LunaHook-mirror/LunaHook/engine64/KiriKiri.cpp

#include"KiriKiri.h"
bool InsertKiriKiriZHook()
	{
		
		/*
		* Sample games:
		* RJ351843
		*/
		const BYTE bytes[] = {
			0xCC,                                                // int 3 
			0x4C, 0x89, 0x44, 0x24, 0x18,                        // mov [rsp+18],r8       <- hook here
			0x48, 0x89, 0x54, 0x24, 0x10,                        // mov [rsp+10],rdx
			0x53,                                                // push rbx
			0x56,                                                // push rsi
			0x57,                                                // push rdi
			0x41, 0x54,                                          // push r12
			0x41, 0x55,                                          // push r13
			0x41, 0x56,                                          // push r14
			0x41, 0x57,                                          // push r15
			0x48, 0x83, 0xEC, 0x40,                              // sub rsp,40
			0x48, 0xC7, 0x44, 0x24, 0x30, 0xFE, 0xFF, 0xFF, 0xFF // mov qword ptr [rsp+30],FFFFFFFFFFFFFFFE
		};

		ULONG64 range = min(processStopAddress - processStartAddress, X64_MAX_REL_ADDR);
		for (auto addr : Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE, processStartAddress, processStartAddress + range)) {
			HookParam hp;
			hp.address = addr + 1;
			hp.offset=get_reg(regs::rcx);
			hp.index = 0x18;
			hp.type = CODEC_UTF16 | DATA_INDIRECT; 
			return NewHook(hp, "KiriKiriZ");
		} 
		return false;
	}
bool Insertkrkrz64Hook()
{
  const BYTE BYTES[] = {
      0x41,0x0F,0xB7,0x44,0x24,0x04,
      0x89,0x43,0x20,
      0x41,0x0F,0xB7,0x44,0x24,0x06,
      0x89,0x43,0x24,
      0x41,0x0F,0xBF,0x44,0x24,0x0C,
      0x89,0x43,0x14
  };
  auto addrs = Util::SearchMemory(BYTES, sizeof(BYTES), PAGE_EXECUTE_READ, processStartAddress, processStopAddress);
  ConsoleOutput("%p %p", processStartAddress, processStopAddress);
  for (auto addr : addrs) {
    ConsoleOutput("krkrz64 %p", addr);
    const BYTE funcstart[] = { 0xcc,0xcc,0xcc,0xcc };
    addr = reverseFindBytes(funcstart, sizeof(funcstart), addr - 0x1000, addr);
    if (addr == 0)continue;
    addr += 4;
    HookParam hp;
    hp.address = addr;
    hp.type = CODEC_UTF16| DATA_INDIRECT;
    hp.offset=get_reg(regs::rcx);
    hp.index = 0x18;
    ConsoleOutput("krkrz64 %p %x", addr);
    return NewHook(hp, "krkrz64");
  }

  ConsoleOutput("krkrz64 failed");
  return false;
}
bool KiriKiri::attach_function() { 
  return Insertkrkrz64Hook()||InsertKiriKiriZHook();
}
Initial commit 2024-02-07 20:59:24 +08:00			`#include"KiriKiri.h"`
			`bool InsertKiriKiriZHook()`
			`{`

			`/*`
			`* Sample games:`
			`* RJ351843`
			`*/`
			`const BYTE bytes[] = {`
			`0xCC, // int 3`
			`0x4C, 0x89, 0x44, 0x24, 0x18, // mov [rsp+18],r8 <- hook here`
			`0x48, 0x89, 0x54, 0x24, 0x10, // mov [rsp+10],rdx`
			`0x53, // push rbx`
			`0x56, // push rsi`
			`0x57, // push rdi`
			`0x41, 0x54, // push r12`
			`0x41, 0x55, // push r13`
			`0x41, 0x56, // push r14`
			`0x41, 0x57, // push r15`
			`0x48, 0x83, 0xEC, 0x40, // sub rsp,40`
			`0x48, 0xC7, 0x44, 0x24, 0x30, 0xFE, 0xFF, 0xFF, 0xFF // mov qword ptr [rsp+30],FFFFFFFFFFFFFFFE`
			`};`

			`ULONG64 range = min(processStopAddress - processStartAddress, X64_MAX_REL_ADDR);`
			`for (auto addr : Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE, processStartAddress, processStartAddress + range)) {`
			`HookParam hp;`
			`hp.address = addr + 1;`
			`hp.offset=get_reg(regs::rcx);`
			`hp.index = 0x18;`
			`hp.type = CODEC_UTF16 \| DATA_INDIRECT;`
			`return NewHook(hp, "KiriKiriZ");`
			`}`
			`return false;`
			`}`
			`bool Insertkrkrz64Hook()`
			`{`
			`const BYTE BYTES[] = {`
			`0x41,0x0F,0xB7,0x44,0x24,0x04,`
			`0x89,0x43,0x20,`
			`0x41,0x0F,0xB7,0x44,0x24,0x06,`
			`0x89,0x43,0x24,`
			`0x41,0x0F,0xBF,0x44,0x24,0x0C,`
			`0x89,0x43,0x14`
			`};`
			`auto addrs = Util::SearchMemory(BYTES, sizeof(BYTES), PAGE_EXECUTE_READ, processStartAddress, processStopAddress);`
			`ConsoleOutput("%p %p", processStartAddress, processStopAddress);`
			`for (auto addr : addrs) {`
			`ConsoleOutput("krkrz64 %p", addr);`
			`const BYTE funcstart[] = { 0xcc,0xcc,0xcc,0xcc };`
			`addr = reverseFindBytes(funcstart, sizeof(funcstart), addr - 0x1000, addr);`
			`if (addr == 0)continue;`
			`addr += 4;`
			`HookParam hp;`
			`hp.address = addr;`
			`hp.type = CODEC_UTF16\| DATA_INDIRECT;`
			`hp.offset=get_reg(regs::rcx);`
			`hp.index = 0x18;`
			`ConsoleOutput("krkrz64 %p %x", addr);`
			`return NewHook(hp, "krkrz64");`
			`}`

			`ConsoleOutput("krkrz64 failed");`
			`return false;`
			`}`
			`bool KiriKiri::attach_function() {`
			`return Insertkrkrz64Hook()\|\|InsertKiriKiriZHook();`
			`}`