SingerBallad/Mortis

# Mortis 现代化的 C++23 跨平台 Hook 和逆向工程库。 提供 Inline hook、Import hook、内存补丁、特征码扫描和进程内省 —— 零样板代码的类型安全、RAII 资源管理、基于 `std::expected` 的错误处理。 **平台：** Windows / Linux  ×  x64 / ARM64 ## 开始使用 ### 前置条件 - C++23 编译器 (MSVC 19.36+, Clang 17+, GCC 13+) - CMake 3.20+ 所有依赖项均通过 CMake `FetchContent` 自动获取： | 依赖项 | 版本 | 用途 | |------------|---------|---------| | [Capstone](https://github.com/capstone-engine/capstone) | v6 | 反汇编引擎 | | [libhat](https://github.com/BasedInc/libhat) | v0.9.0 | 优化的特征码扫描 | | [Google Test](https://github.com/google/googletest) | v1.15.2 | 单元测试（可选） | ### 构建 ``` cmake -B build -DCMAKE_BUILD_TYPE=Release cmake --build build ``` | CMake 选项 | 默认值 | 描述 | |---------------------------|---------|---------------------------| | `MORTIS_BUILD_TESTS` | `ON` | 构建单元测试 | | `MORTIS_ENABLE_SANITIZERS`| `OFF` | 启用 ASan + UBSan | ### 添加到你的项目 **CMake FetchContent（推荐）：** ``` include(FetchContent) FetchContent_Declare( Mortis GIT_REPOSITORY https://github.com/QwQNT/Mortis.git GIT_TAG main ) FetchContent_MakeAvailable(Mortis) target_link_libraries(YourTarget PRIVATE Mortis) ``` **Umbrella header —— 只需包含一次，即可使用完整 API：** ``` #include using namespace Mortis; ``` ## 用法 ### Inline Hook —— Lambda 函数签名将**自动从** lambda **推导**。无需手动指定模板参数。 ``` int Add(int a, int b) { return a + b; } auto hook = InlineHook::Create(&Add, [](auto& original, int a, int b) -> int { return original(a, b) * 2; // call original, double the result }); // Add(3, 4) now returns 14 // RAII — hook removed when `hook` goes out of scope ``` ### Inline Hook —— 函数指针 ``` int HookedAdd(OriginalFunction& original, int a, int b) { return original(a, b) + 100; } auto hook = InlineHook::Create(&Add, &HookedAdd); ``` ### Inline Hook —— 成员函数 Detour 接收的参数格式为 `(original, this_ptr, args...)`： ``` auto hook = InlineHook::CreateMember<&Player::TakeDamage>( [](auto& original, Player* self, int damage) -> int { return original(self, 1); // god mode } ); ``` ### Inline Hook —— 原始地址 适用于通过特征码扫描或手动分析获取的地址： ``` Address addr = scanner.FindFirst("", "48 89 5C 24 08")->value(); auto hook = InlineHook::Create(addr, [](auto& original, int a, int b) -> int { return original(a, b); }); ``` ### Import Hook (IAT / GOT) ``` auto hook = ImportHook::Create( "", // empty = main executable "kernel32.dll", "GetCurrentProcessId", [](auto& original) -> DWORD { return original() + 1000; } ); ``` ### 内存补丁 ``` auto patch = MemoryPatch::Create(address, {0x90, 0x90, 0x90}); patch->Restore(); // original bytes restored patch->Apply(); // re-apply auto nops = MemoryPatch::CreateNop(address, 16); // platform-aware NOP fill // destructor restores original bytes automatically ``` ### 作用域内存保护 ``` { auto guard = ScopedProtect::Create(addr, size, MemoryProtection::ReadWriteExec); Process::Write(addr, 0xCC); } // protection automatically restored ``` ### 内存扫描器 支持 `?` 通配符的 IDA 风格特征码扫描： ``` auto results = MemoryScanner::FindPattern("", "48 8B ? CC ?? 00"); auto first = MemoryScanner::FindFirst("game.dll", "E8 ? ? ? ? 48 8D"); auto info = MemoryScanner::GetModuleInfo("game.dll"); ``` ### 进程内省 ``` auto& proc = Process::Self(); auto mod = proc.FindModule("ntdll"); mod->Base(); mod->Size(); mod->FindExport("RtlAllocateHeap"); mod->FindSection(".text"); mod->EnumerateExports(); ``` ### Pointer ``` Pointer ptr(some_address); ptr.Read(); ptr.Write(42); ptr.Add(0x10).Deref(); ptr.Deref({0x20, 0x08, 0x00}); // multi-level pointer chain ptr.IsReadable(); ``` ### Result\ 基于 `std::expected` 构建： ``` auto result = InlineHook::Create(&Add, detour); if (result) { auto& hook = result.Value(); } if (!result) { ErrorCode code = result.Code(); std::string msg = result.Error(); } // Monadic chaining result.and_then([](auto& hook) { return hook.Disable(); }) .or_else([](auto& err) { log(err.message); }); ``` ## 项目结构 ``` Mortis/ ├── include/Mortis/ # Public API headers │ ├── Mortis.hpp # Umbrella header │ ├── Config.hpp # Platform/arch detection │ ├── Result.hpp # std::expected-based Result │ ├── Process.hpp # Process, Module, Pointer, ScopedProtect, MemoryPatch │ ├── InlineHook.hpp # InlineHook │ ├── ImportHook.hpp # ImportHook │ ├── MemoryScanner.hpp # Pattern scanning │ └── Detail/ # Internal implementation details ├── src/ │ ├── Core/ # Platform-neutral core logic │ ├── Hook/ # Hook backend (Capstone-based) │ ├── Arch/{X64,ARM64}/ # Architecture-specific relocators │ └── Platform/{Win32,Linux}/ # OS-specific implementations ├── tests/ # Google Test suite └── CMakeLists.txt ``` ## 许可证 本项目基于 [MIT 许可证](LICENSE) 授权。

标签：Bash脚本, C++库, 云资产清单, 内存操作, 字典生成, 逆向工程