# kutils

header only kernel utils library - completely self dependent - no imports - no strings

### Macros

* HSTRING macro - compile time hashing of c-strings
    * `HSTRING("hash me!")`
* DYN_MOD - dynamically resolve base address of a kernel module. uses HSTRING to compare hashes of file names
    * `DYN_MOD("ntoskrnl.exe")`
* DYN_NT_SYM - dynamically resolve ntoskrnl export's
    * `DYN_NT_SYM(DbgPrint)("Hello World")`
* DYN_MOD_SYM - dynamically resolve export from a kernel modules file name - uses compile time hashes of both file name and export name.
    * `DYN_MOD_SYM("win32kbase.sys", "NtGdiFlush")` Neither string will be in the binary.


### Functions

* `PVOID KUtils::Driver::GetKernelBase(VOID)` - Get the base address of the kernel.
* `PDRIVER_OBJECT KUtils::Driver::GetDriverObject(CONST WCHAR* pwszDriverName)` - Get driver object given the name of the driver.
* `HANDLE KUtils::Process::GetPid(CONST WCHAR* pwszProcessName)` - get pid given a process file name.
* `PVOID KUtils::Process:GetProcessBase(HANDLE hPid)` - get process base address given pid.
* `VOID KUtils::Process::ForEachProcess(PsCallbackPtr lpCallback)` - pass a callback to loop over each process.
* `VOID KUtils::Process::ForEachThread(HANDLE hPid, TdCallbackPtr lpCallback)` - pass a callback and pid to loop over each thread in that process.
* `VOID KUtils::Process::GetModuleBase(HANDLE hPid, CONST WCHAR* pwszModuleName)` - gets module base base for a module in a given process.
* `LPVOID KUtils::Signature::Scan(LPVOID lpBase, ULONG nSize, CONST CHAR* pszPattern, CONST CHAR* pszMask)`