get_function_bytes/analysis_function.h

36 lines
819 B
C
Raw Normal View History

2025-01-15 18:29:50 +03:00
#pragma once
#include <stdio.h>
#define RET 0xC3 // ret opcode
typedef unsigned char byte;
byte* AF_address(byte* f) {
byte* real_address = NULL;
#ifdef _MSC_VER // MSVC
#ifdef NDEBUG // MSVC release mode
real_address = f;
#else // MSVC debug mode
byte* f_p = f;
byte* offset = (byte*)(*((int*)f_p) >> 8);
real_address = f_p + (int)offset + 5;
#endif
#elif defined(__GNUC__) // GCC
real_address = f;
#endif
return real_address;
}
// Print bytes from address to address+size
int AF_print_bytes(byte* a, int size) {
2025-01-15 18:43:58 +03:00
for (int i = 0; i < size; ++i) {
printf("%02X ", *(a + i));
}
2025-01-15 18:29:50 +03:00
}
// Get any function size
int AF_size(byte* f) {
byte* p = f;
for (; *p != RET; ++p);
return p - f + 1;
}