zen is a lightweight and efficient library designed to parse Windows Portable Executable (PE) and Common Object File Format (COFF) files.
It provides a set of functions that allow you to interact with the Windows API on Windows targets, without requiring the inclusion of the Windows.h header.
- Seamlessly parse both PE and COFF formats, including their headers, sections, and other structures
- Supports both little-endian and big-endian systems, ensuring compatibility across diverse platforms
- Provides the core functionality needed to work with the Windows API, without the complexity of the
Windows.hheader - Enables direct syscall access, offering low-level interaction with the Windows kernel
- Provides support for invoking 64-bit functions within a 32-bit process through the WOW64 Heaven's Gate mechanism
- A minimalistic approach to parsing and interacting with Windows binary formats, designed for simplicity and speed
Tip
The get_module_handle and get_proc_address functions can be used with ANSI or WIDE strings. Both functions are also supporting a 32-bit FNV-1a hash as name argument.
The windows.hpp file contains rebuilds of GetModuleHandle and GetProcAddress. With these you can obtain and call any Windows API.
Important
The get_module_handle function does not support the API Set Schema yet, work is in progress.
zen uses the BSD-3-Clause license. However, the following components are included with their respective licenses:
- The coff and nt directories were initially taken from linux-pe and are licensed under BSD-3-Clause
- The Heaven's Gate header and source files were initially taken from rewolf-wow64ext and are licensed under LGPL-3.0
- The 64-bit syscall assembly code was taken from Blackbone and is licensed under MIT.