Allow setting the driver name for GUI and x64dbg plugin

Author: mrexodia

TitanHideGUI/main.cpp

@@ -1,40 +1,44 @@
 #include <windows.h>
 #include <commctrl.h>
 #include <stdio.h>
+#include <utility>
 #include "resource.h"
 #include "..\TitanHide\TitanHide.h"
 
-HINSTANCE hInst;
+static HINSTANCE hInst;
+static char iniPath[MAX_PATH];
+
+static std::pair<int, HIDE_TYPE> gOptions[] =
+{
+    { IDC_CHK_PROCESSDEBUGFLAGS, HideProcessDebugFlags },
+    { IDC_CHK_PROCESSDEBUGPORT, HideProcessDebugPort },
+    { IDC_CHK_PROCESSDEBUGOBJECTHANDLE, HideProcessDebugObjectHandle },
+    { IDC_CHK_DEBUGOBJECT, HideDebugObject },
+    { IDC_CHK_SYSTEMDEBUGGERINFORMATION, HideSystemDebuggerInformation },
+    { IDC_CHK_NTCLOSE, HideNtClose },
+    { IDC_CHK_THREADHIDEFROMDEBUGGER, HideThreadHideFromDebugger },
+    { IDC_CHK_NTGETCONTEXTTHREAD, HideNtGetContextThread },
+    { IDC_CHK_NTSETCONTEXTTHREAD, HideNtSetContextThread },
+    { IDC_CHK_NTSYSTEMDEBUGCONTROL, HideNtSystemDebugControl },
+};
 
 static ULONG GetTypeDword(HWND hwndDlg)
 {
     ULONG Option = 0;
-    if(IsDlgButtonChecked(hwndDlg, IDC_CHK_PROCESSDEBUGFLAGS))
-        Option |= (ULONG)HideProcessDebugFlags;
-    if(IsDlgButtonChecked(hwndDlg, IDC_CHK_PROCESSDEBUGPORT))
-        Option |= (ULONG)HideProcessDebugPort;
-    if(IsDlgButtonChecked(hwndDlg, IDC_CHK_PROCESSDEBUGOBJECTHANDLE))
-        Option |= (ULONG)HideProcessDebugObjectHandle;
-    if(IsDlgButtonChecked(hwndDlg, IDC_CHK_DEBUGOBJECT))
-        Option |= (ULONG)HideDebugObject;
-    if(IsDlgButtonChecked(hwndDlg, IDC_CHK_SYSTEMDEBUGGERINFORMATION))
-        Option |= (ULONG)HideSystemDebuggerInformation;
-    if(IsDlgButtonChecked(hwndDlg, IDC_CHK_NTCLOSE))
-        Option |= (ULONG)HideNtClose;
-    if(IsDlgButtonChecked(hwndDlg, IDC_CHK_THREADHIDEFROMDEBUGGER))
-        Option |= (ULONG)HideThreadHideFromDebugger;
-    if(IsDlgButtonChecked(hwndDlg, IDC_CHK_NTGETCONTEXTTHREAD))
-        Option |= (ULONG)HideNtGetContextThread;
-    if(IsDlgButtonChecked(hwndDlg, IDC_CHK_NTSETCONTEXTTHREAD))
-        Option |= (ULONG)HideNtSetContextThread;
-    if(IsDlgButtonChecked(hwndDlg, IDC_CHK_NTSYSTEMDEBUGCONTROL))
-        Option |= (ULONG)HideNtSystemDebugControl;
+    for (const auto& option : gOptions)
+    {
+        if (IsDlgButtonChecked(hwndDlg, option.first))
+            Option |= (ULONG)option.second;
+    }
     return Option;
 }
 
