blob: 370eca453c8dc5d93ae4c2638853a7ecd81dd2bd (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
#ifndef CFKIT_UTILS_H
#define CFKIT_UTILS_H
#include <KernelKit/PE.h>
#include <KernelKit/MSDOS.h>
namespace CFKit
{
using namespace Kernel;
/// @brief Finds the PE header inside the blob.
inline auto ldr_find_exec_header(DosHeaderPtr ptrDos) -> LDR_EXEC_HEADER_PTR
{
if (!ptrDos)
return nullptr;
if (ptrDos->eMagic[0] != kMagMz0)
return nullptr;
if (ptrDos->eMagic[1] != kMagMz1)
return nullptr;
return (LDR_EXEC_HEADER_PTR)(VoidPtr)(&ptrDos->eLfanew + 1);
}
/// @brief Finds the PE optional header inside the blob.
inline auto ldr_find_opt_exec_header(DosHeaderPtr ptrDos) -> LDR_OPTIONAL_HEADER_PTR
{
if (!ptrDos)
return nullptr;
auto exec = ldr_find_exec_header(ptrDos);
if (!exec)
return nullptr;
return (LDR_OPTIONAL_HEADER_PTR)(VoidPtr)(&exec->mCharacteristics + 1);
}
/// @brief Finds the PE header inside the blob.
/// @note overloaded function.
inline auto ldr_find_exec_header(const Char* ptrDos) -> LDR_EXEC_HEADER_PTR
{
return ldr_find_exec_header((DosHeaderPtr)ptrDos);
}
/// @brief Finds the PE header inside the blob.
/// @note overloaded function.
inline auto ldr_find_opt_exec_header(const Char* ptrDos) -> LDR_OPTIONAL_HEADER_PTR
{
return ldr_find_opt_exec_header((DosHeaderPtr)ptrDos);
}
} // namespace CFKit
#endif // ifndef CFKIT_UTILS_H
|
