//TitanEngine.Dumper.functions: __declspec(dllexport) bool TITCALL DumpProcess(HANDLE hProcess, LPVOID ImageBase, char* szDumpFileName, ULONG_PTR EntryPoint) { wchar_t uniDumpFileName[MAX_PATH] = {0}; if(szDumpFileName != NULL) { MultiByteToWideChar(CP_ACP, NULL, szDumpFileName, -1, uniDumpFileName, _countof(uniDumpFileName)); return DumpProcessW(hProcess, ImageBase, uniDumpFileName, EntryPoint); } return false; }
BOOL WINAPI ScyllaDumpProcessW(DWORD_PTR pid, const WCHAR * fileToDump, DWORD_PTR imagebase, DWORD_PTR entrypoint, const WCHAR * fileResult) { if (ProcessAccessHelp::openProcessHandle((DWORD)pid)) { return DumpProcessW(fileToDump, imagebase, entrypoint, fileResult); } else { return FALSE; } }
__declspec(dllexport) bool TITCALL DumpProcessExW(DWORD ProcessId, LPVOID ImageBase, wchar_t* szDumpFileName, ULONG_PTR EntryPoint) { HANDLE hProcess = 0; bool ReturnValue = false; hProcess = EngineOpenProcess(PROCESS_VM_READ|PROCESS_QUERY_INFORMATION, FALSE, ProcessId); if(hProcess) { ReturnValue = DumpProcessW(hProcess, ImageBase, szDumpFileName, EntryPoint); EngineCloseHandle(hProcess); return ReturnValue; } else { return false; } }
BOOL WINAPI ScyllaDumpCurrentProcessW(const WCHAR * fileToDump, DWORD_PTR imagebase, DWORD_PTR entrypoint, const WCHAR * fileResult) { ProcessAccessHelp::setCurrentProcessAsTarget(); return DumpProcessW(fileToDump, imagebase, entrypoint, fileResult); }