Merge branch 'BasedInc:master' into master

phasephasephase · Oct 6, 2024 · c93c875 · c93c875
2 parents 862a006 + 2a2c7c3
commit c93c875
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 6 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -5,8 +5,8 @@ if(NOT CMAKE_CXX_STANDARD)
 endif()
 
 set(LIBHAT_VERSION_MAJOR 0)
-set(LIBHAT_VERSION_MINOR 1)
-set(LIBHAT_VERSION_PATCH 1)
+set(LIBHAT_VERSION_MINOR 2)
+set(LIBHAT_VERSION_PATCH 0)
 set(LIBHAT_VERSION ${LIBHAT_VERSION_MAJOR}.${LIBHAT_VERSION_MINOR}.${LIBHAT_VERSION_PATCH})
 
 project(libhat

diff --git a/include/libhat/Scanner.hpp b/include/libhat/Scanner.hpp
@@ -35,9 +35,31 @@ namespace hat {
             return static_cast<size_t>(read<Int>(offset)) / sizeof(ArrayType);
         }
 
-        /// Resolve the relative address located at an offset from the signature result
-        [[nodiscard]] constexpr T rel(size_t offset) const {
-            return this->has_result() ? this->result + this->read<rel_t>(offset) + offset + sizeof(rel_t) : nullptr;
+        /// Resolve the relative address located at an offset from the signature result. The behavior is undefined if
+        /// there is no result. The "offset" parameter is the number of bytes after the result's match that the relative
+        /// address is located. For example:
+        ///
+        ///        | result matches here
+        ///        |        | relative address located at +3 (offset)
+        ///        v        v
+        ///   0x0: 48 8D 05 BE 53 23 01    lea  rax, [rip+0x12353be]
+        ///   0x7: <next instruction>
+        ///
+        /// The "remaining" parameter is the number of bytes after the relative address that the next instruction
+        /// begins. In the majority of cases, this parameter can be left as 0. However, consider the following example:
+        ///
+        ///        | result matches here
+        ///        |     | relative address located at +2 (offset)
+        ///        |     |           | end of relative address
+        ///        v     v           v
+        ///   0x0: 83 3D BE 53 23 01 00    cmp    DWORD PTR [rip+0x12353be],0x0
+        ///   0x7: <next instruction>
+        ///
+        /// The "0x0" operand comes after the relative address. The absolute address referred to by the RIP relative
+        /// address in this case is 0x12353BE + 0x7 = 0x12353C5. Simply using rel(2) would yield an incorrect result of
+        /// 0x12353C4. In this case, rel(2, 1) would yield the expected 0x12353C5.
+        [[nodiscard]] constexpr T rel(size_t offset, size_t remaining = 0) const {
+            return this->result + this->read<rel_t>(offset) + offset + sizeof(rel_t) + remaining;
         }
 
         [[nodiscard]] constexpr bool has_result() const {

diff --git a/src/os/win32/Process.cpp b/src/os/win32/Process.cpp
@@ -41,7 +41,7 @@ namespace hat::process {
         return *reinterpret_cast<const IMAGE_NT_HEADERS*>(scanBytes + dosHeader->e_lfanew);
     }
 
-    bool hat::process::is_readable(const std::span<const std::byte> region) {
+    bool is_readable(const std::span<const std::byte> region) {
         constexpr DWORD readFlags = PAGE_EXECUTE_READ
             | PAGE_EXECUTE_READWRITE
             | PAGE_EXECUTE_WRITECOPY