 static void TitanHideCall(HWND hwndDlg, HIDE_COMMAND Command)
 {
-    HANDLE hDevice = CreateFileA("\\\\.\\TitanHide", GENERIC_READ | GENERIC_WRITE, 0, 0, OPEN_EXISTING, 0, 0);
+    char driverName[256] = "\\\\.\\";
+    GetWindowTextA(GetDlgItem(hwndDlg, IDC_EDT_DRIVER), driverName + 4, sizeof(driverName) - 4);
+    WritePrivateProfileStringA("TitanHide", "DriverName", driverName + 4, iniPath);
+    HANDLE hDevice = CreateFileA(driverName, GENERIC_READ | GENERIC_WRITE, 0, 0, OPEN_EXISTING, 0, 0);
     if(hDevice == INVALID_HANDLE_VALUE)
     {
         MessageBoxA(hwndDlg, "Could not open TitanHide handle...", "Driver loaded?", MB_ICONERROR);
@@ -58,6 +62,14 @@ static BOOL CALLBACK DlgMain(HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPar
     {
     case WM_INITDIALOG:
     {
+        SetWindowTextA(GetDlgItem(hwndDlg, IDC_EDT_DRIVER), "TitanHide");
+        for (const auto& option : gOptions)
+        {
+            CheckDlgButton(hwndDlg, option.first, BST_CHECKED);
+        }
+        char driverName[256] = "";
+        GetPrivateProfileStringA("TitanHide", "DriverName", "TitanHide", driverName, sizeof(driverName), iniPath);
+        SetWindowTextA(GetDlgItem(hwndDlg, IDC_EDT_DRIVER), driverName);
     }
     return TRUE;
 
@@ -100,5 +112,12 @@ int APIENTRY WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLi
 {
     hInst = hInstance;
     InitCommonControls();
+    GetModuleFileNameA(hInstance, iniPath, sizeof(iniPath));
+    auto ext = strrchr(iniPath, '.');
+    if (ext != nullptr)
+    {
+        *ext = '\0'; // remove the extension
+    }
+    strncat_s(iniPath, ".ini", _TRUNCATE); // append .ini
     return (int)DialogBox(hInst, MAKEINTRESOURCE(DLG_MAIN), NULL, (DLGPROC)DlgMain);
 }

TitanHideGUI/resource.h

@@ -17,3 +17,4 @@
 #define IDC_CHK_SYSTEMDEBUGGERINFORMATION       1011
 #define IDC_CHK_NTSYSTEMDEBUGCONTROL            1012
 #define IDC_CHK_NTGETCONTEXTTHREAD              1013
+#define IDC_EDT_DRIVER                          40000

TitanHideGUI/resource.rc

@@ -1,5 +1,5 @@
-// Generated by ResEdit 1.5.11
-// Copyright (C) 2006-2012
+// Generated by ResEdit 1.6.6
+// Copyright (C) 2006-2015
 // http://www.resedit.net
 
 #include <windows.h>
@@ -14,25 +14,27 @@
 // Dialog resources
 //
 LANGUAGE LANG_NEUTRAL, SUBLANG_NEUTRAL
-DLG_MAIN DIALOG 0, 0, 182, 134
+DLG_MAIN DIALOG 0, 0, 182, 133
 STYLE DS_3DLOOK | DS_CENTER | DS_MODALFRAME | DS_SHELLFONT | WS_CAPTION | WS_VISIBLE | WS_POPUP | WS_SYSMENU
 CAPTION "TitanHide"
 FONT 8, "Courier New"
 {
-    RTEXT           "PID:", IDC_STATIC, 3, 4, 17, 8, SS_RIGHT
-    EDITTEXT        IDC_EDT_PID, 22, 3, 36, 12, ES_NUMBER
-    PUSHBUTTON      "&Hide", IDC_BTN_HIDE, 125, 10, 50, 14
-    PUSHBUTTON      "&Unhide", IDC_BTN_UNHIDE, 125, 26, 50, 14
-    PUSHBUTTON      "Unhide &All", IDC_BTN_UNHIDEALL, 125, 42, 50, 14
-    GROUPBOX        "Options", IDC_STATIC, 2, 18, 117, 112
-    AUTOCHECKBOX    "ProcessDebugFlags", IDC_CHK_PROCESSDEBUGFLAGS, 7, 28, 80, 8
-    AUTOCHECKBOX    "ProcessDebugPort", IDC_CHK_PROCESSDEBUGPORT, 7, 38, 74, 8
-    AUTOCHECKBOX    "ProcessDebugObjectHandle", IDC_CHK_PROCESSDEBUGOBJECTHANDLE, 7, 48, 108, 8
-    AUTOCHECKBOX    "DebugObject", IDC_CHK_DEBUGOBJECT, 7, 58, 55, 8
-    AUTOCHECKBOX    "SystemDebuggerInformation", IDC_CHK_SYSTEMDEBUGGERINFORMATION, 7, 68, 110, 8
-    AUTOCHECKBOX    "NtClose", IDC_CHK_NTCLOSE, 7, 78, 38, 8
-    AUTOCHECKBOX    "ThreadHideFromDebugger", IDC_CHK_THREADHIDEFROMDEBUGGER, 7, 88, 99, 8
-    AUTOCHECKBOX    "GetContextThread", IDC_CHK_NTGETCONTEXTTHREAD, 7, 98, 96, 8
-    AUTOCHECKBOX    "SetContextThread", IDC_CHK_NTSETCONTEXTTHREAD, 7, 108, 96, 8
-    AUTOCHECKBOX    "SystemDebugControl", IDC_CHK_NTSYSTEMDEBUGCONTROL, 7, 118, 96, 8
+    RTEXT           "PID:", IDC_STATIC, 3, 4, 17, 8, SS_RIGHT, WS_EX_LEFT
+    EDITTEXT        IDC_EDT_PID, 22, 3, 36, 12, ES_NUMBER, WS_EX_LEFT
+    RTEXT           "Driver:", IDC_STATIC, 62, 4, 29, 9, SS_RIGHT, WS_EX_LEFT
+    EDITTEXT        IDC_EDT_DRIVER, 93, 3, 81, 12, 0, WS_EX_LEFT
+    PUSHBUTTON      "&Hide", IDC_BTN_HIDE, 125, 26, 50, 14, 0, WS_EX_LEFT
+    PUSHBUTTON      "&Unhide", IDC_BTN_UNHIDE, 125, 42, 50, 14, 0, WS_EX_LEFT
+    PUSHBUTTON      "Unhide &All", IDC_BTN_UNHIDEALL, 125, 58, 50, 14, 0, WS_EX_LEFT
+    GROUPBOX        "Options", IDC_STATIC, 2, 18, 117, 112, 0, WS_EX_LEFT
+    AUTOCHECKBOX    "ProcessDebugFlags", IDC_CHK_PROCESSDEBUGFLAGS, 7, 28, 80, 8, 0, WS_EX_LEFT
+    AUTOCHECKBOX    "ProcessDebugPort", IDC_CHK_PROCESSDEBUGPORT, 7, 38, 74, 8, 0, WS_EX_LEFT
+    AUTOCHECKBOX    "ProcessDebugObjectHandle", IDC_CHK_PROCESSDEBUGOBJECTHANDLE, 7, 48, 108, 8, 0, WS_EX_LEFT
+    AUTOCHECKBOX    "DebugObject", IDC_CHK_DEBUGOBJECT, 7, 58, 55, 8, 0, WS_EX_LEFT
+    AUTOCHECKBOX    "SystemDebuggerInformation", IDC_CHK_SYSTEMDEBUGGERINFORMATION, 7, 68, 110, 8, 0, WS_EX_LEFT
+    AUTOCHECKBOX    "NtClose", IDC_CHK_NTCLOSE, 7, 78, 38, 8, 0, WS_EX_LEFT
+    AUTOCHECKBOX    "ThreadHideFromDebugger", IDC_CHK_THREADHIDEFROMDEBUGGER, 7, 88, 99, 8, 0, WS_EX_LEFT
+    AUTOCHECKBOX    "GetContextThread", IDC_CHK_NTGETCONTEXTTHREAD, 7, 98, 96, 8, 0, WS_EX_LEFT
+    AUTOCHECKBOX    "SetContextThread", IDC_CHK_NTSETCONTEXTTHREAD, 7, 108, 96, 8, 0, WS_EX_LEFT
+    AUTOCHECKBOX    "SystemDebugControl", IDC_CHK_NTSYSTEMDEBUGCONTROL, 7, 118, 96, 8, 0, WS_EX_LEFT
 }

