commit 54458e8b7cb6dcf426ccb288803d26380414667d Author: serr Date: Wed Jan 15 18:29:50 2025 +0300 added gcc support diff --git a/analysis_function.h b/analysis_function.h new file mode 100644 index 0000000..37b819f --- /dev/null +++ b/analysis_function.h @@ -0,0 +1,41 @@ +#pragma once + +#include + +#define RET 0xC3 // ret opcode + +typedef unsigned char byte; + +byte* AF_address(byte* f) { + byte* real_address = NULL; + #ifdef _MSC_VER // MSVC + //printf("MSVC Compiler Detected\n"); + #ifdef NDEBUG // MSVC release mode + real_address = f; + //printf("FUNCTION ADDRESS: %p\n", real_address); + #else // MSVC debug mode + byte* f_p = f; + byte* offset = (byte*)(*((int*)f_p) >> 8); + real_address = f_p + (int)offset + 5; + //printf("TABLE ADDRESS: %p\n", f_p); + //printf("OFFSET: %p\n", offset); + //printf("REAL ADDRESS: %p\n", real_address); + #endif + #elif defined(__GNUC__) // GCC + //printf("GCC Compiler Detected\n"); + real_address = f; + //printf("FUNCTION ADDRESS: %p\n", real_address); + #endif + return real_address; +} + +// Print bytes from address to address+size +int AF_print_bytes(byte* a, int size) { + for (int i = 0; i < size; ++i) printf("%02X ", *(a + i)); +} +// Get any function size +int AF_size(byte* f) { + byte* p = f; + for (; *p != RET; ++p); + return p - f + 1; +} \ No newline at end of file diff --git a/example.c b/example.c new file mode 100644 index 0000000..b37dac8 --- /dev/null +++ b/example.c @@ -0,0 +1,20 @@ +// Usage example +#include +#include "analysis_function.h" + +// Test function +int sum(int a, int b) { + printf("a = %i, b = %i\n", a, b); + a = a * 2 + b; + b = b * 3 + 2; + return a + b; +} + +int main() { + byte* addr = AF_address(sum); + // Get function size + int fsize = AF_size(addr); + // Print all function bytes + printf("FUNCTION BYTES: "); AF_print_bytes(addr, fsize); printf("\n"); + return 0; +} \ No newline at end of file