-
Notifications
You must be signed in to change notification settings - Fork 2
Documentation
Welcome to the documentation!
Table of contents:
Is used to hook functions.
Note:
detourfollows the RAII paradigm and will unhook the target function if the detour object is destroyed.
template <typename target_t, typename replacement_t>
std::unique_ptr<detour> create(const target_t &target, const replacement_t &replacement, detour_status &status);Constructs a detour from the given arguments.
target: Address of the function to be hooked
replacement: Address of the hook function
(optional)status: Reference to a status object
Returns: In case the hook creation fails a
nullptris returned and thestatusvariable will be set to the corresponding error code.
template <typename type_t>
func_t<type_t> get_original() const;Returns: A function pointer to the original function with the given signature (
type_t).
Wraps a memory address.
std::uintptr_t get() const;Returns: The current memory address.
std::optional<std::uintptr_t> get_safe() const;Returns: The current memory address if it is at least readable,
nulloptotherwise.
template <typename T>
T get_as() const;Returns: The current memory address read as a
Tpointer.
template <typename T>
std::optional<T> get_as_safe() const;Returns: The current memory address read as a
Tpointer if it is at least readable,nulloptotherwise.
std::optional<address> follow() const;Returns: The destination of the current instruction in case it leads somewhere.
std::optional<std::uint32_t> get_mnemonic() const;Returns: The mnemonic of the current instruction.
std::optional<address> read_until(const std::uint32_t &mnemonic) const;Reads the remaining memory of the current page until a instruction with the given mnemonic is reached.
If such an instruction is found it is returned, otherwise the return value is nullopt.
std::optional<address> next() const;Returns: The next instruction wrapped in an
addressobject.
std::vector<std::uintptr_t> get_immediates() const;Returns: A list of all accessed immediates.
Allows to allocate a console and redirect output to it or to a file.
void restore();Restores cout to its initial state.
void alloc_console(const std::string &name);Allocates a console with the given name and redirects cout to it.
void redirect_to_file(const std::filesystem::path &file);Redirects cout to the given file.
If you want to use the entrypoint header you need to include it and then define two functions:
template <typename... params_t> void entry(const params_t &...)
{
// Called on entry
}
template <typename... params_t> void exit(const params_t &...)
{
// Called on exit
}The arguments the function is called with vary depending on the operating system.
On windows you will get all the parameters that are normally passed to DllMain.
You can check the operating system by making use of the constants found in constants/os.hpp.
A cross-platform GetAsyncKeyState implementation.
void press(const int &);Presses the given key.
void release(const int &);Releases the given key.
bool is_down(const int &);Checks if the given key is currently pressed.
bool was_pressed(const int &);Checks whether the given key is pressed currently but was not pressed the last time any of the keyboard functions were called.
Provides functions for interaction with memory.
bool write(const std::uintptr_t &address, const void *data, const std::size_t &size);
address: Address to write to
data: Pointer to data which should be written
size: Size of the data to be written
Returns: Whether or not the call was successful.
template <class type_t>
bool write(const std::uintptr_t &address, const type_t &value);
address: Address to write to
value: Data to write
Returns: Whether or not the call was successful.
std::unique_ptr<char[]> read(const std::uintptr_t &address, const std::size_t &size);
address: Address to read from
size: Amount of data to read
Returns: A
unique_ptrof the data that has been read.
template <class type_t>
std::optional<type_t> read(const std::uintptr_t &address);
address: Address to read from
type_t: Type to read data as
Returns: Data read as
type_tif successful,nulloptotherwise.
bool free(const std::uintptr_t &address, const std::size_t &size);
address: Address to free data at
size: Size of data to free
Returns: Whether or not call was successful.
bool protect(const std::uintptr_t &address, const std::size_t &size, const std::uint8_t &protection);
address: Address to change protection of
size: Size of region to change protection of
protection: New memory protection, you can make use of the constants inconstants/protection.hpphere
Returns: Whether or not call was successful.
std::shared_ptr<std::uintptr_t> allocate(const std::size_t &size, const std::uint8_t &protection);
size: Size of memory to be allocated
protection: Memory protection, you can make use of the constants inconstants/protection.hpphere
Returns: A
shared_ptrto the memory allocted if successful,nullptrotherwise.
Remarks: The allocated memory will be freed as soon as the shared_ptr is destroyed.
bool allocate_at(const std::uintptr_t &address, const std::size_t &size, const std::uint8_t &protection);
address: The address to allocate memory at
size: Size of memory to be allocated
protection: Memory protection, you can make use of the constants inconstants/protection.hpphere
Returns: Whether or not call was successful.
std::shared_ptr<std::uintptr_t> allocate_near(const std::uintptr_t &address, const std::size_t &size, const std::uint8_t &protection);
address: The address to allocate memory at
size: Size of memory to be allocated
protection: Memory protection, you can make use of the constants inconstants/protection.hpphere
Returns: A
shared_ptrto the memory allocted if successful,nullptrotherwise.
A signature scanner.
signature(const std::string &ida_pattern);Constructor for an IDA-style signature.
template <std::size_t size>
signature(const char (&pattern)[size], const char *mask);Constructor for a Code-style signature.
template <bool find_all = false>
cond_rtn<find_all> find();
find_all: Whether or not the search should return on the first result found
Returns:
std::optional<address>iffind_allisfalse,std::vector<address>otherwise.
template <bool find_all = false>
cond_rtn<find_all> find_in(const page &);
find_all: Whether or not the search should return on the first result found
page: The page to search the signature in
Returns:
std::optional<address>iffind_allisfalse,std::vector<address>otherwise.
template <bool find_all = false>
cond_rtn<find_all> find_in(const module &);
find_all: Whether or not the search should return on the first result found
module: The module to search the signature in
Returns:
std::optional<address>iffind_allisfalse,std::vector<address>otherwise.
A wrapper for interacting with the libraries loaded in the current process.
std::vector<module> get_modules();Returns: All loaded modules.
std::optional<module> get(const std::string &name);
name: Name of the loaded library
Returns: Loaded module with given
name,nulloptotherwise.
std::string get_name() const;Returns: The name of the module.
std::size_t get_size() const;Returns: The size of the module.
std::uintptr_t get_start() const;Returns: The start of the current module.
std::uintptr_t get_symbol(const std::string &) const;Returns: The address of the symbol with the given
name.
std::optional<std::uintptr_t> find_symbol(const std::string &) const;Returns: A symbol that contains the given string if such a symbol exists,
nulloptotherwise.
std::vector<std::pair<std::string, std::uintptr_t>> get_symbols() const;Returns: The names and addresses of all loaded symbols.
A wrapper for memory pages.
std::vector<page> get_pages();Returns: All memory pages.
std::optional<page> get_page_at(const std::uintptr_t &);Returns: The memory page that is in range of the given address if existing,
nulloptotherwise.
std::size_t get_end() const;Returns: End of the current page.
std::uintptr_t get_start() const;Returns: Start of the current page.
std::uint8_t get_protection() const;Returns: The memory protection of the current page.