Exetools

Exetools (https://forum.exetools.com/index.php)
-   Community Tools (https://forum.exetools.com/forumdisplay.php?f=47)
-   -   TitanEngine Community Edition (https://forum.exetools.com/showthread.php?t=15570)

mr.exodia 01-26-2014 23:03

TitanEngine Community Edition
 
Hello everyone,

Together with cypher I started working on an update for the famous TitanEngine. The main intention for the 'community edition' is bugfixing, but there are also several features added. We want to keep the original function names and arguments of TitanEngine v2, but in some cases the function arguments were for example incompatible with 64-bit systems.
 
Various changes:
  • Fixed hardware breakpoints (various problems in x32 and not working in x64);
  • Fixed memory breakpoints (still needs some checks);
  • Changed exception handling (now only non-debugger-handled exceptions are reported);
  • Fixed TitanEngine64 (never started debugging);
  • Pieces of code rewritten;
  • Fixed DumpProcessExW (found/fixed by Aguila);
  • Added various callbacks (SetCustomHandler);
  • Added memory breakpoint on execute;
  • Added QWORD hardware breakpoints;
  • Smaller and cleaner DLL Loaders (written in NASM);
  • Support for multiple calling conventions (TITCALL), default changed to _cdecl;
  • MinGW import libraries (for compatibility with x64_dbg);
  • Fixed exception handling;
  • Import reconstruction -> Scylla (cypher);
  • Various other bugfixes too small to mention;
  • StepOver calls StepInto when needed (RET, JMP, REP).
  • StepInto calls StepOver when needed (PUSHFD)
Find downloads on the repository.
 
Please report bugs/feature suggestions in another thread in this forum.
 
If you want to contribute, just send me and/or cypher a private message.
 
Greetings,
 
Mr. eXoDia & cypher

mr.exodia 02-09-2014 04:09

Changelog V0003:
- fixed some anti-debug tricks (DBG_RIPEXCEPTION and DBG_PRINTEXCEPTION_C)
- fixed a massive bug in exception handling (almost all exceptions were swallowed by the debugger)
- added a callback for the RIP_EVENT debug event

Greetings,

Mr. eXoDia

mr.exodia 03-04-2014 06:40

Changlog V0004:
- fixed hardware breakpoints
- HUGE code refactoring, now it's a managable project

Download:
https://bitbucket.org/mrexodia/titanengine-update/downloads

Greetings,

Mr. eXoDia

mr.exodia 03-06-2014 03:24

Changelog V0005:
- dynamic lists (no more 300 mb memory footprint per default)
- Aguila added some hiding techniques
- scylla got updated

Download:
https://bitbucket.org/mrexodia/titanengine-update/downloads

Greetings,

Mr. eXoDia

mr.exodia 03-22-2014 06:35

V0007 is out!

Changelog:
- See commit messages :D

Download:
https://bitbucket.org/mrexodia/titanengine-update/downloads

Enjoy,

TitanEngineCE Team

mr.exodia 05-18-2014 22:51

V0008 is out!

Changelog:
- fixed TitanEngine.Handler
- fixed TitanEngine.Debugger.Context
- updated scylla_wrapper
- ULONG_PTR instead of long long
- Debug privilege option
- added export TitanOpenProcess (opens a process with debug privilege when the option is enabled)
- fixed various deadlocks (hopefully)
- fixed closing a handle that shouldn't be closed
- fixed breakpoint filters
- added UE_CH_DEBUGEVENT custom handler
- removed UE_CH_ALLEVENTS custom handler
- rewrote GetPE32SectionNumberFromVA
- fixed a bug with UE_SECTIONNAME on x64
- hardware breakpoints are not set on all threads

Download:
https://bitbucket.org/mrexodia/titanengine-update/downloads

Enjoy,

TitanEngineCE Team

NeOXOeN 05-27-2014 18:19

Titan team should be very happy you doing their work for them..


bye N

n00b 06-21-2014 19:34

I'd like to add that in some protected targets (which you end up dumping), the author has written a fake VA size on some of the sections in the PE.

This may then result in a big problem when dumping with the current code, as it uses the Virtual & Real size as the same value.

So I present to you this easy fix:

Quote:

PEFixSection->SizeOfRawData = PEFixSection->SizeOfRawData;//RealignedVirtualSize;
It's really as simple as that - only, you have to rebuild the size manually afterwards using for example CFF Explorer - or as in my case, I use a source I found on google...

Anyways, as always - really useful post, and new edit of this great project :D


All times are GMT +8. The time now is 19:47.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX