direct syscalls independent of the underlying bit width

2019-11-10 16:14:02 +01:00
commit 2129994ceb
9 changed files with 1353 additions and 0 deletions
--- a/misc.cpp
+++ b/misc.cpp
@@ -0,0 +1,56 @@
+#include <cstdio>
+#include <ntdll.h>
+#include "structs.h"
+#include "misc.h"
+
+BOOL is_WOW64()
+{
+	return NULL != __readfsdword(0xC0);
+}
+
+VOID print_os_info()
+{
+	_KUSER_SHARED_DATA* _kuser_s_d = GET_KUSER_SHARED_DATA();
+	ULONG majorVersion = _kuser_s_d->NtMajorVersion;
+	ULONG minorVersion = _kuser_s_d->NtMinorVersion;
+	NT_PRODUCT_TYPE productType = _kuser_s_d->NtProductType;
+	_PEB* p = (_PEB*)__readfsdword(0x30);
+	ULONG buildID = p->NtBuildNumber;
+
+	printf("Running on %i.%i %i %X (x%s)\n", majorVersion, minorVersion, buildID, productType, (is_WOW64() ? "64" : "86"));
+}
+
+DWORD hash(const char* str)
+{
+	return hash((const unsigned char*)str, strlen(str));
+}
+
+DWORD hash(const unsigned char* buf, const size_t sz)
+{
+	unsigned int hash = 5381;
+
+	for(unsigned int i = 0; i < sz; i++)
+		hash = ((hash << 5) + hash) + (unsigned int)buf[i];
+
+	return hash;
+}
+
+
+BOOL is_executable(LPVOID addr)
+{
+	MEMORY_BASIC_INFORMATION mbi = {0};
+	if(!VirtualQuery(addr, &mbi, sizeof(MEMORY_BASIC_INFORMATION)))
+	{
+		return FALSE;
+	}
+	return (mbi.Protect & PAGE_EXECUTE);
+}
+
+BOOL is_Win8()
+{
+	KUSER_SHARED_DATA* _kuser_s_d = GET_KUSER_SHARED_DATA();
+	ULONG majorVersion = _kuser_s_d->NtMajorVersion;
+	ULONG minorVersion = _kuser_s_d->NtMinorVersion;
+
+	return 6 == majorVersion && 2 == minorVersion;
+}