From 224b4d39d4bb0db22ca5ab02844989660d177eaf Mon Sep 17 00:00:00 2001
From: _xeroxz <xerox@back.engineering>
Date: Mon, 31 May 2021 20:16:57 -0700
Subject: [PATCH] added sigscan, image_base and gitignore

---
 .gitignore                | 388 ++++++++++++++++++++++++++++++++++++++
 xtils/hello-world-x64.dll | Bin 10752 -> 0 bytes
 xtils/xtils.hpp           |  40 +++-
 3 files changed, 427 insertions(+), 1 deletion(-)
 create mode 100644 .gitignore
 delete mode 100644 xtils/hello-world-x64.dll

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..72de34f
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,388 @@
+## Ignore Visual Studio temporary files, build results, and
+## files generated by popular Visual Studio add-ons.
+##
+## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore
+
+# User-specific files
+*.rsuser
+*.suo
+*.user
+*.userosscache
+*.sln.docstates
+
+# User-specific files (MonoDevelop/Xamarin Studio)
+*.userprefs
+
+# Mono auto generated files
+mono_crash.*
+
+# Build results
+[Dd]ebug/
+[Dd]ebugPublic/
+[Rr]elease/
+[Rr]eleases/
+x64/
+x86/
+[Ww][Ii][Nn]32/
+[Aa][Rr][Mm]/
+[Aa][Rr][Mm]64/
+bld/
+[Bb]in/
+[Oo]bj/
+[Ll]og/
+[Ll]ogs/
+
+# Visual Studio 2015/2017 cache/options directory
+.vs/
+# Uncomment if you have tasks that create the project's static files in wwwroot
+#wwwroot/
+
+# Visual Studio 2017 auto generated files
+Generated\ Files/
+
+# MSTest test Results
+[Tt]est[Rr]esult*/
+[Bb]uild[Ll]og.*
+
+# NUnit
+*.VisualState.xml
+TestResult.xml
+nunit-*.xml
+
+# Build Results of an ATL Project
+[Dd]ebugPS/
+[Rr]eleasePS/
+dlldata.c
+
+# Benchmark Results
+BenchmarkDotNet.Artifacts/
+
+# .NET Core
+project.lock.json
+project.fragment.lock.json
+artifacts/
+
+# ASP.NET Scaffolding
+ScaffoldingReadMe.txt
+
+# StyleCop
+StyleCopReport.xml
+
+# Files built by Visual Studio
+*_i.c
+*_p.c
+*_h.h
+*.ilk
+*.meta
+*.obj
+*.iobj
+*.pch
+*.pdb
+*.ipdb
+*.pgc
+*.pgd
+*.rsp
+*.sbr
+*.tlb
+*.tli
+*.tlh
+*.tmp
+*.tmp_proj
+*_wpftmp.csproj
+*.log
+*.tlog
+*.vspscc
+*.vssscc
+.builds
+*.pidb
+*.svclog
+*.scc
+
+# Chutzpah Test files
+_Chutzpah*
+
+# Visual C++ cache files
+ipch/
+*.aps
+*.ncb
+*.opendb
+*.opensdf
+*.sdf
+*.cachefile
+*.VC.db
+*.VC.VC.opendb
+
+# Visual Studio profiler
+*.psess
+*.vsp
+*.vspx
+*.sap
+
+# Visual Studio Trace Files
+*.e2e
+
+# TFS 2012 Local Workspace
+$tf/
+
+# Guidance Automation Toolkit
+*.gpState
+
+# ReSharper is a .NET coding add-in
+_ReSharper*/
+*.[Rr]e[Ss]harper
+*.DotSettings.user
+
+# TeamCity is a build add-in
+_TeamCity*
+
+# DotCover is a Code Coverage Tool
+*.dotCover
+
+# AxoCover is a Code Coverage Tool
+.axoCover/*
+!.axoCover/settings.json
+
+# Coverlet is a free, cross platform Code Coverage Tool
+coverage*.json
+coverage*.xml
+coverage*.info
+
+# Visual Studio code coverage results
+*.coverage
+*.coveragexml
+
+# NCrunch
+_NCrunch_*
+.*crunch*.local.xml
+nCrunchTemp_*
+
+# MightyMoose
+*.mm.*
+AutoTest.Net/
+
+# Web workbench (sass)
+.sass-cache/
+
