-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathCodeCaveScanner.h
55 lines (40 loc) · 1.18 KB
/
CodeCaveScanner.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
#ifndef _CrySearch_CodeCaveScanner_h_
#define _CrySearch_CodeCaveScanner_h_
#include <Core/Core.h>
using namespace Upp;
#include "Disassembler.h"
// Represents a code cave type definition.
enum CodeCaveType
{
// Initial value, no code cave found yet.
UNKNOWN,
// A collection of zero instructions (add byte ptr [eax], al).
ZERO_INSTRUCTIONS,
// A NOP sled (0x90).
NOP_SLED,
// An INT3 sled (INT3).
INT3_SLED
};
// Represents the code cave scanner object.
class CodeCaveScanner
{
private:
volatile bool mRunning;
Thread mDisasmThread;
void DoScanForCodeCaves(const SIZE_T base, const SIZE_T size, const int caveLength, const cs_mode arch);
const CodeCaveType QualifyForStartOfCodeCave(const cs_insn* insn) const;
typedef CodeCaveScanner CLASSNAME;
public:
CodeCaveScanner();
~CodeCaveScanner();
const bool IsRunning() const;
void Kill();
void ScanForCodeCaves(const SIZE_T base, const SIZE_T size, const int caveLength);
// Executed when the code cave scanner has started.
Callback ScannerStarted;
// Executed when the scanner found a result.
Callback2<SIZE_T, int> ScannerResultFound;
// Executed when the scanner has finished.
Callback ScannerFinished;
};
#endif