From a057b8c1e9e317a95bbae124597d90f6ba33a775 Mon Sep 17 00:00:00 2001 From: Orange Date: Mon, 6 Oct 2025 16:30:44 +0300 Subject: [PATCH 01/18] Defines PE header structure for x64 Introduces a structure for representing the DOS header within a PE (Portable Executable) file for x64 architectures. This definition enables easier parsing and manipulation of PE header information. --- source/system/pe_headers_x64.hpp | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 source/system/pe_headers_x64.hpp diff --git a/source/system/pe_headers_x64.hpp b/source/system/pe_headers_x64.hpp new file mode 100644 index 0000000..2656ab2 --- /dev/null +++ b/source/system/pe_headers_x64.hpp @@ -0,0 +1,32 @@ +// +// Created by Vlad on 10/6/2025. +// + +#pragma once +#include +namespace omath::system +{ + struct ImageDosHeader + { + uint16_t e_magic; // Magic number + uint16_t e_cblp; // Bytes on last page of file + uint16_t e_cp; // Pages in file + uint16_t e_crlc; // Relocations + uint16_t e_cparhdr; // Size of header in paragraphs + uint16_t e_minalloc; // Minimum extra paragraphs needed + uint16_t e_maxalloc; // Maximum extra paragraphs needed + uint16_t e_ss; // Initial (relative) SS value + uint16_t e_sp; // Initial SP value + uint16_t e_csum; // Checksum + uint16_t e_ip; // Initial IP value + uint16_t e_cs; // Initial (relative) CS value + uint16_t e_lfarlc; // File address of relocation table + uint16_t e_ovno; // Overlay number + uint16_t e_res[4]; // Reserved words + uint16_t e_oemid; // OEM identifier (for e_oeminfo) + uint16_t e_oeminfo; // OEM information; e_oemid specific + uint16_t e_res2[10]; // Reserved words + int32_t e_lfanew; // File address of new exe header + }; + +} // namespace omath::system \ No newline at end of file From dea896c6cbb03226e65c521aff9f930bf56698b7 Mon Sep 17 00:00:00 2001 From: Orange Date: Mon, 6 Oct 2025 16:56:56 +0300 Subject: [PATCH 02/18] added mkdoc --- docs/index.md | 17 ++++ mkdocs.yml | 1 + writerside/c.list | 7 -- writerside/cfg/buildprofiles.xml | 13 --- writerside/images/completion_procedure.png | 3 - .../images/completion_procedure_dark.png | 3 - writerside/images/convert_table_to_xml.png | 3 - .../images/convert_table_to_xml_dark.png | 3 - writerside/images/new_topic_options.png | 3 - writerside/images/new_topic_options_dark.png | 3 - writerside/o.tree | 14 --- writerside/redirection-rules.xml | 13 --- writerside/topics/Code-Of-Conduct.md | 95 ------------------- writerside/topics/Community.md | 11 --- writerside/topics/Documentation.md | 54 ----------- writerside/topics/License.md | 9 -- writerside/topics/starter-topic.md | 67 ------------- writerside/v.list | 5 - writerside/writerside.cfg | 8 -- 19 files changed, 18 insertions(+), 314 deletions(-) create mode 100644 docs/index.md create mode 100644 mkdocs.yml delete mode 100644 writerside/c.list delete mode 100644 writerside/cfg/buildprofiles.xml delete mode 100644 writerside/images/completion_procedure.png delete mode 100644 writerside/images/completion_procedure_dark.png delete mode 100644 writerside/images/convert_table_to_xml.png delete mode 100644 writerside/images/convert_table_to_xml_dark.png delete mode 100644 writerside/images/new_topic_options.png delete mode 100644 writerside/images/new_topic_options_dark.png delete mode 100644 writerside/o.tree delete mode 100644 writerside/redirection-rules.xml delete mode 100644 writerside/topics/Code-Of-Conduct.md delete mode 100644 writerside/topics/Community.md delete mode 100644 writerside/topics/Documentation.md delete mode 100644 writerside/topics/License.md delete mode 100644 writerside/topics/starter-topic.md delete mode 100644 writerside/v.list delete mode 100644 writerside/writerside.cfg diff --git a/docs/index.md b/docs/index.md new file mode 100644 index 0000000..000ea34 --- /dev/null +++ b/docs/index.md @@ -0,0 +1,17 @@ +# Welcome to MkDocs + +For full documentation visit [mkdocs.org](https://www.mkdocs.org). + +## Commands + +* `mkdocs new [dir-name]` - Create a new project. +* `mkdocs serve` - Start the live-reloading docs server. +* `mkdocs build` - Build the documentation site. +* `mkdocs -h` - Print help message and exit. + +## Project layout + + mkdocs.yml # The configuration file. + docs/ + index.md # The documentation homepage. + ... # Other markdown pages, images and other files. diff --git a/mkdocs.yml b/mkdocs.yml new file mode 100644 index 0000000..c97182f --- /dev/null +++ b/mkdocs.yml @@ -0,0 +1 @@ +site_name: My Docs diff --git a/writerside/c.list b/writerside/c.list deleted file mode 100644 index 5fca6a6..0000000 --- a/writerside/c.list +++ /dev/null @@ -1,7 +0,0 @@ - - - - - - \ No newline at end of file diff --git a/writerside/cfg/buildprofiles.xml b/writerside/cfg/buildprofiles.xml deleted file mode 100644 index d265420..0000000 --- a/writerside/cfg/buildprofiles.xml +++ /dev/null @@ -1,13 +0,0 @@ - - - - - - - - true - - - - diff --git a/writerside/images/completion_procedure.png b/writerside/images/completion_procedure.png deleted file mode 100644 index c079b71..0000000 --- a/writerside/images/completion_procedure.png +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:c541027fb796a947f1f559a62dbd31f55a80f652e991d059112475d122d324c4 -size 128146 diff --git a/writerside/images/completion_procedure_dark.png b/writerside/images/completion_procedure_dark.png deleted file mode 100644 index dee45a8..0000000 --- a/writerside/images/completion_procedure_dark.png +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:59e7c2df47f33658fe75a75b346d573b7165ff11a99799c9db040a4bfa1ed225 -size 68718 diff --git a/writerside/images/convert_table_to_xml.png b/writerside/images/convert_table_to_xml.png deleted file mode 100644 index 4b8b6a1..0000000 --- a/writerside/images/convert_table_to_xml.png +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:4d6900b3f178e3213cbf9b0846b887cc154c15cf1f71e6a6a75cd16cf4c4f762 -size 349338 diff --git a/writerside/images/convert_table_to_xml_dark.png b/writerside/images/convert_table_to_xml_dark.png deleted file mode 100644 index 0580289..0000000 --- a/writerside/images/convert_table_to_xml_dark.png +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:449bfd5c17b5ccf25f6077a286988163a19b527522c3a53fd66fefa9b29b291b -size 121495 diff --git a/writerside/images/new_topic_options.png b/writerside/images/new_topic_options.png deleted file mode 100644 index a11c4a2..0000000 --- a/writerside/images/new_topic_options.png +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:7659fef226291431499d3f5f7b2faaa06540f1f21bf8cc9e4f6613c8b4904ad0 -size 313855 diff --git a/writerside/images/new_topic_options_dark.png b/writerside/images/new_topic_options_dark.png deleted file mode 100644 index 391b9b4..0000000 --- a/writerside/images/new_topic_options_dark.png +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:ce366a6c690d72ebe72b942ddefbb9ea7cf9d0bbfa03df2524e4e56e91b54546 -size 281000 diff --git a/writerside/o.tree b/writerside/o.tree deleted file mode 100644 index df951e5..0000000 --- a/writerside/o.tree +++ /dev/null @@ -1,14 +0,0 @@ - - - - - - - - - - - \ No newline at end of file diff --git a/writerside/redirection-rules.xml b/writerside/redirection-rules.xml deleted file mode 100644 index e06c457..0000000 --- a/writerside/redirection-rules.xml +++ /dev/null @@ -1,13 +0,0 @@ - - - - - - " from OMATH]]> - Empty-MD-Topic.html - - \ No newline at end of file diff --git a/writerside/topics/Code-Of-Conduct.md b/writerside/topics/Code-Of-Conduct.md deleted file mode 100644 index bf54248..0000000 --- a/writerside/topics/Code-Of-Conduct.md +++ /dev/null @@ -1,95 +0,0 @@ -# Code Of Conduct - -## 🎯 Goal - -My goal is to provide a space where it is safe for everyone to contribute to, -and get support for, open-source software in a respectful and cooperative -manner. - -I value all contributions and want to make this project and its -surrounding community a place for everyone. - -As members, contributors, and everyone else who may participate in the -development, I strive to keep the entire experience civil. - -## 📜 Standards - -Our community standards exist in order to make sure everyone feels comfortable -contributing to the project(s) together. - -Our standards are: -- Do not harass, attack, or in any other way discriminate against anyone, including - for their protected traits, including, but not limited to, sex, religion, race, - appearance, gender, identity, nationality, sexuality, etc. -- Do not go