Update README.md

main
IDontCode 3 years ago
parent f44fe6b096
commit aa68e26cfd

@ -2,6 +2,8 @@
header only kernel utils library - completely self dependent - no imports - no strings header only kernel utils library - completely self dependent - no imports - no strings
### Macros
* HSTRING macro - compile time hashing of c-strings * HSTRING macro - compile time hashing of c-strings
* `HSTRING("hash me!")` * `HSTRING("hash me!")`
* DYN_MOD - dynamically resolve base address of a kernel module. uses HSTRING to compare hashes of file names * DYN_MOD - dynamically resolve base address of a kernel module. uses HSTRING to compare hashes of file names
@ -9,4 +11,15 @@ header only kernel utils library - completely self dependent - no imports - no s
* DYN_NT_SYM - dynamically resolve ntoskrnl export's * DYN_NT_SYM - dynamically resolve ntoskrnl export's
* `DYN_NT_SYM(DbgPrint)("Hello World")` * `DYN_NT_SYM(DbgPrint)("Hello World")`
* DYN_MOD_SYM - dynamically resolve export from a kernel modules file name - uses compile time hashes of both file name and export name. * DYN_MOD_SYM - dynamically resolve export from a kernel modules file name - uses compile time hashes of both file name and export name.
* `DYN_MOD_SYM("win32kbase.sys", "NtGdiFlush")` * `DYN_MOD_SYM("win32kbase.sys", "NtGdiFlush")` Neither string will be in the binary.
### Functions
* PVOID KUtils::Driver::GetKernelBase(VOID) - Get the base address of the kernel.
* PDRIVER_OBJECT KUtils::Driver::GetDriverObject(CONST WCHAR* pwszDriverName) - Get driver object given the name of the driver.
* HANDLE KUtils::Process::GetPid(CONST WCHAR* pwszProcessName) - get pid given a process file name.
* PVOID KUtils::Process:GetProcessBase(HANDLE hPid) - get process base address given pid.
* VOID KUtils::Process::ForEachProcess(PsCallbackPtr lpCallback) - pass a callback to loop over each process.
* VOID KUtils::Process::ForEachThread(HANDLE hPid, TdCallbackPtr lpCallback) - pass a callback and pid to loop over each thread in that process.
* VOID KUtils::Process::GetModuleBase(HANDLE hPid, CONST WCHAR* pwszModuleName) - gets module base base for a module in a given process.

Loading…
Cancel
Save