Skip to content

Instantly share code, notes, and snippets.

@kuh4it
Created January 20, 2024 17:16
Show Gist options
  • Save kuh4it/19d13dc521e310cb2fe3809382e237dc to your computer and use it in GitHub Desktop.
Save kuh4it/19d13dc521e310cb2fe3809382e237dc to your computer and use it in GitHub Desktop.
a
// DoggoHook <CDumper.hpp>
namespace Dumper {
class Instruction {
ZydisDecodedInstruction instr;
uintptr_t address;
public:
Instruction(const ZydisDecodedInstruction& instr, uintptr_t address) : instr(instr), address(address) {}
template <typename T>
requires std::derived_from<T, Instruction>
T as() {
return T(instr, address);
}
uintptr_t get_address() const {
return address;
}
};
class StringFinder {
std::string_view memory;
ZydisDecoder decoder;
public:
StringFinder(std::string_view memory) : memory(memory) {
ZydisDecoderInit(&decoder, ZYDIS_MACHINE_MODE_LONG_64, ZYDIS_ADDRESS_WIDTH_64);
}
std::vector<Instruction> find_instructions_near_string(std::string_view str) {
auto pos = memory.find(str);
if (pos == std::string_view::npos) {
throw std::runtime_error("String not found");
}
std::vector<Instruction> instructions;
ZydisDecodedInstruction instr;
size_t offset = 0;
while (ZYAN_SUCCESS(ZydisDecoderDecodeBuffer(&decoder, reinterpret_cast<const uint8_t*>(memory.data()) + pos + offset, memory.length() - pos - offset, &instr))) {
instructions.emplace_back(instr, pos + offset);
offset += instr.length;
}
return instructions;
}
};
template <typename T>
class NearestInstructionFinder {
std::vector<Instruction> instructions;
uintptr_t targetAddress;
public:
NearestInstructionFinder(const std::vector<Instruction>& instructions, uintptr_t targetAddress)
: instructions(instructions), targetAddress(targetAddress) {}
T nearest_instruction() {
auto it = std::min_element(instructions.begin(), instructions.end(), [this](const Instruction& a, const Instruction& b) {
return std::abs(static_cast<long>(a.get_address() - targetAddress)) < std::abs(static_cast<long>(b.get_address() - targetAddress));
});
if (it == instructions.end()) {
throw std::runtime_error("No nearest instruction found");
}
return it->as<T>();
}
};
struct Utilities {
static NearestInstructionFinder<MovInstruction> find_string(std::string_view str) {
StringFinder finder("...");
auto instructions = finder.find_instructions_near_string(str);
return NearestInstructionFinder<MovInstruction>(instructions, finder.string_address(str));
}
};
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment