.8=0
TitleList.Kind.8=0
TitleList.Title.9=vardel
TitleList.Level.9=1
TitleList.Url.9=vardel.htm
TitleList.Icon.9=0
TitleList.Status.9=0
TitleList.Keywords.9=
TitleList.ContextNumber.9=1007
TitleList.ApplyTemp.9=0
TitleList.Expanded.9=0
TitleList.Kind.9=0
TitleList.Title.10=mov/set
TitleList.Level.10=1
TitleList.Url.10=mov_set.htm
TitleList.Icon.10=0
TitleList.Status.10=0
TitleList.Keywords.10=
TitleList.ContextNumber.10=1008
TitleList.ApplyTemp.10=0
TitleList.Expanded.10=0
TitleList.Kind.10=0
TitleList.Title.11=cls
TitleList.Level.11=1
TitleList.Url.11=cls.htm
TitleList.Icon.11=0
TitleList.Status.11=0
TitleList.Keywords.11=
TitleList.ContextNumber.11=1009
TitleList.ApplyTemp.11=0
TitleList.Expanded.11=0
TitleList.Kind.11=0
TitleList.Title.12=varlist
TitleList.Level.12=1
TitleList.Url.12=varlist.htm
TitleList.Icon.12=0
TitleList.Status.12=0
TitleList.Keywords.12=
TitleList.ContextNumber.12=1010
TitleList.ApplyTemp.12=0
TitleList.Expanded.12=0
TitleList.Kind.12=0
TitleList.Title.13=InitDebug/initdbg/init
TitleList.Level.13=1
TitleList.Url.13=InitDebug_initdbg_init.htm
TitleList.Icon.13=0
TitleList.Status.13=0
TitleList.Keywords.13=
TitleList.ContextNumber.13=1011
TitleList.ApplyTemp.13=0
TitleList.Expanded.13=0
TitleList.Kind.13=0
TitleList.Title.14=run/go/r/g
TitleList.Level.14=1
TitleList.Url.14=run_go_r_g.htm
TitleList.Icon.14=0
TitleList.Status.14=0
TitleList.Keywords.14=
TitleList.ContextNumber.14=1013
TitleList.ApplyTemp.14=0
TitleList.Expanded.14=0
TitleList.Kind.14=0
TitleList.Title.15=SetBPXOptions/bptype
TitleList.Level.15=1
TitleList.Url.15=SetBPXOptions_bptype.htm
TitleList.Icon.15=0
TitleList.Status.15=0
TitleList.Keywords.15=
TitleList.ContextNumber.15=1018
TitleList.ApplyTemp.15=0
TitleList.Expanded.15=0
TitleList.Kind.15=0
TitleList.Title.16=SetBPX/bp/bpx
TitleList.Level.16=1
TitleList.Url.16=SetBPX_bp_bpx.htm
TitleList.Icon.16=0
TitleList.Status.16=0
TitleList.Keywords.16=
TitleList.ContextNumber.16=1012
TitleList.ApplyTemp.16=0
TitleList.Expanded.16=0
TitleList.Kind.16=0
TitleList.Title.17=EnableBPX/bpe/be
TitleList.Level.17=1
TitleList.Url.17=EnableBPX_bpe_be.htm
TitleList.Icon.17=0
TitleList.Status.17=0
TitleList.Keywords.17=
TitleList.ContextNumber.17=1014
TitleList.ApplyTemp.17=0
TitleList.Expanded.17=0
TitleList.Kind.17=0
TitleList.Title.18=DisableBPX/bpd/bd
TitleList.Level.18=1
TitleList.Url.18=DisableBPX_bpd_bd.htm
TitleList.Icon.18=0
TitleList.Status.18=0
TitleList.Keywords.18=
TitleList.ContextNumber.18=1016
TitleList.ApplyTemp.18=0
TitleList.Expanded.18=0
TitleList.Kind.18=0
TitleList.Title.19=ToggleBPX/bpt/bt
TitleList.Level.19=1
TitleList.Url.19=ToggleBPX_bpt_bt.htm
TitleList.Icon.19=0
TitleList.Status.19=0
TitleList.Keywords.19=
TitleList.ContextNumber.19=1019
TitleList.ApplyTemp.19=0
TitleList.Expanded.19=0
TitleList.Kind.19=0
TitleList.Title.20=DeleteBPX/bpc/bc
TitleList.Level.20=1
TitleList.Url.20=DeleteBPX_bpc_bc.htm
TitleList.Icon.20=0
TitleList.Status.20=0
TitleList.Keywords.20=
TitleList.ContextNumber.20=1017
TitleList.ApplyTemp.20=0
TitleList.Expanded.20=0
TitleList.Kind.20=0
TitleList.Title.21=bplist
TitleList.Level.21=1
TitleList.Url.21=bplist.htm
TitleList.Icon.21=0
TitleList.Status.21=0
TitleList.Keywords.21=
TitleList.ContextNumber.21=1015
TitleList.ApplyTemp.21=0
TitleList.Expanded.21=0
TitleList.Kind.21=0
TitleList.Title.22=StepInto/sti
TitleList.Level.22=1
TitleList.Url.22=StepInto.htm
TitleList.Icon.22=0
TitleList.Status.22=0
TitleList.Keywords.22=
TitleList.ContextNumber.22=1021
TitleList.ApplyTemp.22=0
TitleList.Expanded.22=0
TitleList.Kind.22=0
TitleList.Title.23=StepOver/step/sto/st
TitleList.Level.23=1
TitleList.Url.23=StepOver.htm
TitleList.Icon.23=0
TitleList.Status.23=0
TitleList.Keywords.23=
TitleList.ContextNumber.23=1022
TitleList.ApplyTemp.23=0
TitleList.Expanded.23=0
TitleList.Kind.23=0
TitleList.Title.24=SingleStep/sstep/sst
TitleList.Level.24=1
TitleList.Url.24=SingleStep.htm
TitleList.Icon.24=0
TitleList.Status.24=0
TitleList.Keywords.24=
TitleList.ContextNumber.24=1023
TitleList.ApplyTemp.24=0
TitleList.Expanded.24=0
TitleList.Kind.24=0
TitleList.Title.25=HideDebugger/dbh/hide
TitleList.Level.25=1
TitleList.Url.25=HideDebugger_dbh_hide.htm
TitleList.Icon.25=0
TitleList.Status.25=0
TitleList.Keywords.25=
TitleList.ContextNumber.25=1025
TitleList.ApplyTemp.25=0
TitleList.Expanded.25=0
TitleList.Kind.25=0
TitleList.Title.26=disasm/dis/d
TitleList.Level.26=1
TitleList.Url.26=disasm_dis_d.htm
TitleList.Icon.26=0
TitleList.Status.26=0
TitleList.Keywords.26=
TitleList.ContextNumber.26=1026
TitleList.ApplyTemp.26=0
TitleList.Expanded.26=0
TitleList.Kind.26=0
TitleList.Title.27=SetMemoryBPX/membp/bpm
TitleList.Level.27=1
TitleList.Url.27=SetMemoryBPX_membp_bpm.htm
TitleList.Icon.27=0
TitleList.Status.27=0
TitleList.Keywords.27=
TitleList.ContextNumber.27=1027
TitleList.ApplyTemp.27=0
TitleList.Expanded.27=0
TitleList.Kind.27=0
TitleList.Title.28=chd
TitleList.Level.28=1
TitleList.Url.28=chd.htm
TitleList.Icon.28=0
TitleList.Status.28=0
TitleList.Keywords.28=
TitleList.ContextNumber.28=1029
TitleList.ApplyTemp.28=0
TitleList.Expanded.28=0
TitleList.Kind.28=0
TitleList.Title.29=rtr
TitleList.Level.29=1
TitleList.Url.29=rtr.htm
TitleList.Icon.29=0
TitleList.Status.29=0
TitleList.Keywords.29=
TitleList.ContextNumber.29=1028
TitleList.ApplyTemp.29=0
TitleList.Expanded.29=0
TitleList.Kind.29=0
TitleList.Title.30=SetHardwareBreakpoint/bph/bphws
TitleList.Level.30=1
TitleList.Url.30=SetHardwareBreakpoint_bph_bphws.htm
TitleList.Icon.30=0
TitleList.Status.30=0
TitleList.Keywords.30=
TitleList.ContextNumber.30=1030
TitleList.ApplyTemp.30=0
TitleList.Expanded.30=0
TitleList.Kind.30=0
TitleList.Title.31=alloc
TitleList.Level.31=1
TitleList.Url.31=alloc.htm
TitleList.Icon.31=0
TitleList.Status.31=0
TitleList.Keywords.31=
TitleList.ContextNumber.31=1032
TitleList.ApplyTemp.31=0
TitleList.Expanded.31=0
TitleList.Kind.31=0
TitleList.Title.32=free
TitleList.Level.32=1
TitleList.Url.32=free.htm
TitleList.Icon.32=0
TitleList.Status.32=0
TitleList.Keywords.32=
TitleList.ContextNumber.32=1031
TitleList.ApplyTemp.32=0
TitleList.Expanded.32=0
TitleList.Kind.32=0
TitleList.Title.33=Fill/memset
TitleList.Level.33=1
TitleList.Url.33=Fill_memset.htm
TitleList.Icon.33=0
TitleList.Status.33=0
TitleList.Keywords.33=
TitleList.ContextNumber.33=1033
TitleList.ApplyTemp.33=0
TitleList.Expanded.33=0
TitleList.Kind.33=0
TitleList.Title.34=Special Thanks
TitleList.Level.34=0
TitleList.Url.34=Special_Thanks.htm
TitleList.Icon.34=0
TitleList.Status.34=0
TitleList.Keywords.34=
TitleList.ContextNumber.34=1024
TitleList.ApplyTemp.34=0
TitleList.Expanded.34=0
TitleList.Kind.34=0
TitleList.Title.35=Fixed Top Style
TitleList.Level.35=0
TitleList.Url.35=template\fixedtop.htm
TitleList.Icon.35=0
TitleList.Status.35=0
TitleList.Keywords.35=
TitleList.ContextNumber.35=
TitleList.ApplyTemp.35=0
TitleList.Expanded.35=0
TitleList.Kind.35=2

23
help/x_exit.htm Normal file
View File

@ -0,0 +1,23 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>x/exit</title>
<meta name="GENERATOR" content="WinCHM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
html,body {
/* Default Font */
font-family: Courier New;
font-size: 11pt;
}
</style>
</head>
<body>
<P class=rvps3><SPAN class=rvts10><STRONG>x[,exit]</STRONG><BR></SPAN><SPAN
class=rvts9>Exit the program.</SPAN><SPAN class=rvts9><BR></SPAN></P>
<P class=rvps3><SPAN class=rvts11><U>arguments<BR></U></SPAN><SPAN
class=rvts9>This command has no arguments.</SPAN><SPAN class=rvts9><BR></SPAN></P>
<P class=rvps3><SPAN class=rvts11><U>result<BR></U></SPAN><SPAN class=rvts9>This
command does not set any result variables.</SPAN></P></body>

34
readme.txt Normal file
View File

@ -0,0 +1,34 @@
This is a x32/x64 debugger that is currently in active development.
The debugger has (currently) three parts:
- DBG
- GUI
- Bridge
DBG is the debugging part of the debugger. It handles debugging (using
TitanEngine) and will provide data for the GUI.
GUI is the graphical part of the debugger. It is built on top of QT and it
provides the user interaction, the dump window (not yet implemented), the
disassembly, the register window (not yet implemented), the memory map
view (not yet implemented) etc.
Bridge is the communication library for the DBG and GUI part (and maybe in
the future more parts). The bridge can be used to work on new features,
without having to update the code of the other parts.
Right now the debugger supports the following features:
- variables (with regard to the upcoming script feature)
- basic calculations (var*@401000+.45^4A)
- hide debugger (very basic)
- software breakpoints (INT3, LONG INT3, UD2)
- memory breakpoints (read, write, execute)
- hardware breakpoints (access, write, execute)
- stepping (into, over, n instructions)
- rtr (return from function)
- memory allocation/deallocation in the debuggee
- quickly accessing API addresses (GetProcAddress->76E13620)
- highlighting (not yet customizable, but really helpful)
The debugger core is based on TitanEngine (an updated version) and the
disassembly is powered by BeaEngine. The icon is taken from VisualPharm.

62
todo_dbg.txt Normal file
View File

@ -0,0 +1,62 @@
- attach/detach debugger
- asm command
- advanced readprocessmemory (over multiple pages)
- memcpy
- pe data access
- fpu support
- mmx support
- find asm
- find memory
- mov [mem],#data#,size
- getremotestring
- function parameter
- isjumpgonnaexecute
- help file updates
- plugins
- scripting
- thread support
- tls callbacks
- inject dll
- dump memory
- dump process
- set pe data in memory
- va to offset
- offset to va
- getapiname
- float calculations
- command help
- inject asm code
- and or xor commands
- delete mem breakpoints
- delete hw breakpoints
- udd file format
- analysis
- symbol loader
- getlasterror
- display open handles
- log clear command
- build howto
- step to user code
- tracing(?)
- child processes (TitanEngine)
- display source
- patching
- handle view
- window view
- debug strings
- process privileges
- loaded modules
- strings
- references
- callstack
- stack
- heap
- functions
- TEB/TBI
- PEB/PBI
- debug pause
- cpu filename+thread id
- GetAddrInfo/SetAddrInfo
- shift+f7f8f9
- restart (last process)
- log breakpoints

32
x64_dbg.sln Normal file
View File

@ -0,0 +1,32 @@

Microsoft Visual Studio Solution File, Format Version 11.00
# Visual Studio 2010
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "x64_dbg_bridge", "x64_dbg_bridge\x64_dbg_bridge.vcxproj", "{944D9923-CB1A-6F6C-BCBC-9E00A71954C1}"
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "x64_dbg_exe", "x64_dbg_exe\x64_dbg_exe.vcxproj", "{3A22175E-6B72-FDCC-1603-C4A2163C7900}"
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "x64_dbg_dbg", "x64_dbg_dbg\x64_dbg_dbg.vcxproj", "{E6548308-401E-3A8A-5819-905DB90522A6}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Release|Win32 = Release|Win32
Release|x64 = Release|x64
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{944D9923-CB1A-6F6C-BCBC-9E00A71954C1}.Release|Win32.ActiveCfg = Release|Win32
{944D9923-CB1A-6F6C-BCBC-9E00A71954C1}.Release|Win32.Build.0 = Release|Win32
{944D9923-CB1A-6F6C-BCBC-9E00A71954C1}.Release|x64.ActiveCfg = Release|x64
{944D9923-CB1A-6F6C-BCBC-9E00A71954C1}.Release|x64.Build.0 = Release|x64
{3A22175E-6B72-FDCC-1603-C4A2163C7900}.Release|Win32.ActiveCfg = Release|Win32
{3A22175E-6B72-FDCC-1603-C4A2163C7900}.Release|Win32.Build.0 = Release|Win32
{3A22175E-6B72-FDCC-1603-C4A2163C7900}.Release|x64.ActiveCfg = Release|x64
{3A22175E-6B72-FDCC-1603-C4A2163C7900}.Release|x64.Build.0 = Release|x64
{E6548308-401E-3A8A-5819-905DB90522A6}.Release|Win32.ActiveCfg = Release|Win32
{E6548308-401E-3A8A-5819-905DB90522A6}.Release|Win32.Build.0 = Release|Win32
{E6548308-401E-3A8A-5819-905DB90522A6}.Release|x64.ActiveCfg = Release|x64
{E6548308-401E-3A8A-5819-905DB90522A6}.Release|x64.Build.0 = Release|x64
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal

8
x64_dbg.workspace Normal file
View File

@ -0,0 +1,8 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
<CodeBlocks_workspace_file>
<Workspace title="x64_dbg">
<Project filename="x64_dbg_bridge/x64_dbg_bridge.cbp" />
<Project filename="x64_dbg_dbg/x64_dbg_dbg.cbp" />
<Project filename="x64_dbg_exe/x64_dbg_exe.cbp" />
</Workspace>
</CodeBlocks_workspace_file>

29
x64_dbg_bridge/_global.cpp Normal file
View File

@ -0,0 +1,29 @@
#include "_global.h"
//hInst GUI/DBG
HINSTANCE hInstGui;
HINSTANCE hInstDbg;
//GUI functions
GUIGUIINIT _gui_guiinit;
GUIDISASSEMBLEAT _gui_disassembleat;
GUISETDEBUGSTATE _gui_setdebugstate;
GUIADDLOGMESSAGE _gui_addlogmessage;
GUILOGCLEAR _gui_logclear;
GUIUPDATEREGISTERVIEW _gui_updateregisterview;
//DBG functions
DBGDBGINIT _dbg_dbginit;
DBGMEMFINDBASEADDR _dbg_memfindbaseaddr;
DBGMEMREAD _dbg_memread;
DBGDBGCMDEXEC _dbg_dbgcmdexec;
DBGMEMMAP _dbg_memmap;
DBGDBGEXITSIGNAL _dbg_dbgexitsignal;
DBGVALFROMSTRING _dbg_valfromstring;
DBGISDEBUGGING _dbg_isdebugging;
DBGISJUMPGOINGTOEXECUTE _dbg_isjumpgoingtoexecute;
DBGADDRINFOGET _dbg_addrinfoget;
DBGADDRINFOSET _dbg_addrinfoset;
DBGBPGETTYPEAT _dbg_bpgettypeat;
DBGGETREGDUMP _dbg_getregdump;
DBGVALTOSTRING _dbg_valtostring;

78
x64_dbg_bridge/_global.h Normal file
View File

@ -0,0 +1,78 @@
#ifndef _GLOBAL_H
#define _GLOBAL_H
#include <windows.h>
#include "bridgemain.h"
#ifndef DLL_EXPORT
#define DLL_EXPORT __declspec(dllexport)
#endif //DLL_IMPORT
#ifndef DLL_EXPORT
#define DLL_IMPORT __declspec(dllimport)
#endif //DLL_IMPORT
#ifdef _WIN64 //defined by default
#define fhex "%.16llX"
#define fext "ll"
#define uint unsigned long long
#define sint long long
#else
#define fhex "%.8X"
#define fext ""
#define uint unsigned long
#define sint long
#endif // _WIN64
//hInst GUI/DBG
extern HINSTANCE hInstGui;
extern HINSTANCE hInstDbg;
//GUI typedefs
typedef int (*GUIGUIINIT)(int, char**);
typedef void (*GUIDISASSEMBLEAT)(duint va, duint cip);
typedef void (*GUISETDEBUGSTATE)(DBGSTATE state);
typedef void (*GUIADDLOGMESSAGE)(const char* msg);
typedef void (*GUILOGCLEAR)();
typedef void (*GUIUPDATEREGISTERVIEW)();
//GUI functions
extern GUIGUIINIT _gui_guiinit;
extern GUIDISASSEMBLEAT _gui_disassembleat;
extern GUISETDEBUGSTATE _gui_setdebugstate;
extern GUIADDLOGMESSAGE _gui_addlogmessage;
extern GUILOGCLEAR _gui_logclear;
extern GUIUPDATEREGISTERVIEW _gui_updateregisterview;
//DBG typedefs
typedef const char* (*DBGDBGINIT)();
typedef duint (*DBGMEMFINDBASEADDR)(duint addr, duint* size);
typedef bool (*DBGMEMREAD)(duint addr, unsigned char* dest, duint size, duint* read);
typedef bool (*DBGDBGCMDEXEC)(const char* cmd);
typedef bool (*DBGMEMMAP)(MEMMAP* memmap);
typedef void (*DBGDBGEXITSIGNAL)();
typedef bool (*DBGVALFROMSTRING)(const char* string, duint* value);
typedef bool (*DBGISDEBUGGING)();
typedef bool (*DBGISJUMPGOINGTOEXECUTE)(duint addr);
typedef bool (*DBGADDRINFOGET)(duint addr, SEGMENTREG segment, ADDRINFO* addrinfo);
typedef bool (*DBGADDRINFOSET)(duint addr, ADDRINFO* addrinfo);
typedef BPXTYPE (*DBGBPGETTYPEAT)(duint addr);
typedef bool (*DBGGETREGDUMP)(REGDUMP* regdump);
typedef bool (*DBGVALTOSTRING)(const char* string, duint* value);
//DBG functions
extern DBGDBGINIT _dbg_dbginit;
extern DBGMEMFINDBASEADDR _dbg_memfindbaseaddr;
extern DBGMEMREAD _dbg_memread;
extern DBGDBGCMDEXEC _dbg_dbgcmdexec;
extern DBGMEMMAP _dbg_memmap;
extern DBGDBGEXITSIGNAL _dbg_dbgexitsignal;
extern DBGVALFROMSTRING _dbg_valfromstring;
extern DBGISDEBUGGING _dbg_isdebugging;
extern DBGISJUMPGOINGTOEXECUTE _dbg_isjumpgoingtoexecute;
extern DBGADDRINFOGET _dbg_addrinfoget;
extern DBGADDRINFOSET _dbg_addrinfoset;
extern DBGBPGETTYPEAT _dbg_bpgettypeat;
extern DBGGETREGDUMP _dbg_getregdump;
extern DBGVALTOSTRING _dbg_valtostring;
#endif // _GLOBAL_H

326
x64_dbg_bridge/bridgemain.cpp Normal file
View File

@ -0,0 +1,326 @@
#include "_global.h"
#include "bridgemain.h"
#include <stdio.h>
static HINSTANCE hInst;
#ifdef _WIN64
#define dbg_lib "x64_dbg.dll"
#define gui_lib "x64_gui.dll"
#else
#define dbg_lib "x32_dbg.dll"
#define gui_lib "x32_gui.dll"
#endif // _WIN64
//Bridge
DLL_IMPEXP const char* BridgeInit()
{
///GUI Load
hInstGui=LoadLibraryA(gui_lib); //Sigma
if(!hInstGui)
return "Error loading GUI library ("gui_lib")!";
//_gui_guiinit
_gui_guiinit=(GUIGUIINIT)GetProcAddress(hInstGui, "_gui_guiinit");
if(!_gui_guiinit)
return "Export \"_gui_guiinit\" could not be found!";
//_gui_disassembleat
_gui_disassembleat=(GUIDISASSEMBLEAT)GetProcAddress(hInstGui, "_gui_disassembleat");
if(!_gui_disassembleat)
return "Export \"_gui_disassembleat\" could not be found!";
//_gui_setdebugstate
_gui_setdebugstate=(GUISETDEBUGSTATE)GetProcAddress(hInstGui, "_gui_setdebugstate");
if(!_gui_setdebugstate)
return "Export \"_gui_setdebugstate\" could not be found!";
//_gui_addlogmessage
_gui_addlogmessage=(GUIADDLOGMESSAGE)GetProcAddress(hInstGui, "_gui_addlogmessage");
if(!_gui_addlogmessage)
return "Export \"_gui_addlogmessage\" could not be found!";
//_gui_logclear
_gui_logclear=(GUILOGCLEAR)GetProcAddress(hInstGui, "_gui_logclear");
if(!_gui_logclear)
return "Export \"_gui_logclear\" could not be found!";
//_gui_updateregisterview
_gui_updateregisterview=(GUIUPDATEREGISTERVIEW)GetProcAddress(hInstGui, "_gui_updateregisterview");
if(!_gui_updateregisterview)
return "Export \"_gui_updateregisterview\" could not be found!";
///DBG Load
hInstDbg=LoadLibraryA(dbg_lib); //Mr. eXoDia
if(!hInstDbg)
return "Error loading debugger library ("dbg_lib")!";
//_dbg_dbginit
_dbg_dbginit=(DBGDBGINIT)GetProcAddress(hInstDbg, "_dbg_dbginit");
if(!_dbg_dbginit)
return "Export \"_dbg_dbginit\" could not be found!";
//_dbg_memfindbaseaddr
_dbg_memfindbaseaddr=(DBGMEMFINDBASEADDR)GetProcAddress(hInstDbg, "_dbg_memfindbaseaddr");
if(!_dbg_memfindbaseaddr)
return "Export \"_dbg_memfindbaseaddr\" could not be found!";
//_dbg_memfindbaseaddr
_dbg_memread=(DBGMEMREAD)GetProcAddress(hInstDbg, "_dbg_memread");
if(!_dbg_memread)
return "Export \"_dbg_memread\" could not be found!";
//_dbg_dbgcmdexec
_dbg_dbgcmdexec=(DBGDBGCMDEXEC)GetProcAddress(hInstDbg, "_dbg_dbgcmdexec");
if(!_dbg_dbgcmdexec)
return "Export \"_dbg_dbgcmdexec\" could not be found!";
//_dbg_memmap
_dbg_memmap=(DBGMEMMAP)GetProcAddress(hInstDbg, "_dbg_memmap");
if(!_dbg_memmap)
return "Export \"_dbg_memmap\" could not be found!";
//_dbg_dbgexitsignal
_dbg_dbgexitsignal=(DBGDBGEXITSIGNAL)GetProcAddress(hInstDbg, "_dbg_dbgexitsignal");
if(!_dbg_dbgexitsignal)
return "Export \"_dbg_dbgexitsignal\" could not be found!";
//_dbg_valfromstring
_dbg_valfromstring=(DBGVALFROMSTRING)GetProcAddress(hInstDbg, "_dbg_valfromstring");
if(!_dbg_valfromstring)
return "Export \"_dbg_valfromstring\" could not be found!";
//_dbg_isdebugging
_dbg_isdebugging=(DBGISDEBUGGING)GetProcAddress(hInstDbg, "_dbg_isdebugging");
if(!_dbg_isdebugging)
return "Export \"_dbg_isdebugging\" could not be found!";
//_dbg_isjumpgoingtoexecute
_dbg_isjumpgoingtoexecute=(DBGISJUMPGOINGTOEXECUTE)GetProcAddress(hInstDbg, "_dbg_isjumpgoingtoexecute");
if(!_dbg_isjumpgoingtoexecute)
return "Export \"_dbg_isjumpgoingtoexecute\" could not be found!";
//_dbg_addrinfoget
_dbg_addrinfoget=(DBGADDRINFOGET)GetProcAddress(hInstDbg, "_dbg_addrinfoget");
if(!_dbg_addrinfoget)
return "Export \"_dbg_addrinfoget\" could not be found!";
//_dbg_addrinfoset
_dbg_addrinfoset=(DBGADDRINFOSET)GetProcAddress(hInstDbg, "_dbg_addrinfoset");
if(!_dbg_addrinfoset)
return "Export \"_dbg_addrinfoset\" could not be found!";
//_dbg_bpgettypeat
_dbg_bpgettypeat=(DBGBPGETTYPEAT)GetProcAddress(hInstDbg, "_dbg_bpgettypeat");
if(!_dbg_bpgettypeat)
return "Export \"_dbg_bpgettypeat\" could not be found!";
//_dbg_getregdump
_dbg_getregdump=(DBGGETREGDUMP)GetProcAddress(hInstDbg, "_dbg_getregdump");
if(!_dbg_getregdump)
return "Export \"_dbg_getregdump\" could not be found!";
//_dbg_valtostring
_dbg_valtostring=(DBGVALTOSTRING)GetProcAddress(hInstDbg, "_dbg_valtostring");
if(!_dbg_valtostring)
return "Export \"_dbg_valtostring\" could not be found!";
return 0;
}
DLL_IMPEXP const char* BridgeStart()
{
if(!_dbg_dbginit || !_gui_guiinit)
return "\"_dbg_dbginit\" || \"_gui_guiinit\" was not loaded yet, call BridgeInit!";
const char* errormsg=_dbg_dbginit();
if(errormsg)
return errormsg;
_gui_guiinit(0, 0); //remove arguments
_dbg_dbgexitsignal(); //send exit signal to debugger
return 0;
}
DLL_IMPEXP void* BridgeAlloc(size_t size)
{
unsigned char* a= new unsigned char[size];
if(!a)
{
MessageBoxA(0, "Could not allocate memory", "Error", MB_ICONERROR);
ExitProcess(1);
}
memset(a, 0, size);
return a;
}
DLL_IMPEXP void BridgeFree(void* ptr)
{
delete[] (unsigned char*)ptr;
}
//Debugger
DLL_IMPEXP void DbgMemRead(duint va, unsigned char* dest, duint size)
{
if(!_dbg_memread(va, dest, size, 0))
memset(dest, 0x90, size);
}
DLL_IMPEXP duint DbgMemGetPageSize(duint base)
{
duint size=0;
_dbg_memfindbaseaddr(base, &size);
return size;
}
DLL_IMPEXP duint DbgMemFindBaseAddr(duint addr, duint* size)
{
return _dbg_memfindbaseaddr(addr, size);
}
DLL_IMPEXP bool DbgCmdExec(const char* cmd)
{
return _dbg_dbgcmdexec(cmd);
}
DLL_IMPEXP bool DbgMemMap(MEMMAP* memmap)
{
return _dbg_memmap(memmap);
}
DLL_IMPEXP bool DbgIsValidExpression(const char* expression)
{
duint value=0;
return _dbg_valfromstring(expression, &value);
}
DLL_IMPEXP bool DbgIsDebugging()
{
return _dbg_isdebugging();
}
DLL_IMPEXP bool DbgIsJumpGoingToExecute(duint addr)
{
return _dbg_isjumpgoingtoexecute(addr);
}
DLL_IMPEXP bool DbgGetLabelAt(duint addr, SEGMENTREG segment, char* text) //(module.)+label
{
if(!text or !addr)
return false;
//test code (highlighting.exe|x32)
/*if(addr==0x40102b)
{
strcpy(text, "highlighting.retn");
return true;
}
else if(addr==0x401020 || addr==0x401022)
{
strcpy(text, "highlighting.label");
return true;
}
else if(addr==0x402000)
{
strcpy(text, "highlighting.dataLabel");
return true;
}*/
ADDRINFO info;
memset(&info, 0, sizeof(info));
info.flags=label;
if(!_dbg_addrinfoget(addr, segment, &info))
return false;
strcpy(text, info.label);
return true;
}
DLL_IMPEXP bool DbgSetLabelAt(duint addr, const char* text)
{
if(!text or strlen(text)>=MAX_LABEL_SIZE or !addr)
return false;
ADDRINFO info;
memset(&info, 0, sizeof(info));
info.flags=label;
strcpy(info.label, text);
if(!_dbg_addrinfoset(addr, &info))
return false;
return true;
}
DLL_IMPEXP bool DbgGetCommentAt(duint addr, char* text) //comment (not live)
{
if(!text or !addr)
return false;
//test code (highlighting.exe)
/*if(addr==0x401000)
{
strcpy(text, "test comment");
return true;
}*/
ADDRINFO info;
memset(&info, 0, sizeof(info));
info.flags=comment;
if(!_dbg_addrinfoget(addr, SEG_DEFAULT, &info))
return false;
strcpy(text, info.comment);
return true;
}
DLL_IMPEXP bool DbgSetCommentAt(duint addr, const char* text)
{
if(!text or strlen(text)>=MAX_COMMENT_SIZE or !addr)
return false;
ADDRINFO info;
memset(&info, 0, sizeof(info));
info.flags=comment;
strcpy(info.comment, text);
if(!_dbg_addrinfoset(addr, &info))
return false;
return true;
}
DLL_IMPEXP bool DbgGetModuleAt(duint addr, char* text)
{
if(!text or !addr)
return false;
ADDRINFO info;
memset(&info, 0, sizeof(info));
info.flags=module;
if(!_dbg_addrinfoget(addr, SEG_DEFAULT, &info))
return false;
strcpy(text, info.module);
return true;
}
DLL_IMPEXP BPXTYPE DbgGetBpxTypeAt(duint addr)
{
return _dbg_bpgettypeat(addr);
}
DLL_IMPEXP duint DbgValFromString(const char* string)
{
duint value=0;
_dbg_valfromstring(string, &value);
return value;
}
DLL_IMPEXP bool DbgGetRegDump(REGDUMP* regdump)
{
return _dbg_getregdump(regdump);
}
DLL_IMPEXP bool DbgValToString(const char* string, duint value)
{
duint valueCopy=value;
return _dbg_valtostring(string, &valueCopy);
}
//GUI
DLL_IMPEXP void GuiDisasmAt(duint addr, duint cip)
{
_gui_disassembleat(addr, cip);
}
DLL_IMPEXP void GuiSetDebugState(DBGSTATE state)
{
_gui_setdebugstate(state);
}
DLL_IMPEXP void GuiAddLogMessage(const char* msg)
{
_gui_addlogmessage(msg);
}
DLL_IMPEXP void GuiLogClear()
{
_gui_logclear();
}
DLL_IMPEXP void GuiUpdateRegisterView()
{
_gui_updateregisterview();
}
//Main
BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{
hInst=hinstDLL;
return TRUE;
}

173
x64_dbg_bridge/bridgemain.h Normal file
View File

@ -0,0 +1,173 @@
#ifndef _BRIDGEMAIN_H_
#define _BRIDGEMAIN_H_
#include <windows.h>
#ifdef _WIN64
typedef unsigned long long duint;
typedef signed long long dsint;
#else
typedef unsigned long duint;
typedef signed long dsint;
#endif //_WIN64
#ifndef DLL_IMPEXP
#ifdef BUILD_BRIDGE
#define DLL_IMPEXP __declspec(dllexport)
#else
#define DLL_IMPEXP __declspec(dllimport)
#endif //BUILD_BRIDGE
#endif //DLL_IMPEXP
#ifdef __cplusplus
extern "C"
{
#endif
//Bridge functions
DLL_IMPEXP const char* BridgeInit();
DLL_IMPEXP const char* BridgeStart();
DLL_IMPEXP void* BridgeAlloc(size_t size);
DLL_IMPEXP void BridgeFree(void* ptr);
//Debugger defines
#define MAX_LABEL_SIZE 256
#define MAX_COMMENT_SIZE 256
//Debugger enums
enum DBGSTATE
{
initialized,
paused,
running,
stopped
};
enum SEGMENTREG
{
SEG_DEFAULT,
SEG_ES,
SEG_DS,
SEG_FS,
SEG_GS,
SEG_CS,
SEG_SS
};
enum ADDRINFOFLAGS
{
module=1,
label=2,
comment=4
};
enum BPXTYPE
{
bpnone,
bpnormal,
bphardware,
bpmemory
};
//Debugger structs
struct MEMPAGE
{
MEMORY_BASIC_INFORMATION mbi;
char mod[32];
};
struct MEMMAP
{
int count;
MEMPAGE* page;
};
struct ADDRINFO
{
char module[32]; //module the address is in
char label[MAX_LABEL_SIZE];
char comment[MAX_COMMENT_SIZE];
int flags; //ADDRINFOFLAGS
};
struct FLAGS
{
bool c;
bool p;
bool a;
bool z;
bool s;
bool t;
bool i;
bool d;
bool o;
};
struct REGDUMP
{
duint cax;
duint ccx;
duint cdx;
duint cbx;
duint csp;
duint cbp;
duint csi;
duint cdi;
#ifdef _WIN64
duint r8;
duint r9;
duint r10;
duint r11;
duint r12;
duint r13;
duint r14;
duint r15;
#endif //_WIN64
duint cip;
unsigned int eflags;
FLAGS flags;
unsigned short gs;
unsigned short fs;
unsigned short es;
unsigned short ds;
unsigned short cs;
unsigned short ss;
duint dr0;
duint dr1;
duint dr2;
duint dr3;
duint dr6;
duint dr7;
};
//Debugger functions
DLL_IMPEXP void DbgMemRead(duint va, unsigned char* dest, duint size);
DLL_IMPEXP duint DbgMemGetPageSize(duint base);
DLL_IMPEXP duint DbgMemFindBaseAddr(duint addr, duint* size);
DLL_IMPEXP bool DbgCmdExec(const char* cmd);
DLL_IMPEXP bool DbgMemMap(MEMMAP* memmap);
DLL_IMPEXP bool DbgIsValidExpression(const char* expression);
DLL_IMPEXP bool DbgIsDebugging();
DLL_IMPEXP bool DbgIsJumpGoingToExecute(duint addr);
DLL_IMPEXP bool DbgGetLabelAt(duint addr, SEGMENTREG segment, char* text);
DLL_IMPEXP bool DbgSetLabelAt(duint addr, const char* text);
DLL_IMPEXP bool DbgGetCommentAt(duint addr, char* text);
DLL_IMPEXP bool DbgSetCommentAt(duint addr, const char* text);
DLL_IMPEXP bool DbgGetModuleAt(duint addr, char* text);
DLL_IMPEXP BPXTYPE DbgGetBpxTypeAt(duint addr);
DLL_IMPEXP duint DbgValFromString(const char* string);
DLL_IMPEXP bool DbgGetRegDump(REGDUMP* regdump);
DLL_IMPEXP bool DbgValToString(const char* string, duint value);
//GUI functions
DLL_IMPEXP void GuiDisasmAt(duint addr, duint cip);
DLL_IMPEXP void GuiSetDebugState(DBGSTATE state);
DLL_IMPEXP void GuiAddLogMessage(const char* msg);
DLL_IMPEXP void GuiLogClear();
DLL_IMPEXP void GuiUpdateRegisterView();
#ifdef __cplusplus
}
#endif
#endif // _BRIDGEMAIN_H_

67
x64_dbg_bridge/x64_dbg_bridge.cbp Normal file
View File

@ -0,0 +1,67 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
<CodeBlocks_project_file>
<FileVersion major="1" minor="6" />
<Project>
<Option title="x64_dbg_bridge" />
<Option pch_mode="2" />
<Option compiler="gcc" />
<Build>
<Target title="x32">
<Option output="../bin/x32/x32_bridge" prefix_auto="1" extension_auto="1" />
<Option object_output="obj/x32" />
<Option type="3" />
<Option compiler="gcc" />
<Option host_application="../bin/x32/x32_dbg.exe" />
<Option run_host_application_in_terminal="0" />
<Option createStaticLib="1" />
<Compiler>
<Add option="-O2" />
</Compiler>
<Linker>
<Add option="-s" />
</Linker>
</Target>
<Target title="x64">
<Option output="../bin/x64/x64_bridge" prefix_auto="1" extension_auto="1" />
<Option object_output="obj/x64" />
<Option type="3" />
<Option compiler="gnu_gcc_compiler_x64" />
<Option host_application="../bin/x64/x64_dbg.exe" />
<Option run_host_application_in_terminal="0" />
<Option createStaticLib="1" />
<Compiler>
<Add option="-O2" />
</Compiler>
<Linker>
<Add option="-s" />
</Linker>
</Target>
</Build>
<Compiler>
<Add option="-Wall" />
<Add option="-fexceptions" />
<Add option="-DBUILD_BRIDGE" />
</Compiler>
<Linker>
<Add option="-static" />
</Linker>
<Unit filename="_global.cpp" />
<Unit filename="_global.h" />
<Unit filename="bridgemain.cpp" />
<Unit filename="bridgemain.h" />
<Extensions>
<code_completion />
<envvars />
<debugger />
<DoxyBlocks>
<comment_style block="0" line="0" />
<doxyfile_project />
<doxyfile_build />
<doxyfile_warnings />
<doxyfile_output />
<doxyfile_dot />
<general />
</DoxyBlocks>
</Extensions>
</Project>
</CodeBlocks_project_file>

86
x64_dbg_bridge/x64_dbg_bridge.vcxproj Normal file
View File

@ -0,0 +1,86 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|x64">
<Configuration>Release</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
</ItemGroup>
<ItemGroup>
<ClCompile Include="bridgemain.cpp" />
<ClCompile Include="_global.cpp" />
</ItemGroup>
<ItemGroup>
<ClInclude Include="bridgemain.h" />
<ClInclude Include="_global.h" />
</ItemGroup>
<PropertyGroup Label="Globals">
<Keyword>Win32Proj</Keyword>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<ConfigurationType>DynamicLibrary</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>DynamicLibrary</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<PropertyGroup Label="UserMacros" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<LinkIncremental>true</LinkIncremental>
<OutDir>$(SolutionDir)bin\x32</OutDir>
<IntDir>$(Platform)\$(Configuration)\</IntDir>
<TargetName>x32_bridge</TargetName>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<LinkIncremental>true</LinkIncremental>
<OutDir>$(SolutionDir)bin\x64</OutDir>
<TargetName>x64_bridge</TargetName>
</PropertyGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<ClCompile>
<PreprocessorDefinitions>BUILD_BRIDGE;WIN32;NDEBUG;_WINDOWS;_USRDLL;X64_DBG_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
<WarningLevel>Level3</WarningLevel>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
</ClCompile>
<Link>
<TargetMachine>MachineX86</TargetMachine>
<GenerateDebugInformation>true</GenerateDebugInformation>
<SubSystem>Windows</SubSystem>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<ClCompile>
<PreprocessorDefinitions>BUILD_BRIDGE;WIN32;NDEBUG;_WINDOWS;_USRDLL;X64_DBG_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
<WarningLevel>Level3</WarningLevel>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
</ClCompile>
<Link>
<GenerateDebugInformation>true</GenerateDebugInformation>
<SubSystem>Windows</SubSystem>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
</Link>
</ItemDefinitionGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
</ImportGroup>
</Project>

33
x64_dbg_bridge/x64_dbg_bridge.vcxproj.filters Normal file
View File

@ -0,0 +1,33 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup>
<Filter Include="Source Files">
<UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
<Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
</Filter>
<Filter Include="Header Files">
<UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
<Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
</Filter>
<Filter Include="Resource Files">
<UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
<Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav</Extensions>
</Filter>
</ItemGroup>
<ItemGroup>
<ClCompile Include="_global.cpp">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="bridgemain.cpp">
<Filter>Source Files</Filter>
</ClCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="_global.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="bridgemain.h">
<Filter>Header Files</Filter>
</ClInclude>
</ItemGroup>
</Project>

3
x64_dbg_bridge/x64_dbg_bridge.vcxproj.user Normal file
View File

@ -0,0 +1,3 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
</Project>

937
x64_dbg_dbg/TitanEngine/TitanEngine.h Normal file
View File

@ -0,0 +1,937 @@
#ifndef TITANENGINE
#define TITANENGINE
#define TITCALL
#if _MSC_VER > 1000
#pragma once
#endif
#include <windows.h>
#pragma pack(push, 1)
// Global.Constant.Structure.Declaration:
// Engine.External:
#define UE_ACCESS_READ 0
#define UE_ACCESS_WRITE 1
#define UE_ACCESS_ALL 2
#define UE_HIDE_BASIC 1
#define UE_PLUGIN_CALL_REASON_PREDEBUG 1
#define UE_PLUGIN_CALL_REASON_EXCEPTION 2
#define UE_PLUGIN_CALL_REASON_POSTDEBUG 3
#define TEE_HOOK_NRM_JUMP 1
#define TEE_HOOK_NRM_CALL 3
#define TEE_HOOK_IAT 5
#define UE_ENGINE_ALOW_MODULE_LOADING 1
#define UE_ENGINE_AUTOFIX_FORWARDERS 2
#define UE_ENGINE_PASS_ALL_EXCEPTIONS 3
#define UE_ENGINE_NO_CONSOLE_WINDOW 4
#define UE_ENGINE_BACKUP_FOR_CRITICAL_FUNCTIONS 5
#define UE_ENGINE_CALL_PLUGIN_CALLBACK 6
#define UE_ENGINE_RESET_CUSTOM_HANDLER 7
#define UE_ENGINE_CALL_PLUGIN_DEBUG_CALLBACK 8
#define UE_OPTION_REMOVEALL 1
#define UE_OPTION_DISABLEALL 2
#define UE_OPTION_REMOVEALLDISABLED 3
#define UE_OPTION_REMOVEALLENABLED 4
#define UE_STATIC_DECRYPTOR_XOR 1
#define UE_STATIC_DECRYPTOR_SUB 2
#define UE_STATIC_DECRYPTOR_ADD 3
#define UE_STATIC_DECRYPTOR_FOREWARD 1
#define UE_STATIC_DECRYPTOR_BACKWARD 2
#define UE_STATIC_KEY_SIZE_1 1
#define UE_STATIC_KEY_SIZE_2 2
#define UE_STATIC_KEY_SIZE_4 4
#define UE_STATIC_KEY_SIZE_8 8
#define UE_STATIC_APLIB 1
#define UE_STATIC_APLIB_DEPACK 2
#define UE_STATIC_LZMA 3
#define UE_STATIC_HASH_MD5 1
#define UE_STATIC_HASH_SHA1 2
#define UE_STATIC_HASH_CRC32 3
#define UE_RESOURCE_LANGUAGE_ANY -1
#define UE_PE_OFFSET 0
#define UE_IMAGEBASE 1
#define UE_OEP 2
#define UE_SIZEOFIMAGE 3
#define UE_SIZEOFHEADERS 4
#define UE_SIZEOFOPTIONALHEADER 5
#define UE_SECTIONALIGNMENT 6
#define UE_IMPORTTABLEADDRESS 7
#define UE_IMPORTTABLESIZE 8
#define UE_RESOURCETABLEADDRESS 9
#define UE_RESOURCETABLESIZE 10
#define UE_EXPORTTABLEADDRESS 11
#define UE_EXPORTTABLESIZE 12
#define UE_TLSTABLEADDRESS 13
#define UE_TLSTABLESIZE 14
#define UE_RELOCATIONTABLEADDRESS 15
#define UE_RELOCATIONTABLESIZE 16
#define UE_TIMEDATESTAMP 17
#define UE_SECTIONNUMBER 18
#define UE_CHECKSUM 19
#define UE_SUBSYSTEM 20
#define UE_CHARACTERISTICS 21
#define UE_NUMBEROFRVAANDSIZES 22
#define UE_SECTIONNAME 23
#define UE_SECTIONVIRTUALOFFSET 24
#define UE_SECTIONVIRTUALSIZE 25
#define UE_SECTIONRAWOFFSET 26
#define UE_SECTIONRAWSIZE 27
#define UE_SECTIONFLAGS 28
#define UE_CH_BREAKPOINT 1
#define UE_CH_SINGLESTEP 2
#define UE_CH_ACCESSVIOLATION 3
#define UE_CH_ILLEGALINSTRUCTION 4
#define UE_CH_NONCONTINUABLEEXCEPTION 5
#define UE_CH_ARRAYBOUNDSEXCEPTION 6
#define UE_CH_FLOATDENORMALOPERAND 7
#define UE_CH_FLOATDEVIDEBYZERO 8
#define UE_CH_INTEGERDEVIDEBYZERO 9
#define UE_CH_INTEGEROVERFLOW 10
#define UE_CH_PRIVILEGEDINSTRUCTION 11
#define UE_CH_PAGEGUARD 12
#define UE_CH_EVERYTHINGELSE 13
#define UE_CH_CREATETHREAD 14
#define UE_CH_EXITTHREAD 15
#define UE_CH_CREATEPROCESS 16
#define UE_CH_EXITPROCESS 17
#define UE_CH_LOADDLL 18
#define UE_CH_UNLOADDLL 19
#define UE_CH_OUTPUTDEBUGSTRING 20
#define UE_CH_AFTEREXCEPTIONPROCESSING 21
#define UE_CH_ALLEVENTS 22
#define UE_CH_SYSTEMBREAKPOINT 23
#define UE_CH_UNHANDLEDEXCEPTION 24
#define UE_OPTION_HANDLER_RETURN_HANDLECOUNT 1
#define UE_OPTION_HANDLER_RETURN_ACCESS 2
#define UE_OPTION_HANDLER_RETURN_FLAGS 3
#define UE_OPTION_HANDLER_RETURN_TYPENAME 4
#define UE_BREAKPOINT_INT3 1
#define UE_BREAKPOINT_LONG_INT3 2
#define UE_BREAKPOINT_UD2 3
#define UE_BPXREMOVED 0
#define UE_BPXACTIVE 1
#define UE_BPXINACTIVE 2
#define UE_BREAKPOINT 0
#define UE_SINGLESHOOT 1
#define UE_HARDWARE 2
#define UE_MEMORY 3
#define UE_MEMORY_READ 4
#define UE_MEMORY_WRITE 5
#define UE_MEMORY_EXECUTE 6
#define UE_BREAKPOINT_TYPE_INT3 0x10000000
#define UE_BREAKPOINT_TYPE_LONG_INT3 0x20000000
#define UE_BREAKPOINT_TYPE_UD2 0x30000000
#define UE_HARDWARE_EXECUTE 4
#define UE_HARDWARE_WRITE 5
#define UE_HARDWARE_READWRITE 6
#define UE_HARDWARE_SIZE_1 7
#define UE_HARDWARE_SIZE_2 8
#define UE_HARDWARE_SIZE_4 9
#define UE_HARDWARE_SIZE_8 10
#define UE_ON_LIB_LOAD 1
#define UE_ON_LIB_UNLOAD 2
#define UE_ON_LIB_ALL 3
#define UE_APISTART 0
#define UE_APIEND 1
#define UE_PLATFORM_x86 1
#define UE_PLATFORM_x64 2
#define UE_PLATFORM_ALL 3
#define UE_FUNCTION_STDCALL 1
#define UE_FUNCTION_CCALL 2
#define UE_FUNCTION_FASTCALL 3
#define UE_FUNCTION_STDCALL_RET 4
#define UE_FUNCTION_CCALL_RET 5
#define UE_FUNCTION_FASTCALL_RET 6
#define UE_FUNCTION_STDCALL_CALL 7
#define UE_FUNCTION_CCALL_CALL 8
#define UE_FUNCTION_FASTCALL_CALL 9
#define UE_PARAMETER_BYTE 0
#define UE_PARAMETER_WORD 1
#define UE_PARAMETER_DWORD 2
#define UE_PARAMETER_QWORD 3
#define UE_PARAMETER_PTR_BYTE 4
#define UE_PARAMETER_PTR_WORD 5
#define UE_PARAMETER_PTR_DWORD 6
#define UE_PARAMETER_PTR_QWORD 7
#define UE_PARAMETER_STRING 8
#define UE_PARAMETER_UNICODE 9
#define UE_CMP_NOCONDITION 0
#define UE_CMP_EQUAL 1
#define UE_CMP_NOTEQUAL 2
#define UE_CMP_GREATER 3
#define UE_CMP_GREATEROREQUAL 4
#define UE_CMP_LOWER 5
#define UE_CMP_LOWEROREQUAL 6
#define UE_CMP_REG_EQUAL 7
#define UE_CMP_REG_NOTEQUAL 8
#define UE_CMP_REG_GREATER 9
#define UE_CMP_REG_GREATEROREQUAL 10
#define UE_CMP_REG_LOWER 11
#define UE_CMP_REG_LOWEROREQUAL 12
#define UE_CMP_ALWAYSFALSE 13
#define UE_EAX 1
#define UE_EBX 2
#define UE_ECX 3
#define UE_EDX 4
#define UE_EDI 5
#define UE_ESI 6
#define UE_EBP 7
#define UE_ESP 8
#define UE_EIP 9
#define UE_EFLAGS 10
#define UE_DR0 11
#define UE_DR1 12
#define UE_DR2 13
#define UE_DR3 14
#define UE_DR6 15
#define UE_DR7 16
#define UE_RAX 17
#define UE_RBX 18
#define UE_RCX 19
#define UE_RDX 20
#define UE_RDI 21
#define UE_RSI 22
#define UE_RBP 23
#define UE_RSP 24
#define UE_RIP 25
#define UE_RFLAGS 26
#define UE_R8 27
#define UE_R9 28
#define UE_R10 29
#define UE_R11 30
#define UE_R12 31
#define UE_R13 32
#define UE_R14 33
#define UE_R15 34
#define UE_CIP 35
#define UE_CSP 36
#ifdef _WIN64
#define UE_CFLAGS UE_RFLAGS
#else
#define UE_CFLAGS UE_EFLAGS
#endif
#define UE_SEG_GS 37
#define UE_SEG_FS 38
#define UE_SEG_ES 39
#define UE_SEG_DS 40
#define UE_SEG_CS 41
#define UE_SEG_SS 42
typedef struct
{
DWORD PE32Offset;
DWORD ImageBase;
DWORD OriginalEntryPoint;
DWORD NtSizeOfImage;
DWORD NtSizeOfHeaders;
WORD SizeOfOptionalHeaders;
DWORD FileAlignment;
DWORD SectionAligment;
DWORD ImportTableAddress;
DWORD ImportTableSize;
DWORD ResourceTableAddress;
DWORD ResourceTableSize;
DWORD ExportTableAddress;
DWORD ExportTableSize;
DWORD TLSTableAddress;
DWORD TLSTableSize;
DWORD RelocationTableAddress;
DWORD RelocationTableSize;
DWORD TimeDateStamp;
WORD SectionNumber;
DWORD CheckSum;
WORD SubSystem;
WORD Characteristics;
DWORD NumberOfRvaAndSizes;
} PE32Struct, *PPE32Struct;
typedef struct
{
DWORD PE64Offset;
DWORD64 ImageBase;
DWORD OriginalEntryPoint;
DWORD NtSizeOfImage;
DWORD NtSizeOfHeaders;
WORD SizeOfOptionalHeaders;
DWORD FileAlignment;
DWORD SectionAligment;
DWORD ImportTableAddress;
DWORD ImportTableSize;
DWORD ResourceTableAddress;
DWORD ResourceTableSize;
DWORD ExportTableAddress;
DWORD ExportTableSize;
DWORD TLSTableAddress;
DWORD TLSTableSize;
DWORD RelocationTableAddress;
DWORD RelocationTableSize;
DWORD TimeDateStamp;
WORD SectionNumber;
DWORD CheckSum;
WORD SubSystem;
WORD Characteristics;
DWORD NumberOfRvaAndSizes;
} PE64Struct, *PPE64Struct;
typedef struct
{
bool NewDll;
int NumberOfImports;
ULONG_PTR ImageBase;
ULONG_PTR BaseImportThunk;
ULONG_PTR ImportThunk;
char* APIName;
char* DLLName;
} ImportEnumData, *PImportEnumData;
typedef struct
{
HANDLE hThread;
DWORD dwThreadId;
void* ThreadStartAddress;
void* ThreadLocalBase;
} THREAD_ITEM_DATA, *PTHREAD_ITEM_DATA;
typedef struct
{
HANDLE hFile;
void* BaseOfDll;
HANDLE hFileMapping;
void* hFileMappingView;
char szLibraryPath[MAX_PATH];
char szLibraryName[MAX_PATH];
} LIBRARY_ITEM_DATA, *PLIBRARY_ITEM_DATA;
typedef struct
{
HANDLE hFile;
void* BaseOfDll;
HANDLE hFileMapping;
void* hFileMappingView;
wchar_t szLibraryPath[MAX_PATH];
wchar_t szLibraryName[MAX_PATH];
} LIBRARY_ITEM_DATAW, *PLIBRARY_ITEM_DATAW;
typedef struct
{
HANDLE hProcess;
DWORD dwProcessId;
HANDLE hThread;
DWORD dwThreadId;
HANDLE hFile;
void* BaseOfImage;
void* ThreadStartAddress;
void* ThreadLocalBase;
} PROCESS_ITEM_DATA, *PPROCESS_ITEM_DATA;
typedef struct
{
ULONG ProcessId;
HANDLE hHandle;
} HandlerArray, *PHandlerArray;
typedef struct
{
char PluginName[64];
DWORD PluginMajorVersion;
DWORD PluginMinorVersion;
HMODULE PluginBaseAddress;
void* TitanDebuggingCallBack;
void* TitanRegisterPlugin;
void* TitanReleasePlugin;
void* TitanResetPlugin;
bool PluginDisabled;
} PluginInformation, *PPluginInformation;
#define TEE_MAXIMUM_HOOK_SIZE 14
#define TEE_MAXIMUM_HOOK_RELOCS 7
#if defined(_WIN64)
#define TEE_MAXIMUM_HOOK_INSERT_SIZE 14
#else
#define TEE_MAXIMUM_HOOK_INSERT_SIZE 5
#endif
typedef struct HOOK_ENTRY
{
bool IATHook;
BYTE HookType;
DWORD HookSize;
void* HookAddress;
void* RedirectionAddress;
BYTE HookBytes[TEE_MAXIMUM_HOOK_SIZE];
BYTE OriginalBytes[TEE_MAXIMUM_HOOK_SIZE];
void* IATHookModuleBase;
DWORD IATHookNameHash;
bool HookIsEnabled;
bool HookIsRemote;
void* PatchedEntry;
DWORD RelocationInfo[TEE_MAXIMUM_HOOK_RELOCS];
int RelocationCount;
} HOOK_ENTRY, *PHOOK_ENTRY;
#define UE_DEPTH_SURFACE 0
#define UE_DEPTH_DEEP 1
#define UE_UNPACKER_CONDITION_SEARCH_FROM_EP 1
#define UE_UNPACKER_CONDITION_LOADLIBRARY 1
#define UE_UNPACKER_CONDITION_GETPROCADDRESS 2
#define UE_UNPACKER_CONDITION_ENTRYPOINTBREAK 3
#define UE_UNPACKER_CONDITION_RELOCSNAPSHOT1 4
#define UE_UNPACKER_CONDITION_RELOCSNAPSHOT2 5
#define UE_FIELD_OK 0
#define UE_FIELD_BROKEN_NON_FIXABLE 1
#define UE_FIELD_BROKEN_NON_CRITICAL 2
#define UE_FIELD_BROKEN_FIXABLE_FOR_STATIC_USE 3
#define UE_FIELD_BROKEN_BUT_CAN_BE_EMULATED 4
#define UE_FILED_FIXABLE_NON_CRITICAL 5
#define UE_FILED_FIXABLE_CRITICAL 6
#define UE_FIELD_NOT_PRESET 7
#define UE_FIELD_NOT_PRESET_WARNING 8
#define UE_RESULT_FILE_OK 10
#define UE_RESULT_FILE_INVALID_BUT_FIXABLE 11
#define UE_RESULT_FILE_INVALID_AND_NON_FIXABLE 12
#define UE_RESULT_FILE_INVALID_FORMAT 13
typedef struct
{
BYTE OveralEvaluation;
bool EvaluationTerminatedByException;
bool FileIs64Bit;
bool FileIsDLL;
bool FileIsConsole;
bool MissingDependencies;
bool MissingDeclaredAPIs;
BYTE SignatureMZ;
BYTE SignaturePE;
BYTE EntryPoint;
BYTE ImageBase;
BYTE SizeOfImage;
BYTE FileAlignment;
BYTE SectionAlignment;
BYTE ExportTable;
BYTE RelocationTable;
BYTE ImportTable;
BYTE ImportTableSection;
BYTE ImportTableData;
BYTE IATTable;
BYTE TLSTable;
BYTE LoadConfigTable;
BYTE BoundImportTable;
BYTE COMHeaderTable;
BYTE ResourceTable;
BYTE ResourceData;
BYTE SectionTable;
} FILE_STATUS_INFO, *PFILE_STATUS_INFO;
typedef struct
{
BYTE OveralEvaluation;
bool FixingTerminatedByException;
bool FileFixPerformed;
bool StrippedRelocation;
bool DontFixRelocations;
DWORD OriginalRelocationTableAddress;
DWORD OriginalRelocationTableSize;
bool StrippedExports;
bool DontFixExports;
DWORD OriginalExportTableAddress;
DWORD OriginalExportTableSize;
bool StrippedResources;
bool DontFixResources;
DWORD OriginalResourceTableAddress;
DWORD OriginalResourceTableSize;
bool StrippedTLS;
bool DontFixTLS;
DWORD OriginalTLSTableAddress;
DWORD OriginalTLSTableSize;
bool StrippedLoadConfig;
bool DontFixLoadConfig;
DWORD OriginalLoadConfigTableAddress;
DWORD OriginalLoadConfigTableSize;
bool StrippedBoundImports;
bool DontFixBoundImports;
DWORD OriginalBoundImportTableAddress;
DWORD OriginalBoundImportTableSize;
bool StrippedIAT;
bool DontFixIAT;
DWORD OriginalImportAddressTableAddress;
DWORD OriginalImportAddressTableSize;
bool StrippedCOM;
bool DontFixCOM;
DWORD OriginalCOMTableAddress;
DWORD OriginalCOMTableSize;
} FILE_FIX_INFO, *PFILE_FIX_INFO;
#ifdef __cplusplus
extern "C"
{
#endif
// Global.Function.Declaration:
// TitanEngine.Dumper.functions:
__declspec(dllexport) bool TITCALL DumpProcess(HANDLE hProcess, LPVOID ImageBase, char* szDumpFileName, ULONG_PTR EntryPoint);
__declspec(dllexport) bool TITCALL DumpProcessW(HANDLE hProcess, LPVOID ImageBase, wchar_t* szDumpFileName, ULONG_PTR EntryPoint);
__declspec(dllexport) bool TITCALL DumpProcessEx(DWORD ProcessId, LPVOID ImageBase, char* szDumpFileName, ULONG_PTR EntryPoint);
__declspec(dllexport) bool TITCALL DumpProcessExW(DWORD ProcessId, LPVOID ImageBase, wchar_t* szDumpFileName, ULONG_PTR EntryPoint);
__declspec(dllexport) bool TITCALL DumpMemory(HANDLE hProcess, LPVOID MemoryStart, ULONG_PTR MemorySize, char* szDumpFileName);
__declspec(dllexport) bool TITCALL DumpMemoryW(HANDLE hProcess, LPVOID MemoryStart, ULONG_PTR MemorySize, wchar_t* szDumpFileName);
__declspec(dllexport) bool TITCALL DumpMemoryEx(DWORD ProcessId, LPVOID MemoryStart, ULONG_PTR MemorySize, char* szDumpFileName);
__declspec(dllexport) bool TITCALL DumpMemoryExW(DWORD ProcessId, LPVOID MemoryStart, ULONG_PTR MemorySize, wchar_t* szDumpFileName);
__declspec(dllexport) bool TITCALL DumpRegions(HANDLE hProcess, char* szDumpFolder, bool DumpAboveImageBaseOnly);
__declspec(dllexport) bool TITCALL DumpRegionsW(HANDLE hProcess, wchar_t* szDumpFolder, bool DumpAboveImageBaseOnly);
__declspec(dllexport) bool TITCALL DumpRegionsEx(DWORD ProcessId, char* szDumpFolder, bool DumpAboveImageBaseOnly);
__declspec(dllexport) bool TITCALL DumpRegionsExW(DWORD ProcessId, wchar_t* szDumpFolder, bool DumpAboveImageBaseOnly);
__declspec(dllexport) bool TITCALL DumpModule(HANDLE hProcess, LPVOID ModuleBase, char* szDumpFileName);
__declspec(dllexport) bool TITCALL DumpModuleW(HANDLE hProcess, LPVOID ModuleBase, wchar_t* szDumpFileName);
__declspec(dllexport) bool TITCALL DumpModuleEx(DWORD ProcessId, LPVOID ModuleBase, char* szDumpFileName);
__declspec(dllexport) bool TITCALL DumpModuleExW(DWORD ProcessId, LPVOID ModuleBase, wchar_t* szDumpFileName);
__declspec(dllexport) bool TITCALL PastePEHeader(HANDLE hProcess, LPVOID ImageBase, char* szDebuggedFileName);
__declspec(dllexport) bool TITCALL PastePEHeaderW(HANDLE hProcess, LPVOID ImageBase, wchar_t* szDebuggedFileName);
__declspec(dllexport) bool TITCALL ExtractSection(char* szFileName, char* szDumpFileName, DWORD SectionNumber);
__declspec(dllexport) bool TITCALL ExtractSectionW(wchar_t* szFileName, wchar_t* szDumpFileName, DWORD SectionNumber);
__declspec(dllexport) bool TITCALL ResortFileSections(char* szFileName);
__declspec(dllexport) bool TITCALL ResortFileSectionsW(wchar_t* szFileName);
__declspec(dllexport) bool TITCALL FindOverlay(char* szFileName, LPDWORD OverlayStart, LPDWORD OverlaySize);
__declspec(dllexport) bool TITCALL FindOverlayW(wchar_t* szFileName, LPDWORD OverlayStart, LPDWORD OverlaySize);
__declspec(dllexport) bool TITCALL ExtractOverlay(char* szFileName, char* szExtactedFileName);
__declspec(dllexport) bool TITCALL ExtractOverlayW(wchar_t* szFileName, wchar_t* szExtactedFileName);
__declspec(dllexport) bool TITCALL AddOverlay(char* szFileName, char* szOverlayFileName);
__declspec(dllexport) bool TITCALL AddOverlayW(wchar_t* szFileName, wchar_t* szOverlayFileName);
__declspec(dllexport) bool TITCALL CopyOverlay(char* szInFileName, char* szOutFileName);
__declspec(dllexport) bool TITCALL CopyOverlayW(wchar_t* szInFileName, wchar_t* szOutFileName);
__declspec(dllexport) bool TITCALL RemoveOverlay(char* szFileName);
__declspec(dllexport) bool TITCALL RemoveOverlayW(wchar_t* szFileName);
__declspec(dllexport) bool TITCALL MakeAllSectionsRWE(char* szFileName);
__declspec(dllexport) bool TITCALL MakeAllSectionsRWEW(wchar_t* szFileName);
__declspec(dllexport) long TITCALL AddNewSectionEx(char* szFileName, char* szSectionName, DWORD SectionSize, DWORD SectionAttributes, LPVOID SectionContent, DWORD ContentSize);
__declspec(dllexport) long TITCALL AddNewSectionExW(wchar_t* szFileName, char* szSectionName, DWORD SectionSize, DWORD SectionAttributes, LPVOID SectionContent, DWORD ContentSize);
__declspec(dllexport) long TITCALL AddNewSection(char* szFileName, char* szSectionName, DWORD SectionSize);
__declspec(dllexport) long TITCALL AddNewSectionW(wchar_t* szFileName, char* szSectionName, DWORD SectionSize);
__declspec(dllexport) bool TITCALL ResizeLastSection(char* szFileName, DWORD NumberOfExpandBytes, bool AlignResizeData);
__declspec(dllexport) bool TITCALL ResizeLastSectionW(wchar_t* szFileName, DWORD NumberOfExpandBytes, bool AlignResizeData);
__declspec(dllexport) void TITCALL SetSharedOverlay(char* szFileName);
__declspec(dllexport) void TITCALL SetSharedOverlayW(wchar_t* szFileName);
__declspec(dllexport) char* TITCALL GetSharedOverlay();
__declspec(dllexport) wchar_t* TITCALL GetSharedOverlayW();
__declspec(dllexport) bool TITCALL DeleteLastSection(char* szFileName);
__declspec(dllexport) bool TITCALL DeleteLastSectionW(wchar_t* szFileName);
__declspec(dllexport) bool TITCALL DeleteLastSectionEx(char* szFileName, DWORD NumberOfSections);
__declspec(dllexport) bool TITCALL DeleteLastSectionExW(wchar_t* szFileName, DWORD NumberOfSections);
__declspec(dllexport) long long TITCALL GetPE32DataFromMappedFile(ULONG_PTR FileMapVA, DWORD WhichSection, DWORD WhichData);
__declspec(dllexport) long long TITCALL GetPE32Data(char* szFileName, DWORD WhichSection, DWORD WhichData);
__declspec(dllexport) long long TITCALL GetPE32DataW(wchar_t* szFileName, DWORD WhichSection, DWORD WhichData);
__declspec(dllexport) bool TITCALL GetPE32DataFromMappedFileEx(ULONG_PTR FileMapVA, LPVOID DataStorage);
__declspec(dllexport) bool TITCALL GetPE32DataEx(char* szFileName, LPVOID DataStorage);
__declspec(dllexport) bool TITCALL GetPE32DataExW(wchar_t* szFileName, LPVOID DataStorage);
__declspec(dllexport) bool TITCALL SetPE32DataForMappedFile(ULONG_PTR FileMapVA, DWORD WhichSection, DWORD WhichData, ULONG_PTR NewDataValue);
__declspec(dllexport) bool TITCALL SetPE32Data(char* szFileName, DWORD WhichSection, DWORD WhichData, ULONG_PTR NewDataValue);
__declspec(dllexport) bool TITCALL SetPE32DataW(wchar_t* szFileName, DWORD WhichSection, DWORD WhichData, ULONG_PTR NewDataValue);
__declspec(dllexport) bool TITCALL SetPE32DataForMappedFileEx(ULONG_PTR FileMapVA, LPVOID DataStorage);
__declspec(dllexport) bool TITCALL SetPE32DataEx(char* szFileName, LPVOID DataStorage);
__declspec(dllexport) bool TITCALL SetPE32DataExW(wchar_t* szFileName, LPVOID DataStorage);
__declspec(dllexport) long TITCALL GetPE32SectionNumberFromVA(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert);
__declspec(dllexport) long long TITCALL ConvertVAtoFileOffset(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType);
__declspec(dllexport) long long TITCALL ConvertVAtoFileOffsetEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool AddressIsRVA, bool ReturnType);
__declspec(dllexport) long long TITCALL ConvertFileOffsetToVA(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType);
__declspec(dllexport) long long TITCALL ConvertFileOffsetToVAEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool ReturnType);
// TitanEngine.Realigner.functions:
__declspec(dllexport) bool TITCALL FixHeaderCheckSum(char* szFileName);
__declspec(dllexport) bool TITCALL FixHeaderCheckSumW(wchar_t* szFileName);
__declspec(dllexport) long TITCALL RealignPE(ULONG_PTR FileMapVA, DWORD FileSize, DWORD RealingMode);
__declspec(dllexport) long TITCALL RealignPEEx(char* szFileName, DWORD RealingFileSize, DWORD ForcedFileAlignment);
__declspec(dllexport) long TITCALL RealignPEExW(wchar_t* szFileName, DWORD RealingFileSize, DWORD ForcedFileAlignment);
__declspec(dllexport) bool TITCALL WipeSection(char* szFileName, int WipeSectionNumber, bool RemovePhysically);
__declspec(dllexport) bool TITCALL WipeSectionW(wchar_t* szFileName, int WipeSectionNumber, bool RemovePhysically);
__declspec(dllexport) bool TITCALL IsPE32FileValidEx(char* szFileName, DWORD CheckDepth, LPVOID FileStatusInfo);
__declspec(dllexport) bool TITCALL IsPE32FileValidExW(wchar_t* szFileName, DWORD CheckDepth, LPVOID FileStatusInfo);
__declspec(dllexport) bool TITCALL FixBrokenPE32FileEx(char* szFileName, LPVOID FileStatusInfo, LPVOID FileFixInfo);
__declspec(dllexport) bool TITCALL FixBrokenPE32FileExW(wchar_t* szFileName, LPVOID FileStatusInfo, LPVOID FileFixInfo);
__declspec(dllexport) bool TITCALL IsFileDLL(char* szFileName, ULONG_PTR FileMapVA);
__declspec(dllexport) bool TITCALL IsFileDLLW(wchar_t* szFileName, ULONG_PTR FileMapVA);
// TitanEngine.Hider.functions:
__declspec(dllexport) void* TITCALL GetPEBLocation(HANDLE hProcess);
__declspec(dllexport) bool TITCALL HideDebugger(HANDLE hProcess, DWORD PatchAPILevel);
__declspec(dllexport) bool TITCALL UnHideDebugger(HANDLE hProcess, DWORD PatchAPILevel);
// TitanEngine.Relocater.functions:
__declspec(dllexport) void TITCALL RelocaterCleanup();
__declspec(dllexport) void TITCALL RelocaterInit(DWORD MemorySize, ULONG_PTR OldImageBase, ULONG_PTR NewImageBase);
__declspec(dllexport) void TITCALL RelocaterAddNewRelocation(HANDLE hProcess, ULONG_PTR RelocateAddress, DWORD RelocateState);
__declspec(dllexport) long TITCALL RelocaterEstimatedSize();
__declspec(dllexport) bool TITCALL RelocaterExportRelocation(ULONG_PTR StorePlace, DWORD StorePlaceRVA, ULONG_PTR FileMapVA);
__declspec(dllexport) bool TITCALL RelocaterExportRelocationEx(char* szFileName, char* szSectionName);
__declspec(dllexport) bool TITCALL RelocaterExportRelocationExW(wchar_t* szFileName, char* szSectionName);
__declspec(dllexport) bool TITCALL RelocaterGrabRelocationTable(HANDLE hProcess, ULONG_PTR MemoryStart, DWORD MemorySize);
__declspec(dllexport) bool TITCALL RelocaterGrabRelocationTableEx(HANDLE hProcess, ULONG_PTR MemoryStart, ULONG_PTR MemorySize, DWORD NtSizeOfImage);
__declspec(dllexport) bool TITCALL RelocaterMakeSnapshot(HANDLE hProcess, char* szSaveFileName, LPVOID MemoryStart, ULONG_PTR MemorySize);
__declspec(dllexport) bool TITCALL RelocaterMakeSnapshotW(HANDLE hProcess, wchar_t* szSaveFileName, LPVOID MemoryStart, ULONG_PTR MemorySize);
__declspec(dllexport) bool TITCALL RelocaterCompareTwoSnapshots(HANDLE hProcess, ULONG_PTR LoadedImageBase, ULONG_PTR NtSizeOfImage, char* szDumpFile1, char* szDumpFile2, ULONG_PTR MemStart);
__declspec(dllexport) bool TITCALL RelocaterCompareTwoSnapshotsW(HANDLE hProcess, ULONG_PTR LoadedImageBase, ULONG_PTR NtSizeOfImage, wchar_t* szDumpFile1, wchar_t* szDumpFile2, ULONG_PTR MemStart);
__declspec(dllexport) bool TITCALL RelocaterChangeFileBase(char* szFileName, ULONG_PTR NewImageBase);
__declspec(dllexport) bool TITCALL RelocaterChangeFileBaseW(wchar_t* szFileName, ULONG_PTR NewImageBase);
__declspec(dllexport) bool TITCALL RelocaterRelocateMemoryBlock(ULONG_PTR FileMapVA, ULONG_PTR MemoryLocation, void* RelocateMemory, DWORD RelocateMemorySize, ULONG_PTR CurrentLoadedBase, ULONG_PTR RelocateBase);
__declspec(dllexport) bool TITCALL RelocaterWipeRelocationTable(char* szFileName);
__declspec(dllexport) bool TITCALL RelocaterWipeRelocationTableW(wchar_t* szFileName);
// TitanEngine.Resourcer.functions:
__declspec(dllexport) long long TITCALL ResourcerLoadFileForResourceUse(char* szFileName);
__declspec(dllexport) long long TITCALL ResourcerLoadFileForResourceUseW(wchar_t* szFileName);
__declspec(dllexport) bool TITCALL ResourcerFreeLoadedFile(LPVOID LoadedFileBase);
__declspec(dllexport) bool TITCALL ResourcerExtractResourceFromFileEx(ULONG_PTR FileMapVA, char* szResourceType, char* szResourceName, char* szExtractedFileName);
__declspec(dllexport) bool TITCALL ResourcerExtractResourceFromFile(char* szFileName, char* szResourceType, char* szResourceName, char* szExtractedFileName);
__declspec(dllexport) bool TITCALL ResourcerExtractResourceFromFileW(wchar_t* szFileName, char* szResourceType, char* szResourceName, char* szExtractedFileName);
__declspec(dllexport) bool TITCALL ResourcerFindResource(char* szFileName, char* szResourceType, DWORD ResourceType, char* szResourceName, DWORD ResourceName, DWORD ResourceLanguage, PULONG_PTR pResourceData, LPDWORD pResourceSize);
__declspec(dllexport) bool TITCALL ResourcerFindResourceW(wchar_t* szFileName, wchar_t* szResourceType, DWORD ResourceType, wchar_t* szResourceName, DWORD ResourceName, DWORD ResourceLanguage, PULONG_PTR pResourceData, LPDWORD pResourceSize);
__declspec(dllexport) bool TITCALL ResourcerFindResourceEx(ULONG_PTR FileMapVA, DWORD FileSize, wchar_t* szResourceType, DWORD ResourceType, wchar_t* szResourceName, DWORD ResourceName, DWORD ResourceLanguage, PULONG_PTR pResourceData, LPDWORD pResourceSize);
__declspec(dllexport) void TITCALL ResourcerEnumerateResource(char* szFileName, void* CallBack);
__declspec(dllexport) void TITCALL ResourcerEnumerateResourceW(wchar_t* szFileName, void* CallBack);
__declspec(dllexport) void TITCALL ResourcerEnumerateResourceEx(ULONG_PTR FileMapVA, DWORD FileSize, void* CallBack);
// TitanEngine.Threader.functions:
__declspec(dllexport) bool TITCALL ThreaderImportRunningThreadData(DWORD ProcessId);
__declspec(dllexport) void* TITCALL ThreaderGetThreadInfo(HANDLE hThread, DWORD ThreadId);
__declspec(dllexport) void TITCALL ThreaderEnumThreadInfo(void* EnumCallBack);
__declspec(dllexport) bool TITCALL ThreaderPauseThread(HANDLE hThread);
__declspec(dllexport) bool TITCALL ThreaderResumeThread(HANDLE hThread);
__declspec(dllexport) bool TITCALL ThreaderTerminateThread(HANDLE hThread, DWORD ThreadExitCode);
__declspec(dllexport) bool TITCALL ThreaderPauseAllThreads(bool LeaveMainRunning);
__declspec(dllexport) bool TITCALL ThreaderResumeAllThreads(bool LeaveMainPaused);
__declspec(dllexport) bool TITCALL ThreaderPauseProcess();
__declspec(dllexport) bool TITCALL ThreaderResumeProcess();
__declspec(dllexport) long long TITCALL ThreaderCreateRemoteThread(ULONG_PTR ThreadStartAddress, bool AutoCloseTheHandle, LPVOID ThreadPassParameter, LPDWORD ThreadId);
__declspec(dllexport) bool TITCALL ThreaderInjectAndExecuteCode(LPVOID InjectCode, DWORD StartDelta, DWORD InjectSize);
__declspec(dllexport) long long TITCALL ThreaderCreateRemoteThreadEx(HANDLE hProcess, ULONG_PTR ThreadStartAddress, bool AutoCloseTheHandle, LPVOID ThreadPassParameter, LPDWORD ThreadId);
__declspec(dllexport) bool TITCALL ThreaderInjectAndExecuteCodeEx(HANDLE hProcess, LPVOID InjectCode, DWORD StartDelta, DWORD InjectSize);
__declspec(dllexport) void TITCALL ThreaderSetCallBackForNextExitThreadEvent(LPVOID exitThreadCallBack);
__declspec(dllexport) bool TITCALL ThreaderIsThreadStillRunning(HANDLE hThread);
__declspec(dllexport) bool TITCALL ThreaderIsThreadActive(HANDLE hThread);
__declspec(dllexport) bool TITCALL ThreaderIsAnyThreadActive();
__declspec(dllexport) bool TITCALL ThreaderExecuteOnlyInjectedThreads();
__declspec(dllexport) long long TITCALL ThreaderGetOpenHandleForThread(DWORD ThreadId);
__declspec(dllexport) void* TITCALL ThreaderGetThreadData();
__declspec(dllexport) bool TITCALL ThreaderIsExceptionInMainThread();
// TitanEngine.Debugger.functions:
__declspec(dllexport) void* TITCALL StaticDisassembleEx(ULONG_PTR DisassmStart, LPVOID DisassmAddress);
__declspec(dllexport) void* TITCALL StaticDisassemble(LPVOID DisassmAddress);
__declspec(dllexport) void* TITCALL DisassembleEx(HANDLE hProcess, LPVOID DisassmAddress, bool ReturnInstructionType);
__declspec(dllexport) void* TITCALL Disassemble(LPVOID DisassmAddress);
__declspec(dllexport) long TITCALL StaticLengthDisassemble(LPVOID DisassmAddress);
__declspec(dllexport) long TITCALL LengthDisassembleEx(HANDLE hProcess, LPVOID DisassmAddress);
__declspec(dllexport) long TITCALL LengthDisassemble(LPVOID DisassmAddress);
__declspec(dllexport) void* TITCALL InitDebug(char* szFileName, char* szCommandLine, char* szCurrentFolder);
__declspec(dllexport) void* TITCALL InitDebugW(wchar_t* szFileName, wchar_t* szCommandLine, wchar_t* szCurrentFolder);
__declspec(dllexport) void* TITCALL InitDebugEx(char* szFileName, char* szCommandLine, char* szCurrentFolder, LPVOID EntryCallBack);
__declspec(dllexport) void* TITCALL InitDebugExW(wchar_t* szFileName, wchar_t* szCommandLine, wchar_t* szCurrentFolder, LPVOID EntryCallBack);
__declspec(dllexport) void* TITCALL InitDLLDebug(char* szFileName, bool ReserveModuleBase, char* szCommandLine, char* szCurrentFolder, LPVOID EntryCallBack);
__declspec(dllexport) void* TITCALL InitDLLDebugW(wchar_t* szFileName, bool ReserveModuleBase, wchar_t* szCommandLine, wchar_t* szCurrentFolder, LPVOID EntryCallBack);
__declspec(dllexport) bool TITCALL StopDebug();
__declspec(dllexport) void TITCALL SetBPXOptions(long DefaultBreakPointType);
__declspec(dllexport) bool TITCALL IsBPXEnabled(ULONG_PTR bpxAddress);
__declspec(dllexport) bool TITCALL EnableBPX(ULONG_PTR bpxAddress);
__declspec(dllexport) bool TITCALL DisableBPX(ULONG_PTR bpxAddress);
__declspec(dllexport) bool TITCALL SetBPX(ULONG_PTR bpxAddress, DWORD bpxType, LPVOID bpxCallBack);
__declspec(dllexport) bool TITCALL SetBPXEx(ULONG_PTR bpxAddress, DWORD bpxType, DWORD NumberOfExecution, DWORD CmpRegister, DWORD CmpCondition, ULONG_PTR CmpValue, LPVOID bpxCallBack, LPVOID bpxCompareCallBack, LPVOID bpxRemoveCallBack);
__declspec(dllexport) bool TITCALL DeleteBPX(ULONG_PTR bpxAddress);
__declspec(dllexport) bool TITCALL SafeDeleteBPX(ULONG_PTR bpxAddress);
__declspec(dllexport) bool TITCALL SetAPIBreakPoint(char* szDLLName, char* szAPIName, DWORD bpxType, DWORD bpxPlace, LPVOID bpxCallBack);
__declspec(dllexport) bool TITCALL DeleteAPIBreakPoint(char* szDLLName, char* szAPIName, DWORD bpxPlace);
__declspec(dllexport) bool TITCALL SafeDeleteAPIBreakPoint(char* szDLLName, char* szAPIName, DWORD bpxPlace);
__declspec(dllexport) bool TITCALL SetMemoryBPX(ULONG_PTR MemoryStart, DWORD SizeOfMemory, LPVOID bpxCallBack);
__declspec(dllexport) bool TITCALL SetMemoryBPXEx(ULONG_PTR MemoryStart, DWORD SizeOfMemory, DWORD BreakPointType, bool RestoreOnHit, LPVOID bpxCallBack);
__declspec(dllexport) bool TITCALL RemoveMemoryBPX(ULONG_PTR MemoryStart, DWORD SizeOfMemory);
__declspec(dllexport) bool TITCALL GetContextFPUDataEx(HANDLE hActiveThread, void* FPUSaveArea);
__declspec(dllexport) long long TITCALL GetContextDataEx(HANDLE hActiveThread, DWORD IndexOfRegister);
__declspec(dllexport) long long TITCALL GetContextData(DWORD IndexOfRegister);
__declspec(dllexport) bool TITCALL SetContextFPUDataEx(HANDLE hActiveThread, void* FPUSaveArea);
__declspec(dllexport) bool TITCALL SetContextDataEx(HANDLE hActiveThread, DWORD IndexOfRegister, ULONG_PTR NewRegisterValue);
__declspec(dllexport) bool TITCALL SetContextData(DWORD IndexOfRegister, ULONG_PTR NewRegisterValue);
__declspec(dllexport) void TITCALL ClearExceptionNumber();
__declspec(dllexport) long TITCALL CurrentExceptionNumber();
__declspec(dllexport) bool TITCALL MatchPatternEx(HANDLE hProcess, void* MemoryToCheck, int SizeOfMemoryToCheck, void* PatternToMatch, int SizeOfPatternToMatch, PBYTE WildCard);
__declspec(dllexport) bool TITCALL MatchPattern(void* MemoryToCheck, int SizeOfMemoryToCheck, void* PatternToMatch, int SizeOfPatternToMatch, PBYTE WildCard);
__declspec(dllexport) long long TITCALL FindEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, LPBYTE WildCard);
extern "C" __declspec(dllexport) long long TITCALL Find(LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, LPBYTE WildCard);
__declspec(dllexport) bool TITCALL FillEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, PBYTE FillByte);
__declspec(dllexport) bool TITCALL Fill(LPVOID MemoryStart, DWORD MemorySize, PBYTE FillByte);
__declspec(dllexport) bool TITCALL PatchEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, LPVOID ReplacePattern, DWORD ReplaceSize, bool AppendNOP, bool PrependNOP);
__declspec(dllexport) bool TITCALL Patch(LPVOID MemoryStart, DWORD MemorySize, LPVOID ReplacePattern, DWORD ReplaceSize, bool AppendNOP, bool PrependNOP);
__declspec(dllexport) bool TITCALL ReplaceEx(HANDLE hProcess, LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, DWORD NumberOfRepetitions, LPVOID ReplacePattern, DWORD ReplaceSize, PBYTE WildCard);
__declspec(dllexport) bool TITCALL Replace(LPVOID MemoryStart, DWORD MemorySize, LPVOID SearchPattern, DWORD PatternSize, DWORD NumberOfRepetitions, LPVOID ReplacePattern, DWORD ReplaceSize, PBYTE WildCard);
__declspec(dllexport) void* TITCALL GetDebugData();
__declspec(dllexport) void* TITCALL GetTerminationData();
__declspec(dllexport) long TITCALL GetExitCode();
__declspec(dllexport) long long TITCALL GetDebuggedDLLBaseAddress();
__declspec(dllexport) unsigned long long TITCALL GetDebuggedFileBaseAddress();
__declspec(dllexport) bool TITCALL GetRemoteString(HANDLE hProcess, LPVOID StringAddress, LPVOID StringStorage, int MaximumStringSize);
__declspec(dllexport) long long TITCALL GetFunctionParameter(HANDLE hProcess, DWORD FunctionType, DWORD ParameterNumber, DWORD ParameterType);
__declspec(dllexport) long long TITCALL GetJumpDestinationEx(HANDLE hProcess, ULONG_PTR InstructionAddress, bool JustJumps);
__declspec(dllexport) long long TITCALL GetJumpDestination(HANDLE hProcess, ULONG_PTR InstructionAddress);
__declspec(dllexport) bool TITCALL IsJumpGoingToExecuteEx(HANDLE hProcess, HANDLE hThread, ULONG_PTR InstructionAddress, ULONG_PTR RegFlags);
__declspec(dllexport) bool TITCALL IsJumpGoingToExecute();
__declspec(dllexport) void TITCALL SetCustomHandler(DWORD ExceptionId, LPVOID CallBack);
__declspec(dllexport) void TITCALL ForceClose();
__declspec(dllexport) void TITCALL StepInto(LPVOID traceCallBack);
__declspec(dllexport) void TITCALL StepOver(LPVOID traceCallBack);
__declspec(dllexport) void TITCALL SingleStep(DWORD StepCount, LPVOID StepCallBack);
__declspec(dllexport) bool TITCALL GetUnusedHardwareBreakPointRegister(LPDWORD RegisterIndex);
__declspec(dllexport) bool TITCALL SetHardwareBreakPointEx(HANDLE hActiveThread, ULONG_PTR bpxAddress, DWORD IndexOfRegister, DWORD bpxType, DWORD bpxSize, LPVOID bpxCallBack, LPDWORD IndexOfSelectedRegister);
__declspec(dllexport) bool TITCALL SetHardwareBreakPoint(ULONG_PTR bpxAddress, DWORD IndexOfRegister, DWORD bpxType, DWORD bpxSize, LPVOID bpxCallBack);
__declspec(dllexport) bool TITCALL DeleteHardwareBreakPoint(DWORD IndexOfRegister);
__declspec(dllexport) bool TITCALL RemoveAllBreakPoints(DWORD RemoveOption);
__declspec(dllexport) void* TITCALL GetProcessInformation();
__declspec(dllexport) void* TITCALL GetStartupInformation();
__declspec(dllexport) void TITCALL DebugLoop();
__declspec(dllexport) void TITCALL SetDebugLoopTimeOut(DWORD TimeOut);
__declspec(dllexport) void TITCALL SetNextDbgContinueStatus(DWORD SetDbgCode);
__declspec(dllexport) bool TITCALL AttachDebugger(DWORD ProcessId, bool KillOnExit, LPVOID DebugInfo, LPVOID CallBack);
__declspec(dllexport) bool TITCALL DetachDebugger(DWORD ProcessId);
__declspec(dllexport) bool TITCALL DetachDebuggerEx(DWORD ProcessId);
__declspec(dllexport) void TITCALL DebugLoopEx(DWORD TimeOut);
__declspec(dllexport) void TITCALL AutoDebugEx(char* szFileName, bool ReserveModuleBase, char* szCommandLine, char* szCurrentFolder, DWORD TimeOut, LPVOID EntryCallBack);
__declspec(dllexport) void TITCALL AutoDebugExW(wchar_t* szFileName, bool ReserveModuleBase, wchar_t* szCommandLine, wchar_t* szCurrentFolder, DWORD TimeOut, LPVOID EntryCallBack);
__declspec(dllexport) bool TITCALL IsFileBeingDebugged();
__declspec(dllexport) void TITCALL SetErrorModel(bool DisplayErrorMessages);
// TitanEngine.FindOEP.functions:
__declspec(dllexport) void TITCALL FindOEPInit();
__declspec(dllexport) bool TITCALL FindOEPGenerically(char* szFileName, LPVOID TraceInitCallBack, LPVOID CallBack);
__declspec(dllexport) bool TITCALL FindOEPGenericallyW(wchar_t* szFileName, LPVOID TraceInitCallBack, LPVOID CallBack);
// TitanEngine.Importer.functions:
__declspec(dllexport) void TITCALL ImporterCleanup();
__declspec(dllexport) void TITCALL ImporterSetImageBase(ULONG_PTR ImageBase);
__declspec(dllexport) void TITCALL ImporterSetUnknownDelta(ULONG_PTR DeltaAddress);
__declspec(dllexport) long long TITCALL ImporterGetCurrentDelta();
__declspec(dllexport) void TITCALL ImporterInit(DWORD MemorySize, ULONG_PTR ImageBase);
__declspec(dllexport) void TITCALL ImporterAddNewDll(char* szDLLName, ULONG_PTR FirstThunk);
__declspec(dllexport) void TITCALL ImporterAddNewAPI(char* szAPIName, ULONG_PTR ThunkValue);
__declspec(dllexport) void TITCALL ImporterAddNewOrdinalAPI(ULONG_PTR OrdinalNumber, ULONG_PTR ThunkValue);
__declspec(dllexport) long TITCALL ImporterGetAddedDllCount();
__declspec(dllexport) long TITCALL ImporterGetAddedAPICount();
__declspec(dllexport) void* TITCALL ImporterGetLastAddedDLLName();
__declspec(dllexport) void TITCALL ImporterMoveIAT();
__declspec(dllexport) bool TITCALL ImporterExportIAT(ULONG_PTR StorePlace, ULONG_PTR FileMapVA);
__declspec(dllexport) long TITCALL ImporterEstimatedSize();
__declspec(dllexport) bool TITCALL ImporterExportIATEx(char* szExportFileName, char* szSectionName);
__declspec(dllexport) bool TITCALL ImporterExportIATExW(wchar_t* szExportFileName, char* szSectionName);
__declspec(dllexport) long long TITCALL ImporterFindAPIWriteLocation(char* szAPIName);
__declspec(dllexport) long long TITCALL ImporterFindOrdinalAPIWriteLocation(ULONG_PTR OrdinalNumber);
__declspec(dllexport) long long TITCALL ImporterFindAPIByWriteLocation(ULONG_PTR APIWriteLocation);
__declspec(dllexport) long long TITCALL ImporterFindDLLByWriteLocation(ULONG_PTR APIWriteLocation);
__declspec(dllexport) void* TITCALL ImporterGetDLLName(ULONG_PTR APIAddress);
__declspec(dllexport) void* TITCALL ImporterGetAPIName(ULONG_PTR APIAddress);
__declspec(dllexport) long long TITCALL ImporterGetAPIOrdinalNumber(ULONG_PTR APIAddress);
__declspec(dllexport) void* TITCALL ImporterGetAPINameEx(ULONG_PTR APIAddress, ULONG_PTR DLLBasesList);
__declspec(dllexport) long long TITCALL ImporterGetRemoteAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllexport) long long TITCALL ImporterGetRemoteAPIAddressEx(char* szDLLName, char* szAPIName);
__declspec(dllexport) long long TITCALL ImporterGetLocalAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllexport) void* TITCALL ImporterGetDLLNameFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllexport) void* TITCALL ImporterGetAPINameFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllexport) long long TITCALL ImporterGetAPIOrdinalNumberFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllexport) long TITCALL ImporterGetDLLIndexEx(ULONG_PTR APIAddress, ULONG_PTR DLLBasesList);
__declspec(dllexport) long TITCALL ImporterGetDLLIndex(HANDLE hProcess, ULONG_PTR APIAddress, ULONG_PTR DLLBasesList);
__declspec(dllexport) long long TITCALL ImporterGetRemoteDLLBase(HANDLE hProcess, HMODULE LocalModuleBase);
__declspec(dllexport) long long TITCALL ImporterGetRemoteDLLBaseEx(HANDLE hProcess, char* szModuleName);
__declspec(dllexport) bool TITCALL ImporterRelocateWriteLocation(ULONG_PTR AddValue);
__declspec(dllexport) bool TITCALL ImporterIsForwardedAPI(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllexport) void* TITCALL ImporterGetForwardedAPIName(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllexport) void* TITCALL ImporterGetForwardedDLLName(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllexport) long TITCALL ImporterGetForwardedDLLIndex(HANDLE hProcess, ULONG_PTR APIAddress, ULONG_PTR DLLBasesList);
__declspec(dllexport) long long TITCALL ImporterGetForwardedAPIOrdinalNumber(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllexport) long long TITCALL ImporterGetNearestAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllexport) void* TITCALL ImporterGetNearestAPIName(HANDLE hProcess, ULONG_PTR APIAddress);
__declspec(dllexport) bool TITCALL ImporterCopyOriginalIAT(char* szOriginalFile, char* szDumpFile);
__declspec(dllexport) bool TITCALL ImporterCopyOriginalIATW(wchar_t* szOriginalFile, wchar_t* szDumpFile);
__declspec(dllexport) bool TITCALL ImporterLoadImportTable(char* szFileName);
__declspec(dllexport) bool TITCALL ImporterLoadImportTableW(wchar_t* szFileName);
__declspec(dllexport) bool TITCALL ImporterMoveOriginalIAT(char* szOriginalFile, char* szDumpFile, char* szSectionName);
__declspec(dllexport) bool TITCALL ImporterMoveOriginalIATW(wchar_t* szOriginalFile, wchar_t* szDumpFile, char* szSectionName);
__declspec(dllexport) void TITCALL ImporterAutoSearchIAT(HANDLE hProcess, char* szFileName, ULONG_PTR ImageBase, ULONG_PTR SearchStart, DWORD SearchSize, LPVOID pIATStart, LPVOID pIATSize);
__declspec(dllexport) void TITCALL ImporterAutoSearchIATW(HANDLE hProcess, wchar_t* szFileName, ULONG_PTR ImageBase, ULONG_PTR SearchStart, DWORD SearchSize, LPVOID pIATStart, LPVOID pIATSize);
__declspec(dllexport) void TITCALL ImporterAutoSearchIATEx(HANDLE hProcess, ULONG_PTR ImageBase, ULONG_PTR SearchStart, DWORD SearchSize, LPVOID pIATStart, LPVOID pIATSize);
__declspec(dllexport) void TITCALL ImporterEnumAddedData(LPVOID EnumCallBack);
__declspec(dllexport) long TITCALL ImporterAutoFixIATEx(HANDLE hProcess, char* szDumpedFile, char* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, DWORD SearchSize, DWORD SearchStep, bool TryAutoFix, bool FixEliminations, LPVOID UnknownPointerFixCallback);
__declspec(dllexport) long TITCALL ImporterAutoFixIATExW(HANDLE hProcess, wchar_t* szDumpedFile, char* szSectionName, bool DumpRunningProcess, bool RealignFile, ULONG_PTR EntryPointAddress, ULONG_PTR ImageBase, ULONG_PTR SearchStart, DWORD SearchSize, DWORD SearchStep, bool TryAutoFix, bool FixEliminations, LPVOID UnknownPointerFixCallback);
__declspec(dllexport) long TITCALL ImporterAutoFixIAT(HANDLE hProcess, char* szDumpedFile, ULONG_PTR ImageBase, ULONG_PTR SearchStart, DWORD SearchSize, DWORD SearchStep);
__declspec(dllexport) long TITCALL ImporterAutoFixIATW(HANDLE hProcess, wchar_t* szDumpedFile, ULONG_PTR ImageBase, ULONG_PTR SearchStart, DWORD SearchSize, DWORD SearchStep);
// Global.Engine.Hook.functions:
__declspec(dllexport) bool TITCALL HooksSafeTransitionEx(LPVOID HookAddressArray, int NumberOfHooks, bool TransitionStart);
__declspec(dllexport) bool TITCALL HooksSafeTransition(LPVOID HookAddress, bool TransitionStart);
__declspec(dllexport) bool TITCALL HooksIsAddressRedirected(LPVOID HookAddress);
__declspec(dllexport) void* TITCALL HooksGetTrampolineAddress(LPVOID HookAddress);
__declspec(dllexport) void* TITCALL HooksGetHookEntryDetails(LPVOID HookAddress);
__declspec(dllexport) bool TITCALL HooksInsertNewRedirection(LPVOID HookAddress, LPVOID RedirectTo, int HookType);
__declspec(dllexport) bool TITCALL HooksInsertNewIATRedirectionEx(ULONG_PTR FileMapVA, ULONG_PTR LoadedModuleBase, char* szHookFunction, LPVOID RedirectTo);
__declspec(dllexport) bool TITCALL HooksInsertNewIATRedirection(char* szModuleName, char* szHookFunction, LPVOID RedirectTo);
__declspec(dllexport) bool TITCALL HooksRemoveRedirection(LPVOID HookAddress, bool RemoveAll);
__declspec(dllexport) bool TITCALL HooksRemoveRedirectionsForModule(HMODULE ModuleBase);
__declspec(dllexport) bool TITCALL HooksRemoveIATRedirection(char* szModuleName, char* szHookFunction, bool RemoveAll);
__declspec(dllexport) bool TITCALL HooksDisableRedirection(LPVOID HookAddress, bool DisableAll);
__declspec(dllexport) bool TITCALL HooksDisableRedirectionsForModule(HMODULE ModuleBase);
__declspec(dllexport) bool TITCALL HooksDisableIATRedirection(char* szModuleName, char* szHookFunction, bool DisableAll);
__declspec(dllexport) bool TITCALL HooksEnableRedirection(LPVOID HookAddress, bool EnableAll);
__declspec(dllexport) bool TITCALL HooksEnableRedirectionsForModule(HMODULE ModuleBase);
__declspec(dllexport) bool TITCALL HooksEnableIATRedirection(char* szModuleName, char* szHookFunction, bool EnableAll);
__declspec(dllexport) void TITCALL HooksScanModuleMemory(HMODULE ModuleBase, LPVOID CallBack);
__declspec(dllexport) void TITCALL HooksScanEntireProcessMemory(LPVOID CallBack);
__declspec(dllexport) void TITCALL HooksScanEntireProcessMemoryEx();
// TitanEngine.Tracer.functions:
__declspec(dllexport) void TITCALL TracerInit();
__declspec(dllexport) long long TITCALL TracerLevel1(HANDLE hProcess, ULONG_PTR AddressToTrace);
__declspec(dllexport) long long TITCALL HashTracerLevel1(HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD InputNumberOfInstructions);
__declspec(dllexport) long TITCALL TracerDetectRedirection(HANDLE hProcess, ULONG_PTR AddressToTrace);
__declspec(dllexport) long long TITCALL TracerFixKnownRedirection(HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD RedirectionId);
__declspec(dllexport) long long TITCALL TracerFixRedirectionViaModule(HMODULE hModuleHandle, HANDLE hProcess, ULONG_PTR AddressToTrace, DWORD IdParameter);
__declspec(dllexport) long TITCALL TracerFixRedirectionViaImpRecPlugin(HANDLE hProcess, char* szPluginName, ULONG_PTR AddressToTrace);
// TitanEngine.Exporter.functions:
__declspec(dllexport) void TITCALL ExporterCleanup();
__declspec(dllexport) void TITCALL ExporterSetImageBase(ULONG_PTR ImageBase);
__declspec(dllexport) void TITCALL ExporterInit(DWORD MemorySize, ULONG_PTR ImageBase, DWORD ExportOrdinalBase, char* szExportModuleName);
__declspec(dllexport) bool TITCALL ExporterAddNewExport(char* szExportName, DWORD ExportRelativeAddress);
__declspec(dllexport) bool TITCALL ExporterAddNewOrdinalExport(DWORD OrdinalNumber, DWORD ExportRelativeAddress);
__declspec(dllexport) long TITCALL ExporterGetAddedExportCount();
__declspec(dllexport) long TITCALL ExporterEstimatedSize();
__declspec(dllexport) bool TITCALL ExporterBuildExportTable(ULONG_PTR StorePlace, ULONG_PTR FileMapVA);
__declspec(dllexport) bool TITCALL ExporterBuildExportTableEx(char* szExportFileName, char* szSectionName);
__declspec(dllexport) bool TITCALL ExporterBuildExportTableExW(wchar_t* szExportFileName, char* szSectionName);
__declspec(dllexport) bool TITCALL ExporterLoadExportTable(char* szFileName);
__declspec(dllexport) bool TITCALL ExporterLoadExportTableW(wchar_t* szFileName);
// TitanEngine.Librarian.functions:
__declspec(dllexport) bool TITCALL LibrarianSetBreakPoint(char* szLibraryName, DWORD bpxType, bool SingleShoot, LPVOID bpxCallBack);
__declspec(dllexport) bool TITCALL LibrarianRemoveBreakPoint(char* szLibraryName, DWORD bpxType);
__declspec(dllexport) void* TITCALL LibrarianGetLibraryInfo(char* szLibraryName);
__declspec(dllexport) void* TITCALL LibrarianGetLibraryInfoW(wchar_t* szLibraryName);
__declspec(dllexport) void* TITCALL LibrarianGetLibraryInfoEx(void* BaseOfDll);
__declspec(dllexport) void* TITCALL LibrarianGetLibraryInfoExW(void* BaseOfDll);
__declspec(dllexport) void TITCALL LibrarianEnumLibraryInfo(void* EnumCallBack);
__declspec(dllexport) void TITCALL LibrarianEnumLibraryInfoW(void* EnumCallBack);
// TitanEngine.Process.functions:
__declspec(dllexport) long TITCALL GetActiveProcessId(char* szImageName);
__declspec(dllexport) long TITCALL GetActiveProcessIdW(wchar_t* szImageName);
__declspec(dllexport) void TITCALL EnumProcessesWithLibrary(char* szLibraryName, void* EnumFunction);
// TitanEngine.TLSFixer.functions:
__declspec(dllexport) bool TITCALL TLSBreakOnCallBack(LPVOID ArrayOfCallBacks, DWORD NumberOfCallBacks, LPVOID bpxCallBack);
__declspec(dllexport) bool TITCALL TLSGrabCallBackData(char* szFileName, LPVOID ArrayOfCallBacks, LPDWORD NumberOfCallBacks);
__declspec(dllexport) bool TITCALL TLSGrabCallBackDataW(wchar_t* szFileName, LPVOID ArrayOfCallBacks, LPDWORD NumberOfCallBacks);
__declspec(dllexport) bool TITCALL TLSBreakOnCallBackEx(char* szFileName, LPVOID bpxCallBack);
__declspec(dllexport) bool TITCALL TLSBreakOnCallBackExW(wchar_t* szFileName, LPVOID bpxCallBack);
__declspec(dllexport) bool TITCALL TLSRemoveCallback(char* szFileName);
__declspec(dllexport) bool TITCALL TLSRemoveCallbackW(wchar_t* szFileName);
__declspec(dllexport) bool TITCALL TLSRemoveTable(char* szFileName);
__declspec(dllexport) bool TITCALL TLSRemoveTableW(wchar_t* szFileName);
__declspec(dllexport) bool TITCALL TLSBackupData(char* szFileName);
__declspec(dllexport) bool TITCALL TLSBackupDataW(wchar_t* szFileName);
__declspec(dllexport) bool TITCALL TLSRestoreData();
__declspec(dllexport) bool TITCALL TLSBuildNewTable(ULONG_PTR FileMapVA, ULONG_PTR StorePlace, ULONG_PTR StorePlaceRVA, LPVOID ArrayOfCallBacks, DWORD NumberOfCallBacks);
__declspec(dllexport) bool TITCALL TLSBuildNewTableEx(char* szFileName, char* szSectionName, LPVOID ArrayOfCallBacks, DWORD NumberOfCallBacks);
__declspec(dllexport) bool TITCALL TLSBuildNewTableExW(wchar_t* szFileName, char* szSectionName, LPVOID ArrayOfCallBacks, DWORD NumberOfCallBacks);
// TitanEngine.TranslateName.functions:
__declspec(dllexport) void* TITCALL TranslateNativeName(char* szNativeName);
__declspec(dllexport) void* TITCALL TranslateNativeNameW(wchar_t* szNativeName);
// TitanEngine.Handler.functions:
__declspec(dllexport) long TITCALL HandlerGetActiveHandleCount(DWORD ProcessId);
__declspec(dllexport) bool TITCALL HandlerIsHandleOpen(DWORD ProcessId, HANDLE hHandle);
__declspec(dllexport) void* TITCALL HandlerGetHandleName(HANDLE hProcess, DWORD ProcessId, HANDLE hHandle, bool TranslateName);
__declspec(dllexport) void* TITCALL HandlerGetHandleNameW(HANDLE hProcess, DWORD ProcessId, HANDLE hHandle, bool TranslateName);
__declspec(dllexport) long TITCALL HandlerEnumerateOpenHandles(DWORD ProcessId, LPVOID HandleBuffer, DWORD MaxHandleCount);
__declspec(dllexport) long long TITCALL HandlerGetHandleDetails(HANDLE hProcess, DWORD ProcessId, HANDLE hHandle, DWORD InformationReturn);
__declspec(dllexport) bool TITCALL HandlerCloseRemoteHandle(HANDLE hProcess, HANDLE hHandle);
__declspec(dllexport) long TITCALL HandlerEnumerateLockHandles(char* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated, LPVOID HandleDataBuffer, DWORD MaxHandleCount);
__declspec(dllexport) long TITCALL HandlerEnumerateLockHandlesW(wchar_t* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated, LPVOID HandleDataBuffer, DWORD MaxHandleCount);
__declspec(dllexport) bool TITCALL HandlerCloseAllLockHandles(char* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated);
__declspec(dllexport) bool TITCALL HandlerCloseAllLockHandlesW(wchar_t* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated);
__declspec(dllexport) bool TITCALL HandlerIsFileLocked(char* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated);
__declspec(dllexport) bool TITCALL HandlerIsFileLockedW(wchar_t* szFileOrFolderName, bool NameIsFolder, bool NameIsTranslated);
// TitanEngine.Handler[Mutex].functions:
__declspec(dllexport) long TITCALL HandlerEnumerateOpenMutexes(HANDLE hProcess, DWORD ProcessId, LPVOID HandleBuffer, DWORD MaxHandleCount);
__declspec(dllexport) long long TITCALL HandlerGetOpenMutexHandle(HANDLE hProcess, DWORD ProcessId, char* szMutexString);
__declspec(dllexport) long long TITCALL HandlerGetOpenMutexHandleW(HANDLE hProcess, DWORD ProcessId, wchar_t* szMutexString);
__declspec(dllexport) long TITCALL HandlerGetProcessIdWhichCreatedMutex(char* szMutexString);
__declspec(dllexport) long TITCALL HandlerGetProcessIdWhichCreatedMutexW(wchar_t* szMutexString);
// TitanEngine.Injector.functions:
__declspec(dllexport) bool TITCALL RemoteLoadLibrary(HANDLE hProcess, char* szLibraryFile, bool WaitForThreadExit);
__declspec(dllexport) bool TITCALL RemoteLoadLibraryW(HANDLE hProcess, wchar_t* szLibraryFile, bool WaitForThreadExit);
__declspec(dllexport) bool TITCALL RemoteFreeLibrary(HANDLE hProcess, HMODULE hModule, char* szLibraryFile, bool WaitForThreadExit);
__declspec(dllexport) bool TITCALL RemoteFreeLibraryW(HANDLE hProcess, HMODULE hModule, wchar_t* szLibraryFile, bool WaitForThreadExit);
__declspec(dllexport) bool TITCALL RemoteExitProcess(HANDLE hProcess, DWORD ExitCode);
// TitanEngine.StaticUnpacker.functions:
__declspec(dllexport) bool TITCALL StaticFileLoad(char* szFileName, DWORD DesiredAccess, bool SimulateLoad, LPHANDLE FileHandle, LPDWORD LoadedSize, LPHANDLE FileMap, PULONG_PTR FileMapVA);
__declspec(dllexport) bool TITCALL StaticFileLoadW(wchar_t* szFileName, DWORD DesiredAccess, bool SimulateLoad, LPHANDLE FileHandle, LPDWORD LoadedSize, LPHANDLE FileMap, PULONG_PTR FileMapVA);
__declspec(dllexport) bool TITCALL StaticFileUnload(char* szFileName, bool CommitChanges, HANDLE FileHandle, DWORD LoadedSize, HANDLE FileMap, ULONG_PTR FileMapVA);
__declspec(dllexport) bool TITCALL StaticFileUnloadW(wchar_t* szFileName, bool CommitChanges, HANDLE FileHandle, DWORD LoadedSize, HANDLE FileMap, ULONG_PTR FileMapVA);
__declspec(dllexport) bool TITCALL StaticFileOpen(char* szFileName, DWORD DesiredAccess, LPHANDLE FileHandle, LPDWORD FileSizeLow, LPDWORD FileSizeHigh);
__declspec(dllexport) bool TITCALL StaticFileOpenW(wchar_t* szFileName, DWORD DesiredAccess, LPHANDLE FileHandle, LPDWORD FileSizeLow, LPDWORD FileSizeHigh);
__declspec(dllexport) bool TITCALL StaticFileGetContent(HANDLE FileHandle, DWORD FilePositionLow, LPDWORD FilePositionHigh, void* Buffer, DWORD Size);
__declspec(dllexport) void TITCALL StaticFileClose(HANDLE FileHandle);
__declspec(dllexport) void TITCALL StaticMemoryDecrypt(LPVOID MemoryStart, DWORD MemorySize, DWORD DecryptionType, DWORD DecryptionKeySize, ULONG_PTR DecryptionKey);
__declspec(dllexport) void TITCALL StaticMemoryDecryptEx(LPVOID MemoryStart, DWORD MemorySize, DWORD DecryptionKeySize, void* DecryptionCallBack);
__declspec(dllexport) void TITCALL StaticMemoryDecryptSpecial(LPVOID MemoryStart, DWORD MemorySize, DWORD DecryptionKeySize, DWORD SpecDecryptionType, void* DecryptionCallBack);
__declspec(dllexport) void TITCALL StaticSectionDecrypt(ULONG_PTR FileMapVA, DWORD SectionNumber, bool SimulateLoad, DWORD DecryptionType, DWORD DecryptionKeySize, ULONG_PTR DecryptionKey);
__declspec(dllexport) bool TITCALL StaticMemoryDecompress(void* Source, DWORD SourceSize, void* Destination, DWORD DestinationSize, int Algorithm);
__declspec(dllexport) bool TITCALL StaticRawMemoryCopy(HANDLE hFile, ULONG_PTR FileMapVA, ULONG_PTR VitualAddressToCopy, DWORD Size, bool AddressIsRVA, char* szDumpFileName);
__declspec(dllexport) bool TITCALL StaticRawMemoryCopyW(HANDLE hFile, ULONG_PTR FileMapVA, ULONG_PTR VitualAddressToCopy, DWORD Size, bool AddressIsRVA, wchar_t* szDumpFileName);
__declspec(dllexport) bool TITCALL StaticRawMemoryCopyEx(HANDLE hFile, DWORD RawAddressToCopy, DWORD Size, char* szDumpFileName);
__declspec(dllexport) bool TITCALL StaticRawMemoryCopyExW(HANDLE hFile, DWORD RawAddressToCopy, DWORD Size, wchar_t* szDumpFileName);
__declspec(dllexport) bool TITCALL StaticRawMemoryCopyEx64(HANDLE hFile, DWORD64 RawAddressToCopy, DWORD64 Size, char* szDumpFileName);
__declspec(dllexport) bool TITCALL StaticRawMemoryCopyEx64W(HANDLE hFile, DWORD64 RawAddressToCopy, DWORD64 Size, wchar_t* szDumpFileName);
__declspec(dllexport) bool TITCALL StaticHashMemory(void* MemoryToHash, DWORD SizeOfMemory, void* HashDigest, bool OutputString, int Algorithm);
__declspec(dllexport) bool TITCALL StaticHashFileW(wchar_t* szFileName, char* HashDigest, bool OutputString, int Algorithm);
__declspec(dllexport) bool TITCALL StaticHashFile(char* szFileName, char* HashDigest, bool OutputString, int Algorithm);
// TitanEngine.Engine.functions:
__declspec(dllexport) void TITCALL EngineUnpackerInitialize(char* szFileName, char* szUnpackedFileName, bool DoLogData, bool DoRealignFile, bool DoMoveOverlay, void* EntryCallBack);
__declspec(dllexport) void TITCALL EngineUnpackerInitializeW(wchar_t* szFileName, wchar_t* szUnpackedFileName, bool DoLogData, bool DoRealignFile, bool DoMoveOverlay, void* EntryCallBack);
__declspec(dllexport) bool TITCALL EngineUnpackerSetBreakCondition(void* SearchStart, DWORD SearchSize, void* SearchPattern, DWORD PatternSize, DWORD PatternDelta, ULONG_PTR BreakType, bool SingleBreak, DWORD Parameter1, DWORD Parameter2);
__declspec(dllexport) void TITCALL EngineUnpackerSetEntryPointAddress(ULONG_PTR UnpackedEntryPointAddress);
__declspec(dllexport) void TITCALL EngineUnpackerFinalizeUnpacking();
// TitanEngine.Engine.functions:
__declspec(dllexport) void TITCALL SetEngineVariable(DWORD VariableId, bool VariableSet);
__declspec(dllexport) bool TITCALL EngineCreateMissingDependencies(char* szFileName, char* szOutputFolder, bool LogCreatedFiles);
__declspec(dllexport) bool TITCALL EngineCreateMissingDependenciesW(wchar_t* szFileName, wchar_t* szOutputFolder, bool LogCreatedFiles);
__declspec(dllexport) bool TITCALL EngineFakeMissingDependencies(HANDLE hProcess);
__declspec(dllexport) bool TITCALL EngineDeleteCreatedDependencies();
__declspec(dllexport) bool TITCALL EngineCreateUnpackerWindow(char* WindowUnpackerTitle, char* WindowUnpackerLongTitle, char* WindowUnpackerName, char* WindowUnpackerAuthor, void* StartUnpackingCallBack);
__declspec(dllexport) void TITCALL EngineAddUnpackerWindowLogMessage(char* szLogMessage);
// Global.Engine.Extension.Functions:
__declspec(dllexport) bool TITCALL ExtensionManagerIsPluginLoaded(char* szPluginName);
__declspec(dllexport) bool TITCALL ExtensionManagerIsPluginEnabled(char* szPluginName);
__declspec(dllexport) bool TITCALL ExtensionManagerDisableAllPlugins();
__declspec(dllexport) bool TITCALL ExtensionManagerDisablePlugin(char* szPluginName);
__declspec(dllexport) bool TITCALL ExtensionManagerEnableAllPlugins();
__declspec(dllexport) bool TITCALL ExtensionManagerEnablePlugin(char* szPluginName);
__declspec(dllexport) bool TITCALL ExtensionManagerUnloadAllPlugins();
__declspec(dllexport) bool TITCALL ExtensionManagerUnloadPlugin(char* szPluginName);
__declspec(dllexport) void* TITCALL ExtensionManagerGetPluginInfo(char* szPluginName);
#ifdef __cplusplus
}
#endif
#pragma pack(pop)
#endif /*TITANENGINE*/

20727
x64_dbg_dbg/TitanEngine/TitanEngine.txt Normal file
View File

File diff suppressed because it is too large Load Diff

BIN
x64_dbg_dbg/TitanEngine/TitanEngine_x64.a Normal file
View File

Binary file not shown.

BIN
x64_dbg_dbg/TitanEngine/TitanEngine_x64.lib Normal file
View File

Binary file not shown.

BIN
x64_dbg_dbg/TitanEngine/TitanEngine_x86.a Normal file
View File

Binary file not shown.

BIN
x64_dbg_dbg/TitanEngine/TitanEngine_x86.lib Normal file
View File

Binary file not shown.

242
x64_dbg_dbg/_exports.cpp Normal file
View File

@ -0,0 +1,242 @@
#include "_exports.h"
#include "memory.h"
#include "debugger.h"
#include "value.h"
#include "addrinfo.h"
extern "C" DLL_EXPORT duint _dbg_memfindbaseaddr(duint addr, duint* size)
{
return memfindbaseaddr(fdProcessInfo->hProcess, addr, size);
}
extern "C" DLL_EXPORT bool _dbg_memread(duint addr, unsigned char* dest, duint size, duint* read)
{
dbgdisablebpx();
bool res=memread(fdProcessInfo->hProcess, (void*)addr, dest, size, read);
dbgenablebpx();
return res;
}
extern "C" DLL_EXPORT bool _dbg_memmap(MEMMAP* memmap)
{
memset(memmap, 0, sizeof(MEMMAP));
MEMORY_BASIC_INFORMATION mbi;
DWORD numBytes;
uint MyAddress=0, newAddress=0;
SymInitialize(fdProcessInfo->hProcess, 0, true);
std::vector<MEMPAGE> pageVector;
do
{
numBytes=VirtualQueryEx(fdProcessInfo->hProcess, (LPCVOID)MyAddress, &mbi, sizeof(mbi));
if(mbi.State==MEM_COMMIT)
{
MEMPAGE curPage;
IMAGEHLP_MODULE64 nfo;
nfo.SizeOfStruct=sizeof(IMAGEHLP_MODULE64);
if(SymGetModuleInfo64(fdProcessInfo->hProcess, MyAddress, &nfo))
memcpy(curPage.mod, nfo.ModuleName, sizeof(curPage.mod));
else
memset(curPage.mod, 0, sizeof(curPage.mod));
memcpy(&curPage.mbi, &mbi, sizeof(mbi));
pageVector.push_back(curPage);
memmap->count++;
}
newAddress=(uint)mbi.BaseAddress+mbi.RegionSize;
if(newAddress<=MyAddress)
numBytes=0;
else
MyAddress=newAddress;
}
while(numBytes);
//process vector
int pagecount=memmap->count;
memmap->page=(MEMPAGE*)BridgeAlloc(sizeof(MEMPAGE)*pagecount);
memset(memmap->page, 0, sizeof(MEMPAGE)*pagecount);
for(int i=0; i<pagecount; i++)
memcpy(&memmap->page[i], &pageVector.at(i), sizeof(MEMPAGE));
return true;
}
extern "C" DLL_EXPORT void _dbg_dbgexitsignal()
{
//TODO: handle exit signal
cbStopDebug("");
Sleep(200);
DeleteFileA("DLLLoader.exe");
}
extern "C" DLL_EXPORT bool _dbg_valfromstring(const char* string, duint* value)
{
return valfromstring(string, value, 0, 0, true, 0);
}
extern "C" DLL_EXPORT bool _dbg_isdebugging()
{
return IsFileBeingDebugged();
}
extern "C" DLL_EXPORT bool _dbg_isjumpgoingtoexecute(duint addr)
{
static unsigned int cacheFlags;
static uint cacheAddr;
static bool cacheResult;
if(cacheAddr!=addr or cacheFlags!=GetContextData(UE_EFLAGS))
{
cacheFlags=GetContextData(UE_EFLAGS);
cacheAddr=addr;
cacheResult=IsJumpGoingToExecuteEx(fdProcessInfo->hProcess, fdProcessInfo->hThread, (ULONG_PTR)cacheAddr, cacheFlags);
}
return cacheResult;
}
extern "C" DLL_EXPORT bool _dbg_addrinfoget(duint addr, SEGMENTREG segment, ADDRINFO* addrinfo)
{
bool retval=false;
if(addrinfo->flags&module) //get module
{
char module[64]="";
if(modnamefromaddr(addr, module) and strlen(module)<32) //get module name
{
strcpy(addrinfo->module, module);
retval=true;
}
}
if(addrinfo->flags&label) //TODO: get label
{
//TODO: label exports
}
if(addrinfo->flags&comment) //TODO: get comment
{
//TODO: auto-comments
}
return retval;
}
extern "C" DLL_EXPORT bool _dbg_addrinfoset(duint addr, ADDRINFO* addrinfo)
{
return false;
}
extern "C" DLL_EXPORT BPXTYPE _dbg_bpgettypeat(duint addr)
{
BREAKPOINT* found=bpfind(bplist, 0, addr, 0, BPNOTYPE);
if(!found or !found->enabled) //none found or disabled
return bpnone;
switch(found->type)
{
case BPNORMAL:
case BPSINGLESHOOT:
return bpnormal;
case BPHARDWARE:
return bphardware;
case BPMEMORY:
return bpmemory;
default:
break;
}
return bpnone;
}
extern "C" DLL_EXPORT bool _dbg_getregdump(REGDUMP* regdump)
{
if(!IsFileBeingDebugged())
{
memset(regdump, 0, sizeof(REGDUMP));
return true;
}
REGDUMP r;
#ifdef _WIN64
r.cax=GetContextData(UE_RAX);
#else
r.cax=(duint)GetContextData(UE_EAX);
#endif // _WIN64
#ifdef _WIN64
r.ccx=GetContextData(UE_RCX);
#else
r.ccx=(duint)GetContextData(UE_ECX);
#endif // _WIN64
#ifdef _WIN64
r.cdx=GetContextData(UE_RDX);
#else
r.cdx=(duint)GetContextData(UE_EDX);
#endif // _WIN64
#ifdef _WIN64
r.cbx=GetContextData(UE_RBX);
#else
r.cbx=(duint)GetContextData(UE_EBX);
#endif // _WIN64
#ifdef _WIN64
r.cbp=GetContextData(UE_RBP);
#else
r.cbp=(duint)GetContextData(UE_EBP);
#endif // _WIN64
#ifdef _WIN64
r.csi=GetContextData(UE_RSI);
#else
r.csi=(duint)GetContextData(UE_ESI);
#endif // _WIN64
#ifdef _WIN64
r.cdi=GetContextData(UE_RDI);
#else
r.cdi=(duint)GetContextData(UE_EDI);
#endif // _WIN64
#ifdef _WIN64
r.r8=GetContextData(UE_R8);
#endif // _WIN64
#ifdef _WIN64
r.r9=GetContextData(UE_R9);
#endif // _WIN64
#ifdef _WIN64
r.r10=GetContextData(UE_R10);
#endif // _WIN64
#ifdef _WIN64
r.r11=GetContextData(UE_R11);
#endif // _WIN64
#ifdef _WIN64
r.r12=GetContextData(UE_R12);
#endif // _WIN64
#ifdef _WIN64
r.r13=GetContextData(UE_R13);
#endif // _WIN64
#ifdef _WIN64
r.r14=GetContextData(UE_R14);
#endif // _WIN64
#ifdef _WIN64
r.r15=GetContextData(UE_R15);
#endif // _WIN64
r.csp=(duint)GetContextData(UE_CSP);
r.cip=(duint)GetContextData(UE_CIP);
r.eflags=(duint)GetContextData(UE_EFLAGS);
r.gs=(unsigned short)(GetContextData(UE_SEG_GS)&0xFFFF);
r.fs=(unsigned short)(GetContextData(UE_SEG_FS)&0xFFFF);
r.es=(unsigned short)(GetContextData(UE_SEG_ES)&0xFFFF);
r.ds=(unsigned short)(GetContextData(UE_SEG_DS)&0xFFFF);
r.cs=(unsigned short)(GetContextData(UE_SEG_CS)&0xFFFF);
r.ss=(unsigned short)(GetContextData(UE_SEG_SS)&0xFFFF);
r.dr0=(duint)GetContextData(UE_DR0);
r.dr1=(duint)GetContextData(UE_DR1);
r.dr2=(duint)GetContextData(UE_DR2);
r.dr3=(duint)GetContextData(UE_DR3);
r.dr6=(duint)GetContextData(UE_DR6);
r.dr7=(duint)GetContextData(UE_DR7);
duint cflags=r.eflags;
r.flags.c=valflagfromstring(cflags, "cf");
r.flags.p=valflagfromstring(cflags, "pf");
r.flags.a=valflagfromstring(cflags, "af");
r.flags.z=valflagfromstring(cflags, "zf");
r.flags.s=valflagfromstring(cflags, "sf");
r.flags.t=valflagfromstring(cflags, "tf");
r.flags.i=valflagfromstring(cflags, "if");
r.flags.d=valflagfromstring(cflags, "df");
r.flags.o=valflagfromstring(cflags, "of");
memcpy(regdump, &r, sizeof(REGDUMP));
return true;
}
extern "C" DLL_EXPORT bool _dbg_valtostring(const char* string, duint* value)
{
return valtostring(string, value, true);
}

28
x64_dbg_dbg/_exports.h Normal file
View File

@ -0,0 +1,28 @@
#ifndef _EXPORTS_H
#define _EXPORTS_H
#include "_global.h"
#ifdef __cplusplus
extern "C"
{
#endif
DLL_EXPORT duint _dbg_memfindbaseaddr(duint addr, duint* size);
DLL_EXPORT bool _dbg_memread(duint addr, unsigned char* dest, duint size, duint* read);
DLL_EXPORT bool _dbg_memmap(MEMMAP* memmap);
DLL_EXPORT void _dbg_dbgexitsignal();
DLL_EXPORT bool _dbg_valfromstring(const char* string, duint* value);
DLL_EXPORT bool _dbg_isdebugging();
DLL_EXPORT bool _dbg_isjumpgoingtoexecute(duint addr);
DLL_EXPORT bool _dbg_addrinfoget(duint addr, SEGMENTREG segment, ADDRINFO* addrinfo);
DLL_EXPORT bool _dbg_addrinfoset(duint addr, ADDRINFO* addrinfo);
DLL_EXPORT BPXTYPE _dbg_bpgettypeat(duint addr);
DLL_EXPORT bool _dbg_getregdump(REGDUMP* regdump);
DLL_EXPORT bool _dbg_valtostring(const char* string, duint* value);
#ifdef __cplusplus
}
#endif
#endif // _EXPORTS_H

127
x64_dbg_dbg/_global.cpp Normal file
View File

@ -0,0 +1,127 @@
#include "_global.h"
HINSTANCE hInst;
void* emalloc(size_t size)
{
unsigned char* a=new unsigned char[size+0x1000];
if(!a)
{
MessageBoxA(0, "Could not allocate memory", "Error", MB_ICONERROR);
ExitProcess(1);
}
memset(a, 0, size);
return a;
}
void efree(void* ptr)
{
delete[] (unsigned char*)ptr;
}
bool arraycontains(const char* cmd_list, const char* cmd)
{
if(!cmd_list or !cmd)
return false;
char temp[deflen]="";
strcpy(temp, cmd_list);
int len=strlen(cmd_list);
for(int i=0; i<len; i++)
if(temp[i]==1)
temp[i]=0;
if(!_stricmp(temp, cmd))
return true;
for(int i=strlen(temp); i<len; i++)
{
if(!temp[i])
{
if(!_stricmp(temp+i+1, cmd))
return true;
i+=strlen(temp+i+1);
}
}
return false;
}
bool scmp(const char* a, const char* b)
{
if(_stricmp(a, b))
return false;
return true;
}
void formathex(char* string)
{
int len=strlen(string);
_strupr(string);
char* new_string=(char*)emalloc(len+1);
memset(new_string, 0, len+1);
for(int i=0,j=0; i<len; i++)
if(isxdigit(string[i]))
j+=sprintf(new_string+j, "%c", string[i]);
strcpy(string, new_string);
efree(new_string);
}
void formatdec(char* string)
{
int len=strlen(string);
_strupr(string);
char* new_string=(char*)emalloc(len+1);
memset(new_string, 0, len+1);
for(int i=0,j=0; i<len; i++)
if(isdigit(string[i]))
j+=sprintf(new_string+j, "%c", string[i]);
strcpy(string, new_string);
efree(new_string);
}
bool FileExists(const char* file)
{
DWORD attrib=GetFileAttributes(file);
return (attrib != INVALID_FILE_ATTRIBUTES && !(attrib & FILE_ATTRIBUTE_DIRECTORY));
}
bool DirExists(const char* dir)
{
DWORD attrib=GetFileAttributes(dir);
return (attrib==FILE_ATTRIBUTE_DIRECTORY);
}
bool DevicePathToPath(const char* devicepath, char* path, size_t path_size)
{
if(!devicepath or !path)
return false;
char curDrive[3]=" :";
char curDevice[MAX_PATH]="";
for(char drive='C'; drive<='Z'; drive++)
{
*curDrive=drive;
if(!QueryDosDeviceA(curDrive, curDevice, MAX_PATH))
continue;
size_t curDevice_len=strlen(curDevice);
if(!_strnicmp(devicepath, curDevice, curDevice_len)) //we match the device
{
if(strlen(devicepath)-curDevice_len>=path_size)
return false;
sprintf(path, "%s%s", curDrive, devicepath+curDevice_len);
return true;
}
}
return false;
}
bool PathToDevicePath(const char* path, char* devicepath, size_t devicepath_size)
{
if(!path or path[1]!=':' or !devicepath)
return false;
char curDrive[3]=" :";
char curDevice[MAX_PATH]="";
*curDrive=*path;
if(!QueryDosDeviceA(curDrive, curDevice, MAX_PATH))
return false;
if(strlen(path)-2+strlen(curDevice)>=devicepath_size)
return false;
sprintf(devicepath, "%s%s", curDevice, path+2);
return true;
}

106
x64_dbg_dbg/_global.h Normal file
View File

@ -0,0 +1,106 @@
#ifndef _GLOBAL_H
#define _GLOBAL_H
#define _WIN32_WINNT 0x0501
#define WINVER 0x0501
#define _WIN32_IE 0x0500
#include <stdio.h>
#include <cstring>
#include <ctype.h>
#include <stdlib.h>
#include <conio.h>
#include <windows.h>
#include <shlwapi.h>
#include <stdarg.h>
#include <psapi.h>
#include <vector>
#include "..\x64_dbg_bridge\bridgemain.h"
#ifdef __GNUC__
#include "dbghelp\dbghelp.h"
#else
#include <dbghelp.h>
#endif //__GNUC__
#ifndef __GNUC__
#define and &&
#define or ||
#endif
#ifndef DLL_EXPORT
#define DLL_EXPORT __declspec(dllexport)
#endif //DLL_IMPORT
#ifndef DLL_IMPORT
#define DLL_IMPORT __declspec(dllimport)
#endif //DLL_IMPORT
#include "dbg.h"
//defines
#define deflen 1024
#ifdef _WIN64 //defined by default
#define fhex "%.16llX"
#define fext "ll"
typedef unsigned long long uint;
typedef long long sint;
#else
#define fhex "%.8X"
#define fext ""
typedef unsigned long uint;
typedef long sint;
#endif // _WIN64
enum BITMASK
{
BIT1=0x1,
BIT2=0x2,
BIT3=0x4,
BIT4=0x8,
BIT5=0x10,
BIT6=0x20,
BIT7=0x40,
BIT8=0x80,
BIT9=0x100,
BIT10=0x200,
BIT11=0x400,
BIT12=0x800,
BIT13=0x1000,
BIT14=0x2000,
BIT15=0x4000,
BIT16=0x8000,
BIT17=0x10000,
BIT18=0x20000,
BIT19=0x40000,
BIT20=0x80000,
BIT21=0x100000,
BIT22=0x200000,
BIT23=0x400000,
BIT24=0x800000,
BIT25=0x1000000,
BIT26=0x2000000,
BIT27=0x4000000,
BIT28=0x8000000,
BIT29=0x10000000,
BIT30=0x20000000,
BIT31=0x40000000,
BIT32=0x80000000
};
//superglobal variables
extern HINSTANCE hInst;
//functions
void* emalloc(size_t size);
void efree(void* ptr);
bool arraycontains(const char* cmd_list, const char* cmd);
bool scmp(const char* a, const char* b);
void formathex(char* string);
void formatdec(char* string);
bool FileExists(const char* file);
bool DirExists(const char* dir);
bool DevicePathToPath(const char* devicepath, char* path, size_t path_size);
bool PathToDevicePath(const char* path, char* devicepath, size_t devicepath_size);
#endif // _GLOBAL_H

14
x64_dbg_dbg/addrinfo.cpp Normal file
View File

@ -0,0 +1,14 @@
#include "addrinfo.h"
#include "debugger.h"
bool modnamefromaddr(uint addr, char* modname)
{
IMAGEHLP_MODULE64 modInfo;
memset(&modInfo, 0, sizeof(modInfo));
modInfo.SizeOfStruct=sizeof(IMAGEHLP_MODULE64);
if(!SymGetModuleInfo64(fdProcessInfo->hProcess, (DWORD64)addr, &modInfo) or !modname)
return false;
_strlwr(modInfo.ModuleName);
strcpy(modname, modInfo.ModuleName);
return true;
}

8
x64_dbg_dbg/addrinfo.h Normal file
View File

@ -0,0 +1,8 @@
#ifndef _ADDRINFO_H
#define _ADDRINFO_H
#include "_global.h"
bool modnamefromaddr(uint addr, char* modname);
#endif // _ADDRINFO_H

249
x64_dbg_dbg/argument.cpp Normal file
View File

@ -0,0 +1,249 @@
#include "argument.h"
#include "console.h"
/*
formatarg:
01) remove prepended spaces
02) get command (first space) and lowercase
03) get arguments
04) remove double quotes (from arguments)
05) temp. remove double backslash
06) remove prepended/appended non-escaped commas and spaces (from arguments)
a) prepended
b) appended
07) get quote count, ignore escaped (from arguments)
08) process quotes (from arguments):
a) zero quotes
b) restore double backslash
c) escape commas and spaces
09) temp. remove double backslash
10) remove unescaped double commas (from arguments)
11) remove unescaped spaces (from arguments)
12) restore double backslash
13) combine formatted arguments and command
*/
void argformat(char* cmd)
{
char command_[deflen]="";
char* command=command_;
strcpy(command, cmd);
while(*command==' ')
command++;
int len=strlen(command);
int start=0;
for(int i=0; i<len; i++)
if(command[i]==' ')
{
command[i]=0;
start=i+1;
break;
}
if(!start)
start=len;
char arguments_[deflen]="";
char* arguments=arguments_;
strcpy(arguments, command+start);
char temp[deflen]="";
len=strlen(arguments);
for(int i=0,j=0; i<len; i++)
{
if(arguments[i]=='"' and arguments[i+1]=='"')
i+=2;
j+=sprintf(temp+j, "%c", arguments[i]);
}
strcpy(arguments, temp);
len=strlen(arguments);
for(int i=0; i<len; i++)
if(arguments[i]=='\\' and arguments[i+1]=='\\')
{
arguments[i]=1;
arguments[i+1]=1;
}
while((*arguments==',' or *arguments==' ') and *(arguments-1)!='\\')
arguments++;
len=strlen(arguments);
while((arguments[len-1]==' ' or arguments[len-1]==',') and arguments[len-2]!='\\')
len--;
arguments[len]=0;
len=strlen(arguments);
int quote_count=0;
for(int i=0; i<len; i++)
if(arguments[i]=='"')
quote_count++;
if(!(quote_count%2))
{
for(int i=0; i<len; i++)
if(arguments[i]=='"')
arguments[i]=0;
for(int i=0; i<len; i++)
if(arguments[i]==1 and arguments[i+1]==1)
{
arguments[i]='\\';
arguments[i+1]='\\';
}
for(int i=0,j=0; i<len; i++)
{
if(!arguments[i])
{
i++;
int len2=strlen(arguments+i);
for(int k=0; k<len2; k++)
{
if(arguments[i+k]==',' or arguments[i+k]==' ' or arguments[i+k]=='\\')
j+=sprintf(temp+j, "\\%c", arguments[i+k]);
else
j+=sprintf(temp+j, "%c", arguments[i+k]);
}
i+=len2;
}
else
j+=sprintf(temp+j, "%c", arguments[i]);
}
arguments=arguments_;
strcpy(arguments, temp);
}
len=strlen(arguments);
for(int i=0; i<len; i++)
if(arguments[i]=='\\' and arguments[i+1]=='\\')
{
arguments[i]=1;
arguments[i+1]=1;
}
len=strlen(arguments);
for(int i=0,j=0; i<len; i++)
{
if(arguments[i]==',' and arguments[i+1]==',')
i+=2;
j+=sprintf(temp+j, "%c", arguments[i]);
}
strcpy(arguments, temp);
len=strlen(arguments);
for(int i=0,j=0; i<len; i++)
{
while(arguments[i]==' ' and arguments[i-1]!='\\')
i++;
j+=sprintf(temp+j, "%c", arguments[i]);
}
strcpy(arguments, temp);
len=strlen(arguments);
for(int i=0; i<len; i++)
if(arguments[i]==1 and arguments[i+1]==1)
{
arguments[i]='\\';
arguments[i+1]='\\';
}
if(strlen(arguments))
sprintf(cmd, "%s %s", command, arguments);
else
strcpy(cmd, command);
}
/*
1) remove double backslash
2) count unescaped commas
*/
int arggetcount(const char* cmd)
{
int len=strlen(cmd);
if(!len)
return -1;
int arg_count=0;
int start=0;
while(cmd[start]!=' ' and start<len)
start++;
if(start==len)
return arg_count;
arg_count=1;
char temp[deflen]="";
strcpy(temp, cmd);
for(int i=start; i<len; i++)
if(temp[i]=='\\' and temp[i+1]=='\\')
{
temp[i]=1;
temp[i+1]=1;
}
for(int i=start; i<len; i++)
{
if(temp[i]==',' and temp[i-1]!='\\')
arg_count++;
}
return arg_count;
}
/*
1) get arg count
2) remove double backslash
3) zero non-escaped commas
4) restore double backslash
5) handle escape characters
*/
bool argget(const char* cmd, char* arg, int arg_num, bool optional)
{
int argcount=arggetcount(cmd);
if((arg_num+1)>argcount)
{
if(!optional)
dprintf("missing argument nr %d\n", arg_num+1);
return false;
}
int len=strlen(cmd);
int start=0;
while(cmd[start]!=' ')
start++;
while(cmd[start]==' ')
start++;
char temp[deflen]="";
strcpy(temp, cmd+start);
len=strlen(temp);
for(int i=0; i<len; i++)
if(temp[i]=='\\' and temp[i+1]=='\\')
{
temp[i]=1;
temp[i+1]=1;
}
for(int i=0; i<len; i++)
{
if(temp[i]==',' and temp[i-1]!='\\')
temp[i]=0;
}
for(int i=0; i<len; i++)
if(temp[i]==1 and temp[i+1]==1)
{
temp[i]='\\';
temp[i+1]='\\';
}
char new_temp[deflen]="";
int new_len=len;
for(int i=0,j=0; i<len; i++) //handle escape characters
{
if(temp[i]=='\\' and (temp[i+1]==',' or temp[i+1]==' ' or temp[i+1]=='\\'))
{
new_len--;
j+=sprintf(new_temp+j, "%c", temp[i+1]);
i++;
}
else
j+=sprintf(new_temp+j, "%c", temp[i]);
}
len=new_len;
memcpy(temp, new_temp, len+1);
if(arg_num==0) //first argument
{
strcpy(arg, temp);
return true;
}
for(int i=0,j=0; i<len; i++)
{
if(!temp[i])
j++;
if(j==arg_num)
{
strcpy(arg, temp+i+1);
return true;
}
}
return false;
}

11
x64_dbg_dbg/argument.h Normal file
View File

@ -0,0 +1,11 @@
#ifndef _ARGUMENT_H
#define _ARGUMENT_H
#include "_global.h"
//functions
bool argget(const char* cmd, char* arg, int arg_num, bool optional);
int arggetcount(const char* cmd);
void argformat(char* cmd);
#endif

126
x64_dbg_dbg/breakpoint.cpp Normal file
View File

@ -0,0 +1,126 @@
#include "breakpoint.h"
#include "debugger.h"
BREAKPOINT* bpinit(BREAKPOINT* breakpoint_list)
{
bool bNext=true;
if(!breakpoint_list)
bNext=false;
BREAKPOINT* cur=breakpoint_list;
while(bNext)
{
BREAKPOINT* next=cur->next;
bpdel(breakpoint_list, 0, cur->addr, BPNORMAL);
cur=next;
if(!cur)
bNext=false;
}
BREAKPOINT* bp;
if(!breakpoint_list)
bp=(BREAKPOINT*)emalloc(sizeof(BREAKPOINT));
else
bp=breakpoint_list;
memset(bp, 0, sizeof(BREAKPOINT));
return bp;
}
BREAKPOINT* bpfind(BREAKPOINT* breakpoint_list, const char* name, uint addr, BREAKPOINT** link, BP_TYPE type)
{
BREAKPOINT* cur=breakpoint_list;
if(!cur or !cur->addr)
return 0;
BREAKPOINT* prev=0;
while(cur)
{
BP_TYPE bptype=cur->type;
if(bptype==BPSINGLESHOOT)
bptype=BPNORMAL;
BP_TYPE realtype=type;
if(realtype==BPSINGLESHOOT)
realtype=BPNORMAL;
if(((name and arraycontains(cur->name, name)) or cur->addr==addr) and (type==BPNOTYPE or bptype==realtype))
{
if(link)
*link=prev;
return cur;
}
prev=cur;
cur=cur->next;
}
return 0;
}
bool bpnew(BREAKPOINT* breakpoint_list, const char* name, uint addr, short oldbytes, BP_TYPE type)
{
if(!breakpoint_list or !addr or bpfind(breakpoint_list, name, addr, 0, type))
return false;
BREAKPOINT* bp;
bool nonext=false;
if(!breakpoint_list->addr)
{
bp=breakpoint_list;
nonext=true;
}
else
bp=(BREAKPOINT*)emalloc(sizeof(BREAKPOINT));
memset(bp, 0, sizeof(BREAKPOINT));
if(name and *name)
{
bp->name=(char*)emalloc(strlen(name)+1);
strcpy(bp->name, name);
}
bp->addr=addr;
bp->type=type;
bp->oldbytes=oldbytes;
bp->enabled=true;
BREAKPOINT* cur=breakpoint_list;
if(!nonext)
{
while(cur->next)
cur=cur->next;
cur->next=bp;
}
return true;
}
bool bpsetname(BREAKPOINT* breakpoint_list, uint addr, const char* name)
{
//TODO: fix this BPNOTYPE, it's bullshit
if(!name or !*name or !addr or bpfind(breakpoint_list, name, 0, 0, BPNOTYPE))
return false;
BREAKPOINT* found=bpfind(breakpoint_list, 0, addr, 0, BPNOTYPE);
if(!found)
return false;
efree(found->name); //free previous name
found->name=(char*)emalloc(strlen(name)+1);
strcpy(found->name, name);
return true;
}
bool bpdel(BREAKPOINT* breakpoint_list, const char* name, uint addr, BP_TYPE type)
{
BREAKPOINT* prev=0;
BREAKPOINT* found=bpfind(breakpoint_list, name, addr, &prev, type);
if(!found)
return false;
if(found->name)
efree(found->name);
if(found==breakpoint_list)
{
BREAKPOINT* next=breakpoint_list->next;
if(next)
{
memcpy(breakpoint_list, breakpoint_list->next, sizeof(BREAKPOINT));
breakpoint_list->next=next->next;
efree(next);
}
else
memset(breakpoint_list, 0, sizeof(BREAKPOINT));
}
else
{
prev->next=found->next;
efree(found);
}
return true;
}

35
x64_dbg_dbg/breakpoint.h Normal file
View File

@ -0,0 +1,35 @@
#ifndef _BREAKPOINT_H
#define _BREAKPOINT_H
#include "_global.h"
#include "TitanEngine\TitanEngine.h"
//enums
enum BP_TYPE
{
BPNORMAL=UE_BREAKPOINT,
BPSINGLESHOOT=UE_SINGLESHOOT,
BPHARDWARE=UE_HARDWARE,
BPMEMORY=UE_MEMORY,
BPNOTYPE=-1
};
//structs
struct BREAKPOINT
{
char* name;
uint addr;
bool enabled;
short oldbytes;
BP_TYPE type;
BREAKPOINT* next;
};
//functions
BREAKPOINT* bpinit(BREAKPOINT* breakpoint_list);
BREAKPOINT* bpfind(BREAKPOINT* breakpoint_list, const char* name, uint addr, BREAKPOINT** link, BP_TYPE type);
bool bpnew(BREAKPOINT* breakpoint_list, const char* name, uint addr, short oldbytes, BP_TYPE type);
bool bpsetname(BREAKPOINT* breakpoint_list, uint addr, const char* name);
bool bpdel(BREAKPOINT* breakpoint_list, const char* name, uint addr, BP_TYPE type);
#endif // _BREAKPOINT_H

245
x64_dbg_dbg/command.cpp Normal file
View File

@ -0,0 +1,245 @@
#include "command.h"
#include "argument.h"
#include "console.h"
#include "debugger.h"
#include "math.h"
COMMAND* cmdfind(COMMAND* command_list, const char* name, COMMAND** link)
{
COMMAND* cur=command_list;
if(!cur->name)
return 0;
COMMAND* prev=0;
while(cur)
{
if(arraycontains(cur->name, name))
{
if(link)
*link=prev;
return cur;
}
prev=cur;
cur=cur->next;
}
return 0;
}
COMMAND* cmdinit()
{
COMMAND* cmd=(COMMAND*)emalloc(sizeof(COMMAND));
memset(cmd, 0, sizeof(COMMAND));
return cmd;
}
void cmdfree(COMMAND* cmd_list)
{
COMMAND* cur=cmd_list;
while(cur)
{
efree(cur->name);
COMMAND* next=cur->next;
efree(cur);
cur=next;
}
}
bool cmdnew(COMMAND* command_list, const char* name, CBCOMMAND cbCommand, bool debugonly)
{
if(!command_list or !cbCommand or !name or !*name or cmdfind(command_list, name, 0))
return false;
COMMAND* cmd;
bool nonext=false;
if(!command_list->name)
{
cmd=command_list;
nonext=true;
}
else
cmd=(COMMAND*)emalloc(sizeof(COMMAND));
memset(cmd, 0, sizeof(COMMAND));
cmd->name=(char*)emalloc(strlen(name)+1);
strcpy(cmd->name, name);
cmd->cbCommand=cbCommand;
cmd->debugonly=debugonly;
COMMAND* cur=command_list;
if(!nonext)
{
while(cur->next)
cur=cur->next;
cur->next=cmd;
}
return true;
}
COMMAND* cmdget(COMMAND* command_list, const char* cmd)
{
char new_cmd[deflen]="";
strcpy(new_cmd, cmd);
int len=strlen(new_cmd);
int start=0;
while(new_cmd[start]!=' ' and start<len)
start++;
new_cmd[start]=0;
COMMAND* found=cmdfind(command_list, new_cmd, 0);
if(!found)
return 0;
return found;
}
CBCOMMAND cmdset(COMMAND* command_list, const char* name, CBCOMMAND cbCommand, bool debugonly)
{
if(!cbCommand)
return 0;
COMMAND* found=cmdfind(command_list, name, 0);
if(!found)
return 0;
CBCOMMAND old=found->cbCommand;
found->cbCommand=cbCommand;
found->debugonly=debugonly;
return old;
}
bool cmddel(COMMAND* command_list, const char* name)
{
COMMAND* prev=0;
COMMAND* found=cmdfind(command_list, name, &prev);
if(!found)
return false;
efree(found->name);
if(found==command_list)
{
COMMAND* next=command_list->next;
if(next)
{
memcpy(command_list, command_list->next, sizeof(COMMAND));
command_list->next=next->next;
efree(next);
}
else
memset(command_list, 0, sizeof(COMMAND));
}
else
{
prev->next=found->next;
efree(found);
}
return true;
}
/*
command_list: command list
cbUnknownCommand: function to execute when an unknown command was found
cbCommandProvider: function that provides commands (fgets for example), does not return until a command was found
cbCommandFinder: non-default command finder
error_is_fatal: error return of a command callback stops the command processing
*/
CMDRESULT cmdloop(COMMAND* command_list, CBCOMMAND cbUnknownCommand, CBCOMMANDPROVIDER cbCommandProvider, CBCOMMANDFINDER cbCommandFinder, bool error_is_fatal)
{
if(!cbUnknownCommand or !cbCommandProvider)
return STATUS_ERROR;
char* command=(char*)emalloc(deflen);
memset(command, 0, deflen);
bool bLoop=true;
while(bLoop)
{
if(!cbCommandProvider(command, deflen))
break;
if(strlen(command))
{
argformat(command); //default formatting
COMMAND* cmd;
if(!cbCommandFinder) //'clean' command processing
cmd=cmdget(command_list, command);
else //'dirty' command processing
cmd=cbCommandFinder(command_list, command);
if(!cmd or !cmd->cbCommand) //unknown command
{
CMDRESULT res=cbUnknownCommand(command);
if((error_is_fatal and res==STATUS_ERROR) or res==STATUS_EXIT)
bLoop=false;
}
else
{
if(cmd->debugonly and !IsFileBeingDebugged())
{
dputs("this command is debug-only");
if(error_is_fatal)
bLoop=false;
}
else
{
CMDRESULT res=cmd->cbCommand(command);
if((error_is_fatal and res==STATUS_ERROR) or res==STATUS_EXIT)
bLoop=false;
}
}
}
}
efree(command);
return STATUS_EXIT;
}
/*
- custom command formatting rules
*/
static void specialformat(char* string)
{
int len=strlen(string);
char* found=strstr(string, "=");
char* str=(char*)emalloc(len*2);
memset(str, 0, len*2);
if(found) //contains =
{
char* a=(found-1);
*found=0;
found++;
if(!*found)
{
*found='=';
efree(str);
return;
}
int flen=strlen(found); //n(+)=n++
if((found[flen-1]=='+' and found[flen-2]=='+') or (found[flen-1]=='-' and found[flen-2]=='-')) //eax++/eax--
{
found[flen-2]=0;
char op=found[flen-1];
sprintf(str, "%s%c1", found, op);
strcpy(found, str);
}
if(mathisoperator(*a)>2) //x*=3 -> x=x*3
{
char op=*a;
*a=0;
sprintf(str, "mov %s,%s%c%s", string, string, op, found);
}
else
sprintf(str, "mov %s,%s", string, found);
strcpy(string, str);
}
else if((string[len-1]=='+' and string[len-2]=='+') or (string[len-1]=='-' and string[len-2]=='-')) //eax++/eax--
{
string[len-2]=0;
char op=string[len-1];
sprintf(str, "mov %s,%s%c1", string, string, op);
strcpy(string, str);
}
efree(str);
}
/*
- 'default' command finder, with some custom rules
*/
COMMAND* cmdfindmain(COMMAND* cmd_list, char* command)
{
COMMAND* cmd=cmdfind(cmd_list, command, 0);
if(!cmd)
{
specialformat(command);
cmd=cmdget(cmd_list, command);
}
if(!cmd or !cmd->cbCommand)
mathformat(command);
return cmd;
}

40
x64_dbg_dbg/command.h Normal file
View File

@ -0,0 +1,40 @@
#ifndef _COMMAND_H
#define _COMMAND_H
#include "_global.h"
//typedefs
struct COMMAND;
enum CMDRESULT
{
STATUS_EXIT=0,
STATUS_CONTINUE=1,
STATUS_ERROR=2
};
typedef CMDRESULT (*CBCOMMAND)(const char*);
typedef bool (*CBCOMMANDPROVIDER)(char*, int);
typedef COMMAND* (*CBCOMMANDFINDER)(COMMAND*, char*);
struct COMMAND
{
char* name;
CBCOMMAND cbCommand;
bool debugonly;
COMMAND* next;
};
//functions
COMMAND* cmdinit();
void cmdfree(COMMAND* cmd_list);
COMMAND* cmdfind(COMMAND* command_list, const char* name, COMMAND** link);
bool cmdnew(COMMAND* command_list, const char* name, CBCOMMAND cbCommand, bool debugonly);
COMMAND* cmdget(COMMAND* command_list, const char* cmd);
CBCOMMAND cmdset(COMMAND* command_list, const char* name, CBCOMMAND cbCommand, bool debugonly);
bool cmddel(COMMAND* command_list, const char* name);
CMDRESULT cmdloop(COMMAND* command_list, CBCOMMAND cbUnknownCommand, CBCOMMANDPROVIDER cbCommandProvider, CBCOMMANDFINDER cbCommandFinder, bool error_is_fatal);
COMMAND* cmdfindmain(COMMAND* cmd_list, char* command);
#endif // _COMMAND_H

15
x64_dbg_dbg/console.cpp Normal file
View File

@ -0,0 +1,15 @@
#include "console.h"
void dputs(const char* text)
{
dprintf("%s\n", text);
}
void dprintf(const char* format, ...)
{
va_list args;
va_start(args, format);
char msg[deflen]="";
vsprintf(msg, format, args);
GuiAddLogMessage(msg);
}

10
x64_dbg_dbg/console.h Normal file
View File

@ -0,0 +1,10 @@
#ifndef _CONSOLE_H
#define _CONSOLE_H
#include "_global.h"
//functions
void dputs(const char* text);
void dprintf(const char* format, ...);
#endif // _CONSOLE_H

31
x64_dbg_dbg/data.h Normal file
View File

@ -0,0 +1,31 @@
#ifndef _DATA_H
#define _DATA_H
#include "_global.h"
enum DATA_TYPE //how to display the current struct entry?
{
thex, //%X
tint, //%d
tuint, //%u
ttext, //%c
};
struct STRUCT_INFO
{
unsigned int size; //size of one entry (with type) (max 256)
DATA_TYPE display_type; //display type
unsigned int count; //number of entries with the same content (reserved[12])
void* description; //reserved for later use (for example name of variable)
};
struct DATA
{
uint page_start; //remote/local memory
uint page_size; //size of memory
uint ip; //real start of data (relative from page_start)
int struct_size; //number of entries in a struct
STRUCT_INFO* info; //actual info
};
#endif // _DATA_H

18
x64_dbg_dbg/dbg.h Normal file
View File

@ -0,0 +1,18 @@
#ifndef __DBG_H__
#define __DBG_H__
#include <windows.h>
#include "_global.h"
#ifdef __cplusplus
extern "C"
{
#endif
void DLL_IMPORT dbg(const char* a);
#ifdef __cplusplus
}
#endif
#endif // __DBG_H__

51
x64_dbg_dbg/dbg/dbg.cbp Normal file
View File

@ -0,0 +1,51 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
<CodeBlocks_project_file>
<FileVersion major="1" minor="6" />
<Project>
<Option title="dbg" />
<Option pch_mode="2" />
<Option compiler="gcc" />
<Build>
<Target title="x64">
<Option output="bin/x64/dbg" imp_lib="$(TARGET_OUTPUT_DIR)$(TARGET_OUTPUT_BASENAME)_x64" def_file="$(TARGET_OUTPUT_DIR)$(TARGET_OUTPUT_BASENAME)" prefix_auto="1" extension_auto="1" />
<Option object_output="obj/x64/" />
<Option type="3" />
<Option compiler="gnu_gcc_compiler_x64" />
<Option createStaticLib="1" />
<Compiler>
<Add option="-O2" />
<Add option="-Wall" />
<Add option="-DBUILD_DLL" />
</Compiler>
<Linker>
<Add option="-s" />
<Add library="user32" />
</Linker>
</Target>
<Target title="x32">
<Option output="bin/x32/dbg" imp_lib="$(TARGET_OUTPUT_DIR)$(TARGET_OUTPUT_BASENAME)_x32" def_file="$(TARGET_OUTPUT_DIR)$(TARGET_OUTPUT_BASENAME)" prefix_auto="1" extension_auto="1" />
<Option object_output="obj/x32/" />
<Option type="3" />
<Option compiler="gcc" />
<Option createStaticLib="1" />
<Compiler>
<Add option="-O2" />
<Add option="-Wall" />
<Add option="-DBUILD_DLL" />
</Compiler>
<Linker>
<Add option="-s" />
<Add library="user32" />
</Linker>
</Target>
</Build>
<Unit filename="dbg.cpp" />
<Unit filename="dbg.h" />
<Extensions>
<code_completion />
<envvars />
<debugger />
<lib_finder disable_auto="1" />
</Extensions>
</Project>
</CodeBlocks_project_file>

8
x64_dbg_dbg/dbg/dbg.cpp Normal file
View File

@ -0,0 +1,8 @@
#include "dbg.h"
// a sample exported function
void DLL_EXPORT dbg(const char* a)
{
char b[256]="";
strcpy(b,a);
}

28
x64_dbg_dbg/dbg/dbg.h Normal file
View File

@ -0,0 +1,28 @@
#ifndef __MAIN_H__
#define __MAIN_H__
#include <windows.h>
/* To use this exported function of dll, include this header
* in your project.
*/
#ifdef BUILD_DLL
#define DLL_EXPORT __declspec(dllexport)
#else
#define DLL_EXPORT __declspec(dllimport)
#endif
#ifdef __cplusplus
extern "C"
{
#endif
void DLL_EXPORT dbg(const char* a);
#ifdef __cplusplus
}
#endif
#endif // __MAIN_H__

4677
x64_dbg_dbg/dbghelp/dbghelp.h Normal file
View File

File diff suppressed because it is too large Load Diff

BIN
x64_dbg_dbg/dbghelp/dbghelp_x64.a Normal file
View File

Binary file not shown.

BIN
x64_dbg_dbg/dbghelp/dbghelp_x64.lib Normal file
View File

Binary file not shown.

BIN
x64_dbg_dbg/dbghelp/dbghelp_x86.a Normal file
View File

Binary file not shown.

BIN
x64_dbg_dbg/dbghelp/dbghelp_x86.lib Normal file
View File

Binary file not shown.

1149
x64_dbg_dbg/debugger.cpp Normal file
View File

File diff suppressed because it is too large Load Diff

53
x64_dbg_dbg/debugger.h Normal file
View File

@ -0,0 +1,53 @@
#ifndef _DEBUGGER_H
#define _DEBUGGER_H
#include "_global.h"
#include "TitanEngine\TitanEngine.h"
#include "command.h"
#include "breakpoint.h"
//structures
struct INIT_STRUCT
{
char* exe;
char* commandline;
char* currentfolder;
};
//functions
void dbgdisablebpx();
void dbgenablebpx();
bool dbgisrunning();
void DebugUpdateGui(uint disasm_addr);
//callbacks
CMDRESULT cbDebugInit(const char* cmd);
CMDRESULT cbStopDebug(const char* cmd);
CMDRESULT cbDebugRun(const char* cmd);
CMDRESULT cbDebugSetBPXOptions(const char* cmd);
CMDRESULT cbDebugSetBPX(const char* cmd);
CMDRESULT cbDebugEnableBPX(const char* cmd);
CMDRESULT cbDebugDisableBPX(const char* cmd);
CMDRESULT cbDebugToggleBPX(const char* cmd);
CMDRESULT cbDebugDeleteBPX(const char* cmd);
CMDRESULT cbDebugBplist(const char* cmd);
CMDRESULT cbDebugStepInto(const char* cmd);
CMDRESULT cbDebugStepOver(const char* cmd);
CMDRESULT cbDebugSingleStep(const char* cmd);
CMDRESULT cbDebugHide(const char* cmd);
CMDRESULT cbDebugDisasm(const char* cmd);
CMDRESULT cbDebugMemoryBpx(const char* cmd);
CMDRESULT cbDebugRtr(const char* cmd);
CMDRESULT cbDebugSetHardwareBreakpoint(const char* cmd);
CMDRESULT cbDebugAlloc(const char* cmd);
CMDRESULT cbDebugFree(const char* cmd);
CMDRESULT cbDebugMemset(const char* cmd);
CMDRESULT cbBenchmark(const char* cmd);
CMDRESULT cbDebugPause(const char* cmd);
CMDRESULT cbMemWrite(const char* cmd);
CMDRESULT cbStartScylla(const char* cmd);
//variables
extern PROCESS_INFORMATION* fdProcessInfo;
extern BREAKPOINT* bplist;
#endif // _DEBUGGER_H

211
x64_dbg_dbg/instruction.cpp Normal file
View File

@ -0,0 +1,211 @@
#include "instruction.h"
#include "argument.h"
#include "variable.h"
#include "console.h"
#include "value.h"
#include "command.h"
CMDRESULT cbBadCmd(const char* cmd)
{
uint value=0;
int valsize=0;
bool isvar=false;
bool hexonly=false;
if(valfromstring(cmd, &value, &valsize, &isvar, false, &hexonly)) //dump variable/value/register/etc
{
//dprintf("[DEBUG] valsize: %d\n", valsize);
if(valsize)
valsize*=2;
else
valsize=1;
char format_str[deflen]="";
if(isvar)// and *cmd!='.' and *cmd!='x') //prevent stupid 0=0 stuff
{
if(value>15 and !hexonly)
{
if(!valuesignedcalc()) //signed numbers
sprintf(format_str, "%%s=%%.%d"fext"X (%%"fext"ud)\n", valsize);
else
sprintf(format_str, "%%s=%%.%d"fext"X (%%"fext"d)\n", valsize);
dprintf(format_str, cmd, value, value);
}
else
{
sprintf(format_str, "%%s=%%.%d"fext"X\n", valsize);
dprintf(format_str, cmd, value);
}
}
else
{
if(value>15 and !hexonly)
{
if(!valuesignedcalc()) //signed numbers
sprintf(format_str, "%%s=%%.%d"fext"X (%%"fext"ud)\n", valsize);
else
sprintf(format_str, "%%s=%%.%d"fext"X (%%"fext"d)\n", valsize);
sprintf(format_str, "%%.%d"fext"X (%%"fext"ud)\n", valsize);
dprintf(format_str, value, value);
}
else
{
sprintf(format_str, "%%.%d"fext"X\n", valsize);
dprintf(format_str, value);
}
}
}
else //unknown command
{
dprintf("unknown command/expression: \"%s\"\n", cmd);
return STATUS_ERROR;
}
return STATUS_CONTINUE;
}
CMDRESULT cbInstrVar(const char* cmd)
{
char arg1[deflen]="";
char arg2[deflen]="";
if(!argget(cmd, arg1, 0, false)) //var name
return STATUS_ERROR;
argget(cmd, arg2, 1, true); //var value (optional)
uint value=0;
int add=0;
if(*arg1=='$')
add++;
if(valfromstring(arg1+add, &value, 0, 0, true, 0))
{
dprintf("invalid variable name \"%s\"\n", arg1);
return STATUS_ERROR;
}
if(!valfromstring(arg2, &value, 0, 0, false, 0))
{
dprintf("invalid value \"%s\"\n", arg2);
return STATUS_ERROR;
}
if(!varnew(arg1, value, VAR_USER))
{
dprintf("error creating variable \"%s\"\n", arg1);
return STATUS_ERROR;
}
else
{
if(value>15)
dprintf("%s=%"fext"X (%"fext"ud)\n", arg1, value, value);
else
dprintf("%s=%"fext"X\n", arg1, value);
}
return STATUS_CONTINUE;
}
CMDRESULT cbInstrVarDel(const char* cmd)
{
char arg1[deflen]="";
if(!argget(cmd, arg1, 0, false)) //var name
return STATUS_ERROR;
if(!vardel(arg1, false))
dprintf("could not delete variable \"%s\"\n", arg1);
else
dprintf("deleted variable \"%s\"\n", arg1);
return STATUS_CONTINUE;
}
CMDRESULT cbInstrMov(const char* cmd)
{
char arg1[deflen]="";
char arg2[deflen]="";
if(!argget(cmd, arg1, 0, false)) //dest name
return STATUS_ERROR;
if(!argget(cmd, arg2, 1, false)) //src name
return STATUS_ERROR;
uint set_value=0;
if(!valfromstring(arg2, &set_value, 0, 0, false, 0))
{
dprintf("invalid src \"%s\"\n", arg2);
return STATUS_ERROR;
}
bool isvar=false;
uint temp;
valfromstring(arg1, &temp, 0, &isvar, true, 0);
if(!isvar or !valtostring(arg1, &set_value, false))
{
uint value;
if(valfromstring(arg1, &value, 0, 0, true, 0))
{
dprintf("invalid dest \"%s\"\n", arg1);
return STATUS_ERROR;
}
varnew(arg1, set_value, VAR_USER);
}
cbBadCmd(arg1);
return STATUS_CONTINUE;
}
CMDRESULT cbInstrVarList(const char* cmd)
{
char arg1[deflen]="";
argget(cmd, arg1, 0, true);
int filter=0;
if(!_stricmp(arg1, "USER"))
filter=VAR_USER;
else if(!_stricmp(arg1, "READONLY"))
filter=VAR_READONLY;
else if(!_stricmp(arg1, "SYSTEM"))
filter=VAR_SYSTEM;
VAR* cur=vargetptr();
if(!cur or !cur->name)
{
dputs("no variables");
return STATUS_CONTINUE;
}
bool bNext=true;
while(bNext)
{
char name[deflen]="";
strcpy(name, cur->name);
int len=strlen(name);
for(int i=0; i<len; i++)
if(name[i]==1)
name[i]='/';
uint value=(uint)cur->value.value;
if(cur->type!=VAR_HIDDEN)
{
if(filter)
{
if(cur->type==filter)
{
if(value>15)
dprintf("%s=%"fext"X (%"fext"ud)\n", name, value, value);
else
dprintf("%s=%"fext"X\n", name, value);
}
}
else
{
if(value>15)
dprintf("%s=%"fext"X (%"fext"ud)\n", name, value, value);
else
dprintf("%s=%"fext"X\n", name, value);
}
}
cur=cur->next;
if(!cur)
bNext=false;
}
return STATUS_CONTINUE;
}
CMDRESULT cbInstrChd(const char* cmd)
{
char arg1[deflen]="";
if(!argget(cmd, arg1, 0, false))
return STATUS_ERROR;
if(!DirExists(arg1))
{
dputs("directory doesn't exist");
return STATUS_ERROR;
}
SetCurrentDirectoryA(arg1);
dputs("current directory changed!");
return STATUS_CONTINUE;
}

15
x64_dbg_dbg/instruction.h Normal file
View File

@ -0,0 +1,15 @@
#ifndef _INSTRUCTIONS_H
#define _INSTRUCTIONS_H
#include "_global.h"
#include "command.h"
//functions
CMDRESULT cbBadCmd(const char* cmd);
CMDRESULT cbInstrVar(const char* cmd);
CMDRESULT cbInstrVarDel(const char* cmd);
CMDRESULT cbInstrMov(const char* cmd);
CMDRESULT cbInstrVarList(const char* cmd);
CMDRESULT cbInstrChd(const char* cmd);
#endif // _INSTRUCTIONS_H

BIN
x64_dbg_dbg/libdbg_x32.a Normal file
View File

Binary file not shown.

BIN
x64_dbg_dbg/libdbg_x64.a Normal file
View File

Binary file not shown.

Some files were not shown because too many files have changed in this diff Show More