Exetools  

Go Back   Exetools > General > Community Tools

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 01-26-2014, 23:03
mr.exodia's Avatar
mr.exodia mr.exodia is offline
Super Moderator
 
Join Date: Nov 2011
Posts: 859
Rept. Given: 497
Rept. Rcvd 1,155 Times in 309 Posts
Thanks Given: 92
Thanks Rcvd at 746 Times in 355 Posts
mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299
TitanEngine Community Edition

Hello everyone,

Together with cypher I started working on an update for the famous TitanEngine. The main intention for the 'community edition' is bugfixing, but there are also several features added. We want to keep the original function names and arguments of TitanEngine v2, but in some cases the function arguments were for example incompatible with 64-bit systems.
 
Various changes:
  • Fixed hardware breakpoints (various problems in x32 and not working in x64);
  • Fixed memory breakpoints (still needs some checks);
  • Changed exception handling (now only non-debugger-handled exceptions are reported);
  • Fixed TitanEngine64 (never started debugging);
  • Pieces of code rewritten;
  • Fixed DumpProcessExW (found/fixed by Aguila);
  • Added various callbacks (SetCustomHandler);
  • Added memory breakpoint on execute;
  • Added QWORD hardware breakpoints;
  • Smaller and cleaner DLL Loaders (written in NASM);
  • Support for multiple calling conventions (TITCALL), default changed to _cdecl;
  • MinGW import libraries (for compatibility with x64_dbg);
  • Fixed exception handling;
  • Import reconstruction -> Scylla (cypher);
  • Various other bugfixes too small to mention;
  • StepOver calls StepInto when needed (RET, JMP, REP).
  • StepInto calls StepOver when needed (PUSHFD)
Find downloads on the repository.
 
Please report bugs/feature suggestions in another thread in this forum.
 
If you want to contribute, just send me and/or cypher a private message.
 
Greetings,
 
Mr. eXoDia & cypher
__________________
x64dbg: http://x64dbg.com
My Blog: http://mrexodia.cf

Last edited by mr.exodia; 10-28-2015 at 09:11.
Reply With Quote
The Following 23 Users Gave Reputation+1 to mr.exodia For This Useful Post:
-=bb=- (01-27-2014), ahmadmansoor (01-27-2014), argie (02-13-2014), Av0id (01-27-2014), besoeso (01-27-2014), Calvin (01-27-2014), canopus (01-27-2014), chessgod101 (01-28-2014), Ember (01-29-2014), emo (01-26-2014), Insid3Code (01-27-2014), korosh (01-27-2014), KuNgBiM (02-11-2014), Mandriva (01-28-2014), MarcElBichon (01-26-2014), orfei (01-27-2014), p4r4d0x (01-27-2014), quygia128 (02-10-2014), user1 (01-27-2014), winndy (01-27-2014), zeuscane (01-27-2014)
  #2  
Old 02-09-2014, 04:09
mr.exodia's Avatar
mr.exodia mr.exodia is offline
Super Moderator
 
Join Date: Nov 2011
Posts: 859
Rept. Given: 497
Rept. Rcvd 1,155 Times in 309 Posts
Thanks Given: 92
Thanks Rcvd at 746 Times in 355 Posts
mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299
Changelog V0003:
- fixed some anti-debug tricks (DBG_RIPEXCEPTION and DBG_PRINTEXCEPTION_C)
- fixed a massive bug in exception handling (almost all exceptions were swallowed by the debugger)
- added a callback for the RIP_EVENT debug event

Greetings,

Mr. eXoDia
__________________
x64dbg: http://x64dbg.com
My Blog: http://mrexodia.cf

Last edited by mr.exodia; 10-28-2015 at 09:13.
Reply With Quote
The Following 9 Users Gave Reputation+1 to mr.exodia For This Useful Post:
argie (02-13-2014), b30wulf (02-09-2014), chessgod101 (02-09-2014), Conquest (02-09-2014), Dreamer (03-06-2014), giv (02-09-2014), KuNgBiM (02-11-2014), winndy (02-09-2014)
  #3  
Old 03-04-2014, 06:40
mr.exodia's Avatar
mr.exodia mr.exodia is offline
Super Moderator
 
Join Date: Nov 2011
Posts: 859
Rept. Given: 497
Rept. Rcvd 1,155 Times in 309 Posts
Thanks Given: 92
Thanks Rcvd at 746 Times in 355 Posts
mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299
Changlog V0004:
- fixed hardware breakpoints
- HUGE code refactoring, now it's a managable project

Download:
https://bitbucket.org/mrexodia/titanengine-update/downloads

Greetings,

Mr. eXoDia
__________________
x64dbg: http://x64dbg.com
My Blog: http://mrexodia.cf
Reply With Quote
The Following 10 Users Gave Reputation+1 to mr.exodia For This Useful Post:
ahmadmansoor (03-04-2014), an0rma1 (03-05-2014), besoeso (03-05-2014), cjack (03-04-2014), Dreamer (03-04-2014), giv (03-05-2014), niculaita (03-05-2014), nikkapedd (03-05-2014), nikre (03-04-2014), Youtoo (03-26-2014)
  #4  
Old 03-06-2014, 03:24
mr.exodia's Avatar
mr.exodia mr.exodia is offline
Super Moderator
 
