Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #if !defined _ASBRSIG_
- #define _ASBRSIG_
- #include <Windows.h>
- #include "..\StatusList.h"
- #if !defined DLL_DEVELOPMENT
- #define ASBR_SIGNATURE_API __declspec(dllimport)
- #else
- #define ASBR_SIGNATURE_API __declspec(dllexport)
- #endif
- class ASBR_SIGNATURE_API AsbrSig
- {
- public:
- ///<summary>
- ///Read the binaries of an image file and set all the descriptor pointers of the class
- ///</summary>
- ///<param name = "szImagePath"> Path of the image to retreive the binaries </param>
- ///<returns>
- ///A value of AsbrStatus enum:
- // DESCRIPTORS:
- ///Success: everything has succeded.
- // ERRORS:
- ///FileOpenError: the image does not exist.
- ///MemoryAllocationError: no memory error, couldn't allocate internal buffer.
- ///</returns>
- static AsbrStatus __stdcall ReadImageSignature(_In_z_ const char* szImagePath);
- ///<summary>
- ///Check if the scanned image is x86 or x64
- ///</summary>
- ///<returns>
- ///A value of AsbrStatus enum:
- // DESCRIPTORS:
- ///Machine64: the image is x64.
- ///Machine32: the image is x86.
- // ERRORS:
- ///InvalidFunctionCall: the image has not been scanned.
- ///InvalidStateMachine: the image is neither x64 not x86.
- ///</returns>
- static AsbrStatus __stdcall GetFileImageMachine(_Null_ void);
- ///<summary>
- ///Retreive the binaries scanned with the ReadImageSignature call
- ///</summary>
- ///<returns> A pointer to the binaries </returns>
- static PBYTE __forceinline GetImageSignature(_Null_ void);
- ///<summary>
- ///Retreive the size of the binaries scanned with the ReadImageSignature call
- ///</summary>
- ///<returns> Size of the binaries </returns>
- static ULONG64 __forceinline GetImageSignatureSize(_Null_ void);
- ///<summary>
- ///Retreive the image dos header of the file scanned with the ReadImageSignature call
- ///</summary>
- ///<returns> Pointer to the IMAGE_DOS_HEADER structure of the image scanned </returns>
- static PIMAGE_DOS_HEADER __forceinline GetImageDosHeader(_Null_ void);
- ///<summary>
- ///Retreive the image nt header of the file scanned with the ReadImageSignature call
- ///Use this call only if the image machine is x64, if not you should call GetImageNtHeader32 instead
- ///</summary>
- ///<returns> Pointer to the PIMAGE_NT_HEADER structure of the image scanned </returns>
- static PIMAGE_NT_HEADERS64 __forceinline GetImageNtHeader64(_Null_ void);
- ///<summary>
- ///Retreive the image nt header of the file scanned with the ReadImageSignature call
- ///Use this call only if the image machine is x86, if not you should call GetImageNtHeader64 instead
- ///</summary>
- ///<returns> Pointer to the PIMAGE_NT_HEADER structure of the image scanned </returns>
- static PIMAGE_NT_HEADERS32 __forceinline GetImageNtHeader32(_Null_ void);
- private:
- static BYTE* pImageSignature;
- static UINT64 ImageSignatureSize;
- static PIMAGE_DOS_HEADER pImageDosHeader;
- static PIMAGE_NT_HEADERS64 pImageNtHeader64;
- static PIMAGE_NT_HEADERS32 pImageNtHeader32;
- };
- #endif
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement