TitanEngine CE
TitanEngine Community Edition a reverse engineering framework...
12 topics in this forum
-
Driver doesn't want to start
by cyrex1337- 2 followers
- 15 replies
- 20.5k views
(Sorry, I may have posted this in the wrong section. I believed this is the TitanHide section -.-) Hey. I wanna use TitanHide driver to hide x64dbg/ollydbg from certain protectors. As Reverse Engineering environment I have set up a virtual machine (VMware Workstation 12.1.1 build-3770994) with Windows 7 Professional x64 (SP1). Moreover, I compiled TitanHide myself on my host operating system Windows 10 Pro x64 using Win7 Release configuration and x64 platform without errors or warnings. (used WDK 8.1 Update 1) Since I got an UEFI mainboard I also had to enable Intel VT-x to get the virtual machine to work (idk if this is really important but just lis…
-
TitanEngine Community Edition
by mrexodia- 1 follower
- 24 replies
- 37.5k views
Hello everyone,Together with cypher I started working on an update for the famous TitanEngine. The main intention for the 'community edition' is bugfixing, but there are also several features added. We want to keep the original function names and arguments of TitanEngine v2, but in some cases the function arguments were for example incompatible with 64-bit systems. Various changes: Fixed hardware breakpoints (various problems in x32 and not working in x64);Fixed memory breakpoints (still needs some checks);Changed exception handling (now only non-debugger-handled exceptions are reported);Fixed TitanEngine64 (never started debugging);Pieces of code rewritten;Fixed DumpPr…
-
Overview:TitanHide is a driver intended to hide debuggers from certain processes.The driver hooks various Nt* kernel functions (using inline hooks at themoment) and modifies the return values of the original functions.To hide a process, you must pass a simple structure with a ProcessID andthe hiding option(s) to enable to the driver. The internal API isdesigned to add hooks with little effort, which means adding featuresis really easy.Features:- ProcessDebugFlags (NtQueryInformationProcess)- ProcessDebugPort (NtQueryInformationProcess)- ProcessDebugObjectHandle (NtQueryInformationProcess)- DebugObject (NtQueryObject)- SystemKernelDebuggerInformation (NtQuerySystemInformat…
-
Compiling TitanEngine by VS2015 failed
by Perplex- 2 followers
- 15 replies
- 22.3k views
What's the solution?
-
- 8 replies
- 10.1k views
Hi, Mr.eXoDia I have found a bug in TitanEngine.dll, but this may not be a bug~ __declspec(dllexport) void TITCALL ImporterAutoSearchIATEx(DWORD ProcessId, ULONG_PTR ImageBase, ULONG_PTR SearchStart, LPVOID pIATStart, LPVOID pIATSize); This api definition comes from file"x64dbg-master\x64_dbg_dbg\TitanEngine\TitanEngine.h". the first parameter should not be 'ProcessId' as a 'DWORD', but 'hProcess' as a 'HANDLE' ! The inner routine: ImporterAutoSearchIATEx -> DumpProcessW -> ReadProcessMemory... It(pIATStart) shows nothing when execute script with right parameter, then search a lot, finally got the reason. So this might …
-
TitanScript 1 2 3
by cypher- 53 replies
- 43.5k views
Hey folks, here comes something not very new but polished up (DLL existed since 2009 but now its usable with the TitanEngine Community Edition) What is TitanScript: TS is a plugin for the TitanEngine debugging framework. It completly implements the famous OllyDbgScript language and even enhances it with TitanEngine commands for things like IAT AutoSearch, fixing etc.. Basically this means you can load and run your beloved OllyDbgScripts with TitanEngine without rewriting them (well ok, few minor tweaks might be necessary) It supports OllyDbgScript up to version 1.77. We might bump that to 1.83 but with no ETA How to "install": - Grab TitanEngine…
-
AddSection function no section header space
by mateusReversing- 4 replies
- 8.7k views
I have been trying to code my own pe explorer tool as a learning exercise but have been stuck on how to add a new section to the pe header when there is no space for another section header. I have looked at the functions source code given below and it doesn't seem to deal with this. Why is this? https://bitbucket.org/mrexodia/titanengine-update/src/50379e53e9f3a1d9cf835e37e2fd7cbade61dc6a/TitanEngine/TitanEngine.PE.Section.cpp?at=master#cl-512
-
API Breakpoint
by AndreiN- 4 replies
- 12.9k views
Hello everyone!I am trying at the moment to code an unpacker for several different compressors and packers using the TitanEngine Community edition. One of the things which I am trying to do is to set a breakpoint on an API (GetProcAddress). However, my callback code seems to be called only in cases where the breakpoint is placed at the begining of the API : SetAPIBreakPoint("KERNEL32.DLL","GetProcAddress",UE_BREAKPOINT,UE_APISTART,(void*)cbCallBack); If I am change the UE_APISTART with APIEND, the callback never gets called. The thing is that I would need to be able to land somewhere near the end of the API call and return from there. Does anyone know how I can do thi…
-
[SDK Example] x64 MPRESS/PESpin Unpacker
by mrexodia- 3 replies
- 14.1k views
Hello everyone, Here is a small SDK example for TitanEngine Community Edition. It covers far from all features, but enough to get you started. This is the code: #include <windows.h>#include <stdio.h>#include <psapi.h>#include "TitanEngine\TitanEngine.h"PROCESS_INFORMATION* fdProcessInfo;LPVOID lpBaseOfImage;char szDumpName[MAX_PATH]="";static void log(const char* format, ...){ va_list args; va_start(args, format); char msg[1024]=""; vsprintf(msg, format, args); puts(msg);}static void cbOep(){ long long rip=GetContextData(UE_RIP); log("> OEP 0x%llX reached!", rip); log("> Dumping..."); DeleteFileA(szDumpName); //Dump t…
-
a couple of points
by deepzero- 1 reply
- 8.3k views
Hey, I spent some time reading through the source. I am not a huge fan of it, but i guess we'll have to work with what we have. I forked the project, because i havnt used bitbucket before and didnt want to break anything. A pull request has been issued to exodia, the first batch of fixes should be trivial. I have also created a couple of "issues" on the original repo. Once the pull request has been merged, i'll continue to shoot bugfixes into the bug fix branch, which can then be merged to master, after a second pair of eyes singed off on it. Several points: - NULL should only be used for pointers, we should use 0 for normal int variables. - poi…
-
TitanEngine Community Edition Help
by mrexodia- 3 replies
- 9.4k views
Hey, Currently the PDF file included in TitanEngine isn't up to date, so the help needs updating. First I converted the PDF file to RTF with UniPDF and then we used word to convert it to DOCX. Attached the current DOCX file. This topic will be updated once I started working on the help. Greetings, Mr. eXoDia PS No copyright harm or whatever intended (ReversingLabs company name is included in the document). TitanEngine - SDK.rar
-
- 3 replies
- 10.6k views
Opening this thread for all discussion and feedback related to the TE update by Mr.Exodia in general to keep other threads more clean. Source: https://bitbucket.org/mrexodia/titanengine-update/overview Issue / Bug Tracker: https://bitbucket.org/mrexodia/titanengine-update/issues Please also create issue tickets there if you have an account.