Join Date: Nov 2011
Posts: 859
Rept. Given: 497
Rept. Rcvd 1,155 Times in 309 Posts
Thanks Given: 92
Thanks Rcvd at 746 Times in 355 Posts
mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299
Changelog V0005:
- dynamic lists (no more 300 mb memory footprint per default)
- Aguila added some hiding techniques
- scylla got updated

Download:
https://bitbucket.org/mrexodia/titanengine-update/downloads

Greetings,

Mr. eXoDia
__________________
x64dbg: http://x64dbg.com
My Blog: http://mrexodia.cf
Reply With Quote
The Following 6 Users Gave Reputation+1 to mr.exodia For This Useful Post:
ahmadmansoor (03-06-2014), Dreamer (03-06-2014), Loki (03-06-2014), niculaita (03-07-2014), Youtoo (03-26-2014)
  #5  
Old 03-22-2014, 06:35
mr.exodia's Avatar
mr.exodia mr.exodia is offline
Super Moderator
 
Join Date: Nov 2011
Posts: 859
Rept. Given: 497
Rept. Rcvd 1,155 Times in 309 Posts
Thanks Given: 92
Thanks Rcvd at 746 Times in 355 Posts
mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299
V0007 is out!

Changelog:
- See commit messages

Download:
https://bitbucket.org/mrexodia/titanengine-update/downloads

Enjoy,

TitanEngineCE Team
__________________
x64dbg: http://x64dbg.com
My Blog: http://mrexodia.cf
Reply With Quote
The Following User Gave Reputation+1 to mr.exodia For This Useful Post:
Youtoo (03-26-2014)
  #6  
Old 05-18-2014, 22:51
mr.exodia's Avatar
mr.exodia mr.exodia is offline
Super Moderator
 
Join Date: Nov 2011
Posts: 859
Rept. Given: 497
Rept. Rcvd 1,155 Times in 309 Posts
Thanks Given: 92
Thanks Rcvd at 746 Times in 355 Posts
mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299
V0008 is out!

Changelog:
- fixed TitanEngine.Handler
- fixed TitanEngine.Debugger.Context
- updated scylla_wrapper
- ULONG_PTR instead of long long
- Debug privilege option
- added export TitanOpenProcess (opens a process with debug privilege when the option is enabled)
- fixed various deadlocks (hopefully)
- fixed closing a handle that shouldn't be closed
- fixed breakpoint filters
- added UE_CH_DEBUGEVENT custom handler
- removed UE_CH_ALLEVENTS custom handler
- rewrote GetPE32SectionNumberFromVA
- fixed a bug with UE_SECTIONNAME on x64
- hardware breakpoints are not set on all threads

Download:
https://bitbucket.org/mrexodia/titanengine-update/downloads

Enjoy,

TitanEngineCE Team
__________________
x64dbg: http://x64dbg.com
My Blog: http://mrexodia.cf
Reply With Quote
The Following 6 Users Gave Reputation+1 to mr.exodia For This Useful Post:
besoeso (05-19-2014), chessgod101 (05-19-2014), cjack (05-27-2014), Dreamer (05-20-2014), giv (05-19-2014), zeuscane (05-19-2014)
  #7  
Old 05-27-2014, 18:19
NeOXOeN NeOXOeN is offline
Friend
 
Join Date: Jan 2005
Posts: 273
Rept. Given: 2
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 2
Thanks Rcvd at 18 Times in 18 Posts
NeOXOeN Reputation: 3
Titan team should be very happy you doing their work for them..


bye N
Reply With Quote
  #8  
Old 06-21-2014, 19:34
n00b n00b is offline
Friend
 
Join Date: Mar 2009
Posts: 43
Rept. Given: 18
Rept. Rcvd 25 Times in 14 Posts
Thanks Given: 10
Thanks Rcvd at 56 Times in 19 Posts
n00b Reputation: 26
I'd like to add that in some protected targets (which you end up dumping), the author has written a fake VA size on some of the sections in the PE.

This may then result in a big problem when dumping with the current code, as it uses the Virtual & Real size as the same value.

So I present to you this easy fix:

Quote:
PEFixSection->SizeOfRawData = PEFixSection->SizeOfRawData;//RealignedVirtualSize;
It's really as simple as that - only, you have to rebuild the size manually afterwards using for example CFF Explorer - or as in my case, I use a source I found on google...

Anyways, as always - really useful post, and new edit of this great project
Reply With Quote
The Following 2 Users Gave Reputation+1 to n00b For This Useful Post:
mr.exodia (06-21-2014), Youtoo (06-22-2014)
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Community Tools Forum mr.exodia Community Tools 14 07-18-2019 22:01
Writing Dynamic Unpackers for Fun with TitanEngine PhreakAccident General Discussion 3 12-03-2011 03:56
Forum OllyDbg Community Down ?!? Epsylon3 General Discussion 2 12-19-2005 03:09


All times are GMT +8. The time now is 04:19.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX