blob: 247ad5fb626961a485f3e80a5c33e9cf0a521d19 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
#ifndef CFKIT_UTILS_H
#define CFKIT_UTILS_H
#include <KernelKit/MSDOS.h>
#include <KernelKit/PE.h>
/// @brief CFKit
namespace Kernel::CF {
/// @brief Finds the PE header inside the blob.
inline auto ldr_find_exec_header(DosHeaderPtr ptrDos) -> LDR_EXEC_HEADER_PTR {
if (!ptrDos) return nullptr;
if (ptrDos->eMagic[0] != kMagMz0) return nullptr;
if (ptrDos->eMagic[1] != kMagMz1) return nullptr;
#ifdef __NE_AMD64__
return (LDR_EXEC_HEADER_PTR) (VoidPtr) (&ptrDos->eLfanew + 1);
#else
return (LDR_EXEC_HEADER_PTR) (VoidPtr) (&ptrDos->eLfanew);
#endif
}
/// @brief Finds the PE optional header inside the blob.
inline auto ldr_find_opt_exec_header(DosHeaderPtr ptrDos) -> LDR_OPTIONAL_HEADER_PTR {
if (!ptrDos) return nullptr;
auto exec = ldr_find_exec_header(ptrDos);
if (!exec) return nullptr;
return (LDR_OPTIONAL_HEADER_PTR) (VoidPtr) (&exec->Characteristics + 1);
}
/// @brief Finds the PE header inside the blob.
/// @note overloaded function.
inline auto ldr_find_exec_header(const Char* ptrDos) -> LDR_EXEC_HEADER_PTR {
return ldr_find_exec_header((DosHeaderPtr) ptrDos);
}
/// @brief Finds the PE header inside the blob.
/// @note overloaded function.
inline auto ldr_find_opt_exec_header(const Char* ptrDos) -> LDR_OPTIONAL_HEADER_PTR {
return ldr_find_opt_exec_header((DosHeaderPtr) ptrDos);
}
} // namespace Kernel::CF
#endif // ifndef CFKIT_UTILS_H
|
