mrexodia Posted January 14, 2014 Posted January 14, 2014 (edited) Hello everyone,Together with cypher I started working on an update for the famous TitanEngine. The main intention for the 'community edition' is bugfixing, but there are also several features added. We want to keep the original function names and arguments of TitanEngine v2, but in some cases the function arguments were for example incompatible with 64-bit systems. Various changes:Fixed hardware breakpoints (various problems in x32 and not working in x64);Fixed memory breakpoints (still needs some checks);Changed exception handling (now only non-debugger-handled exceptions are reported);Fixed TitanEngine64 (never started debugging);Pieces of code rewritten;Fixed DumpProcessExW (found/fixed by Aguila);Added various callbacks (SetCustomHandler);Added memory breakpoint on execute;Added QWORD hardware breakpoints;Smaller and cleaner DLL Loaders (written in NASM);Support for multiple calling conventions (TITCALL), default changed to _cdecl;MinGW import libraries (for compatibility with x64_dbg);Fixed exception handling;Import reconstruction -> Scylla (cypher);Various other bugfixes too small to mention;StepOver calls StepInto when needed (RET, JMP, REP).StepInto calls StepOver when needed (PUSHFD)Find downloads on the repository. Please report bugs/feature suggestions in another thread in this forum. If you want to contribute, just send me and/or cypher a private message. Greetings, Mr. eXoDia & cypher Edited January 14, 2014 by Mr. eXoDia 11
cypher Posted January 14, 2014 Posted January 14, 2014 (edited) I now (nearly) finished integrating Scylla into TE as its IAT-Engine. Reason for this: TE's own IAT engine is buggy and not accurate enough.Its working amazingly good. The IAT-Autosearch is now as accurate as Scylla and fixed dumps work perfectly. Tested with an Armadillo 8.60 unpacker. For now the changes are living here on a seperate branch but will probably soon be merged to master.It uses a custom made wrapper around scylla which you can also use standalone without TE: see this topic There were some necessary changes to the SDK, C/C++ headers haven been updated ImporterAutoSearchIAT ImporterAutoSearchIATW ImporterAutoSearchIATEx - these now have process ID as first param, not handle - parameter imagebase is obsolete for non-Ex functions and has been removed ImporterAutoFixIATEx ImporterAutoFixIATExW ImporterAutoFixIAT ImporterAutoFixIATW - first param now DWORD pid - params searchSize, searchStep now obsolete and removed - param imagebase obsolete for non-Ex functions and removed ImporterExportIATEx ImporterExportIATExW - new param: wchar_t* dumpfilename ImporterExportIAT(ULONG_PTR StorePlace, ULONG_PTR FileMapVA, HANDLE hFileMap) - new param: HANDLE hFileMap //all other Importer:: functions that have to do with IAT reconstruction are NOT scylla-enabled, as they dont need to be and are obsoleteTesting is easy, have a dump then DWORD iatStart = 0xDEADBEEF; DWORD iatSize = 0xDEADBEEF; Importer::AutoSearchIAT(processId, DumpFileName, codeSectionAddr, &iatStart, &iatSize); //should fill up iatStart,iatSize if successful Importer::ExportIATEx(DumpFileName, IatFixFileName, _T(".t4you")); //returns true on success and a shiny new file should appear Edited January 14, 2014 by cypher 1
metr0 Posted January 14, 2014 Posted January 14, 2014 Nice work! Great to see the community expanding on TitanEngine.
LCF-AT Posted January 14, 2014 Posted January 14, 2014 Hi, so why do you not include a new compiled titan.dll for users who don't work with any program language etc you know? Question: So why do you guys not start a project to create a almost all in one dll which has many features & functions of other dlls so this would be nice if there are already some sources to get. MultiFunction.dll -------------------------- Add Titan Add beaEngine Add Disasm Add Scylla Add etc... Add Custom functions by other users by request / ideas etc -------------------------- So at the end you will have a all in one dll.So I think this kind of project would be a very interesting one or?So I am no coder but for me it sounds to be a good idea and if I could do this then I would also try to do this if possible. greetz 1 1
deepzero Posted January 14, 2014 Posted January 14, 2014 Nice. How do we contribute? Make an account and send pull requests? this probably wont work as expected: __try { if(Plugin[i].TitanResetPlugin != NULL) { myPluginResetExec = (fPluginResetExec)Plugin[i].TitanResetPlugin; myPluginResetExec(); } }__try is for c++ exceptions, not like windows' catch-all SEHs or VEHs. Also, how does this handle 32/64 files? Looking at methond "EngineValidateHeader" i only see 64 bit code. (the method probably should be called "isHeaderValid", too.) Lastly, do you think it would make sense to split this into several files? A single 30K line file is not much fun to manage when several people are contributing.