off-topic, do not post spam. -- Treat everyone with respect. - -Examples of breaking each rule respectively include: -- Harassment, bullying or inappropriate jokes about another person. -- Posting distasteful imagery, trolling, or posting things unrelated to the topic at hand. -- Treating someone as worse because of their lack of understanding of an issue. - -## ⚡ Enforcement - -Enforcement of this CoC is done by Orange++ and/or other core contributors. - -I, as the core developer, will strive my best to keep this community civil and -following the standards outlined above. - -### 🚩 Reporting incidents - -If you believe an incident of breaking these standards has occurred, but nobody has -taken appropriate action, you can privately contact the people responsible for dealing -with such incidents in multiple ways: - -***E-Mail*** -- `orange-cpp@yandex.ru` - -***Discord*** -- `@orange_cpp` - -***Telegram*** -- `@orange_cpp` - -I guarantee your privacy and will not share those reports with anyone. - -## ⚖️ Enforcement Strategy - -Depending on the severity of the infraction, any action from the list below may be applied. -Please keep in mind cases are reviewed on a per-case basis and members are the ultimate -deciding factor in the type of punishment. - -If the matter benefited from an outside opinion, a member might reach for more opinions -from people unrelated, however, the final decision regarding the action -to be taken is still up to the member. - -For example, if the matter at hand regards a representative of a marginalized group or minority, -the member might ask for a first-hand opinion from another representative of such group. - -### ✏️ Correction/Edit - -If your message is found to be misleading or poorly worded, a member might -edit your message. - -### ⚠️ Warning/Deletion - -If your message is found inappropriate, a member might give you a public or private warning, -and/or delete your message. - -### 🔇 Mute - -If your message is disruptive, or you have been repeatedly violating the standards, -a member might mute (or temporarily ban) you. - -### ⛔ Ban - -If your message is hateful, very disruptive, or other, less serious infractions are repeated -ignoring previous punishments, a member might ban you permanently. - -## 🔎 Scope - -This CoC shall apply to all projects ran under the Orange++ lead and all _official_ communities -outside of GitHub. - -However, it is worth noting that official communities outside of GitHub might have their own, -additional sets of rules. \ No newline at end of file diff --git a/writerside/topics/Community.md b/writerside/topics/Community.md deleted file mode 100644 index 4f18848..0000000 --- a/writerside/topics/Community.md +++ /dev/null @@ -1,11 +0,0 @@ -# Credits - -Thanks to everyone who made this possible, including: - -- Saikari aka luadebug for VCPKG port. - -And a big hand to everyone else who has contributed over the past! - -THANKS! <3 - - -- Orange++ \ No newline at end of file diff --git a/writerside/topics/Documentation.md b/writerside/topics/Documentation.md deleted file mode 100644 index a99f4a2..0000000 --- a/writerside/topics/Documentation.md +++ /dev/null @@ -1,54 +0,0 @@ -# 📥Installation Guide - -## Using vcpkg -**Note**: Support vcpkg for package management -1. Install [vcpkg](https://github.com/microsoft/vcpkg) -2. Run the following command to install the orange-math package: -``` -vcpkg install orange-math -``` -CMakeLists.txt -```cmake -find_package(omath CONFIG REQUIRED) -target_link_libraries(main PRIVATE omath::omath) -``` -For detailed commands on installing different versions and more information, please refer to Microsoft's [official instructions](https://learn.microsoft.com/en-us/vcpkg/get_started/overview). - -## Build from source using CMake -1. **Preparation** - - Install needed tools: cmake, clang, git, msvc (windows only). - - 1. **Linux:** - ```bash - sudo pacman -Sy cmake ninja clang git - ``` - 2. **MacOS:** - ```bash - brew install llvm git cmake ninja - ``` - 3. **Windows:** - - Install Visual Studio from [here](https://visualstudio.microsoft.com/downloads/) and Git from [here](https://git-scm.com/downloads). - - Use x64 Native Tools shell to execute needed commands down below. -2. **Clone the repository:** - ```bash - git clone https://github.com/orange-cpp/omath.git - ``` -3. **Navigate to the project directory:** - ```bash - cd omath - ``` -4. **Build the project using CMake:** - ```bash - cmake --preset windows-release -S . - cmake --build cmake-build/build/windows-release --target omath -j 6 - ``` - Use **\-\** preset to build siutable version for yourself. Like **windows-release** or **linux-release**. - - | Platform Name | Build Config | - |---------------|---------------| - | windows | release/debug | - | linux | release/debug | - | darwin | release/debug | \ No newline at end of file diff --git a/writerside/topics/License.md b/writerside/topics/License.md deleted file mode 100644 index 4f4ff04..0000000 --- a/writerside/topics/License.md +++ /dev/null @@ -1,9 +0,0 @@ -# License - -Copyright (c) 2025 Orange++ - -Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. \ No newline at end of file diff --git a/writerside/topics/starter-topic.md b/writerside/topics/starter-topic.md deleted file mode 100644 index 878557f..0000000 --- a/writerside/topics/starter-topic.md +++ /dev/null @@ -1,67 +0,0 @@ -# Intro - -![banner](https://i.imgur.com/SM9ccP6.png) - -Oranges's Math Library (omath) is a comprehensive, open-source library aimed at providing efficient, reliable, and versatile mathematical functions and algorithms. Developed primarily in C++, this library is designed to cater to a wide range of mathematical operations essential in scientific computing, engineering, and academic research. - -## 👁‍🗨 Features -- **Efficiency**: Optimized for performance, ensuring quick computations using AVX2. -- **Versatility**: Includes a wide array of mathematical functions and algorithms. -- **Ease of Use**: Simplified interface for convenient integration into various projects. -- **Projectile Prediction**: Projectile prediction engine with O(N) algo complexity, that can power you projectile aim-bot. -- **3D Projection**: No need to find view-projection matrix anymore you can make your own projection pipeline. -- **Collision Detection**: Production ready code to handle collision detection by using simple interfaces. -- **No Additional Dependencies**: No additional dependencies need to use OMath except unit test execution -- **Ready for meta-programming**: Omath use templates for common types like Vectors, Matrixes etc, to handle all types! - -## Supported Render Pipelines -| ENGINE | SUPPORT | -|----------|---------| -| Source | ✅YES | -| Unity | ✅YES | -| IWEngine | ✅YES | -| Unreal | ❌NO | - -## Supported Operating Systems - -| OS | SUPPORT | -|----------------|---------| -| Windows 10/11 | ✅YES | -| Linux | ✅YES | -| Darwin (MacOS) | ✅YES | - -## ⏬ Installation -Please read our [installation guide](https://github.com/orange-cpp/omath/blob/main/INSTALL.md). If this link doesn't work check out INSTALL.md file. - -## ❔ Usage -Simple world to screen function -```c++ -TEST(UnitTestProjection, IsPointOnScreen) -{ - const omath::projection::Camera camera({0.f, 0.f, 0.f}, {0, 0.f, 0.f} , {1920.f, 1080.f}, 110.f, 0.1f, 500.f); - - const auto proj = camera.WorldToScreen({100, 0, 15}); - EXPECT_TRUE(proj.has_value()); -} -``` -## Showcase - -With `omath/projection` module you can achieve simple ESP hack for powered by Source/Unreal/Unity engine games, like [Apex Legends](https://store.steampowered.com/app/1172470/Apex_Legends/). - -![banner](https://i.imgur.com/lcJrfcZ.png) -Or for InfinityWard Engine based games. Like Call of Duty Black Ops 2! -![banner](https://i.imgur.com/F8dmdoo.png) -Or create simple trigger bot with embeded traceline from omath::collision::LineTrace -![banner](https://i.imgur.com/fxMjRKo.jpeg) -Or even advanced projectile aimbot -[Watch Video](https://youtu.be/lM_NJ1yCunw?si=5E87OrQMeypxSJ3E) - - -## 🫵🏻 Contributing -Contributions to `omath` are welcome! Please read `CONTRIBUTING.md` for details on our code of conduct and the process for submitting pull requests. - -## 📜 License -This project is licensed under the MIT - see the `LICENSE` file for details. - -## 💘 Acknowledgments -- [All contributors](https://github.com/orange-cpp/omath/graphs/contributors) diff --git a/writerside/v.list b/writerside/v.list deleted file mode 100644 index 2d12cb3..0000000 --- a/writerside/v.list +++ /dev/null @@ -1,5 +0,0 @@ - - - - - diff --git a/writerside/writerside.cfg b/writerside/writerside.cfg deleted file mode 100644 index 4e8ae9e..0000000 --- a/writerside/writerside.cfg +++ /dev/null @@ -1,8 +0,0 @@ - - - - - - - - \ No newline at end of file From cbf627c9f83f63552cbd107ca8d3069a7ffe026b Mon Sep 17 00:00:00 2001 From: Orange Date: Mon, 6 Oct 2025 17:39:01 +0300 Subject: [PATCH 03/18] Moves PE headers file to omath directory Organizes the project by relocating the PE headers file to the omath directory structure. This improves code organization and maintainability. --- {source => include/omath}/system/pe_headers_x64.hpp | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {source => include/omath}/system/pe_headers_x64.hpp (100%) diff --git a/source/system/pe_headers_x64.hpp b/include/omath/system/pe_headers_x64.hpp similarity index 100% rename from source/system/pe_headers_x64.hpp rename to include/omath/system/pe_headers_x64.hpp From 0e824ef320ca78d9bf72784be126ff82c8eade5d Mon Sep 17 00:00:00 2001 From: Orange Date: Mon, 6 Oct 2025 19:37:36 +0300 Subject: [PATCH 04/18] Clarifies build preset usage in INSTALL.md Rephrases the explanation regarding build presets for clarity in the INSTALL.md file. The text now more explicitly advises users on selecting appropriate presets. --- INSTALL.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/INSTALL.md b/INSTALL.md index 6d2e000..0cbcade 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -59,7 +59,7 @@ target("...") cmake --preset windows-release -S . cmake --build cmake-build/build/windows-release --target omath -j 6 ``` - Use **\-\** preset to build siutable version for yourself. Like **windows-release** or **linux-release**. + Use **\-\** preset to build suitable version for yourself. Like **windows-release** or **linux-release**. | Platform Name | Build Config | |---------------|---------------| From 1b45fdc7b34c0c14328c87ed71820afe2afad94e Mon Sep 17 00:00:00 2001 From: Orange Date: Tue, 7 Oct 2025 06:14:42 +0300 Subject: [PATCH 05/18] added pe pattern scan --- include/omath/utility/pattern_scan.hpp | 2 +- include/omath/utility/pe_pattern_scan.hpp | 22 ++++++++++++ source/utility/pe_pattern_scan.cpp | 44 +++++++++++++++++++++++ 3 files changed, 67 insertions(+), 1 deletion(-) create mode 100644 include/omath/utility/pe_pattern_scan.hpp create mode 100644 source/utility/pe_pattern_scan.cpp diff --git a/include/omath/utility/pattern_scan.hpp b/include/omath/utility/pattern_scan.hpp index d8486f0..35d9314 100644 --- a/include/omath/utility/pattern_scan.hpp +++ b/include/omath/utility/pattern_scan.hpp @@ -26,7 +26,7 @@ namespace omath { INVALID_PATTERN_STRING }; - class PatternScanner + class PatternScanner final { friend unit_test_pattern_scan_read_test_Test; friend unit_test_pattern_scan_corner_case_1_Test; diff --git a/include/omath/utility/pe_pattern_scan.hpp b/include/omath/utility/pe_pattern_scan.hpp new file mode 100644 index 0000000..8acdbae --- /dev/null +++ b/include/omath/utility/pe_pattern_scan.hpp @@ -0,0 +1,22 @@ +// +// Created by Vlad on 10/7/2025. +// + +#pragma once +#include +#include +#include +#include +namespace omath +{ + class PePatternScanner final + { + public: + [[nodiscard]] + static std::optional scan_for_pattern_in_loaded_module(const std::string_view& module_name, + const std::string_view& pattern); + + [[nodiscard]] + static std::optional scan_for_pattern_in_file(const std::filesystem::path& path_to_file); + }; +} // namespace omath \ No newline at end of file diff --git a/source/utility/pe_pattern_scan.cpp b/source/utility/pe_pattern_scan.cpp new file mode 100644 index 0000000..54530b1 --- /dev/null +++ b/source/utility/pe_pattern_scan.cpp @@ -0,0 +1,44 @@ +// +// Created by Vlad on 10/7/2025. +// +#include "omath/utility/pe_pattern_scan.hpp" +#include "omath/utility/pattern_scan.hpp" +#include +#include +#ifdef _WIN32 +#include +#endif + +namespace omath +{ + + std::optional + PePatternScanner::scan_for_pattern_in_loaded_module(const std::string_view& module_name, + const std::string_view& pattern) + { +#ifdef _WIN32 + const auto base_address = reinterpret_cast(GetModuleHandleA(module_name.data())); + + if (!base_address) + return std::nullopt; + + const auto dos_headers = reinterpret_cast(base_address); + const auto image_nt_headers = reinterpret_cast(base_address + dos_headers->e_lfanew); + + // Define .code segment as scan area + const auto start = image_nt_headers->OptionalHeader.BaseOfCode; + const auto scan_size = image_nt_headers->OptionalHeader.SizeOfCode; + + const auto scan_range = std::span{reinterpret_cast(base_address) + start, scan_size}; + + const auto result = PatternScanner::scan_for_pattern(scan_range, pattern); + + if (result != scan_range.cend()) + return reinterpret_cast(&*result); + + return std::nullopt; +#else + throw std::runtime_error("Pattern scan for loaded modules is only for windows platform"); +#endif + } +} // namespace omath \ No newline at end of file From a304672ca9073795faf6e98938233ded9f9c8428 Mon Sep 17 00:00:00 2001 From: Orange Date: Tue, 7 Oct 2025 08:03:07 +0300 Subject: [PATCH 06/18] Adds scan functionality for PE files Introduces a method to scan for patterns within specified PE files. This facilitates searching for patterns outside of loaded modules. --- source/utility/pe_pattern_scan.cpp | 3 +++ 1 file changed, 3 insertions(+) diff --git a/source/utility/pe_pattern_scan.cpp b/source/utility/pe_pattern_scan.cpp index 54530b1..a7bde5c 100644 --- a/source/utility/pe_pattern_scan.cpp +++ b/source/utility/pe_pattern_scan.cpp @@ -41,4 +41,7 @@ namespace omath throw std::runtime_error("Pattern scan for loaded modules is only for windows platform"); #endif } + std::optional PePatternScanner::scan_for_pattern_in_file(const std::filesystem::path& path_to_file) + { + } } // namespace omath \ No newline at end of file From b9c5dcc2c55241fe3cb233832681b6a5b4b34ed4 Mon Sep 17 00:00:00 2001 From: Orange Date: Tue, 7 Oct 2025 10:04:08 +0300 Subject: [PATCH 07/18] Adds PE section extraction and pattern scanning Adds functionality to extract a specific section from a PE file and scan for a given pattern within that section. Introduces `extract_section_from_pe_file` to isolate a section, enabling more targeted pattern searches. Overhauls `scan_for_pattern_in_file` to utilize extracted section data and improve accuracy. --- include/omath/utility/pe_pattern_scan.hpp | 9 +++- source/utility/pe_pattern_scan.cpp | 62 ++++++++++++++++++++++- 2 files changed, 68 insertions(+), 3 deletions(-) diff --git a/include/omath/utility/pe_pattern_scan.hpp b/include/omath/utility/pe_pattern_scan.hpp index 8acdbae..dd03627 100644 --- a/include/omath/utility/pe_pattern_scan.hpp +++ b/include/omath/utility/pe_pattern_scan.hpp @@ -4,9 +4,9 @@ #pragma once #include +#include #include #include -#include namespace omath { class PePatternScanner final @@ -17,6 +17,11 @@ namespace omath const std::string_view& pattern); [[nodiscard]] - static std::optional scan_for_pattern_in_file(const std::filesystem::path& path_to_file); + static std::optional scan_for_pattern_in_file(const std::filesystem::path& path_to_file, + const std::string_view& pattern); + + [[nodiscard]] + static std::optional> + extract_section_from_pe_file(const std::filesystem::path& path_to_file, const std::string_view& section_name); }; } // namespace omath \ No newline at end of file diff --git a/source/utility/pe_pattern_scan.cpp b/source/utility/pe_pattern_scan.cpp index a7bde5c..48ac6ef 100644 --- a/source/utility/pe_pattern_scan.cpp +++ b/source/utility/pe_pattern_scan.cpp @@ -3,8 +3,10 @@ // #include "omath/utility/pe_pattern_scan.hpp" #include "omath/utility/pattern_scan.hpp" +#include #include #include + #ifdef _WIN32 #include #endif @@ -41,7 +43,65 @@ namespace omath throw std::runtime_error("Pattern scan for loaded modules is only for windows platform"); #endif } - std::optional PePatternScanner::scan_for_pattern_in_file(const std::filesystem::path& path_to_file) + std::optional PePatternScanner::scan_for_pattern_in_file(const std::filesystem::path& path_to_file, + const std::string_view& pattern) { + const auto pe_section = extract_section_from_pe_file(path_to_file, ".text"); + + if (!pe_section.has_value()) + return std::nullopt; + + const auto scan_result = PatternScanner::scan_for_pattern(pe_section->cbegin(), pe_section->cend(), pattern); + + if (scan_result == pe_section->cend()) + return std::nullopt; + + return std::distance(pe_section->begin(), pe_section->end()); + } + std::optional> + PePatternScanner::extract_section_from_pe_file(const std::filesystem::path& path_to_file, + const std::string_view& section_name) + { + std::ifstream file(path_to_file, std::ios::binary); + + if (!file.is_open()) [[unlikely]] + return std::nullopt; + + IMAGE_DOS_HEADER dos_header{}; + file.read(reinterpret_cast(&dos_header), sizeof(dos_header)); + + if (dos_header.e_magic != 0x5A4D) [[unlikely]] + return std::nullopt; + + file.seekg(dos_header.e_lfanew, std::ios::beg); + + IMAGE_NT_HEADERS32 nt_headers{}; + file.read(reinterpret_cast(&nt_headers), sizeof(nt_headers)); + + if (nt_headers.Signature != 0x00004550) [[unlikely]] + return std::nullopt; + + constexpr size_t size_of_signature = 4; + const auto offset_to_segment_table = dos_header.e_lfanew + nt_headers.FileHeader.SizeOfOptionalHeader + + sizeof(IMAGE_FILE_HEADER) + size_of_signature; + + file.seekg(offset_to_segment_table, std::ios::beg); + + for (size_t i = 0; i < nt_headers.FileHeader.NumberOfSections; i++) + { + IMAGE_SECTION_HEADER current_section{}; + file.read(reinterpret_cast(¤t_section), sizeof(IMAGE_SECTION_HEADER)); + + if (std::string_view(reinterpret_cast(current_section.Name)) != section_name) + continue; + + std::vector section_data(current_section.SizeOfRawData); + + file.seekg(current_section.PointerToRawData, std::ios::beg); + file.read(reinterpret_cast(section_data.data()), section_data.size()); + + return section_data; + } + return std::nullopt; } } // namespace omath \ No newline at end of file From 007340edaa962c89b5e5342f74a98eece5d9026a Mon Sep 17 00:00:00 2001 From: Orange Date: Tue, 7 Oct 2025 11:19:43 +0300 Subject: [PATCH 08/18] Adds PE file header definitions Defines `DosHeader` and `FileHeader` structures to represent PE file header information. Includes definitions for `MachineId` enum and `FileCharacteristics` union. These definitions are prerequisite for PE file parsing and analysis. --- include/omath/system/pe/dos_header.hpp | 32 ++++++++++ include/omath/system/pe/file_header.hpp | 77 ++++++++++++++++++++++++ source/utility/pe_pattern_scan.cpp | 2 +- tests/general/unit_test_pattern_scan.cpp | 7 ++- 4 files changed, 115 insertions(+), 3 deletions(-) create mode 100644 include/omath/system/pe/dos_header.hpp create mode 100644 include/omath/system/pe/file_header.hpp diff --git a/include/omath/system/pe/dos_header.hpp b/include/omath/system/pe/dos_header.hpp new file mode 100644 index 0000000..b4f370d --- /dev/null +++ b/include/omath/system/pe/dos_header.hpp @@ -0,0 +1,32 @@ +// +// Created by Vlad on 10/7/2025. +// + +#pragma once +#include + +namespace omath::system::pe +{ + struct DosHeader + { + std::uint16_t e_magic; + std::uint16_t e_cblp; + std::uint16_t e_cp; + std::uint16_t e_crlc; + std::uint16_t e_cparhdr; + std::uint16_t e_minalloc; + std::uint16_t e_maxalloc; + std::uint16_t e_ss; + std::uint16_t e_sp; + std::uint16_t e_csum; + std::uint16_t e_ip; + std::uint16_t e_cs; + std::uint16_t e_lfarlc; + std::uint16_t e_ovno; + std::uint16_t e_res[4]; + std::uint16_t e_oemid; + std::uint16_t e_oeminfo; + std::uint16_t e_res2[10]; + std::uint32_t e_lfanew; + }; +} \ No newline at end of file diff --git a/include/omath/system/pe/file_header.hpp b/include/omath/system/pe/file_header.hpp new file mode 100644 index 0000000..a07f965 --- /dev/null +++ b/include/omath/system/pe/file_header.hpp @@ -0,0 +1,77 @@ +// +// Created by Vlad on 10/7/2025. +// + +#pragma once +#include + +enum class MachineId : std::uint16_t +{ + UNKNOWN = 0x0000, + TARGET_HOST = 0x0001, // Useful for indicating we want to interact with the host and not a WoW guest. + I386 = 0x014C, // Intel 386. + R3000 = 0x0162, // MIPS little-endian, 0x160 big-endian + R4000 = 0x0166, // MIPS little-endian + R10000 = 0x0168, // MIPS little-endian + WCEMIPSV2 = 0x0169, // MIPS little-endian WCE v2 + ALPHA = 0x0184, // Alpha_AXP + SH3 = 0x01A2, // SH3 little-endian + SH3DSP = 0x01A3, + SH3E = 0x01A4, // SH3E little-endian + SH4 = 0x01A6, // SH4 little-endian + SH5 = 0x01A8, // SH5 + ARM = 0x01C0, // ARM Little-Endian + THUMB = 0x01C2, // ARM Thumb/Thumb-2 Little-Endian + ARMNT = 0x01C4, // ARM Thumb-2 Little-Endian + AM33 = 0x01D3, + POWERPC = 0x01F0, // IBM PowerPC Little-Endian + POWERPCP = 0x01F1, + IA64 = 0x0200, // Intel 64 + MIPS16 = 0x0266, // MIPS + ALPHA64 = 0x0284, // ALPHA64 + MIPSFPU = 0x0366, // MIPS + MIPSFPU16 = 0x0466, // MIPS + AXP64 = 0x0284, + TRICORE = 0x0520, // Infineon + CEF = 0x0CEF, + EBC = 0x0EBC, // EFI Byte Code + AMD64 = 0x8664, // AMD64 (K8) + M32R = 0x9041, // M32R little-endian + ARM64 = 0xAA64, // ARM64 Little-Endian + CEE = 0xC0EE, +}; + +union FileCharacteristics +{ + std::uint16_t flags; + struct + { + std::uint16_t relocs_stripped : 1; // Relocation info stripped from file. + std::uint16_t executable : 1; // File is executable (i.e. no unresolved external references). + std::uint16_t lines_stripped : 1; // Line nunbers stripped from file. + std::uint16_t local_symbols_stripped : 1; // Local symbols stripped from file. + std::uint16_t aggressive_ws_trim : 1; // Aggressively trim working set + std::uint16_t large_address_aware : 1; // App can handle >2gb addresses + std::uint16_t _pad0 : 1; + std::uint16_t bytes_reversed_lo : 1; // Bytes of machine word are reversed. + std::uint16_t machine_32 : 1; // 32 bit word machine. + std::uint16_t debug_stripped : 1; // Debugging info stripped from file in .DBG file + std::uint16_t runnable_from_swap : 1; // If Image is on removable media, copy and run from the swap file. + std::uint16_t net_run_from_swap : 1; // If Image is on Net, copy and run from the swap file. + std::uint16_t system_file : 1; // System File. + std::uint16_t dll_file : 1; // File is a DLL. + std::uint16_t up_system_only : 1; // File should only be run on a UP machine + std::uint16_t bytes_reversed_hi : 1; // Bytes of machine word are reversed. + }; +}; + +struct FileHeader +{ + MachineId machine; + uint16_t num_sections; + uint32_t timedate_stamp; + uint32_t ptr_symbols; + uint32_t num_symbols; + uint16_t size_optional_header; + FileCharacteristics characteristics; +}; \ No newline at end of file diff --git a/source/utility/pe_pattern_scan.cpp b/source/utility/pe_pattern_scan.cpp index 48ac6ef..f9d62e9 100644 --- a/source/utility/pe_pattern_scan.cpp +++ b/source/utility/pe_pattern_scan.cpp @@ -62,7 +62,7 @@ namespace omath PePatternScanner::extract_section_from_pe_file(const std::filesystem::path& path_to_file, const std::string_view& section_name) { - std::ifstream file(path_to_file, std::ios::binary); + std::fstream file(path_to_file, std::ios::binary | std::ios::in); if (!file.is_open()) [[unlikely]] return std::nullopt; diff --git a/tests/general/unit_test_pattern_scan.cpp b/tests/general/unit_test_pattern_scan.cpp index d0da462..248ab88 100644 --- a/tests/general/unit_test_pattern_scan.cpp +++ b/tests/general/unit_test_pattern_scan.cpp @@ -1,11 +1,11 @@ // // Created by Vlad on 10/4/2025. // +#include "omath/utility/pe_pattern_scan.hpp" #include "gtest/gtest.h" #include #include - TEST(unit_test_pattern_scan, read_test) { const auto result = omath::PatternScanner::parse_pattern("FF ? ?? E9"); @@ -49,6 +49,9 @@ TEST(unit_test_pattern_scan, corner_case_3) TEST(unit_test_pattern_scan, corner_case_4) { const auto result = omath::PatternScanner::parse_pattern("X ? ?? E9 "); - + const auto result2 = omath::PePatternScanner::scan_for_pattern_in_file( + std::filesystem::path{ + "C:\\Users\\Vlad\\CLionProjects\\l4bhop\\cmake-build\\build\\windows-release\\l4bhop.dll"}, + "4C 8B D1 B8 ? ? ? ? F6 04 25 ? ? ? ? ? 75 ? 0F 05 C3"); EXPECT_FALSE(result.has_value()); } \ No newline at end of file From 63debc635e0dbd6c587d062ae926d61328903e39 Mon Sep 17 00:00:00 2001 From: Orange Date: Wed, 8 Oct 2025 07:26:23 +0300 Subject: [PATCH 09/18] fixed for mac improved readability --- .idea/editor.xml | 4 ++-- include/omath/utility/pattern_scan.hpp | 4 ++-- include/omath/utility/pe_pattern_scan.hpp | 2 ++ source/utility/pattern_scan.cpp | 25 +++++++++++++++++++---- source/utility/pe_pattern_scan.cpp | 12 +++++++---- tests/general/unit_test_pattern_scan.cpp | 7 ++----- 6 files changed, 37 insertions(+), 17 deletions(-) diff --git a/.idea/editor.xml b/.idea/editor.xml index 373c50f..fde5348 100644 --- a/.idea/editor.xml +++ b/.idea/editor.xml @@ -201,7 +201,7 @@