Created
January 20, 2024 17:16
-
-
Save kuh4it/19d13dc521e310cb2fe3809382e237dc to your computer and use it in GitHub Desktop.
a
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// DoggoHook <CDumper.hpp> | |
namespace Dumper { | |
class Instruction { | |
ZydisDecodedInstruction instr; | |
uintptr_t address; | |
public: | |
Instruction(const ZydisDecodedInstruction& instr, uintptr_t address) : instr(instr), address(address) {} | |
template <typename T> | |
requires std::derived_from<T, Instruction> | |
T as() { | |
return T(instr, address); | |
} | |
uintptr_t get_address() const { | |
return address; | |
} | |
}; | |
class StringFinder { | |
std::string_view memory; | |
ZydisDecoder decoder; | |
public: | |
StringFinder(std::string_view memory) : memory(memory) { | |
ZydisDecoderInit(&decoder, ZYDIS_MACHINE_MODE_LONG_64, ZYDIS_ADDRESS_WIDTH_64); | |
} | |
std::vector<Instruction> find_instructions_near_string(std::string_view str) { | |
auto pos = memory.find(str); | |
if (pos == std::string_view::npos) { | |
throw std::runtime_error("String not found"); | |
} | |
std::vector<Instruction> instructions; | |
ZydisDecodedInstruction instr; | |
size_t offset = 0; | |
while (ZYAN_SUCCESS(ZydisDecoderDecodeBuffer(&decoder, reinterpret_cast<const uint8_t*>(memory.data()) + pos + offset, memory.length() - pos - offset, &instr))) { | |
instructions.emplace_back(instr, pos + offset); | |
offset += instr.length; | |
} | |
return instructions; | |
} | |
}; | |
template <typename T> | |
class NearestInstructionFinder { | |
std::vector<Instruction> instructions; | |
uintptr_t targetAddress; | |
public: | |
NearestInstructionFinder(const std::vector<Instruction>& instructions, uintptr_t targetAddress) | |
: instructions(instructions), targetAddress(targetAddress) {} | |
T nearest_instruction() { | |
auto it = std::min_element(instructions.begin(), instructions.end(), [this](const Instruction& a, const Instruction& b) { | |
return std::abs(static_cast<long>(a.get_address() - targetAddress)) < std::abs(static_cast<long>(b.get_address() - targetAddress)); | |
}); | |
if (it == instructions.end()) { | |
throw std::runtime_error("No nearest instruction found"); | |
} | |
return it->as<T>(); | |
} | |
}; | |
struct Utilities { | |
static NearestInstructionFinder<MovInstruction> find_string(std::string_view str) { | |
StringFinder finder("..."); | |
auto instructions = finder.find_instructions_near_string(str); | |
return NearestInstructionFinder<MovInstruction>(instructions, finder.string_address(str)); | |
} | |
}; | |
} | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment