MSDN-WhiteKnight/x86.cpp

## x86.cpp
//http://c-jump.com/CIS77/CPU/x86/lecture.html
#include <stdio.h>
#include <stdint.h>
#include <tchar.h>
#include <Windows.h>
#include <DbgHelp.h>

#pragma comment(lib, "Dbghelp.lib")

struct Function {
	const char* name;
	uintptr_t addr;
	size_t size;
	bool success;
};

BOOL CALLBACK EnumSymProc(PSYMBOL_INFO pSymInfo, ULONG SymbolSize, PVOID context) {

	Function* pfstruct = (Function*)context;

	if (strcmp(pSymInfo->Name, pfstruct->name) == 0) {
		pfstruct->addr = pSymInfo->Address;
		pfstruct->size = SymbolSize;
		pfstruct->success = true;
		return FALSE; //закончить поиск

	}
	return TRUE; //продолжить поиск
}

bool GetFuncBounds(const char* fname, uintptr_t& addr, size_t& size) {

	bool ret;
	Function fstruct;
	fstruct.name = fname;
	fstruct.size = 0;
	fstruct.success = false;

	HANDLE hProcess = GetCurrentProcess(); //текущий процесс
	char Mask[] = "*!*";
	BOOL status;

	status = SymInitialize(hProcess, NULL, TRUE); //загрузка символов
	if (status == FALSE)
	{
		printf("SymInitialize failed. Error code: 0x%x\n", (UINT)GetLastError());
		return false;
	}

	//поиск символов
	if (SymEnumSymbols(hProcess, 0, Mask, &EnumSymProc, (void*)&fstruct))
	{
		if (fstruct.success != false) {

			//возвращаем адрес и размер функции
			addr = fstruct.addr;
			size = fstruct.size;
			ret = true;
		}
		else {
			printf("Symbol [%s] not found\n", fname);
			ret = false;
		}
	}
	else
	{
		printf("SymEnumSymbols failed. Error code: 0x%x\n", (UINT)GetLastError());
		ret = false;
	}

	SymCleanup(hProcess);
	return ret;
}


//**********************************

void Func() {
	printf("Hello, World!\n");
}

int _tmain(int argc, _TCHAR* argv[])
{
	uintptr_t addr = 0;
	size_t size = 0;

	void(*pFunc) () = Func;
	pFunc();

	if (GetFuncBounds("Func", addr, size)) {

		for (size_t i = 0; i < size; i++) {
			uintptr_t p = (uintptr_t)(((char*)addr) + i);
			char c = *(((char*)addr) + i);
			printf("0x%x: [0x%x]\n", (unsigned int)p,(unsigned int)(unsigned char)c);
		}
	}
	else {
		printf("Error!\n");
	}

	uintptr_t addrPrintf = 0;
	size_t sizePrintf = 0;

	if (GetFuncBounds("printf", addrPrintf, sizePrintf)) {
		printf("printf: 0x%x; size=%d bytes\n", (unsigned int)addrPrintf,(int)sizePrintf);
	}
	else {
		printf("Error!\n");
	}

	getchar();
	return 0;
}

/*
void Func()
0xc51190: [0x51]
0xc51191: [0x68]
0xc51192: [0x84]
0xc51193: [0x21]
0xc51194: [0xc5]
0xc51195: [0x0]
0xc51196: [0xe8] //call (near, relative to next instruction) | (int)0xfffffe75 = -395 | 0xc51010 printf
0xc51197: [0x75]
0xc51198: [0xfe]
0xc51199: [0xff]
0xc5119a: [0xff]
0xc5119b: [0x83] //add (sign-extended lmm8) esp,4
0xc5119c: [0xc4]
0xc5119d: [0x4]
0xc5119e: [0x59] //pop ecx
0xc5119f: [0xc3] //ret

Addr: 0xc51010 Size:54 //printf
*/
	//http://c-jump.com/CIS77/CPU/x86/lecture.html
	#include <stdio.h>
	#include <stdint.h>
	#include <tchar.h>
	#include <Windows.h>
	#include <DbgHelp.h>

	#pragma comment(lib, "Dbghelp.lib")

	struct Function {
	const char* name;
	uintptr_t addr;
	size_t size;
	bool success;
	};

	BOOL CALLBACK EnumSymProc(PSYMBOL_INFO pSymInfo, ULONG SymbolSize, PVOID context) {

	Function* pfstruct = (Function*)context;

	if (strcmp(pSymInfo->Name, pfstruct->name) == 0) {
	pfstruct->addr = pSymInfo->Address;
	pfstruct->size = SymbolSize;
	pfstruct->success = true;
	return FALSE; //закончить поиск

	}
	return TRUE; //продолжить поиск
	}

	bool GetFuncBounds(const char* fname, uintptr_t& addr, size_t& size) {

	bool ret;
	Function fstruct;
	fstruct.name = fname;
	fstruct.size = 0;
	fstruct.success = false;

	HANDLE hProcess = GetCurrentProcess(); //текущий процесс
	char Mask[] = "!";
	BOOL status;

	status = SymInitialize(hProcess, NULL, TRUE); //загрузка символов
	if (status == FALSE)
	{
	printf("SymInitialize failed. Error code: 0x%x\n", (UINT)GetLastError());
	return false;
	}

	//поиск символов
	if (SymEnumSymbols(hProcess, 0, Mask, &EnumSymProc, (void*)&fstruct))
	{
	if (fstruct.success != false) {

	//возвращаем адрес и размер функции
	addr = fstruct.addr;
	size = fstruct.size;
	ret = true;
	}
	else {
	printf("Symbol [%s] not found\n", fname);
	ret = false;
	}
	}
	else
	{
	printf("SymEnumSymbols failed. Error code: 0x%x\n", (UINT)GetLastError());
	ret = false;
	}

	SymCleanup(hProcess);
	return ret;
	}



	//**********************************

	void Func() {
	printf("Hello, World!\n");
	}

	int _tmain(int argc, _TCHAR* argv[])
	{
	uintptr_t addr = 0;
	size_t size = 0;

	void(*pFunc) () = Func;
	pFunc();

	if (GetFuncBounds("Func", addr, size)) {

	for (size_t i = 0; i < size; i++) {
	uintptr_t p = (uintptr_t)(((char*)addr) + i);
	char c = (((char)addr) + i);
	printf("0x%x: [0x%x]\n", (unsigned int)p,(unsigned int)(unsigned char)c);
	}
	}
	else {
	printf("Error!\n");
	}

	uintptr_t addrPrintf = 0;
	size_t sizePrintf = 0;

	if (GetFuncBounds("printf", addrPrintf, sizePrintf)) {
	printf("printf: 0x%x; size=%d bytes\n", (unsigned int)addrPrintf,(int)sizePrintf);
	}
	else {
	printf("Error!\n");
	}

	getchar();
	return 0;
	}

	/*
	void Func()
	0xc51190: [0x51]
	0xc51191: [0x68]
	0xc51192: [0x84]
	0xc51193: [0x21]
	0xc51194: [0xc5]
	0xc51195: [0x0]
	0xc51196: [0xe8] //call (near, relative to next instruction) \| (int)0xfffffe75 = -395 \| 0xc51010 printf
	0xc51197: [0x75]
	0xc51198: [0xfe]
	0xc51199: [0xff]
	0xc5119a: [0xff]
	0xc5119b: [0x83] //add (sign-extended lmm8) esp,4
	0xc5119c: [0xc4]
	0xc5119d: [0x4]
	0xc5119e: [0x59] //pop ecx
	0xc5119f: [0xc3] //ret

	Addr: 0xc51010 Size:54 //printf
	*/