#if !defined _ASBRSIG_#define _ASBRSIG_#include <Windows.h>#include "..\

1. #if !defined _ASBRSIG_
2. #define _ASBRSIG_
3.  
4. #include <Windows.h>
5. #include "..\StatusList.h"
6.  
7. #if !defined DLL_DEVELOPMENT
8. #define ASBR_SIGNATURE_API __declspec(dllimport)
9. #else
10. #define ASBR_SIGNATURE_API __declspec(dllexport)
11. #endif
12.  
13. class ASBR_SIGNATURE_API AsbrSig
14. {
15. public:
16.  
17.     ///<summary>
18.     ///Read the binaries of an image file and set all the descriptor pointers of the class
19.     ///</summary>
20.     ///<param name = "szImagePath"> Path of the image to retreive the binaries </param>
21.     ///<returns>
22.     ///A value of AsbrStatus enum:
23.     // DESCRIPTORS:
24.     ///Success:                  everything has succeded.
25.     // ERRORS:
26.     ///FileOpenError:            the image does not exist.
27.     ///MemoryAllocationError:    no memory error, couldn't allocate internal buffer.
28.     ///</returns>
29.     static AsbrStatus __stdcall ReadImageSignature(_In_z_ const char* szImagePath);
30.  
31.    
32.     ///<summary>
33.     ///Check if the scanned image is x86 or x64
34.     ///</summary>
35.     ///<returns>
36.     ///A value of AsbrStatus enum:
37.     // DESCRIPTORS:
38.     ///Machine64:                the image is x64.
39.     ///Machine32:                the image is x86.
40.     // ERRORS:
41.     ///InvalidFunctionCall:      the image has not been scanned.
42.     ///InvalidStateMachine:      the image is neither x64 not x86.
43.     ///</returns>
44.     static AsbrStatus __stdcall GetFileImageMachine(_Null_ void);
45.  
46.  
47.     ///<summary>
48.     ///Retreive the binaries scanned with the ReadImageSignature call
49.     ///</summary>
50.     ///<returns> A pointer to the binaries </returns>
51.     static PBYTE __forceinline GetImageSignature(_Null_ void);
52.  
53.  
54.     ///<summary>
55.     ///Retreive the size of the binaries scanned with the ReadImageSignature call
56.     ///</summary>
57.     ///<returns> Size of the binaries </returns>
58.     static ULONG64 __forceinline GetImageSignatureSize(_Null_ void);
59.  
60.  
61.     ///<summary>
62.     ///Retreive the image dos header of the file scanned with the ReadImageSignature call
63.     ///</summary>
64.     ///<returns> Pointer to the IMAGE_DOS_HEADER structure of the image scanned </returns>
65.     static PIMAGE_DOS_HEADER __forceinline GetImageDosHeader(_Null_ void);
66.  
67.  
68.     ///<summary>
69.     ///Retreive the image nt header of the file scanned with the ReadImageSignature call
70.     ///Use this call only if the image machine is x64, if not you should call GetImageNtHeader32 instead
71.     ///</summary>
72.     ///<returns> Pointer to the PIMAGE_NT_HEADER structure of the image scanned </returns>
73.     static PIMAGE_NT_HEADERS64 __forceinline GetImageNtHeader64(_Null_ void);
74.  
75.  
76.     ///<summary>
77.     ///Retreive the image nt header of the file scanned with the ReadImageSignature call
78.     ///Use this call only if the image machine is x86, if not you should call GetImageNtHeader64 instead
79.     ///</summary>
80.     ///<returns> Pointer to the PIMAGE_NT_HEADER structure of the image scanned </returns>
81.     static PIMAGE_NT_HEADERS32 __forceinline GetImageNtHeader32(_Null_ void);
82.  
83. private:
84.  
85.     static BYTE* pImageSignature;
86.     static UINT64 ImageSignatureSize;
87.     static PIMAGE_DOS_HEADER pImageDosHeader;
88.     static PIMAGE_NT_HEADERS64 pImageNtHeader64;
89.     static PIMAGE_NT_HEADERS32 pImageNtHeader32;
90. };
91.  
92. #endif