get_function_bytes/analysis_function.h

41 lines
1.0 KiB
C

#pragma once
#include <stdio.h>
#include <stdint.h>
#define RET 0xC3 // ret opcode
typedef unsigned char byte;
// Returns the real address of the passed function
// Will return NULL if the compiler is not supported
byte* AF_address(byte* f) {
byte* real_address = NULL;
#ifdef _MSC_VER // MSVC
#ifdef NDEBUG // MSVC release mode
real_address = f;
#else // MSVC debug mode
byte* f_p = f;
byte* offset = (byte*)(*((int32_t*)f_p) >> 8);
real_address = f_p + (int32_t)offset + 5;
#endif
#elif defined(__GNUC__) // GCC
real_address = f;
#endif
return real_address;
}
// Print bytes from address to address+size (Use AF_address to get function ptr)
int32_t AF_print_bytes(byte* a, int32_t size) {
for (int32_t i = 0; i < size; ++i) {
printf("%02X ", *(a + i));
}
}
// Get any function size (Use AF_address to get function ptr)
int32_t AF_size(byte* f) {
byte* p = f;
for (; *p != RET; ++p);
return p - f + 1;
}