TitanHide_OllyDbg/TitanHide_OllyDbg.vcxproj

@@ -65,6 +65,7 @@
       <SDLCheck>true</SDLCheck>
       <AdditionalOptions>/Zc:threadSafeInit- %(AdditionalOptions)</AdditionalOptions>
       <PreprocessorDefinitions>WINVER=0x0501;_WIN32_WINNT=0x0501;NTDDI_VERSION=0x05010000;_WINDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
     </ClCompile>
     <Link>
       <GenerateDebugInformation>DebugFull</GenerateDebugInformation>

TitanHide_TitanEngine/TitanHide_TitanEngine.vcxproj

@@ -93,6 +93,7 @@
       <SDLCheck>true</SDLCheck>
       <AdditionalOptions>/Zc:threadSafeInit- %(AdditionalOptions)</AdditionalOptions>
       <PreprocessorDefinitions>WINVER=0x0502;_WIN32_WINNT=0x0502;NTDDI_VERSION=0x05020000;WINVER=0x0501;_WIN32_WINNT=0x0501;NTDDI_VERSION=0x05010000;_WINDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
     </ClCompile>
     <Link>
       <GenerateDebugInformation>DebugFull</GenerateDebugInformation>
@@ -106,6 +107,7 @@
       <Optimization>Disabled</Optimization>
       <SDLCheck>true</SDLCheck>
       <PreprocessorDefinitions>WINVER=0x0502;_WIN32_WINNT=0x0502;NTDDI_VERSION=0x05020000;_WINDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
     </ClCompile>
     <Link>
       <GenerateDebugInformation>DebugFull</GenerateDebugInformation>

TitanHide_x64dbg/TitanHide_x64dbg.vcxproj

@@ -118,7 +118,7 @@
       <FunctionLevelLinking>true</FunctionLevelLinking>
       <IntrinsicFunctions>true</IntrinsicFunctions>
       <SDLCheck>true</SDLCheck>
-      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
       <InlineFunctionExpansion>Disabled</InlineFunctionExpansion>
       <WholeProgramOptimization>false</WholeProgramOptimization>
       <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
@@ -159,7 +159,7 @@
       <FunctionLevelLinking>true</FunctionLevelLinking>
       <IntrinsicFunctions>true</IntrinsicFunctions>
       <SDLCheck>true</SDLCheck>
-      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
       <InlineFunctionExpansion>Disabled</InlineFunctionExpansion>
       <WholeProgramOptimization>false</WholeProgramOptimization>
       <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>

TitanHide_x64dbg/plugin.cpp

@@ -1,25 +1,28 @@
 #include "plugin.h"
 #include <windows.h>
 #include <stdio.h>
+#include <string>
 #include "../TitanHide/TitanHide.h"
 
 static DWORD pid = 0;
 static bool hidden = false;
+static std::string driverName = "TitanHide";
 
 static ULONG GetTitanHideOptions()
 {
     duint options = 0;
-    if(!BridgeSettingGetUint("TitanHide", "Options", &options))
+    if (!BridgeSettingGetUint("TitanHide", "Options", &options))
         options = 0xffffffff;
     return (ULONG)options;
 }
 
