From 83d870e58457a1d335a1d9b9966a6a1887cc297b Mon Sep 17 00:00:00 2001 From: Amlal El Mahrouss Date: Mon, 24 Nov 2025 03:02:43 +0100 Subject: feat! breaking changes on kernel sources. Signed-off-by: Amlal El Mahrouss --- src/kernel/CFKit/Utils.h | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 src/kernel/CFKit/Utils.h (limited to 'src/kernel/CFKit/Utils.h') diff --git a/src/kernel/CFKit/Utils.h b/src/kernel/CFKit/Utils.h new file mode 100644 index 00000000..247ad5fb --- /dev/null +++ b/src/kernel/CFKit/Utils.h @@ -0,0 +1,48 @@ +#ifndef CFKIT_UTILS_H +#define CFKIT_UTILS_H + +#include +#include + +/// @brief CFKit +namespace Kernel::CF { +/// @brief Finds the PE header inside the blob. +inline auto ldr_find_exec_header(DosHeaderPtr ptrDos) -> LDR_EXEC_HEADER_PTR { + if (!ptrDos) return nullptr; + + if (ptrDos->eMagic[0] != kMagMz0) return nullptr; + + if (ptrDos->eMagic[1] != kMagMz1) return nullptr; + +#ifdef __NE_AMD64__ + return (LDR_EXEC_HEADER_PTR) (VoidPtr) (&ptrDos->eLfanew + 1); +#else + return (LDR_EXEC_HEADER_PTR) (VoidPtr) (&ptrDos->eLfanew); +#endif +} + +/// @brief Finds the PE optional header inside the blob. +inline auto ldr_find_opt_exec_header(DosHeaderPtr ptrDos) -> LDR_OPTIONAL_HEADER_PTR { + if (!ptrDos) return nullptr; + + auto exec = ldr_find_exec_header(ptrDos); + + if (!exec) return nullptr; + + return (LDR_OPTIONAL_HEADER_PTR) (VoidPtr) (&exec->Characteristics + 1); +} + +/// @brief Finds the PE header inside the blob. +/// @note overloaded function. +inline auto ldr_find_exec_header(const Char* ptrDos) -> LDR_EXEC_HEADER_PTR { + return ldr_find_exec_header((DosHeaderPtr) ptrDos); +} + +/// @brief Finds the PE header inside the blob. +/// @note overloaded function. +inline auto ldr_find_opt_exec_header(const Char* ptrDos) -> LDR_OPTIONAL_HEADER_PTR { + return ldr_find_opt_exec_header((DosHeaderPtr) ptrDos); +} +} // namespace Kernel::CF + +#endif // ifndef CFKIT_UTILS_H -- cgit v1.2.3