Utility Module

enum class Register

Enum representing x86-64 general-purpose registers.

Values:

enumerator RAX
enumerator RBX
enumerator RCX
enumerator RDX
enumerator RSI
enumerator RDI
enumerator RBP
enumerator RSP
enumerator R8
enumerator R9
enumerator R10
enumerator R11
enumerator R12
enumerator R13
enumerator R14
enumerator R15
typedef int fd

A type definition for a file descriptor.

typedef fd pipefds[2]

A type definition for an array of two file descriptors for a pipe.

const char *register_names[]

An array of human-readable names for the Register enum values.

bool is_kaslr_base(uint64_t kbase_addr)

Checks if the provided address is a valid KASLR base address.

Parameters:

kbase_addr – The address to check.

Returns:

True if the address is a valid KASLR base, false otherwise.

uint64_t check_kaslr_base(uint64_t kbase_addr)

Checks if the provided address is a valid KASLR base address.

Parameters:

kbase_addr – The address to check.

Returns:

The checked KASLR base address if valid.

uint64_t check_heap_ptr(uint64_t heap_leak)

Checks if the provided address is a valid kernel heap pointer.

Parameters:

heap_leak – The address to check.

Returns:

The checked kernel heap pointer if valid.

std::string format_str(const char *format, va_list args)

Formats a string using a format string and va_list arguments.

Parameters:

  • format – The format string.

  • args – The va_list containing the arguments.

Returns:

The formatted string.

template<typename ...Args>
std::string format_str(const char *format, const Args&... args)

Formats a string using a format string and a variadic number of arguments.

Template Parameters:

Args – The types of the arguments.

Parameters:

  • format – The format string.

  • args – The arguments to format.

std::string str_concat(const std::string &delimiter, const std::vector<std::string> &strings)

Concatenates a vector of strings with a delimiter.

Parameters:

  • delimiter – The string to use as a delimiter.

  • strings – The vector of strings to concatenate.

void replace(std::string &str, const std::string &from, const std::string &to)

Replaces all occurrences of a substring within a string.

Parameters:

  • str – The string to perform replacements on.

  • from – The substring to replace.

  • to – The string to replace with.

void tolower(std::string &str)

Converts a string to lowercase in-place.

Parameters:

str – The string to convert.

std::vector<std::string> split(const std::string &str, const std::string &delimiter)

Splits a string by a delimiter.

Parameters:

  • str – The string to split.

  • delimiter – The delimiter to split by.

bool contains(const std::string &str, const std::string &pattern)

Checks if a string contains a specific pattern.

Parameters:

  • str – The string to search within.

  • pattern – The pattern to search for.

Returns:

True if the string contains the pattern, false otherwise.

bool startsWith(const std::string &str, const std::string &prefix)

Checks if a string starts with a specific prefix.

Parameters:

  • str – The string to check.

  • prefix – The prefix to check for.

Returns:

True if the string starts with the prefix, false otherwise.

struct ExpKitError : public std::runtime_error
#include <error.h>

Custom exception class for ExpKit-specific errors.

Public Functions

template<typename ...Args>
inline ExpKitError(const char *error_msg)

Constructs an ExpKitError with a single error message.

Parameters:

error_msg – The error message.

template<typename ...Args>
inline ExpKitError(const char *format, const Args&... args)

Constructs an ExpKitError with a formatted error message.

Template Parameters:

Args – The types of the arguments for the format string.

Parameters:

  • format – The format string.

  • args – The arguments for the format string.

struct errno_error : public std::system_error
#include <error.h>

Represents an error based on the current value of errno.

Public Functions

errno_error()

Constructs an errno_error with the current errno value.

errno_error(const char *__what)

Constructs an errno_error with the current errno value and an additional message.

Parameters:

__what – An additional message describing the error.

class HexDump
#include <HexDump.h>

Utility class for generating hexadecimal dumps of memory.

Public Static Functions

static void Dump(char *dst, const uint8_t *buf, int len)

Generates a hexadecimal dump of a memory buffer into a character array.

Note

The dst buf needs to be large enough to store all the data. 16 bytes are converted into: “00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FF | 0123456789ABCDEF\n” (70 bytes)

Parameters:

  • dst – The destination character array to write the dump to.

  • buf – The buffer containing the data to dump.

  • len – The number of bytes to dump.

static std::string Dump(const void *buf, int len)

Generates a hexadecimal dump of a memory buffer into a string.

Parameters:

  • buf – The buffer containing the data to dump.

  • len – The number of bytes to dump.

Returns:

A string containing the hexadecimal dump.

static std::string Dump(const std::vector<uint8_t> &data)

Generates a hexadecimal dump of a vector of bytes into a string.

Parameters:

data – The vector of bytes to dump.

Returns:

A string containing the hexadecimal dump.

static void Print(const void *buf, int len)

Prints a hexadecimal dump of a memory buffer to the standard output.

Parameters:

  • buf – The buffer containing the data to dump.

  • len – The number of bytes to dump.

static void Print(const std::vector<uint8_t> &data)

Prints a hexadecimal dump of a vector of bytes to the standard output.

Parameters:

data – The vector of bytes to dump.

class Syscalls
#include <Syscalls.h>

A wrapper class for common system calls with error checking.

Public Static Functions

static int open(const char *file, int oflag)

Wraps the open system call with error checking.

Parameters:

  • file – The path to the file.

  • oflag – The flags for opening the file.

Throws:

ExpKitError – if the system call fails.

Returns:

The file descriptor.

static void read(fd fd, void *buf, size_t n)

Wraps the read system call with error checking.

Parameters:

  • fd – The file descriptor to read from.

  • buf – The buffer to store the read data.

  • n – The number of bytes to read.

Throws:

ExpKitError – if the system call fails or reads an unexpected number of bytes.

static void write(fd fd, const void *buf, size_t n)

Wraps the write system call with error checking.

Parameters:

  • fd – The file descriptor to write to.

  • buf – The buffer containing the data to write.

  • n – The number of bytes to write.

Throws:

ExpKitError – if the system call fails or writes an unexpected number of bytes.

static int ioctl(int fd, unsigned long int request, void *arg)

Wraps the ioctl system call with error checking.

Parameters:

  • fd – The file descriptor.

  • request – The ioctl request.

  • arg – The argument for the ioctl request.

Throws:

ExpKitError – if the system call fails.

Returns:

The result of the ioctl system call.

static void close(fd fd)

Wraps the close system call with error checking.

Parameters:

fd – The file descriptor to close.

Throws:

ExpKitError – if the system call fails.

static void pipe(pipefds pipefds)

Wraps the pipe system call with error checking.

Parameters:

pipefds – An array to hold the file descriptors for the read and write ends of the pipe.

Throws:

ExpKitError – if the system call fails.

static struct stat stat(const char *path)

Wraps the stat() system call with error checking.

Parameters:

path – The path argument passed to the stat() syscall.

Throws:

ExpKitError – if the system call fails.

static void unshare(int flags)

Wraps the unshare() system call with error checking.

Parameters:

flags – The flags argument passed to the unshare() syscall.

Throws:

ExpKitError – if the system call fails.

static std::string readlink(const char *path, size_t bufsize = 256)

Wraps the readlink() system call with error checking.

Parameters:

  • path – The path argument passed to the unshare() syscall.

  • bufsize – Maximum expected size of the result path.

Throws:

ExpKitError – if the system call fails or if the bufsize was not big enough.

class BinaryReader
#include <BinaryReader.h>

A class for reading and parsing data from a binary buffer with offset tracking and structural awareness.

Subclassed by KxdbParser

Public Functions

uint64_t Uint(int size)

Reads an unsigned integer of a specified size.

Parameters:

size – The size of the unsigned integer to read (1, 2, 4, or 8 bytes).

Returns:

The unsigned integer value read from the buffer.

uint64_t EndOffset()

Returns the end offset of the current structure or the entire data if seeking is in progress.

Returns:

The end offset.

uint64_t RemainingBytes()

Returns the number of remaining bytes in the current structure or until the end of the data if seeking is in progress.