 static bool TitanHideCall(HIDE_COMMAND Command)
 {
-    HANDLE hDevice = CreateFileA("\\\\.\\TitanHide", GENERIC_READ | GENERIC_WRITE, 0, 0, OPEN_EXISTING, 0, 0);
-    if(hDevice == INVALID_HANDLE_VALUE)
+    auto path = "\\\\.\\" + driverName;
+    HANDLE hDevice = CreateFileA(path.c_str(), GENERIC_READ | GENERIC_WRITE, 0, 0, OPEN_EXISTING, 0, 0);
+    if (hDevice == INVALID_HANDLE_VALUE)
     {
-        _plugin_logputs("[" PLUGIN_NAME "] Could not open TitanHide handle...");
+        _plugin_logputs("[" PLUGIN_NAME "] Could not open TitanHide handle (wrong driver name?)");
         return false;
     }
     HIDE_INFO HideInfo;
@@ -28,7 +31,7 @@ static bool TitanHideCall(HIDE_COMMAND Command)
     HideInfo.Type = GetTitanHideOptions();
     DWORD written = 0;
     auto result = false;
-    if(WriteFile(hDevice, &HideInfo, sizeof(HIDE_INFO), &written, 0))
+    if (WriteFile(hDevice, &HideInfo, sizeof(HIDE_INFO), &written, 0))
     {
         _plugin_logprintf("[" PLUGIN_NAME "] Process %shidden!\n", Command == UnhidePid ? "un" : "");
         result = true;
@@ -43,10 +46,10 @@ static bool TitanHideCall(HIDE_COMMAND Command)
 
 static bool cbTitanHide(int argc, char* argv[])
 {
-    if(!hidden)
+    if (!hidden)
     {
         _plugin_logprintf("[" PLUGIN_NAME "] Hiding PID %X (%ud)\n", pid, pid);
-        if(TitanHideCall(HidePid))
+        if (TitanHideCall(HidePid))
         {
             DbgCmdExecDirect("hide");
             hidden = true;
@@ -57,32 +60,47 @@ static bool cbTitanHide(int argc, char* argv[])
 
 static bool cbTitanUnhide(int argc, char* argv[])
 {
-    if(hidden)
+    if (hidden)
     {
         _plugin_logprintf("[" PLUGIN_NAME "] Unhiding PID %X (%ud)\n", pid, pid);
-        if(TitanHideCall(UnhidePid))
+        if (TitanHideCall(UnhidePid))
             hidden = false;
     }
     return !hidden;
 }
 
 static bool cbTitanHideOptions(int argc, char* argv[])
 {
-    if(argc < 2)
+    if (argc < 2)
     {
         _plugin_logprintf("[" PLUGIN_NAME "] Options: 0x%08X\n", GetTitanHideOptions());
     }
     else
     {
         duint options = DbgValFromString(argv[1]);
         BridgeSettingSetUint("TitanHide", "Options", options & 0xffffffff);
-        if(hidden)
+        if (hidden)
             TitanHideCall(HidePid);
         _plugin_logprintf("[" PLUGIN_NAME "] New options: 0x%08X\n", GetTitanHideOptions());
     }
     return true;
 }
 
+static bool cbTitanHideName(int argc, char* argv[])
+{
+    if (argc < 2)
+    {
+        _plugin_logprintf("[" PLUGIN_NAME "] Current driver name: '%s'\n", argv[0]);
+    }
+    else
+    {
+        driverName = argv[1];
+        BridgeSettingSet("TitanHide", "DriverName", driverName.c_str());
+        _plugin_logprintf("[" PLUGIN_NAME "] New driver name: '%s'\n", driverName.c_str());
+    }
+    return true;
+}
+
 PLUG_EXPORT void CBCREATEPROCESS(CBTYPE cbType, PLUG_CB_CREATEPROCESS* info)
 {
     pid = info->fdProcessInfo->dwProcessId;
@@ -107,9 +125,17 @@ PLUG_EXPORT void CBSTOPDEBUG(CBTYPE cbType, PLUG_CB_STOPDEBUG* info)
 
 void TitanHideInit(PLUG_INITSTRUCT* initStruct)
 {
+    char setting[MAX_SETTING_SIZE] = "";
+    BridgeSettingGet("TitanHide", "DriverName", setting);
+    if (setting[0] != '\0')
+    {
+        driverName = setting;
+    }
+
     _plugin_registercommand(pluginHandle, "TitanHide", cbTitanHide, true);
     _plugin_registercommand(pluginHandle, "TitanUnhide", cbTitanUnhide, true);
     _plugin_registercommand(pluginHandle, "TitanHideOptions", cbTitanHideOptions, false);
+    _plugin_registercommand(pluginHandle, "TitanHideName", cbTitanHideName, false);
 }
 
 void TitanHideStop()