addresses

Functions

UTIL_GetModuleHandle(module)

Retrieves the OS-specific module handle.

Parameters

module void* — Module identifier or pointer

UTIL_GetModuleBase(module)

Gets the base address of a module.

Parameters

module void* — Module identifier

UTIL_FindPattern(module, pattern)

Finds a byte pattern in a module.

Parameters

module void* — Module to scan
pattern const char* — Pattern string (IDA-style, e.g. "48 8B ?? ?? ??")

UTIL_FindPatternInSection(module, section, pattern)

Finds a byte pattern in a specific section of a module.

Parameters

module void* — Module to scan
section const char* — Section name (e.g. ".text", ".data")
pattern const char* — Pattern string

UTIL_GetFunctionByName(module, symbol)

Resolves a function by exported symbol name.

Parameters

module void* — Module to search
symbol const char* — Symbol name

UTIL_GetVirtualTableByName(module, name)

Retrieves a virtual table by class name.

Parameters

module void* — Module to search
name const char* — Class name

UTIL_Offset(address, offset)

Applies an offset to an address.

Parameters

address uintptr_t — Base address
offset ptrdiff_t — Offset to apply

UTIL_OffsetSelf(address, offset)

Applies an offset directly to a variable.

Parameters

address uintptr_t& — Reference to address
offset ptrdiff_t — Offset to apply

UTIL_Deref(address, count)

Dereferences a pointer multiple times.

Parameters

address uintptr_t — Starting address
count int — Number of dereferences

UTIL_DerefSelf(address, count)

Dereferences a pointer in-place.

Parameters

address uintptr_t& — Reference to address
count int — Number of dereferences

UTIL_ResolveRelativeAddress(address, offset, size)

Resolves a relative address (RIP-relative).

Parameters

address uintptr_t — Instruction address
offset ptrdiff_t — Offset to relative value
size ptrdiff_t — Size of instruction (default = 4 bytes)

UTIL_FollowNearCall(address, offset, size)

Follows a near CALL instruction to its destination.

Parameters

address uintptr_t — Address of CALL instruction
offset ptrdiff_t — Offset to relative operand
size ptrdiff_t — Instruction size (default = 5 bytes)

Addresses

addresses

Functions

UTIL_GetModuleHandle(module)

UTIL_GetModuleBase(module)

UTIL_FindPattern(module, pattern)

UTIL_FindPatternInSection(module, section, pattern)

UTIL_GetFunctionByName(module, symbol)

UTIL_GetVirtualTableByName(module, name)

UTIL_Offset(address, offset)

UTIL_OffsetSelf(address, offset)

UTIL_Deref(address, count)

UTIL_DerefSelf(address, count)

UTIL_ResolveRelativeAddress(address, offset, size)

UTIL_FollowNearCall(address, offset, size)

On this page