From 610f91d87152cbe48d3054fcf437d8239da6ef35 Mon Sep 17 00:00:00 2001 From: Amlal Date: Sat, 21 Dec 2024 21:59:13 +0100 Subject: IMP: :boom: Breaking changes some checks are needed to be done. Signed-off-by: Amlal --- dev/Kernel/CFKit/Utils.h | 55 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 dev/Kernel/CFKit/Utils.h (limited to 'dev/Kernel/CFKit/Utils.h') diff --git a/dev/Kernel/CFKit/Utils.h b/dev/Kernel/CFKit/Utils.h new file mode 100644 index 00000000..370eca45 --- /dev/null +++ b/dev/Kernel/CFKit/Utils.h @@ -0,0 +1,55 @@ +#ifndef CFKIT_UTILS_H +#define CFKIT_UTILS_H + +#include +#include + +namespace CFKit +{ + using namespace Kernel; + + /// @brief Finds the PE header inside the blob. + inline auto ldr_find_exec_header(DosHeaderPtr ptrDos) -> LDR_EXEC_HEADER_PTR + { + if (!ptrDos) + return nullptr; + + if (ptrDos->eMagic[0] != kMagMz0) + return nullptr; + + if (ptrDos->eMagic[1] != kMagMz1) + return nullptr; + + return (LDR_EXEC_HEADER_PTR)(VoidPtr)(&ptrDos->eLfanew + 1); + } + + /// @brief Finds the PE optional header inside the blob. + inline auto ldr_find_opt_exec_header(DosHeaderPtr ptrDos) -> LDR_OPTIONAL_HEADER_PTR + { + if (!ptrDos) + return nullptr; + + auto exec = ldr_find_exec_header(ptrDos); + + if (!exec) + return nullptr; + + return (LDR_OPTIONAL_HEADER_PTR)(VoidPtr)(&exec->mCharacteristics + 1); + } + + /// @brief Finds the PE header inside the blob. + /// @note overloaded function. + inline auto ldr_find_exec_header(const Char* ptrDos) -> LDR_EXEC_HEADER_PTR + { + return ldr_find_exec_header((DosHeaderPtr)ptrDos); + } + + /// @brief Finds the PE header inside the blob. + /// @note overloaded function. + inline auto ldr_find_opt_exec_header(const Char* ptrDos) -> LDR_OPTIONAL_HEADER_PTR + { + return ldr_find_opt_exec_header((DosHeaderPtr)ptrDos); + } +} // namespace CFKit + +#endif // ifndef CFKIT_UTILS_H -- cgit v1.2.3