Returns:

The number of remaining bytes.

void SizeCheck(uint64_t len)

Checks if there are enough remaining bytes to read a specified length.

Parameters:

len – The length to check against the remaining bytes.

Throws:

ExpKitError – if there are not enough remaining bytes.

void Skip(uint64_t len)

Skip len amount of bytes.

Parameters:

len – The number of bytes to skip.

Throws:

ExpKitError – if there are not enough remaining bytes.

void SeekTo(uint64_t offset)

Seek to offset.

Parameters:

offset – The offset within the file to seek.

Throws:

ExpKitError – if the offset is out-of-bounds.

uint8_t *Read(uint16_t len)

Reads a block of raw bytes from the buffer.

Parameters:

len – The number of bytes to read.

Throws:

ExpKitError – if reading beyond the buffer limits.

Returns:

A pointer to the read bytes within the internal buffer.

uint8_t ReadU8()

Reads a single byte (uint8_t) from the buffer.

Returns:

The byte value.

uint16_t ReadU16()

Reads a 16-bit unsigned integer (uint16_t) from the buffer.

Returns:

The 16-bit unsigned integer value.

uint32_t ReadU32()

Reads a 32-bit unsigned integer (uint32_t) from the buffer.

Returns:

The 32-bit unsigned integer value.

uint64_t ReadU64()

Reads a 64-bit unsigned integer (uint64_t) from the buffer.

Returns:

The 64-bit unsigned integer value.

int64_t ReadInt(bool signed_ = true)

Reads a variable-length integer from the buffer.

Parameters:

signed_ – Whether the integer is signed. Defaults to true.

Returns:

The integer value.

uint64_t ReadUInt()

Reads a variable-length unsigned integer from the buffer.

Returns:

The unsigned integer value.

uint64_t SeekableListCount()

Reads the count of a seekable list and skips the seek list data.

Returns:

The number of items in the seekable list.

bool IsSeekingInProgress()

Checks if a seek operation is currently in progress.

Returns:

True if seeking is in progress, false otherwise.

void SeekToItem(uint64_t seeklist_offset, uint64_t item_idx)

Seeks to a specific item within a seekable list.

Parameters:

  • seeklist_offset – The offset of the seekable list.

  • item_idx – The index of the item to seek to.

Throws:

ExpKitError – if seeking is already in progress or the item index is out of bounds.

void EndSeek()

Ends a seek operation and returns to the original offset.

Throws:

ExpKitError – if no seek operation is in progress.

template<typename ...Args>
inline void DebugLog(const char *format, const Args&... args)

Logs a debug message with the current offset.

Template Parameters:

Args – The types of the arguments.

Parameters:

format – The format string for the log message.

bool BeginStruct(uint64_t struct_size)

Limits the reader to struct_size.

Parameters:

struct_size – The structure size in bytes.

Returns:

struct_size is not zero.

void EndStruct()

Ends parsing a structure. Jumps the offset to the end of the current structure.

Throws:

ExpKitError – if EndStruct() is called without a corresponding BeginStruct().

const char *ZStr(uint16_t len)

Reads a null-terminated string with a specified maximum length.

Parameters:

len – The maximum length of the string (excluding the null terminator).

Returns:

A pointer to the null-terminated string within the internal buffer.

const char *ZStr()

Reads a null-terminated string where the length is encoded as a variable-length unsigned integer before the string data.

Returns:

A pointer to the null-terminated string within the internal buffer.

BinaryReader(const uint8_t *buffer, size_t size)

Constructs a BinaryReader from a raw buffer.

Parameters:

  • buffer – A pointer to the raw data buffer.

  • size – The size of the buffer.

BinaryReader(const std::vector<uint8_t> data)

Constructs a BinaryReader from a vector of bytes.

Parameters:

data – The vector of bytes.

void SetLog(ILog *log)

Sets the logger for debug output.

Parameters:

log – The logger object.

Public Static Functions

static BinaryReader FromFile(const char *filename)

Creates a BinaryReader by reading data from a file.

Parameters:

filename – The path to the file.

Returns:

A BinaryReader instance with the file data.