- changed status to resolved
Couple bugs with C++ SDK
Issue #5
resolved
missing in TitanEngine.h
const long UE_VANOTFOUND = -2;
const BYTE UE_HIDE_PEBONLY = 0;
const BYTE UE_CH_AFTEREXCEPTIONPROCESSING = 21;
__declspec(dllexport) bool TITCALL StaticRawMemoryCopyEx(HANDLE hFile, DWORD RawAddressToCopy, DWORD Size, char* szDumpFileName);
__declspec(dllexport) bool TITCALL StaticRawMemoryCopyExW(HANDLE hFile, DWORD RawAddressToCopy, DWORD Size, wchar_t* szDumpFileName);
__declspec(dllexport) bool TITCALL StaticRawMemoryCopyEx64(HANDLE hFile, DWORD64 RawAddressToCopy, DWORD64 Size, char* szDumpFileName);
__declspec(dllexport) bool TITCALL StaticRawMemoryCopyEx64W(HANDLE hFile, DWORD64 RawAddressToCopy, DWORD64 Size, wchar_t* szDumpFileName);
also in TitanEngine.h every function has calling convention __stdcall again which is against your TITCALL consistency.
all this makes compilation impossible for C++
btw.: do you like bug reports like these or shall I rather do Pull Requests ?
Comments (5)
-
-
- fixed issue
#5
→ <<cset 071841d3dade>>
- fixed issue
-
reporter
UE_HIDE_PEBONLY is used in ChangeHideDebuggerState(HANDLE hProcess, DWORD PatchAPILevel, bool Hide)
if(PatchAPILevel >= 1)and if us supply UE_HIDE_PEBONLY it patches PEB, if you supply UE_HIDE_BASIC it also patches CheckRemoteDebuggerPresent and GetTickCount
-
ok, has been updated
-
reporter
const long UE_VANOTFOUND = -2; is used as return type in GetPE32SectionNumberFromVA however its written as "-2" there. the #define is used in TitanScript.
readding it
- Log in to comment
Have been removed (they are never used inside the TitanEngine code).
Rest of the issue is fix.
This way is fine, but I could also add you to the repo.