+# Installshield output folder
+[Ee]xpress/
+
+# DocProject is a documentation generator add-in
+DocProject/buildhelp/
+DocProject/Help/*.HxT
+DocProject/Help/*.HxC
+DocProject/Help/*.hhc
+DocProject/Help/*.hhk
+DocProject/Help/*.hhp
+DocProject/Help/Html2
+DocProject/Help/html
+
+# Click-Once directory
+publish/
+
+# Publish Web Output
+*.[Pp]ublish.xml
+*.azurePubxml
+# Note: Comment the next line if you want to checkin your web deploy settings,
+# but database connection strings (with potential passwords) will be unencrypted
+*.pubxml
+*.publishproj
+
+# Microsoft Azure Web App publish settings. Comment the next line if you want to
+# checkin your Azure Web App publish settings, but sensitive information contained
+# in these scripts will be unencrypted
+PublishScripts/
+
+# NuGet Packages
+*.nupkg
+# NuGet Symbol Packages
+*.snupkg
+# The packages folder can be ignored because of Package Restore
+**/[Pp]ackages/*
+# except build/, which is used as an MSBuild target.
+!**/[Pp]ackages/build/
+# Uncomment if necessary however generally it will be regenerated when needed
+#!**/[Pp]ackages/repositories.config
+# NuGet v3's project.json files produces more ignorable files
+*.nuget.props
+*.nuget.targets
+
+# Nuget personal access tokens and Credentials
+nuget.config
+
+# Microsoft Azure Build Output
+csx/
+*.build.csdef
+
+# Microsoft Azure Emulator
+ecf/
+rcf/
+
+# Windows Store app package directories and files
+AppPackages/
+BundleArtifacts/
+Package.StoreAssociation.xml
+_pkginfo.txt
+*.appx
+*.appxbundle
+*.appxupload
+
+# Visual Studio cache files
+# files ending in .cache can be ignored
+*.[Cc]ache
+# but keep track of directories ending in .cache
+!?*.[Cc]ache/
+
+# Others
+ClientBin/
+~$*
+*~
+*.dbmdl
+*.dbproj.schemaview
+*.jfm
+*.pfx
+*.publishsettings
+orleans.codegen.cs
+
+# Including strong name files can present a security risk
+# (https://github.com/github/gitignore/pull/2483#issue-259490424)
+#*.snk
+
+# Since there are multiple workflows, uncomment next line to ignore bower_components
+# (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
+#bower_components/
+
+# RIA/Silverlight projects
+Generated_Code/
+
+# Backup & report files from converting an old project file
+# to a newer Visual Studio version. Backup files are not needed,
+# because we have git ;-)
+_UpgradeReport_Files/
+Backup*/
+UpgradeLog*.XML
+UpgradeLog*.htm
+ServiceFabricBackup/
+*.rptproj.bak
+
+# SQL Server files
+*.mdf
+*.ldf
+*.ndf
+
+# Business Intelligence projects
+*.rdl.data
+*.bim.layout
+*.bim_*.settings
+*.rptproj.rsuser
+*- [Bb]ackup.rdl
+*- [Bb]ackup ([0-9]).rdl
+*- [Bb]ackup ([0-9][0-9]).rdl
+
+# Microsoft Fakes
+FakesAssemblies/
+
+# GhostDoc plugin setting file
+*.GhostDoc.xml
+
+# Node.js Tools for Visual Studio
+.ntvs_analysis.dat
+node_modules/
+
+# Visual Studio 6 build log
+*.plg
+
+# Visual Studio 6 workspace options file
+*.opt
+
+# Visual Studio 6 auto-generated workspace file (contains which files were open etc.)
+*.vbw
+
+# Visual Studio LightSwitch build output
+**/*.HTMLClient/GeneratedArtifacts
+**/*.DesktopClient/GeneratedArtifacts
+**/*.DesktopClient/ModelManifest.xml
+**/*.Server/GeneratedArtifacts
+**/*.Server/ModelManifest.xml
+_Pvt_Extensions
+
+# Paket dependency manager
+.paket/paket.exe
+paket-files/
+
+# FAKE - F# Make
+.fake/
+
+# CodeRush personal settings
+.cr/personal
+
+# Python Tools for Visual Studio (PTVS)
+__pycache__/
+*.pyc
+
+# Cake - Uncomment if you are using it
+# tools/**
+# !tools/packages.config
+
+# Tabs Studio
+*.tss
+
+# Telerik's JustMock configuration file
+*.jmconfig
+
+# BizTalk build output
+*.btp.cs
+*.btm.cs
+*.odx.cs
+*.xsd.cs
+
+# OpenCover UI analysis results
+OpenCover/
+
+# Azure Stream Analytics local run output
+ASALocalRun/
+
+# MSBuild Binary and Structured Log
+*.binlog
+
+# NVidia Nsight GPU debugger configuration file
+*.nvuser
+
+# MFractors (Xamarin productivity tool) working folder
+.mfractor/
+
+# Local History for Visual Studio
+.localhistory/
+
+# BeatPulse healthcheck temp database
+healthchecksdb
+
+# Backup folder for Package Reference Convert tool in Visual Studio 2017
+MigrationBackup/
+
+# Ionide (cross platform F# VS Code tools) working folder
+.ionide/
+
+# Fody - auto-generated XML schema
+FodyWeavers.xsd
+
+# VS Code files for those working on multiple tools
+.vscode/*
+!.vscode/settings.json
+!.vscode/tasks.json
+!.vscode/launch.json
+!.vscode/extensions.json
+*.code-workspace
+
+# Local History for Visual Studio Code
+.history/
+
+# Windows Installer files from build outputs
+*.cab
+*.msi
+*.msix
+*.msm
+*.msp
+
+# JetBrains Rider
+.idea/
+*.sln.iml
\ No newline at end of file
diff --git a/xtils/hello-world-x64.dll b/xtils/hello-world-x64.dll
deleted file mode 100644
index 1f6b286f1293924dd762f02734927bee7828e579..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 10752
zcmeHM4OARemVQkrAP{U4>4=G%O6&-lfe;!q<OkCPS_`MiAc5%7#HP~}(AsqOR97dE
z@h5BtO;g)vo!NLC_c(hd8PAOFx^5hIl*H_wCO831q8XxVF!K{<ow1OdU6OT`IL_35
zx2l>zjO#hGd(NKmSn%rJckg}o-FM%8_q}>uclTp#7Go?OMbjAT1Ej~PzyIggB-mFh
zI(P;9r`g9B_gUP>7dN*1BYap2wMpI%-scSlLo&Zr<fUkk_Xqi!Z*Jr}LM>uRZf>^S
zRJ|<rk9$JD=^sp$*1u^O>_ENoQ1XZY51a7SBdt39XFB}Jwb_IB>Ftt(8vrK{4IK&U
zuwRFNICRUPQ6JFj4Sruc^^qD;y^FDyM>1LD+dsZLMVnwt_?)yW7|R3Y8iP7<B_P!q
z+i9UU;c1Lz5RNAW*-li*iFndjGenI>De&34K{;^)W9?{DQ3!jeaWi9Qs3Rw1Lwbk6
z=?ODd0PuswI;xW{_sUzs*q-SOp0TXydZzP$m&jtL3|MW&i%h0sjsuwf@UW^xYVpcm
z^qm6|2y6~YKFYMm39CyCG3F%4l%l{_x;#MYaWa-H2^)g?7(vkGVEgpPN&4Da{VfsG
zd-dRwKKpbj2$7r=k$fQQzH0_Ta`5f+$EnMSfe-}Am*i7ju81lZA17n$FV?=?m=HT#
z<Z=wV6Wo1s850t=2!LZ)v-uDRj-(KKwP@hjv<LDPu}>_~MUEue{EMb(LcGRKDjXv~
zcxw6#VyTZ}4y`L@v`#5%ZM81ir8`zwliRh3vGdV+LVtf=>&N|?c0QVRen99S&Kny*
zW<nFPv1deH75l&<7tw1zEReHPT@($d-{lw^=Tskn^(DjTTIB>8KSps~*ORn9-mh1`
z2D^m#W_y+pm+g5%`~f>(wFw>Yf^y!ioO2AT8Hn6n$!Mk{Ii{km`UqA-@2TB2cBk`Y
zORTb&f=|vqkV(Atvl$!YWRPgM>QRX9O3H1jluf?OeHlQ_&cbULFAzouzksIddpg1P
z4=@k(zXec7v7~yE(HqrzLk*AFc+lVniT@(_gIp#$qu6$qX}w3)T<CJ{(yTojFca$E
zlTziB5UXIaT~LP927N4YfuJlDl%r|{_PCWJ2dRCn^160X<JMl6nk!|qy;M+SdxfAp
zU>D#lzUtnAV^h8=xRbo(>^-M&S!m-p-IIJc-H{xx*M{QUN7ur>EtoB5?<71`5v%lF
z4>MD4T1dmb52K1->jqu@E1=HaH`H&!JjaN$_jT2;8)|)gKp7BHhB(Ov58_8qUKQeZ
z@$R^@AYP9-6S6klsZW}-R+&&f!L;>^M6IiAVOa4n&D&2fzQlShHfh;@lll@W$|=NV
zDWYIk0yVfmc^l(bfA|MYOR?l_Q{;jva!j*Cmtjr{!E=mIlTSa@w5f^@f>V_Z(A=ZR
zTuhr4y=h99b4piFQoeGEym-o}@eIdl#AB&3@J@``S#_@mp2xV2I1Nyo%64M{1m)Ui
zb7}S_mGgo!CiI++a*1lo_&l25zlNXP%AoSEf^u9tX*x1MGb-CnZ%)l;o<5(X=N&;g
zM@yPhw`2WKdo+E0Y8oo^X&Br7M@@rG&W*-m8Ks48MMR=s&2|M4%{Ga>0a15wb~>Xq
z$loJqOMgMMxEt#YiQ~Xk7`9r7D1<XI4^S8$zY*czhRs&}JJbXP!6U@E4VXzGL3k{Q
zmCF4J0)oPQoyc+SnT3X=6ZmuB403+~3iUe3Jphc>;vn~kiS@xLOt?Qu>+B(FIhbyt
zo-fjs+>aK39(SknDWXMCa>r6cG_1q`RUD8sj7v{x&W)SMflfgg)og|Oz+a^EkVA7J
zYbF})&G4aS<A{U7t`cG`_6nHbwzmrkxNc>L+)|2&AYzy*MUG*b9$vE@fs3@kn3ndy
z3ltEZd+*WX0eMh;6vKhS#iF33FQpAuP=u^;PFOP}=R1-Ug7t;m2_)3$zn2+#aKB~z
zV>5@U-!R%{suGsl_|>Wdb!3TvK~67Aj%TVOD*G+ywP*n2gGp)?{J9GW)X<mG)do4F
zNoq7tz1yf{s&@bxKRd0xx(*a|HC`t1bK<&Ixj>5<u{fqajiiP}cUA277HkX38|o{1
zTw(=MT)$2JyGwD~>n|7JV^5-S%Eo(iMRFb{@IB-#8r0YmpsCLrJ#gydK&FrNJ7#@s
zHxMJ%tuJwJqjAshD->7Ont|QiAnIxfj8eT2Grf?nHX4=L@L4U;@eg|8LM(%+wcI2q
zXDMiu(bxrx_0b<epZYSU0`s{H3%L+>Qa)DSH)!PB9iTahc2cKV_aw*L1jXjU`K2~C
zq$!6FIH4tWX5F%({g&F3LvF`mcieRbMYZPXaN@i*uWrIRmwOkh=d--Ixuc+`WZu&8
zxw*fjm4-xIj{!Kh3>?5%nc9eD1J}}iT;Nvv`|5CVZe7J4cwf_^U4oB03j}-CvpSfQ
z*S(4k*-=kl4%)S@sw#*!x|bcczFd_rB<?5>W}N_<AtdJPbSLJ#CdBjYwQGJZ7bv&S
zaj)r@vX%8&v-;g@k`gk<;iB<hWAc&Z$tC%*9d`C0Vc7`o48Sx!)(gnb#+>zzsvel^
z7=dSVcAbu93Xj^}p&X)5hat1GQUitcj>_q~Mxs|>Gu?wG00{s+SZU@``ObE7K6zwR
zc};NGo<PIcyX%CLuL-eFv}iWvUKd)8TLt9KMDBL*)gm%rxF;!CYmN#Eojyn(tts`#
zlt?~4wJ`bdDQyT09I^C;Z^j2N#KZz7yi&IB*TqjRqi(q->V3^XG$bVI3N+ij2nIoM
z6$o)xo@ToXH6<ymAiUAQ6Lq{%cT?TPqgkHNe})$vz#XnU!O<@qfE9S4>3UQgsm|66
zz~X+S)^}~x$!44dK0bl!J5<FWwhUl|Z&4!EmcEWLA|4XCKSO;i1KYZg;D&)i#)LFp
z1OyUiR=WB-14%Q-oZx<{%hEpABqW}*JAV(s?z2g#RYr~7;sQ<;n8kGE=<yq4ODVmh
zkGcuRNLAkn^rt=nJ`ptAUbGUF@2k4R<EO|N<tVbTW_y@8P_j0ag%f9Vt}b*j6T|3)
zN({=yq>~W+M7vT~-7`c?Wb1k%-b39WCKEcbs_%Q$tG-$F>;|gRN420BEpYZ|9;~s~
z!+}n~M#>|atryC0LZNLA`f$7y60QmBo&mxI+Ff5Tdvj{G=Yb+4W`A^gVRA9oNgI>$
zl>G!*)%_}YYs*xQ(a*K|-Yz7reFW!IA#wA=0ORuoWsQIX3ZnH5)lVk8EyM=0gf+jC
zetXGg4`r8}6QJvMLs#`@bRkuIfi7+7_b~unXC5873sQj|6IHAc2lnm1#CJCB%GP}~
zO8+3&g(|tJ`<$<;uBJwLtwtHC>OLn1Wq(!od4Eu>t?Hf#%3{EkbD~B$U88VqS2I@C
z{hw7)x!sjBs+_FJ8SOrQn;48bhLy>hoDuzN!MZQ*ny68RYvOg2%20gEhw-LQT}Uep
zLM(SKy40#-L+MK=)@jz7IA?>#%4CLx$wigT8EH&jTp1>?fZKoJQyeb&?F$9$3G@dq
zTYoqZ$w6}qTAoIBb|Il(-Tf}JPFTAyFl#fDh?@@XKZDzc{ei`s&cKlO)=WNNcMR*M
zkwtZrFe<)9wI2Mp*}BFww27llmG$7e`H|otw|So7t3hrPFf4GLwJ@@gB(90Lq0DkZ
z=>H8b<eU)VO?k)^dG?I88PPI@D?*FdP}U%K6%fQI`^cs8ac(YZ@|Ce6evtbkJ^&F>
zEY5vOUxY{i6*$r0o4{$T{$s~<S0Y9n$yMB0$lz!&aM;)yj%iC*V;Z%kHTrv{{toN!
zt@@kx5N+u;{avBIZ_?l8`g?=^uGimp>+d~q?taSv`l1L=Jr}<pwKL8p<WyczKIpA8
zEF7D>fTQXZSzSD-X}xv&F?P$?FQ$0-*!e(EED9nL%RSy`=iQ0i@0_C(y(_FV;h0v}
ztlsglragvnmtuiIqu#<X++6_&C9Qk<m449St3Ti8nIgmX&Ddw?xz&VUGvRy_G86vp
zCPVHu6TW1^eJ0#x!gdojnsBuVZ!n>ug|Q=M|Ec;JvtDqcL7BXS|CCAJVZuHWZZM(K
zgyklD(}ZVD*lfa2Oql9dxX!rWOPVl6|G$FurH1|q6AEG=5aRC)Nr9Hd)Q3^uK2@LI
zZ|aT`3xd%V*waf;a3G*3#l!cBejWEAcpqNE!}lVib(eKL3Vnj%Nwvdm=Zt5@-Qf(*
z|FU9^`%*1giw(czneb9RCD(?HH5>2v`9r=RwQ{xJ%l?lIUAMpZ5arzJ)thnGe4pr(
zBb(dFpT)ZWidzDK%?)Be^hU(Zoh!?y^Kk9BRqq1Ho>8F(xsTme-RP#f&;4+SekW@0
z2oi5U&fdgN(d?zA>@aBEQ?yRTc;k+>#7}pc_M5?C7?*yPT2fl-Yi+}QBkEbyrn&)N
zFV$5f!_TDQG|gDi3|g%&S2~lX%T>&v)$4N3nKWHam_cjQ<?2DhP)%DJb-8BHYAm3c
z_q-HihY&MH-M(YTj+U($25Vkwjzf}t_S!04U;7N&-MYT;bXub!*Exe`$n6BJp8D-H
z?t@eJ;U%I`r+aaVdDFLLK-q54upg#q4x;@4G`i<D<;sahxowEXV9d)(qS2kS6JY9|
z8g<%2OSVQLz;q_vNvH0osq;LLjeBT&moC!`KM;-Xob9D6h}I0kPHJb+bUTUuMUN%j
z!qV5{utRXGap;+A%VIWpHnX*4GFy2Dvz5&~Q;(Q~dbS+<?I9G3L3%7Wkz|ym)z7tN
zFl$Q|vqIilmJ?3N(+NRF88zi+FUVjE%B^gHH2+L~_{!##+$dyXSP=gOIfA<0hO~Oi
zYzv!Bc4eirEGa!at2wQ7Hrcua^J3bx29t3FWf|@r2wKuCEDe4$Z7a3prnB7gY?do!
z)LZhiSU&8`$H#I$Y|Ssr3mg2|EVm4N8;3C;WHw75%OD;4xH6~4Wto@3=E+%XUU?>)
zSC&Je^O+}=+vXr9h@WPb$s2%BoS>A_q@r8{+>Sz$({e}&atNyl1nRv0AgdE25pSEg
zKGfORE{Wb2lBRe|J$<xC@%W#%SG@^*CupV9XiKo?JO*0*G+H|L!~LLr-t*P|Y<T8<
zRt?w7VrmAy;cD36ay!cOiDI{>U7VvT*0j;pkm6)9kEhxb35z~|tKa8o_Xb-6qQuxz
z&?9n-NA3!X9)GYk<Y^HjvJ~p_1pE>FAa)Du5IZ6wuuatsO&c0(>s%|!OO4)EGPLl^
zvM6=1uV2JHB3s8i5wYFV>JNbFp%^M)9$zTf>Tiomq9^E;q|kPcS8Cgak4K}W-y87n
zm|}^+ZGI^f?7)W(W92g>LP4?9FMDL~)_};^TIP|&HkgWjOipVw=#%}SAX~ybVyEbf
z%3_LTG`bG9NU{fBgd#Q{H63Bzu)nw?QoP+CEC#<Azt+nB4zW0}qIgBIG34jd8{|N>
zH!Ncm)ggR$;Wxvd63rb7-5(9#YWD03$`Uf<A>wTEOLEj3XbM6tR?K&~rl8^c7FVZF
z43nX^>TbgR&TSOs&t+TFZWHC|s3gHB^-{=(#mK^3Bb@IKVkjvR3(u;Jn3a%pD`Ew<
z)=Of9Tv?iaM^u!$>P4wFBz1U$K8ymRL?GmSR(ov=%b!LyA`V3MOQLS<g3mh|;h?Gr
z1|Sl~8fVoaAdIQp=*FxFlqT+jMK$8qXj_{or7Zcpb^iZFPu(#c-@=cyzDf5%bR%>z
zZ!YI&T6Vd7J5%DT+MksNum{>v=p06S;#QR1z;^=fMR^SP(|{kMkPN{^I4kS{&I9g4
z86p|LCvk3=0R9v~lrZ*Ng2nmRFM*c=wxDbVPVi=2i1ENH0G~xE0{$G}Z&9c(74RB-
z%Mea*g^8B~ZZ>g(-!gF-@GTVT_Y@#~>rh*Q*O)j#5ru4M2V8;kN(=CEz~d<8z)t{v
zh(a<17vUm^a2_yZ;$gr?QAq!8!14w7ApkPXfZs+T`Yu4a41EmrV}SE<ElhqW0NiTg
z0l+exqxOT2Z%_SPmjq7dJ36x^p@$%y%Lpe(=d1$A5UfUN1pcQ!E79;al-p5q{!}Gj
zwfmBIz@mRwA>?<?91za)Ae3H)j$d7w03Ln+Jb0PSVePukjsU++lp@&hD+^bYlos-0
z&=+d)2iqzOn;LH|t|;UqGLB{50M0R$g<WE#aNRAr*=xO#h}f|;(8WVRFj83<m4d4y
zzIL(08!7Ja`=n4L)G8PILLIBUk&cpWD++mR?EY4q;x<k14XSv4tt>?&axIQ|rnV(t
zpv|#FZ-<r<9Hb<_+-255k;HFB(TmtpFZs9O1kff%rkK;&F8vIKVY|g`Vt^0OyRy(5
zsSR!m-7iXoeAHj%qvK3vVXHR~5exa{Q+n1e|NLIoE}vo3+T~M&L-V!EQ+`8b<|JOe
g#v9+#S$p&Lw(kw^ZQr+Z-|l^v7yXL*<@3OQ1E`lO*#H0l

diff --git a/xtils/xtils.hpp b/xtils/xtils.hpp
index 1bb6870..65247a1 100644
--- a/xtils/xtils.hpp
+++ b/xtils/xtils.hpp
@@ -8,6 +8,7 @@
 #include <memory>
 #include <algorithm>
 #include <functional>
+#include <fstream>
 
 #include <Windows.h>
 #include <tlhelp32.h>
@@ -23,7 +24,12 @@
 	OutputDebugStringA(buff); \
 } 
 
-#define NT_HEADER(x) reinterpret_cast<PIMAGE_NT_HEADERS>( uint64_t(x) + reinterpret_cast<PIMAGE_DOS_HEADER>(x)->e_lfanew )
+#define NT_HEADER(x) reinterpret_cast<PIMAGE_NT_HEADERS>( \
+	 uint64_t(x) + reinterpret_cast<PIMAGE_DOS_HEADER>(x)->e_lfanew )
+
+#define PAGE_4K 0x1000
+#define PAGE_2MB PAGE_4K * 512
+#define PAGE_1GB PAGE_2MB * 512
 
 typedef struct _RTL_PROCESS_MODULE_INFORMATION
 {
@@ -58,6 +64,38 @@ namespace xtils
 	public:
 		static auto get_instance() -> um_t* { static um_t obj; return &obj; }
 
+		auto image_base(const char* image_path) -> std::uintptr_t
+		{
+			char image_header[PAGE_4K];
+			std::ifstream file(image_path, std::ios::binary);
+			file.read(image_header, PAGE_4K);
+			file.close();
+
+			return NT_HEADER(image_header)->OptionalHeader.ImageBase;
+		}
+
+		auto sigscan(void* base, std::uint32_t size, const char* pattern, const char* mask) -> void*
+		{
+			static const auto check_mask =
+				[&](const char* base, const char* pattern, const char* mask) -> bool
+			{
+				for (; *mask; ++base, ++pattern, ++mask)
+					if (*mask == 'x' && *base != *pattern)
+						return false;
+				return true;
+			};
+
+			size -= strlen(mask);
+			for (auto i = 0; i <= size; ++i)
+			{
+				void* addr = (void*)&(((char*)base)[i]);
+				if (check_mask((char*)addr, pattern, mask))
+					return addr;
+			}
+
+			return nullptr;
+		}
+
 		auto get_modules(std::uint32_t pid, module_map_t& module_map) -> bool
 		{
 			uq_handle snapshot = { CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, pid), &CloseHandle };