mrexodia Posted January 14, 2014 Author Posted January 14, 2014 (edited) @LCF-AT: The latest 'stable' binary can be downloaded from https://bitbucket.org/mrexodia/titanengine-update/downloads. I attached the latest dev build + C header here. About the super-DLL you mentioned: it could be a good idea, but managing such a project would suck. Next to that, it would be 10mb for only BeaEngine/Scylla if you need it, which seems kind of big to me. You can request custom functions as long as they are related to the purpose of TitanEngine... @deepzero: Yea, contributing could go like this, but I could also add you to the repo when you like... As for the issues, I added them to the repo, because I don't know the answer for them right now. EngineValidateHeader seems valid, as DumpProcess for example works fine.. Splitting the file was my idea too, but there are some nasty global variables etc, which make it kind of time-consuming to do. GreetingsTitanEngineDev.rar Edited January 14, 2014 by Mr. eXoDia 1
deepzero Posted January 14, 2014 Posted January 14, 2014 but there are some nasty global variables o_O dear lord, i didnt even see those. and what is this madness: // Global.Engine.Constants: #define UE_MODULEx86 0x2000; #define UE_MODULEx64 0x2000; I just created a bitbucket account, if you could add me to the repo, that'd be great. I'll then branch off and fix the bugs that jumped into my face when scrolling over it. Truth be told, though: this piece of chaos and mayhem could really use a major refactoring.
deepzero Posted January 14, 2014 Posted January 14, 2014 I take back what i said about the __try block: you are using __try .. __except, which is a MSVC compiler extension ... which is using SEH, it seems.
mrexodia Posted January 14, 2014 Author Posted January 14, 2014 (edited) those are the RVAs that the custom DLL loader reads for the filename to load It works surprisingly well and the executables are really small and clean. the code indeed needs much refactoring.. I did some already, but the debugloop for example is terribly hard to read. Greetings edit: you have repo access Edited January 14, 2014 by Mr. eXoDia 2
cypher Posted January 14, 2014 Posted January 14, 2014 (edited) @LCF-AT: TE is more or less a complete multi-function DLL. Many of the functions can be used without initializing the debugger.Disasm and scylla is already integrated.We will also be providing pre-compiled binaries whenever we made changes that are worth being released. Here is a quick overview over the Classes that are already in TE with every function you may think of for their respective topic: - Dumper - Debugger - Importer - Realigner - Relocater - Tracer - Exporter - Librarian - TLS - Static - Threader - Resourcer - Hooks - Process - Handler@deepzero: For validating use Realigner::IsPE32FileValidEx function. There isnt a 64bit version (yet). mr.exodia is adding 64bit functions whereever we come across or get pointed to. Splitting TE isnt sth that can be done easily unfortunately. Therefore everyone should work on branches for bigger changes. Maybe we should Git-Flow enable the repo for better dev/feature/bugfix/release maintenance. TE is a great framework but still has alot bugs yet to be fixed or even be discovered. We welcome everyone to help improve it. Edited January 14, 2014 by cypher
mrexodia Posted January 26, 2014 Author Posted January 26, 2014 (edited) Quick V0002 release is here. Far from bug free, but imports reconstruction (using scylla_wrapper) is quite stable and memory breakpoints are finally working again. Also many changes made by deepzero were added. Changelog: https://bitbucket.org/mrexodia/titanengine-update/commits Download: https://bitbucket.org/mrexodia/titanengine-update/downloads Also attached the binaries. Greetings, Mr. eXoDia PS This is not really a release, more like a snapshot for users that don't wanna compile everything.TitanEngineUpdate_0002.rar Edited January 26, 2014 by Mr. eXoDia 3
mrexodia Posted February 8, 2014 Author Posted February 8, 2014 Changelog V0003: - fixed some anti-debug tricks (DBG_RIPEXCEPTION and DBG_PRINTEXCEPTION_C) - fixed a massive bug in exception handling (almost all exceptions were swallowed by the debugger) - added a callback for the RIP_EVENT debug event Greetings, Mr. eXoDiaTitanEngineUpdate_0003.rar 2
mrexodia Posted March 3, 2014 Author Posted March 3, 2014 Changlog V0004: - fixed hardware breakpoints - HUGE code refactoring, now it's a managable project Download: https://bitbucket.org/mrexodia/titanengine-update/downloads Greetings, Mr. eXoDia 2
mrexodia Posted March 5, 2014 Author Posted March 5, 2014 (edited) Changelog V0005: - dynamic lists (no more 300 mb memory footprint per default) - Aguila added some hiding techniques - scylla got updated Download: https://bitbucket.org/mrexodia/titanengine-update/downloads Greetings, Mr. eXoDia Edited March 5, 2014 by Mr. eXoDia 2
Loki Posted March 6, 2014 Posted March 6, 2014 Thanks gents - good to see Aguilla's expertise feeding in too 1
wineggdrop Posted March 9, 2014 Posted March 9, 2014 how to use ImporteraddNewDLL() and ImporterAddNewAPI(),looking for example on both API
cypher Posted March 9, 2014 Posted March 9, 2014 ImporterAddNewDll("kernel32.dll", firstThunkRVA); ImporterAddNewAPI("LoadLibraryA", thunkVA);
mrexodia Posted March 21, 2014 Author Posted March 21, 2014 V0007 is out! Changelog: - See commit messages Download: https://bitbucket.org/mrexodia/titanengine-update/downloads Enjoy, TitanEngineCE Team 1
mrexodia Posted May 18, 2014 Author Posted May 18, 2014 V0008 is out! Changelog: - fixed TitanEngine.Handler - fixed TitanEngine.Debugger.Context - updated scylla_wrapper - ULONG_PTR instead of long long - Debug privilege option - added export TitanOpenProcess (opens a process with debug privilege when the option is enabled) - fixed various deadlocks (hopefully) - fixed closing a handle that shouldn't be closed - fixed breakpoint filters - added UE_CH_DEBUGEVENT custom handler - removed UE_CH_ALLEVENTS custom handler - rewrote GetPE32SectionNumberFromVA - fixed a bug with UE_SECTIONNAME on x64 - hardware breakpoints are not set on all threads Download: https://bitbucket.org/mrexodia/titanengine-update/downloads Enjoy, TitanEngineCE Team 5
tarequl.hassan Posted April 16, 2021 Posted April 16, 2021 Hi Can anyone share the Tutorial for using Titanengine or its utility? Thanks
tarequl.hassan Posted June 11, 2021 Posted June 11, 2021 On 5/18/2014 at 8:51 PM, mrexodia said: V0008 is out! Changelog: - fixed TitanEngine.Handler - fixed TitanEngine.Debugger.Context - updated scylla_wrapper - ULONG_PTR instead of long long - Debug privilege option - added export TitanOpenProcess (opens a process with debug privilege when the option is enabled) - fixed various deadlocks (hopefully) - fixed closing a handle that shouldn't be closed - fixed breakpoint filters - added UE_CH_DEBUGEVENT custom handler - removed UE_CH_ALLEVENTS custom handler - rewrote GetPE32SectionNumberFromVA - fixed a bug with UE_SECTIONNAME on x64 - hardware breakpoints are not set on all threads Download: https://bitbucket.org/mrexodia/titanengine-update/downloads Enjoy, TitanEngineCE Team This link is not working
zdox Posted December 28, 2021 Posted December 28, 2021 On 6/11/2021 at 2:12 AM, tarequl.hassan said: This link is not working https://bitbucket.org/titanengineupdate/titanengine-update/src/master/hooks/ 1
tonyweb Posted December 28, 2021 Posted December 28, 2021 (edited) ... and also from the page linked by @zdox Quote Updated & Fixed version of TitanEngine (http://tinyurl.com/kyxmqt6) MOVED TO GITHUB: https://github.com/x64dbg/TitanEngine Edited December 29, 2021 by tonyweb little formatting
2days Posted June 23, 2023 Posted June 23, 2023 (edited) 2023-06-25 02-57-07.mp4 On 5/18/2014 at 9:51 PM, mrexodia said: V0008 is out! Changelog: - fixed TitanEngine.Handler - fixed TitanEngine.Debugger.Context - updated scylla_wrapper - ULONG_PTR instead of long long - Debug privilege option - added export TitanOpenProcess (opens a process with debug privilege when the option is enabled) - fixed various deadlocks (hopefully) - fixed closing a handle that shouldn't be closed - fixed breakpoint filters - added UE_CH_DEBUGEVENT custom handler - removed UE_CH_ALLEVENTS custom handler - rewrote GetPE32SectionNumberFromVA - fixed a bug with UE_SECTIONNAME on x64 - hardware breakpoints are not set on all threads Download: https://bitbucket.org/mrexodia/titanengine-update/downloads Enjoy, TitanEngineCE Team thank you very much. I'm trying to beat the mystery box that won't open. All methods on Windows 10 platform Use delphi to write loder + dll injection like cheat game. Doing it with little knowledge so it doesn't work . Even though I followed the method in the ollydbg script. if understood correctly. Everything I try to do is in Titan. update Need breakpoint VirtualFree to follow the bypass script. SetAPIBreakPoint Doesn't respond by name.(I don't know what's wrong) will read the help file . carefully again It's like something is missing. 2023-06-25 02-57-07.mp4 Edited June 24, 2023 by 2days
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now