header only kernel utils library - completely self dependent - no imports - no strings

Go to file

CJ 8a04910bd4 fixed some stuff		11 months ago
README.md	if you are reading this then you should find something better to be doing	2 years ago
kutils.hpp	fixed some stuff	11 months ago

kutils

header only kernel utils library - completely self dependent - no imports - no strings

HSTRING macro - compile time hashing of c-strings
- HSTRING("hash me!")
DYN_MOD - dynamically resolve base address of a kernel module. uses HSTRING to compare hashes of file names
- DYN_MOD("ntoskrnl.exe")
DYN_NT_SYM - dynamically resolve ntoskrnl export's
- DYN_NT_SYM(DbgPrint)("Hello World")
DYN_MOD_SYM - dynamically resolve export from a kernel modules file name - uses compile time hashes of both file name and export name.
- DYN_MOD_SYM("win32kbase.sys", "NtGdiFlush") Neither string will be in the binary.

PVOID KUtils::Driver::GetKernelBase(VOID) - Get the base address of the kernel.
PDRIVER_OBJECT KUtils::Driver::GetDriverObject(CONST WCHAR* pwszDriverName) - Get driver object given the name of the driver.
HANDLE KUtils::Process::GetPid(CONST WCHAR* pwszProcessName) - get pid given a process file name.
PVOID KUtils::Process:GetProcessBase(HANDLE hPid) - get process base address given pid.
VOID KUtils::Process::ForEachProcess(PsCallbackPtr lpCallback) - pass a callback to loop over each process.
VOID KUtils::Process::ForEachThread(HANDLE hPid, TdCallbackPtr lpCallback) - pass a callback and pid to loop over each thread in that process.
VOID KUtils::Process::GetModuleBase(HANDLE hPid, CONST WCHAR* pwszModuleName) - gets module base base for a module in a given process.
LPVOID KUtils::Signature::Scan(LPVOID lpBase, ULONG nSize, CONST CHAR* pszPattern, CONST CHAR* pszMask)