Skip to content

qengine 1.1.1.0
Compare
Choose a tag to compare
@Chemiculs Chemiculs released this 03 Jul 20:46
· 18 commits to main since this release
1.1.1.0
f94df07
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

qengine 1.1.1.0 addresses several bugs in the engine and further optimizations of the codebase, alongside changes to the functionality of the Inline hook scanner, and the PE header / SCN_CODE_EXECUTE manipulation class.

  • Appended qxx_bool types for those who prefer polar arithmetic as opposed to integral types for flags

  • Appended qxx_struct types, allowing users to wrap their self-defined structures inside of qengines inlined algorithm and achieve similar results to the primitive qengine type wrappers.

  • The updated polyc algorithm in which Pointer entries to the master table were corrupted due to register-optimization in certain qe_ and qeh_ series types (fixed with volatile globals).

  • Updated and standardized the entire syntax of the project, conforming engine to the prescribed modifier aliases for the project:

:: REMEMBER THE BELOW ALIASES WHEN READING QENGINE'S SOURCE :: ->
-> imut = const
-> mut = mutable
-> imut_cast = const_cast
-> noregister = volatile
-> volatile_cast = const_cast
-> c_void = void*

  • Updated Inline hook scanning class to remove multi-threaded hook scan feature -
    The feature ate unnecessary resources for those using it, and seeing that the only time worth scanning for a hook would be before calling the function in question, the class has been modified to the following single-threaded calling format:
const std::size_t function_length = qengine::qhook::qhook_util::analyze_fn_length( & METHOD_NAME );

qengine::qhook::qhook_detection_t* detection_result;

if (detection_result = qengine::qhook::qhook_util::analyze_fn_hook_presence( & METHOD_NAME, function_length)){

    // non-null return value indicates the presence of inline hook leaving module address space
}
  • Updated, optimized, and renamed / appended functions to the class. It still functions as it used to for the most part but here is the new example project of PE manipulation with the correct OOP
qmorph::qdisasm::qsection_assembler sec{ }; 	// Initialize qengine's PE manipulation object

sec.analyze_executable_sections();                         // Perform initial analysis on PE headers / sections
sec.morph_executable_sections(true);                   //  Perform instruction mutation
sec.wipe_idata_ilt();                                                // Wipe the ILT and .idata ection, preserve the IAT
sec.wipe_basereloc();                                             // Wipe basereloc section, if module unable to allocate preferred base
sec.wipe_section_headers();                                  // Wipe section headers
sec.scramble_dos_header();                                  // Wipe dos + NT header fields LAST
sec.scramble_nt_header();                                    //
Assets 2
Loading