forked from Niplix/Scudo
-
Notifications
You must be signed in to change notification settings - Fork 0
/
B64Function.h
31 lines (23 loc) · 885 Bytes
/
B64Function.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
#pragma once
#include <windows.h>
#include "../B64/B64Opcode.h"
std::int32_t GetFunctionLength(void* function) {
if (!function)
return 0;
// Start Address
PCHAR functionAddress = PCHAR(function);
// Our return variable
std::int32_t functionLength = 0;
// Loop untill we reach double int3 breakpoints
while (functionAddress && *PWORD(functionAddress) != 0xCCCC) { //while valid address and value at address isnt breakpoint
// Get the size of the instruction
size_t instructionSize = OpDisassemble(functionAddress).GetLength();
// Check if double int3 is two seperate instructions
if (instructionSize == 0x1 && OpDisassemble(functionAddress + 1).GetLength() == 0x1 && (*PWORD(functionAddress) == 0xCCCC))
break;
// Increment to the next instruction
functionLength += instructionSize;
functionAddress += instructionSize;
}
return functionLength;
}