From d458abbd3f97f9b09f92a67d0b19aa96aa383eae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=81=8D=E5=85=AE=E6=83=9A=E5=85=AE?= <101191390+HIllya51@users.noreply.github.com> Date: Wed, 7 Feb 2024 20:59:24 +0800 Subject: [PATCH] Initial commit --- .gitattributes | 17 + .gitignore | 7 + CMakeLists.txt | 39 + LICENSE | 674 +++ Lang/Lang.h | 2 + Lang/en.h | 54 + LunaHook/CMakeLists.txt | 35 + LunaHook/NoEngine.h | 138 + LunaHook/embed_util.cc | 233 + LunaHook/embed_util.h | 27 + LunaHook/engine.h | 48 + LunaHook/engine32/5pb.cpp | 613 +++ LunaHook/engine32/5pb.h | 23 + LunaHook/engine32/AB2Try.cpp | 82 + LunaHook/engine32/AB2Try.h | 11 + LunaHook/engine32/ACTGS.cpp | 25 + LunaHook/engine32/ACTGS.h | 11 + LunaHook/engine32/AGS.cpp | 90 + LunaHook/engine32/AGS.h | 12 + LunaHook/engine32/AIL2.cpp | 58 + LunaHook/engine32/AIL2.h | 11 + LunaHook/engine32/AOS.cpp | 279 ++ LunaHook/engine32/AOS.h | 11 + LunaHook/engine32/AXL.cpp | 46 + LunaHook/engine32/AXL.h | 12 + LunaHook/engine32/Abalone.cpp | 21 + LunaHook/engine32/Abalone.h | 12 + LunaHook/engine32/Abel.cpp | 424 ++ LunaHook/engine32/Abel.h | 54 + LunaHook/engine32/AdobeAir.cpp | 184 + LunaHook/engine32/AdobeAir.h | 13 + LunaHook/engine32/AdobeFlash10.cpp | 286 ++ LunaHook/engine32/AdobeFlash10.h | 11 + LunaHook/engine32/Ages3ResT.cpp | 38 + LunaHook/engine32/Ages3ResT.h | 11 + LunaHook/engine32/Alice.cpp | 104 + LunaHook/engine32/Alice.h | 10 + LunaHook/engine32/Anex86.cpp | 100 + LunaHook/engine32/Anex86.h | 14 + LunaHook/engine32/Anim.cpp | 107 + LunaHook/engine32/Anim.h | 12 + LunaHook/engine32/Anisetta.cpp | 23 + LunaHook/engine32/Anisetta.h | 12 + LunaHook/engine32/ApricoT.cpp | 147 + LunaHook/engine32/ApricoT.h | 21 + LunaHook/engine32/Artemis.cpp | 250 ++ LunaHook/engine32/Artemis.h | 11 + LunaHook/engine32/Atelier.cpp | 248 ++ LunaHook/engine32/Atelier.h | 24 + LunaHook/engine32/BGI.cpp | 1542 +++++++ LunaHook/engine32/BGI.h | 11 + LunaHook/engine32/BKEngine.cpp | 59 + LunaHook/engine32/BKEngine.h | 11 + LunaHook/engine32/Bishop.cpp | 67 + LunaHook/engine32/Bishop.h | 24 + LunaHook/engine32/Bootup.cpp | 259 ++ LunaHook/engine32/Bootup.h | 13 + LunaHook/engine32/Bruns.cpp | 80 + LunaHook/engine32/Bruns.h | 29 + LunaHook/engine32/C4.cpp | 29 + LunaHook/engine32/C4.h | 11 + LunaHook/engine32/CMVS.cpp | 1527 +++++++ LunaHook/engine32/CMVS.h | 18 + LunaHook/engine32/Candy.cpp | 215 + LunaHook/engine32/Candy.h | 24 + LunaHook/engine32/CaramelBox.cpp | 123 + LunaHook/engine32/CaramelBox.h | 36 + LunaHook/engine32/CatSystem.cpp | 799 ++++ LunaHook/engine32/CatSystem.h | 12 + LunaHook/engine32/Ciel.cpp | 49 + LunaHook/engine32/Ciel.h | 11 + LunaHook/engine32/Circus1.cpp | 45 + LunaHook/engine32/Circus1.h | 11 + LunaHook/engine32/Circus2.cpp | 401 ++ LunaHook/engine32/Circus2.h | 11 + LunaHook/engine32/CodeX.cpp | 79 + LunaHook/engine32/CodeX.h | 12 + LunaHook/engine32/Cotopha.cpp | 667 +++ LunaHook/engine32/Cotopha.h | 11 + LunaHook/engine32/Debonosu.cpp | 176 + LunaHook/engine32/Debonosu.h | 16 + LunaHook/engine32/DxLib.cpp | 50 + LunaHook/engine32/DxLib.h | 12 + LunaHook/engine32/EME.cpp | 41 + LunaHook/engine32/EME.h | 11 + LunaHook/engine32/Eagls.cpp | 31 + LunaHook/engine32/Eagls.h | 11 + LunaHook/engine32/Elf.cpp | 404 ++ LunaHook/engine32/Elf.h | 23 + LunaHook/engine32/EntisGLS.cpp | 32 + LunaHook/engine32/EntisGLS.h | 12 + LunaHook/engine32/Escude.cpp | 265 ++ LunaHook/engine32/Escude.h | 11 + LunaHook/engine32/Eushully.cpp | 522 +++ LunaHook/engine32/Eushully.h | 11 + LunaHook/engine32/Exp.cpp | 229 + LunaHook/engine32/Exp.h | 11 + LunaHook/engine32/FVP.cpp | 533 +++ LunaHook/engine32/FVP.h | 11 + LunaHook/engine32/FocasLens.cpp | 147 + LunaHook/engine32/FocasLens.h | 11 + LunaHook/engine32/Footy2.cpp | 27 + LunaHook/engine32/Footy2.h | 12 + LunaHook/engine32/GXP.cpp | 636 +++ LunaHook/engine32/GXP.h | 11 + LunaHook/engine32/GameMaker.cpp | 46 + LunaHook/engine32/GameMaker.h | 12 + LunaHook/engine32/Giga.cpp | 24 + LunaHook/engine32/Giga.h | 11 + LunaHook/engine32/HXP.cpp | 17 + LunaHook/engine32/HXP.h | 11 + LunaHook/engine32/HorkEye.cpp | 395 ++ LunaHook/engine32/HorkEye.h | 12 + LunaHook/engine32/IGScript.cpp | 172 + LunaHook/engine32/IGScript.h | 14 + LunaHook/engine32/Interheart.cpp | 32 + LunaHook/engine32/Interheart.h | 12 + LunaHook/engine32/Interlude.cpp | 26 + LunaHook/engine32/Interlude.h | 12 + LunaHook/engine32/IronGameSystem.cpp | 41 + LunaHook/engine32/IronGameSystem.h | 14 + LunaHook/engine32/Jellyfish.cpp | 41 + LunaHook/engine32/Jellyfish.h | 12 + LunaHook/engine32/Jisatu101.cpp | 27 + LunaHook/engine32/Jisatu101.h | 12 + LunaHook/engine32/KISS.cpp | 38 + LunaHook/engine32/KISS.h | 12 + LunaHook/engine32/KiriKiri.cpp | 1567 +++++++ LunaHook/engine32/KiriKiri.h | 13 + LunaHook/engine32/LCScript.cpp | 1023 +++++ LunaHook/engine32/LCScript.h | 16 + LunaHook/engine32/Leaf.cpp | 648 +++ LunaHook/engine32/Leaf.h | 13 + LunaHook/engine32/Lightvn.cpp | 85 + LunaHook/engine32/Lightvn.h | 13 + LunaHook/engine32/Live.cpp | 50 + LunaHook/engine32/Live.h | 11 + LunaHook/engine32/LovaGame.cpp | 70 + LunaHook/engine32/LovaGame.h | 11 + LunaHook/engine32/LunaSoft.cpp | 550 +++ LunaHook/engine32/LunaSoft.h | 11 + LunaHook/engine32/MBLMED.cpp | 61 + LunaHook/engine32/MBLMED.h | 11 + LunaHook/engine32/Majiro.cpp | 307 ++ LunaHook/engine32/Majiro.h | 11 + LunaHook/engine32/Malie.cpp | 1661 ++++++++ LunaHook/engine32/Malie.h | 11 + LunaHook/engine32/MarineHeart.cpp | 127 + LunaHook/engine32/MarineHeart.h | 14 + LunaHook/engine32/Mink.cpp | 219 + LunaHook/engine32/Mink.h | 22 + LunaHook/engine32/Minori.cpp | 698 +++ LunaHook/engine32/Minori.h | 12 + LunaHook/engine32/NNNConfig.cpp | 36 + LunaHook/engine32/NNNConfig.h | 12 + LunaHook/engine32/NeXAS.cpp | 302 ++ LunaHook/engine32/NeXAS.h | 15 + LunaHook/engine32/Nekopack.cpp | 60 + LunaHook/engine32/Nekopack.h | 12 + LunaHook/engine32/Nexton.cpp | 1024 +++++ LunaHook/engine32/Nexton.h | 32 + LunaHook/engine32/Nijyuei.cpp | 23 + LunaHook/engine32/Nijyuei.h | 11 + LunaHook/engine32/Nitroplus.cpp | 101 + LunaHook/engine32/Nitroplus.h | 23 + LunaHook/engine32/Nitroplus2.cpp | 473 +++ LunaHook/engine32/Nitroplus2.h | 12 + LunaHook/engine32/ONScripterru.cpp | 142 + LunaHook/engine32/ONScripterru.h | 11 + LunaHook/engine32/OVERDRIVE.cpp | 27 + LunaHook/engine32/OVERDRIVE.h | 11 + LunaHook/engine32/Ohgetsu.cpp | 183 + LunaHook/engine32/Ohgetsu.h | 13 + LunaHook/engine32/Overflow.cpp | 99 + LunaHook/engine32/Overflow.h | 11 + LunaHook/engine32/PCSX2.cpp | 1045 +++++ LunaHook/engine32/PCSX2.h | 12 + LunaHook/engine32/PONScripter.cpp | 119 + LunaHook/engine32/PONScripter.h | 11 + LunaHook/engine32/PPSSPP.cpp | 3730 +++++++++++++++++ LunaHook/engine32/PPSSPP.h | 13 + LunaHook/engine32/Pal.cpp | 272 ++ LunaHook/engine32/Pal.h | 12 + LunaHook/engine32/Palette.cpp | 51 + LunaHook/engine32/Palette.h | 11 + LunaHook/engine32/Pensil.cpp | 933 +++++ LunaHook/engine32/Pensil.h | 24 + LunaHook/engine32/Purple.cpp | 39 + LunaHook/engine32/Purple.h | 24 + LunaHook/engine32/QLIE.cpp | 937 +++++ LunaHook/engine32/QLIE.h | 14 + LunaHook/engine32/RPGMakerRGSS3.cpp | 1413 +++++++ LunaHook/engine32/RPGMakerRGSS3.h | 12 + LunaHook/engine32/RRE.cpp | 39 + LunaHook/engine32/RRE.h | 11 + LunaHook/engine32/RUGP.cpp | 221 + LunaHook/engine32/RUGP.h | 14 + LunaHook/engine32/RUNE.cpp | 79 + LunaHook/engine32/RUNE.h | 12 + LunaHook/engine32/Reallive.cpp | 180 + LunaHook/engine32/Reallive.h | 33 + LunaHook/engine32/Regista.cpp | 51 + LunaHook/engine32/Regista.h | 12 + LunaHook/engine32/Rejet.cpp | 270 ++ LunaHook/engine32/Rejet.h | 11 + LunaHook/engine32/Renpy.cpp | 8 + LunaHook/engine32/Renpy.h | 14 + LunaHook/engine32/Retouch.cpp | 109 + LunaHook/engine32/Retouch.h | 11 + LunaHook/engine32/RpgmXP.cpp | 29 + LunaHook/engine32/RpgmXP.h | 12 + LunaHook/engine32/Ruf.cpp | 28 + LunaHook/engine32/Ruf.h | 11 + LunaHook/engine32/Ryokucha.cpp | 370 ++ LunaHook/engine32/Ryokucha.h | 48 + LunaHook/engine32/SRPGStudio.cpp | 16 + LunaHook/engine32/SRPGStudio.h | 11 + LunaHook/engine32/SYSD.cpp | 42 + LunaHook/engine32/SYSD.h | 12 + LunaHook/engine32/Sakuradog.cpp | 26 + LunaHook/engine32/Sakuradog.h | 12 + LunaHook/engine32/ScrPlayer.cpp | 30 + LunaHook/engine32/ScrPlayer.h | 11 + LunaHook/engine32/ShinaRio.cpp | 950 +++++ LunaHook/engine32/ShinaRio.h | 21 + LunaHook/engine32/ShinyDaysGame.cpp | 60 + LunaHook/engine32/ShinyDaysGame.h | 14 + LunaHook/engine32/SideB.cpp | 145 + LunaHook/engine32/SideB.h | 13 + LunaHook/engine32/Siglus.cpp | 1865 +++++++++ LunaHook/engine32/Siglus.h | 13 + LunaHook/engine32/Silkys.cpp | 450 ++ LunaHook/engine32/Silkys.h | 22 + LunaHook/engine32/Speed.cpp | 26 + LunaHook/engine32/Speed.h | 15 + LunaHook/engine32/Sprite.cpp | 34 + LunaHook/engine32/Sprite.h | 12 + LunaHook/engine32/Suika2.cpp | 37 + LunaHook/engine32/Suika2.h | 15 + LunaHook/engine32/System4x.cpp | 1806 ++++++++ LunaHook/engine32/System4x.h | 12 + LunaHook/engine32/SystemAoi.cpp | 790 ++++ LunaHook/engine32/SystemAoi.h | 12 + LunaHook/engine32/Syuntada.cpp | 201 + LunaHook/engine32/Syuntada.h | 14 + LunaHook/engine32/TSSystem.cpp | 22 + LunaHook/engine32/TSSystem.h | 14 + LunaHook/engine32/Tamamo.cpp | 356 ++ LunaHook/engine32/Tamamo.h | 15 + LunaHook/engine32/Tanuki.cpp | 70 + LunaHook/engine32/Tanuki.h | 21 + LunaHook/engine32/Tarte.cpp | 43 + LunaHook/engine32/Tarte.h | 12 + LunaHook/engine32/Taskforce2.cpp | 401 ++ LunaHook/engine32/Taskforce2.h | 13 + LunaHook/engine32/Tenco.cpp | 154 + LunaHook/engine32/Tenco.h | 11 + LunaHook/engine32/TerraLunar.cpp | 25 + LunaHook/engine32/TerraLunar.h | 11 + LunaHook/engine32/TinkerBell.cpp | 237 ++ LunaHook/engine32/TinkerBell.h | 45 + LunaHook/engine32/Tomato.cpp | 21 + LunaHook/engine32/Tomato.h | 12 + LunaHook/engine32/Triangle.cpp | 123 + LunaHook/engine32/Triangle.h | 41 + LunaHook/engine32/Troy.cpp | 24 + LunaHook/engine32/Troy.h | 12 + LunaHook/engine32/Unicorn.cpp | 858 ++++ LunaHook/engine32/Unicorn.h | 22 + LunaHook/engine32/UnisonShift.cpp | 22 + LunaHook/engine32/UnisonShift.h | 12 + LunaHook/engine32/UnisonShift2.cpp | 57 + LunaHook/engine32/UnisonShift2.h | 11 + LunaHook/engine32/Unknown.cpp | 30 + LunaHook/engine32/Unknown.h | 12 + LunaHook/engine32/V8.cpp | 112 + LunaHook/engine32/V8.h | 31 + LunaHook/engine32/VanillawareGC.cpp | 193 + LunaHook/engine32/VanillawareGC.h | 11 + LunaHook/engine32/VitaminSoft.cpp | 47 + LunaHook/engine32/VitaminSoft.h | 13 + LunaHook/engine32/Waffle.cpp | 600 +++ LunaHook/engine32/Waffle.h | 11 + LunaHook/engine32/WillPlus.cpp | 1699 ++++++++ LunaHook/engine32/WillPlus.h | 11 + LunaHook/engine32/Wolf.cpp | 828 ++++ LunaHook/engine32/Wolf.h | 11 + LunaHook/engine32/XUSE.cpp | 65 + LunaHook/engine32/XUSE.h | 12 + LunaHook/engine32/Xbangbang.cpp | 21 + LunaHook/engine32/Xbangbang.h | 12 + LunaHook/engine32/YukaSystem2.cpp | 238 ++ LunaHook/engine32/YukaSystem2.h | 11 + LunaHook/engine32/Yuris.cpp | 392 ++ LunaHook/engine32/Yuris.h | 16 + LunaHook/engine32/cef.cpp | 177 + LunaHook/engine32/cef.h | 14 + LunaHook/engine32/hibiki.cpp | 101 + LunaHook/engine32/hibiki.h | 12 + LunaHook/engine32/jukujojidai.cpp | 23 + LunaHook/engine32/jukujojidai.h | 12 + LunaHook/engine32/littlecheese.cpp | 21 + LunaHook/engine32/littlecheese.h | 12 + LunaHook/engine32/lua51.cpp | 16 + LunaHook/engine32/lua51.h | 13 + LunaHook/engine32/lucifen.cpp | 1023 +++++ LunaHook/engine32/lucifen.h | 11 + LunaHook/engine32/mono.cpp | 57 + LunaHook/engine32/mono.h | 10 + LunaHook/engine32/morning.cpp | 61 + LunaHook/engine32/morning.h | 12 + LunaHook/engine32/pchooks.cpp | 11 + LunaHook/engine32/pchooks.h | 11 + LunaHook/engine32/sakanagl.cpp | 20 + LunaHook/engine32/sakanagl.h | 14 + LunaHook/engine32/sakusesu.cpp | 44 + LunaHook/engine32/sakusesu.h | 13 + LunaHook/engine32/shyakunage.cpp | 17 + LunaHook/engine32/shyakunage.h | 12 + LunaHook/engine32/utawarerumono.cpp | 55 + LunaHook/engine32/utawarerumono.h | 12 + LunaHook/engine64/5pb.cpp | 10 + LunaHook/engine64/5pb.h | 13 + LunaHook/engine64/AGES7.cpp | 80 + LunaHook/engine64/AGES7.h | 12 + LunaHook/engine64/Artemis.cpp | 54 + LunaHook/engine64/Artemis.h | 11 + LunaHook/engine64/CMVS.cpp | 57 + LunaHook/engine64/CMVS.h | 18 + LunaHook/engine64/ENTERGRAM.cpp | 41 + LunaHook/engine64/ENTERGRAM.h | 15 + LunaHook/engine64/Godot.cpp | 64 + LunaHook/engine64/Godot.h | 11 + LunaHook/engine64/IG.cpp | 73 + LunaHook/engine64/IG.h | 13 + LunaHook/engine64/KiriKiri.cpp | 68 + LunaHook/engine64/KiriKiri.h | 15 + LunaHook/engine64/LightVN.cpp | 103 + LunaHook/engine64/LightVN.h | 13 + LunaHook/engine64/PPSSPP.cpp | 44 + LunaHook/engine64/PPSSPP.h | 12 + LunaHook/engine64/Renpy.cpp | 7 + LunaHook/engine64/Renpy.h | 14 + LunaHook/engine64/Suika2.cpp | 18 + LunaHook/engine64/Suika2.h | 11 + LunaHook/engine64/TYPEMOON.cpp | 25 + LunaHook/engine64/TYPEMOON.h | 13 + LunaHook/engine64/V8.cpp | 276 ++ LunaHook/engine64/V8.h | 11 + LunaHook/engine64/YOX.cpp | 21 + LunaHook/engine64/YOX.h | 13 + LunaHook/engine64/mono.cpp | 86 + LunaHook/engine64/mono.h | 10 + LunaHook/engine64/pchooks.cpp | 12 + LunaHook/engine64/pchooks.h | 11 + LunaHook/enginecollection32.cpp | 356 ++ LunaHook/enginecollection64.cpp | 42 + LunaHook/enginecontrol.cpp | 141 + LunaHook/engines/CMakeLists.txt | 4 + LunaHook/engines/mages/mages.hpp | 334 ++ LunaHook/engines/mono/il2cpp.hpp | 646 +++ LunaHook/engines/mono/monocommon.hpp | 308 ++ LunaHook/engines/mono/monofuncinfo.h | 70 + LunaHook/engines/mono/monoobject.h | 64 + LunaHook/engines/mono/monotype.h | 17 + LunaHook/engines/mono/types.h | 41 + LunaHook/engines/pchooks/pchooks.cpp | 317 ++ LunaHook/engines/pchooks/pchooks.h | 17 + LunaHook/engines/ppsspp/funcinfo.h | 105 + LunaHook/engines/ppsspp/psputils.hpp | 42 + LunaHook/engines/python/python.h | 4 + LunaHook/engines/python/python2.cpp | 136 + LunaHook/engines/python/python3.cpp | 195 + LunaHook/hijackfuns.cc | 634 +++ LunaHook/hijackfuns.h | 61 + LunaHook/hookfinder.cc | 340 ++ LunaHook/hookfinder.h | 6 + LunaHook/main.cc | 211 + LunaHook/main.h | 18 + LunaHook/resource.rc | 6 + .../resource/charset_Robotics_Notes_Dash.txt | 1 + .../resource/charset_Robotics_Notes_Elite.txt | 1 + LunaHook/resource/charset_default.txt | 1 + .../compound_chars_Robotics_Notes_Dash.txt | 4 + .../compound_chars_Robotics_Notes_Elite.txt | 4 + LunaHook/resource/compound_chars_default.txt | 24 + LunaHook/stackoffset.hpp | 84 + LunaHook/texthook.cc | 380 ++ LunaHook/util/CMakeLists.txt | 18 + LunaHook/util/cpputil/cppcstring.h | 111 + LunaHook/util/disasm/disasm.cc | 265 ++ LunaHook/util/disasm/disasm.h | 32 + LunaHook/util/dyncodec/dynsjis.cc | 40 + LunaHook/util/dyncodec/dynsjis.h | 28 + LunaHook/util/dyncodec/dynsjiscodec.cc | 262 ++ LunaHook/util/dyncodec/dynsjiscodec.h | 59 + LunaHook/util/ithsys/ithsys.cc | 68 + LunaHook/util/ithsys/ithsys.h | 20 + LunaHook/util/memdbg/memdbg.h | 25 + LunaHook/util/memdbg/memsearch.cc | 646 +++ LunaHook/util/memdbg/memsearch.h | 208 + LunaHook/util/ntxpundef.h | 19 + LunaHook/util/stringfilters.cpp | 186 + LunaHook/util/stringfilters.h | 34 + LunaHook/util/textunion.h | 55 + LunaHook/util/util.cc | 581 +++ LunaHook/util/util.h | 79 + LunaHost/CMakeLists.txt | 19 + LunaHost/GUI/CMakeLists.txt | 5 + LunaHost/GUI/LunaHost.cpp | 173 + LunaHost/GUI/LunaHost.h | 27 + LunaHost/GUI/controls.cpp | 85 + LunaHost/GUI/controls.h | 53 + LunaHost/GUI/luna.ico | Bin 0 -> 195962 bytes LunaHost/GUI/luna.rc | 1 + LunaHost/GUI/main.cpp | 10 + LunaHost/GUI/processlistwindow.cpp | 92 + LunaHost/GUI/processlistwindow.h | 18 + LunaHost/GUI/window.cpp | 145 + LunaHost/GUI/window.h | 27 + LunaHost/LunaHostCLI.cpp | 111 + LunaHost/LunaHostDll.cpp | 208 + LunaHost/host.cpp | 355 ++ LunaHost/host.h | 32 + LunaHost/textthread.cpp | 118 + LunaHost/textthread.h | 43 + include/CMakeLists.txt | 4 + include/common.cpp | 0 include/common.h | 126 + include/const.h | 92 + include/defs.h | 36 + include/hookcode.cpp | 342 ++ include/hookcode.h | 9 + include/stringutils.cpp | 172 + include/stringutils.h | 56 + include/texthook.h | 68 + include/types.h | 189 + include/winevent.hpp | 38 + libs/Detours-4.0.1/include/detours.h | 1059 +++++ libs/Detours-4.0.1/include/detver.h | 27 + libs/Detours-4.0.1/include/syelog.h | 89 + libs/Detours-4.0.1/lib.X64/detours.lib | Bin 0 -> 664644 bytes libs/Detours-4.0.1/lib.X64/syelog.lib | Bin 0 -> 48674 bytes libs/Detours-4.0.1/lib.X86/detours.lib | Bin 0 -> 519250 bytes libs/Detours-4.0.1/lib.X86/syelog.lib | Bin 0 -> 44410 bytes libs/VC-LTL helper for cmake.cmake | 88 + libs/YY-Thunks-1.0.7-Binary/LICENSE | 21 + libs/YY-Thunks-1.0.7-Binary/ReadMe.md | 80 + libs/YY-Thunks-1.0.7-Binary/ThunksList.md | 395 ++ .../objs/x86/YY_Thunks_for_WinXP.obj | Bin 0 -> 1664803 bytes libs/libs.cmake | 20 + libs/minhook/.editorconfig | 22 + libs/minhook/.gitignore | 44 + libs/minhook/AUTHORS.txt | 8 + libs/minhook/CMakeLists.txt | 141 + libs/minhook/LICENSE.txt | 81 + libs/minhook/README.md | 87 + libs/minhook/build/MinGW/Makefile | 33 + libs/minhook/build/MinGW/make.bat | 1 + libs/minhook/build/VC10/MinHook.vcxproj | 189 + libs/minhook/build/VC10/MinHookVC10.sln | 39 + libs/minhook/build/VC10/libMinHook.vcxproj | 172 + .../build/VC10/libMinHook.vcxproj.filters | 55 + libs/minhook/build/VC11/MinHook.vcxproj | 189 + libs/minhook/build/VC11/MinHookVC11.sln | 39 + libs/minhook/build/VC11/libMinHook.vcxproj | 172 + .../build/VC11/libMinHook.vcxproj.filters | 55 + libs/minhook/build/VC12/MinHook.vcxproj | 189 + libs/minhook/build/VC12/MinHookVC12.sln | 41 + libs/minhook/build/VC12/libMinHook.vcxproj | 174 + .../build/VC12/libMinHook.vcxproj.filters | 55 + libs/minhook/build/VC14/MinHook.vcxproj | 189 + libs/minhook/build/VC14/MinHookVC14.sln | 41 + libs/minhook/build/VC14/libMinHook.vcxproj | 174 + .../build/VC14/libMinHook.vcxproj.filters | 55 + libs/minhook/build/VC15/MinHook.vcxproj | 189 + libs/minhook/build/VC15/MinHookVC15.sln | 41 + libs/minhook/build/VC15/libMinHook.vcxproj | 174 + .../build/VC15/libMinHook.vcxproj.filters | 55 + libs/minhook/build/VC16/MinHook.vcxproj | 189 + libs/minhook/build/VC16/MinHookVC16.sln | 41 + libs/minhook/build/VC16/libMinHook.vcxproj | 174 + .../build/VC16/libMinHook.vcxproj.filters | 55 + libs/minhook/build/VC9/MinHook.vcproj | 343 ++ libs/minhook/build/VC9/MinHookVC9.sln | 39 + libs/minhook/build/VC9/libMinHook.vcproj | 410 ++ libs/minhook/cmake/minhook-config.cmake.in | 39 + libs/minhook/dll_resources/MinHook.def | 14 + libs/minhook/dll_resources/MinHook.rc | 32 + libs/minhook/include/MinHook.h | 185 + libs/minhook/src/buffer.c | 312 ++ libs/minhook/src/buffer.h | 42 + libs/minhook/src/hde/hde32.c | 324 ++ libs/minhook/src/hde/hde32.h | 105 + libs/minhook/src/hde/hde64.c | 333 ++ libs/minhook/src/hde/hde64.h | 112 + libs/minhook/src/hde/pstdint.h | 39 + libs/minhook/src/hde/table32.h | 73 + libs/minhook/src/hde/table64.h | 74 + libs/minhook/src/hook.c | 889 ++++ libs/minhook/src/trampoline.c | 320 ++ libs/minhook/src/trampoline.h | 105 + libs/yapi.hpp | 912 ++++ scripts/build32.bat | 2 + scripts/build32xp.bat | 2 + scripts/build64.bat | 2 + 506 files changed, 71664 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 CMakeLists.txt create mode 100644 LICENSE create mode 100644 Lang/Lang.h create mode 100644 Lang/en.h create mode 100644 LunaHook/CMakeLists.txt create mode 100644 LunaHook/NoEngine.h create mode 100644 LunaHook/embed_util.cc create mode 100644 LunaHook/embed_util.h create mode 100644 LunaHook/engine.h create mode 100644 LunaHook/engine32/5pb.cpp create mode 100644 LunaHook/engine32/5pb.h create mode 100644 LunaHook/engine32/AB2Try.cpp create mode 100644 LunaHook/engine32/AB2Try.h create mode 100644 LunaHook/engine32/ACTGS.cpp create mode 100644 LunaHook/engine32/ACTGS.h create mode 100644 LunaHook/engine32/AGS.cpp create mode 100644 LunaHook/engine32/AGS.h create mode 100644 LunaHook/engine32/AIL2.cpp create mode 100644 LunaHook/engine32/AIL2.h create mode 100644 LunaHook/engine32/AOS.cpp create mode 100644 LunaHook/engine32/AOS.h create mode 100644 LunaHook/engine32/AXL.cpp create mode 100644 LunaHook/engine32/AXL.h create mode 100644 LunaHook/engine32/Abalone.cpp create mode 100644 LunaHook/engine32/Abalone.h create mode 100644 LunaHook/engine32/Abel.cpp create mode 100644 LunaHook/engine32/Abel.h create mode 100644 LunaHook/engine32/AdobeAir.cpp create mode 100644 LunaHook/engine32/AdobeAir.h create mode 100644 LunaHook/engine32/AdobeFlash10.cpp create mode 100644 LunaHook/engine32/AdobeFlash10.h create mode 100644 LunaHook/engine32/Ages3ResT.cpp create mode 100644 LunaHook/engine32/Ages3ResT.h create mode 100644 LunaHook/engine32/Alice.cpp create mode 100644 LunaHook/engine32/Alice.h create mode 100644 LunaHook/engine32/Anex86.cpp create mode 100644 LunaHook/engine32/Anex86.h create mode 100644 LunaHook/engine32/Anim.cpp create mode 100644 LunaHook/engine32/Anim.h create mode 100644 LunaHook/engine32/Anisetta.cpp create mode 100644 LunaHook/engine32/Anisetta.h create mode 100644 LunaHook/engine32/ApricoT.cpp create mode 100644 LunaHook/engine32/ApricoT.h create mode 100644 LunaHook/engine32/Artemis.cpp create mode 100644 LunaHook/engine32/Artemis.h create mode 100644 LunaHook/engine32/Atelier.cpp create mode 100644 LunaHook/engine32/Atelier.h create mode 100644 LunaHook/engine32/BGI.cpp create mode 100644 LunaHook/engine32/BGI.h create mode 100644 LunaHook/engine32/BKEngine.cpp create mode 100644 LunaHook/engine32/BKEngine.h create mode 100644 LunaHook/engine32/Bishop.cpp create mode 100644 LunaHook/engine32/Bishop.h create mode 100644 LunaHook/engine32/Bootup.cpp create mode 100644 LunaHook/engine32/Bootup.h create mode 100644 LunaHook/engine32/Bruns.cpp create mode 100644 LunaHook/engine32/Bruns.h create mode 100644 LunaHook/engine32/C4.cpp create mode 100644 LunaHook/engine32/C4.h create mode 100644 LunaHook/engine32/CMVS.cpp create mode 100644 LunaHook/engine32/CMVS.h create mode 100644 LunaHook/engine32/Candy.cpp create mode 100644 LunaHook/engine32/Candy.h create mode 100644 LunaHook/engine32/CaramelBox.cpp create mode 100644 LunaHook/engine32/CaramelBox.h create mode 100644 LunaHook/engine32/CatSystem.cpp create mode 100644 LunaHook/engine32/CatSystem.h create mode 100644 LunaHook/engine32/Ciel.cpp create mode 100644 LunaHook/engine32/Ciel.h create mode 100644 LunaHook/engine32/Circus1.cpp create mode 100644 LunaHook/engine32/Circus1.h create mode 100644 LunaHook/engine32/Circus2.cpp create mode 100644 LunaHook/engine32/Circus2.h create mode 100644 LunaHook/engine32/CodeX.cpp create mode 100644 LunaHook/engine32/CodeX.h create mode 100644 LunaHook/engine32/Cotopha.cpp create mode 100644 LunaHook/engine32/Cotopha.h create mode 100644 LunaHook/engine32/Debonosu.cpp create mode 100644 LunaHook/engine32/Debonosu.h create mode 100644 LunaHook/engine32/DxLib.cpp create mode 100644 LunaHook/engine32/DxLib.h create mode 100644 LunaHook/engine32/EME.cpp create mode 100644 LunaHook/engine32/EME.h create mode 100644 LunaHook/engine32/Eagls.cpp create mode 100644 LunaHook/engine32/Eagls.h create mode 100644 LunaHook/engine32/Elf.cpp create mode 100644 LunaHook/engine32/Elf.h create mode 100644 LunaHook/engine32/EntisGLS.cpp create mode 100644 LunaHook/engine32/EntisGLS.h create mode 100644 LunaHook/engine32/Escude.cpp create mode 100644 LunaHook/engine32/Escude.h create mode 100644 LunaHook/engine32/Eushully.cpp create mode 100644 LunaHook/engine32/Eushully.h create mode 100644 LunaHook/engine32/Exp.cpp create mode 100644 LunaHook/engine32/Exp.h create mode 100644 LunaHook/engine32/FVP.cpp create mode 100644 LunaHook/engine32/FVP.h create mode 100644 LunaHook/engine32/FocasLens.cpp create mode 100644 LunaHook/engine32/FocasLens.h create mode 100644 LunaHook/engine32/Footy2.cpp create mode 100644 LunaHook/engine32/Footy2.h create mode 100644 LunaHook/engine32/GXP.cpp create mode 100644 LunaHook/engine32/GXP.h create mode 100644 LunaHook/engine32/GameMaker.cpp create mode 100644 LunaHook/engine32/GameMaker.h create mode 100644 LunaHook/engine32/Giga.cpp create mode 100644 LunaHook/engine32/Giga.h create mode 100644 LunaHook/engine32/HXP.cpp create mode 100644 LunaHook/engine32/HXP.h create mode 100644 LunaHook/engine32/HorkEye.cpp create mode 100644 LunaHook/engine32/HorkEye.h create mode 100644 LunaHook/engine32/IGScript.cpp create mode 100644 LunaHook/engine32/IGScript.h create mode 100644 LunaHook/engine32/Interheart.cpp create mode 100644 LunaHook/engine32/Interheart.h create mode 100644 LunaHook/engine32/Interlude.cpp create mode 100644 LunaHook/engine32/Interlude.h create mode 100644 LunaHook/engine32/IronGameSystem.cpp create mode 100644 LunaHook/engine32/IronGameSystem.h create mode 100644 LunaHook/engine32/Jellyfish.cpp create mode 100644 LunaHook/engine32/Jellyfish.h create mode 100644 LunaHook/engine32/Jisatu101.cpp create mode 100644 LunaHook/engine32/Jisatu101.h create mode 100644 LunaHook/engine32/KISS.cpp create mode 100644 LunaHook/engine32/KISS.h create mode 100644 LunaHook/engine32/KiriKiri.cpp create mode 100644 LunaHook/engine32/KiriKiri.h create mode 100644 LunaHook/engine32/LCScript.cpp create mode 100644 LunaHook/engine32/LCScript.h create mode 100644 LunaHook/engine32/Leaf.cpp create mode 100644 LunaHook/engine32/Leaf.h create mode 100644 LunaHook/engine32/Lightvn.cpp create mode 100644 LunaHook/engine32/Lightvn.h create mode 100644 LunaHook/engine32/Live.cpp create mode 100644 LunaHook/engine32/Live.h create mode 100644 LunaHook/engine32/LovaGame.cpp create mode 100644 LunaHook/engine32/LovaGame.h create mode 100644 LunaHook/engine32/LunaSoft.cpp create mode 100644 LunaHook/engine32/LunaSoft.h create mode 100644 LunaHook/engine32/MBLMED.cpp create mode 100644 LunaHook/engine32/MBLMED.h create mode 100644 LunaHook/engine32/Majiro.cpp create mode 100644 LunaHook/engine32/Majiro.h create mode 100644 LunaHook/engine32/Malie.cpp create mode 100644 LunaHook/engine32/Malie.h create mode 100644 LunaHook/engine32/MarineHeart.cpp create mode 100644 LunaHook/engine32/MarineHeart.h create mode 100644 LunaHook/engine32/Mink.cpp create mode 100644 LunaHook/engine32/Mink.h create mode 100644 LunaHook/engine32/Minori.cpp create mode 100644 LunaHook/engine32/Minori.h create mode 100644 LunaHook/engine32/NNNConfig.cpp create mode 100644 LunaHook/engine32/NNNConfig.h create mode 100644 LunaHook/engine32/NeXAS.cpp create mode 100644 LunaHook/engine32/NeXAS.h create mode 100644 LunaHook/engine32/Nekopack.cpp create mode 100644 LunaHook/engine32/Nekopack.h create mode 100644 LunaHook/engine32/Nexton.cpp create mode 100644 LunaHook/engine32/Nexton.h create mode 100644 LunaHook/engine32/Nijyuei.cpp create mode 100644 LunaHook/engine32/Nijyuei.h create mode 100644 LunaHook/engine32/Nitroplus.cpp create mode 100644 LunaHook/engine32/Nitroplus.h create mode 100644 LunaHook/engine32/Nitroplus2.cpp create mode 100644 LunaHook/engine32/Nitroplus2.h create mode 100644 LunaHook/engine32/ONScripterru.cpp create mode 100644 LunaHook/engine32/ONScripterru.h create mode 100644 LunaHook/engine32/OVERDRIVE.cpp create mode 100644 LunaHook/engine32/OVERDRIVE.h create mode 100644 LunaHook/engine32/Ohgetsu.cpp create mode 100644 LunaHook/engine32/Ohgetsu.h create mode 100644 LunaHook/engine32/Overflow.cpp create mode 100644 LunaHook/engine32/Overflow.h create mode 100644 LunaHook/engine32/PCSX2.cpp create mode 100644 LunaHook/engine32/PCSX2.h create mode 100644 LunaHook/engine32/PONScripter.cpp create mode 100644 LunaHook/engine32/PONScripter.h create mode 100644 LunaHook/engine32/PPSSPP.cpp create mode 100644 LunaHook/engine32/PPSSPP.h create mode 100644 LunaHook/engine32/Pal.cpp create mode 100644 LunaHook/engine32/Pal.h create mode 100644 LunaHook/engine32/Palette.cpp create mode 100644 LunaHook/engine32/Palette.h create mode 100644 LunaHook/engine32/Pensil.cpp create mode 100644 LunaHook/engine32/Pensil.h create mode 100644 LunaHook/engine32/Purple.cpp create mode 100644 LunaHook/engine32/Purple.h create mode 100644 LunaHook/engine32/QLIE.cpp create mode 100644 LunaHook/engine32/QLIE.h create mode 100644 LunaHook/engine32/RPGMakerRGSS3.cpp create mode 100644 LunaHook/engine32/RPGMakerRGSS3.h create mode 100644 LunaHook/engine32/RRE.cpp create mode 100644 LunaHook/engine32/RRE.h create mode 100644 LunaHook/engine32/RUGP.cpp create mode 100644 LunaHook/engine32/RUGP.h create mode 100644 LunaHook/engine32/RUNE.cpp create mode 100644 LunaHook/engine32/RUNE.h create mode 100644 LunaHook/engine32/Reallive.cpp create mode 100644 LunaHook/engine32/Reallive.h create mode 100644 LunaHook/engine32/Regista.cpp create mode 100644 LunaHook/engine32/Regista.h create mode 100644 LunaHook/engine32/Rejet.cpp create mode 100644 LunaHook/engine32/Rejet.h create mode 100644 LunaHook/engine32/Renpy.cpp create mode 100644 LunaHook/engine32/Renpy.h create mode 100644 LunaHook/engine32/Retouch.cpp create mode 100644 LunaHook/engine32/Retouch.h create mode 100644 LunaHook/engine32/RpgmXP.cpp create mode 100644 LunaHook/engine32/RpgmXP.h create mode 100644 LunaHook/engine32/Ruf.cpp create mode 100644 LunaHook/engine32/Ruf.h create mode 100644 LunaHook/engine32/Ryokucha.cpp create mode 100644 LunaHook/engine32/Ryokucha.h create mode 100644 LunaHook/engine32/SRPGStudio.cpp create mode 100644 LunaHook/engine32/SRPGStudio.h create mode 100644 LunaHook/engine32/SYSD.cpp create mode 100644 LunaHook/engine32/SYSD.h create mode 100644 LunaHook/engine32/Sakuradog.cpp create mode 100644 LunaHook/engine32/Sakuradog.h create mode 100644 LunaHook/engine32/ScrPlayer.cpp create mode 100644 LunaHook/engine32/ScrPlayer.h create mode 100644 LunaHook/engine32/ShinaRio.cpp create mode 100644 LunaHook/engine32/ShinaRio.h create mode 100644 LunaHook/engine32/ShinyDaysGame.cpp create mode 100644 LunaHook/engine32/ShinyDaysGame.h create mode 100644 LunaHook/engine32/SideB.cpp create mode 100644 LunaHook/engine32/SideB.h create mode 100644 LunaHook/engine32/Siglus.cpp create mode 100644 LunaHook/engine32/Siglus.h create mode 100644 LunaHook/engine32/Silkys.cpp create mode 100644 LunaHook/engine32/Silkys.h create mode 100644 LunaHook/engine32/Speed.cpp create mode 100644 LunaHook/engine32/Speed.h create mode 100644 LunaHook/engine32/Sprite.cpp create mode 100644 LunaHook/engine32/Sprite.h create mode 100644 LunaHook/engine32/Suika2.cpp create mode 100644 LunaHook/engine32/Suika2.h create mode 100644 LunaHook/engine32/System4x.cpp create mode 100644 LunaHook/engine32/System4x.h create mode 100644 LunaHook/engine32/SystemAoi.cpp create mode 100644 LunaHook/engine32/SystemAoi.h create mode 100644 LunaHook/engine32/Syuntada.cpp create mode 100644 LunaHook/engine32/Syuntada.h create mode 100644 LunaHook/engine32/TSSystem.cpp create mode 100644 LunaHook/engine32/TSSystem.h create mode 100644 LunaHook/engine32/Tamamo.cpp create mode 100644 LunaHook/engine32/Tamamo.h create mode 100644 LunaHook/engine32/Tanuki.cpp create mode 100644 LunaHook/engine32/Tanuki.h create mode 100644 LunaHook/engine32/Tarte.cpp create mode 100644 LunaHook/engine32/Tarte.h create mode 100644 LunaHook/engine32/Taskforce2.cpp create mode 100644 LunaHook/engine32/Taskforce2.h create mode 100644 LunaHook/engine32/Tenco.cpp create mode 100644 LunaHook/engine32/Tenco.h create mode 100644 LunaHook/engine32/TerraLunar.cpp create mode 100644 LunaHook/engine32/TerraLunar.h create mode 100644 LunaHook/engine32/TinkerBell.cpp create mode 100644 LunaHook/engine32/TinkerBell.h create mode 100644 LunaHook/engine32/Tomato.cpp create mode 100644 LunaHook/engine32/Tomato.h create mode 100644 LunaHook/engine32/Triangle.cpp create mode 100644 LunaHook/engine32/Triangle.h create mode 100644 LunaHook/engine32/Troy.cpp create mode 100644 LunaHook/engine32/Troy.h create mode 100644 LunaHook/engine32/Unicorn.cpp create mode 100644 LunaHook/engine32/Unicorn.h create mode 100644 LunaHook/engine32/UnisonShift.cpp create mode 100644 LunaHook/engine32/UnisonShift.h create mode 100644 LunaHook/engine32/UnisonShift2.cpp create mode 100644 LunaHook/engine32/UnisonShift2.h create mode 100644 LunaHook/engine32/Unknown.cpp create mode 100644 LunaHook/engine32/Unknown.h create mode 100644 LunaHook/engine32/V8.cpp create mode 100644 LunaHook/engine32/V8.h create mode 100644 LunaHook/engine32/VanillawareGC.cpp create mode 100644 LunaHook/engine32/VanillawareGC.h create mode 100644 LunaHook/engine32/VitaminSoft.cpp create mode 100644 LunaHook/engine32/VitaminSoft.h create mode 100644 LunaHook/engine32/Waffle.cpp create mode 100644 LunaHook/engine32/Waffle.h create mode 100644 LunaHook/engine32/WillPlus.cpp create mode 100644 LunaHook/engine32/WillPlus.h create mode 100644 LunaHook/engine32/Wolf.cpp create mode 100644 LunaHook/engine32/Wolf.h create mode 100644 LunaHook/engine32/XUSE.cpp create mode 100644 LunaHook/engine32/XUSE.h create mode 100644 LunaHook/engine32/Xbangbang.cpp create mode 100644 LunaHook/engine32/Xbangbang.h create mode 100644 LunaHook/engine32/YukaSystem2.cpp create mode 100644 LunaHook/engine32/YukaSystem2.h create mode 100644 LunaHook/engine32/Yuris.cpp create mode 100644 LunaHook/engine32/Yuris.h create mode 100644 LunaHook/engine32/cef.cpp create mode 100644 LunaHook/engine32/cef.h create mode 100644 LunaHook/engine32/hibiki.cpp create mode 100644 LunaHook/engine32/hibiki.h create mode 100644 LunaHook/engine32/jukujojidai.cpp create mode 100644 LunaHook/engine32/jukujojidai.h create mode 100644 LunaHook/engine32/littlecheese.cpp create mode 100644 LunaHook/engine32/littlecheese.h create mode 100644 LunaHook/engine32/lua51.cpp create mode 100644 LunaHook/engine32/lua51.h create mode 100644 LunaHook/engine32/lucifen.cpp create mode 100644 LunaHook/engine32/lucifen.h create mode 100644 LunaHook/engine32/mono.cpp create mode 100644 LunaHook/engine32/mono.h create mode 100644 LunaHook/engine32/morning.cpp create mode 100644 LunaHook/engine32/morning.h create mode 100644 LunaHook/engine32/pchooks.cpp create mode 100644 LunaHook/engine32/pchooks.h create mode 100644 LunaHook/engine32/sakanagl.cpp create mode 100644 LunaHook/engine32/sakanagl.h create mode 100644 LunaHook/engine32/sakusesu.cpp create mode 100644 LunaHook/engine32/sakusesu.h create mode 100644 LunaHook/engine32/shyakunage.cpp create mode 100644 LunaHook/engine32/shyakunage.h create mode 100644 LunaHook/engine32/utawarerumono.cpp create mode 100644 LunaHook/engine32/utawarerumono.h create mode 100644 LunaHook/engine64/5pb.cpp create mode 100644 LunaHook/engine64/5pb.h create mode 100644 LunaHook/engine64/AGES7.cpp create mode 100644 LunaHook/engine64/AGES7.h create mode 100644 LunaHook/engine64/Artemis.cpp create mode 100644 LunaHook/engine64/Artemis.h create mode 100644 LunaHook/engine64/CMVS.cpp create mode 100644 LunaHook/engine64/CMVS.h create mode 100644 LunaHook/engine64/ENTERGRAM.cpp create mode 100644 LunaHook/engine64/ENTERGRAM.h create mode 100644 LunaHook/engine64/Godot.cpp create mode 100644 LunaHook/engine64/Godot.h create mode 100644 LunaHook/engine64/IG.cpp create mode 100644 LunaHook/engine64/IG.h create mode 100644 LunaHook/engine64/KiriKiri.cpp create mode 100644 LunaHook/engine64/KiriKiri.h create mode 100644 LunaHook/engine64/LightVN.cpp create mode 100644 LunaHook/engine64/LightVN.h create mode 100644 LunaHook/engine64/PPSSPP.cpp create mode 100644 LunaHook/engine64/PPSSPP.h create mode 100644 LunaHook/engine64/Renpy.cpp create mode 100644 LunaHook/engine64/Renpy.h create mode 100644 LunaHook/engine64/Suika2.cpp create mode 100644 LunaHook/engine64/Suika2.h create mode 100644 LunaHook/engine64/TYPEMOON.cpp create mode 100644 LunaHook/engine64/TYPEMOON.h create mode 100644 LunaHook/engine64/V8.cpp create mode 100644 LunaHook/engine64/V8.h create mode 100644 LunaHook/engine64/YOX.cpp create mode 100644 LunaHook/engine64/YOX.h create mode 100644 LunaHook/engine64/mono.cpp create mode 100644 LunaHook/engine64/mono.h create mode 100644 LunaHook/engine64/pchooks.cpp create mode 100644 LunaHook/engine64/pchooks.h create mode 100644 LunaHook/enginecollection32.cpp create mode 100644 LunaHook/enginecollection64.cpp create mode 100644 LunaHook/enginecontrol.cpp create mode 100644 LunaHook/engines/CMakeLists.txt create mode 100644 LunaHook/engines/mages/mages.hpp create mode 100644 LunaHook/engines/mono/il2cpp.hpp create mode 100644 LunaHook/engines/mono/monocommon.hpp create mode 100644 LunaHook/engines/mono/monofuncinfo.h create mode 100644 LunaHook/engines/mono/monoobject.h create mode 100644 LunaHook/engines/mono/monotype.h create mode 100644 LunaHook/engines/mono/types.h create mode 100644 LunaHook/engines/pchooks/pchooks.cpp create mode 100644 LunaHook/engines/pchooks/pchooks.h create mode 100644 LunaHook/engines/ppsspp/funcinfo.h create mode 100644 LunaHook/engines/ppsspp/psputils.hpp create mode 100644 LunaHook/engines/python/python.h create mode 100644 LunaHook/engines/python/python2.cpp create mode 100644 LunaHook/engines/python/python3.cpp create mode 100644 LunaHook/hijackfuns.cc create mode 100644 LunaHook/hijackfuns.h create mode 100644 LunaHook/hookfinder.cc create mode 100644 LunaHook/hookfinder.h create mode 100644 LunaHook/main.cc create mode 100644 LunaHook/main.h create mode 100644 LunaHook/resource.rc create mode 100644 LunaHook/resource/charset_Robotics_Notes_Dash.txt create mode 100644 LunaHook/resource/charset_Robotics_Notes_Elite.txt create mode 100644 LunaHook/resource/charset_default.txt create mode 100644 LunaHook/resource/compound_chars_Robotics_Notes_Dash.txt create mode 100644 LunaHook/resource/compound_chars_Robotics_Notes_Elite.txt create mode 100644 LunaHook/resource/compound_chars_default.txt create mode 100644 LunaHook/stackoffset.hpp create mode 100644 LunaHook/texthook.cc create mode 100644 LunaHook/util/CMakeLists.txt create mode 100644 LunaHook/util/cpputil/cppcstring.h create mode 100644 LunaHook/util/disasm/disasm.cc create mode 100644 LunaHook/util/disasm/disasm.h create mode 100644 LunaHook/util/dyncodec/dynsjis.cc create mode 100644 LunaHook/util/dyncodec/dynsjis.h create mode 100644 LunaHook/util/dyncodec/dynsjiscodec.cc create mode 100644 LunaHook/util/dyncodec/dynsjiscodec.h create mode 100644 LunaHook/util/ithsys/ithsys.cc create mode 100644 LunaHook/util/ithsys/ithsys.h create mode 100644 LunaHook/util/memdbg/memdbg.h create mode 100644 LunaHook/util/memdbg/memsearch.cc create mode 100644 LunaHook/util/memdbg/memsearch.h create mode 100644 LunaHook/util/ntxpundef.h create mode 100644 LunaHook/util/stringfilters.cpp create mode 100644 LunaHook/util/stringfilters.h create mode 100644 LunaHook/util/textunion.h create mode 100644 LunaHook/util/util.cc create mode 100644 LunaHook/util/util.h create mode 100644 LunaHost/CMakeLists.txt create mode 100644 LunaHost/GUI/CMakeLists.txt create mode 100644 LunaHost/GUI/LunaHost.cpp create mode 100644 LunaHost/GUI/LunaHost.h create mode 100644 LunaHost/GUI/controls.cpp create mode 100644 LunaHost/GUI/controls.h create mode 100644 LunaHost/GUI/luna.ico create mode 100644 LunaHost/GUI/luna.rc create mode 100644 LunaHost/GUI/main.cpp create mode 100644 LunaHost/GUI/processlistwindow.cpp create mode 100644 LunaHost/GUI/processlistwindow.h create mode 100644 LunaHost/GUI/window.cpp create mode 100644 LunaHost/GUI/window.h create mode 100644 LunaHost/LunaHostCLI.cpp create mode 100644 LunaHost/LunaHostDll.cpp create mode 100644 LunaHost/host.cpp create mode 100644 LunaHost/host.h create mode 100644 LunaHost/textthread.cpp create mode 100644 LunaHost/textthread.h create mode 100644 include/CMakeLists.txt create mode 100644 include/common.cpp create mode 100644 include/common.h create mode 100644 include/const.h create mode 100644 include/defs.h create mode 100644 include/hookcode.cpp create mode 100644 include/hookcode.h create mode 100644 include/stringutils.cpp create mode 100644 include/stringutils.h create mode 100644 include/texthook.h create mode 100644 include/types.h create mode 100644 include/winevent.hpp create mode 100644 libs/Detours-4.0.1/include/detours.h create mode 100644 libs/Detours-4.0.1/include/detver.h create mode 100644 libs/Detours-4.0.1/include/syelog.h create mode 100644 libs/Detours-4.0.1/lib.X64/detours.lib create mode 100644 libs/Detours-4.0.1/lib.X64/syelog.lib create mode 100644 libs/Detours-4.0.1/lib.X86/detours.lib create mode 100644 libs/Detours-4.0.1/lib.X86/syelog.lib create mode 100644 libs/VC-LTL helper for cmake.cmake create mode 100644 libs/YY-Thunks-1.0.7-Binary/LICENSE create mode 100644 libs/YY-Thunks-1.0.7-Binary/ReadMe.md create mode 100644 libs/YY-Thunks-1.0.7-Binary/ThunksList.md create mode 100644 libs/YY-Thunks-1.0.7-Binary/objs/x86/YY_Thunks_for_WinXP.obj create mode 100644 libs/libs.cmake create mode 100644 libs/minhook/.editorconfig create mode 100644 libs/minhook/.gitignore create mode 100644 libs/minhook/AUTHORS.txt create mode 100644 libs/minhook/CMakeLists.txt create mode 100644 libs/minhook/LICENSE.txt create mode 100644 libs/minhook/README.md create mode 100644 libs/minhook/build/MinGW/Makefile create mode 100644 libs/minhook/build/MinGW/make.bat create mode 100644 libs/minhook/build/VC10/MinHook.vcxproj create mode 100644 libs/minhook/build/VC10/MinHookVC10.sln create mode 100644 libs/minhook/build/VC10/libMinHook.vcxproj create mode 100644 libs/minhook/build/VC10/libMinHook.vcxproj.filters create mode 100644 libs/minhook/build/VC11/MinHook.vcxproj create mode 100644 libs/minhook/build/VC11/MinHookVC11.sln create mode 100644 libs/minhook/build/VC11/libMinHook.vcxproj create mode 100644 libs/minhook/build/VC11/libMinHook.vcxproj.filters create mode 100644 libs/minhook/build/VC12/MinHook.vcxproj create mode 100644 libs/minhook/build/VC12/MinHookVC12.sln create mode 100644 libs/minhook/build/VC12/libMinHook.vcxproj create mode 100644 libs/minhook/build/VC12/libMinHook.vcxproj.filters create mode 100644 libs/minhook/build/VC14/MinHook.vcxproj create mode 100644 libs/minhook/build/VC14/MinHookVC14.sln create mode 100644 libs/minhook/build/VC14/libMinHook.vcxproj create mode 100644 libs/minhook/build/VC14/libMinHook.vcxproj.filters create mode 100644 libs/minhook/build/VC15/MinHook.vcxproj create mode 100644 libs/minhook/build/VC15/MinHookVC15.sln create mode 100644 libs/minhook/build/VC15/libMinHook.vcxproj create mode 100644 libs/minhook/build/VC15/libMinHook.vcxproj.filters create mode 100644 libs/minhook/build/VC16/MinHook.vcxproj create mode 100644 libs/minhook/build/VC16/MinHookVC16.sln create mode 100644 libs/minhook/build/VC16/libMinHook.vcxproj create mode 100644 libs/minhook/build/VC16/libMinHook.vcxproj.filters create mode 100644 libs/minhook/build/VC9/MinHook.vcproj create mode 100644 libs/minhook/build/VC9/MinHookVC9.sln create mode 100644 libs/minhook/build/VC9/libMinHook.vcproj create mode 100644 libs/minhook/cmake/minhook-config.cmake.in create mode 100644 libs/minhook/dll_resources/MinHook.def create mode 100644 libs/minhook/dll_resources/MinHook.rc create mode 100644 libs/minhook/include/MinHook.h create mode 100644 libs/minhook/src/buffer.c create mode 100644 libs/minhook/src/buffer.h create mode 100644 libs/minhook/src/hde/hde32.c create mode 100644 libs/minhook/src/hde/hde32.h create mode 100644 libs/minhook/src/hde/hde64.c create mode 100644 libs/minhook/src/hde/hde64.h create mode 100644 libs/minhook/src/hde/pstdint.h create mode 100644 libs/minhook/src/hde/table32.h create mode 100644 libs/minhook/src/hde/table64.h create mode 100644 libs/minhook/src/hook.c create mode 100644 libs/minhook/src/trampoline.c create mode 100644 libs/minhook/src/trampoline.h create mode 100644 libs/yapi.hpp create mode 100644 scripts/build32.bat create mode 100644 scripts/build32xp.bat create mode 100644 scripts/build64.bat diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..bdb0cab --- /dev/null +++ b/.gitattributes @@ -0,0 +1,17 @@ +# Auto detect text files and perform LF normalization +* text=auto + +# Custom for Visual Studio +*.cs diff=csharp + +# Standard to msysgit +*.doc diff=astextplain +*.DOC diff=astextplain +*.docx diff=astextplain +*.DOCX diff=astextplain +*.dot diff=astextplain +*.DOT diff=astextplain +*.pdf diff=astextplain +*.PDF diff=astextplain +*.rtf diff=astextplain +*.RTF diff=astextplain diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..1e44e60 --- /dev/null +++ b/.gitignore @@ -0,0 +1,7 @@ +/build/ +/builds/ +/out/ +*.vs/ +*.user +*.aps +.vscode \ No newline at end of file diff --git a/CMakeLists.txt b/CMakeLists.txt new file mode 100644 index 0000000..91adfd7 --- /dev/null +++ b/CMakeLists.txt @@ -0,0 +1,39 @@ +cmake_minimum_required(VERSION 3.16) + +project(LunaHook) + +set(CMAKE_MSVC_RUNTIME_LIBRARY "MultiThreaded$<$:Debug>") + +set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} ${CMAKE_CURRENT_SOURCE_DIR}/cmake) + +add_compile_options( + /std:c++17 + /MP + /wd4018 + /wd4819 + /wd4244 + /wd4267 + /DVERSION="${VERSION}" + /DUNICODE + /D_UNICODE +) + +if(${CMAKE_SIZEOF_VOID_P} EQUAL 8) + set(bitappendix "64") +else() + set(bitappendix "32") +endif() + +set(CMAKE_FINAL_OUTPUT_DIRECTORY ${CMAKE_SOURCE_DIR}/builds/${CMAKE_BUILD_TYPE}_x${bitappendix}) +set(CMAKE_ARCHIVE_OUTPUT_DIRECTORY $<1:${CMAKE_FINAL_OUTPUT_DIRECTORY}>) +set(CMAKE_LIBRARY_OUTPUT_DIRECTORY $<1:${CMAKE_FINAL_OUTPUT_DIRECTORY}>) +set(CMAKE_RUNTIME_OUTPUT_DIRECTORY $<1:${CMAKE_FINAL_OUTPUT_DIRECTORY}>) + +include_directories(.) +include(libs/libs.cmake) + +include_directories(include) + +add_subdirectory(include) +add_subdirectory(LunaHook) +add_subdirectory(LunaHost) \ No newline at end of file diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..94a9ed0 --- /dev/null +++ b/LICENSE @@ -0,0 +1,674 @@ + GNU GENERAL PUBLIC LICENSE + Version 3, 29 June 2007 + + Copyright (C) 2007 Free Software Foundation, Inc. + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The GNU General Public License is a free, copyleft license for +software and other kinds of works. + + The licenses for most software and other practical works are designed +to take away your freedom to share and change the works. By contrast, +the GNU General Public License is intended to guarantee your freedom to +share and change all versions of a program--to make sure it remains free +software for all its users. We, the Free Software Foundation, use the +GNU General Public License for most of our software; it applies also to +any other work released this way by its authors. You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. + + To protect your rights, we need to prevent others from denying you +these rights or asking you to surrender the rights. Therefore, you have +certain responsibilities if you distribute copies of the software, or if +you modify it: responsibilities to respect the freedom of others. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must pass on to the recipients the same +freedoms that you received. You must make sure that they, too, receive +or can get the source code. And you must show them these terms so they +know their rights. + + Developers that use the GNU GPL protect your rights with two steps: +(1) assert copyright on the software, and (2) offer you this License +giving you legal permission to copy, distribute and/or modify it. + + For the developers' and authors' protection, the GPL clearly explains +that there is no warranty for this free software. For both users' and +authors' sake, the GPL requires that modified versions be marked as +changed, so that their problems will not be attributed erroneously to +authors of previous versions. + + Some devices are designed to deny users access to install or run +modified versions of the software inside them, although the manufacturer +can do so. This is fundamentally incompatible with the aim of +protecting users' freedom to change the software. The systematic +pattern of such abuse occurs in the area of products for individuals to +use, which is precisely where it is most unacceptable. Therefore, we +have designed this version of the GPL to prohibit the practice for those +products. If such problems arise substantially in other domains, we +stand ready to extend this provision to those domains in future versions +of the GPL, as needed to protect the freedom of users. + + Finally, every program is threatened constantly by software patents. +States should not allow patents to restrict development and use of +software on general-purpose computers, but in those that do, we wish to +avoid the special danger that patents applied to a free program could +make it effectively proprietary. To prevent this, the GPL assures that +patents cannot be used to render the program non-free. + + The precise terms and conditions for copying, distribution and +modification follow. + + TERMS AND CONDITIONS + + 0. Definitions. + + "This License" refers to version 3 of the GNU General Public License. + + "Copyright" also means copyright-like laws that apply to other kinds of +works, such as semiconductor masks. + + "The Program" refers to any copyrightable work licensed under this +License. Each licensee is addressed as "you". "Licensees" and +"recipients" may be individuals or organizations. + + To "modify" a work means to copy from or adapt all or part of the work +in a fashion requiring copyright permission, other than the making of an +exact copy. The resulting work is called a "modified version" of the +earlier work or a work "based on" the earlier work. + + A "covered work" means either the unmodified Program or a work based +on the Program. + + To "propagate" a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification), making available to the +public, and in some countries other activities as well. + + To "convey" a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user through +a computer network, with no transfer of a copy, is not conveying. + + An interactive user interface displays "Appropriate Legal Notices" +to the extent that it includes a convenient and prominently visible +feature that (1) displays an appropriate copyright notice, and (2) +tells the user that there is no warranty for the work (except to the +extent that warranties are provided), that licensees may convey the +work under this License, and how to view a copy of this License. If +the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + + 1. Source Code. + + The "source code" for a work means the preferred form of the work +for making modifications to it. "Object code" means any non-source +form of a work. + + A "Standard Interface" means an interface that either is an official +standard defined by a recognized standards body, or, in the case of +interfaces specified for a particular programming language, one that +is widely used among developers working in that language. + + The "System Libraries" of an executable work include anything, other +than the work as a whole, that (a) is included in the normal form of +packaging a Major Component, but which is not part of that Major +Component, and (b) serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +implementation is available to the public in source code form. A +"Major Component", in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system +(if any) on which the executable work runs, or a compiler used to +produce the work, or an object code interpreter used to run it. + + The "Corresponding Source" for a work in object code form means all +the source code needed to generate, install, and (for an executable +work) run the object code and to modify the work, including scripts to +control those activities. However, it does not include the work's +System Libraries, or general-purpose tools or generally available free +programs which are used unmodified in performing those activities but +which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for +the work, and the source code for shared libraries and dynamically +linked subprograms that the work is specifically designed to require, +such as by intimate data communication or control flow between those +subprograms and other parts of the work. + + The Corresponding Source need not include anything that users +can regenerate automatically from other parts of the Corresponding +Source. + + The Corresponding Source for a work in source code form is that +same work. + + 2. Basic Permissions. + + All rights granted under this License are granted for the term of +copyright on the Program, and are irrevocable provided the stated +conditions are met. This License explicitly affirms your unlimited +permission to run the unmodified Program. The output from running a +covered work is covered by this License only if the output, given its +content, constitutes a covered work. This License acknowledges your +rights of fair use or other equivalent, as provided by copyright law. + + You may make, run and propagate covered works that you do not +convey, without conditions so long as your license otherwise remains +in force. You may convey covered works to others for the sole purpose +of having them make modifications exclusively for you, or provide you +with facilities for running those works, provided that you comply with +the terms of this License in conveying all material for which you do +not control copyright. Those thus making or running the covered works +for you must do so exclusively on your behalf, under your direction +and control, on terms that prohibit them from making any copies of +your copyrighted material outside their relationship with you. + + Conveying under any other circumstances is permitted solely under +the conditions stated below. Sublicensing is not allowed; section 10 +makes it unnecessary. + + 3. Protecting Users' Legal Rights From Anti-Circumvention Law. + + No covered work shall be deemed part of an effective technological +measure under any applicable law fulfilling obligations under article +11 of the WIPO copyright treaty adopted on 20 December 1996, or +similar laws prohibiting or restricting circumvention of such +measures. + + When you convey a covered work, you waive any legal power to forbid +circumvention of technological measures to the extent such circumvention +is effected by exercising rights under this License with respect to +the covered work, and you disclaim any intention to limit operation or +modification of the work as a means of enforcing, against the work's +users, your or third parties' legal rights to forbid circumvention of +technological measures. + + 4. Conveying Verbatim Copies. + + You may convey verbatim copies of the Program's source code as you +receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice; +keep intact all notices stating that this License and any +non-permissive terms added in accord with section 7 apply to the code; +keep intact all notices of the absence of any warranty; and give all +recipients a copy of this License along with the Program. + + You may charge any price or no price for each copy that you convey, +and you may offer support or warranty protection for a fee. + + 5. Conveying Modified Source Versions. + + You may convey a work based on the Program, or the modifications to +produce it from the Program, in the form of source code under the +terms of section 4, provided that you also meet all of these conditions: + + a) The work must carry prominent notices stating that you modified + it, and giving a relevant date. + + b) The work must carry prominent notices stating that it is + released under this License and any conditions added under section + 7. This requirement modifies the requirement in section 4 to + "keep intact all notices". + + c) You must license the entire work, as a whole, under this + License to anyone who comes into possession of a copy. This + License will therefore apply, along with any applicable section 7 + additional terms, to the whole of the work, and all its parts, + regardless of how they are packaged. This License gives no + permission to license the work in any other way, but it does not + invalidate such permission if you have separately received it. + + d) If the work has interactive user interfaces, each must display + Appropriate Legal Notices; however, if the Program has interactive + interfaces that do not display Appropriate Legal Notices, your + work need not make them do so. + + A compilation of a covered work with other separate and independent +works, which are not by their nature extensions of the covered work, +and which are not combined with it such as to form a larger program, +in or on a volume of a storage or distribution medium, is called an +"aggregate" if the compilation and its resulting copyright are not +used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work +in an aggregate does not cause this License to apply to the other +parts of the aggregate. + + 6. Conveying Non-Source Forms. + + You may convey a covered work in object code form under the terms +of sections 4 and 5, provided that you also convey the +machine-readable Corresponding Source under the terms of this License, +in one of these ways: + + a) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by the + Corresponding Source fixed on a durable physical medium + customarily used for software interchange. + + b) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by a + written offer, valid for at least three years and valid for as + long as you offer spare parts or customer support for that product + model, to give anyone who possesses the object code either (1) a + copy of the Corresponding Source for all the software in the + product that is covered by this License, on a durable physical + medium customarily used for software interchange, for a price no + more than your reasonable cost of physically performing this + conveying of source, or (2) access to copy the + Corresponding Source from a network server at no charge. + + c) Convey individual copies of the object code with a copy of the + written offer to provide the Corresponding Source. This + alternative is allowed only occasionally and noncommercially, and + only if you received the object code with such an offer, in accord + with subsection 6b. + + d) Convey the object code by offering access from a designated + place (gratis or for a charge), and offer equivalent access to the + Corresponding Source in the same way through the same place at no + further charge. You need not require recipients to copy the + Corresponding Source along with the object code. If the place to + copy the object code is a network server, the Corresponding Source + may be on a different server (operated by you or a third party) + that supports equivalent copying facilities, provided you maintain + clear directions next to the object code saying where to find the + Corresponding Source. Regardless of what server hosts the + Corresponding Source, you remain obligated to ensure that it is + available for as long as needed to satisfy these requirements. + + e) Convey the object code using peer-to-peer transmission, provided + you inform other peers where the object code and Corresponding + Source of the work are being offered to the general public at no + charge under subsection 6d. + + A separable portion of the object code, whose source code is excluded +from the Corresponding Source as a System Library, need not be +included in conveying the object code work. + + A "User Product" is either (1) a "consumer product", which means any +tangible personal property which is normally used for personal, family, +or household purposes, or (2) anything designed or sold for incorporation +into a dwelling. In determining whether a product is a consumer product, +doubtful cases shall be resolved in favor of coverage. For a particular +product received by a particular user, "normally used" refers to a +typical or common use of that class of product, regardless of the status +of the particular user or of the way in which the particular user +actually uses, or expects or is expected to use, the product. A product +is a consumer product regardless of whether the product has substantial +commercial, industrial or non-consumer uses, unless such uses represent +the only significant mode of use of the product. + + "Installation Information" for a User Product means any methods, +procedures, authorization keys, or other information required to install +and execute modified versions of a covered work in that User Product from +a modified version of its Corresponding Source. The information must +suffice to ensure that the continued functioning of the modified object +code is in no case prevented or interfered with solely because +modification has been made. + + If you convey an object code work under this section in, or with, or +specifically for use in, a User Product, and the conveying occurs as +part of a transaction in which the right of possession and use of the +User Product is transferred to the recipient in perpetuity or for a +fixed term (regardless of how the transaction is characterized), the +Corresponding Source conveyed under this section must be accompanied +by the Installation Information. But this requirement does not apply +if neither you nor any third party retains the ability to install +modified object code on the User Product (for example, the work has +been installed in ROM). + + The requirement to provide Installation Information does not include a +requirement to continue to provide support service, warranty, or updates +for a work that has been modified or installed by the recipient, or for +the User Product in which it has been modified or installed. Access to a +network may be denied when the modification itself materially and +adversely affects the operation of the network or violates the rules and +protocols for communication across the network. + + Corresponding Source conveyed, and Installation Information provided, +in accord with this section must be in a format that is publicly +documented (and with an implementation available to the public in +source code form), and must require no special password or key for +unpacking, reading or copying. + + 7. Additional Terms. + + "Additional permissions" are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. +Additional permissions that are applicable to the entire Program shall +be treated as though they were included in this License, to the extent +that they are valid under applicable law. If additional permissions +apply only to part of the Program, that part may be used separately +under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + + When you convey a copy of a covered work, you may at your option +remove any additional permissions from that copy, or from any part of +it. (Additional permissions may be written to require their own +removal in certain cases when you modify the work.) You may place +additional permissions on material, added by you to a covered work, +for which you have or can give appropriate copyright permission. + + Notwithstanding any other provision of this License, for material you +add to a covered work, you may (if authorized by the copyright holders of +that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the + terms of sections 15 and 16 of this License; or + + b) Requiring preservation of specified reasonable legal notices or + author attributions in that material or in the Appropriate Legal + Notices displayed by works containing it; or + + c) Prohibiting misrepresentation of the origin of that material, or + requiring that modified versions of such material be marked in + reasonable ways as different from the original version; or + + d) Limiting the use for publicity purposes of names of licensors or + authors of the material; or + + e) Declining to grant rights under trademark law for use of some + trade names, trademarks, or service marks; or + + f) Requiring indemnification of licensors and authors of that + material by anyone who conveys the material (or modified versions of + it) with contractual assumptions of liability to the recipient, for + any liability that these contractual assumptions directly impose on + those licensors and authors. + + All other non-permissive additional terms are considered "further +restrictions" within the meaning of section 10. If the Program as you +received it, or any part of it, contains a notice stating that it is +governed by this License along with a term that is a further +restriction, you may remove that term. If a license document contains +a further restriction but permits relicensing or conveying under this +License, you may add to a covered work material governed by the terms +of that license document, provided that the further restriction does +not survive such relicensing or conveying. + + If you add terms to a covered work in accord with this section, you +must place, in the relevant source files, a statement of the +additional terms that apply to those files, or a notice indicating +where to find the applicable terms. + + Additional terms, permissive or non-permissive, may be stated in the +form of a separately written license, or stated as exceptions; +the above requirements apply either way. + + 8. Termination. + + You may not propagate or modify a covered work except as expressly +provided under this License. Any attempt otherwise to propagate or +modify it is void, and will automatically terminate your rights under +this License (including any patent licenses granted under the third +paragraph of section 11). + + However, if you cease all violation of this License, then your +license from a particular copyright holder is reinstated (a) +provisionally, unless and until the copyright holder explicitly and +finally terminates your license, and (b) permanently, if the copyright +holder fails to notify you of the violation by some reasonable means +prior to 60 days after the cessation. + + Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + + Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, you do not qualify to receive new licenses for the same +material under section 10. + + 9. Acceptance Not Required for Having Copies. + + You are not required to accept this License in order to receive or +run a copy of the Program. Ancillary propagation of a covered work +occurring solely as a consequence of using peer-to-peer transmission +to receive a copy likewise does not require acceptance. However, +nothing other than this License grants you permission to propagate or +modify any covered work. These actions infringe copyright if you do +not accept this License. Therefore, by modifying or propagating a +covered work, you indicate your acceptance of this License to do so. + + 10. Automatic Licensing of Downstream Recipients. + + Each time you convey a covered work, the recipient automatically +receives a license from the original licensors, to run, modify and +propagate that work, subject to this License. You are not responsible +for enforcing compliance by third parties with this License. + + An "entity transaction" is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an +organization, or merging organizations. If propagation of a covered +work results from an entity transaction, each party to that +transaction who receives a copy of the work also receives whatever +licenses to the work the party's predecessor in interest had or could +give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if +the predecessor has it or can get it with reasonable efforts. + + You may not impose any further restrictions on the exercise of the +rights granted or affirmed under this License. For example, you may +not impose a license fee, royalty, or other charge for exercise of +rights granted under this License, and you may not initiate litigation +(including a cross-claim or counterclaim in a lawsuit) alleging that +any patent claim is infringed by making, using, selling, offering for +sale, or importing the Program or any portion of it. + + 11. Patents. + + A "contributor" is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The +work thus licensed is called the contributor's "contributor version". + + A contributor's "essential patent claims" are all patent claims +owned or controlled by the contributor, whether already acquired or +hereafter acquired, that would be infringed by some manner, permitted +by this License, of making, using, or selling its contributor version, +but do not include claims that would be infringed only as a +consequence of further modification of the contributor version. For +purposes of this definition, "control" includes the right to grant +patent sublicenses in a manner consistent with the requirements of +this License. + + Each contributor grants you a non-exclusive, worldwide, royalty-free +patent license under the contributor's essential patent claims, to +make, use, sell, offer for sale, import and otherwise run, modify and +propagate the contents of its contributor version. + + In the following three paragraphs, a "patent license" is any express +agreement or commitment, however denominated, not to enforce a patent +(such as an express permission to practice a patent or covenant not to +sue for patent infringement). To "grant" such a patent license to a +party means to make such an agreement or commitment not to enforce a +patent against the party. + + If you convey a covered work, knowingly relying on a patent license, +and the Corresponding Source of the work is not available for anyone +to copy, free of charge and under the terms of this License, through a +publicly available network server or other readily accessible means, +then you must either (1) cause the Corresponding Source to be so +available, or (2) arrange to deprive yourself of the benefit of the +patent license for this particular work, or (3) arrange, in a manner +consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have +actual knowledge that, but for the patent license, your conveying the +covered work in a country, or your recipient's use of the covered work +in a country, would infringe one or more identifiable patents in that +country that you have reason to believe are valid. + + If, pursuant to or in connection with a single transaction or +arrangement, you convey, or propagate by procuring conveyance of, a +covered work, and grant a patent license to some of the parties +receiving the covered work authorizing them to use, propagate, modify +or convey a specific copy of the covered work, then the patent license +you grant is automatically extended to all recipients of the covered +work and works based on it. + + A patent license is "discriminatory" if it does not include within +the scope of its coverage, prohibits the exercise of, or is +conditioned on the non-exercise of one or more of the rights that are +specifically granted under this License. You may not convey a covered +work if you are a party to an arrangement with a third party that is +in the business of distributing software, under which you make payment +to the third party based on the extent of your activity of conveying +the work, and under which the third party grants, to any of the +parties who would receive the covered work from you, a discriminatory +patent license (a) in connection with copies of the covered work +conveyed by you (or copies made from those copies), or (b) primarily +for and in connection with specific products or compilations that +contain the covered work, unless you entered into that arrangement, +or that patent license was granted, prior to 28 March 2007. + + Nothing in this License shall be construed as excluding or limiting +any implied license or other defenses to infringement that may +otherwise be available to you under applicable patent law. + + 12. No Surrender of Others' Freedom. + + If conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot convey a +covered work so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you may +not convey it at all. For example, if you agree to terms that obligate you +to collect a royalty for further conveying from those to whom you convey +the Program, the only way you could satisfy both those terms and this +License would be to refrain entirely from conveying the Program. + + 13. Use with the GNU Affero General Public License. + + Notwithstanding any other provision of this License, you have +permission to link or combine any covered work with a work licensed +under version 3 of the GNU Affero General Public License into a single +combined work, and to convey the resulting work. The terms of this +License will continue to apply to the part which is the covered work, +but the special requirements of the GNU Affero General Public License, +section 13, concerning interaction through a network will apply to the +combination as such. + + 14. Revised Versions of this License. + + The Free Software Foundation may publish revised and/or new versions of +the GNU General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + + Each version is given a distinguishing version number. If the +Program specifies that a certain numbered version of the GNU General +Public License "or any later version" applies to it, you have the +option of following the terms and conditions either of that numbered +version or of any later version published by the Free Software +Foundation. If the Program does not specify a version number of the +GNU General Public License, you may choose any version ever published +by the Free Software Foundation. + + If the Program specifies that a proxy can decide which future +versions of the GNU General Public License can be used, that proxy's +public statement of acceptance of a version permanently authorizes you +to choose that version for the Program. + + Later license versions may give you additional or different +permissions. However, no additional obligations are imposed on any +author or copyright holder as a result of your choosing to follow a +later version. + + 15. Disclaimer of Warranty. + + THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY +OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM +IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF +ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + 16. Limitation of Liability. + + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS +THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY +GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE +USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF +DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD +PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), +EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMAGES. + + 17. Interpretation of Sections 15 and 16. + + If the disclaimer of warranty and limitation of liability provided +above cannot be given local legal effect according to their terms, +reviewing courts shall apply local law that most closely approximates +an absolute waiver of all civil liability in connection with the +Program, unless a warranty or assumption of liability accompanies a +copy of the Program in return for a fee. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +state the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . + +Also add information on how to contact you by electronic and paper mail. + + If the program does terminal interaction, make it output a short +notice like this when it starts in an interactive mode: + + Copyright (C) + This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, your program's commands +might be different; for a GUI interface, you would use an "about box". + + You should also get your employer (if you work as a programmer) or school, +if any, to sign a "copyright disclaimer" for the program, if necessary. +For more information on this, and how to apply and follow the GNU GPL, see +. + + The GNU General Public License does not permit incorporating your program +into proprietary programs. If your program is a subroutine library, you +may consider it more useful to permit linking proprietary applications with +the library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. But first, please read +. diff --git a/Lang/Lang.h b/Lang/Lang.h new file mode 100644 index 0000000..a33e377 --- /dev/null +++ b/Lang/Lang.h @@ -0,0 +1,2 @@ + +#include"en.h" \ No newline at end of file diff --git a/Lang/en.h b/Lang/en.h new file mode 100644 index 0000000..c10fcec --- /dev/null +++ b/Lang/en.h @@ -0,0 +1,54 @@ + +#define ALREADY_INJECTED L"already injected" +#define NEED_32_BIT L"architecture mismatch: only x86 can inject this process" +#define NEED_64_BIT L"architecture mismatch: only x64 can inject this process" +#define INJECT_FAILED L"couldn't inject" +#define LAUNCH_FAILED L"couldn't launch" +#define INVALID_CODE L"invalid code" +#define INVALID_CODEPAGE L"couldn't convert text (invalid codepage?)" +#define PIPE_CONNECTED u8"pipe connected" +#define INSERTING_HOOK u8"inserting hook: %s" +#define REMOVING_HOOK u8"removing hook: %s" +#define TOO_MANY_HOOKS u8"too many hooks: can't insert" +#define HOOK_SEARCH_STARTING u8"starting hook search" +#define HOOK_SEARCH_INITIALIZING u8"initializing hook search (%f%%)" +#define NOT_ENOUGH_TEXT u8"not enough text to search accurately" +#define HOOK_SEARCH_INITIALIZED u8"initialized hook search with %zd hooks" +#define MAKE_GAME_PROCESS_TEXT u8"please click around in the game to force it to process text during the next %d seconds" +#define HOOK_SEARCH_FINISHED u8"hook search finished, %d results found" +#define OUT_OF_RECORDS_RETRY u8"out of search records, please retry if results are poor (default record count increased)" +#define FUNC_MISSING u8"function not present" +#define MODULE_MISSING u8"module not present" +#define GARBAGE_MEMORY u8"memory inline constantly changing, useless to read" +#define SEND_ERROR u8"Send ERROR (likely an unstable/incorrect H-code) in %s" +#define READ_ERROR u8"Reader ERROR (likely an incorrect R-code) in %s" +#define SearchForHooks_ERROR u8"SearchForHooks ERROR: out of memory, retrying to allocate %d" +#define ResultsNum u8"%d results processed" +#define HIJACK_ERROR u8"Hijack ERROR" +#define COULD_NOT_FIND u8"could not find text" +#define CONSOLE L"Console" +#define InvalidLength u8"something went very wrong (invalid length %d at hook address %I64d)" +#define InsertHookFailed u8"failed to insert hook %s" +#define Match_Error u8"ERROR happened when matching engine %s " +#define Attach_Error u8"ERROR happened when attaching engine %s ERROR" +#define Attach_Continue u8"Attach engine %s success and continue" +#define MatchedEngine u8"Matched engine %s" +#define ConfirmStop "Confirmed engine %s, stop checking" +#define Attach_Stop "Attach engine %s success and stop" +#define ProcessRange "hijacking process located from 0x%p to 0x%p" +#define WarningDummy "WARNING injected process is very small, possibly a dummy!" +#define HijackERROR "Hijack ERROR" +#define WndSelectProcess L"SelectProcess" +#define WndLunaHostGui L"LunaHost Gui" +#define NotifyInvalidHookCode L"Invalid HookCode" +#define BtnSelectProcess L"Select Process" +#define BtnAttach L"Attach" +#define BtnRefresh L"Refresh" +#define BtnToClipboard L"to clipboard" +#define BtnInsertUserHook L"Insert UserHook" +#define LblFlushDelay L"flushDelay" +#define LblCodePage L"CodePage" +#define MenuCopyHookCode L"CopyHookCode" +#define MenuRemoveHook L"RemoveHook" +#define MenuDetachProcess L"DetachProcess" +#define DefaultFont L"Arial" \ No newline at end of file diff --git a/LunaHook/CMakeLists.txt b/LunaHook/CMakeLists.txt new file mode 100644 index 0000000..a6f5091 --- /dev/null +++ b/LunaHook/CMakeLists.txt @@ -0,0 +1,35 @@ +include_directories(. util engines) +if(${CMAKE_SIZEOF_VOID_P} EQUAL 8) + set(enginessrc TYPEMOON ENTERGRAM AGES7 mono Godot Renpy 5pb IG LightVN V8 pchooks Artemis KiriKiri YOX PPSSPP CMVS Suika2 ) + set(enginepath "engine64") + set(collector "enginecollection64.cpp") +else() + set(enginessrc ScrPlayer SYSD KISS IGScript Jellyfish BKEngine Overflow SRPGStudio Suika2 FVP LCScript Ohgetsu RPGMakerRGSS3 ONScripterru OVERDRIVE HXP Palette Purple Ruf RUNE Tarte Tomato Sakuradog Troy VitaminSoft Unknown TSSystem Xbangbang Anisetta Nijyuei Interheart LovaGame Giga Jisatu101 lua51 EntisGLS Ciel ACTGS TerraLunar PPSSPP jukujojidai PCSX2 VanillawareGC cef V8 mono pchooks PONScripter Bishop sakanagl Renpy Lightvn KiriKiri SideB BGI Bootup morning shyakunage Regista NNNConfig Eushully Majiro littlecheese Elf Silkys CMVS Wolf Circus1 Circus2 Cotopha Artemis CatSystem Atelier Tenco QLIE Pal AIL2 NeXAS LunaSoft Unicorn Rejet Interlude AdobeAir Retouch Malie Live Nexton Lucifen Waffle TinkerBell SystemAoi Yuris Nitroplus2 Bruns EME RRE Candy Speed ApricoT Triangle AB2Try MBLMED GameMaker DxLib CodeX Minori Sprite RpgmXP Eagls Debonosu C4 WillPlus Tanuki GXP AOS Mink YukaSystem2 sakusesu Exp Syuntada Pensil Anim hibiki Nitroplus Reallive Siglus Taskforce2 RUGP IronGameSystem Anex86 ShinyDaysGame MarineHeart ShinaRio CaramelBox UnisonShift UnisonShift2 Escude Ryokucha Alice Footy2 utawarerumono System4x Abalone Abel 5pb HorkEye XUSE Leaf Nekopack AXL AGS AdobeFlash10 FocasLens Tamamo Ages3ResT) + set(enginepath "engine32") + set(collector "enginecollection32.cpp") +endif() +string(REPLACE ";" ".cpp;${enginepath}/" enginessrc "${enginessrc}") +message("${enginessrc}") +set(enginessrc "${enginepath}/${enginessrc}.cpp") +message("${enginessrc}") +set_source_files_properties(${enginessrc} PROPERTIES SOURCE_ENCODING "UTF-8") + +set(texthook_src + main.cc + texthook.cc + hookfinder.cc + ${enginessrc} + ${collector} + enginecontrol.cpp + embed_util.cc + hijackfuns.cc +) +add_subdirectory(util) +add_subdirectory(engines) +add_library(LunaHook MODULE ${texthook_src} resource.rc) + +target_precompile_headers(LunaHook REUSE_FROM pch) + +set_target_properties(LunaHook PROPERTIES OUTPUT_NAME "LunaHook${bitappendix}") + +target_link_libraries(LunaHook pch minhook commonengine utils ${YY_Thunks_for_WinXP} ${Detours}) \ No newline at end of file diff --git a/LunaHook/NoEngine.h b/LunaHook/NoEngine.h new file mode 100644 index 0000000..bd78867 --- /dev/null +++ b/LunaHook/NoEngine.h @@ -0,0 +1,138 @@ +#include"engine.h" +class NoEngine:public ENGINE{ + public: + bool attach_function(){ + ConsoleOutput("IGNORE %s",getenginename()); + //ConsoleOutput("IGNORE engine"); + return true; + } +}; +class oldSystem40ini:public NoEngine{ + public: + oldSystem40ini(){ + // jichi 1/19/2015: Disable inserting Lstr for System40 + // See: http://sakuradite.com/topic/618 + + check_by=CHECK_BY::FILE; + check_by_target=L"System40.ini"; + }; +}; +// class RPGMakerRGSS3:public NoEngine{ +// public: +// RPGMakerRGSS3(){ +// // jichi 6/7/2015: RPGMaker v3 + +// check_by=CHECK_BY::FILE; +// check_by_target=L"*.rgss3a"; +// }; +// }; + + +// class FVP:public NoEngine{ +// public: +// FVP(){ +// // 7/28/2015 jichi: Favorite games + +// check_by=CHECK_BY::FILE; +// check_by_target=L"*.hcb"; +// }; +// }; + + + +class AdvPlayerHD:public NoEngine{ + public: + AdvPlayerHD(){ + // supposed to be WillPlus + + check_by=CHECK_BY::FILE_ANY; + check_by_target=check_by_list{L"AdvHD.exe",L"AdvHD.dll"}; + }; +}; + + + +class DPM:public NoEngine{ + public: + DPM(){ + // jichi 4/30/2015: Skip games made from らすこう, such as とある人妻のネトラレ事情 + // It has garbage from lstrlenW. Correct text is supposed to be in TabbedTextOutA. + + check_by=CHECK_BY::FILE; + check_by_target=L"data_cg.dpm"; + }; +}; + + +class Escude_ignore:public NoEngine{ + public: + Escude_ignore(){ + // jichi 3/19/2014: Escude game + // Example: bgm.bin gfx.bin maou.bin script.bin snd.bin voc.bin + + check_by=CHECK_BY::FILE_ANY; + check_by_target=check_by_list{L"gfx.bin",L"snd.bin",L"voc.bin"}; + }; +}; + + +class Chartreux:public NoEngine{ + public: + Chartreux(){ + + // jichi 12/28/2014: "Chartreux Inc." in Copyright. + // Sublimary brands include Rosebleu, MORE, etc. + // GetGlyphOutlineA already works. + + check_by=CHECK_BY::RESOURCE_STR; + check_by_target=L"Chartreux"; + }; +}; +class lcsebody:public NoEngine{ + public: + lcsebody(){ + + check_by=CHECK_BY::CUSTOM; + // jichi 3/19/2014: LC-ScriptEngine, GetGlyphOutlineA + check_by_target=[](){ + return (wcsstr(processName, L"lcsebody") || !wcsncmp(processName, L"lcsebo~", 7) || Util::CheckFile(L"lcsebody*")); + }; + }; +}; +// class FVP2:public NoEngine{ +// public: +// FVP2(){ + +// check_by=CHECK_BY::CUSTOM; +// // jichi 3/19/2014: LC-ScriptEngine, GetGlyphOutlineA +// check_by_target=[](){ + + +// wchar_t str[MAX_PATH]; +// DWORD i; +// for (i = 0; processName[i]; i++) { +// str[i] = processName[i]; +// if (processName[i] == L'.') +// break; +// } +// *(DWORD *)(str + i + 1) = 0x630068; //.hcb +// *(DWORD *)(str + i + 3) = 0x62; +// // jichi 10/3/2013: such like アトリエかぐや +// return (Util::CheckFile(str)); +// }; +// }; +// }; + + + //if (Util::CheckFile(L"AGERC.DLL")) { // jichi 3/17/2014: Eushully, AGE.EXE + // ConsoleOutput("IGNORE Eushully"); + // return true; + //} +//if (Util::CheckFile(L"*\\Managed\\UnityEngine.dll")) { // jichi 12/3/2013: Unity (BALDRSKY ZERO) + // ConsoleOutput("IGNORE Unity"); + // return true; + //} + //if (Util::CheckFile(L"bsz_Data\\Managed\\UnityEngine.dll") || Util::CheckFile(L"bsz2_Data\\Managed\\UnityEngine.dll")) { + // ConsoleOutput("IGNORE Unity"); + // return true; + //} diff --git a/LunaHook/embed_util.cc b/LunaHook/embed_util.cc new file mode 100644 index 0000000..8a461d6 --- /dev/null +++ b/LunaHook/embed_util.cc @@ -0,0 +1,233 @@ +#include"embed_util.h" +#include"MinHook.h" +#include"stringutils.h" +#include"main.h" +#include"detours.h" +#include"hijackfuns.h" +#include"winevent.hpp" +#include"defs.h" +DynamicShiftJISCodec *dynamiccodec=new DynamicShiftJISCodec(932); + +std::wstring cast_a2w(HookParam hp,void*data ,size_t len){ + if(hp.type&CODEC_UTF16) + return std::wstring((wchar_t*)(data),len/2); + return StringToWideString(std::string((char*)data,len),hp.codepage?hp.codepage:embedsharedmem->codepage).value(); +} + +void cast_back(HookParam hp,void*data ,size_t *len,std::wstring trans,bool normal){ + if(hp.type&CODEC_UTF16){ + wcscpy((wchar_t*)data,trans.c_str()); + *len=trans.size()*2; + } + else{ + std::string astr; + if(hp.type&EMBED_DYNA_SJIS&&!normal){ + astr=dynamiccodec->encodeSTD(trans,0); + } + else{ + astr=WideStringToString(trans,hp.codepage?hp.codepage:embedsharedmem->codepage); + + } + strcpy((char*)data,astr.c_str()); + *len=astr.size(); + } +} + +struct FunctionInfo { + const char *name; // for debugging purpose + uintptr_t *oldFunction, + newFunction; + bool attached ; + uintptr_t addr; + explicit FunctionInfo(const uintptr_t _addr=0,const char *name = "", uintptr_t *oldFunction = nullptr, uintptr_t newFunction = 0, + bool attached = false ) + : name(name), oldFunction(oldFunction), newFunction(newFunction) + , attached(attached),addr(_addr) + {} + }; +std::unordered_map funcs; // attached functions +std::vector replacedfuns; // attached functions +bool _1f() +{ +#define ADD_FUN(_f) funcs[F_##_f] = FunctionInfo((uintptr_t)_f,#_f, (uintptr_t *)&Hijack::old##_f, (uintptr_t)Hijack::new##_f); + ADD_FUN(CreateFontA) + ADD_FUN(CreateFontW) + ADD_FUN(CreateFontIndirectA) + ADD_FUN(CreateFontIndirectW) + ADD_FUN(GetGlyphOutlineA) + ADD_FUN(GetGlyphOutlineW) + ADD_FUN(GetTextExtentPoint32A) + ADD_FUN(GetTextExtentPoint32W) + ADD_FUN(GetTextExtentExPointA) + ADD_FUN(GetTextExtentExPointW) + //ADD_FUN(GetCharABCWidthsA) + //ADD_FUN(GetCharABCWidthsW) + ADD_FUN(TextOutA) + ADD_FUN(TextOutW) + ADD_FUN(ExtTextOutA) + ADD_FUN(ExtTextOutW) + ADD_FUN(DrawTextA) + ADD_FUN(DrawTextW) + ADD_FUN(DrawTextExA) + ADD_FUN(DrawTextExW) + ADD_FUN(CharNextA) + //ADD_FUN(CharNextW) + //ADD_FUN(CharNextExA) + //ADD_FUN(CharNextExW) + ADD_FUN(CharPrevA) + //ADD_FUN(CharPrevW) + ADD_FUN(MultiByteToWideChar) + ADD_FUN(WideCharToMultiByte) +#undef ADD_FUN +return 0; +} +extern bool DetourAttachedUserAddr; +extern bool hostconnected; +bool _1=_1f(); +void ReplaceFunction(PVOID* oldf,PVOID newf){ + + RemoveHook((uintptr_t)*oldf); + DetourTransactionBegin(); + DetourUpdateThread(GetCurrentThread()); + DetourAttach((PVOID*)oldf, (PVOID)newf); + DetourTransactionCommit(); +} +void attachFunction(uintptr_t _hook_font_flag) +{ + for(auto & _func:funcs){ + if(_func.first&_hook_font_flag){ + if(_func.second.attached)continue; + _func.second.attached = true; + *_func.second.oldFunction=_func.second.addr; + replacedfuns.push_back(_func.first); + ReplaceFunction((PVOID*)_func.second.oldFunction,(PVOID)_func.second.newFunction); + } + } +} +void detachall( ) +{ + DetourTransactionBegin(); + DetourUpdateThread(GetCurrentThread()); + for(auto _flag:replacedfuns){ + auto info=funcs.at(_flag); + DetourDetach((PVOID*)info.oldFunction, (PVOID)info.newFunction); + + } + DetourTransactionCommit(); +} +void solvefont(HookParam hp){ + if(hp.hook_font){ + attachFunction(hp.hook_font); + } + if(hp.hook_font&F_MultiByteToWideChar) + disable_mbwc=true; + if(hp.hook_font&F_WideCharToMultiByte) + disable_wcmb=true; + + if (auto current_patch_fun = patch_fun.exchange(nullptr)){ + current_patch_fun(); + DetourAttachedUserAddr=true; + } +} +static std::wstring alwaysInsertSpacesSTD(const std::wstring& text) + { + std::wstring ret; + for(auto c: text) { + ret.push_back(c); + if (c >= 32) // ignore non-printable characters + ret.push_back(L' '); // or insert \u3000 if needed + } + return ret; + } + bool charEncodableSTD(const wchar_t& ch, UINT codepage) +{ + + if (ch <= 127) // ignore ascii characters + return true; + std::wstring s ; + s.push_back(ch); + return StringToWideString(WideStringToString(s, codepage), codepage).value() == s; +} + static std::wstring insertSpacesAfterUnencodableSTD(const std::wstring& text, HookParam hp) + { + + std::wstring ret; + for(const wchar_t & c: text) { + ret.push_back(c); + if (!charEncodableSTD(c, hp.codepage?hp.codepage:embedsharedmem->codepage)) + ret.push_back(L' '); + } + return ret; + } +std::wstring adjustSpacesSTD(const std::wstring& text,HookParam hp) +{ + + switch (embedsharedmem->spaceadjustpolicy) + { + case 0: return text; + case 1:return alwaysInsertSpacesSTD(text); + case 2:return insertSpacesAfterUnencodableSTD(text, hp); + default:return text; + } +} +bool isPauseKeyPressed() +{ + return WinKey::isKeyControlPressed() + || WinKey::isKeyShiftPressed() && !WinKey::isKeyReturnPressed(); +} +inline UINT64 djb2_n2(const unsigned char * str, size_t len, UINT64 hash = 5381) +{ + int i=0; + while (len--){ + hash = ((hash << 5) + hash) + (*str++); // hash * 33 + c + } + return hash; +} +std::unordered_maptranslatecache; +bool check_is_thread_selected(const ThreadParam& tp){ + for(int i=0;i<10;i++) + if(embedsharedmem->use[i]) + if((embedsharedmem->addr[i]==tp.addr)&&(embedsharedmem->ctx1[i]==tp.ctx)&&(embedsharedmem->ctx2[i]==tp.ctx2)) + return true; + return false; +} +bool check_embed_able(const ThreadParam& tp){ + return hostconnected&&check_is_thread_selected(tp)&&(isPauseKeyPressed()==false); +} +bool waitforevent(UINT32 timems,const ThreadParam& tp,const std::wstring &origin){ + char eventname[1000]; + sprintf(eventname,LUNA_EMBED_notify_event,GetCurrentProcessId(),djb2_n2((const unsigned char*)(origin.c_str()),origin.size()*2)); + auto event=win_event(eventname); + while(timems){ + if(check_embed_able(tp)==false)return false; + auto sleepstep=min(100,timems); + if(event.wait(sleepstep))return true; + timems-=sleepstep; + } + return false; +} +bool TextHook::waitfornotify(TextOutput_T* buffer,void*data ,size_t*len,ThreadParam tp){ + + auto origin=cast_a2w(hp,data,*len); + if(origin.size()>1000)return false; + if(hp.newlineseperator)strReplace(origin,hp.newlineseperator,L"\n"); + cast_back(hp,data,len,origin,true); + TextOutput(tp, buffer, *len); + + std::wstring translate; + if(translatecache.find(origin)!=translatecache.end()){ + translate=translatecache.at(origin); + } + else{ + if(waitforevent(embedsharedmem->waittime,tp,origin)==false)return false; + translate=embedsharedmem->text; + if((translate.size()==0)||(translate==origin))return false; + translatecache.insert(std::make_pair(origin,translate)); + } + if(hp.newlineseperator)strReplace(translate,L"\n",hp.newlineseperator); + translate=adjustSpacesSTD(translate,hp); + if(embedsharedmem->keeprawtext)translate=origin+L" "+translate; + solvefont(hp); + cast_back(hp,data,len,translate,false); + return true; +} \ No newline at end of file diff --git a/LunaHook/embed_util.h b/LunaHook/embed_util.h new file mode 100644 index 0000000..cfd3c19 --- /dev/null +++ b/LunaHook/embed_util.h @@ -0,0 +1,27 @@ +#ifndef __LUNA_EMBED_ENGINE_H +#define __LUNA_EMBED_ENGINE_H +#include"types.h" +#include "texthook.h" +#include"dyncodec/dynsjiscodec.h" + +extern EmbedSharedMem *embedsharedmem; +extern DynamicShiftJISCodec *dynamiccodec ; + +namespace WinKey { + inline bool isKeyPressed(int vk) { return ::GetKeyState(vk) & 0xf0; } + inline bool isKeyToggled(int vk) { return ::GetKeyState(vk) & 0x0f; } + + inline bool isKeyReturnPressed() { return isKeyPressed(VK_RETURN); } + inline bool isKeyControlPressed() { return isKeyPressed(VK_CONTROL); } + inline bool isKeyShiftPressed() { return isKeyPressed(VK_SHIFT); } + inline bool isKeyAltPressed() { return isKeyPressed(VK_MENU); } + } +namespace Engine{ + enum TextRole { UnknownRole = 0, ScenarioRole, NameRole, OtherRole, + ChoiceRole = OtherRole, HistoryRole = OtherRole, + RoleCount }; +} +inline std::atomic patch_fun = nullptr; +void ReplaceFunction(PVOID* oldf,PVOID newf); +bool check_embed_able(const ThreadParam& tp); +#endif \ No newline at end of file diff --git a/LunaHook/engine.h b/LunaHook/engine.h new file mode 100644 index 0000000..401cc85 --- /dev/null +++ b/LunaHook/engine.h @@ -0,0 +1,48 @@ +#ifndef __LUNA_ENGINE_H +#define __LUNA_ENGINE_H + +#include"stackoffset.hpp" +#include"stringutils.h" +#include"stringfilters.h" +#include "util/util.h" +#include "ithsys/ithsys.h" +#include"pchooks/pchooks.h" +#include "disasm/disasm.h" +#include"main.h" +#include"const.h" + +extern WCHAR* processName, processPath[MAX_PATH],processName_lower[MAX_PATH]; // cached +extern uintptr_t processStartAddress, processStopAddress; +extern uintptr_t processStartAddress, processStopAddress; + +class ENGINE{ + public: + const char* enginename; + bool dontstop;//dont stop even if attached a engine + bool is_engine_certain; //stop when match a engine ,even if not attached + + enum class CHECK_BY { + ALL_TRUE, + FILE, FILE_ALL,FILE_ANY, + RESOURCE_STR, + CUSTOM, + }; + CHECK_BY check_by; + // const wchar_t* check_by_single; + // std::vectorcheck_by_list; + // std::functioncheck_by_custom_function; + typedef std::function check_by_custom_function; + typedef std::vector check_by_list; + typedef const wchar_t* check_by_single; + std::variantcheck_by_target; + //virtual bool check_by_target(){return false;}; + virtual bool attach_function()=0; + virtual const char* getenginename(){ + if(enginename)return enginename; + return typeid(*this).name()+6; + } + ENGINE():enginename(nullptr),dontstop(false),is_engine_certain(true),check_by(CHECK_BY::ALL_TRUE){}; + bool check_function(); +}; + +#endif \ No newline at end of file diff --git a/LunaHook/engine32/5pb.cpp b/LunaHook/engine32/5pb.cpp new file mode 100644 index 0000000..41eebb2 --- /dev/null +++ b/LunaHook/engine32/5pb.cpp @@ -0,0 +1,613 @@ +#include"5pb.h" +#include"mages/mages.hpp" +/** jichi 12/2/2014 5pb + * + * Sample game: [140924] CROSS�CHANNEL 〜FINAL COMPLETE� * See: http://sakuradite.com/topic/528 + * + * Debugging method: insert breakpoint. + * The first matched function cannot extract prelude text. + * The second matched function can extract anything but contains garbage. + * + * Function for scenario: + * 0016d90e cc int3 + * 0016d90f cc int3 + * 0016d910 8b15 782b6e06 mov edx,dword ptr ds:[0x66e2b78] ; .00b43bfe + * 0016d916 8a0a mov cl,byte ptr ds:[edx] ; jichi: hook here + * 0016d918 33c0 xor eax,eax + * 0016d91a 84c9 test cl,cl + * 0016d91c 74 41 je short .0016d95f + * 0016d91e 8bff mov edi,edi + * 0016d920 80f9 25 cmp cl,0x25 + * 0016d923 75 11 jnz short .0016d936 + * 0016d925 8a4a 01 mov cl,byte ptr ds:[edx+0x1] + * 0016d928 42 inc edx + * 0016d929 80f9 4e cmp cl,0x4e + * 0016d92c 74 05 je short .0016d933 + * 0016d92e 80f9 6e cmp cl,0x6e + * 0016d931 75 26 jnz short .0016d959 + * 0016d933 42 inc edx + * 0016d934 eb 23 jmp short .0016d959 + * 0016d936 80f9 81 cmp cl,0x81 + * 0016d939 72 05 jb short .0016d940 + * 0016d93b 80f9 9f cmp cl,0x9f + * 0016d93e 76 0a jbe short .0016d94a + * 0016d940 80f9 e0 cmp cl,0xe0 + * 0016d943 72 0c jb short .0016d951 + * 0016d945 80f9 fc cmp cl,0xfc + * 0016d948 77 07 ja short .0016d951 + * 0016d94a b9 02000000 mov ecx,0x2 + * 0016d94f eb 05 jmp short .0016d956 + * 0016d951 b9 01000000 mov ecx,0x1 + * 0016d956 40 inc eax + * 0016d957 03d1 add edx,ecx + * 0016d959 8a0a mov cl,byte ptr ds:[edx] + * 0016d95b 84c9 test cl,cl + * 0016d95d ^75 c1 jnz short .0016d920 + * 0016d95f c3 retn + * + * Function for everything: + * 001e9a76 8bff mov edi,edi + * 001e9a78 55 push ebp + * 001e9a79 8bec mov ebp,esp + * 001e9a7b 51 push ecx + * 001e9a7c 8365 fc 00 and dword ptr ss:[ebp-0x4],0x0 + * 001e9a80 53 push ebx + * 001e9a81 8b5d 10 mov ebx,dword ptr ss:[ebp+0x10] + * 001e9a84 85db test ebx,ebx + * 001e9a86 75 07 jnz short .001e9a8f + * 001e9a88 33c0 xor eax,eax + * 001e9a8a e9 9a000000 jmp .001e9b29 + * 001e9a8f 56 push esi + * 001e9a90 83fb 04 cmp ebx,0x4 + * 001e9a93 72 75 jb short .001e9b0a + * 001e9a95 8d73 fc lea esi,dword ptr ds:[ebx-0x4] + * 001e9a98 85f6 test esi,esi + * 001e9a9a 74 6e je short .001e9b0a + * 001e9a9c 8b4d 0c mov ecx,dword ptr ss:[ebp+0xc] + * 001e9a9f 8b45 08 mov eax,dword ptr ss:[ebp+0x8] + * 001e9aa2 8a10 mov dl,byte ptr ds:[eax] + * 001e9aa4 83c0 04 add eax,0x4 + * 001e9aa7 83c1 04 add ecx,0x4 + * 001e9aaa 84d2 test dl,dl + * 001e9aac 74 52 je short .001e9b00 + * 001e9aae 3a51 fc cmp dl,byte ptr ds:[ecx-0x4] + * 001e9ab1 75 4d jnz short .001e9b00 + * 001e9ab3 8a50 fd mov dl,byte ptr ds:[eax-0x3] + * 001e9ab6 84d2 test dl,dl + * 001e9ab8 74 3c je short .001e9af6 + * 001e9aba 3a51 fd cmp dl,byte ptr ds:[ecx-0x3] + * 001e9abd 75 37 jnz short .001e9af6 + * 001e9abf 8a50 fe mov dl,byte ptr ds:[eax-0x2] + * 001e9ac2 84d2 test dl,dl + * 001e9ac4 74 26 je short .001e9aec + * 001e9ac6 3a51 fe cmp dl,byte ptr ds:[ecx-0x2] + * 001e9ac9 75 21 jnz short .001e9aec + * 001e9acb 8a50 ff mov dl,byte ptr ds:[eax-0x1] + * 001e9ace 84d2 test dl,dl + * 001e9ad0 74 10 je short .001e9ae2 + * 001e9ad2 3a51 ff cmp dl,byte ptr ds:[ecx-0x1] + * 001e9ad5 75 0b jnz short .001e9ae2 + * 001e9ad7 8345 fc 04 add dword ptr ss:[ebp-0x4],0x4 + * 001e9adb 3975 fc cmp dword ptr ss:[ebp-0x4],esi + * 001e9ade ^72 c2 jb short .001e9aa2 + * 001e9ae0 eb 2e jmp short .001e9b10 + * 001e9ae2 0fb640 ff movzx eax,byte ptr ds:[eax-0x1] + * 001e9ae6 0fb649 ff movzx ecx,byte ptr ds:[ecx-0x1] + * 001e9aea eb 46 jmp short .001e9b32 + * 001e9aec 0fb640 fe movzx eax,byte ptr ds:[eax-0x2] + * 001e9af0 0fb649 fe movzx ecx,byte ptr ds:[ecx-0x2] + * 001e9af4 eb 3c jmp short .001e9b32 + * 001e9af6 0fb640 fd movzx eax,byte ptr ds:[eax-0x3] + * 001e9afa 0fb649 fd movzx ecx,byte ptr ds:[ecx-0x3] + * 001e9afe eb 32 jmp short .001e9b32 + * 001e9b00 0fb640 fc movzx eax,byte ptr ds:[eax-0x4] + * 001e9b04 0fb649 fc movzx ecx,byte ptr ds:[ecx-0x4] + * 001e9b08 eb 28 jmp short .001e9b32 + * 001e9b0a 8b4d 0c mov ecx,dword ptr ss:[ebp+0xc] + * 001e9b0d 8b45 08 mov eax,dword ptr ss:[ebp+0x8] + * 001e9b10 8b75 fc mov esi,dword ptr ss:[ebp-0x4] + * 001e9b13 eb 0d jmp short .001e9b22 + * 001e9b15 8a10 mov dl,byte ptr ds:[eax] ; jichi: here, word by word + * 001e9b17 84d2 test dl,dl + * 001e9b19 74 11 je short .001e9b2c + * 001e9b1b 3a11 cmp dl,byte ptr ds:[ecx] + * 001e9b1d 75 0d jnz short .001e9b2c + * 001e9b1f 40 inc eax + * 001e9b20 46 inc esi + * 001e9b21 41 inc ecx + * 001e9b22 3bf3 cmp esi,ebx + * 001e9b24 ^72 ef jb short .001e9b15 + * 001e9b26 33c0 xor eax,eax + * 001e9b28 5e pop esi + * 001e9b29 5b pop ebx + * 001e9b2a c9 leave + * 001e9b2b c3 retn + */ +namespace { // unnamed + + // Characters to ignore: [%0-9A-Z] + bool Insert5pbHook1() + { + const BYTE bytes[] = { + 0xcc, // 0016d90e cc int3 + 0xcc, // 0016d90f cc int3 + 0x8b,0x15, XX4, // 0016d910 8b15 782b6e06 mov edx,dword ptr ds:[0x66e2b78] ; .00b43bfe + 0x8a,0x0a, // 0016d916 8a0a mov cl,byte ptr ds:[edx] ; jichi: hook here + 0x33,0xc0, // 0016d918 33c0 xor eax,eax + 0x84,0xc9 // 0016d91a 84c9 test cl,cl + }; + enum { addr_offset = 0x0016d916 - 0x0016d90e }; + + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + //GROWL_DWORD3(addr+addr_offset, processStartAddress,processStopAddress); + if (!addr) { + ConsoleOutput("5pb1: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr + addr_offset; + hp.offset=get_reg(regs::edx); + hp.type = USING_STRING; + ConsoleOutput("INSERT 5pb1"); + + + // GDI functions are not used by 5pb games anyway. + //ConsoleOutput("5pb: disable GDI hooks"); + // + return NewHook(hp, "5pb1"); + } + + // Characters to ignore: [%@A-z] + inline bool _5pb2garbage_ch(char c) + { + return c == '%' || c == '@' || c >= 'A' && c <= 'z'; + } + + // 001e9b15 8a10 mov dl,byte ptr ds:[eax] ; jichi: here, word by word + void SpecialHook5pb2(hook_stack* stack, HookParam*, uintptr_t* data, uintptr_t* split, size_t* len) + { + static DWORD lasttext; + DWORD text = stack->eax; + if (lasttext == text) + return; + BYTE c = *(BYTE*)text; + if (!c) + return; + BYTE size = ::LeadByteTable[c]; // 1, 2, or 3 + if (size == 1 && _5pb2garbage_ch(*(LPCSTR)text)) + return; + lasttext = text; + *data = text; + *len = size; + } + + bool Insert5pbHook2() + { + const BYTE bytes[] = { + 0x8a,0x10, // 001e9b15 8a10 mov dl,byte ptr ds:[eax] ; jichi: here, word by word + 0x84,0xd2, // 001e9b17 84d2 test dl,dl + 0x74,0x11 // 001e9b19 74 11 je short .001e9b2c + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + //GROWL_DWORD3(addr, processStartAddress,processStopAddress); + if (!addr) { + ConsoleOutput("5pb2: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.type = USING_STRING; + hp.text_fun = SpecialHook5pb2; + ConsoleOutput("INSERT 5pb2"); + + + // GDI functions are not used by 5pb games anyway. + //ConsoleOutput("5pb: disable GDI hooks"); + // + return NewHook(hp, "5pb2"); + } + + /** jichi 2/2/2015: New 5pb hook + * Sample game: Hyperdimension.Neptunia.ReBirth1 + * + * Debugging method: hardware breakpoint and find function in msvc110 + * Then, backtrack the function stack to find proper function. + * + * Hooked function: 558BEC56FF750C8BF1FF75088D460850 + * + * 0025A12E CC INT3 + * 0025A12F CC INT3 + * 0025A130 55 PUSH EBP + * 0025A131 8BEC MOV EBP,ESP + * 0025A133 56 PUSH ESI + * 0025A134 FF75 0C PUSH DWORD PTR SS:[EBP+0xC] + * 0025A137 8BF1 MOV ESI,ECX + * 0025A139 FF75 08 PUSH DWORD PTR SS:[EBP+0x8] + * 0025A13C 8D46 08 LEA EAX,DWORD PTR DS:[ESI+0x8] + * 0025A13F 50 PUSH EAX + * 0025A140 E8 DB100100 CALL .0026B220 + * 0025A145 8B8E 988D0000 MOV ECX,DWORD PTR DS:[ESI+0x8D98] + * 0025A14B 8988 80020000 MOV DWORD PTR DS:[EAX+0x280],ECX + * 0025A151 8B8E A08D0000 MOV ECX,DWORD PTR DS:[ESI+0x8DA0] + * 0025A157 8988 88020000 MOV DWORD PTR DS:[EAX+0x288],ECX + * 0025A15D 8B8E A88D0000 MOV ECX,DWORD PTR DS:[ESI+0x8DA8] + * 0025A163 8988 90020000 MOV DWORD PTR DS:[EAX+0x290],ECX + * 0025A169 8B8E B08D0000 MOV ECX,DWORD PTR DS:[ESI+0x8DB0] + * 0025A16F 8988 98020000 MOV DWORD PTR DS:[EAX+0x298],ECX + * 0025A175 83C4 0C ADD ESP,0xC + * 0025A178 8D8E 188B0000 LEA ECX,DWORD PTR DS:[ESI+0x8B18] + * 0025A17E E8 DDD8FEFF CALL .00247A60 + * 0025A183 5E POP ESI + * 0025A184 5D POP EBP + * 0025A185 C2 0800 RETN 0x8 + * 0025A188 CC INT3 + * 0025A189 CC INT3 + * + * Runtime stack, text in arg1, and name in arg2: + * + * 0015F93C 00252330 RETURN to .00252330 from .0025A130 + * 0015F940 181D0D4C ASCII "That's my line! I won't let any of you + * take the title of True Goddess!" + * 0015F944 0B8B4D20 ASCII " White Heart " + * 0015F948 0B8B5528 + * 0015F94C 0B8B5524 + * 0015F950 /0015F980 + * 0015F954 |0026000F RETURN to .0026000F from .002521D0 + * + * + * Another candidate funciton for backup usage. + * Previous text in arg1. + * Current text in arg2. + * Current name in arg3. + * + * 0026B21C CC INT3 + * 0026B21D CC INT3 + * 0026B21E CC INT3 + * 0026B21F CC INT3 + * 0026B220 55 PUSH EBP + * 0026B221 8BEC MOV EBP,ESP + * 0026B223 81EC A0020000 SUB ESP,0x2A0 + * 0026B229 BA A0020000 MOV EDX,0x2A0 + * 0026B22E 53 PUSH EBX + * 0026B22F 8B5D 08 MOV EBX,DWORD PTR SS:[EBP+0x8] + * 0026B232 56 PUSH ESI + * 0026B233 57 PUSH EDI + * 0026B234 8D041A LEA EAX,DWORD PTR DS:[EDX+EBX] + * 0026B237 B9 A8000000 MOV ECX,0xA8 + * 0026B23C 8BF3 MOV ESI,EBX + * 0026B23E 8DBD 60FDFFFF LEA EDI,DWORD PTR SS:[EBP-0x2A0] + * 0026B244 F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS> + * 0026B246 B9 A8000000 MOV ECX,0xA8 + * 0026B24B 8BF0 MOV ESI,EAX + * 0026B24D 8BFB MOV EDI,EBX + * 0026B24F F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS> + * 0026B251 81C2 A0020000 ADD EDX,0x2A0 + * 0026B257 B9 A8000000 MOV ECX,0xA8 + * 0026B25C 8DB5 60FDFFFF LEA ESI,DWORD PTR SS:[EBP-0x2A0] + * 0026B262 8BF8 MOV EDI,EAX + * 0026B264 F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS> + * 0026B266 81FA 40830000 CMP EDX,0x8340 + * 0026B26C ^7C C6 JL SHORT .0026B234 + * 0026B26E 8BCB MOV ECX,EBX + * 0026B270 E8 EBC7FDFF CALL .00247A60 + * 0026B275 FF75 0C PUSH DWORD PTR SS:[EBP+0xC] + * 0026B278 8B35 D8525000 MOV ESI,DWORD PTR DS:[0x5052D8] ; msvcr110.sprintf + * 0026B27E 68 805C5000 PUSH .00505C80 ; ASCII "%s" + * 0026B283 53 PUSH EBX + * 0026B284 FFD6 CALL ESI + * 0026B286 FF75 10 PUSH DWORD PTR SS:[EBP+0x10] + * 0026B289 8D83 00020000 LEA EAX,DWORD PTR DS:[EBX+0x200] + * 0026B28F 68 805C5000 PUSH .00505C80 ; ASCII "%s" + * 0026B294 50 PUSH EAX + * 0026B295 FFD6 CALL ESI + * 0026B297 83C4 18 ADD ESP,0x18 + * 0026B29A 8BC3 MOV EAX,EBX + * 0026B29C 5F POP EDI + * 0026B29D 5E POP ESI + * 0026B29E 5B POP EBX + * 0026B29F 8BE5 MOV ESP,EBP + * 0026B2A1 5D POP EBP + * 0026B2A2 C3 RETN + * 0026B2A3 CC INT3 + * 0026B2A4 CC INT3 + * 0026B2A5 CC INT3 + * 0026B2A6 CC INT3 + */ + void SpecialHook5pb3(hook_stack* stack, HookParam *hp, uintptr_t* data, uintptr_t* split, size_t* len) + { + int index=0; + // Text in arg1, name in arg2 + if (LPCSTR text = (LPCSTR)stack->stack[index+1]) + if (*text) { + if (index) // trim spaces in character name + while (*text == ' ') text++; + size_t sz = ::strlen(text); + if (index) + while (sz && text[sz - 1] == ' ') sz--; + *data = (DWORD)text; + *len = sz; + *split = FIXED_SPLIT_VALUE << index; + } + } + bool Insert5pbHook3() + { + const BYTE bytes[] = { // function starts + 0x55, // 0025A130 55 PUSH EBP + 0x8b,0xec, // 0025A131 8BEC MOV EBP,ESP + 0x56, // 0025A133 56 PUSH ESI + 0xff,0x75, 0x0c, // 0025A134 FF75 0C PUSH DWORD PTR SS:[EBP+0xC] + 0x8b,0xf1, // 0025A137 8BF1 MOV ESI,ECX + 0xff,0x75, 0x08, // 0025A139 FF75 08 PUSH DWORD PTR SS:[EBP+0x8] + 0x8d,0x46, 0x08, // 0025A13C 8D46 08 LEA EAX,DWORD PTR DS:[ESI+0x8] + 0x50, // 0025A13F 50 PUSH EAX + 0xe8 // 0025A140 E8 DB100100 CALL .0026B220 + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + //GROWL_DWORD3(addr, processStartAddress,processStopAddress); + if (!addr) { + ConsoleOutput("5pb2: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.type = USING_STRING | NO_CONTEXT; + hp.text_fun = SpecialHook5pb3; + hp.filter_fun = NewLineCharToSpaceFilterA; // replace '\n' by ' ' + ConsoleOutput("INSERT 5pb3"); + + // GDI functions are not used by 5pb games anyway. + //ConsoleOutput("5pb: disable GDI hooks"); + // + return NewHook(hp, "5pb3"); + } +} // unnamed namespace + +bool Insert5pbHook() +{ + bool ok = Insert5pbHook1(); + ok = Insert5pbHook2() || ok; + ok = Insert5pbHook3() || ok; + return ok; +} +bool Insert5pbHookex() { + //祝姬 + const BYTE bytes[] = { + 0x0F,0xB6,0xC2, 0x35,0xC5 ,0x9D ,0x1C ,0x81 + }; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (addr == 0)return false; + const BYTE start[] = { + 0x55,0x8b,0xec,0x83,0xe4 + }; + addr = reverseFindBytes(start, sizeof(start), addr - 0x40, addr); + if (addr == 0)return false; + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::ecx); + hp.type = CODEC_UTF16; + + return NewHook(hp, "5pb"); +} + +bool InsertStuffScriptHook() +{ + // BOOL GetTextExtentPoint32( + // _In_ HDC hdc, + // _In_ LPCTSTR lpString, + // _In_ int c, + // _Out_ LPSIZE lpSize + // ); + HookParam hp; + hp.address = (DWORD)::GetTextExtentPoint32A; + hp.offset=get_stack(2); // arg2 lpString + hp.split = get_reg(regs::esp); + hp.type = USING_STRING | USING_SPLIT; + ConsoleOutput("INSERT StuffScriptEngine"); + return NewHook(hp, "StuffScriptEngine"); + //RegisterEngine(ENGINE_STUFFSCRIPT); +} +bool StuffScript2Filter(LPVOID data, size_t *size, HookParam *) +{ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + + if (text[0] == '-') { + StringFilter(text, len, "-/-", 3); + StringFilterBetween(text, len, "-", 1, "-", 1); + } + StringCharReplacer(text, len, "_n_r", 4, '\n'); + StringCharReplacer(text, len, "_r", 2, ' '); + StringFilter(text, len, "\\n", 2); + StringFilter(text, len, "_n", 2); + + return true; +} +bool InsertStuffScript2Hook() +{ + + /* + * Sample games: + * https://vndb.org/r41537 + * https://vndb.org/r41539 + */ + const BYTE bytes[] = { + 0x0F, XX, XX4, // jne tokyobabel.exe+3D4E8 + 0xB9, XX4, // mov ecx,tokyobabel.exe+54EAC + 0x8D, 0x85, XX4, // lea eax,[ebp+tokyobabel.exe+59B968] + 0x8A, 0x10, // mov dl,[eax] <-- hook here + 0x3A, 0x11, // cmp dl,[ecx] + 0x75, 0x1A, // jne tokyobabel.exe+3D1D7 + 0x84, 0xD2, // test dl,dl + 0x74, 0x12, // je tokyobabel.exe+3D1D3 + 0x8A, 0x50, 0x01, // mov dl,[eax+01] + 0x3A, 0x51, 0x01, // cmp dl,[ecx+01] + 0x75, 0x0E, // jne tokyobabel.exe+3D1D7 + 0x83, 0xC0, 0x02, // add eax,02 + 0x83, 0xC1, 0x02, // add ecx,02 + 0x84, 0xD2, // test dl,dl + 0x75, 0xE4, // jne Agreement.exe+4F538 + 0x33, 0xC0, // xor eax,eax + 0xEB, 0x05, // jmp Agreement.exe+4F55D + 0x1B, 0xC0, // sbb eax,eax + 0x83, 0xD8, 0xFF, // sbb eax,-01 + XX2, // cmp eax,edi + 0x0F, 0x84, XX4 // je tokyobabel.exe+3D4E8 + }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) + return false; + + HookParam hp; + hp.address = addr + 0x11; + hp.offset=get_reg(regs::eax); + hp.index = 0; + hp.type = USING_STRING | NO_CONTEXT; + hp.filter_fun = StuffScript2Filter; + ConsoleOutput("INSERT StuffScript2"); + return NewHook(hp, "StuffScript2"); +} + +bool StuffScript_attach_function() { + auto _=InsertStuffScriptHook(); + _|=InsertStuffScript2Hook(); + return _; +} +bool _5pb::attach_function() { + bool b1 = Insert5pbHook(); + bool b2 = Insert5pbHookex(); + bool b3=mages::MAGES(); + bool sf=StuffScript_attach_function(); + return b1 || b2 || b3||sf; +} + + +bool KaleidoFilter(LPVOID data, size_t* size, HookParam*) +{ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + + // Unofficial eng TL with garbage newline spaces + StringCharReplacer(text, len, " \\n ", 4, ' '); + StringCharReplacer(text, len, " \\n", 3, ' '); + StringCharReplacer(text, len, "\\n", 2, ' '); + StringCharReplacer(text, len, "\xEF\xBC\x9F", 3, '?'); + + return true; +} + +bool InsertKaleidoHook() +{ + + /* + * Sample games: + * https://vndb.org/v29889 + */ + const BYTE bytes[] = { + 0xFF, 0x75, 0xD4, // push [ebp-2C] + 0xE8, XX4, // call 5toubun.exe+1DD0 + 0x83, 0xC4, 0x0C, // add esp,0C + 0x8A, 0xC3, // mov al,bl + 0x8B, 0x4D, 0xF4, // mov ecx,[ebp-0C] + 0x64, 0x89, 0x0D, XX4, // mov fs:[00000000],ecx + 0x59 // pop ecx << hook here + }; + enum { addr_offset = sizeof(bytes) - 1 }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + ConsoleOutput("Kaleido: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr + addr_offset; + hp.offset=get_reg(regs::esi); + hp.index = 0; + hp.split =get_stack(3); + hp.split_index = 0; + hp.type = USING_STRING | USING_SPLIT; + hp.filter_fun = KaleidoFilter; + ConsoleOutput(" INSERT Kaleido"); + + return NewHook(hp, "Kaleido"); +} +namespace +{ //ANONYMOUS;CODE 官中 + bool __1() { + BYTE bytes[] = { + 0x8d,0x45,0xf4,0x64,0xA3,0x00,0x00,0x00,0x00,0x8b,0xf1,0x8a,0x46,0x2c,0x8b,0x55,0x08,0x84,0xc0,0x74,0x04,0x32,0xc0 + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!addr) return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (addr == 0)return false; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.type = USING_STRING | CODEC_UTF8 | EMBED_ABLE | EMBED_BEFORE_SIMPLE | EMBED_AFTER_NEW; + hp.newlineseperator = L"\\n"; + return NewHook(hp, "5bp"); + } + bool __() { + BYTE sig1[] = { + 0x81,0xFE,0xF0,0x00,0x00,0x00 + }; + BYTE sig2[] = { + 0x81,0xFE,0xF8,0x00,0x00,0x00 + }; + BYTE sig3[] = { + 0x81,0xFE,0xFC,0x00,0x00,0x00 + }; + BYTE sig4[] = { + 0x81,0xFE,0xFE,0x00,0x00,0x00 + }; + BYTE sig5[] = { + 0x81,0xFE,0x80,0x00,0x00,0x00 + }; + BYTE sig6[] = { + 0x81,0xFE,0xE0,0x00,0x00,0x00 + }; + std::unordered_mapaddr_hit; + for (auto sigsz : std::vector>{ {sig1,sizeof(sig1)},{sig2,sizeof(sig2)},{sig3,sizeof(sig3)},{sig4,sizeof(sig4)},{sig5,sizeof(sig5)},{sig6,sizeof(sig6)} }) { + for (auto addr : Util::SearchMemory(sigsz.first, sigsz.second, PAGE_EXECUTE, processStartAddress, processStopAddress)) { + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (addr == 0)continue; + if (addr_hit.find(addr) == addr_hit.end()) { + addr_hit[addr] = 1; + } + else addr_hit[addr] += 1; + } + } + DWORD addr = 0; int m = 0; + for (auto _ : addr_hit) { + if (_.second > m) { + m = _.second; + addr = _.first; + } + } + if(!addr)return false; + + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.type = USING_STRING | CODEC_UTF8; + hp.filter_fun = [](LPVOID data, size_t* size, HookParam*) { + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + StringCharReplacer(text, len, "\\n", 2, '\n'); + return true; + }; + return NewHook(hp, "5bp"); + } +} // namespace name + + +bool _5pb_2::attach_function() { + bool ___1 = __1() || __(); + return InsertKaleidoHook() || ___1; +} \ No newline at end of file diff --git a/LunaHook/engine32/5pb.h b/LunaHook/engine32/5pb.h new file mode 100644 index 0000000..9101af5 --- /dev/null +++ b/LunaHook/engine32/5pb.h @@ -0,0 +1,23 @@ +#include"engine.h" + +class _5pb:public ENGINE{ + public: + _5pb(){ + is_engine_certain=false; + check_by=CHECK_BY::FILE_ANY; + check_by_target=check_by_list{ L"data\\*.cpk",L"*.cpk",L"*.mpk",L"USRDIR\\*.mpk"}; + + }; + bool attach_function(); +}; + +class _5pb_2:public ENGINE{ + public: + _5pb_2(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"windata/script_body.bin"; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/AB2Try.cpp b/LunaHook/engine32/AB2Try.cpp new file mode 100644 index 0000000..4d2ffc3 --- /dev/null +++ b/LunaHook/engine32/AB2Try.cpp @@ -0,0 +1,82 @@ +#include"AB2Try.h" + +/******************************************************************************************** +AkabeiSoft2Try hook: + Game folder contains YaneSDK.dll. Maybe we should call the engine Yane(屋� = roof)? + This engine is based on .NET framework. This really makes it troublesome to locate a + valid hook address. The problem is that the engine file merely contains bytecode for + the CLR. Real meaningful object code is generated dynamically and the address is randomized. + Therefore the easiest method is to brute force search whole address space. While it's not necessary + to completely search the whole address space, since non-executable pages can be excluded first. + The generated code sections do not belong to any module(exe/dll), hence they do not have + a section name. So we can also exclude executable pages from all modules. At last, the code + section should be long(>0x2000). The remain address space should be several MBs in size and + can be examined in reasonable time(less than 0.1s for P8400 Win7x64). + Characteristic sequence is 0F B7 44 50 0C, stands for movzx eax, word ptr [edx*2 + eax + C]. + Obviously this instruction extracts one unicode character from a string. + A main shortcoming is that the code is not generated if it hasn't been used yet. + So if you are in title screen this approach will fail. + +********************************************************************************************/ +namespace { // unnamed + +typedef struct _NSTRING +{ + PVOID vfTable; + DWORD lenWithNull; + DWORD lenWithoutNull; + WCHAR str[1]; +} NSTRING; + +// qsort correctly identifies overflow. +int cmp(const void * a, const void * b) +{ return *(int*)a - *(int*)b; } + +void SpecialHookAB2Try(hook_stack* stack, HookParam *, uintptr_t *data, uintptr_t *split, size_t *len) +{ + //DWORD test = *(DWORD*)(esp_base - 0x10); + DWORD edx = stack->edx; + if (edx != 0) + return; + + //NSTRING *s = *(NSTRING **)(esp_base - 8); + if (const NSTRING *s = (NSTRING *)stack->eax) { + *len = s->lenWithoutNull << 1; + *data = (DWORD)s->str; + //*split = 0; + *split = FIXED_SPLIT_VALUE; // 8/3/2014 jichi: change to single threads + } +} + +bool FindCharacteristInstruction() +{ + const BYTE bytes[] = { 0x0F, 0xB7, 0x44, 0x50, 0x0C, 0x89 }; + for (auto addr : Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE_READWRITE)) + { + //GROWL_DWORD(addr); + HookParam hp; + hp.address = addr; + hp.text_fun = SpecialHookAB2Try; + hp.type = USING_STRING | NO_CONTEXT | CODEC_UTF16; + ConsoleOutput("INSERT AB2Try"); + //ConsoleOutput("Please adjust text speed to fastest/immediate."); + //RegisterEngineType(ENGINE_AB2T); + return NewHook(hp, "AB2Try"); + } + return false; +} +} // unnamed namespace +bool InsertAB2TryHook() +{ + bool ret = FindCharacteristInstruction(); + if (ret) + ConsoleOutput("AB2Try: found characteristic sequence"); + else + ConsoleOutput("AB2Try: cannot find characteristic sequence. Make sure you have start the game and have seen some text on the screen."); + return ret; +} + + +bool AB2Try::attach_function() { + return InsertAB2TryHook(); +} \ No newline at end of file diff --git a/LunaHook/engine32/AB2Try.h b/LunaHook/engine32/AB2Try.h new file mode 100644 index 0000000..e6a4a1f --- /dev/null +++ b/LunaHook/engine32/AB2Try.h @@ -0,0 +1,11 @@ +#include"engine.h" + +class AB2Try:public ENGINE{ + public: + AB2Try(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"Yanesdk.dll"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/ACTGS.cpp b/LunaHook/engine32/ACTGS.cpp new file mode 100644 index 0000000..d232111 --- /dev/null +++ b/LunaHook/engine32/ACTGS.cpp @@ -0,0 +1,25 @@ +#include"ACTGS.h" + +bool ACTGS::attach_function() { + const BYTE bytes[] = { + 0x0F,0xBE,0xD0, + 0x83,0xFA,0x20, + 0x74,XX, + 0x83,0xfa,0x09, + 0x75,XX + + }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) return false; + + addr = findfuncstart(addr); + if (!addr) return false; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(2); + hp.type = USING_STRING; + hp.filter_fun = all_ascii_Filter; + + return NewHook(hp, "ACTGS"); +} \ No newline at end of file diff --git a/LunaHook/engine32/ACTGS.h b/LunaHook/engine32/ACTGS.h new file mode 100644 index 0000000..e389ca0 --- /dev/null +++ b/LunaHook/engine32/ACTGS.h @@ -0,0 +1,11 @@ +#include"engine.h" + +class ACTGS:public ENGINE{ + public: + ACTGS(){ + + check_by=CHECK_BY::RESOURCE_STR; + check_by_target=L"ACTRESS Game System"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/AGS.cpp b/LunaHook/engine32/AGS.cpp new file mode 100644 index 0000000..69dec70 --- /dev/null +++ b/LunaHook/engine32/AGS.cpp @@ -0,0 +1,90 @@ +#include"AGS.h" + + +bool InsertAGSHook() +{ + + const BYTE bytes1[] = { + /*.text:0043E3A0 55 push ebp +.text : 0043E3A1 8B EC mov ebp, esp +.text : 0043E3A3 83 EC 38 sub esp, 38h +.text : 0043E3A6 53 push ebx +.text : 0043E3A7 56 push esi +.text : 0043E3A8 8B F1 mov esi, ecx*/ + 0x55, + 0x8b,0xec, + 0x83,0xec,0x38,0x53,0x56,0x8b,0xf1 + }; + + ULONG addr = MemDbg::findBytes(bytes1, sizeof(bytes1), processStartAddress, processStopAddress); + if (!addr) { + return false; + } + const BYTE bytes2[] = { + /* .text:0043E95E FF 75 08 push[ebp + arg_0] +.text:0043E961 8B CE mov ecx, esi +.text : 0043E963 E8 38 FA FF FF call sub_43E3A0*/ + 0xff,0x75,0x08, + 0x8b,0xce + }; + bool ok = false; + + auto addrs = findrelativecall(bytes2, sizeof(bytes2), addr, processStartAddress, processStopAddress); + + for(auto addr :addrs){ + addr = findfuncstart(addr); + if (!addr)continue; + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::eax); + hp.type = USING_STRING; + ConsoleOutput("INSERT HOOK_AGS %p",addr); + + ok |= NewHook(hp, "HOOK_AGS"); + } + + + return ok; + +} + +namespace{ + bool hook2(){ + //誘惑女教師~熟れた蜜の味~ + auto entry=Util::FindImportEntry(processStartAddress,(DWORD)TextOutA); + + if(entry==0)return false; + BYTE bytes[]={0xFF,0x15,XX4}; + memcpy(bytes+2,&entry,4); + for (auto addr : Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE, processStartAddress, processStopAddress) ) { + + auto funcaddr = findfuncstart(addr,0x1000); + ConsoleOutput("funcaddr %p",funcaddr); + if (!funcaddr) continue; + BYTE sig1[]={0x68,0x00,0x80,0x00,0x00,0x6a,0x00}; + BYTE sig2[]={0x2D,0xC0,0x00,0x00,0x00,0xC1,0xE0,0x08}; + BYTE sig3[]={0x83,0xC0,0x80,0xC1,0xE0,0x08}; + BYTE sig4[]={0x3C,0xA0,0x0F,0xB6,0xC0}; + int found=0; + for(auto sigsz:std::vector>{{sig1,sizeof(sig1)},{sig2,sizeof(sig2)},{sig3,sizeof(sig3)},{sig4,sizeof(sig4)}}){ + auto fd= MemDbg::findBytes(sigsz.first, sigsz.second, funcaddr, addr); + ConsoleOutput("%p",fd); + if(fd)found+=1; + } + if(found==4){ + HookParam hp; + hp.address = funcaddr; + hp.type = DATA_INDIRECT; + hp.offset=get_stack(1); + hp.index=0; + return NewHook(hp, "AGS"); + } + } + return false; + } +} + +bool AGS::attach_function() { + + return InsertAGSHook()||hook2(); +} \ No newline at end of file diff --git a/LunaHook/engine32/AGS.h b/LunaHook/engine32/AGS.h new file mode 100644 index 0000000..13e35b1 --- /dev/null +++ b/LunaHook/engine32/AGS.h @@ -0,0 +1,12 @@ +#include"engine.h" + +class AGS:public ENGINE{ + public: + AGS(){ + + check_by=CHECK_BY::FILE_ANY; + check_by_target=check_by_list{L"voice/*.pk",L"sound/*.pk",L"misc/*.pk"}; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/AIL2.cpp b/LunaHook/engine32/AIL2.cpp new file mode 100644 index 0000000..14cb727 --- /dev/null +++ b/LunaHook/engine32/AIL2.cpp @@ -0,0 +1,58 @@ +#include"AIL2.h" +bool InsertAIL2Hook() { + auto findalign = [](uintptr_t addr1) { + const BYTE pattern[] = { 0x90,0x90,0x83,0xec }; + return reverseFindBytes(pattern, sizeof(pattern), processStartAddress, addr1) + 2; + }; + bool succ=false; + BYTE bytes1[] = { + // .text:0042E5DF 3C 66 cmp al, 66h; 'f' + //.text:0042E5E1 74 57 jz short loc_42E63A + //.text : 0042E5E1 + //.text : 0042E5E3 3C 70 cmp al, 70h; 'p' + //.text:0042E5E5 74 4C jz short loc_42E633 + //.text : 0042E5E5 + //.text : 0042E5E7 3C 73 cmp al, 73h; 's' + //.text:0042E5E9 74 37 jz short loc_42E622 + 0x3c,0x66, + 0x74,XX, + 0x3c,0x70, + 0x74,XX, + 0x3c,0x73, + 0x74,XX + }; + auto addr1 = MemDbg::findBytes(bytes1, sizeof(bytes1), processStartAddress, processStopAddress); + if (addr1 == 0) return false; + addr1 = findalign(addr1); + if (addr1 == 0) return false; + ConsoleOutput("AIL1 %p", addr1); + HookParam hp; + hp.address = addr1; + hp.codepage = 932; + hp.offset=get_stack(3); + hp.type = USING_STRING; + succ|=NewHook(hp, "AIL1"); + + BYTE bytes[] = { //if ( v12 != 32 && v12 != 33088 ) + 0x3d,0x40,0x81,0x00,0x00,0x0f + }; + + addr1 = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (addr1 == 0) return succ; + addr1 = MemDbg::findEnclosingAlignedFunction(addr1); + if (addr1 == 0) return succ; + hp = {}; + hp.address = addr1; + hp.codepage = 932; + hp.offset=get_stack(4); + hp.type = USING_STRING | USING_SPLIT; + hp.split_index = 0; + succ|=NewHook(hp, "AIL2"); + + return succ; +} +bool AIL2::attach_function() { + //アイル + + return InsertAIL2Hook(); +} \ No newline at end of file diff --git a/LunaHook/engine32/AIL2.h b/LunaHook/engine32/AIL2.h new file mode 100644 index 0000000..ec52302 --- /dev/null +++ b/LunaHook/engine32/AIL2.h @@ -0,0 +1,11 @@ +#include"engine.h" + +class AIL2:public ENGINE{ + public: + AIL2(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"Gall*.dat"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/AOS.cpp b/LunaHook/engine32/AOS.cpp new file mode 100644 index 0000000..e7760ae --- /dev/null +++ b/LunaHook/engine32/AOS.cpp @@ -0,0 +1,279 @@ +#include"AOS.h" + +/** + * jichi 4/1/2014: Insert AOS hook + * About 彩斤�: http://erogetrailers.com/brand/165 + * About AOS: http://asmodean.reverse.net/pages/exaos.html + * + * Sample games: + * + * [140228] [Sugar Pot] 恋する少女と想�キセキ V1.00 H-CODE by �쿿 + * - /HB8*0@3C2F0:恋する少女と想�キセキ.exe + * - /HBC*0@3C190:恋する少女と想�キセキ.exe + * + * [120224] [Sugar Pot] ヂ�モノツキ + * + * LiLiM games + * + * /HB8*0@3C2F0:恋する少女と想�キセ + * - addr: 246512 = 0x3c2f0 + * - length_offset: 1 + * - module: 1814017450 + * - off: 8 + * - type: 72 = 0x48 + * + * 00e3c2ed cc int3 + * 00e3c2ee cc int3 + * 00e3c2ef cc int3 + * 00e3c2f0 /$ 51 push ecx ; jichi: hook here, function starts + * 00e3c2f1 |. a1 0c64eb00 mov eax,dword ptr ds:[0xeb640c] + * 00e3c2f6 |. 8b0d 7846eb00 mov ecx,dword ptr ds:[0xeb4678] + * 00e3c2fc |. 53 push ebx + * 00e3c2fd |. 55 push ebp + * 00e3c2fe |. 8b6c24 10 mov ebp,dword ptr ss:[esp+0x10] + * 00e3c302 |. 56 push esi + * 00e3c303 |. 8b35 c446eb00 mov esi,dword ptr ds:[0xeb46c4] + * 00e3c309 |. 57 push edi + * 00e3c30a |. 0fb63d c746eb00 movzx edi,byte ptr ds:[0xeb46c7] + * 00e3c311 |. 81e6 ffffff00 and esi,0xffffff + * 00e3c317 |. 894424 18 mov dword ptr ss:[esp+0x18],eax + * 00e3c31b |. 85ff test edi,edi + * 00e3c31d |. 74 6b je short 恋する�00e3c38a + * 00e3c31f |. 8bd9 mov ebx,ecx + * 00e3c321 |. 85db test ebx,ebx + * 00e3c323 |. 74 17 je short 恋する�00e3c33c + * 00e3c325 |. 8b4b 28 mov ecx,dword ptr ds:[ebx+0x28] + * 00e3c328 |. 56 push esi ; /color + * 00e3c329 |. 51 push ecx ; |hdc + * 00e3c32a |. ff15 3c40e800 call dword ptr ds:[<&gdi32.SetTextColor>>; \settextcolor + * 00e3c330 |. 89b3 c8000000 mov dword ptr ds:[ebx+0xc8],esi + * 00e3c336 |. 8b0d 7846eb00 mov ecx,dword ptr ds:[0xeb4678] + * 00e3c33c |> 0fbf55 1c movsx edx,word ptr ss:[ebp+0x1c] + * 00e3c340 |. 0fbf45 0a movsx eax,word ptr ss:[ebp+0xa] + * 00e3c344 |. 0fbf75 1a movsx esi,word ptr ss:[ebp+0x1a] + * 00e3c348 |. 03d7 add edx,edi + * 00e3c34a |. 03c2 add eax,edx + * 00e3c34c |. 0fbf55 08 movsx edx,word ptr ss:[ebp+0x8] + * 00e3c350 |. 03f7 add esi,edi + * 00e3c352 |. 03d6 add edx,esi + * 00e3c354 |. 85c9 test ecx,ecx + * 00e3c356 |. 74 32 je short 恋する�00e3c38a + */ + +bool InsertAOS1Hook() +{ + // jichi 4/2/2014: The starting of this function is different from ヂ�モノツキ + // So, use a pattern in the middle of the function instead. + // + //const BYTE bytes[] = { + // 0x51, // 00e3c2f0 /$ 51 push ecx ; jichi: hook here, function begins + // 0xa1, 0x0c,0x64,0xeb,0x00, // 00e3c2f1 |. a1 0c64eb00 mov eax,dword ptr ds:[0xeb640c] + // 0x8b,0x0d, 0x78,0x46,0xeb,0x00, // 00e3c2f6 |. 8b0d 7846eb00 mov ecx,dword ptr ds:[0xeb4678] + // 0x53, // 00e3c2fc |. 53 push ebx + // 0x55, // 00e3c2fd |. 55 push ebp + // 0x8b,0x6c,0x24, 0x10, // 00e3c2fe |. 8b6c24 10 mov ebp,dword ptr ss:[esp+0x10] + // 0x56, // 00e3c302 |. 56 push esi + // 0x8b,0x35, 0xc4,0x46,0xeb,0x00, // 00e3c303 |. 8b35 c446eb00 mov esi,dword ptr ds:[0xeb46c4] + // 0x57, // 00e3c309 |. 57 push edi + // 0x0f,0xb6,0x3d, 0xc7,0x46,0xeb,0x00, // 00e3c30a |. 0fb63d c746eb00 movzx edi,byte ptr ds:[0xeb46c7] + // 0x81,0xe6, 0xff,0xff,0xff,0x00 // 00e3c311 |. 81e6 ffffff00 and esi,0xffffff + //}; + //enum { addr_offset = 0 }; + + const BYTE bytes[] = { + 0x0f,0xbf,0x55, 0x1c, // 00e3c33c |> 0fbf55 1c movsx edx,word ptr ss:[ebp+0x1c] + 0x0f,0xbf,0x45, 0x0a, // 00e3c340 |. 0fbf45 0a movsx eax,word ptr ss:[ebp+0xa] + 0x0f,0xbf,0x75, 0x1a, // 00e3c344 |. 0fbf75 1a movsx esi,word ptr ss:[ebp+0x1a] + 0x03,0xd7, // 00e3c348 |. 03d7 add edx,edi + 0x03,0xc2, // 00e3c34a |. 03c2 add eax,edx + 0x0f,0xbf,0x55, 0x08, // 00e3c34c |. 0fbf55 08 movsx edx,word ptr ss:[ebp+0x8] + 0x03,0xf7, // 00e3c350 |. 03f7 add esi,edi + 0x03,0xd6, // 00e3c352 |. 03d6 add edx,esi + 0x85,0xc9 // 00e3c354 |. 85c9 test ecx,ecx + }; + enum { addr_offset = 0x00e3c2f0 - 0x00e3c33c }; // distance to the beginning of the function, which is 0x51 (push ecx) + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + //GROWL(reladdr); + if (!addr) { + ConsoleOutput("AOS1: pattern not found"); + return false; + } + addr += addr_offset; + //GROWL(addr); + enum { push_ecx = 0x51 }; // beginning of the function + if (*(BYTE *)addr != push_ecx) { + ConsoleOutput("AOS1: beginning of the function not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset=get_stack(2); + hp.type = DATA_INDIRECT; + + ConsoleOutput("INSERT AOS1"); + + return NewHook(hp, "AOS1"); +} + +bool InsertAOS2Hook() +{ + const BYTE bytes[] = { + 0x51, // 00C4E7E0 /$ 51 PUSH ECX ; mireado: hook here, function begins + 0x33,0xc0, // 00C4E7E1 |. 33C0 XOR EAX,EAX + 0x53, // 00C4E7E3 |. 53 PUSH EBX + 0x55, // 00C4E7E4 |. 55 PUSH EBP + 0x8b,0x2d//, XX4, // 00C4E7E5 |. 8B2D 40A3CF00 MOV EBP,DWORD PTR DS:[0CFA340] ; mireado: some time changing 40A3CF00 => 40A3C000 + //0x89,0x07, // 00C4E7EB |. 8907 MOV DWORD PTR DS:[EDI],EAX + //0x89,0x47, 0x04 // 00C4E7ED |. 8947 04 MOV DWORD PTR DS:[EDI+4],EAX + //0x56, // 00C4E7F0 |. 56 PUSH ESI + //0x8b,0x75, 0x44 // 00C4E7F1 |. 8B75 44 MOV ESI,DWORD PTR SS:[EBP+44] + }; + + enum { addr_offset = 0 }; // distance to the beginning of the function, which is 0x51 (push ecx) + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + //GROWL(reladdr); + if (!addr) { + ConsoleOutput("AOS2: pattern not found"); + return false; + } + addr += addr_offset; + //GROWL(addr); + enum { push_ecx = 0x51 }; // beginning of the function + if (*(BYTE *)addr != push_ecx) { + ConsoleOutput("AOS2: beginning of the function not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset=get_stack(2); + hp.type = DATA_INDIRECT; + + ConsoleOutput("INSERT AOS2"); + + return NewHook(hp, "AOS2"); +} + +bool InsertAOSHook() +{ return InsertAOS1Hook() || InsertAOS2Hook();} + + +namespace{ + +DWORD calladdr(DWORD addr){ + if(addr==0)return 0; + BYTE callop[] = { 0xe8 }; + addr = reverseFindBytes(callop, sizeof(callop), addr - 0x20, addr); + if (addr == 0)return 0; + auto calladdr = *(int*)((char*)addr + 1); + ConsoleOutput("calladdr %p", calladdr); + addr = calladdr + addr + 5; + ConsoleOutput("funcaddr %p", addr); + if (*(BYTE*)((BYTE*)addr - 1) != 0xcc)return 0; + return addr; +} +DWORD lastcall(){ + auto entry=Util::FindImportEntry(processStartAddress,(DWORD)TextOutA); + + if(entry==0)return 0; + BYTE bytes[]={0xFF,0x15,XX4}; + memcpy(bytes+2,&entry,4); + auto addr = reverseFindBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if(addr==0)return 0; + addr = MemDbg::findEnclosingAlignedFunction(addr); + return addr; +} +} +regs mov_reg_ebpoffset(int reg) { + switch (reg) { + case 0x4B: + return regs::ebx; + case 0x48: + return regs::eax; + case 0x49: + return regs::ecx; + case 0x4a: + return regs::edx; + case 0x4c: + return regs::ebp; + case 0x4d: + return regs::esp; + case 0x4e: + return regs::esi; + case 0x4f: + return regs::edi; + default: + return regs::invalid; + } +} +bool AOS_EX() { + BYTE aos_shared_bytes1[] = { + 0x3c,XX, + 0x74,XX, + 0x3c,XX, + 0x74,XX, + 0x3c,XX, + 0x74,XX, + 0x3c,XX, + 0x74,XX, + 0x3c,XX, + 0x74,XX, + }; + BYTE aos_shared_bytes2[] = { + + 0x80,0xfb,XX, + 0x74,XX, + 0x80,0xfb,XX, + 0x74,XX, + 0x80,0xfb,XX, + 0x74,XX, + 0x80,0xfb,XX, + 0x74,XX + }; + std::vectoraddrs; + addrs.push_back(calladdr(MemDbg::findBytes(aos_shared_bytes1, sizeof(aos_shared_bytes1), processStartAddress, processStopAddress))); + addrs.push_back(calladdr(MemDbg::findBytes(aos_shared_bytes2, sizeof(aos_shared_bytes2), processStartAddress, processStopAddress))); + addrs.push_back(lastcall()); + for(auto addr: addrs){ + if (addr == 0)continue; + auto reg = mov_reg_ebpoffset(*(BYTE*)((BYTE*)addr + 5)); + int off; + if (reg!=regs::invalid){ + //usercall + off=get_reg(reg); + } + else if(((*(WORD*)addr))==0xec83) { + //姫様LOVEライフ! + //也是usercall,但是第二个参数是栈上。 + off=get_stack(1); + } + else{ + //螺旋遡行のディストピア -The infinite set of alternative version- 官方中文 + BYTE sig[]={0x89,0x55,0xFC}; + if(MemDbg::findBytes(sig, sizeof(sig), addr, addr+0x20)){ + off=get_reg(regs::edx); + } + else{ + //cdecl; + off=get_stack(2); + } + } + HookParam hp; + hp.address = addr; + hp.offset = off; + hp.type = NO_CONTEXT | DATA_INDIRECT; + hp.index = 0; + + return NewHook(hp, "AOS_EX"); + } + return false; +} + +bool AOS::attach_function() { + bool b1=InsertAOSHook(); + bool b3=AOS_EX(); + return b1||b3; +} \ No newline at end of file diff --git a/LunaHook/engine32/AOS.h b/LunaHook/engine32/AOS.h new file mode 100644 index 0000000..a8f1ac3 --- /dev/null +++ b/LunaHook/engine32/AOS.h @@ -0,0 +1,11 @@ +#include"engine.h" + +class AOS:public ENGINE{ + public: + AOS(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"*.aos"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/AXL.cpp b/LunaHook/engine32/AXL.cpp new file mode 100644 index 0000000..fec7d2f --- /dev/null +++ b/LunaHook/engine32/AXL.cpp @@ -0,0 +1,46 @@ +#include"AXL.h" +bool InsertAXLHook() { + //キミの声がきこえる + + BYTE bytes[] = { + 0x0f,0x95,0xc2,0x33,0xc0,0xB9,0x41,0x00,0x00,0x00 + }; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (addr == 0)return false; + + addr = findfuncstart(addr,0x1000); + if (addr == 0)return false; + HookParam hp; + hp.address = addr ; + hp.offset = get_stack(4); + hp.type = USING_STRING; + + return NewHook(hp, "AXL"); + +} +namespace{ + bool hook2(){ + //剣乙女ノア + //Maria~天使のキスと悪魔の花嫁~ + BYTE bytes[] = { + 0x55,0x8b,0xec, + 0x56, + 0x8b,0xf0, + 0x3b,0x9e,0x8c,0xf8,0x00,0x00, + 0x57 + }; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (addr == 0)return false; + HookParam hp; + hp.address = addr ; + hp.offset=get_stack(1); + hp.split=get_reg(regs::eax); + hp.type=USING_SPLIT; + + return NewHook(hp, "TAILWIND"); + } +} +bool AXL::attach_function() { + + return InsertAXLHook()||hook2(); +} \ No newline at end of file diff --git a/LunaHook/engine32/AXL.h b/LunaHook/engine32/AXL.h new file mode 100644 index 0000000..a4a82d2 --- /dev/null +++ b/LunaHook/engine32/AXL.h @@ -0,0 +1,12 @@ +#include"engine.h" + +class AXL:public ENGINE{ + public: + AXL(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"script.arc"; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Abalone.cpp b/LunaHook/engine32/Abalone.cpp new file mode 100644 index 0000000..9343431 --- /dev/null +++ b/LunaHook/engine32/Abalone.cpp @@ -0,0 +1,21 @@ +#include"Abalone.h" + +bool AbaloneHook() { + BYTE bytes[] = { + 0x8B,0x44,0x24,XX, + 0x80,0x38,0x00, + 0x74 + }; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + ConsoleOutput("AbaloneHook %p", addr); + if (addr == 0)return false; + HookParam hp; + hp.address = addr+4; + hp.offset=get_reg(regs::eax); + hp.type = DATA_INDIRECT; + hp.index = 0; + return NewHook(hp, "AbaloneHook"); +} +bool Abalone::attach_function() { + return AbaloneHook(); +} \ No newline at end of file diff --git a/LunaHook/engine32/Abalone.h b/LunaHook/engine32/Abalone.h new file mode 100644 index 0000000..739dade --- /dev/null +++ b/LunaHook/engine32/Abalone.h @@ -0,0 +1,12 @@ +#include"engine.h" + +class Abalone:public ENGINE{ + public: + Abalone(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"Archive.dat"; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Abel.cpp b/LunaHook/engine32/Abel.cpp new file mode 100644 index 0000000..e6e84dd --- /dev/null +++ b/LunaHook/engine32/Abel.cpp @@ -0,0 +1,424 @@ +#include"Abel.h" + +/******************************************************************************************** +AbelSoftware hook: + The game folder usually is made up many no extended name files(file name doesn't have '.'). + And these files have common prefix which is the game name, and 2 digit in order. + + +********************************************************************************************/ +/** 7/31/2015 + * Sample game オタカ� * Hooked address: 0x4413b0 + * + * GDI functions are cached: TextOutA and GetTextExtentPoint32A + * + * 004413AB 90 NOP + * 004413AC 90 NOP + * 004413AD 90 NOP + * 004413AE 90 NOP + * 004413AF 90 NOP + * 004413B0 6A FF PUSH -0x1 ; jichi: text in arg1, but text painted character by character + * 004413B2 68 D0714900 PUSH .004971D0 + * 004413B7 64:A1 00000000 MOV EAX,DWORD PTR FS:[0] + * 004413BD 50 PUSH EAX + * 004413BE 64:8925 00000000 MOV DWORD PTR FS:[0],ESP + * 004413C5 83EC 4C SUB ESP,0x4C + * 004413C8 A1 C00B4B00 MOV EAX,DWORD PTR DS:[0x4B0BC0] + * 004413CD 53 PUSH EBX + * 004413CE 55 PUSH EBP + * 004413CF 56 PUSH ESI + * 004413D0 57 PUSH EDI + * 004413D1 8BF1 MOV ESI,ECX + * 004413D3 894424 48 MOV DWORD PTR SS:[ESP+0x48],EAX + * 004413D7 894424 4C MOV DWORD PTR SS:[ESP+0x4C],EAX + * 004413DB 894424 58 MOV DWORD PTR SS:[ESP+0x58],EAX + * 004413DF 8B4424 6C MOV EAX,DWORD PTR SS:[ESP+0x6C] + * 004413E3 33DB XOR EBX,EBX + * 004413E5 50 PUSH EAX + * 004413E6 8D4C24 4C LEA ECX,DWORD PTR SS:[ESP+0x4C] + * 004413EA 895C24 68 MOV DWORD PTR SS:[ESP+0x68],EBX + * 004413EE E8 74520400 CALL .00486667 + * 004413F3 8B4C24 78 MOV ECX,DWORD PTR SS:[ESP+0x78] + * 004413F7 51 PUSH ECX + * 004413F8 8D4C24 50 LEA ECX,DWORD PTR SS:[ESP+0x50] + * 004413FC E8 66520400 CALL .00486667 + * 00441401 8B5424 7C MOV EDX,DWORD PTR SS:[ESP+0x7C] + * 00441405 8D4C24 58 LEA ECX,DWORD PTR SS:[ESP+0x58] + * 00441409 52 PUSH EDX + * 0044140A E8 58520400 CALL .00486667 + * 0044140F 8B4424 70 MOV EAX,DWORD PTR SS:[ESP+0x70] + * 00441413 894424 50 MOV DWORD PTR SS:[ESP+0x50],EAX + * 00441417 8B4424 74 MOV EAX,DWORD PTR SS:[ESP+0x74] + * 0044141B 83F8 FF CMP EAX,-0x1 + * 0044141E 75 06 JNZ SHORT .00441426 + * 00441420 895C24 54 MOV DWORD PTR SS:[ESP+0x54],EBX + * 00441424 EB 2E JMP SHORT .00441454 + * 00441426 8BC8 MOV ECX,EAX + * 00441428 33D2 XOR EDX,EDX + * 0044142A 81E1 FF000000 AND ECX,0xFF + * 00441430 8AD4 MOV DL,AH + * 00441432 81C9 00FFFFFF OR ECX,0xFFFFFF00 + * 00441438 81E2 FF000000 AND EDX,0xFF + * 0044143E C1E1 08 SHL ECX,0x8 + * 00441441 0BCA OR ECX,EDX + * 00441443 C1E8 10 SHR EAX,0x10 + * 00441446 C1E1 08 SHL ECX,0x8 + * 00441449 25 FF000000 AND EAX,0xFF + * 0044144E 0BC8 OR ECX,EAX + * 00441450 894C24 54 MOV DWORD PTR SS:[ESP+0x54],ECX + * 00441454 8B4424 48 MOV EAX,DWORD PTR SS:[ESP+0x48] + * 00441458 3958 F8 CMP DWORD PTR DS:[EAX-0x8],EBX + * 0044145B 0F84 7A030000 JE .004417DB + * 00441461 8B8E 08020000 MOV ECX,DWORD PTR DS:[ESI+0x208] + * 00441467 83F9 20 CMP ECX,0x20 + * 0044146A 0F8D 35030000 JGE .004417A5 + * 00441470 0FBE00 MOVSX EAX,BYTE PTR DS:[EAX] + * 00441473 83E8 09 SUB EAX,0x9 + * 00441476 0F84 29030000 JE .004417A5 + * 0044147C 48 DEC EAX + * 0044147D 0F84 0A030000 JE .0044178D + * 00441483 83E8 03 SUB EAX,0x3 + * 00441486 0F84 19030000 JE .004417A5 + * 0044148C 8BBE 38010000 MOV EDI,DWORD PTR DS:[ESI+0x138] + * 00441492 68 80C84A00 PUSH .004AC880 + * 00441497 8BCF MOV ECX,EDI + * 00441499 E8 E2E9FDFF CALL .0041FE80 + * 0044149E 3BC3 CMP EAX,EBX + * 004414A0 7D 0F JGE SHORT .004414B1 + * 004414A2 53 PUSH EBX + * 004414A3 53 PUSH EBX + * 004414A4 53 PUSH EBX + * 004414A5 53 PUSH EBX + * 004414A6 8D4C24 48 LEA ECX,DWORD PTR SS:[ESP+0x48] + * 004414AA E8 916DFDFF CALL .00418240 + * 004414AF EB 06 JMP SHORT .004414B7 + * 004414B1 8B4F 24 MOV ECX,DWORD PTR DS:[EDI+0x24] + * 004414B4 8B0481 MOV EAX,DWORD PTR DS:[ECX+EAX*4] + * 004414B7 8B48 04 MOV ECX,DWORD PTR DS:[EAX+0x4] + * 004414BA 8B10 MOV EDX,DWORD PTR DS:[EAX] + * 004414BC 894C24 24 MOV DWORD PTR SS:[ESP+0x24],ECX + * 004414C0 895424 20 MOV DWORD PTR SS:[ESP+0x20],EDX + * 004414C4 8B50 08 MOV EDX,DWORD PTR DS:[EAX+0x8] + * 004414C7 8B40 0C MOV EAX,DWORD PTR DS:[EAX+0xC] + * 004414CA 8D4C24 10 LEA ECX,DWORD PTR SS:[ESP+0x10] + * 004414CE 895424 28 MOV DWORD PTR SS:[ESP+0x28],EDX + * 004414D2 51 PUSH ECX + * 004414D3 8BCE MOV ECX,ESI + * 004414D5 894424 30 MOV DWORD PTR SS:[ESP+0x30],EAX + * 004414D9 E8 52F3FFFF CALL .00440830 + * 004414DE 8B5424 50 MOV EDX,DWORD PTR SS:[ESP+0x50] + * 004414E2 33C9 XOR ECX,ECX + * 004414E4 894C24 78 MOV DWORD PTR SS:[ESP+0x78],ECX + * 004414E8 B8 B0B64900 MOV EAX,.0049B6B0 + * 004414ED 3B10 CMP EDX,DWORD PTR DS:[EAX] + * 004414EF 7E 0B JLE SHORT .004414FC + * 004414F1 83C0 04 ADD EAX,0x4 + * 004414F4 41 INC ECX + * 004414F5 3D C0B64900 CMP EAX,.0049B6C0 + * 004414FA ^72 F1 JB SHORT .004414ED + * 004414FC 8B5424 48 MOV EDX,DWORD PTR SS:[ESP+0x48] + * 00441500 8D4424 18 LEA EAX,DWORD PTR SS:[ESP+0x18] + * 00441504 894C24 78 MOV DWORD PTR SS:[ESP+0x78],ECX + * 00441508 8B4C8E 3C MOV ECX,DWORD PTR DS:[ESI+ECX*4+0x3C] + * 0044150C 52 PUSH EDX + * 0044150D 50 PUSH EAX + * 0044150E E8 3D34FCFF CALL .00404950 + * 00441513 8B46 38 MOV EAX,DWORD PTR DS:[ESI+0x38] + * 00441516 895C24 70 MOV DWORD PTR SS:[ESP+0x70],EBX + * 0044151A 3BC3 CMP EAX,EBX + * 0044151C 0F84 F9000000 JE .0044161B + * 00441522 8B50 08 MOV EDX,DWORD PTR DS:[EAX+0x8] + * 00441525 8B4E 78 MOV ECX,DWORD PTR DS:[ESI+0x78] + * 00441528 3BCA CMP ECX,EDX + * 0044152A 0F8D EB000000 JGE .0044161B + * 00441530 8B50 04 MOV EDX,DWORD PTR DS:[EAX+0x4] + * 00441533 8B4424 10 MOV EAX,DWORD PTR SS:[ESP+0x10] + * 00441537 8B7E 74 MOV EDI,DWORD PTR DS:[ESI+0x74] + * 0044153A 8B2C8A MOV EBP,DWORD PTR DS:[EDX+ECX*4] + * 0044153D 8B4C24 18 MOV ECX,DWORD PTR SS:[ESP+0x18] + * 00441541 897C24 7C MOV DWORD PTR SS:[ESP+0x7C],EDI + * 00441545 8B55 00 MOV EDX,DWORD PTR SS:[EBP] + * 00441548 8D1C01 LEA EBX,DWORD PTR DS:[ECX+EAX] + * 0044154B 8BCD MOV ECX,EBP + * 0044154D FF52 08 CALL DWORD PTR DS:[EDX+0x8] + * 00441550 3BF8 CMP EDI,EAX + * 00441552 0F8D C3000000 JGE .0044161B + * 00441558 EB 04 JMP SHORT .0044155E + * 0044155A 8B7C24 7C MOV EDI,DWORD PTR SS:[ESP+0x7C] + * 0044155E 8B45 00 MOV EAX,DWORD PTR SS:[EBP] + * 00441561 57 PUSH EDI + * 00441562 8BCD MOV ECX,EBP + * 00441564 FF50 04 CALL DWORD PTR DS:[EAX+0x4] + * 00441567 8BF8 MOV EDI,EAX + * 00441569 8BCF MOV ECX,EDI + * 0044156B 8B17 MOV EDX,DWORD PTR DS:[EDI] + * 0044156D FF52 0C CALL DWORD PTR DS:[EDX+0xC] + * 00441570 85C0 TEST EAX,EAX + * 00441572 0F84 A3000000 JE .0044161B + * 00441578 8B07 MOV EAX,DWORD PTR DS:[EDI] + * 0044157A 8D4C24 6C LEA ECX,DWORD PTR SS:[ESP+0x6C] + * 0044157E 51 PUSH ECX + * 0044157F 8BCF MOV ECX,EDI + * 00441581 FF50 10 CALL DWORD PTR DS:[EAX+0x10] + * 00441584 8B5424 6C MOV EDX,DWORD PTR SS:[ESP+0x6C] + * 00441588 8B4C24 78 MOV ECX,DWORD PTR SS:[ESP+0x78] + * 0044158C 8D4424 30 LEA EAX,DWORD PTR SS:[ESP+0x30] + * 00441590 52 PUSH EDX + * 00441591 8B4C8E 3C MOV ECX,DWORD PTR DS:[ESI+ECX*4+0x3C] + * 00441595 50 PUSH EAX + * 00441596 C64424 6C 01 MOV BYTE PTR SS:[ESP+0x6C],0x1 + * 0044159B E8 B033FCFF CALL .00404950 + * 004415A0 8B10 MOV EDX,DWORD PTR DS:[EAX] + * 004415A2 8B86 E4030000 MOV EAX,DWORD PTR DS:[ESI+0x3E4] + * 004415A8 03DA ADD EBX,EDX + * 004415AA 8B5424 6C MOV EDX,DWORD PTR SS:[ESP+0x6C] + * 004415AE 52 PUSH EDX + * 004415AF 50 PUSH EAX + * 004415B0 E8 BB020000 CALL .00441870 + * 004415B5 83C4 08 ADD ESP,0x8 + * 004415B8 85C0 TEST EAX,EAX + * 004415BA 74 08 JE SHORT .004415C4 + * 004415BC 3B5C24 28 CMP EBX,DWORD PTR SS:[ESP+0x28] + * 004415C0 7F 43 JG SHORT .00441605 + * 004415C2 EB 18 JMP SHORT .004415DC + * 004415C4 8B4C24 6C MOV ECX,DWORD PTR SS:[ESP+0x6C] + * 004415C8 8B86 E0030000 MOV EAX,DWORD PTR DS:[ESI+0x3E0] + * 004415CE 51 PUSH ECX + * 004415CF 50 PUSH EAX + * 004415D0 E8 9B020000 CALL .00441870 + * 004415D5 83C4 08 ADD ESP,0x8 + * 004415D8 85C0 TEST EAX,EAX + * 004415DA 74 31 JE SHORT .0044160D + * 004415DC 8D4C24 6C LEA ECX,DWORD PTR SS:[ESP+0x6C] + * 004415E0 C64424 64 00 MOV BYTE PTR SS:[ESP+0x64],0x0 + * 004415E5 E8 404F0400 CALL .0048652A + * 004415EA 8B7C24 7C MOV EDI,DWORD PTR SS:[ESP+0x7C] + * 004415EE 8B55 00 MOV EDX,DWORD PTR SS:[EBP] + * 004415F1 47 INC EDI + * 004415F2 8BCD MOV ECX,EBP + * 004415F4 897C24 7C MOV DWORD PTR SS:[ESP+0x7C],EDI + * 004415F8 FF52 08 CALL DWORD PTR DS:[EDX+0x8] + * 004415FB 3BF8 CMP EDI,EAX + * 004415FD ^0F8C 57FFFFFF JL .0044155A + * 00441603 EB 16 JMP SHORT .0044161B + * 00441605 C74424 70 010000>MOV DWORD PTR SS:[ESP+0x70],0x1 + * 0044160D 8D4C24 6C LEA ECX,DWORD PTR SS:[ESP+0x6C] + * 00441611 C64424 64 00 MOV BYTE PTR SS:[ESP+0x64],0x0 + * 00441616 E8 0F4F0400 CALL .0048652A + * 0044161B 8B4424 10 MOV EAX,DWORD PTR SS:[ESP+0x10] + * 0044161F 8B4C24 18 MOV ECX,DWORD PTR SS:[ESP+0x18] + * 00441623 03C8 ADD ECX,EAX + * 00441625 8B4424 28 MOV EAX,DWORD PTR SS:[ESP+0x28] + * 00441629 3BC8 CMP ECX,EAX + * 0044162B 7E 18 JLE SHORT .00441645 + * 0044162D 8B5424 48 MOV EDX,DWORD PTR SS:[ESP+0x48] + * 00441631 8B86 E0030000 MOV EAX,DWORD PTR DS:[ESI+0x3E0] + * 00441637 52 PUSH EDX + * 00441638 50 PUSH EAX + * 00441639 E8 32020000 CALL .00441870 + * 0044163E 83C4 08 ADD ESP,0x8 + * 00441641 85C0 TEST EAX,EAX + * 00441643 74 08 JE SHORT .0044164D + * 00441645 8B4424 70 MOV EAX,DWORD PTR SS:[ESP+0x70] + * 00441649 85C0 TEST EAX,EAX + * 0044164B 74 3F JE SHORT .0044168C + * 0044164D 8B8E 08020000 MOV ECX,DWORD PTR DS:[ESI+0x208] + * 00441653 41 INC ECX + * 00441654 8BC1 MOV EAX,ECX + * 00441656 898E 08020000 MOV DWORD PTR DS:[ESI+0x208],ECX + * 0044165C 83F8 20 CMP EAX,0x20 + * 0044165F 0F8D 40010000 JGE .004417A5 + * 00441665 83EC 10 SUB ESP,0x10 + * 00441668 8B15 D0B04A00 MOV EDX,DWORD PTR DS:[0x4AB0D0] + * 0044166E 8BDC MOV EBX,ESP + * 00441670 33C0 XOR EAX,EAX + * 00441672 8B3D D4B04A00 MOV EDI,DWORD PTR DS:[0x4AB0D4] + * 00441678 33C9 XOR ECX,ECX + * 0044167A 8903 MOV DWORD PTR DS:[EBX],EAX + * 0044167C 894B 04 MOV DWORD PTR DS:[EBX+0x4],ECX + * 0044167F 8BCE MOV ECX,ESI + * 00441681 8953 08 MOV DWORD PTR DS:[EBX+0x8],EDX + * 00441684 897B 0C MOV DWORD PTR DS:[EBX+0xC],EDI + * 00441687 E8 7418FCFF CALL .00402F00 + * 0044168C 8B86 08020000 MOV EAX,DWORD PTR DS:[ESI+0x208] + * 00441692 6A 00 PUSH 0x0 + * 00441694 8D0CC5 00000000 LEA ECX,DWORD PTR DS:[EAX*8] + * 0044169B 2BC8 SUB ECX,EAX + * 0044169D 8B948E 78040000 MOV EDX,DWORD PTR DS:[ESI+ECX*4+0x478] + * 004416A4 8DAC8E 70040000 LEA EBP,DWORD PTR DS:[ESI+ECX*4+0x470] + * 004416AB 52 PUSH EDX + * 004416AC 8BCD MOV ECX,EBP + * 004416AE E8 7D8A0000 CALL .0044A130 + * 004416B3 8BD8 MOV EBX,EAX + * 004416B5 8D4424 48 LEA EAX,DWORD PTR SS:[ESP+0x48] + * 004416B9 50 PUSH EAX + * 004416BA 8D7B 08 LEA EDI,DWORD PTR DS:[EBX+0x8] + * 004416BD 8BCF MOV ECX,EDI + * 004416BF E8 534F0400 CALL .00486617 + * 004416C4 8D4C24 4C LEA ECX,DWORD PTR SS:[ESP+0x4C] + * 004416C8 51 PUSH ECX + * 004416C9 8D4F 04 LEA ECX,DWORD PTR DS:[EDI+0x4] + * 004416CC E8 464F0400 CALL .00486617 + * 004416D1 8B5424 50 MOV EDX,DWORD PTR SS:[ESP+0x50] + * 004416D5 8D4C24 58 LEA ECX,DWORD PTR SS:[ESP+0x58] + * 004416D9 8957 08 MOV DWORD PTR DS:[EDI+0x8],EDX + * 004416DC 8B4424 54 MOV EAX,DWORD PTR SS:[ESP+0x54] + * 004416E0 51 PUSH ECX + * 004416E1 8D4F 10 LEA ECX,DWORD PTR DS:[EDI+0x10] + * 004416E4 8947 0C MOV DWORD PTR DS:[EDI+0xC],EAX + * 004416E7 E8 2B4F0400 CALL .00486617 + * 004416EC 8B45 08 MOV EAX,DWORD PTR SS:[EBP+0x8] + * 004416EF 85C0 TEST EAX,EAX + * 004416F1 74 04 JE SHORT .004416F7 + * 004416F3 8918 MOV DWORD PTR DS:[EAX],EBX + * 004416F5 EB 03 JMP SHORT .004416FA + * 004416F7 895D 04 MOV DWORD PTR SS:[EBP+0x4],EBX + * 004416FA 83EC 10 SUB ESP,0x10 + * 004416FD 895D 08 MOV DWORD PTR SS:[EBP+0x8],EBX + * 00441700 8B4424 20 MOV EAX,DWORD PTR SS:[ESP+0x20] + * 00441704 8B5424 28 MOV EDX,DWORD PTR SS:[ESP+0x28] + * 00441708 8B7C24 2C MOV EDI,DWORD PTR SS:[ESP+0x2C] + * 0044170C 8BDC MOV EBX,ESP + * 0044170E 8D4C02 02 LEA ECX,DWORD PTR DS:[EDX+EAX+0x2] + * 00441712 8B5424 24 MOV EDX,DWORD PTR SS:[ESP+0x24] + * 00441716 8903 MOV DWORD PTR DS:[EBX],EAX + * 00441718 8D7C3A 02 LEA EDI,DWORD PTR DS:[EDX+EDI+0x2] + * 0044171C 8953 04 MOV DWORD PTR DS:[EBX+0x4],EDX + * 0044171F 894B 08 MOV DWORD PTR DS:[EBX+0x8],ECX + * 00441722 8BCE MOV ECX,ESI + * 00441724 897B 0C MOV DWORD PTR DS:[EBX+0xC],EDI + * 00441727 E8 D417FCFF CALL .00402F00 + * 0044172C 8B4424 4C MOV EAX,DWORD PTR SS:[ESP+0x4C] + * 00441730 8B48 F8 MOV ECX,DWORD PTR DS:[EAX-0x8] + * 00441733 85C9 TEST ECX,ECX + * 00441735 74 6E JE SHORT .004417A5 + * 00441737 8B4E 3C MOV ECX,DWORD PTR DS:[ESI+0x3C] + * 0044173A 50 PUSH EAX + * 0044173B 8D4424 24 LEA EAX,DWORD PTR SS:[ESP+0x24] + * 0044173F 50 PUSH EAX + * 00441740 E8 0B32FCFF CALL .00404950 + * 00441745 8B5C24 20 MOV EBX,DWORD PTR SS:[ESP+0x20] + * 00441749 8B4C24 18 MOV ECX,DWORD PTR SS:[ESP+0x18] + * 0044174D 8B7C24 24 MOV EDI,DWORD PTR SS:[ESP+0x24] + * 00441751 8BC3 MOV EAX,EBX + * 00441753 2BC1 SUB EAX,ECX + * 00441755 8BCF MOV ECX,EDI + * 00441757 99 CDQ + * 00441758 2BC2 SUB EAX,EDX + * 0044175A 8B5424 14 MOV EDX,DWORD PTR SS:[ESP+0x14] + * 0044175E F7D9 NEG ECX + * 00441760 D1F8 SAR EAX,1 + * 00441762 03CA ADD ECX,EDX + * 00441764 8B5424 10 MOV EDX,DWORD PTR SS:[ESP+0x10] + * 00441768 F7D8 NEG EAX + * 0044176A 03C2 ADD EAX,EDX + * 0044176C 83EC 10 SUB ESP,0x10 + * 0044176F 8D7C39 02 LEA EDI,DWORD PTR DS:[ECX+EDI+0x2] + * 00441773 8D5418 02 LEA EDX,DWORD PTR DS:[EAX+EBX+0x2] + * 00441777 8BDC MOV EBX,ESP + * 00441779 8903 MOV DWORD PTR DS:[EBX],EAX + * 0044177B 894B 04 MOV DWORD PTR DS:[EBX+0x4],ECX + * 0044177E 8BCE MOV ECX,ESI + * 00441780 8953 08 MOV DWORD PTR DS:[EBX+0x8],EDX + * 00441783 897B 0C MOV DWORD PTR DS:[EBX+0xC],EDI + * 00441786 E8 7517FCFF CALL .00402F00 + * 0044178B EB 18 JMP SHORT .004417A5 + * 0044178D 8D41 29 LEA EAX,DWORD PTR DS:[ECX+0x29] + * 00441790 8D14C5 00000000 LEA EDX,DWORD PTR DS:[EAX*8] + * 00441797 2BD0 SUB EDX,EAX + * 00441799 391C96 CMP DWORD PTR DS:[ESI+EDX*4],EBX + * 0044179C 74 07 JE SHORT .004417A5 + * 0044179E 41 INC ECX + * 0044179F 898E 08020000 MOV DWORD PTR DS:[ESI+0x208],ECX + * 004417A5 8B86 E8020000 MOV EAX,DWORD PTR DS:[ESI+0x2E8] + * 004417AB 33DB XOR EBX,EBX + * 004417AD 3BC3 CMP EAX,EBX + * 004417AF 74 2A JE SHORT .004417DB + * 004417B1 399E C8030000 CMP DWORD PTR DS:[ESI+0x3C8],EBX + * 004417B7 75 22 JNZ SHORT .004417DB + * 004417B9 8B86 C4030000 MOV EAX,DWORD PTR DS:[ESI+0x3C4] + * 004417BF 8BCE MOV ECX,ESI + * 004417C1 50 PUSH EAX + * 004417C2 E8 89040000 CALL .00441C50 + * 004417C7 3B86 3C020000 CMP EAX,DWORD PTR DS:[ESI+0x23C] + * 004417CD 74 06 JE SHORT .004417D5 + * 004417CF 8986 38020000 MOV DWORD PTR DS:[ESI+0x238],EAX + * 004417D5 8986 3C020000 MOV DWORD PTR DS:[ESI+0x23C],EAX + * 004417DB 399E 30020000 CMP DWORD PTR DS:[ESI+0x230],EBX + * 004417E1 75 3C JNZ SHORT .0044181F + * 004417E3 8BCE MOV ECX,ESI + * 004417E5 E8 C6040000 CALL .00441CB0 + * 004417EA 85C0 TEST EAX,EAX + * 004417EC 75 31 JNZ SHORT .0044181F + * 004417EE 399E 18020000 CMP DWORD PTR DS:[ESI+0x218],EBX + * 004417F4 74 29 JE SHORT .0044181F + * 004417F6 83BE C4020000 64 CMP DWORD PTR DS:[ESI+0x2C4],0x64 + * 004417FD 74 20 JE SHORT .0044181F + * 004417FF 8B86 08020000 MOV EAX,DWORD PTR DS:[ESI+0x208] + * 00441805 83F8 20 CMP EAX,0x20 + * 00441808 7D 1D JGE SHORT .00441827 + * 0044180A 83C0 29 ADD EAX,0x29 + * 0044180D 8D0CC5 00000000 LEA ECX,DWORD PTR DS:[EAX*8] + * 00441814 2BC8 SUB ECX,EAX + * 00441816 391C8E CMP DWORD PTR DS:[ESI+ECX*4],EBX + * 00441819 74 0C JE SHORT .00441827 + * 0044181B 6A 01 PUSH 0x1 + * 0044181D EB 01 JMP SHORT .00441820 + * 0044181F 53 PUSH EBX + * 00441820 8BCE MOV ECX,ESI + * 00441822 E8 49C5FEFF CALL .0042DD70 + * 00441827 8D4C24 58 LEA ECX,DWORD PTR SS:[ESP+0x58] + * 0044182B C74424 64 030000>MOV DWORD PTR SS:[ESP+0x64],0x3 + * 00441833 E8 F24C0400 CALL .0048652A + * 00441838 8D4C24 4C LEA ECX,DWORD PTR SS:[ESP+0x4C] + * 0044183C C64424 64 02 MOV BYTE PTR SS:[ESP+0x64],0x2 + * 00441841 E8 E44C0400 CALL .0048652A + * 00441846 8D4C24 48 LEA ECX,DWORD PTR SS:[ESP+0x48] + * 0044184A C74424 64 FFFFFF>MOV DWORD PTR SS:[ESP+0x64],-0x1 + * 00441852 E8 D34C0400 CALL .0048652A + * 00441857 8B4C24 5C MOV ECX,DWORD PTR SS:[ESP+0x5C] + * 0044185B 5F POP EDI + * 0044185C 5E POP ESI + * 0044185D 5D POP EBP + * 0044185E 64:890D 00000000 MOV DWORD PTR FS:[0],ECX + * 00441865 5B POP EBX + * 00441866 83C4 58 ADD ESP,0x58 + * 00441869 C2 1400 RETN 0x14 + * 0044186C 90 NOP + * 0044186D 90 NOP + * 0044186E 90 NOP + * 0044186F 90 NOP + * + * Another sample game: 不条琸�界の探偵令嬢 + */ +bool InsertAbelHook() +{ + // jichi: If this pattern failed again, try the following pattern instead: + // 004413D3 894424 48 MOV DWORD PTR SS:[ESP+0x48],EAX + // 004413D7 894424 4C MOV DWORD PTR SS:[ESP+0x4C],EAX + // 004413DB 894424 58 MOV DWORD PTR SS:[ESP+0x58],EAX + + const DWORD character[] = {0xc981d48a, 0xffffff00}; + if (DWORD j = SearchPattern(processStartAddress, processStopAddress - processStartAddress, character, sizeof(character))) { + j += processStartAddress; + for (DWORD i = j - 0x100; j > i; j--) + if (*(WORD *)j == 0xff6a) { + HookParam hp; + hp.address = j; + hp.offset=get_stack(1); + hp.type = USING_STRING|NO_CONTEXT; + ConsoleOutput("INSERT Abel"); + //GROWL_DWORD(hp.address); + + //RegisterEngineType(ENGINE_ABEL); + return NewHook(hp, "Abel"); + } + } + ConsoleOutput("Abel: failed"); + return false; +} + +bool Abel::attach_function() { + + return InsertAbelHook(); +} \ No newline at end of file diff --git a/LunaHook/engine32/Abel.h b/LunaHook/engine32/Abel.h new file mode 100644 index 0000000..9732d83 --- /dev/null +++ b/LunaHook/engine32/Abel.h @@ -0,0 +1,54 @@ +#include"engine.h" + +class Abel:public ENGINE{ + public: + Abel(){ + + check_by=CHECK_BY::CUSTOM; + check_by_target=[](){ + + + // jichi 8/24/2013: Move into functions + // Artikash 6/15/2018: Removed this detection for Abel Software games. IthGetFileInfo no longer works correctly + //static BYTE static_file_info[0x1000]; + //if (IthGetFileInfo(L"*01", static_file_info)) + // if (*(DWORD*)static_file_info == 0) { + // STATUS_INFO_LENGTH_MISMATCH; + // static WCHAR static_search_name[MAX_PATH]; + // LPWSTR name=(LPWSTR)(static_file_info+0x5E); + // int len = wcslen(name); + // name[len-2] = L'.'; + // name[len-1] = L'e'; + // name[len] = L'x'; + // name[len+1] = L'e'; + // name[len+2] = 0; + // if (Util::CheckFile(name)) { + // sizeof(FILE_BOTH_DIR_INFORMATION); + // name[len-2] = L'*'; + // name[len-1] = 0; + // wcscpy(static_search_name,name); + // IthGetFileInfo(static_search_name,static_file_info); + // union { + // FILE_BOTH_DIR_INFORMATION *both_info; + // DWORD addr; + // }; + // both_info = (FILE_BOTH_DIR_INFORMATION *)static_file_info; + // //BYTE* ptr=static_file_info; + // len=0; + // while (both_info->NextEntryOffset) { + // addr += both_info->NextEntryOffset; + // len++; + // } + // if (len > 3) { + // InsertAbelHook(); + // return true; + // } + // } + // } + return (Util::CheckFile(L"system") && Util::CheckFile(L"system.dat")) || Util::CheckFile(L"*01"); + }; + + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/AdobeAir.cpp b/LunaHook/engine32/AdobeAir.cpp new file mode 100644 index 0000000..463ec34 --- /dev/null +++ b/LunaHook/engine32/AdobeAir.cpp @@ -0,0 +1,184 @@ +#include"AdobeAir.h" + +/** + * jichi 4/15/2014: Insert Adobe AIR hook + * Sample games: + * 華アワセ 蛟編: /HW-C*0:D8@4D04B5:Adobe AIR.dll + * 華アワセ 姫空木編: /HW-C*0:d8@4E69A7:Adobe AIR.dll + * + * Issue: The game will hang if the hook is injected before loading + * + * /HW-C*0:D8@4D04B5:ADOBE AIR.DLL + * - addr: 5047477 = 0x4d04b5 + * -length_offset: 1 + * - module: 3506957663 = 0xd107ed5f + * - off: 4294967280 = 0xfffffff0 = -0x10 + * - split: 216 = 0xd8 + * - type: 90 = 0x5a + * + * 0f8f0497 |. eb 69 jmp short adobe_ai.0f8f0502 + * 0f8f0499 |> 83c8 ff or eax,0xffffffff + * 0f8f049c |. eb 67 jmp short adobe_ai.0f8f0505 + * 0f8f049e |> 8b7d 0c mov edi,dword ptr ss:[ebp+0xc] + * 0f8f04a1 |. 85ff test edi,edi + * 0f8f04a3 |. 7e 5d jle short adobe_ai.0f8f0502 + * 0f8f04a5 |. 8b55 08 mov edx,dword ptr ss:[ebp+0x8] + * 0f8f04a8 |. b8 80000000 mov eax,0x80 + * 0f8f04ad |. be ff030000 mov esi,0x3ff + * 0f8f04b2 |> 0fb70a /movzx ecx,word ptr ds:[edx] + * 0f8f04b5 |. 8bd8 |mov ebx,eax ; jichi: hook here + * 0f8f04b7 |. 4f |dec edi + * 0f8f04b8 |. 66:3bcb |cmp cx,bx + * 0f8f04bb |. 73 05 |jnb short adobe_ai.0f8f04c2 + * 0f8f04bd |. ff45 fc |inc dword ptr ss:[ebp-0x4] + * 0f8f04c0 |. eb 3a |jmp short adobe_ai.0f8f04fc + * 0f8f04c2 |> bb 00080000 |mov ebx,0x800 + * 0f8f04c7 |. 66:3bcb |cmp cx,bx + * 0f8f04ca |. 73 06 |jnb short adobe_ai.0f8f04d2 + * 0f8f04cc |. 8345 fc 02 |add dword ptr ss:[ebp-0x4],0x2 + * 0f8f04d0 |. eb 2a |jmp short adobe_ai.0f8f04fc + * 0f8f04d2 |> 81c1 00280000 |add ecx,0x2800 + * 0f8f04d8 |. 8bde |mov ebx,esi + * 0f8f04da |. 66:3bcb |cmp cx,bx + * 0f8f04dd |. 77 19 |ja short adobe_ai.0f8f04f8 + * 0f8f04df |. 4f |dec edi + * 0f8f04e0 |.^78 b7 |js short adobe_ai.0f8f0499 + * 0f8f04e2 |. 42 |inc edx + * 0f8f04e3 |. 42 |inc edx + * 0f8f04e4 |. 0fb70a |movzx ecx,word ptr ds:[edx] + * 0f8f04e7 |. 81c1 00240000 |add ecx,0x2400 + * 0f8f04ed |. 66:3bcb |cmp cx,bx + * 0f8f04f0 |. 77 06 |ja short adobe_ai.0f8f04f8 + * 0f8f04f2 |. 8345 fc 04 |add dword ptr ss:[ebp-0x4],0x4 + * 0f8f04f6 |. eb 04 |jmp short adobe_ai.0f8f04fc + * 0f8f04f8 |> 8345 fc 03 |add dword ptr ss:[ebp-0x4],0x3 + * 0f8f04fc |> 42 |inc edx + * 0f8f04fd |. 42 |inc edx + * 0f8f04fe |. 85ff |test edi,edi + * 0f8f0500 |.^7f b0 \jg short adobe_ai.0f8f04b2 + * 0f8f0502 |> 8b45 fc mov eax,dword ptr ss:[ebp-0x4] + * 0f8f0505 |> 5f pop edi + * 0f8f0506 |. 5e pop esi + * 0f8f0507 |. 5b pop ebx + * 0f8f0508 |. c9 leave + * 0f8f0509 \. c3 retn + */ +bool InsertAdobeAirHook() +{ + DWORD base = (DWORD)GetModuleHandleW(L"Adobe AIR.dll"); + if (!base) { + ConsoleOutput("Adobe AIR: module not found"); + return false; + } + + //ULONG processStartAddress, processStopAddress; + //if (!NtInspect::getModuleMemoryRange(L"Adobe AIR.dll", &startAddress, &stopAddress)) { + // ConsoleOutput("Adobe AIR: module not found"); + // return false; + //} + + const BYTE bytes[] = { + 0x0f,0xb7,0x0a, // 0f8f04b2 |> 0fb70a /movzx ecx,word ptr ds:[edx] + 0x8b,0xd8, // 0f8f04b5 |. 8bd8 |mov ebx,eax ; jichi: hook here + 0x4f, // 0f8f04b7 |. 4f |dec edi + 0x66,0x3b,0xcb, // 0f8f04b8 |. 66:3bcb |cmp cx,bx + 0x73, 0x05, // 0f8f04bb |. 73 05 |jnb short adobe_ai.0f8f04c2 + 0xff,0x45, 0xfc, // 0f8f04bd |. ff45 fc |inc dword ptr ss:[ebp-0x4] + 0xeb, 0x3a // 0f8f04c0 |. eb 3a |jmp short adobe_ai.0f8f04fc + }; + enum { addr_offset = 0x0f8f04b5 - 0x0f8f04b2 }; // = 3. 0 also works. + enum { range = 0x600000 }; // larger than relative addresses + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), base, base + range); + //GROWL(reladdr); + if (!addr) { + ConsoleOutput("Adobe AIR: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr + addr_offset; + //hp.module = module; + hp.offset=get_reg(regs::edx); + hp.split = 0xd8; + //hp.type = USING_SPLIT|MODULE_OFFSET|CODEC_UTF16|DATA_INDIRECT; // 0x5a; + hp.type = USING_SPLIT|CODEC_UTF16|DATA_INDIRECT; + + ConsoleOutput("INSERT Adobe AIR"); + + return NewHook(hp, "Adobe AIR"); +} + +bool AdobeAIRhook2() { + auto hmodule =(DWORD) GetModuleHandle(L"Adobe AIR.dll"); + if (hmodule == 0)return false; + enum { range = 0x600000 }; // larger than relative addresses + + auto [minAddress, maxAddress] = std::make_pair(hmodule,hmodule+range); + const BYTE bs[] = { + //トリック・オア・アリス + 0x66,0x83,0xF8,0x19, + 0x77,XX, + 0x81,0xC7,0xE0,0xFF,0x00,0x00 + }; + auto addr = MemDbg::findBytes(bs, sizeof(bs), minAddress, maxAddress); + ConsoleOutput("%p", addr); + if (addr == 0)return false; + const BYTE start[] = { 0xC2,0x10,0x00 };// retn 10h,+3 + addr = reverseFindBytes(start, 3, addr - 0x1000, addr); + ConsoleOutput("%p", addr); + if (addr == 0)return false; + HookParam hp; + hp.address = addr+3; + hp.offset=get_stack(1); + hp.type = USING_STRING|CODEC_UTF16; + + return NewHook(hp, "AdobeAIR"); + +} + + +/** +* Artikash 12/8/2018: Update AIRNovel hook for version 31.0.0.96 +* Sample game: https://vndb.org/v22252: /HQ4*8:4*4@12FF9A:Adobe AIR.dll +* This function is called from Adobe AIR.FREGetObjectAsUTF8+5A +* First function parameter points to a struct containing a pointer to the text along with info about the type of text +* wchar_t* at offset 8 +*/ +bool InsertAIRNovelHook() +{ + wcscpy_s(spDefault.boundaryModule, L"Adobe AIR.dll"); + if (DWORD FREGetObjectAsUTF8 = (DWORD)GetProcAddress(GetModuleHandleW(L"Adobe AIR.dll"), "FREGetObjectAsUTF8")) + { + DWORD func = FREGetObjectAsUTF8 + 0x5a + 5 + *(int*)(FREGetObjectAsUTF8 + 0x5b); + HookParam hp; + hp.address = func; + hp.type = CODEC_UTF16|USING_STRING/*|USING_SPLIT|SPLIT_INDIRECT*/|DATA_INDIRECT; // Artikash 12/14/2018: doesn't seem to be a good split anymore + hp.offset=get_stack(1); + hp.split =get_stack(1); + hp.index = 0x8; + hp.split_index = 0x4; + //hp.filter_fun = [](void* str, DWORD* len, HookParam* hp, BYTE index) // removes some of the garbage threads + //{ + // return *len < 4 && + // *(char*)str != '[' && + // *(char*)str != ';' && + // *(char*)str != '&' && + // *(char*)str != '*' && + // *(char*)str != '\n' && + // *(char*)str != '\t' && + // memcmp((char*)str, "app:/", 5); + //}; + + ConsoleOutput("INSERT AIRNovel"); + + return NewHook(hp, "AIRNovel"); + } + return false; +} +bool AdobeAir::attach_function() { + + bool b1= InsertAdobeAirHook(); + b1|=AdobeAIRhook2(); + b1|=InsertAIRNovelHook(); + return b1; +} \ No newline at end of file diff --git a/LunaHook/engine32/AdobeAir.h b/LunaHook/engine32/AdobeAir.h new file mode 100644 index 0000000..193296f --- /dev/null +++ b/LunaHook/engine32/AdobeAir.h @@ -0,0 +1,13 @@ +#include"engine.h" + +class AdobeAir:public ENGINE{ + public: + AdobeAir(){ + + check_by=CHECK_BY::CUSTOM; + check_by_target=[](){ + return Util::CheckFile(L"Adobe AIR\\Versions\\1.0\\Adobe AIR.dll")||GetModuleHandle(L"Adobe AIR.dll")||Util::CheckFile(L"*.swf"); + }; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/AdobeFlash10.cpp b/LunaHook/engine32/AdobeFlash10.cpp new file mode 100644 index 0000000..bcc39c1 --- /dev/null +++ b/LunaHook/engine32/AdobeFlash10.cpp @@ -0,0 +1,286 @@ +#include"AdobeFlash10.h" + + +/** jichi 10/31/2014 Adobe Flash Player v10 + * + * Sample game: [141031] [ヂ�ンクルベル] 輪舞曲Duo + * + * Debug method: Hex utf16 text, then insert hw breakpoints + * 21:51 3110% hexstr 『何よ utf16 + * 0e30554f8830 + * + * There are also UTF-8 strings in the memory. I could not find a good place to hook + * using hw breakpoints. + * + * There are lots of matches. One is selected. Then, the enclosing function is selected. + * arg1 is the UNICODE text. + * + * Pattern: + * + * 0161293a 8bc6 mov eax,esi + * 0161293c 5e pop esi + * 0161293d c2 0800 retn 0x8 + * + * Function starts + * 01612940 8b4c24 0c mov ecx,dword ptr ss:[esp+0xc] ; jichi: hook here + * 01612944 53 push ebx + * 01612945 55 push ebp + * 01612946 56 push esi + * 01612947 57 push edi + * 01612948 33ff xor edi,edi + * 0161294a 85c9 test ecx,ecx + * 0161294c 0f84 5f010000 je ron2.01612ab1 + * 01612952 397c24 18 cmp dword ptr ss:[esp+0x18],edi + * 01612956 0f8e ba010000 jle ron2.01612b16 + * 0161295c 8b6c24 14 mov ebp,dword ptr ss:[esp+0x14] + * 01612960 be 01000000 mov esi,0x1 + * 01612965 eb 09 jmp short ron2.01612970 + * 01612967 8da424 00000000 lea esp,dword ptr ss:[esp] + * 0161296e 8bff mov edi,edi + * 01612970 0fb755 00 movzx edx,word ptr ss:[ebp] + * 01612974 297424 18 sub dword ptr ss:[esp+0x18],esi + * 01612978 b8 80000000 mov eax,0x80 + * 0161297d 66:3bd0 cmp dx,ax + * 01612980 73 15 jnb short ron2.01612997 + * 01612982 297424 20 sub dword ptr ss:[esp+0x20],esi + * 01612986 0f88 1d010000 js ron2.01612aa9 + * 0161298c 8811 mov byte ptr ds:[ecx],dl + * 0161298e 03ce add ecx,esi + * 01612990 03fe add edi,esi + * 01612992 e9 fd000000 jmp ron2.01612a94 + * 01612997 b8 00080000 mov eax,0x800 + * 0161299c 66:3bd0 cmp dx,ax + * 0161299f 73 2a jnb short ron2.016129cb + * 016129a1 836c24 20 02 sub dword ptr ss:[esp+0x20],0x2 + * 016129a6 0f88 fd000000 js ron2.01612aa9 + * 016129ac 8bc2 mov eax,edx + * 016129ae c1e8 06 shr eax,0x6 + * 016129b1 24 1f and al,0x1f + * 016129b3 0c c0 or al,0xc0 + * 016129b5 8801 mov byte ptr ds:[ecx],al + * 016129b7 80e2 3f and dl,0x3f + * 016129ba 03ce add ecx,esi + * 016129bc 80ca 80 or dl,0x80 + * 016129bf 8811 mov byte ptr ds:[ecx],dl + * 016129c1 03ce add ecx,esi + * 016129c3 83c7 02 add edi,0x2 + * 016129c6 e9 c9000000 jmp ron2.01612a94 + * 016129cb 8d82 00280000 lea eax,dword ptr ds:[edx+0x2800] + * 016129d1 bb ff030000 mov ebx,0x3ff + * 016129d6 66:3bc3 cmp ax,bx + * 016129d9 77 7b ja short ron2.01612a56 + * 016129db 297424 18 sub dword ptr ss:[esp+0x18],esi + * 016129df 0f88 c4000000 js ron2.01612aa9 + * 016129e5 0fb775 02 movzx esi,word ptr ss:[ebp+0x2] + * 016129e9 83c5 02 add ebp,0x2 + * 016129ec 8d86 00240000 lea eax,dword ptr ds:[esi+0x2400] + * 016129f2 66:3bc3 cmp ax,bx + * 016129f5 77 58 ja short ron2.01612a4f + * 016129f7 0fb7d2 movzx edx,dx + * 016129fa 81ea f7d70000 sub edx,0xd7f7 + * 01612a00 0fb7c6 movzx eax,si + * 01612a03 c1e2 0a shl edx,0xa + * 01612a06 03d0 add edx,eax + * 01612a08 836c24 20 04 sub dword ptr ss:[esp+0x20],0x4 + * 01612a0d 0f88 96000000 js ron2.01612aa9 + * 01612a13 8bc2 mov eax,edx + * 01612a15 c1e8 12 shr eax,0x12 + * 01612a18 24 07 and al,0x7 + * 01612a1a 0c f0 or al,0xf0 + * 01612a1c 8801 mov byte ptr ds:[ecx],al + * 01612a1e 8bc2 mov eax,edx + * 01612a20 c1e8 0c shr eax,0xc + * 01612a23 24 3f and al,0x3f + * 01612a25 be 01000000 mov esi,0x1 + * 01612a2a 0c 80 or al,0x80 + * 01612a2c 880431 mov byte ptr ds:[ecx+esi],al + * 01612a2f 03ce add ecx,esi + * 01612a31 8bc2 mov eax,edx + * 01612a33 c1e8 06 shr eax,0x6 + * 01612a36 03ce add ecx,esi + * 01612a38 24 3f and al,0x3f + * 01612a3a 0c 80 or al,0x80 + * 01612a3c 8801 mov byte ptr ds:[ecx],al + * 01612a3e 80e2 3f and dl,0x3f + * 01612a41 03ce add ecx,esi + * 01612a43 80ca 80 or dl,0x80 + * 01612a46 8811 mov byte ptr ds:[ecx],dl + * 01612a48 03ce add ecx,esi + * 01612a4a 83c7 04 add edi,0x4 + * 01612a4d eb 45 jmp short ron2.01612a94 + * 01612a4f be 01000000 mov esi,0x1 + * 01612a54 eb 0b jmp short ron2.01612a61 + * 01612a56 8d82 00240000 lea eax,dword ptr ds:[edx+0x2400] + * 01612a5c 66:3bc3 cmp ax,bx + * 01612a5f 77 05 ja short ron2.01612a66 + * 01612a61 ba fdff0000 mov edx,0xfffd + * 01612a66 836c24 20 03 sub dword ptr ss:[esp+0x20],0x3 + * 01612a6b 78 3c js short ron2.01612aa9 + * 01612a6d 8bc2 mov eax,edx + * 01612a6f c1e8 0c shr eax,0xc + * 01612a72 24 0f and al,0xf + * 01612a74 0c e0 or al,0xe0 + * 01612a76 8801 mov byte ptr ds:[ecx],al + * 01612a78 8bc2 mov eax,edx + * 01612a7a c1e8 06 shr eax,0x6 + * 01612a7d 03ce add ecx,esi + * 01612a7f 24 3f and al,0x3f + * 01612a81 0c 80 or al,0x80 + * 01612a83 8801 mov byte ptr ds:[ecx],al + * 01612a85 80e2 3f and dl,0x3f + * 01612a88 03ce add ecx,esi + * 01612a8a 80ca 80 or dl,0x80 + * 01612a8d 8811 mov byte ptr ds:[ecx],dl + * 01612a8f 03ce add ecx,esi + * 01612a91 83c7 03 add edi,0x3 + * 01612a94 83c5 02 add ebp,0x2 + * 01612a97 837c24 18 00 cmp dword ptr ss:[esp+0x18],0x0 + * 01612a9c ^0f8f cefeffff jg ron2.01612970 + * 01612aa2 8bc7 mov eax,edi + * 01612aa4 5f pop edi + * 01612aa5 5e pop esi + * 01612aa6 5d pop ebp + * 01612aa7 5b pop ebx + * 01612aa8 c3 retn + * 01612aa9 5f pop edi + * 01612aaa 5e pop esi + * 01612aab 5d pop ebp + * 01612aac 83c8 ff or eax,0xffffffff + * 01612aaf 5b pop ebx + * 01612ab0 c3 retn + * 01612ab1 8b4424 18 mov eax,dword ptr ss:[esp+0x18] + * 01612ab5 85c0 test eax,eax + * 01612ab7 7e 5d jle short ron2.01612b16 + * 01612ab9 8b5424 14 mov edx,dword ptr ss:[esp+0x14] + * 01612abd 8d49 00 lea ecx,dword ptr ds:[ecx] + * 01612ac0 0fb70a movzx ecx,word ptr ds:[edx] ; jichi: this is where the text is accessed + * 01612ac3 be 80000000 mov esi,0x80 + * 01612ac8 48 dec eax + * 01612ac9 66:3bce cmp cx,si + * 01612acc 73 03 jnb short ron2.01612ad1 + * 01612ace 47 inc edi + * 01612acf eb 3e jmp short ron2.01612b0f + * 01612ad1 be 00080000 mov esi,0x800 + * 01612ad6 66:3bce cmp cx,si + * 01612ad9 73 05 jnb short ron2.01612ae0 + * 01612adb 83c7 02 add edi,0x2 + * 01612ade eb 2f jmp short ron2.01612b0f + * 01612ae0 81c1 00280000 add ecx,0x2800 + * 01612ae6 be ff030000 mov esi,0x3ff + * 01612aeb 66:3bce cmp cx,si + * 01612aee 77 1c ja short ron2.01612b0c + * 01612af0 83e8 01 sub eax,0x1 + * 01612af3 ^78 b4 js short ron2.01612aa9 + * 01612af5 0fb74a 02 movzx ecx,word ptr ds:[edx+0x2] + * 01612af9 83c2 02 add edx,0x2 + * 01612afc 81c1 00240000 add ecx,0x2400 + * 01612b02 66:3bce cmp cx,si + * 01612b05 77 05 ja short ron2.01612b0c + * 01612b07 83c7 04 add edi,0x4 + * 01612b0a eb 03 jmp short ron2.01612b0f + * 01612b0c 83c7 03 add edi,0x3 + * 01612b0f 83c2 02 add edx,0x2 + * 01612b12 85c0 test eax,eax + * 01612b14 ^7f aa jg short ron2.01612ac0 + * 01612b16 8bc7 mov eax,edi + * 01612b18 5f pop edi + * 01612b19 5e pop esi + * 01612b1a 5d pop ebp + * 01612b1b 5b pop ebx + * 01612b1c c3 retn + * 01612b1d cc int3 + * 01612b1e cc int3 + * 01612b1f cc int3 + * + * Runtime stack: + * 0019e974 0161640e return to Ron2.0161640e from Ron2.01612940 + * 0019e978 1216c180 UNICODE "Dat/Chr/HAL_061.swf" + * 0019e97c 00000013 + * 0019e980 12522838 + * 0019e984 00000013 + * 0019e988 0210da80 + * 0019e98c 0019ecb0 + * 0019e990 0019e9e0 + * 0019e994 0019ea24 + * 0019e998 0019e9cc + * + * Runtime registers: + * EAX 12522838 + * ECX 1216C180 UNICODE "Dat/Chr/HAL_061.swf" + * EDX 0C5E9898 + * EBX 12532838 + * ESP 0019E974 + * EBP 00000013 + * ESI 00000013 + * EDI 0019E9CC + * EIP 01612940 Ron2.01612940 + */ +// Skip ASCII garbage such as: Dat/Chr/HAL_061.swf +static bool AdobeFlashFilter(LPVOID data, size_t *size, HookParam *) +{ + // TODO: Remove [0-9a-zA-Z./]{4,} as garbage + LPCWSTR p = reinterpret_cast(data); + size_t len = *size / 2; + for (size_t i = 0; i < len; i++) + if (p[i] & 0xff00) + return true; + return false; +} +bool InsertAdobeFlash10Hook() +{ + const BYTE bytes[] = { + 0x8b,0x4c,0x24, 0x0c, // 01612940 8b4c24 0c mov ecx,dword ptr ss:[esp+0xc] ; jichi: hook here + 0x53, // 01612944 53 push ebx + 0x55, // 01612945 55 push ebp + 0x56, // 01612946 56 push esi + 0x57, // 01612947 57 push edi + 0x33,0xff, // 01612948 33ff xor edi,edi + 0x85,0xc9, // 0161294a 85c9 test ecx,ecx + 0x0f,0x84 //, 5f010000 // 0161294c 0f84 5f010000 je ron2.01612ab1 + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + //addr = 0x01612940; + //addr = 0x01612AC0; + if (!addr) { + ConsoleOutput("AdobeFlash10: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + //hp.length_offset = 2 * 4; // arg2 might be the length + hp.type = CODEC_UTF16|USING_STRING; + hp.filter_fun = AdobeFlashFilter; + ConsoleOutput("INSERT Adobe Flash 10"); + + + ConsoleOutput("AdobeFlash10: disable GDI hooks"); + + return NewHook(hp, "Adobe Flash 10"); +} +namespace{ + bool __(){ + //[yosino] ANCIENT + //https://ci-en.dlsite.com/creator/5059/ + const BYTE bytes[] = { + 0x55,0x8b,0xec, + 0x51,0x51,0x8b,0x45,0x10, + 0x53,0x8b,0xd9,0x89,0x43,0x08, + 0x8a,0x45,0x0c + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + + if (!addr) return false; + + HookParam hp; + hp.address = addr; + hp.offset=get_stack(4); + hp.type = CODEC_UTF16|USING_STRING; + return NewHook(hp, "Adobe Flash 11"); + } +} +bool AdobeFlash10::attach_function() { + + return InsertAdobeFlash10Hook()|__(); +} \ No newline at end of file diff --git a/LunaHook/engine32/AdobeFlash10.h b/LunaHook/engine32/AdobeFlash10.h new file mode 100644 index 0000000..6dfbd7e --- /dev/null +++ b/LunaHook/engine32/AdobeFlash10.h @@ -0,0 +1,11 @@ +#include"engine.h" + +class AdobeFlash10:public ENGINE{ + public: + AdobeFlash10(){ + + check_by=CHECK_BY::RESOURCE_STR; + check_by_target=L"Adobe Flash Player 10"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Ages3ResT.cpp b/LunaHook/engine32/Ages3ResT.cpp new file mode 100644 index 0000000..65d6414 --- /dev/null +++ b/LunaHook/engine32/Ages3ResT.cpp @@ -0,0 +1,38 @@ +#include"Ages3ResT.h" + + +bool Ages3ResTHook() { + const BYTE bytes[] = { + 0x8d,0x4f,XX, + 0xff,0x15,XX4, + XX, + 0x8d,0x8f,XX4, + 0xff,0x15,XX4, + 0x8d,XX,XX4, + XX, + 0x8d,0x8f,XX4, + 0xff,0x15,XX4, + 0x8b,XX, + 0xff,0x15,XX4, + }; + + auto addrs = Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE, processStartAddress, processStopAddress); + bool succ=false; + for (auto addr : addrs) { + ConsoleOutput("Ages3ResT %p", addr); + if (addr == 0)return false; + addr = findfuncstart(addr); + ConsoleOutput("Ages3ResT %p", addr); + if (addr == 0)return false; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(3); + hp.type = CODEC_UTF16 | USING_STRING; + succ|=NewHook(hp, "Ages3ResT"); + } + return succ; +} + +bool Ages3ResT::attach_function() { + return Ages3ResTHook(); +} \ No newline at end of file diff --git a/LunaHook/engine32/Ages3ResT.h b/LunaHook/engine32/Ages3ResT.h new file mode 100644 index 0000000..566670b --- /dev/null +++ b/LunaHook/engine32/Ages3ResT.h @@ -0,0 +1,11 @@ +#include"engine.h" + +class Ages3ResT:public ENGINE{ + public: + Ages3ResT(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"Ages3ResT.dll"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Alice.cpp b/LunaHook/engine32/Alice.cpp new file mode 100644 index 0000000..f7d95b3 --- /dev/null +++ b/LunaHook/engine32/Alice.cpp @@ -0,0 +1,104 @@ +#include"Alice.h" + + + +/******************************************************************************************** +System40 hook: + System40 is a game engine developed by Alicesoft. + Afaik, there are 2 very different types of System40. Each requires a particular hook. + + Pattern 1: Either SACTDX.dll or SACT2.dll exports SP_TextDraw. + The first relative call in this function draw text to some surface. + Text pointer is return by last absolute indirect call before that. + Split parameter is a little tricky. The first register pushed onto stack at the begining + usually is used as font size later. According to instruction opcode map, push + eax -- 50, ecx -- 51, edx -- 52, ebx --53, esp -- 54, ebp -- 55, esi -- 56, edi -- 57 + Split parameter value: + eax - -8, ecx - -C, edx - -10, ebx - -14, esp - -18, ebp - -1C, esi - -20, edi - -24 + Just extract the low 4 bit and shift left 2 bit, then minus by -8, + will give us the split parameter. e.g. push ebx 53->3 *4->C, -8-C=-14. + Sometimes if split function is enabled, ITH will split text spoke by different + character into different thread. Just open hook dialog and uncheck split parameter. + Then click modify hook. + + Pattern 2: *engine.dll exports SP_SetTextSprite. + At the entry point, EAX should be a pointer to some structure, character at +0x8. + Before calling this function, the caller put EAX onto stack, we can also find this + value on stack. But seems parameter order varies from game release. If a future + game breaks the EAX rule then we need to disassemble the caller code to determine + data offset dynamically. +********************************************************************************************/ + +static bool InsertAliceHook1(DWORD addr) +{ + if (!addr) { + ConsoleOutput("AliceHook1: failed"); + return false; + } + for (DWORD i = addr, s = addr; i < s + 0x100; i++) + if (*(BYTE *)i == 0xe8) { // Find the first relative call. + DWORD j = i + 5 + *(DWORD *)(i + 1); + while (true) { // Find the first register push onto stack. + DWORD c = ::disasm((BYTE *)s); + if (c == 1) + break; + s += c; + } + DWORD c = *(BYTE *)s; + HookParam hp; + hp.address = j; + hp.offset=get_reg(regs::eax); + hp.split = -8 -((c & 0xf) << 2); + hp.type = USING_STRING|USING_SPLIT; + //if (s>j) hp.type^=USING_SPLIT; + ConsoleOutput("INSERT AliceHook1"); + + //RegisterEngineType(ENGINE_SYS40); + return NewHook(hp, "System40"); + } + ConsoleOutput("AliceHook1: failed"); + return false; +} +static bool InsertAliceHook2(DWORD addr) +{ + if (!addr) { + ConsoleOutput("AliceHook2: failed"); + return false; + } + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::eax); + hp.index = 0x8; + hp.type = DATA_INDIRECT; + ConsoleOutput("INSERT AliceHook2"); + return NewHook(hp, "System40"); + //RegisterEngineType(ENGINE_SYS40); +} + +// jichi 8/23/2013 Move here from engine.cc +// Do not work for the latest Alice games +// jichi 5/13/2015: Looking for function entries in StoatSpriteEngine.dll +bool InsertAliceHook() +{ + bool ok=false; + if (auto addr = Util::FindFunction("SP_TextDraw")) { + + ok|= InsertAliceHook1(addr); + } + //if (GetFunctionAddr("SP_SetTextSprite", &addr, &low, &high, 0) && addr) { + // InsertAliceHook2(addr); + // return true; + //} + if (auto addr = Util::FindFunction("SP_SetTextSprite")) { // Artikash 6/27/2018 not sure if this works + + ok|= InsertAliceHook2(addr); + } + //ConsoleOutput("AliceHook: failed"); + return ok; +} + + +bool Alice::attach_function() { + + return InsertAliceHook(); +} \ No newline at end of file diff --git a/LunaHook/engine32/Alice.h b/LunaHook/engine32/Alice.h new file mode 100644 index 0000000..78a4f34 --- /dev/null +++ b/LunaHook/engine32/Alice.h @@ -0,0 +1,10 @@ +#include"engine.h" + +class Alice:public ENGINE{ + public: + Alice(){ + + check_by=CHECK_BY::ALL_TRUE; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Anex86.cpp b/LunaHook/engine32/Anex86.cpp new file mode 100644 index 0000000..090c939 --- /dev/null +++ b/LunaHook/engine32/Anex86.cpp @@ -0,0 +1,100 @@ +#include"Anex86.h" + + + +namespace { // unnamed, for Anex86 +BYTE JIS_tableH[0x80] = { + 0x00,0x81,0x81,0x82,0x82,0x83,0x83,0x84, + 0x84,0x85,0x85,0x86,0x86,0x87,0x87,0x88, + 0x88,0x89,0x89,0x8a,0x8a,0x8b,0x8b,0x8c, + 0x8c,0x8d,0x8d,0x8e,0x8e,0x8f,0x8f,0x90, + 0x90,0x91,0x91,0x92,0x92,0x93,0x93,0x94, + 0x94,0x95,0x95,0x96,0x96,0x97,0x97,0x98, + 0x98,0x99,0x99,0x9a,0x9a,0x9b,0x9b,0x9c, + 0x9c,0x9d,0x9d,0x9e,0x9e,0xdf,0xdf,0xe0, + 0xe0,0xe1,0xe1,0xe2,0xe2,0xe3,0xe3,0xe4, + 0xe4,0xe5,0xe5,0xe6,0xe6,0xe7,0xe7,0xe8, + 0xe8,0xe9,0xe9,0xea,0xea,0xeb,0xeb,0xec, + 0xec,0xed,0xed,0xee,0xee,0xef,0xef,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 +}; + +BYTE JIS_tableL[0x80] = { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x40,0x41,0x42,0x43,0x44,0x45,0x46, + 0x47,0x48,0x49,0x4a,0x4b,0x4c,0x4d,0x4e, + 0x4f,0x50,0x51,0x52,0x53,0x54,0x55,0x56, + 0x57,0x58,0x59,0x5a,0x5b,0x5c,0x5d,0x5e, + 0x5f,0x60,0x61,0x62,0x63,0x64,0x65,0x66, + 0x67,0x68,0x69,0x6a,0x6b,0x6c,0x6d,0x6e, + 0x6f,0x70,0x71,0x72,0x73,0x74,0x75,0x76, + 0x77,0x78,0x79,0x7a,0x7b,0x7c,0x7d,0x7e, + 0x80,0x81,0x82,0x83,0x84,0x85,0x86,0x87, + 0x88,0x89,0x8a,0x8b,0x8c,0x8d,0x8e,0x8f, + 0x90,0x91,0x92,0x93,0x94,0x95,0x96,0x97, + 0x98,0x99,0x9a,0x9b,0x9c,0x9d,0x9e,0x00, +}; + +void SpecialHookAnex86(hook_stack* stack, HookParam*, uintptr_t *data, uintptr_t *split, size_t *len) +{ + auto ecx=stack->ecx; + if(*(BYTE*)(ecx+0xe)!=0)return; + auto lb=*(BYTE*)(ecx+0xc); + auto hb=*(BYTE*)(ecx+0xd); + if(hb==0){ + *data=lb; + *len=1; + } + else{ + if(hb<=0x7e&&lb<=0x7e){ + + *len=2; + BYTE low; + if ((hb & 1)== 0) + low = lb + 0x7E; + else + low = JIS_tableL[lb]; + auto chr=low|(JIS_tableH[hb]<<8); + *data=_byteswap_ushort(chr); + } + } +} +} // unnamed namespace +bool InsertAnex86Hook() +{ + const BYTE bytes[] = { + 0x8a, XX, 0x0c, // mov ??,[ecx+0C] + 0x8a, XX, 0x0d // mov ??,[ecx+0D] + }; + bool found = false; + for (auto addr : Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE, processStartAddress, processStopAddress)) { + //const DWORD dwords[] = {0x618ac033,0x0d418a0c}; // jichi 12/25/2013: Remove static keyword + //for (DWORD i = processStartAddress + 0x1000; i < processStopAddress - 8; i++) + //if (*(DWORD *)i == dwords[0]) + //if (*(DWORD *)(i + 4) == dwords[1]) { + HookParam hp; + if (*(BYTE*)(addr - 2) == 0x33 || *(BYTE*)(addr - 2) == 0x31) addr = addr - 2; + hp.address = addr; + hp.offset=get_reg(regs::ecx); + hp.type=USING_CHAR; + hp.text_fun = SpecialHookAnex86; + //hp.type = EXTERN_HOOK; + ConsoleOutput("INSERT Anex86"); + + found |=NewHook(hp, "Anex86"); + } + if (found) return true; + ConsoleOutput("Anex86: failed"); + return false; +} + +bool Anex86::attach_function() { + + return InsertAnex86Hook(); +} \ No newline at end of file diff --git a/LunaHook/engine32/Anex86.h b/LunaHook/engine32/Anex86.h new file mode 100644 index 0000000..381334f --- /dev/null +++ b/LunaHook/engine32/Anex86.h @@ -0,0 +1,14 @@ +#include"engine.h" + +class Anex86:public ENGINE{ + public: + Anex86(){ + + check_by=CHECK_BY::CUSTOM; + check_by_target=[](){ + + return (wcsstr(processName_lower, L"anex86") || Util::CheckFile(L"anex86.exe")); + }; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Anim.cpp b/LunaHook/engine32/Anim.cpp new file mode 100644 index 0000000..ef4d458 --- /dev/null +++ b/LunaHook/engine32/Anim.cpp @@ -0,0 +1,107 @@ +#include"Anim.h" + +bool InsertAnimHook() { + const BYTE bytes[] = { 0xC7,0x45,0xFC,0x01,0x00,0x00,0x00,0x8B,0x4D,0x10,0x51,0x8D,0x8D,0x40,0x7E,0xFF,0xFF }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + ConsoleOutput("Anim: pattern not found"); + return false; + } + HookParam myhp; + myhp.address = addr+10; + + myhp.type = USING_STRING| NO_CONTEXT|EMBED_ABLE|EMBED_AFTER_OVERWRITE|EMBED_BEFORE_SIMPLE|EMBED_DYNA_SJIS; // /HQ 不使用上下文区分 把所有线程的文本都提取 + myhp.hook_font=F_GetGlyphOutlineA; + // data_offset + myhp.offset=get_reg(regs::ecx); + char nameForUser[HOOK_NAME_SIZE] = "Anim"; + + return NewHook(myhp, nameForUser); +} + +bool InsertAnim2Hook() { + const BYTE bytes[] = { 0xC7,0x45,0xFC,0x01,0x00,0x00,0x00,0x8B,0x45,0x10,0x50,0x8D,0x8D,0xAC,0x7E,0xFF,0xFF }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + ConsoleOutput("Anim2: pattern not found"); + return false; + } + HookParam myhp; + myhp.address = addr + 10; + myhp.hook_font=F_GetGlyphOutlineA; + //メスつまみ3 + //そんな俺に声をかけてきたのは、近所のスーパーで働いている主婦の、@n『@[赤羽:あかばね]@[千晶:ちあき]』さんだ。 + myhp.filter_fun=[](void* data, size_t* len, HookParam* hp){ + static const std::regex rx("@\\[(.*?):(.*?)\\]", std::regex_constants::icase); + std::string result = std::string((char*)data,*len); + result = std::regex_replace(result, rx, "$1"); + *len = (result.size()); + strcpy((char*)data, result.c_str());return true; + }; + myhp.newlineseperator=L"@n"; + myhp.type = USING_STRING | NO_CONTEXT|EMBED_ABLE|EMBED_AFTER_OVERWRITE|EMBED_BEFORE_SIMPLE|EMBED_DYNA_SJIS; + //僕がいない間に変貌えられた妻の秘肉 ~ラブラブ新婚妻は他の男に抱かれ淫らに喘ぐ夢を見るか~ 体験版 + + // data_offset + myhp.offset=get_reg(regs::eax); + + return NewHook(myhp, "Anim2"); +} +namespace{ + bool Anim3Filter(LPVOID data, size_t *size, HookParam *) + { + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + + StringFilterBetween(text, len, "\x81\x40", 2, "@m", 2); // @r(2,はと) + StringFilterBetween(text, len, "\x81\x40", 2, "@n", 2); // @r(2,はと) + StringCharReplacer(text, len, "@b", 2, ' '); + StringCharReplacer(text, len, "\x81\x42", 2, '.'); + StringCharReplacer(text, len, "\x81\x48", 2, '?'); + StringCharReplacer(text, len, "\x81\x49", 2, '!'); + + return true; + } + + bool InsertAnim3Hook() + { + /* + * Sample games: + * https://vndb.org/v17427 + * https://vndb.org/v18837 + */ + const BYTE bytes[] = { + 0xCC, // int 3 + 0x55, // push ebp << hook here + 0x8B, 0xEC, // mov ebp,esp + 0x81, 0xEC, XX4, // sub esp,00000830 + 0xA1, XX4, // mov eax,[musu_mama.exe+A91F0] + 0x33, 0xC5, // xor eax,ebp + 0x89, 0x45, 0xE8 // mov [ebp-18],eax + }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + ConsoleOutput("Anim3: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr + 1; + hp.offset=get_reg(regs::edx); + hp.type = USING_STRING; + hp.filter_fun = Anim3Filter; + ConsoleOutput("INSERT Anim3"); + + + return NewHook(hp, "Anim3"); + } +} +bool Anim::attach_function() { + + auto b1= InsertAnimHook() || InsertAnim2Hook(); + b1=InsertAnim3Hook()||b1; + return b1; +} \ No newline at end of file diff --git a/LunaHook/engine32/Anim.h b/LunaHook/engine32/Anim.h new file mode 100644 index 0000000..07211e0 --- /dev/null +++ b/LunaHook/engine32/Anim.h @@ -0,0 +1,12 @@ +#include"engine.h" + +class Anim:public ENGINE{ + public: + Anim(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"voice\\*.pck"; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Anisetta.cpp b/LunaHook/engine32/Anisetta.cpp new file mode 100644 index 0000000..e8b0e8d --- /dev/null +++ b/LunaHook/engine32/Anisetta.cpp @@ -0,0 +1,23 @@ +#include"Anisetta.h" + +bool Anisetta::attach_function() { + //https://vndb.org/v4068 + //12+ + const BYTE bytes[] = { + 0xF7 ,0xD8, + 0x1B ,0xC0, + 0x25 ,0x58 ,0x02 ,0x00 ,0x00, + 0x05 ,0x90 ,0x01 ,0x00 ,0x00, + }; + auto addr=MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if(addr==0)return false; + addr=MemDbg::findEnclosingAlignedFunction(addr); + if(addr==0)return false; + HookParam hp; + hp.address = addr ; + hp.type = CODEC_ANSI_BE; + hp.offset=get_stack(5); + + + return NewHook(hp, "Anisetta"); +} \ No newline at end of file diff --git a/LunaHook/engine32/Anisetta.h b/LunaHook/engine32/Anisetta.h new file mode 100644 index 0000000..820f9ee --- /dev/null +++ b/LunaHook/engine32/Anisetta.h @@ -0,0 +1,12 @@ +#include"engine.h" + +class Anisetta:public ENGINE{ + public: + Anisetta(){ + + check_by=CHECK_BY::FILE_ANY; + check_by_target=check_by_list{L"*.pd",L".pb"}; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/ApricoT.cpp b/LunaHook/engine32/ApricoT.cpp new file mode 100644 index 0000000..156fb9c --- /dev/null +++ b/LunaHook/engine32/ApricoT.cpp @@ -0,0 +1,147 @@ +#include"ApricoT.h" + +/******************************************************************************************** +Apricot hook: + Game folder contains arc.a*. + This engine is heavily based on new DirectX interfaces. + I can't find a good place where text is clean and not repeating. + The game processes script encoded in UTF32-like format. + I reversed the parsing algorithm of the game and implemented it partially. + Only name and text data is needed. + +********************************************************************************************/ + +/** jichi 2/15/2015: ApricoT + * + * Sample game: イセカイ・ラヴァーズ�体験版 + * Issue of the old game is that it uses esp as split, and hence has relative address + * + * 00978100 5b pop ebx + * 00978101 83c4 2c add esp,0x2c + * 00978104 c2 0400 retn 0x4 + * 00978107 33c0 xor eax,eax ; jichi: hook here + * 00978109 bb 03000000 mov ebx,0x3 + * 0097810e 895c24 30 mov dword ptr ss:[esp+0x30],ebx + * 00978112 894424 2c mov dword ptr ss:[esp+0x2c],eax + * 00978116 894424 1c mov dword ptr ss:[esp+0x1c],eax + * 0097811a 8b4e 34 mov ecx,dword ptr ds:[esi+0x34] + * 0097811d 3b4e 3c cmp ecx,dword ptr ds:[esi+0x3c] + * 00978120 894424 3c mov dword ptr ss:[esp+0x3c],eax + * 00978124 7e 3b jle short .00978161 + * 00978126 8b7e 3c mov edi,dword ptr ds:[esi+0x3c] + * 00978129 3b7e 34 cmp edi,dword ptr ds:[esi+0x34] + * 0097812c 76 05 jbe short .00978133 + * 0097812e e8 01db1500 call .00ad5c34 + * 00978133 837e 38 04 cmp dword ptr ds:[esi+0x38],0x4 + * 00978137 72 05 jb short .0097813e + * 00978139 8b46 24 mov eax,dword ptr ds:[esi+0x24] + * 0097813c eb 03 jmp short .00978141 + * 0097813e 8d46 24 lea eax,dword ptr ds:[esi+0x24] + * 00978141 8b3cb8 mov edi,dword ptr ds:[eax+edi*4] + * 00978144 016e 3c add dword ptr ds:[esi+0x3c],ebp + * 00978147 57 push edi + * 00978148 55 push ebp + * 00978149 8d4c24 20 lea ecx,dword ptr ss:[esp+0x20] + * 0097814d e8 de05feff call .00958730 + * + * Sample stack: baseaddr = 0c90000 + * 001aec2c ede50fbb + * 001aec30 0886064c + * 001aec34 08860bd0 + * 001aec38 08860620 + * 001aec3c 00000000 + * 001aec40 00000000 + * 001aec44 08860bd0 + * 001aec48 001aee18 + * 001aec4c 08860620 + * 001aec50 00000000 + * 001aec54 00cb4408 return to .00cb4408 from .00c973e0 + * 001aec58 08860bd8 + * 001aec5c 00000000 + * 001aec60 001aefd8 pointer to next seh record + * 001aec64 00e47d88 se handler + * 001aec68 ffffffff + * 001aec6c 00cb9f40 return to .00cb9f40 from .00cc8030 ; jichi: split here + */ +static void SpecialHookApricoT(hook_stack* stack, HookParam *, uintptr_t *data, uintptr_t *split, size_t *len) +{ + DWORD reg_esi = stack->esi; + DWORD base = *(DWORD *)(reg_esi + 0x24); + DWORD index = *(DWORD *)(reg_esi + 0x3c); + DWORD *script = (DWORD *)(base + index * 4); + // jichi 2/14/2015 + // Change reg_esp to the return address + //DWORD reg_esp = regof(esp, esp_base); + //*split = reg_esp; + //*split = regof(esp, esp_base); + DWORD arg = stack->stack[16]; // return address + *split = arg > processStartAddress ? arg - processStartAddress : arg; // use relative split value + //*split = argof(1, esp_base); + if (script[0] == L'<') { + DWORD *end; + for (end = script; *end != L'>'; end++); // jichi 2/14/2015: i.e. = ::wcschr(script) or script + switch (script[1]) { + case L'N': + if (script[2] == L'a' && script[3] == L'm' && script[4] == L'e') { + buffer_index = 0; + for (script += 5; script < end; script++) + if (*script > 0x20) + wc_buffer[buffer_index++] = *script & 0xFFFF; + *len = buffer_index<<1; + *data = (DWORD)wc_buffer; + // jichi 1/4/2014: The way I save subconext is not able to distinguish the split value + // Change to shift 16 + //*split |= 1 << 31; + *split |= 1 << 16; // jichi: differentiate name and text script + } break; + case L'T': + if (script[2] == L'e' && script[3] == L'x' && script[4] == L't') { + buffer_index = 0; + for (script += 5; script < end; script++) { + if (*script > 0x40) { + while (*script == L'{') { + script++; + while (*script!=L'\\') { + wc_buffer[buffer_index++] = *script & 0xffff; + script++; + } + while (*script++!=L'}'); + } + wc_buffer[buffer_index++] = *script & 0xffff; + } + } + *len = buffer_index << 1; + *data = (DWORD)wc_buffer; + } break; + } + } +} + +bool InsertApricoTHook() +{ + for (DWORD i = processStartAddress + 0x1000; i < processStopAddress - 4; i++) + if ((*(DWORD *)i & 0xfff8fc) == 0x3cf880) // cmp reg,0x3c + for (DWORD j = i + 3, k = i + 0x100; j < k; j++) + if ((*(DWORD *)j & 0xffffff) == 0x4c2) { // retn 4 + HookParam hp; + hp.address = j + 3; + hp.text_fun = SpecialHookApricoT; + hp.type = USING_STRING|NO_CONTEXT|CODEC_UTF16; + ConsoleOutput("INSERT ApricoT"); + //GROWL_DWORD3(hp.address, processStartAddress, processStopAddress); + + //RegisterEngineType(ENGINE_APRICOT); + // jichi 2/14/2015: disable cached GDI functions + ConsoleOutput("ApRicoT: disable GDI hooks"); + + return NewHook(hp, "ApRicoT"); + } + + ConsoleOutput("ApricoT: failed"); + return false; +} + +bool ApricoT::attach_function() { + + return InsertApricoTHook(); +} \ No newline at end of file diff --git a/LunaHook/engine32/ApricoT.h b/LunaHook/engine32/ApricoT.h new file mode 100644 index 0000000..11fdc4e --- /dev/null +++ b/LunaHook/engine32/ApricoT.h @@ -0,0 +1,21 @@ +#include"engine.h" + +class ApricoT:public ENGINE{ + public: + ApricoT(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"arc.a*"; + }; + bool attach_function(); +}; + +class ApricoTlast:public ApricoT{ + public: + ApricoTlast(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"arc.dat"; + is_engine_certain=false; + }; +}; \ No newline at end of file diff --git a/LunaHook/engine32/Artemis.cpp b/LunaHook/engine32/Artemis.cpp new file mode 100644 index 0000000..d7f2168 --- /dev/null +++ b/LunaHook/engine32/Artemis.cpp @@ -0,0 +1,250 @@ +#include"Artemis.h" + +/** + * jichi 10/1/2013: Artemis Engine + * See: http://www.ies-net.com/ + * See (CaoNiMaGeBi): http://tieba.baidu.com/p/2625537737 + * Pattern: + * 650a2f 83c4 0c add esp,0xc ; hook here + * 650a32 0fb6c0 movzx eax,al + * 650a35 85c0 test eax,eax + * 0fb6c0 75 0e jnz short tsugokaz.0065a47 + * + * Wrong: 0x400000 + 0x7c574 + * + * //Example: [130927]妹スパイラル /HBN-8*0:14@65589F + * Example: ヂ�ウノイイ家�Trial /HBN-8*0:14@650A2F + * Note: 0x650a2f > 40000(base) + 20000(limit) + * - addr: 0x650a2f + * - text_fun: 0x0 + * - function: 0 + * - hook_len: 0 + * - ind: 0 + * - length_offset: 1 + * - module: 0 + * - off: 4294967284 = 0xfffffff4 = -0xc + * - recover_len: 0 + * - split: 20 = 0x14 + * - split_ind: 0 + * - type: 1048 = 0x418 + * + * @CaoNiMaGeBi: + * RECENT GAMES: + * [130927]妹スパイラル /HBN-8*0:14@65589F + * [130927]サ�ライホルモン + * [131025]ヂ�ウノイイ家�/HBN-8*0:14@650A2F (for trial version) + * CLIENT ORGANIZAIONS: + * CROWD + * D:drive. + * Hands-Aid Corporation + * iMel株式会社 + * SHANNON + * SkyFish + * SNACK-FACTORY + * team flap + * Zodiac + * くらむちめ�� * まかろんソフト + * アイヂ�アファクトリー株式会社 + * カラクリズ� + * 合赼�社ファーストリー� + * 有限会社ウルクスへブン + * 有限会社ロータス + * 株式会社CUCURI + * 株式会社アバン + * 株式会社インタラクヂ�ブブレインズ + * 株式会社ウィンヂ�ール + * 株式会社エヴァンジェ + * 株式会社ポニーキャニオン + * 株式会社大福エンターヂ�ンメン� */ +bool InsertArtemis1Hook() +{ + const BYTE bytes[] = { + 0x83,0xc4, 0x0c, // add esp,0xc ; hook here + 0x0f,0xb6,0xc0, // movzx eax,al + 0x85,0xc0, // test eax,eax + 0x75, 0x0e // jnz XXOO ; it must be 0xe, or there will be duplication + }; + //enum { addr_offset = 0 }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + //GROWL_DWORD3(reladdr, processStartAddress, range); + if (!addr) { + ConsoleOutput("Artemis1: pattern not exist"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::ecx); + hp.split = get_stack(5); + hp.type = NO_CONTEXT|DATA_INDIRECT|USING_SPLIT; // 0x418 + + //hp.address = 0x650a2f; + //GROWL_DWORD(hp.address); + + ConsoleOutput("INSERT Artemis1"); + + //ConsoleOutput("Artemis1"); + return NewHook(hp, "Artemis1"); +} + +bool InsertArtemis2Hook() +{ + const BYTE bytes[] = { + // 0054461F | CC | int3 | + 0x55, // 00544620 | 55 | push ebp | + 0x8B, 0xEC, // 00544621 | 8B EC | mov ebp,esp | + 0x83, 0xE4, 0xF8, // 00544623 | 83 E4 F8 | and esp,FFFFFFF8 | + 0x6A, 0xFF, // 00544626 | 6A FF | push FFFFFFFF | + 0x68, XX4, // 00544628 | 68 68 7C 6A 00 | push 空のつくりかた体験版_ver3.0.6A7C68 | + 0x64, 0xA1, 0x00, 0x00, 0x00, 0x00, // 0054462D | 64 A1 00 00 00 00 | mov eax,dword ptr fs:[0] | + 0x50, // 00544633 | 50 | push eax | + 0x83, 0xEC, XX, // 00544634 | 83 EC 28 | sub esp,28 | + 0xA1, XX4, // 00544637 | A1 F0 57 81 00 | mov eax,dword ptr ds:[8157F0] | + 0x33, 0xC4, // 0054463C | 33 C4 | xor eax,esp | + 0x89, 0x44, 0x24, XX, // 0054463E | 89 44 24 20 | mov dword ptr ss:[esp+20],eax | + 0x53, // 00544642 | 53 | push ebx | + 0x56, // 00544643 | 56 | push esi | + 0x57, // 00544644 | 57 | push edi | + 0xA1, XX4, // 00544645 | A1 F0 57 81 00 | mov eax,dword ptr ds:[8157F0] | + 0x33, 0xC4, // 0054464A | 33 C4 | xor eax,esp | + 0x50, // 0054464C | 50 | push eax | + 0x8D, 0x44, 0x24, XX, // 0054464D | 8D 44 24 38 | lea eax,dword ptr ss:[esp+38] | [esp+38]:BaseThreadInitThunk + 0x64, 0xA3, 0x00, 0x00, 0x00, 0x00, // 00544651 | 64 A3 00 00 00 00 | mov dword ptr fs:[0],eax | + 0x8B, 0xF1, // 00544657 | 8B F1 | mov esi,ecx | + 0x8B, 0x5D, 0x08, // 00544659 | 8B 5D 08 | mov ebx,dword ptr ss:[ebp+8] | + 0x8B, 0x4D, 0x0C // 0054465C | 8B 4D 0C | mov ecx,dword ptr ss:[ebp+C] | ecx:DbgUiRemoteBreakin, [ebp+C]:BaseThreadInitThunk + }; + enum { addr_offset = 0 }; // distance to the beginning of the function, which is 0x55 (push ebp) + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + ConsoleOutput("Artemis2: pattern not found"); + return false; + } + addr += addr_offset; + enum { push_ebp = 0x55 }; // beginning of the function + if (*(BYTE *)addr != push_ebp) { + ConsoleOutput("Artemis2: beginning of the function not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.type = USING_STRING|NO_CONTEXT; + + ConsoleOutput("INSERT Artemis2"); + bool succ=NewHook(hp, "Artemis2"); + + // Artikash 1/1/2019: Recent games seem to use utf8 encoding instead, other than that the hook is identical. + // Not sure how to differentiate which games are sjis/utf8 so insert both + hp.address = addr + 6; + hp.offset=get_reg(regs::ebp); + hp.index = 8; // ebp was also pushed + hp.type = CODEC_UTF8 | USING_STRING | DATA_INDIRECT ; + succ|=NewHook(hp, "Artemis2"); + //ConsoleOutput("Artemis2"); + return succ; +} + +bool InsertArtemis3Hook() +{ + const BYTE bytes[] = { + 0x55, // 005FD780 | 55 | push ebp | + 0x8B, 0xEC, // 005FD781 | 8BEC | mov ebp,esp | + 0x83, 0xE4, 0xF8, // 005FD783 | 83E4 F8 | and esp,FFFFFFF8 | + 0x83, 0xEC, 0x3C, // 005FD786 | 83EC 3C | sub esp,3C | + 0xA1, XX4, // 005FD789 | A1 6C908600 | mov eax,dword ptr ds:[86906C] | + 0x33, 0xC4, // 005FD78E | 33C4 | xor eax,esp | + 0x89, 0x44, 0x24, 0x38, // 005FD790 | 894424 38 | mov dword ptr ss:[esp+38],eax | + 0x53, // 005FD794 | 53 | push ebx | + 0x56, // 005FD795 | 56 | push esi | + 0x8B, 0xC1, // 005FD796 | 8BC1 | mov eax,ecx | + 0xC7, 0x44, 0x24, 0x14, 0x00, 0x00, 0x00, 0x00, // 005FD798 | C74424 14 00000000 | mov dword ptr ss:[esp+14],0 | + 0x8B, 0x4D, 0x0C, // 005FD7A0 | 8B4D 0C | mov ecx,dword ptr ss:[ebp+C] | + 0x33, 0xF6, // 005FD7A3 | 33F6 | xor esi,esi | + 0x57, // 005FD7A5 | 57 | push edi | + 0x8B, 0x7D, 0x08, // 005FD7A6 | 8B7D 08 | mov edi,dword ptr ss:[ebp+8] | + 0x89, 0x44, 0x24, 0x14, // 005FD7A9 | 894424 14 | mov dword ptr ss:[esp+14],eax | + 0x89, 0x4C, 0x24, 0x28, // 005FD7AD | 894C24 28 | mov dword ptr ss:[esp+28],ecx | + 0x80, 0x3F, 0x00, // 005FD7B1 | 803F 00 | cmp byte ptr ds:[edi],0 | + 0x0F, 0x84, XX4, // 005FD7B4 | 0F84 88040000 | je ヘンタイ・プリズンsplit 1.5FDC42 | + 0x83, 0xB8, XX4, 0x00, // 005FD7BA | 83B8 74030000 00 | cmp dword ptr ds:[eax+374],0 | + 0x8B, 0xDF, // 005FD7C1 | 8BDF | mov ebx,edi | + }; + + enum { addr_offset = 0 }; // distance to the beginning of the function, which is 0x55 (push ebp) + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + ConsoleOutput("Artemis3: pattern not found"); + return false; + } + addr += addr_offset; + enum { push_ebp = 0x55 }; // beginning of the function + if (*(BYTE *)addr != push_ebp) { + ConsoleOutput("Artemis3: beginning of the function not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.type = USING_STRING| EMBED_ABLE|CODEC_UTF8|EMBED_BEFORE_SIMPLE|EMBED_AFTER_NEW; + + + return NewHook(hp, "EmbedArtemis"); +} + +namespace{ + bool a4(){ + //高慢な奥さんは好きですか?~傲慢人妻教師の堕とし方~ + auto entryA=Util::FindImportEntry(processStartAddress,(DWORD)GetGlyphOutlineA); + auto entryW=Util::FindImportEntry(processStartAddress,(DWORD)GetGlyphOutlineW); + std::vector addrs; + BYTE bytes[]={0xFF,0x15,XX4}; + for(DWORD entry:{entryA,entryW}) + if(entry) { + memcpy(bytes+2,&entry,4); + auto addrs_ = Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE, processStartAddress, processStopAddress); + addrs.insert(addrs.end(), addrs_.begin(), addrs_.end()); + } + bool ok=false; + for (auto addr : addrs) { + auto funcaddr = MemDbg::findEnclosingAlignedFunction(addr); + if (!funcaddr) continue; + BYTE sig1[]={0x81,XX,0x00,0x00,0x10,0x00}; + BYTE sig2[]={0x68,0x00,0x02,0x00,0x00,0x68,0x00,0x02,0x00,0x00}; + BYTE sig3[]={XX,0x80,0x00,0x00,0x00,0x0f,0x95,0xc1}; + BYTE sig4[]={0xC1,XX,0x18}; + int found=0; + for(auto sigsz:std::vector>{{sig1,sizeof(sig1)},{sig2,sizeof(sig2)},{sig3,sizeof(sig3)},{sig4,sizeof(sig4)}}){ + auto fd= MemDbg::findBytes(sigsz.first, sigsz.second, funcaddr, addr); + if(fd)found+=1; + } + if(found==4){ + { + HookParam hp; + hp.address = funcaddr; + hp.type = CODEC_ANSI_BE; + hp.offset=get_stack(2); + ok|=NewHook(hp, "Artemis4A"); + } + { + HookParam hp; + hp.address = funcaddr+5; + hp.type = CODEC_UTF16; + hp.offset=get_stack(2); + ok|=NewHook(hp, "Artemis4W"); + } + return ok; + } + } + return false; + } +} +bool Artemis::attach_function() { + + return InsertArtemis1Hook() || InsertArtemis2Hook() || InsertArtemis3Hook()||a4(); +} \ No newline at end of file diff --git a/LunaHook/engine32/Artemis.h b/LunaHook/engine32/Artemis.h new file mode 100644 index 0000000..e738efa --- /dev/null +++ b/LunaHook/engine32/Artemis.h @@ -0,0 +1,11 @@ +#include"engine.h" + +class Artemis:public ENGINE{ + public: + Artemis(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"*.pfs"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Atelier.cpp b/LunaHook/engine32/Atelier.cpp new file mode 100644 index 0000000..8b8f71d --- /dev/null +++ b/LunaHook/engine32/Atelier.cpp @@ -0,0 +1,248 @@ +#include"Atelier.h" +/******************************************************************************************** +AtelierKaguya hook: + Game folder contains message.dat. Used by AtelierKaguya games. + Usually has font caching issue with TextOutA. + Game engine uses EBP to set up stack frame so we can easily trace back. + Keep step out until it's in main game module. We notice that either register or + stack contains string pointer before call instruction. But it's not quite stable. + In-depth analysis of the called function indicates that there's a loop traverses + the string one character by one. We can set a hook there. + This search process is too complex so I just make use of some characteristic + instruction(add esi,0x40) to locate the right point. +********************************************************************************************/ +bool InsertAtelierHook() +{ + PcHooks::hookOtherPcFunctions(); // lstrlenA gives good hook too + //SafeFillRange(processName, &base, &size); + //size=size-base; + //DWORD sig = 0x40c683; // add esi,0x40 + //i=processStartAddress+SearchPattern(processStartAddress,processStopAddress-processStartAddress,&sig,3); + DWORD i; + for (i = processStartAddress; i < processStopAddress - 4; i++) { + DWORD sig = *(DWORD *)i & 0xffffff; + if (0x40c683 == sig) // add esi,0x40 + break; + } + if (i < processStopAddress - 4) + for (DWORD j=i-0x200; i>j; i--) + if (*(DWORD *)i == 0xff6acccc) { // find the function entry + HookParam hp; + hp.address = i+2; + hp.offset=get_stack(2); + hp.split = get_reg(regs::esp); + hp.type = USING_SPLIT; + ConsoleOutput("INSERT Aterlier KAGUYA"); + + //RegisterEngineType(ENGINE_ATELIER); + return NewHook(hp, "Atelier KAGUYA"); + } + + ConsoleOutput("Aterlier: failed"); + return false; + //ConsoleOutput("Unknown Atelier KAGUYA engine."); +} + +bool InsertAtelierKaguya2Hook() +{ + + /* + * Sample games: + * https://vndb.org/v22713 + * https://vndb.org/v31685 + * https://vndb.org/v37081 + */ + const BYTE bytes[] = { + 0x51, // push ecx << hook here + 0x50, // push eax + 0xE8, XX4, // call Start.exe+114307 + 0x83, 0xC4, 0x08, // add esp,08 + 0x85, 0xC0, // test eax,eax + 0x78, 0xA1 // js Start.exe+48947 + }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + ConsoleOutput("Atelier KAGUYA2: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::eax); + hp.type = USING_STRING|EMBED_AFTER_OVERWRITE|EMBED_BEFORE_SIMPLE|EMBED_ABLE|EMBED_DYNA_SJIS; + hp.hook_font=F_TextOutA; + hp.filter_fun = NewLineCharToSpaceFilterA; + ConsoleOutput("INSERT Atelier KAGUYA2"); + + return NewHook(hp, "Atelier KAGUYA2"); +} + +bool InsertAtelierKaguya3Hook() +{ + + /* + * Sample games: + * https://vndb.org/v10082 + */ + const BYTE bytes[] = { + 0x55, // push ebp << hook here + 0x8B, 0xEC, // mov ebp,esp + 0x6A, 0xFF, // push -01 + 0x68, 0x80, 0xB9, 0x4D, 0x00, // push Start.exe+DB980 + 0x64, 0xA1, XX4, // mov eax,fs:[00000000] + 0x50, // push eax + 0x51, // push ecx + 0x81, 0xEC, 0xAC, 0x00, 0x00, 0x00 // sub esp,000000AC + }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + ConsoleOutput("Atelier KAGUYA3: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::eax); + hp.type = USING_STRING; + hp.filter_fun = NewLineCharToSpaceFilterA; + ConsoleOutput("INSERT Atelier KAGUYA3"); + + return NewHook(hp, "Atelier KAGUYA3"); +} + +bool InsertAtelierKaguya4Hook() +{ + + /* + * Sample games: + * https://vndb.org/v14705 + */ + const BYTE bytes[] = { + 0xE8, 0x90, 0xA8, 0xFF, 0xFF, // call Start.exe+18380 + 0x89, 0x45, 0xF8, // mov [ebp-08],eax + 0x8B, 0x4D, 0x10, // mov ecx,[ebp+10] + 0x51, // push ecx + 0x8B, 0x55, 0x0C, // mov edx,[ebp+0C] + 0x52, // push edx + 0x8B, 0x45, 0x08, // mov eax,[ebp+08] + 0x50 // push eax << hook here + }; + enum { addr_offset = sizeof(bytes) - 1 }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + ConsoleOutput("Atelier KAGUYA4: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr + addr_offset; + hp.offset=get_reg(regs::eax); + hp.type = USING_STRING; + hp.filter_fun = NewLineCharToSpaceFilterA; + ConsoleOutput("INSERT Atelier KAGUYA4"); + + return NewHook(hp, "Atelier KAGUYA4"); +} + +bool InsertAtelierKaguya5Hook() +{ + + /* + * Sample games: + * https://vndb.org/v11224 + */ + const BYTE bytes[] = { + 0xC2, 0x04, 0x00, // ret 0004 + 0x55, // push ebp << hook here + 0x8B, 0xEC, // mov ebp,esp + 0x6A, 0xFF, // push -01 + 0x68, XX4, // push Start.exe+DA680 + 0x64, 0xA1, 0x00, 0x00, 0x00, 0x00, // mov eax,fs:[00000000] + 0x50, // push eax + 0x51, // push ecx + }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + ConsoleOutput("Atelier KAGUYA5: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr + 3; + hp.offset=get_reg(regs::eax); + hp.type = USING_STRING; + hp.filter_fun = NewLineCharToSpaceFilterA; + ConsoleOutput("INSERT Atelier KAGUYA5"); + + return NewHook(hp, "Atelier KAGUYA5"); +} +bool InsertAtelierKaguyaX() +{ + //エロティ課 誘惑研修はじまるよ~ しごいちゃうから覚悟なさい! + const BYTE bytes[] = { + 0x3D,0xF0,0x41,0x00,0x00, + 0x75 + }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) return false; + + addr = findfuncstart(addr,0x1000); + if (!addr) return false; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.type = USING_STRING; + + return NewHook(hp, "Atelier KAGUYA3"); +} +bool Atelier::attach_function() { + + return InsertAtelierHook() || InsertAtelierKaguya2Hook() ||InsertAtelierKaguyaX()|| InsertAtelierKaguya3Hook() || InsertAtelierKaguya4Hook() || InsertAtelierKaguya5Hook(); +} + + +bool Atelier2attach_function(){ + //https://vndb.org/v304 + //ダンジョンクルセイダーズ~TALES OF DEMON EATER~ +const BYTE bytes[] = { + 0x83 ,0xFE ,0x34 , + 0xF6 ,XX , + 0x88 ,XX,0x24 ,0x29 , + 0x7D + }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) return false; + + HookParam hp; + hp.address = addr+sizeof(bytes)-1; + hp.offset = get_stack(10); + return NewHook(hp, "Atelier KAGUYA3"); +} + + +bool Atelier2attach_function2(){ + //https://vndb.org/v7264 + //禁断の病棟 特殊精神科医 遊佐惣介の診察記録 + auto addr=MemDbg::findCallerAddressAfterInt3((ULONG)TextOutA,processStartAddress,processStopAddress); + if(addr==0)return 0; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(3); + hp.type=USING_STRING|DATA_INDIRECT; + + return NewHook(hp, "Atelier KAGUYA"); +} +bool Atelier2::attach_function(){ + return Atelier2attach_function()||Atelier2attach_function2(); +} \ No newline at end of file diff --git a/LunaHook/engine32/Atelier.h b/LunaHook/engine32/Atelier.h new file mode 100644 index 0000000..bcef5bd --- /dev/null +++ b/LunaHook/engine32/Atelier.h @@ -0,0 +1,24 @@ +#include"engine.h" + +class Atelier:public ENGINE{ + public: + Atelier(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"message.dat"; + }; + bool attach_function(); +}; + +class Atelier2:public ENGINE{ + public: + Atelier2(){ + + check_by=CHECK_BY::CUSTOM; + check_by_target=[](){ + return (Util::CheckFile(L"*.ARC")&&Util::CheckFile(L"*.ARI"))|| + (Util::CheckFile(L"ARC\\*.ARC")&&Util::CheckFile(L"ARC\\*.ARI")); + }; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/BGI.cpp b/LunaHook/engine32/BGI.cpp new file mode 100644 index 0000000..388ef03 --- /dev/null +++ b/LunaHook/engine32/BGI.cpp @@ -0,0 +1,1542 @@ +#include"BGI.h" +#include"embed_util.h" +/******************************************************************************************** +BGI hook: + Usually game folder contains BGI.*. After first run BGI.gdb appears. + + BGI engine has font caching issue so the strategy is simple. + First find call to TextOutA or TextOutW then reverse to function entry point, + until full text is caught. + After 2 tries we will get to the right place. Use ESP value to split text since + it's likely to be different for different calls. +********************************************************************************************/ +namespace { // unnamed +#if 0 // jichi 12/28/2013: dynamic BGI is not used +static bool FindBGIHook(DWORD fun, DWORD size, DWORD pt, WORD sig) +{ + if (!fun) { + ConsoleOutput("BGI: cannot find BGI hook"); + //swprintf(str, L"Can't find BGI hook: %.8X.",fun); + //ConsoleOutput(str); + return false; + } + //WCHAR str[0x40]; + //i=FindCallBoth(fun,size,pt); + + //swprintf(str, L"CALL addr: 0x%.8X",pt+i); + //ConsoleOutput(str); + for (DWORD i = fun, j = fun; j > i - 0x100; j--) + if ((*(WORD *)(pt + j)) == sig) { // Fun entry 1. + //swprintf(str, L"Entry 1: 0x%.8X",pt+j); + //ConsoleOutput(str); + for (DWORD k = i + 0x100; k < i+0x800; k++) + if (*(BYTE *)(pt + k) == 0xe8) + if (k + 5 + *(DWORD *)(pt + k + 1) == j) { // Find call to fun1. + //swprintf(str, L"CALL to entry 1: 0x%.8X",pt+k); + //ConsoleOutput(str); + for (DWORD l = k; l > k - 0x100;l--) + if ((*(WORD *)(pt + l)) == 0xec83) { // Fun entry 2. + //swprintf(str, L"Entry 2(final): 0x%.8X",pt+l); + //ConsoleOutput(str); + HookParam hp; + hp.address = (DWORD)pt + l; + hp.offset=get_stack(2); + hp.split =get_reg(regs::esp); + hp.type = CODEC_ANSI_BE|USING_SPLIT; + ConsoleOutput("INSERT DynamicBGI"); + + return NewHook(hp, "BGI"); + } + } + } + ConsoleOutput("DynamicBGI: failed"); + return false; +} +bool InsertBGIDynamicHook(LPVOID addr, DWORD frame, DWORD stack) +{ + if (addr != TextOutA && addr != TextOutW) { + //ConsoleOutput("DynamicBGI: failed"); + return false; + } + + DWORD i = *(DWORD *)(stack + 4) - processStartAddress; + return FindBGIHook(i, processStopAddress - processStartAddress, processStartAddress, 0xec83); +} +#endif // 0 + +/** jichi 5/12/2014 + * Sample game: FORTUNE ARTERIAL, case 2 at 0x41ebd0 + * + * sub_41EBD0 proc near, seems to take 5 parameters + * + * 0041ebd0 /$ 83ec 28 sub esp,0x28 ; jichi: hook here, beginning of the function + * 0041ebd3 |. 55 push ebp + * 0041ebd4 |. 8b6c24 38 mov ebp,dword ptr ss:[esp+0x38] + * 0041ebd8 |. 81fd 00ff0000 cmp ebp,0xff00 + * 0041ebde |. 0f82 e1000000 jb bgi.0041ecc5 + * 0041ebe4 |. 81fd ffff0000 cmp ebp,0xffff + * 0041ebea |. 0f87 d5000000 ja bgi.0041ecc5 + * 0041ebf0 |. a1 54634900 mov eax,dword ptr ds:[0x496354] + * 0041ebf5 |. 8bd5 mov edx,ebp + * 0041ebf7 |. 81e2 ff000000 and edx,0xff + * 0041ebfd |. 53 push ebx + * 0041ebfe |. 4a dec edx + * 0041ebff |. 33db xor ebx,ebx + * 0041ec01 |. 3bd0 cmp edx,eax + * 0041ec03 |. 56 push esi + * 0041ec04 |. 0f8d 8a000000 jge bgi.0041ec94 + * 0041ec0a |. 57 push edi + * 0041ec0b |. b9 06000000 mov ecx,0x6 + * 0041ec10 |. be 5c634900 mov esi,bgi.0049635c + * 0041ec15 |. 8d7c24 20 lea edi,dword ptr ss:[esp+0x20] + * 0041ec19 |. f3:a5 rep movs dword ptr es:[edi],dword ptr ds> + * 0041ec1b |. 8b0d 58634900 mov ecx,dword ptr ds:[0x496358] + * 0041ec21 |. 8b7424 3c mov esi,dword ptr ss:[esp+0x3c] + * 0041ec25 |. 8bc1 mov eax,ecx + * 0041ec27 |. 5f pop edi + * 0041ec28 |. 0fafc2 imul eax,edx + * 0041ec2b |. 8b56 08 mov edx,dword ptr ds:[esi+0x8] + * 0041ec2e |. 894424 0c mov dword ptr ss:[esp+0xc],eax + * 0041ec32 |. 3bca cmp ecx,edx + * 0041ec34 |. 7e 02 jle short bgi.0041ec38 + * 0041ec36 |. 8bca mov ecx,edx + * 0041ec38 |> 8d4401 ff lea eax,dword ptr ds:[ecx+eax-0x1] + * 0041ec3c |. 8b4c24 28 mov ecx,dword ptr ss:[esp+0x28] + * 0041ec40 |. 894424 14 mov dword ptr ss:[esp+0x14],eax + * 0041ec44 |. 8b46 0c mov eax,dword ptr ds:[esi+0xc] + * 0041ec47 |. 3bc8 cmp ecx,eax + * 0041ec49 |. 895c24 10 mov dword ptr ss:[esp+0x10],ebx + * 0041ec4d |. 77 02 ja short bgi.0041ec51 + * 0041ec4f |. 8bc1 mov eax,ecx + * 0041ec51 |> 8d4c24 0c lea ecx,dword ptr ss:[esp+0xc] + * 0041ec55 |. 8d5424 1c lea edx,dword ptr ss:[esp+0x1c] + * 0041ec59 |. 48 dec eax + * 0041ec5a |. 51 push ecx + * 0041ec5b |. 52 push edx + * 0041ec5c |. 894424 20 mov dword ptr ss:[esp+0x20],eax + * 0041ec60 |. e8 7b62feff call bgi.00404ee0 + * 0041ec65 |. 8b4424 34 mov eax,dword ptr ss:[esp+0x34] + * 0041ec69 |. 83c4 08 add esp,0x8 + * 0041ec6c |. 83f8 03 cmp eax,0x3 + * 0041ec6f |. 75 15 jnz short bgi.0041ec86 + * 0041ec71 |. 8b4424 48 mov eax,dword ptr ss:[esp+0x48] + * 0041ec75 |. 8d4c24 1c lea ecx,dword ptr ss:[esp+0x1c] + * 0041ec79 |. 50 push eax + * 0041ec7a |. 51 push ecx + * 0041ec7b |. 56 push esi + * 0041ec7c |. e8 1fa0feff call bgi.00408ca0 + */ +bool InsertBGI1Hook() +{ + union { + DWORD i; + DWORD *id; + BYTE *ib; + }; + HookParam hp; + for (i = processStartAddress + 0x1000; i < processStopAddress; i++) { + if (ib[0] == 0x3d) { + i++; + if (id[0] == 0xffff) { //cmp eax,0xffff + hp.address = SafeFindEnclosingAlignedFunction(i, 0x40); + if (hp.address) { + hp.offset=get_stack(3); + hp.split = get_reg(regs::esp); + hp.type = CODEC_ANSI_BE|USING_SPLIT; + ConsoleOutput("INSERT BGI#1"); + + //RegisterEngineType(ENGINE_BGI); + return NewHook(hp, "BGI"); + } + } + } + if (ib[0] == 0x81 && ((ib[1] & 0xf8) == 0xf8)) { + i += 2; + if (id[0] == 0xffff) { //cmp reg,0xffff + hp.address = SafeFindEnclosingAlignedFunction(i, 0x40); + if (hp.address) { + hp.offset=get_stack(3); + hp.split = get_reg(regs::esp); + hp.type = CODEC_ANSI_BE|USING_SPLIT; + ConsoleOutput("INSERT BGI#2"); + + //RegisterEngineType(ENGINE_BGI); + return NewHook(hp, "BGI"); + } + } + } + } + //ConsoleOutput("Unknown BGI engine."); + + //ConsoleOutput("Probably BGI. Wait for text."); + //SwitchTrigger(true); + //trigger_fun=InsertBGIDynamicHook; + ConsoleOutput("BGI: failed"); + return false; +} + +/** + * jichi 2/5/2014: Add an alternative BGI hook + * + * Issue: This hook cannot extract character name for コトバの消えた日 + * + * See: http://tieba.baidu.com/p/2845113296 + * 世界と世界の真ん中で + * - /HSN4@349E0:sekachu.exe // Disabled BGI3, floating split char + * - /HS-1C:-4@68E56 // Not used, cannot detect character name + * - /HSC@34C80:sekachu.exe // BGI2, extract both scenario and character names + * + * [Lump of Sugar] 世界と世界の真ん中で + * /HSC@34C80:sekachu.exe + * - addr: 216192 = 0x34c80 + * - module: 3599131534 + * - off: 12 = 0xc + * - type: 65 = 0x41 + * + * base: 0x11a0000 + * hook_addr = base + addr = 0x11d4c80 + * + * 011d4c7e cc int3 + * 011d4c7f cc int3 + * 011d4c80 /$ 55 push ebp ; jichi: hook here + * 011d4c81 |. 8bec mov ebp,esp + * 011d4c83 |. 6a ff push -0x1 + * 011d4c85 |. 68 e6592601 push sekachu.012659e6 + * 011d4c8a |. 64:a1 00000000 mov eax,dword ptr fs:[0] + * 011d4c90 |. 50 push eax + * 011d4c91 |. 81ec 300d0000 sub esp,0xd30 + * 011d4c97 |. a1 d8c82801 mov eax,dword ptr ds:[0x128c8d8] + * 011d4c9c |. 33c5 xor eax,ebp + * 011d4c9e |. 8945 f0 mov dword ptr ss:[ebp-0x10],eax + * 011d4ca1 |. 53 push ebx + * 011d4ca2 |. 56 push esi + * 011d4ca3 |. 57 push edi + * 011d4ca4 |. 50 push eax + * 011d4ca5 |. 8d45 f4 lea eax,dword ptr ss:[ebp-0xc] + * 011d4ca8 |. 64:a3 00000000 mov dword ptr fs:[0],eax + * 011d4cae |. 8b4d 0c mov ecx,dword ptr ss:[ebp+0xc] + * 011d4cb1 |. 8b55 18 mov edx,dword ptr ss:[ebp+0x18] + * 011d4cb4 |. 8b45 08 mov eax,dword ptr ss:[ebp+0x8] + * 011d4cb7 |. 8b5d 10 mov ebx,dword ptr ss:[ebp+0x10] + * 011d4cba |. 8b7d 38 mov edi,dword ptr ss:[ebp+0x38] + * 011d4cbd |. 898d d8f3ffff mov dword ptr ss:[ebp-0xc28],ecx + * 011d4cc3 |. 8b4d 28 mov ecx,dword ptr ss:[ebp+0x28] + * 011d4cc6 |. 8995 9cf3ffff mov dword ptr ss:[ebp-0xc64],edx + * 011d4ccc |. 51 push ecx + * 011d4ccd |. 8b0d 305c2901 mov ecx,dword ptr ds:[0x1295c30] + * 011d4cd3 |. 8985 e0f3ffff mov dword ptr ss:[ebp-0xc20],eax + * 011d4cd9 |. 8b45 1c mov eax,dword ptr ss:[ebp+0x1c] + * 011d4cdc |. 8d95 4cf4ffff lea edx,dword ptr ss:[ebp-0xbb4] + * 011d4ce2 |. 52 push edx + * 011d4ce3 |. 899d 40f4ffff mov dword ptr ss:[ebp-0xbc0],ebx + * 011d4ce9 |. 8985 1cf4ffff mov dword ptr ss:[ebp-0xbe4],eax + * 011d4cef |. 89bd f0f3ffff mov dword ptr ss:[ebp-0xc10],edi + * 011d4cf5 |. e8 862efdff call sekachu.011a7b80 + * 011d4cfa |. 33c9 xor ecx,ecx + * 011d4cfc |. 8985 60f3ffff mov dword ptr ss:[ebp-0xca0],eax + * 011d4d02 |. 3bc1 cmp eax,ecx + * 011d4d04 |. 0f84 0f1c0000 je sekachu.011d6919 + * 011d4d0a |. e8 31f6ffff call sekachu.011d4340 + * 011d4d0f |. e8 6cf8ffff call sekachu.011d4580 + * 011d4d14 |. 8985 64f3ffff mov dword ptr ss:[ebp-0xc9c],eax + * 011d4d1a |. 8a03 mov al,byte ptr ds:[ebx] + * 011d4d1c |. 898d 90f3ffff mov dword ptr ss:[ebp-0xc70],ecx + * 011d4d22 |. 898d 14f4ffff mov dword ptr ss:[ebp-0xbec],ecx + * 011d4d28 |. 898d 38f4ffff mov dword ptr ss:[ebp-0xbc8],ecx + * 011d4d2e |. 8d71 01 lea esi,dword ptr ds:[ecx+0x1] + * 011d4d31 |. 3c 20 cmp al,0x20 ; jichi: pattern starts + * 011d4d33 |. 7d 75 jge short sekachu.011d4daa + * 011d4d35 |. 0fbec0 movsx eax,al + * 011d4d38 |. 83c0 fe add eax,-0x2 ; switch (cases 2..8) + * 011d4d3b |. 83f8 06 cmp eax,0x6 + * 011d4d3e |. 77 6a ja short sekachu.011d4daa + * 011d4d40 |. ff2485 38691d0>jmp dword ptr ds:[eax*4+0x11d6938] + * + * 蒼の彼方 体験版 (8/6/2014) + * 01312cce cc int3 ; jichi: reladdr = 0x32cd0 + * 01312ccf cc int3 + * 01312cd0 $ 55 push ebp + * 01312cd1 . 8bec mov ebp,esp + * 01312cd3 . 83e4 f8 and esp,0xfffffff8 + * 01312cd6 . 6a ff push -0x1 + * 01312cd8 . 68 86583a01 push 蒼の彼方.013a5886 + * 01312cdd . 64:a1 00000000 mov eax,dword ptr fs:[0] + * 01312ce3 . 50 push eax + * 01312ce4 . 81ec 38090000 sub esp,0x938 + * 01312cea . a1 24673c01 mov eax,dword ptr ds:[0x13c6724] + * 01312cef . 33c4 xor eax,esp + * 01312cf1 . 898424 3009000>mov dword ptr ss:[esp+0x930],eax + * 01312cf8 . 53 push ebx + * 01312cf9 . 56 push esi + * 01312cfa . 57 push edi + * 01312cfb . a1 24673c01 mov eax,dword ptr ds:[0x13c6724] + * 01312d00 . 33c4 xor eax,esp + * 01312d02 . 50 push eax + * 01312d03 . 8d8424 4809000>lea eax,dword ptr ss:[esp+0x948] + * 01312d0a . 64:a3 00000000 mov dword ptr fs:[0],eax + * 01312d10 . 8b45 08 mov eax,dword ptr ss:[ebp+0x8] + * 01312d13 . 8b7d 0c mov edi,dword ptr ss:[ebp+0xc] + * 01312d16 . 8b5d 30 mov ebx,dword ptr ss:[ebp+0x30] + * 01312d19 . 898424 8800000>mov dword ptr ss:[esp+0x88],eax + * 01312d20 . 8b45 14 mov eax,dword ptr ss:[ebp+0x14] + * 01312d23 . 898c24 8c00000>mov dword ptr ss:[esp+0x8c],ecx + * 01312d2a . 8b0d a8734a01 mov ecx,dword ptr ds:[0x14a73a8] + * 01312d30 . 894424 4c mov dword ptr ss:[esp+0x4c],eax + * 01312d34 . 899424 bc00000>mov dword ptr ss:[esp+0xbc],edx + * 01312d3b . 8b55 20 mov edx,dword ptr ss:[ebp+0x20] + * 01312d3e . 51 push ecx ; /arg1 => 00000000 + * 01312d3f . 8d8424 0c02000>lea eax,dword ptr ss:[esp+0x20c] ; | + * 01312d46 . 897c24 34 mov dword ptr ss:[esp+0x34],edi ; | + * 01312d4a . 899c24 8800000>mov dword ptr ss:[esp+0x88],ebx ; | + * 01312d51 . e8 ca59fdff call 蒼の彼方.012e8720 ; \蒼の彼方.012e8720 + * 01312d56 . 33c9 xor ecx,ecx + * 01312d58 . 898424 f400000>mov dword ptr ss:[esp+0xf4],eax + * 01312d5f . 3bc1 cmp eax,ecx + * 01312d61 . 0f84 391b0000 je 蒼の彼方.013148a0 + * 01312d67 . e8 54280000 call 蒼の彼方.013155c0 + * 01312d6c . e8 7f2a0000 call 蒼の彼方.013157f0 + * 01312d71 . 898424 f800000>mov dword ptr ss:[esp+0xf8],eax + * 01312d78 . 8a07 mov al,byte ptr ds:[edi] + * 01312d7a . 898c24 c400000>mov dword ptr ss:[esp+0xc4],ecx + * 01312d81 . 894c24 2c mov dword ptr ss:[esp+0x2c],ecx + * 01312d85 . 894c24 1c mov dword ptr ss:[esp+0x1c],ecx + * 01312d89 . b9 01000000 mov ecx,0x1 + * 01312d8e . 3c 20 cmp al,0x20 ; jichi: pattern starts + * 01312d90 . 7d 58 jge short 蒼の彼方.01312dea + * 01312d92 . 0fbec0 movsx eax,al + * 01312d95 . 83c0 fe add eax,-0x2 ; switch (cases 2..8) + * 01312d98 . 83f8 06 cmp eax,0x6 + * 01312d9b . 77 4d ja short 蒼の彼方.01312dea + * 01312d9d . ff2485 c448310>jmp dword ptr ds:[eax*4+0x13148c4] + * 01312da4 > 898c24 c400000>mov dword ptr ss:[esp+0xc4],ecx ; case 2 of switch 01312d95 + * 01312dab . 03f9 add edi,ecx + * 01312dad . eb 37 jmp short 蒼の彼方.01312de6 + * 01312daf > 894c24 2c mov dword ptr ss:[esp+0x2c],ecx ; case 3 of switch 01312d95 + * 01312db3 . 03f9 add edi,ecx + * 01312db5 . eb 2f jmp short 蒼の彼方.01312de6 + * 01312db7 > ba e0103b01 mov edx,蒼の彼方.013b10e0 ; case 4 of switch 01312d95 + * 01312dbc . eb 1a jmp short 蒼の彼方.01312dd8 + * 01312dbe > ba e4103b01 mov edx,蒼の彼方.013b10e4 ; case 5 of switch 01312d95 + * 01312dc3 . eb 13 jmp short 蒼の彼方.01312dd8 + * 01312dc5 > ba e8103b01 mov edx,蒼の彼方.013b10e8 ; case 6 of switch 01312d95 + * 01312dca . eb 0c jmp short 蒼の彼方.01312dd8 + * 01312dcc > ba ec103b01 mov edx,蒼の彼方.013b10ec ; case 7 of switch 01312d95 + * 01312dd1 . eb 05 jmp short 蒼の彼方.01312dd8 + * 01312dd3 > ba f0103b01 mov edx,蒼の彼方.013b10f0 ; case 8 of switch 01312d95 + * 01312dd8 > 8d7424 14 lea esi,dword ptr ss:[esp+0x14] + * 01312ddc . 894c24 1c mov dword ptr ss:[esp+0x1c],ecx + * 01312de0 . e8 1b8dffff call 蒼の彼方.0130bb00 + * 01312de5 . 47 inc edi + * 01312de6 > 897c24 30 mov dword ptr ss:[esp+0x30],edi + * 01312dea > 8d8424 0802000>lea eax,dword ptr ss:[esp+0x208] ; default case of switch 01312d95 + * 01312df1 . e8 ba1b0000 call 蒼の彼方.013149b0 + * 01312df6 . 837d 10 00 cmp dword ptr ss:[ebp+0x10],0x0 + * 01312dfa . 8bb424 2802000>mov esi,dword ptr ss:[esp+0x228] + * 01312e01 . 894424 5c mov dword ptr ss:[esp+0x5c],eax + * 01312e05 . 74 12 je short 蒼の彼方.01312e19 + * 01312e07 . 56 push esi ; /arg1 + * 01312e08 . e8 c31b0000 call 蒼の彼方.013149d0 ; \蒼の彼方.013149d0 + * 01312e0d . 83c4 04 add esp,0x4 + * 01312e10 . 898424 c000000>mov dword ptr ss:[esp+0xc0],eax + * 01312e17 . eb 0b jmp short 蒼の彼方.01312e24 + * 01312e19 > c78424 c000000>mov dword ptr ss:[esp+0xc0],0x0 + * 01312e24 > 8b4b 04 mov ecx,dword ptr ds:[ebx+0x4] + * 01312e27 . 0fafce imul ecx,esi + * 01312e2a . b8 1f85eb51 mov eax,0x51eb851f + * 01312e2f . f7e9 imul ecx + * 01312e31 . c1fa 05 sar edx,0x5 + * 01312e34 . 8bca mov ecx,edx + * 01312e36 . c1e9 1f shr ecx,0x1f + * 01312e39 . 03ca add ecx,edx + * 01312e3b . 894c24 70 mov dword ptr ss:[esp+0x70],ecx + * 01312e3f . 85c9 test ecx,ecx + * 01312e41 . 7f 09 jg short 蒼の彼方.01312e4c + * 01312e43 . b9 01000000 mov ecx,0x1 + * 01312e48 . 894c24 70 mov dword ptr ss:[esp+0x70],ecx + * 01312e4c > 8b53 08 mov edx,dword ptr ds:[ebx+0x8] + * 01312e4f . 0fafd6 imul edx,esi + * 01312e52 . b8 1f85eb51 mov eax,0x51eb851f + * 01312e57 . f7ea imul edx + * 01312e59 . c1fa 05 sar edx,0x5 + * 01312e5c . 8bc2 mov eax,edx + * 01312e5e . c1e8 1f shr eax,0x1f + * 01312e61 . 03c2 add eax,edx + * 01312e63 . 894424 78 mov dword ptr ss:[esp+0x78],eax + * 01312e67 . 85c0 test eax,eax + * 01312e69 . 7f 09 jg short 蒼の彼方.01312e74 + * 01312e6b . b8 01000000 mov eax,0x1 + * 01312e70 . 894424 78 mov dword ptr ss:[esp+0x78],eax + * 01312e74 > 33d2 xor edx,edx + * 01312e76 . 895424 64 mov dword ptr ss:[esp+0x64],edx + * 01312e7a . 895424 6c mov dword ptr ss:[esp+0x6c],edx + * 01312e7e . 8b13 mov edx,dword ptr ds:[ebx] + * 01312e80 . 4a dec edx ; switch (cases 1..2) + * 01312e81 . 74 0e je short 蒼の彼方.01312e91 + * 01312e83 . 4a dec edx + * 01312e84 . 75 13 jnz short 蒼の彼方.01312e99 + * 01312e86 . 8d1409 lea edx,dword ptr ds:[ecx+ecx] ; case 2 of switch 01312e80 + * 01312e89 . 895424 64 mov dword ptr ss:[esp+0x64],edx + * 01312e8d . 03c0 add eax,eax + * 01312e8f . eb 04 jmp short 蒼の彼方.01312e95 + * 01312e91 > 894c24 64 mov dword ptr ss:[esp+0x64],ecx ; case 1 of switch 01312e80 + * 01312e95 > 894424 6c mov dword ptr ss:[esp+0x6c],eax + * 01312e99 > 8b9c24 3802000>mov ebx,dword ptr ss:[esp+0x238] ; default case of switch 01312e80 + * 01312ea0 . 8bc3 mov eax,ebx + * 01312ea2 . e8 d98bffff call 蒼の彼方.0130ba80 + * 01312ea7 . 8bc8 mov ecx,eax + * 01312ea9 . 8bc3 mov eax,ebx + * 01312eab . e8 e08bffff call 蒼の彼方.0130ba90 + * 01312eb0 . 6a 01 push 0x1 ; /arg1 = 00000001 + * 01312eb2 . 8bd0 mov edx,eax ; | + * 01312eb4 . 8db424 1c01000>lea esi,dword ptr ss:[esp+0x11c] ; | + * 01312ebb . e8 3056fdff call 蒼の彼方.012e84f0 ; \蒼の彼方.012e84f0 + * 01312ec0 . 8bc7 mov eax,edi + * 01312ec2 . 83c4 04 add esp,0x4 + * 01312ec5 . 8d70 01 lea esi,dword ptr ds:[eax+0x1] + * 01312ec8 > 8a08 mov cl,byte ptr ds:[eax] + * 01312eca . 40 inc eax + * 01312ecb . 84c9 test cl,cl + * 01312ecd .^75 f9 jnz short 蒼の彼方.01312ec8 + * 01312ecf . 2bc6 sub eax,esi + * 01312ed1 . 40 inc eax + * 01312ed2 . 50 push eax + * 01312ed3 . e8 e74c0600 call 蒼の彼方.01377bbf + * 01312ed8 . 33f6 xor esi,esi + * 01312eda . 83c4 04 add esp,0x4 + * + * 1/1/2016 + * コドモノアソビ trial + * + * 00A64259 CC INT3 + * 00A6425A CC INT3 + * 00A6425B CC INT3 + * 00A6425C CC INT3 + * 00A6425D CC INT3 + * 00A6425E CC INT3 + * 00A6425F CC INT3 + * 00A64260 55 PUSH EBP + * 00A64261 8BEC MOV EBP,ESP + * 00A64263 83E4 F8 AND ESP,0xFFFFFFF8 + * 00A64266 6A FF PUSH -0x1 + * 00A64268 68 D610B000 PUSH .00B010D6 + * 00A6426D 64:A1 00000000 MOV EAX,DWORD PTR FS:[0] + * 00A64273 50 PUSH EAX + * 00A64274 81EC 40090000 SUB ESP,0x940 + * 00A6427A A1 2417B200 MOV EAX,DWORD PTR DS:[0xB21724] + * 00A6427F 33C4 XOR EAX,ESP + * 00A64281 898424 38090000 MOV DWORD PTR SS:[ESP+0x938],EAX + * 00A64288 53 PUSH EBX + * 00A64289 56 PUSH ESI + * 00A6428A 57 PUSH EDI + * 00A6428B A1 2417B200 MOV EAX,DWORD PTR DS:[0xB21724] + * 00A64290 33C4 XOR EAX,ESP + * 00A64292 50 PUSH EAX + * 00A64293 8D8424 50090000 LEA EAX,DWORD PTR SS:[ESP+0x950] + * 00A6429A 64:A3 00000000 MOV DWORD PTR FS:[0],EAX + * 00A642A0 8B45 08 MOV EAX,DWORD PTR SS:[EBP+0x8] + * 00A642A3 8B7D 0C MOV EDI,DWORD PTR SS:[EBP+0xC] + * 00A642A6 8B5D 30 MOV EBX,DWORD PTR SS:[EBP+0x30] + * 00A642A9 894424 50 MOV DWORD PTR SS:[ESP+0x50],EAX + * 00A642AD 8B45 14 MOV EAX,DWORD PTR SS:[EBP+0x14] + * 00A642B0 894C24 74 MOV DWORD PTR SS:[ESP+0x74],ECX + * 00A642B4 8B0D A024B800 MOV ECX,DWORD PTR DS:[0xB824A0] + * 00A642BA 894424 4C MOV DWORD PTR SS:[ESP+0x4C],EAX + * 00A642BE 899424 B8000000 MOV DWORD PTR SS:[ESP+0xB8],EDX + * 00A642C5 8B55 20 MOV EDX,DWORD PTR SS:[EBP+0x20] + * 00A642C8 51 PUSH ECX + * 00A642C9 8D8424 14020000 LEA EAX,DWORD PTR SS:[ESP+0x214] + * 00A642D0 897C24 2C MOV DWORD PTR SS:[ESP+0x2C],EDI + * 00A642D4 899C24 88000000 MOV DWORD PTR SS:[ESP+0x88],EBX + * 00A642DB E8 504CFDFF CALL .00A38F30 + * 00A642E0 33C9 XOR ECX,ECX + * 00A642E2 898424 F8000000 MOV DWORD PTR SS:[ESP+0xF8],EAX + * 00A642E9 3BC1 CMP EAX,ECX + * 00A642EB 0F84 391C0000 JE .00A65F2A + * 00A642F1 E8 FA2A0000 CALL .00A66DF0 + * 00A642F6 E8 252D0000 CALL .00A67020 + * 00A642FB 898424 FC000000 MOV DWORD PTR SS:[ESP+0xFC],EAX + * 00A64302 8A07 MOV AL,BYTE PTR DS:[EDI] + * 00A64304 898C24 CC000000 MOV DWORD PTR SS:[ESP+0xCC],ECX + * 00A6430B 894C24 30 MOV DWORD PTR SS:[ESP+0x30],ECX + * 00A6430F 894C24 1C MOV DWORD PTR SS:[ESP+0x1C],ECX + * 00A64313 B9 01000000 MOV ECX,0x1 + * 00A64318 3C 20 CMP AL,0x20 ; jichi: pattern found here + * 00A6431A 7D 58 JGE SHORT .00A64374 + * 00A6431C 0FBEC0 MOVSX EAX,AL + * 00A6431F 83C0 FE ADD EAX,-0x2 + * 00A64322 83F8 06 CMP EAX,0x6 + * 00A64325 77 4D JA SHORT .00A64374 + * 00A64327 FF2485 505FA600 JMP DWORD PTR DS:[EAX*4+0xA65F50] + * 00A6432E 898C24 CC000000 MOV DWORD PTR SS:[ESP+0xCC],ECX + * 00A64335 03F9 ADD EDI,ECX + * 00A64337 EB 37 JMP SHORT .00A64370 + * 00A64339 894C24 30 MOV DWORD PTR SS:[ESP+0x30],ECX + * 00A6433D 03F9 ADD EDI,ECX + * 00A6433F EB 2F JMP SHORT .00A64370 + * 00A64341 BA E0C1B000 MOV EDX,.00B0C1E0 + * 00A64346 EB 1A JMP SHORT .00A64362 + * 00A64348 BA E4C1B000 MOV EDX,.00B0C1E4 + * 00A6434D EB 13 JMP SHORT .00A64362 + * 00A6434F BA E8C1B000 MOV EDX,.00B0C1E8 + * 00A64354 EB 0C JMP SHORT .00A64362 + * 00A64356 BA ECC1B000 MOV EDX,.00B0C1EC + * 00A6435B EB 05 JMP SHORT .00A64362 + * 00A6435D BA F0C1B000 MOV EDX,.00B0C1F0 + * 00A64362 8D7424 14 LEA ESI,DWORD PTR SS:[ESP+0x14] + * 00A64366 894C24 1C MOV DWORD PTR SS:[ESP+0x1C],ECX + * 00A6436A E8 A196FFFF CALL .00A5DA10 + * 00A6436F 47 INC EDI + * 00A64370 897C24 28 MOV DWORD PTR SS:[ESP+0x28],EDI + * 00A64374 8D8424 10020000 LEA EAX,DWORD PTR SS:[ESP+0x210] + * 00A6437B E8 C01C0000 CALL .00A66040 + * 00A64380 837D 10 00 CMP DWORD PTR SS:[EBP+0x10],0x0 + * 00A64384 8BB424 30020000 MOV ESI,DWORD PTR SS:[ESP+0x230] + * 00A6438B 894424 60 MOV DWORD PTR SS:[ESP+0x60],EAX + * 00A6438F 74 12 JE SHORT .00A643A3 + * 00A64391 56 PUSH ESI + * 00A64392 E8 C91C0000 CALL .00A66060 + * 00A64397 83C4 04 ADD ESP,0x4 + * 00A6439A 898424 C4000000 MOV DWORD PTR SS:[ESP+0xC4],EAX + * 00A643A1 EB 0B JMP SHORT .00A643AE + * 00A643A3 C78424 C4000000 >MOV DWORD PTR SS:[ESP+0xC4],0x0 + * 00A643AE 8B4B 04 MOV ECX,DWORD PTR DS:[EBX+0x4] + * 00A643B1 0FAFCE IMUL ECX,ESI + * 00A643B4 B8 1F85EB51 MOV EAX,0x51EB851F + * 00A643B9 F7E9 IMUL ECX + * 00A643BB C1FA 05 SAR EDX,0x5 + * 00A643BE 8BCA MOV ECX,EDX + * 00A643C0 C1E9 1F SHR ECX,0x1F + * 00A643C3 03CA ADD ECX,EDX + * 00A643C5 898C24 94000000 MOV DWORD PTR SS:[ESP+0x94],ECX + * 00A643CC 85C9 TEST ECX,ECX + * 00A643D0 B9 01000000 MOV ECX,0x1 + * ... + */ +//static inline size_t _bgistrlen(LPCSTR text) +//{ +// size_t r = ::strlen(text); +// if (r >=2 && *(WORD *)(text + r - 2) == 0xa581) // remove trailing ▼ = \x81\xa5 +// r -= 2; +// return r; +//} +// +//static void SpecialHookBGI2(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) +//{ +// LPCSTR text = (LPCSTR)*(DWORD *)(esp_base + hp->offset); +// if (text) { +// *data = (DWORD)text; +// *len = _bgistrlen(text); +// } +//} +namespace Private { + enum { Type1 = 1, Type2, Type3,Type_BGI3 } type_; + int textIndex_; // the i-th of argument on the stack holding the text + bool hookBefore(hook_stack*s,void* data, size_t* len,uintptr_t*role) + { + if (type_ == Type_BGI3) { + + DWORD retaddr = s->stack[0]; // retaddr + * role = Engine::ScenarioRole; + strcpy((char*)data,(LPCSTR)s->stack[textIndex_]); + *len=strlen((LPCSTR)s->stack[textIndex_]); + return true; + } + + static std::string data_; // persistent storage, which makes this function not thread-safe + + LPCSTR text = (LPCSTR)s->stack[textIndex_]; // arg2 or arg3 + if (!text || !*text) + return false; + // In Type 1, split = arg8 + // In Type 2, there is no arg8. However, arg8 seems to be a good split that can differenciate choice and character name + //DWORD split = stack->args[3]; // arg4 + //DWORD split = s->stack[8]; // arg8 + //auto sig = Engine::hashThreadSignature(s->stack[0], split); + //enum { role = Engine::UnknownRole }; + + //DWORD split = s->stack[8]; // this is a good split, but usually game-specific + DWORD retaddr = s->stack[0]; // retaddr + //* role = Engine::OtherRole; + switch (type_) { + + case Type3: + switch (s->stack[textIndex_+1]) { + case 1: + if (*(WORD *)(retaddr + 8) == 0xcccc) // two int3 + *role = Engine::ScenarioRole; + break; + case 0: + if (s->stack[10] == 0x00ffffff && s->stack[10 - 3] == 1 || // for old BGI2 games + s->stack[10] == 0 && s->stack[10 - 1] == 0 && s->stack[10 - 2] == 0) // for new BGI2 games + *role = Engine::NameRole; + break; + } break; + case Type2: + switch (s->stack[textIndex_+1]) { + case 1: + // Return address for history text + // 012B37BA 83C4 34 ADD ESP,0x34 + // 012B37BD 837D 24 00 CMP DWORD PTR SS:[EBP+0x24],0x0 + if (*(WORD *)(retaddr + 3) != 0x7d83) + *role = Engine::ScenarioRole; + break; + case 0: + if (s->stack[12] == 0x00ffffff && s->stack[12 - 3] == 2) + *role = Engine::NameRole; + break; + } break; + case Type1: + switch (s->stack[textIndex_+1]) { + case 1: *role = Engine::ScenarioRole; break; + case 0: + if (s->stack[12] == 0x00ffffff && s->stack[12 - 3] == 1) + *role = Engine::NameRole; + break; + } break; + } +strcpy((char*)data,(LPCSTR)s->stack[textIndex_]); + *len=strlen((LPCSTR)s->stack[textIndex_]); + + return true; + } + +} + + /** + * 5/12/2014 + * This is the caller of the ITH BGI hook, which extract text by characters + * and cannot be used for substition. + * + * Sample game: 世界征服彼女 + * ITH hooked function: BGI#2 0x425550, called by 0x427450 + * + * 00427450 /$ 6a ff push -0x1 ; jichi: function starts + * 00427452 |. 68 78634900 push sekajyo_.00496378 ; se handler installation + * 00427457 |. 64:a1 00000000 mov eax,dword ptr fs:[0] + * 0042745d |. 50 push eax + * 0042745e |. 64:8925 000000>mov dword ptr fs:[0],esp + * 00427465 |. 81ec d80c0000 sub esp,0xcd8 + * 0042746b |. 8b8424 080d000>mov eax,dword ptr ss:[esp+0xd08] + * 00427472 |. 56 push esi + * 00427473 |. 8d8c24 3801000>lea ecx,dword ptr ss:[esp+0x138] + * 0042747a |. 50 push eax + * 0042747b |. 51 push ecx + * 0042747c |. 8b0d e0464b00 mov ecx,dword ptr ds:[0x4b46e0] + * 00427482 |. e8 f9fdfdff call sekajyo_.00407280 + * 00427487 |. 33f6 xor esi,esi + * 00427489 |. 898424 b800000>mov dword ptr ss:[esp+0xb8],eax + * 00427490 |. 3bc6 cmp eax,esi + * 00427492 |. 0f84 95140000 je sekajyo_.0042892d + * 00427498 |. 53 push ebx + * 00427499 |. 55 push ebp + * 0042749a |. 8bac24 fc0c000>mov ebp,dword ptr ss:[esp+0xcfc] + * 004274a1 |. 57 push edi + * 004274a2 |. 89b424 b400000>mov dword ptr ss:[esp+0xb4],esi + * 004274a9 |. 897424 10 mov dword ptr ss:[esp+0x10],esi + * 004274ad |. 8a45 00 mov al,byte ptr ss:[ebp] + * 004274b0 |. b9 01000000 mov ecx,0x1 + * 004274b5 |. 3c 20 cmp al,0x20 + * 004274b7 |. 7d 68 jge short sekajyo_.00427521 + * 004274b9 |. 0fbec0 movsx eax,al + * 004274bc |. 83c0 fe add eax,-0x2 ; switch (cases 2..8) + * + * Sample game: FORTUNE ARTERIAL + * ITH hooked function: BGI#2 sub_41EBD0, called by 0x4207e0 + * + * 0041ebcd 90 nop + * 0041ebce 90 nop + * 0041ebcf 90 nop + * 004207e0 /$ 81ec 30090000 sub esp,0x930 ; jichi: function starts + * 004207e6 |. 8b8424 5409000>mov eax,dword ptr ss:[esp+0x954] + * 004207ed |. 56 push esi + * 004207ee |. 8d8c24 0401000>lea ecx,dword ptr ss:[esp+0x104] + * 004207f5 |. 50 push eax + * 004207f6 |. 51 push ecx + * 004207f7 |. 8b0d 48634900 mov ecx,dword ptr ds:[0x496348] + * 004207fd |. e8 ee47feff call bgi.00404ff0 + * 00420802 |. 33f6 xor esi,esi + * 00420804 |. 894424 54 mov dword ptr ss:[esp+0x54],eax + * 00420808 |. 3bc6 cmp eax,esi + * 0042080a |. 0f84 94080000 je bgi.004210a4 + * 00420810 |. 53 push ebx + * 00420811 |. 55 push ebp + * 00420812 |. 8bac24 4809000>mov ebp,dword ptr ss:[esp+0x948] + * 00420819 |. 57 push edi + * 0042081a |. 897424 54 mov dword ptr ss:[esp+0x54],esi + * 0042081e |. 897424 10 mov dword ptr ss:[esp+0x10],esi + * 00420822 |. 8a45 00 mov al,byte ptr ss:[ebp] + * 00420825 |. 3c 20 cmp al,0x20 + * 00420827 |. 7d 69 jge short bgi.00420892 + * 00420829 |. 0fbec0 movsx eax,al + * 0042082c |. 83c0 fe add eax,-0x2 ; switch (cases 2..8) + * 0042082f |. 83f8 06 cmp eax,0x6 + * 00420832 |. 77 5e ja short bgi.00420892 + * 00420834 |. ff2485 ac10420>jmp dword ptr ds:[eax*4+0x4210ac] + * 0042083b |> c74424 54 0100>mov dword ptr ss:[esp+0x54],0x1 ; case 2 of switch 0042082c + * 00420843 |. eb 45 jmp short bgi.0042088a + * 00420845 |> 8d5424 1c lea edx,dword ptr ss:[esp+0x1c] ; case 4 of switch 0042082c + * 00420849 |. 68 0c424800 push bgi.0048420c + * 0042084e |. 52 push edx + * 0042084f |. eb 29 jmp short bgi.0042087a + * 00420851 |> 68 08424800 push bgi.00484208 ; case 5 of switch 0042082c + * 00420856 |. eb 1d jmp short bgi.00420875 + * 00420858 |> 8d4c24 1c lea ecx,dword ptr ss:[esp+0x1c] ; case 6 of switch 0042082c + * 0042085c |. 68 04424800 push bgi.00484204 + * 00420861 |. 51 push ecx + * 00420862 |. eb 16 jmp short bgi.0042087a + * 00420864 |> 8d5424 1c lea edx,dword ptr ss:[esp+0x1c] ; case 7 of switch 0042082c + * 00420868 |. 68 00424800 push bgi.00484200 + * 0042086d |. 52 push edx + * 0042086e |. eb 0a jmp short bgi.0042087a + * 00420870 |> 68 fc414800 push bgi.004841fc ; case 8 of switch 0042082c + * 00420875 |> 8d4424 20 lea eax,dword ptr ss:[esp+0x20] + * 00420879 |. 50 push eax + * 0042087a |> c74424 18 0100>mov dword ptr ss:[esp+0x18],0x1 + * 00420882 |. e8 b9a7ffff call bgi.0041b040 + * 00420887 |. 83c4 08 add esp,0x8 + * 0042088a |> 45 inc ebp + * 0042088b |. 89ac24 4c09000>mov dword ptr ss:[esp+0x94c],ebp + * 00420892 |> 8b9c24 3001000>mov ebx,dword ptr ss:[esp+0x130] ; default case of switch 0042082c + * 00420899 |. 8d8c24 1001000>lea ecx,dword ptr ss:[esp+0x110] + * 004208a0 |. 51 push ecx + * 004208a1 |. 895c24 70 mov dword ptr ss:[esp+0x70],ebx + * 004208a5 |. e8 76080000 call bgi.00421120 + * 004208aa |. 894424 34 mov dword ptr ss:[esp+0x34],eax + * 004208ae |. 8b8424 5409000>mov eax,dword ptr ss:[esp+0x954] + * 004208b5 |. 83c4 04 add esp,0x4 + * 004208b8 |. 3bc6 cmp eax,esi + * 004208ba |. 74 0f je short bgi.004208cb + * 004208bc |. 53 push ebx + * 004208bd |. e8 7e080000 call bgi.00421140 + */ + ULONG search1(ULONG startAddress, ULONG stopAddress) + { + //return 0x4207e0; // FORTUNE ARTERIAL + //const BYTE bytes[] = { + // 0x8a,0x45, 0x00, // 00420822 |. 8a45 00 mov al,byte ptr ss:[ebp] + // 0x3c, 0x20, // 00420825 |. 3c 20 cmp al,0x20 + // 0x7d, 0x69, // 00420827 |. 7d 69 jge short bgi.00420892 + // 0x0f,0xbe,0xc0, // 00420829 |. 0fbec0 movsx eax,al + // 0x83,0xc0, 0xfe, // 0042082c |. 83c0 fe add eax,-0x2 ; switch (cases 2..8) + // 0x83,0xf8, 0x06, // 0042082f |. 83f8 06 cmp eax,0x6 + // 0x77, 0x5e // 00420832 |. 77 5e ja short bgi.00420892 + //}; + //enum { hook_offset = 0x4207e0 - 0x420822 }; // distance to the beginning of the function + + const uint8_t bytes[] = { // 0fafcbf7e9c1fa058bc2c1e81f03d08bfa85ff + 0x0f,0xaf,0xcb, // 004208de |. 0fafcb imul ecx,ebx + 0xf7,0xe9, // 004208e1 |. f7e9 imul ecx + 0xc1,0xfa, 0x05, // 004208e3 |. c1fa 05 sar edx,0x5 + 0x8b,0xc2, // 004208e6 |. 8bc2 mov eax,edx + 0xc1,0xe8, 0x1f, // 004208e8 |. c1e8 1f shr eax,0x1f + 0x03,0xd0, // 004208eb |. 03d0 add edx,eax + 0x8b,0xfa, // 004208ed |. 8bfa mov edi,edx + 0x85,0xff, // 004208ef |. 85ff test edi,edi + }; + //enum { hook_offset = 0x4207e0 - 0x4208de }; // distance to the beginning of the function + //ULONG range = qMin(stopAddress - startAddress, Engine::MaximumMemoryRange); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if (!addr) + //ConsoleOutput("BGI2: pattern not found"); + return 0; + enum : WORD { + sub_esp = 0xec81 // 004207e0 /$ 81ec 30090000 + , push_ff = 0xff6a // 00427450 /$ 6a ff push -0x1, seh handler + }; + for (int i = 0; i < 300; i++, addr--) + if (*(WORD *)addr == sub_esp) { // beginning of the function without seh + + // Sample game: 世界征服彼女 with SEH + // 00427450 /$ 6a ff push -0x1 + // 00427452 |. 68 78634900 push sekajyo_.00496378 ; se handler installation + // 00427457 |. 64:a1 00000000 mov eax,dword ptr fs:[0] + // 0042745d |. 50 push eax + // 0042745e |. 64:8925 000000>mov dword ptr fs:[0],esp + // 00427465 |. 81ec d80c0000 sub esp,0xcd8 + // + // 0x00427465 - 0x00427450 == 21 + ULONG seh_addr = addr; + for (int j = 0; j < 40; j++, seh_addr--) + if (*(WORD *)seh_addr == push_ff) // beginning of the function with seh + return seh_addr; + return addr; + } + + return 0; + } + + /** + * jichi 2/5/2014: Add an alternative BGI hook + * + * Issue: This hook cannot extract character name for コトバの消えた日 + * + * See: http://tieba.baidu.com/p/2845113296 + * 世界と世界の真ん中で + * - /HSN4@349E0:sekachu.exe // Disabled BGI3, floating split char + * - /HS-1C:-4@68E56 // Not used, cannot detect character name + * - /HSC@34C80:sekachu.exe // BGI2, extract both scenario and character names + * + * [Lump of Sugar] 世界と世界の真ん中で + * /HSC@34C80:sekachu.exe + * - addr: 216192 = 0x34c80 + * - module: 3599131534 + * - off: 12 = 0xc + * - type: 65 = 0x41 + * + * base: 0x11a0000 + * hook_addr = base + addr = 0x11d4c80 + * + * 011d4c7e cc int3 + * 011d4c7f cc int3 + * 011d4c80 /$ 55 push ebp ; jichi: hook here + * 011d4c81 |. 8bec mov ebp,esp + * 011d4c83 |. 6a ff push -0x1 + * 011d4c85 |. 68 e6592601 push sekachu.012659e6 + * 011d4c8a |. 64:a1 00000000 mov eax,dword ptr fs:[0] + * 011d4c90 |. 50 push eax + * 011d4c91 |. 81ec 300d0000 sub esp,0xd30 + * 011d4c97 |. a1 d8c82801 mov eax,dword ptr ds:[0x128c8d8] + * 011d4c9c |. 33c5 xor eax,ebp + * 011d4c9e |. 8945 f0 mov dword ptr ss:[ebp-0x10],eax + * 011d4ca1 |. 53 push ebx + * 011d4ca2 |. 56 push esi + * 011d4ca3 |. 57 push edi + * 011d4ca4 |. 50 push eax + * 011d4ca5 |. 8d45 f4 lea eax,dword ptr ss:[ebp-0xc] + * 011d4ca8 |. 64:a3 00000000 mov dword ptr fs:[0],eax + * 011d4cae |. 8b4d 0c mov ecx,dword ptr ss:[ebp+0xc] + * 011d4cb1 |. 8b55 18 mov edx,dword ptr ss:[ebp+0x18] + * 011d4cb4 |. 8b45 08 mov eax,dword ptr ss:[ebp+0x8] + * 011d4cb7 |. 8b5d 10 mov ebx,dword ptr ss:[ebp+0x10] + * 011d4cba |. 8b7d 38 mov edi,dword ptr ss:[ebp+0x38] + * 011d4cbd |. 898d d8f3ffff mov dword ptr ss:[ebp-0xc28],ecx + * 011d4cc3 |. 8b4d 28 mov ecx,dword ptr ss:[ebp+0x28] + * 011d4cc6 |. 8995 9cf3ffff mov dword ptr ss:[ebp-0xc64],edx + * 011d4ccc |. 51 push ecx + * 011d4ccd |. 8b0d 305c2901 mov ecx,dword ptr ds:[0x1295c30] + * 011d4cd3 |. 8985 e0f3ffff mov dword ptr ss:[ebp-0xc20],eax + * 011d4cd9 |. 8b45 1c mov eax,dword ptr ss:[ebp+0x1c] + * 011d4cdc |. 8d95 4cf4ffff lea edx,dword ptr ss:[ebp-0xbb4] + * 011d4ce2 |. 52 push edx + * 011d4ce3 |. 899d 40f4ffff mov dword ptr ss:[ebp-0xbc0],ebx + * 011d4ce9 |. 8985 1cf4ffff mov dword ptr ss:[ebp-0xbe4],eax + * 011d4cef |. 89bd f0f3ffff mov dword ptr ss:[ebp-0xc10],edi + * 011d4cf5 |. e8 862efdff call sekachu.011a7b80 + * 011d4cfa |. 33c9 xor ecx,ecx + * 011d4cfc |. 8985 60f3ffff mov dword ptr ss:[ebp-0xca0],eax + * 011d4d02 |. 3bc1 cmp eax,ecx + * 011d4d04 |. 0f84 0f1c0000 je sekachu.011d6919 + * 011d4d0a |. e8 31f6ffff call sekachu.011d4340 + * 011d4d0f |. e8 6cf8ffff call sekachu.011d4580 + * 011d4d14 |. 8985 64f3ffff mov dword ptr ss:[ebp-0xc9c],eax + * 011d4d1a |. 8a03 mov al,byte ptr ds:[ebx] + * 011d4d1c |. 898d 90f3ffff mov dword ptr ss:[ebp-0xc70],ecx + * 011d4d22 |. 898d 14f4ffff mov dword ptr ss:[ebp-0xbec],ecx + * 011d4d28 |. 898d 38f4ffff mov dword ptr ss:[ebp-0xbc8],ecx + * 011d4d2e |. 8d71 01 lea esi,dword ptr ds:[ecx+0x1] + * 011d4d31 |. 3c 20 cmp al,0x20 + * 011d4d33 |. 7d 75 jge short sekachu.011d4daa + * 011d4d35 |. 0fbec0 movsx eax,al + * 011d4d38 |. 83c0 fe add eax,-0x2 ; switch (cases 2..8) + * 011d4d3b |. 83f8 06 cmp eax,0x6 + * 011d4d3e |. 77 6a ja short sekachu.011d4daa + * 011d4d40 |. ff2485 38691d0>jmp dword ptr ds:[eax*4+0x11d6938] + */ + ULONG search2(ULONG startAddress, ULONG stopAddress) + { + //return startAddress + 0x31850; // 世界と世界の真ん中 体験版 + const uint8_t bytes[] = { // 3c207d750fbec083c0fe83f806776a + 0x3c, 0x20, // 011d4d31 |. 3c 20 cmp al,0x20 + 0x7d, 0x75, // 011d4d33 |. 7d 75 jge short sekachu.011d4daa + 0x0f,0xbe,0xc0, // 011d4d35 |. 0fbec0 movsx eax,al + 0x83,0xc0, 0xfe, // 011d4d38 |. 83c0 fe add eax,-0x2 ; switch (cases 2..8) + 0x83,0xf8, 0x06, // 011d4d3b |. 83f8 06 cmp eax,0x6 + 0x77, 0x6a // 011d4d3e |. 77 6a ja short sekachu.011d4daa + }; + enum { hook_offset = 0x34c80 - 0x34d31 }; // distance to the beginning of the function + //ULONG range = qMin(stopAddress - startAddress, Engine::MaximumMemoryRange); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if (!addr) + //ConsoleOutput("BGI2: pattern not found"); + return 0; + + addr += hook_offset; + enum : uint8_t { push_ebp = 0x55 }; // 011d4c80 /$ 55 push ebp + if (*(uint8_t *)addr != push_ebp) + //ConsoleOutput("BGI2: pattern found but the function offset is invalid"); + return 0; + + return addr; + } + + /** + * Sample Game: type 3: 蒼の彼方 体験版 (8/6/2014) + * 01312cce cc int3 ; jichi: reladdr = 0x32cd0 + * 01312ccf cc int3 + * 01312cd0 $ 55 push ebp + * 01312cd1 . 8bec mov ebp,esp + * 01312cd3 . 83e4 f8 and esp,0xfffffff8 + * 01312cd6 . 6a ff push -0x1 + * 01312cd8 . 68 86583a01 push 蒼の彼方.013a5886 + * 01312cdd . 64:a1 00000000 mov eax,dword ptr fs:[0] + * 01312ce3 . 50 push eax + * 01312ce4 . 81ec 38090000 sub esp,0x938 + * 01312cea . a1 24673c01 mov eax,dword ptr ds:[0x13c6724] + * 01312cef . 33c4 xor eax,esp + * 01312cf1 . 898424 3009000>mov dword ptr ss:[esp+0x930],eax + * 01312cf8 . 53 push ebx + * 01312cf9 . 56 push esi + * 01312cfa . 57 push edi + * 01312cfb . a1 24673c01 mov eax,dword ptr ds:[0x13c6724] + * 01312d00 . 33c4 xor eax,esp + * 01312d02 . 50 push eax + * 01312d03 . 8d8424 4809000>lea eax,dword ptr ss:[esp+0x948] + * 01312d0a . 64:a3 00000000 mov dword ptr fs:[0],eax + * 01312d10 . 8b45 08 mov eax,dword ptr ss:[ebp+0x8] + * 01312d13 . 8b7d 0c mov edi,dword ptr ss:[ebp+0xc] + * 01312d16 . 8b5d 30 mov ebx,dword ptr ss:[ebp+0x30] + * 01312d19 . 898424 8800000>mov dword ptr ss:[esp+0x88],eax + * 01312d20 . 8b45 14 mov eax,dword ptr ss:[ebp+0x14] + * 01312d23 . 898c24 8c00000>mov dword ptr ss:[esp+0x8c],ecx + * 01312d2a . 8b0d a8734a01 mov ecx,dword ptr ds:[0x14a73a8] + * 01312d30 . 894424 4c mov dword ptr ss:[esp+0x4c],eax + * 01312d34 . 899424 bc00000>mov dword ptr ss:[esp+0xbc],edx + * 01312d3b . 8b55 20 mov edx,dword ptr ss:[ebp+0x20] + * 01312d3e . 51 push ecx ; /arg1 => 00000000 + * 01312d3f . 8d8424 0c02000>lea eax,dword ptr ss:[esp+0x20c] ; | + * 01312d46 . 897c24 34 mov dword ptr ss:[esp+0x34],edi ; | + * 01312d4a . 899c24 8800000>mov dword ptr ss:[esp+0x88],ebx ; | + * 01312d51 . e8 ca59fdff call 蒼の彼方.012e8720 ; \蒼の彼方.012e8720 + * 01312d56 . 33c9 xor ecx,ecx + * 01312d58 . 898424 f400000>mov dword ptr ss:[esp+0xf4],eax + * 01312d5f . 3bc1 cmp eax,ecx + * 01312d61 . 0f84 391b0000 je 蒼の彼方.013148a0 + * 01312d67 . e8 54280000 call 蒼の彼方.013155c0 + * 01312d6c . e8 7f2a0000 call 蒼の彼方.013157f0 + * 01312d71 . 898424 f800000>mov dword ptr ss:[esp+0xf8],eax + * 01312d78 . 8a07 mov al,byte ptr ds:[edi] + * 01312d7a . 898c24 c400000>mov dword ptr ss:[esp+0xc4],ecx + * 01312d81 . 894c24 2c mov dword ptr ss:[esp+0x2c],ecx + * 01312d85 . 894c24 1c mov dword ptr ss:[esp+0x1c],ecx + * 01312d89 . b9 01000000 mov ecx,0x1 + * 01312d8e . 3c 20 cmp al,0x20 ; jichi: pattern starts + * 01312d90 . 7d 58 jge short 蒼の彼方.01312dea + * 01312d92 . 0fbec0 movsx eax,al + * 01312d95 . 83c0 fe add eax,-0x2 ; switch (cases 2..8) + * 01312d98 . 83f8 06 cmp eax,0x6 + * 01312d9b . 77 4d ja short 蒼の彼方.01312dea + * 01312d9d . ff2485 c448310>jmp dword ptr ds:[eax*4+0x13148c4] + * 01312da4 > 898c24 c400000>mov dword ptr ss:[esp+0xc4],ecx ; case 2 of switch 01312d95 + * 01312dab . 03f9 add edi,ecx + * 01312dad . eb 37 jmp short 蒼の彼方.01312de6 + * 01312daf > 894c24 2c mov dword ptr ss:[esp+0x2c],ecx ; case 3 of switch 01312d95 + * 01312db3 . 03f9 add edi,ecx + * 01312db5 . eb 2f jmp short 蒼の彼方.01312de6 + * 01312db7 > ba e0103b01 mov edx,蒼の彼方.013b10e0 ; case 4 of switch 01312d95 + * 01312dbc . eb 1a jmp short 蒼の彼方.01312dd8 + * 01312dbe > ba e4103b01 mov edx,蒼の彼方.013b10e4 ; case 5 of switch 01312d95 + * 01312dc3 . eb 13 jmp short 蒼の彼方.01312dd8 + * 01312dc5 > ba e8103b01 mov edx,蒼の彼方.013b10e8 ; case 6 of switch 01312d95 + * 01312dca . eb 0c jmp short 蒼の彼方.01312dd8 + * 01312dcc > ba ec103b01 mov edx,蒼の彼方.013b10ec ; case 7 of switch 01312d95 + * 01312dd1 . eb 05 jmp short 蒼の彼方.01312dd8 + * 01312dd3 > ba f0103b01 mov edx,蒼の彼方.013b10f0 ; case 8 of switch 01312d95 + * 01312dd8 > 8d7424 14 lea esi,dword ptr ss:[esp+0x14] + * 01312ddc . 894c24 1c mov dword ptr ss:[esp+0x1c],ecx + * 01312de0 . e8 1b8dffff call 蒼の彼方.0130bb00 + * 01312de5 . 47 inc edi + * 01312de6 > 897c24 30 mov dword ptr ss:[esp+0x30],edi + * 01312dea > 8d8424 0802000>lea eax,dword ptr ss:[esp+0x208] ; default case of switch 01312d95 + * 01312df1 . e8 ba1b0000 call 蒼の彼方.013149b0 + * 01312df6 . 837d 10 00 cmp dword ptr ss:[ebp+0x10],0x0 + * 01312dfa . 8bb424 2802000>mov esi,dword ptr ss:[esp+0x228] + * 01312e01 . 894424 5c mov dword ptr ss:[esp+0x5c],eax + * 01312e05 . 74 12 je short 蒼の彼方.01312e19 + * 01312e07 . 56 push esi ; /arg1 + * 01312e08 . e8 c31b0000 call 蒼の彼方.013149d0 ; \蒼の彼方.013149d0 + * 01312e0d . 83c4 04 add esp,0x4 + * 01312e10 . 898424 c000000>mov dword ptr ss:[esp+0xc0],eax + * 01312e17 . eb 0b jmp short 蒼の彼方.01312e24 + * 01312e19 > c78424 c000000>mov dword ptr ss:[esp+0xc0],0x0 + * 01312e24 > 8b4b 04 mov ecx,dword ptr ds:[ebx+0x4] + * 01312e27 . 0fafce imul ecx,esi + * 01312e2a . b8 1f85eb51 mov eax,0x51eb851f + * 01312e2f . f7e9 imul ecx + * 01312e31 . c1fa 05 sar edx,0x5 + * 01312e34 . 8bca mov ecx,edx + * 01312e36 . c1e9 1f shr ecx,0x1f + * 01312e39 . 03ca add ecx,edx + * 01312e3b . 894c24 70 mov dword ptr ss:[esp+0x70],ecx + * 01312e3f . 85c9 test ecx,ecx + * 01312e41 . 7f 09 jg short 蒼の彼方.01312e4c + * 01312e43 . b9 01000000 mov ecx,0x1 + * 01312e48 . 894c24 70 mov dword ptr ss:[esp+0x70],ecx + * 01312e4c > 8b53 08 mov edx,dword ptr ds:[ebx+0x8] + * 01312e4f . 0fafd6 imul edx,esi + * 01312e52 . b8 1f85eb51 mov eax,0x51eb851f + * 01312e57 . f7ea imul edx + * 01312e59 . c1fa 05 sar edx,0x5 + * 01312e5c . 8bc2 mov eax,edx + * 01312e5e . c1e8 1f shr eax,0x1f + * 01312e61 . 03c2 add eax,edx + * 01312e63 . 894424 78 mov dword ptr ss:[esp+0x78],eax + * 01312e67 . 85c0 test eax,eax + * 01312e69 . 7f 09 jg short 蒼の彼方.01312e74 + * 01312e6b . b8 01000000 mov eax,0x1 + * 01312e70 . 894424 78 mov dword ptr ss:[esp+0x78],eax + * 01312e74 > 33d2 xor edx,edx + * 01312e76 . 895424 64 mov dword ptr ss:[esp+0x64],edx + * 01312e7a . 895424 6c mov dword ptr ss:[esp+0x6c],edx + * 01312e7e . 8b13 mov edx,dword ptr ds:[ebx] + * 01312e80 . 4a dec edx ; switch (cases 1..2) + * 01312e81 . 74 0e je short 蒼の彼方.01312e91 + * 01312e83 . 4a dec edx + * 01312e84 . 75 13 jnz short 蒼の彼方.01312e99 + * 01312e86 . 8d1409 lea edx,dword ptr ds:[ecx+ecx] ; case 2 of switch 01312e80 + * 01312e89 . 895424 64 mov dword ptr ss:[esp+0x64],edx + * 01312e8d . 03c0 add eax,eax + * 01312e8f . eb 04 jmp short 蒼の彼方.01312e95 + * 01312e91 > 894c24 64 mov dword ptr ss:[esp+0x64],ecx ; case 1 of switch 01312e80 + * 01312e95 > 894424 6c mov dword ptr ss:[esp+0x6c],eax + * 01312e99 > 8b9c24 3802000>mov ebx,dword ptr ss:[esp+0x238] ; default case of switch 01312e80 + * 01312ea0 . 8bc3 mov eax,ebx + * 01312ea2 . e8 d98bffff call 蒼の彼方.0130ba80 + * 01312ea7 . 8bc8 mov ecx,eax + * 01312ea9 . 8bc3 mov eax,ebx + * 01312eab . e8 e08bffff call 蒼の彼方.0130ba90 + * 01312eb0 . 6a 01 push 0x1 ; /arg1 = 00000001 + * 01312eb2 . 8bd0 mov edx,eax ; | + * 01312eb4 . 8db424 1c01000>lea esi,dword ptr ss:[esp+0x11c] ; | + * 01312ebb . e8 3056fdff call 蒼の彼方.012e84f0 ; \蒼の彼方.012e84f0 + * 01312ec0 . 8bc7 mov eax,edi + * 01312ec2 . 83c4 04 add esp,0x4 + * 01312ec5 . 8d70 01 lea esi,dword ptr ds:[eax+0x1] + * 01312ec8 > 8a08 mov cl,byte ptr ds:[eax] + * 01312eca . 40 inc eax + * 01312ecb . 84c9 test cl,cl + * 01312ecd .^75 f9 jnz short 蒼の彼方.01312ec8 + * 01312ecf . 2bc6 sub eax,esi + * 01312ed1 . 40 inc eax + * 01312ed2 . 50 push eax + * 01312ed3 . e8 e74c0600 call 蒼の彼方.01377bbf + * 01312ed8 . 33f6 xor esi,esi + * 01312eda . 83c4 04 add esp,0x4 + */ +ULONG search3(ULONG startAddress, ULONG stopAddress) + { + //return startAddress + 0x31850; // 世界と世界の真ん中 体験版 + const uint8_t bytes[] = { // 3c207d580fbec083c0fe83f806774d + 0x3c, 0x20, // 01312d8e 3c 20 cmp al,0x20 ; jichi: pattern starts + 0x7d, 0x58, // 01312d90 7d 58 jge short 蒼の彼方.01312dea + 0x0f,0xbe,0xc0, // 01312d92 0fbec0 movsx eax,al + 0x83,0xc0, 0xfe, // 01312d95 83c0 fe add eax,-0x2 ; switch (cases 2..8) + 0x83,0xf8, 0x06, // 01312d98 83f8 06 cmp eax,0x6 + 0x77, 0x4d // 01312d9b 77 4d ja short 蒼の彼方.01312dea + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if (!addr) + return 0; + + // distance to the beginning of the function + static const int hook_offsets[] = { + 0x01312cd0 - 0x01312d8e // for new BGI2 game since 蒼の彼方 (2014/08), text is in arg2 + , 0x00a64260 - 0x00a64318 // For newer BGI2 game since コドモノアソビ (2015/11) + }; + enum { hook_offset_count = sizeof(hook_offsets) / sizeof(*hook_offsets) }; + + for (size_t i = 0; i < hook_offset_count; i++) { + int hook_offset = hook_offsets[i]; + + enum : uint8_t { push_ebp = 0x55 }; // 011d4c80 /$ 55 push ebp + if (*(uint8_t *)(addr + hook_offset) == push_ebp) + return addr + hook_offset; + } + return 0; // failed + } +ULONG search_bgi3(ULONG startAddress, ULONG stopAddress ) + { + //黄昏のフォルクローレ + /* .text:00C3A700 push ebp + .text : 00C3A701 mov ebp, esp + .text : 00C3A703 push[ebp + arg_30] + .text : 00C3A706 mov edx, [ebp + arg_4] + .text : 00C3A709 push[ebp + arg_2C] + .text : 00C3A70C mov ecx, [ebp + arg_0] + .text : 00C3A70F push[ebp + arg_28] + .text : 00C3A712 push[ebp + arg_24] + .text : 00C3A715 push[ebp + arg_20] + .text : 00C3A718 push[ebp + arg_1C] + .text : 00C3A71B push[ebp + arg_18] + .text : 00C3A71E push[ebp + arg_14] + .text : 00C3A721 push[ebp + arg_10] + .text : 00C3A724 push[ebp + arg_C] + .text : 00C3A727 push[ebp + arg_8] + .text : 00C3A72A call loc_C3A740 + int __stdcall sub_C3A700( + int a1, + int a2, + int a3, + int a4, + int a5, + int a6, + int a7, + int a8, + int a9, + int a10, + int a11, + int a12, + int a13) + + */ + const uint8_t bytes[] = { + 0x55, + 0x8b,0xec, + 0xff,0x75,0x38, + 0x8b,0x55,0x0c, + 0xff,0x75,0x34, + 0x8b,0x4d,0x08, + 0xff,0x75,0x30 + }; + ULONG range = min(ULONG(stopAddress - startAddress), ULONG(0x00300000)); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, startAddress + range); + if (addr == 0)return 0; + return addr; + } +bool search_tayutama(DWORD *funaddr,DWORD *addr){ + const BYTE bytes[] = { + // The following code does not exist in newer BGI games after BGI 1.633.0.0 (tayutama2_trial_EX) + //0x3c, 0x20, // 011d4d31 |. 3c 20 cmp al,0x20 + //0x7d, XX, // 011d4d33 |. 7d 75 jge short sekachu.011d4daa ; jichi: 0x75 or 0x58 + 0x0f,0xbe,0xc0, // 011d4d35 |. 0fbec0 movsx eax,al + 0x83,0xc0, 0xfe, // 011d4d38 |. 83c0 fe add eax,-0x2 ; switch (cases 2..8) + 0x83,0xf8//, 0x06 // 011d4d3b |. 83f8 06 cmp eax,0x6 + // The following code does not exist in newer BGI games after 蒼の彼方 + //0x77, 0x6a // 011d4d3e |. 77 6a ja short sekachu.011d4daa + }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + * addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + //GROWL_DWORD(reladdr); + if (!*addr) { + return false; + } + + * funaddr = MemDbg::findEnclosingAlignedFunction(*addr, 0x300); // range is around 177 ~ 190 + + enum : BYTE { push_ebp = 0x55 }; // 011d4c80 /$ 55 push ebp + if (!*funaddr || *(BYTE *)*funaddr != push_ebp) { + return false; + } + return true; +} +bool InsertBGI2Hook() +{ + + /* Artikash 6/14/2019: Ugh, what a mess I've dug up... + At some point the beginning four bytes to search for were removed, but the difference below were not corrected? Or maybe they were? + I don't have all these games so no way to confirm which (if any) are wrong. + But the first difference (the important one since it's the one detecting offset=arg3, all others give new) seems to be four bytes off when hooking https://vndb.org/v8158 + ...but maybe it's not? Maybe I discovered a new difference? + I think the safest option is to just add the new? difference as a case that detects offset=arg3 since either way one case will detect offset=arg3 correctly. + And all the other cases fall through to offset=arg2. + */ + ULONG addr , funaddr;HookParam hp; + hp.hook_font=F_TextOutA|F_TextOutW; + if (addr=search_bgi3(processStartAddress, processStopAddress)){ + //有乱码,无法处理。 + Private::textIndex_ = 3; + hp.offset=get_stack(Private::textIndex_); + Private::type_ = Private::Type_BGI3; + hp.hook_font|=F_GetTextExtentPoint32W; + } + else if ( search_tayutama(&funaddr,&addr)) { + + switch (funaddr - addr) { + // for old BGI2 game, text is arg3 + case 0x34c80 - 0x34d31: // old offset + case 0x34c50 - 0x34d05: // correction as mentioned above + Private::textIndex_ = 3; + break; + // for new BGI2 game since 蒼の彼方 (2014/08), text is in arg2 + case 0x01312cd0 - 0x01312D92: + // For newer BGI2 game since コドモノアソビ (2015/11) + case 0x00A64260 - 0x00A6431C: + // For latest BGI2 game since タユタマ2(2016/05) by @mireado + case 0x00E95290 - 0x00E95349: + // For latest BGI2 game since 千の刃濤、桃花染の皇姫 体験版 by @mireado + case 0x00AF5640 - 0x00AF56FF: + // For latest BGI2 game since by BGI 1.633.0.0 @mireado + case 0x00D8A660 - 0x00D8A73A: + Private::textIndex_ = 2; + break; + // Artikash 8/1/2018: Looks like it's basically always 4*2. Remove error from default case: breaks SubaHibi HD. Will figure out how to do this properly if it becomes an issue. + default: + ConsoleOutput("BGI2 WARN: function-code distance unknown"); + Private::textIndex_ = 2; + break; + } + Private::type_ = Private::Type3; + addr = funaddr; + } + else if (addr =search3(processStartAddress, processStopAddress)) { + Private::type_ = Private::Type3; + Private::textIndex_ = 2; // use arg2, name = "BGI2"; + }else if (addr = search2(processStartAddress, processStopAddress)) { + Private::type_ = Private::Type2; + Private::textIndex_ = 3; // use arg3, name = "BGI2"; + } else if (addr =search1(processStartAddress, processStopAddress)) { + Private::type_ = Private::Type1; + Private::textIndex_ = 3; // use arg3, name = "BGI"; + } + if(addr==0)return false; + hp.address = addr; + hp.offset=get_stack(Private::textIndex_); + // jichi 5/12/2014: Using split could distinguish name and choices. But the signature might become unstable + hp.type = USING_STRING|USING_SPLIT|EMBED_ABLE|EMBED_DYNA_SJIS|EMBED_AFTER_NEW; + + hp.hook_before=Private::hookBefore; + hp.filter_fun=[](void* data, size_t* len, HookParam* hp){ + // It could be either or + static const std::regex rx("(.+?)", std::regex_constants::icase); + std::string result = std::string((char*)data,*len); + result = std::regex_replace(result, rx, "$1"); + *len = (result.size()); + strcpy((char*)data, result.c_str());return true; + } ; + + hp.split = get_stack(8); // pseudo arg8 + + //GROWL_DWORD2(hp.address, processStartAddress); + + + + + return NewHook(hp, "EmbedBGI"); +} + +bool InsertBGI3Hook() +{ + /* + * Sample games: + * https://vndb.org/v28283 + * https://vndb.org/v30456 + * https://vndb.org/v33996 + * https://vndb.org/v34532 + * https://vndb.org/v36131 + */ + bool found = false; + const BYTE pattern[] = { + 0x55, // 55 push ebp + 0x8b,0xec, // 8BEC mov ebp,esp + 0x83,0xe4, 0xf8, // 83E4 F8 and esp,FFFFFFF8 + 0x81,0xec, 0x84,0x00,0x00,0x00 // 81EC 84000000 sub esp,0x84 + }; + + for (auto addr : Util::SearchMemory(pattern, sizeof(pattern), PAGE_EXECUTE, processStartAddress, processStopAddress)) + { + HookParam hp; + hp.address = addr; + hp.offset=get_stack(2); + hp.split =get_stack(1); + hp.type = CODEC_UTF16 | USING_SPLIT; + ConsoleOutput("INSERT BGI3"); + found|=NewHook(hp, "BGI3"); + } + if (!found) ConsoleOutput("BGI3: pattern not found"); + return found; +} + +#if 0 +/** + * jichi 1/31/2014: Add a new BGI hook + * See: http://www.hongfire.com/forum/showthread.php/36807-AGTH-text-extraction-tool-for-games-translation/page702 + * See: http://www.hongfire.com/forum/showthread.php/36807-AGTH-text-extraction-tool-for-games-translation/page716 + * + * Issue: This hook has floating split char + * + * [ぷちけろ] コトバの消えた日 �忁�で裸にする純�調教~体験版 + * /HS-1C:-4@68E56:BGI.exe + * - addr: 429654 (0x68e56) + * - module: 3927275266 (0xea157702) + * - off: 4294967264 = 0xffffffe0 = -0x20 + * - split: 4294967288 = 0xfffffff8 = -0x8 + * - type: 81 = 0x51 + * + * 00e88e3d cc int3 + * 00e88e3e cc int3 + * 00e88e3f cc int3 + * 00e88e40 /. 55 push ebp + * 00e88e41 |. 8bec mov ebp,esp + * 00e88e43 |. 56 push esi + * 00e88e44 |. 57 push edi + * 00e88e45 |. 8b7d 08 mov edi,dword ptr ss:[ebp+0x8] + * 00e88e48 |. 57 push edi + * 00e88e49 |. e8 c28a0100 call bgi.00ea1910 + * 00e88e4e |. 57 push edi ; |arg1 + * 00e88e4f |. 8bf0 mov esi,eax ; | + * 00e88e51 |. e8 ba8a0100 call bgi.00ea1910 ; \bgi.00ea1910 + * 00e88e56 |. 83c4 08 add esp,0x8 ; jichi: hook here + * 00e88e59 |. 2bc6 sub eax,esi + * 00e88e5b |. eb 03 jmp short bgi.00e88e60 + * 00e88e5d | 8d49 00 lea ecx,dword ptr ds:[ecx] + * 00e88e60 |> 8a0e /mov cl,byte ptr ds:[esi] + * 00e88e62 |. 880c30 |mov byte ptr ds:[eax+esi],cl + * 00e88e65 |. 46 |inc esi + * 00e88e66 |. 84c9 |test cl,cl + * 00e88e68 |.^75 f6 \jnz short bgi.00e88e60 + * 00e88e6a |. 5f pop edi + * 00e88e6b |. 33c0 xor eax,eax + * 00e88e6d |. 5e pop esi + * 00e88e6e |. 5d pop ebp + * 00e88e6f \. c3 retn + */ +bool InsertBGI3Hook() +{ + const BYTE bytes[] = { + 0x83,0xc4, 0x08,// 00e88e56 |. 83c4 08 add esp,0x8 ; hook here + 0x2b,0xc6, // 00e88e59 |. 2bc6 sub eax,esi + 0xeb, 0x03, // 00e88e5b |. eb 03 jmp short bgi.00e88e60 + 0x8d,0x49, 0x00,// 00e88e5d | 8d49 00 lea ecx,dword ptr ds:[ecx] + 0x8a,0x0e, // 00e88e60 |> 8a0e /mov cl,byte ptr ds:[esi] + 0x88,0x0c,0x30, // 00e88e62 |. 880c30 |mov byte ptr ds:[eax+esi],cl + 0x46, // 00e88e65 |. 46 |inc esi + 0x84,0xc9, // 00e88e66 |. 84c9 |test cl,cl + 0x75, 0xf6 // 00e88e68 |.^75 f6 \jnz short bgi.00e88e60 + //0x5f, // 00e88e6a |. 5f pop edi + //0x33,0xc0, // 00e88e6b |. 33c0 xor eax,eax + //0x5e, // 00e88e6d |. 5e pop esi + //0x5d, // 00e88e6e |. 5d pop ebp + //0xc3 // 00e88e6f \. c3 retn + }; + //enum { addr_offset = 0 }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + //reladdr = 0x68e56; + if (!addr) { + ConsoleOutput("BGI3: pattern not found"); + return false; + } + + HookParam hp; + hp.type = USING_STRING|USING_SPLIT; + hp.offset=get_reg(regs::esi); + hp.split = get_reg(regs::eax); + hp.address = addr; + + //GROWL_DWORD2(hp.address, processStartAddress); + + ConsoleOutput("INSERT BGI3"); + + return NewHook(hp, "BGI3"); +} +#endif // 0 +} // unnamed + +// jichi 5/12/2014: BGI1 and BGI2 game can co-exist, such as 世界と世界の真ん中で +// BGI1 can exist in both old and new games +// BGI2 only exist in new games +// Insert BGI2 first. +// Artikash 6/12/2019: In newer games neither exists, but WideCharToMultiByte works, so insert that if BGI2 fails. + +bool BGI7Filter(LPVOID data, size_t *size, HookParam *) +{ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + + CharFilter(text, len, L'\x0001'); + CharFilter(text, len, L'\x0002'); + CharFilter(text, len, L'\x0003'); + CharFilter(text, len, L'\x0004'); + CharFilter(text, len, L'\x0005'); + CharFilter(text, len, L'\x000A'); + if (text[0] == L'\x3000') { + *len -= 2; + ::memmove(text, text+1, *len); + } + CharReplacer(text, len, L'\x3000', L' '); //IDSP + + if (cpp_wcsnstr(text, L"<", *len/sizeof(wchar_t))) { + StringFilterBetween(text, len, L"<", 1, L">", 1); + } + + return true; +} + +bool InsertBGI7Hook() +{ + + /* + * Sample games: + * https://vndb.org/v26664 + * https://vndb.org/v44105 + */ + bool found = false; + const BYTE pattern[] = { + 0x55, // 55 push ebp << hook here + 0x8b,0xec, // 8BEC mov ebp,esp + 0x53, // 53 push ebx + 0x56, // 56 push esi + 0x57, // 57 push edi + 0x33, 0xFF, // 33 FF xor edi,edi + 0xE8, XX4, // E8 23FDFFFF call saclet.exe+A0990 + 0x8B, 0xF0 // 8B F0 mov esi,eax + }; + + for (auto addr : Util::SearchMemory(pattern, sizeof(pattern), PAGE_EXECUTE, processStartAddress, processStopAddress)) + { + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::eax); + hp.split =get_reg(regs::esp); + hp.type = CODEC_UTF16 | USING_STRING | USING_SPLIT | KNOWN_UNSTABLE; + hp.filter_fun = BGI7Filter; + ConsoleOutput("INSERT BGI4"); + found|=NewHook(hp, "BGI4"); + } + if (!found) ConsoleOutput("BGI4: pattern not found"); + return found; +} + +bool BGI56Filter(LPVOID data, size_t *size, HookParam *) +{ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + + if (text[0] == '@') { + *len -= 1; + ::memmove(text, text + 1, *len); + } + + return true; +} + +bool InsertBGI5Hook() +{ + + /* + * Sample games: + * https://vndb.org/v473 + */ + const BYTE bytes[] = { + 0x90, // nop + 0x81, 0xEC, XX4, // sub esp,00000920 << hook here + 0x8B, 0x84, 0x24, XX4, // mov eax,[esp+00000944] + 0x55, // push ebp + 0x8D, 0x8C, 0x24, XX4 // lea ecx,[esp+000000F4] + }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) + return false; + + HookParam hp; + hp.address = addr + 1; + hp.offset=get_reg(regs::ecx); + hp.padding = 1; + hp.type = USING_STRING; + hp.filter_fun = BGI56Filter; + ConsoleOutput("INSERT BGI5"); + + return NewHook(hp, "BGI5"); +} + +bool InsertBGI6Hook() +{ + + /* + * Sample games: + * https://vndb.org/r96578 + */ + const BYTE bytes[] = { + 0x90, // nop + 0x6A, 0xFF, // push -01 << hook here + 0x68, XX4, // push BGI.exe+87AF8 + 0x64, 0xA1, 0x00, 0x00, 0x00, 0x00, // mov eax,fs:[00000000] + 0x50, // push eax + 0x64, 0x89, 0x25, 0x00, 0x00, 0x00, 0x00, // mov fs:[00000000],esp + 0x81, 0xEC, XX4, // sub esp,000009B4 + 0x8B, 0x84, 0x24, 0xE4, 0x09, 0x00, 0x00 // mov eax,[esp+000009E4] + }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) + return false; + + HookParam hp; + hp.address = addr + 1; + hp.offset=get_reg(regs::ecx); + hp.padding = 1; + hp.type = USING_STRING; + hp.filter_fun = BGI56Filter; + ConsoleOutput("INSERT BGI6"); + + return NewHook(hp, "BGI6"); +} +bool InsertBGIHook() +{ return InsertBGI2Hook() || InsertBGI3Hook() || (PcHooks::hookOtherPcFunctions(), InsertBGI1Hook()); } + + +bool InsertBGI4Hook() +{ + const BYTE bytes[] = { + 0xBE,0xE9,0xFD,0x00,0x00, //cp=65001 + XX2, + 0xBE,0xA4,0x03,0x00,0x00 //cp=932 + }; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (addr == 0)return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (addr == 0)return false; + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::eax); + hp.split = get_reg(regs::esp); + hp.type = CODEC_UTF16 | USING_STRING| USING_SPLIT ; + hp.filter_fun = BGI7Filter; + ConsoleOutput("BGI4"); + + return NewHook(hp, "BGI4"); +} +namespace{ + bool veryold(){ + //紅月-くれないつき- + //あの街の恋の詩 + auto entry=Util::FindImportEntry(processStartAddress,(DWORD)GetGlyphOutlineA); + if(entry==0)return false; + BYTE bytes[]={0xFF,0x15,XX4}; + memcpy(bytes+2,&entry,4); + BYTE bytes2[]={0x8b,XX,XX4}; //mov ebp, ds:GetGlyphOutlineA + memcpy(bytes2+2,&entry,4); //銀行淫~堕ちゆく女達~ + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (addr == 0) + addr = MemDbg::findBytes(bytes2, sizeof(bytes2), processStartAddress, processStopAddress); + if (addr == 0)return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (addr == 0)return false; + auto xrefs=findxref_reverse_checkcallop(addr,addr-0x1000,addr+0x1000,0xe8); + if(xrefs.size()!=1)return false; + auto xrefaddr=xrefs[0]; + auto funcstart = MemDbg::findEnclosingAlignedFunction(xrefaddr); + if (funcstart == 0)return false; + BYTE sig[]={0x81,XX,0x00,0x01,0x00,0x00};//cmp ebx, 100h + if(MemDbg::findBytes(sig, sizeof(sig), xrefaddr-0x40, xrefaddr)==0)return false; + HookParam hp; + hp.address = funcstart; + hp.offset=get_stack(2); + hp.split =get_stack(1); + hp.type = CODEC_ANSI_BE |USING_SPLIT; + + return NewHook(hp, "BGI5"); + + } +} + +bool BGI::attach_function() { + bool b1= InsertBGIHook(); + bool b2=InsertBGI4Hook(); + bool ok= b1||b2||veryold(); + ok=InsertBGI7Hook()|| InsertBGI5Hook() || InsertBGI6Hook()||ok; + return ok; +} \ No newline at end of file diff --git a/LunaHook/engine32/BGI.h b/LunaHook/engine32/BGI.h new file mode 100644 index 0000000..087db3a --- /dev/null +++ b/LunaHook/engine32/BGI.h @@ -0,0 +1,11 @@ +#include"engine.h" + +class BGI:public ENGINE{ + public: + BGI(){ + + check_by=CHECK_BY::FILE_ANY; + check_by_target=check_by_list{L"bgi.*",L"sysgrp.arc"}; + }; + bool attach_function(); +}; diff --git a/LunaHook/engine32/BKEngine.cpp b/LunaHook/engine32/BKEngine.cpp new file mode 100644 index 0000000..b3360b1 --- /dev/null +++ b/LunaHook/engine32/BKEngine.cpp @@ -0,0 +1,59 @@ +#include"BKEngine.h" +//https://bke.bakery.moe/download.html +namespace{ + bool _1(){ + BYTE sig[]={0x64,0xa3,0x00,0x00,0x00,0x00,0x8b,0xf1,0x8b,0x45,0x08,0x0f,0x57,0xc0,0xc7,0x06,0x02,0x00,0x00,0x00}; + auto addr=MemDbg::findBytes(sig, sizeof(sig), processStartAddress, processStopAddress); + if(addr==0)return 0; + addr=MemDbg::findEnclosingAlignedFunction(addr); + if(addr==0)return 0; + HookParam hp; + hp.address = addr; + hp.type = CODEC_UTF16|DATA_INDIRECT; + hp.index=0; + hp.offset=get_stack(1); + + return NewHook(hp, "BKEngine1"); + } + bool _2(){ + BYTE sig[]={0xb8,0xff,0x00,0x00,0x00,0x66,0x3b,0x06,0x1b,0xc0,0xf7,0xd8,0x40}; + auto addr=MemDbg::findBytes(sig, sizeof(sig), processStartAddress, processStopAddress); + if(addr==0)return 0; + addr=MemDbg::findEnclosingAlignedFunction(addr); + if(addr==0)return 0; + HookParam hp; + hp.address = addr; + hp.type = CODEC_UTF16|DATA_INDIRECT|NO_CONTEXT; + hp.index=0; + hp.offset=get_stack(1); + + return NewHook(hp, "BKEngine2"); + } + bool _3(){ + BYTE sig[]={0x6a,0xff,0x6a,0x00,0x56}; + std::unordered_mapmp; + DWORD maxaddr=0;int maxi=0; + for(auto addr:Util::SearchMemory(sig, sizeof(sig),PAGE_EXECUTE, processStartAddress, processStopAddress)){ + addr=MemDbg::findEnclosingAlignedFunction(addr); + if(addr==0)continue; + if(mp.find(addr)==mp.end())mp[addr]=0; + mp[addr]+=1; + if(mp[addr]>maxi){maxi=mp[addr];maxaddr=addr;} + } + if(maxaddr==0)return 0; + + HookParam hp; + hp.address = maxaddr; + hp.type = CODEC_UTF16|USING_STRING; + hp.offset=get_reg(regs::edx); + + return NewHook(hp, "BKEngine3"); + } +} +bool BKEngine::attach_function() { + + bool ok= _1(); + ok=_2()||ok; + ok=_3()||ok; + return ok; +} \ No newline at end of file diff --git a/LunaHook/engine32/BKEngine.h b/LunaHook/engine32/BKEngine.h new file mode 100644 index 0000000..9673648 --- /dev/null +++ b/LunaHook/engine32/BKEngine.h @@ -0,0 +1,11 @@ +#include"engine.h" + +class BKEngine:public ENGINE{ + public: + BKEngine(){ + is_engine_certain=false; + check_by=CHECK_BY::FILE; + check_by_target=L"*.bkarc"; + }; + bool attach_function(); +}; diff --git a/LunaHook/engine32/Bishop.cpp b/LunaHook/engine32/Bishop.cpp new file mode 100644 index 0000000..b2c2275 --- /dev/null +++ b/LunaHook/engine32/Bishop.cpp @@ -0,0 +1,67 @@ +#include"Bishop.h" + +bool bishopmbcjmstojis() +{ + //特別授業 + const BYTE bytes[] = { + //unsigned int __cdecl _mbcjmstojis(unsigned int C) + 0x55,0x8b,0xec, + 0x8b,0x45,0x08, //mov eax, [ebp+C] + 0x81, 0x3D,XX4, 0xA4 ,0x03 ,0x00 ,0x00, //cmp dword_4A1F0C, 3A4h //if ( dword_4A1F0C == 932 ) + XX2, + 0xa9,0x00,0x00,0xff,0xff //if ( (C & 0xFFFF0000) != 0 ) + }; + + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + + if (!addr) return false; + + HookParam hp; + hp.address = addr ; + hp.offset=get_stack(2); + hp.type = USING_SPLIT|USING_STRING; + + return NewHook(hp, "bishop"); +} +bool Bishop::attach_function() { + + return bishopmbcjmstojis(); +} + +bool Bishop2::attach_function(){ + + //三射面談~連鎖する恥辱・調教の学園~ + //特別授業3SLG + auto entry=Util::FindImportEntry(processStartAddress,(DWORD)GetGlyphOutlineW); + if(entry==0)return false; + bool ok=false; + for(auto addr:Util::SearchMemory(&entry, 4, PAGE_EXECUTE, processStartAddress, processStopAddress)){ + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) continue; + auto xrefs=findxref_reverse_checkcallop(addr,max(processStartAddress,addr-0x100000),min(processStopAddress,addr+0x100000),0xe8); + for(auto addrx:xrefs){ + //ConsoleOutput("xref %p",addrx); + const BYTE aligned [] = {0xCC,0xCC}; + auto addrx1 = reverseFindBytes(aligned, sizeof(aligned), addrx-0x200, addrx); + //ConsoleOutput("Aligned %p",addrx1); + if (!addrx1) continue; + addrx1+=2; + BYTE __1[]={0xDC,0x0D,XX,XX,XX,0x00}; + auto _1 = MemDbg::findBytes(__1, 6, addrx-0x30, addrx); + //ConsoleOutput("sig %p",_1); + if(_1==0 )continue; + BYTE checkthiscall[]={0x8B,0xF9};//mov edi, ecx + auto _3 = MemDbg::findBytes(checkthiscall,2, addrx1, addrx); + HookParam hp; + hp.address = addrx1; + if(_3) + hp.offset=get_stack(3); + else + hp.offset=get_stack(4); + hp.type = CODEC_UTF16; + + ok=NewHook(hp, "Bishop2"); + } + } + return ok; +} \ No newline at end of file diff --git a/LunaHook/engine32/Bishop.h b/LunaHook/engine32/Bishop.h new file mode 100644 index 0000000..8b62079 --- /dev/null +++ b/LunaHook/engine32/Bishop.h @@ -0,0 +1,24 @@ +#include"engine.h" + +class Bishop:public ENGINE{ + public: + Bishop(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"GRAPHICS\\PACK.PK"; + is_engine_certain=false; + }; + bool attach_function(); +}; + + +class Bishop2:public ENGINE{ + public: + Bishop2(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"*.bsa"; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Bootup.cpp b/LunaHook/engine32/Bootup.cpp new file mode 100644 index 0000000..2d5acd3 --- /dev/null +++ b/LunaHook/engine32/Bootup.cpp @@ -0,0 +1,259 @@ +#include"Bootup.h" + +/** + * jichi 5/22/2015: Insert Bootup hook + * Sample games: + * - [090709] [PIL] 仏蘭西少女 + * - [110318] [Daisy2] 三国恋戦� * - [110329] [PIL/SLASH] 神学校 + * - [150527] [Daisy2] 絶対階級学� * + * Properties + * - There is Bootup.dat existing in the game folder. + * - lstrlenW can find text repeating once + * - GetCharABCWidthsW and TextOutW can find cached text that missing characters + * GetCharABCWidthsA and TextOutA for old games. + * - There is only one TextOut (W for new and A for old). + * + * Logic: + * + GDI hook + * - Hook to the caller of TextOut + * + Lstr hook + * - Find last (second) caller of the first GetCharABCWidths after int3 + * - Find the lstrlen function in this caller, and hook to it + * + * Full text is in arg1, shifted one by one. + * Character to paint is also in arg3 + * + * All Bootup games are slightly different + * - 三国恋戦�仏蘭西少女: text in both lstrlenA and caller of TextOutA + * But I didn't find correct lstrlenA to hook. BootupLstrA find nothing for 仏蘭西少女 and name for 三国恋戦� + * - 神学校: text in both lstrlenW and TextOutW, but lstrlenW has repetition + * Caller of TextOutW the same as that of TextOutA + * - 絶対階級学� text in both lstrlenW and TextOutW. But TextOutW's name has repetition + * Caller of TextOutW different 神学校 + * + * Here's the beginning of caller of TextOutW in 絶対階級学� + * 00B61ADD CC INT3 + * 00B61ADE CC INT3 + * 00B61ADF CC INT3 + * 00B61AE0 55 PUSH EBP + * 00B61AE1 8BEC MOV EBP,ESP + * 00B61AE3 81EC 98000000 SUB ESP,0x98 + * 00B61AE9 53 PUSH EBX + * 00B61AEA 56 PUSH ESI + * 00B61AEB 57 PUSH EDI + * 00B61AEC 8BF2 MOV ESI,EDX + * 00B61AEE 8BF9 MOV EDI,ECX + * 00B61AF0 8975 D8 MOV DWORD PTR SS:[EBP-0x28],ESI + * 00B61AF3 897D E0 MOV DWORD PTR SS:[EBP-0x20],EDI + * 00B61AF6 E8 A5FEFFFF CALL .00B619A0 + * 00B61AFB 8BD8 MOV EBX,EAX + * 00B61AFD 895D CC MOV DWORD PTR SS:[EBP-0x34],EBX + * 00B61B00 66:833B 00 CMP WORD PTR DS:[EBX],0x0 + * 00B61B04 0F85 0B020000 JNZ .00B61D15 + * 00B61B0A B8 00010000 MOV EAX,0x100 + * 00B61B0F 66:8933 MOV WORD PTR DS:[EBX],SI + * 00B61B12 66:3BF0 CMP SI,AX + * 00B61B15 72 26 JB SHORT .00B61B3D + * 00B61B17 8B47 3C MOV EAX,DWORD PTR DS:[EDI+0x3C] + * 00B61B1A 85C0 TEST EAX,EAX + * 00B61B1C 74 1F JE SHORT .00B61B3D + * 00B61B1E 8B57 44 MOV EDX,DWORD PTR DS:[EDI+0x44] + * 00B61B21 85D2 TEST EDX,EDX + * 00B61B23 7E 18 JLE SHORT .00B61B3D + * 00B61B25 33C9 XOR ECX,ECX + * 00B61B27 85D2 TEST EDX,EDX + * 00B61B29 7E 12 JLE SHORT .00B61B3D + * 00B61B2B 8B47 40 MOV EAX,DWORD PTR DS:[EDI+0x40] + * 00B61B2E 8BFF MOV EDI,EDI + * 00B61B30 66:3930 CMP WORD PTR DS:[EAX],SI + * 00B61B33 74 6F JE SHORT .00B61BA4 + * 00B61B35 41 INC ECX + * 00B61B36 83C0 02 ADD EAX,0x2 + * 00B61B39 3BCA CMP ECX,EDX + * 00B61B3B ^7C F3 JL SHORT .00B61B30 + * 00B61B3D 33C0 XOR EAX,EAX + * 00B61B3F 66:8945 9E MOV WORD PTR SS:[EBP-0x62],AX + * 00B61B43 8B47 04 MOV EAX,DWORD PTR DS:[EDI+0x4] + * 00B61B46 0FAF47 1C IMUL EAX,DWORD PTR DS:[EDI+0x1C] + * 00B61B4A 0FAF47 1C IMUL EAX,DWORD PTR DS:[EDI+0x1C] + * 00B61B4E 0FAF47 18 IMUL EAX,DWORD PTR DS:[EDI+0x18] + * 00B61B52 50 PUSH EAX + * 00B61B53 6A 00 PUSH 0x0 + * 00B61B55 FF77 14 PUSH DWORD PTR DS:[EDI+0x14] + * 00B61B58 66:8975 9C MOV WORD PTR SS:[EBP-0x64],SI + * 00B61B5C E8 2FC20200 CALL .00B8DD90 + * 00B61B61 83C4 0C ADD ESP,0xC + * 00B61B64 8D45 9C LEA EAX,DWORD PTR SS:[EBP-0x64] + * 00B61B67 6A 01 PUSH 0x1 + * 00B61B69 50 PUSH EAX + * 00B61B6A 6A 00 PUSH 0x0 + * 00B61B6C 6A 00 PUSH 0x0 + * 00B61B6E FF77 10 PUSH DWORD PTR DS:[EDI+0x10] + * 00B61B71 FF15 8820BB00 CALL DWORD PTR DS:[0xBB2088] ; gdi32.TextOutW + * 00B61B77 8B47 1C MOV EAX,DWORD PTR DS:[EDI+0x1C] + * 00B61B7A 8B57 14 MOV EDX,DWORD PTR DS:[EDI+0x14] + * 00B61B7D 8B7F 04 MOV EDI,DWORD PTR DS:[EDI+0x4] + * 00B61B80 8B73 0C MOV ESI,DWORD PTR DS:[EBX+0xC] + * 00B61B83 0FAFF8 IMUL EDI,EAX + * 00B61B86 48 DEC EAX + * 00B61B87 8975 C4 MOV DWORD PTR SS:[EBP-0x3C],ESI + * 00B61B8A 897D C8 MOV DWORD PTR SS:[EBP-0x38],EDI + * + * TextOutW's caller for 神学校 + * 0113183E CC INT3 + * 0113183F CC INT3 + * 01131840 55 PUSH EBP + * 01131841 8BEC MOV EBP,ESP + * 01131843 83EC 74 SUB ESP,0x74 + * 01131846 53 PUSH EBX + * 01131847 56 PUSH ESI + * 01131848 8B75 08 MOV ESI,DWORD PTR SS:[EBP+0x8] + * 0113184B 57 PUSH EDI + * 0113184C 8B7D 0C MOV EDI,DWORD PTR SS:[EBP+0xC] + * 0113184F 8BCF MOV ECX,EDI + * 01131851 8BD6 MOV EDX,ESI + * 01131853 E8 A8FEFFFF CALL .01131700 + * 01131858 8BD8 MOV EBX,EAX + * 0113185A 66:833B 00 CMP WORD PTR DS:[EBX],0x0 + * 0113185E 895D 90 MOV DWORD PTR SS:[EBP-0x70],EBX + * 01131861 0F85 700F0000 JNZ .011327D7 + * 01131867 B8 00010000 MOV EAX,0x100 + * 0113186C 66:893B MOV WORD PTR DS:[EBX],DI + * 0113186F 66:3BF8 CMP DI,AX + * 01131872 72 2E JB SHORT .011318A2 + * 01131874 8B56 3C MOV EDX,DWORD PTR DS:[ESI+0x3C] + * 01131877 85D2 TEST EDX,EDX + * 01131879 74 27 JE SHORT .011318A2 + * 0113187B 8B46 44 MOV EAX,DWORD PTR DS:[ESI+0x44] + * 0113187E 85C0 TEST EAX,EAX + * 01131880 7E 20 JLE SHORT .011318A2 + * 01131882 33FF XOR EDI,EDI + * 01131884 85C0 TEST EAX,EAX + * 01131886 7E 1A JLE SHORT .011318A2 + * 01131888 8B46 40 MOV EAX,DWORD PTR DS:[ESI+0x40] + * 0113188B EB 03 JMP SHORT .01131890 + * 0113188D 8D49 00 LEA ECX,DWORD PTR DS:[ECX] + * 01131890 66:8B4D 0C MOV CX,WORD PTR SS:[EBP+0xC] + * 01131894 66:3908 CMP WORD PTR DS:[EAX],CX + * 01131897 74 74 JE SHORT .0113190D + * 01131899 47 INC EDI + * 0113189A 83C0 02 ADD EAX,0x2 + * 0113189D 3B7E 44 CMP EDI,DWORD PTR DS:[ESI+0x44] + * 011318A0 ^7C EE JL SHORT .01131890 + * 011318A2 66:8B45 0C MOV AX,WORD PTR SS:[EBP+0xC] + * 011318A6 66:8945 8C MOV WORD PTR SS:[EBP-0x74],AX + * 011318AA 8B46 1C MOV EAX,DWORD PTR DS:[ESI+0x1C] + * 011318AD 0FAFC0 IMUL EAX,EAX + * 011318B0 0FAF46 18 IMUL EAX,DWORD PTR DS:[ESI+0x18] + * 011318B4 0FAF46 04 IMUL EAX,DWORD PTR DS:[ESI+0x4] + * 011318B8 8B56 14 MOV EDX,DWORD PTR DS:[ESI+0x14] + * 011318BB 33C9 XOR ECX,ECX + * 011318BD 50 PUSH EAX + * 011318BE 51 PUSH ECX + * 011318BF 52 PUSH EDX + * 011318C0 66:894D 8E MOV WORD PTR SS:[EBP-0x72],CX + * 011318C4 E8 87060200 CALL .01151F50 + * 011318C9 8B4E 10 MOV ECX,DWORD PTR DS:[ESI+0x10] + * 011318CC 83C4 0C ADD ESP,0xC + * 011318CF 6A 01 PUSH 0x1 + * 011318D1 8D45 8C LEA EAX,DWORD PTR SS:[EBP-0x74] + * 011318D4 50 PUSH EAX + * 011318D5 6A 00 PUSH 0x0 + * 011318D7 6A 00 PUSH 0x0 + * 011318D9 51 PUSH ECX + * 011318DA FF15 38101701 CALL DWORD PTR DS:[0x1171038] ; gdi32.TextOutW + * 011318E0 8B4E 1C MOV ECX,DWORD PTR DS:[ESI+0x1C] + * 011318E3 8B46 04 MOV EAX,DWORD PTR DS:[ESI+0x4] + * 011318E6 8B56 14 MOV EDX,DWORD PTR DS:[ESI+0x14] + * 011318E9 0FAFC1 IMUL EAX,ECX + * 011318EC 8B7B 0C MOV EDI,DWORD PTR DS:[EBX+0xC] + */ +namespace { // unnamed +bool BootupGDIHook(hook_stack* stack, HookParam *hp) +{ + DWORD arg2 = stack->stack[2]; + if ((arg2 & 0xffff0000)) { // if arg2 high bits are there, this is new Bootup game + hp->type |= DATA_INDIRECT; + hp->offset = get_stack(3); + hp->split = get_reg(regs::ebx); + } + return false; // run once and stop hooking +} +bool InsertBootupGDIHook() +{ + bool widechar = true; + ULONG addr = MemDbg::findCallerAddressAfterInt3((ULONG)TextOutW, processStartAddress, processStopAddress); + if (!addr) { + addr = MemDbg::findCallerAddressAfterInt3((ULONG)TextOutA, processStartAddress, processStopAddress); + widechar = false; + } + if (!addr) { + ConsoleOutput("BootupGDI: failed to find TextOut"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.type = USING_SPLIT|NO_CONTEXT|USING_CHAR; // use NO_CONTEXT to get rid of floating reladdr + hp.type |= widechar ? CODEC_UTF16 : CODEC_ANSI_BE; // use context as split is sufficient, but will produce floating split + + + hp.offset=get_stack(2); // arg2, character in arg2, could be modified by hook + if (widechar) + hp.split = get_reg(regs::edx); + else + hp.split = get_stack(1); + hp.hook_fun = BootupGDIHook; // adjust hook parameter at runtime + + ConsoleOutput("INSERT BootupGDI"); + + + ConsoleOutput("BootupGDI: disable GDI hooks"); + + return NewHook(hp, widechar ? "BootupW" : "BootupA"); +} +bool InsertBootupLstrHook() // for character name +{ + bool widechar = true; + ULONG addr = MemDbg::findLastCallerAddressAfterInt3((ULONG)GetCharABCWidthsW, processStartAddress, processStopAddress); + if (!addr) { + // Do not hook to lstrlenA, which causes text extraction to stop + //addr = MemDbg::findLastCallerAddressAfterInt3((ULONG)GetCharABCWidthsA, processStartAddress, processStopAddress); + //widechar = false; + } + if (!addr) { + ConsoleOutput("BootupLstr: failed to find GetCharABCWidths"); + return false; + } + //GROWL_DWORD2(addr, processStartAddress); + //enum { range = 0x200 }; // 0x012A2CCB - 0x12A2CB0 = 0x1b + addr = MemDbg::findCallAddress(widechar ? (ULONG)::lstrlenW : (ULONG)::lstrlenA, + processStartAddress, processStopAddress, + addr - processStartAddress); //, range); // no range + if (!addr) { + ConsoleOutput("BootupLstr: failed to find lstrlen"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.type = widechar ? (USING_STRING|CODEC_UTF16) : USING_STRING; // use context as split is sufficient, but will produce floating split + //hp.type = CODEC_UTF16|NO_CONTEXT|USING_SPLIT; // use text address as split + //hp.split = 0; + + ConsoleOutput("INSERT BootupLstr"); + + return NewHook(hp, widechar ? "BootupLstrW" : "BootupLstrA"); +} +} // unnamed namespace +bool InsertBootupHook() +{ + bool ret = InsertBootupGDIHook(); + InsertBootupLstrHook(); + return ret; +} + +bool Bootup::attach_function() { + + return InsertBootupHook(); +} \ No newline at end of file diff --git a/LunaHook/engine32/Bootup.h b/LunaHook/engine32/Bootup.h new file mode 100644 index 0000000..bd022cb --- /dev/null +++ b/LunaHook/engine32/Bootup.h @@ -0,0 +1,13 @@ +#include"engine.h" + +class Bootup:public ENGINE{ + public: + Bootup(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"Bootup.dat"; + is_engine_certain=false; + // lstrlenW can also find text with repetition though + }; + bool attach_function(); +}; diff --git a/LunaHook/engine32/Bruns.cpp b/LunaHook/engine32/Bruns.cpp new file mode 100644 index 0000000..4507807 --- /dev/null +++ b/LunaHook/engine32/Bruns.cpp @@ -0,0 +1,80 @@ +#include"Bruns.h" + +bool InsertBrunsHook() +{ + bool success=false; + if (Util::CheckFile(L"libscr.dll")) { + HookParam hp; + hp.offset=get_stack(1); + hp.type = CODEC_UTF16; + //?push_back@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXG@Z + if (Util::CheckFile(L"msvcp90.dll")) + hp.address = (DWORD)GetProcAddress(GetModuleHandleW(L"msvcp90.dll"), "?push_back@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXG@Z"); + else if (Util::CheckFile(L"msvcp80.dll")) + hp.address = (DWORD)GetProcAddress(GetModuleHandleW(L"msvcp80.dll"), "?push_back@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXG@Z"); + else if (Util::CheckFile(L"msvcp100.dll")) // jichi 8/17/2013: MSVCRT 10.0 and 11.0 + hp.address = (DWORD)GetProcAddress(GetModuleHandleW(L"msvcp100.dll"), "?push_back@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXG@Z"); + else if (Util::CheckFile(L"msvcp110.dll")) + hp.address = (DWORD)GetProcAddress(GetModuleHandleW(L"msvcp110.dll"), "?push_back@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXG@Z"); + if (hp.address) { + ConsoleOutput("INSERT Brus#1"); + success|=NewHook(hp, "Bruns"); + } + } + //else + // jichi 12/21/2013: Keep both bruns hooks + // The first one does not work for games like 「オーク・キングダマモン娘繁殖�豚人王~�anymore. + { + union { + DWORD i; + DWORD *id; + WORD *iw; + BYTE *ib; + }; + DWORD k = processStopAddress - 4; + for (i = processStartAddress + 0x1000; i < k; i++) { + if (*id != 0xff) //cmp reg,0xff + continue; + i += 4; + if (*iw != 0x8f0f) + continue;//jg + i += 2; + i += *id + 4; + for (DWORD j = i + 0x40; i < j; i++) { + if (*ib != 0xe8) + continue; + i++; + DWORD t = i + 4 + *id; + if (t > processStartAddress && t processStartAddress && t 66:8b78 08 /mov di,word ptr ds:[eax+0x8] + * 00449009 |. 66:3b7d 0c |cmp di,word ptr ss:[ebp+0xc] + * 0044900d |. 75 0a |jnz short cmvs32.00449019 + * 0044900f |. 66:8b7d 10 |mov di,word ptr ss:[ebp+0x10] + * 00449013 |. 66:3978 0a |cmp word ptr ds:[eax+0xa],di + * 00449017 |. 74 0a |je short cmvs32.00449023 + * 00449019 |> 8bd0 |mov edx,eax + * 0044901b |. 8b00 |mov eax,dword ptr ds:[eax] + * 0044901d |. 3bc6 |cmp eax,esi + * 0044901f |.^75 e4 \jnz short cmvs32.00449005 + * 00449021 |. eb 19 jmp short cmvs32.0044903c + * 00449023 |> 3bd6 cmp edx,esi + * 00449025 |. 74 0a je short cmvs32.00449031 + * 00449027 |. 8b38 mov edi,dword ptr ds:[eax] + * 00449029 |. 893a mov dword ptr ds:[edx],edi + * 0044902b |. 8b11 mov edx,dword ptr ds:[ecx] + * 0044902d |. 8910 mov dword ptr ds:[eax],edx + * 0044902f |. 8901 mov dword ptr ds:[ecx],eax + * 00449031 |> 8b40 04 mov eax,dword ptr ds:[eax+0x4] + * 00449034 |. 3bc6 cmp eax,esi + * 00449036 |. 0f85 64010000 jnz cmvs32.004491a0 + * 0044903c |> 8b55 08 mov edx,dword ptr ss:[ebp+0x8] + * 0044903f |. 53 push ebx + * 00449040 |. 0fb75d 0c movzx ebx,word ptr ss:[ebp+0xc] + * 00449044 |. b8 00000100 mov eax,0x10000 + * 00449049 |. 8945 e4 mov dword ptr ss:[ebp-0x1c],eax + * 0044904c |. 8945 f0 mov dword ptr ss:[ebp-0x10],eax + * 0044904f |. 8d45 e4 lea eax,dword ptr ss:[ebp-0x1c] + * 00449052 |. 50 push eax ; /pMat2 + * 00449053 |. 56 push esi ; |Buffer + * 00449054 |. 56 push esi ; |BufSize + * 00449055 |. 8d4d d0 lea ecx,dword ptr ss:[ebp-0x30] ; | + * 00449058 |. 51 push ecx ; |pMetrics + * 00449059 |. 6a 05 push 0x5 ; |Format = GGO_GRAY4_BITMAP + * 0044905b |. 53 push ebx ; |Char + * 0044905c |. 52 push edx ; |hDC + * 0044905d |. 8975 e8 mov dword ptr ss:[ebp-0x18],esi ; | + * 00449060 |. 8975 ec mov dword ptr ss:[ebp-0x14],esi ; | + * 00449063 |. ff15 5cf05300 call dword ptr ds:[<&gdi32.getglyphoutli>; \GetGlyphOutlineA + * 00449069 |. 8b75 10 mov esi,dword ptr ss:[ebp+0x10] + * 0044906c |. 0faff6 imul esi,esi + * 0044906f |. 8bf8 mov edi,eax + * 00449071 |. 8d04bd 0000000>lea eax,dword ptr ds:[edi*4] + * 00449078 |. 3bc6 cmp eax,esi + * 0044907a |. 76 02 jbe short cmvs32.0044907e + * 0044907c |. 8bf0 mov esi,eax + * 0044907e |> 56 push esi ; /Size + * 0044907f |. 6a 00 push 0x0 ; |Flags = LMEM_FIXED + * 00449081 |. ff15 34f25300 call dword ptr ds:[<&kernel32.localalloc>; \LocalAlloc + */ +bool InsertCMVS2Hook() +{ + // There are multiple functions satisfy the pattern below. + // Hook to any one of them is OK. + const BYTE bytes[] = { // function begin + 0x55, // 00448ff0 /$ 55 push ebp + 0x8b,0xec, // 00448ff1 |. 8bec mov ebp,esp + 0x83,0xec, 0x68, // 00448ff3 |. 83ec 68 sub esp,0x68 ; jichi: hook here + 0x8b,0x01, // 00448ff6 |. 8b01 mov eax,dword ptr ds:[ecx] + 0x56, // 00448ff8 |. 56 push esi + 0x33,0xf6, // 00448ff9 |. 33f6 xor esi,esi + 0x33,0xd2, // 00448ffb |. 33d2 xor edx,edx + 0x57, // 00448ffd |. 57 push edi + 0x89,0x4d, 0xfc, // 00448ffe |. 894d fc mov dword ptr ss:[ebp-0x4],ecx + 0x3b,0xc6, // 00449001 |. 3bc6 cmp eax,esi + 0x74, 0x37 // 00449003 |. 74 37 je short cmvs32.0044903c + }; + enum { addr_offset = 3 }; // offset from the beginning of the function + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + // Artikash 11/9/2018: Not sure, but isn't findCallerAddress a better way to do this? + if (!addr) addr = MemDbg::findCallerAddressAfterInt3((DWORD)GetGlyphOutlineA, processStartAddress, processStopAddress); + if (!addr) { + ConsoleOutput("CMVS2: pattern not found"); + return false; + } + + //reladdr = 0x48ff0; + //reladdr = 0x48ff3; + HookParam hp; + hp.address = addr + addr_offset; + hp.offset=get_stack(3); + hp.type = CODEC_ANSI_BE; + + ConsoleOutput("INSERT CMVS2"); + + return NewHook(hp, "CMVS2"); +} + +} // unnamed namespace + +// jichi 3/7/2014: Insert the old hook first since GetGlyphOutlineA can NOT be found in new games +bool InsertCMVSHook() +{ + // Both CMVS1 and CMVS2 exists in new games. + // Insert the CMVS2 first. Since CMVS1 could break CMVS2 + // And the CMVS1 games do not have CMVS2 patterns. + //return InsertCMVS2Hook() || InsertCMVS1Hook(); + + //初恋サクラメント + //夏に奏でる僕らの詩 + //まじぷり\Wonder Cradle + //等等一堆游戏,都能搜索到2,但没文字。 + // bool b2=InsertCMVS2Hook(); + // //先插入1会崩溃。 + // bool b1=InsertCMVS1Hook(); + //return b1||b2; + return InsertCMVS1Hook(); +} + /** + * Sample game: クロノクロック (CMVS2) + * + * This function is found by back-tracking GetGlyphOutlineA + * Until I found a function with GetDC. + * + * 0045111B CC INT3 + * 0045111C CC INT3 + * 0045111D CC INT3 + * 0045111E CC INT3 + * 0045111F CC INT3 + * 00451120 55 PUSH EBP + * 00451121 8BEC MOV EBP,ESP + * 00451123 83EC 58 SUB ESP,0x58 + * 00451126 53 PUSH EBX + * 00451127 33C0 XOR EAX,EAX + * 00451129 56 PUSH ESI + * 0045112A 8BF1 MOV ESI,ECX + * 0045112C 57 PUSH EDI + * 0045112D 8B7D 08 MOV EDI,DWORD PTR SS:[EBP+0x8] + * 00451130 8945 FC MOV DWORD PTR SS:[EBP-0x4],EAX + * 00451133 8945 F4 MOV DWORD PTR SS:[EBP-0xC],EAX + * 00451136 8945 E8 MOV DWORD PTR SS:[EBP-0x18],EAX + * 00451139 8B86 58010000 MOV EAX,DWORD PTR DS:[ESI+0x158] + * 0045113F 50 PUSH EAX + * 00451140 FF15 C0735400 CALL DWORD PTR DS:[0x5473C0] ; user32.GetDC + * 00451146 68 80000000 PUSH 0x80 + * 0045114B 8D9E B8000000 LEA EBX,DWORD PTR DS:[ESI+0xB8] + * 00451151 6A 00 PUSH 0x0 + * 00451153 53 PUSH EBX + * 00451154 8945 E4 MOV DWORD PTR SS:[EBP-0x1C],EAX + * 00451157 E8 C4A00D00 CALL .0052B220 + * 0045115C 83C4 0C ADD ESP,0xC + * 0045115F 83BE A4000000 00 CMP DWORD PTR DS:[ESI+0xA4],0x0 + * 00451166 74 29 JE SHORT .00451191 + * 00451168 6A 00 PUSH 0x0 + * 0045116A 6A 00 PUSH 0x0 + * 0045116C 53 PUSH EBX + * 0045116D 8BCF MOV ECX,EDI + * 0045116F 51 PUSH ECX + * 00451170 8BCE MOV ECX,ESI + * 00451172 E8 29F8FFFF CALL .004509A0 + * 00451177 833B 00 CMP DWORD PTR DS:[EBX],0x0 + * 0045117A 77 09 JA SHORT .00451185 + * 0045117C 83BE AC000000 00 CMP DWORD PTR DS:[ESI+0xAC],0x0 + * 00451183 74 0C JE SHORT .00451191 + * 00451185 8B96 B0000000 MOV EDX,DWORD PTR DS:[ESI+0xB0] + * 0045118B 0196 9C000000 ADD DWORD PTR DS:[ESI+0x9C],EDX + * 00451191 8B4E 7C MOV ECX,DWORD PTR DS:[ESI+0x7C] + * 00451194 8B56 70 MOV EDX,DWORD PTR DS:[ESI+0x70] + * 00451197 B8 28000000 MOV EAX,0x28 + * 0045119C 66:8945 A8 MOV WORD PTR SS:[EBP-0x58],AX + * 004511A0 8B46 74 MOV EAX,DWORD PTR DS:[ESI+0x74] + * 004511A3 894D CC MOV DWORD PTR SS:[EBP-0x34],ECX + * 004511A6 8B4E 1C MOV ECX,DWORD PTR DS:[ESI+0x1C] + * 004511A9 8945 C4 MOV DWORD PTR SS:[EBP-0x3C],EAX + * 004511AC 8B86 80000000 MOV EAX,DWORD PTR DS:[ESI+0x80] + * 004511B2 894D BC MOV DWORD PTR SS:[EBP-0x44],ECX + * 004511B5 33C9 XOR ECX,ECX + * 004511B7 48 DEC EAX + * 004511B8 8955 C0 MOV DWORD PTR SS:[EBP-0x40],EDX + * 004511BB 894D B0 MOV DWORD PTR SS:[EBP-0x50],ECX + * 004511BE 74 18 JE SHORT .004511D8 + * 004511C0 48 DEC EAX + * 004511C1 74 0C JE SHORT .004511CF + * 004511C3 48 DEC EAX + * 004511C4 75 19 JNZ SHORT .004511DF + * 004511C6 C745 B0 03000000 MOV DWORD PTR SS:[EBP-0x50],0x3 + * 004511CD EB 10 JMP SHORT .004511DF + * 004511CF C745 B0 02000000 MOV DWORD PTR SS:[EBP-0x50],0x2 + * 004511D6 EB 07 JMP SHORT .004511DF + * 004511D8 C745 B0 01000000 MOV DWORD PTR SS:[EBP-0x50],0x1 + * 004511DF 8B45 0C MOV EAX,DWORD PTR SS:[EBP+0xC] + * 004511E2 3BC1 CMP EAX,ECX + * 004511E4 74 1B JE SHORT .00451201 + * 004511E6 8B50 0C MOV EDX,DWORD PTR DS:[EAX+0xC] + * 004511E9 8955 C8 MOV DWORD PTR SS:[EBP-0x38],EDX + * 004511EC 3948 10 CMP DWORD PTR DS:[EAX+0x10],ECX + * 004511EF 74 05 JE SHORT .004511F6 + * 004511F1 894D F0 MOV DWORD PTR SS:[EBP-0x10],ECX + * 004511F4 EB 26 JMP SHORT .0045121C + * 004511F6 8B96 8C000000 MOV EDX,DWORD PTR DS:[ESI+0x8C] + * 004511FC 0FAF10 IMUL EDX,DWORD PTR DS:[EAX] + * 004511FF EB 0E JMP SHORT .0045120F + * 00451201 8B46 78 MOV EAX,DWORD PTR DS:[ESI+0x78] + * 00451204 8B96 8C000000 MOV EDX,DWORD PTR DS:[ESI+0x8C] + * 0045120A 8945 C8 MOV DWORD PTR SS:[EBP-0x38],EAX + * 0045120D 03D2 ADD EDX,EDX + * 0045120F B8 CDCCCCCC MOV EAX,0xCCCCCCCD + * 00451214 F7E2 MUL EDX + * 00451216 C1EA 03 SHR EDX,0x3 + * 00451219 8955 F0 MOV DWORD PTR SS:[EBP-0x10],EDX + * 0045121C 8BC7 MOV EAX,EDI + * 0045121E 3808 CMP BYTE PTR DS:[EAX],CL + * 00451220 0F84 5A040000 JE .00451680 + * 00451226 EB 02 JMP SHORT .0045122A + * 00451228 33C9 XOR ECX,ECX + * 0045122A 0FB607 MOVZX EAX,BYTE PTR DS:[EDI] + * 0045122D 3C 5C CMP AL,0x5C + * 0045122F 0F84 AE030000 JE .004515E3 + * 00451235 3C 7B CMP AL,0x7B + * 00451237 0F84 65010000 JE .004513A2 + * 0045123D 50 PUSH EAX + * 0045123E E8 DD59FBFF CALL .00406C20 + * 00451243 Hook 85C0 TEST EAX,EAX + * 00451245 0F84 A6000000 JE .004512F1 + * 0045124B 66:0FBE47 01 MOVSX AX,BYTE PTR DS:[EDI+0x1] + * 00451250 66:0FBE17 MOVSX DX,BYTE PTR DS:[EDI] + * 00451254 B9 FF000000 MOV ECX,0xFF + * 00451259 66:23C1 AND AX,CX + * 0045125C 66:C1E2 08 SHL DX,0x8 + * 00451260 66:0BC2 OR AX,DX + * 00451263 B9 4A810000 MOV ECX,0x814A + * 00451268 83C7 02 ADD EDI,0x2 + * 0045126B 33DB XOR EBX,EBX + * 0045126D 66:8945 AA MOV WORD PTR SS:[EBP-0x56],AX + * 00451271 66:3BC1 CMP AX,CX + * 00451274 75 05 JNZ SHORT .0045127B + * 00451276 BB 01000000 MOV EBX,0x1 + * 0045127B 8B45 AA MOV EAX,DWORD PTR SS:[EBP-0x56] + * 0045127E 8D55 F4 LEA EDX,DWORD PTR SS:[EBP-0xC] + * 00451281 52 PUSH EDX + * 00451282 50 PUSH EAX + * 00451283 6A 00 PUSH 0x0 + * 00451285 8BCE MOV ECX,ESI + * 00451287 E8 44F9FFFF CALL .00450BD0 + * 0045128C 8B8E 98000000 MOV ECX,DWORD PTR DS:[ESI+0x98] + * 00451292 8B96 9C000000 MOV EDX,DWORD PTR DS:[ESI+0x9C] + * 00451298 894D B4 MOV DWORD PTR SS:[EBP-0x4C],ECX + * 0045129B 8955 B8 MOV DWORD PTR SS:[EBP-0x48],EDX + * 0045129E 85DB TEST EBX,EBX + * 004512A0 74 0E JE SHORT .004512B0 + * 004512A2 B8 CDCCCCCC MOV EAX,0xCCCCCCCD + * 004512A7 F766 1C MUL DWORD PTR DS:[ESI+0x1C] + * 004512AA C1EA 02 SHR EDX,0x2 + * 004512AD 2955 B4 SUB DWORD PTR SS:[EBP-0x4C],EDX + * 004512B0 8B55 E4 MOV EDX,DWORD PTR SS:[EBP-0x1C] + * 004512B3 8D45 DC LEA EAX,DWORD PTR SS:[EBP-0x24] + * 004512B6 50 PUSH EAX + * 004512B7 8D4D A8 LEA ECX,DWORD PTR SS:[EBP-0x58] + * 004512BA 51 PUSH ECX + * 004512BB 52 PUSH EDX + * 004512BC 8BCE MOV ECX,ESI + * 004512BE E8 EDEEFFFF CALL .004501B0 + * 004512C3 8945 F8 MOV DWORD PTR SS:[EBP-0x8],EAX + * 004512C6 85DB TEST EBX,EBX + * 004512C8 75 11 JNZ SHORT .004512DB + * 004512CA 8B46 20 MOV EAX,DWORD PTR DS:[ESI+0x20] + * 004512CD 0346 1C ADD EAX,DWORD PTR DS:[ESI+0x1C] + * 004512D0 0186 98000000 ADD DWORD PTR DS:[ESI+0x98],EAX + * 004512D6 E9 A4000000 JMP .0045137F + * 004512DB 8B4E 1C MOV ECX,DWORD PTR DS:[ESI+0x1C] + * 004512DE B8 CDCCCCCC MOV EAX,0xCCCCCCCD + * 004512E3 F7E1 MUL ECX + * 004512E5 C1EA 02 SHR EDX,0x2 + * 004512E8 D1E9 SHR ECX,1 + * 004512EA 2BCA SUB ECX,EDX + * 004512EC E9 85000000 JMP .00451376 + * 004512F1 66:0FBE0F MOVSX CX,BYTE PTR DS:[EDI] + * 004512F5 8B46 1C MOV EAX,DWORD PTR DS:[ESI+0x1C] + * 004512F8 8B56 14 MOV EDX,DWORD PTR DS:[ESI+0x14] + * 004512FB 2BD0 SUB EDX,EAX + * 004512FD 2B56 20 SUB EDX,DWORD PTR DS:[ESI+0x20] + * 00451300 66:894D AA MOV WORD PTR SS:[EBP-0x56],CX + * 00451304 8B4E 0C MOV ECX,DWORD PTR DS:[ESI+0xC] + * 00451307 03D1 ADD EDX,ECX + * 00451309 47 INC EDI + * 0045130A 3996 98000000 CMP DWORD PTR DS:[ESI+0x98],EDX + * 00451310 72 37 JB SHORT .00451349 + * 00451312 8B55 F4 MOV EDX,DWORD PTR SS:[EBP-0xC] + * 00451315 42 INC EDX + * 00451316 83BC96 B8000000 >CMP DWORD PTR DS:[ESI+EDX*4+0xB8],0x0 + * 0045131E 8955 F4 MOV DWORD PTR SS:[EBP-0xC],EDX + * 00451321 77 09 JA SHORT .0045132C + * 00451323 83BE AC000000 00 CMP DWORD PTR DS:[ESI+0xAC],0x0 + * 0045132A 74 0C JE SHORT .00451338 + * 0045132C 8B96 B0000000 MOV EDX,DWORD PTR DS:[ESI+0xB0] + * 00451332 0196 9C000000 ADD DWORD PTR DS:[ESI+0x9C],EDX + * 00451338 898E 98000000 MOV DWORD PTR DS:[ESI+0x98],ECX + * 0045133E 8B4E 24 MOV ECX,DWORD PTR DS:[ESI+0x24] + * 00451341 03C8 ADD ECX,EAX + * 00451343 018E 9C000000 ADD DWORD PTR DS:[ESI+0x9C],ECX + * 00451349 8B96 98000000 MOV EDX,DWORD PTR DS:[ESI+0x98] + * 0045134F 8B86 9C000000 MOV EAX,DWORD PTR DS:[ESI+0x9C] + * 00451355 8D4D DC LEA ECX,DWORD PTR SS:[EBP-0x24] + * 00451358 51 PUSH ECX + * 00451359 8955 B4 MOV DWORD PTR SS:[EBP-0x4C],EDX + * 0045135C 8D55 A8 LEA EDX,DWORD PTR SS:[EBP-0x58] + * 0045135F 8945 B8 MOV DWORD PTR SS:[EBP-0x48],EAX + * 00451362 8B45 E4 MOV EAX,DWORD PTR SS:[EBP-0x1C] + * 00451365 52 PUSH EDX + * 00451366 50 PUSH EAX + * 00451367 8BCE MOV ECX,ESI + * 00451369 E8 42EEFFFF CALL .004501B0 + * 0045136E 8B4E 1C MOV ECX,DWORD PTR DS:[ESI+0x1C] + * 00451371 8945 F8 MOV DWORD PTR SS:[EBP-0x8],EAX + * 00451374 D1E9 SHR ECX,1 + * 00451376 034E 20 ADD ECX,DWORD PTR DS:[ESI+0x20] + * 00451379 018E 98000000 ADD DWORD PTR DS:[ESI+0x98],ECX + * 0045137F 8B55 F0 MOV EDX,DWORD PTR SS:[EBP-0x10] + * 00451382 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-0x18] + * 00451385 8B4D FC MOV ECX,DWORD PTR SS:[EBP-0x4] + * 00451388 52 PUSH EDX + * 00451389 8B55 0C MOV EDX,DWORD PTR SS:[EBP+0xC] + * 0045138C 50 PUSH EAX + * 0045138D 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-0x8] + * 00451390 51 PUSH ECX + * 00451391 52 PUSH EDX + * 00451392 50 PUSH EAX + * 00451393 8BCE MOV ECX,ESI + * 00451395 E8 36F9FFFF CALL .00450CD0 + * 0045139A 8945 FC MOV DWORD PTR SS:[EBP-0x4],EAX + * 0045139D E9 D5020000 JMP .00451677 + * 004513A2 8D55 F4 LEA EDX,DWORD PTR SS:[EBP-0xC] + * 004513A5 52 PUSH EDX + * 004513A6 51 PUSH ECX + * 004513A7 51 PUSH ECX + * 004513A8 8BCE MOV ECX,ESI + * 004513AA E8 21F8FFFF CALL .00450BD0 + * 004513AF 8B86 98000000 MOV EAX,DWORD PTR DS:[ESI+0x98] + * 004513B5 8B4D FC MOV ECX,DWORD PTR SS:[EBP-0x4] + * 004513B8 8B55 BC MOV EDX,DWORD PTR SS:[EBP-0x44] + * 004513BB 8945 08 MOV DWORD PTR SS:[EBP+0x8],EAX + * 004513BE 8B86 9C000000 MOV EAX,DWORD PTR DS:[ESI+0x9C] + * 004513C4 2B86 B0000000 SUB EAX,DWORD PTR DS:[ESI+0xB0] + * 004513CA 894D D8 MOV DWORD PTR SS:[EBP-0x28],ECX + * 004513CD 8945 D4 MOV DWORD PTR SS:[EBP-0x2C],EAX + * 004513D0 BB 01000000 MOV EBX,0x1 + * 004513D5 Hook 47 INC EDI + * 004513D6 8955 D0 MOV DWORD PTR SS:[EBP-0x30],EDX + * 004513D9 8DA424 00000000 LEA ESP,DWORD PTR SS:[ESP] + * 004513E0 0FB607 MOVZX EAX,BYTE PTR DS:[EDI] + * 004513E3 50 PUSH EAX + * 004513E4 E8 3758FBFF CALL .00406C20 + * 004513E9 85C0 TEST EAX,EAX + * 004513EB 74 55 JE SHORT .00451442 + * 004513ED 66:0FBE4F 01 MOVSX CX,BYTE PTR DS:[EDI+0x1] + * 004513F2 66:0FBE07 MOVSX AX,BYTE PTR DS:[EDI] + * 004513F6 BA FF000000 MOV EDX,0xFF + * 004513FB 66:23CA AND CX,DX + * 004513FE 8B96 9C000000 MOV EDX,DWORD PTR DS:[ESI+0x9C] + * 00451404 66:C1E0 08 SHL AX,0x8 + * 00451408 66:0BC8 OR CX,AX + * 0045140B 66:894D AA MOV WORD PTR SS:[EBP-0x56],CX + * 0045140F 8B8E 98000000 MOV ECX,DWORD PTR DS:[ESI+0x98] + * 00451415 894D B4 MOV DWORD PTR SS:[EBP-0x4C],ECX + * 00451418 8D45 DC LEA EAX,DWORD PTR SS:[EBP-0x24] + * 0045141B 50 PUSH EAX + * 0045141C 8D4D A8 LEA ECX,DWORD PTR SS:[EBP-0x58] + * 0045141F 8955 B8 MOV DWORD PTR SS:[EBP-0x48],EDX + * 00451422 8B55 E4 MOV EDX,DWORD PTR SS:[EBP-0x1C] + * 00451425 51 PUSH ECX + * 00451426 52 PUSH EDX + * 00451427 8BCE MOV ECX,ESI + * 00451429 83C7 02 ADD EDI,0x2 + * 0045142C E8 7FEDFFFF CALL .004501B0 + * 00451431 8945 F8 MOV DWORD PTR SS:[EBP-0x8],EAX + * 00451434 8B46 20 MOV EAX,DWORD PTR DS:[ESI+0x20] + * 00451437 0346 1C ADD EAX,DWORD PTR DS:[ESI+0x1C] + * 0045143A 0186 98000000 ADD DWORD PTR DS:[ESI+0x98],EAX + * 00451440 EB 08 JMP SHORT .0045144A + * 00451442 803F 2F CMP BYTE PTR DS:[EDI],0x2F + * 00451445 75 02 JNZ SHORT .00451449 + * 00451447 33DB XOR EBX,EBX + * 00451449 47 INC EDI + * 0045144A 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-0x10] + * 0045144D 8B55 E8 MOV EDX,DWORD PTR SS:[EBP-0x18] + * 00451450 8B45 FC MOV EAX,DWORD PTR SS:[EBP-0x4] + * 00451453 51 PUSH ECX + * 00451454 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+0xC] + * 00451457 52 PUSH EDX + * 00451458 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-0x8] + * 0045145B 50 PUSH EAX + * 0045145C 51 PUSH ECX + * 0045145D 52 PUSH EDX + * 0045145E 8BCE MOV ECX,ESI + * 00451460 E8 6BF8FFFF CALL .00450CD0 + * 00451465 8945 FC MOV DWORD PTR SS:[EBP-0x4],EAX + * 00451468 85DB TEST EBX,EBX + * 0045146A ^0F85 70FFFFFF JNZ .004513E0 + * 00451470 399E A4000000 CMP DWORD PTR DS:[ESI+0xA4],EBX + * 00451476 0F84 3F010000 JE .004515BB + * 0045147C 8BDF MOV EBX,EDI + * 0045147E C745 E0 00000000 MOV DWORD PTR SS:[EBP-0x20],0x0 + * 00451485 C745 EC 01000000 MOV DWORD PTR SS:[EBP-0x14],0x1 + * 0045148C 8D6424 00 LEA ESP,DWORD PTR SS:[ESP] + * 00451490 0FB603 MOVZX EAX,BYTE PTR DS:[EBX] + * 00451493 50 PUSH EAX + * 00451494 E8 8757FBFF CALL .00406C20 + * 00451499 85C0 TEST EAX,EAX + * 0045149B 74 08 JE SHORT .004514A5 + * 0045149D FF45 E0 INC DWORD PTR SS:[EBP-0x20] + * 004514A0 83C3 02 ADD EBX,0x2 + * 004514A3 EB 0D JMP SHORT .004514B2 + * 004514A5 803B 7D CMP BYTE PTR DS:[EBX],0x7D + * 004514A8 75 07 JNZ SHORT .004514B1 + * 004514AA C745 EC 00000000 MOV DWORD PTR SS:[EBP-0x14],0x0 + * 004514B1 43 INC EBX + * 004514B2 837D EC 00 CMP DWORD PTR SS:[EBP-0x14],0x0 + * 004514B6 ^75 D8 JNZ SHORT .00451490 + * 004514B8 8B9E B0000000 MOV EBX,DWORD PTR DS:[ESI+0xB0] + * 004514BE 8B4D E0 MOV ECX,DWORD PTR SS:[EBP-0x20] + * 004514C1 8B55 08 MOV EDX,DWORD PTR SS:[EBP+0x8] + * 004514C4 8BC3 MOV EAX,EBX + * 004514C6 0FAFC1 IMUL EAX,ECX + * 004514C9 03C9 ADD ECX,ECX + * 004514CB 894D E0 MOV DWORD PTR SS:[EBP-0x20],ECX + * 004514CE 8B8E 98000000 MOV ECX,DWORD PTR DS:[ESI+0x98] + * 004514D4 2BCA SUB ECX,EDX + * 004514D6 C1E0 0A SHL EAX,0xA + * 004514D9 C1E1 0A SHL ECX,0xA + * 004514DC C1E2 0A SHL EDX,0xA + * 004514DF 895D BC MOV DWORD PTR SS:[EBP-0x44],EBX + * 004514E2 C745 EC 01000000 MOV DWORD PTR SS:[EBP-0x14],0x1 + * 004514E9 8955 08 MOV DWORD PTR SS:[EBP+0x8],EDX + * 004514EC 3BC1 CMP EAX,ECX + * 004514EE 76 0F JBE SHORT .004514FF + * 004514F0 2BC1 SUB EAX,ECX + * 004514F2 D1E8 SHR EAX,1 + * 004514F4 2945 08 SUB DWORD PTR SS:[EBP+0x8],EAX + * 004514F7 C1E3 0A SHL EBX,0xA + * 004514FA 895D E0 MOV DWORD PTR SS:[EBP-0x20],EBX + * 004514FD EB 21 JMP SHORT .00451520 + * 004514FF 2BC8 SUB ECX,EAX + * 00451501 33D2 XOR EDX,EDX + * 00451503 8BC1 MOV EAX,ECX + * 00451505 F775 E0 DIV DWORD PTR SS:[EBP-0x20] + * 00451508 8B96 B4000000 MOV EDX,DWORD PTR DS:[ESI+0xB4] + * 0045150E C1E3 09 SHL EBX,0x9 + * 00451511 0145 08 ADD DWORD PTR SS:[EBP+0x8],EAX + * 00451514 03D8 ADD EBX,EAX + * 00451516 8D045A LEA EAX,DWORD PTR DS:[EDX+EBX*2] + * 00451519 8945 E0 MOV DWORD PTR SS:[EBP-0x20],EAX + * 0045151C 8D6424 00 LEA ESP,DWORD PTR SS:[ESP] + * 00451520 0FB60F MOVZX ECX,BYTE PTR DS:[EDI] + * 00451523 51 PUSH ECX + * 00451524 E8 F756FBFF CALL .00406C20 + * 00451529 85C0 TEST EAX,EAX + * 0045152B 74 4E JE SHORT .0045157B + * 0045152D 66:0FBE57 01 MOVSX DX,BYTE PTR DS:[EDI+0x1] + * 00451532 66:0FBE0F MOVSX CX,BYTE PTR DS:[EDI] + * 00451536 8B5D 08 MOV EBX,DWORD PTR SS:[EBP+0x8] + * 00451539 B8 FF000000 MOV EAX,0xFF + * 0045153E 66:23D0 AND DX,AX + * 00451541 8B45 D4 MOV EAX,DWORD PTR SS:[EBP-0x2C] + * 00451544 66:C1E1 08 SHL CX,0x8 + * 00451548 66:0BD1 OR DX,CX + * 0045154B 66:8955 AA MOV WORD PTR SS:[EBP-0x56],DX + * 0045154F 8BD3 MOV EDX,EBX + * 00451551 C1EA 0A SHR EDX,0xA + * 00451554 8D4D DC LEA ECX,DWORD PTR SS:[EBP-0x24] + * 00451557 51 PUSH ECX + * 00451558 8955 B4 MOV DWORD PTR SS:[EBP-0x4C],EDX + * 0045155B 8D55 A8 LEA EDX,DWORD PTR SS:[EBP-0x58] + * 0045155E 8945 B8 MOV DWORD PTR SS:[EBP-0x48],EAX + * 00451561 8B45 E4 MOV EAX,DWORD PTR SS:[EBP-0x1C] + * 00451564 52 PUSH EDX + * 00451565 50 PUSH EAX + * 00451566 8BCE MOV ECX,ESI + * 00451568 83C7 02 ADD EDI,0x2 + * 0045156B E8 40ECFFFF CALL .004501B0 + * 00451570 035D E0 ADD EBX,DWORD PTR SS:[EBP-0x20] + * 00451573 8945 F8 MOV DWORD PTR SS:[EBP-0x8],EAX + * 00451576 895D 08 MOV DWORD PTR SS:[EBP+0x8],EBX + * 00451579 EB 0D JMP SHORT .00451588 + * 0045157B 803F 7D CMP BYTE PTR DS:[EDI],0x7D + * 0045157E 75 07 JNZ SHORT .00451587 + * 00451580 C745 EC 00000000 MOV DWORD PTR SS:[EBP-0x14],0x0 + * 00451587 47 INC EDI + * 00451588 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-0x10] + * 0045158B 8B55 E8 MOV EDX,DWORD PTR SS:[EBP-0x18] + * 0045158E 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-0x28] + * 00451591 51 PUSH ECX + * 00451592 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+0xC] + * 00451595 52 PUSH EDX + * 00451596 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-0x8] + * 00451599 50 PUSH EAX + * 0045159A 51 PUSH ECX + * 0045159B 52 PUSH EDX + * 0045159C 8BCE MOV ECX,ESI + * 0045159E E8 2DF7FFFF CALL .00450CD0 + * 004515A3 837D EC 00 CMP DWORD PTR SS:[EBP-0x14],0x0 + * 004515A7 8945 D8 MOV DWORD PTR SS:[EBP-0x28],EAX + * 004515AA ^0F85 70FFFFFF JNZ .00451520 + * 004515B0 8B45 D0 MOV EAX,DWORD PTR SS:[EBP-0x30] + * 004515B3 8945 BC MOV DWORD PTR SS:[EBP-0x44],EAX + * 004515B6 E9 BC000000 JMP .00451677 + * 004515BB BB 01000000 MOV EBX,0x1 + * 004515C0 0FB60F MOVZX ECX,BYTE PTR DS:[EDI] + * 004515C3 51 PUSH ECX + * 004515C4 E8 5756FBFF CALL .00406C20 + * 004515C9 85C0 TEST EAX,EAX + * 004515CB 74 05 JE SHORT .004515D2 + * 004515CD 83C7 02 ADD EDI,0x2 + * 004515D0 EB 08 JMP SHORT .004515DA + * 004515D2 803F 7D CMP BYTE PTR DS:[EDI],0x7D + * 004515D5 75 02 JNZ SHORT .004515D9 + * 004515D7 33DB XOR EBX,EBX + * 004515D9 47 INC EDI + * 004515DA 85DB TEST EBX,EBX + * 004515DC ^75 E2 JNZ SHORT .004515C0 + * 004515DE E9 94000000 JMP .00451677 + * 004515E3 0FBE47 01 MOVSX EAX,BYTE PTR DS:[EDI+0x1] + * 004515E7 83C0 9D ADD EAX,-0x63 + * 004515EA 83F8 14 CMP EAX,0x14 + * 004515ED 0F87 84000000 JA .00451677 + * 004515F3 0FB690 B4164500 MOVZX EDX,BYTE PTR DS:[EAX+0x4516B4] + * 004515FA FF2495 A0164500 JMP DWORD PTR DS:[EDX*4+0x4516A0] + * 00451601 8B46 0C MOV EAX,DWORD PTR DS:[ESI+0xC] + * 00451604 8B4E 24 MOV ECX,DWORD PTR DS:[ESI+0x24] + * 00451607 034E 1C ADD ECX,DWORD PTR DS:[ESI+0x1C] + * 0045160A 8986 98000000 MOV DWORD PTR DS:[ESI+0x98],EAX + * 00451610 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-0xC] + * 00451613 018E 9C000000 ADD DWORD PTR DS:[ESI+0x9C],ECX + * 00451619 8B8E 9C000000 MOV ECX,DWORD PTR DS:[ESI+0x9C] + * 0045161F 40 INC EAX + * 00451620 83BC86 B8000000 >CMP DWORD PTR DS:[ESI+EAX*4+0xB8],0x0 + * 00451628 8945 F4 MOV DWORD PTR SS:[EBP-0xC],EAX + * 0045162B 77 09 JA SHORT .00451636 + * 0045162D 83BE AC000000 00 CMP DWORD PTR DS:[ESI+0xAC],0x0 + * 00451634 74 3E JE SHORT .00451674 + * 00451636 8B96 B0000000 MOV EDX,DWORD PTR DS:[ESI+0xB0] + * 0045163C 03D1 ADD EDX,ECX + * 0045163E 8996 9C000000 MOV DWORD PTR DS:[ESI+0x9C],EDX + * 00451644 EB 2E JMP SHORT .00451674 + * 00451646 8BCE MOV ECX,ESI + * 00451648 E8 53F0FFFF CALL .004506A0 + * 0045164D EB 25 JMP SHORT .00451674 + * 0045164F 8A47 02 MOV AL,BYTE PTR DS:[EDI+0x2] + * 00451652 3C 63 CMP AL,0x63 + * 00451654 74 0C JE SHORT .00451662 + * 00451656 3C 73 CMP AL,0x73 + * 00451658 75 12 JNZ SHORT .0045166C + * 0045165A 894D E8 MOV DWORD PTR SS:[EBP-0x18],ECX + * 0045165D 83C7 03 ADD EDI,0x3 + * 00451660 EB 15 JMP SHORT .00451677 + * 00451662 C745 E8 01000000 MOV DWORD PTR SS:[EBP-0x18],0x1 + * 00451669 894D FC MOV DWORD PTR SS:[EBP-0x4],ECX + * 0045166C 83C7 03 ADD EDI,0x3 + * 0045166F EB 06 JMP SHORT .00451677 + * 00451671 894D FC MOV DWORD PTR SS:[EBP-0x4],ECX + * 00451674 83C7 02 ADD EDI,0x2 + * 00451677 803F 00 CMP BYTE PTR DS:[EDI],0x0 + * 0045167A ^0F85 A8FBFFFF JNZ .00451228 + * 00451680 8B45 E4 MOV EAX,DWORD PTR SS:[EBP-0x1C] + * 00451683 8B8E 58010000 MOV ECX,DWORD PTR DS:[ESI+0x158] + * 00451689 50 PUSH EAX + * 0045168A 51 PUSH ECX + * 0045168B FF15 C4735400 CALL DWORD PTR DS:[0x5473C4] ; user32.ReleaseDC + * 00451691 5F POP EDI + * 00451692 5E POP ESI + * 00451693 B8 01000000 MOV EAX,0x1 + * 00451698 5B POP EBX + * 00451699 8BE5 MOV ESP,EBP + * 0045169B 5D POP EBP + * 0045169C C2 0800 RETN 0x8 + * 0045169F 90 NOP + * 004516A0 46 INC ESI + * 004516A1 16 PUSH SS + * 004516A2 45 INC EBP + * 004516A3 0001 ADD BYTE PTR DS:[ECX],AL + * 004516A5 16 PUSH SS + * 004516A6 45 INC EBP + * 004516A7 0071 16 ADD BYTE PTR DS:[ECX+0x16],DH + * 004516AA 45 INC EBP + * 004516AB 004F 16 ADD BYTE PTR DS:[EDI+0x16],CL + * 004516AE 45 INC EBP + * 004516AF 0077 16 ADD BYTE PTR DS:[EDI+0x16],DH + * 004516B2 45 INC EBP + * 004516B3 0000 ADD BYTE PTR DS:[EAX],AL + * 004516B5 04 04 ADD AL,0x4 + * 004516B7 04 04 ADD AL,0x4 + * 004516B9 04 04 ADD AL,0x4 + * 004516BB 04 04 ADD AL,0x4 + * 004516BD 04 04 ADD AL,0x4 + * 004516BF 010404 ADD DWORD PTR SS:[ESP+EAX],EAX + * 004516C2 04 04 ADD AL,0x4 + * 004516C4 04 02 ADD AL,0x2 + * 004516C6 04 04 ADD AL,0x4 + * 004516C8 03CC ADD ECX,ESP + * 004516CA CC INT3 + * 004516CB CC INT3 + * 004516CC CC INT3 + * 004516CD CC INT3 + * 004516CE CC INT3 + * + * EAX 080E2FFA + * ECX 015A74A0 + * EDX 0012FDB4 + * EBX 015A78D8 + * ESP 0012FD98 + * EBP 0012FDCC + * ESI 014F05E8 + * EDI 01504BD0 + * EIP 00451120 .00451120 + * + * 0012FD98 00452439 RETURN to .00452439 from .00451120 + * 0012FD9C 080E2FFA ; jichi: text here + * 0012FDA0 0012FDB4 + * 0012FDA4 00002004 + * 0012FDA8 014F05E8 + * 0012FDAC 00000000 + * 0012FDB0 00000000 + * 0012FDB4 00000002 + * 0012FDB8 00000001 + * 0012FDBC 00000001 + * 0012FDC0 00000001 + * 0012FDC4 00000000 + * + * Sample game: 未来ノスタルジア (CMVS1) + * 004425DC CC INT3 + * 004425DD CC INT3 + * 004425DE CC INT3 + * 004425DF CC INT3 + * 004425E0 83EC 58 SUB ESP,0x58 + * 004425E3 53 PUSH EBX + * 004425E4 55 PUSH EBP + * 004425E5 56 PUSH ESI + * 004425E6 8BF1 MOV ESI,ECX + * 004425E8 8B86 58010000 MOV EAX,DWORD PTR DS:[ESI+0x158] + * 004425EE 57 PUSH EDI + * 004425EF 8B7C24 6C MOV EDI,DWORD PTR SS:[ESP+0x6C] + * 004425F3 33ED XOR EBP,EBP + * 004425F5 50 PUSH EAX + * 004425F6 896C24 70 MOV DWORD PTR SS:[ESP+0x70],EBP + * 004425FA 896C24 18 MOV DWORD PTR SS:[ESP+0x18],EBP + * 004425FE Hook 896C24 24 MOV DWORD PTR SS:[ESP+0x24],EBP + * 00442602 FF15 D8335200 CALL DWORD PTR DS:[0x5233D8] ; user32.GetDC + * 00442608 68 80000000 PUSH 0x80 + * 0044260D 8D9E B8000000 LEA EBX,DWORD PTR DS:[ESI+0xB8] + * 00442613 55 PUSH EBP + * 00442614 53 PUSH EBX + * 00442615 894424 30 MOV DWORD PTR SS:[ESP+0x30],EAX + * 00442619 E8 82340C00 CALL .00505AA0 + * 0044261E 83C4 0C ADD ESP,0xC + * 00442621 39AE A4000000 CMP DWORD PTR DS:[ESI+0xA4],EBP + * 00442627 74 23 JE SHORT .0044264C + * 00442629 55 PUSH EBP + * 0044262A 55 PUSH EBP + * 0044262B 53 PUSH EBX + * 0044262C 57 PUSH EDI + * 0044262D 8BCE MOV ECX,ESI + * 0044262F E8 FCF7FFFF CALL .00441E30 + * 00442634 392B CMP DWORD PTR DS:[EBX],EBP + * 00442636 77 08 JA SHORT .00442640 + * 00442638 39AE AC000000 CMP DWORD PTR DS:[ESI+0xAC],EBP + * 0044263E 74 0C JE SHORT .0044264C + * 00442640 8B8E B0000000 MOV ECX,DWORD PTR DS:[ESI+0xB0] + * 00442646 018E 9C000000 ADD DWORD PTR DS:[ESI+0x9C],ECX + * 0044264C 8B46 7C MOV EAX,DWORD PTR DS:[ESI+0x7C] + * 0044264F 8B4E 70 MOV ECX,DWORD PTR DS:[ESI+0x70] + * 00442652 894424 64 MOV DWORD PTR SS:[ESP+0x64],EAX + * 00442656 8B46 1C MOV EAX,DWORD PTR DS:[ESI+0x1C] + * 00442659 BA 28000000 MOV EDX,0x28 + * 0044265E 894424 54 MOV DWORD PTR SS:[ESP+0x54],EAX + * 00442662 8B86 80000000 MOV EAX,DWORD PTR DS:[ESI+0x80] + * 00442668 83E8 01 SUB EAX,0x1 + * 0044266B 66:895424 40 MOV WORD PTR SS:[ESP+0x40],DX + * 00442670 8B56 74 MOV EDX,DWORD PTR DS:[ESI+0x74] + * 00442673 894C24 58 MOV DWORD PTR SS:[ESP+0x58],ECX + * 00442677 895424 5C MOV DWORD PTR SS:[ESP+0x5C],EDX + * 0044267B 896C24 48 MOV DWORD PTR SS:[ESP+0x48],EBP + * 0044267F 74 1E JE SHORT .0044269F + * 00442681 83E8 01 SUB EAX,0x1 + * 00442684 74 0F JE SHORT .00442695 + * 00442686 83E8 01 SUB EAX,0x1 + * 00442689 75 1C JNZ SHORT .004426A7 + * 0044268B C74424 48 030000>MOV DWORD PTR SS:[ESP+0x48],0x3 + * 00442693 EB 12 JMP SHORT .004426A7 + * 00442695 C74424 48 020000>MOV DWORD PTR SS:[ESP+0x48],0x2 + * 0044269D EB 08 JMP SHORT .004426A7 + * 0044269F C74424 48 010000>MOV DWORD PTR SS:[ESP+0x48],0x1 + * 004426A7 8B6C24 70 MOV EBP,DWORD PTR SS:[ESP+0x70] + * 004426AB 33DB XOR EBX,EBX + * 004426AD 3BEB CMP EBP,EBX + * 004426AF 74 25 JE SHORT .004426D6 + * 004426B1 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+0xC] + * 004426B4 894C24 60 MOV DWORD PTR SS:[ESP+0x60],ECX + * 004426B8 395D 10 CMP DWORD PTR SS:[EBP+0x10],EBX + * 004426BB 74 06 JE SHORT .004426C3 + * 004426BD 895C24 18 MOV DWORD PTR SS:[ESP+0x18],EBX + * 004426C1 EB 30 JMP SHORT .004426F3 + * 004426C3 8B96 8C000000 MOV EDX,DWORD PTR DS:[ESI+0x8C] + * 004426C9 0FAF55 00 IMUL EDX,DWORD PTR SS:[EBP] + * 004426CD B8 CDCCCCCC MOV EAX,0xCCCCCCCD + * 004426D2 F7E2 MUL EDX + * 004426D4 EB 16 JMP SHORT .004426EC + * 004426D6 8B46 78 MOV EAX,DWORD PTR DS:[ESI+0x78] + * 004426D9 8B8E 8C000000 MOV ECX,DWORD PTR DS:[ESI+0x8C] + * 004426DF 894424 60 MOV DWORD PTR SS:[ESP+0x60],EAX + * 004426E3 03C9 ADD ECX,ECX + * 004426E5 B8 CDCCCCCC MOV EAX,0xCCCCCCCD + * 004426EA F7E1 MUL ECX + * 004426EC C1EA 03 SHR EDX,0x3 + * 004426EF 895424 18 MOV DWORD PTR SS:[ESP+0x18],EDX + * 004426F3 381F CMP BYTE PTR DS:[EDI],BL + * 004426F5 0F84 79040000 JE .00442B74 + * 004426FB EB 05 JMP SHORT .00442702 + * 004426FD 8D49 00 LEA ECX,DWORD PTR DS:[ECX] + * 00442700 33DB XOR EBX,EBX + * 00442702 0FB607 MOVZX EAX,BYTE PTR DS:[EDI] + * 00442705 3C 5C CMP AL,0x5C + * 00442707 0F84 C6030000 JE .00442AD3 + * 0044270D 3C 7B CMP AL,0x7B + * 0044270F 0F84 70010000 JE .00442885 + * 00442715 50 PUSH EAX + * 00442716 E8 A50EFCFF CALL .004035C0 + * 0044271B 85C0 TEST EAX,EAX + * 0044271D 0F84 A8000000 JE .004427CB + * 00442723 66:0FBE47 01 MOVSX AX,BYTE PTR DS:[EDI+0x1] + * 00442728 66:0FBE0F MOVSX CX,BYTE PTR DS:[EDI] + * 0044272C BA FF000000 MOV EDX,0xFF + * 00442731 66:23C2 AND AX,DX + * 00442734 66:C1E1 08 SHL CX,0x8 + * 00442738 66:0BC1 OR AX,CX + * 0044273B BA 4A810000 MOV EDX,0x814A + * 00442740 83C7 02 ADD EDI,0x2 + * 00442743 66:894424 42 MOV WORD PTR SS:[ESP+0x42],AX + * 00442748 66:3BC2 CMP AX,DX + * 0044274B 75 05 JNZ SHORT .00442752 + * 0044274D BB 01000000 MOV EBX,0x1 + * 00442752 8B4C24 42 MOV ECX,DWORD PTR SS:[ESP+0x42] + * 00442756 8D4424 14 LEA EAX,DWORD PTR SS:[ESP+0x14] + * 0044275A 50 PUSH EAX + * 0044275B 51 PUSH ECX + * 0044275C 6A 00 PUSH 0x0 + * 0044275E 8BCE MOV ECX,ESI + * 00442760 E8 1BF9FFFF CALL .00442080 + * 00442765 8B96 98000000 MOV EDX,DWORD PTR DS:[ESI+0x98] + * 0044276B 8B86 9C000000 MOV EAX,DWORD PTR DS:[ESI+0x9C] + * 00442771 895424 4C MOV DWORD PTR SS:[ESP+0x4C],EDX + * 00442775 894424 50 MOV DWORD PTR SS:[ESP+0x50],EAX + * 00442779 85DB TEST EBX,EBX + * 0044277B 74 0F JE SHORT .0044278C + * 0044277D B8 CDCCCCCC MOV EAX,0xCCCCCCCD + * 00442782 F766 1C MUL DWORD PTR DS:[ESI+0x1C] + * 00442785 C1EA 02 SHR EDX,0x2 + * 00442788 295424 4C SUB DWORD PTR SS:[ESP+0x4C],EDX + * 0044278C 8B4424 24 MOV EAX,DWORD PTR SS:[ESP+0x24] + * 00442790 8D4C24 28 LEA ECX,DWORD PTR SS:[ESP+0x28] + * 00442794 51 PUSH ECX + * 00442795 8D5424 44 LEA EDX,DWORD PTR SS:[ESP+0x44] + * 00442799 52 PUSH EDX + * 0044279A 50 PUSH EAX + * 0044279B 8BCE MOV ECX,ESI + * 0044279D E8 0EEFFFFF CALL .004416B0 + * 004427A2 894424 10 MOV DWORD PTR SS:[ESP+0x10],EAX + * 004427A6 85DB TEST EBX,EBX + * 004427A8 75 0B JNZ SHORT .004427B5 + * 004427AA 8B4E 20 MOV ECX,DWORD PTR DS:[ESI+0x20] + * 004427AD 034E 1C ADD ECX,DWORD PTR DS:[ESI+0x1C] + * 004427B0 E9 A5000000 JMP .0044285A + * 004427B5 8B4E 1C MOV ECX,DWORD PTR DS:[ESI+0x1C] + * 004427B8 B8 CDCCCCCC MOV EAX,0xCCCCCCCD + * 004427BD F7E1 MUL ECX + * 004427BF C1EA 02 SHR EDX,0x2 + * 004427C2 D1E9 SHR ECX,1 + * 004427C4 2BCA SUB ECX,EDX + * 004427C6 E9 8C000000 JMP .00442857 + * 004427CB Hook 66:0FBE17 MOVSX DX,BYTE PTR DS:[EDI] + * 004427CF 8B46 1C MOV EAX,DWORD PTR DS:[ESI+0x1C] + * 004427D2 8B4E 0C MOV ECX,DWORD PTR DS:[ESI+0xC] + * 004427D5 66:895424 42 MOV WORD PTR SS:[ESP+0x42],DX + * 004427DA 8B56 14 MOV EDX,DWORD PTR DS:[ESI+0x14] + * 004427DD 2BD0 SUB EDX,EAX + * 004427DF 2B56 20 SUB EDX,DWORD PTR DS:[ESI+0x20] + * 004427E2 47 INC EDI + * 004427E3 03D1 ADD EDX,ECX + * 004427E5 3996 98000000 CMP DWORD PTR DS:[ESI+0x98],EDX + * 004427EB 72 37 JB SHORT .00442824 + * 004427ED 8B5424 14 MOV EDX,DWORD PTR SS:[ESP+0x14] + * 004427F1 42 INC EDX + * 004427F2 895424 14 MOV DWORD PTR SS:[ESP+0x14],EDX + * 004427F6 399C96 B8000000 CMP DWORD PTR DS:[ESI+EDX*4+0xB8],EBX + * 004427FD 77 08 JA SHORT .00442807 + * 004427FF 399E AC000000 CMP DWORD PTR DS:[ESI+0xAC],EBX + * 00442805 74 0C JE SHORT .00442813 + * 00442807 8B96 B0000000 MOV EDX,DWORD PTR DS:[ESI+0xB0] + * 0044280D 0196 9C000000 ADD DWORD PTR DS:[ESI+0x9C],EDX + * 00442813 898E 98000000 MOV DWORD PTR DS:[ESI+0x98],ECX + * 00442819 8B4E 24 MOV ECX,DWORD PTR DS:[ESI+0x24] + * 0044281C 03C8 ADD ECX,EAX + * 0044281E 018E 9C000000 ADD DWORD PTR DS:[ESI+0x9C],ECX + * 00442824 8B96 98000000 MOV EDX,DWORD PTR DS:[ESI+0x98] + * 0044282A 8B86 9C000000 MOV EAX,DWORD PTR DS:[ESI+0x9C] + * 00442830 8D4C24 28 LEA ECX,DWORD PTR SS:[ESP+0x28] + * 00442834 51 PUSH ECX + * 00442835 895424 50 MOV DWORD PTR SS:[ESP+0x50],EDX + * 00442839 8D5424 44 LEA EDX,DWORD PTR SS:[ESP+0x44] + * 0044283D 894424 54 MOV DWORD PTR SS:[ESP+0x54],EAX + * 00442841 8B4424 28 MOV EAX,DWORD PTR SS:[ESP+0x28] + * 00442845 52 PUSH EDX + * 00442846 50 PUSH EAX + * 00442847 8BCE MOV ECX,ESI + * 00442849 E8 62EEFFFF CALL .004416B0 + * 0044284E 8B4E 1C MOV ECX,DWORD PTR DS:[ESI+0x1C] + * 00442851 894424 10 MOV DWORD PTR SS:[ESP+0x10],EAX + * 00442855 D1E9 SHR ECX,1 + * 00442857 034E 20 ADD ECX,DWORD PTR DS:[ESI+0x20] + * 0044285A 8B5424 18 MOV EDX,DWORD PTR SS:[ESP+0x18] + * 0044285E 018E 98000000 ADD DWORD PTR DS:[ESI+0x98],ECX + * 00442864 8B4424 20 MOV EAX,DWORD PTR SS:[ESP+0x20] + * 00442868 8B4C24 6C MOV ECX,DWORD PTR SS:[ESP+0x6C] + * 0044286C 52 PUSH EDX + * 0044286D 8B5424 14 MOV EDX,DWORD PTR SS:[ESP+0x14] + * 00442871 50 PUSH EAX + * 00442872 51 PUSH ECX + * 00442873 55 PUSH EBP + * 00442874 52 PUSH EDX + * 00442875 8BCE MOV ECX,ESI + * 00442877 E8 F4F8FFFF CALL .00442170 + * 0044287C 894424 6C MOV DWORD PTR SS:[ESP+0x6C],EAX + * 00442880 E9 E6020000 JMP .00442B6B + * 00442885 8D4424 14 LEA EAX,DWORD PTR SS:[ESP+0x14] + * 00442889 50 PUSH EAX + * 0044288A 53 PUSH EBX + * 0044288B 53 PUSH EBX + * 0044288C 8BCE MOV ECX,ESI + * 0044288E E8 EDF7FFFF CALL .00442080 + * 00442893 8B86 9C000000 MOV EAX,DWORD PTR DS:[ESI+0x9C] + * 00442899 2B86 B0000000 SUB EAX,DWORD PTR DS:[ESI+0xB0] + * 0044289F 8B8E 98000000 MOV ECX,DWORD PTR DS:[ESI+0x98] + * 004428A5 8B5424 6C MOV EDX,DWORD PTR SS:[ESP+0x6C] + * 004428A9 894424 38 MOV DWORD PTR SS:[ESP+0x38],EAX + * 004428AD 8B4424 54 MOV EAX,DWORD PTR SS:[ESP+0x54] + * 004428B1 894C24 30 MOV DWORD PTR SS:[ESP+0x30],ECX + * 004428B5 895424 2C MOV DWORD PTR SS:[ESP+0x2C],EDX + * 004428B9 BB 01000000 MOV EBX,0x1 + * 004428BE 47 INC EDI + * 004428BF 894424 3C MOV DWORD PTR SS:[ESP+0x3C],EAX + * 004428C3 0FB60F MOVZX ECX,BYTE PTR DS:[EDI] + * 004428C6 51 PUSH ECX + * 004428C7 E8 F40CFCFF CALL .004035C0 + * 004428CC 85C0 TEST EAX,EAX + * 004428CE 74 5C JE SHORT .0044292C + * 004428D0 66:0FBE57 01 MOVSX DX,BYTE PTR DS:[EDI+0x1] + * 004428D5 66:0FBE0F MOVSX CX,BYTE PTR DS:[EDI] + * 004428D9 B8 FF000000 MOV EAX,0xFF + * 004428DE 66:23D0 AND DX,AX + * 004428E1 8B86 9C000000 MOV EAX,DWORD PTR DS:[ESI+0x9C] + * 004428E7 66:C1E1 08 SHL CX,0x8 + * 004428EB 66:0BD1 OR DX,CX + * 004428EE 66:895424 42 MOV WORD PTR SS:[ESP+0x42],DX + * 004428F3 8B96 98000000 MOV EDX,DWORD PTR DS:[ESI+0x98] + * 004428F9 8D4C24 28 LEA ECX,DWORD PTR SS:[ESP+0x28] + * 004428FD 51 PUSH ECX + * 004428FE 895424 50 MOV DWORD PTR SS:[ESP+0x50],EDX + * 00442902 8D5424 44 LEA EDX,DWORD PTR SS:[ESP+0x44] + * 00442906 894424 54 MOV DWORD PTR SS:[ESP+0x54],EAX + * 0044290A 8B4424 28 MOV EAX,DWORD PTR SS:[ESP+0x28] + * 0044290E 52 PUSH EDX + * 0044290F 50 PUSH EAX + * 00442910 8BCE MOV ECX,ESI + * 00442912 83C7 02 ADD EDI,0x2 + * 00442915 E8 96EDFFFF CALL .004416B0 + * 0044291A 8B4E 20 MOV ECX,DWORD PTR DS:[ESI+0x20] + * 0044291D 034E 1C ADD ECX,DWORD PTR DS:[ESI+0x1C] + * 00442920 894424 10 MOV DWORD PTR SS:[ESP+0x10],EAX + * 00442924 018E 98000000 ADD DWORD PTR DS:[ESI+0x98],ECX + * 0044292A EB 08 JMP SHORT .00442934 + * 0044292C 803F 2F CMP BYTE PTR DS:[EDI],0x2F + * 0044292F 75 02 JNZ SHORT .00442933 + * 00442931 33DB XOR EBX,EBX + * 00442933 47 INC EDI + * 00442934 8B5424 18 MOV EDX,DWORD PTR SS:[ESP+0x18] + * 00442938 8B4424 20 MOV EAX,DWORD PTR SS:[ESP+0x20] + * 0044293C 8B4C24 6C MOV ECX,DWORD PTR SS:[ESP+0x6C] + * 00442940 52 PUSH EDX + * 00442941 8B5424 14 MOV EDX,DWORD PTR SS:[ESP+0x14] + * 00442945 50 PUSH EAX + * 00442946 51 PUSH ECX + * 00442947 55 PUSH EBP + * 00442948 52 PUSH EDX + * 00442949 8BCE MOV ECX,ESI + * 0044294B E8 20F8FFFF CALL .00442170 + * 00442950 894424 6C MOV DWORD PTR SS:[ESP+0x6C],EAX + * 00442954 85DB TEST EBX,EBX + * 00442956 ^0F85 67FFFFFF JNZ .004428C3 + * 0044295C 399E A4000000 CMP DWORD PTR DS:[ESI+0xA4],EBX + * 00442962 0F84 42010000 JE .00442AAA + * 00442968 8BDF MOV EBX,EDI + * 0044296A 33ED XOR EBP,EBP + * 0044296C C74424 1C 010000>MOV DWORD PTR SS:[ESP+0x1C],0x1 + * 00442974 0FB603 MOVZX EAX,BYTE PTR DS:[EBX] + * 00442977 50 PUSH EAX + * 00442978 E8 430CFCFF CALL .004035C0 + * 0044297D 85C0 TEST EAX,EAX + * 0044297F 74 06 JE SHORT .00442987 + * 00442981 45 INC EBP + * 00442982 83C3 02 ADD EBX,0x2 + * 00442985 EB 0E JMP SHORT .00442995 + * 00442987 803B 7D CMP BYTE PTR DS:[EBX],0x7D + * 0044298A 75 08 JNZ SHORT .00442994 + * 0044298C C74424 1C 000000>MOV DWORD PTR SS:[ESP+0x1C],0x0 + * 00442994 43 INC EBX + * 00442995 837C24 1C 00 CMP DWORD PTR SS:[ESP+0x1C],0x0 + * 0044299A ^75 D8 JNZ SHORT .00442974 + * 0044299C 8B9E B0000000 MOV EBX,DWORD PTR DS:[ESI+0xB0] + * 004429A2 8BC3 MOV EAX,EBX + * 004429A4 0FAFC5 IMUL EAX,EBP + * 004429A7 8D4C2D 00 LEA ECX,DWORD PTR SS:[EBP+EBP] + * 004429AB 8B6C24 30 MOV EBP,DWORD PTR SS:[ESP+0x30] + * 004429AF 894C24 34 MOV DWORD PTR SS:[ESP+0x34],ECX + * 004429B3 8B8E 98000000 MOV ECX,DWORD PTR DS:[ESI+0x98] + * 004429B9 2BCD SUB ECX,EBP + * 004429BB C1E0 0A SHL EAX,0xA + * 004429BE C1E1 0A SHL ECX,0xA + * 004429C1 C1E5 0A SHL EBP,0xA + * 004429C4 895C24 54 MOV DWORD PTR SS:[ESP+0x54],EBX + * 004429C8 C74424 1C 010000>MOV DWORD PTR SS:[ESP+0x1C],0x1 + * 004429D0 3BC1 CMP EAX,ECX + * 004429D2 76 0B JBE SHORT .004429DF + * 004429D4 2BC1 SUB EAX,ECX + * 004429D6 D1E8 SHR EAX,1 + * 004429D8 2BE8 SUB EBP,EAX + * 004429DA C1E3 0A SHL EBX,0xA + * 004429DD EB 21 JMP SHORT .00442A00 + * 004429DF 2BC8 SUB ECX,EAX + * 004429E1 33D2 XOR EDX,EDX + * 004429E3 8BC1 MOV EAX,ECX + * 004429E5 F77424 34 DIV DWORD PTR SS:[ESP+0x34] + * 004429E9 8B96 B4000000 MOV EDX,DWORD PTR DS:[ESI+0xB4] + * 004429EF C1E3 09 SHL EBX,0x9 + * 004429F2 03E8 ADD EBP,EAX + * 004429F4 03D8 ADD EBX,EAX + * 004429F6 8D1C5A LEA EBX,DWORD PTR DS:[EDX+EBX*2] + * 004429F9 8DA424 00000000 LEA ESP,DWORD PTR SS:[ESP] + * 00442A00 0FB607 MOVZX EAX,BYTE PTR DS:[EDI] + * 00442A03 50 PUSH EAX + * 00442A04 E8 B70BFCFF CALL .004035C0 + * 00442A09 85C0 TEST EAX,EAX + * 00442A0B 74 4F JE SHORT .00442A5C + * 00442A0D 66:0FBE4F 01 MOVSX CX,BYTE PTR DS:[EDI+0x1] + * 00442A12 66:0FBE07 MOVSX AX,BYTE PTR DS:[EDI] + * 00442A16 BA FF000000 MOV EDX,0xFF + * 00442A1B 66:23CA AND CX,DX + * 00442A1E 8B5424 38 MOV EDX,DWORD PTR SS:[ESP+0x38] + * 00442A22 66:C1E0 08 SHL AX,0x8 + * 00442A26 66:0BC8 OR CX,AX + * 00442A29 66:894C24 42 MOV WORD PTR SS:[ESP+0x42],CX + * 00442A2E 8BCD MOV ECX,EBP + * 00442A30 C1E9 0A SHR ECX,0xA + * 00442A33 894C24 4C MOV DWORD PTR SS:[ESP+0x4C],ECX + * 00442A37 8D4424 28 LEA EAX,DWORD PTR SS:[ESP+0x28] + * 00442A3B 50 PUSH EAX + * 00442A3C 8D4C24 44 LEA ECX,DWORD PTR SS:[ESP+0x44] + * 00442A40 895424 54 MOV DWORD PTR SS:[ESP+0x54],EDX + * 00442A44 8B5424 28 MOV EDX,DWORD PTR SS:[ESP+0x28] + * 00442A48 51 PUSH ECX + * 00442A49 52 PUSH EDX + * 00442A4A 8BCE MOV ECX,ESI + * 00442A4C 83C7 02 ADD EDI,0x2 + * 00442A4F E8 5CECFFFF CALL .004416B0 + * 00442A54 894424 10 MOV DWORD PTR SS:[ESP+0x10],EAX + * 00442A58 03EB ADD EBP,EBX + * 00442A5A EB 0E JMP SHORT .00442A6A + * 00442A5C 803F 7D CMP BYTE PTR DS:[EDI],0x7D + * 00442A5F 75 08 JNZ SHORT .00442A69 + * 00442A61 C74424 1C 000000>MOV DWORD PTR SS:[ESP+0x1C],0x0 + * 00442A69 47 INC EDI + * 00442A6A 8B4424 18 MOV EAX,DWORD PTR SS:[ESP+0x18] + * 00442A6E 8B4C24 20 MOV ECX,DWORD PTR SS:[ESP+0x20] + * 00442A72 8B5424 2C MOV EDX,DWORD PTR SS:[ESP+0x2C] + * 00442A76 50 PUSH EAX + * 00442A77 8B4424 74 MOV EAX,DWORD PTR SS:[ESP+0x74] + * 00442A7B 51 PUSH ECX + * 00442A7C 8B4C24 18 MOV ECX,DWORD PTR SS:[ESP+0x18] + * 00442A80 52 PUSH EDX + * 00442A81 50 PUSH EAX + * 00442A82 51 PUSH ECX + * 00442A83 8BCE MOV ECX,ESI + * 00442A85 E8 E6F6FFFF CALL .00442170 + * 00442A8A 837C24 1C 00 CMP DWORD PTR SS:[ESP+0x1C],0x0 + * 00442A8F 894424 2C MOV DWORD PTR SS:[ESP+0x2C],EAX + * 00442A93 ^0F85 67FFFFFF JNZ .00442A00 + * 00442A99 8B5424 3C MOV EDX,DWORD PTR SS:[ESP+0x3C] + * 00442A9D 8B6C24 70 MOV EBP,DWORD PTR SS:[ESP+0x70] + * 00442AA1 895424 54 MOV DWORD PTR SS:[ESP+0x54],EDX + * 00442AA5 E9 C1000000 JMP .00442B6B + * 00442AAA BB 01000000 MOV EBX,0x1 + * 00442AAF 90 NOP + * 00442AB0 0FB607 MOVZX EAX,BYTE PTR DS:[EDI] + * 00442AB3 50 PUSH EAX + * 00442AB4 E8 070BFCFF CALL .004035C0 + * 00442AB9 85C0 TEST EAX,EAX + * 00442ABB 74 05 JE SHORT .00442AC2 + * 00442ABD 83C7 02 ADD EDI,0x2 + * 00442AC0 EB 08 JMP SHORT .00442ACA + * 00442AC2 803F 7D CMP BYTE PTR DS:[EDI],0x7D + * 00442AC5 75 02 JNZ SHORT .00442AC9 + * 00442AC7 33DB XOR EBX,EBX + * 00442AC9 47 INC EDI + * 00442ACA 85DB TEST EBX,EBX + * 00442ACC ^75 E2 JNZ SHORT .00442AB0 + * 00442ACE E9 98000000 JMP .00442B6B + * 00442AD3 0FBE47 01 MOVSX EAX,BYTE PTR DS:[EDI+0x1] + * 00442AD7 83C0 9D ADD EAX,-0x63 + * 00442ADA 83F8 14 CMP EAX,0x14 + * 00442ADD 0F87 88000000 JA .00442B6B + * 00442AE3 0FB688 AC2B4400 MOVZX ECX,BYTE PTR DS:[EAX+0x442BAC] + * 00442AEA FF248D 982B4400 JMP DWORD PTR DS:[ECX*4+0x442B98] + * 00442AF1 8B46 24 MOV EAX,DWORD PTR DS:[ESI+0x24] + * 00442AF4 0346 1C ADD EAX,DWORD PTR DS:[ESI+0x1C] + * 00442AF7 8B4C24 14 MOV ECX,DWORD PTR SS:[ESP+0x14] + * 00442AFB 8B56 0C MOV EDX,DWORD PTR DS:[ESI+0xC] + * 00442AFE 0186 9C000000 ADD DWORD PTR DS:[ESI+0x9C],EAX + * 00442B04 8B86 9C000000 MOV EAX,DWORD PTR DS:[ESI+0x9C] + * 00442B0A 41 INC ECX + * 00442B0B 8996 98000000 MOV DWORD PTR DS:[ESI+0x98],EDX + * 00442B11 894C24 14 MOV DWORD PTR SS:[ESP+0x14],ECX + * 00442B15 399C8E B8000000 CMP DWORD PTR DS:[ESI+ECX*4+0xB8],EBX + * 00442B1C 77 08 JA SHORT .00442B26 + * 00442B1E 399E AC000000 CMP DWORD PTR DS:[ESI+0xAC],EBX + * 00442B24 74 42 JE SHORT .00442B68 + * 00442B26 8B8E B0000000 MOV ECX,DWORD PTR DS:[ESI+0xB0] + * 00442B2C 03C8 ADD ECX,EAX + * 00442B2E 898E 9C000000 MOV DWORD PTR DS:[ESI+0x9C],ECX + * 00442B34 EB 32 JMP SHORT .00442B68 + * 00442B36 8BCE MOV ECX,ESI + * 00442B38 E8 03F0FFFF CALL .00441B40 + * 00442B3D EB 29 JMP SHORT .00442B68 + * 00442B3F 8A47 02 MOV AL,BYTE PTR DS:[EDI+0x2] + * 00442B42 3C 63 CMP AL,0x63 + * 00442B44 74 0D JE SHORT .00442B53 + * 00442B46 3C 73 CMP AL,0x73 + * 00442B48 75 15 JNZ SHORT .00442B5F + * 00442B4A 895C24 20 MOV DWORD PTR SS:[ESP+0x20],EBX + * 00442B4E 83C7 03 ADD EDI,0x3 + * 00442B51 EB 18 JMP SHORT .00442B6B + * 00442B53 C74424 20 010000>MOV DWORD PTR SS:[ESP+0x20],0x1 + * 00442B5B 895C24 6C MOV DWORD PTR SS:[ESP+0x6C],EBX + * 00442B5F 83C7 03 ADD EDI,0x3 + * 00442B62 EB 07 JMP SHORT .00442B6B + * 00442B64 895C24 6C MOV DWORD PTR SS:[ESP+0x6C],EBX + * 00442B68 83C7 02 ADD EDI,0x2 + * 00442B6B 803F 00 CMP BYTE PTR DS:[EDI],0x0 + * 00442B6E ^0F85 8CFBFFFF JNZ .00442700 + * 00442B74 8B5424 24 MOV EDX,DWORD PTR SS:[ESP+0x24] + * 00442B78 8B86 58010000 MOV EAX,DWORD PTR DS:[ESI+0x158] + * 00442B7E 52 PUSH EDX + * 00442B7F 50 PUSH EAX + * 00442B80 FF15 DC335200 CALL DWORD PTR DS:[0x5233DC] ; user32.ReleaseDC + * 00442B86 5F POP EDI + * 00442B87 5E POP ESI + * 00442B88 5D POP EBP + * 00442B89 B8 01000000 MOV EAX,0x1 + * 00442B8E 5B POP EBX + * 00442B8F 83C4 58 ADD ESP,0x58 + * 00442B92 C2 0800 RETN 0x8 + * 00442B95 8D49 00 LEA ECX,DWORD PTR DS:[ECX] + * 00442B98 36:2B4400 F1 SUB EAX,DWORD PTR SS:[EAX+EAX-0xF] + * 00442B9D 2A4400 64 SUB AL,BYTE PTR DS:[EAX+EAX+0x64] + * 00442BA1 2B4400 3F SUB EAX,DWORD PTR DS:[EAX+EAX+0x3F] + * 00442BA5 2B4400 6B SUB EAX,DWORD PTR DS:[EAX+EAX+0x6B] + * 00442BA9 2B4400 00 SUB EAX,DWORD PTR DS:[EAX+EAX] + * 00442BAD 04 04 ADD AL,0x4 + * 00442BAF 04 04 ADD AL,0x4 + * 00442BB1 04 04 ADD AL,0x4 + * 00442BB3 04 04 ADD AL,0x4 + * 00442BB5 04 04 ADD AL,0x4 + * 00442BB7 010404 ADD DWORD PTR SS:[ESP+EAX],EAX + * 00442BBA 04 04 ADD AL,0x4 + * 00442BBC 04 02 ADD AL,0x2 + * 00442BBE 04 04 ADD AL,0x4 + * 00442BC0 03CC ADD ECX,ESP + * 00442BC2 CC INT3 + * 00442BC3 CC INT3 + * 00442BC4 CC INT3 + * 00442BC5 CC INT3 + * 00442BC6 CC INT3 + * 00442BC7 CC INT3 + * 00442BC8 CC INT3 + * 00442BC9 CC INT3 + * 00442BCA CC INT3 + */ +namespace{ +bool attach(const uint8_t pattern[],int patternSize,DWORD startAddress,DWORD stopAddress){ + ULONG addr = MemDbg::findBytes(pattern, patternSize, startAddress, stopAddress); + if(addr==0)return false; + addr = MemDbg::findEnclosingAlignedFunction_strict(addr); + if(addr==0)return false; + HookParam hp; + hp.address = addr ; + hp.offset=get_stack(1); + hp.type=EMBED_ABLE|USING_STRING|EMBED_BEFORE_SIMPLE|EMBED_AFTER_NEW|EMBED_DYNA_SJIS; + hp.hook_font=F_GetGlyphOutlineA; + hp.filter_fun=[](void* data, size_t* len, HookParam* hp){ + auto text = reinterpret_cast(data); + std::string str = text; + str = str.substr(0, *len); + + std::regex reg1("\\{(.*?)/(.*?)\\}"); + std::string result1 = std::regex_replace(str, reg1, "$1"); + *len = result1.size(); + strcpy(text, result1.c_str()); + return true; + + }; + + return NewHook(hp, "EmbedCMVS"); +};} +bool attachScenarioHook(ULONG startAddress, ULONG stopAddress) +{ + + // This pattern is selected by comparing two CMVS games + const uint8_t bytes[] = { + 0xb8, 0xcd,0xcc,0xcc,0xcc, // 004512de b8 cdcccccc mov eax,0xcccccccd + 0xf7,0xe1, // 004512e3 f7e1 mul ecx + 0xc1,0xea, 0x02, // 004512e5 c1ea 02 shr edx,0x2 + 0xd1,0xe9, // 004512e8 d1e9 shr ecx,1 + 0x2b,0xca // 004512ea 2bca sub ecx,edx + }; + //const uint8_t bytes[] = { //青春&国记的人名&选择支 + // 0xb8, 0xcd,0xcc,0xcc,0xcc, // 004512de b8 cdcccccc mov eax,0xcccccccd + // 0xf7,0xe1, // 004512e3 f7e1 mul ecx + // 0xd1,0xe9, // 004512e8 d1e9 shr ecx,1 + + // 0xc1,0xea, 0x02, // 004512e5 c1ea 02 shr edx,0x2 + // 0x2b,0xca // 004512ea 2bca sub ecx,edx + //}; + const uint8_t bytes_kunado_kukoki[] = { + + 0xf7,0xe1, + 0x8b,0x85,0xd8,0xfd,0xff,0xff, + 0xd1,0xe9, + 0xc1,0xea, 0x02, + 0x2b,0xca + }; + + return attach(bytes, sizeof(bytes), startAddress, stopAddress)||attach(bytes_kunado_kukoki, sizeof(bytes_kunado_kukoki), startAddress, stopAddress); +} +/** + * FIXME: This function exists but is not called for クロノクロック when painting backlog. + * + * Sample bake: ハピメア + * + * Backlog function, found by tracking all callers of ::GetDC: + * + * 0044ACAE CC INT3 + * 0044ACAF CC INT3 + * 0044ACB0 55 PUSH EBP + * 0044ACB1 8BEC MOV EBP,ESP + * 0044ACB3 83EC 30 SUB ESP,0x30 + * 0044ACB6 56 PUSH ESI + * 0044ACB7 8BF1 MOV ESI,ECX + * 0044ACB9 8B86 58010000 MOV EAX,DWORD PTR DS:[ESI+0x158] + * 0044ACBF 57 PUSH EDI + * 0044ACC0 8B7D 08 MOV EDI,DWORD PTR SS:[EBP+0x8] + * 0044ACC3 50 PUSH EAX + * 0044ACC4 C745 08 00000000 MOV DWORD PTR SS:[EBP+0x8],0x0 + * 0044ACCB FF15 D4F35300 CALL DWORD PTR DS:[0x53F3D4] ; user32.GetDC + * 0044ACD1 68 80000000 PUSH 0x80 + * 0044ACD6 8D8E B8000000 LEA ECX,DWORD PTR DS:[ESI+0xB8] + * 0044ACDC 6A 00 PUSH 0x0 + * 0044ACDE 51 PUSH ECX + * 0044ACDF 8945 FC MOV DWORD PTR SS:[EBP-0x4],EAX + * 0044ACE2 E8 F9870D00 CALL .005234E0 + * 0044ACE7 8B46 7C MOV EAX,DWORD PTR DS:[ESI+0x7C] + * 0044ACEA 8B4E 70 MOV ECX,DWORD PTR DS:[ESI+0x70] + * 0044ACED 8945 F4 MOV DWORD PTR SS:[EBP-0xC],EAX + * 0044ACF0 8B46 1C MOV EAX,DWORD PTR DS:[ESI+0x1C] + * 0044ACF3 BA 28000000 MOV EDX,0x28 + * 0044ACF8 8945 E4 MOV DWORD PTR SS:[EBP-0x1C],EAX + * 0044ACFB 8B86 80000000 MOV EAX,DWORD PTR DS:[ESI+0x80] + * 0044AD01 66:8955 D0 MOV WORD PTR SS:[EBP-0x30],DX + * 0044AD05 8B56 74 MOV EDX,DWORD PTR DS:[ESI+0x74] + * 0044AD08 83C4 0C ADD ESP,0xC + * 0044AD0B 48 DEC EAX + * 0044AD0C 894D E8 MOV DWORD PTR SS:[EBP-0x18],ECX + * 0044AD0F 8955 EC MOV DWORD PTR SS:[EBP-0x14],EDX + * 0044AD12 C745 D8 00000000 MOV DWORD PTR SS:[EBP-0x28],0x0 + * 0044AD19 74 18 JE SHORT .0044AD33 + * 0044AD1B 48 DEC EAX + * 0044AD1C 74 0C JE SHORT .0044AD2A + * 0044AD1E 48 DEC EAX + * 0044AD1F 75 19 JNZ SHORT .0044AD3A + * 0044AD21 C745 D8 03000000 MOV DWORD PTR SS:[EBP-0x28],0x3 + * 0044AD28 EB 10 JMP SHORT .0044AD3A + * 0044AD2A C745 D8 02000000 MOV DWORD PTR SS:[EBP-0x28],0x2 + * 0044AD31 EB 07 JMP SHORT .0044AD3A + * 0044AD33 C745 D8 01000000 MOV DWORD PTR SS:[EBP-0x28],0x1 + * 0044AD3A 8B45 0C MOV EAX,DWORD PTR SS:[EBP+0xC] + * 0044AD3D 85C0 TEST EAX,EAX + * 0044AD3F 74 08 JE SHORT .0044AD49 + * 0044AD41 8B48 0C MOV ECX,DWORD PTR DS:[EAX+0xC] + * 0044AD44 894D F0 MOV DWORD PTR SS:[EBP-0x10],ECX + * 0044AD47 EB 06 JMP SHORT .0044AD4F + * 0044AD49 8B56 78 MOV EDX,DWORD PTR DS:[ESI+0x78] + * 0044AD4C 8955 F0 MOV DWORD PTR SS:[EBP-0x10],EDX + * 0044AD4F 803F 00 CMP BYTE PTR DS:[EDI],0x0 + * 0044AD52 0F84 65020000 JE .0044AFBD + * 0044AD58 53 PUSH EBX + * 0044AD59 8DA424 00000000 LEA ESP,DWORD PTR SS:[ESP] + * 0044AD60 0FB607 MOVZX EAX,BYTE PTR DS:[EDI] + * 0044AD63 3C 5C CMP AL,0x5C + * 0044AD65 0F84 16020000 JE .0044AF81 + * 0044AD6B 3C 7B CMP AL,0x7B + * 0044AD6D 0F84 63010000 JE .0044AED6 + * 0044AD73 50 PUSH EAX + * 0044AD74 E8 778DFBFF CALL .00403AF0 + * 0044AD79 85C0 TEST EAX,EAX + * 0044AD7B 0F84 AC000000 JE .0044AE2D + * 0044AD81 66:0FBE47 01 MOVSX AX,BYTE PTR DS:[EDI+0x1] + * 0044AD86 66:0FBE17 MOVSX DX,BYTE PTR DS:[EDI] + * 0044AD8A B9 FF000000 MOV ECX,0xFF + * 0044AD8F 66:23C1 AND AX,CX + * 0044AD92 66:C1E2 08 SHL DX,0x8 + * 0044AD96 66:0BC2 OR AX,DX + * 0044AD99 B9 4A810000 MOV ECX,0x814A + * 0044AD9E 83C7 02 ADD EDI,0x2 + * 0044ADA1 33DB XOR EBX,EBX + * 0044ADA3 66:8945 D2 MOV WORD PTR SS:[EBP-0x2E],AX + * 0044ADA7 66:3BC1 CMP AX,CX + * 0044ADAA 75 05 JNZ SHORT .0044ADB1 + * 0044ADAC BB 01000000 MOV EBX,0x1 + * 0044ADB1 8B45 D2 MOV EAX,DWORD PTR SS:[EBP-0x2E] + * 0044ADB4 8D55 08 LEA EDX,DWORD PTR SS:[EBP+0x8] + * 0044ADB7 52 PUSH EDX + * 0044ADB8 50 PUSH EAX + * 0044ADB9 6A 00 PUSH 0x0 + * 0044ADBB 8BCE MOV ECX,ESI + * 0044ADBD E8 FEFCFFFF CALL .0044AAC0 + * 0044ADC2 8B8E 98000000 MOV ECX,DWORD PTR DS:[ESI+0x98] + * 0044ADC8 8B96 9C000000 MOV EDX,DWORD PTR DS:[ESI+0x9C] + * 0044ADCE 894D DC MOV DWORD PTR SS:[EBP-0x24],ECX + * 0044ADD1 8955 E0 MOV DWORD PTR SS:[EBP-0x20],EDX + * 0044ADD4 85DB TEST EBX,EBX + * 0044ADD6 74 0E JE SHORT .0044ADE6 + * 0044ADD8 B8 CDCCCCCC MOV EAX,0xCCCCCCCD + * 0044ADDD F766 1C MUL DWORD PTR DS:[ESI+0x1C] + * 0044ADE0 C1EA 02 SHR EDX,0x2 + * 0044ADE3 2955 DC SUB DWORD PTR SS:[EBP-0x24],EDX + * 0044ADE6 8B55 FC MOV EDX,DWORD PTR SS:[EBP-0x4] + * 0044ADE9 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-0x8] + * 0044ADEC 50 PUSH EAX + * 0044ADED 8D4D D0 LEA ECX,DWORD PTR SS:[EBP-0x30] + * 0044ADF0 51 PUSH ECX + * 0044ADF1 52 PUSH EDX + * 0044ADF2 8BCE MOV ECX,ESI + * 0044ADF4 E8 87F2FFFF CALL .0044A080 + * 0044ADF9 85DB TEST EBX,EBX + * 0044ADFB 75 11 JNZ SHORT .0044AE0E + * 0044ADFD 8B46 20 MOV EAX,DWORD PTR DS:[ESI+0x20] + * 0044AE00 0346 1C ADD EAX,DWORD PTR DS:[ESI+0x1C] + * 0044AE03 0186 98000000 ADD DWORD PTR DS:[ESI+0x98],EAX + * 0044AE09 E9 A5010000 JMP .0044AFB3 + * 0044AE0E 8B4E 1C MOV ECX,DWORD PTR DS:[ESI+0x1C] + * 0044AE11 B8 CDCCCCCC MOV EAX,0xCCCCCCCD + * 0044AE16 F7E1 MUL ECX + * 0044AE18 D1E9 SHR ECX,1 + * 0044AE1A C1EA 02 SHR EDX,0x2 + * 0044AE1D 2BCA SUB ECX,EDX + * 0044AE1F 034E 20 ADD ECX,DWORD PTR DS:[ESI+0x20] + * 0044AE22 018E 98000000 ADD DWORD PTR DS:[ESI+0x98],ECX + * 0044AE28 E9 86010000 JMP .0044AFB3 + * 0044AE2D 66:0FBE0F MOVSX CX,BYTE PTR DS:[EDI] + * 0044AE31 8B56 14 MOV EDX,DWORD PTR DS:[ESI+0x14] + * 0044AE34 2B56 20 SUB EDX,DWORD PTR DS:[ESI+0x20] + * 0044AE37 8B46 1C MOV EAX,DWORD PTR DS:[ESI+0x1C] + * 0044AE3A 66:894D D2 MOV WORD PTR SS:[EBP-0x2E],CX + * 0044AE3E 8B4E 0C MOV ECX,DWORD PTR DS:[ESI+0xC] + * 0044AE41 2BD0 SUB EDX,EAX + * 0044AE43 03D1 ADD EDX,ECX + * 0044AE45 47 INC EDI + * 0044AE46 3996 98000000 CMP DWORD PTR DS:[ESI+0x98],EDX + * 0044AE4C 72 37 JB SHORT .0044AE85 + * 0044AE4E 8B55 08 MOV EDX,DWORD PTR SS:[EBP+0x8] + * 0044AE51 42 INC EDX + * 0044AE52 83BC96 B8000000 >CMP DWORD PTR DS:[ESI+EDX*4+0xB8],0x0 + * 0044AE5A 8955 08 MOV DWORD PTR SS:[EBP+0x8],EDX + * 0044AE5D 77 09 JA SHORT .0044AE68 + * 0044AE5F 83BE AC000000 00 CMP DWORD PTR DS:[ESI+0xAC],0x0 + * 0044AE66 74 0C JE SHORT .0044AE74 + * 0044AE68 8B96 B0000000 MOV EDX,DWORD PTR DS:[ESI+0xB0] + * 0044AE6E 0196 9C000000 ADD DWORD PTR DS:[ESI+0x9C],EDX + * 0044AE74 898E 98000000 MOV DWORD PTR DS:[ESI+0x98],ECX + * 0044AE7A 8B4E 24 MOV ECX,DWORD PTR DS:[ESI+0x24] + * 0044AE7D 03C8 ADD ECX,EAX + * 0044AE7F 018E 9C000000 ADD DWORD PTR DS:[ESI+0x9C],ECX + * 0044AE85 8B96 98000000 MOV EDX,DWORD PTR DS:[ESI+0x98] + * 0044AE8B 8B86 9C000000 MOV EAX,DWORD PTR DS:[ESI+0x9C] + * 0044AE91 8D4D F8 LEA ECX,DWORD PTR SS:[EBP-0x8] + * 0044AE94 51 PUSH ECX + * 0044AE95 8955 DC MOV DWORD PTR SS:[EBP-0x24],EDX + * 0044AE98 8D55 D0 LEA EDX,DWORD PTR SS:[EBP-0x30] + * 0044AE9B 8945 E0 MOV DWORD PTR SS:[EBP-0x20],EAX + * 0044AE9E 8B45 FC MOV EAX,DWORD PTR SS:[EBP-0x4] + * 0044AEA1 52 PUSH EDX + * 0044AEA2 50 PUSH EAX + * 0044AEA3 8BCE MOV ECX,ESI + * 0044AEA5 E8 D6F1FFFF CALL .0044A080 + * 0044AEAA 8B46 1C MOV EAX,DWORD PTR DS:[ESI+0x1C] + * 0044AEAD 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-0x8] + * 0044AEB0 D1E8 SHR EAX,1 + * 0044AEB2 3BC8 CMP ECX,EAX + * 0044AEB4 77 10 JA SHORT .0044AEC6 + * 0044AEB6 8B4E 20 MOV ECX,DWORD PTR DS:[ESI+0x20] + * 0044AEB9 03C8 ADD ECX,EAX + * 0044AEBB 018E 98000000 ADD DWORD PTR DS:[ESI+0x98],ECX + * 0044AEC1 E9 ED000000 JMP .0044AFB3 + * 0044AEC6 8B56 20 MOV EDX,DWORD PTR DS:[ESI+0x20] + * 0044AEC9 03D1 ADD EDX,ECX + * 0044AECB 0196 98000000 ADD DWORD PTR DS:[ESI+0x98],EDX + * 0044AED1 E9 DD000000 JMP .0044AFB3 + * 0044AED6 47 INC EDI + * 0044AED7 BB 01000000 MOV EBX,0x1 + * 0044AEDC 8D6424 00 LEA ESP,DWORD PTR SS:[ESP] + * 0044AEE0 0FB607 MOVZX EAX,BYTE PTR DS:[EDI] + * 0044AEE3 50 PUSH EAX + * 0044AEE4 E8 078CFBFF CALL .00403AF0 + * 0044AEE9 85C0 TEST EAX,EAX + * 0044AEEB 74 63 JE SHORT .0044AF50 + * 0044AEED 66:0FBE4F 01 MOVSX CX,BYTE PTR DS:[EDI+0x1] + * 0044AEF2 66:0FBE07 MOVSX AX,BYTE PTR DS:[EDI] + * 0044AEF6 BA FF000000 MOV EDX,0xFF + * 0044AEFB 66:23CA AND CX,DX + * 0044AEFE 66:C1E0 08 SHL AX,0x8 + * 0044AF02 66:0BC8 OR CX,AX + * 0044AF05 66:894D D2 MOV WORD PTR SS:[EBP-0x2E],CX + * 0044AF09 8B55 D2 MOV EDX,DWORD PTR SS:[EBP-0x2E] + * 0044AF0C 8D4D 08 LEA ECX,DWORD PTR SS:[EBP+0x8] + * 0044AF0F 51 PUSH ECX + * 0044AF10 52 PUSH EDX + * 0044AF11 6A 00 PUSH 0x0 + * 0044AF13 8BCE MOV ECX,ESI + * 0044AF15 83C7 02 ADD EDI,0x2 + * 0044AF18 E8 A3FBFFFF CALL .0044AAC0 + * 0044AF1D 8B86 98000000 MOV EAX,DWORD PTR DS:[ESI+0x98] + * 0044AF23 8B8E 9C000000 MOV ECX,DWORD PTR DS:[ESI+0x9C] + * 0044AF29 8D55 F8 LEA EDX,DWORD PTR SS:[EBP-0x8] + * 0044AF2C 8945 DC MOV DWORD PTR SS:[EBP-0x24],EAX + * 0044AF2F 52 PUSH EDX + * 0044AF30 894D E0 MOV DWORD PTR SS:[EBP-0x20],ECX + * 0044AF33 8B4D FC MOV ECX,DWORD PTR SS:[EBP-0x4] + * 0044AF36 8D45 D0 LEA EAX,DWORD PTR SS:[EBP-0x30] + * 0044AF39 50 PUSH EAX + * 0044AF3A 51 PUSH ECX + * 0044AF3B 8BCE MOV ECX,ESI + * 0044AF3D E8 3EF1FFFF CALL .0044A080 + * 0044AF42 8B56 20 MOV EDX,DWORD PTR DS:[ESI+0x20] + * 0044AF45 0356 1C ADD EDX,DWORD PTR DS:[ESI+0x1C] + * 0044AF48 0196 98000000 ADD DWORD PTR DS:[ESI+0x98],EDX + * 0044AF4E EB 08 JMP SHORT .0044AF58 + * 0044AF50 803F 2F CMP BYTE PTR DS:[EDI],0x2F + * 0044AF53 75 02 JNZ SHORT .0044AF57 + * 0044AF55 33DB XOR EBX,EBX + * 0044AF57 47 INC EDI + * 0044AF58 85DB TEST EBX,EBX + * 0044AF5A ^75 84 JNZ SHORT .0044AEE0 + * 0044AF5C BB 01000000 MOV EBX,0x1 + * 0044AF61 0FB607 MOVZX EAX,BYTE PTR DS:[EDI] + * 0044AF64 50 PUSH EAX + * 0044AF65 E8 868BFBFF CALL .00403AF0 + * 0044AF6A 85C0 TEST EAX,EAX + * 0044AF6C 74 05 JE SHORT .0044AF73 + * 0044AF6E 83C7 02 ADD EDI,0x2 + * 0044AF71 EB 08 JMP SHORT .0044AF7B + * 0044AF73 803F 7D CMP BYTE PTR DS:[EDI],0x7D + * 0044AF76 75 02 JNZ SHORT .0044AF7A + * 0044AF78 33DB XOR EBX,EBX + * 0044AF7A 47 INC EDI + * 0044AF7B 85DB TEST EBX,EBX + * 0044AF7D ^75 E2 JNZ SHORT .0044AF61 + * 0044AF7F EB 32 JMP SHORT .0044AFB3 + * 0044AF81 0FBE47 01 MOVSX EAX,BYTE PTR DS:[EDI+0x1] + * 0044AF85 83C0 9D ADD EAX,-0x63 + * 0044AF88 83F8 14 CMP EAX,0x14 + * 0044AF8B 77 26 JA SHORT .0044AFB3 + * 0044AF8D 0FB688 F0AF4400 MOVZX ECX,BYTE PTR DS:[EAX+0x44AFF0] + * 0044AF94 FF248D E0AF4400 JMP DWORD PTR DS:[ECX*4+0x44AFE0] + * 0044AF9B 8B46 24 MOV EAX,DWORD PTR DS:[ESI+0x24] + * 0044AF9E 0346 1C ADD EAX,DWORD PTR DS:[ESI+0x1C] + * 0044AFA1 8B56 0C MOV EDX,DWORD PTR DS:[ESI+0xC] + * 0044AFA4 0186 9C000000 ADD DWORD PTR DS:[ESI+0x9C],EAX + * 0044AFAA 8996 98000000 MOV DWORD PTR DS:[ESI+0x98],EDX + * 0044AFB0 83C7 02 ADD EDI,0x2 + * 0044AFB3 803F 00 CMP BYTE PTR DS:[EDI],0x0 + * 0044AFB6 ^0F85 A4FDFFFF JNZ .0044AD60 + * 0044AFBC 5B POP EBX + * 0044AFBD 8B4D FC MOV ECX,DWORD PTR SS:[EBP-0x4] + * 0044AFC0 8B96 58010000 MOV EDX,DWORD PTR DS:[ESI+0x158] + * 0044AFC6 51 PUSH ECX + * 0044AFC7 52 PUSH EDX + * 0044AFC8 FF15 D8F35300 CALL DWORD PTR DS:[0x53F3D8] ; user32.ReleaseDC + * 0044AFCE 5F POP EDI + * 0044AFCF B8 01000000 MOV EAX,0x1 + * 0044AFD4 5E POP ESI + * 0044AFD5 8BE5 MOV ESP,EBP + * 0044AFD7 5D POP EBP + * 0044AFD8 C2 0800 RETN 0x8 + * 0044AFDB 83C7 03 ADD EDI,0x3 + * 0044AFDE ^EB D3 JMP SHORT .0044AFB3 + * 0044AFE0 B0 AF MOV AL,0xAF + * 0044AFE2 44 INC ESP + * 0044AFE3 009B AF4400DB ADD BYTE PTR DS:[EBX+0xDB0044AF],BL + * 0044AFE9 AF SCAS DWORD PTR ES:[EDI] + * 0044AFEA 44 INC ESP + * 0044AFEB 00B3 AF440000 ADD BYTE PTR DS:[EBX+0x44AF],DH + * 0044AFF1 0303 ADD EAX,DWORD PTR DS:[EBX] + * 0044AFF3 0303 ADD EAX,DWORD PTR DS:[EBX] + * 0044AFF5 0303 ADD EAX,DWORD PTR DS:[EBX] + * 0044AFF7 0303 ADD EAX,DWORD PTR DS:[EBX] + * 0044AFF9 0303 ADD EAX,DWORD PTR DS:[EBX] + * 0044AFFB 0103 ADD DWORD PTR DS:[EBX],EAX + * 0044AFFD 0303 ADD EAX,DWORD PTR DS:[EBX] + * 0044AFFF 0303 ADD EAX,DWORD PTR DS:[EBX] + * 0044B001 0003 ADD BYTE PTR DS:[EBX],AL + * 0044B003 0302 ADD EAX,DWORD PTR DS:[EDX] + * 0044B005 CC INT3 + * 0044B006 CC INT3 + * 0044B007 CC INT3 + * 0044B008 CC INT3 + */ + +bool attachHistoryHook(ULONG startAddress, ULONG stopAddress) +{ + const uint8_t bytes[] = { + 0xb8, 0xcd,0xcc,0xcc,0xcc, // 0044ae11 b8 cdcccccc mov eax,0xcccccccd + 0xf7,0xe1, // 0044ae16 f7e1 mul ecx + 0xd1,0xe9, // 0044ae18 d1e9 shr ecx,1 + 0xc1,0xea, 0x02, // 0044ae1a c1ea 02 shr edx,0x2 + 0x2b,0xca // 0044ae1d 2bca sub ecx,edx + }; + + return attach(bytes, sizeof(bytes), startAddress, stopAddress); +} +bool CMVS::attach_function() { + bool embed=attachScenarioHook(processStartAddress,processStopAddress); + if(embed)attachHistoryHook(processStartAddress,processStopAddress); + return InsertCMVSHook()||embed; +} \ No newline at end of file diff --git a/LunaHook/engine32/CMVS.h b/LunaHook/engine32/CMVS.h new file mode 100644 index 0000000..dba444a --- /dev/null +++ b/LunaHook/engine32/CMVS.h @@ -0,0 +1,18 @@ +#include"engine.h" + +class CMVS:public ENGINE{ + public: + CMVS(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"data\\pack\\*.cpz"; + + + // jichi 8/19/2013: DO NOT WORK for games like「ハピメア」 + //if (wcsstr(str,L"cmvs32") || wcsstr(str,L"cmvs64")) { + // InsertCMVSHook(); + // return true; + //} + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Candy.cpp b/LunaHook/engine32/Candy.cpp new file mode 100644 index 0000000..fc2630f --- /dev/null +++ b/LunaHook/engine32/Candy.cpp @@ -0,0 +1,215 @@ +#include"Candy.h" + +/******************************************************************************************** +CandySoft hook: + Game folder contains many *.fpk. Engine name is SystemC. + I haven't seen this engine in other company/brand. + + AGTH /X3 will hook lstrlenA. One thread is the exactly result we want. + But the function call is difficult to located programmatically. + I find a equivalent points which is more easy to search. + The script processing function needs to find 0x5B'[', + so there should a instruction like cmp reg,5B + Find this position and navigate to function entry. + The first parameter is the string pointer. + This approach works fine with game later than つよきす2学� + + But the original つよき�is quite different. I handle this case separately. + +********************************************************************************************/ + +namespace { // unnamed Candy + +// jichi 8/23/2013: split into two different engines +//if (_wcsicmp(processName, L"systemc.exe")==0) +// Process name is "SystemC.exe" +bool InsertCandyHook1() +{ + for (DWORD i = processStartAddress + 0x1000; i < processStopAddress - 4; i++) + if ((*(DWORD *)i&0xffffff) == 0x24f980) // cmp cl,24 + for (DWORD j = i, k = i - 0x100; j > k; j--) + if (*(DWORD *)j == 0xc0330a8a) { // mov cl,[edx]; xor eax,eax + HookParam hp; + hp.address = j; + hp.offset=get_reg(regs::edx); + hp.type = USING_STRING; + ConsoleOutput("INSERT SystemC#1"); + + //RegisterEngineType(ENGINE_CANDY); + return NewHook(hp, "SystemC"); + } + ConsoleOutput("CandyHook1: failed"); + return false; +} + +// jichi 8/23/2013: Process name is NOT "SystemC.exe" +bool InsertCandyHook2() +{ + for (DWORD i = processStartAddress + 0x1000; i < processStopAddress - 4 ;i++) + if (*(WORD *)i == 0x5b3c || // cmp al,0x5b + (*(DWORD *)i & 0xfff8fc) == 0x5bf880) // cmp reg,0x5B + for (DWORD j = i, k = i - 0x100; j > k; j--) + if ((*(DWORD *)j & 0xffff) == 0x8b55) { // push ebp, mov ebp,esp, sub esp,* + HookParam hp; + hp.address = j; + if(((*(BYTE *)(j+3)))==0x51) //push ecx ,thiscall + hp.offset=get_reg(regs::ecx); //アイドルクリニック~恋の薬でHな処方~ + else + hp.offset=get_stack(1); // jichi: text in arg1 + hp.type = USING_STRING; + + //RegisterEngineType(ENGINE_CANDY); + return NewHook(hp, "SystemC"); + } + ConsoleOutput("CandyHook2: failed"); + return false; +} + +/** jichi 10/2/2013: CHECKPOINT + * + * [5/31/2013] 恋もHもお勉強も、おまかせ�お姉ちも�部 + * base = 0xf20000 + * + シナリオ: /HSN-4@104A48:ANEBU.EXE + * - off: 4294967288 = 0xfffffff8 = -8 + , - type: 1025 = 0x401 + * + 選択肢: /HSN-4@104FDD:ANEBU.EXE + * - off: 4294967288 = 0xfffffff8 = -8 + * - type: 1089 = 0x441 + */ +//bool InsertCandyHook3() +//{ +// return false; // CHECKPOINT +// const BYTE ins[] = { +// 0x83,0xc4, 0x0c, // add esp,0xc ; hook here +// 0x0f,0xb6,0xc0, // movzx eax,al +// 0x85,0xc0, // test eax,eax +// 0x75, 0x0e // jnz XXOO ; it must be 0xe, or there will be duplication +// }; +// enum { addr_offset = 0 }; +// ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); +// ULONG reladdr = SearchPattern(processStartAddress, range, ins, sizeof(ins)); +// reladdr = 0x104a48; +// GROWL_DWORD(processStartAddress); +// //GROWL_DWORD3(reladdr, processStartAddress, range); +// if (!reladdr) +// return false; +// +// HookParam hp; +// hp.address = processStartAddress + reladdr + addr_offset; +// hp.offset=get_reg(regs::eax); +// hp.type = USING_STRING|NO_CONTEXT; +// NewHook(hp, "Candy"); +// return true; +//} + +} // unnamed Candy + +namespace{ +bool candy3(){ + //お母さんは俺専用!~あなたの初めてを…母さんが貰ってア・ゲ・ル~ + //茉莉子さん家の性事情 ~伯母さんは僕のモノ~ + const BYTE bytes[] = { + 0x24, //XX||XX2 + 0x75 + }; + for (auto addr : Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE)){ + ConsoleOutput("%x",addr); + if((*(BYTE*)(addr-1) ==0x3c)||((*(BYTE*)(addr-2) ==0x83)&&(*(BYTE*)(addr-1) ==0xf9))){ + addr=MemDbg::findEnclosingAlignedFunction(addr); + if(addr==0)continue; + ConsoleOutput("!%x",addr); + HookParam hp; + hp.type = USING_STRING; + if(*(BYTE*)addr==0x55) + hp.offset=get_stack(1); + else if(*(BYTE*)addr==0x56) + hp.offset=get_reg(regs::eax); + else + continue; + hp.address = addr; + + return NewHook(hp, "candy3"); + } + } + return false; +} +bool InsertCandyHook3() +{ + + /* + * Sample games: + * https://vndb.org/v24878 + */ + const BYTE bytes[] = { + 0xCC, // int 3 + 0x55, // push ebp << hook here + 0x8B, 0xEC, // mov ebp,esp + 0x6A, 0xFF, // push -01 + 0x68, XX4, // push iinari-omnibus.exe+C4366 + 0x64, 0xA1, 0x00, 0x00, 0x00, 0x00, // mov eax,fs:[00000000] + 0x50, // push eax + 0x83, 0xEC, 0x74, // sub esp,74 + 0x53, // push ebx + 0x56, // push esi + 0x57 // push edi + }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + ConsoleOutput("SystemC#3: pattern not found"); + return false; + } + HookParam hp; + hp.address = addr + 1; + hp.offset=get_stack(4); + hp.type = USING_STRING | CODEC_UTF16; + ConsoleOutput("INSERT SystemC#3"); + + return NewHook(hp, "SystemC#3"); +} +} +// jichi 10/2/2013: Add new candy hook +bool InsertCandyHook() +{ + PcHooks::hookOtherPcFunctions(); + //if (0 == _wcsicmp(processName, L"systemc.exe")) + if (Util::CheckFile(L"SystemC.exe")) + return InsertCandyHook1()||candy3(); + else{ + //return InsertCandyHook2(); + bool b2 = InsertCandyHook2(), + b3 = InsertCandyHook3(); + return b2 || b3; + } +} + +bool Candy::attach_function() { + + return InsertCandyHook(); +} + + +bool WillowSoft::attach_function(){ + //お母さんがいっぱい!!限定ママBOX + const BYTE bytes[] = { + 0xF7 ,0xC2 ,0x00 ,0x00 ,0xFF ,0x00, + XX2, + 0xF7 ,0xC2 ,0x00 ,0x00 ,0x00 ,0xFF , + XX2 + }; + auto addr=MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if(addr==0)return false; + addr=MemDbg::findEnclosingAlignedFunction(addr); + if(addr==0)return false; + + HookParam hp; + hp.type = USING_STRING; + hp.offset=get_stack(2); + hp.type |= DATA_INDIRECT; + hp.index = 0; + hp.address = addr; + + + return NewHook(hp, "WillowSoft"); +} \ No newline at end of file diff --git a/LunaHook/engine32/Candy.h b/LunaHook/engine32/Candy.h new file mode 100644 index 0000000..09a8d91 --- /dev/null +++ b/LunaHook/engine32/Candy.h @@ -0,0 +1,24 @@ +#include"engine.h" + +class Candy:public ENGINE{ + public: + Candy(){ + + check_by=CHECK_BY::FILE_ANY; + check_by_target=check_by_list{L"*.fpk",L"data\\*.fpk"}; + is_engine_certain=false; + }; + bool attach_function(); +}; + + +class WillowSoft:public ENGINE{ + public: + WillowSoft(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"Selene.dll"; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/CaramelBox.cpp b/LunaHook/engine32/CaramelBox.cpp new file mode 100644 index 0000000..80c55c0 --- /dev/null +++ b/LunaHook/engine32/CaramelBox.cpp @@ -0,0 +1,123 @@ +#include"CaramelBox.h" + + +static void SpecialHookCaramelBox(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t *len) +{ + DWORD reg_ecx = *(DWORD*)(stack->base + hp->offset); + BYTE *ptr = (BYTE *)reg_ecx; + buffer_index = 0; + while (ptr[0]) + if (ptr[0] == 0x28) { // Furigana format: (Kanji,Furi) + ptr++; + while (ptr[0]!=0x2c) //Copy Kanji + text_buffer[buffer_index++] = *ptr++; + while (ptr[0]!=0x29) // Skip Furi + ptr++; + ptr++; + } else if (ptr[0] == 0x5c) + ptr +=2; + else { + text_buffer[buffer_index++] = ptr[0]; + if (LeadByteTable[ptr[0]] == 2) { + ptr++; + text_buffer[buffer_index++] = ptr[0]; + } + ptr++; + } + + *len = buffer_index; + *data = (DWORD)text_buffer; + *split = 0; // 8/3/2014 jichi: use return address as split +} +// jichi 10/1/2013: Change return type to bool +bool InsertCaramelBoxHook() +{ + union { DWORD i; BYTE* pb; WORD* pw; DWORD *pd; }; + DWORD reg = -1; + for (i = processStartAddress + 0x1000; i < processStopAddress - 4; i++) { + if (*pd == 0x7ff3d) // cmp eax, 7ff + reg = 0; + else if ((*pd & 0xfffff8fc) == 0x07fff880) // cmp reg, 7ff + reg = pb[1] & 0x7; + + if (reg == -1) + continue; + + DWORD flag = 0; + if (*(pb - 6) == 3) { //add reg, [ebp+$disp_32] + if (*(pb - 5) == (0x85 | (reg << 3))) + flag = 1; + } else if (*(pb - 3) == 3) { // add reg, [ebp+$disp_8] + if (*(pb - 2) == (0x45 | (reg << 3))) + flag = 1; + } else if (*(pb - 2) == 3) { // add reg, reg + if (((*(pb - 1) >> 3) & 7)== reg) + flag = 1; + } + reg = -1; + if (flag) { + for (DWORD j = i, k = i - 0x100; j > k; j--) { + if ((*(DWORD *)j & 0xffff00ff) == 0x1000b8) { // mov eax,10?? + HookParam hp; + hp.address = j & ~0xf; + hp.text_fun = SpecialHookCaramelBox; + hp.type = USING_STRING; + for (i &= ~0xffff; i < processStopAddress - 4; i++) + if (pb[0] == 0xe8) { + pb++; + if (pd[0] + i + 4 == hp.address) { + pb += 4; + if ((pd[0] & 0xffffff) == 0x04c483) + hp.offset=get_stack(1); + else hp.offset=get_reg(regs::ecx); + break; + } + } + + if (hp.offset == 0) { + ConsoleOutput("CaramelBox: failed, zero off"); + return false; + } + ConsoleOutput("INSERT CaramelBox"); + + //RegisterEngineType(ENGINE_CARAMEL); + return NewHook(hp, "CaramelBox"); + } + } + } + } + ConsoleOutput("CaramelBox: failed"); + return false; +//_unknown_engine: + //ConsoleOutput("Unknown CarmelBox engine."); +} + + +bool CaramelBox::attach_function() { + + return InsertCaramelBoxHook(); +} + + + +bool CaramelBoxMilkAji::attach_function(){ + //雨芳恋歌 + //https://vndb.org/v6663 + BYTE bytes[] = { + 0x33,0xD2, + 0xB9,0x8A,0x02,0x00,0x00, + 0xF7,0xF1, + 0x6B,0xC0,0x44, + 0x6B,0xC0,0x03 + }; + auto addr=MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if(addr==0)return false; + addr=MemDbg::findEnclosingAlignedFunction(addr); + if(addr==0)return false; + HookParam hp; + hp.address = addr; + hp.type = USING_STRING; + hp.offset=get_stack(1); + + return NewHook(hp, "CaramelBox"); +} \ No newline at end of file diff --git a/LunaHook/engine32/CaramelBox.h b/LunaHook/engine32/CaramelBox.h new file mode 100644 index 0000000..55d4746 --- /dev/null +++ b/LunaHook/engine32/CaramelBox.h @@ -0,0 +1,36 @@ +#include"engine.h" + +class CaramelBox:public ENGINE{ + public: + CaramelBox(){ + + check_by=CHECK_BY::CUSTOM; + check_by_target=[](){ + auto str=std::wstring( processName_lower); + DWORD len = str.size(); + + // jichi 8/10/2013: Since *.bin is common, move CaramelBox to the end + str[len - 3] = L'b'; + str[len - 2] = L'i'; + str[len - 1] = L'n'; + str[len] = 0; + return (Util::CheckFile(str.c_str()) || Util::CheckFile(L"trial.bin")); + }; + is_engine_certain=false; + + }; + bool attach_function(); +}; + + +class CaramelBoxMilkAji:public ENGINE{ + public: + CaramelBoxMilkAji(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"SdActiRc.dll"; + is_engine_certain=false; + + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/CatSystem.cpp b/LunaHook/engine32/CatSystem.cpp new file mode 100644 index 0000000..ba64da8 --- /dev/null +++ b/LunaHook/engine32/CatSystem.cpp @@ -0,0 +1,799 @@ +#include"CatSystem.h" +#include"embed_util.h" +#include"dyncodec/dynsjis.h" +// jichi 5/10/2014 +// See also: http://bbs.sumisora.org/read.php?tid=11044704&fpage=2 +// +// Old engine: グリザイアの迷宮 +// 0053cc4e cc int3 +// 0053cc4f cc int3 +// 0053cc50 6a ff push -0x1 ; jichi: hook here +// 0053cc52 68 6b486000 push .0060486b +// 0053cc57 64:a1 00000000 mov eax,dword ptr fs:[0] +// 0053cc5d 50 push eax +// 0053cc5e 81ec 24020000 sub esp,0x224 +// 0053cc64 a1 f8647600 mov eax,dword ptr ds:[0x7664f8] +// 0053cc69 33c4 xor eax,esp +// 0053cc6b 898424 20020000 mov dword ptr ss:[esp+0x220],eax +// 0053cc72 53 push ebx +// 0053cc73 55 push ebp +// 0053cc74 56 push esi +// 0053cc75 57 push edi +// +// Stack: +// 0544e974 0053d593 return to .0053d593 from .0053cc50 +// 0544e978 045cc820 +// 0544e97c 00008dc5 : jichi: text +// 0544e980 00000016 +// 0544e984 0452f2e4 +// 0544e988 00000000 +// 0544e98c 00000001 +// 0544e990 0544ea94 +// 0544e994 04513840 +// 0544e998 0452f2b8 +// 0544e99c 04577638 +// 0544e9a0 04620450 +// 0544e9a4 00000080 +// 0544e9a8 00000080 +// 0544e9ac 004914f3 return to .004914f3 from .0055c692 +// +// Registers: +// edx 0 +// ebx 00000016 +// +// +// New engine: イノセントガール +// Stack: +// 051ae508 0054e9d1 return to .0054e9d1 from .0054e310 +// 051ae50c 04361650 +// 051ae510 00008ca9 ; jichi: text +// 051ae514 0000001a +// 051ae518 04343864 +// 051ae51c 00000000 +// 051ae520 00000001 +// 051ae524 051ae62c +// 051ae528 041edc20 +// 051ae52c 04343830 +// 051ae530 0434a8b0 +// 051ae534 0434a7f0 +// 051ae538 00000080 +// 051ae53c 00000080 +// 051ae540 3f560000 +// 051ae544 437f8000 +// 051ae548 4433e000 +// 051ae54c 16f60c00 +// 051ae550 051ae650 +// 051ae554 042c4c20 +// 051ae558 0000002c +// 051ae55c 00439bc5 return to .00439bc5 from .0043af60 +// +// Registers & stack: +// Scenario: +// eax 04361650 +// ecx 04357640 +// edx 04343864 +// ebx 0000001a +// esp 051ae508 +// ebp 00008169 +// esi 04357640 +// edi 051ae62c +// eip 0054e310 .0054e310 +// +// 051ae508 0054e9d1 return to .0054e9d1 from .0054e310 +// 051ae50c 04361650 +// 051ae510 00008169 +// 051ae514 0000001a +// 051ae518 04343864 +// 051ae51c 00000000 +// 051ae520 00000001 +// 051ae524 051ae62c +// 051ae528 041edc20 +// 051ae52c 04343830 +// 051ae530 0434a8b0 +// 051ae534 0434a7f0 +// 051ae538 00000080 +// 051ae53c 00000080 +// 051ae540 3f560000 +// 051ae544 437f8000 +// 051ae548 4433e000 +// 051ae54c 16f60c00 +// 051ae550 051ae650 +// 051ae554 042c4c20 +// 051ae558 0000002c +// +// Name: +// +// eax 04362430 +// ecx 17025230 +// edx 0430b6e4 +// ebx 0000001a +// esp 051ae508 +// ebp 00008179 +// esi 17025230 +// edi 051ae62c +// eip 0054e310 .0054e310 +// +// 051ae508 0054e9d1 return to .0054e9d1 from .0054e310 +// 051ae50c 04362430 +// 051ae510 00008179 +// 051ae514 0000001a +// 051ae518 0430b6e4 +// 051ae51c 00000000 +// 051ae520 00000001 +// 051ae524 051ae62c +// 051ae528 041edae0 +// 051ae52c 0430b6b0 +// 051ae530 0434a790 +// 051ae534 0434a910 +// 051ae538 00000080 +// 051ae53c 00000080 +// 051ae540 3efa0000 +// 051ae544 4483f000 +// 051ae548 44322000 +// 051ae54c 16f60aa0 +// 051ae550 051ae650 +// 051ae554 042c4c20 +// 051ae558 0000002c + +static void SpecialHookCatSystem3(hook_stack* stack, HookParam *, uintptr_t *data, uintptr_t *split, size_t *len) +{ + //DWORD ch = *data = *(DWORD *)(esp_base + hp->offset); // arg2 + DWORD ch = *data = stack->stack[2]; + *len = LeadByteTable[(ch >> 8) & 0xff]; // CODEC_ANSI_BE + *split = stack->edx >> 16; +} + +bool InsertCatSystemHook() +{ + //DWORD search=0x95EB60F; + //DWORD j,i=SearchPattern(processStartAddress,processStopAddress-processStartAddress,&search,4); + //if (i==0) return; + //i+=processStartAddress; + //for (j=i-0x100;i>j;i--) + // if (*(DWORD*)i==0xcccccccc) break; + //if (i==j) return; + //hp.address=i+4; + //hp.offset=get_reg(regs::eax); + //hp.index=4; + //hp.type =CODEC_ANSI_BE|DATA_INDIRECT|USING_SPLIT|SPLIT_INDIRECT; + //hp.length_offset=1; + + enum { beg = 0xff6acccc }; // jichi 7/12/2014: beginning of the function + enum { addr_offset = 2 }; // skip two leading 0xcc + ULONG addr = MemDbg::findCallerAddress((ULONG)::GetTextMetricsA, beg, processStartAddress, processStopAddress); + if (!addr) { + ConsoleOutput("CatSystem2: pattern not exist"); + return false; + } + + HookParam hp; + hp.address = addr + addr_offset; // skip 1 push? + hp.offset=get_stack(2); // text character is in arg2 + + // jichi 12/23/2014: Modify split for new catsystem + bool newEngine = Util::CheckFile(L"cs2conf.dll"); + if (newEngine) { + //hp.text_fun = SpecialHookCatSystem3; // type not needed + //NewHook(hp, "CatSystem3"); + //ConsoleOutput("INSERT CatSystem3"); + hp.type = CODEC_ANSI_BE|USING_SPLIT; + hp.split = get_reg(regs::esi); + ConsoleOutput("INSERT CatSystem3new"); + return NewHook(hp, "CatSystem3new"); + } else { + hp.type = CODEC_ANSI_BE|USING_SPLIT; + hp.split = get_reg(regs::edx); + ConsoleOutput("INSERT CatSystem2"); + return NewHook(hp, "CatSystem2"); + } +} +bool InsertCatSystem2Hook() +{ + + /* + * Sample games: + * https://vndb.org/v26987 + */ + const BYTE bytes[] = { + 0x38, 0x08, // cmp [eax],cl + 0x0F, 0x84, XX4, // je cs2.exe+23E490 + 0x66, 0x66, 0x0F, 0x1F, 0x84, 0x00, XX4, // nop word ptr [eax+eax+00000000] + 0x4F, // dec edi + 0xC7, 0x85, XX4, XX4, // mov [ebp-000005A0],00000000 + 0x33, 0xF6, // xor esi,esi + 0xC7, 0x85, XX4, XX4, // mov [ebp-0000057C],00000000 + 0x85, 0xFF // test edi,edi + }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + ConsoleOutput("CatSystem2new: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::eax); + hp.codepage = 65001; + hp.type = USING_STRING; + ConsoleOutput("INSERT CatSystem2new"); + + return NewHook(hp, "CatSystem2new"); +} +namespace { // unnamed +namespace Patch { + +namespace Private { + // String in ecx + // bool __fastcall isLeadByteChar(const char *s, DWORD edx) + // bool isLeadByteChar(hook_stack*s,void* data, size_t* len,uintptr_t*role) + // { + // auto pc=(CHAR*)s->ecx; + + // s->eax=(bool)((pc)&&dynsjis::isleadbyte(*pc)); + // return false; + + // //return dynsjis::isleadstr(s); // no idea why this will cause Grisaia3 to hang + // //return ::IsDBCSLeadByte(HIBYTE(testChar)); + // } + bool isLeadByteChar(char* s) + { + return s && dynsjis::isleadchar(*s); + + //return dynsjis::isleadstr(s); // no idea why this will cause Grisaia3 to hang + //return ::IsDBCSLeadByte(HIBYTE(testChar)); + } + +} // namespace Private + +/** + * Sample game: ゆきこいめると + * + * This function is found by searching the following instruction: + * 00511C8E 3C 81 CMP AL,0x81 + * + * This function is very similar to that in LC-ScriptEngine. + * + * Return 1 if the first byte in arg1 is leading byte else 0. + * + * 00511C7C CC INT3 + * 00511C7D CC INT3 + * 00511C7E CC INT3 + * 00511C7F CC INT3 + * 00511C80 8B4C24 04 MOV ECX,DWORD PTR SS:[ESP+0x4] + * 00511C84 85C9 TEST ECX,ECX + * 00511C86 74 2F JE SHORT .00511CB7 + * 00511C88 8A01 MOV AL,BYTE PTR DS:[ECX] + * 00511C8A 84C0 TEST AL,AL + * 00511C8C 74 29 JE SHORT .00511CB7 + * 00511C8E 3C 81 CMP AL,0x81 + * 00511C90 72 04 JB SHORT .00511C96 + * 00511C92 3C 9F CMP AL,0x9F + * 00511C94 76 08 JBE SHORT .00511C9E + * 00511C96 3C E0 CMP AL,0xE0 + * 00511C98 72 1D JB SHORT .00511CB7 + * 00511C9A 3C EF CMP AL,0xEF + * 00511C9C 77 19 JA SHORT .00511CB7 + * 00511C9E 8A41 01 MOV AL,BYTE PTR DS:[ECX+0x1] + * 00511CA1 3C 40 CMP AL,0x40 + * 00511CA3 72 04 JB SHORT .00511CA9 + * 00511CA5 3C 7E CMP AL,0x7E + * 00511CA7 76 08 JBE SHORT .00511CB1 + * 00511CA9 3C 80 CMP AL,0x80 + * 00511CAB 72 0A JB SHORT .00511CB7 + * 00511CAD 3C FC CMP AL,0xFC + * 00511CAF 77 06 JA SHORT .00511CB7 + * 00511CB1 B8 01000000 MOV EAX,0x1 + * 00511CB6 C3 RETN + * 00511CB7 33C0 XOR EAX,EAX + * 00511CB9 C3 RETN + * 00511CBA CC INT3 + * 00511CBB CC INT3 + * 00511CBC CC INT3 + * 00511CBD CC INT3 + * + * Sample game: Grisaia3 グリザイアの楽園 + * 0050747F CC INT3 + * 00507480 8B4C24 04 MOV ECX,DWORD PTR SS:[ESP+0x4] ; jichi: text in arg1 + * 00507484 85C9 TEST ECX,ECX + * 00507486 74 2F JE SHORT .005074B7 + * 00507488 8A01 MOV AL,BYTE PTR DS:[ECX] + * 0050748A 84C0 TEST AL,AL + * 0050748C 74 29 JE SHORT .005074B7 + * 0050748E 3C 81 CMP AL,0x81 + * 00507490 72 04 JB SHORT .00507496 + * 00507492 3C 9F CMP AL,0x9F + * 00507494 76 08 JBE SHORT .0050749E + * 00507496 3C E0 CMP AL,0xE0 + * 00507498 72 1D JB SHORT .005074B7 + * 0050749A 3C EF CMP AL,0xEF + * 0050749C 77 19 JA SHORT .005074B7 + * 0050749E 8A41 01 MOV AL,BYTE PTR DS:[ECX+0x1] + * 005074A1 3C 40 CMP AL,0x40 + * 005074A3 72 04 JB SHORT .005074A9 + * 005074A5 3C 7E CMP AL,0x7E + * 005074A7 76 08 JBE SHORT .005074B1 + * 005074A9 3C 80 CMP AL,0x80 + * 005074AB 72 0A JB SHORT .005074B7 + * 005074AD 3C FC CMP AL,0xFC + * 005074AF 77 06 JA SHORT .005074B7 + * 005074B1 B8 01000000 MOV EAX,0x1 + * 005074B6 C3 RETN + * 005074B7 33C0 XOR EAX,EAX + * 005074B9 C3 RETN + * 005074BA CC INT3 + * 005074BB CC INT3 + * 005074BC CC INT3 + * 005074BD CC INT3 + * + * Sample game: Grisaia1 グリザイアの果実 + * 0041488A CC INT3 + * 0041488B CC INT3 + * 0041488C CC INT3 + * 0041488D CC INT3 + * 0041488E CC INT3 + * 0041488F CC INT3 + * 00414890 85C9 TEST ECX,ECX ; jichi: text in ecx + * 00414892 74 2F JE SHORT Grisaia.004148C3 + * 00414894 8A01 MOV AL,BYTE PTR DS:[ECX] + * 00414896 84C0 TEST AL,AL + * 00414898 74 29 JE SHORT Grisaia.004148C3 + * 0041489A 3C 81 CMP AL,0x81 + * 0041489C 72 04 JB SHORT Grisaia.004148A2 + * 0041489E 3C 9F CMP AL,0x9F + * 004148A0 76 08 JBE SHORT Grisaia.004148AA + * 004148A2 3C E0 CMP AL,0xE0 + * 004148A4 72 1D JB SHORT Grisaia.004148C3 + * 004148A6 3C EF CMP AL,0xEF + * 004148A8 77 19 JA SHORT Grisaia.004148C3 + * 004148AA 8A41 01 MOV AL,BYTE PTR DS:[ECX+0x1] + * 004148AD 3C 40 CMP AL,0x40 + * 004148AF 72 04 JB SHORT Grisaia.004148B5 + * 004148B1 3C 7E CMP AL,0x7E + * 004148B3 76 08 JBE SHORT Grisaia.004148BD + * 004148B5 3C 80 CMP AL,0x80 + * 004148B7 72 0A JB SHORT Grisaia.004148C3 + * 004148B9 3C FC CMP AL,0xFC + * 004148BB 77 06 JA SHORT Grisaia.004148C3 + * 004148BD B8 01000000 MOV EAX,0x1 + * 004148C2 C3 RETN + * 004148C3 33C0 XOR EAX,EAX + * 004148C5 C3 RETN + * 004148C6 CC INT3 + * 004148C7 CC INT3 + * 004148C8 CC INT3 + */ + +ULONG patchEncoding(ULONG startAddress, ULONG stopAddress) +{ + const uint8_t bytes[] = { + 0x74, 0x29, // 00511c8c 74 29 je short .00511cb7 + 0x3c, 0x81 // 00511c8e 3c 81 cmp al,0x81 + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if (!addr) + return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) + return false; + for (auto p = addr; p - addr < 20; p += ::disasm((LPCVOID)p)) + if (*(WORD *)p == 0xc985)// 00414890 85C9 TEST ECX,ECX ; jichi: text in ecx + return addr;//winhook::replace_fun(p, (ULONG)Private::isLeadByteChar); + return 0; +} + +} // namespace Patch + +/** + * Sample game: ゆきこいめると + * + * Example prefix to skip: + * 03751294 81 40 5C 70 63 81 75 83 7B 83 4E 82 CC 8E AF 82  \pc「ボクの識・ + * + * 033CF370 5C 6E 81 40 5C 70 63 8C 4A 82 E8 95 D4 82 BB 82 \n \pc繰り返そ・ + * 033CF380 A4 81 41 96 7B 93 96 82 C9 81 41 82 B1 82 CC 8B 、、本当に、この・ + * 033CF390 47 90 DF 82 CD 81 41 83 8D 83 4E 82 C8 82 B1 82 G節は、ロクなこ・ + * 033CF3A0 C6 82 AA 82 C8 82 A2 81 42 00 AA 82 C8 82 A2 81 ニがない。.ェない・ + * 033CF3B0 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 B............... + * 033CF3C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 033CF3D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 033CF3E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 033CF3F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 033CF400 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * + * Sample choice texts: + * + * str 155 選択肢 + * + * 0 op01 最初から始める + * + * 1 select_go_tar たるひ初キスシーンを見る + */ +template +strT ltrim(strT text) +{ + strT lastText = nullptr; + while (*text && text != lastText) { + lastText = text; + if (text[0] == 0x20) + text++; + if ((UINT8)text[0] == 0x81 && (UINT8)text[1] == 0x40) // skip space \u3000 (0x8140 in sjis) + text += 2; + if (text[0] == '\\') { + text++; + while (::islower(text[0]) || text[0] == '@') + text++; + } + } + while ((signed char)text[0] > 0 && text[0] != '[') // skip all leading ascii characters except "[" needed for ruby + text++; + return text; +} + +// Remove trailing '\@' +size_t rtrim(LPCSTR text) +{ + size_t size = ::strlen(text); + while (size >= 2 && text[size - 2] == '\\' && (UINT8)text[size - 1] <= 127) + size -= 2; + return size; +} + +namespace ScenarioHook { +namespace Private { + + bool isOtherText(LPCSTR text) + { + /* Sample game: ゆきこいめると */ + return ::strcmp(text, "\x91\x49\x91\xf0\x8e\x88") == 0; /* 選択肢 */ + } + + /** + * Sample game: 果つることなき未来ヨリ + * + * Sample ecx: + * + * 03283A88 24 00 CD 02 76 16 02 00 24 00 CD 02 58 00 CD 02 $.ヘv.$.ヘX.ヘ + * 03283A98 BD 2D 01 00 1C 1C 49 03 14 65 06 00 14 65 06 00 ス-.Ie.e. + * this is ID, this is the same ID: 0x066514 + * 03283AA8 80 64 06 00 20 8C 06 00 24 00 6C 0D 00 00 10 00 €d. ・.$.l.... + * this is ID: 0x066480 + * 03283AB8 C8 F1 C2 00 21 00 00 00 48 A9 75 00 E8 A9 96 00 ネ.!...Hゥu.隧・ + * 03283AC8 00 00 00 00 48 80 4F 03 00 00 00 00 CC CC CC CC ....H€O....フフフフ + * 03283AD8 CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC フフフフフフフフフフフフフフフフ + */ + //struct ClassArgument // for ecx + //{ + // DWORD unknown[7], + // split1, // 0x20 - 9 + // split2; // 0x20 + // // split1 - split2 is always 0x94 + // DWORD split() const { return split1 - split2; } // + //}; + +static bool containsNamePunct_(const char *text) +{ + static const char *puncts[] = { + "\x81\x41" /* 、 */ + , "\x81\x43" /* , */ + , "\x81\x42" /* 。 */ + //, "\x81\x48" /* ? */ + , "\x81\x49" /* ! */ + , "\x81\x63" /* … */ + , "\x81\x64" /* ‥ */ + + //, "\x81\x79" /* 【 */ + //, "\x81\x7a" /* 】 */ + , "\x81\x75" /* 「 */ + , "\x81\x76" /* 」 */ + , "\x81\x77" /* 『 */ + , "\x81\x78" /* 』 */ + //, "\x81\x69" /* ( */ + //, "\x81\x6a" /* ) */ + //, "\x81\x6f" /* { */ + //, "\x81\x70" /* } */ + //, "\x81\x71" /* 〈 */ + //, "\x81\x72" /* 〉 */ + , "\x81\x6d" /* [ */ + , "\x81\x6e" /* ] */ + //, "\x81\x83", /* < */ + //, "\x81\x84", /* > */ + , "\x81\x65" /* ‘ */ + , "\x81\x66" /* ’ */ + , "\x81\x67" /* “ */ + , "\x81\x68" /* ” */ + }; + for (size_t i = 0; i < sizeof(puncts)/sizeof(*puncts); i++) + if (::strstr(text, puncts[i])) + return true; + + if (::strstr(text, "\x81\x48") /* ? */ + && !::strstr(text, "\x81\x48\x81\x48\x81\x48")) /* ??? */ + return true; + return false; +} + bool guessIsNameText(const char *text, size_t size) +{ + enum { MaximumNameSize = 0x10 }; + if (!size) + size = ::strlen(text); + return size < MaximumNameSize && !containsNamePunct_(text); +} + LPSTR trimmedText;size_t trimmedSize; + bool hookBefore(hook_stack*s,void* data, size_t* len,uintptr_t*role) + { + //static std::unordered_set hashes_; + auto text = (LPSTR)s->eax; // arg1 + if (!text || !*text || all_ascii(text)) + return false; + // Alternatively, if do not skip ascii chars, edx is always 0x4ef74 for Japanese texts + //if (s->edx != 0x4ef74) + // return true; + trimmedText = ltrim(text); + if (!trimmedText || !*trimmedText) + return false; + trimmedSize = rtrim(trimmedText); + * role = Engine::OtherRole; + //DOUT(QString::fromLocal8Bit((LPCSTR)s->esi)); + //auto splitText = (LPCSTR)s->esi; + //if (::strcmp(splitText, "MES_SETNAME")) // This is for scenario text with voice + //if (::strcmp(splitText, "MES_SETFACE")) + //if (::strcmp(splitText, "pcm")) // first scenario or history without text + // return true; + //auto retaddr = s->stack[1]; // caller + //auto retaddr = s->stack[13]; // parent caller + //auto split = *(DWORD *)s->esi; + //auto split = s->esi - s->eax; + //DOUT(split); + //auto self = (ClassArgument *)s->ecx; + //auto split = self->split(); + //enum { sig = 0 }; + auto self = s->ecx; + if (!Engine::isAddressWritable(self)) // old cs2 game such as Grisaia + self = s->stack[2]; // arg1 + ULONG groupId = self; + if (Engine::isAddressWritable(self)) + groupId = *(DWORD *)(self + 0x20); + { + static ULONG minimumGroupId_ = -1; // I assume scenario thread to have minimum groupId + + //if (session_.addText(groupId, Engine::hashCharArray(text))) { + if (groupId <= minimumGroupId_) { + minimumGroupId_ = groupId; + + *role = Engine::ScenarioRole; + if (isOtherText(text)) + *role = Engine::OtherRole; + else if (::isdigit(text[0])) + *role = Engine::ChoiceRole; + else if (trimmedText == text && !trimmedText[trimmedSize] // no prefix and suffix + && guessIsNameText(trimmedText, trimmedSize)) + *role = Engine::NameRole; + + } + } + + std::string oldData(trimmedText, trimmedSize); + strcpy((char*)data,oldData.c_str()); + *len=oldData.size(); + return true; + } + void hookafter(hook_stack*s,void* data, size_t len){ + + auto newData =std::string((char*)data,len); + if (trimmedText[trimmedSize]) + newData.append(trimmedText + trimmedSize); + ::strcpy(trimmedText, newData.c_str()); + } +} // namespace Private + +/** + * Sample game: 果つることなき未来ヨリ + * + * Debugging message: + * - Hook to GetGlyphOutlineA + * - Find "MES_SHOW" address on the stack + * Alternatively, find the address of "fes.int/flow.fes" immediately after the game is launched + * - Use hardware breakpoint to find out when "MES_SHOW" is overridden + * Only stop when text is written by valid scenario text. + * + * 00503ADE CC INT3 + * 00503ADF CC INT3 + * 00503AE0 8B4424 0C MOV EAX,DWORD PTR SS:[ESP+0xC] + * 00503AE4 8B4C24 04 MOV ECX,DWORD PTR SS:[ESP+0x4] + * 00503AE8 56 PUSH ESI + * 00503AE9 FF30 PUSH DWORD PTR DS:[EAX] + * 00503AEB E8 102F1600 CALL Hatsumir.00666A00 ; jichi: text in eax after this call + * 00503AF0 BE 18058900 MOV ESI,Hatsumir.00890518 ; ASCII "fes.int/flow.fes" + * 00503AF5 8BC8 MOV ECX,EAX ; jichi: esi is the target location + * 00503AF7 2BF0 SUB ESI,EAX + * 00503AF9 8DA424 00000000 LEA ESP,DWORD PTR SS:[ESP] + * 00503B00 8A11 MOV DL,BYTE PTR DS:[ECX] + * 00503B02 8D49 01 LEA ECX,DWORD PTR DS:[ECX+0x1] + * 00503B05 88540E FF MOV BYTE PTR DS:[ESI+ECX-0x1],DL ; jichi: target location modified here + * 00503B09 84D2 TEST DL,DL + * 00503B0B ^75 F3 JNZ SHORT Hatsumir.00503B00 + * 00503B0D 8B4C24 0C MOV ECX,DWORD PTR SS:[ESP+0xC] + * 00503B11 50 PUSH EAX + * 00503B12 68 18058900 PUSH Hatsumir.00890518 ; ASCII "fes.int/flow.fes" + * 00503B17 8B89 B4000000 MOV ECX,DWORD PTR DS:[ECX+0xB4] + * 00503B1D E8 EE030B00 CALL Hatsumir.005B3F10 + * 00503B22 B8 02000000 MOV EAX,0x2 + * 00503B27 5E POP ESI + * 00503B28 C2 1000 RETN 0x10 + * 00503B2B CC INT3 + * 00503B2C CC INT3 + * 00503B2D CC INT3 + * 00503B2E CC INT3 + * + * EAX 0353B1A0 ; jichi: text here + * ECX 00D86D08 + * EDX 0004EF74 + * EBX 00012DB2 + * ESP 0525EBAC + * EBP 0525ED6C + * ESI 00D86D08 + * EDI 00000000 + * EIP 00503AF0 Hatsumir.00503AF0 + * + * 0525EBAC 00D86D08 + * 0525EBB0 0066998E RETURN to Hatsumir.0066998E + * 0525EBB4 00D86D08 + * 0525EBB8 00B16188 + * 0525EBBC 035527D8 + * 0525EBC0 0525EBE4 + * 0525EBC4 00B16188 + * 0525EBC8 00D86D08 + * 0525EBCC 0525F62B ASCII "ript.kcs" + * 0525EBD0 00000004 + * 0525EBD4 00000116 + * 0525EBD8 00000003 + * 0525EBDC 00000003 + * 0525EBE0 00665C08 RETURN to Hatsumir.00665C08 + * 0525EBE4 CCCCCCCC + * 0525EBE8 0525F620 ASCII "kcs.int/sscript.kcs" + * 0525EBEC 00694D94 Hatsumir.00694D94 + * 0525EBF0 004B278F RETURN to Hatsumir.004B278F from Hatsumir.00666CA0 + * 0525EBF4 B3307379 + * 0525EBF8 0525ED04 + * 0525EBFC 00B16188 + * 0525EC00 0525ED04 + * 0525EC04 00B16188 + * 0525EC08 00CC5440 + * 0525EC0C 02368938 + * 0525EC10 0069448C ASCII "%s/%s" + * 0525EC14 00B45B18 ASCII "kcs.int" + * 0525EC18 00000001 + * 0525EC1C 023741E0 + * 0525EC20 0000000A + * 0525EC24 0049DBB3 RETURN to Hatsumir.0049DBB3 from Hatsumir.00605A84 + * 0525EC28 72637373 + * 0525EC2C 2E747069 + * 0525EC30 0073636B Hatsumir.0073636B + * 0525EC34 0525ED04 + * 0525EC38 0053ECDE RETURN to Hatsumir.0053ECDE from Hatsumir.004970C0 + * 0525EC3C 0525EC80 + * 0525EC40 023D9FB8 + * + * Alternative ruby hook: + * It will hook to the beginning of the Ruby processing function, which is not better than the current approach. + * http://lab.aralgood.com/index.php?mid=board_lecture&search_target=title_content&search_keyword=CS&document_srl=1993027 + * + * Sample game: Grisaia3 グリザイアの楽園 + * + * 004B00CB CC INT3 + * 004B00CC CC INT3 + * 004B00CD CC INT3 + * 004B00CE CC INT3 + * 004B00CF CC INT3 + * 004B00D0 8B4424 0C MOV EAX,DWORD PTR SS:[ESP+0xC] + * 004B00D4 8B08 MOV ECX,DWORD PTR DS:[EAX] + * 004B00D6 56 PUSH ESI + * 004B00D7 51 PUSH ECX + * 004B00D8 8B4C24 0C MOV ECX,DWORD PTR SS:[ESP+0xC] + * 004B00DC E8 7F191300 CALL .005E1A60 + * 004B00E1 BE D0E87B00 MOV ESI,.007BE8D0 + * 004B00E6 8BC8 MOV ECX,EAX + * 004B00E8 2BF0 SUB ESI,EAX + * 004B00EA 8D9B 00000000 LEA EBX,DWORD PTR DS:[EBX] + * 004B00F0 8A11 MOV DL,BYTE PTR DS:[ECX] + * 004B00F2 88140E MOV BYTE PTR DS:[ESI+ECX],DL + * 004B00F5 41 INC ECX + * 004B00F6 84D2 TEST DL,DL + * 004B00F8 ^75 F6 JNZ SHORT .004B00F0 + * 004B00FA 8B5424 0C MOV EDX,DWORD PTR SS:[ESP+0xC] + * 004B00FE 8B8A B4000000 MOV ECX,DWORD PTR DS:[EDX+0xB4] + * 004B0104 50 PUSH EAX + * 004B0105 68 D0E87B00 PUSH .007BE8D0 + * 004B010A E8 818D0600 CALL .00518E90 + * 004B010F B8 02000000 MOV EAX,0x2 + * 004B0114 5E POP ESI + * 004B0115 C2 1000 RETN 0x10 + * 004B0118 CC INT3 + * 004B0119 CC INT3 + * 004B011A CC INT3 + * 004B011B CC INT3 + * 004B011C CC INT3 + * + * Sample game: Grisaia1 グリザイアの果実 + * 00498579 CC INT3 + * 0049857A CC INT3 + * 0049857B CC INT3 + * 0049857C CC INT3 + * 0049857D CC INT3 + * 0049857E CC INT3 + * 0049857F CC INT3 + * 00498580 8B4424 0C MOV EAX,DWORD PTR SS:[ESP+0xC] + * 00498584 8B08 MOV ECX,DWORD PTR DS:[EAX] ; jichi: ecx is no longer a pointer + * 00498586 8B4424 04 MOV EAX,DWORD PTR SS:[ESP+0x4] + * 0049858A 56 PUSH ESI + * 0049858B E8 10920500 CALL Grisaia.004F17A0 + * 00498590 BE D89C7600 MOV ESI,Grisaia.00769CD8 ; ASCII "bgm01" + * 00498595 8BC8 MOV ECX,EAX + * 00498597 2BF0 SUB ESI,EAX + * 00498599 8DA424 00000000 LEA ESP,DWORD PTR SS:[ESP] + * 004985A0 8A11 MOV DL,BYTE PTR DS:[ECX] + * 004985A2 88140E MOV BYTE PTR DS:[ESI+ECX],DL + * 004985A5 41 INC ECX + * 004985A6 84D2 TEST DL,DL + * 004985A8 ^75 F6 JNZ SHORT Grisaia.004985A0 + * 004985AA 8B4C24 0C MOV ECX,DWORD PTR SS:[ESP+0xC] + * 004985AE 8B91 B4000000 MOV EDX,DWORD PTR DS:[ECX+0xB4] + * 004985B4 50 PUSH EAX + * 004985B5 68 D89C7600 PUSH Grisaia.00769CD8 ; ASCII "bgm01" + * 004985BA 52 PUSH EDX + * 004985BB E8 701C0600 CALL Grisaia.004FA230 + * 004985C0 B8 02000000 MOV EAX,0x2 + * 004985C5 5E POP ESI + * 004985C6 C2 1000 RETN 0x10 + * 004985C9 CC INT3 + * 004985CA CC INT3 + * 004985CB CC INT3 + * 004985CC CC INT3 + * 004985CD CC INT3 + */ +bool attach(ULONG startAddress, ULONG stopAddress) +{ + const uint8_t bytes[] = { + 0xe8, XX4, // 004b00dc e8 7f191300 call .005e1a60 ; jichi: hook after here + 0xbe, XX4, // 004b00e1 be d0e87b00 mov esi,.007be8d0 + 0x8b,0xc8, // 004b00e6 8bc8 mov ecx,eax + 0x2b,0xf0 // 004b00e8 2bf0 sub esi,eax + //XX2, XX, 0x00,0x00,0x00 // 004b00ea 8d9b 00000000 lea ebx,dword ptr ds:[ebx] + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if(addr==0)return false; + HookParam hp; + hp.address=addr+5; + hp.type=USING_STRING|EMBED_ABLE|EMBED_DYNA_SJIS; + hp.hook_before=Private::hookBefore; + hp.hook_after=Private::hookafter; + hp.hook_font=F_GetGlyphOutlineA; + hp.filter_fun=[](void* data, size_t* len, HookParam* hp){ + + static std::regex rx(R"(\[(.+?)/.+\])"); + auto _=std::regex_replace(std::string((char*)data,*len), rx, "$1"); + strcpy((char*)data,_.c_str());*len=_.size();return true; + + }; + + static ULONG p; + p=Patch::patchEncoding(startAddress, stopAddress) ; + if(p){ + hp.type|= EMBED_DYNA_SJIS; + hp.hook_font=F_GetGlyphOutlineA; + patch_fun=[](){ + ReplaceFunction((PVOID*)&p, (PVOID)(ULONG)Patch::Private::isLeadByteChar); + }; + + } + + return NewHook(hp,"EmbedCS2"); +} +} +} // namespace ScenarioHook +bool CatSystem::attach_function() { + auto embed=ScenarioHook::attach(processStartAddress,processStopAddress); + return InsertCatSystemHook()||InsertCatSystem2Hook()||embed; +} \ No newline at end of file diff --git a/LunaHook/engine32/CatSystem.h b/LunaHook/engine32/CatSystem.h new file mode 100644 index 0000000..31affc1 --- /dev/null +++ b/LunaHook/engine32/CatSystem.h @@ -0,0 +1,12 @@ +#include"engine.h" + +class CatSystem:public ENGINE{ + public: + CatSystem(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"*.int"; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Ciel.cpp b/LunaHook/engine32/Ciel.cpp new file mode 100644 index 0000000..4d155f2 --- /dev/null +++ b/LunaHook/engine32/Ciel.cpp @@ -0,0 +1,49 @@ +#include"Ciel.h" + +bool CielFilter(LPVOID data, size_t *size, HookParam *) +{ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + + if (*len == 1) return false; + + //StringCharReplacer(text, len, "^n", 2, ' '); + + return true; +} + +bool InsertCielHook() +{ + + /* + * Sample games: + * https://vndb.org/r26480 + * https://vndb.org/v1648 + * https://vndb.org/v10392 + */ + const BYTE bytes[] = { + 0x50, // push eax << hook here + 0xE8, XX4, // call FaultA.exe+81032 + 0x83, 0xC4, 0x04, // add esp,04 + 0x85, 0xC0, // test eax,eax + 0x74, 0x32, // je FaultA.exe+41FA6 + 0x81, 0x7C, 0x24, 0x10, XX4 // cmp [esp+10],000003FE + }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) return false; + + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::edi); + hp.index = 0; + hp.type = DATA_INDIRECT; + hp.filter_fun = CielFilter; + + return NewHook(hp, "Ciel"); +} +bool Ciel::attach_function() { + + return InsertCielHook(); +} \ No newline at end of file diff --git a/LunaHook/engine32/Ciel.h b/LunaHook/engine32/Ciel.h new file mode 100644 index 0000000..a0f62a5 --- /dev/null +++ b/LunaHook/engine32/Ciel.h @@ -0,0 +1,11 @@ +#include"engine.h" + +class Ciel:public ENGINE{ + public: + Ciel(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"sys/kidoku.dat"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Circus1.cpp b/LunaHook/engine32/Circus1.cpp new file mode 100644 index 0000000..b4cc527 --- /dev/null +++ b/LunaHook/engine32/Circus1.cpp @@ -0,0 +1,45 @@ +#include"Circus1.h" + /******************************************************************************************** +CIRCUS hook: + Game folder contains advdata folder. Used by CIRCUS games. + Usually has font caching issues. But trace back from GetGlyphOutline gives a hook + which generate repetition. + If we study circus engine follow Freaka's video, we can easily discover that + in the game main module there is a static buffer, which is filled by new text before + it's drawing to screen. By setting a hardware breakpoint there we can locate the + function filling the buffer. But we don't have to set hardware breakpoint to search + the hook address if we know some characteristic instruction(cmp al,0x24) around there. +********************************************************************************************/ +bool InsertCircusHook1() // jichi 10/2/2013: Change return type to bool +{ + for (DWORD i = processStartAddress + 0x1000; i < processStopAddress - 4; i++) + if (*(WORD *)i == 0xa3c) //cmp al, 0xA; je + for (DWORD j = i; j < i + 0x100; j++) { + BYTE c = *(BYTE *)j; + if (c == 0xc3) + break; + if (c == 0xe8) { + DWORD k = *(DWORD *)(j+1)+j+5; + if (k > processStartAddress && k < processStopAddress) { + HookParam hp; + hp.address = k; + hp.offset=get_stack(3); + hp.split =get_reg(regs::esp); + hp.type = DATA_INDIRECT|USING_SPLIT; + ConsoleOutput("INSERT CIRCUS#1"); + + //RegisterEngineType(ENGINE_CIRCUS); + return NewHook(hp, "Circus1"); + } + } + } + //break; + //ConsoleOutput("Unknown CIRCUS engine"); + ConsoleOutput("CIRCUS1: failed"); + return false; +} + +bool Circus1::attach_function() { + + return InsertCircusHook1(); +} \ No newline at end of file diff --git a/LunaHook/engine32/Circus1.h b/LunaHook/engine32/Circus1.h new file mode 100644 index 0000000..c3c3ece --- /dev/null +++ b/LunaHook/engine32/Circus1.h @@ -0,0 +1,11 @@ +#include"engine.h" + +class Circus1:public ENGINE{ + public: + Circus1(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"AdvData\\DAT\\NAMES.DAT"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Circus2.cpp b/LunaHook/engine32/Circus2.cpp new file mode 100644 index 0000000..1a944f6 --- /dev/null +++ b/LunaHook/engine32/Circus2.cpp @@ -0,0 +1,401 @@ +#include"Circus2.h" +#include"embed_util.h" +namespace{ + bool filter(void* data, size_t* len, HookParam* hp){ + if (strstr((char*)data,"@i")||strstr((char*)data,"@y"))return false; + //{てんきゅう/天穹} + if(strstr((char*)data,"\x81\x6f")&&strstr((char*)data,"\x81\x5e")&&strstr((char*)data,"\x81\x70")){ + StringFilter((char*)data, len, "\x81\x70", 2); + StringFilterBetween((char*)data,len, "\x81\x6f", 2, "\x81\x5e", 2); + } + return true; + }; +} +/** + * jichi 6/5/2014: Sample function from DC3 at 0x4201d0 + * 004201ce cc int3 + * 004201cf cc int3 + * 004201d0 /$ 8b4c24 08 mov ecx,dword ptr ss:[esp+0x8] + * 004201d4 |. 8a01 mov al,byte ptr ds:[ecx] + * 004201d6 |. 84c0 test al,al + * 004201d8 |. 74 1c je short dc3.004201f6 + * 004201da |. 8b5424 04 mov edx,dword ptr ss:[esp+0x4] + * 004201de |. 8bff mov edi,edi + * 004201e0 |> 3c 24 /cmp al,0x24 + * 004201e2 |. 75 05 |jnz short dc3.004201e9 + * 004201e4 |. 83c1 02 |add ecx,0x2 + * 004201e7 |. eb 04 |jmp short dc3.004201ed + * 004201e9 |> 8802 |mov byte ptr ds:[edx],al + * 004201eb |. 42 |inc edx + * 004201ec |. 41 |inc ecx + * 004201ed |> 8a01 |mov al,byte ptr ds:[ecx] + * 004201ef |. 84c0 |test al,al + * 004201f1 |.^75 ed \jnz short dc3.004201e0 + * 004201f3 |. 8802 mov byte ptr ds:[edx],al + * 004201f5 |. c3 retn + * 004201f6 |> 8b4424 04 mov eax,dword ptr ss:[esp+0x4] + * 004201fa |. c600 00 mov byte ptr ds:[eax],0x0 + * 004201fd \. c3 retn + */ +bool InsertCircusHook2() // jichi 10/2/2013: Change return type to bool +{ + for (DWORD i = processStartAddress + 0x1000; i < processStopAddress -4; i++) + if ((*(DWORD *)i & 0xffffff) == 0x75243c) { // cmp al, 24; je + if (DWORD j = SafeFindEnclosingAlignedFunction(i, 0x80)) { + HookParam hp; + hp.address = j; + hp.offset=get_stack(2); + //hp.filter_fun = CharNewLineFilter; // \n\s* is used to remove new line + hp.type = USING_STRING; + //GROWL_DWORD(hp.address); // jichi 6/5/2014: 0x4201d0 for DC3 + + //RegisterEngineType(ENGINE_CIRCUS); + return NewHook(hp, "Circus"); + } + break; + } + //ConsoleOutput("Unknown CIRCUS engine."); + ConsoleOutput("CIRCUS: failed"); + return false; +} +namespace{ + bool c2(){ + //D.C.III Dream Days~ダ・カーポIII~ドリームデイズ + auto entry=Util::FindImportEntry(processStartAddress,(DWORD)GetGlyphOutlineA); + DWORD funcaddr=0; + if(entry==0)return false; + for (auto addr : Util::SearchMemory(&entry, 4, PAGE_EXECUTE, processStartAddress, processStopAddress) ) { + DWORD _=0xCCCCCCCC; + funcaddr=reverseFindBytes((BYTE*)&_,4,addr-0x1000,addr); + //funcaddr=MemDbg::findEnclosingAlignedFunction(addr,0x1000);ConsoleOutput("%p",funcaddr); + } + if(funcaddr==0)return false; + funcaddr+=4; + HookParam hp; + hp.address = funcaddr; + hp.offset=get_stack(2); + hp.type = USING_STRING;//|EMBED_ABLE|EMBED_BEFORE_SIMPLE|EMBED_AFTER_NEW|EMBED_DYNA_SJIS; + //hp.hook_font=F_GetGlyphOutlineA; + //it will split a long to many lines + hp.filter_fun=filter; + + return NewHook(hp, "Circus2"); + } +} + +namespace { // unnamed + +// Skip leading tags such as @K and @c5 +template +strT ltrim(strT s) +{ + if (s && *s == '@') + while ((signed char)*++s > 0); + return s; +} + +namespace ScenarioHook { +namespace Private { + + DWORD nameReturnAddress_, + scenarioReturnAddress_; + + /** + * Sample game: DC3, function: 0x4201d0 + * + * IDA: sub_4201D0 proc near + * - arg_0 = dword ptr 4 + * - arg_4 = dword ptr 8 + * + * Observations: + * - arg1: LPVOID, pointed to unknown object + * - arg2: LPCSTR, the actual text + * + * Example runtime stack: + * 0012F15C 0040C208 RETURN to .0040C208 from .00420460 + * 0012F160 0012F7CC ; jichi: unknown stck + * 0012F164 0012F174 ; jichi: text + * 0012F168 0012F6CC + * 0012F16C 0012F7CC + * 0012F170 0012F7CC + */ + void hookafter(hook_stack*s,void* data, size_t len){ + + auto newData =std::string((char*)data,len); + LPCSTR text = (LPCSTR)s->stack[2], // arg2 + trimmedText = ltrim(text); + if (trimmedText != text) + newData.insert(0,std::string(text, trimmedText - text)); + auto ss=new char[newData.size()+1]; + strcpy(ss,newData.c_str()); + s->stack[2] =(ULONG)ss; // reset arg2 + + } + bool hookBefore(hook_stack*s,void* data, size_t* len,uintptr_t*role) + { + + LPCSTR text = (LPCSTR)s->stack[2], // arg2 + trimmedText = ltrim(text); + if (!trimmedText || !*trimmedText) + return false; + auto retaddr = s->stack[0]; // retaddr + * role = retaddr == scenarioReturnAddress_ ? Engine::ScenarioRole : + retaddr == nameReturnAddress_ ? Engine::NameRole : + Engine::OtherRole; + //s->ebx? Engine::OtherRole : // other threads ebx is not zero + //// 004201e4 |. 83c1 02 |add ecx,0x2 + //// 004201e7 |. eb 04 |jmp short dc3.004201ed + //*(BYTE *)(retaddr + 3) == 0xe9 // old name + //? Engine::NameRole : // retaddr+3 is jmp + //Engine::ScenarioRole; + + std::string oldData = trimmedText; + strcpy((char*)data,oldData.c_str()); + *len=oldData.size(); + return true; + } + + // Alternatively, using the following pattern bytes also works: + // + // 3c24750583c102eb0488024241 + // + // 004201e0 |> 3c 24 /cmp al,0x24 + // 004201e2 |. 75 05 |jnz short dc3.004201e9 + // 004201e4 |. 83c1 02 |add ecx,0x2 + // 004201e7 |. eb 04 |jmp short dc3.004201ed + // 004201e9 |> 8802 |mov byte ptr ds:[edx],al + // 004201eb |. 42 |inc edx + // 004201ec |. 41 |inc ecx + ULONG findFunctionAddress(ULONG startAddress, ULONG stopAddress) // find the function to hook + { + //return 0x4201d0; // DC3 function address + for (ULONG i = startAddress + 0x1000; i < stopAddress -4; i++) + // * 004201e0 |> 3c 24 /cmp al,0x24 + // * 004201e2 |. 75 05 |jnz short dc3.004201e9 + if ((*(ULONG *)i & 0xffffff) == 0x75243c) { // cmp al, 24; je + enum { range = 0x80 }; // the range is small, since it is a small function + if (ULONG addr = MemDbg::findEnclosingAlignedFunction(i, range)) + return addr; + } + return 0; + } + +} // namespace Private + +/** + * jichi 6/5/2014: Sample function from DC3 at 0x4201d0 + * + * Sample game: DC3PP + * 0042CE1E 68 E0F0B700 PUSH .00B7F0E0 + * 0042CE23 A3 0C824800 MOV DWORD PTR DS:[0x48820C],EAX + * 0042CE28 E8 A352FFFF CALL .004220D0 ; jichi: name thread + * 0042CE2D C705 08024D00 01>MOV DWORD PTR DS:[0x4D0208],0x1 + * 0042CE37 EB 52 JMP SHORT .0042CE8B + * 0042CE39 392D 08024D00 CMP DWORD PTR DS:[0x4D0208],EBP + * 0042CE3F 74 08 JE SHORT .0042CE49 + * 0042CE41 392D 205BB900 CMP DWORD PTR DS:[0xB95B20],EBP + * 0042CE47 74 07 JE SHORT .0042CE50 + * 0042CE49 C605 E0F0B700 00 MOV BYTE PTR DS:[0xB7F0E0],0x0 + * 0042CE50 8D5424 40 LEA EDX,DWORD PTR SS:[ESP+0x40] + * 0042CE54 52 PUSH EDX + * 0042CE55 68 30B5BA00 PUSH .00BAB530 + * 0042CE5A 892D 08024D00 MOV DWORD PTR DS:[0x4D0208],EBP + * 0042CE60 E8 6B52FFFF CALL .004220D0 ; jichi: scenario thread + * 0042CE65 C705 A0814800 FF>MOV DWORD PTR DS:[0x4881A0],-0x1 + * 0042CE6F 892D 2C824800 MOV DWORD PTR DS:[0x48822C],EBP + * + * Sample game: 水夏弐律 + * + * 004201ce cc int3 + * 004201cf cc int3 + * 004201d0 /$ 8b4c24 08 mov ecx,dword ptr ss:[esp+0x8] + * 004201d4 |. 8a01 mov al,byte ptr ds:[ecx] + * 004201d6 |. 84c0 test al,al + * 004201d8 |. 74 1c je short dc3.004201f6 + * 004201da |. 8b5424 04 mov edx,dword ptr ss:[esp+0x4] + * 004201de |. 8bff mov edi,edi + * 004201e0 |> 3c 24 /cmp al,0x24 + * 004201e2 |. 75 05 |jnz short dc3.004201e9 + * 004201e4 |. 83c1 02 |add ecx,0x2 + * 004201e7 |. eb 04 |jmp short dc3.004201ed + * 004201e9 |> 8802 |mov byte ptr ds:[edx],al + * 004201eb |. 42 |inc edx + * 004201ec |. 41 |inc ecx + * 004201ed |> 8a01 |mov al,byte ptr ds:[ecx] + * 004201ef |. 84c0 |test al,al + * 004201f1 |.^75 ed \jnz short dc3.004201e0 + * 004201f3 |. 8802 mov byte ptr ds:[edx],al + * 004201f5 |. c3 retn + * 004201f6 |> 8b4424 04 mov eax,dword ptr ss:[esp+0x4] + * 004201fa |. c600 00 mov byte ptr ds:[eax],0x0 + * 004201fd \. c3 retn + * + * Sample registers: + * EAX 0012F998 + * ECX 000000DB + * EDX 00000059 + * EBX 00000000 ; ebx is zero for name/scenario thread + * ESP 0012F96C + * EBP 00000003 + * ESI 00000025 + * EDI 000000DB + * EIP 022C0000 + * + * EAX 0012F174 + * ECX 0012F7CC + * EDX FDFBF80C + * EBX 0012F6CC + * ESP 0012F15C + * EBP 0012F5CC + * ESI 800000DB + * EDI 00000001 + * EIP 00420460 .00420460 + * + * EAX 0012F174 + * ECX 0012F7CC + * EDX FDFBF7DF + * EBX 0012F6CC + * ESP 0012F15C + * EBP 0012F5CC + * ESI 00000108 + * EDI 00000001 + * EIP 00420460 .00420460 + * + * 0042DC5D 52 PUSH EDX + * 0042DC5E 68 E038AC00 PUSH .00AC38E0 ; ASCII "Ami" + * 0042DC63 E8 F827FFFF CALL .00420460 ; jichi: name thread + * 0042DC68 83C4 08 ADD ESP,0x8 + * 0042DC6B E9 48000000 JMP .0042DCB8 + * 0042DC70 83FD 58 CMP EBP,0x58 + * 0042DC73 74 07 JE SHORT .0042DC7C + * 0042DC75 C605 E038AC00 00 MOV BYTE PTR DS:[0xAC38E0],0x0 + * 0042DC7C 8D4424 20 LEA EAX,DWORD PTR SS:[ESP+0x20] + * 0042DC80 50 PUSH EAX + * 0042DC81 68 0808AF00 PUSH .00AF0808 + * 0042DC86 E8 D527FFFF CALL .00420460 ; jichi: scenario thread + * 0042DC8B 83C4 08 ADD ESP,0x8 + * 0042DC8E 33C0 XOR EAX,EAX + * 0042DC90 C705 D0DF4700 FF>MOV DWORD PTR DS:[0x47DFD0],-0x1 + * 0042DC9A A3 0CE04700 MOV DWORD PTR DS:[0x47E00C],EAX + * 0042DC9F A3 940EB200 MOV DWORD PTR DS:[0xB20E94],EAX + * 0042DCA4 A3 2C65AC00 MOV DWORD PTR DS:[0xAC652C],EAX + * 0042DCA9 C705 50F9AC00 59>MOV DWORD PTR DS:[0xACF950],0x59 + * 0042DCB3 A3 3C70AE00 MOV DWORD PTR DS:[0xAE703C],EAX + */ +bool attach(ULONG startAddress, ULONG stopAddress) +{ + ULONG addr = Private::findFunctionAddress(startAddress, stopAddress); + if (!addr) + return false; + // Find the nearest two callers (distance within 100) + ULONG lastCall = 0; + auto fun = [&lastCall](ULONG call) -> bool { + // scenario: 0x42b78c + // name: 0x42b754 + if (call - lastCall < 100) { + Private::scenarioReturnAddress_ = call + 5; + Private::nameReturnAddress_ = lastCall + 5; + return false; // found target + } + lastCall = call; + return true; // replace all functions + }; + MemDbg::iterNearCallAddress(fun, addr, startAddress, stopAddress); + if (!Private::scenarioReturnAddress_ && lastCall) { + Private::scenarioReturnAddress_ = lastCall + 5; + } + HookParam hp; + hp.address=addr; + hp.filter_fun=filter; + hp.hook_before=Private::hookBefore; + hp.hook_after=Private::hookafter; + hp.hook_font=F_GetGlyphOutlineA; + hp.type=USING_STRING|EMBED_ABLE|NO_CONTEXT|EMBED_DYNA_SJIS; + + + return NewHook(hp,"EmbedCircus"); +} + +} // namespace ScenarioHook + +} // unnamed namespace +bool InsertCircusHook3() +{ + /* + * Sample games: + * https://vndb.org/v20218 + */ + const BYTE bytes[] = { + 0xCC, // int 3 + 0x81, 0xEC, XX4, // sub esp,000004E0 << hook here + 0xA1, XX4, // mov eax,[DSIF.EXE+AD288] + 0x33, 0xC4, // xor eax,esp + 0x89, 0x84, 0x24, XX4, // mov [esp+000004DC],eax + 0x8B, 0x84, 0x24, XX4, // mov eax,[esp+000004E4] + 0x53, // push ebx + 0x55, // push ebp + 0x56, // push esi + 0x8B, 0xB4, 0x24, XX4 // mov esi,[esp+000004F4] + }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + return false; + } + + HookParam hp; + hp.address = addr + 1; + hp.offset=get_reg(regs::esi); + hp.split = get_reg(regs::ecx); + hp.type = USING_STRING | USING_SPLIT; + return NewHook(hp, "Circus3"); +} + +bool CircusFilter(LPVOID data, size_t *size, HookParam *) +{ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + + //ConsoleOutput("debug:Circus: -%.*s-", *len, text); + if (*len <= 1 || cpp_strnstr(text, "\\", *len) || (text[0] == '&' && text[1] == 'n')) + return false; + + CharReplacer(text, len, '\n', ' '); + + return true; +} + +bool InsertCircusHook4() +{ + /* + * Sample games: + * https://vndb.org/r46909 + */ + const BYTE bytes[] = { + 0x83, 0xF8, 0xFF, // cmp eax,-01 << hook here + 0x0F, 0x84, XX4, // je DST.exe+1BCF0 + 0x8B, 0x0D, XX4 // mov ecx,[DST.exe+A41F0] + }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::edx); + hp.split =get_stack(4); //arg4 + hp.padding = 0x40; + hp.type = USING_STRING | USING_SPLIT; + hp.filter_fun = CircusFilter; + + return NewHook(hp, "Circus4"); +} +bool Circus2::attach_function() { + bool ch2=InsertCircusHook2(); + bool _1= ch2||c2(); + bool _2=ch2|| InsertCircusHook3() || InsertCircusHook4(); + bool embed=ScenarioHook::attach(processStartAddress,processStopAddress); + return _1||embed||_2; +} \ No newline at end of file diff --git a/LunaHook/engine32/Circus2.h b/LunaHook/engine32/Circus2.h new file mode 100644 index 0000000..c73c90d --- /dev/null +++ b/LunaHook/engine32/Circus2.h @@ -0,0 +1,11 @@ +#include"engine.h" + +class Circus2:public ENGINE{ + public: + Circus2(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"AdvData\\GRP\\NAMES.DAT"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/CodeX.cpp b/LunaHook/engine32/CodeX.cpp new file mode 100644 index 0000000..dd1b6db --- /dev/null +++ b/LunaHook/engine32/CodeX.cpp @@ -0,0 +1,79 @@ +#include"CodeX.h" + +bool CodeXFilter(LPVOID data, size_t *size, HookParam *) +{ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + + StringCharReplacer(text, len, "^n", 2, ' '); + + //|晒[さら] + std::string result = std::string((char*)data,*len); + result = std::regex_replace(result, std::regex("\\|(.+?)\\[(.+?)\\]"), "$1"); + *len = (result.size()); + strcpy((char*)data, result.c_str());return true; + return true; +} + +bool InsertCodeXHook() +{ + + /* + * Sample games: + * https://vndb.org/v41664 + * https://vndb.org/v36122 + */ + const BYTE bytes[] = { + 0x83, 0xC4, 0x08, // add esp,08 << hook here + 0x8D, 0x85, XX4, // lea eax,[ebp-00000218] + 0x50, // push eax + 0x68, XX4, // push ???????????!.exe+10A76C + 0x85, 0xF6, // test esi,esi + 0x74, 0x4F, // je ???????????!.exe+2A95B + 0xFF, 0x15, XX4, // call dword ptr [???????????!.exe+C8140] + 0x8B, 0x85, XX4 // mov eax,[ebp-00000220] << alternative hook here + }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + ConsoleOutput("CodeX: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::eax); + hp.index = 0; + hp.type = USING_STRING; + hp.filter_fun = CodeXFilter; + ConsoleOutput("INSERT CodeX"); + + return NewHook(hp, "CodeX"); +} +namespace{ + bool hook(){ + //霞外籠逗留記 + BYTE _[]={0x90,0x90,0x68,0x64,0x7B,0x4C,0x00}; //aHdL db 'hd{L',0 + ULONG addr = MemDbg::findBytes(_, sizeof(_), processStartAddress, processStopAddress); + if(addr==0)return false; + addr+=2; + BYTE bytes[]={0x68,XX4}; + memcpy(bytes+1,&addr,4); + auto addrs = Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE, processStartAddress, processStopAddress); + bool succ=false; + for(auto adr:addrs){ + adr=MemDbg::findEnclosingAlignedFunction(adr); + if(adr==0)continue; + HookParam hp; + hp.address = adr; + hp.offset=get_stack(1); + hp.type = CODEC_ANSI_BE; + succ|=NewHook(hp, "CodeX"); + } + return succ; + } +} +bool CodeX::attach_function() { + return InsertCodeXHook()||hook(); +} \ No newline at end of file diff --git a/LunaHook/engine32/CodeX.h b/LunaHook/engine32/CodeX.h new file mode 100644 index 0000000..4c2c5a4 --- /dev/null +++ b/LunaHook/engine32/CodeX.h @@ -0,0 +1,12 @@ +#include"engine.h" + +class CodeX:public ENGINE{ + public: + CodeX(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"*.xfl"; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Cotopha.cpp b/LunaHook/engine32/Cotopha.cpp new file mode 100644 index 0000000..356f572 --- /dev/null +++ b/LunaHook/engine32/Cotopha.cpp @@ -0,0 +1,667 @@ +#include"Cotopha.h" +#include"embed_util.h" +#define s2_mov_ecx_edi 0xcf8b + +namespace { // unnamed + +namespace ScenarioHook { + +namespace Private { + + /** + * Sample game: お兄ちゃん、右手の使用を禁止します! (old type) + * + * - Name + * + * EAX 00000000 + * ECX 04A4C058 + * EDX 00713FD8 .00713FD8 + * EBX 17F90130 + * ESP 0012EBBC + * EBP 0020C5A8 + * ESI 04A4B678 + * EDI 04A4C058 + * EIP 005C2E20 .005C2E20 + * + * 0012EBBC 0055D210 RETURN to .0055D210 + * 0012EBC0 17F90130 + * 0012EBC4 04A4B678 + * 0012EBC8 00000000 + * 0012EBCC 0020C5A8 + * 0012EBD0 00000000 ; jichi: used to identify name + * 0012EBD4 00000000 + * 0012EBD8 04A4B678 + * 0012EBDC 00000000 + * 0012EBE0 0020C5A8 + * 0012EBE4 00000000 + * 0012EBE8 0055C58F RETURN to .0055C58F from .0046CD30 + * 0012EBEC 0012EC54 + * 0012EBF0 0055C5A3 RETURN to .0055C5A3 from .0055D180 + * 0012EBF4 04A4C058 + * 0012EBF8 04A4B678 + * + * - Scenario + * + * EAX 00000000 + * ECX 04A4CC30 + * EDX 00713FD8 .00713FD8 + * EBX 17F90170 + * ESP 0012EBBC + * EBP 00000015 + * ESI 04A4C250 + * EDI 04A4CC30 + * EIP 005C2E20 .005C2E20 + * + * 0012EBBC 0055D210 RETURN to .0055D210 + * 0012EBC0 17F90170 + * 0012EBC4 04A4C250 + * 0012EBC8 0000001E ; jichi: old game arg3 is 1e + * 0012EBCC 00000015 + * 0012EBD0 00000002 + * 0012EBD4 00000002 + * 0012EBD8 04A4C250 + * 0012EBDC 0000001E + * 0012EBE0 00000015 + * 0012EBE4 00000000 + * 0012EBE8 0055C58F RETURN to .0055C58F from .0046CD30 + * 0012EBEC 0012EC54 + * 0012EBF0 0055C5A3 RETURN to .0055C5A3 from .0055D180 + * + * Caller of the scenario/name thread: + * 0055D207 8BCF MOV ECX,EDI + * 0055D209 897C24 34 MOV DWORD PTR SS:[ESP+0x34],EDI + * 0055D20D FF52 14 CALL DWORD PTR DS:[EDX+0x14] ; jichi: called here + * 0055D210 8BCF MOV ECX,EDI ; jichi: retaddr is here + * 0055D212 894424 18 MOV DWORD PTR SS:[ESP+0x18],EAX + * 0055D216 E8 456D0600 CALL .005C3F60 + * 0055D21B 33C9 XOR ECX,ECX + * 0055D21D 894424 14 MOV DWORD PTR SS:[ESP+0x14],EAX + * 0055D221 3BC1 CMP EAX,ECX + * 0055D223 76 06 JBE SHORT .0055D22B + * + * Sample game: キスと魔王と紅茶 (very old type) + * + * - Name: + * + * EAX 0A4106C0 ASCII "ゥa" + * ECX 0012F594 + * EDX 0058032C ASCII "pgM" + * EBX 00000000 + * ESP 0012F4F4 + * EBP 00000003 + * ESI 0012F618 + * EDI 0012F594 + * EIP 004D52B0 .004D52B0 + * + * 0012F4F4 004DBFF2 RETURN to .004DBFF2 + * 0012F4F8 0A4106C0 ASCII "ゥa" + * 0012F4FC 0012F698 + * 0012F500 0012F618 + * 0012F504 0296EA58 + * 0012F508 00000000 ; jichi: used to identify name + * 0012F50C 0A40EC00 + * 0012F510 00000000 + * 0012F514 000000F9 + * 0012F518 00005DC8 + * 0012F51C 00580304 ASCII "PgM" + * 0012F520 D90A0DDD + * 0012F524 00000018 + * 0012F528 00000000 + * + * - Scenario: + * + * EAX 00000000 + * ECX 01B69134 + * EDX 0058032C ASCII "pgM" + * EBX 09E82E88 + * ESP 0012F548 + * EBP 00000016 + * ESI 01B68A70 + * EDI 01B69134 + * EIP 004D52B0 .004D52B0 + * + * 0012F548 004B5210 RETURN to .004B5210 + * 0012F54C 09E82E88 + * 0012F550 01B68A70 + * 0012F554 00000018 + * 0012F558 00000016 + * 0012F55C 00000009 + * 0012F560 01B69134 + * 0012F564 01B68A70 + * 0012F568 00000018 + * 0012F56C 00000016 + * 0012F570 00000000 + * 0012F574 004B459F RETURN to .004B459F from .0040DE50 + * 0012F578 0012F5E0 + * 0012F57C 004B45B3 RETURN to .004B45B3 from .004B5180 + * 0012F580 09E82E88 + * 0012F584 00000000 + * 0012F588 0012FC78 + * 0012F58C 00000000 + * 0012F590 01B68A70 + * 0012F594 005655D0 .005655D0 + * 0012F598 0057BB80 .0057BB80 + * 0012F59C 0A419628 + * + * Caller of the name/scenario thread + * + * 004B517D 90 NOP + * 004B517E 90 NOP + * 004B517F 90 NOP + * 004B5180 83EC 1C SUB ESP,0x1C + * 004B5183 53 PUSH EBX + * 004B5184 55 PUSH EBP + * 004B5185 8B5C24 28 MOV EBX,DWORD PTR SS:[ESP+0x28] + * 004B5189 56 PUSH ESI + * 004B518A 8BF1 MOV ESI,ECX + * 004B518C 57 PUSH EDI + * 004B518D 8B86 A0050000 MOV EAX,DWORD PTR DS:[ESI+0x5A0] + * 004B5193 85C0 TEST EAX,EAX + * 004B5195 74 63 JE SHORT .004B51FA + * 004B5197 53 PUSH EBX + * 004B5198 8D8E C4060000 LEA ECX,DWORD PTR DS:[ESI+0x6C4] + * 004B519E E8 3DFD0100 CALL .004D4EE0 + * 004B51A3 8BF8 MOV EDI,EAX + * 004B51A5 8D86 D4060000 LEA EAX,DWORD PTR DS:[ESI+0x6D4] + * 004B51AB 8B8E EC060000 MOV ECX,DWORD PTR DS:[ESI+0x6EC] + * 004B51B1 8BAE F0060000 MOV EBP,DWORD PTR DS:[ESI+0x6F0] + * 004B51B7 8B10 MOV EDX,DWORD PTR DS:[EAX] + * 004B51B9 895424 1C MOV DWORD PTR SS:[ESP+0x1C],EDX + * 004B51BD 8B50 04 MOV EDX,DWORD PTR DS:[EAX+0x4] + * 004B51C0 895424 20 MOV DWORD PTR SS:[ESP+0x20],EDX + * 004B51C4 8B50 08 MOV EDX,DWORD PTR DS:[EAX+0x8] + * 004B51C7 8B40 0C MOV EAX,DWORD PTR DS:[EAX+0xC] + * 004B51CA 894424 28 MOV DWORD PTR SS:[ESP+0x28],EAX + * 004B51CE 8BC2 MOV EAX,EDX + * 004B51D0 2BC1 SUB EAX,ECX + * 004B51D2 3BF8 CMP EDI,EAX + * 004B51D4 7F 24 JG SHORT .004B51FA + * 004B51D6 83BE A0050000 03 CMP DWORD PTR DS:[ESI+0x5A0],0x3 + * 004B51DD 75 0B JNZ SHORT .004B51EA + * 004B51DF 2BC7 SUB EAX,EDI + * 004B51E1 99 CDQ + * 004B51E2 2BC2 SUB EAX,EDX + * 004B51E4 D1F8 SAR EAX,1 + * 004B51E6 03C8 ADD ECX,EAX + * 004B51E8 EB 04 JMP SHORT .004B51EE + * 004B51EA 2BD7 SUB EDX,EDI + * 004B51EC 8BCA MOV ECX,EDX + * 004B51EE 898E EC060000 MOV DWORD PTR DS:[ESI+0x6EC],ECX + * 004B51F4 89AE F0060000 MOV DWORD PTR DS:[ESI+0x6F0],EBP + * 004B51FA 8B96 C4060000 MOV EDX,DWORD PTR DS:[ESI+0x6C4] + * 004B5200 8DBE C4060000 LEA EDI,DWORD PTR DS:[ESI+0x6C4] + * 004B5206 53 PUSH EBX + * 004B5207 8BCF MOV ECX,EDI + * 004B5209 897C24 14 MOV DWORD PTR SS:[ESP+0x14],EDI + * 004B520D FF52 10 CALL DWORD PTR DS:[EDX+0x10] ; jichi: called here + * 004B5210 8BCF MOV ECX,EDI ; jichi: retaddr is here + * 004B5212 894424 18 MOV DWORD PTR SS:[ESP+0x18],EAX + * 004B5216 E8 85120200 CALL .004D64A0 + * 004B521B 33ED XOR EBP,EBP + * 004B521D 894424 14 MOV DWORD PTR SS:[ESP+0x14],EAX + * 004B5221 3BC5 CMP EAX,EBP + * 004B5223 76 06 JBE SHORT .004B522B + * 004B5225 89AE A0050000 MOV DWORD PTR DS:[ESI+0x5A0],EBP + * 004B522B 85C0 TEST EAX,EAX + * 004B522D 896C24 30 MOV DWORD PTR SS:[ESP+0x30],EBP + * 004B5231 76 68 JBE SHORT .004B529B + * 004B5233 55 PUSH EBP + * 004B5234 8BCF MOV ECX,EDI + * 004B5236 E8 75120200 CALL .004D64B0 + * 004B523B 85C0 TEST EAX,EAX + * 004B523D 74 4F JE SHORT .004B528E + * 004B523F 50 PUSH EAX + * 004B5240 8BCE MOV ECX,ESI + * 004B5242 E8 69000000 CALL .004B52B0 + * 004B5247 8BD8 MOV EBX,EAX + * 004B5249 85DB TEST EBX,EBX + * 004B524B 74 41 JE SHORT .004B528E + * 004B524D 8B86 C0060000 MOV EAX,DWORD PTR DS:[ESI+0x6C0] + * 004B5253 8B8E B0060000 MOV ECX,DWORD PTR DS:[ESI+0x6B0] + * 004B5259 8BAE 30070000 MOV EBP,DWORD PTR DS:[ESI+0x730] + * 004B525F 8DBE 28070000 LEA EDI,DWORD PTR DS:[ESI+0x728] + * 004B5265 03C8 ADD ECX,EAX + * 004B5267 6A 00 PUSH 0x0 + * 004B5269 8D55 01 LEA EDX,DWORD PTR SS:[EBP+0x1] + * 004B526C 898E C0060000 MOV DWORD PTR DS:[ESI+0x6C0],ECX + * 004B5272 52 PUSH EDX + * 004B5273 8BCF MOV ECX,EDI + * 004B5275 8983 C0000000 MOV DWORD PTR DS:[EBX+0xC0],EAX + * 004B527B E8 8003F8FF CALL .00435600 + * 004B5280 8B47 04 MOV EAX,DWORD PTR DS:[EDI+0x4] + * 004B5283 8B7C24 10 MOV EDI,DWORD PTR SS:[ESP+0x10] + * 004B5287 891CA8 MOV DWORD PTR DS:[EAX+EBP*4],EBX + * 004B528A 8B6C24 30 MOV EBP,DWORD PTR SS:[ESP+0x30] + * 004B528E 8B4424 14 MOV EAX,DWORD PTR SS:[ESP+0x14] + * 004B5292 45 INC EBP + * 004B5293 3BE8 CMP EBP,EAX + * 004B5295 896C24 30 MOV DWORD PTR SS:[ESP+0x30],EBP + * 004B5299 ^72 98 JB SHORT .004B5233 + * 004B529B 8BCF MOV ECX,EDI + * 004B529D E8 2E120200 CALL .004D64D0 + * 004B52A2 8B4424 18 MOV EAX,DWORD PTR SS:[ESP+0x18] + * 004B52A6 5F POP EDI + * 004B52A7 5E POP ESI + * 004B52A8 5D POP EBP + * 004B52A9 5B POP EBX + * 004B52AA 83C4 1C ADD ESP,0x1C + * 004B52AD C2 0400 RETN 0x4 + * 004B52B0 64:A1 00000000 MOV EAX,DWORD PTR FS:[0] + * 004B52B6 6A FF PUSH -0x1 + * 004B52B8 68 A1F15200 PUSH .0052F1A1 + * 004B52BD 50 PUSH EAX + * 004B52BE 64:8925 00000000 MOV DWORD PTR FS:[0],ESP + * 004B52C5 81EC CC000000 SUB ESP,0xCC + * 004B52CB 56 PUSH ESI + * 004B52CC 8BF1 MOV ESI,ECX + * 004B52CE 8B8C24 E0000000 MOV ECX,DWORD PTR SS:[ESP+0xE0] + * 004B52D5 57 PUSH EDI + * 004B52D6 85C9 TEST ECX,ECX + * 004B52D8 75 07 JNZ SHORT .004B52E1 + * 004B52DA 33C0 XOR EAX,EAX + * 004B52DC E9 55060000 JMP .004B5936 + * 004B52E1 8B79 14 MOV EDI,DWORD PTR DS:[ECX+0x14] + * 004B52E4 85FF TEST EDI,EDI + * 004B52E6 897C24 18 MOV DWORD PTR SS:[ESP+0x18],EDI + * 004B52EA 75 07 JNZ SHORT .004B52F3 + * 004B52EC 33C0 XOR EAX,EAX + * 004B52EE E9 43060000 JMP .004B5936 + * 004B52F3 8A86 AA060000 MOV AL,BYTE PTR DS:[ESI+0x6AA] + * 004B52F9 84C0 TEST AL,AL + * 004B52FB 74 51 JE SHORT .004B534E + * 004B52FD 8B01 MOV EAX,DWORD PTR DS:[ECX] + * 004B52FF 8D5424 08 LEA EDX,DWORD PTR SS:[ESP+0x8] + * 004B5303 52 PUSH EDX + * 004B5304 FF50 34 CALL DWORD PTR DS:[EAX+0x34] + * 004B5307 8D86 D4060000 LEA EAX,DWORD PTR DS:[ESI+0x6D4] + * 004B530D 8B8E D4060000 MOV ECX,DWORD PTR DS:[ESI+0x6D4] + * 004B5313 894C24 48 MOV DWORD PTR SS:[ESP+0x48],ECX + * 004B5317 8B50 04 MOV EDX,DWORD PTR DS:[EAX+0x4] + * 004B531A 895424 4C MOV DWORD PTR SS:[ESP+0x4C],EDX + * 004B531E 8B48 08 MOV ECX,DWORD PTR DS:[EAX+0x8] + * 004B5321 894C24 50 MOV DWORD PTR SS:[ESP+0x50],ECX + * 004B5325 8A8E 14070000 MOV CL,BYTE PTR DS:[ESI+0x714] + * 004B532B 8B40 0C MOV EAX,DWORD PTR DS:[EAX+0xC] + * 004B532E 84C9 TEST CL,CL + * 004B5330 75 0D JNZ SHORT .004B533F + * 004B5332 394424 0C CMP DWORD PTR SS:[ESP+0xC],EAX + * 004B5336 7E 16 JLE SHORT .004B534E + * 004B5338 33C0 XOR EAX,EAX + * 004B533A E9 F7050000 JMP .004B5936 + * + * Sample game: プライマルハーツ (new type), 0x54bd80 + * Name: + * 0012EB5C 004DACB0 RETURN to .004DACB0 + * 0012EB60 05067E40 + * 0012EB64 0000001E ; jichi: new game arg2 is 1e + * 0012EB68 0012ECA8 + * 0012EB6C 008D3E48 + * 0012EB70 004512DB RETURN to .004512DB from .00450FE0 + * 0012EB74 0000001E + * 0012EB78 00000025 + * 0012EB7C 0012ECA8 + * 0012EB80 008D3E48 + * 0012EB84 0000001E + * 0012EB88 004DA1CB RETURN to .004DA1CB from .00451280 + * 0012EB8C 004DA1DF RETURN to .004DA1DF from .004DAC20 ; jichi: 004DAC20 is a better place to hook to + * 0012EB90 05067E40 + * 0012EB94 5D9C7C59 + * 0012EB98 00000000 + * 0012EB9C 008D3E48 + * 0012EBA0 00000000 + * 0012EBA4 00000000 + * 0012EBA8 1600C8C8 + * 0012EBAC 006835B4 .006835B4 + * 0012EBB0 1621BBF0 UNICODE "\h:\f;MsgFont:\s:\c;E6ADFA:\v:" + * 0012EBB4 00000025 + * + * 0012EB5C 004DACB0 RETURN to .004DACB0 + * 0012EB60 05000420 + * 0012EB64 0000001E + * 0012EB68 0012ECA8 + * 0012EB6C 008D3E48 + * 0012EB70 004512DB RETURN to .004512DB from .00450FE0 + * 0012EB74 0000001E + * 0012EB78 00000022 + * 0012EB7C 0012ECA8 + * 0012EB80 008D3E48 + * 0012EB84 0000001E + * 0012EB88 004DA1CB RETURN to .004DA1CB from .00451280 + * 0012EB8C 004DA1DF RETURN to .004DA1DF from .004DAC20 + * 0012EB90 05000420 + * 0012EB94 5D9C7C59 + * 0012EB98 00000000 + * 0012EB9C 008D3E48 + * 0012EBA0 00000000 + * 0012EBA4 00000000 + * 0012EBA8 05000C90 + * 0012EBAC 006835B4 .006835B4 + * 0012EBB0 05000F40 UNICODE "\h:\f;MsgFont:\s:\c;DAD4FF:\v:" + * 0012EBB4 00000022 + * 0012EBB8 00000034 + * 0012EBBC 00000022 + * 0012EBC0 FFFFFFFF + * 0012EBC4 7C00FFFF + * 0012EBC8 78000000 + * 0012EBCC F8000001 + * 0012EBD0 00000000 + * 0012EBD4 58001384 + * 0012EBD8 28000000 + * 0012EBDC 28000000 + * 0012EBE0 00000048 + * 0012EBE4 00655A28 .00655A28 + * 0012EBE8 05000420 + * 0012EBEC 00000004 + * 0012EBF0 00000007 + * 0012EBF4 00210030 + * 0012EBF8 00000000 + * 0012EBFC 00DAD4FF + * 0012EC00 0012EC98 + * 0012EC04 00000001 + * + * EAX 0054BD80 .0054BD80 + * ECX 008D4848 + * EDX 0069E80C .0069E80C + * EBX 05067E40 + * ESP 0012EB5C + * EBP 0012ECA8 + * ESI 008D3E48 + * EDI 0000001E + * EIP 0054BD80 .0054BD80 + * + * 004DAC98 89AE 300A0000 MOV DWORD PTR DS:[ESI+0xA30],EBP + * 004DAC9E 8B96 000A0000 MOV EDX,DWORD PTR DS:[ESI+0xA00] + * 004DACA4 8B42 14 MOV EAX,DWORD PTR DS:[EDX+0x14] + * 004DACA7 8D8E 000A0000 LEA ECX,DWORD PTR DS:[ESI+0xA00] + * 004DACAD 53 PUSH EBX + * 004DACAE FFD0 CALL EAX ; jichi: called here + * 004DACB0 8B8E 100A0000 MOV ECX,DWORD PTR DS:[ESI+0xA10] + * 004DACB6 894424 14 MOV DWORD PTR SS:[ESP+0x14],EAX + * 004DACBA 8B41 08 MOV EAX,DWORD PTR DS:[ECX+0x8] + * 004DACBD 33FF XOR EDI,EDI + * 004DACBF 3BC7 CMP EAX,EDI + * 004DACC1 894424 10 MOV DWORD PTR SS:[ESP+0x10],EAX + * + * ecx: + * 01814848 0C E8 69 00 60 C7 F8 13 00 00 00 00 00 00 00 00 i읠ᏸ.... + * 01814858 28 3E 81 01 00 00 00 00 00 00 00 00 80 01 00 00 㸨Ɓ....ƀ. ; jichi: 810 is the width and 26 the height to paint + * 01814868 26 00 00 00 FF FF FF 00 00 00 00 00 00 00 00 00 &..ÿ.... + * 01814878 00 00 00 00 26 00 00 00 00 00 00 00 00 00 00 00 ..&..... + * 01814888 06 00 00 00 03 00 00 00 28 5A 65 00 98 3D 81 01 ..娨e㶘Ɓ + * 01814898 2C 00 00 00 43 00 00 00 00 01 01 00 BA C1 1E 77 ,.C.Ā솺眞 + * 018148A8 35 FC 1C 77 20 FF 1C 77 90 16 38 0B 64 D5 68 00 ﰵ眜@眜ᚐସ핤h + * 018148B8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ + * 018148C8 7E 31 00 00 4C 03 00 00 00 00 00 00 00 00 00 00 ㅾ.͌..... + * 018148D8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ + * 018148E8 00 00 00 00 00 00 F0 3F 00 00 00 00 00 00 F0 3F ...㿰...㿰 + * 018148F8 00 00 00 00 00 00 00 00 94 C3 67 00 00 00 00 00 ....쎔g.. + * + * 01814848 0C E8 69 00 58 EC E4 03 00 00 00 00 00 00 00 00 iϤ.... + * 01814858 28 3E 81 01 00 00 00 00 00 00 00 00 80 01 00 00 㸨Ɓ....ƀ. + * 01814868 26 00 00 00 FF FF FF 00 00 00 00 00 00 00 00 00 &..ÿ.... + * 01814878 00 00 00 00 26 00 00 00 00 00 00 00 00 00 00 00 ..&..... + * 01814888 06 00 00 00 03 00 00 00 28 5A 65 00 98 3D 81 01 ..娨e㶘Ɓ + * 01814898 2C 00 00 00 43 00 00 00 00 01 01 00 BA C1 1E 77 ,.C.Ā솺眞 + * 018148A8 35 FC 1C 77 20 FF 1C 77 90 16 38 0B 64 D5 68 00 ﰵ眜@眜ᚐସ핤h + * 018148B8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ + * 018148C8 4B 4F 00 00 4C 03 00 00 00 00 00 00 00 00 00 00 佋.͌..... + * 018148D8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ + * 018148E8 00 00 00 00 00 00 F0 3F 00 00 00 00 00 00 F0 3F ...㿰...㿰 + * 018148F8 00 00 00 00 00 00 00 00 94 C3 67 00 00 00 00 00 ....쎔g.. + * + * Scenario: + * EAX 0054BD80 .0054BD80 + * ECX 008D3C50 + * EDX 0069E80C .0069E80C + * EBX 1621C280 + * ESP 0012EB5C + * EBP 0012ECA8 + * ESI 008D3250 + * EDI 0000001E + * EIP 0054BD80 .0054BD80 + * + * 0012EB5C 004DACB0 RETURN to .004DACB0 + * 0012EB60 1621C280 + * 0012EB64 0000001E + * 0012EB68 0012ECA8 + * 0012EB6C 008D3250 + * 0012EB70 004512DB RETURN to .004512DB from .00450FE0 + * 0012EB74 0000001E + * 0012EB78 00000041 + * 0012EB7C 0012ECA8 + * 0012EB80 008D3250 + * 0012EB84 0000001E + * 0012EB88 004DA1CB RETURN to .004DA1CB from .00451280 + * 0012EB8C 004DA1DF RETURN to .004DA1DF from .004DAC20 + * 0012EB90 1621C280 + * + * 0012EB5C 004DACB0 RETURN to .004DACB0 + * 0012EB60 050003B8 + * 0012EB64 0000001E + * 0012EB68 0012ECA8 + * 0012EB6C 008D3250 + * 0012EB70 004512DB RETURN to .004512DB from .00450FE0 + * 0012EB74 0000001E + * 0012EB78 00000034 + * 0012EB7C 0012ECA8 + * 0012EB80 008D3250 + * 0012EB84 0000001E + * 0012EB88 004DA1CB RETURN to .004DA1CB from .00451280 + * 0012EB8C 004DA1DF RETURN to .004DA1DF from .004DAC20 + * 0012EB90 050003B8 + * 0012EB94 5D9C7C59 + * 0012EB98 00000000 + * 0012EB9C 008D3250 + * 0012EBA0 00000000 + * 0012EBA4 00000000 + * 0012EBA8 05007A68 UNICODE "38" + * 0012EBAC 006835B4 .006835B4 + * 0012EBB0 0500E910 UNICODE "\h:\f;MsgFont:\s:\c;DAD4FF:\v:" + * 0012EBB4 00000034 + * 0012EBB8 0000004F + * 0012EBBC 00000034 + * 0012EBC0 FFFFFFFF + * 0012EBC4 7C00FFFF + * 0012EBC8 78000000 + * 0012EBCC F8000001 + * 0012EBD0 00000000 + * 0012EBD4 58001384 + * 0012EBD8 28000000 + * 0012EBDC 28000000 + * 0012EBE0 00000040 + * 0012EBE4 00655A28 .00655A28 + * 0012EBE8 050003B8 + * + * ecx: + * 01813C50 0C E8 69 00 80 E9 F8 13 00 00 00 00 00 00 00 00 iᏸ.... + * 01813C60 30 32 81 01 00 00 00 00 00 00 00 00 84 03 00 00 ㈰Ɓ....΄. ; jichi: 384 is the width and 76 the height to paint + * 01813C70 76 00 00 00 FF FF FF 00 00 00 00 00 00 00 00 00 v..ÿ.... + * 01813C80 00 00 00 00 26 00 00 00 00 00 00 00 00 00 00 00 ..&..... + * 01813C90 06 00 00 00 03 00 00 00 28 5A 65 00 A0 31 81 01 ..娨eㆠƁ + * 01813CA0 2C 00 00 00 43 00 00 00 00 01 01 00 BA C1 1E 77 ,.C.Ā솺眞 + * 01813CB0 35 FC 1C 77 20 FF 1C 77 20 24 34 0B 64 D5 68 00 ﰵ眜@眜␠଴핤h + * 01813CC0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ + * 01813CD0 7E 31 00 00 50 03 00 00 00 00 00 00 00 00 00 00 ㅾ.͐..... + * 01813CE0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ + * 01813CF0 00 00 00 00 00 00 F0 3F 00 00 00 00 00 00 F0 3F ...㿰...㿰 + * + * 01813C50 0C E8 69 00 10 C4 E4 03 00 00 00 00 00 00 00 00 i쐐Ϥ.... + * 01813C60 30 32 81 01 00 00 00 00 00 00 00 00 84 03 00 00 ㈰Ɓ....΄. + * 01813C70 76 00 00 00 FF FF FF 00 00 00 00 00 00 00 00 00 v..ÿ.... + * 01813C80 00 00 00 00 26 00 00 00 00 00 00 00 00 00 00 00 ..&..... + * 01813C90 06 00 00 00 03 00 00 00 28 5A 65 00 A0 31 81 01 ..娨eㆠƁ + * 01813CA0 2C 00 00 00 43 00 00 00 00 01 01 00 BA C1 1E 77 ,.C.Ā솺眞 + * 01813CB0 35 FC 1C 77 20 FF 1C 77 20 24 34 0B 64 D5 68 00 ﰵ眜@眜␠଴핤h + */ + bool attachCaller(ULONG addr); + size_t textSize_; + bool hookBefore(hook_stack*s,void* data, size_t* len,uintptr_t*role) + { + static std::wstring text_; // persistent storage, which makes this function not thread-safe + textSize_ = 0; + auto text = (LPCWSTR)s->stack[1]; // arg1 + if (!text || !*text) + return false; + + if (::wcscmp(text, L"----/--/-- --:--") == 0) + return false; + + textSize_ = ::wcslen(text); + if (s->stack[1] == s->stack[13]) // for new games + attachCaller(s->stack[12]); + else if (s->stack[1] == s->stack[14]) // for old games + attachCaller(s->stack[13]); + //else // very old or very new games + + auto retaddr = s->stack[0]; + + //int textStackIndex = -1; + + * role = Engine::OtherRole; + if (s->stack[2] < 0x100) { // new game, this value is mostly 0x1e + //if (s->stack[1] == s->stack[13]) + // textStackIndex = 13; + // 004DACA7 8D8E 000A0000 LEA ECX,DWORD PTR DS:[ESI+0xA00] + // 004DACAD 53 PUSH EBX + // 004DACAE FFD0 CALL EAX ; jichi: called here + // 004DACB0 8B8E 100A0000 MOV ECX,DWORD PTR DS:[ESI+0xA10] + // 004DACB6 894424 14 MOV DWORD PTR SS:[ESP+0x14],EAX + // 004DACBA 8B41 08 MOV EAX,DWORD PTR DS:[ECX+0x8] + // 004DACBD 33FF XOR EDI,EDI + //if (*(WORD *)retaddr == 0x8e8b) { // 004DACB0 8B8E 100A0000 MOV ECX,DWORD PTR DS:[ESI+0xA10] + *role = Engine::ScenarioRole; + enum : wchar_t { w_open = 0x3010, w_close = 0x3011 }; /* 【】 */ + if (text[0] == w_open && text[::wcslen(text) - 1] == w_close) + *role = Engine::NameRole; + + } else if (s->stack[3] < 0x100 // for old game + || *(WORD *)retaddr == s2_mov_ecx_edi && *(WORD *)(retaddr - 5) == 0x52ff) { // for very old game + // Sample game: お兄ちゃん、右手の使用を禁止します! (old type) + // 0055D207 8BCF MOV ECX,EDI + // 0055D209 897C24 34 MOV DWORD PTR SS:[ESP+0x34],EDI + // 0055D20D FF52 14 CALL DWORD PTR DS:[EDX+0x14] ; jichi: called here + // 0055D210 8BCF MOV ECX,EDI ; jichi: retaddr is here + // 0055D212 894424 18 MOV DWORD PTR SS:[ESP+0x18],EAX + + // Sample game: キスと魔王と紅茶 (old type) + // name: + // 004DBFEC 50 PUSH EAX + // 004DBFED 8BCF MOV ECX,EDI + // 004DBFEF FF52 10 CALL DWORD PTR DS:[EDX+0x10] ; jichi: called here + // 004DBFF2 8B7424 7C MOV ESI,DWORD PTR SS:[ESP+0x7C] + // 004DBFF6 33DB XOR EBX,EBX + // 004DBFF8 3BF3 CMP ESI,EBX + // 004DBFFA 74 4B JE SHORT .004DC047 + // 004DBFFC 8BCF MOV ECX,EDI + // 004DBFFE E8 9DA4FFFF CALL .004D64A0 + // 004DC003 8BE8 MOV EBP,EAX + // 004DC005 891E MOV DWORD PTR DS:[ESI],EBX + // 004DC007 85ED TEST EBP,EBP + // + // Scenario: + // 004B5207 8BCF MOV ECX,EDI + // 004B5209 897C24 14 MOV DWORD PTR SS:[ESP+0x14],EDI + // 004B520D FF52 10 CALL DWORD PTR DS:[EDX+0x10] ; jichi: called here + // 004B5210 8BCF MOV ECX,EDI + // 004B5212 894424 18 MOV DWORD PTR SS:[ESP+0x18],EAX + // 004B5216 E8 85120200 CALL .004D64A0 + // 004B521B 33ED XOR EBP,EBP + *role = s->stack[5] == 0 ? Engine::NameRole : Engine::ScenarioRole; + } + wcscpy((LPWSTR)data,text); + *len=wcslen(text)*2; + return true; + } + + bool hookAfterCaller(hook_stack*s,void* data, size_t* len,uintptr_t*role) + { + if (textSize_) + s->eax = textSize_; + return false; + } + bool attachCaller(ULONG addr) + { + static std::unordered_set addresses_; + if (addresses_.find(addr) != addresses_.end()) + return false; + addresses_.insert(addr); + HookParam hp; + hp.type=HOOK_EMPTY|EMBED_ABLE; + hp.hook_before=hookAfterCaller; + return true; + } + +} // namespace Private + +} // namespace ScenarioHook + +} // unnamed namespace + +bool InsertCotophaHook1() +{ + enum : DWORD { ins = 0xec8b55 }; // mov ebp,esp, sub esp,* ; jichi 7/12/2014 + ULONG addr = MemDbg::findCallerAddress((ULONG)::GetTextMetricsA, ins, processStartAddress, processStopAddress); + if (!addr) { + ConsoleOutput("Cotopha: pattern not exist"); + return false; + } + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.split = get_reg(regs::ebp); + hp.type = CODEC_UTF16|USING_SPLIT|USING_STRING|EMBED_ABLE|EMBED_AFTER_NEW; + hp.hook_before=ScenarioHook::Private::hookBefore; + ConsoleOutput("INSERT Cotopha"); + + //RegisterEngineType(ENGINE_COTOPHA); + return NewHook(hp, "Cotopha"); +} + +bool InsertCotophaHook2() +{ + if (void* addr = GetProcAddress(GetModuleHandleW(NULL), "eslHeapFree")) + { + HookParam hp; + hp.address = (uintptr_t)addr; + hp.offset=get_stack(2); + hp.type = CODEC_UTF16 | USING_STRING; + hp.filter_fun = [](void* data, size_t* len, HookParam*) + { + if(*len > VNR_TEXT_CAPACITY*2)return false; + + return std::wstring_view((wchar_t*)data, *len / sizeof(wchar_t)).find(L'\\') != std::wstring_view::npos; + }; + ConsoleOutput("INSERT Cotopha 2"); + + return NewHook(hp, "Cotopha2"); + } + return false; +} +bool InsertCotophaHook3() { + const BYTE bytes[] = { 0x8B,0x75,0xB8,0x8B,0xCE,0x50,0xC6,0x45,0xFC,0x01,0xE8 }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + ConsoleOutput("Cotopha3: Cotopha3 not found"); + return false; + } + + HookParam myhp; + myhp.address = addr; + + myhp.type = CODEC_UTF16 | USING_STRING | NO_CONTEXT; + myhp.offset=get_reg(regs::eax); + + char nameForUser[HOOK_NAME_SIZE] = "Cotopha3_EWideString"; + + return NewHook(myhp, nameForUser); +} +bool InsertCotophaHook() +{ + InsertCotophaHook1(); + return InsertCotophaHook3() || InsertCotophaHook2(); +} +bool Cotopha::attach_function() { + + return InsertCotophaHook(); +} \ No newline at end of file diff --git a/LunaHook/engine32/Cotopha.h b/LunaHook/engine32/Cotopha.h new file mode 100644 index 0000000..64ab6c9 --- /dev/null +++ b/LunaHook/engine32/Cotopha.h @@ -0,0 +1,11 @@ +#include"engine.h" + +class Cotopha:public ENGINE{ + public: + Cotopha(){ + + check_by=CHECK_BY::FILE_ANY; + check_by_target=check_by_list{L"*.noa",L"data\\*.noa"}; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Debonosu.cpp b/LunaHook/engine32/Debonosu.cpp new file mode 100644 index 0000000..2998fe7 --- /dev/null +++ b/LunaHook/engine32/Debonosu.cpp @@ -0,0 +1,176 @@ +#include"Debonosu.h" + +namespace { // unnamed +int _type; +void SpecialHookDebonosuScenario(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t *len) +{ + DWORD retn = stack->retaddr; + if (*(WORD *)retn == 0xc483){ // add esp, $ old Debonosu game + hp->offset = get_stack(1); + _type=1; + } + else{ // new Debonosu game + hp->offset = get_reg(regs::eax); + _type=2; + } + //hp->type ^= EXTERN_HOOK; + hp->text_fun = nullptr; + *data = *(DWORD*)(stack->base + hp->offset); + *len = ::strlen((char*)*data); + *split = FIXED_SPLIT_VALUE; +} +void hook_after(hook_stack*s,void* data, size_t len){ + static std::string ts; + ts=std::string((LPSTR)data,len); + + if(_type==1){ + s->stack[1]=(DWORD)ts.c_str(); + } + else{ + s->ecx=(DWORD)ts.c_str(); + } +} +bool InsertDebonosuScenarioHook() +{ + DWORD addr = Util::FindImportEntry(processStartAddress, (DWORD)lstrcatA); + if (!addr) { + ConsoleOutput("Debonosu: lstrcatA is not called"); + return false; + } + DWORD search = 0x15ff | (addr << 16); // jichi 10/20/2014: call dword ptr ds + addr >>= 16; + for (DWORD i = processStartAddress; i < processStopAddress - 4; i++) + if (*(DWORD *)i == search && + *(WORD *)(i + 4) == addr && // call dword ptr lstrcatA + *(BYTE *)(i - 5) == 0x68) { // push $ + DWORD push = *(DWORD *)(i - 4); + for (DWORD j = i + 6, k = j + 0x10; j < k; j++) + if (*(BYTE *)j == 0xb8 && + *(DWORD *)(j + 1) == push) + if (DWORD hook_addr = SafeFindEnclosingAlignedFunction(i, 0x200)) { + HookParam hp; + hp.address = hook_addr; + hp.text_fun = SpecialHookDebonosuScenario; + //hp.type = USING_STRING; + hp.hook_after=hook_after; + hp.hook_font=F_MultiByteToWideChar|F_GetTextExtentPoint32A; + hp.type = USING_STRING|NO_CONTEXT|USING_SPLIT|FIXING_SPLIT|EMBED_ABLE|EMBED_BEFORE_SIMPLE|EMBED_DYNA_SJIS; // there is only one thread + hp.filter_fun=[](void* data, size_t* len, HookParam* hp){ + auto text = reinterpret_cast(data); + std::string str = text; + str = str.substr(0, *len); + + std::regex reg1("\\{(.*?)/(.*?)\\}"); + std::string result1 = std::regex_replace(str, reg1, "$1"); + *len = result1.size(); + strcpy(text, result1.c_str()); + return true; + + }; + ConsoleOutput("INSERT Debonosu"); + + return NewHook(hp, "Debonosu"); + } + } + + ConsoleOutput("Debonosu: failed"); + //ConsoleOutput("Unknown Debonosu engine."); + return false; +} +void SpecialHookDebonosuName(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t *len) +{ + DWORD text = stack->ecx; + if (!text) + return; + *data = text; + *len = ::strlen((LPCSTR)text); + *split = FIXED_SPLIT_VALUE << 1; +} +bool InsertDebonosuNameHook() +{ + const BYTE bytes[] = { + // 0032f659 32c0 xor al,al + // 0032f65b 5b pop ebx + // 0032f65c 8be5 mov esp,ebp + // 0032f65e 5d pop ebp + // 0032f65f c3 retn + 0x55, // 0032f660 55 push ebp ; jichi: name text in ecx, which could be zero though + 0x8b,0xec, // 0032f661 8bec mov ebp,esp + 0x81,0xec, XX4, // 0032f663 81ec 2c080000 sub esp,0x82c + 0x8b,0x45, 0x08, // 0032f669 8b45 08 mov eax,dword ptr ss:[ebp+0x8] + 0x53, // 0032f66c 53 push ebx + 0x56, // 0032f66d 56 push esi + 0x8b,0xf1, // 0032f66e 8bf1 mov esi,ecx + 0x85,0xc0, // 0032f670 85c0 test eax,eax + 0x8d,0x4d, 0xf0, // 0032f672 8d4d f0 lea ecx,dword ptr ss:[ebp-0x10] + 0x0f,0x45,0xc8, // 0032f675 0f45c8 cmovne ecx,eax + 0x57 // 0032f678 57 push edi + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!addr) { + ConsoleOutput("DebonosuName: pattern NOT FOUND"); + return false; + } + HookParam hp; + hp.address = addr; + //hp.text_fun = SpecialHookDebonosuName; + hp.offset=get_reg(regs::ecx); + //hp.type = USING_STRING; + hp.type = USING_STRING|NO_CONTEXT|USING_SPLIT|EMBED_ABLE|EMBED_BEFORE_SIMPLE|EMBED_AFTER_NEW; //|FIXING_SPLIT; // there is only one thread + ConsoleOutput("INSERT DebonosuName"); + + return NewHook(hp, "DebonosuName"); +} + +} // unnamed namespace +bool attach(ULONG startAddress, ULONG stopAddress) +{ + ULONG addr = 0; + { + const char *msg = "D3DFont::Draw"; + if (addr = MemDbg::findBytes(msg, ::strlen(msg+1), startAddress, stopAddress)) + addr = MemDbg::findPushAddress(addr, startAddress, stopAddress); + } + if (!addr) { + + const uint8_t bytes[] = { + 0x50, // 0010fb80 50 push eax + 0xff,0x75, 0x14, // 0010fb81 ff75 14 push dword ptr ss:[ebp+0x14] + 0x8b,0xce, // 0010fb84 8bce mov ecx,esi + 0xff,0x75, 0x10 // 0010fb86 ff75 10 push dword ptr ss:[ebp+0x10] + }; + addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + } + if (!addr) { + return false; + } + //addr = MemDbg::findEnclosingAlignedFunction(addr); // This might not work as the address is not always aligned + addr = MemDbg::findEnclosingFunctionAfterInt3(addr); + if (!addr) { + return false; + } + HookParam hp; + hp.address = addr; + //hp.text_fun = SpecialHookDebonosuName; + hp.offset=20; + //hp.type = USING_STRING; + hp.type = USING_STRING|NO_CONTEXT; //|FIXING_SPLIT; // there is only one thread + + return NewHook(hp, "Debonosu2"); +} +bool InsertDebonosuHook() +{ + bool ok = InsertDebonosuScenarioHook(); + if (ok) + InsertDebonosuNameHook(); + return ok; +} + +bool Debonosu::attach_function() { + // 1/1/2016 jich: skip izumo4 from studio ego that is not supported by debonosu + if (Util::CheckFile(L"*izumo4*.exe")) { + PcHooks::hookOtherPcFunctions(); + return true; + } + return InsertDebonosuHook(); +} \ No newline at end of file diff --git a/LunaHook/engine32/Debonosu.h b/LunaHook/engine32/Debonosu.h new file mode 100644 index 0000000..4dfe38e --- /dev/null +++ b/LunaHook/engine32/Debonosu.h @@ -0,0 +1,16 @@ +#include"engine.h" + +class Debonosu:public ENGINE{ + public: + Debonosu(){ + + check_by=CHECK_BY::CUSTOM; + check_by_target=[](){ + //神楽創世記-久遠- + //官方中英版,bmp.pak在语言目录里。 + auto paks={L"bmp.pak",L"EN\\bmp.pak",L"ZHCN\\bmp.pak",L"ZHTW\\bmp.pak"}; + return (std::any_of(paks.begin(),paks.end(),Util::CheckFile) && Util::CheckFile(L"dsetup.dll"))||(Util::SearchResourceString(L"でぼの巣製作所")); + }; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/DxLib.cpp b/LunaHook/engine32/DxLib.cpp new file mode 100644 index 0000000..4719dd2 --- /dev/null +++ b/LunaHook/engine32/DxLib.cpp @@ -0,0 +1,50 @@ +#include"DxLib.h" +bool DxLibFilter(LPVOID data, size_t* size, HookParam*) +{ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + + StringCharReplacer(text, len, "%N", 2, ' '); + StringFilter(text, len, "%K", 2); + StringFilter(text, len, "%P", 2); + + return true; +} +bool InsertDxLibHook() +{ + + /* + * Sample games: + * https://vndb.org/v7849 + * https://vndb.org/v10231 + */ + const BYTE bytes[] = { + 0xF7, 0xC6, XX4, // test esi,00000003 << hook here + 0x75, XX, // jne BookofShadows.exe+15FE54 + 0x8B, 0xD9, // mov ebx,ecx + 0xC1, 0xE9, 0x02, // shr ecx,02 + 0x75, XX, // jne BookofShadows.exe+15FEAE + 0xEB, XX // jmp BookofShadows.exe+15FE76 + }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + ConsoleOutput("DxLib: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset =get_reg(regs::esi); + hp.type = USING_STRING; + hp.filter_fun = DxLibFilter; + ConsoleOutput(" INSERT DxLib"); + + return NewHook(hp, "DxLib"); +} + + +bool DxLib::attach_function() { + return InsertDxLibHook(); +} \ No newline at end of file diff --git a/LunaHook/engine32/DxLib.h b/LunaHook/engine32/DxLib.h new file mode 100644 index 0000000..499c73e --- /dev/null +++ b/LunaHook/engine32/DxLib.h @@ -0,0 +1,12 @@ +#include"engine.h" + +class DxLib:public ENGINE{ + public: + DxLib(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"*.bcx"; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/EME.cpp b/LunaHook/engine32/EME.cpp new file mode 100644 index 0000000..153cc55 --- /dev/null +++ b/LunaHook/engine32/EME.cpp @@ -0,0 +1,41 @@ +#include"EME.h" + +/******************************************************************************************** +EMEHook hook: (Contributed by Freaka) + EmonEngine is used by LoveJuice company and TakeOut. Earlier builds were apparently + called Runrun engine. String parsing varies a lot depending on the font settings and + speed setting. E.g. without antialiasing (which very early versions did not have) + uses TextOutA, fast speed triggers different functions then slow/normal. The user can + set his own name and some odd control characters are used (0x09 for line break, 0x0D + for paragraph end) which is parsed and put together on-the-fly while playing so script + can't be read directly. +********************************************************************************************/ +bool InsertEMEHook() +{ + ULONG addr = MemDbg::findCallAddress((ULONG)::IsDBCSLeadByte, processStartAddress, processStopAddress); + // no needed as first call to IsDBCSLeadByte is correct, but sig could be used for further verification + //WORD sig = 0x51C3; + //while (c && (*(WORD*)(c-2)!=sig)) + //{ + // //-0x1000 as FindCallOrJmpAbs always uses an offset of 0x1000 + // c = Util::FindCallOrJmpAbs((DWORD)IsDBCSLeadByte,processStopAddress-c-0x1000+4,c-0x1000+4,false); + //} + if (!addr) { + ConsoleOutput("EME: pattern does not exist"); + return false; + } + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::eax); + hp.type = NO_CONTEXT|DATA_INDIRECT|USING_STRING; + ConsoleOutput("INSERT EmonEngine"); + + //ConsoleOutput("EmonEngine, hook will only work with text speed set to slow or normal!"); + //else ConsoleOutput("Unknown EmonEngine engine"); + return NewHook(hp, "EmonEngine"); +} + +bool EME::attach_function() { + + return InsertEMEHook(); +} \ No newline at end of file diff --git a/LunaHook/engine32/EME.h b/LunaHook/engine32/EME.h new file mode 100644 index 0000000..b844b2e --- /dev/null +++ b/LunaHook/engine32/EME.h @@ -0,0 +1,11 @@ +#include"engine.h" + +class EME:public ENGINE{ + public: + EME(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"emecfg.ecf"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Eagls.cpp b/LunaHook/engine32/Eagls.cpp new file mode 100644 index 0000000..c0a730a --- /dev/null +++ b/LunaHook/engine32/Eagls.cpp @@ -0,0 +1,31 @@ +#include"Eagls.h" + + +/** jichi 7/26/2014: E.A.G.L.S engine for TechArts games (SQUEEZ, May-Be Soft) + * Sample games: [May-Be Soft] ちぽ�んじ� * Should also work for SQUEEZ's 孕ませシリーズ + * + * Two functions calls to GetGlyphOutlineA are responsible for painting. + * - 0x4094ef + * - 0x409e35 + * However, by default, one of the thread is like: scenario namename scenario + * The other thread have infinite loop. + */ +bool InsertEaglsHook() +{ + + // Modify the split for GetGlyphOutlineA + HookParam hp; + hp.address = (DWORD)::GetGlyphOutlineA; + hp.type = CODEC_ANSI_BE|USING_SPLIT; // the only difference is the split value + hp.offset = get_stack(2); + hp.split = get_stack(4); + //hp.split = arg7_lpmat2; + ConsoleOutput("INSERT EAGLS"); + + return NewHook(hp, "EAGLS"); +} + + +bool Eagls::attach_function() { + return InsertEaglsHook(); +} \ No newline at end of file diff --git a/LunaHook/engine32/Eagls.h b/LunaHook/engine32/Eagls.h new file mode 100644 index 0000000..261f5de --- /dev/null +++ b/LunaHook/engine32/Eagls.h @@ -0,0 +1,11 @@ +#include"engine.h" + +class Eagls:public ENGINE{ + public: + Eagls(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"EAGLS.dll"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Elf.cpp b/LunaHook/engine32/Elf.cpp new file mode 100644 index 0000000..c96b90d --- /dev/null +++ b/LunaHook/engine32/Elf.cpp @@ -0,0 +1,404 @@ +#include"Elf.h" + +/** + * jichi 6/1/2014: + * Observations from 愛姉妹4 + * - Scenario: arg1 + 4*5 is 0, arg1+0xc is address of the text + * - Character: arg1 + 4*10 is 0, arg1+0xc is text + */ +static inline size_t _elf_strlen(LPCSTR p) // limit search address which might be bad +{ + //CC_ASSERT(p); + for (size_t i = 0; i < VNR_TEXT_CAPACITY; i++) + if (!*p++) + return i; + return 0; // when len >= VNR_TEXT_CAPACITY +} + +static void SpecialHookElf(hook_stack* stack, HookParam *, uintptr_t *data, uintptr_t *split, size_t *len) +{ + //DWORD arg1 = *(DWORD *)(esp_base + 0x4); + DWORD arg1 = stack->stack[1]; + DWORD arg2_scene = arg1 + 4*5, + arg2_chara = arg1 + 4*10; + DWORD text; //= 0; // This variable will be killed + if (*(DWORD *)arg2_scene == 0) { + text = *(DWORD *)(arg2_scene + 4*3); + if (!text || ::IsBadReadPtr((LPCVOID)text, 1)) // Text from scenario could be bad when open backlog while the character is speaking + return; + *split = 1; + } else if (*(DWORD *)arg2_chara == 0) { + text = arg2_chara + 4*3; + *split = 2; + } else + return; + //if (text && text < MemDbg::UserMemoryStopAddress) { + *len = _elf_strlen((LPCSTR)text); // in case the text is bad but still readable + //*len = ::strlen((LPCSTR)text); + *data = text; +} + +/** + * jichi 5/31/2014: elf's + * Type1: SEXヂ�ーチャー剛史 trial, reladdr = 0x2f0f0, 2 parameters + * Type2: 愛姉妹4, reladdr = 0x2f9b0, 3 parameters + * + * IDA: sub_42F9B0 proc near ; bp-based frame + * var_8 = dword ptr -8 + * var_4 = byte ptr -4 + * var_3 = word ptr -3 + * arg_0 = dword ptr 8 + * arg_4 = dword ptr 0Ch + * arg_8 = dword ptr 10h + * + * Call graph (Type2): + * 0x2f9b0 ; hook here + * > 0x666a0 ; called multiple time + * > TextOutA ; there are two TextOutA, the second is the right one + * + * Function starts (Type1), pattern offset: 0xc + * - 012ef0f0 /$ 55 push ebp ; jichi: hook + * - 012ef0f1 |. 8bec mov ebp,esp + * - 012ef0f3 |. 83ec 10 sub esp,0x10 + * - 012ef0f6 |. 837d 0c 00 cmp dword ptr ss:[ebp+0xc],0x0 + * - 012ef0fa |. 53 push ebx + * - 012ef0fb |. 56 push esi + * - 012ef0fc |. 75 0f jnz short stt_tria.012ef10d ; jicchi: pattern starts + * - 012ef0fe |. 8b45 08 mov eax,dword ptr ss:[ebp+0x8] + * - 012ef101 |. 8b48 04 mov ecx,dword ptr ds:[eax+0x4] + * - 012ef104 |. 8b91 90000000 mov edx,dword ptr ds:[ecx+0x90] ; jichi: pattern stops + * - 012ef10a |. 8955 0c mov dword ptr ss:[ebp+0xc],edx + * - 012ef10d |> 8b4d 08 mov ecx,dword ptr ss:[ebp+0x8] + * - 012ef110 |. 8b51 04 mov edx,dword ptr ds:[ecx+0x4] + * - 012ef113 |. 33c0 xor eax,eax + * - 012ef115 |. c645 f8 00 mov byte ptr ss:[ebp-0x8],0x0 + * - 012ef119 |. 66:8945 f9 mov word ptr ss:[ebp-0x7],ax + * - 012ef11d |. 8b82 b0000000 mov eax,dword ptr ds:[edx+0xb0] + * - 012ef123 |. 8945 f4 mov dword ptr ss:[ebp-0xc],eax + * - 012ef126 |. 33db xor ebx,ebx + * - 012ef128 |> 8b4f 20 /mov ecx,dword ptr ds:[edi+0x20] + * - 012ef12b |. 83f9 10 |cmp ecx,0x10 + * + * Function starts (Type2), pattern offset: 0x10 + * - 0093f9b0 /$ 55 push ebp ; jichi: hook here + * - 0093f9b1 |. 8bec mov ebp,esp + * - 0093f9b3 |. 83ec 08 sub esp,0x8 + * - 0093f9b6 |. 837d 10 00 cmp dword ptr ss:[ebp+0x10],0x0 + * - 0093f9ba |. 53 push ebx + * - 0093f9bb |. 8b5d 0c mov ebx,dword ptr ss:[ebp+0xc] + * - 0093f9be |. 56 push esi + * - 0093f9bf |. 57 push edi + * - 0093f9c0 |. 75 0f jnz short silkys.0093f9d1 ; jichi: pattern starts + * - 0093f9c2 |. 8b45 08 mov eax,dword ptr ss:[ebp+0x8] + * - 0093f9c5 |. 8b48 04 mov ecx,dword ptr ds:[eax+0x4] + * - 0093f9c8 |. 8b91 90000000 mov edx,dword ptr ds:[ecx+0x90] ; jichi: pattern stops + * - 0093f9ce |. 8955 10 mov dword ptr ss:[ebp+0x10],edx + * - 0093f9d1 |> 33c0 xor eax,eax + * - 0093f9d3 |. c645 fc 00 mov byte ptr ss:[ebp-0x4],0x0 + * - 0093f9d7 |. 66:8945 fd mov word ptr ss:[ebp-0x3],ax + * - 0093f9db |. 33ff xor edi,edi + * - 0093f9dd |> 8b53 20 /mov edx,dword ptr ds:[ebx+0x20] + * - 0093f9e0 |. 8d4b 0c |lea ecx,dword ptr ds:[ebx+0xc] + * - 0093f9e3 |. 83fa 10 |cmp edx,0x10 + */ +bool InsertElfHook() +{ + const BYTE bytes[] = { + //0x55, // 0093f9b0 /$ 55 push ebp ; jichi: hook here + //0x8b,0xec, // 0093f9b1 |. 8bec mov ebp,esp + //0x83,0xec, 0x08, // 0093f9b3 |. 83ec 08 sub esp,0x8 + //0x83,0x7d, 0x10, 0x00, // 0093f9b6 |. 837d 10 00 cmp dword ptr ss:[ebp+0x10],0x0 + //0x53, // 0093f9ba |. 53 push ebx + //0x8b,0x5d, 0x0c, // 0093f9bb |. 8b5d 0c mov ebx,dword ptr ss:[ebp+0xc] + //0x56, // 0093f9be |. 56 push esi + //0x57, // 0093f9bf |. 57 push edi + 0x75, 0x0f, // 0093f9c0 |. 75 0f jnz short silkys.0093f9d1 + 0x8b,0x45, 0x08, // 0093f9c2 |. 8b45 08 mov eax,dword ptr ss:[ebp+0x8] + 0x8b,0x48, 0x04, // 0093f9c5 |. 8b48 04 mov ecx,dword ptr ds:[eax+0x4] + 0x8b,0x91, 0x90,0x00,0x00,0x00 // 0093f9c8 |. 8b91 90000000 mov edx,dword ptr ds:[ecx+0x90] + }; + //enum { addr_offset = 0xc }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + //GROWL_DWORD(addr); + //addr = 0x42f170; // 愛姉妹4 Trial + //reladdr = 0x2f9b0; // 愛姉妹4 + //reladdr = 0x2f0f0; // SEXヂ�ーチャー剛史 trial + if (!addr) { + ConsoleOutput("Elf: pattern not found"); + return false; + } + + enum : BYTE { push_ebp = 0x55 }; + for (int i = 0; i < 0x20; i++, addr--) // value of i is supposed to be 0xc or 0x10 + if (*(BYTE *)addr == push_ebp) { // beginning of the function + + HookParam hp; + hp.address = addr; + hp.text_fun = SpecialHookElf; + hp.type = USING_STRING|NO_CONTEXT; // = 9 + + ConsoleOutput("INSERT Elf"); + + return NewHook(hp, "Elf"); + } + ConsoleOutput("Elf: function not found"); + return false; +} +namespace{ + bool __(){ + const BYTE bytes[] = { + //姫騎士オリヴィア ~へ、変態、この変態男!少しは恥を知りなさい!~ + //女系家族III~秘密HIMITSU卑蜜~ + //ベロちゅー!~コスプレメイドをエロメロしちゃう魔法の舌戯~ + 0x0F,0xB7,XX,XX4, //v11 == 30081 // movzx edx, ds:word_4C285C //word_4C285C dw 7581h + }; + + for (auto addr : Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE, processStartAddress, processStopAddress)) { + BYTE reg=*(BYTE*)(addr+2); + if((reg!=0x05)&&(reg!=0x0d)&&(reg!=0x1d)&&(reg!=0x15))continue; + int word_4C285C_addr=*(int*)(addr+3); + if(word_4C285C_addrprocessStopAddress)continue; + int word_4C285C=*(int*)word_4C285C_addr; + if((word_4C285C)!=0x7581)continue; + addr = findfuncstart(addr, 0x200); + if (addr == 0)continue; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.type = USING_STRING; + + return NewHook(hp, "aiwin6"); + } + + return false; + } +} +#include"embed_util.h" +namespace { // unnamed +namespace ScenarioHook { +namespace Private { + + struct TextArgument + { + DWORD _unknown1[5]; + + DWORD scenarioFlag; // +4*5, 0 if it is scenario + DWORD _unknown2[2]; + LPCSTR scenarioText; // +4*5+4*3, could be bad address though + DWORD _unknown3; + + DWORD nameFlag; // +4*10, 0 if it is name + DWORD _unknown4[2]; + char nameText[1]; // +4*10+4*3, could be bad address though + }; + + std::string data_; + TextArgument *scenarioArg_, + *nameArg_; + LPCSTR scenarioText_; + + enum { MaxNameSize = 100 }; + char nameText_[MaxNameSize + 1]; + + bool hookBefore(hook_stack*s,void* data, size_t* len,uintptr_t*role) + { + auto arg = (TextArgument *)s->stack[0]; // arg1 on the top of the stack + + // Scenario + if (arg->scenarioFlag == 0) { + * role = Engine::ScenarioRole ; + // Text from scenario could be bad when open backlog while the character is speaking + auto text = arg->scenarioText; + if (!Engine::isAddressReadable(text)) + return 0; + strcpy((LPSTR)data,text);*len=strlen(text);return 1; + // data_ = q->dispatchTextASTD(text, role, sig); + // scenarioArg_ = arg; + // scenarioText_ = arg->scenarioText; + // arg->scenarioText = (LPCSTR)data_.c_str(); + } else if (arg->nameFlag == 0) { + * role = Engine::NameRole; + auto text = arg->nameText; + + strcpy((LPSTR)data,text);*len=strlen(text);return 1; + // ::memcpy(text, newData.constData(), qMin(oldData.size(), newData.size())); + //int left = oldData.size() - newData.size(); + //if (left > 0) + // ::memset(text + oldData.size() - left, 0, left); + } + return 0; + } + void hookafter1(hook_stack*s,void* data1, size_t len){ + auto newData=std::string((char*)data1,len); + auto arg = (TextArgument *)s->stack[0]; // arg1 on the top of the stack + + // Scenario + if (arg->scenarioFlag == 0) { + + auto text = arg->scenarioText; + if (!Engine::isAddressReadable(text)) + return ; + data_ = newData; + scenarioArg_ = arg; + scenarioText_ = arg->scenarioText; + arg->scenarioText = (LPCSTR)data_.c_str(); + } else if (arg->nameFlag == 0) { + + auto text = arg->nameText; + std::string oldData=text; + ::memcpy(text, newData.c_str(), min(oldData.size(), newData.size())); + int left = oldData.size() - newData.size(); + if (left > 0) + ::memset(text + oldData.size() - left, 0, left); + } + } + bool hookAfter(hook_stack*s,void* data, size_t* len,uintptr_t*role) + { + if (scenarioArg_) { + scenarioArg_->scenarioText = scenarioText_; + scenarioArg_ = nullptr; + } + if (nameArg_) { + ::strcpy(nameArg_->nameText, nameText_); + nameArg_ = nullptr; + } + return 0; + } + +} // namespace Private + +/** + * jichi 5/31/2014: elf's + * Type1: SEXティーチャー剛史 trial, reladdr = 0x2f0f0, 2 parameters + * Type2: 愛姉妹4, reladdr = 0x2f9b0, 3 parameters + * + * The hooked function is the caller of the caller of TextOutA. + */ +bool attach(ULONG startAddress, ULONG stopAddress) +{ + const uint8_t bytes[] = { + //0x55, // 0093f9b0 /$ 55 push ebp ; jichi: hook here + //0x8b,0xec, // 0093f9b1 |. 8bec mov ebp,esp + //0x83,0xec, 0x08, // 0093f9b3 |. 83ec 08 sub esp,0x8 + //0x83,0x7d, 0x10, 0x00, // 0093f9b6 |. 837d 10 00 cmp dword ptr ss:[ebp+0x10],0x0 + //0x53, // 0093f9ba |. 53 push ebx + //0x8b,0x5d, 0x0c, // 0093f9bb |. 8b5d 0c mov ebx,dword ptr ss:[ebp+0xc] + //0x56, // 0093f9be |. 56 push esi + //0x57, // 0093f9bf |. 57 push edi + 0x75, 0x0f, // 0093f9c0 |. 75 0f jnz short silkys.0093f9d1 + 0x8b,0x45, 0x08, // 0093f9c2 |. 8b45 08 mov eax,dword ptr ss:[ebp+0x8] + 0x8b,0x48, 0x04, // 0093f9c5 |. 8b48 04 mov ecx,dword ptr ds:[eax+0x4] + 0x8b,0x91, 0x90,0x00,0x00,0x00 // 0093f9c8 |. 8b91 90000000 mov edx,dword ptr ds:[ecx+0x90] + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if (!addr) + return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) + return false; + int count = 0; + auto fun = [&count](ULONG addr) -> bool { + bool succ=false; + HookParam hp; + hp.address=addr; + hp.hook_before=Private::hookBefore; + hp.hook_after=Private::hookafter1; + hp.type=USING_STRING|EMBED_ABLE|EMBED_DYNA_SJIS; + hp.hook_font=F_TextOutA; + succ|=NewHook(hp,"EmbedElf"); + hp.address=addr+5; + hp.hook_before=Private::hookAfter; + succ|=NewHook(hp,"EmbedElf"); + count+=1; + return succ; // replace all functions + }; + MemDbg::iterNearCallAddress(fun, addr, startAddress, stopAddress); + return count; + + //lastCaller = MemDbg::findEnclosingAlignedFunction(lastCaller); + //Private::attached_ = false; + //return winhook::hook_before(lastCaller, [=](winhook::hook_stack *s) -> bool { + // if (Private::attached_) + // return true; + // Private::attached_ = true; + // if (ULONG addr = MemDbg::findEnclosingAlignedFunction(s->stack[0])) { + // DOUT("dynamic pattern found"); + // Private::oldHookFun = (Private::hook_fun_t)winhook::replace_fun(addr, (ULONG)Private::newHookFun); + // } + // return true; + //}); +} + +} // namespace ScenarioHook +} // unnamed namespace + +bool Elf::attach_function() { + + auto _1= InsertElfHook()||__(); + return ScenarioHook::attach(processStartAddress,processStopAddress)||_1; +} + +bool isshiftjisX(WORD w){ + return (((BYTE)(w))<=0xfc)&& (((BYTE)(w))>=0x80); +} +void SpecialHookElf2(hook_stack* stack, HookParam *, uintptr_t *data, uintptr_t *split, size_t *len) +{ + static DWORD lasttext; + DWORD eax = stack->eax; + DWORD edx = stack->edx; + + *data = *(WORD*)(eax+edx); + if(isshiftjisX(*data)==false){ + *len=0; + return; + } + *len = 2; + *split=stack->stack[1]; +} +bool Elf2attach_function() { + //这个有好多乱码 + //[エルフ]あしたの雪之丞 DVD Special Edition + const uint8_t bytes[] = { + 0x53, + 0x8a,0x1c,0x02, + 0x8b,0x54,0x24,0x08, + 0x03,0xc2 + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!addr) + return false; + HookParam hp; + hp.address=addr+1; + hp.text_fun = SpecialHookElf2; + hp.type=NO_CONTEXT; + + return NewHook(hp,"Elf"); +} +bool elf2(){ + //[エルフ]あしたの雪之丞 DVD Special Edition + //勝 あしたの雪之丞2 + const uint8_t bytes[] = { + 0x66,0x8b,0x8e,XX4, + 0x66,0x8b,0x96,XX4, + 0x66,0x01,0x8e,XX4, + 0x66,0x89,0x96,XX4, + 0x8b,0x06, + 0x6a,0x00, + 0x8b,0xce, + 0xff,0x50,0x08, + 0x84,0xc0 + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!addr) + return false; + HookParam hp; + hp.address=addr+sizeof(bytes); + hp.type=NO_CONTEXT|USING_STRING; + hp.offset=get_reg(regs::ebx); + + return NewHook(hp,"Elf"); +} +bool Elf2::attach_function(){ + return elf2()||Elf2attach_function(); +} \ No newline at end of file diff --git a/LunaHook/engine32/Elf.h b/LunaHook/engine32/Elf.h new file mode 100644 index 0000000..3f25d59 --- /dev/null +++ b/LunaHook/engine32/Elf.h @@ -0,0 +1,23 @@ +#include"engine.h" + +class Elf:public ENGINE{ + public: + Elf(){ + + check_by=CHECK_BY::FILE_ALL; + check_by_target=check_by_list{L"data.arc",L"effect.arc",L"mes.arc"}; + //Util::CheckFile(L"Silkys.exe") || // It might or might not have Silkys.exe + // data, effect, layer, mes, music + }; + bool attach_function(); +}; + +class Elf2:public ENGINE{ + public: + Elf2(){ + + check_by=CHECK_BY::FILE_ALL; + check_by_target=check_by_list{L"data.arc",L"Ai5win.exe",L"mes.arc"}; + }; + bool attach_function(); +}; diff --git a/LunaHook/engine32/EntisGLS.cpp b/LunaHook/engine32/EntisGLS.cpp new file mode 100644 index 0000000..66bb7c1 --- /dev/null +++ b/LunaHook/engine32/EntisGLS.cpp @@ -0,0 +1,32 @@ +#include"EntisGLS.h" + +bool EntisGLS::attach_function() { + + +//それは舞い散る桜のように-完全版- +//int __thiscall sub_4BB5D0(_BYTE *this, LPCWCH lpWideCharStr) + const uint8_t bytes1[]={ + 0x66,0x83,0xF9,0x41 , + 0x72,0x06, + 0x66,0x83,0xF9,0x5a , + 0x76,0x0C, + 0x66,0x83,0xF9,0x61 , + 0x72,0x12, + 0x66,0x83,0xF9,0x7a , + 0x77,0x0c + + }; + auto addr=MemDbg::findBytes(bytes1, sizeof(bytes1), processStartAddress, processStopAddress); + + if (!addr) return false; + addr=MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) return false; + HookParam hp; + hp.address = addr ; + hp.offset=get_stack(1); + hp.hook_font=F_GetGlyphOutlineW; + hp.type = USING_STRING|CODEC_UTF16|EMBED_ABLE|EMBED_BEFORE_SIMPLE|EMBED_AFTER_NEW; + + return NewHook(hp, "EntisGLS"); + +} \ No newline at end of file diff --git a/LunaHook/engine32/EntisGLS.h b/LunaHook/engine32/EntisGLS.h new file mode 100644 index 0000000..c0d6b10 --- /dev/null +++ b/LunaHook/engine32/EntisGLS.h @@ -0,0 +1,12 @@ +#include"engine.h" + +class EntisGLS:public ENGINE{ + public: + EntisGLS(){ + + check_by=CHECK_BY::FILE; + check_by_target= L"Data\\*.dat"; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Escude.cpp b/LunaHook/engine32/Escude.cpp new file mode 100644 index 0000000..69a28a2 --- /dev/null +++ b/LunaHook/engine32/Escude.cpp @@ -0,0 +1,265 @@ +#include"Escude.h" +#include"embed_util.h" +/** jichi 7/23/2015 Escude + * Sample game: Re;Lord ��ルフォルト�魔女とぬぁ�るみ * See: http://capita.tistory.com/m/post/210 + * + * ENCODEKOR,FORCEFONT(5),HOOK(0x0042CB40,TRANS([[ESP+0x4]+0x20],PTRCHEAT,PTRBACKUP,SAFE),RETNPOS(SOURCE)),FONT(Malgun Gothic,-13) + * + * GDI functions: TextOutA, GetTextExtentPoint32A + * It requires changing function to MS Gothic using configure.exe + * + * Text in arg1 + 0x20 + * + * 0042CB3C CC INT3 + * 0042CB3D CC INT3 + * 0042CB3E CC INT3 + * 0042CB3F CC INT3 + * 0042CB40 56 PUSH ESI + * 0042CB41 8B7424 08 MOV ESI,DWORD PTR SS:[ESP+0x8] + * 0042CB45 8B06 MOV EAX,DWORD PTR DS:[ESI] + * 0042CB47 50 PUSH EAX + * 0042CB48 E8 53FC0A00 CALL .004DC7A0 + * 0042CB4D 8B56 04 MOV EDX,DWORD PTR DS:[ESI+0x4] + * 0042CB50 83C4 04 ADD ESP,0x4 + * 0042CB53 5E POP ESI + * 0042CB54 85D2 TEST EDX,EDX + * 0042CB56 74 7E JE SHORT .0042CBD6 + * 0042CB58 85C0 TEST EAX,EAX + * 0042CB5A 74 07 JE SHORT .0042CB63 + * 0042CB5C 8B08 MOV ECX,DWORD PTR DS:[EAX] + * 0042CB5E 8B49 04 MOV ECX,DWORD PTR DS:[ECX+0x4] + * 0042CB61 EB 02 JMP SHORT .0042CB65 + * 0042CB63 33C9 XOR ECX,ECX + * 0042CB65 890A MOV DWORD PTR DS:[EDX],ECX + * 0042CB67 85C0 TEST EAX,EAX + * 0042CB69 74 07 JE SHORT .0042CB72 + * 0042CB6B 8B08 MOV ECX,DWORD PTR DS:[EAX] + * 0042CB6D 8B49 08 MOV ECX,DWORD PTR DS:[ECX+0x8] + * 0042CB70 EB 02 JMP SHORT .0042CB74 + * 0042CB72 33C9 XOR ECX,ECX + * 0042CB74 894A 04 MOV DWORD PTR DS:[EDX+0x4],ECX + * 0042CB77 85C0 TEST EAX,EAX + * 0042CB79 74 08 JE SHORT .0042CB83 + * 0042CB7B 8B08 MOV ECX,DWORD PTR DS:[EAX] + * 0042CB7D 0FB749 0E MOVZX ECX,WORD PTR DS:[ECX+0xE] + * 0042CB81 EB 02 JMP SHORT .0042CB85 + * 0042CB83 33C9 XOR ECX,ECX + * 0042CB85 0FB7C9 MOVZX ECX,CX + * 0042CB88 894A 08 MOV DWORD PTR DS:[EDX+0x8],ECX + * 0042CB8B 85C0 TEST EAX,EAX + * 0042CB8D 74 19 JE SHORT .0042CBA8 + * 0042CB8F 8B08 MOV ECX,DWORD PTR DS:[EAX] + * 0042CB91 8379 04 00 CMP DWORD PTR DS:[ECX+0x4],0x0 + * 0042CB95 76 11 JBE SHORT .0042CBA8 + * 0042CB97 8B49 08 MOV ECX,DWORD PTR DS:[ECX+0x8] + * 0042CB9A 85C9 TEST ECX,ECX + * 0042CB9C 76 0A JBE SHORT .0042CBA8 + * 0042CB9E 49 DEC ECX + * 0042CB9F 0FAF48 0C IMUL ECX,DWORD PTR DS:[EAX+0xC] + * 0042CBA3 0348 04 ADD ECX,DWORD PTR DS:[EAX+0x4] + * 0042CBA6 EB 02 JMP SHORT .0042CBAA + * 0042CBA8 33C9 XOR ECX,ECX + * 0042CBAA 894A 0C MOV DWORD PTR DS:[EDX+0xC],ECX + * 0042CBAD 85C0 TEST EAX,EAX + * 0042CBAF 74 16 JE SHORT .0042CBC7 + * 0042CBB1 8B48 0C MOV ECX,DWORD PTR DS:[EAX+0xC] + * 0042CBB4 F7D9 NEG ECX + * 0042CBB6 894A 10 MOV DWORD PTR DS:[EDX+0x10],ECX + * 0042CBB9 8B00 MOV EAX,DWORD PTR DS:[EAX] + * 0042CBBB 83C0 28 ADD EAX,0x28 + * 0042CBBE 8942 14 MOV DWORD PTR DS:[EDX+0x14],EAX + * 0042CBC1 B8 01000000 MOV EAX,0x1 + * 0042CBC6 C3 RETN + * 0042CBC7 33C9 XOR ECX,ECX + * 0042CBC9 F7D9 NEG ECX + * 0042CBCB 894A 10 MOV DWORD PTR DS:[EDX+0x10],ECX + * 0042CBCE 8B00 MOV EAX,DWORD PTR DS:[EAX] + * 0042CBD0 83C0 28 ADD EAX,0x28 + * 0042CBD3 8942 14 MOV DWORD PTR DS:[EDX+0x14],EAX + * 0042CBD6 B8 01000000 MOV EAX,0x1 + * 0042CBDB C3 RETN + * 0042CBDC CC INT3 + * 0042CBDD CC INT3 + * 0042CBDE CC INT3 + * 0042CBDF CC INT3 + * 0042CBE0 8B4424 04 MOV EAX,DWORD PTR SS:[ESP+0x4] + * 0042CBE4 8B48 10 MOV ECX,DWORD PTR DS:[EAX+0x10] + * 0042CBE7 8B50 0C MOV EDX,DWORD PTR DS:[EAX+0xC] + * 0042CBEA 51 PUSH ECX + * 0042CBEB 8B48 08 MOV ECX,DWORD PTR DS:[EAX+0x8] + * 0042CBEE 52 PUSH EDX + * 0042CBEF 8B50 04 MOV EDX,DWORD PTR DS:[EAX+0x4] + * 0042CBF2 8B00 MOV EAX,DWORD PTR DS:[EAX] + * 0042CBF4 51 PUSH ECX + * 0042CBF5 52 PUSH EDX + * 0042CBF6 50 PUSH EAX + * 0042CBF7 E8 E4FD0A00 CALL .004DC9E0 + * 0042CBFC 83C4 14 ADD ESP,0x14 + * 0042CBFF C3 RETN + * 0042CC00 8B4424 04 MOV EAX,DWORD PTR SS:[ESP+0x4] + * 0042CC04 8B48 10 MOV ECX,DWORD PTR DS:[EAX+0x10] + * 0042CC07 8B50 0C MOV EDX,DWORD PTR DS:[EAX+0xC] + * 0042CC0A 51 PUSH ECX + * 0042CC0B 8B48 08 MOV ECX,DWORD PTR DS:[EAX+0x8] + * 0042CC0E 52 PUSH EDX + * 0042CC0F 8B50 04 MOV EDX,DWORD PTR DS:[EAX+0x4] + * 0042CC12 8B00 MOV EAX,DWORD PTR DS:[EAX] + * 0042CC14 51 PUSH ECX + * 0042CC15 52 PUSH EDX + * 0042CC16 50 PUSH EAX + * 0042CC17 E8 C4FF0A00 CALL .004DCBE0 + * 0042CC1C 83C4 14 ADD ESP,0x14 + * 0042CC1F C3 RETN + * 0042CC20 8B4424 04 MOV EAX,DWORD PTR SS:[ESP+0x4] + * 0042CC24 8B08 MOV ECX,DWORD PTR DS:[EAX] + * 0042CC26 894C24 04 MOV DWORD PTR SS:[ESP+0x4],ECX + * 0042CC2A E9 71FB0A00 JMP .004DC7A0 + * 0042CC2F CC INT3 + * 0042CC30 56 PUSH ESI + * 0042CC31 8B7424 08 MOV ESI,DWORD PTR SS:[ESP+0x8] + * 0042CC35 8B06 MOV EAX,DWORD PTR DS:[ESI] + * 0042CC37 50 PUSH EAX + * 0042CC38 E8 63FB0A00 CALL .004DC7A0 + * 0042CC3D D946 0C FLD DWORD PTR DS:[ESI+0xC] + * 0042CC40 D91C24 FSTP DWORD PTR SS:[ESP] + * 0042CC43 83EC 08 SUB ESP,0x8 + * 0042CC46 D946 08 FLD DWORD PTR DS:[ESI+0x8] + * 0042CC49 D95C24 04 FSTP DWORD PTR SS:[ESP+0x4] + * 0042CC4D D946 04 FLD DWORD PTR DS:[ESI+0x4] + * 0042CC50 D91C24 FSTP DWORD PTR SS:[ESP] + * 0042CC53 50 PUSH EAX + * 0042CC54 E8 27680400 CALL .00473480 + * 0042CC59 83C4 10 ADD ESP,0x10 + * 0042CC5C B8 01000000 MOV EAX,0x1 + * 0042CC61 5E POP ESI + * 0042CC62 C3 RETN + * 0042CC63 CC INT3 + * 0042CC64 CC INT3 + * 0042CC65 CC INT3 + * 0042CC66 CC INT3 + * 0042CC67 CC INT3 + * 0042CC68 CC INT3 + * 0042CC69 CC INT3 * + */ +namespace { // unnamed +/** + * Handle new lines and ruby. + * + * そ�日、彼の言葉に耳を傾ける�ぁ�かった� * ザールラント歴丹�〹� 二ノ月二十日グローセン州 ヘルフォルト区郊� * + * 僁�な霋�の後�r>を開け��r>見覚えのある輪郭が瞳に�り込む� * + * そ�日、彼の言葉に耳を傾ける�ぁ�かった。――尊厳を捨てて媚�る。それが生きることか?――��ぁ�敗北したのた誰しも少年の声を聞かず、蔑み、そして冷笑してぁ�。安寧の世がぁ�までも続くと信じてぁ�から。それでも、私�――。ザールラント歴丹�〹� 二ノ月二十日グローセン州 ヘルフォルト区郊外僅かな霋�の後�r>を開け��r>見覚えのある輪郭が瞳に�り込む + */ +bool EscudeFilter(LPVOID data, size_t *size, HookParam *) +{ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + StringCharReplacer(text, len, "", 3, '\n'); + + if (cpp_strnstr(text, "", 7); + StringFilterBetween(text, len, "", 2); + } + return true; +} +LPCSTR _escudeltrim(LPCSTR text) +{ + if (text && *text == '<') + for (auto p = text; (signed char)*p > 0; p++) + if (*p == '>') + return p + 1; + return text; +} +void SpecialHookEscude(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) +{ + DWORD arg1 = stack->stack[1]; + if (!arg1 || (LONG)arg1 == -1 || ::IsBadWritePtr((LPVOID)arg1, 4)) // this is indispensable + return; + LPCSTR text = (LPCSTR)*(DWORD *)(arg1 + 0x20); + if (!text || ::IsBadWritePtr((LPVOID)text, 1) || !*text) // this is indispensable + return; + text = _escudeltrim(text); + if (!text) + return; + *data = (DWORD)text; + *len = ::strlen(text); + *split = *(DWORD *)arg1; +} +struct HookArgument +{ + ULONG split; + //ULONG unknown1[3]; + //LPCSTR text1; // 0x10 only for old games + ULONG unknown[7]; + LPCSTR text; // 0x20 + + bool isValid() const { return Engine::isAddressWritable(text) && *text; } + + Engine::TextRole role() const + { + if (split >= 0xff) + return Engine::OtherRole; + static ULONG maxSplit_ = 0; + if (split > maxSplit_) + maxSplit_ = split; + if (split == maxSplit_) + return Engine::ScenarioRole; + return Engine::NameRole; // scenario role is larger than name role + } +}; +LPCSTR trimmedText; +bool hook_before(hook_stack*s,void* data, size_t* len,uintptr_t*role){ + + auto arg = (HookArgument *)s->stack[1]; + if ((long)arg == -1 || !Engine::isAddressWritable(arg) || !arg->isValid()) + return false; + trimmedText = _escudeltrim(arg->text); + * role = arg->role(); + strcpy((char*)data,trimmedText); + *len=strlen(trimmedText); + return true; +} +void hook_after(hook_stack*s,void* data, size_t len){ + static std::string data_; + data_=std::string((char*)data,len); + auto arg = (HookArgument *)s->stack[1]; + if(trimmedText!=arg->text) + data_.insert(0,std::string(arg->text, trimmedText - arg->text)); + arg->text=data_.c_str(); +} +} // unnamed namespace +bool InsertEscudeHook() +{ + const BYTE bytes[] = { + 0x76, 0x0a, // 0042cb9c 76 0a jbe short .0042cba8 + 0x49, // 0042cb9e 49 dec ecx + 0x0f,0xaf,0x48, 0x0c // 0042cb9f 0faf48 0c imul ecx,dword ptr ds:[eax+0xc] + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + //GROWL(addr); + if (!addr) { + ConsoleOutput("Escude: pattern not found"); + return false; + } + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) { + ConsoleOutput("Escude: enclosing function not found"); + return false; + } + HookParam hp; + hp.address = addr; + hp.hook_before=hook_before; + hp.hook_after=hook_after; + hp.hook_font=F_TextOutA|F_GetTextExtentPoint32A; + hp.text_fun = SpecialHookEscude; + hp.filter_fun = EscudeFilter; + hp.type = USING_STRING|USING_SPLIT|NO_CONTEXT|EMBED_ABLE|EMBED_DYNA_SJIS; // NO_CONTEXT as this function is only called by one caller anyway + hp.newlineseperator=L""; + ConsoleOutput("INSERT Escude"); + + return NewHook(hp, "Escude"); +} + +bool Escude::attach_function() { + return InsertEscudeHook(); +} \ No newline at end of file diff --git a/LunaHook/engine32/Escude.h b/LunaHook/engine32/Escude.h new file mode 100644 index 0000000..bcab7ab --- /dev/null +++ b/LunaHook/engine32/Escude.h @@ -0,0 +1,11 @@ +#include"engine.h" + +class Escude:public ENGINE{ + public: + Escude(){ + + check_by=CHECK_BY::FILE_ALL; + check_by_target=check_by_list{L"configure.cfg",L"gfx.bin"}; + } + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Eushully.cpp b/LunaHook/engine32/Eushully.cpp new file mode 100644 index 0000000..f207649 --- /dev/null +++ b/LunaHook/engine32/Eushully.cpp @@ -0,0 +1,522 @@ +#include"Eushully.h" + +/** jichi 6/1/2014 Eushully + * Insert to the last GetTextExtentPoint32A + * + * ATCode: + * http://capita.tistory.com/m/post/255 + * + * Binary: + * {AGE.EXE!0x000113C3(89 C2 C1 E2 04 29 C2 E8 BD 25 20 00 52 89 D1 59), AGE.EXE!0x00012A47(E8 40 0F 20 00 90 90 90 90), AGE.EXE!0x0001DF07(55 8B EC 83 EC 08 56 EB 07 E8 32 5A 1F 00 EB F0), AGE.EXE!0x002137CE(90 90 90 90 90 C2 04 00 53 8B 1A 83 FB 6E 74 14 81 FB 96 01 00 00 74 1B 83 FB 6F 74 25 83 FB 72 74 27 EB 2C 8B 5A 10 89 1F 83 C7 04 B8 05 00 00 00 EB 1F 8B 5A 10 89 1F 83 C7 04 B8 07 00 00 00 EB 10 B8 03 00 00 00 EB 09 B8 01 00 00 00 EB 02 31 C0 5B C3 60 89 E5 83 EC 18 E8 7E 01 00 00 8B 55 F8 83 3A 00 75 31 8B 45 FC 8B 4C 30 E8 89 CA C1 E2 04 29 CA 8D 0C D6 8B 1C 08 51 8B 4C 08 FC 8B 7D F4 89 DA E8 7E FF FF FF 85 C0 74 0A 83 F8 01 74 09 8D 14 82 EB ED 89 EC 61 C3 C7 07 00 00 00 00 8B 75 F4 8B 7D F0 52 8B 06 85 C0 74 17 8D 04 81 8A 10 80 FA FF 74 08 F6 D2 88 17 40 47 EB F1 83 C6 04 EB E3 8B 55 F0 52 8B 02 E8 2F FF FF FF 8B 12 39 D0 74 C1 8B 55 F8 C7 02 01 00 00 00 8B 4D E4 8B 45 FC 8D 04 08 8B 55 F8 89 42 04 58 89 42 08 89 5A 0C 8B 45 FC 8B 4C 08 FC 8B 45 F4 8B 00 89 42 10 8D 04 81 89 42 14 8B 72 0C 8B 7D EC B9 08 00 00 00 F3 A5 8B 5D E8 8B 7A 14 8B 75 F0 31 C9 52 8A 06 84 C0 74 0F F6 D0 8A 14 39 88 14 19 88 04 39 41 46 EB EB 5A 8B 04 39 89 04 19 31 C0 F7 D0 89 04 39 83 C1 04 89 4A 18 8B 7A 0C 8B 42 10 31 C9 BB 6E 00 00 00 89 1F 89 4F 04 89 4F 08 C7 47 0C 02 00 00 00 83 C3 04 89 5F 14 89 4F 18 89 4F 1C 89 EC 61 C3 60 89 E5 83 EC 18 E8 59 00 00 00 8B 5D F8 83 3B 01 75 2E 31 C9 89 0B 8B 7B 0C 8B 75 EC 8D 49 08 F3 A5 8B 7B 14 8B 75 E8 8B 4B 18 F3 A4 8B 43 04 8B 53 08 89 10 8D 7B 04 31 C0 B9 40 01 00 00 F3 AB 89 EC 61 C3 8B 8C D6 A8 D7 05 00 8B 01 3D 96 01 00 00 74 07 83 F8 6E 74 02 EB 07 E8 7A FE FF FF 8B 01 C3 60 C7 45 FC A8 D7 05 00 EB 03 58 EB 05 E8 F8 FF FF FF 2D BD 39 21 00 03 80 D4 02 00 00 B9 00 01 00 00 8D 80 00 40 01 00 89 45 F8 8D 04 01 89 45 F4 8D 04 01 89 45 F0 8D 04 01 89 45 EC 8D 04 01 89 45 E8 61 C3)} + * + * #1 other text AGE.EXE!0x000113C3(89 C2 C1 E2 04 29 C2 E8 BD 25 20 00 52 89 D1 59) + * #2 scenario AGE.EXE!0x00012A47(E8 40 0F 20 00 90 90 90 90) + * + * 0041130B 8B96 9CA30A00 MOV EDX,DWORD PTR DS:[ESI+0xAA39C] + * 00411311 81A6 CCA90A00 FF>AND DWORD PTR DS:[ESI+0xAA9CC],0xF7FFFFF> + * 0041131B 33C0 XOR EAX,EAX + * 0041131D 50 PUSH EAX + * 0041131E 8986 1C160000 MOV DWORD PTR DS:[ESI+0x161C],EAX + * 00411324 8986 78EB0500 MOV DWORD PTR DS:[ESI+0x5EB78],EAX + * 0041132A 8B42 0C MOV EAX,DWORD PTR DS:[EDX+0xC] + * 0041132D 68 F4536100 PUSH .006153F4 ; ASCII "message:ReadTextSkip" + * 00411332 8D8E 9CA30A00 LEA ECX,DWORD PTR DS:[ESI+0xAA39C] + * 00411338 FFD0 CALL EAX + * 0041133A 8B96 9CA30A00 MOV EDX,DWORD PTR DS:[ESI+0xAA39C] + * 00411340 8B42 04 MOV EAX,DWORD PTR DS:[EDX+0x4] + * 00411343 68 4C606100 PUSH .0061604C ; ASCII "set:CancelMesSkipOnClick" + * 00411348 8D8E 9CA30A00 LEA ECX,DWORD PTR DS:[ESI+0xAA39C] + * 0041134E FFD0 CALL EAX + * 00411350 83F8 02 CMP EAX,0x2 + * 00411353 75 1A JNZ SHORT .0041136F + * 00411355 68 34606100 PUSH .00616034 ; ASCII "CALLBACK_SETTING.BIN" + * 0041135A 8BCE MOV ECX,ESI + * 0041135C E8 7FFBFFFF CALL .00410EE0 + * 00411361 5F POP EDI + * 00411362 5E POP ESI + * 00411363 5B POP EBX + * 00411364 C3 RETN + * 00411365 C786 18770700 01>MOV DWORD PTR DS:[ESI+0x77718],0x1 + * 0041136F 83BE 6C780700 00 CMP DWORD PTR DS:[ESI+0x7786C],0x0 + * 00411376 75 45 JNZ SHORT .004113BD + * 00411378 F603 40 TEST BYTE PTR DS:[EBX],0x40 + * 0041137B 75 40 JNZ SHORT .004113BD + * 0041137D 81A6 CCA90A00 FF>AND DWORD PTR DS:[ESI+0xAA9CC],0xF7FFFFF> + * 00411387 33DB XOR EBX,EBX + * 00411389 8DBE B0780700 LEA EDI,DWORD PTR DS:[ESI+0x778B0] + * 0041138F 90 NOP + * 00411390 8B07 MOV EAX,DWORD PTR DS:[EDI] + * 00411392 85C0 TEST EAX,EAX + * 00411394 74 1E JE SHORT .004113B4 + * 00411396 8B8F E4D5F8FF MOV ECX,DWORD PTR DS:[EDI+0xFFF8D5E4] + * 0041139C 8B57 0C MOV EDX,DWORD PTR DS:[EDI+0xC] + * 0041139F 51 PUSH ECX + * 004113A0 52 PUSH EDX + * 004113A1 50 PUSH EAX + * 004113A2 53 PUSH EBX + * 004113A3 8D8E 04480100 LEA ECX,DWORD PTR DS:[ESI+0x14804] + * 004113A9 E8 42840900 CALL .004A97F0 + * 004113AE C707 00000000 MOV DWORD PTR DS:[EDI],0x0 + * 004113B4 43 INC EBX + * 004113B5 83C7 04 ADD EDI,0x4 + * 004113B8 83FB 03 CMP EBX,0x3 + * 004113BB ^7C D3 JL SHORT .00411390 + * 004113BD 8B86 90D70500 MOV EAX,DWORD PTR DS:[ESI+0x5D790] + * 004113C3 8BC8 MOV ECX,EAX ; jichi: #1 hook here + * 004113C5 C1E1 04 SHL ECX,0x4 + * 004113C8 2BC8 SUB ECX,EAX + * 004113CA 8B94CE A8D70500 MOV EDX,DWORD PTR DS:[ESI+ECX*8+0x5D7A8] + * 004113D1 8B02 MOV EAX,DWORD PTR DS:[EDX] + * 004113D3 85C0 TEST EAX,EAX + * //004113C3 89C2 MOV EDX,EAX + * //004113C5 C1E2 04 SHL EDX,0x4 + * //004113C8 29C2 SUB EDX,EAX + * //004113CA E8 BD252000 CALL .0061398C + * //004113CF 52 PUSH EDX + * //004113D0 89D1 MOV ECX,EDX + * //004113D2 59 POP ECX + * 004113D5 78 35 JS SHORT .0041140C + * 004113D7 3D 00040000 CMP EAX,0x400 + * 004113DC 7D 2E JGE SHORT .0041140C + * 004113DE 8B8486 244F0A00 MOV EAX,DWORD PTR DS:[ESI+EAX*4+0xA4F24] + * 004113E5 8BCE MOV ECX,ESI + * 004113E7 FFD0 CALL EAX + * 004113E9 8B86 90D70500 MOV EAX,DWORD PTR DS:[ESI+0x5D790] + * 004113EF 8BC8 MOV ECX,EAX + * 004113F1 C1E1 04 SHL ECX,0x4 + * 004113F4 2BC8 SUB ECX,EAX + * 004113F6 8B94CE 04D80500 MOV EDX,DWORD PTR DS:[ESI+ECX*8+0x5D804] + * 004113FD 8D04CE LEA EAX,DWORD PTR DS:[ESI+ECX*8] + * 00411400 03D2 ADD EDX,EDX + * 00411402 03D2 ADD EDX,EDX + * 00411404 0190 A8D70500 ADD DWORD PTR DS:[EAX+0x5D7A8],EDX + * 0041140A EB 07 JMP SHORT .00411413 + * 0041140C 8BCE MOV ECX,ESI + * 0041140E E8 7D6C0000 CALL .00418090 + * 00411413 8B86 9CA30A00 MOV EAX,DWORD PTR DS:[ESI+0xAA39C] + * 00411419 8B50 04 MOV EDX,DWORD PTR DS:[EAX+0x4] + * 0041141C 8D8E 9CA30A00 LEA ECX,DWORD PTR DS:[ESI+0xAA39C] + * 00411422 68 4C606100 PUSH .0061604C ; ASCII "set:CancelMesSkipOnClick" + * 00411427 FFD2 CALL EDX + * 00411429 85C0 TEST EAX,EAX + * 0041142B ^0F85 30FFFFFF JNZ .00411361 + * 00411431 3986 D8C90000 CMP DWORD PTR DS:[ESI+0xC9D8],EAX + * 00411437 ^0F84 24FFFFFF JE .00411361 + * 0041143D 8B86 D0A90A00 MOV EAX,DWORD PTR DS:[ESI+0xAA9D0] + * 00411443 A8 10 TEST AL,0x10 + * 00411445 0F84 84000000 JE .004114CF + * 0041144B 83E0 EF AND EAX,0xFFFFFFEF + * 0041144E 83BE 10770700 00 CMP DWORD PTR DS:[ESI+0x77710],0x0 + * 00411455 8986 D0A90A00 MOV DWORD PTR DS:[ESI+0xAA9D0],EAX + * 0041145B ^0F85 00FFFFFF JNZ .00411361 + * 00411461 8B86 ECC90000 MOV EAX,DWORD PTR DS:[ESI+0xC9EC] + * 00411467 8DBE 3C550000 LEA EDI,DWORD PTR DS:[ESI+0x553C] + * 0041146D 85C0 TEST EAX,EAX + * 0041146F ^0F88 ECFEFFFF JS .00411361 + * 00411475 3987 08040000 CMP DWORD PTR DS:[EDI+0x408],EAX + * 0041147B ^0F8E E0FEFFFF JLE .00411361 + * 00411481 8BCE MOV ECX,ESI + * 00411483 E8 A86AFFFF CALL .00407F30 + * 00411488 6A 00 PUSH 0x0 + * 0041148A 8BCE MOV ECX,ESI + * 0041148C E8 EF3CFFFF CALL .00405180 + * 00411491 8B86 90D70500 MOV EAX,DWORD PTR DS:[ESI+0x5D790] + * 00411497 8BC8 MOV ECX,EAX + * 00411499 C1E1 04 SHL ECX,0x4 + * 0041149C 2BC8 SUB ECX,EAX + * 0041149E 8D34CE LEA ESI,DWORD PTR DS:[ESI+ECX*8] + * 004114A1 8BCF MOV ECX,EDI + * 004114A3 E8 0839FFFF CALL .00404DB0 + * 004114A8 8B96 A4D70500 MOV EDX,DWORD PTR DS:[ESI+0x5D7A4] + * 004114AE 8D0482 LEA EAX,DWORD PTR DS:[EDX+EAX*4] + * 004114B1 8986 A8D70500 MOV DWORD PTR DS:[ESI+0x5D7A8],EAX + * 004114B7 C787 B0740000 FF>MOV DWORD PTR DS:[EDI+0x74B0],-0x1 + * + * 00412953 53 PUSH EBX + * 00412954 FF15 B8406100 CALL DWORD PTR DS:[0x6140B8] ; kernel32.Sleep + * 0041295A 53 PUSH EBX + * 0041295B 53 PUSH EBX + * 0041295C 53 PUSH EBX + * 0041295D 53 PUSH EBX + * 0041295E 8D8D 34F8FFFF LEA ECX,DWORD PTR SS:[EBP-0x7CC] + * 00412964 51 PUSH ECX + * 00412965 FF15 AC436100 CALL DWORD PTR DS:[0x6143AC] ; user32.PeekMessageA + * 0041296B 85C0 TEST EAX,EAX + * 0041296D ^0F85 5DF3FFFF JNZ .00411CD0 + * 00412973 ^E9 D8F3FFFF JMP .00411D50 + * 00412978 A9 00000020 TEST EAX,0x20000000 + * 0041297D 74 0C JE SHORT .0041298B + * 0041297F 8BCE MOV ECX,ESI + * 00412981 E8 3A63FFFF CALL .00408CC0 + * 00412986 ^E9 C5F3FFFF JMP .00411D50 + * 0041298B 85C0 TEST EAX,EAX + * 0041298D 79 14 JNS SHORT .004129A3 + * 0041298F 8BCE MOV ECX,ESI + * 00412991 E8 AAEBFFFF CALL .00411540 + * 00412996 6A 02 PUSH 0x2 + * 00412998 FF15 B8406100 CALL DWORD PTR DS:[0x6140B8] ; kernel32.Sleep + * 0041299E ^E9 ADF3FFFF JMP .00411D50 + * 004129A3 A8 01 TEST AL,0x1 + * 004129A5 74 25 JE SHORT .004129CC + * 004129A7 8D8E D08D0600 LEA ECX,DWORD PTR DS:[ESI+0x68DD0] + * 004129AD E8 CEF30300 CALL .00451D80 + * 004129B2 8985 ACF8FFFF MOV DWORD PTR SS:[EBP-0x754],EAX + * 004129B8 3BC3 CMP EAX,EBX + * 004129BA ^0F8C 90F3FFFF JL .00411D50 + * 004129C0 83A6 CCA90A00 FE AND DWORD PTR DS:[ESI+0xAA9CC],0xFFFFFFF> + * 004129C7 ^E9 84F3FFFF JMP .00411D50 + * 004129CC A8 20 TEST AL,0x20 + * 004129CE 74 3C JE SHORT .00412A0C + * 004129D0 8D8E 5C8E0600 LEA ECX,DWORD PTR DS:[ESI+0x68E5C] + * 004129D6 E8 A5F30300 CALL .00451D80 + * 004129DB 8985 ACF8FFFF MOV DWORD PTR SS:[EBP-0x754],EAX + * 004129E1 3BC3 CMP EAX,EBX + * 004129E3 ^0F8C 67F3FFFF JL .00411D50 + * 004129E9 83A6 CCA90A00 DF AND DWORD PTR DS:[ESI+0xAA9CC],0xFFFFFFD> + * 004129F0 8D8E 5C8E0600 LEA ECX,DWORD PTR DS:[ESI+0x68E5C] + * 004129F6 E8 45EE0300 CALL .00451840 + * 004129FB 50 PUSH EAX + * 004129FC 8D8E 5C8E0600 LEA ECX,DWORD PTR DS:[ESI+0x68E5C] + * 00412A02 E8 39F30300 CALL .00451D40 + * 00412A07 ^E9 44F3FFFF JMP .00411D50 + * 00412A0C A9 00000010 TEST EAX,0x10000000 + * 00412A11 74 14 JE SHORT .00412A27 + * 00412A13 8BCE MOV ECX,ESI + * 00412A15 E8 A664FFFF CALL .00408EC0 + * 00412A1A 6A 02 PUSH 0x2 + * 00412A1C FF15 B8406100 CALL DWORD PTR DS:[0x6140B8] ; kernel32.Sleep + * 00412A22 ^E9 29F3FFFF JMP .00411D50 + * 00412A27 A9 00008000 TEST EAX,0x800000 + * 00412A2C 74 0C JE SHORT .00412A3A + * 00412A2E 8BCE MOV ECX,ESI + * 00412A30 E8 6B66FFFF CALL .004090A0 + * 00412A35 ^E9 16F3FFFF JMP .00411D50 + * 00412A3A 8B86 90D70500 MOV EAX,DWORD PTR DS:[ESI+0x5D790] + * 00412A40 8BD0 MOV EDX,EAX + * 00412A42 C1E2 04 SHL EDX,0x4 + * 00412A45 2BD0 SUB EDX,EAX + * 00412A47 8B84D6 A8D70500 MOV EAX,DWORD PTR DS:[ESI+EDX*8+0x5D7A8] ; jichi: #2 hook here + * //00412A47 E8 400F2000 CALL .0061398C + * 00412A4E 8B00 MOV EAX,DWORD PTR DS:[EAX] + * 00412A50 3BC3 CMP EAX,EBX + * 00412A52 7C 37 JL SHORT .00412A8B + * 00412A54 3D 00040000 CMP EAX,0x400 + * 00412A59 7D 30 JGE SHORT .00412A8B + * 00412A5B 8BCE MOV ECX,ESI + * 00412A5D 8B9486 244F0A00 MOV EDX,DWORD PTR DS:[ESI+EAX*4+0xA4F24] + * 00412A64 FFD2 CALL EDX + * 00412A66 8B86 90D70500 MOV EAX,DWORD PTR DS:[ESI+0x5D790] + * 00412A6C 8BC8 MOV ECX,EAX + * 00412A6E C1E1 04 SHL ECX,0x4 + * 00412A71 2BC8 SUB ECX,EAX + * 00412A73 8D04CE LEA EAX,DWORD PTR DS:[ESI+ECX*8] + * 00412A76 8B90 04D80500 MOV EDX,DWORD PTR DS:[EAX+0x5D804] + * 00412A7C 03D2 ADD EDX,EDX + * 00412A7E 03D2 ADD EDX,EDX + * 00412A80 0190 A8D70500 ADD DWORD PTR DS:[EAX+0x5D7A8],EDX + * 00412A86 ^E9 C5F2FFFF JMP .00411D50 + * 00412A8B 8BCE MOV ECX,ESI + * 00412A8D E8 FE550000 CALL .00418090 + * 00412A92 ^E9 B9F2FFFF JMP .00411D50 + * 00412A97 C785 A4F8FFFF 01>MOV DWORD PTR SS:[EBP-0x75C],0x1 + * 00412AA1 C745 FC FFFFFFFF MOV DWORD PTR SS:[EBP-0x4],-0x1 + * 00412AA8 B8 E02D4100 MOV EAX,.00412DE0 + * 00412AAD C3 RETN + * 00412AAE 8B85 14F8FFFF MOV EAX,DWORD PTR SS:[EBP-0x7EC] + * 00412AB4 50 PUSH EAX + * 00412AB5 8B8D 10F8FFFF MOV ECX,DWORD PTR SS:[EBP-0x7F0] + * + * Patched code: + * + * 0041DF07 55 PUSH EBP + * 0041DF08 8BEC MOV EBP,ESP + * 0041DF0A 83EC 08 SUB ESP,0x8 + * 0041DF0D 56 PUSH ESI + * 0041DF0E EB 07 JMP SHORT .0041DF17 + * 0041DF10 E8 325A1F00 CALL .00613947 + * 0041DF15 ^EB F0 JMP SHORT .0041DF07 + * + * 006137CE 90 NOP + * 006137CF 90 NOP + * 006137D0 90 NOP + * 006137D1 90 NOP + * 006137D2 90 NOP + * 006137D3 C2 0400 RETN 0x4 + * 006137D6 53 PUSH EBX + * 006137D7 8B1A MOV EBX,DWORD PTR DS:[EDX] + * 006137D9 83FB 6E CMP EBX,0x6E + * 006137DC 74 14 JE SHORT .006137F2 + * 006137DE 81FB 96010000 CMP EBX,0x196 + * 006137E4 74 1B JE SHORT .00613801 + * 006137E6 83FB 6F CMP EBX,0x6F + * 006137E9 74 25 JE SHORT .00613810 + * 006137EB 83FB 72 CMP EBX,0x72 + * 006137EE 74 27 JE SHORT .00613817 + * 006137F0 EB 2C JMP SHORT .0061381E + * 006137F2 8B5A 10 MOV EBX,DWORD PTR DS:[EDX+0x10] + * 006137F5 891F MOV DWORD PTR DS:[EDI],EBX + * 006137F7 83C7 04 ADD EDI,0x4 + * 006137FA B8 05000000 MOV EAX,0x5 + * 006137FF EB 1F JMP SHORT .00613820 + * 00613801 8B5A 10 MOV EBX,DWORD PTR DS:[EDX+0x10] + * 00613804 891F MOV DWORD PTR DS:[EDI],EBX + * 00613806 83C7 04 ADD EDI,0x4 + * 00613809 B8 07000000 MOV EAX,0x7 + * 0061380E EB 10 JMP SHORT .00613820 + * 00613810 B8 03000000 MOV EAX,0x3 + * 00613815 EB 09 JMP SHORT .00613820 + * 00613817 B8 01000000 MOV EAX,0x1 + * 0061381C EB 02 JMP SHORT .00613820 + * 0061381E 31C0 XOR EAX,EAX + * 00613820 5B POP EBX + * 00613821 C3 RETN + * 00613822 60 PUSHAD ; jichi: the translate function for hookpoint #2 + * 00613823 89E5 MOV EBP,ESP + * 00613825 83EC 18 SUB ESP,0x18 ; reserve 18 local variables + * 00613828 E8 7E010000 CALL .006139AB + * 0061382D 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-0x8] + * 00613830 833A 00 CMP DWORD PTR DS:[EDX],0x0 + * 00613833 75 31 JNZ SHORT .00613866 + * 00613835 8B45 FC MOV EAX,DWORD PTR SS:[EBP-0x4] + * 00613838 8B4C30 E8 MOV ECX,DWORD PTR DS:[EAX+ESI-0x18] + * 0061383C 89CA MOV EDX,ECX + * 0061383E C1E2 04 SHL EDX,0x4 + * 00613841 29CA SUB EDX,ECX + * 00613843 8D0CD6 LEA ECX,DWORD PTR DS:[ESI+EDX*8] + * 00613846 8B1C08 MOV EBX,DWORD PTR DS:[EAX+ECX] + * 00613849 51 PUSH ECX + * 0061384A 8B4C08 FC MOV ECX,DWORD PTR DS:[EAX+ECX-0x4] + * 0061384E 8B7D F4 MOV EDI,DWORD PTR SS:[EBP-0xC] + * 00613851 89DA MOV EDX,EBX + * 00613853 E8 7EFFFFFF CALL .006137D6 + * 00613858 85C0 TEST EAX,EAX + * 0061385A 74 0A JE SHORT .00613866 + * 0061385C 83F8 01 CMP EAX,0x1 + * 0061385F 74 09 JE SHORT .0061386A + * 00613861 8D1482 LEA EDX,DWORD PTR DS:[EDX+EAX*4] + * 00613864 ^EB ED JMP SHORT .00613853 + * 00613866 89EC MOV ESP,EBP + * 00613868 61 POPAD + * 00613869 C3 RETN + * 0061386A C707 00000000 MOV DWORD PTR DS:[EDI],0x0 + * 00613870 8B75 F4 MOV ESI,DWORD PTR SS:[EBP-0xC] + * 00613873 8B7D F0 MOV EDI,DWORD PTR SS:[EBP-0x10] + * 00613876 52 PUSH EDX + * 00613877 8B06 MOV EAX,DWORD PTR DS:[ESI] + * 00613879 85C0 TEST EAX,EAX + * 0061387B 74 17 JE SHORT .00613894 + * 0061387D 8D0481 LEA EAX,DWORD PTR DS:[ECX+EAX*4] + * 00613880 8A10 MOV DL,BYTE PTR DS:[EAX] + * 00613882 80FA FF CMP DL,0xFF + * 00613885 74 08 JE SHORT .0061388F + * 00613887 F6D2 NOT DL + * 00613889 8817 MOV BYTE PTR DS:[EDI],DL + * 0061388B 40 INC EAX + * 0061388C 47 INC EDI + * 0061388D ^EB F1 JMP SHORT .00613880 + * 0061388F 83C6 04 ADD ESI,0x4 + * 00613892 ^EB E3 JMP SHORT .00613877 + * 00613894 8B55 F0 MOV EDX,DWORD PTR SS:[EBP-0x10] + * 00613897 52 PUSH EDX + * 00613898 8B02 MOV EAX,DWORD PTR DS:[EDX] + * 0061389A E8 2FFFFFFF CALL .006137CE + * 0061389F 8B12 MOV EDX,DWORD PTR DS:[EDX] + * 006138A1 39D0 CMP EAX,EDX + * 006138A3 ^74 C1 JE SHORT .00613866 + * 006138A5 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-0x8] + * 006138A8 C702 01000000 MOV DWORD PTR DS:[EDX],0x1 + * 006138AE 8B4D E4 MOV ECX,DWORD PTR SS:[EBP-0x1C] + * 006138B1 8B45 FC MOV EAX,DWORD PTR SS:[EBP-0x4] + * 006138B4 8D0408 LEA EAX,DWORD PTR DS:[EAX+ECX] + * 006138B7 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-0x8] + * 006138BA 8942 04 MOV DWORD PTR DS:[EDX+0x4],EAX + * 006138BD 58 POP EAX + * 006138BE 8942 08 MOV DWORD PTR DS:[EDX+0x8],EAX + * 006138C1 895A 0C MOV DWORD PTR DS:[EDX+0xC],EBX + * 006138C4 8B45 FC MOV EAX,DWORD PTR SS:[EBP-0x4] + * 006138C7 8B4C08 FC MOV ECX,DWORD PTR DS:[EAX+ECX-0x4] + * 006138CB 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-0xC] + * 006138CE 8B00 MOV EAX,DWORD PTR DS:[EAX] + * 006138D0 8942 10 MOV DWORD PTR DS:[EDX+0x10],EAX + * 006138D3 8D0481 LEA EAX,DWORD PTR DS:[ECX+EAX*4] + * 006138D6 8942 14 MOV DWORD PTR DS:[EDX+0x14],EAX + * 006138D9 8B72 0C MOV ESI,DWORD PTR DS:[EDX+0xC] + * 006138DC 8B7D EC MOV EDI,DWORD PTR SS:[EBP-0x14] + * 006138DF B9 08000000 MOV ECX,0x8 + * 006138E4 F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS> + * 006138E6 8B5D E8 MOV EBX,DWORD PTR SS:[EBP-0x18] + * 006138E9 8B7A 14 MOV EDI,DWORD PTR DS:[EDX+0x14] + * 006138EC 8B75 F0 MOV ESI,DWORD PTR SS:[EBP-0x10] + * 006138EF 31C9 XOR ECX,ECX + * 006138F1 52 PUSH EDX + * 006138F2 8A06 MOV AL,BYTE PTR DS:[ESI] + * 006138F4 84C0 TEST AL,AL + * 006138F6 74 0F JE SHORT .00613907 + * 006138F8 F6D0 NOT AL + * 006138FA 8A1439 MOV DL,BYTE PTR DS:[ECX+EDI] + * 006138FD 881419 MOV BYTE PTR DS:[ECX+EBX],DL + * 00613900 880439 MOV BYTE PTR DS:[ECX+EDI],AL + * 00613903 41 INC ECX + * 00613904 46 INC ESI + * 00613905 ^EB EB JMP SHORT .006138F2 + * 00613907 5A POP EDX + * 00613908 8B0439 MOV EAX,DWORD PTR DS:[ECX+EDI] + * 0061390B 890419 MOV DWORD PTR DS:[ECX+EBX],EAX + * 0061390E 31C0 XOR EAX,EAX + * 00613910 F7D0 NOT EAX + * 00613912 890439 MOV DWORD PTR DS:[ECX+EDI],EAX + * 00613915 83C1 04 ADD ECX,0x4 + * 00613918 894A 18 MOV DWORD PTR DS:[EDX+0x18],ECX + * 0061391B 8B7A 0C MOV EDI,DWORD PTR DS:[EDX+0xC] + * 0061391E 8B42 10 MOV EAX,DWORD PTR DS:[EDX+0x10] + * 00613921 31C9 XOR ECX,ECX + * 00613923 BB 6E000000 MOV EBX,0x6E + * 00613928 891F MOV DWORD PTR DS:[EDI],EBX + * 0061392A 894F 04 MOV DWORD PTR DS:[EDI+0x4],ECX + * 0061392D 894F 08 MOV DWORD PTR DS:[EDI+0x8],ECX + * 00613930 C747 0C 02000000 MOV DWORD PTR DS:[EDI+0xC],0x2 + * 00613937 83C3 04 ADD EBX,0x4 + * 0061393A 895F 14 MOV DWORD PTR DS:[EDI+0x14],EBX + * 0061393D 894F 18 MOV DWORD PTR DS:[EDI+0x18],ECX + * 00613940 894F 1C MOV DWORD PTR DS:[EDI+0x1C],ECX + * 00613943 89EC MOV ESP,EBP + * 00613945 61 POPAD + * 00613946 C3 RETN + * 00613947 60 PUSHAD + * 00613948 89E5 MOV EBP,ESP + * 0061394A 83EC 18 SUB ESP,0x18 + * 0061394D E8 59000000 CALL .006139AB + * 00613952 8B5D F8 MOV EBX,DWORD PTR SS:[EBP-0x8] + * 00613955 833B 01 CMP DWORD PTR DS:[EBX],0x1 + * 00613958 75 2E JNZ SHORT .00613988 + * 0061395A 31C9 XOR ECX,ECX + * 0061395C 890B MOV DWORD PTR DS:[EBX],ECX + * 0061395E 8B7B 0C MOV EDI,DWORD PTR DS:[EBX+0xC] + * 00613961 8B75 EC MOV ESI,DWORD PTR SS:[EBP-0x14] + * 00613964 8D49 08 LEA ECX,DWORD PTR DS:[ECX+0x8] + * 00613967 F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS> + * 00613969 8B7B 14 MOV EDI,DWORD PTR DS:[EBX+0x14] + * 0061396C 8B75 E8 MOV ESI,DWORD PTR SS:[EBP-0x18] + * 0061396F 8B4B 18 MOV ECX,DWORD PTR DS:[EBX+0x18] + * 00613972 F3:A4 REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[> + * 00613974 8B43 04 MOV EAX,DWORD PTR DS:[EBX+0x4] + * 00613977 8B53 08 MOV EDX,DWORD PTR DS:[EBX+0x8] + * 0061397A 8910 MOV DWORD PTR DS:[EAX],EDX + * 0061397C 8D7B 04 LEA EDI,DWORD PTR DS:[EBX+0x4] + * 0061397F 31C0 XOR EAX,EAX + * 00613981 B9 40010000 MOV ECX,0x140 + * 00613986 F3:AB REP STOS DWORD PTR ES:[EDI] + * 00613988 89EC MOV ESP,EBP + * 0061398A 61 POPAD + * 0061398B C3 RETN + * 0061398C 8B8CD6 A8D70500 MOV ECX,DWORD PTR DS:[ESI+EDX*8+0x5D7A8] ; jichi: #2 hook jumped here, execute the original instruction first + * 00613993 8B01 MOV EAX,DWORD PTR DS:[ECX] ; get dword split in ecx + * 00613995 3D 96010000 CMP EAX,0x196 + * 0061399A 74 07 JE SHORT .006139A3 ; translate if split is 0x196 or 0x6e + * 0061399C 83F8 6E CMP EAX,0x6E + * 0061399F 74 02 JE SHORT .006139A3 + * 006139A1 EB 07 JMP SHORT .006139AA + * 006139A3 E8 7AFEFFFF CALL .00613822 + * 006139A8 8B01 MOV EAX,DWORD PTR DS:[ECX] + * 006139AA C3 RETN + * 006139AB 60 PUSHAD + * 006139AC C745 FC A8D70500 MOV DWORD PTR SS:[EBP-0x4],0x5D7A8 + * 006139B3 EB 03 JMP SHORT .006139B8 + * 006139B5 58 POP EAX + * 006139B6 EB 05 JMP SHORT .006139BD + * 006139B8 E8 F8FFFFFF CALL .006139B5 + * 006139BD 2D BD392100 SUB EAX,0x2139BD + * 006139C2 0380 D4020000 ADD EAX,DWORD PTR DS:[EAX+0x2D4] + * 006139C8 B9 00010000 MOV ECX,0x100 + * 006139CD 8D80 00400100 LEA EAX,DWORD PTR DS:[EAX+0x14000] + * 006139D3 8945 F8 MOV DWORD PTR SS:[EBP-0x8],EAX + * 006139D6 8D0401 LEA EAX,DWORD PTR DS:[ECX+EAX] + * 006139D9 8945 F4 MOV DWORD PTR SS:[EBP-0xC],EAX + * 006139DC 8D0401 LEA EAX,DWORD PTR DS:[ECX+EAX] + * 006139DF 8945 F0 MOV DWORD PTR SS:[EBP-0x10],EAX + * 006139E2 8D0401 LEA EAX,DWORD PTR DS:[ECX+EAX] + * 006139E5 8945 EC MOV DWORD PTR SS:[EBP-0x14],EAX + * 006139E8 8D0401 LEA EAX,DWORD PTR DS:[ECX+EAX] + * 006139EB 8945 E8 MOV DWORD PTR SS:[EBP-0x18],EAX + * 006139EE 61 POPAD + * 006139EF C3 RETN + * 006139F0 0000 ADD BYTE PTR DS:[EAX],AL + * 006139F2 0000 ADD BYTE PTR DS:[EAX],AL + * 006139F4 0000 ADD BYTE PTR DS:[EAX],AL + */ +bool InsertEushullyHook() +{ + /* + ULONG addr = MemDbg::findLastCallerAddressAfterInt3((DWORD)::GetTextExtentPoint32A, processStartAddress, processStopAddress); + //GROWL_DWORD(addr); + if (!addr) { + ConsoleOutput("Eushully: failed"); + return false; + } + */ + ULONG lastCaller = 0, + lastCall = 0; + auto fun = [&lastCaller, &lastCall](ULONG caller, ULONG call) -> bool { + lastCaller = caller; + lastCall = call; + return true; // find last caller && call + }; + MemDbg::iterCallerAddressAfterInt3(fun, (ULONG)::GetTextExtentPoint32A, processStartAddress, processStopAddress); + if (!lastCaller) + return false; + + //OtherHook + ULONG thisCaller = 0, + thisCall = 0, + prevCall = 0; + auto fun2 = [&thisCaller, &thisCall, &prevCall](ULONG caller, ULONG call) -> bool { + if (call - prevCall == 133) { // 0x0046e1f8 - 0x0046e173 = 133 + thisCaller = caller; + thisCall = call; + return false; // stop iteration + } + prevCall = call; + return true; // continue iteration + }; + MemDbg::iterCallerAddressAfterInt3(fun2, (ULONG)::GetGlyphOutlineA, processStartAddress, processStopAddress); + // BOOL GetTextExtentPoint32( + // _In_ HDC hdc, + // _In_ LPCTSTR lpString, + // _In_ int c, + // _Out_ LPSIZE lpSize + // ); + enum stack { // current stack + //retaddr = 0 // esp[0] is the return address since this is the beginning of the function + arg1_hdc = 4 * 1 // 0x4 + , arg2_lpString = 4 * 2 // 0x8 + , arg3_lc = 4 * 3 // 0xc + , arg4_lpSize = 4 * 4 // 0x10 + }; + { + enum : DWORD { sig = 0x550010c2 }; + enum { fun_offset = 3 }; + for (auto addr = lastCaller; addr < lastCall; addr++) + if (*(DWORD *)addr == sig) { + lastCaller = addr + fun_offset; + break; + } + } + HookParam hp; + hp.address = lastCaller; + hp.type = USING_STRING|FIXING_SPLIT|EMBED_ABLE|EMBED_BEFORE_SIMPLE|EMBED_AFTER_NEW|EMBED_DYNA_SJIS; // merging all threads + hp.offset = arg2_lpString; // arg2 = 0x4 * 2 + hp.hook_font=F_MultiByteToWideChar|F_GetTextExtentPoint32A|F_GetGlyphOutlineA|F_CreateFontA; + ConsoleOutput("INSERT Eushully"); + bool succ=NewHook(hp, "ARCGameEngine"); + if(thisCaller){ + hp.address = thisCall; + hp.offset=get_stack(6); + succ|=NewHook(hp, "ARCGameEngine_other"); + } + return succ; +} + +bool Eushully::attach_function() { + + return InsertEushullyHook(); +} \ No newline at end of file diff --git a/LunaHook/engine32/Eushully.h b/LunaHook/engine32/Eushully.h new file mode 100644 index 0000000..0aebc8c --- /dev/null +++ b/LunaHook/engine32/Eushully.h @@ -0,0 +1,11 @@ +#include"engine.h" + +class Eushully:public ENGINE{ + public: + Eushully(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"AGERC.DLL";// 6/1/2014 jichi: Eushully, AGE.EXE + }; + bool attach_function(); +}; diff --git a/LunaHook/engine32/Exp.cpp b/LunaHook/engine32/Exp.cpp new file mode 100644 index 0000000..77b434d --- /dev/null +++ b/LunaHook/engine32/Exp.cpp @@ -0,0 +1,229 @@ +#include"Exp.h" + +/** jichi 9/8/2014 EXP, http://www.exp-inc.jp + * Maker: EXP, 5pb + * Sample game: 剣の街�異邦人 + * + * There are three matched memory addresses with SHIFT-JIS. + * The middle one is used as it is aligned with zeros. + * The memory address is fixed. + * + * There are three functions found using hardware breakpoints. + * The last one is used as the first two are looped. + * + * reladdr = 0x138020 + * + * baseaddr = 0x00120000 + * + * 0025801d cc int3 + * 0025801e cc int3 + * 0025801f cc int3 + * 00258020 55 push ebp ; jichi: hook here + * 00258021 8bec mov ebp,esp + * 00258023 8b45 08 mov eax,dword ptr ss:[ebp+0x8] + * 00258026 83ec 08 sub esp,0x8 + * 00258029 85c0 test eax,eax + * 0025802b 0f84 d8000000 je .00258109 + * 00258031 837d 10 00 cmp dword ptr ss:[ebp+0x10],0x0 + * 00258035 0f84 ce000000 je .00258109 + * 0025803b 8b10 mov edx,dword ptr ds:[eax] ; jichi: edx is the text + * 0025803d 8b45 0c mov eax,dword ptr ss:[ebp+0xc] + * 00258040 53 push ebx + * 00258041 56 push esi + * 00258042 c745 f8 00000000 mov dword ptr ss:[ebp-0x8],0x0 + * 00258049 8945 fc mov dword ptr ss:[ebp-0x4],eax + * 0025804c 57 push edi + * 0025804d 8d49 00 lea ecx,dword ptr ds:[ecx] + * 00258050 8a0a mov cl,byte ptr ds:[edx] jichi: text in accessed in edx + * 00258052 8a45 14 mov al,byte ptr ss:[ebp+0x14] + * 00258055 3ac1 cmp al,cl + * 00258057 74 7a je short .002580d3 + * 00258059 8b7d 10 mov edi,dword ptr ss:[ebp+0x10] + * 0025805c 8b5d fc mov ebx,dword ptr ss:[ebp-0x4] + * 0025805f 33f6 xor esi,esi + * 00258061 8bc2 mov eax,edx + * 00258063 80f9 81 cmp cl,0x81 + * 00258066 72 05 jb short .0025806d + * 00258068 80f9 9f cmp cl,0x9f + * 0025806b 76 0a jbe short .00258077 + * 0025806d 80f9 e0 cmp cl,0xe0 + * 00258070 72 1d jb short .0025808f + * 00258072 80f9 fc cmp cl,0xfc + * 00258075 77 18 ja short .0025808f + * 00258077 8b45 fc mov eax,dword ptr ss:[ebp-0x4] + * 0025807a 85c0 test eax,eax + * 0025807c 74 05 je short .00258083 + * 0025807e 8808 mov byte ptr ds:[eax],cl + * 00258080 8d58 01 lea ebx,dword ptr ds:[eax+0x1] + * 00258083 8b7d 10 mov edi,dword ptr ss:[ebp+0x10] + * 00258086 8d42 01 lea eax,dword ptr ds:[edx+0x1] + * 00258089 be 01000000 mov esi,0x1 + * 0025808e 4f dec edi + * 0025808f 85ff test edi,edi + * 00258091 74 36 je short .002580c9 + * 00258093 85db test ebx,ebx + * 00258095 74 04 je short .0025809b + * 00258097 8a08 mov cl,byte ptr ds:[eax] + * 00258099 880b mov byte ptr ds:[ebx],cl + * 0025809b 46 inc esi + * 0025809c 33c0 xor eax,eax + * 0025809e 66:3bc6 cmp ax,si + * 002580a1 7f 47 jg short .002580ea + * 002580a3 0fbfce movsx ecx,si + * 002580a6 03d1 add edx,ecx + * 002580a8 3945 fc cmp dword ptr ss:[ebp-0x4],eax + * 002580ab 74 03 je short .002580b0 + * 002580ad 014d fc add dword ptr ss:[ebp-0x4],ecx + * 002580b0 294d 10 sub dword ptr ss:[ebp+0x10],ecx + * 002580b3 014d f8 add dword ptr ss:[ebp-0x8],ecx + * 002580b6 8a0a mov cl,byte ptr ds:[edx] + * 002580b8 80f9 0a cmp cl,0xa + * 002580bb 74 20 je short .002580dd + * 002580bd 80f9 0d cmp cl,0xd + * 002580c0 74 1b je short .002580dd + * 002580c2 3945 10 cmp dword ptr ss:[ebp+0x10],eax + * 002580c5 ^75 89 jnz short .00258050 + * 002580c7 eb 21 jmp short .002580ea + * 002580c9 85db test ebx,ebx + * 002580cb 74 1d je short .002580ea + * 002580cd c643 ff 00 mov byte ptr ds:[ebx-0x1],0x0 + * 002580d1 eb 17 jmp short .002580ea + * 002580d3 84c0 test al,al + * 002580d5 74 13 je short .002580ea + * 002580d7 42 inc edx + * 002580d8 ff45 f8 inc dword ptr ss:[ebp-0x8] + * 002580db eb 0d jmp short .002580ea + * 002580dd 8a42 01 mov al,byte ptr ds:[edx+0x1] + * 002580e0 42 inc edx + * 002580e1 3c 0a cmp al,0xa + * 002580e3 74 04 je short .002580e9 + * 002580e5 3c 0d cmp al,0xd + * 002580e7 75 01 jnz short .002580ea + * 002580e9 42 inc edx + * 002580ea 8b45 fc mov eax,dword ptr ss:[ebp-0x4] + * 002580ed 5f pop edi + * 002580ee 5e pop esi + * 002580ef 5b pop ebx + * 002580f0 85c0 test eax,eax + * 002580f2 74 09 je short .002580fd + * 002580f4 837d 10 00 cmp dword ptr ss:[ebp+0x10],0x0 + * 002580f8 74 03 je short .002580fd + * 002580fa c600 00 mov byte ptr ds:[eax],0x0 + * 002580fd 8b4d 08 mov ecx,dword ptr ss:[ebp+0x8] + * 00258100 8b45 f8 mov eax,dword ptr ss:[ebp-0x8] + * 00258103 8911 mov dword ptr ds:[ecx],edx + * 00258105 8be5 mov esp,ebp + * 00258107 5d pop ebp + * 00258108 c3 retn + * 00258109 33c0 xor eax,eax + * 0025810b 8be5 mov esp,ebp + * 0025810d 5d pop ebp + * 0025810e c3 retn + * 0025810f cc int3 + * + * Stack: + * 0f14f87c 00279177 return to .00279177 from .00258020 + * 0f14f880 0f14f8b0 ; arg1 address of the text's pointer + * 0f14f884 0f14f8c0 ; arg2 pointed to zero, maybe a buffer + * 0f14f888 00000047 ; arg3 it is zero if no text, this value might be text size + 1 + * 0f14f88c ffffff80 ; constant, used as split + * 0f14f890 005768c8 .005768c8 + * 0f14f894 02924340 ; text is at 02924350 + * 0f14f898 00000001 ; this might also be a good split + * 0f14f89c 1b520020 + * 0f14f8a0 00000000 + * 0f14f8a4 00000000 + * 0f14f8a8 029245fc + * 0f14f8ac 0004bfd3 + * 0f14f8b0 0f14fae0 + * 0f14f8b4 00000000 + * 0f14f8b8 00000000 + * 0f14f8bc 02924340 + * 0f14f8c0 00000000 + * + * Registers: + * eax 0f14f8c0 ; floating at runtime + * ecx 0f14f8b0; floating at runtime + * edx 00000000 + * ebx 0f14fae0; floating at runtime + * esp 0f14f87c; floating at runtime + * ebp 0f14facc; floating at runtime + * esi 00000047 + * edi 02924340 ; text is in 02924350 + * eip 00258020 .00258020 + * + * Memory access pattern: + * For long sentences, it first render the first line, then the second line, and so on. + * So, the second line is a subtext of the entire dialog. + */ +static void SpecialHookExp(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) +{ + static DWORD lasttext; + // 00258020 55 push ebp ; jichi: hook here + // 00258021 8bec mov ebp,esp + // 00258023 8b45 08 mov eax,dword ptr ss:[ebp+0x8] ; jichi: move arg1 to eax + // 00258029 85c0 test eax,eax ; check if text is null + // 0025802b 0f84 d8000000 je .00258109 + // 00258031 837d 10 00 cmp dword ptr ss:[ebp+0x10],0x0 ; jichi: compare 0 with arg3, which is size+1 + // 00258035 0f84 ce000000 je .00258109 + // 0025803b 8b10 mov edx,dword ptr ds:[eax] ; move text address to edx + DWORD arg1 = stack->stack[1], // mov eax,dword ptr ss:[ebp+0x8] + arg3 = stack->stack[3]; // size - 1 + if (arg1 && arg3) + if (DWORD text = *(DWORD *)arg1) + if (!(text > lasttext && text < lasttext + VNR_TEXT_CAPACITY)) { // text is not a subtext of lastText + *data = lasttext = text; // mov edx,dword ptr ds:[eax] + //*len = arg3 - 1; // the last char is the '\0', so -1, but this value is not reliable + *len = ::strlen((LPCSTR)text); + // Registers are not used as split as all of them are floating at runtime + //*split = argof(4, esp_base); // arg4, always -8, this will merge all threads and result in repetition + *split = stack->stack[7]; // reduce repetition, but still have sub-text repeat + } +} +bool InsertExpHook() +{ + const BYTE bytes[] = { + 0x55, // 00258020 55 push ebp ; jichi: hook here, function starts, text in [arg1], size+1 in arg3 + 0x8b,0xec, // 00258021 8bec mov ebp,esp + 0x8b,0x45, 0x08, // 00258023 8b45 08 mov eax,dword ptr ss:[ebp+0x8] + 0x83,0xec, 0x08, // 00258026 83ec 08 sub esp,0x8 + 0x85,0xc0, // 00258029 85c0 test eax,eax + 0x0f,0x84, XX4, // 0025802b 0f84 d8000000 je .00258109 + 0x83,0x7d, 0x10, 0x00, // 00258031 837d 10 00 cmp dword ptr ss:[ebp+0x10],0x0 + 0x0f,0x84, XX4, // 00258035 0f84 ce000000 je .00258109 + 0x8b,0x10, // 0025803b 8b10 mov edx,dword ptr ds:[eax] ; jichi: edx is the text + 0x8b,0x45, 0x0c, // 0025803d 8b45 0c mov eax,dword ptr ss:[ebp+0xc] + 0x53, // 00258040 53 push ebx + 0x56, // 00258041 56 push esi + 0xc7,0x45, 0xf8, 0x00,0x00,0x00,0x00, // 00258042 c745 f8 00000000 mov dword ptr ss:[ebp-0x8],0x0 + 0x89,0x45, 0xfc, // 00258049 8945 fc mov dword ptr ss:[ebp-0x4],eax + 0x57, // 0025804c 57 push edi + 0x8d,0x49, 0x00, // 0025804d 8d49 00 lea ecx,dword ptr ds:[ecx] + 0x8a,0x0a // 00258050 8a0a mov cl,byte ptr ds:[edx] ; jichi: text accessed in edx + }; + enum { addr_offset = 0 }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + //GROWL_DWORD(addr); + if (!addr) { + ConsoleOutput("EXP: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr + addr_offset; + hp.type = NO_CONTEXT|USING_STRING; // NO_CONTEXT to get rid of floating address + hp.text_fun = SpecialHookExp; + ConsoleOutput("INSERT EXP"); + + + ConsoleOutput("EXP: disable GDI hooks"); // There are no GDI functions hooked though + + return NewHook(hp, "EXP"); // FIXME: text displayed line by line +} + + +bool Exp::attach_function() { + + return InsertExpHook(); +} \ No newline at end of file diff --git a/LunaHook/engine32/Exp.h b/LunaHook/engine32/Exp.h new file mode 100644 index 0000000..5507c3e --- /dev/null +++ b/LunaHook/engine32/Exp.h @@ -0,0 +1,11 @@ +#include"engine.h" + +class Exp:public ENGINE{ + public: + Exp(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"model\\*.hed"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/FVP.cpp b/LunaHook/engine32/FVP.cpp new file mode 100644 index 0000000..7b84d47 --- /dev/null +++ b/LunaHook/engine32/FVP.cpp @@ -0,0 +1,533 @@ +#include"engine32/FVP.h" + +namespace { // unnamed +namespace ScenarioHook { +namespace Private { + /** + * FIXME: Scenario/name/history text cannot be distinguished + * + * Sample game: 紅い瞳に映るセカイ + * + * Scenario: + * + * 0012FD44 0043CB56 RETURN to .0043CB56 from .00433610 + * 0012FD48 0B711390 + * 0012FD4C 024FE43C + * 0012FD50 02541120 + * 0012FD54 024FEC50 + * 0012FD58 00000000 + * 0012FD5C 024FE43C + * 0012FD60 0044598E RETURN to .0044598E + * 0012FD64 024FE53C + * 0012FD68 00000001 + * 0012FD6C 024FE43C + * + * EAX 0000000E + * ECX 01B99750 + * EDX 0B711391 + * EBX 01E7047C + * ESP 0012FD44 + * EBP 01B99750 + * ESI 0B711390 + * EDI 024FE53C + * EIP 00433610 .00433610 + * + * ecx: + * 01B99750 F4 D8 45 00 A8 D5 45 00 A0 2B 8E 0A 00 00 00 00 E.ィユE.+・.... + * 01B99760 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 01B99770 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 01B99780 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * + * [ecx+8] + * 0A8E2BA0 B0 51 A6 63 C0 83 4C 04 15 00 00 00 03 00 00 00 ーQヲcタキ...... + * 0A8E2BB0 00 00 00 0C 02 00 00 00 00 00 00 00 00 00 00 00 ............... + * 0A8E2BC0 00 04 00 00 80 00 00 00 00 00 00 00 00 00 00 00 ...€........... + * 0A8E2BD0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * + * 0012FD44 0043CB56 RETURN to .0043CB56 from .00433610 + * 0012FD48 0B6CE660 + * 0012FD4C 024FE43C + * 0012FD50 02541120 + * 0012FD54 024FEC50 + * 0012FD58 00000000 + * 0012FD5C 024FE43C + * 0012FD60 0044598E RETURN to .0044598E + * 0012FD64 024FE53C + * 0012FD68 00000001 + * 0012FD6C 024FE43C + * 0012FD70 00597669 d3dx9_31.00597669 + * 0012FD74 00000000 + * 0012FD78 004454D2 RETURN to .004454D2 + * 0012FD7C 01E7047C + * 0012FD80 0043F67F RETURN to .0043F67F from .00445440 + * 0012FD84 76F32EB2 user32.PeekMessageA + * 0012FD88 76F52B5A user32.TranslateAcceleratorA + * 0012FD8C 76F366E3 user32.IsIconic + * + * 0B6D9118 06 06 07 07 07 07 08 08 07 08 09 0A 0A 08 09 09 ..... + * 0B6D9128 37 5F 7C 3B E8 B7 02 00 D8 FF 61 02 30 8C 70 0B 7_|;霍.リa0継 + * 0B6D9138 35 5E 75 31 EF B7 02 08 98 7C 58 02 20 2F B9 01 5^u1・・X /ケ + * 0B6D9148 0B 00 00 00 C0 D0 E0 F0 A8 9A C7 23 00 00 00 8D ...タミ瑩ィ塢#...・ + * 0B6D9158 81 40 82 BB 82 CC 83 79 81 5B 83 57 82 AA 82 CF  そのページがぱ + * 0B6D9168 82 E7 82 CF 82 E7 82 C6 97 AC 82 B3 82 EA 82 E9 らぱらと流される + * 0B6D9178 81 42 00 00 00 00 00 00 B2 9A C7 23 00 00 00 8D 。......イ塢#...・ + * + * 0B6D9188 81 40 82 BB 82 CC 83 79 81 5B 83 57 82 AA 82 CF  そのページがぱ + * 0B6D9198 82 E7 82 CF 82 E7 82 C6 97 AC 82 B3 82 EA 82 E9 らぱらと流される + * 0B6D91A8 81 42 00 00 00 00 00 00 B4 9A C7 23 00 00 00 80 。......エ塢#...€ + * 0B6D91B8 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ............... + * 0B6D91C8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 0B6D91D8 00 00 00 00 00 00 00 00 BE 9A C7 23 00 00 00 80 ........セ塢#...€ + * 0B6D91E8 1A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ............... + * 0B6D91F8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 0B6D9208 00 00 00 00 00 00 00 00 C0 9A C7 23 00 00 00 80 ........タ塢#...€ + * 0B6D9218 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ............... + * 0B6D9228 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 0B6D9238 00 00 00 00 00 00 00 00 CA 9A C7 23 00 00 00 80 ........ハ塢#...€ + * 0B6D9248 26 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 &............... + * 0B6D9258 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 0B6D9268 00 00 00 00 00 00 00 00 CC 9A C7 23 00 00 00 80 ........フ塢#...€ + * + * History: + * + * 0012FD44 0043CB56 RETURN to .0043CB56 from .00433610 + * 0012FD48 0B7113D8 + * 0012FD4C 024FE43C + * 0012FD50 02541120 + * 0012FD54 024FEC50 + * 0012FD58 00000000 + * 0012FD5C 024FE43C + * 0012FD60 0044598E RETURN to .0044598E + * 0012FD64 024FE5CC + * 0012FD68 00000001 + * 0012FD6C 024FE43C + * + * 0B6D9118 06 06 07 07 07 07 08 08 07 08 09 0A 0A 08 09 09 ..... + * 0B6D9128 37 5F 7C 3B E8 B7 02 00 D8 FF 61 02 30 8C 70 0B 7_|;霍.リa0継 + * 0B6D9138 35 5E 75 31 EF B7 02 08 98 7C 58 02 20 2F B9 01 5^u1・・X /ケ + * 0B6D9148 0B 00 00 00 C0 D0 E0 F0 A8 9A C7 23 00 00 00 8D ...タミ瑩ィ塢#...・ + * 0B6D9158 81 40 82 BB 82 CC 83 79 81 5B 83 57 82 AA 82 CF  そのページがぱ + * 0B6D9168 82 E7 82 CF 82 E7 82 C6 97 AC 82 B3 82 EA 82 E9 らぱらと流される + * 0B6D9178 81 42 00 00 00 00 00 00 B2 9A C7 23 00 00 00 8D 。......イ塢#...・ + * 0B6D9188 81 40 82 BB 82 CC 83 79 81 5B 83 57 82 AA 82 CF  そのページがぱ + * 0B6D9198 82 E7 82 CF 82 E7 82 C6 97 AC 82 B3 82 EA 82 E9 らぱらと流される + * 0B6D91A8 81 42 00 00 00 00 00 00 B4 9A C7 23 00 00 00 8A 。......エ塢#...・ + * 0B6D91B8 01 00 40 81 BB 82 CC 82 79 83 5B 81 57 83 AA 82 .@⊇のZゼ仝Μ・ + * 0B6D91C8 CF 82 E7 82 CF 82 E7 82 C6 82 AC 97 B3 82 EA 82 マらぱらとぎ竜れ・ + * 0B6D91D8 E9 82 42 81 7E 00 00 00 BE 9A C7 23 00 00 00 8D 驍B×...セ塢#...・ + * 0B6D91E8 81 40 82 BB 82 CC 83 79 81 5B 83 57 82 AA 82 CF  そのページがぱ + * 0B6D91F8 82 E7 82 CF 82 E7 82 C6 97 AC 82 B3 82 EA 82 E9 らぱらと流される + * 0B6D9208 81 42 00 00 00 00 00 00 C0 9A C7 23 00 00 00 8D 。......タ塢#...・ + * + * 0B6D9218 81 40 82 BB 82 CC 83 79 81 5B 83 57 82 AA 82 CF  そのページがぱ + * 0B6D9228 82 E7 82 CF 82 E7 82 C6 97 AC 82 B3 82 EA 82 E9 らぱらと流される + * 0B6D9238 81 42 00 00 00 00 00 00 CA 9A C7 23 00 00 00 80 。......ハ塢#...€ + * 0B6D9248 26 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 &............... + * 0B6D9258 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 0B6D9268 00 00 00 00 00 00 00 00 CC 9A C7 23 00 00 00 80 ........フ塢#...€ + * + * ecx: + * 02536A88 F4 D8 45 00 A8 D5 45 00 80 39 2F 04 00 00 00 00 E.ィユE.€9/.... + * 02536A98 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 02536AA8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 02536AB8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * + * [ecx+8] + * 042F3980 B0 51 A6 63 A0 1A E2 09 15 00 00 00 03 00 00 00 ーQヲc・...... + * 042F3990 00 00 00 0C 02 00 00 00 00 00 00 00 00 00 00 00 ............... + * 042F39A0 00 04 00 00 80 00 00 00 00 00 00 00 00 00 00 00 ...€........... + * 042F39B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 042F39C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * + * EAX 0000000E + * ECX 02537740 + * EDX 0B7113D9 + * EBX 01E7047C + * ESP 0012FD44 + * EBP 02537740 + * ESI 0B7113D8 + * EDI 024FE5CC + * EIP 00433610 .00433610 + * + * 0012FD44 0043CB56 RETURN to .0043CB56 from .00433610 + * 0012FD48 0B6CEA20 + * 0012FD4C 024FE43C + * 0012FD50 02541120 + * 0012FD54 024FEC50 + * 0012FD58 00000000 + * 0012FD5C 024FE43C + * 0012FD60 0044598E RETURN to .0044598E + * 0012FD64 024FE5CC + * 0012FD68 00000001 + * 0012FD6C 024FE43C + * 0012FD70 005A44DE d3dx9_31.005A44DE + * 0012FD74 00000000 + * 0012FD78 004454D2 RETURN to .004454D2 + * 0012FD7C 01E7047C + * 0012FD80 0043F67F RETURN to .0043F67F from .00445440 + * 0012FD84 76F32EB2 user32.PeekMessageA + * 0012FD88 76F52B5A user32.TranslateAcceleratorA + * 0012FD8C 76F366E3 user32.IsIconic + * + * Config message: + * + * 0012FD44 0043CB56 RETURN to .0043CB56 from .00433610 + * 0012FD48 026A1180 + * 0012FD4C 02508B94 + * 0012FD50 02541120 + * 0012FD54 025093A8 + * 0012FD58 00000000 + * 0012FD5C 02508B94 + * 0012FD60 0044598E RETURN to .0044598E + * 0012FD64 02508BA4 + * 0012FD68 00000001 + * 0012FD6C 02508B94 + * 0012FD70 005AC45E d3dx9_31.005AC45E + * 0012FD74 00000000 + * 0012FD78 004454D2 RETURN to .004454D2 + * 0012FD7C 01E7047C + * 0012FD80 0043F67F RETURN to .0043F67F from .00445440 + * 0012FD84 76F32EB2 user32.PeekMessageA + * 0012FD88 76F52B5A user32.TranslateAcceleratorA + * 0012FD8C 76F366E3 user32.IsIconic + * + * EAX 0000001E + * ECX 0253A4F8 + * EDX 026A1181 + * EBX 01E7047C + * ESP 0012FD44 + * EBP 0253A4F8 + * ESI 026A1180 + * EDI 02508BA4 + * EIP 00433610 .00433610 + * + * ecx: + * 0253A4F8 F4 D8 45 00 A8 D5 45 00 00 D4 2F 04 00 00 00 00 E.ィユE..ヤ/.... + * 0253A508 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 0253A518 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 0253A528 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * + * [ecx+8] + * 042FD400 B0 51 A6 63 C0 18 E2 09 15 00 00 00 03 00 00 00 ーQヲcタ・...... + * 042FD410 00 00 00 0C 02 00 00 00 00 00 00 00 00 00 00 00 ............... + * 042FD420 00 02 00 00 20 00 00 00 00 00 00 00 00 00 00 00 ... ........... + * 042FD430 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * + * 026A1160 25 07 4F 11 08 00 10 FE 0C 0A 1D 0C 01 1A 05 04 %O.... + * 026A1170 04 01 00 00 0C 01 07 90 11 08 00 0F 7C 05 0E 1F ...・.| + * + * 026A1180 83 81 83 62 83 5A 81 5B 83 57 91 AC 93 78 83 54 メッセージ速度サ + * 026A1190 83 93 83 76 83 8B 83 65 83 4C 83 58 83 67 00 03 ンプルテキスト. + * 026A11A0 7B 00 03 85 00 0F 7C 05 03 6F 00 06 54 11 08 00 {.・|o.T. + * + */ + // bool hookBefore(winhook::hook_stack *s) + // { + // static std::string data_; // persistent storage, which makes this function not thread-safe + // LPCSTR text = (LPCSTR)s->stack[1]; // arg1 + // if (!text || !*text) + // return true; + // //auto role = Engine::OtherRole; + // //if (text[-2] == 0 && text[-3] == 0 && text[-4] == 0) // 234 should be zero for text on the heap? + // // role = Engine::ScenarioRole; + // auto role = Engine::ScenarioRole; + + // auto retaddr = s->stack[0]; // retaddr, there is only one retaddr anyway + // //auto split = s->ecx; + // //if (Engine::isAddressReadable(split)) + // // split = *(DWORD *)(split + 8); + // auto sig = Engine::hashThreadSignature(role, retaddr); + // data_ = EngineController::instance()->dispatchTextASTD(text, role, sig); + // s->stack[1] = (ULONG)data_.c_str(); // reset arg1 + // return true; + // } +} // namespace Private + +/** jichi 7/28/2015 + * Sample game: 紅い瞳に映るセカイ + * Text can also be extracted in both GetGlyphOutlineA and lstrlenA + * See also: http://capita.tistory.com/m/post/267 + * + * 0043360E CC INT3 + * 0043360F CC INT3 + * 00433610 83EC 0C SUB ESP,0xC + * 00433613 55 PUSH EBP + * 00433614 56 PUSH ESI + * 00433615 57 PUSH EDI + * 00433616 8BF9 MOV EDI,ECX + * 00433618 8D4424 0C LEA EAX,DWORD PTR SS:[ESP+0xC] + * 0043361C 8DB7 74050000 LEA ESI,DWORD PTR DS:[EDI+0x574] + * 00433622 50 PUSH EAX + * 00433623 8BCE MOV ECX,ESI + * 00433625 897C24 18 MOV DWORD PTR SS:[ESP+0x18],EDI + * 00433629 C74424 10 010000>MOV DWORD PTR SS:[ESP+0x10],0x1 + * 00433631 E8 8AEFFFFF CALL .004325C0 + * 00433636 8D8F 90050000 LEA ECX,DWORD PTR DS:[EDI+0x590] + * 0043363C 51 PUSH ECX + * 0043363D 8D8F B8050000 LEA ECX,DWORD PTR DS:[EDI+0x5B8] + * 00433643 E8 E8EFFFFF CALL .00432630 + * 00433648 8B6C24 1C MOV EBP,DWORD PTR SS:[ESP+0x1C] + * 0043364C 8A45 00 MOV AL,BYTE PTR SS:[EBP] + * 0043364F 84C0 TEST AL,AL + * 00433651 0F84 8C000000 JE .004336E3 + * 00433657 53 PUSH EBX + * 00433658 EB 06 JMP SHORT .00433660 + * 0043365A 8D9B 00000000 LEA EBX,DWORD PTR DS:[EBX] + * 00433660 66:0FB6D0 MOVZX DX,AL + * 00433664 0FB7DA MOVZX EBX,DX + * 00433667 0FB7C3 MOVZX EAX,BX + * 0043366A 50 PUSH EAX + * 0043366B 895C24 24 MOV DWORD PTR SS:[ESP+0x24],EBX + * 0043366F 45 INC EBP + * 00433670 E8 DA4D0100 CALL .0044844F + * 00433675 83C4 04 ADD ESP,0x4 + * 00433678 85C0 TEST EAX,EAX + * 0043367A 74 13 JE SHORT .0043368F + * 0043367C 66:0FB64D 00 MOVZX CX,BYTE PTR SS:[EBP] + * 00433681 C1E3 08 SHL EBX,0x8 + * 00433684 66:0BD9 OR BX,CX + * 00433687 0FB7DB MOVZX EBX,BX + * 0043368A 895C24 20 MOV DWORD PTR SS:[ESP+0x20],EBX + * 0043368E 45 INC EBP + * 0043368F 8B4E 0C MOV ECX,DWORD PTR DS:[ESI+0xC] + * 00433692 85C9 TEST ECX,ECX + * 00433694 75 04 JNZ SHORT .0043369A + * 00433696 33C0 XOR EAX,EAX + * 00433698 EB 07 JMP SHORT .004336A1 + * 0043369A 8B46 14 MOV EAX,DWORD PTR DS:[ESI+0x14] + * 0043369D 2BC1 SUB EAX,ECX + * 0043369F D1F8 SAR EAX,1 + * 004336A1 8B7E 10 MOV EDI,DWORD PTR DS:[ESI+0x10] + * 004336A4 8BD7 MOV EDX,EDI + * 004336A6 2BD1 SUB EDX,ECX + * 004336A8 D1FA SAR EDX,1 + * 004336AA 3BD0 CMP EDX,EAX + * 004336AC 73 0B JNB SHORT .004336B9 + * 004336AE 66:891F MOV WORD PTR DS:[EDI],BX + * 004336B1 83C7 02 ADD EDI,0x2 + * 004336B4 897E 10 MOV DWORD PTR DS:[ESI+0x10],EDI + * 004336B7 EB 1E JMP SHORT .004336D7 + * 004336B9 3BCF CMP ECX,EDI + * 004336BB 76 05 JBE SHORT .004336C2 + * 004336BD E8 644A0100 CALL .00448126 + * 004336C2 8B06 MOV EAX,DWORD PTR DS:[ESI] + * 004336C4 8D4C24 20 LEA ECX,DWORD PTR SS:[ESP+0x20] + * 004336C8 51 PUSH ECX + * 004336C9 57 PUSH EDI + * 004336CA 50 PUSH EAX + * 004336CB 8D5424 1C LEA EDX,DWORD PTR SS:[ESP+0x1C] + * 004336CF 52 PUSH EDX + * 004336D0 8BCE MOV ECX,ESI + * 004336D2 E8 F9E8FFFF CALL .00431FD0 + * 004336D7 8A45 00 MOV AL,BYTE PTR SS:[EBP] + * 004336DA 84C0 TEST AL,AL + * 004336DC ^75 82 JNZ SHORT .00433660 + * 004336DE 8B7C24 18 MOV EDI,DWORD PTR SS:[ESP+0x18] + * 004336E2 5B POP EBX + * 004336E3 8D4424 1C LEA EAX,DWORD PTR SS:[ESP+0x1C] + * 004336E7 50 PUSH EAX + * 004336E8 8BCE MOV ECX,ESI + * 004336EA C74424 20 7E0000>MOV DWORD PTR SS:[ESP+0x20],0x7E + * 004336F2 E8 C9EEFFFF CALL .004325C0 + * 004336F7 6A 01 PUSH 0x1 + * 004336F9 6A 00 PUSH 0x0 + * 004336FB 6A 00 PUSH 0x0 + * 004336FD 8BCF MOV ECX,EDI + * 004336FF E8 5CF4FFFF CALL .00432B60 + * 00433704 5F POP EDI + * 00433705 5E POP ESI + * 00433706 5D POP EBP + * 00433707 83C4 0C ADD ESP,0xC + * 0043370A C2 0400 RETN 0x4 + * 0043370D CC INT3 + * 0043370E CC INT3 + * 0043370F CC INT3 + * + * Sample game: 星空のメモリア + * 0042EAAD CC INT3 + * 0042EAAE CC INT3 + * 0042EAAF CC INT3 + * 0042EAB0 83EC 0C SUB ESP,0xC + * 0042EAB3 55 PUSH EBP + * 0042EAB4 56 PUSH ESI + * 0042EAB5 57 PUSH EDI + * 0042EAB6 8BF9 MOV EDI,ECX + * 0042EAB8 8D4424 0C LEA EAX,DWORD PTR SS:[ESP+0xC] + * 0042EABC 8DB7 A4000000 LEA ESI,DWORD PTR DS:[EDI+0xA4] + * 0042EAC2 50 PUSH EAX + * 0042EAC3 8BCE MOV ECX,ESI + * 0042EAC5 897C24 18 MOV DWORD PTR SS:[ESP+0x18],EDI + * 0042EAC9 C74424 10 010000>MOV DWORD PTR SS:[ESP+0x10],0x1 + * 0042EAD1 E8 5AF2FFFF CALL .0042DD30 + * 0042EAD6 8D8F B8000000 LEA ECX,DWORD PTR DS:[EDI+0xB8] + * 0042EADC 51 PUSH ECX + * 0042EADD 8D8F E0000000 LEA ECX,DWORD PTR DS:[EDI+0xE0] + * 0042EAE3 E8 B8F2FFFF CALL .0042DDA0 + * 0042EAE8 8B6C24 1C MOV EBP,DWORD PTR SS:[ESP+0x1C] + * 0042EAEC 8A45 00 MOV AL,BYTE PTR SS:[EBP] + * 0042EAEF 84C0 TEST AL,AL + * 0042EAF1 0F84 96000000 JE .0042EB8D + * 0042EAF7 53 PUSH EBX + * 0042EAF8 EB 06 JMP SHORT .0042EB00 + * 0042EAFA 8D9B 00000000 LEA EBX,DWORD PTR DS:[EBX] + * 0042EB00 66:0FB6D0 MOVZX DX,AL + * 0042EB04 0FB7DA MOVZX EBX,DX + * 0042EB07 0FB7C3 MOVZX EAX,BX + * 0042EB0A 50 PUSH EAX + * 0042EB0B 895C24 24 MOV DWORD PTR SS:[ESP+0x24],EBX + * 0042EB0F 83C5 01 ADD EBP,0x1 + * 0042EB12 E8 22430100 CALL .00442E39 + * 0042EB17 83C4 04 ADD ESP,0x4 + * 0042EB1A 85C0 TEST EAX,EAX + * 0042EB1C 74 11 JE SHORT .0042EB2F + * 0042EB1E 33C9 XOR ECX,ECX + * 0042EB20 8AEB MOV CH,BL + * 0042EB22 83C5 01 ADD EBP,0x1 + * 0042EB25 8A4D FF MOV CL,BYTE PTR SS:[EBP-0x1] + * 0042EB28 0FB7D9 MOVZX EBX,CX + * 0042EB2B 895C24 20 MOV DWORD PTR SS:[ESP+0x20],EBX + * 0042EB2F 8B56 04 MOV EDX,DWORD PTR DS:[ESI+0x4] + * 0042EB32 85D2 TEST EDX,EDX + * 0042EB34 75 04 JNZ SHORT .0042EB3A + * 0042EB36 33C9 XOR ECX,ECX + * 0042EB38 EB 07 JMP SHORT .0042EB41 + * 0042EB3A 8B4E 08 MOV ECX,DWORD PTR DS:[ESI+0x8] + * 0042EB3D 2BCA SUB ECX,EDX + * 0042EB3F D1F9 SAR ECX,1 + * 0042EB41 85D2 TEST EDX,EDX + * 0042EB43 74 19 JE SHORT .0042EB5E + * 0042EB45 8B46 0C MOV EAX,DWORD PTR DS:[ESI+0xC] + * 0042EB48 2BC2 SUB EAX,EDX + * 0042EB4A D1F8 SAR EAX,1 + * 0042EB4C 3BC8 CMP ECX,EAX + * 0042EB4E 73 0E JNB SHORT .0042EB5E + * 0042EB50 8B46 08 MOV EAX,DWORD PTR DS:[ESI+0x8] + * 0042EB53 66:8918 MOV WORD PTR DS:[EAX],BX + * 0042EB56 83C0 02 ADD EAX,0x2 + * 0042EB59 8946 08 MOV DWORD PTR DS:[ESI+0x8],EAX + * 0042EB5C EB 23 JMP SHORT .0042EB81 + * 0042EB5E 8B7E 08 MOV EDI,DWORD PTR DS:[ESI+0x8] + * 0042EB61 3BD7 CMP EDX,EDI + * 0042EB63 76 05 JBE SHORT .0042EB6A + * 0042EB65 E8 6E420100 CALL .00442DD8 + * 0042EB6A 8D5424 20 LEA EDX,DWORD PTR SS:[ESP+0x20] + * 0042EB6E 52 PUSH EDX + * 0042EB6F 57 PUSH EDI + * 0042EB70 56 PUSH ESI + * 0042EB71 8D4424 1C LEA EAX,DWORD PTR SS:[ESP+0x1C] + * 0042EB75 50 PUSH EAX + * 0042EB76 8BCE MOV ECX,ESI + * 0042EB78 E8 83ECFFFF CALL .0042D800 + * 0042EB7D 8B7C24 18 MOV EDI,DWORD PTR SS:[ESP+0x18] + * 0042EB81 8A45 00 MOV AL,BYTE PTR SS:[EBP] + * 0042EB84 84C0 TEST AL,AL + * 0042EB86 ^0F85 74FFFFFF JNZ .0042EB00 + * 0042EB8C 5B POP EBX + * 0042EB8D 8D4C24 1C LEA ECX,DWORD PTR SS:[ESP+0x1C] + * 0042EB91 51 PUSH ECX + * 0042EB92 8BCE MOV ECX,ESI + * 0042EB94 C74424 20 7E0000>MOV DWORD PTR SS:[ESP+0x20],0x7E + * 0042EB9C E8 8FF1FFFF CALL .0042DD30 + * 0042EBA1 6A 01 PUSH 0x1 + * 0042EBA3 6A 00 PUSH 0x0 + * 0042EBA5 6A 00 PUSH 0x0 + * 0042EBA7 8BCF MOV ECX,EDI + * 0042EBA9 E8 72F4FFFF CALL .0042E020 + * 0042EBAE 5F POP EDI + * 0042EBAF 5E POP ESI + * 0042EBB0 5D POP EBP + * 0042EBB1 83C4 0C ADD ESP,0xC + * 0042EBB4 C2 0400 RETN 0x4 + * 0042EBB7 CC INT3 + * 0042EBB8 CC INT3 + * 0042EBB9 CC INT3 + * 0042EBBA CC INT3 + * 0042EBBB CC INT3 + * 0042EBBC CC INT3 + */ +bool attach(ULONG startAddress, ULONG stopAddress) +{ + const uint8_t bytes[] = { + 0x53, // 00433657 53 push ebx + 0xeb, 0x06, // 00433658 eb 06 jmp short .00433660 + 0x8d,0x9b, 0x00,0x00,0x00,0x00 // 0043365a 8d9b 00000000 lea ebx,dword ptr ds:[ebx] + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if (!addr) + return false; + + // 0042EAAD CC INT3 + // 0042EAAE CC INT3 + // 0042EAAF CC INT3 + // 0042EAB0 83EC 0C SUB ESP,0xC + // 0042EAB3 55 PUSH EBP + // 0042EAB4 56 PUSH ESI + // + // 00433657 - 00433610 = 71, function not aligned + addr = MemDbg::findEnclosingFunctionBeforeDword(0x550cec83, addr, MemDbg::MaximumFunctionSize, 1); // step = 1 + //addr = MemDbg::findEnclosingAlignedFunction(addr); // does not work + //addr = MemDbg::findEnclosingFunctionAfterInt3(addr); // does not work as there is not enough int3 + if (!addr) + return false; + HookParam hp; + hp.address=addr; + hp.offset=get_stack(1); + hp.type=USING_STRING|EMBED_ABLE|EMBED_AFTER_NEW|EMBED_BEFORE_SIMPLE|EMBED_DYNA_SJIS; + hp.hook_font=F_DrawTextA|F_GetGlyphOutlineA; + hp.filter_fun=[](void* data, size_t* len, HookParam* hp){ + + static std::regex rx("\\[.+\\|(.+?)\\]"); + auto x= std::regex_replace(std::string((LPSTR)data,*len), rx, "$1"); + strcpy((LPSTR)data,x.c_str()); + *len=x.size();return true; +}; + + return NewHook(hp,"EmbedFVP"); +} +} // namespace ScenarioHook +} // unnamed namespace + +/** Public class */ + +bool FVP::attach_function() +{ + ULONG startAddress, stopAddress; + + if (!ScenarioHook::attach(processStartAddress, processStopAddress)) + return false; + // HijackManager::instance()->attachFunction((ULONG)::GetGlyphOutlineA); // for new game: 紅い瞳に映るセカイ + // HijackManager::instance()->attachFunction((ULONG)::DrawTextA); // for old game: 星空のメモリア + //HijackManager::instance()->attachFunction((ULONG)::CreateFontA); + return true; +} + +/** + * Get rid of ruby. Examples: + * [まぶた|瞼]を閉じた。 + */ +//QString FVPEngine::rubyCreate(const QString &rb, const QString &rt) +//{ +// static QString fmt = "[%2|%1]"; +// return fmt.arg(rb, rt); +//} +// +//// Remove furigana in scenario thread. +//QString FVPEngine::rubyRemove(const QString &text) +//{ +// if (!text.contains('|')) +// return text; +// static QRegExp rx("\\[.+\\|(.+)\\]"); +// if (!rx.isMinimal()) +// rx.setMinimal(true); +// return QString(text).replace(rx, "\\1"); +//} + +// std::wstring FVPEngine::rubyRemove(const std::wstring& text) +// { +// if (text.find(L'|') == std::wstring::npos) +// return text; +// static std::wregex rx(L"\\[.+\\|(.+?)\\]"); +// return std::regex_replace(text, rx, L"$1"); +// } + +// EOF diff --git a/LunaHook/engine32/FVP.h b/LunaHook/engine32/FVP.h new file mode 100644 index 0000000..0bffdfb --- /dev/null +++ b/LunaHook/engine32/FVP.h @@ -0,0 +1,11 @@ +#include"engine.h" + +class FVP:public ENGINE{ + public: + FVP(){ + is_engine_certain=false; + check_by=CHECK_BY::FILE; + check_by_target=L"*.hcb"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/FocasLens.cpp b/LunaHook/engine32/FocasLens.cpp new file mode 100644 index 0000000..274cba0 --- /dev/null +++ b/LunaHook/engine32/FocasLens.cpp @@ -0,0 +1,147 @@ +#include"FocasLens.h" + + +/** jichi 2/6/2015 FocasLens (Touhou) + * Sample game: [141227] [FocasLens] 幻想人形演� + * + * Debugging method: + * 1. Find first matched text, which has stable address + * 2. Insert WRITE hw break point + * 3. Find where the text is assigned + * + * The game also invokes GDI functions (GetGlyphOutlineA), where the access is cached and looped. + * + * Issues: + * - This hook cannot find name thread + * - Selected character name is hard-coded to the thread + * + * 001faaed cc int3 + * 001faaee cc int3 + * 001faaef cc int3 + * 001faaf0 55 push ebp + * 001faaf1 8bec mov ebp,esp + * 001faaf3 51 push ecx + * 001faaf4 53 push ebx + * 001faaf5 56 push esi + * 001faaf6 57 push edi + * 001faaf7 8bf0 mov esi,eax + * 001faaf9 e8 98281500 call .0034d396 + * 001faafe 50 push eax + * 001faaff a1 b08bb100 mov eax,dword ptr ds:[0xb18bb0] + * 001fab04 03c6 add eax,esi + * 001fab06 50 push eax + * 001fab07 e8 9b241500 call .0034cfa7 + * 001fab0c 8b0d e88bb100 mov ecx,dword ptr ds:[0xb18be8] + * 001fab12 8b3d b08bb100 mov edi,dword ptr ds:[0xb18bb0] + * 001fab18 83c1 f7 add ecx,-0x9 + * 001fab1b 83c4 08 add esp,0x8 + * 001fab1e 8bd8 mov ebx,eax + * 001fab20 390d ec8bb100 cmp dword ptr ds:[0xb18bec],ecx + * 001fab26 7c 65 jl short .001fab8d + * 001fab28 803c37 20 cmp byte ptr ds:[edi+esi],0x20 + * 001fab2c 74 41 je short .001fab6f + * 001fab2e 803c37 81 cmp byte ptr ds:[edi+esi],0x81 + * 001fab32 75 4d jnz short .001fab81 + * 001fab34 807c37 01 42 cmp byte ptr ds:[edi+esi+0x1],0x42 + * 001fab39 74 34 je short .001fab6f + * 001fab3b 803c37 81 cmp byte ptr ds:[edi+esi],0x81 + * 001fab3f 75 40 jnz short .001fab81 + * 001fab41 807c37 01 41 cmp byte ptr ds:[edi+esi+0x1],0x41 + * 001fab46 74 27 je short .001fab6f + * 001fab48 803c37 81 cmp byte ptr ds:[edi+esi],0x81 + * 001fab4c 75 33 jnz short .001fab81 + * 001fab4e 807c37 01 48 cmp byte ptr ds:[edi+esi+0x1],0x48 + * 001fab53 74 1a je short .001fab6f + * 001fab55 803c37 81 cmp byte ptr ds:[edi+esi],0x81 + * 001fab59 75 26 jnz short .001fab81 + * 001fab5b 807c37 01 49 cmp byte ptr ds:[edi+esi+0x1],0x49 + * 001fab60 74 0d je short .001fab6f + * 001fab62 803c37 81 cmp byte ptr ds:[edi+esi],0x81 + * 001fab66 75 19 jnz short .001fab81 + * 001fab68 807c37 01 40 cmp byte ptr ds:[edi+esi+0x1],0x40 + * 001fab6d 75 12 jnz short .001fab81 + * 001fab6f 803d c58bb100 00 cmp byte ptr ds:[0xb18bc5],0x0 + * 001fab76 75 09 jnz short .001fab81 + * 001fab78 c605 c58bb100 01 mov byte ptr ds:[0xb18bc5],0x1 + * 001fab7f eb 0c jmp short .001fab8d + * 001fab81 e8 7a000000 call .001fac00 + * 001fab86 c605 c58bb100 00 mov byte ptr ds:[0xb18bc5],0x0 + * 001fab8d 8b0d e48bb100 mov ecx,dword ptr ds:[0xb18be4] + * 001fab93 33c0 xor eax,eax + * 001fab95 85db test ebx,ebx + * 001fab97 7e 2b jle short .001fabc4 + * 001fab99 8d1437 lea edx,dword ptr ds:[edi+esi] + * 001fab9c 8b35 ec8bb100 mov esi,dword ptr ds:[0xb18bec] + * 001faba2 8955 fc mov dword ptr ss:[ebp-0x4],edx + * 001faba5 8bd1 mov edx,ecx + * 001faba7 0faf15 e88bb100 imul edx,dword ptr ds:[0xb18be8] + * 001fabae 0315 bc8bb100 add edx,dword ptr ds:[0xb18bbc] ; .00b180f8 + * 001fabb4 03f2 add esi,edx + * 001fabb6 8b55 fc mov edx,dword ptr ss:[ebp-0x4] + * 001fabb9 8a1402 mov dl,byte ptr ds:[edx+eax] + * 001fabbc 881406 mov byte ptr ds:[esi+eax],dl ; jichi: text is in dl in byte + * 001fabbf 40 inc eax + * 001fabc0 3bc3 cmp eax,ebx + * 001fabc2 ^7c f2 jl short .001fabb6 + * 001fabc4 0faf0d e88bb100 imul ecx,dword ptr ds:[0xb18be8] + * 001fabcb 030d bc8bb100 add ecx,dword ptr ds:[0xb18bbc] ; .00b180f8 + * 001fabd1 a1 ec8bb100 mov eax,dword ptr ds:[0xb18bec] + * 001fabd6 03fb add edi,ebx + * 001fabd8 893d b08bb100 mov dword ptr ds:[0xb18bb0],edi + * 001fabde 5f pop edi + * 001fabdf 03c8 add ecx,eax + * 001fabe1 03c3 add eax,ebx + * 001fabe3 5e pop esi + * 001fabe4 c60419 00 mov byte ptr ds:[ecx+ebx],0x0 + * 001fabe8 a3 ec8bb100 mov dword ptr ds:[0xb18bec],eax + * 001fabed 5b pop ebx + * 001fabee 8be5 mov esp,ebp + * 001fabf0 5d pop ebp + * 001fabf1 c3 retn + * 001fabf2 cc int3 + * 001fabf3 cc int3 + * 001fabf4 cc int3 + * 001fabf5 cc int3 + * 001fabf6 cc int3 + * 001fabf7 cc int3 + */ +static void SpecialHookFocasLens(hook_stack* stack, HookParam *, uintptr_t *data, uintptr_t *split, size_t*len) +{ + DWORD addr = (DWORD)stack->base + get_reg(regs::edx); + if (*(char *)addr) { + *data = addr; + *len = 1; + *split = FIXED_SPLIT_VALUE; + } +} +bool InsertFocasLensHook() +{ + const BYTE bytes[] = { + 0x8a,0x14,0x02, // 001fabb9 8a1402 mov dl,byte ptr ds:[edx+eax] + 0x88,0x14,0x06, // 001fabbc 881406 mov byte ptr ds:[esi+eax],dl ; jichi: text is in dl in byte + 0x40, // 001fabbf 40 inc eax + 0x3b,0xc3 // 001fabc0 3bc3 cmp eax,ebx + }; + enum { addr_offset = 0x001fabbc - 0x001fabb9 }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + //GROWL(addr); + if (!addr) { + ConsoleOutput("FocasLens: pattern not found"); + return false; + } + HookParam hp; + hp.address = addr + addr_offset; + hp.text_fun = SpecialHookFocasLens; // use special hook to force byte access + hp.type = USING_STRING|USING_SPLIT|FIXING_SPLIT|NO_CONTEXT; // no context to get rid of relative function address + ConsoleOutput("INSERT FocasLens"); + + + // GDI functions are kept in case the font is not cached + // + return NewHook(hp, "FocasLens"); +} + +bool FocasLens::attach_function() { + + return InsertFocasLensHook(); +} \ No newline at end of file diff --git a/LunaHook/engine32/FocasLens.h b/LunaHook/engine32/FocasLens.h new file mode 100644 index 0000000..c7c98bb --- /dev/null +++ b/LunaHook/engine32/FocasLens.h @@ -0,0 +1,11 @@ +#include"engine.h" + +class FocasLens:public ENGINE{ + public: + FocasLens(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"dat\\*.arc"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Footy2.cpp b/LunaHook/engine32/Footy2.cpp new file mode 100644 index 0000000..2046d0b --- /dev/null +++ b/LunaHook/engine32/Footy2.cpp @@ -0,0 +1,27 @@ +#include"Footy2.h" +bool insertstrcpyhook() { + const BYTE bytes[] = { + 0x3B,0xD8,0x72,0x45,0x83,0xF9,0x10,0x72,0x04,0x8B,0x16,0xEB,0x02 + }; + auto addrs = Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE, processStartAddress, processStopAddress); + const BYTE funcstart[] = { + 0x55,0x8b,0xec,0x53,0x8b,0x5d,0x08 + }; + bool succ=false; + for (auto addr : addrs) { + addr = reverseFindBytes(funcstart, sizeof(funcstart), addr - 0x100, addr); + if (addr == 0)continue; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.type = USING_STRING; + ConsoleOutput("strcpy %p", addr); + succ|=NewHook(hp, "strcpy"); + } + return succ; +} +bool Footy2::attach_function() { + //ガールズ・ブック・メイカー -幸せのリブレット- + + return insertstrcpyhook(); +} \ No newline at end of file diff --git a/LunaHook/engine32/Footy2.h b/LunaHook/engine32/Footy2.h new file mode 100644 index 0000000..dfbedcb --- /dev/null +++ b/LunaHook/engine32/Footy2.h @@ -0,0 +1,12 @@ +#include"engine.h" + +class Footy2:public ENGINE{ + public: + Footy2(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"Footy2.dll"; + dontstop=true; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/GXP.cpp b/LunaHook/engine32/GXP.cpp new file mode 100644 index 0000000..d228734 --- /dev/null +++ b/LunaHook/engine32/GXP.cpp @@ -0,0 +1,636 @@ +#include"GXP.h" +/** + * jichi 5/11/2014: Hook to the beginning of a function + * + * Executable description shows "AVGEngineV2" + * + * Cached wrong text can also be found in GetGlyphOutlineW. + * + * 4/27/2015 old logic: + * 1. find the following location + * 00A78144 66:833C70 00 CMP WORD PTR DS:[EAX+ESI*2],0x0 + * i.e. 0x66833C7000 + * There are several matches, the first one is used. + * 2. find the first push operation after it + * 3. find the function call after push, and hook to it + * The text is in the arg1, which is character by character + * + * But in the new game since ウルスラグ� there the function call is not immediately after 0x66833C7000 any more. + * My own way to find the function to hook is as follows: + * 1. find the following location + * 00A78144 66:833C70 00 CMP WORD PTR DS:[EAX+ESI*2],0x0 + * i.e. 0x66833C7000 + * There are several matches, the first one is used. + * 2. Use Ollydbg to debug step by step until the first function call is encountered + * Then, the text character is directly on the stack + * + * Here's an example of Demonion II (reladdr = 0x18c540): + * The text is displayed character by character. + * sub_58C540 proc near + * arg_0 = dword ptr 8 // LPCSTR with 1 character + * + * 0138C540 /$ 55 PUSH EBP + * 0138C541 |. 8BEC MOV EBP,ESP + * 0138C543 |. 83E4 F8 AND ESP,0xFFFFFFF8 + * 0138C546 |. 8B43 0C MOV EAX,DWORD PTR DS:[EBX+0xC] + * 0138C549 |. 83EC 08 SUB ESP,0x8 + * 0138C54C |. 56 PUSH ESI + * 0138C54D |. 57 PUSH EDI + * 0138C54E |. 85C0 TEST EAX,EAX + * 0138C550 |. 75 04 JNZ SHORT demonion.0138C556 + * 0138C552 |. 33F6 XOR ESI,ESI + * 0138C554 |. EB 18 JMP SHORT demonion.0138C56E + * 0138C556 |> 8B4B 14 MOV ECX,DWORD PTR DS:[EBX+0x14] + * 0138C559 |. 2BC8 SUB ECX,EAX + * 0138C55B |. B8 93244992 MOV EAX,0x92492493 + * 0138C560 |. F7E9 IMUL ECX + * 0138C562 |. 03D1 ADD EDX,ECX + * 0138C564 |. C1FA 04 SAR EDX,0x4 + * 0138C567 |. 8BF2 MOV ESI,EDX + * 0138C569 |. C1EE 1F SHR ESI,0x1F + * 0138C56C |. 03F2 ADD ESI,EDX + * 0138C56E |> 8B7B 10 MOV EDI,DWORD PTR DS:[EBX+0x10] + * 0138C571 |. 8BCF MOV ECX,EDI + * 0138C573 |. 2B4B 0C SUB ECX,DWORD PTR DS:[EBX+0xC] + * 0138C576 |. B8 93244992 MOV EAX,0x92492493 + * 0138C57B |. F7E9 IMUL ECX + * 0138C57D |. 03D1 ADD EDX,ECX + * 0138C57F |. C1FA 04 SAR EDX,0x4 + * 0138C582 |. 8BC2 MOV EAX,EDX + * 0138C584 |. C1E8 1F SHR EAX,0x1F + * 0138C587 |. 03C2 ADD EAX,EDX + * 0138C589 |. 3BC6 CMP EAX,ESI + * 0138C58B |. 73 2F JNB SHORT demonion.0138C5BC + * 0138C58D |. C64424 08 00 MOV BYTE PTR SS:[ESP+0x8],0x0 + * 0138C592 |. 8B4C24 08 MOV ECX,DWORD PTR SS:[ESP+0x8] + * 0138C596 |. 8B5424 08 MOV EDX,DWORD PTR SS:[ESP+0x8] + * 0138C59A |. 51 PUSH ECX + * 0138C59B |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+0x8] + * 0138C59E |. 52 PUSH EDX + * 0138C59F |. B8 01000000 MOV EAX,0x1 + * 0138C5A4 |. 8BD7 MOV EDX,EDI + * 0138C5A6 |. E8 F50E0000 CALL demonion.0138D4A0 + * 0138C5AB |. 83C4 08 ADD ESP,0x8 + * 0138C5AE |. 83C7 1C ADD EDI,0x1C + * 0138C5B1 |. 897B 10 MOV DWORD PTR DS:[EBX+0x10],EDI + * 0138C5B4 |. 5F POP EDI + * 0138C5B5 |. 5E POP ESI + * 0138C5B6 |. 8BE5 MOV ESP,EBP + * 0138C5B8 |. 5D POP EBP + * 0138C5B9 |. C2 0400 RETN 0x4 + * 0138C5BC |> 397B 0C CMP DWORD PTR DS:[EBX+0xC],EDI + * 0138C5BF |. 76 05 JBE SHORT demonion.0138C5C6 + * 0138C5C1 |. E8 1B060D00 CALL demonion.0145CBE1 + * 0138C5C6 |> 8B03 MOV EAX,DWORD PTR DS:[EBX] + * 0138C5C8 |. 57 PUSH EDI ; /Arg4 + * 0138C5C9 |. 50 PUSH EAX ; |Arg3 + * 0138C5CA |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+0x8] ; | + * 0138C5CD |. 50 PUSH EAX ; |Arg2 + * 0138C5CE |. 8D4C24 14 LEA ECX,DWORD PTR SS:[ESP+0x14] ; | + * 0138C5D2 |. 51 PUSH ECX ; |Arg1 + * 0138C5D3 |. 8BC3 MOV EAX,EBX ; | + * 0138C5D5 |. E8 D6010000 CALL demonion.0138C7B0 ; \demonion.0138C7B0 + * 0138C5DA |. 5F POP EDI + * 0138C5DB |. 5E POP ESI + * 0138C5DC |. 8BE5 MOV ESP,EBP + * 0138C5DE |. 5D POP EBP + * 0138C5DF \. C2 0400 RETN 0x4 + * + * 4/26/2015 ウルスラグ� * base = 0xa30000, old hook addr = 0xbe6360 + * + * 00A7813A EB 02 JMP SHORT .00A7813E + * 00A7813C 8BC7 MOV EAX,EDI + * 00A7813E 8BB3 E4020000 MOV ESI,DWORD PTR DS:[EBX+0x2E4] + * 00A78144 66:833C70 00 CMP WORD PTR DS:[EAX+ESI*2],0x0 ; jich: here's the first found segment + * 00A78149 74 36 JE SHORT .00A78181 + * 00A7814B 837F 14 08 CMP DWORD PTR DS:[EDI+0x14],0x8 + * 00A7814F 72 08 JB SHORT .00A78159 + * 00A78151 8B07 MOV EAX,DWORD PTR DS:[EDI] + * + * 00A7883A 24 3C AND AL,0x3C + * 00A7883C 50 PUSH EAX + * 00A7883D C74424 4C 000000>MOV DWORD PTR SS:[ESP+0x4C],0x0 + * 00A78845 0F5B ??? ; Unknown command + * 00A78847 C9 LEAVE + * 00A78848 F3:0F114424 44 MOVSS DWORD PTR SS:[ESP+0x44],XMM0 + * 00A7884E F3:0F114C24 48 MOVSS DWORD PTR SS:[ESP+0x48],XMM1 + * 00A78854 E8 37040000 CALL .00A78C90 ; jichi: here's the target function to hook to, text char on the stack[0] + * 00A78859 A1 888EDD00 MOV EAX,DWORD PTR DS:[0xDD8E88] + * 00A7885E A8 01 TEST AL,0x1 + * 00A78860 75 30 JNZ SHORT .00A78892 + * 00A78862 83C8 01 OR EAX,0x1 + * 00A78865 A3 888EDD00 MOV DWORD PTR DS:[0xDD8E88],EAX + * + * Here's the new function call: + * 00A78C8A CC INT3 + * 00A78C8B CC INT3 + * 00A78C8C CC INT3 + * 00A78C8D CC INT3 + * 00A78C8E CC INT3 + * 00A78C8F CC INT3 + * 00A78C90 55 PUSH EBP + * 00A78C91 8BEC MOV EBP,ESP + * 00A78C93 56 PUSH ESI + * 00A78C94 8BF1 MOV ESI,ECX + * 00A78C96 57 PUSH EDI + * 00A78C97 8B7D 08 MOV EDI,DWORD PTR SS:[EBP+0x8] + * 00A78C9A 8B4E 04 MOV ECX,DWORD PTR DS:[ESI+0x4] + * 00A78C9D 3BF9 CMP EDI,ECX + * 00A78C9F 73 76 JNB SHORT .00A78D17 + * 00A78CA1 8B06 MOV EAX,DWORD PTR DS:[ESI] + * 00A78CA3 3BC7 CMP EAX,EDI + * 00A78CA5 77 70 JA SHORT .00A78D17 + * 00A78CA7 2BF8 SUB EDI,EAX + * 00A78CA9 B8 93244992 MOV EAX,0x92492493 + * 00A78CAE F7EF IMUL EDI + * 00A78CB0 03D7 ADD EDX,EDI + * 00A78CB2 C1FA 04 SAR EDX,0x4 + * 00A78CB5 8BFA MOV EDI,EDX + * 00A78CB7 C1EF 1F SHR EDI,0x1F + * 00A78CBA 03FA ADD EDI,EDX + * 00A78CBC 3B4E 08 CMP ECX,DWORD PTR DS:[ESI+0x8] + * 00A78CBF 75 09 JNZ SHORT .00A78CCA + * 00A78CC1 6A 01 PUSH 0x1 + * 00A78CC3 8BCE MOV ECX,ESI + * 00A78CC5 E8 36030000 CALL .00A79000 + * 00A78CCA 8B56 04 MOV EDX,DWORD PTR DS:[ESI+0x4] + * 00A78CCD 8D0CFD 00000000 LEA ECX,DWORD PTR DS:[EDI*8] + * 00A78CD4 2BCF SUB ECX,EDI + * 00A78CD6 8B3E MOV EDI,DWORD PTR DS:[ESI] + * 00A78CD8 85D2 TEST EDX,EDX + * 00A78CDA 74 7B JE SHORT .00A78D57 + * 00A78CDC 66:8B048F MOV AX,WORD PTR DS:[EDI+ECX*4] + * 00A78CE0 66:8902 MOV WORD PTR DS:[EDX],AX + * 00A78CE3 8B448F 04 MOV EAX,DWORD PTR DS:[EDI+ECX*4+0x4] + * 00A78CE7 8942 04 MOV DWORD PTR DS:[EDX+0x4],EAX + * 00A78CEA 8B448F 08 MOV EAX,DWORD PTR DS:[EDI+ECX*4+0x8] + * 00A78CEE 8942 08 MOV DWORD PTR DS:[EDX+0x8],EAX + * 00A78CF1 8B448F 0C MOV EAX,DWORD PTR DS:[EDI+ECX*4+0xC] + * 00A78CF5 8942 0C MOV DWORD PTR DS:[EDX+0xC],EAX + * 00A78CF8 C742 10 00000000 MOV DWORD PTR DS:[EDX+0x10],0x0 + * 00A78CFF 8B448F 14 MOV EAX,DWORD PTR DS:[EDI+ECX*4+0x14] + * 00A78D03 8942 14 MOV DWORD PTR DS:[EDX+0x14],EAX + * 00A78D06 8A448F 18 MOV AL,BYTE PTR DS:[EDI+ECX*4+0x18] + * 00A78D0A 8842 18 MOV BYTE PTR DS:[EDX+0x18],AL + * 00A78D0D 8346 04 1C ADD DWORD PTR DS:[ESI+0x4],0x1C + * 00A78D11 5F POP EDI + * 00A78D12 5E POP ESI + * 00A78D13 5D POP EBP + * 00A78D14 C2 0400 RETN 0x4 + * 00A78D17 3B4E 08 CMP ECX,DWORD PTR DS:[ESI+0x8] + * 00A78D1A 75 09 JNZ SHORT .00A78D25 + * 00A78D1C 6A 01 PUSH 0x1 + * 00A78D1E 8BCE MOV ECX,ESI + * 00A78D20 E8 DB020000 CALL .00A79000 + * 00A78D25 8B4E 04 MOV ECX,DWORD PTR DS:[ESI+0x4] + * 00A78D28 85C9 TEST ECX,ECX + * 00A78D2A 74 2B JE SHORT .00A78D57 + * 00A78D2C 66:8B07 MOV AX,WORD PTR DS:[EDI] + * 00A78D2F 66:8901 MOV WORD PTR DS:[ECX],AX + * 00A78D32 8B47 04 MOV EAX,DWORD PTR DS:[EDI+0x4] + * 00A78D35 8941 04 MOV DWORD PTR DS:[ECX+0x4],EAX + * 00A78D38 8B47 08 MOV EAX,DWORD PTR DS:[EDI+0x8] + * 00A78D3B 8941 08 MOV DWORD PTR DS:[ECX+0x8],EAX + * 00A78D3E 8B47 0C MOV EAX,DWORD PTR DS:[EDI+0xC] + * 00A78D41 8941 0C MOV DWORD PTR DS:[ECX+0xC],EAX + * 00A78D44 C741 10 00000000 MOV DWORD PTR DS:[ECX+0x10],0x0 + * 00A78D4B 8B47 14 MOV EAX,DWORD PTR DS:[EDI+0x14] + * 00A78D4E 8941 14 MOV DWORD PTR DS:[ECX+0x14],EAX + * 00A78D51 8A47 18 MOV AL,BYTE PTR DS:[EDI+0x18] + * 00A78D54 8841 18 MOV BYTE PTR DS:[ECX+0x18],AL + * 00A78D57 8346 04 1C ADD DWORD PTR DS:[ESI+0x4],0x1C + * 00A78D5B 5F POP EDI + * 00A78D5C 5E POP ESI + * 00A78D5D 5D POP EBP + * 00A78D5E C2 0400 RETN 0x4 + * 00A78D61 CC INT3 + * 00A78D62 CC INT3 + * 00A78D63 CC INT3 + * 00A78D64 CC INT3 + * 00A78D65 CC INT3 + */ +static bool InsertGXP1Hook() +{ + union { + DWORD i; + DWORD *id; + BYTE *ib; + }; + for (i = processStartAddress + 0x1000; i < processStopAddress - 4; i++) { + // jichi example: + // 00A78144 66:833C70 00 CMP WORD PTR DS:[EAX+ESI*2],0x0 + + //find cmp word ptr [esi*2+eax],0 + if (*id != 0x703c8366) + continue; + i += 4; + if (*ib != 0) + continue; + i++; + DWORD j = i + 0x200; + j = j < (processStopAddress - 8) ? j : (processStopAddress - 8); + + DWORD flag = false; + while (i < j) { + DWORD k = disasm(ib); + if (k == 0) + break; + if (k == 1 && (*ib & 0xf8) == 0x50) { // push reg + flag = true; + break; + } + i += k; + } + if (flag) + while (i < j) { + if (*ib == 0xe8) { // jichi: find first long call after the push operation + i++; + DWORD addr = *id + i + 4; + if (addr > processStartAddress && addr < processStopAddress) { + HookParam hp; + hp.address = addr; + //hp.type = CODEC_UTF16|DATA_INDIRECT; + hp.type = USING_STRING|CODEC_UTF16|DATA_INDIRECT|NO_CONTEXT|FIXING_SPLIT; // jichi 4/25/2015: Fixing split + hp.offset=get_stack(1); + + //GROWL_DWORD3(hp.address, processStartAddress, hp.address - processStartAddress); + + //DWORD call = Util::FindCallAndEntryAbs(hp.address, processStopAddress - processStartAddress, processStartAddress, 0xec81); // zero + //DWORD call = Util::FindCallAndEntryAbs(hp.address, processStopAddress - processStartAddress, processStartAddress, 0xec83); // zero + //DWORD call = Util::FindCallAndEntryAbs(hp.address, processStopAddress - processStartAddress, processStartAddress, 0xec8b55); // zero + //GROWL_DWORD3(call, processStartAddress, call - processStartAddress); + + ConsoleOutput("INSERT GXP"); + + + // jichi 5/13/2015: Disable hooking to GetGlyphOutlineW + // FIXME: GetGlyphOutlineW can extract name, but GXP cannot + ConsoleOutput("GXP: disable GDI hooks"); + + return NewHook(hp, "GXP"); + } + } + i++; + } + } + //ConsoleOutput("Unknown GXP engine."); + ConsoleOutput("GXP: failed"); + return false; +} + +static bool InsertGXP2Hook() +{ + // pattern = 0x0f5bc9f30f11442444f30f114c2448e8 + const BYTE bytes[] = { + 0x0f,0x5b, // 00A78845 0F5B ??? ; Unknown command + 0xc9, // 00A78847 C9 LEAVE + 0xf3,0x0f,0x11,0x44,0x24, 0x44, // 00A78848 F3:0F114424 44 MOVSS DWORD PTR SS:[ESP+0x44],XMM0 + 0xf3,0x0f,0x11,0x4c,0x24, 0x48, // 00A7884E F3:0F114C24 48 MOVSS DWORD PTR SS:[ESP+0x48],XMM1 + 0xe8 //37040000 // 00A78854 E8 37040000 CALL .00A78C90 ; jichi: here's the target function to hook to, text char on the stack[0] + }; + enum { addr_offset = sizeof(bytes) - 1 }; // 0x00a78854 - 0x00a78845 + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!addr) { + ConsoleOutput("GXP2: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr + addr_offset; + hp.type = CODEC_UTF16|NO_CONTEXT|DATA_INDIRECT|FIXING_SPLIT|USING_STRING; + ConsoleOutput("INSERT GXP2"); + + ConsoleOutput("GXP: disable GDI hooks"); + + return NewHook(hp, "GXP2"); +} + +bool InsertGXPHook() +{ + // GXP1 and GXP2 are harmless to each other + bool ok = InsertGXP1Hook(); + ok = InsertGXP2Hook() || ok; + return ok; +} +#include"util/textunion.h" +namespace { // unnamed + +ULONG moduleBaseAddress_; // saved only for debugging purposes + +bool isBadText(LPCWSTR text) +{ + return text[0] <= 127 || text[::wcslen(text) - 1] <= 127 // skip ascii text + || ::wcschr(text, 0xff3f); // Skip system text containing: _ +} + +namespace ScenarioHook1 { // for old GXP1 +namespace Private { + TextUnionW *arg_, + argValue_; + bool hookBefore(hook_stack*s,void* data1, size_t* len,uintptr_t*role) + { + + static std::wstring text_; // persistent storage, which makes this function not thread-safe + + auto arg = (TextUnionW *)(s->stack[0] + 4); // arg1 + 0x4 + if (!arg->isValid()) + return 0; + + auto text = arg->getText(); + if (isBadText(text)) + return 0; + std::wstring oldText = std::wstring(text);//, + wcscpy((LPWSTR)data1,oldText.c_str());*len=oldText.size()*2; + return 1; + // newText = EngineController::instance()->dispatchTextWSTD(oldText, role, reladdr); + // if (newText == oldText) + // return true; + // text_ = newText; + + // arg_ = arg; + // argValue_ = *arg; + + // arg->setText(text_); + + // //if (arg->size) + // // hashes_.insert(Engine::hashWCharArray(arg->text, arg->size)); + // return true; + } + void hook2a(hook_stack*s,void* data1, size_t len) + { + auto text_=new wchar_t[len/2+1]; + auto n=std::wstring((LPWSTR)data1,len/2); + wcscpy(text_,n.c_str()); + auto arg = (TextUnionW *)(s->stack[0] + 4); // arg1 + 0x4 + arg_ = arg; + argValue_ = *arg; + + arg->setText(text_); + //if (arg->size) + // hashes_.insert(Engine::hashWCharArray(arg->text, arg->size)); + // return true; + } + bool hookAfter(hook_stack*s,void* data1, size_t* len,uintptr_t*role) + { + if (arg_) { + *arg_ = argValue_; + arg_ = nullptr; + } + return 0; + } +} // namespace Private + +/** + * Sample game: 塔の下のエクセルキトゥス体験版 + * Executable description shows "AVGEngineV2" + * + * Debugging method: Find the fixed text address, and check when it is being modified + * + * Scenario caller, text in the struct of arg1 + 0x4. + */ +bool attach(ULONG startAddress, ULONG stopAddress) +{ + const uint8_t bytes[] = { + 0xeb, 0x02, // 01313bb6 eb 02 jmp short trial.01313bba + 0x8b,0xc5, // 01313bb8 8bc5 mov eax,ebp + 0x8b,0x54,0x24, 0x18, // 01313bba 8b5424 18 mov edx,dword ptr ss:[esp+0x18] + 0x8d,0x0c,0x51, // 01313bbe 8d0c51 lea ecx,dword ptr ds:[ecx+edx*2] + 0x8d,0x1c,0x3f // 01313bc1 8d1c3f lea ebx,dword ptr ds:[edi+edi] + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if (!addr) + return addr; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) + return addr; + //return winhook::hook_before(addr, Private::hookBefore); + + int count = 0; + auto fun = [&count](ULONG addr) -> bool { + auto retaddr=addr+5; + + if (*(DWORD *)retaddr!= 0x0c244c8a) + return true; + if (*(BYTE *)retaddr == 0x4f || + (*(DWORD *)retaddr & 0x00ff00ff) == 0x0024008b) // skip truncated texts + return true; + HookParam hp; + hp.address=addr; + hp.hook_before=Private::hookBefore; + hp.hook_after=Private::hook2a; + hp.type=EMBED_ABLE|CODEC_UTF16|USING_STRING; + hp.newlineseperator=L"%r"; + hp.hook_font=F_GetGlyphOutlineW; + bool succ=NewHook(hp,"EmbedGXP"); + hp.address=addr+5; + hp.hook_before=Private::hookAfter; + succ|=NewHook(hp,"EmbedGXP"); + count+=1; + return succ; // replace all functions + }; + MemDbg::iterNearCallAddress(fun, addr, startAddress, stopAddress); + return count; +} +} // namespace ScenarioHook1 + +namespace ScenarioHook2 { // for new GXP2 +namespace Private { + TextUnionW *arg_, + argValue_; + bool hookBefore(hook_stack*s,void* data1, size_t* len,uintptr_t*role) + { + static std::wstring text_; // persistent storage, which makes this function not thread-safe + auto arg = (TextUnionW *)s->stack[0]; // arg1 + if (!arg->isValid()) + return 0; + + auto text = arg->getText(); + if (isBadText(text)) + return 0; + std::wstring oldText = std::wstring(text);//, + wcscpy((LPWSTR)data1,oldText.c_str());*len=oldText.size()*2; + return 1;} + void hook2a(hook_stack*s,void* data1, size_t len) + { + auto text_=new wchar_t[len/2+1]; + auto n=std::wstring((LPWSTR)data1,len/2); + wcscpy(text_,n.c_str()); +auto arg = (TextUnionW *)s->stack[0]; // arg1 + 0x4 + arg_ = arg; + argValue_ = *arg; + + arg->setText(text_); + } + + bool hookAfter(hook_stack*s,void* data1, size_t* len,uintptr_t*role) + { + if (arg_) { + *arg_ = argValue_; + arg_ = nullptr; + } + return 0; + } +} // namespace Private + +bool attach(ULONG startAddress, ULONG stopAddress) +{ + const uint8_t bytes[] = { + 0x8d,0x04,0x3f, // 08159fd |. 8d043f lea eax,dword ptr ds:[edi+edi] ; jichi: edi *= 2 for wchar_t + 0x50, // 0815a00 |. 50 push eax ; jichi: size + 0x8d,0x04,0x4b, // 0815a01 |. 8d044b lea eax,dword ptr ds:[ebx+ecx*2] + 0x50, // 0815a04 |. 50 push eax ; jichi: source text + 0x52 // 0815a05 |. 52 push edx ; jichi: target text + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if (!addr) + return addr; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) + return addr; + //return winhook::hook_before(addr, Private::hookBefore); + + int count = 0; + auto fun = [&count](ULONG addr) -> bool { + auto retaddr=addr+5; + if (*(WORD *)retaddr != 0x458a) + return true; + if (*(BYTE *)retaddr == 0xa1) + return true; + HookParam hp; + hp.address=addr; + hp.hook_before=Private::hookBefore; + hp.hook_after=Private::hook2a; + hp.type=EMBED_ABLE|CODEC_UTF16|USING_STRING; + hp.newlineseperator=L"%r"; + hp.hook_font=F_GetGlyphOutlineW; + bool succ=NewHook(hp,"EmbedGXP2"); + hp.address=addr+5; + hp.hook_before=Private::hookAfter; + succ|=NewHook(hp,"EmbedGXP2"); + count+=1; + return succ; // replace all functions + }; + MemDbg::iterNearCallAddress(fun, addr, startAddress, stopAddress); + return count; +} +} // namespace ScenarioHook2 +/* +namespace PopupHook1 { // only for old GXP1 engine +namespace Private { + bool hookBefore(winhook::hook_stack *s) + { + static std::wstring text_; // persistent storage, which makes this function not thread-safe + auto arg = (TextUnionW *)(s->ecx + 0x1ec); // [ecx + 0x1ec] + if (!arg->isValid()) + return true; + auto text = arg->getText(); + if (isBadText(text)) + return true; + auto retaddr = s->stack[0]; + auto reladdr = retaddr - moduleBaseAddress_; + enum { role = Engine::OtherRole }; + std::wstring oldText = std::wstring(text), + newText = EngineController::instance()->dispatchTextWSTD(oldText, role, reladdr); + if (newText == oldText) + return true; + text_ = newText; + arg->setText(text_); + return true; + } +} // Private + bool attach(ULONG startAddress, ULONG stopAddress) +{ + const uint8_t bytes[] = { + 0x8b,0x86, 0xec,0x01,0x00,0x00, // 001092a9 8b86 ec010000 mov eax,dword ptr ds:[esi+0x1ec] ; jichi: text in eax + 0xeb, 0x06, // 001092af eb 06 jmp short trial.001092b7 + 0x8d,0x86, 0xec,0x01,0x00,0x00, // 001092b1 8d86 ec010000 lea eax,dword ptr ds:[esi+0x1ec] + 0x0f,0xb7,0x14,0x78, // 001092b7 0fb71478 movzx edx,word ptr ds:[eax+edi*2] + 0x52 // 001092bb 52 push edx + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if (!addr) + return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) + return false; + return winhook::hook_before(addr, Private::hookBefore); + // Function called at runtime + //int count = 0; + //auto fun = [&count](ULONG addr) -> bool { + // auto before = std::bind(Private::hookBefore, addr + 5, std::placeholders::_1); + // count += winhook::hook_both(addr, before, Private::hookAfter); + // return true; // replace all functions + //}; + //MemDbg::iterNearCallAddress(fun, addr, startAddress, stopAddress); + //DOUT("call number =" << count); + //return count; +} +} // namespace PopupHook1 + +namespace OtherHook { // for all GXP engines +namespace Private { + bool hookBefore(winhook::hook_stack *s) + { + static std::wstring text_; + auto text = (LPCWSTR)s->stack[3]; // arg3 + if (!text || !*text) + return true; + auto retaddr = s->stack[0]; + auto reladdr = retaddr - moduleBaseAddress_; + enum { role = Engine::OtherRole }; + std::wstring oldText = std::wstring(text), + newText = EngineController::instance()->dispatchTextWSTD(oldText, role, reladdr); + if (newText.empty() || oldText == newText) + return true; + strReplace(newText, L"%r", L"\n"); + //newText.replace("%r", "\n"); + text_ = newText; + s->stack[3] = (ULONG)text_.c_str(); + return true; + } +} // Private + bool attach(ULONG startAddress, ULONG stopAddress) +{ + const uint8_t bytes[] = { + 0x99, // 014d45ae 99 cdq + 0x2b,0xc2, // 014d45af 2bc2 sub eax,edx + 0xd1,0xf8, // 014d45b1 d1f8 sar eax,1 + 0x03 //,0xf0, // 014d45b3 03f0 add esi,eax + }; + int count = 0; + auto fun = [&count](ULONG addr) -> bool { + count += + (addr = MemDbg::findEnclosingAlignedFunction(addr)) + && winhook::hook_before(addr, Private::hookBefore); + return true; + }; + MemDbg::iterFindBytes(fun, bytes, sizeof(bytes), startAddress, stopAddress); + DOUT("call number =" << count); + return count; +} +} // namespace OtherHook +*/ + +bool attach() +{ + ULONG startAddress=processStartAddress, stopAddress=processStopAddress; + + moduleBaseAddress_ = startAddress; // used to calculate reladdr for debug purposes + if (ScenarioHook2::attach(startAddress, stopAddress)) { + + } else if (ScenarioHook1::attach(startAddress, stopAddress)) { + + // (PopupHook1::attach(startAddress, stopAddress)); + + } else + return false; + // (OtherHook::attach(startAddress, stopAddress)) + + return true; +} + +} // unnamed namespace +bool GXP::attach_function() { + auto _=InsertGXPHook(); + return attach()||_; +} \ No newline at end of file diff --git a/LunaHook/engine32/GXP.h b/LunaHook/engine32/GXP.h new file mode 100644 index 0000000..a24f21b --- /dev/null +++ b/LunaHook/engine32/GXP.h @@ -0,0 +1,11 @@ +#include"engine.h" + +class GXP:public ENGINE{ + public: + GXP(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"*.gxp"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/GameMaker.cpp b/LunaHook/engine32/GameMaker.cpp new file mode 100644 index 0000000..5e93332 --- /dev/null +++ b/LunaHook/engine32/GameMaker.cpp @@ -0,0 +1,46 @@ +#include"GameMaker.h" + +bool GameMakerFilter(LPVOID data, size_t* size, HookParam*) +{ + CharFilter(reinterpret_cast(data), reinterpret_cast(size), '#'); + return true; +} + +bool InsertGameMakerHook() +{ + + /* + * Sample games: + * VA-11 Hall A + */ + const BYTE bytes[] = { + 0x85, 0xF6, // test esi,esi + 0x74, XX, // je "VA-11 Hall A.exe"+D5014 + 0x85, 0xC0, // test eax,eax + 0x74, XX, // je "VA-11 Hall A.exe"+D5014 + 0x50, // push eax + 0x56 // push esi << hook here + }; + enum { addr_offset = sizeof(bytes) - 1 }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + ConsoleOutput("GameMaker: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr + addr_offset; + hp.offset=get_reg(regs::eax); + hp.type = USING_STRING | NO_CONTEXT; + hp.filter_fun = GameMakerFilter; + ConsoleOutput(" INSERT GameMaker"); + + ConsoleOutput("GameMaker: use regex filter .+\\]"); + return NewHook(hp, "GameMaker"); +} + +bool GameMaker::attach_function() { + return InsertGameMakerHook(); +} \ No newline at end of file diff --git a/LunaHook/engine32/GameMaker.h b/LunaHook/engine32/GameMaker.h new file mode 100644 index 0000000..04c60b9 --- /dev/null +++ b/LunaHook/engine32/GameMaker.h @@ -0,0 +1,12 @@ +#include"engine.h" + +class GameMaker:public ENGINE{ + public: + GameMaker(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"GMResource.dll"; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Giga.cpp b/LunaHook/engine32/Giga.cpp new file mode 100644 index 0000000..4c9cef7 --- /dev/null +++ b/LunaHook/engine32/Giga.cpp @@ -0,0 +1,24 @@ +#include"Giga.h" + +bool Giga::attach_function() { + + const BYTE bytes[] = { + //ショコラ ~maid cafe curio Re-order~ + //https://vndb.org/v682 + 0xe8,XX4, + 0x83,0xC4,0x10, + 0xB8,0x01,0x00,0x00,0x00, + 0x81,0xC4,0x00,0x10,0x00,0x00, + 0xC3 + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (addr == 0)return false; + addr = MemDbg::findEnclosingAlignedFunction(addr,0x100); + if (addr == 0)return false; + HookParam hp; + hp.address = addr; + hp.offset =get_stack(4); + hp.type = USING_STRING; + + return NewHook(hp, "Giga"); +} \ No newline at end of file diff --git a/LunaHook/engine32/Giga.h b/LunaHook/engine32/Giga.h new file mode 100644 index 0000000..b37b365 --- /dev/null +++ b/LunaHook/engine32/Giga.h @@ -0,0 +1,11 @@ +#include"engine.h" + +class Giga:public ENGINE{ + public: + Giga(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"Dat\\*.pac"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/HXP.cpp b/LunaHook/engine32/HXP.cpp new file mode 100644 index 0000000..982683b --- /dev/null +++ b/LunaHook/engine32/HXP.cpp @@ -0,0 +1,17 @@ +#include"HXP.h" + + +bool HXP::attach_function() { + //https://vndb.org/v172 + //エクソダスギルティー・オルタナティブ + auto addr=MemDbg::findCallerAddress((DWORD)TextOutA, 0x01003d66,processStartAddress, processStopAddress); + if(addr==0)return false; + addr=MemDbg::findEnclosingAlignedFunction(addr); + if(addr==0)return false; + HookParam hp; + hp.address = (DWORD)addr; + hp.offset=get_stack(2); + hp.type = CODEC_ANSI_BE; + + return NewHook(hp, "HXP"); +} \ No newline at end of file diff --git a/LunaHook/engine32/HXP.h b/LunaHook/engine32/HXP.h new file mode 100644 index 0000000..10c52ca --- /dev/null +++ b/LunaHook/engine32/HXP.h @@ -0,0 +1,11 @@ +#include"engine.h" + +class HXP:public ENGINE{ + public: + HXP(){ + is_engine_certain=false; + check_by=CHECK_BY::FILE; + check_by_target=L"DATA\\*.HXP"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/HorkEye.cpp b/LunaHook/engine32/HorkEye.cpp new file mode 100644 index 0000000..cd7fedf --- /dev/null +++ b/LunaHook/engine32/HorkEye.cpp @@ -0,0 +1,395 @@ +#include"HorkEye.h" + + + +/** 10/20/2014 jichi: HorkEye, http://horkeye.com + * Sample game: [150226] 結城友奈�勀��ある 体験版 + * + * No GDI functions are used by this game. + * + * Debug method: + * There are two matched texts. + * The one having fixed address is used to insert hw breakpoints. + * + * I found are two functions addressing the address, both of which seems to be good. + * The first one is used: + * + * 013cda60 8d4c24 1c lea ecx,dword ptr ss:[esp+0x1c] + * 013cda64 51 push ecx + * 013cda65 68 48a8c201 push .01c2a848 ; ascii "if" + * 013cda6a e8 d1291600 call .01530440 + * 013cda6f 83c4 0c add esp,0xc + * 013cda72 6a 01 push 0x1 + * 013cda74 83ec 1c sub esp,0x1c + * 013cda77 8bcc mov ecx,esp + * 013cda79 896424 30 mov dword ptr ss:[esp+0x30],esp + * 013cda7d 6a 10 push 0x10 + * 013cda7f c741 14 0f000000 mov dword ptr ds:[ecx+0x14],0xf + * 013cda86 c741 10 00000000 mov dword ptr ds:[ecx+0x10],0x0 + * 013cda8d 68 80125601 push .01561280 + * 013cda92 c601 00 mov byte ptr ds:[ecx],0x0 + * 013cda95 e8 5681ffff call .013c5bf0 + * 013cda9a e8 717a0900 call .01465510 + * 013cda9f 83c4 20 add esp,0x20 + * 013cdaa2 b8 01000000 mov eax,0x1 + * 013cdaa7 8b8c24 b8000000 mov ecx,dword ptr ss:[esp+0xb8] + * 013cdaae 5f pop edi + * 013cdaaf 5e pop esi + * 013cdab0 5d pop ebp + * 013cdab1 5b pop ebx + * 013cdab2 33cc xor ecx,esp + * 013cdab4 e8 c7361600 call .01531180 + * 013cdab9 81c4 ac000000 add esp,0xac + * 013cdabf c3 retn + * 013cdac0 83ec 40 sub esp,0x40 + * 013cdac3 a1 24805d01 mov eax,dword ptr ds:[0x15d8024] + * 013cdac8 8b15 c4709901 mov edx,dword ptr ds:[0x19970c4] + * 013cdace 8d0c00 lea ecx,dword ptr ds:[eax+eax] + * 013cdad1 a1 9c506b01 mov eax,dword ptr ds:[0x16b509c] + * 013cdad6 0305 18805d01 add eax,dword ptr ds:[0x15d8018] + * 013cdadc 53 push ebx + * 013cdadd 8b5c24 48 mov ebx,dword ptr ss:[esp+0x48] + * 013cdae1 55 push ebp + * 013cdae2 8b6c24 50 mov ebp,dword ptr ss:[esp+0x50] + * 013cdae6 894c24 34 mov dword ptr ss:[esp+0x34],ecx + * 013cdaea 8b0d 20805d01 mov ecx,dword ptr ds:[0x15d8020] + * 013cdaf0 894424 18 mov dword ptr ss:[esp+0x18],eax + * 013cdaf4 a1 1c805d01 mov eax,dword ptr ds:[0x15d801c] + * 013cdaf9 03c8 add ecx,eax + * 013cdafb 56 push esi + * 013cdafc 33f6 xor esi,esi + * 013cdafe d1f8 sar eax,1 + * 013cdb00 45 inc ebp + * 013cdb01 896c24 24 mov dword ptr ss:[esp+0x24],ebp + * 013cdb05 897424 0c mov dword ptr ss:[esp+0xc],esi + * 013cdb09 894c24 18 mov dword ptr ss:[esp+0x18],ecx + * 013cdb0d 8a0c1a mov cl,byte ptr ds:[edx+ebx] jichi: here + * 013cdb10 894424 30 mov dword ptr ss:[esp+0x30],eax + * 013cdb14 8a441a 01 mov al,byte ptr ds:[edx+ebx+0x1] + * 013cdb18 57 push edi + * 013cdb19 897424 14 mov dword ptr ss:[esp+0x14],esi + * 013cdb1d 3935 c8709901 cmp dword ptr ds:[0x19970c8],esi + * + * The hooked place is only accessed once. + * 013cdb0d 8a0c1a mov cl,byte ptr ds:[edx+ebx] jichi: here + * ebx is the text to be base address. + * edx is the offset to skip character name. + * + * 023B66A0 81 79 89 C4 EA A3 2C 53 30 30 35 5F 42 5F 30 30 【夏偾,S005_B_00 + * 023B66B0 30 32 81 7A 81 75 83 6F 81 5B 83 65 83 62 83 4E 02】「バーッ�ク + * 023B66C0 83 58 82 CD 82 B1 82 C1 82 BF 82 CC 93 73 8D 87 スはこっちの都� * 023B66D0 82 C8 82 C7 82 A8 8D 5C 82 A2 82 C8 82 B5 81 63 などお構いなし… + * + * There are garbage in character name. + * + * 1/15/2015 + * Alternative hook that might not need a text filter: + * http://www.hongfire.com/forum/showthread.php/36807-AGTH-text-extraction-tool-for-games-translation/page753 + * /HA-4@552B5:姉小路直子と銀色の死�exe + * If this hook no longer works, try that one instead. + + * Artikash 12/26/2018: Old HorkEye hook can't be found in shukusei no girlfriend https://vndb.org/v22880 + * This function can be used instead. Hook code: /HS4@funcaddr +0022DD80 - 83 EC 44 - sub esp,44 { 68 } +0022DD83 - A1 3C704400 - mov eax,[0044703C] { [0000001C] } +0022DD88 - 8B 0D 34704400 - mov ecx,[00447034] { [00000014] } +0022DD8E - 03 C0 - add eax,eax +0022DD90 - 8B 54 24 48 - mov edx,[esp+48] +0022DD94 - 89 44 24 2C - mov [esp+2C],eax +0022DD98 - A1 C87E5500 - mov eax,[00557EC8] { [00000002] } +0022DD9D - 03 05 30704400 - add eax,[00447030] { [00000014] } +0022DDA3 - 89 44 24 18 - mov [esp+18],eax +0022DDA7 - A1 38704400 - mov eax,[00447038] { [00000008] } +0022DDAC - 03 C1 - add eax,ecx +0022DDAE - D1 F9 - sar ecx,1 +0022DDB0 - 53 - push ebx +0022DDB1 - 55 - push ebp +0022DDB2 - 56 - push esi +0022DDB3 - 8B 74 24 58 - mov esi,[esp+58] +0022DDB7 - 33 DB - xor ebx,ebx +0022DDB9 - 89 4C 24 48 - mov [esp+48],ecx +0022DDBD - 46 - inc esi +0022DDBE - 8B 0D 5CA28300 - mov ecx,[0083A25C] { [00000000] } +0022DDC4 - 57 - push edi +0022DDC5 - 8B 3D 887E5500 - mov edi,[00557E88] { [00000040] } +0022DDCB - 89 74 24 2C - mov [esp+2C],esi +0022DDCF - 89 44 24 34 - mov [esp+34],eax +0022DDD3 - 89 5C 24 18 - mov [esp+18],ebx +0022DDD7 - 8A 24 11 - mov ah,[ecx+edx] +0022DDDA - 8A 44 11 01 - mov al,[ecx+edx+01] +0022DDDE - 89 7C 24 20 - mov [esp+20],edi +0022DDE2 - 39 1D 60A28300 - cmp [0083A260],ebx { [00000000] } +0022DDE8 - 0F85 DD000000 - jne 0022DECB +0022DDEE - 80 FC 5B - cmp ah,5B { 91 } +0022DDF1 - 0F85 9C000000 - jne 0022DE93 +0022DDF7 - 8B C1 - mov eax,ecx +0022DDF9 - 3B C6 - cmp eax,esi +0022DDFB - 7D 10 - jnl 0022DE0D +0022DDFD - 0F1F 00 - nop [eax] +0022DE00 - 80 3C 10 5D - cmp byte ptr [eax+edx],5D { 93 } +0022DE04 - 74 79 - je 0022DE7F +0022DE06 - 40 - inc eax +0022DE07 - 3B 44 24 2C - cmp eax,[esp+2C] +0022DE0B - 7C F3 - jl 0022DE00 +0022DE0D - A1 BC7E5500 - mov eax,[00557EBC] { [00000001] } +0022DE12 - 85 C0 - test eax,eax +0022DE14 - 0F84 A7000000 - je 0022DEC1 +0022DE1A - BE 02000000 - mov esi,00000002 { 2 } +0022DE1F - 89 74 24 1C - mov [esp+1C],esi +0022DE23 - 89 35 68A28300 - mov [0083A268],esi { [00000000] } +0022DE29 - 83 F8 01 - cmp eax,01 { 1 } +0022DE2C - 0F85 A3000000 - jne 0022DED5 +0022DE32 - 83 3D C07E5500 00 - cmp dword ptr [00557EC0],00 { 0 } +0022DE39 - 8B 2D 506D5500 - mov ebp,[00556D50] { [00000028] } +0022DE3F - 75 2D - jne 0022DE6E +0022DE41 - 8B C7 - mov eax,edi +0022DE43 - 8D 8D 50855100 - lea ecx,[ebp+00518550] +0022DE49 - C1 E0 0A - shl eax,0A { 10 } +0022DE4C - 03 C8 - add ecx,eax +0022DE4E - 66 A1 58704400 - mov ax,[00447058] { [00004081] } +0022DE54 - 83 C5 02 - add ebp,02 { 2 } +0022DE57 - 89 2D 506D5500 - mov [00556D50],ebp { [00000028] } +0022DE5D - 66 89 01 - mov [ecx],ax +0022DE60 - A0 5A704400 - mov al,[0044705A] { [0] } +0022DE65 - 88 41 02 - mov [ecx+02],al +0022DE68 - 8B 0D 5CA28300 - mov ecx,[0083A25C] { [00000000] } +... +*/ +// Skip text between "," and "�, and remove [n] +// ex:【夏偾,S005_B_0002】「バーッ�ク +static bool HorkEyeFilter(LPVOID data, size_t *size, HookParam *) +{ + size_t len = *size; + char *str = reinterpret_cast(data), + *start, + *stop; + + // Remove text between , and ] + // FIXME: This does not work well because of the ascii encoding + if ((start = (char *)::memchr(str, ',', len)) && + (stop = cpp_strnstr(start, "\x81\x7a", len - (start - str))) && + (len -= stop - start)) // = u'�.encode('sjis') + ::memmove(start, stop, len - (start - str)); + + // Remove [n] + enum { skip_len = 3 }; // = length of "[n]" + while (len >= skip_len && + (start = cpp_strnstr(str, "[n]", len)) && + (len -= skip_len)) + ::memmove(start, start + skip_len, len - (start - str)); + + *size = len; + return true; +} +namespace{ + template + strT ltrim(strT text) + { + strT lastText = nullptr; + while (*text && text != lastText) { + lastText = text; + if (text[0] == 0x20) + text++; + if ((UINT8)text[0] == 0x81 && (UINT8)text[1] == 0x40) // skip space \u3000 (0x8140 in sjis) + text += 2; + if (text[0] == '\\') { + text++; + while (::islower(text[0]) || text[0] == '@') + text++; + } + } + while ((signed char)text[0] > 0 && text[0] != '[') // skip all leading ascii characters except "[" needed for ruby + text++; + return text; + } + template + bool hookBefore(hook_stack*s,void* data, size_t* len1,uintptr_t*role){ + auto str=(LPSTR)(s->stack[offset]);//stack-2:eax + int len=strlen(str);//s->ecx; + char *stop; + if ((stop = cpp_strnstr(str, "\x81\x7a", len )) && + (len -= (stop - str+2))){ + str=stop+2; + } // = u'�.encode('sjis') + auto old=std::string(str,len); + strcpy((char*)data,old.c_str());*len1=old.size(); + return true; + + } + template + void hookafter(hook_stack*s,void* data, size_t len1){ + + auto newData =std::string((char*)data,len1); + auto str=(LPSTR)(s->stack[offset]);//stack-2:eax + int len=strlen(str);//s->ecx; + int lensave=len; + char *stop; + if ( (stop = cpp_strnstr(str, "\x81\x7a", len )) && + (len -= (stop - str+2))){ + auto old=std::string(str,stop+2-str); + newData=old+newData; + } + for(int i=0;iecx=newData.size(); 修改ecx没用 + } +} +bool InsertHorkEyeHook() +{ + const BYTE bytes[] = { + 0x89,0x6c,0x24, 0x24, // 013cdb01 896c24 24 mov dword ptr ss:[esp+0x24],ebp + 0x89,0x74,0x24, 0x0c, // 013cdb05 897424 0c mov dword ptr ss:[esp+0xc],esi + 0x89,0x4c,0x24, 0x18, // 013cdb09 894c24 18 mov dword ptr ss:[esp+0x18],ecx + 0x8a,0x0c,0x1a // 013cdb0d 8a0c1a mov cl,byte ptr ds:[edx+ebx] jichi: here + }; + enum { addr_offset = sizeof(bytes) - 3 }; // 8a0c1a + ; + if (ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress)) { + HookParam hp; + hp.address = addr + addr_offset; + hp.offset=get_reg(regs::ebx); + hp.type = USING_STRING| NO_CONTEXT|FIXING_SPLIT|EMBED_ABLE|EMBED_DYNA_SJIS; + hp.hook_before=hookBefore<-4-1>; + hp.hook_after=hookafter<-4-1>; + hp.filter_fun = HorkEyeFilter; + hp.newlineseperator=L"[n]"; + ConsoleOutput("INSERT HorkEye"); + + return NewHook(hp, "HorkEye"); + } + + memcpy(spDefault.pattern, Array{ 0xcc, 0xcc, 0xcc, XX, 0xec }, spDefault.length = 5); + spDefault.offset = 3; + + const BYTE bytes2[] = + { + 0x83, 0xec, XX, // sub esp,?? + 0xa1, XX4, // mov eax,?? + 0x8b, 0x0d, XX4, // mov ecx,?? + 0x03, 0xc0 // add eax,eax + }; + + for (auto addr : Util::SearchMemory(bytes2, sizeof(bytes2),PAGE_EXECUTE_READWRITE,processStartAddress, processStopAddress)) + { + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.type = USING_STRING| EMBED_ABLE|EMBED_DYNA_SJIS; + hp.hook_before=hookBefore<1>; + hp.hook_after=hookafter<1>; + + return NewHook(hp, "HorkEye2"); + } + + ConsoleOutput("HorkEye: pattern not found"); + return false; + +} + +bool InsertHorkEye3Hook() +{ + const BYTE bytes2[] = + { + 0x55, + 0x8d,0xac,0x24,XX4, + 0x81,0xec,XX4, + 0x6a,0xff, + 0x68,XX4, + 0x64,0xa1,0x00,0x00,0x00,0x00, + 0x50, + 0x83,0xec,0x38, //必须是0x38,不能是XX,否则有重的。 + +//.text:0042E7F0 55 push ebp +//.text : 0042E7F1 8D AC 24 24 FF FF FF lea ebp,[esp - 0DCh] +//.text : 0042E7F8 81 EC DC 00 00 00 sub esp, 0DCh +//.text : 0042E7FE 6A FF push 0FFFFFFFFh +//.text : 0042E800 68 51 1E 5C 00 push offset SEH_42E7F0 +//.text : 0042E805 64 A1 00 00 00 00 mov eax, large fs : 0 +//.text : 0042E80B 50 push eax +//.text : 0042E80C 83 EC 38 sub esp, 38h +//.text : 0042E80F A1 24 D0 64 00 mov eax, ___security_cookie +//.text : 0042E814 33 C5 xor eax, ebp +//.text : 0042E816 89 85 D8 00 00 00 mov[ebp + 0DCh + var_4], eax + }; + + auto addr=MemDbg::findBytes(bytes2, sizeof(bytes2), processStartAddress, processStopAddress); + if (addr == 0)return false; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.type = USING_STRING| EMBED_ABLE|EMBED_DYNA_SJIS; + hp.hook_before=hookBefore<1>; + hp.hook_after=hookafter<1>; + + return NewHook(hp, "HorkEye3"); + +} + +bool InsertHorkEye4Hook() +{ + //辻堂さんのバージンロード + //辻堂さんの純愛ロード + const BYTE bytes2[] = + { + 0xf7,0xd8, + 0x1b,0xc0, + 0x83,0xc0,0x02 + }; + auto addr = MemDbg::findBytes(bytes2, sizeof(bytes2), processStartAddress, processStopAddress); + if (addr == 0)return false; + const BYTE bytebetter[] = { + 0x8b,XX,XX,XX, + 0xa1,XX4, + 0x83,0xc4,XX, + 0x8b,XX + }; + auto addr1 = MemDbg::findBytes(bytebetter, sizeof(bytebetter), addr - 0x100, addr); + if (addr1) + addr = addr1; + else + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (addr == 0)return false; + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::eax); + hp.type = USING_STRING| NO_CONTEXT|EMBED_ABLE|EMBED_DYNA_SJIS; + hp.hook_before=hookBefore<-1-1>; + hp.hook_after=hookafter<-1-1>; + + return NewHook(hp, "HorkEye4"); + +} + +bool InsertHorkEye6Hook() +{ + //みなとカーニバルFD + + const BYTE bytes2[] = + { + 0x83,0xc2,0x6c, + 0x52, + 0xe8 + }; + auto addr = MemDbg::findBytes(bytes2, sizeof(bytes2), processStartAddress, processStopAddress); + if (addr == 0)return false; + ConsoleOutput("hk6 %p", addr); + const BYTE start[] = { 0x6A ,0xFF }; + addr = reverseFindBytes(start, sizeof(start), addr - 0x1000, addr); + if (addr == 0)return false; + ConsoleOutput("hk6 %p", addr); + HookParam hp; + hp.address = addr; + hp.offset=get_stack(3); + hp.type = CODEC_ANSI_BE ; + ConsoleOutput("INSERT HorkEye6 %p", addr); + + return NewHook(hp, "HorkEye6"); + +} + +bool HorkEye::attach_function() { + bool b1=InsertHorkEyeHook(); + bool b2=InsertHorkEye3Hook(); + bool b3=InsertHorkEye4Hook(); + bool b4=InsertHorkEye6Hook(); + return b1||b2||b3||b4; +} \ No newline at end of file diff --git a/LunaHook/engine32/HorkEye.h b/LunaHook/engine32/HorkEye.h new file mode 100644 index 0000000..c1661e6 --- /dev/null +++ b/LunaHook/engine32/HorkEye.h @@ -0,0 +1,12 @@ +#include"engine.h" + +class HorkEye:public ENGINE{ + public: + HorkEye(){ + + check_by=CHECK_BY::RESOURCE_STR; + check_by_target=L"HorkEye"; + + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/IGScript.cpp b/LunaHook/engine32/IGScript.cpp new file mode 100644 index 0000000..48bd013 --- /dev/null +++ b/LunaHook/engine32/IGScript.cpp @@ -0,0 +1,172 @@ +#include"IGScript.h" +namespace{ + bool LucaSystemFilter1(LPVOID data, size_t *size, HookParam *) + { + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + StringFilter(text, len, "\x81\x94", 2); + //秋&冬 官中 + StringReplacer(text, len, "\x82\xa1", 2,"\xa3\xac",2);//, + StringReplacer(text, len, "\x82\xa3", 2,"\xa1\xa3",2);//。 + StringReplacer(text, len, "\x82\xa5", 2,"\xa1\xa2",2);//、 + StringReplacer(text, len, "\x83\x48", 2,"\xa1\xb1",2);//” + StringReplacer(text, len, "\x83\x44", 2,"\xa3\xbf",2);//? + StringReplacer(text, len, "\x83\x42", 2,"\xa3\xa1",2);//! + StringReplacer(text, len, "\x82\xa7", 2,"\xa1\xb9",2);//」 + StringReplacer(text, len, "\x82\xc1", 2,"\xa1\xb7",2);//》 + StringReplacer(text, len, "\x83\x46", 2,"\xa1\xaf",2);//’ + + return true; + } + template + void SpecialHookigi(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len){ + DWORD Src = stack->stack[arg]; + DWORD Size = stack->stack[arg+1]; + if(strlen((char*)Src)<=2)return; + if(strlen((char*)Src)>=Size)return; + if(strlen((char*)Src); + hp.type=NO_CONTEXT; + //hp.filter_fun=LucaSystemFilter1; + bool succ=NewHook(hp, "IGScript"); + + if(insertgbk){ + hp.address +=5; + hp.text_fun=SpecialHookigi<5>; + //仅官中适用这个过滤器。日语原版不需要过滤 + hp.filter_fun=LucaSystemFilter1; + succ|=NewHook(hp, "IGScript_1"); + } + return succ; + +} +namespace{ + bool LucaSystemFilter(LPVOID data, size_t *size, HookParam *) +{ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + + if ( text[0] == '\x81' && text[1] == '\x94') + return false; + + StringCharReplacer(text, len, "\x81\x90", 2, ' '); // new line + //replacement from Flowers 4 config.json + CharReplacer(text, len, '\xA5', ' '); + CharReplacer(text, len, '\xA2', '<'); + CharReplacer(text, len, '\xA3', '>'); + CharReplacer(text, len, '\xA1', '\"'); + CharReplacer(text, len, '\xA4', '\''); + CharReplacer(text, len, '\xA7', 'à'); + CharReplacer(text, len, '\xA8', 'è'); + CharReplacer(text, len, '\xA9', 'é'); + CharReplacer(text, len, '\xAA', 'ë'); + CharReplacer(text, len, '\xAB', 'ō'); + CharReplacer(text, len, '\xB0', '-'); + CharReplacer(text, len, '\xBB', ' '); + + while(cpp_strnstr(text, " ", *len)) // Erasing all but one whitespace from strings + StringCharReplacer(text, len, " ", 2, ' '); + + if (text[0] == ' ') + ::memmove(text, text + 1, --*len); + + return true; +} + +bool InsertLucaSystemHook() { + + /* + * Sample games: + * https://vndb.org/v15395 + * https://vndb.org/v14267 + * https://vndb.org/v18152 + * https://vndb.org/r82704 + */ + const BYTE bytes[] = { + 0xCC, // int 3 + 0xE9, XX4, // jmp d3d9.dll+1E420 + 0x56, // push esi + 0x57, // push edi + 0x8B, 0x7C, 0x24, 0x20, // mov edi,[esp+20] + 0x8B, 0xD8, // mov ebx,eax + 0x8B, 0x07 // mov eax,[edi] + }; + const BYTE bytes2[] = { + 0xCC, // int 3 + 0x83, 0xEC, 0x0C, // sub esp,0C <- hook here + 0x53, // push ebx + 0x55, // push ebp + 0x56 // push esi + }; + + HMODULE module = GetModuleHandleW(L"Script.dll"); + auto [minAddress, maxAddress] = Util::QueryModuleLimits(module); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), minAddress, maxAddress); + if (!addr) { + addr = MemDbg::findBytes(bytes2, sizeof(bytes2), minAddress, maxAddress); + if (!addr) { + ConsoleOutput("LucaSystem: pattern not found"); + return false; + } + } + + HookParam hp; + hp.address = addr + 1; + hp.offset =get_stack(1); + hp.padding = 0x04; + hp.type = USING_STRING; + hp.filter_fun = LucaSystemFilter; + + + return NewHook(hp, "LucaSystem"); +} +} +bool IGScript::attach_function() { + + auto b1= IGScript1attach_function(); + b1=InsertLucaSystemHook()||b1; + return b1; + +} \ No newline at end of file diff --git a/LunaHook/engine32/IGScript.h b/LunaHook/engine32/IGScript.h new file mode 100644 index 0000000..226735d --- /dev/null +++ b/LunaHook/engine32/IGScript.h @@ -0,0 +1,14 @@ +#include"engine.h" + +class IGScript:public ENGINE{ + public: + IGScript(){ + + check_by=CHECK_BY::CUSTOM; + check_by_target=[](){ + return GetModuleHandle(L"Script.dll")&&Util::CheckFile(L"*.iga"); + }; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Interheart.cpp b/LunaHook/engine32/Interheart.cpp new file mode 100644 index 0000000..1895d06 --- /dev/null +++ b/LunaHook/engine32/Interheart.cpp @@ -0,0 +1,32 @@ +#include"Interheart.h" + +bool Interheart::attach_function() { + //人妻スイミング倶楽部 + //https://vndb.org/v18049 + const BYTE bytes[] = { + 0x50, + 0x8d,0x4d,XX, + //here + 0xe8,XX4, + 0x68,XX4, // push offset asc_956B20 ; "$L" + 0x8d,0x4d,XX, + 0xe8 + }; + bool ok=false; + for (auto addr : Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE, processStartAddress, processStopAddress)) { + auto asc_956B20_addr_addr=addr+1+3+5+1; + auto asc_956B20_addr=*(int*)asc_956B20_addr_addr; + char* asc_956B20=(char*)asc_956B20_addr; + if(asc_956B20[0]=='$' && asc_956B20[1]=='L'){ + HookParam hp; + hp.address = addr+1+3; + hp.offset=get_reg(regs::edx); + hp.type = USING_STRING|NO_CONTEXT; + ok|=NewHook(hp, "Interheart"); + } + + } + + + return ok; +} \ No newline at end of file diff --git a/LunaHook/engine32/Interheart.h b/LunaHook/engine32/Interheart.h new file mode 100644 index 0000000..fa43a6f --- /dev/null +++ b/LunaHook/engine32/Interheart.h @@ -0,0 +1,12 @@ +#include"engine.h" + +class Interheart:public ENGINE{ + public: + Interheart(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"Pack\\*.fpk"; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Interlude.cpp b/LunaHook/engine32/Interlude.cpp new file mode 100644 index 0000000..7544cd3 --- /dev/null +++ b/LunaHook/engine32/Interlude.cpp @@ -0,0 +1,26 @@ +#include"Interlude.h" + + +bool Interlude::attach_function() { + //インタールード + //https://vndb.org/v3195 + + const BYTE bytes[] = { + 0x83,0xEC,0x10, + 0x8B,0x44,0x24,0x24, + 0x3D,0x20,0x80,0x00,0x00, + 0xC7,0x04,0x24,0xE0,0xE0,0xE0,0x00, + 0xC7,0x44,0x24,0x04,0xE0,0xE0,0xE0,0x20, + 0xC7,0x44,0x24,0x08,0xE0,0xE0,0xE0,0x40, + 0xC7,0x44,0x24,0x0C,0xE0,0xE0,0xE0,0x80, + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + + if (addr == 0)return false; + HookParam hp; + hp.address = addr ; + hp.offset=get_stack(5); + hp.type = CODEC_ANSI_BE ; + + return NewHook(hp, "Interlude"); +} \ No newline at end of file diff --git a/LunaHook/engine32/Interlude.h b/LunaHook/engine32/Interlude.h new file mode 100644 index 0000000..3045156 --- /dev/null +++ b/LunaHook/engine32/Interlude.h @@ -0,0 +1,12 @@ +#include"engine.h" + +class Interlude:public ENGINE{ + public: + Interlude(){ + + check_by=CHECK_BY::FILE_ALL; + check_by_target=check_by_list{L"script.pak",L"system.pak",L"title.pak"}; + is_engine_certain=false; + }; + bool attach_function(); +}; diff --git a/LunaHook/engine32/IronGameSystem.cpp b/LunaHook/engine32/IronGameSystem.cpp new file mode 100644 index 0000000..87cabd2 --- /dev/null +++ b/LunaHook/engine32/IronGameSystem.cpp @@ -0,0 +1,41 @@ +#include"IronGameSystem.h" + + +bool InsertIGSDynamicHook(LPVOID addr, uintptr_t frame, uintptr_t stack) +{ + if (addr != GetGlyphOutlineW) + return false; + DWORD i; + i = *(DWORD *)frame; + i = *(DWORD *)(i+4); + //if (SafeFillRange(L"mscorlib.ni.dll", &j, &k)) { // Artikash 6/30/2018: Dunno why addresses are needed + while (*(BYTE *)i != 0xe8) + i++; + DWORD t = *(DWORD *)(i + 1) + i + 5; + //if (t>j && t(data), size, "\\n", 2, '\n'); + StringCharReplacer(reinterpret_cast(data), size, "\\N", 2, '\n'); + auto str=std::string(reinterpret_cast(data),*size); + str = std::regex_replace(str, std::regex("\\\\[0-7a-zA-Z]"), ""); + + *size = str.size() ; + strcpy(reinterpret_cast(data), str.c_str()); + return true; + }; + + return NewHook(hp, "Jellyfish"); +} +bool Jellyfish::attach_function(){ + return Jellyfish_attach_function(); +} \ No newline at end of file diff --git a/LunaHook/engine32/Jellyfish.h b/LunaHook/engine32/Jellyfish.h new file mode 100644 index 0000000..b134e9a --- /dev/null +++ b/LunaHook/engine32/Jellyfish.h @@ -0,0 +1,12 @@ +#include"engine.h" + +class Jellyfish:public ENGINE{ + public: + Jellyfish(){ + + check_by=CHECK_BY::FILE_ALL; + check_by_target=check_by_list{L"ism.dll",L"data.isa"}; + }; + bool attach_function(); +}; + \ No newline at end of file diff --git a/LunaHook/engine32/Jisatu101.cpp b/LunaHook/engine32/Jisatu101.cpp new file mode 100644 index 0000000..7b74af5 --- /dev/null +++ b/LunaHook/engine32/Jisatu101.cpp @@ -0,0 +1,27 @@ +#include"Jisatu101.h" + + +bool Jisatu101::attach_function() { + const BYTE bytes[] = { + //ジサツのための101の方法 + //https://vndb.org/v6475 + 0x8b,0x44,0x24,0x10, + 0x66,0x0f,0xb6,0x08, + 0x66,0x0f,0xb6,0x50,0x01, + + 0xC1 ,0xE1 ,0x08 , + 0x03 ,0xCA, + 0x66 ,0x81 ,0xF9 ,0x0A ,0x0D , + 0x74 + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (addr == 0)return false; + addr = MemDbg::findEnclosingAlignedFunction(addr,0x100); + if (addr == 0)return false; + HookParam hp; + hp.address = addr; + hp.offset = get_stack(4); + hp.type = DATA_INDIRECT; + hp.index = 0; + return NewHook(hp, "Jisatu101"); +} \ No newline at end of file diff --git a/LunaHook/engine32/Jisatu101.h b/LunaHook/engine32/Jisatu101.h new file mode 100644 index 0000000..5c0afcb --- /dev/null +++ b/LunaHook/engine32/Jisatu101.h @@ -0,0 +1,12 @@ +#include"engine.h" + +class Jisatu101:public ENGINE{ + public: + Jisatu101(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"101.exe"; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/KISS.cpp b/LunaHook/engine32/KISS.cpp new file mode 100644 index 0000000..aa0ca39 --- /dev/null +++ b/LunaHook/engine32/KISS.cpp @@ -0,0 +1,38 @@ +#include"KISS.h" + +bool InsertKissHook() { + + /* + * Sample games: + * https://vndb.org/v1767 + */ + const BYTE bytes[] = { + 0xC1, 0xE9, 0x02, // shr ecx,02 <- hook here + 0xF3, 0xA5, // repe movsd + 0x8B, 0xCA, // mov ecx,edx + 0x55, // push ebp + 0x83, 0xE1, 0x03, // and ecx,03 + 0xF3, 0xA4, // repe movsb + 0x8D, 0x4C, 0x24, 0x18, // lea ecx,[esp+18] + 0xE8, XX4, // call kano.exe+6310 + 0x8B, 0x0D, XX4 // mov ecx,[kano.exe+211F8C] + }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + ConsoleOutput("Kiss: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::esi); + hp.type = USING_STRING | NO_CONTEXT|EMBED_DYNA_SJIS|EMBED_ABLE|EMBED_AFTER_NEW|EMBED_BEFORE_SIMPLE; + hp.hook_font=F_GetTextExtentPoint32A|F_ExtTextOutA; + ConsoleOutput("INSERT Kiss"); + return NewHook(hp, "Kiss"); +} +bool KISS::attach_function() { + return InsertKissHook(); +} \ No newline at end of file diff --git a/LunaHook/engine32/KISS.h b/LunaHook/engine32/KISS.h new file mode 100644 index 0000000..6bb2808 --- /dev/null +++ b/LunaHook/engine32/KISS.h @@ -0,0 +1,12 @@ +#include"engine.h" + +class KISS:public ENGINE{ + public: + KISS(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"GameData\\script.ysb"; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/KiriKiri.cpp b/LunaHook/engine32/KiriKiri.cpp new file mode 100644 index 0000000..a8c0f31 --- /dev/null +++ b/LunaHook/engine32/KiriKiri.cpp @@ -0,0 +1,1567 @@ +#include"KiriKiri.h" + +/******************************************************************************************** +KiriKiri hook: + Usually there are xp3 files in the game folder but also exceptions. + Find TVP(KIRIKIRI) in the version description is a much more precise way. + + KiriKiri1 correspond to AGTH KiriKiri hook, but this doesn't always work well. + Find call to GetGlyphOutlineW and go to function header. EAX will point to a + structure contains character (at 0x14, [EAX+0x14]) we want. To split names into + different threads AGTH uses [EAX], seems that this value stands for font size. + Since KiriKiri is compiled by BCC and BCC fastcall uses EAX to pass the first + parameter. Here we choose EAX is reasonable. + KiriKiri2 is a redundant hook to catch text when 1 doesn't work. When this happens, + usually there is a single GetTextExtentPoint32W contains irregular repetitions which + is out of the scope of KS or KF. This time we find a point and split them into clean + text threads. First find call to GetTextExtentPoint32W and step out of this function. + Usually there is a small loop. It is this small loop messed up the text. We can find + one ADD EBX,2 in this loop. It's clear that EBX is a string pointer goes through the + string. After the loop EBX will point to the end of the string. So EBX-2 is the last + char and we insert hook here to extract it. +********************************************************************************************/ +#if 0 // jichi 11/12/2013: not used +static void SpecialHookKiriKiri(hook_stack* stack, HookParam *, uintptr_t *data, uintptr_t *split, size_t*len) +{ + DWORD p1 = *(DWORD *)(esp_base - 0x14), + p2 = *(DWORD *)(esp_base - 0x18); + if ((p1>>16) == (p2>>16)) { + if (DWORD p3 = *(DWORD *)p1) { + p3 += 8; + for (p2 = p3 + 2; *(WORD *)p2; p2 += 2); + *len = p2 - p3; + *data = p3; + p1 = *(DWORD *)(esp_base - 0x20); + p1 = *(DWORD *)(p1 + 0x74); + *split = p1 | *(DWORD *)(esp_base + 0x48); + } else + *len = 0; + } else + *len=0; +} +#endif // 0 + +bool FindKiriKiriHook(DWORD fun, DWORD size, DWORD pt, DWORD flag) // jichi 10/20/2014: change return value to bool +{ + enum : DWORD { + // jichi 10/20/2014: mov ebp,esp, sub esp,* + kirikiri1_sig = 0xec8b55, + + // jichi 10/20/2014: + // 00e01542 53 push ebx + // 00e01543 56 push esi + // 00e01544 57 push edi + kirikiri2_sig = 0x575653 + }; + enum : DWORD { StartAddress = 0x1000 }; + enum : DWORD { StartRange = 0x6000, StopRange = 0x8000 }; // jichi 10/20/2014: ITH original pattern range + + // jichi 10/20/2014: The KiriKiri patterns exist in multiple places of the game. + //enum : DWORD { StartRange = 0x8000, StopRange = 0x9000 }; // jichi 10/20/2014: change to a different range + + //WCHAR str[0x40]; + DWORD sig = flag ? kirikiri2_sig : kirikiri1_sig; + DWORD t = 0; + for (DWORD i = StartAddress; i < size - 4; i++) + if (*(WORD *)(pt + i) == 0x15ff) { // jichi 10/20/2014: call dword ptr ds + DWORD addr = *(DWORD *)(pt + i + 2); + + // jichi 10/20/2014: There are multiple function calls. The flag+1 one is selected. + // i.e. KiriKiri1: The first call to GetGlyphOutlineW is selected + // KiriKiri2: The second call to GetTextExtentPoint32W is selected + if (addr >= pt && addr <= pt + size - 4 + && *(DWORD *)addr == fun) + t++; + if (t == flag + 1) // We find call to GetGlyphOutlineW or GetTextExtentPoint32W. + //swprintf(str, L"CALL addr:0x%.8X",i+pt); + //ConsoleOutput(str); + for (DWORD j = i; j > i - StartAddress; j--) + if (((*(DWORD *)(pt + j)) & 0xffffff) == sig) { + if (flag) { // We find the function entry. flag indicate 2 hooks. + t = 0; // KiriKiri2, we need to find call to this function. + for (DWORD k = j + StartRange; k < j + StopRange; k++) // Empirical range. + if (*(BYTE *)(pt + k) == 0xe8) { + if (k + 5 + *(DWORD *)(pt + k + 1) == j) + t++; + if (t == 2) { + //for (k+=pt+0x14; *(WORD*)(k)!=0xC483;k++); + //swprintf(str, L"Hook addr: 0x%.8X",pt+k); + //ConsoleOutput(str); + HookParam hp; + hp.address = pt + k + 0x14; + hp.offset=get_reg(regs::ebx); + hp.index = -0x2; + hp.split = get_reg(regs::ecx); + hp.type = CODEC_UTF16|NO_CONTEXT|USING_SPLIT|DATA_INDIRECT; + ConsoleOutput("INSERT KiriKiri2"); + + return NewHook(hp, "KiriKiri2"); + } + } + } else { + //swprintf(str, L"Hook addr: 0x%.8X",pt+j); + //ConsoleOutput(str); + HookParam hp; + hp.address = (DWORD)pt + j; + hp.offset=get_reg(regs::eax); + hp.index = 0x14; + hp.split = get_reg(regs::eax); + hp.type = CODEC_UTF16|DATA_INDIRECT|USING_SPLIT|SPLIT_INDIRECT; + ConsoleOutput("INSERT KiriKiri1"); + + return NewHook(hp, "KiriKiri1"); + } + return false; + } + //ConsoleOutput("KiriKiri: FAILED to find function entry"); + } + if (flag) + ConsoleOutput("KiriKiri2: failed"); + else + ConsoleOutput("KiriKiri1: failed"); + return false; +} + +bool InsertKiriKiriHook() // 9/20/2014 jichi: change return type to bool +{ + bool k1 = FindKiriKiriHook((DWORD)GetGlyphOutlineW, processStopAddress - processStartAddress, processStartAddress, 0), // KiriKiri1 + k2 = FindKiriKiriHook((DWORD)GetTextExtentPoint32W, processStopAddress - processStartAddress, processStartAddress, 1); // KiriKiri2 + //RegisterEngineType(ENGINE_KIRIKIRI); + if (k1 && k2) { + ConsoleOutput("KiriKiri1: disable GDI hooks"); + + } + return k1 || k2; +} + +/** 10/20/2014 jichi: KAGParser + * Sample game: [141128] Venus Blood -HYPNO- ヴィーナスブラッ�・ヒュプノ 体験版 + * + * drawText and drawGlyph seem to be the right function to look at. + * However, the latest source code does not match VenusBlood. + * + * Debug method: + * Pre-compute: hexstr 視界のきかな�utf16, got: 96894c756e304d304b306a304430 + * Use ollydbg to insert hardware break point before the scene is entered. + * It found several places either in game or KAGParser, and the last one is as follows. + * It tries to find "[" (0x5b) in the memory. + * + * 1. It cannot find character name. + * 2. It will extract [r]. + * + * 6e562270 75 0a jnz short kagparse.6e56227c + * 6e562272 c705 00000000 00>mov dword ptr ds:[0],0x0 + * 6e56227c ffb424 24010000 push dword ptr ss:[esp+0x124] + * 6e562283 ff9424 24010000 call dword ptr ss:[esp+0x124] + * 6e56228a 8b8c24 20010000 mov ecx,dword ptr ss:[esp+0x120] + * 6e562291 890d 14ed576e mov dword ptr ds:[0x6e57ed14],ecx + * 6e562297 68 3090576e push kagparse.6e579030 ; unicode "[r]" + * 6e56229c 8d46 74 lea eax,dword ptr ds:[esi+0x74] + * 6e56229f 50 push eax + * 6e5622a0 ffd1 call ecx + * 6e5622a2 8b4e 50 mov ecx,dword ptr ds:[esi+0x50] + * 6e5622a5 8b46 54 mov eax,dword ptr ds:[esi+0x54] + * 6e5622a8 66:833c48 5b cmp word ptr ds:[eax+ecx*2],0x5b ; jichi: hook here + * 6e5622ad 75 06 jnz short kagparse.6e5622b5 + * 6e5622af 8d41 01 lea eax,dword ptr ds:[ecx+0x1] + * 6e5622b2 8946 50 mov dword ptr ds:[esi+0x50],eax + * 6e5622b5 ff46 50 inc dword ptr ds:[esi+0x50] + * 6e5622b8 ^e9 aebcffff jmp kagparse.6e55df6b + * 6e5622bd 8d8c24 88030000 lea ecx,dword ptr ss:[esp+0x388] + * 6e5622c4 e8 b707ffff call kagparse.6e552a80 + * 6e5622c9 84c0 test al,al + * 6e5622cb 75 0f jnz short kagparse.6e5622dc + * 6e5622cd 8d8424 88030000 lea eax,dword ptr ss:[esp+0x388] + * 6e5622d4 50 push eax + * 6e5622d5 8bce mov ecx,esi + * 6e5622d7 e8 149bffff call kagparse.6e55bdf0 + * 6e5622dc 8d8c24 80030000 lea ecx,dword ptr ss:[esp+0x380] + * 6e5622e3 e8 9807ffff call kagparse.6e552a80 + * 6e5622e8 84c0 test al,al + * 6e5622ea 75 0f jnz short kagparse.6e5622fb + * 6e5622ec 8d8424 80030000 lea eax,dword ptr ss:[esp+0x380] + * 6e5622f3 50 push eax + * 6e5622f4 8bce mov ecx,esi + * 6e5622f6 e8 35a0ffff call kagparse.6e55c330 + * 6e5622fb 8d8c24 c0030000 lea ecx,dword ptr ss:[esp+0x3c0] + * 6e562302 c68424 c0040000 >mov byte ptr ss:[esp+0x4c0],0x3c + * 6e56230a e8 81edfeff call kagparse.6e551090 + * 6e56230f 8d8c24 80030000 lea ecx,dword ptr ss:[esp+0x380] + * 6e562316 c68424 c0040000 >mov byte ptr ss:[esp+0x4c0],0x3b + * 6e56231e e8 8deefeff call kagparse.6e5511b0 + * 6e562323 8d8c24 88030000 lea ecx,dword ptr ss:[esp+0x388] + * 6e56232a e9 d7000000 jmp kagparse.6e562406 + * 6e56232f 66:837c24 20 00 cmp word ptr ss:[esp+0x20],0x0 + * 6e562335 75 10 jnz short kagparse.6e562347 + * 6e562337 ff46 4c inc dword ptr ds:[esi+0x4c] + * 6e56233a c746 50 00000000 mov dword ptr ds:[esi+0x50],0x0 + * 6e562341 c646 5c 00 mov byte ptr ds:[esi+0x5c],0x0 + * + * Runtime regisers: + * EAX 09C1A626 text address + * ECX 00000000 0 or other offset + * EDX 025F1368 this value seems does not change. it is always pointed to 0 + * EBX 0000300C + * ESP 0029EB7C + * EBP 0029F044 + * ESI 04EE4150 + * EDI 0029F020 + * + * とな�KAGParserEx.dll + * 10013948 68 14830210 push _3.10028314 ; UNICODE "[r]" + * 1001394d 83c2 7c add edx,0x7c + * 10013950 52 push edx + * 10013951 ffd0 call eax + * 10013953 8b75 08 mov esi,dword ptr ss:[ebp+0x8] + * 10013956 eb 02 jmp short _3.1001395a + * 10013958 8bf2 mov esi,edx + * 1001395a 8b46 58 mov eax,dword ptr ds:[esi+0x58] + * 1001395d 8b4e 5c mov ecx,dword ptr ds:[esi+0x5c] + * 10013960 66:833c41 5b cmp word ptr ds:[ecx+eax*2],0x5b ; jichi: hook here + * 10013965 75 06 jnz short _3.1001396d + * 10013967 83c0 01 add eax,0x1 + * 1001396a 8946 58 mov dword ptr ds:[esi+0x58],eax + * 1001396d 8346 58 01 add dword ptr ds:[esi+0x58],0x1 + * 10013971 807e 7a 00 cmp byte ptr ds:[esi+0x7a],0x0 + * 10013975 ^0f85 b5a7ffff jnz _3.1000e130 + * 1001397b 8b45 08 mov eax,dword ptr ss:[ebp+0x8] + * 1001397e 83b8 90000000 ff cmp dword ptr ds:[eax+0x90],-0x1 + * 10013985 0f84 68040000 je _3.10013df3 + * 1001398b 8bd8 mov ebx,eax + * 1001398d ^e9 a1a7ffff jmp _3.1000e133 + * 10013992 8d7c24 78 lea edi,dword ptr ss:[esp+0x78] + * 10013996 8d7424 54 lea esi,dword ptr ss:[esp+0x54] + * 1001399a e8 e16fffff call _3.1000a980 + */ + +#if 0 // not used, as KiriKiriZ is sufficient, and most KiriKiriZ games use KAGParserEx instead of KAGParser. +namespace { // unnamed + +bool KAGParserFilter(LPVOID data, size_t *size, HookParam *) +{ + StringFilter(reinterpret_cast(data), reinterpret_cast(size), L"[r]", 3); + return true; +} + +void SpecialHookKAGParser(hook_stack* stack, HookParam *, uintptr_t *data, uintptr_t *split, size_t*len) +{ + // 6e5622a8 66:833c48 5b cmp word ptr ds:[eax+ecx*2],0x5b + DWORD eax = regof(eax, esp_base), + ecx = regof(ecx, esp_base); + if (eax && !ecx) { // skip string when ecx is not zero + *data = eax; + *len = ::wcslen((LPCWSTR)eax) * 2; // 2 == sizeof(wchar_t) + *split = FIXED_SPLIT_VALUE; // merge all threads + } +} + +void SpecialHookKAGParserEx(hook_stack* stack, HookParam *, uintptr_t *data, uintptr_t *split, size_t*len) +{ + // 10013960 66:833c41 5b cmp word ptr ds:[ecx+eax*2],0x5b + DWORD eax = regof(eax, esp_base), + ecx = regof(ecx, esp_base); + if (ecx && !eax) { // skip string when ecx is not zero + *data = ecx; + *len = ::wcslen((LPCWSTR)ecx) * 2; // 2 == sizeof(wchar_t) + *split = FIXED_SPLIT_VALUE; // merge all threads + } +} +} // unnamed namespace +bool InsertKAGParserHook() +{ + ULONG processStartAddress, processStopAddress; + if (!NtInspect::getModuleMemoryRange(L"KAGParser.dll", &startAddress, &stopAddress)) { + ConsoleOutput("KAGParser: failed to get memory range"); + return false; + } + const wchar_t *patternString = L"[r]"; + const size_t patternStringSize = ::wcslen(patternString) * 2; + ULONG addr = MemDbg::findBytes(patternString, patternStringSize, processStartAddress, processStopAddress); + if (!addr) { + ConsoleOutput("KAGParser: [r] global string not found"); + return false; + } + // Find where it is used as function parameter + addr = MemDbg::findPushAddress(addr, processStartAddress, processStopAddress); + if (!addr) { + ConsoleOutput("KAGParser: push address not found"); + return false; + } + + const BYTE ins[] = { + 0x66,0x83,0x3c,0x48, 0x5b // 6e5622a8 66:833c48 5b cmp word ptr ds:[eax+ecx*2],0x5b ; jichi: hook here + }; + enum { range = 0x20 }; // 0x6e5622a8 - 0x6e562297 = 17 + addr = MemDbg::findBytes(ins, sizeof(ins), addr, addr + range); + if (!addr) { + ConsoleOutput("KAGParser: instruction pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.text_fun = SpecialHookKAGParser; + hp.filter_fun = KAGParserFilter; + hp.type = CODEC_UTF16|FIXING_SPLIT|NO_CONTEXT; // Fix the split value to merge all threads + ConsoleOutput("INSERT KAGParser"); + + return NewHook(hp, "KAGParser"); +} +bool InsertKAGParserExHook() +{ + ULONG processStartAddress, processStopAddress; + if (!NtInspect::getModuleMemoryRange(L"KAGParserEx.dll", &startAddress, &stopAddress)) { + ConsoleOutput("KAGParserEx: failed to get memory range"); + return false; + } + const wchar_t *patternString = L"[r]"; + const size_t patternStringSize = ::wcslen(patternString) * 2; + ULONG addr = MemDbg::findBytes(patternString, patternStringSize, processStartAddress, processStopAddress); + if (!addr) { + ConsoleOutput("KAGParserEx: [r] global string not found"); + return false; + } + // Find where it is used as function parameter + addr = MemDbg::findPushAddress(addr, processStartAddress, processStopAddress); + if (!addr) { + ConsoleOutput("KAGParserEx: push address not found"); + return false; + } + + const BYTE ins[] = { + 0x66,0x83,0x3c,0x41, 0x5b // 10013960 66:833c41 5b cmp word ptr ds:[ecx+eax*2],0x5b ; jichi: hook here + }; + enum { range = 0x20 }; // 0x10013960 - 0x10013948 = 24 + addr = MemDbg::findBytes(ins, sizeof(ins), addr, addr + range); + if (!addr) { + ConsoleOutput("KAGParserEx: instruction pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.text_fun = SpecialHookKAGParserEx; + hp.filter_fun = KAGParserFilter; + hp.type = CODEC_UTF16|FIXING_SPLIT|NO_CONTEXT; // Fix the split value to merge all threads + ConsoleOutput("INSERT KAGParserEx"); + + return NewHook(hp, "KAGParserEx"); +} +#endif // 0 + +/** 10/24/2014 jichi: New KiriKiri hook + * Sample game: [141128] Venus Blood -HYPNO- ヴィーナスブラッ�・ヒュプノ 体験版 + * + * This engine will hook to the caller of caller of the first GetGlyphOutlineW (totally three). + * The logic is quite similar to KiriKiri1 except it backtrack twice to get the function call. + * + * 1/31/2015: If the game no longer invoke GDI functions by default, one way to find the hook + * is to click the フォン�in the menu to force triggering GetGlyphOutlineW function. + * + * KiriKiriZ: + * https://github.com/krkrz/krkrz + * http://krkrz.github.io + * + * KiriKiri API: http://devdoc.kikyou.info/tvp/docs/kr2doc/contents/f_Layer.html + * + * See: krkrz/src/core/visual/LayerIntf.cpp + * API: http://devdoc.kikyou.info/tvp/docs/kr2doc/contents/f_Layer_drawText.html + * + * Debug method: + * Backtrack from GetGlyphOutlineW, and find the first function that is invoked more + * times than (cached) GetGlyphOutlineW. + * + * - Find function calls to GetGlyphOutlineW (totally three) + * + * - Find the caller of the first GetGlyphOutlineW + * Using MemDbg::findCallerAddressAfterInt3() + * + * - Find the caller of the above caller + * Since the function address is dynamic, the function is found using KiriKiriZHook + * + * 00377c44 8b01 mov eax,dword ptr ds:[ecx] + * 00377c46 ff75 10 push dword ptr ss:[ebp+0x10] + * 00377c49 ff75 0c push dword ptr ss:[ebp+0xc] + * 00377c4c 53 push ebx + * 00377c4d ff50 1c call dword ptr ds:[eax+0x1c] ; jichi: called here + * 00377c50 8bf0 mov esi,eax + * 00377c52 8975 e4 mov dword ptr ss:[ebp-0x1c],esi + * 00377c55 ff46 04 inc dword ptr ds:[esi+0x4] + * 00377c58 c745 fc 04000000 mov dword ptr ss:[ebp-0x4],0x4 + * + * Then, the UTF8 two-byte character is at [ecx]+0x14 + * 0017E950 16 00 00 00 00 02 00 00 00 00 00 00 98 D2 76 02 + * 0017E960 E0 8E 90 D9 42 7D 00 00 00 02 00 00 01 00 00 00 + * up: text here + * 0017E970 01 00 01 FF 00 00 00 00 00 00 00 00 C8 + * + * 1/30/2015: + * The hooked function in Venus Blood -HYPNO- is as follows. + * Since サノバウィッ� (150226), KiriKiriZ no longer invokes GetGlyphOutlineW. + * Try to extract instruction patterns from the following function instead. + * + * 011a7a3c cc int3 + * 011a7a3d cc int3 + * 011a7a3e cc int3 + * 011a7a3f cc int3 + * 011a7a40 55 push ebp + * 011a7a41 8bec mov ebp,esp + * 011a7a43 6a ff push -0x1 + * 011a7a45 68 dbaa3101 push .0131aadb + * 011a7a4a 64:a1 00000000 mov eax,dword ptr fs:[0] + * 011a7a50 50 push eax + * 011a7a51 83ec 14 sub esp,0x14 + * 011a7a54 53 push ebx + * 011a7a55 56 push esi + * 011a7a56 57 push edi + * 011a7a57 a1 00593d01 mov eax,dword ptr ds:[0x13d5900] + * 011a7a5c 33c5 xor eax,ebp + * 011a7a5e 50 push eax + * 011a7a5f 8d45 f4 lea eax,dword ptr ss:[ebp-0xc] + * 011a7a62 64:a3 00000000 mov dword ptr fs:[0],eax + * 011a7a68 8965 f0 mov dword ptr ss:[ebp-0x10],esp + * 011a7a6b 8bd9 mov ebx,ecx + * 011a7a6d 803d 00113e01 00 cmp byte ptr ds:[0x13e1100],0x0 + * 011a7a74 75 17 jnz short .011a7a8d + * 011a7a76 c745 e8 1cb83d01 mov dword ptr ss:[ebp-0x18],.013db81c + * 011a7a7d 8d45 e8 lea eax,dword ptr ss:[ebp-0x18] + * 011a7a80 50 push eax + * 011a7a81 e8 4ae2f0ff call .010b5cd0 + * 011a7a86 c605 00113e01 01 mov byte ptr ds:[0x13e1100],0x1 + * 011a7a8d 33c9 xor ecx,ecx + * 011a7a8f 384b 21 cmp byte ptr ds:[ebx+0x21],cl + * 011a7a92 0f95c1 setne cl + * 011a7a95 33c0 xor eax,eax + * 011a7a97 3843 20 cmp byte ptr ds:[ebx+0x20],al + * 011a7a9a 0f95c0 setne al + * 011a7a9d 33c8 xor ecx,eax + * 011a7a9f 334b 10 xor ecx,dword ptr ds:[ebx+0x10] + * 011a7aa2 0fb743 14 movzx eax,word ptr ds:[ebx+0x14] + * 011a7aa6 33c8 xor ecx,eax + * 011a7aa8 8b7b 1c mov edi,dword ptr ds:[ebx+0x1c] + * 011a7aab 33f9 xor edi,ecx + * 011a7aad 337b 18 xor edi,dword ptr ds:[ebx+0x18] + * 011a7ab0 897d e4 mov dword ptr ss:[ebp-0x1c],edi + * 011a7ab3 57 push edi + * 011a7ab4 53 push ebx + * 011a7ab5 e8 06330000 call .011aadc0 + * 011a7aba 8bf0 mov esi,eax + * 011a7abc 85f6 test esi,esi + * 011a7abe 74 26 je short .011a7ae6 + * 011a7ac0 56 push esi + * 011a7ac1 e8 ba330000 call .011aae80 + * 011a7ac6 8d46 2c lea eax,dword ptr ds:[esi+0x2c] + * 011a7ac9 85c0 test eax,eax + * 011a7acb 74 19 je short .011a7ae6 + * 011a7acd 8b08 mov ecx,dword ptr ds:[eax] + * 011a7acf ff41 04 inc dword ptr ds:[ecx+0x4] + * 011a7ad2 8b00 mov eax,dword ptr ds:[eax] + * 011a7ad4 8b4d f4 mov ecx,dword ptr ss:[ebp-0xc] + * 011a7ad7 64:890d 00000000 mov dword ptr fs:[0],ecx + * 011a7ade 59 pop ecx + * 011a7adf 5f pop edi + * 011a7ae0 5e pop esi + * 011a7ae1 5b pop ebx + * 011a7ae2 8be5 mov esp,ebp + * 011a7ae4 5d pop ebp + * 011a7ae5 c3 retn + * 011a7ae6 8b4d 08 mov ecx,dword ptr ss:[ebp+0x8] + * 011a7ae9 85c9 test ecx,ecx + * 011a7aeb 0f84 47010000 je .011a7c38 + * 011a7af1 0fb743 14 movzx eax,word ptr ds:[ebx+0x14] + * 011a7af5 50 push eax + * 011a7af6 e8 b5090300 call .011d84b0 + * 011a7afb 8bf0 mov esi,eax + * 011a7afd 8975 ec mov dword ptr ss:[ebp-0x14],esi + * 011a7b00 85f6 test esi,esi + * 011a7b02 0f84 30010000 je .011a7c38 + * 011a7b08 6a 34 push 0x34 + * 011a7b0a e8 29621300 call .012ddd38 + * 011a7b0f 83c4 04 add esp,0x4 + * 011a7b12 8bf8 mov edi,eax + * 011a7b14 897d e0 mov dword ptr ss:[ebp-0x20],edi + * 011a7b17 c745 fc 00000000 mov dword ptr ss:[ebp-0x4],0x0 + * 011a7b1e 85ff test edi,edi + * 011a7b20 74 1d je short .011a7b3f + * 011a7b22 c747 2c 41000000 mov dword ptr ds:[edi+0x2c],0x41 + * 011a7b29 c647 32 00 mov byte ptr ds:[edi+0x32],0x0 + * 011a7b2d c747 04 01000000 mov dword ptr ds:[edi+0x4],0x1 + * 011a7b34 c707 00000000 mov dword ptr ds:[edi],0x0 + * 011a7b3a 8945 e8 mov dword ptr ss:[ebp-0x18],eax + * 011a7b3d eb 05 jmp short .011a7b44 + * 011a7b3f 33ff xor edi,edi + * 011a7b41 897d e8 mov dword ptr ss:[ebp-0x18],edi + * 011a7b44 c745 fc ffffffff mov dword ptr ss:[ebp-0x4],-0x1 + * 011a7b4b 0fb746 04 movzx eax,word ptr ds:[esi+0x4] + * 011a7b4f 8947 1c mov dword ptr ds:[edi+0x1c],eax + * 011a7b52 0fb746 06 movzx eax,word ptr ds:[esi+0x6] + * 011a7b56 8947 20 mov dword ptr ds:[edi+0x20],eax + * 011a7b59 0fbf46 0c movsx eax,word ptr ds:[esi+0xc] + * 011a7b5d 8947 10 mov dword ptr ds:[edi+0x10],eax + * 011a7b60 0fbf46 0e movsx eax,word ptr ds:[esi+0xe] + * 011a7b64 8947 14 mov dword ptr ds:[edi+0x14],eax + * 011a7b67 0fbf46 08 movsx eax,word ptr ds:[esi+0x8] + * 011a7b6b 0345 0c add eax,dword ptr ss:[ebp+0xc] + * 011a7b6e 8947 08 mov dword ptr ds:[edi+0x8],eax + * 011a7b71 0fbf46 0a movsx eax,word ptr ds:[esi+0xa] + * 011a7b75 8b4d 10 mov ecx,dword ptr ss:[ebp+0x10] + * 011a7b78 2bc8 sub ecx,eax + * 011a7b7a 894f 0c mov dword ptr ds:[edi+0xc],ecx + * 011a7b7d 0fb643 20 movzx eax,byte ptr ds:[ebx+0x20] + * 011a7b81 8847 30 mov byte ptr ds:[edi+0x30],al + * 011a7b84 c647 32 00 mov byte ptr ds:[edi+0x32],0x0 + * 011a7b88 0fb643 21 movzx eax,byte ptr ds:[ebx+0x21] + * 011a7b8c 8847 31 mov byte ptr ds:[edi+0x31],al + * 011a7b8f 8b43 1c mov eax,dword ptr ds:[ebx+0x1c] + * 011a7b92 8947 28 mov dword ptr ds:[edi+0x28],eax + * 011a7b95 8b43 18 mov eax,dword ptr ds:[ebx+0x18] + * 011a7b98 8947 24 mov dword ptr ds:[edi+0x24],eax + * 011a7b9b c745 fc 01000000 mov dword ptr ss:[ebp-0x4],0x1 + * 011a7ba2 837f 1c 00 cmp dword ptr ds:[edi+0x1c],0x0 + * 011a7ba6 74 64 je short .011a7c0c + * 011a7ba8 8b47 20 mov eax,dword ptr ds:[edi+0x20] + * 011a7bab 85c0 test eax,eax + * 011a7bad 74 5d je short .011a7c0c + * 011a7baf 0fb776 04 movzx esi,word ptr ds:[esi+0x4] + * 011a7bb3 4e dec esi + * 011a7bb4 83e6 fc and esi,0xfffffffc + * 011a7bb7 83c6 04 add esi,0x4 + * 011a7bba 8977 18 mov dword ptr ds:[edi+0x18],esi + * 011a7bbd 0fafc6 imul eax,esi + * 011a7bc0 50 push eax + * 011a7bc1 8bcf mov ecx,edi + * 011a7bc3 e8 b8f6ffff call .011a7280 + * 011a7bc8 56 push esi + * 011a7bc9 ff37 push dword ptr ds:[edi] + * 011a7bcb ff75 ec push dword ptr ss:[ebp-0x14] + * 011a7bce 8b4d 08 mov ecx,dword ptr ss:[ebp+0x8] + * 011a7bd1 e8 3a090300 call .011d8510 + * 011a7bd6 807b 21 00 cmp byte ptr ds:[ebx+0x21],0x0 + * 011a7bda 74 0d je short .011a7be9 + * 011a7bdc ff77 28 push dword ptr ds:[edi+0x28] + * 011a7bdf ff77 24 push dword ptr ds:[edi+0x24] + * 011a7be2 8bcf mov ecx,edi + * 011a7be4 e8 d70affff call .011986c0 + * 011a7be9 897d ec mov dword ptr ss:[ebp-0x14],edi + * 011a7bec ff47 04 inc dword ptr ds:[edi+0x4] + * 011a7bef c645 fc 02 mov byte ptr ss:[ebp-0x4],0x2 + * 011a7bf3 8d45 ec lea eax,dword ptr ss:[ebp-0x14] + * 011a7bf6 50 push eax + * 011a7bf7 ff75 e4 push dword ptr ss:[ebp-0x1c] + * 011a7bfa 53 push ebx + * 011a7bfb e8 50280000 call .011aa450 + * 011a7c00 c645 fc 01 mov byte ptr ss:[ebp-0x4],0x1 + * 011a7c04 8d4d ec lea ecx,dword ptr ss:[ebp-0x14] + * 011a7c07 e8 84280000 call .011aa490 + * 011a7c0c c745 fc ffffffff mov dword ptr ss:[ebp-0x4],-0x1 + * 011a7c13 8bc7 mov eax,edi + * 011a7c15 8b4d f4 mov ecx,dword ptr ss:[ebp-0xc] + * 011a7c18 64:890d 00000000 mov dword ptr fs:[0],ecx + * 011a7c1f 59 pop ecx + * 011a7c20 5f pop edi + * 011a7c21 5e pop esi + * 011a7c22 5b pop ebx + * 011a7c23 8be5 mov esp,ebp + * 011a7c25 5d pop ebp + * 011a7c26 c3 retn + * 011a7c27 8b4d e8 mov ecx,dword ptr ss:[ebp-0x18] + * 011a7c2a e8 81f6ffff call .011a72b0 + * 011a7c2f 6a 00 push 0x0 + * 011a7c31 6a 00 push 0x0 + * 011a7c33 e8 93cb1300 call .012e47cb + * 011a7c38 a1 dc8a3d01 mov eax,dword ptr ds:[0x13d8adc] + * 011a7c3d 8b0c85 88b93f01 mov ecx,dword ptr ds:[eax*4+0x13fb988] + * 011a7c44 8b01 mov eax,dword ptr ds:[ecx] + * 011a7c46 ff75 10 push dword ptr ss:[ebp+0x10] + * 011a7c49 ff75 0c push dword ptr ss:[ebp+0xc] + * 011a7c4c 53 push ebx + * 011a7c4d ff50 1c call dword ptr ds:[eax+0x1c] + * 011a7c50 8bf0 mov esi,eax + * 011a7c52 8975 e4 mov dword ptr ss:[ebp-0x1c],esi + * 011a7c55 ff46 04 inc dword ptr ds:[esi+0x4] + * 011a7c58 c745 fc 04000000 mov dword ptr ss:[ebp-0x4],0x4 + * 011a7c5f 8d45 e4 lea eax,dword ptr ss:[ebp-0x1c] + * 011a7c62 50 push eax + * 011a7c63 57 push edi + * 011a7c64 53 push ebx + * 011a7c65 e8 a62c0000 call .011aa910 + * 011a7c6a a1 388b3f01 mov eax,dword ptr ds:[0x13f8b38] + * 011a7c6f 8b0d 448b3f01 mov ecx,dword ptr ds:[0x13f8b44] + * 011a7c75 3bc1 cmp eax,ecx + * 011a7c77 76 08 jbe short .011a7c81 + * 011a7c79 2bc1 sub eax,ecx + * 011a7c7b 50 push eax + * 011a7c7c e8 1f2e0000 call .011aaaa0 + * 011a7c81 c745 fc ffffffff mov dword ptr ss:[ebp-0x4],-0x1 + * 011a7c88 8b46 04 mov eax,dword ptr ds:[esi+0x4] + * 011a7c8b 83f8 01 cmp eax,0x1 + * 011a7c8e 75 2c jnz short .011a7cbc + * 011a7c90 8b06 mov eax,dword ptr ds:[esi] + * 011a7c92 85c0 test eax,eax + * 011a7c94 74 09 je short .011a7c9f + * 011a7c96 50 push eax + * 011a7c97 e8 3b621300 call .012dded7 + * 011a7c9c 83c4 04 add esp,0x4 + * 011a7c9f 56 push esi + * 011a7ca0 e8 335e1300 call .012ddad8 + * 011a7ca5 83c4 04 add esp,0x4 + * 011a7ca8 8bc6 mov eax,esi + * 011a7caa 8b4d f4 mov ecx,dword ptr ss:[ebp-0xc] + * 011a7cad 64:890d 00000000 mov dword ptr fs:[0],ecx + * 011a7cb4 59 pop ecx + * 011a7cb5 5f pop edi + * 011a7cb6 5e pop esi + * 011a7cb7 5b pop ebx + * 011a7cb8 8be5 mov esp,ebp + * 011a7cba 5d pop ebp + * 011a7cbb c3 retn + * 011a7cbc 48 dec eax + * 011a7cbd 8946 04 mov dword ptr ds:[esi+0x4],eax + * 011a7cc0 8bc6 mov eax,esi + * 011a7cc2 8b4d f4 mov ecx,dword ptr ss:[ebp-0xc] + * 011a7cc5 64:890d 00000000 mov dword ptr fs:[0],ecx + * 011a7ccc 59 pop ecx + * 011a7ccd 5f pop edi + * 011a7cce 5e pop esi + * 011a7ccf 5b pop ebx + * 011a7cd0 8be5 mov esp,ebp + * 011a7cd2 5d pop ebp + * 011a7cd3 c3 retn + * 011a7cd4 cc int3 + * 011a7cd5 cc int3 + * 011a7cd6 cc int3 + * 011a7cd7 cc int3 + * 011a7cd8 cc int3 + * + * Here's the hooked function in サノバウィッ� (150226). + * I randomly picked a pattern from VBH: + * + * 011a7a95 33c0 xor eax,eax + * 011a7a97 3843 20 cmp byte ptr ds:[ebx+0x20],al + * 011a7a9a 0f95c0 setne al + * 011a7a9d 33c8 xor ecx,eax + * 011a7a9f 334b 10 xor ecx,dword ptr ds:[ebx+0x10] + * 011a7aa2 0fb743 14 movzx eax,word ptr ds:[ebx+0x14] + * + * i.e: 33c03843200f95c033c8334b100fb74314 + * + * The new hooked function in サノバウィッ� is as follows. + * + * 012280dc cc int3 + * 012280dd cc int3 + * 012280de cc int3 + * 012280df cc int3 + * 012280e0 55 push ebp + * 012280e1 8bec mov ebp,esp + * 012280e3 6a ff push -0x1 + * 012280e5 68 3b813d01 push .013d813b + * 012280ea 64:a1 00000000 mov eax,dword ptr fs:[0] + * 012280f0 50 push eax + * 012280f1 83ec 14 sub esp,0x14 + * 012280f4 53 push ebx + * 012280f5 56 push esi + * 012280f6 57 push edi + * 012280f7 a1 00694901 mov eax,dword ptr ds:[0x1496900] + * 012280fc 33c5 xor eax,ebp + * 012280fe 50 push eax + * 012280ff 8d45 f4 lea eax,dword ptr ss:[ebp-0xc] + * 01228102 64:a3 00000000 mov dword ptr fs:[0],eax + * 01228108 8965 f0 mov dword ptr ss:[ebp-0x10],esp + * 0122810b 8bd9 mov ebx,ecx + * 0122810d 803d e82d4a01 00 cmp byte ptr ds:[0x14a2de8],0x0 + * 01228114 75 17 jnz short .0122812d + * 01228116 c745 e8 d8d44901 mov dword ptr ss:[ebp-0x18],.0149d4d8 + * 0122811d 8d45 e8 lea eax,dword ptr ss:[ebp-0x18] + * 01228120 50 push eax + * 01228121 e8 aadbf0ff call .01135cd0 + * 01228126 c605 e82d4a01 01 mov byte ptr ds:[0x14a2de8],0x1 + * 0122812d 33c9 xor ecx,ecx + * 0122812f 384b 21 cmp byte ptr ds:[ebx+0x21],cl + * 01228132 0f95c1 setne cl + * 01228135 33c0 xor eax,eax + * 01228137 3843 20 cmp byte ptr ds:[ebx+0x20],al + * 0122813a 0f95c0 setne al + * 0122813d 33c8 xor ecx,eax + * 0122813f 334b 10 xor ecx,dword ptr ds:[ebx+0x10] + * 01228142 0fb743 14 movzx eax,word ptr ds:[ebx+0x14] + * 01228146 33c8 xor ecx,eax + * 01228148 8b7b 1c mov edi,dword ptr ds:[ebx+0x1c] + * 0122814b 33f9 xor edi,ecx + * 0122814d 337b 18 xor edi,dword ptr ds:[ebx+0x18] + * 01228150 897d e4 mov dword ptr ss:[ebp-0x1c],edi + * 01228153 57 push edi + * 01228154 53 push ebx + * 01228155 e8 06330000 call .0122b460 + * 0122815a 8bf0 mov esi,eax + * 0122815c 85f6 test esi,esi + * 0122815e 74 26 je short .01228186 + * 01228160 56 push esi + * 01228161 e8 ba330000 call .0122b520 + * 01228166 8d46 2c lea eax,dword ptr ds:[esi+0x2c] + * 01228169 85c0 test eax,eax + * 0122816b 74 19 je short .01228186 + * 0122816d 8b08 mov ecx,dword ptr ds:[eax] + * 0122816f ff41 04 inc dword ptr ds:[ecx+0x4] + * 01228172 8b00 mov eax,dword ptr ds:[eax] + * 01228174 8b4d f4 mov ecx,dword ptr ss:[ebp-0xc] + * 01228177 64:890d 00000000 mov dword ptr fs:[0],ecx + * 0122817e 59 pop ecx + * 0122817f 5f pop edi + * 01228180 5e pop esi + * 01228181 5b pop ebx + * 01228182 8be5 mov esp,ebp + * 01228184 5d pop ebp + * 01228185 c3 retn + * 01228186 8b4d 08 mov ecx,dword ptr ss:[ebp+0x8] + * 01228189 85c9 test ecx,ecx + * 0122818b 0f84 47010000 je .012282d8 + * 01228191 0fb743 14 movzx eax,word ptr ds:[ebx+0x14] + * 01228195 50 push eax + * 01228196 e8 950f0300 call .01259130 + * 0122819b 8bf0 mov esi,eax + * 0122819d 8975 ec mov dword ptr ss:[ebp-0x14],esi + * 012281a0 85f6 test esi,esi + * 012281a2 0f84 30010000 je .012282d8 + * 012281a8 6a 34 push 0x34 + * 012281aa e8 297c1300 call .0135fdd8 + * 012281af 83c4 04 add esp,0x4 + * 012281b2 8bf8 mov edi,eax + * 012281b4 897d e0 mov dword ptr ss:[ebp-0x20],edi + * 012281b7 c745 fc 00000000 mov dword ptr ss:[ebp-0x4],0x0 + * 012281be 85ff test edi,edi + * 012281c0 74 1d je short .012281df + * 012281c2 c747 2c 41000000 mov dword ptr ds:[edi+0x2c],0x41 + * 012281c9 c647 32 00 mov byte ptr ds:[edi+0x32],0x0 + * 012281cd c747 04 01000000 mov dword ptr ds:[edi+0x4],0x1 + * 012281d4 c707 00000000 mov dword ptr ds:[edi],0x0 + * 012281da 8945 e8 mov dword ptr ss:[ebp-0x18],eax + * 012281dd eb 05 jmp short .012281e4 + * 012281df 33ff xor edi,edi + * 012281e1 897d e8 mov dword ptr ss:[ebp-0x18],edi + * 012281e4 c745 fc ffffffff mov dword ptr ss:[ebp-0x4],-0x1 + * 012281eb 0fb746 04 movzx eax,word ptr ds:[esi+0x4] + * 012281ef 8947 1c mov dword ptr ds:[edi+0x1c],eax + * 012281f2 0fb746 06 movzx eax,word ptr ds:[esi+0x6] + * 012281f6 8947 20 mov dword ptr ds:[edi+0x20],eax + * 012281f9 0fbf46 0c movsx eax,word ptr ds:[esi+0xc] + * 012281fd 8947 10 mov dword ptr ds:[edi+0x10],eax + * 01228200 0fbf46 0e movsx eax,word ptr ds:[esi+0xe] + * 01228204 8947 14 mov dword ptr ds:[edi+0x14],eax + * 01228207 0fbf46 08 movsx eax,word ptr ds:[esi+0x8] + * 0122820b 0345 0c add eax,dword ptr ss:[ebp+0xc] + * 0122820e 8947 08 mov dword ptr ds:[edi+0x8],eax + * 01228211 0fbf46 0a movsx eax,word ptr ds:[esi+0xa] + * 01228215 8b4d 10 mov ecx,dword ptr ss:[ebp+0x10] + * 01228218 2bc8 sub ecx,eax + * 0122821a 894f 0c mov dword ptr ds:[edi+0xc],ecx + * 0122821d 0fb643 20 movzx eax,byte ptr ds:[ebx+0x20] + * 01228221 8847 30 mov byte ptr ds:[edi+0x30],al + * 01228224 c647 32 00 mov byte ptr ds:[edi+0x32],0x0 + * 01228228 0fb643 21 movzx eax,byte ptr ds:[ebx+0x21] + * 0122822c 8847 31 mov byte ptr ds:[edi+0x31],al + * 0122822f 8b43 1c mov eax,dword ptr ds:[ebx+0x1c] + * 01228232 8947 28 mov dword ptr ds:[edi+0x28],eax + * 01228235 8b43 18 mov eax,dword ptr ds:[ebx+0x18] + * 01228238 8947 24 mov dword ptr ds:[edi+0x24],eax + * 0122823b c745 fc 01000000 mov dword ptr ss:[ebp-0x4],0x1 + * 01228242 837f 1c 00 cmp dword ptr ds:[edi+0x1c],0x0 + * 01228246 74 64 je short .012282ac + * 01228248 8b47 20 mov eax,dword ptr ds:[edi+0x20] + * 0122824b 85c0 test eax,eax + * 0122824d 74 5d je short .012282ac + * 0122824f 0fb776 04 movzx esi,word ptr ds:[esi+0x4] + * 01228253 4e dec esi + * 01228254 83e6 fc and esi,0xfffffffc + * 01228257 83c6 04 add esi,0x4 + * 0122825a 8977 18 mov dword ptr ds:[edi+0x18],esi + * 0122825d 0fafc6 imul eax,esi + * 01228260 50 push eax + * 01228261 8bcf mov ecx,edi + * 01228263 e8 a8f6ffff call .01227910 + * 01228268 56 push esi + * 01228269 ff37 push dword ptr ds:[edi] + * 0122826b ff75 ec push dword ptr ss:[ebp-0x14] + * 0122826e 8b4d 08 mov ecx,dword ptr ss:[ebp+0x8] + * 01228271 e8 1a0f0300 call .01259190 + * 01228276 807b 21 00 cmp byte ptr ds:[ebx+0x21],0x0 + * 0122827a 74 0d je short .01228289 + * 0122827c ff77 28 push dword ptr ds:[edi+0x28] + * 0122827f ff77 24 push dword ptr ds:[edi+0x24] + * 01228282 8bcf mov ecx,edi + * 01228284 e8 870affff call .01218d10 + * 01228289 897d ec mov dword ptr ss:[ebp-0x14],edi + * 0122828c ff47 04 inc dword ptr ds:[edi+0x4] + * 0122828f c645 fc 02 mov byte ptr ss:[ebp-0x4],0x2 + * 01228293 8d45 ec lea eax,dword ptr ss:[ebp-0x14] + * 01228296 50 push eax + * 01228297 ff75 e4 push dword ptr ss:[ebp-0x1c] + * 0122829a 53 push ebx + * 0122829b e8 50280000 call .0122aaf0 + * 012282a0 c645 fc 01 mov byte ptr ss:[ebp-0x4],0x1 + * 012282a4 8d4d ec lea ecx,dword ptr ss:[ebp-0x14] + * 012282a7 e8 84280000 call .0122ab30 + * 012282ac c745 fc ffffffff mov dword ptr ss:[ebp-0x4],-0x1 + * 012282b3 8bc7 mov eax,edi + * 012282b5 8b4d f4 mov ecx,dword ptr ss:[ebp-0xc] + * 012282b8 64:890d 00000000 mov dword ptr fs:[0],ecx + * 012282bf 59 pop ecx + * 012282c0 5f pop edi + * 012282c1 5e pop esi + * 012282c2 5b pop ebx + * 012282c3 8be5 mov esp,ebp + * 012282c5 5d pop ebp + * 012282c6 c3 retn + * 012282c7 8b4d e8 mov ecx,dword ptr ss:[ebp-0x18] + * 012282ca e8 71f6ffff call .01227940 + * 012282cf 6a 00 push 0x0 + * 012282d1 6a 00 push 0x0 + * 012282d3 e8 83eb1300 call .01366e5b + * 012282d8 a1 e89a4901 mov eax,dword ptr ds:[0x1499ae8] + * 012282dd 8b0c85 f0d64b01 mov ecx,dword ptr ds:[eax*4+0x14bd6f0] + * 012282e4 8b01 mov eax,dword ptr ds:[ecx] + * 012282e6 ff75 10 push dword ptr ss:[ebp+0x10] + * 012282e9 ff75 0c push dword ptr ss:[ebp+0xc] + * 012282ec 53 push ebx + * 012282ed ff50 1c call dword ptr ds:[eax+0x1c] + * 012282f0 8bf0 mov esi,eax + * 012282f2 8975 e4 mov dword ptr ss:[ebp-0x1c],esi + * 012282f5 ff46 04 inc dword ptr ds:[esi+0x4] + * 012282f8 c745 fc 04000000 mov dword ptr ss:[ebp-0x4],0x4 + * 012282ff 8d45 e4 lea eax,dword ptr ss:[ebp-0x1c] + * 01228302 50 push eax + * 01228303 57 push edi + * 01228304 53 push ebx + * 01228305 e8 a62c0000 call .0122afb0 + * 0122830a a1 a0a84b01 mov eax,dword ptr ds:[0x14ba8a0] + * 0122830f 8b0d aca84b01 mov ecx,dword ptr ds:[0x14ba8ac] + * 01228315 3bc1 cmp eax,ecx + * 01228317 76 08 jbe short .01228321 + * 01228319 2bc1 sub eax,ecx + * 0122831b 50 push eax + * 0122831c e8 1f2e0000 call .0122b140 + * 01228321 c745 fc ffffffff mov dword ptr ss:[ebp-0x4],-0x1 + * 01228328 8b46 04 mov eax,dword ptr ds:[esi+0x4] + * 0122832b 83f8 01 cmp eax,0x1 + * 0122832e 75 2c jnz short .0122835c + * 01228330 8b06 mov eax,dword ptr ds:[esi] + * 01228332 85c0 test eax,eax + * 01228334 74 09 je short .0122833f + * 01228336 50 push eax + * 01228337 e8 3b7c1300 call .0135ff77 + * 0122833c 83c4 04 add esp,0x4 + * 0122833f 56 push esi + * 01228340 e8 33781300 call .0135fb78 + * 01228345 83c4 04 add esp,0x4 + * 01228348 8bc6 mov eax,esi + * 0122834a 8b4d f4 mov ecx,dword ptr ss:[ebp-0xc] + * 0122834d 64:890d 00000000 mov dword ptr fs:[0],ecx + * 01228354 59 pop ecx + * 01228355 5f pop edi + * 01228356 5e pop esi + * 01228357 5b pop ebx + * 01228358 8be5 mov esp,ebp + * 0122835a 5d pop ebp + * 0122835b c3 retn + * 0122835c 48 dec eax + * 0122835d 8946 04 mov dword ptr ds:[esi+0x4],eax + * 01228360 8bc6 mov eax,esi + * 01228362 8b4d f4 mov ecx,dword ptr ss:[ebp-0xc] + * 01228365 64:890d 00000000 mov dword ptr fs:[0],ecx + * 0122836c 59 pop ecx + * 0122836d 5f pop edi + * 0122836e 5e pop esi + * 0122836f 5b pop ebx + * 01228370 8be5 mov esp,ebp + * 01228372 5d pop ebp + * 01228373 c3 retn + * 01228374 cc int3 + * 01228375 cc int3 + * 01228376 cc int3 + * 01228377 cc int3 + * 01228378 cc int3 + */ + +namespace { // unnamed + +// Skip individual L'\n' which might cause repetition. +//bool NewLineWideCharSkipper(LPVOID data, DWORD *size, HookParam *) +//{ +// LPCWSTR text = (LPCWSTR)data; +// if (*size == 2 && *text == L'\n') +// return false; +// return true; +//} +// + +bool NewKiriKiriZHook(DWORD addr) +{ + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::ecx); + hp.split = hp.offset; // the same logic but diff value as KiriKiri1, use [ecx] as split + hp.index = 0x14; // the same as KiriKiri1 + hp.type = CODEC_UTF16|DATA_INDIRECT|USING_SPLIT|SPLIT_INDIRECT; + //hp.filter_fun = NewLineCharFilterW; + ConsoleOutput("INSERT KiriKiriZ"); + ConsoleOutput("KiriKiriZ: disable GDI hooks"); + return NewHook(hp, "KiriKiriZ"); + + +} + +bool KiriKiriZHook1(hook_stack* stack, HookParam *) +{ + DWORD addr = stack->stack[0]; // retaddr + addr = MemDbg::findEnclosingAlignedFunction(addr, 0x400); // range is around 0x377c50 - 0x377a40 = 0x210 + if (!addr) { + ConsoleOutput("KiriKiriZ: failed to find enclosing function"); + return false; // stop looking + } + NewKiriKiriZHook(addr); + ConsoleOutput("KiriKiriZ1 inserted"); + return false; // stop looking +} + +bool InsertKiriKiriZHook1() +{ + ULONG addr = MemDbg::findCallerAddressAfterInt3((DWORD)::GetGlyphOutlineW, processStartAddress, processStopAddress); + if (!addr) { + ConsoleOutput("KiriKiriZ1: could not find caller of GetGlyphOutlineW"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.type = HOOK_EMPTY; + hp.hook_fun = KiriKiriZHook1; + ConsoleOutput("INSERT KiriKiriZ1 empty hook"); + + return NewHook(hp, "KiriKiriZ Hook"); +} + + +// jichi 1/30/2015: Add KiriKiriZ2 for サノバウィッ� +// It inserts to the same location as the old KiriKiriZ, but use a different way to find it. +bool InsertKiriKiriZHook2() +{ + const BYTE bytes[] = { + 0x38,0x4b, 0x21, // 0122812f 384b 21 cmp byte ptr ds:[ebx+0x21],cl + 0x0f,0x95,0xc1, // 01228132 0f95c1 setne cl + 0x33,0xc0, // 01228135 33c0 xor eax,eax + 0x38,0x43, 0x20, // 01228137 3843 20 cmp byte ptr ds:[ebx+0x20],al + 0x0f,0x95,0xc0, // 0122813a 0f95c0 setne al + 0x33,0xc8, // 0122813d 33c8 xor ecx,eax + 0x33,0x4b, 0x10, // 0122813f 334b 10 xor ecx,dword ptr ds:[ebx+0x10] + 0x0f,0xb7,0x43, 0x14 // 01228142 0fb743 14 movzx eax,word ptr ds:[ebx+0x14] + }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + //GROWL_DWORD(addr); + if (!addr) { + ConsoleOutput("KiriKiriZ2: pattern not found"); + return false; + } + + // 012280e0 55 push ebp + // 012280e1 8bec mov ebp,esp + addr = MemDbg::findEnclosingAlignedFunction(addr, 0x100); // 0x0122812f-0x012280e0 = 0x4F + enum : BYTE { push_ebp = 0x55 }; // 011d4c80 /$ 55 push ebp + if (!addr || *(BYTE *)addr != push_ebp) { + ConsoleOutput("KiriKiriZ2: pattern found but the function offset is invalid"); + return false; + } + + NewKiriKiriZHook(addr); + ConsoleOutput("KiriKiriZ2 inserted"); + return true; +} + +} // unnamed namespace + +// jichi 1/30/2015: Do KiriKiriZ2 first, which might insert to the same location as KiriKiri1. + +bool KiriKiriZ_msvcFilter(LPVOID data, size_t *size, HookParam *) +{ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + static std::wstring prevText; + + if (!*len) + return false; + text[*len/sizeof(wchar_t)] = L'\0'; // clean text + + if (!prevText.compare(text)) + return false; + prevText = text; + + StringCharReplacer(text, len, L"\\n", 2, L' '); + if (cpp_wcsnstr(text, L"%", *len/sizeof(wchar_t))) { + StringFilterBetween(text, len, L"%", 1, L";", 1); + } + return true; +} +bool Krkrtextrenderdll () { + HMODULE module = GetModuleHandleW(L"textrender.dll"); + if (module == 0)return false; + if (GetProcAddress(module, "V2Link") == 0)return false; + + bool b1=[module]() { + auto [minAddress, maxAddress] = Util::QueryModuleLimits(module); + BYTE bytes[] = { + 0x81,0xEC,0xFC,0x00,0x00,0x00 + }; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), minAddress, maxAddress); + if (addr == 0)return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (addr == 0)return false; + ConsoleOutput("textrender %p", addr); + HookParam hp; + hp.address = (DWORD)addr; + hp.offset=get_stack(2); + hp.type = CODEC_UTF16; + + return NewHook(hp, "krkr_textrender"); + }(); + bool b2=[module]() { + auto [minAddress, maxAddress] = Util::QueryModuleLimits(module); + BYTE bytes[] = { + 0xFF, XX, + 0x88, XX, XX, XX, + XX, XX, XX, XX, + XX, XX, + 0x74, XX, + XX, XX, XX, XX, + XX, + XX, + 0xE8, XX, XX, XX, XX, + 0xB0, 0x01, + 0xC3 + }; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), minAddress, maxAddress); + if (addr == 0)return false; + ConsoleOutput("textrender %p", addr); + HookParam hp; + hp.address = addr -0xb; + hp.offset=get_reg(regs::eax); + hp.type = CODEC_UTF16 | USING_STRING; + hp.filter_fun = KiriKiriZ_msvcFilter; + return NewHook(hp, "krkr_textrender"); + }(); + return b1||b2; +} +bool KiriKiriZ3Filter(LPVOID data, size_t *size, HookParam *) +{ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + + CharFilter(text, len, L'\x000A'); + if (cpp_wcsnstr(text, L"%", *len/sizeof(wchar_t))) { + StringFilterBetween(text, len, L"%", 1, L"%", 1); + } + + return true; +} + +bool InsertKiriKiriZHook3() +{ + + /* + * Sample games: + * https://vndb.org/r109253 + */ + const BYTE bytes[] = { + 0x66, 0x83, 0x3F, 0x00, // cmp word ptr [edi],00 << hook here + 0x75, 0x06, // jne Imouto_no_Seiiki.exe+195C1 + 0x33, 0xDB, // xor ebx,ebx + 0x89, 0x1E, // mov [esi],ebx + 0xEB, 0x1B // jmp Imouto_no_Seiiki.exe+195DC + }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + ConsoleOutput("KiriKiriZ3: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset =get_reg(regs::edi); + hp.split = get_reg(regs::edx); + hp.type = NO_CONTEXT | CODEC_UTF16 | USING_STRING | USING_SPLIT; + hp.filter_fun = KiriKiriZ3Filter; + ConsoleOutput("INSERT KiriKiriZ3"); + return NewHook(hp, "KiriKiriZ3"); +} + +bool KiriKiriZ4Filter(LPVOID data, size_t *size, HookParam *) +{ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + + if (text[0] == L' ' || text[0] == L':' || text[0] == L'@' || text[0] == L'[' || text[0] == L']') + return false; + + if (cpp_wcsnstr(text, L"[", *len/sizeof(wchar_t))) { + StringCharReplacer(text, len, L"[r]", 3, L' '); + StringFilterBetween(text, len, L"[", 1, L"]", 1); + } + + return true; +} + +bool InsertKiriKiriZHook4() +{ + + /* + * Sample games: + * https://vndb.org/r111774 + * https://vndb.org/v38021 + */ + const BYTE bytes[] = { + 0xE8, 0xE8, 0xBA, 0xFE, 0xFF, // call Shironagasu.exe+227B0 << hook here + 0xC7, 0x45, 0xFC, XX4, // mov [ebp-04],00000000 + 0xC7, 0x45, 0xF0, XX4, // mov [ebp-10],00000001 + 0x8B, 0x45, 0x08 // mov eax,[ebp+08] + }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + ConsoleOutput("KiriKiriZ4: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset = get_reg(regs::ebx); + hp.type = NO_CONTEXT | CODEC_UTF16 | USING_STRING; + hp.filter_fun = KiriKiriZ4Filter; + ConsoleOutput("INSERT KiriKiriZ4"); + return NewHook(hp, "KiriKiriZ4"); +} +bool InsertKiriKiriZHook() +{ + auto ok=Krkrtextrenderdll(); + ok = InsertKiriKiriZHook3() || ok; + ok = InsertKiriKiriZHook4() || ok; + return InsertKiriKiriZHook2() || InsertKiriKiriZHook1()|| ok; + +} +namespace{ + int type=0;std::wstring saveend=L""; + void hookafter(hook_stack*s,void* data, size_t len){ + + auto newText =std::wstring((wchar_t*)data,len/2);// EngineController::instance()->dispatchTextWSTD(innner, Engine::ScenarioRole, 0); + newText=newText+L"[plc]"; + if(type==2){ + newText=L"[x]"+newText; + } + else if(type==1){ + newText=std::regex_replace(newText, std::wregex(L"\u300c"), L"\\[\u300c\\]"); + newText=std::regex_replace(newText, std::wregex(L"\u300d"), L"\\[\u300d\\]"); + } + newText+=saveend; + auto text = (LPWSTR)s->esi; + wcscpy(text,newText.c_str()); + } + bool hookBefore(hook_stack*s,void* data, size_t* len,uintptr_t*role) + { + //シロガネオトメ + auto text = (LPWSTR)s->esi; + if ( !text || !*text) + return false; + + if (all_ascii(text,wcslen(text)))return false; + std::wstring wstext=text; + //[「]ぱ、ぱんつなんてどうしてそんなに気になるの。ゆきちゃんだってはいてるでしょ[」][plc] ->对话 + //[x]彼女は言葉通りに、お風呂上がりにパンツを穿き忘れてそのまま一日過ごしかけたりすることがあった。ボクはそれをまじめに心配していたのだ(開き直り)。[plc] ->旁白 + /* + //算了,改人名容易出问题 + //[name name="?/翼"] ->人名 + //[name name="翼"] + auto checkisname=std::regex_replace(wstext, std::wregex(L"\\[name name=\"(.*?)\"\\]"), L""); + if(wstext!=L"" && checkisname==L""){ + auto name=std::regex_replace(wstext, std::wregex(L"\\[name name=\"(.*?)\"\\]"), L"$1"); + + auto _idx=name.find(L'\uff0f'); + std::wstring end=L""; + if(_idx!=name.npos){ + name=name.substr(0,_idx); + end=name.substr(_idx); + } + name = EngineController::instance()->dispatchTextWSTD(name, Engine::NameRole, 0); + name+=end; + name=L"[name name=\""+name+L"\"]"; + wcscpy(text,name.c_str()); + return true; + } + */ + if(wstext.size()<5||(wstext.substr(wstext.size()-5)!=L"[plc]"))return false; + + type=0; + if(wstext.substr(0,3)==L"[x]"){ + type=1; + wstext=wstext.substr(3); + } + else if (wstext.substr(0,3)==L"[\u300c]"){ //「 」 + type=2; + wstext=std::regex_replace(wstext, std::wregex(L"\\[\u300c\\]"), L"\u300c"); + wstext=std::regex_replace(wstext, std::wregex(L"\\[\u300d\\]"), L"\u300d"); + } + if(type==0)return false;//未知类型 + saveend=L""; + auto innner=wstext.substr(0,wstext.size()-5); + innner=std::regex_replace(innner, std::wregex(L"\\[eruby text=(.*?) str=(.*?)\\]"), L"$2"); + if(innner[innner.size()-1]==L']'){ + //「ボクの身体をあれだけ好き勝手しておいて、いまさらカマトトぶっても遅いよ。ほら、正直になりなよ」[waitsd layer=&CHAR6] + for(int i=innner.size();i>0;i--){ + if(innner[i]=='['){ + saveend=innner.substr(i); + innner=innner.substr(0,i); + break; + } + } + } + wcscpy((wchar_t*)data,innner.c_str()); + *len=innner.size()*2; + return true; + } + +bool attachkr2(ULONG startAddress, ULONG stopAddress) +{ + //シロガネオトメ +// .text:005D288D 66 8B 06 mov ax, [esi] +// .text:005D2890 66 83 F8 3B cmp ax, 3Bh ; ';' +// .text:005D2894 0F 84 AA 06 00 00 jz loc_5D2F44 +// .text:005D2894 +// .text:005D289A 66 83 F8 2A cmp ax, 2Ah ; '*' +// .text:005D289E 0F 85 DF 02 00 00 jnz loc_5D2B83 + +//修改v3的值 +// v3 = *(const wchar_t **)(*(_DWORD *)(a1 + 100) + 8 * *(_DWORD *)(a1 + 116)); +// if ( *v3 != 59 ) +// { +// if ( *v3 == 42 ) + const uint8_t bytes[] = { + 0x66,0x8B,0x06,0x66,0x83,0xF8,0x3B,0x0F,XX,XX4,0x66,0x83,0xF8,0x2A,0x0F + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if (!addr) return false; + HookParam hp; + hp.address = addr; + hp.type = EMBED_ABLE|CODEC_UTF16; + hp.hook_before=hookBefore; + hp.hook_after=hookafter; + return NewHook(hp, "EmbedKrkr2"); +} + +} // namespace Private + +namespace Private { + + std::wstring ConvertToFullWidth(const std::wstring& str) { + std::wstring fullWidthStr; + for (wchar_t c : str) { + if (c >= 32 && c <= 126) { + fullWidthStr += static_cast(c + 65248); + } else { + fullWidthStr += c; + } + } + return fullWidthStr; +} + + bool hookBeforez(hook_stack*s,void* data, size_t* len,uintptr_t*role) + { + + auto text = (LPCSTR)s->ecx; + if ( !text || !*text) + return false; + if (all_ascii(text,strlen(text)))return false; + //"。」』?―!、" + auto chatflags={"\xe3\x80\x82", "\xe3\x80\x8d","\xe3\x80\x8f","\xef\xbc\x9f","\xe2\x80\x95","\xef\xbc\x81","\xe3\x80\x81"}; + bool ok=false; + for (auto f:chatflags){ + if(strstr(text,f))ok=true; + } + if(ok==false)return false; + // auto role = Engine::ScenarioRole ; + //auto split = s->edx; + //auto sig = Engine::hashThreadSignature(role, split); + enum { sig = 0 }; // split not used + std::string utf8save=text; + strReplace(utf8save, "%51;", "\\-"); + strReplace(utf8save, "%164;", "\\+\\+"); + strReplace(utf8save, "%123;", "\\+"); + strReplace(utf8save, "%205;", "\\+\\+\\+"); + strReplace(utf8save, "#000033ff;", "\\#0033FF"); + strReplace(utf8save, "#;", "\\#FFFFFF"); + strReplace(utf8save, "#00ff0000;", "\\#FF0000"); + strReplace(utf8save, "%p-1;%f\xef\xbc\xad\xef\xbc\xb3 \xe3\x82\xb4\xe3\x82\xb7\xe3\x83\x83\xe3\x82\xaf;", ""); //"%p-1;%fMS ゴシック;" + strReplace(utf8save, "%p;%fuser;", ""); + strcpy((char*)data,utf8save.c_str()); + *len=utf8save.size(); + return true; + + } + void after(hook_stack*s,void* data, size_t len){ + + std::string res= std::string((char*)data,len);// EngineController::instance()->dispatchTextWSTD(innner, Engine::ScenarioRole, 0); + strReplace(res, "\\-", "%51;"); + strReplace(res, "\\+\\+", "%164;"); + strReplace(res, "\\+", "%123;"); + strReplace(res, "\\+\\+\\+", "%205;"); + strReplace(res, "\\#0033FF", "#000033ff;"); + strReplace(res, "\\#FFFFFF", "#;"); + strReplace(res, "\\#FF0000", "#00ff0000;"); + res=WideStringToString(ConvertToFullWidth((StringToWideString(res)))); + auto cs = new char[res.size() + 1]; + strcpy(cs, res.c_str()); + s->ecx = (DWORD)cs; + + } +bool attach(ULONG startAddress, ULONG stopAddress) +{ + //findbytes搜索1长度BYTE[]时有问题。 + //mashiro_fhd + // BYTE sig0[]={0x8B,XX};//mov esi,ecx + //ecx->XXX->esi->al/bl/cl/dl + /* + eax c1 + ebx d9 + ebp e9 + edx d1 + edi f9 + esi f1 + */ + + // BYTE sig01[]={0x8A,XX};//mov al, [esi] + /* + al 06 + bl 1e + cl 0e + dl 16 + */ + #define sigs(n,N) BYTE sig1##n[]={0x3C,N};BYTE sig2##n[]={0x80,XX,N}; + #define addsig(n) {sig1##n,sig2##n}, + sigs(1,0x80)sigs(2,0xc2)sigs(3,0xE0)sigs(4,0xF0)sigs(5,0xF8)sigs(6,0xFC)sigs(7,0xFE) + // BYTE sig1[]={0x3C,0x80,XX};//0x73//0x0f + // BYTE sig2[]={0x3C,0xC2,XX}; + // BYTE sig3[]={0x3C,0xE0,XX}; + // BYTE sig4[]={0x3C,0xF0,XX}; + // BYTE sig5[]={0x3C,0xF8,XX}; + // BYTE sig6[]={0x3C,0xFC,XX}; + // BYTE sig7[]={0x3C,0xFE,XX}; + + ULONG addr =startAddress; + bool succ=false; + while(addr){ + // MessageBox(0,xx,L"",0); + + addr=[](DWORD addr,DWORD stopAddress){ + for(;addr>{ + addsig(1)addsig(2)addsig(3)addsig(4)addsig(5)addsig(6)addsig(7) + + }){ + auto check1=MemDbg::findBytes(p.first, 2, check, check+0x1000); + auto check2=MemDbg::findBytes(p.second, 3, check, check+0x1000); + check=min(check1,check2); + if(check==0)check=max(check1,check2); + if(check==0){ + ok=false;break; + } + } + if(ok){ + HookParam hp; + hp.address = addr; + hp.type = EMBED_ABLE|CODEC_UTF8; + hp.hook_before=hookBeforez; + hp.hook_after=after; + succ|=NewHook(hp, "EmbedKrkrZ"); + // return true; + } + + } + + return succ; +} + +} // namespace ScenarioHook +namespace{ + bool wcslen_wcscpy(){ + //LOVELY×CATION + const uint8_t bytes2[] = { + //wcscpy 唯一 + 0x55,0x8b,0xec, + 0x53,0x56,0x8b,0x75,0x0c,0x56,0xe8,XX,0xFF,0xFF,0xFF,//call wcslen,距离很近,故均为ff + 0x59,0x8b,0xd8,0x33,XX,0x8b,0x45,0x08 + }; + const uint8_t bytes[] = { + //wcslen 有多个,可以修改任意一个,但是会造成困扰 + 0x55,0x8b,0xec, + 0x33,XX, + 0x8b,0x45,0x08, + 0xeb,0x04, + XX, + 0x83,0xc0,0x02, + 0x66,0x83,0x38,0x00, + 0x75,0xf6, + 0x8b,XX, + 0x5d,0xc3 + }; + ULONG addr = MemDbg::findBytes(bytes2, sizeof(bytes2), processStartAddress, processStopAddress); + static int off; + off=8; + if (addr==0){ + addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + off=4; + } + if(addr==0)return false; + HookParam hp; + hp.address = addr; + if(off==8) + hp.type = CODEC_UTF16|USING_STRING|NO_CONTEXT|EMBED_ABLE|EMBED_BEFORE_SIMPLE; + else + hp.type = CODEC_UTF16|USING_STRING|EMBED_ABLE|EMBED_BEFORE_SIMPLE; + hp.offset=off; + hp.filter_fun=[](LPVOID data, size_t *size, HookParam *){ + auto t=std::wstring((wchar_t*)data,*size/2); + if(all_ascii(t.c_str(),t.size()))return false; + if(t.find(L".ks")!=t.npos ||t.find(L".tjs")!=t.npos ||t.find(L".xp3")!=t.npos || t.find(L"/")!=t.npos||t.find(L"\\")!=t.npos||t[0]==L'@')return false; //脚本路径或文件路径 + //if(t.find(L"[\u540d\u524d]")!=t.npos)return false; //[名前],翻译后破坏结构 + if(t.find(L"\u8aad\u307f\u8fbc\u307f")!=t.npos)return false; //読み込み + if(t.size()>4&&t.substr(t.size()-4)==L"[np]")t=t.substr(0,t.size()-4); + if(t.size()>4&&t.substr(t.size()-3)==L"[r]")t=t.substr(0,t.size()-3); //揺り籠より天使まで + t=std::regex_replace(t,std::wregex(L"\\[\ruby text=\"(.*?)\"\\]"),L""); + t=std::regex_replace(t,std::wregex(L"\\[ruby text=\"(.*?)\"\\]"),L""); + t=std::regex_replace(t,std::wregex(L"\\[ch text=\"(.*?)\"\\]"),L"$1"); + if(std::any_of(t.begin(),t.end(),[](wchar_t c){return (c<=127)&&((c!=L'[')||c!=L']');}))return false; + wcscpy((wchar_t*) data,t.c_str());*size=t.size()*2;return true; + }; + hp.hook_after=[](hook_stack*s,void* data, size_t len){ + auto t=std::wstring((wchar_t*)s->stack[off/4]); + auto newText =std::wstring((wchar_t*)data,len/2); + if(t.size()>4&&t.substr(t.size()-4)==L"[np]")newText=newText+L"[np]"; + if(t.size()>3&&t.substr(t.size()-3)==L"[r]")newText=newText+L"[r]"; //揺り籠より天使まで + wcscpy((wchar_t*)s->stack[off/4],newText.c_str()); + } ; + hp.hook_font=F_GetTextExtentPoint32W|F_GetGlyphOutlineW; + return NewHook(hp, "Krkr2wcs"); + } +} +bool KiriKiri3Filter(LPVOID data, size_t *size, HookParam *) +{ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + static std::wstring prevText; + + if (!*len) + return false; + text[*len/sizeof(wchar_t)] = L'\0'; // clean text + if (!prevText.compare(text)) + return false; + prevText = text; + + if (cpp_wcsnstr(text, L"[", *len/sizeof(wchar_t))) { + StringCharReplacer(text, len, L"[r]", 3, L' '); + StringFilterBetween(text, len, L"[", 1, L"]\\", 2); + // ruby type 1 + StringFilterBetween(text, len, L"[mruby r=", 9, L"\" text=\"", 8); // [mruby r="ゆきみ" text="由紀美"] + // ruby type 2 + StringFilterBetween(text, len, L"[ruby text=", 11, L"]", 1); // [ruby text="せんがわ" align="e"][ch text="仙川"] + StringFilter(text, len, L"[ch text=\"", 10); // [ruby text="せんがわ" align="e"][ch text="仙川"] + // ruby type 1-2 + StringFilter(text, len, L"\"]", 2); + // end ruby + StringFilter(text, len, L"[heart]", 7); + } + + StringCharReplacer(text,len,L"\uff0f",1,L'\n'); + if (cpp_wcsnstr(text, L"[", *len/sizeof(wchar_t))) // detect garbage sentence. [ruby text=%r][ch text=%text][macropop] + return false; + + return true; +} +bool InsertKiriKiri3Hook() +{ + + /* + * Sample games: + * https://vndb.org/v16190 + * https://vndb.org/v43048 + * https://vndb.org/v46112 + * https://vndb.org/v20491 + * https://vndb.org/v28695 + * https://vndb.org/v5549 + * https://vndb.org/v28513 + * https://vndb.org/v46499 + */ + const BYTE bytes[] = { + 0x75, 0x09, // jne GAME.EXE+1D5B37 + 0x8B, 0x85, XX4, // mov eax,[ebp-00000254] + 0xFF, 0x40, 0x78 // inc [eax+78] + }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + ConsoleOutput("KiriKiri3: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::ecx); + hp.index = 0; + hp.split = get_reg(regs::eax); + hp.split_index = 0; + hp.type = CODEC_UTF16 | USING_STRING | USING_SPLIT; + hp.filter_fun = KiriKiri3Filter; + ConsoleOutput("INSERT KiriKiri3"); + return NewHook(hp, "KiriKiri3"); +} + +bool KiriKiri::attach_function() { + if (Util::SearchResourceString(L"TVP(KIRIKIRI) Z ")) { // TVP(KIRIKIRI) Z CORE + // jichi 11/24/2014: Disabled that might crash VBH + //if (Util::CheckFile(L"plugin\\KAGParser.dll")) + // InsertKAGParserHook(); + //else if (Util::CheckFile(L"plugin\\KAGParserEx.dll")) + // InsertKAGParserExHook(); + bool krz=Private::attach(processStartAddress,processStopAddress); + if (InsertKiriKiriZHook()||krz) + return true; + } + bool b1=attachkr2(processStartAddress,processStopAddress); + bool _3=wcslen_wcscpy(); + auto _= InsertKiriKiriHook() || InsertKiriKiriZHook()||b1||_3; + return InsertKiriKiri3Hook()||_; +} diff --git a/LunaHook/engine32/KiriKiri.h b/LunaHook/engine32/KiriKiri.h new file mode 100644 index 0000000..9e3759a --- /dev/null +++ b/LunaHook/engine32/KiriKiri.h @@ -0,0 +1,13 @@ +#include"engine.h" + +class KiriKiri:public ENGINE{ + public: + KiriKiri(){ + + check_by=CHECK_BY::CUSTOM; + check_by_target=[](){ + return Util::CheckFile(L"*.xp3") || Util::SearchResourceString(L"TVP(KIRIKIRI)"); + }; + }; + bool attach_function(); +}; diff --git a/LunaHook/engine32/LCScript.cpp b/LunaHook/engine32/LCScript.cpp new file mode 100644 index 0000000..398775d --- /dev/null +++ b/LunaHook/engine32/LCScript.cpp @@ -0,0 +1,1023 @@ +#include"LCScript.h" +#include"embed_util.h" +#include"dyncodec/dynsjis.h" +#include"detours.h" +namespace { // unnamed +namespace ScenarioHook { +namespace Private { + + // Skip trailing 0203 + LPCSTR trim(LPCSTR text, int *size) + { + auto length = *size; + while (length && (UINT8)text[0] <= 127) { // remove all leading ASCII characters including zeros + text++; + length--; + } + while (length && (UINT8)text[length - 1] == 0) // remove all trailing zeros + length--; + // remove all trailing illegal double-characters + enum { MinimumByte = 0x6 }; // the same as dynamicEncodingMinimumByte + while (length >= 2 && (UINT8)text[length - 1] < MinimumByte && (UINT8)text[length - 2] < MinimumByte) + length -= 2; + *size = length; + return text; + } + + /** + * Sample game: 春恋*乙女~乙女の園でごきげんよう。~ + * + * 067C73FA 8F CD 90 6D 01 81 75 96 7B 93 96 82 C9 82 B1 82 章仁「本当にこ・ + * 067C740A F1 82 C8 82 C6 82 B1 82 EB 82 AA 82 A0 82 E9 82 ネところがある・ + * 067C741A F1 82 BE 82 C8 82 9F 81 63 81 63 81 76 02 03 00 セなぁ……」. + * 067C742A 38 00 00 00 01 81 40 96 DA 82 CC 91 4F 82 C9 8D 8... 目の前に・ + * 067C743A 4C 82 AA 82 E9 8C F5 8C 69 82 F0 91 4F 82 C9 81 Lがる光景を前に・ + * + * Name/scenario splitter: 01 () + * New line splitter: 0203 () + */ + + // 0042FBE8 A1 E8234A00 MOV EAX,DWORD PTR DS:[0x4A23E8] ; jichi: text length here + // + // 0042FC03 8B15 E8234A00 MOV EDX,DWORD PTR DS:[0x4A23E8] ; jichi: text length here + // 0042FC09 8B4C24 10 MOV ECX,DWORD PTR SS:[ESP+0x10] ; jichi: count is here + // 0042FC0D 8B76 04 MOV ESI,DWORD PTR DS:[ESI+0x4] + // 0042FC10 894424 14 MOV DWORD PTR SS:[ESP+0x14],EAX + // 0042FC14 8B92 44290000 MOV EDX,DWORD PTR DS:[EDX+0x2944] ; jichi: offset + // 0042FC1A 8BF8 MOV EDI,EAX + // 0042FC1C 8BC1 MOV EAX,ECX + // 0042FC1E 83C4 04 ADD ESP,0x4 + // 0042FC21 8D7432 04 LEA ESI,DWORD PTR DS:[EDX+ESI+0x4] + + ULONG textBaseAddress_, // 0042FC03 8B15 E8234A00 MOV EDX,DWORD PTR DS:[0x4A23E8] + textOffset_; // 0042FC14 8B92 44290000 MOV EDX,DWORD PTR DS:[EDX+0x2944] + + std::string data_; + + /** + * Sample game: 姦獄学園 + * Sample stack when hook1 is invoked: + * 0012FE10 00000003 + * 0012FE14 00000008 + * 0012FE18 7FFDF000 + * 0012FE1C 00000000 + * 0012FE20 00000000 + * 0012FE24 0012FEB0 Pointer to next SEH record + * 0012FE28 00480918 SE handler + * 0012FE2C 00000000 + * 0012FE30 00419B16 RETURN to .00419B16 from .0040169F + * 0012FE34 0012FE4C + * 0012FE38 0012FE70 + * 0012FE3C 00000040 + * 0012FE40 77032EB2 user32.PeekMessageA + * 0012FE44 00000000 + * 0012FE48 00000039 + * 0012FE4C 00000002 + * 0012FE50 00000039 + * 0012FE54 00000000 + * 0012FE58 00000000 + * + * Scenario thread caller: + * + * 0041C27C E8 D65AFEFF CALL .00401D57 + * 0041C281 8D5424 38 LEA EDX,DWORD PTR SS:[ESP+0x38] + * 0041C285 68 00040000 PUSH 0x400 + * 0041C28A 8D4424 34 LEA EAX,DWORD PTR SS:[ESP+0x34] + * 0041C28E 52 PUSH EDX + * 0041C28F 50 PUSH EAX + * 0041C290 E8 2354FEFF CALL .004016B8 ; jichi: scenario caller here + * 0041C295 83C4 0C ADD ESP,0xC + * 0041C298 8D4C24 38 LEA ECX,DWORD PTR SS:[ESP+0x38] + * 0041C29C 8B15 B44E4A00 MOV EDX,DWORD PTR DS:[0x4A4EB4] + * 0041C2A2 51 PUSH ECX + * 0041C2A3 8B0D 5C0A4A00 MOV ECX,DWORD PTR DS:[0x4A0A5C] + * 0041C2A9 8BC1 MOV EAX,ECX + * + * Other thread callers: + * + * 00421298 8D8424 B0000000 LEA EAX,DWORD PTR SS:[ESP+0xB0] + * 0042129F 50 PUSH EAX + * 004212A0 51 PUSH ECX + * 004212A1 895424 2C MOV DWORD PTR SS:[ESP+0x2C],EDX + * 004212A5 E8 0E04FEFF CALL .004016B8 ; jichi: other caller + * 004212AA 8D5424 38 LEA EDX,DWORD PTR SS:[ESP+0x38] + * 004212AE 68 80000000 PUSH 0x80 + * 004212B3 8D4424 24 LEA EAX,DWORD PTR SS:[ESP+0x24] + * 004212B7 52 PUSH EDX + * 004212B8 50 PUSH EAX + * 004212B9 E8 FA03FEFF CALL .004016B8 ; jichi: other here + * 004212BE 83C4 18 ADD ESP,0x18 + * 004212C1 83FF 01 CMP EDI,0x1 + * 004212C4 75 68 JNZ SHORT .0042132E + * + * + * Sample game: 春恋*乙女~乙女の園でごきげんよう。~ + * Sample scenario caller: + * 0041C0C4 8D4424 38 LEA EAX,DWORD PTR SS:[ESP+0x38] + * 0041C0C8 68 00040000 PUSH 0x400 + * 0041C0CD 8D4C24 34 LEA ECX,DWORD PTR SS:[ESP+0x34] + * 0041C0D1 50 PUSH EAX + * 0041C0D2 51 PUSH ECX + * 0041C0D3 E8 C755FEFF CALL .0040169F ; jichi: called here + * 0041C0D8 8B0D 4CE94900 MOV ECX,DWORD PTR DS:[0x49E94C] + * 0041C0DE 8B35 00244A00 MOV ESI,DWORD PTR DS:[0x4A2400] + * 0041C0E4 8BC1 MOV EAX,ECX + * 0041C0E6 83C4 0C ADD ESP,0xC + * + * 0012FA54 00000001 + * 0012FA58 00000006 + * 0012FA5C 7707EA71 user32.MessageBoxA + * 0012FA60 00000000 + * 0012FA64 00000000 + * 0012FA68 0012FF78 Pointer to next SEH record + * 0012FA6C 00480918 SE handler + * 0012FA70 00000000 + * 0012FA74 0041C0D8 RETURN to .0041C0D8 from .0040169F + * 0012FA78 0012FAB4 + * 0012FA7C 0012FABC + * 0012FA80 00000400 ; jichi: used as split to identify scenario thread + * 0012FA84 00000003 + * 0012FA88 77032EB2 user32.PeekMessageA + * 0012FA8C 77033569 user32.DispatchMessageA + * 0012FA90 7FFDF000 + * 0012FA94 00000000 + * 0012FA98 00000000 + * + * Other thread caller: + * 0012FD60 00000001 + * 0012FD64 00000001 + * 0012FD68 7FFDF000 + * 0012FD6C 00000000 + * 0012FD70 00000000 + * 0012FD74 0012FF78 Pointer to next SEH record + * 0012FD78 00480918 SE handler + * 0012FD7C 00000000 + * 0012FD80 0042113A RETURN to .0042113A from .0040169F + * 0012FD84 0012FDAC + * 0012FD88 0012FE3C + * 0012FD8C 00000080 ; jichi: arg3 + * 0012FD90 00000003 + * 0012FD94 77032EB2 user32.PeekMessageA + * 0012FD98 77033569 user32.DispatchMessageA + * 0012FD9C 00000002 + * 0012FDA0 00000034 + * 0012FDA4 00000002 + * 0012FDA8 0000006D + * 0012FDAC 00000002 + * 0012FDB0 00000034 + * 0012FDB4 00000000 + * 0012FDB8 00000001 + * 0012FDBC 001907D0 + * 0012FDC0 00000202 + * + * Sample game: 恋姫†無双 + * ecx = 0x22 + * Sample game text containing zeros + * 01D6B13B 8E A9 8C 52 81 41 05 04 00 00 00 01 81 40 81 40 自軍、...   + * 01D6B14B 81 40 91 CE 01 93 47 8C 52 81 41 05 05 00 00 00  対敵軍、... + * 01D6B15B 02 00 14 00 00 00 5F 62 74 6C 5F 53 65 74 57 61 ...._btl_SetWa + * 01D6B16B 7A 61 42 74 6E 53 72 63 59 00 0D 00 00 00 5F 62 zaBtnSrcY....._b + * 01D6B17B 74 6C 5F 63 6D 64 63 68 69 70 00 0F 00 00 00 5F tl_cmdchip...._ + * 01D6B18B 62 74 6C 5F 63 6D 64 63 68 69 70 5F 6D 00 0D 00 btl_cmdchip_m... + * 01D6B19B 00 00 5F 62 74 6C 5F 6F 6E 6D 6F 75 73 65 00 0E .._btl_onmouse. + * 01D6B1AB 00 00 00 5F 62 74 6C 5F 73 65 6C 65 63 74 65 64 ..._btl_selected + * 01D6B1BB 00 0B 00 00 00 5F 62 74 6C 5F 52 65 74 72 79 00 . ..._btl_Retry. + * 01D6B1CB 13 00 00 00 5F 62 74 6C 5F 43 6C 65 61 6E 75 70 ..._btl_Cleanup + * + * ecx = 0x19 + * 01D6B317 81 40 04 6B 00 00 00 82 CC 91 B9 8A 51 82 F0 97  k...の損害を・ + * 01D6B327 5E 82 A6 82 BD 81 42 02 00 10 00 00 00 5F 62 74 ^えた。...._bt + * 01D6B337 6C 5F 57 61 7A 61 5F 43 68 6F 75 6E 00 17 00 00 l_Waza_Choun... + * 01D6B347 00 5F 62 74 6C 5F 57 61 7A 61 45 6E 65 6D 79 5F ._btl_WazaEnemy_ + * 01D6B357 42 75 66 66 41 54 4B 00 10 00 00 00 5F 62 74 6C BuffATK...._btl + * 01D6B367 5F 57 61 7A 61 5F 4B 6F 63 68 75 00 1C 00 00 00 _Waza_Kochu.... + */ + + bool hook1(hook_stack*s,void* data, size_t* len1,uintptr_t*role) + { + data_.clear(); + + int size = s->eax - 1; + if (size <= 0) + return false; + + // 0042FC03 8B15 E8234A00 MOV EDX,DWORD PTR DS:[0x4A23E8] ; jichi: text here + // 0042FC09 8B4C24 10 MOV ECX,DWORD PTR SS:[ESP+0x10] ; jichi: count is here + // 0042FC0D 8B76 04 MOV ESI,DWORD PTR DS:[ESI+0x4] ; jichi: [arg1+4] + // 0042FC10 894424 14 MOV DWORD PTR SS:[ESP+0x14],EAX + // 0042FC14 8B92 44290000 MOV EDX,DWORD PTR DS:[EDX+0x2944] ; jichi: base addr, [[0x4A23E8] + 0x2944] + // 0042FC1A 8BF8 MOV EDI,EAX + // 0042FC1C 8BC1 MOV EAX,ECX + // 0042FC1E 83C4 04 ADD ESP,0x4 + // + // 0042FC21 8D7432 04 LEA ESI,DWORD PTR DS:[EDX+ESI+0x4] ; jichi: hook2, text in esi + + ULONG edx, esi; + { + edx = *(DWORD *)textBaseAddress_; // 0042FC03 8B15 E8234A00 MOV EDX,DWORD PTR DS:[0x4A23E8] + edx = *(DWORD *)(edx + textOffset_); // 0042FC14 8B92 44290000 MOV EDX,DWORD PTR DS:[EDX+0x2944] + esi = *(DWORD *)(s->esi + 0x4); // 0042FC0D 8B76 04 MOV ESI,DWORD PTR DS:[ESI+0x4] + esi = edx + esi + 0x4; // 0042FC21 8D7432 04 LEA ESI,DWORD PTR DS:[EDX+ESI+0x4] + } + + auto text = (LPCSTR)esi; + if (!*text + //|| ::strlen(text) != size + || text[size] // text length not verified since there could be trailing zeros + || ::isalpha(text[0]) && ::isalpha(text[1]) // Sample system text in 恋姫無双: bcg_剣道場a + ||all_ascii(text)) + return false; + + auto trimmedSize = size; + auto trimmedText = trim(text, &trimmedSize); + if (trimmedSize <= 0) + return false; + + //auto size = s->ecx * 4; + //auto dst = (LPSTR)s->edi; + * role = Engine::OtherRole; + auto retaddr = s->stack[8]; + //if ((*(DWORD *)retaddr & 0xffffff) == 0x0cc483) // 0041C295 83C4 0C ADD ESP,0xC + // role = Engine::ScenarioRole; + auto arg3 = s->stack[8 + 3]; + if (arg3 == 0x400) + *role = Engine::ScenarioRole; + // 8/7/2015: Here, I could also split choice and scenario from the retaddr. + // But I didn't so that choice can also be display the same way asn scenario. + //sig = retaddr; + + std::string oldData(trimmedText, trimmedSize); + + static const std::string zero_bytes(1, '\0'); + const char *zero_str = LCSE_0; + + bool containsZeros = false; + if (oldData.find('\0')!=oldData.npos) { + containsZeros = true; + strReplace(oldData, zero_bytes, zero_str); + //oldData.replace(zero_bytes, zero_str); + *role = Engine::OtherRole; + // FIXME: There could be individual ascii letters before zeros (such as "k" and "n") + // They should be escaped here. + // Escaping not implemented since I am lazy. + } + strcpy((char*)data,oldData.c_str());*len1=oldData.size(); + return true; + std::string newData = oldData+"xx"; + if (newData.empty() || newData == oldData) + return false; + + if (containsZeros) + strReplace(newData, zero_str, zero_bytes); + //newData.replace(zero_str, zero_bytes); + + int prefixSize = trimmedText - text, + suffixSize = size - prefixSize - trimmedSize; + if (prefixSize) + newData.insert(0,std::string(text, prefixSize)); + if (suffixSize) + newData.append(trimmedText + trimmedSize, suffixSize); + + data_ = newData; + s->eax = data_.size() + 1; + return true; + + } + void hookafter(hook_stack*s,void* data, size_t len1){ + + int size = s->eax - 1; + if (size <= 0) + return ; + + ULONG edx, esi; + { + edx = *(DWORD *)textBaseAddress_; // 0042FC03 8B15 E8234A00 MOV EDX,DWORD PTR DS:[0x4A23E8] + edx = *(DWORD *)(edx + textOffset_); // 0042FC14 8B92 44290000 MOV EDX,DWORD PTR DS:[EDX+0x2944] + esi = *(DWORD *)(s->esi + 0x4); // 0042FC0D 8B76 04 MOV ESI,DWORD PTR DS:[ESI+0x4] + esi = edx + esi + 0x4; // 0042FC21 8D7432 04 LEA ESI,DWORD PTR DS:[EDX+ESI+0x4] + } + + auto text = (LPCSTR)esi; + if (!*text + //|| ::strlen(text) != size + || text[size] // text length not verified since there could be trailing zeros + || ::isalpha(text[0]) && ::isalpha(text[1]) // Sample system text in 恋姫無双: bcg_剣道場a + ||all_ascii(text)) + return ; + + auto trimmedSize = size; + auto trimmedText = trim(text, &trimmedSize); + if (trimmedSize <= 0) + return ; + + auto retaddr = s->stack[8]; + //if ((*(DWORD *)retaddr & 0xffffff) == 0x0cc483) // 0041C295 83C4 0C ADD ESP,0xC + // role = Engine::ScenarioRole; + auto arg3 = s->stack[8 + 3]; + + + std::string oldData(trimmedText, trimmedSize); + + static const std::string zero_bytes(1, '\0'); + const char *zero_str = LCSE_0; + + bool containsZeros = false; + if (oldData.find('\0')!=oldData.npos) { + containsZeros = true; + strReplace(oldData, zero_bytes, zero_str); + //oldData.replace(zero_bytes, zero_str); + + // FIXME: There could be individual ascii letters before zeros (such as "k" and "n") + // They should be escaped here. + // Escaping not implemented since I am lazy. + } + std::string newData = std::string((char*)data,len1); + if (newData.empty() || newData == oldData) + return ; + + if (containsZeros) + strReplace(newData, zero_str, zero_bytes); + //newData.replace(zero_str, zero_bytes); + + int prefixSize = trimmedText - text, + suffixSize = size - prefixSize - trimmedSize; + if (prefixSize) + newData.insert(0,std::string(text, prefixSize)); + if (suffixSize) + newData.append(trimmedText + trimmedSize, suffixSize); + + data_ = newData; + s->eax = data_.size() + 1; + return ; + + } + bool hook2(hook_stack*s,void* data, size_t* len1,uintptr_t*role) + { + if (!data_.empty()) + s->esi = (ULONG)data_.c_str(); + return false; + } +} // namespace Private + +/** + * Sample game: 春恋*乙女~乙女の園でごきげんよう。~ + * + * 0042FB1E CC INT3 + * 0042FB1F CC INT3 + * 0042FB20 6A FF PUSH -0x1 + * 0042FB22 68 18094800 PUSH lcsebody.00480918 + * 0042FB27 64:A1 00000000 MOV EAX,DWORD PTR FS:[0] + * 0042FB2D 50 PUSH EAX + * 0042FB2E 64:8925 00000000 MOV DWORD PTR FS:[0],ESP + * 0042FB35 83EC 08 SUB ESP,0x8 + * 0042FB38 53 PUSH EBX + * 0042FB39 33DB XOR EBX,EBX + * 0042FB3B 56 PUSH ESI + * 0042FB3C 57 PUSH EDI + * 0042FB3D 895C24 0C MOV DWORD PTR SS:[ESP+0xC],EBX + * 0042FB41 895C24 10 MOV DWORD PTR SS:[ESP+0x10],EBX + * 0042FB45 8B7424 24 MOV ESI,DWORD PTR SS:[ESP+0x24] ; jichi; arg1 + * 0042FB49 895C24 1C MOV DWORD PTR SS:[ESP+0x1C],EBX + * 0042FB4D 8B06 MOV EAX,DWORD PTR DS:[ESI] + * 0042FB4F 83F8 05 CMP EAX,0x5 + * 0042FB52 75 2F JNZ SHORT lcsebody.0042FB83 + * 0042FB54 8B76 04 MOV ESI,DWORD PTR DS:[ESI+0x4] + * 0042FB57 8B3D E8234A00 MOV EDI,DWORD PTR DS:[0x4A23E8] + * 0042FB5D 3BF3 CMP ESI,EBX + * 0042FB5F 7C 08 JL SHORT lcsebody.0042FB69 + * 0042FB61 39B7 54290000 CMP DWORD PTR DS:[EDI+0x2954],ESI + * 0042FB67 7F 12 JG SHORT lcsebody.0042FB7B + * 0042FB69 53 PUSH EBX + * 0042FB6A 68 20F54800 PUSH lcsebody.0048F520 ; ASCII "err" + * 0042FB6F 68 F4F44800 PUSH lcsebody.0048F4F4 + * 0042FB74 53 PUSH EBX + * 0042FB75 FF15 EC874A00 CALL DWORD PTR DS:[<&USER32.MessageBoxA>>; user32.MessageBoxA + * 0042FB7B 8B87 74290000 MOV EAX,DWORD PTR DS:[EDI+0x2974] + * 0042FB81 EB 32 JMP SHORT lcsebody.0042FBB5 + * 0042FB83 83F8 08 CMP EAX,0x8 ; jichi: esi=arg1 jumped here + * 0042FB86 75 57 JNZ SHORT lcsebody.0042FBDF + * 0042FB88 8B76 04 MOV ESI,DWORD PTR DS:[ESI+0x4] + * 0042FB8B 8B3D E8234A00 MOV EDI,DWORD PTR DS:[0x4A23E8] + * 0042FB91 3BF3 CMP ESI,EBX + * 0042FB93 7C 08 JL SHORT lcsebody.0042FB9D + * 0042FB95 39B7 60290000 CMP DWORD PTR DS:[EDI+0x2960],ESI + * 0042FB9B 7F 12 JG SHORT lcsebody.0042FBAF + * 0042FB9D 53 PUSH EBX + * 0042FB9E 68 20F54800 PUSH lcsebody.0048F520 ; ASCII "err" + * 0042FBA3 68 F4F44800 PUSH lcsebody.0048F4F4 + * 0042FBA8 53 PUSH EBX + * 0042FBA9 FF15 EC874A00 CALL DWORD PTR DS:[<&USER32.MessageBoxA>>; user32.MessageBoxA + * 0042FBAF 8B87 80290000 MOV EAX,DWORD PTR DS:[EDI+0x2980] + * 0042FBB5 8D34F0 LEA ESI,DWORD PTR DS:[EAX+ESI*8] + * 0042FBB8 8B06 MOV EAX,DWORD PTR DS:[ESI] + * 0042FBBA 50 PUSH EAX + * 0042FBBB 894424 10 MOV DWORD PTR SS:[ESP+0x10],EAX + * 0042FBBF E8 5E840000 CALL lcsebody.00438022 + * 0042FBC4 8B4C24 10 MOV ECX,DWORD PTR SS:[ESP+0x10] + * 0042FBC8 83C4 04 ADD ESP,0x4 + * 0042FBCB 8BD1 MOV EDX,ECX + * 0042FBCD 894424 10 MOV DWORD PTR SS:[ESP+0x10],EAX + * 0042FBD1 8B76 04 MOV ESI,DWORD PTR DS:[ESI+0x4] + * 0042FBD4 8BF8 MOV EDI,EAX + * 0042FBD6 C1E9 02 SHR ECX,0x2 + * 0042FBD9 F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS> + * 0042FBDB 8BCA MOV ECX,EDX + * 0042FBDD EB 4D JMP SHORT lcsebody.0042FC2C + * 0042FBDF 83F8 02 CMP EAX,0x2 ; jichi: esi=arg1 jumped here + * 0042FBE2 0F85 A2000000 JNZ lcsebody.0042FC8A + * 0042FBE8 A1 E8234A00 MOV EAX,DWORD PTR DS:[0x4A23E8] ; jichi: text length here + * 0042FBED 8B56 04 MOV EDX,DWORD PTR DS:[ESI+0x4] + * 0042FBF0 8B88 44290000 MOV ECX,DWORD PTR DS:[EAX+0x2944] + * 0042FBF6 8B0411 MOV EAX,DWORD PTR DS:[ECX+EDX] + * + * 0042FBF9 50 PUSH EAX ; jichi: hook1, text length pushed, new function + * 0042FBFA 894424 10 MOV DWORD PTR SS:[ESP+0x10],EAX ; jichi: text length, is this the memory allocation + * 0042FBFE E8 1F840000 CALL lcsebody.00438022 + * + * 0042FC03 8B15 E8234A00 MOV EDX,DWORD PTR DS:[0x4A23E8] ; jichi: text here + * 0042FC09 8B4C24 10 MOV ECX,DWORD PTR SS:[ESP+0x10] ; jichi: count is here + * 0042FC0D 8B76 04 MOV ESI,DWORD PTR DS:[ESI+0x4] ; jichi: [arg1+4] + * 0042FC10 894424 14 MOV DWORD PTR SS:[ESP+0x14],EAX + * 0042FC14 8B92 44290000 MOV EDX,DWORD PTR DS:[EDX+0x2944] ; jichi: base addr, [[0x4A23E8] + 0x2944] + * 0042FC1A 8BF8 MOV EDI,EAX + * 0042FC1C 8BC1 MOV EAX,ECX + * 0042FC1E 83C4 04 ADD ESP,0x4 + * + * 0042FC21 8D7432 04 LEA ESI,DWORD PTR DS:[EDX+ESI+0x4] ; jichi: hook2, text in esi + * 0042FC25 C1E9 02 SHR ECX,0x2 ; jichi: ecx is now the count, here, the rep function is blocked by 4 for performance + * 0042FC28 F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS[ESI] ; jichi: text accessed here from esi to edi + * + * 0042FC2A 8BC8 MOV ECX,EAX + * 0042FC2C 8B5424 28 MOV EDX,DWORD PTR SS:[ESP+0x28] + * 0042FC30 83E1 03 AND ECX,0x3 + * 0042FC33 F3:A4 REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[ESI] + * 0042FC35 8B4C24 2C MOV ECX,DWORD PTR SS:[ESP+0x2C] + * 0042FC39 8D4424 0C LEA EAX,DWORD PTR SS:[ESP+0xC] + * 0042FC3D 51 PUSH ECX + * 0042FC3E 52 PUSH EDX + * 0042FC3F 50 PUSH EAX + * 0042FC40 E8 AB14FDFF CALL lcsebody.004010F0 + * 0042FC45 83C4 0C ADD ESP,0xC + * 0042FC48 C74424 1C FFFFFF>MOV DWORD PTR SS:[ESP+0x1C],-0x1 + * 0042FC50 84C0 TEST AL,AL + * 0042FC52 8B4424 10 MOV EAX,DWORD PTR SS:[ESP+0x10] + * 0042FC56 895C24 0C MOV DWORD PTR SS:[ESP+0xC],EBX + * 0042FC5A 74 21 JE SHORT lcsebody.0042FC7D + * 0042FC5C 3BC3 CMP EAX,EBX + * 0042FC5E 74 09 JE SHORT lcsebody.0042FC69 + * 0042FC60 50 PUSH EAX + * 0042FC61 E8 467E0000 CALL lcsebody.00437AAC + * 0042FC66 83C4 04 ADD ESP,0x4 + * 0042FC69 5F POP EDI + * 0042FC6A 5E POP ESI + * 0042FC6B B0 01 MOV AL,0x1 + * 0042FC6D 5B POP EBX + * 0042FC6E 8B4C24 08 MOV ECX,DWORD PTR SS:[ESP+0x8] + * 0042FC72 64:890D 00000000 MOV DWORD PTR FS:[0],ECX + * 0042FC79 83C4 14 ADD ESP,0x14 + * 0042FC7C C3 RETN + * 0042FC7D 3BC3 CMP EAX,EBX + * 0042FC7F 74 09 JE SHORT lcsebody.0042FC8A + * 0042FC81 50 PUSH EAX + * 0042FC82 E8 257E0000 CALL lcsebody.00437AAC + * 0042FC87 83C4 04 ADD ESP,0x4 + * 0042FC8A 8B4C24 14 MOV ECX,DWORD PTR SS:[ESP+0x14] + * 0042FC8E 5F POP EDI + * 0042FC8F 5E POP ESI + * 0042FC90 32C0 XOR AL,AL + * 0042FC92 5B POP EBX + * 0042FC93 64:890D 00000000 MOV DWORD PTR FS:[0],ECX + * 0042FC9A 83C4 14 ADD ESP,0x14 + * 0042FC9D C3 RETN + * 0042FC9E 90 NOP + * 0042FC9F 90 NOP + * 0042FCA0 CC INT3 + * 0042FCA1 CC INT3 + * 0042FCA2 CC INT3 + * 0042FCA3 CC INT3 + * 0042FCA4 CC INT3 + * 0042FCA5 CC INT3 + * 0042FCA6 CC INT3 + * + * Sample game: 姦獄学園 + * + * 00430CAB CC INT3 + * 00430CAC CC INT3 + * 00430CAD CC INT3 + * 00430CAE CC INT3 + * 00430CAF CC INT3 + * 00430CB0 6A FF PUSH -0x1 + * 00430CB2 68 08204800 PUSH .00482008 + * 00430CB7 64:A1 00000000 MOV EAX,DWORD PTR FS:[0] + * 00430CBD 50 PUSH EAX + * 00430CBE 64:8925 00000000 MOV DWORD PTR FS:[0],ESP + * 00430CC5 83EC 08 SUB ESP,0x8 + * 00430CC8 53 PUSH EBX + * 00430CC9 33DB XOR EBX,EBX + * 00430CCB 56 PUSH ESI + * 00430CCC 57 PUSH EDI + * 00430CCD 895C24 0C MOV DWORD PTR SS:[ESP+0xC],EBX + * 00430CD1 895C24 10 MOV DWORD PTR SS:[ESP+0x10],EBX + * 00430CD5 8B7424 24 MOV ESI,DWORD PTR SS:[ESP+0x24] + * 00430CD9 895C24 1C MOV DWORD PTR SS:[ESP+0x1C],EBX + * 00430CDD 8B06 MOV EAX,DWORD PTR DS:[ESI] + * 00430CDF 83F8 05 CMP EAX,0x5 + * 00430CE2 75 2F JNZ SHORT .00430D13 + * 00430CE4 8B76 04 MOV ESI,DWORD PTR DS:[ESI+0x4] + * 00430CE7 8B3D 9C4E4A00 MOV EDI,DWORD PTR DS:[0x4A4E9C] + * 00430CED 3BF3 CMP ESI,EBX + * 00430CEF 7C 08 JL SHORT .00430CF9 + * 00430CF1 39B7 54310000 CMP DWORD PTR DS:[EDI+0x3154],ESI + * 00430CF7 7F 12 JG SHORT .00430D0B + * 00430CF9 53 PUSH EBX + * 00430CFA 68 98154900 PUSH .00491598 ; ASCII "err" + * 00430CFF 68 D8254900 PUSH .004925D8 + * 00430D04 53 PUSH EBX + * 00430D05 FF15 2CC84A00 CALL DWORD PTR DS:[0x4AC82C] ; user32.MessageBoxA + * 00430D0B 8B87 74310000 MOV EAX,DWORD PTR DS:[EDI+0x3174] + * 00430D11 EB 32 JMP SHORT .00430D45 + * 00430D13 83F8 08 CMP EAX,0x8 + * 00430D16 75 57 JNZ SHORT .00430D6F + * 00430D18 8B76 04 MOV ESI,DWORD PTR DS:[ESI+0x4] + * 00430D1B 8B3D 9C4E4A00 MOV EDI,DWORD PTR DS:[0x4A4E9C] + * 00430D21 3BF3 CMP ESI,EBX + * 00430D23 7C 08 JL SHORT .00430D2D + * 00430D25 39B7 60310000 CMP DWORD PTR DS:[EDI+0x3160],ESI + * 00430D2B 7F 12 JG SHORT .00430D3F + * 00430D2D 53 PUSH EBX + * 00430D2E 68 98154900 PUSH .00491598 ; ASCII "err" + * 00430D33 68 AC254900 PUSH .004925AC + * 00430D38 53 PUSH EBX + * 00430D39 FF15 2CC84A00 CALL DWORD PTR DS:[0x4AC82C] ; user32.MessageBoxA + * 00430D3F 8B87 80310000 MOV EAX,DWORD PTR DS:[EDI+0x3180] + * 00430D45 8D34F0 LEA ESI,DWORD PTR DS:[EAX+ESI*8] + * 00430D48 8B06 MOV EAX,DWORD PTR DS:[ESI] + * 00430D4A 50 PUSH EAX + * 00430D4B 894424 10 MOV DWORD PTR SS:[ESP+0x10],EAX + * 00430D4F E8 BE890000 CALL .00439712 + * 00430D54 8B4C24 10 MOV ECX,DWORD PTR SS:[ESP+0x10] + * 00430D58 83C4 04 ADD ESP,0x4 + * 00430D5B 8BD1 MOV EDX,ECX + * 00430D5D 894424 10 MOV DWORD PTR SS:[ESP+0x10],EAX + * 00430D61 8B76 04 MOV ESI,DWORD PTR DS:[ESI+0x4] + * 00430D64 8BF8 MOV EDI,EAX + * 00430D66 C1E9 02 SHR ECX,0x2 + * 00430D69 F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS> + * 00430D6B 8BCA MOV ECX,EDX + * 00430D6D EB 4D JMP SHORT .00430DBC + * 00430D6F 83F8 02 CMP EAX,0x2 + * 00430D72 0F85 A2000000 JNZ .00430E1A + * 00430D78 A1 9C4E4A00 MOV EAX,DWORD PTR DS:[0x4A4E9C] + * 00430D7D 8B56 04 MOV EDX,DWORD PTR DS:[ESI+0x4] + * 00430D80 8B88 44310000 MOV ECX,DWORD PTR DS:[EAX+0x3144] + * 00430D86 8B0411 MOV EAX,DWORD PTR DS:[ECX+EDX] + * 00430D89 50 PUSH EAX + * 00430D8A 894424 10 MOV DWORD PTR SS:[ESP+0x10],EAX + * 00430D8E E8 7F890000 CALL .00439712 + * 00430D93 8B15 9C4E4A00 MOV EDX,DWORD PTR DS:[0x4A4E9C] + * 00430D99 8B4C24 10 MOV ECX,DWORD PTR SS:[ESP+0x10] + * 00430D9D 8B76 04 MOV ESI,DWORD PTR DS:[ESI+0x4] + * 00430DA0 894424 14 MOV DWORD PTR SS:[ESP+0x14],EAX + * 00430DA4 8B92 44310000 MOV EDX,DWORD PTR DS:[EDX+0x3144] + * 00430DAA 8BF8 MOV EDI,EAX + * 00430DAC 8BC1 MOV EAX,ECX + * 00430DAE 83C4 04 ADD ESP,0x4 + * 00430DB1 8D7432 04 LEA ESI,DWORD PTR DS:[EDX+ESI+0x4] ; jichi: the other game's access point + * 00430DB5 C1E9 02 SHR ECX,0x2 + * 00430DB8 F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI] + * 00430DBA 8BC8 MOV ECX,EAX + * 00430DBC 8B5424 28 MOV EDX,DWORD PTR SS:[ESP+0x28] + * 00430DC0 83E1 03 AND ECX,0x3 + * 00430DC3 F3:A4 REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[ESI] + * 00430DC5 8B4C24 2C MOV ECX,DWORD PTR SS:[ESP+0x2C] + * 00430DC9 8D4424 0C LEA EAX,DWORD PTR SS:[ESP+0xC] + * 00430DCD 51 PUSH ECX + * 00430DCE 52 PUSH EDX + * 00430DCF 50 PUSH EAX + * 00430DD0 E8 2503FDFF CALL .004010FA + * 00430DD5 83C4 0C ADD ESP,0xC + * 00430DD8 C74424 1C FFFFFF>MOV DWORD PTR SS:[ESP+0x1C],-0x1 + * 00430DE0 84C0 TEST AL,AL + * 00430DE2 8B4424 10 MOV EAX,DWORD PTR SS:[ESP+0x10] + * 00430DE6 895C24 0C MOV DWORD PTR SS:[ESP+0xC],EBX + * 00430DEA 74 21 JE SHORT .00430E0D + * 00430DEC 3BC3 CMP EAX,EBX + * 00430DEE 74 09 JE SHORT .00430DF9 + * 00430DF0 50 PUSH EAX + * 00430DF1 E8 A6830000 CALL .0043919C + * 00430DF6 83C4 04 ADD ESP,0x4 + * 00430DF9 5F POP EDI + * 00430DFA 5E POP ESI + * 00430DFB B0 01 MOV AL,0x1 + * 00430DFD 5B POP EBX + * 00430DFE 8B4C24 08 MOV ECX,DWORD PTR SS:[ESP+0x8] + * 00430E02 64:890D 00000000 MOV DWORD PTR FS:[0],ECX + * 00430E09 83C4 14 ADD ESP,0x14 + * 00430E0C C3 RETN + * 00430E0D 3BC3 CMP EAX,EBX + * 00430E0F 74 09 JE SHORT .00430E1A + * 00430E11 50 PUSH EAX + * 00430E12 E8 85830000 CALL .0043919C + * 00430E17 83C4 04 ADD ESP,0x4 + * 00430E1A 8B4C24 14 MOV ECX,DWORD PTR SS:[ESP+0x14] + * 00430E1E 5F POP EDI + * 00430E1F 5E POP ESI + * 00430E20 32C0 XOR AL,AL + * 00430E22 5B POP EBX + * 00430E23 64:890D 00000000 MOV DWORD PTR FS:[0],ECX + * 00430E2A 83C4 14 ADD ESP,0x14 + * 00430E2D C3 RETN + * 00430E2E 90 NOP + * 00430E2F 90 NOP + * 00430E30 CC INT3 + * 00430E31 CC INT3 + * 00430E32 CC INT3 + * 00430E33 CC INT3 + * 00430E34 CC INT3 + */ +bool isLeadByteChar(const char *s) + { + return dynsjis::isleadstr(s); + //return ::IsDBCSLeadByte(HIBYTE(testChar)); + } +bool attach(ULONG startAddress, ULONG stopAddress,ULONG dyna) +{ + const uint8_t bytes[] = { + 0x8d,0x74,0x32, 0x04, // 0042fc21 8d7432 04 lea esi,dword ptr ds:[edx+esi+0x4] + 0xc1,0xe9, 0x02, // 0042fc25 c1e9 02 shr ecx,0x2 + 0xf3,0xa5 // 0042fc28 f3:a5 rep movs dword ptr es:[edi],dword ptr ds[esi] ; jichi: text accessed here from esi to edi + }; + ULONG addr2 = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if (!addr2) + return false; + + // 0042FBF9 50 PUSH EAX ; jichi: hook1, text length pushed, new function + // 0042FBFA 894424 10 MOV DWORD PTR SS:[ESP+0x10],EAX ; jichi: text length, is this the memory allocation? + // 0042FBFE E8 1F840000 CALL lcsebody.00438022 + // 0042FC03 8B15 E8234A00 MOV EDX,DWORD PTR DS:[0x4A23E8] ; jichi: text here + // 0042FC09 8B4C24 10 MOV ECX,DWORD PTR SS:[ESP+0x10] ; jichi: count is here + // 0042FC0D 8B76 04 MOV ESI,DWORD PTR DS:[ESI+0x4] ; jichi: [arg1+4] + // 0042FC10 894424 14 MOV DWORD PTR SS:[ESP+0x14],EAX + // 0042FC14 8B92 44290000 MOV EDX,DWORD PTR DS:[EDX+0x2944] ; jichi: base addr, [[0x4A23E8] + 0x2944] + // 0042FC1A 8BF8 MOV EDI,EAX + // 0042FC1C 8BC1 MOV EAX,ECX + // 0042FC1E 83C4 04 ADD ESP,0x4 + // + // 0042FC21 8D7432 04 LEA ESI,DWORD PTR DS:[EDX+ESI+0x4] ; jichi: hook2, text in esi + // 0042FC25 C1E9 02 SHR ECX,0x2 ; jichi: ecx is now the count, here, the rep function is blocked by 4 for performance + // 0042FC28 F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS[ESI] ; jichi: text accessed here from esi to edi + ULONG addr1 = addr2 + 0x0042fbf9 - 0x0042fc21; + if (*(BYTE *)addr1 != 0x50) // push_eax + return false; + + // 0042FC03 8B15 E8234A00 MOV EDX,DWORD PTR DS:[0x4A23E8] ; jichi: text here + // 0042FC09 8B4C24 10 MOV ECX,DWORD PTR SS:[ESP+0x10] ; jichi: count is here + // 0042FC0D 8B76 04 MOV ESI,DWORD PTR DS:[ESI+0x4] ; jichi: [arg1+4] + // 0042FC10 894424 14 MOV DWORD PTR SS:[ESP+0x14],EAX + // 0042FC14 8B92 44290000 MOV EDX,DWORD PTR DS:[EDX+0x2944] ; jichi: offset addr, [[0x4A23E8] + 0x2944] + { + ULONG addr = addr2 + 0x0042fc03 - 0x0042fc21; + if (*(WORD *)addr != 0x158b) // 0042FC03 8B15 E8234A00 MOV EDX,DWORD PTR DS:[0x4A23E8] + return false; + addr += 2; + Private::textBaseAddress_ = *(DWORD *)addr; + } + { + ULONG addr = addr2 + 0x0042fc14 - 0x0042fc21; + if (*(WORD *)addr != 0x928b) // 0042FC14 8B92 44290000 MOV EDX,DWORD PTR DS:[EDX+0x2944] + return false; + addr += 2; + Private::textOffset_ = *(DWORD *)addr; + } + HookParam hp; + hp.address=addr1; + hp.hook_before=Private::hook1; + hp.hook_after=Private::hookafter; + hp.type=EMBED_ABLE; + hp.newlineseperator=L"\x01"; + hp.hook_font=F_GetGlyphOutlineA; + if(dyna){ + static ULONG dynas; + dynas=dyna; + hp.type|=EMBED_DYNA_SJIS; + hp.hook_font=F_GetGlyphOutlineA; + patch_fun=[](){ + ReplaceFunction((PVOID*)&dynas, (PVOID)(ULONG)isLeadByteChar); + dynamiccodec->setMinimumSecondByte(6);//// skip 0x1,0x2,0x3 in case dynamic encoding could crash the game + }; + } + auto succ=NewHook(hp,"EmbedLCSE"); + hp.address=addr2+4; + hp.hook_before=Private::hook2; + hp.type=EMBED_ABLE|HOOK_EMPTY; + succ|=NewHook(hp,"EmbedLCSE"); + return succ; +} +} // namespace ScenarioHook + +namespace Patch { + +namespace Private { + bool isLeadByteChar(const char *s) + { + return dynsjis::isleadstr(s); + //return ::IsDBCSLeadByte(HIBYTE(testChar)); + } + +} // namespace Private + +/** + * Sample game: 春恋*乙女~乙女の園でごきげんよう。~ + * + * Debugging method: Find text in memory, and then insert hardware breakpoint. + * It will be accessed only ONCE in the following function. + * + * This function can also be found by searching the following instruction: + * 0040A389 3C 81 CMP AL,0x81 + * + * This function is very similar to that in CatSystem2. + * + * 0040A37E CC INT3 + * 0040A37F CC INT3 + * 0040A380 8B4C24 04 MOV ECX,DWORD PTR SS:[ESP+0x4] + * 0040A384 8A01 MOV AL,BYTE PTR DS:[ECX] ; jichi: first byte + * 0040A386 8A49 01 MOV CL,BYTE PTR DS:[ECX+0x1] ; jichi: second byte + * 0040A389 3C 81 CMP AL,0x81 + * 0040A38B 72 04 JB SHORT lcsebody.0040A391 + * 0040A38D 3C 9F CMP AL,0x9F + * 0040A38F 76 08 JBE SHORT lcsebody.0040A399 + * 0040A391 3C E0 CMP AL,0xE0 + * 0040A393 72 1B JB SHORT lcsebody.0040A3B0 + * 0040A395 3C FC CMP AL,0xFC + * 0040A397 77 17 JA SHORT lcsebody.0040A3B0 + * 0040A399 80F9 40 CMP CL,0x40 + * 0040A39C 72 05 JB SHORT lcsebody.0040A3A3 + * 0040A39E 80F9 7E CMP CL,0x7E + * 0040A3A1 76 0A JBE SHORT lcsebody.0040A3AD + * 0040A3A3 80F9 80 CMP CL,0x80 + * 0040A3A6 72 08 JB SHORT lcsebody.0040A3B0 + * 0040A3A8 80F9 FC CMP CL,0xFC + * 0040A3AB 77 03 JA SHORT lcsebody.0040A3B0 + * 0040A3AD B0 01 MOV AL,0x1 + * 0040A3AF C3 RETN + * 0040A3B0 32C0 XOR AL,AL + * 0040A3B2 C3 RETN + * 0040A3B3 90 NOP + * 0040A3B4 90 NOP + * 0040A3B5 90 NOP + * 0040A3B6 90 NOP + * + * This function is found by tracing the caller of GetGlyphOutlineA, as follows: + * + * 00416B6B CC INT3 + * 00416B6C CC INT3 + * 00416B6D CC INT3 + * 00416B6E CC INT3 + * 00416B6F CC INT3 + * 00416B70 83EC 08 SUB ESP,0x8 + * 00416B73 53 PUSH EBX + * 00416B74 56 PUSH ESI + * 00416B75 8BF1 MOV ESI,ECX + * 00416B77 33DB XOR EBX,EBX ; jichi: zero ebx + * 00416B79 57 PUSH EDI + * 00416B7A 8B86 EC000000 MOV EAX,DWORD PTR DS:[ESI+0xEC] + * 00416B80 8A9430 08010000 MOV DL,BYTE PTR DS:[EAX+ESI+0x108] ; jichi: byte accessed here + * 00416B87 8D8C30 08010000 LEA ECX,DWORD PTR DS:[EAX+ESI+0x108] ; jichi: byte accessed here + * 00416B8E 3AD3 CMP DL,BL ; jichi: bl is zero, dl is the current byte + * 00416B90 75 0C JNZ SHORT lcsebody.00416B9E + * 00416B92 B8 FF000000 MOV EAX,0xFF + * 00416B97 5F POP EDI + * 00416B98 5E POP ESI + * 00416B99 5B POP EBX + * 00416B9A 83C4 08 ADD ESP,0x8 + * 00416B9D C3 RETN + * 00416B9E 8B96 F0000000 MOV EDX,DWORD PTR DS:[ESI+0xF0] + * 00416BA4 4A DEC EDX + * 00416BA5 3BC2 CMP EAX,EDX + * 00416BA7 0F8D 31010000 JGE lcsebody.00416CDE + * 00416BAD 51 PUSH ECX + * 00416BAE E8 31B1FEFF CALL lcsebody.00401CE4 ; jichi: ecx point to the current character, return 0 or 1 + * 00416BB3 83C4 04 ADD ESP,0x4 + * 00416BB6 84C0 TEST AL,AL + * 00416BB8 0F84 20010000 JE lcsebody.00416CDE ; jichi: wrong here + * 00416BBE 8B86 EC000000 MOV EAX,DWORD PTR DS:[ESI+0xEC] + * 00416BC4 33C9 XOR ECX,ECX + * 00416BC6 03C6 ADD EAX,ESI + * 00416BC8 889E 20050000 MOV BYTE PTR DS:[ESI+0x520],BL + * 00416BCE 8AA8 08010000 MOV CH,BYTE PTR DS:[EAX+0x108] ; jichi: high bits + * 00416BD4 8A88 09010000 MOV CL,BYTE PTR DS:[EAX+0x109] + * 00416BDA 8BF9 MOV EDI,ECX ; jichi: low bits, edi is now the full character + * 00416BDC 8BCE MOV ECX,ESI ; jichi: recover ecx to esi + * 00416BDE E8 13AEFEFF CALL lcsebody.004019F6 ; jichi: eax is zero when edi is legal + * 00416BE3 3BC3 CMP EAX,EBX ; jichi: ebx is always zero as well + * 00416BE5 74 4A JE SHORT lcsebody.00416C31 + * 00416BE7 389E 2C050000 CMP BYTE PTR DS:[ESI+0x52C],BL + * 00416BED 0F84 9A020000 JE lcsebody.00416E8D + * 00416BF3 389E 20050000 CMP BYTE PTR DS:[ESI+0x520],BL + * 00416BF9 74 1B JE SHORT lcsebody.00416C16 + * 00416BFB B9 34F14800 MOV ECX,lcsebody.0048F134 + * 00416C00 3B39 CMP EDI,DWORD PTR DS:[ECX] + * 00416C02 74 2D JE SHORT lcsebody.00416C31 + * 00416C04 83C1 04 ADD ECX,0x4 + * 00416C07 81F9 50F14800 CMP ECX,lcsebody.0048F150 + * 00416C0D ^7C F1 JL SHORT lcsebody.00416C00 + * 00416C0F 5F POP EDI + * 00416C10 5E POP ESI + * 00416C11 5B POP EBX + * 00416C12 83C4 08 ADD ESP,0x8 + * 00416C15 C3 RETN + * 00416C16 B9 00F14800 MOV ECX,lcsebody.0048F100 + * 00416C1B 3B39 CMP EDI,DWORD PTR DS:[ECX] + * 00416C1D 74 12 JE SHORT lcsebody.00416C31 + * 00416C1F 83C1 04 ADD ECX,0x4 + * 00416C22 81F9 34F14800 CMP ECX,lcsebody.0048F134 + * 00416C28 ^7C F1 JL SHORT lcsebody.00416C1B + * 00416C2A 5F POP EDI + * 00416C2B 5E POP ESI + * 00416C2C 5B POP EBX + * 00416C2D 83C4 08 ADD ESP,0x8 + * 00416C30 C3 RETN + * 00416C31 8A8E 20050000 MOV CL,BYTE PTR DS:[ESI+0x520] + * 00416C37 3ACB CMP CL,BL + * 00416C39 74 15 JE SHORT lcsebody.00416C50 + * 00416C3B B8 70F14800 MOV EAX,lcsebody.0048F170 + * 00416C40 3B38 CMP EDI,DWORD PTR DS:[EAX] + * 00416C42 74 21 JE SHORT lcsebody.00416C65 + * 00416C44 83C0 04 ADD EAX,0x4 + * 00416C47 3D 7CF14800 CMP EAX,lcsebody.0048F17C + * 00416C4C ^7C F2 JL SHORT lcsebody.00416C40 + * 00416C4E EB 1B JMP SHORT lcsebody.00416C6B + * 00416C50 B8 50F14800 MOV EAX,lcsebody.0048F150 + * 00416C55 3B38 CMP EDI,DWORD PTR DS:[EAX] ; jichi: compare current wide character with a threshold (0x8169 = "(") + * 00416C57 74 0C JE SHORT lcsebody.00416C65 + * 00416C59 83C0 04 ADD EAX,0x4 + * 00416C5C 3D 70F14800 CMP EAX,lcsebody.0048F170 + * 00416C61 ^7C F2 JL SHORT lcsebody.00416C55 + * 00416C63 EB 06 JMP SHORT lcsebody.00416C6B + * 00416C65 FF86 24050000 INC DWORD PTR DS:[ESI+0x524] + * 00416C6B 3ACB CMP CL,BL + * 00416C6D 74 15 JE SHORT lcsebody.00416C84 + * 00416C6F B8 9CF14800 MOV EAX,lcsebody.0048F19C + * 00416C74 3B38 CMP EDI,DWORD PTR DS:[EAX] + * 00416C76 74 21 JE SHORT lcsebody.00416C99 + * 00416C78 83C0 04 ADD EAX,0x4 + * 00416C7B 3D A8F14800 CMP EAX,lcsebody.0048F1A8 + * 00416C80 ^7C F2 JL SHORT lcsebody.00416C74 + * 00416C82 EB 2A JMP SHORT lcsebody.00416CAE + * 00416C84 B8 7CF14800 MOV EAX,lcsebody.0048F17C + * 00416C89 3B38 CMP EDI,DWORD PTR DS:[EAX] + * 00416C8B 74 0C JE SHORT lcsebody.00416C99 + * 00416C8D 83C0 04 ADD EAX,0x4 + * 00416C90 3D 9CF14800 CMP EAX,lcsebody.0048F19C + * 00416C95 ^7C F2 JL SHORT lcsebody.00416C89 + * 00416C97 EB 15 JMP SHORT lcsebody.00416CAE + * 00416C99 8B86 24050000 MOV EAX,DWORD PTR DS:[ESI+0x524] + * 00416C9F 48 DEC EAX + * 00416CA0 8986 24050000 MOV DWORD PTR DS:[ESI+0x524],EAX + * 00416CA6 79 06 JNS SHORT lcsebody.00416CAE + * 00416CA8 899E 24050000 MOV DWORD PTR DS:[ESI+0x524],EBX + * 00416CAE 57 PUSH EDI + * 00416CAF 8BCE MOV ECX,ESI + * 00416CB1 E8 20A5FEFF CALL lcsebody.004011D6 + * 00416CB6 8B86 EC000000 MOV EAX,DWORD PTR DS:[ESI+0xEC] + * 00416CBC 8A9430 08010000 MOV DL,BYTE PTR DS:[EAX+ESI+0x108] + * 00416CC3 83C0 02 ADD EAX,0x2 + * 00416CC6 885424 0C MOV BYTE PTR SS:[ESP+0xC],DL + * 00416CCA 8A8C30 07010000 MOV CL,BYTE PTR DS:[EAX+ESI+0x107] + * 00416CD1 884C24 0D MOV BYTE PTR SS:[ESP+0xD],CL + * 00416CD5 885C24 0E MOV BYTE PTR SS:[ESP+0xE],BL + * 00416CD9 E9 77010000 JMP lcsebody.00416E55 + * 00416CDE 8B96 EC000000 MOV EDX,DWORD PTR DS:[ESI+0xEC] + * 00416CE4 C686 20050000 01 MOV BYTE PTR DS:[ESI+0x520],0x1 + * 00416CEB 8A8C16 08010000 MOV CL,BYTE PTR DS:[ESI+EDX+0x108] + * 00416CF2 8D8416 08010000 LEA EAX,DWORD PTR DS:[ESI+EDX+0x108] + * 00416CF9 80F9 1F CMP CL,0x1F + * 00416CFC 77 54 JA SHORT lcsebody.00416D52 + * 00416CFE 80F9 03 CMP CL,0x3 + * 00416D01 75 06 JNZ SHORT lcsebody.00416D09 + * 00416D03 899E 28050000 MOV DWORD PTR DS:[ESI+0x528],EBX + * 00416D09 8A00 MOV AL,BYTE PTR DS:[EAX] + * 00416D0B 83EC 0C SUB ESP,0xC + * 00416D0E 8D5424 18 LEA EDX,DWORD PTR SS:[ESP+0x18] + * 00416D12 8BCC MOV ECX,ESP + * 00416D14 896424 1C MOV DWORD PTR SS:[ESP+0x1C],ESP + * 00416D18 8DBE FC000000 LEA EDI,DWORD PTR DS:[ESI+0xFC] + * 00416D1E 52 PUSH EDX + * 00416D1F 51 PUSH ECX + * 00416D20 8BCF MOV ECX,EDI + * 00416D22 884424 20 MOV BYTE PTR SS:[ESP+0x20],AL + * 00416D26 885C24 21 MOV BYTE PTR SS:[ESP+0x21],BL + * 00416D2A E8 D0A8FEFF CALL lcsebody.004015FF + * 00416D2F 8BCF MOV ECX,EDI + * 00416D31 E8 A1A8FEFF CALL lcsebody.004015D7 + * 00416D36 8B8E EC000000 MOV ECX,DWORD PTR DS:[ESI+0xEC] + * 00416D3C 0FBE8431 0801000> MOVSX EAX,BYTE PTR DS:[ECX+ESI+0x108] + * 00416D44 41 INC ECX + * 00416D45 898E EC000000 MOV DWORD PTR DS:[ESI+0xEC],ECX + * 00416D4B 5F POP EDI + * 00416D4C 5E POP ESI + * 00416D4D 5B POP EBX + * 00416D4E 83C4 08 ADD ESP,0x8 + * 00416D51 C3 RETN + * 00416D52 8BCE MOV ECX,ESI + * 00416D54 E8 9DACFEFF CALL lcsebody.004019F6 + * 00416D59 3BC3 CMP EAX,EBX + * 00416D5B 74 4A JE SHORT lcsebody.00416DA7 + * 00416D5D 389E 2C050000 CMP BYTE PTR DS:[ESI+0x52C],BL + * 00416D63 0F84 24010000 JE lcsebody.00416E8D + * 00416D69 389E 20050000 CMP BYTE PTR DS:[ESI+0x520],BL + * 00416D6F 74 1B JE SHORT lcsebody.00416D8C + * 00416D71 B9 34F14800 MOV ECX,lcsebody.0048F134 + * 00416D76 3919 CMP DWORD PTR DS:[ECX],EBX + * 00416D78 74 2D JE SHORT lcsebody.00416DA7 + * 00416D7A 83C1 04 ADD ECX,0x4 + * 00416D7D 81F9 50F14800 CMP ECX,lcsebody.0048F150 + * 00416D83 ^7C F1 JL SHORT lcsebody.00416D76 + * 00416D85 5F POP EDI + * 00416D86 5E POP ESI + * 00416D87 5B POP EBX + * 00416D88 83C4 08 ADD ESP,0x8 + * 00416D8B C3 RETN + * 00416D8C B9 00F14800 MOV ECX,lcsebody.0048F100 + * 00416D91 3919 CMP DWORD PTR DS:[ECX],EBX + * 00416D93 74 12 JE SHORT lcsebody.00416DA7 + * 00416D95 83C1 04 ADD ECX,0x4 + * 00416D98 81F9 34F14800 CMP ECX,lcsebody.0048F134 + * 00416D9E ^7C F1 JL SHORT lcsebody.00416D91 + * 00416DA0 5F POP EDI + * 00416DA1 5E POP ESI + * 00416DA2 5B POP EBX + * 00416DA3 83C4 08 ADD ESP,0x8 + * 00416DA6 C3 RETN + * 00416DA7 8B86 EC000000 MOV EAX,DWORD PTR DS:[ESI+0xEC] + * 00416DAD 8A96 20050000 MOV DL,BYTE PTR DS:[ESI+0x520] + * 00416DB3 0FBEBC06 08010000 MOVSX EDI,BYTE PTR DS:[ESI+EAX+0x108] ; jichi: edi get assigned to the illegal character + * 00416DBB 8BCF MOV ECX,EDI + * 00416DBD C1E1 08 SHL ECX,0x8 + * 00416DC0 3AD3 CMP DL,BL + * 00416DC2 74 15 JE SHORT lcsebody.00416DD9 + * 00416DC4 B8 70F14800 MOV EAX,lcsebody.0048F170 + * 00416DC9 3B08 CMP ECX,DWORD PTR DS:[EAX] + * 00416DCB 74 21 JE SHORT lcsebody.00416DEE + * 00416DCD 83C0 04 ADD EAX,0x4 + * 00416DD0 3D 7CF14800 CMP EAX,lcsebody.0048F17C + * 00416DD5 ^7C F2 JL SHORT lcsebody.00416DC9 + * 00416DD7 EB 1B JMP SHORT lcsebody.00416DF4 + * 00416DD9 B8 50F14800 MOV EAX,lcsebody.0048F150 + * 00416DDE 3B08 CMP ECX,DWORD PTR DS:[EAX] + * 00416DE0 74 0C JE SHORT lcsebody.00416DEE + * 00416DE2 83C0 04 ADD EAX,0x4 + * 00416DE5 3D 70F14800 CMP EAX,lcsebody.0048F170 + * 00416DEA ^7C F2 JL SHORT lcsebody.00416DDE + * 00416DEC EB 06 JMP SHORT lcsebody.00416DF4 + * 00416DEE FF86 24050000 INC DWORD PTR DS:[ESI+0x524] + * 00416DF4 3AD3 CMP DL,BL + * 00416DF6 74 15 JE SHORT lcsebody.00416E0D + * 00416DF8 B8 9CF14800 MOV EAX,lcsebody.0048F19C + * 00416DFD 3B08 CMP ECX,DWORD PTR DS:[EAX] + * 00416DFF 74 21 JE SHORT lcsebody.00416E22 + * 00416E01 83C0 04 ADD EAX,0x4 + * 00416E04 3D A8F14800 CMP EAX,lcsebody.0048F1A8 + * 00416E09 ^7C F2 JL SHORT lcsebody.00416DFD + * 00416E0B EB 2A JMP SHORT lcsebody.00416E37 + * 00416E0D B8 7CF14800 MOV EAX,lcsebody.0048F17C + * 00416E12 3B08 CMP ECX,DWORD PTR DS:[EAX] + * 00416E14 74 0C JE SHORT lcsebody.00416E22 + * 00416E16 83C0 04 ADD EAX,0x4 + * 00416E19 3D 9CF14800 CMP EAX,lcsebody.0048F19C + * 00416E1E ^7C F2 JL SHORT lcsebody.00416E12 + * 00416E20 EB 15 JMP SHORT lcsebody.00416E37 + * 00416E22 8B86 24050000 MOV EAX,DWORD PTR DS:[ESI+0x524] + * 00416E28 48 DEC EAX + * 00416E29 8986 24050000 MOV DWORD PTR DS:[ESI+0x524],EAX + * 00416E2F 79 06 JNS SHORT lcsebody.00416E37 + * 00416E31 899E 24050000 MOV DWORD PTR DS:[ESI+0x524],EBX + * 00416E37 57 PUSH EDI ; jichi: invalid character + * 00416E38 8BCE MOV ECX,ESI + * 00416E3A E8 97A3FEFF CALL lcsebody.004011D6 ; jichi: char in arg1 + * 00416E3F 8B86 EC000000 MOV EAX,DWORD PTR DS:[ESI+0xEC] + */ + +ULONG patchEncoding(ULONG startAddress, ULONG stopAddress) +{ + const uint8_t bytes[] = { + 0x8b,0x4c,0x24, 0x04, // 0040a380 8b4c24 04 mov ecx,dword ptr ss:[esp+0x4] + 0x8a,0x01, // 0040a384 8a01 mov al,byte ptr ds:[ecx] + 0x8a,0x49, 0x01, // 0040a386 8a49 01 mov cl,byte ptr ds:[ecx+0x1] + 0x3c, 0x81 // 0040a389 3c 81 cmp al,0x81 + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + return addr;// && winhook::replace_fun(addr, (ULONG)Private::isLeadByteChar); +} + +} // namespace Patch +} // unnamed namespace + +bool LCScript::attach_function() +{ + + if (!ScenarioHook::attach(processStartAddress, processStopAddress,Patch::patchEncoding(processStartAddress, processStopAddress))) + return false; + + return true; +} \ No newline at end of file diff --git a/LunaHook/engine32/LCScript.h b/LunaHook/engine32/LCScript.h new file mode 100644 index 0000000..61718b2 --- /dev/null +++ b/LunaHook/engine32/LCScript.h @@ -0,0 +1,16 @@ +#include"engine.h" + +#define LCSE_0 "[0]" // pseudo separator +#define LCSE_0W L"[0]" // pseudo separator +class LCScript:public ENGINE{ + public: + LCScript(){ + + check_by=CHECK_BY::CUSTOM; + // jichi 3/19/2014: LC-ScriptEngine, GetGlyphOutlineA + check_by_target=[](){ + return (wcsstr(processName, L"lcsebody") || !wcsncmp(processName, L"lcsebo~", 7) || Util::CheckFile(L"lcsebody*")); + }; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Leaf.cpp b/LunaHook/engine32/Leaf.cpp new file mode 100644 index 0000000..9eed5a8 --- /dev/null +++ b/LunaHook/engine32/Leaf.cpp @@ -0,0 +1,648 @@ +#include"Leaf.h" + + +/** jichi 12/25/2014: Leaf/AQUAPLUS + * Sample game: [141224] [AQUAPLUS] WHITE ALBUM2 ミニアフタースト�リー + * Debug method: hardware break found text + * The text address is fixed. + * There are three matched functions. + * It can find both character name and scenario. + * + * The scenario text contains "\n" or "\k". + * + * 0045145C CC INT3 + * 0045145D CC INT3 + * 0045145E CC INT3 + * 0045145F CC INT3 + * 00451460 D9EE FLDZ + * 00451462 56 PUSH ESI + * 00451463 8B7424 08 MOV ESI,DWORD PTR SS:[ESP+0x8] + * 00451467 D95E 0C FSTP DWORD PTR DS:[ESI+0xC] + * 0045146A 57 PUSH EDI + * 0045146B 8BF9 MOV EDI,ECX + * 0045146D 8B97 B0A00000 MOV EDX,DWORD PTR DS:[EDI+0xA0B0] + * 00451473 33C0 XOR EAX,EAX + * 00451475 3BD0 CMP EDX,EAX + * 00451477 C706 05000000 MOV DWORD PTR DS:[ESI],0x5 + * 0045147D C746 04 03000000 MOV DWORD PTR DS:[ESI+0x4],0x3 + * 00451484 8946 10 MOV DWORD PTR DS:[ESI+0x10],EAX + * 00451487 8946 08 MOV DWORD PTR DS:[ESI+0x8],EAX + * 0045148A 7F 0D JG SHORT .00451499 + * 0045148C 8987 B0A00000 MOV DWORD PTR DS:[EDI+0xA0B0],EAX + * 00451492 5F POP EDI + * 00451493 8BC6 MOV EAX,ESI + * 00451495 5E POP ESI + * 00451496 C2 0400 RETN 0x4 + * 00451499 8D0492 LEA EAX,DWORD PTR DS:[EDX+EDX*4] + * 0045149C 53 PUSH EBX + * 0045149D 8B9C87 B08C0000 MOV EBX,DWORD PTR DS:[EDI+EAX*4+0x8CB0] + * 004514A4 8D0487 LEA EAX,DWORD PTR DS:[EDI+EAX*4] + * 004514A7 55 PUSH EBP + * 004514A8 8D6B FF LEA EBP,DWORD PTR DS:[EBX-0x1] + * 004514AB B9 04000000 MOV ECX,0x4 + * 004514B0 3BE9 CMP EBP,ECX + * 004514B2 0F87 10020000 JA .004516C8 + * 004514B8 FF24AD E8164500 JMP DWORD PTR DS:[EBP*4+0x4516E8] + * 004514BF 8B80 C08C0000 MOV EAX,DWORD PTR DS:[EAX+0x8CC0] + * 004514C5 8D0480 LEA EAX,DWORD PTR DS:[EAX+EAX*4] + * 004514C8 03C0 ADD EAX,EAX + * 004514CA 0FBE9400 6416BC0>MOVSX EDX,BYTE PTR DS:[EAX+EAX+0xBC1664] + * 004514D2 03C0 ADD EAX,EAX + * 004514D4 8D5A FF LEA EBX,DWORD PTR DS:[EDX-0x1] + * 004514D7 3BD9 CMP EBX,ECX + * 004514D9 0F87 B9000000 JA .00451598 + * 004514DF FF249D FC164500 JMP DWORD PTR DS:[EBX*4+0x4516FC] + * 004514E6 0FB688 6516BC00 MOVZX ECX,BYTE PTR DS:[EAX+0xBC1665] + * 004514ED FF8F B0A00000 DEC DWORD PTR DS:[EDI+0xA0B0] + * 004514F3 5D POP EBP + * 004514F4 5B POP EBX + * 004514F5 5F POP EDI + * 004514F6 894E 10 MOV DWORD PTR DS:[ESI+0x10],ECX + * 004514F9 8BC6 MOV EAX,ESI + * 004514FB 5E POP ESI + * 004514FC C2 0400 RETN 0x4 + * 004514FF 0FBF90 6616BC00 MOVSX EDX,WORD PTR DS:[EAX+0xBC1666] + * 00451506 FF8F B0A00000 DEC DWORD PTR DS:[EDI+0xA0B0] + * 0045150C 5D POP EBP + * 0045150D 5B POP EBX + * 0045150E 5F POP EDI + * 0045150F 8956 10 MOV DWORD PTR DS:[ESI+0x10],EDX + * 00451512 8BC6 MOV EAX,ESI + * 00451514 5E POP ESI + * 00451515 C2 0400 RETN 0x4 + * 00451518 8B80 6816BC00 MOV EAX,DWORD PTR DS:[EAX+0xBC1668] + * 0045151E FF8F B0A00000 DEC DWORD PTR DS:[EDI+0xA0B0] + * 00451524 5D POP EBP + * 00451525 5B POP EBX + * 00451526 8946 10 MOV DWORD PTR DS:[ESI+0x10],EAX + * 00451529 5F POP EDI + * 0045152A 8BC6 MOV EAX,ESI + * 0045152C 5E POP ESI + * 0045152D C2 0400 RETN 0x4 + * 00451530 D980 6C16BC00 FLD DWORD PTR DS:[EAX+0xBC166C] + * 00451536 FF8F B0A00000 DEC DWORD PTR DS:[EDI+0xA0B0] + * 0045153C 5D POP EBP + * 0045153D D95E 0C FSTP DWORD PTR DS:[ESI+0xC] + * 00451540 5B POP EBX + * 00451541 5F POP EDI + * 00451542 894E 04 MOV DWORD PTR DS:[ESI+0x4],ECX + * 00451545 8BC6 MOV EAX,ESI + * 00451547 5E POP ESI + * 00451548 C2 0400 RETN 0x4 + * 0045154B 8B80 7016BC00 MOV EAX,DWORD PTR DS:[EAX+0xBC1670] + * 00451551 8D58 01 LEA EBX,DWORD PTR DS:[EAX+0x1] + * 00451554 8A10 MOV DL,BYTE PTR DS:[EAX] + * 00451556 40 INC EAX + * 00451557 84D2 TEST DL,DL + * 00451559 ^75 F9 JNZ SHORT .00451554 + * 0045155B 2BC3 SUB EAX,EBX + * 0045155D 8D58 01 LEA EBX,DWORD PTR DS:[EAX+0x1] + * 00451560 53 PUSH EBX + * 00451561 6A 00 PUSH 0x0 + * 00451563 53 PUSH EBX + * 00451564 6A 00 PUSH 0x0 + * 00451566 FF15 74104A00 CALL DWORD PTR DS:[0x4A1074] ; kernel32.GetProcessHeap + * 0045156C 50 PUSH EAX + * 0045156D FF15 B4104A00 CALL DWORD PTR DS:[0x4A10B4] ; ntdll.RtlAllocateHeap + * 00451573 50 PUSH EAX + * 00451574 E8 373F0200 CALL .004754B0 + * 00451579 8B8F B0A00000 MOV ECX,DWORD PTR DS:[EDI+0xA0B0] + * 0045157F 8D0C89 LEA ECX,DWORD PTR DS:[ECX+ECX*4] + * 00451582 8B8C8F C08C0000 MOV ECX,DWORD PTR DS:[EDI+ECX*4+0x8CC0] + * 00451589 8D1489 LEA EDX,DWORD PTR DS:[ECX+ECX*4] + * 0045158C 8B0C95 7016BC00 MOV ECX,DWORD PTR DS:[EDX*4+0xBC1670] + * 00451593 E9 0C010000 JMP .004516A4 + * 00451598 52 PUSH EDX + * 00451599 68 A8644A00 PUSH .004A64A8 + * 0045159E E9 2B010000 JMP .004516CE + * 004515A3 8D9492 2D230000 LEA EDX,DWORD PTR DS:[EDX+EDX*4+0x232D] + * 004515AA 8B1C97 MOV EBX,DWORD PTR DS:[EDI+EDX*4] + * 004515AD 85DB TEST EBX,EBX + * 004515AF 0F8C 23010000 JL .004516D8 + * 004515B5 8B80 C08C0000 MOV EAX,DWORD PTR DS:[EAX+0x8CC0] + * 004515BB 99 CDQ + * 004515BC BD 1A000000 MOV EBP,0x1A + * 004515C1 F7FD IDIV EBP + * 004515C3 C1E2 04 SHL EDX,0x4 + * 004515C6 03D3 ADD EDX,EBX + * 004515C8 85C0 TEST EAX,EAX + * 004515CA 74 1C JE SHORT .004515E8 + * 004515CC D98497 34A70000 FLD DWORD PTR DS:[EDI+EDX*4+0xA734] + * 004515D3 FF8F B0A00000 DEC DWORD PTR DS:[EDI+0xA0B0] + * 004515D9 5D POP EBP + * 004515DA D95E 0C FSTP DWORD PTR DS:[ESI+0xC] + * 004515DD 5B POP EBX + * 004515DE 5F POP EDI + * 004515DF 894E 04 MOV DWORD PTR DS:[ESI+0x4],ECX + * 004515E2 8BC6 MOV EAX,ESI + * 004515E4 5E POP ESI + * 004515E5 C2 0400 RETN 0x4 + * 004515E8 8B8497 B4A00000 MOV EAX,DWORD PTR DS:[EDI+EDX*4+0xA0B4] + * 004515EF FF8F B0A00000 DEC DWORD PTR DS:[EDI+0xA0B0] + * 004515F5 5D POP EBP + * 004515F6 5B POP EBX + * 004515F7 8946 10 MOV DWORD PTR DS:[ESI+0x10],EAX + * 004515FA 5F POP EDI + * 004515FB 8BC6 MOV EAX,ESI + * 004515FD 5E POP ESI + * 004515FE C2 0400 RETN 0x4 + * 00451601 8B88 C08C0000 MOV ECX,DWORD PTR DS:[EAX+0x8CC0] + * 00451607 D980 BC8C0000 FLD DWORD PTR DS:[EAX+0x8CBC] + * 0045160D 894E 10 MOV DWORD PTR DS:[ESI+0x10],ECX + * 00451610 D95E 0C FSTP DWORD PTR DS:[ESI+0xC] + * 00451613 8B88 B88C0000 MOV ECX,DWORD PTR DS:[EAX+0x8CB8] + * 00451619 894E 08 MOV DWORD PTR DS:[ESI+0x8],ECX + * 0045161C 8D9492 2D230000 LEA EDX,DWORD PTR DS:[EDX+EDX*4+0x232D] + * 00451623 8B0C97 MOV ECX,DWORD PTR DS:[EDI+EDX*4] + * 00451626 894E 04 MOV DWORD PTR DS:[ESI+0x4],ECX + * 00451629 33C9 XOR ECX,ECX + * 0045162B 8988 B08C0000 MOV DWORD PTR DS:[EAX+0x8CB0],ECX + * 00451631 8988 B48C0000 MOV DWORD PTR DS:[EAX+0x8CB4],ECX + * 00451637 8988 B88C0000 MOV DWORD PTR DS:[EAX+0x8CB8],ECX + * 0045163D 5D POP EBP + * 0045163E 8988 BC8C0000 MOV DWORD PTR DS:[EAX+0x8CBC],ECX + * 00451644 8988 C08C0000 MOV DWORD PTR DS:[EAX+0x8CC0],ECX + * 0045164A FF8F B0A00000 DEC DWORD PTR DS:[EDI+0xA0B0] + * 00451650 5B POP EBX + * 00451651 5F POP EDI + * 00451652 8BC6 MOV EAX,ESI + * 00451654 5E POP ESI + * 00451655 C2 0400 RETN 0x4 + * 00451658 8B90 C08C0000 MOV EDX,DWORD PTR DS:[EAX+0x8CC0] + * 0045165E 8B8497 14080000 MOV EAX,DWORD PTR DS:[EDI+EDX*4+0x814] ; jichi: text in eax + * 00451665 8D58 01 LEA EBX,DWORD PTR DS:[EAX+0x1] ; jichi: hook here would crash + * 00451668 8A10 MOV DL,BYTE PTR DS:[EAX] ; jichi: text accessed here in eax + * 0045166A 40 INC EAX + * 0045166B 84D2 TEST DL,DL + * 0045166D ^75 F9 JNZ SHORT .00451668 + * 0045166F 2BC3 SUB EAX,EBX ; jichi: hook here, text in ebx-1 + * 00451671 8D58 01 LEA EBX,DWORD PTR DS:[EAX+0X1] + * 00451674 53 PUSH EBX + * 00451675 6A 00 PUSH 0x0 + * 00451677 53 PUSH EBX + * 00451678 6A 00 PUSH 0x0 + * 0045167A FF15 74104A00 CALL DWORD PTR DS:[0x4A1074] ; kernel32.GetProcessHeap + * 00451680 50 PUSH EAX + * 00451681 FF15 B4104A00 CALL DWORD PTR DS:[0x4A10B4] ; ntdll.RtlAllocateHeap + * 00451687 50 PUSH EAX + * 00451688 E8 233E0200 CALL .004754B0 + * 0045168D 8B8F B0A00000 MOV ECX,DWORD PTR DS:[EDI+0xA0B0] + * 00451693 8D0C89 LEA ECX,DWORD PTR DS:[ECX+ECX*4] + * 00451696 8B948F C08C0000 MOV EDX,DWORD PTR DS:[EDI+ECX*4+0x8CC0] + * 0045169D 8B8C97 14080000 MOV ECX,DWORD PTR DS:[EDI+EDX*4+0x814] ; jichi: text in ecx + * 004516A4 53 PUSH EBX + * 004516A5 51 PUSH ECX + * 004516A6 50 PUSH EAX + * 004516A7 8946 08 MOV DWORD PTR DS:[ESI+0x8],EAX + * 004516AA E8 31410200 CALL .004757E0 + * 004516AF 83C4 18 ADD ESP,0x18 + * 004516B2 FF8F B0A00000 DEC DWORD PTR DS:[EDI+0xA0B0] + * 004516B8 5D POP EBP + * 004516B9 5B POP EBX + * 004516BA 5F POP EDI + * 004516BB C746 04 05000000 MOV DWORD PTR DS:[ESI+0x4],0x5 + * 004516C2 8BC6 MOV EAX,ESI + * 004516C4 5E POP ESI + * 004516C5 C2 0400 RETN 0x4 + * 004516C8 53 PUSH EBX + * 004516C9 68 8C644A00 PUSH .004A648C + * 004516CE 6A 00 PUSH 0x0 + * 004516D0 E8 6BABFFFF CALL .0044C240 + * 004516D5 83C4 0C ADD ESP,0xC + * 004516D8 FF8F B0A00000 DEC DWORD PTR DS:[EDI+0xA0B0] + * 004516DE 5D POP EBP + * 004516DF 5B POP EBX + * 004516E0 5F POP EDI + * 004516E1 8BC6 MOV EAX,ESI + * 004516E3 5E POP ESI + * 004516E4 C2 0400 RETN 0x4 + * 004516E7 90 NOP + * 004516E8 BF 144500A3 MOV EDI,0xA3004514 + * 004516ED 15 45005816 ADC EAX,0x16580045 + * 004516F2 45 INC EBP + * 004516F3 00C8 ADD AL,CL + * 004516F5 16 PUSH SS + * 004516F6 45 INC EBP + * 004516F7 0001 ADD BYTE PTR DS:[ECX],AL + * 004516F9 16 PUSH SS + * 004516FA 45 INC EBP + * 004516FB 00E6 ADD DH,AH + * 004516FD 14 45 ADC AL,0x45 + * 004516FF 00FF ADD BH,BH + * 00451701 14 45 ADC AL,0x45 + * 00451703 0018 ADD BYTE PTR DS:[EAX],BL + * 00451705 15 45003015 ADC EAX,0x15300045 + * 0045170A 45 INC EBP + * 0045170B 004B 15 ADD BYTE PTR DS:[EBX+0x15],CL + * 0045170E 45 INC EBP + * 0045170F 0083 7C240800 ADD BYTE PTR DS:[EBX+0x8247C],AL + * 00451715 56 PUSH ESI + * 00451716 8BF1 MOV ESI,ECX + * 00451718 74 29 JE SHORT .00451743 + * 0045171A 8B86 B0A00000 MOV EAX,DWORD PTR DS:[ESI+0xA0B0] + * 00451720 3D FF000000 CMP EAX,0xFF + * 00451725 7C 15 JL SHORT .0045173C + * 00451727 68 74644A00 PUSH .004A6474 + * 0045172C 6A 00 PUSH 0x0 + * 0045172E E8 0DABFFFF CALL .0044C240 + * 00451733 83C4 08 ADD ESP,0x8 + * 00451736 33C0 XOR EAX,EAX + * 00451738 5E POP ESI + * 00451739 C2 0800 RETN 0x8 + * 0045173C 40 INC EAX + * 0045173D 8986 B0A00000 MOV DWORD PTR DS:[ESI+0xA0B0],EAX + * 00451743 8B86 B0A00000 MOV EAX,DWORD PTR DS:[ESI+0xA0B0] + * 00451749 8D0C80 LEA ECX,DWORD PTR DS:[EAX+EAX*4] + * 0045174C 8D0C8E LEA ECX,DWORD PTR DS:[ESI+ECX*4] + * 0045174F 57 PUSH EDI + * 00451750 8BB9 B08C0000 MOV EDI,DWORD PTR DS:[ECX+0x8CB0] + * 00451756 8BD7 MOV EDX,EDI + * 00451758 83EA 01 SUB EDX,0x1 + * 0045175B 74 70 JE SHORT .004517CD + * 0045175D 83EA 01 SUB EDX,0x1 + * 00451760 74 1A JE SHORT .0045177C + * 00451762 57 PUSH EDI + * 00451763 68 CC644A00 PUSH .004A64CC + * 00451768 6A 00 PUSH 0x0 + * 0045176A E8 D1AAFFFF CALL .0044C240 + * 0045176F 83C4 0C ADD ESP,0xC + * 00451772 5F POP EDI + * 00451773 B8 01000000 MOV EAX,0x1 + * 00451778 5E POP ESI + * 00451779 C2 0800 RETN 0x8 + * 0045177C 8D9480 2D230000 LEA EDX,DWORD PTR DS:[EAX+EAX*4+0x232D] + * 00451783 8B3C96 MOV EDI,DWORD PTR DS:[ESI+EDX*4] + * 00451786 85FF TEST EDI,EDI + * 00451788 0F8C C8000000 JL .00451856 + * 0045178E 8B81 C08C0000 MOV EAX,DWORD PTR DS:[ECX+0x8CC0] + * 00451794 99 CDQ + * 00451795 B9 1A000000 MOV ECX,0x1A + * 0045179A F7F9 IDIV ECX + * 0045179C C1E2 04 SHL EDX,0x4 + * 0045179F 03D7 ADD EDX,EDI + * 004517A1 85C0 TEST EAX,EAX + * 004517A3 74 13 JE SHORT .004517B8 + * 004517A5 DB4424 0C FILD DWORD PTR SS:[ESP+0xC] + * 004517A9 5F POP EDI + * 004517AA 8D41 E7 LEA EAX,DWORD PTR DS:[ECX-0x19] + * 004517AD D99C96 34A70000 FSTP DWORD PTR DS:[ESI+EDX*4+0xA734] + * 004517B4 5E POP ESI + * 004517B5 C2 0800 RETN 0x8 + * 004517B8 8B4424 0C MOV EAX,DWORD PTR SS:[ESP+0xC] + * 004517BC 898496 B4A00000 MOV DWORD PTR DS:[ESI+EDX*4+0xA0B4],EAX + * 004517C3 5F POP EDI + * 004517C4 B8 01000000 MOV EAX,0x1 + * 004517C9 5E POP ESI + * 004517CA C2 0800 RETN 0x8 + * 004517CD 8B89 C08C0000 MOV ECX,DWORD PTR DS:[ECX+0x8CC0] + * 004517D3 8D0489 LEA EAX,DWORD PTR DS:[ECX+ECX*4] + * 004517D6 03C0 ADD EAX,EAX + * 004517D8 0FBE9400 6416BC0>MOVSX EDX,BYTE PTR DS:[EAX+EAX+0xBC1664] + * 004517E0 03C0 ADD EAX,EAX + * 004517E2 8D7A FF LEA EDI,DWORD PTR DS:[EDX-0x1] + * 004517E5 83FF 04 CMP EDI,0x4 + * 004517E8 77 41 JA SHORT .0045182B + * 004517EA FF24BD 60184500 JMP DWORD PTR DS:[EDI*4+0x451860] + * 004517F1 8A4C24 0C MOV CL,BYTE PTR SS:[ESP+0xC] + * 004517F5 8888 6516BC00 MOV BYTE PTR DS:[EAX+0xBC1665],CL + * 004517FB EB 3E JMP SHORT .0045183B + * 004517FD 66:8B5424 0C MOV DX,WORD PTR SS:[ESP+0xC] + * 00451802 66:8990 6616BC00 MOV WORD PTR DS:[EAX+0xBC1666],DX + * 00451809 EB 30 JMP SHORT .0045183B + * 0045180B 8B4C24 0C MOV ECX,DWORD PTR SS:[ESP+0xC] + * 0045180F 8988 6816BC00 MOV DWORD PTR DS:[EAX+0xBC1668],ECX + * 00451815 EB 24 JMP SHORT .0045183B + * 00451817 DB4424 0C FILD DWORD PTR SS:[ESP+0xC] + * 0045181B D998 6C16BC00 FSTP DWORD PTR DS:[EAX+0xBC166C] + * 00451821 EB 18 JMP SHORT .0045183B + * 00451823 51 PUSH ECX + * 00451824 68 BC644A00 PUSH .004A64BC + * 00451829 EB 06 JMP SHORT .00451831 + * 0045182B 52 PUSH EDX + * 0045182C 68 A8644A00 PUSH .004A64A8 + * 00451831 6A 00 PUSH 0x0 + * 00451833 E8 08AAFFFF CALL .0044C240 + * 00451838 83C4 0C ADD ESP,0xC + * 0045183B 8B86 B0A00000 MOV EAX,DWORD PTR DS:[ESI+0xA0B0] + * 00451841 8D1480 LEA EDX,DWORD PTR DS:[EAX+EAX*4] + * 00451844 8B8496 C08C0000 MOV EAX,DWORD PTR DS:[ESI+EDX*4+0x8CC0] + * 0045184B 6A 00 PUSH 0x0 + * 0045184D 50 PUSH EAX + * 0045184E E8 FDF0FFFF CALL .00450950 + * 00451853 83C4 08 ADD ESP,0x8 + * 00451856 5F POP EDI + * 00451857 B8 01000000 MOV EAX,0x1 + * 0045185C 5E POP ESI + * 0045185D C2 0800 RETN 0x8 + * 00451860 F1 INT1 + * 00451861 17 POP SS ; Modification of segment register + * 00451862 45 INC EBP + * 00451863 00FD ADD CH,BH + * 00451865 17 POP SS ; Modification of segment register + * 00451866 45 INC EBP + * 00451867 000B ADD BYTE PTR DS:[EBX],CL + * 00451869 1845 00 SBB BYTE PTR SS:[EBP],AL + * 0045186C 17 POP SS ; Modification of segment register + * 0045186D 1845 00 SBB BYTE PTR SS:[EBP],AL + * 00451870 2318 AND EBX,DWORD PTR DS:[EAX] + * 00451872 45 INC EBP + * 00451873 00CC ADD AH,CL + * 00451875 CC INT3 + * 00451876 CC INT3 + * 00451877 CC INT3 + * 00451878 CC INT3 + * 00451879 CC INT3 + * 0045187A CC INT3 + * 0045187B CC INT3 + * 0045187C CC INT3 + * 0045187D CC INT3 + * + * EAX 00000038 + * ECX 00000004 ; jichi: fixed + * EDX 00000000 ; jichi: fixed + * EBX 00321221 + * ESP 0012FD98 + * EBP 00000002 + * ESI 0012FDC4 + * EDI 079047E0 + * EIP 00451671 .00451671 + */ +namespace{ + std::string save; + int role; +} +static void SpecialHookLeaf(hook_stack* stack, HookParam *, uintptr_t *data, uintptr_t *split, size_t*len) +{ + DWORD text = stack->ebx - 1; // = ebx -1 + save=std::string((LPSTR)text,::strlen((LPCSTR)text)); + *data = text; + *len = ::strlen((LPCSTR)text); + *split = FIXED_SPLIT_VALUE; // only caller's address use as split +} +// Remove both \n and \k +static bool LeafFilter(LPVOID data, size_t *size, HookParam *) +{ + LPSTR text = (LPSTR)data; + if (::memchr(text, '\\', *size)) { + StringFilter(text, reinterpret_cast(size), "\\n", 2); + StringFilter(text, reinterpret_cast(size), "\\k", 2); + } + return true; +} +namespace{ +bool hook2(hook_stack*s,void* data1, size_t* len,uintptr_t*role) + { + strReplace(save,"\\k",""); + static std::regex rx(""); + save= std::regex_replace(save, rx, "$1"); + strcpy((char*)data1,save.c_str());*len=save.size(); + // if (!data_.empty()) { + // s->ecx = (ULONG)data_.c_str(); + // }ConsoleOutput("3"); + return save.size(); + } + void hook2a(hook_stack*s,void* data1, size_t len) + { + + std::string newdata = std::string((char*)data1,len); + auto xx=new char[newdata.size()+1]; + strcpy(xx,newdata.c_str()); + s->ecx=(ULONG)xx; + } +} +bool InsertLeafHook() +{ + const BYTE bytes[] = { + 0x8b,0x90, XX4, // 00451658 8b90 c08c0000 mov edx,dword ptr ds:[eax+0x8cc0] + 0x8b,0x84,0x97, XX4, // 0045165e 8b8497 14080000 mov eax,dword ptr ds:[edi+edx*4+0x814] + // The above is needed as there are other matches + 0x8d,0x58, 0x01, // 00451665 8d58 01 lea ebx,dword ptr ds:[eax+0x1] ; jichi: hook here would crash because of jump + 0x8a,0x10, // 00451668 8a10 mov dl,byte ptr ds:[eax] ; jichi: text accessed here in eax + 0x40, // 0045166a 40 inc eax + 0x84,0xd2, // 0045166b 84d2 test dl,dl + 0x75, 0xf9, // 0045166d ^75 f9 jnz short .00451668 + 0x2b,0xc3, // 0045166f 2bc3 sub eax,ebx ; jichi: hook here, text in ebx-1 + 0x8d,0x58, 0x01 // 00451671 8d58 01 lea ebx,dword ptr ds:[eax+0x1] + //0x53, // 00451674 53 push ebx + //0x6a, 0x00, // 00451675 6a 00 push 0x0 + //0x53, // 00451677 53 push ebx + //0x6a, 0x00, // 00451678 6a 00 push 0x0 + //0xff,0x15 // 0045167a ff15 74104a00 call dword ptr ds:[0x4a1074] ; kernel32.getprocessheap + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + enum { addr_offset = 0x0045166f - 0x00451658 }; + //GROWL_DWORD(addr); + if (!addr) { + ConsoleOutput("Leaf: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr + addr_offset; + //hp.offset=get_reg(regs::eax); + hp.type = USING_STRING|USING_SPLIT; // use top of the stack as split + hp.text_fun = SpecialHookLeaf; + //hp.filter_fun = NewLineStringFilterA; // remove two characters of "\\n" + hp.filter_fun = LeafFilter; // remove two characters + ConsoleOutput("INSERT Leaf"); + auto succ=NewHook(hp, "Leaf"); + + //ConsoleOutput("Leaf: disable GDI hooks"); + // 0045165E 8B8497 14080000 MOV EAX,DWORD PTR DS:[EDI+EDX*4+0x814] ; jichi: text in eax, hook1 hook after here to replace eax + // 0045169D 8B8C97 14080000 MOV ECX,DWORD PTR DS:[EDI+EDX*4+0x814] ; jichi: text in ecx, hook2 hook after here to replace ecx + const uint8_t bytes1[] = { 0x8b,0x84,0x97, 0x14,0x08,0x00,0x00 }, + bytes2[] = { 0x8b,0x8c,0x97, 0x14,0x08,0x00,0x00 }; + + + ULONG addr1 = MemDbg::findBytes(bytes1, sizeof(bytes1), processStartAddress, processStopAddress), + addr2 = MemDbg::findBytes(bytes2, sizeof(bytes2), processStartAddress, processStopAddress); + if (!addr1 || !addr2) + return true; + HookParam hp1; + //这个会卡死,无解 + // hp.address=addr1+7; + // hp.hook_before=Private::hook1; + // hp.hook_after=Private::hookafterbf; + // hp.type=EMBED_ABLE; + //NewHook(hp,"EmbedLeaf"); + hp1.address=addr2+7; + hp1.hook_before=hook2; + hp1.hook_after=hook2a; + hp1.type=EMBED_ABLE|EMBED_DYNA_SJIS; + hp1.newlineseperator=L"\\n"; + succ|=NewHook(hp1,"EmbedLeaf"); + return succ; +} +bool activehook() +{ + + /* + * Sample games: + * https://vndb.org/v2477 + */ + const BYTE bytes[] = { + 0x56, // push esi << hook here + 0xE8, XX4, // call HEARTWORK.EXE+134F0 + 0x83, 0xC4, 0x38, // add esp,38 + 0x5F, // pop edi + 0x5D, // pop ebp + 0x5B, // pop ebx + 0xE8, XX4 // call HEARTWORK.EXE+1AF80 + }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) return false; + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::ecx); + hp.type = USING_STRING; + return NewHook(hp, "active"); +} +bool AquaplusFilter(LPVOID data, size_t *size, HookParam *) +{ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + + CharReplacer(text, len, '^', '\"'); + StringCharReplacer(text, len, "\\n", 2, ' '); + StringFilter(text, len, "\\k", 2); + StringFilter(text, len, "\\p", 2); + if (cpp_strnstr(text, " + StringFilter(text, len, "", 1); + } + StringFilter(text, len, "'); + + if (*len == 0) return false; + + return true; +} + +bool InsertAquaplus1Hook() +{ + + /* + * Sample games: + * https://vndb.org/r20439 + */ + const BYTE bytes[] = { + 0xCC, // int 3 + 0x53, // push ebx << hook here + 0x8B, 0x5C, 0x24, 0x0C, // mov ebx,[esp+0C] + 0x55, // push ebp + 0x8B, 0x6C, 0x24, 0x0C, // mov ebp,[esp+0C] + 0x56, // push esi + 0x57, // push edi + 0x8B, 0x7D, 0x24, // mov edi,[ebp+24] + 0x85, 0xFF // test edi,edi + }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) return false; + + HookParam hp; + hp.address = addr + 1; + hp.offset=get_stack(2); + hp.type = USING_STRING; + hp.filter_fun = AquaplusFilter; + return NewHook(hp, "Aquaplus1"); +} + +bool InsertAquaplus2Hook() +{ + + /* + * Sample games: + * https://vndb.org/r108249 + */ + const BYTE bytes[] = { + 0xC6, 0x04, 0x30 , 0x00, // mov byte ptr [eax+esi],00 << hook here + 0x8B, 0xF2, // mov esi,edx + 0x8A, 0x02, // mov al,[edx] + 0x42, // inc edx + 0x84, 0xC0, // test al,al + 0x75, 0xF9 // jne "WHITE ALBUM Memories like Falling Snow.exe"+85253 + }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) return false; + + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::ebx); + hp.index = 0; + hp.split = get_reg(regs::esp); + hp.split_index = 0; + hp.type = USING_STRING | NO_CONTEXT | USING_SPLIT; + hp.filter_fun = AquaplusFilter; + return NewHook(hp, "Aquaplus2"); +} + +bool InsertAquaplusHooks() +{ return InsertAquaplus1Hook() || InsertAquaplus2Hook();} + +namespace{ + bool kizuato(){ + const BYTE bytes[] = { + //痕 ~きずあと~  + 0x3c,0xa0, + 0x0f,0x82,XX4, + 0x3c,0xe0, + 0x0f,0x83 + }; + const BYTE bytes2[] = { + //雫 ~しずく~  + 0x80,0xf9,0xa0, + 0x0f,0x82,XX4, + 0x80,0xf9,0xe0, + 0x0f,0x83 + }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) addr = MemDbg::findBytes(bytes2, sizeof(bytes2), processStartAddress, processStartAddress + range);\ + if (!addr) return false; + ConsoleOutput("%x",addr); + BYTE subespbegin[]={0x81,0xEC,XX,0x01,0x00,0x00}; + addr=reverseFindBytes(subespbegin,sizeof(subespbegin),addr-0x500,addr); + ConsoleOutput("%x",addr); + if (!addr) return false; + HookParam hp; + hp.address = addr; + hp.offset =0x34; + hp.type = USING_STRING ; + + hp.text_fun =[](hook_stack* stack, HookParam *, uintptr_t *data1, uintptr_t *split, uintptr_t *len1){ + *len1=0; + static std::unordered_map last; + auto ret=stack->stack[0]; + if(last.find(ret)==last.end())last[ret]=""; + auto current=std::string((char*)stack->stack[13]); + if(last[ret]==current)return ; + last[ret]=current; + auto data=new char[current.size()+1];strcpy(data,current.c_str()); + size_t _l=current.size();size_t*len=&_l; + StringReplacer((char*)data,len,"\\k\\n",2,"\n",1); + StringReplacer((char*)data,len,"\\n",2,"",0); + StringReplacer((char*)data,len,"\\k",2,"",0); + StringReplacer((char*)data,len,"\\s",2,"",0); + StringFilterBetween((char*)data,len,"|",1,">",1); + StringReplacer((char*)data,len,"",1,"",0); + *len1=_l;*data1=(DWORD)data; + // current=std::string((char*)data,*len); + // current=std::regex_replace(current,std::regex(""),"$1"); + // current=std::regex_replace(current,std::regex(""),"$1"); + //strcpy((char*)data,current.c_str());*len=current.size(); + + }; + return NewHook(hp, "kizuato"); + } +} +bool Leaf::attach_function() { + return InsertLeafHook()||activehook()||InsertAquaplusHooks()||kizuato(); +} \ No newline at end of file diff --git a/LunaHook/engine32/Leaf.h b/LunaHook/engine32/Leaf.h new file mode 100644 index 0000000..9bd9731 --- /dev/null +++ b/LunaHook/engine32/Leaf.h @@ -0,0 +1,13 @@ +#include"engine.h" + +class Leaf:public ENGINE{ + public: + Leaf(){ + + check_by=CHECK_BY::FILE_ANY; + //check_by_target=L"*.pak"; + check_by_target=check_by_list{L"*.pak",L"Data\\*.pck"}; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Lightvn.cpp b/LunaHook/engine32/Lightvn.cpp new file mode 100644 index 0000000..d36bba4 --- /dev/null +++ b/LunaHook/engine32/Lightvn.cpp @@ -0,0 +1,85 @@ +#include"Lightvn.h" + +//https://vndb.org/r?f=fwLight_evn- + +void SpecialHookLightvnA(hook_stack*, HookParam*, uintptr_t* data, uintptr_t* split, size_t* len) +{ + //[Parser::ReadScriptBreak] curline:'"「次は[水縹]<みはなだ>駅、水縹駅――お出口は左側です」' + + //[PARSETOKENS] line:.始発でここまで来ているのは俺くらいなものだろう。 + //(scenario:T) (script:00.txt, lineNo:30) + //[PARSETOKENS] line:"電車には俺のほかに数人乗っている程度。\c + //(scenario:F) (script:00.txt, lineNo:29) + std::string s((char*)*data); + //std::regex _1("\\[Parser::ReadScriptBreak\\] curline:'[\"\\.]([\\s\\S]*?)'([\\s\\S]*?)");//对于多行显示不全 + //std::regex _2("\\[PARSETOKENS\\] line:([\\s\\S]*?)\\(scenario:([\\s\\S]*?)"); + std::regex _2("\\[PARSETOKENS\\] line:[-\"\\.]+([\\s\\S]*?)\\(scenario:([\\s\\S]*?)"); + std::regex _3("\\[PARSETOKENS\\] line:([\\s\\S]*?)backlogName = '([\\s\\S]*?)'([\\s\\S]*?)"); + std::smatch match; std::string _; + if (std::regex_match(s, match, _2)) { + _=std::string(match[1]); + _ = std::regex_replace(_, std::regex("\\[(.*?)\\]<(.*?)>"), "$1"); + strReplace(_,"\\c",""); + strReplace(_,"\\w",""); + *split=1; + } + else if (std::regex_match(s, match, _3)) { + _=std::string(match[2]); + *split=2; + } + auto _s=new char[_.size()+1];strcpy(_s,_.c_str()); + *data=(uintptr_t)_s;*len=_.size(); +} + +void SpecialHookLightvnW(hook_stack*, HookParam*, uintptr_t* data, uintptr_t* split, size_t* len) +{ + std::wstring s((wchar_t*)*data); + std::wregex _2(L"\\[PARSETOKENS\\] line:[-\"\\.]+([\\s\\S]*?)\\(scenario:([\\s\\S]*?)"); + std::wregex _3(L"\\[PARSETOKENS\\] line:([\\s\\S]*?)backlogName = '([\\s\\S]*?)'([\\s\\S]*?)"); + std::wsmatch match; std::wstring _; + if (std::regex_match(s, match, _2)) { + _=std::wstring(match[1]); + _ = std::regex_replace(_, std::wregex(L"\\[(.*?)\\]<(.*?)>"), L"$1"); + strReplace(_,L"\\c",L""); + strReplace(_,L"\\w",L""); + *split=1; + } + else if (std::regex_match(s, match, _3)) { + _=std::wstring(match[2]); + *split=2; + } + auto _s=new wchar_t[_.size()+1];wcscpy(_s,_.c_str()); + *data=(uintptr_t)_s;*len=_.size()*2; +} +bool InsertLightvnHook() +{ + wcscpy_s(spDefault.boundaryModule, L"Engine.dll"); + /*// This hooking method also has decent results, but hooking OutputDebugString seems better + const BYTE bytes[] = { 0x8d, 0x55, 0xfe, 0x52 }; + for (auto addr : Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE_READ, (uintptr_t)GetModuleHandleW(L"Engine.dll"))) + { + HookParam hp; + hp.address = MemDbg::findEnclosingAlignedFunction(addr); + hp.type = CODEC_UTF16 | USING_STRING; + hp.offset=get_stack(1); + NewHook(hp, "Light.vn"); + }*/ + VirtualProtect(IsDebuggerPresent, 2, PAGE_EXECUTE_READWRITE, DUMMY); + *(uint16_t*)IsDebuggerPresent = 0xc340; // asm for inc eax ret + HookParam hp; + hp.address = (uintptr_t)OutputDebugStringA; + hp.type = CODEC_UTF8 | USING_STRING; + hp.offset=get_stack(1); + hp.text_fun = SpecialHookLightvnA; + auto succ=NewHook(hp, "OutputDebugStringA"); + hp.address = (uintptr_t)OutputDebugStringW; + hp.type = CODEC_UTF16 | USING_STRING; + hp.text_fun = SpecialHookLightvnW; + succ|=NewHook(hp, "OutputDebugStringW"); + return succ; +} + +bool Lightvn::attach_function() { + + return InsertLightvnHook(); +} \ No newline at end of file diff --git a/LunaHook/engine32/Lightvn.h b/LunaHook/engine32/Lightvn.h new file mode 100644 index 0000000..d3bfa88 --- /dev/null +++ b/LunaHook/engine32/Lightvn.h @@ -0,0 +1,13 @@ +#include"engine.h" + +class Lightvn:public ENGINE{ + public: + Lightvn(){ + + check_by=CHECK_BY::CUSTOM; + check_by_target=[](){ + return GetModuleHandleW(L"Engine.dll") && GetModuleHandleW(L"BugTrapU.dll"); + }; + }; + bool attach_function(); +}; diff --git a/LunaHook/engine32/Live.cpp b/LunaHook/engine32/Live.cpp new file mode 100644 index 0000000..bbf03b3 --- /dev/null +++ b/LunaHook/engine32/Live.cpp @@ -0,0 +1,50 @@ +#include"Live.h" +bool InsertLiveDynamicHook(LPVOID addr, DWORD frame, DWORD stack) +{ + if (addr != ::GetGlyphOutlineA || !frame) + return false; + DWORD k = *(DWORD *)frame; + k = *(DWORD *)(k + 4); + if (*(BYTE *)(k - 5) != 0xe8) + k = *(DWORD *)(frame + 4); + DWORD j = k + *(DWORD *)(k - 4); + if (j > processStartAddress && j < processStopAddress) { + HookParam hp; + hp.address = j; + hp.offset = get_reg(regs::edx); + hp.type = CODEC_ANSI_BE; + ConsoleOutput("INSERT DynamicLive"); + return NewHook(hp, "Live"); + //RegisterEngineType(ENGINE_LIVE); + } + ConsoleOutput("DynamicLive: failed"); + return true; // jichi 12/25/2013: return true +} +//void InsertLiveHook() +//{ +// ConsoleOutput("Probably Live. Wait for text."); +// trigger_fun=InsertLiveDynamicHook; +// SwitchTrigger(true); +//} +bool InsertLiveHook() +{ + const BYTE ins[] = {0x64,0x89,0x20,0x8b,0x45,0x0c,0x50}; + ULONG addr = MemDbg::findBytes(ins, sizeof(ins), processStartAddress, processStopAddress); + if (!addr) { + ConsoleOutput("Live: pattern not found"); + return false; + } + HookParam hp; + hp.address = addr; + hp.offset = get_reg(regs::edx); + hp.type = CODEC_ANSI_BE; + ConsoleOutput("INSERT Live"); + return NewHook(hp, "Live"); + //RegisterEngineType(ENGINE_LIVE); + //else ConsoleOutput("Unknown Live engine"); +} + +bool Live::attach_function() { + + return InsertLiveHook(); +} \ No newline at end of file diff --git a/LunaHook/engine32/Live.h b/LunaHook/engine32/Live.h new file mode 100644 index 0000000..e81d92a --- /dev/null +++ b/LunaHook/engine32/Live.h @@ -0,0 +1,11 @@ +#include"engine.h" + +class Live:public ENGINE{ + public: + Live(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"live.dll"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/LovaGame.cpp b/LunaHook/engine32/LovaGame.cpp new file mode 100644 index 0000000..276da10 --- /dev/null +++ b/LunaHook/engine32/LovaGame.cpp @@ -0,0 +1,70 @@ +#include"LovaGame.h" + + bool LovaGame::attach_function(){ + return false; +#if 0 + /** 7/19/2015: Game engine specific for http://lova.jp + * + * No idea why hooking to this place will crash the game. + * + * Debugging method: + * - Find text in UTF8/UTF16 + * There is one UTF8 matched, and 2 UTF16 + * - Use virtual machine to find where UTF8 is MODIFIED + * It is modified in msvcrt + * - Backtrack the stack to find where text is accessed in main module + * + * Base addr = 05f0000 + * + * 012FF246 C64418 08 00 MOV BYTE PTR DS:[EAX+EBX+0x8],0x0 + * 012FF24B C740 04 01000000 MOV DWORD PTR DS:[EAX+0x4],0x1 + * 012FF252 8918 MOV DWORD PTR DS:[EAX],EBX + * 012FF254 8BF0 MOV ESI,EAX + * 012FF256 8B45 08 MOV EAX,DWORD PTR SS:[EBP+0x8] + * 012FF259 53 PUSH EBX + * 012FF25A 50 PUSH EAX + * 012FF25B 8D4E 08 LEA ECX,DWORD PTR DS:[ESI+0x8] + * 012FF25E 51 PUSH ECX + * 012FF25F E8 CEAE2A00 CALL .015AA132 ; JMP to msvcr100.memcpy, copied here + * 012FF264 8B07 MOV EAX,DWORD PTR DS:[EDI] + * 012FF266 83E0 03 AND EAX,0x3 + * 012FF269 0BF0 OR ESI,EAX + * 012FF26B 83C4 0C ADD ESP,0xC + * 012FF26E 8937 MOV DWORD PTR DS:[EDI],ESI + * 012FF270 8B75 FC MOV ESI,DWORD PTR SS:[EBP-0x4] + */ + + ULONG processStartAddress, processStopAddress; + if (!FillRange(processName,&startAddress, &stopAddress)) { // need accurate stopAddress + ConsoleOutput("LOVA: failed to get memory range"); + return false; + } + + const BYTE bytes[] = { + 0xC6,0x44,0x18, 0x08, 0x00, // 012FF246 C64418 08 00 MOV BYTE PTR DS:[EAX+EBX+0x8],0x0 + 0xC7,0x40, 0x04, 0x01,0x00,0x00,0x00, // 012FF24B C740 04 01000000 MOV DWORD PTR DS:[EAX+0x4],0x1 + 0x89,0x18, // 012FF252 8918 MOV DWORD PTR DS:[EAX],EBX + 0x8B,0xF0, // 012FF254 8BF0 MOV ESI,EAX + 0x8B,0x45, 0x08, // 012FF256 8B45 08 MOV EAX,DWORD PTR SS:[EBP+0x8] + 0x53, // 012FF259 53 PUSH EBX + 0x50, // 012FF25A 50 PUSH EAX + 0x8D,0x4E, 0x08, // 012FF25B 8D4E 08 LEA ECX,DWORD PTR DS:[ESI+0x8] + 0x51, // 012FF25E 51 PUSH ECX + 0xE8 //CEAE2A00 // 012FF25F E8 CEAE2A00 CALL .015AA132 ; JMP to msvcr100.memcpy, copied here + }; + enum { addr_offset = sizeof(bytes) - 1 }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!addr) { + ConsoleOutput("LOVA: could not find instruction pattern"); + return false; + } + + HookParam hp; + hp.address = addr + addr_offset; + //hp.text_fun = SpecialGameHookLova; + hp.offset=get_stack(2); // source in arg2 + hp.type = USING_STRING|RELATIVE_SPLIT; + ConsoleOutput("INSERT LOVA"); + return NewHook(hp, "LOVA"); +#endif + } \ No newline at end of file diff --git a/LunaHook/engine32/LovaGame.h b/LunaHook/engine32/LovaGame.h new file mode 100644 index 0000000..c299e83 --- /dev/null +++ b/LunaHook/engine32/LovaGame.h @@ -0,0 +1,11 @@ +#include"engine.h" +class LovaGame:public ENGINE{ + public: + LovaGame(){ + + check_by=CHECK_BY::FILE_ALL; + check_by_target=check_by_list{L"UE3ShaderCompileWorker.exe",L"awesomium_process.exe"}; + dontstop=true; + } + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/LunaSoft.cpp b/LunaHook/engine32/LunaSoft.cpp new file mode 100644 index 0000000..99dace1 --- /dev/null +++ b/LunaHook/engine32/LunaSoft.cpp @@ -0,0 +1,550 @@ +#include"LunaSoft.h" +#include"embed_util.h" +/** jichi 12/27/2014 LunaSoft + * Sample game: [141226] [LunaSoft] 悪堕ラビリンス -- /hsn8@46C5EF + * + * /hsn8@46C5EF + * - addr: 0x46C5EF + * - off: 8 + * - type: 1025 = 0x401 + * + * - 0046c57e cc int3 + * - 0046c57f cc int3 + * - 0046c580 55 push ebp ; jichi: text in arg1 + * - 0046c581 8bec mov ebp,esp + * - 0046c583 83ec 08 sub esp,0x8 + * - 0046c586 894d f8 mov dword ptr ss:[ebp-0x8],ecx + * - 0046c589 8b4d f8 mov ecx,dword ptr ss:[ebp-0x8] + * - 0046c58c 83c1 1c add ecx,0x1c + * - 0046c58f e8 2cebf9ff call .0040b0c0 + * - 0046c594 8b00 mov eax,dword ptr ds:[eax] + * - 0046c596 8945 fc mov dword ptr ss:[ebp-0x4],eax + * - 0046c599 837d fc 00 cmp dword ptr ss:[ebp-0x4],0x0 + * - 0046c59d 75 21 jnz short .0046c5c0 + * - 0046c59f 8b4d f8 mov ecx,dword ptr ss:[ebp-0x8] + * - 0046c5a2 83c1 28 add ecx,0x28 + * - 0046c5a5 e8 16ebf9ff call .0040b0c0 + * - 0046c5aa 8b08 mov ecx,dword ptr ds:[eax] + * - 0046c5ac 894d fc mov dword ptr ss:[ebp-0x4],ecx + * - 0046c5af 8b55 fc mov edx,dword ptr ss:[ebp-0x4] + * - 0046c5b2 52 push edx + * - 0046c5b3 8b4d f8 mov ecx,dword ptr ss:[ebp-0x8] + * - 0046c5b6 83c1 28 add ecx,0x28 + * - 0046c5b9 e8 82d9f9ff call .00409f40 + * - 0046c5be eb 0f jmp short .0046c5cf + * - 0046c5c0 8b45 fc mov eax,dword ptr ss:[ebp-0x4] + * - 0046c5c3 50 push eax + * - 0046c5c4 8b4d f8 mov ecx,dword ptr ss:[ebp-0x8] + * - 0046c5c7 83c1 1c add ecx,0x1c + * - 0046c5ca e8 71d9f9ff call .00409f40 + * - 0046c5cf 837d fc 00 cmp dword ptr ss:[ebp-0x4],0x0 + * - 0046c5d3 75 02 jnz short .0046c5d7 + * - 0046c5d5 eb 61 jmp short .0046c638 + * - 0046c5d7 8b4d fc mov ecx,dword ptr ss:[ebp-0x4] + * - 0046c5da e8 b1cdf9ff call .00409390 + * - 0046c5df 8b4d 08 mov ecx,dword ptr ss:[ebp+0x8] + * - 0046c5e2 51 push ecx ; jichi: text in ecx + * - 0046c5e3 68 38010000 push 0x138 + * - 0046c5e8 8b55 fc mov edx,dword ptr ss:[ebp-0x4] + * - 0046c5eb 83c2 08 add edx,0x8 + * - 0046c5ee 52 push edx + * - 0046c5ef ff15 88b24c00 call dword ptr ds:[0x4cb288] ; msvcr90.strcpy_s, jichi: text accessed here in arg2 + * - 0046c5f5 83c4 0c add esp,0xc + * - 0046c5f8 8b45 0c mov eax,dword ptr ss:[ebp+0xc] + * - 0046c5fb 50 push eax + * - 0046c5fc 6a 10 push 0x10 + */ +// Remove: \n\s* +// This is dangerous since \n could appear within SJIS +//static bool LunaSoftFilter(LPVOID data, size_t *size, HookParam *) +//{ +// size_t len = *size; +// char *str = reinterpret_cast(data), +// *cur; +// +// while (len && +// (cur = ::memchr(str, '\n', len)) && +// --len) { +// ::memmove(cur, cur + 1, len - (cur - str)); +// while (cur < str + len) +// if (::isspace(*cur) && --len) +// ::memmove(cur, cur + 1, len - (cur - str)); +// else if (len >= 2 && ::iswspace(*(LPCWSTR)cur) && (len-=2)) +// ::memmove(cur, cur + 2, len - (cur - str)); +// else +// break; +// } +// +// *size = len; +// return true; +//} +bool InsertLunaSoftHook() +{ + const BYTE bytes[] = { + 0xcc, // 0046c57e cc int3 + 0xcc, // 0046c57f cc int3 + 0x55, // 0046c580 55 push ebp ; jichi: text in arg1 + 0x8b,0xec, // 0046c581 8bec mov ebp,esp + 0x83,0xec, 0x08, // 0046c583 83ec 08 sub esp,0x8 + 0x89,0x4d, 0xf8, // 0046c586 894d f8 mov dword ptr ss:[ebp-0x8],ecx + 0x8b,0x4d, 0xf8, // 0046c589 8b4d f8 mov ecx,dword ptr ss:[ebp-0x8] + 0x83,0xc1, 0x1c, // 0046c58c 83c1 1c add ecx,0x1c + 0xe8 // 0046c58f e8 2cebf9ff call .0040b0c0 + }; + enum { addr_offset = 2 }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + //GROWL(addr); + if (!addr) { + ConsoleOutput("LunaSoft: pattern not found"); + return false; + } + HookParam hp; + hp.address = addr + addr_offset; + hp.offset =get_stack(1); + hp.type = USING_STRING; + //hp.filter_fun = LunaSoftFilter; // remove \n + ConsoleOutput("INSERT LunaSoft"); + return NewHook(hp, "LunaSoft"); + + // There are no GDI functions anyway + //ConsoleOutput("LunaSoft: disable GDI hooks"); + // +} +bool InsertXXkata(){ + //アイリスフィールド + + //素晴らしき国家の築き方 + //浮遊都市の作り方 + //正しい性奴隷の使い方 + + //HSNc@0:user32.dll:wsprintfA + auto addr = GetProcAddress(GetModuleHandleW(L"user32.dll"),"wsprintfA"); + if (addr == 0)return false; + HookParam hp; + hp.address=(uint64_t)addr ; + hp.type=USING_STRING|NO_CONTEXT; + hp.offset=get_stack(3); + hp.filter_fun = all_ascii_Filter; + return NewHook(hp, "XXkata"); +} + + + +namespace { // unnamed +namespace ScenarioHook { +namespace Private { + class DataCache // LRU policy, hashtable not used for simplicity + { + int capacity_; + std::list stack_; // priority stack + public: + explicit DataCache(int capacity = 100) + : capacity_(capacity) {} //{ stack_.reserve(capacity); } + + bool contains(const std::string &data) const + { return stack_.end() != std::find(stack_.begin(), stack_.end(), data); } + + std::string retain(const std::string &data) + { + auto p = std::find(stack_.begin(), stack_.end(), data); + if (p == stack_.end()) { + if (stack_.size() == capacity_) + stack_.pop_back(); + stack_.push_front(data); + return data; + } else { + if (p != stack_.begin()) + stack_.splice(stack_.begin(), stack_, p); + return *p; + } + } + }; + DataCache cache_; // this is used to make sure that same translation will have the same address + + /** + * Sample game: 悪堕ラビリンス, scenario return address: 0x42f6dc + * + * 0042F6C8 E8 335F0000 CALL lus004.00435600 + * 0042F6CD 8945 10 MOV DWORD PTR SS:[EBP+0x10],EAX + * 0042F6D0 8B55 10 MOV EDX,DWORD PTR SS:[EBP+0x10] + * 0042F6D3 52 PUSH EDX + * 0042F6D4 8B4D EC MOV ECX,DWORD PTR SS:[EBP-0x14] + * 0042F6D7 E8 34850500 CALL lus004.00487C10 + * 0042F6DC 8B45 10 MOV EAX,DWORD PTR SS:[EBP+0x10] ; jichi: retaddr + * 0042F6DF 50 PUSH EAX + * 0042F6E0 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+0x8] + * 0042F6E3 E8 785E0000 CALL lus004.00435560 + * 0042F6E8 8945 10 MOV DWORD PTR SS:[EBP+0x10],EAX + * 0042F6EB E9 5E010000 JMP lus004.0042F84E + * 0042F6F0 8B4D 10 MOV ECX,DWORD PTR SS:[EBP+0x10] + */ + bool hookBefore(hook_stack*s,void* data1, size_t* len,uintptr_t*role) + { + auto text = (LPCSTR)s->stack[1]; // arg1 + if (!text || !*text) // || Util::allAscii(text)) + return 0; + std::string oldData = text; + if (cache_.contains(oldData)) + return 0; + // 0042F6DC 8B45 10 MOV EAX,DWORD PTR SS:[EBP+0x10] ; jichi: retaddr + // 0042F6DF 50 PUSH EAX + ULONG retaddr = s->stack[0]; + * role = Engine::OtherRole; + if (*(DWORD *)retaddr == 0x5010458b) + *role = Engine::ScenarioRole; + strcpy((char*)data1,oldData.c_str());*len=oldData.size(); + return 1; + + } + void hookafter1(hook_stack*s,void* data1, size_t len){ + static std::string newData; + newData=std::string((char*)data1,len); + newData = cache_.retain(newData); + s->stack[1] = (ULONG)newData.c_str(); // arg1 + } +} // namespace Private + +/** + * Sample game: 悪堕ラビリンス + * + * Debugging method: Hook to all function that accessing the text + * Until find ones that can get text modified. + * + * This is the first function accessing the text. + * It is used for text size allocation. + * + * 00487C0E CC INT3 + * 00487C0F CC INT3 + * 00487C10 55 PUSH EBP + * 00487C11 8BEC MOV EBP,ESP + * 00487C13 51 PUSH ECX + * 00487C14 894D FC MOV DWORD PTR SS:[EBP-0x4],ECX + * 00487C17 8B45 FC MOV EAX,DWORD PTR SS:[EBP-0x4] + * 00487C1A 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+0x8] + * 00487C1D 8988 AC020000 MOV DWORD PTR DS:[EAX+0x2AC],ECX + * 00487C23 8B55 FC MOV EDX,DWORD PTR SS:[EBP-0x4] + * 00487C26 D9EE FLDZ + * 00487C28 D99A B0020000 FSTP DWORD PTR DS:[EDX+0x2B0] + * 00487C2E 8B45 FC MOV EAX,DWORD PTR SS:[EBP-0x4] + * 00487C31 8B88 84000000 MOV ECX,DWORD PTR DS:[EAX+0x84] + * 00487C37 81E1 00000F00 AND ECX,0xF0000 + * 00487C3D C1E9 10 SHR ECX,0x10 + * 00487C40 83F9 02 CMP ECX,0x2 + * 00487C43 75 21 JNZ SHORT .00487C66 + * 00487C45 8B55 FC MOV EDX,DWORD PTR SS:[EBP-0x4] + * 00487C48 8B82 AC020000 MOV EAX,DWORD PTR DS:[EDX+0x2AC] + * 00487C4E 50 PUSH EAX + * 00487C4F 8B4D FC MOV ECX,DWORD PTR SS:[EBP-0x4] + * 00487C52 8B89 88000000 MOV ECX,DWORD PTR DS:[ECX+0x88] + * 00487C58 E8 0323FAFF CALL .00429F60 + * 00487C5D 8B55 FC MOV EDX,DWORD PTR SS:[EBP-0x4] + * 00487C60 8982 B8020000 MOV DWORD PTR DS:[EDX+0x2B8],EAX + * 00487C66 8BE5 MOV ESP,EBP + * 00487C68 5D POP EBP + * 00487C69 C2 0400 RETN 0x4 + * 00487C6C CC INT3 + * 00487C6D CC INT3 + * 00487C6E CC INT3 + * + * This is the function where text is being painted. + * + * 0042B1EE CC INT3 + * 0042B1EF CC INT3 + * 0042B1F0 55 PUSH EBP + * 0042B1F1 8BEC MOV EBP,ESP + * 0042B1F3 81EC 44010000 SUB ESP,0x144 + * 0042B1F9 898D E8FEFFFF MOV DWORD PTR SS:[EBP-0x118],ECX + * 0042B1FF 8B85 E8FEFFFF MOV EAX,DWORD PTR SS:[EBP-0x118] + * 0042B205 8378 24 00 CMP DWORD PTR DS:[EAX+0x24],0x0 + * 0042B209 75 05 JNZ SHORT lus004.0042B210 + * 0042B20B E9 2E070000 JMP lus004.0042B93E + * 0042B210 837D 08 00 CMP DWORD PTR SS:[EBP+0x8],0x0 + * 0042B214 75 05 JNZ SHORT lus004.0042B21B + * 0042B216 E9 23070000 JMP lus004.0042B93E + * 0042B21B C785 FCFEFFFF 00>MOV DWORD PTR SS:[EBP-0x104],0x0 + * 0042B225 C745 D0 00000000 MOV DWORD PTR SS:[EBP-0x30],0x0 + * 0042B22C C785 40FFFFFF 00>MOV DWORD PTR SS:[EBP-0xC0],0x0 + * 0042B236 8B4D 14 MOV ECX,DWORD PTR SS:[EBP+0x14] + * 0042B239 83E1 03 AND ECX,0x3 + * 0042B23C 83F9 01 CMP ECX,0x1 + * 0042B23F 75 07 JNZ SHORT lus004.0042B248 + * 0042B241 D9EE FLDZ + * 0042B243 D95D 88 FSTP DWORD PTR SS:[EBP-0x78] + * 0042B246 EB 1B JMP SHORT lus004.0042B263 + * 0042B248 8B55 14 MOV EDX,DWORD PTR SS:[EBP+0x14] + * 0042B24B 83E2 03 AND EDX,0x3 + * 0042B24E 83FA 02 CMP EDX,0x2 + * 0042B251 75 07 JNZ SHORT lus004.0042B25A + * 0042B253 D9E8 FLD1 + * 0042B255 D95D 88 FSTP DWORD PTR SS:[EBP-0x78] + * 0042B258 EB 09 JMP SHORT lus004.0042B263 + * 0042B25A D905 986A4E00 FLD DWORD PTR DS:[0x4E6A98] + * 0042B260 D95D 88 FSTP DWORD PTR SS:[EBP-0x78] + * 0042B263 8B45 14 MOV EAX,DWORD PTR SS:[EBP+0x14] + * 0042B266 83E0 0C AND EAX,0xC + * 0042B269 83F8 04 CMP EAX,0x4 + * 0042B26C 75 07 JNZ SHORT lus004.0042B275 + * 0042B26E D9EE FLDZ + * 0042B270 D95D AC FSTP DWORD PTR SS:[EBP-0x54] + * 0042B273 EB 1B JMP SHORT lus004.0042B290 + * 0042B275 8B4D 14 MOV ECX,DWORD PTR SS:[EBP+0x14] + * 0042B278 83E1 0C AND ECX,0xC + * 0042B27B 83F9 08 CMP ECX,0x8 + * 0042B27E 75 07 JNZ SHORT lus004.0042B287 + * 0042B280 D9E8 FLD1 + * 0042B282 D95D AC FSTP DWORD PTR SS:[EBP-0x54] + * 0042B285 EB 09 JMP SHORT lus004.0042B290 + * 0042B287 D905 986A4E00 FLD DWORD PTR DS:[0x4E6A98] + * 0042B28D D95D AC FSTP DWORD PTR SS:[EBP-0x54] + * 0042B290 8B55 0C MOV EDX,DWORD PTR SS:[EBP+0xC] + * 0042B293 D942 30 FLD DWORD PTR DS:[EDX+0x30] + * 0042B296 D99D 74FFFFFF FSTP DWORD PTR SS:[EBP-0x8C] + * 0042B29C 8B45 0C MOV EAX,DWORD PTR SS:[EBP+0xC] + * 0042B29F D940 34 FLD DWORD PTR DS:[EAX+0x34] + * 0042B2A2 D99D 78FFFFFF FSTP DWORD PTR SS:[EBP-0x88] + * 0042B2A8 8B8D E8FEFFFF MOV ECX,DWORD PTR SS:[EBP-0x118] + * 0042B2AE 8B51 2C MOV EDX,DWORD PTR DS:[ECX+0x2C] + * 0042B2B1 8995 E0FEFFFF MOV DWORD PTR SS:[EBP-0x120],EDX + * 0042B2B7 C785 E4FEFFFF 00>MOV DWORD PTR SS:[EBP-0x11C],0x0 + * 0042B2C1 DFAD E0FEFFFF FILD QWORD PTR SS:[EBP-0x120] + * 0042B2C7 DC0D 186A4E00 FMUL QWORD PTR DS:[0x4E6A18] + * 0042B2CD D99D 68FFFFFF FSTP DWORD PTR SS:[EBP-0x98] + * 0042B2D3 D9EE FLDZ + * 0042B2D5 D99D 6CFFFFFF FSTP DWORD PTR SS:[EBP-0x94] + * 0042B2DB D9EE FLDZ + * 0042B2DD D95D D4 FSTP DWORD PTR SS:[EBP-0x2C] + * 0042B2E0 8B85 E8FEFFFF MOV EAX,DWORD PTR SS:[EBP-0x118] + * 0042B2E6 8B48 2C MOV ECX,DWORD PTR DS:[EAX+0x2C] + * 0042B2E9 898D D8FEFFFF MOV DWORD PTR SS:[EBP-0x128],ECX + * 0042B2EF C785 DCFEFFFF 00>MOV DWORD PTR SS:[EBP-0x124],0x0 + * 0042B2F9 DFAD D8FEFFFF FILD QWORD PTR SS:[EBP-0x128] + * 0042B2FF D95D D8 FSTP DWORD PTR SS:[EBP-0x28] + * 0042B302 8B55 0C MOV EDX,DWORD PTR SS:[EBP+0xC] + * 0042B305 52 PUSH EDX + * 0042B306 8D85 00FFFFFF LEA EAX,DWORD PTR SS:[EBP-0x100] + * 0042B30C 50 PUSH EAX + * 0042B30D E8 3E6FFEFF CALL lus004.00412250 + * 0042B312 83C4 04 ADD ESP,0x4 + * 0042B315 D9E8 FLD1 + * 0042B317 D91C24 FSTP DWORD PTR SS:[ESP] + * 0042B31A 51 PUSH ECX + * 0042B31B D9EE FLDZ + * 0042B31D D91C24 FSTP DWORD PTR SS:[ESP] + * 0042B320 51 PUSH ECX + * 0042B321 D9EE FLDZ + * 0042B323 D91C24 FSTP DWORD PTR SS:[ESP] + * 0042B326 51 PUSH ECX + * 0042B327 D9EE FLDZ + * ... + * + * + * 0012FC68 089E0060 + * 0012FC6C 08AD9D00 + * 0012FC70 01D66B60 + * 0012FC74 00000000 + * 0012FC78 0012FDD0 + * 0012FC7C 00000000 + * 0012FC80 /0012FDD0 + * 0012FC84 |0042B43B RETURN to lus004.0042B43B from lus004.00429E50 + * 0012FC88 |02C2AB18 ; jichi: text is here + * 0012FC8C |0012FCAC + * 0012FC90 |00000000 + * 0012FC94 |0012FCC4 + * 0012FC98 |6186B837 RETURN to d3d9.6186B837 + * 0012FC9C |0029DFA0 + * 0012FCA0 |0012FCAC + * 0012FCA4 |00000000 + * 0012FCA8 |00000018 + * 0012FCAC |00000000 + * 0012FCB0 |00000018 + * 0012FCB4 |00000000 + * 0012FCB8 |01D66B60 + * 0012FCBC |00000000 + * 0012FCC0 |00000002 + * 0012FCC4 |0012FD24 + * 0012FCC8 |6186B774 RETURN to d3d9.6186B774 + * 0012FCCC |00000000 + * 0012FCD0 |3FA00000 + * 0012FCD4 |00000000 + * 0012FCD8 |00000000 + * 0012FCDC |00000000 + * 0012FCE0 |00000000 + * 0012FCE4 |3FA00000 + * 0012FCE8 |00000000 + * 0012FCEC |00000000 + * 0012FCF0 |00000000 + * 0012FCF4 |00000000 + * 0012FCF8 |3F800000 + * 0012FCFC |00000000 + * 0012FD00 |00000000 + * 0012FD04 |00000000 + * 0012FD08 |00000000 + * 0012FD0C |3F800000 + * 0012FD10 |00000000 + * 0012FD14 |FF000000 + * 0012FD18 |FF000000 + * 0012FD1C |FF000000 + * 0012FD20 |FF000000 + * 0012FD24 |00000000 + * 0012FD28 |0043E66F RETURN to lus004.0043E66F + * 0012FD2C |089E0060 + * 0012FD30 |00000005 + * 0012FD34 |01D670E0 + * 0012FD38 |41700000 + * 0012FD3C |00000000 + * 0012FD40 |00000000 + * 0012FD44 |42EC0000 + * 0012FD48 |4413C000 + * 0012FD4C |089E0060 + * 0012FD50 |01CC7504 + * 0012FD54 |00000000 + * 0012FD58 |00000000 + * 0012FD5C |08A3B600 + * 0012FD60 |0012FD78 + * 0012FD64 |6F5980B8 RETURN to prl_umdd.6F5980B8 from prl_umdd.6F597B05 + * 0012FD68 |0029DFA0 + * 0012FD6C |00000019 + * 0012FD70 |00000008 + * 0012FD74 |00000000 + * 0012FD78 |089E0060 + * 0012FD7C |00000000 + * 0012FD80 |00000001 + * 0012FD84 |01D1E670 + * 0012FD88 |61845418 d3d9.61845418 + * 0012FD8C |00000005 + * 0012FD90 |00000000 + * 0012FD94 |00000000 + * 0012FD98 |00000010 + * 0012FD9C |00000002 + * 0012FDA0 |00000000 + * 0012FDA4 |00000000 + * 0012FDA8 |41F00000 + * 0012FDAC |0012FDC8 + * 0012FDB0 |00406E55 RETURN to lus004.00406E55 from lus004.0043EC70 + * 0012FDB4 |00000000 + * 0012FDB8 |00000001 + * 0012FDBC |00000004 + * 0012FDC0 |01D66BF0 + * 0012FDC4 |01D1E670 + * 0012FDC8 |0012FDE0 + * 0012FDCC |00486701 RETURN to lus004.00486701 from lus004.00406E20 + * 0012FDD0 ]0012FE4C + * 0012FDD4 |004871D7 RETURN to lus004.004871D7 from lus004.0042B1F0 + * 0012FDD8 |02C2AB18 ; jichi: text is here + * 0012FDDC |0012FDFC + * 0012FDE0 |FF000000 + * 0012FDE4 |00000005 + * 0012FDE8 |3FC00000 + * 0012FDEC |005039A8 lus004.005039A8 + * 0012FDF0 |00252FDD + * 0012FDF4 |00000002 + * 0012FDF8 |00000002 + * 0012FDFC |3FA00000 + * 0012FE00 |00000000 + * 0012FE04 |00000000 + * 0012FE08 |00000000 + * 0012FE0C |00000000 + * 0012FE10 |3FA00000 + * 0012FE14 |00000000 + * 0012FE18 |00000000 + * 0012FE1C |00000000 + * 0012FE20 |00000000 + * 0012FE24 |3F800000 + * 0012FE28 |00000000 + * 0012FE2C |42EC0000 + * 0012FE30 |4413C000 + * 0012FE34 |00000000 + * 0012FE38 |3F800000 + * 0012FE3C |00000005 + * 0012FE40 |00000004 + * 0012FE44 |029101F0 + * 0012FE48 |00000001 + * 0012FE4C ]0012FE8C + * 0012FE50 |004851B8 RETURN to lus004.004851B8 + * 0012FE54 |029101F0 + * 0012FE58 |000000EF + * 0012FE5C |00000000 + * 0012FE60 |000000EF + * 0012FE64 |000000EF + * 0012FE68 |000000EF + * 0012FE6C |01CB0B70 + * 0012FE70 |FFFFFFFF + * 0012FE74 |00000000 + * 0012FE78 |01D70270 + * 0012FE7C |00000000 + * 0012FE80 |000000EF + * 0012FE84 |000000C1 + * 0012FE88 |029101F0 + * 0012FE8C ]0012FEA0 + * 0012FE90 |004B55FB RETURN to lus004.004B55FB from lus004.00485070 + * 0012FE94 |00000000 + * 0012FE98 |000000EF + * 0012FE9C |01DB7770 ASCII "XZN" + * 0012FEA0 ]0012FEAC + * 0012FEA4 |004AAD57 RETURN to lus004.004AAD57 + * 0012FEA8 |01C70288 + * 0012FEAC ]0012FEBC + * 0012FEB0 |004AB09C RETURN to lus004.004AB09C from lus004.004AACD0 + * 0012FEB4 |01C70288 + * 0012FEB8 |01000000 + * 0012FEBC ]0012FEE0 + * 0012FEC0 |004AC8F5 RETURN to lus004.004AC8F5 from lus004.004AB080 + * 0012FEC4 |00BF0752 + * 0012FEC8 |00000113 + */ +bool attach(ULONG startAddress, ULONG stopAddress) // attach scenario +{ + ULONG addr1, addr2; + { + const uint8_t bytes1[] = { + 0x89,0x88, 0xac,0x02,0x00,0x00, // 00487c1d 8988 ac020000 mov dword ptr ds:[eax+0x2ac],ecx + 0x8b,0x55, 0xfc, // 00487c23 8b55 fc mov edx,dword ptr ss:[ebp-0x4] + 0xd9,0xee // 00487c26 d9ee fldz + }; + addr1 = MemDbg::findBytes(bytes1, sizeof(bytes1), startAddress, stopAddress); + if (!addr1) + return false; + addr1 = MemDbg::findEnclosingAlignedFunction(addr1); + if (!addr1) + return false; + //addr1 = 0x00487c10; + } + { + const uint8_t bytes2[] = { + 0x83,0xe0, 0x0c, // 0042b266 83e0 0c and eax,0xc + 0x83,0xf8, 0x04, // 0042b269 83f8 04 cmp eax,0x4 + 0x75, 0x07, // 0042b26c 75 07 jnz short lus004.0042b275 + 0xd9,0xee // 0042b26e d9ee fldz + }; + addr2 = MemDbg::findBytes(bytes2, sizeof(bytes2), startAddress, stopAddress); + if (!addr2) + return false; + addr2 = MemDbg::findEnclosingAlignedFunction(addr2); + if (!addr2) + return false; + //addr2 = 0x0042b1f0; + } + HookParam hp; + hp.address=addr1; + hp.hook_before=Private::hookBefore; + hp.hook_after=Private::hookafter1; + hp.type=EMBED_ABLE|EMBED_DYNA_SJIS; + auto succ=NewHook(hp,"EMBEDLUNA"); + hp.address=addr2; + succ|=NewHook(hp,"EMBEDLUNA"); + + + return succ; +} +} // namespace ScenarioHook +} // unnamed namespace + + + +bool LunaSoft::attach_function() { + + bool b1= InsertLunaSoftHook(); + bool b2=InsertXXkata(); + bool embed=ScenarioHook::attach(processStartAddress, processStopAddress); + return b1||b2||embed; +} \ No newline at end of file diff --git a/LunaHook/engine32/LunaSoft.h b/LunaHook/engine32/LunaSoft.h new file mode 100644 index 0000000..444484a --- /dev/null +++ b/LunaHook/engine32/LunaSoft.h @@ -0,0 +1,11 @@ +#include"engine.h" + +class LunaSoft:public ENGINE{ + public: + LunaSoft(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"Pac\\*.pac"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/MBLMED.cpp b/LunaHook/engine32/MBLMED.cpp new file mode 100644 index 0000000..395137a --- /dev/null +++ b/LunaHook/engine32/MBLMED.cpp @@ -0,0 +1,61 @@ +#include"MBLMED.h" + +// jichi 3/19/2014: Insert both hooks +//void InsertLuneHook() +bool InsertMBLHook() +{ + enum : DWORD { fun = 0xec8b55 }; // jichi 10/20/2014: mov ebp,esp, sub esp,* + bool ret = false; + if (DWORD c = Util::FindCallOrJmpAbs((DWORD)::ExtTextOutA, processStopAddress - processStartAddress, processStartAddress, true)) + if (DWORD addr = Util::FindCallAndEntryRel(c, processStopAddress - processStartAddress, processStartAddress, fun)) { + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.type = USING_STRING; + ConsoleOutput("INSERT MBL-Furigana"); + ret|=NewHook(hp, "MBL-Furigana"); + } + if (DWORD c = Util::FindCallOrJmpAbs((DWORD)::GetGlyphOutlineA, processStopAddress - processStartAddress, processStartAddress, true)) + if (DWORD addr = Util::FindCallAndEntryRel(c, processStopAddress - processStartAddress, processStartAddress, fun)) { + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.split = get_reg(regs::esp); + hp.type = CODEC_ANSI_BE|USING_SPLIT; + ConsoleOutput("INSERT MBL"); + ret|=NewHook(hp, "MBL"); + } + if (!ret) + ConsoleOutput("MBL: failed"); + return ret; +} + +bool InsertMEDHook() +{ + for (DWORD i = processStartAddress; i < processStopAddress - 4; i++) + if (*(DWORD *)i == 0x8175) //cmp *, 8175 + for (DWORD j = i, k = i + 0x100; j < k; j++) + if (*(BYTE *)j == 0xe8) { + DWORD t = j + 5 + *(DWORD *)(j + 1); + if (t > processStartAddress && t < processStopAddress) { + HookParam hp; + hp.address = t; + hp.offset=get_reg(regs::eax); + hp.type = CODEC_ANSI_BE; + ConsoleOutput("INSERT MED"); + return NewHook(hp, "MED"); + //RegisterEngineType(ENGINE_MED); + } + } + + //ConsoleOutput("Unknown MED engine."); + ConsoleOutput("MED: failed"); + return false; +} + +bool MBLMED::attach_function() { + + bool b1=Util::CheckFile(L"*.mbl") &&InsertMBLHook(); + bool b2=Util::CheckFile(L"*.med") &&InsertMEDHook(); + return b1||b2; +} \ No newline at end of file diff --git a/LunaHook/engine32/MBLMED.h b/LunaHook/engine32/MBLMED.h new file mode 100644 index 0000000..47e2c76 --- /dev/null +++ b/LunaHook/engine32/MBLMED.h @@ -0,0 +1,11 @@ +#include"engine.h" + +class MBLMED:public ENGINE{ + public: + MBLMED(){ + + check_by=CHECK_BY::FILE_ANY; + check_by_target=check_by_list{L"*.mbl",L"*.med"}; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Majiro.cpp b/LunaHook/engine32/Majiro.cpp new file mode 100644 index 0000000..f2b1df4 --- /dev/null +++ b/LunaHook/engine32/Majiro.cpp @@ -0,0 +1,307 @@ +#include"Majiro.h" + +/** jichi 12/28/2014: new Majiro hook pattern + * + * Different function starts: + * + * Old Majiro: + * enum { sub_esp = 0xec81 }; // caller pattern: sub esp = 0x81,0xec byte + * + * New Majiro since [141128] [アトリエさくら] 流され妻、綾�“ネトラレ”��体験版 + * 003e9230 55 push ebp + * 003e9231 8bec mov ebp,esp + * 003e9233 83ec 64 sub esp,0x64 + * + * Also, function addresses are fixed in old majiro, but floating in new majiro. + * In the old Majiro game, caller's address could be used as split. + * In the new Majiro game, the hooked function is invoked by the same caller. + * + * Use a split instead. + * Sample stack values are as follows. + * - Old majiro: arg3 is text, arg1 is font name + * - New majiro: arg3 is text, arg4 is font name + * + * Name: + * 0038f164 003e8163 return to .003e8163 from .003e9230 + * 0038f168 00000000 + * 0038f16c 00000000 + * 0038f170 08b04dbc ; jichi: arg3, text + * 0038f174 006709f0 ; jichi: arg4, font name + * 0038f178 006dace8 + * 0038f17c 00000000 + * 0038f180 00000013 + * 0038f184 006fcba8 + * 0038f188 00000078 ; jichi: 0x24, alternative split + * 0038f18c 00000078 + * 0038f190 00000018 + * 0038f194 00000002 + * 0038f198 08b04dbc + * 0038f19c 006709f0 + * 0038f1a0 00000000 + * 0038f1a4 00000000 + * 0038f1a8 00000078 + * 0038f1ac 00000018 + * 0038f1b0 08aa0130 + * 0038f1b4 01b6b6c0 + * 0038f1b8 beff26e4 + * 0038f1bc 0038f1fc + * 0038f1c0 004154af return to .004154af from .00415400 ; jichi: 0x52, could be used as split + * 0038f1c4 0000000e + * 0038f1c8 000001ae + * 0038f1cc 00000158 + * 0038f1d0 00000023 + * 0038f1d4 beff2680 + * 0038f1d8 0038f208 + * 0038f1dc 003ecfda return to .003ecfda from .00415400 + * + * Scenario: + * 0038e57c 003e8163 return to .003e8163 from .003e9230 + * 0038e580 00000000 + * 0038e584 00000000 + * 0038e588 0038ee4c ; jichi: arg3, text + * 0038e58c 004d5400 .004d5400 ; jichi: arg4, font name + * 0038e590 006dace8 + * 0038e594 0038ee6d + * 0038e598 004d7549 .004d7549 + * 0038e59c 00000000 + * 0038e5a0 00000180 ; jichi: 0x24, alternative hook + * 0038e5a4 00000180 + * 0038e5a8 00000018 + * 0038e5ac 00000002 + * 0038e5b0 0038ee4c + * 0038e5b4 004d5400 .004d5400 + * 0038e5b8 00000000 + * 0038e5bc 00000000 + * 0038e5c0 00000180 + * 0038e5c4 00000018 + * 0038e5c8 006a0180 + * 0038e5cc 0038e5f8 + * 0038e5d0 0041fc87 return to .0041fc87 from .0041fc99 + * 0038e5d4 0038e5f8 + * 0038e5d8 00418165 return to .00418165 from .0041fc81 ; jichi: used as split + * 0038e5dc 004d7549 .004d7549 + * 0038e5e0 0038ee6d + * 0038e5e4 0038e608 + * 0038e5e8 00419555 return to .00419555 from .0041814e + * 0038e5ec 00000000 + * 0038e5f0 004d7549 .004d7549 + * 0038e5f4 0038ee6d + * + * 12/4/2014: Add split for furigana. + * Sample game: [141128] [チュアブルソフト] 残念な俺達�青春事情 + * Following are memory values after arg4 (font name) + * + * Surface: � * 00EC5400 82 6C 82 72 20 82 6F 83 53 83 56 83 62 83 4E 00 �� �ゴシヂ�. + * 00EC5410 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00EC5420 01 00 00 00 00 00 00 00 1C 00 00 00 0D 00 00 00 ....... ....... + * 00EC5430 (2D)00 00 00 FF FF FF 00 00 00 00 02 00 00 00 00 -...���.... .... ; jichi: first byte as split in parenthesis + * 00EC5440 00(00 00 00)60 F7 3F 00 F0 D8 FF FF 00 00 00 00 ....`・. .... ; jichi: first word without first byte as split + * + * 00EC5450 32 01 00 00 0C 00 00 00 A0 02 00 00 88 00 00 00 2 ......� ..・.. + * 00EC5460 00 00 00 00 01 00 00 00 00 00 00 00 32 01 00 00 .... .......2 .. + * 00EC5470 14 00 00 00 01 00 00 00 82 6C 82 72 20 82 6F 83 ... ...�� �・ ; MS P Gothic + * 00EC5480 53 S + * + * Furigana: そ� + * 00EC5400 82 6C 82 72 20 83 53 83 56 83 62 83 4E 00 4E 00 �� ゴシヂ�.N. + * 00EC5410 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00EC5420 01 00 00 00 00 00 00 00 0E 00 00 00 06 00 00 00 ....... ... ... + * 00EC5430 (16)00 00 00 FF FF FF 00 00 00 00 02 00 00 00 00 ...���.... .... + * 00EC5440 00(00 00 00)60 F7 3F 00 F0 D8 FF FF 00 00 00 00 ....`・. .... + * + * 00EC5450 32 01 00 00 0C 00 00 00 A0 02 00 00 88 00 00 00 2 ......� ..・.. + * 00EC5460 00 00 00 00 00 00 00 00 00 00 00 00 32 01 00 00 ............2 .. + * 00EC5470 14 00 00 00 01 00 00 00 82 6C 82 72 20 82 6F 83 ... ...�� �・ ; MS P Gothic + * 00EC5480 53 S + * + * Furigana: そ� + * 00EC5400 82 6C 82 72 20 82 6F 83 53 83 56 83 62 83 4E 00 �� �ゴシヂ�. + * 00EC5410 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00EC5420 01 00 00 00 00 00 00 00 0E 00 00 00 06 00 00 00 ....... ... ... + * 00EC5430 (2D)00 00 00 FF FF FF 00 00 00 00 02 00 00 00 00 -...���.... .... + * 00EC5440 00(00 00 00)60 F7 3F 00 2B 01 00 00 06 00 00 00 ....`・.+ .. ... + * + * 00EC5450 32 01 00 00 0C 00 00 00 A0 02 00 00 88 00 00 00 2 ......� ..・.. + * 00EC5460 00 00 00 00 00 00 00 00 00 00 00 00 32 01 00 00 ............2 .. + * 00EC5470 14 00 00 00 01 00 00 00 82 6C 82 72 20 82 6F 83 ... ...�� �・ ; MS P Gothic + * 00EC5480 53 S + * + * ---- need to split the above and below case + * + * Text: � * 00EC5400 82 6C 82 72 20 82 6F 83 53 83 56 83 62 83 4E 00 �� �ゴシヂ�. + * 00EC5410 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00EC5420 01 00 00 00 00 00 00 00 1C 00 00 00 0D 00 00 00 ....... ....... + * 00EC5430 (2D)00 00 00 FF FF FF 00 00 00 00 02 00 00 00 00 -...���.... .... ; jichi: first byte as split in parenthesis + * 00EC5440 FF(FF FF FF)60 F7 3F 00 32 01 00 00 14 00 00 00 ����`・.2 .. ... ; jichi: first word without first byte as split + * + * 00EC5450 32 01 00 00 0C 00 00 00 A0 02 00 00 88 00 00 00 2 ......� ..・.. + * 00EC5460 00 00 00 00 01 00 00 00 00 00 00 00 32 01 00 00 .... .......2 .. + * 00EC5470 14 00 00 00 00 00 00 00 82 6C 82 72 20 82 6F 83 .......�� �・ ; MS P Gothic + * 00EC5480 53 S + * + * Text: らには、一人の少女� * 00EC5400 82 6C 82 72 20 82 6F 83 53 83 56 83 62 83 4E 00 �� �ゴシヂ�. + * 00EC5410 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00EC5420 01 00 00 00 00 00 00 00 1C 00 00 00 0D 00 00 00 ....... ....... + * 00EC5430 (2D)00 00 00 FF FF FF 00 00 00 00 02 00 00 00 00 -...���.... .... + * 00EC5440 FF(FF FF FF)60 F7 3F 00 4D 01 00 00 14 00 00 00 ����`・.M .. ... + * + * 00EC5450 32 01 00 00 0C 00 00 00 A0 02 00 00 88 00 00 00 2 ......� ..・.. + * 00EC5460 00 00 00 00 01 00 00 00 00 00 00 00 32 01 00 00 .... .......2 .. + * 00EC5470 14 00 00 00 00 00 00 00 82 6C 82 72 20 82 6F 83 .......�� �・ ; MS P Gothic + * 00EC5480 53 S + */ + +namespace { // unnamed + +// These values are the same as the assembly logic of ITH: +// ([eax+0x28] & 0xff) | (([eax+0x48] >> 1) & 0xffffff00) +// 0x28 = 10 * 4, 0x48 = 18 / 4 +inline DWORD MajiroOldFontSplit(const DWORD *arg) // arg is supposed to be a string, though +{ return (arg[10] & 0xff) | ((arg[18] >> 1) & 0xffffff00); } + +// Remove lower bytes use 0xffffff00, which are different for furigana +inline DWORD MajiroNewFontSplit(const DWORD *arg) // arg is supposed to be a string, though +{ return (arg[12] & 0xff) | (arg[16] & 0xffffff00); } + +void SpecialHookMajiro(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) +{ + DWORD arg3 = stack->stack[3]; // text + *data = arg3; + *len = ::strlen((LPCSTR)arg3); + // IsBadReadPtr is not needed for old Majiro game. + // I am not sure if it is needed by new Majiro game. + if (hp->user_value) { // new majiro + if (DWORD arg4 = stack->stack[4]) // old majiro + *split = MajiroNewFontSplit((LPDWORD)arg4); + else + *split = *(DWORD *)(stack->base + 0x5c); // = 4 * 23, caller's caller + } else if (DWORD arg1 = stack->stack[1]) // old majiro + *split = MajiroOldFontSplit((LPDWORD)arg1); +} +} // unnamed namespace +bool InsertMajiroHook() +{ + // jichi 4/19/2014: There must be a function in Majiro game which contains 6 TextOutA. + // That function draws all texts. + // + // jichi 11/28/2014: Add new function signature + const DWORD funcs[] = { // caller patterns + 0xec81, // sub esp = 0x81,0xec byte old majiro + 0x83ec8b55, // mov ebp,esp, sub esp,* new majiro + + 0x5348ec83 + // sub esp, 48h, push ebx + //MOON CHILDe + //https://vndb.org/v1568 + + }; + enum { FunctionCount = sizeof(funcs) / sizeof(*funcs) }; + ULONG addr = MemDbg::findMultiCallerAddress((ULONG)::TextOutA, funcs, FunctionCount, processStartAddress, processStopAddress); + //ULONG addr = MemDbg::findCallerAddress((ULONG)::TextOutA, 0x83ec8b55, processStartAddress, processStopAddress); + if (!addr) { + ConsoleOutput("Majiro: failed"); + return false; + } + + bool newMajiro = 0x55 == *(BYTE *)addr; + + HookParam hp; + //hp.type|=USING_STRING|USING_SPLIT|SPLIT_INDIRECT; + hp.address = addr; + hp.text_fun = SpecialHookMajiro; + hp.user_value = newMajiro; + if (newMajiro) { + hp.type = NO_CONTEXT; // do not use return address for new majiro + ConsoleOutput("INSERT Majiro2"); + return NewHook(hp, "Majiro2"); + } else { + ConsoleOutput("INSERT Majiro"); + return NewHook(hp, "Majiro"); + } + //RegisterEngineType(ENGINE_MAJIRO); +} +bool InsertMajiroHook3x() { + const BYTE bytes[] = { + 0x8b,0x08, + 0x0f,0xbf,0x19, + 0x83,0xc1,0x02, + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + + if (addr == 0)return false; + HookParam hp; + hp.address = addr+8; + hp.offset=get_reg(regs::ecx); + hp.type = USING_STRING | NO_CONTEXT;//|EMBED_ABLE|EMBED_BEFORE_SIMPLE|EMBED_AFTER_OVERWRITE|EMBED_DYNA_SJIS; + //可以内嵌,但是必须保持「」,且DynamicEncoding编码的文字会被自动替换成引擎内的某的字符,导致可读性低。 + //hp.hook_font=F_TextOutA|F_GetTextExtentPoint32A; + //https://vndb.org/v17376 + //私が好きなら「好き」って言って! + hp.text_fun= [](hook_stack* stack, HookParam* hp, uintptr_t* data, uintptr_t* split, size_t* len){ + auto str=(BYTE*)(*data); + *len=strlen((char*)str); + if(((*len)>2)&&(str[0]==0x81)&&(str[1]==0x79))*split=0; + else *split=1; + + }; + return NewHook(hp, "majiro3"); +} +bool InsertMajiro2Hookx() { + //Scarlett~スカーレット~ + const BYTE bytes[] = { + 0x83,0xE2,0x03,0x03,0xC2,0xC1,0xF8,0x02,0x81,0xF9,0x00,0x01,0x00,0x00 + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + + if (addr == 0)return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (addr == 0)return false; + HookParam hp; + hp.address = addr ; + hp.offset=get_stack(2); + hp.type = USING_STRING ; + ConsoleOutput("INSERT majiro4 %p",addr); + return NewHook(hp, "majiro4"); +} +bool InsertMajiro3Hook() +{ + + /* + * Sample games: + * Narcissu 10th Anniversary Anthology Project + * https://vndb.org/v10 + * https://vndb.org/v70 + * https://vndb.org/v18738 + * https://vndb.org/v18739 + * https://vndb.org/v18736 + */ + const BYTE bytes[] = { + 0xC1, 0xE9, 0x02, // shr ecx,02 << hook here + 0xF3, 0xA5, // repe movsd + 0x8B, 0xCA, // mov ecx,edx + 0x8D, 0x95, XX4 // lea edx,[ebp-00000404] + }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + ConsoleOutput("Majiro3: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::esi); + hp.type = USING_STRING; + ConsoleOutput("INSERT Majiro3"); + ConsoleOutput("Majiro3: To separate the text between lines flag the \"Flush delay string spacing\" option"); + return NewHook(hp, "Majiro3"); +} +bool Majiro::attach_function() { + + bool b1= InsertMajiroHook(); + bool b2=InsertMajiroHook3x(); + bool b3=InsertMajiro2Hookx(); + bool b4=InsertMajiro3Hook(); + return b1||b2||b3||b4; +} \ No newline at end of file diff --git a/LunaHook/engine32/Majiro.h b/LunaHook/engine32/Majiro.h new file mode 100644 index 0000000..0d2c336 --- /dev/null +++ b/LunaHook/engine32/Majiro.h @@ -0,0 +1,11 @@ +#include"engine.h" + +class Majiro:public ENGINE{ + public: + Majiro(){ + + check_by=CHECK_BY::FILE_ALL; + check_by_target=check_by_list{L"data*.arc",L"stream*.arc"}; + }; + bool attach_function(); +}; diff --git a/LunaHook/engine32/Malie.cpp b/LunaHook/engine32/Malie.cpp new file mode 100644 index 0000000..fdf8e97 --- /dev/null +++ b/LunaHook/engine32/Malie.cpp @@ -0,0 +1,1661 @@ +#include"Malie.h" + #include"embed_util.h" +namespace { // unnamed Malie +/******************************************************************************************** +Malie hook: + Process name is malie.exe. + This is the most complicate code I have made. Malie engine store text string in + linked list. We need to insert a hook to where it travels the list. At that point + EBX should point to a structure. We can find character at -8 and font size at +10. + Also need to enable ITH suppress function. +********************************************************************************************/ +bool InsertMalieHook1() +{ + const DWORD sig1 = 0x05e3c1; + enum { sig1_size = 3 }; + DWORD i = SearchPattern(processStartAddress, processStopAddress - processStartAddress, &sig1, sig1_size); + if (!i) { + ConsoleOutput("MalieHook1: pattern i not exist"); + return false; + } + + const WORD sig2 = 0xc383; + enum { sig2_size = 2 }; + DWORD j = i + processStartAddress + sig1_size; + i = SearchPattern(j, processStopAddress - j, &sig2, sig2_size); + //if (!j) + if (!i) { // jichi 8/19/2013: Change the condition fro J to I + ConsoleOutput("MalieHook1: pattern j not exist"); + return false; + } + HookParam hp; + hp.address = j + i; + hp.offset=get_reg(regs::ebx); + hp.index = -0x8; + hp.split = get_reg(regs::ebx); + hp.split_index = 0x10; + hp.type = CODEC_UTF16|USING_SPLIT|DATA_INDIRECT|SPLIT_INDIRECT; + ConsoleOutput("INSERT MalieHook1"); + return NewHook(hp, "Malie"); + //RegisterEngineType(ENGINE_MALIE); +} + +DWORD malie_furi_flag_; // jichi 8/20/2013: Make it global so that it can be reset +void SpecialHookMalie(hook_stack* stack, HookParam *, uintptr_t *data, uintptr_t *split, size_t*len) +{ + DWORD ch = stack->eax & 0xffff, + ptr = stack->edi; + *data = ch; + *len = 2; + if (malie_furi_flag_) { + DWORD index = stack->edx; + if (*(WORD *)(ptr + index * 2 - 2) < 0xa) + malie_furi_flag_ = 0; + } + else if (ch == 0xa) { + malie_furi_flag_ = 1; + len = 0; + } + *split = malie_furi_flag_; +} + +bool InsertMalieHook2() // jichi 8/20/2013: Change return type to boolean +{ + const BYTE bytes[] = {0x66,0x3d,0x1,0x0}; + DWORD start = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!start) { + ConsoleOutput("MalieHook2: pattern not exist"); + return false; + } + BYTE *ptr = (BYTE *)start; + while (true) { + if (*(WORD *)ptr == 0x3d66) { + ptr += 4; + if (ptr[0] == 0x75) { + ptr += ptr[1]+2; + continue; + } + if (*(WORD *)ptr == 0x850f) { + ptr += *(DWORD *)(ptr + 2) + 6; + continue; + } + } + break; + } + malie_furi_flag_ = 0; // reset old malie flag + HookParam hp; + hp.address = (DWORD)ptr + 4; + hp.offset=get_reg(regs::eax); + hp.text_fun = SpecialHookMalie; + hp.type = USING_SPLIT|CODEC_UTF16|NO_CONTEXT|USING_CHAR; + hp.type = NO_CONTEXT; + ConsoleOutput("INSERT MalieHook2"); + return NewHook(hp, "Malie"); + //RegisterEngineType(ENGINE_MALIE); + +} + +/** + * jichi 12/17/2013: Added for Electro Arms + * Observations from Electro Arms: + * 1. split = 0xC can handle most texts and its dwRetn is always zero + * 2. The text containing furigana needed to split has non-zero dwRetn when split = 0 + * + * 3/15/2015: logic modified as the plus operation would create so many threads + */ +void SpecialHookMalie2(hook_stack* stack, HookParam *, uintptr_t *data, uintptr_t *split, size_t*len) +{ + //CC_UNUSED(data); + //*len = GetHookDataLength(*hp, esp_base, (DWORD)data); + *len = 2; + + DWORD s1 = stack->stack[3], // base split, which is stable + s2 = stack->stack[0]; // used to split out furigana, but un stable + // http://www.binaryhexconverter.com/decimal-to-binary-converter + //enum : DWORD { mask = 0x14 }; + *split = s1 + (s2 ? 1 : 0); +} + +// static DWORD last_split; // FIXME: This makes the special function stateful +// DWORD s1 = *(DWORD *)esp_base; // current split at 0x0 +// if (!s1) +// *split = last_split; +// else { +// DWORD s2 = *(DWORD *)(esp_base + 0xc); // second split +// *split = last_split = s1 + s2; // not sure if plus is a good way +// } + +/** + * jichi 8/20/2013: Add hook for sweet light BRAVA!! + * See: http://www.hongfire.com/forum/printthread.php?t=36807&pp=10&page=680 + * + * BRAVA!! /H code: "/HWN-4:C@1A3DF4:malie.exe" + * - addr: 1719796 = 0x1a3df4 + * - text_fun: 0x0 + * - function: 0 + * - hook_len: 0 + * - ind: 0 + * - length_offset: 1 + * - module: 751199171 = 0x2cc663c3 + * - off: 4294967288 = 0xfffffff8L = -0x8 + * - recover_len: 0 + * - split: 12 = 0xc + * - split_ind: 0 + * - type: 1106 = 0x452 + */ +bool InsertMalie2Hook() +{ + // 001a3dee 6900 70000000 imul eax,dword ptr ds:[eax],70 + // 001a3df4 0200 add al,byte ptr ds:[eax] ; this is the place to hook + // 001a3df6 50 push eax + // 001a3df7 0069 00 add byte ptr ds:[ecx],ch + // 001a3dfa 0000 add byte ptr ds:[eax],al + const BYTE bytes1[] = { + 0x40, // inc eax + 0x89,0x56, 0x08, // mov dword ptr ds:[esi+0x8],edx + 0x33,0xd2, // xor edx,edx + 0x89,0x46, 0x04 // mov dword ptr ds:[esi+0x4],eax + }; + ULONG range1 = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes1, sizeof(bytes1), processStartAddress, processStartAddress + range1); + //reladdr = 0x1a3df4; + if (!addr) { + //ITH_MSG(0, "Wrong1", "t", 0); + //ConsoleOutput("Not malie2 engine"); + ConsoleOutput("Malie2Hook: pattern p not exist"); + return false; + } + + addr += sizeof(bytes1); // skip bytes1 + //const BYTE bytes2[] = { 0x85, 0xc0 }; // test eax,eax + const WORD bytes2 = 0xc085; // test eax,eax + enum { range2 = 0x200 }; + addr = MemDbg::findBytes(&bytes2, sizeof(bytes2), addr, addr + range2); + if (!addr) { + //ConsoleOutput("Not malie2 engine"); + ConsoleOutput("Malie2Hook: pattern q not exist"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::eax); + //hp.split = 0xc; // jichi 12/17/2013: Subcontext removed + //hp.split = -0xc; // jichi 12/17/2013: This could split the furigana, but will mess up the text + //hp.type = USING_SPLIT|CODEC_UTF16|NO_CONTEXT; + // jichi 12/17/2013: Need extern func for Electro Arms + // Though the hook parameter is quit similar to Malie, the original extern function does not work + hp.type = USING_SPLIT|NO_CONTEXT|CODEC_UTF16|USING_CHAR; + hp.text_fun = SpecialHookMalie2; + ConsoleOutput("INSERT Malie2"); + return NewHook(hp, "Malie2"); + + //GROWL_DWORD2(hp.address, reladdr); + //RegisterEngineType(ENGINE_MALIE); +} + +// jichi 2/8/3014: Return the beginning and the end of the text +// Remove the leading illegal characters +enum { _MALIE3_MAX_LENGTH = VNR_TEXT_CAPACITY }; +LPCWSTR _Malie3LTrim(LPCWSTR p) +{ + if (p) + for (int count = 0; count < _MALIE3_MAX_LENGTH; count++, + p++) + if (p[0] == L'v' && p[1] == L'_') { // ex. v_akr0001, v_mzk0001 + p += 9; + return p; // must return otherwise trimming more will break the ITH repetition elimination + } else if (p[0] >= 0xa) // ltrim illegal characters less than 0xa + return p; + return nullptr; +} +// Remove the trailing illegal characters +LPCWSTR _Malie3RTrim(LPCWSTR p) +{ + if (p) + for (int count = 0; count < _MALIE3_MAX_LENGTH; count++, + p--) + if (p[-1] >= 0xa) { // trim illegal characters less than 0xa + if (p[-1] >= L'0' && p[-1] <= L'9'&& p[-1-7] == L'_') + p -= 9; + else + return p; + } + return nullptr; +} + +// Example section in memory: +// 0D7D7E00 07 00 08 00 76 00 5F 00 7A 00 65 00 70 00 30 00 v_zep0 +// 0D7D7E10 30 00 37 00 35 00 00 00 0C 30 42 30 41 30 01 30 075.「あぁ�// 0D7D7E20 41 30 26 20 26 20 07 00 09 00 07 00 06 00 07 00 ぁ……. +// 0D7D7E30 08 00 76 00 5F 00 7A 00 65 00 70 00 30 00 30 00 v_zep00 +// 0D7D7E40 37 00 36 00 00 00 46 30 01 30 42 30 01 30 41 30 76.぀�あ、ぁ +// 0D7D7E50 41 30 41 30 26 20 26 20 26 20 26 20 01 30 63 30 ぁぁ…………、っ +// 0D7D7E60 07 00 09 00 0D 30 07 00 06 00 0A 00 0A 00 00 30 .�.. +// 0D7D7E70 16 60 44 30 01 30 16 60 44 30 01 30 4A 30 5E 30 怖い、怖い、お�// 0D7D7E80 7E 30 57 30 44 30 02 30 55 4F 4C 30 16 60 44 30 ましい。何が怖い +// 0D7D7E90 6E 30 4B 30 55 30 48 30 01 30 06 52 4B 30 89 30 のかさえ、�から +// 0D7D7EA0 6A 30 44 30 02 30 07 00 06 00 0A 00 00 30 8B 89 な぀. �// 0D7D7EB0 8B 30 6A 30 88 30 02 30 8B 89 8B 30 6A 30 02 30 るなよ。見るな�// 0D7D7EC0 07 00 06 00 8B 89 8B 30 6A 30 01 30 8B 89 8B 30 見るな、見る +// 0D7D7ED0 6A 30 8B 89 8B 30 6A 30 8B 89 8B 30 6A 30 01 30 な見るな見るな�// 0D7D7EE0 1F 75 4D 30 66 30 66 30 AA 60 44 30 4B 30 88 30 生きてて悪ぁ��// 0D7D7EF0 02 30 C5 60 51 30 6A 30 44 30 63 30 66 30 07 00 。情けなぁ�て +// 0D7D7F00 01 00 E4 55 0A 00 8F 30 89 30 00 00 46 30 6A 30 嗤.わら.ぁ� +// 0D7D7F10 88 30 02 30 07 00 06 00 BE 7C 00 4E 6F 67 6A 30 よ�精一杯な +// 0D7D7F20 93 30 60 30 8B 89 03 90 57 30 66 30 4F 30 8C 30 んだ見送�てくれ +// 0D7D7F30 02 30 4A 30 58 98 44 30 57 30 7E 30 59 30 01 30 。お願いします�// 0D7D7F40 60 30 4B 30 89 30 69 30 46 30 4B 30 5D 30 6E 30 �からどぁ�そ� +// 0D7D7F50 EE 76 92 30 84 30 81 30 66 30 01 30 4F 30 60 30 目をやめて、く� +// 0D7D7F60 55 30 44 30 01 30 5D 30 93 30 6A 30 02 30 07 00 さい、そんな� +// 0D7D7F70 06 00 0A 00 00 30 07 00 01 00 BA 87 50 5B 0A 00 . 螺� +// 0D7D7F80 59 30 4C 30 00 00 8B 30 88 30 46 30 6A 30 EE 76 すが.るよぁ�目 +// 0D7D7F90 67 30 00 25 00 25 07 00 06 00 BF 30 01 30 B9 30 で──タ、ス +// 0D7D7FA0 01 30 B1 30 01 30 C6 30 01 30 6A 30 93 30 66 30 、ケ、テ、なんて +// 0D7D7FB0 02 30 07 00 06 00 00 00 00 00 00 00 00 00 00 00 �..... +// 0D7D7FC0 FC D8 C0 22 00 00 00 80 74 00 00 00 00 00 00 00 .耀t... +// +// Return the end of the line +LPCWSTR _Malie3GetEOL(LPCWSTR p) +{ + if (p) + for (int count = 0; count < _MALIE3_MAX_LENGTH; count++, + p++) + switch (*p) { + case 0: + case 0xa: // stop at \0, or \n where the text after 0xa is furigana + return p; + case 0x7: + // \x07\x00\x01\x00 is used to split furigana, which we want to keep + // \x07\x00\x04\x00 is used to split sentences, observed in シルヴァリオ ヴェンヂ�ヂ� + // \x07\x00\x06\x00 is used to split paragraph, observed in シルヴァリオ ヴェンヂ�ヂ� + if (p[1] < 0xa && p[1] != 0x1) + return p; + } + return nullptr; +} + +/** + * jichi 3/8/2014: Add hook for 相州戦神館學�八命陣 + * See: http://sakuradite.com/topic/157 + * check 0x5b51ed for ecx+edx*2 + * Also need to skip furigana. + */ + +void SpecialHookMalie3(hook_stack* stack, HookParam *, uintptr_t *data, uintptr_t *split, size_t*len) +{ + //CC_UNUSED(split); + DWORD ecx = stack->ecx, // *(DWORD *)(esp_base + pusha_ecx_off - 4), + edx = stack->edx; // *(DWORD *)(esp_base + pusha_edx_off - 4); + //*data = ecx + edx*2; // [ecx+edx*2]; + //*len = wcslen((LPCWSTR)data) << 2; + // There are garbage characters + LPCWSTR start = _Malie3LTrim((LPCWSTR)(ecx + edx*2)), + stop = _Malie3RTrim(_Malie3GetEOL(start)); + *data = (DWORD)start; + *len = max(0, stop - start) * 2; + *split = FIXED_SPLIT_VALUE; + //GROWL_DWORD5((DWORD)start, (DWORD)stop, *len, (DWORD)*start, (DWORD)_Malie3GetEOL(start)); +} + +/** + * jichi 8/20/2013: Add hook for 相州戦神館學�八命陣 + * See: http://sakuradite.com/topic/157 + * Credits: @ok123 + * + * Debugging method: insert hardware breakpoint into text + * There are four matches of text in the memory + * + * Sample game: シルヴァリオ ヴェンヂ�ヂ� + * 0065478B 90 NOP + * 0065478C 90 NOP + * 0065478D 90 NOP + * 0065478E 90 NOP + * 0065478F 90 NOP + * 00654790 8B4424 04 MOV EAX,DWORD PTR SS:[ESP+0x4] + * 00654794 56 PUSH ESI + * 00654795 57 PUSH EDI + * 00654796 8B50 08 MOV EDX,DWORD PTR DS:[EAX+0x8] + * 00654799 8B08 MOV ECX,DWORD PTR DS:[EAX] + * 0065479B 33F6 XOR ESI,ESI + * 0065479D 66:8B3451 MOV SI,WORD PTR DS:[ECX+EDX*2] ; jichi: text accessed here + * 006547A1 42 INC EDX + * 006547A2 8970 04 MOV DWORD PTR DS:[EAX+0x4],ESI + * 006547A5 8950 08 MOV DWORD PTR DS:[EAX+0x8],EDX + * 006547A8 8B50 04 MOV EDX,DWORD PTR DS:[EAX+0x4] + * 006547AB 83FA 01 CMP EDX,0x1 + * 006547AE 75 2C JNZ SHORT malie.006547DC + * 006547B0 8B50 08 MOV EDX,DWORD PTR DS:[EAX+0x8] + * 006547B3 33F6 XOR ESI,ESI + * 006547B5 66:8B3451 MOV SI,WORD PTR DS:[ECX+EDX*2] + * 006547B9 42 INC EDX + * 006547BA 8970 04 MOV DWORD PTR DS:[EAX+0x4],ESI + * 006547BD 33F6 XOR ESI,ESI + * 006547BF 8950 08 MOV DWORD PTR DS:[EAX+0x8],EDX + * 006547C2 66:8B3451 MOV SI,WORD PTR DS:[ECX+EDX*2] + * 006547C6 8970 04 MOV DWORD PTR DS:[EAX+0x4],ESI + * 006547C9 42 INC EDX + * 006547CA 33F6 XOR ESI,ESI + * 006547CC 8950 08 MOV DWORD PTR DS:[EAX+0x8],EDX + * 006547CF 66:8B3451 MOV SI,WORD PTR DS:[ECX+EDX*2] + * 006547D3 42 INC EDX + * 006547D4 8970 04 MOV DWORD PTR DS:[EAX+0x4],ESI + * 006547D7 8950 08 MOV DWORD PTR DS:[EAX+0x8],EDX + * 006547DA ^EB BF JMP SHORT malie.0065479B + * 006547DC 83FA 02 CMP EDX,0x2 + * 006547DF 0F84 59010000 JE malie.0065493E + * 006547E5 83FA 03 CMP EDX,0x3 + * 006547E8 75 12 JNZ SHORT malie.006547FC + * 006547EA 8B50 08 MOV EDX,DWORD PTR DS:[EAX+0x8] + * 006547ED 33F6 XOR ESI,ESI + * 006547EF 66:8B3451 MOV SI,WORD PTR DS:[ECX+EDX*2] + * 006547F3 42 INC EDX + * 006547F4 8970 04 MOV DWORD PTR DS:[EAX+0x4],ESI + * 006547F7 8950 08 MOV DWORD PTR DS:[EAX+0x8],EDX + * 006547FA ^EB 9F JMP SHORT malie.0065479B + * 006547FC 83FA 04 CMP EDX,0x4 + * 006547FF 0F84 39010000 JE malie.0065493E + * 00654805 83FA 07 CMP EDX,0x7 + * 00654808 0F85 27010000 JNZ malie.00654935 + * 0065480E 8B50 08 MOV EDX,DWORD PTR DS:[EAX+0x8] + * 00654811 33F6 XOR ESI,ESI + * 00654813 66:8B3451 MOV SI,WORD PTR DS:[ECX+EDX*2] + * 00654817 8970 04 MOV DWORD PTR DS:[EAX+0x4],ESI + * 0065481A 8D72 01 LEA ESI,DWORD PTR DS:[EDX+0x1] + * 0065481D 8B50 04 MOV EDX,DWORD PTR DS:[EAX+0x4] + * 00654820 8970 08 MOV DWORD PTR DS:[EAX+0x8],ESI + * 00654823 8D7A FF LEA EDI,DWORD PTR DS:[EDX-0x1] + * 00654826 83FF 3B CMP EDI,0x3B + * 00654829 ^0F87 79FFFFFF JA malie.006547A8 + * 0065482F 33D2 XOR EDX,EDX + * 00654831 8A97 9C496500 MOV DL,BYTE PTR DS:[EDI+0x65499C] + * 00654837 FF2495 80496500 JMP DWORD PTR DS:[EDX*4+0x654980] + * 0065483E 8B50 0C MOV EDX,DWORD PTR DS:[EAX+0xC] + * 00654841 85D2 TEST EDX,EDX + * 00654843 0F8F 2B010000 JG malie.00654974 + * 00654849 33D2 XOR EDX,EDX + * 0065484B 66:8B1471 MOV DX,WORD PTR DS:[ECX+ESI*2] + * 0065484F 46 INC ESI + * 00654850 85D2 TEST EDX,EDX + * 00654852 8950 04 MOV DWORD PTR DS:[EAX+0x4],EDX + * 00654855 8970 08 MOV DWORD PTR DS:[EAX+0x8],ESI + * 00654858 0F84 E0000000 JE malie.0065493E + * 0065485E 8B50 08 MOV EDX,DWORD PTR DS:[EAX+0x8] + * 00654861 33F6 XOR ESI,ESI + * 00654863 66:8B3451 MOV SI,WORD PTR DS:[ECX+EDX*2] + * 00654867 42 INC EDX + * 00654868 8950 08 MOV DWORD PTR DS:[EAX+0x8],EDX + * 0065486B 8BD6 MOV EDX,ESI + * 0065486D 85D2 TEST EDX,EDX + * 0065486F 8970 04 MOV DWORD PTR DS:[EAX+0x4],ESI + * 00654872 ^75 EA JNZ SHORT malie.0065485E + * 00654874 8B50 08 MOV EDX,DWORD PTR DS:[EAX+0x8] + */ +bool InsertMalie3Hook() +{ + // i.e. 8b44240456578b50088b0833f6668b345142 + const BYTE bytes[] = { + // 0x90 nop + 0x8b,0x44,0x24, 0x04, // 5b51e0 mov eax,dword ptr ss:[esp+0x4] ; jichi: function starts + 0x56, // 5b51e4 push esi + 0x57, // 5b51e5 push edi + 0x8b,0x50, 0x08, // 5b51e6 mov edx,dword ptr ds:[eax+0x8] + 0x8b,0x08, // 5b51e9 mov ecx,dword ptr ds:[eax] + 0x33,0xf6, // 5b51eb xor esi,esi + 0x66,0x8b,0x34,0x51, // 5b51ed mov si,word ptr ds:[ecx+edx*2] // jichi: hook here + 0x42 // 5b51f1 inc edx + }; + enum {addr_offset = 0x5b51ed - 0x5b51e0}; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!addr) { + ConsoleOutput("Malie3: pattern not found"); + return false; + } + HookParam hp; + hp.address = addr + addr_offset; + //GROWL(hp.address); + //hp.address = 0x5b51ed; + //hp.address = 0x5b51f1; + //hp.address = 0x5b51f2; + // jichi 3/15/2015: Remove 0704 in シルヴァリオ ヴェンッ�タ + hp.filter_fun = IllegalCharsFilterW; // remove illegal control chars such as 0x07,0x01 + hp.text_fun = SpecialHookMalie3; + hp.type = USING_SPLIT|NO_CONTEXT|CODEC_UTF16; + //hp.filter_fun = Malie3Filter; + ConsoleOutput("INSERT Malie3"); + return NewHook(hp, "Malie3"); +} + +bool InsertMalie4Hook() +{ + // i.e. 50 8B 45 10 D9 9F ?? ?? ?? ?? 0F B7 04 58 50 51 E8 ?? ?? ?? ?? 8B 45 14 83 C4 10 + const BYTE bytes[] = { + 0x50, // 65904E | 50 | push eax | mireado: pattern starts + 0x8B,0x45,0x10, // 65904F | 8B 45 10 | mov eax,dword ptr ss:[ebp+10] | + 0xD9,0x9F,XX4, // 659052 | D9 9F E8 6B 87 00 | fstp dword ptr ds:[edi+876BE8] | + 0x0F,0xB7,0x04,0x58, // 659058 | 0F B7 04 58 | movzx eax,word ptr ds:[eax+ebx*2] | + 0x50, // 65905C | 50 | push eax | + 0x51, // 65905D | 51 | push ecx | + 0xE8,XX4, // 65905E | E8 DD 1D EA FF | call malie.4FAE40 | mireado: hook here + 0x8B,0x45,0x14, // 659063 | 8B 45 14 | mov eax,dword ptr ss:[ebp+14] | + 0x83,0xC4,0x10 // 659066 | 83 C4 10 | add esp,10 | + }; + enum {addr_offset = 0x65905E - 0x65904E}; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!addr) { + ConsoleOutput("Malie4: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr + addr_offset; + hp.offset=get_reg(regs::eax); // pusha_eax_off - 4 + //hp.split = 0xc; // jichi 12/17/2013: Subcontext removed + //hp.type = USING_SPLIT|CODEC_UTF16|NO_CONTEXT; + // jichi 12/17/2013: Need extern func for Electro Arms + // Though the hook parameter is quit similar to Malie, the original extern function does not work + hp.split = get_reg(regs::edx); // jichi 12/17/2013: This could split the furigana, but will mess up the text + hp.type = USING_SPLIT|NO_CONTEXT|CODEC_UTF16; + ConsoleOutput("INSERT Malie4"); + return NewHook(hp, "Malie4"); + + //GROWL_DWORD2(hp.address, reladdr); + //RegisterEngineType(ENGINE_MALIE); +} + +// Artikash 1/19/2019: works on https://vndb.org/r52326 +bool InsertMalie5Hook() +{ + const BYTE bytes[] = { + 0x8b, 0x49, 0x10, // mov ecx,[ecx+10] + 0x03, 0x08, // add ecx,[eax] + 0x51 // push ecx + }; + + if (DWORD addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress)) + { + ConsoleOutput("INSERT Malie5"); + HookParam hp; + hp.address = addr + 5; + hp.offset=get_reg(regs::ecx); + hp.type = CODEC_UTF16 | USING_STRING | NO_CONTEXT; + return NewHook(hp, "Malie5"); + } + + ConsoleOutput("Malie5 pattern not found"); + return false; +} + +// jichi 3/12/2015: Return guessed Malie engine year +//int GetMalieYear() +//{ +// if (Util::SearchResourceString(L"2013 light")) +// return 2013; +// if (Util::SearchResourceString(L"2014 light")) +// return 2014; +// return 2015; +//} + +} // unnamed Malie + +bool InsertMalieHook() +{ + if (Util::CheckFile(L"tools.dll")) + return InsertMalieHook1(); // jichi 3/5/2015: For old light games such as Dies irae. + + else { // For old Malie games before 2015 + // jichi 8/20/2013: Add hook for sweet light engine + // Insert both malie and malie2 hook. + bool ok = false; + + // jichi 3/12/2015: Disable MalieHook2 which will crash シルヴァリオ ヴェンッ�タ + //if (!Util::CheckFile(L"gdiplus.dll")) + if (Util::CheckFile(L"System\\*")) { // Insert old Malie hook. There are usually System/cursor.cur + ok = InsertMalieHook2() || ok; + ok = InsertMalie2Hook() || ok; // jichi 8/20/2013 + } + + // The main disadvantage of Malie3 is that it cannot find character name + ok = InsertMalie3Hook() || ok; // jichi 3/7/2014 + ok = InsertMalie4Hook() || ok; + ok = InsertMalie5Hook() || ok; + return ok; + } +} + +namespace { // unnamed +namespace ScenarioHook { +namespace Private { + + /** + * Sample game: シルヴァリオ ヴェンデッタ + * + * 0706: long pause, text separator + * 0704: short pause + * 0708: voice start. + * 0701: ruby start, 0a as separator + * + * Sample plain unvoiced text: + * + * 0706 is used as pause char. + * + * 01FFF184 00 30 2A 8A 8C 30 8B 30 21 6B 6E 30 27 59 75 65  訪れる次の大敵 + * 01FFF194 00 25 00 25 21 6B 6E 30 0D 4E 78 5E 02 30 21 6B ──次の不幸。次 + * 01FFF1A4 6E 30 E6 82 E3 96 02 30 21 6B 6E 30 34 78 C5 6E の苦難。次の破滅 + * 01FFF1B4 02 30 07 00 06 00 0A 00 00 30 B4 63 7F 30 D6 53 。. 掴み取 + * 01FFF1C4 63 30 5F 30 6F 30 5A 30 6E 30 2A 67 65 67 6F 30 ったはずの未来は + * 01FFF1D4 97 66 D2 9E 6B 30 55 87 7E 30 8C 30 5F 30 7E 30 暗黒に蝕まれたま + * 01FFF1E4 7E 30 9A 7D 4C 88 57 30 66 30 44 30 4F 30 02 30 ま続行していく。 + * 01FFF1F4 07 00 06 00 0A 00 00 30 80 30 57 30 8D 30 4B 62 . むしろ手 + * 01FFF204 6B 30 57 30 5F 30 47 59 E1 8D 92 30 7C 54 73 30 にした奇跡を呼び + * 01FFF214 34 6C 6B 30 01 30 88 30 8A 30 4A 30 5E 30 7E 30 水に、よりおぞま + * 01FFF224 57 30 44 30 B0 65 5F 30 6A 30 66 8A F4 7D 92 30 しい新たな試練を + * 01FFF234 44 7D 7F 30 BC 8F 93 30 67 30 4B 90 7D 54 92 30 組み込んで運命を + * 01FFF244 C6 99 D5 52 55 30 5B 30 8B 30 6E 30 60 30 02 30 駆動させるのだ。 + * 01FFF254 07 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 ...... + * 01FFF264 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ + * 01FFF274 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ + * 01FFF284 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ + * 01FFF294 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ + * 01FFF2A4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ + * + * Mixed unvoiced text and voiced text list: + * 01FFF184 00 30 1C 20 DD 52 29 52 1D 20 4B 30 89 30 6F 30  “勝利”からは + * 01FFF194 03 90 52 30 89 30 8C 30 6A 30 44 30 02 30 07 00 逃げられない。 + * 01FFF1A4 06 00 0A 00 00 30 1C 20 DD 52 29 52 1D 20 4B 30 . “勝利”か + * 01FFF1B4 89 30 6F 30 03 90 52 30 89 30 8C 30 6A 30 44 30 らは逃げられない + * 01FFF1C4 02 30 07 00 06 00 0A 00 00 30 1C 20 DD 52 29 52 。. “勝利 + * 01FFF1D4 1D 20 4B 30 89 30 6F 30 03 90 52 30 89 30 8C 30 ”からは逃げられ + * 01FFF1E4 6A 30 44 30 02 30 07 00 06 00 0A 00 0A 00 07 00 ない。.. + * 01FFF1F4 08 00 76 00 5F 00 76 00 6E 00 64 00 30 00 30 00 v_vnd00 + * 01FFF204 30 00 31 00 00 00 0C 30 6A 30 89 30 70 30 00 25 01.「ならば─ + * 01FFF214 00 25 00 25 00 25 0D 30 07 00 09 00 07 00 06 00 ───」. + * 01FFF224 0A 00 0A 00 00 30 00 25 00 25 55 30 42 30 01 30 .. ──さあ、 + * 01FFF234 69 30 46 30 59 30 8B 30 4B 30 1F FF 07 00 06 00 どうするか? + * 01FFF244 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ + * 01FFF254 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ + * 01FFF264 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ + * + * Sample voiced text: + * + * 0269F184 07 00 08 00 76 00 5F 00 7A 00 65 00 70 00 30 00 v_zep0 + * 0269F194 30 00 30 00 31 00 00 00 1C 20 DD 52 29 52 1D 20 001.“勝利” + * 0269F1A4 68 30 6F 30 01 30 55 4F 60 30 1F FF 07 00 09 00 とは、何だ?. + * 0269F1B4 07 00 06 00 0A 00 0A 00 07 00 08 00 76 00 5F 00 ..v_ + * 0269F1C4 7A 00 65 00 70 00 30 00 30 00 30 00 32 00 00 00 zep0002. + * 0269F1D4 1C 20 04 68 49 51 1D 20 68 30 6F 30 01 30 55 4F “栄光”とは、何 + * 0269F1E4 60 30 1F FF 07 00 09 00 07 00 06 00 0A 00 0A 00 だ?... + * 0269F1F4 07 00 08 00 76 00 5F 00 7A 00 65 00 70 00 30 00 v_zep0 + * 0269F204 30 00 30 00 33 00 00 00 5D 30 8C 30 92 30 97 5F 003.それを得 + * 0269F214 8C 30 70 30 01 30 55 4F 82 30 31 59 8F 30 5A 30 れば、何も失わず + * 0269F224 6B 30 08 6E 80 30 6E 30 60 30 8D 30 46 30 4B 30 に済むのだろうか + * 0269F234 07 00 09 00 07 00 06 00 0A 00 0A 00 07 00 08 00 ... + * 0269F244 76 00 5F 00 7A 00 65 00 70 00 30 00 30 00 30 00 v_zep000 + * 0269F254 34 00 00 00 51 65 48 30 8B 30 6E 30 4B 30 02 30 4.救えるのか。 + * 0269F264 88 5B 8C 30 8B 30 6E 30 4B 30 02 30 2C 67 53 5F 守れるのか。本当 + * 0269F274 6B 30 01 30 78 5E 5B 30 6B 30 6A 30 8C 30 8B 30 に、幸せになれる + * 0269F284 6E 30 60 30 8D 30 46 30 4B 30 07 00 09 00 07 00 のだろうか. + * 0269F294 06 00 00 00 00 00 00 00 D1 01 00 00 8C F3 69 02 ...Ǒ.ɩ + * + * Ruby: + * + * 01FDF2B4 63 30 5F 30 07 00 01 00 14 90 EF 7A 0A 00 68 30 った途端.と + * 01FDF2C4 5F 30 93 30 00 00 01 30 06 90 6B 30 40 62 09 67 たん.、逆に所有 + * + * Pause without 0a: + * + * 0271F184 07 00 08 00 76 00 5F 00 7A 00 65 00 70 00 30 00 v_zep0 + * 0271F194 30 00 34 00 34 00 00 00 00 30 51 30 8C 30 69 30 044. けれど + * 0271F1A4 00 25 00 25 07 00 09 00 07 00 06 00 07 00 08 00 ──. + * 0271F1B4 76 00 5F 00 7A 00 65 00 70 00 30 00 30 00 34 00 v_zep004 + * 0271F1C4 35 00 00 00 5D 30 8C 30 67 30 82 30 01 30 88 5B 5.それでも、守 + * 0271F1D4 89 30 6A 30 51 30 8C 30 70 30 6A 30 89 30 6A 30 らなければならな + * 0271F1E4 44 30 50 5B 4C 30 FA 51 65 67 5F 30 4B 30 89 30 い子が出来たから + * 0271F1F4 02 30 07 00 09 00 07 00 06 00 07 00 04 00 00 30 。.  + * 0271F204 07 00 08 00 76 00 5F 00 7A 00 65 00 70 00 30 00 v_zep0 + * 0271F214 30 00 34 00 36 00 00 00 7C 5F 73 59 92 30 51 65 046.彼女を救 + * 0271F224 46 30 5F 30 81 30 6B 30 01 30 53 30 6E 30 61 30 うために、このち + * 0271F234 63 30 7D 30 51 30 6A 30 7D 54 92 30 F8 61 51 30 っぽけな命を懸け + * 0271F244 8B 30 68 30 93 8A 63 30 5F 30 02 30 86 30 48 30 ると誓った。ゆえ + * + * Scenario caller: 4637bf + * + * 0046377D 90 NOP + * 0046377E 90 NOP + * 0046377F 90 NOP + * 00463780 81EC 00080000 SUB ESP,0x800 + * 00463786 56 PUSH ESI + * 00463787 8BB424 08080000 MOV ESI,DWORD PTR SS:[ESP+0x808] + * 0046378E 8B46 1C MOV EAX,DWORD PTR DS:[ESI+0x1C] + * 00463791 8B88 68020000 MOV ECX,DWORD PTR DS:[EAX+0x268] + * 00463797 57 PUSH EDI + * 00463798 51 PUSH ECX + * 00463799 E8 D200FFFF CALL malie.00453870 + * 0046379E 8BBC24 14080000 MOV EDI,DWORD PTR SS:[ESP+0x814] + * 004637A5 68 C06C4100 PUSH malie.00416CC0 + * 004637AA 8D5424 10 LEA EDX,DWORD PTR SS:[ESP+0x10] + * 004637AE 57 PUSH EDI + * 004637AF 52 PUSH EDX + * 004637B0 E8 AB041F00 CALL malie.00653C60 + * 004637B5 8D4424 18 LEA EAX,DWORD PTR SS:[ESP+0x18] + * 004637B9 50 PUSH EAX + * 004637BA E8 21031F00 CALL malie.00653AE0 ; jichi: scenario caller + * 004637BF 8B4E 1C MOV ECX,DWORD PTR DS:[ESI+0x1C] + * 004637C2 57 PUSH EDI + * 004637C3 8981 68020000 MOV DWORD PTR DS:[ECX+0x268],EAX + * 004637C9 E8 32E61E00 CALL malie.00651E00 + * 004637CE 83C4 18 ADD ESP,0x18 + * 004637D1 33D2 XOR EDX,EDX + * 004637D3 85C0 TEST EAX,EAX + * 004637D5 8B46 1C MOV EAX,DWORD PTR DS:[ESI+0x1C] + * 004637D8 0F9FC2 SETG DL + * 004637DB 5F POP EDI + * 004637DC 5E POP ESI + * 004637DD 8990 7C020000 MOV DWORD PTR DS:[EAX+0x27C],EDX + * 004637E3 81C4 00080000 ADD ESP,0x800 + * 004637E9 C3 RETN + * 004637EA 90 NOP + * 004637EB 90 NOP + * 004637EC 90 NOP + * + * Name caller: 46382e + * + * 004637EB 90 NOP + * 004637EC 90 NOP + * 004637ED 90 NOP + * 004637EE 90 NOP + * 004637EF 90 NOP + * 004637F0 81EC 00080000 SUB ESP,0x800 + * 004637F6 56 PUSH ESI + * 004637F7 8BB424 08080000 MOV ESI,DWORD PTR SS:[ESP+0x808] + * 004637FE 8B46 1C MOV EAX,DWORD PTR DS:[ESI+0x1C] + * 00463801 8B88 6C020000 MOV ECX,DWORD PTR DS:[EAX+0x26C] + * 00463807 51 PUSH ECX + * 00463808 E8 6300FFFF CALL malie.00453870 + * 0046380D 8B9424 10080000 MOV EDX,DWORD PTR SS:[ESP+0x810] + * 00463814 68 C06C4100 PUSH malie.00416CC0 + * 00463819 52 PUSH EDX + * 0046381A 8D4424 10 LEA EAX,DWORD PTR SS:[ESP+0x10] + * 0046381E 50 PUSH EAX + * 0046381F E8 3C041F00 CALL malie.00653C60 + * 00463824 8D4C24 14 LEA ECX,DWORD PTR SS:[ESP+0x14] + * 00463828 51 PUSH ECX + * 00463829 E8 B2021F00 CALL malie.00653AE0 ; jichi: name + * 0046382E 8B56 1C MOV EDX,DWORD PTR DS:[ESI+0x1C] + * 00463831 83C4 14 ADD ESP,0x14 + * 00463834 8982 6C020000 MOV DWORD PTR DS:[EDX+0x26C],EAX + * 0046383A 5E POP ESI + * 0046383B 81C4 00080000 ADD ESP,0x800 + * 00463841 C3 RETN + * 00463842 90 NOP + * 00463843 90 NOP + * 00463844 90 NOP + * + * History caller: 418d0b + * + * 00418C9D 90 NOP + * 00418C9E 90 NOP + * 00418C9F 90 NOP + * 00418CA0 81EC 00080000 SUB ESP,0x800 + * 00418CA6 53 PUSH EBX + * 00418CA7 56 PUSH ESI + * 00418CA8 57 PUSH EDI + * 00418CA9 6A 6C PUSH 0x6C + * 00418CAB FF15 20256900 CALL DWORD PTR DS:[<&MSVCRT.malloc>] ; msvcrt.malloc + * 00418CB1 8BD8 MOV EBX,EAX + * 00418CB3 83C4 04 ADD ESP,0x4 + * 00418CB6 85DB TEST EBX,EBX + * 00418CB8 0F84 D1000000 JE malie.00418D8F + * 00418CBE 8BB424 10080000 MOV ESI,DWORD PTR SS:[ESP+0x810] + * 00418CC5 33C0 XOR EAX,EAX + * 00418CC7 B9 1B000000 MOV ECX,0x1B + * 00418CCC 8BFB MOV EDI,EBX + * 00418CCE F3:AB REP STOS DWORD PTR ES:[EDI] + * 00418CD0 8B06 MOV EAX,DWORD PTR DS:[ESI] + * 00418CD2 68 C06C4100 PUSH malie.00416CC0 + * 00418CD7 50 PUSH EAX + * 00418CD8 8D4C24 14 LEA ECX,DWORD PTR SS:[ESP+0x14] + * 00418CDC 51 PUSH ECX + * 00418CDD E8 7EAF2300 CALL malie.00653C60 + * 00418CE2 8D5424 18 LEA EDX,DWORD PTR SS:[ESP+0x18] + * 00418CE6 52 PUSH EDX + * 00418CE7 E8 F4AD2300 CALL malie.00653AE0 + * 00418CEC 8903 MOV DWORD PTR DS:[EBX],EAX + * 00418CEE 8B46 04 MOV EAX,DWORD PTR DS:[ESI+0x4] + * 00418CF1 68 C06C4100 PUSH malie.00416CC0 + * 00418CF6 50 PUSH EAX + * 00418CF7 8D4C24 24 LEA ECX,DWORD PTR SS:[ESP+0x24] + * 00418CFB 51 PUSH ECX + * 00418CFC E8 5FAF2300 CALL malie.00653C60 + * 00418D01 8D5424 28 LEA EDX,DWORD PTR SS:[ESP+0x28] + * 00418D05 52 PUSH EDX + * 00418D06 E8 D5AD2300 CALL malie.00653AE0 ; jichi: history caller + * 00418D0B 8943 04 MOV DWORD PTR DS:[EBX+0x4],EAX + * 00418D0E 8B46 08 MOV EAX,DWORD PTR DS:[ESI+0x8] + * 00418D11 83C4 20 ADD ESP,0x20 + * 00418D14 85C0 TEST EAX,EAX + * 00418D16 75 05 JNZ SHORT malie.00418D1D + * 00418D18 B8 0CEF7000 MOV EAX,malie.0070EF0C + * 00418D1D 50 PUSH EAX + * 00418D1E E8 3D6F2300 CALL malie.0064FC60 + * 00418D23 8943 08 MOV DWORD PTR DS:[EBX+0x8],EAX + * 00418D26 8B46 0C MOV EAX,DWORD PTR DS:[ESI+0xC] + * 00418D29 83C4 04 ADD ESP,0x4 + * 00418D2C 85C0 TEST EAX,EAX + * 00418D2E 75 05 JNZ SHORT malie.00418D35 + * 00418D30 B8 0CEF7000 MOV EAX,malie.0070EF0C + * 00418D35 50 PUSH EAX + * 00418D36 E8 256F2300 CALL malie.0064FC60 + * 00418D3B 8943 0C MOV DWORD PTR DS:[EBX+0xC],EAX + * 00418D3E 8B46 60 MOV EAX,DWORD PTR DS:[ESI+0x60] + * 00418D41 8943 60 MOV DWORD PTR DS:[EBX+0x60],EAX + * 00418D44 8B4E 64 MOV ECX,DWORD PTR DS:[ESI+0x64] + * 00418D47 894B 64 MOV DWORD PTR DS:[EBX+0x64],ECX + * 00418D4A 8B56 68 MOV EDX,DWORD PTR DS:[ESI+0x68] + * 00418D4D 8D7E 10 LEA EDI,DWORD PTR DS:[ESI+0x10] + * 00418D50 83C4 04 ADD ESP,0x4 + * 00418D53 85FF TEST EDI,EDI + * 00418D55 8953 68 MOV DWORD PTR DS:[EBX+0x68],EDX + * 00418D58 74 35 JE SHORT malie.00418D8F + * 00418D5A 55 PUSH EBP + * 00418D5B 8BEB MOV EBP,EBX + * 00418D5D 2BEE SUB EBP,ESI + * 00418D5F BE 14000000 MOV ESI,0x14 + * 00418D64 8B07 MOV EAX,DWORD PTR DS:[EDI] + * 00418D66 66:8338 00 CMP WORD PTR DS:[EAX],0x0 + * 00418D6A 75 04 JNZ SHORT malie.00418D70 + * 00418D6C 33C0 XOR EAX,EAX + * 00418D6E EB 09 JMP SHORT malie.00418D79 + * 00418D70 50 PUSH EAX + * 00418D71 E8 EA6E2300 CALL malie.0064FC60 + * 00418D76 83C4 04 ADD ESP,0x4 + * 00418D79 89042F MOV DWORD PTR DS:[EDI+EBP],EAX + * 00418D7C 83C7 04 ADD EDI,0x4 + * 00418D7F 4E DEC ESI + * 00418D80 ^75 E2 JNZ SHORT malie.00418D64 + * 00418D82 5D POP EBP + * 00418D83 5F POP EDI + * 00418D84 5E POP ESI + * 00418D85 8BC3 MOV EAX,EBX + * 00418D87 5B POP EBX + * 00418D88 81C4 00080000 ADD ESP,0x800 + * 00418D8E C3 RETN + * 00418D8F 5F POP EDI + * 00418D90 5E POP ESI + * 00418D91 8BC3 MOV EAX,EBX + * 00418D93 5B POP EBX + * 00418D94 81C4 00080000 ADD ESP,0x800 + * 00418D9A C3 RETN + * 00418D9B 90 NOP + * 00418D9C 90 NOP + * + * Exit dialog box caller: + * 00475A8D 90 NOP + * 00475A8E 90 NOP + * 00475A8F 90 NOP + * 00475A90 56 PUSH ESI + * 00475A91 68 B09C7500 PUSH malie.00759CB0 + * 00475A96 FF15 F8206900 CALL DWORD PTR DS:[<&KERNEL32.EnterCriti>; ntdll.RtlEnterCriticalSection + * 00475A9C 8B7424 08 MOV ESI,DWORD PTR SS:[ESP+0x8] + * 00475AA0 85F6 TEST ESI,ESI + * 00475AA2 74 4A JE SHORT malie.00475AEE + * 00475AA4 56 PUSH ESI + * 00475AA5 E8 56000000 CALL malie.00475B00 + * 00475AAA 8B46 1C MOV EAX,DWORD PTR DS:[ESI+0x1C] + * 00475AAD 8B08 MOV ECX,DWORD PTR DS:[EAX] + * 00475AAF 51 PUSH ECX + * 00475AB0 E8 BBDDFDFF CALL malie.00453870 + * 00475AB5 8B5424 14 MOV EDX,DWORD PTR SS:[ESP+0x14] + * 00475AB9 52 PUSH EDX + * 00475ABA E8 21E01D00 CALL malie.00653AE0 ; jichi: called here + * 00475ABF 8B4E 1C MOV ECX,DWORD PTR DS:[ESI+0x1C] + * 00475AC2 8901 MOV DWORD PTR DS:[ECX],EAX + * 00475AC4 8B56 1C MOV EDX,DWORD PTR DS:[ESI+0x1C] + * 00475AC7 C782 94000000 00>MOV DWORD PTR DS:[EDX+0x94],0x0 + * 00475AD1 8B46 1C MOV EAX,DWORD PTR DS:[ESI+0x1C] + * 00475AD4 8B08 MOV ECX,DWORD PTR DS:[EAX] + * 00475AD6 51 PUSH ECX + * 00475AD7 E8 84C41D00 CALL malie.00651F60 + * 00475ADC 8B56 1C MOV EDX,DWORD PTR DS:[ESI+0x1C] + * 00475ADF 56 PUSH ESI + * 00475AE0 8982 98000000 MOV DWORD PTR DS:[EDX+0x98],EAX + * 00475AE6 E8 C5000000 CALL malie.00475BB0 + * 00475AEB 83C4 14 ADD ESP,0x14 + * 00475AEE 68 B09C7500 PUSH malie.00759CB0 + * 00475AF3 FF15 44226900 CALL DWORD PTR DS:[<&KERNEL32.LeaveCriti>; ntdll.RtlLeaveCriticalSection + * 00475AF9 5E POP ESI + * 00475AFA C3 RETN + * 00475AFB 90 NOP + * 00475AFC 90 NOP + * 00475AFD 90 NOP + * + * Sample game: 相州戦神館學園 八命陣 (older game0 + * Scenario caller: 46314f + * + * 0046310B 90 NOP + * 0046310C 90 NOP + * 0046310D 90 NOP + * 0046310E 90 NOP + * 0046310F 90 NOP + * 00463110 81EC 00080000 SUB ESP,0x800 + * 00463116 56 PUSH ESI + * 00463117 8BB424 08080000 MOV ESI,DWORD PTR SS:[ESP+0x808] + * 0046311E 8B46 20 MOV EAX,DWORD PTR DS:[ESI+0x20] + * 00463121 8B88 68020000 MOV ECX,DWORD PTR DS:[EAX+0x268] + * 00463127 57 PUSH EDI + * 00463128 51 PUSH ECX + * 00463129 E8 62240200 CALL .00485590 + * 0046312E 8BBC24 14080000 MOV EDI,DWORD PTR SS:[ESP+0x814] + * 00463135 68 10634100 PUSH .00416310 + * 0046313A 8D5424 10 LEA EDX,DWORD PTR SS:[ESP+0x10] + * 0046313E 57 PUSH EDI + * 0046313F 52 PUSH EDX + * 00463140 E8 AB841D00 CALL .0063B5F0 + * 00463145 8D4424 18 LEA EAX,DWORD PTR SS:[ESP+0x18] + * 00463149 50 PUSH EAX + * 0046314A E8 41831D00 CALL .0063B490 + * 0046314F 8B4E 20 MOV ECX,DWORD PTR DS:[ESI+0x20] ; jichi: scenario retaddr + * 00463152 57 PUSH EDI + * 00463153 8981 68020000 MOV DWORD PTR DS:[ECX+0x268],EAX + * 00463159 E8 82661D00 CALL .006397E0 + * 0046315E 83C4 18 ADD ESP,0x18 + * 00463161 33D2 XOR EDX,EDX + * 00463163 85C0 TEST EAX,EAX + * 00463165 8B46 20 MOV EAX,DWORD PTR DS:[ESI+0x20] + * 00463168 0F9FC2 SETG DL + * 0046316B 5F POP EDI + * 0046316C 5E POP ESI + * 0046316D 8990 7C020000 MOV DWORD PTR DS:[EAX+0x27C],EDX + * 00463173 81C4 00080000 ADD ESP,0x800 + * 00463179 C3 RETN + * 0046317A 90 NOP + * 0046317B 90 NOP + * 0046317C 90 NOP + * 0046317D 90 NOP + * 0046317E 90 NOP + * + * Sample game: BRAVA!! + * Scenario retaddr: 42011f + * + * 004200FD 90 NOP + * 004200FE 90 NOP + * 004200FF 90 NOP + * 00420100 56 PUSH ESI + * 00420101 8B7424 08 MOV ESI,DWORD PTR SS:[ESP+0x8] + * 00420105 8B46 20 MOV EAX,DWORD PTR DS:[ESI+0x20] + * 00420108 8B88 F0000000 MOV ECX,DWORD PTR DS:[EAX+0xF0] + * 0042010E 57 PUSH EDI + * 0042010F 51 PUSH ECX + * 00420110 E8 BB240200 CALL .004425D0 + * 00420115 8B7C24 14 MOV EDI,DWORD PTR SS:[ESP+0x14] + * 00420119 57 PUSH EDI + * 0042011A E8 01031300 CALL .00550420 + * 0042011F 8B56 20 MOV EDX,DWORD PTR DS:[ESI+0x20] ; jichi: scenario caller + * 00420122 57 PUSH EDI + * 00420123 8982 F0000000 MOV DWORD PTR DS:[EDX+0xF0],EAX + * 00420129 E8 B2E61200 CALL .0054E7E0 + * 0042012E 8B56 20 MOV EDX,DWORD PTR DS:[ESI+0x20] + * 00420131 83C4 0C ADD ESP,0xC + * 00420134 33C9 XOR ECX,ECX + * 00420136 85C0 TEST EAX,EAX + * 00420138 0F9FC1 SETG CL + * 0042013B 5F POP EDI + * 0042013C 5E POP ESI + * 0042013D 898A FC000000 MOV DWORD PTR DS:[EDX+0xFC],ECX + * 00420143 C3 RETN + * 00420144 90 NOP + * + * Name retaddr: 415a2c + * + * 004159DD 90 NOP + * 004159DE 90 NOP + * 004159DF 90 NOP + * 004159E0 81EC 00080000 SUB ESP,0x800 + * 004159E6 53 PUSH EBX + * 004159E7 56 PUSH ESI + * 004159E8 57 PUSH EDI + * 004159E9 6A 6C PUSH 0x6C + * 004159EB FF15 40D45800 CALL DWORD PTR DS:[0x58D440] ; msvcrt.malloc + * 004159F1 8BD8 MOV EBX,EAX + * 004159F3 83C4 04 ADD ESP,0x4 + * 004159F6 85DB TEST EBX,EBX + * 004159F8 0F84 D1000000 JE .00415ACF + * 004159FE 8BB424 10080000 MOV ESI,DWORD PTR SS:[ESP+0x810] + * 00415A05 33C0 XOR EAX,EAX + * 00415A07 B9 1B000000 MOV ECX,0x1B + * 00415A0C 8BFB MOV EDI,EBX + * 00415A0E F3:AB REP STOS DWORD PTR ES:[EDI] + * 00415A10 8B06 MOV EAX,DWORD PTR DS:[ESI] + * 00415A12 68 003B4100 PUSH .00413B00 + * 00415A17 50 PUSH EAX + * 00415A18 8D4C24 14 LEA ECX,DWORD PTR SS:[ESP+0x14] + * 00415A1C 51 PUSH ECX + * 00415A1D E8 5EAB1300 CALL .00550580 + * 00415A22 8D5424 18 LEA EDX,DWORD PTR SS:[ESP+0x18] + * 00415A26 52 PUSH EDX + * 00415A27 E8 F4A91300 CALL .00550420 + * 00415A2C 8903 MOV DWORD PTR DS:[EBX],EAX ; jichi: name caller + * 00415A2E 8B46 04 MOV EAX,DWORD PTR DS:[ESI+0x4] + * 00415A31 68 003B4100 PUSH .00413B00 + * 00415A36 50 PUSH EAX + * 00415A37 8D4C24 24 LEA ECX,DWORD PTR SS:[ESP+0x24] + * 00415A3B 51 PUSH ECX + * 00415A3C E8 3FAB1300 CALL .00550580 + * 00415A41 8D5424 28 LEA EDX,DWORD PTR SS:[ESP+0x28] + * 00415A45 52 PUSH EDX + * 00415A46 E8 D5A91300 CALL .00550420 + * 00415A4B 8943 04 MOV DWORD PTR DS:[EBX+0x4],EAX + * 00415A4E 8B46 08 MOV EAX,DWORD PTR DS:[ESI+0x8] + * 00415A51 83C4 20 ADD ESP,0x20 + * 00415A54 85C0 TEST EAX,EAX + * 00415A56 75 05 JNZ SHORT .00415A5D + * 00415A58 B8 6C285E00 MOV EAX,.005E286C + * 00415A5D 50 PUSH EAX + * 00415A5E E8 DD691300 CALL .0054C440 + * 00415A63 8943 08 MOV DWORD PTR DS:[EBX+0x8],EAX + * 00415A66 8B46 0C MOV EAX,DWORD PTR DS:[ESI+0xC] + * 00415A69 83C4 04 ADD ESP,0x4 + * 00415A6C 85C0 TEST EAX,EAX + * 00415A6E 75 05 JNZ SHORT .00415A75 + * 00415A70 B8 6C285E00 MOV EAX,.005E286C + * 00415A75 50 PUSH EAX + * 00415A76 E8 C5691300 CALL .0054C440 + * 00415A7B 8943 0C MOV DWORD PTR DS:[EBX+0xC],EAX + * 00415A7E 8B46 60 MOV EAX,DWORD PTR DS:[ESI+0x60] + * 00415A81 8943 60 MOV DWORD PTR DS:[EBX+0x60],EAX + * 00415A84 8B4E 64 MOV ECX,DWORD PTR DS:[ESI+0x64] + * 00415A87 894B 64 MOV DWORD PTR DS:[EBX+0x64],ECX + * 00415A8A 8B56 68 MOV EDX,DWORD PTR DS:[ESI+0x68] + * 00415A8D 8D7E 10 LEA EDI,DWORD PTR DS:[ESI+0x10] + * 00415A90 83C4 04 ADD ESP,0x4 + * 00415A93 85FF TEST EDI,EDI + * 00415A95 8953 68 MOV DWORD PTR DS:[EBX+0x68],EDX + * 00415A98 74 35 JE SHORT .00415ACF + * 00415A9A 55 PUSH EBP + * 00415A9B 8BEB MOV EBP,EBX + * 00415A9D 2BEE SUB EBP,ESI + * 00415A9F BE 14000000 MOV ESI,0x14 + * 00415AA4 8B07 MOV EAX,DWORD PTR DS:[EDI] + * 00415AA6 66:8338 00 CMP WORD PTR DS:[EAX],0x0 + * 00415AAA 75 04 JNZ SHORT .00415AB0 + * 00415AAC 33C0 XOR EAX,EAX + * 00415AAE EB 09 JMP SHORT .00415AB9 + * 00415AB0 50 PUSH EAX + * 00415AB1 E8 8A691300 CALL .0054C440 + * 00415AB6 83C4 04 ADD ESP,0x4 + * 00415AB9 89042F MOV DWORD PTR DS:[EDI+EBP],EAX + * 00415ABC 83C7 04 ADD EDI,0x4 + * 00415ABF 4E DEC ESI + * 00415AC0 ^75 E2 JNZ SHORT .00415AA4 + * 00415AC2 5D POP EBP + * 00415AC3 5F POP EDI + * 00415AC4 5E POP ESI + * 00415AC5 8BC3 MOV EAX,EBX + * 00415AC7 5B POP EBX + * 00415AC8 81C4 00080000 ADD ESP,0x800 + * 00415ACE C3 RETN + * 00415ACF 5F POP EDI + * 00415AD0 5E POP ESI + * 00415AD1 8BC3 MOV EAX,EBX + * 00415AD3 5B POP EBX + * 00415AD4 81C4 00080000 ADD ESP,0x800 + * 00415ADA C3 RETN + * 00415ADB 90 NOP + * 00415ADC 90 NOP + * 00415ADD 90 NOP + * 00415ADE 90 NOP + */ + + + + size_t parseTextSize(LPCWSTR text) + { + size_t count = 0; + bool skipNull = false; + for (; *text || skipNull; text++, count++) + if (text[0] == 0) + skipNull = false; + else if (text[0] == 0x7) + switch (text[1]) { + case 0x1: // ruby + skipNull = true; + break; + case 0x8: // voice + return count; + case 0x6: // pause + return count + 2; + } + return count; + } + + size_t rtrim(LPCWSTR text, size_t size) + { + while (size && (text[size - 1] <= 32 || text[size - 1] == 0x3000)) // trim trailing non-printable characters + size--; + return size; + } + + std::string parseTextData(LPCWSTR text) + { + std::string ret; + if (!wcschr(text, 0x7)) { + ret=std::string((LPCSTR)text, ::wcslen(text) * sizeof(wchar_t)); + return ret; + } + for (; *text; text++) { + if (text[0] == 0x7) + switch (text[1]) { + case 0x1: // ruby + if (LPCWSTR p = ::wcschr(text + 2, 0xa)) { + ret.append(LPCSTR(text + 2), (p - text - 2) * sizeof(wchar_t)); + text = p + ::wcslen(p); // text now point to zero + continue; + } // mismatched ruby that should never happen + return std::string(); + case 0x8: // voice + return ret; + case 0x6: // pause + ret.append((LPCSTR)text, 2 * sizeof(wchar_t)); + return ret; + } + ret.append((LPCSTR)text, sizeof(wchar_t)); + } + return ret; + } +#define MALIE_0 L"[0]" // represent \0 + void filterTextData(std::string &text) + { + // remove short pause + static std::string shortPause((LPCSTR)L"\x07\x04", 2 * sizeof(wchar_t)); + //text.replace(shortPause, ""); // there is no remove method in std::string + strReplace(text, shortPause, ""); + } + // I need a cache retainer here to make sure same text result in same result + void hookafter(hook_stack*s,void* data1, size_t len) + { + static std::string data_; + static std::unordered_set hashes_; + auto text = (LPCWSTR)s->stack[1]; + if (!text || !*text + || !(text[0] == 0x7 && text[1] == 0x8) && all_ascii(text) ) + return ; + std::string data; + bool update = false; + + for (size_t size; *text; text += size) { + if (text[0] == 0x7 && text[1] == 0x8) { // voiced + size_t len = ::wcslen(text); + data.append((LPCSTR)text, (len + 1) * sizeof(wchar_t)); + text += len + 1; + } + + size = parseTextSize(text); + std::string oldData = parseTextData(text); + filterTextData(oldData); + if (oldData.empty()) // this should never happen + return ; + + auto oldTextAddress = (LPCWSTR)oldData.c_str(); + size_t oldTextSize = oldData.size() / sizeof(wchar_t), + trimmedSize = rtrim(oldTextAddress, oldTextSize); + if (trimmedSize == 0 || all_ascii(oldTextAddress, trimmedSize)) + data.append(oldData); + else { + std::wstring oldText = std::wstring(oldTextAddress, trimmedSize), + newText = std::wstring((LPWSTR)data1,len/2) ; + if (newText.empty() || newText == oldText) + data.append(oldData); + else { + update = true; + data.append((LPCSTR)newText.c_str(), newText.size() * sizeof(wchar_t)); + if (trimmedSize != oldTextSize) + data.append(LPCSTR(oldTextAddress + trimmedSize), (oldTextSize - trimmedSize) * sizeof(wchar_t)); + } + } + } + if (update) { + { + static const std::string zero_bytes(sizeof(wchar_t), '\0'), + zero_repr((LPCSTR)MALIE_0, sizeof(MALIE_0) - sizeof(wchar_t)); // - \0's size + //data.replace(zero_repr, zero_bytes); + strReplace(data, zero_repr, zero_bytes); + } + + // make sure there are 5 zeros at the end + data.push_back(0); data.push_back(0); data.push_back(0); data.push_back(0); data.push_back(0); + data_ = data; + text = (LPCWSTR)data_.c_str(); + + s->stack[1] = (ULONG)text; + } + } + bool hookBefore(hook_stack*s,void* data1, size_t* len,uintptr_t*role) + { + + static std::string data_; + static std::unordered_set hashes_; + auto text = (LPCWSTR)s->stack[1]; + if (!text || !*text + || !(text[0] == 0x7 && text[1] == 0x8) && all_ascii(text) ) + return false; + + //if (::wcsstr(text, L"\x30DC\x30BF\x30F3")) // ボタン + // return true; + //if (::wcsstr(text, L"\x30A4\x30E1\x30FC")) // イメージ + // return true; + + // Scenario caller: + // 004637BA E8 21031F00 CALL malie.00653AE0 ; jichi: scenario caller + // 004637BF 8B4E 1C MOV ECX,DWORD PTR DS:[ESI+0x1C] + // 004637C2 57 PUSH EDI + // + // 0046314A E8 41831D00 CALL .0063B490 + // 0046314F 8B4E 20 MOV ECX,DWORD PTR DS:[ESI+0x20] ; jichi: scenario retaddr + // 00463152 57 PUSH EDI + // + // (balloon-like) + // 0042011F 8B56 20 MOV EDX,DWORD PTR DS:[ESI+0x20] ; jichi: scenario caller + // 00420122 57 PUSH EDI + // + // Name caller: + // 00463829 E8 B2021F00 CALL malie.00653AE0 ; jichi: name + // 0046382E 8B56 1C MOV EDX,DWORD PTR DS:[ESI+0x1C] + // 00463831 83C4 14 ADD ESP,0x14 + // + // (balloon-like) + // 00415A2C 8903 MOV DWORD PTR DS:[EBX],EAX ; jichi: name caller + // 00415A2E 8B46 04 MOV EAX,DWORD PTR DS:[ESI+0x4] + // 00415A31 68 003B4100 PUSH .00413B00 + * role = Engine::OtherRole; + auto retaddr = s->stack[0]; + switch (*(DWORD *)retaddr & 0xff0000ff) { + case 0x5700008b: *role = Engine::ScenarioRole; break; + case 0x8300008b: + case 0x46000089: *role = Engine::NameRole; break; + } + //auto sig = Engine::hashThreadSignature(role, retaddr); // this is not needed as the retaddr is used as split + auto sig = retaddr; + + std::string data; + bool update = false; + + for (size_t size; *text; text += size) { + if (text[0] == 0x7 && text[1] == 0x8) { // voiced + size_t len = ::wcslen(text); + data.append((LPCSTR)text, (len + 1) * sizeof(wchar_t)); + text += len + 1; + } + + size = parseTextSize(text); + std::string oldData = parseTextData(text); + filterTextData(oldData); + if (oldData.empty()) // this should never happen + return false; + + auto oldTextAddress = (LPCWSTR)oldData.c_str(); + size_t oldTextSize = oldData.size() / sizeof(wchar_t), + trimmedSize = rtrim(oldTextAddress, oldTextSize); + if (trimmedSize == 0 || all_ascii(oldTextAddress, trimmedSize)) + data.append(oldData); + else { + std::wstring oldText = std::wstring(oldTextAddress, trimmedSize); + wcscpy((LPWSTR)data1,oldText.c_str()); + *len=oldText.size()*2; + update=true; + } + } + + return update; + } +} // namespace Private + +/** + * Sample game: シルヴァリオ ヴェンデッタ + * + * Text in arg1. + * Function found by debugging the text being accessed. + * It is the same as one of the parent call of Malie2. + * + * The target text arg1 is on this function's caller's stack. + * + * 00653ADC 90 NOP + * 00653ADD 90 NOP + * 00653ADE 90 NOP + * 00653ADF 90 NOP + * 00653AE0 56 PUSH ESI + * 00653AE1 8B7424 08 MOV ESI,DWORD PTR SS:[ESP+0x8] + * 00653AE5 33C0 XOR EAX,EAX + * 00653AE7 85F6 TEST ESI,ESI + * 00653AE9 74 47 JE SHORT malie.00653B32 + * 00653AEB 53 PUSH EBX + * 00653AEC 57 PUSH EDI + * 00653AED 68 00C47F00 PUSH malie.007FC400 + * 00653AF2 FF15 F8206900 CALL DWORD PTR DS:[<&KERNEL32.EnterCriti>; ntdll.RtlEnterCriticalSection + * 00653AF8 56 PUSH ESI + * 00653AF9 E8 C2E4FFFF CALL malie.00651FC0 + * 00653AFE 8D78 02 LEA EDI,DWORD PTR DS:[EAX+0x2] + * 00653B01 57 PUSH EDI + * 00653B02 FF15 20256900 CALL DWORD PTR DS:[<&MSVCRT.malloc>] ; msvcrt.malloc + * 00653B08 8BD8 MOV EBX,EAX + * 00653B0A 83C4 08 ADD ESP,0x8 + * 00653B0D 85DB TEST EBX,EBX + * 00653B0F 74 12 JE SHORT malie.00653B23 + * 00653B11 8BCF MOV ECX,EDI + * 00653B13 8BFB MOV EDI,EBX + * 00653B15 8BC1 MOV EAX,ECX + * 00653B17 C1E9 02 SHR ECX,0x2 + * 00653B1A F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI] + * 00653B1C 8BC8 MOV ECX,EAX + * 00653B1E 83E1 03 AND ECX,0x3 + * 00653B21 F3:A4 REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[ESI] + * 00653B23 68 00C47F00 PUSH malie.007FC400 + * 00653B28 FF15 44226900 CALL DWORD PTR DS:[<&KERNEL32.LeaveCriti>; ntdll.RtlLeaveCriticalSection + * 00653B2E 8BC3 MOV EAX,EBX + * 00653B30 5F POP EDI + * 00653B31 5B POP EBX + * 00653B32 5E POP ESI + * 00653B33 C3 RETN + * 00653B34 90 NOP + * 00653B35 90 NOP + * 00653B36 90 NOP + * 00653B37 90 NOP + * 00653B38 90 NOP + * + * Malie2's pattern: 4089560833d2894604 + * + * const BYTE bytes1[] = { + * 0x40, // inc eax + * 0x89,0x56, 0x08, // mov dword ptr ds:[esi+0x8],edx + * 0x33,0xd2, // xor edx,edx + * 0x89,0x46, 0x04 // mov dword ptr ds:[esi+0x4],eax + * }; + * + * Malie2 not used as it produces too many garbage + * + * Malie2's call stack: + * + * 026DF0D8 026DF0E0 + * 026DF0DC 026DF184 ; jichi: source text + * 026DF0E0 026DF184 + * 026DF0E4 00000000 + * 026DF0E8 000000B8 + * 026DF0EC 0627DFE8 + * 026DF0F0 016F0000 + * 026DF0F4 0627DFE0 + * 026DF0F8 0180B5E0 + * 026DF0FC 00000001 + * 026DF100 0180B8F0 ASCII ""=VH" + * 026DF104 /026DF11C + * 026DF108 |77492CE8 RETURN to ntdll.77492CE8 from ntdll.77492D0B + * 026DF10C |0180B8F8 + * 026DF110 |FFFFFFFF + * 026DF114 |04A9103C + * 026DF118 |0180B8F0 ASCII ""=VH" + * 026DF11C \026DF168 + * 026DF120 771B98CD RETURN to msvcrt.771B98CD from ntdll.RtlFreeHeap + * 026DF124 018B0000 + * 026DF128 00000000 + * 026DF12C 00000006 + * 026DF130 FFFFFFFF + * 026DF134 FFFFFFFF + * 026DF138 00000000 + * 026DF13C 026DF184 ; jichi: text + * 026DF140 0000000C + * 026DF144 062671D8 + * 026DF148 00000000 + * 026DF14C /026DFA08 + * 026DF150 |00653AFE RETURN to malie.00653AFE from malie.00651FC0 + * 026DF154 |026DF184 ; jichi: text + * 026DF158 |007272A8 malie.007272A8 + * 026DF15C |04A9103C + * 026DF160 |0183DFE8 + * 026DF164 |004637BF RETURN to malie.004637BF from malie.00653AE0 + * 026DF168 |026DF184 ; jichi: text, two continous scenario text + * 026DF16C |026DF184 ; jichi: text + * 026DF170 |007272A8 malie.007272A8 + * 026DF174 |00416CC0 malie.00416CC0 + * 026DF178 |0180B8F8 + * 026DF17C |FFFFFFFF + * 026DF180 |0183DFE8 + * 026DF184 |00080007 + * 026DF188 |005F0076 malie.005F0076 + * 026DF18C |0065007A malie.0065007A + * 026DF190 |00300070 + * 026DF194 |00300030 + * + * Sample game: 相州戦神館學園 八命陣 (older game without critical sections) + * 0063B48D 90 NOP + * 0063B48E 90 NOP + * 0063B48F 90 NOP + * 0063B490 56 PUSH ESI + * 0063B491 8B7424 08 MOV ESI,DWORD PTR SS:[ESP+0x8] + * 0063B495 33C0 XOR EAX,EAX + * 0063B497 57 PUSH EDI + * 0063B498 85F6 TEST ESI,ESI + * 0063B49A 74 29 JE SHORT .0063B4C5 + * 0063B49C 56 PUSH ESI + * 0063B49D E8 FEE4FFFF CALL .006399A0 + * 0063B4A2 8D78 02 LEA EDI,DWORD PTR DS:[EAX+0x2] + * 0063B4A5 57 PUSH EDI + * 0063B4A6 FF15 94946700 CALL DWORD PTR DS:[0x679494] ; msvcrt.malloc + * 0063B4AC 83C4 08 ADD ESP,0x8 + * 0063B4AF 85C0 TEST EAX,EAX + * 0063B4B1 74 12 JE SHORT .0063B4C5 + * 0063B4B3 8BCF MOV ECX,EDI + * 0063B4B5 8BF8 MOV EDI,EAX + * 0063B4B7 8BD1 MOV EDX,ECX + * 0063B4B9 C1E9 02 SHR ECX,0x2 + * 0063B4BC F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI] + * 0063B4BE 8BCA MOV ECX,EDX + * 0063B4C0 83E1 03 AND ECX,0x3 + * 0063B4C3 F3:A4 REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[ESI] + * 0063B4C5 5F POP EDI + * 0063B4C6 5E POP ESI + * 0063B4C7 C3 RETN + * 0063B4C8 90 NOP + * 0063B4C9 90 NOP + * 0063B4CA 90 NOP + * 0063B4CB 90 NOP + * + * Sample game: 神咒神威神楽WEB体験版 + * FIXME: Texts get disappeared + * 00517A8D 90 NOP + * 00517A8E 90 NOP + * 00517A8F 90 NOP + * 00517A90 56 PUSH ESI + * 00517A91 8B7424 08 MOV ESI,DWORD PTR SS:[ESP+0x8] + * 00517A95 57 PUSH EDI + * 00517A96 56 PUSH ESI + * 00517A97 E8 64E5FFFF CALL .00516000 + * 00517A9C 8D78 02 LEA EDI,DWORD PTR DS:[EAX+0x2] + * 00517A9F 57 PUSH EDI + * 00517AA0 FF15 40745500 CALL DWORD PTR DS:[0x557440] ; msvcrt.malloc + * 00517AA6 83C4 08 ADD ESP,0x8 + * 00517AA9 85C0 TEST EAX,EAX + * 00517AAB 74 12 JE SHORT .00517ABF + * 00517AAD 8BCF MOV ECX,EDI + * 00517AAF 8BF8 MOV EDI,EAX + * 00517AB1 8BD1 MOV EDX,ECX + * 00517AB3 C1E9 02 SHR ECX,0x2 + * 00517AB6 F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS> + * 00517AB8 8BCA MOV ECX,EDX + * 00517ABA 83E1 03 AND ECX,0x3 + * 00517ABD F3:A4 REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[> + * 00517ABF 5F POP EDI + * 00517AC0 5E POP ESI + * 00517AC1 C3 RETN + * 00517AC2 90 NOP + * 00517AC3 90 NOP + * 00517AC4 90 NOP + */ +bool attach(ULONG startAddress, ULONG stopAddress) +{ + const uint8_t bytes[] = { + //FF15 20256900 // 00653B02 FF15 20256900 CALL DWORD PTR DS:[<&MSVCRT.malloc>] ; msvcrt.malloc + //8BD8 // 00653B08 8BD8 MOV EBX,EAX + 0x83,0xC4, 0x08, // 00653B0A 83C4 08 ADD ESP,0x8 + 0x85,XX, // 00653B0D 85DB TEST EBX,EBX + 0x74, 0x12, // 00653B0F 74 12 JE SHORT malie.00653B23 + 0x8B,XX, // 00653B11 8BCF MOV ECX,EDI + 0x8B,XX, // 00653B13 8BFB MOV EDI,EBX + 0x8B,XX, // 00653B15 8BC1 MOV EAX,ECX + 0xC1,0xE9, 0x02, // 00653B17 C1E9 02 SHR ECX,0x2 + 0xF3,0xA5, // 00653B1A F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI] + 0x8B,XX, // 00653B1C 8BC8 MOV ECX,EAX + 0x83,0xE1, 0x03, // 00653B1E 83E1 03 AND ECX,0x3 + 0xF3,0xA4 // 00653B21 F3:A4 REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[ESI] + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + //DOUT(addr); + if (!addr) + return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) + return false; + //addr = 0x00653AE0; // the actual hooked grant parent call function, text in arg1 + + // Sample game: シルヴァリオ ヴェンデッタ + // If there are untranslated function, hook to the following location and debug the function stack to find text address + //addr = 0x006519B0; // the callee function, text in arg2, function called by two functions, including the callee. Hooking to this function causing history to crash + //return winhook::hook_before(addr, Private::hookBefore); + HookParam hp; + hp.address=addr; + hp.hook_before=Private::hookBefore; + hp.hook_after=Private::hookafter; + hp.type=CODEC_UTF16|EMBED_ABLE; + return NewHook(hp,"EmbedMalie"); +} +} // namespace ScenarioHook + +namespace Patch { +namespace Private { + bool hookBefore(hook_stack*s,void* data1, size_t* len,uintptr_t*role) + { + static std::wstring fontFace_; + auto fontFamily=std::wstring(embedsharedmem->fontFamily); + + if (!fontFamily.empty()) { + if (fontFace_ != fontFamily) + fontFace_ = fontFamily; + s->stack[1] = (ULONG)fontFace_.c_str(); + //::memcpy((LPVOID)s->stack[2], fontFace_.utf16(), fontFace_.size() * sizeof(wchar_t)); + } + return false; + } +} // namespace Private + +/** + * Sample game: シルヴァリオ ヴェンデッタ + * Force changing font face, otherwise CreateFontIndirectW won't be invoked. + * + * Default font is TelopMinPro. + * + * There are two fonts that are needed to be changed for Malie engine. + * - Text font: can be changed in registry as "FontFace" + * - UI font: canb be changed in malie.ini using SystemFont + * Example: + * + * ;フォント種類指定 + * ;SystemFont=SimSun + * ;FONT01=SimSun + * SystemFont=TelopMinPro + * FONT01=TelopMinPro + * + * This function is found by debugging CreateFontIndirectW. + * Font face in both arg1 and arg2. + * + * 0043A82C 90 NOP + * 0043A82D 90 NOP + * 0043A82E 90 NOP + * 0043A82F 90 NOP + * 0043A830 53 PUSH EBX + * 0043A831 55 PUSH EBP + * 0043A832 56 PUSH ESI + * 0043A833 57 PUSH EDI + * 0043A834 E8 C7FFFFFF CALL malie.0043A800 + * 0043A839 8BF8 MOV EDI,EAX + * 0043A83B 33F6 XOR ESI,ESI + * 0043A83D 85FF TEST EDI,EDI + * 0043A83F 7E 20 JLE SHORT malie.0043A861 + * 0043A841 8B5C24 14 MOV EBX,DWORD PTR SS:[ESP+0x14] + * 0043A845 8B2D 14256900 MOV EBP,DWORD PTR DS:[<&MSVCRT._wcsicmp>>; msvcrt._wcsicmp + * 0043A84B 56 /PUSH ESI + * 0043A84C E8 6FFFFFFF |CALL malie.0043A7C0 + * 0043A851 50 |PUSH EAX + * 0043A852 53 |PUSH EBX + * 0043A853 FFD5 |CALL EBP + * 0043A855 83C4 0C |ADD ESP,0xC + * 0043A858 85C0 |TEST EAX,EAX + * 0043A85A 74 0D |JE SHORT malie.0043A869 + * 0043A85C 46 |INC ESI + * 0043A85D 3BF7 |CMP ESI,EDI + * 0043A85F ^7C EA \JL SHORT malie.0043A84B + * 0043A861 5F POP EDI + * 0043A862 5E POP ESI + * 0043A863 5D POP EBP + * 0043A864 83C8 FF OR EAX,0xFFFFFFFF + * 0043A867 5B POP EBX + * 0043A868 C3 RETN + * 0043A869 5F POP EDI + * 0043A86A 8BC6 MOV EAX,ESI + * 0043A86C 5E POP ESI + * 0043A86D 5D POP EBP + * 0043A86E 5B POP EBX + * 0043A86F C3 RETN + * 0043A870 8B4424 04 MOV EAX,DWORD PTR SS:[ESP+0x4] + * 0043A874 83F8 FF CMP EAX,-0x1 + * 0043A877 75 05 JNZ SHORT malie.0043A87E + * 0043A879 E8 92FFFFFF CALL malie.0043A810 + * 0043A87E 50 PUSH EAX + * 0043A87F E8 3CFFFFFF CALL malie.0043A7C0 + * 0043A884 33C9 XOR ECX,ECX + * 0043A886 83C4 04 ADD ESP,0x4 + * 0043A889 66:8338 40 CMP WORD PTR DS:[EAX],0x40 + * 0043A88D 0F94C1 SETE CL + * 0043A890 8BC1 MOV EAX,ECX + * 0043A892 C3 RETN + * 0043A893 90 NOP + * 0043A894 90 NOP + * 0043A895 90 NOP + * 0043A896 90 NOP + * 0043A897 90 NOP + * 0043A898 90 NOP + * + * 0278F138 0043AB90 RETURN to malie.0043AB90 from malie.0043A830 + * 0278F13C 0278F154 UNICODE "telopminpro" + * 0278F140 0278F154 UNICODE "telopminpro" + * 0278F144 006D2AE8 UNICODE "%s" + * 0278F148 0192C990 UNICODE "telopminpro" + * 0278F14C 00000000 + * 0278F150 0A33AAE0 + * 0278F154 00650074 malie.00650074 + * 0278F158 006F006C malie.006F006C + * 0278F15C 006D0070 ASCII "Context" + * 0278F160 006E0069 malie.006E0069 + * 0278F164 00720070 malie.00720070 + * 0278F168 0000006F + * 0278F16C 3F088850 + * 0278F170 00000000 + * 0278F174 00000000 + * + */ +bool attachFont(ULONG startAddress, ULONG stopAddress) +{ + const uint8_t bytes[] = { + 0x50, // 0043A851 50 |PUSH EAX + 0x53, // 0043A852 53 |PUSH EBX + 0xFF,0xD5, // 0043A853 FFD5 |CALL EBP + 0x83,0xC4, 0x0C, // 0043A855 83C4 0C |ADD ESP,0xC + 0x85,0xC0, // 0043A858 85C0 |TEST EAX,EAX + 0x74, 0x0D, // 0043A85A 74 0D |JE SHORT malie.0043A869 + 0x46, // 0043A85C 46 |INC ESI + 0x3B,0xF7 // 0043A85D 3BF7 |CMP ESI,EDI + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if (!addr) + return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) + return false; + HookParam hp; + hp.address=addr; + hp.type=EMBED_ABLE|HOOK_EMPTY; + hp.hook_before= Private::hookBefore; + return NewHook(hp,"PatchMalieFont"); +} +} // namespace Patch +} // unnamed namespace + +namespace{ + //Dies irae ~Acta est Fabula~ HD + //Dies irae ~Interview with Kaziklu Bey~ + + std::wstring readString(DWORD address) { + std::wstring s = L""; + uint16_t c; + //console.log(hexdump(address)) + while ((c = *(uint16_t*)address) != 0) { + // utf-16 characters + if (c >= 0x20) { + s += (wchar_t)c;// String.fromCharCode(c); + address = address+2;//.add(2); + } + else { + // start command + if (c == 0x7) { + address = address+2;//.add(2); + //let cmd = address.readU16(); + auto cmd=*(uint16_t*)address; + address = address+2;//.add(2); // skip cmd + // voice id --> skip + if (cmd == 0x8) { + while ((c = *(uint16_t*)address) != 0) { + address = address+2;//.add(2); + } + address = address+2;//.add(2); + } + // end line --> return string + if (cmd == 0x6) { + return s; + } + // ruby + if (cmd == 0x1) { + while ((c = *(uint16_t*)address) != 0) { + // when we reach 0xa we have the kanji part + if (c == 0xa) { + address = address+2;//.add(2); + //let rubi = ''; + while ((c = *(uint16_t*)address) != 0) { + // rubi += String.fromCharCode(c); + address = address+2;//.add(2); + } + //console.log('rubi: ' + rubi); + break; + } + else { + s += (wchar_t)c;// String.fromCharCode(c); + address = address+2;//.add(2); + } + } + address = address+2;//.add(2); + } + } + else { + address = address+2;//.add(2); + } + } + } + return {}; + } + void textfun_light(hook_stack* stack, HookParam*, uintptr_t* data, uintptr_t* split, size_t* len){ + DWORD eax = stack->eax; + DWORD ecx=*(DWORD*)eax; + DWORD edx = stack->edx ; + auto str = readString(ecx+edx*2); + static std::wstring _ws; + if(_ws==str)return; + _ws=str; + auto _s=new wchar_t[str.size()+1]; + wcscpy(_s,str.c_str()); + *data=(DWORD)_s; + *len=str.size()*2; + *split=0; + } + bool malie_light(){ + BYTE pattern[]={ + 0x8b,0x08,//往前两个字节,否则jump到下个指令(被hook截断)会崩溃 + 0x0f,XX,XX,XX,0x89,XX,XX,0x8d,XX,XX,0x89,XX,XX,0x8d,XX,XX,0x00,0x00,0x00,0x00 + }; + ULONG addr = MemDbg::findBytes(pattern, sizeof(pattern), processStartAddress, processStopAddress); + if (!addr) + return false; + HookParam hp{}; + hp.address=addr; + hp.text_fun=textfun_light; + hp.type=CODEC_UTF16|USING_STRING|NO_CONTEXT; + return NewHook(hp,"malie_6"); + + } + +} + +bool Malie::attach_function() { + bool embed=ScenarioHook::attach(processStartAddress,processStopAddress); + // if(embed)Patch::attachFont(processStartAddress,processStopAddress); 导致闪退,放弃 + auto b1= InsertMalieHook()||embed; + b1=malie_light()||b1; + return b1; +} \ No newline at end of file diff --git a/LunaHook/engine32/Malie.h b/LunaHook/engine32/Malie.h new file mode 100644 index 0000000..0168fbf --- /dev/null +++ b/LunaHook/engine32/Malie.h @@ -0,0 +1,11 @@ +#include"engine.h" + +class Malie:public ENGINE{ + public: + Malie(){ + + check_by=CHECK_BY::FILE_ANY; + check_by_target=check_by_list{L"Malie.ini",L"Malie.exe"}; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/MarineHeart.cpp b/LunaHook/engine32/MarineHeart.cpp new file mode 100644 index 0000000..b19e633 --- /dev/null +++ b/LunaHook/engine32/MarineHeart.cpp @@ -0,0 +1,127 @@ +#include"MarineHeart.h" + + +/** + * jichi 4/19/2014: Marine Heart + * See: http://blgames.proboards.com/post/1984 + * http://www.yaoiotaku.com/forums/threads/11440-huge-bl-game-torrent + * + * Issue: The extracted text someitems has limited repetition + * TODO: It might be better to use FindCallAndEntryAbs for gdi32.CreateFontA? + * See how FindCallAndEntryAbs is used in Majiro. + * + * 妖恋愛奭�神サマ�堕し方/HS4*0@40D160 + * - addr: 4247904 = 0x40d160 + * - off: 4 + * - type: 9 + * + * Function starts + * 0040d160 /$ 55 push ebp ; jichi: hook here + * 0040d161 |. 8bec mov ebp,esp + * 0040d163 |. 83c4 90 add esp,-0x70 + * 0040d166 |. 33c0 xor eax,eax + * 0040d168 |. 53 push ebx + * 0040d169 |. 56 push esi + * 0040d16a |. 57 push edi + * 0040d16b |. 8b75 08 mov esi,dword ptr ss:[ebp+0x8] + * 0040d16e |. c745 cc 281e4800 mov dword ptr ss:[ebp-0x34],saisys.00481> + * 0040d175 |. 8965 d0 mov dword ptr ss:[ebp-0x30],esp + * 0040d178 |. c745 c8 d0d14700 mov dword ptr ss:[ebp-0x38], + * 0040d17f |. 66:c745 d4 0000 mov word ptr ss:[ebp-0x2c],0x0 + * 0040d185 |. 8945 e0 mov dword ptr ss:[ebp-0x20],eax + * 0040d188 |. 64:8b15 00000000 mov edx,dword ptr fs:[0] + * 0040d18f |. 8955 c4 mov dword ptr ss:[ebp-0x3c],edx + * 0040d192 |. 8d4d c4 lea ecx,dword ptr ss:[ebp-0x3c] + * 0040d195 |. 64:890d 00000000 mov dword ptr fs:[0],ecx + * 0040d19c |. 8b05 741c4800 mov eax,dword ptr ds:[0x481c74] + * 0040d1a2 |. 8945 bc mov dword ptr ss:[ebp-0x44],eax + * 0040d1a5 |. 8b05 781c4800 mov eax,dword ptr ds:[0x481c78] + * 0040d1ab |. 8945 c0 mov dword ptr ss:[ebp-0x40],eax + * 0040d1ae |. 8d46 24 lea eax,dword ptr ds:[esi+0x24] + * 0040d1b1 |. 8b56 14 mov edx,dword ptr ds:[esi+0x14] + * 0040d1b4 |. 8955 bc mov dword ptr ss:[ebp-0x44],edx + * 0040d1b7 |. 8b10 mov edx,dword ptr ds:[eax] + * 0040d1b9 |. 85d2 test edx,edx + * 0040d1bb |. 74 04 je short saisys.0040d1c1 + * 0040d1bd |. 8b08 mov ecx,dword ptr ds:[eax] + * 0040d1bf |. eb 05 jmp short saisys.0040d1c6 + * 0040d1c1 |> b9 9b1c4800 mov ecx,saisys.00481c9b + * 0040d1c6 |> 51 push ecx ; /facename + * 0040d1c7 |. 6a 01 push 0x1 ; |pitchandfamily = fixed_pitch|ff_dontcare + * 0040d1c9 |. 6a 03 push 0x3 ; |quality = 3. + * 0040d1cb |. 6a 00 push 0x0 ; |clipprecision = clip_default_precis + * 0040d1cd |. 6a 00 push 0x0 ; |outputprecision = out_default_precis + * 0040d1cf |. 68 80000000 push 0x80 ; |charset = 128. + * 0040d1d4 |. 6a 00 push 0x0 ; |strikeout = false + * 0040d1d6 |. 6a 00 push 0x0 ; |underline = false + * 0040d1d8 |. 6a 00 push 0x0 ; |italic = false + * 0040d1da |. 68 90010000 push 0x190 ; |weight = fw_normal + * 0040d1df |. 6a 00 push 0x0 ; |orientation = 0x0 + * 0040d1e1 |. 6a 00 push 0x0 ; |escapement = 0x0 + * 0040d1e3 |. 6a 00 push 0x0 ; |width = 0x0 + * 0040d1e5 |. 8b46 04 mov eax,dword ptr ds:[esi+0x4] ; | + * 0040d1e8 |. 50 push eax ; |height + * 0040d1e9 |. e8 00fa0600 call ; \createfonta + * 0040d1ee |. 8945 b8 mov dword ptr ss:[ebp-0x48],eax + * 0040d1f1 |. 8b55 b8 mov edx,dword ptr ss:[ebp-0x48] + * 0040d1f4 |. 85d2 test edx,edx + * 0040d1f6 |. 75 14 jnz short saisys.0040d20c + */ +bool InsertMarineHeartHook() +{ + // FIXME: Why this does not work?! + // jichi 6/3/2014: CreateFontA is only called once in this function + // 0040d160 /$ 55 push ebp ; jichi: hook here + // 0040d161 |. 8bec mov ebp,esp + //ULONG addr = Util::FindCallAndEntryAbs((DWORD)CreateFontA, processStopAddress - processStartAddress, processStartAddress, 0xec8b); + + const BYTE bytes[] = { + 0x51, // 0040d1c6 |> 51 push ecx ; /facename + 0x6a, 0x01, // 0040d1c7 |. 6a 01 push 0x1 ; |pitchandfamily = fixed_pitch|ff_dontcare + 0x6a, 0x03, // 0040d1c9 |. 6a 03 push 0x3 ; |quality = 3. + 0x6a, 0x00, // 0040d1cb |. 6a 00 push 0x0 ; |clipprecision = clip_default_precis + 0x6a, 0x00, // 0040d1cd |. 6a 00 push 0x0 ; |outputprecision = out_default_precis + 0x68, 0x80,0x00,0x00,0x00, // 0040d1cf |. 68 80000000 push 0x80 ; |charset = 128. + 0x6a, 0x00, // 0040d1d4 |. 6a 00 push 0x0 ; |strikeout = false + 0x6a, 0x00, // 0040d1d6 |. 6a 00 push 0x0 ; |underline = false + 0x6a, 0x00, // 0040d1d8 |. 6a 00 push 0x0 ; |italic = false + 0x68, 0x90,0x01,0x00,0x00, // 0040d1da |. 68 90010000 push 0x190 ; |weight = fw_normal + 0x6a, 0x00, // 0040d1df |. 6a 00 push 0x0 ; |orientation = 0x0 + 0x6a, 0x00, // 0040d1e1 |. 6a 00 push 0x0 ; |escapement = 0x0 + 0x6a, 0x00, // 0040d1e3 |. 6a 00 push 0x0 ; |width = 0x0 0x8b,0x46, 0x04, + 0x8b,0x46, 0x04, // 0040d1e5 |. 8b46 04 mov eax,dword ptr ds:[esi+0x4] ; | + 0x50, // 0040d1e8 |. 50 push eax ; |height + 0xe8//, 0x00,0xfa,0x06,0x00 // 0040d1e9 |. e8 00fa0600 call ; \createfonta + }; + enum { addr_offset = 0x0040d160 - 0x0040d1c6 }; // distance to the beginning of the function + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + //GROWL_DWORD(reladdr); + if (!addr) { + ConsoleOutput("MarineHeart: pattern not found"); + return false; + } + + addr += addr_offset; + //addr = 0x40d160; + //GROWL_DWORD(addr); + enum : BYTE { push_ebp = 0x55 }; // 011d4c80 /$ 55 push ebp + if (*(BYTE *)addr != push_ebp) { + ConsoleOutput("MarineHeart: pattern found but the function offset is invalid"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.type = USING_STRING|DATA_INDIRECT; // = 9 + + ConsoleOutput("INSERT MarineHeart"); + return NewHook(hp, "MarineHeart"); +} + + +bool MarineHeart::attach_function() { + + return InsertMarineHeartHook(); +} \ No newline at end of file diff --git a/LunaHook/engine32/MarineHeart.h b/LunaHook/engine32/MarineHeart.h new file mode 100644 index 0000000..7abb231 --- /dev/null +++ b/LunaHook/engine32/MarineHeart.h @@ -0,0 +1,14 @@ +#include"engine.h" + +class MarineHeart:public ENGINE{ + public: + MarineHeart(){ + + check_by=CHECK_BY::CUSTOM; + check_by_target=[](){ + return (wcsstr(processName, L"SAISYS") || Util::CheckFile(L"SaiSys.exe")); + + }; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Mink.cpp b/LunaHook/engine32/Mink.cpp new file mode 100644 index 0000000..a020f4a --- /dev/null +++ b/LunaHook/engine32/Mink.cpp @@ -0,0 +1,219 @@ +#include"Mink.h" +/** 12/23/2014 jichi: Mink games (not sure the engine name) + * Sample game: + * - [130111] [Mink EGO] お�ちも�にはぜったい言えなぁ�ぁ�つなこと�-- /HB-4*0:64@45164A + * - [141219] [Mink] しすた�・すきーむ3 + * + * Observations from sisters3: + * - GetGlyphOutlineA can get text, but it is cached. + * - It's caller's first argument is the correct text, but I failed to find where it is called + * - Debugging text in memory caused looping + * + * /HB-4*0:64@45164A + * - addr: 0x45164a + * - length_offset: 1 + * - split: 0x64 + * - off: 0xfffffff8 = -8 + * - type: 0x18 + * + * Observations from Onechan: + * - There are lots of threads + * - The one with -1 split value is correct, but not sure for all games + * - The result texts still contain garbage, but can be split using return values. + * + * 00451611 e9 ee000000 jmp .00451704 + * 00451616 8b45 0c mov eax,dword ptr ss:[ebp+0xc] + * 00451619 3bc3 cmp eax,ebx + * 0045161b 75 2b jnz short .00451648 + * 0045161d e8 a9340000 call .00454acb + * 00451622 53 push ebx + * 00451623 53 push ebx + * 00451624 53 push ebx + * 00451625 53 push ebx + * 00451626 53 push ebx + * 00451627 c700 16000000 mov dword ptr ds:[eax],0x16 + * 0045162d e8 16340000 call .00454a48 + * 00451632 83c4 14 add esp,0x14 + * 00451635 385d f4 cmp byte ptr ss:[ebp-0xc],bl + * 00451638 74 07 je short .00451641 + * 0045163a 8b45 f0 mov eax,dword ptr ss:[ebp-0x10] + * 0045163d 8360 70 fd and dword ptr ds:[eax+0x70],0xfffffffd + * 00451641 33c0 xor eax,eax + * 00451643 e9 bc000000 jmp .00451704 + * 00451648 3818 cmp byte ptr ds:[eax],bl + * 0045164a 75 14 jnz short .00451660 ; jichi: hook here + * 0045164c 385d f4 cmp byte ptr ss:[ebp-0xc],bl + * 0045164f 74 07 je short .00451658 + * 00451651 8b45 f0 mov eax,dword ptr ss:[ebp-0x10] + * 00451654 8360 70 fd and dword ptr ds:[eax+0x70],0xfffffffd + * 00451658 8b45 08 mov eax,dword ptr ss:[ebp+0x8] + * 0045165b e9 a4000000 jmp .00451704 + * 00451660 56 push esi + * 00451661 8b75 08 mov esi,dword ptr ss:[ebp+0x8] + * 00451664 3bf3 cmp esi,ebx + * 00451666 75 28 jnz short .00451690 + * 00451668 e8 5e340000 call .00454acb + * 0045166d 53 push ebx + * 0045166e 53 push ebx + * 0045166f 53 push ebx + * 00451670 53 push ebx + * 00451671 53 push ebx + * 00451672 c700 16000000 mov dword ptr ds:[eax],0x16 + * 00451678 e8 cb330000 call .00454a48 + * 0045167d 83c4 14 add esp,0x14 + * 00451680 385d f4 cmp byte ptr ss:[ebp-0xc],bl + * 00451683 74 07 je short .0045168c + * 00451685 8b45 f0 mov eax,dword ptr ss:[ebp-0x10] + * 00451688 8360 70 fd and dword ptr ds:[eax+0x70],0xfffffffd + * 0045168c 33c0 xor eax,eax + * 0045168e eb 73 jmp short .00451703 + * 00451690 57 push edi + * 00451691 50 push eax + * 00451692 8bfe mov edi,esi + * 00451694 e8 a7600000 call .00457740 + * 00451699 8975 f8 mov dword ptr ss:[ebp-0x8],esi + * 0045169c 2945 f8 sub dword ptr ss:[ebp-0x8],eax + * 0045169f 56 push esi + * 004516a0 e8 9b600000 call .00457740 + * 004516a5 0345 f8 add eax,dword ptr ss:[ebp-0x8] + * 004516a8 59 pop ecx + * 004516a9 59 pop ecx + * 004516aa 381e cmp byte ptr ds:[esi],bl + * 004516ac 74 46 je short .004516f4 + * 004516ae 2b75 0c sub esi,dword ptr ss:[ebp+0xc] + * 004516b1 3bf8 cmp edi,eax + * 004516b3 77 3f ja short .004516f4 + * 004516b5 8a17 mov dl,byte ptr ds:[edi] + * 004516b7 8b4d 0c mov ecx,dword ptr ss:[ebp+0xc] + * 004516ba 8855 ff mov byte ptr ss:[ebp-0x1],dl + * 004516bd 3ad3 cmp dl,bl + * 004516bf 74 11 je short .004516d2 + * 004516c1 8a11 mov dl,byte ptr ds:[ecx] + * 004516c3 3ad3 cmp dl,bl + * 004516c5 74 40 je short .00451707 + * 004516c7 38140e cmp byte ptr ds:[esi+ecx],dl + * 004516ca 75 06 jnz short .004516d2 + * 004516cc 41 inc ecx + * 004516cd 381c0e cmp byte ptr ds:[esi+ecx],bl + * 004516d0 ^75 ef jnz short .004516c1 + * 004516d2 3819 cmp byte ptr ds:[ecx],bl + * 004516d4 74 31 je short .00451707 + * 004516d6 0fb64d ff movzx ecx,byte ptr ss:[ebp-0x1] + * 004516da 8b55 ec mov edx,dword ptr ss:[ebp-0x14] + * 004516dd 8a4c11 1d mov cl,byte ptr ds:[ecx+edx+0x1d] + */ + +#if 0 // hook to the caller of dynamic GetGlyphOutlineA +/** + * @param addr function address + * @param frame real address of the function, supposed to be the same as addr + * @param stack address of current stack - 4 + * @return If suceess + */ +static bool InsertMinkDynamicHook(LPVOID fun, DWORD frame, DWORD stack) +{ + CC_UNUSED(frame); + if (fun != ::GetGlyphOutlineA) + return false; + DWORD addr = *(DWORD *)(stack + 4); + if (!addr) { + ConsoleOutput("Mink: missing function return addr, this should never happen"); + return true; + } + addr = MemDbg::findEnclosingAlignedFunction(addr, 0x200); // range is around 0x120 + if (!addr) { + ConsoleOutput("Mink: failed to caller address"); + return true; + } + + HookParam hp; + hp.address = addr; // hook to the beginning of the caller function + hp.offset =get_stack(1); + hp.type = CODEC_ANSI_BE; + return NewHook(hp, "Mink"); +} +#endif // 0 + +static void SpecialHookMink(hook_stack* stack, HookParam *, uintptr_t *data, uintptr_t *split, size_t*len) +{ + //DWORD addr = *(DWORD *)(esp_base + hp->offset); // default value + DWORD addr = stack->eax; + if (!IthGetMemoryRange((LPVOID)(addr), 0, 0)) + return; + DWORD ch = *(DWORD *)addr; + DWORD size = LeadByteTable[ch & 0xff]; // Slightly faster than IsDBCSLeadByte + if (size == 1 && ::ispunct(ch & 0xff)) // skip ascii punctuations, since garbage is like ":text:" + return; + + *len = size; + *data = ch; + + // Issue: still have lots of garbage + *split = stack->stack[25]; + //*split = *(DWORD *)(esp_base + 0x48); +} + +bool InsertMinkHook() +{ + const BYTE bytes[] = { + 0x38,0x18, // 00451648 3818 cmp byte ptr ds:[eax],bl + 0x75, 0x14, // 0045164a 75 14 jnz short .00451660 ; jichi: hook here + 0x38,0x5d, 0xf4, // 0045164c 385d f4 cmp byte ptr ss:[ebp-0xc],bl + 0x74, 0x07, // 0045164f 74 07 je short .00451658 + 0x8b,0x45, 0xf0, // 00451651 8b45 f0 mov eax,dword ptr ss:[ebp-0x10] + 0x83,0x60, 0x70, 0xfd, // 00451654 8360 70 fd and dword ptr ds:[eax+0x70],0xfffffffd + 0x8b,0x45, 0x08 // 00451658 8b45 08 mov eax,dword ptr ss:[ebp+0x8] + }; + enum { addr_offset = 2 }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + //ULONG addr = 0x45164a; + //ULONG addr = 0x451648; + //ULONG addr = 0x4521a8; + //GROWL_DWORD(addr); + if (!addr) { + ConsoleOutput("Mink: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr + addr_offset; + hp.offset=get_reg(regs::eax); // -8 + hp.split = 0x64; + hp.type = USING_SPLIT|DATA_INDIRECT|USING_CHAR; // 0x18 + hp.text_fun = SpecialHookMink; + ConsoleOutput("INSERT Mink"); + return NewHook(hp, "Mink"); + + //ConsoleOutput("Mink: disable GDI hooks"); + // +} + +bool Mink2::attach_function() { + const BYTE pattern[] = { + //破談屋 + //https://vndb.org/v2719 + 0xF7,0xC7,0x03,0x00,0x00,0x00, + 0x75,XX, + 0xC1,0xE9,0x02, + 0x83,0xE2,0x03, + 0x83,0xF9,0x08, + 0x72,XX + }; + bool found=false; + for (auto addr : Util::SearchMemory(pattern, sizeof(pattern), PAGE_EXECUTE, processStartAddress, processStopAddress)) + { + addr = MemDbg::findEnclosingAlignedFunction(addr,0x100); + if (addr == 0)return false; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(2); + hp.length_offset=3; + hp.type = USING_STRING; + found|=NewHook(hp, "Mink"); + } + return found; +} +bool Mink::attach_function() { + + return InsertMinkHook(); +} \ No newline at end of file diff --git a/LunaHook/engine32/Mink.h b/LunaHook/engine32/Mink.h new file mode 100644 index 0000000..8beb5ac --- /dev/null +++ b/LunaHook/engine32/Mink.h @@ -0,0 +1,22 @@ +#include"engine.h" + +class Mink:public ENGINE{ + public: + Mink(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"*.at2";//Mink, sample files: voice.at2, voice.det, voice.nme + }; + bool attach_function(); +}; + +class Mink2:public ENGINE{ + public: + Mink2(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"Scr\\*.sc"; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Minori.cpp b/LunaHook/engine32/Minori.cpp new file mode 100644 index 0000000..e25a872 --- /dev/null +++ b/LunaHook/engine32/Minori.cpp @@ -0,0 +1,698 @@ +#include"Minori.h" +#include"util/textunion.h" + + +bool Minori1EngFilter(LPVOID data, size_t* size, HookParam*) +{ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + StringCharReplacer(text, len, "\\n", 2, ' '); + StringFilter(text, len, "\\a", 2); + StringFilter(text, len, "\\v", 2); + CharReplacer(text, len, '\xC4', '-'); + CharReplacer(text, len, '\x93', '"'); + CharReplacer(text, len, '\x94', '"'); + CharReplacer(text, len, '\x92', '\''); + StringCharReplacer(text, len, "\\I", 2, '\''); + StringCharReplacer(text, len, "\\P", 2, '\''); + + return true; +} + +bool Minori1JapFilter(LPVOID data, size_t* size, HookParam*) +{ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + StringFilter(text, len, "\\a", 2); + StringFilter(text, len, "\\v", 2); + StringFilter(text, len, "\\N", 2); + + if (cpp_strnstr(text, "{", *len)) { + StringFilterBetween(text, len, "{", 1, "}", 1); + } + + return true; +} + +bool InsertMinori1Hook() +{ + + /* + * Sample games: + * https://vndb.org/v19644 + * https://vndb.org/v12562 + */ + const BYTE bytes[] = { + 0x84, 0xC0, // test al,al << hook here + 0x0F, 0x85, XX4, // jne trinoline_en_AA.exe+243E1 + 0x68, XX4, // push trinoline_en_AA.exe+118BF8 << alt eng hook + 0x33, 0xFF // xor edi,edi + }; + enum { alt_addr_offset = 8 }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + ConsoleOutput("Minori1: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset =get_reg(regs::edx); + hp.codepage = 932; + hp.type = USING_STRING; + hp.filter_fun = Minori1JapFilter; + ConsoleOutput(" INSERT Minori1"); + auto succ=NewHook(hp, "Minori1"); + + hp.address = addr + alt_addr_offset; + hp.filter_fun = Minori1EngFilter; + ConsoleOutput(" INSERT Minori1eng"); + succ|=NewHook(hp, "Minori1eng"); + + return succ; +} + +bool Minori2Filter(LPVOID data, size_t* size, HookParam*) +{ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + StringCharReplacer(text, len, "\\n", 2, ' '); + + if (cpp_strnstr(text, "{", *len)) { + StringFilterBetween(text, len, "{", 1, "}", 1); + } + + return true; +} + +bool InsertMinori2Hook() +{ + + /* + * Sample games: + * https://vndb.org/v35 + */ + const BYTE bytes[] = { + 0x80, 0x38, 0x00, // cmp byte ptr [eax],00 << hook here + 0x0F, 0x84, XX4, // je WindRP.exe+2832A + 0xB8, 0x20, 0x03, 0x00, 0x00, // mov eax,00000320 + 0x89, 0x44, 0x24, 0x10, // mov [esp+10],eax + 0x89, 0x44, 0x24, 0x14, // mov [esp+14],eax + 0x8B, 0x47, 0x20 // mov eax,[edi+20] + }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + ConsoleOutput("Minori2: pattern not found"); + return false; + } + + ConsoleOutput(" INSERT Minori2"); + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::eax); + hp.type = USING_STRING; + hp.filter_fun = Minori2Filter; + ConsoleOutput(" INSERT Minori2"); + ConsoleOutput("Minori2: Please, set text to max speed"); + return NewHook(hp, "Minori2"); +} + +bool InsertMinoriHooks() +{ + return InsertMinori1Hook() || InsertMinori2Hook(); +} + +namespace { // unnamed +namespace ScenarioHook { +namespace Private { + /** + * Sample game: 12の月のイヴ + * Remove \tag and leading #. + */ + LPCSTR trim(LPCSTR text, int *size) + { + int length = *size; + // handle prefix + while (text[0] == '#' || text[0] == '@') { + text++; + length--; + } + while (text[0] == '\\' && ::isalpha(text[1])) { + text += 2; + length -= 2; + } + // handle suffix + while (length >= 2 && text[length - 2] == '\\' && ::isalpha(text[length - 1])) + length -= 2; + *size = length; + return text; + } + + /** + * Sample game: ソレヨリノ前奏詩 + * + * 013BEFAE CC INT3 + * 013BEFAF CC INT3 + * 013BEFB0 55 PUSH EBP + * 013BEFB1 8BEC MOV EBP,ESP + * 013BEFB3 6A FF PUSH -0x1 + * 013BEFB5 68 78654401 PUSH yorino_t.01446578 + * 013BEFBA 64:A1 00000000 MOV EAX,DWORD PTR FS:[0] + * 013BEFC0 50 PUSH EAX + * 013BEFC1 64:8925 00000000 MOV DWORD PTR FS:[0],ESP + * 013BEFC8 83EC 54 SUB ESP,0x54 + * 013BEFCB 53 PUSH EBX + * 013BEFCC 8B5D 08 MOV EBX,DWORD PTR SS:[EBP+0x8] + * 013BEFCF 56 PUSH ESI + * 013BEFD0 57 PUSH EDI + * 013BEFD1 8BF3 MOV ESI,EBX + * 013BEFD3 E8 68FFFFFF CALL yorino_t.013BEF40 + * 013BEFD8 8883 6C2A0000 MOV BYTE PTR DS:[EBX+0x2A6C],AL + * 013BEFDE 8B45 14 MOV EAX,DWORD PTR SS:[EBP+0x14] + * 013BEFE1 33F6 XOR ESI,ESI + * 013BEFE3 56 PUSH ESI + * 013BEFE4 50 PUSH EAX + * 013BEFE5 BF 0F000000 MOV EDI,0xF + * 013BEFEA 83C8 FF OR EAX,0xFFFFFFFF + * 013BEFED 8D4D BC LEA ECX,DWORD PTR SS:[EBP-0x44] + * 013BEFF0 897D D0 MOV DWORD PTR SS:[EBP-0x30],EDI + * 013BEFF3 8975 CC MOV DWORD PTR SS:[EBP-0x34],ESI + * 013BEFF6 C645 BC 00 MOV BYTE PTR SS:[EBP-0x44],0x0 + * 013BEFFA E8 313AFAFF CALL yorino_t.01362A30 ; jichi: name call + * 013BEFFF 8B4D 18 MOV ECX,DWORD PTR SS:[EBP+0x18] + * 013BF002 56 PUSH ESI + * 013BF003 8975 FC MOV DWORD PTR SS:[EBP-0x4],ESI + * 013BF006 51 PUSH ECX + * 013BF007 83C8 FF OR EAX,0xFFFFFFFF + * 013BF00A 8D4D D8 LEA ECX,DWORD PTR SS:[EBP-0x28] + * 013BF00D 897D EC MOV DWORD PTR SS:[EBP-0x14],EDI + * 013BF010 8975 E8 MOV DWORD PTR SS:[EBP-0x18],ESI + * 013BF013 C645 D8 00 MOV BYTE PTR SS:[EBP-0x28],0x0 + * 013BF017 E8 143AFAFF CALL yorino_t.01362A30 ; jichi: scenario call + * 013BF01C C645 FC 01 MOV BYTE PTR SS:[EBP-0x4],0x1 + * 013BF020 8B8B 7C2A0000 MOV ECX,DWORD PTR DS:[EBX+0x2A7C] + * 013BF026 3BCE CMP ECX,ESI + * 013BF028 74 1C JE SHORT yorino_t.013BF046 + * 013BF02A 8B11 MOV EDX,DWORD PTR DS:[ECX] + * 013BF02C 8B52 0C MOV EDX,DWORD PTR DS:[EDX+0xC] + * 013BF02F 8D45 BC LEA EAX,DWORD PTR SS:[EBP-0x44] + * 013BF032 50 PUSH EAX + * 013BF033 FFD2 CALL EDX + * 013BF035 8B8B 7C2A0000 MOV ECX,DWORD PTR DS:[EBX+0x2A7C] + * 013BF03B 8B01 MOV EAX,DWORD PTR DS:[ECX] + * 013BF03D 8B40 0C MOV EAX,DWORD PTR DS:[EAX+0xC] + * 013BF040 8D55 D8 LEA EDX,DWORD PTR SS:[EBP-0x28] + * 013BF043 52 PUSH EDX + * 013BF044 FFD0 CALL EAX + * 013BF046 8B8B 1C130000 MOV ECX,DWORD PTR DS:[EBX+0x131C] + * 013BF04C 8B7D 0C MOV EDI,DWORD PTR SS:[EBP+0xC] + * 013BF04F 3BCF CMP ECX,EDI + * 013BF051 0F95C0 SETNE AL + * 013BF054 C683 411A0000 00 MOV BYTE PTR DS:[EBX+0x1A41],0x0 + * 013BF05B 8845 08 MOV BYTE PTR SS:[EBP+0x8],AL + * 013BF05E 84C0 TEST AL,AL + * 013BF060 74 15 JE SHORT yorino_t.013BF077 + * 013BF062 3BCE CMP ECX,ESI + * 013BF064 7C 11 JL SHORT yorino_t.013BF077 + * 013BF066 8BB3 0C1A0000 MOV ESI,DWORD PTR DS:[EBX+0x1A0C] + * 013BF06C 85F6 TEST ESI,ESI + * 013BF06E 74 05 JE SHORT yorino_t.013BF075 + * 013BF070 E8 8B500100 CALL yorino_t.013D4100 + * 013BF075 33F6 XOR ESI,ESI + * 013BF077 56 PUSH ESI + * 013BF078 8D4D D8 LEA ECX,DWORD PTR SS:[EBP-0x28] + * 013BF07B 51 PUSH ECX + * 013BF07C 8D8B 00130000 LEA ECX,DWORD PTR DS:[EBX+0x1300] + * 013BF082 83C8 FF OR EAX,0xFFFFFFFF + * 013BF085 E8 A639FAFF CALL yorino_t.01362A30 + * 013BF08A 56 PUSH ESI + * 013BF08B 8D55 BC LEA EDX,DWORD PTR SS:[EBP-0x44] + * 013BF08E 52 PUSH EDX + * 013BF08F 8D8B 20130000 LEA ECX,DWORD PTR DS:[EBX+0x1320] + * 013BF095 83C8 FF OR EAX,0xFFFFFFFF + * 013BF098 89BB 1C130000 MOV DWORD PTR DS:[EBX+0x131C],EDI + * 013BF09E E8 8D39FAFF CALL yorino_t.01362A30 + * 013BF0A3 8B45 10 MOV EAX,DWORD PTR SS:[EBP+0x10] + * 013BF0A6 56 PUSH ESI + * 013BF0A7 50 PUSH EAX + * 013BF0A8 8D8B 3C130000 LEA ECX,DWORD PTR DS:[EBX+0x133C] + * 013BF0AE 83C8 FF OR EAX,0xFFFFFFFF + * 013BF0B1 E8 7A39FAFF CALL yorino_t.01362A30 + * 013BF0B6 8B15 00A74B01 MOV EDX,DWORD PTR DS:[0x14BA700] ; yorino_t.0146603C + * 013BF0BC 8B82 CC000000 MOV EAX,DWORD PTR DS:[EDX+0xCC] + * 013BF0C2 B9 00A74B01 MOV ECX,yorino_t.014BA700 + * 013BF0C7 FFD0 CALL EAX + * 013BF0C9 3BC6 CMP EAX,ESI + * 013BF0CB 7E 15 JLE SHORT yorino_t.013BF0E2 + * 013BF0CD 3983 CC290000 CMP DWORD PTR DS:[EBX+0x29CC],EAX + * 013BF0D3 7C 0D JL SHORT yorino_t.013BF0E2 + * 013BF0D5 8BCB MOV ECX,EBX + * 013BF0D7 E8 14650000 CALL yorino_t.013C55F0 + * 013BF0DC 89B3 CC290000 MOV DWORD PTR DS:[EBX+0x29CC],ESI + * 013BF0E2 8A45 1C MOV AL,BYTE PTR SS:[EBP+0x1C] + * 013BF0E5 8883 421A0000 MOV BYTE PTR DS:[EBX+0x1A42],AL + * 013BF0EB 84C0 TEST AL,AL + * 013BF0ED 75 1F JNZ SHORT yorino_t.013BF10E + * 013BF0EF 83BB A0120000 02 CMP DWORD PTR DS:[EBX+0x12A0],0x2 + * 013BF0F6 75 16 JNZ SHORT yorino_t.013BF10E + * 013BF0F8 89B3 A0120000 MOV DWORD PTR DS:[EBX+0x12A0],ESI + * 013BF0FE 8B15 00A74B01 MOV EDX,DWORD PTR DS:[0x14BA700] ; yorino_t.0146603C + * 013BF104 8B42 2C MOV EAX,DWORD PTR DS:[EDX+0x2C] + * 013BF107 B9 00A74B01 MOV ECX,yorino_t.014BA700 + * 013BF10C FFD0 CALL EAX + * 013BF10E 8B45 08 MOV EAX,DWORD PTR SS:[EBP+0x8] + * 013BF111 8B53 10 MOV EDX,DWORD PTR DS:[EBX+0x10] + * 013BF114 8B52 3C MOV EDX,DWORD PTR DS:[EDX+0x3C] + * 013BF117 6A 00 PUSH 0x0 + * 013BF119 6A 01 PUSH 0x1 + * 013BF11B 50 PUSH EAX + * 013BF11C 8D4D D8 LEA ECX,DWORD PTR SS:[EBP-0x28] + * 013BF11F 51 PUSH ECX + * 013BF120 8D45 BC LEA EAX,DWORD PTR SS:[EBP-0x44] + * 013BF123 50 PUSH EAX + * 013BF124 8D4B 10 LEA ECX,DWORD PTR DS:[EBX+0x10] + * 013BF127 FFD2 CALL EDX + * 013BF129 8B43 10 MOV EAX,DWORD PTR DS:[EBX+0x10] + * 013BF12C 8BB3 0C1A0000 MOV ESI,DWORD PTR DS:[EBX+0x1A0C] + * 013BF132 8945 1C MOV DWORD PTR SS:[EBP+0x1C],EAX + * 013BF135 8B83 141A0000 MOV EAX,DWORD PTR DS:[EBX+0x1A14] + * 013BF13B E8 204B0100 CALL yorino_t.013D3C60 + * 013BF140 8B55 1C MOV EDX,DWORD PTR SS:[EBP+0x1C] + * 013BF143 50 PUSH EAX + * 013BF144 8B42 4C MOV EAX,DWORD PTR DS:[EDX+0x4C] + * 013BF147 8BCF MOV ECX,EDI + * 013BF149 51 PUSH ECX + * 013BF14A 8D4B 10 LEA ECX,DWORD PTR DS:[EBX+0x10] + * 013BF14D FFD0 CALL EAX + * 013BF14F 8B53 10 MOV EDX,DWORD PTR DS:[EBX+0x10] + * 013BF152 8B42 78 MOV EAX,DWORD PTR DS:[EDX+0x78] + * 013BF155 8D4B 10 LEA ECX,DWORD PTR DS:[EBX+0x10] + * 013BF158 FFD0 CALL EAX + * 013BF15A 8BF3 MOV ESI,EBX + * 013BF15C 8983 64130000 MOV DWORD PTR DS:[EBX+0x1364],EAX + * 013BF162 E8 B9B0FFFF CALL yorino_t.013BA220 + * 013BF167 84C0 TEST AL,AL + * 013BF169 74 6D JE SHORT yorino_t.013BF1D8 + * 013BF16B 8B53 10 MOV EDX,DWORD PTR DS:[EBX+0x10] + * 013BF16E 8B42 40 MOV EAX,DWORD PTR DS:[EDX+0x40] + * 013BF171 6A 00 PUSH 0x0 + * 013BF173 6A 01 PUSH 0x1 + * 013BF175 8D4B 10 LEA ECX,DWORD PTR DS:[EBX+0x10] + * 013BF178 FFD0 CALL EAX + * 013BF17A E8 C1FDFFFF CALL yorino_t.013BEF40 + * 013BF17F 33C9 XOR ECX,ECX + * 013BF181 8BFB MOV EDI,EBX + * 013BF183 E8 C8B8FFFF CALL yorino_t.013BAA50 + * 013BF188 33FF XOR EDI,EDI + * 013BF18A 89BB 181A0000 MOV DWORD PTR DS:[EBX+0x1A18],EDI + * 013BF190 E8 3BF0FFFF CALL yorino_t.013BE1D0 + * 013BF195 68 78CB4401 PUSH yorino_t.0144CB78 + * 013BF19A 8D75 A0 LEA ESI,DWORD PTR SS:[EBP-0x60] + * 013BF19D C745 B4 0F000000 MOV DWORD PTR SS:[EBP-0x4C],0xF + * 013BF1A4 897D B0 MOV DWORD PTR SS:[EBP-0x50],EDI + * 013BF1A7 C645 A0 00 MOV BYTE PTR SS:[EBP-0x60],0x0 + * 013BF1AB E8 A065FAFF CALL yorino_t.01365750 + * 013BF1B0 C645 FC 02 MOV BYTE PTR SS:[EBP-0x4],0x2 + * 013BF1B4 8B53 10 MOV EDX,DWORD PTR DS:[EBX+0x10] + * 013BF1B7 8B52 6C MOV EDX,DWORD PTR DS:[EDX+0x6C] + * 013BF1BA 8D4B 10 LEA ECX,DWORD PTR DS:[EBX+0x10] + * 013BF1BD 6A 01 PUSH 0x1 + * 013BF1BF 8BC6 MOV EAX,ESI + * 013BF1C1 50 PUSH EAX + * 013BF1C2 FFD2 CALL EDX + * 013BF1C4 837D B4 10 CMP DWORD PTR SS:[EBP-0x4C],0x10 + * 013BF1C8 72 56 JB SHORT yorino_t.013BF220 + * 013BF1CA 8B45 A0 MOV EAX,DWORD PTR SS:[EBP-0x60] + * 013BF1CD 50 PUSH EAX + * 013BF1CE E8 28B50500 CALL yorino_t.0141A6FB + * 013BF1D3 83C4 04 ADD ESP,0x4 + * 013BF1D6 EB 48 JMP SHORT yorino_t.013BF220 + * 013BF1D8 8B7D 10 MOV EDI,DWORD PTR SS:[EBP+0x10] + * 013BF1DB C783 181A0000 04>MOV DWORD PTR DS:[EBX+0x1A18],0x4 + * 013BF1E5 837F 10 00 CMP DWORD PTR DS:[EDI+0x10],0x0 + * 013BF1E9 C705 64514801 00>MOV DWORD PTR DS:[0x1485164],0x0 + * 013BF1F3 76 2B JBE SHORT yorino_t.013BF220 + * 013BF1F5 8BF3 MOV ESI,EBX + * 013BF1F7 E8 D4EFFFFF CALL yorino_t.013BE1D0 + * 013BF1FC 8B15 00A74B01 MOV EDX,DWORD PTR DS:[0x14BA700] ; yorino_t.0146603C + * 013BF202 8B82 8C000000 MOV EAX,DWORD PTR DS:[EDX+0x8C] + * 013BF208 B9 00A74B01 MOV ECX,yorino_t.014BA700 + * 013BF20D FFD0 CALL EAX + * 013BF20F 84C0 TEST AL,AL + * 013BF211 75 0D JNZ SHORT yorino_t.013BF220 + * 013BF213 837F 10 00 CMP DWORD PTR DS:[EDI+0x10],0x0 + * 013BF217 76 07 JBE SHORT yorino_t.013BF220 + * 013BF219 57 PUSH EDI + * 013BF21A 53 PUSH EBX + * 013BF21B E8 A0EAFFFF CALL yorino_t.013BDCC0 + * 013BF220 BE 10000000 MOV ESI,0x10 + * 013BF225 C683 C8290000 00 MOV BYTE PTR DS:[EBX+0x29C8],0x0 + * 013BF22C 3975 EC CMP DWORD PTR SS:[EBP-0x14],ESI + * 013BF22F 72 0C JB SHORT yorino_t.013BF23D + * 013BF231 8B4D D8 MOV ECX,DWORD PTR SS:[EBP-0x28] + * 013BF234 51 PUSH ECX + * 013BF235 E8 C1B40500 CALL yorino_t.0141A6FB + * 013BF23A 83C4 04 ADD ESP,0x4 + * 013BF23D 3975 D0 CMP DWORD PTR SS:[EBP-0x30],ESI + * 013BF240 5F POP EDI + * 013BF241 5E POP ESI + * 013BF242 C745 EC 0F000000 MOV DWORD PTR SS:[EBP-0x14],0xF + * 013BF249 C745 E8 00000000 MOV DWORD PTR SS:[EBP-0x18],0x0 + * 013BF250 C645 D8 00 MOV BYTE PTR SS:[EBP-0x28],0x0 + * 013BF254 5B POP EBX + * 013BF255 72 0C JB SHORT yorino_t.013BF263 + * 013BF257 8B55 BC MOV EDX,DWORD PTR SS:[EBP-0x44] + * 013BF25A 52 PUSH EDX + * 013BF25B E8 9BB40500 CALL yorino_t.0141A6FB + * 013BF260 83C4 04 ADD ESP,0x4 + * 013BF263 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-0xC] + * 013BF266 64:890D 00000000 MOV DWORD PTR FS:[0],ECX + * 013BF26D 8BE5 MOV ESP,EBP + * 013BF26F 5D POP EBP + * 013BF270 C2 1800 RETN 0x18 + * 013BF273 CC INT3 + * 013BF274 CC INT3 + * 013BF275 CC INT3 + * 013BF276 CC INT3 + * 013BF277 CC INT3 + * 013BF278 CC INT3 + * 013BF279 CC INT3 + * 013BF27A CC INT3 + * 013BF27B CC INT3 + * 013BF27C CC INT3 + * 013BF27D CC INT3 + * 013BF27E CC INT3 + * 013BF27F CC INT3 + * + * Sample text: + * 00C3091C 57 48 49 54 45 2E 70 6E 67 00 00 00 00 00 00 00 WHITE.png....... + * 00C3092C 09 00 00 00 0F 00 00 00 00 00 00 00 00 00 00 00 ............... + */ + TextUnionA *arg_, + argValue_; +std::unordered_mapaddr_role; + bool hookBeforehookBefore(hook_stack*s,void* data1, size_t* len,uintptr_t*role) + { + static std::string data_; + //auto arg = (TextUnionA *)s->ecx; + auto arg = (TextUnionA *)s->stack[0]; // arg1 + if (!arg || !arg->isValid()) + return false; + auto text = arg->getText(); + if (all_ascii(text)) + return false; + int size = arg->size, + trimmedSize = size; + auto trimmedText = trim(text, &trimmedSize); + if (!trimmedSize || !*trimmedText) + return false; + //auto sig = Engine::hashThreadSignature(role, retaddr); + std::string oldData(trimmedText, trimmedSize); + auto retaddr=s->stack[0]; + *role=addr_role[retaddr]; + if (*role == Engine::NameRole) + strReplace(oldData,"\x81\x40", ""); // remove spaces in the middle of names + strcpy((char*)data1,oldData.c_str()); + *len=oldData.size();return true; + + } + void hookafter(hook_stack*s,void* data1, size_t len){ + std::string newData = std::string((LPSTR)data1,len); + auto arg = (TextUnionA *)s->stack[0]; // arg1 + auto text = arg->getText(); + int size = arg->size, + trimmedSize = size; + auto trimmedText = trim(text, &trimmedSize); + int prefixSize = trimmedText - text, + suffixSize = size - prefixSize - trimmedSize; + if (prefixSize) + newData.insert(0,std::string(text, prefixSize)); + if (suffixSize) + newData.append(trimmedText + trimmedSize, suffixSize); + arg_ = arg; + argValue_ = *arg; + static std::string data_; + data_ = newData; + arg->setText(data_); + } + bool hookAfter(hook_stack*s,void* data1, size_t* len,uintptr_t*role) + { + if (arg_) { + *arg_ = argValue_; + arg_ = nullptr; + } + return 0; + } +} // namespace Private + +/** + * Sample game: ソレヨリノ前奏詩 + * arg1 is source, ecx is target. + * + * 01052A2D CC INT3 + * 01052A2E CC INT3 + * 01052A2F CC INT3 + * 01052A30 55 PUSH EBP + * 01052A31 8BEC MOV EBP,ESP + * 01052A33 53 PUSH EBX + * 01052A34 8B5D 0C MOV EBX,DWORD PTR SS:[EBP+0xC] + * 01052A37 56 PUSH ESI + * 01052A38 8BF1 MOV ESI,ECX ; jichi: ecx is target address? + * 01052A3A 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+0x8] + * 01052A3D 57 PUSH EDI + * 01052A3E 8B79 10 MOV EDI,DWORD PTR DS:[ECX+0x10] ; jichi: source size + * 01052A41 3BFB CMP EDI,EBX + * 01052A43 73 0A JNB SHORT yorino_t.01052A4F + * 01052A45 68 88CA1301 PUSH yorino_t.0113CA88 ; ASCII "invalid string position" + * 01052A4A E8 337C0B00 CALL yorino_t.0110A682 + * 01052A4F 2BFB SUB EDI,EBX + * 01052A51 3BC7 CMP EAX,EDI + * 01052A53 0F42F8 CMOVB EDI,EAX + * 01052A56 3BF1 CMP ESI,ECX + * 01052A58 75 1D JNZ SHORT yorino_t.01052A77 + * 01052A5A 8D0C1F LEA ECX,DWORD PTR DS:[EDI+EBX] + * 01052A5D 83C8 FF OR EAX,0xFFFFFFFF + * 01052A60 E8 EBFCFFFF CALL yorino_t.01052750 + * 01052A65 8BC3 MOV EAX,EBX + * 01052A67 33C9 XOR ECX,ECX + * 01052A69 E8 E2FCFFFF CALL yorino_t.01052750 + * 01052A6E 5F POP EDI + * 01052A6F 8BC6 MOV EAX,ESI + * 01052A71 5E POP ESI + * 01052A72 5B POP EBX + * 01052A73 5D POP EBP + * 01052A74 C2 0800 RETN 0x8 + * 01052A77 83FF FE CMP EDI,-0x2 + * 01052A7A 76 0A JBE SHORT yorino_t.01052A86 + * 01052A7C 68 B4CA1301 PUSH yorino_t.0113CAB4 ; ASCII "string too long" + * 01052A81 E8 AF7B0B00 CALL yorino_t.0110A635 + * 01052A86 8B46 14 MOV EAX,DWORD PTR DS:[ESI+0x14] + * 01052A89 3BC7 CMP EAX,EDI + * 01052A8B 73 27 JNB SHORT yorino_t.01052AB4 + * 01052A8D 8B46 10 MOV EAX,DWORD PTR DS:[ESI+0x10] + * 01052A90 50 PUSH EAX + * 01052A91 57 PUSH EDI + * 01052A92 56 PUSH ESI + * 01052A93 E8 88FDFFFF CALL yorino_t.01052820 + * 01052A98 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+0x8] + * 01052A9B 85FF TEST EDI,EDI + * 01052A9D 74 68 JE SHORT yorino_t.01052B07 + * 01052A9F B8 10000000 MOV EAX,0x10 + * 01052AA4 3941 14 CMP DWORD PTR DS:[ECX+0x14],EAX + * 01052AA7 72 02 JB SHORT yorino_t.01052AAB + * 01052AA9 8B09 MOV ECX,DWORD PTR DS:[ECX] + * 01052AAB 3946 14 CMP DWORD PTR DS:[ESI+0x14],EAX + * 01052AAE 72 2A JB SHORT yorino_t.01052ADA + * 01052AB0 8B06 MOV EAX,DWORD PTR DS:[ESI] + * 01052AB2 EB 28 JMP SHORT yorino_t.01052ADC + * 01052AB4 85FF TEST EDI,EDI + * 01052AB6 ^75 E7 JNZ SHORT yorino_t.01052A9F + * 01052AB8 897E 10 MOV DWORD PTR DS:[ESI+0x10],EDI + * 01052ABB 83F8 10 CMP EAX,0x10 + * 01052ABE 72 0E JB SHORT yorino_t.01052ACE + * 01052AC0 8B06 MOV EAX,DWORD PTR DS:[ESI] + * 01052AC2 5F POP EDI + * 01052AC3 C600 00 MOV BYTE PTR DS:[EAX],0x0 + * 01052AC6 8BC6 MOV EAX,ESI + * 01052AC8 5E POP ESI + * 01052AC9 5B POP EBX + * 01052ACA 5D POP EBP + * 01052ACB C2 0800 RETN 0x8 + * 01052ACE 5F POP EDI + * 01052ACF 8BC6 MOV EAX,ESI + * 01052AD1 5E POP ESI + * 01052AD2 C600 00 MOV BYTE PTR DS:[EAX],0x0 + * 01052AD5 5B POP EBX + * 01052AD6 5D POP EBP + * 01052AD7 C2 0800 RETN 0x8 + * 01052ADA 8BC6 MOV EAX,ESI ; jichi: esi is target address + * 01052ADC 57 PUSH EDI ; jichi: source size + * 01052ADD 03CB ADD ECX,EBX + * 01052ADF 51 PUSH ECX ; jichi: source + * 01052AE0 50 PUSH EAX ; jichi: target + * 01052AE1 E8 9AC80B00 CALL yorino_t.0110F380 ; jichi: called here + * 01052AE6 83C4 0C ADD ESP,0xC + * 01052AE9 837E 14 10 CMP DWORD PTR DS:[ESI+0x14],0x10 + * 01052AED 897E 10 MOV DWORD PTR DS:[ESI+0x10],EDI + * 01052AF0 72 0F JB SHORT yorino_t.01052B01 + * 01052AF2 8B06 MOV EAX,DWORD PTR DS:[ESI] + * 01052AF4 C60438 00 MOV BYTE PTR DS:[EAX+EDI],0x0 + * 01052AF8 5F POP EDI + * 01052AF9 8BC6 MOV EAX,ESI + * 01052AFB 5E POP ESI + * 01052AFC 5B POP EBX + * 01052AFD 5D POP EBP + * 01052AFE C2 0800 RETN 0x8 + * 01052B01 8BC6 MOV EAX,ESI + * 01052B03 C60438 00 MOV BYTE PTR DS:[EAX+EDI],0x0 + * 01052B07 5F POP EDI + * 01052B08 8BC6 MOV EAX,ESI + * 01052B0A 5E POP ESI + * 01052B0B 5B POP EBX + * 01052B0C 5D POP EBP + * 01052B0D C2 0800 RETN 0x8 + * 01052B10 6A 00 PUSH 0x0 + * 01052B12 50 PUSH EAX + * 01052B13 C746 14 0F000000 MOV DWORD PTR DS:[ESI+0x14],0xF + * 01052B1A C746 10 00000000 MOV DWORD PTR DS:[ESI+0x10],0x0 + * 01052B21 83C8 FF OR EAX,0xFFFFFFFF + * 01052B24 8BCE MOV ECX,ESI + * 01052B26 C606 00 MOV BYTE PTR DS:[ESI],0x0 + * 01052B29 E8 02FFFFFF CALL yorino_t.01052A30 + * 01052B2E 8BC6 MOV EAX,ESI + * 01052B30 C3 RETN + * 01052B31 CC INT3 + * 01052B32 CC INT3 + * 01052B33 CC INT3 + * 01052B34 CC INT3 + * 01052B35 CC INT3 + * 01052B36 CC INT3 + * 01052B37 CC INT3 + * 01052B38 CC INT3 + * 01052B39 CC INT3 + * 01052B3A CC INT3 + * 01052B3B CC INT3 + * 01052B3C CC INT3 + * + * 005CF5C4 01C17D68 + * 005CF5C8 00000026 + * 005CF5CC /005CF5EC + * 005CF5D0 |00172AE6 RETURN to yorino_t.00172AE6 from yorino_t.0022F380 + * 005CF5D4 |01C154F0 ; jichi: target text + * 005CF5D8 |01C15608 ; jcihi: source text + * 005CF5DC |00000026 ; jichi: source size + * 005CF5E0 |00000082 ; jichi: capacity? not sure + * 005CF5E4 |00000000 + * 005CF5E8 |01C16A68 + * 005CF5EC ]005CF668 + * 005CF5F0 |001CF08A RETURN to yorino_t.001CF08A from yorino_t.00172A30 + * 005CF5F4 |005CF640 + * 005CF5F8 |00000000 + * 005CF5FC |01C19500 + */ +bool attach(ULONG startAddress, ULONG stopAddress) +{ + const uint8_t bytes[] = { + 0x8b,0xc6, // 01052ada 8bc6 mov eax,esi ; jichi: esi is target address + 0x57, // 01052adc 57 push edi ; jichi: source size + 0x03,0xcb, // 01052add 03cb add ecx,ebx + 0x51, // 01052adf 51 push ecx ; jichi: source + 0x50 // 01052ae0 50 push eax ; jichi: target + //0xe8, XX4, // 01052ae1 e8 9ac80b00 call yorino_t.0110f380 ; jichi: called here + //0x83,0xc4, 0x0c // 01052ae6 83c4 0c add esp,0xc + }; + //enum { addr_offset = sizeof(bytes) - 8 }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if (!addr) + return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) + return false; + //return winhook::hook_before(addr, Private::hookBefore); + + bool count = false; + auto fun = [&count](ULONG addr) -> bool { + // Sample game: ソレヨリノ前奏詩 + // 013BEFFA E8 313AFAFF CALL yorino_t.01362A30 ; jichi: name call + // 013BEFFF 8B4D 18 MOV ECX,DWORD PTR SS:[EBP+0x18] + // 013BF002 56 PUSH ESI + // 013BF003 8975 FC MOV DWORD PTR SS:[EBP-0x4],ESI + // 013BF006 51 PUSH ECX + // 013BF007 83C8 FF OR EAX,0xFFFFFFFF + // 013BF00A 8D4D D8 LEA ECX,DWORD PTR SS:[EBP-0x28] + // 013BF00D 897D EC MOV DWORD PTR SS:[EBP-0x14],EDI + // 013BF010 8975 E8 MOV DWORD PTR SS:[EBP-0x18],ESI + // 013BF013 C645 D8 00 MOV BYTE PTR SS:[EBP-0x28],0x0 + // 013BF017 E8 143AFAFF CALL yorino_t.01362A30 ; jichi: scenario call + // 013BF01C C645 FC 01 MOV BYTE PTR SS:[EBP-0x4],0x1 + // 013BF020 8B8B 7C2A0000 MOV ECX,DWORD PTR DS:[EBX+0x2A7C] + // 013BF026 3BCE CMP ECX,ESI + // + // Bad scenario to skip: + // + // 0035A9A3 C745 E4 0F000000 MOV DWORD PTR SS:[EBP-0x1C],0xF + // 0035A9AA C745 E0 00000000 MOV DWORD PTR SS:[EBP-0x20],0x0 + // 0035A9B1 C645 D0 00 MOV BYTE PTR SS:[EBP-0x30],0x0 + // 0035A9B5 -E9 4656D001 JMP 02060000 ; jichi: here + // 0035A9BA C645 FC 01 MOV BYTE PTR SS:[EBP-0x4],0x1 + // 0035A9BE 8B7D E0 MOV EDI,DWORD PTR SS:[EBP-0x20] + // 0035A9C1 83FF 01 CMP EDI,0x1 + // 0035A9C4 0F86 B0000000 JBE .0035AA7A + auto retaddr = addr + 5; + auto role = Engine::OtherRole; + switch (*(DWORD *)retaddr) { + case 0x56184d8b: + // 013BEFFF 8B4D 18 MOV ECX,DWORD PTR SS:[EBP+0x18] + // 013BF002 56 PUSH ESI + role = Engine::NameRole; + break; + case 0x01fc45c6: // 013BF01C C645 FC 01 MOV BYTE PTR SS:[EBP-0x4],0x1 + if (*(DWORD *)(retaddr - 5 - sizeof(DWORD)) == 0x00D845C6) { // previous instruction + role = Engine::ScenarioRole; + break; + } + default: return true; + } + Private::addr_role[retaddr]=role; + { + HookParam hp; + hp.address=addr; + hp.hook_before=Private::hookBeforehookBefore; + hp.hook_after=Private::hookafter; + hp.type=EMBED_ABLE|USING_STRING|EMBED_DYNA_SJIS; + hp.hook_font=F_GetGlyphOutlineA; + hp.filter_fun=[](void* data, size_t* len, HookParam* hp){ + + static std::regex rx("\\{.*?\\}"); + auto _=std::regex_replace(std::string((char*)data,*len), rx, ""); + strcpy((char*)data,_.c_str());*len=_.size();return true; + + }; + count|=NewHook(hp,"EmbedMinori"); + } + { + HookParam hp; + hp.address=addr+5; + hp.hook_before=Private::hookAfter; + hp.hook_after=Private::hookafter; + hp.type=EMBED_ABLE|HOOK_EMPTY; + count|=NewHook(hp,"EmbedMinori"); + } + return true; // replace all functions + }; + MemDbg::iterNearCallAddress(fun, addr, startAddress, stopAddress); + + return count; +} + +} // namespace ScenarioHook + +} // unnamed namespace + +bool Minori::attach_function() { + bool embed=ScenarioHook::attach(processStartAddress,processStopAddress); + return InsertMinoriHooks()||embed; +} \ No newline at end of file diff --git a/LunaHook/engine32/Minori.h b/LunaHook/engine32/Minori.h new file mode 100644 index 0000000..87705cd --- /dev/null +++ b/LunaHook/engine32/Minori.h @@ -0,0 +1,12 @@ +#include"engine.h" + +class Minori:public ENGINE{ + public: + Minori(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"*.paz"; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/NNNConfig.cpp b/LunaHook/engine32/NNNConfig.cpp new file mode 100644 index 0000000..882927a --- /dev/null +++ b/LunaHook/engine32/NNNConfig.cpp @@ -0,0 +1,36 @@ +#include"NNNConfig.h" +bool NNNConfig::attach_function() { + //blackcyc + //开头有一些究极重复的,没办法 + //夢幻廻廊 + const BYTE bytes[] = { + 0x68,0xE8,0x03,0x00,0x00,0x6a,0x00, + + }; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (addr == 0)return false; + + addr = addr + sizeof(bytes); + for (int i = 0; i < 5; i++) { + if (*(BYTE*)addr == 0xe8) { + addr += 1; + break; + } + addr += 1; + } + uintptr_t offset = *(uintptr_t*)(addr); + uintptr_t funcaddr = offset + addr + 4; + const BYTE check[] = { 0x83 ,0xEC ,0x1C }; + auto checkoffset = MemDbg::findBytes(check, sizeof(check), funcaddr, funcaddr +0x20); + + ConsoleOutput("%p %p %p %d", addr, offset, funcaddr,checkoffset); + if (checkoffset == 0)offset = get_stack(5); + else offset = get_stack(6); + HookParam hp; + hp.address = funcaddr; + + hp.offset = offset; + + hp.type = USING_STRING ; + return NewHook(hp, "NNNhook"); +} \ No newline at end of file diff --git a/LunaHook/engine32/NNNConfig.h b/LunaHook/engine32/NNNConfig.h new file mode 100644 index 0000000..946e1ec --- /dev/null +++ b/LunaHook/engine32/NNNConfig.h @@ -0,0 +1,12 @@ +#include"engine.h" + +class NNNConfig:public ENGINE{ + public: + NNNConfig(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"nnnConfig2.exe"; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/NeXAS.cpp b/LunaHook/engine32/NeXAS.cpp new file mode 100644 index 0000000..cb6a1f7 --- /dev/null +++ b/LunaHook/engine32/NeXAS.cpp @@ -0,0 +1,302 @@ +#include"NeXAS.h" + +/** jichi 7/6/2014 NeXAS + * Sample game: BALDRSKYZERO EXTREME + * + * Call graph: + * - GetGlyphOutlineA x 2 functions + * - Caller 503620: char = [arg1 + 0x1a8] + * - Caller: 500039, 4ffff0 + * edi = [esi+0x1a0] # stack size 4x3 + * arg1 = eax = [edi] + * + * 0050361f cc int3 + * 00503620 /$ 55 push ebp + * 00503621 |. 8bec mov ebp,esp + * 00503623 |. 83e4 f8 and esp,0xfffffff8 + * 00503626 |. 64:a1 00000000 mov eax,dword ptr fs:[0] + * 0050362c |. 6a ff push -0x1 + * 0050362e |. 68 15815900 push bszex.00598115 + * 00503633 |. 50 push eax + * 00503634 |. 64:8925 000000>mov dword ptr fs:[0],esp + * 0050363b |. 81ec 78010000 sub esp,0x178 + * 00503641 |. 53 push ebx + * 00503642 |. 8b5d 08 mov ebx,dword ptr ss:[ebp+0x8] + * 00503645 |. 80bb ed010000 >cmp byte ptr ds:[ebx+0x1ed],0x0 + * 0050364c |. 56 push esi + * 0050364d |. 57 push edi + * 0050364e |. 0f85 6e0b0000 jnz bszex.005041c2 + * 00503654 |. 8db3 a8010000 lea esi,dword ptr ds:[ebx+0x1a8] + * 0050365a |. c683 ed010000 >mov byte ptr ds:[ebx+0x1ed],0x1 + * 00503661 |. 837e 14 10 cmp dword ptr ds:[esi+0x14],0x10 + * 00503665 |. 72 04 jb short bszex.0050366b + * 00503667 |. 8b06 mov eax,dword ptr ds:[esi] + * 00503669 |. eb 02 jmp short bszex.0050366d + * 0050366b |> 8bc6 mov eax,esi + * 0050366d |> 8038 20 cmp byte ptr ds:[eax],0x20 + * 00503670 |. 0f84 ef0a0000 je bszex.00504165 + * 00503676 |. b9 fcc97400 mov ecx,bszex.0074c9fc + * 0050367b |. 8bfe mov edi,esi + * 0050367d |. e8 2e20f1ff call bszex.004156b0 + * 00503682 |. 84c0 test al,al + * 00503684 |. 0f85 db0a0000 jnz bszex.00504165 + * 0050368a |. 8b93 38010000 mov edx,dword ptr ds:[ebx+0x138] + * 00503690 |. 33c0 xor eax,eax + * 00503692 |. 3bd0 cmp edx,eax + * 00503694 |. 0f84 8d0a0000 je bszex.00504127 + * 0050369a |. 8b8b 3c010000 mov ecx,dword ptr ds:[ebx+0x13c] + * 005036a0 |. 3bc8 cmp ecx,eax + * 005036a2 |. 0f84 7f0a0000 je bszex.00504127 + * 005036a8 |. 894424 40 mov dword ptr ss:[esp+0x40],eax + * 005036ac |. 894424 44 mov dword ptr ss:[esp+0x44],eax + * 005036b0 |. 894424 48 mov dword ptr ss:[esp+0x48],eax + * 005036b4 |. 898424 8c01000>mov dword ptr ss:[esp+0x18c],eax + * 005036bb |. 33ff xor edi,edi + * 005036bd |. 66:897c24 60 mov word ptr ss:[esp+0x60],di + * 005036c2 |. bf 01000000 mov edi,0x1 + * 005036c7 |. 66:897c24 62 mov word ptr ss:[esp+0x62],di + * 005036cc |. 33ff xor edi,edi + * 005036ce |. 66:897c24 64 mov word ptr ss:[esp+0x64],di + * 005036d3 |. 66:897c24 66 mov word ptr ss:[esp+0x66],di + * 005036d8 |. 66:897c24 68 mov word ptr ss:[esp+0x68],di + * 005036dd |. 66:897c24 6a mov word ptr ss:[esp+0x6a],di + * 005036e2 |. 66:897c24 6c mov word ptr ss:[esp+0x6c],di + * 005036e7 |. bf 01000000 mov edi,0x1 + * 005036ec |. 66:897c24 6e mov word ptr ss:[esp+0x6e],di + * 005036f1 |. 894424 0c mov dword ptr ss:[esp+0xc],eax + * 005036f5 |. 894424 10 mov dword ptr ss:[esp+0x10],eax + * 005036f9 |. 3883 ec010000 cmp byte ptr ds:[ebx+0x1ec],al + * 005036ff |. 0f84 39010000 je bszex.0050383e + * 00503705 |. c78424 f000000>mov dword ptr ss:[esp+0xf0],bszex.00780e> + * 00503710 |. 898424 3001000>mov dword ptr ss:[esp+0x130],eax + * 00503717 |. 898424 1001000>mov dword ptr ss:[esp+0x110],eax + * 0050371e |. 898424 1401000>mov dword ptr ss:[esp+0x114],eax + * 00503725 |. c68424 8c01000>mov byte ptr ss:[esp+0x18c],0x1 + * 0050372d |. 837e 14 10 cmp dword ptr ds:[esi+0x14],0x10 + * 00503731 |. 72 02 jb short bszex.00503735 + * 00503733 |. 8b36 mov esi,dword ptr ds:[esi] + * 00503735 |> 51 push ecx + * 00503736 |. 52 push edx + * 00503737 |. 56 push esi + * 00503738 |. 8d8424 ec00000>lea eax,dword ptr ss:[esp+0xec] + * 0050373f |. 68 00ca7400 push bszex.0074ca00 ; ascii "gaiji%s%02d%02d.fil" + * 00503744 |. 50 push eax + * 00503745 |. e8 cec6f7ff call bszex.0047fe18 + * 0050374a |. 83c4 14 add esp,0x14 + * 0050374d |. 8d8c24 e000000>lea ecx,dword ptr ss:[esp+0xe0] + * 00503754 |. 51 push ecx ; /arg1 + * 00503755 |. 8d8c24 9400000>lea ecx,dword ptr ss:[esp+0x94] ; | + * 0050375c |. e8 dfeaefff call bszex.00402240 ; \bszex.00402240 + * 00503761 |. 6a 00 push 0x0 ; /arg4 = 00000000 + * 00503763 |. 8d9424 9400000>lea edx,dword ptr ss:[esp+0x94] ; | + * 0050376a |. c68424 9001000>mov byte ptr ss:[esp+0x190],0x2 ; | + * 00503772 |. a1 a8a78200 mov eax,dword ptr ds:[0x82a7a8] ; | + * 00503777 |. 52 push edx ; |arg3 + * 00503778 |. 50 push eax ; |arg2 => 00000000 + * 00503779 |. 8d8c24 fc00000>lea ecx,dword ptr ss:[esp+0xfc] ; | + * 00503780 |. 51 push ecx ; |arg1 + * 00503781 |. e8 2a0dfeff call bszex.004e44b0 ; \bszex.004e44b0 + * 00503786 |. 84c0 test al,al + * 00503788 |. 8d8c24 9000000>lea ecx,dword ptr ss:[esp+0x90] + * 0050378f |. 0f95c3 setne bl + * 00503792 |. c68424 8c01000>mov byte ptr ss:[esp+0x18c],0x1 + * 0050379a |. e8 a1baf1ff call bszex.0041f240 + * 0050379f |. 84db test bl,bl + * 005037a1 |. 74 40 je short bszex.005037e3 + * 005037a3 |. 8db424 f000000>lea esi,dword ptr ss:[esp+0xf0] + * 005037aa |. e8 6106feff call bszex.004e3e10 + * 005037af |. 8bd8 mov ebx,eax + * 005037b1 |. 895c24 0c mov dword ptr ss:[esp+0xc],ebx + * 005037b5 |. e8 5606feff call bszex.004e3e10 + * 005037ba |. 8bf8 mov edi,eax + * 005037bc |. 0faffb imul edi,ebx + * 005037bf |. 894424 10 mov dword ptr ss:[esp+0x10],eax + * 005037c3 |. 8bc7 mov eax,edi + * 005037c5 |. 8d7424 40 lea esi,dword ptr ss:[esp+0x40] + * 005037c9 |. e8 e219f1ff call bszex.004151b0 + * 005037ce |. 8b5424 40 mov edx,dword ptr ss:[esp+0x40] + * 005037d2 |. 52 push edx ; /arg1 + * 005037d3 |. 8bc7 mov eax,edi ; | + * 005037d5 |. 8db424 f400000>lea esi,dword ptr ss:[esp+0xf4] ; | + * 005037dc |. e8 8f03feff call bszex.004e3b70 ; \bszex.004e3b70 + * 005037e1 |. eb 10 jmp short bszex.005037f3 + * 005037e3 |> 8d8424 e000000>lea eax,dword ptr ss:[esp+0xe0] + * 005037ea |. 50 push eax + * 005037eb |. e8 60c5f2ff call bszex.0042fd50 + * 005037f0 |. 83c4 04 add esp,0x4 + * 005037f3 |> 8b5c24 10 mov ebx,dword ptr ss:[esp+0x10] + * 005037f7 |. 8b7c24 40 mov edi,dword ptr ss:[esp+0x40] + * 005037fb |. 8bcb mov ecx,ebx + * 005037fd |. 0faf4c24 0c imul ecx,dword ptr ss:[esp+0xc] + * 00503802 |. 33c0 xor eax,eax + * 00503804 |. 85c9 test ecx,ecx + * 00503806 |. 7e 09 jle short bszex.00503811 + * 00503808 |> c02c07 02 /shr byte ptr ds:[edi+eax],0x2 + * 0050380c |. 40 |inc eax + * 0050380d |. 3bc1 |cmp eax,ecx + * 0050380f |.^7c f7 \jl short bszex.00503808 + * 00503811 |> 8b4d 08 mov ecx,dword ptr ss:[ebp+0x8] + * 00503814 |. 33c0 xor eax,eax + * 00503816 |. 8db424 f000000>lea esi,dword ptr ss:[esp+0xf0] + * 0050381d |. 8981 dc010000 mov dword ptr ds:[ecx+0x1dc],eax + * 00503823 |. 8981 e0010000 mov dword ptr ds:[ecx+0x1e0],eax + * 00503829 |. c78424 f000000>mov dword ptr ss:[esp+0xf0],bszex.00780e> + * 00503834 |. e8 4702feff call bszex.004e3a80 + * 00503839 |. e9 68010000 jmp bszex.005039a6 + * 0050383e |> 8b0d 08a58200 mov ecx,dword ptr ds:[0x82a508] + * 00503844 |. 51 push ecx ; /hwnd => null + * 00503845 |. ff15 d4e26f00 call dword ptr ds:[<&user32.getdc>] ; \getdc + * 0050384b |. 68 50b08200 push bszex.0082b050 ; /facename = "" + * 00503850 |. 6a 00 push 0x0 ; |pitchandfamily = default_pitch|ff_dontcare + * 00503852 |. 6a 02 push 0x2 ; |quality = proof_quality + * 00503854 |. 6a 00 push 0x0 ; |clipprecision = clip_default_precis + * 00503856 |. 6a 07 push 0x7 ; |outputprecision = out_tt_only_precis + * 00503858 |. 68 80000000 push 0x80 ; |charset = 128. + * 0050385d |. 6a 00 push 0x0 ; |strikeout = false + * 0050385f |. 6a 00 push 0x0 ; |underline = false + * 00503861 |. 8bf8 mov edi,eax ; | + * 00503863 |. 8b83 38010000 mov eax,dword ptr ds:[ebx+0x138] ; | + * 00503869 |. 6a 00 push 0x0 ; |italic = false + * 0050386b |. 68 84030000 push 0x384 ; |weight = fw_heavy + * 00503870 |. 99 cdq ; | + * 00503871 |. 6a 00 push 0x0 ; |orientation = 0x0 + * 00503873 |. 2bc2 sub eax,edx ; | + * 00503875 |. 8b93 3c010000 mov edx,dword ptr ds:[ebx+0x13c] ; | + * 0050387b |. 6a 00 push 0x0 ; |escapement = 0x0 + * 0050387d |. d1f8 sar eax,1 ; | + * 0050387f |. 50 push eax ; |width + * 00503880 |. 52 push edx ; |height + * 00503881 |. ff15 48e06f00 call dword ptr ds:[<&gdi32.createfonta>] ; \createfonta + * 00503887 |. 50 push eax ; /hobject + * 00503888 |. 57 push edi ; |hdc + * 00503889 |. 894424 30 mov dword ptr ss:[esp+0x30],eax ; | + * 0050388d |. ff15 4ce06f00 call dword ptr ds:[<&gdi32.selectobject>>; \selectobject + * 00503893 |. 894424 1c mov dword ptr ss:[esp+0x1c],eax + * 00503897 |. 8d8424 4801000>lea eax,dword ptr ss:[esp+0x148] + * 0050389e |. 50 push eax ; /ptextmetric + * 0050389f |. 57 push edi ; |hdc + * 005038a0 |. ff15 50e06f00 call dword ptr ds:[<&gdi32.gettextmetric>; \gettextmetricsa + * 005038a6 |. 837e 14 10 cmp dword ptr ds:[esi+0x14],0x10 + * 005038aa |. 72 02 jb short bszex.005038ae + * 005038ac |. 8b36 mov esi,dword ptr ds:[esi] + * 005038ae |> 56 push esi ; /arg1 + * 005038af |. e8 deccf7ff call bszex.00480592 ; \bszex.00480592 + * 005038b4 |. 83c4 04 add esp,0x4 + * 005038b7 |. 8d4c24 60 lea ecx,dword ptr ss:[esp+0x60] + * 005038bb |. 51 push ecx ; /pmat2 + * 005038bc |. 6a 00 push 0x0 ; |buffer = null + * 005038be |. 6a 00 push 0x0 ; |bufsize = 0x0 + * 005038c0 |. 8d9424 d800000>lea edx,dword ptr ss:[esp+0xd8] ; | + * 005038c7 |. 52 push edx ; |pmetrics + * 005038c8 |. 6a 06 push 0x6 ; |format = ggo_gray8_bitmap + * 005038ca |. 50 push eax ; |char + * 005038cb |. 57 push edi ; |hdc + * 005038cc |. 894424 30 mov dword ptr ss:[esp+0x30],eax ; | + * 005038d0 |. ff15 54e06f00 call dword ptr ds:[<&gdi32.getglyphoutli>; \getglyphoutlinea + * 005038d6 |. 8bd8 mov ebx,eax + * 005038d8 |. 85db test ebx,ebx + * 005038da |. 0f84 d5070000 je bszex.005040b5 + * 005038e0 |. 83fb ff cmp ebx,-0x1 + * 005038e3 |. 0f84 cc070000 je bszex.005040b5 + * 005038e9 |. 8d7424 40 lea esi,dword ptr ss:[esp+0x40] + * 005038ed |. e8 be18f1ff call bszex.004151b0 + * 005038f2 |. 8b4c24 40 mov ecx,dword ptr ss:[esp+0x40] + * 005038f6 |. 8d4424 60 lea eax,dword ptr ss:[esp+0x60] + * 005038fa |. 50 push eax ; /pmat2 + * 005038fb |. 8b4424 18 mov eax,dword ptr ss:[esp+0x18] ; | + * 005038ff |. 51 push ecx ; |buffer + * 00503900 |. 53 push ebx ; |bufsize + * 00503901 |. 8d9424 d800000>lea edx,dword ptr ss:[esp+0xd8] ; | + * 00503908 |. 52 push edx ; |pmetrics + * 00503909 |. 6a 06 push 0x6 ; |format = ggo_gray8_bitmap + * 0050390b |. 50 push eax ; |char + * 0050390c |. 57 push edi ; |hdc + * 0050390d |. ff15 54e06f00 call dword ptr ds:[<&gdi32.getglyphoutli>; \getglyphoutlinea + * 00503913 |. 8b4c24 1c mov ecx,dword ptr ss:[esp+0x1c] + * 00503917 |. 51 push ecx ; /hobject + * 00503918 |. 57 push edi ; |hdc + * 00503919 |. ff15 4ce06f00 call dword ptr ds:[<&gdi32.selectobject>>; \selectobject + * 0050391f |. 8b15 08a58200 mov edx,dword ptr ds:[0x82a508] + * 00503925 |. 57 push edi ; /hdc + * 00503926 |. 52 push edx ; |hwnd => null + * 00503927 |. ff15 a4e26f00 call dword ptr ds:[<&user32.releasedc>] ; \releasedc + * 0050392d |. 8b4424 28 mov eax,dword ptr ss:[esp+0x28] + * 00503931 |. 50 push eax ; /hobject + * 00503932 |. ff15 58e06f00 call dword ptr ds:[<&gdi32.deleteobject>>; \deleteobject + * 00503938 |. 8bb424 cc00000>mov esi,dword ptr ss:[esp+0xcc] + * 0050393f |. 8b8c24 d000000>mov ecx,dword ptr ss:[esp+0xd0] + * 00503946 |. 83c6 03 add esi,0x3 + * 00503949 |. 81e6 fcff0000 and esi,0xfffc + * 0050394f |. 8bd1 mov edx,ecx + * 00503951 |. 0fafd6 imul edx,esi + * 00503954 |. 897424 0c mov dword ptr ss:[esp+0xc],esi + * 00503958 |. 894c24 10 mov dword ptr ss:[esp+0x10],ecx + * 0050395c |. 3bda cmp ebx,edx + * 0050395e |. 74 1a je short bszex.0050397a + */ +bool InsertNeXASHook() +{ + // There are two GetGlyphOutlineA, both of which seem to have the same texts + ULONG addr = MemDbg::findCallAddress((ULONG)::GetGlyphOutlineA, processStartAddress, processStopAddress); + if (!addr) { + ConsoleOutput("NexAS: failed"); + return false; + } + + // DWORD GetGlyphOutline( + // _In_ HDC hdc, + // _In_ UINT uChar, + // _In_ UINT uFormat, + // _Out_ LPGLYPHMETRICS lpgm, + // _In_ DWORD cbBuffer, + // _Out_ LPVOID lpvBuffer, + // _In_ const MAT2 *lpmat2 + // ); + + HookParam hp; + //hp.address = (DWORD)::GetGlyphOutlineA; + hp.address = addr; + //hp.type = USING_STRING|USING_SPLIT; + hp.type = CODEC_ANSI_BE|NO_CONTEXT|USING_SPLIT; + hp.offset = get_stack(1); + + // Either lpgm or lpmat2 are good choices + hp.split = get_stack(3); + //hp.split = arg7_lpmat2; // = 0x18, arg7 + + ConsoleOutput("INSERT NeXAS"); + return NewHook(hp, "NeXAS"); +} +namespace { + bool _2(){ + //飛ぶ山羊はさかさまの木の夢を見るか + BYTE bs[]={ + 0x8B,0x56,0x68, + 0x8a,0x04,0x3a, + 0x8d,0x0c,0x3a, + 0x33,0xdb, + 0x3c,0x40 + }; + auto addr=MemDbg::findBytes(bs,sizeof(bs),processStartAddress,processStopAddress); + if(addr==0)return 0; + HookParam hp; + hp.address = addr+9; + hp.type = DATA_INDIRECT; + hp.index=0; + hp.offset=get_reg(regs::ecx); + hp.filter_fun=[](LPVOID data, size_t *size, HookParam *) + { + auto text = reinterpret_cast(data); + if (text[0] == '@') { + return false; + } + return true; + }; + + return NewHook(hp, "NeXAS2"); + } +} +bool NeXAS::attach_function() { + auto _=_2(); + return InsertNeXASHook()||_; +} \ No newline at end of file diff --git a/LunaHook/engine32/NeXAS.h b/LunaHook/engine32/NeXAS.h new file mode 100644 index 0000000..ee1adc2 --- /dev/null +++ b/LunaHook/engine32/NeXAS.h @@ -0,0 +1,15 @@ +#include"engine.h" + +class NeXAS:public ENGINE{ + public: + NeXAS(){ + + check_by=CHECK_BY::FILE_ALL; + check_by_target=check_by_list{L"*.pac",L"Thumbnail.pac"}; + // jichi 6/3/2014: AMUSE CRAFT and SOFTPAL + // Selectively insert, so that lstrlenA can still get correct text if failed + //if (Util::CheckFile(L"dll\\resource.dll") && Util::CheckFile(L"dll\\pal.dll") && InsertAmuseCraftHook()) + // return true; + }; + bool attach_function(); +}; diff --git a/LunaHook/engine32/Nekopack.cpp b/LunaHook/engine32/Nekopack.cpp new file mode 100644 index 0000000..68d315d --- /dev/null +++ b/LunaHook/engine32/Nekopack.cpp @@ -0,0 +1,60 @@ +#include"Nekopack.h" + + +/** + * mireado 8/01/2016: Add NekoPack hook + * + * See: http://sakuradite.com/topic/1470 + * https://arallab.hided.net/board_codetalk/2605967 + * + * [Pure More] 少女アクティビティ_trial 1.01 + * + * base: 0x4000000 + * binary pattern :: 558BEC81C4C4FDFFFFB8 + */ + +bool InsertNekopackHook() +{ + const BYTE bytes[] = { + 0x55, // 0069637C /$ 55 PUSH EBP + 0x8b,0xec, // 0069637D |. 8BEC MOV EBP,ESP + 0x81,0xc4, 0xC4,0xFD,0xFF,0xFF, // 0069637F |. 81C4 C4FDFFFF ADD ESP,-23C + 0xb8, XX4, // 00696385 |. B8 A8FF7900 MOV EAX,OFFSET 0079FFA8 + 0x53, // 0069638A |. 53 PUSH EBX + 0x56, // 0069638B |. 56 PUSH ESI + 0x57, // 0069638C |. 57 PUSH EDI + 0x8b,0x5d, 0x08 // 0069638D |. 8B5D 08 MOV EBX,DWORD PTR SS:[ARG.1] + }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + enum { addr_offset = 0 }; // distance to the beginning of the function, which is 0x55 (push ebp) + //GROWL(reladdr); + if (!addr) { + ConsoleOutput("NekoPack: pattern not found"); + return false; + } + addr += addr_offset; + //GROWL(addr); + enum { push_ebp = 0x55 }; // beginning of the function + if (*(BYTE *)addr != push_ebp) { + ConsoleOutput("NekoPack: beginning of the function not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset=get_stack(2); + hp.type = USING_STRING; + + ConsoleOutput("INSERT NekoPack"); + return NewHook(hp, "NekoPack"); + + // Disable GDIHook(um.. ?), which is cached and hence missing characters. + //ConsoleOutput("NekoPack: disable GDI hooks"); + // +} + +bool Nekopack::attach_function() { + + return InsertNekopackHook(); +} \ No newline at end of file diff --git a/LunaHook/engine32/Nekopack.h b/LunaHook/engine32/Nekopack.h new file mode 100644 index 0000000..0835c29 --- /dev/null +++ b/LunaHook/engine32/Nekopack.h @@ -0,0 +1,12 @@ +#include"engine.h" + +class Nekopack:public ENGINE{ + public: + Nekopack(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"*.dat"; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Nexton.cpp b/LunaHook/engine32/Nexton.cpp new file mode 100644 index 0000000..f5457ef --- /dev/null +++ b/LunaHook/engine32/Nexton.cpp @@ -0,0 +1,1024 @@ +#include"Nexton.h" +#include"embed_util.h" +/** + * jichi 9/5/2013: NEXTON games with aInfo.db + * Sample games: + * - /HA-C@4D69E:InnocentBullet.exe (イノセントバレッ�) + * - /HA-C@40414C:ImoutoBancho.exe (妹番長) + * + * See: http://ja.wikipedia.org/wiki/ネクストン + * See (CaoNiMaGeBi): http://tieba.baidu.com/p/2576241908 + * + * Old: + * md5 = 85ac031f2539e1827d9a1d9fbde4023d + * hcode = /HA-C@40414C:ImoutoBancho.exe + * - addr: 4211020 (0x40414c) + * - module: 1051997988 (0x3eb43724) + * - length_offset: 1 + * - off: 4294967280 (0xfffffff0) = -0x10 + * - split: 0 + * - type: 68 (0x44) + * + * New (11/7/2013): + * /HA-20:4@583DE:MN2.EXE (NEW) + * - addr: 361438 (0x583de) + * - module: 3436540819 + * - length_offset: 1 + * - off: 4294967260 (0xffffffdc) = -0x24 + * - split: 4 + * - type: 84 (0x54) + */ + +bool InsertNextonHook() +{ +#if 0 + // 0x8944241885c00f84 + const BYTE bytes[] = { + //0xe8 //??,??,??,??, 00804147 e8 24d90100 call imoutoba.00821a70 + 0x89,0x44,0x24, 0x18, // 0080414c 894424 18 mov dword ptr ss:[esp+0x18],eax; hook here + 0x85,0xc0, // 00804150 85c0 test eax,eax + 0x0f,0x84 // 00804152 ^0f84 c0feffff je imoutoba.00804018 + }; + //enum { addr_offset = 0 }; + ULONG addr = processStartAddress; //- sizeof(bytes); + do { + addr += sizeof(bytes); // ++ so that each time return diff address + ULONG range = min(processStopAddress - addr, MAX_REL_ADDR); + addr = MemDbg::findBytes(bytes, sizeof(bytes), addr, addr + range); + if (!addr) { + ConsoleOutput("NEXTON: pattern not exist"); + return false; + } + + //const BYTE hook_ins[] = { + // 0x57, // 00804144 57 push edi + // 0x8b,0xc3, // 00804145 8bc3 mov eax,ebx + // 0xe8 //??,??,??,??, 00804147 e8 24d90100 call imoutoba.00821a70 + //}; + } while(0xe8c38b57 != *(DWORD *)(addr - 8)); +#endif // 0 + const BYTE bytes[] = { + 0x57, // 0044d696 57 push edi + 0x8b,0xc3, // 0044d697 8bc3 mov eax,ebx + 0xe8, XX4, // 0044d699 e8 6249fdff call .00422000 + 0x89,0x44,0x24, 0x18, // 0044d69e 894424 18 mov dword ptr ss:[esp+0x18],eax ; jichi: this is the ith hook point + 0x85,0xc0, // 0044d6a2 85c0 test eax,eax + 0x0f,0x84 //c2feffff // 0044d6a4 ^0f84 c2feffff je .0044d56c + }; + enum { addr_offset = 0x0044d69e - 0x0044d696 }; // = 8 + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!addr) { + ConsoleOutput("NEXTON: pattern not exist"); + return false; + } + + + HookParam hp; + hp.address = addr + addr_offset; + //hp.type = CODEC_ANSI_BE; // 4 + + // 魔王のくせに生イキ�っ �今度は性戦ぽ // CheatEngine search for byte array: 8944241885C00F84 + //addr = 0x4583de; // wrong + //addr = 0x5460ba; + //addr = 0x5f3d8a; + //addr = 0x768776; + //addr = 0x7a5319; + + hp.offset=get_reg(regs::edi); + hp.split=get_stack(1); + hp.type = CODEC_ANSI_BE|USING_SPLIT; // 0x54 + + // Indirect is needed for new games, + // Such as: /HA-C*0@4583DE for 「魔王のくせに生イキ�っ��� //hp.type = CODEC_ANSI_BE|DATA_INDIRECT; // 12 + //hp.type = CODEC_UTF16; + //GROWL_DWORD3(addr, -hp.offset, hp.type); + + ConsoleOutput("INSERT NEXTON"); + return NewHook(hp, "NEXTON"); + + //ConsoleOutput("NEXTON: disable GDI hooks"); // There are no GDI functions hooked though + // // disable GetGlyphOutlineA +} + +namespace { // unnamed +namespace ScenarioHook { +namespace Private { + /** + * Scenario caller: + * 0047D555 8BCE MOV ECX,ESI + * 0047D557 FFD0 CALL EAX + * 0047D559 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+0x8] + * 0047D55C 51 PUSH ECX + * 0047D55D 8BCE MOV ECX,ESI + * 0047D55F E8 ECFDFCFF CALL .0044D350 ; jichi: scenario called here + * 0047D564 A1 0C839800 MOV EAX,DWORD PTR DS:[0x98830C] + * 0047D569 C746 38 00000000 MOV DWORD PTR DS:[ESI+0x38],0x0 + * 0047D570 8BB7 20040000 MOV ESI,DWORD PTR DS:[EDI+0x420] + * 0047D576 8B50 14 MOV EDX,DWORD PTR DS:[EAX+0x14] + * 0047D579 2B50 10 SUB EDX,DWORD PTR DS:[EAX+0x10] + * 0047D57C 8D78 10 LEA EDI,DWORD PTR DS:[EAX+0x10] + * 0047D57F C1FA 02 SAR EDX,0x2 + * 0047D582 3BF2 CMP ESI,EDX + * 0047D584 72 05 JB SHORT .0047D58B + * 0047D586 E8 091C0300 CALL .004AF194 + * 0047D58B 8B07 MOV EAX,DWORD PTR DS:[EDI] + * 0047D58D 8B34B0 MOV ESI,DWORD PTR DS:[EAX+ESI*4] + * 0047D590 8B16 MOV EDX,DWORD PTR DS:[ESI] + * 0047D592 8B42 04 MOV EAX,DWORD PTR DS:[EDX+0x4] + * 0047D595 8BCE MOV ECX,ESI + * 0047D597 FFD0 CALL EAX + * 0047D599 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+0xC] + * 0047D59C 51 PUSH ECX + * 0047D59D 8BCE MOV ECX,ESI + * 0047D59F E8 ACFDFCFF CALL .0044D350 ; jichi: name called here + * 0047D5A4 5F POP EDI + * 0047D5A5 5E POP ESI + * 0047D5A6 5B POP EBX + * 0047D5A7 8BE5 MOV ESP,EBP + * 0047D5A9 5D POP EBP + * 0047D5AA C2 0800 RETN 0x8 + * 0047D5AD CC INT3 + * 0047D5AE CC INT3 + * 0047D5AF CC INT3 + * + * History: + * + * 0047C054 50 PUSH EAX + * 0047C055 8BCF MOV ECX,EDI + * 0047C057 E8 F412FDFF CALL .0044D350 ; jichi: name history called here + * 0047C05C 46 INC ESI + * 0047C05D 3B7424 14 CMP ESI,DWORD PTR SS:[ESP+0x14] + * 0047C061 ^0F82 EAFEFFFF JB .0047BF51 + * 0047C067 8B4C24 20 MOV ECX,DWORD PTR SS:[ESP+0x20] + * 0047C06B 3BF1 CMP ESI,ECX + * 0047C06D 0F83 A7000000 JNB .0047C11A + * 0047C073 EB 0B JMP SHORT .0047C080 + * 0047C075 8DA424 00000000 LEA ESP,DWORD PTR SS:[ESP] + * 0047C07C 8D6424 00 LEA ESP,DWORD PTR SS:[ESP] + * 0047C080 8B8B 483A0000 MOV ECX,DWORD PTR DS:[EBX+0x3A48] + * 0047C086 2B8B 443A0000 SUB ECX,DWORD PTR DS:[EBX+0x3A44] + * 0047C08C C1F9 03 SAR ECX,0x3 + * 0047C08F 3BF1 CMP ESI,ECX + * 0047C091 72 05 JB SHORT .0047C098 + * + * 0045BFCF 53 PUSH EBX + * 0045BFD0 53 PUSH EBX + * 0045BFD1 E8 15670500 CALL .004B26EB ; jichi: scenario history called here + * 0045BFD6 8BC6 MOV EAX,ESI + * 0045BFD8 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-0xC] + * 0045BFDB 64:890D 00000000 MOV DWORD PTR FS:[0],ECX + * 0045BFE2 59 POP ECX + * 0045BFE3 5F POP EDI + * 0045BFE4 5E POP ESI + * 0045BFE5 5B POP EBX + * 0045BFE6 8BE5 MOV ESP,EBP + * 0045BFE8 5D POP EBP + * 0045BFE9 C3 RETN + * 0045BFEA CC INT3 + */ + bool hookBefore(hook_stack*s,void* data, size_t* len1,uintptr_t*role) + { + static std::string data_; + auto text = (LPCSTR)s->stack[1]; // arg1 + if (!text || !*text) + return false; + * role = Engine::OtherRole; + auto retaddr = s->stack[0]; + BYTE ins = *(BYTE *)retaddr; + if (ins == 0xa1) // 0047D564 A1 0C839800 MOV EAX,DWORD PTR DS:[0x98830C] + *role = Engine::ScenarioRole; + else if (ins == 0x5f) // 0047D5A4 5F POP EDI + *role = Engine::NameRole; + strcpy((char*)data,text); + *len1=strlen(text); + return true; + } +} // namespace Private + +/** + * Sample game: Innocent Bullet + * + * Name/Scenario/History are translated in different callers. + * + * 0044D34D CC INT3 + * 0044D34E CC INT3 + * 0044D34F CC INT3 + * 0044D350 55 PUSH EBP + * 0044D351 8BEC MOV EBP,ESP + * 0044D353 83E4 F8 AND ESP,0xFFFFFFF8 + * 0044D356 6A FF PUSH -0x1 + * 0044D358 68 30B88800 PUSH .0088B830 + * 0044D35D 64:A1 00000000 MOV EAX,DWORD PTR FS:[0] + * 0044D363 50 PUSH EAX + * 0044D364 81EC B0000000 SUB ESP,0xB0 + * 0044D36A A1 50569600 MOV EAX,DWORD PTR DS:[0x965650] + * 0044D36F 33C4 XOR EAX,ESP + * 0044D371 898424 A8000000 MOV DWORD PTR SS:[ESP+0xA8],EAX + * 0044D378 53 PUSH EBX + * 0044D379 56 PUSH ESI + * 0044D37A 57 PUSH EDI + * 0044D37B A1 50569600 MOV EAX,DWORD PTR DS:[0x965650] + * 0044D380 33C4 XOR EAX,ESP + * 0044D382 50 PUSH EAX + * 0044D383 8D8424 C0000000 LEA EAX,DWORD PTR SS:[ESP+0xC0] + * 0044D38A 64:A3 00000000 MOV DWORD PTR FS:[0],EAX + * 0044D390 8B45 08 MOV EAX,DWORD PTR SS:[EBP+0x8] + * 0044D393 8BF1 MOV ESI,ECX + * 0044D395 8B16 MOV EDX,DWORD PTR DS:[ESI] + * 0044D397 894424 38 MOV DWORD PTR SS:[ESP+0x38],EAX + * 0044D39B 8B42 04 MOV EAX,DWORD PTR DS:[EDX+0x4] + * 0044D39E 897424 34 MOV DWORD PTR SS:[ESP+0x34],ESI + * 0044D3A2 FFD0 CALL EAX + * 0044D3A4 68 60244200 PUSH .00422460 + * 0044D3A9 B9 EC769800 MOV ECX,.009876EC + * 0044D3AE E8 FD41FDFF CALL .004215B0 + * 0044D3B3 8B3D F4769800 MOV EDI,DWORD PTR DS:[0x9876F4] + * 0044D3B9 8B47 30 MOV EAX,DWORD PTR DS:[EDI+0x30] + * 0044D3BC 2B47 2C SUB EAX,DWORD PTR DS:[EDI+0x2C] + * 0044D3BF 8B5E 04 MOV EBX,DWORD PTR DS:[ESI+0x4] + * 0044D3C2 83C7 20 ADD EDI,0x20 + * 0044D3C5 33C9 XOR ECX,ECX + * 0044D3C7 83C4 04 ADD ESP,0x4 + * 0044D3CA C1F8 02 SAR EAX,0x2 + * 0044D3CD 3BD9 CMP EBX,ECX + * 0044D3CF 7C 24 JL SHORT .0044D3F5 + * 0044D3D1 3BC3 CMP EAX,EBX + * 0044D3D3 7E 20 JLE SHORT .0044D3F5 + * 0044D3D5 8B57 10 MOV EDX,DWORD PTR DS:[EDI+0x10] + * 0044D3D8 2B57 0C SUB EDX,DWORD PTR DS:[EDI+0xC] + * 0044D3DB C1FA 02 SAR EDX,0x2 + * 0044D3DE 3BDA CMP EBX,EDX + * 0044D3E0 72 07 JB SHORT .0044D3E9 + * 0044D3E2 E8 AD1D0600 CALL .004AF194 + * 0044D3E7 33C9 XOR ECX,ECX + * 0044D3E9 8B47 0C MOV EAX,DWORD PTR DS:[EDI+0xC] + * 0044D3EC 8B1498 MOV EDX,DWORD PTR DS:[EAX+EBX*4] + * 0044D3EF 895424 1C MOV DWORD PTR SS:[ESP+0x1C],EDX + * 0044D3F3 EB 04 JMP SHORT .0044D3F9 + * 0044D3F5 894C24 1C MOV DWORD PTR SS:[ESP+0x1C],ECX + * 0044D3F9 8B4424 1C MOV EAX,DWORD PTR SS:[ESP+0x1C] + * 0044D3FD D9EE FLDZ + * 0044D3FF 83C0 34 ADD EAX,0x34 + * 0044D402 D95C24 14 FSTP DWORD PTR SS:[ESP+0x14] + * 0044D406 894424 4C MOV DWORD PTR SS:[ESP+0x4C],EAX + * 0044D40A 8B00 MOV EAX,DWORD PTR DS:[EAX] + * 0044D40C 894424 18 MOV DWORD PTR SS:[ESP+0x18],EAX + * 0044D410 DB4424 18 FILD DWORD PTR SS:[ESP+0x18] + * 0044D414 85C0 TEST EAX,EAX + * 0044D416 7D 06 JGE SHORT .0044D41E + * 0044D418 D805 D05C9100 FADD DWORD PTR DS:[0x915CD0] + * 0044D41E 894C24 3C MOV DWORD PTR SS:[ESP+0x3C],ECX + * 0044D422 D95C24 28 FSTP DWORD PTR SS:[ESP+0x28] + * 0044D426 894C24 2C MOV DWORD PTR SS:[ESP+0x2C],ECX + * 0044D42A 8D4C24 70 LEA ECX,DWORD PTR SS:[ESP+0x70] + * 0044D42E 51 PUSH ECX + * 0044D42F C74424 70 60DC90>MOV DWORD PTR SS:[ESP+0x70],.0090DC60 + * 0044D437 E8 242B0000 CALL .0044FF60 + * 0044D43C 33FF XOR EDI,EDI + * 0044D43E 8D5424 6C LEA EDX,DWORD PTR SS:[ESP+0x6C] + * 0044D442 89BC24 C8000000 MOV DWORD PTR SS:[ESP+0xC8],EDI + * 0044D449 8B4C24 38 MOV ECX,DWORD PTR SS:[ESP+0x38] + * 0044D44D 52 PUSH EDX + * 0044D44E E8 6D150000 CALL .0044E9C0 + * 0044D453 8B8424 80000000 MOV EAX,DWORD PTR SS:[ESP+0x80] + * 0044D45A 8B4C24 7C MOV ECX,DWORD PTR SS:[ESP+0x7C] + * 0044D45E 894424 60 MOV DWORD PTR SS:[ESP+0x60],EAX + * 0044D462 3BC8 CMP ECX,EAX + * 0044D464 76 10 JBE SHORT .0044D476 + * 0044D466 E8 291D0600 CALL .004AF194 + * 0044D46B 8B8424 80000000 MOV EAX,DWORD PTR SS:[ESP+0x80] + * 0044D472 8B4C24 7C MOV ECX,DWORD PTR SS:[ESP+0x7C] + * 0044D476 8B5424 70 MOV EDX,DWORD PTR SS:[ESP+0x70] + * 0044D47A 895424 58 MOV DWORD PTR SS:[ESP+0x58],EDX + * 0044D47E 897C24 38 MOV DWORD PTR SS:[ESP+0x38],EDI + * 0044D482 8BD9 MOV EBX,ECX + * 0044D484 3BC8 CMP ECX,EAX + * 0044D486 76 05 JBE SHORT .0044D48D + * 0044D488 E8 071D0600 CALL .004AF194 + * 0044D48D 8B7C24 70 MOV EDI,DWORD PTR SS:[ESP+0x70] + * 0044D491 897C24 50 MOV DWORD PTR SS:[ESP+0x50],EDI + * 0044D495 895C24 54 MOV DWORD PTR SS:[ESP+0x54],EBX + * 0044D499 85FF TEST EDI,EDI + * 0044D49B 74 06 JE SHORT .0044D4A3 + * 0044D49D 3B7C24 58 CMP EDI,DWORD PTR SS:[ESP+0x58] + * 0044D4A1 74 05 JE SHORT .0044D4A8 + * 0044D4A3 E8 EC1C0600 CALL .004AF194 + * 0044D4A8 3B5C24 60 CMP EBX,DWORD PTR SS:[ESP+0x60] + * 0044D4AC 0F84 E4030000 JE .0044D896 + * 0044D4B2 85FF TEST EDI,EDI + * 0044D4B4 0F85 9C000000 JNZ .0044D556 + * 0044D4BA E8 D51C0600 CALL .004AF194 + * 0044D4BF 33C0 XOR EAX,EAX + * 0044D4C1 3B58 10 CMP EBX,DWORD PTR DS:[EAX+0x10] + * 0044D4C4 72 05 JB SHORT .0044D4CB + * 0044D4C6 E8 C91C0600 CALL .004AF194 + * 0044D4CB 8B0B MOV ECX,DWORD PTR DS:[EBX] + * 0044D4CD 8B01 MOV EAX,DWORD PTR DS:[ECX] + * 0044D4CF 8B50 10 MOV EDX,DWORD PTR DS:[EAX+0x10] + * 0044D4D2 FFD2 CALL EDX + * 0044D4D4 85C0 TEST EAX,EAX + * 0044D4D6 0F85 99030000 JNZ .0044D875 + * 0044D4DC 85FF TEST EDI,EDI + * 0044D4DE 75 7D JNZ SHORT .0044D55D + * 0044D4E0 E8 AF1C0600 CALL .004AF194 + * 0044D4E5 3B5F 10 CMP EBX,DWORD PTR DS:[EDI+0x10] + * 0044D4E8 72 05 JB SHORT .0044D4EF + * 0044D4EA E8 A51C0600 CALL .004AF194 + * 0044D4EF 8B0B MOV ECX,DWORD PTR DS:[EBX] + * 0044D4F1 8B01 MOV EAX,DWORD PTR DS:[ECX] + * 0044D4F3 8B50 08 MOV EDX,DWORD PTR DS:[EAX+0x8] + * 0044D4F6 FFD2 CALL EDX + * 0044D4F8 8BC8 MOV ECX,EAX + * 0044D4FA C78424 B4000000 >MOV DWORD PTR SS:[ESP+0xB4],0xF + * 0044D505 C78424 B0000000 >MOV DWORD PTR SS:[ESP+0xB0],0x0 + * 0044D510 C68424 A0000000 >MOV BYTE PTR SS:[ESP+0xA0],0x0 + * 0044D518 8D79 01 LEA EDI,DWORD PTR DS:[ECX+0x1] + * 0044D51B EB 03 JMP SHORT .0044D520 + * 0044D51D 8D49 00 LEA ECX,DWORD PTR DS:[ECX] + * 0044D520 8A11 MOV DL,BYTE PTR DS:[ECX] + * 0044D522 41 INC ECX + * 0044D523 84D2 TEST DL,DL + * 0044D525 ^75 F9 JNZ SHORT .0044D520 + * 0044D527 2BCF SUB ECX,EDI + * 0044D529 51 PUSH ECX + * 0044D52A 50 PUSH EAX + * 0044D52B 8D8C24 A4000000 LEA ECX,DWORD PTR SS:[ESP+0xA4] + * 0044D532 E8 D934FCFF CALL .00410A10 + * 0044D537 C68424 C8000000 >MOV BYTE PTR SS:[ESP+0xC8],0x1 + * 0044D53F 83BC24 B4000000 >CMP DWORD PTR SS:[ESP+0xB4],0x10 + * 0044D547 72 18 JB SHORT .0044D561 + * 0044D549 8B8424 A0000000 MOV EAX,DWORD PTR SS:[ESP+0xA0] + * 0044D550 894424 30 MOV DWORD PTR SS:[ESP+0x30],EAX + * 0044D554 EB 16 JMP SHORT .0044D56C + * 0044D556 8B07 MOV EAX,DWORD PTR DS:[EDI] + * 0044D558 ^E9 64FFFFFF JMP .0044D4C1 + * 0044D55D 8B3F MOV EDI,DWORD PTR DS:[EDI] + * 0044D55F ^EB 84 JMP SHORT .0044D4E5 + * 0044D561 8D8C24 A0000000 LEA ECX,DWORD PTR SS:[ESP+0xA0] + * 0044D568 894C24 30 MOV DWORD PTR SS:[ESP+0x30],ECX + * 0044D56C 8B7C24 30 MOV EDI,DWORD PTR SS:[ESP+0x30] + * 0044D570 0FB617 MOVZX EDX,BYTE PTR DS:[EDI] + * 0044D573 52 PUSH EDX + * 0044D574 33DB XOR EBX,EBX + * 0044D576 E8 39420600 CALL .004B17B4 + * 0044D57B 83C4 04 ADD ESP,0x4 + * 0044D57E 85C0 TEST EAX,EAX + * 0044D580 74 12 JE SHORT .0044D594 + * 0044D582 8BCF MOV ECX,EDI + * 0044D584 3859 01 CMP BYTE PTR DS:[ECX+0x1],BL + * 0044D587 8D41 01 LEA EAX,DWORD PTR DS:[ECX+0x1] + * 0044D58A 74 08 JE SHORT .0044D594 + * 0044D58C 0FB619 MOVZX EBX,BYTE PTR DS:[ECX] + * 0044D58F C1E3 08 SHL EBX,0x8 + * 0044D592 8BF8 MOV EDI,EAX + * 0044D594 0FB63F MOVZX EDI,BYTE PTR DS:[EDI] + * 0044D597 03FB ADD EDI,EBX + * 0044D599 0F84 8E020000 JE .0044D82D + * 0044D59F D94424 28 FLD DWORD PTR SS:[ESP+0x28] + * 0044D5A3 D946 0C FLD DWORD PTR DS:[ESI+0xC] + * 0044D5A6 DED9 FCOMPP + * 0044D5A8 DFE0 FSTSW AX + * 0044D5AA F6C4 05 TEST AH,0x5 + * 0044D5AD 0F8B 7A020000 JPO .0044D82D + * 0044D5B3 8B4424 30 MOV EAX,DWORD PTR SS:[ESP+0x30] + * 0044D5B7 50 PUSH EAX + * 0044D5B8 E8 0F420600 CALL .004B17CC + * 0044D5BD 83C4 04 ADD ESP,0x4 + * 0044D5C0 894424 30 MOV DWORD PTR SS:[ESP+0x30],EAX + * 0044D5C4 83FF 20 CMP EDI,0x20 + * 0044D5C7 75 27 JNZ SHORT .0044D5F0 + * 0044D5C9 FF86 88000000 INC DWORD PTR DS:[ESI+0x88] + * 0044D5CF 8B4C24 1C MOV ECX,DWORD PTR SS:[ESP+0x1C] + * 0044D5D3 8B51 38 MOV EDX,DWORD PTR DS:[ECX+0x38] + * 0044D5D6 DB41 38 FILD DWORD PTR DS:[ECX+0x38] + * 0044D5D9 85D2 TEST EDX,EDX + * 0044D5DB 7D 06 JGE SHORT .0044D5E3 + * 0044D5DD D805 D05C9100 FADD DWORD PTR DS:[0x915CD0] + * 0044D5E3 D84424 14 FADD DWORD PTR SS:[ESP+0x14] + * 0044D5E7 D95C24 14 FSTP DWORD PTR SS:[ESP+0x14] + * 0044D5EB ^E9 7CFFFFFF JMP .0044D56C + * 0044D5F0 81FF 40810000 CMP EDI,0x8140 + * 0044D5F6 75 14 JNZ SHORT .0044D60C + * 0044D5F8 FF86 88000000 INC DWORD PTR DS:[ESI+0x88] + * 0044D5FE 8B4424 1C MOV EAX,DWORD PTR SS:[ESP+0x1C] + * 0044D602 8B48 3C MOV ECX,DWORD PTR DS:[EAX+0x3C] + * 0044D605 DB40 3C FILD DWORD PTR DS:[EAX+0x3C] + * 0044D608 85C9 TEST ECX,ECX + * 0044D60A ^EB CF JMP SHORT .0044D5DB + * 0044D60C 83FF 0A CMP EDI,0xA + * 0044D60F 75 6F JNZ SHORT .0044D680 + * 0044D611 8B46 18 MOV EAX,DWORD PTR DS:[ESI+0x18] + * 0044D614 83F8 03 CMP EAX,0x3 + * 0044D617 77 3D JA SHORT .0044D656 + * 0044D619 FF2485 98DA4400 JMP DWORD PTR DS:[EAX*4+0x44DA98] + * 0044D620 56 PUSH ESI + * 0044D621 E8 3A080000 CALL .0044DE60 + * 0044D626 EB 2E JMP SHORT .0044D656 + * 0044D628 D94424 14 FLD DWORD PTR SS:[ESP+0x14] + * 0044D62C 51 PUSH ECX + * 0044D62D D91C24 FSTP DWORD PTR SS:[ESP] + * 0044D630 56 PUSH ESI + * 0044D631 E8 FA080000 CALL .0044DF30 + * 0044D636 EB 1E JMP SHORT .0044D656 + * 0044D638 D94424 14 FLD DWORD PTR SS:[ESP+0x14] + * 0044D63C 51 PUSH ECX + * 0044D63D D91C24 FSTP DWORD PTR SS:[ESP] + * 0044D640 56 PUSH ESI + * 0044D641 E8 CA090000 CALL .0044E010 + * 0044D646 EB 0E JMP SHORT .0044D656 + * 0044D648 D94424 14 FLD DWORD PTR SS:[ESP+0x14] + * 0044D64C 51 PUSH ECX + * 0044D64D D91C24 FSTP DWORD PTR SS:[ESP] + * 0044D650 56 PUSH ESI + * 0044D651 E8 9A0A0000 CALL .0044E0F0 + * 0044D656 8B5424 4C MOV EDX,DWORD PTR SS:[ESP+0x4C] + * 0044D65A D9EE FLDZ + * 0044D65C 8B02 MOV EAX,DWORD PTR DS:[EDX] + * 0044D65E D95C24 14 FSTP DWORD PTR SS:[ESP+0x14] + * 0044D662 D946 14 FLD DWORD PTR DS:[ESI+0x14] + * 0044D665 DB02 FILD DWORD PTR DS:[EDX] + * 0044D667 85C0 TEST EAX,EAX + * 0044D669 7D 06 JGE SHORT .0044D671 + * 0044D66B D805 D05C9100 FADD DWORD PTR DS:[0x915CD0] + * 0044D671 DEC1 FADDP ST(1),ST + * 0044D673 D84424 28 FADD DWORD PTR SS:[ESP+0x28] + * 0044D677 D95C24 28 FSTP DWORD PTR SS:[ESP+0x28] + * 0044D67B ^E9 ECFEFFFF JMP .0044D56C + * 0044D680 83FF 0D CMP EDI,0xD + * 0044D683 ^0F84 E3FEFFFF JE .0044D56C + * 0044D689 83FF 09 CMP EDI,0x9 + * 0044D68C ^0F84 DAFEFFFF JE .0044D56C + * 0044D692 8B5C24 1C MOV EBX,DWORD PTR SS:[ESP+0x1C] + * 0044D696 57 PUSH EDI + * 0044D697 8BC3 MOV EAX,EBX + * 0044D699 E8 6249FDFF CALL .00422000 + * 0044D69E 894424 18 MOV DWORD PTR SS:[ESP+0x18],EAX ; jichi: This is the ITH hook point + * 0044D6A2 85C0 TEST EAX,EAX + * 0044D6A4 ^0F84 C2FEFFFF JE .0044D56C + * 0044D6AA 57 PUSH EDI + * 0044D6AB 8BC3 MOV EAX,EBX + * 0044D6AD E8 4E49FDFF CALL .00422000 + * 0044D6B2 85C0 TEST EAX,EAX + * 0044D6B4 ^0F84 B2FEFFFF JE .0044D56C + * 0044D6BA 83C0 10 ADD EAX,0x10 + * 0044D6BD 894424 40 MOV DWORD PTR SS:[ESP+0x40],EAX + * 0044D6C1 ^0F84 A5FEFFFF JE .0044D56C + * 0044D6C7 57 PUSH EDI + * 0044D6C8 8BC3 MOV EAX,EBX + * 0044D6CA E8 3149FDFF CALL .00422000 + * 0044D6CF 85C0 TEST EAX,EAX + * 0044D6D1 75 04 JNZ SHORT .0044D6D7 + * 0044D6D3 D9EE FLDZ + * 0044D6D5 EB 03 JMP SHORT .0044D6DA + * 0044D6D7 D940 20 FLD DWORD PTR DS:[EAX+0x20] + * 0044D6DA D95C24 24 FSTP DWORD PTR SS:[ESP+0x24] + * 0044D6DE 8D4C24 20 LEA ECX,DWORD PTR SS:[ESP+0x20] + * 0044D6E2 D94424 24 FLD DWORD PTR SS:[ESP+0x24] + * 0044D6E6 51 PUSH ECX + * 0044D6E7 8D8E 04010000 LEA ECX,DWORD PTR DS:[ESI+0x104] + * 0044D6ED D95C24 24 FSTP DWORD PTR SS:[ESP+0x24] + * 0044D6F1 E8 6A55FFFF CALL .00442C60 + * 0044D6F6 D94424 24 FLD DWORD PTR SS:[ESP+0x24] + * 0044D6FA D94424 14 FLD DWORD PTR SS:[ESP+0x14] + * 0044D6FE D9C0 FLD ST + * 0044D700 DEC2 FADDP ST(2),ST + * 0044D702 D946 10 FLD DWORD PTR DS:[ESI+0x10] + * 0044D705 DEC2 FADDP ST(2),ST + * 0044D707 D9C9 FXCH ST(1) + * 0044D709 D95C24 48 FSTP DWORD PTR SS:[ESP+0x48] + * 0044D70D D94424 28 FLD DWORD PTR SS:[ESP+0x28] + * 0044D711 D95C24 20 FSTP DWORD PTR SS:[ESP+0x20] + * 0044D715 D94424 48 FLD DWORD PTR SS:[ESP+0x48] + * 0044D719 D946 08 FLD DWORD PTR DS:[ESI+0x8] + * 0044D71C DED9 FCOMPP + * 0044D71E DFE0 FSTSW AX + * 0044D720 F6C4 05 TEST AH,0x5 + * 0044D723 7A 47 JPE SHORT .0044D76C + * 0044D725 51 PUSH ECX + * 0044D726 8BC6 MOV EAX,ESI + * 0044D728 D91C24 FSTP DWORD PTR SS:[ESP] + * 0044D72B E8 D0060000 CALL .0044DE00 + * 0044D730 D94424 24 FLD DWORD PTR SS:[ESP+0x24] + * 0044D734 D846 10 FADD DWORD PTR DS:[ESI+0x10] + * 0044D737 8B5424 4C MOV EDX,DWORD PTR SS:[ESP+0x4C] + * 0044D73B 8B02 MOV EAX,DWORD PTR DS:[EDX] + * 0044D73D D95C24 48 FSTP DWORD PTR SS:[ESP+0x48] + * 0044D741 D946 14 FLD DWORD PTR DS:[ESI+0x14] + * 0044D744 DB02 FILD DWORD PTR DS:[EDX] + * 0044D746 85C0 TEST EAX,EAX + * 0044D748 7D 06 JGE SHORT .0044D750 + * 0044D74A D805 D05C9100 FADD DWORD PTR DS:[0x915CD0] + * 0044D750 DEC1 FADDP ST(1),ST + * 0044D752 D84424 28 FADD DWORD PTR SS:[ESP+0x28] + * 0044D756 D95C24 20 FSTP DWORD PTR SS:[ESP+0x20] + * 0044D75A D9EE FLDZ + * 0044D75C D95C24 14 FSTP DWORD PTR SS:[ESP+0x14] + * 0044D760 D94424 20 FLD DWORD PTR SS:[ESP+0x20] + * 0044D764 D95C24 28 FSTP DWORD PTR SS:[ESP+0x28] + * 0044D768 D94424 14 FLD DWORD PTR SS:[ESP+0x14] + * 0044D76C FF86 88000000 INC DWORD PTR DS:[ESI+0x88] + * 0044D772 D95C24 64 FSTP DWORD PTR SS:[ESP+0x64] + * 0044D776 D94424 28 FLD DWORD PTR SS:[ESP+0x28] + * 0044D77A 8D7E 6C LEA EDI,DWORD PTR DS:[ESI+0x6C] + * 0044D77D 8D5C24 64 LEA EBX,DWORD PTR SS:[ESP+0x64] + * 0044D781 D95C24 68 FSTP DWORD PTR SS:[ESP+0x68] + * 0044D785 E8 B658FFFF CALL .00443040 + * 0044D78A D9E8 FLD1 + * 0044D78C 8B5C24 18 MOV EBX,DWORD PTR SS:[ESP+0x18] + * 0044D790 83EC 0C SUB ESP,0xC + * 0044D793 D95C24 08 FSTP DWORD PTR SS:[ESP+0x8] + * 0044D797 8D46 54 LEA EAX,DWORD PTR DS:[ESI+0x54] + * 0044D79A D94424 34 FLD DWORD PTR SS:[ESP+0x34] + * 0044D79E 8B7424 4C MOV ESI,DWORD PTR SS:[ESP+0x4C] + * 0044D7A2 D95C24 04 FSTP DWORD PTR SS:[ESP+0x4] + * 0044D7A6 D94424 20 FLD DWORD PTR SS:[ESP+0x20] + * 0044D7AA D91C24 FSTP DWORD PTR SS:[ESP] + * 0044D7AD E8 1E040000 CALL .0044DBD0 + * 0044D7B2 8D5C24 2C LEA EBX,DWORD PTR SS:[ESP+0x2C] + * 0044D7B6 8D7C24 3C LEA EDI,DWORD PTR SS:[ESP+0x3C] + * 0044D7BA E8 E1050000 CALL .0044DDA0 + * 0044D7BF 0FB74C24 3C MOVZX ECX,WORD PTR SS:[ESP+0x3C] + * 0044D7C4 8B7424 34 MOV ESI,DWORD PTR SS:[ESP+0x34] + * 0044D7C8 8DBE A4000000 LEA EDI,DWORD PTR DS:[ESI+0xA4] + * 0044D7CE 8D5C24 18 LEA EBX,DWORD PTR SS:[ESP+0x18] + * 0044D7D2 894C24 18 MOV DWORD PTR SS:[ESP+0x18],ECX + * 0044D7D6 E8 15C8FCFF CALL .00419FF0 + * 0044D7DB 0FB74C24 2C MOVZX ECX,WORD PTR SS:[ESP+0x2C] + * 0044D7E0 B8 56555555 MOV EAX,0x55555556 + * 0044D7E5 F7E9 IMUL ECX + * 0044D7E7 8BC2 MOV EAX,EDX + * 0044D7E9 C1E8 1F SHR EAX,0x1F + * 0044D7EC 03C2 ADD EAX,EDX + * 0044D7EE 8DBE 8C000000 LEA EDI,DWORD PTR DS:[ESI+0x8C] + * 0044D7F4 8D5C24 18 LEA EBX,DWORD PTR SS:[ESP+0x18] + * 0044D7F8 894424 18 MOV DWORD PTR SS:[ESP+0x18],EAX + * 0044D7FC E8 EFC7FCFF CALL .00419FF0 + * 0044D801 8DBE D4000000 LEA EDI,DWORD PTR DS:[ESI+0xD4] + * 0044D807 D94424 48 FLD DWORD PTR SS:[ESP+0x48] + * 0044D80B 8D5C24 38 LEA EBX,DWORD PTR SS:[ESP+0x38] + * 0044D80F D95C24 14 FSTP DWORD PTR SS:[ESP+0x14] + * 0044D813 D94424 20 FLD DWORD PTR SS:[ESP+0x20] + * 0044D817 D95C24 28 FSTP DWORD PTR SS:[ESP+0x28] + * 0044D81B E8 D0C7FCFF CALL .00419FF0 + * 0044D820 C74424 38 000000>MOV DWORD PTR SS:[ESP+0x38],0x0 + * 0044D828 ^E9 3FFDFFFF JMP .0044D56C + * 0044D82D C68424 C8000000 >MOV BYTE PTR SS:[ESP+0xC8],0x0 + * 0044D835 83BC24 B4000000 >CMP DWORD PTR SS:[ESP+0xB4],0x10 + * 0044D83D 72 10 JB SHORT .0044D84F + * 0044D83F 8B8C24 A0000000 MOV ECX,DWORD PTR SS:[ESP+0xA0] + * 0044D846 51 PUSH ECX + * 0044D847 E8 29130600 CALL .004AEB75 + * 0044D84C 83C4 04 ADD ESP,0x4 + * 0044D84F 8B7C24 50 MOV EDI,DWORD PTR SS:[ESP+0x50] + * 0044D853 8B5C24 54 MOV EBX,DWORD PTR SS:[ESP+0x54] + * 0044D857 C78424 B4000000 >MOV DWORD PTR SS:[ESP+0xB4],0xF + * 0044D862 C78424 B0000000 >MOV DWORD PTR SS:[ESP+0xB0],0x0 + * 0044D86D C68424 A0000000 >MOV BYTE PTR SS:[ESP+0xA0],0x0 + * 0044D875 85FF TEST EDI,EDI + * 0044D877 75 19 JNZ SHORT .0044D892 + * 0044D879 E8 16190600 CALL .004AF194 + * 0044D87E 33C0 XOR EAX,EAX + * 0044D880 3B58 10 CMP EBX,DWORD PTR DS:[EAX+0x10] + * 0044D883 72 05 JB SHORT .0044D88A + * 0044D885 E8 0A190600 CALL .004AF194 + * 0044D88A 83C3 04 ADD EBX,0x4 + * 0044D88D ^E9 03FCFFFF JMP .0044D495 + * 0044D892 8B07 MOV EAX,DWORD PTR DS:[EDI] + * 0044D894 ^EB EA JMP SHORT .0044D880 + * 0044D896 66:8B5424 2C MOV DX,WORD PTR SS:[ESP+0x2C] + * 0044D89B 66:8996 84000000 MOV WORD PTR DS:[ESI+0x84],DX + * 0044D8A2 8B4E 64 MOV ECX,DWORD PTR DS:[ESI+0x64] + * 0044D8A5 2B4E 60 SUB ECX,DWORD PTR DS:[ESI+0x60] + * 0044D8A8 B8 67666666 MOV EAX,0x66666667 + * 0044D8AD F7E9 IMUL ECX + * 0044D8AF C1FA 03 SAR EDX,0x3 + * 0044D8B2 8BC2 MOV EAX,EDX + * 0044D8B4 C1E8 1F SHR EAX,0x1F + * 0044D8B7 03C2 ADD EAX,EDX + * 0044D8B9 74 0F JE SHORT .0044D8CA + * 0044D8BB D94424 14 FLD DWORD PTR SS:[ESP+0x14] + * 0044D8BF 51 PUSH ECX + * 0044D8C0 8BC6 MOV EAX,ESI + * 0044D8C2 D91C24 FSTP DWORD PTR SS:[ESP] + * 0044D8C5 E8 36050000 CALL .0044DE00 + * 0044D8CA 8B86 9C000000 MOV EAX,DWORD PTR DS:[ESI+0x9C] + * 0044D8D0 33DB XOR EBX,EBX + * 0044D8D2 895C24 3C MOV DWORD PTR SS:[ESP+0x3C],EBX + * 0044D8D6 895C24 2C MOV DWORD PTR SS:[ESP+0x2C],EBX + * 0044D8DA 895C24 1C MOV DWORD PTR SS:[ESP+0x1C],EBX + * 0044D8DE 895C24 20 MOV DWORD PTR SS:[ESP+0x20],EBX + * 0044D8E2 894424 18 MOV DWORD PTR SS:[ESP+0x18],EAX + * 0044D8E6 3986 98000000 CMP DWORD PTR DS:[ESI+0x98],EAX + * 0044D8EC 76 05 JBE SHORT .0044D8F3 + * 0044D8EE E8 A1180600 CALL .004AF194 + * 0044D8F3 8BBE 98000000 MOV EDI,DWORD PTR DS:[ESI+0x98] + * 0044D8F9 8B8E 8C000000 MOV ECX,DWORD PTR DS:[ESI+0x8C] + * 0044D8FF 894C24 58 MOV DWORD PTR SS:[ESP+0x58],ECX + * 0044D903 3BBE 9C000000 CMP EDI,DWORD PTR DS:[ESI+0x9C] + * 0044D909 76 05 JBE SHORT .0044D910 + * 0044D90B E8 84180600 CALL .004AF194 + * 0044D910 8B86 8C000000 MOV EAX,DWORD PTR DS:[ESI+0x8C] + * 0044D916 894424 40 MOV DWORD PTR SS:[ESP+0x40],EAX + * 0044D91A 897C24 44 MOV DWORD PTR SS:[ESP+0x44],EDI + * 0044D91E 895C24 34 MOV DWORD PTR SS:[ESP+0x34],EBX + * 0044D922 3BC3 CMP EAX,EBX + * 0044D924 74 06 JE SHORT .0044D92C + * 0044D926 3B4424 58 CMP EAX,DWORD PTR SS:[ESP+0x58] + * 0044D92A 74 05 JE SHORT .0044D931 + * 0044D92C E8 63180600 CALL .004AF194 + * 0044D931 8B5424 44 MOV EDX,DWORD PTR SS:[ESP+0x44] + * 0044D935 3B5424 18 CMP EDX,DWORD PTR SS:[ESP+0x18] + * 0044D939 0F84 0D010000 JE .0044DA4C + * 0044D93F 8B4424 34 MOV EAX,DWORD PTR SS:[ESP+0x34] + * 0044D943 33DB XOR EBX,EBX + * 0044D945 8DBE EC000000 LEA EDI,DWORD PTR DS:[ESI+0xEC] + * 0044D94B 894424 24 MOV DWORD PTR SS:[ESP+0x24],EAX + * 0044D94F 8B4E 4C MOV ECX,DWORD PTR DS:[ESI+0x4C] + * 0044D952 2B4E 48 SUB ECX,DWORD PTR DS:[ESI+0x48] + * 0044D955 B8 67666666 MOV EAX,0x66666667 + * 0044D95A F7E9 IMUL ECX + * 0044D95C C1FA 03 SAR EDX,0x3 + * 0044D95F 8BCA MOV ECX,EDX + * 0044D961 C1E9 1F SHR ECX,0x1F + * 0044D964 03CA ADD ECX,EDX + * 0044D966 8B5424 20 MOV EDX,DWORD PTR SS:[ESP+0x20] + * 0044D96A 8D0413 LEA EAX,DWORD PTR DS:[EBX+EDX] + * 0044D96D 3BC1 CMP EAX,ECX + * 0044D96F 72 05 JB SHORT .0044D976 + * 0044D971 E8 1E180600 CALL .004AF194 + * 0044D976 8B46 48 MOV EAX,DWORD PTR DS:[ESI+0x48] + * 0044D979 034424 24 ADD EAX,DWORD PTR SS:[ESP+0x24] + * 0044D97D 8D8C24 88000000 LEA ECX,DWORD PTR SS:[ESP+0x88] + * 0044D984 D900 FLD DWORD PTR DS:[EAX] + * 0044D986 51 PUSH ECX + * 0044D987 D99C24 8C000000 FSTP DWORD PTR SS:[ESP+0x8C] + * 0044D98E D940 04 FLD DWORD PTR DS:[EAX+0x4] + * 0044D991 D99C24 90000000 FSTP DWORD PTR SS:[ESP+0x90] + * 0044D998 D940 08 FLD DWORD PTR DS:[EAX+0x8] + * 0044D99B D99C24 94000000 FSTP DWORD PTR SS:[ESP+0x94] + * 0044D9A2 D940 0C FLD DWORD PTR DS:[EAX+0xC] + * 0044D9A5 D99C24 98000000 FSTP DWORD PTR SS:[ESP+0x98] + * 0044D9AC D940 10 FLD DWORD PTR DS:[EAX+0x10] + * 0044D9AF D99C24 9C000000 FSTP DWORD PTR SS:[ESP+0x9C] + * 0044D9B6 E8 A50B0000 CALL .0044E560 + * 0044D9BB 834424 24 14 ADD DWORD PTR SS:[ESP+0x24],0x14 + * 0044D9C0 43 INC EBX + * 0044D9C1 83FB 04 CMP EBX,0x4 + * 0044D9C4 ^7C 89 JL SHORT .0044D94F + * 0044D9C6 8D5C24 2C LEA EBX,DWORD PTR SS:[ESP+0x2C] + * 0044D9CA 8D7C24 3C LEA EDI,DWORD PTR SS:[ESP+0x3C] + * 0044D9CE E8 CD030000 CALL .0044DDA0 + * 0044D9D3 8B86 9C000000 MOV EAX,DWORD PTR DS:[ESI+0x9C] + * 0044D9D9 2B86 98000000 SUB EAX,DWORD PTR DS:[ESI+0x98] + * 0044D9DF 8B5424 24 MOV EDX,DWORD PTR SS:[ESP+0x24] + * 0044D9E3 BF 04000000 MOV EDI,0x4 + * 0044D9E8 017C24 20 ADD DWORD PTR SS:[ESP+0x20],EDI + * 0044D9EC C1F8 02 SAR EAX,0x2 + * 0044D9EF 895424 34 MOV DWORD PTR SS:[ESP+0x34],EDX + * 0044D9F3 394424 1C CMP DWORD PTR SS:[ESP+0x1C],EAX + * 0044D9F7 72 05 JB SHORT .0044D9FE + * 0044D9F9 E8 96170600 CALL .004AF194 + * 0044D9FE 8B8E B4000000 MOV ECX,DWORD PTR DS:[ESI+0xB4] + * 0044DA04 2B8E B0000000 SUB ECX,DWORD PTR DS:[ESI+0xB0] + * 0044DA0A C1F9 02 SAR ECX,0x2 + * 0044DA0D 394C24 1C CMP DWORD PTR SS:[ESP+0x1C],ECX + * 0044DA11 72 05 JB SHORT .0044DA18 + * 0044DA13 E8 7C170600 CALL .004AF194 + * 0044DA18 8B4424 40 MOV EAX,DWORD PTR SS:[ESP+0x40] + * 0044DA1C FF4424 1C INC DWORD PTR SS:[ESP+0x1C] + * 0044DA20 85C0 TEST EAX,EAX + * 0044DA22 75 24 JNZ SHORT .0044DA48 + * 0044DA24 E8 6B170600 CALL .004AF194 + * 0044DA29 33C0 XOR EAX,EAX + * 0044DA2B 8B5424 44 MOV EDX,DWORD PTR SS:[ESP+0x44] + * 0044DA2F 3B50 10 CMP EDX,DWORD PTR DS:[EAX+0x10] + * 0044DA32 72 05 JB SHORT .0044DA39 + * 0044DA34 E8 5B170600 CALL .004AF194 + * 0044DA39 017C24 44 ADD DWORD PTR SS:[ESP+0x44],EDI + * 0044DA3D 8B4424 40 MOV EAX,DWORD PTR SS:[ESP+0x40] + * 0044DA41 33DB XOR EBX,EBX + * 0044DA43 ^E9 DAFEFFFF JMP .0044D922 + * 0044DA48 8B00 MOV EAX,DWORD PTR DS:[EAX] + * 0044DA4A ^EB DF JMP SHORT .0044DA2B + * 0044DA4C 8B86 9C000000 MOV EAX,DWORD PTR DS:[ESI+0x9C] + * 0044DA52 2B86 98000000 SUB EAX,DWORD PTR DS:[ESI+0x98] + * 0044DA58 8D4C24 6C LEA ECX,DWORD PTR SS:[ESP+0x6C] + * 0044DA5C C1F8 02 SAR EAX,0x2 + * 0044DA5F 8946 38 MOV DWORD PTR DS:[ESI+0x38],EAX + * 0044DA62 C78424 C8000000 >MOV DWORD PTR SS:[ESP+0xC8],-0x1 + * 0044DA6D E8 CE0E0000 CALL .0044E940 + * 0044DA72 8B8C24 C0000000 MOV ECX,DWORD PTR SS:[ESP+0xC0] + * 0044DA79 64:890D 00000000 MOV DWORD PTR FS:[0],ECX + * 0044DA80 59 POP ECX + * 0044DA81 5F POP EDI + * 0044DA82 5E POP ESI + * 0044DA83 5B POP EBX + * 0044DA84 8B8C24 A8000000 MOV ECX,DWORD PTR SS:[ESP+0xA8] + * 0044DA8B 33CC XOR ECX,ESP + * 0044DA8D E8 EE100600 CALL .004AEB80 + * 0044DA92 8BE5 MOV ESP,EBP + * 0044DA94 5D POP EBP + * 0044DA95 C2 0400 RETN 0x4 + * 0044DA98 20D6 AND DH,DL + * 0044DA9A 44 INC ESP + * 0044DA9B 0028 ADD BYTE PTR DS:[EAX],CH + * 0044DA9D D6 SALC + * 0044DA9E 44 INC ESP + * 0044DA9F 0038 ADD BYTE PTR DS:[EAX],BH + * 0044DAA1 D6 SALC + * 0044DAA2 44 INC ESP + * 0044DAA3 0048 D6 ADD BYTE PTR DS:[EAX-0x2A],CL + * 0044DAA6 44 INC ESP + * 0044DAA7 00CC ADD AH,CL + * 0044DAA9 CC INT3 + * 0044DAAA CC INT3 + * 0044DAAB CC INT3 + * 0044DAAC CC INT3 + * 0044DAAD CC INT3 + * 0044DAAE CC INT3 + * 0044DAAF CC INT3 + */ +bool attach(ULONG startAddress, ULONG stopAddress) // attach scenario +{ + const uint8_t bytes[] = { + 0x57, // 0044d696 57 push edi + 0x8b,0xc3, // 0044d697 8bc3 mov eax,ebx + 0xe8, XX4, // 0044d699 e8 6249fdff call .00422000 + 0x89,0x44,0x24, 0x18, // 0044d69e 894424 18 mov dword ptr ss:[esp+0x18],eax ; jichi: this is the ith hook point + 0x85,0xc0, // 0044d6a2 85c0 test eax,eax + 0x0f,0x84 //c2feffff // 0044d6a4 ^0f84 c2feffff je .0044d56c + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if (!addr) + return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); // range is around 50, use 80 + if (!addr) + return false; + HookParam hp; + hp.address=addr; + hp.type=USING_STRING|EMBED_ABLE|EMBED_AFTER_NEW| EMBED_DYNA_SJIS; + hp.offset=get_stack(1); + hp.hook_before=Private::hookBefore; + hp.hook_font=F_GetGlyphOutlineA; + return NewHook(hp,"EmbedNexton"); +} + +} // namespace ScenarioHook +} // unnamed namespace + +bool Nexton::attach_function() { + bool embed=ScenarioHook::attach(processStartAddress,processStopAddress); + return InsertNextonHook()||embed; +} + + +/** jichi 8/17/2014 Nexton1 + * Sample games: + * - [Nomad][071026] 淫烙�巫女 Trial + * + * Debug method: text are prefetched into memory. Add break point to it. + * + * GetGlyphOutlineA is called, but no correct text. + * + * There are so many good hooks. The shortest function was picked,as follows: + * 0041974e cc int3 + * 0041974f cc int3 + * 00419750 56 push esi ; jichi: hook here, text in arg1 + * 00419751 8b7424 08 mov esi,dword ptr ss:[esp+0x8] + * 00419755 8bc6 mov eax,esi + * 00419757 57 push edi + * 00419758 8d78 01 lea edi,dword ptr ds:[eax+0x1] + * 0041975b eb 03 jmp short inrakutr.00419760 + * 0041975d 8d49 00 lea ecx,dword ptr ds:[ecx] + * 00419760 8a10 mov dl,byte ptr ds:[eax] ; jichi: eax is the text + * 00419762 83c0 01 add eax,0x1 + * 00419765 84d2 test dl,dl + * 00419767 ^75 f7 jnz short inrakutr.00419760 + * 00419769 2bc7 sub eax,edi + * 0041976b 50 push eax + * 0041976c 56 push esi + * 0041976d 83c1 04 add ecx,0x4 + * 00419770 e8 eb85feff call inrakutr.00401d60 + * 00419775 5f pop edi + * 00419776 5e pop esi + * 00419777 c2 0400 retn 0x4 + * 0041977a cc int3 + * 0041977b cc int3 + * 0041977c cc int3 + * + * Runtime stack: this function takes two arguments. Text address is in arg1. + * + * Other possible hooks are as follows: + * 00460caf 53 push ebx + * 00460cb0 c700 16000000 mov dword ptr ds:[eax],0x16 + * 00460cb6 e8 39feffff call inrakutr.00460af4 + * 00460cbb 83c4 14 add esp,0x14 + * 00460cbe 385d fc cmp byte ptr ss:[ebp-0x4],bl + * 00460cc1 74 07 je short inrakutr.00460cca + * 00460cc3 8b45 f8 mov eax,dword ptr ss:[ebp-0x8] + * 00460cc6 8360 70 fd and dword ptr ds:[eax+0x70],0xfffffffd + * 00460cca 33c0 xor eax,eax + * 00460ccc eb 2c jmp short inrakutr.00460cfa + * 00460cce 0fb601 movzx eax,byte ptr ds:[ecx] ; jichi: here, ecx + * 00460cd1 8b55 f4 mov edx,dword ptr ss:[ebp-0xc] + * 00460cd4 f64410 1d 04 test byte ptr ds:[eax+edx+0x1d],0x4 + * 00460cd9 74 0e je short inrakutr.00460ce9 + * 00460cdb 8d51 01 lea edx,dword ptr ds:[ecx+0x1] + * 00460cde 381a cmp byte ptr ds:[edx],bl + * 00460ce0 74 07 je short inrakutr.00460ce9 + * 00460ce2 c1e0 08 shl eax,0x8 + * 00460ce5 8bf0 mov esi,eax + * 00460ce7 8bca mov ecx,edx + * 00460ce9 0fb601 movzx eax,byte ptr ds:[ecx] + * 00460cec 03c6 add eax,esi + * 00460cee 385d fc cmp byte ptr ss:[ebp-0x4],bl + * 00460cf1 74 07 je short inrakutr.00460cfa + * 00460cf3 8b4d f8 mov ecx,dword ptr ss:[ebp-0x8] + * 00460cf6 8361 70 fd and dword ptr ds:[ecx+0x70],0xfffffffd + * 00460cfa 5e pop esi + * 00460cfb 5b pop ebx + * 00460cfc c9 leave + * 00460cfd c3 retn + * + * 00460d41 74 05 je short inrakutr.00460d48 + * 00460d43 381e cmp byte ptr ds:[esi],bl + * 00460d45 74 01 je short inrakutr.00460d48 + * 00460d47 46 inc esi + * 00460d48 8bc6 mov eax,esi + * 00460d4a 5e pop esi + * 00460d4b 5b pop ebx + * 00460d4c c3 retn + * 00460d4d 56 push esi + * 00460d4e 8b7424 08 mov esi,dword ptr ss:[esp+0x8] + * 00460d52 0fb606 movzx eax,byte ptr ds:[esi] ; jichi: esi & ebp + * 00460d55 50 push eax + * 00460d56 e8 80fcffff call inrakutr.004609db + * 00460d5b 85c0 test eax,eax + * 00460d5d 59 pop ecx + * 00460d5e 74 0b je short inrakutr.00460d6b + * 00460d60 807e 01 00 cmp byte ptr ds:[esi+0x1],0x0 + * 00460d64 74 05 je short inrakutr.00460d6b + * 00460d66 6a 02 push 0x2 + * 00460d68 58 pop eax + * 00460d69 5e pop esi + * 00460d6a c3 retn + * + * 00460d1d 53 push ebx + * 00460d1e 53 push ebx + * 00460d1f 53 push ebx + * 00460d20 53 push ebx + * 00460d21 53 push ebx + * 00460d22 c700 16000000 mov dword ptr ds:[eax],0x16 + * 00460d28 e8 c7fdffff call inrakutr.00460af4 + * 00460d2d 83c4 14 add esp,0x14 + * 00460d30 33c0 xor eax,eax + * 00460d32 eb 16 jmp short inrakutr.00460d4a + * 00460d34 0fb606 movzx eax,byte ptr ds:[esi] ; jichi: esi, ebp + * 00460d37 50 push eax + * 00460d38 e8 9efcffff call inrakutr.004609db + * 00460d3d 46 inc esi + * 00460d3e 85c0 test eax,eax + * 00460d40 59 pop ecx + * 00460d41 74 05 je short inrakutr.00460d48 + * 00460d43 381e cmp byte ptr ds:[esi],bl + * 00460d45 74 01 je short inrakutr.00460d48 + * 00460d47 46 inc esi + * + * 0042c59f cc int3 + * 0042c5a0 56 push esi + * 0042c5a1 8bf1 mov esi,ecx + * 0042c5a3 8b86 cc650000 mov eax,dword ptr ds:[esi+0x65cc] + * 0042c5a9 8b50 1c mov edx,dword ptr ds:[eax+0x1c] + * 0042c5ac 57 push edi + * 0042c5ad 8b7c24 0c mov edi,dword ptr ss:[esp+0xc] + * 0042c5b1 8d8e cc650000 lea ecx,dword ptr ds:[esi+0x65cc] + * 0042c5b7 57 push edi + * 0042c5b8 ffd2 call edx + * 0042c5ba 8bc7 mov eax,edi + * 0042c5bc 8d50 01 lea edx,dword ptr ds:[eax+0x1] + * 0042c5bf 90 nop + * 0042c5c0 8a08 mov cl,byte ptr ds:[eax] ; jichi: here eax + * 0042c5c2 83c0 01 add eax,0x1 + * 0042c5c5 84c9 test cl,cl + * 0042c5c7 ^75 f7 jnz short inrakutr.0042c5c0 + * 0042c5c9 2bc2 sub eax,edx + * 0042c5cb 50 push eax + * 0042c5cc 57 push edi + * 0042c5cd 8d8e 24660000 lea ecx,dword ptr ds:[esi+0x6624] + * 0042c5d3 e8 8857fdff call inrakutr.00401d60 + * 0042c5d8 8b86 b4660000 mov eax,dword ptr ds:[esi+0x66b4] + * 0042c5de 85c0 test eax,eax + * 0042c5e0 74 0d je short inrakutr.0042c5ef + * 0042c5e2 8b8e b8660000 mov ecx,dword ptr ds:[esi+0x66b8] + * 0042c5e8 2bc8 sub ecx,eax + * 0042c5ea c1f9 02 sar ecx,0x2 + * 0042c5ed 75 05 jnz short inrakutr.0042c5f4 + * 0042c5ef e8 24450300 call inrakutr.00460b18 + * 0042c5f4 8b96 b4660000 mov edx,dword ptr ds:[esi+0x66b4] + * 0042c5fa 8b0a mov ecx,dword ptr ds:[edx] + * 0042c5fc 8b01 mov eax,dword ptr ds:[ecx] + * 0042c5fe 8b50 30 mov edx,dword ptr ds:[eax+0x30] + * 0042c601 ffd2 call edx + * 0042c603 8b06 mov eax,dword ptr ds:[esi] + * 0042c605 8b90 f8000000 mov edx,dword ptr ds:[eax+0xf8] + * 0042c60b 6a 00 push 0x0 + * 0042c60d 68 c3164a00 push inrakutr.004a16c3 + * 0042c612 57 push edi + * 0042c613 8bce mov ecx,esi + * 0042c615 ffd2 call edx + * 0042c617 5f pop edi + * 0042c618 5e pop esi + * 0042c619 c2 0400 retn 0x4 + * 0042c61c cc int3 + * + * 0041974e cc int3 + * 0041974f cc int3 + * 00419750 56 push esi + * 00419751 8b7424 08 mov esi,dword ptr ss:[esp+0x8] + * 00419755 8bc6 mov eax,esi + * 00419757 57 push edi + * 00419758 8d78 01 lea edi,dword ptr ds:[eax+0x1] + * 0041975b eb 03 jmp short inrakutr.00419760 + * 0041975d 8d49 00 lea ecx,dword ptr ds:[ecx] + * 00419760 8a10 mov dl,byte ptr ds:[eax] ; jichi: eax + * 00419762 83c0 01 add eax,0x1 + * 00419765 84d2 test dl,dl + * 00419767 ^75 f7 jnz short inrakutr.00419760 + * 00419769 2bc7 sub eax,edi + * 0041976b 50 push eax + * 0041976c 56 push esi + * 0041976d 83c1 04 add ecx,0x4 + * 00419770 e8 eb85feff call inrakutr.00401d60 + * 00419775 5f pop edi + * 00419776 5e pop esi + * 00419777 c2 0400 retn 0x4 + * 0041977a cc int3 + * 0041977b cc int3 + * 0041977c cc int3 + * + * 0042c731 57 push edi + * 0042c732 ffd0 call eax + * 0042c734 8bc7 mov eax,edi + * 0042c736 8d50 01 lea edx,dword ptr ds:[eax+0x1] + * 0042c739 8da424 00000000 lea esp,dword ptr ss:[esp] + * 0042c740 8a08 mov cl,byte ptr ds:[eax] ; jichi: eax + * 0042c742 83c0 01 add eax,0x1 + * 0042c745 84c9 test cl,cl + * 0042c747 ^75 f7 jnz short inrakutr.0042c740 + * 0042c749 2bc2 sub eax,edx + * 0042c74b 8bf8 mov edi,eax + * 0042c74d e8 fe1d0100 call inrakutr.0043e550 + * 0042c752 8b0d 187f4c00 mov ecx,dword ptr ds:[0x4c7f18] + * 0042c758 8b11 mov edx,dword ptr ds:[ecx] + * 0042c75a 8b42 70 mov eax,dword ptr ds:[edx+0x70] + * 0042c75d ffd0 call eax + * 0042c75f 83c0 0a add eax,0xa + * 0042c762 0fafc7 imul eax,edi + * 0042c765 5f pop edi + * 0042c766 8986 60660000 mov dword ptr ds:[esi+0x6660],eax + */ +bool InsertNexton1Hook() +{ + const BYTE bytes[] = { + 0x56, // 00419750 56 push esi ; jichi: hook here, text in arg1 + 0x8b,0x74,0x24, 0x08, // 00419751 8b7424 08 mov esi,dword ptr ss:[esp+0x8] + 0x8b,0xc6, // 00419755 8bc6 mov eax,esi + 0x57, // 00419757 57 push edi + 0x8d,0x78, 0x01, // 00419758 8d78 01 lea edi,dword ptr ds:[eax+0x1] + 0xeb, 0x03, // 0041975b eb 03 jmp short inrakutr.00419760 + 0x8d,0x49, 0x00, // 0041975d 8d49 00 lea ecx,dword ptr ds:[ecx] + 0x8a,0x10, // 00419760 8a10 mov dl,byte ptr ds:[eax] ; jichi: eax is the text + 0x83,0xc0, 0x01, // 00419762 83c0 01 add eax,0x1 + 0x84,0xd2, // 00419765 84d2 test dl,dl + 0x75, 0xf7, // 00419767 ^75 f7 jnz short inrakutr.00419760 + 0x2b,0xc7, // 00419769 2bc7 sub eax,edi + 0x50, // 0041976b 50 push eax + 0x56, // 0041976c 56 push esi + 0x83,0xc1, 0x04 // 0041976d 83c1 04 add ecx,0x4 + //0xe8, XX4, // 00419770 e8 eb85feff call inrakutr.00401d60 + //0x5f, // 00419775 5f pop edi + //0x5e, // 00419776 5e pop esi + //0xc2, 0x04,0x00 // 00419777 c2 0400 retn 0x4 + }; + enum { addr_offset = 0 }; // distance to the beginning of the function + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + //GROWL_DWORD(addr); // supposed to be 0x4010e0 + if (!addr) { + ConsoleOutput("NEXTON1: pattern not found"); + return false; + } + //GROWL_DWORD(addr); + + HookParam hp; + hp.address = addr + addr_offset; + //hp.length_offset = 1; + hp.offset=get_stack(1); // [esp+4] == arg0 + hp.type = USING_STRING; + ConsoleOutput("INSERT NEXTON1"); + return NewHook(hp, "NEXTON1"); +} + +bool Nexton1::attach_function() { + + return InsertNexton1Hook(); +} \ No newline at end of file diff --git a/LunaHook/engine32/Nexton.h b/LunaHook/engine32/Nexton.h new file mode 100644 index 0000000..56e17f0 --- /dev/null +++ b/LunaHook/engine32/Nexton.h @@ -0,0 +1,32 @@ +#include"engine.h" + +class Nexton:public ENGINE{ + public: + Nexton(){ + is_engine_certain=false; + check_by=CHECK_BY::CUSTOM; + check_by_target=[](){ + return Util::CheckFile(L"aInfo.db")|| + ( + Util::CheckFile(L"cfg.cfg")&& + Util::CheckFile(L"SystemConfig.exe")&& + Util::CheckFile(L"data.arc")&& + Util::CheckFile(L"se_000.arc")&& + Util::CheckFile(L"voice_000.arc") + ); + }; + }; + bool attach_function(); +}; + +class Nexton1:public ENGINE{ + public: + Nexton1(){ + + check_by=CHECK_BY::FILE; + // old nexton game + check_by_target=L"comnArc.arc"; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Nijyuei.cpp b/LunaHook/engine32/Nijyuei.cpp new file mode 100644 index 0000000..b22416d --- /dev/null +++ b/LunaHook/engine32/Nijyuei.cpp @@ -0,0 +1,23 @@ +#include"Nijyuei.h" + + +bool Nijyuei::attach_function() { + //二重影 + BYTE bytes[] = { + 0xE8,XX4, + 0x85,0xc0, + 0x0f,0x85,XX4, + 0x5f,0x5e,0x5d,0x5b, + 0x81,0xC4,0x0C,0x01,0x00,0x00, + 0xC3 + + }; + auto addr=MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if(addr==0)return false; + + HookParam hp; + hp.address = addr+5; + hp.type = USING_STRING; + hp.offset=get_reg(regs::edx); + return NewHook(hp, "Nijyuei"); +} \ No newline at end of file diff --git a/LunaHook/engine32/Nijyuei.h b/LunaHook/engine32/Nijyuei.h new file mode 100644 index 0000000..157ec8d --- /dev/null +++ b/LunaHook/engine32/Nijyuei.h @@ -0,0 +1,11 @@ +#include"engine.h" + +class Nijyuei:public ENGINE{ + public: + Nijyuei(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"Nijyuei.kpd"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Nitroplus.cpp b/LunaHook/engine32/Nitroplus.cpp new file mode 100644 index 0000000..dc16ba7 --- /dev/null +++ b/LunaHook/engine32/Nitroplus.cpp @@ -0,0 +1,101 @@ +#include"Nitroplus.h" + + +bool InsertNitroplusHook() +{ + const BYTE bytes[] = {0xb0, 0x74, 0x53}; + DWORD addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!addr) { + ConsoleOutput("Nitroplus: pattern not exist"); + return false; + } + enum : WORD { sub_esp = 0xec83 }; // caller pattern: sub esp = 0x83,0xec + BYTE b = *(BYTE *)(addr + 3) & 3; + while (*(WORD *)addr != sub_esp) + addr--; + HookParam hp; + hp.address = addr; + hp.offset = -0x14+ (b << 2); + hp.type = CODEC_ANSI_BE; + ConsoleOutput("INSERT Nitroplus"); + return NewHook(hp, "Nitroplus"); + //RegisterEngineType(ENGINE_Nitroplus); +} +bool InsertNitroplus2Hook() { + + /* + * Sample games: + * https://vndb.org/v428 + */ + BYTE bytes[] = { + 0x8D, 0xB4, 0x29, XX4, // lea esi,[ecx+ebp+0000415C] + 0x74, 0x20, // je Django.exe+6126E + 0x8D, 0xBC, 0xBD, XX4, // lea edi,[ebp+edi*4+0006410C] + 0x8B, 0x56, 0xB0, // mov edx,[esi-50] + 0xE8, XX4 // call Django.exe+51150 << hook here + }; + enum { addr_offset = sizeof(bytes) - 5 }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!addr) { + ConsoleOutput("Nitroplus2: pattern not found"); + return false; + } + HookParam hp; + hp.address = addr + addr_offset; + hp.offset=get_reg(regs::edx); + hp.type = CODEC_ANSI_BE; + return NewHook(hp, "Nitroplus2"); +} +bool Nitroplus::attach_function() { + + return InsertNitroplusHook()||InsertNitroplus2Hook(); +} + +bool NitroplusSysFilter(LPVOID data, size_t *size, HookParam *) +{ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + + if (*len <= 2) return false; + + StringFilter(text, len, "\x81@", 2); + CharReplacer(text, len, '\r', ' '); + if (cpp_strnstr(text, "<", *len)) { + StringFilterBetween(text, len, "<", 1, ">", 1); + } + while (*len>1 && ::isspace(*text)) { + ::memmove(text, text+1, --(*len)); + } + + return true; +} + +bool InsertNitroplusSysHook() { + + /* + * Sample games: + * https://vndb.org/r76679 + */ + const BYTE bytes[] = { + 0x0F, 0x84, XX4, // je system.dll+5B8CA <- hook here + 0xEB, 0x04, // jmp system.dll+5A791 + 0x8B, 0x44, 0x24, 0x20, // mov eax,[esp+20] + 0x8B, 0x4C, 0x24, 0x24 // mov ecx,[esp+24] + }; + + HMODULE module = GetModuleHandleW(L"system.dll"); + auto [minAddress, maxAddress] = Util::QueryModuleLimits(module); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), minAddress, maxAddress); + if (!addr) + return false; + + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::eax); + hp.type = USING_STRING; + hp.filter_fun = NitroplusSysFilter; + return NewHook(hp, "NitroplusSystem"); +} +bool Nitroplusplus::attach_function(){ + return InsertNitroplusSysHook(); +} \ No newline at end of file diff --git a/LunaHook/engine32/Nitroplus.h b/LunaHook/engine32/Nitroplus.h new file mode 100644 index 0000000..d26f2c9 --- /dev/null +++ b/LunaHook/engine32/Nitroplus.h @@ -0,0 +1,23 @@ +#include"engine.h" + +class Nitroplus:public ENGINE{ + public: + Nitroplus(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"*.npa"; + }; + bool attach_function(); +}; + +class Nitroplusplus:public ENGINE{ + public: + Nitroplusplus(){ + check_by=CHECK_BY::CUSTOM; + is_engine_certain=false; + check_by_target=[](){ + return Util::SearchResourceString(L"Nitro+")&&Util::CheckFile(L"system.dll"); + }; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Nitroplus2.cpp b/LunaHook/engine32/Nitroplus2.cpp new file mode 100644 index 0000000..20696be --- /dev/null +++ b/LunaHook/engine32/Nitroplus2.cpp @@ -0,0 +1,473 @@ +#include"Nitroplus2.h" + +#include"embed_util.h" +/** + * Jazzinghen 23/05/2020: Add TokyoNecro hook + * + * [Nitroplus] 東京Necro 1.01 - Text boxes hook + * + * Hook code: HS-14*8@B5420:TokyoNecro.exe + * + * Debug method: + * Found memory location where the text was written, then used hardware break on write. + * After that found the function that writes the text in, found that the memory pointed + * contains more than just the text. Followed the call stack "upwards" until a function + * that handles only the text copy is found. + * + * Disassembled code: + * TokyoNecro.exe+B5420 - 55 - push ebp ; place to hook + * TokyoNecro.exe+B5421 - 8B EC - mov ebp,esp + * TokyoNecro.exe+B5423 - 6A FF - push -01 + * TokyoNecro.exe+B5425 - 68 E8613000 - push TokyoNecro.exe+1961E8 + * TokyoNecro.exe+B542A - 64 A1 00000000 - mov eax,fs:[00000000] + * TokyoNecro.exe+B5430 - 50 - push eax + * TokyoNecro.exe+B5431 - 64 89 25 00000000 - mov fs:[00000000],esp + * TokyoNecro.exe+B5438 - 83 EC 1C - sub esp,1C + * TokyoNecro.exe+B543B - 8B 55 08 - mov edx,[ebp+08] + * TokyoNecro.exe+B543E - 53 - push ebx + * TokyoNecro.exe+B543F - 56 - push esi + * TokyoNecro.exe+B5440 - 8B C2 - mov eax,edx + * TokyoNecro.exe+B5442 - 57 - push edi + * TokyoNecro.exe+B5443 - 8B D9 - mov ebx,ecx + * TokyoNecro.exe+B5445 - C7 45 EC 0F000000 - mov [ebp-14],0000000F + * TokyoNecro.exe+B544C - C7 45 E8 00000000 - mov [ebp-18],00000000 + * TokyoNecro.exe+B5453 - C6 45 D8 00 - mov byte ptr [ebp-28],00 + * TokyoNecro.exe+B5457 - 8D 70 01 - lea esi,[eax+01] + * TokyoNecro.exe+B545A - 8D 9B 00000000 - lea ebx,[ebx+00000000] + * TokyoNecro.exe+B5460 - 8A 08 - mov cl,[eax] + * TokyoNecro.exe+B5462 - 40 - inc eax + * TokyoNecro.exe+B5463 - 84 C9 - test cl,cl + * TokyoNecro.exe+B5465 - 75 F9 - jne TokyoNecro.exe+B5460 + * TokyoNecro.exe+B5467 - 2B C6 - sub eax,esi + * TokyoNecro.exe+B5469 - 52 - push edx + * TokyoNecro.exe+B546A - 8B F8 - mov edi,eax ▷ Search + * TokyoNecro.exe+B546C - 8D 75 D8 - lea esi,[ebp-28] | + * TokyoNecro.exe+B546F - E8 6CE1F4FF - call TokyoNecro.exe+35E0 ▷ + * + * Notes: + * + * There's more data above due to the fact that the start of the function is very + * common and it was hooking a wrong function. + * + * The text is contained into the memory location at [esp+04] when hooking the + * code at TokyoNecro.exe+B5420 + * + * If the game is hooked right at the main menu it will also catch the real time clock + * rendered there. + */ + +namespace { + +const BYTE funcSig[] = { 0x55, 0x8b, 0xec }; + +bool TextHook() { + + const BYTE bytecodes[] = { + 0x8B, 0xF8, // 8B F8 - mov edi,eax + 0x8D, 0x75, 0xD8, // 8D 75 D8 - lea esi,[ebp-28] + 0xE8, 0x6C, 0xE1, 0xF4, 0xFF, // E8 6CE1F4FF - call TokyoNecro.exe+35E0 + }; + ULONG addr = MemDbg::findBytes(bytecodes, sizeof(bytecodes), processStartAddress, processStopAddress); + if (addr == 0) { + ConsoleOutput("TokyoNecro: pattern not found"); + return false; + } + + // Look for the start of the function + const ULONG function_start = MemDbg::findEnclosingAlignedFunction(addr); + if (memcmp((void*)function_start, funcSig, sizeof(funcSig)) != 0) { + ConsoleOutput("TokyoNecro: function start not found"); + return false; + } + + HookParam hp; + hp.address = function_start; + // The memory address is held at [ebp+08] at TokyoNecro.exe+B543B, meaning that at + // the start of the function it's right above the stack pointer. Since there's no + // way to do an operation on the value of a register BEFORE dereferencing (e.g. + // (void*)(esp+4) instead of ((void*)esp)+4) we have to go up the stack instead of + // using the data in the registers + hp.offset=get_stack(1); + hp.type = USING_STRING; + ConsoleOutput("INSERT TokyoNecroText"); + return NewHook(hp, "TokyoNecroText"); +} + +/** + * [Nitroplus] 東京Necro 1.01 - Database/Encyclopedia hook + * + * Hook code: HS4*@B5380:tokyonecro.exe + * + * TokyoNecro.exe+B5380 - 55 - push ebp ; Location to hook + * TokyoNecro.exe+B5381 - 8B EC - mov ebp,esp + * TokyoNecro.exe+B5383 - 6A FF - push -01 + * TokyoNecro.exe+B5385 - 68 E8618E00 - push TokyoNecro.exe+1961E8 + * TokyoNecro.exe+B538A - 64 A1 00000000 - mov eax,fs:[00000000] + * TokyoNecro.exe+B5390 - 50 - push eax + * TokyoNecro.exe+B5391 - 64 89 25 00000000 - mov fs:[00000000],esp + * TokyoNecro.exe+B5398 - 83 EC 1C - sub esp,1C + * TokyoNecro.exe+B539B - 8B 55 08 - mov edx,[ebp+08] + * TokyoNecro.exe+B539E - 53 - push ebx + * TokyoNecro.exe+B539F - 56 - push esi + * TokyoNecro.exe+B53A0 - 8B C2 - mov eax,edx + * TokyoNecro.exe+B53A2 - 57 - push edi + * TokyoNecro.exe+B53A3 - 8B D9 - mov ebx,ecx + * TokyoNecro.exe+B53A5 - C7 45 EC 0F000000 - mov [ebp-14],0000000F + * TokyoNecro.exe+B53AC - C7 45 E8 00000000 - mov [ebp-18],00000000 + * TokyoNecro.exe+B53B3 - C6 45 D8 00 - mov byte ptr [ebp-28],00 + * TokyoNecro.exe+B53B7 - 8D 70 01 - lea esi,[eax+01] + * TokyoNecro.exe+B53BA - 8D 9B 00000000 - lea ebx,[ebx+00000000] + * TokyoNecro.exe+B53C0 - 8A 08 - mov cl,[eax] + * TokyoNecro.exe+B53C2 - 40 - inc eax + * TokyoNecro.exe+B53C3 - 84 C9 - test cl,cl + * TokyoNecro.exe+B53C5 - 75 F9 - jne TokyoNecro.exe+B53C0 + * TokyoNecro.exe+B53C7 - 2B C6 - sub eax,esi + * TokyoNecro.exe+B53C9 - 52 - push edx + * TokyoNecro.exe+B53CA - 8B F8 - mov edi,eax ▷ Search + * TokyoNecro.exe+B53CC - 8D 75 D8 - lea esi,[ebp-28] | + * TokyoNecro.exe+B53CF - E8 0CE2F4FF - call TokyoNecro.exe+35E0 ▷ + * + * + */ + +bool DatabaseHook() +{ + const BYTE bytecodes[] = { + 0x8B, 0xF8, // 8B F8 - mov edi,eax + 0x8D, 0x75, 0xD8, // 8D 75 D8 - lea esi,[ebp-28] + 0xE8, 0x0C, 0xE2, 0xF4, 0xFF, // E8 6CE1F4FF - call TokyoNecro.exe+35E0 + }; + ULONG addr = MemDbg::findBytes(bytecodes, sizeof(bytecodes), processStartAddress, processStopAddress); + if (addr == 0) { + ConsoleOutput("TokyoNecro: pattern not found"); + return false; + } + + // Look for the start of the function + const ULONG function_start = MemDbg::findEnclosingAlignedFunction(addr); + if (memcmp((void*)function_start, funcSig, sizeof(funcSig)) != 0) { + ConsoleOutput("TokyoNecro: function start not found"); + return false; + } + + HookParam hp; + hp.address = function_start; + hp.offset=get_stack(1); + hp.type = USING_STRING; + return NewHook(hp, "TokyoNecroDatabase"); + ConsoleOutput("INSERT TokyoNecroDatabase"); +} + +bool InsertTokyoNecroHook() +{ + DatabaseHook(); + return TextHook(); +} +} // namespace TokyoNecro + +bool InsertNitroPlusHook() { + //機神咆吼デモンベイン + //みにくいモジカの子 + BYTE bytes[] = { + 0x55, + 0x8b,0xec, + 0xff,0x75,0x10, + 0xff,0x75,0x0c, + 0xe8,XX,XX,0xff,0xff + }; + BYTE bytes2[] = { + 0x55, + 0x8b,0xec, + 0xff,0x75,0x0c, + 0xe8,XX,XX,0xff,0xff + }; + auto addr1 = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + auto addr2 = MemDbg::findBytes(bytes2, sizeof(bytes2), processStartAddress, processStopAddress); + ConsoleOutput("NitroPlus %p", addr1); + ConsoleOutput("NitroPlus %p", addr2); + if (addr1 == 0 && addr2 == 0)return false; + auto succ=false; + if (addr1) { + HookParam hp; + hp.address = addr1; + hp.offset=get_stack(2); + hp.type = CODEC_UTF16; + succ|=NewHook(hp, "NitroPlus"); + } + if (addr2) { + HookParam hp; + hp.address = addr2; + hp.offset=get_stack(2); + hp.type = CODEC_UTF16; + succ|=NewHook(hp, "NitroPlus"); + } + + return succ; +} +namespace { // unnamed +namespace ScenarioHook { + +/** + * Sample game: 凍京NECRO 体験版 + * Debug step: + * 1. find the text location that does not change + * 2. Use Ollydbg to find where the text is modified + * 3. Backtrack the stack to find proper caller. + * + * Issues: It cannot extract character name. + * + * File pattern: *.npk for new "Nitroplus" (p is lower case) + * btw, *.npa for old "Nitroplus" + * + * 00CF0E6A CC INT3 + * 00CF0E6B CC INT3 + * 00CF0E6C CC INT3 + * 00CF0E6D CC INT3 + * 00CF0E6E CC INT3 + * 00CF0E6F CC INT3 + * 00CF0E70 55 PUSH EBP ; jichi: text in arg1 + * 00CF0E71 8BEC MOV EBP,ESP + * 00CF0E73 6A FF PUSH -0x1 + * 00CF0E75 68 184BDC00 PUSH .00DC4B18 + * 00CF0E7A 64:A1 00000000 MOV EAX,DWORD PTR FS:[0] + * 00CF0E80 50 PUSH EAX + * 00CF0E81 64:8925 00000000 MOV DWORD PTR FS:[0],ESP + * 00CF0E88 83EC 1C SUB ESP,0x1C + * 00CF0E8B 8B55 08 MOV EDX,DWORD PTR SS:[EBP+0x8] + * 00CF0E8E 53 PUSH EBX + * 00CF0E8F 56 PUSH ESI + * 00CF0E90 8BC2 MOV EAX,EDX + * 00CF0E92 57 PUSH EDI + * 00CF0E93 8BD9 MOV EBX,ECX + * 00CF0E95 C745 EC 0F000000 MOV DWORD PTR SS:[EBP-0x14],0xF + * 00CF0E9C C745 E8 00000000 MOV DWORD PTR SS:[EBP-0x18],0x0 + * 00CF0EA3 C645 D8 00 MOV BYTE PTR SS:[EBP-0x28],0x0 + * 00CF0EA7 8D70 01 LEA ESI,DWORD PTR DS:[EAX+0x1] + * 00CF0EAA 8D9B 00000000 LEA EBX,DWORD PTR DS:[EBX] + * 00CF0EB0 8A08 MOV CL,BYTE PTR DS:[EAX] + * 00CF0EB2 40 INC EAX + * 00CF0EB3 84C9 TEST CL,CL + * 00CF0EB5 ^75 F9 JNZ SHORT .00CF0EB0 + * 00CF0EB7 2BC6 SUB EAX,ESI + * 00CF0EB9 52 PUSH EDX + * 00CF0EBA 8BF8 MOV EDI,EAX + * 00CF0EBC 8D75 D8 LEA ESI,DWORD PTR SS:[EBP-0x28] + * 00CF0EBF E8 0C0DF5FF CALL .00C41BD0 + * 00CF0EC4 C745 FC 00000000 MOV DWORD PTR SS:[EBP-0x4],0x0 ; jichi: pattern start + * 00CF0ECB 8B8B 84030000 MOV ECX,DWORD PTR DS:[EBX+0x384] + * 00CF0ED1 8B01 MOV EAX,DWORD PTR DS:[ECX] + * 00CF0ED3 8B40 60 MOV EAX,DWORD PTR DS:[EAX+0x60] + * 00CF0ED6 8BD6 MOV EDX,ESI + * 00CF0ED8 52 PUSH EDX + * 00CF0ED9 FFD0 CALL EAX ;jichi: called here .00CAEF00 + * 00CF0EDB 837D EC 10 CMP DWORD PTR SS:[EBP-0x14],0x10 + * 00CF0EDF 5F POP EDI + * 00CF0EE0 5E POP ESI + * 00CF0EE1 5B POP EBX + * 00CF0EE2 72 0C JB SHORT .00CF0EF0 + * 00CF0EE4 8B4D D8 MOV ECX,DWORD PTR SS:[EBP-0x28] + * 00CF0EE7 51 PUSH ECX + * 00CF0EE8 E8 ED060B00 CALL .00DA15DA + * 00CF0EED 83C4 04 ADD ESP,0x4 + * 00CF0EF0 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-0xC] + * 00CF0EF3 64:890D 00000000 MOV DWORD PTR FS:[0],ECX + * 00CF0EFA 8BE5 MOV ESP,EBP + * 00CF0EFC 5D POP EBP + * 00CF0EFD C2 0400 RETN 0x4 + * 00CF0F00 8B89 84030000 MOV ECX,DWORD PTR DS:[ECX+0x384] + * 00CF0F06 8B01 MOV EAX,DWORD PTR DS:[ECX] + * 00CF0F08 8B50 64 MOV EDX,DWORD PTR DS:[EAX+0x64] + * 00CF0F0B FFE2 JMP EDX + * 00CF0F0D CC INT3 + * 00CF0F0E CC INT3 + * 00CF0F0F CC INT3 + * 00CF0F10 55 PUSH EBP + * 00CF0F11 8BEC MOV EBP,ESP + * 00CF0F13 83EC 10 SUB ESP,0x10 + * 00CF0F16 8B89 84030000 MOV ECX,DWORD PTR DS:[ECX+0x384] + * 00CF0F1C 8B01 MOV EAX,DWORD PTR DS:[ECX] + * 00CF0F1E 8B80 A0000000 MOV EAX,DWORD PTR DS:[EAX+0xA0] + * 00CF0F24 8D55 F0 LEA EDX,DWORD PTR SS:[EBP-0x10] + * 00CF0F27 52 PUSH EDX + * 00CF0F28 FFD0 CALL EAX + * 00CF0F2A 8D4D F8 LEA ECX,DWORD PTR SS:[EBP-0x8] + * 00CF0F2D FF15 7482DC00 CALL DWORD PTR DS:[0xDC8274] ; _1nput1_.1007E880 + * 00CF0F33 66:0F6E45 F0 MOVD MM0,DWORD PTR SS:[EBP-0x10] + * 00CF0F38 66:0F6E4D F4 MOVD MM1,DWORD PTR SS:[EBP-0xC] + * 00CF0F3D 8B0D E046E000 MOV ECX,DWORD PTR DS:[0xE046E0] + * 00CF0F43 0F5B ??? ; Unknown command + * 00CF0F45 C0F3 0F SAL BL,0xF + * 00CF0F48 1145 F8 ADC DWORD PTR SS:[EBP-0x8],EAX + * 00CF0F4B 0F5B ??? ; Unknown command + * 00CF0F4D C9 LEAVE + * 00CF0F4E F3:0F114D FC MOVSS DWORD PTR SS:[EBP-0x4],XMM1 + * 00CF0F53 8B41 54 MOV EAX,DWORD PTR DS:[ECX+0x54] + * 00CF0F56 F3:0F1180 500100>MOVSS DWORD PTR DS:[EAX+0x150],XMM0 + * 00CF0F5E F3:0F1045 FC MOVSS XMM0,DWORD PTR SS:[EBP-0x4] + * 00CF0F63 F3:0F1180 540100>MOVSS DWORD PTR DS:[EAX+0x154],XMM0 + * 00CF0F6B 0F57C0 XORPS XMM0,XMM0 + * 00CF0F6E F3:0F1180 580100>MOVSS DWORD PTR DS:[EAX+0x158],XMM0 + * 00CF0F76 F3:0F1180 5C0100>MOVSS DWORD PTR DS:[EAX+0x15C],XMM0 + * 00CF0F7E 8BE5 MOV ESP,EBP + * 00CF0F80 5D POP EBP + * 00CF0F81 C3 RETN + * 00CF0F82 CC INT3 + * 00CF0F83 CC INT3 + * 00CF0F84 CC INT3 + * 00CF0F85 CC INT3 + * 00CF0F86 CC INT3 + * 00CF0F87 CC INT3 + * 00CF0F88 CC INT3 + * 00CF0F89 CC INT3 + * 00CF0F8A CC INT3 + * 00CF0F8B CC INT3 + * 00CF0F8C CC INT3 + * + * If the function does not work, here's the common function that performing strcpy + * 00DA8E8A CC INT3 + * 00DA8E8B CC INT3 + * 00DA8E8C CC INT3 + * 00DA8E8D CC INT3 + * 00DA8E8E CC INT3 + * 00DA8E8F CC INT3 + * 00DA8E90 55 PUSH EBP + * 00DA8E91 8BEC MOV EBP,ESP + * 00DA8E93 57 PUSH EDI + * 00DA8E94 56 PUSH ESI + * 00DA8E95 8B75 0C MOV ESI,DWORD PTR SS:[EBP+0xC] + * 00DA8E98 8B4D 10 MOV ECX,DWORD PTR SS:[EBP+0x10] + * 00DA8E9B 8B7D 08 MOV EDI,DWORD PTR SS:[EBP+0x8] + * 00DA8E9E 8BC1 MOV EAX,ECX + * 00DA8EA0 8BD1 MOV EDX,ECX + * 00DA8EA2 03C6 ADD EAX,ESI + * 00DA8EA4 3BFE CMP EDI,ESI + * 00DA8EA6 76 08 JBE SHORT .00DA8EB0 + * 00DA8EA8 3BF8 CMP EDI,EAX + * 00DA8EAA 0F82 A0010000 JB .00DA9050 + * 00DA8EB0 81F9 80000000 CMP ECX,0x80 + * 00DA8EB6 72 1C JB SHORT .00DA8ED4 + * 00DA8EB8 833D D470E000 00 CMP DWORD PTR DS:[0xE070D4],0x0 + * 00DA8EBF 74 13 JE SHORT .00DA8ED4 + * 00DA8EC1 57 PUSH EDI + * 00DA8EC2 56 PUSH ESI + * 00DA8EC3 83E7 0F AND EDI,0xF + * 00DA8EC6 83E6 0F AND ESI,0xF + * 00DA8EC9 3BFE CMP EDI,ESI + * 00DA8ECB 5E POP ESI + * 00DA8ECC 5F POP EDI + * 00DA8ECD 75 05 JNZ SHORT .00DA8ED4 + * 00DA8ECF ^E9 0E9FFFFF JMP .00DA2DE2 + * 00DA8ED4 F7C7 03000000 TEST EDI,0x3 + * 00DA8EDA 75 14 JNZ SHORT .00DA8EF0 + * 00DA8EDC C1E9 02 SHR ECX,0x2 + * 00DA8EDF 83E2 03 AND EDX,0x3 + * 00DA8EE2 83F9 08 CMP ECX,0x8 + * 00DA8EE5 72 29 JB SHORT .00DA8F10 + * 00DA8EE7 F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI] ; jichi: modified here + * 00DA8EE9 FF2495 0090DA00 JMP DWORD PTR DS:[EDX*4+0xDA9000] + * 00DA8EF0 8BC7 MOV EAX,EDI + * 00DA8EF2 BA 03000000 MOV EDX,0x3 + * 00DA8EF7 83E9 04 SUB ECX,0x4 + * 00DA8EFA 72 0C JB SHORT .00DA8F08 + * 00DA8EFC 83E0 03 AND EAX,0x3 + * 00DA8EFF 03C8 ADD ECX,EAX + * 00DA8F01 FF2485 148FDA00 JMP DWORD PTR DS:[EAX*4+0xDA8F14] + * 00DA8F08 FF248D 1090DA00 JMP DWORD PTR DS:[ECX*4+0xDA9010] + * 00DA8F0F 90 NOP + * 00DA8F10 FF248D 948FDA00 JMP DWORD PTR DS:[ECX*4+0xDA8F94] + * 00DA8F17 90 NOP + * 00DA8F18 24 8F AND AL,0x8F + * 00DA8F1A DA00 FIADD DWORD PTR DS:[EAX] + * 00DA8F1C 50 PUSH EAX + * 00DA8F1D 8F ??? ; Unknown command + * 00DA8F1E DA00 FIADD DWORD PTR DS:[EAX] + * 00DA8F20 ^74 8F JE SHORT .00DA8EB1 + * 00DA8F22 DA00 FIADD DWORD PTR DS:[EAX] + * 00DA8F24 23D1 AND EDX,ECX + * 00DA8F26 8A06 MOV AL,BYTE PTR DS:[ESI] + * 00DA8F28 8807 MOV BYTE PTR DS:[EDI],AL + * 00DA8F2A 8A46 01 MOV AL,BYTE PTR DS:[ESI+0x1] + * 00DA8F2D 8847 01 MOV BYTE PTR DS:[EDI+0x1],AL + * 00DA8F30 8A46 02 MOV AL,BYTE PTR DS:[ESI+0x2] + * 00DA8F33 C1E9 02 SHR ECX,0x2 + * 00DA8F36 8847 02 MOV BYTE PTR DS:[EDI+0x2],AL + * 00DA8F39 83C6 03 ADD ESI,0x3 + * 00DA8F3C 83C7 03 ADD EDI,0x3 + * 00DA8F3F 83F9 08 CMP ECX,0x8 + * 00DA8F42 ^72 CC JB SHORT .00DA8F10 + * 00DA8F44 F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI] + * 00DA8F46 FF2495 0090DA00 JMP DWORD PTR DS:[EDX*4+0xDA9000] + * 00DA8F4D 8D49 00 LEA ECX,DWORD PTR DS:[ECX] + * 00DA8F50 23D1 AND EDX,ECX + * 00DA8F52 8A06 MOV AL,BYTE PTR DS:[ESI] + * 00DA8F54 8807 MOV BYTE PTR DS:[EDI],AL + * 00DA8F56 8A46 01 MOV AL,BYTE PTR DS:[ESI+0x1] + * 00DA8F59 C1E9 02 SHR ECX,0x2 + * 00DA8F5C 8847 01 MOV BYTE PTR DS:[EDI+0x1],AL + * 00DA8F5F 83C6 02 ADD ESI,0x2 + * 00DA8F62 83C7 02 ADD EDI,0x2 + * 00DA8F65 83F9 08 CMP ECX,0x8 + * 00DA8F68 ^72 A6 JB SHORT .00DA8F10 + * 00DA8F6A F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI] + * 00DA8F6C FF2495 0090DA00 JMP DWORD PTR DS:[EDX*4+0xDA9000] + * 00DA8F73 90 NOP + * 00DA8F74 23D1 AND EDX,ECX + * 00DA8F76 8A06 MOV AL,BYTE PTR DS:[ESI] + * 00DA8F78 8807 MOV BYTE PTR DS:[EDI],AL + * 00DA8F7A 83C6 01 ADD ESI,0x1 + * 00DA8F7D C1E9 02 SHR ECX,0x2 + * 00DA8F80 83C7 01 ADD EDI,0x1 + * 00DA8F83 83F9 08 CMP ECX,0x8 + * 00DA8F86 ^72 88 JB SHORT .00DA8F10 + * 00DA8F88 F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI] + * 00DA8F8A FF2495 0090DA00 JMP DWORD PTR DS:[EDX*4+0xDA9000] + * 00DA8F91 8D49 00 LEA ECX,DWORD PTR DS:[ECX] + * 00DA8F94 F7 ??? ; Unknown command + * 00DA8F95 8F ??? ; Unknown command + * 00DA8F96 DA00 FIADD DWORD PTR DS:[EAX] + * 00DA8F98 E4 8F IN AL,0x8F ; I/O command + * 00DA8F9A DA00 FIADD DWORD PTR DS:[EAX] + * 00DA8F9C DC8F DA00D48F FMUL QWORD PTR DS:[EDI+0x8FD400DA] + * 00DA8FA2 DA00 FIADD DWORD PTR DS:[EAX] + * 00DA8FA4 CC INT3 + * 00DA8FA5 8F ??? ; Unknown command + * 00DA8FA6 DA00 FIADD DWORD PTR DS:[EAX] + * 00DA8FA8 C48F DA00BC8F LES ECX,FWORD PTR DS:[EDI+0x8FBC00DA] ; Modification of segment register + * 00DA8FAE DA00 FIADD DWORD PTR DS:[EAX] + * 00DA8FB0 B4 8F MOV AH,0x8F + * + */ +bool attach(ULONG startAddress, ULONG stopAddress) // attach scenario +{ + const uint8_t bytes[] = { + 0xc7,0x45, 0xfc, 0x00,0x00,0x00,0x00, // 00cf0ec4 c745 fc 00000000 mov dword ptr ss:[ebp-0x4],0x0 ; jichi: pattern start + 0x8b,0x8b, 0x84,0x03,0x00,0x00, // 00cf0ecb 8b8b 84030000 mov ecx,dword ptr ds:[ebx+0x384] + 0x8b,0x01, // 00cf0ed1 8b01 mov eax,dword ptr ds:[ecx] + 0x8b,0x40, 0x60, // 00cf0ed3 8b40 60 mov eax,dword ptr ds:[eax+0x60] + 0x8b,0xd6, // 00cf0ed6 8bd6 mov edx,esi + 0x52, // 00cf0ed8 52 push edx + 0xff,0xd0 // 00cf0ed9 ffd0 call eax ;jichi: called here .00caef00 + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if (!addr) + return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) + return false; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.type = USING_STRING|EMBED_ABLE|EMBED_BEFORE_SIMPLE|EMBED_AFTER_NEW|EMBED_DYNA_SJIS; + hp.filter_fun = all_ascii_Filter; + return NewHook(hp, "EmbedNitroplus"); +} + +} // namespace ScenarioHook +} // unnamed namespace + +bool Nitroplus2::attach_function() { + bool embed=ScenarioHook::attach(processStartAddress,processStopAddress); + bool b=InsertNitroPlusHook(); + bool b2=(Util::SearchResourceString(L"TOKYONECRO")) && InsertTokyoNecroHook(); + return b||b2||embed; +} \ No newline at end of file diff --git a/LunaHook/engine32/Nitroplus2.h b/LunaHook/engine32/Nitroplus2.h new file mode 100644 index 0000000..7956630 --- /dev/null +++ b/LunaHook/engine32/Nitroplus2.h @@ -0,0 +1,12 @@ +#include"engine.h" + +class Nitroplus2:public ENGINE{ + public: + Nitroplus2(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"*.npk"; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/ONScripterru.cpp b/LunaHook/engine32/ONScripterru.cpp new file mode 100644 index 0000000..d5f232a --- /dev/null +++ b/LunaHook/engine32/ONScripterru.cpp @@ -0,0 +1,142 @@ +#include"ONScripterru.h" +void ONScripterruCommonFilter(char *text, size_t *len) +{ + StringCharReplacer(text, len, "{n}", 3, ' '); + + if (cpp_strnstr(text, "{c:", *len)) { + StringFilterBetween(text, len, "{c:", 3, ":", 1); + } + if (cpp_strnstr(text, "{e:", *len)) { + StringFilterBetween(text, len, "{e:", 3, ":", 1); + } + if (cpp_strnstr(text, "{f:", *len)) { + StringFilterBetween(text, len, "{f:", 3, ":", 1); + } + if (cpp_strnstr(text, "{i:", *len)) { + StringFilter(text, len, "{i:", 3); + } + if (cpp_strnstr(text, "{p:", *len)) { + StringFilterBetween(text, len, "{p:", 3, "}", 1); + } + CharFilter(text, len, '}'); + + if (cpp_strnstr(text, "[", *len)) { + StringFilterBetween(text, len, "[", 1, "]", 1); + } + +} + +bool ONScripterru1Filter(LPVOID data, size_t *size, HookParam *) +{ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + + if ( *len == 0 || text[0] == ':' || text[1] == '{') + return false; + + ONScripterruCommonFilter(text, len); + CharFilter(text, len, '`'); + + return true; +} + +bool InsertONScripterruHook1() +{ + + /* + * Sample games: + * Umineko Project (all text displayed) + */ + const BYTE bytes[] = { + 0x90, // nop + 0x55, // push ebp << hook here + 0x57, // push edi + 0x31, 0xED, // xor ebp,ebp + 0x56, // push esi + 0x53, // push ebx + 0x83, 0xEC, 0x3C // sub esp,3C + }; + + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!addr) { + ConsoleOutput("ONScripter-RU 1: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr + 1; + hp.offset=get_reg(regs::eax); + hp.type = USING_STRING | CODEC_UTF8; + hp.filter_fun = ONScripterru1Filter; + ConsoleOutput("INSERT ONScripter-RU 1"); + return NewHook(hp, "ONScripter-RU1"); + +} + +void StringBetween(char *str, size_t *size, const char *fr, size_t frlen, const char *to, size_t tolen) +{ + size_t len = *size, + curlen; + + char *start = cpp_strnstr(str, fr, len); + if (!*start) + return; + //start += frlen; + char *end = cpp_strnstr((start += frlen), to, len - (start - str)); + if (!*end) + return; + ::memmove(str, start, end - start); + + *size = end - start; + //str[*size] = '\0'; +} + +bool ONScripterru2Filter(LPVOID data, size_t *size, HookParam *) +{ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + + StringBetween(text, len, "`", 1, "`", 1); + + ONScripterruCommonFilter(text, len); + + return true; +} + +bool InsertONScripterruHook2() +{ + + /* + * Sample games: + * Umineko Project (partial text displayed) + */ + const BYTE bytes[] = { + 0x0F, 0xB6, 0x04, 0x18, // movzx eax,byte ptr [eax+ebx] << hook here + 0x89, 0x74, 0x24, 0x04, // mov [esp+04],esi + 0x43, // inc ebx + 0x89, 0x44, 0x24, 0x08 // mov [esp+08],eax + }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + ConsoleOutput("ONScripter-RU 2: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::eax); + hp.split =get_reg(regs::esi); + hp.type = USING_STRING | CODEC_UTF8 | USING_SPLIT | KNOWN_UNSTABLE; + //hp.type = USING_STRING | CODEC_UTF8 | USING_SPLIT; + hp.filter_fun = ONScripterru2Filter; + ConsoleOutput("INSERT ONScripter-RU 2"); + return NewHook(hp, "ONScripter-RU2"); +} + +bool ONScripterru::attach_function() { + + bool ok = InsertONScripterruHook1(); + return InsertONScripterruHook2() || ok; +} \ No newline at end of file diff --git a/LunaHook/engine32/ONScripterru.h b/LunaHook/engine32/ONScripterru.h new file mode 100644 index 0000000..3ba18e4 --- /dev/null +++ b/LunaHook/engine32/ONScripterru.h @@ -0,0 +1,11 @@ +#include"engine.h" + +class ONScripterru:public ENGINE{ + public: + ONScripterru(){ + + check_by=CHECK_BY::CUSTOM; + check_by_target=[](){return Util::SearchResourceString(L"ONScripter-RU") || Util::SearchResourceString(L"onscripter-ru.exe");}; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/OVERDRIVE.cpp b/LunaHook/engine32/OVERDRIVE.cpp new file mode 100644 index 0000000..60c2c3a --- /dev/null +++ b/LunaHook/engine32/OVERDRIVE.cpp @@ -0,0 +1,27 @@ +#include"OVERDRIVE.h" + + +bool OVERDRIVE::attach_function() { + //エーデルワイス + const BYTE bytes[] = { + 0x56, + 0x57, + 0x8b,0x7c,0x24,0x0c, + 0x32,0xc0, + 0x85,0xff, + 0x8b,0xf1, + 0x0f,0x84,XX,0x00,0x00,0x00, + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + + if (!addr) return false; + HookParam hp; + hp.address = addr ; + hp.offset=get_stack(1); + hp.type = USING_STRING; + hp.filter_fun=[](void* data, size_t* len, HookParam* hp){ + StringFilter((char*)data, len, "\\p\\l", 4); + return true; + }; + return NewHook(hp, "OVERDRIVE"); +} \ No newline at end of file diff --git a/LunaHook/engine32/OVERDRIVE.h b/LunaHook/engine32/OVERDRIVE.h new file mode 100644 index 0000000..6a68831 --- /dev/null +++ b/LunaHook/engine32/OVERDRIVE.h @@ -0,0 +1,11 @@ +#include"engine.h" + +class OVERDRIVE:public ENGINE{ + public: + OVERDRIVE(){ + is_engine_certain=false; + check_by=CHECK_BY::FILE_ALL; + check_by_target=check_by_list{L"DATA\\bgm.vfa",L"DATA\\grp.vfa",L"DATA\\SCR.arc",L"DATA\\snd.vfa"}; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Ohgetsu.cpp b/LunaHook/engine32/Ohgetsu.cpp new file mode 100644 index 0000000..25d3eda --- /dev/null +++ b/LunaHook/engine32/Ohgetsu.cpp @@ -0,0 +1,183 @@ +#include"Ohgetsu.h" + +namespace{ +bool hook1() { + //Silvery White ~君と出逢った理由~ + const BYTE bytes[] = { + 0x8b,XX,0x10, + 0x8b,XX,0x0C, + 0x8b,XX,0x08, + 0x8b,XX, + 0xc1,XX,02, + 0xf3,0xa5, + 0x8b,XX, + 0x83,XX,0x03, + 0xf3,0xa4, + 0x8b,XX,0x08, + 0x03,XX,0x10, + 0xC6,XX,0x00 + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + + if (!addr) return false; + addr= MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) return false; + HookParam hp; + hp.address = addr ; + hp.offset=get_stack(2); + hp.type = USING_STRING; + hp.text_fun = [](hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) { + auto text = (LPCSTR)stack->stack[2]; + auto size = stack->stack[3]; + + *data = (DWORD)text; + *len = size; + *split = stack->stack[0]; + + }; + return NewHook(hp, "Ohgetsu"); +} +bool hook2() { + //Palmyra ~熱砂の海と美なる戦姫~ + const BYTE bytes[] = { + 0x8b,XX,0x08, + 0x0f,XX,0x08, + 0xC1,XX,0x08, + 0x8b,XX,0x08, + 0x0f,0xb6,0x42,0x01, + 0x0b,XX, + + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + + if (!addr) return false; + addr= MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) return false; + HookParam hp; + hp.address = addr ; + hp.offset=get_stack(1); + hp.type = USING_STRING; + hp.text_fun = [](hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) { + auto text = (LPCSTR)stack->stack[1]; + auto size = stack->stack[2]; + + *data = (DWORD)text; + *len = size; + *split = stack->stack[0]; + + }; + return NewHook(hp, "Ohgetsu"); +} +bool _3(){ + //それは舞い散る桜のように FullEffect + auto addr = MemDbg::findCallerAddress((DWORD)GetGlyphOutlineA,0xec81, processStartAddress, processStopAddress); + if (!addr) { return false; } + + //reladdr = 0x48ff0; + //reladdr = 0x48ff3; + HookParam hp; + hp.address = addr ; + hp.offset=get_stack(1); + hp.type = CODEC_ANSI_BE; + + return NewHook(hp, "Basil"); +} +bool _4(){ + //それは舞い散る桜のように FullEffect + const BYTE bytes[] = { + 0x3D,0x00,0x02,0xFF,0xFF, + XX2, + 0x3D,0x01,0x02,0xFF,0xFF, + XX2, + 0x3D,0x02,0x02,0xFF,0xFF, + XX2, + + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + + if (!addr) return false; + addr= MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) return false; + HookParam hp; + hp.address = addr ; + hp.offset=get_stack(2); + hp.type = USING_STRING|EMBED_ABLE|EMBED_AFTER_NEW|EMBED_BEFORE_SIMPLE|EMBED_DYNA_SJIS; + hp.hook_font=F_GetGlyphOutlineA; + return NewHook(hp, "Basil2"); +} +} +namespace{ +bool _5(){ + //仰せのままに★ご主人様! + const BYTE bytes[] = { + //memset(&byte_562568, 0, 0x20u); + //memset(byte_562588, 0, sizeof(byte_562588)); ->RS@562588 + 0x6a,0x20, + 0x6a,0x00, + 0x68,XX4, + 0xe8,XX4, + 0x83,0xc4,0x0c, + 0x68,0x40,0x01,0x00,0x00, + 0x6a,0x00, + 0x68,XX4, + 0xe8,XX4 + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + + if (!addr) return false; + addr=*(DWORD*)(addr+25); + if(IsBadReadPtr((LPVOID)addr,10)!=0)return false; + HookParam hp; + hp.address=addr; + hp.type=DIRECT_READ; + hp.filter_fun=[](LPVOID data, size_t* size, HookParam*){ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + StringCharReplacer(text, len, "||", 2, '\n'); + return true; + }; + return NewHook(hp,"Ohgetsu"); +} +bool _6(){ + //仰せのままに★ご主人様! + //这个有人名,上面那个只有文本 + const BYTE bytes[] = { + 0x6a,0x46, + 0x8b,0x4d,0xf4, + 0x6b,0xc9,0x46, + 0x81,0xc1,XX4, + 0x51, + 0x8b,0x55,0xf4, + 0x83,0xea,0x05, + 0x6b,0xd2,0x46, + 0x81,0xc2,XX4, + 0x52, + 0xe8 + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!addr) return false; + addr = findfuncstart(addr); + if (!addr)return false; + HookParam hp; + hp.address=addr; + hp.type=USING_STRING; + hp.text_fun=[](hook_stack* stack, HookParam *hp, uintptr_t* data, uintptr_t* split, size_t* len){ + *data = stack->stack[1]; + *len = stack->stack[2]; + }; + hp.filter_fun=[](LPVOID data, size_t* size, HookParam*){ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + StringCharReplacer(text, len, "||", 2, '\n'); + return true; + }; + return NewHook(hp,"Ohgetsu"); +} +bool _7(){ + return _6()||_5(); +} +} +bool Ohgetsu::attach_function() { + bool ok=_4(); + return hook1()||hook2()||_7()||_3()||ok; +} \ No newline at end of file diff --git a/LunaHook/engine32/Ohgetsu.h b/LunaHook/engine32/Ohgetsu.h new file mode 100644 index 0000000..b049450 --- /dev/null +++ b/LunaHook/engine32/Ohgetsu.h @@ -0,0 +1,13 @@ +#include"engine.h" + +class Ohgetsu:public ENGINE{ + public: + Ohgetsu(){ + is_engine_certain=false; + check_by=CHECK_BY::FILE_ALL; + //check_by_target=check_by_list{L"script.pac",L"se.pac",L"visual.pac",L"voice.pac",L"music.pac",L"mov00001.mpg"}; + //それは舞い散る桜のように FullEffect + check_by_target=check_by_list{L"script.pac",L"se.pac",L"visual.pac",L"voice*.pac"};//,L"music.pac",L"mov00001.mpg"}; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Overflow.cpp b/LunaHook/engine32/Overflow.cpp new file mode 100644 index 0000000..659f36e --- /dev/null +++ b/LunaHook/engine32/Overflow.cpp @@ -0,0 +1,99 @@ +#include"Overflow.h" + +bool InsertSekaiProject1Hook() +{ + + /* + * Sample games: + * https://vndb.org/v1193 + */ + const BYTE bytes[] = { + 0xCC, // int 3 + 0x83, 0xEC, 0x10, // sub esp,10 << hook here + 0x8B, 0x44, 0x24, 0x14, // mov eax,[esp+14] + 0x53, // push ebx + 0x56, // push esi + 0x50, // push eax + 0x8B, 0xD9 // mov ebx,ecx + }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + ConsoleOutput("SekaiProject1: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr + 1; + hp.offset=get_stack(1); + hp.type = CODEC_UTF16 | USING_STRING | NO_CONTEXT; + ConsoleOutput("INSERT SekaiProject1"); + return NewHook(hp, "SekaiProject1"); +} + +bool InsertSekaiProject2Hook() +{ + + /* + * Sample games: + * https://vndb.org/r21174 + */ + const BYTE bytes[] = { + 0xC7, 0x45, 0xDC, 0x00, 0x00, 0x00, 0x00, // mov [ebp-24],00000000 << hook here + 0xEB, 0x09, // jmp "SCHOOLDAYS HQ.exe"+4C821 + 0x8B, 0x45, 0xDC, // mov eax,[ebp-24] + 0x83, 0xC0, 0x01, // add eax,01 + 0x89, 0x45, 0xDC // mov [ebp-24],eax + }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + ConsoleOutput("SekaiProject2: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset=get_stack(21); + hp.type = CODEC_UTF16 | USING_STRING | NO_CONTEXT; + ConsoleOutput("INSERT SekaiProject2"); + return NewHook(hp, "SekaiProject2"); +} + +bool InsertSekaiProject3Hook() +{ + + /* + * Sample games: + * https://vndb.org/r39989 + */ + const BYTE bytes[] = { + 0xCC, // int 3 + 0x8B, 0x44, 0x24, 0x04, // mov eax,[esp+04] << hook here + 0x83, 0xEC, 0x14, // sub esp,14 + 0x55, // push ebp + 0x56, // push esi + 0x57, // push edi + 0x8B, 0xF9 // mov edi,ecx + }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + ConsoleOutput("SekaiProject3: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr + 1; + hp.offset=get_stack(1); + hp.type = CODEC_UTF16 | USING_STRING | NO_CONTEXT; + ConsoleOutput("INSERT SekaiProject3"); + return NewHook(hp, "SekaiProject3"); +} + +bool Overflow::attach_function() +{ return InsertSekaiProject1Hook() || InsertSekaiProject2Hook() || InsertSekaiProject3Hook();} + \ No newline at end of file diff --git a/LunaHook/engine32/Overflow.h b/LunaHook/engine32/Overflow.h new file mode 100644 index 0000000..7211e05 --- /dev/null +++ b/LunaHook/engine32/Overflow.h @@ -0,0 +1,11 @@ +#include"engine.h" + +class Overflow:public ENGINE{ + public: + Overflow(){ + is_engine_certain=false; + check_by=CHECK_BY::FILE_ALL; + check_by_target=check_by_list{L"Packs/*.GPK"}; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/PCSX2.cpp b/LunaHook/engine32/PCSX2.cpp new file mode 100644 index 0000000..388cf78 --- /dev/null +++ b/LunaHook/engine32/PCSX2.cpp @@ -0,0 +1,1045 @@ +#include"PCSX2.h" + +#include"ppsspp/psputils.hpp" +/** 7/19/2014 jichi + * Tested game: Fate/stay night [Realta Nua] + * + * Fixed memory address. + * Text is incrementally increased. + * + * Debug method: Debug next text location at \0. + * There are three locations that are OK to hook. + * The first one is used. + * + * Runtime stack: + * 0dc1f7e0 055be7c0 + * 0dc1f7e4 023105b0 pcsx2.023105b0 + * 0dc1f7e8 0dc1f804 + * 0dc1f7ec 023a406b pcsx2.023a406b + * 0dc1f7f0 00000000 + * 0dc1f7f4 000027e5 + * + * 305a5424 2b05 809e9500 sub eax,dword ptr ds:[0x959e80] + * 305a542a 0f88 05000000 js 305a5435 + * 305a5430 -e9 cbebdfd1 jmp pcsx2.023a4000 + * 305a5435 8b0d 20ac9600 mov ecx,dword ptr ds:[0x96ac20] + * 305a543b 89c8 mov eax,ecx + * 305a543d c1e8 0c shr eax,0xc + * 305a5440 8b0485 30009e12 mov eax,dword ptr ds:[eax*4+0x129e0030] + * 305a5447 bb 57545a30 mov ebx,0x305a5457 + * 305a544c 01c1 add ecx,eax + * 305a544e -0f88 ecbcd7d1 js pcsx2.02321140 + * 305a5454 0fbe01 movsx eax,byte ptr ds:[ecx] ; jichi: hook here + * 305a5457 99 cdq + * 305a5458 a3 f0ab9600 mov dword ptr ds:[0x96abf0],eax + * 305a545d 8915 f4ab9600 mov dword ptr ds:[0x96abf4],edx + * 305a5463 a1 40ac9600 mov eax,dword ptr ds:[0x96ac40] + * 305a5468 3b05 f0ab9600 cmp eax,dword ptr ds:[0x96abf0] + * 305a546e 75 11 jnz short 305a5481 + * 305a5470 a1 44ac9600 mov eax,dword ptr ds:[0x96ac44] + * 305a5475 3b05 f4ab9600 cmp eax,dword ptr ds:[0x96abf4] + * 305a547b 0f84 3a000000 je 305a54bb + * 305a5481 8305 00ac9600 24 add dword ptr ds:[0x96ac00],0x24 + * 305a5488 9f lahf + * 305a5489 66:c1f8 0f sar ax,0xf + * 305a548d 98 cwde + * 305a548e a3 04ac9600 mov dword ptr ds:[0x96ac04],eax + * 305a5493 c705 a8ad9600 6c>mov dword ptr ds:[0x96ada8],0x10e26c + * 305a549d a1 c0ae9600 mov eax,dword ptr ds:[0x96aec0] + * 305a54a2 83c0 04 add eax,0x4 + * + * 3038c78e -0f88 ac4af9d1 js pcsx2.02321240 + * 3038c794 8911 mov dword ptr ds:[ecx],edx + * 3038c796 8b0d 60ab9600 mov ecx,dword ptr ds:[0x96ab60] + * 3038c79c 89c8 mov eax,ecx + * 3038c79e c1e8 0c shr eax,0xc + * 3038c7a1 8b0485 30009e12 mov eax,dword ptr ds:[eax*4+0x129e0030] + * 3038c7a8 bb b8c73830 mov ebx,0x3038c7b8 + * 3038c7ad 01c1 add ecx,eax + * 3038c7af -0f88 8b49f9d1 js pcsx2.02321140 + * 3038c7b5 0fbe01 movsx eax,byte ptr ds:[ecx] ; jichi: or hook here + * 3038c7b8 99 cdq + * 3038c7b9 a3 e0ab9600 mov dword ptr ds:[0x96abe0],eax + * 3038c7be 8915 e4ab9600 mov dword ptr ds:[0x96abe4],edx + * 3038c7c4 c705 20ab9600 00>mov dword ptr ds:[0x96ab20],0x0 + * 3038c7ce c705 24ab9600 00>mov dword ptr ds:[0x96ab24],0x0 + * 3038c7d8 c705 f0ab9600 25>mov dword ptr ds:[0x96abf0],0x25 + * 3038c7e2 c705 f4ab9600 00>mov dword ptr ds:[0x96abf4],0x0 + * 3038c7ec 833d e0ab9600 25 cmp dword ptr ds:[0x96abe0],0x25 + * 3038c7f3 75 0d jnz short 3038c802 + * 3038c7f5 833d e4ab9600 00 cmp dword ptr ds:[0x96abe4],0x0 + * 3038c7fc 0f84 34000000 je 3038c836 + * 3038c802 31c0 xor eax,eax + * + * 304e1a0a 8b0d 40ab9600 mov ecx,dword ptr ds:[0x96ab40] + * 304e1a10 89c8 mov eax,ecx + * 304e1a12 c1e8 0c shr eax,0xc + * 304e1a15 8b0485 30009e12 mov eax,dword ptr ds:[eax*4+0x129e0030] + * 304e1a1c bb 2c1a4e30 mov ebx,0x304e1a2c + * 304e1a21 01c1 add ecx,eax + * 304e1a23 -0f88 17f7e3d1 js pcsx2.02321140 + * 304e1a29 0fbe01 movsx eax,byte ptr ds:[ecx] ; jichi: or hook here + * 304e1a2c 99 cdq + * 304e1a2d a3 f0ab9600 mov dword ptr ds:[0x96abf0],eax + * 304e1a32 8915 f4ab9600 mov dword ptr ds:[0x96abf4],edx + * 304e1a38 a1 f0ab9600 mov eax,dword ptr ds:[0x96abf0] + * 304e1a3d 3b05 d0ab9600 cmp eax,dword ptr ds:[0x96abd0] + * 304e1a43 75 11 jnz short 304e1a56 + * 304e1a45 a1 f4ab9600 mov eax,dword ptr ds:[0x96abf4] + * 304e1a4a 3b05 d4ab9600 cmp eax,dword ptr ds:[0x96abd4] + * 304e1a50 0f84 3c000000 je 304e1a92 + * 304e1a56 a1 f0ab9600 mov eax,dword ptr ds:[0x96abf0] + * 304e1a5b 83c0 d0 add eax,-0x30 + * 304e1a5e 99 cdq + */ +namespace { // unnamed +bool _typemoongarbage_ch(char c) +{ + return c == '%' || c == '.' || c == ' ' || c == ',' + || c >= '0' && c <= '9' + || c >= 'A' && c <= 'z'; // also ignore ASCII 91-96: [ \ ] ^ _ ` +} + +// Trim leading garbage +LPCSTR _typemoonltrim(LPCSTR p) +{ + enum { MAX_LENGTH = VNR_TEXT_CAPACITY }; + if (p && p[0] == '%') + for (int count = 0; *p && count < MAX_LENGTH; count++, p++) + if (!_typemoongarbage_ch(*p)) + return p; + return nullptr; +} + +// Remove trailing garbage such as %n +size_t _typemoonstrlen(LPCSTR text) +{ + size_t len = ::strlen(text); + size_t ret = len; + while (len && _typemoongarbage_ch(text[len - 1])) { + len--; + if (text[len] == '%') + ret = len; + } + return ret; +} + +} // unnamed namespace + +// Use last text size to determine +static void SpecialPS2HookTypeMoon(hook_stack* stack, HookParam *, uintptr_t *data, uintptr_t *split, size_t*len) +{ + static LPCSTR lasttext; // this value should be the same for the same game + static size_t lastsize; + + LPCSTR cur = LPCSTR(stack->ecx); + if (!*cur) + return; + + LPCSTR text = reverse_search_begin(cur); + if (!text) + return; + //text = _typemoonltrim(text); + if (lasttext != text) { + lasttext = text; + lastsize = 0; // reset last size + } + + size_t size = ::strlen(text); + if (size == lastsize) + return; + if (size > lastsize) // incremental + text += lastsize; + lastsize = size; + + text = _typemoonltrim(text); + size = _typemoonstrlen(text); + //size = ::strlen(text); + + *data = (DWORD)text; + *len = size; + + *split = FIXED_SPLIT_VALUE << 2; // merge all threads + //*split = *(DWORD *)(esp_base + 4); // use [esp+4] as split + //*split = regof(eax, esp_base); + //*split = regof(esi, esp_base); +} + +bool InsertTypeMoonPS2Hook() +{ + ConsoleOutput("TypeMoon PS2: enter"); + const BYTE bytes[] = { + 0x2b,0x05, XX4, // 305a5424 2b05 809e9500 sub eax,dword ptr ds:[0x959e80] + 0x0f,0x88, 0x05,0x00,0x00,0x00, // 305a542a 0f88 05000000 js 305a5435 + 0xe9, XX4, // 305a5430 -e9 cbebdfd1 jmp pcsx2.023a4000 + 0x8b,0x0d, XX4, // 305a5435 8b0d 20ac9600 mov ecx,dword ptr ds:[0x96ac20] + 0x89,0xc8, // 305a543b 89c8 mov eax,ecx + 0xc1,0xe8, 0x0c, // 305a543d c1e8 0c shr eax,0xc + 0x8b,0x04,0x85, XX4, // 305a5440 8b0485 30009e12 mov eax,dword ptr ds:[eax*4+0x129e0030] + 0xbb, XX4, // 305a5447 bb 57545a30 mov ebx,0x305a5457 + 0x01,0xc1, // 305a544c 01c1 add ecx,eax + // Following pattern is not sufficient + 0x0f,0x88, XX4, // 305a544e -0f88 ecbcd7d1 js pcsx2.02321140 + 0x0f,0xbe,0x01, // 305a5454 0fbe01 movsx eax,byte ptr ds:[ecx] ; jichi: hook here + 0x99, // 305a5457 99 cdq + 0xa3, XX4, // 305a5458 a3 f0ab9600 mov dword ptr ds:[0x96abf0],eax + 0x89,0x15, XX4, // 305a545d 8915 f4ab9600 mov dword ptr ds:[0x96abf4],edx + 0xa1, XX4, // 305a5463 a1 40ac9600 mov eax,dword ptr ds:[0x96ac40] + 0x3b,0x05, XX4, // 305a5468 3b05 f0ab9600 cmp eax,dword ptr ds:[0x96abf0] + 0x75, 0x11, // 305a546e 75 11 jnz short 305a5481 + 0xa1, XX4, // 305a5470 a1 44ac9600 mov eax,dword ptr ds:[0x96ac44] + 0x3b,0x05, XX4, // 305a5475 3b05 f4ab9600 cmp eax,dword ptr ds:[0x96abf4] + 0x0f,0x84, XX4, // 305a547b 0f84 3a000000 je 305a54bb + 0x83,0x05, XX4, 0x24, // 305a5481 8305 00ac9600 24 add dword ptr ds:[0x96ac00],0x24 + 0x9f, // 305a5488 9f lahf + 0x66,0xc1,0xf8, 0x0f, // 305a5489 66:c1f8 0f sar ax,0xf + 0x98 // 305a548d 98 cwde + }; + enum { addr_offset = 0x305a5454 - 0x305a5424 }; + auto succ=false; + DWORD addr = SafeMatchBytesInPS2Memory(bytes, sizeof(bytes)); + //addr = 0x30403967; + if (!addr) + ConsoleOutput("TypeMoon PS2: pattern not found"); + else { + //GROWL_DWORD(addr + addr_offset); + HookParam hp; + hp.address = addr + addr_offset; + hp.type = USING_STRING|NO_CONTEXT; // no context to get rid of return address + hp.text_fun = SpecialPS2HookTypeMoon; + ConsoleOutput("TypeMoon PS2: INSERT"); + //GROWL_DWORD(hp.address); + succ|=NewHook(hp, "TypeMoon PS2"); + } + + ConsoleOutput("TypeMoon PS2: leave"); + return succ; +} + +/** 8/3/2014 jichi + * Tested game: School Rumble ねる娘�育つ + * + * Fixed memory address. + * There is only one matched address. + * + * Debug method: Predict text location. + * There are a couple of locations that are OK to hook. + * The last one is used. + * + * Issue: the order of chara and scenario is reversed: 「scenario」chara + * + * eax 20000000 + * ecx 202d5ab3 + * edx 00000000 + * ebx 3026e299 + * esp 0c14f910 + * ebp 0c14f918 + * esi 0014f470 + * edi 00000000 + * eip 3026e296 + * + * 3026e1d5 -0f88 a530d7d2 js pcsx2.02fe1280 + * 3026e1db 0f1202 movlps xmm0,qword ptr ds:[edx] + * 3026e1de 0f1301 movlps qword ptr ds:[ecx],xmm0 + * 3026e1e1 ba 10ac6201 mov edx,0x162ac10 + * 3026e1e6 8b0d d0ac6201 mov ecx,dword ptr ds:[0x162acd0] ; pcsx2.01ffed00 + * 3026e1ec 83c1 10 add ecx,0x10 + * 3026e1ef 83e1 f0 and ecx,0xfffffff0 + * 3026e1f2 89c8 mov eax,ecx + * 3026e1f4 c1e8 0c shr eax,0xc + * 3026e1f7 8b0485 30006d0d mov eax,dword ptr ds:[eax*4+0xd6d0030] + * 3026e1fe bb 11e22630 mov ebx,0x3026e211 + * 3026e203 01c1 add ecx,eax + * 3026e205 -0f88 b530d7d2 js pcsx2.02fe12c0 + * 3026e20b 0f280a movaps xmm1,dqword ptr ds:[edx] + * 3026e20e 0f2909 movaps dqword ptr ds:[ecx],xmm1 + * 3026e211 ba 00ac6201 mov edx,0x162ac00 + * 3026e216 8b0d d0ac6201 mov ecx,dword ptr ds:[0x162acd0] ; pcsx2.01ffed00 + * 3026e21c 83e1 f0 and ecx,0xfffffff0 + * 3026e21f 89c8 mov eax,ecx + * 3026e221 c1e8 0c shr eax,0xc + * 3026e224 8b0485 30006d0d mov eax,dword ptr ds:[eax*4+0xd6d0030] + * 3026e22b bb 3ee22630 mov ebx,0x3026e23e + * 3026e230 01c1 add ecx,eax + * 3026e232 -0f88 8830d7d2 js pcsx2.02fe12c0 + * 3026e238 0f2812 movaps xmm2,dqword ptr ds:[edx] + * 3026e23b 0f2911 movaps dqword ptr ds:[ecx],xmm2 + * 3026e23e 31c0 xor eax,eax + * 3026e240 a3 f4ac6201 mov dword ptr ds:[0x162acf4],eax + * 3026e245 c705 f0ac6201 d4>mov dword ptr ds:[0x162acf0],0x1498d4 + * 3026e24f c705 a8ad6201 c0>mov dword ptr ds:[0x162ada8],0x1281c0 + * 3026e259 a1 c0ae6201 mov eax,dword ptr ds:[0x162aec0] + * 3026e25e 83c0 07 add eax,0x7 + * 3026e261 a3 c0ae6201 mov dword ptr ds:[0x162aec0],eax + * 3026e266 2b05 809e6101 sub eax,dword ptr ds:[0x1619e80] + * 3026e26c 0f88 05000000 js 3026e277 + * 3026e272 -e9 895ddfd2 jmp pcsx2.03064000 + * 3026e277 8b0d 40ab6201 mov ecx,dword ptr ds:[0x162ab40] + * 3026e27d 89c8 mov eax,ecx + * 3026e27f c1e8 0c shr eax,0xc + * 3026e282 8b0485 30006d0d mov eax,dword ptr ds:[eax*4+0xd6d0030] + * 3026e289 bb 99e22630 mov ebx,0x3026e299 + * 3026e28e 01c1 add ecx,eax + * 3026e290 -0f88 6a2dd7d2 js pcsx2.02fe1000 + * 3026e296 0fb601 movzx eax,byte ptr ds:[ecx] ; jichi: hook here + * 3026e299 a3 60ab6201 mov dword ptr ds:[0x162ab60],eax + * 3026e29e c705 64ab6201 00>mov dword ptr ds:[0x162ab64],0x0 + * 3026e2a8 a1 60ab6201 mov eax,dword ptr ds:[0x162ab60] + * 3026e2ad 05 7fffffff add eax,-0x81 + * 3026e2b2 99 cdq + * 3026e2b3 a3 70ab6201 mov dword ptr ds:[0x162ab70],eax + * 3026e2b8 8915 74ab6201 mov dword ptr ds:[0x162ab74],edx + * 3026e2be b8 01000000 mov eax,0x1 + * 3026e2c3 833d 74ab6201 00 cmp dword ptr ds:[0x162ab74],0x0 + * 3026e2ca 72 0d jb short 3026e2d9 + * 3026e2cc 77 09 ja short 3026e2d7 + * 3026e2ce 833d 70ab6201 18 cmp dword ptr ds:[0x162ab70],0x18 + * 3026e2d5 72 02 jb short 3026e2d9 + * 3026e2d7 31c0 xor eax,eax + * 3026e2d9 a3 10ab6201 mov dword ptr ds:[0x162ab10],eax + * 3026e2de c705 14ab6201 00>mov dword ptr ds:[0x162ab14],0x0 + * 3026e2e8 c705 20ab6201 00>mov dword ptr ds:[0x162ab20],0x0 + * 3026e2f2 c705 24ab6201 00>mov dword ptr ds:[0x162ab24],0x0 + * 3026e2fc c705 30ab6201 00>mov dword ptr ds:[0x162ab30],0x0 + * 3026e306 c705 34ab6201 00>mov dword ptr ds:[0x162ab34],0x0 + * 3026e310 833d 10ab6201 00 cmp dword ptr ds:[0x162ab10],0x0 + * 3026e317 0f85 41000000 jnz 3026e35e + * 3026e31d 833d 14ab6201 00 cmp dword ptr ds:[0x162ab14],0x0 + * 3026e324 0f85 34000000 jnz 3026e35e + * 3026e32a 31c0 xor eax,eax + * 3026e32c a3 50ab6201 mov dword ptr ds:[0x162ab50],eax + * 3026e331 a3 54ab6201 mov dword ptr ds:[0x162ab54],eax + * 3026e336 c705 a8ad6201 c0>mov dword ptr ds:[0x162ada8],0x1285c0 + * 3026e340 a1 c0ae6201 mov eax,dword ptr ds:[0x162aec0] + * 3026e345 83c0 08 add eax,0x8 + * 3026e348 a3 c0ae6201 mov dword ptr ds:[0x162aec0],eax + * 3026e34d 2b05 809e6101 sub eax,dword ptr ds:[0x1619e80] + * 3026e353 0f88 96280000 js 30270bef + * 3026e359 -e9 a25cdfd2 jmp pcsx2.03064000 + * 3026e35e 31c0 xor eax,eax + * 3026e360 a3 50ab6201 mov dword ptr ds:[0x162ab50],eax + * 3026e365 a3 54ab6201 mov dword ptr ds:[0x162ab54],eax + * 3026e36a c705 a8ad6201 dc>mov dword ptr ds:[0x162ada8],0x1281dc + * 3026e374 a1 c0ae6201 mov eax,dword ptr ds:[0x162aec0] + * 3026e379 83c0 08 add eax,0x8 + * 3026e37c a3 c0ae6201 mov dword ptr ds:[0x162aec0],eax + * 3026e381 2b05 809e6101 sub eax,dword ptr ds:[0x1619e80] + * 3026e387 0f88 a61f0000 js 30270333 + * 3026e38d -e9 6e5cdfd2 jmp pcsx2.03064000 + * 3026e392 b8 01000000 mov eax,0x1 + * 3026e397 833d 64ab6201 00 cmp dword ptr ds:[0x162ab64],0x0 + * 3026e39e 7c 10 jl short 3026e3b0 + * 3026e3a0 7f 0c jg short 3026e3ae + * 3026e3a2 813d 60ab6201 80>cmp dword ptr ds:[0x162ab60],0x80 + * 3026e3ac 72 02 jb short 3026e3b0 + * 3026e3ae 31c0 xor eax,eax + * 3026e3b0 a3 10ab6201 mov dword ptr ds:[0x162ab10],eax + * 3026e3b5 c705 14ab6201 00>mov dword ptr ds:[0x162ab14],0x0 + * 3026e3bf 31c0 xor eax,eax + * 3026e3c1 a3 54ab6201 mov dword ptr ds:[0x162ab54],eax + * 3026e3c6 c705 50ab6201 01>mov dword ptr ds:[0x162ab50],0x1 + * 3026e3d0 c705 a8ad6201 e8>mov dword ptr ds:[0x162ada8],0x1285e8 + * 3026e3da a1 c0ae6201 mov eax,dword ptr ds:[0x162aec0] + * 3026e3df 83c0 03 add eax,0x3 + * 3026e3e2 a3 c0ae6201 mov dword ptr ds:[0x162aec0],eax + * 3026e3e7 2b05 809e6101 sub eax,dword ptr ds:[0x1619e80] + * 3026e3ed 0f88 05000000 js 3026e3f8 + * 3026e3f3 -e9 085cdfd2 jmp pcsx2.03064000 + * 3026e3f8 833d 10ab6201 00 cmp dword ptr ds:[0x162ab10],0x0 + * 3026e3ff 0f85 49000000 jnz 3026e44e + * 3026e405 833d 14ab6201 00 cmp dword ptr ds:[0x162ab14],0x0 + * 3026e40c 0f85 3c000000 jnz 3026e44e + * 3026e412 a1 60ab6201 mov eax,dword ptr ds:[0x162ab60] + * 3026e417 c1e0 03 shl eax,0x3 + * 3026e41a 99 cdq + * 3026e41b a3 30ab6201 mov dword ptr ds:[0x162ab30],eax + * 3026e420 8915 34ab6201 mov dword ptr ds:[0x162ab34],edx + * 3026e426 c705 a8ad6201 04>mov dword ptr ds:[0x162ada8],0x128604 + * 3026e430 a1 c0ae6201 mov eax,dword ptr ds:[0x162aec0] + * 3026e435 83c0 02 add eax,0x2 + * 3026e438 a3 c0ae6201 mov dword ptr ds:[0x162aec0],eax + * 3026e43d 2b05 809e6101 sub eax,dword ptr ds:[0x1619e80] + * 3026e443 0f88 93220000 js 302706dc + * 3026e449 -e9 b25bdfd2 jmp pcsx2.03064000 + * 3026e44e a1 60ab6201 mov eax,dword ptr ds:[0x162ab60] + * 3026e453 c1e0 03 shl eax,0x3 + * 3026e456 99 cdq + * 3026e457 a3 30ab6201 mov dword ptr ds:[0x162ab30],eax + * 3026e45c 8915 34ab6201 mov dword ptr ds:[0x162ab34],edx + * 3026e462 c705 a8ad6201 f0>mov dword ptr ds:[0x162ada8],0x1285f0 + * 3026e46c a1 c0ae6201 mov eax,dword ptr ds:[0x162aec0] + * 3026e471 83c0 02 add eax,0x2 + * 3026e474 a3 c0ae6201 mov dword ptr ds:[0x162aec0],eax + * 3026e479 2b05 809e6101 sub eax,dword ptr ds:[0x1619e80] + * 3026e47f 0f88 91270000 js 30270c16 + * 3026e485 -e9 765bdfd2 jmp pcsx2.03064000 + * 3026e48a a1 30ab6201 mov eax,dword ptr ds:[0x162ab30] + * 3026e48f 0305 60ab6201 add eax,dword ptr ds:[0x162ab60] + * 3026e495 99 cdq + * 3026e496 a3 30ab6201 mov dword ptr ds:[0x162ab30],eax + * 3026e49b 8915 34ab6201 mov dword ptr ds:[0x162ab34],edx + * 3026e4a1 a1 30ab6201 mov eax,dword ptr ds:[0x162ab30] + * 3026e4a6 c1e0 05 shl eax,0x5 + * 3026e4a9 99 cdq + * 3026e4aa a3 30ab6201 mov dword ptr ds:[0x162ab30],eax + * 3026e4af 8915 34ab6201 mov dword ptr ds:[0x162ab34],edx + * 3026e4b5 a1 30ab6201 mov eax,dword ptr ds:[0x162ab30] + * 3026e4ba 05 e01f2b00 add eax,0x2b1fe0 + * 3026e4bf 99 cdq + * 3026e4c0 a3 20ab6201 mov dword ptr ds:[0x162ab20],eax + * 3026e4c5 8915 24ab6201 mov dword ptr ds:[0x162ab24],edx + * 3026e4cb 8b35 f0ac6201 mov esi,dword ptr ds:[0x162acf0] + * 3026e4d1 8935 a8ad6201 mov dword ptr ds:[0x162ada8],esi + * 3026e4d7 a1 c0ae6201 mov eax,dword ptr ds:[0x162aec0] + * 3026e4dc 83c0 07 add eax,0x7 + * 3026e4df a3 c0ae6201 mov dword ptr ds:[0x162aec0],eax + * 3026e4e4 2b05 809e6101 sub eax,dword ptr ds:[0x1619e80] + * 3026e4ea -0f88 155bdfd2 js pcsx2.03064005 + * 3026e4f0 -e9 0b5bdfd2 jmp pcsx2.03064000 + * 3026e4f5 a1 20ab6201 mov eax,dword ptr ds:[0x162ab20] + * 3026e4fa 8b15 24ab6201 mov edx,dword ptr ds:[0x162ab24] + * 3026e500 a3 00ac6201 mov dword ptr ds:[0x162ac00],eax + * 3026e505 8915 04ac6201 mov dword ptr ds:[0x162ac04],edx + * 3026e50b 833d 00ac6201 00 cmp dword ptr ds:[0x162ac00],0x0 + * 3026e512 75 0d jnz short 3026e521 + * 3026e514 833d 04ac6201 00 cmp dword ptr ds:[0x162ac04],0x0 + * 3026e51b 0f84 39000000 je 3026e55a + * 3026e521 31c0 xor eax,eax + */ +// Use fixed split for this hook +static void SpecialPS2HookMarvelous(hook_stack* stack, HookParam *, uintptr_t *data, uintptr_t *split, size_t*len) +{ + DWORD text = stack->ecx; + if (BYTE c = *(BYTE *)text) { // BYTE is unsigned + *data = text; + *len = ::LeadByteTable[c]; + *split = FIXED_SPLIT_VALUE * 3; // merge all threads + //*split = regof(esi, esp_base); + //*split = *(DWORD *)(esp_base + 4*5); // esp[5] + } +} + +bool InsertMarvelousPS2Hook() +{ + ConsoleOutput("Marvelous PS2: enter"); + const BYTE bytes[] = { + 0x2b,0x05, XX4, // 3026e266 2b05 809e6101 sub eax,dword ptr ds:[0x1619e80] + 0x0f,0x88, 0x05,0x00,0x00,0x00, // 3026e26c 0f88 05000000 js 3026e277 + 0xe9, XX4, // 3026e272 -e9 895ddfd2 jmp pcsx2.03064000 + 0x8b,0x0d, XX4, // 3026e277 8b0d 40ab6201 mov ecx,dword ptr ds:[0x162ab40] + 0x89,0xc8, // 3026e27d 89c8 mov eax,ecx + 0xc1,0xe8, 0x0c, // 3026e27f c1e8 0c shr eax,0xc + 0x8b,0x04,0x85, XX4, // 3026e282 8b0485 30006d0d mov eax,dword ptr ds:[eax*4+0xd6d0030] + 0xbb, XX4, // 3026e289 bb 99e22630 mov ebx,0x3026e299 + 0x01,0xc1, // 3026e28e 01c1 add ecx,eax + 0x0f,0x88, XX4, // 3026e290 -0f88 6a2dd7d2 js pcsx2.02fe1000 + 0x0f,0xb6,0x01, // 3026e296 0fb601 movzx eax,byte ptr ds:[ecx] ; jichi: hook here + 0xa3, XX4, // 3026e299 a3 60ab6201 mov dword ptr ds:[0x162ab60],eax + 0xc7,0x05, XX4, 0x00,0x00,0x00,0x00,// 3026e29e c705 64ab6201 00>mov dword ptr ds:[0x162ab64],0x0 + 0xa1, XX4, // 3026e2a8 a1 60ab6201 mov eax,dword ptr ds:[0x162ab60] + 0x05, 0x7f,0xff,0xff,0xff, // 3026e2ad 05 7fffffff add eax,-0x81 + 0x99, // 3026e2b2 99 cdq + 0xa3 //70ab6201 // 3026e2b3 a3 70ab6201 mov dword ptr ds:[0x162ab70],eax + }; + enum { addr_offset = 0x3026e296 - 0x3026e266 }; + + DWORD addr = SafeMatchBytesInPS2Memory(bytes, sizeof(bytes)); + //addr = 0x30403967; + auto succ=false; + if (!addr) + ConsoleOutput("Marvelous PS2: pattern not found"); + else { + //GROWL_DWORD(addr + addr_offset); + HookParam hp; + hp.address = addr + addr_offset; + hp.type = USING_STRING|NO_CONTEXT; // no context to get rid of return address + hp.text_fun = SpecialPS2HookMarvelous; + ConsoleOutput("Marvelous PS2: INSERT"); + //GROWL_DWORD(hp.address); + succ|=NewHook(hp, "Marvelous PS2"); + } + + ConsoleOutput("Marvelous PS2: leave"); + return succ; +} + +/** 8/3/2014 jichi + * Tested game: School Rumble 二学� * + * Fixed memory address. + * There is only one matched address. + * + * Debug method: Breakpoint the memory address. + * + * Issue: It cannot extract character name. + * + * 302072bd a3 c0ae9e01 mov dword ptr ds:[0x19eaec0],eax + * 302072c2 2b05 809e9d01 sub eax,dword ptr ds:[0x19d9e80] ; cdvdgiga.5976f736 + * 302072c8 ^0f88 f3cafcff js 301d3dc1 + * 302072ce -e9 2dcd21d3 jmp pcsx2.03424000 + * 302072d3 8b0d 50ab9e01 mov ecx,dword ptr ds:[0x19eab50] + * 302072d9 89c8 mov eax,ecx + * 302072db c1e8 0c shr eax,0xc + * 302072de 8b0485 3000e511 mov eax,dword ptr ds:[eax*4+0x11e50030] + * 302072e5 bb f5722030 mov ebx,0x302072f5 + * 302072ea 01c1 add ecx,eax + * 302072ec -0f88 0e9d19d3 js pcsx2.033a1000 + * 302072f2 0fb601 movzx eax,byte ptr ds:[ecx] + * 302072f5 a3 20ab9e01 mov dword ptr ds:[0x19eab20],eax + * 302072fa c705 24ab9e01 00>mov dword ptr ds:[0x19eab24],0x0 + * 30207304 8305 60ab9e01 ff add dword ptr ds:[0x19eab60],-0x1 + * 3020730b 9f lahf + * 3020730c 66:c1f8 0f sar ax,0xf + * 30207310 98 cwde + * 30207311 a3 64ab9e01 mov dword ptr ds:[0x19eab64],eax + * 30207316 8305 50ab9e01 01 add dword ptr ds:[0x19eab50],0x1 + * 3020731d 9f lahf + * 3020731e 66:c1f8 0f sar ax,0xf + * 30207322 98 cwde + * 30207323 a3 54ab9e01 mov dword ptr ds:[0x19eab54],eax + * 30207328 8b15 20ab9e01 mov edx,dword ptr ds:[0x19eab20] + * 3020732e 8b0d 30ab9e01 mov ecx,dword ptr ds:[0x19eab30] + * 30207334 89c8 mov eax,ecx + * 30207336 c1e8 0c shr eax,0xc + * 30207339 8b0485 3000e511 mov eax,dword ptr ds:[eax*4+0x11e50030] + * 30207340 bb 4f732030 mov ebx,0x3020734f + * 30207345 01c1 add ecx,eax + * 30207347 -0f88 739e19d3 js pcsx2.033a11c0 + * 3020734d 8811 mov byte ptr ds:[ecx],dl ; jichi: hook here, text in dl + * 3020734f 8305 30ab9e01 01 add dword ptr ds:[0x19eab30],0x1 + * 30207356 9f lahf + * 30207357 66:c1f8 0f sar ax,0xf + * 3020735b 98 cwde + * 3020735c a3 34ab9e01 mov dword ptr ds:[0x19eab34],eax + * 30207361 a1 60ab9e01 mov eax,dword ptr ds:[0x19eab60] + * 30207366 3b05 40ab9e01 cmp eax,dword ptr ds:[0x19eab40] + * 3020736c 75 11 jnz short 3020737f + * 3020736e a1 64ab9e01 mov eax,dword ptr ds:[0x19eab64] + * 30207373 3b05 44ab9e01 cmp eax,dword ptr ds:[0x19eab44] + * 30207379 0f84 28000000 je 302073a7 + * 3020737f c705 a8ad9e01 34>mov dword ptr ds:[0x19eada8],0x17eb34 + * 30207389 a1 c0ae9e01 mov eax,dword ptr ds:[0x19eaec0] + * 3020738e 83c0 09 add eax,0x9 + * 30207391 a3 c0ae9e01 mov dword ptr ds:[0x19eaec0],eax + * 30207396 2b05 809e9d01 sub eax,dword ptr ds:[0x19d9e80] ; cdvdgiga.5976f736 + * 3020739c ^0f88 31ffffff js 302072d3 + * 302073a2 -e9 59cc21d3 jmp pcsx2.03424000 + * 302073a7 c705 a8ad9e01 50>mov dword ptr ds:[0x19eada8],0x17eb50 + * 302073b1 a1 c0ae9e01 mov eax,dword ptr ds:[0x19eaec0] + * 302073b6 83c0 09 add eax,0x9 + * 302073b9 a3 c0ae9e01 mov dword ptr ds:[0x19eaec0],eax + * 302073be 2b05 809e9d01 sub eax,dword ptr ds:[0x19d9e80] ; cdvdgiga.5976f736 + * 302073c4 ^0f88 75cbfcff js 301d3f3f + * 302073ca -e9 31cc21d3 jmp pcsx2.03424000 + * 302073cf 8b15 10ac9e01 mov edx,dword ptr ds:[0x19eac10] + * 302073d5 8b0d 20ac9e01 mov ecx,dword ptr ds:[0x19eac20] + * 302073db 83c1 04 add ecx,0x4 + * 302073de 89c8 mov eax,ecx + * 302073e0 c1e8 0c shr eax,0xc + * 302073e3 8b0485 3000e511 mov eax,dword ptr ds:[eax*4+0x11e50030] + * 302073ea bb f9732030 mov ebx,0x302073f9 + * 302073ef 01c1 add ecx,eax + * 302073f1 -0f88 499e19d3 js pcsx2.033a1240 + * 302073f7 8911 mov dword ptr ds:[ecx],edx + * 302073f9 c705 a8ad9e01 5c>mov dword ptr ds:[0x19eada8],0x18d25c + * 30207403 a1 c0ae9e01 mov eax,dword ptr ds:[0x19eaec0] + * 30207408 83c0 03 add eax,0x3 + * 3020740b a3 c0ae9e01 mov dword ptr ds:[0x19eaec0],eax + * 30207410 2b05 809e9d01 sub eax,dword ptr ds:[0x19d9e80] ; cdvdgiga.5976f736 + * 30207416 0f88 05000000 js 30207421 + * 3020741c -e9 dfcb21d3 jmp pcsx2.03424000 + * 30207421 a1 50ac9e01 mov eax,dword ptr ds:[0x19eac50] + * 30207426 05 00a2ffff add eax,0xffffa200 + * 3020742b 99 cdq + * 3020742c a3 00ac9e01 mov dword ptr ds:[0x19eac00],eax + * 30207431 8915 04ac9e01 mov dword ptr ds:[0x19eac04],edx + * 30207437 31d2 xor edx,edx + * 30207439 8b0d d0ac9e01 mov ecx,dword ptr ds:[0x19eacd0] + * 3020743f 89c8 mov eax,ecx + * 30207441 c1e8 0c shr eax,0xc + * 30207444 8b0485 3000e511 mov eax,dword ptr ds:[eax*4+0x11e50030] + * 3020744b bb 5a742030 mov ebx,0x3020745a + * 30207450 01c1 add ecx,eax + * 30207452 -0f88 e89d19d3 js pcsx2.033a1240 + * 30207458 8911 mov dword ptr ds:[ecx],edx + * 3020745a a1 00ac9e01 mov eax,dword ptr ds:[0x19eac00] + * 3020745f 8b15 04ac9e01 mov edx,dword ptr ds:[0x19eac04] + */ +// Use fixed split for this hook +static void SpecialPS2HookMarvelous2(hook_stack* stack, HookParam *, uintptr_t *data, uintptr_t *split, size_t*len) +{ + DWORD text = stack->edx; // get text in dl: 3020734d 8811 mov byte ptr ds:[ecx],dl + if (BYTE c = *(BYTE *)text) { // BYTE is unsigned + *data = text; + *len = 1; + //*split = FIXED_SPLIT_VALUE * 4; // merge all threads + *split = stack->esi; + //*split = *(DWORD *)(esp_base + 4*5); // esp[5] + } +} + +bool InsertMarvelous2PS2Hook() +{ + ConsoleOutput("Marvelous2 PS2: enter"); + const BYTE bytes[] = { + // The following pattern is not sufficient + 0x89,0xc8, // 30207334 89c8 mov eax,ecx + 0xc1,0xe8, 0x0c, // 30207336 c1e8 0c shr eax,0xc + 0x8b,0x04,0x85, XX4, // 30207339 8b0485 3000e511 mov eax,dword ptr ds:[eax*4+0x11e50030] + 0xbb, XX4, // 30207340 bb 4f732030 mov ebx,0x3020734f + 0x01,0xc1, // 30207345 01c1 add ecx,eax + 0x0f,0x88, XX4, // 30207347 -0f88 739e19d3 js pcsx2.033a11c0 + 0x88,0x11, // 3020734d 8811 mov byte ptr ds:[ecx],dl ; jichi: hook here, text in dl + 0x83,0x05, XX4, 0x01, // 3020734f 8305 30ab9e01 01 add dword ptr ds:[0x19eab30],0x1 + 0x9f, // 30207356 9f lahf + 0x66,0xc1,0xf8, 0x0f, // 30207357 66:c1f8 0f sar ax,0xf + 0x98, // 3020735b 98 cwde + // The above pattern is not sufficient + 0xa3, XX4, // 3020735c a3 34ab9e01 mov dword ptr ds:[0x19eab34],eax + 0xa1, XX4, // 30207361 a1 60ab9e01 mov eax,dword ptr ds:[0x19eab60] + 0x3b,0x05, XX4, // 30207366 3b05 40ab9e01 cmp eax,dword ptr ds:[0x19eab40] + 0x75, 0x11, // 3020736c 75 11 jnz short 3020737f + 0xa1, XX4, // 3020736e a1 64ab9e01 mov eax,dword ptr ds:[0x19eab64] + 0x3b,0x05, XX4, // 30207373 3b05 44ab9e01 cmp eax,dword ptr ds:[0x19eab44] + 0x0f,0x84, XX4, // 30207379 0f84 28000000 je 302073a7 + 0xc7,0x05, XX8, // 3020737f c705 a8ad9e01 34>mov dword ptr ds:[0x19eada8],0x17eb34 + // The above pattern is not sufficient + 0xa1, XX4, // 30207389 a1 c0ae9e01 mov eax,dword ptr ds:[0x19eaec0] + 0x83,0xc0, 0x09, // 3020738e 83c0 09 add eax,0x9 + 0xa3, XX4, // 30207391 a3 c0ae9e01 mov dword ptr ds:[0x19eaec0],eax + 0x2b,0x05, XX4, // 30207396 2b05 809e9d01 sub eax,dword ptr ds:[0x19d9e80] ; cdvdgiga.5976f736 + 0x0f,0x88, XX4, // 3020739c ^0f88 31ffffff js 302072d3 + 0xe9, XX4, // 302073a2 -e9 59cc21d3 jmp pcsx2.03424000 + 0xc7,0x05, XX8, // 302073a7 c705 a8ad9e01 50>mov dword ptr ds:[0x19eada8],0x17eb50 + 0xa1, XX4, // 302073b1 a1 c0ae9e01 mov eax,dword ptr ds:[0x19eaec0] + 0x83,0xc0, 0x09, // 302073b6 83c0 09 add eax,0x9 + 0xa3, XX4, // 302073b9 a3 c0ae9e01 mov dword ptr ds:[0x19eaec0],eax + 0x2b,0x05, XX4, // 302073be 2b05 809e9d01 sub eax,dword ptr ds:[0x19d9e80] ; cdvdgiga.5976f736 + 0x0f,0x88, XX4, // 302073c4 ^0f88 75cbfcff js 301d3f3f + 0xe9, XX4, // 302073ca -e9 31cc21d3 jmp pcsx2.03424000 + 0x8b,0x15, XX4, // 302073cf 8b15 10ac9e01 mov edx,dword ptr ds:[0x19eac10] + 0x8b,0x0d, XX4, // 302073d5 8b0d 20ac9e01 mov ecx,dword ptr ds:[0x19eac20] + 0x83,0xc1, 0x04, // 302073db 83c1 04 add ecx,0x4 + 0x89,0xc8, // 302073de 89c8 mov eax,ecx + 0xc1,0xe8, 0x0c, // 302073e0 c1e8 0c shr eax,0xc + 0x8b,0x04,0x85, XX4, // 302073e3 8b0485 3000e511 mov eax,dword ptr ds:[eax*4+0x11e50030] + 0xbb, XX4, // 302073ea bb f9732030 mov ebx,0x302073f9 + 0x01,0xc1 // 302073ef 01c1 add ecx,eax + }; + enum { addr_offset = 0x3020734d - 0x30207334 }; + auto succ=false; + DWORD addr = SafeMatchBytesInPS2Memory(bytes, sizeof(bytes)); + //addr = 0x30403967; + if (!addr) + ConsoleOutput("Marvelous2 PS2: pattern not found"); + else { + //GROWL_DWORD(addr + addr_offset); + HookParam hp; + hp.address = addr + addr_offset; + hp.type = USING_STRING|NO_CONTEXT; // no context to get rid of return address + hp.text_fun = SpecialPS2HookMarvelous2; + ConsoleOutput("Marvelous2 PS2: INSERT"); + //GROWL_DWORD(hp.address); + succ|=NewHook(hp, "Marvelous2 PS2"); + } + + ConsoleOutput("Marvelous2 PS2: leave"); + return succ; +} + +#if 0 // jichi 7/19/2014: duplication text + +/** 7/19/2014 jichi + * Tested game: .hack//G.U. Vol.1 + */ +bool InsertNamcoPS2Hook() +{ + ConsoleOutput("Namco PS2: enter"); + const BYTE bytes[1] = { + }; + enum { addr_offset = 0 }; + + //DWORD addr = SafeMatchBytesInPSPMemory(bytes, sizeof(bytes)); + //DWORD addr = 0x303baf26; + DWORD addr = 0x303C4B72; + if (!addr) + ConsoleOutput("Namco PS2: pattern not found"); + else { + HookParam hp; + hp.address = addr + addr_offset; + hp.type = USING_STRING|USING_SPLIT; // no context to get rid of return address + hp.offset=get_reg(regs::ecx); + hp.split = hp.offset; // use ecx address to split + ConsoleOutput("Namco PS2: INSERT"); + //GROWL_DWORD(hp.address); + NewHook(hp, "Namco PS2"); + } + + ConsoleOutput("Namco PS2: leave"); + return addr; +} +#endif // 0 + +#if 0 // SEGA: loop text. BANDAI and Imageepoch should be sufficient +/** 7/25/2014 jichi sega.jp PSP engine + * Sample game: Shining Hearts + * Encoding: UTF-8 + * + * Debug method: simply add hardware break points to the matched memory + * All texts are in the memory. + * There are two memory addresses, but only one function addresses them. + * + * This function seems to be the same as Tecmo? + * + * 13513476 f0:90 lock nop ; lock prefix is not allowed + * 13513478 77 0f ja short 13513489 + * 1351347a c705 a8aa1001 38>mov dword ptr ds:[0x110aaa8],0x89cae38 + * 13513484 -e9 7bcb4ff0 jmp 03a10004 + * 13513489 8b05 7ca71001 mov eax,dword ptr ds:[0x110a77c] + * 1351348f 81e0 ffffff3f and eax,0x3fffffff + * 13513495 8bb0 00004007 mov esi,dword ptr ds:[eax+0x7400000] ; jichi: there are too many garbage here + * 1351349b 8b3d 7ca71001 mov edi,dword ptr ds:[0x110a77c] + * 135134a1 8d7f 04 lea edi,dword ptr ds:[edi+0x4] + * 135134a4 8b05 84a71001 mov eax,dword ptr ds:[0x110a784] + * 135134aa 81e0 ffffff3f and eax,0x3fffffff + * 135134b0 89b0 00004007 mov dword ptr ds:[eax+0x7400000],esi ; extract from esi + * 135134b6 8b2d 84a71001 mov ebp,dword ptr ds:[0x110a784] + * 135134bc 8d6d 04 lea ebp,dword ptr ss:[ebp+0x4] + * 135134bf 8b15 78a71001 mov edx,dword ptr ds:[0x110a778] + * 135134c5 81fa 01000000 cmp edx,0x1 + * 135134cb 8935 70a71001 mov dword ptr ds:[0x110a770],esi + * 135134d1 893d 7ca71001 mov dword ptr ds:[0x110a77c],edi + * 135134d7 892d 84a71001 mov dword ptr ds:[0x110a784],ebp + * 135134dd c705 88a71001 01>mov dword ptr ds:[0x110a788],0x1 + * 135134e7 0f84 16000000 je 13513503 + * 135134ed 832d c4aa1001 09 sub dword ptr ds:[0x110aac4],0x9 + * 135134f4 e9 23000000 jmp 1351351c + * 135134f9 013cae add dword ptr ds:[esi+ebp*4],edi + * 135134fc 9c pushfd + * 135134fd 08e9 or cl,ch + * 135134ff 20cb and bl,cl + * 13513501 4f dec edi + * 13513502 f0:832d c4aa1001>lock sub dword ptr ds:[0x110aac4],0x9 ; lock prefix + * 1351350a e9 b1000000 jmp 135135c0 + * 1351350f 015cae 9c add dword ptr ds:[esi+ebp*4-0x64],ebx + * 13513513 08e9 or cl,ch + * 13513515 0acb or cl,bl + * 13513517 4f dec edi + * 13513518 f0:90 lock nop ; lock prefix is not allowed + * 1351351a cc int3 + * 1351351b cc int3 + */ +// Read text from esi +static void SpecialPSPHookSega(hook_stack* stack, HookParam *, uintptr_t *data, uintptr_t *split, size_t*len) +{ + LPCSTR text = LPCSTR(esp_base + get_reg(regs::esi)); // esi address + if (*text) { + *data = (DWORD)text; + *len = !text[0] ? 0 : !text[1] ? 1 : text[2] ? 2 : text[3] ? 3 : 4; + *split = regof(ebx, esp_base); + } +} + +bool InsertSegaPSPHook() +{ + ConsoleOutput("SEGA PSP: enter"); + const BYTE bytes[] = { + 0x77, 0x0f, // 13513478 77 0f ja short 13513489 + 0xc7,0x05, XX8, // 1351347a c705 a8aa1001 38>mov dword ptr ds:[0x110aaa8],0x89cae38 + 0xe9, XX4, // 13513484 -e9 7bcb4ff0 jmp 03a10004 + 0x8b,0x05, XX4, // 13513489 8b05 7ca71001 mov eax,dword ptr ds:[0x110a77c] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 1351348f 81e0 ffffff3f and eax,0x3fffffff + 0x8b,0xb0, XX4, // 13513495 8bb0 00004007 mov esi,dword ptr ds:[eax+0x7400000] ; jichi: here are too many garbage + 0x8b,0x3d, XX4, // 1351349b 8b3d 7ca71001 mov edi,dword ptr ds:[0x110a77c] + 0x8d,0x7f, 0x04, // 135134a1 8d7f 04 lea edi,dword ptr ds:[edi+0x4] + 0x8b,0x05, XX4, // 135134a4 8b05 84a71001 mov eax,dword ptr ds:[0x110a784] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 135134aa 81e0 ffffff3f and eax,0x3fffffff + 0x89,0xb0 //, XX4, // 135134b0 89b0 00004007 mov dword ptr ds:[eax+0x7400000],esi ; jichi: hook here, get text in esi + }; + enum { memory_offset = 2 }; + enum { addr_offset = sizeof(bytes) - memory_offset }; + //enum { addr_offset = 0x13513495 - 0x13513478 }; + + DWORD addr = SafeMatchBytesInPSPMemory(bytes, sizeof(bytes)); + if (!addr) + ConsoleOutput("SEGA PSP: pattern not found"); + else { + HookParam hp; + hp.address = addr + addr_offset; + hp.type = USING_STRING|NO_CONTEXT; // UTF-8 + hp.text_fun = SpecialPSPHookSega; + ConsoleOutput("SEGA PSP: INSERT"); + NewHook(hp, "SEGA PSP"); + } + + ConsoleOutput("SEGA PSP: leave"); + return addr; +} +#endif // 0 + + +#if 0 // jichi 7/14/2014: TODO there is text duplication issue? + +/** 7/13/2014 jichi SHADE.co.jp PSP engine + * Sample game: とある科学の趛�磁� (b-railgun.iso) + * + * CheatEngine/Ollydbg shew there are 4 memory hits to full text in SHIFT-JIS. + * CheatEngine is not able to trace JIT instructions. + * Ollydbg can track the latter two memory accesses > 0x1ffffffff + * + * The third access is 12ab3d64. There is one write access and 3 read accesses. + * But all the accesses are in a loop. + * So, the extracted text would suffer from infinite loop problem. + * + * Memory range: 0x0400000 - 139f000 + * + * 13400e10 90 nop + * 13400e11 cc int3 + * 13400e12 cc int3 + * 13400e13 cc int3 + * 13400e14 77 0f ja short 13400e25 + * 13400e16 c705 a8aa1001 08>mov dword ptr ds:[0x110aaa8],0x88c1308 + * 13400e20 -e9 dff161f3 jmp 06a20004 + * 13400e25 8b35 78a71001 mov esi,dword ptr ds:[0x110a778] + * 13400e2b 81c6 01000000 add esi,0x1 + * 13400e31 8b05 78a71001 mov eax,dword ptr ds:[0x110a778] + * 13400e37 81e0 ffffff3f and eax,0x3fffffff + * 13400e3d 0fb6b8 00004007 movzx edi,byte ptr ds:[eax+0x7400000] ; jichi: the data is in [eax+0x7400000] + * 13400e44 8b2d 78a71001 mov ebp,dword ptr ds:[0x110a778] + * 13400e4a 8d6d 01 lea ebp,dword ptr ss:[ebp+0x1] + * 13400e4d 81ff 00000000 cmp edi,0x0 + * 13400e53 8935 70a71001 mov dword ptr ds:[0x110a770],esi + * 13400e59 893d 74a71001 mov dword ptr ds:[0x110a774],edi + * 13400e5f 892d 78a71001 mov dword ptr ds:[0x110a778],ebp + * 13400e65 0f84 16000000 je 13400e81 + * 13400e6b 832d c4aa1001 04 sub dword ptr ds:[0x110aac4],0x4 + * 13400e72 e9 21000000 jmp 13400e98 + * 13400e77 010c13 add dword ptr ds:[ebx+edx],ecx + * 13400e7a 8c08 mov word ptr ds:[eax],cs + * 13400e7c -e9 a2f161f3 jmp 06a20023 + * 13400e81 832d c4aa1001 04 sub dword ptr ds:[0x110aac4],0x4 + * 13400e88 e9 7f000000 jmp 13400f0c + * 13400e8d 0118 add dword ptr ds:[eax],ebx + * 13400e8f 138c08 e98cf161 adc ecx,dword ptr ds:[eax+ecx+0x61f18ce9> + * 13400e96 f3: prefix rep: ; superfluous prefix + * 13400e97 90 nop + * 13400e98 77 0f ja short 13400ea9 + * 13400e9a c705 a8aa1001 0c>mov dword ptr ds:[0x110aaa8],0x88c130c + * 13400ea4 -e9 5bf161f3 jmp 06a20004 + * 13400ea9 8b05 78a71001 mov eax,dword ptr ds:[0x110a778] + * 13400eaf 81e0 ffffff3f and eax,0x3fffffff + * 13400eb5 0fb6b0 00004007 movzx esi,byte ptr ds:[eax+0x7400000] + * 13400ebc 8b3d 78a71001 mov edi,dword ptr ds:[0x110a778] + * 13400ec2 8d7f 01 lea edi,dword ptr ds:[edi+0x1] + * 13400ec5 81fe 00000000 cmp esi,0x0 + * 13400ecb 8935 74a71001 mov dword ptr ds:[0x110a774],esi + * 13400ed1 893d 78a71001 mov dword ptr ds:[0x110a778],edi + * 13400ed7 0f84 16000000 je 13400ef3 + * 13400edd 832d c4aa1001 03 sub dword ptr ds:[0x110aac4],0x3 + * 13400ee4 ^e9 afffffff jmp 13400e98 + * 13400ee9 010c13 add dword ptr ds:[ebx+edx],ecx + * 13400eec 8c08 mov word ptr ds:[eax],cs + * 13400eee -e9 30f161f3 jmp 06a20023 + * 13400ef3 832d c4aa1001 03 sub dword ptr ds:[0x110aac4],0x3 + * 13400efa e9 0d000000 jmp 13400f0c + * 13400eff 0118 add dword ptr ds:[eax],ebx + * 13400f01 138c08 e91af161 adc ecx,dword ptr ds:[eax+ecx+0x61f11ae9> + * 13400f08 f3: prefix rep: ; superfluous prefix + * 13400f09 90 nop + * 13400f0a cc int3 + * 13400f0b cc int3 + */ +static void SpecialPSPHookShade(hook_stack* stack, HookParam *hp, BYTE, uintptr_t *data, uintptr_t *split, size_t*len) +{ + DWORD eax = regof(eax, esp_base); + LPCSTR text = LPCSTR(eax + hp->user_value); + if (*text) { + *data = (DWORD)text; + *len = ::strlen(text); + } +} + +bool InsertShadePSPHook() +{ + ConsoleOutput("Shade PSP: enter"); + // TODO: Query MEM_Mapped at runtime + // http://msdn.microsoft.com/en-us/library/windows/desktop/aa366902%28v=vs.85%29.aspx + enum : DWORD { StartAddress = 0x13390000, StopAddress = 0x13490000 }; + + const BYTE bytes[] = { + 0xcc, // 13400e12 cc int3 + 0xcc, // 13400e13 cc int3 + 0x77, 0x0f, // 13400e14 77 0f ja short 13400e25 + 0xc7,0x05, XX8, // 13400e16 c705 a8aa1001 08>mov dword ptr ds:[0x110aaa8],0x88c1308 + 0xe9, XX4, // 13400e20 -e9 dff161f3 jmp 06a20004 + 0x8b,0x35, XX4, // 13400e25 8b35 78a71001 mov esi,dword ptr ds:[0x110a778] + 0x81,0xc6, 0x01,0x00,0x00,0x00, // 13400e2b 81c6 01000000 add esi,0x1 + 0x8b,0x05, XX4, // 13400e31 8b05 78a71001 mov eax,dword ptr ds:[0x110a778] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 13400e37 81e0 ffffff3f and eax,0x3fffffff + 0x0f,0xb6,0xb8, XX4, // 13400e3d 0fb6b8 00004007 movzx edi,byte ptr ds:[eax+0x7400000] ; jichi: the data is in [eax+0x7400000] + 0x8b,0x2d, XX4, // 13400e44 8b2d 78a71001 mov ebp,dword ptr ds:[0x110a778] + 0x8d,0x6d, 0x01, // 13400e4a 8d6d 01 lea ebp,dword ptr ss:[ebp+0x1] + 0x81,0xff, 0x00,0x00,0x00,0x00 // 13400e4d 81ff 00000000 cmp edi,0x0 + }; + enum{ memory_offset = 3 }; + enum { addr_offset = 0x13400e3d - 0x13400e12 }; + + ULONG addr = SafeMatchBytesInPSPMemory(bytes, sizeof(bytes)); + if (!addr) + ConsoleOutput("Shade PSP: failed"); + else { + HookParam hp; + hp.address = addr + addr_offset; + hp.user_value = *(DWORD *)(hp.address + memory_offset); + hp.text_fun = SpecialPSPHookShade; + hp.type = USING_STRING; + ConsoleOutput("Shade PSP: INSERT"); + + // CHECKPOINT 7/14/2014: This would crash vnrcli + // I do not have permission to modify the JIT code region? + NewHook(hp, "Shade PSP"); + } + + //DWORD peek = 0x13400e14; + //GROWL_DWORD(*(BYTE *)peek); // supposed to be 0x77 ja + ConsoleOutput("Shade PSP: leave"); + return addr; +} + +#endif // 0 + +#if 0 // jichi 7/17/2014: Disabled as there are so many text threads +/** jichi 7/17/2014 alternative Alchemist hook + * + * Sample game: your diary+ (moe-ydp.iso) + * The debugging method is the same as Alchemist1. + * + * It seems that hooks found in Alchemist games + * also exist in other games. + * + * This function is executed in a looped. + * + * 13400e12 cc int3 + * 13400e13 cc int3 + * 13400e14 77 0f ja short 13400e25 + * 13400e16 c705 a8aa1001 84>mov dword ptr ds:[0x110aaa8],0x8931084 + * 13400e20 -e9 dff148f0 jmp 03890004 + * 13400e25 8b05 78a71001 mov eax,dword ptr ds:[0x110a778] + * 13400e2b 81e0 ffffff3f and eax,0x3fffffff + * 13400e31 0fbeb0 00004007 movsx esi,byte ptr ds:[eax+0x7400000] ; jichi: hook here + * 13400e38 8b3d 78a71001 mov edi,dword ptr ds:[0x110a778] + * 13400e3e 81fe 00000000 cmp esi,0x0 + * 13400e44 893d 7ca71001 mov dword ptr ds:[0x110a77c],edi + * 13400e4a 8935 80a71001 mov dword ptr ds:[0x110a780],esi + * 13400e50 0f85 16000000 jnz 13400e6c + * 13400e56 832d c4aa1001 03 sub dword ptr ds:[0x110aac4],0x3 + * 13400e5d e9 16010000 jmp 13400f78 + * 13400e62 01a0 109308e9 add dword ptr ds:[eax+0xe9089310],esp + * 13400e68 b7 f1 mov bh,0xf1 + * 13400e6a 48 dec eax + * 13400e6b f0:832d c4aa1001>lock sub dword ptr ds:[0x110aac4],0x3 ; lock prefix + * 13400e73 e9 0c000000 jmp 13400e84 + * 13400e78 0190 109308e9 add dword ptr ds:[eax+0xe9089310],edx + * 13400e7e a1 f148f090 mov eax,dword ptr ds:[0x90f048f1] + * 13400e83 cc int3 + * 13400e84 77 0f ja short 13400e95 + * 13400e86 c705 a8aa1001 90>mov dword ptr ds:[0x110aaa8],0x8931090 + * 13400e90 -e9 6ff148f0 jmp 03890004 + * 13400e95 8b35 78a71001 mov esi,dword ptr ds:[0x110a778] + * 13400e9b 8d76 01 lea esi,dword ptr ds:[esi+0x1] + * 13400e9e 8bc6 mov eax,esi + * 13400ea0 81e0 ffffff3f and eax,0x3fffffff + * 13400ea6 0fbeb8 00004007 movsx edi,byte ptr ds:[eax+0x7400000] + * 13400ead 81ff 00000000 cmp edi,0x0 + * 13400eb3 8935 78a71001 mov dword ptr ds:[0x110a778],esi + * 13400eb9 893d 80a71001 mov dword ptr ds:[0x110a780],edi + * 13400ebf 0f84 25000000 je 13400eea + * 13400ec5 8b35 78a71001 mov esi,dword ptr ds:[0x110a778] + * 13400ecb 8d76 01 lea esi,dword ptr ds:[esi+0x1] + * 13400ece 8935 78a71001 mov dword ptr ds:[0x110a778],esi + * 13400ed4 832d c4aa1001 04 sub dword ptr ds:[0x110aac4],0x4 + * 13400edb e9 24000000 jmp 13400f04 + * 13400ee0 019410 9308e939 add dword ptr ds:[eax+edx+0x39e90893],ed> + * 13400ee7 f1 int1 + * 13400ee8 48 dec eax + * 13400ee9 f0:832d c4aa1001>lock sub dword ptr ds:[0x110aac4],0x4 ; lock prefix + * 13400ef1 e9 82000000 jmp 13400f78 + * 13400ef6 01a0 109308e9 add dword ptr ds:[eax+0xe9089310],esp + * 13400efc 23f1 and esi,ecx + * 13400efe 48 dec eax + * 13400eff f0:90 lock nop ; lock prefix is not allowed + * 13400f01 cc int3 + * 13400f02 cc int3 + */ +// jichi 7/17/2014: Why this function is exactly the same as SpecialPSPHookImageepoch? +static void SpecialPSPHookAlchemist3(hook_stack* stack, HookParam *hp, BYTE, uintptr_t *data, uintptr_t *split, size_t*len) +{ + DWORD eax = regof(eax, esp_base); + DWORD text = eax + hp->user_value; + static DWORD lasttext; + if (text != lasttext && *(LPCSTR)text) { + *data = lasttext = text; + *len = ::strlen((LPCSTR)text); + *split = regof(ecx, esp_base); // use ecx "this" as split value? + } +} +bool InsertAlchemist3PSPHook() +{ + ConsoleOutput("Alchemist3 PSP: enter"); + const BYTE bytes[] = { + //0xcc, // 13400e12 cc int3 + //0xcc, // 13400e13 cc int3 + 0x77, 0x0f, // 13400e14 77 0f ja short 13400e25 + 0xc7,0x05, XX8, // 13400e16 c705 a8aa1001 84>mov dword ptr ds:[0x110aaa8],0x8931084 + 0xe9, XX4, // 13400e20 -e9 dff148f0 jmp 03890004 + 0x8b,0x05, XX4, // 13400e25 8b05 78a71001 mov eax,dword ptr ds:[0x110a778] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 13400e2b 81e0 ffffff3f and eax,0x3fffffff + 0x0f,0xbe,0xb0, XX4, // 13400e31 0fbeb0 00004007 movsx esi,byte ptr ds:[eax+0x7400000] ; jichi: hook here + 0x8b,0x3d, XX4, // 13400e38 8b3d 78a71001 mov edi,dword ptr ds:[0x110a778] + 0x81,0xfe, 0x00,0x00,0x00,0x00, // 13400e3e 81fe 00000000 cmp esi,0x0 + 0x89,0x3d, XX4, // 13400e44 893d 7ca71001 mov dword ptr ds:[0x110a77c],edi + 0x89,0x35, XX4, // 13400e4a 8935 80a71001 mov dword ptr ds:[0x110a780],esi + 0x0f,0x85 //, 16000000 // 13400e50 0f85 16000000 jnz 13400e6c + }; + enum { memory_offset = 3 }; + enum { addr_offset = 0x13407711 - 0x134076f4 }; + + DWORD addr = SafeMatchBytesInPSPMemory(bytes, sizeof(bytes)); + if (!addr) + ConsoleOutput("Alchemist3 PSP: pattern not found"); + else { + HookParam hp; + hp.address = addr + addr_offset; + hp.user_value = *(DWORD *)(hp.address + memory_offset); // use module to pass membase + hp.text_fun = SpecialPSPHookAlchemist3; + hp.type = USING_STRING|NO_CONTEXT; // no context is needed to get rid of variant retaddr + ConsoleOutput("Alchemist3 PSP: INSERT"); + NewHook(hp, "Alchemist3 PSP"); + } + + ConsoleOutput("Alchemist3 PSP: leave"); + return addr; +} +#endif // 0 +/** jichi 7/19/2014 PCSX2 + * Tested wit pcsx2-v1.2.1-328-gef0e3fe-windows-x86, built at http://buildbot.orphis.net/pcsx2 + */ +bool InsertPCSX2Hooks() +{ + memcpy(spDefault.pattern, Array{ 0x89, 0xc8, 0xc1, 0xe8, 0x0c }, spDefault.length = 5); + spDefault.minAddress = 0; + spDefault.maxAddress = -1ULL; + spDefault.offset = 0; + spDefault.searchTime = 60'000; + spDefault.maxRecords = 500'000; + spDefault.padding = 0x20000000; + ConsoleOutput("PCSX2 detected (searching for hooks may work)"); + // TODO: Add generic hooks + return InsertTypeMoonPS2Hook() + || InsertMarvelousPS2Hook() + || InsertMarvelous2PS2Hook(); +} + +bool PCSX2::attach_function() { + + return InsertPCSX2Hooks(); +} \ No newline at end of file diff --git a/LunaHook/engine32/PCSX2.h b/LunaHook/engine32/PCSX2.h new file mode 100644 index 0000000..928a8fb --- /dev/null +++ b/LunaHook/engine32/PCSX2.h @@ -0,0 +1,12 @@ +#include"engine.h" + +class PCSX2:public ENGINE{ + public: + PCSX2(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"pcsx2*.exe"; //PCSX2.exe or PCSX2WX.exe + }; + bool attach_function(); + +}; \ No newline at end of file diff --git a/LunaHook/engine32/PONScripter.cpp b/LunaHook/engine32/PONScripter.cpp new file mode 100644 index 0000000..09c7ea2 --- /dev/null +++ b/LunaHook/engine32/PONScripter.cpp @@ -0,0 +1,119 @@ +#include"PONScripter.h" + +bool InsertPONScripterHook() +{ + if (DWORD str = MemDbg::findBytes("CBString::Failure in (CBString", 30, processStartAddress, processStopAddress)) + { + if (DWORD calledAt = MemDbg::findBytes(&str, sizeof(str), processStartAddress, processStopAddress)) + { + DWORD funcs[] = { 0xec8b55, 0xe58955 }; + DWORD addr = MemDbg::findBytes(funcs, 3, calledAt - 0x100, calledAt); + if (!addr) addr = MemDbg::findBytes(funcs + 1, 3, calledAt - 0x100, calledAt); + if (addr) + { + HookParam hp; + hp.address = addr; + hp.type = USING_STRING | CODEC_UTF8 | DATA_INDIRECT; + hp.offset=get_stack(1); + hp.index = 0xc; + return NewHook(hp, "PONScripter"); + } + else ConsoleOutput("failed to find function start"); + } + else ConsoleOutput("failed to find string reference"); + } + else ConsoleOutput("failed to find string"); + return false; +} +bool PONScripterFilter(LPVOID data, size_t *size, HookParam *) +{ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + static std::string prevText; + + for (int i=0; i<*len; i++) { + if (text[i] == '^' || text[i]=='@' || text[i]=='\\' || text[i]=='\n') { + text[i] = '\0'; + *len = i; + break; + } + } + + if (!prevText.compare(text)) + return false; + prevText = text; + + StringFilter(text, len, "#", 7); // remove # followed by 6 chars + + return true; +} + +bool InsertPONScripterEngHook() +{ + + /* + * Sample games: + * https://vndb.org/v24770 + */ + const BYTE bytes[] = { + 0x89, 0xD0, // mov eax,edx + 0x8D, 0x75, 0xD8, // lea esi,[ebp-28] + 0x89, 0x55, 0xB4, // mov [ebp-4C],edx + 0x83, 0xC0, 0x01, // add eax,01 + 0x89, 0x45, 0xC0 // mov [ebp-40],eax << hook here + }; + enum { addr_offset = sizeof(bytes) - 3 }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + ConsoleOutput("PONScripterEng: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr + addr_offset; + hp.offset=get_reg(regs::eax); + hp.type = USING_STRING|CODEC_UTF8; + hp.filter_fun = PONScripterFilter; + ConsoleOutput("INSERT PONScripterEng"); + return NewHook(hp, "PONScripterEng"); +} + +bool InsertPONScripterJapHook() +{ + + /* + * Sample games: + * https://vndb.org/v24770 + */ + const BYTE bytes[] = { + 0x8D, 0x87, XX4, // lea eax,[edi+00000198] << hook here + 0x8B, 0x0D, XX4, // mov ecx,[ciconia_phase1.exe+3D82C0] + 0x89, 0x55, 0xB4, // mov [ebp-4C],edx + 0xC6, 0x45, 0xAE, 0x00, // mov byte ptr [ebp-52],00 + 0x89, 0x45, 0xA4, // mov [ebp-5C],eax + 0x8B, 0x01, // mov eax,[ecx] + 0x8B, 0x75, 0xB4 // mov esi,[ebp-4C] + }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + ConsoleOutput("PONScripterJap: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::edx); + hp.type = USING_STRING|CODEC_UTF8; + hp.filter_fun = PONScripterFilter; + ConsoleOutput("INSERT PONScripterJap"); + return NewHook(hp, "PONScripterJap"); +} +bool PONScripter::attach_function() { + + bool ok = InsertPONScripterEngHook() && InsertPONScripterJapHook(); + return ok || InsertPONScripterHook(); // If a language hook is missing, the original code is executed +} \ No newline at end of file diff --git a/LunaHook/engine32/PONScripter.h b/LunaHook/engine32/PONScripter.h new file mode 100644 index 0000000..377342b --- /dev/null +++ b/LunaHook/engine32/PONScripter.h @@ -0,0 +1,11 @@ +#include"engine.h" + +class PONScripter:public ENGINE{ + public: + PONScripter(){ + + check_by=CHECK_BY::FILE_ANY; + check_by_target=check_by_list{L"Proportional ONScripter",L"ponscr.exe"}; + }; + bool attach_function(); +}; diff --git a/LunaHook/engine32/PPSSPP.cpp b/LunaHook/engine32/PPSSPP.cpp new file mode 100644 index 0000000..3467616 --- /dev/null +++ b/LunaHook/engine32/PPSSPP.cpp @@ -0,0 +1,3730 @@ + +#include"PPSSPP.h" + +#include"ppsspp/psputils.hpp" +#include "ppsspp/funcinfo.h" +namespace { // unnamed + +inline bool _bandaigarbage_ch(char c) +{ + return c == ' ' || c == '/' || c == '#' || c == '.' || c == ':' + || c >= '0' && c <= '9' + || c >= 'A' && c <= 'z'; // also ignore ASCII 91-96: [ \ ] ^ _ ` +} + +// Remove trailing /L/P or #n garbage +size_t _bandaistrlen(LPCSTR text) +{ + size_t len = ::strlen(text); + size_t ret = len; + while (len && _bandaigarbage_ch(text[len - 1])) { + len--; + if (text[len] == '/' || text[len] == '#') // in case trim UTF-8 trailing bytes + ret = len; + } + return ret; +} + +// Trim leading garbage +LPCSTR _bandailtrim(LPCSTR p) +{ + enum { MAX_LENGTH = VNR_TEXT_CAPACITY }; + if (p) + for (int count = 0; *p && count < MAX_LENGTH; count++, p++) + if (!_bandaigarbage_ch(*p)) + return p; + return nullptr; +} +} // unnamed namespae + + + +static void SpecialPSPHookBandai(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) +{ + DWORD eax = stack->eax; + LPCSTR text = LPCSTR(eax + hp->user_value); + + if (*text) { + //lasttext = text; + text = _bandailtrim(text); + *data = (DWORD)text; + *len = _bandaistrlen(text); + + // Issue: The split value will create lots of threads for Shining Hearts + //*split = regof(ecx, esp_base); // works for Shool Rumble, but mix character name for Shining Hearts + *split = stack->edi; // works for Shining Hearts to split character name + } +} + +// 7/22/2014 jichi: This engine works for multiple game? +// It is also observed in Broccoli game ぁ�の�リンスさまっ. +bool InsertBandaiPSPHook() +{ + ConsoleOutput("BANDAI PSP: enter"); + + const BYTE bytes[] = { + 0x77, 0x0f, // 13400560 77 0f ja short 13400571 + 0xc7,0x05, XX8, // 13400562 c705 a8aa1001 cc>mov dword ptr ds:[0x110aaa8],0x883decc + 0xe9, XX4, // 1340056c -e9 93fa54f0 jmp 03950004 + 0x8b,0x35, XX4, // 13400571 8b35 78a71001 mov esi,dword ptr ds:[0x110a778] + 0x81,0xc6, 0x01,0x00,0x00,0x00, // 13400577 81c6 01000000 add esi,0x1 + 0x8b,0x05, XX4, // 1340057d 8b05 78a71001 mov eax,dword ptr ds:[0x110a778] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 13400583 81e0 ffffff3f and eax,0x3fffffff + 0x0f,0xb6,0xb8, XX4, // 13400589 0fb6b8 00004007 movzx edi,byte ptr ds:[eax+0x7400000] ; jichi: hook here + 0x8b,0x2d, XX4, // 13400590 8b2d 78a71001 mov ebp,dword ptr ds:[0x110a778] + 0x8d,0x6d, 0x01, // 13400596 8d6d 01 lea ebp,dword ptr ss:[ebp+0x1] + 0x81,0xff, 0x00,0x00,0x00,0x00 // 13400599 81ff 00000000 cmp edi,0x0 + }; + enum { memory_offset = 3 }; // 13400589 0fb6b8 00004007 movzx edi,byte ptr ds:[eax+0x7400000] + enum { addr_offset = 0x13400589 - 0x13400560 }; + auto succ=false; + DWORD addr = SafeMatchBytesInPSPMemory(bytes, sizeof(bytes)); + if (!addr) + ConsoleOutput("BANDAI PSP: pattern not found"); + else { + HookParam hp; + hp.address = addr + addr_offset; + hp.user_value = *(DWORD *)(hp.address + memory_offset); + hp.type = USING_STRING|USING_SPLIT|NO_CONTEXT; + //hp.offset=get_reg(regs::eax); + hp.text_fun = SpecialPSPHookBandai; + ConsoleOutput("BANDAI PSP: INSERT"); + succ|=NewHook(hp, "BANDAI PSP"); + } + + ConsoleOutput("BANDAI PSP: leave"); + return succ; +} + + +/** 7/29/2014 jichi Otomate PPSSPP 0.9.9 + * Sample game: Amnesia Crowd + * Sample game: Amnesia Later + * + * 006db4af cc int3 + * 006db4b0 8b15 b8ebaf00 mov edx,dword ptr ds:[0xafebb8] ; ppssppwi.01134988 + * 006db4b6 56 push esi + * 006db4b7 8b42 10 mov eax,dword ptr ds:[edx+0x10] + * 006db4ba 25 ffffff3f and eax,0x3fffffff + * 006db4bf 0305 94411301 add eax,dword ptr ds:[0x1134194] + * 006db4c5 8d70 01 lea esi,dword ptr ds:[eax+0x1] + * 006db4c8 8a08 mov cl,byte ptr ds:[eax] ; jichi: hook here, get text in [eax] + * 006db4ca 40 inc eax + * 006db4cb 84c9 test cl,cl + * 006db4cd ^75 f9 jnz short ppssppwi.006db4c8 + * 006db4cf 2bc6 sub eax,esi + * 006db4d1 8942 08 mov dword ptr ds:[edx+0x8],eax + * 006db4d4 5e pop esi + * 006db4d5 8d0485 07000000 lea eax,dword ptr ds:[eax*4+0x7] + * 006db4dc c3 retn + * 006db4dd cc int3 + */ +static void SpecialPPSSPPHookOtomate(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) +{ + // 006db4b7 8b42 10 mov eax,dword ptr ds:[edx+0x10] ; jichi: hook here + // 006db4ba 25 ffffff3f and eax,0x3fffffff + // 006db4bf 0305 94411301 add eax,dword ptr ds:[0x1134194]; jichi: ds offset + // 006db4c5 8d70 01 lea esi,dword ptr ds:[eax+0x1] + DWORD edx = stack->edx; + DWORD eax = *(DWORD *)(edx + 0x10); + eax &= 0x3fffffff; + eax += *(DWORD *)hp->user_value; + + //DWORD eax = regof(eax, esp_base); + LPCSTR text = LPCSTR(eax); + if (*text) { + text = _bandailtrim(text); // the same as bandai PSP + *data = (DWORD)text; + *len = _bandaistrlen(text); + + *split = stack->ecx; // the same as Otomate PSP hook + //DWORD ecx = regof(ecx, esp_base); // the same as Otomate PSP hook + //*split = ecx ? ecx : (FIXED_SPLIT_VALUE << 2); + //*split = ecx & 0xffffff00; // skip cl which is used + } +} +bool InsertOtomatePPSSPPHook() +{ + ConsoleOutput("Otomate PPSSPP: enter"); + const BYTE bytes[] = { + 0x8b,0x15, XX4, // 006db4b0 8b15 b8ebaf00 mov edx,dword ptr ds:[0xafebb8] ; ppssppwi.01134988 + 0x56, // 006db4b6 56 push esi + 0x8b,0x42, 0x10, // 006db4b7 8b42 10 mov eax,dword ptr ds:[edx+0x10] ; jichi: hook here + 0x25, 0xff,0xff,0xff,0x3f, // 006db4ba 25 ffffff3f and eax,0x3fffffff + 0x03,0x05, XX4, // 006db4bf 0305 94411301 add eax,dword ptr ds:[0x1134194]; jichi: ds offset + 0x8d,0x70, 0x01, // 006db4c5 8d70 01 lea esi,dword ptr ds:[eax+0x1] + 0x8a,0x08, // 006db4c8 8a08 mov cl,byte ptr ds:[eax] ; jichi: hook here + 0x40, // 006db4ca 40 inc eax + 0x84,0xc9, // 006db4cb 84c9 test cl,cl + 0x75, 0xf9, // 006db4cd ^75 f9 jnz short ppssppwi.006db4c8 + 0x2b,0xc6, // 006db4cf 2bc6 sub eax,esi + 0x89,0x42, 0x08, // 006db4d1 8942 08 mov dword ptr ds:[edx+0x8],eax + 0x5e, // 006db4d4 5e pop esi + 0x8d,0x04,0x85, 0x07,0x00,0x00,0x00 // 006db4d5 8d0485 07000000 lea eax,dword ptr ds:[eax*4+0x7] + }; + //enum { addr_offset = 0x006db4c8 - 0x006db4b0 }; + enum { addr_offset = 0x006db4b7 - 0x006db4b0 }; + enum { ds_offset = 0x006db4bf - 0x006db4b0 + 2 }; + auto succ=false; + DWORD addr = SafeFindBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + //GROWL_DWORD(addr); + if (!addr) + ConsoleOutput("Otomate PPSSPP: pattern not found"); + else { + HookParam hp; + hp.address = addr + addr_offset; + hp.user_value = *(DWORD *)(addr + ds_offset); // this is the address after ds:[] + hp.type = USING_STRING|NO_CONTEXT; + hp.text_fun = SpecialPPSSPPHookOtomate; + ConsoleOutput("Otomate PPSSPP: INSERT"); + succ|=NewHook(hp, "Otomate PPSSPP"); + } + + ConsoleOutput("Otomate PPSSPP: leave"); + return succ; +} + +/** jichi 7/12/2014 PPSSPP + * Tested with PPSSPP 0.9.8. + */ +void SpecialPSPHook(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) +{ + DWORD offset = *(DWORD *)(stack->base + hp->offset); + LPCSTR text = LPCSTR(offset + hp->user_value); + static LPCSTR lasttext; + if (*text) { + *data = (DWORD)text; + // I only considered SHIFT-JIS/UTF-8 case + if (hp->length_offset == 1) + *len = 1; // only read 1 byte + else if (hp->length_offset) + *len = *(DWORD *)(stack->base + hp->length_offset); + else + *len = ::strlen(text); // should only be applied to hp->type|USING_STRING + if (hp->type & USING_SPLIT) { + if (hp->type & FIXING_SPLIT) + *split = FIXED_SPLIT_VALUE; + else + *split = *(DWORD *)(stack->base + hp->split); + } + } +} + +bool InsertPPSSPPHLEHooks() +{ + ConsoleOutput("PPSSPP HLE: enter"); + + // 0x400000 - 0x139f000 + //GROWL_DWORD2(processStartAddress, processStopAddress); + + HookParam hp; + hp.length_offset = 1; // determine string length at runtime + auto succ=false; + const PPSSPPFunction funcs[] = { PPSSPP_FUNCTIONS_INITIALIZER }; + enum { FunctionCount = sizeof(funcs) / sizeof(*funcs) }; + for (size_t i = 0; i < FunctionCount; i++) { + const auto &it = funcs[i]; + ULONG addr = MemDbg::findBytes(it.pattern, ::strlen(it.pattern), processStartAddress, processStopAddress); + if (addr + && (addr = MemDbg::findPushAddress(addr, processStartAddress, processStopAddress)) + && (addr = SafeFindEnclosingAlignedFunction(addr, 0x200)) // range = 0x200, use the safe version or it might raise + ) { + hp.address = addr; + hp.type = USING_STRING|it.hookType; + hp.offset=get_stack(it.argIndex); + hp.split = it.hookSplit; + if (hp.split) + hp.type |= USING_SPLIT; + succ|=NewHook(hp, it.hookName); + } + if (addr) + ConsoleOutput("PPSSPP HLE: found pattern"); + else + ConsoleOutput("PPSSPP HLE: not found pattern"); + //ConsoleOutput(it.hookName); // wchar_t not supported + ConsoleOutput(it.pattern); + } + ConsoleOutput("PPSSPP HLE: leave"); + return succ; +} + +/** 8/9/2014 jichi imageepoch.co.jp PSP engine, 0.9.8, 0.9.9 + * Sample game: Sol Trigger (0.9.8, 0.9.9) + * + * Though Imageepoch1 also exists, it cannot find scenario text. + * + * FIXED memory addresses (different from Imageepoch1): two matches, UTF-8 + * + * Debug method: find current text and add breakpoint. + * + * There a couple of good functions. The first one is used. + * There is only one text threads. But it cannot extract character names. + * + * 135fd497 cc int3 + * 135fd498 77 0f ja short 135fd4a9 + * 135fd49a c705 a8aa1001 20>mov dword ptr ds:[0x110aaa8],0x8952d20 + * 135fd4a4 -e9 5b2b2ef0 jmp 038e0004 + * 135fd4a9 8b35 dca71001 mov esi,dword ptr ds:[0x110a7dc] + * 135fd4af 81c6 04000000 add esi,0x4 + * 135fd4b5 8b05 a8a71001 mov eax,dword ptr ds:[0x110a7a8] + * 135fd4bb 81e0 ffffff3f and eax,0x3fffffff + * 135fd4c1 0fb6b8 00004007 movzx edi,byte ptr ds:[eax+0x7400000] ; jichi: hook here + * 135fd4c8 813d 68a71001 00>cmp dword ptr ds:[0x110a768],0x0 + * 135fd4d2 893d 78a71001 mov dword ptr ds:[0x110a778],edi + * 135fd4d8 c705 aca71001 23>mov dword ptr ds:[0x110a7ac],0x23434623 + * 135fd4e2 c705 b0a71001 30>mov dword ptr ds:[0x110a7b0],0x30303030 + * 135fd4ec 8935 b4a71001 mov dword ptr ds:[0x110a7b4],esi + * 135fd4f2 c705 b8a71001 00>mov dword ptr ds:[0x110a7b8],0x0 + * 135fd4fc 0f85 16000000 jnz 135fd518 + * 135fd502 832d c4aa1001 08 sub dword ptr ds:[0x110aac4],0x8 + * 135fd509 e9 22000000 jmp 135fd530 + * 135fd50e 01642d 95 add dword ptr ss:[ebp+ebp-0x6b],esp + * 135fd512 08e9 or cl,ch + * 135fd514 0b2b or ebp,dword ptr ds:[ebx] + * 135fd516 2e:f0:832d c4aa1>lock sub dword ptr cs:[0x110aac4],0x8 ; lock prefix + * 135fd51f c705 a8aa1001 40>mov dword ptr ds:[0x110aaa8],0x8952d40 + * 135fd529 -e9 f52a2ef0 jmp 038e0023 + * 135fd52e 90 nop + * 135fd52f cc int3 + */ +bool InsertImageepoch2PSPHook() +{ + ConsoleOutput("Imageepoch2 PSP: enter"); + + const BYTE bytes[] = { + // 135fd497 cc int3 + 0x77, 0x0f, // 135fd498 77 0f ja short 135fd4a9 + 0xc7,0x05, XX8, // 135fd49a c705 a8aa1001 20>mov dword ptr ds:[0x110aaa8],0x8952d20 + 0xe9, XX4, // 135fd4a4 -e9 5b2b2ef0 jmp 038e0004 + 0x8b,0x35, XX4, // 135fd4a9 8b35 dca71001 mov esi,dword ptr ds:[0x110a7dc] + 0x81,0xc6, 0x04,0x00,0x00,0x00, // 135fd4af 81c6 04000000 add esi,0x4 + 0x8b,0x05, XX4, // 135fd4b5 8b05 a8a71001 mov eax,dword ptr ds:[0x110a7a8] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 135fd4bb 81e0 ffffff3f and eax,0x3fffffff + 0x0f,0xb6,0xb8, XX4, // 135fd4c1 0fb6b8 00004007 movzx edi,byte ptr ds:[eax+0x7400000] ; jichi: hook here + 0x81,0x3d, XX4, 0x00,0x00,0x00,0x00, // 135fd4c8 813d 68a71001 00>cmp dword ptr ds:[0x110a768],0x0 + 0x89,0x3d, XX4, // 135fd4d2 893d 78a71001 mov dword ptr ds:[0x110a778],edi + 0xc7,0x05, XX8, // 135fd4d8 c705 aca71001 23>mov dword ptr ds:[0x110a7ac],0x23434623 + 0xc7,0x05, XX8, // 135fd4e2 c705 b0a71001 30>mov dword ptr ds:[0x110a7b0],0x30303030 + 0x89,0x35, XX4, // 135fd4ec 8935 b4a71001 mov dword ptr ds:[0x110a7b4],esi + 0xc7,0x05, XX4, 0x00,0x00,0x00,0x00, // 135fd4f2 c705 b8a71001 00>mov dword ptr ds:[0x110a7b8],0x0 + 0x0f,0x85 //, XX4, // 135fd4fc 0f85 16000000 jnz 135fd518 + }; + enum { memory_offset = 3 }; // 1346d381 0fb6a8 00004007 movzx ebp,byte ptr ds:[eax+0x7400000] + enum { addr_offset = 0x135fd4c1 - 0x135fd498 }; + auto succ=false; + DWORD addr = SafeMatchBytesInPSPMemory(bytes, sizeof(bytes)); + if (!addr) + ConsoleOutput("Imageepoch2 PSP: pattern not found"); + else { + HookParam hp; + hp.address = addr + addr_offset; + hp.user_value = *(DWORD *)(hp.address + memory_offset); + hp.type = USING_STRING|USING_SPLIT|NO_CONTEXT; // UTF-8, though + hp.offset=get_reg(regs::eax); + hp.split = get_reg(regs::ecx); + hp.text_fun = SpecialPSPHook; + ConsoleOutput("Imageepoch2 PSP: INSERT"); + succ|=NewHook(hp, "Imageepoch2 PSP"); + } + + ConsoleOutput("Imageepoch2 PSP: leave"); + return succ; +} + +/** 7/22/2014 jichi BANDAI PSP engine, 0.9.8 only + * Replaced by Otomate PPSSPP on 0.9.9. + * Sample game: School Rumble PSP 姉さん事件で�(SHIFT-JIS) + * See: http://sakuradite.com/topic/333 + * + * Sample game: 寮�のサクリファイス work on 0.9.8, not 0.9.9 + * + * + * Sample game: Shining Hearts (UTF-8) + * See: http://sakuradite.com/topic/346 + * + * The encoding could be either UTF-8 or SHIFT-JIS + * + * Debug method: breakpoint the memory address + * There are two matched memory address to the current text + * + * Only one function is accessing the text address. + * + * Character name: + * + * 1346c122 cc int3 + * 1346c123 cc int3 + * 1346c124 77 0f ja short 1346c135 + * 1346c126 c705 a8aa1001 a4>mov dword ptr ds:[0x110aaa8],0x882f2a4 + * 1346c130 -e9 cf3e2cf0 jmp 03730004 + * 1346c135 8b05 a8a71001 mov eax,dword ptr ds:[0x110a7a8] + * 1346c13b 81e0 ffffff3f and eax,0x3fffffff + * 1346c141 8bb0 14004007 mov esi,dword ptr ds:[eax+0x7400014] + * 1346c147 8b3d 70a71001 mov edi,dword ptr ds:[0x110a770] + * 1346c14d c1e7 02 shl edi,0x2 + * 1346c150 8b05 a8a71001 mov eax,dword ptr ds:[0x110a7a8] + * 1346c156 81e0 ffffff3f and eax,0x3fffffff + * 1346c15c 8ba8 18004007 mov ebp,dword ptr ds:[eax+0x7400018] + * 1346c162 03fe add edi,esi + * 1346c164 8bc7 mov eax,edi + * 1346c166 81e0 ffffff3f and eax,0x3fffffff + * 1346c16c 0fb790 02004007 movzx edx,word ptr ds:[eax+0x7400002] + * 1346c173 8bc2 mov eax,edx + * 1346c175 8bd5 mov edx,ebp + * 1346c177 03d0 add edx,eax + * 1346c179 8bc2 mov eax,edx + * 1346c17b 81e0 ffffff3f and eax,0x3fffffff + * 1346c181 0fb6b8 00004007 movzx edi,byte ptr ds:[eax+0x7400000] ; jichi: hook here + * 1346c188 8bcf mov ecx,edi + * 1346c18a 81e7 ff000000 and edi,0xff + * 1346c190 8935 74a71001 mov dword ptr ds:[0x110a774],esi + * 1346c196 8b35 b8a71001 mov esi,dword ptr ds:[0x110a7b8] + * 1346c19c 81c6 bc82ffff add esi,0xffff82bc + * 1346c1a2 81ff 00000000 cmp edi,0x0 + * 1346c1a8 893d 70a71001 mov dword ptr ds:[0x110a770],edi + * 1346c1ae 8915 78a71001 mov dword ptr ds:[0x110a778],edx + * 1346c1b4 892d 7ca71001 mov dword ptr ds:[0x110a77c],ebp + * 1346c1ba 890d 80a71001 mov dword ptr ds:[0x110a780],ecx + * 1346c1c0 8935 84a71001 mov dword ptr ds:[0x110a784],esi + * 1346c1c6 0f85 16000000 jnz 1346c1e2 + * 1346c1cc 832d c4aa1001 0b sub dword ptr ds:[0x110aac4],0xb + * 1346c1d3 e9 3c050000 jmp 1346c714 + * 1346c1d8 014cf3 82 add dword ptr ds:[ebx+esi*8-0x7e],ecx + * 1346c1dc 08e9 or cl,ch + * 1346c1de 41 inc ecx + * 1346c1df 3e:2c f0 sub al,0xf0 ; superfluous prefix + * 1346c1e2 832d c4aa1001 0b sub dword ptr ds:[0x110aac4],0xb + * 1346c1e9 e9 0e000000 jmp 1346c1fc + * 1346c1ee 01d0 add eax,edx + * 1346c1f0 f2: prefix repne: ; superfluous prefix + * 1346c1f1 8208 e9 or byte ptr ds:[eax],0xffffffe9 + * 1346c1f4 2b3e sub edi,dword ptr ds:[esi] + * 1346c1f6 2c f0 sub al,0xf0 + * 1346c1f8 90 nop + * 1346c1f9 cc int3 + * 1346c1fa cc int3 + * 1346c1fb cc int3 + * + * Scenario: + * + * 1340055d cc int3 + * 1340055e cc int3 + * 1340055f cc int3 + * 13400560 77 0f ja short 13400571 + * 13400562 c705 a8aa1001 cc>mov dword ptr ds:[0x110aaa8],0x883decc + * 1340056c -e9 93fa54f0 jmp 03950004 + * 13400571 8b35 78a71001 mov esi,dword ptr ds:[0x110a778] + * 13400577 81c6 01000000 add esi,0x1 + * 1340057d 8b05 78a71001 mov eax,dword ptr ds:[0x110a778] + * 13400583 81e0 ffffff3f and eax,0x3fffffff + * 13400589 0fb6b8 00004007 movzx edi,byte ptr ds:[eax+0x7400000] ; jichi: hook here + * 13400590 8b2d 78a71001 mov ebp,dword ptr ds:[0x110a778] + * 13400596 8d6d 01 lea ebp,dword ptr ss:[ebp+0x1] + * 13400599 81ff 00000000 cmp edi,0x0 + * 1340059f 8935 70a71001 mov dword ptr ds:[0x110a770],esi + * 134005a5 893d 74a71001 mov dword ptr ds:[0x110a774],edi + * 134005ab 892d 78a71001 mov dword ptr ds:[0x110a778],ebp + * 134005b1 0f84 16000000 je 134005cd + * 134005b7 832d c4aa1001 04 sub dword ptr ds:[0x110aac4],0x4 + * 134005be e9 21000000 jmp 134005e4 + * 134005c3 01d0 add eax,edx + * 134005c5 de83 08e956fa fiadd word ptr ds:[ebx+0xfa56e908] + * 134005cb 54 push esp + * 134005cc f0:832d c4aa1001>lock sub dword ptr ds:[0x110aac4],0x4 ; lock prefix + * 134005d4 e9 7f000000 jmp 13400658 + * 134005d9 01dc add esp,ebx + * 134005db de83 08e940fa fiadd word ptr ds:[ebx+0xfa40e908] + * 134005e1 54 push esp + * 134005e2 f0:90 lock nop ; lock prefix is not allowed + * 134005e4 77 0f ja short 134005f5 + * 134005e6 c705 a8aa1001 d0>mov dword ptr ds:[0x110aaa8],0x883ded0 + * 134005f0 -e9 0ffa54f0 jmp 03950004 + * 134005f5 8b05 78a71001 mov eax,dword ptr ds:[0x110a778] + * 134005fb 81e0 ffffff3f and eax,0x3fffffff + * 13400601 0fb6b0 00004007 movzx esi,byte ptr ds:[eax+0x7400000] + * 13400608 8b3d 78a71001 mov edi,dword ptr ds:[0x110a778] + * 1340060e 8d7f 01 lea edi,dword ptr ds:[edi+0x1] + * 13400611 81fe 00000000 cmp esi,0x0 + * 13400617 8935 74a71001 mov dword ptr ds:[0x110a774],esi + * 1340061d 893d 78a71001 mov dword ptr ds:[0x110a778],edi + * 13400623 0f84 16000000 je 1340063f + * 13400629 832d c4aa1001 03 sub dword ptr ds:[0x110aac4],0x3 + * 13400630 ^e9 afffffff jmp 134005e4 + * 13400635 01d0 add eax,edx + * 13400637 de83 08e9e4f9 fiadd word ptr ds:[ebx+0xf9e4e908] + * 1340063d 54 push esp + * 1340063e f0:832d c4aa1001>lock sub dword ptr ds:[0x110aac4],0x3 ; lock prefix + * 13400646 e9 0d000000 jmp 13400658 + * 1340064b 01dc add esp,ebx + * 1340064d de83 08e9cef9 fiadd word ptr ds:[ebx+0xf9cee908] + * 13400653 54 push esp + * 13400654 f0:90 lock nop ; lock prefix is not allowed + * 13400656 cc int3 + * 13400657 cc int3 + */ +bool InsertBandaiNamePSPHook() +{ + ConsoleOutput("BANDAI Name PSP: enter"); + + const BYTE bytes[] = { + //0xcc, // 1346c122 cc int3 + //0xcc, // 1346c123 cc int3 + 0x77, 0x0f, // 1346c124 77 0f ja short 1346c135 + 0xc7,0x05, XX8, // 1346c126 c705 a8aa1001 a4>mov dword ptr ds:[0x110aaa8],0x882f2a4 + 0xe9, XX4, // 1346c130 -e9 cf3e2cf0 jmp 03730004 + 0x8b,0x05, XX4, // 1346c135 8b05 a8a71001 mov eax,dword ptr ds:[0x110a7a8] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 1346c13b 81e0 ffffff3f and eax,0x3fffffff + 0x8b,0xb0, XX4, // 1346c141 8bb0 14004007 mov esi,dword ptr ds:[eax+0x7400014] + 0x8b,0x3d, XX4, // 1346c147 8b3d 70a71001 mov edi,dword ptr ds:[0x110a770] + 0xc1,0xe7, 0x02, // 1346c14d c1e7 02 shl edi,0x2 + 0x8b,0x05, XX4, // 1346c150 8b05 a8a71001 mov eax,dword ptr ds:[0x110a7a8] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 1346c156 81e0 ffffff3f and eax,0x3fffffff + 0x8b,0xa8, XX4, // 1346c15c 8ba8 18004007 mov ebp,dword ptr ds:[eax+0x7400018] + 0x03,0xfe, // 1346c162 03fe add edi,esi + 0x8b,0xc7, // 1346c164 8bc7 mov eax,edi + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 1346c166 81e0 ffffff3f and eax,0x3fffffff + 0x0f,0xb7,0x90, XX4, // 1346c16c 0fb790 02004007 movzx edx,word ptr ds:[eax+0x7400002] + 0x8b,0xc2, // 1346c173 8bc2 mov eax,edx + 0x8b,0xd5, // 1346c175 8bd5 mov edx,ebp + 0x03,0xd0, // 1346c177 03d0 add edx,eax + 0x8b,0xc2, // 1346c179 8bc2 mov eax,edx + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 1346c17b 81e0 ffffff3f and eax,0x3fffffff + 0x0f,0xb6,0xb8 //, XX4 // 1346c181 0fb6b8 00004007 movzx edi,byte ptr ds:[eax+0x7400000] ; jichi: hook here + }; + enum { memory_offset = 3 }; // 1346c181 0fb6b8 00004007 movzx edi,byte ptr ds:[eax+0x7400000] + enum { addr_offset = sizeof(bytes) - memory_offset }; + auto succ=false; + DWORD addr = SafeMatchBytesInPSPMemory(bytes, sizeof(bytes)); + if (!addr) + ConsoleOutput("BANDAI Name PSP: pattern not found"); + else { + HookParam hp; + hp.address = addr + addr_offset; + hp.user_value = *(DWORD *)(hp.address + memory_offset); + hp.type = USING_STRING|USING_SPLIT|NO_CONTEXT; + hp.offset=get_reg(regs::eax); + hp.split = get_reg(regs::ebx); + hp.text_fun = SpecialPSPHook; + ConsoleOutput("BANDAI Name PSP: INSERT"); + succ|=NewHook(hp, "BANDAI Name PSP"); + } + + ConsoleOutput("BANDAI Name PSP: leave"); + return succ; +} + +/** 7/26/2014 jichi Otomate PSP engine, 0.9.8 only, 0.9.9 not work + * Replaced by Otomate PPSSPP on 0.9.9. + * + * Sample game: クロノスタシア + * Sample game: フォトカ�(repetition) + * + * Not work on 0.9.9: Amnesia Crowd + * + * The instruction pattern also exist in 0.9.9. But the function is not called. + * + * Memory address is FIXED. + * Debug method: breakpoint the memory address + * + * The memory access of the function below is weird that the accessed value is 2 bytes after the real text. + * + * PPSSPP 0.9.8, クロノスタシア + * 13c00fe1 cc int3 + * 13c00fe2 cc int3 + * 13c00fe3 cc int3 + * 13c00fe4 77 0f ja short 13c00ff5 + * 13c00fe6 c705 a8aa1001 30>mov dword ptr ds:[0x110aaa8],0x884b330 + * 13c00ff0 -e9 0ff0edf2 jmp 06ae0004 + * 13c00ff5 8b05 78a71001 mov eax,dword ptr ds:[0x110a778] + * 13c00ffb 81e0 ffffff3f and eax,0x3fffffff + * 13c01001 0fbeb0 0000c007 movsx esi,byte ptr ds:[eax+0x7c00000] ; jichi: hook here + * 13c01008 81fe 00000000 cmp esi,0x0 ; jichi: hook here, get the esi value + * 13c0100e 8935 80a71001 mov dword ptr ds:[0x110a780],esi + * 13c01014 0f84 25000000 je 13c0103f + * 13c0101a 8b35 78a71001 mov esi,dword ptr ds:[0x110a778] + * 13c01020 8d76 01 lea esi,dword ptr ds:[esi+0x1] + * 13c01023 8935 78a71001 mov dword ptr ds:[0x110a778],esi + * 13c01029 832d c4aa1001 03 sub dword ptr ds:[0x110aac4],0x3 + * 13c01030 ^e9 afffffff jmp 13c00fe4 + * 13c01035 0130 add dword ptr ds:[eax],esi + * 13c01037 b3 84 mov bl,0x84 + * 13c01039 08e9 or cl,ch + * 13c0103b e4 ef in al,0xef ; i/o command + * 13c0103d ed in eax,dx ; i/o command + * 13c0103e f2: prefix repne: ; superfluous prefix + * 13c0103f 832d c4aa1001 03 sub dword ptr ds:[0x110aac4],0x3 + * 13c01046 e9 0d000000 jmp 13c01058 + * 13c0104b 013cb3 add dword ptr ds:[ebx+esi*4],edi + * 13c0104e 8408 test byte ptr ds:[eax],cl + * 13c01050 -e9 ceefedf2 jmp 06ae0023 + * 13c01055 90 nop + * 13c01056 cc int3 + * 13c01057 cc int3 + */ +// TODO: is reverse_strlen a better choice? +// Read text from esi +static void SpecialPSPHookOtomate(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) +{ + //static uniquemap uniq; + DWORD eax = stack->eax; + LPCSTR text = LPCSTR(eax + hp->user_value - 2); // -2 to read 1 word more from previous location + if (*text) { + *split = stack->ecx; // this would cause lots of texts, but it works for all games + //*split = regof(ecx, esp_base) & 0xff00; // only use higher bits + *data = (DWORD)text; + size_t sz = ::strlen(text); + *len = sz == 3 ? 3 : 1; // handling the last two bytes + } +} + +bool InsertOtomatePSPHook() +{ + ConsoleOutput("Otomate PSP: enter"); + const BYTE bytes[] = { + 0x77, 0x0f, // 13c00fe4 77 0f ja short 13c00ff5 + 0xc7,0x05, XX8, // 13c00fe6 c705 a8aa1001 30>mov dword ptr ds:[0x110aaa8],0x884b330 + 0xe9, XX4, // 13c00ff0 -e9 0ff0edf2 jmp 06ae0004 + 0x8b,0x05, XX4, // 13c00ff5 8b05 78a71001 mov eax,dword ptr ds:[0x110a778] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 13c00ffb 81e0 ffffff3f and eax,0x3fffffff + 0x0f,0xbe,0xb0, XX4, // 13c01001 0fbeb0 0000c007 movsx esi,byte ptr ds:[eax+0x7c00000] ; jichi: hook here + 0x81,0xfe, 0x00,0x00,0x00,0x00, // 13c01008 81fe 00000000 cmp esi,0x0 + 0x89,0x35, XX4, // 13c0100e 8935 80a71001 mov dword ptr ds:[0x110a780],esi + 0x0f,0x84, 0x25,0x00,0x00,0x00, // 13c01014 0f84 25000000 je 13c0103f + 0x8b,0x35, XX4, // 13c0101a 8b35 78a71001 mov esi,dword ptr ds:[0x110a778] + 0x8d,0x76, 0x01, // 13c01020 8d76 01 lea esi,dword ptr ds:[esi+0x1] + 0x89,0x35, XX4, // 13c01023 8935 78a71001 mov dword ptr ds:[0x110a778],esi + 0x83,0x2d, XX4, 0x03 // 13c01029 832d c4aa1001 03 sub dword ptr ds:[0x110aac4],0x3 + }; + enum { memory_offset = 3 }; + //enum { addr_offset = 0x13c01008 - 0x13c00fe4 }; + enum { addr_offset = 0x13c01001- 0x13c00fe4 }; + auto succ=false; + DWORD addr = SafeMatchBytesInPSPMemory(bytes, sizeof(bytes)); + //GROWL_DWORD(addr); + if (!addr) + ConsoleOutput("Otomate PSP: pattern not found"); + else { + HookParam hp; + hp.address = addr + addr_offset; + hp.user_value = *(DWORD *)(hp.address + memory_offset); + hp.type = USING_STRING|NO_CONTEXT; + hp.text_fun = SpecialPSPHookOtomate; + ConsoleOutput("Otomate PSP: INSERT"); + succ|=NewHook(hp, "Otomate PSP"); + } + + ConsoleOutput("Otomate PSP: leave"); + return succ; +} + +/** 7/27/2014 jichi Intense.jp PSP engine, 0.9.8, 0.9.9, + * Though Otomate can work, it cannot work line by line. + * + * Sample game: 寮�のサクリファイス work on 0.9.8 & 0.9.9 + * This hook is only for intro graphic painting + * + * Memory address is FIXED. + * Debug method: predict and breakpoint the memory address + * + * There are two matches in the memory, and only one function accessing them. + * The memory is accessed by words. + * + * The memory and hooked function is as follows. + * + * 09dfee77 88 c3 82 a2 95 a3 82 cc 89 9c 92 ea 82 c5 81 41 暗い淵の奥底で� * 09dfee87 92 e1 82 ad 81 41 8f ac 82 b3 82 ad 81 41 8b bf 低く、小さく〟� + * 09dfee97 82 ad 81 42 2a 70 0a 82 b1 82 ea 82 cd 81 41 8c く�p.これは、� + * 09dfeea7 db 93 ae 81 63 81 48 2a 70 0a 82 c6 82 e0 82 b7 �動…p.ともす + * 09dfeeb7 82 ea 82 ce 95 b7 82 ab 93 a6 82 b5 82 c4 82 b5 れ�聞き送�て� * 09dfeec7 82 dc 82 a2 82 bb 82 a4 82 c8 81 41 2a 70 0a 8f まぁ�ぁ��p.・ + * 09dfeed7 ac 82 b3 82 ad 81 41 8e e3 81 58 82 b5 82 ad 81 �さく、弱、�く� + * 09dfeee7 41 95 73 8a 6d 82 a9 82 c8 89 b9 81 42 00 00 00 a不確かな音�.. + * 09dfeef7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 09dfee07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * + * 13472227 90 nop + * 13472228 77 0f ja short 13472239 + * 1347222a c705 a8aa1001 20>mov dword ptr ds:[0x110aaa8],0x884ce20 + * 13472234 -e9 cbdd16f0 jmp 035e0004 + * 13472239 8b05 a8a71001 mov eax,dword ptr ds:[0x110a7a8] + * 1347223f 81e0 ffffff3f and eax,0x3fffffff + * 13472245 8bb0 30004007 mov esi,dword ptr ds:[eax+0x7400030] + * 1347224b 8b3d 84a71001 mov edi,dword ptr ds:[0x110a784] + * 13472251 81c7 01000000 add edi,0x1 + * 13472257 8bee mov ebp,esi + * 13472259 032d 84a71001 add ebp,dword ptr ds:[0x110a784] + * 1347225f 8bc5 mov eax,ebp + * 13472261 81e0 ffffff3f and eax,0x3fffffff + * 13472267 0fbe90 00004007 movsx edx,byte ptr ds:[eax+0x7400000] ; jichi: hook here + * 1347226e 8b05 a8a71001 mov eax,dword ptr ds:[0x110a7a8] + * 13472274 81e0 ffffff3f and eax,0x3fffffff + * 1347227a 89b8 38004007 mov dword ptr ds:[eax+0x7400038],edi + * 13472280 8bea mov ebp,edx + * 13472282 81e5 ff000000 and ebp,0xff + * 13472288 81fa 0a000000 cmp edx,0xa + * 1347228e c705 70a71001 0a>mov dword ptr ds:[0x110a770],0xa + * 13472298 8915 74a71001 mov dword ptr ds:[0x110a774],edx + * 1347229e 893d 78a71001 mov dword ptr ds:[0x110a778],edi + * 134722a4 892d 7ca71001 mov dword ptr ds:[0x110a77c],ebp + * 134722aa 8935 80a71001 mov dword ptr ds:[0x110a780],esi + * 134722b0 0f85 16000000 jnz 134722cc + * 134722b6 832d c4aa1001 08 sub dword ptr ds:[0x110aac4],0x8 + * 134722bd e9 02680000 jmp 13478ac4 + * 134722c2 01ec add esp,ebp + * 134722c4 ce into + * 134722c5 8408 test byte ptr ds:[eax],cl + * 134722c7 -e9 57dd16f0 jmp 035e0023 + * 134722cc 832d c4aa1001 08 sub dword ptr ds:[0x110aac4],0x8 + * 134722d3 e9 0c000000 jmp 134722e4 + * 134722d8 0140 ce add dword ptr ds:[eax-0x32],eax + * 134722db 8408 test byte ptr ds:[eax],cl + * 134722dd -e9 41dd16f0 jmp 035e0023 + * 134722e2 90 nop + * 134722e3 cc int3 + */ +// Read text from esi +static void SpecialPSPHookIntense(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) +{ + DWORD eax = stack->eax; + DWORD text = eax + hp->user_value; + if (BYTE c = *(BYTE *)text) { // unsigned char + *data = text; + *len = ::LeadByteTable[c]; // 1 or 2 + //*split = regof(ecx, esp_base); // cause scenario text to split + //*split = regof(edx, esp_base); // cause scenario text to split + + //*split = regof(ebx, esp_base); // works, but floating value + *split = FIXED_SPLIT_VALUE * 3; + } +} +bool InsertIntensePSPHook() +{ + ConsoleOutput("Intense PSP: enter"); + const BYTE bytes[] = { + 0x77, 0x0f, // 13472228 77 0f ja short 13472239 + 0xc7,0x05, XX8, // 1347222a c705 a8aa1001 20>mov dword ptr ds:[0x110aaa8],0x884ce20 + 0xe9, XX4, // 13472234 -e9 cbdd16f0 jmp 035e0004 + 0x8b,0x05, XX4, // 13472239 8b05 a8a71001 mov eax,dword ptr ds:[0x110a7a8] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 1347223f 81e0 ffffff3f and eax,0x3fffffff + 0x8b,0xb0, XX4, // 13472245 8bb0 30004007 mov esi,dword ptr ds:[eax+0x7400030] + 0x8b,0x3d, XX4, // 1347224b 8b3d 84a71001 mov edi,dword ptr ds:[0x110a784] + 0x81,0xc7, 0x01,0x00,0x00,0x00, // 13472251 81c7 01000000 add edi,0x1 + 0x8b,0xee, // 13472257 8bee mov ebp,esi + 0x03,0x2d, XX4, // 13472259 032d 84a71001 add ebp,dword ptr ds:[0x110a784] + 0x8b,0xc5, // 1347225f 8bc5 mov eax,ebp + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 13472261 81e0 ffffff3f and eax,0x3fffffff + 0x0f,0xbe,0x90, XX4, // 13472267 0fbe90 00004007 movsx edx,byte ptr ds:[eax+0x7400000] ; jichi: hook here + 0x8b,0x05, XX4, // 1347226e 8b05 a8a71001 mov eax,dword ptr ds:[0x110a7a8] + 0x81,0xe0, 0xff,0xff,0xff,0x3f // 13472274 81e0 ffffff3f and eax,0x3fffffff + }; + enum { memory_offset = 3 }; + enum { addr_offset = 0x13472267 - 0x13472228 }; + auto succ=false; + DWORD addr = SafeMatchBytesInPSPMemory(bytes, sizeof(bytes)); + if (!addr) + ConsoleOutput("Intense PSP: pattern not found"); + else { + HookParam hp; + hp.address = addr + addr_offset; + hp.user_value = *(DWORD *)(hp.address + memory_offset); + hp.type = USING_STRING|NO_CONTEXT; + hp.text_fun = SpecialPSPHookIntense; + ConsoleOutput("Intense PSP: INSERT"); + succ|=NewHook(hp, "Intense PSP"); + } + + ConsoleOutput("Intense PSP: leave"); + return succ; +} + +/** 7/26/2014 jichi Broccoli PSP engine, 0.9.8, 0.9.9 + * Sample game: 明治東亰恋伽 (works on both 0.9.8, 0.9.9) + * + * Memory address is FIXED. + * Debug method: breakpoint the memory address + * + * The data is in (WORD)dl in bytes. + * + * There are two text threads. + * Only one is correct. + * + * 13d26cab cc int3 + * 13d26cac 77 0f ja short 13d26cbd + * 13d26cae c705 a8aa1001 24>mov dword ptr ds:[0x110aaa8],0x886a724 + * 13d26cb8 -e9 4793ccef jmp 039f0004 + * 13d26cbd 8b35 dca71001 mov esi,dword ptr ds:[0x110a7dc] + * 13d26cc3 8db6 60feffff lea esi,dword ptr ds:[esi-0x1a0] + * 13d26cc9 8b3d e4a71001 mov edi,dword ptr ds:[0x110a7e4] + * 13d26ccf 8bc6 mov eax,esi + * 13d26cd1 81e0 ffffff3f and eax,0x3fffffff + * 13d26cd7 89b8 9001c007 mov dword ptr ds:[eax+0x7c00190],edi + * 13d26cdd 8b2d 80a71001 mov ebp,dword ptr ds:[0x110a780] + * 13d26ce3 0fbfed movsx ebp,bp + * 13d26ce6 8bd6 mov edx,esi + * 13d26ce8 8bce mov ecx,esi + * 13d26cea 03cd add ecx,ebp + * 13d26cec 8935 dca71001 mov dword ptr ds:[0x110a7dc],esi + * 13d26cf2 33c0 xor eax,eax + * 13d26cf4 3bd1 cmp edx,ecx + * 13d26cf6 0f92c0 setb al + * 13d26cf9 8bf0 mov esi,eax + * 13d26cfb 81fe 00000000 cmp esi,0x0 + * 13d26d01 8935 70a71001 mov dword ptr ds:[0x110a770],esi + * 13d26d07 890d 74a71001 mov dword ptr ds:[0x110a774],ecx + * 13d26d0d 892d 80a71001 mov dword ptr ds:[0x110a780],ebp + * 13d26d13 8915 8ca71001 mov dword ptr ds:[0x110a78c],edx + * 13d26d19 0f85 16000000 jnz 13d26d35 + * 13d26d1f 832d c4aa1001 08 sub dword ptr ds:[0x110aac4],0x8 + * 13d26d26 e9 b9000000 jmp 13d26de4 + * 13d26d2b 0158 a7 add dword ptr ds:[eax-0x59],ebx + * 13d26d2e 8608 xchg byte ptr ds:[eax],cl + * 13d26d30 -e9 ee92ccef jmp 039f0023 + * 13d26d35 832d c4aa1001 08 sub dword ptr ds:[0x110aac4],0x8 + * 13d26d3c e9 0b000000 jmp 13d26d4c + * 13d26d41 0144a7 86 add dword ptr ds:[edi-0x7a],eax + * 13d26d45 08e9 or cl,ch + * 13d26d47 d892 ccef9077 fcom dword ptr ds:[edx+0x7790efcc] + * 13d26d4d 0fc7 ??? ; unknown command + * 13d26d4f 05 a8aa1001 add eax,0x110aaa8 + * 13d26d54 44 inc esp + * 13d26d55 a7 cmps dword ptr ds:[esi],dword ptr es:[ed> + * 13d26d56 8608 xchg byte ptr ds:[eax],cl + * 13d26d58 -e9 a792ccef jmp 039f0004 + * 13d26d5d 8b05 7ca71001 mov eax,dword ptr ds:[0x110a77c] + * 13d26d63 81e0 ffffff3f and eax,0x3fffffff + * 13d26d69 0fb6b0 0000c007 movzx esi,byte ptr ds:[eax+0x7c00000] + * 13d26d70 8b3d 7ca71001 mov edi,dword ptr ds:[0x110a77c] + * 13d26d76 8d7f 01 lea edi,dword ptr ds:[edi+0x1] + * 13d26d79 8b05 8ca71001 mov eax,dword ptr ds:[0x110a78c] + * 13d26d7f 81e0 ffffff3f and eax,0x3fffffff + * 13d26d85 8bd6 mov edx,esi + * 13d26d87 8890 0000c007 mov byte ptr ds:[eax+0x7c00000],dl ; jichi: hook here, get byte from dl + * 13d26d8d 8b2d 8ca71001 mov ebp,dword ptr ds:[0x110a78c] + * 13d26d93 8d6d 01 lea ebp,dword ptr ss:[ebp+0x1] + * 13d26d96 81fe 00000000 cmp esi,0x0 + * 13d26d9c 893d 7ca71001 mov dword ptr ds:[0x110a77c],edi + * 13d26da2 8935 88a71001 mov dword ptr ds:[0x110a788],esi + * 13d26da8 892d 8ca71001 mov dword ptr ds:[0x110a78c],ebp + * 13d26dae 0f84 16000000 je 13d26dca + * 13d26db4 832d c4aa1001 05 sub dword ptr ds:[0x110aac4],0x5 + * 13d26dbb e9 f48b0100 jmp 13d3f9b4 + * 13d26dc0 0138 add dword ptr ds:[eax],edi + * 13d26dc2 a7 cmps dword ptr ds:[esi],dword ptr es:[ed> + * 13d26dc3 8608 xchg byte ptr ds:[eax],cl + * 13d26dc5 -e9 5992ccef jmp 039f0023 + * 13d26dca 832d c4aa1001 05 sub dword ptr ds:[0x110aac4],0x5 + * 13d26dd1 e9 0e000000 jmp 13d26de4 + * 13d26dd6 0158 a7 add dword ptr ds:[eax-0x59],ebx + * 13d26dd9 8608 xchg byte ptr ds:[eax],cl + * 13d26ddb -e9 4392ccef jmp 039f0023 + * 13d26de0 90 nop + * 13d26de1 cc int3 + */ + +// New line character for Broccoli games is '^' +static inline bool _broccoligarbage_ch(char c) { return c == '^'; } + +// Read text from dl +static void SpecialPSPHookBroccoli(hook_stack* stack, HookParam *, uintptr_t *data, uintptr_t *split, size_t*len) +{ + DWORD text = stack->edx; // edx address + char c = *(LPCSTR)text; + if (c && !_broccoligarbage_ch(c)) { + *data = text; + *len = 1; + *split = stack->ecx; + } +} + +bool InsertBroccoliPSPHook() +{ + ConsoleOutput("Broccoli PSP: enter"); + + const BYTE bytes[] = { + 0x0f,0xc7, // 13d26d4d 0fc7 ??? ; unknown command + 0x05, XX4, // 13d26d4f 05 a8aa1001 add eax,0x110aaa8 + 0x44, // 13d26d54 44 inc esp + 0xa7, // 13d26d55 a7 cmps dword ptr ds:[esi],dword ptr es:[ed> + 0x86,0x08, // 13d26d56 8608 xchg byte ptr ds:[eax],cl + 0xe9, XX4, // 13d26d58 -e9 a792ccef jmp 039f0004 + 0x8b,0x05, XX4, // 13d26d5d 8b05 7ca71001 mov eax,dword ptr ds:[0x110a77c] + // Following pattern is not sufficient + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 13d26d63 81e0 ffffff3f and eax,0x3fffffff + 0x0f,0xb6,0xb0, XX4, // 13d26d69 0fb6b0 0000c007 movzx esi,byte ptr ds:[eax+0x7c00000] + 0x8b,0x3d, XX4, // 13d26d70 8b3d 7ca71001 mov edi,dword ptr ds:[0x110a77c] + 0x8d,0x7f, 0x01, // 13d26d76 8d7f 01 lea edi,dword ptr ds:[edi+0x1] + 0x8b,0x05, XX4, // 13d26d79 8b05 8ca71001 mov eax,dword ptr ds:[0x110a78c] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 13d26d7f 81e0 ffffff3f and eax,0x3fffffff + 0x8b,0xd6, // 13d26d85 8bd6 mov edx,esi + 0x88,0x90, XX4, // 13d26d87 8890 0000c007 mov byte ptr ds:[eax+0x7c00000],dl ; jichi: hook here, get byte from dl + 0x8b,0x2d, XX4, // 13d26d8d 8b2d 8ca71001 mov ebp,dword ptr ds:[0x110a78c] + 0x8d,0x6d, 0x01, // 13d26d93 8d6d 01 lea ebp,dword ptr ss:[ebp+0x1] + 0x81,0xfe, 0x00,0x00,0x00,0x00 // 13d26d96 81fe 00000000 cmp esi,0x0 + }; + enum { addr_offset = 0x13d26d87 - 0x13d26d4d }; + auto succ=false; + DWORD addr = SafeMatchBytesInPSPMemory(bytes, sizeof(bytes)); + if (!addr) + ConsoleOutput("Broccoli PSP: pattern not found"); + else { + HookParam hp; + hp.address = addr + addr_offset; + hp.type = USING_STRING|USING_SPLIT|NO_CONTEXT; + hp.text_fun = SpecialPSPHookBroccoli; + //GROWL_DWORD(hp.address); + ConsoleOutput("Broccoli PSP: INSERT"); + succ|=NewHook(hp, "Broccoli PSP"); + } + + ConsoleOutput("Broccoli PSP: leave"); + return succ; +} + +/** 9/5/2014 jichi felistella.co.jp PSP engine, 0.9.8, 0.9.9 + * Sample game: Summon Night 5 0.9.8/0.9.9 + * + * Encoding: utf8 + * Fixed memory addresses: two matches + * + * Debug method: predict the text and add break-points. + * + * There are two good functions + * The second is used as it contains fewer garbage + * + * // Not used + * 14081173 cc int3 + * 14081174 77 0f ja short 14081185 + * 14081176 c705 c84c1301 40>mov dword ptr ds:[0x1134cc8],0x8989540 + * 14081180 -e9 7feef5f3 jmp 07fe0004 + * 14081185 8b35 9c491301 mov esi,dword ptr ds:[0x113499c] + * 1408118b 8bc6 mov eax,esi + * 1408118d 81e0 ffffff3f and eax,0x3fffffff + * 14081193 0fb6b8 00000008 movzx edi,byte ptr ds:[eax+0x8000000] ; jichi: hook here + * 1408119a 8bef mov ebp,edi + * 1408119c 81e5 80000000 and ebp,0x80 + * 140811a2 8d76 01 lea esi,dword ptr ds:[esi+0x1] + * 140811a5 81fd 00000000 cmp ebp,0x0 + * 140811ab c705 90491301 00>mov dword ptr ds:[0x1134990],0x0 + * 140811b5 893d 9c491301 mov dword ptr ds:[0x113499c],edi + * 140811bb 8935 a0491301 mov dword ptr ds:[0x11349a0],esi + * 140811c1 892d a4491301 mov dword ptr ds:[0x11349a4],ebp + * 140811c7 0f85 16000000 jnz 140811e3 + * 140811cd 832d e44c1301 06 sub dword ptr ds:[0x1134ce4],0x6 + * 140811d4 e9 fbf71200 jmp 141b09d4 + * 140811d9 01dc add esp,ebx + * 140811db 95 xchg eax,ebp + * 140811dc 98 cwde + * 140811dd 08e9 or cl,ch + * 140811df 40 inc eax + * + * // Used + * 141be92f cc int3 + * 141be930 77 0f ja short 141be941 + * 141be932 c705 c84c1301 0c>mov dword ptr ds:[0x1134cc8],0x8988f0c + * 141be93c -e9 c316e2f3 jmp 07fe0004 + * 141be941 8b35 98491301 mov esi,dword ptr ds:[0x1134998] + * 141be947 8bc6 mov eax,esi + * 141be949 81e0 ffffff3f and eax,0x3fffffff + * 141be94f 0fb6b8 00000008 movzx edi,byte ptr ds:[eax+0x8000000] ; jichi: hook here + * 141be956 81ff 00000000 cmp edi,0x0 + * 141be95c c705 90491301 00>mov dword ptr ds:[0x1134990],0x0 + * 141be966 893d 98491301 mov dword ptr ds:[0x1134998],edi + * 141be96c 8935 9c491301 mov dword ptr ds:[0x113499c],esi + * 141be972 0f85 16000000 jnz 141be98e + * 141be978 832d e44c1301 04 sub dword ptr ds:[0x1134ce4],0x4 + * 141be97f e9 e4020000 jmp 141bec68 + * 141be984 01748f 98 add dword ptr ds:[edi+ecx*4-0x68],esi + * 141be988 08e9 or cl,ch + * 141be98a 95 xchg eax,ebp + * 141be98b 16 push ss + * 141be98c ^e2 f3 loopd short 141be981 + * 141be98e 832d e44c1301 04 sub dword ptr ds:[0x1134ce4],0x4 + * 141be995 e9 0e000000 jmp 141be9a8 + * 141be99a 011c8f add dword ptr ds:[edi+ecx*4],ebx + * 141be99d 98 cwde + * 141be99e 08e9 or cl,ch + * 141be9a0 7f 16 jg short 141be9b8 + * 141be9a2 ^e2 f3 loopd short 141be997 + * 141be9a4 90 nop + * 141be9a5 cc int3 + */ +// Only split text when edi is eax +// The value of edi is either eax or 0 +static void SpecialPSPHookFelistella(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) +{ + DWORD eax = stack->eax; + LPCSTR text = LPCSTR(eax + hp->user_value); + if (text) { + *len = ::strlen(text); // utf8 + *data = (DWORD)text; + + DWORD edi = stack->edi; + *split = FIXED_SPLIT_VALUE * (edi == eax ? 4 : 5); + } +} +bool InsertFelistellaPSPHook() +{ + ConsoleOutput("FELISTELLA PSP: enter"); + const BYTE bytes[] = { + //0xcc, // 141be92f cc int3 + 0x77, 0x0f, // 141be930 77 0f ja short 141be941 + 0xc7,0x05, XX8, // 141be932 c705 c84c1301 0c>mov dword ptr ds:[0x1134cc8],0x8988f0c + 0xe9, XX4, // 141be93c -e9 c316e2f3 jmp 07fe0004 + 0x8b,0x35, XX4, // 141be941 8b35 98491301 mov esi,dword ptr ds:[0x1134998] + 0x8b,0xc6, // 141be947 8bc6 mov eax,esi + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 141be949 81e0 ffffff3f and eax,0x3fffffff + 0x0f,0xb6,0xb8, XX4, // 141be94f 0fb6b8 00000008 movzx edi,byte ptr ds:[eax+0x8000000] ; jichi: hook here + 0x81,0xff, 0x00,0x00,0x00,0x00, // 141be956 81ff 00000000 cmp edi,0x0 + 0xc7,0x05, XX4, 0x00,0x00,0x00,0x00, // 141be95c c705 90491301 00>mov dword ptr ds:[0x1134990],0x0 + 0x89,0x3d, XX4, // 141be966 893d 98491301 mov dword ptr ds:[0x1134998],edi + 0x89,0x35, XX4, // 141be96c 8935 9c491301 mov dword ptr ds:[0x113499c],esi + 0x0f,0x85, XX4, // 141be972 0f85 16000000 jnz 141be98e + 0x83,0x2d, XX4, 0x04, // 141be978 832d e44c1301 04 sub dword ptr ds:[0x1134ce4],0x4 + // Above is not sufficient + 0xe9, XX4, // 141be97f e9 e4020000 jmp 141bec68 + 0x01,0x74,0x8f, 0x98 // 141be984 01748f 98 add dword ptr ds:[edi+ecx*4-0x68],esi + //0x08,0xe9, // 141be988 08e9 or cl,ch + // Below could be changed for different run + //0x95, // 141be98a 95 xchg eax,ebp + //0x16 // 141be98b 16 push ss + }; + enum { memory_offset = 3 }; + enum { addr_offset = 0x141be94f - 0x141be930 }; + auto succ=false; + DWORD addr = SafeMatchBytesInPSPMemory(bytes, sizeof(bytes)); + //GROWL_DWORD(addr); + if (!addr) + ConsoleOutput("FELISTELLA PSP: pattern not found"); + else { + HookParam hp; + hp.address = addr + addr_offset; + hp.user_value = *(DWORD *)(hp.address + memory_offset); + hp.type = USING_STRING|CODEC_UTF8|USING_SPLIT|NO_CONTEXT; // Fix the split value to merge all threads + //hp.text_fun = SpecialPSPHook; + hp.text_fun = SpecialPSPHookFelistella; + hp.offset=get_reg(regs::eax); + ConsoleOutput("FELISTELLA PSP: INSERT"); + succ|=NewHook(hp, "FELISTELLA PSP"); + } + + ConsoleOutput("FELISTELLA PSP: leave"); + return succ; +} + +/** 7/13/2014 jichi alchemist-net.co.jp PSP engine, 0.9.8 only, not work on 0.9.9 + * Sample game: your diary+ (moe-ydp.iso) + * The memory address is fixed. + * Note: This pattern seems to be common that not only exists in Alchemist games. + * + * Not work on 0.9.9: Amnesia Crowd + * + * Debug method: simply add hardware break points to the matched memory + * + * PPSSPP 0.9.8, your diary+ + * 134076f2 cc int3 + * 134076f3 cc int3 + * 134076f4 77 0f ja short 13407705 + * 134076f6 c705 a8aa1001 40>mov dword ptr ds:[0x110aaa8],0x8931040 + * 13407700 -e9 ff88f2f3 jmp 07330004 + * 13407705 8b05 7ca71001 mov eax,dword ptr ds:[0x110a77c] + * 1340770b 81e0 ffffff3f and eax,0x3fffffff + * 13407711 0fbeb0 00004007 movsx esi,byte ptr ds:[eax+0x7400000] // jichi: hook here + * 13407718 8b3d 78a71001 mov edi,dword ptr ds:[0x110a778] + * 1340771e 8b2d 7ca71001 mov ebp,dword ptr ds:[0x110a77c] + * 13407724 81c5 01000000 add ebp,0x1 + * 1340772a 8b05 78a71001 mov eax,dword ptr ds:[0x110a778] + * 13407730 81e0 ffffff3f and eax,0x3fffffff + * 13407736 8bd6 mov edx,esi + * 13407738 8890 00004007 mov byte ptr ds:[eax+0x7400000],dl // jichi: alternatively hook here + * 1340773e 8b15 78a71001 mov edx,dword ptr ds:[0x110a778] + * 13407744 81c2 01000000 add edx,0x1 + * 1340774a 8bcd mov ecx,ebp + * 1340774c 8935 88a71001 mov dword ptr ds:[0x110a788],esi + * 13407752 8bf2 mov esi,edx + * 13407754 813d 88a71001 00>cmp dword ptr ds:[0x110a788],0x0 + * 1340775e 893d 70a71001 mov dword ptr ds:[0x110a770],edi + * 13407764 8935 78a71001 mov dword ptr ds:[0x110a778],esi + * 1340776a 890d 7ca71001 mov dword ptr ds:[0x110a77c],ecx + * 13407770 8915 80a71001 mov dword ptr ds:[0x110a780],edx + * 13407776 892d 84a71001 mov dword ptr ds:[0x110a784],ebp + * 1340777c 0f85 16000000 jnz 13407798 + * 13407782 832d c4aa1001 08 sub dword ptr ds:[0x110aac4],0x8 + * 13407789 e9 ce000000 jmp 1340785c + * 1340778e 017c10 93 add dword ptr ds:[eax+edx-0x6d],edi + * 13407792 08e9 or cl,ch + * 13407794 8b88 f2f3832d mov ecx,dword ptr ds:[eax+0x2d83f3f2] + * 1340779a c4aa 100108e9 les ebp,fword ptr ds:[edx+0xe9080110] ; modification of segment register + * 134077a0 0c 00 or al,0x0 + * 134077a2 0000 add byte ptr ds:[eax],al + * 134077a4 0160 10 add dword ptr ds:[eax+0x10],esp + * 134077a7 93 xchg eax,ebx + * 134077a8 08e9 or cl,ch + * 134077aa ^75 88 jnz short 13407734 + * 134077ac f2: prefix repne: ; superfluous prefix + * 134077ad f3: prefix rep: ; superfluous prefix + * 134077ae 90 nop + * 134077af cc int3 + */ + +namespace { // unnamed + +// Return true if the text is a garbage character +inline bool _alchemistgarbage_ch(char c) +{ + return c == '.' || c == '/' + || c == '#' || c == ':' // garbage in alchemist2 hook + || c >= '0' && c <= '9' + || c >= 'A' && c <= 'z' // also ignore ASCII 91-96: [ \ ] ^ _ ` + ; +} + +// Return true if the text is full of garbage characters +bool _alchemistgarbage(LPCSTR p) +{ + enum { MAX_LENGTH = VNR_TEXT_CAPACITY }; + for (int count = 0; *p && count < MAX_LENGTH; count++, p++) + if (!_alchemistgarbage_ch(*p)) + return false; + return true; +} + +// 7/20/2014 jichi: Trim Rejet garbage. Sample game: 月華繚乱ROMANCE +// Such as: #Pos[1,2] +inline bool _rejetgarbage_ch(char c) +{ + return c == '#' || c == ' ' || c == '[' || c == ']' || c == ',' + || c >= 'A' && c <= 'z' // also ignore ASCII 91-96: [ \ ] ^ _ ` + || c >= '0' && c <= '9'; +} + +bool _rejetgarbage(LPCSTR p) +{ + enum { MAX_LENGTH = VNR_TEXT_CAPACITY }; + for (int count = 0; *p && count < MAX_LENGTH; count++, p++) + if (!_rejetgarbage_ch(*p)) + return false; + return true; +} + +// Trim leading garbage +LPCSTR _rejetltrim(LPCSTR p) +{ + enum { MAX_LENGTH = VNR_TEXT_CAPACITY }; + if (p) + for (int count = 0; *p && count < MAX_LENGTH; count++, p++) + if (!_rejetgarbage_ch(*p)) + return p; + return nullptr; +} + +// Trim trailing garbage +size_t _rejetstrlen(LPCSTR text) +{ + if (!text) + return 0; + size_t len = ::strlen(text), + ret = len; + while (len && _rejetgarbage_ch(text[len - 1])) { + len--; + if (text[len] == '#') // in case trim UTF-8 trailing bytes + ret = len; + } + return ret; +} + +} // unnamed namespace + +static void SpecialPSPHookAlchemist(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) +{ + DWORD eax = stack->eax; + LPCSTR text = LPCSTR(eax + hp->user_value); + if (*text && !_alchemistgarbage(text)) { + text = _rejetltrim(text); + *data = (DWORD)text; + *len = _rejetstrlen(text); + *split = stack->ecx; + } +} + +bool InsertAlchemistPSPHook() +{ + ConsoleOutput("Alchemist PSP: enter"); + const BYTE bytes[] = { + //0xcc, // 134076f2 cc int3 + //0xcc, // 134076f3 cc int3 + 0x77, 0x0f, // 134076f4 77 0f ja short 13407705 + 0xc7,0x05, XX8, // 134076f6 c705 a8aa1001 40>mov dword ptr ds:[0x110aaa8],0x8931040 + 0xe9, XX4, // 13407700 -e9 ff88f2f3 jmp 07330004 + 0x8b,0x05, XX4, // 13407705 8b05 7ca71001 mov eax,dword ptr ds:[0x110a77c] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 1340770b 81e0 ffffff3f and eax,0x3fffffff + 0x0f,0xbe,0xb0, XX4, // 13407711 0fbeb0 00004007 movsx esi,byte ptr ds:[eax+0x7400000] // jichi: hook here + 0x8b,0x3d, XX4, // 13407718 8b3d 78a71001 mov edi,dword ptr ds:[0x110a778] + 0x8b,0x2d, XX4, // 1340771e 8b2d 7ca71001 mov ebp,dword ptr ds:[0x110a77c] + 0x81,0xc5, 0x01,0x00,0x00,0x00, // 13407724 81c5 01000000 add ebp,0x1 + 0x8b,0x05, XX4, // 1340772a 8b05 78a71001 mov eax,dword ptr ds:[0x110a778] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 13407730 81e0 ffffff3f and eax,0x3fffffff + 0x8b,0xd6, // 13407736 8bd6 mov edx,esi + 0x88,0x90 //, XX4 // 13407738 8890 00004007 mov byte ptr ds:[eax+0x7400000],dl // jichi: alternatively hook here + }; + enum { memory_offset = 3 }; // 13407711 0fbeb0 00004007 movsx esi,byte ptr ds:[eax+0x7400000] + enum { addr_offset = 0x13407711 - 0x134076f4 }; + auto succ=false; + DWORD addr = SafeMatchBytesInPSPMemory(bytes, sizeof(bytes)); + //GROWL_DWORD(addr); + if (!addr) + ConsoleOutput("Alchemist PSP: pattern not found"); + else { + HookParam hp; + hp.address = addr + addr_offset; + hp.user_value = *(DWORD *)(hp.address + memory_offset); + hp.text_fun = SpecialPSPHookAlchemist; + hp.type = USING_STRING|NO_CONTEXT; // no context is needed to get rid of variant retaddr + ConsoleOutput("Alchemist PSP: INSERT"); + succ|=NewHook(hp, "Alchemist PSP"); + } + + ConsoleOutput("Alchemist PSP: leave"); + return succ; +} + +/** 8/12/2014 jichi Konami.jp PSP engine, 0.9.8, 0.9.9, + * Though Alchemist/Otomate can work, it has bad split that creates too many threads. + * + * Sample game: 幻想水滸�紡がれし百年の�on 0.9.8, 0.9.9 + * + * Memory address is FIXED. + * But hardware accesses are looped. + * Debug method: predict and breakpoint the memory address + * + * There are two matches in the memory. + * Three looped functions are as follows. + * I randomply picked the first one. + * + * It cannot extract character names. + * + * 14178f73 cc int3 + * 14178f74 77 0f ja short 14178f85 + * 14178f76 c705 c84c1301 a4>mov dword ptr ds:[0x1134cc8],0x88129a4 + * 14178f80 -e9 7f7071ef jmp 03890004 + * 14178f85 8b05 c8491301 mov eax,dword ptr ds:[0x11349c8] + * 14178f8b 81e0 ffffff3f and eax,0x3fffffff + * 14178f91 0fbeb0 00000008 movsx esi,byte ptr ds:[eax+0x8000000] ; jichi: hook here, loop + * 14178f98 81fe 40000000 cmp esi,0x40 + * 14178f9e 8935 98491301 mov dword ptr ds:[0x1134998],esi + * 14178fa4 c705 9c491301 40>mov dword ptr ds:[0x113499c],0x40 + * 14178fae 0f85 2f000000 jnz 14178fe3 + * 14178fb4 8b05 c8491301 mov eax,dword ptr ds:[0x11349c8] + * 14178fba 81e0 ffffff3f and eax,0x3fffffff + * 14178fc0 0fbeb0 01000008 movsx esi,byte ptr ds:[eax+0x8000001] + * 14178fc7 8935 98491301 mov dword ptr ds:[0x1134998],esi + * 14178fcd 832d e44c1301 04 sub dword ptr ds:[0x1134ce4],0x4 + * 14178fd4 c705 c84c1301 d0>mov dword ptr ds:[0x1134cc8],0x88129d0 + * 14178fde -e9 407071ef jmp 03890023 + * 14178fe3 832d e44c1301 04 sub dword ptr ds:[0x1134ce4],0x4 + * 14178fea e9 0d000000 jmp 14178ffc + * 14178fef 01b429 8108e92a add dword ptr ds:[ecx+ebp+0x2ae90881],es> + * 14178ff6 70 71 jo short 14179069 + * 14178ff8 ef out dx,eax ; i/o command + * 14178ff9 90 nop + * 14178ffa cc int3 + * + * 1417a18c 77 0f ja short 1417a19d + * 1417a18e c705 c84c1301 78>mov dword ptr ds:[0x1134cc8],0x8818378 + * 1417a198 -e9 675e71ef jmp 03890004 + * 1417a19d 8b05 c8491301 mov eax,dword ptr ds:[0x11349c8] + * 1417a1a3 81e0 ffffff3f and eax,0x3fffffff + * 1417a1a9 0fbeb0 00000008 movsx esi,byte ptr ds:[eax+0x8000000] ; jichi: hook here, loop + * 1417a1b0 81fe 0a000000 cmp esi,0xa + * 1417a1b6 8935 98491301 mov dword ptr ds:[0x1134998],esi + * 1417a1bc c705 9c491301 0a>mov dword ptr ds:[0x113499c],0xa + * 1417a1c6 0f84 2e000000 je 1417a1fa + * 1417a1cc 8b05 fc491301 mov eax,dword ptr ds:[0x11349fc] + * 1417a1d2 81e0 ffffff3f and eax,0x3fffffff + * 1417a1d8 8bb0 18000008 mov esi,dword ptr ds:[eax+0x8000018] + * 1417a1de 8935 98491301 mov dword ptr ds:[0x1134998],esi + * 1417a1e4 832d e44c1301 04 sub dword ptr ds:[0x1134ce4],0x4 + * 1417a1eb e9 24000000 jmp 1417a214 + * 1417a1f0 01b0 838108e9 add dword ptr ds:[eax+0xe9088183],esi + * 1417a1f6 295e 71 sub dword ptr ds:[esi+0x71],ebx + * 1417a1f9 ef out dx,eax ; i/o command + * 1417a1fa 832d e44c1301 04 sub dword ptr ds:[0x1134ce4],0x4 + * 1417a201 e9 1e660000 jmp 14180824 + * 1417a206 0188 838108e9 add dword ptr ds:[eax+0xe9088183],ecx + * 1417a20c 135e 71 adc ebx,dword ptr ds:[esi+0x71] + * 1417a20f ef out dx,eax ; i/o command + * 1417a210 90 nop + * 1417a211 cc int3 + * 1417a212 cc int3 + * + * 1417a303 90 nop + * 1417a304 77 0f ja short 1417a315 + * 1417a306 c705 c84c1301 48>mov dword ptr ds:[0x1134cc8],0x8818448 + * 1417a310 -e9 ef5c71ef jmp 03890004 + * 1417a315 8b35 dc491301 mov esi,dword ptr ds:[0x11349dc] + * 1417a31b 8b3d 98491301 mov edi,dword ptr ds:[0x1134998] + * 1417a321 33c0 xor eax,eax + * 1417a323 3bf7 cmp esi,edi + * 1417a325 0f9cc0 setl al + * 1417a328 8bf8 mov edi,eax + * 1417a32a 81ff 00000000 cmp edi,0x0 + * 1417a330 893d 98491301 mov dword ptr ds:[0x1134998],edi + * 1417a336 0f84 2f000000 je 1417a36b + * 1417a33c 8b05 c8491301 mov eax,dword ptr ds:[0x11349c8] + * 1417a342 81e0 ffffff3f and eax,0x3fffffff + * 1417a348 0fbeb0 00000008 movsx esi,byte ptr ds:[eax+0x8000000] ; jichi: hook here, loop + * 1417a34f 8935 98491301 mov dword ptr ds:[0x1134998],esi + * 1417a355 832d e44c1301 03 sub dword ptr ds:[0x1134ce4],0x3 + * 1417a35c e9 23000000 jmp 1417a384 + * 1417a361 018484 8108e9b8 add dword ptr ss:[esp+eax*4+0xb8e90881],> + * 1417a368 5c pop esp + * 1417a369 ^71 ef jno short 1417a35a + * 1417a36b 832d e44c1301 03 sub dword ptr ds:[0x1134ce4],0x3 + * 1417a372 c705 c84c1301 54>mov dword ptr ds:[0x1134cc8],0x8818454 + * 1417a37c -e9 a25c71ef jmp 03890023 + * 1417a381 90 nop + * 1417a382 cc int3 + */ +// Read text from looped address word by word +// Use reverse search to avoid looping issue assume the text is at fixed address. +static void SpecialPSPHookKonami(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) +{ + //static LPCSTR lasttext; // this value should be the same for the same game + static size_t lastsize; + + DWORD eax = stack->eax; + LPCSTR cur = LPCSTR(eax + hp->user_value); + if (!*cur) + return; + + LPCSTR text = reverse_search_begin(cur); + if (!text) + return; + //if (lasttext != text) { + // lasttext = text; + // lastsize = 0; // reset last size + //} + + size_t size = ::strlen(text); + if (size == lastsize) + return; + + *len = lastsize = size; + *data = (DWORD)text; + + *split = stack->ebx; // ecx changes for each character, ebx is an address, edx is stable, but very large +} +bool InsertKonamiPSPHook() +{ + ConsoleOutput("KONAMI PSP: enter"); + const BYTE bytes[] = { + // 14178f73 cc int3 + 0x77, 0x0f, // 14178f74 77 0f ja short 14178f85 + 0xc7,0x05, XX8, // 14178f76 c705 c84c1301 a4>mov dword ptr ds:[0x1134cc8],0x88129a4 + 0xe9, XX4, // 14178f80 -e9 7f7071ef jmp 03890004 + 0x8b,0x05, XX4, // 14178f85 8b05 c8491301 mov eax,dword ptr ds:[0x11349c8] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 14178f8b 81e0 ffffff3f and eax,0x3fffffff + 0x0f,0xbe,0xb0, XX4, // 14178f91 0fbeb0 00000008 movsx esi,byte ptr ds:[eax+0x8000000] ; jichi: hook here, loop + 0x81,0xfe, 0x40,0x00,0x00,0x00, // 14178f98 81fe 40000000 cmp esi,0x40 + 0x89,0x35 //, XX4, // 14178f9e 8935 98491301 mov dword ptr ds:[0x1134998],esi + //0xc7,0x05, XX4, 0x40,0x00,0x00,0x00, // 14178fa4 c705 9c491301 40>mov dword ptr ds:[0x113499c],0x40 + //0x0f,0x85, 0x2f,0x00,0x00,0x00,0x00, // 14178fae 0f85 2f000000 jnz 14178fe3 + //0x8b,0x05, XX4 // 14178fb4 8b05 c8491301 mov eax,dword ptr ds:[0x11349c8] + }; + enum { memory_offset = 3 }; + enum { addr_offset = 0x14178f91 - 0x14178f74 }; + auto succ=false; + DWORD addr = SafeMatchBytesInPSPMemory(bytes, sizeof(bytes)); + if (!addr) + ConsoleOutput("KONAMI PSP: pattern not found"); + else { + HookParam hp; + hp.address = addr + addr_offset; + hp.user_value = *(DWORD *)(hp.address + memory_offset); + hp.type = USING_STRING|NO_CONTEXT; + hp.text_fun = SpecialPSPHookKonami; + ConsoleOutput("KONAMI PSP: INSERT"); + succ|=NewHook(hp, "KONAMI PSP"); + } + + ConsoleOutput("KONAMI PSP: leave"); + return succ; +} +/** 7/13/2014 jichi 5pb.jp PSP engine, 0.9.8, 0.9.9 + * Sample game: STEINS;GATE + * + * FIXME: The current pattern could crash VNR + * + * Note: searching after 0x15000000 would found a wrong address on 0.9.9. + * Hooking to it would crash PPSSPP. + * + * Float memory addresses: two matches + * + * Debug method: precompute memory address and set break points, then navigate to that scene + * + * Attach to this function for wrong game might cause BEX (buffer overflow) exception. + * + * 135752c7 90 nop + * 135752c8 77 0f ja short 135752d9 + * 135752ca c705 a8aa1001 d4>mov dword ptr ds:[0x110aaa8],0x8888ed4 + * 135752d4 -e9 2badf3ef jmp 034b0004 + * 135752d9 8b35 dca71001 mov esi,dword ptr ds:[0x110a7dc] + * 135752df 8d76 a0 lea esi,dword ptr ds:[esi-0x60] + * 135752e2 8b3d e4a71001 mov edi,dword ptr ds:[0x110a7e4] + * 135752e8 8bc6 mov eax,esi + * 135752ea 81e0 ffffff3f and eax,0x3fffffff + * 135752f0 89b8 1c004007 mov dword ptr ds:[eax+0x740001c],edi + * 135752f6 8b2d bca71001 mov ebp,dword ptr ds:[0x110a7bc] + * 135752fc 8bc6 mov eax,esi + * 135752fe 81e0 ffffff3f and eax,0x3fffffff + * 13575304 89a8 18004007 mov dword ptr ds:[eax+0x7400018],ebp + * 1357530a 8b15 b8a71001 mov edx,dword ptr ds:[0x110a7b8] + * 13575310 8bc6 mov eax,esi + * 13575312 81e0 ffffff3f and eax,0x3fffffff + * 13575318 8990 14004007 mov dword ptr ds:[eax+0x7400014],edx + * 1357531e 8b0d b4a71001 mov ecx,dword ptr ds:[0x110a7b4] + * 13575324 8bc6 mov eax,esi + * 13575326 81e0 ffffff3f and eax,0x3fffffff + * 1357532c 8988 10004007 mov dword ptr ds:[eax+0x7400010],ecx + * 13575332 8b3d b0a71001 mov edi,dword ptr ds:[0x110a7b0] + * 13575338 8bc6 mov eax,esi + * 1357533a 81e0 ffffff3f and eax,0x3fffffff + * 13575340 89b8 0c004007 mov dword ptr ds:[eax+0x740000c],edi + * 13575346 8b3d aca71001 mov edi,dword ptr ds:[0x110a7ac] + * 1357534c 8bc6 mov eax,esi + * 1357534e 81e0 ffffff3f and eax,0x3fffffff + * 13575354 89b8 08004007 mov dword ptr ds:[eax+0x7400008],edi + * 1357535a 8b3d a8a71001 mov edi,dword ptr ds:[0x110a7a8] + * 13575360 8bc6 mov eax,esi + * 13575362 81e0 ffffff3f and eax,0x3fffffff + * 13575368 89b8 04004007 mov dword ptr ds:[eax+0x7400004],edi + * 1357536e 8b15 78a71001 mov edx,dword ptr ds:[0x110a778] + * 13575374 8935 dca71001 mov dword ptr ds:[0x110a7dc],esi + * 1357537a 8b05 7ca71001 mov eax,dword ptr ds:[0x110a77c] + * 13575380 81e0 ffffff3f and eax,0x3fffffff + * 13575386 0fbeb0 00004007 movsx esi,byte ptr ds:[eax+0x7400000] ; jichi: hook here + * 1357538d 8935 78a71001 mov dword ptr ds:[0x110a778],esi + * 13575393 8b35 80a71001 mov esi,dword ptr ds:[0x110a780] + * 13575399 8935 b0a71001 mov dword ptr ds:[0x110a7b0],esi + * 1357539f 8b35 84a71001 mov esi,dword ptr ds:[0x110a784] + * 135753a5 8b0d 7ca71001 mov ecx,dword ptr ds:[0x110a77c] + * 135753ab 813d 78a71001 00>cmp dword ptr ds:[0x110a778],0x0 + * 135753b5 c705 a8a71001 00>mov dword ptr ds:[0x110a7a8],0x0 + * 135753bf 8935 aca71001 mov dword ptr ds:[0x110a7ac],esi + * 135753c5 890d b4a71001 mov dword ptr ds:[0x110a7b4],ecx + * 135753cb 8915 b8a71001 mov dword ptr ds:[0x110a7b8],edx + * 135753d1 0f85 16000000 jnz 135753ed + * 135753d7 832d c4aa1001 0f sub dword ptr ds:[0x110aac4],0xf + * 135753de e9 e5010000 jmp 135755c8 + * 135753e3 01f0 add eax,esi + * 135753e5 90 nop + * 135753e6 8808 mov byte ptr ds:[eax],cl + * 135753e8 -e9 36acf3ef jmp 034b0023 + * 135753ed 832d c4aa1001 0f sub dword ptr ds:[0x110aac4],0xf + * 135753f4 e9 0b000000 jmp 13575404 + * 135753f9 0110 add dword ptr ds:[eax],edx + * 135753fb 8f ??? ; unknown command + * 135753fc 8808 mov byte ptr ds:[eax],cl + * 135753fe -e9 20acf3ef jmp 034b0023 + * 13575403 90 nop + * 13575404 77 0f ja short 13575415 + * 13575406 c705 a8aa1001 10>mov dword ptr ds:[0x110aaa8],0x8888f10 + * 13575410 -e9 efabf3ef jmp 034b0004 + * 13575415 8b35 a8a71001 mov esi,dword ptr ds:[0x110a7a8] + * 1357541b 33c0 xor eax,eax + * 1357541d 3b35 b0a71001 cmp esi,dword ptr ds:[0x110a7b0] + * 13575423 0f9cc0 setl al + * 13575426 8bf8 mov edi,eax + * 13575428 81ff 00000000 cmp edi,0x0 + * 1357542e 893d 74a71001 mov dword ptr ds:[0x110a774],edi + * 13575434 0f84 22000000 je 1357545c + * 1357543a 8b35 b4a71001 mov esi,dword ptr ds:[0x110a7b4] + * 13575440 8935 78a71001 mov dword ptr ds:[0x110a778],esi + * 13575446 832d c4aa1001 03 sub dword ptr ds:[0x110aac4],0x3 + * 1357544d c705 a8aa1001 2c>mov dword ptr ds:[0x110aaa8],0x8888f2c + * 13575457 -e9 c7abf3ef jmp 034b0023 + * 1357545c 832d c4aa1001 03 sub dword ptr ds:[0x110aac4],0x3 + * 13575463 e9 0c000000 jmp 13575474 + * 13575468 011c8f add dword ptr ds:[edi+ecx*4],ebx + * 1357546b 8808 mov byte ptr ds:[eax],cl + * 1357546d -e9 b1abf3ef jmp 034b0023 + * 13575472 90 nop + * 13575473 cc int3 + * 13575474 77 0f ja short 13575485 + * 13575476 c705 a8aa1001 1c>mov dword ptr ds:[0x110aaa8],0x8888f1c + * 13575480 -e9 7fabf3ef jmp 034b0004 + * 13575485 8b35 78a71001 mov esi,dword ptr ds:[0x110a778] + * 1357548b 8b05 b8a71001 mov eax,dword ptr ds:[0x110a7b8] + * 13575491 81e0 ffffff3f and eax,0x3fffffff + * 13575497 8bd6 mov edx,esi + * 13575499 8890 00004007 mov byte ptr ds:[eax+0x7400000],dl + * 1357549f 8b3d b4a71001 mov edi,dword ptr ds:[0x110a7b4] + * 135754a5 8d7f 01 lea edi,dword ptr ds:[edi+0x1] + * 135754a8 8b2d b8a71001 mov ebp,dword ptr ds:[0x110a7b8] + * 135754ae 8d6d 01 lea ebp,dword ptr ss:[ebp+0x1] + * 135754b1 813d 68a71001 00>cmp dword ptr ds:[0x110a768],0x0 + * 135754bb 893d b4a71001 mov dword ptr ds:[0x110a7b4],edi + * 135754c1 892d b8a71001 mov dword ptr ds:[0x110a7b8],ebp + * 135754c7 0f85 16000000 jnz 135754e3 + * 135754cd 832d c4aa1001 04 sub dword ptr ds:[0x110aac4],0x4 + * 135754d4 e9 23000000 jmp 135754fc + * 135754d9 01e4 add esp,esp + * 135754db 90 nop + * 135754dc 8808 mov byte ptr ds:[eax],cl + * 135754de -e9 40abf3ef jmp 034b0023 + * 135754e3 832d c4aa1001 04 sub dword ptr ds:[0x110aac4],0x4 + * 135754ea c705 a8aa1001 2c>mov dword ptr ds:[0x110aaa8],0x8888f2c + * 135754f4 -e9 2aabf3ef jmp 034b0023 + * 135754f9 90 nop + * 135754fa cc int3 + * 135754fb cc int3 + */ +namespace { // unnamed + +// Characters to ignore: [%0-9A-Z] +inline bool _5pbgarbage_ch(char c) +{ return c == '%' || c >= 'A' && c <= 'Z' || c >= '0' && c <= '9'; } + +// Trim leading garbage +LPCSTR _5pbltrim(LPCSTR p) +{ + enum { MAX_LENGTH = VNR_TEXT_CAPACITY }; + if (p) + for (int count = 0; *p && count < MAX_LENGTH; count++, p++) + if (!_5pbgarbage_ch(*p)) + return p; + return nullptr; +} + +// Trim trailing garbage +size_t _5pbstrlen(LPCSTR text) +{ + if (!text) + return 0; + size_t len = ::strlen(text), + ret = len; + while (len && _5pbgarbage_ch(text[len - 1])) { + len--; + if (text[len] == '%') // in case trim UTF-8 trailing bytes + ret = len; + } + return ret; +} + +} // unnamed namespace + +static void SpecialPSPHook5pb(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) +{ + DWORD eax = stack->eax; + LPCSTR text = LPCSTR(eax + hp->user_value); + if (*text) { + text = _5pbltrim(text); + *data = (DWORD)text; + *len = _5pbstrlen(text); + *split = stack->ecx; + //*split = FIXED_SPLIT_VALUE; // there is only one thread, no split used + } +} + +bool Insert5pbPSPHook() +{ + ConsoleOutput("5pb PSP: enter"); + + const BYTE bytes[] = { + //0x90, // 135752c7 90 nop + 0x77, 0x0f, // 135752c8 77 0f ja short 135752d9 + 0xc7,0x05, XX8, // 135752ca c705 a8aa1001 d4>mov dword ptr ds:[0x110aaa8],0x8888ed4 + 0xe9, XX4, // 135752d4 -e9 2badf3ef jmp 034b0004 + 0x8b,0x35, XX4, // 135752d9 8b35 dca71001 mov esi,dword ptr ds:[0x110a7dc] + 0x8d,0x76, 0xa0, // 135752df 8d76 a0 lea esi,dword ptr ds:[esi-0x60] + 0x8b,0x3d, XX4, // 135752e2 8b3d e4a71001 mov edi,dword ptr ds:[0x110a7e4] + 0x8b,0xc6, // 135752e8 8bc6 mov eax,esi + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 135752ea 81e0 ffffff3f and eax,0x3fffffff + 0x89,0xb8, XX4, // 135752f0 89b8 1c004007 mov dword ptr ds:[eax+0x740001c],edi + 0x8b,0x2d, XX4, // 135752f6 8b2d bca71001 mov ebp,dword ptr ds:[0x110a7bc] + 0x8b,0xc6, // 135752fc 8bc6 mov eax,esi + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 135752fe 81e0 ffffff3f and eax,0x3fffffff + 0x89,0xa8, XX4, // 13575304 89a8 18004007 mov dword ptr ds:[eax+0x7400018],ebp + 0x8b,0x15, XX4, // 1357530a 8b15 b8a71001 mov edx,dword ptr ds:[0x110a7b8] + 0x8b,0xc6, // 13575310 8bc6 mov eax,esi + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 13575312 81e0 ffffff3f and eax,0x3fffffff + 0x89,0x90, XX4, // 13575318 8990 14004007 mov dword ptr ds:[eax+0x7400014],edx + 0x8b,0x0d, XX4, // 1357531e 8b0d b4a71001 mov ecx,dword ptr ds:[0x110a7b4] + 0x8b,0xc6, // 13575324 8bc6 mov eax,esi + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 13575326 81e0 ffffff3f and eax,0x3fffffff + 0x89,0x88, XX4, // 1357532c 8988 10004007 mov dword ptr ds:[eax+0x7400010],ecx + 0x8b,0x3d, XX4, // 13575332 8b3d b0a71001 mov edi,dword ptr ds:[0x110a7b0] + 0x8b,0xc6, // 13575338 8bc6 mov eax,esi + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 1357533a 81e0 ffffff3f and eax,0x3fffffff + 0x89,0xb8, XX4, // 13575340 89b8 0c004007 mov dword ptr ds:[eax+0x740000c],edi + 0x8b,0x3d, XX4, // 13575346 8b3d aca71001 mov edi,dword ptr ds:[0x110a7ac] + 0x8b,0xc6, // 1357534c 8bc6 mov eax,esi + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 1357534e 81e0 ffffff3f and eax,0x3fffffff + 0x89,0xb8, XX4, // 13575354 89b8 08004007 mov dword ptr ds:[eax+0x7400008],edi + 0x8b,0x3d, XX4, // 1357535a 8b3d a8a71001 mov edi,dword ptr ds:[0x110a7a8] + 0x8b,0xc6, // 13575360 8bc6 mov eax,esi + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 13575362 81e0 ffffff3f and eax,0x3fffffff + 0x89,0xb8, XX4, // 13575368 89b8 04004007 mov dword ptr ds:[eax+0x7400004],edi + 0x8b,0x15, XX4, // 1357536e 8b15 78a71001 mov edx,dword ptr ds:[0x110a778] + 0x89,0x35, XX4, // 13575374 8935 dca71001 mov dword ptr ds:[0x110a7dc],esi + 0x8b,0x05, XX4, // 1357537a 8b05 7ca71001 mov eax,dword ptr ds:[0x110a77c] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 13575380 81e0 ffffff3f and eax,0x3fffffff + 0x0f,0xbe,0xb0 //, XX4 // 13575386 0fbeb0 00004007 movsx esi,byte ptr ds:[eax+0x7400000] ; jichi: hook here + }; + enum { memory_offset = 3 }; // 13575386 0fbeb0 00004007 movsx esi,byte ptr ds:[eax+0x7400000] + enum { addr_offset = sizeof(bytes) - memory_offset }; + + enum : DWORD { start = MemDbg::MappedMemoryStartAddress }; + DWORD stop = PPSSPP_VERSION[1] == 9 && PPSSPP_VERSION[2] == 8 ? MemDbg::MemoryStopAddress : 0x15000000; + DWORD addr = SafeMatchBytesInPSPMemory(bytes, sizeof(bytes), start, stop); + //GROWL_DWORD(addr); + auto succ=false; + if (!addr) + ConsoleOutput("5pb PSP: pattern not found"); + else { + HookParam hp; + hp.address = addr + addr_offset; + hp.user_value = *(DWORD *)(hp.address + memory_offset); + hp.text_fun = SpecialPSPHook5pb; + hp.type = USING_STRING|NO_CONTEXT; // no context is needed to get rid of variant retaddr + ConsoleOutput("5pb PSP: INSERT"); + succ|=NewHook(hp, "5pb PSP"); + } + + ConsoleOutput("5pb PSP: leave"); + return succ; +} + +/** 7/19/2014 jichi kid-game.co.jp PSP engine, 0,9.8, 0.9.9 + * Sample game: Monochrome + * + * Note: sceFontGetCharInfo, sceFontGetCharGlyphImage_Clip also works + * + * Debug method: breakpoint the memory address + * There are two matched memory address to the current text + * + * == Second run == + * 13973a7b 90 nop + * 13973a7c 77 0f ja short 13973a8d + * 13973a7e c705 a8aa1001 90>mov dword ptr ds:[0x110aaa8],0x885c290 + * 13973a88 -e9 77c5ecef jmp 03840004 + * 13973a8d 8b05 90a71001 mov eax,dword ptr ds:[0x110a790] + * 13973a93 81e0 ffffff3f and eax,0x3fffffff + * 13973a99 0fb6b0 00008007 movzx esi,byte ptr ds:[eax+0x7800000] + * 13973aa0 8b05 78a71001 mov eax,dword ptr ds:[0x110a778] + * 13973aa6 81e0 ffffff3f and eax,0x3fffffff + * 13973aac 0fb6b8 00008007 movzx edi,byte ptr ds:[eax+0x7800000] ; jichi: hook here + * 13973ab3 81fe 00000000 cmp esi,0x0 + * 13973ab9 c705 8ca71001 00>mov dword ptr ds:[0x110a78c],0x0 + * 13973ac3 893d 9ca71001 mov dword ptr ds:[0x110a79c],edi + * 13973ac9 8935 a0a71001 mov dword ptr ds:[0x110a7a0],esi + * 13973acf 0f85 16000000 jnz 13973aeb + * 13973ad5 832d c4aa1001 04 sub dword ptr ds:[0x110aac4],0x4 + * 13973adc c705 a8aa1001 d0>mov dword ptr ds:[0x110aaa8],0x885c2d0 + * 13973ae6 -e9 38c5ecef jmp 03840023 + * 13973aeb 832d c4aa1001 04 sub dword ptr ds:[0x110aac4],0x4 + * 13973af2 e9 0d000000 jmp 13973b04 + * 13973af7 01a0 c28508e9 add dword ptr ds:[eax+0xe90885c2],esp + * 13973afd 22c5 and al,ch + * 13973aff ec in al,dx ; i/o command + * 13973b00 ef out dx,eax ; i/o command + * 13973b01 90 nop + * 13973b02 cc int3 + * 13973b03 cc int3 + * + * == First run == + * 1087394a cc int3 + * 1087394b cc int3 + * 1087394c 77 0f ja short 1087395d + * 1087394e c705 a8aa1001 78>mov dword ptr ds:[0x110aaa8],0x885c278 + * 10873958 -e9 a7c6bff2 jmp 03470004 + * 1087395d 8b35 80d0da12 mov esi,dword ptr ds:[0x12dad080] + * 10873963 8bc6 mov eax,esi + * 10873965 81e0 ffffff3f and eax,0x3fffffff + * 1087396b 8bb8 0000000a mov edi,dword ptr ds:[eax+0xa000000] + * 10873971 81ff 00000000 cmp edi,0x0 + * 10873977 c705 70a71001 00>mov dword ptr ds:[0x110a770],0x8db0000 + * 10873981 c705 74a71001 00>mov dword ptr ds:[0x110a774],0x0 + * 1087398b 893d 90a71001 mov dword ptr ds:[0x110a790],edi + * 10873991 8935 94a71001 mov dword ptr ds:[0x110a794],esi + * 10873997 c705 98a71001 00>mov dword ptr ds:[0x110a798],0x0 + * 108739a1 0f85 16000000 jnz 108739bd + * 108739a7 832d c4aa1001 06 sub dword ptr ds:[0x110aac4],0x6 + * 108739ae e9 75c20100 jmp 1088fc28 + * 108739b3 0148 c3 add dword ptr ds:[eax-0x3d],ecx + * 108739b6 8508 test dword ptr ds:[eax],ecx + * 108739b8 -e9 66c6bff2 jmp 03470023 + * 108739bd 832d c4aa1001 06 sub dword ptr ds:[0x110aac4],0x6 + * 108739c4 e9 0b000000 jmp 108739d4 + * 108739c9 0190 c28508e9 add dword ptr ds:[eax+0xe90885c2],edx + * 108739cf 50 push eax + * 108739d0 c6 ??? ; unknown command + * 108739d1 bf f290770f mov edi,0xf7790f2 + * 108739d6 c705 a8aa1001 90>mov dword ptr ds:[0x110aaa8],0x885c290 + * 108739e0 -e9 1fc6bff2 jmp 03470004 + * 108739e5 8b05 90a71001 mov eax,dword ptr ds:[0x110a790] + * 108739eb 81e0 ffffff3f and eax,0x3fffffff + * 108739f1 0fb6b0 0000000a movzx esi,byte ptr ds:[eax+0xa000000] ; jichi: hook here + * 108739f8 8b05 78a71001 mov eax,dword ptr ds:[0x110a778] + * 108739fe 81e0 ffffff3f and eax,0x3fffffff + * 10873a04 0fb6b8 0000000a movzx edi,byte ptr ds:[eax+0xa000000] ; jichi: hook here + * 10873a0b 81fe 00000000 cmp esi,0x0 + * 10873a11 c705 8ca71001 00>mov dword ptr ds:[0x110a78c],0x0 + * 10873a1b 893d 9ca71001 mov dword ptr ds:[0x110a79c],edi + * 10873a21 8935 a0a71001 mov dword ptr ds:[0x110a7a0],esi + * 10873a27 0f85 16000000 jnz 10873a43 + * 10873a2d 832d c4aa1001 04 sub dword ptr ds:[0x110aac4],0x4 + * 10873a34 c705 a8aa1001 d0>mov dword ptr ds:[0x110aaa8],0x885c2d0 + * 10873a3e -e9 e0c5bff2 jmp 03470023 + * 10873a43 832d c4aa1001 04 sub dword ptr ds:[0x110aac4],0x4 + * 10873a4a e9 0d000000 jmp 10873a5c + * 10873a4f 01a0 c28508e9 add dword ptr ds:[eax+0xe90885c2],esp + * 10873a55 ca c5bf retf 0xbfc5 ; far return + * 10873a58 f2: prefix repne: ; superfluous prefix + * 10873a59 90 nop + * 10873a5a cc int3 + * 10873a5b cc int3 + */ +static void SpecialPSPHookKid(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) +{ + DWORD eax = stack->eax; + LPCSTR text = LPCSTR(eax + hp->user_value); + static LPCSTR lasttext; // Prevent reading the same address multiple times + if (text != lasttext && *text) { + lasttext = text; + text = _5pbltrim(text); + *data = (DWORD)text; + *len = _5pbstrlen(text); + *split = stack->ecx; + } +} + +bool InsertKidPSPHook() +{ + ConsoleOutput("KID PSP: enter"); + + const BYTE bytes[] = { + //0x90, // 13973a7b 90 nop + 0x77, 0x0f, // 13973a7c 77 0f ja short 13973a8d + 0xc7,0x05, XX8, // 13973a7e c705 a8aa1001 90>mov dword ptr ds:[0x110aaa8],0x885c290 + 0xe9, XX4, // 13973a88 -e9 77c5ecef jmp 03840004 + 0x8b,0x05, XX4, // 13973a8d 8b05 90a71001 mov eax,dword ptr ds:[0x110a790] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 13973a93 81e0 ffffff3f and eax,0x3fffffff + 0x0f,0xb6,0xb0, XX4, // 13973a99 0fb6b0 00008007 movzx esi,byte ptr ds:[eax+0x7800000] + 0x8b,0x05, XX4, // 13973aa0 8b05 78a71001 mov eax,dword ptr ds:[0x110a778] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 13973aa6 81e0 ffffff3f and eax,0x3fffffff + 0x0f,0xb6,0xb8, XX4, // 13973aac 0fb6b8 00008007 movzx edi,byte ptr ds:[eax+0x7800000] ; jichi: hook here + 0x81,0xfe, 0x00,0x00,0x00,0x00 // 13973ab3 81fe 00000000 cmp esi,0x0 + }; + enum { memory_offset = 3 }; // 13973aac 0fb6b8 00008007 movzx edi,byte ptr ds:[eax+0x7800000] + enum { addr_offset = 0x13973aac - 0x13973a7c }; + auto succ=false; + DWORD addr = SafeMatchBytesInPSPMemory(bytes, sizeof(bytes)); + if (!addr) + ConsoleOutput("KID PSP: pattern not found"); + else { + HookParam hp; + hp.address = addr + addr_offset; + hp.user_value = *(DWORD *)(hp.address + memory_offset); + hp.text_fun = SpecialPSPHookKid; + hp.type = USING_STRING|NO_CONTEXT; // no context is needed to get rid of variant retaddr + + //HookParam hp; + //hp.address = addr + addr_offset; + //hp.user_value = *(DWORD *)(hp.address + memory_offset); + //hp.type = USING_STRING|USING_SPLIT|NO_CONTEXT; // Fix the split value to merge all threads + //hp.offset=get_reg(regs::eax); + //hp.split = get_reg(regs::ecx); + //hp.text_fun = SpecialPSPHook; + + ConsoleOutput("KID PSP: INSERT"); + succ|=NewHook(hp, "KID PSP"); + } + + ConsoleOutput("KID PSP: leave"); + return succ; +} + +/** 7/13/2014 jichi imageepoch.co.jp PSP engine, 0.9.8, 0.9.9 + * Sample game: BLACK�OCK SHOOTER + * + * Float memory addresses: two matches, UTF-8 + * + * 7/29/2014: seems to work on 0.9.9 + * + * Debug method: find current sentence, then find next sentence in the memory + * and add break-points + * + * 1346d34b f0:90 lock nop ; lock prefix is not allowed + * 1346d34d cc int3 + * 1346d34e cc int3 + * 1346d34f cc int3 + * 1346d350 77 0f ja short 1346d361 + * 1346d352 c705 a8aa1001 e4>mov dword ptr ds:[0x110aaa8],0x89609e4 + * 1346d35c -e9 a32c27f0 jmp 036e0004 + * 1346d361 8b05 78a71001 mov eax,dword ptr ds:[0x110a778] + * 1346d367 81e0 ffffff3f and eax,0x3fffffff + * 1346d36d 8bb0 00004007 mov esi,dword ptr ds:[eax+0x7400000] ; jichi: or hook here + * 1346d373 8b3d 78a71001 mov edi,dword ptr ds:[0x110a778] + * 1346d379 8bc6 mov eax,esi + * 1346d37b 81e0 ffffff3f and eax,0x3fffffff + * 1346d381 0fb6a8 00004007 movzx ebp,byte ptr ds:[eax+0x7400000] ; jichi: hook here + * 1346d388 8d56 01 lea edx,dword ptr ds:[esi+0x1] + * 1346d38b 8bc5 mov eax,ebp + * 1346d38d 0fbec8 movsx ecx,al + * 1346d390 8935 70a71001 mov dword ptr ds:[0x110a770],esi + * 1346d396 8bf5 mov esi,ebp + * 1346d398 81f9 00000000 cmp ecx,0x0 + * 1346d39e 892d 74a71001 mov dword ptr ds:[0x110a774],ebp + * 1346d3a4 8935 78a71001 mov dword ptr ds:[0x110a778],esi + * 1346d3aa 8915 7ca71001 mov dword ptr ds:[0x110a77c],edx + * 1346d3b0 890d 80a71001 mov dword ptr ds:[0x110a780],ecx + * 1346d3b6 893d 84a71001 mov dword ptr ds:[0x110a784],edi + * 1346d3bc 0f8d 16000000 jge 1346d3d8 + * 1346d3c2 832d c4aa1001 07 sub dword ptr ds:[0x110aac4],0x7 + * 1346d3c9 e9 22000000 jmp 1346d3f0 + * 1346d3ce 010c0a add dword ptr ds:[edx+ecx],ecx + * 1346d3d1 96 xchg eax,esi + * 1346d3d2 08e9 or cl,ch + * 1346d3d4 4b dec ebx + * 1346d3d5 2c 27 sub al,0x27 + * 1346d3d7 f0:832d c4aa1001>lock sub dword ptr ds:[0x110aac4],0x7 ; lock prefix + * 1346d3df e9 bc380000 jmp 13470ca0 + * 1346d3e4 0100 add dword ptr ds:[eax],eax + * 1346d3e6 0a96 08e9352c or dl,byte ptr ds:[esi+0x2c35e908] + * 1346d3ec 27 daa + * 1346d3ed f0:90 lock nop ; lock prefix is not allowed + * 1346d3ef cc int3 + */ +static void SpecialPSPHookImageepoch(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) +{ + // 7/25/2014: I tried using uniquemap to eliminate duplication, which does not work + DWORD eax = stack->eax; + DWORD text = eax + hp->user_value; + static DWORD lasttext; // Prevent reading the same address multiple times + if (text != lasttext && *(LPCSTR)text) { + *data = lasttext = text; + *len = ::strlen((LPCSTR)text); // UTF-8 is null-terminated + *split = stack->ecx; // use ecx = "this" to split? + } +} + +bool InsertImageepochPSPHook() +{ + ConsoleOutput("Imageepoch PSP: enter"); + + const BYTE bytes[] = { + //0xcc, // 1346d34f cc int3 + 0x77, 0x0f, // 1346d350 77 0f ja short 1346d361 + 0xc7,0x05, XX8, // 1346d352 c705 a8aa1001 e4>mov dword ptr ds:[0x110aaa8],0x89609e4 + 0xe9, XX4, // 1346d35c -e9 a32c27f0 jmp 036e0004 + 0x8b,0x05, XX4, // 1346d361 8b05 78a71001 mov eax,dword ptr ds:[0x110a778] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 1346d367 81e0 ffffff3f and eax,0x3fffffff + 0x8b,0xb0, XX4, // 1346d36d 8bb0 00004007 mov esi,dword ptr ds:[eax+0x7400000] ; jichi: or hook here + 0x8b,0x3d, XX4, // 1346d373 8b3d 78a71001 mov edi,dword ptr ds:[0x110a778] + 0x8b,0xc6, // 1346d379 8bc6 mov eax,esi + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 1346d37b 81e0 ffffff3f and eax,0x3fffffff + 0x0f,0xb6,0xa8, XX4, // 1346d381 0fb6a8 00004007 movzx ebp,byte ptr ds:[eax+0x7400000] ; jichi: hook here + 0x8d,0x56, 0x01, // 1346d388 8d56 01 lea edx,dword ptr ds:[esi+0x1] + 0x8b,0xc5, // 1346d38b 8bc5 mov eax,ebp + 0x0f,0xbe,0xc8 // 1346d38d 0fbec8 movsx ecx,al + }; + enum { memory_offset = 3 }; // 1346d381 0fb6a8 00004007 movzx ebp,byte ptr ds:[eax+0x7400000] + enum { addr_offset = 0x1346d381 - 0x1346d350 }; + //enum { addr_offset = sizeof(bytes) - memory_offset }; + auto succ=false; + DWORD addr = SafeMatchBytesInPSPMemory(bytes, sizeof(bytes)); + if (!addr) + ConsoleOutput("Imageepoch PSP: pattern not found"); + else { + HookParam hp; + hp.address = addr + addr_offset; + hp.user_value = *(DWORD *)(hp.address + memory_offset); + hp.type = USING_STRING|USING_SPLIT|NO_CONTEXT; // UTF-8, though + hp.offset=get_reg(regs::eax); + hp.split = get_reg(regs::ecx); + //hp.text_fun = SpecialPSPHook; + hp.text_fun = SpecialPSPHookImageepoch; // since this function is common, use its own static lasttext for HPF_IgnoreSameAddress + ConsoleOutput("Imageepoch PSP: INSERT"); + succ|=NewHook(hp, "Imageepoch PSP"); + } + + ConsoleOutput("Imageepoch PSP: leave"); + return succ; +} + +/** 7/20/2014 jichi alchemist-net.co.jp PSP engine, 0.9.8, 0.9.9 + * An alternative alchemist hook for old alchemist games. + * Sample game: のーふぁ�と (No Fate) + * The memory address is fixed. + * + * Also work on 0.9.9 Otoboku PSP + * + * Debug method: simply add hardware break points to the matched memory + * + * Two candidate functions are seems OK. + * + * Instruction pattern: 81e580808080 // and ebp,0x80808080 + * + * 0.9.8 のーふぁ�と + * 13400ef3 90 nop + * 13400ef4 77 0f ja short 13400f05 + * 13400ef6 c705 a8aa1001 d0>mov dword ptr ds:[0x110aaa8],0x889aad0 + * 13400f00 -e9 fff050f0 jmp 03910004 + * 13400f05 8b35 78a71001 mov esi,dword ptr ds:[0x110a778] + * 13400f0b 8bc6 mov eax,esi + * 13400f0d 81e0 ffffff3f and eax,0x3fffffff + * 13400f13 8bb8 00004007 mov edi,dword ptr ds:[eax+0x7400000] ; jichi + * 13400f19 8bef mov ebp,edi + * 13400f1b 81ed 01010101 sub ebp,0x1010101 + * 13400f21 f7d7 not edi + * 13400f23 23ef and ebp,edi + * 13400f25 81e5 80808080 and ebp,0x80808080 + * 13400f2b 81fd 00000000 cmp ebp,0x0 + * 13400f31 c705 78a71001 80>mov dword ptr ds:[0x110a778],0x80808080 + * 13400f3b c705 7ca71001 01>mov dword ptr ds:[0x110a77c],0x1010101 + * 13400f45 8935 80a71001 mov dword ptr ds:[0x110a780],esi + * 13400f4b 892d 88a71001 mov dword ptr ds:[0x110a788],ebp + * 13400f51 0f84 22000000 je 13400f79 + * 13400f57 8b35 80a71001 mov esi,dword ptr ds:[0x110a780] + * 13400f5d 8935 78a71001 mov dword ptr ds:[0x110a778],esi + * 13400f63 832d c4aa1001 0c sub dword ptr ds:[0x110aac4],0xc + * 13400f6a e9 35ba0000 jmp 1340c9a4 + * 13400f6f 0124ab add dword ptr ds:[ebx+ebp*4],esp + * 13400f72 8908 mov dword ptr ds:[eax],ecx + * 13400f74 -e9 aaf050f0 jmp 03910023 + * 13400f79 832d c4aa1001 0c sub dword ptr ds:[0x110aac4],0xc + * 13400f80 e9 0b000000 jmp 13400f90 + * 13400f85 0100 add dword ptr ds:[eax],eax + * 13400f87 ab stos dword ptr es:[edi] + * 13400f88 8908 mov dword ptr ds:[eax],ecx + * 13400f8a -e9 94f050f0 jmp 03910023 + * 13400f8f 90 nop + */ + +static void SpecialPSPHookAlchemist2(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) +{ + DWORD eax = stack->eax; + LPCSTR text = LPCSTR(eax + hp->user_value); + if (*text && !_alchemistgarbage(text)) { + *data = (DWORD)text; + *len = ::strlen(text); + *split = stack->ecx; + } +} + +bool InsertAlchemist2PSPHook() +{ + ConsoleOutput("Alchemist2 PSP: enter"); + const BYTE bytes[] = { + 0x77, 0x0f, // 13400ef4 77 0f ja short 13400f05 + 0xc7,0x05, XX8, // 13400ef6 c705 a8aa1001 d0>mov dword ptr ds:[0x110aaa8],0x889aad0 + 0xe9, XX4, // 13400f00 -e9 fff050f0 jmp 03910004 + 0x8b,0x35, XX4, // 13400f05 8b35 78a71001 mov esi,dword ptr ds:[0x110a778] + 0x8b,0xc6, // 13400f0b 8bc6 mov eax,esi + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 13400f0d 81e0 ffffff3f and eax,0x3fffffff + 0x8b,0xb8, XX4, // 13400f13 8bb8 00004007 mov edi,dword ptr ds:[eax+0x7400000] ; jichi: hook here + 0x8b,0xef, // 13400f19 8bef mov ebp,edi + 0x81,0xed, 0x01,0x01,0x01,0x01, // 13400f1b 81ed 01010101 sub ebp,0x1010101 + 0xf7,0xd7, // 13400f21 f7d7 not edi + 0x23,0xef, // 13400f23 23ef and ebp,edi + 0x81,0xe5, 0x80,0x80,0x80,0x80, // 13400f25 81e5 80808080 and ebp,0x80808080 + 0x81,0xfd, 0x00,0x00,0x00,0x00 // 13400f2b 81fd 00000000 cmp ebp,0x0 + }; + enum { memory_offset = 2 }; // 13400f13 8bb8 00004007 mov edi,dword ptr ds:[eax+0x7400000] + enum { addr_offset = 0x13400f13 - 0x13400ef4 }; + auto succ=false; + DWORD addr = SafeMatchBytesInPSPMemory(bytes, sizeof(bytes)); + //GROWL_DWORD(addr); + if (!addr) + ConsoleOutput("Alchemist2 PSP: pattern not found"); + else { + HookParam hp; + hp.address = addr + addr_offset; + hp.user_value = *(DWORD *)(hp.address + memory_offset); + hp.text_fun = SpecialPSPHookAlchemist2; + hp.type = USING_STRING|NO_CONTEXT; // no context is needed to get rid of variant retaddr + ConsoleOutput("Alchemist2 PSP: INSERT"); + succ|=NewHook(hp, "Alchemist2 PSP"); + } + + ConsoleOutput("Alchemist2 PSP: leave"); + return succ; +} + +/** 7/19/2014 jichi CYBERFRONT PSP engine, 0,9.8, 0.9.9 + * Sample game: 想�かけ�クローストゥ (0.9.9) + * + * Debug method: breakpoint the memory address + * There are two matched memory address to the current text + * + * The second is used. + * The #1 is missing text. + * + * #1 The text is written word by word + * + * 0ed8be86 90 nop + * 0ed8be87 cc int3 + * 0ed8be88 77 0f ja short 0ed8be99 + * 0ed8be8a c705 c84c1301 dc>mov dword ptr ds:[0x1134cc8],0x88151dc + * 0ed8be94 -e9 6b41b4f4 jmp 038d0004 + * 0ed8be99 8b35 cc491301 mov esi,dword ptr ds:[0x11349cc] + * 0ed8be9f 8d76 02 lea esi,dword ptr ds:[esi+0x2] + * 0ed8bea2 8b3d 94491301 mov edi,dword ptr ds:[0x1134994] + * 0ed8bea8 8b05 d0491301 mov eax,dword ptr ds:[0x11349d0] + * 0ed8beae 81e0 ffffff3f and eax,0x3fffffff + * 0ed8beb4 8bd7 mov edx,edi + * 0ed8beb6 8890 00008009 mov byte ptr ds:[eax+0x9800000],dl ; jichi: hook here, write text here + * 0ed8bebc 8b05 c8491301 mov eax,dword ptr ds:[0x11349c8] + * 0ed8bec2 81e0 ffffff3f and eax,0x3fffffff + * 0ed8bec8 0fb6a8 00008009 movzx ebp,byte ptr ds:[eax+0x9800000] + * 0ed8becf 8b05 d0491301 mov eax,dword ptr ds:[0x11349d0] + * 0ed8bed5 81e0 ffffff3f and eax,0x3fffffff + * 0ed8bedb 8bd5 mov edx,ebp + * 0ed8bedd 8890 01008009 mov byte ptr ds:[eax+0x9800001],dl + * 0ed8bee3 8b15 d0491301 mov edx,dword ptr ds:[0x11349d0] + * 0ed8bee9 8d52 02 lea edx,dword ptr ds:[edx+0x2] + * 0ed8beec 892d 90491301 mov dword ptr ds:[0x1134990],ebp + * 0ed8bef2 8935 cc491301 mov dword ptr ds:[0x11349cc],esi + * 0ed8bef8 8915 d0491301 mov dword ptr ds:[0x11349d0],edx + * 0ed8befe 832d e44c1301 06 sub dword ptr ds:[0x1134ce4],0x6 + * 0ed8bf05 e9 0e000000 jmp 0ed8bf18 + * 0ed8bf0a 013451 add dword ptr ds:[ecx+edx*2],esi + * 0ed8bf0d 8108 e90f41b4 or dword ptr ds:[eax],0xb4410fe9 + * 0ed8bf13 f4 hlt ; privileged command + * 0ed8bf14 90 nop + * 0ed8bf15 cc int3 + * + * #2 The text is read + * + * Issue: the text is read multiple times. + * Only esp > 0xfff is kept. + * + * 0ed8cf13 90 nop + * 0ed8cf14 77 0f ja short 0ed8cf25 + * 0ed8cf16 c705 c84c1301 b8>mov dword ptr ds:[0x1134cc8],0x888d1b8 + * 0ed8cf20 -e9 df30b4f4 jmp 038d0004 + * 0ed8cf25 8b05 98491301 mov eax,dword ptr ds:[0x1134998] + * 0ed8cf2b 81e0 ffffff3f and eax,0x3fffffff + * 0ed8cf31 0fb6b0 00008009 movzx esi,byte ptr ds:[eax+0x9800000] ; jichi: hook here + * 0ed8cf38 81fe 00000000 cmp esi,0x0 + * 0ed8cf3e 8935 90491301 mov dword ptr ds:[0x1134990],esi + * 0ed8cf44 0f85 2f000000 jnz 0ed8cf79 + * 0ed8cf4a 8b05 9c491301 mov eax,dword ptr ds:[0x113499c] + * 0ed8cf50 81e0 ffffff3f and eax,0x3fffffff + * 0ed8cf56 0fbeb0 00008009 movsx esi,byte ptr ds:[eax+0x9800000] + * 0ed8cf5d 8935 90491301 mov dword ptr ds:[0x1134990],esi + * 0ed8cf63 832d e44c1301 03 sub dword ptr ds:[0x1134ce4],0x3 + * 0ed8cf6a c705 c84c1301 18>mov dword ptr ds:[0x1134cc8],0x888d218 + * 0ed8cf74 -e9 aa30b4f4 jmp 038d0023 + * 0ed8cf79 832d e44c1301 03 sub dword ptr ds:[0x1134ce4],0x3 + * 0ed8cf80 e9 0b000000 jmp 0ed8cf90 + * 0ed8cf85 01c4 add esp,eax + * 0ed8cf87 d188 08e99430 ror dword ptr ds:[eax+0x3094e908],1 + * 0ed8cf8d b4 f4 mov ah,0xf4 + * 0ed8cf8f 90 nop + */ + +static void SpecialPSPHookCyberfront(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) +{ + DWORD splitvalue = stack->edi; + if (splitvalue < 0x0fff) + return; + DWORD eax = stack->eax; + LPCSTR text = LPCSTR(eax + hp->user_value); + if (*text) { + *data = (DWORD)text; + *len = ::strlen(text); + *split = splitvalue; + } +} +bool InsertCyberfrontPSPHook() +{ + ConsoleOutput("CYBERFRONT PSP: enter"); + + const BYTE bytes[] = { + // 0ed8cf13 90 nop + 0x77, 0x0f, // 0ed8cf14 77 0f ja short 0ed8cf25 + 0xc7,0x05, XX8, // 0ed8cf16 c705 c84c1301 b8>mov dword ptr ds:[0x1134cc8],0x888d1b8 + 0xe9, XX4, // 0ed8cf20 -e9 df30b4f4 jmp 038d0004 + 0x8b,0x05, XX4, // 0ed8cf25 8b05 98491301 mov eax,dword ptr ds:[0x1134998] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 0ed8cf2b 81e0 ffffff3f and eax,0x3fffffff + 0x0f,0xb6,0xb0, XX4, // 0ed8cf31 0fb6b0 00008009 movzx esi,byte ptr ds:[eax+0x9800000] ; jichi: hook here + 0x81,0xfe, 0x00,0x00,0x00,0x00, // 0ed8cf38 81fe 00000000 cmp esi,0x0 + 0x89,0x35, XX4, // 0ed8cf3e 8935 90491301 mov dword ptr ds:[0x1134990],esi + 0x0f,0x85, 0x2f,0x00,0x00,0x00, // 0ed8cf44 0f85 2f000000 jnz 0ed8cf79 + 0x8b,0x05, XX4, // 0ed8cf4a 8b05 9c491301 mov eax,dword ptr ds:[0x113499c] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 0ed8cf50 81e0 ffffff3f and eax,0x3fffffff + 0x0f,0xbe,0xb0, XX4, // 0ed8cf56 0fbeb0 00008009 movsx esi,byte ptr ds:[eax+0x9800000] + 0x89,0x35, XX4, // 0ed8cf5d 8935 90491301 mov dword ptr ds:[0x1134990],esi + 0x83,0x2d, XX4, 0x03, // 0ed8cf63 832d e44c1301 03 sub dword ptr ds:[0x1134ce4],0x3 + 0xc7,0x05 //, XX8 // 0ed8cf6a c705 c84c1301 18>mov dword ptr ds:[0x1134cc8],0x888d218 + }; + enum { memory_offset = 3 }; // 13909a51 8890 00008007 mov byte ptr ds:[eax+0x7800000],dl + enum { addr_offset = 0x0ed8cf31 - 0x0ed8cf14 }; + auto succ=false; + DWORD addr = SafeMatchBytesInPSPMemory(bytes, sizeof(bytes)); + //GROWL_DWORD(addr); + if (!addr) + ConsoleOutput("CYBERFRONT PSP: pattern not found"); + else { + HookParam hp; + hp.address = addr + addr_offset; + hp.user_value = *(DWORD *)(hp.address + memory_offset); + hp.type = USING_STRING|USING_SPLIT|NO_CONTEXT; + //hp.offset=get_reg(regs::eax); + hp.text_fun = SpecialPSPHookCyberfront; + ConsoleOutput("CYBERFRONT PSP: INSERT"); + succ|=NewHook(hp, "CYBERFRONT PSP"); + } + + ConsoleOutput("CYBERFRONT PSP: leave"); + return succ; +} + + +/** 7/19/2014 jichi yetigame.jp PSP engine, 0.9.8, 0.9.9 + * Sample game: Secret Game Portable 0.9.8/0.9.9 + * + * Float memory addresses: two matches + * + * Debug method: find current sentence, then find next sentence in the memory + * and add break-points. Need to patch 1 leading \u3000 space. + * + * It seems that each time I ran the game, the instruction pattern would change?! + * == The second time I ran the game == + * + * 14e49ed9 90 nop + * 14e49eda cc int3 + * 14e49edb cc int3 + * 14e49edc 77 0f ja short 14e49eed + * 14e49ede c705 a8aa1001 98>mov dword ptr ds:[0x110aaa8],0x885ff98 + * 14e49ee8 -e9 17619eee jmp 03830004 + * 14e49eed 8b35 70a71001 mov esi,dword ptr ds:[0x110a770] + * 14e49ef3 c1ee 1f shr esi,0x1f + * 14e49ef6 8b05 b4a71001 mov eax,dword ptr ds:[0x110a7b4] + * 14e49efc 81e0 ffffff3f and eax,0x3fffffff + * 14e49f02 8bb8 14deff07 mov edi,dword ptr ds:[eax+0x7ffde14] + * 14e49f08 0335 70a71001 add esi,dword ptr ds:[0x110a770] + * 14e49f0e d1fe sar esi,1 + * 14e49f10 8b05 b0a71001 mov eax,dword ptr ds:[0x110a7b0] + * 14e49f16 81e0 ffffff3f and eax,0x3fffffff + * 14e49f1c 89b8 00000008 mov dword ptr ds:[eax+0x8000000],edi + * 14e49f22 8b05 dca71001 mov eax,dword ptr ds:[0x110a7dc] + * 14e49f28 81e0 ffffff3f and eax,0x3fffffff + * 14e49f2e 89b0 30000008 mov dword ptr ds:[eax+0x8000030],esi + * 14e49f34 8b05 b4a71001 mov eax,dword ptr ds:[0x110a7b4] + * 14e49f3a 81e0 ffffff3f and eax,0x3fffffff + * 14e49f40 8ba8 14deff07 mov ebp,dword ptr ds:[eax+0x7ffde14] + * 14e49f46 8bc5 mov eax,ebp + * 14e49f48 81e0 ffffff3f and eax,0x3fffffff + * 14e49f4e 0fb6b0 00000008 movzx esi,byte ptr ds:[eax+0x8000000] ; jichi: hook here + * 14e49f55 8d6d 01 lea ebp,dword ptr ss:[ebp+0x1] + * 14e49f58 8b05 b4a71001 mov eax,dword ptr ds:[0x110a7b4] + * + * == The first time I ran the game == + * There are a couple of good break-points, as follows. + * Only the second function is hooked. + * + * 138cf7a2 cc int3 + * 138cf7a3 cc int3 + * 138cf7a4 77 0f ja short 138cf7b5 + * 138cf7a6 c705 a8aa1001 90>mov dword ptr ds:[0x110aaa8],0x885ff90 + * 138cf7b0 -e9 4f08a9f3 jmp 07360004 + * 138cf7b5 8b05 b4a71001 mov eax,dword ptr ds:[0x110a7b4] + * 138cf7bb 81e0 ffffff3f and eax,0x3fffffff + * 138cf7c1 8bb0 14de7f07 mov esi,dword ptr ds:[eax+0x77fde14] + * 138cf7c7 8935 78a71001 mov dword ptr ds:[0x110a778],esi + * 138cf7cd c705 e4a71001 98>mov dword ptr ds:[0x110a7e4],0x885ff98 + * 138cf7d7 832d c4aa1001 02 sub dword ptr ds:[0x110aac4],0x2 + * 138cf7de e9 0d000000 jmp 138cf7f0 + * 138cf7e3 015c48 85 add dword ptr ds:[eax+ecx*2-0x7b],ebx + * 138cf7e7 08e9 or cl,ch + * 138cf7e9 36:08a9 f390cccc or byte ptr ss:[ecx+0xcccc90f3],ch + * 138cf7f0 77 0f ja short 138cf801 + * 138cf7f2 c705 a8aa1001 5c>mov dword ptr ds:[0x110aaa8],0x885485c + * 138cf7fc -e9 0308a9f3 jmp 07360004 + * 138cf801 8b05 78a71001 mov eax,dword ptr ds:[0x110a778] + * 138cf807 81e0 ffffff3f and eax,0x3fffffff + * 138cf80d 0fb6b0 00008007 movzx esi,byte ptr ds:[eax+0x7800000] ; jichi: hook here + * 138cf814 81fe 00000000 cmp esi,0x0 + * 138cf81a 8935 74a71001 mov dword ptr ds:[0x110a774],esi + * 138cf820 c705 80a71001 00>mov dword ptr ds:[0x110a780],0x0 + * 138cf82a c705 84a71001 25>mov dword ptr ds:[0x110a784],0x25 + * 138cf834 c705 88a71001 4e>mov dword ptr ds:[0x110a788],0x4e + * 138cf83e c705 8ca71001 6e>mov dword ptr ds:[0x110a78c],0x6e + * 138cf848 0f85 16000000 jnz 138cf864 + * 138cf84e 832d c4aa1001 06 sub dword ptr ds:[0x110aac4],0x6 + * 138cf855 e9 b6010000 jmp 138cfa10 + * 138cf85a 01bc48 8508e9bf add dword ptr ds:[eax+ecx*2+0xbfe90885],> + * 138cf861 07 pop es ; modification of segment register + * 138cf862 a9 f3832dc4 test eax,0xc42d83f3 + * 138cf867 aa stos byte ptr es:[edi] + * 138cf868 1001 adc byte ptr ds:[ecx],al + * 138cf86a 06 push es + * 138cf86b e9 0c000000 jmp 138cf87c + * 138cf870 017448 85 add dword ptr ds:[eax+ecx*2-0x7b],esi + * 138cf874 08e9 or cl,ch + * 138cf876 a9 07a9f390 test eax,0x90f3a907 + * 138cf87b cc int3 + * + * This function is used. + * 138cfa46 cc int3 + * 138cfa47 cc int3 + * 138cfa48 77 0f ja short 138cfa59 + * 138cfa4a c705 a8aa1001 98>mov dword ptr ds:[0x110aaa8],0x885ff98 + * 138cfa54 -e9 ab05a9f3 jmp 07360004 + * 138cfa59 8b35 70a71001 mov esi,dword ptr ds:[0x110a770] + * 138cfa5f c1ee 1f shr esi,0x1f + * 138cfa62 8b05 b4a71001 mov eax,dword ptr ds:[0x110a7b4] + * 138cfa68 81e0 ffffff3f and eax,0x3fffffff + * 138cfa6e 8bb8 14de7f07 mov edi,dword ptr ds:[eax+0x77fde14] + * 138cfa74 0335 70a71001 add esi,dword ptr ds:[0x110a770] + * 138cfa7a d1fe sar esi,1 + * 138cfa7c 8b05 b0a71001 mov eax,dword ptr ds:[0x110a7b0] + * 138cfa82 81e0 ffffff3f and eax,0x3fffffff + * 138cfa88 89b8 00008007 mov dword ptr ds:[eax+0x7800000],edi + * 138cfa8e 8b05 dca71001 mov eax,dword ptr ds:[0x110a7dc] + * 138cfa94 81e0 ffffff3f and eax,0x3fffffff + * 138cfa9a 89b0 30008007 mov dword ptr ds:[eax+0x7800030],esi + * 138cfaa0 8b05 b4a71001 mov eax,dword ptr ds:[0x110a7b4] + * 138cfaa6 81e0 ffffff3f and eax,0x3fffffff + * 138cfaac 8ba8 14de7f07 mov ebp,dword ptr ds:[eax+0x77fde14] + * 138cfab2 8bc5 mov eax,ebp + * 138cfab4 81e0 ffffff3f and eax,0x3fffffff + * 138cfaba 0fb6b0 00008007 movzx esi,byte ptr ds:[eax+0x7800000] ; jichi: hook here + * 138cfac1 8d6d 01 lea ebp,dword ptr ss:[ebp+0x1] + * 138cfac4 8b05 b4a71001 mov eax,dword ptr ds:[0x110a7b4] + * 138cfaca 81e0 ffffff3f and eax,0x3fffffff + * 138cfad0 89a8 14de7f07 mov dword ptr ds:[eax+0x77fde14],ebp + * 138cfad6 81fe 00000000 cmp esi,0x0 + * 138cfadc 892d 70a71001 mov dword ptr ds:[0x110a770],ebp + * 138cfae2 8935 74a71001 mov dword ptr ds:[0x110a774],esi + * 138cfae8 893d aca71001 mov dword ptr ds:[0x110a7ac],edi + * 138cfaee 0f84 16000000 je 138cfb0a + * 138cfaf4 832d c4aa1001 0b sub dword ptr ds:[0x110aac4],0xb + * 138cfafb e9 24000000 jmp 138cfb24 + * 138cfb00 01b0 ff8508e9 add dword ptr ds:[eax+0xe90885ff],esi + * 138cfb06 1905 a9f3832d sbb dword ptr ds:[0x2d83f3a9],eax + * 138cfb0c c4aa 10010be9 les ebp,fword ptr ds:[edx+0xe90b0110] ; modification of segment register + * 138cfb12 9a 00000001 c4ff call far ffc4:01000000 ; far call + * 138cfb19 8508 test dword ptr ds:[eax],ecx + * 138cfb1b -e9 0305a9f3 jmp 07360023 + * 138cfb20 90 nop + * 138cfb21 cc int3 + * 138cfb22 cc int3 + * + * 138cfb22 cc int3 + * 138cfb23 cc int3 + * 138cfb24 77 0f ja short 138cfb35 + * 138cfb26 c705 a8aa1001 b0>mov dword ptr ds:[0x110aaa8],0x885ffb0 + * 138cfb30 -e9 cf04a9f3 jmp 07360004 + * 138cfb35 8b05 b4a71001 mov eax,dword ptr ds:[0x110a7b4] + * 138cfb3b 81e0 ffffff3f and eax,0x3fffffff + * 138cfb41 8bb0 14de7f07 mov esi,dword ptr ds:[eax+0x77fde14] + * 138cfb47 8bc6 mov eax,esi + * 138cfb49 81e0 ffffff3f and eax,0x3fffffff + * 138cfb4f 0fb6b8 00008007 movzx edi,byte ptr ds:[eax+0x7800000] ; jichi: hook here + * 138cfb56 8d76 01 lea esi,dword ptr ds:[esi+0x1] + * 138cfb59 8b05 b4a71001 mov eax,dword ptr ds:[0x110a7b4] + * 138cfb5f 81e0 ffffff3f and eax,0x3fffffff + * 138cfb65 89b0 14de7f07 mov dword ptr ds:[eax+0x77fde14],esi + * 138cfb6b 81ff 00000000 cmp edi,0x0 + * 138cfb71 8935 70a71001 mov dword ptr ds:[0x110a770],esi + * 138cfb77 893d 74a71001 mov dword ptr ds:[0x110a774],edi + * 138cfb7d 0f84 16000000 je 138cfb99 + * 138cfb83 832d c4aa1001 05 sub dword ptr ds:[0x110aac4],0x5 + * 138cfb8a ^e9 95ffffff jmp 138cfb24 + * 138cfb8f 01b0 ff8508e9 add dword ptr ds:[eax+0xe90885ff],esi + * 138cfb95 8a04a9 mov al,byte ptr ds:[ecx+ebp*4] + * 138cfb98 f3: prefix rep: ; superfluous prefix + * 138cfb99 832d c4aa1001 05 sub dword ptr ds:[0x110aac4],0x5 + * 138cfba0 e9 0b000000 jmp 138cfbb0 + * 138cfba5 01c4 add esp,eax + * 138cfba7 ff85 08e97404 inc dword ptr ss:[ebp+0x474e908] + * 138cfbad a9 f390770f test eax,0xf7790f3 + * 138cfbb2 c705 a8aa1001 c4>mov dword ptr ds:[0x110aaa8],0x885ffc4 + * 138cfbbc -e9 4304a9f3 jmp 07360004 + * 138cfbc1 f3:0f1015 6c1609>movss xmm2,dword ptr ds:[0x1009166c] + * 138cfbc9 8b05 b0a71001 mov eax,dword ptr ds:[0x110a7b0] + * 138cfbcf 81e0 ffffff3f and eax,0x3fffffff + * 138cfbd5 8bb0 00008007 mov esi,dword ptr ds:[eax+0x7800000] + * 138cfbdb f3:0f101d 641609>movss xmm3,dword ptr ds:[0x10091664] + * 138cfbe3 c7c7 00000000 mov edi,0x0 + * 138cfbe9 893d f4b12b11 mov dword ptr ds:[0x112bb1f4],edi + * 138cfbef 8bc6 mov eax,esi + * 138cfbf1 81e0 ffffff3f and eax,0x3fffffff + * 138cfbf7 0fb6a8 00008007 movzx ebp,byte ptr ds:[eax+0x7800000] ; jichi: hook here + * 138cfbfe 81fd 00000000 cmp ebp,0x0 + * 138cfc04 c705 70a71001 00>mov dword ptr ds:[0x110a770],0x9ac0000 + * 138cfc0e c705 74a71001 00>mov dword ptr ds:[0x110a774],0x8890000 + * 138cfc18 892d a8a71001 mov dword ptr ds:[0x110a7a8],ebp + * 138cfc1e 8935 aca71001 mov dword ptr ds:[0x110a7ac],esi + * 138cfc24 c705 b4a71001 00>mov dword ptr ds:[0x110a7b4],0x8890000 + * 138cfc2e c705 b8a71001 80>mov dword ptr ds:[0x110a7b8],0x80 + * 138cfc38 c705 bca71001 00>mov dword ptr ds:[0x110a7bc],0x0 + * 138cfc42 c705 e0a71001 00>mov dword ptr ds:[0x110a7e0],0x0 + * 138cfc4c f3:0f111d 3ca810>movss dword ptr ds:[0x110a83c],xmm3 + * 138cfc54 f3:0f1115 40a810>movss dword ptr ds:[0x110a840],xmm2 + * 138cfc5c 0f85 16000000 jnz 138cfc78 + * 138cfc62 832d c4aa1001 0d sub dword ptr ds:[0x110aac4],0xd + * 138cfc69 e9 32270000 jmp 138d23a0 + * 138cfc6e 0158 00 add dword ptr ds:[eax],ebx + * 138cfc71 8608 xchg byte ptr ds:[eax],cl + * 138cfc73 -e9 ab03a9f3 jmp 07360023 + * 138cfc78 832d c4aa1001 0d sub dword ptr ds:[0x110aac4],0xd + * 138cfc7f e9 0c000000 jmp 138cfc90 + * 138cfc84 01f8 add eax,edi + * 138cfc86 ff85 08e99503 inc dword ptr ss:[ebp+0x395e908] + * 138cfc8c a9 f390cc77 test eax,0x77cc90f3 + * 138cfc91 0fc7 ??? ; unknown command + * 138cfc93 05 a8aa1001 add eax,0x110aaa8 + * 138cfc98 f8 clc + * 138cfc99 ff85 08e96303 inc dword ptr ss:[ebp+0x363e908] + * 138cfc9f a9 f38b35ac test eax,0xac358bf3 + * 138cfca4 a7 cmps dword ptr ds:[esi],dword ptr es:[ed> + * 138cfca5 1001 adc byte ptr ds:[ecx],al + * 138cfca7 8b3d b4a71001 mov edi,dword ptr ds:[0x110a7b4] + * 138cfcad 81c7 48d6ffff add edi,-0x29b8 + * 138cfcb3 8935 78a71001 mov dword ptr ds:[0x110a778],esi + * 138cfcb9 893d 7ca71001 mov dword ptr ds:[0x110a77c],edi + * 138cfcbf c705 80a71001 02>mov dword ptr ds:[0x110a780],0x2 + * 138cfcc9 c705 e4a71001 08>mov dword ptr ds:[0x110a7e4],0x8860008 + * 138cfcd3 832d c4aa1001 04 sub dword ptr ds:[0x110aac4],0x4 + * 138cfcda ^e9 4914f4ff jmp 13811128 + * 138cfcdf 90 nop + * 138cfce0 77 0f ja short 138cfcf1 + * 138cfce2 c705 a8aa1001 74>mov dword ptr ds:[0x110aaa8],0x8844574 + * 138cfcec -e9 1303a9f3 jmp 07360004 + * 138cfcf1 8b35 84a71001 mov esi,dword ptr ds:[0x110a784] + * 138cfcf7 81c6 ffffffff add esi,-0x1 + * 138cfcfd 813d 84a71001 00>cmp dword ptr ds:[0x110a784],0x0 + * 138cfd07 8935 8ca71001 mov dword ptr ds:[0x110a78c],esi + * 138cfd0d 0f85 16000000 jnz 138cfd29 + * 138cfd13 832d c4aa1001 02 sub dword ptr ds:[0x110aac4],0x2 + * 138cfd1a c705 a8aa1001 e0>mov dword ptr ds:[0x110aaa8],0x88445e0 + * 138cfd24 -e9 fa02a9f3 jmp 07360023 + * 138cfd29 832d c4aa1001 02 sub dword ptr ds:[0x110aac4],0x2 + * 138cfd30 ^e9 ab15f4ff jmp 138112e0 + * 138cfd35 90 nop + * 138cfd36 cc int3 + * 138cfd37 cc int3 + * + * 13811266 cc int3 + * 13811267 cc int3 + * 13811268 77 0f ja short 13811279 + * 1381126a c705 a8aa1001 b0>mov dword ptr ds:[0x110aaa8],0x88445b0 + * 13811274 -e9 8bedb4f3 jmp 07360004 + * 13811279 8b35 8ca71001 mov esi,dword ptr ds:[0x110a78c] + * 1381127f 8b3d 88a71001 mov edi,dword ptr ds:[0x110a788] + * 13811285 8b2d 84a71001 mov ebp,dword ptr ds:[0x110a784] + * 1381128b 81c5 ffffffff add ebp,-0x1 + * 13811291 813d 84a71001 00>cmp dword ptr ds:[0x110a784],0x0 + * 1381129b 8935 78a71001 mov dword ptr ds:[0x110a778],esi + * 138112a1 893d 7ca71001 mov dword ptr ds:[0x110a77c],edi + * 138112a7 892d 8ca71001 mov dword ptr ds:[0x110a78c],ebp + * 138112ad 0f84 16000000 je 138112c9 + * 138112b3 832d c4aa1001 04 sub dword ptr ds:[0x110aac4],0x4 + * 138112ba e9 21000000 jmp 138112e0 + * 138112bf 017c45 84 add dword ptr ss:[ebp+eax*2-0x7c],edi + * 138112c3 08e9 or cl,ch + * 138112c5 5a pop edx + * 138112c6 ed in eax,dx ; i/o command + * 138112c7 b4 f3 mov ah,0xf3 + * 138112c9 832d c4aa1001 04 sub dword ptr ds:[0x110aac4],0x4 + * 138112d0 c705 a8aa1001 c0>mov dword ptr ds:[0x110aaa8],0x88445c0 + * 138112da -e9 44edb4f3 jmp 07360023 + * 138112df 90 nop + * 138112e0 77 0f ja short 138112f1 + * 138112e2 c705 a8aa1001 7c>mov dword ptr ds:[0x110aaa8],0x884457c + * 138112ec -e9 13edb4f3 jmp 07360004 + * 138112f1 8b05 7ca71001 mov eax,dword ptr ds:[0x110a77c] + * 138112f7 81e0 ffffff3f and eax,0x3fffffff + * 138112fd 0fb6b0 00008007 movzx esi,byte ptr ds:[eax+0x7800000] ; jichi: hook here + * 13811304 8b05 78a71001 mov eax,dword ptr ds:[0x110a778] + * 1381130a 81e0 ffffff3f and eax,0x3fffffff + * 13811310 0fbeb8 00008007 movsx edi,byte ptr ds:[eax+0x7800000] ; jichi: hook here + * 13811317 8bc6 mov eax,esi + * 13811319 0fbee8 movsx ebp,al + * 1381131c 3bef cmp ebp,edi + * 1381131e 893d 70a71001 mov dword ptr ds:[0x110a770],edi + * 13811324 892d 74a71001 mov dword ptr ds:[0x110a774],ebp + * 1381132a 8935 80a71001 mov dword ptr ds:[0x110a780],esi + * 13811330 0f85 16000000 jnz 1381134c + * 13811336 832d c4aa1001 05 sub dword ptr ds:[0x110aac4],0x5 + * 1381133d e9 56110000 jmp 13812498 + * 13811342 01c8 add eax,ecx + * 13811344 45 inc ebp + * 13811345 8408 test byte ptr ds:[eax],cl + * 13811347 -e9 d7ecb4f3 jmp 07360023 + * 1381134c 832d c4aa1001 05 sub dword ptr ds:[0x110aac4],0x5 + * 13811353 e9 0c000000 jmp 13811364 + * 13811358 0190 458408e9 add dword ptr ds:[eax+0xe9088445],edx + * 1381135e c1ec b4 shr esp,0xb4 ; shift constant out of range 1..31 + * 13811361 f3: prefix rep: ; superfluous prefix + * 13811362 90 nop + * 13811363 cc int3 + * + * 13811362 90 nop + * 13811363 cc int3 + * 13811364 77 0f ja short 13811375 + * 13811366 c705 a8aa1001 90>mov dword ptr ds:[0x110aaa8],0x8844590 + * 13811370 -e9 8fecb4f3 jmp 07360004 + * 13811375 8b05 78a71001 mov eax,dword ptr ds:[0x110a778] + * 1381137b 81e0 ffffff3f and eax,0x3fffffff + * 13811381 0fb6b0 00008007 movzx esi,byte ptr ds:[eax+0x7800000] ; jichi: hook here + * 13811388 81e6 ff000000 and esi,0xff + * 1381138e 8b3d 80a71001 mov edi,dword ptr ds:[0x110a780] + * 13811394 81e7 ff000000 and edi,0xff + * 1381139a 8bc7 mov eax,edi + * 1381139c 8bfe mov edi,esi + * 1381139e 2bf8 sub edi,eax + * 138113a0 8b05 e4a71001 mov eax,dword ptr ds:[0x110a7e4] + * 138113a6 893d 70a71001 mov dword ptr ds:[0x110a770],edi + * 138113ac 8935 74a71001 mov dword ptr ds:[0x110a774],esi + * 138113b2 8905 a8aa1001 mov dword ptr ds:[0x110aaa8],eax + * 138113b8 832d c4aa1001 05 sub dword ptr ds:[0x110aac4],0x5 + * 138113bf -e9 5fecb4f3 jmp 07360023 + * 138113c4 90 nop + * 138113c5 cc int3 + * 138113c6 cc int3 + * 138113c7 cc int3 + * + * 138124f2 cc int3 + * 138124f3 cc int3 + * 138124f4 77 0f ja short 13812505 + * 138124f6 c705 a8aa1001 d0>mov dword ptr ds:[0x110aaa8],0x88445d0 + * 13812500 -e9 ffdab4f3 jmp 07360004 + * 13812505 813d 74a71001 00>cmp dword ptr ds:[0x110a774],0x0 + * 1381250f c705 90a71001 00>mov dword ptr ds:[0x110a790],0x0 + * 13812519 0f84 16000000 je 13812535 + * 1381251f 832d c4aa1001 02 sub dword ptr ds:[0x110aac4],0x2 + * 13812526 e9 21000000 jmp 1381254c + * 1381252b 018446 8408e9ee add dword ptr ds:[esi+eax*2+0xeee90884],> + * 13812532 dab4f3 832dc4aa fidiv dword ptr ds:[ebx+esi*8+0xaac42d83> + * 13812539 1001 adc byte ptr ds:[ecx],al + * 1381253b 02e9 add ch,cl + * 1381253d 3302 xor eax,dword ptr ds:[edx] + * 1381253f 0000 add byte ptr ds:[eax],al + * 13812541 01d8 add eax,ebx + * 13812543 45 inc ebp + * 13812544 8408 test byte ptr ds:[eax],cl + * 13812546 -e9 d8dab4f3 jmp 07360023 + * 1381254b 90 nop + * 1381254c 77 0f ja short 1381255d + * 1381254e c705 a8aa1001 84>mov dword ptr ds:[0x110aaa8],0x8844684 + * 13812558 -e9 a7dab4f3 jmp 07360004 + * 1381255d 8b35 78a71001 mov esi,dword ptr ds:[0x110a778] + * 13812563 0335 8ca71001 add esi,dword ptr ds:[0x110a78c] + * 13812569 8b3d 88a71001 mov edi,dword ptr ds:[0x110a788] + * 1381256f 8d7f 01 lea edi,dword ptr ds:[edi+0x1] + * 13812572 8b2d 7ca71001 mov ebp,dword ptr ds:[0x110a77c] + * 13812578 8d6d 01 lea ebp,dword ptr ss:[ebp+0x1] + * 1381257b 8b15 90a71001 mov edx,dword ptr ds:[0x110a790] + * 13812581 3b15 8ca71001 cmp edx,dword ptr ds:[0x110a78c] + * 13812587 892d 7ca71001 mov dword ptr ds:[0x110a77c],ebp + * 1381258d 893d 88a71001 mov dword ptr ds:[0x110a788],edi + * 13812593 8935 94a71001 mov dword ptr ds:[0x110a794],esi + * 13812599 0f85 16000000 jnz 138125b5 + * 1381259f 832d c4aa1001 04 sub dword ptr ds:[0x110aac4],0x4 + * 138125a6 c705 a8aa1001 c4>mov dword ptr ds:[0x110aaa8],0x88446c4 + * 138125b0 -e9 6edab4f3 jmp 07360023 + * 138125b5 832d c4aa1001 04 sub dword ptr ds:[0x110aac4],0x4 + * 138125bc e9 0b000000 jmp 138125cc + * 138125c1 019446 8408e958 add dword ptr ds:[esi+eax*2+0x58e90884],> + * 138125c8 dab4f3 90770fc7 fidiv dword ptr ds:[ebx+esi*8+0xc70f7790> + * 138125cf 05 a8aa1001 add eax,0x110aaa8 + * 138125d4 94 xchg eax,esp + * 138125d5 46 inc esi + * 138125d6 8408 test byte ptr ds:[eax],cl + * 138125d8 -e9 27dab4f3 jmp 07360004 + * 138125dd 8b05 88a71001 mov eax,dword ptr ds:[0x110a788] + * 138125e3 81e0 ffffff3f and eax,0x3fffffff + * 138125e9 0fb6b0 00008007 movzx esi,byte ptr ds:[eax+0x7800000] ; jichi: hook here + * 138125f0 8b05 7ca71001 mov eax,dword ptr ds:[0x110a77c] + * 138125f6 81e0 ffffff3f and eax,0x3fffffff + * 138125fc 0fb6b8 00008007 movzx edi,byte ptr ds:[eax+0x7800000] + * 13812603 8bc6 mov eax,esi + * 13812605 0fbee8 movsx ebp,al + * 13812608 8bc7 mov eax,edi + * 1381260a 0fbed0 movsx edx,al + * 1381260d 8b0d 90a71001 mov ecx,dword ptr ds:[0x110a790] + * 13812613 8d49 01 lea ecx,dword ptr ds:[ecx+0x1] + * 13812616 3bd5 cmp edx,ebp + * 13812618 892d 70a71001 mov dword ptr ds:[0x110a770],ebp + * 1381261e 8935 74a71001 mov dword ptr ds:[0x110a774],esi + * 13812624 893d 80a71001 mov dword ptr ds:[0x110a780],edi + * 1381262a 8915 84a71001 mov dword ptr ds:[0x110a784],edx + * 13812630 890d 90a71001 mov dword ptr ds:[0x110a790],ecx + * 13812636 0f84 16000000 je 13812652 + * 1381263c 832d c4aa1001 06 sub dword ptr ds:[0x110aac4],0x6 + * 13812643 e9 98d70b00 jmp 138cfde0 + * 13812648 019445 8408e9d1 add dword ptr ss:[ebp+eax*2+0xd1e90884],> + * 1381264f d9b4f3 832dc4aa fstenv (28-byte) ptr ds:[ebx+esi*8+0xaac> + * 13812656 1001 adc byte ptr ds:[ecx],al + * 13812658 06 push es + * 13812659 e9 0e000000 jmp 1381266c + * 1381265e 01ac46 8408e9bb add dword ptr ds:[esi+eax*2+0xbbe90884],> + * 13812665 d9b4f3 90cccccc fstenv (28-byte) ptr ds:[ebx+esi*8+0xccc> + * 1381266c 77 0f ja short 1381267d + * 1381266e c705 a8aa1001 ac>mov dword ptr ds:[0x110aaa8],0x88446ac + * 13812678 -e9 87d9b4f3 jmp 07360004 + * 1381267d 8b35 88a71001 mov esi,dword ptr ds:[0x110a788] + * 13812683 3b35 94a71001 cmp esi,dword ptr ds:[0x110a794] + * 13812689 0f85 16000000 jnz 138126a5 + * 1381268f 832d c4aa1001 02 sub dword ptr ds:[0x110aac4],0x2 + * 13812696 e9 d9000000 jmp 13812774 + * 1381269b 01d8 add eax,ebx + * 1381269d 45 inc ebp + * 1381269e 8408 test byte ptr ds:[eax],cl + * 138126a0 -e9 7ed9b4f3 jmp 07360023 + * 138126a5 832d c4aa1001 02 sub dword ptr ds:[0x110aac4],0x2 + * 138126ac e9 0b000000 jmp 138126bc + * 138126b1 01b446 8408e968 add dword ptr ds:[esi+eax*2+0x68e90884],> + * 138126b8 d9b4f3 90770fc7 fstenv (28-byte) ptr ds:[ebx+esi*8+0xc70> + * 138126bf 05 a8aa1001 add eax,0x110aaa8 + * 138126c4 b4 46 mov ah,0x46 + * 138126c6 8408 test byte ptr ds:[eax],cl + * 138126c8 -e9 37d9b4f3 jmp 07360004 + * 138126cd 8b35 88a71001 mov esi,dword ptr ds:[0x110a788] + * 138126d3 8d76 01 lea esi,dword ptr ds:[esi+0x1] + * 138126d6 813d 84a71001 00>cmp dword ptr ds:[0x110a784],0x0 + * 138126e0 8935 88a71001 mov dword ptr ds:[0x110a788],esi + * 138126e6 0f84 16000000 je 13812702 + * 138126ec 832d c4aa1001 02 sub dword ptr ds:[0x110aac4],0x2 + * 138126f3 e9 24000000 jmp 1381271c + * 138126f8 018c46 8408e921 add dword ptr ds:[esi+eax*2+0x21e90884],> + * 138126ff d9b4f3 832dc4aa fstenv (28-byte) ptr ds:[ebx+esi*8+0xaac> + * 13812706 1001 adc byte ptr ds:[ecx],al + * 13812708 02c7 add al,bh + * 1381270a 05 a8aa1001 add eax,0x110aaa8 + * 1381270f bc 468408e9 mov esp,0xe9088446 + * 13812714 0bd9 or ebx,ecx + * 13812716 b4 f3 mov ah,0xf3 + * 13812718 90 nop + * 13812719 cc int3 + * 1381271a cc int3 + * 1381271b cc int3 + * + * This function is very similar to Imageepoch, and can have duplicate text + * 138d1486 cc int3 + * 138d1487 cc int3 + * 138d1488 77 0f ja short 138d1499 + * 138d148a c705 a8aa1001 2c>mov dword ptr ds:[0x110aaa8],0x884452c + * 138d1494 -e9 6beba8f3 jmp 07360004 + * 138d1499 8b05 7ca71001 mov eax,dword ptr ds:[0x110a77c] + * 138d149f 81e0 ffffff3f and eax,0x3fffffff + * 138d14a5 0fbeb0 00008007 movsx esi,byte ptr ds:[eax+0x7800000] ; jichi: hook here + * 138d14ac 8b3d 7ca71001 mov edi,dword ptr ds:[0x110a77c] + * 138d14b2 8d7f 01 lea edi,dword ptr ds:[edi+0x1] + * 138d14b5 8b05 74a71001 mov eax,dword ptr ds:[0x110a774] + * 138d14bb 81e0 ffffff3f and eax,0x3fffffff + * 138d14c1 8bd6 mov edx,esi + * 138d14c3 8890 00008007 mov byte ptr ds:[eax+0x7800000],dl + * 138d14c9 8b2d 74a71001 mov ebp,dword ptr ds:[0x110a774] + * 138d14cf 8d6d 01 lea ebp,dword ptr ss:[ebp+0x1] + * 138d14d2 81fe 00000000 cmp esi,0x0 + * 138d14d8 8935 70a71001 mov dword ptr ds:[0x110a770],esi + * 138d14de 892d 74a71001 mov dword ptr ds:[0x110a774],ebp + * 138d14e4 893d 7ca71001 mov dword ptr ds:[0x110a77c],edi + * 138d14ea 0f85 16000000 jnz 138d1506 + * 138d14f0 832d c4aa1001 05 sub dword ptr ds:[0x110aac4],0x5 + * 138d14f7 e9 e8000000 jmp 138d15e4 + * 138d14fc 015445 84 add dword ptr ss:[ebp+eax*2-0x7c],edx + * 138d1500 08e9 or cl,ch + * 138d1502 1d eba8f383 sbb eax,0x83f3a8eb + * 138d1507 2d c4aa1001 sub eax,0x110aac4 + * 138d150c 05 e90e0000 add eax,0xee9 + * 138d1511 0001 add byte ptr ds:[ecx],al + * 138d1513 40 inc eax + * 138d1514 45 inc ebp + * 138d1515 8408 test byte ptr ds:[eax],cl + * 138d1517 -e9 07eba8f3 jmp 07360023 + * 138d151c 90 nop + * 138d151d cc int3 + * 138d151e cc int3 + * 138d151f cc int3 + */ +//static void SpecialPSPHookYeti(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) +//{ +// //enum { base = 0x7400000 }; +// DWORD eax = regof(eax, esp_base); +// LPCSTR text = LPCSTR(eax + hp->user_value); +// if (*text) { +// *data = (DWORD)text; +// *len = ::strlen(text); // SHIFT-JIS +// //*split = regof(ecx, esp_base); // ecx is bad that will split text threads +// //*split = FIXED_SPLIT_VALUE; // Similar to 5pb, it only has one thread? +// //*split = regof(ebx, esp_base); // value of ebx is splitting +// *split = FIXED_SPLIT_VALUE << 1; // * 2 to make it unique +// } +//} + +bool InsertYetiPSPHook() +{ + ConsoleOutput("Yeti PSP: enter"); + const BYTE bytes[] = { + //0xcc, // 14e49edb cc int3 + 0x77, 0x0f, // 14e49edc 77 0f ja short 14e49eed + 0xc7,0x05, XX8, // 14e49ede c705 a8aa1001 98>mov dword ptr ds:[0x110aaa8],0x885ff98 + 0xe9, XX4, // 14e49ee8 -e9 17619eee jmp 03830004 + 0x8b,0x35, XX4, // 14e49eed 8b35 70a71001 mov esi,dword ptr ds:[0x110a770] + 0xc1,0xee, 0x1f, // 14e49ef3 c1ee 1f shr esi,0x1f + 0x8b,0x05, XX4, // 14e49ef6 8b05 b4a71001 mov eax,dword ptr ds:[0x110a7b4] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 14e49efc 81e0 ffffff3f and eax,0x3fffffff + 0x8b,0xb8, XX4, // 14e49f02 8bb8 14deff07 mov edi,dword ptr ds:[eax+0x7ffde14] + 0x03,0x35, XX4, // 14e49f08 0335 70a71001 add esi,dword ptr ds:[0x110a770] + 0xd1,0xfe, // 14e49f0e d1fe sar esi,1 + 0x8b,0x05, XX4, // 14e49f10 8b05 b0a71001 mov eax,dword ptr ds:[0x110a7b0] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 14e49f16 81e0 ffffff3f and eax,0x3fffffff + 0x89,0xb8, XX4, // 14e49f1c 89b8 00000008 mov dword ptr ds:[eax+0x8000000],edi + 0x8b,0x05, XX4, // 14e49f22 8b05 dca71001 mov eax,dword ptr ds:[0x110a7dc] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 14e49f28 81e0 ffffff3f and eax,0x3fffffff + 0x89,0xb0, XX4, // 14e49f2e 89b0 30000008 mov dword ptr ds:[eax+0x8000030],esi + 0x8b,0x05, XX4, // 14e49f34 8b05 b4a71001 mov eax,dword ptr ds:[0x110a7b4] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 14e49f3a 81e0 ffffff3f and eax,0x3fffffff + 0x8b,0xa8, XX4, // 14e49f40 8ba8 14deff07 mov ebp,dword ptr ds:[eax+0x7ffde14] + 0x8b,0xc5, // 14e49f46 8bc5 mov eax,ebp + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 14e49f48 81e0 ffffff3f and eax,0x3fffffff + 0x0f,0xb6,0xb0 //, XX4, // 14e49f4e 0fb6b0 00000008 movzx esi,byte ptr ds:[eax+0x8000000] ; jichi: hook here + }; + enum { memory_offset = 3 }; // 14e49f4e 0fb6b0 00000008 movzx esi,byte ptr ds:[eax+0x8000000] + enum { addr_offset = sizeof(bytes) - memory_offset }; + auto succ=false; + DWORD addr = SafeMatchBytesInPSPMemory(bytes, sizeof(bytes)); + if (!addr) + ConsoleOutput("Yeti PSP: pattern not found"); + else { + HookParam hp; + hp.address = addr + addr_offset; + hp.user_value = *(DWORD *)(hp.address + memory_offset); + hp.type = USING_STRING|USING_SPLIT|FIXING_SPLIT|NO_CONTEXT; // Fix the split value to merge all threads + hp.text_fun = SpecialPSPHook; + hp.offset=get_reg(regs::eax); + ConsoleOutput("Yeti PSP: INSERT"); + succ|=NewHook(hp, "Yeti PSP"); + } + + ConsoleOutput("Yeti PSP: leave"); + return succ; +} + +/** 7/19/2014 jichi Alternative Yeti PSP engine, 0.9.8, 0.9.9 + * Sample game: Never 7, 0.9.8 & 0.9.9 + * Sample game: ひまわり + * + * Do not work on 0.9.9 Ever17 (7/27/2014) + * + * + * This hook does not work for 12River. + * However, sceFont functions work. + * + * Memory address is FIXED. + * Debug method: breakpoint the memory address + * There are two matched memory address to the current text + * + * There are several functions. The first one is used. + * + * The text also has 5pb-like garbage, but it is difficult to trim. + * + * PPSSPP 0.9.8: + * + * 14289802 cc int3 + * 14289803 cc int3 + * 14289804 77 0f ja short 14289815 + * 14289806 c705 a8aa1001 58>mov dword ptr ds:[0x110aaa8],0x881ab58 + * 14289810 -e9 ef6767ef jmp 03900004 + * 14289815 8b35 74a71001 mov esi,dword ptr ds:[0x110a774] + * 1428981b 0335 78a71001 add esi,dword ptr ds:[0x110a778] + * 14289821 8b05 dca71001 mov eax,dword ptr ds:[0x110a7dc] + * 14289827 81e0 ffffff3f and eax,0x3fffffff + * 1428982d 8bb8 28004007 mov edi,dword ptr ds:[eax+0x7400028] + * 14289833 8bc6 mov eax,esi + * 14289835 81e0 ffffff3f and eax,0x3fffffff + * 1428983b 8bd7 mov edx,edi + * 1428983d 8890 10044007 mov byte ptr ds:[eax+0x7400410],dl + * 14289843 8b05 b0a71001 mov eax,dword ptr ds:[0x110a7b0] + * 14289849 81e0 ffffff3f and eax,0x3fffffff + * 1428984f 8bb8 84004007 mov edi,dword ptr ds:[eax+0x7400084] + * 14289855 8b05 aca71001 mov eax,dword ptr ds:[0x110a7ac] + * 1428985b 81e0 ffffff3f and eax,0x3fffffff + * 14289861 0fb6a8 00004007 movzx ebp,byte ptr ds:[eax+0x7400000] ; jichi: hook here + * 14289868 81ff 00000000 cmp edi,0x0 + * 1428986e 8935 70a71001 mov dword ptr ds:[0x110a770],esi + * 14289874 893d 74a71001 mov dword ptr ds:[0x110a774],edi + * 1428987a 892d 78a71001 mov dword ptr ds:[0x110a778],ebp + * 14289880 0f85 16000000 jnz 1428989c + * 14289886 832d c4aa1001 06 sub dword ptr ds:[0x110aac4],0x6 + * 1428988d c705 a8aa1001 ac>mov dword ptr ds:[0x110aaa8],0x881aeac + * 14289897 -e9 876767ef jmp 03900023 + * 1428989c 832d c4aa1001 06 sub dword ptr ds:[0x110aac4],0x6 + * 142898a3 e9 0c000000 jmp 142898b4 + * 142898a8 0170 ab add dword ptr ds:[eax-0x55],esi + * 142898ab 8108 e9716767 or dword ptr ds:[eax],0x676771e9 + * 142898b1 ef out dx,eax ; i/o command + * 142898b2 90 nop + * + * 142878ed cc int3 + * 142878ee cc int3 + * 142878ef cc int3 + * 142878f0 77 0f ja short 14287901 + * 142878f2 c705 a8aa1001 44>mov dword ptr ds:[0x110aaa8],0x8811e44 + * 142878fc -e9 038767ef jmp 03900004 + * 14287901 8b35 70a71001 mov esi,dword ptr ds:[0x110a770] + * 14287907 8b05 b0a71001 mov eax,dword ptr ds:[0x110a7b0] + * 1428790d 81e0 ffffff3f and eax,0x3fffffff + * 14287913 8bd6 mov edx,esi + * 14287915 8890 00004007 mov byte ptr ds:[eax+0x7400000],dl ; jichi: hook here + * 1428791b 8b05 a8a71001 mov eax,dword ptr ds:[0x110a7a8] + * 14287921 81e0 ffffff3f and eax,0x3fffffff + * 14287927 0fb6b8 00004007 movzx edi,byte ptr ds:[eax+0x7400000] + * 1428792e 8b2d aca71001 mov ebp,dword ptr ds:[0x110a7ac] + * 14287934 81c5 02000000 add ebp,0x2 + * 1428793a 8bd5 mov edx,ebp + * 1428793c 8915 aca71001 mov dword ptr ds:[0x110a7ac],edx + * 14287942 8b05 b0a71001 mov eax,dword ptr ds:[0x110a7b0] + * 14287948 81e0 ffffff3f and eax,0x3fffffff + * 1428794e 8bd7 mov edx,edi + * 14287950 8890 01004007 mov byte ptr ds:[eax+0x7400001],dl + * 14287956 8b15 b0a71001 mov edx,dword ptr ds:[0x110a7b0] + * 1428795c 8d52 02 lea edx,dword ptr ds:[edx+0x2] + * 1428795f 893d 74a71001 mov dword ptr ds:[0x110a774],edi + * 14287965 892d a8a71001 mov dword ptr ds:[0x110a7a8],ebp + * 1428796b 8915 b0a71001 mov dword ptr ds:[0x110a7b0],edx + * 14287971 832d c4aa1001 07 sub dword ptr ds:[0x110aac4],0x7 + * 14287978 e9 0b000000 jmp 14287988 + * 1428797d 01a8 1d8108e9 add dword ptr ds:[eax+0xe908811d],ebp + * 14287983 9c pushfd + * 14287984 8667 ef xchg byte ptr ds:[edi-0x11],ah + * 14287987 90 nop + * + * 14289a2a 90 nop + * 14289a2b cc int3 + * 14289a2c 77 0f ja short 14289a3d + * 14289a2e c705 a8aa1001 b4>mov dword ptr ds:[0x110aaa8],0x881abb4 + * 14289a38 -e9 c76567ef jmp 03900004 + * 14289a3d 8b05 dca71001 mov eax,dword ptr ds:[0x110a7dc] + * 14289a43 81e0 ffffff3f and eax,0x3fffffff + * 14289a49 8bb0 18004007 mov esi,dword ptr ds:[eax+0x7400018] + * 14289a4f 8b05 dca71001 mov eax,dword ptr ds:[0x110a7dc] + * 14289a55 81e0 ffffff3f and eax,0x3fffffff + * 14289a5b 8bb8 24004007 mov edi,dword ptr ds:[eax+0x7400024] + * 14289a61 8b2d 70a71001 mov ebp,dword ptr ds:[0x110a770] + * 14289a67 03ee add ebp,esi + * 14289a69 8b05 dca71001 mov eax,dword ptr ds:[0x110a7dc] + * 14289a6f 81e0 ffffff3f and eax,0x3fffffff + * 14289a75 8bb0 20004007 mov esi,dword ptr ds:[eax+0x7400020] + * 14289a7b 8bc5 mov eax,ebp + * 14289a7d 81e0 ffffff3f and eax,0x3fffffff + * 14289a83 66:89b8 c2034007 mov word ptr ds:[eax+0x74003c2],di + * 14289a8a 8bc5 mov eax,ebp + * 14289a8c 81e0 ffffff3f and eax,0x3fffffff + * 14289a92 66:89b0 c0034007 mov word ptr ds:[eax+0x74003c0],si + * 14289a99 8b05 aca71001 mov eax,dword ptr ds:[0x110a7ac] + * 14289a9f 81e0 ffffff3f and eax,0x3fffffff + * 14289aa5 0fb6b0 00004007 movzx esi,byte ptr ds:[eax+0x7400000] ; jichi: hook here + * 14289aac 81e6 ff000000 and esi,0xff + * 14289ab2 892d 70a71001 mov dword ptr ds:[0x110a770],ebp + * 14289ab8 893d 74a71001 mov dword ptr ds:[0x110a774],edi + * 14289abe 8935 78a71001 mov dword ptr ds:[0x110a778],esi + * 14289ac4 c705 e4a71001 d8>mov dword ptr ds:[0x110a7e4],0x881abd8 + * 14289ace 832d c4aa1001 09 sub dword ptr ds:[0x110aac4],0x9 + * 14289ad5 ^e9 d6c6f8ff jmp 142161b0 + * 14289ada 90 nop + * + * 14289adb cc int3 + * 14289adc 77 0f ja short 14289aed + * 14289ade c705 a8aa1001 d8>mov dword ptr ds:[0x110aaa8],0x881abd8 + * 14289ae8 -e9 176567ef jmp 03900004 + * 14289aed 813d 70a71001 00>cmp dword ptr ds:[0x110a770],0x0 + * 14289af7 0f85 2f000000 jnz 14289b2c + * 14289afd 8b05 aca71001 mov eax,dword ptr ds:[0x110a7ac] + * 14289b03 81e0 ffffff3f and eax,0x3fffffff + * 14289b09 0fb6b0 00004007 movzx esi,byte ptr ds:[eax+0x7400000] ; jichi: hook here + * 14289b10 8935 70a71001 mov dword ptr ds:[0x110a770],esi + * 14289b16 832d c4aa1001 02 sub dword ptr ds:[0x110aac4],0x2 + * 14289b1d e9 22000000 jmp 14289b44 + * 14289b22 0110 add dword ptr ds:[eax],edx + * 14289b24 af scas dword ptr es:[edi] + * 14289b25 8108 e9f76467 or dword ptr ds:[eax],0x6764f7e9 + * 14289b2b ef out dx,eax ; i/o command + * 14289b2c 832d c4aa1001 02 sub dword ptr ds:[0x110aac4],0x2 + * 14289b33 c705 a8aa1001 e0>mov dword ptr ds:[0x110aaa8],0x881abe0 + * 14289b3d -e9 e16467ef jmp 03900023 + * + * PPSSPP 0.9.9 (7/27/2014) + * + * 0ed85942 cc int3 + * 0ed85943 cc int3 + * 0ed85944 77 0f ja short 0ed85955 + * 0ed85946 c705 c84c1301 58>mov dword ptr ds:[0x1134cc8],0x881ab58 + * 0ed85950 -e9 afa6aef4 jmp 03870004 + * 0ed85955 8b35 94491301 mov esi,dword ptr ds:[0x1134994] + * 0ed8595b 0335 98491301 add esi,dword ptr ds:[0x1134998] + * 0ed85961 8b05 fc491301 mov eax,dword ptr ds:[0x11349fc] + * 0ed85967 81e0 ffffff3f and eax,0x3fffffff + * 0ed8596d 8bb8 28008009 mov edi,dword ptr ds:[eax+0x9800028] + * 0ed85973 8bc6 mov eax,esi + * 0ed85975 81e0 ffffff3f and eax,0x3fffffff + * 0ed8597b 8bd7 mov edx,edi + * 0ed8597d 8890 10048009 mov byte ptr ds:[eax+0x9800410],dl + * 0ed85983 8b05 d0491301 mov eax,dword ptr ds:[0x11349d0] + * 0ed85989 81e0 ffffff3f and eax,0x3fffffff + * 0ed8598f 8bb8 84008009 mov edi,dword ptr ds:[eax+0x9800084] + * 0ed85995 8b05 cc491301 mov eax,dword ptr ds:[0x11349cc] + * 0ed8599b 81e0 ffffff3f and eax,0x3fffffff + * 0ed859a1 0fb6a8 00008009 movzx ebp,byte ptr ds:[eax+0x9800000] ; jichi: hook here + * 0ed859a8 81ff 00000000 cmp edi,0x0 + * 0ed859ae 8935 90491301 mov dword ptr ds:[0x1134990],esi + * 0ed859b4 893d 94491301 mov dword ptr ds:[0x1134994],edi + * 0ed859ba 892d 98491301 mov dword ptr ds:[0x1134998],ebp + * 0ed859c0 0f85 16000000 jnz 0ed859dc + * 0ed859c6 832d e44c1301 06 sub dword ptr ds:[0x1134ce4],0x6 + * 0ed859cd c705 c84c1301 ac>mov dword ptr ds:[0x1134cc8],0x881aeac + * 0ed859d7 -e9 47a6aef4 jmp 03870023 + * 0ed859dc 832d e44c1301 06 sub dword ptr ds:[0x1134ce4],0x6 + * 0ed859e3 e9 0c000000 jmp 0ed859f4 + * 0ed859e8 0170 ab add dword ptr ds:[eax-0x55],esi + * 0ed859eb 8108 e931a6ae or dword ptr ds:[eax],0xaea631e9 + * 0ed859f1 f4 hlt ; privileged command + * 0ed859f2 90 nop + */ +// TODO: Is reverse_strlen a better choice? +static void SpecialPSPHookYeti2(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) +{ + DWORD eax = stack->eax; + LPCSTR text = LPCSTR(eax + hp->user_value); + if (BYTE c = *(BYTE *)text) { + *data = (DWORD)text; + //*len = text[1] ? 2 : 1; + *len = ::LeadByteTable[c]; + + *split = stack->edx; + //DWORD ecx = regof(ecx, esp_base); + //*split = ecx ? (FIXED_SPLIT_VALUE << 1) : 0; // << 1 to be unique, non-zero ecx is what I want + } +} + +bool InsertYeti2PSPHook() +{ + ConsoleOutput("Yeti2 PSP: enter"); + + const BYTE bytes[] = { + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 14289827 81e0 ffffff3f and eax,0x3fffffff + 0x8b,0xb8, XX4, // 1428982d 8bb8 28004007 mov edi,dword ptr ds:[eax+0x7400028] + 0x8b,0xc6, // 14289833 8bc6 mov eax,esi + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 14289835 81e0 ffffff3f and eax,0x3fffffff + 0x8b,0xd7, // 1428983b 8bd7 mov edx,edi + 0x88,0x90, XX4, // 1428983d 8890 10044007 mov byte ptr ds:[eax+0x7400410],dl + 0x8b,0x05, XX4, // 14289843 8b05 b0a71001 mov eax,dword ptr ds:[0x110a7b0] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 14289849 81e0 ffffff3f and eax,0x3fffffff + 0x8b,0xb8, XX4, // 1428984f 8bb8 84004007 mov edi,dword ptr ds:[eax+0x7400084] + 0x8b,0x05, XX4, // 14289855 8b05 aca71001 mov eax,dword ptr ds:[0x110a7ac] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 1428985b 81e0 ffffff3f and eax,0x3fffffff + 0x0f,0xb6,0xa8 //, XX4 // 14289861 0fb6a8 00004007 movzx ebp,byte ptr ds:[eax+0x7400000] ; jichi: hook here + // 14289b10 8935 70a71001 mov dword ptr ds:[0x110a770],esi + // 14289b16 832d c4aa1001 02 sub dword ptr ds:[0x110aac4],0x2 + }; + enum { memory_offset = 3 }; + enum { addr_offset = sizeof(bytes) - memory_offset }; + //enum { addr_offset = sizeof(bytes) + 4 }; // point to next statement after ebp is assigned + auto succ=false; + DWORD addr = SafeMatchBytesInPSPMemory(bytes, sizeof(bytes)); + if (!addr) + ConsoleOutput("Yeti2 PSP: pattern not found"); + else { + HookParam hp; + hp.address = addr + addr_offset; + hp.user_value = *(DWORD *)(hp.address + memory_offset); + hp.type = USING_STRING|NO_CONTEXT; + hp.text_fun = SpecialPSPHookYeti2; + ConsoleOutput("Yeti2 PSP: INSERT"); + succ|=NewHook(hp, "Yeti2 PSP"); + } + + ConsoleOutput("Yeti2 PSP: leave"); + return succ; +} + +/** 7/22/2014 jichi: Nippon1 PSP engine, 0.9.8 only + * Sample game: ぁ�の�リンスさまっ♪ (0.9.8 only) + * + * Memory address is FIXED. + * Debug method: breakpoint the precomputed address + * + * The data is in (WORD)bp instead of eax. + * bp contains SHIFT-JIS CODEC_ANSI_BE data. + * + * There is only one text thread. + * + * 134e0553 cc int3 + * 134e0554 77 0f ja short 134e0565 + * 134e0556 c705 a8aa1001 34>mov dword ptr ds:[0x110aaa8],0x8853a34 + * 134e0560 -e9 9ffa03f0 jmp 03520004 + * 134e0565 8b35 74a71001 mov esi,dword ptr ds:[0x110a774] + * 134e056b d1e6 shl esi,1 + * 134e056d c7c7 987db708 mov edi,0x8b77d98 + * 134e0573 03fe add edi,esi + * 134e0575 8b2d 78a71001 mov ebp,dword ptr ds:[0x110a778] + * 134e057b 8bc7 mov eax,edi + * 134e057d 81e0 ffffff3f and eax,0x3fffffff + * 134e0583 66:89a8 00004007 mov word ptr ds:[eax+0x7400000],bp ; jichi: hook here + * 134e058a 8b2d 8c7df70f mov ebp,dword ptr ds:[0xff77d8c] + * 134e0590 8d6d 01 lea ebp,dword ptr ss:[ebp+0x1] + * 134e0593 892d 8c7df70f mov dword ptr ds:[0xff77d8c],ebp + * 134e0599 8b05 e4a71001 mov eax,dword ptr ds:[0x110a7e4] + * 134e059f c705 74a71001 00>mov dword ptr ds:[0x110a774],0x8b70000 + * 134e05a9 892d 78a71001 mov dword ptr ds:[0x110a778],ebp + * 134e05af 8935 7ca71001 mov dword ptr ds:[0x110a77c],esi + * 134e05b5 8905 a8aa1001 mov dword ptr ds:[0x110aaa8],eax + * 134e05bb 832d c4aa1001 0c sub dword ptr ds:[0x110aac4],0xc + * 134e05c2 -e9 5cfa03f0 jmp 03520023 + */ +// Read text from bp +// TODO: This should be expressed as general hook without extern fun +static void SpecialPSPHookNippon1(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) +{ + LPCSTR text = LPCSTR(stack->base + hp->offset); // dynamic offset, ebp or esi + if (*text) { + *data = (DWORD)text; + *len = !text[0] ? 0 : !text[1] ? 1 : 2; // bp or si has at most two bytes + //*len = ::LeadByteTable[*(BYTE *)text] // TODO: Test leadbytetable + *split = stack->ecx; + } +} + +bool InsertNippon1PSPHook() +{ + ConsoleOutput("Nippon1 PSP: enter"); + + const BYTE bytes[] = { + //0xcc, // 134e0553 cc int3 + 0x77, 0x0f, // 134e0554 77 0f ja short 134e0565 + 0xc7,0x05, XX8, // 134e0556 c705 a8aa1001 34>mov dword ptr ds:[0x110aaa8],0x8853a34 + 0xe9, XX4, // 134e0560 -e9 9ffa03f0 jmp 03520004 + 0x8b,0x35, XX4, // 134e0565 8b35 74a71001 mov esi,dword ptr ds:[0x110a774] + 0xd1,0xe6, // 134e056b d1e6 shl esi,1 + 0xc7,0xc7, XX4, // 134e056d c7c7 987db708 mov edi,0x8b77d98 + 0x03,0xfe, // 134e0573 03fe add edi,esi + 0x8b,0x2d, XX4, // 134e0575 8b2d 78a71001 mov ebp,dword ptr ds:[0x110a778] + 0x8b,0xc7, // 134e057b 8bc7 mov eax,edi + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 134e057d 81e0 ffffff3f and eax,0x3fffffff + 0x66,0x89,0xa8, XX4, // 134e0583 66:89a8 00004007 mov word ptr ds:[eax+0x7400000],bp ; jichi: hook here + 0x8b,0x2d, XX4, // 134e058a 8b2d 8c7df70f mov ebp,dword ptr ds:[0xff77d8c] + 0x8d,0x6d, 0x01 // 134e0590 8d6d 01 lea ebp,dword ptr ss:[ebp+0x1] + }; + enum { memory_offset = 3 }; + enum { addr_offset = 0x134e0583 - 0x134e0554 }; + auto succ=false; + DWORD addr = SafeMatchBytesInPSPMemory(bytes, sizeof(bytes)); + if (!addr) + ConsoleOutput("Nippon1 PSP: pattern not found"); + else { + HookParam hp; + hp.address = addr + addr_offset; + hp.offset=get_reg(regs::ebp); + hp.type = USING_STRING|NO_CONTEXT; + hp.text_fun = SpecialPSPHookNippon1; + ConsoleOutput("Nippon1 PSP: INSERT"); + succ|=NewHook(hp, "Nippon1 PSP"); + } + + ConsoleOutput("Nippon1 PSP: leave"); + return succ; +} + +/** 7/26/2014 jichi: Alternative Nippon1 PSP engine, 0.9.8 only + * Sample game: 神�悪戯 (0.9.8 only) + * Issue: character name cannot be extracted + * + * Memory address is FIXED. + * Debug method: breakpoint the precomputed address + * + * This function is the one that write the text into the memory. + * + * 13d13e8b 0f92c0 setb al + * 13d13e8e 8bf8 mov edi,eax + * 13d13e90 81ff 00000000 cmp edi,0x0 + * 13d13e96 893d 78a71001 mov dword ptr ds:[0x110a778],edi + * 13d13e9c 8935 dca71001 mov dword ptr ds:[0x110a7dc],esi + * 13d13ea2 0f85 16000000 jnz 13d13ebe + * 13d13ea8 832d c4aa1001 0a sub dword ptr ds:[0x110aac4],0xa + * 13d13eaf c705 a8aa1001 cc>mov dword ptr ds:[0x110aaa8],0x887c2cc + * 13d13eb9 -e9 65c1a3ef jmp 03750023 + * 13d13ebe 832d c4aa1001 0a sub dword ptr ds:[0x110aac4],0xa + * 13d13ec5 e9 0e000000 jmp 13d13ed8 + * 13d13eca 01a8 c28708e9 add dword ptr ds:[eax+0xe90887c2],ebp + * 13d13ed0 4f dec edi + * 13d13ed1 c1a3 ef90cccc cc shl dword ptr ds:[ebx+0xcccc90ef],0xcc ; shift constant out of range 1..31 + * 13d13ed8 77 0f ja short 13d13ee9 + * 13d13eda c705 a8aa1001 a8>mov dword ptr ds:[0x110aaa8],0x887c2a8 + * 13d13ee4 -e9 1bc1a3ef jmp 03750004 + * 13d13ee9 8b05 dca71001 mov eax,dword ptr ds:[0x110a7dc] + * 13d13eef 81e0 ffffff3f and eax,0x3fffffff + * 13d13ef5 0fb7b0 0000c007 movzx esi,word ptr ds:[eax+0x7c00000] + * 13d13efc 8b3d fccd5a10 mov edi,dword ptr ds:[0x105acdfc] + * 13d13f02 8bef mov ebp,edi + * 13d13f04 d1e5 shl ebp,1 + * 13d13f06 81c5 e8cd9a08 add ebp,0x89acde8 + * 13d13f0c 8bc5 mov eax,ebp + * 13d13f0e 81e0 ffffff3f and eax,0x3fffffff + * 13d13f14 66:89b0 2000c007 mov word ptr ds:[eax+0x7c00020],si ; jichi: hook here + * 13d13f1b 8d7f 01 lea edi,dword ptr ds:[edi+0x1] + * 13d13f1e 893d fccd5a10 mov dword ptr ds:[0x105acdfc],edi + * 13d13f24 8b15 dca71001 mov edx,dword ptr ds:[0x110a7dc] + * 13d13f2a 8d52 10 lea edx,dword ptr ds:[edx+0x10] + * 13d13f2d 8b05 e4a71001 mov eax,dword ptr ds:[0x110a7e4] + * 13d13f33 893d 78a71001 mov dword ptr ds:[0x110a778],edi + * 13d13f39 c705 7ca71001 e8>mov dword ptr ds:[0x110a77c],0x89acde8 + * 13d13f43 8935 80a71001 mov dword ptr ds:[0x110a780],esi + * 13d13f49 892d 84a71001 mov dword ptr ds:[0x110a784],ebp + * 13d13f4f 8915 dca71001 mov dword ptr ds:[0x110a7dc],edx + * 13d13f55 8905 a8aa1001 mov dword ptr ds:[0x110aaa8],eax + * 13d13f5b 832d c4aa1001 0b sub dword ptr ds:[0x110aac4],0xb + * 13d13f62 -e9 bcc0a3ef jmp 03750023 + * 13d13f67 90 nop + */ + +// 8/13/2014: 5pb might crash on 0.9.9. +bool InsertNippon2PSPHook() +{ + ConsoleOutput("Nippon2 PSP: enter"); + + const BYTE bytes[] = { + 0xe9, XX4, // 13d13ee4 -e9 1bc1a3ef jmp 03750004 + 0x8b,0x05, XX4, // 13d13ee9 8b05 dca71001 mov eax,dword ptr ds:[0x110a7dc] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 13d13eef 81e0 ffffff3f and eax,0x3fffffff + 0x0f,0xb7,0xb0, XX4, // 13d13ef5 0fb7b0 0000c007 movzx esi,word ptr ds:[eax+0x7c00000] + 0x8b,0x3d, XX4, // 13d13efc 8b3d fccd5a10 mov edi,dword ptr ds:[0x105acdfc] + 0x8b,0xef, // 13d13f02 8bef mov ebp,edi + 0xd1,0xe5, // 13d13f04 d1e5 shl ebp,1 + 0x81,0xc5, XX4, // 13d13f06 81c5 e8cd9a08 add ebp,0x89acde8 + 0x8b,0xc5, // 13d13f0c 8bc5 mov eax,ebp + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 13d13f0e 81e0 ffffff3f and eax,0x3fffffff + 0x66,0x89,0xb0 //, XX4 // 13d13f14 66:89b0 2000c007 mov word ptr ds:[eax+0x7c00020],si ; jichi: hook here + }; + enum { memory_offset = 3 }; + enum { addr_offset = sizeof(bytes) - memory_offset }; + auto succ=false; + DWORD addr = SafeMatchBytesInPSPMemory(bytes, sizeof(bytes)); + if (!addr) + ConsoleOutput("Nippon2 PSP: pattern not found"); + else { + HookParam hp; + hp.address = addr + addr_offset; + hp.offset=get_reg(regs::esi); + hp.type = USING_STRING|NO_CONTEXT; + hp.text_fun = SpecialPSPHookNippon1; + ConsoleOutput("Nippon2 PSP: INSERT"); + succ|=NewHook(hp, "Nippon2 PSP"); + } + + ConsoleOutput("Nippon2 PSP: leave"); + return succ; +} + +#if 0 // 8/9/2014 jichi: cannot find a good function + +/** 8/9/2014 jichi Typemoon.com PSP engine, 0.9.8, 0.9.9, + * + * Sample game: Fate CCC + * This game is made by both TYPE-MOON and Imageepoch + * But the encoding is SHIFT-JIS than UTF-8 like other Imageepoch games. + * Otomate hook will produce significant amount of garbage. + * + * Memory address is FIXED. + * There are two matches in the memory. + * + * Debug method: breakpoint the memory address + * The hooked functions were looping which made it difficult to debug. + * + * Two looped functions are as follows. The first one is used + * The second function is tested as bad. + * + * Registers: (all of them are fixed except eax) + * EAX 08C91373 + * ECX 00000016 + * EDX 00000012 + * EBX 0027A580 + * ESP 0353E6D0 + * EBP 0000000B + * ESI 0000001E + * EDI 00000001 + * EIP 1351E14D + * + * 1351e12d f0:90 lock nop ; lock prefix is not allowed + * 1351e12f cc int3 + * 1351e130 77 0f ja short 1351e141 + * 1351e132 c705 a8aa1001 b8>mov dword ptr ds:[0x110aaa8],0x88ed7b8 + * 1351e13c -e9 c31e27f0 jmp 03790004 + * 1351e141 8b05 aca71001 mov eax,dword ptr ds:[0x110a7ac] + * 1351e147 81e0 ffffff3f and eax,0x3fffffff + * 1351e14d 0fbeb0 01004007 movsx esi,byte ptr ds:[eax+0x7400001] ; or jichi: hook here + * 1351e154 8b05 dca71001 mov eax,dword ptr ds:[0x110a7dc] + * 1351e15a 81e0 ffffff3f and eax,0x3fffffff + * 1351e160 8bb8 50004007 mov edi,dword ptr ds:[eax+0x7400050] + * 1351e166 81e6 ff000000 and esi,0xff + * 1351e16c 8bc6 mov eax,esi + * 1351e16e 8b35 a8a71001 mov esi,dword ptr ds:[0x110a7a8] + * 1351e174 0bf0 or esi,eax + * 1351e176 c1e6 10 shl esi,0x10 + * 1351e179 c1fe 10 sar esi,0x10 + * 1351e17c 893d 78a71001 mov dword ptr ds:[0x110a778],edi + * 1351e182 8935 7ca71001 mov dword ptr ds:[0x110a77c],esi + * 1351e188 c705 e4a71001 d4>mov dword ptr ds:[0x110a7e4],0x88ed7d4 + * 1351e192 832d c4aa1001 07 sub dword ptr ds:[0x110aac4],0x7 + * 1351e199 e9 0e000000 jmp 1351e1ac + * 1351e19e 01ac3e 8e08e97b add dword ptr ds:[esi+edi+0x7be9088e],eb> + * 1351e1a5 1e push ds + * 1351e1a6 27 daa + * 1351e1a7 f0:90 lock nop ; lock prefix is not allowed + * 1351e1a9 cc int3 + * + * 13513f23 cc int3 + * 13513f24 77 0f ja short 13513f35 + * 13513f26 c705 a8aa1001 d4>mov dword ptr ds:[0x110aaa8],0x88e7bd4 + * 13513f30 -e9 cfc027f0 jmp 03790004 + * 13513f35 8b05 7ca71001 mov eax,dword ptr ds:[0x110a77c] + * 13513f3b 81e0 ffffff3f and eax,0x3fffffff + * 13513f41 0fbeb0 00004007 movsx esi,byte ptr ds:[eax+0x7400000] + * 13513f48 8b3d 84a71001 mov edi,dword ptr ds:[0x110a784] + * 13513f4e 8d7f 01 lea edi,dword ptr ds:[edi+0x1] + * 13513f51 8b05 78a71001 mov eax,dword ptr ds:[0x110a778] + * 13513f57 81e0 ffffff3f and eax,0x3fffffff + * 13513f5d 8bd6 mov edx,esi + * 13513f5f 8890 00004007 mov byte ptr ds:[eax+0x7400000],dl ; jichi: bad hook + * 13513f65 8b2d 78a71001 mov ebp,dword ptr ds:[0x110a778] + * 13513f6b 8d6d 01 lea ebp,dword ptr ss:[ebp+0x1] + * 13513f6e 33c0 xor eax,eax + * 13513f70 3b3d 80a71001 cmp edi,dword ptr ds:[0x110a780] + * 13513f76 0f9cc0 setl al + * 13513f79 8bf0 mov esi,eax + * 13513f7b 8b15 7ca71001 mov edx,dword ptr ds:[0x110a77c] + * 13513f81 8d52 01 lea edx,dword ptr ds:[edx+0x1] + * 13513f84 81fe 00000000 cmp esi,0x0 + * 13513f8a 892d 78a71001 mov dword ptr ds:[0x110a778],ebp + * 13513f90 8915 7ca71001 mov dword ptr ds:[0x110a77c],edx + * 13513f96 893d 84a71001 mov dword ptr ds:[0x110a784],edi + * 13513f9c 8935 88a71001 mov dword ptr ds:[0x110a788],esi + * 13513fa2 0f84 16000000 je 13513fbe + * 13513fa8 832d c4aa1001 07 sub dword ptr ds:[0x110aac4],0x7 + * 13513faf ^e9 70ffffff jmp 13513f24 + * 13513fb4 01d4 add esp,edx + * 13513fb6 7b 8e jpo short 13513f46 + * 13513fb8 08e9 or cl,ch + * 13513fba 65:c027 f0 shl byte ptr gs:[edi],0xf0 ; shift constant out of range 1..31 + * 13513fbe 832d c4aa1001 07 sub dword ptr ds:[0x110aac4],0x7 + * 13513fc5 e9 0e000000 jmp 13513fd8 + * 13513fca 01f0 add eax,esi + * 13513fcc 7b 8e jpo short 13513f5c + * 13513fce 08e9 or cl,ch + * 13513fd0 4f dec edi + * 13513fd1 c027 f0 shl byte ptr ds:[edi],0xf0 ; shift constant out of range 1..31 + * 13513fd4 90 nop + * 13513fd5 cc int3 + * 13513fd6 cc int3 + */ +// Read text from dl +static void SpecialPSPHookTypeMoon(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) +{ + DWORD eax = regof(eax, esp_base); + DWORD text = eax + hp->user_value - 1; // the text is in the previous byte + if (BYTE c = *(BYTE *)text) { // unsigned char + *data = text; + *len = ::LeadByteTable[c]; // 1 or 2 + //*split = regof(ecx, esp_base); + //*split = regof(edx, esp_base); + *split = regof(ebx, esp_base); + } +} +bool InsertTypeMoonPSPHook() +{ + ConsoleOutput("TypeMoon PSP: enter"); + const BYTE bytes[] = { + 0x77, 0x0f, // 1351e130 77 0f ja short 1351e141 + 0xc7,0x05, XX8, // 1351e132 c705 a8aa1001 b8>mov dword ptr ds:[0x110aaa8],0x88ed7b8 + 0xe9, XX4, // 1351e13c -e9 c31e27f0 jmp 03790004 + 0x8b,0x05, XX4, // 1351e141 8b05 aca71001 mov eax,dword ptr ds:[0x110a7ac] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 1351e147 81e0 ffffff3f and eax,0x3fffffff + 0x0f,0xbe,0xb0, XX4, // 1351e14d 0fbeb0 01004007 movsx esi,byte ptr ds:[eax+0x7400001] ; jichi: hook here + 0x8b,0x05, XX4, // 1351e154 8b05 dca71001 mov eax,dword ptr ds:[0x110a7dc] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 1351e15a 81e0 ffffff3f and eax,0x3fffffff + 0x8b,0xb8, XX4, // 1351e160 8bb8 50004007 mov edi,dword ptr ds:[eax+0x7400050] + 0x81,0xe6, 0xff,0x00,0x00,0x00, // 1351e166 81e6 ff000000 and esi,0xff + 0x8b,0xc6, // 1351e16c 8bc6 mov eax,esi + 0x8b,0x35, XX4, // 1351e16e 8b35 a8a71001 mov esi,dword ptr ds:[0x110a7a8] + 0x0b,0xf0, // 1351e174 0bf0 or esi,eax + 0xc1,0xe6, 0x10, // 1351e176 c1e6 10 shl esi,0x10 + 0xc1,0xfe, 0x10 // 1351e179 c1fe 10 sar esi,0x10 + }; + enum { memory_offset = 3 }; + enum { addr_offset = 0x1351e14d - 0x1351e130 }; + + DWORD addr = SafeMatchBytesInPSPMemory(bytes, sizeof(bytes)); + if (!addr) + ConsoleOutput("TypeMoon PSP: pattern not found"); + else { + HookParam hp; + hp.address = addr + addr_offset; + hp.user_value = *(DWORD *)(hp.address + memory_offset); + hp.type = USING_STRING|NO_CONTEXT; + hp.text_fun = SpecialPSPHookTypeMoon; + ConsoleOutput("TypeMoon PSP: INSERT"); + NewHook(hp, "TypeMoon PSP"); + } + + ConsoleOutput("TypeMoon PSP: leave"); + return addr; +} + +#endif // 0 + +#if 0 // 7/25/2014: This function is not invoked? Why? +/** 7/22/2014 jichi: KOEI TECMO PSP, 0.9.8 + * Sample game: 金色のコルダ3 + * + * 134598e2 cc int3 + * 134598e3 cc int3 + * 134598e4 77 0f ja short 134598f5 + * 134598e6 c705 a8aa1001 8c>mov dword ptr ds:[0x110aaa8],0x880f08c + * 134598f0 -e9 0f67fbef jmp 03410004 + * 134598f5 8b05 7ca71001 mov eax,dword ptr ds:[0x110a77c] + * 134598fb 81e0 ffffff3f and eax,0x3fffffff + * 13459901 8bb0 00004007 mov esi,dword ptr ds:[eax+0x7400000] ; jichi: hook here + * 13459907 8b3d 7ca71001 mov edi,dword ptr ds:[0x110a77c] + * 1345990d 8d7f 04 lea edi,dword ptr ds:[edi+0x4] + * 13459910 8b05 84a71001 mov eax,dword ptr ds:[0x110a784] + * 13459916 81e0 ffffff3f and eax,0x3fffffff + * 1345991c 89b0 00004007 mov dword ptr ds:[eax+0x7400000],esi + * 13459922 8b2d 84a71001 mov ebp,dword ptr ds:[0x110a784] + * 13459928 8d6d 04 lea ebp,dword ptr ss:[ebp+0x4] + * 1345992b 8b15 78a71001 mov edx,dword ptr ds:[0x110a778] + * 13459931 81fa 01000000 cmp edx,0x1 + * 13459937 8935 70a71001 mov dword ptr ds:[0x110a770],esi + * 1345993d 893d 7ca71001 mov dword ptr ds:[0x110a77c],edi + * 13459943 892d 84a71001 mov dword ptr ds:[0x110a784],ebp + * 13459949 c705 88a71001 01>mov dword ptr ds:[0x110a788],0x1 + * 13459953 0f84 16000000 je 1345996f + * 13459959 832d c4aa1001 09 sub dword ptr ds:[0x110aac4],0x9 + * 13459960 e9 17000000 jmp 1345997c + * 13459965 0190 f08008e9 add dword ptr ds:[eax+0xe90880f0],edx + * 1345996b b4 66 mov ah,0x66 + * 1345996d fb sti + * 1345996e ef out dx,eax ; i/o command + * 1345996f 832d c4aa1001 09 sub dword ptr ds:[0x110aac4],0x9 + * 13459976 ^e9 ddc1ffff jmp 13455b58 + * 1345997b 90 nop + */ +bool InsertTecmoPSPHook() +{ + ConsoleOutput("Tecmo PSP: enter"); + + const BYTE bytes[] = { + 0x77, 0x0f, // 134598e4 77 0f ja short 134598f5 + 0xc7,0x05, XX8, // 134598e6 c705 a8aa1001 8c>mov dword ptr ds:[0x110aaa8],0x880f08c + 0xe9, XX4, // 134598f0 -e9 0f67fbef jmp 03410004 + 0x8b,0x05, XX4, // 134598f5 8b05 7ca71001 mov eax,dword ptr ds:[0x110a77c] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 134598fb 81e0 ffffff3f and eax,0x3fffffff + 0x8b,0xb0, XX4, // 13459901 8bb0 00004007 mov esi,dword ptr ds:[eax+0x7400000] ; jichi: hook here + 0x8b,0x3d, XX4, // 13459907 8b3d 7ca71001 mov edi,dword ptr ds:[0x110a77c] + 0x8d,0x7f, 0x04, // 1345990d 8d7f 04 lea edi,dword ptr ds:[edi+0x4] + 0x8b,0x05, XX4, // 13459910 8b05 84a71001 mov eax,dword ptr ds:[0x110a784] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 13459916 81e0 ffffff3f and eax,0x3fffffff + 0x89,0xb0 //, XX4, // 1345991c 89b0 00004007 mov dword ptr ds:[eax+0x7400000],esi + //0x8b,0x2d, XX4, // 13459922 8b2d 84a71001 mov ebp,dword ptr ds:[0x110a784] + //0x8d,0x6d, 0x04, // 13459928 8d6d 04 lea ebp,dword ptr ss:[ebp+0x4] + //0x8b,0x15, XX4, // 1345992b 8b15 78a71001 mov edx,dword ptr ds:[0x110a778] + //0x81,0xfa, 0x01,0x00,0x00,0x00 // 13459931 81fa 01000000 cmp edx,0x1 + }; + enum { memory_offset = 2 }; + enum { addr_offset = 0x13459901 - 0x134598e4 }; + + DWORD addr = SafeMatchBytesInPSPMemory(bytes, sizeof(bytes)); + if (!addr) + ConsoleOutput("Tecmo PSP: pattern not found"); + else { + HookParam hp; + hp.address = addr + addr_offset; + hp.user_value = *(DWORD *)(hp.address + memory_offset); + hp.type = USING_STRING|USING_SPLIT|NO_CONTEXT; + hp.offset=get_reg(regs::eax); + hp.split = get_reg(regs::ecx); + hp.text_fun = SpecialPSPHook; + ConsoleOutput("Tecmo PSP: INSERT"); + NewHook(hp, "Tecmo PSP"); + } + + ConsoleOutput("Tecmo PSP: leave"); + return addr; +} +#endif // 0 + +#if 0 // 8/9/2014 jichi: does not work + +bool InsertKadokawaPSPHook() +{ + ConsoleOutput("Kadokawa PSP: enter"); + const BYTE bytes[] = { + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 134844f3 81e0 ffffff3f and eax,0x3fffffff + 0x0f,0xb6,0xb0, XX4, // 134844f9 0fb6b0 00004007 movzx esi,byte ptr ds:[eax+0x7400000] ; jichi: hook here, byte by byte + 0x8b,0x05, XX4, // 13484500 8b05 84a71001 mov eax,dword ptr ds:[0x110a784] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 13484506 81e0 ffffff3f and eax,0x3fffffff + 0x8b,0xd6, // 1348450c 8bd6 mov edx,esi + 0x88,0x90, XX4, // 1348450e 8890 00004007 mov byte ptr ds:[eax+0x7400000],dl + 0x8b,0x3d, XX4, // 13484514 8b3d 84a71001 mov edi,dword ptr ds:[0x110a784] + 0x8d,0x7f, 0x01, // 1348451a 8d7f 01 lea edi,dword ptr ds:[edi+0x1] + 0x8b,0x2d, XX4, // 1348451d 8b2d 7ca71001 mov ebp,dword ptr ds:[0x110a77c] + 0x8d,0x6d, 0x01, // 13484523 8d6d 01 lea ebp,dword ptr ss:[ebp+0x1] + 0x3b,0x3d, XX4, // 13484526 3b3d 74a71001 cmp edi,dword ptr ds:[0x110a774] + 0x89,0x35, XX4, // 1348452c 8935 70a71001 mov dword ptr ds:[0x110a770],esi + 0x89,0x2d, XX4, // 13484532 892d 7ca71001 mov dword ptr ds:[0x110a77c],ebp + 0x89,0x3d, XX4, // 13484538 893d 84a71001 mov dword ptr ds:[0x110a784],edi + // Above is not sufficient + //0x0f,0x84, XX4, // 1348453e 0f84 16000000 je 1348455a + //0x83,0x2d, XX4, 0x05, // 13484544 832d c4aa1001 05 sub dword ptr ds:[0x110aac4],0x5 + //0xe9, XX4, // 1348454b ^e9 8cffffff jmp 134844dc + //0x01,0x38, // 13484550 0138 add dword ptr ds:[eax],edi + //0xb0, 0x84, // 13484552 b0 84 mov al,0x84 + //0x08,0xe9 // 13484554 08e9 or cl,ch + // Below will change at runtime + }; + enum { memory_offset = 3 }; + enum { addr_offset = 0x134844f9 - 0x134844f3 }; + + DWORD addr = SafeMatchBytesInPSPMemory(bytes, sizeof(bytes)); + if (!addr) { + ConsoleOutput("Kadokawa PSP: pattern not found"); + return false; + } + addr = SafeMatchBytesInPSPMemory(bytes, sizeof(bytes), addr); + addr = SafeMatchBytesInPSPMemory(bytes, sizeof(bytes), addr); + + if (!addr) + ConsoleOutput("Kadokawa PSP: pattern not found"); + else { + HookParam hp; + hp.address = addr + addr_offset; + hp.user_value = *(DWORD *)(hp.address + memory_offset); + hp.type = USING_STRING|USING_SPLIT|NO_CONTEXT; + hp.offset=get_reg(regs::eax); + hp.split = get_reg(regs::ecx); + hp.length_offset = 1; // byte by byte + hp.text_fun = SpecialPSPHook; + + //GROWL_DWORD2(hp.address, hp.user_value); + ConsoleOutput("Kadokawa PSP: INSERT"); + NewHook(hp, "Kadokawa PSP"); + } + + ConsoleOutput("Kadokawa PSP: leave"); + return addr; +} +#endif // 0 + +#if 0 // FIXME: I am not able to find stable pattern in PSP 0.9.9.1 + +/** 9/21/2014 jichi Otomate PPSSPP 0.9.9.1 + * Sample game: Amnesia Later + * + * There are four fixed memory addresses. + * The two out of four can be used. + * (The other twos have loops or cannot be debugged). + * + * This function is the same as PPSSPP 0.9.9.1 (?). + * + * 14039126 cc int3 + * 14039127 cc int3 + * 14039128 77 0f ja short 14039139 + * 1403912a c705 988e1301 3c>mov dword ptr ds:[0x1138e98],0x8922c3c + * 14039134 -e9 cb6e83ef jmp 03870004 + * 14039139 8b05 688b1301 mov eax,dword ptr ds:[0x1138b68] + * 1403913f 81e0 ffffff3f and eax,0x3fffffff + * 14039145 0fbeb0 00000008 movsx esi,byte ptr ds:[eax+0x8000000] ; jichi: text accessed, but looped + * 1403914c 8b05 6c8b1301 mov eax,dword ptr ds:[0x1138b6c] + * 14039152 81e0 ffffff3f and eax,0x3fffffff + * 14039158 0fbeb8 00000008 movsx edi,byte ptr ds:[eax+0x8000000] + * 1403915f 3bf7 cmp esi,edi + * 14039161 8935 748b1301 mov dword ptr ds:[0x1138b74],esi + * 14039167 893d 7c8b1301 mov dword ptr ds:[0x1138b7c],edi + * 1403916d 0f84 2f000000 je 140391a2 + * 14039173 8b05 688b1301 mov eax,dword ptr ds:[0x1138b68] + * 14039179 81e0 ffffff3f and eax,0x3fffffff + * 1403917f 0fb6b0 00000008 movzx esi,byte ptr ds:[eax+0x8000000] ; jichi: hook here + * 14039186 8935 608b1301 mov dword ptr ds:[0x1138b60],esi + * 1403918c 832d b48e1301 04 sub dword ptr ds:[0x1138eb4],0x4 + * 14039193 e9 24000000 jmp 140391bc + * 14039198 0170 2c add dword ptr ds:[eax+0x2c],esi + * 1403919b 92 xchg eax,edx + * 1403919c 08e9 or cl,ch + * 1403919e 816e 83 ef832db4 sub dword ptr ds:[esi-0x7d],0xb42d83ef + * 140391a5 8e13 mov ss,word ptr ds:[ebx] ; modification of segment register + * 140391a7 0104e9 add dword ptr ds:[ecx+ebp*8],eax + * 140391aa b2 59 mov dl,0x59 + * 140391ac 0000 add byte ptr ds:[eax],al + * 140391ae 014c2c 92 add dword ptr ss:[esp+ebp-0x6e],ecx + * 140391b2 08e9 or cl,ch + * 140391b4 6b6e 83 ef imul ebp,dword ptr ds:[esi-0x7d],-0x11 + * 140391b8 90 nop + * 140391b9 cc int3 + * 140391ba cc int3 + */ +// Get bytes in esi +static void SpecialPSPHookOtomate2(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) +{ + //static uniquemap uniq; + DWORD text = esp_base + get_reg(regs::esi); + if (*(LPCSTR *)text) { + *split = regof(ecx, esp_base); // this would cause lots of texts, but it works for all games + *data = text; + *len = 1; + } +} + +bool InsertOtomate2PSPHook() +{ + ConsoleOutput("Otomate2 PSP: enter"); + const BYTE bytes[] = { + 0x77, 0x0f, // 14039128 77 0f ja short 14039139 + 0xc7,0x05, XX8, // 1403912a c705 988e1301 3c>mov dword ptr ds:[0x1138e98],0x8922c3c + 0xe9, XX4, // 14039134 -e9 cb6e83ef jmp 03870004 + 0x8b,0x05, XX4, // 14039139 8b05 688b1301 mov eax,dword ptr ds:[0x1138b68] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 1403913f 81e0 ffffff3f and eax,0x3fffffff + 0x0f,0xbe,0xb0, XX4, // 14039145 0fbeb0 00000008 movsx esi,byte ptr ds:[eax+0x8000000] ; jichi: text accessed, but looped + 0x8b,0x05, XX4, // 1403914c 8b05 6c8b1301 mov eax,dword ptr ds:[0x1138b6c] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 14039152 81e0 ffffff3f and eax,0x3fffffff + 0x0f,0xbe,0xb8, XX4, // 14039158 0fbeb8 00000008 movsx edi,byte ptr ds:[eax+0x8000000] + 0x3b,0xf7, // 1403915f 3bf7 cmp esi,edi + 0x89,0x35, XX4, // 14039161 8935 748b1301 mov dword ptr ds:[0x1138b74],esi + 0x89,0x3d, XX4, // 14039167 893d 7c8b1301 mov dword ptr ds:[0x1138b7c],edi + 0x0f,0x84, 0x2f,0x00,0x00,0x00, // 1403916d 0f84 2f000000 je 140391a2 + + //0x8b,0x05, XX4, // 14039173 8b05 688b1301 mov eax,dword ptr ds:[0x1138b68] + //0x81,0xe0, 0xff,0xff,0xff,0x3f, // 14039179 81e0 ffffff3f and eax,0x3fffffff + //0x0f,0xb6,0xb0, XX4, // 1403917f 0fb6b0 00000008 movzx esi,byte ptr ds:[eax+0x8000000] ; jichi: text accessed + //0x89,0x35, XX4, // 14039186 8935 608b1301 mov dword ptr ds:[0x1138b60],esi ; jichi: hook here, get lower bytes in esi + //0x83,0x2d, XX4, 0x04 // 1403918c 832d b48e1301 04 sub dword ptr ds:[0x1138eb4],0x4 + }; + enum { addr_offset = 0x14039186 - 0x14039128 }; + + DWORD addr = SafeMatchBytesInPSPMemory(bytes, sizeof(bytes)); + if (!addr) { + ConsoleOutput("Otomate2 PSP: leave: first pattern not found"); + return false; + } + addr += addr_offset; + + //0x89,0x35, XX4, // 14039186 8935 608b1301 mov dword ptr ds:[0x1138b60],esi ; jichi: hook here, get lower bytes in esi + enum : WORD { mov_esi = 0x3589 }; + if (*(WORD *)addr != mov_esi) { + ConsoleOutput("Otomate2 PSP: leave: second pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.type = USING_STRING|NO_CONTEXT; + hp.text_fun = SpecialPSPHookOtomate2; + ConsoleOutput("Otomate2 PSP: INSERT"); + NewHook(hp, "Otomate PSP"); + + ConsoleOutput("Otomate2 PSP: leave"); + return addr; +} + +#endif // 0 + +/** 8/9/2014 jichi Kadokawa.co.jp PSP engine, 0.9.8, ?, + * + * Sample game: 未来日�work on 0.9.8, not tested on 0.9.9 + * + * FIXME: Currently, only the character name works + * + * Memory address is FIXED. + * Debug method: predict and breakpoint the memory address + * + * There are two matches in the memory, and only one function accessing them. + * + * Character name function is as follows. + * The scenario is the text after the name. + * + * 1348d79f cc int3 + * 1348d7a0 77 0f ja short 1348d7b1 + * 1348d7a2 c705 a8aa1001 fc>mov dword ptr ds:[0x110aaa8],0x884c6fc + * 1348d7ac -e9 532844f0 jmp 038d0004 + * 1348d7b1 8b05 78a71001 mov eax,dword ptr ds:[0x110a778] + * 1348d7b7 81e0 ffffff3f and eax,0x3fffffff + * 1348d7bd 0fb6b0 00004007 movzx esi,byte ptr ds:[eax+0x7400000] ; jichi: hook here + * 1348d7c4 81fe 00000000 cmp esi,0x0 + * 1348d7ca 8935 70a71001 mov dword ptr ds:[0x110a770],esi + * 1348d7d0 0f85 2f000000 jnz 1348d805 + * 1348d7d6 8b05 7ca71001 mov eax,dword ptr ds:[0x110a77c] + * 1348d7dc 81e0 ffffff3f and eax,0x3fffffff + * 1348d7e2 0fbeb0 00004007 movsx esi,byte ptr ds:[eax+0x7400000] + * 1348d7e9 8935 70a71001 mov dword ptr ds:[0x110a770],esi + * 1348d7ef 832d c4aa1001 03 sub dword ptr ds:[0x110aac4],0x3 + * 1348d7f6 c705 a8aa1001 5c>mov dword ptr ds:[0x110aaa8],0x884c75c + * 1348d800 -e9 1e2844f0 jmp 038d0023 + * 1348d805 832d c4aa1001 03 sub dword ptr ds:[0x110aac4],0x3 + * 1348d80c e9 0b000000 jmp 1348d81c + * 1348d811 0108 add dword ptr ds:[eax],ecx + * 1348d813 c78408 e9082844 >mov dword ptr ds:[eax+ecx+0x442808e9],0x> + * 1348d81e c705 a8aa1001 08>mov dword ptr ds:[0x110aaa8],0x884c708 + * 1348d828 -e9 d72744f0 jmp 038d0004 + * 1348d82d 8b05 7ca71001 mov eax,dword ptr ds:[0x110a77c] + * 1348d833 81e0 ffffff3f and eax,0x3fffffff + * 1348d839 0fbeb0 00004007 movsx esi,byte ptr ds:[eax+0x7400000] + * 1348d840 81fe 00000000 cmp esi,0x0 + * 1348d846 8935 88a71001 mov dword ptr ds:[0x110a788],esi + * 1348d84c 0f85 16000000 jnz 1348d868 + * 1348d852 832d c4aa1001 03 sub dword ptr ds:[0x110aac4],0x3 + * 1348d859 e9 aa030000 jmp 1348dc08 + * 1348d85e 0154c7 84 add dword ptr ds:[edi+eax*8-0x7c],edx + * 1348d862 08e9 or cl,ch + * 1348d864 bb 2744f083 mov ebx,0x83f04427 + * 1348d869 2d c4aa1001 sub eax,0x110aac4 + * 1348d86e 03e9 add ebp,ecx + * 1348d870 0c 00 or al,0x0 + * 1348d872 0000 add byte ptr ds:[eax],al + * 1348d874 0114c7 add dword ptr ds:[edi+eax*8],edx + * 1348d877 8408 test byte ptr ds:[eax],cl + * 1348d879 -e9 a52744f0 jmp 038d0023 + * 1348d87e 90 nop + * 1348d87f cc int3 + * + * Scenario function is as follows. + * But I am not able to find it at runtime. + * + * 13484483 90 nop + * 13484484 77 0f ja short 13484495 + * 13484486 c705 a8aa1001 30>mov dword ptr ds:[0x110aaa8],0x884b030 + * 13484490 -e9 6fbb59f3 jmp 06a20004 + * 13484495 8b35 74a71001 mov esi,dword ptr ds:[0x110a774] + * 1348449b 81fe 00000000 cmp esi,0x0 + * 134844a1 9c pushfd + * 134844a2 8bc6 mov eax,esi + * 134844a4 8b35 84a71001 mov esi,dword ptr ds:[0x110a784] + * 134844aa 03f0 add esi,eax + * 134844ac 8935 74a71001 mov dword ptr ds:[0x110a774],esi + * 134844b2 9d popfd + * 134844b3 0f8f 0c000000 jg 134844c5 + * 134844b9 832d c4aa1001 02 sub dword ptr ds:[0x110aac4],0x2 + * 134844c0 ^e9 23b0f9ff jmp 1341f4e8 + * 134844c5 832d c4aa1001 02 sub dword ptr ds:[0x110aac4],0x2 + * 134844cc e9 0b000000 jmp 134844dc + * 134844d1 0138 add dword ptr ds:[eax],edi + * 134844d3 b0 84 mov al,0x84 + * 134844d5 08e9 or cl,ch + * 134844d7 48 dec eax + * 134844d8 bb 59f39077 mov ebx,0x7790f359 + * 134844dd 0fc7 ??? ; unknown command + * 134844df 05 a8aa1001 add eax,0x110aaa8 + * 134844e4 38b0 8408e917 cmp byte ptr ds:[eax+0x17e90884],dh + * 134844ea bb 59f38b05 mov ebx,0x58bf359 + * 134844ef ^7c a7 jl short 13484498 + * 134844f1 1001 adc byte ptr ds:[ecx],al + * 134844f3 81e0 ffffff3f and eax,0x3fffffff + * 134844f9 0fb6b0 00004007 movzx esi,byte ptr ds:[eax+0x7400000] ; jichi: hook here, byte by byte + * 13484500 8b05 84a71001 mov eax,dword ptr ds:[0x110a784] + * 13484506 81e0 ffffff3f and eax,0x3fffffff + * 1348450c 8bd6 mov edx,esi + * 1348450e 8890 00004007 mov byte ptr ds:[eax+0x7400000],dl + * 13484514 8b3d 84a71001 mov edi,dword ptr ds:[0x110a784] + * 1348451a 8d7f 01 lea edi,dword ptr ds:[edi+0x1] + * 1348451d 8b2d 7ca71001 mov ebp,dword ptr ds:[0x110a77c] + * 13484523 8d6d 01 lea ebp,dword ptr ss:[ebp+0x1] + * 13484526 3b3d 74a71001 cmp edi,dword ptr ds:[0x110a774] + * 1348452c 8935 70a71001 mov dword ptr ds:[0x110a770],esi + * 13484532 892d 7ca71001 mov dword ptr ds:[0x110a77c],ebp + * 13484538 893d 84a71001 mov dword ptr ds:[0x110a784],edi + * 1348453e 0f84 16000000 je 1348455a + * 13484544 832d c4aa1001 05 sub dword ptr ds:[0x110aac4],0x5 + * 1348454b ^e9 8cffffff jmp 134844dc + * 13484550 0138 add dword ptr ds:[eax],edi + * 13484552 b0 84 mov al,0x84 + * 13484554 08e9 or cl,ch + * 13484556 c9 leave + * 13484557 ba 59f3832d mov edx,0x2d83f359 + * 1348455c c4aa 100105e9 les ebp,fword ptr ds:[edx+0xe9050110] ; modification of segment register + * 13484562 0e push cs + * 13484563 0000 add byte ptr ds:[eax],al + * 13484565 0001 add byte ptr ds:[ecx],al + * 13484567 4c dec esp + * 13484568 b0 84 mov al,0x84 + * 1348456a 08e9 or cl,ch + * 1348456c b3 ba mov bl,0xba + * 1348456e 59 pop ecx + * 1348456f f3: prefix rep: ; superfluous prefix + * 13484570 90 nop + * 13484571 cc int3 + * 13484572 cc int3 + * 13484573 cc int3 + */ +bool InsertKadokawaNamePSPHook() +{ + ConsoleOutput("Kadokawa Name PSP: enter"); + const BYTE bytes[] = { + 0x77, 0x0f, // 1348d7a0 77 0f ja short 1348d7b1 + 0xc7,0x05, XX8, // 1348d7a2 c705 a8aa1001 fc>mov dword ptr ds:[0x110aaa8],0x884c6fc + 0xe9, XX4, // 1348d7ac -e9 532844f0 jmp 038d0004 + 0x8b,0x05, XX4, // 1348d7b1 8b05 78a71001 mov eax,dword ptr ds:[0x110a778] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 1348d7b7 81e0 ffffff3f and eax,0x3fffffff + 0x0f,0xb6,0xb0, XX4, // 1348d7bd 0fb6b0 00004007 movzx esi,byte ptr ds:[eax+0x7400000] ; jichi: hook here + 0x81,0xfe, 0x00,0x00,0x00,0x00, // 1348d7c4 81fe 00000000 cmp esi,0x0 + 0x89,0x35, XX4, // 1348d7ca 8935 70a71001 mov dword ptr ds:[0x110a770],esi + 0x0f,0x85, 0x2f,0x00,0x00,0x00, // 1348d7d0 0f85 2f000000 jnz 1348d805 + 0x8b,0x05, XX4, // 1348d7d6 8b05 7ca71001 mov eax,dword ptr ds:[0x110a77c] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 1348d7dc 81e0 ffffff3f and eax,0x3fffffff + 0x0f,0xbe,0xb0, XX4, // 1348d7e2 0fbeb0 00004007 movsx esi,byte ptr ds:[eax+0x7400000] + 0x89,0x35 //, XX4, // 1348d7e9 8935 70a71001 mov dword ptr ds:[0x110a770],esi + }; + enum { memory_offset = 3 }; + enum { addr_offset = 0x1348d7bd - 0x1348d7a0 }; + auto succ=false; + DWORD addr = SafeMatchBytesInPSPMemory(bytes, sizeof(bytes)); + if (!addr) + ConsoleOutput("Kadokawa Name PSP: pattern not found"); + else { + HookParam hp; + hp.address = addr + addr_offset; + hp.user_value = *(DWORD *)(hp.address + memory_offset); + hp.type = USING_STRING|USING_SPLIT|NO_CONTEXT; + hp.offset=get_reg(regs::eax); + hp.split = get_reg(regs::edx); + hp.text_fun = SpecialPSPHook; + + //GROWL_DWORD2(hp.address, hp.user_value); + ConsoleOutput("Kadokawa Name PSP: INSERT"); + succ|=NewHook(hp, "Kadokawa Name PSP"); + } + + ConsoleOutput("Kadokawa Name PSP: leave"); + return succ; +} + +bool InsertPPSSPPHooks() +{ + //if (PPSSPP_VERSION[1] == 9 && (PPSSPP_VERSION[2] > 9 || PPSSPP_VERSION[2] == 9 && PPSSPP_VERSION[3] >= 1)) // >= 0.9.9.1 + + ConsoleOutput("PPSSPP: enter"); + + // http://stackoverflow.com/questions/940707/how-do-i-programatically-get-the-version-of-a-dll-or-exe-file + // get the version info for the file requested + // if (DWORD dwSize = ::GetFileVersionInfoSizeW(processPath, nullptr)) { + // UINT len = 0; + // BYTE * buf = new BYTE[dwSize]; + // VS_FIXEDFILEINFO * info = nullptr; + // if (::GetFileVersionInfoW(processPath, 0, dwSize, buf) + // && ::VerQueryValueW(buf, L"\\", (LPVOID*)&info, &len) + // && info) + // { + // PPSSPP_VERSION[0] = HIWORD(info->dwFileVersionMS), + // PPSSPP_VERSION[1] = LOWORD(info->dwFileVersionMS), + // PPSSPP_VERSION[2] = HIWORD(info->dwFileVersionLS), + // PPSSPP_VERSION[3] = LOWORD(info->dwFileVersionLS); + // + // } + // else + // ConsoleOutput("failed to get PPSSPP version"); + // delete[] buf; + // + //} + + InsertPPSSPPHLEHooks(); + + if (PPSSPP_VERSION[1] == 9 && PPSSPP_VERSION[2] == 9 && PPSSPP_VERSION[3] == 0) // 0.9.9.0 + InsertOtomatePPSSPPHook(); + + //bool engineFound = false; + Insert5pbPSPHook(); + InsertCyberfrontPSPHook(); + InsertImageepoch2PSPHook(); + InsertFelistellaPSPHook(); + + InsertBroccoliPSPHook(); + InsertIntensePSPHook(); + //InsertKadokawaNamePSPHook(); // disabled + InsertKonamiPSPHook(); + + if (PPSSPP_VERSION[1] == 9 && PPSSPP_VERSION[2] == 8) { // only works for 0.9.8 anyway + InsertNippon1PSPHook(); + InsertNippon2PSPHook(); // This could crash PPSSPP 099 just like 5pb + } + + //InsertTecmoPSPHook(); + + // Generic hooks + + bool bandaiFound = InsertBandaiPSPHook(); + InsertBandaiNamePSPHook(); + + // Hooks whose pattern is not generic enouph + + InsertYetiPSPHook(); + InsertYeti2PSPHook(); + + InsertAlchemistPSPHook(); + InsertAlchemist2PSPHook(); + + //InsertTypeMoonPSPHook() // otomate is creating too many garbage + //|| InsertOtomatePSPHook(); + InsertOtomatePSPHook(); + + if (!bandaiFound) { + // KID pattern is a subset of BANDAI, and hence MUST NOT be together with BANDAI + // Sample BANDAI game that could be broken by KID: 寮�のサクリファイス + InsertKidPSPHook(); // KID could lose text, could exist in multiple game + + InsertImageepochPSPHook(); // Imageepoch could crash vnrcli for School Rumble PSP + } + + ConsoleOutput("PPSSPP: leave"); + return true; +} + +/** Artikash 6/7/2019 +* PPSSPP JIT code has pointers, but they are all added to an offset before being used. + Find that offset so that hook searching works properly. + To find the offset, find a page of mapped memory with size 0x1f00000, read and write permissions, take its address and subtract 0x8000000. + The above is useful for emulating PSP hardware, so unlikely to change between versions. +*/ +bool FindPPSSPP() +{ + bool found = false; + SYSTEM_INFO systemInfo; + GetNativeSystemInfo(&systemInfo); + for (BYTE* probe = NULL; probe < systemInfo.lpMaximumApplicationAddress;) + { + MEMORY_BASIC_INFORMATION info; + if (!VirtualQuery(probe, &info, sizeof(info))) + { + probe += systemInfo.dwPageSize; + } + else + { + if (info.RegionSize == 0x1f00000 && info.Protect == PAGE_READWRITE && info.Type == MEM_MAPPED) + { + found = true; + ConsoleOutput("PPSSPP memory found: searching for hooks should yield working hook codes"); + // PPSSPP 1.8.0 compiles jal to sub dword ptr [ebp+0x360],?? + memcpy(spDefault.pattern, Array{ 0x83, 0xAD, 0x60, 0x03, 0x00, 0x00 }, spDefault.length = 6); + spDefault.offset = 0; + spDefault.minAddress = 0; + spDefault.maxAddress = -1ULL; + spDefault.padding = (uintptr_t)probe - 0x8000000; + spDefault.hookPostProcessor = [](HookParam& hp) + { + hp.type |= NO_CONTEXT | USING_SPLIT | SPLIT_INDIRECT; + hp.split = get_reg(regs::ebp); + hp.split_index =get_reg(regs::eax); // this is where PPSSPP 1.8.0 stores its return address stack + }; + } + probe += info.RegionSize; + } + } + return found; +} + +bool PPSSPP::attach_function() { + bool _b1=InsertPPSSPPHooks(); // Artikash 8/4/2018: removed for now as doesn't work for non ancient ppsspp versions + bool _b2=FindPPSSPP(); + if(_b1||_b2) + return true; + return false; +} + \ No newline at end of file diff --git a/LunaHook/engine32/PPSSPP.h b/LunaHook/engine32/PPSSPP.h new file mode 100644 index 0000000..4892a45 --- /dev/null +++ b/LunaHook/engine32/PPSSPP.h @@ -0,0 +1,13 @@ +#include"engine.h" + +class PPSSPP:public ENGINE{ + public: + PPSSPP(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"PPSSPP*.exe"; + is_engine_certain=false; + }; + bool attach_function(); + +}; \ No newline at end of file diff --git a/LunaHook/engine32/Pal.cpp b/LunaHook/engine32/Pal.cpp new file mode 100644 index 0000000..16904f9 --- /dev/null +++ b/LunaHook/engine32/Pal.cpp @@ -0,0 +1,272 @@ +#include"Pal.h" +#include"embed_util.h" +/** jichi 6/1/2014 AMUSE CRAFT + * Related brands: http://erogetrailers.com/brand/2047 + * Sample game: 魔女こいにっ� * See: http://sakuradite.com/topic/223 + * Sample H-code: /HBN-4*0:18@26159:MAJOKOI_try.exe (need remove context, though) + * + * Sample games: + * - 時計仕掛け�レイライン + * - きみと僕との騎士の日� * + * /HBN-4*0:18@26159:MAJOKOI_TRY.EXE + * - addr: 155993 + * - length_offset: 1 + * - module: 104464j455 + * - off: 4294967288 = 0xfffffff8 + * - split: 24 = 0x18 + * - type: 1112 = 0x458 + * + * Call graph: + * - hook reladdr: 0x26159, fun reladdr: 26150 + * - scene fun reladdr: 0x26fd0 + * - arg1 and arg3 are pointers + * - arg2 is the text + * - scenairo only reladdr: 0x26670 + * Issue for implementing embeded engine: two functions are needed to be hijacked + * + * 013c614e cc int3 + * 013c614f cc int3 + * 013c6150 /$ 55 push ebp ; jichi: function starts, this function seems to process text encoding + * 013c6151 |. 8bec mov ebp,esp + * 013c6153 |. 8b45 08 mov eax,dword ptr ss:[ebp+0x8] + * 013c6156 |. 0fb608 movzx ecx,byte ptr ds:[eax] + * 013c6159 |. 81f9 81000000 cmp ecx,0x81 ; jichi: hook here + * 013c615f |. 7c 0d jl short majokoi_.013c616e + * 013c6161 |. 8b55 08 mov edx,dword ptr ss:[ebp+0x8] + * 013c6164 |. 0fb602 movzx eax,byte ptr ds:[edx] + * 013c6167 |. 3d 9f000000 cmp eax,0x9f + * 013c616c |. 7e 1c jle short majokoi_.013c618a + * 013c616e |> 8b4d 08 mov ecx,dword ptr ss:[ebp+0x8] + * 013c6171 |. 0fb611 movzx edx,byte ptr ds:[ecx] + * 013c6174 |. 81fa e0000000 cmp edx,0xe0 + * 013c617a |. 7c 30 jl short majokoi_.013c61ac + * 013c617c |. 8b45 08 mov eax,dword ptr ss:[ebp+0x8] + * 013c617f |. 0fb608 movzx ecx,byte ptr ds:[eax] + * 013c6182 |. 81f9 fc000000 cmp ecx,0xfc + * 013c6188 |. 7f 22 jg short majokoi_.013c61ac + * 013c618a |> 8b55 08 mov edx,dword ptr ss:[ebp+0x8] + * 013c618d |. 0fb642 01 movzx eax,byte ptr ds:[edx+0x1] + * 013c6191 |. 83f8 40 cmp eax,0x40 + * 013c6194 |. 7c 16 jl short majokoi_.013c61ac + * 013c6196 |. 8b4d 08 mov ecx,dword ptr ss:[ebp+0x8] + * 013c6199 |. 0fb651 01 movzx edx,byte ptr ds:[ecx+0x1] + * 013c619d |. 81fa fc000000 cmp edx,0xfc + * 013c61a3 |. 7f 07 jg short majokoi_.013c61ac + * 013c61a5 |. b8 01000000 mov eax,0x1 + * 013c61aa |. eb 02 jmp short majokoi_.013c61ae + * 013c61ac |> 33c0 xor eax,eax + * 013c61ae |> 5d pop ebp + * 013c61af \. c3 retn + */ +static bool InsertOldPalHook() // this is used in case the new pattern does not work +{ + const BYTE bytes[] = { + 0x55, // 013c6150 /$ 55 push ebp ; jichi: function starts + 0x8b,0xec, // 013c6151 |. 8bec mov ebp,esp + 0x8b,0x45, 0x08, // 013c6153 |. 8b45 08 mov eax,dword ptr ss:[ebp+0x8] + 0x0f,0xb6,0x08, // 013c6156 |. 0fb608 movzx ecx,byte ptr ds:[eax] + 0x81,0xf9 //81000000 // 013c6159 |. 81f9 81000000 cmp ecx,0x81 ; jichi: hook here + }; + enum { addr_offset = sizeof(bytes) - 2 }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + //GROWL_DWORD(reladdr); // supposed to be 0x21650 + //GROWL_DWORD(reladdr + addr_offset); + //reladdr = 0x26159; // 魔女こいにっ�trial + if (!addr) { + ConsoleOutput("AMUSE CRAFT: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr + addr_offset; + //hp.type = NO_CONTEXT|USING_SPLIT|DATA_INDIRECT; // 0x418 + //hp.type = NO_CONTEXT|USING_SPLIT|DATA_INDIRECT|RELATIVE_SPLIT; // Use relative address to prevent floating issue + hp.type = NO_CONTEXT|USING_SPLIT|DATA_INDIRECT; + hp.offset=get_reg(regs::eax); // eax + ConsoleOutput("INSERT AMUSE CRAFT"); + return NewHook(hp, "Pal"); +} +namespace{ + template + strT trim(strT text, int *size) + { + //int length = ::strlen(text); + auto length = *size; + if (text[0] == '<' && text[1] == 'c') { + auto p = ::strchr(text + 2, '>'); + if (!p) + return text; + p++; + length -= p - text; + text = p; // skip leading '' + } + + if (text[length - 1] == '>' && text[length - 2] == 'c' && text[length - 3] == '/' && text[length - 4] == '<') + length -= 4; // skip the trailing ' + + *size = length; + return text; + } + LPSTR trimmedText;int trimmedSize; +bool before(hook_stack*s,void* data, size_t* len,uintptr_t*role){ + auto text = (LPSTR)s->stack[2]; // text in arg2 + if (!text || !*text) + return false; + + int size = ::strlen(text); + trimmedSize = size; + trimmedText = trim(text, &trimmedSize); + if (trimmedSize <= 0 || !trimmedText || !*trimmedText) + return false; + auto retaddr = s->stack[0]; + if (*(WORD *)(retaddr - 8) == 0x088b) // 8b08 mov ecx,dword ptr ds:[eax] + *role = s->stack[3] ? Engine::ScenarioRole : Engine::NameRole; + std::string oldData(trimmedText, trimmedSize); + strcpy((char*)data,oldData.c_str()); + *len=oldData.size(); + return true; +} +void after(hook_stack*s,void* data, size_t len){ + std::string newData((char*)data, len); + auto text = (LPSTR)s->stack[2]; // text in arg2 + int prefixSize = trimmedText - text; + int size = ::strlen(text); + int suffixSize = size - prefixSize - trimmedSize; + //if (prefixSize) + // newData.prepend(text, prefixSize); + if (suffixSize) + newData.append(trimmedText + trimmedSize, suffixSize); + ::strcpy(trimmedText, newData.c_str()); +} + +std::string rubyRemove( std::string text) { + std::regex rx("(.*?)"); + text= std::regex_replace(text, rx, "$2"); + std::regex rx2("(.*?)"); + text= std::regex_replace(text, rx2, "$2"); + std::regex rx3("(.*?)"); + text= std::regex_replace(text, rx3, "$2"); + return text; +} +} +static bool InsertNewPal1Hook() +{ + //有乱码,无法处理。并且遇到某些中文字符会闪退 + const BYTE bytes[] = { + 0x55, // 002c6ab0 55 push ebp + 0x8b,0xec, // 002c6ab1 8bec mov ebp,esp + 0x83,0xec, 0x78, // 002c6ab3 83ec 78 sub esp,0x78 + 0xa1, XX4, // 002c6ab6 a1 8c002f00 mov eax,dword ptr ds:[0x2f008c] + 0x33,0xc5, // 002c6abb 33c5 xor eax,ebp + 0x89,0x45, 0xf8 // 002c6abd 8945 f8 mov dword ptr ss:[ebp-0x8],eax ; mireado : small update + }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + ConsoleOutput("Pal1: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset=get_stack(2); // arg2 + hp.type = USING_STRING|EMBED_ABLE; + hp.hook_before=before; + hp.hook_after=after; + hp.filter_fun=[](void* data, size_t* len, HookParam* hp){ + auto s=std::string((char*)data,*len); + s=rubyRemove(s); + strcpy((LPSTR)data,s.c_str());*len=s.size(); + + return true; + }; + hp.hook_font=F_CreateFontIndirectA|F_CreateFontA; + ConsoleOutput("INSERT Pal1"); + return NewHook(hp, "Pal"); +} +// Eguni 2016/11/06 +// Supporting new Pal engine, tested with 恋×シンアイ彼女 +static bool InsertNewPal2Hook() +{ + const BYTE bytes[] = { + 0x55, // 0124E220 55 push ebp; doesn't works... why? + 0x8b,0xec, // 0124E221 8bec mov ebp,esp + 0x83,0xec, 0x7c, // 0124E223 83ec 7c sub esp,0x7C + 0xa1, XX4, // 0124E226 a1 788D2901 mov eax,dword ptr ds:[0x2f008c] + 0x33,0xc5, // 0124E22B 33c5 xor eax,ebp + 0x89,0x45, 0xfc, // 0124E22D 8945 FC mov dword ptr ss:[ebp-0x8],eax ; mireado : small update + 0xe8 // 0136e230 e8 call 01377800 + }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + ConsoleOutput("Pal2: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset=get_stack(2); // arg2 + hp.type = USING_STRING; + ConsoleOutput("INSERT Pal2"); + return NewHook(hp, "Pal"); +} +namespace{ +bool redcheris(){ +const BYTE bytes[] = { + //int __usercall sub_44E1E0@( + // char *a1@, + + //if ( *(_DWORD *)a1 == 1047683644 ) + 0x8B,0x06, + 0x3D,0x3C,0x62,0x72,0x3E , + 0x75,0x10 + }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) return false; + addr=MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) return false; + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::edx); + hp.type = USING_STRING|EMBED_ABLE|EMBED_BEFORE_SIMPLE|EMBED_AFTER_NEW; + //无法编码的字符无法显示,若开启dyna则会直接略过这个字,还不如不开。 + //[230929] [ユニゾンシフト] 恋とHしかしていない! + hp.newlineseperator=L"
"; + hp.filter_fun=[](void* data, size_t* len, HookParam* hp){ + auto s=std::string((char*)data,*len); + s=rubyRemove(s); + strcpy((LPSTR)data,s.c_str());*len=s.size(); + return true; + }; + return NewHook(hp, "Pal"); +} +} + +bool InsertPalHook() // use Old Pal first, which does not have ruby +{ + PcHooks::hookOtherPcFunctions(); + auto succ=false; + for (auto func : { "PalSpriteCreateTextEx","PalSpriteCreateText","PalFontDrawText" }) { + HookParam hp; + hp.type = USING_STRING | MODULE_OFFSET | FUNCTION_OFFSET; + wcscpy_s(hp.module, L"Pal.dll"); + strcpy_s(hp.function, func); + hp.offset=get_stack(2); + succ|=NewHook(hp, func); + } + bool embed= InsertNewPal1Hook() ; + bool b1= InsertOldPalHook() || InsertNewPal2Hook(); + + bool b2=redcheris(); + return b1||b2||embed||succ; +} + +bool Pal::attach_function() { + + return InsertPalHook(); +} + + \ No newline at end of file diff --git a/LunaHook/engine32/Pal.h b/LunaHook/engine32/Pal.h new file mode 100644 index 0000000..4498011 --- /dev/null +++ b/LunaHook/engine32/Pal.h @@ -0,0 +1,12 @@ +#include"engine.h" + +class Pal:public ENGINE{ + public: + Pal(){ + check_by=CHECK_BY::CUSTOM; + check_by_target=[](){ + return Util::CheckFile(L"dll\\Pal.dll")||GetModuleHandleW(L"Pal.dll"); + }; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Palette.cpp b/LunaHook/engine32/Palette.cpp new file mode 100644 index 0000000..c16e41e --- /dev/null +++ b/LunaHook/engine32/Palette.cpp @@ -0,0 +1,51 @@ +#include"Palette.h" + +bool Palette::attach_function() { + + BYTE sig2[]={ + //さくらシュトラッセ + //さくらんぼシュトラッセ + //MERI+DIA~マリアディアナ~ + 0x8b,XX, + 0x8b,XX,0x14, + 0x03,XX, + 0x3b,XX, + 0x76,XX, + 0x83,XX,0x10, + 0x72,XX, + 0x8b,XX, + 0x8b,XX,0x24,0x14, + XX, + 0x2b,XX, + XX, + XX, + 0x8b,XX, + 0xe8,XX4, + XX, + XX, + XX, + 0xC2,0x08,0x00 + }; + auto m=GetModuleHandle(L"system.dll"); + ULONG addr=0; + if(m) { + //もしも明日が晴れならば + //えむぴぃ + auto [minAddress, maxAddress] = Util::QueryModuleLimits(m); + addr= MemDbg::findBytes(sig2, sizeof(sig2), minAddress, maxAddress); + } + else{ + addr = MemDbg::findBytes(sig2, sizeof(sig2), processStartAddress, processStopAddress); + } + if (!addr) return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + + if (!addr) return false; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.type = USING_STRING; + hp.filter_fun=all_ascii_Filter; + ConsoleOutput("Please adjust the text display speed to maximum to remove duplicates"); + return NewHook(hp, "Palette"); +} \ No newline at end of file diff --git a/LunaHook/engine32/Palette.h b/LunaHook/engine32/Palette.h new file mode 100644 index 0000000..92acc43 --- /dev/null +++ b/LunaHook/engine32/Palette.h @@ -0,0 +1,11 @@ +#include"engine.h" + +class Palette:public ENGINE{ + public: + Palette(){ + is_engine_certain=false; + check_by=CHECK_BY::FILE; + check_by_target=L"data\\*.pak"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Pensil.cpp b/LunaHook/engine32/Pensil.cpp new file mode 100644 index 0000000..df0f759 --- /dev/null +++ b/LunaHook/engine32/Pensil.cpp @@ -0,0 +1,933 @@ +#include"Pensil.h" +#include"embed_util.h" +bool InsertPensilHook() +{ + for (DWORD i = processStartAddress; i < processStopAddress - 4; i++) + if (*(DWORD *)i == 0x6381) // cmp *,8163 + if (DWORD j = SafeFindEnclosingAlignedFunction(i, 0x100)) { + // Artikash 7/20/2019: I don't understand how or why this is possible, but I found a game that by default has copy on write memory for its .text section + VirtualProtect((void*)j, 1, PAGE_EXECUTE_READ, DUMMY); + HookParam hp; + hp.address = j; + hp.offset=get_stack(2); + hp.split=get_stack(1); + hp.type=USING_SPLIT; + ConsoleOutput("INSERT Pensil"); + return NewHook(hp, "Pensil"); + //RegisterEngineType(ENGINE_PENSIL); + } + //ConsoleOutput("Unknown Pensil engine."); + ConsoleOutput("Pensil: failed"); + return false; +} + +namespace{ + bool pensilfilter(void* data, size_t* len, HookParam* hp){ + //「馬鹿な、\{軌道護符|サテラ}が封じられるとは! ハーリーの仕業か。連中の魔法科学はそこまで進んだのか!?」 + auto str=std::string(reinterpret_cast(data),*len); + str = std::regex_replace(str, std::regex("\\\\\\{(.*?)\\|(.*?)\\}"), "$1"); + + *len = (str.size()) ; + strcpy(reinterpret_cast(data), str.c_str()); + return true; + }; +} + +namespace { // unnamed +namespace ScenarioHook { + +/** + * Sample game: はにつま + * + * Debugging method: + * 1. Hook to GetGlyphOutlineA + * 2. Find text in memory + * There are three matches. The static scenario text is found + * 3. Looking for text on the stack + * The text is just above Windows Message calls on the stack. + * + * Name/Scenario/Other texts can be translated. + * History cannot be translated. + * + * Text in arg2. + * + * 0046AFE8 CC INT3 + * 0046AFE9 CC INT3 + * 0046AFEA CC INT3 + * 0046AFEB CC INT3 + * 0046AFEC CC INT3 + * 0046AFED CC INT3 + * 0046AFEE CC INT3 + * 0046AFEF CC INT3 + * 0046AFF0 83EC 10 SUB ESP,0x10 + * 0046AFF3 56 PUSH ESI + * 0046AFF4 57 PUSH EDI + * 0046AFF5 8B7C24 1C MOV EDI,DWORD PTR SS:[ESP+0x1C] + * 0046AFF9 85FF TEST EDI,EDI + * 0046AFFB 0F84 D6020000 JE .0046B2D7 + * 0046B001 8B7424 20 MOV ESI,DWORD PTR SS:[ESP+0x20] + * 0046B005 85F6 TEST ESI,ESI + * 0046B007 0F84 CA020000 JE .0046B2D7 + * 0046B00D 55 PUSH EBP + * 0046B00E 33ED XOR EBP,EBP + * 0046B010 392D A8766C00 CMP DWORD PTR DS:[0x6C76A8],EBP + * 0046B016 75 09 JNZ SHORT .0046B021 + * 0046B018 5D POP EBP + * 0046B019 5F POP EDI + * 0046B01A 33C0 XOR EAX,EAX + * 0046B01C 5E POP ESI + * 0046B01D 83C4 10 ADD ESP,0x10 + * 0046B020 C3 RETN + * 0046B021 8B47 24 MOV EAX,DWORD PTR DS:[EDI+0x24] + * 0046B024 8B4F 28 MOV ECX,DWORD PTR DS:[EDI+0x28] + * 0046B027 8B57 2C MOV EDX,DWORD PTR DS:[EDI+0x2C] + * 0046B02A 894424 0C MOV DWORD PTR SS:[ESP+0xC],EAX + * 0046B02E 8B47 30 MOV EAX,DWORD PTR DS:[EDI+0x30] + * 0046B031 53 PUSH EBX + * 0046B032 894C24 14 MOV DWORD PTR SS:[ESP+0x14],ECX + * 0046B036 895424 18 MOV DWORD PTR SS:[ESP+0x18],EDX + * 0046B03A 894424 1C MOV DWORD PTR SS:[ESP+0x1C],EAX + * 0046B03E 8A1E MOV BL,BYTE PTR DS:[ESI] + * 0046B040 84DB TEST BL,BL + * 0046B042 0F84 95000000 JE .0046B0DD + * 0046B048 EB 06 JMP SHORT .0046B050 + * 0046B04A 8D9B 00000000 LEA EBX,DWORD PTR DS:[EBX] + * 0046B050 0FB716 MOVZX EDX,WORD PTR DS:[ESI] + * 0046B053 0FB7C2 MOVZX EAX,DX + * 0046B056 3D 5C630000 CMP EAX,0x635C + * 0046B05B 0F8F 93010000 JG .0046B1F4 + * 0046B061 0F84 2B010000 JE .0046B192 + * 0046B067 3D 5C4E0000 CMP EAX,0x4E5C + * 0046B06C 0F8F DF000000 JG .0046B151 + * 0046B072 0F84 9E010000 JE .0046B216 + * 0046B078 3D 5C430000 CMP EAX,0x435C + * 0046B07D 0F84 0F010000 JE .0046B192 + * 0046B083 3D 5C460000 CMP EAX,0x465C + * 0046B088 0F84 80000000 JE .0046B10E + * 0046B08E 3D 5C470000 CMP EAX,0x475C + * 0046B093 0F85 CA010000 JNZ .0046B263 + * 0046B099 8A46 02 MOV AL,BYTE PTR DS:[ESI+0x2] + * 0046B09C 83C6 02 ADD ESI,0x2 + * 0046B09F 33C9 XOR ECX,ECX + * 0046B0A1 3C 39 CMP AL,0x39 + * 0046B0A3 77 17 JA SHORT .0046B0BC + * 0046B0A5 3C 30 CMP AL,0x30 + * 0046B0A7 72 13 JB SHORT .0046B0BC + * 0046B0A9 83C6 01 ADD ESI,0x1 + * 0046B0AC 0FB6D0 MOVZX EDX,AL + * 0046B0AF 8A06 MOV AL,BYTE PTR DS:[ESI] + * 0046B0B1 3C 39 CMP AL,0x39 + * 0046B0B3 8D0C89 LEA ECX,DWORD PTR DS:[ECX+ECX*4] + * 0046B0B6 8D4C4A D0 LEA ECX,DWORD PTR DS:[EDX+ECX*2-0x30] + * 0046B0BA ^76 E9 JBE SHORT .0046B0A5 + * 0046B0BC 8D4424 10 LEA EAX,DWORD PTR SS:[ESP+0x10] + * 0046B0C0 50 PUSH EAX + * 0046B0C1 81C1 00FFFFFF ADD ECX,-0x100 + * 0046B0C7 51 PUSH ECX + * 0046B0C8 57 PUSH EDI + * 0046B0C9 E8 92F1FFFF CALL .0046A260 + * 0046B0CE 83C4 0C ADD ESP,0xC + * 0046B0D1 03E8 ADD EBP,EAX + * 0046B0D3 8A1E MOV BL,BYTE PTR DS:[ESI] + * 0046B0D5 84DB TEST BL,BL + * 0046B0D7 ^0F85 73FFFFFF JNZ .0046B050 + * 0046B0DD F647 10 01 TEST BYTE PTR DS:[EDI+0x10],0x1 + * 0046B0E1 74 09 JE SHORT .0046B0EC + * 0046B0E3 57 PUSH EDI + * 0046B0E4 E8 F7DDFFFF CALL .00468EE0 + * 0046B0E9 83C4 04 ADD ESP,0x4 + * 0046B0EC F647 10 08 TEST BYTE PTR DS:[EDI+0x10],0x8 + * 0046B0F0 74 12 JE SHORT .0046B104 + * 0046B0F2 833D 98026C00 00 CMP DWORD PTR DS:[0x6C0298],0x0 + * 0046B0F9 74 09 JE SHORT .0046B104 + * 0046B0FB 57 PUSH EDI + * 0046B0FC E8 6FE4FFFF CALL .00469570 + * 0046B101 83C4 04 ADD ESP,0x4 + * 0046B104 5B POP EBX + * 0046B105 8BC5 MOV EAX,EBP + * 0046B107 5D POP EBP + * 0046B108 5F POP EDI + * 0046B109 5E POP ESI + * 0046B10A 83C4 10 ADD ESP,0x10 + * 0046B10D C3 RETN + * 0046B10E 8A46 02 MOV AL,BYTE PTR DS:[ESI+0x2] + * 0046B111 83C6 02 ADD ESI,0x2 + * 0046B114 33C9 XOR ECX,ECX + * 0046B116 3C 39 CMP AL,0x39 + * 0046B118 77 1D JA SHORT .0046B137 + * 0046B11A 8D9B 00000000 LEA EBX,DWORD PTR DS:[EBX] + * 0046B120 3C 30 CMP AL,0x30 + * 0046B122 72 13 JB SHORT .0046B137 + * 0046B124 83C6 01 ADD ESI,0x1 + * 0046B127 0FB6D0 MOVZX EDX,AL + * 0046B12A 8A06 MOV AL,BYTE PTR DS:[ESI] + * 0046B12C 3C 39 CMP AL,0x39 + * 0046B12E 8D0C89 LEA ECX,DWORD PTR DS:[ECX+ECX*4] + * 0046B131 8D4C4A D0 LEA ECX,DWORD PTR DS:[EDX+ECX*2-0x30] + * 0046B135 ^76 E9 JBE SHORT .0046B120 + * 0046B137 6A 01 PUSH 0x1 + * 0046B139 8B0C8D 580D6C00 MOV ECX,DWORD PTR DS:[ECX*4+0x6C0D58] + * 0046B140 8D4424 14 LEA EAX,DWORD PTR SS:[ESP+0x14] + * 0046B144 50 PUSH EAX + * 0046B145 51 PUSH ECX + * 0046B146 57 PUSH EDI + * 0046B147 E8 84FBFFFF CALL .0046ACD0 + * 0046B14C 83C4 10 ADD ESP,0x10 + * 0046B14F ^EB 80 JMP SHORT .0046B0D1 + * 0046B151 3D 5C520000 CMP EAX,0x525C + * 0046B156 0F84 BA000000 JE .0046B216 + * 0046B15C 3D 5C530000 CMP EAX,0x535C + * 0046B161 ^0F84 32FFFFFF JE .0046B099 + * 0046B167 3D 5C5C0000 CMP EAX,0x5C5C + * 0046B16C 0F85 F1000000 JNZ .0046B263 + * 0046B172 8D5424 10 LEA EDX,DWORD PTR SS:[ESP+0x10] + * 0046B176 52 PUSH EDX + * 0046B177 6A 5C PUSH 0x5C + * 0046B179 57 PUSH EDI + * 0046B17A E8 81F3FFFF CALL .0046A500 + * 0046B17F 83C4 0C ADD ESP,0xC + * 0046B182 85C0 TEST EAX,EAX + * 0046B184 0F84 43010000 JE .0046B2CD + * 0046B18A 83C6 01 ADD ESI,0x1 + * 0046B18D ^E9 41FFFFFF JMP .0046B0D3 + * 0046B192 33C9 XOR ECX,ECX + * 0046B194 83C6 02 ADD ESI,0x2 + * 0046B197 8A06 MOV AL,BYTE PTR DS:[ESI] + * 0046B199 3C 39 CMP AL,0x39 + * 0046B19B 77 14 JA SHORT .0046B1B1 + * 0046B19D 3C 30 CMP AL,0x30 + * 0046B19F 72 10 JB SHORT .0046B1B1 + * 0046B1A1 83C1 FD ADD ECX,-0x3 + * 0046B1A4 0FB6C0 MOVZX EAX,AL + * 0046B1A7 C1E1 04 SHL ECX,0x4 + * 0046B1AA 03C8 ADD ECX,EAX + * 0046B1AC 83C6 01 ADD ESI,0x1 + * 0046B1AF ^EB E6 JMP SHORT .0046B197 + * 0046B1B1 3C 46 CMP AL,0x46 + * 0046B1B3 77 13 JA SHORT .0046B1C8 + * 0046B1B5 3C 41 CMP AL,0x41 + * 0046B1B7 72 0F JB SHORT .0046B1C8 + * 0046B1B9 0FB6D0 MOVZX EDX,AL + * 0046B1BC C1E1 04 SHL ECX,0x4 + * 0046B1BF 8D4C11 C9 LEA ECX,DWORD PTR DS:[ECX+EDX-0x37] + * 0046B1C3 83C6 01 ADD ESI,0x1 + * 0046B1C6 ^EB CF JMP SHORT .0046B197 + * 0046B1C8 3C 66 CMP AL,0x66 + * 0046B1CA 77 13 JA SHORT .0046B1DF + * 0046B1CC 3C 61 CMP AL,0x61 + * 0046B1CE 72 0F JB SHORT .0046B1DF + * 0046B1D0 0FB6C0 MOVZX EAX,AL + * 0046B1D3 C1E1 04 SHL ECX,0x4 + * 0046B1D6 8D4C01 A9 LEA ECX,DWORD PTR DS:[ECX+EAX-0x57] + * 0046B1DA 83C6 01 ADD ESI,0x1 + * 0046B1DD ^EB B8 JMP SHORT .0046B197 + * 0046B1DF 894C24 1C MOV DWORD PTR SS:[ESP+0x1C],ECX + * 0046B1E3 894C24 18 MOV DWORD PTR SS:[ESP+0x18],ECX + * 0046B1E7 894C24 14 MOV DWORD PTR SS:[ESP+0x14],ECX + * 0046B1EB 894C24 10 MOV DWORD PTR SS:[ESP+0x10],ECX + * 0046B1EF ^E9 DFFEFFFF JMP .0046B0D3 + * 0046B1F4 3D 5C720000 CMP EAX,0x725C + * 0046B1F9 7F 56 JG SHORT .0046B251 + * 0046B1FB 74 19 JE SHORT .0046B216 + * 0046B1FD 3D 5C660000 CMP EAX,0x665C + * 0046B202 74 23 JE SHORT .0046B227 + * 0046B204 3D 5C670000 CMP EAX,0x675C + * 0046B209 ^0F84 8AFEFFFF JE .0046B099 + * 0046B20F 3D 5C6E0000 CMP EAX,0x6E5C + * 0046B214 75 4D JNZ SHORT .0046B263 + * 0046B216 57 PUSH EDI + * 0046B217 E8 54DBFFFF CALL .00468D70 + * 0046B21C 83C4 04 ADD ESP,0x4 + * 0046B21F 83C6 02 ADD ESI,0x2 + * 0046B222 ^E9 ACFEFFFF JMP .0046B0D3 + * 0046B227 8A46 02 MOV AL,BYTE PTR DS:[ESI+0x2] + * 0046B22A 83C6 02 ADD ESI,0x2 + * 0046B22D 33C9 XOR ECX,ECX + * 0046B22F 3C 39 CMP AL,0x39 + * 0046B231 77 17 JA SHORT .0046B24A + * 0046B233 3C 30 CMP AL,0x30 + * 0046B235 72 13 JB SHORT .0046B24A + * 0046B237 83C6 01 ADD ESI,0x1 + * 0046B23A 0FB6D0 MOVZX EDX,AL + * 0046B23D 8A06 MOV AL,BYTE PTR DS:[ESI] + * 0046B23F 3C 39 CMP AL,0x39 + * 0046B241 8D0C89 LEA ECX,DWORD PTR DS:[ECX+ECX*4] + * 0046B244 8D4C4A D0 LEA ECX,DWORD PTR DS:[EDX+ECX*2-0x30] + * 0046B248 ^76 E9 JBE SHORT .0046B233 + * 0046B24A 6A 00 PUSH 0x0 + * 0046B24C ^E9 E8FEFFFF JMP .0046B139 + * 0046B251 3D 5C730000 CMP EAX,0x735C + * 0046B256 ^0F84 3DFEFFFF JE .0046B099 + * 0046B25C 3D 5C7B0000 CMP EAX,0x7B5C + * 0046B261 74 49 JE SHORT .0046B2AC + * 0046B263 52 PUSH EDX + * 0046B264 E8 C7D5FFFF CALL .00468830 + * 0046B269 83C4 04 ADD ESP,0x4 + * 0046B26C 85C0 TEST EAX,EAX + * 0046B26E 74 1E JE SHORT .0046B28E + * 0046B270 8D4424 10 LEA EAX,DWORD PTR SS:[ESP+0x10] + * 0046B274 50 PUSH EAX + * 0046B275 52 PUSH EDX + * 0046B276 57 PUSH EDI + * 0046B277 E8 E4EFFFFF CALL .0046A260 + * 0046B27C 83C4 0C ADD ESP,0xC + * 0046B27F 85C0 TEST EAX,EAX + * 0046B281 74 4A JE SHORT .0046B2CD + * 0046B283 83C6 02 ADD ESI,0x2 + * 0046B286 83C5 01 ADD EBP,0x1 + * 0046B289 ^E9 45FEFFFF JMP .0046B0D3 + * 0046B28E 8D4C24 10 LEA ECX,DWORD PTR SS:[ESP+0x10] + * 0046B292 51 PUSH ECX + * 0046B293 53 PUSH EBX + * 0046B294 57 PUSH EDI + * 0046B295 E8 66F2FFFF CALL .0046A500 + * 0046B29A 83C4 0C ADD ESP,0xC + * 0046B29D 85C0 TEST EAX,EAX + * 0046B29F 74 2C JE SHORT .0046B2CD + * 0046B2A1 83C6 01 ADD ESI,0x1 + * 0046B2A4 83C5 01 ADD EBP,0x1 + * 0046B2A7 ^E9 27FEFFFF JMP .0046B0D3 + * 0046B2AC 8D5424 24 LEA EDX,DWORD PTR SS:[ESP+0x24] + * 0046B2B0 52 PUSH EDX + * 0046B2B1 83C6 02 ADD ESI,0x2 + * 0046B2B4 56 PUSH ESI + * 0046B2B5 57 PUSH EDI + * 0046B2B6 E8 F5F4FFFF CALL .0046A7B0 + * 0046B2BB 8BF0 MOV ESI,EAX + * 0046B2BD 83C4 0C ADD ESP,0xC + * 0046B2C0 85F6 TEST ESI,ESI + * 0046B2C2 74 09 JE SHORT .0046B2CD + * 0046B2C4 036C24 24 ADD EBP,DWORD PTR SS:[ESP+0x24] + * 0046B2C8 ^E9 06FEFFFF JMP .0046B0D3 + * 0046B2CD 5B POP EBX + * 0046B2CE 5D POP EBP + * 0046B2CF 5F POP EDI + * 0046B2D0 33C0 XOR EAX,EAX + * 0046B2D2 5E POP ESI + * 0046B2D3 83C4 10 ADD ESP,0x10 + * 0046B2D6 C3 RETN + * 0046B2D7 5F POP EDI + * 0046B2D8 33C0 XOR EAX,EAX + * 0046B2DA 5E POP ESI + * 0046B2DB 83C4 10 ADD ESP,0x10 + * 0046B2DE C3 RETN + * 0046B2DF CC INT3 + * + * Sample game: 母子愛2 (2RM) + * 0047120D CC INT3 + * 0047120E CC INT3 + * 0047120F CC INT3 + * 00471210 83EC 10 SUB ESP,0x10 + * 00471213 56 PUSH ESI + * 00471214 57 PUSH EDI + * 00471215 8B7C24 1C MOV EDI,DWORD PTR SS:[ESP+0x1C] + * 00471219 85FF TEST EDI,EDI + * 0047121B 0F84 98030000 JE oyakoai2.004715B9 + * 00471221 8B7424 20 MOV ESI,DWORD PTR SS:[ESP+0x20] + * 00471225 85F6 TEST ESI,ESI + * 00471227 0F84 8C030000 JE oyakoai2.004715B9 + * 0047122D 55 PUSH EBP + * 0047122E 33ED XOR EBP,EBP + * 00471230 392D 48E16C00 CMP DWORD PTR DS:[0x6CE148],EBP + * 00471236 75 09 JNZ SHORT oyakoai2.00471241 + * 00471238 5D POP EBP + * 00471239 5F POP EDI + * 0047123A 33C0 XOR EAX,EAX + * 0047123C 5E POP ESI + * 0047123D 83C4 10 ADD ESP,0x10 + * 00471240 C3 RETN + * 00471241 8B47 60 MOV EAX,DWORD PTR DS:[EDI+0x60] + * 00471244 8B4F 64 MOV ECX,DWORD PTR DS:[EDI+0x64] + * 00471247 8B57 68 MOV EDX,DWORD PTR DS:[EDI+0x68] + * 0047124A 894424 0C MOV DWORD PTR SS:[ESP+0xC],EAX + * 0047124E 8B47 6C MOV EAX,DWORD PTR DS:[EDI+0x6C] + * 00471251 894424 18 MOV DWORD PTR SS:[ESP+0x18],EAX + * 00471255 8B47 4C MOV EAX,DWORD PTR DS:[EDI+0x4C] + * 00471258 25 00F00000 AND EAX,0xF000 + * 0047125D 3D 00100000 CMP EAX,0x1000 + * 00471262 894C24 10 MOV DWORD PTR SS:[ESP+0x10],ECX + * 00471266 895424 14 MOV DWORD PTR SS:[ESP+0x14],EDX + * 0047126A 74 26 JE SHORT oyakoai2.00471292 + * 0047126C 3D 00200000 CMP EAX,0x2000 + * 00471271 74 13 JE SHORT oyakoai2.00471286 + * 00471273 3D 00300000 CMP EAX,0x3000 + * 00471278 75 30 JNZ SHORT oyakoai2.004712AA + * 0047127A 8D4C24 0C LEA ECX,DWORD PTR SS:[ESP+0xC] + * 0047127E 51 PUSH ECX + * 0047127F 68 81770000 PUSH 0x7781 + * 00471284 EB 16 JMP SHORT oyakoai2.0047129C + * 00471286 8D5424 0C LEA EDX,DWORD PTR SS:[ESP+0xC] + * 0047128A 52 PUSH EDX + * 0047128B 68 81750000 PUSH 0x7581 + * 00471290 EB 0A JMP SHORT oyakoai2.0047129C + * 00471292 8D4424 0C LEA EAX,DWORD PTR SS:[ESP+0xC] + * 00471296 50 PUSH EAX + * 00471297 68 81790000 PUSH 0x7981 + * 0047129C 57 PUSH EDI + * 0047129D E8 3EF0FFFF CALL oyakoai2.004702E0 + * 004712A2 83C4 0C ADD ESP,0xC + * 004712A5 BD 02000000 MOV EBP,0x2 + * 004712AA 53 PUSH EBX + * 004712AB 8A1E MOV BL,BYTE PTR DS:[ESI] + * 004712AD 84DB TEST BL,BL + * 004712AF 0F84 93000000 JE oyakoai2.00471348 + * 004712B5 0FB716 MOVZX EDX,WORD PTR DS:[ESI] + * 004712B8 0FB7C2 MOVZX EAX,DX + * 004712BB 3D 5C630000 CMP EAX,0x635C + * 004712C0 0F8F A7010000 JG oyakoai2.0047146D + * 004712C6 0F84 39010000 JE oyakoai2.00471405 + * 004712CC 3D 5C4E0000 CMP EAX,0x4E5C + * 004712D1 0F8F ED000000 JG oyakoai2.004713C4 + * 004712D7 0F84 B2010000 JE oyakoai2.0047148F + * 004712DD 3D 5C430000 CMP EAX,0x435C + * 004712E2 0F84 1D010000 JE oyakoai2.00471405 + * 004712E8 3D 5C460000 CMP EAX,0x465C + * 004712ED 0F84 8D000000 JE oyakoai2.00471380 + * 004712F3 3D 5C470000 CMP EAX,0x475C + * 004712F8 0F85 E2010000 JNZ oyakoai2.004714E0 + * 004712FE 8A46 02 MOV AL,BYTE PTR DS:[ESI+0x2] + * 00471301 83C6 02 ADD ESI,0x2 + * 00471304 33C9 XOR ECX,ECX + * 00471306 3C 39 CMP AL,0x39 + * 00471308 77 1D JA SHORT oyakoai2.00471327 + * 0047130A 8D9B 00000000 LEA EBX,DWORD PTR DS:[EBX] + * 00471310 3C 30 CMP AL,0x30 + * 00471312 72 13 JB SHORT oyakoai2.00471327 + * 00471314 83C6 01 ADD ESI,0x1 + * 00471317 0FB6D0 MOVZX EDX,AL + * 0047131A 8A06 MOV AL,BYTE PTR DS:[ESI] + * 0047131C 3C 39 CMP AL,0x39 + * 0047131E 8D0C89 LEA ECX,DWORD PTR DS:[ECX+ECX*4] + * 00471321 8D4C4A D0 LEA ECX,DWORD PTR DS:[EDX+ECX*2-0x30] + * 00471325 ^76 E9 JBE SHORT oyakoai2.00471310 + * 00471327 8D4424 10 LEA EAX,DWORD PTR SS:[ESP+0x10] + * 0047132B 50 PUSH EAX + * 0047132C 81C1 00FFFFFF ADD ECX,-0x100 + * 00471332 51 PUSH ECX + * 00471333 57 PUSH EDI + * 00471334 E8 A7EFFFFF CALL oyakoai2.004702E0 + * 00471339 83C4 0C ADD ESP,0xC + * 0047133C 03E8 ADD EBP,EAX + * 0047133E 8A1E MOV BL,BYTE PTR DS:[ESI] + * 00471340 84DB TEST BL,BL + * 00471342 ^0F85 6DFFFFFF JNZ oyakoai2.004712B5 + * 00471348 8B47 4C MOV EAX,DWORD PTR DS:[EDI+0x4C] + * 0047134B 25 00F00000 AND EAX,0xF000 + * 00471350 3D 00100000 CMP EAX,0x1000 + * 00471355 0F84 05020000 JE oyakoai2.00471560 + * 0047135B 3D 00200000 CMP EAX,0x2000 + * 00471360 0F84 EE010000 JE oyakoai2.00471554 + * 00471366 3D 00300000 CMP EAX,0x3000 + * 0047136B 0F85 05020000 JNZ oyakoai2.00471576 + * 00471371 8D4C24 10 LEA ECX,DWORD PTR SS:[ESP+0x10] + * 00471375 51 PUSH ECX + * 00471376 68 81780000 PUSH 0x7881 + * 0047137B E9 EA010000 JMP oyakoai2.0047156A + * 00471380 8A46 02 MOV AL,BYTE PTR DS:[ESI+0x2] + * 00471383 83C6 02 ADD ESI,0x2 + * 00471386 33C9 XOR ECX,ECX + * 00471388 3C 39 CMP AL,0x39 + * 0047138A 77 1B JA SHORT oyakoai2.004713A7 + * 0047138C 8D6424 00 LEA ESP,DWORD PTR SS:[ESP] + * 00471390 3C 30 CMP AL,0x30 + * 00471392 72 13 JB SHORT oyakoai2.004713A7 + * 00471394 83C6 01 ADD ESI,0x1 + * 00471397 0FB6D0 MOVZX EDX,AL + * 0047139A 8A06 MOV AL,BYTE PTR DS:[ESI] + * 0047139C 3C 39 CMP AL,0x39 + * 0047139E 8D0C89 LEA ECX,DWORD PTR DS:[ECX+ECX*4] + * 004713A1 8D4C4A D0 LEA ECX,DWORD PTR DS:[EDX+ECX*2-0x30] + * 004713A5 ^76 E9 JBE SHORT oyakoai2.00471390 + * 004713A7 6A 01 PUSH 0x1 + * 004713A9 8B0C8D E8776C00 MOV ECX,DWORD PTR DS:[ECX*4+0x6C77E8] + * 004713B0 8D4424 14 LEA EAX,DWORD PTR SS:[ESP+0x14] + * 004713B4 50 PUSH EAX + * 004713B5 51 PUSH ECX + * 004713B6 57 PUSH EDI + * 004713B7 E8 34FBFFFF CALL oyakoai2.00470EF0 + * 004713BC 83C4 10 ADD ESP,0x10 + * 004713BF ^E9 78FFFFFF JMP oyakoai2.0047133C + * 004713C4 3D 5C520000 CMP EAX,0x525C + * 004713C9 0F84 C0000000 JE oyakoai2.0047148F + * 004713CF 3D 5C530000 CMP EAX,0x535C + * 004713D4 ^0F84 24FFFFFF JE oyakoai2.004712FE + * 004713DA 3D 5C5C0000 CMP EAX,0x5C5C + * 004713DF 0F85 FB000000 JNZ oyakoai2.004714E0 + * 004713E5 8D5424 10 LEA EDX,DWORD PTR SS:[ESP+0x10] + * 004713E9 52 PUSH EDX + * 004713EA 6A 5C PUSH 0x5C + * 004713EC 57 PUSH EDI + * 004713ED E8 2EF2FFFF CALL oyakoai2.00470620 + * 004713F2 83C4 0C ADD ESP,0xC + * 004713F5 85C0 TEST EAX,EAX + * 004713F7 0F84 4D010000 JE oyakoai2.0047154A + * 004713FD 83C6 01 ADD ESI,0x1 + * 00471400 ^E9 39FFFFFF JMP oyakoai2.0047133E + * 00471405 33C9 XOR ECX,ECX + * 00471407 83C6 02 ADD ESI,0x2 + * 0047140A 8D9B 00000000 LEA EBX,DWORD PTR DS:[EBX] + * 00471410 8A06 MOV AL,BYTE PTR DS:[ESI] + * 00471412 3C 39 CMP AL,0x39 + * 00471414 77 14 JA SHORT oyakoai2.0047142A + * 00471416 3C 30 CMP AL,0x30 + * 00471418 72 10 JB SHORT oyakoai2.0047142A + * 0047141A 83C1 FD ADD ECX,-0x3 + * 0047141D 0FB6C0 MOVZX EAX,AL + * 00471420 C1E1 04 SHL ECX,0x4 + * 00471423 03C8 ADD ECX,EAX + * 00471425 83C6 01 ADD ESI,0x1 + * 00471428 ^EB E6 JMP SHORT oyakoai2.00471410 + * 0047142A 3C 46 CMP AL,0x46 + * 0047142C 77 13 JA SHORT oyakoai2.00471441 + * 0047142E 3C 41 CMP AL,0x41 + * 00471430 72 0F JB SHORT oyakoai2.00471441 + * 00471432 0FB6D0 MOVZX EDX,AL + * 00471435 C1E1 04 SHL ECX,0x4 + * 00471438 8D4C11 C9 LEA ECX,DWORD PTR DS:[ECX+EDX-0x37] + * 0047143C 83C6 01 ADD ESI,0x1 + * 0047143F ^EB CF JMP SHORT oyakoai2.00471410 + * 00471441 3C 66 CMP AL,0x66 + * 00471443 77 13 JA SHORT oyakoai2.00471458 + * 00471445 3C 61 CMP AL,0x61 + * 00471447 72 0F JB SHORT oyakoai2.00471458 + * 00471449 0FB6C0 MOVZX EAX,AL + * 0047144C C1E1 04 SHL ECX,0x4 + * 0047144F 8D4C01 A9 LEA ECX,DWORD PTR DS:[ECX+EAX-0x57] + * 00471453 83C6 01 ADD ESI,0x1 + * 00471456 ^EB B8 JMP SHORT oyakoai2.00471410 + * 00471458 894C24 1C MOV DWORD PTR SS:[ESP+0x1C],ECX + * 0047145C 894C24 18 MOV DWORD PTR SS:[ESP+0x18],ECX + * 00471460 894C24 14 MOV DWORD PTR SS:[ESP+0x14],ECX + * 00471464 894C24 10 MOV DWORD PTR SS:[ESP+0x10],ECX + * 00471468 ^E9 D1FEFFFF JMP oyakoai2.0047133E + * 0047146D 3D 5C720000 CMP EAX,0x725C + * 00471472 7F 5A JG SHORT oyakoai2.004714CE + * 00471474 74 19 JE SHORT oyakoai2.0047148F + * 00471476 3D 5C660000 CMP EAX,0x665C + * 0047147B 74 23 JE SHORT oyakoai2.004714A0 + * 0047147D 3D 5C670000 CMP EAX,0x675C + * 00471482 ^0F84 76FEFFFF JE oyakoai2.004712FE + * 00471488 3D 5C6E0000 CMP EAX,0x6E5C + * 0047148D 75 51 JNZ SHORT oyakoai2.004714E0 + * 0047148F 57 PUSH EDI + * 00471490 E8 BBD2FFFF CALL oyakoai2.0046E750 + * 00471495 83C4 04 ADD ESP,0x4 + * 00471498 83C6 02 ADD ESI,0x2 + * 0047149B ^E9 9EFEFFFF JMP oyakoai2.0047133E + * 004714A0 8A46 02 MOV AL,BYTE PTR DS:[ESI+0x2] + * 004714A3 83C6 02 ADD ESI,0x2 + * 004714A6 33C9 XOR ECX,ECX + * 004714A8 3C 39 CMP AL,0x39 + * 004714AA 77 1B JA SHORT oyakoai2.004714C7 + * 004714AC 8D6424 00 LEA ESP,DWORD PTR SS:[ESP] + * 004714B0 3C 30 CMP AL,0x30 + * 004714B2 72 13 JB SHORT oyakoai2.004714C7 + * 004714B4 83C6 01 ADD ESI,0x1 + * 004714B7 0FB6D0 MOVZX EDX,AL + * 004714BA 8A06 MOV AL,BYTE PTR DS:[ESI] + * 004714BC 3C 39 CMP AL,0x39 + * 004714BE 8D0C89 LEA ECX,DWORD PTR DS:[ECX+ECX*4] + * 004714C1 8D4C4A D0 LEA ECX,DWORD PTR DS:[EDX+ECX*2-0x30] + * 004714C5 ^76 E9 JBE SHORT oyakoai2.004714B0 + * 004714C7 6A 00 PUSH 0x0 + * 004714C9 ^E9 DBFEFFFF JMP oyakoai2.004713A9 + * 004714CE 3D 5C730000 CMP EAX,0x735C + * 004714D3 ^0F84 25FEFFFF JE oyakoai2.004712FE + * 004714D9 3D 5C7B0000 CMP EAX,0x7B5C + * 004714DE 74 49 JE SHORT oyakoai2.00471529 + * 004714E0 52 PUSH EDX + * 004714E1 E8 5ACDFFFF CALL oyakoai2.0046E240 + * 004714E6 83C4 04 ADD ESP,0x4 + * 004714E9 85C0 TEST EAX,EAX + * 004714EB 74 1E JE SHORT oyakoai2.0047150B + * 004714ED 8D4424 10 LEA EAX,DWORD PTR SS:[ESP+0x10] + * 004714F1 50 PUSH EAX + * 004714F2 52 PUSH EDX + * 004714F3 57 PUSH EDI + * 004714F4 E8 E7EDFFFF CALL oyakoai2.004702E0 + * 004714F9 83C4 0C ADD ESP,0xC + * 004714FC 85C0 TEST EAX,EAX + * 004714FE 74 4A JE SHORT oyakoai2.0047154A + * 00471500 83C6 02 ADD ESI,0x2 + * 00471503 83C5 01 ADD EBP,0x1 + * 00471506 ^E9 33FEFFFF JMP oyakoai2.0047133E + * 0047150B 8D4C24 10 LEA ECX,DWORD PTR SS:[ESP+0x10] + * 0047150F 51 PUSH ECX + * 00471510 53 PUSH EBX + * 00471511 57 PUSH EDI + * 00471512 E8 09F1FFFF CALL oyakoai2.00470620 + * 00471517 83C4 0C ADD ESP,0xC + * 0047151A 85C0 TEST EAX,EAX + * 0047151C 74 2C JE SHORT oyakoai2.0047154A + * 0047151E 83C6 01 ADD ESI,0x1 + * 00471521 83C5 01 ADD EBP,0x1 + * 00471524 ^E9 15FEFFFF JMP oyakoai2.0047133E + * 00471529 8D5424 24 LEA EDX,DWORD PTR SS:[ESP+0x24] + * 0047152D 52 PUSH EDX + * 0047152E 83C6 02 ADD ESI,0x2 + * 00471531 56 PUSH ESI + * 00471532 57 PUSH EDI + * 00471533 E8 38F4FFFF CALL oyakoai2.00470970 + * 00471538 8BF0 MOV ESI,EAX + * 0047153A 83C4 0C ADD ESP,0xC + * 0047153D 85F6 TEST ESI,ESI + * 0047153F 74 09 JE SHORT oyakoai2.0047154A + * 00471541 036C24 24 ADD EBP,DWORD PTR SS:[ESP+0x24] + * 00471545 ^E9 F4FDFFFF JMP oyakoai2.0047133E + * 0047154A 5B POP EBX + * 0047154B 5D POP EBP + * 0047154C 5F POP EDI + * 0047154D 33C0 XOR EAX,EAX + * 0047154F 5E POP ESI + * 00471550 83C4 10 ADD ESP,0x10 + * 00471553 C3 RETN + * 00471554 8D5424 10 LEA EDX,DWORD PTR SS:[ESP+0x10] + * 00471558 52 PUSH EDX + * 00471559 68 81760000 PUSH 0x7681 + * 0047155E EB 0A JMP SHORT oyakoai2.0047156A + * 00471560 8D4424 10 LEA EAX,DWORD PTR SS:[ESP+0x10] + * 00471564 50 PUSH EAX + * 00471565 68 817A0000 PUSH 0x7A81 + * 0047156A 57 PUSH EDI + * 0047156B E8 70EDFFFF CALL oyakoai2.004702E0 + * 00471570 83C4 0C ADD ESP,0xC + * 00471573 83C5 02 ADD EBP,0x2 + * 00471576 F647 4C 01 TEST BYTE PTR DS:[EDI+0x4C],0x1 + * 0047157A 74 09 JE SHORT oyakoai2.00471585 + * 0047157C 57 PUSH EDI + * 0047157D E8 4ED3FFFF CALL oyakoai2.0046E8D0 + * 00471582 83C4 04 ADD ESP,0x4 + * 00471585 F747 4C 00010000 TEST DWORD PTR DS:[EDI+0x4C],0x100 + * 0047158C 74 09 JE SHORT oyakoai2.00471597 + * 0047158E 57 PUSH EDI + * 0047158F E8 4CD6FFFF CALL oyakoai2.0046EBE0 + * 00471594 83C4 04 ADD ESP,0x4 + * 00471597 F647 4C 08 TEST BYTE PTR DS:[EDI+0x4C],0x8 + * 0047159B 74 12 JE SHORT oyakoai2.004715AF + * 0047159D 833D 306D6C00 00 CMP DWORD PTR DS:[0x6C6D30],0x0 + * 004715A4 74 09 JE SHORT oyakoai2.004715AF + * 004715A6 57 PUSH EDI + * 004715A7 E8 C4DCFFFF CALL oyakoai2.0046F270 + * 004715AC 83C4 04 ADD ESP,0x4 + * 004715AF 5B POP EBX + * 004715B0 8BC5 MOV EAX,EBP + * 004715B2 5D POP EBP + * 004715B3 5F POP EDI + * 004715B4 5E POP ESI + * 004715B5 83C4 10 ADD ESP,0x10 + * 004715B8 C3 RETN + * 004715B9 5F POP EDI + * 004715BA 33C0 XOR EAX,EAX + * 004715BC 5E POP ESI + * 004715BD 83C4 10 ADD ESP,0x10 + * 004715C0 C3 RETN + * 004715C1 CC INT3 + * 004715C2 CC INT3 + * 004715C3 CC INT3 + * 004715C4 CC INT3 + * 004715C5 CC INT3 + * 004715C6 CC INT3 + * 004715C7 CC INT3 + * 004715C8 CC INT3 + * 004715C9 CC INT3 + * 004715CA CC INT3 + * 004715CB CC INT3 + * 004715CC CC INT3 + * 004715CD CC INT3 + * 004715CE CC INT3 + * 004715CF CC INT3 + */ +bool attach(ULONG startAddress, ULONG stopAddress) +{ + const uint8_t bytes[] = { + 0x75, 0x09, // 00471236 75 09 jnz short oyakoai2.00471241 + 0x5d, // 00471238 5d pop ebp + 0x5f, // 00471239 5f pop edi + 0x33,0xc0, // 0047123a 33c0 xor eax,eax + 0x5e, // 0047123c 5e pop esi + 0x83,0xc4, 0x10, // 0047123d 83c4 10 add esp,0x10 + 0xc3 // 00471240 c3 retn + }; + const BYTE pattern[] = { + //プリズム☆ま~じカル ~Prism Generations!~ + //プリズム☆ま~じカル!AFTERSTORYS迷える子羊といけにえの山 + //[141128][bootUP!] はにつま + 0x0f,XX2, + 0x3d,0x5c,0x63,0x00,0x00 + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + + auto _do=[](ULONG addr){ + addr = MemDbg::findEnclosingAlignedFunction(addr,0x100); + if (!addr) + return false; + HookParam hp; + hp.address=addr; + hp.type=USING_STRING|EMBED_ABLE|EMBED_AFTER_NEW|EMBED_DYNA_SJIS|EMBED_BEFORE_SIMPLE; + hp.offset=get_stack(2); + hp.filter_fun=pensilfilter; + hp.hook_font=F_GetGlyphOutlineA; + return NewHook(hp,"EmbedPensil"); + }; + if(addr && _do(addr))return true; + bool ok=false; + for (auto addr : Util::SearchMemory(pattern, sizeof(pattern), PAGE_EXECUTE, processStartAddress, processStopAddress)){ + ok=_do(addr)||ok; + } + return ok; +} + +} // namespace ScenarioHook +namespace OtherHook { +bool attach(ULONG startAddress, ULONG stopAddress) +{ + const uint8_t bytes[] = { + 0x83,0x7e, 0x14, 0x00, // 004250f6 837e 14 00 cmp dword ptr ds:[esi+0x14],0x0 + 0x75, 0x09, // 004250fa 75 09 jnz short oyakoai2.00425105 + 0x33,0xc0, // 004250fc 33c0 xor eax,eax + 0x5e, // 004250fe 5e pop esi + 0x83,0xc4, 0x28, // 004250ff 83c4 28 add esp,0x28 + 0xc2, 0x08,0x00 // 00425102 c2 0800 retn 0x8 + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if (!addr) + return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) + return false; + HookParam hp; + hp.address=addr; + hp.type=USING_STRING|EMBED_ABLE|EMBED_AFTER_NEW|EMBED_BEFORE_SIMPLE| EMBED_DYNA_SJIS; + hp.offset=get_stack(1); + hp.filter_fun=pensilfilter; + hp.hook_font=F_GetGlyphOutlineA; + return NewHook(hp,"EmbedPensilChoice"); + +} + +} // namespace OtherHook +} +#if 0 // jich 3/8/2015: disabled +bool IsPensilSetup() +{ + HANDLE hFile = IthCreateFile(L"PSetup.exe", FILE_READ_DATA, FILE_SHARE_READ, FILE_OPEN); + FILE_STANDARD_INFORMATION info; + IO_STATUS_BLOCK ios; + LPVOID buffer = nullptr; + NtQueryInformationFile(hFile, &ios, &info, sizeof(info), FileStandardInformation); + NtAllocateVirtualMemory(GetCurrentProcess(), &buffer, 0, + &info.AllocationSize.LowPart, MEM_RESERVE|MEM_COMMIT, PAGE_READWRITE); + NtReadFile(hFile, 0,0,0, &ios, buffer, info.EndOfFile.LowPart, 0, 0); + CloseHandle(hFile); + BYTE *b = (BYTE *)buffer; + DWORD len = info.EndOfFile.LowPart & ~1; + if (len == info.AllocationSize.LowPart) + len -= 2; + b[len] = 0; + b[len + 1] = 0; + bool ret = wcsstr((LPWSTR)buffer, L"PENSIL") || wcsstr((LPWSTR)buffer, L"Pensil"); + NtFreeVirtualMemory(GetCurrentProcess(), &buffer, &info.AllocationSize.LowPart, MEM_RELEASE); + return ret; +} +#endif // if 0 + + +/** jichi 8/2/2014 2RM + * Sample games: + * - [エロイッ�] 父娘� �いけなね�作り2- /HBN-20*0@54925:oyakoai.exe + * - [エロイッ�] ぁ�なね�作り �親友�お母さんに種付けしまくる1週間�-- /HS-1C@46FC9D (not used) + * + * Observations from Debug of 父娘�: + * - The executable shows product name as 2RM - Adventure Engine + * - 2 calls to GetGlyphOutlineA with incompleted game + * - Memory location of the text is fixed + * - The LAST place accessing the text is hooked + * - The actual text has pattern like this {surface,ruby} and hence not hooked + * + * /HBN-20*0@54925:oyakoai.exe + * - addr: 346405 = 0x54925 + * - length_offset: 1 + * - module: 3918223605 + * - off: 4294967260 = 0xffffffdc = -0x24 -- 0x24 comes from mov ebp,dword ptr ss:[esp+0x24] + * - type: 1096 = 0x448 + * + * This is a very long function + * 父娘�: + * - 004548e1 |. 84db test bl,bl + * - 004548e3 |. 8b7424 20 mov esi,dword ptr ss:[esp+0x20] + * - 004548e7 |. 74 08 je short oyakoai.004548f1 + * - 004548e9 |. c74424 24 0000>mov dword ptr ss:[esp+0x24],0x0 + * - 004548f1 |> 8b6c24 3c mov ebp,dword ptr ss:[esp+0x3c] + * - 004548f5 |. 837d 5c 00 cmp dword ptr ss:[ebp+0x5c],0x0 + * - 004548f9 |. c74424 18 0000>mov dword ptr ss:[esp+0x18],0x0 + * - 00454901 |. 0f8e da000000 jle oyakoai.004549e1 + * - 00454907 |. 8b6c24 24 mov ebp,dword ptr ss:[esp+0x24] + * - 0045490b |. eb 0f jmp short oyakoai.0045491c + * - 0045490d | 8d49 00 lea ecx,dword ptr ds:[ecx] + * - 00454910 |> 8b15 50bd6c00 mov edx,dword ptr ds:[0x6cbd50] + * - 00454916 |. 8b0d 94bd6c00 mov ecx,dword ptr ds:[0x6cbd94] + * - 0045491c |> 803f 00 cmp byte ptr ds:[edi],0x0 + * - 0045491f |. 0f84 db000000 je oyakoai.00454a00 + * - 00454925 |. 0fb717 movzx edx,word ptr ds:[edi] ; jichi: hook here + * - 00454928 |. 8b4c24 10 mov ecx,dword ptr ss:[esp+0x10] + * - 0045492c |. 52 push edx + * - 0045492d |. 894c24 2c mov dword ptr ss:[esp+0x2c],ecx + * - 00454931 |. e8 9a980100 call oyakoai.0046e1d0 + * - 00454936 |. 83c4 04 add esp,0x4 + * - 00454939 |. 85c0 test eax,eax + * - 0045493b |. 74 50 je short oyakoai.0045498d + * - 0045493d |. 0335 50bd6c00 add esi,dword ptr ds:[0x6cbd50] + * - 00454943 |. 84db test bl,bl + * - 00454945 |. 74 03 je short oyakoai.0045494a + * - 00454947 |. 83c5 02 add ebp,0x2 + * - 0045494a |> 3b7424 1c cmp esi,dword ptr ss:[esp+0x1c] + * - 0045494e |. a1 54bd6c00 mov eax,dword ptr ds:[0x6cbd54] + * - 00454953 |. 7f 12 jg short oyakoai.00454967 + * - 00454955 |. 84db test bl,bl + * - 00454957 |. 0f84 ea000000 je oyakoai.00454a47 + * - 0045495d |. 3b6c24 40 cmp ebp,dword ptr ss:[esp+0x40] + * - 00454961 |. 0f85 e0000000 jnz oyakoai.00454a47 + * - 00454967 |> 014424 10 add dword ptr ss:[esp+0x10],eax + * - 0045496b |. 84db test bl,bl + * - 0045496d |. 8b7424 20 mov esi,dword ptr ss:[esp+0x20] + * - 00454971 |. 0f84 d0000000 je oyakoai.00454a47 + * - 00454977 |. 3b6c24 40 cmp ebp,dword ptr ss:[esp+0x40] + * - 0045497b |. 0f85 c6000000 jnz oyakoai.00454a47 + * - 00454981 |. 33ed xor ebp,ebp + * - 00454983 |. 83c7 02 add edi,0x2 + * - 00454986 |. 834424 18 01 add dword ptr ss:[esp+0x18],0x1 + * - 0045498b |. eb 3c jmp short oyakoai.004549c9 + * - 0045498d |> a1 50bd6c00 mov eax,dword ptr ds:[0x6cbd50] + * - 00454992 |. d1e8 shr eax,1 + * - 00454994 |. 03f0 add esi,eax + * - 00454996 |. 84db test bl,bl + * - 00454998 |. 74 03 je short oyakoai.0045499d + * - 0045499a |. 83c5 01 add ebp,0x1 + * - 0045499d |> 3b7424 1c cmp esi,dword ptr ss:[esp+0x1c] + * - 004549a1 |. a1 54bd6c00 mov eax,dword ptr ds:[0x6cbd54] + * - 004549a6 |. 7f 0a jg short oyakoai.004549b2 + * - 004549a8 |. 84db test bl,bl + * + * ぁ�なね�作り: + * 00454237 c74424 24 020000>mov dword ptr ss:[esp+0x24],0x2 + * 0045423f 3bf5 cmp esi,ebp + * 00454241 7f 0e jg short .00454251 + * 00454243 84db test bl,bl + * 00454245 74 1e je short .00454265 + * 00454247 8b6c24 24 mov ebp,dword ptr ss:[esp+0x24] + * 0045424b 3b6c24 40 cmp ebp,dword ptr ss:[esp+0x40] + * 0045424f 75 14 jnz short .00454265 + * 00454251 014424 10 add dword ptr ss:[esp+0x10],eax + * 00454255 84db test bl,bl + * 00454257 8b7424 20 mov esi,dword ptr ss:[esp+0x20] + * 0045425b 74 08 je short .00454265 + * 0045425d c74424 24 000000>mov dword ptr ss:[esp+0x24],0x0 + * 00454265 8b6c24 3c mov ebp,dword ptr ss:[esp+0x3c] + * 00454269 837d 5c 00 cmp dword ptr ss:[ebp+0x5c],0x0 + * 0045426d c74424 18 000000>mov dword ptr ss:[esp+0x18],0x0 + * 00454275 0f8e d7000000 jle .00454352 + * 0045427b 8b6c24 24 mov ebp,dword ptr ss:[esp+0x24] + * 0045427f eb 0c jmp short .0045428d + * 00454281 8b15 18ad6c00 mov edx,dword ptr ds:[0x6cad18] + * 00454287 8b0d 5cad6c00 mov ecx,dword ptr ds:[0x6cad5c] + * 0045428d 803f 00 cmp byte ptr ds:[edi],0x0 + * 00454290 0f84 db000000 je .00454371 + * 00454296 0fb717 movzx edx,word ptr ds:[edi] ; jichi: hook here + * 00454299 8b4c24 10 mov ecx,dword ptr ss:[esp+0x10] + * 0045429d 52 push edx + * 0045429e 894c24 2c mov dword ptr ss:[esp+0x2c],ecx + * 004542a2 e8 498a0100 call .0046ccf0 + * 004542a7 83c4 04 add esp,0x4 + * 004542aa 85c0 test eax,eax + * 004542ac 74 50 je short .004542fe + * 004542ae 0335 18ad6c00 add esi,dword ptr ds:[0x6cad18] + * 004542b4 84db test bl,bl + * 004542b6 74 03 je short .004542bb + * 004542b8 83c5 02 add ebp,0x2 + * 004542bb 3b7424 1c cmp esi,dword ptr ss:[esp+0x1c] + * 004542bf a1 1cad6c00 mov eax,dword ptr ds:[0x6cad1c] + * 004542c4 7f 12 jg short .004542d8 + * 004542c6 84db test bl,bl + * 004542c8 0f84 ea000000 je .004543b8 + * 004542ce 3b6c24 40 cmp ebp,dword ptr ss:[esp+0x40] + * 004542d2 0f85 e0000000 jnz .004543b8 + * 004542d8 014424 10 add dword ptr ss:[esp+0x10],eax + * 004542dc 84db test bl,bl + * 004542de 8b7424 20 mov esi,dword ptr ss:[esp+0x20] + * 004542e2 0f84 d0000000 je .004543b8 + * 004542e8 3b6c24 40 cmp ebp,dword ptr ss:[esp+0x40] + * 004542ec 0f85 c6000000 jnz .004543b8 + * 004542f2 33ed xor ebp,ebp + * 004542f4 83c7 02 add edi,0x2 + * 004542f7 834424 18 01 add dword ptr ss:[esp+0x18],0x1 + * 004542fc eb 3c jmp short .0045433a + * 004542fe a1 18ad6c00 mov eax,dword ptr ds:[0x6cad18] + * 00454303 d1e8 shr eax,1 + * 00454305 03f0 add esi,eax + * 00454307 84db test bl,bl + * 00454309 74 03 je short .0045430e + * 0045430b 83c5 01 add ebp,0x1 + */ +bool Insert2RMHook() +{ + const BYTE bytes[] = { + 0x80,0x3f, 0x00, // 0045428d 803f 00 cmp byte ptr ds:[edi],0x0 + 0x0f,0x84, 0xdb,0x00,0x00,0x00, // 00454290 0f84 db000000 je .00454371 + 0x0f,0xb7,0x17, // 00454296 0fb717 movzx edx,word ptr ds:[edi] ; jichi: hook here + 0x8b,0x4c,0x24, 0x10, // 00454299 8b4c24 10 mov ecx,dword ptr ss:[esp+0x10] + 0x52, // 0045429d 52 push edx + 0x89,0x4c,0x24, 0x2c, // 0045429e 894c24 2c mov dword ptr ss:[esp+0x2c],ecx + 0xe8 //, 498a0100 // 004542a2 e8 498a0100 call .0046ccf0 + }; + enum { addr_offset = 0x00454296 - 0x0045428d }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + //GROWL_DWORD(addr); // supposed to be 0x4010e0 + if (!addr) { + ConsoleOutput("2RM: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr + addr_offset; + hp.offset=get_reg(regs::edi); + hp.type = NO_CONTEXT|DATA_INDIRECT; + ConsoleOutput("INSERT 2RM"); + return NewHook(hp, "2RM"); +} +namespace{ +bool abalone(){ + //鬼孕の学園~スク水少女異種姦凌辱劇~ + BYTE bs[]={ + 0xD8,0x0D,XX4, + 0xd9,0x50,XX, + 0xd9,0x58,XX, + 0xdb,0x44,0x24,XX, + 0xD8,0x0D,XX4, + 0xd9,0x50,XX, + 0xd9,0x58,XX, + 0xdb,0x44,0x24,XX, + 0xD8,0x0D,XX4, + 0xd9,0x50,XX, + 0xd9,0x58,XX, + }; + auto addr=MemDbg::findBytes(bs,sizeof(bs),processStartAddress,processStopAddress); + if(addr==0)return 0; + addr=MemDbg::findEnclosingAlignedFunction(addr); + if(addr==0)return 0; + HookParam hp; + hp.address = addr ; + hp.offset=get_stack(3); + hp.split=get_stack(4); + hp.type = USING_SPLIT; + return NewHook(hp, "abalone"); + +} +} +bool Pensil::attach_function() { + bool _1=ScenarioHook::attach(processStartAddress,processStopAddress); + if(_1)OtherHook::attach(processStartAddress,processStopAddress); + bool _2rm=Insert2RMHook(); + auto _abalone=abalone(); + return InsertPensilHook()|| _1||_2rm||_abalone; +} \ No newline at end of file diff --git a/LunaHook/engine32/Pensil.h b/LunaHook/engine32/Pensil.h new file mode 100644 index 0000000..a108dec --- /dev/null +++ b/LunaHook/engine32/Pensil.h @@ -0,0 +1,24 @@ +#include"engine.h" + +class Pensil:public ENGINE{ + public: + Pensil(){ + is_engine_certain=false; + check_by=CHECK_BY::CUSTOM; + check_by_target=[](){ + // jichi 2/28/2015: Delay checking Pensil in case something went wrong + // File pattern observed in [Primula] 大正×対称アリス episode I + // - PSetup.exe no longer exists + // - MovieTexture.dll information shows MovieTex dynamic library, copyright Pensil 2013 + // - ta_trial.exe information shows 2XT - Primula Adventure Engine + return (Util::CheckFile(L"PSetup.exe") || + Util::CheckFile(L"PENCIL.*") || + Util::SearchResourceString(L"2XT -"))|| + Util::CheckFile(L"MovieTexture.dll")|| + ((Util::SearchResourceString(L"2RM") &&Util::SearchResourceString(L"Adventure Engine") ))|| + (Util::CheckFile(L"archive.dat")&&Util::CheckFile(L"bgm.dat")&&Util::CheckFile(L"se.dat")&&Util::CheckFile(L"voice.dat")&&Util::CheckFile(L"save\\syssave.dat"));//鬼孕の学園 スク水少女異種姦凌辱劇 + }; + }; + bool attach_function(); +}; + \ No newline at end of file diff --git a/LunaHook/engine32/Purple.cpp b/LunaHook/engine32/Purple.cpp new file mode 100644 index 0000000..40c5a9d --- /dev/null +++ b/LunaHook/engine32/Purple.cpp @@ -0,0 +1,39 @@ +#include"Purple.h" + + +bool Purple::attach_function() { + //夢幻 虚実と真実 + //世界の果ての物語 + const DWORD funcs[] = { + 0xCCCCCCCC, + 0xec8b55, + }; + enum { FunctionCount = sizeof(funcs) / sizeof(*funcs) }; + ULONG addr = MemDbg::findMultiCallerAddress((ULONG)::GetGlyphOutlineA, funcs, FunctionCount, processStartAddress, processStopAddress); + + if (!addr) return false; + if(*(DWORD*)addr==0xCCCCCCCC)addr+=4; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.type = USING_STRING; + + return NewHook(hp, "Purple"); +} + + +bool Purple2::attach_function() { + //はっぴ~ぶり~でぃんぐ https://vndb.org/p132 + //夏色小町 + //はぴぶり いまさら ふぁんでぃすく + ULONG addr = MemDbg::findCallerAddress((ULONG)::TextOutA, 0x90909090 , processStartAddress, processStopAddress); + if (!addr) return false; + addr+=4; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.index=0; + hp.type = DATA_INDIRECT; + + return NewHook(hp, "Purple2"); +} \ No newline at end of file diff --git a/LunaHook/engine32/Purple.h b/LunaHook/engine32/Purple.h new file mode 100644 index 0000000..6de8fca --- /dev/null +++ b/LunaHook/engine32/Purple.h @@ -0,0 +1,24 @@ +#include"engine.h" + +class Purple:public ENGINE{ + public: + Purple(){ + + check_by=CHECK_BY::FILE_ALL; + check_by_target=check_by_list{L"WAIT.TAM",L"data.hed",L"data.dat"}; + + + }; + bool attach_function(); +}; + +class Purple2:public ENGINE{ + public: + Purple2(){ + + check_by=CHECK_BY::FILE_ALL; + check_by_target=check_by_list{L"misc\\*.pk",L"music\\*.px"}; + + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/QLIE.cpp b/LunaHook/engine32/QLIE.cpp new file mode 100644 index 0000000..f29d692 --- /dev/null +++ b/LunaHook/engine32/QLIE.cpp @@ -0,0 +1,937 @@ +#include"QLIE.h" +#include"embed_util.h" +/** + * jichi 8/18/2013: QLIE identified by GameData/data0.pack + * + * The old hook cannot recognize new games. + */ + +namespace { // unnamed QLIE + +/** +* Artikash 8/1/2018: new QLIE hook. old one misses on https://vndb.org/v22308 and https://vndb.org/v19182 +* ExtTextOut hook misses characters because of font caching +* Method to find H-code: trace call stack from ExtTextOut until missing characters from default hook are found +* /HW-1C*0:-20@base address of pattern +* characterizing pattern: +kimimeza.exe+100D9C - 55 - push ebp +kimimeza.exe+100D9D - 8B EC - mov ebp,esp +kimimeza.exe+100D9F - 83 C4 E4 - add esp,-1C { 228 } +kimimeza.exe+100DA2 - 53 - push ebx +kimimeza.exe+100DA3 - 56 - push esi +kimimeza.exe+100DA4 - 57 - push edi +kimimeza.exe+100DA5 - 33 D2 - xor edx,edx +kimimeza.exe+100DA7 - 89 55 FC - mov [ebp-04],edx +*/ +bool InsertQLIE3Hook() +{ + const BYTE bytes[] = + { + 0x55, + 0x8b, 0xec, + 0x83, 0xc4, 0xe4, + 0x53, + 0x56, + 0x57, + 0x33, 0xd2, + 0x89, 0x55, 0xfc + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!addr) { + ConsoleOutput("QLIE3: pattern not found"); + //ConsoleOutput("Not QLIE2"); + return false; + } + + HookParam hp; + hp.type = CODEC_UTF16 | DATA_INDIRECT | USING_SPLIT; + hp.offset=get_reg(regs::esi); + hp.split=get_reg(regs::edi); + hp.address = addr; + + ConsoleOutput("INSERT QLIE3"); + return NewHook(hp, "QLiE3"); +} +/** + * jichi 8/18/2013: new QLIE hook + * See: http://www.hongfire.com/forum/showthread.php/420362-QLIE-engine-Hcode + * + * Ins: + * 55 8B EC 53 8B 5D 1C + * - 55 push ebp ; hook here + * - 8bec mov ebp, esp + * - 53 push ebx + * - 8B5d 1c mov ebx, dword ptr ss:[ebp+1c] + * + * /HBN14*0@4CC2C4 + * - addr: 5030596 (0x4cc2c4) + * - text_fun: 0x0 + * - function: 0 + * - hook_len: 0 + * - ind: 0 + * - length_offset: 1 + * - module: 0 + * - off: 20 (0x14) + * - recover_len: 0 + * - split: 0 + * - split_ind: 0 + * - type: 1032 (0x408) + */ +bool InsertQLIE2Hook() +{ + const BYTE bytes[] = { // size = 7 + 0x55, // 55 push ebp ; hook here + 0x8b,0xec, // 8bec mov ebp, esp + 0x53, // 53 push ebx + 0x8b,0x5d, 0x1c // 8b5d 1c mov ebx, dword ptr ss:[ebp+1c] + }; + //enum { addr_offset = 0 }; // current instruction is the first one + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + ConsoleOutput("QLIE2: pattern not found"); + //ConsoleOutput("Not QLIE2"); + return false; + } + + HookParam hp; + hp.type = DATA_INDIRECT|NO_CONTEXT; // 0x408 + hp.offset=get_stack(5); + hp.address = addr; + + ConsoleOutput("INSERT QLIE2"); + return NewHook(hp, "QLiE2"); +} + +// jichi: 8/18/2013: Change return type to bool +bool InsertQLIE1Hook() +{ + for (DWORD i = processStartAddress + 0x1000; i < processStopAddress - 4; i++) + if (*(DWORD *)i == 0x7ffe8347) { // inc edi, cmp esi,7f + DWORD t = 0; + for (DWORD j = i; j < i + 0x10; j++) { + if (*(DWORD *)j == 0xa0) { // cmp esi,a0 + t = 1; + break; + } + } + if (t) + for (DWORD j = i; j > i - 0x100; j--) + if (*(DWORD *)j == 0x83ec8b55) { // push ebp, mov ebp,esp, sub esp,* + HookParam hp; + hp.address = j; + hp.offset =get_stack(6); + hp.split =get_reg(regs::esp); + hp.type = DATA_INDIRECT|USING_SPLIT; + ConsoleOutput("INSERT QLIE1"); + return NewHook(hp, "QLiE"); + } + } + + ConsoleOutput("QLIE1: failed"); + //ConsoleOutput("Unknown QLIE engine"); + return false; +} + +} // unnamed QLIE +namespace{ + bool _4(){ + //シスターシスター + //https://vndb.org/v653 + const BYTE bytes[] = { + 0x81,0xFB,0x80,0x00,0x00,0x00, + XX2, + 0x81,0xFB,0xa0,0x00,0x00,0x00, + XX2, + 0x81,0xFB,0xdf,0x00,0x00,0x00, + XX2, + 0x81,0xFB,0xff,0x00,0x00,0x00, + XX2, + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + + if (addr == 0)return false; + const BYTE funcstart[] = { + 0x90,0x55,0x8b,0xec + }; + addr = reverseFindBytes(funcstart, sizeof(funcstart), addr-0x100, addr); + if (addr == 0)return false; + HookParam hp; + hp.address = addr+1 ; + hp.offset = get_stack(6); + hp.type = USING_STRING ; + return NewHook(hp, "QLIE4"); + } + bool _5(){ + //おしかけおさなづま3(3乗) + //School Festa-スクールフェスタ- + const BYTE bytes[] = { + 0x83,0xFF,0x7F, + XX2, + 0x81,0xFf,0xa0,0x00,0x00,0x00, + XX2, + 0x81,0xFf,0xdf,0x00,0x00,0x00, + XX2, + 0x81,0xFf,0xff,0x00,0x00,0x00, + XX2, + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + + if (addr == 0)return false; + addr = findfuncstart(addr); + if (addr == 0)return false; + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::ecx); + hp.type = USING_STRING ; + return NewHook(hp, "QLIE5"); + } +} +// jichi 8/18/2013: Add new hook +bool InsertQLIEHook() +{ + bool _=_4()||_5(); + return InsertQLIE1Hook() || InsertQLIE2Hook() || InsertQLIE3Hook()||_; + +} + +namespace { // unnamed + +namespace ScenarioHook { +namespace Private { + + template + strT trim(strT text, int *size) + { + //int length = ::strlen(text); + int length = *size; + if (text[0] == '[') { + if (all_ascii(text)) + return nullptr; + if (text[length - 1] == ']' && ::CharPrevA(text, text + length) == text + length - 1) { + length--; + if (text[length - 1] == 'n' && text[length - 2] == '[') + length -= 2; + } + for (int i = 1; i < length; i++) + if ((signed char)text[i] <= 0) { + text += i; + length -= i - 1; + break; + } + length--; // skip the leading '[' + } + *size = length; + return text; + } + + /** + * Sample game: 月に寄りそう乙女の作法2 + * + * + * Name: + * + * 019D7688 5B 66 2C 31 5D 5B 72 66 2C 31 5D 5B 73 2C 32 30 [f,1][rf,1][s,20 + * 019D7698 2C 32 30 5D 5B 63 2C 24 46 46 46 46 46 46 46 46 ,20][c,$FFFFFFFF + * 019D76A8 5D 5B 72 63 2C 24 46 46 46 46 46 46 46 46 5D 81 ][rc,$FFFFFFFF]・ + * 019D76B8 79 8D F7 8F AC 98 48 83 41 83 67 83 8C 81 7A 00 y桜小路アトレ】. + * + * 0012FBCC 0055553D RETURN to .0055553D from .00513234 + * 0012FBD0 0012FDB8 Pointer to next SEH record + * 0012FBD4 005555A5 SE handler + * 0012FBD8 0012FD90 + * 0012FBDC 0E9F72D0 + * 0012FBE0 0E9F72D0 + * 0012FBE4 0A24AA90 + * 0012FBE8 00000000 + * 0012FBEC 00000000 + * 0012FBF0 0C7AE0C8 ASCII "st+cc+tt" + * 0012FBF4 00000000 + * 0012FBF8 00000000 + * 0012FBFC 00000000 + * 0012FC00 00000000 + * 0012FC04 00000000 + * 0012FC08 00000000 + * + * EAX 0E3885A0 + * ECX 00000002 + * EDX 019D7688 + * EBX 0041D17C .0041D17C + * ESP 0012FBCC + * EBP 0012FD90 + * ESI 0A24AA90 + * EDI 0E9F72D0 + * EIP 00513234 .00513234 + * + * + * Dialog's arg4: + * + * 04A9BAD0 48 DB 51 00 B8 BA A9 04 F8 BA A9 04 07 02 00 00 HロQ.クコゥゥ.. + * 04A9BAE0 B8 67 66 00 D0 AF A6 04 00 00 00 00 90 AC A9 04 クgf.ミッヲ....成ゥ + * 04A9BAF0 01 00 00 00 11 00 00 00 30 5F 64 69 61 6C 6F 67 ......0_dialog + * 04A9BB00 6D 65 73 73 61 67 65 2C 30 00 00 00 90 AC A9 04 message,0...成ゥ + * + * Scenario: + * + * 058DC708 5B 66 2C 30 5D 5B 72 66 2C 30 5D 5B 73 2C 32 34 [f,0][rf,0][s,24 + * 058DC718 2C 32 34 5D 5B 63 2C 24 46 46 46 46 46 46 46 46 ,24][c,$FFFFFFFF + * 058DC728 5D 5B 72 63 2C 24 46 46 46 46 46 46 46 46 5D 81 ][rc,$FFFFFFFF]・ + * 058DC738 75 82 CD 82 A2 81 41 82 B1 82 B1 82 CD 93 FA 96 uはい、ここは日・ + * 058DC748 7B 82 C5 82 B7 81 42 8B F3 8D 60 82 CC 90 45 88 {です。空港の職・ + * 058DC758 F5 82 E0 81 41 83 56 83 87 83 62 83 76 82 CC 93 焉Aショップの・ + * 058DC768 58 88 F5 82 E0 81 41 83 8D 83 72 81 5B 82 C9 8D X員も、ロビーに・ + * 058DC778 C0 82 E9 90 6C 82 E0 81 41 93 FA 96 7B 90 6C 82 タる人も、日本人・ + * 058DC788 E7 82 B5 82 AB 90 6C 82 CE 82 A9 82 E8 82 C5 82 轤オき人ばかりで・ + * 058DC798 B7 81 76 00 00 8E 8D 05 01 00 00 00 8C 00 00 00 キ」..詩...・.. + * 058DC7A8 81 75 8D A1 93 FA 82 CD 90 E2 8D 44 82 CC 93 DC 「今日は絶好の曇 + * 058DC7B8 82 E8 8B F3 82 BE 82 E6 81 41 82 C8 82 F1 82 C4 り空だよ、なんて + * 058DC7C8 91 66 93 47 82 C8 96 E9 8B F3 82 BE 82 EB 82 A4 素敵な夜空だろう + * 058DC7D8 81 49 81 40 96 6C 82 CC 8B 41 8D 91 82 C9 8D 87 ! 僕の帰国に合 + * 058DC7E8 82 ED 82 B9 82 C4 91 BE 97 7A 82 F0 89 42 82 B5 わせて太陽を隠し + * + * 0012FBCC 0055553D RETURN to .0055553D from .00513234 + * 0012FBD0 0012FDB8 Pointer to next SEH record + * 0012FBD4 005555A5 SE handler + * 0012FBD8 0012FD90 + * 0012FBDC 0E9F7110 + * 0012FBE0 0E9F7110 + * 0012FBE4 0A24AA90 + * 0012FBE8 00000000 + * 0012FBEC 00000000 + * 0012FBF0 0EA33460 ASCII "st+cc+tt" + * 0012FBF4 00000000 + * 0012FBF8 00000000 + * 0012FBFC 00000000 + * 0012FC00 00000000 + * + * EAX 0E9AD230 + * ECX 00000002 + * EDX 058DC708 + * EBX 0041D17C .0041D17C + * ESP 0012FBCC + * EBP 0012FD90 + * ESI 0A24AA90 + * EDI 0E9F7110 + * EIP 00513234 .00513234 + * + * Backlog: + * FIXME: I don't have a way to distinguish Backlog out. + * + * 0A9775D8 5B 66 2C 32 5D 5B 63 2C 24 46 46 65 64 64 31 66 [f,2][c,$FFedd1f + * 0A9775E8 66 5D 5B 72 63 2C 24 46 46 65 64 64 31 66 66 5D f][rc,$FFedd1ff] + * 0A9775F8 81 75 82 CD 82 A2 81 41 82 B1 82 B1 82 CD 93 FA 「はい、ここは日 + * 0A977608 96 7B 82 C5 82 B7 81 42 8B F3 8D 60 82 CC 90 45 本です。空港の職 + * 0A977618 88 F5 82 E0 81 41 83 56 83 87 83 62 83 76 82 CC 員も、ショップの + * 0A977628 93 58 88 F5 82 E0 81 41 83 8D 83 72 81 5B 82 C9 店員も、ロビーに + * + * EAX 0FF32FE0 + * ECX 00000002 + * EDX 0A9775D8 + * EBX 0041D17C .0041D17C + * ESP 0012FBCC + * EBP 0012FD90 + * ESI 0A909350 + * EDI 0B843690 + * EIP 00513234 .00513234 + * + * 0012FBCC 0055553D RETURN to .0055553D from .00513234 + * 0012FBD0 0012FDB8 Pointer to next SEH record + * 0012FBD4 005555A5 SE handler + * 0012FBD8 0012FD90 + * 0012FBDC 0B843690 + * 0012FBE0 0B843690 + * 0012FBE4 0A909350 + * 0012FBE8 00000000 + * 0012FBEC 00000000 + * 0012FBF0 0FF25558 ASCII ""[f,2][c,$FFedd1ff][rc,$FFedd1ff]"+text" + * 0012FBF4 00000000 + * 0012FBF8 00000000 + * 0012FBFC 00000000 + * + * Sample game ワルキューレロマンツェ more&more (QLiE2): + * Name: + * 0012FB84 00546877 RETURN to .00546877 from .00504AD0 + * 0012FB88 0012FDBC Pointer to next SEH record + * 0012FB8C 00546B1B SE handler + * 0012FB90 0012FD94 + * 0012FB94 11832DC0 + * 0012FB98 11832DC0 + * 0012FB9C 09278EA0 + * 0012FBA0 00000000 + * 0012FBA4 00000000 + * 0012FBA8 00000000 + * 0012FBAC 00000000 + * 0012FBB0 00000000 + * 0012FBB4 00000000 + * + * 0A702400 5B 70 63 2C 94 FC 8D F7 5D 00 00 00 70 B6 6F 0A [pc,美桜]...pカo. + * + * EAX 0C2763E0 ASCII "HHP" + * ECX 00000003 + * EDX 0A702400 + * EBX 0041D168 .0041D168 + * ESP 0012FB84 ASCII "whT" + * EBP 0012FD94 + * ESI 09278EA0 + * EDI 11832DC0 + * EIP 00504AD0 .00504AD0 + * + * Scenario: + * 09E0D7C8 5B 63 2C 24 46 46 46 46 46 46 44 44 5D 5B 72 63 [c,$FFFFFFDD][rc + * 09E0D7D8 2C 24 46 46 46 46 46 46 44 44 5D 81 75 82 A4 82 ,$FFFFFFDD]「う・ + * + * 0012FB84 00546877 RETURN to .00546877 from .00504AD0 + * 0012FB88 0012FDBC Pointer to next SEH record + * 0012FB8C 00546B1B SE handler + * 0012FB90 0012FD94 + * 0012FB94 118314E0 + * 0012FB98 118314E0 + * 0012FB9C 09278EA0 + * 0012FBA0 00000000 + * + * EAX 0A72D820 ASCII "HHP" + * ECX 00000002 + * EDX 09E0D7C8 + * EBX 0041D168 .0041D168 + * ESP 0012FB84 ASCII "whT" + * EBP 0012FD94 + * ESI 09278EA0 + * EDI 118314E0 + * EIP 00504AD0 .00504AD0 + * + * Sample game ワルキューレロマンツェ (QLiE1): + * Garbage: + * 0A5115D0 83 56 83 69 83 8A 83 49 5C 8B A4 92 CA 5C 6B 79 シナリオ\共通\ky + * 0A5115E0 6F 5F 30 30 31 5F 30 30 2E 73 00 00 50 FF 50 0A o_001_00.s..PP. + * + * Name: + * 0012FB84 00544913 RETURN to .00544913 from .004FFB04 + * 0012FB88 0012FDBC Pointer to next SEH record + * 0012FB8C 00544BB1 SE handler + * 0012FB90 0012FD94 + * 0012FB94 01A139A8 + * 0012FB98 01A139A8 + * 0012FB9C 07D35D00 + * 0012FBA0 00000000 + * + * EAX 0C303340 + * ECX 00000003 + * EDX 0ED8A620 + * EBX 0041D6A8 .0041D6A8 + * ESP 0012FB84 + * EBP 0012FD94 + * ESI 07D35D00 + * EDI 01A139A8 + * EIP 004FFB04 .004FFB04 + * + * 01A139A8 60 27 52 00 00 00 00 00 00 00 00 00 00 00 80 3F `'R...........€? + * 01A139B8 00 00 80 3F 00 00 00 00 00 00 00 00 00 00 80 3F ..€?..........€? + * 01A139C8 00 00 00 00 48 D9 14 0A 68 D9 14 0A 07 02 00 00 ....Hル.hル... + * 01A139D8 3C F1 07 00 93 9A 5C 00 1C 01 00 00 F4 01 00 00 <・.答\...・.. + * 01A139E8 40 33 30 0C A0 D9 A0 01 C0 29 52 00 00 00 00 00 @30.ルタ)R..... + * 01A139F8 00 00 00 00 00 00 80 3F 00 00 80 3F 00 00 00 00 ......€?..€?.... + * + * Scenario: + * 0012FB84 00544913 RETURN to .00544913 from .004FFB04 + * 0012FB88 0012FDBC Pointer to next SEH record + * 0012FB8C 00544BB1 SE handler + * 0012FB90 0012FD94 + * 0012FB94 01A13960 ; jichi: type string is saved here in edi and arg4/arg5 + * 0012FB98 01A13960 + * 0012FB9C 07D35D00 + * 0012FBA0 00000000 + * + * 0A14D7C8 30 5F 4D 65 73 73 61 67 65 54 65 78 74 2C 30 00 0_MessageText,0. + * + * EAX 0C308500 + * ECX 00000006 + * EDX 0B100590 + * EBX 0041D6A8 .0041D6A8 + * ESP 0012FB84 + * EBP 0012FD94 + * ESI 07D35D00 + * EDI 01A13960 + * EIP 004FFB04 .004FFB04 + * + * + * 01A13960 60 27 52 00 00 00 00 00 00 00 00 00 00 00 80 3F `'R...........€? + * 01A13970 00 00 80 3F 00 00 00 00 00 00 00 00 00 00 80 3F ..€?..........€? + * 01A13980 00 00 00 00 C8 D7 14 0A A8 D8 14 0A 07 02 00 00 ....ネラ.ィリ... + * 01A13990 34 90 3F 00 BE 0A 5B 00 D3 02 00 00 EC 01 00 00 4・.セ.[.モ..・.. + * 01A139A0 00 85 30 0C A0 D9 A0 01 60 27 52 00 00 00 00 00 .・.ル`'R..... + * 01A139B0 00 00 00 00 00 00 80 3F 00 00 80 3F 00 00 00 00 ......€?..€?.... + * + * 0A14D948 30 5F 4E 61 6D 65 54 65 78 74 2C 30 00 00 00 00 0_NameText,0.... + */ + + /** + * Known Type strings + * These strings seems to be different for different games + * + * ワルキューレロマンツェ(QLiE1) + * 七つのふしぎの終わるとき (QLiE1) + * + * 0_NameText,0 + * 0_MessageText,0 + * 0_Message,0 + * + * ワルキューレロマンツェ More&More (QLiE2) + * 0_nametext,0 + * 0_imo_message,0 + * + * 月に寄りそう乙女の作法2 (QLiE2): + * 0_dialogmessage,0 + * $windowapril + * fontsize:30:30 + * + */ + + struct TextArgument // root at [edx - 4] + { + DWORD size; // in [edx-4] + char text[1]; // in edx + + bool isValid() const + { + return text && size + && Engine::isAddressReadable(text, size) + && ::strlen(text) == size; + } + }; + + struct TypeArgument + { + DWORD unknown[8]; // 0x20 + + DWORD textFlag; // +0x20, 0 for QLiE1, 1 for QLie2 + LPCSTR textAddress; // for QLiE1 + char textData[1]; // for QLiE2 + + LPCSTR text() const + { + if (textFlag == 0) // QLiE1 + return Engine::isAddressReadable(textAddress) ? textAddress : nullptr; + else // QLiE2 + return textData; + } + + // Return UnknownRole(0) if not sure + Engine::TextRole role() const + { + if (textFlag > 0xff) + return Engine::OtherRole; + LPCSTR t = text(); + if (!t || !*t) + return Engine::UnknownRole; + for (int i = 0; t[i]; i++) { + if (i > 0x40) // text too large + return Engine::OtherRole; + BYTE ch = t[0]; + if (ch <= 32 || ch > 127) // non-printable or not ascii + return Engine::OtherRole; + } + + // Convert to lower case + std::string s = t; + std::transform(s.begin(), s.end(), s.begin(), ::tolower); + t = s.c_str(); + + if (::strchr(t, '_')) { + // QLiE2 + if (::strstr(t, "_imo_message,")) + return Engine::ScenarioRole; + if (::strstr(t, "_dialogmessage,")) + return Engine::OtherRole; + + // QLiE1 + if (::strstr(t, "_messagetext,")) + return Engine::ScenarioRole; + + if (::strstr(t, "_nametext,")) + return Engine::NameRole; + if (::strstr(t, "_message,") || // this is ambiguous and will overwrite imo_message + ::strstr(t, "_statetext,") || + //::strstr(t, "_databutton,") || + //::strstr(t, "_selectbutton,") || + ::strstr(t, "button,")) + return Engine::OtherRole; + } + + if (s.find_first_of(".[!@*\\") != std::string::npos) + return Engine::OtherRole; + + //DOUT("unknown text type:" << t); + return Engine::UnknownRole; + } + }; + int trimmedSize;char*trimmedText; + int endtype; + bool hookBefore(hook_stack*s,void* data1, size_t* len,uintptr_t*role) + { + + auto arg = (TextArgument *)(s->edx - 4); + if (!arg->isValid()) + return false; + trimmedSize = arg->size; + trimmedText = trim(arg->text, &trimmedSize); + if (trimmedSize <= 0 || !trimmedText || !*trimmedText) + return false; + + if (::strstr(arg->text, "\x82\xa0\x82\xa0\x82\xa0\x82\xa0\x82\xa0")) /* Skip text containing あああああ */ + return false; + + if (all_ascii(trimmedText)) // This is optional, but I don't want to translate English + return false; + //role = Engine::OtherRole; + + enum { sig = 0 }; + * role = Engine::ScenarioRole; + + enum : uint16_t { + w_name_open = 0x7981, /* 【 */ + w_name_close = 0x7a81 /* 】 */ + }; + + // if (trimmedText[trimmedSize]) // text ending withb ']' is other text + // *role = Engine::OtherRole; + { + std::string oldData(trimmedText, trimmedSize); + endtype=0; + if(oldData.size()>3&&oldData.substr(oldData.size()-3)=="[n]"){ + endtype=1;trimmedSize-=3; + + }else if(oldData.size()>3&&oldData.substr(oldData.size()-3)=="[c]"){ + endtype=2;trimmedSize-=3; + } + } + + if (trimmedSize > 4 + && w_name_open == *(uint16_t *)trimmedText + && w_name_close == *(uint16_t *)(trimmedText + trimmedSize - 2)) { + trimmedText += 2; + trimmedSize -= 4; + if (*role == Engine::ScenarioRole) + *role = Engine::NameRole; // FIXME: This name recognition logic does not work for ワルキューレロマンツェ + } + + + // Skip sjis 名前 = 96bc914f + if (0 == ::strncmp(trimmedText, "\x96\xbc\x91\x4f", trimmedSize)) + return false; +/* + if (s->stack[4] == s->stack[5]) { // && s->edi == s->stack[4] + auto t = (TypeArgument *)s->stack[4]; + if (Engine::isAddressReadable(t)) { + //if (!t->isValid()) + // return true; + if (auto r = t->role()) + *role = r; + } + } +*/ + //auto split = s->stack[0]; // retaddr is always the same anyway + std::string oldData(trimmedText, trimmedSize); + + strcpy((char*)data1,oldData.c_str()); + *len=oldData.size(); + return true; + } + void hookafter(hook_stack*s,void* data1, size_t len) + { + std::string newData=std::string((char*)data1,len); + + auto arg = (TextArgument *)(s->edx - 4); + int prefixSize = trimmedText - arg->text, + suffixSize = arg->size - prefixSize - trimmedSize; + if (prefixSize) + newData.insert(0,std::string(arg->text, prefixSize)); + if (suffixSize) + newData.append(trimmedText + trimmedSize, suffixSize); + if(endtype==1) + newData=newData+"[n]"; + else if(endtype==2) + newData=newData+"[c]"; + static std::string data_; + data_ = newData; + s->edx = (ULONG)data_.c_str(); // reset arg1 + *(DWORD *)(s->edx - 4) = data_.size(); + //arg->size = data_.size(); // no idea why this will crash ... + + //*(DWORD *)(s->edx - 4) = newData.size() + trimmedText - text; + //::strcpy(trimmedText, newData.constData()); + } +} // namespace Private + +/** + * Sample game: 月に寄りそう乙女の作法2 + * See: http://capita.tistory.com/m/post/236 + * + * This function is not aligned. + * Text in edx. Length in [edx - 4] + * + * 00513234 55 PUSH EBP + * 00513235 8BEC MOV EBP,ESP + * 00513237 6A 00 PUSH 0x0 + * 00513239 53 PUSH EBX + * 0051323A 56 PUSH ESI + * 0051323B 8BF2 MOV ESI,EDX + * 0051323D 8BD8 MOV EBX,EAX + * 0051323F 33C0 XOR EAX,EAX + * 00513241 55 PUSH EBP + * 00513242 68 AD325100 PUSH .005132AD + * 00513247 64:FF30 PUSH DWORD PTR FS:[EAX] + * 0051324A 64:8920 MOV DWORD PTR FS:[EAX],ESP + * 0051324D 80BB 0A160000 00 CMP BYTE PTR DS:[EBX+0x160A],0x0 ; jichi: can be used as pattern to distinguish QLiE1/2 + * 00513254 74 07 JE SHORT .0051325D + * 00513256 8BC3 MOV EAX,EBX + * 00513258 8B10 MOV EDX,DWORD PTR DS:[EAX] + * 0051325A FF52 24 CALL DWORD PTR DS:[EDX+0x24] + * 0051325D 8BC3 MOV EAX,EBX + * 0051325F E8 98C1FFFF CALL .0050F3FC + * 00513264 84C0 TEST AL,AL + * 00513266 74 07 JE SHORT .0051326F + * 00513268 8BC3 MOV EAX,EBX + * 0051326A 8B10 MOV EDX,DWORD PTR DS:[EAX] + * 0051326C FF52 24 CALL DWORD PTR DS:[EDX+0x24] + * 0051326F 8D4D FC LEA ECX,DWORD PTR SS:[EBP-0x4] + * 00513272 8BD6 MOV EDX,ESI + * 00513274 8BC3 MOV EAX,EBX + * 00513276 E8 5D310000 CALL .005163D8 + * 0051327B 8B55 FC MOV EDX,DWORD PTR SS:[EBP-0x4] + * 0051327E 8BC3 MOV EAX,EBX + * 00513280 E8 1B100000 CALL .005142A0 + * 00513285 8BC3 MOV EAX,EBX + * 00513287 E8 5C300000 CALL .005162E8 + * 0051328C 85C0 TEST EAX,EAX + * 0051328E 75 07 JNZ SHORT .00513297 + * 00513290 8BC3 MOV EAX,EBX + * 00513292 E8 B1070000 CALL .00513A48 + * 00513297 33C0 XOR EAX,EAX + * 00513299 5A POP EDX + * 0051329A 59 POP ECX + * 0051329B 59 POP ECX + * 0051329C 64:8910 MOV DWORD PTR FS:[EAX],EDX + * 0051329F 68 B4325100 PUSH .005132B4 + * 005132A4 8D45 FC LEA EAX,DWORD PTR SS:[EBP-0x4] + * 005132A7 E8 F421EFFF CALL .004054A0 + * 005132AC C3 RETN + * 005132AD ^E9 A21AEFFF JMP .00404D54 + * 005132B2 ^EB F0 JMP SHORT .005132A4 + * 005132B4 5E POP ESI + * 005132B5 5B POP EBX + * 005132B6 59 POP ECX + * 005132B7 5D POP EBP + * 005132B8 C3 RETN + * 005132B9 8D40 00 LEA EAX,DWORD PTR DS:[EAX] + * 005132BC 55 PUSH EBP + * 005132BD 8BEC MOV EBP,ESP + * 005132BF 8B45 08 MOV EAX,DWORD PTR SS:[EBP+0x8] + * 005132C2 8B40 FC MOV EAX,DWORD PTR DS:[EAX-0x4] + * 005132C5 80B8 6F180000 00 CMP BYTE PTR DS:[EAX+0x186F],0x0 + * 005132CC 74 23 JE SHORT .005132F1 + * 005132CE A1 C8EA5700 MOV EAX,DWORD PTR DS:[0x57EAC8] + * 005132D3 8B80 FC020000 MOV EAX,DWORD PTR DS:[EAX+0x2FC] + * 005132D9 8B15 C8EA5700 MOV EDX,DWORD PTR DS:[0x57EAC8] ; .00586178 + * 005132DF 8B92 E8020000 MOV EDX,DWORD PTR DS:[EDX+0x2E8] + * 005132E5 3BD0 CMP EDX,EAX + * 005132E7 7C 02 JL SHORT .005132EB + * 005132E9 8BC2 MOV EAX,EDX + * 005132EB 0105 B8E45700 ADD DWORD PTR DS:[0x57E4B8],EAX + * 005132F1 5D POP EBP + * 005132F2 C3 RETN + * 005132F3 90 NOP + * 005132F4 55 PUSH EBP + * 005132F5 8BEC MOV EBP,ESP + * 005132F7 53 PUSH EBX + * 005132F8 8B5D 08 MOV EBX,DWORD PTR SS:[EBP+0x8] + * ... + * + * {00528988(E9 73 FC 04 00 90),00578600(8D 45 FC 8B 4D FC 66 81 39 81 79 74 05 90 90 90 90 90 E9 77 03 FB FF)} + * {00528988(E9 73 FC 04 00 90),005785FE(EB 27 8D 45 FC 8B 4D FC 66 81 39 81 79 74 0A 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 68 8E 89 52 00 C3)} + * + * FORCEFONT(5),FONT(Gulim,-13),ENCODEKOR,HOOK(0x00513234,TRANS(EDX,LEN(-4),PTRCHEAT),RETNPOS(COPY)),HOOK(0x0057860D,TRANS(ECX,LEN(-4),PTRCHEAT),RETNPOS(SOURCE)) + * + * Character handled here, which is not used: + * 00528969 74 28 JE SHORT .00528993 + * 0052896B 3C 09 CMP AL,0x9 + * 0052896D 74 24 JE SHORT .00528993 + * 0052896F 3C 2F CMP AL,0x2F + * 00528971 74 20 JE SHORT .00528993 + * 00528973 3C 40 CMP AL,0x40 + * 00528975 74 1C JE SHORT .00528993 + * 00528977 8D45 E8 LEA EAX,DWORD PTR SS:[EBP-0x18] + * 0052897A 8D93 49010000 LEA EDX,DWORD PTR DS:[EBX+0x149] + * 00528980 E8 7FCDEDFF CALL .00405704 + * 00528985 8B55 E8 MOV EDX,DWORD PTR SS:[EBP-0x18] + * 00528988 8D45 FC LEA EAX,DWORD PTR SS:[EBP-0x4] ; jichi: 2-byte character in ecx + * 0052898B 8B4D FC MOV ECX,DWORD PTR SS:[EBP-0x4] + * 0052898E E8 25CEEDFF CALL .004057B8 + * 00528993 8D83 4C020000 LEA EAX,DWORD PTR DS:[EBX+0x24C] + * 00528999 8B55 FC MOV EDX,DWORD PTR SS:[EBP-0x4] + * 0052899C E8 53CBEDFF CALL .004054F4 + * 005289A1 8B83 4C020000 MOV EAX,DWORD PTR DS:[EBX+0x24C] + * 005289A7 85C0 TEST EAX,EAX + * 005289A9 74 05 JE SHORT .005289B0 + * 005289AB 83E8 04 SUB EAX,0x4 + * 005289AE 8B00 MOV EAX,DWORD PTR DS:[EAX] + * 005289B0 8983 50020000 MOV DWORD PTR DS:[EBX+0x250],EAX + * 005289B6 C645 F7 01 MOV BYTE PTR SS:[EBP-0x9],0x1 + * 005289BA 33C0 XOR EAX,EAX + * 005289BC 5A POP EDX + * 005289BD 59 POP ECX + * 005289BE 59 POP ECX + * 005289BF 64:8910 MOV DWORD PTR FS:[EAX],EDX + * 005289C2 68 E4895200 PUSH .005289E4 + * 005289C7 8D45 E8 LEA EAX,DWORD PTR SS:[EBP-0x18] + * 005289CA BA 03000000 MOV EDX,0x3 + * 005289CF E8 F0CAEDFF CALL .004054C4 + * 005289D4 8D45 FC LEA EAX,DWORD PTR SS:[EBP-0x4] + * 005289D7 E8 C4CAEDFF CALL .004054A0 + * 005289DC C3 RETN + * 005289DD ^E9 72C3EDFF JMP .00404D54 + * 005289E2 ^EB E3 JMP SHORT .005289C7 + * 005289E4 0FB645 F7 MOVZX EAX,BYTE PTR SS:[EBP-0x9] + * 005289E8 5F POP EDI + * 005289E9 5E POP ESI + * 005289EA 5B POP EBX + * 005289EB 8BE5 MOV ESP,EBP + * 005289ED 5D POP EBP + * 005289EE C3 RETN + * 005289EF 90 NOP + * 005289F0 55 PUSH EBP + * 005289F1 8BEC MOV EBP,ESP + * 005289F3 83C4 F8 ADD ESP,-0x8 + * 005289F6 53 PUSH EBX + * + * Sample game: ワルキューレロマンツェ (QLiE1) + * + * This function is found by looking all all matches of the following pattern + * And then lookup up for push ebp + * 005132E5 3BD0 CMP EDX,EAX + * 005132E7 7C 02 JL SHORT .005132EB + * 005132E9 8BC2 MOV EAX,EDX + * + * 004FFB04 55 PUSH EBP + * 004FFB05 8BEC MOV EBP,ESP + * 004FFB07 6A 00 PUSH 0x0 + * 004FFB09 53 PUSH EBX + * 004FFB0A 56 PUSH ESI + * 004FFB0B 8BF2 MOV ESI,EDX + * 004FFB0D 8BD8 MOV EBX,EAX + * 004FFB0F 33C0 XOR EAX,EAX + * 004FFB11 55 PUSH EBP + * 004FFB12 68 7DFB4F00 PUSH .004FFB7D + * 004FFB17 64:FF30 PUSH DWORD PTR FS:[EAX] + * 004FFB1A 64:8920 MOV DWORD PTR FS:[EAX],ESP + * 004FFB1D 80BB FA150000 00 CMP BYTE PTR DS:[EBX+0x15FA],0x0 + * 004FFB24 74 07 JE SHORT .004FFB2D + * 004FFB26 8BC3 MOV EAX,EBX + * 004FFB28 8B10 MOV EDX,DWORD PTR DS:[EAX] + * 004FFB2A FF52 1C CALL DWORD PTR DS:[EDX+0x1C] + * 004FFB2D 8BC3 MOV EAX,EBX + * 004FFB2F E8 04CFFFFF CALL .004FCA38 + * 004FFB34 84C0 TEST AL,AL + * 004FFB36 74 07 JE SHORT .004FFB3F + * 004FFB38 8BC3 MOV EAX,EBX + * 004FFB3A 8B10 MOV EDX,DWORD PTR DS:[EAX] + * 004FFB3C FF52 1C CALL DWORD PTR DS:[EDX+0x1C] + * 004FFB3F 8D4D FC LEA ECX,DWORD PTR SS:[EBP-0x4] + * 004FFB42 8BD6 MOV EDX,ESI + * 004FFB44 8BC3 MOV EAX,EBX + * 004FFB46 E8 69320000 CALL .00502DB4 + * 004FFB4B 8B55 FC MOV EDX,DWORD PTR SS:[EBP-0x4] + * 004FFB4E 8BC3 MOV EAX,EBX + * 004FFB50 E8 23120000 CALL .00500D78 + * 004FFB55 8BC3 MOV EAX,EBX + * 004FFB57 E8 58310000 CALL .00502CB4 + * 004FFB5C 85C0 TEST EAX,EAX + * 004FFB5E 75 07 JNZ SHORT .004FFB67 + * 004FFB60 8BC3 MOV EAX,EBX + * 004FFB62 E8 5D070000 CALL .005002C4 + * 004FFB67 33C0 XOR EAX,EAX + * 004FFB69 5A POP EDX + * 004FFB6A 59 POP ECX + * 004FFB6B 59 POP ECX + * 004FFB6C 64:8910 MOV DWORD PTR FS:[EAX],EDX + * 004FFB6F 68 84FB4F00 PUSH .004FFB84 + * 004FFB74 8D45 FC LEA EAX,DWORD PTR SS:[EBP-0x4] + * 004FFB77 E8 5859F0FF CALL .004054D4 + * 004FFB7C C3 RETN + * 004FFB7D ^E9 0652F0FF JMP .00404D88 + * 004FFB82 ^EB F0 JMP SHORT .004FFB74 + * 004FFB84 5E POP ESI + * 004FFB85 5B POP EBX + * 004FFB86 59 POP ECX + * 004FFB87 5D POP EBP + * 004FFB88 C3 RETN + * 004FFB89 8D40 00 LEA EAX,DWORD PTR DS:[EAX] + * 004FFB8C 55 PUSH EBP + * 004FFB8D 8BEC MOV EBP,ESP + * 004FFB8F 8B45 08 MOV EAX,DWORD PTR SS:[EBP+0x8] + * 004FFB92 8B40 FC MOV EAX,DWORD PTR DS:[EAX-0x4] + * 004FFB95 80B8 4F180000 00 CMP BYTE PTR DS:[EAX+0x184F],0x0 + * 004FFB9C 74 23 JE SHORT .004FFBC1 + * 004FFB9E A1 E4CA5600 MOV EAX,DWORD PTR DS:[0x56CAE4] + * 004FFBA3 8B80 CC020000 MOV EAX,DWORD PTR DS:[EAX+0x2CC] + * 004FFBA9 8B15 E4CA5600 MOV EDX,DWORD PTR DS:[0x56CAE4] ; .005740E8 + * 004FFBAF 8B92 B8020000 MOV EDX,DWORD PTR DS:[EDX+0x2B8] + * 004FFBB5 3BD0 CMP EDX,EAX + * 004FFBB7 7C 02 JL SHORT .004FFBBB + * 004FFBB9 8BC2 MOV EAX,EDX + * 004FFBBB 0105 64C45600 ADD DWORD PTR DS:[0x56C464],EAX + * 004FFBC1 5D POP EBP + * 004FFBC2 C3 RETN + * 004FFBC3 90 NOP + */ +bool attach(ULONG startAddress, ULONG stopAddress) +{ + // QLiE1 + // 004FFB1D 80BB FA150000 00 CMP BYTE PTR DS:[EBX+0x15FA],0x0 + // QLiE2 + // 0051324D 80BB 0A160000 00 CMP BYTE PTR DS:[EBX+0x160A],0x0 ; jichi: instruction used as pattern + + const uint8_t bytes[] = { // i.e. 3BD0 7C 02 8BC2 0105 + 0x3B,0xD0, // 004FFBB5 3BD0 CMP EDX,EAX + 0x7C, 0x02, // 004FFBB7 7C 02 JL SHORT .004FFBBB + 0x8B,0xC2, // 004FFBB9 8BC2 MOV EAX,EDX + 0x01,0x05 //64C45600 // 004FFBBB 0105 64C45600 ADD DWORD PTR DS:[0x56C464],EAX + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if (!addr) + return false; + // 00513234 55 PUSH EBP ; jichi: hook here + // 00513235 8BEC MOV EBP,ESP + // 00513237 6A 00 PUSH 0x0 + // 00513239 53 PUSH EBX + // 0051323A 56 PUSH ESI + enum : DWORD { sig = 0x6aec8b55 }; + enum { AlignedStep = 1 }; // function not aligned + addr = MemDbg::findEnclosingFunctionBeforeDword(sig, addr, MemDbg::MaximumFunctionSize, AlignedStep); + if (!addr) + return false; + HookParam hp; + hp.address=addr; + hp.hook_before=Private::hookBefore; + hp.hook_after=Private::hookafter; + hp.newlineseperator=L"[n]"; + hp.type=EMBED_ABLE|EMBED_DYNA_SJIS|USING_STRING; + hp.hook_font=F_ExtTextOutA|F_GetTextExtentPoint32A; + hp.filter_fun=[](void* data, size_t* len, HookParam* hp){ + + static std::regex rx("\\[rb,(.*?),.+\\]"); + auto _=std::regex_replace(std::string((char*)data,*len), rx, "$1"); + + strcpy((char*)data,_.c_str());*len=_.size(); + return true; + }; + return NewHook(hp,"EmbedQLIE"); +} + +} // namespace ScenarioHook + +} // unnamed namespace + +bool QLIE::attach_function() { + auto embed=ScenarioHook::attach(processStartAddress, processStopAddress); + return InsertQLIEHook()||embed; +} \ No newline at end of file diff --git a/LunaHook/engine32/QLIE.h b/LunaHook/engine32/QLIE.h new file mode 100644 index 0000000..3eb5a39 --- /dev/null +++ b/LunaHook/engine32/QLIE.h @@ -0,0 +1,14 @@ +#include"engine.h" + +class QLIE:public ENGINE{ + public: + QLIE(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"GameData\\*.pack"; + // jichi 12/25/2013: It may or may not be QLIE. + // AlterEgo also has GameData/sound.pack but is not QLIE + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/RPGMakerRGSS3.cpp b/LunaHook/engine32/RPGMakerRGSS3.cpp new file mode 100644 index 0000000..804ce36 --- /dev/null +++ b/LunaHook/engine32/RPGMakerRGSS3.cpp @@ -0,0 +1,1413 @@ +#include"RPGMakerRGSS3.h" +#include +#include"embed_util.h" +#pragma comment(lib,"shlwapi.lib") +namespace { // unnamed + +namespace RGSS3 { + +namespace Private { + std::vector glob(const std::wstring& relpath) + { + std::wstring path = std::wstring(MAX_PATH, 0); + GetModuleFileNameW(nullptr, &path[0], MAX_PATH); + + size_t i = relpath.rfind(L'/'); + if (i != std::wstring::npos) { + std::wstring dir_path = path + L"/" + relpath.substr(0, i); + WIN32_FIND_DATAW find_data; + HANDLE hFind = FindFirstFileW((dir_path + L"/*").c_str(), &find_data); + if (hFind == INVALID_HANDLE_VALUE) + return {}; + + std::vector results; + do { + if ((find_data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) || + PathMatchSpecW(find_data.cFileName, relpath.substr(i + 1).c_str())) { + results.push_back(dir_path + L"/" + find_data.cFileName); + } + } while (FindNextFileW(hFind, &find_data)); + FindClose(hFind); + + return results; + } + else { + WIN32_FIND_DATAW find_data; + HANDLE hFind = FindFirstFileW(relpath.c_str(), &find_data); + if (hFind == INVALID_HANDLE_VALUE) + return {}; + + std::vector results; + do { + if (!(find_data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY)) + results.push_back(find_data.cFileName); + } while (FindNextFileW(hFind, &find_data)); + FindClose(hFind); + + return results; + } + } + std::wstring getDllModuleName() + { + for (const auto &dll: glob(L"System/RGSS3*.dll")) + if (::GetModuleHandleW((LPCWSTR)dll.c_str())) + return dll; + return {}; + } + +} // namespace Private + +bool getMemoryRange(ULONG *startAddress, ULONG *stopAddress) +{ + std::wstring module = Private::getDllModuleName(); + if (module.empty()) + return false; +auto [_1,_2]=Util::QueryModuleLimits(GetModuleHandle(module.c_str())); +*startAddress=_1;*stopAddress=_2; + return 1; +} + +namespace ScenarioHook { + +/** + * Sample game: + * - Mogeko Castle with RGSS 3.01 + * - 魔鎧の少女騎士エルトリンデ with RGSS 3.02 + * + * 1004149D CC INT3 + * 1004149E CC INT3 + * 1004149F CC INT3 + * 100414A0 8B4C24 08 MOV ECX,DWORD PTR SS:[ESP+0x8] + * 100414A4 8BC1 MOV EAX,ECX + * 100414A6 E8 75030500 CALL RGSS301.10091820 + * 100414AB 83F8 05 CMP EAX,0x5 + * 100414AE 74 19 JE SHORT RGSS301.100414C9 + * 100414B0 68 649D1A10 PUSH RGSS301.101A9D64 ; ASCII "to_str" + * 100414B5 68 74931A10 PUSH RGSS301.101A9374 ; ASCII "String" + * 100414BA 6A 05 PUSH 0x5 + * 100414BC 51 PUSH ECX + * 100414BD E8 AE2FFFFF CALL RGSS301.10034470 + * 100414C2 83C4 10 ADD ESP,0x10 + * 100414C5 894424 08 MOV DWORD PTR SS:[ESP+0x8],EAX + * 100414C9 53 PUSH EBX + * 100414CA 55 PUSH EBP + * 100414CB 56 PUSH ESI + * 100414CC 8B7424 10 MOV ESI,DWORD PTR SS:[ESP+0x10] + * 100414D0 57 PUSH EDI + * 100414D1 8B7C24 18 MOV EDI,DWORD PTR SS:[ESP+0x18] + * 100414D5 57 PUSH EDI + * 100414D6 56 PUSH ESI + * 100414D7 E8 B4490100 CALL RGSS301.10055E90 + * 100414DC 8BE8 MOV EBP,EAX + * 100414DE 8B06 MOV EAX,DWORD PTR DS:[ESI] + * 100414E0 83C4 08 ADD ESP,0x8 + * 100414E3 A9 00200000 TEST EAX,0x2000 + * 100414E8 75 08 JNZ SHORT RGSS301.100414F2 + * 100414EA C1E8 0E SHR EAX,0xE + * 100414ED 83E0 1F AND EAX,0x1F + * 100414F0 EB 03 JMP SHORT RGSS301.100414F5 + * 100414F2 8B46 08 MOV EAX,DWORD PTR DS:[ESI+0x8] + * 100414F5 8B0F MOV ECX,DWORD PTR DS:[EDI] + * 100414F7 F7C1 00200000 TEST ECX,0x2000 + * 100414FD 75 08 JNZ SHORT RGSS301.10041507 + * 100414FF C1E9 0E SHR ECX,0xE + * 10041502 83E1 1F AND ECX,0x1F + * 10041505 EB 03 JMP SHORT RGSS301.1004150A + * 10041507 8B4F 08 MOV ECX,DWORD PTR DS:[EDI+0x8] + * 1004150A 8D3401 LEA ESI,DWORD PTR DS:[ECX+EAX] + * 1004150D A1 70C02A10 MOV EAX,DWORD PTR DS:[0x102AC070] + * 10041512 50 PUSH EAX + * 10041513 33FF XOR EDI,EDI + * 10041515 E8 B64EFFFF CALL RGSS301.100363D0 + * 1004151A 8B5424 18 MOV EDX,DWORD PTR SS:[ESP+0x18] ; jichi: edx = arg1 on the stack + * 1004151E 8BD8 MOV EBX,EAX + * 10041520 8B02 MOV EAX,DWORD PTR DS:[EDX] ; jichi: eax = ecx = [arg1] + * 10041522 8BC8 MOV ECX,EAX + * 10041524 83C4 04 ADD ESP,0x4 + * 10041527 81E1 00200000 AND ECX,0x2000 + * 1004152D 75 08 JNZ SHORT RGSS301.10041537 + * 1004152F C1E8 0E SHR EAX,0xE + * 10041532 83E0 1F AND EAX,0x1F + * 10041535 EB 03 JMP SHORT RGSS301.1004153A + * 10041537 8B42 08 MOV EAX,DWORD PTR DS:[EDX+0x8] ; jichi: [edx+0x8] text length + * 1004153A 85C9 TEST ECX,ECX + * 1004153C 75 05 JNZ SHORT RGSS301.10041543 + * 1004153E 83C2 08 ADD EDX,0x8 + * 10041541 EB 03 JMP SHORT RGSS301.10041546 + * 10041543 8B52 0C MOV EDX,DWORD PTR DS:[EDX+0xC] ; jichi: [edx + 0xc] could be the text address + * 10041546 F703 00200000 TEST DWORD PTR DS:[EBX],0x2000 + * 1004154C 8D4B 08 LEA ECX,DWORD PTR DS:[EBX+0x8] + * 1004154F 74 03 JE SHORT RGSS301.10041554 + * 10041551 8B4B 0C MOV ECX,DWORD PTR DS:[EBX+0xC] + * 10041554 50 PUSH EAX + * 10041555 52 PUSH EDX + * 10041556 51 PUSH ECX + * 10041557 E8 E4F21300 CALL RGSS301.10180840 ; jichi: text is in edx + * 1004155C 8B5424 24 MOV EDX,DWORD PTR SS:[ESP+0x24] + * 10041560 8B02 MOV EAX,DWORD PTR DS:[EDX] + * 10041562 8BC8 MOV ECX,EAX + * 10041564 83C4 0C ADD ESP,0xC + * 10041567 81E1 00200000 AND ECX,0x2000 + * 1004156D 75 08 JNZ SHORT RGSS301.10041577 + * + * Stack: + * 00828EB4 1002E5E6 RETURN to RGSS301.1002E5E6 from RGSS301.100414A0 + * 00828EB8 03F13B20 + * 00828EBC 069F42CC + * 00828EC0 00000000 + * 00828EC4 01699298 + * 00828EC8 01699298 + * 00828ECC 03EB41B8 + * 00828ED0 01692A00 + * 00828ED4 06A34548 + * 00828ED8 00000000 + * 00828EDC 00000168 + * 00828EE0 00000280 + * 00828EE4 000001E0 + * 00828EE8 1019150F RETURN to RGSS301.1019150F from RGSS301.1018DF45 + * + * Here's the strncpy-like function for UTF8 strings, which is found using hardware breakpoints + * Parameters: + * - arg1 char *dest + * - arg2 const char *src + * - arg3 size_t size length of src excluding \0 at the end + * + * 1018083A CC INT3 + * 1018083B CC INT3 + * 1018083C CC INT3 + * 1018083D CC INT3 + * 1018083E CC INT3 + * 1018083F CC INT3 + * 10180840 55 PUSH EBP + * 10180841 8BEC MOV EBP,ESP + * 10180843 57 PUSH EDI + * 10180844 56 PUSH ESI + * 10180845 8B75 0C MOV ESI,DWORD PTR SS:[EBP+0xC] + * 10180848 8B4D 10 MOV ECX,DWORD PTR SS:[EBP+0x10] + * 1018084B 8B7D 08 MOV EDI,DWORD PTR SS:[EBP+0x8] + * 1018084E 8BC1 MOV EAX,ECX + * 10180850 8BD1 MOV EDX,ECX + * 10180852 03C6 ADD EAX,ESI + * 10180854 3BFE CMP EDI,ESI + * 10180856 76 08 JBE SHORT RGSS301.10180860 + * 10180858 3BF8 CMP EDI,EAX + * 1018085A 0F82 A4010000 JB RGSS301.10180A04 + * 10180860 81F9 00010000 CMP ECX,0x100 + * 10180866 72 1F JB SHORT RGSS301.10180887 + * 10180868 833D 4CC12A10 00 CMP DWORD PTR DS:[0x102AC14C],0x0 + * 1018086F 74 16 JE SHORT RGSS301.10180887 + * 10180871 57 PUSH EDI + * 10180872 56 PUSH ESI + * 10180873 83E7 0F AND EDI,0xF + * 10180876 83E6 0F AND ESI,0xF + * 10180879 3BFE CMP EDI,ESI + * 1018087B 5E POP ESI + * 1018087C 5F POP EDI + * 1018087D 75 08 JNZ SHORT RGSS301.10180887 + * 1018087F 5E POP ESI + * 10180880 5F POP EDI + * 10180881 5D POP EBP + * 10180882 E9 05F80000 JMP RGSS301.1019008C + * 10180887 F7C7 03000000 TEST EDI,0x3 + * 1018088D 75 15 JNZ SHORT RGSS301.101808A4 + * 1018088F C1E9 02 SHR ECX,0x2 + * 10180892 83E2 03 AND EDX,0x3 + * 10180895 83F9 08 CMP ECX,0x8 + * 10180898 72 2A JB SHORT RGSS301.101808C4 + * 1018089A F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS> + * 1018089C FF2495 B4091810 JMP DWORD PTR DS:[EDX*4+0x101809B4] + * 101808A3 90 NOP + * 101808A4 8BC7 MOV EAX,EDI + * 101808A6 BA 03000000 MOV EDX,0x3 + * 101808AB 83E9 04 SUB ECX,0x4 + * 101808AE 72 0C JB SHORT RGSS301.101808BC + * 101808B0 83E0 03 AND EAX,0x3 + * 101808B3 03C8 ADD ECX,EAX + * 101808B5 FF2485 C8081810 JMP DWORD PTR DS:[EAX*4+0x101808C8] + * 101808BC FF248D C4091810 JMP DWORD PTR DS:[ECX*4+0x101809C4] + * 101808C3 90 NOP + * 101808C4 FF248D 48091810 JMP DWORD PTR DS:[ECX*4+0x10180948] + * 101808CB 90 NOP + * 101808CC D808 FMUL DWORD PTR DS:[EAX] + * 101808CE 1810 SBB BYTE PTR DS:[EAX],DL + * 101808D0 04 09 ADD AL,0x9 + * 101808D2 1810 SBB BYTE PTR DS:[EAX],DL + * 101808D4 2809 SUB BYTE PTR DS:[ECX],CL + * 101808D6 1810 SBB BYTE PTR DS:[EAX],DL + * 101808D8 23D1 AND EDX,ECX + * 101808DA 8A06 MOV AL,BYTE PTR DS:[ESI] + * 101808DC 8807 MOV BYTE PTR DS:[EDI],AL + * 101808DE 8A46 01 MOV AL,BYTE PTR DS:[ESI+0x1] + * 101808E1 8847 01 MOV BYTE PTR DS:[EDI+0x1],AL + * 101808E4 8A46 02 MOV AL,BYTE PTR DS:[ESI+0x2] + * 101808E7 C1E9 02 SHR ECX,0x2 + * 101808EA 8847 02 MOV BYTE PTR DS:[EDI+0x2],AL + * 101808ED 83C6 03 ADD ESI,0x3 + * 101808F0 83C7 03 ADD EDI,0x3 + * 101808F3 83F9 08 CMP ECX,0x8 + * 101808F6 ^72 CC JB SHORT RGSS301.101808C4 + * 101808F8 F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS> + * 101808FA FF2495 B4091810 JMP DWORD PTR DS:[EDX*4+0x101809B4] + * 10180901 8D49 00 LEA ECX,DWORD PTR DS:[ECX] + * 10180904 23D1 AND EDX,ECX + * 10180906 8A06 MOV AL,BYTE PTR DS:[ESI] + * 10180908 8807 MOV BYTE PTR DS:[EDI],AL + * 1018090A 8A46 01 MOV AL,BYTE PTR DS:[ESI+0x1] + * 1018090D C1E9 02 SHR ECX,0x2 + * 10180910 8847 01 MOV BYTE PTR DS:[EDI+0x1],AL + * 10180913 83C6 02 ADD ESI,0x2 + * 10180916 83C7 02 ADD EDI,0x2 + * 10180919 83F9 08 CMP ECX,0x8 + * 1018091C ^72 A6 JB SHORT RGSS301.101808C4 + * 1018091E F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS> + * 10180920 FF2495 B4091810 JMP DWORD PTR DS:[EDX*4+0x101809B4] + * 10180927 90 NOP + * 10180928 23D1 AND EDX,ECX + * 1018092A 8A06 MOV AL,BYTE PTR DS:[ESI] + * 1018092C 8807 MOV BYTE PTR DS:[EDI],AL + * 1018092E 83C6 01 ADD ESI,0x1 + * 10180931 C1E9 02 SHR ECX,0x2 + * 10180934 83C7 01 ADD EDI,0x1 + * 10180937 83F9 08 CMP ECX,0x8 + * 1018093A ^72 88 JB SHORT RGSS301.101808C4 + * 1018093C F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS> + * 1018093E FF2495 B4091810 JMP DWORD PTR DS:[EDX*4+0x101809B4] + * 10180945 8D49 00 LEA ECX,DWORD PTR DS:[ECX] + * 10180948 AB STOS DWORD PTR ES:[EDI] + * 10180949 0918 OR DWORD PTR DS:[EAX],EBX + * 1018094B 1098 09181090 ADC BYTE PTR DS:[EAX+0x90101809],BL + * 10180951 0918 OR DWORD PTR DS:[EAX],EBX + * 10180953 1088 09181080 ADC BYTE PTR DS:[EAX+0x80101809],CL + * 10180959 0918 OR DWORD PTR DS:[EAX],EBX + * 1018095B 1078 09 ADC BYTE PTR DS:[EAX+0x9],BH + * 1018095E 1810 SBB BYTE PTR DS:[EAX],DL + * 10180960 70 09 JO SHORT RGSS301.1018096B + * 10180962 1810 SBB BYTE PTR DS:[EAX],DL + * 10180964 68 0918108B PUSH 0x8B101809 + * 10180969 44 INC ESP + * 1018096A 8EE4 MOV FS,SP ; Modification of segment register + * 1018096C 89448F E4 MOV DWORD PTR DS:[EDI+ECX*4-0x1C],EAX + * 10180970 8B448E E8 MOV EAX,DWORD PTR DS:[ESI+ECX*4-0x18] + * 10180974 89448F E8 MOV DWORD PTR DS:[EDI+ECX*4-0x18],EAX + * 10180978 8B448E EC MOV EAX,DWORD PTR DS:[ESI+ECX*4-0x14] + * 1018097C 89448F EC MOV DWORD PTR DS:[EDI+ECX*4-0x14],EAX + * 10180980 8B448E F0 MOV EAX,DWORD PTR DS:[ESI+ECX*4-0x10] + * 10180984 89448F F0 MOV DWORD PTR DS:[EDI+ECX*4-0x10],EAX + * 10180988 8B448E F4 MOV EAX,DWORD PTR DS:[ESI+ECX*4-0xC] + * 1018098C 89448F F4 MOV DWORD PTR DS:[EDI+ECX*4-0xC],EAX + * 10180990 8B448E F8 MOV EAX,DWORD PTR DS:[ESI+ECX*4-0x8] + * 10180994 89448F F8 MOV DWORD PTR DS:[EDI+ECX*4-0x8],EAX + * 10180998 8B448E FC MOV EAX,DWORD PTR DS:[ESI+ECX*4-0x4] + * 1018099C 89448F FC MOV DWORD PTR DS:[EDI+ECX*4-0x4],EAX + * 101809A0 8D048D 00000000 LEA EAX,DWORD PTR DS:[ECX*4] + * 101809A7 03F0 ADD ESI,EAX + * 101809A9 03F8 ADD EDI,EAX + * 101809AB FF2495 B4091810 JMP DWORD PTR DS:[EDX*4+0x101809B4] + * 101809B2 8BFF MOV EDI,EDI + * 101809B4 C409 LES ECX,FWORD PTR DS:[ECX] ; Modification of segment register + * 101809B6 1810 SBB BYTE PTR DS:[EAX],DL + * 101809B8 CC INT3 + * 101809B9 0918 OR DWORD PTR DS:[EAX],EBX + * 101809BB 10D8 ADC AL,BL + * 101809BD 0918 OR DWORD PTR DS:[EAX],EBX + * 101809BF 10EC ADC AH,CH + * 101809C1 0918 OR DWORD PTR DS:[EAX],EBX + * 101809C3 108B 45085E5F ADC BYTE PTR DS:[EBX+0x5F5E0845],CL + * 101809C9 C9 LEAVE + * 101809CA C3 RETN + * 101809CB 90 NOP + * 101809CC 8A06 MOV AL,BYTE PTR DS:[ESI] + * 101809CE 8807 MOV BYTE PTR DS:[EDI],AL + * 101809D0 8B45 08 MOV EAX,DWORD PTR SS:[EBP+0x8] + * 101809D3 5E POP ESI + * 101809D4 5F POP EDI + * 101809D5 C9 LEAVE + * 101809D6 C3 RETN + * 101809D7 90 NOP + * 101809D8 8A06 MOV AL,BYTE PTR DS:[ESI] + * 101809DA 8807 MOV BYTE PTR DS:[EDI],AL + * 101809DC 8A46 01 MOV AL,BYTE PTR DS:[ESI+0x1] + * 101809DF 8847 01 MOV BYTE PTR DS:[EDI+0x1],AL + * 101809E2 8B45 08 MOV EAX,DWORD PTR SS:[EBP+0x8] + * 101809E5 5E POP ESI + * 101809E6 5F POP EDI + * 101809E7 C9 LEAVE + * 101809E8 C3 RETN + * 101809E9 8D49 00 LEA ECX,DWORD PTR DS:[ECX] + * 101809EC 8A06 MOV AL,BYTE PTR DS:[ESI] + * 101809EE 8807 MOV BYTE PTR DS:[EDI],AL + * 101809F0 8A46 01 MOV AL,BYTE PTR DS:[ESI+0x1] + * 101809F3 8847 01 MOV BYTE PTR DS:[EDI+0x1],AL + * 101809F6 8A46 02 MOV AL,BYTE PTR DS:[ESI+0x2] + * 101809F9 8847 02 MOV BYTE PTR DS:[EDI+0x2],AL + * 101809FC 8B45 08 MOV EAX,DWORD PTR SS:[EBP+0x8] + * 101809FF 5E POP ESI + * 10180A00 5F POP EDI + * 10180A01 C9 LEAVE + * 10180A02 C3 RETN + * 10180A03 90 NOP + * 10180A04 8D7431 FC LEA ESI,DWORD PTR DS:[ECX+ESI-0x4] + * 10180A08 8D7C39 FC LEA EDI,DWORD PTR DS:[ECX+EDI-0x4] + * 10180A0C F7C7 03000000 TEST EDI,0x3 + * 10180A12 75 24 JNZ SHORT RGSS301.10180A38 + * 10180A14 C1E9 02 SHR ECX,0x2 + * 10180A17 83E2 03 AND EDX,0x3 + * 10180A1A 83F9 08 CMP ECX,0x8 + * 10180A1D 72 0D JB SHORT RGSS301.10180A2C + * 10180A1F FD STD + * 10180A20 F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS> + * 10180A22 FC CLD + * 10180A23 FF2495 500B1810 JMP DWORD PTR DS:[EDX*4+0x10180B50] + * 10180A2A 8BFF MOV EDI,EDI + * 10180A2C F7D9 NEG ECX + * 10180A2E FF248D 000B1810 JMP DWORD PTR DS:[ECX*4+0x10180B00] + * 10180A35 8D49 00 LEA ECX,DWORD PTR DS:[ECX] + * 10180A38 8BC7 MOV EAX,EDI + * 10180A3A BA 03000000 MOV EDX,0x3 + * 10180A3F 83F9 04 CMP ECX,0x4 + * 10180A42 72 0C JB SHORT RGSS301.10180A50 + * 10180A44 83E0 03 AND EAX,0x3 + * 10180A47 2BC8 SUB ECX,EAX + * 10180A49 FF2485 540A1810 JMP DWORD PTR DS:[EAX*4+0x10180A54] + * 10180A50 FF248D 500B1810 JMP DWORD PTR DS:[ECX*4+0x10180B50] + * 10180A57 90 NOP + * 10180A58 64:0A18 OR BL,BYTE PTR FS:[EAX] + * 10180A5B 1088 0A1810B0 ADC BYTE PTR DS:[EAX+0xB010180A],CL + * 10180A61 0A18 OR BL,BYTE PTR DS:[EAX] + * 10180A63 108A 460323D1 ADC BYTE PTR DS:[EDX+0xD1230346],CL + * 10180A69 8847 03 MOV BYTE PTR DS:[EDI+0x3],AL + * 10180A6C 83EE 01 SUB ESI,0x1 + * 10180A6F C1E9 02 SHR ECX,0x2 + * 10180A72 83EF 01 SUB EDI,0x1 + * 10180A75 83F9 08 CMP ECX,0x8 + * 10180A78 ^72 B2 JB SHORT RGSS301.10180A2C + * 10180A7A FD STD + * 10180A7B F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS> + * 10180A7D FC CLD + * 10180A7E FF2495 500B1810 JMP DWORD PTR DS:[EDX*4+0x10180B50] + * 10180A85 8D49 00 LEA ECX,DWORD PTR DS:[ECX] + * 10180A88 8A46 03 MOV AL,BYTE PTR DS:[ESI+0x3] + * 10180A8B 23D1 AND EDX,ECX + * 10180A8D 8847 03 MOV BYTE PTR DS:[EDI+0x3],AL + * 10180A90 8A46 02 MOV AL,BYTE PTR DS:[ESI+0x2] + * 10180A93 C1E9 02 SHR ECX,0x2 + * 10180A96 8847 02 MOV BYTE PTR DS:[EDI+0x2],AL + * 10180A99 83EE 02 SUB ESI,0x2 + * 10180A9C 83EF 02 SUB EDI,0x2 + * 10180A9F 83F9 08 CMP ECX,0x8 + * 10180AA2 ^72 88 JB SHORT RGSS301.10180A2C + * 10180AA4 FD STD + * 10180AA5 F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS> + * 10180AA7 FC CLD + * 10180AA8 FF2495 500B1810 JMP DWORD PTR DS:[EDX*4+0x10180B50] + * 10180AAF 90 NOP + * 10180AB0 8A46 03 MOV AL,BYTE PTR DS:[ESI+0x3] + * 10180AB3 23D1 AND EDX,ECX + * 10180AB5 8847 03 MOV BYTE PTR DS:[EDI+0x3],AL + * 10180AB8 8A46 02 MOV AL,BYTE PTR DS:[ESI+0x2] + * 10180ABB 8847 02 MOV BYTE PTR DS:[EDI+0x2],AL + * 10180ABE 8A46 01 MOV AL,BYTE PTR DS:[ESI+0x1] + * 10180AC1 C1E9 02 SHR ECX,0x2 + * 10180AC4 8847 01 MOV BYTE PTR DS:[EDI+0x1],AL + * 10180AC7 83EE 03 SUB ESI,0x3 + * 10180ACA 83EF 03 SUB EDI,0x3 + * 10180ACD 83F9 08 CMP ECX,0x8 + * 10180AD0 ^0F82 56FFFFFF JB RGSS301.10180A2C + * 10180AD6 FD STD + * 10180AD7 F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS> + * 10180AD9 FC CLD + * 10180ADA FF2495 500B1810 JMP DWORD PTR DS:[EDX*4+0x10180B50] + * 10180AE1 8D49 00 LEA ECX,DWORD PTR DS:[ECX] + * 10180AE4 04 0B ADD AL,0xB + * 10180AE6 1810 SBB BYTE PTR DS:[EAX],DL + * 10180AE8 0C 0B OR AL,0xB + * 10180AEA 1810 SBB BYTE PTR DS:[EAX],DL + * 10180AEC 14 0B ADC AL,0xB + * 10180AEE 1810 SBB BYTE PTR DS:[EAX],DL + * 10180AF0 1C 0B SBB AL,0xB + * 10180AF2 1810 SBB BYTE PTR DS:[EAX],DL + * 10180AF4 24 0B AND AL,0xB + * 10180AF6 1810 SBB BYTE PTR DS:[EAX],DL + * 10180AF8 2C 0B SUB AL,0xB + * 10180AFA 1810 SBB BYTE PTR DS:[EAX],DL + * 10180AFC 34 0B XOR AL,0xB + * 10180AFE 1810 SBB BYTE PTR DS:[EAX],DL + * 10180B00 47 INC EDI + * 10180B01 0B18 OR EBX,DWORD PTR DS:[EAX] + * 10180B03 108B 448E1C89 ADC BYTE PTR DS:[EBX+0x891C8E44],CL + * 10180B09 44 INC ESP + * 10180B0A 8F ??? ; Unknown command + * 10180B0B 1C 8B SBB AL,0x8B + * 10180B0D 44 INC ESP + * 10180B0E 8E18 MOV DS,WORD PTR DS:[EAX] ; Modification of segment register + * 10180B10 89448F 18 MOV DWORD PTR DS:[EDI+ECX*4+0x18],EAX + * 10180B14 8B448E 14 MOV EAX,DWORD PTR DS:[ESI+ECX*4+0x14] + * 10180B18 89448F 14 MOV DWORD PTR DS:[EDI+ECX*4+0x14],EAX + * 10180B1C 8B448E 10 MOV EAX,DWORD PTR DS:[ESI+ECX*4+0x10] + * 10180B20 89448F 10 MOV DWORD PTR DS:[EDI+ECX*4+0x10],EAX + * 10180B24 8B448E 0C MOV EAX,DWORD PTR DS:[ESI+ECX*4+0xC] + * 10180B28 89448F 0C MOV DWORD PTR DS:[EDI+ECX*4+0xC],EAX + * 10180B2C 8B448E 08 MOV EAX,DWORD PTR DS:[ESI+ECX*4+0x8] + * 10180B30 89448F 08 MOV DWORD PTR DS:[EDI+ECX*4+0x8],EAX + * 10180B34 8B448E 04 MOV EAX,DWORD PTR DS:[ESI+ECX*4+0x4] + * 10180B38 89448F 04 MOV DWORD PTR DS:[EDI+ECX*4+0x4],EAX + * 10180B3C 8D048D 00000000 LEA EAX,DWORD PTR DS:[ECX*4] + * 10180B43 03F0 ADD ESI,EAX + * 10180B45 03F8 ADD EDI,EAX + * 10180B47 FF2495 500B1810 JMP DWORD PTR DS:[EDX*4+0x10180B50] + * 10180B4E 8BFF MOV EDI,EDI + * 10180B50 60 PUSHAD + * 10180B51 0B18 OR EBX,DWORD PTR DS:[EAX] + * 10180B53 1068 0B ADC BYTE PTR DS:[EAX+0xB],CH + * 10180B56 1810 SBB BYTE PTR DS:[EAX],DL + * 10180B58 78 0B JS SHORT RGSS301.10180B65 + * 10180B5A 1810 SBB BYTE PTR DS:[EAX],DL + * 10180B5C 8C0B MOV WORD PTR DS:[EBX],CS + * 10180B5E 1810 SBB BYTE PTR DS:[EAX],DL + * 10180B60 8B45 08 MOV EAX,DWORD PTR SS:[EBP+0x8] + * 10180B63 5E POP ESI + * 10180B64 5F POP EDI + * 10180B65 C9 LEAVE + * 10180B66 C3 RETN + * 10180B67 90 NOP + * 10180B68 8A46 03 MOV AL,BYTE PTR DS:[ESI+0x3] + * 10180B6B 8847 03 MOV BYTE PTR DS:[EDI+0x3],AL + * 10180B6E 8B45 08 MOV EAX,DWORD PTR SS:[EBP+0x8] + * 10180B71 5E POP ESI + * 10180B72 5F POP EDI + * 10180B73 C9 LEAVE + * 10180B74 C3 RETN + * 10180B75 8D49 00 LEA ECX,DWORD PTR DS:[ECX] + * 10180B78 8A46 03 MOV AL,BYTE PTR DS:[ESI+0x3] + * 10180B7B 8847 03 MOV BYTE PTR DS:[EDI+0x3],AL + * 10180B7E 8A46 02 MOV AL,BYTE PTR DS:[ESI+0x2] + * 10180B81 8847 02 MOV BYTE PTR DS:[EDI+0x2],AL + * 10180B84 8B45 08 MOV EAX,DWORD PTR SS:[EBP+0x8] + * 10180B87 5E POP ESI + * 10180B88 5F POP EDI + * 10180B89 C9 LEAVE + * 10180B8A C3 RETN + * 10180B8B 90 NOP + * 10180B8C 8A46 03 MOV AL,BYTE PTR DS:[ESI+0x3] + * 10180B8F 8847 03 MOV BYTE PTR DS:[EDI+0x3],AL + * 10180B92 8A46 02 MOV AL,BYTE PTR DS:[ESI+0x2] + * 10180B95 8847 02 MOV BYTE PTR DS:[EDI+0x2],AL + * 10180B98 8A46 01 MOV AL,BYTE PTR DS:[ESI+0x1] + * 10180B9B 8847 01 MOV BYTE PTR DS:[EDI+0x1],AL + * 10180B9E 8B45 08 MOV EAX,DWORD PTR SS:[EBP+0x8] + * 10180BA1 5E POP ESI + * 10180BA2 5F POP EDI + * 10180BA3 C9 LEAVE + * 10180BA4 C3 RETN + * 10180BA5 CC INT3 + * 10180BA6 CC INT3 + * 10180BA7 CC INT3 + * 10180BA8 CC INT3 + * 10180BA9 CC INT3 + * 10180BAA CC INT3 + * 10180BAB CC INT3 + */ +namespace Private { + + //enum { MaxTextSize = 0x1000 }; + //char oldText_[MaxTextSize + 1]; // 1 extra 0 that is always 0 + //size_t oldSize_; + + struct HookArgument + { + LPDWORD type; // 0x0 + LPDWORD unknown; // 0x4 + size_t size; // 0x8 + LPCSTR text; // 0xc, editable though + + bool isValid() const + { + return Engine::isAddressReadable(type) && *type + && size && size < 1500 + && Engine::isAddressWritable(text, size + 1) && *text + && text[size] == 0 && ::strlen(text) == size // validate size + //&& !::strchr(text, '/') + && !all_ascii(text); + } + + //int size() const { return (*type >> 0xe) & 0x1f; } + }; + + inline bool _trims(const wchar_t &ch) + { return ch <= 127 ||std::isspace(ch,std::locale("ja_JP.SJIS")); } + + std::wstring trim(const std::wstring& text, std::wstring* prefix = nullptr, std::wstring* suffix = nullptr) + { + if (text.empty() || + !_trims(text[0]) && !_trims(text[text.size() - 1])) + return text; + std::wstring ret = text; + if (_trims(ret[0])) { + int pos = 1; + for (; pos < ret.size() && _trims(ret[pos]); pos++); + if (prefix) + *prefix = ret.substr(0,pos); + ret = ret.substr(pos); + } + if (!ret.empty() && _trims(ret[ret.size() - 1])) { + int pos = ret.size() - 2; + for (; pos >= 0 && _trims(ret[pos]); pos--); + if (suffix) + *suffix = ret.substr(pos + 1); + ret = ret.substr(0,pos + 1); + } + return ret; + } + + //bool textsContains(const QSet &texts, const QString &text) + //{ + // if (texts.contains(text)) + // return true; + // if (text.contains('\n')) // 0xa, skip translation if any of the part has been translated + // foreach (const QString &it, text.split('\n', QString::SkipEmptyParts)) + // if (texts.contains(it)) + // return true; + // return false; + //} + + int guessTextRole(const std::wstring &text) + { + enum { MaxNameSize = 100 }; + enum : wchar_t { + w_square_open = 0x3010 /* 【 */ + , w_square_close = 0x3011 /* 】 */ + }; + if (text.size() > 2 + && text.size() < MaxNameSize + && text[0] == w_square_open + && text[text.size() - 1] == w_square_close) + return Engine::NameRole; + return Engine::ScenarioRole; + } + + std::string data_; + HookArgument *arg_; + LPCSTR oldText_; + size_t oldSize_; + std::unordered_set texts_; + void hookafter2(hook_stack*s,void* data1, size_t len){ + + enum { RecentTextCapacity = 4 }; + static std::vector recentTexts_; // used to eliminate recent duplicates + + auto arg = (HookArgument *)s->stack[0]; // arg1 + if (arg && arg->isValid()) { // && (quint8)arg->text[0] > 127) { // skip translate text beginning with ascii character + std::wstring oldText =StringToWideString(std::string(arg->text, arg->size),CP_UTF8).value(),// QString::fromUtf8(arg->text, arg->size), + prefix, + suffix, + trimmedText = trim(oldText, &prefix, &suffix); + + if (!trimmedText.empty() && (texts_.find(trimmedText)==texts_.end())) { // skip text beginning with ascii character + + //ULONG split = arg->unknown2[0]; // always 2 + //ULONG split = s->stack[0]; // return address + std::wstring newText =std::wstring((wchar_t*)data1,len/2); + + if (newText != trimmedText) { + texts_.insert(newText); + texts_.insert(trim(newText)); // in case there are leading/trailing English letters in the translation + + if (!prefix.empty()) + newText.insert(0,prefix); + if (!suffix.empty()) + newText.append(suffix); + + //texts_.insert(newText); + + data_ = WideStringToString(newText, CP_UTF8);// newText.toUtf8(); + + arg_ = arg; + oldSize_ = arg->size; + oldText_ = arg->text; + //::memcpy(oldText_, arg->text, qMin(arg->size + 1, MaxTextSize)); // memcpy also works + + arg->size = data_.size(); + arg->text = data_.c_str(); + } + } + } + } + bool hookBefore(hook_stack*s,void* data1, size_t* len1,uintptr_t*role) + { + + enum { RecentTextCapacity = 4 }; + static std::vector recentTexts_; // used to eliminate recent duplicates + + auto arg = (HookArgument *)s->stack[0]; // arg1 + if (arg && arg->isValid()) { // && (quint8)arg->text[0] > 127) { // skip translate text beginning with ascii character + std::wstring oldText =StringToWideString(std::string(arg->text, arg->size),CP_UTF8).value(),// QString::fromUtf8(arg->text, arg->size), + prefix, + suffix, + trimmedText = trim(oldText, &prefix, &suffix); + + if (!trimmedText.empty() && (texts_.find(trimmedText)==texts_.end())) { // skip text beginning with ascii character + + const bool sendAllowed = (std::find(recentTexts_.begin(),recentTexts_.end(),oldText)==recentTexts_.end()); + if (sendAllowed) { + recentTexts_.push_back(oldText); + if (recentTexts_.size() > RecentTextCapacity) + recentTexts_.erase(recentTexts_.begin()); + } + + //ULONG split = arg->unknown2[0]; // always 2 + //ULONG split = s->stack[0]; // return address + std::wstring newText; + std::wstring old=trimmedText; + wcscpy((LPWSTR)data1,old.c_str());*len1=old.size()*2; + return 1; + + if (newText != trimmedText) { + texts_.insert(newText); + texts_.insert(trim(newText)); // in case there are leading/trailing English letters in the translation + + if (!prefix.empty()) + newText.insert(0,prefix); + if (!suffix.empty()) + newText.append(suffix); + + //texts_.insert(newText); + + data_ = WideStringToString(newText, CP_UTF8);// newText.toUtf8(); + + arg_ = arg; + oldSize_ = arg->size; + oldText_ = arg->text; + //::memcpy(oldText_, arg->text, qMin(arg->size + 1, MaxTextSize)); // memcpy also works + + arg->size = data_.size(); + arg->text = data_.c_str(); + } + } + } + return 0; + } + + bool hookAfter(hook_stack*s,void* data1, size_t* len1,uintptr_t*role) + { + if (arg_) { + arg_->size = oldSize_; + arg_->text = oldText_; + //::strcpy(arg_->text, oldText_); + arg_ = nullptr; + } + return 0; + } +} // namespace Private + +bool attach(ULONG startAddress, ULONG stopAddress) // attach scenario +{ + const uint8_t bytes[] = { + 0x8b,0x54,0x24, 0x24, // 1004155c 8b5424 24 mov edx,dword ptr ss:[esp+0x24] + 0x8b,0x02, // 10041560 8b02 mov eax,dword ptr ds:[edx] + 0x8b,0xc8, // 10041562 8bc8 mov ecx,eax + 0x83,0xc4, 0x0c, // 10041564 83c4 0c add esp,0xc + 0x81,0xe1, 0x00,0x20,0x00,0x00 // 10041567 81e1 00200000 and ecx,0x2000 + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if (!addr) + return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) + return false; + //addr = MemDbg::findPushAddress(addr, startAddress, stopAddress); + //addr = 0x10041557; + //addr = 0x100414a0; + //addr = 0x10056BC0; + //addr = 0x1002e5e1; + addr = MemDbg::findNearCallAddress(addr, startAddress, stopAddress); + if (!addr) + return false; + //return winhook::hook_both(addr, Private::hookBefore, Private::hookAfter); + HookParam hp; + hp.address=addr; + hp.hook_before=Private::hookBefore; + hp.hook_after=Private::hookafter2; + hp.type=USING_STRING|CODEC_UTF16|EMBED_ABLE; + hp.hook_font=F_GetGlyphOutlineW; + auto succ=NewHook(hp,"EmbedRGSS3"); + hp.address=addr+5; + hp.hook_before=Private::hookAfter; + hp.type=HOOK_EMPTY|EMBED_ABLE; + succ|=NewHook(hp,"EmbedRGSS3"); + return succ; +} +} // namespace ScenarioHook + +namespace ChoiceHook { + +namespace Private { + + struct HookArgument + { + LPDWORD unknown1, + unknown2, + unknown3; + LPSTR text; // arg2 + 0xc + + bool isValid() const + { + return text + && Engine::isAddressReadable(text) && *text + && Engine::isAddressWritable(text, ::strlen(text)); + } + + //int size() const { return (*type >> 0xe) & 0x1f; } + }; + + bool hookBefore(hook_stack*s,void* data1, size_t* len1,uintptr_t*role) + { + * role = Engine::OtherRole ; + auto arg = (HookArgument *)s->stack[2]; // arg2 + if (arg->isValid()) { + auto oldText =StringToWideString(std::string(arg->text),CP_UTF8).value(); + auto split = s->stack[0]; // return address + std::wstring old=oldText; + wcscpy((LPWSTR)data1,old.c_str());*len1=old.size()*2; + return 1; + // std::wstring newText = EngineController::instance()->dispatchTextWSTD(oldText, role, sig); + // if (newText != oldText) { + // if (newText.size() < oldText.size()) + // ::memset(arg->text, 0, ::strlen(arg->text)); + // ::strcpy(arg->text, WideStringToString(newText, CP_UTF8).c_str());// newText.toUtf8()); + // } + } + return 0; + } + void hookafter2(hook_stack*s,void* data1, size_t len){ + { + auto arg = (HookArgument *)s->stack[2]; // arg2 + if (arg->isValid()) { + auto oldText =StringToWideString(std::string(arg->text),CP_UTF8).value(); + auto split = s->stack[0]; // return address + std::wstring old=oldText; + + std::wstring newText =std::wstring((wchar_t*)data1,len/2); + if (newText != oldText) { + if (newText.size() < oldText.size()) + ::memset(arg->text, 0, ::strlen(arg->text)); + ::strcpy(arg->text, WideStringToString(newText, CP_UTF8).c_str());// newText.toUtf8()); + } + } + } +} // namespace Private + +/** + * Sample game: Mogeko Castle + * + * One of the caller of the three GetGlyphOutlineW + * + * The paint function, where text get lost. Text in [[arg2]+0xc] in UTF8 encoding. + * 1000751D CC INT3 + * 1000751E CC INT3 + * 1000751F CC INT3 + * 10007520 55 PUSH EBP + * 10007521 8BEC MOV EBP,ESP + * 10007523 83EC 28 SUB ESP,0x28 + * 10007526 8B45 08 MOV EAX,DWORD PTR SS:[EBP+0x8] + * 10007529 50 PUSH EAX + * 1000752A E8 51E6FFFF CALL RGSS301.10005B80 + * 1000752F 83C4 04 ADD ESP,0x4 + * 10007532 8945 D8 MOV DWORD PTR SS:[EBP-0x28],EAX + * 10007535 68 08781A10 PUSH RGSS301.101A7808 ; ASCII "font" + * 1000753A 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+0x8] + * 1000753D 51 PUSH ECX + * 1000753E E8 6D0E0600 CALL RGSS301.100683B0 + * 10007543 83C4 08 ADD ESP,0x8 + * 10007546 8945 E4 MOV DWORD PTR SS:[EBP-0x1C],EAX + * 10007549 8B55 E4 MOV EDX,DWORD PTR SS:[EBP-0x1C] + * 1000754C 8B42 10 MOV EAX,DWORD PTR DS:[EDX+0x10] + * 1000754F 8945 F8 MOV DWORD PTR SS:[EBP-0x8],EAX + * 10007552 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+0xC] + * 10007555 51 PUSH ECX + * 10007556 E8 15F90200 CALL RGSS301.10036E70 + * 1000755B 83C4 04 ADD ESP,0x4 + * 1000755E 8945 E0 MOV DWORD PTR SS:[EBP-0x20],EAX + * 10007561 8D55 E0 LEA EDX,DWORD PTR SS:[EBP-0x20] + * 10007564 52 PUSH EDX + * 10007565 E8 36070300 CALL RGSS301.10037CA0 + * 1000756A 83C4 04 ADD ESP,0x4 + * 1000756D 8945 DC MOV DWORD PTR SS:[EBP-0x24],EAX + * 10007570 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-0x28] + * 10007573 8B48 08 MOV ECX,DWORD PTR DS:[EAX+0x8] + * 10007576 E8 651F0100 CALL RGSS301.100194E0 + * 1000757B 8945 F4 MOV DWORD PTR SS:[EBP-0xC],EAX + * 1000757E 83EC 08 SUB ESP,0x8 + * 10007581 D9E8 FLD1 + * 10007583 DD1C24 FSTP QWORD PTR SS:[ESP] + * 10007586 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-0xC] + * 10007589 E8 A2210100 CALL RGSS301.10019730 + * 1000758E 6A 00 PUSH 0x0 + * 10007590 6A 00 PUSH 0x0 + * 10007592 6A 00 PUSH 0x0 + * 10007594 8D4D EC LEA ECX,DWORD PTR SS:[EBP-0x14] + * 10007597 51 PUSH ECX + * 10007598 8B55 DC MOV EDX,DWORD PTR SS:[EBP-0x24] + * 1000759B 52 PUSH EDX + * 1000759C E8 CF500000 CALL RGSS301.1000C670 ; jichi: convert utf8 text in edx to utf16 in eax + * 100075A1 83C4 04 ADD ESP,0x4 + * 100075A4 50 PUSH EAX + * 100075A5 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-0x28] + * 100075A8 8B48 08 MOV ECX,DWORD PTR DS:[EAX+0x8] + * 100075AB E8 A07B0100 CALL RGSS301.1001F150 ; jichi: utf16 text paint here + * 100075B0 E8 7BAB0000 CALL RGSS301.10012130 + * 100075B5 8945 FC MOV DWORD PTR SS:[EBP-0x4],EAX + * 100075B8 8B4D FC MOV ECX,DWORD PTR SS:[EBP-0x4] + * 100075BB 8B51 10 MOV EDX,DWORD PTR DS:[ECX+0x10] + * 100075BE 8955 E8 MOV DWORD PTR SS:[EBP-0x18],EDX + * 100075C1 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-0x18] + * 100075C4 C740 08 00000000 MOV DWORD PTR DS:[EAX+0x8],0x0 + * 100075CB 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-0x18] + * 100075CE C741 0C 00000000 MOV DWORD PTR DS:[ECX+0xC],0x0 + * 100075D5 8B55 E8 MOV EDX,DWORD PTR SS:[EBP-0x18] + * 100075D8 8B45 EC MOV EAX,DWORD PTR SS:[EBP-0x14] + * 100075DB 8942 10 MOV DWORD PTR DS:[EDX+0x10],EAX + * 100075DE 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-0x18] + * 100075E1 8B55 F0 MOV EDX,DWORD PTR SS:[EBP-0x10] + * 100075E4 8951 14 MOV DWORD PTR DS:[ECX+0x14],EDX + * 100075E7 8B45 FC MOV EAX,DWORD PTR SS:[EBP-0x4] + * 100075EA 8BE5 MOV ESP,EBP + * 100075EC 5D POP EBP + * 100075ED C3 RETN + * 100075EE CC INT3 + */ +ULONG functionAddress; // the function address being hooked +bool attach(ULONG startAddress, ULONG stopAddress) // attach other text +{ + const uint8_t bytes[] = { + 0x89,0x45, 0xfc, // 100075b5 8945 fc mov dword ptr ss:[ebp-0x4],eax + 0x8b,0x4d, 0xfc, // 100075b8 8b4d fc mov ecx,dword ptr ss:[ebp-0x4] + 0x8b,0x51, 0x10, // 100075bb 8b51 10 mov edx,dword ptr ds:[ecx+0x10] + 0x89,0x55, 0xe8, // 100075be 8955 e8 mov dword ptr ss:[ebp-0x18],edx + 0x8b,0x45, 0xe8 // 100075c1 8b45 e8 mov eax,dword ptr ss:[ebp-0x18] + }; + if (ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress)) + if (addr = MemDbg::findEnclosingAlignedFunction(addr)){ + HookParam hp; + hp.address=addr; + hp.hook_before=Private::hookBefore; + hp.hook_after=Private::hookafter2; + hp.type=USING_STRING|CODEC_UTF16|EMBED_ABLE; + hp.hook_font=F_GetGlyphOutlineW; + + functionAddress = addr; + return NewHook(hp,"EmbedRGSS3Choice"); + } + + return false; +} + +} // namespace ChoiceHook + +} +namespace OtherHook { + +namespace Private { + + bool hookBefore(hook_stack*s,void* data1, size_t* len1,uintptr_t*role) + { + {* role = Engine::OtherRole ;}; + auto retaddr = s->stack[0]; + if (retaddr > ChoiceHook::Private::functionAddress && retaddr - ChoiceHook::Private::functionAddress < 0xff) + return 0; // skip translate already-hooked function + + auto text = (LPWSTR)s->stack[1]; // arg1 + if (text && *text) { + std::wstring oldText(text); + if (oldText.size() > 1) { + wcscpy((LPWSTR)data1,oldText.c_str());*len1=oldText.size()*2; + return 1; + + } + } + return 0; + } + void hookafter2(hook_stack*s,void* data1, size_t len){ + { + auto retaddr = s->stack[0]; + if (retaddr > ChoiceHook::Private::functionAddress && retaddr - ChoiceHook::Private::functionAddress < 0xff) + return ; // skip translate already-hooked function + + auto text = (LPWSTR)s->stack[1]; // arg1 + if (text && *text) { + std::wstring oldText(text); + if (oldText.size() > 1) { + + std::wstring newText =std::wstring((wchar_t*)data1,len/2); ; + if (newText != oldText) + ::wcscpy(text, (LPCWSTR)newText.c_str()); + } + } + } +} // namespace Private + +/** + * Sample game: Mogeko Castle + * + * There are three GetGlyphIndicesW. + * The caller of the first one is hooked. + * + * The first caller of GetGlyphOutlineW, text in arg1, which is other thread: + * + * 00826D48 10007251 RETURN to RGSS301.10007251 from RGSS301.1001F150 + * 00826D4C 00826D9C ; jichi: text here + * 00826D50 00828DC8 ASCII "H?" + * 00826D54 00000001 + * 00826D58 00000001 + * 00826D5C 00828DEC + * 00826D60 40000000 + * 00826D64 008283A8 + * 00826D68 1018DF60 RGSS301.1018DF60 + * + * 1001F14B CC INT3 + * 1001F14C CC INT3 + * 1001F14D CC INT3 + * 1001F14E CC INT3 + * 1001F14F CC INT3 + * 1001F150 55 PUSH EBP + * 1001F151 8BEC MOV EBP,ESP + * 1001F153 81EC 88000000 SUB ESP,0x88 + * 1001F159 894D 8C MOV DWORD PTR SS:[EBP-0x74],ECX + * 1001F15C 837D 18 00 CMP DWORD PTR SS:[EBP+0x18],0x0 + * 1001F160 74 09 JE SHORT RGSS301.1001F16B + * 1001F162 8B45 18 MOV EAX,DWORD PTR SS:[EBP+0x18] + * 1001F165 C700 01000000 MOV DWORD PTR DS:[EAX],0x1 + * 1001F16B 8B4D 8C MOV ECX,DWORD PTR SS:[EBP-0x74] + * 1001F16E E8 6DA3FFFF CALL RGSS301.100194E0 + * 1001F173 85C0 TEST EAX,EAX + * 1001F175 75 07 JNZ SHORT RGSS301.1001F17E + * 1001F177 33C0 XOR EAX,EAX + * 1001F179 E9 D1010000 JMP RGSS301.1001F34F + * 1001F17E 8B4D 8C MOV ECX,DWORD PTR SS:[EBP-0x74] + * 1001F181 E8 5AA3FFFF CALL RGSS301.100194E0 + * 1001F186 8BC8 MOV ECX,EAX + * 1001F188 E8 D3A6FFFF CALL RGSS301.10019860 + * 1001F18D 8945 FC MOV DWORD PTR SS:[EBP-0x4],EAX + * 1001F190 837D FC 00 CMP DWORD PTR SS:[EBP-0x4],0x0 + * 1001F194 75 07 JNZ SHORT RGSS301.1001F19D + * 1001F196 33C0 XOR EAX,EAX + * 1001F198 E9 B2010000 JMP RGSS301.1001F34F + * 1001F19D 8D4D BC LEA ECX,DWORD PTR SS:[EBP-0x44] + * 1001F1A0 51 PUSH ECX + * 1001F1A1 8B55 FC MOV EDX,DWORD PTR SS:[EBP-0x4] + * 1001F1A4 52 PUSH EDX + * 1001F1A5 FF15 3C201A10 CALL DWORD PTR DS:[0x101A203C] ; gdi32.GetTextMetricsW + * 1001F1AB 8B45 0C MOV EAX,DWORD PTR SS:[EBP+0xC] + * 1001F1AE C700 00000000 MOV DWORD PTR DS:[EAX],0x0 + * 1001F1B4 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+0xC] + * 1001F1B7 C741 04 00000000 MOV DWORD PTR DS:[ECX+0x4],0x0 + * 1001F1BE 33D2 XOR EDX,EDX + * 1001F1C0 66:8955 AC MOV WORD PTR SS:[EBP-0x54],DX + * 1001F1C4 B8 01000000 MOV EAX,0x1 + * 1001F1C9 66:8945 AE MOV WORD PTR SS:[EBP-0x52],AX + * 1001F1CD 33C9 XOR ECX,ECX + * 1001F1CF 66:894D B0 MOV WORD PTR SS:[EBP-0x50],CX + * 1001F1D3 33D2 XOR EDX,EDX + * 1001F1D5 66:8955 B2 MOV WORD PTR SS:[EBP-0x4E],DX + * 1001F1D9 33C0 XOR EAX,EAX + * 1001F1DB 66:8945 B4 MOV WORD PTR SS:[EBP-0x4C],AX + * 1001F1DF 33C9 XOR ECX,ECX + * 1001F1E1 66:894D B6 MOV WORD PTR SS:[EBP-0x4A],CX + * 1001F1E5 33D2 XOR EDX,EDX + * 1001F1E7 66:8955 B8 MOV WORD PTR SS:[EBP-0x48],DX + * 1001F1EB B8 01000000 MOV EAX,0x1 + * 1001F1F0 66:8945 BA MOV WORD PTR SS:[EBP-0x46],AX + * 1001F1F4 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+0x8] + * 1001F1F7 894D 88 MOV DWORD PTR SS:[EBP-0x78],ECX + * 1001F1FA 8B55 88 MOV EDX,DWORD PTR SS:[EBP-0x78] + * 1001F1FD 83C2 02 ADD EDX,0x2 + * 1001F200 8955 84 MOV DWORD PTR SS:[EBP-0x7C],EDX + * 1001F203 8B45 88 MOV EAX,DWORD PTR SS:[EBP-0x78] + * 1001F206 66:8B08 MOV CX,WORD PTR DS:[EAX] + * 1001F209 66:894D 82 MOV WORD PTR SS:[EBP-0x7E],CX + * 1001F20D 8345 88 02 ADD DWORD PTR SS:[EBP-0x78],0x2 + * 1001F211 66:837D 82 00 CMP WORD PTR SS:[EBP-0x7E],0x0 + * 1001F216 ^75 EB JNZ SHORT RGSS301.1001F203 + * 1001F218 8B55 88 MOV EDX,DWORD PTR SS:[EBP-0x78] + * 1001F21B 2B55 84 SUB EDX,DWORD PTR SS:[EBP-0x7C] + * 1001F21E D1FA SAR EDX,1 + * 1001F220 8995 7CFFFFFF MOV DWORD PTR SS:[EBP-0x84],EDX + * 1001F226 8B85 7CFFFFFF MOV EAX,DWORD PTR SS:[EBP-0x84] + * 1001F22C 8945 F8 MOV DWORD PTR SS:[EBP-0x8],EAX + * 1001F22F C745 A8 00000000 MOV DWORD PTR SS:[EBP-0x58],0x0 + * 1001F236 EB 09 JMP SHORT RGSS301.1001F241 + * 1001F238 8B4D A8 MOV ECX,DWORD PTR SS:[EBP-0x58] + * 1001F23B 83C1 01 ADD ECX,0x1 + * 1001F23E 894D A8 MOV DWORD PTR SS:[EBP-0x58],ECX + * 1001F241 8B55 A8 MOV EDX,DWORD PTR SS:[EBP-0x58] + * 1001F244 3B55 F8 CMP EDX,DWORD PTR SS:[EBP-0x8] + * 1001F247 0F8D C2000000 JGE RGSS301.1001F30F + * 1001F24D 8D45 AC LEA EAX,DWORD PTR SS:[EBP-0x54] + * 1001F250 50 PUSH EAX + * 1001F251 6A 00 PUSH 0x0 + * 1001F253 6A 00 PUSH 0x0 + * 1001F255 8D4D 90 LEA ECX,DWORD PTR SS:[EBP-0x70] + * 1001F258 51 PUSH ECX + * 1001F259 6A 06 PUSH 0x6 + * 1001F25B 8B55 A8 MOV EDX,DWORD PTR SS:[EBP-0x58] + * 1001F25E 8B45 08 MOV EAX,DWORD PTR SS:[EBP+0x8] + * 1001F261 0FB70C50 MOVZX ECX,WORD PTR DS:[EAX+EDX*2] + * 1001F265 51 PUSH ECX + * 1001F266 8B55 FC MOV EDX,DWORD PTR SS:[EBP-0x4] + * 1001F269 52 PUSH EDX + * 1001F26A FF15 30201A10 CALL DWORD PTR DS:[0x101A2030] ; gdi32.GetGlyphOutlineW + * 1001F270 8945 A4 MOV DWORD PTR SS:[EBP-0x5C],EAX + * 1001F273 837D 18 00 CMP DWORD PTR SS:[EBP+0x18],0x0 + * 1001F277 74 12 JE SHORT RGSS301.1001F28B + * 1001F279 8B45 18 MOV EAX,DWORD PTR SS:[EBP+0x18] + * 1001F27C 8B4D A4 MOV ECX,DWORD PTR SS:[EBP-0x5C] + * 1001F27F 3B08 CMP ECX,DWORD PTR DS:[EAX] + * 1001F281 76 08 JBE SHORT RGSS301.1001F28B + * 1001F283 8B55 18 MOV EDX,DWORD PTR SS:[EBP+0x18] + * 1001F286 8B45 A4 MOV EAX,DWORD PTR SS:[EBP-0x5C] + * 1001F289 8902 MOV DWORD PTR DS:[EDX],EAX + * 1001F28B 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+0xC] + * 1001F28E 8B11 MOV EDX,DWORD PTR DS:[ECX] + * 1001F290 0355 98 ADD EDX,DWORD PTR SS:[EBP-0x68] + * 1001F293 79 0A JNS SHORT RGSS301.1001F29F + * + * Caller of the other two GetGlyphOutlineW, where text is in arg5. + * + * 00826D34 100074F7 RETURN to RGSS301.100074F7 from RGSS301.1001F360 + * 00826D38 00000088 + * 00826D3C 000000E8 + * 00826D40 00000058 + * 00826D44 00000018 + * 00826D48 00826D9C ; jichi: text here + * 00826D4C FFFFFFFF + * 00826D50 80000000 + * 00826D54 00000001 + * 00826D58 00000000 + * 00826D5C 00000140 + * 00826D60 000000C0 + * 00826D64 008283A8 + * 00826D68 1018DF60 RGSS301.1018DF60 + * + * 1001F35C CC INT3 + * 1001F35D CC INT3 + * 1001F35E CC INT3 + * 1001F35F CC INT3 + * 1001F360 55 PUSH EBP + * 1001F361 8BEC MOV EBP,ESP + * 1001F363 81EC 4C010000 SUB ESP,0x14C + * 1001F369 898D C4FEFFFF MOV DWORD PTR SS:[EBP-0x13C],ECX + * 1001F36F 8B8D C4FEFFFF MOV ECX,DWORD PTR SS:[EBP-0x13C] + * 1001F375 E8 66A1FFFF CALL RGSS301.100194E0 + * 1001F37A 85C0 TEST EAX,EAX + * 1001F37C 75 07 JNZ SHORT RGSS301.1001F385 + * 1001F37E 33C0 XOR EAX,EAX + * 1001F380 E9 12060000 JMP RGSS301.1001F997 + * 1001F385 8B8D C4FEFFFF MOV ECX,DWORD PTR SS:[EBP-0x13C] + * 1001F38B E8 50A1FFFF CALL RGSS301.100194E0 + * 1001F390 8BC8 MOV ECX,EAX + * 1001F392 E8 C9A4FFFF CALL RGSS301.10019860 + * 1001F397 8945 F8 MOV DWORD PTR SS:[EBP-0x8],EAX + * 1001F39A 837D F8 00 CMP DWORD PTR SS:[EBP-0x8],0x0 + * 1001F39E 75 07 JNZ SHORT RGSS301.1001F3A7 + * 1001F3A0 33C0 XOR EAX,EAX + * 1001F3A2 E9 F0050000 JMP RGSS301.1001F997 + * 1001F3A7 8D45 A0 LEA EAX,DWORD PTR SS:[EBP-0x60] + * 1001F3AA 50 PUSH EAX + * 1001F3AB 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-0x8] + * 1001F3AE 51 PUSH ECX + * 1001F3AF FF15 3C201A10 CALL DWORD PTR DS:[0x101A203C] ; gdi32.GetTextMetricsW + * 1001F3B5 837D 2C 00 CMP DWORD PTR SS:[EBP+0x2C],0x0 + * 1001F3B9 77 4C JA SHORT RGSS301.1001F407 + * 1001F3BB 8D55 2C LEA EDX,DWORD PTR SS:[EBP+0x2C] + * 1001F3BE 52 PUSH EDX + * 1001F3BF 8B45 24 MOV EAX,DWORD PTR SS:[EBP+0x24] + * 1001F3C2 50 PUSH EAX + * 1001F3C3 6A 01 PUSH 0x1 + * 1001F3C5 8D8D 3CFFFFFF LEA ECX,DWORD PTR SS:[EBP-0xC4] + * 1001F3CB 51 PUSH ECX + * 1001F3CC 8B55 18 MOV EDX,DWORD PTR SS:[EBP+0x18] + * 1001F3CF 52 PUSH EDX + * 1001F3D0 8B8D C4FEFFFF MOV ECX,DWORD PTR SS:[EBP-0x13C] + * 1001F3D6 E8 75FDFFFF CALL RGSS301.1001F150 + * 1001F3DB 83BD 3CFFFFFF 00 CMP DWORD PTR SS:[EBP-0xC4],0x0 + * 1001F3E2 74 09 JE SHORT RGSS301.1001F3ED + * 1001F3E4 83BD 40FFFFFF 00 CMP DWORD PTR SS:[EBP-0xC0],0x0 + * 1001F3EB 75 0A JNZ SHORT RGSS301.1001F3F7 + * 1001F3ED B8 01000000 MOV EAX,0x1 + * 1001F3F2 E9 A0050000 JMP RGSS301.1001F997 + * 1001F3F7 837D 2C 00 CMP DWORD PTR SS:[EBP+0x2C],0x0 + * 1001F3FB 77 0A JA SHORT RGSS301.1001F407 + * 1001F3FD B8 01000000 MOV EAX,0x1 + * 1001F402 E9 90050000 JMP RGSS301.1001F997 + * 1001F407 8B45 0C MOV EAX,DWORD PTR SS:[EBP+0xC] + * 1001F40A 8985 58FFFFFF MOV DWORD PTR SS:[EBP-0xA8],EAX + * 1001F410 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+0x8] + * 1001F413 898D 54FFFFFF MOV DWORD PTR SS:[EBP-0xAC],ECX + * 1001F419 8B95 54FFFFFF MOV EDX,DWORD PTR SS:[EBP-0xAC] + * 1001F41F 0355 10 ADD EDX,DWORD PTR SS:[EBP+0x10] + * 1001F422 8995 5CFFFFFF MOV DWORD PTR SS:[EBP-0xA4],EDX + * 1001F428 8B85 58FFFFFF MOV EAX,DWORD PTR SS:[EBP-0xA8] + * 1001F42E 0345 14 ADD EAX,DWORD PTR SS:[EBP+0x14] + * 1001F431 8985 60FFFFFF MOV DWORD PTR SS:[EBP-0xA0],EAX + * 1001F437 C745 E0 00000000 MOV DWORD PTR SS:[EBP-0x20],0x0 + * 1001F43E C745 DC 00000000 MOV DWORD PTR SS:[EBP-0x24],0x0 + * 1001F445 8B4D 10 MOV ECX,DWORD PTR SS:[EBP+0x10] + * 1001F448 894D E4 MOV DWORD PTR SS:[EBP-0x1C],ECX + * 1001F44B 8B55 14 MOV EDX,DWORD PTR SS:[EBP+0x14] + * 1001F44E 8955 E8 MOV DWORD PTR SS:[EBP-0x18],EDX + * 1001F451 837D 24 00 CMP DWORD PTR SS:[EBP+0x24],0x0 + * 1001F455 74 1F JE SHORT RGSS301.1001F476 + * 1001F457 6A FF PUSH -0x1 + * 1001F459 6A FF PUSH -0x1 + * 1001F45B 8D85 54FFFFFF LEA EAX,DWORD PTR SS:[EBP-0xAC] + * 1001F461 50 PUSH EAX + * 1001F462 FF15 E8231A10 CALL DWORD PTR DS:[0x101A23E8] ; user32.InflateRect + * 1001F468 6A FF PUSH -0x1 + * 1001F46A 6A FF PUSH -0x1 + * 1001F46C 8D4D DC LEA ECX,DWORD PTR SS:[EBP-0x24] + * 1001F46F 51 PUSH ECX + * 1001F470 FF15 E8231A10 CALL DWORD PTR DS:[0x101A23E8] ; user32.InflateRect + * 1001F476 68 E0010000 PUSH 0x1E0 + * 1001F47B 68 80020000 PUSH 0x280 + * 1001F480 E8 DBFF0E00 CALL RGSS301.1010F460 + * 1001F485 8BC8 MOV ECX,EAX + * 1001F487 E8 54010F00 CALL RGSS301.1010F5E0 + * 1001F48C 8945 F0 MOV DWORD PTR SS:[EBP-0x10],EAX + * 1001F48F 837D F0 00 CMP DWORD PTR SS:[EBP-0x10],0x0 + * 1001F493 75 07 JNZ SHORT RGSS301.1001F49C + * 1001F495 33C0 XOR EAX,EAX + * 1001F497 E9 FB040000 JMP RGSS301.1001F997 + * 1001F49C 6A 00 PUSH 0x0 + * 1001F49E 8D55 DC LEA EDX,DWORD PTR SS:[EBP-0x24] + * 1001F4A1 52 PUSH EDX + * 1001F4A2 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-0x10] + * 1001F4A5 E8 A6CF0E00 CALL RGSS301.1010C450 + * 1001F4AA 8B45 18 MOV EAX,DWORD PTR SS:[EBP+0x18] + * 1001F4AD 8985 C0FEFFFF MOV DWORD PTR SS:[EBP-0x140],EAX + * 1001F4B3 8B8D C0FEFFFF MOV ECX,DWORD PTR SS:[EBP-0x140] + * 1001F4B9 83C1 02 ADD ECX,0x2 + * 1001F4BC 898D BCFEFFFF MOV DWORD PTR SS:[EBP-0x144],ECX + * 1001F4C2 8B95 C0FEFFFF MOV EDX,DWORD PTR SS:[EBP-0x140] + * 1001F4C8 66:8B02 MOV AX,WORD PTR DS:[EDX] + * 1001F4CB 66:8985 BAFEFFFF MOV WORD PTR SS:[EBP-0x146],AX + * 1001F4D2 8385 C0FEFFFF 02 ADD DWORD PTR SS:[EBP-0x140],0x2 + * 1001F4D9 66:83BD BAFEFFFF>CMP WORD PTR SS:[EBP-0x146],0x0 + * 1001F4E1 ^75 DF JNZ SHORT RGSS301.1001F4C2 + * 1001F4E3 8B8D C0FEFFFF MOV ECX,DWORD PTR SS:[EBP-0x140] + * 1001F4E9 2B8D BCFEFFFF SUB ECX,DWORD PTR SS:[EBP-0x144] + * 1001F4EF D1F9 SAR ECX,1 + * 1001F4F1 898D B4FEFFFF MOV DWORD PTR SS:[EBP-0x14C],ECX + * 1001F4F7 8B95 B4FEFFFF MOV EDX,DWORD PTR SS:[EBP-0x14C] + * 1001F4FD 8955 EC MOV DWORD PTR SS:[EBP-0x14],EDX + * 1001F500 C745 F4 00000000 MOV DWORD PTR SS:[EBP-0xC],0x0 + * 1001F507 33C0 XOR EAX,EAX + * 1001F509 66:8985 44FFFFFF MOV WORD PTR SS:[EBP-0xBC],AX + * 1001F510 B9 01000000 MOV ECX,0x1 + * 1001F515 66:898D 46FFFFFF MOV WORD PTR SS:[EBP-0xBA],CX + * 1001F51C 33D2 XOR EDX,EDX + * 1001F51E 66:8995 48FFFFFF MOV WORD PTR SS:[EBP-0xB8],DX + * 1001F525 33C0 XOR EAX,EAX + * 1001F527 66:8985 4AFFFFFF MOV WORD PTR SS:[EBP-0xB6],AX + * 1001F52E 33C9 XOR ECX,ECX + * 1001F530 66:898D 4CFFFFFF MOV WORD PTR SS:[EBP-0xB4],CX + * 1001F537 33D2 XOR EDX,EDX + * 1001F539 66:8995 4EFFFFFF MOV WORD PTR SS:[EBP-0xB2],DX + * 1001F540 33C0 XOR EAX,EAX + * 1001F542 66:8985 50FFFFFF MOV WORD PTR SS:[EBP-0xB0],AX + * 1001F549 B9 01000000 MOV ECX,0x1 + * 1001F54E 66:898D 52FFFFFF MOV WORD PTR SS:[EBP-0xAE],CX + * 1001F555 8B55 2C MOV EDX,DWORD PTR SS:[EBP+0x2C] + * 1001F558 52 PUSH EDX + * 1001F559 E8 0EF31500 CALL RGSS301.1017E86C + * 1001F55E 83C4 04 ADD ESP,0x4 + * 1001F561 8985 D0FEFFFF MOV DWORD PTR SS:[EBP-0x130],EAX + * 1001F567 8B85 D0FEFFFF MOV EAX,DWORD PTR SS:[EBP-0x130] + * 1001F56D 8985 64FFFFFF MOV DWORD PTR SS:[EBP-0x9C],EAX + * 1001F573 C785 38FFFFFF 00>MOV DWORD PTR SS:[EBP-0xC8],0x0 + * 1001F57D EB 0F JMP SHORT RGSS301.1001F58E + * 1001F57F 8B8D 38FFFFFF MOV ECX,DWORD PTR SS:[EBP-0xC8] + * 1001F585 83C1 01 ADD ECX,0x1 + * 1001F588 898D 38FFFFFF MOV DWORD PTR SS:[EBP-0xC8],ECX + * 1001F58E 8B95 38FFFFFF MOV EDX,DWORD PTR SS:[EBP-0xC8] + * 1001F594 3B55 EC CMP EDX,DWORD PTR SS:[EBP-0x14] + * 1001F597 0F8D E6010000 JGE RGSS301.1001F783 + * 1001F59D 8B45 2C MOV EAX,DWORD PTR SS:[EBP+0x2C] + * 1001F5A0 50 PUSH EAX + * 1001F5A1 6A 00 PUSH 0x0 + * 1001F5A3 8B8D 64FFFFFF MOV ECX,DWORD PTR SS:[EBP-0x9C] + * 1001F5A9 51 PUSH ECX + * 1001F5AA E8 E1FC1500 CALL RGSS301.1017F290 + * 1001F5AF 83C4 0C ADD ESP,0xC + * 1001F5B2 8D95 44FFFFFF LEA EDX,DWORD PTR SS:[EBP-0xBC] + * 1001F5B8 52 PUSH EDX + * 1001F5B9 6A 00 PUSH 0x0 + * 1001F5BB 6A 00 PUSH 0x0 + * 1001F5BD 8D85 08FFFFFF LEA EAX,DWORD PTR SS:[EBP-0xF8] + * 1001F5C3 50 PUSH EAX + * 1001F5C4 6A 00 PUSH 0x0 + * 1001F5C6 8B8D 38FFFFFF MOV ECX,DWORD PTR SS:[EBP-0xC8] + * 1001F5CC 8B55 18 MOV EDX,DWORD PTR SS:[EBP+0x18] + * 1001F5CF 0FB7044A MOVZX EAX,WORD PTR DS:[EDX+ECX*2] + * 1001F5D3 50 PUSH EAX + * 1001F5D4 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-0x8] + * 1001F5D7 51 PUSH ECX + * 1001F5D8 FF15 30201A10 CALL DWORD PTR DS:[0x101A2030] ; gdi32.GetGlyphOutlineW + * 1001F5DE 8D95 44FFFFFF LEA EDX,DWORD PTR SS:[EBP-0xBC] + * 1001F5E4 52 PUSH EDX + * 1001F5E5 8B85 64FFFFFF MOV EAX,DWORD PTR SS:[EBP-0x9C] + * 1001F5EB 50 PUSH EAX + * 1001F5EC 8B4D 2C MOV ECX,DWORD PTR SS:[EBP+0x2C] + * 1001F5EF 51 PUSH ECX + * 1001F5F0 8D95 08FFFFFF LEA EDX,DWORD PTR SS:[EBP-0xF8] + * 1001F5F6 52 PUSH EDX + * 1001F5F7 6A 06 PUSH 0x6 + * 1001F5F9 8B85 38FFFFFF MOV EAX,DWORD PTR SS:[EBP-0xC8] + * 1001F5FF 8B4D 18 MOV ECX,DWORD PTR SS:[EBP+0x18] + * 1001F602 0FB71441 MOVZX EDX,WORD PTR DS:[ECX+EAX*2] + * 1001F606 52 PUSH EDX + * 1001F607 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-0x8] + * 1001F60A 50 PUSH EAX + * 1001F60B FF15 30201A10 CALL DWORD PTR DS:[0x101A2030] ; gdi32.GetGlyphOutlineW + * 1001F611 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-0xC] + * 1001F614 038D 10FFFFFF ADD ECX,DWORD PTR SS:[EBP-0xF0] + * 1001F61A 79 0B JNS SHORT RGSS301.1001F627 + * 1001F61C 8B95 10FFFFFF MOV EDX,DWORD PTR SS:[EBP-0xF0] + * 1001F622 F7DA NEG EDX + * 1001F624 8955 F4 MOV DWORD PTR SS:[EBP-0xC],EDX + * 1001F627 8B85 08FFFFFF MOV EAX,DWORD PTR SS:[EBP-0xF8] + * 1001F62D 8985 28FFFFFF MOV DWORD PTR SS:[EBP-0xD8],EAX + * + * Additionally, text to paint is converted here from UTF-8 to UTF-16: + * 1000C62D CC INT3 + * 1000C62E CC INT3 + * 1000C62F CC INT3 + * 1000C630 55 PUSH EBP + * 1000C631 8BEC MOV EBP,ESP + * 1000C633 8B45 10 MOV EAX,DWORD PTR SS:[EBP+0x10] + * 1000C636 D1E0 SHL EAX,1 + * 1000C638 50 PUSH EAX + * 1000C639 6A 00 PUSH 0x0 + * 1000C63B 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+0xC] + * 1000C63E 51 PUSH ECX + * 1000C63F E8 4C2C1700 CALL RGSS301.1017F290 + * 1000C644 83C4 0C ADD ESP,0xC + * 1000C647 8B55 10 MOV EDX,DWORD PTR SS:[EBP+0x10] + * 1000C64A 52 PUSH EDX + * 1000C64B 8B45 0C MOV EAX,DWORD PTR SS:[EBP+0xC] + * 1000C64E 50 PUSH EAX + * 1000C64F 6A FF PUSH -0x1 + * 1000C651 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+0x8] + * 1000C654 51 PUSH ECX + * 1000C655 6A 00 PUSH 0x0 + * 1000C657 68 E9FD0000 PUSH 0xFDE9 + * 1000C65C FF15 38221A10 CALL DWORD PTR DS:[0x101A2238] ; kernel32.MultiByteToWideChar + * 1000C662 5D POP EBP + * 1000C663 C3 RETN + * 1000C664 CC INT3 + * 1000C665 CC INT3 + * 1000C666 CC INT3 + * 1000C667 CC INT3 + * 1000C668 CC INT3 + * 1000C669 CC INT3 + * 1000C66A CC INT3 + * 1000C66B CC INT3 + * 1000C66C CC INT3 + * 1000C66D CC INT3 + * 1000C66E CC INT3 + * 1000C66F CC INT3 + * 1000C670 55 PUSH EBP + * 1000C671 8BEC MOV EBP,ESP + * 1000C673 68 00100000 PUSH 0x1000 + * 1000C678 68 68302610 PUSH RGSS301.10263068 + * 1000C67D 8B45 08 MOV EAX,DWORD PTR SS:[EBP+0x8] + * 1000C680 50 PUSH EAX + * 1000C681 E8 AAFFFFFF CALL RGSS301.1000C630 + * 1000C686 83C4 0C ADD ESP,0xC + * 1000C689 33C9 XOR ECX,ECX + * 1000C68B 66:890D 66502610 MOV WORD PTR DS:[0x10265066],CX + * 1000C692 B8 68302610 MOV EAX,RGSS301.10263068 + * 1000C697 5D POP EBP + * 1000C698 C3 RETN + * 1000C699 CC INT3 + * 1000C69A CC INT3 + * 1000C69B CC INT3 + * 1000C69C CC INT3 + * 1000C69D CC INT3 + */ +ULONG functionAddress; // the beginning of the function being hooked +bool attach(ULONG startAddress, ULONG stopAddress) // attach other text +{ + ULONG addr = MemDbg::findCallerAddressAfterInt3((ULONG)::GetGlyphOutlineW, startAddress, stopAddress); + if(addr==0)return 0; + HookParam hp; + hp.address=addr; + hp.hook_before=Private::hookBefore; + hp.hook_after=Private::hookafter2; + hp.type=USING_STRING|CODEC_UTF16|EMBED_ABLE; + hp.hook_font=F_GetGlyphOutlineW; + + return NewHook(hp,"EmbedRGSS3Other"); +} +} +} // namespace OtherHook + +} // namespace RGSS3Hook + +#if 0 + +/** + * Sample game: Mogeko Castle with RGSS 3.01 + * 0x10036758: LOAD + * 0x1004155c: DATA + * + * Text accessed character by character + * 0x10036463: LOAD character by character + * + * 0x100378ed: $100 + * 0x100378ed: キャンセル + * + * 0x10038a44: 駅のホーム + */ +namespace DebugHook { + +bool beforeStrcpy(winhook::hook_stack *s) +{ + auto arg = (LPCSTR)s->stack[1]; // arg1 + auto sig = s->stack[0]; // retaddr + //enum { role = Engine::OtherRole }; + //if (!::strstr(arg, "\xe3\x82\xaa\xe3\x83\xac\xe3\x83\xb3\xe7\x97\x94")) + // return true; + QString text = QString::fromUtf16((LPCWSTR)arg); + //QString text = QString::fromUtf8((LPCSTR)arg, s->stack[3]); + //if (!text.isEmpty() && text[0].unicode() >= 128 && text.size() == 5) + //if (!text.isEmpty() && sig == 0x100378ed) + EngineController::instance()->dispatchTextW(text, role, sig); + return true; +} + +bool attach() +{ + //ULONG addr = 0x10180840; + ULONG addr = 0x1001f150; + winhook::hook_before(addr, beforeStrcpy); + return true; +} + +} // namespace DebugHook + +#endif // 0 + + +} // unnamed namespace + +bool RPGMakerRGSS3::attach_function() { + ULONG startAddress, stopAddress; + if (!RGSS3::getMemoryRange(&startAddress, &stopAddress)) + return false; + + if (!RGSS3::ScenarioHook::attach(startAddress, stopAddress)) + return false; + RGSS3::ChoiceHook::Private::attach(startAddress, stopAddress); + RGSS3::OtherHook::Private::attach(startAddress, stopAddress); + + return true; +} \ No newline at end of file diff --git a/LunaHook/engine32/RPGMakerRGSS3.h b/LunaHook/engine32/RPGMakerRGSS3.h new file mode 100644 index 0000000..74c7c8e --- /dev/null +++ b/LunaHook/engine32/RPGMakerRGSS3.h @@ -0,0 +1,12 @@ +#include"engine.h" + +class RPGMakerRGSS3:public ENGINE{ + public: + RPGMakerRGSS3(){ + + check_by=CHECK_BY::FILE_ALL; + check_by_target=check_by_list{L"*.rgss3a",L"System/RGSS3*.dll"}; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/RRE.cpp b/LunaHook/engine32/RRE.cpp new file mode 100644 index 0000000..6feb818 --- /dev/null +++ b/LunaHook/engine32/RRE.cpp @@ -0,0 +1,39 @@ +#include"RRE.h" + +static void SpecialRunrunEngine(hook_stack* stack, HookParam *, uintptr_t *data, uintptr_t *split, size_t*len) +{ + //CC_UNUSED(split); + DWORD eax = stack->eax, // *(DWORD *)(esp_base - 0x8), + edx = stack->edx; // *(DWORD *)(esp_base - 0x10); + DWORD addr = eax + edx; // eax + edx + *data = *(WORD *)(addr); + *len = 2; +} +bool InsertRREHook() +{ + ULONG addr = MemDbg::findCallAddress((ULONG)::IsDBCSLeadByte, processStartAddress, processStopAddress); + if (!addr) { + ConsoleOutput("RRE: function call does not exist"); + return false; + } + WORD sig = 0x51c3; + HookParam hp; + hp.address = addr; + hp.type = NO_CONTEXT|DATA_INDIRECT|USING_CHAR; + if ((*(WORD *)(addr-2) != sig)) { + hp.text_fun = SpecialRunrunEngine; + ConsoleOutput("INSERT Runrun#1"); + return NewHook(hp, "RunrunEngine Old"); + } else { + hp.offset=get_reg(regs::eax); + ConsoleOutput("INSERT Runrun#2"); + return NewHook(hp, "RunrunEngine"); + } + //ConsoleOutput("RunrunEngine, hook will only work with text speed set to slow or normal!"); + //else ConsoleOutput("Unknown RunrunEngine engine"); +} + +bool RRE::attach_function() { + + return InsertRREHook(); +} \ No newline at end of file diff --git a/LunaHook/engine32/RRE.h b/LunaHook/engine32/RRE.h new file mode 100644 index 0000000..9a37932 --- /dev/null +++ b/LunaHook/engine32/RRE.h @@ -0,0 +1,11 @@ +#include"engine.h" + +class RRE:public ENGINE{ + public: + RRE(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"rrecfg.rcf"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/RUGP.cpp b/LunaHook/engine32/RUGP.cpp new file mode 100644 index 0000000..32f0f3f --- /dev/null +++ b/LunaHook/engine32/RUGP.cpp @@ -0,0 +1,221 @@ +#include"RUGP.h" + +namespace { // unnamed rUGP + +/******************************************************************************************** +rUGP hook: + Process name is rugp.exe. Used by AGE/GIGA games. + + Font caching issue. Find call to GetGlyphOutlineA and keep stepping out functions. + After several tries we comes to address in rvmm.dll and everything is catched. + We see CALL [E*X+0x*] while EBP contains the character data. + It's not as simple to reverse in rugp at run time as like reallive since rugp dosen't set + up stack frame. In other words EBP is used for other purpose. We need to find alternative + approaches. + The way to the entry of that function gives us clue to find it. There is one CMP EBP,0x8140 + instruction in this function and that's enough! 0x8140 is the start of SHIFT-JIS + characters. It's determining if ebp contains a SHIFT-JIS character. This function is not likely + to be used in other ways. We simply search for this instruction and place hook around. +********************************************************************************************/ +void SpecialHookRUGP1(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) +{ + //CC_UNUSED(split); + DWORD *_stack = (DWORD *)stack->base; + DWORD i, val; + for (i = 0; i < 4; i++) { + val = *_stack++; + if ((val >> 16) == 0) + break; + + } + if (i < 4) { + hp->offset = i << 2; + *data = val; + *len = 2; + hp->text_fun = nullptr; + //hp->type &= ~EXTERN_HOOK; + } + else + *len = 0; +} + +// jichi 10/1/2013: Change return type to bool +bool InsertRUGP1Hook() +{ + DWORD low; + if (!Util::CheckFile(L"rvmm.dll")) { + ConsoleOutput("rUGP: rvmm.dll does not exist"); + return false; + } + //WCHAR str[0x40]; + LPVOID ch = (LPVOID)0x8140; + enum { range = 0x20000 }; + low = (DWORD)GetModuleHandleW(L"rvmm.dll"); + DWORD t = SearchPattern(low + range, processStopAddress, &ch, 4) + range; + BYTE *s = (BYTE *)(low + t); + //if (t) { + if (t != range) { // jichi 10/1/2013: Changed to compare with 0x20000 + if (*(s - 2) != 0x81) + return false; + if (DWORD i = SafeFindEnclosingAlignedFunction((DWORD)s, 0x200)) { + HookParam hp; + hp.address = i; + hp.text_fun = SpecialHookRUGP1; + hp.type = CODEC_ANSI_BE|USING_CHAR; + ConsoleOutput("INSERT rUGP#1"); + return NewHook(hp, "rUGP"); + } + } else { + t = SearchPattern(low, range, &s, 4); + if (!t) { + ConsoleOutput("rUGP: pattern not found"); + //ConsoleOutput("Can't find characteristic instruction."); + return false; + } + + s = (BYTE *)(low + t); + for (int i = 0; i < 0x200; i++, s--) + if (s[0] == 0x90 + && *(DWORD *)(s - 3) == 0x90909090) { + t = low+ t - i + 1; + //swprintf(str, L"HookAddr 0x%.8x", t); + //ConsoleOutput(str); + HookParam hp; + hp.address = t; + hp.offset=get_stack(1); + hp.type = CODEC_ANSI_BE; + ConsoleOutput("INSERT rUGP#2"); + return NewHook(hp, "rUGP"); + } + } + ConsoleOutput("rUGP: failed"); + return false; +//rt: + //ConsoleOutput("Unknown rUGP engine."); +} + +/** rUGP2 10/11/2014 jichi + * + * Sample game: マブラヴ オルタネイヂ�ヴ ト�タル・イクリプス + * The existing rUGP#1/#2 cannot be identified. + * H-codes: + * - /HAN-4@1E51D:VM60.DLL + * - addr: 124189 = 0x1e51d + * - length_offset: 1 + * - module: 3037492083 = 0xb50c7373 + * - off: 4294967288 = 0xfffffff8 = -8 + * - type: 1092 = 0x444 + * - /HAN-4@1001E51D ( alternative) + * - addr: 268559645 = 0x1001e51d + * - length_offset: 1 + * - type: 1028 = 0x404 + * + * This function is very long. + * 1001e4b2 ^e9 c0fcffff jmp _18.1001e177 + * 1001e4b7 8b45 14 mov eax,dword ptr ss:[ebp+0x14] + * 1001e4ba c745 08 08000000 mov dword ptr ss:[ebp+0x8],0x8 + * 1001e4c1 85c0 test eax,eax + * 1001e4c3 74 3c je short _18.1001e501 + * 1001e4c5 8378 04 00 cmp dword ptr ds:[eax+0x4],0x0 + * 1001e4c9 7f 36 jg short _18.1001e501 + * 1001e4cb 7c 05 jl short _18.1001e4d2 + * 1001e4cd 8338 00 cmp dword ptr ds:[eax],0x0 + * 1001e4d0 73 2f jnb short _18.1001e501 + * 1001e4d2 8b4d f0 mov ecx,dword ptr ss:[ebp-0x10] + * 1001e4d5 8b91 38a20000 mov edx,dword ptr ds:[ecx+0xa238] + * 1001e4db 8910 mov dword ptr ds:[eax],edx + * 1001e4dd 8b89 3ca20000 mov ecx,dword ptr ds:[ecx+0xa23c] + * 1001e4e3 8948 04 mov dword ptr ds:[eax+0x4],ecx + * 1001e4e6 eb 19 jmp short _18.1001e501 + * 1001e4e8 c745 08 09000000 mov dword ptr ss:[ebp+0x8],0x9 + * 1001e4ef eb 10 jmp short _18.1001e501 + * 1001e4f1 c745 08 16000000 mov dword ptr ss:[ebp+0x8],0x16 + * 1001e4f8 eb 07 jmp short _18.1001e501 + * 1001e4fa c745 08 1f000000 mov dword ptr ss:[ebp+0x8],0x1f + * 1001e501 8b45 08 mov eax,dword ptr ss:[ebp+0x8] + * 1001e504 8ad0 mov dl,al + * 1001e506 80f2 20 xor dl,0x20 + * 1001e509 80c2 5f add dl,0x5f + * 1001e50c 80fa 3b cmp dl,0x3b + * 1001e50f 0f87 80010000 ja _18.1001e695 + * 1001e515 0fb60e movzx ecx,byte ptr ds:[esi] + * 1001e518 c1e0 08 shl eax,0x8 + * 1001e51b 0bc1 or eax,ecx + * 1001e51d b9 01000000 mov ecx,0x1 ; jichi: hook here + * 1001e522 03f1 add esi,ecx + * 1001e524 8945 08 mov dword ptr ss:[ebp+0x8],eax + * 1001e527 8975 0c mov dword ptr ss:[ebp+0xc],esi + * 1001e52a 3d 79810000 cmp eax,0x8179 + * 1001e52f 0f85 9d000000 jnz _18.1001e5d2 + * 1001e535 8b4d f0 mov ecx,dword ptr ss:[ebp-0x10] + * 1001e538 56 push esi + * 1001e539 8d55 d0 lea edx,dword ptr ss:[ebp-0x30] + * 1001e53c 52 push edx + * 1001e53d e8 0e0bffff call _18.1000f050 + * 1001e542 8d4d d0 lea ecx,dword ptr ss:[ebp-0x30] + * 1001e545 c745 fc 07000000 mov dword ptr ss:[ebp-0x4],0x7 + * 1001e54c ff15 500a0e10 call dword ptr ds:[0x100e0a50] ; _19.6a712fa9 + * 1001e552 84c0 test al,al + * 1001e554 75 67 jnz short _18.1001e5bd + * 1001e556 8b75 f0 mov esi,dword ptr ss:[ebp-0x10] + * 1001e559 8d45 d0 lea eax,dword ptr ss:[ebp-0x30] + * 1001e55c 50 push eax + * 1001e55d 8bce mov ecx,esi + * 1001e55f c745 e4 01000000 mov dword ptr ss:[ebp-0x1c],0x1 + * 1001e566 c745 e0 00000000 mov dword ptr ss:[ebp-0x20],0x0 + * 1001e56d e8 5e80ffff call _18.100165d0 + * 1001e572 0fb7f8 movzx edi,ax + * 1001e575 57 push edi + * 1001e576 8bce mov ecx,esi + * 1001e578 e8 c380ffff call _18.10016640 + * 1001e57d 85c0 test eax,eax + * 1001e57f 74 0d je short _18.1001e58e + * 1001e581 f640 38 02 test byte ptr ds:[eax+0x38],0x2 + * 1001e585 74 07 je short _18.1001e58e + * 1001e587 c745 e0 01000000 mov dword ptr ss:[ebp-0x20],0x1 + * 1001e58e 837d bc 10 cmp dword ptr ss:[ebp-0x44],0x10 + * 1001e592 74 29 je short _18.1001e5bd + * 1001e594 8b43 28 mov eax,dword ptr ds:[ebx+0x28] + * 1001e597 85c0 test eax,eax + */ +bool InsertRUGP2Hook() +{ + auto module = GetModuleHandleW(L"vm60.dll"); + if (!module /*|| !SafeFillRange(L"vm60.dll", &low, &high)*/) { + ConsoleOutput("rUGP2: vm60.dll does not exist"); + return false; + } + const BYTE bytes[] = { + 0x0f,0xb6,0x0e, // 1001e515 0fb60e movzx ecx,byte ptr ds:[esi] + 0xc1,0xe0, 0x08, // 1001e518 c1e0 08 shl eax,0x8 + 0x0b,0xc1, // 1001e51b 0bc1 or eax,ecx + 0xb9, 0x01,0x00,0x00,0x00, // 1001e51d b9 01000000 mov ecx,0x1 ; jichi: hook here + 0x03,0xf1, // 1001e522 03f1 add esi,ecx + 0x89,0x45, 0x08, // 1001e524 8945 08 mov dword ptr ss:[ebp+0x8],eax + 0x89,0x75, 0x0c // 1001e527 8975 0c mov dword ptr ss:[ebp+0xc],esi + }; + enum { addr_offset = 0x1001e51d - 0x1001e515 }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), (DWORD)module, Util::QueryModuleLimits(module).second); + //GROWL_DWORD(addr); + if (!addr) { + ConsoleOutput("rUGP2: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr + addr_offset; + hp.offset=get_reg(regs::eax); + hp.type = NO_CONTEXT|CODEC_ANSI_BE; + ConsoleOutput("INSERT rUGP2"); + return NewHook(hp, "rUGP2"); +} + +} // unnamed namespace + +bool InsertRUGPHook() +{ return InsertRUGP1Hook() || InsertRUGP2Hook(); } + +bool RUGP::attach_function() { + + return InsertRUGPHook(); +} \ No newline at end of file diff --git a/LunaHook/engine32/RUGP.h b/LunaHook/engine32/RUGP.h new file mode 100644 index 0000000..f79847c --- /dev/null +++ b/LunaHook/engine32/RUGP.h @@ -0,0 +1,14 @@ +#include"engine.h" + +class RUGP:public ENGINE{ + public: + RUGP(){ + + check_by=CHECK_BY::CUSTOM; + check_by_target=[](){ + return (wcsstr(processName_lower,L"rugp") || Util::CheckFile(L"rugp.exe")); + + }; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/RUNE.cpp b/LunaHook/engine32/RUNE.cpp new file mode 100644 index 0000000..673670e --- /dev/null +++ b/LunaHook/engine32/RUNE.cpp @@ -0,0 +1,79 @@ +#include"RUNE.h" + + +bool RUNE1() { + const BYTE bytes[] = { + //Ricotte~アルペンブルの歌姫~ + //初恋 + //思春期 + //Fifth + //unsigned __int8 *__cdecl _mbsinc(const unsigned __int8 *Ptr) + 0x8B,0x44,0x24,0x04, + 0x0F,0xB6,0x08, + 0x8A,0x89,XX4, + 0x80,0xE1,0x04, + 0x40, + 0x84,0xC9, + 0x74,XX + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + + if (addr == 0)return false; + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::eax); + hp.type = CODEC_ANSI_BE; + return NewHook(hp, "RUNE"); +} +bool RUNE2(){ + //ANGEL CORE + auto entry=Util::FindImportEntry(processStartAddress,(DWORD)GetGlyphOutlineA); + if(entry==0)return false; + BYTE bytes2[]={0xff,0x15,XX4}; + memcpy(bytes2+2,&entry,4); + auto addr = MemDbg::findBytes(bytes2, sizeof(bytes2), processStartAddress, processStopAddress); + if (addr == 0)return false; + BYTE sig1[]={ 0x81,0xe1,0x01,0x00,0x00,0x80,XX2,0x49,0x83,0xc9,0xfe,0x41 }; + auto _=MemDbg::findBytes(sig1, sizeof(sig1), addr, addr+0x100); + if (_ == 0)return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (addr == 0)return false; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.type = CODEC_ANSI_BE ; + return NewHook(hp, "RUNE"); +} +bool RUNE3(){ + //雪のち、ふるるっ!~ところにより、恋もよう~ + const BYTE bytes[] = { + 0x6a,0x05,0x6a,0x01 + }; + for (auto addr : Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE_READWRITE)) + { + auto start= MemDbg::findEnclosingAlignedFunction(addr); + if(start==0)continue; + BYTE sig1[]={ 0x6a,0x00,0x6a,0x01,0x50 }; + BYTE sig2[]={ 0x6a,0x34,0xe8 }; + BYTE sig3[]={ 0xc1,0xe2,0x10,0x0b,0xc2 }; + bool ok=true; + for(auto p:std::vector>{{sig1,sizeof(sig1)},{sig2,sizeof(sig2)},{sig3,sizeof(sig3)}}){ + auto _=MemDbg::findBytes(p.first, p.second, start, addr); + + if(_==0)ok=ok&false; + } + + if(ok) { + HookParam hp; + hp.address = start; + hp.offset=get_stack(1); + hp.type = CODEC_ANSI_BE; + return NewHook(hp, "RUNE"); + } + } + + return false; +} +bool RUNE::attach_function(){ + return RUNE1()||RUNE2()||RUNE3(); +} diff --git a/LunaHook/engine32/RUNE.h b/LunaHook/engine32/RUNE.h new file mode 100644 index 0000000..1750623 --- /dev/null +++ b/LunaHook/engine32/RUNE.h @@ -0,0 +1,12 @@ +#include"engine.h" + +class RUNE:public ENGINE{ + public: + RUNE(){ + + check_by=CHECK_BY::FILE_ALL; + check_by_target=check_by_list{L"vorbis.acm",L"r*d*.g*"}; + is_engine_certain=false; + }; + bool attach_function(); +}; diff --git a/LunaHook/engine32/Reallive.cpp b/LunaHook/engine32/Reallive.cpp new file mode 100644 index 0000000..d87a976 --- /dev/null +++ b/LunaHook/engine32/Reallive.cpp @@ -0,0 +1,180 @@ +#include"Reallive.h" + + +/******************************************************************************************** +Reallive hook: + Process name is reallive.exe or reallive*.exe. + + Technique to find Reallive hook is quite different from 2 above. + Usually Reallive engine has a font caching issue. This time we wait + until the first call to GetGlyphOutlineA. Reallive engine usually set + up stack frames so we can just refer to EBP to find function entry. + +********************************************************************************************/ +/** jichi 5/13/2015 + * RealLive does not work for 水着少女と媚薬アイス from 裸足少女 + * 012da80f cc int3 + * 012da810 55 push ebp ; jichi: change to hook here + * 012da811 8bec mov ebp,esp + * 012da813 83ec 10 sub esp,0x10 ; jichi: hook here by default + * 012da816 53 push ebx + * 012da817 56 push esi + * 012da818 57 push edi + * 012da819 8b7d 18 mov edi,dword ptr ss:[ebp+0x18] + * 012da81c 81ff 5c810000 cmp edi,0x815c + * 012da822 75 0a jnz short reallive.012da82e + * 012da824 c745 18 9f840000 mov dword ptr ss:[ebp+0x18],0x849f + * 012da82b 8b7d 18 mov edi,dword ptr ss:[ebp+0x18] + * 012da82e b8 9041e301 mov eax,reallive.01e34190 + * 012da833 b9 18a49001 mov ecx,reallive.0190a418 + * 012da838 e8 a38d0000 call reallive.012e35e0 + * 012da83d 85c0 test eax,eax + * 012da83f 74 14 je short reallive.012da855 + * 012da841 e8 6addffff call reallive.012d85b0 + * 012da846 ba 9041e301 mov edx,reallive.01e34190 + * 012da84b b8 18a49001 mov eax,reallive.0190a418 + * 012da850 e8 ab7c0000 call reallive.012e2500 + * 012da855 8d45 f0 lea eax,dword ptr ss:[ebp-0x10] + * 012da858 50 push eax + * 012da859 8d4d f4 lea ecx,dword ptr ss:[ebp-0xc] + * 012da85c 51 push ecx + * 012da85d 8d55 fc lea edx,dword ptr ss:[ebp-0x4] + * 012da860 52 push edx + * 012da861 8d45 f8 lea eax,dword ptr ss:[ebp-0x8] + * 012da864 50 push eax + * 012da865 8bc7 mov eax,edi + * 012da867 e8 54dfffff call reallive.012d87c0 + * 012da86c 8bf0 mov esi,eax + * 012da86e 83c4 10 add esp,0x10 + * 012da871 85f6 test esi,esi + * 012da873 75 4b jnz short reallive.012da8c0 + * 012da875 8d4d f4 lea ecx,dword ptr ss:[ebp-0xc] + * 012da878 51 push ecx + * 012da879 57 push edi + * 012da87a 8d4d f0 lea ecx,dword ptr ss:[ebp-0x10] + * 012da87d e8 cef0ffff call reallive.012d9950 + * 012da882 8bf0 mov esi,eax + * 012da884 83c4 08 add esp,0x8 + * 012da887 85f6 test esi,esi + */ +static bool InsertRealliveDynamicHook(LPVOID addr, uintptr_t frame, uintptr_t stack) +{ + if (addr != ::GetGlyphOutlineA) + return false; + // jichi 5/13/2015: Find the enclosing caller of GetGlyphOutlineA + if (DWORD i = frame) { + i = *(DWORD *)(i + 4); + for (DWORD j = i; j > i - 0x100; j--) + if (*(WORD *)j == 0xec83) { // jichi 7/26/2014: function starts + // 012da80f cc int3 + // 012da810 55 push ebp ; jichi: change to hook here + // 012da811 8bec mov ebp,esp + // 012da813 83ec 10 sub esp,0x10 ; jichi: hook here by default + if (*(DWORD *)(j-3) == 0x83ec8b55) + j -= 3; + + HookParam hp; + hp.address = j; + hp.offset=get_stack(5); + hp.split = get_reg(regs::esp); + hp.type = CODEC_ANSI_BE|USING_SPLIT; + //GROWL_DWORD(hp.address); + + //RegisterEngineType(ENGINE_REALLIVE); + ConsoleOutput("RealLive: disable GDI hooks"); + + return NewHook(hp, "RealLive"); + } + } + return true; // jichi 12/25/2013: return true +} +void InsertRealliveHook() +{ + //ConsoleOutput("Probably Reallive. Wait for text."); + ConsoleOutput("TRIGGER Reallive"); + trigger_fun = InsertRealliveDynamicHook; +} + +bool RlBabelFilter(LPVOID data, size_t *size, HookParam *) +{ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + + if (text[0] == '\x01') { + StringFilterBetween(text, len, "\x01", 1, "\x02", 1); // remove names + } + + CharReplacer(text, len, '\x08', '"'); + CharReplacer(text, len, '\x09', '\''); + CharReplacer(text, len, '\x0A', '\''); + CharFilter(text, len, '\x1F'); // remove color + StringReplacer(text, len, "\x89\x85", 2, "\x81\x63", 2); // "\x89\x85"-> shift-JIS"…" + StringReplacer(text, len, "\x89\x97", 2, "--", 2); + + return true; +} + +bool InsertRlBabelHook() { + + /* + * Sample games: + * https://vndb.org/r78318 + */ + const BYTE bytes[] = { + 0xCC, // int 3 + 0x55, // push ebp <- hook here + 0x8B, 0xEC, // mov ebp,esp + 0x83, 0xEC, 0x20, // sub esp,20 + 0xC7, 0x45, 0xFC, XX4 // mov [ebp-04],rlBabel.DLL+16804 + }; + + HMODULE module = GetModuleHandleW(L"rlBabel.dll"); + if (!module) + return false; + auto [minAddress, maxAddress] = Util::QueryModuleLimits(module); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), minAddress, maxAddress); + if (!addr) + return false; + + HookParam hp; + hp.address = addr + 1; + hp.offset=get_reg(regs::eax); + hp.type = USING_STRING; + hp.filter_fun = RlBabelFilter; + ConsoleOutput("INSERT RealLive Babel"); + return NewHook(hp, "RealLive Babel"); +} +bool Reallive::attach_function() { + InsertRealliveHook(); + InsertRlBabelHook(); + return true; +} + + +bool avg3216d::attach_function(){ + BYTE pattern1[]={ + 0x3c,0x81,XX2, + 0x3c,0x9f,XX2, + 0x3c,0xe0,XX2, + 0x3c,0xfc,XX2, + }; + BYTE pattern2[]={ + 0x8b,0x75,0x08, + 0x8a,0x06, + 0x3c,0x81, + 0x75,XX, + 0x80,0x7e,0x01,0x7a + }; + auto addr=MemDbg::findBytes(pattern2,sizeof(pattern2),processStartAddress,processStopAddress); + if(addr==0)return false; + addr=MemDbg::findEnclosingAlignedFunction(addr); + if(addr==0)return false; + auto check=MemDbg::findBytes(pattern1,sizeof(pattern1),addr,addr+0x200); + if(check==0)return false; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.type = NO_CONTEXT|DATA_INDIRECT; + //GROWL_DWORD(hp.address); + return NewHook(hp, "avg3216d"); +} \ No newline at end of file diff --git a/LunaHook/engine32/Reallive.h b/LunaHook/engine32/Reallive.h new file mode 100644 index 0000000..f787ed2 --- /dev/null +++ b/LunaHook/engine32/Reallive.h @@ -0,0 +1,33 @@ +#include"engine.h" + +class Reallive:public ENGINE{ + public: + Reallive(){ + + check_by=CHECK_BY::CUSTOM; + check_by_target=[](){ + return (wcsstr(processName_lower,L"reallive") || Util::CheckFile(L"Reallive.exe") || Util::CheckFile(L"REALLIVEDATA\\Start.ini")); + }; + }; + bool attach_function(); +}; + +class Reallive_old:public Reallive{ + public: + Reallive_old(){ + //DEVOTE2 いけない放課後 + check_by=CHECK_BY::FILE_ALL; + //,L"sys\\*",L"PDT\\*",L"Gameexe.ini"是独有的,其他siglus也有 + check_by_target= check_by_list{L"G00\\*.g00",L"bgm\\*.nwa",L"koe\\*",L"wav\\*",L"sys\\*",L"PDT\\*",L"Gameexe.ini"} ; + }; +}; + +class avg3216d:public ENGINE{ + public: + avg3216d(){ + //[980731][13cm] 好き好き大好き! + check_by=CHECK_BY::FILE_ALL; + check_by_target= check_by_list{L"koe\\*.koe",L"PDT\\*.pdt",L"Gameexe.ini"} ; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Regista.cpp b/LunaHook/engine32/Regista.cpp new file mode 100644 index 0000000..0b4cc54 --- /dev/null +++ b/LunaHook/engine32/Regista.cpp @@ -0,0 +1,51 @@ +#include"Regista.h" +namespace{ + //ルートダブル -Before Crime * After Days- +bool old() { + const BYTE bytes[] = { + 0x8a, 0x10, 0x83, 0xC0, 0x04, 0x83, 0xc1, 0x04, 0x84, 0xd2, 0x74 + }; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + ConsoleOutput("%p", addr); + if (addr == 0)return false; + + addr = findfuncstart(addr,0x40); + ConsoleOutput("%p", addr); + if (addr == 0)return false; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.type = DATA_INDIRECT; + hp.index = 0; + return NewHook(hp, "Regista"); +} +bool _2(){ + const BYTE bytes[] = { + //old不是很好,old是strcmp,有很多乱七八糟的,这个是脚本的一些控制字符判断和shiftjis范围判断。 + 0x80 ,0xF9 ,0x81 , + XX2, + 0x80 ,0xF9 ,0x9F, + XX2, + 0x80 ,0xF9 ,0xE0, + XX2, + 0x80 ,0xF9 ,0xFC, + }; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + ConsoleOutput("%p", addr); + if (addr == 0)return false; + const BYTE start[] = { + 0xCC,0xCC,0xCC,0xCC + }; + addr = reverseFindBytes(start, sizeof(start), addr - 0x40, addr); + if (addr == 0)return false; + HookParam hp; + hp.address = addr+4; + hp.offset=get_reg(regs::edx); + hp.type=USING_STRING; + return NewHook(hp, "Regista"); +} +} + +bool Regista::attach_function() { + return _2()||old(); +} \ No newline at end of file diff --git a/LunaHook/engine32/Regista.h b/LunaHook/engine32/Regista.h new file mode 100644 index 0000000..8aa8c37 --- /dev/null +++ b/LunaHook/engine32/Regista.h @@ -0,0 +1,12 @@ +#include"engine.h" + +class Regista:public ENGINE{ + public: + Regista(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"data\\*.afs"; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Rejet.cpp b/LunaHook/engine32/Rejet.cpp new file mode 100644 index 0000000..f91f556 --- /dev/null +++ b/LunaHook/engine32/Rejet.cpp @@ -0,0 +1,270 @@ +#include"Rejet.h" + +namespace { // unnamed Rejet +/** + * jichi 12/22/2013: Rejet + * See (CaoNiMaGeBi): http://www.hongfire.com/forum/printthread.php?t=36807&pp=40&page=172 + * See (CaoNiMaGeBi): http://tieba.baidu.com/p/2506179113 + * Pattern: 2bce8bf8 + * 2bce sub ecx,esi ; hook here + * 8bf8 mov eds,eax + * 8bd1 mov edx,ecx + * + * Examples: + * - Type1: ドットカレシ-We're 8bit Lovers!: /HBN-4*0@A5332:DotKareshi.exe + * length_offset: 1 + * off: 0xfffffff8 (-0x8) + * type: 1096 (0x448) + * + * processStartAddress = 10e0000 (variant) + * hook_addr = processStartAddress + reladdr = 0xe55332 + * 01185311 . FFF0 PUSH EAX ; beginning of a new function + * 01185313 . 0FC111 XADD DWORD PTR DS:[ECX],EDX + * 01185316 . 4A DEC EDX + * 01185317 . 85D2 TEST EDX,EDX + * 01185319 . 0F8F 45020000 JG DotKares.01185564 + * 0118531F . 8B08 MOV ECX,DWORD PTR DS:[EAX] + * 01185321 . 8B11 MOV EDX,DWORD PTR DS:[ECX] + * 01185323 . 50 PUSH EAX + * 01185324 . 8B42 04 MOV EAX,DWORD PTR DS:[EDX+0x4] + * 01185327 . FFD0 CALL EAX + * 01185329 . E9 36020000 JMP DotKares.01185564 + * 0118532E . 8B7424 20 MOV ESI,DWORD PTR SS:[ESP+0x20] + * 01185332 . E8 99A9FBFF CALL DotKares.0113FCD0 ; hook here + * 01185337 . 8BF0 MOV ESI,EAX + * 01185339 . 8D4C24 14 LEA ECX,DWORD PTR SS:[ESP+0x14] + * 0118533D . 3BF7 CMP ESI,EDI + * 0118533F . 0F84 1A020000 JE DotKares.0118555F + * 01185345 . 51 PUSH ECX ; /Arg2 + * 01185346 . 68 E4FE5501 PUSH DotKares.0155FEE4 ; |Arg1 = 0155FEE4 + * 0118534B . E8 1023F9FF CALL DotKares.01117660 ; \DotKares.00377660 + * 01185350 . 83C4 08 ADD ESP,0x8 + * 01185353 . 84C0 TEST AL,AL + * + * - Type2: ドットカレシ-We're 8bit Lovers! II: /HBN-8*0@A7AF9:dotkareshi.exe + * off: 4294967284 (0xfffffff4 = -0xc) + * length_offset: 1 + * type: 1096 (0x448) + * + * processStartAddress: 0x12b0000 + * + * 01357ad2 . fff0 push eax ; beginning of a new function + * 01357ad4 . 0fc111 xadd dword ptr ds:[ecx],edx + * 01357ad7 . 4a dec edx + * 01357ad8 . 85d2 test edx,edx + * 01357ada . 7f 0a jg short dotkares.01357ae6 + * 01357adc . 8b08 mov ecx,dword ptr ds:[eax] + * 01357ade . 8b11 mov edx,dword ptr ds:[ecx] + * 01357ae0 . 50 push eax + * 01357ae1 . 8b42 04 mov eax,dword ptr ds:[edx+0x4] + * 01357ae4 . ffd0 call eax + * 01357ae6 > 8b4c24 14 mov ecx,dword ptr ss:[esp+0x14] + * 01357aea . 33ff xor edi,edi + * 01357aec . 3979 f4 cmp dword ptr ds:[ecx-0xc],edi + * 01357aef . 0f84 1e020000 je dotkares.01357d13 + * 01357af5 . 8b7424 20 mov esi,dword ptr ss:[esp+0x20] + * 01357af9 . e8 7283fbff call dotkares.0130fe70 ; jichi: hook here + * 01357afe . 8bf0 mov esi,eax + * 01357b00 . 3bf7 cmp esi,edi + * 01357b02 . 0f84 0b020000 je dotkares.01357d13 + * 01357b08 . 8d5424 14 lea edx,dword ptr ss:[esp+0x14] + * 01357b0c . 52 push edx ; /arg2 + * 01357b0d . 68 cc9f7501 push dotkares.01759fcc ; |arg1 = 01759fcc + * 01357b12 . e8 e9f9f8ff call dotkares.012e7500 ; \dotkares.012c7500 + * 01357b17 . 83c4 08 add esp,0x8 + * 01357b1a . 84c0 test al,al + * 01357b1c . 74 1d je short dotkares.01357b3b + * 01357b1e . 8d46 64 lea eax,dword ptr ds:[esi+0x64] + * 01357b21 . e8 bad0f8ff call dotkares.012e4be0 + * 01357b26 . 68 28a17501 push dotkares.0175a128 ; /arg1 = 0175a128 ascii "
" + * + * - Type2: Tiny×MACHINEGUN: /HBN-8*0@4CEB8:TinyMachinegun.exe + * processStartAddress: 0x12f0000 + * There are two possible places to hook + * + * 0133cea0 . fff0 push eax ; beginning of a new function + * 0133cea2 . 0fc111 xadd dword ptr ds:[ecx],edx + * 0133cea5 . 4a dec edx + * 0133cea6 . 85d2 test edx,edx + * 0133cea8 . 7f 0a jg short tinymach.0133ceb4 + * 0133ceaa . 8b08 mov ecx,dword ptr ds:[eax] + * 0133ceac . 8b11 mov edx,dword ptr ds:[ecx] + * 0133ceae . 50 push eax + * 0133ceaf . 8b42 04 mov eax,dword ptr ds:[edx+0x4] + * 0133ceb2 . ffd0 call eax + * 0133ceb4 > 8b4c24 14 mov ecx,dword ptr ss:[esp+0x14] + * 0133ceb8 . 33db xor ebx,ebx ; jichi: hook here + * 0133ceba . 3959 f4 cmp dword ptr ds:[ecx-0xc],ebx + * 0133cebd . 0f84 d4010000 je tinymach.0133d097 + * 0133cec3 . 8b7424 20 mov esi,dword ptr ss:[esp+0x20] + * 0133cec7 . e8 f4f90100 call tinymach.0135c8c0 ; jichi: or hook here + * 0133cecc . 8bf0 mov esi,eax + * 0133cece . 3bf3 cmp esi,ebx + * 0133ced0 . 0f84 c1010000 je tinymach.0133d097 + * 0133ced6 . 8d5424 14 lea edx,dword ptr ss:[esp+0x14] + * 0133ceda . 52 push edx ; /arg2 + * 0133cedb . 68 44847d01 push tinymach.017d8444 ; |arg1 = 017d8444 + * 0133cee0 . e8 eb5bfdff call tinymach.01312ad0 ; \tinymach.011b2ad0 + * + * - Type 3: 剣が君: /HBN-8*0@B357D:KenGaKimi.exe + * + * 01113550 . fff0 push eax + * 01113552 . 0fc111 xadd dword ptr ds:[ecx],edx + * 01113555 . 4a dec edx + * 01113556 . 85d2 test edx,edx + * 01113558 . 7f 0a jg short kengakim.01113564 + * 0111355a . 8b08 mov ecx,dword ptr ds:[eax] + * 0111355c . 8b11 mov edx,dword ptr ds:[ecx] + * 0111355e . 50 push eax + * 0111355f . 8b42 04 mov eax,dword ptr ds:[edx+0x4] + * 01113562 . ffd0 call eax + * 01113564 8b4c24 14 mov ecx,dword ptr ss:[esp+0x14] + * 01113568 33ff xor edi,edi + * 0111356a 3979 f4 cmp dword ptr ds:[ecx-0xc],edi + * 0111356d 0f84 09020000 je kengakim.0111377c + * 01113573 8d5424 14 lea edx,dword ptr ss:[esp+0x14] + * 01113577 52 push edx + * 01113578 68 dc6a5401 push kengakim.01546adc + * 0111357d e8 3eaff6ff call kengakim.0107e4c0 ; hook here + */ +bool FindRejetHook(LPCVOID pattern, DWORD pattern_size, DWORD hook_off, DWORD hook_offset, LPCSTR hook_name = "Rejet") +{ + // Offset to the function call from the beginning of the function + //enum { addr_offset = 0x21 }; // Type1: hex(0x01185332-0x01185311) + //const BYTE pattern[] = { // Type1: Function start + // 0xff,0xf0, // 01185311 . fff0 push eax ; beginning of a new function + // 0x0f,0xc1,0x11, // 01185313 . 0fc111 xadd dword ptr ds:[ecx],edx + // 0x4a, // 01185316 . 4a dec edx + // 0x85,0xd2, // 01185317 . 85d2 test edx,edx + // 0x0f,0x8f // 01185319 . 0f8f 45020000 jg DotKares.01185564 + //}; + //GROWL_DWORD(processStartAddress); + ULONG addr = processStartAddress; //- sizeof(pattern); + do { + //addr += sizeof(pattern); // ++ so that each time return diff address + ULONG range = min(processStopAddress - addr, MAX_REL_ADDR); + addr = MemDbg::findBytes(pattern, pattern_size, addr, addr + range); + if (!addr) { + //ITH_MSG(L"failed"); + ConsoleOutput("Rejet: pattern not found"); + return false; + } + + addr += hook_off; + //GROWL_DWORD(addr); + //GROWL_DWORD(*(DWORD *)(addr-3)); + //const BYTE hook_ins[] = { + // /*0x8b,*/0x74,0x24, 0x20, // mov esi,dword ptr ss:[esp+0x20] + // 0xe8 //??,??,??,??, 01357af9 e8 7283fbff call DotKares.0130fe70 ; jichi: hook here + //}; + } while(0xe8202474 != *(DWORD *)(addr - 3)); + + ConsoleOutput("INSERT Rejet"); + HookParam hp; + hp.address = addr; //- 0xf; + hp.type = NO_CONTEXT|DATA_INDIRECT|FIXING_SPLIT; + hp.offset = hook_offset; + + return NewHook(hp, hook_name); +} +bool InsertRejetHook1() // This type of hook has varied hook address +{ + const BYTE bytes[] = { // Type1: Function start + 0xff,0xf0, // 01185311 . fff0 push eax ; beginning of a new function + 0x0f,0xc1,0x11, // 01185313 . 0fc111 xadd dword ptr ds:[ecx],edx + 0x4a, // 01185316 . 4a dec edx + 0x85,0xd2, // 01185317 . 85d2 test edx,edx + 0x0f,0x8f // 01185319 . 0f8f 45020000 jg DotKares.01185564 + }; + // Offset to the function call from the beginning of the function + enum { addr_offset = 0x21 }; // Type1: hex(0x01185332-0x01185311) + enum { hook_offset = -0x8 }; // hook parameter + return FindRejetHook(bytes, sizeof(bytes), addr_offset, hook_offset); +} +bool InsertRejetHook2() // This type of hook has static hook address +{ + const BYTE bytes[] = { // Type2 Function start + 0xff,0xf0, // 01357ad2 fff0 push eax + 0x0f,0xc1,0x11, // 01357ad4 0fc111 xadd dword ptr ds:[ecx],edx + 0x4a, // 01357ad7 4a dec edx + 0x85,0xd2, // 01357ad8 85d2 test edx,edx + 0x7f, 0x0a, // 01357ada 7f 0a jg short DotKares.01357ae6 + 0x8b,0x08, // 01357adc 8b08 mov ecx,dword ptr ds:[eax] + 0x8b,0x11, // 01357ade 8b11 mov edx,dword ptr ds:[ecx] + 0x50, // 01357ae0 50 push eax + 0x8b,0x42, 0x04, // 01357ae1 8b42 04 mov eax,dword ptr ds:[edx+0x4] + 0xff,0xd0, // 01357ae4 ffd0 call eax + 0x8b,0x4c,0x24, 0x14 // 01357ae6 8b4c24 14 mov ecx,dword ptr ss:[esp+0x14] + }; + // Offset to the function call from the beginning of the function + enum { addr_offset = 0x27 }; // Type2: hex(0x0133CEC7-0x0133CEA0) = hex(0x01357af9-0x1357ad2) + enum { hook_offset = -0xc }; // hook parameter + return FindRejetHook(bytes, sizeof(bytes), addr_offset, hook_offset); +} +bool InsertRejetHook3() // jichi 12/28/2013: add for 剣が君 +{ + // The following pattern is the same as type2 + const BYTE bytes[] = { // Type2 Function start + 0xff,0xf0, // 01357ad2 fff0 push eax + 0x0f,0xc1,0x11, // 01357ad4 0fc111 xadd dword ptr ds:[ecx],edx + 0x4a, // 01357ad7 4a dec edx + 0x85,0xd2, // 01357ad8 85d2 test edx,edx + 0x7f, 0x0a, // 01357ada 7f 0a jg short DotKares.01357ae6 + 0x8b,0x08, // 01357adc 8b08 mov ecx,dword ptr ds:[eax] + 0x8b,0x11, // 01357ade 8b11 mov edx,dword ptr ds:[ecx] + 0x50, // 01357ae0 50 push eax + 0x8b,0x42, 0x04, // 01357ae1 8b42 04 mov eax,dword ptr ds:[edx+0x4] + 0xff,0xd0, // 01357ae4 ffd0 call eax + 0x8b,0x4c,0x24, 0x14 // 01357ae6 8b4c24 14 mov ecx,dword ptr ss:[esp+0x14] + }; + // Offset to the function call from the beginning of the function + //enum { addr_offset = 0x27 }; // Type2: hex(0x0133CEC7-0x0133CEA0) = hex(0x01357af9-0x1357ad2) + enum { hook_offset = -0xc }; // hook parameter + ULONG addr = processStartAddress; //- sizeof(bytes); + while (true) { + //addr += sizeof(bytes); // ++ so that each time return diff address + ULONG range = min(processStopAddress - addr, MAX_REL_ADDR); + addr = MemDbg::findBytes(bytes, sizeof(bytes), addr, addr + range); + if (!addr) { + //ITH_MSG(L"failed"); + ConsoleOutput("Rejet: pattern not found"); + return false; + } + addr += sizeof(bytes); + // Push and call at once, i.e. push (0x68) and call (0xe8) + // 01185345 52 push edx + // 01185346 . 68 e4fe5501 push dotkares.0155fee4 ; |arg1 = 0155fee4 + // 0118534b . e8 1023f9ff call dotkares.01117660 ; \dotkares.00377660 + enum { start = 0x10, stop = 0x50 }; + // Different from FindRejetHook + DWORD i; + for (i = start; i < stop; i++) + if (*(WORD *)(addr + i - 1) == 0x6852 && *(BYTE *)(addr + i + 5) == 0xe8) // 0118534B-01185346 + break; + if (i < stop) { + addr += i; + break; + } + } //while(0xe8202474 != *(DWORD *)(addr - 3)); + + //GROWL_DWORD(addr - processStartAddress); // = 0xb3578 for 剣が君 + + ConsoleOutput("INSERT Rejet"); + // The same as type2 + HookParam hp; + hp.address = addr; //- 0xf; + hp.type = NO_CONTEXT|DATA_INDIRECT|FIXING_SPLIT; + hp.offset = hook_offset; + + return NewHook(hp, "Rejet"); +} +} // unnamed Rejet + +bool InsertRejetHook() +{ return InsertRejetHook2() || InsertRejetHook1() || InsertRejetHook3(); } // insert hook2 first, since 2's pattern seems to be more unique + + +bool Rejet::attach_function() { + + return InsertRejetHook(); +} \ No newline at end of file diff --git a/LunaHook/engine32/Rejet.h b/LunaHook/engine32/Rejet.h new file mode 100644 index 0000000..d289958 --- /dev/null +++ b/LunaHook/engine32/Rejet.h @@ -0,0 +1,11 @@ +#include"engine.h" + +class Rejet:public ENGINE{ + public: + Rejet(){ + + check_by=CHECK_BY::FILE_ALL; + check_by_target=check_by_list{L"gd.dat",L"pf.dat",L"sd.dat"}; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Renpy.cpp b/LunaHook/engine32/Renpy.cpp new file mode 100644 index 0000000..fb85bfd --- /dev/null +++ b/LunaHook/engine32/Renpy.cpp @@ -0,0 +1,8 @@ +#include"Renpy.h" + +#include"python/python.h" + +bool Renpy::attach_function() { + + return InsertRenpyHook(); +} \ No newline at end of file diff --git a/LunaHook/engine32/Renpy.h b/LunaHook/engine32/Renpy.h new file mode 100644 index 0000000..73dd12e --- /dev/null +++ b/LunaHook/engine32/Renpy.h @@ -0,0 +1,14 @@ +#include"engine.h" + +class Renpy:public ENGINE{ + public: + Renpy(){ + + check_by=CHECK_BY::CUSTOM; + check_by_target=[](){ + //Renpy - sample game https://vndb.org/v19843 + return Util::CheckFile(L"*.py")|| GetModuleHandleW(L"librenpython.dll"); + }; + }; + bool attach_function(); +}; diff --git a/LunaHook/engine32/Retouch.cpp b/LunaHook/engine32/Retouch.cpp new file mode 100644 index 0000000..2cc6eff --- /dev/null +++ b/LunaHook/engine32/Retouch.cpp @@ -0,0 +1,109 @@ +#include"Retouch.h" + +// jichi 6/21/2015 +namespace { // unnamed + +void SpecialHookRetouch1(hook_stack* stack, HookParam *, uintptr_t *data, uintptr_t *split, size_t*len) +{ + DWORD text = stack->stack[1]; + *data = text; + *len = ::strlen((LPCSTR)text); + *split = + stack->eax == 0 ? FIXED_SPLIT_VALUE * 2 : // name + stack->ebx == 0 ? FIXED_SPLIT_VALUE * 1 : // scenario + FIXED_SPLIT_VALUE * 3 ; // other +} + +bool InsertRetouch1Hook() +{ + HMODULE hModule = ::GetModuleHandleA("resident.dll"); + if (!hModule) { + ConsoleOutput("Retouch: failed, dll handle not loaded"); + return false; + } + // private: bool __thiscall RetouchPrintManager::printSub(char const *,class UxPrintData &,unsigned long) 0x10050650 0x00050650 2904 (0xb58) resident.dll C:\Local\箱庭ロジヂ�\resident.dll Exported Function + const char *sig = "?printSub@RetouchPrintManager@@AAE_NPBDAAVUxPrintData@@K@Z"; + DWORD addr = (DWORD)::GetProcAddress(hModule, sig); + if (!addr) { + ConsoleOutput("Retouch: failed, procedure not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.type = USING_STRING|NO_CONTEXT|EMBED_ABLE|EMBED_AFTER_NEW|EMBED_BEFORE_SIMPLE|EMBED_DYNA_SJIS; + hp.hook_font=F_GetGlyphOutlineA; + hp.text_fun = SpecialHookRetouch1; + ConsoleOutput("INSERT Retouch"); + return NewHook(hp, "Retouch"); +} + +bool InsertRetouch2Hook() +{ + HMODULE hModule = ::GetModuleHandleA("resident.dll"); + if (!hModule) { + ConsoleOutput("Retouch2: failed, dll handle not loaded"); + return false; + } + // private: void __thiscall RetouchPrintManager::printSub(char const *,unsigned long,int &,int &) 0x10046560 0x00046560 2902 (0xb56) resident.dll C:\Local\箱庭ロジヂ�\resident.dll Exported Function + const char *sig = "?printSub@RetouchPrintManager@@AAEXPBDKAAH1@Z"; + DWORD addr = (DWORD)::GetProcAddress(hModule, sig); + if (!addr) { + ConsoleOutput("Retouch2: failed, procedure not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.offset=get_stack(1); + hp.type = USING_STRING|NO_CONTEXT|EMBED_ABLE|EMBED_AFTER_NEW|EMBED_BEFORE_SIMPLE|EMBED_DYNA_SJIS; + hp.hook_font=F_GetGlyphOutlineA; + ConsoleOutput("INSERT Retouch"); + return NewHook(hp, "Retouch"); +} + +namespace HistoryHook { +inline ULONG get_jmp_absaddr(ULONG inst) +{ return inst + 5 + *(ULONG *)(inst + 1); } +bool attach() // attach scenario +{ + if(GetModuleHandle(L"resident.dll")==0)return false; + auto [startAddress, stopAddress] = Util::QueryModuleLimits(GetModuleHandle(L"resident.dll")); + const uint8_t bytes[] = { + 0x8b,0x44,0x24, 0x04, // 051cf2e0 8b4424 04 mov eax,dword ptr ss:[esp+0x4] + 0x6a, 0x02, // 051cf2e4 6a 02 push 0x2 + 0x6a, 0x00, // 051cf2e6 6a 00 push 0x0 + 0x6a, 0x00, // 051cf2e8 6a 00 push 0x0 + 0x6a, 0x00, // 051cf2ea 6a 00 push 0x0 + 0x50, // 051cf2ec 50 push eax + 0xe8 //9ef8ffff // 051cf2ed e8 9ef8ffff call _1locke2.051ceb90 + // 051cf2f2 c2 0400 retn 0x4 + }; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if (!addr) + return false; + addr += sizeof(bytes) - 1; // move to the short call instruction + addr = get_jmp_absaddr(addr); + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.type = USING_STRING|NO_CONTEXT|EMBED_ABLE|EMBED_AFTER_NEW|EMBED_BEFORE_SIMPLE|EMBED_DYNA_SJIS; + hp.hook_font=F_GetGlyphOutlineA; + return NewHook(hp, "RetouchHistory"); +} + +} // namespace HistoryHook +} // unnamed namespace +bool InsertRetouchHook() +{ + bool ok = InsertRetouch1Hook(); + ok = InsertRetouch2Hook() || ok; + ok=HistoryHook::attach()||ok; + return ok; +} +bool Retouch::attach_function() { + + return InsertRetouchHook(); +} \ No newline at end of file diff --git a/LunaHook/engine32/Retouch.h b/LunaHook/engine32/Retouch.h new file mode 100644 index 0000000..39918f0 --- /dev/null +++ b/LunaHook/engine32/Retouch.h @@ -0,0 +1,11 @@ +#include"engine.h" + +class Retouch:public ENGINE{ + public: + Retouch(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"resident.dll"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/RpgmXP.cpp b/LunaHook/engine32/RpgmXP.cpp new file mode 100644 index 0000000..f32c0be --- /dev/null +++ b/LunaHook/engine32/RpgmXP.cpp @@ -0,0 +1,29 @@ +#include"RpgmXP.h" + + + +bool InsertRpgmXPHook() +{ + + /* + * Sample games: + * セントヘレナ(RJ137364) + */ + HookParam hp; + wcsncpy_s(hp.module, L"gdi32.dll", MAX_MODULE_SIZE - 1); + strncpy_s(hp.function, "GetGlyphOutlineW", MAX_MODULE_SIZE - 1); + hp.address = 0; + hp.offset=get_stack(2); //arg2 + hp.index = 0; + hp.split = get_reg(regs::esi); + hp.split_index = 0; + hp.type = CODEC_UTF16 | USING_SPLIT | MODULE_OFFSET | FUNCTION_OFFSET; + ConsoleOutput(" INSERT RpgmXP"); + + return NewHook(hp, "RpgmXP"); +} + + +bool RpgmXP::attach_function() { + return InsertRpgmXPHook(); +} \ No newline at end of file diff --git a/LunaHook/engine32/RpgmXP.h b/LunaHook/engine32/RpgmXP.h new file mode 100644 index 0000000..23a50ea --- /dev/null +++ b/LunaHook/engine32/RpgmXP.h @@ -0,0 +1,12 @@ +#include"engine.h" + +class RpgmXP:public ENGINE{ + public: + RpgmXP(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"*.rgssad"; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Ruf.cpp b/LunaHook/engine32/Ruf.cpp new file mode 100644 index 0000000..4f33057 --- /dev/null +++ b/LunaHook/engine32/Ruf.cpp @@ -0,0 +1,28 @@ +#include"Ruf.h" + +bool Ruf::attach_function() { + const BYTE bytes[] = { + //奴隷市場Renaissance + 0x81,XX,0x00,0x01,0x00,0x00, + 0x8B,0xF0, + 0x76,0x07, + 0x81,0x6D,0xF4,0x00,0x80,0x00,0x00, + }; + const BYTE bytes2[] = { + //セイレムの魔女たち + 0x81,XX,0x00,0x01,0x00,0x00, + 0x76,0x07, + 0x81,0x6D,0xF4,0x00,0x80,0x00,0x00, + }; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (addr == 0) + addr = MemDbg::findBytes(bytes2, sizeof(bytes2), processStartAddress, processStopAddress); + if (addr == 0)return false; + addr = findfuncstart(addr); + if (addr == 0)return false; + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::edx); + hp.type |= CODEC_ANSI_BE; + return NewHook(hp, "Ruf"); +} \ No newline at end of file diff --git a/LunaHook/engine32/Ruf.h b/LunaHook/engine32/Ruf.h new file mode 100644 index 0000000..d2a36ff --- /dev/null +++ b/LunaHook/engine32/Ruf.h @@ -0,0 +1,11 @@ +#include"engine.h" + +class Ruf:public ENGINE{ + public: + Ruf(){ + is_engine_certain=false; + check_by=CHECK_BY::FILE_ALL; + check_by_target=check_by_list{L"*.arc",L"*.wsm",L"*.scb",L"*.bmx"}; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Ryokucha.cpp b/LunaHook/engine32/Ryokucha.cpp new file mode 100644 index 0000000..77f508a --- /dev/null +++ b/LunaHook/engine32/Ryokucha.cpp @@ -0,0 +1,370 @@ +#include"Ryokucha.h" +#include"ntxpundef.h" +static void SpecialHookRyokucha(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) +{ + for (DWORD i = 1; i < 5; i++) { + DWORD j = stack->stack[i]; + if ((j >> 16) == 0 && (j >> 8)) { + hp->offset = i << 2; + *data = j; + *len = 2; + //hp->type &= ~EXTERN_HOOK; + hp->text_fun = nullptr; + return; + } + } + *len = 0; +} +bool InsertRyokuchaDynamicHook(LPVOID addr, uintptr_t frame, uintptr_t stack) +{ + if (addr != ::GetGlyphOutlineA) + return false; + + auto tib = (NT_TIB*)__readfsdword(0); + auto exception = tib->ExceptionList; + for (int i = 0; i < 1; i++) { + exception = exception->Next; + } + auto handler=(DWORD)exception->Handler; + auto ptr=*(DWORD*)((DWORD)exception+0xC); + auto insert_addr=ptr+*(DWORD*)(ptr-4); + auto flag=(*(DWORD*)(insert_addr+3)==handler); + + if (flag) { + HookParam hp; + hp.address = insert_addr; + hp.text_fun = SpecialHookRyokucha; + hp.type = CODEC_ANSI_BE|USING_CHAR; + ConsoleOutput("INSERT StudioRyokucha"); + return NewHook(hp, "StudioRyokucha"); + } + //else ConsoleOutput("Unknown Ryokucha engine."); + ConsoleOutput("StudioRyokucha: failed"); + return true; +} +void InsertRyokuchaHook() +{ + //ConsoleOutput("Probably Ryokucha. Wait for text."); + trigger_fun = InsertRyokuchaDynamicHook; + ConsoleOutput("TRIGGER Ryokucha"); +} + +/** + * jichi 1/10/2014: Rai7 puk + * See: http://www.hongfire.com/forum/showthread.php/421909-%E3%80%90Space-Warfare-Sim%E3%80%91Rai-7-PUK/page10 + * See: www.hongfire.com/forum/showthread.php/421909-%E3%80%90Space-Warfare-Sim%E3%80%91Rai-7-PUK/page19 + * + * Version: R7P3-13v2(131220).rar, pass: sstm http://pan.baidu.com/share/home?uk=3727185265#category/type=0 + * /HS0@409524 + */ +//bool InsertRai7Hook() +//{ +//} + +/** + * jichi 10/1/2013: sol-fa-soft + * See (tryguy): http://www.hongfire.com/forum/printthread.php?t=36807&pp=10&page=639 + * + * @tryguy + * [sol-fa-soft] + * 17 スク水不要� /HA4@4AD140 + * 18 ななちも�とぁ�しょ: /HA4@5104A0 + * 19 発惁�んこぁ�� /HA4@51D720 + * 20 わたし�たまごさ� /HA4@4968E0 + * 21 修学旡�夜更かし� /HA4@49DC00 + * 22 おぼえたてキヂ�: /HA4@49DDB0 + * 23 ちっさい巫女さんSOS: /HA4@4B4AA0 + * 24 はじめてのお�ろやさん: /HA4@4B5600 + * 25 はきわすれ愛好� /HA4@57E360 + * 26 朝っぱらから発惮�� /HA4@57E360 + * 27 となり�ヴァンパイア: /HA4@5593B0 + * 28 麦わら帽子と水辺の妖精: /HA4@5593B0 + * 29 海と温泉と夏休み: /HA4@6DE8E0 + * 30 駏�子屋さん繁盛� /HA4@6DEC90 + * 31 浴衣の下�… �神社で発見�ノ�パン少女 /HA4@6DEC90 + * 32 プ�ルのじか�スク水不要�: /HA4@62AE10 + * 33 妹のお泊まり� /HA4@6087A0 + * 34 薝�少女: /HA4@6087A0 + * 35 あや�Princess Intermezzo: /HA4@609BF0 + * + * SG01 男湯�: /HA4@6087A0 + * + * c71 真�の大晦日CD: /HA4@516b50 + * c78 sol-fa-soft真夏�お気楽CD: /HA4@6DEC90 + * + * Example: 35 あや�Princess Intermezzo: /HA4@609BF0 + * - addr: 6331376 = 0x609bf0 + * - length_offset: 1 + * - off: 4 + * - type: 4 + * + * ASCII: あや� addr_offset = -50 + * Function starts + * 00609bef /> cc int3 + * 00609bf0 /> 55 push ebp + * 00609bf1 |. 8bec mov ebp,esp + * 00609bf3 |. 64:a1 00000000 mov eax,dword ptr fs:[0] + * 00609bf9 |. 6a ff push -0x1 + * 00609bfb |. 68 e1266300 push あや�006326e1 + * 00609c00 |. 50 push eax + * 00609c01 |. 64:8925 000000>mov dword ptr fs:[0],esp + * 00609c08 |. 81ec 80000000 sub esp,0x80 + * 00609c0e |. 53 push ebx + * 00609c0f |. 8b5d 08 mov ebx,dword ptr ss:[ebp+0x8] + * 00609c12 |. 57 push edi + * 00609c13 |. 8bf9 mov edi,ecx + * 00609c15 |. 8b07 mov eax,dword ptr ds:[edi] + * 00609c17 |. 83f8 02 cmp eax,0x2 + * 00609c1a |. 75 1f jnz short あや�00609c3b + * 00609c1c |. 3b5f 40 cmp ebx,dword ptr ds:[edi+0x40] + * 00609c1f |. 75 1a jnz short あや�00609c3b + * 00609c21 |. 837f 44 00 cmp dword ptr ds:[edi+0x44],0x0 + * 00609c25 |. 74 14 je short あや�00609c3b + * 00609c27 |. 5f pop edi + * 00609c28 |. b0 01 mov al,0x1 + * 00609c2a |. 5b pop ebx + * 00609c2b |. 8b4d f4 mov ecx,dword ptr ss:[ebp-0xc] + * 00609c2e |. 64:890d 000000>mov dword ptr fs:[0],ecx + * 00609c35 |. 8be5 mov esp,ebp + * 00609c37 |. 5d pop ebp + * 00609c38 |. c2 0400 retn 0x4 + * Function stops + * + * WideChar: こいな�小田舎で初恋x中出しセクシャルライ�, addr_offset = -53 + * 0040653a cc int3 + * 0040653b cc int3 + * 0040653c cc int3 + * 0040653d cc int3 + * 0040653e cc int3 + * 0040653f cc int3 + * 00406540 > 55 push ebp + * 00406541 . 8bec mov ebp,esp + * 00406543 . 64:a1 00000000 mov eax,dword ptr fs:[0] + * 00406549 . 6a ff push -0x1 + * 0040654b . 68 f1584300 push erondo01.004358f1 + * 00406550 . 50 push eax + * 00406551 . 64:8925 000000>mov dword ptr fs:[0],esp + * 00406558 . 83ec 6c sub esp,0x6c + * 0040655b . 53 push ebx + * 0040655c . 8bd9 mov ebx,ecx + * 0040655e . 57 push edi + * 0040655f . 8b03 mov eax,dword ptr ds:[ebx] + * 00406561 . 8b7d 08 mov edi,dword ptr ss:[ebp+0x8] + * 00406564 . 83f8 02 cmp eax,0x2 + * 00406567 . 75 1f jnz short erondo01.00406588 + * 00406569 . 3b7b 3c cmp edi,dword ptr ds:[ebx+0x3c] + * 0040656c . 75 1a jnz short erondo01.00406588 + * 0040656e . 837b 40 00 cmp dword ptr ds:[ebx+0x40],0x0 + * 00406572 . 74 14 je short erondo01.00406588 + * 00406574 . 5f pop edi + * 00406575 . b0 01 mov al,0x1 + * 00406577 . 5b pop ebx + * 00406578 . 8b4d f4 mov ecx,dword ptr ss:[ebp-0xc] + * 0040657b . 64:890d 000000>mov dword ptr fs:[0],ecx + * 00406582 . 8be5 mov esp,ebp + * 00406584 . 5d pop ebp + * 00406585 . c2 0400 retn 0x4 + * + * WideChar: 祝福�鐘�音は、桜色の風と共に, addr_offset = -50, + * FIXME: how to know if it is UTF16? This game has /H code, though: + * + * /HA-4@94D62:shukufuku_main.exe + * + * 011d619e cc int3 + * 011d619f cc int3 + * 011d61a0 55 push ebp + * 011d61a1 8bec mov ebp,esp + * 011d61a3 64:a1 00000000 mov eax,dword ptr fs:[0] + * 011d61a9 6a ff push -0x1 + * 011d61ab 68 d1811f01 push .011f81d1 + * 011d61b0 50 push eax + * 011d61b1 64:8925 00000000 mov dword ptr fs:[0],esp + * 011d61b8 81ec 80000000 sub esp,0x80 + * 011d61be 53 push ebx + * 011d61bf 8b5d 08 mov ebx,dword ptr ss:[ebp+0x8] + * 011d61c2 57 push edi + * 011d61c3 8bf9 mov edi,ecx + * 011d61c5 8b07 mov eax,dword ptr ds:[edi] + * 011d61c7 83f8 02 cmp eax,0x2 + * 011d61ca 75 1f jnz short .011d61eb + * 011d61cc 3b5f 40 cmp ebx,dword ptr ds:[edi+0x40] + * 011d61cf 75 1a jnz short .011d61eb + * 011d61d1 837f 44 00 cmp dword ptr ds:[edi+0x44],0x0 + * 011d61d5 74 14 je short .011d61eb + * 011d61d7 5f pop edi + * 011d61d8 b0 01 mov al,0x1 + * 011d61da 5b pop ebx + * 011d61db 8b4d f4 mov ecx,dword ptr ss:[ebp-0xc] + * 011d61de 64:890d 00000000 mov dword ptr fs:[0],ecx + * 011d61e5 8be5 mov esp,ebp + * 011d61e7 5d pop ebp + * 011d61e8 c2 0400 retn 0x4 + */ +bool InsertScenarioPlayerHook() +{ + PcHooks::hookOtherPcFunctions(); + //const BYTE bytes[] = { + // 0x53, // 00609c0e |. 53 push ebx + // 0x8b,0x5d,0x08, // 00609c0f |. 8b5d 08 mov ebx,dword ptr ss:[ebp+0x8] + // 0x57, // 00609c12 |. 57 push edi + // 0x8b,0xf9, // 00609c13 |. 8bf9 mov edi,ecx + // 0x8b,0x07, // 00609c15 |. 8b07 mov eax,dword ptr ds:[edi] + // 0x83,0xf8, 0x02, // 00609c17 |. 83f8 02 cmp eax,0x2 + // 0x75, 0x1f, // 00609c1a |. 75 1f jnz short あや�00609c3b + // 0x3b,0x5f, 0x40, // 00609c1c |. 3b5f 40 cmp ebx,dword ptr ds:[edi+0x40] + // 0x75, 0x1a, // 00609c1f |. 75 1a jnz short あや�00609c3b + // 0x83,0x7f, 0x44, 0x00, // 00609c21 |. 837f 44 00 cmp dword ptr ds:[edi+0x44],0x0 + // 0x74, 0x14, // 00609c25 |. 74 14 je short あや�00609c3b + //}; + //enum { addr_offset = 0x00609bf0 - 0x00609c0e }; // distance to the beginning of the function + + const BYTE bytes[] = { + 0x74, 0x14, // 00609c25 |. 74 14 je short あや�00609c3b + 0x5f, // 00609c27 |. 5f pop edi + 0xb0, 0x01, // 00609c28 |. b0 01 mov al,0x1 + 0x5b, // 00609c2a |. 5b pop ebx + 0x8b,0x4d, 0xf4 // 00609c2b |. 8b4d f4 mov ecx,dword ptr ss:[ebp-0xc] + }; + enum { // distance to the beginning of the function + addr_offset_A = 0x00609bf0 - 0x00609c25 // -53 + , addr_offset_W = 0x00406540 - 0x00406572 // -50 + }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG start = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!start) { + ConsoleOutput("ScenarioPlayer: pattern not found"); + return false; + } + + DWORD addr = MemDbg::findEnclosingAlignedFunction(start, 80); // range is around 50, use 80 + + enum : BYTE { push_ebp = 0x55 }; // 011d4c80 /$ 55 push ebp + if (!addr || *(BYTE *)addr != push_ebp) { + ConsoleOutput("ScenarioPlayer: pattern found but the function offset is invalid"); + return false; + } + auto succ=false; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + if ( + (addr - start == addr_offset_W)|| + ( + (Util::FindImportEntry(processStartAddress,(DWORD)GetGlyphOutlineA)==0)&& + (Util::FindImportEntry(processStartAddress,(DWORD)TextOutA)==0)&& + (Util::FindImportEntry(processStartAddress,(DWORD)ExtTextOutA)==0)&& + (Util::FindImportEntry(processStartAddress,(DWORD)GetTextExtentPoint32A)==0) + //祝福の鐘の音は、桜色の風と共に + ) + ) { + // Artikash 8/18/2018: can't figure out how to tell apart which hook is needed, so alert user + // (The method used to tell the hooks apart previously fails on https://vndb.org/v19713) + + hp.type = CODEC_UTF16; + ConsoleOutput("INSERT ScenarioPlayerW"); + succ=NewHook(hp, "ScenarioPlayerW"); + } else { + hp.type = CODEC_ANSI_BE; // 4 + ConsoleOutput("INSERT ScenarioPlayerA"); + succ=NewHook(hp, "ScenarioPlayerA"); + } + ConsoleOutput("Text encoding might be wrong: try changing it if this hook finds garbage!"); + return succ; +} + +bool InsertScenarioPlayerHookx() { + //夏彩恋呗 + //为避免和engine中的冲突,进行一次xref + const BYTE bytes[] = { + 0xC1,0xE8,0x02,0x25,0x01,0xFF,0xFF,0xFF,0x89,0x45,XX + }; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + ConsoleOutput("%p", addr); + if (addr == 0)return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + ConsoleOutput("%p", addr); + if (addr == 0)return false; + auto addrs = findxref_reverse_checkcallop(addr, addr - 0x1000, addr, 0xe9); + if (addrs.size() != 1)return false; + addr = addrs[0]; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (addr == 0)return false; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.type = CODEC_UTF16; + return NewHook(hp, "sutajioryokutyaW"); +} +namespace{ + bool Iyashikei(){ + //癒し系ソープ嬢ヒロさん + const BYTE bytes[] = { + 0x6A,0xFF, + 0x68,XX4, + 0x64,0xA1,0x00,0x00,0x00,0x00, + 0x50, + 0x83,0xEC,0x08, + 0x56, + 0xA1,0x08,0x6E,0x6B,0x00, + 0x33,0xC4, + 0x50, + 0x8D,0x44,0x24,XX, + 0x64,0xA3,0x00,0x00,0x00,0x00, + 0x8B,0xF1, + 0x8B,0x44,0x24,XX, + 0x50, + 0x8D,0x4C,0x24,XX, + 0x51, + 0x8B,0xCE, + 0xE8,XX4 + }; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if(addr==0)return false; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.type = CODEC_ANSI_BE; + return NewHook(hp, "Iyashikei"); + } +} +bool InsertScenarioPlayerHook_all(){ + bool b1= InsertScenarioPlayerHook(); + bool b2=InsertScenarioPlayerHookx(); + return b1||b2||Iyashikei(); +} +bool Ryokucha::attach_function() { + InsertRyokuchaHook(); + + if (Util::CheckFile(L"*.iar") && Util::CheckFile(L"*.sec5")) // jichi 9/27/2014: For new Ryokucha games + InsertScenarioPlayerHook_all(); + + return true; +} + +bool ScenarioPlayer_last::attach_function() { + + return InsertScenarioPlayerHook_all(); +} +bool Ryokucha2::attach_function() { + //夏日 + const BYTE bytes[] = { + 0x8b,XX2,0x2b,0xd1,0xc1,0xfa,0x02,0x3b,0xd0,0x76 + }; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + ConsoleOutput("%p", addr); + if (addr == 0)return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + ConsoleOutput("%p", addr); + if (addr == 0)return false; + + HookParam hp; + hp.address = addr; + hp.offset =get_stack(6); + hp.type = USING_STRING; + hp.filter_fun = [](void* data, size_t* len, HookParam* hp) { + std::string s = std::string(reinterpret_cast(data), *len); + if (s[0] == '#')return false; + return true; + }; + return NewHook(hp, "sutajioryokutya"); +} \ No newline at end of file diff --git a/LunaHook/engine32/Ryokucha.h b/LunaHook/engine32/Ryokucha.h new file mode 100644 index 0000000..975126f --- /dev/null +++ b/LunaHook/engine32/Ryokucha.h @@ -0,0 +1,48 @@ +#include"engine.h" + +class Ryokucha:public ENGINE{ + public: + Ryokucha(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"*_checksum.exe"; + }; + bool attach_function(); +}; +class Ryokucha2:public ENGINE{ + public: + Ryokucha2(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"sc\\*.scc"; + is_engine_certain=false; + + }; + bool attach_function(); +}; + +class ScenarioPlayer_last:public ENGINE{ + public: + ScenarioPlayer_last(){ + + check_by=CHECK_BY::FILE_ALL; + check_by_target=check_by_list{ + L"*.iar", + L"*.sec5" + }; + + }; + bool attach_function(); +}; +class Ryokuchaold:public Ryokucha{ + public: + Ryokuchaold(){ + //巫女さんファイター!涼子ちゃん + check_by=CHECK_BY::FILE_ALL; + check_by_target=check_by_list{ + L"img\\*.iar", + L"*.sec5" + }; + is_engine_certain=false; + }; +}; \ No newline at end of file diff --git a/LunaHook/engine32/SRPGStudio.cpp b/LunaHook/engine32/SRPGStudio.cpp new file mode 100644 index 0000000..d732403 --- /dev/null +++ b/LunaHook/engine32/SRPGStudio.cpp @@ -0,0 +1,16 @@ +#include"SRPGStudio.h" + +bool SRPGStudio::attach_function() { + //NAGINATA SOFT + //HERO'S PARTY R + //https://store.steampowered.com/app/1804020/HEROS_PARTY_R/ + auto dll=GetModuleHandleW(L"OLEAUT32.dll"); + if(dll==0)return 0; + auto addr=GetProcAddress(dll,"SysAllocString"); + if(addr==0)return 0; + HookParam hp; + hp.address = (DWORD)addr; + hp.offset=get_stack(1); + hp.type = USING_STRING|CODEC_UTF16|EMBED_ABLE|EMBED_BEFORE_SIMPLE|EMBED_AFTER_NEW; + return NewHook(hp, "SRPGStudio"); +} \ No newline at end of file diff --git a/LunaHook/engine32/SRPGStudio.h b/LunaHook/engine32/SRPGStudio.h new file mode 100644 index 0000000..5154554 --- /dev/null +++ b/LunaHook/engine32/SRPGStudio.h @@ -0,0 +1,11 @@ +#include"engine.h" + +class SRPGStudio:public ENGINE{ + public: + SRPGStudio(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"runtime.rts"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/SYSD.cpp b/LunaHook/engine32/SYSD.cpp new file mode 100644 index 0000000..362804a --- /dev/null +++ b/LunaHook/engine32/SYSD.cpp @@ -0,0 +1,42 @@ +#include"SYSD.h" + + +bool InsertSysdHook() { + + /* + * Sample games: + * https://vndb.org/v2069 + */ + const BYTE bytes[] = { + 0xC1, 0xE9, 0x02, // shr ecx,02 <- hook here + 0xF3, 0xA5, // repe movsd + 0x8B, 0xCA, // mov ecx,edx + 0x83, 0xE1, 0x03, // and ecx,03 + 0xF3, 0xA4, // repe movsb + 0x5F, // pop edi + 0xB8, 0x01, 0x00, 0x00, 0x00 // mov eax,00000001 + }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + ConsoleOutput("Sysd: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::esi); + hp.index = 0; + hp.padding = 0x12; + hp.split = get_stack(2); + hp.split_index = 0; + hp.type = USING_STRING | NO_CONTEXT | USING_SPLIT; + hp.filter_fun = NewLineCharFilterA; + ConsoleOutput("INSERT Sysd"); + return NewHook(hp, "Sysd"); +} + +bool SYSD::attach_function() { + return InsertSysdHook(); +} \ No newline at end of file diff --git a/LunaHook/engine32/SYSD.h b/LunaHook/engine32/SYSD.h new file mode 100644 index 0000000..faca19e --- /dev/null +++ b/LunaHook/engine32/SYSD.h @@ -0,0 +1,12 @@ +#include"engine.h" + +class SYSD:public ENGINE{ + public: + SYSD(){ + + check_by=CHECK_BY::FILE_ALL; + check_by_target=check_by_list{L"*.dpk",L"SYSD.INI"}; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Sakuradog.cpp b/LunaHook/engine32/Sakuradog.cpp new file mode 100644 index 0000000..a02a203 --- /dev/null +++ b/LunaHook/engine32/Sakuradog.cpp @@ -0,0 +1,26 @@ +#include"Sakuradog.h" + + +bool Sakuradog::attach_function() { + //綾瀬家のオンナ~淫華の血脈~ + + auto entry=Util::FindImportEntry(processStartAddress,(DWORD)GetGlyphOutlineA); + if(entry==0)return false; + BYTE bytes2[]={ + 0x57, + 0x50, + 0x6a,0x06, + 0x56, + 0x53, + 0xff,0x15,XX4 + }; + memcpy(bytes2+sizeof(bytes2)-4,&entry,4); + auto addr = MemDbg::findBytes(bytes2, sizeof(bytes2), processStartAddress, processStopAddress); + if (addr == 0)return false; + HookParam hp; + hp.address = addr+6; + hp.offset=get_reg(regs::esi); + hp.split=0xe4; + hp.type = CODEC_ANSI_BE|USING_SPLIT|NO_CONTEXT ; + return NewHook(hp, "Sakuradog"); +} \ No newline at end of file diff --git a/LunaHook/engine32/Sakuradog.h b/LunaHook/engine32/Sakuradog.h new file mode 100644 index 0000000..9ed2e3c --- /dev/null +++ b/LunaHook/engine32/Sakuradog.h @@ -0,0 +1,12 @@ +#include"engine.h" + +class Sakuradog:public ENGINE{ + public: + Sakuradog(){ + + check_by=CHECK_BY::FILE_ALL; + check_by_target=check_by_list{L"SE.dat",L"GRP.dat",L"SNR.dat",L"VOICE.dat",L"BGM.dat",L"DATA.dat",L"ADV.inf",L"ADV.exe"}; + is_engine_certain=false; + }; + bool attach_function(); +}; diff --git a/LunaHook/engine32/ScrPlayer.cpp b/LunaHook/engine32/ScrPlayer.cpp new file mode 100644 index 0000000..8105191 --- /dev/null +++ b/LunaHook/engine32/ScrPlayer.cpp @@ -0,0 +1,30 @@ +#include"ScrPlayer.h" + +bool ScrPlayer::attach_function() { + auto func=MemDbg::findCallerAddress((ULONG)GetGlyphOutlineA,0x90909090,processStartAddress,processStopAddress); + if(func==0)return false; + func+=4; + BYTE check[]={ + 0x83,0xf8,0x20, + 0x74,XX, + 0x3d,0x40,0x81,0x00,0x00, + 0x74,XX + }; + auto addr=MemDbg::findBytes(check,sizeof(check),processStartAddress,processStopAddress); + if(addr==0)return false; + addr=MemDbg::findEnclosingAlignedFunction(addr); + if(addr==0)return false; + if(addr!=func)return false; + HookParam hp; + hp.address=func; + hp.offset=get_stack(5); + //会把多行分开导致翻译不对。 + hp.type=USING_STRING;//|EMBED_ABLE|EMBED_BEFORE_SIMPLE|EMBED_AFTER_NEW|EMBED_DYNA_SJIS; + //hp.hook_font=F_GetGlyphOutlineA; + hp.filter_fun=[](LPVOID data, size_t* size, HookParam*) { + static int idx=0; + idx+=1;//这个函数总是连续被调用两次,一个绘制上层文字,一个绘制阴影。 + return bool(idx%2); + }; + return NewHook(hp,"ScrPlayer"); +} \ No newline at end of file diff --git a/LunaHook/engine32/ScrPlayer.h b/LunaHook/engine32/ScrPlayer.h new file mode 100644 index 0000000..750197a --- /dev/null +++ b/LunaHook/engine32/ScrPlayer.h @@ -0,0 +1,11 @@ +#include"engine.h" + +class ScrPlayer:public ENGINE{ + public: + ScrPlayer(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"ScrPlayer.exe"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/ShinaRio.cpp b/LunaHook/engine32/ShinaRio.cpp new file mode 100644 index 0000000..f73fd98 --- /dev/null +++ b/LunaHook/engine32/ShinaRio.cpp @@ -0,0 +1,950 @@ +#include"ShinaRio.h" +#include"embed_util.h" +#include + template + bool StackSearchingTrigger(LPVOID funcAddr, DWORD, DWORD stack) + { + bool ret = false; + if (funcAddr != funcA && funcAddr != funcW) return false; + for (int i = 0; i < depth; ++i) + { + // Address of text is somewhere on stack in call to func. Search for it. + DWORD addr = *((DWORD*)stack + i); + //ConsoleOutput(std::to_string((DWORD)*addr).c_str()); + if (IthGetMemoryRange((void*)addr, nullptr, nullptr)) + { + if (strlen((char*)addr) > 9) + { + HookParam hp; + hp.type = DIRECT_READ; + if (funcAddr == funcW) hp.type |= CODEC_UTF16; + hp.address = addr; + ConsoleOutput("triggered: adding dynamic reader"); + ret|=NewHook(hp, "READ"); + } + }; + } + return ret; + } + + +/******************************************************************************************** +ShinaRio hook: + Game folder contains rio.ini. + Problem of default hook GetTextExtentPoint32A is that the text repeat one time. + But KF just can't resolve the issue. ShinaRio engine always perform integrity check. + So it's very difficult to insert a hook into the game module. Freaka suggests to refine + the default hook by adding split parameter on the stack. So far there is 2 different + version of ShinaRio engine that needs different split parameter. Seems this value is + fixed to the last stack frame. We just navigate to the entry. There should be a + sub esp,* instruction. This value plus 4 is just the offset we need. + + New ShinaRio engine (>=2.48) uses different approach. +********************************************************************************************/ +namespace { // unnamed +// jichi 3/1/2015: hook for new ShinaRio games + +char text_buffer_prev[0x1000]; +void SpecialHookShina2(hook_stack* stack, HookParam *, uintptr_t *data, uintptr_t *split, size_t*len) +{ + DWORD ptr = stack->esi ; // jichi: esi + *split = ptr; // [esi] + char* str = *(char**)(ptr+0x160); + strcpy(text_buffer, str); + int skip = 0; + for (str = text_buffer; *str; str++) + if (str[0] == 0x5f) { // jichi 7/10/2015: Skip _r (new line) + if (str[1] == 0x72) // jichi 7/10/2015: Skip _t until / + str[0] = str[1]=1; + else if (str[1] == 0x74) { + while (str[0] != 0x2f) + *str++ = 1; + *str=1; + } + } + + for (str = text_buffer; str[skip];) + if (str[skip] == 1) + skip++; + else { + str[0]=str[skip]; + str++; + } + + str[0] = 0; + if (strcmp(text_buffer, text_buffer_prev) == 0) + *len=0; + else { + for (skip = 0; text_buffer[skip]; skip++) + text_buffer_prev[skip] = text_buffer[skip]; + text_buffer_prev[skip] = 0; + *data = (DWORD)text_buffer_prev; + *len = skip; + } +} + +// jichi 3/1/2015: hook for old ShinaRio games +// Used to merge correct text thread. +// 1. Only keep threads with 0 and -1 split +// 2. Skip the thread withb 0 split and with minimum return address +//void SpecialHookShina1(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) +//{ +// static DWORD min_retaddr = -1; +// DWORD s = *(DWORD *)(esp_base + hp->split); +// if (s == 0 || (s & 0xffff) == 0xffff) { // only keep threads with 0 and -1 split +// if (s == 0 && retof(esp_base) <= min_retaddr) { +// min_retaddr = retof(esp_base); +// return; +// } +// *split = FIXED_SPLIT_VALUE; +// // Follow the same logic as the hook. +// *data = *(DWORD *)*data; // DATA_INDIRECT +// *len = LeadByteTable[*data & 0xff]; +// } +//} + +// jichi 8/27/2013 +// Return ShinaRio version number +// The head of Rio.ini usually looks like: +// [椎名里�v2.49] +// This function will return 49 in the above case. +// +// Games from アトリエさく�do not have Rio.ini, but $procname.ini. +int GetShinaRioVersion() +{ + int ret = 0; + HANDLE hFile = CreateFileW(L"RIO.INI", FILE_READ_DATA, FILE_SHARE_READ, nullptr, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, nullptr); + if (hFile == INVALID_HANDLE_VALUE) { + size_t len = ::wcslen(processName); + if (len > 3) { + wchar_t fname[MAX_PATH]; + ::wcscpy(fname, processName); + fname[len -1] = 'i'; + fname[len -2] = 'n'; + fname[len -3] = 'i'; + hFile = CreateFileW(fname, FILE_READ_DATA, FILE_SHARE_READ, nullptr, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, nullptr); + } + } + + if (hFile != INVALID_HANDLE_VALUE) { + //char *buffer,*version;//,*ptr; + enum { BufferSize = 0x40 }; + char buffer[BufferSize]{}; + DWORD DUMMY; + ReadFile(hFile, buffer, BufferSize, &DUMMY, nullptr); + CloseHandle(hFile); + //if (buffer[0] == '[') { + buffer[0x3f] = 0; // jichi 8/24/2013: prevent strstr from overflow + if (char *version = ::strstr(buffer, "v2.")) + ::sscanf(version + 3, "%d", &ret); // +3 to skip "v2." + //} + } + return ret; +} + +bool IsSJIS(char* text) +{ + for (int i = 0; i < 3; ++i) if (!IsDBCSLeadByte(text[i * 2])) return false; + return true; +} + +} // unnamed namespace + +// jichi 8/24/2013: Rewrite ShinaRio logic. +// Test games: ���×S�� (PK), version ShinaRio 2.47 +bool InsertShinaHook(int ver ) +{ + + if (ver >= 50) { + //trigger_fun = StackSearchingTrigger; + trigger_fun = [](LPVOID funcAddr, uintptr_t, uintptr_t stack) + { + bool ret = false; + if (funcAddr != GetGlyphOutlineA && funcAddr != GetTextExtentPoint32A) return false; + for (int i = 0; i < 100; ++i) + { + // Address of text is somewhere on stack in call to func. Search for it. + DWORD addr = *((DWORD*)stack + i); + //ConsoleOutput(std::to_string((DWORD)*addr).c_str()); + if (IthGetMemoryRange((void*)addr, nullptr, nullptr) && strlen((char*)addr) > 9) + { + if (IsSJIS((char*)addr) || strstr((char*)addr, "_r")) + { + HookParam hp; + hp.type = DIRECT_READ; + hp.address = addr; + hp.filter_fun=[](LPVOID data, size_t *size, HookParam *) + { + StringFilter(reinterpret_cast(data), reinterpret_cast(size), "_r",2); + + static std::regex rx("_t!.*?[/>]"); + auto _=std::regex_replace(std::string((char*)data,*size), rx, ""); + strcpy((char*)data,_.c_str());*size=_.size(); + return true; + }; + ConsoleOutput("triggered: adding dynamic reader"); + ret|=NewHook(hp, "ShinaRio READ"); + } + }; + } + return ret; + }; + ConsoleOutput("ShinaRio 2.50+: adding trigger"); + } + //被embedshinario取代 + /* + if (ver >= 48) { // v2.48, v2.49 + HookParam hp; + hp.address = (DWORD)::GetTextExtentPoint32A; + hp.text_fun = SpecialHookShina2; + hp.type = USING_STRING; + ConsoleOutput("INSERT ShinaRio > 2.47"); + NewHook(hp, "ShinaRio"); + //RegisterEngineType(ENGINE_SHINA); + return true; + + } else if (ver > 40) { // <= v2.47. Older games like あやかしびと does not require hcode + // jichi 3/13/2015: GetGlyphOutlineA is not hooked, which might produce correct text + // BOOL GetTextExtentPoint32(HDC hdc, LPCTSTR lpString, int c, LPSIZE lpSize); + enum stack { // current stack + arg0_retaddr = 0 // pseudo arg + , arg1_hdc = 4 * 1 + , arg2_lpString = 4 * 2 + , arg3_c = 4 * 3 + , arg4_lpSize = 4 * 4 + }; + + HookParam hp; + hp.address = (DWORD)::GetTextExtentPoint32A; + hp.offset = arg2_lpString; // 0x8 + hp.length_offset = 1; + hp.type = DATA_INDIRECT|USING_SPLIT; + + enum { sub_esp = 0xec81 }; // jichi: caller pattern: sub esp = 0x81,0xec + if (DWORD s = Util::FindCallAndEntryBoth((DWORD)GetTextExtentPoint32A, processStopAddress - processStartAddress, processStartAddress, sub_esp)) { + ConsoleOutput("INSERT ShinaRio <= 2.47 dynamic split"); + hp.split = *(DWORD *)(s + 2) + 4; + //RegisterEngineType(ENGINE_SHINA); + NewHook(hp, "ShinaRio"); + + } else { + // jichi 3/13/2015: GetTextExtentPoint32A is not statically invoked in ���×S�� (PK) + // See: http://sakuradite.com/topic/671 + // See: http://www.hongfire.com/forum/showthread.php/36807-AGTH-text-extraction-tool-for-games-translation/page347 + // + // [Guilty+]Rin x Sen �Hakudaku Onna Kyoushi to Yaroudomo /HB8*0:44@0:GDI32.dll:GetTextExtentPoint32A /Ftext@4339A2:0;choices@4339A2:ffffff + // + // addr: 0 , text_fun: 0x0 , function: 135408591 , hook_len: 0 , ind: 0 , length_of + // fset: 1 , module: 1409538707 , off: 8 , recover_len: 0 , split: 68 , split_ind: + // 0 , type: 216 + // + // Message speed needs to be set to something slower then fastest(instant) or text wont show up in agth. + // Last edited by Freaka; 09-29-2009 at 11:48 AM. + + // Issues: + // 1. The text speed must NOT to be set to the fastest. + // 2. There might be a wrong text thread that is almost correct, except that its first character is chopped. + // Otherwise, the first character will be split in another thread + ConsoleOutput("INSERT ShinaRio <= 2.47 static split"); + hp.split = 0x44; + //hp.type |= FIXING_SPLIT|NO_CONTEXT; // merge all threads + //hp.text_fun = SpecialHookShina1; + NewHook(hp, "ShinaRio2"); // jichi: mark as ShinaRio2 so that VNR is able to warn user about the text speed issue + } + return true; + } + ConsoleOutput("ShinaRio: unknown version"); + + */ + return false; +} + + + + + +namespace { // unnamed + + +namespace ScenarioHook { +namespace Private { + + bool isSkippedText(LPCSTR text) + { + return 0 == ::strcmp(text, "\x82\x6c\x82\x72\x20\x83\x53\x83\x56\x83\x62\x83\x4e"); // "MS ゴシック" + } + + class HookArgument + { + DWORD split_; + // offset_[0x57]; // [esi]+0x160 + //LPSTR text_; // current text address + + template + static strT nextText(strT t) + { + t += ::strlen(t); + return (t[6] && !t[5] && !t[4] && !t[3] && !t[2] && !t[1]) ? t + 6 : nullptr; // 6 continuous zeros + } + + //Engine::TextRole textRole() const + //{ + // static ULONG minSplit_ = UINT_MAX; + // minSplit_ = qMin(minSplit_, split_); + // return split_ == minSplit_ ? Engine::ScenarioRole : + // split_ == minSplit_ + 1 ? Engine::NameRole : + // Engine::OtherRole; + //} + + public: + static bool isTextList(LPCSTR text) { return nextText(text); } + + //LPSTR textAddress() const { return text_; } + + /** + * @param text + * @param paddingSpace prepend space to make the first character having two bytes + */ + void dispatchText(LPSTR text, bool paddingSpace,void* data, size_t* len,uintptr_t*role) + { + enum { NameCapacity = 0x20 }; // including ending '\0' + static std::string data_; + + if (0 == ::strcmp(text, data_.c_str())) + return; + if (isSkippedText(text)) + return; + + //LPSIZE lpSize = (LPSIZE)s->stack[4]; // arg4 of GetTextExtentPoint32A + //int area = lpSize->cx * lpSize->cy; + //auto role = lpSize->cx || !lpSize->cy || area > 150 ? Engine::ScenarioRole : Engine::NameRole; + //auto role = textRole(); + // * role = Engine::ScenarioRole; + // if (::strlen(text) < NameCapacity + // && text[NameCapacity - 1] == 0 && text[NameCapacity]) + // *role = Engine::NameRole; + + std::string oldData = text; + strcpy((char*)data,oldData.c_str()); + *len=oldData.size(); + + + } + void dispatchText2(LPSTR text, bool paddingSpace,std::string newData) + { + enum { NameCapacity = 0x20 }; // including ending '\0' + static std::string data_; + + if (0 == ::strcmp(text, data_.c_str())) + return; + if (isSkippedText(text)) + return; + + //LPSIZE lpSize = (LPSIZE)s->stack[4]; // arg4 of GetTextExtentPoint32A + //int area = lpSize->cx * lpSize->cy; + //auto role = lpSize->cx || !lpSize->cy || area > 150 ? Engine::ScenarioRole : Engine::NameRole; + //auto role = textRole(); + auto role = Engine::ScenarioRole; + if (::strlen(text) < NameCapacity + && text[NameCapacity - 1] == 0 && text[NameCapacity]) + role = Engine::NameRole; + + std::string oldData = text; + // auto newData=oldData+"XX"; + if (newData == oldData) + return; + if (paddingSpace && !newData.empty() && (signed char)newData[0] > 0) // prepend space for thin char + newData.insert(0, " "); + // .prepend(' '); + data_ = newData; + + if (role == Engine::NameRole && newData.size() >= NameCapacity) { + data_ = newData.substr(0,NameCapacity - 1); + ::strncpy(text, newData.c_str(), NameCapacity); + text[NameCapacity] = 0; + } else { + ::strcpy(text, newData.c_str()); + if (oldData.size() > newData.size()) + ::memset(text + newData.size(), 0, oldData.size() - newData.size()); + } + } + + void dispatchTextList2(LPSTR text, bool paddingSpace,std::string newData1){ + + enum { role = Engine::OtherRole }; + std::vectorsave; + auto newdata=strSplit(newData1,"|"); + + for (auto p = text; p; p = nextText(p)) { + save.push_back(p); + } + if(save.size()!=newdata.size())return ; + int i=0; + for (auto p = text; p; p = nextText(p)) { + std::string oldData = p; + auto newData=newdata[i];i++; + if (newData != oldData) { + if (newData.size() > oldData.size()) + newData = newData.substr(0,oldData.size()); + else + while (newData.size() < oldData.size()) + newData.push_back(' '); + ::memcpy(p, newData.c_str(), oldData.size()); + } + } + } + void dispatchTextList(LPSTR text, bool paddingSpace,void* data, size_t* len,uintptr_t*role) + { + static std::unordered_set hashes_; + // enum { role = Engine::OtherRole }; + std::string save; + for (auto p = text; p; p = nextText(p)) { + std::string oldData = p; + save+=("|"+oldData); + + + } + strcpy((char*)data,save.c_str()); + *len=save.size(); + } + + //void dispatch(LPSTR text) + //{ + // if (nextText(text)) + // dispatchTextList(text); + // else + // dispatchText(text); + //} + }; + + /** + * + * BOOL GetTextExtentPoint32(HDC hdc, LPCTSTR lpString, int c, LPSIZE lpSize); + * + * Scenario: + * 0012F4EC 0043784C /CALL to GetTextExtentPoint32A from .00437846 + * 0012F4F0 9A010C64 |hDC = 9A010C64 + * 0012F4F4 004C0F30 |Text = "Y" + * 0012F4F8 00000001 |TextLen = 0x1 + * 0012F4FC 00504DA4 \pSize = .00504DA4 + * 0012F500 00503778 .00503778 + * 0012F504 00439EBE RETURN to .00439EBE from .00437790 + * 0012F508 00503778 .00503778 + * 0012F50C 00914CC0 .00914CC0 + * 0012F510 00000001 + * 0012F514 00503778 .00503778 + * 0012F518 0069EB80 .0069EB80 + * 0012F51C 00000000 + * 0012F520 00914CC0 .00914CC0 + * 0012F524 0600A0AE + * 0012F528 0012F53C ASCII "ps" + * 0012F52C 76DD23CB user32.ClientToScreen + * 0012F530 75D0BA46 kernel32.Sleep + * + * pSize: + * 00504DA4 0C 00 00 00 18 00 00 00 18 00 00 00 15 00 00 00 ............. + * 00504DB4 03 00 00 00 00 00 00 00 00 00 00 00 0C 00 00 00 ............... + * 00504DC4 1B 00 00 00 90 01 00 00 00 00 00 00 60 00 00 00 ...・......`... + * 00504DD4 60 00 00 00 00 FF A5 02 00 00 00 36 80 00 00 00 `....・...6€... + * 00504DE4 01 00 00 00 00 00 00 00 00 00 00 00 0D 00 00 00 ............... + * 00504DF4 00 00 00 00 00 00 00 00 00 00 00 00 64 00 00 00 ............d... + * 00504E04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00504E14 82 6C 82 72 20 83 53 83 56 83 62 83 4E 00 00 00 MS ゴシック... + * 00504E24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * + * Name: + * 0012F4EC 0043784C /CALL to GetTextExtentPoint32A from .00437846 + * 0012F4F0 9A010C64 |hDC = 9A010C64 + * 0012F4F4 004C0F30 |Text = "Y" + * 0012F4F8 00000001 |TextLen = 0x1 + * 0012F4FC 00506410 \pSize = .00506410 + * 0012F500 00504DE4 .00504DE4 + * 0012F504 00439EBE RETURN to .00439EBE from .00437790 + * 0012F508 00504DE4 .00504DE4 + * 0012F50C 00914CC0 .00914CC0 + * 0012F510 00000001 + * 0012F514 00504DE4 .00504DE4 + * 0012F518 006A1868 .006A1868 + * 0012F51C 00000000 + * 0012F520 00914CC0 .00914CC0 + * + * pSize: + * 00506410 07 00 00 00 0D 00 00 00 0D 00 00 00 0B 00 00 00 ........... ... + * 00506420 02 00 00 00 00 00 00 00 00 00 00 00 07 00 00 00 .............. + * 00506430 0F 00 00 00 90 01 00 00 00 00 00 00 60 00 00 00 ...・......`... + * 00506440 60 00 00 00 00 FF A5 02 00 00 00 36 80 00 00 00 `....・...6€... + * 00506450 02 00 00 00 00 00 00 00 00 00 00 00 18 00 00 00 .............. + * 00506460 00 00 00 00 00 00 00 00 00 00 00 00 64 00 00 00 ............d... + * 00506470 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00506480 82 6C 82 72 20 83 53 83 56 83 62 83 4E 00 00 00 MS ゴシック... + * 00506490 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * + * Values of esi: + * + * Name: + * 00504DE4 01 00 00 00 B6 0C 0A 76 02 00 00 00 0D 00 00 00 ...カ..v....... + * 00504DF4 00 00 00 00 00 00 00 00 00 00 00 00 64 00 00 00 ............d... + * 00504E04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00504E14 82 6C 82 72 20 83 53 83 56 83 62 83 4E 00 00 00 MS ゴシック... + * 00504E24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00504E34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00504E44 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00504E54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00504E64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00504E74 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * ... + * 00504F44 7C 78 FF 05 3E 00 00 00 3E 00 00 00 02 00 00 00 |x>...>...... + * 00504F54 3E 00 00 00 02 00 00 00 06 00 00 00 00 00 00 00 >............. + * 00504F64 0C 00 00 00 00 00 00 00 01 00 00 00 31 D9 D3 00 ...........1ルモ. + * 00504F74 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 ............... + * + * 00504DE4 01 00 00 00 35 06 0A 89 02 00 00 00 0D 00 00 00 ...5.・....... + * 00504DF4 00 00 00 00 00 00 00 00 00 00 00 00 64 00 00 00 ............d... + * 00504E04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00504E14 82 6C 82 72 20 83 53 83 56 83 62 83 4E 00 00 00 MS ゴシック... + * 00504E24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00504E34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00504E44 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00504E54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00504E64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00504E74 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00504E84 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00504E94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00504EA4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00504EB4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00504EC4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00504ED4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00504EE4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00504EF4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00504F04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00504F14 FF FF FF FF 01 00 00 00 00 01 00 00 00 01 00 00 ......... + * 00504F24 00 01 00 00 FF FF FF 00 00 00 00 00 00 00 00 00 ............ + * 00504F34 01 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 ............ + * 00504F44 7C 78 0C 06 3E 00 00 00 3E 00 00 00 02 00 00 00 |x.>...>...... + * 00504F54 3E 00 00 00 02 00 00 00 06 00 00 00 00 00 00 00 >............. + * 00504F64 0C 00 00 00 00 00 00 00 01 00 00 00 C3 46 04 01 ...........テF + * 00504F74 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 ............... + * 00504F84 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ............... + * 00504F94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * + * Scenario: + * 00503778 00 00 00 00 99 12 0A 24 02 00 00 00 18 00 00 00 ....・.$...... + * 00503788 00 00 00 00 00 00 00 00 00 00 00 00 64 00 00 00 ............d... + * 00503798 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 005037A8 82 6C 82 72 20 83 53 83 56 83 62 83 4E 00 00 00 MS ゴシック... + * 005037B8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * ... + * 005038D8 7C 70 0C 06 24 01 00 00 24 01 00 00 17 00 00 00 |p.$..$..... + * 005038E8 24 01 00 00 17 00 00 00 0C 00 00 00 2A 00 00 00 $.........*... + * 005038F8 18 00 00 00 00 00 00 00 01 00 00 00 6D C6 05 01 ..........mニ + * 00503908 00 00 00 00 00 00 00 00 00 00 00 00 18 04 00 00 .............. + * 00503918 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00503928 0D 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00503938 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00503948 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * + * 00503778 00 00 00 00 40 12 0A 9A 02 00 00 00 18 00 00 00 ....@.・...... + * 00503788 00 00 00 00 00 00 00 00 00 00 00 00 64 00 00 00 ............d... + * 00503798 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 005037A8 82 6C 82 72 20 83 53 83 56 83 62 83 4E 00 00 00 MS ゴシック... + * 005037B8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 005037C8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 005037D8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 005037E8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 005037F8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00503808 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00503818 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00503828 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00503838 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00503848 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00503858 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00503868 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00503878 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00503888 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00503898 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 005038A8 FF FF FF FF 01 00 00 00 00 01 00 00 00 01 00 00 ......... + * 005038B8 00 01 00 00 FF FF FF 00 00 00 00 00 00 00 00 00 ............ + * 005038C8 01 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 ............ + * 005038D8 7C 70 0C 06 E4 01 00 00 E4 01 00 00 2C 00 00 00 |p.・..・..,... + * 005038E8 E4 01 00 00 2C 00 00 00 0C 00 00 00 2A 00 00 00 ・..,.......*... + * 005038F8 18 00 00 00 00 00 00 00 01 00 00 00 5A F5 11 01 ..........Z・ + * 00503908 00 00 00 00 00 00 00 00 00 00 00 00 18 04 00 00 .............. + * 00503918 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * + * Sample game: あやかしびと (2.34) + * Scenario, value of ebp: + * 0012FD68 B1 69 3F 77 38 51 42 00 29 42 01 73 38 00 00 00 アi?w8QB.)Bs8... + * 0012FD78 BF 01 00 00 F4 7E 4F 00 02 00 00 00 29 42 01 73 ソ..O....)Bs + * 0012FD88 40 00 00 00 40 00 00 00 40 00 00 00 2C E1 71 00 @...@...@...,痃. + * 0012FD98 00 00 00 00 00 00 00 00 38 E1 71 00 38 00 8A 01 ........8痃.8.・ + * 0012FDA8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 0012FDB8 01 00 00 00 EE BA 92 05 F4 24 72 00 85 E9 40 00 ...鋓・・r.・@. ; jichi: text in 0x0592BAEE + * 0012FDC8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 0012FDD8 C6 08 42 00 02 00 00 00 01 00 00 00 00 00 00 00 ニB........... + * 0012FDE8 00 00 00 00 88 FF 12 00 00 F0 FD 7F 01 00 00 00 ....・..・... + * 0012FDF8 29 42 01 73 39 F8 B2 90 44 12 0D 64 40 12 0D 64 )Bs9織.d@.d + * 0012FE08 00 00 00 00 78 FF 12 00 00 00 00 00 00 00 00 00 ....x......... + * 0012FE18 00 00 00 00 FC FD 12 00 0D 6B E5 75 78 FF 12 00 ....・..k蛄x. + * 0012FE28 00 00 00 00 E8 3B 29 00 00 00 00 00 01 07 8F 00 ....・).....・ + * 0012FE38 6C FE 12 00 18 67 13 77 F1 31 B1 90 00 00 00 00 l.gw・ア・... + * 0012FE48 E8 3B 29 00 00 00 00 00 00 00 00 00 40 FE 12 00 ・).........@. + * 0012FE58 68 FE 12 00 F1 2F 13 77 FC 2F 13 77 E8 3B 29 00 h.・w・w・). + * 0012FE68 7C FE 12 00 25 47 0B 64 00 00 00 00 00 00 00 00 |.%G d........ + * 0012FE78 CC 3C 29 00 8C FE 12 00 B2 3D 0B 64 CC 3C 29 00 フ<).・.イ= dフ<). + * 0012FE88 E8 3B 29 00 AC FE 12 00 20 5B 0B 64 E8 3B 29 00 ・).ャ. [ d・). + * 0012FE98 00 00 00 00 00 00 00 00 A0 51 50 00 08 80 49 00 ........QP.€I. + * 0012FEA8 00 08 02 00 F8 FE 12 00 9B 28 40 00 EC 3B 29 00 ..・.・@.・). + * 0012FEB8 61 2B 1D 6F A0 D5 CF 11 BF C7 44 45 53 54 00 00 a+oユマソヌDEST.. + * 0012FEC8 01 67 40 00 68 07 8F 00 00 00 40 00 00 00 00 00 g@.h・..@..... + * 0012FED8 00 00 00 00 00 F0 FD 7F 8B 22 35 72 28 00 00 00 .....・・5r(... + * 0012FEE8 EF 7E E7 71 28 00 00 00 33 C4 B1 8D 00 01 00 00 ・輌(...3トア・.. + * + * Name: + * 0635C4D0 96 B3 90 FC 00 00 00 00 00 00 00 00 00 00 00 00 無線............ + * 0635C4E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 0635C4F0 96 B3 90 FC 00 00 00 00 00 00 00 00 00 00 00 00 無線............ + * 0635C500 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 0635C510 CF 03 07 00 12 70 76 00 12 70 6E 00 12 6E 00 12 マ.pv.pn.n. + * 0635C520 70 6D 00 12 6D 6E 00 12 66 70 00 12 63 00 80 02 pm.mn.fp.c.€ + * 0635C530 06 00 12 70 76 00 12 70 6E 00 12 6E 00 12 70 6D .pv.pn.n.pm + * 0635C540 00 12 6D 6E 00 12 66 70 00 16 03 04 0A 00 00 00 .mn.fp..... + */ + int hookStackIndex_; // hook argument index on the stack + int textOffset_; // distance of the text from the hook argument + bool backtrackText_; // whether backtrack to find text address + void hookafter(hook_stack*s,void* data1, size_t len){ + + std::string newData=std::string((char*)data1,len); + + DWORD argaddr; + if(hookStackIndex_==1) + argaddr = s->esi; + else if(hookStackIndex_==2) + argaddr=s->ebp; + else return ; + auto arg = (HookArgument *)argaddr; + if(Engine::isAddressReadable((argaddr + textOffset_))==false){ + return; + } + LPSTR textAddress = (LPSTR)*(DWORD *)(argaddr + textOffset_), + charAddress = (LPSTR)s->stack[2]; // arg2 of GetTextExtentPoint32A is the current character's address + //charAddress = LPSTR(s->ebp + 0x60c); + if (Engine::isAddressWritable(textAddress)) { + LPSTR text = textAddress; + if (backtrackText_) { + for (int i = 0; i < 1500 && *--text; i++); + if (*text) + return ; + text++; + } + if (!*text) + return ; + if (arg->isTextList(text)) { + if (backtrackText_) // old shinario games have re-translate problems + return ; + return; + arg->dispatchTextList2(text,backtrackText_,newData); + } else + arg->dispatchText2(text, backtrackText_,newData); + if (backtrackText_ && Engine::isAddressWritable(charAddress)) { + if (textAddress - text == 2) { // for wide character + if ((signed char)textAddress[-2] < 0) { + charAddress[0] = textAddress[-2]; + charAddress[1] = textAddress[-1]; + } else { + charAddress[0] = textAddress[-1]; + charAddress[1] = 0; + } + } else if (textAddress - text == 1) { // for thin character + charAddress[0] = textAddress[-1]; + charAddress[1] = 0; + } + } + } + } + bool hookBefore(hook_stack*s,void* data, size_t* len,uintptr_t*role) + { + DWORD argaddr; + if(hookStackIndex_==1) + argaddr = s->esi; + else if(hookStackIndex_==2) + argaddr=s->ebp; + else return false; + *role=argaddr; + auto arg = (HookArgument *)argaddr; + if(Engine::isAddressReadable((argaddr + textOffset_))==false){ + auto _=(LPSTR)s->stack[2]; + strcpy((char*)data,_); + *len=strlen(_); + return true; + } + LPSTR textAddress = (LPSTR)*(DWORD *)(argaddr + textOffset_), + charAddress = (LPSTR)s->stack[2]; // arg2 of GetTextExtentPoint32A is the current character's address + //charAddress = LPSTR(s->ebp + 0x60c); + if (Engine::isAddressWritable(textAddress)) { + LPSTR text = textAddress; + if (backtrackText_) { + for (int i = 0; i < 1500 && *--text; i++); + if (*text) + return false; + text++; + } + if (!*text) + return false; + + if (arg->isTextList(text)) { + if (backtrackText_) // old shinario games have re-translate problems + return true; + arg->dispatchTextList(text,backtrackText_,data,len,role); + } else + arg->dispatchText(text, backtrackText_,data,len,role); + return true; + if (backtrackText_ && Engine::isAddressWritable(charAddress)) { + if (textAddress - text == 2) { // for wide character + if ((signed char)textAddress[-2] < 0) { + charAddress[0] = textAddress[-2]; + charAddress[1] = textAddress[-1]; + } else { + charAddress[0] = textAddress[-1]; + charAddress[1] = 0; + } + } else if (textAddress - text == 1) { // for thin character + charAddress[0] = textAddress[-1]; + charAddress[1] = 0; + } + } + } + return false; + } + +} // namespace Private + +/** + * Sample game: 幻創のイデア (RIO 2.49) + * Text painted by GetGlyphOutlineA. + * Debugged by attaching to GetTextExtentPoint32A. + * There is only one GetTextExtentPoint32A in the game, where only 'Y' (0x59) is calculated. + * Text is in a large memory region that can be modified. + * + * When the text contains new line (_r), the same text will be invoked twice. + * Need to avoid immediate duplicate. + * + * Sample game: Vestige 体験版 (RIO 2.47) + * Text accessed character by character + * + * Scenario caller of get GetTextExtentPoint32A + * 0043372D 05 00010000 ADD EAX,0x100 + * 00433732 66:8B1445 045548>MOV DX,WORD PTR DS:[EAX*2+0x485504] + * 0043373A EB 2D JMP SHORT .00433769 + * 0043373C 33C9 XOR ECX,ECX + * 0043373E 8B8D 60010000 MOV ECX,DWORD PTR SS:[EBP+0x160] + * 00433744 8A09 MOV CL,BYTE PTR DS:[ECX] + * 00433746 80F9 20 CMP CL,0x20 + * 00433749 74 2E JE SHORT .00433779 + * 0043374B 8B85 C0050000 MOV EAX,DWORD PTR SS:[EBP+0x5C0] + * 00433751 81E1 FF000000 AND ECX,0xFF + * 00433757 85C0 TEST EAX,EAX + * 00433759 74 06 JE SHORT .00433761 + * 0043375B 81C1 00010000 ADD ECX,0x100 + * 00433761 66:8B144D 045548>MOV DX,WORD PTR DS:[ECX*2+0x485504] + * 00433769 B8 02000000 MOV EAX,0x2 + * 0043376E 66:8995 0C060000 MOV WORD PTR SS:[EBP+0x60C],DX + * 00433775 894424 58 MOV DWORD PTR SS:[ESP+0x58],EAX + * 00433779 8B4C24 1C MOV ECX,DWORD PTR SS:[ESP+0x1C] + * 0043377D 898D 60010000 MOV DWORD PTR SS:[EBP+0x160],ECX + * 00433783 8B8D 78010000 MOV ECX,DWORD PTR SS:[EBP+0x178] + * 00433789 83F9 FF CMP ECX,-0x1 + * 0043378C 8BB5 68010000 MOV ESI,DWORD PTR SS:[EBP+0x168] + * 00433792 75 3E JNZ SHORT .004337D2 + * 00433794 85DB TEST EBX,EBX + * 00433796 74 3A JE SHORT .004337D2 + * 00433798 8B85 10160000 MOV EAX,DWORD PTR SS:[EBP+0x1610] + * 0043379E 85C0 TEST EAX,EAX + * 004337A0 74 12 JE SHORT .004337B4 + * 004337A2 8B95 14160000 MOV EDX,DWORD PTR SS:[EBP+0x1614] + * 004337A8 894424 2C MOV DWORD PTR SS:[ESP+0x2C],EAX + * 004337AC 895424 30 MOV DWORD PTR SS:[ESP+0x30],EDX + * 004337B0 03F0 ADD ESI,EAX + * 004337B2 EB 36 JMP SHORT .004337EA + * 004337B4 8B4C24 58 MOV ECX,DWORD PTR SS:[ESP+0x58] + * 004337B8 8D4424 2C LEA EAX,DWORD PTR SS:[ESP+0x2C] + * 004337BC 50 PUSH EAX + * 004337BD 51 PUSH ECX + * 004337BE 8D85 0C060000 LEA EAX,DWORD PTR SS:[EBP+0x60C] + * 004337C4 50 PUSH EAX + * 004337C5 53 PUSH EBX + * 004337C6 FF15 A0B04700 CALL DWORD PTR DS:[0x47B0A0] ; gdi32.GetTextExtentPoint32A + * 004337CC 037424 2C ADD ESI,DWORD PTR SS:[ESP+0x2C] + * 004337D0 EB 18 JMP SHORT .004337EA + * 004337D2 83F8 02 CMP EAX,0x2 + * 004337D5 75 06 JNZ SHORT .004337DD + * 004337D7 8B8D 80010000 MOV ECX,DWORD PTR SS:[EBP+0x180] + * 004337DD 8B95 84010000 MOV EDX,DWORD PTR SS:[EBP+0x184] + * 004337E3 0FAFD0 IMUL EDX,EAX + * 004337E6 03F1 ADD ESI,ECX + * 004337E8 03F2 ADD ESI,EDX + * 004337EA 3BB5 9C010000 CMP ESI,DWORD PTR SS:[EBP+0x19C] + * 004337F0 72 68 JB SHORT .0043385A + * 004337F2 8D85 0C060000 LEA EAX,DWORD PTR SS:[EBP+0x60C] + * 004337F8 50 PUSH EAX + * 004337F9 8D85 B8020000 LEA EAX,DWORD PTR SS:[EBP+0x2B8] + * 004337FF 50 PUSH EAX + * 00433800 E8 6D230100 CALL .00445B72 + * 00433805 83C4 08 ADD ESP,0x8 + * 00433808 85C0 TEST EAX,EAX + * 0043380A 74 4E JE SHORT .0043385A + * 0043380C 8B8D 68010000 MOV ECX,DWORD PTR SS:[EBP+0x168] + * 00433812 8B95 6C010000 MOV EDX,DWORD PTR SS:[EBP+0x16C] + * 00433818 8B85 64010000 MOV EAX,DWORD PTR SS:[EBP+0x164] + * 0043381E 8985 68010000 MOV DWORD PTR SS:[EBP+0x168],EAX + * 00433824 8995 74010000 MOV DWORD PTR SS:[EBP+0x174],EDX + * 0043382A 8B95 6C010000 MOV EDX,DWORD PTR SS:[EBP+0x16C] + * 00433830 898D 70010000 MOV DWORD PTR SS:[EBP+0x170],ECX + * 00433836 8B8D 7C010000 MOV ECX,DWORD PTR SS:[EBP+0x17C] + * 0043383C 03D1 ADD EDX,ECX + * 0043383E 8995 6C010000 MOV DWORD PTR SS:[EBP+0x16C],EDX + * 00433844 8B95 A8010000 MOV EDX,DWORD PTR SS:[EBP+0x1A8] + * 0043384A 0195 68010000 ADD DWORD PTR SS:[EBP+0x168],EDX + * 00433850 C785 A4010000 01>MOV DWORD PTR SS:[EBP+0x1A4],0x1 + * 0043385A 8B85 B4010000 MOV EAX,DWORD PTR SS:[EBP+0x1B4] + * 00433860 85C0 TEST EAX,EAX + * 00433862 0F85 F6000000 JNZ .0043395E + * 00433868 8B85 68010000 MOV EAX,DWORD PTR SS:[EBP+0x168] + * 0043386E 3B85 64010000 CMP EAX,DWORD PTR SS:[EBP+0x164] + * 00433874 74 0E JE SHORT .00433884 + * 00433876 8B85 AC010000 MOV EAX,DWORD PTR SS:[EBP+0x1AC] + * 0043387C 85C0 TEST EAX,EAX + * 0043387E 0F84 E4000000 JE .00433968 + * 00433884 8B85 A4010000 MOV EAX,DWORD PTR SS:[EBP+0x1A4] + * 0043388A 85C0 TEST EAX,EAX + * 0043388C 0F84 D6000000 JE .00433968 + * 00433892 8BB5 60010000 MOV ESI,DWORD PTR SS:[EBP+0x160] + * 00433898 8A06 MOV AL,BYTE PTR DS:[ESI] + * 0043389A 3C 81 CMP AL,0x81 + * 0043389C 72 13 JB SHORT .004338B1 + * 0043389E 3C 9F CMP AL,0x9F + * 004338A0 76 08 JBE SHORT .004338AA + * 004338A2 3C E0 CMP AL,0xE0 + * 004338A4 72 0B JB SHORT .004338B1 + * 004338A6 3C FC CMP AL,0xFC + * 004338A8 77 07 JA SHORT .004338B1 + * 004338AA B8 01000000 MOV EAX,0x1 + * 004338AF EB 02 JMP SHORT .004338B3 + * 004338B1 33C0 XOR EAX,EAX + * 004338B3 8D48 01 LEA ECX,DWORD PTR DS:[EAX+0x1] + * 004338B6 8BD1 MOV EDX,ECX + * 004338B8 C1E9 02 SHR ECX,0x2 + * 004338BB C74424 18 000000>MOV DWORD PTR SS:[ESP+0x18],0x0 + * 004338C3 8D7C24 18 LEA EDI,DWORD PTR SS:[ESP+0x18] + * 004338C7 F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS> + * 004338C9 8BCA MOV ECX,EDX + * 004338CB 83E1 03 AND ECX,0x3 + * 004338CE 8D85 0C060000 LEA EAX,DWORD PTR SS:[EBP+0x60C] + * 004338D4 F3:A4 REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[> + * 004338D6 50 PUSH EAX + * 004338D7 8DB5 B8030000 LEA ESI,DWORD PTR SS:[EBP+0x3B8] + * 004338DD 56 PUSH ESI + * 004338DE E8 8F220100 CALL .00445B72 + * 004338E3 83C4 08 ADD ESP,0x8 + * 004338E6 85C0 TEST EAX,EAX + * 004338E8 74 2C JE SHORT .00433916 + * 004338EA 8D4424 18 LEA EAX,DWORD PTR SS:[ESP+0x18] + * 004338EE 50 PUSH EAX + * 004338EF 56 PUSH ESI + * 004338F0 E8 7D220100 CALL .00445B72 + * 004338F5 83C4 08 ADD ESP,0x8 + * 004338F8 85C0 TEST EAX,EAX + * 004338FA 75 34 JNZ SHORT .00433930 + * 004338FC 8D4C24 18 LEA ECX,DWORD PTR SS:[ESP+0x18] + * 00433900 51 PUSH ECX + * 00433901 8D95 B8010000 LEA EDX,DWORD PTR SS:[EBP+0x1B8] + * 00433907 52 PUSH EDX + * 00433908 E8 65220100 CALL .00445B72 + * 0043390D 83C4 08 ADD ESP,0x8 + * 00433910 85C0 TEST EAX,EAX + * 00433912 75 3E JNZ SHORT .00433952 + * 00433914 EB 1A JMP SHORT .00433930 + * 00433916 8D85 0C060000 LEA EAX,DWORD PTR SS:[EBP+0x60C] + * 0043391C 50 PUSH EAX + * 0043391D 8D95 B8010000 LEA EDX,DWORD PTR SS:[EBP+0x1B8] + * 00433923 52 PUSH EDX + * 00433924 E8 49220100 CALL .00445B72 + * 00433929 83C4 08 ADD ESP,0x8 + * 0043392C 85C0 TEST EAX,EAX + * 0043392E 74 22 JE SHORT .00433952 + * 00433930 8B85 70010000 MOV EAX,DWORD PTR SS:[EBP+0x170] + * 00433936 8B8D 74010000 MOV ECX,DWORD PTR SS:[EBP+0x174] + * 0043393C 8985 68010000 MOV DWORD PTR SS:[EBP+0x168],EAX + * 00433942 898D 6C010000 MOV DWORD PTR SS:[EBP+0x16C],ECX + * 00433948 C785 B4010000 01>MOV DWORD PTR SS:[EBP+0x1B4],0x1 + * 00433952 C785 AC010000 00>MOV DWORD PTR SS:[EBP+0x1AC],0x0 + * 0043395C EB 0A JMP SHORT .00433968 + * 0043395E C785 B4010000 00>MOV DWORD PTR SS:[EBP+0x1B4],0x0 + * 00433968 85DB TEST EBX,EBX + * 0043396A 0F84 1A070000 JE .0043408A + * 00433970 8B85 10160000 MOV EAX,DWORD PTR SS:[EBP+0x1610] + * 00433976 85C0 TEST EAX,EAX + * 00433978 74 10 JE SHORT .0043398A + * 0043397A 8B95 14160000 MOV EDX,DWORD PTR SS:[EBP+0x1614] + * 00433980 894424 2C MOV DWORD PTR SS:[ESP+0x2C],EAX + * 00433984 895424 30 MOV DWORD PTR SS:[ESP+0x30],EDX + * 00433988 EB 18 JMP SHORT .004339A2 + * 0043398A 8B4C24 58 MOV ECX,DWORD PTR SS:[ESP+0x58] + * 0043398E 8D4424 2C LEA EAX,DWORD PTR SS:[ESP+0x2C] + * 00433992 50 PUSH EAX + * 00433993 51 PUSH ECX + * 00433994 8D85 0C060000 LEA EAX,DWORD PTR SS:[EBP+0x60C] ; jichi: This is the individual character + * 0043399A 50 PUSH EAX + * 0043399B 53 PUSH EBX + * 0043399C FF15 A0B04700 CALL DWORD PTR DS:[0x47B0A0] ; gdi32.GetTextExtentPoint32A ; jichi: called here + * 004339A2 8B85 68010000 MOV EAX,DWORD PTR SS:[EBP+0x168] + * 004339A8 8B5424 2C MOV EDX,DWORD PTR SS:[ESP+0x2C] + * 004339AC 8B8D 6C010000 MOV ECX,DWORD PTR SS:[EBP+0x16C] + * 004339B2 8D3410 LEA ESI,DWORD PTR DS:[EAX+EDX] + * 004339B5 8B5424 30 MOV EDX,DWORD PTR SS:[ESP+0x30] + * 004339B9 8BF9 MOV EDI,ECX + * 004339BB 03CA ADD ECX,EDX + */ +bool attach(int ver) +{ + //if (ver < 247) // currently only >= 2.48 is supported + // return false; + + if (ver >= 248) { + Private::hookStackIndex_ =1;// winhook_stack_indexof(esi); + Private::backtrackText_ = false; + } else { // <= 247 + Private::hookStackIndex_ =2;// winhook_stack_indexof(ebp); + Private::backtrackText_ = true; + } + + if (ver >= 240) + Private::textOffset_ = 0x160; + else + Private::textOffset_ = 0x54; // Sample game: あやかしびと (2.34) + HookParam hp; + hp.address=(ULONG)::GetTextExtentPoint32A; + hp.hook_before=Private::hookBefore; + hp.hook_after=Private::hookafter; + hp.type=EMBED_ABLE|EMBED_DYNA_SJIS; + hp.newlineseperator=L"_r"; + hp.hook_font=F_GetGlyphOutlineA; + hp.filter_fun=[](void* data, size_t* len, HookParam* hp){ + + static std::regex rx("_t!.*?[/>]"); + auto _=std::regex_replace(std::string((char*)data,*len), rx, ""); + strcpy((char*)data,_.c_str());*len=_.size();return true; + }; + return NewHook(hp,"EmbedShario"); +} + +} // namespace ScenarioHook +} // unnamed namespace + +bool ShinaRio::attach_function(){ + int ver = GetShinaRioVersion(); + auto _h=InsertShinaHook(ver); + auto e=ScenarioHook::attach(ver+200); + return _h||e; + +} \ No newline at end of file diff --git a/LunaHook/engine32/ShinaRio.h b/LunaHook/engine32/ShinaRio.h new file mode 100644 index 0000000..95a5b0c --- /dev/null +++ b/LunaHook/engine32/ShinaRio.h @@ -0,0 +1,21 @@ +#include"engine.h" + +class ShinaRio:public ENGINE{ + public: + ShinaRio(){ + + check_by=CHECK_BY::FILE_ANY; + check_by_target=check_by_list{L"RIO.INI",L"*.war"}; + is_engine_certain=false; + //DWORD len = wcslen(str); + + // jichi 8/24/2013: Checking for Rio.ini or $procname.ini + //wcscpy(str+len-4, L"_?.war"); + //if (Util::CheckFile(str)) { + // InsertShinaHook(); + // return true; + //} + }; + bool attach_function(); +}; + \ No newline at end of file diff --git a/LunaHook/engine32/ShinyDaysGame.cpp b/LunaHook/engine32/ShinyDaysGame.cpp new file mode 100644 index 0000000..7ec8fa1 --- /dev/null +++ b/LunaHook/engine32/ShinyDaysGame.cpp @@ -0,0 +1,60 @@ +#include"ShinyDaysGame.h" +#include"util/textunion.h" + + +/** Game-specific engines */ + +//static char* ShinyDaysQueueString[0x10]; +//static int ShinyDaysQueueStringLen[0x10]; +//static int ShinyDaysQueueIndex, ShinyDaysQueueNext; +static void SpecialGameHookShinyDays(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) +{ + static int ShinyDaysQueueStringLen; + LPWSTR fun_str,text_str; + DWORD l = 0; + auto esp_base=stack->base; + fun_str=(LPWSTR)stack->stack[0x13]; + auto esi=stack->stack[0x1C]+0x3C; + auto edi=stack->stack[0x1D]; + if(esi<=edi){ + auto tu=(TextUnionW*)esi; + text_str=(LPWSTR)tu->getText(); + l=tu->size*2; + } + if (::memcmp(fun_str, L"[PlayVoice]",0x18) == 0) { + *data = (DWORD)text_buffer; + *len = ShinyDaysQueueStringLen; + } + else if (::memcmp(fun_str, L"[PrintText]",0x18) == 0) { + memcpy(text_buffer, text_str, l); + ShinyDaysQueueStringLen = l; + } +} +bool InsertShinyDaysGameHook() +{ + const BYTE bytes[] = { + 0xff,0x83,0x70,0x03,0x00,0x00,0x33,0xf6, + 0xc6,0x84,0x24,0x90,0x02,0x00,0x00,0x02 + }; + auto addr=MemDbg::findBytes(bytes, sizeof(bytes),processStartAddress,processStopAddress); + if(addr==0)return false; + + HookParam hp; + hp.address = addr + 0x8; + hp.text_fun = SpecialGameHookShinyDays; + hp.type = CODEC_UTF16 | USING_STRING | NO_CONTEXT; + hp.filter_fun=[](LPVOID data, size_t *size, HookParam *){ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + StringCharReplacer(text,len,L"\\n",2,L'\n'); + return true; + }; + ConsoleOutput("INSERT ShinyDays"); + return NewHook(hp, "ShinyDays"); + +} + +bool ShinyDaysGame::attach_function() { + + return InsertShinyDaysGameHook(); +} \ No newline at end of file diff --git a/LunaHook/engine32/ShinyDaysGame.h b/LunaHook/engine32/ShinyDaysGame.h new file mode 100644 index 0000000..2136e49 --- /dev/null +++ b/LunaHook/engine32/ShinyDaysGame.h @@ -0,0 +1,14 @@ +#include"engine.h" + +class ShinyDaysGame:public ENGINE{ + public: + ShinyDaysGame(){ + + check_by=CHECK_BY::CUSTOM; + check_by_target=[](){ + return (wcsstr(processName_lower, L"shinydays") || !wcsncmp(processName_lower, L"shinyd~", 7) || Util::CheckFile(L"ShinyDays.exe")); + + }; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/SideB.cpp b/LunaHook/engine32/SideB.cpp new file mode 100644 index 0000000..a8be1c0 --- /dev/null +++ b/LunaHook/engine32/SideB.cpp @@ -0,0 +1,145 @@ +#include"SideB.h" + +/** jichi 8/2/2014 side-B + * Sample games: + * - [side-B] メルトピア -- /HS-4@B4452:Martopia.exe + * + * Observations: + * + * /HS-4@B4452:Martopia.exe + * - addr: 738386 = 0xb4452 + * - module: 3040177000 + * - off: 4294967288 = 0xfffffff8 = -0x8 + * - type: 65 = 0x41 + * + * Sample stack structure: + * - 0016F558 00EB74E9 RETURN to Martopia.00EB74E9 + * - 0016F55C 0060EE30 ; jichi: this is the text + * - 0016F560 0016F5C8 + * - 0016F564 082CAA98 + * - 0016F568 00EBE735 RETURN to Martopia.00EBE735 from Martopia.00EB74C0 + * + * 00f6440e cc int3 + * 00f6440f cc int3 + * 00f64410 55 push ebp ; jichi: hook here, text in arg1 ([EncodeSystemPointer(+4]) + * 00f64411 8bec mov ebp,esp + * 00f64413 6a ff push -0x1 + * 00f64415 68 c025fb00 push martopia.00fb25c0 + * 00f6441a 64:a1 00000000 mov eax,dword ptr fs:[0] + * 00f64420 50 push eax + * 00f64421 83ec 3c sub esp,0x3c + * 00f64424 a1 c8620101 mov eax,dword ptr ds:[0x10162c8] + * 00f64429 33c5 xor eax,ebp + * 00f6442b 8945 f0 mov dword ptr ss:[ebp-0x10],eax + * 00f6442e 53 push ebx + * 00f6442f 56 push esi + * 00f64430 57 push edi + * 00f64431 50 push eax + * 00f64432 8d45 f4 lea eax,dword ptr ss:[ebp-0xc] + * 00f64435 64:a3 00000000 mov dword ptr fs:[0],eax + * 00f6443b 8bf9 mov edi,ecx + * 00f6443d 8b4d 08 mov ecx,dword ptr ss:[ebp+0x8] + * 00f64440 33db xor ebx,ebx + * 00f64442 3bcb cmp ecx,ebx + * 00f64444 74 40 je short martopia.00f64486 + * 00f64446 8bc1 mov eax,ecx + * 00f64448 c745 e8 0f000000 mov dword ptr ss:[ebp-0x18],0xf + * 00f6444f 895d e4 mov dword ptr ss:[ebp-0x1c],ebx + * 00f64452 885d d4 mov byte ptr ss:[ebp-0x2c],bl ; jichi: or hook here, get text in eax + * 00f64455 8d70 01 lea esi,dword ptr ds:[eax+0x1] + * 00f64458 8a10 mov dl,byte ptr ds:[eax] + * 00f6445a 40 inc eax + * 00f6445b 3ad3 cmp dl,bl + * 00f6445d ^75 f9 jnz short martopia.00f64458 + * 00f6445f 2bc6 sub eax,esi + * 00f64461 50 push eax + * 00f64462 51 push ecx + * 00f64463 8d4d d4 lea ecx,dword ptr ss:[ebp-0x2c] + * 00f64466 e8 f543f5ff call martopia.00eb8860 + * 00f6446b 8d45 d4 lea eax,dword ptr ss:[ebp-0x2c] + * 00f6446e 50 push eax + * 00f6446f 8d4f 3c lea ecx,dword ptr ds:[edi+0x3c] + * 00f64472 895d fc mov dword ptr ss:[ebp-0x4],ebx + * 00f64475 e8 16d7f8ff call martopia.00ef1b90 + * 00f6447a 837d e8 10 cmp dword ptr ss:[ebp-0x18],0x10 + * 00f6447e 72 47 jb short martopia.00f644c7 + * 00f64480 8b4d d4 mov ecx,dword ptr ss:[ebp-0x2c] + * 00f64483 51 push ecx + * 00f64484 eb 38 jmp short martopia.00f644be + * 00f64486 53 push ebx + * 00f64487 68 a11efd00 push martopia.00fd1ea1 + * 00f6448c 8d4d b8 lea ecx,dword ptr ss:[ebp-0x48] + * 00f6448f c745 cc 0f000000 mov dword ptr ss:[ebp-0x34],0xf + * 00f64496 895d c8 mov dword ptr ss:[ebp-0x38],ebx + * 00f64499 885d b8 mov byte ptr ss:[ebp-0x48],bl + * 00f6449c e8 bf43f5ff call martopia.00eb8860 + * 00f644a1 8d55 b8 lea edx,dword ptr ss:[ebp-0x48] + * 00f644a4 52 push edx + * 00f644a5 8d4f 3c lea ecx,dword ptr ds:[edi+0x3c] + * 00f644a8 c745 fc 01000000 mov dword ptr ss:[ebp-0x4],0x1 + * 00f644af e8 dcd6f8ff call martopia.00ef1b90 + * 00f644b4 837d cc 10 cmp dword ptr ss:[ebp-0x34],0x10 + * 00f644b8 72 0d jb short martopia.00f644c7 + * 00f644ba 8b45 b8 mov eax,dword ptr ss:[ebp-0x48] + * 00f644bd 50 push eax + * 00f644be ff15 f891fc00 call dword ptr ds:[<&msvcr100.??3@yaxpax>; msvcr100.??3@yaxpax@z + * 00f644c4 83c4 04 add esp,0x4 + * 00f644c7 8b4d f4 mov ecx,dword ptr ss:[ebp-0xc] + * 00f644ca 64:890d 00000000 mov dword ptr fs:[0],ecx + * 00f644d1 59 pop ecx + * 00f644d2 5f pop edi + * 00f644d3 5e pop esi + * 00f644d4 5b pop ebx + * 00f644d5 8b4d f0 mov ecx,dword ptr ss:[ebp-0x10] + * 00f644d8 33cd xor ecx,ebp + * 00f644da e8 77510400 call martopia.00fa9656 + * 00f644df 8be5 mov esp,ebp + * 00f644e1 5d pop ebp + * 00f644e2 c2 0400 retn 0x4 + * 00f644e5 cc int3 + * 00f644e6 cc int3 + */ +bool InsertSideBHook() +{ + const BYTE bytes[] = { + 0x64,0xa3, 0x00,0x00,0x00,0x00, // 00f64435 64:a3 00000000 mov dword ptr fs:[0],eax + 0x8b,0xf9, // 00f6443b 8bf9 mov edi,ecx + 0x8b,0x4d, 0x08, // 00f6443d 8b4d 08 mov ecx,dword ptr ss:[ebp+0x8] + 0x33,0xdb, // 00f64440 33db xor ebx,ebx + 0x3b,0xcb, // 00f64442 3bcb cmp ecx,ebx + 0x74, 0x40, // 00f64444 74 40 je short martopia.00f64486 + 0x8b,0xc1, // 00f64446 8bc1 mov eax,ecx + 0xc7,0x45, 0xe8, 0x0f,0x00,0x00,0x00, // 00f64448 c745 e8 0f000000 mov dword ptr ss:[ebp-0x18],0xf + 0x89,0x5d, 0xe4, // 00f6444f 895d e4 mov dword ptr ss:[ebp-0x1c],ebx + 0x88,0x5d, 0xd4 // 00f64452 885d d4 mov byte ptr ss:[ebp-0x2c],bl + }; + enum { addr_offset = 0x00f64410 - 0x00f64435 }; // distance to the beginning of the function + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + //GROWL_DWORD(addr); // supposed to be 0x4010e0 + if (!addr) { + ConsoleOutput("SideB: pattern not found"); + return false; + } + addr += addr_offset; + enum : BYTE { push_ebp = 0x55 }; // 011d4c80 /$ 55 push ebp + if (*(BYTE *)addr != push_ebp) { + ConsoleOutput("SideB: pattern found but the function offset is invalid"); + return false; + } + //GROWL_DWORD(addr); + + HookParam hp; + hp.address = addr; + //hp.length_offset = 1; + hp.offset=get_stack(1); // [esp+4] == arg1 + hp.type = USING_STRING|NO_CONTEXT|USING_SPLIT; // NO_CONTEXT && RELATIVE_SPLIT to get rid of floating return address + hp.split = 0; // use retaddr as split + ConsoleOutput("INSERT SideB"); + return NewHook(hp, "SideB"); +} + +bool SideB::attach_function() { + + return InsertSideBHook(); +} \ No newline at end of file diff --git a/LunaHook/engine32/SideB.h b/LunaHook/engine32/SideB.h new file mode 100644 index 0000000..669effc --- /dev/null +++ b/LunaHook/engine32/SideB.h @@ -0,0 +1,13 @@ +#include"engine.h" + +class SideB:public ENGINE{ + public: + SideB(){ + + check_by=CHECK_BY::RESOURCE_STR; + check_by_target=L"side-B"; + // // 8/2/2014 jichi: Copyright is side-B, a conf.dat will be generated after the game is launched + // It also contains lua5.1.dll and lua5.dll + }; + bool attach_function(); +}; diff --git a/LunaHook/engine32/Siglus.cpp b/LunaHook/engine32/Siglus.cpp new file mode 100644 index 0000000..ae0d2b8 --- /dev/null +++ b/LunaHook/engine32/Siglus.cpp @@ -0,0 +1,1865 @@ +#include"Siglus.h" +#include"util/textunion.h" +#include"embed_util.h" +namespace { // unnamed + +/** + * jichi 8/17/2013: SiglusEngine from siglusengine.exe + * The old hook does not work for new games. + * The new hook cannot recognize character names. + * Insert old first. As the pattern could also be found in the old engine. + */ + +/** jichi 10/25/2014: new SiglusEngine3 that can extract character name + * + * Sample game: リア兂�ラスメイト孕ませ催� -- /HW-4@F67DC:SiglusEngine.exe + * The character is in [edx+ecx*2]. Text in edx, and offset in ecx. + * + * 002667be cc int3 + * 002667bf cc int3 + * 002667c0 55 push ebp ; jichi: hook here + * 002667c1 8bec mov ebp,esp + * 002667c3 8bd1 mov edx,ecx + * 002667c5 8b4d 0c mov ecx,dword ptr ss:[ebp+0xc] + * 002667c8 83f9 01 cmp ecx,0x1 + * 002667cb 75 17 jnz short .002667e4 + * 002667cd 837a 14 08 cmp dword ptr ds:[edx+0x14],0x8 + * 002667d1 72 02 jb short .002667d5 + * 002667d3 8b12 mov edx,dword ptr ds:[edx] + * 002667d5 8b4d 08 mov ecx,dword ptr ss:[ebp+0x8] + * 002667d8 66:8b45 10 mov ax,word ptr ss:[ebp+0x10] + * 002667dc 66:89044a mov word ptr ds:[edx+ecx*2],ax ; jichi: wchar_t is in ax + * 002667e0 5d pop ebp + * 002667e1 c2 0c00 retn 0xc + * 002667e4 837a 14 08 cmp dword ptr ds:[edx+0x14],0x8 + * 002667e8 72 02 jb short .002667ec + * 002667ea 8b12 mov edx,dword ptr ds:[edx] + * 002667ec 8b45 08 mov eax,dword ptr ss:[ebp+0x8] + * 002667ef 57 push edi + * 002667f0 8d3c42 lea edi,dword ptr ds:[edx+eax*2] + * 002667f3 85c9 test ecx,ecx + * 002667f5 74 16 je short .0026680d + * 002667f7 8b45 10 mov eax,dword ptr ss:[ebp+0x10] + * 002667fa 0fb7d0 movzx edx,ax + * 002667fd 8bc2 mov eax,edx + * 002667ff c1e2 10 shl edx,0x10 + * 00266802 0bc2 or eax,edx + * 00266804 d1e9 shr ecx,1 + * 00266806 f3:ab rep stos dword ptr es:[edi] + * 00266808 13c9 adc ecx,ecx + * 0026680a 66:f3:ab rep stos word ptr es:[edi] + * 0026680d 5f pop edi + * 0026680e 5d pop ebp + * 0026680f c2 0c00 retn 0xc + * 00266812 cc int3 + * 00266813 cc int3 + * + * Stack when enter function call: + * 04cee270 00266870 return to .00266870 from .002667c0 + * 04cee274 00000002 jichi: arg1, ecx + * 04cee278 00000001 jichi: arg2, always 1 + * 04cee27c 000050ac jichi: arg3, wchar_t + * 04cee280 04cee4fc jichi: text address + * 04cee284 0ead055c arg5 + * 04cee288 0ead0568 arg6, last text when arg6 = arg5 = 2 + * 04cee28c /04cee2c0 + * 04cee290 |00266969 return to .00266969 from .00266820 + * 04cee294 |00000001 + * 04cee298 |000050ac + * 04cee29c |e1466fb2 + * 04cee2a0 |072f45f0 + * + * Target address (edx) is at [[ecx]] when enter function. + */ + +// jichi: 8/17/2013: Change return type to bool +bool InsertSiglus3Hook() +{ + const BYTE bytes[] = { + 0x8b,0x12, // 002667d3 8b12 mov edx,dword ptr ds:[edx] + 0x8b,0x4d, 0x08, // 002667d5 8b4d 08 mov ecx,dword ptr ss:[ebp+0x8] + 0x66,0x8b,0x45, 0x10, // 002667d8 66:8b45 10 mov ax,word ptr ss:[ebp+0x10] + 0x66,0x89,0x04,0x4a // 002667dc 66:89044a mov word ptr ds:[edx+ecx*2],ax ; jichi: wchar_t in ax + // 002667e0 5d pop ebp + // 002667e1 c2 0c00 retn 0xc + }; + enum { addr_offset = sizeof(bytes) - 4 }; + ULONG range = max(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + //ConsoleOutput("Unknown SiglusEngine"); + ConsoleOutput("Siglus3: pattern not found"); + return false; + } + + //addr = MemDbg::findEnclosingAlignedFunction(addr, 50); // 0x002667dc - 0x002667c0 = 28 + //if (!addr) { + // ConsoleOutput("Siglus3: enclosing function not found"); + // return false; + //} + + HookParam hp; + hp.address = addr + addr_offset; + hp.offset=get_reg(regs::eax); + hp.type = CODEC_UTF16; + //hp.text_fun = SpecialHookSiglus3; + + ConsoleOutput("INSERT Siglus3"); + return NewHook(hp, "SiglusEngine3"); +} + +/** SiglusEngine4 5/23/2015 + * Sample game: AngleBeats trial + * Alternative ATcode from EGDB: + * UNIKOFILTER(30),FORCEFONT(5),HOOK(SiglusEngine.exe!0x0018CF39,TRANS(EAX,UNICODE,SMSTR,ADDNULL),RETNPOS(SOURCE)) + * Text address is [eax] + * + * 0042CEFD CC INT3 + * 0042CEFE CC INT3 + * 0042CEFF CC INT3 + * 0042CF00 55 PUSH EBP + * 0042CF01 8BEC MOV EBP,ESP + * 0042CF03 51 PUSH ECX + * 0042CF04 A1 005E8A00 MOV EAX,DWORD PTR DS:[0x8A5E00] + * 0042CF09 53 PUSH EBX + * 0042CF0A 56 PUSH ESI + * 0042CF0B 57 PUSH EDI + * 0042CF0C 8B40 10 MOV EAX,DWORD PTR DS:[EAX+0x10] + * 0042CF0F 8BF9 MOV EDI,ECX + * 0042CF11 33C9 XOR ECX,ECX + * 0042CF13 C745 FC 00000000 MOV DWORD PTR SS:[EBP-0x4],0x0 + * 0042CF1A 6A FF PUSH -0x1 + * 0042CF1C 51 PUSH ECX + * 0042CF1D 83E8 18 SUB EAX,0x18 + * 0042CF20 C747 14 07000000 MOV DWORD PTR DS:[EDI+0x14],0x7 + * 0042CF27 C747 10 00000000 MOV DWORD PTR DS:[EDI+0x10],0x0 + * 0042CF2E 66:890F MOV WORD PTR DS:[EDI],CX + * 0042CF31 8BCF MOV ECX,EDI + * 0042CF33 50 PUSH EAX + * 0042CF34 E8 E725F6FF CALL .0038F520 + * 0042CF39 8B1D 005E8A00 MOV EBX,DWORD PTR DS:[0x8A5E00] ; jichi: ATcode hooked here, text sometimes in eax sometimes address in eax, size in [eax+0x16] + * 0042CF3F 8B73 10 MOV ESI,DWORD PTR DS:[EBX+0x10] + * 0042CF42 837E FC 08 CMP DWORD PTR DS:[ESI-0x4],0x8 + * 0042CF46 72 0B JB SHORT .0042CF53 + * 0042CF48 FF76 E8 PUSH DWORD PTR DS:[ESI-0x18] + * 0042CF4B E8 EA131300 CALL .0055E33A + * 0042CF50 83C4 04 ADD ESP,0x4 + * 0042CF53 33C0 XOR EAX,EAX + * 0042CF55 C746 FC 07000000 MOV DWORD PTR DS:[ESI-0x4],0x7 + * 0042CF5C C746 F8 00000000 MOV DWORD PTR DS:[ESI-0x8],0x0 + * 0042CF63 66:8946 E8 MOV WORD PTR DS:[ESI-0x18],AX + * 0042CF67 8BC7 MOV EAX,EDI + * 0042CF69 8343 10 E8 ADD DWORD PTR DS:[EBX+0x10],-0x18 + * 0042CF6D 5F POP EDI + * 0042CF6E 5E POP ESI + * 0042CF6F 5B POP EBX + * 0042CF70 8BE5 MOV ESP,EBP + * 0042CF72 5D POP EBP + * 0042CF73 C3 RETN + * 0042CF74 CC INT3 + * 0042CF75 CC INT3 + * 0042CF76 CC INT3 + * 0042CF77 CC INT3 + */ +bool Siglus4Filter(LPVOID data, size_t *size, HookParam *) +{ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + // Remove "NNLI" + //if (*len > 2 && ::all_ascii(text)) + // return false; + //if (*len == 2 && *text == L'N') + // return false; + StringFilter(text, len, L"NLI", 3); + // Replace 『�(300e, 300f) with 「�(300c,300d) + //CharReplacer(text, len, 0x300e, 0x300c); + //CharReplacer(text, len, 0x300f, 0x300d); + return true; +} +void SpecialHookSiglus4(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) +{ + //static uint64_t lastTextHash_; + DWORD eax = stack->eax; // text + if (!eax || !*(const BYTE *)eax) // empty data + return; + DWORD size = *(DWORD *)(eax + 0x10); + if (!size) + return; + if (size < 8) + *data = eax; + else + *data = *(DWORD *)eax; + + // Skip all ascii characters + if (all_ascii((LPCWSTR)*data)) + return; + + // Avoid duplication + //LPCWSTR text = (LPCWSTR)*data; + //auto hash = hashstr(text); + //if (hash == lastTextHash_) + // return; + //lastTextHash_ = hash; + + *len = size * 2; // UTF-16 + DWORD s0 = stack->retaddr; // use stack[0] as split + if (s0 <= 0xff) // scenario text + *split = FIXED_SPLIT_VALUE; + else if (::IsBadReadPtr((LPCVOID)s0, 4)) + *split = s0; + else { + *split = *(DWORD *)s0; // This value is runtime dependent + if (*split == 0x54) + *split = FIXED_SPLIT_VALUE * 2; + } + *split += stack->stack[1]; // plus stack[1] as split +} +bool InsertSiglus4Hook() +{ + const BYTE bytes[] = { + 0xc7,0x47, 0x14, 0x07,0x00,0x00,0x00, // 0042cf20 c747 14 07000000 mov dword ptr ds:[edi+0x14],0x7 + 0xc7,0x47, 0x10, 0x00,0x00,0x00,0x00, // 0042cf27 c747 10 00000000 mov dword ptr ds:[edi+0x10],0x0 + 0x66,0x89,0x0f, // 0042cf2e 66:890f mov word ptr ds:[edi],cx + 0x8b,0xcf, // 0042cf31 8bcf mov ecx,edi + 0x50, // 0042cf33 50 push eax + 0xe8 //XX4 // 0042cf34 e8 e725f6ff call .0038f520 + // hook here + }; + enum { addr_offset = sizeof(bytes) + 4 }; // +4 for the call address + ULONG range = max(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + //ULONG addr = processStartAddress + 0x0018cf39; + if (!addr) { + //ConsoleOutput("Unknown SiglusEngine"); + ConsoleOutput("Siglus4: pattern not found"); + return false; + } + + //addr = MemDbg::findEnclosingAlignedFunction(addr, 50); // 0x002667dc - 0x002667c0 = 28 + //if (!addr) { + // ConsoleOutput("Siglus3: enclosing function not found"); + // return false; + //} + + HookParam hp; + hp.address = addr + addr_offset; + hp.type = NO_CONTEXT|CODEC_UTF16; + hp.text_fun = SpecialHookSiglus4; + hp.filter_fun = Siglus4Filter; + //hp.offset=get_reg(regs::eax); + //hp.type = CODEC_UTF16|DATA_INDIRECT|USING_SPLIT|NO_CONTEXT; + //hp.type = CODEC_UTF16|USING_SPLIT|NO_CONTEXT; + + ConsoleOutput("INSERT Siglus4"); + return NewHook(hp, "SiglusEngine4"); +} + +#if 0 // not all text can be extracted +/** jichi: 6/16/2015 Siglus4Engine for Frill games + * Sample game: 冺�少女 + * + * This function is found by tracking where the text length is modified + * + * Base address: 0x070000 + * + * 0020F51B CC INT3 + * 0020F51C CC INT3 + * 0020F51D CC INT3 + * 0020F51E CC INT3 + * 0020F51F CC INT3 + * 0020F520 55 PUSH EBP ; jichi: memory address in [arg1+0x4], text length in arg1 + * 0020F521 8BEC MOV EBP,ESP + * 0020F523 6A FF PUSH -0x1 + * 0020F525 68 889B5900 PUSH .00599B88 + * 0020F52A 64:A1 00000000 MOV EAX,DWORD PTR FS:[0] + * 0020F530 50 PUSH EAX + * 0020F531 83EC 1C SUB ESP,0x1C + * 0020F534 53 PUSH EBX + * 0020F535 56 PUSH ESI + * 0020F536 57 PUSH EDI + * 0020F537 A1 E0946500 MOV EAX,DWORD PTR DS:[0x6594E0] + * 0020F53C 33C5 XOR EAX,EBP + * 0020F53E 50 PUSH EAX + * 0020F53F 8D45 F4 LEA EAX,DWORD PTR SS:[EBP-0xC] + * 0020F542 64:A3 00000000 MOV DWORD PTR FS:[0],EAX + * 0020F548 8BD1 MOV EDX,ECX + * 0020F54A 8955 F0 MOV DWORD PTR SS:[EBP-0x10],EDX + * 0020F54D 8B45 0C MOV EAX,DWORD PTR SS:[EBP+0xC] + * 0020F550 8B5D 10 MOV EBX,DWORD PTR SS:[EBP+0x10] + * 0020F553 3BC3 CMP EAX,EBX + * 0020F555 0F8D DF000000 JGE .0020F63A + * 0020F55B 8B75 08 MOV ESI,DWORD PTR SS:[EBP+0x8] + * 0020F55E 8D0C40 LEA ECX,DWORD PTR DS:[EAX+EAX*2] + * 0020F561 C1E1 03 SHL ECX,0x3 + * 0020F564 2BD8 SUB EBX,EAX + * 0020F566 894D 0C MOV DWORD PTR SS:[EBP+0xC],ECX + * 0020F569 8DA424 00000000 LEA ESP,DWORD PTR SS:[ESP] + * 0020F570 8B82 A4000000 MOV EAX,DWORD PTR DS:[EDX+0xA4] + * 0020F576 03C1 ADD EAX,ECX + * 0020F578 C745 EC 07000000 MOV DWORD PTR SS:[EBP-0x14],0x7 + * 0020F57F 33C9 XOR ECX,ECX + * 0020F581 C745 E8 00000000 MOV DWORD PTR SS:[EBP-0x18],0x0 + * 0020F588 6A FF PUSH -0x1 + * 0020F58A 51 PUSH ECX + * 0020F58B 66:894D D8 MOV WORD PTR SS:[EBP-0x28],CX + * 0020F58F 8D4D D8 LEA ECX,DWORD PTR SS:[EBP-0x28] + * 0020F592 50 PUSH EAX + * 0020F593 E8 68EFF4FF CALL .0015E500 + * 0020F598 C745 FC 00000000 MOV DWORD PTR SS:[EBP-0x4],0x0 + * 0020F59F 8BCE MOV ECX,ESI + * 0020F5A1 8B46 0C MOV EAX,DWORD PTR DS:[ESI+0xC] + * 0020F5A4 8B7D E8 MOV EDI,DWORD PTR SS:[EBP-0x18] + * 0020F5A7 83C0 04 ADD EAX,0x4 + * 0020F5AA 50 PUSH EAX + * 0020F5AB E8 209DF5FF CALL .001692D0 + * 0020F5B0 8B0E MOV ECX,DWORD PTR DS:[ESI] + * 0020F5B2 8D55 D8 LEA EDX,DWORD PTR SS:[EBP-0x28] + * 0020F5B5 33C0 XOR EAX,EAX + * 0020F5B7 3B4E 04 CMP ECX,DWORD PTR DS:[ESI+0x4] + * 0020F5BA 0F44C8 CMOVE ECX,EAX + * 0020F5BD 8B46 0C MOV EAX,DWORD PTR DS:[ESI+0xC] + * 0020F5C0 893C01 MOV DWORD PTR DS:[ECX+EAX],EDI ; jichi: text length modified here + * 0020F5C3 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-0x18] + * 0020F5C6 8346 0C 04 ADD DWORD PTR DS:[ESI+0xC],0x4 + * 0020F5CA 8B4D D8 MOV ECX,DWORD PTR SS:[EBP-0x28] + * 0020F5CD 8D3C00 LEA EDI,DWORD PTR DS:[EAX+EAX] + * 0020F5D0 8B45 EC MOV EAX,DWORD PTR SS:[EBP-0x14] + * 0020F5D3 83F8 08 CMP EAX,0x8 + * 0020F5D6 0F43D1 CMOVNB EDX,ECX + * 0020F5D9 8955 10 MOV DWORD PTR SS:[EBP+0x10],EDX + * 0020F5DC 85FF TEST EDI,EDI + * 0020F5DE 7E 32 JLE SHORT .0020F612 + * 0020F5E0 8B46 0C MOV EAX,DWORD PTR DS:[ESI+0xC] + * 0020F5E3 8BCE MOV ECX,ESI + * 0020F5E5 03C7 ADD EAX,EDI + * 0020F5E7 50 PUSH EAX + * 0020F5E8 E8 E39CF5FF CALL .001692D0 + * 0020F5ED 8B0E MOV ECX,DWORD PTR DS:[ESI] + * 0020F5EF 33C0 XOR EAX,EAX + * 0020F5F1 3B4E 04 CMP ECX,DWORD PTR DS:[ESI+0x4] + * 0020F5F4 57 PUSH EDI + * 0020F5F5 FF75 10 PUSH DWORD PTR SS:[EBP+0x10] + * 0020F5F8 0F44C8 CMOVE ECX,EAX + * 0020F5FB 8B46 0C MOV EAX,DWORD PTR DS:[ESI+0xC] + * 0020F5FE 03C1 ADD EAX,ECX + * 0020F600 50 PUSH EAX + * 0020F601 E8 EA1B1200 CALL .003311F0 + * 0020F606 8B45 EC MOV EAX,DWORD PTR SS:[EBP-0x14] + * 0020F609 83C4 0C ADD ESP,0xC + * 0020F60C 017E 0C ADD DWORD PTR DS:[ESI+0xC],EDI + * 0020F60F 8B4D D8 MOV ECX,DWORD PTR SS:[EBP-0x28] + * 0020F612 C745 FC FFFFFFFF MOV DWORD PTR SS:[EBP-0x4],-0x1 + * 0020F619 83F8 08 CMP EAX,0x8 + * 0020F61C 72 09 JB SHORT .0020F627 + * 0020F61E 51 PUSH ECX + * 0020F61F E8 A6DC1100 CALL .0032D2CA + * 0020F624 83C4 04 ADD ESP,0x4 + * 0020F627 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+0xC] + * 0020F62A 8B55 F0 MOV EDX,DWORD PTR SS:[EBP-0x10] + * 0020F62D 83C1 18 ADD ECX,0x18 + * 0020F630 894D 0C MOV DWORD PTR SS:[EBP+0xC],ECX + * 0020F633 4B DEC EBX + * 0020F634 ^0F85 36FFFFFF JNZ .0020F570 + * 0020F63A 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-0xC] + * 0020F63D 64:890D 00000000 MOV DWORD PTR FS:[0],ECX + * 0020F644 59 POP ECX + * 0020F645 5F POP EDI + * 0020F646 5E POP ESI + * 0020F647 5B POP EBX + * 0020F648 8BE5 MOV ESP,EBP + * 0020F64A 5D POP EBP + * 0020F64B C2 0C00 RETN 0xC + * 0020F64E CC INT3 + * 0020F64F CC INT3 + */ +void SpecialHookSiglus4(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) +{ + static uint64_t lastTextHash_; + DWORD arg1 = argof(1, esp_base); // arg1 + DWORD addr = *(DWORD *)(arg1 + 4); + int size = *(DWORD *)addr; + if (size <= 0 || size > VNR_TEXT_CAPACITY) + return; + auto text = LPWSTR(addr + 4); + if (!text || ::IsBadWritePtr(text, size * 2) || !*text || ::wcslen(text) != size || lastTextHash_ == hashstr(text)) // || text[size+1], skip if text's size + 1 is not empty + return; + lastTextHash_ = hashstr(text); // skip last repetition + *len = size * 2; + *data = (DWORD)text; + *split = argof(3, esp_base); // arg3 +} +bool InsertSiglus4Hook() +{ + ULONG processStartAddress, processStopAddress; + if (!FillRange(processName,&startAddress, &stopAddress)) { // need accurate stopAddress + ConsoleOutput("Siglus4: failed to get memory range"); + return false; + } + const BYTE bytes[] = { + 0x8b,0x75, 0x08, // 0020f55b 8b75 08 mov esi,dword ptr ss:[ebp+0x8] + 0x8d,0x0c,0x40, // 0020f55e 8d0c40 lea ecx,dword ptr ds:[eax+eax*2] + 0xc1,0xe1, 0x03, // 0020f561 c1e1 03 shl ecx,0x3 + 0x2b,0xd8, // 0020f564 2bd8 sub ebx,eax + 0x89,0x4d, 0x0c // 0020f566 894d 0c mov dword ptr ss:[ebp+0xc],ecx + + // The following pattern is not unique, there are at least four matches + // // 0020f5b7 3b4e 04 cmp ecx,dword ptr ds:[esi+0x4] + // // 0020f5ba 0f44c8 cmove ecx,eax + //0x8b,0x46, 0x0c, // 0020f5bd 8b46 0c mov eax,dword ptr ds:[esi+0xc] + //0x89,0x3c,0x01, // 0020f5c0 893c01 mov dword ptr ds:[ecx+eax],edi ; jichi: text length modified here + //0x8b,0x45, 0xe8, // 0020f5c3 8b45 e8 mov eax,dword ptr ss:[ebp-0x18] + //0x83,0x46, 0x0c, 0x04, // 0020f5c6 8346 0c 04 add dword ptr ds:[esi+0xc],0x4 + //0x8b,0x4d, 0xd8, // 0020f5ca 8b4d d8 mov ecx,dword ptr ss:[ebp-0x28] + //0x8d,0x3c,0x00 // 0020f5cd 8d3c00 lea edi,dword ptr ds:[eax+eax] + // // 0020f5d0 8b45 ec mov eax,dword ptr ss:[ebp-0x14] + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!addr) { + //ConsoleOutput("Unknown SiglusEngine"); + ConsoleOutput("Siglus4: pattern not found"); + return false; + } + addr = MemDbg::findEnclosingAlignedFunction(addr, 0x100); // 0x0020f55b - 0x0020F520 = 59 + if (!addr) { + ConsoleOutput("Siglus4: enclosing function not found"); + return false; + } + + //addr += 0x0020f64b - 0x0020f520; // hook to ret instead + + HookParam hp; + hp.address = addr; + //hp.type = CODEC_UTF16; + hp.type = NO_CONTEXT; + hp.text_fun = SpecialHookSiglus4; + hp.filter_fun = Siglus4Filter; // remove NLI from the game + + //GROWL_DWORD(addr); + + ConsoleOutput("INSERT Siglus4"); + NewHook(hp, "SiglusEngine4"); + + ConsoleOutput("Siglus4: disable GDI hooks"); + + return true; +} +#endif // 0 + + +/** + * jichi 8/16/2013: Insert new siglus hook + * See (CaoNiMaGeBi): http://tieba.baidu.com/p/2531786952 + * Issue: floating text + * Example: + * 0153588b9534fdffff8b43583bd7 + * 0153 58 add dword ptr ds:[ebx+58],edx + * 8b95 34fdffff mov edx,dword ptr ss:[ebp-2cc] + * 8b43 58 mov eax,dword ptr ds:[ebx+58] + * 3bd7 cmp edx,edi ; hook here + * + * /HW-1C@D9DB2:SiglusEngine.exe + * - addr: 892338 (0xd9db2) + * - text_fun: 0x0 + * - function: 0 + * - hook_len: 0 + * - ind: 0 + * - length_offset: 1 + * - module: 356004490 (0x1538328a) + * - off: 4294967264 (0xffffffe0L, 0x-20) + * - recover_len: 0 + * - split: 0 + * - split_ind: 0 + * - type: 66 (0x42) + * + * 10/19/2014: There are currently two patterns to find the function to render scenario text. + * In the future, if both of them do not work again, try the following pattern instead. + * It is used to infer SiglusEngine2's logic in vnragent. + * + * 01140f8d 56 push esi + * 01140f8e 8d8b 0c010000 lea ecx,dword ptr ds:[ebx+0x10c] + * 01140f94 e8 67acfcff call .0110bc00 + * 01140f99 837f 14 08 cmp dword ptr ds:[edi+0x14],0x8 + * 01140f9d 72 04 jb short .01140fa3 + * 01140f9f 8b37 mov esi,dword ptr ds:[edi] + * 01140fa1 eb 02 jmp short .01140fa5 + * + * Type1 (聖娼女): + * + * 013aac6c cc int3 + * 013aac6d cc int3 + * 013aac6e cc int3 + * 013aac6f cc int3 + * 013aac70 55 push ebp ; jichi: vnragent hooked here + * 013aac71 8bec mov ebp,esp + * 013aac73 6a ff push -0x1 + * 013aac75 68 d8306101 push .016130d8 + * 013aac7a 64:a1 00000000 mov eax,dword ptr fs:[0] + * 013aac80 50 push eax + * 013aac81 81ec dc020000 sub esp,0x2dc + * 013aac87 a1 90f46a01 mov eax,dword ptr ds:[0x16af490] + * 013aac8c 33c5 xor eax,ebp + * 013aac8e 8945 f0 mov dword ptr ss:[ebp-0x10],eax + * 013aac91 53 push ebx + * 013aac92 56 push esi + * 013aac93 57 push edi + * 013aac94 50 push eax + * 013aac95 8d45 f4 lea eax,dword ptr ss:[ebp-0xc] + * 013aac98 64:a3 00000000 mov dword ptr fs:[0],eax + * 013aac9e 8b45 0c mov eax,dword ptr ss:[ebp+0xc] + * 013aaca1 8b5d 08 mov ebx,dword ptr ss:[ebp+0x8] + * 013aaca4 8bf9 mov edi,ecx + * 013aaca6 8b77 10 mov esi,dword ptr ds:[edi+0x10] + * 013aaca9 89bd 20fdffff mov dword ptr ss:[ebp-0x2e0],edi + * 013aacaf 8985 18fdffff mov dword ptr ss:[ebp-0x2e8],eax + * 013aacb5 85f6 test esi,esi + * 013aacb7 0f84 77040000 je .013ab134 + * 013aacbd 8b93 18010000 mov edx,dword ptr ds:[ebx+0x118] + * 013aacc3 2b93 14010000 sub edx,dword ptr ds:[ebx+0x114] + * 013aacc9 8d8b 14010000 lea ecx,dword ptr ds:[ebx+0x114] + * 013aaccf b8 67666666 mov eax,0x66666667 + * 013aacd4 f7ea imul edx + * 013aacd6 c1fa 08 sar edx,0x8 + * 013aacd9 8bc2 mov eax,edx + * 013aacdb c1e8 1f shr eax,0x1f + * 013aacde 03c2 add eax,edx + * 013aace0 03c6 add eax,esi + * 013aace2 50 push eax + * 013aace3 e8 5896fcff call .01374340 + * 013aace8 837f 14 08 cmp dword ptr ds:[edi+0x14],0x8 + * 013aacec 72 04 jb short .013aacf2 + * 013aacee 8b07 mov eax,dword ptr ds:[edi] + * 013aacf0 eb 02 jmp short .013aacf4 + * 013aacf2 8bc7 mov eax,edi + * 013aacf4 8985 24fdffff mov dword ptr ss:[ebp-0x2dc],eax + * 013aacfa 8b57 14 mov edx,dword ptr ds:[edi+0x14] + * 013aacfd 83fa 08 cmp edx,0x8 + * 013aad00 72 04 jb short .013aad06 + * 013aad02 8b0f mov ecx,dword ptr ds:[edi] + * 013aad04 eb 02 jmp short .013aad08 + * 013aad06 8bcf mov ecx,edi + * 013aad08 8b47 10 mov eax,dword ptr ds:[edi+0x10] + * 013aad0b 8bb5 24fdffff mov esi,dword ptr ss:[ebp-0x2dc] + * 013aad11 03c0 add eax,eax + * 013aad13 03c8 add ecx,eax + * 013aad15 3bf1 cmp esi,ecx + * 013aad17 0f84 17040000 je .013ab134 + * 013aad1d c785 34fdffff 00>mov dword ptr ss:[ebp-0x2cc],0x0 + * 013aad27 c785 2cfdffff ff>mov dword ptr ss:[ebp-0x2d4],-0x1 + * 013aad31 89b5 1cfdffff mov dword ptr ss:[ebp-0x2e4],esi + * 013aad37 83fa 08 cmp edx,0x8 + * 013aad3a 72 04 jb short .013aad40 + * 013aad3c 8b0f mov ecx,dword ptr ds:[edi] + * 013aad3e eb 02 jmp short .013aad42 + * 013aad40 8bcf mov ecx,edi + * 013aad42 03c1 add eax,ecx + * 013aad44 8d8d 2cfdffff lea ecx,dword ptr ss:[ebp-0x2d4] + * 013aad4a 51 push ecx + * 013aad4b 8d95 34fdffff lea edx,dword ptr ss:[ebp-0x2cc] + * 013aad51 52 push edx + * 013aad52 50 push eax + * 013aad53 8d85 24fdffff lea eax,dword ptr ss:[ebp-0x2dc] + * 013aad59 50 push eax + * 013aad5a e8 b183faff call .01353110 + * 013aad5f 8bb5 2cfdffff mov esi,dword ptr ss:[ebp-0x2d4] + * 013aad65 83c4 10 add esp,0x10 + * 013aad68 83fe 0a cmp esi,0xa + * 013aad6b 75 09 jnz short .013aad76 + * 013aad6d 8bcb mov ecx,ebx + * 013aad6f e8 ac050000 call .013ab320 + * 013aad74 ^eb 84 jmp short .013aacfa + * 013aad76 83fe 07 cmp esi,0x7 + * 013aad79 75 2a jnz short .013aada5 + * 013aad7b 33c9 xor ecx,ecx + * 013aad7d 33c0 xor eax,eax + * 013aad7f 66:898b ec000000 mov word ptr ds:[ebx+0xec],cx + * 013aad86 8bcb mov ecx,ebx + * 013aad88 8983 e8000000 mov dword ptr ds:[ebx+0xe8],eax + * 013aad8e 8983 f0000000 mov dword ptr ds:[ebx+0xf0],eax + * 013aad94 e8 87050000 call .013ab320 + * 013aad99 c683 f9000000 01 mov byte ptr ds:[ebx+0xf9],0x1 + * 013aada0 ^e9 55ffffff jmp .013aacfa + * 013aada5 8b85 34fdffff mov eax,dword ptr ss:[ebp-0x2cc] + * 013aadab 85c0 test eax,eax + * 013aadad 75 37 jnz short .013aade6 + * 013aadaf 85f6 test esi,esi + * 013aadb1 ^0f84 43ffffff je .013aacfa + * 013aadb7 85c0 test eax,eax + * 013aadb9 75 2b jnz short .013aade6 + * 013aadbb f605 c0be9f05 01 test byte ptr ds:[0x59fbec0],0x1 + * 013aadc2 75 0c jnz short .013aadd0 + * 013aadc4 830d c0be9f05 01 or dword ptr ds:[0x59fbec0],0x1 + * 013aadcb e8 f02a0b00 call .0145d8c0 + * 013aadd0 0fb7d6 movzx edx,si + * 013aadd3 80ba c0be9e05 01 cmp byte ptr ds:[edx+0x59ebec0],0x1 + * 013aadda 75 0a jnz short .013aade6 + * 013aaddc 8b43 68 mov eax,dword ptr ds:[ebx+0x68] + * 013aaddf 99 cdq + * 013aade0 2bc2 sub eax,edx + * 013aade2 d1f8 sar eax,1 + * 013aade4 eb 03 jmp short .013aade9 + * 013aade6 8b43 68 mov eax,dword ptr ds:[ebx+0x68] + * 013aade9 8b8b a0000000 mov ecx,dword ptr ds:[ebx+0xa0] + * 013aadef 8b53 18 mov edx,dword ptr ds:[ebx+0x18] + * 013aadf2 8985 30fdffff mov dword ptr ss:[ebp-0x2d0],eax + * 013aadf8 0343 58 add eax,dword ptr ds:[ebx+0x58] + * 013aadfb 03d1 add edx,ecx + * 013aadfd 3bc2 cmp eax,edx + * 013aadff 7f 0f jg short .013aae10 + * 013aae01 3bc1 cmp eax,ecx + * 013aae03 7e 30 jle short .013aae35 + * 013aae05 8bc6 mov eax,esi + * 013aae07 e8 94faffff call .013aa8a0 + * 013aae0c 84c0 test al,al + * 013aae0e 75 25 jnz short .013aae35 + * 013aae10 8bcb mov ecx,ebx + * 013aae12 e8 09050000 call .013ab320 + * 013aae17 83bd 34fdffff 00 cmp dword ptr ss:[ebp-0x2cc],0x0 + * 013aae1e 75 15 jnz short .013aae35 + * 013aae20 83fe 20 cmp esi,0x20 + * 013aae23 ^0f84 d1feffff je .013aacfa + * 013aae29 81fe 00300000 cmp esi,0x3000 + * 013aae2f ^0f84 c5feffff je .013aacfa + * 013aae35 8b43 5c mov eax,dword ptr ds:[ebx+0x5c] + * 013aae38 3b83 a4000000 cmp eax,dword ptr ds:[ebx+0xa4] + * 013aae3e 0f8d 7e020000 jge .013ab0c2 + * 013aae44 8d8d 38fdffff lea ecx,dword ptr ss:[ebp-0x2c8] + * 013aae4a 51 push ecx + * 013aae4b e8 30e4ffff call .013a9280 + * 013aae50 c745 fc 01000000 mov dword ptr ss:[ebp-0x4],0x1 + * 013aae57 8b43 74 mov eax,dword ptr ds:[ebx+0x74] + * 013aae5a 8b0d 88b26c01 mov ecx,dword ptr ds:[0x16cb288] + * 013aae60 83f8 ff cmp eax,-0x1 + * 013aae63 74 04 je short .013aae69 + * 013aae65 8bd0 mov edx,eax + * 013aae67 eb 19 jmp short .013aae82 + * 013aae69 80b9 60010000 00 cmp byte ptr ds:[ecx+0x160],0x0 + * 013aae70 74 0d je short .013aae7f + * 013aae72 8b83 e0000000 mov eax,dword ptr ds:[ebx+0xe0] + * 013aae78 8bd0 mov edx,eax + * 013aae7a 83f8 ff cmp eax,-0x1 + * 013aae7d 75 03 jnz short .013aae82 + * 013aae7f 8b53 24 mov edx,dword ptr ds:[ebx+0x24] + * 013aae82 8b43 78 mov eax,dword ptr ds:[ebx+0x78] + * 013aae85 83f8 ff cmp eax,-0x1 + * 013aae88 75 17 jnz short .013aaea1 + * 013aae8a 80b9 60010000 00 cmp byte ptr ds:[ecx+0x160],0x0 + * 013aae91 74 0b je short .013aae9e + * 013aae93 8b83 e4000000 mov eax,dword ptr ds:[ebx+0xe4] + * 013aae99 83f8 ff cmp eax,-0x1 + * 013aae9c 75 03 jnz short .013aaea1 + * 013aae9e 8b43 28 mov eax,dword ptr ds:[ebx+0x28] + * 013aaea1 8b4b 60 mov ecx,dword ptr ds:[ebx+0x60] + * 013aaea4 8bb5 34fdffff mov esi,dword ptr ss:[ebp-0x2cc] + * 013aaeaa 034b 58 add ecx,dword ptr ds:[ebx+0x58] + * 013aaead 8b7b 68 mov edi,dword ptr ds:[ebx+0x68] + * 013aaeb0 8985 28fdffff mov dword ptr ss:[ebp-0x2d8],eax + * 013aaeb6 8b43 5c mov eax,dword ptr ds:[ebx+0x5c] + * 013aaeb9 0343 64 add eax,dword ptr ds:[ebx+0x64] + * 013aaebc 83fe 01 cmp esi,0x1 + * 013aaebf 75 02 jnz short .013aaec3 + * 013aaec1 33d2 xor edx,edx + * 013aaec3 80bb fa000000 00 cmp byte ptr ds:[ebx+0xfa],0x0 + * 013aaeca 89b5 38fdffff mov dword ptr ss:[ebp-0x2c8],esi + * 013aaed0 8bb5 2cfdffff mov esi,dword ptr ss:[ebp-0x2d4] + * 013aaed6 8995 44fdffff mov dword ptr ss:[ebp-0x2bc],edx + * 013aaedc 8b95 28fdffff mov edx,dword ptr ss:[ebp-0x2d8] + * 013aaee2 89b5 3cfdffff mov dword ptr ss:[ebp-0x2c4],esi + * 013aaee8 89bd 40fdffff mov dword ptr ss:[ebp-0x2c0],edi + * 013aaeee 8995 48fdffff mov dword ptr ss:[ebp-0x2b8],edx + * 013aaef4 898d 4cfdffff mov dword ptr ss:[ebp-0x2b4],ecx + * 013aaefa 8985 50fdffff mov dword ptr ss:[ebp-0x2b0],eax + * 013aaf00 74 19 je short .013aaf1b + * 013aaf02 8b43 58 mov eax,dword ptr ds:[ebx+0x58] + * 013aaf05 8b4b 5c mov ecx,dword ptr ds:[ebx+0x5c] + * 013aaf08 8983 fc000000 mov dword ptr ds:[ebx+0xfc],eax + * 013aaf0e 898b 00010000 mov dword ptr ds:[ebx+0x100],ecx + * 013aaf14 c683 fa000000 00 mov byte ptr ds:[ebx+0xfa],0x0 + * 013aaf1b 8b53 6c mov edx,dword ptr ds:[ebx+0x6c] + * 013aaf1e 0395 30fdffff add edx,dword ptr ss:[ebp-0x2d0] + * 013aaf24 33ff xor edi,edi + * 013aaf26 0153 58 add dword ptr ds:[ebx+0x58],edx + * 013aaf29 8b95 34fdffff mov edx,dword ptr ss:[ebp-0x2cc] + * 013aaf2f 8b43 58 mov eax,dword ptr ds:[ebx+0x58] + * 013aaf32 3bd7 cmp edx,edi ; jichi: hook here + * 013aaf34 75 4b jnz short .013aaf81 + * 013aaf36 81fe 0c300000 cmp esi,0x300c ; jichi 10/18/2014: searched here found the new siglus function + * 013aaf3c 74 10 je short .013aaf4e + * 013aaf3e 81fe 0e300000 cmp esi,0x300e + * 013aaf44 74 08 je short .013aaf4e + * 013aaf46 81fe 08ff0000 cmp esi,0xff08 + * 013aaf4c 75 33 jnz short .013aaf81 + * 013aaf4e 80bb f9000000 00 cmp byte ptr ds:[ebx+0xf9],0x0 + * 013aaf55 74 19 je short .013aaf70 + * 013aaf57 8983 e8000000 mov dword ptr ds:[ebx+0xe8],eax + * 013aaf5d 66:89b3 ec000000 mov word ptr ds:[ebx+0xec],si + * 013aaf64 c783 f0000000 01>mov dword ptr ds:[ebx+0xf0],0x1 + * 013aaf6e eb 11 jmp short .013aaf81 + * 013aaf70 0fb783 ec000000 movzx eax,word ptr ds:[ebx+0xec] + * 013aaf77 3bf0 cmp esi,eax + * 013aaf79 75 06 jnz short .013aaf81 + * 013aaf7b ff83 f0000000 inc dword ptr ds:[ebx+0xf0] + * 013aaf81 8b8b f0000000 mov ecx,dword ptr ds:[ebx+0xf0] + * 013aaf87 3bcf cmp ecx,edi + * 013aaf89 7e 71 jle short .013aaffc + * 013aaf8b 3bd7 cmp edx,edi + * 013aaf8d 75 50 jnz short .013aafdf + * 013aaf8f 0fb783 ec000000 movzx eax,word ptr ds:[ebx+0xec] + * 013aaf96 ba 0c300000 mov edx,0x300c + * 013aaf9b 66:3bc2 cmp ax,dx + * 013aaf9e 75 0f jnz short .013aafaf + * 013aafa0 81fe 0d300000 cmp esi,0x300d + * 013aafa6 75 07 jnz short .013aafaf + * 013aafa8 49 dec ecx + * 013aafa9 898b f0000000 mov dword ptr ds:[ebx+0xf0],ecx + * 013aafaf b9 0e300000 mov ecx,0x300e + * 013aafb4 66:3bc1 cmp ax,cx + * 013aafb7 75 0e jnz short .013aafc7 + * 013aafb9 81fe 0f300000 cmp esi,0x300f + * 013aafbf 75 06 jnz short .013aafc7 + * 013aafc1 ff8b f0000000 dec dword ptr ds:[ebx+0xf0] + * 013aafc7 ba 08ff0000 mov edx,0xff08 + * 013aafcc 66:3bc2 cmp ax,dx + * 013aafcf 75 0e jnz short .013aafdf + * 013aafd1 81fe 09ff0000 cmp esi,0xff09 + * 013aafd7 75 06 jnz short .013aafdf + * 013aafd9 ff8b f0000000 dec dword ptr ds:[ebx+0xf0] + * 013aafdf 39bb f0000000 cmp dword ptr ds:[ebx+0xf0],edi + * 013aafe5 75 15 jnz short .013aaffc + * 013aafe7 33c0 xor eax,eax + * 013aafe9 89bb e8000000 mov dword ptr ds:[ebx+0xe8],edi + * 013aafef 66:8983 ec000000 mov word ptr ds:[ebx+0xec],ax + * 013aaff6 89bb f0000000 mov dword ptr ds:[ebx+0xf0],edi + * 013aaffc 8d8d 38fdffff lea ecx,dword ptr ss:[ebp-0x2c8] + * 013ab002 8dbb 14010000 lea edi,dword ptr ds:[ebx+0x114] + * 013ab008 e8 b390fcff call .013740c0 + * 013ab00d 33ff xor edi,edi + * 013ab00f 39bd 34fdffff cmp dword ptr ss:[ebp-0x2cc],edi + * 013ab015 75 0e jnz short .013ab025 + * 013ab017 56 push esi + * 013ab018 8d83 a8000000 lea eax,dword ptr ds:[ebx+0xa8] + * 013ab01e e8 5d080000 call .013ab880 + * 013ab023 eb 65 jmp short .013ab08a + * 013ab025 8b85 1cfdffff mov eax,dword ptr ss:[ebp-0x2e4] + * 013ab02b 33c9 xor ecx,ecx + * 013ab02d 66:894d d4 mov word ptr ss:[ebp-0x2c],cx + * 013ab031 8b8d 24fdffff mov ecx,dword ptr ss:[ebp-0x2dc] + * 013ab037 c745 e8 07000000 mov dword ptr ss:[ebp-0x18],0x7 + * 013ab03e 897d e4 mov dword ptr ss:[ebp-0x1c],edi + * 013ab041 3bc1 cmp eax,ecx + * 013ab043 74 0d je short .013ab052 + * 013ab045 2bc8 sub ecx,eax + * 013ab047 d1f9 sar ecx,1 + * 013ab049 51 push ecx + * 013ab04a 8d75 d4 lea esi,dword ptr ss:[ebp-0x2c] + * 013ab04d e8 de72f2ff call .012d2330 + * 013ab052 6a ff push -0x1 + * 013ab054 57 push edi + * 013ab055 8d55 d4 lea edx,dword ptr ss:[ebp-0x2c] + * 013ab058 52 push edx + * 013ab059 8db3 a8000000 lea esi,dword ptr ds:[ebx+0xa8] + * 013ab05f c645 fc 02 mov byte ptr ss:[ebp-0x4],0x2 + * 013ab063 e8 3879f2ff call .012d29a0 + * 013ab068 837d e8 08 cmp dword ptr ss:[ebp-0x18],0x8 + * 013ab06c 72 0c jb short .013ab07a + * 013ab06e 8b45 d4 mov eax,dword ptr ss:[ebp-0x2c] + * 013ab071 50 push eax + * 013ab072 e8 5fbe1900 call .01546ed6 + * 013ab077 83c4 04 add esp,0x4 + * 013ab07a 33c9 xor ecx,ecx + * 013ab07c c745 e8 07000000 mov dword ptr ss:[ebp-0x18],0x7 + * 013ab083 897d e4 mov dword ptr ss:[ebp-0x1c],edi + * 013ab086 66:894d d4 mov word ptr ss:[ebp-0x2c],cx + * 013ab08a 8bbd 20fdffff mov edi,dword ptr ss:[ebp-0x2e0] + * 013ab090 c683 f9000000 00 mov byte ptr ds:[ebx+0xf9],0x0 + * 013ab097 8d95 88feffff lea edx,dword ptr ss:[ebp-0x178] + * 013ab09d 52 push edx + * 013ab09e c745 fc 03000000 mov dword ptr ss:[ebp-0x4],0x3 + * 013ab0a5 e8 d6c70800 call .01437880 + * 013ab0aa 8d85 58fdffff lea eax,dword ptr ss:[ebp-0x2a8] + * 013ab0b0 50 push eax + * 013ab0b1 c745 fc ffffffff mov dword ptr ss:[ebp-0x4],-0x1 + * 013ab0b8 e8 c3c70800 call .01437880 + * 013ab0bd ^e9 38fcffff jmp .013aacfa + * 013ab0c2 8b9d 18fdffff mov ebx,dword ptr ss:[ebp-0x2e8] + * 013ab0c8 85db test ebx,ebx + * 013ab0ca 74 68 je short .013ab134 + * 013ab0cc 837f 14 08 cmp dword ptr ds:[edi+0x14],0x8 + * 013ab0d0 72 04 jb short .013ab0d6 + * 013ab0d2 8b07 mov eax,dword ptr ds:[edi] + * 013ab0d4 eb 02 jmp short .013ab0d8 + * 013ab0d6 8bc7 mov eax,edi + * 013ab0d8 8b4f 10 mov ecx,dword ptr ds:[edi+0x10] + * 013ab0db 8d0448 lea eax,dword ptr ds:[eax+ecx*2] + * 013ab0de 8b8d 1cfdffff mov ecx,dword ptr ss:[ebp-0x2e4] + * 013ab0e4 33d2 xor edx,edx + * 013ab0e6 c745 cc 07000000 mov dword ptr ss:[ebp-0x34],0x7 + * 013ab0ed c745 c8 00000000 mov dword ptr ss:[ebp-0x38],0x0 + * 013ab0f4 66:8955 b8 mov word ptr ss:[ebp-0x48],dx + * 013ab0f8 3bc8 cmp ecx,eax + * 013ab0fa 74 0f je short .013ab10b + * 013ab0fc 2bc1 sub eax,ecx + * 013ab0fe d1f8 sar eax,1 + * 013ab100 50 push eax + * 013ab101 8bc1 mov eax,ecx + * 013ab103 8d75 b8 lea esi,dword ptr ss:[ebp-0x48] + * 013ab106 e8 2572f2ff call .012d2330 + * 013ab10b 6a 00 push 0x0 + * 013ab10d 8d45 b8 lea eax,dword ptr ss:[ebp-0x48] + * 013ab110 50 push eax + * 013ab111 83c8 ff or eax,0xffffffff + * 013ab114 8bcb mov ecx,ebx + * 013ab116 c745 fc 00000000 mov dword ptr ss:[ebp-0x4],0x0 + * 013ab11d e8 2e6ef2ff call .012d1f50 + * 013ab122 837d cc 08 cmp dword ptr ss:[ebp-0x34],0x8 + * 013ab126 72 0c jb short .013ab134 + * 013ab128 8b4d b8 mov ecx,dword ptr ss:[ebp-0x48] + * 013ab12b 51 push ecx + * 013ab12c e8 a5bd1900 call .01546ed6 + * 013ab131 83c4 04 add esp,0x4 + * 013ab134 8b4d f4 mov ecx,dword ptr ss:[ebp-0xc] + * 013ab137 64:890d 00000000 mov dword ptr fs:[0],ecx + * 013ab13e 59 pop ecx + * 013ab13f 5f pop edi + * 013ab140 5e pop esi + * 013ab141 5b pop ebx + * 013ab142 8b4d f0 mov ecx,dword ptr ss:[ebp-0x10] + * 013ab145 33cd xor ecx,ebp + * 013ab147 e8 6ab30e00 call .014964b6 + * 013ab14c 8be5 mov esp,ebp + * 013ab14e 5d pop ebp + * 013ab14f c2 0800 retn 0x8 + * 013ab152 cc int3 + * 013ab153 cc int3 + * 013ab154 cc int3 + * + * 10/18/2014 Type2: リア兂�ラスメイト孕ませ催� + * + * 01140edb cc int3 + * 01140edc cc int3 + * 01140edd cc int3 + * 01140ede cc int3 + * 01140edf cc int3 + * 01140ee0 55 push ebp + * 01140ee1 8bec mov ebp,esp + * 01140ee3 6a ff push -0x1 + * 01140ee5 68 c6514a01 push .014a51c6 + * 01140eea 64:a1 00000000 mov eax,dword ptr fs:[0] + * 01140ef0 50 push eax + * 01140ef1 81ec dc020000 sub esp,0x2dc + * 01140ef7 a1 10745501 mov eax,dword ptr ds:[0x1557410] + * 01140efc 33c5 xor eax,ebp + * 01140efe 8945 f0 mov dword ptr ss:[ebp-0x10],eax + * 01140f01 53 push ebx + * 01140f02 56 push esi + * 01140f03 57 push edi + * 01140f04 50 push eax + * 01140f05 8d45 f4 lea eax,dword ptr ss:[ebp-0xc] + * 01140f08 64:a3 00000000 mov dword ptr fs:[0],eax + * 01140f0e 8bd9 mov ebx,ecx + * 01140f10 8b7d 08 mov edi,dword ptr ss:[ebp+0x8] + * 01140f13 837f 10 00 cmp dword ptr ds:[edi+0x10],0x0 + * 01140f17 8b45 0c mov eax,dword ptr ss:[ebp+0xc] + * 01140f1a 8985 1cfdffff mov dword ptr ss:[ebp-0x2e4],eax + * 01140f20 8d47 10 lea eax,dword ptr ds:[edi+0x10] + * 01140f23 89bd 38fdffff mov dword ptr ss:[ebp-0x2c8],edi + * 01140f29 8985 20fdffff mov dword ptr ss:[ebp-0x2e0],eax + * 01140f2f 0f84 2a050000 je .0114145f + * 01140f35 8b8b 10010000 mov ecx,dword ptr ds:[ebx+0x110] + * 01140f3b b8 67666666 mov eax,0x66666667 + * 01140f40 2b8b 0c010000 sub ecx,dword ptr ds:[ebx+0x10c] + * 01140f46 f7e9 imul ecx + * 01140f48 8b85 20fdffff mov eax,dword ptr ss:[ebp-0x2e0] + * 01140f4e 8b8b 14010000 mov ecx,dword ptr ds:[ebx+0x114] + * 01140f54 2b8b 0c010000 sub ecx,dword ptr ds:[ebx+0x10c] + * 01140f5a c1fa 08 sar edx,0x8 + * 01140f5d 8bf2 mov esi,edx + * 01140f5f c1ee 1f shr esi,0x1f + * 01140f62 03f2 add esi,edx + * 01140f64 0330 add esi,dword ptr ds:[eax] + * 01140f66 b8 67666666 mov eax,0x66666667 + * 01140f6b f7e9 imul ecx + * 01140f6d c1fa 08 sar edx,0x8 + * 01140f70 8bc2 mov eax,edx + * 01140f72 c1e8 1f shr eax,0x1f + * 01140f75 03c2 add eax,edx + * 01140f77 3bc6 cmp eax,esi + * 01140f79 73 1e jnb short .01140f99 + * 01140f7b 81fe 66666600 cmp esi,0x666666 ; unicode "s the data. + * 01140f81 76 0a jbe short .01140f8d + * 01140f83 68 c00f4f01 push .014f0fc0 ; ascii "vector too long" + * 01140f88 e8 b1a30e00 call .0122b33e + * 01140f8d 56 push esi + * 01140f8e 8d8b 0c010000 lea ecx,dword ptr ds:[ebx+0x10c] + * 01140f94 e8 67acfcff call .0110bc00 + * 01140f99 837f 14 08 cmp dword ptr ds:[edi+0x14],0x8 + * 01140f9d 72 04 jb short .01140fa3 + * 01140f9f 8b37 mov esi,dword ptr ds:[edi] + * 01140fa1 eb 02 jmp short .01140fa5 + * 01140fa3 8bf7 mov esi,edi + * 01140fa5 89b5 34fdffff mov dword ptr ss:[ebp-0x2cc],esi + * 01140fab eb 03 jmp short .01140fb0 + * 01140fad 8d49 00 lea ecx,dword ptr ds:[ecx] + * 01140fb0 8b57 14 mov edx,dword ptr ds:[edi+0x14] + * 01140fb3 83fa 08 cmp edx,0x8 + * 01140fb6 72 04 jb short .01140fbc + * 01140fb8 8b07 mov eax,dword ptr ds:[edi] + * 01140fba eb 02 jmp short .01140fbe + * 01140fbc 8bc7 mov eax,edi + * 01140fbe 8b8d 20fdffff mov ecx,dword ptr ss:[ebp-0x2e0] + * 01140fc4 8b09 mov ecx,dword ptr ds:[ecx] + * 01140fc6 03c9 add ecx,ecx + * 01140fc8 03c1 add eax,ecx + * 01140fca 3bf0 cmp esi,eax + * 01140fcc 0f84 8d040000 je .0114145f + * 01140fd2 8b85 38fdffff mov eax,dword ptr ss:[ebp-0x2c8] + * 01140fd8 8bfe mov edi,esi + * 01140fda c785 3cfdffff 00>mov dword ptr ss:[ebp-0x2c4],0x0 + * 01140fe4 c785 2cfdffff ff>mov dword ptr ss:[ebp-0x2d4],-0x1 + * 01140fee 83fa 08 cmp edx,0x8 + * 01140ff1 72 02 jb short .01140ff5 + * 01140ff3 8b00 mov eax,dword ptr ds:[eax] + * 01140ff5 03c1 add eax,ecx + * 01140ff7 8d95 3cfdffff lea edx,dword ptr ss:[ebp-0x2c4] + * 01140ffd 8d8d 2cfdffff lea ecx,dword ptr ss:[ebp-0x2d4] + * 01141003 51 push ecx + * 01141004 50 push eax + * 01141005 8d8d 34fdffff lea ecx,dword ptr ss:[ebp-0x2cc] + * 0114100b e8 e033fbff call .010f43f0 + * 01141010 8bb5 2cfdffff mov esi,dword ptr ss:[ebp-0x2d4] + * 01141016 83c4 08 add esp,0x8 + * 01141019 83fe 0a cmp esi,0xa + * 0114101c 75 18 jnz short .01141036 + * 0114101e 8bcb mov ecx,ebx + * 01141020 e8 2b060000 call .01141650 + * 01141025 8bb5 34fdffff mov esi,dword ptr ss:[ebp-0x2cc] + * 0114102b 8bbd 38fdffff mov edi,dword ptr ss:[ebp-0x2c8] + * 01141031 ^e9 7affffff jmp .01140fb0 + * 01141036 83fe 07 cmp esi,0x7 + * 01141039 75 38 jnz short .01141073 + * 0114103b 33c0 xor eax,eax + * 0114103d c783 e0000000 00>mov dword ptr ds:[ebx+0xe0],0x0 + * 01141047 8bcb mov ecx,ebx + * 01141049 66:8983 e4000000 mov word ptr ds:[ebx+0xe4],ax + * 01141050 8983 e8000000 mov dword ptr ds:[ebx+0xe8],eax + * 01141056 e8 f5050000 call .01141650 + * 0114105b 8bb5 34fdffff mov esi,dword ptr ss:[ebp-0x2cc] + * 01141061 8bbd 38fdffff mov edi,dword ptr ss:[ebp-0x2c8] + * 01141067 c683 f1000000 01 mov byte ptr ds:[ebx+0xf1],0x1 + * 0114106e ^e9 3dffffff jmp .01140fb0 + * 01141073 8b85 3cfdffff mov eax,dword ptr ss:[ebp-0x2c4] + * 01141079 85c0 test eax,eax + * 0114107b 75 36 jnz short .011410b3 + * 0114107d 85f6 test esi,esi + * 0114107f 74 7f je short .01141100 + * 01141081 85c0 test eax,eax + * 01141083 75 2e jnz short .011410b3 + * 01141085 a1 00358905 mov eax,dword ptr ds:[0x5893500] + * 0114108a a8 01 test al,0x1 + * 0114108c 75 0d jnz short .0114109b + * 0114108e 83c8 01 or eax,0x1 + * 01141091 a3 00358905 mov dword ptr ds:[0x5893500],eax + * 01141096 e8 65160b00 call .011f2700 + * 0114109b 0fb7c6 movzx eax,si + * 0114109e 80b8 10358905 01 cmp byte ptr ds:[eax+0x5893510],0x1 + * 011410a5 75 0c jnz short .011410b3 + * 011410a7 8b43 68 mov eax,dword ptr ds:[ebx+0x68] + * 011410aa 99 cdq + * 011410ab 2bc2 sub eax,edx + * 011410ad 8bc8 mov ecx,eax + * 011410af d1f9 sar ecx,1 + * 011410b1 eb 03 jmp short .011410b6 + * 011410b3 8b4b 68 mov ecx,dword ptr ds:[ebx+0x68] + * 011410b6 8b43 18 mov eax,dword ptr ds:[ebx+0x18] + * 011410b9 8b93 a0000000 mov edx,dword ptr ds:[ebx+0xa0] + * 011410bf 03c2 add eax,edx + * 011410c1 898d 28fdffff mov dword ptr ss:[ebp-0x2d8],ecx + * 011410c7 034b 58 add ecx,dword ptr ds:[ebx+0x58] + * 011410ca 3bc8 cmp ecx,eax + * 011410cc 7f 0f jg short .011410dd + * 011410ce 3bca cmp ecx,edx + * 011410d0 7e 3f jle short .01141111 + * 011410d2 8bce mov ecx,esi + * 011410d4 e8 37faffff call .01140b10 + * 011410d9 84c0 test al,al + * 011410db 75 34 jnz short .01141111 + * 011410dd 8bcb mov ecx,ebx + * 011410df e8 6c050000 call .01141650 + * 011410e4 83bd 3cfdffff 00 cmp dword ptr ss:[ebp-0x2c4],0x0 + * 011410eb 75 24 jnz short .01141111 + * 011410ed 83fe 20 cmp esi,0x20 + * 011410f0 74 0e je short .01141100 + * 011410f2 81fe 00300000 cmp esi,0x3000 + * 011410f8 75 17 jnz short .01141111 + * 011410fa 8d9b 00000000 lea ebx,dword ptr ds:[ebx] + * 01141100 8bb5 34fdffff mov esi,dword ptr ss:[ebp-0x2cc] + * 01141106 8bbd 38fdffff mov edi,dword ptr ss:[ebp-0x2c8] + * 0114110c ^e9 9ffeffff jmp .01140fb0 + * 01141111 8b43 5c mov eax,dword ptr ds:[ebx+0x5c] + * 01141114 3b83 a4000000 cmp eax,dword ptr ds:[ebx+0xa4] + * 0114111a 0f8d cb020000 jge .011413eb + * 01141120 8d8d 40fdffff lea ecx,dword ptr ss:[ebp-0x2c0] + * 01141126 e8 d5e3ffff call .0113f500 + * 0114112b c745 fc 01000000 mov dword ptr ss:[ebp-0x4],0x1 + * 01141132 8b4b 74 mov ecx,dword ptr ds:[ebx+0x74] + * 01141135 8b15 98285701 mov edx,dword ptr ds:[0x1572898] + * 0114113b 898d 30fdffff mov dword ptr ss:[ebp-0x2d0],ecx + * 01141141 83f9 ff cmp ecx,-0x1 + * 01141144 75 23 jnz short .01141169 + * 01141146 80ba 58010000 00 cmp byte ptr ds:[edx+0x158],0x0 + * 0114114d 74 11 je short .01141160 + * 0114114f 8b8b d8000000 mov ecx,dword ptr ds:[ebx+0xd8] + * 01141155 898d 30fdffff mov dword ptr ss:[ebp-0x2d0],ecx + * 0114115b 83f9 ff cmp ecx,-0x1 + * 0114115e 75 09 jnz short .01141169 + * 01141160 8b43 24 mov eax,dword ptr ds:[ebx+0x24] + * 01141163 8985 30fdffff mov dword ptr ss:[ebp-0x2d0],eax + * 01141169 8b43 78 mov eax,dword ptr ds:[ebx+0x78] + * 0114116c 8985 24fdffff mov dword ptr ss:[ebp-0x2dc],eax + * 01141172 83f8 ff cmp eax,-0x1 + * 01141175 75 23 jnz short .0114119a + * 01141177 80ba 58010000 00 cmp byte ptr ds:[edx+0x158],0x0 + * 0114117e 74 11 je short .01141191 + * 01141180 8b83 dc000000 mov eax,dword ptr ds:[ebx+0xdc] + * 01141186 8985 24fdffff mov dword ptr ss:[ebp-0x2dc],eax + * 0114118c 83f8 ff cmp eax,-0x1 + * 0114118f 75 09 jnz short .0114119a + * 01141191 8b43 28 mov eax,dword ptr ds:[ebx+0x28] + * 01141194 8985 24fdffff mov dword ptr ss:[ebp-0x2dc],eax + * 0114119a 8b53 64 mov edx,dword ptr ds:[ebx+0x64] + * 0114119d 0353 5c add edx,dword ptr ds:[ebx+0x5c] + * 011411a0 8b4b 60 mov ecx,dword ptr ds:[ebx+0x60] + * 011411a3 034b 58 add ecx,dword ptr ds:[ebx+0x58] + * 011411a6 83bd 3cfdffff 01 cmp dword ptr ss:[ebp-0x2c4],0x1 + * 011411ad 8bb5 30fdffff mov esi,dword ptr ss:[ebp-0x2d0] + * 011411b3 8b43 68 mov eax,dword ptr ds:[ebx+0x68] + * 011411b6 c785 18fdffff 00>mov dword ptr ss:[ebp-0x2e8],0x0 + * 011411c0 0f44b5 18fdffff cmove esi,dword ptr ss:[ebp-0x2e8] + * 011411c7 80bb f2000000 00 cmp byte ptr ds:[ebx+0xf2],0x0 + * 011411ce 89b5 30fdffff mov dword ptr ss:[ebp-0x2d0],esi + * 011411d4 8bb5 3cfdffff mov esi,dword ptr ss:[ebp-0x2c4] + * 011411da 8985 48fdffff mov dword ptr ss:[ebp-0x2b8],eax + * 011411e0 8b85 30fdffff mov eax,dword ptr ss:[ebp-0x2d0] + * 011411e6 89b5 40fdffff mov dword ptr ss:[ebp-0x2c0],esi + * 011411ec 8bb5 2cfdffff mov esi,dword ptr ss:[ebp-0x2d4] + * 011411f2 8985 4cfdffff mov dword ptr ss:[ebp-0x2b4],eax + * 011411f8 8b85 24fdffff mov eax,dword ptr ss:[ebp-0x2dc] + * 011411fe 89b5 44fdffff mov dword ptr ss:[ebp-0x2bc],esi + * 01141204 8985 50fdffff mov dword ptr ss:[ebp-0x2b0],eax + * 0114120a 898d 54fdffff mov dword ptr ss:[ebp-0x2ac],ecx + * 01141210 8995 58fdffff mov dword ptr ss:[ebp-0x2a8],edx + * 01141216 74 19 je short .01141231 + * 01141218 8b43 58 mov eax,dword ptr ds:[ebx+0x58] + * 0114121b 8983 f4000000 mov dword ptr ds:[ebx+0xf4],eax + * 01141221 8b43 5c mov eax,dword ptr ds:[ebx+0x5c] + * 01141224 8983 f8000000 mov dword ptr ds:[ebx+0xf8],eax + * 0114122a c683 f2000000 00 mov byte ptr ds:[ebx+0xf2],0x0 + * 01141231 8b43 6c mov eax,dword ptr ds:[ebx+0x6c] + * 01141234 0385 28fdffff add eax,dword ptr ss:[ebp-0x2d8] + * 0114123a 0143 58 add dword ptr ds:[ebx+0x58],eax + * 0114123d 8b85 3cfdffff mov eax,dword ptr ss:[ebp-0x2c4] + * 01141243 8b4b 58 mov ecx,dword ptr ds:[ebx+0x58] + * 01141246 85c0 test eax,eax + * 01141248 75 51 jnz short .0114129b + * 0114124a 81fe 0c300000 cmp esi,0x300c ; jichi: hook here, utf16 character is in esi + * 01141250 74 10 je short .01141262 + * 01141252 81fe 0e300000 cmp esi,0x300e + * 01141258 74 08 je short .01141262 + * 0114125a 81fe 08ff0000 cmp esi,0xff08 + * 01141260 75 39 jnz short .0114129b + * 01141262 80bb f1000000 00 cmp byte ptr ds:[ebx+0xf1],0x0 + * 01141269 74 19 je short .01141284 + * 0114126b 898b e0000000 mov dword ptr ds:[ebx+0xe0],ecx + * 01141271 66:89b3 e4000000 mov word ptr ds:[ebx+0xe4],si + * 01141278 c783 e8000000 01>mov dword ptr ds:[ebx+0xe8],0x1 + * 01141282 eb 17 jmp short .0114129b + * 01141284 0fb783 e4000000 movzx eax,word ptr ds:[ebx+0xe4] + * 0114128b 3bf0 cmp esi,eax + * 0114128d 8b85 3cfdffff mov eax,dword ptr ss:[ebp-0x2c4] + * 01141293 75 06 jnz short .0114129b + * 01141295 ff83 e8000000 inc dword ptr ds:[ebx+0xe8] + * 0114129b 8b93 e8000000 mov edx,dword ptr ds:[ebx+0xe8] + * 011412a1 85d2 test edx,edx + * 011412a3 7e 78 jle short .0114131d + * 011412a5 85c0 test eax,eax + * 011412a7 75 52 jnz short .011412fb + * 011412a9 0fb78b e4000000 movzx ecx,word ptr ds:[ebx+0xe4] + * 011412b0 b8 0c300000 mov eax,0x300c + * 011412b5 66:3bc8 cmp cx,ax + * 011412b8 75 11 jnz short .011412cb + * 011412ba 81fe 0d300000 cmp esi,0x300d + * 011412c0 75 09 jnz short .011412cb + * 011412c2 8d42 ff lea eax,dword ptr ds:[edx-0x1] + * 011412c5 8983 e8000000 mov dword ptr ds:[ebx+0xe8],eax + * 011412cb b8 0e300000 mov eax,0x300e + * 011412d0 66:3bc8 cmp cx,ax + * 011412d3 75 0e jnz short .011412e3 + * 011412d5 81fe 0f300000 cmp esi,0x300f + * 011412db 75 06 jnz short .011412e3 + * 011412dd ff8b e8000000 dec dword ptr ds:[ebx+0xe8] + * 011412e3 b8 08ff0000 mov eax,0xff08 + * 011412e8 66:3bc8 cmp cx,ax + * 011412eb 75 0e jnz short .011412fb + * 011412ed 81fe 09ff0000 cmp esi,0xff09 + * 011412f3 75 06 jnz short .011412fb + * 011412f5 ff8b e8000000 dec dword ptr ds:[ebx+0xe8] + * 011412fb 83bb e8000000 00 cmp dword ptr ds:[ebx+0xe8],0x0 + * 01141302 75 19 jnz short .0114131d + * 01141304 33c0 xor eax,eax + * 01141306 c783 e0000000 00>mov dword ptr ds:[ebx+0xe0],0x0 + * 01141310 66:8983 e4000000 mov word ptr ds:[ebx+0xe4],ax + * 01141317 8983 e8000000 mov dword ptr ds:[ebx+0xe8],eax + * 0114131d 8d85 40fdffff lea eax,dword ptr ss:[ebp-0x2c0] + * 01141323 50 push eax + * 01141324 8d8b 0c010000 lea ecx,dword ptr ds:[ebx+0x10c] + * 0114132a e8 31a6fcff call .0110b960 + * 0114132f 83bd 3cfdffff 00 cmp dword ptr ss:[ebp-0x2c4],0x0 + * 01141336 8bb5 34fdffff mov esi,dword ptr ss:[ebp-0x2cc] + * 0114133c 75 13 jnz short .01141351 + * 0114133e ffb5 2cfdffff push dword ptr ss:[ebp-0x2d4] + * 01141344 8d8b a8000000 lea ecx,dword ptr ds:[ebx+0xa8] + * 0114134a e8 010a0000 call .01141d50 + * 0114134f eb 64 jmp short .011413b5 + * 01141351 33c0 xor eax,eax + * 01141353 c745 ec 07000000 mov dword ptr ss:[ebp-0x14],0x7 + * 0114135a c745 e8 00000000 mov dword ptr ss:[ebp-0x18],0x0 + * 01141361 66:8945 d8 mov word ptr ss:[ebp-0x28],ax + * 01141365 3bfe cmp edi,esi + * 01141367 74 10 je short .01141379 + * 01141369 8bc6 mov eax,esi + * 0114136b 8d4d d8 lea ecx,dword ptr ss:[ebp-0x28] + * 0114136e 2bc7 sub eax,edi + * 01141370 d1f8 sar eax,1 + * 01141372 50 push eax + * 01141373 57 push edi + * 01141374 e8 b7daf2ff call .0106ee30 + * 01141379 6a ff push -0x1 + * 0114137b 6a 00 push 0x0 + * 0114137d 8d45 d8 lea eax,dword ptr ss:[ebp-0x28] + * 01141380 c645 fc 02 mov byte ptr ss:[ebp-0x4],0x2 + * 01141384 50 push eax + * 01141385 8d8b a8000000 lea ecx,dword ptr ds:[ebx+0xa8] + * 0114138b e8 205cf3ff call .01076fb0 + * 01141390 837d ec 08 cmp dword ptr ss:[ebp-0x14],0x8 + * 01141394 72 0b jb short .011413a1 + * 01141396 ff75 d8 push dword ptr ss:[ebp-0x28] + * 01141399 e8 fccb0e00 call .0122df9a + * 0114139e 83c4 04 add esp,0x4 + * 011413a1 33c0 xor eax,eax + * 011413a3 c745 ec 07000000 mov dword ptr ss:[ebp-0x14],0x7 + * 011413aa c745 e8 00000000 mov dword ptr ss:[ebp-0x18],0x0 + * 011413b1 66:8945 d8 mov word ptr ss:[ebp-0x28],ax + * 011413b5 c683 f1000000 00 mov byte ptr ds:[ebx+0xf1],0x0 + * 011413bc 8d8d 90feffff lea ecx,dword ptr ss:[ebp-0x170] + * 011413c2 c745 fc 03000000 mov dword ptr ss:[ebp-0x4],0x3 + * 011413c9 e8 42bb0800 call .011ccf10 + * 011413ce 8d8d 60fdffff lea ecx,dword ptr ss:[ebp-0x2a0] + * 011413d4 c745 fc ffffffff mov dword ptr ss:[ebp-0x4],-0x1 + * 011413db e8 30bb0800 call .011ccf10 + * 011413e0 8bbd 38fdffff mov edi,dword ptr ss:[ebp-0x2c8] + * 011413e6 ^e9 c5fbffff jmp .01140fb0 + * 011413eb 8b9d 1cfdffff mov ebx,dword ptr ss:[ebp-0x2e4] + * 011413f1 85db test ebx,ebx + * 011413f3 74 6a je short .0114145f + * 011413f5 8b8d 38fdffff mov ecx,dword ptr ss:[ebp-0x2c8] + * 011413fb 8379 14 08 cmp dword ptr ds:[ecx+0x14],0x8 + * 011413ff 72 02 jb short .01141403 + * 01141401 8b09 mov ecx,dword ptr ds:[ecx] + * 01141403 8b85 20fdffff mov eax,dword ptr ss:[ebp-0x2e0] + * 01141409 c745 d4 07000000 mov dword ptr ss:[ebp-0x2c],0x7 + * 01141410 c745 d0 00000000 mov dword ptr ss:[ebp-0x30],0x0 + * 01141417 8b00 mov eax,dword ptr ds:[eax] + * 01141419 8d0441 lea eax,dword ptr ds:[ecx+eax*2] + * 0114141c 33c9 xor ecx,ecx + * 0114141e 66:894d c0 mov word ptr ss:[ebp-0x40],cx + * 01141422 3bf8 cmp edi,eax + * 01141424 74 0e je short .01141434 + * 01141426 2bc7 sub eax,edi + * 01141428 8d4d c0 lea ecx,dword ptr ss:[ebp-0x40] + * 0114142b d1f8 sar eax,1 + * 0114142d 50 push eax + * 0114142e 57 push edi + * 0114142f e8 fcd9f2ff call .0106ee30 + * 01141434 8d45 c0 lea eax,dword ptr ss:[ebp-0x40] + * 01141437 c745 fc 00000000 mov dword ptr ss:[ebp-0x4],0x0 + * 0114143e 3bd8 cmp ebx,eax + * 01141440 74 0c je short .0114144e + * 01141442 6a ff push -0x1 + * 01141444 6a 00 push 0x0 + * 01141446 50 push eax + * 01141447 8bcb mov ecx,ebx + * 01141449 e8 c2def2ff call .0106f310 + * 0114144e 837d d4 08 cmp dword ptr ss:[ebp-0x2c],0x8 + * 01141452 72 0b jb short .0114145f + * 01141454 ff75 c0 push dword ptr ss:[ebp-0x40] + * 01141457 e8 3ecb0e00 call .0122df9a + * 0114145c 83c4 04 add esp,0x4 + * 0114145f 8b4d f4 mov ecx,dword ptr ss:[ebp-0xc] + * 01141462 64:890d 00000000 mov dword ptr fs:[0],ecx + * 01141469 59 pop ecx + * 0114146a 5f pop edi + * 0114146b 5e pop esi + * 0114146c 5b pop ebx + * 0114146d 8b4d f0 mov ecx,dword ptr ss:[ebp-0x10] + * 01141470 33cd xor ecx,ebp + * 01141472 e8 14cb0e00 call .0122df8b + * 01141477 8be5 mov esp,ebp + * 01141479 5d pop ebp + * 0114147a c2 0800 retn 0x8 + * 0114147d cc int3 + * 0114147e cc int3 + * + * In AngleBeats, base = 0x09a0000 + * 00B6B87C CC INT3 + * 00B6B87D CC INT3 + * 00B6B87E CC INT3 + * 00B6B87F CC INT3 + * 00B6B880 55 PUSH EBP + * 00B6B881 8BEC MOV EBP,ESP + * 00B6B883 6A FF PUSH -0x1 + * 00B6B885 68 7964ED00 PUSH .00ED6479 + * 00B6B88A 64:A1 00000000 MOV EAX,DWORD PTR FS:[0] + * 00B6B890 50 PUSH EAX + * 00B6B891 81EC 1C040000 SUB ESP,0x41C + * 00B6B897 A1 E0A4F800 MOV EAX,DWORD PTR DS:[0xF8A4E0] + * 00B6B89C 33C5 XOR EAX,EBP + * 00B6B89E 8945 F0 MOV DWORD PTR SS:[EBP-0x10],EAX + * 00B6B8A1 53 PUSH EBX + * 00B6B8A2 56 PUSH ESI + * 00B6B8A3 57 PUSH EDI + * 00B6B8A4 50 PUSH EAX + * 00B6B8A5 8D45 F4 LEA EAX,DWORD PTR SS:[EBP-0xC] + * 00B6B8A8 64:A3 00000000 MOV DWORD PTR FS:[0],EAX + * 00B6B8AE 8BD9 MOV EBX,ECX + * 00B6B8B0 8B7D 08 MOV EDI,DWORD PTR SS:[EBP+0x8] + * 00B6B8B3 837F 10 00 CMP DWORD PTR DS:[EDI+0x10],0x0 + * 00B6B8B7 8B45 0C MOV EAX,DWORD PTR SS:[EBP+0xC] + * 00B6B8BA 8985 E0FBFFFF MOV DWORD PTR SS:[EBP-0x420],EAX + * 00B6B8C0 8D47 10 LEA EAX,DWORD PTR DS:[EDI+0x10] + * 00B6B8C3 89BD FCFBFFFF MOV DWORD PTR SS:[EBP-0x404],EDI + * 00B6B8C9 8985 F0FBFFFF MOV DWORD PTR SS:[EBP-0x410],EAX + * 00B6B8CF 0F84 31060000 JE .00B6BF06 + * 00B6B8D5 8B8B 1C010000 MOV ECX,DWORD PTR DS:[EBX+0x11C] + * 00B6B8DB B8 71F8428A MOV EAX,0x8A42F871 + * 00B6B8E0 2B8B 18010000 SUB ECX,DWORD PTR DS:[EBX+0x118] + * 00B6B8E6 F7E9 IMUL ECX + * 00B6B8E8 8B85 F0FBFFFF MOV EAX,DWORD PTR SS:[EBP-0x410] + * 00B6B8EE 03D1 ADD EDX,ECX + * 00B6B8F0 8B8B 20010000 MOV ECX,DWORD PTR DS:[EBX+0x120] + * 00B6B8F6 2B8B 18010000 SUB ECX,DWORD PTR DS:[EBX+0x118] + * 00B6B8FC C1FA 09 SAR EDX,0x9 + * 00B6B8FF 8BF2 MOV ESI,EDX + * 00B6B901 C1EE 1F SHR ESI,0x1F + * 00B6B904 03F2 ADD ESI,EDX + * 00B6B906 0330 ADD ESI,DWORD PTR DS:[EAX] + * 00B6B908 B8 71F8428A MOV EAX,0x8A42F871 + * 00B6B90D F7E9 IMUL ECX + * 00B6B90F 03D1 ADD EDX,ECX + * 00B6B911 C1FA 09 SAR EDX,0x9 + * 00B6B914 8BC2 MOV EAX,EDX + * 00B6B916 C1E8 1F SHR EAX,0x1F + * 00B6B919 03C2 ADD EAX,EDX + * 00B6B91B 3BC6 CMP EAX,ESI + * 00B6B91D 73 1E JNB SHORT .00B6B93D + * 00B6B91F 81FE 7C214500 CMP ESI,0x45217C + * 00B6B925 76 0A JBE SHORT .00B6B931 + * 00B6B927 68 C031F200 PUSH .00F231C0 ; ASCII "vector too long" + * 00B6B92C E8 D2FC0E00 CALL .00C5B603 + * 00B6B931 56 PUSH ESI + * 00B6B932 8D8B 18010000 LEA ECX,DWORD PTR DS:[EBX+0x118] + * 00B6B938 E8 A38DFCFF CALL .00B346E0 + * 00B6B93D 837F 14 08 CMP DWORD PTR DS:[EDI+0x14],0x8 + * 00B6B941 72 04 JB SHORT .00B6B947 + * 00B6B943 8B37 MOV ESI,DWORD PTR DS:[EDI] + * 00B6B945 EB 02 JMP SHORT .00B6B949 + * 00B6B947 8BF7 MOV ESI,EDI + * 00B6B949 89B5 F8FBFFFF MOV DWORD PTR SS:[EBP-0x408],ESI + * 00B6B94F 90 NOP + * 00B6B950 8B57 14 MOV EDX,DWORD PTR DS:[EDI+0x14] + * 00B6B953 83FA 08 CMP EDX,0x8 + * 00B6B956 72 04 JB SHORT .00B6B95C + * 00B6B958 8B07 MOV EAX,DWORD PTR DS:[EDI] + * 00B6B95A EB 02 JMP SHORT .00B6B95E + * 00B6B95C 8BC7 MOV EAX,EDI + * 00B6B95E 8B8D F0FBFFFF MOV ECX,DWORD PTR SS:[EBP-0x410] + * 00B6B964 8B09 MOV ECX,DWORD PTR DS:[ECX] + * 00B6B966 03C9 ADD ECX,ECX + * 00B6B968 03C1 ADD EAX,ECX + * 00B6B96A 3BF0 CMP ESI,EAX + * 00B6B96C 0F84 94050000 JE .00B6BF06 + * 00B6B972 8B85 FCFBFFFF MOV EAX,DWORD PTR SS:[EBP-0x404] + * 00B6B978 8BFE MOV EDI,ESI + * 00B6B97A C785 00FCFFFF 00>MOV DWORD PTR SS:[EBP-0x400],0x0 + * 00B6B984 C785 E8FBFFFF FF>MOV DWORD PTR SS:[EBP-0x418],-0x1 + * 00B6B98E 83FA 08 CMP EDX,0x8 + * 00B6B991 72 02 JB SHORT .00B6B995 + * 00B6B993 8B00 MOV EAX,DWORD PTR DS:[EAX] + * 00B6B995 03C1 ADD EAX,ECX + * 00B6B997 8D95 00FCFFFF LEA EDX,DWORD PTR SS:[EBP-0x400] + * 00B6B99D 8D8D E8FBFFFF LEA ECX,DWORD PTR SS:[EBP-0x418] + * 00B6B9A3 51 PUSH ECX + * 00B6B9A4 50 PUSH EAX + * 00B6B9A5 8D8D F8FBFFFF LEA ECX,DWORD PTR SS:[EBP-0x408] + * 00B6B9AB E8 5025FBFF CALL .00B1DF00 + * 00B6B9B0 8BB5 E8FBFFFF MOV ESI,DWORD PTR SS:[EBP-0x418] + * 00B6B9B6 83C4 08 ADD ESP,0x8 + * 00B6B9B9 83FE 0A CMP ESI,0xA + * 00B6B9BC 75 18 JNZ SHORT .00B6B9D6 + * 00B6B9BE 8BCB MOV ECX,EBX + * 00B6B9C0 E8 FB070000 CALL .00B6C1C0 + * 00B6B9C5 8BB5 F8FBFFFF MOV ESI,DWORD PTR SS:[EBP-0x408] + * 00B6B9CB 8BBD FCFBFFFF MOV EDI,DWORD PTR SS:[EBP-0x404] + * 00B6B9D1 ^E9 7AFFFFFF JMP .00B6B950 + * 00B6B9D6 83FE 07 CMP ESI,0x7 + * 00B6B9D9 75 38 JNZ SHORT .00B6BA13 + * 00B6B9DB 33C0 XOR EAX,EAX + * 00B6B9DD C783 EC000000 00>MOV DWORD PTR DS:[EBX+0xEC],0x0 + * 00B6B9E7 8BCB MOV ECX,EBX + * 00B6B9E9 66:8983 F0000000 MOV WORD PTR DS:[EBX+0xF0],AX + * 00B6B9F0 8983 F4000000 MOV DWORD PTR DS:[EBX+0xF4],EAX + * 00B6B9F6 E8 C5070000 CALL .00B6C1C0 + * 00B6B9FB 8BB5 F8FBFFFF MOV ESI,DWORD PTR SS:[EBP-0x408] + * 00B6BA01 8BBD FCFBFFFF MOV EDI,DWORD PTR SS:[EBP-0x404] + * 00B6BA07 C683 FD000000 01 MOV BYTE PTR DS:[EBX+0xFD],0x1 + * 00B6BA0E ^E9 3DFFFFFF JMP .00B6B950 + * 00B6BA13 8B85 00FCFFFF MOV EAX,DWORD PTR SS:[EBP-0x400] + * 00B6BA19 85C0 TEST EAX,EAX + * 00B6BA1B 75 3A JNZ SHORT .00B6BA57 + * 00B6BA1D 85F6 TEST ESI,ESI + * 00B6BA1F 0F84 BE000000 JE .00B6BAE3 + * 00B6BA25 85C0 TEST EAX,EAX + * 00B6BA27 75 2E JNZ SHORT .00B6BA57 + * 00B6BA29 A1 486A2C05 MOV EAX,DWORD PTR DS:[0x52C6A48] + * 00B6BA2E A8 01 TEST AL,0x1 + * 00B6BA30 75 0D JNZ SHORT .00B6BA3F + * 00B6BA32 83C8 01 OR EAX,0x1 + * 00B6BA35 A3 486A2C05 MOV DWORD PTR DS:[0x52C6A48],EAX + * 00B6BA3A E8 B15F0B00 CALL .00C219F0 + * 00B6BA3F 0FB7C6 MOVZX EAX,SI + * 00B6BA42 80B8 506A2C05 01 CMP BYTE PTR DS:[EAX+0x52C6A50],0x1 + * 00B6BA49 75 0C JNZ SHORT .00B6BA57 + * 00B6BA4B 8B43 6C MOV EAX,DWORD PTR DS:[EBX+0x6C] + * 00B6BA4E 99 CDQ + * 00B6BA4F 2BC2 SUB EAX,EDX + * 00B6BA51 8BC8 MOV ECX,EAX + * 00B6BA53 D1F9 SAR ECX,1 + * 00B6BA55 EB 03 JMP SHORT .00B6BA5A + * 00B6BA57 8B4B 6C MOV ECX,DWORD PTR DS:[EBX+0x6C] + * 00B6BA5A 8B15 9C5DFA00 MOV EDX,DWORD PTR DS:[0xFA5D9C] + * 00B6BA60 898D ECFBFFFF MOV DWORD PTR SS:[EBP-0x414],ECX + * 00B6BA66 83BA 84CF0000 01 CMP DWORD PTR DS:[EDX+0xCF84],0x1 + * 00B6BA6D 75 26 JNZ SHORT .00B6BA95 + * 00B6BA6F 8B43 60 MOV EAX,DWORD PTR DS:[EBX+0x60] + * 00B6BA72 03C1 ADD EAX,ECX + * 00B6BA74 8B8B AC000000 MOV ECX,DWORD PTR DS:[EBX+0xAC] + * 00B6BA7A 8985 04FCFFFF MOV DWORD PTR SS:[EBP-0x3FC],EAX + * 00B6BA80 8B43 18 MOV EAX,DWORD PTR DS:[EBX+0x18] + * 00B6BA83 03C1 ADD EAX,ECX + * 00B6BA85 3985 04FCFFFF CMP DWORD PTR SS:[EBP-0x3FC],EAX + * 00B6BA8B 7F 39 JG SHORT .00B6BAC6 + * 00B6BA8D 398D 04FCFFFF CMP DWORD PTR SS:[EBP-0x3FC],ECX + * 00B6BA93 EB 24 JMP SHORT .00B6BAB9 + * 00B6BA95 8B43 5C MOV EAX,DWORD PTR DS:[EBX+0x5C] + * 00B6BA98 03C1 ADD EAX,ECX + * 00B6BA9A 8B8B A8000000 MOV ECX,DWORD PTR DS:[EBX+0xA8] + * 00B6BAA0 8985 04FCFFFF MOV DWORD PTR SS:[EBP-0x3FC],EAX + * 00B6BAA6 8B43 18 MOV EAX,DWORD PTR DS:[EBX+0x18] + * 00B6BAA9 03C1 ADD EAX,ECX + * 00B6BAAB 3985 04FCFFFF CMP DWORD PTR SS:[EBP-0x3FC],EAX + * 00B6BAB1 7F 13 JG SHORT .00B6BAC6 + * 00B6BAB3 398D 04FCFFFF CMP DWORD PTR SS:[EBP-0x3FC],ECX + * 00B6BAB9 7E 3F JLE SHORT .00B6BAFA + * 00B6BABB 8BCE MOV ECX,ESI + * 00B6BABD E8 EEF9FFFF CALL .00B6B4B0 + * 00B6BAC2 84C0 TEST AL,AL + * 00B6BAC4 75 34 JNZ SHORT .00B6BAFA + * 00B6BAC6 8BCB MOV ECX,EBX + * 00B6BAC8 E8 F3060000 CALL .00B6C1C0 + * 00B6BACD 83BD 00FCFFFF 00 CMP DWORD PTR SS:[EBP-0x400],0x0 + * 00B6BAD4 75 1E JNZ SHORT .00B6BAF4 + * 00B6BAD6 83FE 20 CMP ESI,0x20 + * 00B6BAD9 74 08 JE SHORT .00B6BAE3 + * 00B6BADB 81FE 00300000 CMP ESI,0x3000 + * 00B6BAE1 75 11 JNZ SHORT .00B6BAF4 + * 00B6BAE3 8BB5 F8FBFFFF MOV ESI,DWORD PTR SS:[EBP-0x408] + * 00B6BAE9 8BBD FCFBFFFF MOV EDI,DWORD PTR SS:[EBP-0x404] + * 00B6BAEF ^E9 5CFEFFFF JMP .00B6B950 + * 00B6BAF4 8B15 9C5DFA00 MOV EDX,DWORD PTR DS:[0xFA5D9C] + * 00B6BAFA 83BA 84CF0000 01 CMP DWORD PTR DS:[EDX+0xCF84],0x1 + * 00B6BB01 75 66 JNZ SHORT .00B6BB69 + * 00B6BB03 8B83 A8000000 MOV EAX,DWORD PTR DS:[EBX+0xA8] + * 00B6BB09 F7D8 NEG EAX + * 00B6BB0B 3943 5C CMP DWORD PTR DS:[EBX+0x5C],EAX + * 00B6BB0E 7F 68 JG SHORT .00B6BB78 + * 00B6BB10 8B9D E0FBFFFF MOV EBX,DWORD PTR SS:[EBP-0x420] + * 00B6BB16 85DB TEST EBX,EBX + * 00B6BB18 0F84 E8030000 JE .00B6BF06 + * 00B6BB1E 8B8D FCFBFFFF MOV ECX,DWORD PTR SS:[EBP-0x404] + * 00B6BB24 8379 14 08 CMP DWORD PTR DS:[ECX+0x14],0x8 + * 00B6BB28 72 02 JB SHORT .00B6BB2C + * 00B6BB2A 8B09 MOV ECX,DWORD PTR DS:[ECX] + * 00B6BB2C 8B85 F0FBFFFF MOV EAX,DWORD PTR SS:[EBP-0x410] + * 00B6BB32 C745 EC 07000000 MOV DWORD PTR SS:[EBP-0x14],0x7 + * 00B6BB39 C745 E8 00000000 MOV DWORD PTR SS:[EBP-0x18],0x0 + * 00B6BB40 8B00 MOV EAX,DWORD PTR DS:[EAX] + * 00B6BB42 8D0441 LEA EAX,DWORD PTR DS:[ECX+EAX*2] + * 00B6BB45 33C9 XOR ECX,ECX + * 00B6BB47 66:894D D8 MOV WORD PTR SS:[EBP-0x28],CX + * 00B6BB4B 3BF8 CMP EDI,EAX + * 00B6BB4D 74 0E JE SHORT .00B6BB5D + * 00B6BB4F 2BC7 SUB EAX,EDI + * 00B6BB51 8D4D D8 LEA ECX,DWORD PTR SS:[EBP-0x28] + * 00B6BB54 D1F8 SAR EAX,1 + * 00B6BB56 50 PUSH EAX + * 00B6BB57 57 PUSH EDI + * 00B6BB58 E8 E334F2FF CALL .00A8F040 + * 00B6BB5D C745 FC 00000000 MOV DWORD PTR SS:[EBP-0x4],0x0 + * 00B6BB64 E9 82030000 JMP .00B6BEEB + * 00B6BB69 8B43 60 MOV EAX,DWORD PTR DS:[EBX+0x60] + * 00B6BB6C 3B83 AC000000 CMP EAX,DWORD PTR DS:[EBX+0xAC] + * 00B6BB72 0F8D 23030000 JGE .00B6BE9B + * 00B6BB78 8D8D 08FCFFFF LEA ECX,DWORD PTR SS:[EBP-0x3F8] + * 00B6BB7E E8 EDDEFFFF CALL .00B69A70 + * 00B6BB83 C745 FC 02000000 MOV DWORD PTR SS:[EBP-0x4],0x2 + * 00B6BB8A 8B43 78 MOV EAX,DWORD PTR DS:[EBX+0x78] + * 00B6BB8D 8B15 C05DFA00 MOV EDX,DWORD PTR DS:[0xFA5DC0] + * 00B6BB93 8985 F4FBFFFF MOV DWORD PTR SS:[EBP-0x40C],EAX + * 00B6BB99 83F8 FF CMP EAX,-0x1 + * 00B6BB9C 75 23 JNZ SHORT .00B6BBC1 + * 00B6BB9E 80BA 60010000 00 CMP BYTE PTR DS:[EDX+0x160],0x0 + * 00B6BBA5 74 11 JE SHORT .00B6BBB8 + * 00B6BBA7 8B83 E0000000 MOV EAX,DWORD PTR DS:[EBX+0xE0] + * 00B6BBAD 8985 F4FBFFFF MOV DWORD PTR SS:[EBP-0x40C],EAX + * 00B6BBB3 83F8 FF CMP EAX,-0x1 + * 00B6BBB6 75 09 JNZ SHORT .00B6BBC1 + * 00B6BBB8 8B43 24 MOV EAX,DWORD PTR DS:[EBX+0x24] + * 00B6BBBB 8985 F4FBFFFF MOV DWORD PTR SS:[EBP-0x40C],EAX + * 00B6BBC1 8B4B 7C MOV ECX,DWORD PTR DS:[EBX+0x7C] + * 00B6BBC4 898D E4FBFFFF MOV DWORD PTR SS:[EBP-0x41C],ECX + * 00B6BBCA 83F9 FF CMP ECX,-0x1 + * 00B6BBCD 75 23 JNZ SHORT .00B6BBF2 + * 00B6BBCF 80BA 60010000 00 CMP BYTE PTR DS:[EDX+0x160],0x0 + * 00B6BBD6 74 11 JE SHORT .00B6BBE9 + * 00B6BBD8 8B8B E4000000 MOV ECX,DWORD PTR DS:[EBX+0xE4] + * 00B6BBDE 898D E4FBFFFF MOV DWORD PTR SS:[EBP-0x41C],ECX + * 00B6BBE4 83F9 FF CMP ECX,-0x1 + * 00B6BBE7 75 09 JNZ SHORT .00B6BBF2 + * 00B6BBE9 8B43 28 MOV EAX,DWORD PTR DS:[EBX+0x28] + * 00B6BBEC 8985 E4FBFFFF MOV DWORD PTR SS:[EBP-0x41C],EAX + * 00B6BBF2 8B83 80000000 MOV EAX,DWORD PTR DS:[EBX+0x80] + * 00B6BBF8 8985 04FCFFFF MOV DWORD PTR SS:[EBP-0x3FC],EAX + * 00B6BBFE 83F8 FF CMP EAX,-0x1 + * 00B6BC01 75 23 JNZ SHORT .00B6BC26 + * 00B6BC03 80BA 60010000 00 CMP BYTE PTR DS:[EDX+0x160],0x0 + * 00B6BC0A 74 11 JE SHORT .00B6BC1D + * 00B6BC0C 8B83 E8000000 MOV EAX,DWORD PTR DS:[EBX+0xE8] + * 00B6BC12 8985 04FCFFFF MOV DWORD PTR SS:[EBP-0x3FC],EAX + * 00B6BC18 83F8 FF CMP EAX,-0x1 + * 00B6BC1B 75 09 JNZ SHORT .00B6BC26 + * 00B6BC1D 8B43 2C MOV EAX,DWORD PTR DS:[EBX+0x2C] + * 00B6BC20 8985 04FCFFFF MOV DWORD PTR SS:[EBP-0x3FC],EAX + * 00B6BC26 8B53 68 MOV EDX,DWORD PTR DS:[EBX+0x68] + * 00B6BC29 0353 60 ADD EDX,DWORD PTR DS:[EBX+0x60] + * 00B6BC2C 8B4B 5C MOV ECX,DWORD PTR DS:[EBX+0x5C] + * 00B6BC2F 034B 64 ADD ECX,DWORD PTR DS:[EBX+0x64] + * 00B6BC32 83BD 00FCFFFF 01 CMP DWORD PTR SS:[EBP-0x400],0x1 + * 00B6BC39 8BB5 F4FBFFFF MOV ESI,DWORD PTR SS:[EBP-0x40C] + * 00B6BC3F 8B43 6C MOV EAX,DWORD PTR DS:[EBX+0x6C] + * 00B6BC42 C785 DCFBFFFF 00>MOV DWORD PTR SS:[EBP-0x424],0x0 + * 00B6BC4C 0F44B5 DCFBFFFF CMOVE ESI,DWORD PTR SS:[EBP-0x424] + * 00B6BC53 80BB FE000000 00 CMP BYTE PTR DS:[EBX+0xFE],0x0 + * 00B6BC5A 89B5 F4FBFFFF MOV DWORD PTR SS:[EBP-0x40C],ESI + * 00B6BC60 8BB5 00FCFFFF MOV ESI,DWORD PTR SS:[EBP-0x400] + * 00B6BC66 8985 10FCFFFF MOV DWORD PTR SS:[EBP-0x3F0],EAX + * 00B6BC6C 8B85 F4FBFFFF MOV EAX,DWORD PTR SS:[EBP-0x40C] + * 00B6BC72 8985 14FCFFFF MOV DWORD PTR SS:[EBP-0x3EC],EAX + * 00B6BC78 8B85 E4FBFFFF MOV EAX,DWORD PTR SS:[EBP-0x41C] + * 00B6BC7E 89B5 08FCFFFF MOV DWORD PTR SS:[EBP-0x3F8],ESI + * 00B6BC84 8BB5 E8FBFFFF MOV ESI,DWORD PTR SS:[EBP-0x418] + * 00B6BC8A 8985 18FCFFFF MOV DWORD PTR SS:[EBP-0x3E8],EAX + * 00B6BC90 8B85 04FCFFFF MOV EAX,DWORD PTR SS:[EBP-0x3FC] + * 00B6BC96 89B5 0CFCFFFF MOV DWORD PTR SS:[EBP-0x3F4],ESI + * 00B6BC9C 8985 1CFCFFFF MOV DWORD PTR SS:[EBP-0x3E4],EAX + * 00B6BCA2 898D 20FCFFFF MOV DWORD PTR SS:[EBP-0x3E0],ECX + * 00B6BCA8 8995 24FCFFFF MOV DWORD PTR SS:[EBP-0x3DC],EDX + * 00B6BCAE 74 19 JE SHORT .00B6BCC9 + * 00B6BCB0 8B43 5C MOV EAX,DWORD PTR DS:[EBX+0x5C] + * 00B6BCB3 8983 00010000 MOV DWORD PTR DS:[EBX+0x100],EAX + * 00B6BCB9 8B43 60 MOV EAX,DWORD PTR DS:[EBX+0x60] + * 00B6BCBC 8983 04010000 MOV DWORD PTR DS:[EBX+0x104],EAX + * 00B6BCC2 C683 FE000000 00 MOV BYTE PTR DS:[EBX+0xFE],0x0 + * 00B6BCC9 A1 9C5DFA00 MOV EAX,DWORD PTR DS:[0xFA5D9C] + * 00B6BCCE 83B8 84CF0000 01 CMP DWORD PTR DS:[EAX+0xCF84],0x1 + * 00B6BCD5 8B43 70 MOV EAX,DWORD PTR DS:[EBX+0x70] + * 00B6BCD8 75 0B JNZ SHORT .00B6BCE5 + * 00B6BCDA 0385 ECFBFFFF ADD EAX,DWORD PTR SS:[EBP-0x414] + * 00B6BCE0 0143 60 ADD DWORD PTR DS:[EBX+0x60],EAX + * 00B6BCE3 EB 09 JMP SHORT .00B6BCEE + * 00B6BCE5 0385 ECFBFFFF ADD EAX,DWORD PTR SS:[EBP-0x414] + * 00B6BCEB 0143 5C ADD DWORD PTR DS:[EBX+0x5C],EAX + * 00B6BCEE 8B8D 00FCFFFF MOV ECX,DWORD PTR SS:[EBP-0x400] + * 00B6BCF4 85C9 TEST ECX,ECX + * 00B6BCF6 75 42 JNZ SHORT .00B6BD3A + * 00B6BCF8 81FE 0C300000 CMP ESI,0x300C ; jichi: type2 found here + * 00B6BCFE 74 10 JE SHORT .00B6BD10 + * 00B6BD00 81FE 0E300000 CMP ESI,0x300E + * 00B6BD06 74 08 JE SHORT .00B6BD10 + * 00B6BD08 81FE 08FF0000 CMP ESI,0xFF08 + * 00B6BD0E 75 2A JNZ SHORT .00B6BD3A + * 00B6BD10 80BB FD000000 00 CMP BYTE PTR DS:[EBX+0xFD],0x0 + * 00B6BD17 74 10 JE SHORT .00B6BD29 + * 00B6BD19 56 PUSH ESI + */ +bool InsertSiglus2Hook() +{ + //const BYTE bytes[] = { // size = 14 + // 0x01,0x53, 0x58, // 0153 58 add dword ptr ds:[ebx+58],edx + // 0x8b,0x95, 0x34,0xfd,0xff,0xff, // 8b95 34fdffff mov edx,dword ptr ss:[ebp-2cc] + // 0x8b,0x43, 0x58, // 8b43 58 mov eax,dword ptr ds:[ebx+58] + // 0x3b,0xd7 // 3bd7 cmp edx,edi ; hook here + //}; + //enum { cur_ins_size = 2 }; + //enum { addr_offset = sizeof(bytes) - cur_ins_size }; // = 14 - 2 = 12, current inst is the last one + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr; + { // type 1 + const BYTE bytes[] = { + 0x3b,0xd7, // cmp edx,edi ; hook here + 0x75,0x4b // jnz short + }; + //enum { addr_offset = 0 }; + addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (addr) + ConsoleOutput("Siglus2: type 1 pattern found"); + } + if (!addr) { + // 81fe0c300000 + const BYTE bytes[] = { + 0x81,0xfe, 0x0c,0x30,0x00,0x00 // 0114124a 81fe 0c300000 cmp esi,0x300c ; jichi: hook here + }; + //enum { addr_offset = 0 }; + addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (addr) + ConsoleOutput("Siglus2: type 2 pattern found"); + } + + if (!addr) { + ConsoleOutput("Siglus2: both type1 and type2 patterns not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::esi); + hp.type = CODEC_UTF16|FIXING_SPLIT; // jichi 6/1/2014: fixing the split value + + ConsoleOutput("INSERT Siglus2"); + return NewHook(hp, "SiglusEngine2"); +} +static void SpecialHookSiglus1(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) +{ + //写回有乱码 + auto textu=(TextUnionW*)(stack->ecx+4); + *len=textu->size*2; + *data=(DWORD)textu->getText(); +} + +// jichi: 8/17/2013: Change return type to bool +bool InsertSiglus1Hook() +{ + const BYTE bytes[] = {0x33,0xc0,0x8b,0xf9,0x89,0x7c,0x24}; + ULONG range = max(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { // jichi 8/17/2013: Add "== 0" check to prevent breaking new games + //ConsoleOutput("Unknown SiglusEngine"); + ConsoleOutput("Siglus: pattern not found"); + return false; + } + + DWORD limit = addr - 0x100; + while (addr > limit) { + if (*(WORD*)addr == 0xff6a) { + HookParam hp; + hp.address = addr; + hp.text_fun = SpecialHookSiglus1; + hp.type = CODEC_UTF16; + ConsoleOutput("INSERT Siglus"); + return NewHook(hp, "SiglusEngine"); + } + addr--; + } + ConsoleOutput("Siglus: failed"); + return false; +} + +} // unnamed namespace + +// jichi 8/17/2013: Insert old first. As the pattern could also be found in the old engine. +bool InsertSiglusHook() +{ + if (InsertSiglus1Hook()) + return true; + bool ok = InsertSiglus2Hook(); + ok = InsertSiglus3Hook() || ok; + ok = InsertSiglus4Hook() || ok; + return ok; +} +bool InsertSiglusHookZ() { + BYTE bytes[] = { + 0x8b,0x12, + 0x66,0x89,0x04,0x72 + }; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + ConsoleOutput("SiglusHookZ %p", addr); + if (addr == 0)return false; + HookParam hp; + hp.address = addr + 2; + hp.offset=get_reg(regs::eax); + hp.type = CODEC_UTF16; + return NewHook(hp, "SiglusHookZ"); +} +namespace{ + namespace ScenarioHook { +namespace Private { +/** + * jichi 8/16/2013: Insert new siglus hook + * See (CaoNiMaGeBi): http://tieba.baidu.com/p/2531786952 + * + * 013bac6e cc int3 + * 013bac6f cc int3 + * 013bac70 /$ 55 push ebp ; jichi: function starts + * 013bac71 |. 8bec mov ebp,esp + * 013bac73 |. 6a ff push -0x1 + * 013bac75 |. 68 d8306201 push siglusen.016230d8 + * 013bac7a |. 64:a1 00000000 mov eax,dword ptr fs:[0] + * 013bac80 |. 50 push eax + * 013bac81 |. 81ec dc020000 sub esp,0x2dc + * 013bac87 |. a1 90f46b01 mov eax,dword ptr ds:[0x16bf490] + * 013bac8c |. 33c5 xor eax,ebp + * 013bac8e |. 8945 f0 mov dword ptr ss:[ebp-0x10],eax + * 013bac91 |. 53 push ebx + * 013bac92 |. 56 push esi + * 013bac93 |. 57 push edi + * 013bac94 |. 50 push eax + * ... + * 013baf32 |. 3bd7 |cmp edx,edi ; jichi: ITH hook here, char saved in edi + * 013baf34 |. 75 4b |jnz short siglusen.013baf81 + */ +enum Type { + Type1 // Old SiglusEngine2, arg in ecx + , Type2 // New SiglusENgine2, arg in arg1, since リア充クラスメイト孕ませ催眠 in 9/26/2014 + } type_; // static + /** + * Sample game: 聖娼女 体験版 + * + * IDA: sub_4DAC70 proc near ; Attributes: bp-based frame + * + * Observations: + * - return: number of bytes = 2 * number of size + * - arg1: unknown pointer, remains the same + * - arg2: unknown, remains the same + * - this (ecx) + * - union + * - char x 3: if size < (3 * 2 - 1) && + * - pointer x 4 + * - 0x0: UTF-16 text + * - 0x4: the same as 0x0 + * - 0x8: unknown variate pointer + * - 0xc: wchar_t pointer to a flag, the pointed value is zero when union is used as a char + * - 0x10: size of the text without null char + * - 0x14: unknown size, always slightly larger than size + * - 0x18: constant pointer + * ... + * + * Sample stack: + * 0025edf0 a8 f3 13 0a a8 f3 13 0a ィ・.ィ・. ; jichi: ecx = 0025edf0 + * LPCWSTR LPCWSTR + * 0025edf8 10 ee 25 00 d0 ee 37 01 ・.ミ・ + * LPCWSTR LPCWSTR + * 0025ee00 13 00 00 00 17 00 00 00 ...… + * SIZE_T SIZE_T + * + * 0025ee08 18 0c f6 09 27 00 00 00 .・'... ; jichi: following three lines are constants + * 0025ee10 01 00 00 00 01 00 00 00 ...... + * 0025ee18 d2 d9 5d 9f 1c a2 e7 09 メル]・「・ + * + * 0025ee20 40 8c 10 07 00 00 00 00 @・.... + * 0025ee28 00 00 00 00 00 00 00 00 ........ + * 0025ee30 b8 ee ce 0c b8 ee ce 0c ク﨩.ク﨩. + * 0025ee38 b8 ee ce 0c 00 00 00 00 ク﨩..... + * 0025ee40 00 00 00 00 01 00 00 00 ....... + * 0025ee48 00 00 00 00 00 00 00 00 ........ + * 0025ee50 00 00 00 00 00 00 00 00 ........ + * 0025ee58 00 00 00 00 00 00 00 00 ........ + * + * 0025ee60 01 00 00 00 01 00 00 00 ...... + */ +ULONG search(ULONG startAddress, ULONG stopAddress, Type *type) +{ + ULONG addr; + { + const uint8_t bytes1[] = { + 0x3b,0xd7, // 013baf32 |. 3bd7 |cmp edx,edi ; jichi: ITH hook here, char saved in edi + 0x75,0x4b // 013baf34 |. 75 4b |jnz short siglusen.013baf81 + }; + addr = MemDbg::findBytes(bytes1, sizeof(bytes1), startAddress, stopAddress); + if (addr && type) + *type = Type1; + } + if (!addr) { + const uint8_t bytes2[] = { // 81fe0c300000 + 0x81,0xfe, 0x0c,0x30,0x00,0x00 // 0114124a 81fe 0c300000 cmp esi,0x300c ; jichi: hook here + }; + addr = MemDbg::findBytes(bytes2, sizeof(bytes2), startAddress, stopAddress); + if (addr && type) + *type = Type2; + } + if (!addr) + return 0; + + const uint8_t bytes[] = { + 0x55, // 013bac70 /$ 55 push ebp ; jichi: function starts + 0x8b,0xec, // 013bac71 |. 8bec mov ebp,esp + 0x6a,0xff // 013bac73 |. 6a ff push -0x1 + }; + //enum { range = 0x300 }; // 0x013baf32 - 0x013bac70 = 706 = 0x2c2 + //enum { range = 0x400 }; // 0x013baf32 - 0x013bac70 = 0x36a + enum { range = 0x500 }; // 0x00b6bcf8 - 0x00b6b880 = 0x478 + return MemDbg::findBytes(bytes, sizeof(bytes), addr - range, addr); + //if (!reladdr) + // //ConsoleOutput("Siglus2: pattern not found"); + // return 0; + //addr += reladdr; + //return addr; +} + +bool text_fun(hook_stack*s,void* data, size_t* len,uintptr_t*role){ + + auto arg = (TextUnionW *)(type_ == Type1 ? s->ecx :s->stack[1]); + if (!arg || !arg->isValid()) + return false; + + wcscpy((wchar_t*)data,arg->getText()); + *len=arg->size *2; + return true; +} +void hookafter(hook_stack*s,void* data, size_t len){ + auto arg = (TextUnionW *)(type_ == Type1 ? s->ecx :s->stack[1]); + auto argValue = *arg; + std::wstring newText=std::wstring((wchar_t*)data,len/2); + arg->setLongText(newText); + + + // Restoring is indispensible, and as a result, the default hook does not work + //*arg = argValue; +} +} +bool attach(ULONG startAddress, ULONG stopAddress) // attach scenario +{ + ULONG addr = Private::search(startAddress, stopAddress, &Private::type_); + ConsoleOutput("%p",addr); + if (!addr) + return false; + //return Private::oldHookFun = (Private::hook_fun_t)winhook::replace_fun(addr, (ULONG)Private::newHookFun); + HookParam hp; + hp.address = addr ; + hp.type = EMBED_ABLE|CODEC_UTF16 ; // 0x41 + hp.hook_before=Private::text_fun; + hp.hook_after=Private::hookafter; + hp.hook_font=F_GetGlyphOutlineW; + return NewHook(hp, "EmbedSiglus"); +} + } +} + +namespace OtherHook { +namespace Private { + + TextUnionW *arg_, + argValue_; + bool hookBefore(hook_stack*s,void* data, size_t* len,uintptr_t*role) + { + static std::wstring text_; + auto arg = (TextUnionW *)s->stack[0]; + if (!arg || !arg->isValid()) + return false; + + LPCWSTR text = arg->getText(); + // Skip all ascii + if (!text || !*text || *text <= 127 || arg->size > 1500) // there could be garbage + return false; + + *role = Engine::OtherRole; + ULONG split = s->stack[3]; + if (split <= 0xffff || !Engine::isAddressReadable(split)) { // skip modifying scenario thread + //role = Engine::ScenarioRole; + return true; + } else { + split = *(DWORD *)split; + switch (split) { + case 0x54: + case 0x26: + *role = Engine::NameRole; + } + } + //auto sig = Engine::hashThreadSignature(role, split); + + std::wstring oldText = std::wstring(text, arg->size);//, + wcscpy((wchar_t*)data,oldText.c_str()); + *len=oldText.size()*2; + return true; + // newText = EngineController::instance()->dispatchTextWSTD(oldText, role, sig); + + } + void hookafter2(hook_stack*s,void* data, size_t len){ + auto arg = (TextUnionW *)s->stack[0]; + arg_ = arg; + argValue_ = *arg; + static std::wstring text_; + auto newText=std::wstring((LPWSTR)data,len/2); + text_ = newText; + arg->setLongText(text_); + } + + ULONG search(ULONG startAddress, ULONG stopAddress) + { + const uint8_t bytes[] = { + 0xc7,0x47, 0x14, 0x07,0x00,0x00,0x00, // 0042cf20 c747 14 07000000 mov dword ptr ds:[edi+0x14],0x7 + 0xc7,0x47, 0x10, 0x00,0x00,0x00,0x00, // 0042cf27 c747 10 00000000 mov dword ptr ds:[edi+0x10],0x0 + 0x66,0x89,0x0f, // 0042cf2e 66:890f mov word ptr ds:[edi],cx + 0x8b,0xcf, // 0042cf31 8bcf mov ecx,edi + 0x50, // 0042cf33 50 push eax + 0xe8 //XX4 // 0042cf34 e8 e725f6ff call .0038f520 ; jichi: hook here + }; + enum { addr_offset = sizeof(bytes) - 1 }; // +4 for the call address + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if (!addr) + return 0; + return addr + addr_offset; + } + +} // namespace Private + +bool attach(ULONG startAddress, ULONG stopAddress) +{ + ULONG addr = Private::search(startAddress, stopAddress); + if(addr==0)return false; + HookParam hp; + hp.address = addr ; + hp.type = EMBED_ABLE|CODEC_UTF16 ; // 0x41 + hp.hook_before=Private::hookBefore; + hp.hook_after=Private::hookafter2; + hp.hook_font=F_GetGlyphOutlineW; + return NewHook(hp, "EmbedSiglus"); +} + +} // namespace OtherHook + +bool Siglus::attach_function() { + + bool b3=ScenarioHook:: attach(processStartAddress, processStopAddress); + if(b3)OtherHook::attach(processStartAddress, processStopAddress); + bool b1= InsertSiglusHook(); + bool b2=InsertSiglusHookZ(); + return b1||b2||b3; +} \ No newline at end of file diff --git a/LunaHook/engine32/Siglus.h b/LunaHook/engine32/Siglus.h new file mode 100644 index 0000000..459cf26 --- /dev/null +++ b/LunaHook/engine32/Siglus.h @@ -0,0 +1,13 @@ +#include"engine.h" + +class Siglus:public ENGINE{ + public: + Siglus(){ + + check_by=CHECK_BY::CUSTOM; + check_by_target=[](){ + return (wcsstr(processName_lower, L"siglusengine") || !wcsncmp(processName_lower, L"siglus~", 7) || Util::CheckFile(L"SiglusEngine.exe")); + }; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Silkys.cpp b/LunaHook/engine32/Silkys.cpp new file mode 100644 index 0000000..fae519d --- /dev/null +++ b/LunaHook/engine32/Silkys.cpp @@ -0,0 +1,450 @@ +#include"Silkys.h" + #include"util/textunion.h" + +/** jichi: 6/17/2015 + * Sample games + * - 堕ちてぁ�新妻 trial + * - 根雪の幻影 trial + * + * This function is found by backtracking GetGlyphOutlineA. + * There are two GetGlyphOutlineA, which are in the same function. + * That function are called by two other functions. + * The second function is hooked. + * + * 堕ちてぁ�新妻 + * baseaddr = 08e0000 + * + * 0096652E CC INT3 + * 0096652F CC INT3 + * 00966530 55 PUSH EBP + * 00966531 8BEC MOV EBP,ESP + * 00966533 83EC 18 SUB ESP,0x18 + * 00966536 A1 00109F00 MOV EAX,DWORD PTR DS:[0x9F1000] + * 0096653B 33C5 XOR EAX,EBP + * 0096653D 8945 FC MOV DWORD PTR SS:[EBP-0x4],EAX + * 00966540 53 PUSH EBX + * 00966541 8B5D 0C MOV EBX,DWORD PTR SS:[EBP+0xC] + * 00966544 56 PUSH ESI + * 00966545 8B75 08 MOV ESI,DWORD PTR SS:[EBP+0x8] + * 00966548 57 PUSH EDI + * 00966549 6A 00 PUSH 0x0 + * 0096654B 894D EC MOV DWORD PTR SS:[EBP-0x14],ECX + * 0096654E 8B0D FCB7A200 MOV ECX,DWORD PTR DS:[0xA2B7FC] + * 00966554 68 90D29D00 PUSH .009DD290 ; ASCII "/Config/SceneSkip" + * 00966559 895D F0 MOV DWORD PTR SS:[EBP-0x10],EBX + * 0096655C E8 2F4A0100 CALL .0097AF90 + * 00966561 83F8 01 CMP EAX,0x1 + * 00966564 0F84 E0010000 JE .0096674A + * 0096656A 8B55 EC MOV EDX,DWORD PTR SS:[EBP-0x14] + * 0096656D 85DB TEST EBX,EBX + * 0096656F 75 09 JNZ SHORT .0096657A + * 00966571 8B42 04 MOV EAX,DWORD PTR DS:[EDX+0x4] + * 00966574 8B40 38 MOV EAX,DWORD PTR DS:[EAX+0x38] + * 00966577 8945 F0 MOV DWORD PTR SS:[EBP-0x10],EAX + * 0096657A 33C0 XOR EAX,EAX + * 0096657C C645 F8 00 MOV BYTE PTR SS:[EBP-0x8],0x0 + * 00966580 33C9 XOR ECX,ECX + * 00966582 66:8945 F9 MOV WORD PTR SS:[EBP-0x7],AX + * 00966586 3946 14 CMP DWORD PTR DS:[ESI+0x14],EAX + * 00966589 0F86 BB010000 JBE .0096674A + * + * Scenario stack: + * + * 002FF9DC 00955659 RETURN to .00955659 from .00966530 + * 002FF9E0 002FFA10 ; jichi: text in [arg1+4] + * 002FF9E4 00000000 ; arg2 is zero + * 002FF9E8 00000001 + * 002FF9EC 784B8FC7 + * + * Name stack: + * + * 002FF59C 00930A76 RETURN to .00930A76 from .00966530 + * 002FF5A0 002FF5D0 ; jichi: text in [arg1+4] + * 002FF5A4 004DDEC0 ; arg2 is a pointer + * 002FF5A8 00000001 + * 002FF5AC 784B8387 + * 002FF5B0 00000182 + * 002FF5B4 00000000 + * + * Scenario and Name are called by different callers. + * + * 根雪の幻影 + * + * 00A1A00E CC INT3 + * 00A1A00F CC INT3 + * 00A1A010 55 PUSH EBP + * 00A1A011 8BEC MOV EBP,ESP + * 00A1A013 83EC 18 SUB ESP,0x18 + * 00A1A016 A1 0050AA00 MOV EAX,DWORD PTR DS:[0xAA5000] + * 00A1A01B 33C5 XOR EAX,EBP + * 00A1A01D 8945 FC MOV DWORD PTR SS:[EBP-0x4],EAX + * 00A1A020 53 PUSH EBX + * 00A1A021 56 PUSH ESI + * 00A1A022 8B75 0C MOV ESI,DWORD PTR SS:[EBP+0xC] + * 00A1A025 57 PUSH EDI + * 00A1A026 8B7D 08 MOV EDI,DWORD PTR SS:[EBP+0x8] + * 00A1A029 6A 00 PUSH 0x0 + * 00A1A02B 894D F0 MOV DWORD PTR SS:[EBP-0x10],ECX + * 00A1A02E 8B0D C434AE00 MOV ECX,DWORD PTR DS:[0xAE34C4] + * 00A1A034 68 F816A900 PUSH .00A916F8 ; ASCII "/Config/SceneSkip" + * 00A1A039 8975 EC MOV DWORD PTR SS:[EBP-0x14],ESI + * 00A1A03C E8 7F510100 CALL .00A2F1C0 + * 00A1A041 83F8 01 CMP EAX,0x1 + * 00A1A044 0F84 3A010000 JE .00A1A184 + * 00A1A04A 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-0x10] + * 00A1A04D 85F6 TEST ESI,ESI + * 00A1A04F 75 09 JNZ SHORT .00A1A05A + * 00A1A051 8B41 04 MOV EAX,DWORD PTR DS:[ECX+0x4] + * 00A1A054 8B40 38 MOV EAX,DWORD PTR DS:[EAX+0x38] + * 00A1A057 8945 EC MOV DWORD PTR SS:[EBP-0x14],EAX + * 00A1A05A 33C0 XOR EAX,EAX + * 00A1A05C C645 F8 00 MOV BYTE PTR SS:[EBP-0x8],0x0 + * 00A1A060 33DB XOR EBX,EBX + * 00A1A062 66:8945 F9 MOV WORD PTR SS:[EBP-0x7],AX + * 00A1A066 3947 14 CMP DWORD PTR DS:[EDI+0x14],EAX + * 00A1A069 0F86 15010000 JBE .00A1A184 + * 00A1A06F 90 NOP + * 00A1A070 837F 18 10 CMP DWORD PTR DS:[EDI+0x18],0x10 + * 00A1A074 72 05 JB SHORT .00A1A07B + * 00A1A076 8B47 04 MOV EAX,DWORD PTR DS:[EDI+0x4] + * 00A1A079 EB 03 JMP SHORT .00A1A07E + * 00A1A07B 8D47 04 LEA EAX,DWORD PTR DS:[EDI+0x4] + * 00A1A07E 803C18 00 CMP BYTE PTR DS:[EAX+EBX],0x0 + * 00A1A082 0F84 FC000000 JE .00A1A184 + * 00A1A088 837F 18 10 CMP DWORD PTR DS:[EDI+0x18],0x10 + * 00A1A08C 72 05 JB SHORT .00A1A093 + * 00A1A08E 8B47 04 MOV EAX,DWORD PTR DS:[EDI+0x4] + * 00A1A091 EB 03 JMP SHORT .00A1A096 + * 00A1A093 8D47 04 LEA EAX,DWORD PTR DS:[EDI+0x4] + * 00A1A096 8A0418 MOV AL,BYTE PTR DS:[EAX+EBX] + * 00A1A099 3C 81 CMP AL,0x81 + * 00A1A09B 72 04 JB SHORT .00A1A0A1 + * 00A1A09D 3C 9F CMP AL,0x9F + * 00A1A09F 76 06 JBE SHORT .00A1A0A7 + * 00A1A0A1 04 20 ADD AL,0x20 + * 00A1A0A3 3C 0F CMP AL,0xF + * 00A1A0A5 77 40 JA SHORT .00A1A0E7 + * 00A1A0A7 837F 18 10 CMP DWORD PTR DS:[EDI+0x18],0x10 + * 00A1A0AB 72 05 JB SHORT .00A1A0B2 + * 00A1A0AD 8B47 04 MOV EAX,DWORD PTR DS:[EDI+0x4] + * 00A1A0B0 EB 03 JMP SHORT .00A1A0B5 + * 00A1A0B2 8D47 04 LEA EAX,DWORD PTR DS:[EDI+0x4] + * 00A1A0B5 837F 18 10 CMP DWORD PTR DS:[EDI+0x18],0x10 + * 00A1A0B9 8A0418 MOV AL,BYTE PTR DS:[EAX+EBX] + * 00A1A0BC 8845 F8 MOV BYTE PTR SS:[EBP-0x8],AL + * 00A1A0BF 72 13 JB SHORT .00A1A0D4 + * 00A1A0C1 8B47 04 MOV EAX,DWORD PTR DS:[EDI+0x4] + * 00A1A0C4 C645 F7 02 MOV BYTE PTR SS:[EBP-0x9],0x2 + * 00A1A0C8 8A4418 01 MOV AL,BYTE PTR DS:[EAX+EBX+0x1] + * 00A1A0CC 83C3 02 ADD EBX,0x2 + * 00A1A0CF 8845 F9 MOV BYTE PTR SS:[EBP-0x7],AL + * 00A1A0D2 EB 30 JMP SHORT .00A1A104 + * 00A1A0D4 8D47 04 LEA EAX,DWORD PTR DS:[EDI+0x4] + * 00A1A0D7 C645 F7 02 MOV BYTE PTR SS:[EBP-0x9],0x2 + * 00A1A0DB 8A4418 01 MOV AL,BYTE PTR DS:[EAX+EBX+0x1] + * 00A1A0DF 83C3 02 ADD EBX,0x2 + * 00A1A0E2 8845 F9 MOV BYTE PTR SS:[EBP-0x7],AL + * 00A1A0E5 EB 1D JMP SHORT .00A1A104 + * 00A1A0E7 837F 18 10 CMP DWORD PTR DS:[EDI+0x18],0x10 + * 00A1A0EB 72 05 JB SHORT .00A1A0F2 + * 00A1A0ED 8B47 04 MOV EAX,DWORD PTR DS:[EDI+0x4] + * 00A1A0F0 EB 03 JMP SHORT .00A1A0F5 + * 00A1A0F2 8D47 04 LEA EAX,DWORD PTR DS:[EDI+0x4] + * 00A1A0F5 8A0418 MOV AL,BYTE PTR DS:[EAX+EBX] + * 00A1A0F8 43 INC EBX + * 00A1A0F9 8845 F8 MOV BYTE PTR SS:[EBP-0x8],AL + * 00A1A0FC C645 F9 00 MOV BYTE PTR SS:[EBP-0x7],0x0 + * 00A1A100 C645 F7 01 MOV BYTE PTR SS:[EBP-0x9],0x1 + * 00A1A104 807F 48 01 CMP BYTE PTR DS:[EDI+0x48],0x1 + * 00A1A108 75 21 JNZ SHORT .00A1A12B + * 00A1A10A 8B49 08 MOV ECX,DWORD PTR DS:[ECX+0x8] + * 00A1A10D 8D47 38 LEA EAX,DWORD PTR DS:[EDI+0x38] + * 00A1A110 50 PUSH EAX + * 00A1A111 FF77 28 PUSH DWORD PTR DS:[EDI+0x28] + * 00A1A114 8B47 24 MOV EAX,DWORD PTR DS:[EDI+0x24] + * 00A1A117 03C0 ADD EAX,EAX + * 00A1A119 50 PUSH EAX + * 00A1A11A 8D47 20 LEA EAX,DWORD PTR DS:[EDI+0x20] + * 00A1A11D 50 PUSH EAX + * 00A1A11E 8D47 1C LEA EAX,DWORD PTR DS:[EDI+0x1C] + * 00A1A121 50 PUSH EAX + * 00A1A122 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-0x8] + * 00A1A125 50 PUSH EAX + * 00A1A126 E8 85220000 CALL .00A1C3B0 + * 00A1A12B FF77 34 PUSH DWORD PTR DS:[EDI+0x34] + * 00A1A12E 8B4D EC MOV ECX,DWORD PTR SS:[EBP-0x14] + * 00A1A131 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-0x8] + * 00A1A134 FF77 4C PUSH DWORD PTR DS:[EDI+0x4C] + * 00A1A137 FF77 30 PUSH DWORD PTR DS:[EDI+0x30] + * 00A1A13A FF77 2C PUSH DWORD PTR DS:[EDI+0x2C] + * 00A1A13D FF77 20 PUSH DWORD PTR DS:[EDI+0x20] + * 00A1A140 FF77 1C PUSH DWORD PTR DS:[EDI+0x1C] + * 00A1A143 50 PUSH EAX + * 00A1A144 E8 1733FFFF CALL .00A0D460 + * 00A1A149 0FBE45 F7 MOVSX EAX,BYTE PTR SS:[EBP-0x9] + * 00A1A14D 0FAF47 24 IMUL EAX,DWORD PTR DS:[EDI+0x24] + * 00A1A151 0147 1C ADD DWORD PTR DS:[EDI+0x1C],EAX + * 00A1A154 807F 48 00 CMP BYTE PTR DS:[EDI+0x48],0x0 + * 00A1A158 8B47 1C MOV EAX,DWORD PTR DS:[EDI+0x1C] + * 00A1A15B 75 1B JNZ SHORT .00A1A178 + * 00A1A15D 3947 40 CMP DWORD PTR DS:[EDI+0x40],EAX + * 00A1A160 7F 16 JG SHORT .00A1A178 + * 00A1A162 8B47 38 MOV EAX,DWORD PTR DS:[EDI+0x38] + * 00A1A165 8B4F 28 MOV ECX,DWORD PTR DS:[EDI+0x28] + * 00A1A168 014F 20 ADD DWORD PTR DS:[EDI+0x20],ECX + * 00A1A16B 8947 1C MOV DWORD PTR DS:[EDI+0x1C],EAX + * 00A1A16E 8B47 20 MOV EAX,DWORD PTR DS:[EDI+0x20] + * 00A1A171 03C1 ADD EAX,ECX + * 00A1A173 3B47 44 CMP EAX,DWORD PTR DS:[EDI+0x44] + * 00A1A176 7D 0C JGE SHORT .00A1A184 + * 00A1A178 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-0x10] + * 00A1A17B 3B5F 14 CMP EBX,DWORD PTR DS:[EDI+0x14] + * 00A1A17E ^0F82 ECFEFFFF JB .00A1A070 + * 00A1A184 8B4D FC MOV ECX,DWORD PTR SS:[EBP-0x4] + * 00A1A187 5F POP EDI + * 00A1A188 5E POP ESI + * 00A1A189 33CD XOR ECX,EBP + * 00A1A18B 5B POP EBX + * 00A1A18C E8 87600200 CALL .00A40218 + * 00A1A191 8BE5 MOV ESP,EBP + * 00A1A193 5D POP EBP + * 00A1A194 C2 0C00 RETN 0xC + * 00A1A197 CC INT3 + * 00A1A198 CC INT3 + */ +static void SpecialHookSilkys(hook_stack* stack, HookParam *, uintptr_t *data, uintptr_t *split, size_t*len) +{ + //DWORD arg1 = *(DWORD *)(esp_base + 0x4); + DWORD arg1 = stack->stack[1], + arg2 = stack->stack[2]; + + int size = *(DWORD *)(arg1 + 0x14); + if (size <= 0) + return; + + enum { ShortTextCapacity = 0x10 }; + + DWORD text = 0; + //if (arg2 == 0) { + if (size >= ShortTextCapacity) { + text = *(DWORD *)(arg1 + 4); + if (text && ::IsBadReadPtr((LPCVOID)text, size)) // this might not be needed though + text = 0; + } + if (!text) { // short text + text = arg1 + 4; + size = min(size, ShortTextCapacity); + } + *len = size; + *data = text; + + *split = arg2 == 0 ? 1 : 2; // arg2 == 0 ? scenario : name +} + bool hookBefore(hook_stack*s,void* data1, size_t* len,uintptr_t*role) + { + auto arg = (TextUnionA *)(s->stack[0] + sizeof(DWORD)); // arg1 + if (!arg || !arg->isValid()) + return 0; + + // FIXME: I am not able to distinguish choice out + * role = + s->stack[1] ? Engine::NameRole : // arg2 != 0 for name + //s->ebx > 0x0fffffff ? Engine::ChoiceRole : // edx is a pointer for choice + Engine::ScenarioRole; + + std::string oldData(arg->getText(), arg->size); + strcpy((char*)data1,oldData.c_str());*len=oldData.size();return 1; + } + TextUnionA *arg_, + argValue_; + void hookafter1(hook_stack*s,void* data1, size_t len){ + auto newData=std::string((char*)data1,len); + auto arg = (TextUnionA *)(s->stack[0] + sizeof(DWORD)); // arg1 + arg_ = arg; + argValue_ = *arg; + static std::string data_; + data_ = newData; + arg->setText(data_); + } + + bool hookAfter(hook_stack*s,void* data1, size_t* len,uintptr_t*role) + { + if (arg_) { + *arg_ = argValue_; + arg_ = nullptr; + } + return 0; + } +bool InsertSilkysHook() +{ + const BYTE bytes[] = { + 0x66,0x89,0x45, 0xf9, // 00a1a062 66:8945 f9 mov word ptr ss:[ebp-0x7],ax + 0x39,0x47, 0x14 // 00a1a066 3947 14 cmp dword ptr ds:[edi+0x14],eax + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!addr) { + ConsoleOutput("Silkys: pattern not found"); + return false; + } + + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) { + ConsoleOutput("Silkys: function not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.text_fun = SpecialHookSilkys; + hp.type = USING_STRING|NO_CONTEXT; // = 9 + + ConsoleOutput("INSERT Silkys"); + auto succ=NewHook(hp, "SilkysPlus"); + auto fun = [](ULONG addr) -> bool { + auto succ_=false; + { + HookParam hp; + hp.address = addr; + hp.type = USING_STRING|NO_CONTEXT|EMBED_ABLE|EMBED_DYNA_SJIS; + hp.hook_before=hookBefore; + hp.hook_after=hookafter1; + hp.hook_font=F_GetGlyphOutlineA; + succ_|=NewHook(hp,"EmbedSilkys"); + } + { + HookParam hp; + hp.address = addr+5; + hp.type = HOOK_EMPTY|EMBED_ABLE; + hp.hook_before=hookAfter; + succ_|=NewHook(hp,"EmbedSilkys"); + } + return succ_; // replace all functions + }; + succ|=MemDbg::iterNearCallAddress(fun, addr, processStartAddress, processStopAddress); + return succ; +} +bool InsertSilkysHook2() +{ + //[230825] [コンフィチュールソフト] ギャル×オタ ~織川きららはお世話したい~ + auto addr = MemDbg::findCallerAddressAfterInt3((DWORD)GetCharacterPlacementW, processStartAddress, processStopAddress); + if(addr==0)return false; + BYTE sig[]={ + 0x8b,0x80,XX4, + 0xff,0xd0, + 0x8b,0xf0 + }; + addr=MemDbg::findBytes(sig,sizeof(sig),addr,addr+0x100); + if(addr==0)return false; + HookParam hp; + hp.address = addr+8; + hp.type = CODEC_UTF16|USING_STRING; + hp.offset=get_reg(regs::eax); + hp.filter_fun=[](void* data, size_t* len, HookParam* hp){ + static int idx=0; + idx+=1; + return (bool)(idx%2); + }; + return NewHook(hp, "SilkysPlus2"); +} +namespace{ + bool _s(){ + ///https://vndb.org/r68491 + //徒花異譚 / Adabana Odd Tales + BYTE sig[]={ + 0xBA,0x00,0x01,0x00,0x00, + 0xC7,0x45,0x08,0x14,0x20,0x00,0x00, + 0x8D,0x49,0x00 + }; + auto addr=MemDbg::findBytes(sig,sizeof(sig),processStartAddress, processStopAddress); + if(addr==0)return false; + addr = findfuncstart(addr); + if (!addr) return 0; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.newlineseperator=L"\\n"; + hp.type = USING_STRING|CODEC_UTF16|EMBED_ABLE|EMBED_BEFORE_SIMPLE|EMBED_AFTER_NEW; + return NewHook(hp,"EmbedSilkysX"); + } +} +namespace{ + bool Silkys2Filter(LPVOID data, size_t *size, HookParam *) +{ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + + StringCharReplacer(text, len, L"\\i", 2, L'\''); + + return true; +} + +bool InsertSilkys2Hook() +{ + //https://vndb.org/r89173 + //同级生Remake + const BYTE bytes[] = { + // (unsigned __int16)v13 < 0x100u || (_WORD)v13 == 8212 + 0xC7,0x45,XX,0x00,0x01,0x00,0x00, + 0xC7,0x45,XX,0x14,0x20,0x00,0x00 + }; + const BYTE bytes2[] = { + //v6 = (_WORD *)(*v8 + *(_DWORD *)(v7 + 4 * v27)); + //hook v6 + 0x8b,0x4d,0xf4, + 0x8b,0x3c,0x8f, + 0x03,0x38 + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!addr) return false; + addr = reverseFindBytes(bytes2, sizeof(bytes2), addr-0x100, addr); + if (!addr) return false; + HookParam hp; + hp.address = addr + sizeof(bytes2); + hp.offset=get_reg(regs::edi); + hp.filter_fun = Silkys2Filter; + hp.type = CODEC_UTF16 | USING_STRING | NO_CONTEXT; + return NewHook(hp, "Silkys2"); +} +} +namespace{ + bool saiminset(){ + //[230929][1237052][シルキーズSAKURA] 催眠奪女Set パッケージ版 + auto addr1=finddllfunctioncall((DWORD)GetGlyphOutlineA,processStartAddress, processStopAddress); + if(addr1==0)return false; + auto func1=MemDbg::findEnclosingAlignedFunction(addr1); + if(func1==0)return false; + BYTE check[]={ + 0x80,0xf9,0x81,XX2,//cmp cl, 81h + 0x80,0xf9,0x9f,XX2,// cmp cl, 9Fh + }; + if(MemDbg::findBytes(check,sizeof(check),func1,addr1)==0)return false; + auto xrefs=findxref_reverse_checkcallop(func1,processStartAddress,processStopAddress,0xe8); + if(xrefs.size()==0)return false; + auto addr2=xrefs[0]; + auto addr=MemDbg::findEnclosingAlignedFunction(addr2); + if(addr==0)return false; + HookParam hp; + hp.address = addr ; + hp.offset=get_stack(1); + hp.index=0; + hp.split=get_stack(6); + hp.type = USING_SPLIT|DATA_INDIRECT; + return NewHook(hp, "Silkys3"); + } +} +bool Silkys::attach_function() { + auto b1=InsertSilkys2Hook(); + return InsertSilkysHook()||InsertSilkysHook2()||_s()||b1||saiminset(); +} + + +bool SilkysOld::attach_function(){ + //愛姉妹・蕾…汚してください + auto addr=MemDbg::findCallerAddressAfterInt3((DWORD)TextOutA,processStartAddress,processStopAddress); + if(addr==0)return false; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(3); + hp.type=DATA_INDIRECT; + return NewHook(hp, "SilkysOld"); +} \ No newline at end of file diff --git a/LunaHook/engine32/Silkys.h b/LunaHook/engine32/Silkys.h new file mode 100644 index 0000000..aef4b0b --- /dev/null +++ b/LunaHook/engine32/Silkys.h @@ -0,0 +1,22 @@ +#include"engine.h" + +class Silkys:public ENGINE{ + public: + Silkys(){ + + check_by=CHECK_BY::FILE_ALL; + check_by_target=check_by_list{L"data.arc",L"effect.arc",L"Script.arc"}; + /// Almost the same as Silkys except mes.arc is replaced by Script.arc + }; + bool attach_function(); +}; +class SilkysOld:public ENGINE{ + public: + SilkysOld(){ + + check_by=CHECK_BY::FILE_ALL; + check_by_target=check_by_list{L"bgm.AWF",L"effect.AWF",L"gcc.ARC",L"mes.ARC",L"sequence.ARC"}; + /// Almost the same as Silkys except mes.arc is replaced by Script.arc + }; + bool attach_function(); +}; diff --git a/LunaHook/engine32/Speed.cpp b/LunaHook/engine32/Speed.cpp new file mode 100644 index 0000000..d1df3f4 --- /dev/null +++ b/LunaHook/engine32/Speed.cpp @@ -0,0 +1,26 @@ +#include"Speed.h" + +bool Speed::attach_function() { + // 藍色ノ狂詩曲~Deep Blue Rhapsody~ + auto entry=Util::FindImportEntry(processStartAddress,(DWORD)DrawTextA); + if(entry==0)return false; + BYTE bytes2[]={0x8b,0x35,XX4}; //mov esi, ds:DrawTextA + memcpy(bytes2+2,&entry,4); + auto addr = MemDbg::findBytes(bytes2, sizeof(bytes2), processStartAddress, processStopAddress); + if (addr == 0)return false; + BYTE sig1[]={ 0x68,0x00,0x04,0x00,0x00 }; + BYTE sig2[]={ 0xFF,0xD6 }; + BYTE sig3[]={ 0x68,0x00,0x01,0x00,0x00 }; + BYTE sig4[]={ 0xFF,0xD6 }; + for(auto p:std::vector>{{sig1,sizeof(sig1)},{sig2,sizeof(sig2)},{sig3,sizeof(sig3)},{sig4,sizeof(sig4)}}){ + addr=MemDbg::findBytes(p.first, p.second, addr, addr+0x40); + if(addr==0)return false; + } + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (addr == 0)return false; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.type = CODEC_ANSI_BE ; + return NewHook(hp, "Speed"); +} \ No newline at end of file diff --git a/LunaHook/engine32/Speed.h b/LunaHook/engine32/Speed.h new file mode 100644 index 0000000..b8faf8e --- /dev/null +++ b/LunaHook/engine32/Speed.h @@ -0,0 +1,15 @@ +#include"engine.h" + +class Speed:public ENGINE{ + public: + Speed(){ + is_engine_certain=false; + check_by=CHECK_BY::CUSTOM; + check_by_target=[](){ + auto hcb=std::wstring(processName); + hcb=hcb.substr(0,hcb.size()-4)+L".hcb"; + return(Util::CheckFile(hcb.c_str())&&Util::CheckFile(L"bgm.bin")&&Util::CheckFile(L"cg.bin")&&Util::CheckFile(L"se.bin")&&Util::CheckFile(L"vo.bin")); + }; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Sprite.cpp b/LunaHook/engine32/Sprite.cpp new file mode 100644 index 0000000..f930ab4 --- /dev/null +++ b/LunaHook/engine32/Sprite.cpp @@ -0,0 +1,34 @@ +#include"Sprite.h" + +bool Sprite::attach_function() { + //恋と選挙とチョコレート + auto m=GetModuleHandle(L"dirapi.dll"); + auto [minAddress, maxAddress] = Util::QueryModuleLimits(m); + const BYTE bytes[] = { + 0x83,0xF8,0x40, + 0x74,XX, + 0x83,0xF8,0x43, + 0x74,XX, + 0x83,XX,0xFF, + 0xEB,XX, + 0x8D,0x45,0xF8, + XX, + XX, + XX, + //+20 + 0xE8,XX4, + 0x89,0x45,0xF0, + 0x8D,0x45,0xF4, + 0x50, + XX, + 0xE8,XX4 + }; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), minAddress, maxAddress); + if(addr==0)return false; + if(((*(int*)(addr+22))+addr+22)!=((*(int*)(addr+35))+addr+35))return false; + HookParam hp; + hp.address = addr+sizeof(bytes); + hp.offset=get_reg(regs::eax); + hp.type = USING_STRING; + return NewHook(hp, "Sprite"); +} \ No newline at end of file diff --git a/LunaHook/engine32/Sprite.h b/LunaHook/engine32/Sprite.h new file mode 100644 index 0000000..5f50edb --- /dev/null +++ b/LunaHook/engine32/Sprite.h @@ -0,0 +1,12 @@ +#include"engine.h" + +class Sprite:public ENGINE{public: + Sprite(){ + is_engine_certain=false; + check_by=CHECK_BY::CUSTOM; + check_by_target=[](){ + return Util::CheckFile(L"*.cct")&&Util::CheckFile(L"*.dcr")&&GetModuleHandle(L"dirapi.dll"); + }; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Suika2.cpp b/LunaHook/engine32/Suika2.cpp new file mode 100644 index 0000000..500b165 --- /dev/null +++ b/LunaHook/engine32/Suika2.cpp @@ -0,0 +1,37 @@ +#include"Suika2.h" +//灰翼のロードピス +bool Suika2_msvcrt() { + auto msvcrt=GetModuleHandle(L"msvcrt.dll"); + if(msvcrt==0)return 0; + auto _strdup=GetProcAddress(msvcrt,"_strdup"); + if(_strdup==0)return 0; + HookParam hp; + hp.address=(DWORD)_strdup; + hp.type=USING_STRING|CODEC_UTF8; + hp.offset=get_stack(1); + return NewHook(hp,"Suika2_msvcrt"); + +} +bool Suika2_06x() { + char _s[]=R"(\#{%06x}%s\#{%06x}%s)"; + auto a06xS06xS=MemDbg::findBytes(_s,sizeof(_s),processStartAddress,processStopAddress); + if(a06xS06xS==0)return 0; + auto movoff=MemDbg::findBytes(&a06xS06xS,4,processStartAddress,processStopAddress); + if(movoff==0)return 0; + BYTE funcstart[]={ + 0x55,0x57,0x56 + }; + auto func=reverseFindBytes(funcstart,sizeof(funcstart),movoff-0x200,movoff); + if(func==0)return 0; + HookParam hp; + hp.address=func; + hp.type=USING_STRING|CODEC_UTF8|NO_CONTEXT; + hp.offset=get_stack(2); + return NewHook(hp,"Suika2_06x"); + +} +bool Suika2::attach_function() { + auto _1=Suika2_msvcrt(); + auto _2=Suika2_06x(); + return _1||_2; +} \ No newline at end of file diff --git a/LunaHook/engine32/Suika2.h b/LunaHook/engine32/Suika2.h new file mode 100644 index 0000000..e4407e4 --- /dev/null +++ b/LunaHook/engine32/Suika2.h @@ -0,0 +1,15 @@ +#include"engine.h" + +class Suika2:public ENGINE{ + public: + Suika2(){ + is_engine_certain=false; + check_by=CHECK_BY::CUSTOM; + check_by_target=[](){ + if(wcscmp(processName_lower,L"suika.exe")==0)return true; + char suika2copyright[]="Suika2: Copyright"; + return 0!=MemDbg::findBytes(suika2copyright,sizeof(suika2copyright)-1,processStartAddress,min(processStopAddress,processStartAddress+0x200000)); + }; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/System4x.cpp b/LunaHook/engine32/System4x.cpp new file mode 100644 index 0000000..071d9ce --- /dev/null +++ b/LunaHook/engine32/System4x.cpp @@ -0,0 +1,1806 @@ +#include"System4x.h" +#include"embed_util.h" + +/** + * jichi 12/26/2013: Rance hook + * + * ランス01 光をもとめて: /HSN4:-14@5506A9 + * - addr: 5572265 (0x5596a9) + * - off: 4 + * - split: 4294967272 (0xffffffe8 = -0x18) + * - type: 1041 (0x411) + * + * the above code has the same pattern except int3. + * 005506a9 |. e8 f2fb1600 call Rance01.006c02a0 ; hook here + * 005506ae |. 83c4 0c add esp,0xc + * 005506b1 |. 5f pop edi + * 005506b2 |. 5e pop esi + * 005506b3 |. b0 01 mov al,0x1 + * 005506b5 |. 5b pop ebx + * 005506b6 \. c2 0400 retn 0x4 + * 005506b9 cc int3 + * + * ランス・クエス� /hsn4:-14@42e08a + * 0042e08a |. e8 91ed1f00 call Ranceque.0062ce20 ; hook here + * 0042e08f |. 83c4 0c add esp,0xc + * 0042e092 |. 5f pop edi + * 0042e093 |. 5e pop esi + * 0042e094 |. b0 01 mov al,0x1 + * 0042e096 |. 5b pop ebx + * 0042e097 \. c2 0400 retn 0x4 + * 0042e09a cc int3 + * + * 5/7/2015 イブニクル version 1.0.1 + * The hooked function is no longer get called after loading AliceRunPatch.dll. + * The hooked function is below. + * See also ATcode: http://capita.tistory.com/m/post/256 + * 005C40AE CC INT3 + * 005C40AF CC INT3 + * 005C40B0 53 PUSH EBX + * 005C40B1 8B5C24 08 MOV EBX,DWORD PTR SS:[ESP+0x8] + * 005C40B5 56 PUSH ESI + * 005C40B6 57 PUSH EDI + * 005C40B7 8B7B 10 MOV EDI,DWORD PTR DS:[EBX+0x10] + * 005C40BA 8BF0 MOV ESI,EAX + * 005C40BC 47 INC EDI + * 005C40BD 3B7E 0C CMP EDI,DWORD PTR DS:[ESI+0xC] + * 005C40C0 76 0F JBE SHORT .005C40D1 + * 005C40C2 E8 79F8FFFF CALL .005C3940 + * 005C40C7 84C0 TEST AL,AL + * 005C40C9 75 06 JNZ SHORT .005C40D1 + * 005C40CB 5F POP EDI + * 005C40CC 5E POP ESI + * 005C40CD 5B POP EBX + * 005C40CE C2 0400 RETN 0x4 + * 005C40D1 837B 14 10 CMP DWORD PTR DS:[EBX+0x14],0x10 + * 005C40D5 72 02 JB SHORT .005C40D9 + * 005C40D7 8B1B MOV EBX,DWORD PTR DS:[EBX] + * 005C40D9 837E 0C 00 CMP DWORD PTR DS:[ESI+0xC],0x0 + * 005C40DD 75 15 JNZ SHORT .005C40F4 + * 005C40DF 57 PUSH EDI + * 005C40E0 33C0 XOR EAX,EAX + * 005C40E2 53 PUSH EBX + * 005C40E3 50 PUSH EAX + * 005C40E4 E8 B7400D00 CALL .006981A0 + * 005C40E9 83C4 0C ADD ESP,0xC + * 005C40EC 5F POP EDI + * 005C40ED 5E POP ESI + * 005C40EE B0 01 MOV AL,0x1 + * 005C40F0 5B POP EBX + * 005C40F1 C2 0400 RETN 0x4 + * 005C40F4 8B46 08 MOV EAX,DWORD PTR DS:[ESI+0x8] + * 005C40F7 57 PUSH EDI + * 005C40F8 53 PUSH EBX + * 005C40F9 50 PUSH EAX + * 005C40FA E8 A1400D00 CALL .006981A0 ; jichi: call here + * 005C40FF 83C4 0C ADD ESP,0xC + * 005C4102 5F POP EDI + * 005C4103 5E POP ESI + * 005C4104 B0 01 MOV AL,0x1 + * 005C4106 5B POP EBX + * 005C4107 C2 0400 RETN 0x4 + * 005C410A CC INT3 + * 005C410B CC INT3 + * 005C410C CC INT3 * + */ +static bool InsertSystem43OldHook(ULONG startAddress, ULONG stopAddress, LPCSTR hookName) +{ + // i.e. 83c40c5f5eb0015bc20400cccc without leading 0xe8 + //const BYTE ins[] = { // 005506a9 |. e8 f2fb1600 call rance01.006c02a0 ; hook here + // 0x83,0xc4, 0x0c, // 005506ae |. 83c4 0c add esp,0xc + // 0x5f, // 005506b1 |. 5f pop edi + // 0x5e, // 005506b2 |. 5e pop esi + // 0xb0, 0x01, // 005506b3 |. b0 01 mov al,0x1 + // 0x5b, // 005506b5 |. 5b pop ebx + // 0xc2, 0x04,0x00, // 005506b6 \. c2 0400 retn 0x4 + // 0xcc, 0xcc // patching a few int3 to make sure that this is at the end of the code block + //}; + //enum { addr_offset = -5 }; // the function call before the ins + //ULONG addr = processStartAddress; //- sizeof(ins); + ////addr = 0x5506a9; + //enum { near_call = 0xe8 }; // intra-module function call + //do { + // //addr += sizeof(ins); // so that each time return diff address -- not needed + // ULONG range = min(processStopAddress - addr, MAX_REL_ADDR); + // addr = MemDbg::findBytes(ins, sizeof(ins), addr, addr + range); + // if (!addr) { + // //ITH_MSG(L"failed"); + // ConsoleOutput("System43: pattern not found"); + // return false; + // } + // addr += addr_offset; + //} while(near_call != *(BYTE *)addr); // function call + //GROWL_DWORD(addr); + + // i.e. 83c40c5f5eb0015bc20400cccc without leading 0xe8 + const BYTE bytes[] = { + 0xe8, XX4, // 005506a9 |. e8 f2fb1600 call rance01.006c02a0 ; hook here + 0x83,0xc4, 0x0c, // 005506ae |. 83c4 0c add esp,0xc + XX, // 005506b1 |. 5f pop edi ; Artikash 2/9/2019 change these to wildcards: Evenicle 2 has the pops and moves switched order + XX, // 005506b2 |. 5e pop esi + XX, XX, // 005506b3 |. b0 01 mov al,0x1 + 0x5b, // 005506b5 |. 5b pop ebx + 0xc2, 0x04,0x00, // 005506b6 \. c2 0400 retn 0x4 + 0xcc, 0xcc // patching a few int3 to make sure that this is at the end of the code block + }; + enum { addr_offset = 0 }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + //GROWL_DWORD(addr); + if (!addr) { + ConsoleOutput("System43: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr + addr_offset; + hp.offset=get_stack(1); + hp.split = get_reg(regs::esp); + hp.type = NO_CONTEXT|USING_SPLIT|USING_STRING|EMBED_ABLE|EMBED_BEFORE_SIMPLE|EMBED_AFTER_NEW|EMBED_DYNA_SJIS; + ConsoleOutput("INSERT System43"); + ConsoleOutput("System43: disable GDI hooks"); // disable hooking to TextOutA, which is cached + return NewHook(hp, hookName); + + +} + +/** 5/13/2015 Add new hook for System43 engine that has no garbage threads and can detect character name + * Sample game: Evenicle + * See: http://capita.tistory.com/m/post/256 + * + * 004EEA6C CC INT3 + * 004EEA6D CC INT3 + * 004EEA6E CC INT3 + * 004EEA6F CC INT3 + * 004EEA70 6A FF PUSH -0x1 + * 004EEA72 68 E8267000 PUSH .007026E8 + * 004EEA77 64:A1 00000000 MOV EAX,DWORD PTR FS:[0] + * 004EEA7D 50 PUSH EAX + * 004EEA7E 83EC 20 SUB ESP,0x20 + * 004EEA81 A1 DCC47700 MOV EAX,DWORD PTR DS:[0x77C4DC] + * 004EEA86 33C4 XOR EAX,ESP + * 004EEA88 894424 1C MOV DWORD PTR SS:[ESP+0x1C],EAX + * 004EEA8C 53 PUSH EBX + * 004EEA8D 55 PUSH EBP + * 004EEA8E 56 PUSH ESI + * 004EEA8F 57 PUSH EDI + * 004EEA90 A1 DCC47700 MOV EAX,DWORD PTR DS:[0x77C4DC] + * 004EEA95 33C4 XOR EAX,ESP + * 004EEA97 50 PUSH EAX + * 004EEA98 8D4424 34 LEA EAX,DWORD PTR SS:[ESP+0x34] + * 004EEA9C 64:A3 00000000 MOV DWORD PTR FS:[0],EAX + * 004EEAA2 8B4424 44 MOV EAX,DWORD PTR SS:[ESP+0x44] + * 004EEAA6 8BF1 MOV ESI,ECX + * 004EEAA8 E8 8346FBFF CALL .004A3130 + * 004EEAAD 8BE8 MOV EBP,EAX + * 004EEAAF 33DB XOR EBX,EBX + * 004EEAB1 3BEB CMP EBP,EBX + * 004EEAB3 75 07 JNZ SHORT .004EEABC + * 004EEAB5 32C0 XOR AL,AL + * 004EEAB7 E9 92000000 JMP .004EEB4E + * 004EEABC 8B06 MOV EAX,DWORD PTR DS:[ESI] + * 004EEABE 8B10 MOV EDX,DWORD PTR DS:[EAX] + * 004EEAC0 8BCE MOV ECX,ESI + * 004EEAC2 FFD2 CALL EDX + * 004EEAC4 8BC8 MOV ECX,EAX + * 004EEAC6 C74424 28 0F0000>MOV DWORD PTR SS:[ESP+0x28],0xF + * 004EEACE 895C24 24 MOV DWORD PTR SS:[ESP+0x24],EBX + * 004EEAD2 885C24 14 MOV BYTE PTR SS:[ESP+0x14],BL + * 004EEAD6 8D71 01 LEA ESI,DWORD PTR DS:[ECX+0x1] + * 004EEAD9 8DA424 00000000 LEA ESP,DWORD PTR SS:[ESP] + * 004EEAE0 8A11 MOV DL,BYTE PTR DS:[ECX] + * 004EEAE2 41 INC ECX + * 004EEAE3 3AD3 CMP DL,BL + * 004EEAE5 ^75 F9 JNZ SHORT .004EEAE0 + * 004EEAE7 2BCE SUB ECX,ESI + * 004EEAE9 50 PUSH EAX + * 004EEAEA 8BF9 MOV EDI,ECX + * 004EEAEC 8D7424 18 LEA ESI,DWORD PTR SS:[ESP+0x18] + * 004EEAF0 E8 CB27F1FF CALL .004012C0 + * 004EEAF5 8B7C24 48 MOV EDI,DWORD PTR SS:[ESP+0x48] + * 004EEAF9 895C24 3C MOV DWORD PTR SS:[ESP+0x3C],EBX + * 004EEAFD 8B75 3C MOV ESI,DWORD PTR SS:[EBP+0x3C] + * 004EEB00 E8 1B4A0100 CALL .00503520 + * 004EEB05 8BF8 MOV EDI,EAX + * 004EEB07 8DB7 E4000000 LEA ESI,DWORD PTR DS:[EDI+0xE4] + * 004EEB0D 8D4424 14 LEA EAX,DWORD PTR SS:[ESP+0x14] + * 004EEB11 8BD6 MOV EDX,ESI + * 004EEB13 E8 985CF1FF CALL .004047B0 + * 004EEB18 BD 10000000 MOV EBP,0x10 + * 004EEB1D 84C0 TEST AL,AL + * 004EEB1F 75 18 JNZ SHORT .004EEB39 + * 004EEB21 895E 10 MOV DWORD PTR DS:[ESI+0x10],EBX + * 004EEB24 396E 14 CMP DWORD PTR DS:[ESI+0x14],EBP + * 004EEB27 72 02 JB SHORT .004EEB2B + * 004EEB29 8B36 MOV ESI,DWORD PTR DS:[ESI] + * 004EEB2B 8D4424 14 LEA EAX,DWORD PTR SS:[ESP+0x14] + * 004EEB2F 50 PUSH EAX + * 004EEB30 8BCF MOV ECX,EDI + * 004EEB32 881E MOV BYTE PTR DS:[ESI],BL + * 004EEB34 E8 67CB0100 CALL .0050B6A0 ; jichi: ATcode modified here, text is on the top of the stack + * 004EEB39 396C24 28 CMP DWORD PTR SS:[ESP+0x28],EBP + * 004EEB3D 72 0D JB SHORT .004EEB4C + * 004EEB3F 8B4C24 14 MOV ECX,DWORD PTR SS:[ESP+0x14] + * 004EEB43 51 PUSH ECX + * 004EEB44 E8 42DC1900 CALL .0068C78B + * 004EEB49 83C4 04 ADD ESP,0x4 + * 004EEB4C B0 01 MOV AL,0x1 + * 004EEB4E 8B4C24 34 MOV ECX,DWORD PTR SS:[ESP+0x34] + * 004EEB52 64:890D 00000000 MOV DWORD PTR FS:[0],ECX + * 004EEB59 59 POP ECX + * 004EEB5A 5F POP EDI + * 004EEB5B 5E POP ESI + * 004EEB5C 5D POP EBP + * 004EEB5D 5B POP EBX + * 004EEB5E 8B4C24 1C MOV ECX,DWORD PTR SS:[ESP+0x1C] + * 004EEB62 33CC XOR ECX,ESP + * 004EEB64 E8 9CD61900 CALL .0068C205 + * 004EEB69 83C4 2C ADD ESP,0x2C + * 004EEB6C C3 RETN + * 004EEB6D CC INT3 + * 004EEB6E CC INT3 + * + * Actual binary patch for Evenicle exe: http://capita.tistory.com/m/post/256 + * {005E393B(EB), 004EEB34(E9 13 B6 21 00), 005C71E0(E9 48 2F 14 00), 005B6494(E9 10 3D 15 00), 0070A10F(90 90 90 90 90 E8 F7 9F EB FF E9 C7 D0 EB FF 90 90 90 90 90 E8 78 15 E0 FF E9 0C 4A DE FF 50 8B 87 B0 00 00 00 66 81 38 84 00 75 0E 83 78 EA 5B 75 08 E8 A2 00 00 00 58 EB C6 58 EB C8 50 52 BA E0 0B 7A 00 60 89 D7 8B 74 E4 28 B9 06 00 00 00 F3 A5 61 8B 44 E4 08 8B 40 10 85 C0 74 29 8B 44 E4 08 8B 40 14 83 F8 0F 75 08 89 54 E4 08 5A 58 EB 9D 8D 42 20 60 89 C7 8B 32 8B 4A 14 83 C1 09 F3 A4 61 89 02 EB E3 5A 58 EB 89 90 90 90 90 90 E8 6C 9F EB FF E9 F0 C2 EA FF 50 8B 44 E4 04 83 78 0C 01 76 31 8B 87 84 02 00 00 66 83 78 FC 46 75 24 83 78 F8 22 74 16 83 78 F8 13 75 18 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 E8 06 00 00 00 58 EB B5 58 EB B7 60 8B 74 E4 28 BF E0 0B 7A 00 89 7C E4 28 B9 0C 00 00 00 F3 A5 61 C3)} + * + * ATcode: FORCEFONT(5),ENCODEKOR,FONT(Malgun Gothic,-13),HOOK(0x0070A10F,TRANS([[ESP]+0x8],LEN([ESP]+0XC),PTRCHEAT),RETNPOS(COPY)),HOOK(0x0070A11E,TRANS([ESP],SMSTR(IGNORE)),RETNPOS(COPY)),HOOK(0x0070A19A,TRANS([[ESP]+0x8],LEN([ESP]+0XC),PTRCHEAT),RETNPOS(COPY)) + * FilterCode: DenyWord{CUT(2)},FixLine{},KoFilter{},DumpText{},CustomDic{CDic},CustomScript{Write,Pass(-1),Cache} + * + * The second hooked address pointed to the text address. + * The logic here is simplify buffer the read text, and replace the text by zero + * Then translate/paint them together. + * Several variables near the text address is used to check if the text is finished or not. + * + * Function immediately before patched code: + * 0070A09E CC INT3 + * 0070A09F CC INT3 + * 0070A0A0 6A FF PUSH -0x1 + * 0070A0A2 68 358A7000 PUSH .00708A35 + * 0070A0A7 64:A1 00000000 MOV EAX,DWORD PTR FS:[0] + * 0070A0AD 50 PUSH EAX + * 0070A0AE 51 PUSH ECX + * 0070A0AF 56 PUSH ESI + * 0070A0B0 A1 DCC47700 MOV EAX,DWORD PTR DS:[0x77C4DC] + * 0070A0B5 33C4 XOR EAX,ESP + * 0070A0B7 50 PUSH EAX + * 0070A0B8 8D4424 0C LEA EAX,DWORD PTR SS:[ESP+0xC] + * 0070A0BC 64:A3 00000000 MOV DWORD PTR FS:[0],EAX + * 0070A0C2 C74424 14 000000>MOV DWORD PTR SS:[ESP+0x14],0x0 + * 0070A0CA A1 54D17900 MOV EAX,DWORD PTR DS:[0x79D154] + * 0070A0CF 8B08 MOV ECX,DWORD PTR DS:[EAX] + * 0070A0D1 50 PUSH EAX + * 0070A0D2 51 PUSH ECX + * 0070A0D3 8D7424 10 LEA ESI,DWORD PTR SS:[ESP+0x10] + * 0070A0D7 E8 6416F8FF CALL .0068B740 + * 0070A0DC A1 54D17900 MOV EAX,DWORD PTR DS:[0x79D154] + * 0070A0E1 50 PUSH EAX + * 0070A0E2 E8 A426F8FF CALL .0068C78B + * 0070A0E7 83C4 04 ADD ESP,0x4 + * 0070A0EA 8B4C24 0C MOV ECX,DWORD PTR SS:[ESP+0xC] + * 0070A0EE 64:890D 00000000 MOV DWORD PTR FS:[0],ECX + * 0070A0F5 59 POP ECX + * 0070A0F6 5E POP ESI + * 0070A0F7 83C4 10 ADD ESP,0x10 + * 0070A0FA C3 RETN + * 0070A0FB C705 C4C17900 64>MOV DWORD PTR DS:[0x79C1C4],.0070B664 + * 0070A105 B9 C4C17900 MOV ECX,.0079C1C4 + * 0070A10A ^E9 0722F8FF JMP .0068C316 + * + * Patched code: + * 0070A10F 90 NOP ; jichi: ATcode hooked here + * 0070A110 90 NOP + * 0070A111 90 NOP + * 0070A112 90 NOP + * 0070A113 90 NOP + * 0070A114 E8 F79FEBFF CALL .005C4110 + * 0070A119 ^E9 C7D0EBFF JMP .005C71E5 + * 0070A11E 90 NOP + * 0070A11F 90 NOP + * 0070A120 90 NOP + * 0070A121 90 NOP + * 0070A122 90 NOP + * 0070A123 E8 7815E0FF CALL .0050B6A0 ; jichi: call the original function for hookpoint #2 + * 0070A128 ^E9 0C4ADEFF JMP .004EEB39 ; jichi: come back to hookpoint#2 + * 0070A12D 50 PUSH EAX ; jichi: this is for hookpoint #3, translate the text before send it to paint + * 0070A12E 8B87 B0000000 MOV EAX,DWORD PTR DS:[EDI+0xB0] + * 0070A134 66:8138 8400 CMP WORD PTR DS:[EAX],0x84 + * 0070A139 75 0E JNZ SHORT .0070A149 + * 0070A13B 8378 EA 5B CMP DWORD PTR DS:[EAX-0x16],0x5B + * 0070A13F 75 08 JNZ SHORT .0070A149 + * 0070A141 E8 A2000000 CALL .0070A1E8 + * 0070A146 58 POP EAX + * 0070A147 ^EB C6 JMP SHORT .0070A10F + * 0070A149 58 POP EAX + * 0070A14A ^EB C8 JMP SHORT .0070A114 + * 0070A14C 50 PUSH EAX ; jichi: hookpoint#2 jmp here, text address is in [esp] + * 0070A14D 52 PUSH EDX + * 0070A14E BA E00B7A00 MOV EDX,.007A0BE0 ; jichi: 007A0BE0 points to unused zeroed memory + * 0070A153 60 PUSHAD ; jichi esp -= 0x20, now, esp[0x28] is text address, esp[0x24] = eax, and esp[0x20] = edx + * 0070A154 89D7 MOV EDI,EDX ; set 007A0BE0 as the target buffer to save text, edx is never modified + * 0070A156 8B74E4 28 MOV ESI,DWORD PTR SS:[ESP+0x28] ; set source text as target + * 0070A15A B9 06000000 MOV ECX,0x6 ; move for 6 bytes + * 0070A15F F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI] + * 0070A161 61 POPAD ; finished saving text, now [esp] is old edx, esp[0x4] is old eax, esp[0x8] is old text address + * 0070A162 8B44E4 08 MOV EAX,DWORD PTR SS:[ESP+0x8] ; eax = original text address + * 0070A166 8B40 10 MOV EAX,DWORD PTR DS:[EAX+0x10] ; eax = text[0x10] + * 0070A169 85C0 TEST EAX,EAX ; if end of text, + * 0070A16B 74 29 JE SHORT .0070A196 ; jump if eax is zero, comeback to hookpoint and ignore it + * 0070A16D 8B44E4 08 MOV EAX,DWORD PTR SS:[ESP+0x8] ; otherwise, if eax is not zero + * 0070A171 8B40 14 MOV EAX,DWORD PTR DS:[EAX+0x14] ; eax = text[0x14] + * 0070A174 83F8 0F CMP EAX,0xF ; jichi: compare text[0x14] with 0xf + * 0070A177 75 08 JNZ SHORT .0070A181 ; jump if not zero leaving text not modified, other continue and modify the text + * 0070A179 8954E4 08 MOV DWORD PTR SS:[ESP+0x8],EDX ; override esp+8 with edx, i.e. override text address by new text address and do translation + * 0070A17D 5A POP EDX + * 0070A17E 58 POP EAX ; jichi: restore edx and eax, now esp is back to normal. [esp] is the new text address + * 0070A17F ^EB 9D JMP SHORT .0070A11E ; jichi: jump to the top of the hooked place (nop) and do translation before coming back + * 0070A181 8D42 20 LEA EAX,DWORD PTR DS:[EDX+0x20] ; text is not modified, esp[0x8] is the text address, edx is the modified buffer, eax = buffer[0x20] address + * 0070A184 60 PUSHAD ; jichi: esp[0x28] is now the text address + * 0070A185 89C7 MOV EDI,EAX ; jichi: edx[0x20] is the target + * 0070A187 8B32 MOV ESI,DWORD PTR DS:[EDX] ; jichi: edx is the source + * 0070A189 8B4A 14 MOV ECX,DWORD PTR DS:[EDX+0x14] + * 0070A18C 83C1 09 ADD ECX,0x9 ; move for [edx+0x14]+0x9 time + * 0070A18F F3:A4 REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[ESI] ; jichi: shift text by 0x14 dword ptr + * 0070A191 61 POPAD ; jichi: now esp[0x8] is the text address + * 0070A192 8902 MOV DWORD PTR DS:[EDX],EAX ; eax is the new text address (edx+0x20), move the address to beginning of buffer ([edx]), i.e. edx is pointed to zero memory now + * 0070A194 ^EB E3 JMP SHORT .0070A179 ; come bback to modify the text address + * 0070A196 5A POP EDX + * 0070A197 58 POP EAX + * 0070A198 ^EB 89 JMP SHORT .0070A123 ; jichi: come back to call + * 0070A19A 90 NOP + * 0070A19B 90 NOP + * 0070A19C 90 NOP + * 0070A19D 90 NOP + * 0070A19E 90 NOP + * 0070A19F E8 6C9FEBFF CALL .005C4110 + * 0070A1A4 ^E9 F0C2EAFF JMP .005B6499 + * 0070A1A9 50 PUSH EAX ; jichi: from hookpoint #4 + * 0070A1AA 8B44E4 04 MOV EAX,DWORD PTR SS:[ESP+0x4] ; jichi: move top of the old stack address to eax + * 0070A1AE 8378 0C 01 CMP DWORD PTR DS:[EAX+0xC],0x1 + * 0070A1B2 76 31 JBE SHORT .0070A1E5 ; jichi: jump to leave if text[0xc] <= 0x1 + * 0070A1B4 8B87 84020000 MOV EAX,DWORD PTR DS:[EDI+0x284] + * 0070A1BA 66:8378 FC 46 CMP WORD PTR DS:[EAX-0x4],0x46 + * 0070A1BF 75 24 JNZ SHORT .0070A1E5 + * 0070A1C1 8378 F8 22 CMP DWORD PTR DS:[EAX-0x8],0x22 + * 0070A1C5 74 16 JE SHORT .0070A1DD + * 0070A1C7 8378 F8 13 CMP DWORD PTR DS:[EAX-0x8],0x13 + * 0070A1CB 75 18 JNZ SHORT .0070A1E5 + * 0070A1CD 90 NOP + * 0070A1CE 90 NOP + * 0070A1CF 90 NOP + * 0070A1D0 90 NOP + * 0070A1D1 90 NOP + * 0070A1D2 90 NOP + * 0070A1D3 90 NOP + * 0070A1D4 90 NOP + * 0070A1D5 90 NOP + * 0070A1D6 90 NOP + * 0070A1D7 90 NOP + * 0070A1D8 90 NOP + * 0070A1D9 90 NOP + * 0070A1DA 90 NOP + * 0070A1DB 90 NOP + * 0070A1DC 90 NOP + * 0070A1DD E8 06000000 CALL .0070A1E8 + * 0070A1E2 58 POP EAX + * 0070A1E3 ^EB B5 JMP SHORT .0070A19A + * 0070A1E5 58 POP EAX + * 0070A1E6 ^EB B7 JMP SHORT .0070A19F + * 0070A1E8 60 PUSHAD + * 0070A1E9 8B74E4 28 MOV ESI,DWORD PTR SS:[ESP+0x28] + * 0070A1ED BF E00B7A00 MOV EDI,.007A0BE0 + * 0070A1F2 897CE4 28 MOV DWORD PTR SS:[ESP+0x28],EDI + * 0070A1F6 B9 0C000000 MOV ECX,0xC + * 0070A1FB F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI] + * 0070A1FD 61 POPAD + * 0070A1FE C3 RETN + * 0070A1FF 0000 ADD BYTE PTR DS:[EAX],AL + * 0070A201 0000 ADD BYTE PTR DS:[EAX],AL + * 0070A203 0000 ADD BYTE PTR DS:[EAX],AL + * + * Modified places: + * + * 005E391C CC INT3 + * 005E391D CC INT3 + * 005E391E CC INT3 + * 005E391F CC INT3 + * 005E3920 55 PUSH EBP + * 005E3921 8BEC MOV EBP,ESP + * 005E3923 83E4 C0 AND ESP,0xFFFFFFC0 + * 005E3926 83EC 34 SUB ESP,0x34 + * 005E3929 53 PUSH EBX + * 005E392A 8B5D 08 MOV EBX,DWORD PTR SS:[EBP+0x8] + * 005E392D 817B 04 00010000 CMP DWORD PTR DS:[EBX+0x4],0x100 + * 005E3934 56 PUSH ESI + * 005E3935 57 PUSH EDI + * 005E3936 8B7D 0C MOV EDI,DWORD PTR SS:[EBP+0xC] + * 005E3939 8BF0 MOV ESI,EAX + * 005E393B EB 67 JMP SHORT .005E39A4 ; jichi: here modified point#1, change to always jump to 5e39a4, when enabled it will change font size + * 005E393D 8D4424 28 LEA EAX,DWORD PTR SS:[ESP+0x28] + * 005E3941 50 PUSH EAX + * 005E3942 8D4C24 30 LEA ECX,DWORD PTR SS:[ESP+0x30] + * + * 004EEA6E CC INT3 + * 004EEA6F CC INT3 + * 004EEA70 6A FF PUSH -0x1 + * 004EEA72 68 E8267000 PUSH .007026E8 + * 004EEA77 64:A1 00000000 MOV EAX,DWORD PTR FS:[0] + * 004EEA7D 50 PUSH EAX + * 004EEA7E 83EC 20 SUB ESP,0x20 + * 004EEA81 A1 DCC47700 MOV EAX,DWORD PTR DS:[0x77C4DC] + * 004EEA86 33C4 XOR EAX,ESP + * 004EEA88 894424 1C MOV DWORD PTR SS:[ESP+0x1C],EAX + * 004EEA8C 53 PUSH EBX + * 004EEA8D 55 PUSH EBP + * 004EEA8E 56 PUSH ESI + * 004EEA8F 57 PUSH EDI + * 004EEA90 A1 DCC47700 MOV EAX,DWORD PTR DS:[0x77C4DC] + * 004EEA95 33C4 XOR EAX,ESP + * 004EEA97 50 PUSH EAX + * 004EEA98 8D4424 34 LEA EAX,DWORD PTR SS:[ESP+0x34] + * 004EEA9C 64:A3 00000000 MOV DWORD PTR FS:[0],EAX + * 004EEAA2 8B4424 44 MOV EAX,DWORD PTR SS:[ESP+0x44] + * 004EEAA6 8BF1 MOV ESI,ECX + * 004EEAA8 E8 8346FBFF CALL .004A3130 + * 004EEAAD 8BE8 MOV EBP,EAX + * 004EEAAF 33DB XOR EBX,EBX + * 004EEAB1 3BEB CMP EBP,EBX + * 004EEAB3 75 07 JNZ SHORT .004EEABC + * 004EEAB5 32C0 XOR AL,AL + * 004EEAB7 E9 92000000 JMP .004EEB4E + * 004EEABC 8B06 MOV EAX,DWORD PTR DS:[ESI] + * 004EEABE 8B10 MOV EDX,DWORD PTR DS:[EAX] + * 004EEAC0 8BCE MOV ECX,ESI + * 004EEAC2 FFD2 CALL EDX + * 004EEAC4 8BC8 MOV ECX,EAX + * 004EEAC6 C74424 28 0F0000>MOV DWORD PTR SS:[ESP+0x28],0xF + * 004EEACE 895C24 24 MOV DWORD PTR SS:[ESP+0x24],EBX + * 004EEAD2 885C24 14 MOV BYTE PTR SS:[ESP+0x14],BL + * 004EEAD6 8D71 01 LEA ESI,DWORD PTR DS:[ECX+0x1] + * 004EEAD9 8DA424 00000000 LEA ESP,DWORD PTR SS:[ESP] + * 004EEAE0 8A11 MOV DL,BYTE PTR DS:[ECX] + * 004EEAE2 41 INC ECX + * 004EEAE3 3AD3 CMP DL,BL + * 004EEAE5 ^75 F9 JNZ SHORT .004EEAE0 + * 004EEAE7 2BCE SUB ECX,ESI + * 004EEAE9 50 PUSH EAX + * 004EEAEA 8BF9 MOV EDI,ECX + * 004EEAEC 8D7424 18 LEA ESI,DWORD PTR SS:[ESP+0x18] + * 004EEAF0 E8 CB27F1FF CALL .004012C0 + * 004EEAF5 8B7C24 48 MOV EDI,DWORD PTR SS:[ESP+0x48] + * 004EEAF9 895C24 3C MOV DWORD PTR SS:[ESP+0x3C],EBX + * 004EEAFD 8B75 3C MOV ESI,DWORD PTR SS:[EBP+0x3C] + * 004EEB00 E8 1B4A0100 CALL .00503520 + * 004EEB05 8BF8 MOV EDI,EAX + * 004EEB07 8DB7 E4000000 LEA ESI,DWORD PTR DS:[EDI+0xE4] + * 004EEB0D 8D4424 14 LEA EAX,DWORD PTR SS:[ESP+0x14] + * 004EEB11 8BD6 MOV EDX,ESI + * 004EEB13 E8 985CF1FF CALL .004047B0 + * 004EEB18 BD 10000000 MOV EBP,0x10 + * 004EEB1D 84C0 TEST AL,AL + * 004EEB1F 75 18 JNZ SHORT .004EEB39 + * 004EEB21 895E 10 MOV DWORD PTR DS:[ESI+0x10],EBX + * 004EEB24 396E 14 CMP DWORD PTR DS:[ESI+0x14],EBP + * 004EEB27 72 02 JB SHORT .004EEB2B + * 004EEB29 8B36 MOV ESI,DWORD PTR DS:[ESI] + * 004EEB2B 8D4424 14 LEA EAX,DWORD PTR SS:[ESP+0x14] + * 004EEB2F 50 PUSH EAX + * 004EEB30 8BCF MOV ECX,EDI + * 004EEB32 881E MOV BYTE PTR DS:[ESI],BL + * 004EEB34 E9 13B62100 JMP .0070A14C ; jichi: here hookpoint#2, name is modified here, scenario and names are here accessed char by char on the top of the stack + * 004EEB39 396C24 28 CMP DWORD PTR SS:[ESP+0x28],EBP + * 004EEB3D 72 0D JB SHORT .004EEB4C + * 004EEB3F 8B4C24 14 MOV ECX,DWORD PTR SS:[ESP+0x14] + * 004EEB43 51 PUSH ECX + * 004EEB44 E8 42DC1900 CALL .0068C78B + * 004EEB49 83C4 04 ADD ESP,0x4 + * 004EEB4C B0 01 MOV AL,0x1 + * 004EEB4E 8B4C24 34 MOV ECX,DWORD PTR SS:[ESP+0x34] + * 004EEB52 64:890D 00000000 MOV DWORD PTR FS:[0],ECX + * 004EEB59 59 POP ECX + * 004EEB5A 5F POP EDI + * 004EEB5B 5E POP ESI + * 004EEB5C 5D POP EBP + * 004EEB5D 5B POP EBX + * 004EEB5E 8B4C24 1C MOV ECX,DWORD PTR SS:[ESP+0x1C] + * 004EEB62 33CC XOR ECX,ESP + * 004EEB64 E8 9CD61900 CALL .0068C205 + * 004EEB69 83C4 2C ADD ESP,0x2C + * 004EEB6C C3 RETN + * 004EEB6D CC INT3 + * 004EEB6E CC INT3 + * + * 005C70EE CC INT3 + * 005C70EF CC INT3 + * 005C70F0 83EC 18 SUB ESP,0x18 + * 005C70F3 A1 DCC47700 MOV EAX,DWORD PTR DS:[0x77C4DC] + * 005C70F8 33C4 XOR EAX,ESP + * 005C70FA 894424 14 MOV DWORD PTR SS:[ESP+0x14],EAX + * 005C70FE 53 PUSH EBX + * 005C70FF 8B5C24 20 MOV EBX,DWORD PTR SS:[ESP+0x20] + * 005C7103 55 PUSH EBP + * 005C7104 8B6C24 2C MOV EBP,DWORD PTR SS:[ESP+0x2C] + * 005C7108 8B45 1C MOV EAX,DWORD PTR SS:[EBP+0x1C] + * 005C710B 56 PUSH ESI + * 005C710C 8BF2 MOV ESI,EDX + * 005C710E 57 PUSH EDI + * 005C710F 8BF9 MOV EDI,ECX + * 005C7111 897424 10 MOV DWORD PTR SS:[ESP+0x10],ESI + * 005C7115 83F8 44 CMP EAX,0x44 + * 005C7118 77 7A JA SHORT .005C7194 + * 005C711A 0FB680 7C735C00 MOVZX EAX,BYTE PTR DS:[EAX+0x5C737C] + * 005C7121 FF2485 60735C00 JMP DWORD PTR DS:[EAX*4+0x5C7360] + * 005C7128 8B4B 0C MOV ECX,DWORD PTR DS:[EBX+0xC] + * 005C712B 8B4424 30 MOV EAX,DWORD PTR SS:[ESP+0x30] + * 005C712F C1E9 02 SHR ECX,0x2 + * 005C7132 3BC1 CMP EAX,ECX + * 005C7134 73 5E JNB SHORT .005C7194 + * 005C7136 837B 0C 00 CMP DWORD PTR DS:[EBX+0xC],0x0 + * 005C713A 75 1C JNZ SHORT .005C7158 + * 005C713C 33DB XOR EBX,EBX + * 005C713E 5F POP EDI + * 005C713F 893483 MOV DWORD PTR DS:[EBX+EAX*4],ESI + * 005C7142 5E POP ESI + * 005C7143 5D POP EBP + * 005C7144 B0 01 MOV AL,0x1 + * 005C7146 5B POP EBX + * 005C7147 8B4C24 14 MOV ECX,DWORD PTR SS:[ESP+0x14] + * 005C714B 33CC XOR ECX,ESP + * 005C714D E8 B3500C00 CALL .0068C205 + * 005C7152 83C4 18 ADD ESP,0x18 + * 005C7155 C2 0C00 RETN 0xC + * 005C7158 8B5B 08 MOV EBX,DWORD PTR DS:[EBX+0x8] + * 005C715B 5F POP EDI + * 005C715C 893483 MOV DWORD PTR DS:[EBX+EAX*4],ESI + * 005C715F 5E POP ESI + * 005C7160 5D POP EBP + * 005C7161 B0 01 MOV AL,0x1 + * 005C7163 5B POP EBX + * 005C7164 8B4C24 14 MOV ECX,DWORD PTR SS:[ESP+0x14] + * 005C7168 33CC XOR ECX,ESP + * 005C716A E8 96500C00 CALL .0068C205 + * 005C716F 83C4 18 ADD ESP,0x18 + * 005C7172 C2 0C00 RETN 0xC + * 005C7175 F3:0F104424 10 MOVSS XMM0,DWORD PTR SS:[ESP+0x10] + * 005C717B 51 PUSH ECX + * 005C717C 8B4C24 34 MOV ECX,DWORD PTR SS:[ESP+0x34] + * 005C7180 8BC3 MOV EAX,EBX + * 005C7182 F3:0F110424 MOVSS DWORD PTR SS:[ESP],XMM0 + * 005C7187 E8 14C7FFFF CALL .005C38A0 + * 005C718C 84C0 TEST AL,AL + * 005C718E 0F85 B2010000 JNZ .005C7346 + * 005C7194 5F POP EDI + * 005C7195 5E POP ESI + * 005C7196 5D POP EBP + * 005C7197 32C0 XOR AL,AL + * 005C7199 5B POP EBX + * 005C719A 8B4C24 14 MOV ECX,DWORD PTR SS:[ESP+0x14] + * 005C719E 33CC XOR ECX,ESP + * 005C71A0 E8 60500C00 CALL .0068C205 + * 005C71A5 83C4 18 ADD ESP,0x18 + * 005C71A8 C2 0C00 RETN 0xC + * 005C71AB 8B4C24 30 MOV ECX,DWORD PTR SS:[ESP+0x30] + * 005C71AF 8D5424 10 LEA EDX,DWORD PTR SS:[ESP+0x10] + * 005C71B3 52 PUSH EDX + * 005C71B4 8BC3 MOV EAX,EBX + * 005C71B6 E8 25C7FFFF CALL .005C38E0 + * 005C71BB 84C0 TEST AL,AL + * 005C71BD ^74 D5 JE SHORT .005C7194 + * 005C71BF 8B4C24 10 MOV ECX,DWORD PTR SS:[ESP+0x10] + * 005C71C3 8BC7 MOV EAX,EDI + * 005C71C5 E8 D6F0FFFF CALL .005C62A0 + * 005C71CA 8BD8 MOV EBX,EAX + * 005C71CC 8BCE MOV ECX,ESI + * 005C71CE 8BC7 MOV EAX,EDI + * 005C71D0 E8 CBF0FFFF CALL .005C62A0 + * 005C71D5 85DB TEST EBX,EBX + * 005C71D7 ^74 BB JE SHORT .005C7194 + * 005C71D9 85C0 TEST EAX,EAX + * 005C71DB ^74 B7 JE SHORT .005C7194 + * 005C71DD 50 PUSH EAX + * 005C71DE 8BC3 MOV EAX,EBX + * 005C71E0 E8 2BCFFFFF CALL .005C4110 ; original function call + * //005C71E0 E9 482F1400 JMP .0070A12D ; jichi: here hookpoint#3, text is modified here, text in [[esp]+0x8]], length in [esp]+0xc + * 005C71E5 ^EB A5 JMP SHORT .005C718C + * 005C71E7 8B47 08 MOV EAX,DWORD PTR DS:[EDI+0x8] + * 005C71EA 8B4F 0C MOV ECX,DWORD PTR DS:[EDI+0xC] + * 005C71ED 2BC8 SUB ECX,EAX + * 005C71EF C1F9 02 SAR ECX,0x2 + * 005C71F2 3BF1 CMP ESI,ECX + * 005C71F4 ^73 9E JNB SHORT .005C7194 + * 005C71F6 8B34B0 MOV ESI,DWORD PTR DS:[EAX+ESI*4] + * 005C71F9 85F6 TEST ESI,ESI + * 005C71FB ^74 97 JE SHORT .005C7194 + * + * 005B640E CC INT3 + * 005B640F CC INT3 + * 005B6410 53 PUSH EBX + * 005B6411 56 PUSH ESI + * 005B6412 B9 FCFFFFFF MOV ECX,-0x4 + * 005B6417 57 PUSH EDI + * 005B6418 8BF8 MOV EDI,EAX + * 005B641A 018F B0020000 ADD DWORD PTR DS:[EDI+0x2B0],ECX + * 005B6420 8B87 B0020000 MOV EAX,DWORD PTR DS:[EDI+0x2B0] + * 005B6426 8B30 MOV ESI,DWORD PTR DS:[EAX] + * 005B6428 018F B0020000 ADD DWORD PTR DS:[EDI+0x2B0],ECX + * 005B642E 8B87 B0020000 MOV EAX,DWORD PTR DS:[EDI+0x2B0] + * 005B6434 8B08 MOV ECX,DWORD PTR DS:[EAX] + * 005B6436 8B87 E0010000 MOV EAX,DWORD PTR DS:[EDI+0x1E0] + * 005B643C 2B87 DC010000 SUB EAX,DWORD PTR DS:[EDI+0x1DC] + * 005B6442 C1F8 02 SAR EAX,0x2 + * 005B6445 3BF0 CMP ESI,EAX + * 005B6447 73 0D JNB SHORT .005B6456 + * 005B6449 8B87 DC010000 MOV EAX,DWORD PTR DS:[EDI+0x1DC] + * 005B644F 8B14B0 MOV EDX,DWORD PTR DS:[EAX+ESI*4] + * 005B6452 85D2 TEST EDX,EDX + * 005B6454 75 13 JNZ SHORT .005B6469 + * 005B6456 68 70757200 PUSH .00727570 + * 005B645B 8BCF MOV ECX,EDI + * 005B645D E8 AEC9FFFF CALL .005B2E10 + * 005B6462 83C4 04 ADD ESP,0x4 + * 005B6465 5F POP EDI + * 005B6466 5E POP ESI + * 005B6467 5B POP EBX + * 005B6468 C3 RETN + * 005B6469 8B9F E0010000 MOV EBX,DWORD PTR DS:[EDI+0x1E0] + * 005B646F 2BD8 SUB EBX,EAX + * 005B6471 C1FB 02 SAR EBX,0x2 + * 005B6474 3BCB CMP ECX,EBX + * 005B6476 73 07 JNB SHORT .005B647F + * 005B6478 8B0488 MOV EAX,DWORD PTR DS:[EAX+ECX*4] + * 005B647B 85C0 TEST EAX,EAX + * 005B647D 75 14 JNZ SHORT .005B6493 + * 005B647F 51 PUSH ECX + * 005B6480 68 A0757200 PUSH .007275A0 + * 005B6485 8BCF MOV ECX,EDI + * 005B6487 E8 84C9FFFF CALL .005B2E10 + * 005B648C 83C4 08 ADD ESP,0x8 + * 005B648F 5F POP EDI + * 005B6490 5E POP ESI + * 005B6491 5B POP EBX + * 005B6492 C3 RETN + * 005B6493 52 PUSH EDX + * 005B6494 E8 77DC0000 CALL .005C4110 + * //005B6494 E9 103D1500 JMP .0070A1A9 ; jichi: here hookpoint#4 + * 005B6499 84C0 TEST AL,AL + * 005B649B 75 16 JNZ SHORT .005B64B3 + * 005B649D 68 D4757200 PUSH .007275D4 + * 005B64A2 B9 F0757200 MOV ECX,.007275F0 ; ASCII "S_ASSIGN" + * 005B64A7 E8 84C8FFFF CALL .005B2D30 + * 005B64AC 83C4 04 ADD ESP,0x4 + * 005B64AF 5F POP EDI + * 005B64B0 5E POP ESI + * 005B64B1 5B POP EBX + * 005B64B2 C3 RETN + * 005B64B3 8B8F B0020000 MOV ECX,DWORD PTR DS:[EDI+0x2B0] + * 005B64B9 8931 MOV DWORD PTR DS:[ECX],ESI + * 005B64BB 8387 B0020000 04 ADD DWORD PTR DS:[EDI+0x2B0],0x4 + * 005B64C2 5F POP EDI + * 005B64C3 5E POP ESI + * 005B64C4 5B POP EBX + * 005B64C5 C3 RETN + * 005B64C6 CC INT3 + * 005B64C7 CC INT3 + * 005B64C8 CC INT3 + * + * Slightly modified #4 in AliceRunPatch.dll + * 101B6C10 5B POP EBX + * 101B6C11 59 POP ECX + * 101B6C12 C3 RETN + * 101B6C13 52 PUSH EDX + * 101B6C14 8BC1 MOV EAX,ECX + * 101B6C16 E9 4E7D1600 JMP .1031E969 ; jichi: hook here + * 101B6C1B 84C0 TEST AL,AL + * 101B6C1D 75 18 JNZ SHORT .101B6C37 + * 101B6C1F 68 FCB53310 PUSH .1033B5FC + * 101B6C24 B9 18B63310 MOV ECX,.1033B618 ; ASCII "S_ASSIGN" + * 101B6C29 E8 92B8FFFF CALL .101B24C0 + * 101B6C2E 83C4 04 ADD ESP,0x4 + * 101B6C31 5F POP EDI + * 101B6C32 5E POP ESI + * 101B6C33 5D POP EBP + * 101B6C34 5B POP EBX + * 101B6C35 59 POP ECX + * 101B6C36 C3 RETN + * 101B6C37 53 PUSH EBX + * 101B6C38 56 PUSH ESI + * 101B6C39 E8 E29C0100 CALL .101D0920 + * 101B6C3E 5F POP EDI + * 101B6C3F 5E POP ESI + * 101B6C40 5D POP EBP + * 101B6C41 5B POP EBX + * 101B6C42 59 POP ECX + * 101B6C43 C3 RETN + * 101B6C44 CC INT3 + * 101B6C45 CC INT3 + * 101B6C46 CC INT3 + * + * The function get called to paint string of names for hookpoint #2, text in arg1: + * 0050B69E CC INT3 + * 0050B69F CC INT3 + * 0050B6A0 55 PUSH EBP + * 0050B6A1 8BEC MOV EBP,ESP + * 0050B6A3 83E4 F8 AND ESP,0xFFFFFFF8 + * 0050B6A6 6A FF PUSH -0x1 + * 0050B6A8 68 F8277000 PUSH .007027F8 + * 0050B6AD 64:A1 00000000 MOV EAX,DWORD PTR FS:[0] + * 0050B6B3 50 PUSH EAX + * 0050B6B4 83EC 18 SUB ESP,0x18 + * 0050B6B7 53 PUSH EBX + * 0050B6B8 56 PUSH ESI + * 0050B6B9 57 PUSH EDI + * 0050B6BA A1 DCC47700 MOV EAX,DWORD PTR DS:[0x77C4DC] + * 0050B6BF 33C4 XOR EAX,ESP + * 0050B6C1 50 PUSH EAX + * 0050B6C2 8D4424 28 LEA EAX,DWORD PTR SS:[ESP+0x28] + * 0050B6C6 64:A3 00000000 MOV DWORD PTR FS:[0],EAX + * 0050B6CC 8BF9 MOV EDI,ECX + * 0050B6CE 57 PUSH EDI + * 0050B6CF E8 5CEAFFFF CALL .0050A130 + * 0050B6D4 8B45 08 MOV EAX,DWORD PTR SS:[EBP+0x8] + * 0050B6D7 6A FF PUSH -0x1 + * 0050B6D9 33DB XOR EBX,EBX + * 0050B6DB 53 PUSH EBX + * 0050B6DC 8DB7 E4000000 LEA ESI,DWORD PTR DS:[EDI+0xE4] + * 0050B6E2 50 PUSH EAX + * 0050B6E3 E8 886BEFFF CALL .00402270 + * 0050B6E8 895C24 14 MOV DWORD PTR SS:[ESP+0x14],EBX + * 0050B6EC 895C24 18 MOV DWORD PTR SS:[ESP+0x18],EBX + * 0050B6F0 895C24 1C MOV DWORD PTR SS:[ESP+0x1C],EBX + * 0050B6F4 56 PUSH ESI + * 0050B6F5 8D4C24 18 LEA ECX,DWORD PTR SS:[ESP+0x18] + * 0050B6F9 51 PUSH ECX + * 0050B6FA 57 PUSH EDI + * 0050B6FB 895C24 3C MOV DWORD PTR SS:[ESP+0x3C],EBX + * 0050B6FF E8 6C290000 CALL .0050E070 + * 0050B704 8D5424 14 LEA EDX,DWORD PTR SS:[ESP+0x14] + * 0050B708 8BCF MOV ECX,EDI + * 0050B70A E8 B1010000 CALL .0050B8C0 + * 0050B70F 8B7424 14 MOV ESI,DWORD PTR SS:[ESP+0x14] + * 0050B713 C687 E0000000 01 MOV BYTE PTR DS:[EDI+0xE0],0x1 + * 0050B71A 3BF3 CMP ESI,EBX + * 0050B71C 74 14 JE SHORT .0050B732 + * 0050B71E 8B7C24 18 MOV EDI,DWORD PTR SS:[ESP+0x18] + * 0050B722 8BC6 MOV EAX,ESI + * 0050B724 E8 7751F0FF CALL .004108A0 + * 0050B729 56 PUSH ESI + * 0050B72A E8 5C101800 CALL .0068C78B + * 0050B72F 83C4 04 ADD ESP,0x4 + * 0050B732 8B4C24 28 MOV ECX,DWORD PTR SS:[ESP+0x28] + * 0050B736 64:890D 00000000 MOV DWORD PTR FS:[0],ECX + * 0050B73D 59 POP ECX + * 0050B73E 5F POP EDI + * 0050B73F 5E POP ESI + * 0050B740 5B POP EBX + * 0050B741 8BE5 MOV ESP,EBP + * 0050B743 5D POP EBP + * 0050B744 C2 0400 RETN 0x4 + * 0050B747 CC INT3 + * 0050B748 CC INT3 + * 0050B749 CC INT3 + * 0050B74A CC INT3 + * 0050B74B CC INT3 + * 0050B74C CC INT3 + * + * Function get called for hookpoint #3, text in [arg1+0x10], length in arg1+0xc, only for scenario, function call is looped + * 005C410D CC INT3 + * 005C410E CC INT3 + * 005C410F CC INT3 + * 005C4110 53 PUSH EBX + * 005C4111 8B5C24 08 MOV EBX,DWORD PTR SS:[ESP+0x8] + * 005C4115 837B 0C 00 CMP DWORD PTR DS:[EBX+0xC],0x0 + * 005C4119 56 PUSH ESI + * 005C411A 57 PUSH EDI + * 005C411B 8BF0 MOV ESI,EAX + * 005C411D 74 07 JE SHORT .005C4126 + * 005C411F 8B43 08 MOV EAX,DWORD PTR DS:[EBX+0x8] + * 005C4122 85C0 TEST EAX,EAX + * 005C4124 75 04 JNZ SHORT .005C412A + * 005C4126 33C0 XOR EAX,EAX + * 005C4128 EB 0F JMP SHORT .005C4139 + * 005C412A 8D50 01 LEA EDX,DWORD PTR DS:[EAX+0x1] + * 005C412D 8D49 00 LEA ECX,DWORD PTR DS:[ECX] + * 005C4130 8A08 MOV CL,BYTE PTR DS:[EAX] + * 005C4132 40 INC EAX + * 005C4133 84C9 TEST CL,CL + * 005C4135 ^75 F9 JNZ SHORT .005C4130 + * 005C4137 2BC2 SUB EAX,EDX + * 005C4139 8D78 01 LEA EDI,DWORD PTR DS:[EAX+0x1] + * 005C413C 3B7E 0C CMP EDI,DWORD PTR DS:[ESI+0xC] + * 005C413F 76 0F JBE SHORT .005C4150 + * 005C4141 E8 FAF7FFFF CALL .005C3940 + * 005C4146 84C0 TEST AL,AL + * 005C4148 75 06 JNZ SHORT .005C4150 + * 005C414A 5F POP EDI + * 005C414B 5E POP ESI + * 005C414C 5B POP EBX + * 005C414D C2 0400 RETN 0x4 + * 005C4150 837B 0C 00 CMP DWORD PTR DS:[EBX+0xC],0x0 + * 005C4154 75 04 JNZ SHORT .005C415A + * 005C4156 33C9 XOR ECX,ECX + * 005C4158 EB 03 JMP SHORT .005C415D + * 005C415A 8B4B 08 MOV ECX,DWORD PTR DS:[EBX+0x8] + * 005C415D 837E 0C 00 CMP DWORD PTR DS:[ESI+0xC],0x0 + * 005C4161 75 15 JNZ SHORT .005C4178 + * 005C4163 57 PUSH EDI + * 005C4164 33C0 XOR EAX,EAX + * 005C4166 51 PUSH ECX + * 005C4167 50 PUSH EAX + * 005C4168 E8 33400D00 CALL .006981A0 + * 005C416D 83C4 0C ADD ESP,0xC + * 005C4170 5F POP EDI + * 005C4171 5E POP ESI + * 005C4172 B0 01 MOV AL,0x1 + * 005C4174 5B POP EBX + * 005C4175 C2 0400 RETN 0x4 + * 005C4178 8B46 08 MOV EAX,DWORD PTR DS:[ESI+0x8] + * 005C417B 57 PUSH EDI + * 005C417C 51 PUSH ECX + * 005C417D 50 PUSH EAX + * 005C417E E8 1D400D00 CALL .006981A0 + * 005C4183 83C4 0C ADD ESP,0xC + * 005C4186 5F POP EDI + * 005C4187 5E POP ESI + * 005C4188 B0 01 MOV AL,0x1 + * 005C418A 5B POP EBX + * 005C418B C2 0400 RETN 0x4 + * 005C418E CC INT3 + */ +static bool InsertSystem43NewHook(ULONG startAddress, ULONG stopAddress, LPCSTR hookName) +{ + const BYTE bytes[] = { + 0xe8, XX4, // 004eeb34 e8 67cb0100 call .0050b6a0 ; jichi: hook here, text on the top of the stack + 0x39,0x6c,0x24, 0x28, // 004eeb39 396c24 28 cmp dword ptr ss:[esp+0x28],ebp + 0x72, 0x0d, // 004eeb3d 72 0d jb short .004eeb4c + 0x8b,0x4c,0x24, 0x14, // 004eeb3f 8b4c24 14 mov ecx,dword ptr ss:[esp+0x14] + 0x51, // 004eeb43 51 push ecx + 0xe8 //, XX4, // 004eeb44 e8 42dc1900 call .0068c78b + }; + enum { addr_offset = 0 }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + //GROWL_DWORD(addr); + if (!addr) { + ConsoleOutput("System43+: pattern not found"); + return false; + } + + //addr = *(DWORD *)(addr+1) + addr + 5; // change to hook to the actual address of function being called + + HookParam hp; + hp.address = addr; + hp.type = NO_CONTEXT|USING_STRING|USING_SPLIT|SPLIT_INDIRECT; + //hp.type = NO_CONTEXT|USING_STRING|FIXING_SPLIT; + hp.split_index = 0x10; // use [[esp]+0x10] to differentiate name and thread + + // Only name can be modified here, where the value of split is 0x6, and text in 0x2 + + ConsoleOutput("INSERT System43+"); + + + ConsoleOutput("System43+: disable GDI hooks"); // disable hooking to TextOutA, which is cached + + return NewHook(hp, hookName); +} +bool System43New2Filter(LPVOID data, size_t *size, HookParam *) +{ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + + CharReplacer(text, len, '\n', ' '); + + if (cpp_strnstr(text, "${", *len)) { + StringFilterBetween(text, len, "${", 3, "}", 1); + } + + return true; +} + +bool InsertSystem43New2Hook() +{ + + /* + * Sample games: + * https://vndb.org/r84067 + */ + const BYTE bytes[] = { + 0xC7, 0x46, 0x10, XX4, // mov [esi+10],00000000 + 0x72, 0x02, // jb dohnadohna.exe+1BFA7E + 0x8B, 0x36, // mov esi,[esi] + 0x8B, 0x4C, 0x24, 0x14, // mov ecx,[esp+14] + 0x57, // push edi + 0xC6, 0x06, 0x00 // mov byte ptr [esi],00 << hook here + }; + enum { addr_offset = sizeof(bytes) - 3 }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + ConsoleOutput("System43new: pattern not found"); + return false; + } + HookParam hp; + hp.address = addr + addr_offset; + hp.offset=get_reg(regs::edx); + hp.split = get_reg(regs::esp); + hp.type = NO_CONTEXT | USING_STRING | USING_SPLIT; + hp.filter_fun = System43New2Filter; + ConsoleOutput("INSERT System43new"); + return NewHook(hp, "System43new"); +} +bool InsertSystem43Hook() +{ + if (InsertSystem43New2Hook()) + return true; + //bool patched = Util::CheckFile(L"AliceRunPatch.dll"); + bool patched = ::GetModuleHandleA("AliceRunPatch.dll"); + // Insert new hook first + bool ok = InsertSystem43OldHook(processStartAddress, processStopAddress, patched ? "AliceRunPatch43" : "System43"); + ok = InsertSystem43NewHook(processStartAddress, processStopAddress, "System43+") || ok; + return ok; +} + +namespace { // unnamed + +struct TextArgument // first argument of the scenario hook +{ + ULONG *unknown[2]; + LPCSTR text; + int size; // text data size including '\0', length = size - 1 + int capacity; + ULONG split; + + bool isValid() const + { + return size <= capacity && size >= 4 && text && ::strlen(text) + 1 == size // skip translating single text + //&& !Util::allAscii(text) + && (UINT8)text[0] > 127 && (UINT8)text[size - 3] > 127 // skip text beginning / ending with ascii + && !::strstr(text, "\x81\x5e"); // "/" + } +}; +enum : UINT64 { djb2_hash0 = 5381 }; + inline UINT64 djb2(const UINT8 *str, UINT64 hash = djb2_hash0) +{ + UINT8 c; + while ((c = *str++)) + hash = ((hash << 5) + hash) + c; // hash * 33 + c + return hash; +}inline UINT64 djb2_n2(const char* str, size_t len, UINT64 hash = djb2_hash0) +{ + while (len--) + hash = ((hash << 5) + hash) + (*str++); // hash * 33 + c + return hash; +} +inline UINT64 hashByteArraySTD(const std::string& b, UINT64 h = djb2_hash0) +{ + return djb2_n2(b.c_str(), b.size(), h); +} + inline UINT64 hashCharArray(const void *lp) +{ return djb2(reinterpret_cast(lp)); } +namespace ScenarioHook { + +namespace Private { + bool isOtherText(LPCSTR text) + { + static const char *s[] = { + "\x82\xa2\x82\xa2\x82\xa6" /* いいえ */ + , "\x82\xcd\x82\xa2" /* はい */ + }; + for (int i = 0; i < sizeof(s)/sizeof(*s); i++) + if (::strcmp(text, s[i]) == 0) + return true; + return false; + } + + TextArgument *arg_, + argValue_; + /** + * Sample game: Rance03 + * + * Caller that related to load/save, which is the only caller get kept: + * 005C68A7 8B86 74010000 MOV EAX,DWORD PTR DS:[ESI+0x174] + * 005C68AD 8B1CA8 MOV EBX,DWORD PTR DS:[EAX+EBP*4] + * 005C68B0 85DB TEST EBX,EBX + * 005C68B2 74 63 JE SHORT Rance03T.005C6917 + * 005C68B4 8B86 78010000 MOV EAX,DWORD PTR DS:[ESI+0x178] + * 005C68BA 2B86 74010000 SUB EAX,DWORD PTR DS:[ESI+0x174] + * 005C68C0 C1F8 02 SAR EAX,0x2 + * 005C68C3 3BD0 CMP EDX,EAX + * 005C68C5 73 3C JNB SHORT Rance03T.005C6903 + * 005C68C7 8B86 74010000 MOV EAX,DWORD PTR DS:[ESI+0x174] + * 005C68CD 8B0C90 MOV ECX,DWORD PTR DS:[EAX+EDX*4] + * 005C68D0 85C9 TEST ECX,ECX + * 005C68D2 74 2F JE SHORT Rance03T.005C6903 + * 005C68D4 53 PUSH EBX + * 005C68D5 -E9 26976B09 JMP 09C80000 ; jichi: called + * 005C68DA 84C0 TEST AL,AL + * 005C68DC 75 18 JNZ SHORT Rance03T.005C68F6 + * 005C68DE 68 94726E00 PUSH Rance03T.006E7294 + * 005C68E3 68 00736E00 PUSH Rance03T.006E7300 ; ASCII "S_ASSIGN" + * 005C68E8 56 PUSH ESI + * 005C68E9 E8 12BBFFFF CALL Rance03T.005C2400 + * 005C68EE 83C4 0C ADD ESP,0xC + * 005C68F1 5F POP EDI + * 005C68F2 5E POP ESI + * + * Caller of the scenario thread: + * + * 005D6F80 ^74 BE JE SHORT Rance03T.005D6F40 + * 005D6F82 85C0 TEST EAX,EAX + * 005D6F84 ^74 BA JE SHORT Rance03T.005D6F40 + * 005D6F86 50 PUSH EAX + * 005D6F87 8BCF MOV ECX,EDI + * 005D6F89 -E9 72907009 JMP 09CE0000 ; jichi: called here + * 005D6F8E ^EB A8 JMP SHORT Rance03T.005D6F38 + * 005D6F90 8B46 0C MOV EAX,DWORD PTR DS:[ESI+0xC] + * 005D6F93 2B46 08 SUB EAX,DWORD PTR DS:[ESI+0x8] + * 005D6F96 C1F8 02 SAR EAX,0x2 + * 005D6F99 3BD8 CMP EBX,EAX + * 005D6F9B ^73 A3 JNB SHORT Rance03T.005D6F40 + * 005D6F9D 8B46 08 MOV EAX,DWORD PTR DS:[ESI+0x8] + * 005D6FA0 8B1C98 MOV EBX,DWORD PTR DS:[EAX+EBX*4] + */ + std::unordered_set hashes_; + void hookafter2(hook_stack*s,void* data, size_t len){ + auto newData =std::string((char*)data,len); + static std::string data_; + data_ = newData; + auto arg = (TextArgument *)s->stack[0]; // arg1 + arg_ = arg; + argValue_ = *arg; + + arg->text = data_.c_str(); + arg->size = data_.size() + 1; + arg->capacity = arg->size; + + hashes_.insert(hashCharArray(arg->text)); + } + bool hookBefore(hook_stack*s,void* data, size_t* len1,uintptr_t*role) + { + static std::string data_; // persistent storage, which makes this function not thread-safe + + //auto split = s->stack[5]; // parent function return address + //auto split = s->stack[10]; // parent's parent function return address + //auto split = *(DWORD *)(s->ecx + 0x10); + auto split = *(DWORD *)(s->ecx + 0x34); + //auto split = *(DWORD *)(s->ecx + 0x48); + // 005C68DA 84C0 TEST AL,AL + //if (*(WORD *)retaddr == 0xc084) // otherwise system text will be translated + // return true; + //if (*(WORD *)retaddr != 0xc084) // only translate one caller + // return true; + // 005D6F8E ^EB A8 JMP SHORT Rance03T.005D6F38 + //if (*(WORD *)retaddr != 0xa8eb) // this function has 7 callers, and only one is kept + // return true; + if (split > 0xff || split && split < 0xf) + return false; + auto arg = (TextArgument *)s->stack[0]; // arg1 + if (!arg || !arg->isValid() + || hashes_.find(hashCharArray(arg->text)) != hashes_.end()) + return false; + if (arg->size < 0xf && split > 0 && !isOtherText(arg->text)) + return false; + //auto sig = Engine::hashThreadSignature(role, split); + //auto role = Engine::OtherRole; + * role = Engine::OtherRole; + if (!isOtherText(arg->text)) { + if (split == 0 && arg->size <= 0x10) + *role = Engine::NameRole; + else if (split >= 2 && split <= 0x14 && split != 3 && split != 0xb || split == 0x22) + *role = Engine::ScenarioRole; + } + std::string oldData = arg->text; + std::string newData = oldData+"XX"; + strcpy((char*)data,oldData.c_str());*len1=oldData.size(); + return true; + if (*role == Engine::NameRole || oldData == newData) // do not translate name + return false; + + data_ = newData; + + arg_ = arg; + argValue_ = *arg; + + arg->text = data_.c_str(); + arg->size = data_.size() + 1; + arg->capacity = arg->size; + + hashes_.insert(hashCharArray(arg->text)); + return true; + } + bool hookAfter(hook_stack*s,void* data, size_t* len1,uintptr_t*role) + { + if (arg_) { + *arg_ = argValue_; + arg_ = nullptr; + } + return false; + } +} // namespace Private + +/** + * Sample game: Rance03 + * + * Function that is similar to memcpy, found by debugging where game text get modified: + * + * 0069D84F CC INT3 + * 0069D850 57 PUSH EDI + * 0069D851 56 PUSH ESI + * 0069D852 8B7424 10 MOV ESI,DWORD PTR SS:[ESP+0x10] + * 0069D856 8B4C24 14 MOV ECX,DWORD PTR SS:[ESP+0x14] + * 0069D85A 8B7C24 0C MOV EDI,DWORD PTR SS:[ESP+0xC] + * 0069D85E 8BC1 MOV EAX,ECX + * 0069D860 8BD1 MOV EDX,ECX + * 0069D862 03C6 ADD EAX,ESI + * 0069D864 3BFE CMP EDI,ESI + * 0069D866 76 08 JBE SHORT Rance03T.0069D870 + * 0069D868 3BF8 CMP EDI,EAX + * 0069D86A 0F82 68030000 JB Rance03T.0069DBD8 + * 0069D870 0FBA25 5CC97500 >BT DWORD PTR DS:[0x75C95C],0x1 + * 0069D878 73 07 JNB SHORT Rance03T.0069D881 + * 0069D87A F3:A4 REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[ESI] + * 0069D87C E9 17030000 JMP Rance03T.0069DB98 + * 0069D881 81F9 80000000 CMP ECX,0x80 + * 0069D887 0F82 CE010000 JB Rance03T.0069DA5B + * 0069D88D 8BC7 MOV EAX,EDI + * 0069D88F 33C6 XOR EAX,ESI + * 0069D891 A9 0F000000 TEST EAX,0xF + * 0069D896 75 0E JNZ SHORT Rance03T.0069D8A6 + * 0069D898 0FBA25 10A47400 >BT DWORD PTR DS:[0x74A410],0x1 + * 0069D8A0 0F82 DA040000 JB Rance03T.0069DD80 + * 0069D8A6 0FBA25 5CC97500 >BT DWORD PTR DS:[0x75C95C],0x0 + * 0069D8AE 0F83 A7010000 JNB Rance03T.0069DA5B + * 0069D8B4 F7C7 03000000 TEST EDI,0x3 + * 0069D8BA 0F85 B8010000 JNZ Rance03T.0069DA78 + * 0069D8C0 F7C6 03000000 TEST ESI,0x3 + * 0069D8C6 0F85 97010000 JNZ Rance03T.0069DA63 + * 0069D8CC 0FBAE7 02 BT EDI,0x2 + * 0069D8D0 73 0D JNB SHORT Rance03T.0069D8DF + * 0069D8D2 8B06 MOV EAX,DWORD PTR DS:[ESI] + * 0069D8D4 83E9 04 SUB ECX,0x4 + * 0069D8D7 8D76 04 LEA ESI,DWORD PTR DS:[ESI+0x4] + * 0069D8DA 8907 MOV DWORD PTR DS:[EDI],EAX + * 0069D8DC 8D7F 04 LEA EDI,DWORD PTR DS:[EDI+0x4] + * 0069D8DF 0FBAE7 03 BT EDI,0x3 + * 0069D8E3 73 11 JNB SHORT Rance03T.0069D8F6 + * 0069D8E5 F3: PREFIX REP: ; Superfluous prefix + * 0069D8E6 0F7E0E MOVD DWORD PTR DS:[ESI],MM1 + * 0069D8E9 83E9 08 SUB ECX,0x8 + * 0069D8EC 8D76 08 LEA ESI,DWORD PTR DS:[ESI+0x8] + * 0069D8EF 66:0FD6 ??? ; Unknown command + * 0069D8F2 -0F8D 7F08F7C6 JGE C760E177 + * 0069D8F8 07 POP ES ; Modification of segment register + * 0069D8F9 0000 ADD BYTE PTR DS:[EAX],AL + * 0069D8FB 007463 0F ADD BYTE PTR DS:[EBX+0xF],DH + * 0069D8FF BA E6030F83 MOV EDX,0x830F03E6 + * 0069D904 B2 00 MOV DL,0x0 + * 0069D906 0000 ADD BYTE PTR DS:[EAX],AL + * 0069D908 66:0F6F4E F4 MOVQ MM1,QWORD PTR DS:[ESI-0xC] + * 0069D90D 8D76 F4 LEA ESI,DWORD PTR DS:[ESI-0xC] + * 0069D910 66:0F6F5E 10 MOVQ MM3,QWORD PTR DS:[ESI+0x10] + * 0069D915 83E9 30 SUB ECX,0x30 + * 0069D918 66:0F6F46 20 MOVQ MM0,QWORD PTR DS:[ESI+0x20] + * 0069D91D 66:0F6F6E 30 MOVQ MM5,QWORD PTR DS:[ESI+0x30] + * 0069D922 8D76 30 LEA ESI,DWORD PTR DS:[ESI+0x30] + * 0069D925 83F9 30 CMP ECX,0x30 + * 0069D928 66:0F6FD3 MOVQ MM2,MM3 + * 0069D92C 66:0F3A ??? ; Unknown command + * 0069D92F 0FD90C66 PSUBUSW MM1,QWORD PTR DS:[ESI] + * 0069D933 0F7F1F MOVQ QWORD PTR DS:[EDI],MM3 + * 0069D936 66:0F6FE0 MOVQ MM4,MM0 + * 0069D93A 66:0F3A ??? ; Unknown command + * 0069D93D 0FC20C66 0F CMPPS XMM1,DQWORD PTR DS:[ESI],0xF + * 0069D942 7F 47 JG SHORT Rance03T.0069D98B + * 0069D944 1066 0F ADC BYTE PTR DS:[ESI+0xF],AH + * 0069D947 6F OUTS DX,DWORD PTR ES:[EDI] ; I/O command + * 0069D948 CD 66 INT 0x66 + * 0069D94A 0F3A ??? ; Unknown command + * 0069D94C 0FEC0C66 PADDSB MM1,QWORD PTR DS:[ESI] + * 0069D950 0F7F6F 20 MOVQ QWORD PTR DS:[EDI+0x20],MM5 + * 0069D954 8D7F 30 LEA EDI,DWORD PTR DS:[EDI+0x30] + * 0069D957 ^7D B7 JGE SHORT Rance03T.0069D910 + * 0069D959 8D76 0C LEA ESI,DWORD PTR DS:[ESI+0xC] + * 0069D95C E9 AF000000 JMP Rance03T.0069DA10 + * 0069D961 66:0F6F4E F8 MOVQ MM1,QWORD PTR DS:[ESI-0x8] + * 0069D966 8D76 F8 LEA ESI,DWORD PTR DS:[ESI-0x8] + * 0069D969 8D49 00 LEA ECX,DWORD PTR DS:[ECX] + * 0069D96C 66:0F6F5E 10 MOVQ MM3,QWORD PTR DS:[ESI+0x10] + * 0069D971 83E9 30 SUB ECX,0x30 + * 0069D974 66:0F6F46 20 MOVQ MM0,QWORD PTR DS:[ESI+0x20] + * 0069D979 66:0F6F6E 30 MOVQ MM5,QWORD PTR DS:[ESI+0x30] + * 0069D97E 8D76 30 LEA ESI,DWORD PTR DS:[ESI+0x30] + * 0069D981 83F9 30 CMP ECX,0x30 + * 0069D984 66:0F6FD3 MOVQ MM2,MM3 + * 0069D988 66:0F3A ??? ; Unknown command + * 0069D98B 0FD908 PSUBUSW MM1,QWORD PTR DS:[EAX] + * 0069D98E 66:0F7F1F MOVQ QWORD PTR DS:[EDI],MM3 + * 0069D992 66:0F6FE0 MOVQ MM4,MM0 + * 0069D996 66:0F3A ??? ; Unknown command + * 0069D999 0FC208 66 CMPPS XMM1,DQWORD PTR DS:[EAX],0x66 + * 0069D99D 0F7F47 10 MOVQ QWORD PTR DS:[EDI+0x10],MM0 + * 0069D9A1 66:0F6FCD MOVQ MM1,MM5 + * 0069D9A5 66:0F3A ??? ; Unknown command + * 0069D9A8 0FEC08 PADDSB MM1,QWORD PTR DS:[EAX] + * 0069D9AB 66:0F7F6F 20 MOVQ QWORD PTR DS:[EDI+0x20],MM5 + * 0069D9B0 8D7F 30 LEA EDI,DWORD PTR DS:[EDI+0x30] + * 0069D9B3 ^7D B7 JGE SHORT Rance03T.0069D96C + * 0069D9B5 8D76 08 LEA ESI,DWORD PTR DS:[ESI+0x8] + * 0069D9B8 EB 56 JMP SHORT Rance03T.0069DA10 + * 0069D9BA 66:0F6F4E FC MOVQ MM1,QWORD PTR DS:[ESI-0x4] + * 0069D9BF 8D76 FC LEA ESI,DWORD PTR DS:[ESI-0x4] + * 0069D9C2 8BFF MOV EDI,EDI + * 0069D9C4 66:0F6F5E 10 MOVQ MM3,QWORD PTR DS:[ESI+0x10] + * 0069D9C9 83E9 30 SUB ECX,0x30 + * 0069D9CC 66:0F6F46 20 MOVQ MM0,QWORD PTR DS:[ESI+0x20] + * 0069D9D1 66:0F6F6E 30 MOVQ MM5,QWORD PTR DS:[ESI+0x30] + * 0069D9D6 8D76 30 LEA ESI,DWORD PTR DS:[ESI+0x30] + * 0069D9D9 83F9 30 CMP ECX,0x30 + * 0069D9DC 66:0F6FD3 MOVQ MM2,MM3 + * 0069D9E0 66:0F3A ??? ; Unknown command + * 0069D9E3 0FD90466 PSUBUSW MM0,QWORD PTR DS:[ESI] + * 0069D9E7 0F7F1F MOVQ QWORD PTR DS:[EDI],MM3 + * 0069D9EA 66:0F6FE0 MOVQ MM4,MM0 + * 0069D9EE 66:0F3A ??? ; Unknown command + * 0069D9F1 0FC20466 0F CMPPS XMM0,DQWORD PTR DS:[ESI],0xF + * 0069D9F6 7F 47 JG SHORT Rance03T.0069DA3F + * 0069D9F8 1066 0F ADC BYTE PTR DS:[ESI+0xF],AH + * 0069D9FB 6F OUTS DX,DWORD PTR ES:[EDI] ; I/O command + * 0069D9FC CD 66 INT 0x66 + * 0069D9FE 0F3A ??? ; Unknown command + * 0069DA00 0FEC0466 PADDSB MM0,QWORD PTR DS:[ESI] + * 0069DA04 0F7F6F 20 MOVQ QWORD PTR DS:[EDI+0x20],MM5 + * 0069DA08 8D7F 30 LEA EDI,DWORD PTR DS:[EDI+0x30] + * 0069DA0B ^7D B7 JGE SHORT Rance03T.0069D9C4 + * 0069DA0D 8D76 04 LEA ESI,DWORD PTR DS:[ESI+0x4] + * 0069DA10 83F9 10 CMP ECX,0x10 + * 0069DA13 7C 13 JL SHORT Rance03T.0069DA28 + * 0069DA15 F3: PREFIX REP: ; Superfluous prefix + * 0069DA16 0F6F0E MOVQ MM1,QWORD PTR DS:[ESI] + * 0069DA19 83E9 10 SUB ECX,0x10 + * 0069DA1C 8D76 10 LEA ESI,DWORD PTR DS:[ESI+0x10] + * 0069DA1F 66:0F7F0F MOVQ QWORD PTR DS:[EDI],MM1 + * 0069DA23 8D7F 10 LEA EDI,DWORD PTR DS:[EDI+0x10] + * 0069DA26 ^EB E8 JMP SHORT Rance03T.0069DA10 + * 0069DA28 0FBAE1 02 BT ECX,0x2 + * 0069DA2C 73 0D JNB SHORT Rance03T.0069DA3B + * 0069DA2E 8B06 MOV EAX,DWORD PTR DS:[ESI] + * 0069DA30 83E9 04 SUB ECX,0x4 + * 0069DA33 8D76 04 LEA ESI,DWORD PTR DS:[ESI+0x4] + * 0069DA36 8907 MOV DWORD PTR DS:[EDI],EAX + * 0069DA38 8D7F 04 LEA EDI,DWORD PTR DS:[EDI+0x4] + * 0069DA3B 0FBAE1 03 BT ECX,0x3 + * 0069DA3F 73 11 JNB SHORT Rance03T.0069DA52 + * 0069DA41 F3: PREFIX REP: ; Superfluous prefix + * 0069DA42 0F7E0E MOVD DWORD PTR DS:[ESI],MM1 + * 0069DA45 83E9 08 SUB ECX,0x8 + * 0069DA48 8D76 08 LEA ESI,DWORD PTR DS:[ESI+0x8] + * 0069DA4B 66:0FD6 ??? ; Unknown command + * 0069DA4E -0F8D 7F088B04 JGE 04F4E2D3 + * 0069DA54 8D88 DB6900FF LEA ECX,DWORD PTR DS:[EAX+0xFF0069DB] + * 0069DA5A ^E0 F7 LOOPDNE SHORT Rance03T.0069DA53 + * 0069DA5C C703 00000075 MOV DWORD PTR DS:[EBX],0x75000000 + * 0069DA62 15 C1E90283 ADC EAX,0x8302E9C1 + * 0069DA67 E2 03 LOOPD SHORT Rance03T.0069DA6C + * 0069DA69 83F9 08 CMP ECX,0x8 + * 0069DA6C 72 2A JB SHORT Rance03T.0069DA98 + * 0069DA6E F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI> + * 0069DA70 FF2495 88DB6900 JMP DWORD PTR DS:[EDX*4+0x69DB88] + * 0069DA77 90 NOP + * + * 0012F810 0B4D3F30 + * 0012F814 06128970 + * 0012F818 005D3E12 RETURN to Rance03T.005D3E12 from Rance03T.0069D850 + * 0012F81C 06160B98 ; jichi: target text + * 0012F820 07F8CA80 ; jichi: source text + * 0012F824 00000017 ; jichi: size including \0 + * 0012F828 00384460 + * 0012F82C 00384240 + * 0012F830 0B4D3F30 + * 0012F834 005C68DA RETURN to Rance03T.005C68DA from Rance03T.005D3D90 + * 0012F838 0B4D3F30 + * 0012F83C 0012FAA8 + * 0012F840 00384240 + * 0012F844 0012F85C + * 0012F848 0012FF18 + * 0012F84C 005C1693 RETURN to Rance03T.005C1693 from Rance03T.005C6870 + * 0012F850 0012FAA8 + * 0012F854 00384240 + * 0012F858 0000000F + * 0012F85C /0012FF3C + * + * Actual hooked function: + * 005D3D8B CC INT3 + * 005D3D8C CC INT3 + * 005D3D8D CC INT3 + * 005D3D8E CC INT3 + * 005D3D8F CC INT3 + * 005D3D90 53 PUSH EBX + * 005D3D91 56 PUSH ESI + * 005D3D92 8B7424 0C MOV ESI,DWORD PTR SS:[ESP+0xC] + * 005D3D96 57 PUSH EDI + * 005D3D97 8BF9 MOV EDI,ECX + * 005D3D99 837E 0C 00 CMP DWORD PTR DS:[ESI+0xC],0x0 + * 005D3D9D 74 1C JE SHORT Rance03T.005D3DBB + * 005D3D9F 8B56 08 MOV EDX,DWORD PTR DS:[ESI+0x8] + * 005D3DA2 85D2 TEST EDX,EDX + * 005D3DA4 74 15 JE SHORT Rance03T.005D3DBB + * 005D3DA6 8D4A 01 LEA ECX,DWORD PTR DS:[EDX+0x1] + * 005D3DA9 8DA424 00000000 LEA ESP,DWORD PTR SS:[ESP] + * 005D3DB0 8A02 MOV AL,BYTE PTR DS:[EDX] + * 005D3DB2 42 INC EDX + * 005D3DB3 84C0 TEST AL,AL + * 005D3DB5 ^75 F9 JNZ SHORT Rance03T.005D3DB0 + * 005D3DB7 2BD1 SUB EDX,ECX + * 005D3DB9 EB 02 JMP SHORT Rance03T.005D3DBD + * 005D3DBB 33D2 XOR EDX,EDX + * 005D3DBD 8D5A 01 LEA EBX,DWORD PTR DS:[EDX+0x1] + * 005D3DC0 3B5F 0C CMP EBX,DWORD PTR DS:[EDI+0xC] + * 005D3DC3 76 1A JBE SHORT Rance03T.005D3DDF + * 005D3DC5 53 PUSH EBX + * 005D3DC6 8D4F 04 LEA ECX,DWORD PTR DS:[EDI+0x4] + * 005D3DC9 C747 0C 00000000 MOV DWORD PTR DS:[EDI+0xC],0x0 + * 005D3DD0 E8 DB700700 CALL Rance03T.0064AEB0 + * 005D3DD5 84C0 TEST AL,AL + * 005D3DD7 75 06 JNZ SHORT Rance03T.005D3DDF + * 005D3DD9 5F POP EDI + * 005D3DDA 5E POP ESI + * 005D3DDB 5B POP EBX + * 005D3DDC C2 0400 RETN 0x4 + * 005D3DDF 837E 0C 00 CMP DWORD PTR DS:[ESI+0xC],0x0 + * 005D3DE3 75 04 JNZ SHORT Rance03T.005D3DE9 + * 005D3DE5 33C9 XOR ECX,ECX + * 005D3DE7 EB 03 JMP SHORT Rance03T.005D3DEC + * 005D3DE9 8B4E 08 MOV ECX,DWORD PTR DS:[ESI+0x8] + * 005D3DEC 837F 0C 00 CMP DWORD PTR DS:[EDI+0xC],0x0 + * 005D3DF0 75 15 JNZ SHORT Rance03T.005D3E07 + * 005D3DF2 53 PUSH EBX + * 005D3DF3 33C0 XOR EAX,EAX + * 005D3DF5 51 PUSH ECX + * 005D3DF6 50 PUSH EAX + * 005D3DF7 E8 549A0C00 CALL Rance03T.0069D850 + * 005D3DFC 83C4 0C ADD ESP,0xC + * 005D3DFF B0 01 MOV AL,0x1 + * 005D3E01 5F POP EDI + * 005D3E02 5E POP ESI + * 005D3E03 5B POP EBX + * 005D3E04 C2 0400 RETN 0x4 + * 005D3E07 8B47 08 MOV EAX,DWORD PTR DS:[EDI+0x8] + * 005D3E0A 53 PUSH EBX + * 005D3E0B 51 PUSH ECX + * 005D3E0C 50 PUSH EAX + * 005D3E0D -E9 EEC1A201 JMP 02000000 ; jichi: called here + * 005D3E12 83C4 0C ADD ESP,0xC + * 005D3E15 B0 01 MOV AL,0x1 + * 005D3E17 5F POP EDI + * 005D3E18 5E POP ESI + * 005D3E19 5B POP EBX + * 005D3E1A C2 0400 RETN 0x4 + * 005D3E1D CC INT3 + * 005D3E1E CC INT3 + * 005D3E1F CC INT3 + * + * Arg1 of this function: + * 07B743F8 90 7A 70 00 F4 87 70 00 70 0E 27 08 1B 00 00 00 諏p.p.p'... + * 07B74408 20 00 00 00 02 00 00 00 01 00 00 00 CC 7F 2D 00 .........フ-. + * 07B74418 B3 52 41 00 FF FF FF FF EC 87 70 00 10 E3 1D 08 ウRA.・p.・ + * + * Caller that preserved: + * 005C68A7 8B86 74010000 MOV EAX,DWORD PTR DS:[ESI+0x174] + * 005C68AD 8B1CA8 MOV EBX,DWORD PTR DS:[EAX+EBP*4] + * 005C68B0 85DB TEST EBX,EBX + * 005C68B2 74 63 JE SHORT Rance03T.005C6917 + * 005C68B4 8B86 78010000 MOV EAX,DWORD PTR DS:[ESI+0x178] + * 005C68BA 2B86 74010000 SUB EAX,DWORD PTR DS:[ESI+0x174] + * 005C68C0 C1F8 02 SAR EAX,0x2 + * 005C68C3 3BD0 CMP EDX,EAX + * 005C68C5 73 3C JNB SHORT Rance03T.005C6903 + * 005C68C7 8B86 74010000 MOV EAX,DWORD PTR DS:[ESI+0x174] + * 005C68CD 8B0C90 MOV ECX,DWORD PTR DS:[EAX+EDX*4] + * 005C68D0 85C9 TEST ECX,ECX + * 005C68D2 74 2F JE SHORT Rance03T.005C6903 + * 005C68D4 53 PUSH EBX + * 005C68D5 E8 B6D40000 CALL Rance03T.005D3D90 ; jichi: called + * 005C68DA 84C0 TEST AL,AL ; jichi: retaddr + * 005C68DC 75 18 JNZ SHORT Rance03T.005C68F6 + * 005C68DE 68 94726E00 PUSH Rance03T.006E7294 + * 005C68E3 68 00736E00 PUSH Rance03T.006E7300 ; ASCII "S_ASSIGN" + * 005C68E8 56 PUSH ESI + * 005C68E9 E8 12BBFFFF CALL Rance03T.005C2400 + * 005C68EE 83C4 0C ADD ESP,0xC + * 005C68F1 5F POP EDI + * 005C68F2 5E POP ESI + */ +bool attach(ULONG startAddress, ULONG stopAddress) +{ + const uint8_t bytes[] = { + 0x53, // 005D3D90 53 PUSH EBX + 0x56, // 005D3D91 56 PUSH ESI + 0x8B,0x74,0x24, 0x0C, // 005D3D92 8B7424 0C MOV ESI,DWORD PTR SS:[ESP+0xC] + 0x57, // 005D3D96 57 PUSH EDI + 0x8B,0xF9, // 005D3D97 8BF9 MOV EDI,ECX + 0x83,0x7E, 0x0C, 0x00, // 005D3D99 837E 0C 00 CMP DWORD PTR DS:[ESI+0xC],0x0 + 0x74, 0x1C, // 005D3D9D 74 1C JE SHORT Rance03T.005D3DBB + 0x8B,0x56, 0x08, // 005D3D9F 8B56 08 MOV EDX,DWORD PTR DS:[ESI+0x8] + 0x85,0xD2, // 005D3DA2 85D2 TEST EDX,EDX + 0x74, 0x15, // 005D3DA4 74 15 JE SHORT Rance03T.005D3DBB + 0x8D,0x4A, 0x01, // 005D3DA6 8D4A 01 LEA ECX,DWORD PTR DS:[EDX+0x1] + 0x8D,0xA4,0x24, 0x00,0x00,0x00,0x00, // 005D3DA9 8DA424 00000000 LEA ESP,DWORD PTR SS:[ESP] + 0x8A,0x02, // 005D3DB0 8A02 MOV AL,BYTE PTR DS:[EDX] + 0x42, // 005D3DB2 42 INC EDX + 0x84,0xC0 // 005D3DB3 84C0 TEST AL,AL + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if (!addr) + return false; + //addr = MemDbg::findEnclosingAlignedFunction(addr); + //if (!addr) + // return false; + //addr = 0x005D3D90; + //return winhook::hook_before(addr, Private::hookBefore); + + int count = 0; + auto fun = [&count](ULONG addr) -> bool { + auto retaddr = addr + 5; + // 005C68DA 84C0 TEST AL,AL + if (*(WORD *)retaddr == 0xc084) + //auto before = std::bind(Private::hookBefore, addr + 5, std::placeholders::_1); + count +=1; + HookParam hp; + hp.address=addr; + hp.type=EMBED_ABLE|EMBED_DYNA_SJIS; + hp.hook_before=Private::hookBefore; + hp.hook_after=Private::hookafter2; + auto succ=NewHook(hp,"EmbedSysmtem44"); + hp.address=addr+5; + hp.hook_before=Private::hookAfter; + succ|=NewHook(hp,"EmbedSysmtem44"); + return succ; // replace all functions + }; + MemDbg::iterNearCallAddress(fun, addr, startAddress, stopAddress); + + return count; +} + +} // namespace ScenarioHook + +} // unnamed namespace + +bool attachSystem44(ULONG startAddress, ULONG stopAddress) +{ return ScenarioHook::attach(startAddress, stopAddress); } +namespace { // unnamed + +// - Search - + +ULONG searchScenarioAddress(ULONG startAddress, ULONG stopAddress) +{ + const uint8_t bytes[] = { + 0xe8, XX4, // 005c71e0 e8 2bcfffff call .005c4110 ; original function call + 0xeb, 0xa5, // 005c71e5 ^eb a5 jmp short .005c718c + 0x8b,0x47, 0x08, // 005c71e7 8b47 08 mov eax,dword ptr ds:[edi+0x8] + 0x8b,0x4f, 0x0c // 005c71ea 8b4f 0c mov ecx,dword ptr ds:[edi+0xc] + }; + return MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); +} + +ULONG searchNameAddress(ULONG startAddress, ULONG stopAddress) +{ + const uint8_t bytes[] = { + 0xe8, XX4, // 004eeb34 e8 67cb0100 call .0050b6a0 ; jichi: hook here + 0x39,0x6c,0x24, 0x28, // 004eeb39 396c24 28 cmp dword ptr ss:[esp+0x28],ebp + 0x72, 0x0d, // 004eeb3d 72 0d jb short .004eeb4c + 0x8b,0x4c,0x24, 0x14, // 004eeb3f 8b4c24 14 mov ecx,dword ptr ss:[esp+0x14] + 0x51, // 004eeb43 51 push ecx + 0xe8 //, XX4, // 004eeb44 e8 42dc1900 call .0068c78b + }; + return MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); +} + +ULONG searchOtherAddress(ULONG startAddress, ULONG stopAddress) +{ + const char *pattern = "S_ASSIGN"; + const uint8_t bytes[] = { + //0xc3, // 005b6492 c3 retn + //0x52, // 005b6493 52 push edx + 0xe8, XX4, // 005b6494 e8 77dc0000 call .005c4110 ; jichi: hook here + 0x84,0xc0, // 005b6499 84c0 test al,al + 0x75, XX, // 005b649b 75 16 jnz short .005b64b3 + 0x68, XX4, // 005b649d 68 d4757200 push .007275d4 + 0xb9 //, XX4, // 005b64a2 b9 f0757200 mov ecx,.007275f0 ; ascii "S_ASSIGN" + //0xe8, XX4 // 005b64a7 e8 84c8ffff call .005b2d30 + }; + + for (ULONG addr = startAddress; addr < stopAddress;) { + addr = MemDbg::findBytes(bytes, sizeof(bytes), addr, stopAddress); + if (!addr) + return 0; + addr += sizeof(bytes); + DWORD ecx = *(DWORD *)addr; + if (::strcmp((LPCSTR)ecx, pattern) == 0) + return addr - sizeof(bytes); + }; + return 0; +} + +// - Hook - + +struct TextHookBase +{ + struct TextArgument // first argument of the scenario hook + { + DWORD unknown1, + unknown2; + LPCSTR text; + DWORD size; // text data size, length = size - 1 + //DWORD split; // not a good split to distinguish translable text out + }; + + bool enabled_, + editable_; // for debugging only, whether text is not read-only + std::string buffer_; // persistent storage, which makes this function not thread-safe + TextArgument *arg_; // last argument + LPCSTR text_; // last text + DWORD size_; // last size + + TextHookBase() + : enabled_(true) + , editable_(true) + , arg_(nullptr) + , text_(nullptr) + , size_(0) + {} +}; + +class ScenarioHook43 : protected TextHookBase +{ +public: + bool hookBefore(hook_stack*s,void* data, size_t* len,uintptr_t*role) + { + // See ATcode patch: + // 0070A12E 8B87 B0000000 MOV EAX,DWORD PTR DS:[EDI+0xB0] + // 0070A134 66:8138 8400 CMP WORD PTR DS:[EAX],0x84 + // 0070A139 75 0E JNZ SHORT .0070A149 + // 0070A13B 8378 EA 5B CMP DWORD PTR DS:[EAX-0x16],0x5B + // 0070A13F 75 08 JNZ SHORT .0070A149 + DWORD split = *(WORD *)(s->edi + 0xb0); + if (split && split != 0x27f2) // new System43 after Evenicle + return false; + if (!split) { // old System43 before Evenicle where edi split is zero + split = s->stack[1]; + if (split != 0x84) + return false; + // Stack structure observed from 武想少女隊 + // 0012F4BC 07EAFD48 ; text address + // 0012F4C0 000002EC ; use this value as split + // 0012F4C4 00000011 + // 0012F4C8 0012F510 + // 0012F4CC 00000012 + // 0012F4D0 00001BAA + // 0012F4D4 00000012 + // 0012F4D8 06D2E24C + // 0012F4DC 00581125 RETURN to .00581125 from .0057DC30 + //if (s->stack[1] != 0x84) + // return true; + //if (s->stack[2] != 0x3) + // return true; + } + + auto arg = (TextArgument *)s->stack[0]; // top of the stack + LPCSTR text = arg->text; + if (arg->size <= 1 || !text || !*text || all_ascii(text)) + return false; + + *role = Engine::ScenarioRole ; + strcpy((char*)data,text);*len=strlen(text); + /* + auto sig = Engine::hashThreadSignature(role, split); + //int size = arg->size; // size not used as not needed + buffer_ = EngineController::instance()->dispatchTextASTD(text, role, sig); + + if (editable_) { + arg_ = arg; + text_ = arg->text; + size_ = arg->size; + arg->text = buffer_.c_str(); // reset arg3 + arg->size = buffer_.size() + 1; // +1 for the nullptr + }*/ + return true; + } + + bool hookAfter(hook_stack*s,void* data, size_t* len,uintptr_t*role) + { + if (arg_) { + arg_->text = text_; + arg_->size = size_; + arg_ = nullptr; + } + return true; + } +}; + +class OtherHook43 : protected TextHookBase +{ +public: + bool hookBefore(hook_stack*s,void* data, size_t* len,uintptr_t*role) + { + if (!enabled_) + return false; + DWORD splitBase = *(DWORD *)(s->edi + 0x284); // [edi + 0x284] + if (!Engine::isAddressReadable(splitBase)) { + enabled_ = false; + return false; + } + DWORD split1 = *(WORD *)(splitBase - 0x4), // word [[edi + 0x284] - 0x4] + split2 = *(WORD *)(splitBase - 0x8); // word [[edi + 0x284] - 0x8] + enum : WORD { OtherSplit = 0x46 }; // 0x440046 if use dword split + if (split1 != OtherSplit || split2 <= 2) // split internal system messages + return false; + + auto arg = (TextArgument *)s->stack[0]; // top of the stack + + // auto g = EngineController::instance(); + LPCSTR text = arg->text; + if (arg->size <= 1 || !text || !*text || all_ascii(text)) + return false; + strcpy((char*)data,text);*len=strlen(text); + /* enum { role = Engine::OtherRole }; + auto sig = Engine::hashThreadSignature(role, split2); + buffer_ = g->dispatchTextASTD(text, role, sig); + + if (editable_) { + arg_ = arg; + text_ = arg->text; + size_ = arg->size; + arg->text = buffer_.c_str(); // reset arg3 + arg->size = buffer_.size() + 1; // +1 for the nullptr + }*/ + return true; + } + + bool hookAfter(hook_stack*s,void* data, size_t* len,uintptr_t*role) + { + if (arg_) { + arg_->text = text_; + arg_->size = size_; + arg_ = nullptr; + } + return false; + } +}; + +// Text with fixed size +bool fixedTextHook(hook_stack*s,void* data, size_t* len,uintptr_t*role) +{ + enum { FixedSize = 0x10 }; + struct FixedArgument // first argument of the name hook + { + char text[FixedSize]; // 0x10 + DWORD type, // [[esp]+0x10] + type2; // [[esp]+0x14] + }; + + auto arg = (FixedArgument *)s->stack[0]; + if (arg->type2 != 0xf) // non 0xf is garbage text + return false; + + char *text = arg->text; + if (!text || !*text || all_ascii(text)) + return false; + + * role; + long sig; + if (arg->type == 0x6 || arg->type == 0xc) { + *role = Engine::NameRole; + } else if (::strlen(text) <= 2) // skip translating very short other text + return false; + else { + *role = Engine::OtherRole; + + } + strcpy((char*)data,text);*len=strlen(text); + /*std::string buffer_ = EngineController::instance()->dispatchTextASTD(text, role, sig); + ::strncpy(text, buffer_.c_str(), FixedSize - 1); + text[FixedSize - 1] = 0;*/ + return true; +} + +} // unnamed namespace + +bool attachSystem43(ULONG startAddress, ULONG stopAddress) +{ + //太麻煩 放棄。 + return false; + { + //ULONG addr = 0x005c71e0; + ULONG addr = ::searchScenarioAddress(startAddress, stopAddress); + if (!addr) + return false; + /* static auto h = new ScenarioHook43; // never deleted + if (!winhook::hook_both(addr, + std::bind(&ScenarioHook43::hookBefore, h, _1), + std::bind(&ScenarioHook43::hookAfter, h, _1))) + return false; + */ + } +/* + if (ULONG addr = ::searchOtherAddress(startAddress, stopAddress)) { + static auto h = new OtherHook; // never deleted + if (!winhook::hook_both(addr, + std::bind(&OtherHook43::hookBefore, h, _1), + std::bind(&OtherHook43::hookAfter, h, _1))) + DOUT("other text NOT FOUND"); + else + DOUT("other text address" << QString::number(addr, 16)); + } + + if (ULONG addr = ::searchNameAddress(startAddress, stopAddress)) { + if (winhook::hook_before(addr, ::fixedTextHook)) + DOUT("name text address" << QString::number(addr, 16)); + else + DOUT("name text NOT FOUND"); + } +*/ + //HijackManager::instance()->attachFunction((ULONG)::MultiByteToWideChar); + + return true; +} +namespace{ + bool system4X(ULONG startAddress, ULONG stopAddress){ + if (attachSystem43(startAddress, stopAddress)) { + return true; + } else if (attachSystem44(startAddress, stopAddress)) { + return true; + } else + return false; + } +} +namespace{ + bool System42Filter(LPVOID data, size_t *size, HookParam *) +{ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + + if (*len == 1) + return false; + if (all_ascii(text, *len)) { + CharReplacer(text, len, '`', ' '); + CharReplacer(text, len, '\x7D', '-'); + } + + return true; +} + +bool InsertSystem42Hook() { + + /* + * Sample games: + * https://vndb.org/v1427 + */ + const BYTE bytes[] = { + 0x8B, 0x46, 0x04, // mov eax,[esi+04] + 0x57, // push edi + 0x52, // push edx + 0x50, // push eax + 0xE8, XX4 // call Sys42VM.DLL+4B5B0 + }; + + HMODULE module = GetModuleHandleW(L"Sys42VM.dll"); + auto [minAddress, maxAddress] = Util::QueryModuleLimits(module); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), minAddress, maxAddress); + if (!addr) + return false; + + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::edx); + hp.split =get_reg(regs::esp); + hp.type = NO_CONTEXT | USING_STRING | USING_SPLIT; + hp.filter_fun = System42Filter; + ConsoleOutput("INSERT System42"); + return NewHook(hp, "System42"); + +} +} +bool System4x::attach_function() { + if (Util::CheckFile(L"DLL/Sys42VM.dll")) + if (InsertSystem42Hook()) + return true; + auto _=system4X(processStartAddress,processStopAddress); + return InsertSystem43Hook()||_; +} \ No newline at end of file diff --git a/LunaHook/engine32/System4x.h b/LunaHook/engine32/System4x.h new file mode 100644 index 0000000..08b072e --- /dev/null +++ b/LunaHook/engine32/System4x.h @@ -0,0 +1,12 @@ +#include"engine.h" + +class System4x:public ENGINE{ + public: + System4x(){ + + check_by=CHECK_BY::FILE; + // jichi 12/26/2013: Add this after alicehook + check_by_target=L"AliceStart.ini"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/SystemAoi.cpp b/LunaHook/engine32/SystemAoi.cpp new file mode 100644 index 0000000..cf95db0 --- /dev/null +++ b/LunaHook/engine32/SystemAoi.cpp @@ -0,0 +1,790 @@ +#include"SystemAoi.h" +#include"embed_util.h" +/* 7/8/2014: The engine name is supposed to be: AoiGameSystem Engine + * See: http://capita.tistory.com/m/post/205 + * + * BUNNYBLACK Trial2 (SystemAoi4) + * baseaddr: 0x01d0000 + * + * 1002472e cc int3 + * 1002472f cc int3 + * 10024730 55 push ebp ; jichi: hook here + * 10024731 8bec mov ebp,esp + * 10024733 51 push ecx + * 10024734 c745 fc 00000000 mov dword ptr ss:[ebp-0x4],0x0 + * 1002473b 8b45 08 mov eax,dword ptr ss:[ebp+0x8] + * 1002473e 0fb708 movzx ecx,word ptr ds:[eax] + * 10024741 85c9 test ecx,ecx + * 10024743 74 34 je short _8.10024779 + * 10024745 6a 00 push 0x0 + * 10024747 6a 00 push 0x0 + * 10024749 6a 01 push 0x1 + * 1002474b 8b55 14 mov edx,dword ptr ss:[ebp+0x14] + * 1002474e 52 push edx + * 1002474f 0fb645 10 movzx eax,byte ptr ss:[ebp+0x10] + * 10024753 50 push eax + * 10024754 0fb74d 0c movzx ecx,word ptr ss:[ebp+0xc] + * 10024758 51 push ecx + * 10024759 8b55 08 mov edx,dword ptr ss:[ebp+0x8] + * 1002475c 52 push edx + * 1002475d e8 8eddffff call _8.100224f0 + * 10024762 83c4 1c add esp,0x1c + * 10024765 8945 fc mov dword ptr ss:[ebp-0x4],eax + * 10024768 8b45 1c mov eax,dword ptr ss:[ebp+0x1c] + * 1002476b 50 push eax + * 1002476c 8b4d 18 mov ecx,dword ptr ss:[ebp+0x18] + * 1002476f 51 push ecx + * 10024770 8b55 fc mov edx,dword ptr ss:[ebp-0x4] + * 10024773 52 push edx + * 10024774 e8 77c6ffff call _8.10020df0 + * 10024779 8b45 fc mov eax,dword ptr ss:[ebp-0x4] + * 1002477c 8be5 mov esp,ebp + * 1002477e 5d pop ebp + * 1002477f c2 1800 retn 0x18 + * 10024782 cc int3 + * 10024783 cc int3 + * 10024784 cc int3 + * + * 2/12/2015 jichi: SystemAoi5 + * + * Note that BUNNYBLACK 3 also has SystemAoi5 version 4.1 + * + * Hooked to PgsvTd.dll for all SystemAoi engine, which contains GDI functions. + * - Old: AoiLib.dll from DrawTextExA + * - SystemAoi4: Aoi4.dll from DrawTextExW + * - SystemAoi5: Aoi5.dll from GetGlyphOutlineW + * + * Logic: + * - Find GDI function (DrawTextExW, etc.) used to paint text in PgsvTd.dll + * - Then search the function call stack, to find where the exe module invoke PgsvTd + * - Finally insert to the call address, and text is on the top of the stack. + * + * Sample hooked call in 悪魔娘�看板料理 Aoi5 + * + * 00B6D085 56 PUSH ESI + * 00B6D086 52 PUSH EDX + * 00B6D087 51 PUSH ECX + * 00B6D088 68 9E630000 PUSH 0x639E + * 00B6D08D 50 PUSH EAX + * 00B6D08E FF15 54D0BC00 CALL DWORD PTR DS:[0xBCD054] ; _12.0039E890, jichi: hook here + * 00B6D094 8B57 20 MOV EDX,DWORD PTR DS:[EDI+0x20] + * 00B6D097 89049A MOV DWORD PTR DS:[EDX+EBX*4],EAX + * 00B6D09A 8B4F 20 MOV ECX,DWORD PTR DS:[EDI+0x20] + * 00B6D09D 8B1499 MOV EDX,DWORD PTR DS:[ECX+EBX*4] + * 00B6D0A0 8D85 50FDFFFF LEA EAX,DWORD PTR SS:[EBP-0x2B0] + * 00B6D0A6 50 PUSH EAX + * 00B6D0A7 52 PUSH EDX + * 00B6D0A8 FF15 18D0BC00 CALL DWORD PTR DS:[0xBCD018] ; _12.003A14A0 + * + * Special hook is needed, since the utf16 text is like this: + * [f9S30e0u] が、それ�人間相手�話�� */ +namespace { // unnamed +void SpecialHookSystemAoi(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) +{ + *split = 0; // 8/3/2014 jichi: split is zero, so return address is used as split + if (hp->type & CODEC_UTF16) { + LPCWSTR wcs = (LPWSTR)stack->stack[1]; // jichi: text on the top of the stack + size_t size = ::wcslen(wcs); + for (DWORD i = 0; i < size; i++) + if (wcs[i] == L'>' || wcs[i] == L']') { // skip leading ] for scenario and > for name threads + i++; + if (wcs[i] == 0x3000) // \u3000 + i++; + *data = (DWORD)(wcs + i); + size -= i; + *len = size * 2; // * 2 for wstring + return; + } + } else { + LPCSTR cs = (LPCSTR)stack->stack[1]; // jichi: text on the top of the stack + size_t size = ::strlen(cs); + for (DWORD i = 0; i < size; i++) + if (cs[i] == '>' || cs[i] == ']') { + i++; + if ((unsigned char)cs[i] == 0x81 && cs[i+1] == 0x40) // \u3000 + i += 2; + *data = (DWORD)(cs + i); + size -= i; + *len = size; + return; + } + } +} + +int GetSystemAoiVersion() // return result is cached +{ + static int ret = 0; + if (!ret) { + if (Util::CheckFile(L"Aoi4.dll")) + ret = 4; + else if (Util::CheckFile(L"Aoi5.dll")) + ret = 5; + else if (Util::CheckFile(L"Aoi6.dll")) // not exist yet, for future version + ret = 6; + else if (Util::CheckFile(L"Aoi7.dll")) // not exist yet, for future version + ret = 7; + else // AoiLib.dll, etc + ret = 3; + } + return ret; +} + +bool InsertSystemAoiDynamicHook(LPVOID addr, uintptr_t frame, uintptr_t stack) +{ + int version = GetSystemAoiVersion(); + bool utf16 = true; + if (addr == ::DrawTextExA) // < 4 + utf16 = false; + if (addr == ::DrawTextExW) // 4~5 + ; // pass + else if (addr == ::GetGlyphOutlineW && version >= 5) + ; // pass + else + return false; + + DWORD high, low; + Util::GetCodeRange(processStartAddress, &low, &high); + + // jichi 2/15/2015: Traverse the stack to dynamically find the ancestor call from the main module + const DWORD stop = (stack & 0xffff0000) + 0x10000; // range to traverse the stack + for (DWORD i = stack; i < stop; i += 4) { + DWORD k = *(DWORD *)i; + if (k > low && k < high && // jichi: if the stack address falls into the code region of the main exe module + ((*(WORD *)(k - 6) == 0x15ff) || *(BYTE *)(k - 5) == 0xe8)) { // jichi 10/20/2014: call dword ptr ds + + HookParam hp; + hp.offset=get_stack(1); + hp.text_fun = SpecialHookSystemAoi; // need to remove garbage + hp.type = utf16 ? (USING_STRING|CODEC_UTF16) : USING_STRING; + + i = *(DWORD *)(k - 4); // get function call address + if (*(DWORD *)(k - 5) == 0xe8) // short jump + hp.address = i + k; + else + hp.address = *(DWORD *)i; // jichi: long jump, this is what is happening in Aoi5 + //NewHook(hp, "SofthouseChara"); + //GROWL_DWORD(hp.address); // BUNNYBLACK: 0x10024730, base 0x01d0000 + auto succ=false; + if (hp.address) { + ConsoleOutput("INSERT SystemAoi"); + if (addr == ::GetGlyphOutlineW) + succ|=NewHook(hp, "SystemAoi2"); // jichi 2/12/2015 + else + succ|=NewHook(hp, "SystemAoi"); // jichi 7/8/2014: renamed, see: ja.wikipedia.org/wiki/ソフトハウスキャラ + ConsoleOutput("SystemAoi: disable GDI hooks"); + + } else + ConsoleOutput("failed to detect SystemAoi"); + //RegisterEngineType(ENGINE_SOFTHOUSE); + return succ; + } + } + ConsoleOutput("SystemAoi: failed"); + return true; // jichi 12/25/2013: return true +} + +bool InsertSystemAoiDynamic() +{ + ConsoleOutput("DYNAMIC SystemAoi"); + //ConsoleOutput("Probably SoftHouseChara. Wait for text."); + trigger_fun = InsertSystemAoiDynamicHook; + return true; +} + +ULONG findAoiProc(HMODULE hModule, LPCSTR functionName, int minParamNum = 0, int maxParamNum = 10) +{ + for (int i = minParamNum; i < maxParamNum; i++) { + std::string sig; // function signature name, such as _AgsSpriteCreateText@20 + sig.push_back('_'); + sig += functionName; + sig.push_back('@'); + sig += std::to_string(4ll * i); + if (auto proc = ::GetProcAddress(hModule, sig.c_str())) + return (ULONG)proc; + } + return 0; +} +namespace{ + template + wstrT ltrimA(wstrT text) + { + static const char *quotes[] = { "<>", "[]" }; // skip leading quotes + for each (const char *q in quotes) + while (text[0] == q[0]) { + if (auto p = ::strchr(text, q[1])) { + text = p + 1; + if ((UINT8)text[0] == 0x81 && (UINT8)text[1] == 0x40) // skip \u3000 leading space, assuming sjis encoding + text += 2; + } else + break; + } + return text; + } + template + wstrT ltrimW(wstrT text) + { + static const char *quotes[] = { "<>", "[]" }; // skip leading quotes + for each (const char *q in quotes) + while (text[0] == q[0]) { + if (auto p = ::wcschr(text, q[1])) { + text = p + 1; + if (*text == 0x3000) // skip \u3000 leading space + text++; + } else + break; + } + return text; + } + bool beforeAgsSpriteCreateTextExW(hook_stack*s,void* data, size_t* len,uintptr_t*role) + { + auto text = (LPWSTR)s->stack[2]; // arg2 + if (!text || !*text || !Engine::isAddressWritable(text)) + return false; + + text = ltrimW(text); + if (!*text) + return false; + + *role = Engine::OtherRole ; + wcscpy((wchar_t*)data,text);*len=wcslen(text)*2; + return true; + } + void afterAgsSpriteCreateTextExW(hook_stack*s,void* data1, size_t len) + { + auto text = (LPWSTR)s->stack[2]; + text = ltrimW(text); + std::wstring _=std::wstring((LPWSTR)data1,len); + wcscpy((LPWSTR)text,_.c_str()); + } + bool beforeAgsSpriteCreateTextW(hook_stack*s,void* data, size_t* len,uintptr_t*role) + { + // All threads including character names are linked together + + auto text = (LPWSTR)s->stack[1]; // arg1 + if (!text || !*text || !Engine::isAddressWritable(text)) // skip modifying readonly text in code region + return false; + + bool containsTags = ::wcsstr(text, L"[u]"); + + text = ltrimW(text); + if (!*text) + return false; + + * role = Engine::OtherRole; + //ULONG split = s->stack[0]; // retaddr + ULONG split = s->stack[2]; // arg2 + if (!containsTags) + switch (split) { + case 0x63a1: + *role = Engine::NameRole; + break; + case 0x639e: + *role = Engine::ScenarioRole; + break; + } + wcscpy((wchar_t*)data,text);*len=wcslen(text)*2; + return true; + } + void afterAgsSpriteCreateTextW(hook_stack*s,void* data1, size_t len) + { + auto text = (LPWSTR)s->stack[1]; + text = ltrimW(text); + std::wstring _=std::wstring((LPWSTR)data1,len); + wcscpy((LPWSTR)text,_.c_str()); + } + void afterAgsSpriteCreateTextA(hook_stack*s,void* data1, size_t len) + { + auto text = (LPSTR)s->stack[1]; // arg1 + text = ltrimA(text); + std::string _=std::string((char*)data1,len); + strcpy((char*)text,_.c_str()); + } + bool beforeAgsSpriteCreateTextA(hook_stack*s,void* data, size_t* len,uintptr_t*role) + { + // All threads including character names are linked together + + auto text = (LPSTR)s->stack[1]; // arg1 + if (!text || !*text || !Engine::isAddressWritable(text)) // skip modifying readonly text in code region + return false; + + bool containsTags = ::strstr(text, "[u]"); + + text = ltrimA(text); + if (!*text) + return false; + + * role = Engine::OtherRole; + //ULONG split = s->stack[0]; // retaddr + ULONG split = s->stack[2]; // arg2 + if (!containsTags) + switch (split) { + case 0x639d: + *role = Engine::NameRole; + break; + case 0x639c: + *role = Engine::ScenarioRole; + break; + } + strcpy((char*)data,text);*len=strlen(text); + return true; + } +} +// jichi 7/26/2015: Backport logic in vnragent to vnrhook +namespace AgsPatchA { +namespace Private { + + struct HookArgument { + ULONG unknown[13]; // + 0x34 + LPCSTR text; + }; + HookArgument *arg_; + LPCSTR text_; + + bool hookBefore(hook_stack*s,void* data, size_t* len,uintptr_t*role) + { + LPCSTR src = (LPCSTR)s->stack[6]; // original text in arg7 + //LPSTR dest = *(LPSTR *)(s->stack[0] + 0x34); // bad text in arg1+0x34 + arg_ = (HookArgument *)s->stack[0]; + text_ = arg_->text; + arg_->text = src; + return false; + } + + bool hookAfter(hook_stack*s,void* data, size_t* len,uintptr_t*role) + { + if (arg_) { + arg_->text = text_; + arg_ = nullptr; + } + return false; + } + +} // namespace Private + +/** + * Sample game: 王賊 + * + * Prevent Aoi engine from modifying illegal characters. + * + * Function found by hijack DrawTextExA. + * + * 100173BD CC INT3 + * 100173BE CC INT3 + * 100173BF CC INT3 + * 100173C0 83EC 28 SUB ESP,0x28 + * 100173C3 53 PUSH EBX + * 100173C4 33DB XOR EBX,EBX + * 100173C6 55 PUSH EBP + * 100173C7 8B6C24 34 MOV EBP,DWORD PTR SS:[ESP+0x34] + * 100173CB 56 PUSH ESI + * 100173CC 57 PUSH EDI + * 100173CD 8BF8 MOV EDI,EAX + * 100173CF C745 30 18000000 MOV DWORD PTR SS:[EBP+0x30],0x18 + * 100173D6 381F CMP BYTE PTR DS:[EDI],BL + * 100173D8 895C24 28 MOV DWORD PTR SS:[ESP+0x28],EBX + * 100173DC C74424 2C FFFFFF>MOV DWORD PTR SS:[ESP+0x2C],0x7FFFFFFF + * 100173E4 895C24 1C MOV DWORD PTR SS:[ESP+0x1C],EBX + * 100173E8 895C24 20 MOV DWORD PTR SS:[ESP+0x20],EBX + * 100173EC 895C24 30 MOV DWORD PTR SS:[ESP+0x30],EBX + * 100173F0 895C24 34 MOV DWORD PTR SS:[ESP+0x34],EBX + * 100173F4 895C24 24 MOV DWORD PTR SS:[ESP+0x24],EBX + * 100173F8 895C24 14 MOV DWORD PTR SS:[ESP+0x14],EBX + * 100173FC 895C24 18 MOV DWORD PTR SS:[ESP+0x18],EBX + * 10017400 8BF7 MOV ESI,EDI + * 10017402 74 12 JE SHORT Ags.10017416 + * 10017404 56 PUSH ESI + * 10017405 FF15 90A00210 CALL DWORD PTR DS:[<&AoiLib._AoiString2B>; AoiLib._AoiString2ByteIs@4 + * 1001740B 85C0 TEST EAX,EAX + * 1001740D 74 7D JE SHORT Ags.1001748C + * 1001740F 83C6 02 ADD ESI,0x2 + * 10017412 381E CMP BYTE PTR DS:[ESI],BL + * 10017414 ^75 EE JNZ SHORT Ags.10017404 + * 10017416 57 PUSH EDI + * 10017417 FF15 94A00210 CALL DWORD PTR DS:[<&AoiLib._AoiStrlen@4>; AoiLib._AoiStrlen@4 + * 1001741D 8BC8 MOV ECX,EAX + * 1001741F 83C1 02 ADD ECX,0x2 + * 10017422 395C24 1C CMP DWORD PTR SS:[ESP+0x1C],EBX + * 10017426 74 0C JE SHORT Ags.10017434 + * 10017428 8BC1 MOV EAX,ECX + * 1001742A 33D2 XOR EDX,EDX + * 1001742C F77424 2C DIV DWORD PTR SS:[ESP+0x2C] + * 10017430 8D4C01 01 LEA ECX,DWORD PTR DS:[ECX+EAX+0x1] + * 10017434 395C24 28 CMP DWORD PTR SS:[ESP+0x28],EBX + * 10017438 74 07 JE SHORT Ags.10017441 + * 1001743A 8B4424 24 MOV EAX,DWORD PTR SS:[ESP+0x24] + * 1001743E 8D0C41 LEA ECX,DWORD PTR DS:[ECX+EAX*2] + * 10017441 51 PUSH ECX + * 10017442 FF15 18A00210 CALL DWORD PTR DS:[<&AoiLib._AoiMemoryAl>; AoiLib._AoiMemoryAlloc@4 + * 10017448 8945 34 MOV DWORD PTR SS:[EBP+0x34],EAX + * 1001744B 381F CMP BYTE PTR DS:[EDI],BL + * 1001744D 8BF0 MOV ESI,EAX + * 1001744F 0F84 6C020000 JE Ags.100176C1 + * 10017455 8B2D 50A10210 MOV EBP,DWORD PTR DS:[<&AoiLib._AoiStrin>; AoiLib._AoiString1to2Byte@8 + * 1001745B EB 03 JMP SHORT Ags.10017460 + * 1001745D 8D49 00 LEA ECX,DWORD PTR DS:[ECX] + * 10017460 57 PUSH EDI + * 10017461 FF15 90A00210 CALL DWORD PTR DS:[<&AoiLib._AoiString2B>; AoiLib._AoiString2ByteIs@4 + * 10017467 85C0 TEST EAX,EAX + * 10017469 0F84 99010000 JE Ags.10017608 + * 1001746F 8A0F MOV CL,BYTE PTR DS:[EDI] + * 10017471 880E MOV BYTE PTR DS:[ESI],CL + * 10017473 8A57 01 MOV DL,BYTE PTR DS:[EDI+0x1] + * 10017476 83C7 01 ADD EDI,0x1 + * 10017479 83C6 01 ADD ESI,0x1 + * 1001747C 8816 MOV BYTE PTR DS:[ESI],DL + * 1001747E 83C6 01 ADD ESI,0x1 + * 10017481 83C7 01 ADD EDI,0x1 + * 10017484 83C3 02 ADD EBX,0x2 + * 10017487 E9 F8010000 JMP Ags.10017684 + * 1001748C 803E 3C CMP BYTE PTR DS:[ESI],0x3C + * 1001748F 74 0D JE SHORT Ags.1001749E + * 10017491 83C6 01 ADD ESI,0x1 + * 10017494 834424 24 01 ADD DWORD PTR SS:[ESP+0x24],0x1 + * 10017499 ^E9 74FFFFFF JMP Ags.10017412 + * 1001749E 8A46 01 MOV AL,BYTE PTR DS:[ESI+0x1] + * 100174A1 83C6 01 ADD ESI,0x1 + * 100174A4 84C0 TEST AL,AL + * 100174A6 ^0F84 6AFFFFFF JE Ags.10017416 + * 100174AC 8D6424 00 LEA ESP,DWORD PTR SS:[ESP] + * 100174B0 3C 3E CMP AL,0x3E + * 100174B2 ^0F84 5AFFFFFF JE Ags.10017412 + * 100174B8 0FBEC0 MOVSX EAX,AL + * 100174BB 83C0 B5 ADD EAX,-0x4B + * 100174BE 83F8 2A CMP EAX,0x2A + * 100174C1 77 52 JA SHORT Ags.10017515 + * 100174C3 0FB680 70770110 MOVZX EAX,BYTE PTR DS:[EAX+0x10017770] + * 100174CA FF2485 50770110 JMP DWORD PTR DS:[EAX*4+0x10017750] + * 100174D1 8A46 01 MOV AL,BYTE PTR DS:[ESI+0x1] + * 100174D4 83C6 01 ADD ESI,0x1 + * 100174D7 33C9 XOR ECX,ECX + * 100174D9 3C 30 CMP AL,0x30 + * 100174DB 7C 1A JL SHORT Ags.100174F7 + * 100174DD 8D49 00 LEA ECX,DWORD PTR DS:[ECX] + * 100174E0 3C 39 CMP AL,0x39 + * 100174E2 7F 13 JG SHORT Ags.100174F7 + * 100174E4 83C6 01 ADD ESI,0x1 + * 100174E7 0FBED0 MOVSX EDX,AL + * 100174EA 8A06 MOV AL,BYTE PTR DS:[ESI] + * 100174EC 3C 30 CMP AL,0x30 + * 100174EE 8D0C89 LEA ECX,DWORD PTR DS:[ECX+ECX*4] + * 100174F1 8D4C4A D0 LEA ECX,DWORD PTR DS:[EDX+ECX*2-0x30] + * 100174F5 ^7D E9 JGE SHORT Ags.100174E0 + * 100174F7 6A 0A PUSH 0xA + * 100174F9 53 PUSH EBX + * 100174FA 51 PUSH ECX + * 100174FB FF15 88A00210 CALL DWORD PTR DS:[<&AoiLib._AoiMathLimi>; AoiLib._AoiMathLimit@12 + * 10017501 8B0485 08CB0210 MOV EAX,DWORD PTR DS:[EAX*4+0x1002CB08] + * 10017508 8945 30 MOV DWORD PTR SS:[EBP+0x30],EAX + * 1001750B EB 0B JMP SHORT Ags.10017518 + * 1001750D C74424 28 010000>MOV DWORD PTR SS:[ESP+0x28],0x1 + * 10017515 83C6 01 ADD ESI,0x1 + * 10017518 8A06 MOV AL,BYTE PTR DS:[ESI] + * 1001751A 84C0 TEST AL,AL + * 1001751C ^75 92 JNZ SHORT Ags.100174B0 + * 1001751E ^E9 F3FEFFFF JMP Ags.10017416 + * 10017523 8A46 01 MOV AL,BYTE PTR DS:[ESI+0x1] + * 10017526 83C6 01 ADD ESI,0x1 + * 10017529 33C9 XOR ECX,ECX + * 1001752B 3C 30 CMP AL,0x30 + * 1001752D C74424 1C 010000>MOV DWORD PTR SS:[ESP+0x1C],0x1 + * 10017535 ^7C E1 JL SHORT Ags.10017518 + * 10017537 3C 39 CMP AL,0x39 + * 10017539 7F 13 JG SHORT Ags.1001754E + * 1001753B 83C6 01 ADD ESI,0x1 + * 1001753E 0FBED0 MOVSX EDX,AL + * 10017541 8A06 MOV AL,BYTE PTR DS:[ESI] + * 10017543 3C 30 CMP AL,0x30 + * 10017545 8D0C89 LEA ECX,DWORD PTR DS:[ECX+ECX*4] + * 10017548 8D4C4A D0 LEA ECX,DWORD PTR DS:[EDX+ECX*2-0x30] + * 1001754C ^7D E9 JGE SHORT Ags.10017537 + * 1001754E 3BCB CMP ECX,EBX + * 10017550 ^74 C6 JE SHORT Ags.10017518 + * 10017552 894C24 2C MOV DWORD PTR SS:[ESP+0x2C],ECX + * 10017556 ^EB C0 JMP SHORT Ags.10017518 + * 10017558 8A46 01 MOV AL,BYTE PTR DS:[ESI+0x1] + * 1001755B 83C6 01 ADD ESI,0x1 + * 1001755E 3C 30 CMP AL,0x30 + * 10017560 ^7C B6 JL SHORT Ags.10017518 + * 10017562 3C 39 CMP AL,0x39 + * 10017564 ^7F B2 JG SHORT Ags.10017518 + * 10017566 0FBEC0 MOVSX EAX,AL + * 10017569 66:8B0C45 94CA02>MOV CX,WORD PTR DS:[EAX*2+0x1002CA94] + * 10017571 66:81C9 0080 OR CX,0x8000 + * 10017576 0FB7D1 MOVZX EDX,CX + * 10017579 895424 20 MOV DWORD PTR SS:[ESP+0x20],EDX + * 1001757D ^EB 96 JMP SHORT Ags.10017515 + * 1001757F 8A46 01 MOV AL,BYTE PTR DS:[ESI+0x1] + * 10017582 83C6 01 ADD ESI,0x1 + * 10017585 3C 30 CMP AL,0x30 + * 10017587 ^7C 8F JL SHORT Ags.10017518 + * 10017589 3C 39 CMP AL,0x39 + * 1001758B ^7F 8B JG SHORT Ags.10017518 + * 1001758D 0FBEC0 MOVSX EAX,AL + * 10017590 0FB70C45 94CA021>MOVZX ECX,WORD PTR DS:[EAX*2+0x1002CA94] + * 10017598 894C24 20 MOV DWORD PTR SS:[ESP+0x20],ECX + * 1001759C ^E9 74FFFFFF JMP Ags.10017515 + * 100175A1 8A46 01 MOV AL,BYTE PTR DS:[ESI+0x1] + * 100175A4 83C6 01 ADD ESI,0x1 + * 100175A7 3C 30 CMP AL,0x30 + * 100175A9 ^0F8C 69FFFFFF JL Ags.10017518 + * 100175AF 3C 39 CMP AL,0x39 + * 100175B1 ^0F8F 61FFFFFF JG Ags.10017518 + * 100175B7 0FBED0 MOVSX EDX,AL + * 100175BA 0FB70455 94CA021>MOVZX EAX,WORD PTR DS:[EDX*2+0x1002CA94] + * 100175C2 894424 30 MOV DWORD PTR SS:[ESP+0x30],EAX + * 100175C6 ^E9 4AFFFFFF JMP Ags.10017515 + * 100175CB 8A46 01 MOV AL,BYTE PTR DS:[ESI+0x1] + * 100175CE 83C6 01 ADD ESI,0x1 + * 100175D1 33C9 XOR ECX,ECX + * 100175D3 3C 30 CMP AL,0x30 + * 100175D5 ^0F8C 3DFFFFFF JL Ags.10017518 + * 100175DB EB 03 JMP SHORT Ags.100175E0 + * 100175DD 8D49 00 LEA ECX,DWORD PTR DS:[ECX] + * 100175E0 3C 39 CMP AL,0x39 + * 100175E2 7F 13 JG SHORT Ags.100175F7 + * 100175E4 83C6 01 ADD ESI,0x1 + * 100175E7 0FBED0 MOVSX EDX,AL + * 100175EA 8A06 MOV AL,BYTE PTR DS:[ESI] + * 100175EC 3C 30 CMP AL,0x30 + * 100175EE 8D0C89 LEA ECX,DWORD PTR DS:[ECX+ECX*4] + * 100175F1 8D4C4A D0 LEA ECX,DWORD PTR DS:[EDX+ECX*2-0x30] + * 100175F5 ^7D E9 JGE SHORT Ags.100175E0 + * 100175F7 3BCB CMP ECX,EBX + * 100175F9 ^0F84 19FFFFFF JE Ags.10017518 + * 100175FF 894C24 34 MOV DWORD PTR SS:[ESP+0x34],ECX + * 10017603 ^E9 10FFFFFF JMP Ags.10017518 + * 10017608 8A07 MOV AL,BYTE PTR DS:[EDI] + * 1001760A 3C 3C CMP AL,0x3C + * 1001760C 75 2A JNZ SHORT Ags.10017638 + * 1001760E 83C7 01 ADD EDI,0x1 + * 10017611 8806 MOV BYTE PTR DS:[ESI],AL + * 10017613 8A07 MOV AL,BYTE PTR DS:[EDI] + * 10017615 83C6 01 ADD ESI,0x1 + * 10017618 84C0 TEST AL,AL + * 1001761A 74 16 JE SHORT Ags.10017632 + * 1001761C 8D6424 00 LEA ESP,DWORD PTR SS:[ESP] + * 10017620 3C 3E CMP AL,0x3E + * 10017622 74 0E JE SHORT Ags.10017632 + * 10017624 83C7 01 ADD EDI,0x1 + * 10017627 8806 MOV BYTE PTR DS:[ESI],AL + * 10017629 8A07 MOV AL,BYTE PTR DS:[EDI] + * 1001762B 83C6 01 ADD ESI,0x1 + * 1001762E 84C0 TEST AL,AL + * 10017630 ^75 EE JNZ SHORT Ags.10017620 + * 10017632 8A07 MOV AL,BYTE PTR DS:[EDI] + * 10017634 8806 MOV BYTE PTR DS:[ESI],AL + * 10017636 EB 46 JMP SHORT Ags.1001767E + * 10017638 3C 0A CMP AL,0xA + * 1001763A 74 27 JE SHORT Ags.10017663 + * 1001763C 3C 7C CMP AL,0x7C + * 1001763E 74 23 JE SHORT Ags.10017663 + * 10017640 837C24 28 00 CMP DWORD PTR SS:[ESP+0x28],0x0 + * 10017645 74 0F JE SHORT Ags.10017656 + * 10017647 50 PUSH EAX + * 10017648 56 PUSH ESI + * 10017649 FFD5 CALL EBP + * 1001764B 83C6 02 ADD ESI,0x2 + * 1001764E 83C7 01 ADD EDI,0x1 + * 10017651 83C3 02 ADD EBX,0x2 + * 10017654 EB 2E JMP SHORT Ags.10017684 + * 10017656 8806 MOV BYTE PTR DS:[ESI],AL + * 10017658 83C6 01 ADD ESI,0x1 + * 1001765B 83C7 01 ADD EDI,0x1 + * 1001765E 83C3 01 ADD EBX,0x1 + * 10017661 EB 21 JMP SHORT Ags.10017684 + * 10017663 395C24 14 CMP DWORD PTR SS:[ESP+0x14],EBX + * 10017667 73 04 JNB SHORT Ags.1001766D + * 10017669 895C24 14 MOV DWORD PTR SS:[ESP+0x14],EBX + * 1001766D 837C24 1C 00 CMP DWORD PTR SS:[ESP+0x1C],0x0 + * 10017672 74 3D JE SHORT Ags.100176B1 + * 10017674 33DB XOR EBX,EBX + * 10017676 834424 18 01 ADD DWORD PTR SS:[ESP+0x18],0x1 + * 1001767B C606 0A MOV BYTE PTR DS:[ESI],0xA + * 1001767E 83C6 01 ADD ESI,0x1 + * 10017681 83C7 01 ADD EDI,0x1 + * 10017684 3B5C24 2C CMP EBX,DWORD PTR SS:[ESP+0x2C] + * 10017688 72 1E JB SHORT Ags.100176A8 + * 1001768A 395C24 14 CMP DWORD PTR SS:[ESP+0x14],EBX + * 1001768E 73 04 JNB SHORT Ags.10017694 + * 10017690 895C24 14 MOV DWORD PTR SS:[ESP+0x14],EBX + * 10017694 837C24 1C 00 CMP DWORD PTR SS:[ESP+0x1C],0x0 + * 10017699 74 16 JE SHORT Ags.100176B1 + * 1001769B 834424 18 01 ADD DWORD PTR SS:[ESP+0x18],0x1 + * 100176A0 33DB XOR EBX,EBX + * 100176A2 C606 0A MOV BYTE PTR DS:[ESI],0xA + * 100176A5 83C6 01 ADD ESI,0x1 + * 100176A8 803F 00 CMP BYTE PTR DS:[EDI],0x0 + * 100176AB ^0F85 AFFDFFFF JNZ Ags.10017460 + * 100176B1 395C24 14 CMP DWORD PTR SS:[ESP+0x14],EBX + * 100176B5 8B6C24 3C MOV EBP,DWORD PTR SS:[ESP+0x3C] + * 100176B9 73 04 JNB SHORT Ags.100176BF + * 100176BB 895C24 14 MOV DWORD PTR SS:[ESP+0x14],EBX + * 100176BF 33DB XOR EBX,EBX + * 100176C1 8B4C24 18 MOV ECX,DWORD PTR SS:[ESP+0x18] + * 100176C5 83C1 01 ADD ECX,0x1 + * 100176C8 807E FF 0A CMP BYTE PTR DS:[ESI-0x1],0xA + * 100176CC 75 03 JNZ SHORT Ags.100176D1 + * 100176CE 83C6 FF ADD ESI,-0x1 + * 100176D1 C606 00 MOV BYTE PTR DS:[ESI],0x0 + * 100176D4 8B45 30 MOV EAX,DWORD PTR SS:[EBP+0x30] + * 100176D7 8BD0 MOV EDX,EAX + * 100176D9 0FAFC1 IMUL EAX,ECX + * 100176DC 0FAF5424 14 IMUL EDX,DWORD PTR SS:[ESP+0x14] + * 100176E1 8945 10 MOV DWORD PTR SS:[EBP+0x10],EAX + * 100176E4 A1 BC3F0310 MOV EAX,DWORD PTR DS:[0x10033FBC] + * 100176E9 D1EA SHR EDX,1 + * 100176EB 8955 0C MOV DWORD PTR SS:[EBP+0xC],EDX + * 100176EE 8B88 44010000 MOV ECX,DWORD PTR DS:[EAX+0x144] + * 100176F4 3999 28010000 CMP DWORD PTR DS:[ECX+0x128],EBX + * 100176FA 74 19 JE SHORT Ags.10017715 + * 100176FC 8B5424 30 MOV EDX,DWORD PTR SS:[ESP+0x30] + * 10017700 8B4424 20 MOV EAX,DWORD PTR SS:[ESP+0x20] + * 10017704 52 PUSH EDX + * 10017705 50 PUSH EAX + * 10017706 8B4424 3C MOV EAX,DWORD PTR SS:[ESP+0x3C] + * 1001770A 55 PUSH EBP + * 1001770B E8 90F5FFFF CALL Ags.10016CA0 ; jichi: the paint function, bad text address in arg1 + 0x34, good text in arg7 + * 10017710 83C4 0C ADD ESP,0xC + * 10017713 EB 1B JMP SHORT Ags.10017730 + * 10017715 8B4C24 30 MOV ECX,DWORD PTR SS:[ESP+0x30] + * 10017719 8B5424 20 MOV EDX,DWORD PTR SS:[ESP+0x20] + * 1001771D 8B45 34 MOV EAX,DWORD PTR SS:[EBP+0x34] + * 10017720 51 PUSH ECX + * 10017721 8B4C24 38 MOV ECX,DWORD PTR SS:[ESP+0x38] + * 10017725 52 PUSH EDX + * 10017726 50 PUSH EAX + * 10017727 55 PUSH EBP + * 10017728 E8 33F9FFFF CALL Ags.10017060 + * 1001772D 83C4 10 ADD ESP,0x10 + * 10017730 8B4D 30 MOV ECX,DWORD PTR SS:[EBP+0x30] + * 10017733 8BC1 MOV EAX,ECX + * 10017735 99 CDQ + * 10017736 2BC2 SUB EAX,EDX + * 10017738 5F POP EDI + * 10017739 D1F8 SAR EAX,1 + * 1001773B 5E POP ESI + * 1001773C 8945 1C MOV DWORD PTR SS:[EBP+0x1C],EAX + * 1001773F 894D 20 MOV DWORD PTR SS:[EBP+0x20],ECX + * 10017742 5D POP EBP + * 10017743 B8 01000000 MOV EAX,0x1 + * 10017748 5B POP EBX + * 10017749 83C4 28 ADD ESP,0x28 + * 1001774C C3 RETN + * 1001774D 8D49 00 LEA ECX,DWORD PTR DS:[ECX] + * 10017750 7F 75 JG SHORT Ags.100177C7 + * 10017752 0110 ADD DWORD PTR DS:[EAX],EDX + * 10017754 CB RETF ; Far return + * 10017755 75 01 JNZ SHORT Ags.10017758 + * 10017757 1058 75 ADC BYTE PTR DS:[EAX+0x75],BL + * 1001775A 0110 ADD DWORD PTR DS:[EAX],EDX + * 1001775C A1 75011023 MOV EAX,DWORD PTR DS:[0x23100175] + * 10017761 75 01 JNZ SHORT Ags.10017764 + * 10017763 10D1 ADC CL,DL + * 10017765 74 01 JE SHORT Ags.10017768 + * 10017767 100D 75011015 ADC BYTE PTR DS:[0x15100175],CL + * 1001776D 75 01 JNZ SHORT Ags.10017770 + * 1001776F 1000 ADC BYTE PTR DS:[EAX],AL + * 10017771 0107 ADD DWORD PTR DS:[EDI],EAX + * 10017773 07 POP ES ; Modification of segment register + * 10017774 07 POP ES ; Modification of segment register + * 10017775 07 POP ES ; Modification of segment register + * 10017776 07 POP ES ; Modification of segment register + * 10017777 07 POP ES ; Modification of segment register + * 10017778 07 POP ES ; Modification of segment register + * 10017779 07 POP ES ; Modification of segment register + * 1001777A 07 POP ES ; Modification of segment register + * 1001777B 07 POP ES ; Modification of segment register + * 1001777C 07 POP ES ; Modification of segment register + * 1001777D 07 POP ES ; Modification of segment register + */ +bool attach(ULONG startAddress, ULONG stopAddress) +{ + const uint8_t bytes[] = { + 0x8b,0x44,0x24, 0x3c, // 10017706 8b4424 3c mov eax,dword ptr ss:[esp+0x3c] + 0x55, // 1001770a 55 push ebp + 0xe8, XX4, // 1001770b e8 90f5ffff call ags.10016ca0 ; jichi: the paint function, bad text address in arg1 + 0x34, good text in arg7 + 0x83,0xc4, 0x0c, // 10017710 83c4 0c add esp,0xc + 0xeb, 0x1b // 10017713 eb 1b jmp short ags.10017730 + }; + enum { addr_offset = 0x1001770b - 0x10017706 }; // == 5 + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if (!addr) + return false; + HookParam hp; + hp.address=addr; + hp.type=EMBED_ABLE|HOOK_EMPTY; + hp.hook_before=Private::hookBefore; + auto succ=NewHook(hp,"AgsPatchA"); + hp.address+=5; + hp.hook_before=Private::hookAfter; + + succ|=NewHook(hp,"AgsPatchA"); + return succ; +} +} // namespace AgsPatchA +bool InsertSystemAoiStatic(HMODULE hModule, bool wideChar) // attach scenario +{ + ULONG addr = findAoiProc(hModule, "AgsSpriteCreateText", 1); + if (!addr) { + ConsoleOutput("SystemAoiStatic: function found"); + return false; + } + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.text_fun = SpecialHookSystemAoi; //其实已无效(在before的lstrim里有一样的功能。但保留。 + + hp.type=EMBED_ABLE|USING_STRING;//|EMBED_AFTER_OVERWRITE; + //hp.type |= NO_CONTEXT|USING_SPLIT|SPLIT_INDIRECT; + ConsoleOutput("INSERT static SystemAoi"); + auto succ=false; + if (wideChar){ + hp.type |=CODEC_UTF16 ; + hp.hook_before=beforeAgsSpriteCreateTextW; + hp.hook_after=afterAgsSpriteCreateTextW; + succ|=NewHook(hp, "SystemAoiW"); + + ULONG addr = findAoiProc(hModule, "AgsSpriteCreateTextEx", 1); + if (addr) { + HookParam hp; + hp.address = addr; + hp.offset=get_stack(2); + hp.type=CODEC_UTF16|EMBED_ABLE;//|EMBED_AFTER_OVERWRITE; + hp.hook_before=beforeAgsSpriteCreateTextExW; + hp.hook_after=afterAgsSpriteCreateTextExW; + succ|=NewHook(hp, "SystemAoiExW"); + } + + return succ; + } + else{ + hp.hook_before=beforeAgsSpriteCreateTextA; + hp.hook_after=afterAgsSpriteCreateTextA; + hp.hook_font=F_DrawTextExA; + if(AgsPatchA::attach(processStartAddress,processStopAddress)==false) + hp.type|=EMBED_DYNA_SJIS; + succ|=NewHook(hp, "SystemAoiA"); + } + return succ; +} +} // unnamed namespace + +bool InsertSystemAoiHook() // this function always returns true +{ + HMODULE hModule = ::GetModuleHandleA("Ags.dll"); + bool wideChar = true; + if (hModule) // Aoi <= 3 + wideChar = false; + else { // Aoi >= 4 + hModule = ::GetModuleHandleA("Ags5.dll"); + if (!hModule) + hModule = ::GetModuleHandleA("Ags4.dll"); + } + return hModule && InsertSystemAoiStatic(hModule, wideChar) + || InsertSystemAoiDynamic(); +} + +bool SystemAoi::attach_function() { + + return InsertSystemAoiHook(); +} \ No newline at end of file diff --git a/LunaHook/engine32/SystemAoi.h b/LunaHook/engine32/SystemAoi.h new file mode 100644 index 0000000..0204486 --- /dev/null +++ b/LunaHook/engine32/SystemAoi.h @@ -0,0 +1,12 @@ +#include"engine.h" + +class SystemAoi:public ENGINE{ + public: + SystemAoi(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"*.vfs"; + // jichi 7/6/2014: Better to test AoiLib.dll? ja.wikipedia.org/wiki/ソフトハウスキャラ + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Syuntada.cpp b/LunaHook/engine32/Syuntada.cpp new file mode 100644 index 0000000..288ef50 --- /dev/null +++ b/LunaHook/engine32/Syuntada.cpp @@ -0,0 +1,201 @@ +#include"Syuntada.h" + + +/** jichi 2/6/2015 Syuntada + * Sample game: [140816] [平安亭] カノジョのお母さん�好きですか-- /HA-18@6944C:kanojo.exe + * + * /HA-18@6944C:kanojo.exe + * - addr: 431180 = 0x6944c + * - module: 1301076281 + * - off: 4294967268 = 0xffffffe4 = - 0x1c + * - length_offset: 1 + * - type: 68 = 0x44 + * + * 004692bd cc int3 + * 004692be cc int3 + * 004692bf cc int3 + * 004692c0 83ec 48 sub esp,0x48 + * 004692c3 53 push ebx + * 004692c4 55 push ebp + * 004692c5 56 push esi + * 004692c6 8bf1 mov esi,ecx + * 004692c8 8b86 d4000000 mov eax,dword ptr ds:[esi+0xd4] + * 004692ce 0386 8c040000 add eax,dword ptr ds:[esi+0x48c] + * 004692d4 8b8e c8010000 mov ecx,dword ptr ds:[esi+0x1c8] + * 004692da 8b9e 90040000 mov ebx,dword ptr ds:[esi+0x490] + * 004692e0 03c0 add eax,eax + * 004692e2 03c0 add eax,eax + * 004692e4 894424 24 mov dword ptr ss:[esp+0x24],eax + * 004692e8 8b86 c4010000 mov eax,dword ptr ds:[esi+0x1c4] + * 004692ee 8986 94040000 mov dword ptr ds:[esi+0x494],eax + * 004692f4 8b4424 60 mov eax,dword ptr ss:[esp+0x60] + * 004692f8 898e 98040000 mov dword ptr ds:[esi+0x498],ecx + * 004692fe 0fb628 movzx ebp,byte ptr ds:[eax] + * 00469301 0fb650 01 movzx edx,byte ptr ds:[eax+0x1] + * 00469305 c1e5 08 shl ebp,0x8 + * 00469308 0bea or ebp,edx + * 0046930a 03db add ebx,ebx + * 0046930c 03db add ebx,ebx + * 0046930e 8d8d 617dffff lea ecx,dword ptr ss:[ebp+0xffff7d61] + * 00469314 57 push edi + * 00469315 895c24 30 mov dword ptr ss:[esp+0x30],ebx + * 00469319 c74424 38 100000>mov dword ptr ss:[esp+0x38],0x10 + * 00469321 896c24 34 mov dword ptr ss:[esp+0x34],ebp + * 00469325 b8 02000000 mov eax,0x2 + * 0046932a 83f9 52 cmp ecx,0x52 + * 0046932d 77 02 ja short .00469331 + * 0046932f 33c0 xor eax,eax + * 00469331 81fd 41810000 cmp ebp,0x8141 + * 00469337 7c 08 jl short .00469341 + * 00469339 81fd 9a820000 cmp ebp,0x829a + * 0046933f 7e 0e jle short .0046934f + * 00469341 8d95 c07cffff lea edx,dword ptr ss:[ebp+0xffff7cc0] + * 00469347 81fa 4f040000 cmp edx,0x44f + * 0046934d 77 09 ja short .00469358 + * 0046934f bf 01000000 mov edi,0x1 + * 00469354 8bc7 mov eax,edi + * 00469356 eb 05 jmp short .0046935d + * 00469358 bf 01000000 mov edi,0x1 + * 0046935d 83e8 00 sub eax,0x0 + * 00469360 74 2a je short .0046938c + * 00469362 2bc7 sub eax,edi + * 00469364 74 0c je short .00469372 + * 00469366 2bc7 sub eax,edi + * 00469368 75 3a jnz short .004693a4 + * 0046936a 8b96 68010000 mov edx,dword ptr ds:[esi+0x168] + * 00469370 eb 20 jmp short .00469392 + * 00469372 8b96 7c090000 mov edx,dword ptr ds:[esi+0x97c] + * 00469378 8b86 64010000 mov eax,dword ptr ds:[esi+0x164] + * 0046937e 8b52 28 mov edx,dword ptr ds:[edx+0x28] + * 00469381 8d8e 7c090000 lea ecx,dword ptr ds:[esi+0x97c] + * 00469387 50 push eax + * 00469388 ffd2 call edx + * 0046938a eb 18 jmp short .004693a4 + * 0046938c 8b96 60010000 mov edx,dword ptr ds:[esi+0x160] + * 00469392 8b86 7c090000 mov eax,dword ptr ds:[esi+0x97c] + * 00469398 8b40 28 mov eax,dword ptr ds:[eax+0x28] + * 0046939b 8d8e 7c090000 lea ecx,dword ptr ds:[esi+0x97c] + * 004693a1 52 push edx + * 004693a2 ffd0 call eax + * 004693a4 39be d40f0000 cmp dword ptr ds:[esi+0xfd4],edi + * 004693aa 75 45 jnz short .004693f1 + * 004693ac 8b8e 90040000 mov ecx,dword ptr ds:[esi+0x490] + * 004693b2 b8 d0020000 mov eax,0x2d0 + * 004693b7 2bc1 sub eax,ecx + * 004693b9 2b86 c8010000 sub eax,dword ptr ds:[esi+0x1c8] + * 004693bf 68 000f0000 push 0xf00 + * 004693c4 8d0480 lea eax,dword ptr ds:[eax+eax*4] + * 004693c7 c1e0 08 shl eax,0x8 + * 004693ca 0386 c4010000 add eax,dword ptr ds:[esi+0x1c4] + * 004693d0 8d1440 lea edx,dword ptr ds:[eax+eax*2] + * 004693d3 8b4424 60 mov eax,dword ptr ss:[esp+0x60] + * 004693d7 52 push edx + * 004693d8 8b50 40 mov edx,dword ptr ds:[eax+0x40] + * 004693db 8b86 c8000000 mov eax,dword ptr ds:[esi+0xc8] + * 004693e1 0386 8c040000 add eax,dword ptr ds:[esi+0x48c] + * 004693e7 52 push edx + * 004693e8 50 push eax + * 004693e9 51 push ecx + * 004693ea 8bce mov ecx,esi + * 004693ec e8 9fc4ffff call .00465890 + * 004693f1 39be d00f0000 cmp dword ptr ds:[esi+0xfd0],edi + * 004693f7 0f85 f2010000 jnz .004695ef + * 004693fd 8d86 20100000 lea eax,dword ptr ds:[esi+0x1020] + * 00469403 50 push eax + * 00469404 55 push ebp + * 00469405 8bce mov ecx,esi + * 00469407 e8 64f4ffff call .00468870 + * 0046940c 8a4e 25 mov cl,byte ptr ds:[esi+0x25] + * 0046940f 8a56 26 mov dl,byte ptr ds:[esi+0x26] + * 00469412 884c24 18 mov byte ptr ss:[esp+0x18],cl + * 00469416 8b4c24 5c mov ecx,dword ptr ss:[esp+0x5c] + * 0046941a 885424 14 mov byte ptr ss:[esp+0x14],dl + * 0046941e 8b51 40 mov edx,dword ptr ds:[ecx+0x40] + * 00469421 895424 20 mov dword ptr ss:[esp+0x20],edx + * 00469425 b9 d0020000 mov ecx,0x2d0 + * 0046942a 2bcb sub ecx,ebx + * 0046942c ba 00000000 mov edx,0x0 + * 00469431 0f98c2 sets dl + * 00469434 8bf8 mov edi,eax + * 00469436 8a46 24 mov al,byte ptr ds:[esi+0x24] + * 00469439 884424 1c mov byte ptr ss:[esp+0x1c],al + * 0046943d 4a dec edx + * 0046943e 23d1 and edx,ecx + * 00469440 69d2 000f0000 imul edx,edx,0xf00 + * 00469446 8bca mov ecx,edx + * 00469448 894c24 24 mov dword ptr ss:[esp+0x24],ecx + * 0046944c 85ff test edi,edi ; jichi: hook here + * 0046944e 74 3a je short .0046948a + * 00469450 8b5424 14 mov edx,dword ptr ss:[esp+0x14] + * 00469454 6a 00 push 0x0 + * 00469456 57 push edi + * 00469457 8d86 c80c0000 lea eax,dword ptr ds:[esi+0xcc8] + * 0046945d 50 push eax + * 0046945e 8b4424 24 mov eax,dword ptr ss:[esp+0x24] + * 00469462 6a 10 push 0x10 + * 00469464 52 push edx + * 00469465 8b5424 30 mov edx,dword ptr ss:[esp+0x30] + * 00469469 50 push eax + * 0046946a 8b4424 38 mov eax,dword ptr ss:[esp+0x38] + * 0046946e 52 push edx + * 0046946f 68 000f0000 push 0xf00 + * 00469474 51 push ecx + * 00469475 8b4c24 4c mov ecx,dword ptr ss:[esp+0x4c] + */ +bool InsertSyuntadaHook() +{ + const BYTE bytes[] = { + 0x4a, // 0046943d 4a dec edx + 0x23,0xd1, // 0046943e 23d1 and edx,ecx + 0x69,0xd2, 0x00,0x0f,0x00,0x00, // 00469440 69d2 000f0000 imul edx,edx,0xf00 + 0x8b,0xca, // 00469446 8bca mov ecx,edx + 0x89,0x4c,0x24, 0x24, // 00469448 894c24 24 mov dword ptr ss:[esp+0x24],ecx + 0x85,0xff, // 0046944c 85ff test edi,edi ; jichi: hook here + 0x74, 0x3a // 0046944e 74 3a je short .0046948a + }; + enum { addr_offset = 0x0046944c - 0x0046943d }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + //GROWL(addr); + if (!addr) { + ConsoleOutput("Syuntada: pattern not found"); + return false; + } + HookParam hp; + hp.address = addr + addr_offset; + hp.offset=get_reg(regs::ebp); + hp.type = CODEC_ANSI_BE; // 0x4 + ConsoleOutput("INSERT Syuntada"); + + + // TextOutA will produce repeated texts + ConsoleOutput("Syuntada: disable GDI hooks"); + + return NewHook(hp, "Syuntada"); +} +namespace{ + bool __(){ + //平凡な奥さんは好きですか~真面目な主婦をエッチ漬けにしちゃおう!~ + //奪母姦 + //友達のお母さんは好きですか?~息子の友人にハマったオバちゃん妻~ + const BYTE bytes[] = { + 0x81,0xFD,0x41,0x81,0x00,0x00 , + 0x7C,XX, + 0x81 ,0xFD ,0x9A ,0x82 ,0x00 ,0x00 , + 0x7E + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + + if (!addr) return false; + addr = MemDbg::findEnclosingAlignedFunction(addr,0x1000); + if (!addr) return false; + HookParam hp; + hp.address = addr ; + hp.offset=get_stack(3); + hp.type = USING_STRING ; + return NewHook(hp, "Syuntada"); + } +} +bool Syuntada::attach_function() { + + return InsertSyuntadaHook()||__(); +} \ No newline at end of file diff --git a/LunaHook/engine32/Syuntada.h b/LunaHook/engine32/Syuntada.h new file mode 100644 index 0000000..614f74a --- /dev/null +++ b/LunaHook/engine32/Syuntada.h @@ -0,0 +1,14 @@ +#include"engine.h" + +class Syuntada:public ENGINE{ + public: + Syuntada(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"dSch.dat"; + // jichi 2/6/2015 平安亭 + // dPi.dat, dPih.dat, dSc.dat, dSch.dat, dSo.dat, dSoh.dat, dSy.dat + //if (Util::CheckFile(L"dSoh.dat")) { // no idea why this file does not work + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/TSSystem.cpp b/LunaHook/engine32/TSSystem.cpp new file mode 100644 index 0000000..364eb4f --- /dev/null +++ b/LunaHook/engine32/TSSystem.cpp @@ -0,0 +1,22 @@ +#include"TSSystem.h" +bool TSSystem::attach_function() { + //D-EVE in you + //トロピカルKISS + const BYTE bytes[] = { + 0xB9,0x42,0x00,0x00,0x00, + 0xF3,0xA5 + } ; + bool ok=false; + auto addrs = Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE, processStartAddress, processStopAddress); + for (auto addr : addrs) { + addr=MemDbg::findEnclosingAlignedFunction(addr); + if(addr==0)continue; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.type = USING_STRING; + ok|=NewHook(hp, "TSSystem"); + } + return ok; +} + \ No newline at end of file diff --git a/LunaHook/engine32/TSSystem.h b/LunaHook/engine32/TSSystem.h new file mode 100644 index 0000000..52437a2 --- /dev/null +++ b/LunaHook/engine32/TSSystem.h @@ -0,0 +1,14 @@ +#include"engine.h" + +class TSSystem:public ENGINE{ + public: + TSSystem(){ + + is_engine_certain=false; + check_by=CHECK_BY::CUSTOM; + check_by_target=[](){ + return (wcsstr(processName, L"TSSystem") || Util::CheckFile(L"TSSystem.exe")); + }; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Tamamo.cpp b/LunaHook/engine32/Tamamo.cpp new file mode 100644 index 0000000..da74a16 --- /dev/null +++ b/LunaHook/engine32/Tamamo.cpp @@ -0,0 +1,356 @@ +#include"Tamamo.h" + + +/** jichi 8/23/2015 Tamamo + * Sample game: 閃光の騎士 ~カリスティアナイト~ Ver1.03 + * + * Debugging method: insert hw breakpoint to the text in memory + * + * 006107A6 76 08 JBE SHORT .006107B0 + * 006107A8 3BF8 CMP EDI,EAX + * 006107AA 0F82 68030000 JB .00610B18 + * 006107B0 0FBA25 F88E7300 01 BT DWORD PTR DS:[0x738EF8],0x1 + * 006107B8 73 07 JNB SHORT .006107C1 + * 006107BA F3:A4 REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[ESI] ; jichi: accessed here + * 006107BC E9 17030000 JMP .00610AD8 + * 006107C1 81F9 80000000 CMP ECX,0x80 + * 006107C7 0F82 CE010000 JB .0061099B + * 006107CD 8BC7 MOV EAX,EDI + * 006107CF 33C6 XOR EAX,ESI + * 006107D1 A9 0F000000 TEST EAX,0xF + * 006107D6 75 0E JNZ SHORT .006107E6 + * + * 0012FD7C 0012FE1C + * 0012FD80 00000059 + * 0012FD84 0051C298 RETURN to .0051C298 from .00610790 + * 0012FD88 0207E490 ; jichi: target + * 0012FD8C 0C0BE768 ; jichi: source text + * 0012FD90 00000059 ; jichi: source size + * 0012FD94 002A7C58 + * 0012FD98 0C1E7338 + * 0012FD9C 0012FE1C + * 0012FDA0 /0012FDC0 ; jichi: split + * 0012FDA4 |0056A83F RETURN to .0056A83F from .0051C1C0 + * 0012FDA8 |0C1E733C + * 0012FDAC |00000000 + * 0012FDB0 |FFFFFFFF + * 0012FDB4 |020EDAD0 + * 0012FDB8 |0220CC28 + * 0012FDBC |020EDAD0 + * 0012FDC0 ]0012FE44 + * 0012FDC4 |0055EF84 RETURN to .0055EF84 from .0056A7B0 + * 0012FDC8 |0012FE1C + * 0012FDCC |ED1BC1C5 + * 0012FDD0 |020EDAD0 + * 0012FDD4 |002998A8 + * 0012FDD8 |020EDAD0 + * + * Hooked call: + * 0051C283 5D POP EBP + * 0051C284 C2 0C00 RETN 0xC + * 0051C287 8BD6 MOV EDX,ESI + * 0051C289 85FF TEST EDI,EDI + * 0051C28B 74 0E JE SHORT .0051C29B + * 0051C28D 57 PUSH EDI + * 0051C28E 8D040B LEA EAX,DWORD PTR DS:[EBX+ECX] + * 0051C291 50 PUSH EAX + * 0051C292 52 PUSH EDX + * 0051C293 E8 F8440F00 CALL .00610790 ; jichi: copy invoked here + * 0051C298 83C4 0C ADD ESP,0xC + * 0051C29B 837E 14 10 CMP DWORD PTR DS:[ESI+0x14],0x10 + * 0051C29F 897E 10 MOV DWORD PTR DS:[ESI+0x10],EDI + * 0051C2A2 72 0F JB SHORT .0051C2B3 + * 0051C2A4 8B06 MOV EAX,DWORD PTR DS:[ESI] + * 0051C2A6 C60438 00 MOV BYTE PTR DS:[EAX+EDI],0x0 + * 0051C2AA 8BC6 MOV EAX,ESI + * 0051C2AC 5F POP EDI + * 0051C2AD 5E POP ESI + * 0051C2AE 5B POP EBX + * 0051C2AF 5D POP EBP + * 0051C2B0 C2 0C00 RETN 0xC + * 0051C2B3 8BC6 MOV EAX,ESI + * + * Sample text with new lines: + * + * 0C0BE748 70 00 69 00 2E 00 64 00 6C 00 6C 00 00 00 6C 00 p.i...d.l.l...l. + * 0C0BE758 00 00 00 00 0F 00 00 00 8B 91 3F 66 00 00 00 88 .......拒?f...・ + * 0C0BE768 83 4E 83 8B 83 67 83 93 81 75 8E 84 82 C9 82 CD クルトン「私には + * 0C0BE778 95 90 91 95 82 AA 82 C2 82 A2 82 C4 82 A2 82 DC 武装がついていま + * 0C0BE788 82 B9 82 F1 82 A9 82 E7 81 41 0D 0A 81 40 8D 55 せんから、.. 攻 + * 0C0BE798 82 DF 82 C4 82 B1 82 E7 82 EA 82 BD 82 E7 82 D0 めてこられたらひ + * 0C0BE7A8 82 C6 82 BD 82 DC 82 E8 82 E0 82 A0 82 E8 82 DC とたまりもありま + * 0C0BE7B8 82 B9 82 F1 81 76 3C 65 3E 00 3E 00 3E 00 00 00 せん」.>.>... + * 0C0BE7C8 9E 91 3F 66 99 82 00 88 83 53 83 8D 81 5B 83 93 梠?f凾.・Sローン + * 0C0BE7D8 8C 5A 81 75 82 D6 82 D6 81 42 95 D4 82 B5 82 C4 兄「へへ。返して + * 0C0BE7E8 82 D9 82 B5 82 AF 82 E8 82 E1 82 C2 82 A2 82 C4 ほしけりゃついて + * 0C0BE7F8 82 AB 82 C8 81 42 83 49 83 8C 82 B3 82 DC 82 CC きな。オレさまの + * + * Sample game: 冒険者の町を作ろう!2 Ver1.01 + * + * 0068028B CC INT3 + * 0068028C CC INT3 + * 0068028D CC INT3 + * 0068028E CC INT3 + * 0068028F CC INT3 + * 00680290 55 PUSH EBP + * 00680291 8BEC MOV EBP,ESP + * 00680293 57 PUSH EDI + * 00680294 56 PUSH ESI + * 00680295 8B75 0C MOV ESI,DWORD PTR SS:[EBP+0xC] + * 00680298 8B4D 10 MOV ECX,DWORD PTR SS:[EBP+0x10] + * 0068029B 8B7D 08 MOV EDI,DWORD PTR SS:[EBP+0x8] + * 0068029E 8BC1 MOV EAX,ECX + * 006802A0 8BD1 MOV EDX,ECX + * 006802A2 03C6 ADD EAX,ESI + * 006802A4 3BFE CMP EDI,ESI + * 006802A6 76 08 JBE SHORT .006802B0 + * 006802A8 3BF8 CMP EDI,EAX + * 006802AA 0F82 A4010000 JB .00680454 + * 006802B0 81F9 00010000 CMP ECX,0x100 + * 006802B6 72 1F JB SHORT .006802D7 + * 006802B8 833D 64FB8C00 00 CMP DWORD PTR DS:[0x8CFB64],0x0 + * 006802BF 74 16 JE SHORT .006802D7 + * 006802C1 57 PUSH EDI + * 006802C2 56 PUSH ESI + * 006802C3 83E7 0F AND EDI,0xF + * 006802C6 83E6 0F AND ESI,0xF + * 006802C9 3BFE CMP EDI,ESI + * 006802CB 5E POP ESI + * 006802CC 5F POP EDI + * 006802CD 75 08 JNZ SHORT .006802D7 + * 006802CF 5E POP ESI + * 006802D0 5F POP EDI + * 006802D1 5D POP EBP + * 006802D2 E9 FC090100 JMP .00690CD3 + * 006802D7 F7C7 03000000 TEST EDI,0x3 + * 006802DD 75 15 JNZ SHORT .006802F4 + * 006802DF C1E9 02 SHR ECX,0x2 + * 006802E2 83E2 03 AND EDX,0x3 + * 006802E5 83F9 08 CMP ECX,0x8 + * 006802E8 72 2A JB SHORT .00680314 + * 006802EA F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI] jichi: here + * 006802EC FF2495 04046800 JMP DWORD PTR DS:[EDX*4+0x680404] + * 006802F3 90 NOP + * 006802F4 8BC7 MOV EAX,EDI + * 006802F6 BA 03000000 MOV EDX,0x3 + * 006802FB 83E9 04 SUB ECX,0x4 + * 006802FE 72 0C JB SHORT .0068030C + * 00680300 83E0 03 AND EAX,0x3 + * 00680303 03C8 ADD ECX,EAX + * 00680305 FF2485 18036800 JMP DWORD PTR DS:[EAX*4+0x680318] + * 0068030C FF248D 14046800 JMP DWORD PTR DS:[ECX*4+0x680414] + * 00680313 90 NOP + * 00680314 FF248D 98036800 JMP DWORD PTR DS:[ECX*4+0x680398] + * 0068031B 90 NOP + * 0068031C 2803 SUB BYTE PTR DS:[EBX],AL + * 0068031E 68 00540368 PUSH 0x68035400 + * 00680323 0078 03 ADD BYTE PTR DS:[EAX+0x3],BH + * 00680326 68 0023D18A PUSH 0x8AD12300 + * 0068032B 06 PUSH ES + * 0068032C 8807 MOV BYTE PTR DS:[EDI],AL + * 0068032E 8A46 01 MOV AL,BYTE PTR DS:[ESI+0x1] + * 00680331 8847 01 MOV BYTE PTR DS:[EDI+0x1],AL + * 00680334 8A46 02 MOV AL,BYTE PTR DS:[ESI+0x2] + * + * 0067FA4F 8BC6 MOV EAX,ESI + * 0067FA51 EB 45 JMP SHORT .0067FA98 + * 0067FA53 397D 10 CMP DWORD PTR SS:[EBP+0x10],EDI + * 0067FA56 74 16 JE SHORT .0067FA6E + * 0067FA58 3975 0C CMP DWORD PTR SS:[EBP+0xC],ESI + * 0067FA5B 72 11 JB SHORT .0067FA6E + * 0067FA5D 56 PUSH ESI + * 0067FA5E FF75 10 PUSH DWORD PTR SS:[EBP+0x10] + * 0067FA61 FF75 08 PUSH DWORD PTR SS:[EBP+0x8] + * 0067FA64 E8 27080000 CALL .00680290 ; jichi: copy invoked here + * 0067FA69 83C4 0C ADD ESP,0xC + * 0067FA6C ^EB C1 JMP SHORT .0067FA2F + * 0067FA6E FF75 0C PUSH DWORD PTR SS:[EBP+0xC] + * 0067FA71 57 PUSH EDI + * 0067FA72 FF75 08 PUSH DWORD PTR SS:[EBP+0x8] + * + * 0012FC04 00000059 + * 0012FC08 00000000 + * 0012FC0C /0012FC28 + * 0012FC10 |0067FA69 RETURN to .0067FA69 from .00680290 + * 0012FC14 |072CEF78 ; jichi: target text + * 0012FC18 |07261840 ; jichi: source text + * 0012FC1C |00000059 ; jichi: source size + * 0012FC20 |FFFFFFFE + * 0012FC24 |00000000 + * 0012FC28 ]0012FC40 ; jichi: split + * 0012FC2C |00404E58 RETURN to .00404E58 from .0067FA1F + * 0012FC30 |072CEF78 ; jichi: target text + * 0012FC34 |0000005F ; jichi: target capacity + * 0012FC38 |07261840 ; jichi: source text + * 0012FC3C |00000059 ; jichi: source size + * 0012FC40 ]0012FC58 + * 0012FC44 |00404E38 RETURN to .00404E38 from .00404E40 + * 0012FC48 |072CEF78 + * 0012FC4C |0000005F + * 0012FC50 |07261840 + * 0012FC54 |00000059 + * 0012FC58 ]0012FC78 + * 0012FC5C |00404B06 RETURN to .00404B06 from .00404E20 + * 0012FC60 |072CEF78 + * 0012FC64 |0000005F + * 0012FC68 |07261840 + * 0012FC6C |00000059 + * 0012FC70 |00000000 + * 0012FC74 |0012FD30 + * 0012FC78 ]0012FC98 + * 0012FC7C |004025FE RETURN to .004025FE from .00404AE0 + * 0012FC80 |072CEF78 + * 0012FC84 |0000005F + * 0012FC88 |07261840 + * 0012FC8C |00000059 + * 0012FC90 |0012FD30 + * 0012FC94 |00000059 + * 0012FC98 ]0012FCB0 + * 0012FC9C |0040254B RETURN to .0040254B from .00402560 + * 0012FCA0 |074B6EA4 + * 0012FCA4 |00000000 + * 0012FCA8 |FFFFFFFF + * + * 07261840 83 4A 83 43 81 75 82 A0 82 C6 82 CD 82 B1 82 EA カイ「あとはこれ + * 07261850 82 C9 81 41 91 BA 92 B7 82 CC 83 54 83 43 83 93 に、村長のサイン + * 07261860 82 C6 88 F3 8A D3 82 F0 81 63 81 63 82 C1 82 C6 と印鑑を……っと + * 07261870 81 42 0D 0A 81 40 82 6E 82 6A 81 41 82 AB 82 E5 。.. OK、きょ + * 07261880 82 A4 82 CC 83 66 83 58 83 4E 83 8F 81 5B 83 4E うのデスクワーク + * 07261890 8F 49 97 B9 81 76 3C 65 3E 00 81 76 3C 65 3E 00 終了」.」. + * 072618A0 98 DD 95 48 00 40 00 88 83 4A 83 43 81 75 81 63 俤菱.@.・Jイ「… + * 072618B0 81 63 82 A4 82 F1 81 41 82 BB 82 A4 82 B5 82 E6 …うん、そうしよ + */ +namespace { // unnamed +bool TamamoFilter(LPVOID data, size_t *size, HookParam *) +{ + LPSTR text = (LPSTR)data; + if (::memchr(text, '<', *size)) + StringFilter(text, reinterpret_cast(size), "", 3); + StringFilter(text, reinterpret_cast(size), "\x0d\x0a\x81\x40", 4); // remove \n before space + StringFilterBetween(text,size,"<",1,">",1); + StringFilterBetween(text,size,"{",1,"}",1); + return true; +} +void SpecialHookTamamo(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) +{ + auto text = (LPCSTR)stack->stack[1]; // arg2 + auto size = stack->stack[2]; // arg3 + if (0 < size && size < VNR_TEXT_CAPACITY && size == ::strlen(text) && !all_ascii(text)) { + *data = (DWORD)text; + //*len = argof(esp_base, 3 - 1); + *len = size; + //*split = argof(8 - 1, esp_base); // use parent return address as split + //*split = argof(7 - 1, esp_base); // use the address just before parent retaddr + *split = stack->stack[5]; + //if (hp.split) + // *split = *(DWORD *)(esp_base + hp.split); + } +} +} // unnamed namespace +bool InsertTamamoHook() +{ + ULONG addr = 0; + { // for new games + const BYTE bytes[] = { + 0x8b,0xd6, // 0051c287 8bd6 mov edx,esi + 0x85,0xff, // 0051c289 85ff test edi,edi + 0x74, 0x0e, // 0051c28b 74 0e je short .0051c29b + 0x57, // 0051c28d 57 push edi + 0x8d,0x04,0x0b, // 0051c28e 8d040b lea eax,dword ptr ds:[ebx+ecx] + 0x50, // 0051c291 50 push eax + 0x52, // 0051c292 52 push edx + 0xe8 //f8440f00 // 0051c293 e8 f8440f00 call .00610790 ; jichi: copy invoked here + }; + enum { addr_offset = sizeof(bytes) - 1 }; + addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (addr) { + addr += addr_offset; + ConsoleOutput("Tamamo: pattern for new version found"); + } + } + if (!addr) { // for old games + const BYTE bytes[] = { + 0x72, 0x11, // 0067fa5b 72 11 jb short .0067fa6e + 0x56, // 0067fa5d 56 push esi + 0xff,0x75, 0x10, // 0067fa5e ff75 10 push dword ptr ss:[ebp+0x10] + 0xff,0x75, 0x08, // 0067fa61 ff75 08 push dword ptr ss:[ebp+0x8] + 0xe8 // 27080000 // 0067fa64 e8 27080000 call .00680290 ; jichi: copy invoked here + }; + enum { addr_offset = sizeof(bytes) - 1 }; + addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (addr) { + addr += addr_offset; + ConsoleOutput("Tamamo: pattern for old version found"); + } + } + if (!addr) { + ConsoleOutput("Tamamo: pattern not found"); + return false; + } + HookParam hp; + hp.address = addr; + hp.text_fun = SpecialHookTamamo; + hp.filter_fun = TamamoFilter; + hp.type = USING_STRING|USING_SPLIT|NO_CONTEXT; + ConsoleOutput("INSERT Tamamo"); + return NewHook(hp, "Tamamo"); +} +namespace{ + bool Tamamogettext(LPVOID data, size_t *size, HookParam *) + { + auto s=std::string((char*)data,*size); + + s=std::regex_replace(s, std::regex("\\{#(.*?)\\}"), ""); + s = std::regex_replace(s, std::regex("<(.*?)>"), ""); + + s = std::regex_replace(s, std::regex("(.*)\x81u([\\s\\S]*?)\x81v(.*)"), "\x81u$2\x81v"); //「 」 + s = std::regex_replace(s, std::regex("(.*)\x81i([\\s\\S]*?)\x81j(.*)"), "\x81i$2\x81j"); //( ) + *size = s.size(); + strcpy((char*)data, s.c_str()); + return true; + } + bool Tamamogetname(LPVOID data, size_t *size, HookParam *) + { + auto s=std::string((char*)data,*size); + + s=std::regex_replace(s, std::regex("\\{#(.*?)\\}"), ""); + s = std::regex_replace(s, std::regex("<(.*?)>"), ""); + if(s.find("\x81u")!=s.npos && s.find("\x81v")!=s.npos) + s = std::regex_replace(s, std::regex("(.*)\x81u([\\s\\S]*?)\x81v(.*)"), "$1"); //「 」 + else if (s.find("\x81i")!=s.npos && s.find("\x81j")!=s.npos) + s = std::regex_replace(s, std::regex("(.*)\x81i([\\s\\S]*?)\x81j(.*)"), "$1"); //( ) + else return false; + *size = s.size(); + strcpy((char*)data, s.c_str()); + return true; + } + bool tamamo3(){ + //閃光の騎士 ~カリスティアナイト~ + char face[]="face_%s_%s.png"; + auto addr = MemDbg::findBytes(face, sizeof(face), processStartAddress, processStopAddress); + if(addr==0)return false; + bool ok=false; + + BYTE bytes[]={0x68,XX4}; + memcpy(bytes+1,&addr,4); + for(auto addr:Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE, processStartAddress, processStopAddress)){ + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) continue; + HookParam hp; + hp.address = addr ; + hp.offset=get_stack(1); + hp.type = USING_STRING; + hp.filter_fun=Tamamogettext; + ok|=NewHook(hp, "tamamo_text"); + hp.address = addr+5 ; + hp.offset=get_stack(3); + hp.filter_fun=Tamamogetname; + ok|=NewHook(hp, "tamamo_name"); + } + return ok; + } +} +bool Tamamo::attach_function() { + bool aa=tamamo3(); + return InsertTamamoHook()||aa; +} \ No newline at end of file diff --git a/LunaHook/engine32/Tamamo.h b/LunaHook/engine32/Tamamo.h new file mode 100644 index 0000000..be54b48 --- /dev/null +++ b/LunaHook/engine32/Tamamo.h @@ -0,0 +1,15 @@ +#include"engine.h" + +class Tamamo:public ENGINE{ + public: + Tamamo(){ + + check_by=CHECK_BY::FILE_ALL; + check_by_target=check_by_list{ + L"data.pck", + L"image.pck", + L"script.pck" + }; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Tanuki.cpp b/LunaHook/engine32/Tanuki.cpp new file mode 100644 index 0000000..19e9528 --- /dev/null +++ b/LunaHook/engine32/Tanuki.cpp @@ -0,0 +1,70 @@ +#include"Tanuki.h" + +/** jichi 9/14/2013 + * TanukiSoft (*.tac) + * + * Seems to be broken for new games in 2012 such like となり� + * + * 微少女: /HSN4@004983E0 + * This is the same hook as ITH + * - addr: 4817888 (0x4983e0) + * - text_fun: 0x0 + * - off: 4 + * - type: 1025 (0x401) + * + * 隣り�ぷ�さ� /HSN-8@200FE7:TONARINO.EXE + * - addr: 2101223 (0x200fe7) + * - module: 2343491905 (0x8baed941) + * - off: 4294967284 = 0xfffffff4 = -0xc + * - type: 1089 (0x441) + */ +bool InsertTanukiHook() +{ + ConsoleOutput("trying TanukiSoft"); + for (DWORD i = processStartAddress; i < processStopAddress - 4; i++) + if (*(DWORD *)i == 0x8140) + if (DWORD j = SafeFindEnclosingAlignedFunction(i, 0x400)) { // jichi 9/14/2013: might crash the game without admin priv + //GROWL_DWORD2(i, j); + HookParam hp; + hp.address = j; + hp.offset=get_stack(1); + hp.type = USING_STRING | NO_CONTEXT|EMBED_ABLE|EMBED_BEFORE_SIMPLE|EMBED_AFTER_NEW|EMBED_DYNA_SJIS; + hp.hook_font=F_GetGlyphOutlineA; + ConsoleOutput("INSERT TanukiSoft"); + return NewHook(hp, "TanukiSoft"); + } + + //ConsoleOutput("Unknown TanukiSoft engine."); + ConsoleOutput("TanukiSoft: failed"); + return false; +} +bool InsertTanukiHook2() { + const BYTE bytes[] = { + //0x55,0x8b,0xec,0x53,0x8b,0x5d,0x08,0x56,0x8b,0xf1,0x85,0xdb string too long hook。但是这个会把所有字符串全提出来 + XX,0x9F,0x88,0x00,0x00, + 0x66 + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + ConsoleOutput("Tanuki %p", addr); + if (addr == 0)return false; + addr = MemDbg::findEnclosingAlignedFunction(addr,0x1000); + + if (addr == 0)return false; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(2); + hp.type = USING_STRING; + ConsoleOutput("Tanuki %p", addr); + return NewHook(hp, "Tanuki"); +} +bool Tanuki::attach_function() { + + bool b1= InsertTanukiHook(); + bool b2=InsertTanukiHook2(); + return b1||b2; +} +bool Tanuki_last::attach_function() { + + bool b1= InsertTanukiHook(); + return b1; +} \ No newline at end of file diff --git a/LunaHook/engine32/Tanuki.h b/LunaHook/engine32/Tanuki.h new file mode 100644 index 0000000..856f09c --- /dev/null +++ b/LunaHook/engine32/Tanuki.h @@ -0,0 +1,21 @@ +#include"engine.h" + +class Tanuki:public ENGINE{ + public: + Tanuki(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"*.tac"; + }; + bool attach_function(); +}; + +class Tanuki_last:public Tanuki{ + public: + Tanuki_last(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"*.g2"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Tarte.cpp b/LunaHook/engine32/Tarte.cpp new file mode 100644 index 0000000..87283ae --- /dev/null +++ b/LunaHook/engine32/Tarte.cpp @@ -0,0 +1,43 @@ +#include"Tarte.h" + +bool Tarte::attach_function() { + //ひなたぼっこ + //ひなたると~ひなたぼっこファンディスク~ + //スクールぱにっく! + //こいじばし https://vndb.org/v4247 + auto entry=Util::FindImportEntry(processStartAddress,(DWORD)GetGlyphOutlineA); + if(entry==0)return false; + BYTE bytes[]={0xFF,0x15,XX4}; + memcpy(bytes+2,&entry,4); + for(auto addr:Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE, processStartAddress, processStopAddress)){ + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) continue; + auto xrefs=findxref_reverse_checkcallop(addr,addr-0x1000,addr+0x1000,0xe8); + for(auto addrx:xrefs){ + auto addrx1 = MemDbg::findEnclosingAlignedFunction(addrx); + if (!addrx1) continue; + BYTE __[]={0x3C,0x81}; + auto _ = MemDbg::findBytes(__, 2, addrx1, addrx); + if(_==0)continue; + HookParam hp; + hp.address = addrx1; + hp.offset=get_stack(2); + hp.type = CODEC_ANSI_BE; + auto succ=NewHook(hp, "Tarte"); + + auto xrefs1=findxref_reverse_checkcallop(addrx1,addrx1-0x1000,addrx1+0x1000,0xe8); + for(auto addrx11:xrefs1){ + auto addrx12 = MemDbg::findEnclosingAlignedFunction(addrx11); + if(addrx11-addrx12<0x30){ + HookParam hp; + hp.address = addrx12; + hp.offset=get_stack(5); + hp.type = CODEC_ANSI_BE; + succ|=NewHook(hp, "Tarte"); + } + } + return succ; + } + } + return false; +} \ No newline at end of file diff --git a/LunaHook/engine32/Tarte.h b/LunaHook/engine32/Tarte.h new file mode 100644 index 0000000..a817154 --- /dev/null +++ b/LunaHook/engine32/Tarte.h @@ -0,0 +1,12 @@ +#include"engine.h" + +class Tarte:public ENGINE{ + public: + Tarte(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"caf\\script.caf"; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Taskforce2.cpp b/LunaHook/engine32/Taskforce2.cpp new file mode 100644 index 0000000..6819226 --- /dev/null +++ b/LunaHook/engine32/Taskforce2.cpp @@ -0,0 +1,401 @@ +#include"Taskforce2.h" +#include"embed_util.h" +/** + * jichi 1/2/2014: Taskforce2 Engine + * + * Examples: + * 神�仮)-カミサマカヂ�カリ- 路地裏繚乱編 (1.1) + * /HS-8@178872:Taskforce2.exe + * + * 00578819 . 50 push eax ; |arg1 + * 0057881a . c745 f4 cc636b>mov dword ptr ss:[ebp-0xc],taskforc.006b>; | + * 00578821 . e8 31870000 call taskforc.00580f57 ; \taskforc.00580f57 + * 00578826 . cc int3 + * 00578827 /$ 8b4c24 04 mov ecx,dword ptr ss:[esp+0x4] + * 0057882b |. 53 push ebx + * 0057882c |. 33db xor ebx,ebx + * 0057882e |. 3bcb cmp ecx,ebx + * 00578830 |. 56 push esi + * 00578831 |. 57 push edi + * 00578832 |. 74 08 je short taskforc.0057883c + * 00578834 |. 8b7c24 14 mov edi,dword ptr ss:[esp+0x14] + * 00578838 |. 3bfb cmp edi,ebx + * 0057883a |. 77 1b ja short taskforc.00578857 + * 0057883c |> e8 28360000 call taskforc.0057be69 + * 00578841 |. 6a 16 push 0x16 + * 00578843 |. 5e pop esi + * 00578844 |. 8930 mov dword ptr ds:[eax],esi + * 00578846 |> 53 push ebx + * 00578847 |. 53 push ebx + * 00578848 |. 53 push ebx + * 00578849 |. 53 push ebx + * 0057884a |. 53 push ebx + * 0057884b |. e8 6a050000 call taskforc.00578dba + * 00578850 |. 83c4 14 add esp,0x14 + * 00578853 |. 8bc6 mov eax,esi + * 00578855 |. eb 31 jmp short taskforc.00578888 + * 00578857 |> 8b7424 18 mov esi,dword ptr ss:[esp+0x18] + * 0057885b |. 3bf3 cmp esi,ebx + * 0057885d |. 75 04 jnz short taskforc.00578863 + * 0057885f |. 8819 mov byte ptr ds:[ecx],bl + * 00578861 |.^eb d9 jmp short taskforc.0057883c + * 00578863 |> 8bd1 mov edx,ecx + * 00578865 |> 8a06 /mov al,byte ptr ds:[esi] + * 00578867 |. 8802 |mov byte ptr ds:[edx],al + * 00578869 |. 42 |inc edx + * 0057886a |. 46 |inc esi + * 0057886b |. 3ac3 |cmp al,bl + * 0057886d |. 74 03 |je short taskforc.00578872 + * 0057886f |. 4f |dec edi + * 00578870 |.^75 f3 \jnz short taskforc.00578865 + * 00578872 |> 3bfb cmp edi,ebx ; jichi: hook here + * 00578874 |. 75 10 jnz short taskforc.00578886 + * 00578876 |. 8819 mov byte ptr ds:[ecx],bl + * 00578878 |. e8 ec350000 call taskforc.0057be69 + * 0057887d |. 6a 22 push 0x22 + * 0057887f |. 59 pop ecx + * 00578880 |. 8908 mov dword ptr ds:[eax],ecx + * 00578882 |. 8bf1 mov esi,ecx + * 00578884 |.^eb c0 jmp short taskforc.00578846 + * 00578886 |> 33c0 xor eax,eax + * 00578888 |> 5f pop edi + * 00578889 |. 5e pop esi + * 0057888a |. 5b pop ebx + * 0057888b \. c3 retn + * + * [131129] [Digital Cute] オトメスイッ� -OtomeSwitch- �彼が持ってる彼女のリモコン(1.1) + * /HS-8@1948E9:Taskforce2.exe + * - addr: 0x1948e9 + * - off: 4294967284 (0xfffffff4 = -0xc) + * - type: 65 (0x41) + * + * 00594890 . 50 push eax ; |arg1 + * 00594891 . c745 f4 64c56d>mov dword ptr ss:[ebp-0xc],taskforc.006d>; | + * 00594898 . e8 88880000 call taskforc.0059d125 ; \taskforc.0059d125 + * 0059489d . cc int3 + * 0059489e /$ 8b4c24 04 mov ecx,dword ptr ss:[esp+0x4] + * 005948a2 |. 53 push ebx + * 005948a3 |. 33db xor ebx,ebx + * 005948a5 |. 3bcb cmp ecx,ebx + * 005948a7 |. 56 push esi + * 005948a8 |. 57 push edi + * 005948a9 |. 74 08 je short taskforc.005948b3 + * 005948ab |. 8b7c24 14 mov edi,dword ptr ss:[esp+0x14] + * 005948af |. 3bfb cmp edi,ebx + * 005948b1 |. 77 1b ja short taskforc.005948ce + * 005948b3 |> e8 91350000 call taskforc.00597e49 + * 005948b8 |. 6a 16 push 0x16 + * 005948ba |. 5e pop esi + * 005948bb |. 8930 mov dword ptr ds:[eax],esi + * 005948bd |> 53 push ebx + * 005948be |. 53 push ebx + * 005948bf |. 53 push ebx + * 005948c0 |. 53 push ebx + * 005948c1 |. 53 push ebx + * 005948c2 |. e8 7e010000 call taskforc.00594a45 + * 005948c7 |. 83c4 14 add esp,0x14 + * 005948ca |. 8bc6 mov eax,esi + * 005948cc |. eb 31 jmp short taskforc.005948ff + * 005948ce |> 8b7424 18 mov esi,dword ptr ss:[esp+0x18] + * 005948d2 |. 3bf3 cmp esi,ebx + * 005948d4 |. 75 04 jnz short taskforc.005948da + * 005948d6 |. 8819 mov byte ptr ds:[ecx],bl + * 005948d8 |.^eb d9 jmp short taskforc.005948b3 + * 005948da |> 8bd1 mov edx,ecx + * 005948dc |> 8a06 /mov al,byte ptr ds:[esi] + * 005948de |. 8802 |mov byte ptr ds:[edx],al + * 005948e0 |. 42 |inc edx + * 005948e1 |. 46 |inc esi + * 005948e2 |. 3ac3 |cmp al,bl + * 005948e4 |. 74 03 |je short taskforc.005948e9 + * 005948e6 |. 4f |dec edi + * 005948e7 |.^75 f3 \jnz short taskforc.005948dc + * 005948e9 |> 3bfb cmp edi,ebx ; jichi: hook here + * 005948eb |. 75 10 jnz short taskforc.005948fd + * 005948ed |. 8819 mov byte ptr ds:[ecx],bl + * 005948ef |. e8 55350000 call taskforc.00597e49 + * 005948f4 |. 6a 22 push 0x22 + * 005948f6 |. 59 pop ecx + * 005948f7 |. 8908 mov dword ptr ds:[eax],ecx + * 005948f9 |. 8bf1 mov esi,ecx + * 005948fb |.^eb c0 jmp short taskforc.005948bd + * 005948fd |> 33c0 xor eax,eax + * 005948ff |> 5f pop edi + * 00594900 |. 5e pop esi + * 00594901 |. 5b pop ebx + * 00594902 \. c3 retn + * + * Use this if that hook fails, try this one for future engines: + * /HS0@44CADA + */ +bool InsertTaskforce2Hook() +{ + const BYTE bytes[] = { + 0x88,0x02, // 005948de |. 8802 |mov byte ptr ds:[edx],al + 0x42, // 005948e0 |. 42 |inc edx + 0x46, // 005948e1 |. 46 |inc esi + 0x3a,0xc3, // 005948e2 |. 3ac3 |cmp al,bl + 0x74, 0x03, // 005948e4 |. 74 03 |je short taskforc.005948e9 + 0x4f, // 005948e6 |. 4f |dec edi + 0x75, 0xf3, // 005948e7 |.^75 f3 \jnz short taskforc.005948dc + 0x3b,0xfb // 005948e9 |> 3bfb cmp edi,ebx ; jichi: hook here + }; + enum { addr_offset = sizeof(bytes) - 2 }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + //GROWL_DWORD3(reladdr, processStartAddress, range); + if (!addr) { + ConsoleOutput("Taskforce2: pattern not exist"); + return false; + } + + HookParam hp; + hp.address = addr + addr_offset; + hp.offset=get_reg(regs::ecx); // text in ecx + hp.type = USING_STRING; // 0x41 + hp.filter_fun=all_ascii_Filter; + //GROWL_DWORD(hp.address); + //hp.address = 0x1948e9 + processStartAddress; + + ConsoleOutput("INSERT Taskforce2"); + return NewHook(hp, "Taskforce2"); +} +bool InsertTaskforce2XHook() +{ + //ちんくる★ツインクル フェスティバル! + const BYTE bytes[] = { + 0X8A,0X07,0X89,0x7d,XX,0X84,0XC0,0x0F + }; + + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + + if (!addr) { + ConsoleOutput("Taskforce2: pattern not exist"); + return false; + } + + HookParam hp; + hp.address = addr ; + hp.offset=get_reg(regs::edi); + hp.type = USING_STRING|USING_SPLIT; // 0x41 + hp.split=get_reg(regs::eax); + hp.filter_fun=all_ascii_Filter; + + ConsoleOutput("INSERT Taskforce2"); + return NewHook(hp, "Taskforce2"); +} +namespace { // unnamed +namespace ScenarioHook { +namespace Private { + bool hookBefore(hook_stack*s,void* data1, size_t* len,uintptr_t*role) + { + + int capacity = s->stack[1]; // arg 2, should always be 0x1000 + auto text = (LPCSTR)s->stack[2]; // arg 3 + if (capacity <= 0 || !text || !*text) + return false; + * role = s->stack[2] == s->stack[12] ? Engine::ScenarioRole : Engine::OtherRole; + //auto split = s->edx; + //auto sig = Engine::hashThreadSignature(role, split); + enum { sig = 0 }; // split not used + strcpy((char*)data1,text); + *len=strlen(text);return true; + + return true; + } + void hookafter(hook_stack*s,void* data1, size_t len) + { + static std::string data_; + std::string newData=std::string((char*)data1,len); + data_ = newData; + int capacity = s->stack[1]; // arg 2, should always be 0x1000 + if (data_.size() >= capacity) + data_ = data_.substr(0,capacity - 1); + s->stack[2] = (ULONG)data_.c_str(); // arg 3 + } +} // namespace Private + +/** + * Sample game: オトメスイッチ + * + * Debugging method: hook to the ITH function, and then check stack + * strncpy is not hooked as it is also used to copy system text + * + * 0012D0D0 1A72224C + * 0012D0D4 1A721FA4 + * 0012D0D8 00000000 + * 0012D0DC 0044A61A RETURN to .0044A61A from .0058F477 + * 0012D0E0 1A72224C ; jichi: target text + * 0012D0E4 00001000 ; jichi: this value is different for different callers + * 0012D0E8 0D4CFA70 ; jichi: source text here + * 0012D0EC 00A53E0E .00A53E0E + * 0012D0F0 1A721F80 + * 0012D0F4 1AD70020 + * 0012D0F8 00000000 + * 0012D0FC 0012D138 Pointer to next SEH record + * 0012D100 0069D878 SE handler + * 0012D104 00000000 + * 0012D108 00451436 RETURN to .00451436 from .0044A5B0 + * 0012D10C 0D4CFAE8 + * 0012D110 0D4CFA70 + * 0012D114 0D4CF908 + * 0012D118 00000016 + * 0012D11C 00FFFFFF .00FFFFFF + * 0012D120 00000016 + * 0012D124 0000001F + * 0012D128 00A53FD2 .00A53FD2 + * 0012D12C 006E3BC8 .006E3BC8 + * 0012D130 00000000 + * 0012D134 0012D10C + * 0012D138 0012D8AC Pointer to next SEH record + * 0012D13C 0069D878 SE handler + * 0012D140 00000000 + * 0012D144 004617DD RETURN to .004617DD from .004513D0 + * 0012D148 00000000 + * 0012D14C 0D4CFAE8 + * 0012D150 00000000 + * 0012D154 00000000 + * 0012D158 006E3BC8 .006E3BC8 + * 0012D15C 00000016 + * 0012D160 0000001F + * + * Caller of the strncpy function + * 0044A5AF CC INT3 + * 0044A5B0 6A FF PUSH -0x1 + * 0044A5B2 68 78D86900 PUSH .0069D878 + * 0044A5B7 64:A1 00000000 MOV EAX,DWORD PTR FS:[0] + * 0044A5BD 50 PUSH EAX + * 0044A5BE 53 PUSH EBX + * 0044A5BF 55 PUSH EBP + * 0044A5C0 57 PUSH EDI + * 0044A5C1 A1 4C3F7F00 MOV EAX,DWORD PTR DS:[0x7F3F4C] + * 0044A5C6 33C4 XOR EAX,ESP + * 0044A5C8 50 PUSH EAX + * 0044A5C9 8D4424 10 LEA EAX,DWORD PTR SS:[ESP+0x10] + * 0044A5CD 64:A3 00000000 MOV DWORD PTR FS:[0],EAX + * 0044A5D3 33DB XOR EBX,EBX + * 0044A5D5 895C24 18 MOV DWORD PTR SS:[ESP+0x18],EBX + * 0044A5D9 8D7E 5C LEA EDI,DWORD PTR DS:[ESI+0x5C] + * 0044A5DC 8D6B 14 LEA EBP,DWORD PTR DS:[EBX+0x14] + * 0044A5DF 90 NOP + * 0044A5E0 53 PUSH EBX + * 0044A5E1 68 C83B6E00 PUSH .006E3BC8 + * 0044A5E6 8BCF MOV ECX,EDI + * 0044A5E8 E8 A376FBFF CALL .00401C90 + * 0044A5ED 83C7 1C ADD EDI,0x1C + * 0044A5F0 83ED 01 SUB EBP,0x1 + * 0044A5F3 ^75 EB JNZ SHORT .0044A5E0 + * 0044A5F5 8B4424 24 MOV EAX,DWORD PTR SS:[ESP+0x24] + * 0044A5F9 BD 10000000 MOV EBP,0x10 + * 0044A5FE 396C24 38 CMP DWORD PTR SS:[ESP+0x38],EBP + * 0044A602 73 04 JNB SHORT .0044A608 + * 0044A604 8D4424 24 LEA EAX,DWORD PTR SS:[ESP+0x24] + * 0044A608 50 PUSH EAX + * + * 0044A609 8DBE A8020000 LEA EDI,DWORD PTR DS:[ESI+0x2A8] + * 0044A60F 68 00100000 PUSH 0x1000 + * 0044A614 57 PUSH EDI + * + * 0044A615 E8 5D4E1400 CALL .0058F477 ; jichi: called here + * 0044A61A 8BC7 MOV EAX,EDI + * 0044A61C 83C4 0C ADD ESP,0xC + * 0044A61F 895E 58 MOV DWORD PTR DS:[ESI+0x58],EBX + * 0044A622 899E A8120000 MOV DWORD PTR DS:[ESI+0x12A8],EBX + * 0044A628 899E AC120000 MOV DWORD PTR DS:[ESI+0x12AC],EBX + * 0044A62E 8D50 01 LEA EDX,DWORD PTR DS:[EAX+0x1] + * 0044A631 8A08 MOV CL,BYTE PTR DS:[EAX] + * 0044A633 83C0 01 ADD EAX,0x1 + * 0044A636 3ACB CMP CL,BL + * 0044A638 ^75 F7 JNZ SHORT .0044A631 + * 0044A63A 2BC2 SUB EAX,EDX + * 0044A63C 6A FF PUSH -0x1 + * 0044A63E 8986 B0120000 MOV DWORD PTR DS:[ESI+0x12B0],EAX + * 0044A644 53 PUSH EBX + * 0044A645 8D4424 28 LEA EAX,DWORD PTR SS:[ESP+0x28] + * 0044A649 50 PUSH EAX + * 0044A64A 8D8E 8C020000 LEA ECX,DWORD PTR DS:[ESI+0x28C] + * 0044A650 899E B8120000 MOV DWORD PTR DS:[ESI+0x12B8],EBX + * 0044A656 E8 0575FBFF CALL .00401B60 + * 0044A65B 396C24 38 CMP DWORD PTR SS:[ESP+0x38],EBP + * 0044A65F 899E C8120000 MOV DWORD PTR DS:[ESI+0x12C8],EBX + * 0044A665 72 0D JB SHORT .0044A674 + * 0044A667 8B4C24 24 MOV ECX,DWORD PTR SS:[ESP+0x24] + * 0044A66B 51 PUSH ECX + * 0044A66C E8 C14A1400 CALL .0058F132 + * 0044A671 83C4 04 ADD ESP,0x4 + * 0044A674 8B4C24 10 MOV ECX,DWORD PTR SS:[ESP+0x10] + * 0044A678 64:890D 00000000 MOV DWORD PTR FS:[0],ECX + * 0044A67F 59 POP ECX + * 0044A680 5F POP EDI + * 0044A681 5D POP EBP + * 0044A682 5B POP EBX + * 0044A683 83C4 0C ADD ESP,0xC + * 0044A686 C2 1C00 RETN 0x1C + * 0044A689 CC INT3 + * + * This is properly the strncpy function. Capacity in arg2. Target in arg1. Source in arg3. + * 0058F476 CC INT3 + * 0058F477 8B4C24 04 MOV ECX,DWORD PTR SS:[ESP+0x4] + * 0058F47B 53 PUSH EBX + * 0058F47C 33DB XOR EBX,EBX + * 0058F47E 3BCB CMP ECX,EBX + * 0058F480 56 PUSH ESI + * 0058F481 57 PUSH EDI + * 0058F482 74 08 JE SHORT .0058F48C + * 0058F484 8B7C24 14 MOV EDI,DWORD PTR SS:[ESP+0x14] + * 0058F488 3BFB CMP EDI,EBX + * 0058F48A 77 1B JA SHORT .0058F4A7 + * 0058F48C E8 D8390000 CALL .00592E69 + * 0058F491 6A 16 PUSH 0x16 + * 0058F493 5E POP ESI + * 0058F494 8930 MOV DWORD PTR DS:[EAX],ESI + * 0058F496 53 PUSH EBX + * 0058F497 53 PUSH EBX + * 0058F498 53 PUSH EBX + * 0058F499 53 PUSH EBX + * 0058F49A 53 PUSH EBX + * 0058F49B E8 D9010000 CALL .0058F679 + * 0058F4A0 83C4 14 ADD ESP,0x14 + * 0058F4A3 8BC6 MOV EAX,ESI + * 0058F4A5 EB 31 JMP SHORT .0058F4D8 + * 0058F4A7 8B7424 18 MOV ESI,DWORD PTR SS:[ESP+0x18] + * 0058F4AB 3BF3 CMP ESI,EBX + * 0058F4AD 75 04 JNZ SHORT .0058F4B3 + * 0058F4AF 8819 MOV BYTE PTR DS:[ECX],BL + * 0058F4B1 ^EB D9 JMP SHORT .0058F48C + * 0058F4B3 8BD1 MOV EDX,ECX + * + * Sample game: 神様(仮)-カミサマカッコカリ-路地裏繚乱編 + */ + +bool attach(ULONG startAddress, ULONG stopAddress) +{ + const uint8_t bytes[] = { + 0x8d,0xbe, 0xa8,0x02,0x00,0x00, // 0044a609 8dbe a8020000 lea edi,dword ptr ds:[esi+0x2a8] + 0x68, 0x00,0x10,0x00,0x00, // 0044a60f 68 00100000 push 0x1000 + 0x57, // 0044a614 57 push edi + 0xe8 // 0044a615 e8 5d4e1400 call .0058f477 ; jichi: called here + }; + enum { addr_offset = sizeof(bytes) - 1 }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if(addr==0)return false; + HookParam hp; + hp.address=addr + addr_offset; + hp.hook_before=Private::hookBefore; + hp.hook_after=Private::hookafter; + hp.hook_font=F_GetGlyphOutlineA; + hp.type=USING_STRING|EMBED_ABLE|EMBED_DYNA_SJIS; + return NewHook(hp,"EmbedTaskforce"); +} + +} // namespace ScenarioHook +} // unnamed namespace + + +bool Taskforce2::attach_function() { + + bool b1= InsertTaskforce2Hook(); + bool b2=InsertTaskforce2XHook(); + bool b3=ScenarioHook::attach(processStartAddress,processStopAddress); + return b1||b2||b3; +} \ No newline at end of file diff --git a/LunaHook/engine32/Taskforce2.h b/LunaHook/engine32/Taskforce2.h new file mode 100644 index 0000000..2f875a4 --- /dev/null +++ b/LunaHook/engine32/Taskforce2.h @@ -0,0 +1,13 @@ +#include"engine.h" + +class Taskforce2:public ENGINE{ + public: + Taskforce2(){ + + check_by=CHECK_BY::CUSTOM; + check_by_target=[](){ + return (wcsstr(processName_lower, L"taskforce2") || !wcsncmp(processName_lower, L"taskfo~", 7) || Util::CheckFile(L"Taskforce2.exe")); + }; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Tenco.cpp b/LunaHook/engine32/Tenco.cpp new file mode 100644 index 0000000..8098050 --- /dev/null +++ b/LunaHook/engine32/Tenco.cpp @@ -0,0 +1,154 @@ +#include"Tenco.h" + +/** + * jichi 4/1/2014: Insert AU hook + * Sample games: + * 英雼�戦姫: /HBN-8*4@4AD807 + * 英雼�戦姫GOLD: /HB-8*4@4ADB50 (alternative) + * + * /HBN-8*4@4AD807 + * - addr: 4904967 = 0x4ad807 + * - ind: 4 + * - length_offset: 1 + * - off: 4294967284 = 0xfffffff4 = -0xc + * - type: 1032 = 0x408 + * + * 004ad76a |. ff50 04 |call dword ptr ds:[eax+0x4] + * 004ad76d |. 48 |dec eax ; switch (cases 1..a) + * 004ad76e |. 83f8 09 |cmp eax,0x9 + * 004ad771 |. 0f87 37020000 |ja 英雼�戦.004ad9ae + * 004ad777 |. ff2485 2cda4a0>|jmp dword ptr ds:[eax*4+0x4ada2c] + * 004ad77e |> 83bf c4000000 >|cmp dword ptr ds:[edi+0xc4],0x1 ; case 1 of switch 004ad76d + * 004ad785 |. 75 35 |jnz short 英雼�戦.004ad7bc + * 004ad787 |. 39af c8000000 |cmp dword ptr ds:[edi+0xc8],ebp + * 004ad78d |. 72 08 |jb short 英雼�戦.004ad797 + * 004ad78f |. 8b87 b4000000 |mov eax,dword ptr ds:[edi+0xb4] + * 004ad795 |. eb 06 |jmp short 英雼�戦.004ad79d + * 004ad797 |> 8d87 b4000000 |lea eax,dword ptr ds:[edi+0xb4] + * 004ad79d |> 0fb608 |movzx ecx,byte ptr ds:[eax] + * 004ad7a0 |. 51 |push ecx + * 004ad7a1 |. e8 d15b2a00 |call 英雼�戦.00753377 + * 004ad7a6 |. 83c4 04 |add esp,0x4 + * 004ad7a9 |. 85c0 |test eax,eax + * 004ad7ab |. 74 0f |je short 英雼�戦.004ad7bc + * 004ad7ad |. 8d5424 20 |lea edx,dword ptr ss:[esp+0x20] + * 004ad7b1 |. 52 |push edx + * 004ad7b2 |. b9 88567a00 |mov ecx,英雼�戦.007a5688 + * 004ad7b7 |. e8 a40cf6ff |call 英雼�戦.0040e460 + * 004ad7bc |> 8b8424 e400000>|mov eax,dword ptr ss:[esp+0xe4] + * 004ad7c3 |. 8a48 01 |mov cl,byte ptr ds:[eax+0x1] + * 004ad7c6 |. 84c9 |test cl,cl + * 004ad7c8 |. 75 2e |jnz short 英雼�戦.004ad7f8 + * 004ad7ca |. 8d9f b0000000 |lea ebx,dword ptr ds:[edi+0xb0] + * 004ad7d0 |. be ac6e7a00 |mov esi,英雼�戦.007a6eac + * 004ad7d5 |. 8bcb |mov ecx,ebx + * 004ad7d7 |. e8 e40af6ff |call 英雼�戦.0040e2c0 + * 004ad7dc |. 84c0 |test al,al + * 004ad7de |. 0f84 ca010000 |je 英雼�戦.004ad9ae + * 004ad7e4 |. be a86e7a00 |mov esi,英雼�戦.007a6ea8 + * 004ad7e9 |. 8bcb |mov ecx,ebx + * 004ad7eb |. e8 d00af6ff |call 英雼�戦.0040e2c0 + * 004ad7f0 |. 84c0 |test al,al + * 004ad7f2 |. 0f84 b6010000 |je 英雼�戦.004ad9ae + * 004ad7f8 |> 6a 00 |push 0x0 + * 004ad7fa |. 8d8f b0000000 |lea ecx,dword ptr ds:[edi+0xb0] + * 004ad800 |. 83c8 ff |or eax,0xffffffff + * 004ad803 |. 8d5c24 24 |lea ebx,dword ptr ss:[esp+0x24] + * 004ad807 |. e8 740cf6ff |call 英雼�戦.0040e480 ; jichi: hook here + * 004ad80c |. e9 9d010000 |jmp 英雼�戦.004ad9ae + * 004ad811 |> 8b8c24 e400000>|mov ecx,dword ptr ss:[esp+0xe4] ; case 4 of switch 004ad76d + * 004ad818 |. 8039 00 |cmp byte ptr ds:[ecx],0x0 + * 004ad81b |. 0f84 8d010000 |je 英雼�戦.004ad9ae + * 004ad821 |. b8 04000000 |mov eax,0x4 + * 004ad826 |. b9 c86e7a00 |mov ecx,英雼�戦.007a6ec8 ; ascii "
" + * 004ad82b |. 8d5424 20 |lea edx,dword ptr ss:[esp+0x20] + * 004ad82f |. e8 3c0df6ff |call 英雼�戦.0040e570 + * 004ad834 |. e9 75010000 |jmp 英雼�戦.004ad9ae + * 004ad839 |> 8bbf b4000000 |mov edi,dword ptr ds:[edi+0xb4] ; case 5 of switch 004ad76d + */ +bool InsertTencoHook() +{ + const BYTE bytes[] = { + 0x6a, 0x00, // 004ad7f8 |> 6a 00 |push 0x0 + 0x8d,0x8f, 0xb0,0x00,0x00,0x00, // 004ad7fa |. 8d8f b0000000 |lea ecx,dword ptr ds:[edi+0xb0] + 0x83,0xc8, 0xff, // 004ad800 |. 83c8 ff |or eax,0xffffffff + 0x8d,0x5c,0x24, 0x24, // 004ad803 |. 8d5c24 24 |lea ebx,dword ptr ss:[esp+0x24] + 0xe8 //740cf6ff // 004ad807 |. e8 740cf6ff |call 英雼�戦.0040e480 ; jichi: hook here + }; + enum { addr_offset = sizeof(bytes) - 1 }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + //reladdr = 0x4ad807; + if (!addr) { + ConsoleOutput("Tenco: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr + addr_offset; + hp.index = 4; + hp.offset=get_reg(regs::ecx); + hp.type = NO_CONTEXT|DATA_INDIRECT; + + ConsoleOutput("INSERT Tenco"); + return NewHook(hp, "Tenco"); +} +bool LWScript() { + BYTE bytes[] = { + 0x33,0xdb, + 0x53, + 0x8d,0x87,XX4, + 0x50, + 0x55, + 0x57, + 0xe8 + }; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + ConsoleOutput("LWScript %p", addr); + if (addr == 0)return false; + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::edx); + hp.type = USING_STRING; + return NewHook(hp, "LWScript"); +} +bool LWScript2() { + BYTE bytes[] = { + 0x66,0xC1,0xE8,0x08, + 0x3C,0x81 + }; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + ConsoleOutput("LWScript2 %p", addr); + if (addr == 0)return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (addr == 0)return false; + int off; + if (*(BYTE*)(addr + 3) == 0x4C)get_stack(2); + else off=get_reg(regs::ecx); + HookParam hp; + hp.address = addr; + hp.offset = off; + hp.type = CODEC_ANSI_BE; + auto succ=NewHook(hp, "LWScript2"); + + auto addrs=findxref_reverse(addr, addr - 0x10000,addr); + for (auto addr : addrs) { + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (addr == 0)continue; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(5); + hp.type = CODEC_ANSI_BE; + ConsoleOutput("LWScript2_xref %p", addr); + succ|=NewHook(hp, "LWScript2_xref"); + } + return succ; +} + +bool Tenco::attach_function() { + + bool b3= InsertTencoHook(); + bool b1=LWScript(); + bool b2=LWScript2(); + return b1||b2||b3; +} \ No newline at end of file diff --git a/LunaHook/engine32/Tenco.h b/LunaHook/engine32/Tenco.h new file mode 100644 index 0000000..c01605a --- /dev/null +++ b/LunaHook/engine32/Tenco.h @@ -0,0 +1,11 @@ +#include"engine.h" + +class Tenco:public ENGINE{ + public: + Tenco(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"Check.mdx"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/TerraLunar.cpp b/LunaHook/engine32/TerraLunar.cpp new file mode 100644 index 0000000..41063ca --- /dev/null +++ b/LunaHook/engine32/TerraLunar.cpp @@ -0,0 +1,25 @@ +#include"TerraLunar.h" + + +bool TerraLunar::attach_function() { + const BYTE bytes[] = { + //らくえん~あいかわらずなぼく。の場合~ + 0x8A,0x08, + 0x81,0xF9,0x9F,0x00,0x00,0x00, + 0x7E + }; + auto addrs = Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE, processStartAddress, processStopAddress); + auto succ=false; + for (auto addr : addrs) { + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::eax); + hp.type = USING_STRING; + hp.filter_fun=[](void* data, size_t* len, HookParam* hp){ + StringFilter(reinterpret_cast(data), len , "[w]", 3); + return true; + }; + succ|=NewHook(hp, "TerraLunar"); + } + return succ; +} \ No newline at end of file diff --git a/LunaHook/engine32/TerraLunar.h b/LunaHook/engine32/TerraLunar.h new file mode 100644 index 0000000..ade0559 --- /dev/null +++ b/LunaHook/engine32/TerraLunar.h @@ -0,0 +1,11 @@ +#include"engine.h" + +class TerraLunar:public ENGINE{ + public: + TerraLunar(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"data_script.pac"; + }; + bool attach_function(); +}; diff --git a/LunaHook/engine32/TinkerBell.cpp b/LunaHook/engine32/TinkerBell.cpp new file mode 100644 index 0000000..2dc5476 --- /dev/null +++ b/LunaHook/engine32/TinkerBell.cpp @@ -0,0 +1,237 @@ +#include"TinkerBell.h" +bool InsertTinkerBellHook() +{ + //DWORD s1,s2,i; + //DWORD ch=0x8141; + DWORD i; + WORD count; + count = 0; + HookParam hp; + hp.type = CODEC_ANSI_BE|NO_CONTEXT; + for (i = processStartAddress; i< processStopAddress - 4; i++) { + if (*(DWORD*)i == 0x8141) { + BYTE t = *(BYTE*)(i - 1); + if (t == 0x3d || t == 0x2d) { + hp.offset=get_reg(regs::eax); + hp.address = i - 1; + } else if (*(BYTE*)(i-2) == 0x81) { + t &= 0xf8; + if (t == 0xf8 || t == 0xe8) { + hp.offset = -8 - ((*(BYTE*)(i-1) & 7) << 2); + hp.address = i - 2; + } + } + if (hp.address) { + char hook_name[0x20]; + ::strcpy(hook_name, "TinkerBell"); // size = 0xa + hook_name[0xa] = '0' + count; + hook_name[0xb] = 0; + ConsoleOutput("INSERT TinkerBell"); + count+=NewHook(hp, hook_name); + hp.address = 0; + } + } + } + if (count) return true; + ConsoleOutput("TinkerBell: failed"); + return false; +} + +// s1=SearchPattern(processStartAddress,processStopAddress-processStartAddress-4,&ch,4); +// if (s1) +// { +// for (i=s1;i>s1-0x400;i--) +// { +// if (*(WORD*)(processStartAddress+i)==0xec83) +// { +// hp.address=processStartAddress+i; +// NewHook(hp, "C.System"); +// break; +// } +// } +// } +// s2=s1+SearchPattern(processStartAddress+s1+4,processStopAddress-s1-8,&ch,4); +// if (s2) +// { +// for (i=s2;i>s2-0x400;i--) +// { +// if (*(WORD*)(processStartAddress+i)==0xec83) +// { +// hp.address=processStartAddress+i; +// NewHook(hp, "TinkerBell"); +// break; +// } +// } +// } +// //if (count) + //RegisterEngineType(ENGINE_TINKER); +namespace{ +bool WendyBell_filter(void* data, size_t* len, HookParam* hp){ + + auto wc=std::wstring(reinterpret_cast(data),*len/2); + + for(int i=0;i(data),wc.c_str()); + return true; +} +} + +namespace{ +std::wstring last=L""; +bool tkbl_filter(void* data, size_t* len, HookParam* hp){ + StringFilter(reinterpret_cast(data), reinterpret_cast(len), L"\x26bc\x65\x25\xffff", 4);//移除心形 + + WendyBell_filter(data,len,hp); + auto str=std::wstring(reinterpret_cast(data),*len/2 -1); //末尾存在一个换行符 + + if(last==str)return false; + last=str; + + *len=str.size()*2; + wcscpy(reinterpret_cast(data),str.c_str()); + return true; +} +bool tkbl(){ + // せをはやみ + const BYTE bytes[] = { + 0x55,0x8b,0xec, + 0x83,0xec,0x0c, + 0x53,0x56, + 0x8b,0xf1, + 0x8b,0x5e,0x10, + 0x8b,0x4e,0x14, + 0x89,0x5d,0xf4, + 0x89,0x4d,0xfc, + 0x3b,0xd9 + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!addr) return false; + + HookParam hp; + hp.type = USING_STRING|CODEC_UTF16|NO_CONTEXT; + hp.address = addr; + hp.filter_fun=tkbl_filter; + hp.text_fun = [](auto, HookParam *hp, uintptr_t* data, uintptr_t* split, size_t* count) + { + auto str=reinterpret_cast(*data); + *count = wcslen(str)*2 ; + *split = (wcschr(str ,0x3010) != nullptr)&&(wcschr(str, 0x3011) != nullptr); + }; + hp.offset=get_reg(regs::ebx); + return NewHook(hp, "tkbl"); +} +} + +bool InsertWendyBellHook() { + const BYTE bytes[] = { + + 0x83,0xbe,XX4,0x00, + 0x8b,XX2, + 0x0f,0x85,XX4, + 0x83,0xbe,XX4,0x00, + 0x0f,0x85,XX4, + 0x83,0xbe,XX4,0x00, + 0x0f,0x84,XX4 +/*.always:0048E4CA 83 BE F8 04 00 00 00 cmp dword ptr[esi + 4F8h], 0 +.always : 0048E4D1 8B 5D 84 mov ebx,[ebp + Src] +.always : 0048E4D4 0F 85 86 F8 FF FF jnz loc_48DD60 +.always : 0048E4D4 +.always : 0048E4DA 83 BE F4 04 00 00 00 cmp dword ptr[esi + 4F4h], 0 +.always : 0048E4E1 0F 85 79 F8 FF FF jnz loc_48DD60 +.always : 0048E4E1 +.always : 0048E4E7 83 BE 00 05 00 00 00 cmp dword ptr[esi + 500h], 0 +.always : 0048E4EE 0F 84 6C F8 FF FF jz loc_48DD60*/ + + }; + const BYTE bytes2[] = { + //夢幻のさくら ~緋艶姫淫辱孕蝕譚~ + //妖花の園 + 0x8b,0x86,XX4, + 0x6a,0x00, + 0x8b,0x80,XX4, + 0x50, + 0x8b,0x08, + 0xff,0x91,XX4, + 0x8b,0x45,XX, + 0x83,0xF8,0x08 + // +//.always:0048E51D 8B 86 58 0A 00 00 mov eax,[esi + 0A58h] +//.always : 0048E523 6A 00 push 0 +//.always : 0048E525 8B 80 B8 01 00 00 mov eax,[eax + 1B8h] +//.always : 0048E52B 50 push eax +//.always : 0048E52C 8B 08 mov ecx,[eax] +//.always:0048E52E FF 91 C4 00 00 00 call dword ptr[ecx + 0C4h] +//.always : 0048E52E +//.always : 0048E534 8B 45 DC mov eax,[ebp + var_24] +//.always : 0048E537 83 F8 08 cmp eax, 8 + }; + + auto addrs = Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE, processStartAddress, processStopAddress); + auto addrs2 = Util::SearchMemory(bytes2, sizeof(bytes2), PAGE_EXECUTE, processStartAddress, processStopAddress); + addrs.insert(addrs.end(), addrs2.begin(), addrs2.end()); + auto succ=false; + for (auto addr : addrs) { + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::ebx); + hp.filter_fun=WendyBell_filter; + hp.type = USING_STRING | CODEC_UTF16 | NO_CONTEXT; + ConsoleOutput("%p",addr); + succ|=NewHook(hp, "WendyBell"); + } + + + return succ; +} + +namespace{ +bool _2() { + + const BYTE bytes[] = { + //夢幻のさくら2 + 0x55,0x8b,0xec, + 0x53, + 0x8b,0x5d,0x08, + 0x56,0x8b,0xf1, + 0x57, + 0x8b,0x4e,0x10, + 0x8b,0xc1, + 0xf7,0xd0, + 0x3b,0xc3 + }; + auto addrs = Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE, processStartAddress, processStopAddress); + auto succ=false; + for (auto addr : addrs) { + HookParam hp; + hp.address = addr; + hp.offset=get_stack(2); + hp.type = CODEC_UTF16; + succ|=NewHook(hp, "TinkerBell"); + } + return succ; +} +} +bool TinkerBell::attach_function() { + return InsertTinkerBellHook()||tkbl()||InsertWendyBellHook()||_2(); +} +bool TinkerBellold::attach_function(){ + HookParam hp; + hp.address =(DWORD) ExtTextOutA; + + hp.offset =get_stack(6); + hp.type = USING_STRING|USING_SPLIT; + hp.split=get_stack(5); + return NewHook(hp, "TinkerBell"); +} diff --git a/LunaHook/engine32/TinkerBell.h b/LunaHook/engine32/TinkerBell.h new file mode 100644 index 0000000..ab18051 --- /dev/null +++ b/LunaHook/engine32/TinkerBell.h @@ -0,0 +1,45 @@ +#include"engine.h" + +class TinkerBell:public ENGINE{ + public: + TinkerBell(){ + + check_by=CHECK_BY::CUSTOM; + is_engine_certain=false; + check_by_target=[](){ + wchar_t arcdatpattern[] = L"Arc0%d.dat"; + wchar_t arcdat[20]; + bool iswendybell = false; + for (int i = 0; i < 10; i++) { + wsprintf(arcdat, arcdatpattern, i); + if (Util::CheckFile(arcdat)) { + iswendybell = true; break; + } + } + return (wcsstr(processName_lower, L"c,system"))||iswendybell || Util::SearchResourceString(L"TinkerBell"); + }; + }; + bool attach_function(); +}; + +class TinkerBellold:public ENGINE{ + public: + TinkerBellold(){ + + check_by=CHECK_BY::CUSTOM; + is_engine_certain=false; + check_by_target=[](){ + wchar_t arcdatpattern[] = L"arc%c.dat"; + wchar_t arcdat[20]; + bool iswendybell = false; + for (int i = 'a'; i <='z'; i++) { + wsprintf(arcdat, arcdatpattern, i); + if (Util::CheckFile(arcdat)) { + iswendybell = true; break; + } + } + return iswendybell &&Util::CheckFile(L"head.dat"); + }; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Tomato.cpp b/LunaHook/engine32/Tomato.cpp new file mode 100644 index 0000000..a6c0e29 --- /dev/null +++ b/LunaHook/engine32/Tomato.cpp @@ -0,0 +1,21 @@ +#include"Tomato.h" +bool Tomato::attach_function() { + //姫武者 + auto entry=Util::FindImportEntry(processStartAddress,(DWORD)TextOutA); + if(entry==0)return false; + BYTE bytes[]={0xFF,0x15,XX4}; + memcpy(bytes+2,&entry,4); + bool ok=false; + for(auto addr:Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE, processStartAddress, processStopAddress)){ + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) continue; + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::edx); + hp.type = DATA_INDIRECT; + hp.index = 0; + ok|=NewHook(hp, "Tomato"); + } + return ok; +} + \ No newline at end of file diff --git a/LunaHook/engine32/Tomato.h b/LunaHook/engine32/Tomato.h new file mode 100644 index 0000000..dd9ef37 --- /dev/null +++ b/LunaHook/engine32/Tomato.h @@ -0,0 +1,12 @@ +#include"engine.h" + +class Tomato:public ENGINE{ + public: + Tomato(){ + + is_engine_certain=false; + check_by=CHECK_BY::FILE_ALL; + check_by_target=check_by_list{L"*.kun",L"*.arc"}; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Triangle.cpp b/LunaHook/engine32/Triangle.cpp new file mode 100644 index 0000000..65efd98 --- /dev/null +++ b/LunaHook/engine32/Triangle.cpp @@ -0,0 +1,123 @@ +#include"Triangle.h" +bool InsertTriangleHook() +{ + for (DWORD i = processStartAddress; i < processStopAddress - 4; i++){ + DWORD j=0; + if ((*(DWORD *)i & 0xffffff) == 0x75403c){ + j=i + 4 + *(BYTE*)(i+3); + } + else if((*(DWORD *)i & 0xffffffff) == 0x850f403c) + //长跳转 + //エグゼクタースクリプト + j = i + 4 + *(int*)(i+4); + + if(j){ + for (DWORD k = j + 0x20; j < k; j++) + if (*(BYTE*)j == 0xe8) { + DWORD t = j + 5 + *(DWORD *)(j + 1); + if (t > processStartAddress && t < processStopAddress) { + HookParam hp; + hp.address = t; + hp.offset=get_stack(1); + hp.type = USING_STRING; + ConsoleOutput("INSERT Triangle"); + return NewHook(hp, "Triangle"); + } + } + } + } + + //ConsoleOutput("Old/Unknown Triangle engine."); + ConsoleOutput("Triangle: failed"); + return false; +} + + +bool Triangle::attach_function() { + return InsertTriangleHook(); +} + +bool InsertTrianglePixHook() +{ + + /* + * Sample games: + * https://vndb.org/v38070 + * https://vndb.org/v42090 + * https://vndb.org/v41025 + */ + const BYTE bytes[] = { + 0x50, // push eax << hook here + 0xE8, XX4, // call FinalIgnition.exe+4DE10 + 0x8B, 0x83, XX4, // mov eax,[ebx+0000DCA0] + 0x8D, 0x8D, XX4, // lea ecx,[ebp-0000022C] + 0x83, 0x7D, 0x44, 0x10, // cmp dword ptr [ebp+44],10 + 0xFF, 0x75, 0x40 // push [ebp+40] + }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) return false; + + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::eax); + hp.index = 0; + hp.type = CODEC_UTF8 | USING_STRING | NO_CONTEXT; + hp.filter_fun = NewLineCharToSpaceFilterA; + return NewHook(hp, "TrianglePix"); +} +bool Triangle2_attach_function(){ + const BYTE bytes[] = { + 0x0f,0x57,XX, + 0x68,0x0F,0x27,0x00,0x00, + 0x0f,0x57,XX + }; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + ConsoleOutput("%p", addr); + if (addr == 0)return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + ConsoleOutput("%p", addr); + if (addr == 0)return false; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(5); + hp.type = USING_STRING|CODEC_UTF8|NO_CONTEXT; + return NewHook(hp, "triangle"); +} +bool Triangle2::attach_function(){ + return Triangle2_attach_function()||InsertTrianglePixHook(); +} +bool TriangleM1(){ + auto _=L"${FirstName}"; + ULONG addr = MemDbg::findBytes(_, sizeof(_), processStartAddress, processStopAddress); + if (!addr) return false; + + BYTE pushoffset[]={0x68,XX4}; + *(DWORD*)(pushoffset+1)=addr; + addr = MemDbg::findBytes(pushoffset, sizeof(pushoffset), processStartAddress, processStopAddress); + if (!addr) return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (addr == 0)return false; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(2); + hp.type = USING_STRING|CODEC_UTF16; + return NewHook(hp, "TriangleM"); +} +bool TriangleM2(){ + BYTE _[]={0x33,0xff,0x66,0x39,0x3b,0x74}; + ULONG addr = MemDbg::findBytes(_, sizeof(_), processStartAddress, processStopAddress); + if (!addr) return false; + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::ebx); + hp.type = USING_STRING|CODEC_UTF16|NO_CONTEXT; + return NewHook(hp, "TriangleM"); +} +bool TriangleM::attach_function(){ + //蛇香のライラ ~Allure of MUSK~ 第一夜 ヨーロピアン・ナイト 体験版 + auto _1=TriangleM1(); + auto _2=TriangleM2(); + return _1||_2; +} \ No newline at end of file diff --git a/LunaHook/engine32/Triangle.h b/LunaHook/engine32/Triangle.h new file mode 100644 index 0000000..a5b2ac8 --- /dev/null +++ b/LunaHook/engine32/Triangle.h @@ -0,0 +1,41 @@ +#include"engine.h" + +class Triangle:public ENGINE{ + public: + Triangle(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"Execle.exe"; + }; + bool attach_function(); +}; + + +class Triangle2:public ENGINE{ + public: + Triangle2(){ + + check_by=CHECK_BY::FILE_ALL; + check_by_target=check_by_list{L"pix.bin",L"pix.xml"}; + }; + bool attach_function(); +}; + + +class TriangleM:public ENGINE{ + public: + TriangleM(){ + + check_by=CHECK_BY::CUSTOM; + check_by_target=[]{ + wchar_t _[]=L"fsroot_\\common\\app_info.rson"; + + for(int i=0;i<10;i++){ + _[6]=L'0'+i; + if(Util::CheckFile(_))return 1; + } + return 0; + }; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Troy.cpp b/LunaHook/engine32/Troy.cpp new file mode 100644 index 0000000..1d09e8c --- /dev/null +++ b/LunaHook/engine32/Troy.cpp @@ -0,0 +1,24 @@ +#include"Troy.h" + +bool Troy::attach_function() { + //Reverse desire~裏返る欲望~ + auto dll=GetModuleHandleW(L"sfe.dll"); + if(dll==0)return false; + auto [minaddr,maxaddr]=Util::QueryModuleLimits(dll); + BYTE bytes[] = { + 0x3C,0x82, + XX2, + 0x80,0xFB,0x9F, + XX2, + 0x80,0xFB,0xF1 + }; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), minaddr, maxaddr); + if (addr == 0)return false; + addr=MemDbg::findEnclosingAlignedFunction(addr); + if (addr == 0)return false; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(2); + hp.type = CODEC_ANSI_BE; + return NewHook(hp, "Troy"); +} \ No newline at end of file diff --git a/LunaHook/engine32/Troy.h b/LunaHook/engine32/Troy.h new file mode 100644 index 0000000..4430317 --- /dev/null +++ b/LunaHook/engine32/Troy.h @@ -0,0 +1,12 @@ +#include"engine.h" + +class Troy:public ENGINE{ + public: + Troy(){ + + check_by=CHECK_BY::FILE_ALL; + check_by_target=check_by_list{L"*.mma",L"sfe.dll"}; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Unicorn.cpp b/LunaHook/engine32/Unicorn.cpp new file mode 100644 index 0000000..bc3d6a5 --- /dev/null +++ b/LunaHook/engine32/Unicorn.cpp @@ -0,0 +1,858 @@ +#include"Unicorn.h" + #include"embed_util.h" +/** + * jichi 9/16/2013: a-unicorn / gesen18 + * See (CaoNiMaGeBi): http://tieba.baidu.com/p/2586681823 + * Pattern: 2bce8bf8 + * 2bce sub ecx,esi ; hook here + * 8bf8 mov eds,eax + * 8bd1 mov edx,ecx + * + * /HBN-20*0@xxoo + * - length_offset: 1 + * - off: 4294967260 (0xffffffdc) + * - type: 1032 (0x408) + */ +bool InsertUnicornHook() +{ + // pattern: 2bce8bf8 + const BYTE bytes[] = { + 0x2b,0xce, // sub ecx,esi ; hook here + 0x8b,0xf8 // mov edi,eax + }; + //enum { addr_offset = 0 }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + ConsoleOutput("Unicorn: pattern not exist"); + return false; + } + + HookParam hp; + hp.type = NO_CONTEXT | DATA_INDIRECT; + hp.offset=get_reg(regs::edi); + hp.address = addr; + + //index = SearchPattern(processStartAddress, size,ins, sizeof(ins)); + //GROWL_DWORD2(base, index); + + ConsoleOutput("INSERT Unicorn"); + return NewHook(hp, "Unicorn"); +} +namespace { // unnamed +// A simple but very inefficient implementation for LRU cache. +class TextHashCache +{ + int capacity_; + std::list hashes_; +public: + explicit TextHashCache(int capacity) : capacity_(capacity) {} + + bool contains(uint64_t h) const + { return std::find(hashes_.begin(), hashes_.end(), h) != hashes_.end(); } + + void add(uint64_t h) + { + if (hashes_.size() == capacity_) + hashes_.pop_back(); + hashes_.push_front(h); + } + +}; +enum : UINT64 { djb2_hash0 = 5381 }; + inline UINT64 djb2(const UINT8 *str, UINT64 hash = djb2_hash0) +{ + UINT8 c; + while ((c = *str++)) + hash = ((hash << 5) + hash) + c; // hash * 33 + c + return hash; +}inline UINT64 djb2_n2(const char* str, size_t len, UINT64 hash = djb2_hash0) +{ + while (len--) + hash = ((hash << 5) + hash) + (*str++); // hash * 33 + c + return hash; +} +inline UINT64 hashByteArraySTD(const std::string& b, UINT64 h = djb2_hash0) +{ + return djb2_n2(b.c_str(), b.size(), h); +} + inline UINT64 hashCharArray(const void *lp) +{ return djb2(reinterpret_cast(lp)); } +namespace ScenarioHook { + +TextHashCache textCache_(30); // capacity = 30 + +namespace Private { + + class TextStorage + { + LPSTR text_; + std::string oldData_, + newData_; + int lineCount_; + bool saved_; + public: + TextStorage() + : text_(nullptr), lineCount_(0), saved_(false) {} + + bool isEmpty() const + { return lineCount_ == 0; } + + void clear() + { + text_ = nullptr; + lineCount_ = 0; + saved_ = false; + oldData_.clear(); + newData_.clear(); + } + + std::string load(char *textAddress); + void save(); + bool restore(); // recover old text + } textStorage_; + + // Hook + + ULONG textOffset_; // = 0x114; + + std::string sourceData_; + LPSTR targetText_; + bool hookBefore(hook_stack*s,void* data, size_t* len1,uintptr_t*role) + { + // Sample game: 三極姫4 ~天華繚乱 天命の恋絵巻~ + // 004B76BB 51 PUSH ECX + // 004B76BC 8BCB MOV ECX,EBX + // 004B76BE 894424 14 MOV DWORD PTR SS:[ESP+0x14],EAX + // 004B76C2 E8 89A5FFFF CALL Sangokuh.004B1C50 ; jichi: name caller + // 004B76C7 E8 44A5FFFF CALL Sangokuh.004B1C10 + // 004B76CC 85C0 TEST EAX,EAX + // 004B76CE 0F8E F6000000 JLE Sangokuh.004B77CA + // 004B76D4 8BF8 MOV EDI,EAX + // 004B76D6 EB 08 JMP SHORT Sangokuh.004B76E0 + // 004B76D8 8DA424 00000000 LEA ESP,DWORD PTR SS:[ESP] + // 004B76DF 90 NOP + // 004B76E0 33C0 XOR EAX,EAX + // 004B76E2 B9 0F000000 MOV ECX,0xF + // 004B76E7 898C24 FC000000 MOV DWORD PTR SS:[ESP+0xFC],ECX + // 004B76EE 898424 F8000000 MOV DWORD PTR SS:[ESP+0xF8],EAX + // 004B76F5 888424 E8000000 MOV BYTE PTR SS:[ESP+0xE8],AL + // 004B76FC 898C24 18010000 MOV DWORD PTR SS:[ESP+0x118],ECX + // 004B7703 898424 14010000 MOV DWORD PTR SS:[ESP+0x114],EAX + // 004B770A 888424 04010000 MOV BYTE PTR SS:[ESP+0x104],AL + // 004B7711 8D9424 84040000 LEA EDX,DWORD PTR SS:[ESP+0x484] + // 004B7718 52 PUSH EDX + // 004B7719 8BCB MOV ECX,EBX + // 004B771B C68424 AC060000 01 MOV BYTE PTR SS:[ESP+0x6AC],0x1 + // 004B7723 E8 28A5FFFF CALL Sangokuh.004B1C50 ; jichi: scenario caller + // 004B7728 8D8424 84040000 LEA EAX,DWORD PTR SS:[ESP+0x484] + // 004B772F 50 PUSH EAX + // 004B7730 8D8C24 E8000000 LEA ECX,DWORD PTR SS:[ESP+0xE8] + // + // Sample game: 天極姫 ~新世大乱・双界の覇者達~ + // Name caller: + // 0049A83B E8 D0AFFFFF CALL .00495810 + // 0049A840 894424 14 MOV DWORD PTR SS:[ESP+0x14],EAX + // 0049A844 8D8424 EC010000 LEA EAX,DWORD PTR SS:[ESP+0x1EC] + // 0049A84B 50 PUSH EAX + // 0049A84C E8 DFAFFFFF CALL .00495830 ; jichi: name caller + // 0049A851 E8 9AAFFFFF CALL .004957F0 + // 0049A856 BD 0F000000 MOV EBP,0xF + // 0049A85B 85C0 TEST EAX,EAX + // 0049A85D 0F8E E3000000 JLE .0049A946 + + auto retaddr = s->stack[0]; + * role = 0; + //if (retaddr == 0x4b7728) + if ((*(DWORD *)(retaddr - 5 - 8) & 0x00ffffff) == 0x2484c6) // 004B771B C68424 AC060000 01 MOV BYTE PTR SS:[ESP+0x6AC],0x1 + *role = Engine::ScenarioRole; + //else if (retaddr == 0x4b76c7) + else if ((*(DWORD *)(retaddr - 5 - 8) & 0x00ffffff) == 0x0024848d // 0049A844 8D8424 EC010000 LEA EAX,DWORD PTR SS:[ESP+0x1EC] + || (*(DWORD *)(retaddr - 5 - 4) & 0x00ffffff) == 0x00244489) // 004B76BE 894424 14 MOV DWORD PTR SS:[ESP+0x14],EAX + *role = Engine::NameRole; + //else + // return true; + if (*role != Engine::ScenarioRole && !textStorage_.isEmpty()) { + textStorage_.restore(); + textStorage_.clear(); + } + if (!*role) + return false; + + auto text = (LPSTR)*(DWORD *)(s->ecx + textOffset_); // [ecx+0x114] + if (!*text || all_ascii(text)) // allspaces is only needed when textstorage is enabled though + return false; + + if (!textStorage_.isEmpty()) { + textStorage_.restore(); + textStorage_.clear(); + } + + bool textStorageEnabled = *role == Engine::ScenarioRole && Engine::isAddressWritable(text); + std::string oldData; + if (textStorageEnabled) + oldData = textStorage_.load(text); + else + oldData = text; + + if (*role == Engine::NameRole) + strReplace(oldData, "\x81\x40", ""); + //oldData.replace("\x81\x40", ""); // remove spaces in the middle of names + + strcpy((CHAR*)data,oldData.c_str()); + *len1=oldData.size(); + return true; + + } + void hookafter2(hook_stack*s,void* data, size_t len){ + + auto newData =std::string((char*)data,len); + auto retaddr = s->stack[0]; + int role = 0; + //if (retaddr == 0x4b7728) + if ((*(DWORD *)(retaddr - 5 - 8) & 0x00ffffff) == 0x2484c6) // 004B771B C68424 AC060000 01 MOV BYTE PTR SS:[ESP+0x6AC],0x1 + role = Engine::ScenarioRole; + //else if (retaddr == 0x4b76c7) + else if ((*(DWORD *)(retaddr - 5 - 8) & 0x00ffffff) == 0x0024848d // 0049A844 8D8424 EC010000 LEA EAX,DWORD PTR SS:[ESP+0x1EC] + || (*(DWORD *)(retaddr - 5 - 4) & 0x00ffffff) == 0x00244489) // 004B76BE 894424 14 MOV DWORD PTR SS:[ESP+0x14],EAX + role = Engine::NameRole; + //else + // return true; + if (role != Engine::ScenarioRole && !textStorage_.isEmpty()) { + textStorage_.restore(); + textStorage_.clear(); + } + if (!role) + return ; + auto text = (LPSTR)*(DWORD *)(s->ecx + textOffset_); // [ecx+0x114] + if (!*text || all_ascii(text)) // allspaces is only needed when textstorage is enabled though + return ; + if (!textStorage_.isEmpty()) { + textStorage_.restore(); + textStorage_.clear(); + } + bool textStorageEnabled = role == Engine::ScenarioRole && Engine::isAddressWritable(text); + std::string oldData; + if (textStorageEnabled) + oldData = textStorage_.load(text); + else + oldData = text; + if (role == Engine::NameRole) + strReplace(oldData, "\x81\x40", ""); + //oldData.replace("\x81\x40", ""); // remove spaces in the middle of names + if (oldData == newData) { + if (textStorageEnabled) + textStorage_.clear(); + return ; + } + if (textStorageEnabled) + textStorage_.save(); + sourceData_ = newData; + targetText_ = (LPSTR)s->stack[1]; // arg1 + textCache_.add(hashByteArraySTD(newData)); + + } + bool hookAfter(hook_stack*s,void* data, size_t* len1,uintptr_t*role) + { + if (targetText_) { + ::strcpy(targetText_, sourceData_.c_str()); + targetText_ = nullptr; + } + return false; + } + +} // namespace Private + +/** + * Sample text + * + * Sample game: 三極姫4 ~天華繚乱 天命の恋絵巻~ + * + * 01FE881C 81 40 92 6A 81 40 00 01 81 75 82 BB 81 41 82 BB  男 .「そ、そ + * 01FE882C 82 F1 82 C8 81 63 81 63 82 BB 82 EA 82 AA 8D C5 んな……それが最 + * 01FE883C 8C E3 82 CC 90 48 97 BF 82 C8 82 CC 82 C9 81 63 後の食料なのに… + * 01FE884C 81 63 81 49 81 76 00 00 00 00 FF FF FF FF FF FF …!」.... + * 01FE885C FF FF 11 19 00 1B 00 0F 19 00 1D 00 03 00 00 00 ....... + * 01FE886C 03 00 00 00 00 01 97 AA 92 44 81 5C 81 5C 00 00 ....略奪――.. + * + * 01FE8758 01 00 00 00 01 00 00 00 93 90 81 40 91 AF 00 02 ......盗 賊. + * 01FE8768 81 75 82 C7 82 A4 82 B9 82 B1 82 EA 82 C1 82 DB 「どうせこれっぽ + * 01FE8778 82 C1 82 BF 82 CC 90 48 97 BF 82 AA 82 A0 82 C1 っちの食料があっ + * 01FE8788 82 BD 82 C6 82 B1 82 EB 82 C5 81 41 8B 51 82 A6 たところで、飢え + * 01FE8798 82 C4 8E 80 00 00 00 00 FF FF FF FF FF FF FF FF て死.... + * 01FE87A8 0A 82 CA 82 CC 82 CD 93 AF 82 B6 82 BE 82 EB 81 .ぬのは同じだろ・ + * 01FE87B8 49 81 40 82 D9 82 E7 91 53 95 94 82 E6 82 B1 82 I ほら全部よこ・ + * 01FE87C8 B9 82 C1 81 49 81 76 00 00 00 00 FF FF FF FF FF ケっ!」.... + * 01FE87D8 FF FF FF 11 19 00 16 00 19 19 00 18 00 32 00 00 ....2.. + * 01FE87E8 00 44 61 74 61 5C 76 6F 69 63 65 5C 65 74 63 5C .Data\voice\etc\ + * 01FE87F8 65 74 63 4A 5F 70 63 41 5F 30 30 30 31 2E 76 6F etcJ_pcA_0001.vo + * 01FE8808 69 00 00 00 00 00 00 0F 19 00 19 00 02 00 00 00 i........... + * + * Sample game: 戦極姫6 + * + * 023AF0E8 82 BB 82 CC 90 BA 82 F0 95 B7 82 AB 81 41 90 B0 その声を聞き、晴 + * 023AF0F8 90 4D 82 CD 82 B7 82 C1 82 C6 95 5C 8F EE 82 F0 信はすっと表情を + * 023AF108 88 F8 82 AB 92 F7 82 DF 82 BD 81 42 00 00 00 00 引き締めた。.... + * 023AF118 BE BE BE FF FF FF FF FF 11 0E 00 1E 00 0F 0E 00 セセセ... + * 023AF128 20 00 03 00 00 00 03 00 00 00 95 90 93 63 90 4D .......武田信 + * 023AF138 94 C9 00 01 81 75 90 4D 8C D5 97 6C 82 CD 81 41 繁.「信虎様は、 + * 023AF148 97 5C 92 E8 82 C7 82 A8 82 E8 82 BE 82 BB 82 A4 予定どおりだそう + * 023AF158 82 BE 81 76 00 00 00 00 BE BE BE FF FF FF FF FF だ」....セセセ + * 023AF168 11 0E 00 22 00 0F 0E 00 24 00 04 00 00 00 04 00 ."..$..... + * 023AF178 00 00 00 02 95 94 89 AE 82 C9 82 CD 82 A2 82 C1 ...部屋にはいっ + * 023AF188 82 C4 82 AB 82 BD 90 4D 94 C9 82 CD 81 41 90 B0 てきた信繁は、晴 + * 023AF198 90 4D 82 CC 91 4F 82 D6 82 C6 8D 98 82 F0 82 A8 信の前へと腰をお + * 023AF1A8 82 EB 82 B5 8C FC 82 A9 00 00 00 00 BE BE BE FF ろし向か....セセセ + * 023AF1B8 FF FF FF FF 0A 82 A2 82 A0 82 A4 81 42 00 00 00 .いあう。... + * 023AF1C8 00 BE BE BE FF FF FF FF FF 11 0E 00 27 00 01 0E .セセセ.'. + * 023AF1D8 00 2A 00 84 D9 07 00 02 00 00 00 E8 18 00 00 01 .*.・....・.. + * 023AF1E8 60 00 00 00 E9 18 00 00 01 5B 00 00 00 19 0E 00 `...・..[.... + * 023AF1F8 2C 00 06 00 00 00 44 61 74 61 5C 76 6F 69 63 65 ,....Data\voice + * 023AF208 5C 73 69 6E 67 65 6E 5C 73 69 6E 67 65 6E 5F 30 \singen\singen_0 + * 023AF218 30 34 33 2E 76 6F 69 00 00 00 00 00 00 0F 0E 00 043.voi....... + * + * Sample game: 天極姫 ~新世大乱・双界の覇者達~ + * 0211F8AA 82 91 80 82 BD 82 BF 82 CD 82 B1 82 CC 90 A2 8A q€たちはこの世・ + * 0211F8BA 45 82 C9 93 CB 91 52 8C BB 82 EA 82 BD 81 42 82 Eに突然現れた。・ + * 0211F8CA BB 82 B5 82 C4 82 B1 82 B1 82 CC 96 AF 82 BD 82 サしてここの民た・ + * 0211F8DA BF 82 CD 00 00 00 00 BE BE BE FF FF FF FF FF 0A ソは....セセセ. + * 0211F8EA 91 82 91 80 82 BD 82 BF 82 F0 81 41 92 B7 82 AD 曹操たちを、長く + * 0211F8FA 91 B1 82 A2 82 BD 90 ED 97 90 82 F0 8F 49 82 ED 続いた戦乱を終わ + * 0211F90A 82 E7 82 B9 82 E9 89 70 97 59 82 C6 81 41 96 7B らせる英雄と、本 + * 0211F91A 8B 43 82 C5 00 00 00 00 BE BE BE FF FF FF FF FF 気で....セセセ + * 0211F92A 0A 90 4D 82 B6 82 C4 82 A2 82 E9 82 C6 82 A2 82 .信じているとい・ + * 0211F93A A4 82 B1 82 C6 82 BE 82 C1 82 BD 81 42 00 00 00 、ことだった。... + */ +// 三極姫4: 00 00 00 00 ff ff ff ff ff ff ff ff 0a +// 戦極姫6: 00 00 00 00 be be be ff ff ff ff ff 0a +//enum { TextSeparatorSize = 12 }; +static inline bool isTextSeparator(LPCSTR text) +{ + //return 0 == ::memcmp(p, "\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\x0a", 13); + return 0 == ::memcmp(text, "\x00\x00\x00\x00", 4) + && 0 == ::memcmp(text + 8, "\xff\xff\xff\xff\x0a", 5); +} +std::string Private::TextStorage::load(char *text) +{ + text_ = text; + std::string data = text; + lineCount_ = 1; + LPCSTR p = text + ::strlen(text); + for (; isTextSeparator(p); p += ::strlen(p)) { + lineCount_++; + p += 12; + data.append(p); + } + oldData_ = std::string(text, p - text); + return data; +} + +void Private::TextStorage::save() +{ + if (lineCount_ <= 1) + return; + LPSTR p = text_ + ::strlen(text_); + while (isTextSeparator(p)) { + p += 12 + 1; // +1 for the extra 0xa + if (size_t size = ::strlen(p)) { + ::memset(p, ' ', size); + p += size; + } + } + newData_ = std::string(text_, p - text_); +} + +bool Private::TextStorage::restore() +{ + if (!saved_ + || !Engine::isAddressWritable(text_, oldData_.size()) + || ::memcmp(text_, newData_.c_str(), newData_.size())) + return false; + if (::memcmp(text_, oldData_.c_str(), oldData_.size())) + ::memcpy(text_, oldData_.c_str(), oldData_.size()); + saved_ = false; + return true; +} + +/** + * Sample game: 三極姫4 ~天華繚乱 天命の恋絵巻~ + * + * Function found by hardware breakpoint scenario text. + * + * The memory copy function: + * 004B1C4D CC INT3 + * 004B1C4E CC INT3 + * 004B1C4F CC INT3 + * 004B1C50 8B81 14010000 MOV EAX,DWORD PTR DS:[ECX+0x114] ; jichi: source text in eax, beforeAddress + * 004B1C56 8B5424 04 MOV EDX,DWORD PTR SS:[ESP+0x4] ; jichi: target address in edx + * 004B1C5A 56 PUSH ESI + * 004B1C5B 33F6 XOR ESI,ESI + * 004B1C5D 8038 00 CMP BYTE PTR DS:[EAX],0x0 + * 004B1C60 74 1D JE SHORT Sangokuh.004B1C7F + * 004B1C62 8B81 14010000 MOV EAX,DWORD PTR DS:[ECX+0x114] + * 004B1C68 8A00 MOV AL,BYTE PTR DS:[EAX] + * 004B1C6A 8802 MOV BYTE PTR DS:[EDX],AL + * 004B1C6C FF81 14010000 INC DWORD PTR DS:[ECX+0x114] + * 004B1C72 8B81 14010000 MOV EAX,DWORD PTR DS:[ECX+0x114] + * 004B1C78 42 INC EDX + * 004B1C79 46 INC ESI + * 004B1C7A 8038 00 CMP BYTE PTR DS:[EAX],0x0 + * 004B1C7D ^75 E3 JNZ SHORT Sangokuh.004B1C62 + * 004B1C7F 8B81 14010000 MOV EAX,DWORD PTR DS:[ECX+0x114] + * 004B1C85 8A00 MOV AL,BYTE PTR DS:[EAX] + * 004B1C87 8802 MOV BYTE PTR DS:[EDX],AL + * 004B1C89 FF81 14010000 INC DWORD PTR DS:[ECX+0x114] + * 004B1C8F 8BC6 MOV EAX,ESI ; jichi: copied count + * 004B1C91 5E POP ESI + * 004B1C92 C2 0400 RETN 0x4 ; jichi: afterAddress + * 004B1C95 CC INT3 + * 004B1C96 CC INT3 + * 004B1C97 CC INT3 + * + * The very large caller function: + * + * 004B76AB 894424 1C MOV DWORD PTR SS:[ESP+0x1C],EAX + * 004B76AF E8 7CA5FFFF CALL Sangokuh.004B1C30 + * 004B76B4 8D8C24 7C030000 LEA ECX,DWORD PTR SS:[ESP+0x37C] + * 004B76BB 51 PUSH ECX + * 004B76BC 8BCB MOV ECX,EBX + * 004B76BE 894424 14 MOV DWORD PTR SS:[ESP+0x14],EAX + * 004B76C2 E8 89A5FFFF CALL Sangokuh.004B1C50 ; jichi: name caller + * 004B76C7 E8 44A5FFFF CALL Sangokuh.004B1C10 + * 004B76CC 85C0 TEST EAX,EAX + * 004B76CE 0F8E F6000000 JLE Sangokuh.004B77CA + * 004B76D4 8BF8 MOV EDI,EAX + * 004B76D6 EB 08 JMP SHORT Sangokuh.004B76E0 + * 004B76D8 8DA424 00000000 LEA ESP,DWORD PTR SS:[ESP] + * 004B76DF 90 NOP + * 004B76E0 33C0 XOR EAX,EAX + * 004B76E2 B9 0F000000 MOV ECX,0xF + * 004B76E7 898C24 FC000000 MOV DWORD PTR SS:[ESP+0xFC],ECX + * 004B76EE 898424 F8000000 MOV DWORD PTR SS:[ESP+0xF8],EAX + * 004B76F5 888424 E8000000 MOV BYTE PTR SS:[ESP+0xE8],AL + * 004B76FC 898C24 18010000 MOV DWORD PTR SS:[ESP+0x118],ECX + * 004B7703 898424 14010000 MOV DWORD PTR SS:[ESP+0x114],EAX + * 004B770A 888424 04010000 MOV BYTE PTR SS:[ESP+0x104],AL + * 004B7711 8D9424 84040000 LEA EDX,DWORD PTR SS:[ESP+0x484] + * 004B7718 52 PUSH EDX + * 004B7719 8BCB MOV ECX,EBX + * 004B771B C68424 AC060000 01 MOV BYTE PTR SS:[ESP+0x6AC],0x1 + * 004B7723 E8 28A5FFFF CALL Sangokuh.004B1C50 ; jichi: scenario caller + * 004B7728 8D8424 84040000 LEA EAX,DWORD PTR SS:[ESP+0x484] + * 004B772F 50 PUSH EAX + * 004B7730 8D8C24 E8000000 LEA ECX,DWORD PTR SS:[ESP+0xE8] + * + * Sample game: 戦極姫6 + * 004A6C88 CC INT3 + * 004A6C89 CC INT3 + * 004A6C8A CC INT3 + * 004A6C8B CC INT3 + * 004A6C8C CC INT3 + * 004A6C8D CC INT3 + * 004A6C8E CC INT3 + * 004A6C8F CC INT3 + * 004A6C90 8B81 14010000 MOV EAX,DWORD PTR DS:[ECX+0x114] + * 004A6C96 8B5424 04 MOV EDX,DWORD PTR SS:[ESP+0x4] + * 004A6C9A 56 PUSH ESI + * 004A6C9B 33F6 XOR ESI,ESI + * 004A6C9D 8038 00 CMP BYTE PTR DS:[EAX],0x0 + * 004A6CA0 74 1D JE SHORT .004A6CBF + * 004A6CA2 8B81 14010000 MOV EAX,DWORD PTR DS:[ECX+0x114] + * 004A6CA8 8A00 MOV AL,BYTE PTR DS:[EAX] + * 004A6CAA 8802 MOV BYTE PTR DS:[EDX],AL + * 004A6CAC FF81 14010000 INC DWORD PTR DS:[ECX+0x114] + * 004A6CB2 8B81 14010000 MOV EAX,DWORD PTR DS:[ECX+0x114] + * 004A6CB8 42 INC EDX + * 004A6CB9 46 INC ESI + * 004A6CBA 8038 00 CMP BYTE PTR DS:[EAX],0x0 + * 004A6CBD ^75 E3 JNZ SHORT .004A6CA2 + * 004A6CBF 8B81 14010000 MOV EAX,DWORD PTR DS:[ECX+0x114] + * 004A6CC5 8A00 MOV AL,BYTE PTR DS:[EAX] + * 004A6CC7 8802 MOV BYTE PTR DS:[EDX],AL + * 004A6CC9 FF81 14010000 INC DWORD PTR DS:[ECX+0x114] + * 004A6CCF 8BC6 MOV EAX,ESI + * 004A6CD1 5E POP ESI + * 004A6CD2 C2 0400 RETN 0x4 + * 004A6CD5 CC INT3 + * 004A6CD6 CC INT3 + * 004A6CD7 CC INT3 + * 004A6CD8 CC INT3 + * 004A6CD9 CC INT3 + */ +bool attach(ULONG startAddress, ULONG stopAddress) +{ + ULONG beforeAddress; + { + const uint8_t bytes[] = { + 0x8b,0x81, XX4, // 004b1c50 8b81 14010000 mov eax,dword ptr ds:[ecx+0x114] ; jichi: source text in eax + 0x8b,0x54,0x24, 0x04, // 004b1c56 8b5424 04 mov edx,dword ptr ss:[esp+0x4] ; jichi: target address in edx + 0x56, // 004b1c5a 56 push esi + 0x33,0xf6, // 004b1c5b 33f6 xor esi,esi + 0x80,0x38, 0x00 // 004b1c5d 8038 00 cmp byte ptr ds:[eax],0x0 + }; + beforeAddress = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if (!beforeAddress) + return false; + } + + ULONG afterAddress; + { + // 004B1C92 C2 0400 RETN 0x4 ; jichi: afterAddress + // 004B1C95 CC INT3 + DWORD bytes = 0xcc0004c2; + afterAddress = MemDbg::findBytes(&bytes, sizeof(bytes), beforeAddress, stopAddress); + if (!afterAddress || afterAddress - beforeAddress > 0x200) // should within 0x42 + return false; + } + + // 004b1c50 8b81 14010000 mov eax,dword ptr ds:[ecx+0x114] ; jichi: source text in eax + Private::textOffset_ = *(DWORD *)(beforeAddress + 2); // 0x114 + HookParam hp; + hp.address=beforeAddress; + hp.hook_before=Private::hookBefore; + hp.hook_after=Private::hookafter2; + hp.offset=get_stack(1); + hp.newlineseperator=L"\\n"; + hp.type=EMBED_ABLE|EMBED_DYNA_SJIS; + hp.hook_font=F_GetGlyphOutlineA; + auto suc=NewHook(hp,"EMbedUnicorn"); + hp.address=afterAddress; + hp.type=HOOK_EMPTY|EMBED_ABLE; + hp.hook_before=Private::hookAfter; + suc|=NewHook(hp,"EMbedUnicorn"); + return suc; +} + +} // namespace ScenarioHook + +namespace OtherHook { +namespace Private { + + //bool isSkippedText(LPCSTR text) + //{ + // return 0 == ::strcmp(text, "\x82\x6c\x82\x72\x20\x83\x53\x83\x56\x83\x62\x83\x4e"); // "MS ゴシック" + //} + + /** + * Sample game: 戦極姫6 + * + */ + bool hookBefore(hook_stack*s,void* data, size_t* len,uintptr_t*role) + { + static std::string data_; + auto retaddr = s->stack[0]; + // 0052FDCE 83C4 0C ADD ESP,0xC + // 0052FDD1 ^EB C1 JMP SHORT .0052FD94 + //if (*(DWORD *)retaddr != 0xeb0cc483) + // return true; + //retaddr = s->stack[7]; // parent caller + + // Scenario/name/other threads to skip: + // - 0x404062 // there are so many other texts in this thread + // + // Other thread to keep: + // - 0x4769f8: message + // - 0x4135ba: in-game text that split into lines + // + // 004769E9 2BC7 SUB EAX,EDI + // 004769EB 50 PUSH EAX + // 004769EC 51 PUSH ECX + // 004769ED 8D8E C4080000 LEA ECX,DWORD PTR DS:[ESI+0x8C4] + // 004769F3 E8 B8D1F8FF CALL .00403BB0 ; jichi; message + // 004769F8 D9EE FLDZ + // 004769FA 8B6C24 18 MOV EBP,DWORD PTR SS:[ESP+0x18] + // 004769FE D996 04090000 FST DWORD PTR DS:[ESI+0x904] + // + // 004135B1 52 PUSH EDX + // 004135B2 8D4E 3C LEA ECX,DWORD PTR DS:[ESI+0x3C] + // 004135B5 E8 F605FFFF CALL .00403BB0 ; jichi: in-game caller + // 004135BA EB 08 JMP SHORT .004135C4 + // 004135BC 8D4E 3C LEA ECX,DWORD PTR DS:[ESI+0x3C] + //if (retaddr != 0x4769f8 && retaddr != 0x4135ba) + // return true; + switch (*(WORD *)retaddr) { + case 0xeed9: // 004769F8 D9EE FLDZ + case 0x08eb: // 004135BA EB 08 JMP SHORT .004135C4 + break; + default: return false; + } + auto text = (LPCSTR)s->stack[1]; // arg1 + int size = s->stack[2]; // arg2 + if (!text + || size <= 2 // avoid painting individual character + || ::strlen(text) != size + || all_ascii(text) + || ScenarioHook::textCache_.contains(hashCharArray(text))) + //|| !q->isTextDecodable(text)) // avoid re-translation + //|| isascii(text[::strlen(text) - 2]) + //|| isSkippedText(text)) + return false; + enum { role = Engine::OtherRole }; + std::string oldData = text; + strcpy((char*)data,oldData.c_str()); + *len=oldData.size(); + return true; +/* //oldData.replace("\\n", "\n"); // Remove new line. FIXME: automatically adjust line width + std::string newData = EngineController::instance()->dispatchTextASTD(oldData, role, retaddr); + if (newData == oldData) + return true; + data_ = newData; + s->stack[1] = (ULONG)data_.c_str(); + s->stack[2] = data_.size(); + return true;*/ + } + + void hookafter(hook_stack*s,void* data, size_t len){ + + auto newData =std::string((char*)data,len); + static std::string data_; + data_ = newData; + s->stack[1] = (ULONG)data_.c_str(); + s->stack[2] = data_.size(); + + } +} // namespace Private + +/** + * Sample game: 戦極姫6 + * Function found by debugging caller of GetGlyphOutlineA. + * 0052F2DC CC INT3 + * 0052F2DD CC INT3 + * 0052F2DE CC INT3 + * 0052F2DF CC INT3 + * 0052F2E0 55 PUSH EBP + * 0052F2E1 8BEC MOV EBP,ESP + * 0052F2E3 57 PUSH EDI + * 0052F2E4 56 PUSH ESI + * 0052F2E5 8B75 0C MOV ESI,DWORD PTR SS:[EBP+0xC] ; jichi: arg2, source text + * 0052F2E8 8B4D 10 MOV ECX,DWORD PTR SS:[EBP+0x10] ; jichi: arg3, count? + * 0052F2EB 8B7D 08 MOV EDI,DWORD PTR SS:[EBP+0x8] ; jichi: arg1, target location + * 0052F2EE 8BC1 MOV EAX,ECX + * 0052F2F0 8BD1 MOV EDX,ECX + * 0052F2F2 03C6 ADD EAX,ESI + * 0052F2F4 3BFE CMP EDI,ESI + * 0052F2F6 76 08 JBE SHORT .0052F300 + * 0052F2F8 3BF8 CMP EDI,EAX + * 0052F2FA 0F82 A4010000 JB .0052F4A4 + * 0052F300 81F9 00010000 CMP ECX,0x100 ; jichi: 0x100 is the threshold + * 0052F306 72 1F JB SHORT .0052F327 + * 0052F308 833D 6472D800 00 CMP DWORD PTR DS:[0xD87264],0x0 + * 0052F30F 74 16 JE SHORT .0052F327 + * 0052F311 57 PUSH EDI + * 0052F312 56 PUSH ESI + * 0052F313 83E7 0F AND EDI,0xF + * 0052F316 83E6 0F AND ESI,0xF + * 0052F319 3BFE CMP EDI,ESI + * 0052F31B 5E POP ESI + * 0052F31C 5F POP EDI + * 0052F31D 75 08 JNZ SHORT .0052F327 + * 0052F31F 5E POP ESI + * 0052F320 5F POP EDI + * 0052F321 5D POP EBP + * 0052F322 E9 7C5F0000 JMP .005352A3 + * 0052F327 F7C7 03000000 TEST EDI,0x3 + * 0052F32D 75 15 JNZ SHORT .0052F344 + * 0052F32F C1E9 02 SHR ECX,0x2 + * 0052F332 83E2 03 AND EDX,0x3 + * 0052F335 83F9 08 CMP ECX,0x8 + * 0052F338 72 2A JB SHORT .0052F364 + * 0052F33A F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS> + * 0052F33C FF2495 54F45200 JMP DWORD PTR DS:[EDX*4+0x52F454] + * 0052F343 90 NOP + * + * Here's its parent parent caller: + * - arg1: jichi: source text + * - arg2: jichi: source size + * + * 00403BAB CC INT3 + * 00403BAC CC INT3 + * 00403BAD CC INT3 + * 00403BAE CC INT3 + * 00403BAF CC INT3 + * 00403BB0 55 PUSH EBP + * 00403BB1 8B6C24 08 MOV EBP,DWORD PTR SS:[ESP+0x8] + * 00403BB5 56 PUSH ESI + * 00403BB6 57 PUSH EDI + * 00403BB7 8BF1 MOV ESI,ECX + * 00403BB9 85ED TEST EBP,EBP + * 00403BBB 74 46 JE SHORT .00403C03 + * 00403BBD 8B56 18 MOV EDX,DWORD PTR DS:[ESI+0x18] + * 00403BC0 8D46 04 LEA EAX,DWORD PTR DS:[ESI+0x4] + * 00403BC3 83FA 10 CMP EDX,0x10 + * 00403BC6 72 04 JB SHORT .00403BCC + * 00403BC8 8B08 MOV ECX,DWORD PTR DS:[EAX] + * 00403BCA EB 02 JMP SHORT .00403BCE + * 00403BCC 8BC8 MOV ECX,EAX + * 00403BCE 3BE9 CMP EBP,ECX + * 00403BD0 72 31 JB SHORT .00403C03 + * 00403BD2 83FA 10 CMP EDX,0x10 + * 00403BD5 72 04 JB SHORT .00403BDB + * 00403BD7 8B08 MOV ECX,DWORD PTR DS:[EAX] + * 00403BD9 EB 02 JMP SHORT .00403BDD + * 00403BDB 8BC8 MOV ECX,EAX + * 00403BDD 8B7E 14 MOV EDI,DWORD PTR DS:[ESI+0x14] + * 00403BE0 03F9 ADD EDI,ECX + * 00403BE2 3BFD CMP EDI,EBP + * 00403BE4 76 1D JBE SHORT .00403C03 + * 00403BE6 83FA 10 CMP EDX,0x10 + * 00403BE9 72 02 JB SHORT .00403BED + * 00403BEB 8B00 MOV EAX,DWORD PTR DS:[EAX] + * 00403BED 8B4C24 14 MOV ECX,DWORD PTR SS:[ESP+0x14] + * 00403BF1 51 PUSH ECX + * 00403BF2 2BE8 SUB EBP,EAX + * 00403BF4 55 PUSH EBP + * 00403BF5 56 PUSH ESI + * 00403BF6 8BCE MOV ECX,ESI + * 00403BF8 E8 D3FEFFFF CALL .00403AD0 + * 00403BFD 5F POP EDI + * 00403BFE 5E POP ESI + * 00403BFF 5D POP EBP + * 00403C00 C2 0800 RETN 0x8 + * 00403C03 8B7C24 14 MOV EDI,DWORD PTR SS:[ESP+0x14] + * 00403C07 83FF FE CMP EDI,-0x2 + * 00403C0A 76 05 JBE SHORT .00403C11 + * 00403C0C E8 B94F1500 CALL .00558BCA + * 00403C11 8B46 18 MOV EAX,DWORD PTR DS:[ESI+0x18] + * 00403C14 3BC7 CMP EAX,EDI + * 00403C16 73 20 JNB SHORT .00403C38 + * 00403C18 8B56 14 MOV EDX,DWORD PTR DS:[ESI+0x14] + * 00403C1B 52 PUSH EDX + * 00403C1C 57 PUSH EDI + * 00403C1D 8BCE MOV ECX,ESI + * 00403C1F E8 5CFDFFFF CALL .00403980 + * 00403C24 85FF TEST EDI,EDI + * 00403C26 76 56 JBE SHORT .00403C7E + * 00403C28 8B4E 18 MOV ECX,DWORD PTR DS:[ESI+0x18] + * 00403C2B 53 PUSH EBX + * 00403C2C 8D5E 04 LEA EBX,DWORD PTR DS:[ESI+0x4] + * 00403C2F 83F9 10 CMP ECX,0x10 + * 00403C32 72 2C JB SHORT .00403C60 + * 00403C34 8B03 MOV EAX,DWORD PTR DS:[EBX] + * 00403C36 EB 2A JMP SHORT .00403C62 + * 00403C38 85FF TEST EDI,EDI + * 00403C3A ^75 EA JNZ SHORT .00403C26 + * 00403C3C 897E 14 MOV DWORD PTR DS:[ESI+0x14],EDI + * 00403C3F 83F8 10 CMP EAX,0x10 + * 00403C42 72 0E JB SHORT .00403C52 + * 00403C44 8B46 04 MOV EAX,DWORD PTR DS:[ESI+0x4] + * 00403C47 5F POP EDI + * 00403C48 C600 00 MOV BYTE PTR DS:[EAX],0x0 + * 00403C4B 8BC6 MOV EAX,ESI + * 00403C4D 5E POP ESI + * 00403C4E 5D POP EBP + * 00403C4F C2 0800 RETN 0x8 + * 00403C52 8D46 04 LEA EAX,DWORD PTR DS:[ESI+0x4] + * 00403C55 5F POP EDI + * 00403C56 C600 00 MOV BYTE PTR DS:[EAX],0x0 + * 00403C59 8BC6 MOV EAX,ESI + * 00403C5B 5E POP ESI + * 00403C5C 5D POP EBP + * 00403C5D C2 0800 RETN 0x8 + * 00403C60 8BC3 MOV EAX,EBX + * 00403C62 57 PUSH EDI + * 00403C63 55 PUSH EBP + * 00403C64 51 PUSH ECX + * 00403C65 50 PUSH EAX + * 00403C66 E8 19C11200 CALL .0052FD84 ; jichi: actual paint function + * 00403C6B 83C4 10 ADD ESP,0x10 + * 00403C6E 837E 18 10 CMP DWORD PTR DS:[ESI+0x18],0x10 + * 00403C72 897E 14 MOV DWORD PTR DS:[ESI+0x14],EDI + * 00403C75 72 02 JB SHORT .00403C79 + * 00403C77 8B1B MOV EBX,DWORD PTR DS:[EBX] + * 00403C79 C6043B 00 MOV BYTE PTR DS:[EBX+EDI],0x0 + * 00403C7D 5B POP EBX + * 00403C7E 5F POP EDI + * 00403C7F 8BC6 MOV EAX,ESI + * 00403C81 5E POP ESI + * 00403C82 5D POP EBP + * 00403C83 C2 0800 RETN 0x8 + * 00403C86 CC INT3 + * 00403C87 CC INT3 + * 00403C88 CC INT3 + * 00403C89 CC INT3 + * 00403C8A CC INT3 + * 00403C8B CC INT3 + * + * 08BCF938 00403C6B RETURN to .00403C6B from .0052FD84 + * 08BCF93C 088DC7F0 ; jichi: target location + * 08BCF940 0000001F ; jichi: target capacity + * 08BCF944 08BCFC68 ; jichi: source size + * 08BCF948 00000010 ; jichi: source size + * 08BCF94C 00000001 + * 08BCF950 08BCFC69 + * 08BCF954 08BCFC68 + * 08BCF958 0000000F + * 08BCF95C 00404870 RETURN to .00404870 from .00403BB0 + * 08BCF960 08BCFC68 ; jichi: source text + * 08BCF964 00000010 ; jichi: source size + * 08BCF968 0000000F ; jichi: extra capacity + * 08BCF96C 008B68F8 .008B68F8 + * 08BCF970 004AC441 RETURN to .004AC441 from .00404850 + * 08BCF974 08BCFC68 + * 08BCF978 2AE30C3B + * 08BCF97C 004A5710 .004A5710 + * 08BCF980 088D5448 + */ +bool attach(ULONG startAddress, ULONG stopAddress) +{ + const uint8_t bytes[] = { + 0x72, 0x0E, // 00403C42 72 0E JB SHORT .00403C52 + 0x8B,0x46, 0x04, // 00403C44 8B46 04 MOV EAX,DWORD PTR DS:[ESI+0x4] + 0x5F, // 00403C47 5F POP EDI + 0xC6,0x00, 0x00, // 00403C48 C600 00 MOV BYTE PTR DS:[EAX],0x0 + 0x8B,0xC6, // 00403C4B 8BC6 MOV EAX,ESI + 0x5E, // 00403C4D 5E POP ESI + 0x5D, // 00403C4E 5D POP EBP + 0xC2, 0x08,0x00 // 00403C4F C2 0800 RETN 0x8 + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if (!addr) + return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) + return false; + //addr = 0x00403BB0; + HookParam hp; + hp.address=addr; + hp.hook_before=Private::hookBefore; + hp.hook_after=Private::hookafter; + hp.type=EMBED_ABLE|EMBED_DYNA_SJIS; + hp.newlineseperator=L"\\n"; + hp.hook_font=F_GetGlyphOutlineA; + return NewHook(hp,"EMbedUnicornOther"); +} + +} // namespace OtherHook +} // unnamed namespace +bool Unicorn::attach_function() { + auto embed=ScenarioHook::attach(processStartAddress,processStopAddress); + if(embed){ + OtherHook::attach(processStartAddress,processStopAddress); + } + return InsertUnicornHook()||embed; +} + + +bool Unicorn_Anesen::attach_function(){ + //[060908][あねせん] あまからツインズ~双姉といっしょ~ + //[071012][あねせん] おしえて巫女先生弐 + //[071214][あねせん] おしえて巫女先生弐 外伝~ハーレム編~ + const BYTE bytes[] = { + 0x83 ,0xFF ,0x20, + XX2, + 0x0F ,0x84,XX4, + 0x81 ,0xFF ,0x40 ,0x81 ,0x00 ,0x00, + 0x0F ,0x84 + }; + auto addr=MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if(addr==0)return false; + addr=MemDbg::findEnclosingAlignedFunction(addr); + if(addr==0)return false; + + HookParam hp; + hp.type = USING_STRING; + hp.offset =get_stack(4); + hp.address = addr; + + return NewHook(hp, "Unicorn_Anesen"); +} \ No newline at end of file diff --git a/LunaHook/engine32/Unicorn.h b/LunaHook/engine32/Unicorn.h new file mode 100644 index 0000000..f967df5 --- /dev/null +++ b/LunaHook/engine32/Unicorn.h @@ -0,0 +1,22 @@ +#include"engine.h" + +class Unicorn:public ENGINE{ + public: + Unicorn(){ + + check_by=CHECK_BY::FILE_ANY; + check_by_target=check_by_list{L"*.szs",L"Data\\*.szs"}; + }; + bool attach_function(); +}; + + +class Unicorn_Anesen:public ENGINE{ + public: + Unicorn_Anesen(){ + + check_by=CHECK_BY::FILE_ALL; + check_by_target=check_by_list{L"BGM",L"DATA",L"MGD",L"MSD",L"SE",L"VOICE"}; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/UnisonShift.cpp b/LunaHook/engine32/UnisonShift.cpp new file mode 100644 index 0000000..9c379f5 --- /dev/null +++ b/LunaHook/engine32/UnisonShift.cpp @@ -0,0 +1,22 @@ +#include"UnisonShift.h" + +bool InsertUnisonShiftHook() { + BYTE bytes[] = { + 0x83,0xec,0x14, + 0x8b,0x44,0x24,0x10, + 0x53, + 0x55, + 0x8b,0x6c,0x24,0x20 + + }; + auto addr1 = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (addr1 == 0) return false; + ConsoleOutput("UnisonShift %p", addr1); + HookParam hp; + hp.address = addr1; + hp.offset=get_stack(3); + return NewHook(hp, "UnisonShift"); +} +bool UnisonShift::attach_function() { + return InsertUnisonShiftHook(); +} \ No newline at end of file diff --git a/LunaHook/engine32/UnisonShift.h b/LunaHook/engine32/UnisonShift.h new file mode 100644 index 0000000..51a4958 --- /dev/null +++ b/LunaHook/engine32/UnisonShift.h @@ -0,0 +1,12 @@ +#include"engine.h" + +class UnisonShift:public ENGINE{ + public: + UnisonShift(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"*.dat"; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/UnisonShift2.cpp b/LunaHook/engine32/UnisonShift2.cpp new file mode 100644 index 0000000..28afeba --- /dev/null +++ b/LunaHook/engine32/UnisonShift2.cpp @@ -0,0 +1,57 @@ +#include"UnisonShift2.h" + +bool InsertUnisonShift2Hook() { + BYTE bytes[] = { + //80 FB A0 cmp bl, 0A0h + 0x80,0xfb,0xa0 + }; + auto addr1 = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (addr1 == 0)return false; + ConsoleOutput("UnisonShift2 %p", addr1); + BYTE start[] = { 0x83 ,0xEC ,0x08 }; + addr1 = reverseFindBytes(start, sizeof(start), addr1 - 0x100, addr1); + if (addr1 == 0)return false; + HookParam hp; + hp.address = addr1; + hp.offset=get_reg(regs::eax); + hp.type = DATA_INDIRECT; + hp.index = 0; + return NewHook(hp, "UnisonShift2"); +} +bool InsertUnisonShift3Hook() { + + BYTE bytes2[] = { + 0x80,0xF9,XX + }; + auto addrs=Util::SearchMemory(bytes2,sizeof(bytes2),PAGE_EXECUTE, processStartAddress, processStopAddress); + BYTE moveaxoffset[] = { 0xb8 ,XX,XX,XX, 0x00 }; + auto succ=false; + for (auto addr : addrs) { + ConsoleOutput("UnisonShift3 %p", addr); + addr = (DWORD)((BYTE*)addr -5); + int x = -1; + for (int i = 0; i < 0x20; i++) { + if (*((BYTE*)addr-i) == 0xb8 && *((BYTE*)(addr)+4-i) == 0) { + x = i; break; + } + } + if (x == -1)continue; + ConsoleOutput("UnisonShift3 found %p", addr-x); + addr = (DWORD)((BYTE*)addr + 1-x); + auto raddr = *(int*)addr; + ConsoleOutput("UnisonShift3 raddr %p", raddr); + HookParam hp; + hp.address = raddr; + hp.type = DIRECT_READ; + succ|=NewHook(hp, "UnisonShift3"); + } + + + return succ; +} + +bool UnisonShift2::attach_function() { + bool b1=InsertUnisonShift2Hook(); + bool b2=InsertUnisonShift3Hook(); + return b1||b2; +} \ No newline at end of file diff --git a/LunaHook/engine32/UnisonShift2.h b/LunaHook/engine32/UnisonShift2.h new file mode 100644 index 0000000..14f8ec7 --- /dev/null +++ b/LunaHook/engine32/UnisonShift2.h @@ -0,0 +1,11 @@ +#include"engine.h" + +class UnisonShift2:public ENGINE{ + public: + UnisonShift2(){ + + check_by=CHECK_BY::FILE_ALL; + check_by_target=check_by_list{L"PIC.*",L"TP.*",L"GR.*",L"BGM.*"}; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Unknown.cpp b/LunaHook/engine32/Unknown.cpp new file mode 100644 index 0000000..0ec53df --- /dev/null +++ b/LunaHook/engine32/Unknown.cpp @@ -0,0 +1,30 @@ +#include"Unknown.h" +bool Unknown::attach_function() { + //ABANDONER - THE SEVERED DREAMS + //https://vndb.org/v1182 + const BYTE bytes[] = { + 0x8B,0x44,0x24,0x04, + 0x85,0xC0, + 0x75,0x03, + 0xC2,0x08,0x00, + 0x33,0xD2, + 0x8A,0x50,0x01, + 0x8A,0x30, + 0x8B,0xC2, + 0x50, + 0xE8,XX4, + 0xC2,0x08,0x00 + } ; + auto addrs = Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE, processStartAddress, processStopAddress); + auto succ=false; + for (auto addr : addrs) { + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.index=0; + hp.type = DATA_INDIRECT; + succ|=NewHook(hp, "Unknown"); + } + return succ; +} + \ No newline at end of file diff --git a/LunaHook/engine32/Unknown.h b/LunaHook/engine32/Unknown.h new file mode 100644 index 0000000..1a03cd9 --- /dev/null +++ b/LunaHook/engine32/Unknown.h @@ -0,0 +1,12 @@ +#include"engine.h" + +class Unknown:public ENGINE{ + public: + Unknown(){ + + check_by=CHECK_BY::FILE; + is_engine_certain=false; + check_by_target=L"*.aqa"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/V8.cpp b/LunaHook/engine32/V8.cpp new file mode 100644 index 0000000..2411358 --- /dev/null +++ b/LunaHook/engine32/V8.cpp @@ -0,0 +1,112 @@ +#include"V8.h" + +/** +* Artikash 7/15/2018: Insert Tyranobuilder hook +* Sample game: https://vndb.org/v22252: /HWN-8:-1C@233A54:yuika_t.exe +* Artikash 9/11/2018: This is more than just Tyranobuilder. It's actually a hook for the V8 JavaScript runtime +* Sample game: https://www.freem.ne.jp/win/game/9672: /HQ8@2317A0:Prison.exe This new hook seems more reliable +* Nevermind both of those, just hook v8::String::Write https://v8docs.nodesource.com/node-0.8/d2/db3/classv8_1_1_string.html +* v8::String::Write - 55 - push ebp +* v8::String::Write+1- 8B EC - mov ebp,esp +* v8::String::Write+3- 8B 45 14 - mov eax,[ebp+14] +* v8::String::Write+6- 8B 55 10 - mov edx,[ebp+10] +* v8::String::Write+9- 50 - push eax +* v8::String::Write+A- 8B 45 0C - mov eax,[ebp+0C] +* v8::String::Write+D- 52 - push edx +* v8::String::Write+E- 8B 55 08 - mov edx,[ebp+08] +* v8::String::Write+11- 50 - push eax +* v8::String::Write+12- 52 - push edx +* v8::String::Write+13- 51 - push ecx +* v8::String::Write+14- E8 B7C7FFFF - call 6EF630 ; actual writing happens in this function, hooking after is possible +* v8::String::Write+19- 83 C4 14 - add esp,14 { 20 } +* v8::String::Write+1C- 5D - pop ebp +* v8::String::Write+1D- C2 1000 - ret 0010 { 16 } +*/ +void SpecialHookV8String(hook_stack*, HookParam *hp, uintptr_t* data, uintptr_t* split, size_t* len) +{ + DWORD ecx = *data; + DWORD strPtr = *(DWORD*)ecx; + *data = strPtr + 0xb; + *len = *(short*)(strPtr + 7); + //if (*len < 12) *split = 1; // To ensure this is caught by cyclic repetition detection, split if there's 6+ wide chars + //*split = *(DWORD*)((BYTE*)hp->split + dwDatabase); +} + +bool InsertV8Hook(HMODULE module) +{ + auto [minAddress, maxAddress] = Util::QueryModuleLimits(module); + for (const auto& pattern : Array{ { 0x55, 0x8b, 0xec }, { 0x55, 0x89, 0xe5 } }) + { + int matches = Util::SearchMemory(pattern, sizeof(pattern), PAGE_EXECUTE, minAddress, maxAddress).size(), requiredRecords = matches * 20; + if (matches > 10'000 && requiredRecords > spDefault.maxRecords) + { + memcpy(spDefault.pattern, pattern, spDefault.length = sizeof(pattern)); + spDefault.maxRecords = requiredRecords; + } + } + std::tie(spDefault.minAddress, spDefault.maxAddress) = std::tuple{ minAddress, maxAddress }; + ConsoleOutput("JavaScript hook is known to be low quality: try searching for hooks if you don't like it"); + HookParam hp; + hp.address = (DWORD)GetProcAddress(module, "?Write@String@v8@@QBEHPAGHHH@Z"); + hp.offset=get_reg(regs::ecx); + hp.type = CODEC_UTF16 | USING_STRING; + hp.text_fun = SpecialHookV8String; + auto succ=NewHook(hp, "JavaScript"); + const BYTE bytes[] = { + 0x83, 0xc4, XX, // add esp,XX + 0x5d, // pop ebp + 0xc2 // ret + }; + if (DWORD addr = MemDbg::findBytes(bytes, sizeof(bytes), hp.address, hp.address + 0x30)) + { + hp.address = addr; + hp.offset = 0x8 + *(BYTE*)(addr + 2); // second argument + amount that the stack pointer is offset from arguments + hp.type = CODEC_UTF16 | USING_STRING | NO_CONTEXT; + hp.length_offset = (0x10 + *(BYTE*)(addr + 2)) / 4; // fourth argument + amount that the stack pointer is offset from arguments + hp.text_fun = nullptr; + succ|=NewHook(hp, "JavaScript2"); + } + return succ; +} +bool hookv8addr(HMODULE module) { + auto [minAddress, maxAddress] = Util::QueryModuleLimits(module); + const BYTE bytes[] = { + 0x89,0xc1, + 0x0f,0xb7,0xd8, + 0x81,0xe1,0x00,0xfc,0x00,0x00, + 0x81,0xf9,0x00,0xd8,0x00,0x00 + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), minAddress, maxAddress); + if (!addr) { + return false; + } + HookParam hp; + hp.address = addr; + + hp.offset=get_reg(regs::eax); + + hp.type = CODEC_UTF16 | NO_CONTEXT; + + return NewHook(hp, "electronW"); +} + +bool hookv8exports(HMODULE module) { + + auto addr = GetProcAddress(module, "?Write@String@v8@@QBEHPAVIsolate@2@PAGHHH@Z"); + if (addr == 0)return false; + HookParam hp; + hp.address = (uint64_t)addr; + hp.type = USING_STRING | CODEC_UTF16 | DATA_INDIRECT; + hp.offset=get_reg(regs::ecx); + hp.padding = 11; + hp.index = 0; + return NewHook(hp, "Write@String@v8"); +} + +bool V8::attach_function() { + bool b1= InsertV8Hook(pmodule); + bool b2=hookv8addr(pmodule); + bool b3=hookv8exports(pmodule); + return b1||b2||b3; +} + diff --git a/LunaHook/engine32/V8.h b/LunaHook/engine32/V8.h new file mode 100644 index 0000000..dbb917b --- /dev/null +++ b/LunaHook/engine32/V8.h @@ -0,0 +1,31 @@ +#include"engine.h" + +class V8:public ENGINE{ + public: + V8(){ + + check_by=CHECK_BY::CUSTOM; + is_engine_certain=false; + + // Artikash 7/16/2018: Uses node/libuv: likely v8 - sample game https://vndb.org/v22975 + //if (GetProcAddress(GetModuleHandleW(nullptr), "uv_uptime") || GetModuleHandleW(L"node.dll")) + //{ + // InsertV8Hook(); + // return true; + //} + check_by_target=[this](){ + for (HMODULE module : { (HMODULE)processStartAddress, GetModuleHandleW(L"node.dll"), GetModuleHandleW(L"nw.dll") }) + if (GetProcAddress(module, "?Write@String@v8@@QBEHPAGHHH@Z")){ + pmodule=module; + return true; + } + + return false; + + }; + }; + bool attach_function(); + private: + HMODULE pmodule; +}; + diff --git a/LunaHook/engine32/VanillawareGC.cpp b/LunaHook/engine32/VanillawareGC.cpp new file mode 100644 index 0000000..ec10b81 --- /dev/null +++ b/LunaHook/engine32/VanillawareGC.cpp @@ -0,0 +1,193 @@ +#include"VanillawareGC.h" + + +/** jichi 7/20/2014 Vanillaware + * Tested game: 朧村正 + * + * Debugging method: grep the saving message + * + * 1609415e cc int3 + * 1609415f cc int3 + * 16094160 77 0f ja short 16094171 + * 16094162 c705 00fb6701 80>mov dword ptr ds:[0x167fb00],0x80216b80 + * 1609416c -e9 f9be06f1 jmp 0710006a + * 16094171 8b35 8cf86701 mov esi,dword ptr ds:[0x167f88c] + * 16094177 81c6 ffffffff add esi,-0x1 + * 1609417d 8bce mov ecx,esi + * 1609417f 81c1 01000000 add ecx,0x1 + * 16094185 f7c1 0000000c test ecx,0xc000000 + * 1609418b 74 0b je short 16094198 + * 1609418d 51 push ecx + * 1609418e e8 36bff9f2 call 090300c9 + * 16094193 83c4 04 add esp,0x4 + * 16094196 eb 11 jmp short 160941a9 + * 16094198 8bc1 mov eax,ecx + * 1609419a 81e0 ffffff3f and eax,0x3fffffff + * 160941a0 0fb680 00000810 movzx eax,byte ptr ds:[eax+0x10080000] ; jichi: hook here + * 160941a7 66:90 nop + * 160941a9 81c6 01000000 add esi,0x1 + * 160941af 8905 80f86701 mov dword ptr ds:[0x167f880],eax + * 160941b5 813d 80f86701 00>cmp dword ptr ds:[0x167f880],0x0 + * 160941bf c705 8cf86701 00>mov dword ptr ds:[0x167f88c],0x0 + * 160941c9 8935 90f86701 mov dword ptr ds:[0x167f890],esi + * 160941cf 7c 14 jl short 160941e5 + * 160941d1 7f 09 jg short 160941dc + * 160941d3 c605 0cfb6701 02 mov byte ptr ds:[0x167fb0c],0x2 + * 160941da eb 26 jmp short 16094202 + * 160941dc c605 0cfb6701 04 mov byte ptr ds:[0x167fb0c],0x4 + * 160941e3 eb 07 jmp short 160941ec + * 160941e5 c605 0cfb6701 08 mov byte ptr ds:[0x167fb0c],0x8 + * 160941ec 832d 7c4cb101 06 sub dword ptr ds:[0x1b14c7c],0x6 + * 160941f3 e9 20000000 jmp 16094218 + * 160941f8 0188 6b2180e9 add dword ptr ds:[eax+0xe980216b],ecx + * 160941fe 0e push cs + * 160941ff be 06f1832d mov esi,0x2d83f106 + * 16094204 7c 4c jl short 16094252 + * 16094206 b1 01 mov cl,0x1 + * 16094208 06 push es + * 16094209 e9 c2000000 jmp 160942d0 + * 1609420e 0198 6b2180e9 add dword ptr ds:[eax+0xe980216b],ebx + * 16094214 f8 clc + * 16094215 bd 06f1770f mov ebp,0xf77f106 + * 1609421a c705 00fb6701 88>mov dword ptr ds:[0x167fb00],0x80216b88 + * 16094224 -e9 41be06f1 jmp 0710006a + * 16094229 8b0d 90f86701 mov ecx,dword ptr ds:[0x167f890] + * 1609422f 81c1 01000000 add ecx,0x1 + * 16094235 f7c1 0000000c test ecx,0xc000000 + * 1609423b 74 0b je short 16094248 + * 1609423d 51 push ecx + * 1609423e e8 86bef9f2 call 090300c9 + * 16094243 83c4 04 add esp,0x4 + * 16094246 eb 11 jmp short 16094259 + * 16094248 8bc1 mov eax,ecx + * 1609424a 81e0 ffffff3f and eax,0x3fffffff + * 16094250 0fb680 00000810 movzx eax,byte ptr ds:[eax+0x10080000] + * 16094257 66:90 nop + * 16094259 8b35 90f86701 mov esi,dword ptr ds:[0x167f890] + * 1609425f 81c6 01000000 add esi,0x1 + * 16094265 8905 80f86701 mov dword ptr ds:[0x167f880],eax + * 1609426b 8105 8cf86701 01>add dword ptr ds:[0x167f88c],0x1 + * 16094275 813d 80f86701 00>cmp dword ptr ds:[0x167f880],0x0 + * 1609427f 8935 90f86701 mov dword ptr ds:[0x167f890],esi + * 16094285 7c 14 jl short 1609429b + * 16094287 7f 09 jg short 16094292 + * 16094289 c605 0cfb6701 02 mov byte ptr ds:[0x167fb0c],0x2 + * 16094290 eb 26 jmp short 160942b8 + * 16094292 c605 0cfb6701 04 mov byte ptr ds:[0x167fb0c],0x4 + * 16094299 eb 07 jmp short 160942a2 + * 1609429b c605 0cfb6701 08 mov byte ptr ds:[0x167fb0c],0x8 + * 160942a2 832d 7c4cb101 04 sub dword ptr ds:[0x1b14c7c],0x4 + * 160942a9 ^e9 6affffff jmp 16094218 + * 160942ae 0188 6b2180e9 add dword ptr ds:[eax+0xe980216b],ecx + * 160942b4 58 pop eax + * 160942b5 bd 06f1832d mov ebp,0x2d83f106 + * 160942ba 7c 4c jl short 16094308 + * 160942bc b1 01 mov cl,0x1 + * 160942be 04 e9 add al,0xe9 + * 160942c0 0c 00 or al,0x0 + * 160942c2 0000 add byte ptr ds:[eax],al + * 160942c4 0198 6b2180e9 add dword ptr ds:[eax+0xe980216b],ebx + * 160942ca 42 inc edx + * 160942cb bd 06f1cccc mov ebp,0xccccf106 + * 160942d0 77 0f ja short 160942e1 + * 160942d2 c705 00fb6701 98>mov dword ptr ds:[0x167fb00],0x80216b98 + * 160942dc -e9 89bd06f1 jmp 0710006a + * 160942e1 8b05 84fb6701 mov eax,dword ptr ds:[0x167fb84] + * 160942e7 81e0 fcffffff and eax,0xfffffffc + * 160942ed 8905 00fb6701 mov dword ptr ds:[0x167fb00],eax + * 160942f3 832d 7c4cb101 01 sub dword ptr ds:[0x1b14c7c],0x1 + * 160942fa -e9 11bd06f1 jmp 07100010 + * 160942ff 832d 7c4cb101 01 sub dword ptr ds:[0x1b14c7c],0x1 + * 16094306 ^e9 91f8ffff jmp 16093b9c + * 1609430b cc int3 + */ +namespace { // unnamed + +// Return true if the text is a garbage character +inline bool _vanillawaregarbage_ch(char c) +{ + return c == ' ' || c == '.' || c == '/' + || c >= '0' && c <= '9' + || c >= 'A' && c <= 'z' // also ignore ASCII 91-96: [ \ ] ^ _ ` + ; +} + +// Return true if the text is full of garbage characters +bool _vanillawaregarbage(LPCSTR p) +{ + enum { MAX_LENGTH = VNR_TEXT_CAPACITY }; + for (int count = 0; *p && count < MAX_LENGTH; count++, p++) + if (!_vanillawaregarbage_ch(*p)) + return false; + return true; +} +} // unnamed namespace + +static void SpecialGCHookVanillaware(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) +{ + DWORD eax = stack->eax; + LPCSTR text = LPCSTR(eax + hp->user_value); + static LPCSTR lasttext; + if (lasttext != text && *text && !_vanillawaregarbage(text)) { + lasttext = text; + *data = (DWORD)text; + *len = ::strlen(text); // SHIFT-JIS + *split = stack->ecx; + //*split = FIXED_SPLIT_VALUE; + } +} + +bool InsertVanillawareGCHook() +{ + ConsoleOutput("Vanillaware GC: enter"); + + const BYTE bytes[] = { + 0x83,0xc4, 0x04, // 16094193 83c4 04 add esp,0x4 + 0xeb, 0x11, // 16094196 eb 11 jmp short 160941a9 + 0x8b,0xc1, // 16094198 8bc1 mov eax,ecx + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 1609419a 81e0 ffffff3f and eax,0x3fffffff + 0x0f,0xb6,0x80, XX4, // 160941a0 0fb680 00000810 movzx eax,byte ptr ds:[eax+0x10080000] ; jichi: hook here + 0x66,0x90, // 160941a7 66:90 nop + 0x81,0xc6, 0x01,0x00,0x00,0x00 // 160941a9 81c6 01000000 add esi,0x1 + //0x89,05 80f86701 // 160941af 8905 80f86701 mov dword ptr ds:[0x167f880],eax + //0x81,3d 80f86701 00 // 160941b5 813d 80f86701 00>cmp dword ptr ds:[0x167f880],0x0 + //0xc7,05 8cf86701 00 // 160941bf c705 8cf86701 00>mov dword ptr ds:[0x167f88c],0x0 + //0x89,35 90f86701 // 160941c9 8935 90f86701 mov dword ptr ds:[0x167f890],esi + //0x7c, 14 // 160941cf 7c 14 jl short 160941e5 + //0x7f, 09 // 160941d1 7f 09 jg short 160941dc + //0xc6,05 0cfb6701 02 // 160941d3 c605 0cfb6701 02 mov byte ptr ds:[0x167fb0c],0x2 + //0xeb, 26 // 160941da eb 26 jmp short 16094202 + }; + enum { memory_offset = 3 }; // 160941a0 0fb680 00000810 movzx eax,byte ptr ds:[eax+0x10080000] + enum { addr_offset = 0x160941a0 - 0x16094193 }; + + DWORD addr = SafeMatchBytesInGCMemory(bytes, sizeof(bytes)); + auto succ=false; + if (!addr) + ConsoleOutput("Vanillaware GC: pattern not found"); + else { + HookParam hp; + hp.address = addr + addr_offset; + hp.user_value = *(DWORD *)(hp.address + memory_offset); + hp.text_fun = SpecialGCHookVanillaware; + hp.type = USING_STRING|NO_CONTEXT; // no context is needed to get rid of variant retaddr + ConsoleOutput("Vanillaware GC: INSERT"); + succ|=NewHook(hp, "Vanillaware GC"); + } + + ConsoleOutput("Vanillaware GC: leave"); + return succ; +} +/** jichi 7/20/2014 Dolphin + * Tested with Dolphin 4.0 + */ +bool InsertGCHooks() +{ + // TODO: Add generic hooks + return InsertVanillawareGCHook(); + //return false; +} + +bool VanillawareGC::attach_function() { + return InsertGCHooks(); +} \ No newline at end of file diff --git a/LunaHook/engine32/VanillawareGC.h b/LunaHook/engine32/VanillawareGC.h new file mode 100644 index 0000000..9bbb0f0 --- /dev/null +++ b/LunaHook/engine32/VanillawareGC.h @@ -0,0 +1,11 @@ +#include"engine.h" + +class VanillawareGC:public ENGINE{ + public: + VanillawareGC(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"Dolphin.exe"; + }; + bool attach_function(); +}; diff --git a/LunaHook/engine32/VitaminSoft.cpp b/LunaHook/engine32/VitaminSoft.cpp new file mode 100644 index 0000000..0d96fdd --- /dev/null +++ b/LunaHook/engine32/VitaminSoft.cpp @@ -0,0 +1,47 @@ +#include"VitaminSoft.h" + +namespace{ + bool _1(){ + //どうして?いじってプリンセスFinalRoad~もう!またこんなところで3~ + auto entry=Util::FindImportEntry(processStartAddress,(DWORD)ExtTextOutA); + if(entry==0)return false; + BYTE bytes[]={0xFF,0x15,XX4}; + memcpy(bytes+2,&entry,4); + bool ok=false; + for(auto addr:Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE, processStartAddress, processStopAddress)){ + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) continue; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(3); + hp.type = DATA_INDIRECT; + hp.index = 0; + ok|=NewHook(hp, "VitaminSoft"); + } + return ok; + } + bool _2(){ + //ねとって女神 + //ねとって女神 NEO + auto entry=Util::FindImportEntry(processStartAddress,(DWORD)TextOutA); + if(entry==0)return false; + BYTE bytes[]={0xFF,0x15,XX4}; + memcpy(bytes+2,&entry,4); + bool ok=false; + for(auto addr:Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE, processStartAddress, processStopAddress)){ + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) continue; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.type = USING_STRING; + ok|=NewHook(hp, "VitaminSoft"); + } + return ok; + } +} + +bool VitaminSoft::attach_function(){ + + return _2()||_1(); +} \ No newline at end of file diff --git a/LunaHook/engine32/VitaminSoft.h b/LunaHook/engine32/VitaminSoft.h new file mode 100644 index 0000000..94afdba --- /dev/null +++ b/LunaHook/engine32/VitaminSoft.h @@ -0,0 +1,13 @@ +#include"engine.h" + + +class VitaminSoft:public ENGINE{ + public: + VitaminSoft(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"*.fpk"; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Waffle.cpp b/LunaHook/engine32/Waffle.cpp new file mode 100644 index 0000000..09c1b66 --- /dev/null +++ b/LunaHook/engine32/Waffle.cpp @@ -0,0 +1,600 @@ +#include"Waffle.h" +#include"embed_util.h" +#include"util/textunion.h" +#include"ntxpundef.h" +bool InsertWaffleDynamicHook(LPVOID addr, uintptr_t frame, uintptr_t stack) +{ + ConsoleOutput("WaffleDynamic:triggered"); + if (addr != ::GetTextExtentPoint32A) + return false; + + auto tib = (NT_TIB*)__readfsdword(0); + auto exception = tib->ExceptionList; + for (int i = 0; i < 4; i++) { + exception = exception->Next; + } + auto handler=(DWORD)exception->Handler; + + union { + DWORD i; + BYTE *ib; + DWORD *id; + }; + // jichi 9/30/2013: Fix the bug in ITH logic where j is uninitialized + for (i = processStartAddress + 0x1000; i < processStopAddress - 4; i++) + if (*id == handler && *(ib - 1) == 0x68) + if (DWORD t = SafeFindEnclosingAlignedFunction(i, 0x40)) { + HookParam hp; + hp.address = t; + hp.offset=get_stack(2); + hp.index = 4; + hp.type = DATA_INDIRECT; + ConsoleOutput("INSERT Dynamic Waffle"); + return NewHook(hp, "Waffle"); + } + ConsoleOutput("DynamicWaffle: failed"); + //ConsoleOutput("Unknown waffle engine."); + return true; // jichi 12/25/2013: return true +} + +/** jichi 8/18/2015 + * Sample game: 完全時間停止 体験版 + * GDI text: TextOutA and GetTextExtentPoint32A + */ +bool InsertWaffleHook() +{ + bool found = false; + for (DWORD i = processStartAddress + 0x1000; i < processStopAddress - 4; i++) + if (*(DWORD *)i == 0xac68 && *(BYTE*)(i + 4) == 0) { + HookParam hp; + hp.address = i; + hp.offset=get_stack(2); + hp.index = 4; + hp.split = 0x1e8; + hp.type = DATA_INDIRECT|USING_SPLIT; + ConsoleOutput("INSERT WAFFLE"); + found|=NewHook(hp, "WAFFLE"); + } + +/** new waffle? +* test on 母三人とアナあそび https://vndb.org/v24214 +* and 変態エルフ姉妹と真面目オーク https://vndb.org/v24215 +* and いかにして俺の妻は孕んだか…… https://vndb.org/v26205 +* and 俺の知らぬ間に彼女が… https://vndb.org/v27781 +*/ + const BYTE bytes[] = { + 0x50, //50 push eax + 0x8b, 0xce, //8BCE mov ecx,esi + 0xc6, 0x45, 0xfc, XX, //C645 FC 01 move byte ptr ss:[ebp-4],? + 0x89, 0x75, 0xd4, //8975 D4 move dword ptr ss:[ebp-0x2c],esi + 0xe8, XX4, //E8 ?? call ?? + 0x8d, 0x45, 0xdc //8D45 DC lea eax,dword ptr ss:[ebp-0x24] + }; + if (DWORD addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress)) + { + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::eax); + hp.type = DATA_INDIRECT; + ConsoleOutput("INSERT WAFFLE2"); + found|=NewHook(hp, "WAFFLE2"); + } + //ConsoleOutput("Probably Waffle. Wait for text."); + if (!found) trigger_fun = InsertWaffleDynamicHook; + return found; + //ConsoleOutput("WAFFLE: failed"); +} +bool InsertWaffleHookx(){ + //[180928] [WAFFLE] 性欲が止まらないご主人様と三人のメイドたち + const BYTE bytes[] = { + 0xFF,0x75,0x40, + 0x8D,0x8D,0xDC,000,0x00,0x00, + 0xE8,0x72,0x53,0xF4,0xFF + //没有很好的特征可捕获。暂且这样吧。 + //HBN-4*0@12F147:maid3.exe + }; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (addr == 0)return false; + HookParam hp; + hp.address=addr+=sizeof(bytes); + hp.type=NO_CONTEXT|DATA_INDIRECT; + hp.offset=get_reg(regs::eax); + hp.index=0; + return NewHook(hp, "waffle"); +} +namespace { // unnamed +//ULONG moduleBaseAddress_; +namespace ScenarioHook { +namespace Private { + /** + * Arg1 for long text also on the stack: + * 03E5EC14 30 D1 5C 01 B8 99 C6 08 A0 88 BB 08 50 EC E5 03 0ム\ク卮綾P・ + * jichi: source text here + * 03E5EC24 68 EC E5 03 42 00 00 00 4F 00 00 00 84 F9 A3 00 h・B...O...・」. + * jichi: source size here + * 03E5EC34 A0 F7 7C 00 2C D1 5C 01 38 64 AA 00 10 0B F4 C9 .,ム\8dェ.  + * 03E5EC44 13 00 00 00 1F 00 00 00 64 00 00 00 00 00 00 00 ......d....... + * + * Arg1 for short text: + * 023E10E8 61 C1 9A 35 8E 9E 8A D4 82 F0 8E 7E 82 DF 82 BD aチ・時間を止めた + * 023E10F8 81 42 00 16 0E 00 00 00 0F 00 00 00 9C 98 10 3F 。.......恫? + * 023E1108 00 EE ED 98 A8 59 11 33 C2 C3 42 83 DF 9C FC C6 .・乖Y3ツテB・戛ニ + * 023E1118 00 00 00 00 0F 00 00 00 79 7B BA 93 00 DA 8B 46 .......y{コ・レ祈 + */ + TextUnionA *arg_, + argValue_; + bool hookBefore(hook_stack*s,void* data, size_t* len,uintptr_t*role) + { + static std::string data_; // persistent storage, which makes this function not thread-safe + + //auto reladdr = retaddr - moduleBaseAddress_; + // Sample game: 完全時間停止 ~無理やり時間を止められた世界でハメられる女たち~ + // Scenario: 0xbfd4d + // Name: 0xbfd36 + //if (reladdr == 0xc6e75 || + // reladdr == 0xc6e1f || + // reladdr == 0x61a57 || + // reladdr == 0xe762d || + // reladdr == 0xe768a || + // reladdr == 0xe76a6 || + // reladdr == 0xe78d5 || + // reladdr == 0x446e7 || + // reladdr == 0x177317 || + // reladdr == 0x52ca || + // reladdr == 0x529c || + // reladdr == 0x55df) + // return true; + + // Sample game: 漫喫ハプニング + // Scenario: 0x1174bc + // Name: 0x1174a6 + //if (reladdr == 0x450f || + // reladdr == 0x1b45c || + // reladdr == 0x1b48a || + // reladdr == 0x10fe77 || + // reladdr == 0x11d0c9 || + // reladdr == 0x1100e0 || + // reladdr == 0x10fe93 || + // reladdr == 0x10fde1 || + // reladdr == 0x11d073) + // return true; + + //DOUT(retaddr); + + + + auto arg = (TextUnionA *)(s->stack[0] + 4); + if (!arg || !arg->isValid()) + return false; + + //enum { role = Engine::ScenarioRole }; + //auto role = Engine::OtherRole; + //if (reladdr == 0xbfd4d) // scenario thread, only hook to this call instead + // role = Engine::ScenarioRole; + //else if (reladdr == 0xbfd36) + // role = Engine::NameRole; + //else if (reladdr == 0x60285) + // role = Engine::FontRole; + //else + // return true; + //DOUT(retaddr); + + //auto sig = Engine::hashThreadSignature(role, reladdr); + std::string oldData = arg->getText(); + strcpy((LPSTR)data,oldData.c_str()); + *len=oldData.size(); + return true; + } + void hookafter(hook_stack*s,void* data, size_t len){ + + auto newData =std::string((char*)data,len); + auto arg = (TextUnionA *)(s->stack[0] + sizeof(DWORD)); // arg1 + arg_ = arg; + argValue_ = *arg; + static std::string data_; + data_ = newData; + arg->setText(data_.c_str(), data_.size()); + } + bool hookAfter1(hook_stack*s,void* data, size_t* len,uintptr_t*role) + { + if (arg_) { + *arg_ = argValue_; + arg_ = nullptr; + } + return false; + } +} // namespace Private + +/** + * Sample game: 完全時間停止 ~無理やり時間を止められた世界でハメられる女たち~ + * + * Base addr: 09e0000 + * + * Debugging method: + * - First find the function like memcpy_s by debugging where scenario text is modified. + * arg1: target text + * arg2: target capacity + * arg3: source text + * arg4: source size + * + * 009E59FA CC INT3 + * 009E59FB CC INT3 + * 009E59FC CC INT3 + * 009E59FD CC INT3 + * 009E59FE CC INT3 + * 009E59FF CC INT3 + * 009E5A00 53 PUSH EBX + * 009E5A01 8B5C24 08 MOV EBX,DWORD PTR SS:[ESP+0x8] + * 009E5A05 55 PUSH EBP + * 009E5A06 8B6C24 10 MOV EBP,DWORD PTR SS:[ESP+0x10] + * 009E5A0A 56 PUSH ESI + * 009E5A0B 57 PUSH EDI + * 009E5A0C 8BF1 MOV ESI,ECX + * 009E5A0E 396B 14 CMP DWORD PTR DS:[EBX+0x14],EBP + * 009E5A11 73 05 JNB SHORT play.009E5A18 + * 009E5A13 E8 66B71B00 CALL play.00BA117E + * 009E5A18 8B7B 14 MOV EDI,DWORD PTR DS:[EBX+0x14] + * 009E5A1B 8B4424 1C MOV EAX,DWORD PTR SS:[ESP+0x1C] + * 009E5A1F 2BFD SUB EDI,EBP + * 009E5A21 3BC7 CMP EAX,EDI + * 009E5A23 73 02 JNB SHORT play.009E5A27 + * 009E5A25 8BF8 MOV EDI,EAX + * 009E5A27 3BF3 CMP ESI,EBX + * 009E5A29 75 1F JNZ SHORT play.009E5A4A + * 009E5A2B 6A FF PUSH -0x1 + * 009E5A2D 03FD ADD EDI,EBP + * 009E5A2F 57 PUSH EDI + * 009E5A30 8BCE MOV ECX,ESI + * 009E5A32 E8 39FFFFFF CALL play.009E5970 + * 009E5A37 55 PUSH EBP + * 009E5A38 6A 00 PUSH 0x0 + * 009E5A3A 8BCE MOV ECX,ESI + * 009E5A3C E8 2FFFFFFF CALL play.009E5970 + * 009E5A41 5F POP EDI + * 009E5A42 8BC6 MOV EAX,ESI + * 009E5A44 5E POP ESI + * 009E5A45 5D POP EBP + * 009E5A46 5B POP EBX + * 009E5A47 C2 0C00 RETN 0xC + * 009E5A4A 83FF FE CMP EDI,-0x2 + * 009E5A4D 76 05 JBE SHORT play.009E5A54 + * 009E5A4F E8 F2B61B00 CALL play.00BA1146 + * 009E5A54 8B46 18 MOV EAX,DWORD PTR DS:[ESI+0x18] + * 009E5A57 3BC7 CMP EAX,EDI + * 009E5A59 73 1B JNB SHORT play.009E5A76 + * 009E5A5B 8B46 14 MOV EAX,DWORD PTR DS:[ESI+0x14] + * 009E5A5E 50 PUSH EAX + * 009E5A5F 57 PUSH EDI + * 009E5A60 8BCE MOV ECX,ESI + * 009E5A62 E8 69010000 CALL play.009E5BD0 + * 009E5A67 85FF TEST EDI,EDI + * 009E5A69 76 66 JBE SHORT play.009E5AD1 + * 009E5A6B 837B 18 10 CMP DWORD PTR DS:[EBX+0x18],0x10 + * 009E5A6F 72 2F JB SHORT play.009E5AA0 + * 009E5A71 8B53 04 MOV EDX,DWORD PTR DS:[EBX+0x4] + * 009E5A74 EB 2D JMP SHORT play.009E5AA3 + * 009E5A76 85FF TEST EDI,EDI + * 009E5A78 ^75 EF JNZ SHORT play.009E5A69 + * 009E5A7A 897E 14 MOV DWORD PTR DS:[ESI+0x14],EDI + * 009E5A7D 83F8 10 CMP EAX,0x10 + * 009E5A80 72 0F JB SHORT play.009E5A91 + * 009E5A82 8B46 04 MOV EAX,DWORD PTR DS:[ESI+0x4] + * 009E5A85 5F POP EDI + * 009E5A86 C600 00 MOV BYTE PTR DS:[EAX],0x0 + * 009E5A89 8BC6 MOV EAX,ESI + * 009E5A8B 5E POP ESI + * 009E5A8C 5D POP EBP + * 009E5A8D 5B POP EBX + * 009E5A8E C2 0C00 RETN 0xC + * 009E5A91 8D46 04 LEA EAX,DWORD PTR DS:[ESI+0x4] + * 009E5A94 5F POP EDI + * 009E5A95 C600 00 MOV BYTE PTR DS:[EAX],0x0 + * 009E5A98 8BC6 MOV EAX,ESI + * 009E5A9A 5E POP ESI + * 009E5A9B 5D POP EBP + * 009E5A9C 5B POP EBX + * 009E5A9D C2 0C00 RETN 0xC + * 009E5AA0 8D53 04 LEA EDX,DWORD PTR DS:[EBX+0x4] + * 009E5AA3 8B4E 18 MOV ECX,DWORD PTR DS:[ESI+0x18] + * 009E5AA6 8D5E 04 LEA EBX,DWORD PTR DS:[ESI+0x4] + * 009E5AA9 83F9 10 CMP ECX,0x10 + * 009E5AAC 72 04 JB SHORT play.009E5AB2 + * 009E5AAE 8B03 MOV EAX,DWORD PTR DS:[EBX] + * 009E5AB0 EB 02 JMP SHORT play.009E5AB4 + * 009E5AB2 8BC3 MOV EAX,EBX + * 009E5AB4 57 PUSH EDI ; jichi: source size + * 009E5AB5 03D5 ADD EDX,EBP + * 009E5AB7 52 PUSH EDX ; jichi: source text + * 009E5AB8 51 PUSH ECX ; jichi: target size + * 009E5AB9 50 PUSH EAX ; jichi: target text + * 009E5ABA E8 F9A91F00 CALL play.00BE04B8 ; jichi: called + * 009E5ABF 83C4 10 ADD ESP,0x10 + * 009E5AC2 837E 18 10 CMP DWORD PTR DS:[ESI+0x18],0x10 + * 009E5AC6 897E 14 MOV DWORD PTR DS:[ESI+0x14],EDI + * 009E5AC9 72 02 JB SHORT play.009E5ACD + * 009E5ACB 8B1B MOV EBX,DWORD PTR DS:[EBX] + * 009E5ACD C6043B 00 MOV BYTE PTR DS:[EBX+EDI],0x0 + * 009E5AD1 5F POP EDI + * 009E5AD2 8BC6 MOV EAX,ESI + * 009E5AD4 5E POP ESI + * 009E5AD5 5D POP EBP + * 009E5AD6 5B POP EBX + * 009E5AD7 C2 0C00 RETN 0xC + * 009E5ADA CC INT3 + * 009E5ADB CC INT3 + * 009E5ADC CC INT3 + * 009E5ADD CC INT3 + * + * Callers of that function: + * + * 0112FCFE E8 A0670200 CALL 完全時間.011564A3 + * 0112FD03 8B7424 18 MOV ESI,DWORD PTR SS:[ESP+0x18] + * 0112FD07 8D8424 9C000000 LEA EAX,DWORD PTR SS:[ESP+0x9C] + * 0112FD0E 50 PUSH EAX + * 0112FD0F E8 AC9EF4FF CALL 完全時間.01079BC0 + * 0112FD14 6A FF PUSH -0x1 + * 0112FD16 6A 00 PUSH 0x0 + * 0112FD18 8DBE 84000000 LEA EDI,DWORD PTR DS:[ESI+0x84] + * 0112FD1E 57 PUSH EDI + * 0112FD1F 8D8C24 B0000000 LEA ECX,DWORD PTR SS:[ESP+0xB0] + * 0112FD26 C78424 24010000 0B000000 MOV DWORD PTR SS:[ESP+0x124],0xB + * 0112FD31 -E9 CA02A90C JMP 0DBC0000 ; jichi: name caller + * 0112FD36 6A FF PUSH -0x1 + * 0112FD38 6A 00 PUSH 0x0 + * 0112FD3A 8D86 A0000000 LEA EAX,DWORD PTR DS:[ESI+0xA0] + * 0112FD40 50 PUSH EAX + * 0112FD41 8D8C24 CC000000 LEA ECX,DWORD PTR SS:[ESP+0xCC] + * 0112FD48 -E9 B302AA0C JMP 0DBD0000 ; jichi: scenario caller + * 0112FD4D 6A FF PUSH -0x1 + * 0112FD4F 6A 00 PUSH 0x0 + * 0112FD51 53 PUSH EBX + * 0112FD52 8D8C24 E8000000 LEA ECX,DWORD PTR SS:[ESP+0xE8] + * 0112FD59 -E9 A202AB0C JMP 0DBE0000 + * 0112FD5E 8B46 04 MOV EAX,DWORD PTR DS:[ESI+0x4] + * 0112FD61 898424 F8000000 MOV DWORD PTR SS:[ESP+0xF8],EAX + * 0112FD68 8B46 08 MOV EAX,DWORD PTR DS:[ESI+0x8] + * 0112FD6B 8B7424 1C MOV ESI,DWORD PTR SS:[ESP+0x1C] + * 0112FD6F 898424 FC000000 MOV DWORD PTR SS:[ESP+0xFC],EAX + * 0112FD76 8B46 08 MOV EAX,DWORD PTR DS:[ESI+0x8] + * 0112FD79 FFB0 00010000 PUSH DWORD PTR DS:[EAX+0x100] + * 0112FD7F 8BCB MOV ECX,EBX + * 0112FD81 E8 8DFAF8FF CALL 完全時間.010BF813 + * 0112FD86 898424 A0000000 MOV DWORD PTR SS:[ESP+0xA0],EAX + * 0112FD8D 83F8 FF CMP EAX,-0x1 + * 0112FD90 75 2B JNZ SHORT 完全時間.0112FDBD + * 0112FD92 837B 18 10 CMP DWORD PTR DS:[EBX+0x18],0x10 + * 0112FD96 72 05 JB SHORT 完全時間.0112FD9D + * 0112FD98 8B5B 04 MOV EBX,DWORD PTR DS:[EBX+0x4] + * 0112FD9B EB 03 JMP SHORT 完全時間.0112FDA0 + * 0112FD9D 83C3 04 ADD EBX,0x4 + * 0112FDA0 837F 18 10 CMP DWORD PTR DS:[EDI+0x18],0x10 + * 0112FDA4 72 05 JB SHORT 完全時間.0112FDAB + * 0112FDA6 8B7F 04 MOV EDI,DWORD PTR DS:[EDI+0x4] + * 0112FDA9 EB 03 JMP SHORT 完全時間.0112FDAE + * 0112FDAB 83C7 04 ADD EDI,0x4 + * 0112FDAE 53 PUSH EBX + * 0112FDAF 57 PUSH EDI + * 0112FDB0 68 E4BF2D01 PUSH 完全時間.012DBFE4 + * 0112FDB5 E8 A65AF4FF CALL 完全時間.01075860 + * 0112FDBA 83C4 0C ADD ESP,0xC + * 0112FDBD 8B46 08 MOV EAX,DWORD PTR DS:[ESI+0x8] + * 0112FDC0 8B98 E8000000 MOV EBX,DWORD PTR DS:[EAX+0xE8] + * 0112FDC6 8B4B 14 MOV ECX,DWORD PTR DS:[EBX+0x14] + * 0112FDC9 894424 18 MOV DWORD PTR SS:[ESP+0x18],EAX + * 0112FDCD 8D8424 9C000000 LEA EAX,DWORD PTR SS:[ESP+0x9C] + * 0112FDD4 E8 F792FCFF CALL 完全時間.010F90D0 + * 0112FDD9 8D8424 9C000000 LEA EAX,DWORD PTR SS:[ESP+0x9C] + * 0112FDE0 50 PUSH EAX + * 0112FDE1 8B43 18 MOV EAX,DWORD PTR DS:[EBX+0x18] + * 0112FDE4 E8 399AFCFF CALL 完全時間.010F9822 + * 0112FDE9 8D73 38 LEA ESI,DWORD PTR DS:[EBX+0x38] + * 0112FDEC 8DBC24 9C000000 LEA EDI,DWORD PTR SS:[ESP+0x9C] + * 0112FDF3 E8 C8BFF4FF CALL 完全時間.0107BDC0 + * 0112FDF8 8BC7 MOV EAX,EDI + * 0112FDFA 50 PUSH EAX + * 0112FDFB 8D43 30 LEA EAX,DWORD PTR DS:[EBX+0x30] + * 0112FDFE E8 2D4AFAFF CALL 完全時間.010D4830 + * + * Sample game: 漫喫ハプニング + * + * Scenario callers: + * + * 0039746D E8 3ED2EEFF CALL .002846B0 + * 00397472 8B7424 18 MOV ESI,DWORD PTR SS:[ESP+0x18] + * 00397476 33FF XOR EDI,EDI + * 00397478 8D8424 B4000000 LEA EAX,DWORD PTR SS:[ESP+0xB4] + * 0039747F 50 PUSH EAX + * 00397480 E8 9BC5F0FF CALL .002A3A20 + * 00397485 6A FF PUSH -0x1 + * 00397487 57 PUSH EDI + * 00397488 8D83 84000000 LEA EAX,DWORD PTR DS:[EBX+0x84] + * 0039748E 50 PUSH EAX + * 0039748F 8D8C24 C8000000 LEA ECX,DWORD PTR SS:[ESP+0xC8] + * 00397496 C78424 3C010000 12000000 MOV DWORD PTR SS:[ESP+0x13C],0x12 + * 003974A1 -E9 5A8BB410 JMP 10EE0000 ; jichi: name + * 003974A6 6A FF PUSH -0x1 + * 003974A8 57 PUSH EDI + * 003974A9 8D83 A0000000 LEA EAX,DWORD PTR DS:[EBX+0xA0] + * 003974AF 50 PUSH EAX + * 003974B0 8D8C24 E4000000 LEA ECX,DWORD PTR SS:[ESP+0xE4] + * 003974B7 -E9 448BB510 JMP 10EF0000 ; jichi: scenario + * 003974BC 6A FF PUSH -0x1 + * 003974BE 57 PUSH EDI + * 003974BF 8DBB BC000000 LEA EDI,DWORD PTR DS:[EBX+0xBC] + * 003974C5 57 PUSH EDI + * 003974C6 8D8C24 00010000 LEA ECX,DWORD PTR SS:[ESP+0x100] + * 003974CD -E9 2E8BB610 JMP 10F00000 + * 003974D2 8B43 04 MOV EAX,DWORD PTR DS:[EBX+0x4] + * 003974D5 898424 10010000 MOV DWORD PTR SS:[ESP+0x110],EAX + * 003974DC 8B43 08 MOV EAX,DWORD PTR DS:[EBX+0x8] + * 003974DF 898424 14010000 MOV DWORD PTR SS:[ESP+0x114],EAX + * 003974E6 8B46 08 MOV EAX,DWORD PTR DS:[ESI+0x8] + * 003974E9 FFB0 00010000 PUSH DWORD PTR DS:[EAX+0x100] + * 003974EF 8BCF MOV ECX,EDI + * 003974F1 E8 D333F5FF CALL .002EA8C9 + * 003974F6 8B76 08 MOV ESI,DWORD PTR DS:[ESI+0x8] + * 003974F9 898424 B8000000 MOV DWORD PTR SS:[ESP+0xB8],EAX + * 00397500 8B9E E8000000 MOV EBX,DWORD PTR DS:[ESI+0xE8] + * 00397506 8B4B 14 MOV ECX,DWORD PTR DS:[EBX+0x14] + * 00397509 8D8424 B4000000 LEA EAX,DWORD PTR SS:[ESP+0xB4] + * 00397510 897424 1C MOV DWORD PTR SS:[ESP+0x1C],ESI + * 00397514 E8 C897FCFF CALL .00360CE1 + * 00397519 8D8424 B4000000 LEA EAX,DWORD PTR SS:[ESP+0xB4] + */ +bool attach(ULONG startAddress, ULONG stopAddress) +{ + const uint8_t bytes[] = { + 0x8b,0xf1, // 009e5a0c 8bf1 mov esi,ecx + 0x39,0x6b, 0x14, // 009e5a0e 396b 14 cmp dword ptr ds:[ebx+0x14],ebp + 0x73, 0x05 // 009e5a11 73 05 jnb short play.009e5a18 + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if (!addr) + return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) + return false; + int count = 0; + auto fun = [&count, startAddress](ULONG addr) -> bool { + // 00397496 C78424 3C010000 12000000 MOV DWORD PTR SS:[ESP+0x13C],0x12 + // 003974A1 -E9 5A8BB410 JMP 10EE0000 ; jichi: name + // 003974A6 6A FF PUSH -0x1 + // 003974A8 57 PUSH EDI + // 003974A9 8D83 A0000000 LEA EAX,DWORD PTR DS:[EBX+0xA0] + // 003974AF 50 PUSH EAX + // 003974B0 8D8C24 E4000000 LEA ECX,DWORD PTR SS:[ESP+0xE4] + // 003974B7 -E9 448BB510 JMP 10EF0000 ; jichi: scenario + // 003974BC 6A FF PUSH -0x1 + // 003974BE 57 PUSH EDI + auto role = Engine::OtherRole; + if (*(DWORD *)(addr - 8) == 0x248c8d50) + role = Engine::ScenarioRole; + else if ((*(DWORD *)(addr - 11) & 0x00ffffff) == 0x002484c7) + role = Engine::NameRole; + else + return true; + auto reladdr = addr + 5 - startAddress; + { + HookParam hp; + hp.address=addr; + hp.hook_before=Private::hookBefore; + hp.hook_after=Private::hookafter; + hp.index=4; + hp.hook_font=F_TextOutA|F_GetTextExtentPoint32A; + hp.type=DATA_INDIRECT|USING_STRING|EMBED_ABLE|NO_CONTEXT|EMBED_DYNA_SJIS; + if(role==Engine::NameRole) + count+=NewHook(hp,"EmbedWaffle_name"); + else + count+=NewHook(hp,"EmbedWaffle_Scenario"); + } + { + HookParam hp; + hp.address=addr+5; + hp.type=EMBED_ABLE; + hp.hook_before=Private::hookAfter1; + count+=NewHook(hp,"EmbedWaffle_clear"); + } + // auto before = std::bind(Private::hookBefore, reladdr, role, std::placeholders::_1); + // count += winhook::hook_both(addr, before, Private::hookAfter); + return true; + }; + MemDbg::iterNearCallAddress(fun, addr, startAddress, stopAddress); + + return count; +} +} // namespace ScenarioHook +} // unnamed namespace +namespace{ + //Waffle「妹と彼女~それぞれの選択~ 」体験版 + //https://www.net-ride.com/free_dl/index.php?R_km_url=W062 + bool h1(){ + const uint8_t bytes[] = { + 0x8b,0x5d,0x08, + 0x42, + 0x8b,0xc3, + 0x2b,0xc7, + 0x03,0xd0, + 0x8b,0x45,0x14, + 0x8d,0x0c,0x33, + 0x89,0x55,0x18, + 0x2b,0xd1, + 0x52, + 0x0f,0xbe,0x30, + 0x56, + 0x89,0x75,0x0c, + 0x51 + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!addr) return false; + addr = findfuncstart(addr,0x200); + if (!addr) return false; + HookParam hp; + hp.address=addr; + hp.offset=get_stack(1); + hp.type=USING_STRING; + hp.filter_fun=[](void* data, size_t* size, HookParam*) { + + if(all_ascii((char*)data,*size))return false; + static std::string str; + if(str==std::string((char*)data))return false; + str=std::string((char*)data); + return true; + }; + return NewHook(hp,"waffle3"); + } + bool h2(){ + const uint8_t bytes[] = { + 0x8a,0x01,0x41,0x84,0xc0,XX,XX,0x2b,0xca,0x8d,0x45,0xec,0x51,0x50,0x8b,0xcf,0xe8,XX4 + }; + bool ok=false; + for(auto addr:Util::SearchMemory(bytes,sizeof(bytes),PAGE_EXECUTE_READWRITE,processStartAddress,processStopAddress)){ + HookParam hp; + hp.address=addr+sizeof(bytes)-5; + hp.offset=get_reg(regs::eax); + hp.type=USING_STRING; + ok|=NewHook(hp,"waffle4"); + } + return ok; + } + bool hh(){ + auto _=h1(); + _=h2()||_; + return _; + } +} +namespace{ + bool waffle3(){ + //[190329] [WAFFLE] 変態エルフ姉妹と真面目オーク + //https://vndb.org/v24215 + const uint8_t bytes[] = { + 0xC7,XX2,0x01,0,0,0, + 0xe8,XX4, + 0xeb,XX, + 0x8d,0x4d,XX, + 0xe8,XX4, + //-> + 0x8a,0x08, + 0x88,0x4d,XX, + 0xff,0x75,XX, + 0xe8,XX4, + 0x83,0xc4,0x04, + 0x84,0xc0, + 0x75,XX + }; + auto addr=MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if(addr==0)return false; + HookParam hp; + hp.address=addr+sizeof(bytes)-20; + hp.type=DATA_INDIRECT; + hp.offset=get_reg(regs::eax); + return NewHook(hp,"waffle3"); + } +} +bool Waffle::attach_function() { + bool embed=ScenarioHook::attach(processStartAddress,processStopAddress); + bool b1= InsertWaffleHook(); + bool b2=InsertWaffleHookx(); + bool b3=hh(); + b3|=waffle3(); + return b1||b2||embed||b3; +} \ No newline at end of file diff --git a/LunaHook/engine32/Waffle.h b/LunaHook/engine32/Waffle.h new file mode 100644 index 0000000..3ebea18 --- /dev/null +++ b/LunaHook/engine32/Waffle.h @@ -0,0 +1,11 @@ +#include"engine.h" + +class Waffle:public ENGINE{ + public: + Waffle(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"cfg.pak"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/WillPlus.cpp b/LunaHook/engine32/WillPlus.cpp new file mode 100644 index 0000000..55b6a02 --- /dev/null +++ b/LunaHook/engine32/WillPlus.cpp @@ -0,0 +1,1699 @@ +#include"WillPlus.h" +#include"embed_util.h" +#include"dyncodec/dynsjis.h" +/** 1/18/2015 jichi Add new WillPlus + * The old hook no longer works for new game. + * Sample game: [150129] [honeybee] RE:BIRTHDAY SONG + * + * Note, WillPlus engine is migrating to UTF16 using GetGlyphOutlineW such as: + * [141218] [Guily] 手�めにされる九人の堕女 + * This engine does not work for GetGlyphOutlineW, which, however, does not need a H-code. + * + * See: http://sakuradite.com/topic/615 + * + * There WillPlus games have many hookable threads. + * But it is kind of important to find the best one. + * + * By inserting hw point: + * - There is a clean text thread with fixed memory address. + * However, it cannot extract character name like GetGlyphOutlineA. + * - This is a non-clean text thread, but it contains garbage such as %LC. + * + * By backtracking from GetGlyphOutlineA: + * - GetGlyphOutlineA sometimes can extract all text, sometimes not. + * - There are two GetGlyphOutlineA functions. + * Both of them are called statically in the same function. + * That function is hooked. + * + * Hooked function: + * 0041820c cc int3 + * 0041820d cc int3 + * 0041820e cc int3 + * 0041820f cc int3 + * 00418210 81ec b4000000 sub esp,0xb4 + * 00418216 8b8424 c4000000 mov eax,dword ptr ss:[esp+0xc4] + * 0041821d 53 push ebx + * 0041821e 8b9c24 d0000000 mov ebx,dword ptr ss:[esp+0xd0] + * 00418225 55 push ebp + * 00418226 33ed xor ebp,ebp + * 00418228 56 push esi + * 00418229 8bb424 dc000000 mov esi,dword ptr ss:[esp+0xdc] + * 00418230 03c3 add eax,ebx + * 00418232 57 push edi + * 00418233 8bbc24 d8000000 mov edi,dword ptr ss:[esp+0xd8] + * 0041823a 896c24 14 mov dword ptr ss:[esp+0x14],ebp + * 0041823e 894424 4c mov dword ptr ss:[esp+0x4c],eax + * 00418242 896c24 24 mov dword ptr ss:[esp+0x24],ebp + * 00418246 39ac24 e8000000 cmp dword ptr ss:[esp+0xe8],ebp + * 0041824d 75 29 jnz short .00418278 + * 0041824f c74424 24 010000>mov dword ptr ss:[esp+0x24],0x1 + * + * ... + * + * 00418400 56 push esi + * 00418401 52 push edx + * 00418402 ff15 64c04b00 call dword ptr ds:[0x4bc064] ; gdi32.getglyphoutlinea + * 00418408 8bf8 mov edi,eax + * + * The old WillPlus engine can also be inserted to the new games. + * But it has no effects. + * + * A split value is used to get saving message out. + * + * Runtime stack for the scenario thread: + * 0012d9ec 00417371 return to .00417371 from .00418210 + * 0012d9f0 00000003 1 + * 0012d9f4 00000000 2 + * 0012d9f8 00000130 3 + * 0012d9fc 0000001a 4 + * 0012da00 0000000b 5 + * 0012da04 00000016 6 + * 0012da08 0092fc00 .0092fc00 ms gothic ; jichi: here's font + * 0012da0c 00500aa0 .00500aa0 shun ; jichi: text is here in arg8 + * 0012da10 0217dcc0 + * + * Runtime stack for name: + * 0012d9ec 00417371 return to .00417371 from .00418210 + * 0012d9f0 00000003 + * 0012d9f4 00000000 + * 0012d9f8 00000130 + * 0012d9fc 0000001a + * 0012da00 0000000b + * 0012da04 00000016 + * 0012da08 0092fc00 .0092fc00 + * 0012da0c 00500aa0 .00500aa0 + * 0012da10 0217dcc0 + * 0012da14 00000000 + * 0012da18 00000000 + * + * Runtime stack for non-dialog scenario text. + * 0012e5bc 00438c1b return to .00438c1b from .00418210 + * 0012e5c0 00000006 + * 0012e5c4 00000000 + * 0012e5c8 000001ae + * 0012e5cc 000000c8 + * 0012e5d0 0000000c + * 0012e5d4 00000018 + * 0012e5d8 0092fc00 .0092fc00 + * 0012e5dc 0012e628 + * 0012e5e0 0b0d0020 + * 0012e5e4 004fda98 .004fda98 + * + * Runtime stack for saving message + * 0012ed44 00426003 return to .00426003 from .00418210 + * 0012ed48 000003c7 + * 0012ed4c 00000000 + * 0012ed50 000000d8 + * 0012ed54 0000012f + * 0012ed58 00000008 + * 0012ed5c 00000010 + * 0012ed60 0092fc00 .0092fc00 + * 0012ed64 00951d88 ascii "2015/01/18" + */ + +namespace { // unnamed + + +void SpecialHookWillPlus(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) +{ + //static DWORD detect_offset; // jichi 1/18/2015: this makes sure it only runs once + //if (detect_offset) + // return; + DWORD i,l; + union { + DWORD retn; + WORD *pw; + BYTE *pb; + }; + retn = stack->retaddr; // jichi 1/18/2015: dynamically find function return address + i = 0; + while (*pw != 0xc483) { // add esp, $ + l = ::disasm(pb); + if (++i == 5) + //ConsoleOutput("Fail to detect offset."); + break; + retn += l; + } + // jichi 2/11/2015: Check baddaddr which might crash the game on Windows XP. + if (*pw == 0xc483 && !::IsBadReadPtr((LPCVOID)(pb + 2), 1) && !::IsBadReadPtr((LPCVOID)(*(pb + 2) - 8), 1)) { + ConsoleOutput("WillPlus1 pattern found"); + // jichi 1/18/2015: + // By studying [honeybee] RE:BIRTHDAY SONG, it seems the scenario text is at fixed address + // This offset might be used to find fixed address + // However, this method cannot extract character name like GetGlyphOutlineA + hp->offset = *(pb + 2) - 8; + + // Still extract the first text + //hp->type ^= EXTERN_HOOK; + char *str = *(char **)(stack->base + hp->offset); + *data = (DWORD)str; + *len = ::strlen(str); + *split = 0; // 8/3/2014 jichi: use return address as split + + } else { // jichi 1/19/2015: Try willplus2 + ConsoleOutput("WillPlus1 pattern not found, try WillPlus2 instead"); + hp->offset = 4 * 8; // arg8, address of text + hp->type = USING_STRING|NO_CONTEXT|USING_SPLIT; // merge different scenario threads + hp->split = 4 * 1; // arg1 as split to get rid of saving message + // The first text is skipped here + //char *str = *(char **)(esp_base + hp->offset); + //*data = (DWORD)str; + //*len = ::strlen(str); + } + hp->text_fun = nullptr; // stop using text_fun any more + //detect_offset = 1; +} + +// Although the new hook also works for the old game, the old hook is still used by default for compatibility +bool InsertOldWillPlusHook() +{ + //__debugbreak(); + enum { sub_esp = 0xec81 }; // jichi: caller pattern: sub esp = 0x81,0xec byte + ULONG addr = MemDbg::findCallerAddress((ULONG)::GetGlyphOutlineA, sub_esp, processStartAddress, processStopAddress); + if (!addr) { + ConsoleOutput("WillPlus: function call not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.text_fun = SpecialHookWillPlus; + hp.type = USING_STRING; + ConsoleOutput("INSERT WillPlus"); + return NewHook(hp, "WillPlus"); +} + +const char *_willplus_trim_a(const char *text, size_t *size) +{ + int textSize = ::strlen(text); + int prefix = 0; + if (text[0] == '%') { + while (prefix < textSize - 1 && text[prefix] == '%' && ::isupper(text[prefix+1])) { + prefix += 2; + while (::isupper(text[prefix])) + prefix++; + } + } + { + int pos = textSize; + for (int i = textSize - 1; i >= prefix; i--) { + char ch = text[i]; + if (::isupper(ch)) + ; + else if (ch == '%') + pos = i; + else + break; + } + int suffix = textSize - pos; + if (size) + *size = textSize - prefix - suffix; + } + return text + prefix; +} + +const wchar_t *_willplus_trim_w(const wchar_t *text, size_t *size) +{ + int textSize = ::wcslen(text); + int prefix = 0; + if (text[0] == '%') { + while (prefix < textSize - 1 && text[prefix] == '%' && ::isupper(text[prefix+1])) { + prefix += 2; + while (::isupper(text[prefix])) + prefix++; + } + } + { + int pos = textSize; + for (int i = textSize - 1; i >= prefix; i--) { + wchar_t ch = text[i]; + if (::isupper(ch)) + ; + else if (ch == '%') + pos = i; + else + break; + } + int suffix = textSize - pos; + if (size) + *size = textSize - prefix - suffix; + } + return text + prefix; +} + +void SpecialHookWillPlusA(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) +{ + int index=0; + auto text = (LPCSTR)stack->eax; + if (!text) + return; + if (index) // index == 1 is name + text -= 1024; + if (!*text) + return; + text = _willplus_trim_a(text, (size_t *)len); + *data = (DWORD)text; + *split = FIXED_SPLIT_VALUE << index; +} +bool WillPlus_extra_filter(void* data, size_t* size, HookParam*) { + + auto text = reinterpret_cast(data); + StringFilter(text, size, L"%XS", 5); // remove %XS followed by 2 chars + std::wstring str = text; + str = str.substr(0, *size /2); + strReplace(str, L"\\n", L"\n"); + std::wregex reg1(L"\\{(.*?):(.*?)\\}"); + std::wstring result1 = std::regex_replace(str, reg1, L"$1"); + + std::wregex reg11(L"\\{(.*?);(.*?)\\}"); + result1 = std::regex_replace(result1, reg11, L"$1"); + + std::wregex reg2(L"%[A-Z]+"); + result1 = std::regex_replace(result1, reg2, L""); + + + + *size = result1.size() * 2; + wcscpy(text, result1.c_str()); + return true; +}; +bool InsertWillPlusAHook() +{ + //by iov + const BYTE bytes2[] = { 0x8B,0x00,0xFF,0x76,0xFC,0x8B,0xCF,0x50 }; + ULONG range2 = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr2 = MemDbg::findBytes(bytes2, sizeof(bytes2), processStartAddress, processStartAddress + range2); + if (addr2) { + HookParam myhp; + myhp.address = addr2 + 2; + + myhp.type = CODEC_UTF16 | NO_CONTEXT | USING_STRING; + + myhp.offset=get_reg(regs::eax); + myhp.filter_fun=WillPlus_extra_filter; + char nameForUser[HOOK_NAME_SIZE] = "WillPlus3_memcpy"; + + ConsoleOutput("Insert: WillPlus3_memcpy Hook"); + return NewHook(myhp, nameForUser); + } + + const BYTE bytes[] = { + 0x81,0xec, 0x14,0x08,0x00,0x00 // 0042B5E0 81EC 14080000 SUB ESP,0x814 ; jichi: text in eax, name in eax - 1024, able to copy + }; + DWORD addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!addr) { + ConsoleOutput("WillPlusA: pattern not found"); + return false; + } + HookParam hp; + hp.address = addr; + hp.text_fun = SpecialHookWillPlusA; + hp.type = NO_CONTEXT; + hp.filter_fun = NewLineStringFilterA; // remove two characters of "\\n" + ConsoleOutput("INSERT WillPlusA"); + return NewHook(hp, "WillPlusA"); +} + +void SpecialHookWillPlusW(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) +{ + auto text = (LPCWSTR)stack->ecx; + if (!text || !*text) + return; + text = _willplus_trim_w(text, (size_t *)len); + *len *= 2; + *data = (DWORD)text; + *split = FIXED_SPLIT_VALUE << hp->user_value; +} + +bool InsertWillPlusWHook() +{ + const BYTE bytes1[] = { // scenario + 0x83,0xc0, 0x20, // 00452b02 83c0 20 add eax,0x20 ; jichi: hook before here, text in ecx + 0x33,0xd2, // 00452b05 33d2 xor edx,edx + 0x8b,0xc1, // 00452b07 8bc1 mov eax,ecx + 0xc7,0x84,0x24, 0xe0,0x01,0x00,0x00, 0x07,0x00,0x00,0x00 // 00452b09 c78424 e0010000 07000000 mov dword ptr ss:[esp+0x1e0],0x7 + // 00452b14 c78424 dc010000 00000000 mov dword ptr ss:[esp+0x1dc],0x0 + }; + const BYTE bytes2[] = { // name + 0x33,0xdb, // 00453521 33db xor ebx,ebx ; jichi: hook here, text in ecx + 0x33,0xd2, // 00453523 33d2 xor edx,edx + 0x8b,0xc1, // 00453525 8bc1 mov eax,ecx + 0xc7,0x84,0x24, 0x88,0x00,0x00,0x00, 0x07,0x00,0x00,0x00 // 00453527 c78424 88000000 07000000 mov dword ptr ss:[esp+0x88],0x7 + // 00453532 899c24 84000000 mov dword ptr ss:[esp+0x84],ebx + }; + const BYTE *bytes[] = {bytes1, bytes2}; + const size_t sizes[] = {sizeof(bytes1), sizeof(bytes2)}; + auto succ=false; + for (int i = 0; i < 2; i++) { + DWORD addr = MemDbg::findBytes(bytes[i], sizes[i], processStartAddress, processStopAddress); + if (!addr) { + ConsoleOutput("WillPlusW: pattern not found"); + return false; + } + HookParam hp; + hp.address = addr; + hp.text_fun = SpecialHookWillPlusW; + hp.type = NO_CONTEXT|CODEC_UTF16; + hp.user_value = i; + hp.filter_fun = NewLineStringFilterW; // remove two characters of "\\n" + ConsoleOutput("INSERT WillPlusW"); + succ|=NewHook(hp, "WillPlusW"); + } + return succ; +} +/* + Artikash 9/29/2018: Updated WillPlus hook + Sample games: https://vndb.org/r54549 https://vndb.org/v22705 + Not too sure about the stability of this pattern, but it works for both of the above + Hook code for first game: /HQ-8*0@43D620. This seems fairly stable: __thiscall calling convention and first member points to string + Method to find hook code: trace call stack from GetGlyphOutlineW + Disassembly from first game (damekoi). The first few instructions are actually a common function prologue: not enough to locate hook + Hooking SysAllocString also seems to work, but has some garbage + 0043D61D - C2 0800 - ret 0008 { 8 } + 0043D620 - 55 - push ebp + 0043D621 - 8B EC - mov ebp,esp + 0043D623 - 6A FF - push -01 { 255 } + 0043D625 - 68 6B6D5400 - push 00546D6B { [139] } + 0043D62A - 64 A1 00000000 - mov eax,fs:[00000000] { 0 } + 0043D630 - 50 - push eax + 0043D631 - 81 EC 30010000 - sub esp,00000130 { 304 } + 0043D637 - A1 08E05800 - mov eax,[0058E008] { [6A9138CD] } + 0043D63C - 33 C5 - xor eax,ebp + 0043D63E - 89 45 EC - mov [ebp-14],eax + 0043D641 - 53 - push ebx + 0043D642 - 56 - push esi + 0043D643 - 57 - push edi + 0043D644 - 50 - push eax + 0043D645 - 8D 45 F4 - lea eax,[ebp-0C] + 0043D648 - 64 A3 00000000 - mov fs:[00000000],eax { 0 } + 0043D64E - 8B F9 - mov edi,ecx + 0043D650 - 89 BD E8FEFFFF - mov [ebp-00000118],edi + 0043D656 - 8B 45 08 - mov eax,[ebp+08] + 0043D659 - 8B 4D 14 - mov ecx,[ebp+14] + 0043D65C - F3 0F10 45 1C - movss xmm0,[ebp+1C] + 0043D661 - 8B 5D 18 - mov ebx,[ebp+18] + 0043D664 - 89 85 10FFFFFF - mov [ebp-000000F0],eax + 0043D66A - 8B 45 10 - mov eax,[ebp+10] + 0043D66D - 89 85 08FFFFFF - mov [ebp-000000F8],eax + 0043D673 - 89 47 68 - mov [edi+68],eax + 0043D676 - 8B 45 20 - mov eax,[ebp+20] + 0043D679 - 51 - push ecx + ... +*/ +static bool InsertNewWillPlusHook() +{ + bool found = false; + const BYTE characteristicInstructions[] = + { + 0xc2, 0x08, 0, // ret 0008; Seems to always be ret 8 before the hookable function. not sure why, not sure if stable. + 0x55, // push ebp; hook here + 0x8b, 0xec, // mov ebp,esp + 0x6a, 0xff, // push -01 + 0x68, XX4, // push ? + 0x64, 0xa1, 0, 0, 0, 0, // mov eax,fs:[0] + 0x50, // push eax + 0x81, 0xec, XX4, // sub esp,? + 0xa1, XX4, // mov eax,[?] + 0x33, 0xc5, // xor eax,ebp + //0x89, 0x45, 0xec // mov [ebp-14],eax; not sure if 0x14 is stable + }; + for (auto addr : Util::SearchMemory(characteristicInstructions, sizeof(characteristicInstructions), PAGE_EXECUTE, processStartAddress, processStopAddress)) + { + HookParam hp; + hp.address = addr + 3; + hp.type = USING_STRING | CODEC_UTF16 | DATA_INDIRECT; + hp.offset=get_reg(regs::ecx); + hp.index = 0; + found|=NewHook(hp, "WillPlus2"); + } + /* + hook cmp reg,0x3000 + Sample games: + https://vndb.org/r54549 + https://vndb.org/v22705 + https://vndb.org/v24852 + https://vndb.org/v25719 + https://vndb.org/v27227 + https://vndb.org/v27385 + https://vndb.org/v34544 + https://vndb.org/v35279 + https://vndb.org/v36011 + */ + const BYTE pattern[] = + { + 0x81,XX, 0x00,0x30,0x00,0x00 // 81FE 00300000 cmp esi,0x3000 + // or 81FB 00300000 cmp ebx,0x3000 + // or 81FF 00300000 cmp edi,0x3000 + // je xx + // 8b4D A8 mov ecx,dword ptr ss:[ebp-??] hook here + // 85C9 test ecx,ecx + }; + for (auto addr : Util::SearchMemory(pattern, sizeof(pattern), PAGE_EXECUTE, processStartAddress, processStopAddress)) + { + if (*(WORD*)(addr + 0xb) != 0xC985) + continue; + + BYTE byte = *(BYTE*)(addr + 1); + regs offset = regs::invalid; + switch (byte) { + case 0xf9: + offset = regs::ecx; + break; + case 0xfa: + offset = regs::edx; + break; + case 0xfb: + offset = regs::ebx; + break; + case 0xfc: + offset = regs::esp; + break; + case 0xfd: + offset = regs::ebp; + break; + case 0xfe: + offset = regs::esi; + break; + case 0xff: + offset = regs::edi; + break; + }; + if (offset!=regs::invalid) { + HookParam hp; + hp.address = addr + 8; + hp.type = CODEC_UTF16; + hp.offset=get_reg(offset); + found|=NewHook(hp, "WillPlus3"); + } + } + if (!found) ConsoleOutput("WillPlus: failed to find instructions"); + return found; +} + +} // unnamed namespace + +bool InsertWillPlusHook() +{ + bool ok = InsertOldWillPlusHook(); + ok = InsertWillPlusWHook() || InsertNewWillPlusHook() || InsertWillPlusAHook() ||ok; + return ok; +} +namespace will3{ + +int kp = 0;int lf=0;int lc=0; +bool hookBefore(hook_stack*s,void* data, size_t* len,uintptr_t*role) +{ + // DOUT(QString::fromUtf16((LPWSTR)s->stack[6]));//"MS UI Gothic" + //DOUT(QString::fromUtf16((LPWSTR)s->stack[7]));//"���������ˤˤʤꤿ����%K%P" + auto text = (LPWSTR)s->stack[7]; // text in arg1 + + if (!text || !*text) + return false; + auto split = s->stack[0]; // retaddr + + std::wstring str =((LPWSTR)s->stack[7] ); + kp=0;lf=0; + if (endWith(str,L"%K%P")){ + kp = 1; + + str = str.substr(0, str.size() - 4); + } + if(startWith(str,L"%LF")){ + lf=1; + str=str.substr(3); + } + if(startWith(str,L"%LC")){ + lc=1; + str=str.substr(3); + } + std::wregex reg1(L"\\{(.*?):(.*?)\\}"); + str = std::regex_replace(str, reg1, L"$1"); + + std::wregex reg11(L"\\{(.*?);(.*?)\\}"); + str = std::regex_replace(str, reg11, L"$1"); + + wcscpy((wchar_t*)data,str.c_str()); + *len=str.size()*2; + return true; + +} +void hookafter(hook_stack*s,void* data, size_t len){ + auto data_ =std::wstring((wchar_t*)data,len/2);// EngineController::instance()->dispatchTextWSTD(innner, Engine::ScenarioRole, 0); + if (kp) { + data_.append(L"%K%P"); + } + if(lf){ + data_=L"%LF"+data_; + }if(lc){ + data_=L"%LC"+data_; + } + s->stack[7] = (ULONG)(data_.c_str()); +} +} +bool InsertWillPlus4Hook() { + //星の乙女と六華の姉妹 + const BYTE bytes[] = { + 0xc7,0x45,0xfc,0x00,0x00,0x00,0x00, + 0x33,0xc9, + 0xc7,0x47,0x78,0x00,0x00,0x00,0x00 + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + + if (addr == 0)return false; + + addr = MemDbg::findEnclosingFunctionBeforeDword(0x83dc8b53, addr, MemDbg::MaximumFunctionSize, 1); + + if (addr == 0)return false; + HookParam hp; + hp.address = addr; + hp.offset =get_stack(7); + //hp.filter_fun = WillPlus_extra_filter; + hp.type = USING_STRING|CODEC_UTF16|EMBED_ABLE; + hp.hook_before=will3::hookBefore; + hp.newlineseperator=L"\\n"; + hp.hook_after=will3::hookafter; + return NewHook(hp, "EmbedWillplus3"); +} +bool InsertWillPlus5Hook() { + //ensemble 29th Project『乙女の剣と秘めごとコンチェルト』オフィシャルサイト 体验版 + + const BYTE bytes[] = { + 0x3d,XX2,0x00,0x00, + 0x72,XX, + 0x3d,XX2,0x00,0x00, + 0x77 + }; + /*if (v26 >= 0xE63E) + { + if (v26 <= 0xE757)*/ + /*3D 3E E6 00 00 cmp eax, 0E63Eh +.text:0040A24B 72 6C jb short loc_40A2B9 +.text : 0040A24B +.text : 0040A24D 3D 57 E7 00 00 cmp eax, 0E757h +.text : 0040A252 77 71 ja short loc_40A2C5*/ + + bool ok=false; + auto addrs= Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE, processStartAddress, processStopAddress); + for (auto addr : addrs) { + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::eax); + hp.type = CODEC_UTF16; + ConsoleOutput("INSERT WillPlus_extra2"); + ok|=NewHook(hp, "WillPlus_extra2"); + } + return ok; +} +bool insertwillplus6(){ + +/* 0x00492870 +0: 50 push eax +1: b8 01 00 00 00 mov eax,0x1 +6: 8d 74 24 18 lea esi,[esp+0x18] +a: e8 f1 f5 f6 ff call 0xfff6f600 +f: 6a 01 push 0x1 +11: 68 7c 47 55 00 push 0x55477c +16: 33 c0 xor eax,eax +18: 8b d6 mov edx,esi +1a: e8 21 8c f7 ff call 0xfff78c40 +//hook after call,但有的句子没有 +1f: 83 f8 ff cmp eax,0xffffffff +22: 75 dc jne 0x0 +//这里 +24: 8d 44 24 14 lea eax,[esp+0x14] +28: 8b cd mov ecx,ebp +2a: e8 81 f3 04 00 call 0x4f3b0 +2f: 83 7c 24 2c 08 cmp DWORD PTR [esp+0x2c],0x8 +34: 8b f0 mov esi,eax +36: 72 0d jb 0x45 +38: 8b 44 24 18 mov eax,DWORD PTR [esp+0x18] +3c: 50 push eax +3d: e8 5e d6 09 00 call 0x9d6a0 +42: 83 c4 04 add esp,0x4 +45: 33 c9 xor ecx,ecx +47: c7 44 24 2c 07 00 00 mov DWORD PTR [esp+0x2c],0x7 +*/ +//想いを捧げる乙女のメロディー + const BYTE bytes[] = { + 0x6a,0x01, + 0x68,0x7c,0x47,0x55,0x00, + 0x33,0xc0, + 0x8b,0xd6, + 0xe8,XX4, + 0x83,0xf8, + 0xff,0x75,0xdc + }; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + + if(addr==0)return false; + addr+=sizeof(bytes); + ConsoleOutput("%p %p %p",addr,processStartAddress, processStopAddress); + HookParam hp; + hp.address = addr; + hp.offset = get_stack(6); + hp.type = CODEC_UTF16|USING_STRING; + ConsoleOutput("INSERT WillPlus6"); + return NewHook(hp, "WillPlus6"); +} +bool willX(){ +//世界でいちばんNGな恋 +// .text:0040EAE9 81 FE 94 81 00 00 cmp esi, 8194h +// .text:0040EAEF 74 2C jz short loc_40EB1D +// .text:0040EAEF +// .text:0040EAF1 81 FE 74 84 00 00 cmp esi, 8474h +// .text:0040EAF7 74 24 jz short loc_40EB1D +// .text:0040EAF7 +// .text:0040EAF9 81 FE 97 81 00 00 cmp esi, 8197h +// .text:0040EAFF 74 1C jz short loc_40EB1D +// .text:0040EAFF +// .text:0040EB01 81 FE 90 81 00 00 cmp esi, 8190h +// .text:0040EB07 74 14 jz short loc_40EB1D +// .text:0040EB07 +// .text:0040EB09 81 FE 59 81 00 00 cmp esi, 8159h +// .text:0040EB0F 74 0C jz short loc_40EB1D +// .text:0040EB0F +// .text:0040EB11 81 FE 96 81 00 00 cmp esi, 8196h +// .text:0040EB17 0F 85 FF 00 00 00 jnz loc_40EC1C + const BYTE bytes[] = { + 0x81,0xFE,0x94,0x81,0x00,0x00, + 0x74,XX, + 0x81,0xFE,0x74,0x84,0x00,0x00, + 0x74,XX, + 0x81,0xFE,0x97,0x81,0x00,0x00, + 0x74,XX, + 0x81,0xFE,0x90,0x81,0x00,0x00, + 0x74,XX, + 0x81,0xFE,0x59,0x81,0x00,0x00, + 0x74,XX, + 0x81,0xFE,0x96,0x81,0x00,0x00 + }; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + + if(addr==0)return false; + auto succ=false; + { + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::esi); + hp.type =NO_CONTEXT|CODEC_ANSI_BE; + succ|=NewHook(hp, "willAN"); + } + + addr=MemDbg::findEnclosingAlignedFunction(addr); + + if(addr ) + { + HookParam hp; + hp.address = addr; + hp.offset =get_stack(7); + hp.type =USING_STRING; + succ|=NewHook(hp, "willS"); + } + return succ; +} + + + + + + +namespace { // unnamed + +// Sample prefix: %LF +// Sample suffix: %L%P%W +template +strT trim(strT text, int *size) +{ + int length = *size; + if (text[0] == '%') { // handle prefix + int pos = 0; + while (pos < length - 1 && text[pos] == '%' && ::isupper(text[pos+1])) { + pos += 2; + while (::isupper(text[pos])) + pos++; + } + if (pos) { + length -= pos; + text += pos; + } + } + { // handle suffix + int pos = length; + for (int i = length - 1; i >= 0; i--) { + if (::isupper(text[i])) + ; + else if (text[i] == '%' && ::isupper(text[i+1])) + pos = i; + else + break; + } + length = pos; + } + *size = length; + return text; +} +struct textinfo{ + std::wstring text_; + int stackIndex_; + int role_; + }; +std::unordered_mapsavetyperef; +namespace TextHookW +{ + + // typedef TextHookW Self; + + template + bool hookBefore(hook_stack*s,void* data, size_t* len,uintptr_t*role) + { + auto info=savetyperef.at(idx); + enum { sig = 0 }; + auto text = (LPCWSTR)s->stack[info->stackIndex_]; + if (!text || !*text) + return false; + int size = ::wcslen(text), + trimmedSize = size; + auto trimmedText = trim(text, &trimmedSize); + if (!trimmedSize || !*trimmedText) + return false; + std::wstring oldText = std::wstring(trimmedText, trimmedSize); + wcscpy((LPWSTR)data,oldText.c_str());*len=oldText.size()*2; + + return true; + } + template + void hookafter(hook_stack*s,void* data, size_t len){ + auto newText =std::wstring((LPWSTR)data,len/2); + auto info=savetyperef.at(idx); + enum { sig = 0 }; + auto text = (LPCWSTR)s->stack[info->stackIndex_]; + if (!text || !*text) + return ; + int size = ::wcslen(text), + trimmedSize = size; + auto trimmedText = trim(text, &trimmedSize); + if (!trimmedSize || !*trimmedText) + return ; + std::wstring oldText = std::wstring(trimmedText, trimmedSize); + if (newText == oldText) + return ; + int prefixSize = trimmedText - text, + suffixSize = size - prefixSize - trimmedSize; + if (prefixSize) + newText.insert(0, std::wstring(text, prefixSize)); + if (suffixSize) + newText.append(std::wstring(trimmedText + trimmedSize, suffixSize)); + info->text_ = newText; + s->stack[info->stackIndex_] = (ULONG)info->text_.c_str(); + } + // explicit TextHookW(int hookStackIndex, int role = Engine::UnknownRole) : stackIndex_(hookStackIndex), role_(role) {} + template< int _type> + bool attach(const uint8_t *pattern, size_t patternSize, ULONG startAddress, ULONG stopAddress,int hookStackIndex, int role = Engine::UnknownRole) + { + ULONG addr = MemDbg::findBytes(pattern, patternSize, startAddress, stopAddress); + if(addr==0)return false; + HookParam hp; + hp.address=addr; + auto _tinfo=new textinfo{}; + _tinfo->role_=role; + _tinfo->stackIndex_=hookStackIndex; + savetyperef[_type]=_tinfo; + hp.hook_before=hookBefore<_type>; + hp.type=EMBED_ABLE|CODEC_UTF16; + hp.newlineseperator=L"\\n"; + hp.hook_after=hookafter<_type>; + hp.hook_font=F_MultiByteToWideChar|F_GetGlyphOutlineW; + char _[]="EmbedWillplusW0"; + _[sizeof(_)-2]+=_type; + return NewHook(hp,_); + } +}; + +/** + * Sample game: なついろレシピ + * See: http://capita.tistory.com/m/post/251 + * + * Scenario: + * 00452A8F 77 05 JA SHORT .00452A96 + * 00452A91 E8 A25B0B00 CALL .00508638 ; JMP to msvcr90._invalid_parameter_noinfo + * 00452A96 8B43 0C MOV EAX,DWORD PTR DS:[EBX+0xC] + * 00452A99 8B48 18 MOV ECX,DWORD PTR DS:[EAX+0x18] + * 00452A9C 83C0 10 ADD EAX,0x10 + * 00452A9F 33D2 XOR EDX,EDX + * 00452AA1 8BC1 MOV EAX,ECX + * 00452AA3 C78424 C4010000 >MOV DWORD PTR SS:[ESP+0x1C4],0x7 + * 00452AAE C78424 C0010000 >MOV DWORD PTR SS:[ESP+0x1C0],0x0 + * 00452AB9 66:899424 B00100>MOV WORD PTR SS:[ESP+0x1B0],DX + * 00452AC1 8D70 02 LEA ESI,DWORD PTR DS:[EAX+0x2] + * 00452AC4 66:8B10 MOV DX,WORD PTR DS:[EAX] + * 00452AC7 83C0 02 ADD EAX,0x2 + * 00452ACA 66:85D2 TEST DX,DX + * 00452ACD ^75 F5 JNZ SHORT .00452AC4 + * 00452ACF 2BC6 SUB EAX,ESI + * 00452AD1 D1F8 SAR EAX,1 + * 00452AD3 50 PUSH EAX + * 00452AD4 51 PUSH ECX + * 00452AD5 8DB424 B4010000 LEA ESI,DWORD PTR SS:[ESP+0x1B4] + * 00452ADC E8 DF4DFBFF CALL .004078C0 + * 00452AE1 C68424 B8020000 >MOV BYTE PTR SS:[ESP+0x2B8],0x8 + * 00452AE9 8B43 10 MOV EAX,DWORD PTR DS:[EBX+0x10] + * 00452AEC 2B43 0C SUB EAX,DWORD PTR DS:[EBX+0xC] + * 00452AEF C1F8 04 SAR EAX,0x4 + * 00452AF2 83F8 02 CMP EAX,0x2 + * 00452AF5 77 05 JA SHORT .00452AFC + * 00452AF7 E8 3C5B0B00 CALL .00508638 ; JMP to msvcr90._invalid_parameter_noinfo + * 00452AFC 8B43 0C MOV EAX,DWORD PTR DS:[EBX+0xC] + * 00452AFF 8B48 28 MOV ECX,DWORD PTR DS:[EAX+0x28] + * 00452B02 83C0 20 ADD EAX,0x20 ; jichi: hook before here, text in ecx + * 00452B05 33D2 XOR EDX,EDX + * 00452B07 8BC1 MOV EAX,ECX + * 00452B09 C78424 E0010000 07000000 MOV DWORD PTR SS:[ESP+0x1E0],0x7 ; jichi: key pattern is here, text in eax + * 00452B14 C78424 DC010000 00000000 MOV DWORD PTR SS:[ESP+0x1DC],0x0 + * 00452B27 8D70 02 LEA ESI,DWORD PTR DS:[EAX+0x2] + * 00452B2A 33DB XOR EBX,EBX + * 00452B2C 8D6424 00 LEA ESP,DWORD PTR SS:[ESP] + * 00452B30 66:8B10 MOV DX,WORD PTR DS:[EAX] + * 00452B33 83C0 02 ADD EAX,0x2 + * 00452B36 66:3BD3 CMP DX,BX + * 00452B39 ^75 F5 JNZ SHORT .00452B30 + * 00452B3B 2BC6 SUB EAX,ESI + * 00452B3D D1F8 SAR EAX,1 + * 00452B3F 50 PUSH EAX + * 00452B40 51 PUSH ECX + * 00452B41 8DB424 D0010000 LEA ESI,DWORD PTR SS:[ESP+0x1D0] + * 00452B48 E8 734DFBFF CALL .004078C0 + * 00452B4D C68424 B8020000 >MOV BYTE PTR SS:[ESP+0x2B8],0x9 + * 00452B55 895C24 1C MOV DWORD PTR SS:[ESP+0x1C],EBX + * 00452B59 395C24 14 CMP DWORD PTR SS:[ESP+0x14],EBX + * 00452B5D 0F84 77080000 JE .004533DA + * 00452B63 BE 07000000 MOV ESI,0x7 + * 00452B68 33C0 XOR EAX,EAX + * 00452B6A 895C24 20 MOV DWORD PTR SS:[ESP+0x20],EBX + * 00452B6E 89B424 FC010000 MOV DWORD PTR SS:[ESP+0x1FC],ESI + * 00452B75 899C24 F8010000 MOV DWORD PTR SS:[ESP+0x1F8],EBX + * 00452B7C 66:898424 E80100>MOV WORD PTR SS:[ESP+0x1E8],AX + * 00452B84 8D4C24 3C LEA ECX,DWORD PTR SS:[ESP+0x3C] + * 00452B88 51 PUSH ECX + * 00452B89 C68424 BC020000 >MOV BYTE PTR SS:[ESP+0x2BC],0xA + * 00452B91 E8 7AACFCFF CALL .0041D810 + * 00452B96 C68424 B8020000 >MOV BYTE PTR SS:[ESP+0x2B8],0xB + * 00452B9E 399C24 C0010000 CMP DWORD PTR SS:[ESP+0x1C0],EBX + * 00452BA5 0F84 BB020000 JE .00452E66 + * 00452BAB 81C7 14010000 ADD EDI,0x114 + */ +bool attachScenarioHookW1(ULONG startAddress, ULONG stopAddress) +{ + // ECX PTR: 83 C0 20 33 D2 8B C1 C7 84 24 E0 01 00 00 07 00 00 00 + const uint8_t bytes[] = { + 0x83,0xc0, 0x20, // 00452b02 83c0 20 add eax,0x20 ; jichi: hook before here, text in ecx + 0x33,0xd2, // 00452b05 33d2 xor edx,edx + 0x8b,0xc1, // 00452b07 8bc1 mov eax,ecx + 0xc7,0x84,0x24, 0xe0,0x01,0x00,0x00, 0x07,0x00,0x00,0x00 // 00452b09 c78424 e0010000 07000000 mov dword ptr ss:[esp+0x1e0],0x7 + // 00452b14 c78424 dc010000 00000000 mov dword ptr ss:[esp+0x1dc],0x0 + }; + int ecx = get_reg(regs::ecx)/4; + return TextHookW::attach<1>(bytes, sizeof(bytes), startAddress, stopAddress,ecx,Engine::ScenarioRole); +} + +/** + * 1/9/2016: 見上げてごらん、夜空の星を 体験版 + * + * 0045580D C68424 B8020000 08 MOV BYTE PTR SS:[ESP+0x2B8],0x8 + * 00455815 8B47 10 MOV EAX,DWORD PTR DS:[EDI+0x10] + * 00455818 2B47 0C SUB EAX,DWORD PTR DS:[EDI+0xC] + * 0045581B C1F8 04 SAR EAX,0x4 + * 0045581E 83F8 02 CMP EAX,0x2 + * 00455821 77 05 JA SHORT .00455828 + * 00455823 E8 A0F70B00 CALL .00514FC8 ; JMP to msvcr90._invalid_parameter_noinfo + * 00455828 8B7F 0C MOV EDI,DWORD PTR DS:[EDI+0xC] + * 0045582B 83C7 20 ADD EDI,0x20 + * 0045582E 8B7F 08 MOV EDI,DWORD PTR DS:[EDI+0x8] + * 00455831 33C9 XOR ECX,ECX + * 00455833 8BC7 MOV EAX,EDI ; jichi: hook befoe here, text in eax assigned from edi + * 00455835 C78424 E0010000 07000000 MOV DWORD PTR SS:[ESP+0x1E0],0x7 ; jichi: key pattern is here, text i eax + * 00455840 899C24 DC010000 MOV DWORD PTR SS:[ESP+0x1DC],EBX + * 00455847 66:898C24 CC010000 MOV WORD PTR SS:[ESP+0x1CC],CX + * 0045584F 8D50 02 LEA EDX,DWORD PTR DS:[EAX+0x2] + * 00455852 66:8B08 MOV CX,WORD PTR DS:[EAX] + * 00455855 83C0 02 ADD EAX,0x2 + * 00455858 66:3BCB CMP CX,BX + * 0045585B ^75 F5 JNZ SHORT .00455852 + * 0045585D 2BC2 SUB EAX,EDX + * 0045585F D1F8 SAR EAX,1 + * 00455861 50 PUSH EAX + * 00455862 57 PUSH EDI + * 00455863 8DB424 D0010000 LEA ESI,DWORD PTR SS:[ESP+0x1D0] + * 0045586A E8 2120FBFF CALL .00407890 + * 0045586F C68424 B8020000 09 MOV BYTE PTR SS:[ESP+0x2B8],0x9 + * 00455877 895C24 30 MOV DWORD PTR SS:[ESP+0x30],EBX + * 0045587B 395C24 18 CMP DWORD PTR SS:[ESP+0x18],EBX + * 0045587F 0F84 D1080000 JE .00456156 + * 00455885 33D2 XOR EDX,EDX + * 00455887 895C24 24 MOV DWORD PTR SS:[ESP+0x24],EBX + * 0045588B C78424 FC010000 07000000 MOV DWORD PTR SS:[ESP+0x1FC],0x7 + * 00455896 899C24 F8010000 MOV DWORD PTR SS:[ESP+0x1F8],EBX + * 0045589D 66:899424 E8010000 MOV WORD PTR SS:[ESP+0x1E8],DX + * 004558A5 8D4424 3C LEA EAX,DWORD PTR SS:[ESP+0x3C] + */ +bool attachScenarioHookW2(ULONG startAddress, ULONG stopAddress) +{ + // key pattern: C78424 E0010000 07000000 + const uint8_t bytes[] = { + 0x8b,0xc7, // 00455833 8bc7 mov eax,edi ; jichi: text in eax assigned from edi + 0xc7,0x84,0x24, 0xe0,0x01,0x00,0x00, 0x07,0x00,0x00,0x00 // 00455835 c78424 e0010000 07000000 mov dword ptr ss:[esp+0x1e0],0x7 ; jichi: key pattern is here, text i eax + }; + int edi = get_reg(regs::edi)/4; + return TextHookW::attach<2>(bytes, sizeof(bytes), startAddress, stopAddress,edi,Engine::ScenarioRole); + +} +/** + * Sample game: なついろレシピ + * See: http://capita.tistory.com/m/post/251 + * + * Name: + * + * 004534FA 64:A3 00000000 MOV DWORD PTR FS:[0],EAX + * 00453500 8B75 14 MOV ESI,DWORD PTR SS:[EBP+0x14] + * 00453503 8B46 10 MOV EAX,DWORD PTR DS:[ESI+0x10] + * 00453506 2B46 0C SUB EAX,DWORD PTR DS:[ESI+0xC] + * 00453509 8BF9 MOV EDI,ECX + * 0045350B C1F8 04 SAR EAX,0x4 + * 0045350E 897C24 14 MOV DWORD PTR SS:[ESP+0x14],EDI + * 00453512 85C0 TEST EAX,EAX + * 00453514 77 05 JA SHORT .0045351B + * 00453516 E8 1D510B00 CALL .00508638 ; JMP to msvcr90._invalid_parameter_noinfo + * 0045351B 8B76 0C MOV ESI,DWORD PTR DS:[ESI+0xC] + * 0045351E 8B4E 08 MOV ECX,DWORD PTR DS:[ESI+0x8] + * 00453521 33DB XOR EBX,EBX ; jichi: hook here, text in ecx + * 00453523 33D2 XOR EDX,EDX + * 00453525 8BC1 MOV EAX,ECX + * 00453527 C78424 88000000 07000000 MOV DWORD PTR SS:[ESP+0x88],0x7 + * 00453532 899C24 84000000 MOV DWORD PTR SS:[ESP+0x84],EBX + * 00453539 66:895424 74 MOV WORD PTR SS:[ESP+0x74],DX + * 0045353E 8D70 02 LEA ESI,DWORD PTR DS:[EAX+0x2] + * 00453541 66:8B10 MOV DX,WORD PTR DS:[EAX] + * 00453544 83C0 02 ADD EAX,0x2 + * 00453547 66:3BD3 CMP DX,BX + * 0045354A ^75 F5 JNZ SHORT .00453541 + * 0045354C 2BC6 SUB EAX,ESI + * 0045354E D1F8 SAR EAX,1 + * 00453550 50 PUSH EAX + * 00453551 51 PUSH ECX + * 00453552 8D7424 78 LEA ESI,DWORD PTR SS:[ESP+0x78] + * 00453556 E8 6543FBFF CALL .004078C0 + * 0045355B 899C24 70010000 MOV DWORD PTR SS:[ESP+0x170],EBX + * 00453562 A1 DCAA5500 MOV EAX,DWORD PTR DS:[0x55AADC] + * 00453567 894424 1C MOV DWORD PTR SS:[ESP+0x1C],EAX + * 0045356B B8 0F000000 MOV EAX,0xF + * 00453570 894424 6C MOV DWORD PTR SS:[ESP+0x6C],EAX + * 00453574 895C24 68 MOV DWORD PTR SS:[ESP+0x68],EBX + * 00453578 885C24 58 MOV BYTE PTR SS:[ESP+0x58],BL + * 0045357C 894424 50 MOV DWORD PTR SS:[ESP+0x50],EAX + * 00453580 895C24 4C MOV DWORD PTR SS:[ESP+0x4C],EBX + * 00453584 885C24 3C MOV BYTE PTR SS:[ESP+0x3C],BL + * 00453588 C68424 70010000 02 MOV BYTE PTR SS:[ESP+0x170],0x2 + * 00453590 8B8424 84000000 MOV EAX,DWORD PTR SS:[ESP+0x84] + * 00453597 8BF0 MOV ESI,EAX + * 00453599 3BC3 CMP EAX,EBX + * 0045359B 74 3D JE SHORT .004535DA + * 0045359D 83BC24 88000000 08 CMP DWORD PTR SS:[ESP+0x88],0x8 + * 004535A5 8B5424 74 MOV EDX,DWORD PTR SS:[ESP+0x74] + * 004535A9 73 04 JNB SHORT .004535AF + * 004535AB 8D5424 74 LEA EDX,DWORD PTR SS:[ESP+0x74] + */ +bool attachNameHookW(ULONG startAddress, ULONG stopAddress) +{ + // ECX PTR: 33 DB 33 D2 8B C1 C7 84 24 88 00 00 00 07 00 00 00 + const uint8_t bytes[] = { + 0x33,0xdb, // 00453521 33db xor ebx,ebx ; jichi: hook here, text in ecx + 0x33,0xd2, // 00453523 33d2 xor edx,edx + 0x8b,0xc1, // 00453525 8bc1 mov eax,ecx + 0xc7,0x84,0x24, 0x88,0x00,0x00,0x00, 0x07,0x00,0x00,0x00 // 00453527 c78424 88000000 07000000 mov dword ptr ss:[esp+0x88],0x7 + // 00453532 899c24 84000000 mov dword ptr ss:[esp+0x84],ebx + }; + + int ecx = get_reg(regs::ecx)/4; + return TextHookW::attach<3>(bytes, sizeof(bytes), startAddress, stopAddress,ecx,Engine::NameRole); + +} + +/** + * Sample game: なついろレシピ + * See: http://capita.tistory.com/m/post/251 + * + * Choice: + * 00470D95 72 05 JB SHORT .00470D9C + * 00470D97 E8 9C780900 CALL .00508638 ; JMP to msvcr90._invalid_parameter_noinfo + * 00470D9C 8BB5 EC020000 MOV ESI,DWORD PTR SS:[EBP+0x2EC] + * 00470DA2 037424 14 ADD ESI,DWORD PTR SS:[ESP+0x14] + * 00470DA6 8B4E 10 MOV ECX,DWORD PTR DS:[ESI+0x10] + * 00470DA9 2B4E 0C SUB ECX,DWORD PTR DS:[ESI+0xC] + * 00470DAC C1F9 04 SAR ECX,0x4 + * 00470DAF 83F9 01 CMP ECX,0x1 + * 00470DB2 77 05 JA SHORT .00470DB9 + * 00470DB4 E8 7F780900 CALL .00508638 ; JMP to msvcr90._invalid_parameter_noinfo + * 00470DB9 8B46 0C MOV EAX,DWORD PTR DS:[ESI+0xC] + * 00470DBC 8B50 18 MOV EDX,DWORD PTR DS:[EAX+0x18] + * 00470DBF 83C0 10 ADD EAX,0x10 ; jichi: text in edx + * 00470DC2 52 PUSH EDX + * 00470DC3 8D8C24 7C040000 LEA ECX,DWORD PTR SS:[ESP+0x47C] + * 00470DCA 8D7424 4C LEA ESI,DWORD PTR SS:[ESP+0x4C] + * 00470DCE E8 EDA3F9FF CALL .0040B1C0 + * 00470DD3 83C4 04 ADD ESP,0x4 + * 00470DD6 6A FF PUSH -0x1 + * 00470DD8 53 PUSH EBX + * 00470DD9 50 PUSH EAX + * 00470DDA 8D8424 84040000 LEA EAX,DWORD PTR SS:[ESP+0x484] + * 00470DE1 C68424 B0040000 07 MOV BYTE PTR SS:[ESP+0x4B0],0x7 + * 00470DE9 E8 1251F9FF CALL .00405F00 + * 00470DEE BE 08000000 MOV ESI,0x8 + * 00470DF3 C68424 A4040000 06 MOV BYTE PTR SS:[ESP+0x4A4],0x6 + * 00470DFB 397424 60 CMP DWORD PTR SS:[ESP+0x60],ESI + * 00470DFF 72 0D JB SHORT .00470E0E + * 00470E01 8B4424 4C MOV EAX,DWORD PTR SS:[ESP+0x4C] + * 00470E05 50 PUSH EAX + * 00470E06 E8 65770900 CALL .00508570 ; JMP to msvcr90.??3@YAXPAX@Z + * 00470E0B 83C4 04 ADD ESP,0x4 + * 00470E0E 8B9424 7C040000 MOV EDX,DWORD PTR SS:[ESP+0x47C] + * 00470E15 33C9 XOR ECX,ECX + * 00470E17 C74424 60 07000000 MOV DWORD PTR SS:[ESP+0x60],0x7 + * 00470E1F 895C24 5C MOV DWORD PTR SS:[ESP+0x5C],EBX + * 00470E23 66:894C24 4C MOV WORD PTR SS:[ESP+0x4C],CX + * 00470E28 39B424 90040000 CMP DWORD PTR SS:[ESP+0x490],ESI + * 00470E2F 73 07 JNB SHORT .00470E38 + * 00470E31 8D9424 7C040000 LEA EDX,DWORD PTR SS:[ESP+0x47C] + * 00470E38 8B8424 44040000 MOV EAX,DWORD PTR SS:[ESP+0x444] + * 00470E3F B9 10000000 MOV ECX,0x10 + * 00470E44 398C24 58040000 CMP DWORD PTR SS:[ESP+0x458],ECX + * 00470E4B 73 07 JNB SHORT .00470E54 + * 00470E4D 8D8424 44040000 LEA EAX,DWORD PTR SS:[ESP+0x444] + * 00470E54 398C24 74040000 CMP DWORD PTR SS:[ESP+0x474],ECX + * 00470E5B 8B8C24 60040000 MOV ECX,DWORD PTR SS:[ESP+0x460] + */ +bool attachOtherHookW(ULONG startAddress, ULONG stopAddress) +{ + // EDX PTR : 83 C0 10 52 8D 8C 24 7C 04 00 00 8D 74 24 4C + const uint8_t bytes[] = { + 0x83,0xc0, 0x10, // 00470dbf 83c0 10 add eax,0x10 ; jichi: text in edx + 0x52, // 00470dc2 52 push edx + 0x8d,0x8c,0x24, 0x7c,0x04,0x00,0x00, // 00470dc3 8d8c24 7c040000 lea ecx,dword ptr ss:[esp+0x47c] + 0x8d,0x74,0x24, 0x4c // 00470dca 8d7424 4c lea esi,dword ptr ss:[esp+0x4c] + }; + + int edx = get_reg(regs::edx)/4; + return TextHookW::attach<4>(bytes, sizeof(bytes), startAddress, stopAddress,edx,Engine::OtherRole); + +} + +namespace PatchA { + +namespace Private { + // The second argument is always 0 and not used + bool isLeadByteChar(int ch, int) + { + return dynsjis::isleadchar(ch); + //return ::IsDBCSLeadByte(HIBYTE(testChar)); + } + +} // namespace Private + +/** + * Sample game: Re:BIRTHDAY SONG + * + * 0x8140 is found by tracing the call of the caller of GetGlyphOutlineA. + + * 00487F8D 25 FF7F0000 AND EAX,0x7FFF + * 00487F92 C3 RETN + * 00487F93 8BFF MOV EDI,EDI + * 00487F95 55 PUSH EBP + * 00487F96 8BEC MOV EBP,ESP + * 00487F98 83EC 10 SUB ESP,0x10 + * 00487F9B FF75 0C PUSH DWORD PTR SS:[EBP+0xC] + * 00487F9E 8D4D F0 LEA ECX,DWORD PTR SS:[EBP-0x10] + * 00487FA1 E8 02EEFFFF CALL .00486DA8 + * 00487FA6 8B45 08 MOV EAX,DWORD PTR SS:[EBP+0x8] + * 00487FA9 C1E8 08 SHR EAX,0x8 + * 00487FAC 0FB6C8 MOVZX ECX,AL + * 00487FAF 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-0xC] + * 00487FB2 F64401 1D 04 TEST BYTE PTR DS:[ECX+EAX+0x1D],0x4 + * 00487FB7 74 10 JE SHORT .00487FC9 + * 00487FB9 0FB64D 08 MOVZX ECX,BYTE PTR SS:[EBP+0x8] + * 00487FBD F64401 1D 08 TEST BYTE PTR DS:[ECX+EAX+0x1D],0x8 + * 00487FC2 74 05 JE SHORT .00487FC9 + * 00487FC4 33C0 XOR EAX,EAX + * 00487FC6 40 INC EAX + * 00487FC7 EB 02 JMP SHORT .00487FCB + * 00487FC9 33C0 XOR EAX,EAX + * 00487FCB 807D FC 00 CMP BYTE PTR SS:[EBP-0x4],0x0 + * 00487FCF 74 07 JE SHORT .00487FD8 + * 00487FD1 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-0x8] + * 00487FD4 8361 70 FD AND DWORD PTR DS:[ECX+0x70],0xFFFFFFFD + * 00487FD8 C9 LEAVE + * 00487FD9 C3 RETN + * 00487FDA 8BFF MOV EDI,EDI ; jichi: called here, text in arg1 + * 00487FDC 55 PUSH EBP + * 00487FDD 8BEC MOV EBP,ESP + * 00487FDF 6A 00 PUSH 0x0 + * 00487FE1 FF75 08 PUSH DWORD PTR SS:[EBP+0x8] + * 00487FE4 E8 AAFFFFFF CALL .00487F93 ; jichi: called here + * 00487FE9 59 POP ECX + * 00487FEA 59 POP ECX + * 00487FEB 5D POP EBP + * 00487FEC C3 RETN + */ +using ulong=ULONG; +#define s1_call_ 0xe8 // near call, incomplete +#define s1_nop 0x90 // nop + +bool csmemcpy(void *dst, const void *src, size_t size) +{ + //return memcpy_(dst, src, size); + + DWORD oldProtect; + if (!::VirtualProtect(dst, size, PAGE_EXECUTE_READWRITE, &oldProtect)) + return false; + //HANDLE hProc = OpenProcess(PROCESS_VM_OPERATION|PROCESS_VM_READ|PROCESS_VM_WRITE, FALSE, ::GetCurrentProcessId()); + //VirtualProtectEx(hProc, dst, size, PAGE_EXECUTE_READWRITE, &oldProtect); + + memcpy(dst, src, size); + + DWORD newProtect; + ::VirtualProtect(dst, size, oldProtect, &newProtect); // the error code is not checked for this function + //hProc = OpenProcess(PROCESS_VM_OPERATION|PROCESS_VM_READ|PROCESS_VM_WRITE, FALSE, ::GetCurrentProcessId()); + //VirtualProtectEx(hProc, dst, size, oldProtect, &newProtect); + + return true; +} +ulong replace_near_call(ulong addr, ulong val) +{ + DWORD ret; + switch (::disasm((LPCVOID)addr)) { + case 5: // near call / short jmp: relative address + ret = *(DWORD *)(addr + 1) + (addr + 5); + val -= addr + 5; + return csmemcpy((LPVOID)(addr + 1), &val, sizeof(val)) ? ret : 0; + case 6: // far car / long jmp: absolute address + { + ret = *(DWORD *)(addr + 2); + BYTE data[6]; + data[0] = s1_call_; + data[5] = s1_nop; + *(DWORD *)(data + 1) = val - (addr + 5); + return csmemcpy((LPVOID)addr, data, sizeof(data)) ? ret : 0; + } + default: return 0; + } +} +ULONG patchEncoding(ULONG startAddress, ULONG stopAddress) +{ + const uint8_t bytes[] = { + 0x6a, 0x00, // 00487fdf 6a 00 push 0x0 + 0xff,0x75, 0x08, // 00487fe1 ff75 08 push dword ptr ss:[ebp+0x8] + 0xe8, 0xaa,0xff,0xff,0xff // 00487fe4 e8 aaffffff call .00487f93 ; jichi: called here + }; + enum { addr_offset = 5 }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + + return addr ;//&& replace_near_call(addr + addr_offset, (ULONG)Private::isLeadByteChar); +} + +} // namespace PatchA + +namespace ScenarioHookA { + +namespace Private { +/* + void dispatch(LPSTR text, int role) + { + enum { sig = 0 }; + if (!Engine::isAddressWritable(text) || !*text) // isAddressWritable is not needed for correct games + return; + int size = ::strlen(text), + trimmedSize = size; + auto trimmedText = trim(text, &trimmedSize); + if (!trimmedSize || !*trimmedText) + return; + std::string oldData(trimmedText, trimmedSize), + newData = EngineController::instance()->dispatchTextASTD(oldData, role, sig); + if (newData == oldData) + return; + if (trimmedText[trimmedSize]) + newData.append(trimmedText + trimmedSize); //, size - trimmedSize - (trimmedText - text)); + ::strcpy(text, newData.c_str()); + } +*/ + bool hookBefore(hook_stack*s,void* data, size_t* len,uintptr_t*role) + { + auto text = (LPSTR)s->eax; + if (!text) + return false; + // dispatch(text - 1024, Engine::NameRole); + // dispatch(text, Engine::ScenarioRole); + + enum { sig = 0 }; + if (!Engine::isAddressWritable(text) || !*text) // isAddressWritable is not needed for correct games + return false; + int size = ::strlen(text), + trimmedSize = size; + auto trimmedText = trim(text, &trimmedSize); + if (!trimmedSize || !*trimmedText) + return false; + std::string oldData(trimmedText, trimmedSize); + + strcpy((char*)data,oldData.c_str()); + *len=oldData.size(); + return true; + /*newData = EngineController::instance()->dispatchTextASTD(oldData, role, sig); + if (newData == oldData) + return; + if (trimmedText[trimmedSize]) + newData.append(trimmedText + trimmedSize); //, size - trimmedSize - (trimmedText - text)); + ::strcpy(text, newData.c_str()); + return true;*/ + } + void hookafter(hook_stack*s,void* data, size_t len){ + + auto newData =std::string((char*)data,len); + auto text = (LPSTR)s->eax; + int size = ::strlen(text), + trimmedSize = size; + auto trimmedText = trim(text, &trimmedSize); + if (trimmedText[trimmedSize]) + newData.append(trimmedText + trimmedSize); //, size - trimmedSize - (trimmedText - text)); + ::strcpy(text, newData.c_str()); + } +} // namespace Private + +/** + * Sample games + * - [111028][PULLTOP] 神聖にして侵すべからず + * - Re:BIRTHDAY SONG~恋を唄う死神~(体験版) + * See: http://capita.tistory.com/m/post/84 + * + * ENCODEKOR,FORCEFONT(5),HOOK(0x0042B5E0,TRANS(0x004FFBF8,OVERWRITE(IGNORE)),RETNPOS(COPY),TRANS(0x004FF7F8,OVERWRITE(IGNORE))),HOOK(0x00413204,TRANS([ESP+0x1c],PTRCHEAT),RETNPOS(SOURCE)),HOOK(0x00424004,TRANS([ESP+0x1c],PTRCHEAT),RETNPOS(SOURCE)),HOOK(0x004242B9,TRANS([ESP+0x1c],PTRCHEAT),RETNPOS(SOURCE)),HOOK(0x00424109,TRANS([ESP+0x1c],PTRCHEAT),RETNPOS(SOURCE)) + * + * Scenario in eax + * Name in (eax - 1024) + * Memory can be directly overridden. + * + * 0042B5DE CC INT3 + * 0042B5DF CC INT3 + * 0042B5E0 81EC 14080000 SUB ESP,0x814 ; jichi: text in eax, name in eax - 1024, able to copy + * 0042B5E6 53 PUSH EBX + * 0042B5E7 55 PUSH EBP + * 0042B5E8 56 PUSH ESI + * 0042B5E9 33DB XOR EBX,EBX + * 0042B5EB 57 PUSH EDI + * 0042B5EC 8BF8 MOV EDI,EAX + * 0042B5EE 399C24 28080000 CMP DWORD PTR SS:[ESP+0x828],EBX + * 0042B5F5 75 13 JNZ SHORT .0042B60A + * 0042B5F7 68 74030000 PUSH 0x374 + * 0042B5FC 53 PUSH EBX + * 0042B5FD 68 7CC44F00 PUSH .004FC47C + * 0042B602 E8 09E60500 CALL .00489C10 + * 0042B607 83C4 0C ADD ESP,0xC + * 0042B60A 33F6 XOR ESI,ESI + * 0042B60C 895C24 1C MOV DWORD PTR SS:[ESP+0x1C],EBX + * 0042B610 895C24 10 MOV DWORD PTR SS:[ESP+0x10],EBX + * 0042B614 381F CMP BYTE PTR DS:[EDI],BL + * 0042B616 0F84 0D020000 JE .0042B829 + * 0042B61C 8D6424 00 LEA ESP,DWORD PTR SS:[ESP] + * 0042B620 8A4C37 01 MOV CL,BYTE PTR DS:[EDI+ESI+0x1] + * 0042B624 84C9 TEST CL,CL + * 0042B626 0F84 E6010000 JE .0042B812 + * 0042B62C 66:0FB6043E MOVZX AX,BYTE PTR DS:[ESI+EDI] + * 0042B631 8D2C3E LEA EBP,DWORD PTR DS:[ESI+EDI] + * 0042B634 66:C1E0 08 SHL AX,0x8 + * 0042B638 0FB7C0 MOVZX EAX,AX + * 0042B63B 0FB6C9 MOVZX ECX,CL + * 0042B63E 0BC1 OR EAX,ECX + * 0042B640 50 PUSH EAX + * 0042B641 E8 34B40500 CALL .00486A7A + * 0042B646 83C4 04 ADD ESP,0x4 + * 0042B649 85C0 TEST EAX,EAX + * 0042B64B 74 14 JE SHORT .0042B661 + * 0042B64D 66:8B55 00 MOV DX,WORD PTR SS:[EBP] + * 0042B651 66:89541C 24 MOV WORD PTR SS:[ESP+EBX+0x24],DX + * 0042B656 83C3 02 ADD EBX,0x2 + * 0042B659 83C6 02 ADD ESI,0x2 + * 0042B65C E9 BA010000 JMP .0042B81B + * 0042B661 807D 00 7B CMP BYTE PTR SS:[EBP],0x7B + * 0042B665 0F85 60010000 JNZ .0042B7CB + * 0042B66B 8BC3 MOV EAX,EBX + * 0042B66D 2B4424 1C SUB EAX,DWORD PTR SS:[ESP+0x1C] + * 0042B671 46 INC ESI + * 0042B672 33ED XOR EBP,EBP + * 0042B674 894424 20 MOV DWORD PTR SS:[ESP+0x20],EAX + * 0042B678 896C24 14 MOV DWORD PTR SS:[ESP+0x14],EBP + * 0042B67C 8D6424 00 LEA ESP,DWORD PTR SS:[ESP] + * 0042B680 8A0C3E MOV CL,BYTE PTR DS:[ESI+EDI] + * 0042B683 84C9 TEST CL,CL + * 0042B685 0F84 B5010000 JE .0042B840 + * 0042B68B 0FB64437 01 MOVZX EAX,BYTE PTR DS:[EDI+ESI+0x1] + * 0042B690 66:0FB6C9 MOVZX CX,CL + * 0042B694 66:C1E1 08 SHL CX,0x8 + * 0042B698 0FB7D1 MOVZX EDX,CX + * 0042B69B 0BC2 OR EAX,EDX + * 0042B69D 50 PUSH EAX + * 0042B69E E8 D7B30500 CALL .00486A7A + * 0042B6A3 83C4 04 ADD ESP,0x4 + * 0042B6A6 85C0 TEST EAX,EAX + * 0042B6A8 74 1A JE SHORT .0042B6C4 + * 0042B6AA 66:8B043E MOV AX,WORD PTR DS:[ESI+EDI] + * 0042B6AE 834424 14 02 ADD DWORD PTR SS:[ESP+0x14],0x2 + * 0042B6B3 66:89441C 24 MOV WORD PTR SS:[ESP+EBX+0x24],AX + * 0042B6B8 83C3 02 ADD EBX,0x2 + * 0042B6BB 895C24 10 MOV DWORD PTR SS:[ESP+0x10],EBX + * 0042B6BF 83C6 02 ADD ESI,0x2 + * 0042B6C2 ^EB BC JMP SHORT .0042B680 + * 0042B6C4 8A043E MOV AL,BYTE PTR DS:[ESI+EDI] + * 0042B6C7 3C 3A CMP AL,0x3A + * 0042B6C9 74 10 JE SHORT .0042B6DB + * 0042B6CB FF4424 14 INC DWORD PTR SS:[ESP+0x14] + * 0042B6CF 88441C 24 MOV BYTE PTR SS:[ESP+EBX+0x24],AL + * 0042B6D3 43 INC EBX + * 0042B6D4 895C24 10 MOV DWORD PTR SS:[ESP+0x10],EBX + * 0042B6D8 46 INC ESI + * 0042B6D9 ^EB A5 JMP SHORT .0042B680 + * 0042B6DB 896C24 18 MOV DWORD PTR SS:[ESP+0x18],EBP + * 0042B6DF 46 INC ESI + * 0042B6E0 8A0C3E MOV CL,BYTE PTR DS:[ESI+EDI] + * 0042B6E3 84C9 TEST CL,CL + * 0042B6E5 0F84 55010000 JE .0042B840 + * 0042B6EB 0FB64437 01 MOVZX EAX,BYTE PTR DS:[EDI+ESI+0x1] + * 0042B6F0 66:0FB6C9 MOVZX CX,CL + * 0042B6F4 66:C1E1 08 SHL CX,0x8 + * 0042B6F8 0FB7D1 MOVZX EDX,CX + * 0042B6FB 0BC2 OR EAX,EDX + * 0042B6FD 50 PUSH EAX + * 0042B6FE E8 77B30500 CALL .00486A7A + * 0042B703 83C4 04 ADD ESP,0x4 + * 0042B706 85C0 TEST EAX,EAX + * 0042B708 74 18 JE SHORT .0042B722 + * 0042B70A 66:8B043E MOV AX,WORD PTR DS:[ESI+EDI] + * 0042B70E FF4424 18 INC DWORD PTR SS:[ESP+0x18] + * 0042B712 66:89842C 240400>MOV WORD PTR SS:[ESP+EBP+0x424],AX + * 0042B71A 83C5 02 ADD EBP,0x2 + * 0042B71D 83C6 02 ADD ESI,0x2 + * 0042B720 ^EB BE JMP SHORT .0042B6E0 + * 0042B722 8A043E MOV AL,BYTE PTR DS:[ESI+EDI] + * 0042B725 3C 7D CMP AL,0x7D + * 0042B727 74 0E JE SHORT .0042B737 + * 0042B729 FF4424 18 INC DWORD PTR SS:[ESP+0x18] + * 0042B72D 88842C 24040000 MOV BYTE PTR SS:[ESP+EBP+0x424],AL + * 0042B734 45 INC EBP + * 0042B735 ^EB A8 JMP SHORT .0042B6DF + * 0042B737 8D8424 24040000 LEA EAX,DWORD PTR SS:[ESP+0x424] + * 0042B73E 46 INC ESI + * 0042B73F C6842C 24040000 >MOV BYTE PTR SS:[ESP+EBP+0x424],0x0 + * 0042B747 8D50 01 LEA EDX,DWORD PTR DS:[EAX+0x1] + * 0042B74A 8D9B 00000000 LEA EBX,DWORD PTR DS:[EBX] + * 0042B750 8A08 MOV CL,BYTE PTR DS:[EAX] + * 0042B752 40 INC EAX + * 0042B753 84C9 TEST CL,CL + * 0042B755 ^75 F9 JNZ SHORT .0042B750 + * 0042B757 2BC2 SUB EAX,EDX + * 0042B759 83F8 1E CMP EAX,0x1E + * 0042B75C 0F87 DE000000 JA .0042B840 + * 0042B762 8B15 7CC44F00 MOV EDX,DWORD PTR DS:[0x4FC47C] + * 0042B768 83FA 14 CMP EDX,0x14 + * 0042B76B 0F8D AE000000 JGE .0042B81F + * 0042B771 6BD2 2C IMUL EDX,EDX,0x2C + * 0042B774 8D8C24 24040000 LEA ECX,DWORD PTR SS:[ESP+0x424] + * 0042B77B 81C2 8CC44F00 ADD EDX,.004FC48C + * 0042B781 8A01 MOV AL,BYTE PTR DS:[ECX] + * 0042B783 8802 MOV BYTE PTR DS:[EDX],AL + * 0042B785 41 INC ECX + * 0042B786 42 INC EDX + * 0042B787 84C0 TEST AL,AL + * 0042B789 ^75 F6 JNZ SHORT .0042B781 + * 0042B78B 8B0D 7CC44F00 MOV ECX,DWORD PTR DS:[0x4FC47C] + * 0042B791 8B5424 14 MOV EDX,DWORD PTR SS:[ESP+0x14] + * 0042B795 6BC9 2C IMUL ECX,ECX,0x2C + * 0042B798 8991 88C44F00 MOV DWORD PTR DS:[ECX+0x4FC488],EDX + * 0042B79E A1 7CC44F00 MOV EAX,DWORD PTR DS:[0x4FC47C] + * 0042B7A3 8B4C24 20 MOV ECX,DWORD PTR SS:[ESP+0x20] + * 0042B7A7 6BC0 2C IMUL EAX,EAX,0x2C + * 0042B7AA 8988 80C44F00 MOV DWORD PTR DS:[EAX+0x4FC480],ECX + * 0042B7B0 8B15 7CC44F00 MOV EDX,DWORD PTR DS:[0x4FC47C] + * 0042B7B6 8B4424 18 MOV EAX,DWORD PTR SS:[ESP+0x18] + * 0042B7BA 6BD2 2C IMUL EDX,EDX,0x2C + * 0042B7BD 8982 84C44F00 MOV DWORD PTR DS:[EDX+0x4FC484],EAX + * 0042B7C3 FF05 7CC44F00 INC DWORD PTR DS:[0x4FC47C] + * 0042B7C9 EB 54 JMP SHORT .0042B81F + * 0042B7CB 55 PUSH EBP + * 0042B7CC E8 7F000000 CALL .0042B850 + * 0042B7D1 8BD8 MOV EBX,EAX + * 0042B7D3 83C4 04 ADD ESP,0x4 + * 0042B7D6 85DB TEST EBX,EBX + * 0042B7D8 74 23 JE SHORT .0042B7FD + * 0042B7DA 53 PUSH EBX + * 0042B7DB 55 PUSH EBP + * 0042B7DC 8B6C24 18 MOV EBP,DWORD PTR SS:[ESP+0x18] + * 0042B7E0 8D4C2C 2C LEA ECX,DWORD PTR SS:[ESP+EBP+0x2C] + * 0042B7E4 51 PUSH ECX + * 0042B7E5 E8 A6E40500 CALL .00489C90 + * 0042B7EA 03EB ADD EBP,EBX + * 0042B7EC 03F3 ADD ESI,EBX + * 0042B7EE 83C4 0C ADD ESP,0xC + * 0042B7F1 015C24 1C ADD DWORD PTR SS:[ESP+0x1C],EBX + * 0042B7F5 896C24 10 MOV DWORD PTR SS:[ESP+0x10],EBP + * 0042B7F9 8BDD MOV EBX,EBP + * 0042B7FB EB 22 JMP SHORT .0042B81F + * 0042B7FD 8B4424 10 MOV EAX,DWORD PTR SS:[ESP+0x10] + * 0042B801 8A55 00 MOV DL,BYTE PTR SS:[EBP] + * 0042B804 40 INC EAX + * 0042B805 885404 23 MOV BYTE PTR SS:[ESP+EAX+0x23],DL + * 0042B809 894424 10 MOV DWORD PTR SS:[ESP+0x10],EAX + * 0042B80D 46 INC ESI + * 0042B80E 8BD8 MOV EBX,EAX + * 0042B810 EB 0D JMP SHORT .0042B81F + * 0042B812 8A043E MOV AL,BYTE PTR DS:[ESI+EDI] + * 0042B815 88441C 24 MOV BYTE PTR SS:[ESP+EBX+0x24],AL + * 0042B819 43 INC EBX + * 0042B81A 46 INC ESI + * 0042B81B 895C24 10 MOV DWORD PTR SS:[ESP+0x10],EBX + * 0042B81F 803C3E 00 CMP BYTE PTR DS:[ESI+EDI],0x0 + * 0042B823 ^0F85 F7FDFFFF JNZ .0042B620 + * 0042B829 8D4424 24 LEA EAX,DWORD PTR SS:[ESP+0x24] + * 0042B82D 8BC8 MOV ECX,EAX + * 0042B82F C6441C 24 00 MOV BYTE PTR SS:[ESP+EBX+0x24],0x0 + * 0042B834 2BF9 SUB EDI,ECX + * 0042B836 8A08 MOV CL,BYTE PTR DS:[EAX] + * 0042B838 880C07 MOV BYTE PTR DS:[EDI+EAX],CL + * 0042B83B 40 INC EAX + * 0042B83C 84C9 TEST CL,CL + * 0042B83E ^75 F6 JNZ SHORT .0042B836 + * 0042B840 5F POP EDI + * 0042B841 5E POP ESI + * 0042B842 5D POP EBP + * 0042B843 5B POP EBX + * 0042B844 81C4 14080000 ADD ESP,0x814 + * 0042B84A C3 RETN + * 0042B84B CC INT3 + * 0042B84C CC INT3 + * 0042B84D CC INT3 + * 0042B84E CC INT3 + * + * Skip scenario text: + * 00438EF1 51 PUSH ECX + * 00438EF2 56 PUSH ESI + * 00438EF3 57 PUSH EDI + * 00438EF4 52 PUSH EDX + * 00438EF5 6A 03 PUSH 0x3 ; jichi: scenario arg1 is always 3 + * 00438EF7 E8 14F3FDFF CALL .00418210 ; jichi: text called here + * 00438EFC 894424 4C MOV DWORD PTR SS:[ESP+0x4C],EAX + * 00438F00 8D4424 78 LEA EAX,DWORD PTR SS:[ESP+0x78] + * 00438F04 83C4 30 ADD ESP,0x30 + * 00438F07 897C24 34 MOV DWORD PTR SS:[ESP+0x34],EDI + * 00438F0B 897424 38 MOV DWORD PTR SS:[ESP+0x38],ESI + * 00438F0F 8D48 01 LEA ECX,DWORD PTR DS:[EAX+0x1] + * 00438F12 8A10 MOV DL,BYTE PTR DS:[EAX] + * 00438F14 40 INC EAX + * 00438F15 84D2 TEST DL,DL + */ +bool attach(ULONG startAddress, ULONG stopAddress) +{ + const uint8_t bytes[] = { + 0x81,0xec, 0x14,0x08,0x00,0x00 // 0042B5E0 81EC 14080000 SUB ESP,0x814 ; jichi: text in eax, name in eax - 1024, able to copy + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if(addr==0)return false; + HookParam hp; + hp.address=addr; + + hp.hook_before= Private::hookBefore; + hp.type=EMBED_ABLE; + hp.newlineseperator=L"\\n"; + hp.hook_after=Private::hookafter; + hp.hook_font=F_GetGlyphOutlineA|F_TextOutA; + static ULONG paddr=(PatchA::patchEncoding(startAddress, stopAddress)); + ConsoleOutput("%p",paddr); + if(paddr){ + hp.type|=EMBED_DYNA_SJIS; + hp.hook_font=F_GetGlyphOutlineA|F_TextOutA; + patch_fun=[](){ + PatchA::replace_near_call(paddr + 5, (ULONG)PatchA::Private::isLeadByteChar); + + }; + } + return NewHook(hp,"EmbedWillplusA"); +} + +} // namespace ScenarioHookA + +namespace OtherHookA { + +namespace Private { + + bool hookBefore(hook_stack*s,void* data, size_t* len,uintptr_t*role) + { + static std::string data_; + if (s->stack[1] == 3) // skip scenario hook where arg1 is 3 + return false; + auto text = (LPCSTR)s->stack[8]; // text in arg8 + if (!Engine::isAddressReadable(text) || !*text || ::strlen(text) <= 2) // do not translate single character + return false; + *role = Engine::OtherRole ; + strcpy((char*)data,text);*len=strlen(text); + + return true; + } + +} // namespace Private + +/** + * Sample games: Re:BIRTHDAY SONG~恋を唄う死神~(体験版) + * + * There are two GetGlyphOutlineA, that are called in the same functions. + * + * Caller of GetGlyphOutlineA, text in arg8. + */ +bool attach(ULONG startAddress, ULONG stopAddress) +{ + ULONG addr = MemDbg::findCallerAddressAfterInt3((ULONG)::GetGlyphOutlineA, startAddress, stopAddress); + if(addr==0)return false; + HookParam hp; + hp.address=addr; + hp.hook_before=Private::hookBefore; + hp.type=EMBED_ABLE|EMBED_DYNA_SJIS|EMBED_AFTER_OVERWRITE; + hp.offset=get_stack(8); + return NewHook(hp,"EmbedWillplus_other"); +} + +} // namespace OtherHookA + +} // unnamed namespace + +/** Public class */ +namespace WillPlusEngine{ +bool attach() +{ + ULONG startAddress=processStartAddress, stopAddress=processStopAddress; + + + if (::attachScenarioHookW1(startAddress, stopAddress) || ::attachScenarioHookW2(startAddress, stopAddress)) { + + (::attachNameHookW(startAddress, stopAddress)) ; + + (::attachOtherHookW(startAddress, stopAddress)); + + return true; + + } else if (ScenarioHookA::attach(startAddress, stopAddress)) { // try widechar pattern first, which is more unique + + (OtherHookA::attach(startAddress, stopAddress)) ; + // HijackManager::instance()->attachFunction((ULONG)::GetGlyphOutlineA); + // HijackManager::instance()->attachFunction((ULONG)::TextOutA); // not called. hijack in case it is used + return true; + } + + return false; +} +} + +namespace{ + +static bool InsertWillPlus4() +{ + //by Blu3train + /* + * Sample games: + * https://vndb.org/r71235 + */ + const BYTE bytes[] = { + 0x33, 0xC9, // xor ecx,ecx <-- hook + 0x8B, 0xC7, // mov eax,edi + 0xC7, 0x84, 0x24, XX4, XX4, // mov [esp+000001E0],00000007 + 0x89, 0x9C, 0x24, XX4 // mov [esp+000001DC],ebx + }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + ConsoleOutput("WillPlus4: pattern not found"); + return false; + } + + HookParam hp = {}; + hp.address = addr; + hp.offset =get_reg(regs::edi); + hp.type = CODEC_UTF16 | USING_STRING; + hp.filter_fun = WillPlus_extra_filter; + ConsoleOutput("INSERT WillPlus4"); + NewHook(hp, "WillPlus4"); + return true; +} + +static bool InsertWillPlus5() +{ + //by Blu3train + /* + * Sample games: + * https://vndb.org/v29881 + */ + const BYTE bytes[] = { + 0xE8, XX4, // call AdvHD.exe+38550 <-- hook here + 0x8B, 0x4B, 0x08, // mov ecx,[ebx+08] + 0x89, 0x8F, XX4, // mov [edi+0000014C],ecx + 0x85, 0xC9, // test ecx,ecx + 0x74, 0x04 // je AdvHD.exe+396C6 + }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + ConsoleOutput("WillPlus5: pattern not found"); + return false; + } + + HookParam hp = {}; + hp.address = addr; + hp.offset = get_reg(regs::esi); + hp.index = 0; + hp.split = get_reg(regs::ebx); + hp.split_index = 0; + hp.type = CODEC_UTF16 | USING_STRING | NO_CONTEXT | USING_SPLIT; + hp.filter_fun = WillPlus_extra_filter; + ConsoleOutput("INSERT WillPlus5"); + NewHook(hp, "WillPlus5"); + return true; +} + +bool _xxx(){ +bool ok=false; + ok = InsertWillPlus4() || ok; + ok = InsertWillPlus5() || ok; + return ok; +} +} + +bool WillPlus::attach_function() { + bool succ=WillPlusEngine::attach(); + succ|=InsertWillPlusHook(); + succ|=InsertWillPlus4Hook(); + succ|=InsertWillPlus5Hook(); + succ|=insertwillplus6(); + succ|=willX(); + succ|=_xxx(); + + return succ; +} \ No newline at end of file diff --git a/LunaHook/engine32/WillPlus.h b/LunaHook/engine32/WillPlus.h new file mode 100644 index 0000000..612fbcb --- /dev/null +++ b/LunaHook/engine32/WillPlus.h @@ -0,0 +1,11 @@ +#include"engine.h" + +class WillPlus:public ENGINE{ + public: + WillPlus(){ + + check_by=CHECK_BY::FILE_ALL; + check_by_target=check_by_list{L"Rio.arc",L"Chip*.arc"}; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Wolf.cpp b/LunaHook/engine32/Wolf.cpp new file mode 100644 index 0000000..757269a --- /dev/null +++ b/LunaHook/engine32/Wolf.cpp @@ -0,0 +1,828 @@ +#include"Wolf.h" +#include"embed_util.h" +/** + * jichi 10/12/2014 + * P.S.: Another approach + * See: http://tieba.baidu.com/p/2425786155 + * Quote: + * I guess this post should go in here. I got sick of AGTH throwing a fit when entering the menus in Wolf RPG games, so I did some debugging. This is tested and working properly with lots of games. If you find one that isn't covered then please PM me and I'll look into it. + * + * Wolf RPG H-code - Use whichever closest matches your Game.exe + * /HBN*0@454C6C (2010/10/09 : 2,344KB : v1.31) + * /HBN*0@46BA03 (2011/11/22 : 2,700KB : v2.01) + * /HBN*0@470CEA (2012/05/07 : 3,020KB : v2.02) + * /HBN*0@470D5A (2012/06/10 : 3,020KB : v2.02a) + * + * ith_p.cc:Ith::parseHookCode: enter: code = "/HBN*0@470CEA" + * - addr: 4656362 , + * - length_offset: 1 + * - type: 1032 = 0x408 + * + * Use /HB instead of /HBN if you want to split dialogue text and menu text into separate threads. + * Also set the repetition trace parameters in AGTH higher or it won't work properly with text-heavy menus. 64 x 16 seems to work fine. + * + * Issues: + * AGTH still causes a bit of lag when translating menus if you have a lot of skills or items. + * Using ITH avoids this problem, but it sometimes has issues with repetition detection which can be fixed by quickly deselecting and reselecting the game window; Personally I find this preferable to menu and battle slowdown that AGTH sometimes causes, but then my PC is pretty slow so you might not have that problem. + * + * Minimising the AGTH/ITH window generally makes the game run a bit smoother as windows doesn't need to keep scrolling the text box as new text is added. + * + * RPG Maker VX H-code: + * Most games are detected automatically and if not then by using the AGTH /X or /X2 or /X3 parameters. + * + * Games that use TRGSSX.dll may have issues with detection (especially with ITH). + * If TRGSSX.dll is included with the game then this code should work: + * /HQN@D3CF:TRGSSX.dll + * + * With this code, using AGTH to start the process will not work. You must start the game normally and then hook the process afterwards. + * ITH has this functionality built into the interface. AGTH requires the /PN command line argument, for example: + * agth /PNGame.exe /HQN@D3CF:TRGSSX.dll /C + * + * Again, drop the N to split dialogue and menu text into separate threads. + */ +namespace { // WolfRPG +// jichi 10/13/2013: restored +bool InsertOldWolfHook() +{ + // jichi 10/12/2013: + // Step 1: find the address of GetTextMetricsA + // Step 2: find where this function is called + // Step 3: search "sub esp, XX" after where it is called + enum { sub_esp = 0xec81 }; // jichi: caller pattern: sub esp = 0x81,0xec + if (DWORD c1 = Util::FindCallAndEntryAbs((DWORD)GetTextMetricsA, processStopAddress - processStartAddress, processStartAddress, sub_esp)) + if (DWORD c2 = Util::FindCallOrJmpRel(c1, processStopAddress - processStartAddress, processStartAddress, 0)) { + union { + DWORD i; + WORD *k; + }; + DWORD j; + for (i = c2 - 0x100, j = c2 - 0x400; i > j; i--) + if (*k == 0xec83) { // jichi 10/12/2013: 83 EC XX sub esp, XX See: http://lists.cs.uiuc.edu/pipermail/llvm-commits/Week-of-Mon-20120312.txt + HookParam hp; + hp.address = i; + hp.offset=get_reg(regs::ecx); + hp.split = get_reg(regs::esp); + hp.type = DATA_INDIRECT|USING_SPLIT; + //GROWL_DWORD(hp.address); // jichi 6/5/2014: 淫乱勀��フィのRPG = 0x50a400 + ConsoleOutput("INSERT WolfRPG"); + return NewHook(hp, "WolfRPG"); + } + } + + //ConsoleOutput("Unknown WolfRPG engine."); + ConsoleOutput("WolfRPG: failed"); + return false; +} + +//example-game:妹!せいかつ~ファンタジー~ by:iov +bool InsertWolf3Hook() +{ + const BYTE bytes[] = { 0xC7,0x45,0xFC,0x00,0x00,0x00,0x00,0x8B,0x45,0x94,0x83,0xE0,0x01 }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + ConsoleOutput("WolfRPG: pattern3 not found"); + return false; + } + + HookParam myhp; + myhp.address = addr+41; + + myhp.type = USING_STRING | NO_CONTEXT; + myhp.offset=get_reg(regs::eax); + myhp.type |= DATA_INDIRECT; + + myhp.index = 4; + + char nameForUser[HOOK_NAME_SIZE] = "WolfRPG_String_Copy"; + + ConsoleOutput("Insert: WolfRPG_String_Copy Hook"); + return NewHook(myhp, nameForUser); +} + +bool InsertWolf4Hook() { + const BYTE bytes[] = {0xC6,0x45,0xFC,0x29,0x8B,0x8D,0xE0,0xEF,0xFF,0xFF,0xE8,XX4,0x50,0x8B,0x4D,0xE8,0x2B,0x4D,0xEC }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + ConsoleOutput("WolfRPG: pattern4 not found"); + return false; + } + + HookParam myhp; + myhp.address = addr + 16; + + myhp.type = USING_STRING | NO_CONTEXT; + myhp.offset=get_reg(regs::eax); + // myhp.type |= DATA_INDIRECT; + + // myhp.index = 4; + + char nameForUser[HOOK_NAME_SIZE] = "WolfRPG4"; + + ConsoleOutput("Insert: WolfRPG4 Hook"); + return NewHook(myhp, nameForUser); +} + + + +} // WolfRPG namespace + +bool InsertWolfHook() +{ + // return InsertOldWolfHook(), InsertWolf2Hook(), InsertWolf3Hook(), InsertWolf4Hook(); + return InsertOldWolfHook(), InsertWolf3Hook(), InsertWolf4Hook(); +} +namespace{ + + bool commonfilter(void* data, size_t* len, HookParam* hp){ + auto str=std::string(reinterpret_cast(data),*len); + bool checkchaos=WideStringToString(StringToWideString(str))!=str; + if(checkchaos)return false; + bool check1= str.find("/")!=str.npos||str.find("\\")!=str.npos; + auto hashsuffix=[str](){ + + auto filterpath={ + ".png",".jpg",".bmp", + ".mp3",".ogg", + ".webm",".mp4", + ".otf",".mps" + }; + for(auto _ :filterpath) + if(str.find(_)!=str.npos) + return true; + return false; + }; + bool check2=hashsuffix(); + bool check3=all_ascii((const char *)data,*len); + if(check1&&(check2||check3))return false; + return true; + } + bool hook5(){ + //[220901][あせろら] 寝取られ新妻モニカ~ツンデレな奥さんのHなお仕事~ + const BYTE bytes[] = { + 0x80,0x38,0x40, + 0x0f,0x85,XX4, + 0x57, + 0x68,XX4, + 0x8d,XX2, + 0xe8 + }; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if(addr==0)return false; + addr=MemDbg::findEnclosingAlignedFunction(addr); + + if(addr==0)return false; + + HookParam hp; + hp.address = addr; + hp.offset =get_stack(8); + hp.type =USING_STRING|CODEC_UTF8; + hp.filter_fun=commonfilter; + return NewHook(hp, "Wolf5"); + } + bool hook6(){ + //[220901][あせろら] 寝取られ新妻モニカ~ツンデレな奥さんのHなお仕事~ + const BYTE bytes[] = { + 0xB8,0x00,0x00,0x00,0x80, + 0x83,0xC0,0x23 + }; + bool ok=false; + auto addrs =Util::SearchMemory(bytes, sizeof(bytes),PAGE_EXECUTE, processStartAddress, processStopAddress); + for (auto addr : addrs) { + addr=MemDbg::findEnclosingAlignedFunction(addr); + + if(addr==0)continue; + HookParam hp; + hp.address = (DWORD)addr; + hp.offset=get_stack(3); + hp.type =USING_STRING|CODEC_UTF8; + hp.filter_fun=commonfilter; + ok|=NewHook(hp, "Wolf6"); + } + + return ok; + } + bool hook56(){ + bool _1=hook5(); + bool _2=hook6(); + return _1||_2; + } +} + + +namespace { // unnamed + +namespace ScenarioHook { + +namespace Private { + + struct TextListElement // ecx, this structure saved a list of element + { + DWORD flag1; // should be zero when text is valid + LPSTR text; + DWORD flag2; + DWORD flag3; + DWORD flag4; + int size, + capacity; // 0xe8, capacity of the data including \0 + + bool isScenarioText() const + { return flag1 == 0 && flag2 == 0 && flag3 == 0 && flag4 == 0; } + + bool isValid() const + { + return size > 0 && size <= capacity + && Engine::isAddressReadable(text, capacity) && size == ::strlen(text); + } + }; + + // Skip non-printable and special ASCII characters on the left + inline char *ltrim(char *s) + { + while (*s && (uint8_t)*s <= 39) + s++; + return s; + } + std::unordered_set dataSet_; + bool hookBefore(hook_stack*s,void* data1, size_t* len1,uintptr_t*role) + { + //enum { DataQueueCapacity = 30 }; + + + auto self = (TextListElement *)s->ecx; // ecx is actually a list of element + if (self->isValid()) { + char *text = ltrim(self->text); + if (*text) { + std::string data = text; + if (dataSet_.find(data)==dataSet_.end()) { + auto role = text == self->text && self->isScenarioText() ? Engine::ScenarioRole : Engine::OtherRole; + auto split = s->stack[0]; // retaddr + // auto sig = Engine::hashThreadSignature(role, split); + + enum { SendAllowed = true }; + bool timeout; + int prefixSize = text - self->text, + capacity = self->capacity - prefixSize; + strcpy((char*)data1,data.c_str());*len1=data.size();return 1; + // data = EngineController::instance()->dispatchTextASTD(data, role, sig, capacity, SendAllowed, &timeout); + // if (timeout) + // return true; + + // dataSet_.insert(data); + + // ::memcpy(text, data.c_str(), min(data.size() + 1, capacity)); + // self->size = data.size() + prefixSize; + } + } + } + return 0; + } + void hookafter2(hook_stack*s,void* data1, size_t len){ + + auto newData =std::string((char*)data1,len); + + auto self = (TextListElement *)s->ecx; // ecx is actually a list of element + if (self->isValid()) { + char *text = ltrim(self->text); + if (*text) { + std::string data = text; + if (dataSet_.find(data)==dataSet_.end()) { + auto role = text == self->text && self->isScenarioText() ? Engine::ScenarioRole : Engine::OtherRole; + auto split = s->stack[0]; // retaddr + // auto sig = Engine::hashThreadSignature(role, split); + + enum { SendAllowed = true }; + bool timeout; + int prefixSize = text - self->text, + capacity = self->capacity - prefixSize; + + data=newData; + dataSet_.insert(data); + + ::memcpy(text, data.c_str(), min(data.size() + 1, capacity)); + self->size = data.size() + prefixSize; + } + } + } + } +} // namespace Private + +/** + * Sample game: DRAGON SLAVE + * + * This function is very long and contains many CharNextA. + * + * 0046CCBD CC INT3 + * 0046CCBE CC INT3 + * 0046CCBF CC INT3 + * 0046CCC0 55 PUSH EBP ; jichi: hook here, text list in ecx + * 0046CCC1 8BEC MOV EBP,ESP + * 0046CCC3 6A FF PUSH -0x1 + * 0046CCC5 68 62496900 PUSH Game.00694962 + * 0046CCCA 64:A1 00000000 MOV EAX,DWORD PTR FS:[0] + * 0046CCD0 50 PUSH EAX + * 0046CCD1 64:8925 00000000 MOV DWORD PTR FS:[0],ESP + * 0046CCD8 81EC A4030000 SUB ESP,0x3A4 + * 0046CCDE A1 6CE36C00 MOV EAX,DWORD PTR DS:[0x6CE36C] + * 0046CCE3 33C5 XOR EAX,EBP + * 0046CCE5 8945 F0 MOV DWORD PTR SS:[EBP-0x10],EAX + * 0046CCE8 56 PUSH ESI + * 0046CCE9 57 PUSH EDI + * 0046CCEA 898D C4FDFFFF MOV DWORD PTR SS:[EBP-0x23C],ECX + * 0046CCF0 68 F9D86900 PUSH Game.0069D8F9 + * 0046CCF5 8B85 C4FDFFFF MOV EAX,DWORD PTR SS:[EBP-0x23C] + * 0046CCFB 83C0 1C ADD EAX,0x1C + * 0046CCFE 50 PUSH EAX + * 0046CCFF E8 4CF10400 CALL Game.004BBE50 + * 0046CD04 83C4 08 ADD ESP,0x8 + * 0046CD07 0FB6C8 MOVZX ECX,AL + * 0046CD0A 85C9 TEST ECX,ECX + * 0046CD0C 74 05 JE SHORT Game.0046CD13 + * 0046CD0E E9 CD460000 JMP Game.004713E0 + * 0046CD13 8B95 C4FDFFFF MOV EDX,DWORD PTR SS:[EBP-0x23C] + * 0046CD19 83C2 38 ADD EDX,0x38 + * 0046CD1C 52 PUSH EDX + * 0046CD1D 8B85 C4FDFFFF MOV EAX,DWORD PTR SS:[EBP-0x23C] + * 0046CD23 83C0 1C ADD EAX,0x1C + * 0046CD26 50 PUSH EAX + * 0046CD27 E8 04F30400 CALL Game.004BC030 + * 0046CD2C 83C4 08 ADD ESP,0x8 + * 0046CD2F 0FB6C8 MOVZX ECX,AL + * 0046CD32 85C9 TEST ECX,ECX + * 0046CD34 74 0B JE SHORT Game.0046CD41 + * 0046CD36 8B8D C4FDFFFF MOV ECX,DWORD PTR SS:[EBP-0x23C] + * 0046CD3C E8 4F490000 CALL Game.00471690 ; jichi: hook after here + * 0046CD41 A1 30456F00 MOV EAX,DWORD PTR DS:[0x6F4530] + * 0046CD46 99 CDQ + * 0046CD47 B9 64000000 MOV ECX,0x64 + * 0046CD4C F7F9 IDIV ECX + * 0046CD4E 8985 C0FDFFFF MOV DWORD PTR SS:[EBP-0x240],EAX + * 0046CD54 DB85 C0FDFFFF FILD DWORD PTR SS:[EBP-0x240] + * 0046CD5A DC4D 0C FMUL QWORD PTR SS:[EBP+0xC] + * 0046CD5D DD5D 0C FSTP QWORD PTR SS:[EBP+0xC] + * 0046CD60 A1 30456F00 MOV EAX,DWORD PTR DS:[0x6F4530] + * 0046CD65 99 CDQ + * 0046CD66 B9 64000000 MOV ECX,0x64 + * 0046CD6B F7F9 IDIV ECX + * 0046CD6D 8985 BCFDFFFF MOV DWORD PTR SS:[EBP-0x244],EAX + * 0046CD73 DB85 BCFDFFFF FILD DWORD PTR SS:[EBP-0x244] + * 0046CD79 DC4D 14 FMUL QWORD PTR SS:[EBP+0x14] + * 0046CD7C DD5D 14 FSTP QWORD PTR SS:[EBP+0x14] + * 0046CD7F 8B15 C0A86F00 MOV EDX,DWORD PTR DS:[0x6FA8C0] + * 0046CD85 83E2 01 AND EDX,0x1 + * 0046CD88 75 32 JNZ SHORT Game.0046CDBC + * 0046CD8A A1 C0A86F00 MOV EAX,DWORD PTR DS:[0x6FA8C0] + * 0046CD8F 83C8 01 OR EAX,0x1 + * 0046CD92 A3 C0A86F00 MOV DWORD PTR DS:[0x6FA8C0],EAX + * 0046CD97 C745 FC 00000000 MOV DWORD PTR SS:[EBP-0x4],0x0 + * 0046CD9E B9 B0A86F00 MOV ECX,Game.006FA8B0 + * 0046CDA3 E8 78210300 CALL Game.0049EF20 + * 0046CDA8 68 20806900 PUSH Game.00698020 + * 0046CDAD E8 0B020600 CALL Game.004CCFBD + * 0046CDB2 83C4 04 ADD ESP,0x4 + * 0046CDB5 C745 FC FFFFFFFF MOV DWORD PTR SS:[EBP-0x4],-0x1 + * 0046CDBC 0FB60D C0E26C00 MOVZX ECX,BYTE PTR DS:[0x6CE2C0] + * 0046CDC3 85C9 TEST ECX,ECX + * 0046CDC5 0F84 63010000 JE Game.0046CF2E + * 0046CDCB C605 C0E26C00 00 MOV BYTE PTR DS:[0x6CE2C0],0x0 + * 0046CDD2 6A 50 PUSH 0x50 + * 0046CDD4 B9 90436F00 MOV ECX,Game.006F4390 + * 0046CDD9 E8 C2190300 CALL Game.0049E7A0 + * 0046CDDE 6A 50 PUSH 0x50 + * 0046CDE0 B9 B0436F00 MOV ECX,Game.006F43B0 + * 0046CDE5 E8 B6190300 CALL Game.0049E7A0 + * 0046CDEA 6A 50 PUSH 0x50 + * 0046CDEC B9 A0436F00 MOV ECX,Game.006F43A0 + * 0046CDF1 E8 AA190300 CALL Game.0049E7A0 + * 0046CDF6 6A 50 PUSH 0x50 + * 0046CDF8 B9 C0436F00 MOV ECX,Game.006F43C0 + * 0046CDFD E8 9E190300 CALL Game.0049E7A0 + * 0046CE02 6A 0C PUSH 0xC + * 0046CE04 B9 003B6F00 MOV ECX,Game.006F3B00 + * 0046CE09 E8 F20CFEFF CALL Game.0044DB00 + * 0046CE0E 50 PUSH EAX + * 0046CE0F B9 B0A86F00 MOV ECX,Game.006FA8B0 + * 0046CE14 E8 87190300 CALL Game.0049E7A0 + * 0046CE19 C745 80 00000000 MOV DWORD PTR SS:[EBP-0x80],0x0 + * 0046CE20 EB 09 JMP SHORT Game.0046CE2B + * 0046CE22 8B55 80 MOV EDX,DWORD PTR SS:[EBP-0x80] + * 0046CE25 83C2 01 ADD EDX,0x1 + * 0046CE28 8955 80 MOV DWORD PTR SS:[EBP-0x80],EDX + * 0046CE2B 6A 0C PUSH 0xC + * 0046CE2D B9 003B6F00 MOV ECX,Game.006F3B00 + * 0046CE32 E8 C90CFEFF CALL Game.0044DB00 + * 0046CE37 3945 80 CMP DWORD PTR SS:[EBP-0x80],EAX + * 0046CE3A 0F8D EE000000 JGE Game.0046CF2E + * 0046CE40 6A 00 PUSH 0x0 + * 0046CE42 6A 02 PUSH 0x2 + * 0046CE44 8B45 80 MOV EAX,DWORD PTR SS:[EBP-0x80] + * 0046CE47 50 PUSH EAX + * 0046CE48 6A 0C PUSH 0xC + * 0046CE4A B9 003B6F00 MOV ECX,Game.006F3B00 + * 0046CE4F E8 0CF2FDFF CALL Game.0044C060 + * 0046CE54 85C0 TEST EAX,EAX + * 0046CE56 7D 0C JGE SHORT Game.0046CE64 + * 0046CE58 C785 B8FDFFFF 00>MOV DWORD PTR SS:[EBP-0x248],0x0 + * 0046CE62 EB 1A JMP SHORT Game.0046CE7E + * 0046CE64 6A 00 PUSH 0x0 + * 0046CE66 6A 02 PUSH 0x2 + * 0046CE68 8B4D 80 MOV ECX,DWORD PTR SS:[EBP-0x80] + * 0046CE6B 51 PUSH ECX + * 0046CE6C 6A 0C PUSH 0xC + * 0046CE6E B9 003B6F00 MOV ECX,Game.006F3B00 + * 0046CE73 E8 E8F1FDFF CALL Game.0044C060 + * 0046CE78 8985 B8FDFFFF MOV DWORD PTR SS:[EBP-0x248],EAX + * 0046CE7E 6A 00 PUSH 0x0 + * 0046CE80 6A 01 PUSH 0x1 + * 0046CE82 8B55 80 MOV EDX,DWORD PTR SS:[EBP-0x80] + * 0046CE85 52 PUSH EDX + * 0046CE86 6A 0C PUSH 0xC + * 0046CE88 B9 003B6F00 MOV ECX,Game.006F3B00 + * 0046CE8D E8 CEF1FDFF CALL Game.0044C060 + * 0046CE92 85C0 TEST EAX,EAX + * 0046CE94 7D 0C JGE SHORT Game.0046CEA2 + * 0046CE96 C785 B4FDFFFF 00>MOV DWORD PTR SS:[EBP-0x24C],0x0 + * 0046CEA0 EB 1A JMP SHORT Game.0046CEBC + * 0046CEA2 6A 00 PUSH 0x0 + * 0046CEA4 6A 01 PUSH 0x1 + * 0046CEA6 8B45 80 MOV EAX,DWORD PTR SS:[EBP-0x80] + * 0046CEA9 50 PUSH EAX + * 0046CEAA 6A 0C PUSH 0xC + * 0046CEAC B9 003B6F00 MOV ECX,Game.006F3B00 + * 0046CEB1 E8 AAF1FDFF CALL Game.0044C060 + * 0046CEB6 8985 B4FDFFFF MOV DWORD PTR SS:[EBP-0x24C],EAX + * 0046CEBC 6A 00 PUSH 0x0 + * 0046CEBE 6A 00 PUSH 0x0 + * 0046CEC0 8B4D 80 MOV ECX,DWORD PTR SS:[EBP-0x80] + * 0046CEC3 51 PUSH ECX + * 0046CEC4 6A 0C PUSH 0xC + * 0046CEC6 B9 003B6F00 MOV ECX,Game.006F3B00 + * 0046CECB E8 90F1FDFF CALL Game.0044C060 + * 0046CED0 85C0 TEST EAX,EAX + * 0046CED2 7D 0C JGE SHORT Game.0046CEE0 + * 0046CED4 C785 B0FDFFFF 00>MOV DWORD PTR SS:[EBP-0x250],0x0 + * 0046CEDE EB 1A JMP SHORT Game.0046CEFA + * 0046CEE0 6A 00 PUSH 0x0 + * 0046CEE2 6A 00 PUSH 0x0 + * 0046CEE4 8B55 80 MOV EDX,DWORD PTR SS:[EBP-0x80] + * 0046CEE7 52 PUSH EDX + * 0046CEE8 6A 0C PUSH 0xC + * 0046CEEA B9 003B6F00 MOV ECX,Game.006F3B00 + * 0046CEEF E8 6CF1FDFF CALL Game.0044C060 + * 0046CEF4 8985 B0FDFFFF MOV DWORD PTR SS:[EBP-0x250],EAX + * 0046CEFA 8B85 B8FDFFFF MOV EAX,DWORD PTR SS:[EBP-0x248] + * 0046CF00 50 PUSH EAX + * 0046CF01 8B8D B4FDFFFF MOV ECX,DWORD PTR SS:[EBP-0x24C] + * 0046CF07 51 PUSH ECX + * 0046CF08 8B95 B0FDFFFF MOV EDX,DWORD PTR SS:[EBP-0x250] + * 0046CF0E 52 PUSH EDX + * 0046CF0F E8 4CE10700 CALL Game.004EB060 + * 0046CF14 83C4 0C ADD ESP,0xC + * 0046CF17 8BF0 MOV ESI,EAX + * 0046CF19 8B45 80 MOV EAX,DWORD PTR SS:[EBP-0x80] + * 0046CF1C 50 PUSH EAX + * 0046CF1D B9 B0A86F00 MOV ECX,Game.006FA8B0 + * 0046CF22 E8 D9180300 CALL Game.0049E800 + * 0046CF27 8930 MOV DWORD PTR DS:[EAX],ESI + * 0046CF29 ^E9 F4FEFFFF JMP Game.0046CE22 + * 0046CF2E C745 84 00000000 MOV DWORD PTR SS:[EBP-0x7C],0x0 + * 0046CF35 8B8D C4FDFFFF MOV ECX,DWORD PTR SS:[EBP-0x23C] + * 0046CF3B C741 68 00000000 MOV DWORD PTR DS:[ECX+0x68],0x0 + * 0046CF42 8B8D C4FDFFFF MOV ECX,DWORD PTR SS:[EBP-0x23C] + * 0046CF48 E8 23FE0200 CALL Game.0049CD70 + * 0046CF4D 8945 C4 MOV DWORD PTR SS:[EBP-0x3C],EAX + * 0046CF50 8D4D 9C LEA ECX,DWORD PTR SS:[EBP-0x64] + * 0046CF53 E8 D8FA0200 CALL Game.0049CA30 + * 0046CF58 C745 FC 01000000 MOV DWORD PTR SS:[EBP-0x4],0x1 + * 0046CF5F 8D4D D4 LEA ECX,DWORD PTR SS:[EBP-0x2C] + * 0046CF62 E8 C9FA0200 CALL Game.0049CA30 + * 0046CF67 C645 FC 02 MOV BYTE PTR SS:[EBP-0x4],0x2 + * 0046CF6B 8B95 C4FDFFFF MOV EDX,DWORD PTR SS:[EBP-0x23C] + * 0046CF71 C742 70 00000000 MOV DWORD PTR DS:[EDX+0x70],0x0 + * 0046CF78 8B85 C4FDFFFF MOV EAX,DWORD PTR SS:[EBP-0x23C] + * 0046CF7E C780 DC000000 00>MOV DWORD PTR DS:[EAX+0xDC],0x0 + * 0046CF88 8B8D C4FDFFFF MOV ECX,DWORD PTR SS:[EBP-0x23C] + * 0046CF8E C741 78 00000000 MOV DWORD PTR DS:[ECX+0x78],0x0 + * 0046CF95 8B15 4C546F00 MOV EDX,DWORD PTR DS:[0x6F544C] + * 0046CF9B 52 PUSH EDX + * 0046CF9C 8B8D C4FDFFFF MOV ECX,DWORD PTR SS:[EBP-0x23C] + * 0046CFA2 E8 F9480000 CALL Game.004718A0 + * 0046CFA7 8B8D C4FDFFFF MOV ECX,DWORD PTR SS:[EBP-0x23C] + * 0046CFAD 8941 74 MOV DWORD PTR DS:[ECX+0x74],EAX + * 0046CFB0 6A FF PUSH -0x1 + * 0046CFB2 8B95 C4FDFFFF MOV EDX,DWORD PTR SS:[EBP-0x23C] + * 0046CFB8 8B42 78 MOV EAX,DWORD PTR DS:[EDX+0x78] + * 0046CFBB 50 PUSH EAX + * 0046CFBC 8B8D C4FDFFFF MOV ECX,DWORD PTR SS:[EBP-0x23C] + * 0046CFC2 E8 A9460000 CALL Game.00471670 + * 0046CFC7 50 PUSH EAX + * 0046CFC8 8B8D C4FDFFFF MOV ECX,DWORD PTR SS:[EBP-0x23C] + * 0046CFCE 8B51 74 MOV EDX,DWORD PTR DS:[ECX+0x74] + * 0046CFD1 52 PUSH EDX + * 0046CFD2 8B85 C4FDFFFF MOV EAX,DWORD PTR SS:[EBP-0x23C] + * 0046CFD8 8B88 DC000000 MOV ECX,DWORD PTR DS:[EAX+0xDC] + * 0046CFDE 51 PUSH ECX + * 0046CFDF B9 90436F00 MOV ECX,Game.006F4390 + * 0046CFE4 E8 17440000 CALL Game.00471400 + * 0046CFE9 8B95 C4FDFFFF MOV EDX,DWORD PTR SS:[EBP-0x23C] + * 0046CFEF C742 5C 00000000 MOV DWORD PTR DS:[EDX+0x5C],0x0 + * 0046CFF6 8B85 C4FDFFFF MOV EAX,DWORD PTR SS:[EBP-0x23C] + * 0046CFFC C740 60 00000000 MOV DWORD PTR DS:[EAX+0x60],0x0 + * 0046D003 8B8D C4FDFFFF MOV ECX,DWORD PTR SS:[EBP-0x23C] + * 0046D009 C741 64 00000000 MOV DWORD PTR DS:[ECX+0x64],0x0 + * 0046D010 C745 8C 00000000 MOV DWORD PTR SS:[EBP-0x74],0x0 + * 0046D017 C745 C8 00000000 MOV DWORD PTR SS:[EBP-0x38],0x0 + * 0046D01E 8B15 EC446F00 MOV EDX,DWORD PTR DS:[0x6F44EC] + * 0046D024 8955 CC MOV DWORD PTR SS:[EBP-0x34],EDX + * 0046D027 A1 8C576F00 MOV EAX,DWORD PTR DS:[0x6F578C] + * 0046D02C 0FBE08 MOVSX ECX,BYTE PTR DS:[EAX] + * 0046D02F 894D 88 MOV DWORD PTR SS:[EBP-0x78],ECX + * 0046D032 8B95 C4FDFFFF MOV EDX,DWORD PTR SS:[EBP-0x23C] + * 0046D038 0FB682 E0000000 MOVZX EAX,BYTE PTR DS:[EDX+0xE0] + * 0046D03F 85C0 TEST EAX,EAX + * 0046D041 74 07 JE SHORT Game.0046D04A + * 0046D043 C745 8C 00000000 MOV DWORD PTR SS:[EBP-0x74],0x0 + * 0046D04A C745 B8 C0BDF0FF MOV DWORD PTR SS:[EBP-0x48],0xFFF0BDC0 + * 0046D051 8B8D C4FDFFFF MOV ECX,DWORD PTR SS:[EBP-0x23C] + * 0046D057 C781 F8000000 00>MOV DWORD PTR DS:[ECX+0xF8],0x0 + * 0046D061 C745 BC 00000000 MOV DWORD PTR SS:[EBP-0x44],0x0 + * 0046D068 C645 9B 00 MOV BYTE PTR SS:[EBP-0x65],0x0 + * 0046D06C C745 90 00000000 MOV DWORD PTR SS:[EBP-0x70],0x0 + * 0046D073 C745 94 00000000 MOV DWORD PTR SS:[EBP-0x6C],0x0 + * 0046D07A C745 C0 00000000 MOV DWORD PTR SS:[EBP-0x40],0x0 + * 0046D081 8B15 28E26C00 MOV EDX,DWORD PTR DS:[0x6CE228] + * 0046D087 D1E2 SHL EDX,1 + * 0046D089 8B85 C4FDFFFF MOV EAX,DWORD PTR SS:[EBP-0x23C] + * 0046D08F 8990 00010000 MOV DWORD PTR DS:[EAX+0x100],EDX + * 0046D095 813D 30456F00 C8>CMP DWORD PTR DS:[0x6F4530],0xC8 + * 0046D09F 75 1D JNZ SHORT Game.0046D0BE + * 0046D0A1 8B8D C4FDFFFF MOV ECX,DWORD PTR SS:[EBP-0x23C] + * 0046D0A7 8B81 00010000 MOV EAX,DWORD PTR DS:[ECX+0x100] + * 0046D0AD 99 CDQ + * 0046D0AE 2BC2 SUB EAX,EDX + * 0046D0B0 D1F8 SAR EAX,1 + * 0046D0B2 8B95 C4FDFFFF MOV EDX,DWORD PTR SS:[EBP-0x23C] + * 0046D0B8 8982 00010000 MOV DWORD PTR DS:[EDX+0x100],EAX + * 0046D0BE 8B8D C4FDFFFF MOV ECX,DWORD PTR SS:[EBP-0x23C] + * 0046D0C4 E8 C7FC0200 CALL Game.0049CD90 + * 0046D0C9 8B8D C4FDFFFF MOV ECX,DWORD PTR SS:[EBP-0x23C] + * 0046D0CF 3941 68 CMP DWORD PTR DS:[ECX+0x68],EAX + * 0046D0D2 0F8D ED420000 JGE Game.004713C5 + * 0046D0D8 8B55 C4 MOV EDX,DWORD PTR SS:[EBP-0x3C] + * 0046D0DB 8955 D0 MOV DWORD PTR SS:[EBP-0x30],EDX + * 0046D0DE 8B85 C4FDFFFF MOV EAX,DWORD PTR SS:[EBP-0x23C] + * 0046D0E4 8B48 68 MOV ECX,DWORD PTR DS:[EAX+0x68] + * 0046D0E7 894D 84 MOV DWORD PTR SS:[EBP-0x7C],ECX + * 0046D0EA 8B55 C4 MOV EDX,DWORD PTR SS:[EBP-0x3C] + * 0046D0ED 52 PUSH EDX + * 0046D0EE FF15 94926900 CALL DWORD PTR DS:[<&USER32.CharNextA>] ; user32.CharNextA + * 0046D0F4 8945 90 MOV DWORD PTR SS:[EBP-0x70],EAX + * 0046D0F7 8B45 90 MOV EAX,DWORD PTR SS:[EBP-0x70] + * 0046D0FA 2B45 C4 SUB EAX,DWORD PTR SS:[EBP-0x3C] + * 0046D0FD 8945 94 MOV DWORD PTR SS:[EBP-0x6C],EAX + * 0046D100 8B8D C4FDFFFF MOV ECX,DWORD PTR SS:[EBP-0x23C] + * 0046D106 8B51 68 MOV EDX,DWORD PTR DS:[ECX+0x68] + * 0046D109 0355 94 ADD EDX,DWORD PTR SS:[EBP-0x6C] + * 0046D10C 8B85 C4FDFFFF MOV EAX,DWORD PTR SS:[EBP-0x23C] + * 0046D112 8950 68 MOV DWORD PTR DS:[EAX+0x68],EDX + * 0046D115 8B4D D0 MOV ECX,DWORD PTR SS:[EBP-0x30] + * 0046D118 51 PUSH ECX + * 0046D119 FF15 94926900 CALL DWORD PTR DS:[<&USER32.CharNextA>] ; user32.CharNextA + * 0046D11F 8945 C4 MOV DWORD PTR SS:[EBP-0x3C],EAX + * 0046D122 0FB655 08 MOVZX EDX,BYTE PTR SS:[EBP+0x8] + * 0046D126 85D2 TEST EDX,EDX + * 0046D128 74 51 JE SHORT Game.0046D17B + * 0046D12A 0FB645 9B MOVZX EAX,BYTE PTR SS:[EBP-0x65] + * 0046D12E 85C0 TEST EAX,EAX + * 0046D130 74 49 JE SHORT Game.0046D17B + * 0046D132 8B8D C4FDFFFF MOV ECX,DWORD PTR SS:[EBP-0x23C] + * 0046D138 DB41 68 FILD DWORD PTR DS:[ECX+0x68] + * 0046D13B 8B95 C4FDFFFF MOV EDX,DWORD PTR SS:[EBP-0x23C] + * 0046D141 DAA2 F8000000 FISUB DWORD PTR DS:[EDX+0xF8] + * 0046D147 8B85 C4FDFFFF MOV EAX,DWORD PTR SS:[EBP-0x23C] + * 0046D14D DC98 88000000 FCOMP QWORD PTR DS:[EAX+0x88] + * 0046D153 DFE0 FSTSW AX + * 0046D155 F6C4 41 TEST AH,0x41 + * 0046D158 75 21 JNZ SHORT Game.0046D17B + * 0046D15A 8B8D C4FDFFFF MOV ECX,DWORD PTR SS:[EBP-0x23C] + * 0046D160 DB41 68 FILD DWORD PTR DS:[ECX+0x68] + * 0046D163 8B95 C4FDFFFF MOV EDX,DWORD PTR SS:[EBP-0x23C] + * 0046D169 DAA2 F8000000 FISUB DWORD PTR DS:[EDX+0xF8] + * 0046D16F 8B85 C4FDFFFF MOV EAX,DWORD PTR SS:[EBP-0x23C] + * 0046D175 DD98 88000000 FSTP QWORD PTR DS:[EAX+0x88] + * 0046D17B 0FB64D 08 MOVZX ECX,BYTE PTR SS:[EBP+0x8] + * 0046D17F 85C9 TEST ECX,ECX + * 0046D181 74 35 JE SHORT Game.0046D1B8 + * 0046D183 0FB655 9B MOVZX EDX,BYTE PTR SS:[EBP-0x65] + * 0046D187 85D2 TEST EDX,EDX + * 0046D189 75 2D JNZ SHORT Game.0046D1B8 + * 0046D18B 8B85 C4FDFFFF MOV EAX,DWORD PTR SS:[EBP-0x23C] + * 0046D191 DD80 88000000 FLD QWORD PTR DS:[EAX+0x88] + * 0046D197 E8 54FF0500 CALL Game.004CD0F0 + * 0046D19C 8B8D C4FDFFFF MOV ECX,DWORD PTR SS:[EBP-0x23C] + * 0046D1A2 0381 F8000000 ADD EAX,DWORD PTR DS:[ECX+0xF8] + * 0046D1A8 8B95 C4FDFFFF MOV EDX,DWORD PTR SS:[EBP-0x23C] + * 0046D1AE 3942 68 CMP DWORD PTR DS:[EDX+0x68],EAX + * 0046D1B1 7E 05 JLE SHORT Game.0046D1B8 + * 0046D1B3 E9 0D420000 JMP Game.004713C5 + * 0046D1B8 8B85 C4FDFFFF MOV EAX,DWORD PTR SS:[EBP-0x23C] + * 0046D1BE 0FB688 E2000000 MOVZX ECX,BYTE PTR DS:[EAX+0xE2] + * 0046D1C5 85C9 TEST ECX,ECX + * 0046D1C7 74 1C JE SHORT Game.0046D1E5 + * 0046D1C9 8B95 C4FDFFFF MOV EDX,DWORD PTR SS:[EBP-0x23C] + * 0046D1CF 8B85 C4FDFFFF MOV EAX,DWORD PTR SS:[EBP-0x23C] + * 0046D1D5 8B8A EC000000 MOV ECX,DWORD PTR DS:[EDX+0xEC] + * 0046D1DB 3B48 68 CMP ECX,DWORD PTR DS:[EAX+0x68] + * 0046D1DE 7D 05 JGE SHORT Game.0046D1E5 + * 0046D1E0 E9 E0410000 JMP Game.004713C5 + * 0046D1E5 8B95 C4FDFFFF MOV EDX,DWORD PTR SS:[EBP-0x23C] + * 0046D1EB 83BA E8000000 00 CMP DWORD PTR DS:[EDX+0xE8],0x0 + * 0046D1F2 7E 1F JLE SHORT Game.0046D213 + * 0046D1F4 8B85 C4FDFFFF MOV EAX,DWORD PTR SS:[EBP-0x23C] + * 0046D1FA 8B88 E4000000 MOV ECX,DWORD PTR DS:[EAX+0xE4] + * 0046D200 83E9 01 SUB ECX,0x1 + * 0046D203 8B95 C4FDFFFF MOV EDX,DWORD PTR SS:[EBP-0x23C] + * 0046D209 3B4A 68 CMP ECX,DWORD PTR DS:[EDX+0x68] + * 0046D20C 7D 05 JGE SHORT Game.0046D213 + * 0046D20E E9 B2410000 JMP Game.004713C5 + * 0046D213 8B85 C4FDFFFF MOV EAX,DWORD PTR SS:[EBP-0x23C] + * 0046D219 8B48 68 MOV ECX,DWORD PTR DS:[EAX+0x68] + * 0046D21C 2B4D 84 SUB ECX,DWORD PTR SS:[EBP-0x7C] + * 0046D21F 51 PUSH ECX + * 0046D220 8B55 84 MOV EDX,DWORD PTR SS:[EBP-0x7C] + * 0046D223 52 PUSH EDX + * 0046D224 8D85 84FEFFFF LEA EAX,DWORD PTR SS:[EBP-0x17C] + * 0046D22A 50 PUSH EAX + * 0046D22B 8B8D C4FDFFFF MOV ECX,DWORD PTR SS:[EBP-0x23C] + * 0046D231 E8 4AFC0200 CALL Game.0049CE80 ; jichi; text in [arg1 + 0x4] + * 0046D236 8985 ACFDFFFF MOV DWORD PTR SS:[EBP-0x254],EAX + * 0046D23C 8B8D ACFDFFFF MOV ECX,DWORD PTR SS:[EBP-0x254] + * 0046D242 898D A8FDFFFF MOV DWORD PTR SS:[EBP-0x258],ECX + * 0046D248 C645 FC 03 MOV BYTE PTR SS:[EBP-0x4],0x3 + * 0046D24C 8B95 A8FDFFFF MOV EDX,DWORD PTR SS:[EBP-0x258] + * 0046D252 52 PUSH EDX + * + * This is the function being called + * 0047168D CC INT3 + * 0047168E CC INT3 + * 0047168F CC INT3 + * 00471690 55 PUSH EBP + * 00471691 8BEC MOV EBP,ESP + * 00471693 83EC 3C SUB ESP,0x3C + * 00471696 894D EC MOV DWORD PTR SS:[EBP-0x14],ECX + * 00471699 8B45 EC MOV EAX,DWORD PTR SS:[EBP-0x14] + * 0047169C 83C0 1C ADD EAX,0x1C + * 0047169F 50 PUSH EAX + * 004716A0 8B4D EC MOV ECX,DWORD PTR SS:[EBP-0x14] + * 004716A3 83C1 38 ADD ECX,0x38 + * 004716A6 E8 65B40200 CALL Game.0049CB10 + * 004716AB 8B4D EC MOV ECX,DWORD PTR SS:[EBP-0x14] + * 004716AE 81C1 9C000000 ADD ECX,0x9C + * 004716B4 E8 47CF0200 CALL Game.0049E600 + * 004716B9 8B4D EC MOV ECX,DWORD PTR SS:[EBP-0x14] + * 004716BC 81C1 AC000000 ADD ECX,0xAC + * 004716C2 E8 39CF0200 CALL Game.0049E600 + * 004716C7 8B4D EC MOV ECX,DWORD PTR SS:[EBP-0x14] + * 004716CA 81C1 BC000000 ADD ECX,0xBC + * 004716D0 E8 2BCF0200 CALL Game.0049E600 + * 004716D5 8B4D EC MOV ECX,DWORD PTR SS:[EBP-0x14] + * 004716D8 C781 F0000000 00>MOV DWORD PTR DS:[ECX+0xF0],0x0 + * 004716E2 8B55 EC MOV EDX,DWORD PTR SS:[EBP-0x14] + * 004716E5 C782 F4000000 00>MOV DWORD PTR DS:[EDX+0xF4],0x0 + * 004716EF 8B45 EC MOV EAX,DWORD PTR SS:[EBP-0x14] + * 004716F2 0FB688 98000000 MOVZX ECX,BYTE PTR DS:[EAX+0x98] + * 004716F9 85C9 TEST ECX,ECX + * 004716FB 75 20 JNZ SHORT Game.0047171D + * 004716FD 8B55 EC MOV EDX,DWORD PTR SS:[EBP-0x14] + * 00471700 DD05 10DD6900 FLD QWORD PTR DS:[0x69DD10] + * 00471706 DD9A 88000000 FSTP QWORD PTR DS:[EDX+0x88] + * 0047170C 8B45 EC MOV EAX,DWORD PTR SS:[EBP-0x14] + * 0047170F DD05 10DD6900 FLD QWORD PTR DS:[0x69DD10] + * 00471715 DD98 90000000 FSTP QWORD PTR DS:[EAX+0x90] + * 0047171B EB 0F JMP SHORT Game.0047172C + * 0047171D 8B4D EC MOV ECX,DWORD PTR SS:[EBP-0x14] + * 00471720 DD05 B8E26900 FLD QWORD PTR DS:[0x69E2B8] + * 00471726 DD99 88000000 FSTP QWORD PTR DS:[ECX+0x88] + * 0047172C 8B55 EC MOV EDX,DWORD PTR SS:[EBP-0x14] + * 0047172F 83C2 1C ADD EDX,0x1C + * 00471732 52 PUSH EDX + * 00471733 8B4D EC MOV ECX,DWORD PTR SS:[EBP-0x14] + * 00471736 E8 D5B30200 CALL Game.0049CB10 + * 0047173B C745 F8 00000000 MOV DWORD PTR SS:[EBP-0x8],0x0 + * 00471742 C745 F0 00000000 MOV DWORD PTR SS:[EBP-0x10],0x0 + * 00471749 C745 FC 00000000 MOV DWORD PTR SS:[EBP-0x4],0x0 + * 00471750 8B45 EC MOV EAX,DWORD PTR SS:[EBP-0x14] + * 00471753 C780 E4000000 00>MOV DWORD PTR DS:[EAX+0xE4],0x0 + * 0047175D 8B4D EC MOV ECX,DWORD PTR SS:[EBP-0x14] + * 00471760 C781 E8000000 00>MOV DWORD PTR DS:[ECX+0xE8],0x0 + * 0047176A 8B55 EC MOV EDX,DWORD PTR SS:[EBP-0x14] + * 0047176D C782 EC000000 00>MOV DWORD PTR DS:[EDX+0xEC],0x0 + * 00471777 8B45 EC MOV EAX,DWORD PTR SS:[EBP-0x14] + * 0047177A C780 F8000000 00>MOV DWORD PTR DS:[EAX+0xF8],0x0 + * 00471784 8B4D EC MOV ECX,DWORD PTR SS:[EBP-0x14] + * 00471787 C681 E2000000 00 MOV BYTE PTR DS:[ECX+0xE2],0x0 + * 0047178E 8B55 EC MOV EDX,DWORD PTR SS:[EBP-0x14] + * 00471791 C682 E3000000 00 MOV BYTE PTR DS:[EDX+0xE3],0x0 + * 00471798 C745 F4 00000000 MOV DWORD PTR SS:[EBP-0xC],0x0 + * 0047179F 6A 00 PUSH 0x0 + * 004717A1 68 B4E26900 PUSH Game.0069E2B4 + * 004717A6 8B4D EC MOV ECX,DWORD PTR SS:[EBP-0x14] + * 004717A9 E8 72B60200 CALL Game.0049CE20 + * 004717AE 8945 F4 MOV DWORD PTR SS:[EBP-0xC],EAX + * 004717B1 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-0xC] + * 004717B4 3B05 FCD86900 CMP EAX,DWORD PTR DS:[0x69D8FC] + * 004717BA 0F84 D3000000 JE Game.00471893 + * 004717C0 8B4D EC MOV ECX,DWORD PTR SS:[EBP-0x14] + * 004717C3 DD81 80000000 FLD QWORD PTR DS:[ECX+0x80] + * 004717C9 8B55 F4 MOV EDX,DWORD PTR SS:[EBP-0xC] + * 004717CC 83C2 01 ADD EDX,0x1 + * 004717CF 8955 E8 MOV DWORD PTR SS:[EBP-0x18],EDX + * 004717D2 DB45 E8 FILD DWORD PTR SS:[EBP-0x18] + * 004717D5 DC0D 28716B00 FMUL QWORD PTR DS:[0x6B7128] + * 004717DB DA35 24E26C00 FIDIV DWORD PTR DS:[0x6CE224] + * 004717E1 DED9 FCOMPP + * 004717E3 DFE0 FSTSW AX + * 004717E5 F6C4 41 TEST AH,0x41 + * 004717E8 75 0E JNZ SHORT Game.004717F8 + * 004717EA 8B45 EC MOV EAX,DWORD PTR SS:[EBP-0x14] + * 004717ED DD80 80000000 FLD QWORD PTR DS:[EAX+0x80] + * 004717F3 DD5D E0 FSTP QWORD PTR SS:[EBP-0x20] + * 004717F6 EB 1B JMP SHORT Game.00471813 + * 004717F8 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-0xC] + * 004717FB 83C1 01 ADD ECX,0x1 + * 004717FE 894D DC MOV DWORD PTR SS:[EBP-0x24],ECX + * 00471801 DB45 DC FILD DWORD PTR SS:[EBP-0x24] + * 00471804 DC0D 28716B00 FMUL QWORD PTR DS:[0x6B7128] + * 0047180A DA35 24E26C00 FIDIV DWORD PTR DS:[0x6CE224] + * 00471810 DD5D E0 FSTP QWORD PTR SS:[EBP-0x20] + * 00471813 DD05 58AB6A00 FLD QWORD PTR DS:[0x6AAB58] + * 00471819 DC5D E0 FCOMP QWORD PTR SS:[EBP-0x20] + * 0047181C DFE0 FSTSW AX + * 0047181E F6C4 41 TEST AH,0x41 + * 00471821 75 0B JNZ SHORT Game.0047182E + * 00471823 DD05 58AB6A00 FLD QWORD PTR DS:[0x6AAB58] + * 00471829 DD5D D4 FSTP QWORD PTR SS:[EBP-0x2C] + * 0047182C EB 59 JMP SHORT Game.00471887 + * 0047182E 8B55 EC MOV EDX,DWORD PTR SS:[EBP-0x14] + * 00471831 DD82 80000000 FLD QWORD PTR DS:[EDX+0x80] + * 00471837 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-0xC] + * 0047183A 83C0 01 ADD EAX,0x1 + * 0047183D 8945 D0 MOV DWORD PTR SS:[EBP-0x30],EAX + * 00471840 DB45 D0 FILD DWORD PTR SS:[EBP-0x30] + * 00471843 DC0D 28716B00 FMUL QWORD PTR DS:[0x6B7128] + * 00471849 DA35 24E26C00 FIDIV DWORD PTR DS:[0x6CE224] + * 0047184F DED9 FCOMPP + * 00471851 DFE0 FSTSW AX + * 00471853 F6C4 41 TEST AH,0x41 + * 00471856 75 0E JNZ SHORT Game.00471866 + * 00471858 8B4D EC MOV ECX,DWORD PTR SS:[EBP-0x14] + * 0047185B DD81 80000000 FLD QWORD PTR DS:[ECX+0x80] + * 00471861 DD5D C8 FSTP QWORD PTR SS:[EBP-0x38] + * 00471864 EB 1B JMP SHORT Game.00471881 + * 00471866 8B55 F4 MOV EDX,DWORD PTR SS:[EBP-0xC] + * 00471869 83C2 01 ADD EDX,0x1 + * 0047186C 8955 C4 MOV DWORD PTR SS:[EBP-0x3C],EDX + * 0047186F DB45 C4 FILD DWORD PTR SS:[EBP-0x3C] + * 00471872 DC0D 28716B00 FMUL QWORD PTR DS:[0x6B7128] + * 00471878 DA35 24E26C00 FIDIV DWORD PTR DS:[0x6CE224] + * 0047187E DD5D C8 FSTP QWORD PTR SS:[EBP-0x38] + * 00471881 DD45 C8 FLD QWORD PTR SS:[EBP-0x38] + * 00471884 DD5D D4 FSTP QWORD PTR SS:[EBP-0x2C] + * 00471887 8B45 EC MOV EAX,DWORD PTR SS:[EBP-0x14] + * 0047188A DD45 D4 FLD QWORD PTR SS:[EBP-0x2C] + * 0047188D DD98 80000000 FSTP QWORD PTR DS:[EAX+0x80] + * 00471893 8BE5 MOV ESP,EBP + * 00471895 5D POP EBP + * 00471896 C3 RETN + * 00471897 CC INT3 + * 00471898 CC INT3 + * 00471899 CC INT3 + */ +bool attach(ULONG startAddress, ULONG stopAddress) // attach other text +{ + ULONG addr = MemDbg::findCallerAddressAfterInt3((ULONG)::CharNextA, startAddress, stopAddress); + //addr = MemDbg::findNearCallAddress(addr, startAddress, stopAddress); + //if (!addr) + // return false; + if(addr==0)return 0; + HookParam hp; + hp.address=addr; + hp.offset=get_reg(regs::ecx); + hp.index = 4; + hp.hook_before=Private::hookBefore; + hp.hook_after=Private::hookafter2; + hp.type=USING_STRING|DATA_INDIRECT|EMBED_ABLE|EMBED_DYNA_SJIS; + hp.hook_font=F_GetGlyphOutlineA; + return NewHook(hp,"EmbedWolf"); +} + + +} // namespace ScenarioHook + +} // unnamed namespace + +bool Wolf::attach_function() { + auto _=ScenarioHook::attach(processStartAddress,processStopAddress); + return InsertWolfHook()||hook56()||_; +} \ No newline at end of file diff --git a/LunaHook/engine32/Wolf.h b/LunaHook/engine32/Wolf.h new file mode 100644 index 0000000..904f6b3 --- /dev/null +++ b/LunaHook/engine32/Wolf.h @@ -0,0 +1,11 @@ +#include"engine.h" + +class Wolf:public ENGINE{ + public: + Wolf(){ + + check_by=CHECK_BY::FILE_ANY; + check_by_target=check_by_list{L"data.wolf",L"data\\*.wolf",L"data\\basicdata\\cdatabase.dat"}; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/XUSE.cpp b/LunaHook/engine32/XUSE.cpp new file mode 100644 index 0000000..f07246f --- /dev/null +++ b/LunaHook/engine32/XUSE.cpp @@ -0,0 +1,65 @@ +#include"XUSE.h" + +bool InsertXUSEHook2() { + //最果てのイマ -COMPLETE- + ConsoleOutput("maybe XUSE2"); + + BYTE bytes[] = { + 0x68,0x34,0x01,0x00,0x00 + //v39 = v16; + //v40 = v15; <----- v15 ,eax + //v41 = (const char*)operator new(0x134u); + }; + auto succ=false; + auto addrs = Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE, processStartAddress, processStopAddress); + for (auto addr : addrs) { + + HookParam hp; + hp.address = addr ; + hp.offset=get_reg(regs::eax); + hp.type = CODEC_ANSI_BE|NO_CONTEXT | USING_SPLIT; + hp.split = 0; + ConsoleOutput("XUSE2 %p", addr); + + succ|=NewHook(hp, "XUSE2"); + } + return succ; + +} +bool InsertXUSEHook() { + //詩乃先生の誘惑授業 + //憂ちゃんの新妻だいあり~ + ConsoleOutput("maybe XUSE"); + BYTE bytes[] = { + 0x6a,0x00, + XX, + 0x6a,0x05, + XX, + XX, + 0xff,0x15,XX4, + 0x8b,0xf0, + 0x83,0xfe,0xff + + }; + auto succ=false; + auto addrs = Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE, processStartAddress, processStopAddress); + for(auto addr : addrs){ + + HookParam hp; + hp.address = addr + 7; + hp.offset=get_reg(regs::edi); + hp.type = CODEC_ANSI_BE | NO_CONTEXT | USING_SPLIT; + hp.split = get_stack(3); + + ConsoleOutput("XUSE %p", addr); + + succ|=NewHook(hp, "XUSE"); + } + return succ; + +} + +bool XUSE::attach_function() { + + return InsertXUSEHook() || InsertXUSEHook2(); +} \ No newline at end of file diff --git a/LunaHook/engine32/XUSE.h b/LunaHook/engine32/XUSE.h new file mode 100644 index 0000000..f50769a --- /dev/null +++ b/LunaHook/engine32/XUSE.h @@ -0,0 +1,12 @@ +#include"engine.h" + +class XUSE:public ENGINE{ + public: + XUSE(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"CD/BV*"; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Xbangbang.cpp b/LunaHook/engine32/Xbangbang.cpp new file mode 100644 index 0000000..5405dfb --- /dev/null +++ b/LunaHook/engine32/Xbangbang.cpp @@ -0,0 +1,21 @@ +#include"Xbangbang.h" + +bool Xbangbang::attach_function() { + //さわさわ絵にっき + //さわさわ絵にっき2 + auto entry=Util::FindImportEntry(processStartAddress,(DWORD)GetTextExtentPoint32A); + if(entry==0)return false; + BYTE bytes[]={0xFF,0x15,XX4}; + memcpy(bytes+2,&entry,4); + bool ok=false; + for(auto addr:Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE, processStartAddress, processStopAddress)){ + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) continue; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(2); + hp.type=USING_STRING; + ok|=NewHook(hp, "Xbangbang"); + } + return ok; +} \ No newline at end of file diff --git a/LunaHook/engine32/Xbangbang.h b/LunaHook/engine32/Xbangbang.h new file mode 100644 index 0000000..52679db --- /dev/null +++ b/LunaHook/engine32/Xbangbang.h @@ -0,0 +1,12 @@ +#include"engine.h" + +class Xbangbang:public ENGINE{ + public: + Xbangbang(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"fastdata.arc"; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/YukaSystem2.cpp b/LunaHook/engine32/YukaSystem2.cpp new file mode 100644 index 0000000..b9e0e57 --- /dev/null +++ b/LunaHook/engine32/YukaSystem2.cpp @@ -0,0 +1,238 @@ +#include"YukaSystem2.h" +/** jichi 7/6/2014 YukaSystem2 + * Sample game: セミラミスの天秤 + * + * Observations from Debug: + * - Ollydbg got UTF8 text memory address + * - Hardware break points have loops on 0x4010ED + * - The hooked function seems to take 3 parameters, and arg3 is the right text + * - The text appears character by character + * + * Runtime stack: + * - return address + * - arg1 pointer's pointer + * - arg2 text + * - arg3 pointer's pointer + * - code address or -1, maybe a handle + * - unknown pointer + * - return address + * - usually zero + * + * 0040109d cc int3 + * 0040109e cc int3 + * 0040109f cc int3 + * 004010a0 /$ 55 push ebp + * 004010a1 |. 8bec mov ebp,esp + * 004010a3 |. 8b45 14 mov eax,dword ptr ss:[ebp+0x14] + * 004010a6 |. 50 push eax ; /arg4 + * 004010a7 |. 8b4d 10 mov ecx,dword ptr ss:[ebp+0x10] ; | + * 004010aa |. 51 push ecx ; |arg3 + * 004010ab |. 8b55 0c mov edx,dword ptr ss:[ebp+0xc] ; | + * 004010ae |. 52 push edx ; |arg2 + * 004010af |. 8b45 08 mov eax,dword ptr ss:[ebp+0x8] ; | + * 004010b2 |. 50 push eax ; |arg1 + * 004010b3 |. e8 48ffffff call semirami.00401000 ; \semirami.00401000 + * 004010b8 |. 83c4 10 add esp,0x10 + * 004010bb |. 8b45 08 mov eax,dword ptr ss:[ebp+0x8] + * 004010be |. 5d pop ebp + * 004010bf \. c3 retn + * 004010c0 /$ 55 push ebp + * 004010c1 |. 8bec mov ebp,esp + * 004010c3 |. 8b45 14 mov eax,dword ptr ss:[ebp+0x14] + * 004010c6 |. 50 push eax ; /arg4 + * 004010c7 |. 8b4d 10 mov ecx,dword ptr ss:[ebp+0x10] ; | + * 004010ca |. 51 push ecx ; |arg3 + * 004010cb |. 8b55 0c mov edx,dword ptr ss:[ebp+0xc] ; | + * 004010ce |. 52 push edx ; |arg2 + * 004010cf |. 8b45 08 mov eax,dword ptr ss:[ebp+0x8] ; | + * 004010d2 |. 50 push eax ; |arg1 + * 004010d3 |. e8 58ffffff call semirami.00401030 ; \semirami.00401030 + * 004010d8 |. 83c4 10 add esp,0x10 + * 004010db |. 8b45 08 mov eax,dword ptr ss:[ebp+0x8] + * 004010de |. 5d pop ebp + * 004010df \. c3 retn + * 004010e0 /$ 55 push ebp ; jichi: function begin, hook here, bp-based frame, arg2 is the text + * 004010e1 |. 8bec mov ebp,esp + * 004010e3 |. 8b45 08 mov eax,dword ptr ss:[ebp+0x8] ; jichi: ebp+0x8 = arg2 + * 004010e6 |. 8b4d 0c mov ecx,dword ptr ss:[ebp+0xc] ; jichi: arg3 is also a pointer of pointer + * 004010e9 |. 8a11 mov dl,byte ptr ds:[ecx] + * 004010eb |. 8810 mov byte ptr ds:[eax],dl ; jichi: eax is the data + * 004010ed |. 5d pop ebp + * 004010ee \. c3 retn + * 004010ef cc int3 + */ + +// Ignore image and music file names +// Sample text: "Voice\tou00012.ogg""運命論って云うのかなあ……神さまを信じてる人が多かったからだろうね、何があっても、それ�神さまが�刁�ちに与えられた試練なんだって、そ぀�ってたみたい。勿論、今でもそ぀��てあ�人はぁ�ぱぁ�るん�けど� +// Though the input string is UTF-8, it should be ASCII compatible. +static bool _yk2garbage(const char *p) +{ + //Q_ASSERT(p); + while (char ch = *p++) { + if (!( + ch >= '0' && ch <= '9' || + ch >= 'A' && ch <= 'z' || // also ignore ASCII 91-96: [ \ ] ^ _ ` + ch == '"' || ch == '.' || ch == '-' || ch == '#' + )) + return false; + } + return true; +} + +// Get text from arg2 +static void SpecialHookYukaSystem2(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) +{ + DWORD arg2 = stack->stack[2], // [esp+0x8] + arg3 = stack->stack[3]; // [esp+0xc] + //arg4 = argof(4, esp_base); // there is no arg4. arg4 is properlly a function pointer + LPCSTR text = (LPCSTR)arg2; + if (*text && !_yk2garbage(text)) { // I am sure this could be null + *data = (DWORD)text; + *len = ::strlen(text); // UTF-8 is null-terminated + if (arg3) + *split = *(DWORD *)arg3; + } +} + + +bool InsertYukaSystem2Hook() +{ + const BYTE bytes[] = { + 0x55, // 004010e0 /$ 55 push ebp ; jichi; hook here + 0x8b,0xec, // 004010e1 |. 8bec mov ebp,esp + 0x8b,0x45, 0x08, // 004010e3 |. 8b45 08 mov eax,dword ptr ss:[ebp+0x8] ; jichi: ebp+0x8 = arg2 + 0x8b,0x4d, 0x0c, // 004010e6 |. 8b4d 0c mov ecx,dword ptr ss:[ebp+0xc] + 0x8a,0x11, // 004010e9 |. 8a11 mov dl,byte ptr ds:[ecx] + 0x88,0x10, // 004010eb |. 8810 mov byte ptr ds:[eax],dl ; jichi: eax is the address to text + 0x5d, // 004010ed |. 5d pop ebp + 0xc3 // 004010ee \. c3 retn + }; + //enum { addr_offset = 0 }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + //GROWL_DWORD(addr); // supposed to be 0x4010e0 + if (!addr) { + ConsoleOutput("YukaSystem2: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.split=get_stack(2); + hp.type =USING_SPLIT| USING_STRING|CODEC_UTF8; // UTF-8, though + hp.filter_fun=[](void* data, size_t* len, HookParam* hp){ + //セミラミスの天秤 + //セミラミスの天秤 Fated Dolls + if(data==0)return false; + + if(all_ascii(reinterpret_cast(data),*len))return false; + auto str=std::string(reinterpret_cast(data),*len); + + str = std::regex_replace(str, std::regex(R"(@r\((.*?),(.*?)\))"), "$1"); + + auto wstr=StringToWideString(str); + + if(wstr.size()==1)return false; + + for(auto wc:wstr){ + if((wc>='A' && wc<='z')|| + (wc>='0' && wc<='9')|| + (wc=='"')||(wc=='.')||(wc=='-')||(wc=='#')|| + (wc==65533)||(wc==2))return false; + } + + *len = (str.size()) ; + strcpy(reinterpret_cast(data), str.c_str()); + return true; + }; + //hp.text_fun = SpecialHookYukaSystem2; + ConsoleOutput("INSERT YukaSystem2"); + return NewHook(hp, "YukaSystem2"); +} +namespace{ + bool hook2(){ + //君を仰ぎ乙女は姫に + //ずっとつくしてあげるの! + const BYTE bytes[] = { + 0x0F,0xB6,0x07, + 0x83,0xE8,0x40, + 0x75,XX, + 0x0F,0xB6,0x47,0x01, + 0x83,0xE8,0x67, + 0x8D,0x4F,0x01, + 0x75,XX, + 0x0F,0xB6,0x41,0x01, + 0x83,0xC1,0x01, + 0x83,0xE8,0x66, + 0x74,XX + }; + //enum { addr_offset = 0 }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + //GROWL_DWORD(addr); // supposed to be 0x4010e0 + if (!addr) return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) return false; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(2); + hp.type = USING_SPLIT|DATA_INDIRECT; + hp. index=0; + hp.split=get_stack(1); + return NewHook(hp, "YukaSystem2"); + } +} +namespace __{ +bool YukaSystem1Filter(LPVOID data, size_t *size, HookParam *) +{ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + + if (*len == 0) return false; + + // if acii add a space at the end of the sentence overwriting null terminator + if (*len >=2 && text[*len-2]>0) + text[(*len)++] = ' '; + + if (cpp_strnstr(text, "@r(", *len)) { + StringFilterBetween(text, len, "@r(", 3, ")", 1); // @r(2,はと) + } + + return true; +} + +bool InsertYukaSystem1Hook() +{ + /* + * Sample games: + * https://vndb.org/r71601 + * https://vndb.org/v7507 + */ + const BYTE bytes[] = { + 0x80, 0x3D, XX4, 0x01, // cmp byte ptr [kimihime.exe+16809C],01 << hook here + 0x75, 0x11, // jne kimihime.exe+42D74 + 0xB9, XX4, // mov ecx,kimihime.exe+C7F8C + 0xC6, 0x05, XX4, 0x00 // mov byte ptr [kimihime.exe+1516C5],00 + }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + ConsoleOutput("YukaSystem1: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::eax); + hp.type = USING_STRING | KNOWN_UNSTABLE; + hp.filter_fun = YukaSystem1Filter; + ConsoleOutput("INSERT YukaSystem1"); + return NewHook(hp, "YukaSystem1"); +} +} + +bool YukaSystem2::attach_function() { + bool _1=__::InsertYukaSystem1Hook(); + return InsertYukaSystem2Hook()||hook2()||_1; +} \ No newline at end of file diff --git a/LunaHook/engine32/YukaSystem2.h b/LunaHook/engine32/YukaSystem2.h new file mode 100644 index 0000000..6b81846 --- /dev/null +++ b/LunaHook/engine32/YukaSystem2.h @@ -0,0 +1,11 @@ +#include"engine.h" + +class YukaSystem2:public ENGINE{ + public: + YukaSystem2(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"*.ykc"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/Yuris.cpp b/LunaHook/engine32/Yuris.cpp new file mode 100644 index 0000000..de74f67 --- /dev/null +++ b/LunaHook/engine32/Yuris.cpp @@ -0,0 +1,392 @@ +#include"Yuris.h" +/******************************************************************************************** +YU-RIS hook: + Becomes common recently. I first encounter this game in Whirlpool games. + Problem is name is repeated multiple times. + Step out of function call to TextOuA, just before call to this function, + there should be a piece of code to calculate the length of the name. + This length is 2 for single character name and text, + For a usual name this value is greater than 2. +********************************************************************************************/ + +//bool InsertWhirlpoolHook() // jichi: 12/27/2014: Renamed to YU-RIS +static bool InsertYuris1Hook() +{ + //IthBreak(); + DWORD entry = Util::FindCallAndEntryBoth((DWORD)TextOutA, processStopAddress - processStartAddress, processStartAddress, 0xec83); + //GROWL_DWORD(entry); + if (!entry) { + ConsoleOutput("YU-RIS: function entry does not exist"); + return false; + } + entry = Util::FindCallAndEntryRel(entry - 4, processStopAddress - processStartAddress, processStartAddress, 0xec83); + //GROWL_DWORD(entry); + if (!entry) { + ConsoleOutput("YU-RIS: function entry does not exist"); + return false; + } + entry = Util::FindCallOrJmpRel(entry - 4,processStopAddress - processStartAddress - 0x10000, processStartAddress + 0x10000, false); + DWORD i, + t = 0; + //GROWL_DWORD(entry); + __try { // jichi 12/27/2014 + for (i = entry - 4; i > entry - 0x100; i--) + if (::IsBadReadPtr((LPCVOID)i, 4)) { // jichi 12/27/2014: might raise in new YU-RIS, 4 = sizeof(DWORD) + ConsoleOutput("YU-RIS: do not have read permission"); + return false; + } else if (*(WORD *)i == 0xc085) { + t = *(WORD *)(i + 2); + if ((t & 0xff) == 0x76) { + t = 4; + break; + } else if ((t & 0xffff) == 0x860f) { + t = 8; + break; + } + } + + } __except(EXCEPTION_EXECUTE_HANDLER) { + ConsoleOutput("YU-RIS: illegal access exception"); + return false; + } + if (i == entry - 0x100) { + ConsoleOutput("YU-RIS: pattern not exist"); + return false; + } + //GROWL_DWORD2(i,t); + HookParam hp; + hp.address = i + t; + hp.offset=get_reg(regs::edi); + hp.split = get_reg(regs::eax); + hp.type = USING_STRING|USING_SPLIT; + ConsoleOutput("INSERT YU-RIS"); + //GROWL_DWORD(hp.address); + return NewHook(hp, "YU-RIS"); +} + +/** jichi 12/27/2014 + * + * Sample game: [Whirlpool] [150217] 鯨神�ヂ�アスヂ�ラ + * Call site of TextOutA. + * 00441811 90 nop + * 00441812 90 nop + * 00441813 90 nop + * 00441814 8b4424 04 mov eax,dword ptr ss:[esp+0x4] + * 00441818 8b5424 08 mov edx,dword ptr ss:[esp+0x8] + * 0044181c 8b4c24 0c mov ecx,dword ptr ss:[esp+0xc] + * 00441820 57 push edi + * 00441821 56 push esi + * 00441822 55 push ebp + * 00441823 53 push ebx + * 00441824 83ec 50 sub esp,0x50 + * 00441827 8bf9 mov edi,ecx + * 00441829 897c24 1c mov dword ptr ss:[esp+0x1c],edi + * 0044182d 8bda mov ebx,edx + * 0044182f 8be8 mov ebp,eax + * 00441831 8b349d 603f7b00 mov esi,dword ptr ds:[ebx*4+0x7b3f60] + * 00441838 807c24 74 01 cmp byte ptr ss:[esp+0x74],0x1 + * 0044183d b9 00000000 mov ecx,0x0 + * 00441842 0f94c1 sete cl + * 00441845 8d041b lea eax,dword ptr ds:[ebx+ebx] + * 00441848 03c3 add eax,ebx + * 0044184a 0fafc1 imul eax,ecx + * 0044184d 03c3 add eax,ebx + * 0044184f 894424 0c mov dword ptr ss:[esp+0xc],eax + * 00441853 897424 10 mov dword ptr ss:[esp+0x10],esi + * 00441857 8bc3 mov eax,ebx + * 00441859 8bd7 mov edx,edi + * 0044185b 0fbe4c24 70 movsx ecx,byte ptr ss:[esp+0x70] + * 00441860 e8 0c030000 call .00441b71 + * 00441865 0fbec8 movsx ecx,al + * 00441868 83f9 ff cmp ecx,-0x1 + * 0044186b 0f84 db020000 je .00441b4c + * 00441871 8bce mov ecx,esi + * 00441873 0fafc9 imul ecx,ecx + * 00441876 a1 64365d00 mov eax,dword ptr ds:[0x5d3664] + * 0044187b 8bf9 mov edi,ecx + * 0044187d c1ff 02 sar edi,0x2 + * 00441880 c1ef 1d shr edi,0x1d + * 00441883 03f9 add edi,ecx + * 00441885 c1ff 03 sar edi,0x3 + * 00441888 68 ff000000 push 0xff + * 0044188d 57 push edi + * 0044188e ff3485 70b48300 push dword ptr ds:[eax*4+0x83b470] + * 00441895 ff15 a4355d00 call dword ptr ds:[0x5d35a4] ; .00401c88 + * 0044189b 83c4 0c add esp,0xc + * 0044189e 8b0d 64365d00 mov ecx,dword ptr ds:[0x5d3664] + * 004418a4 ff348d b4b48300 push dword ptr ds:[ecx*4+0x83b4b4] + * 004418ab ff348d d4b48300 push dword ptr ds:[ecx*4+0x83b4d4] + * 004418b2 ff15 54e05800 call dword ptr ds:[0x58e054] ; gdi32.selectobject + * 004418b8 a3 b0b48300 mov dword ptr ds:[0x83b4b0],eax + * 004418bd 8b0d 64365d00 mov ecx,dword ptr ds:[0x5d3664] + * 004418c3 ff348d 30b48300 push dword ptr ds:[ecx*4+0x83b430] + * 004418ca ff348d d4b48300 push dword ptr ds:[ecx*4+0x83b4d4] + * 004418d1 ff15 54e05800 call dword ptr ds:[0x58e054] ; gdi32.selectobject + * 004418d7 a3 2cb48300 mov dword ptr ds:[0x83b42c],eax + * 004418dc 8b3d 64365d00 mov edi,dword ptr ds:[0x5d3664] + * 004418e2 33c9 xor ecx,ecx + * 004418e4 880cbd f5b48300 mov byte ptr ds:[edi*4+0x83b4f5],cl + * 004418eb 880cbd f6b48300 mov byte ptr ds:[edi*4+0x83b4f6],cl + * 004418f2 0fb64d 00 movzx ecx,byte ptr ss:[ebp] + * 004418f6 0fb689 a0645b00 movzx ecx,byte ptr ds:[ecx+0x5b64a0] + * 004418fd 41 inc ecx + * 004418fe 0fbec9 movsx ecx,cl + * 00441901 51 push ecx + * 00441902 55 push ebp + * 00441903 33c9 xor ecx,ecx + * 00441905 51 push ecx + * 00441906 51 push ecx + * 00441907 ff34bd d4b48300 push dword ptr ds:[edi*4+0x83b4d4] + * 0044190e ff15 74e05800 call dword ptr ds:[0x58e074] ; gdi32.textouta, jichi: TextOutA here + * 00441914 0fb67d 00 movzx edi,byte ptr ss:[ebp] + * 00441918 0fb68f a0645b00 movzx ecx,byte ptr ds:[edi+0x5b64a0] + * 0044191f 41 inc ecx + * 00441920 0fbef9 movsx edi,cl + * 00441923 8b0d 64365d00 mov ecx,dword ptr ds:[0x5d3664] + * 00441929 03c9 add ecx,ecx + * 0044192b 8d8c09 f4b48300 lea ecx,dword ptr ds:[ecx+ecx+0x83b4f4] + * + * Runtime stack: The first dword after arguments on the stack seems to be good split value. + */ +static bool InsertYuris2Hook() +{ + ULONG addr = MemDbg::findCallAddress((ULONG)::TextOutA, processStartAddress, processStopAddress); + if (!addr) { + ConsoleOutput("YU-RIS2: failed"); + return false; + } + + // BOOL TextOut( + // _In_ HDC hdc, + // _In_ int nXStart, + // _In_ int nYStart, + // _In_ LPCTSTR lpString, + // _In_ int cchString + // ); + HookParam hp; + hp.address = addr; + hp.type = USING_STRING|USING_SPLIT|NO_CONTEXT; // disable context that will cause thread split + hp.offset = get_stack(3); + hp.split = get_stack(5); + + ConsoleOutput("INSERT YU-RIS 2"); + return NewHook(hp, "YU-RIS2"); +} + +bool InsertYuris4Hook() +{ + + /* + * Sample games: + * https://vndb.org/v6540 + */ + bool found = false; + const BYTE pattern[] = { + 0x52, // 52 push edx + 0x68, 0x00, 0x42, 0x5C, 0x00, // 68 00425C00 push euphoria.exe+1C4200 + 0xFF, 0x15, 0x90, 0x44, 0x7E, 0x00, // FF 15 90447E00 call dword ptr [euphoria.exe+3E4490] + 0x83, 0xC4, 0x0C, // 83 C4 0C add esp,0C + 0xEB, 0x5F, // EB 5F jmp euphoria.exe+4F4C5 + 0xFF, 0x35, 0xA4, 0x19, 0x66, 0x00, // FF 35 A4196600 push [euphoria.exe+2619A4] + 0x52 // 52 push edx + }; + enum { addr_offset = 12 }; // distance to the beginning of the function, which is 0x83, 0xC4, 0x0C (add esp,0C) + + for (auto addr : Util::SearchMemory(pattern, sizeof(pattern), PAGE_EXECUTE, processStartAddress, processStopAddress)) + { + HookParam hp; + hp.address = addr+addr_offset; + hp.offset=get_reg(regs::edx); + hp.type = USING_STRING ; + ConsoleOutput("INSERT YU-RIS 4"); + found|=NewHook(hp, "YU-RIS4"); + } + if (!found) ConsoleOutput("YU-RIS 4: pattern not found"); + return found; +} + +bool InsertYuris5Hook() +{ + + /* + * Sample games: + * https://vndb.org/v4037 + */ + const BYTE bytes[] = { + 0x33, 0xD2, // xor edx,edx + 0x88, 0x14, 0x0F, // mov [edi+ecx],dl + 0xA1, XX4, // mov eax,[exe+2DE630] + 0x8B, 0x78, 0x3C, // mov edi,[eax+3C] + 0x8B, 0x58, 0x5C, // mov ebx,[eax+5C] + 0x88, 0x14, 0x3B // mov [ebx+edi],dl + }; + + enum { addr_offset = 0 }; // distance to the beginning of the function, which is 0x55 (push ebp) + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) + return false; + + HookParam hp; + hp.address = addr + addr_offset; + hp.offset=get_reg(regs::ecx); + hp.type = USING_STRING | NO_CONTEXT; + + ConsoleOutput("INSERT YU-RIS 5"); + return NewHook(hp, "YU-RIS5"); +} + +static bool Yuris6Filter(LPVOID data, size_t *size, HookParam *) +{ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + static std::string prevText; + + if (prevText.length()==*len && prevText.find(text, 0, *len) != std::string::npos) // Check if the string is present in the previous one + return false; + prevText.assign(text, *len); + + // ruby <手水舎/ちょうずや> + if (cpp_strnstr(text, "\x81\x83", *len)) { // \x81\x83 -> '<' + StringFilterBetween(text, len, "\x81\x5E", 2, "\x81\x84", 2); // \x81\x5E -> '/' , \x81\x84 -> '>' + StringFilter(text, len, "\x81\x83", 2); // \x81\x83 -> '<' + } + // ruby ≪美桜/姉さん≫ + else if (cpp_strnstr(text, "\x81\xE1", *len)) { // \x81\xE1 -> '≪' + StringFilterBetween(text, len, "\x81\x5E", 2, "\x81\xE2", 2); // \x81\x5E -> '/' , \x81\xE2 -> '≫' + StringFilter(text, len, "\x81\xE1", 2); // \x81\xE1 -> '≪' + } + + CharReplacer(text, len, '=', '-'); + StringCharReplacer(text, len, "\xEF\xF0", 2, ' '); + StringFilter(text, len, "\xEF\xF2", 2); + StringFilter(text, len, "\xEF\xF5", 2); + StringFilter(text, len, "\x81\x98", 2); + + return true; +} +bool InsertYuris6Hook() +{ + + /* + * work with Windows 11 + * Sample games: + * https://vndb.org/v40058 + * https://vndb.org/v42883 + * https://vndb.org/v44092 + * https://vndb.org/v21171 + * https://vndb.org/r46910 + */ + const BYTE bytes[] = { + 0xE9, XX4, // jmp oshitona01.exe+1B629 << hook here + 0xBF, XX4, // mov edi,oshitona01.exe+24EEA0 + 0x8A, 0x17, // mov dl,[edi] + 0x47, // inc edi + 0x88, 0x16, // mov [esi],dl + 0x46, // inc esi + 0x84, 0xD2 // test dl,dl + }; + + enum { addr_offset = 0 }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) + return false; + + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::eax); + hp.index = 0x38; + hp.filter_fun = Yuris6Filter; + hp.type = USING_STRING | NO_CONTEXT | DATA_INDIRECT; + + ConsoleOutput("INSERT YU-RIS 6"); + return NewHook(hp, "YU-RIS6"); +} +bool yuris7(){ + //猫忍えくすはーとSPIN! + //夏空あすてりずむ + + const BYTE bytes[] = { + 0x57,0x56,0x55,0x53,0x83,0xec,0x10, + 0x8b,0x5c,0x24,0x24, + 0x8b,0x15,XX4, + 0x8b,0x0c,0x9a, + 0xc6,0x41,0x01,0x03, + 0x8b,0xc3, + 0xe8 + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!addr) return false; + + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::edx); + hp.type = USING_STRING; + hp.filter_fun=[](void* data, size_t* len, HookParam* hp){ + static std::unordered_setfiltername; + + auto text=std::string((char*)data,*len); + if(*len!=2)return false; + // if(text.find("\x81\x45")!=text.npos)return false; + // if(text.find("item")!=text.npos)return false; + // if(text==std::string("\x81\x48\x81\x48\x81\x48"))return false; + if(all_ascii((char*)data,*len))return false; + // if(filtername.find(text)!=filtername.end())return false; + // std::regex pattern("\x81\x79([^\x81\x7a]+)\x81\x7a"); + // std::smatch match; + // if(std::regex_search(text, match, pattern)) { + // filtername.insert(match[1]); + // } + + return true; + }; + return NewHook(hp,"yuris7"); +} +bool yuris8(){ + //けもの道☆ガーリッシュスクエア LOVE+PLUS + //https://vndb.org/v36773 + //codepage 950 + const BYTE bytes[] = { + 0x8b,XX, + 0x8b,0x94,0x24,XX,0,0,0, + 0x8b,0x8c,0x24,XX,0,0,0, + 0xe8,XX4, + 0xeb,XX, + 0x8b,XX, + 0x8b,0x94,0x24,XX,0,0,0, + 0x8b,0x8c,0x24,XX,0,0,0, + 0xe8,XX4, + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!addr) return false; + + HookParam hp; + hp.address = addr+sizeof(bytes)-5; + hp.type = USING_STRING; + hp.offset=get_reg(regs::ecx); + hp.filter_fun=[](void* data, size_t* len, HookParam* hp){ + + auto text=std::string((char*)data,*len); + if(std::all_of(text.begin(),text.end(),[](char c){return c=='1'||c=='2'||c=='E';}))return false; + return true; + }; + return NewHook(hp,"yuris8"); +} +bool InsertYurisHook() +{ + bool ok = InsertYuris1Hook(); + ok = InsertYuris2Hook() || ok; + ok = InsertYuris4Hook() || ok; + ok = InsertYuris5Hook() || ok; + ok = InsertYuris6Hook() || ok; + ok=yuris7()||ok; + ok=yuris8()||ok; + return ok; +} + + +bool Yuris::attach_function() { + + return InsertYurisHook(); +} \ No newline at end of file diff --git a/LunaHook/engine32/Yuris.h b/LunaHook/engine32/Yuris.h new file mode 100644 index 0000000..8ffa3dd --- /dev/null +++ b/LunaHook/engine32/Yuris.h @@ -0,0 +1,16 @@ +#include"engine.h" + +class Yuris:public ENGINE{ + public: + Yuris(){ + + check_by=CHECK_BY::CUSTOM; + is_engine_certain=false; + check_by_target=[](){ + // jichi 8/1/2014: YU-RIS engine, lots of clockup game also has this pattern + // jichi 8/14/2013: CLOCLUP: "ノーブレスオブリージュ" would crash the game. + return (Util::CheckFile(L"pac\\*.ypf") || Util::CheckFile(L"*.ypf")) &&(!Util::CheckFile(L"noblesse.exe")); + }; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/cef.cpp b/LunaHook/engine32/cef.cpp new file mode 100644 index 0000000..1aaf26d --- /dev/null +++ b/LunaHook/engine32/cef.cpp @@ -0,0 +1,177 @@ +#include"cef.h" +typedef wchar_t char16; + +typedef struct _cef_string_wide_t { + wchar_t* str; + size_t length; + void (*dtor)(wchar_t* str); +} cef_string_wide_t; + +typedef struct _cef_string_utf8_t { + char* str; + size_t length; + void (*dtor)(char* str); +} cef_string_utf8_t; + +typedef struct _cef_string_utf16_t { + char16* str; + size_t length; + void (*dtor)(char16* str); +} cef_string_utf16_t; +static void hook_cef_string_utf16_t(hook_stack* stack, HookParam *hp, uintptr_t* data, uintptr_t* split, size_t* len) +{ + if (auto p = (_cef_string_utf16_t*)stack->stack[1]) { + *data = (DWORD)p->str; + *len = p->length; // for widechar + + auto s = stack->ecx; + for (int i = 0; i < 0x10; i++) // traverse pointers until a non-readable address is met + if (s && !::IsBadReadPtr((LPCVOID)s, sizeof(DWORD))) + s = *(DWORD*)s; + else + break; + if (!s) + s = hp->address; + if (hp->type & USING_SPLIT) *split = s; + } +} +static void hook_cef_string_wide_t(hook_stack* stack, HookParam *hp, uintptr_t* data, uintptr_t* split, size_t* len) +{ + if (auto p = (_cef_string_wide_t*)stack->stack[1]) { + *data = (DWORD)p->str; + *len = p->length; // for widechar + + auto s = stack->ecx; + for (int i = 0; i < 0x10; i++) // traverse pointers until a non-readable address is met + if (s && !::IsBadReadPtr((LPCVOID)s, sizeof(DWORD))) + s = *(DWORD*)s; + else + break; + if (!s) + s = hp->address; + if (hp->type & USING_SPLIT) *split = s; + } +} +static void hook_cef_string_utf8_t(hook_stack* stack, HookParam *hp, uintptr_t* data, uintptr_t* split, size_t* len) +{ + if (auto p = (_cef_string_utf8_t*)stack->stack[1]) { + *data = (DWORD)p->str; + *len = p->length; // for widechar + + auto s = stack->ecx; + for (int i = 0; i < 0x10; i++) // traverse pointers until a non-readable address is met + if (s && !::IsBadReadPtr((LPCVOID)s, sizeof(DWORD))) + s = *(DWORD*)s; + else + break; + if (!s) + s = hp->address; + if (hp->type & USING_SPLIT) *split = s; + } +} +bool InsertlibcefHook(HMODULE module) +{ + if (!module)return false; + bool ret = false; + + + struct libcefFunction { // argument indices start from 0 for SpecialHookMonoString, otherwise 1 + const char* functionName; + size_t textIndex; // argument index + short lengthIndex; // argument index + unsigned long hookType; // HookParam type + void* text_fun; // HookParam::text_fun_t + }; + + HookParam hp; + const libcefFunction funcs[] = { + {"cef_string_utf8_set",1,0,USING_STRING | CODEC_UTF8 | NO_CONTEXT,NULL}, //ok + {"cef_string_utf8_to_utf16",1,0,USING_STRING | CODEC_UTF8 | NO_CONTEXT,NULL}, + {"cef_string_utf8_to_wide",1,0,USING_STRING | CODEC_UTF8 | NO_CONTEXT,NULL}, //ok + {"cef_string_utf8_clear",0,0,USING_STRING | CODEC_UTF8 | NO_CONTEXT,hook_cef_string_utf8_t}, + + {"cef_string_utf16_set",1,0,USING_STRING|CODEC_UTF16 | NO_CONTEXT,NULL}, //ok + {"cef_string_utf16_clear",0,0,USING_STRING|CODEC_UTF16,hook_cef_string_utf16_t},//ok + {"cef_string_utf16_to_utf8",1,0,USING_STRING|CODEC_UTF16 | NO_CONTEXT,NULL},//ok + {"cef_string_utf16_to_wide",1,0,USING_STRING|CODEC_UTF16 | NO_CONTEXT,NULL}, + + {"cef_string_ascii_to_utf16",1,0,USING_STRING | NO_CONTEXT,NULL}, + {"cef_string_ascii_to_wide",1,0,USING_STRING | NO_CONTEXT,NULL}, + + {"cef_string_wide_set",1,0,USING_STRING | CODEC_UTF16 | NO_CONTEXT,NULL},//ok + {"cef_string_wide_to_utf16",1,0,USING_STRING| CODEC_UTF16 | NO_CONTEXT,NULL}, + {"cef_string_wide_to_utf8",1,0,USING_STRING | CODEC_UTF16 | NO_CONTEXT,NULL}, + {"cef_string_wide_clear",0,0,USING_STRING|CODEC_UTF16,hook_cef_string_wide_t} + }; + for (auto func : funcs) { + if (FARPROC addr = ::GetProcAddress(module, func.functionName)) { + if (addr == 0)continue; + hp.address = (DWORD)addr; + hp.type = func.hookType; + hp.offset = func.textIndex * 4; + hp.length_offset = func.lengthIndex * 4; + hp.text_fun = (decltype(hp.text_fun))func.text_fun; + ConsoleOutput("libcef: INSERT"); + ret|=NewHook(hp, func.functionName); + } + } + + if (!ret) + ConsoleOutput("libcef: failed to find function address"); + return ret; +} +bool libcefhook(HMODULE module) { + if (module == 0)return false; + auto [minAddress, maxAddress] = Util::QueryModuleLimits(module); + ConsoleOutput("check v8libcefhook %p %p", minAddress,maxAddress); + const BYTE bytes[] = { + + 0x83,0xc4,0x10, + 0x8b,0x4d,XX, + 0x89,0xc6, + 0x31,0xe9, + 0xe8,XX4, + 0x89,0xF0, + 0x83,0xC4,0x18 + + }; + auto addrs = Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE_READ, minAddress, maxAddress); + ConsoleOutput("v8libcefhook matches %d", addrs.size()); + bool succ=false; + for (auto addr : addrs) { + + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.filter_fun=[] (void* data, uintptr_t * size, HookParam*) { + std::wstring s = L""; + int i = 0; + for (; i < *size /2; i++) { + auto c = ((LPWSTR)data)[i]; + if (c == L'[') { + break; + } + else { + s += c; + } + } + wcscpy((LPWSTR)data, s.c_str()); + *size = i * 2; + return true; + }; + hp.type = USING_STRING | CODEC_UTF16|NO_CONTEXT; + ConsoleOutput("v8libcefhook %p", addr); + + succ|=NewHook(hp, "v8libcefhook"); + } + + return succ; + +} +bool cef::attach_function(){ + auto hm = GetModuleHandleW(L"libcef.dll"); + + //InsertlibcefHook(hm); + + return libcefhook(hm); +} \ No newline at end of file diff --git a/LunaHook/engine32/cef.h b/LunaHook/engine32/cef.h new file mode 100644 index 0000000..2a203f5 --- /dev/null +++ b/LunaHook/engine32/cef.h @@ -0,0 +1,14 @@ +#include"engine.h" + +class cef:public ENGINE{ + public: + cef(){ + + check_by=CHECK_BY::CUSTOM; + is_engine_certain=false; + check_by_target=[](){ + return GetModuleHandleW(L"libcef.dll"); + }; + }; + bool attach_function(); +}; diff --git a/LunaHook/engine32/hibiki.cpp b/LunaHook/engine32/hibiki.cpp new file mode 100644 index 0000000..c1a39d1 --- /dev/null +++ b/LunaHook/engine32/hibiki.cpp @@ -0,0 +1,101 @@ +#include"hibiki.h" + +bool hibikihook() { + //LOVELY×C∧TION +/*seg000:0044FC05 83 FF 20 cmp edi, 20h ; ' ' +seg000:0044FC08 0F 84 E6 00 00 00 jz loc_44FCF4 +seg000:0044FC08 +seg000:0044FC0E 81 FF 00 30 00 00 cmp edi, 3000h +seg000:0044FC14 0F 84 E9 00 00 00 jz loc_44FD03*/ + const BYTE bytes[] = { + 0x83,0xff,0x20, + 0x0f,0x84,XX4, + 0x81,0xff,0x00,0x30,0x00,0x00, + 0x0f,0x84,XX4 + }; + + auto addrs = Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE, processStartAddress, processStopAddress); + bool succ=false; + for (auto addr :addrs) { + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) { continue; } + HookParam hp; + hp.address = addr; + + hp.offset =get_stack(3); + hp.type = CODEC_UTF16; + + + ConsoleOutput("INSERT hibiki_extra %p",addr); + + succ|=NewHook(hp, "hibiki_extra"); + } + + + + return succ; + +} +bool YaneSDKFilter(LPVOID data, size_t *size, HookParam *) +{ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + static std::wstring prevText; + + if (!*len) + return false; + text[*len/sizeof(wchar_t)] = L'\0'; // clean text + + if (!prevText.compare(text)) + return false; + prevText = text; + + StringCharReplacer(text, len, L"[r]", 3, L' '); + StringFilter(text, len, L"[np]", 4); + + if (cpp_wcsnstr(text, L"'", *len/sizeof(wchar_t))) { // [桜木'さくらぎ] + StringFilterBetween(text, len, L"'", 1, L"]", 1); + } + CharFilter(text, len, L'['); + CharFilter(text, len, L']'); + + return true; +} + +bool InsertYaneSDKHook() +{ + + /* + * Sample games: + * https://vndb.org/v21734 + * https://vndb.org/v21455 + * https://vndb.org/v20406 + */ + const BYTE bytes[] = { + 0x83, 0xF9, 0x08, // cmp ecx,08 << hook here + 0x8D, 0x45, 0x0C, // lea eax,[ebp+0C] + 0x8D, 0x4D, 0xBC, // lea ecx,[ebp-44] + 0x0F, 0x43, 0xC2, // cmovae eax,edx + 0x0F, 0xB7, 0x04, 0x70 // movzx eax,word ptr [eax+esi*2] + }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + ConsoleOutput("YaneSDK: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::eax); + hp.filter_fun = YaneSDKFilter; + hp.type = CODEC_UTF16 | USING_STRING | NO_CONTEXT; + ConsoleOutput("INSERT YaneSDK"); + + return NewHook(hp, "YaneSDK"); +} +bool hibiki::attach_function() { + + return hibikihook()||InsertYaneSDKHook(); +} \ No newline at end of file diff --git a/LunaHook/engine32/hibiki.h b/LunaHook/engine32/hibiki.h new file mode 100644 index 0000000..6fe9bb0 --- /dev/null +++ b/LunaHook/engine32/hibiki.h @@ -0,0 +1,12 @@ +#include"engine.h" + +class hibiki:public ENGINE{ + public: + hibiki(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"arc/*.dat"; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/jukujojidai.cpp b/LunaHook/engine32/jukujojidai.cpp new file mode 100644 index 0000000..30f2396 --- /dev/null +++ b/LunaHook/engine32/jukujojidai.cpp @@ -0,0 +1,23 @@ +#include"jukujojidai.h" + +bool jukujojidai::attach_function() { + + const BYTE bytes[] = { + //撫乳~今夜、あなたのお掃除しましょうか?~ + //https://vndb.org/v15867 + 0x41, + 0x83,0xC0,0x20, + 0x81,0xF9,0xC8,0x00,0x00,0x00, + 0x7C + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (addr == 0)return false; + addr = MemDbg::findEnclosingAlignedFunction(addr,0x1000); + if (addr == 0)return false; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.type = CODEC_UTF16|DATA_INDIRECT; + + return NewHook(hp, "jukujojidai"); +} \ No newline at end of file diff --git a/LunaHook/engine32/jukujojidai.h b/LunaHook/engine32/jukujojidai.h new file mode 100644 index 0000000..58fb0f2 --- /dev/null +++ b/LunaHook/engine32/jukujojidai.h @@ -0,0 +1,12 @@ +#include"engine.h" + +class jukujojidai:public ENGINE{ + public: + jukujojidai(){ + + check_by=CHECK_BY::FILE_ALL; + check_by_target=check_by_list{L"adv",L"bg",L"bgm",L"ch",L"ev",L"se",L"system",L"voice"}; + }; + bool attach_function(); +}; + \ No newline at end of file diff --git a/LunaHook/engine32/littlecheese.cpp b/LunaHook/engine32/littlecheese.cpp new file mode 100644 index 0000000..b62d464 --- /dev/null +++ b/LunaHook/engine32/littlecheese.cpp @@ -0,0 +1,21 @@ +#include"littlecheese.h" + +bool littlecheese::attach_function() { + //黒と金の開かない鍵 + /*if ( a3 == 33088 ) + cmp edx, 8140h*/ + const BYTE bytes81[] = { + 0x81,0xFA,0x40,0x81,0x00,0x00,0x75 + }; + auto addr = MemDbg::findBytes(bytes81, sizeof(bytes81), processStartAddress, processStopAddress); + if (addr == 0)return false; + const BYTE align[] = { 0x83,0xC4 };//add esp xxx + addr = reverseFindBytes(align, sizeof(align), addr - 0x100, addr); + if (addr == 0)return false; + HookParam hp; + hp.address = addr; + ConsoleOutput("%p", addr); + hp.offset =get_reg(regs::ecx); + hp.type |= CODEC_ANSI_BE; + return NewHook(hp, "littlecheese"); +} \ No newline at end of file diff --git a/LunaHook/engine32/littlecheese.h b/LunaHook/engine32/littlecheese.h new file mode 100644 index 0000000..ca7f3ad --- /dev/null +++ b/LunaHook/engine32/littlecheese.h @@ -0,0 +1,12 @@ +#include"engine.h" + +class littlecheese:public ENGINE{ + public: + littlecheese(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"*.bmx"; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/lua51.cpp b/LunaHook/engine32/lua51.cpp new file mode 100644 index 0000000..bd1f682 --- /dev/null +++ b/LunaHook/engine32/lua51.cpp @@ -0,0 +1,16 @@ +#include"lua51.h" + +bool lua51::attach_function() { + //[180330][TOUCHABLE] 想聖天使クロスエモーション外伝5 (認証回避済) + auto hlua51=GetModuleHandleW(L"lua5.1.dll"); + if(hlua51==0)return false; + auto lua_pushstring=GetProcAddress(hlua51,"lua_pushstring"); + if(lua_pushstring==0)return false; + HookParam hp; + hp.address =(uintptr_t) lua_pushstring; + hp.offset=get_stack(2); + hp.type = CODEC_UTF8 | USING_STRING; + + hp.filter_fun=all_ascii_Filter; + return NewHook(hp,"lua51"); +} \ No newline at end of file diff --git a/LunaHook/engine32/lua51.h b/LunaHook/engine32/lua51.h new file mode 100644 index 0000000..1a2744a --- /dev/null +++ b/LunaHook/engine32/lua51.h @@ -0,0 +1,13 @@ +#include"engine.h" + +class lua51:public ENGINE{ + public: + lua51(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"lua5.1.dll"; + is_engine_certain=false; + dontstop=true; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/lucifen.cpp b/LunaHook/engine32/lucifen.cpp new file mode 100644 index 0000000..159e7c5 --- /dev/null +++ b/LunaHook/engine32/lucifen.cpp @@ -0,0 +1,1023 @@ +#include"Lucifen.h" + #include"embed_util.h" +/******************************************************************************************** +Lucifen hook: + Game folder contains *.lpk. Used by Navel games. + Hook is same to GetTextExtentPoint32A, use ESP to split name. +********************************************************************************************/ +bool InsertLucifenHook() +{ + // BOOL GetTextExtentPoint32( + // _In_ HDC hdc, + // _In_ LPCTSTR lpString, + // _In_ int c, + // _Out_ LPSIZE lpSize + // ); + HookParam hp; + hp.address = (DWORD)::GetTextExtentPoint32A; + hp.offset=get_stack(2); // arg2 lpString + hp.split = get_reg(regs::esp); + hp.length_offset = 3; + hp.type = USING_STRING|USING_SPLIT; + ConsoleOutput("INSERT Lucifen"); + return NewHook(hp, "Lucifen"); + //RegisterEngineType(ENGINE_LUCIFEN); +} +namespace{ + bool hook(){ + //まじかるカナン -RISEA- + auto oldoutline=(ULONG)GetProcAddress(GetModuleHandle(L"gdi32.dll"),"GetGlyphOutline"); + auto addr=MemDbg::findCallerAddress(oldoutline, 0xec8b55,processStartAddress, processStopAddress); + if (addr == 0) + addr=MemDbg::findCallerAddress((ULONG)GetGlyphOutlineA, 0xec8b55,processStartAddress, processStopAddress); + if (addr == 0) + return false; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.split=get_stack(6); + hp.type = CODEC_ANSI_BE |USING_SPLIT; + return NewHook(hp, "Lucifen2"); + } +} + + bool hookBefore_navel(hook_stack*s,void* data, size_t* len,uintptr_t*role) + { + + auto text = std::string((char*)s->stack[1]); // text in arg1 + + + if(text.find("$&")!=text.npos){ + text=text.substr(text.find("$&")+2); + } + if(text[text.size()-1]=='$') + text=text.substr(0,text.size()-1); + + strcpy((char*)data,text.c_str()); + *len=text.size(); + return true; + } + void hookafter_navel(hook_stack*s,void* data, size_t len) + { + auto text = std::string((char*)s->stack[1]); // text in arg1 + auto split = s->stack[0]; // retaddr + + std::string newData = std::string((char*)data,len); + + if(text.find("$&")!=text.npos){ + newData=text.substr(0,text.find("$&")+2)+newData; + } + if(text[text.size()-1]=='$') + newData=newData+"$"; + + strcpy((char*)s->stack[1], newData.c_str()); + //s->stack[1] = (ULONG)newData.data(); + } + +bool attach_navel(ULONG startAddress, ULONG stopAddress) // attach scenario +{ +// 通过搜索3C 9F(i > 0x9Fu shiftjis范围判断)找到。 +// int __thiscall sub_455AB0(int this, _BYTE *a2) +// { +// LPCSTR **v2; // ebx +// int v3; // edi +// _BYTE *v4; // ebp +// char v5; // cl +// _BYTE *v6; // ebx +// int v7; // esi +// unsigned __int8 v8; // al +// char v9; // al +// const CHAR **v10; // ebx +// bool v11; // zf +// const CHAR *v12; // eax +// unsigned int v13; // esi +// char *v14; // eax +// char *v16; // ecx +// unsigned __int8 v17; // al +// char v18; // al +// const CHAR ***v19; // ebp +// const CHAR *v20; // esi +// int v21; // eax +// unsigned __int8 v22; // al +// char v23; // cl +// int v24; // esi +// LPCSTR **j; // ebp +// char v26; // al +// LPCSTR **v27; // ebx +// char v28; // al +// char v29; // al +// char v30; // al +// unsigned int v31; // esi +// unsigned __int8 *v32; // eax +// char v33; // al +// int v34; // eax +// unsigned __int8 *v35; // ebx +// unsigned __int8 v36; // al +// char v37; // al +// const CHAR ***v38; // ebp +// const CHAR *v39; // esi +// int v40; // eax +// CHAR *v41; // edi +// char v42; // al +// unsigned __int8 v43; // al +// unsigned __int8 v44; // al +// unsigned __int16 *v45; // ebp +// unsigned __int16 *v46; // edi +// unsigned int v47; // eax +// __int16 v48; // dx +// unsigned __int16 *v49; // esi +// unsigned int v51; // [esp+14h] [ebp-4h] +// char *i; // [esp+1Ch] [ebp+4h] +// unsigned int v53; // [esp+1Ch] [ebp+4h] + + const uint8_t bytes[] = { + 0x50, + 0xff,0x15,0xfc,0xd0,0x4e,0x00, + 0x03,0xf0, + 0x83,0xc3,0x04, + 0xb1,0x01 + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if (addr == 0)return false; + + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) return false; + HookParam hp; + hp.address = addr; + hp.type = EMBED_ABLE|EMBED_DYNA_SJIS; + hp.hook_before=hookBefore_navel; + hp.hook_after=hookafter_navel; + hp.hook_font=F_GetGlyphOutlineA|F_GetTextExtentPoint32A; + return NewHook(hp, "LucifenEmbed"); +} +#include"dyncodec/dynsjis.h" +namespace { // unnamed +namespace ScenarioHook { + +std::unordered_set textHashes_; + +namespace Private { + + ULONG scenarioOffset_, + nameOffset_; + + std::string replaceNewLines(const std::string &data) + { + std::string ret; + //ret.replace("\n", 1, "\x00\x5b\x0c\x00\x00\x00\x0e\x00\x00\x00\x00\x00\x00\x00", 0xc + 2); + for (auto p = data.c_str(); *p;) + if (*p == '\n') { + ret.append("\x00\x5b\x0c\x00\x00\x00\x0e\x00\x00\x00\x00\x00\x00\x00", 0xc + 2); + p++; + } else { + ret.push_back(*p++); + if (*p && dynsjis::isleadbyte(p[-1])) + ret.push_back(*p++); + } + + //std::string ret; + //do { + // ret.append(start, p - start); + // if (dynsjis::prevchar(p, start) == p - 1) { + // ret.append("\x00\x5b\x0c\x00\x00\x00\x0e\x00\x00\x00\x00\x00\x00\x00", 0xc + 2); + // p++; + // } else { + // start = p; + // p = ::strchr(p, '\n'); + // } + //} while (p && *p); + return ret; + } + + /** + * Sample game: 猫撫ディストーション + * + * 0x5b is the text to skip next character + * + * Ruby: + * 014BB52C 81 77 8C F5 00 5B 1C 00 00 00 1B 00 00 00 01 00 『光.[....... + * 014BB53C 00 00 03 0B 00 00 00 83 72 83 62 83 4F 83 6F 83 .. ...ビッグバ・ + * 014BB54C 93 00 81 78 82 CC 91 4F 81 5C 81 5C 00 5B 0C 00 ・』の前――.[.. + * 014BB55C 00 00 0E 00 00 00 00 00 00 00 82 C2 82 DC 82 E8 .........つまり + * 014BB56C 81 41 89 46 92 88 82 AA 90 B6 82 DC 82 EA 82 E9 、宇宙が生まれる + * 014BB57C 91 4F 82 A9 82 E7 82 A0 82 C1 82 BD 82 E0 82 CC 前からあったもの + * 014BB58C 81 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 。.............. + * 014BB59C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * + * No ruby: + * 014BB52C 82 B6 82 E1 82 A0 81 41 81 77 8C BE 97 74 81 78 じゃあ、『言葉』 + * 014BB53C 82 C1 82 C4 89 BD 82 C8 82 F1 82 BE 81 48 6F 83 って何なんだ?o・ + * 014BB54C 93 00 81 78 82 CC 91 4F 81 5C 81 5C 00 5B 0C 00 ・』の前――.[.. + * 014BB55C 00 00 0E 00 00 00 00 00 00 00 82 C2 82 DC 82 E8 .........つまり + * 014BB56C 81 41 89 46 92 88 82 AA 90 B6 82 DC 82 EA 82 E9 、宇宙が生まれる + * 014BB57C 91 4F 82 A9 82 E7 82 A0 82 C1 82 BD 82 E0 82 CC 前からあったもの + * 014BB58C 81 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 。.............. + * 014BB59C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 014BB5AC 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 014BB5BC 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 014BB5CC 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * + * 014BB52C 96 85 82 CC 8B D5 00 5B 16 00 00 00 1B 00 00 00 妹の琴.[...... + * 014BB53C 01 00 00 00 03 05 00 00 00 82 B1 82 C6 00 8E 71 ......こと.子 + * 014BB54C 00 5B 14 00 00 00 1B 00 00 00 01 00 00 00 03 03 .[......... + * 014BB55C 00 00 00 82 B1 00 82 CD 82 BB 82 A4 8C BE 82 C1 ...こ.はそう言っ + * 014BB56C 82 BD 81 42 82 C6 82 A2 82 A4 88 D3 96 A1 82 F0 た。という意味を + * 014BB57C 97 5E 82 A6 82 BD 82 CC 81 76 82 BD 82 E0 82 CC 与えたの」たもの + * 014BB58C 81 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 。.............. + * 014BB59C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 014BB5AC 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 014BB5BC 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 014BB5CC 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * + * New line: + * 014D7D39 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 014D7D49 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 014D7D59 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 014D7D69 00 00 00 00 00 01 00 E6 01 00 00 54 01 00 00 00 ......・..T... + * 014D7D79 00 00 00 B0 11 52 00 D8 CD 4D 01 44 EE E9 07 D8 ...ーR.リヘMD鵫リ + * 014D7D89 CD 4D 01 00 00 00 00 00 00 00 00 00 00 00 00 00 ヘM............. + * 014D7D99 00 00 00 F0 50 4E 01 0C 53 4E 01 F0 54 4E 01 10 ...N.SNN + * 014D7DA9 00 00 00 00 00 00 00 82 BB 82 B5 82 C4 89 B4 82 .......そして俺・ + * 014D7DB9 C9 82 E0 81 41 00 5B 0C 00 00 00 0E 00 00 00 00 ノも、.[........ + * 014D7DC9 00 00 00 90 7E 96 5B 82 CC 82 B1 82 EB 82 A9 82 ...厨房のころか・ + * 014D7DD9 E7 8E 6C 94 4E 8A D4 81 41 96 88 93 FA 91 B1 82 邇l年間、毎日続・ + * 014D7DE9 AF 82 C4 82 A2 82 E9 82 B1 82 C6 82 AA 82 A0 82 ッていることがあ・ + * 014D7DF9 E9 81 42 00 00 00 00 00 00 00 00 00 00 00 00 00 驕B............. + * 014D7E09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 014D7E19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 014D7E29 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 014D7E39 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 014D7E49 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 014D7E59 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 014D7E69 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 014D7E79 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 014D7E89 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 014D7E99 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + */ + template + strT ltrimScenarioText(strT p) + { + while (p[0] == 0 && p[1] == 0x5b && p[2] > 0) + p += p[2] + 2; + return p; + } + std::string parseScenarioText(const char *p, const char *end) + { + int size = ::strlen(p); + if (end > p && end - p < size) + size = end - p; + std::string ret; + if (size) + ret=std::string(p, size); + //if ((uint8_t)p[ret.size() - 1] == 0x93 && (uint8_t)p[ret.size() - 1] == 0x83)// trim encindg \x83\x93 + // return ret.left(ret.size() - 2); + for (p += ret.size(); (!end || p < end) && p[1] == 0x5b && p[2] > 0; p += ret.size()) { + //if (p[2] == 0xc && p[6] == 0xe) { + // ret.push_back('\n'); + // ret.push_back('\n'); // insert double new lines + //} + p += p[2] + 2; + size = ::strlen(p); + if (end > p && end - p < size) + size = end - p; + ret.append(p, size); + } + return ret; + } + + bool dispatchNameText(char *text, ULONG split,hook_stack*s,void* data, size_t* len1,uintptr_t*role) + { + enum { capacity = 0x10 }; // excluding '\0' + *role = Engine::NameRole ; + + if (!*text) + return false; + + std::string oldData = text; + strcpy((char*)data,oldData.c_str());*len1=oldData.size(); + return true; + } + + bool dispatchScenarioText(char *text, ULONG split,hook_stack*s,void* data, size_t* len1,uintptr_t*role) + { + // text[0] could be \0 + * role = Engine::ScenarioRole ; + auto scenarioEndAddress = (LPSTR *)(text + 0x1000); + auto scenarioEnd = *scenarioEndAddress; + if (!Engine::isAddressReadable(scenarioEnd)) + scenarioEnd = nullptr; + //DOUT("warning: scenario end NOT FOUND"); + + + text = ltrimScenarioText(text); + if (!*text) + return false; + std::string oldData = parseScenarioText(text, scenarioEnd); + strcpy((char*)data,oldData.c_str());*len1=oldData.size(); + return true; + } +bool dispatchNameTextafter(char *text, ULONG split,hook_stack*s,void* data, uintptr_t len1 ) + { + std::string oldData = text; + auto newData=std::string((char*)data,len1); + enum { capacity = 0x10 }; // excluding '\0' + int size = newData.size(); + if (size > capacity) + size = capacity; + else if (size < oldData.size()) + ::memset(text + size, 0, oldData.size() - size); + + ::memcpy(text, newData.c_str(), size); + return true; + } + + void dispatchScenarioTextafter(char *text, ULONG split,hook_stack*s,void* data, uintptr_t len1 ) + { + auto scenarioEndAddress = (LPSTR *)(text + 0x1000); + auto scenarioEnd = *scenarioEndAddress; + if (!Engine::isAddressReadable(scenarioEnd)) + scenarioEnd = nullptr; + //DOUT("warning: scenario end NOT FOUND"); + + text = ltrimScenarioText(text); + if (!*text) + return; + std::string oldData = parseScenarioText(text, scenarioEnd); + auto newData=std::string((char*)data,len1); + if (newData.empty() || newData == oldData) + return; + + if (newData.find('\n')!=newData.npos) + newData = replaceNewLines(newData); + + if (scenarioEnd > text && scenarioEnd - text > newData.size()) + ::memset(text + newData.size(), 0, scenarioEnd - text - newData.size()); + else if (oldData.size() > newData.size()) + ::memset(text + newData.size(), 0, oldData.size() - newData.size()); + + //::strcpy(text, newData.constData()); + ::memcpy(text, newData.c_str(), newData.size() + 1); + + *scenarioEndAddress = text + newData.size(); // FIXME: THis sometimes does not work + } + bool hookBefore(hook_stack*s,void* data, size_t* len1,uintptr_t*role) + { + auto self = (LPSTR)s->ecx; + ULONG retaddr = s->stack[0]; + // bool b1= dispatchNameText(self + nameOffset_, retaddr,s,data,len1,role); + bool b2=dispatchScenarioText(self + scenarioOffset_, retaddr,s,data,len1,role); + return b2; + } + void hookafter(hook_stack*s,void* data, uintptr_t len1) + { + auto self = (LPSTR)s->ecx; + ULONG retaddr = s->stack[0]; + // dispatchNameTextafter(self + nameOffset_, retaddr,s,data,len1); + dispatchScenarioTextafter(self + scenarioOffset_, retaddr,s,data,len1); + } +} // namespace Private + +/** + * Debugging method: + * - Hijack GetGlyphOutlineA + * There is only one GetGlyphOutlineA + * - Find all text in memory + * There are two matches. + * One is current text with fixed address + * One is all text with fixed address + * - Find all text address on the stack + * There is one function use it as arg1 and as future text + * ecx is the current text instead + * + * Sample game: プリズム・プリンセス + * name = ecx + 0xadd1 + * scenario = ecx + 0xae48 + * scenario end = ecx + 0xbe48 + * + * 00441E3F 90 NOP + * 00441E40 83EC 1C SUB ESP,0x1C + * 00441E43 53 PUSH EBX + * 00441E44 56 PUSH ESI + * 00441E45 8BF1 MOV ESI,ECX + * 00441E47 8B9E 48BE0000 MOV EBX,DWORD PTR DS:[ESI+0xBE48] + * 00441E4D 2BDE SUB EBX,ESI + * 00441E4F 81EB 48AE0000 SUB EBX,0xAE48 + * 00441E55 75 0B JNZ SHORT .00441E62 + * 00441E57 5E POP ESI + * 00441E58 B8 01000000 MOV EAX,0x1 + * 00441E5D 5B POP EBX + * 00441E5E 83C4 1C ADD ESP,0x1C + * 00441E61 C3 RETN + * 00441E62 8B86 AC040000 MOV EAX,DWORD PTR DS:[ESI+0x4AC] + * 00441E68 55 PUSH EBP + * 00441E69 57 PUSH EDI + * 00441E6A 50 PUSH EAX + * 00441E6B 8BCE MOV ECX,ESI + * 00441E6D E8 9E6CFFFF CALL .00438B10 + * 00441E72 8A96 DE050000 MOV DL,BYTE PTR DS:[ESI+0x5DE] + * 00441E78 8B8E 909E0000 MOV ECX,DWORD PTR DS:[ESI+0x9E90] + * 00441E7E 8BBE 489E0000 MOV EDI,DWORD PTR DS:[ESI+0x9E48] + * 00441E84 84D2 TEST DL,DL + * 00441E86 0F94C0 SETE AL + * 00441E89 84C0 TEST AL,AL + * 00441E8B 884424 13 MOV BYTE PTR SS:[ESP+0x13],AL + * 00441E8F C741 20 00000000 MOV DWORD PTR DS:[ECX+0x20],0x0 + * 00441E96 74 0D JE SHORT .00441EA5 + * 00441E98 8BCE MOV ECX,ESI + * + * 00441E9A E8 4136FFFF CALL .004354E0 + * 00441E9F 8987 A8030000 MOV DWORD PTR DS:[EDI+0x3A8],EAX + * 00441EA5 8D86 48AE0000 LEA EAX,DWORD PTR DS:[ESI+0xAE48] ; jichi: this is the scenari text + * 00441EAB 53 PUSH EBX + * 00441EAC 50 PUSH EAX + * 00441EAD 8BCF MOV ECX,EDI + * 00441EAF E8 EC6B0000 CALL .00448AA0 + * 00441EB4 8D9E E2AD0000 LEA EBX,DWORD PTR DS:[ESI+0xADE2] ; jichi: this is the character name + * 00441EBA 8D86 D1AD0000 LEA EAX,DWORD PTR DS:[ESI+0xADD1] ; jichi: this is the name text + * 00441EC0 53 PUSH EBX + * 00441EC1 50 PUSH EAX + * 00441EC2 8BCF MOV ECX,EDI + * 00441EC4 894424 1C MOV DWORD PTR SS:[ESP+0x1C],EAX + * 00441EC8 E8 836B0000 CALL .00448A50 + * + * 00441ECD 8A4424 13 MOV AL,BYTE PTR SS:[ESP+0x13] + * 00441ED1 84C0 TEST AL,AL + * 00441ED3 74 30 JE SHORT .00441F05 + * 00441ED5 6A 01 PUSH 0x1 + * 00441ED7 8BCF MOV ECX,EDI + * 00441ED9 E8 726D0000 CALL .00448C50 + * 00441EDE 803B 00 CMP BYTE PTR DS:[EBX],0x0 + * 00441EE1 74 22 JE SHORT .00441F05 + * 00441EE3 8B86 00AE0000 MOV EAX,DWORD PTR DS:[ESI+0xAE00] + * 00441EE9 85C0 TEST EAX,EAX + * 00441EEB 75 18 JNZ SHORT .00441F05 + * 00441EED 8B86 AC040000 MOV EAX,DWORD PTR DS:[ESI+0x4AC] + * 00441EF3 8D97 D1030000 LEA EDX,DWORD PTR DS:[EDI+0x3D1] + * 00441EF9 8996 00AE0000 MOV DWORD PTR DS:[ESI+0xAE00],EDX + * 00441EFF 8986 C0040000 MOV DWORD PTR DS:[ESI+0x4C0],EAX + * 00441F05 8A86 30A60000 MOV AL,BYTE PTR DS:[ESI+0xA630] + * 00441F0B 84C0 TEST AL,AL + * 00441F0D 0F84 DB000000 JE .00441FEE + * 00441F13 8B86 C0A00000 MOV EAX,DWORD PTR DS:[ESI+0xA0C0] + * 00441F19 85C0 TEST EAX,EAX + * 00441F1B 0F84 CD000000 JE .00441FEE + * 00441F21 8B96 E0A00000 MOV EDX,DWORD PTR DS:[ESI+0xA0E0] + * 00441F27 8DAE E0A00000 LEA EBP,DWORD PTR DS:[ESI+0xA0E0] + * 00441F2D 6A 00 PUSH 0x0 + * 00441F2F 8BCD MOV ECX,EBP + * 00441F31 FF92 B4000000 CALL DWORD PTR DS:[EDX+0xB4] + * 00441F37 8B86 489E0000 MOV EAX,DWORD PTR DS:[ESI+0x9E48] + * 00441F3D 8D8E 5C470000 LEA ECX,DWORD PTR DS:[ESI+0x475C] + * 00441F43 8D96 14680000 LEA EDX,DWORD PTR DS:[ESI+0x6814] + * 00441F49 898E E4050000 MOV DWORD PTR DS:[ESI+0x5E4],ECX + * 00441F4F 894424 18 MOV DWORD PTR SS:[ESP+0x18],EAX + * 00441F53 89AE 489E0000 MOV DWORD PTR DS:[ESI+0x9E48],EBP + * 00441F59 C686 D8A00000 01 MOV BYTE PTR DS:[ESI+0xA0D8],0x1 + * 00441F60 8996 E8050000 MOV DWORD PTR DS:[ESI+0x5E8],EDX + * 00441F66 8B87 B4030000 MOV EAX,DWORD PTR DS:[EDI+0x3B4] + * 00441F6C 6A 01 PUSH 0x1 + * 00441F6E 8D4C24 20 LEA ECX,DWORD PTR SS:[ESP+0x20] + * 00441F72 6A 01 PUSH 0x1 + * 00441F74 51 PUSH ECX + * 00441F75 50 PUSH EAX + * 00441F76 8BCD MOV ECX,EBP + * 00441F78 E8 935D0000 CALL .00447D10 + * 00441F7D 8B5424 18 MOV EDX,DWORD PTR SS:[ESP+0x18] + * 00441F81 8D8E EC050000 LEA ECX,DWORD PTR DS:[ESI+0x5EC] + * 00441F87 8996 489E0000 MOV DWORD PTR DS:[ESI+0x9E48],EDX + * 00441F8D 8D96 A4260000 LEA EDX,DWORD PTR DS:[ESI+0x26A4] + * 00441F93 85C0 TEST EAX,EAX + * 00441F95 C686 D8A00000 00 MOV BYTE PTR DS:[ESI+0xA0D8],0x0 + * 00441F9C 898E E4050000 MOV DWORD PTR DS:[ESI+0x5E4],ECX + * 00441FA2 8996 E8050000 MOV DWORD PTR DS:[ESI+0x5E8],EDX + * 00441FA8 7E 44 JLE SHORT .00441FEE + * 00441FAA 8A86 31A60000 MOV AL,BYTE PTR DS:[ESI+0xA631] + * 00441FB0 84C0 TEST AL,AL + * 00441FB2 74 0A JE SHORT .00441FBE + * 00441FB4 33C0 XOR EAX,EAX + * 00441FB6 8A86 32A60000 MOV AL,BYTE PTR DS:[ESI+0xA632] + * 00441FBC EB 02 JMP SHORT .00441FC0 + * 00441FBE 33C0 XOR EAX,EAX + * 00441FC0 8B4C24 28 MOV ECX,DWORD PTR SS:[ESP+0x28] + * 00441FC4 8B6C24 20 MOV EBP,DWORD PTR SS:[ESP+0x20] + * 00441FC8 8B97 B8030000 MOV EDX,DWORD PTR DS:[EDI+0x3B8] + * 00441FCE 50 PUSH EAX + * 00441FCF 8B4424 18 MOV EAX,DWORD PTR SS:[ESP+0x18] + * 00441FD3 2BCD SUB ECX,EBP + * 00441FD5 53 PUSH EBX + * 00441FD6 83C1 04 ADD ECX,0x4 + * 00441FD9 50 PUSH EAX + * 00441FDA 8B87 B4030000 MOV EAX,DWORD PTR DS:[EDI+0x3B4] + * 00441FE0 51 PUSH ECX + * 00441FE1 52 PUSH EDX + * 00441FE2 50 PUSH EAX + * 00441FE3 8D8E B8A00000 LEA ECX,DWORD PTR DS:[ESI+0xA0B8] + * 00441FE9 E8 72290000 CALL .00444960 + * 00441FEE 8B4C24 14 MOV ECX,DWORD PTR SS:[ESP+0x14] + * 00441FF2 8D86 48AE0000 LEA EAX,DWORD PTR DS:[ESI+0xAE48] + * 00441FF8 5F POP EDI + * 00441FF9 8986 48BE0000 MOV DWORD PTR DS:[ESI+0xBE48],EAX + * 00441FFF 5D POP EBP + * 00442000 C603 00 MOV BYTE PTR DS:[EBX],0x0 + * 00442003 5E POP ESI + * 00442004 C601 00 MOV BYTE PTR DS:[ECX],0x0 + * 00442007 33C0 XOR EAX,EAX + * 00442009 5B POP EBX + * 0044200A 83C4 1C ADD ESP,0x1C + * 0044200D C3 RETN + * 0044200E 90 NOP + * 0044200F 90 NOP + * + * Sample game: 猫撫ディストーション + * name = ecx + 0xc60f + * scenario = ecx + 0xc684 + * scenario end = ecx + 0xd684 + * + * 0043E11E 90 NOP + * 0043E11F 90 NOP + * 0043E120 83EC 18 SUB ESP,0x18 + * 0043E123 53 PUSH EBX + * 0043E124 55 PUSH EBP + * 0043E125 56 PUSH ESI + * 0043E126 8BF1 MOV ESI,ECX + * 0043E128 57 PUSH EDI + * 0043E129 8BAE 84D60000 MOV EBP,DWORD PTR DS:[ESI+0xD684] ; jichi: overall offset is around 0xD684 + * 0043E12F 2BEE SUB EBP,ESI + * 0043E131 81ED 84C60000 SUB EBP,0xC684 + * 0043E137 896C24 10 MOV DWORD PTR SS:[ESP+0x10],EBP + * 0043E13B 75 0D JNZ SHORT .0043E14A + * 0043E13D 5F POP EDI + * 0043E13E 5E POP ESI + * 0043E13F 5D POP EBP + * 0043E140 B8 01000000 MOV EAX,0x1 + * 0043E145 5B POP EBX + * 0043E146 83C4 18 ADD ESP,0x18 + * 0043E149 C3 RETN + * 0043E14A 8B86 A8040000 MOV EAX,DWORD PTR DS:[ESI+0x4A8] + * 0043E150 8BCE MOV ECX,ESI + * 0043E152 50 PUSH EAX + * 0043E153 E8 3875FFFF CALL .00435690 + * 0043E158 8B9E F4B20000 MOV EBX,DWORD PTR DS:[ESI+0xB2F4] + * 0043E15E 8BBE D8B10000 MOV EDI,DWORD PTR DS:[ESI+0xB1D8] + * 0043E164 8B43 14 MOV EAX,DWORD PTR DS:[EBX+0x14] + * 0043E167 85C0 TEST EAX,EAX + * 0043E169 7D 7C JGE SHORT .0043E1E7 + * 0043E16B 8B8E 70040000 MOV ECX,DWORD PTR DS:[ESI+0x470] + * 0043E171 6A 00 PUSH 0x0 + * 0043E173 8D96 20C60000 LEA EDX,DWORD PTR DS:[ESI+0xC620] ; jichi: 0xc620 is the nearest position + * 0043E179 6A 00 PUSH 0x0 + * 0043E17B 52 PUSH EDX + * 0043E17C 6A FE PUSH -0x2 + * 0043E17E E8 ED93FEFF CALL .00427570 + * 0043E183 8BE8 MOV EBP,EAX + * 0043E185 85ED TEST EBP,EBP + * 0043E187 7C 0D JL SHORT .0043E196 + * 0043E189 45 INC EBP + * 0043E18A 83FD 08 CMP EBP,0x8 + * 0043E18D 7C 09 JL SHORT .0043E198 + * 0043E18F BD 07000000 MOV EBP,0x7 + * 0043E194 EB 02 JMP SHORT .0043E198 + * 0043E196 33ED XOR EBP,EBP + * 0043E198 396B 1C CMP DWORD PTR DS:[EBX+0x1C],EBP + * 0043E19B 74 46 JE SHORT .0043E1E3 + * 0043E19D 8B8F 4C020000 MOV ECX,DWORD PTR DS:[EDI+0x24C] + * 0043E1A3 85C9 TEST ECX,ECX + * 0043E1A5 75 0D JNZ SHORT .0043E1B4 + * 0043E1A7 5F POP EDI + * 0043E1A8 5E POP ESI + * 0043E1A9 5D POP EBP + * 0043E1AA B8 02000000 MOV EAX,0x2 + * 0043E1AF 5B POP EBX + * 0043E1B0 83C4 18 ADD ESP,0x18 + * 0043E1B3 C3 RETN + * 0043E1B4 8BC5 MOV EAX,EBP + * 0043E1B6 6A 00 PUSH 0x0 + * 0043E1B8 C1E0 04 SHL EAX,0x4 + * 0043E1BB 03C5 ADD EAX,EBP + * 0043E1BD 6A 00 PUSH 0x0 + * 0043E1BF 6A 00 PUSH 0x0 + * 0043E1C1 6A 00 PUSH 0x0 + * 0043E1C3 8D94C6 48BA0000 LEA EDX,DWORD PTR DS:[ESI+EAX*8+0xBA48] + * 0043E1CA 52 PUSH EDX + * 0043E1CB E8 E0DD0200 CALL .0046BFB0 + * 0043E1D0 896B 1C MOV DWORD PTR DS:[EBX+0x1C],EBP + * 0043E1D3 8B07 MOV EAX,DWORD PTR DS:[EDI] + * 0043E1D5 6A 01 PUSH 0x1 + * 0043E1D7 6A 01 PUSH 0x1 + * 0043E1D9 6A 01 PUSH 0x1 + * 0043E1DB 8BCF MOV ECX,EDI + * 0043E1DD FF90 4C010000 CALL DWORD PTR DS:[EAX+0x14C] + * 0043E1E3 8B6C24 10 MOV EBP,DWORD PTR SS:[ESP+0x10] + * 0043E1E7 8BCE MOV ECX,ESI + * 0043E1E9 C743 20 00000000 MOV DWORD PTR DS:[EBX+0x20],0x0 + * + * 0043E1F0 E8 3B46FFFF CALL .00432830 + * 0043E1F5 8987 A0030000 MOV DWORD PTR DS:[EDI+0x3A0],EAX + * 0043E1FB 8D86 84C60000 LEA EAX,DWORD PTR DS:[ESI+0xC684] ; jichi: this is scenario + * 0043E201 55 PUSH EBP + * 0043E202 50 PUSH EAX + * 0043E203 8BCF MOV ECX,EDI + * 0043E205 E8 765F0000 CALL .00444180 + * 0043E20A 8D9E 20C60000 LEA EBX,DWORD PTR DS:[ESI+0xC620] ; jichi: this is the chara name, such as KOT0 + * 0043E210 8D86 0FC60000 LEA EAX,DWORD PTR DS:[ESI+0xC60F] ; jichi: this is the name address + * 0043E216 53 PUSH EBX + * 0043E217 50 PUSH EAX + * 0043E218 8BCF MOV ECX,EDI + * 0043E21A 894424 18 MOV DWORD PTR SS:[ESP+0x18],EAX + * 0043E21E E8 0D5F0000 CALL .00444130 + * + * 0043E223 6A 01 PUSH 0x1 + * 0043E225 8BCF MOV ECX,EDI + * 0043E227 E8 04600000 CALL .00444230 + * 0043E22C 8A86 40BA0000 MOV AL,BYTE PTR DS:[ESI+0xBA40] + * 0043E232 84C0 TEST AL,AL + * 0043E234 0F84 DB000000 JE .0043E315 + * 0043E23A 8B86 18B50000 MOV EAX,DWORD PTR DS:[ESI+0xB518] + * 0043E240 85C0 TEST EAX,EAX + * 0043E242 0F84 CD000000 JE .0043E315 + * 0043E248 8B96 38B50000 MOV EDX,DWORD PTR DS:[ESI+0xB538] + * 0043E24E 8DAE 38B50000 LEA EBP,DWORD PTR DS:[ESI+0xB538] + * 0043E254 6A 00 PUSH 0x0 + * 0043E256 8BCD MOV ECX,EBP + * 0043E258 FF92 B4000000 CALL DWORD PTR DS:[EDX+0xB4] + * 0043E25E 8B86 D8B10000 MOV EAX,DWORD PTR DS:[ESI+0xB1D8] + * 0043E264 8D8E 70460000 LEA ECX,DWORD PTR DS:[ESI+0x4670] + * 0043E26A 8D96 28670000 LEA EDX,DWORD PTR DS:[ESI+0x6728] + * 0043E270 898E F8040000 MOV DWORD PTR DS:[ESI+0x4F8],ECX + * 0043E276 894424 14 MOV DWORD PTR SS:[ESP+0x14],EAX + * 0043E27A 89AE D8B10000 MOV DWORD PTR DS:[ESI+0xB1D8],EBP + * 0043E280 C686 30B50000 01 MOV BYTE PTR DS:[ESI+0xB530],0x1 + * 0043E287 8996 FC040000 MOV DWORD PTR DS:[ESI+0x4FC],EDX + * 0043E28D 8B87 AC030000 MOV EAX,DWORD PTR DS:[EDI+0x3AC] + * 0043E293 6A 01 PUSH 0x1 + * 0043E295 8D4C24 1C LEA ECX,DWORD PTR SS:[ESP+0x1C] + * 0043E299 6A 01 PUSH 0x1 + * 0043E29B 51 PUSH ECX + * 0043E29C 50 PUSH EAX + * 0043E29D 8BCD MOV ECX,EBP + * 0043E29F E8 DC570000 CALL .00443A80 + * 0043E2A4 8B5424 14 MOV EDX,DWORD PTR SS:[ESP+0x14] + * 0043E2A8 8D8E 00050000 LEA ECX,DWORD PTR DS:[ESI+0x500] + * 0043E2AE 8996 D8B10000 MOV DWORD PTR DS:[ESI+0xB1D8],EDX + * 0043E2B4 8D96 B8250000 LEA EDX,DWORD PTR DS:[ESI+0x25B8] + * 0043E2BA 85C0 TEST EAX,EAX + * 0043E2BC C686 30B50000 00 MOV BYTE PTR DS:[ESI+0xB530],0x0 + * 0043E2C3 898E F8040000 MOV DWORD PTR DS:[ESI+0x4F8],ECX + * 0043E2C9 8996 FC040000 MOV DWORD PTR DS:[ESI+0x4FC],EDX + * 0043E2CF 7E 44 JLE SHORT .0043E315 + * 0043E2D1 8A86 41BA0000 MOV AL,BYTE PTR DS:[ESI+0xBA41] + * 0043E2D7 84C0 TEST AL,AL + * 0043E2D9 74 0A JE SHORT .0043E2E5 + * 0043E2DB 33C0 XOR EAX,EAX + * 0043E2DD 8A86 42BA0000 MOV AL,BYTE PTR DS:[ESI+0xBA42] + * 0043E2E3 EB 02 JMP SHORT .0043E2E7 + * 0043E2E5 33C0 XOR EAX,EAX + * 0043E2E7 8B4C24 24 MOV ECX,DWORD PTR SS:[ESP+0x24] + * 0043E2EB 8B6C24 1C MOV EBP,DWORD PTR SS:[ESP+0x1C] + * 0043E2EF 8B97 B0030000 MOV EDX,DWORD PTR DS:[EDI+0x3B0] + * 0043E2F5 50 PUSH EAX + * 0043E2F6 8B4424 14 MOV EAX,DWORD PTR SS:[ESP+0x14] + * 0043E2FA 2BCD SUB ECX,EBP + * 0043E2FC 53 PUSH EBX + * 0043E2FD 83C1 04 ADD ECX,0x4 + * 0043E300 50 PUSH EAX + * 0043E301 8B87 AC030000 MOV EAX,DWORD PTR DS:[EDI+0x3AC] + * 0043E307 51 PUSH ECX + * 0043E308 52 PUSH EDX + * 0043E309 50 PUSH EAX + * 0043E30A 8D8E 10B50000 LEA ECX,DWORD PTR DS:[ESI+0xB510] + * 0043E310 E8 7B270000 CALL .00440A90 + * 0043E315 803B 00 CMP BYTE PTR DS:[EBX],0x0 + * 0043E318 74 0C JE SHORT .0043E326 + * 0043E31A 81C7 C9030000 ADD EDI,0x3C9 + * 0043E320 89BE 3CC60000 MOV DWORD PTR DS:[ESI+0xC63C],EDI + * 0043E326 8B4C24 10 MOV ECX,DWORD PTR SS:[ESP+0x10] + * 0043E32A 8D86 84C60000 LEA EAX,DWORD PTR DS:[ESI+0xC684] + * 0043E330 8986 84D60000 MOV DWORD PTR DS:[ESI+0xD684],EAX + * 0043E336 5F POP EDI + * 0043E337 5E POP ESI + * 0043E338 C603 00 MOV BYTE PTR DS:[EBX],0x0 + * 0043E33B 5D POP EBP + * 0043E33C C601 00 MOV BYTE PTR DS:[ECX],0x0 + * 0043E33F 33C0 XOR EAX,EAX + * 0043E341 5B POP EBX + * 0043E342 83C4 18 ADD ESP,0x18 + * 0043E345 C3 RETN + * 0043E346 90 NOP + * 0043E347 90 NOP + * 0043E348 90 NOP + * 0043E349 90 NOP + * 0043E34A 90 NOP + * 0043E34B 90 NOP + */ +bool attach(ULONG startAddress, ULONG stopAddress) // attach scenario +{ + const uint8_t bytes[] = { + 0xe8, XX4, // 0043e1f0 e8 3b46ffff call .00432830 + 0x89,0x87, XX4, // 0043e1f5 8987 a0030000 mov dword ptr ds:[edi+0x3a0],eax + 0x8d,0x86, XX4, // 0043e1fb 8d86 84c60000 lea eax,dword ptr ds:[esi+0xc684] ; jichi: this is scenario + // 0043e201 55 push ebp + // 0043e202 50 push eax + XX4, // 0043e203 8bcf mov ecx,edi + 0xe8, XX4, // 0043e205 e8 765f0000 call .00444180 + 0x8d,0x9e, XX4, // 0043e20a 8d9e 20c60000 lea ebx,dword ptr ds:[esi+0xc620] ; jichi: this is the chara name, such as kot0 + 0x8d,0x86, XX4, // 0043e210 8d86 0fc60000 lea eax,dword ptr ds:[esi+0xc60f] ; jichi: this is the name address + 0x53, // 0043e216 53 push ebx + 0x50, // 0043e217 50 push eax + 0x8b,0xcf, // 0043e218 8bcf mov ecx,edi + 0x89,0x44,0x24, XX, // 0043e21a 894424 18 mov dword ptr ss:[esp+0x18],eax + 0xe8 //, XX4 // 0043e21e e8 0d5f0000 call .00444130 + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if (!addr) + return false; + + Private::scenarioOffset_ = *(DWORD *)(addr + 2 + 0x0043e1fb - 0x0043e1f0); + Private::nameOffset_ = *(DWORD *)(addr + 2 + 0x0043e210 - 0x0043e1f0); + if ((Private::scenarioOffset_ >> 16) || // offset high bits are zero + (Private::nameOffset_ >> 16)) + return false; + + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) + return false; + HookParam hp; + hp.address=addr; + hp.type=EMBED_ABLE|EMBED_DYNA_SJIS; + hp.hook_before=Private::hookBefore; + hp.hook_after=Private::hookafter; + hp.hook_font=F_GetGlyphOutlineA|F_GetTextExtentPoint32A; + return NewHook(hp,"EmbedLucifen"); +} +} // namespace ScenarioHook + +namespace ChoiceHook { +namespace Private { + + bool hookBefore(hook_stack*s,void* data, size_t* len1,uintptr_t*role) + { + static std::string data_; + auto text = (LPCSTR)s->stack[0]; // arg1 is text + if (!text || !*text) + return text; + *role=Engine::ChoiceRole; + std::string oldData =text; + strcpy((char*)data,oldData.c_str());*len1=oldData.size(); + return true; + } + void hookafter(hook_stack*s,void* data, size_t len1){ + + auto newData =std::string((char*)data,len1); + strcpy((char*)s->stack[0], newData.c_str()); + } + +} // namespace Private + +/** + * Debugging method: + * - Hijack GetGlyphOutlineA + * - Backtrack stack to find text that used as argument + * + * Sample game: プリズム・プリンセス + * + * Text in arg1. + * + * The function is only called by one caller. + * I suspect it is a virtual function, and hence caller is hooked. + * + * 0044235E 90 NOP + * 0044235F 90 NOP + * 00442360 83EC 08 SUB ESP,0x8 + * 00442363 53 PUSH EBX + * 00442364 56 PUSH ESI + * 00442365 8BF1 MOV ESI,ECX + * 00442367 BB 01000000 MOV EBX,0x1 + * 0044236C 8A86 E2050000 MOV AL,BYTE PTR DS:[ESI+0x5E2] + * 00442372 84C0 TEST AL,AL + * 00442374 75 14 JNZ SHORT .0044238A + * 00442376 889E BD040000 MOV BYTE PTR DS:[ESI+0x4BD],BL + * 0044237C E8 BFFAFFFF CALL .00441E40 + * 00442381 85C0 TEST EAX,EAX + * 00442383 0F94C0 SETE AL + * 00442386 84C0 TEST AL,AL + * 00442388 74 16 JE SHORT .004423A0 + * 0044238A 53 PUSH EBX + * 0044238B 6A 00 PUSH 0x0 + * 0044238D 8BCE MOV ECX,ESI + * 0044238F E8 2C80FFFF CALL .0043A3C0 + * 00442394 85C0 TEST EAX,EAX + * 00442396 74 16 JE SHORT .004423AE + * 00442398 5E POP ESI + * 00442399 5B POP EBX + * 0044239A 83C4 08 ADD ESP,0x8 + * 0044239D C2 0400 RETN 0x4 + * 004423A0 8B86 88040000 MOV EAX,DWORD PTR DS:[ESI+0x488] + * 004423A6 8BCE MOV ECX,ESI + * 004423A8 50 PUSH EAX + * 004423A9 E8 32120700 CALL .004B35E0 + * 004423AE 8B96 949E0000 MOV EDX,DWORD PTR DS:[ESI+0x9E94] + * 004423B4 55 PUSH EBP + * 004423B5 8DAE 949E0000 LEA EBP,DWORD PTR DS:[ESI+0x9E94] + * 004423BB 57 PUSH EDI + * 004423BC 8BCD MOV ECX,EBP + * 004423BE C686 BD040000 00 MOV BYTE PTR DS:[ESI+0x4BD],0x0 + * 004423C5 FF92 80000000 CALL DWORD PTR DS:[EDX+0x80] + * 004423CB 8B86 44040000 MOV EAX,DWORD PTR DS:[ESI+0x444] + * 004423D1 85C0 TEST EAX,EAX + * 004423D3 74 05 JE SHORT .004423DA + * 004423D5 83C0 18 ADD EAX,0x18 + * 004423D8 EB 02 JMP SHORT .004423DC + * 004423DA 33C0 XOR EAX,EAX + * 004423DC 8B8E A0A00000 MOV ECX,DWORD PTR DS:[ESI+0xA0A0] + * 004423E2 8B7C24 1C MOV EDI,DWORD PTR SS:[ESP+0x1C] + * 004423E6 8B55 00 MOV EDX,DWORD PTR SS:[EBP] + * 004423E9 51 PUSH ECX + * 004423EA 8B4F 4C MOV ECX,DWORD PTR DS:[EDI+0x4C] + * 004423ED 51 PUSH ECX + * 004423EE 50 PUSH EAX + * 004423EF 8BCD MOV ECX,EBP + * 004423F1 FF92 AC000000 CALL DWORD PTR DS:[EDX+0xAC] + * 004423F7 B8 02000000 MOV EAX,0x2 + * 004423FC 8D4F 08 LEA ECX,DWORD PTR DS:[EDI+0x8] + * 004423FF 8339 00 CMP DWORD PTR DS:[ECX],0x0 + * 00442402 74 0B JE SHORT .0044240F + * 00442404 83C0 02 ADD EAX,0x2 + * 00442407 83C1 08 ADD ECX,0x8 + * 0044240A 83F8 12 CMP EAX,0x12 + * 0044240D ^7C F0 JL SHORT .004423FF + * 0044240F D1F8 SAR EAX,1 + * 00442411 48 DEC EAX + * 00442412 8BF8 MOV EDI,EAX + * 00442414 8A86 30A60000 MOV AL,BYTE PTR DS:[ESI+0xA630] + * 0044241A 84C0 TEST AL,AL + * 0044241C 897C24 14 MOV DWORD PTR SS:[ESP+0x14],EDI + * 00442420 89BE 9CA00000 MOV DWORD PTR DS:[ESI+0xA09C],EDI + * 00442426 0F84 B9000000 JE .004424E5 + * 0044242C 8B86 C0A00000 MOV EAX,DWORD PTR DS:[ESI+0xA0C0] + * 00442432 85C0 TEST EAX,EAX + * 00442434 0F84 AB000000 JE .004424E5 + * 0044243A 57 PUSH EDI + * 0044243B 8D8E B8A00000 LEA ECX,DWORD PTR DS:[ESI+0xA0B8] + * 00442441 885C24 17 MOV BYTE PTR SS:[ESP+0x17],BL + * 00442445 E8 46270000 CALL .00444B90 + * 0044244A 33DB XOR EBX,EBX + * 0044244C 85FF TEST EDI,EDI + * 0044244E 7E 64 JLE SHORT .004424B4 + * 00442450 8B5424 1C MOV EDX,DWORD PTR SS:[ESP+0x1C] + * 00442454 8D7A 0C LEA EDI,DWORD PTR DS:[EDX+0xC] + * 00442457 8A941E B8040000 MOV DL,BYTE PTR DS:[ESI+EBX+0x4B8] + * 0044245E 8B45 00 MOV EAX,DWORD PTR SS:[EBP] + * 00442461 6A 00 PUSH 0x0 + * 00442463 6A 00 PUSH 0x0 + * 00442465 84D2 TEST DL,DL + * 00442467 8B17 MOV EDX,DWORD PTR DS:[EDI] + * 00442469 6A 00 PUSH 0x0 + * 0044246B 0F954424 28 SETNE BYTE PTR SS:[ESP+0x28] + * 00442470 8B4C24 28 MOV ECX,DWORD PTR SS:[ESP+0x28] + * 00442474 6A 00 PUSH 0x0 + * 00442476 6A FF PUSH -0x1 + * 00442478 6A 00 PUSH 0x0 + * 0044247A 6A FF PUSH -0x1 + * 0044247C 51 PUSH ECX + * 0044247D 6A 00 PUSH 0x0 + * 0044247F 52 PUSH EDX + * 00442480 8BCD MOV ECX,EBP + * 00442482 FF90 84000000 CALL DWORD PTR DS:[EAX+0x84] ; .004BBD00 ; jichi: text called here, text on the top + * 00442488 8A4424 13 MOV AL,BYTE PTR SS:[ESP+0x13] + * 0044248C 84C0 TEST AL,AL + * 0044248E 74 18 JE SHORT .004424A8 + * 00442490 8A5424 1C MOV DL,BYTE PTR SS:[ESP+0x1C] + * 00442494 8B0F MOV ECX,DWORD PTR DS:[EDI] + * 00442496 84D2 TEST DL,DL + * 00442498 0F94C0 SETE AL + * 0044249B 50 PUSH EAX + * 0044249C 51 PUSH ECX + * 0044249D 8D8E B8A00000 LEA ECX,DWORD PTR DS:[ESI+0xA0B8] + * 004424A3 E8 48280000 CALL .00444CF0 + * 004424A8 8B4424 14 MOV EAX,DWORD PTR SS:[ESP+0x14] + * 004424AC 83C7 08 ADD EDI,0x8 + * 004424AF 43 INC EBX + * 004424B0 3BD8 CMP EBX,EAX + * 004424B2 ^7C A3 JL SHORT .00442457 + * 004424B4 8A4424 13 MOV AL,BYTE PTR SS:[ESP+0x13] + * 004424B8 5F POP EDI + * 004424B9 84C0 TEST AL,AL + * 004424BB 5D POP EBP + * 004424BC 74 12 JE SHORT .004424D0 + * 004424BE 8D96 34A60000 LEA EDX,DWORD PTR DS:[ESI+0xA634] + * 004424C4 8D8E B8A00000 LEA ECX,DWORD PTR DS:[ESI+0xA0B8] + * 004424CA 52 PUSH EDX + * 004424CB E8 B0280000 CALL .00444D80 + * 004424D0 33C0 XOR EAX,EAX + * 004424D2 81C6 B8040000 ADD ESI,0x4B8 + * 004424D8 8906 MOV DWORD PTR DS:[ESI],EAX + * 004424DA 8846 04 MOV BYTE PTR DS:[ESI+0x4],AL + * 004424DD 5E POP ESI + * 004424DE 5B POP EBX + * 004424DF 83C4 08 ADD ESP,0x8 + * 004424E2 C2 0400 RETN 0x4 + * 004424E5 C64424 13 00 MOV BYTE PTR SS:[ESP+0x13],0x0 + * 004424EA ^E9 5BFFFFFF JMP .0044244A + * 004424EF 90 NOP + * 004424F0 8B4424 04 MOV EAX,DWORD PTR SS:[ESP+0x4] + * 004424F4 8B40 04 MOV EAX,DWORD PTR DS:[EAX+0x4] + * 004424F7 85C0 TEST EAX,EAX + * 004424F9 7C 0D JL SHORT .00442508 + * 004424FB 83F8 05 CMP EAX,0x5 + * 004424FE 7D 08 JGE SHORT .00442508 + * 00442500 C68408 B8040000 >MOV BYTE PTR DS:[EAX+ECX+0x4B8],0x1 + * 00442508 33C0 XOR EAX,EAX + * 0044250A C2 0400 RETN 0x4 + * 0044250D 90 NOP + * 0044250E 90 NOP + */ +bool attach(ULONG startAddress, ULONG stopAddress) // attach scenario +{ + const uint8_t bytes[] = { + 0xff,0x90, 0x84,0x00,0x00,0x00, // 00442482 ff90 84000000 call dword ptr ds:[eax+0x84] ; .004bbd00 ; jichi: text called here, text on the top + 0x8a,0x44,0x24, 0x13 // 00442488 8a4424 13 mov al,byte ptr ss:[esp+0x13] + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if(addr==0)return false; + HookParam hp; + hp.address=addr; + hp.type=EMBED_ABLE|EMBED_DYNA_SJIS; + hp.hook_before=Private::hookBefore; + hp.hook_after=Private::hookafter; + hp.hook_font=F_GetGlyphOutlineA|F_GetTextExtentPoint32A; + return NewHook(hp,"lucifen_choice"); +} +} // namespace ChoiceHook + + size_t countZero(const char *s, size_t limit=1500) +{ + size_t count = 0; + for (auto p = s; !*p && count < limit; p++, count++); + return count == limit ? 0 : count; +}bool hookBefore(hook_stack*s,void* data, size_t* len1,uintptr_t*role) + { + auto text = (LPSTR)s->stack[1]; // arg1 is text + if (!text || ::strlen(text) <= 2 ) + return false; + *role=Engine::OtherRole; + std::string oldData =text; + strcpy((char*)data,oldData.c_str());*len1=oldData.size(); + return true; + } + void hookafter(hook_stack*s,void* data, size_t len1){ + auto text = (LPSTR)s->stack[1]; // arg1 is text + + enum { role = Engine::OtherRole };std::string oldData = text ; + auto split = s->stack[0]; + auto newData =std::string((char*)data,len1); + size_t capacity = countZero(text + oldData.size()); + if (!capacity) + return ; + capacity += oldData.size() - 1; + if (newData.size() > capacity) + newData = newData.substr(0,capacity); + if (newData.size() < oldData.size()) + ::memset(text + newData.size(), 0, oldData.size() - newData.size()); + ::strcpy(text, newData.c_str()); + return ; + } +bool attach11(ULONG startAddress, ULONG stopAddress) // attach scenario +{ + //这个的对话都是一个个字的,但是名字是连续的。 + const uint8_t bytes[] = { + 0x83,0xec, 0x14, // 00461ca0 83ec 14 sub esp,0x14 + 0x33,0xd2, // 00461ca3 33d2 xor edx,edx + 0x55, // 00461ca5 55 push ebp + 0x56, // 00461ca6 56 push esi + 0x8b,0x74,0x24, 0x20, // 00461ca7 8b7424 20 mov esi,dword ptr ss:[esp+0x20] + 0x8b,0xe9, // 00461cab 8be9 mov ebp,ecx + 0x3b,0xf2, // 00461cad 3bf2 cmp esi,edx + 0x0f,0x84, 0x55,0x02,0x00,0x00, // 00461caf 0f84 55020000 je .00461f0a + 0x39,0x55, 0x08, // 00461cb5 3955 08 cmp dword ptr ss:[ebp+0x8],edx + 0x0f,0x84, 0x4c,0x02,0x00,0x00, // 00461cb8 0f84 4c020000 je .00461f0a + 0x8b,0x85, 0x74,0x20,0x00,0x00 // 00461cbe 8b85 74200000 mov eax,dword ptr ss:[ebp+0x2074] + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if(addr==0)return false; + HookParam hp; + hp.address=addr; + hp.offset=get_stack(1); + hp.type=EMBED_ABLE|EMBED_DYNA_SJIS; + hp.hook_after=hookafter; + hp.hook_before=hookBefore; + hp.hook_font=F_GetGlyphOutlineA|F_GetTextExtentPoint32A; + return NewHook(hp,"Embedlucifen2"); + +} +} +bool Lucifen::attach_function() { + bool b1=ScenarioHook::attach(processStartAddress,processStopAddress)|| attach_navel(processStartAddress,processStopAddress); + if(b1){ + ChoiceHook::attach(processStartAddress,processStopAddress); + attach11(processStartAddress,processStopAddress); + } + + bool succ=InsertLucifenHook(); + succ|=hook(); + return succ; +} \ No newline at end of file diff --git a/LunaHook/engine32/lucifen.h b/LunaHook/engine32/lucifen.h new file mode 100644 index 0000000..afe9d1a --- /dev/null +++ b/LunaHook/engine32/lucifen.h @@ -0,0 +1,11 @@ +#include"engine.h" + +class Lucifen:public ENGINE{ + public: + Lucifen(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"*.lpk"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/mono.cpp b/LunaHook/engine32/mono.cpp new file mode 100644 index 0000000..5e85093 --- /dev/null +++ b/LunaHook/engine32/mono.cpp @@ -0,0 +1,57 @@ +#include"mono.h" +#include"mono/monocommon.hpp" +#include "mono/monoobject.h" + +bool monobdwgc() { + + HMODULE module = GetModuleHandleW(L"mono-2.0-bdwgc.dll"); + if (module == 0)return false; + auto [minAddress, maxAddress] = Util::QueryModuleLimits(module); + BYTE bytes[] = { + 0x3D,0x00,0x00,0x01,0x00, + 0x73,XX, + 0xb8,0x03,0x00,0x00,0x00, + 0xEB,XX + }; + auto addrs =Util::SearchMemory(bytes, sizeof(bytes),PAGE_EXECUTE, minAddress, maxAddress); + auto succ=false; + for (auto addr : addrs) { + ConsoleOutput("monobdwgcdll %p", addr); + HookParam hp; + hp.address = (DWORD)addr; + hp.offset=get_reg(regs::eax); + hp.type = CODEC_UTF16|NO_CONTEXT; + succ|=NewHook(hp, "monobdwgcdll"); + } + return succ; +} +bool monodll() { + + HMODULE module = GetModuleHandleW(L"mono.dll"); + if (module == 0)return false; + auto [minAddress, maxAddress] = Util::QueryModuleLimits(module); + BYTE bytes[] = { + 0x81,0xFB,XX4, + 0x73 + }; + auto addrs = Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE, minAddress, maxAddress); + auto succ=false; + for (auto addr : addrs) { + ConsoleOutput("monodll %p", addr); + HookParam hp; + hp.address = (DWORD)addr; + hp.offset=get_reg(regs::ebx); + hp.type = CODEC_UTF16|NO_CONTEXT; + succ|=NewHook(hp, "monodll"); + } + return succ; +} + + +bool mono::attach_function() { + bool il2=monocommon::il2cpp(); + bool bmonobdwgc=monobdwgc(); + bool bmonodll=monodll(); + bool mono=monocommon::hook_mono(); + return il2||bmonobdwgc||bmonodll||mono; +} \ No newline at end of file diff --git a/LunaHook/engine32/mono.h b/LunaHook/engine32/mono.h new file mode 100644 index 0000000..118bbf7 --- /dev/null +++ b/LunaHook/engine32/mono.h @@ -0,0 +1,10 @@ +#include"engine.h" + +class mono:public ENGINE{ + public: + mono(){ + + check_by=CHECK_BY::ALL_TRUE; + }; + bool attach_function(); +}; diff --git a/LunaHook/engine32/morning.cpp b/LunaHook/engine32/morning.cpp new file mode 100644 index 0000000..8e918bd --- /dev/null +++ b/LunaHook/engine32/morning.cpp @@ -0,0 +1,61 @@ +#include"morning.h" + +regs mov_xl_exx(int reg) { + auto off = regs::invalid; + reg = reg & 7; + switch (reg) { + case 3: + off = regs::ebx; break; + case 0: + off = regs::eax; break; + case 1: + off = regs::ecx; break; + case 2: + off = regs::edx; break; + case 6: + off = regs::esi; break; + case 7: + off = regs::edi; break; + } + return off; +} + +bool shiftjis81() { + //morning + /*if (((unsigned __int8)*a7 < 0x81u || (unsigned __int8)*a7 > 0x9Fu) + && ((unsigned __int8)*a7 < 0xE0u || (unsigned __int8)*a7 > 0xFCu))*/ + const BYTE bytes81[] = { + 0x8A,XX, + 0x81,XX,0x81,0x00,0x00,0x00 + }; + const BYTE bytes81eax[] = { + 0x8A,XX, + XX,0x81,0x00,0x00,0x00 + }; + + int idx = 0; + auto succ=false; + for (auto bs : { bytes81,bytes81eax}) { + for (auto addr : Util::SearchMemory(bs, idx ? 7 : 8, PAGE_EXECUTE, processStartAddress, processStopAddress)) { + + int jumpxxop = *(((BYTE*)addr) + (idx ? 7 : 8)); + if (jumpxxop < 0x7c || jumpxxop>0x7f)continue; + auto off = mov_xl_exx(*(((BYTE*)addr) + 1)); + if (off == regs::invalid)continue; + HookParam hp; + hp.address = addr; + hp.offset =get_reg(off); + hp.type = USING_STRING | NO_CONTEXT; + succ|=NewHook(hp, "shiftjis819fefc"); + } + idx += 1; + } + + + return succ; +} + + +bool morning::attach_function() { + return shiftjis81(); +} \ No newline at end of file diff --git a/LunaHook/engine32/morning.h b/LunaHook/engine32/morning.h new file mode 100644 index 0000000..515aa20 --- /dev/null +++ b/LunaHook/engine32/morning.h @@ -0,0 +1,12 @@ +#include"engine.h" + +class morning:public ENGINE{ + public: + morning(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"*.ttd"; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/pchooks.cpp b/LunaHook/engine32/pchooks.cpp new file mode 100644 index 0000000..2b25603 --- /dev/null +++ b/LunaHook/engine32/pchooks.cpp @@ -0,0 +1,11 @@ +#include"pchooks.h" + +bool pchooks::attach_function() { + for (std::wstring DXVersion : { L"d3dx9", L"d3dx10" }) + if (HMODULE module = GetModuleHandleW(DXVersion.c_str())) PcHooks::hookD3DXFunctions(module); + else for (int i = 0; i < 50; ++i) + if (HMODULE module = GetModuleHandleW((DXVersion + L"_" + std::to_wstring(i)).c_str())) PcHooks::hookD3DXFunctions(module); + PcHooks::hookGDIFunctions(); + PcHooks::hookGDIPlusFunctions(); + return true; +} \ No newline at end of file diff --git a/LunaHook/engine32/pchooks.h b/LunaHook/engine32/pchooks.h new file mode 100644 index 0000000..1990171 --- /dev/null +++ b/LunaHook/engine32/pchooks.h @@ -0,0 +1,11 @@ +#include"engine.h" + +class pchooks:public ENGINE{ + public: + pchooks(){ + + check_by=CHECK_BY::ALL_TRUE; + dontstop=true; + }; + bool attach_function(); +}; diff --git a/LunaHook/engine32/sakanagl.cpp b/LunaHook/engine32/sakanagl.cpp new file mode 100644 index 0000000..7c9a815 --- /dev/null +++ b/LunaHook/engine32/sakanagl.cpp @@ -0,0 +1,20 @@ +#include"sakanagl.h" + +bool sakanagl::attach_function() { + //年上お姉さんを独り占めしたい! + //https://store.steampowered.com/app/2541470/__Possessing_My_Older_Sister/?l=japanese + HMODULE module = GetModuleHandleW(L"sakanagl.dll"); + if (module == 0)return false; + auto [minAddress, maxAddress] = Util::QueryModuleLimits(module); + BYTE bytes[] = { + 0x89,0x01,0x33,0xc9,0x85,0xdb + }; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), minAddress, maxAddress); + + ConsoleOutput("sakanagldll %p", addr); + HookParam hp; + hp.address = (DWORD)addr; + hp.offset=get_reg(regs::edx); + hp.type = USING_STRING|CODEC_UTF8|EMBED_ABLE|EMBED_BEFORE_SIMPLE|EMBED_AFTER_NEW; + return NewHook(hp, "sakanagldll"); +} \ No newline at end of file diff --git a/LunaHook/engine32/sakanagl.h b/LunaHook/engine32/sakanagl.h new file mode 100644 index 0000000..da4f0ae --- /dev/null +++ b/LunaHook/engine32/sakanagl.h @@ -0,0 +1,14 @@ +#include"engine.h" + +class sakanagl:public ENGINE{ + public: + sakanagl(){ + + check_by=CHECK_BY::CUSTOM; + is_engine_certain=false; + check_by_target=[](){ + return GetModuleHandleW(L"sakanagl.dll"); + }; + }; + bool attach_function(); +}; diff --git a/LunaHook/engine32/sakusesu.cpp b/LunaHook/engine32/sakusesu.cpp new file mode 100644 index 0000000..9161d4d --- /dev/null +++ b/LunaHook/engine32/sakusesu.cpp @@ -0,0 +1,44 @@ +#include"sakusesu.h" + +bool sakusesu::attach_function() { + + +//if ((unsigned __int8)v1 >= 0x20u) +// { +// if ((unsigned __int8)v1 >= 0x80u) +// { +// if ((unsigned __int8)v1 >= 0xA0u) +// { +// if ((unsigned __int8)v1 < 0xC0u) + const BYTE bytesa0[] = { + 0x3C,0xA0,0x73 + }; + const BYTE bytesc0[] = { + 0x3C,0xc0,0x73 + }; + const BYTE bytes80[] = { + 0x3C,0x80,0x73 + }; + auto succ=false; + for (auto bs : { bytesa0,bytes80,bytesc0 }) { + auto addr = MemDbg::findBytes(bs, 3, processStartAddress, processStopAddress); + if (addr == 0)continue; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (addr == 0)continue; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.type = USING_STRING; + succ|=NewHook(hp, "sakusesu"); + for (auto xrefaddr : findxref_reverse(addr, addr - 0x10000, addr + 0x10000)) { + xrefaddr = MemDbg::findEnclosingAlignedFunction(xrefaddr); + if (xrefaddr == 0)continue; + HookParam hp; + hp.address = xrefaddr; + hp.offset=get_stack(1); + hp.type = USING_STRING; + succ|=NewHook(hp, "sakusesu"); + } + } + return succ; +} \ No newline at end of file diff --git a/LunaHook/engine32/sakusesu.h b/LunaHook/engine32/sakusesu.h new file mode 100644 index 0000000..8a16b6f --- /dev/null +++ b/LunaHook/engine32/sakusesu.h @@ -0,0 +1,13 @@ +#include"engine.h" + +class sakusesu:public ENGINE{ + public: + sakusesu(){ + //サクセス + + check_by=CHECK_BY::FILE; + check_by_target=L"SCRIPT/*.AFS"; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine32/shyakunage.cpp b/LunaHook/engine32/shyakunage.cpp new file mode 100644 index 0000000..d68ad1a --- /dev/null +++ b/LunaHook/engine32/shyakunage.cpp @@ -0,0 +1,17 @@ +#include"shyakunage.h" + +bool shyakunage::attach_function() { + //しゃくなげ + const BYTE bytes[] = { + 0x25,0xff,0xff,0x00,0x00,0xc1,0xe8,0x04 + }; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (addr == 0)return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (addr == 0)return false; + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::edx); + hp.type = USING_STRING; + return NewHook(hp, "shyakunage"); +} \ No newline at end of file diff --git a/LunaHook/engine32/shyakunage.h b/LunaHook/engine32/shyakunage.h new file mode 100644 index 0000000..c7236ea --- /dev/null +++ b/LunaHook/engine32/shyakunage.h @@ -0,0 +1,12 @@ +#include"engine.h" + +class shyakunage:public ENGINE{ + public: + shyakunage(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"image.dat"; + is_engine_certain=false; + }; + bool attach_function(); +}; diff --git a/LunaHook/engine32/utawarerumono.cpp b/LunaHook/engine32/utawarerumono.cpp new file mode 100644 index 0000000..d2fa83e --- /dev/null +++ b/LunaHook/engine32/utawarerumono.cpp @@ -0,0 +1,55 @@ +#include"utawarerumono.h" + +bool utawarerumonoh() { + const BYTE bytes[] = { + 0x80,XX,0x5C, + 0x75 + //*a2 != 92 || a2[1] != 107 + }; + const BYTE bytes2[] = { + 0x80,XX,XX,XX,0x5C, + 0x75 + }; + auto addr1 = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + auto addr2 = MemDbg::findBytes(bytes2, sizeof(bytes2), processStartAddress, processStopAddress); + auto succ=false; + for (auto addr : { addr1,addr2 }) { + if (addr == 0)continue; + const BYTE funcstart[] = { + 0x51,0x53 + }; + addr = reverseFindBytes(funcstart, sizeof(funcstart), addr - 0x100, addr); + if (addr == 0)return false; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.type = CODEC_UTF8 | USING_STRING | NO_CONTEXT; + ConsoleOutput("utawarerumono"); + succ|=NewHook(hp, "utawarerumono"); + } + return succ; +} +bool utawarerumonoh2() { + const BYTE bytes2[] = { + 0x8b,0xca, + 0xc1,0xe9,0x02, + 0xf3,0xa5 + }; + auto addr2 = Util::SearchMemory(bytes2, sizeof(bytes2),PAGE_EXECUTE, processStartAddress, processStopAddress); + auto succ=false; + for (auto addr : addr2) { + HookParam hp; + hp.address = addr+2; + hp.offset=get_reg(regs::esi); + hp.type = CODEC_UTF8 | USING_STRING|NO_CONTEXT; + ConsoleOutput("utawarerumono %p",addr); + succ|=NewHook(hp, "utawarerumono"); + } + return succ; +} + +bool utawarerumono::attach_function() { + bool b1=utawarerumonoh(); + bool b2=utawarerumonoh2(); + return b1||b2; +} \ No newline at end of file diff --git a/LunaHook/engine32/utawarerumono.h b/LunaHook/engine32/utawarerumono.h new file mode 100644 index 0000000..8e653ee --- /dev/null +++ b/LunaHook/engine32/utawarerumono.h @@ -0,0 +1,12 @@ +#include"engine.h" + +class utawarerumono:public ENGINE{ + public: + utawarerumono(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"Data/*.sdat"; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine64/5pb.cpp b/LunaHook/engine64/5pb.cpp new file mode 100644 index 0000000..3f8859a --- /dev/null +++ b/LunaHook/engine64/5pb.cpp @@ -0,0 +1,10 @@ +#include"5pb.h" +#include"mages/mages.hpp" + +bool _5pb::attach_function() { + //CHAOS;HEAD_NOAH + bool b3=mages::MAGES(); + return b3; +} + + \ No newline at end of file diff --git a/LunaHook/engine64/5pb.h b/LunaHook/engine64/5pb.h new file mode 100644 index 0000000..9bcc566 --- /dev/null +++ b/LunaHook/engine64/5pb.h @@ -0,0 +1,13 @@ +#include"engine.h" + +class _5pb:public ENGINE{ + public: + _5pb(){ + is_engine_certain=false; + check_by=CHECK_BY::FILE_ANY; + check_by_target=check_by_list{ L"data\\*.cpk",L"*.cpk"}; + + }; + bool attach_function(); +}; + \ No newline at end of file diff --git a/LunaHook/engine64/AGES7.cpp b/LunaHook/engine64/AGES7.cpp new file mode 100644 index 0000000..abea848 --- /dev/null +++ b/LunaHook/engine64/AGES7.cpp @@ -0,0 +1,80 @@ +#include"AGES7.h" +namespace{ + //Muv-Luv Alternative - Total Eclipse + //https://vndb.org/v7052 + bool _1(){ + //HSN65001#-44@234699:te-win64vc14-release.exe + BYTE b1[]={ + 0x48,XX2,0xb0,0xfe,0xff,0xff, + 0x4c,XX2,0xb8,0x01,0x00,0x00, + + }; + auto addr=MemDbg::findBytes(b1,sizeof(b1),processStartAddress,processStopAddress); + if(addr==0)return false; + HookParam hp; + hp.address=addr; + hp.type=USING_STRING|CODEC_UTF8|NO_CONTEXT; + hp.offset=get_reg(regs::rdi); + auto succ=NewHook(hp,"Ages7_1"); + if(addr=MemDbg::findEnclosingAlignedFunction(addr)){ + hp.address=addr; + hp.type=USING_STRING|CODEC_UTF8|NO_CONTEXT; + hp.offset=get_reg(regs::rbx); + succ|=NewHook(hp,"Ages7_3"); + } + return succ; + } + bool _2(){ + //HSN65001#-44@2346AC:te-win64vc14-release.exe + BYTE b1[]={ + 0x48,XX2,0x10, + 0x48,XX2,0xb0,0x01,0x00,0x00, + XX2,0xc0,0x08,0x00,0x00 + + }; + auto addr=MemDbg::findBytes(b1,sizeof(b1),processStartAddress,processStopAddress); + if(addr==0)return false; + HookParam hp; + hp.address=addr; + hp.type=USING_STRING|CODEC_UTF8|NO_CONTEXT; + hp.offset=get_reg(regs::rdi); + auto suc=NewHook(hp,"Ages7_2"); + if(addr=MemDbg::findEnclosingAlignedFunction(addr)){ + hp.address=addr; + hp.type=USING_STRING|CODEC_UTF8|NO_CONTEXT; + hp.offset=get_reg(regs::rbx); + suc|=NewHook(hp,"Ages7_3"); + } + return suc; + } + bool _3(){ + //HSN65001#-14@3D9814:te-win64vc14-release.exe + BYTE b1[]={ + 0x48,0x8b,0x1b, + 0x48,0x8b,0x01, + 0x48,0x8b,0xd3, + 0xff,0x10, + 0x48,0x8b,0x45,0xc8, + 0x48,0x8b,0x4d,0xc0, + 0x48,0x2b,0xc1, + 0x48,0xc1,0xf8,0x03, + 0x48,0x85,0xc0, + }; + auto addr=MemDbg::findBytes(b1,sizeof(b1),processStartAddress,processStopAddress); + if(addr==0)return false; + HookParam hp; + hp.address=addr+3; + hp.type=USING_STRING|CODEC_UTF8|NO_CONTEXT; + hp.offset=get_reg(regs::rbx); + return NewHook(hp,"Ages7_4"); + } + bool all(){ + auto _=_1(); + _=_2()||_; + _=_3()||_; + return _; + } +} +bool AGES7::attach_function(){ + return all(); +} \ No newline at end of file diff --git a/LunaHook/engine64/AGES7.h b/LunaHook/engine64/AGES7.h new file mode 100644 index 0000000..b2abb41 --- /dev/null +++ b/LunaHook/engine64/AGES7.h @@ -0,0 +1,12 @@ +#include"engine.h" + +class AGES7:public ENGINE{ + public: + AGES7(){ + + check_by=CHECK_BY::FILE_ALL; + check_by_target=check_by_list{L"obb\\pack.bin",L"erc_nospfx.dll"}; + + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine64/Artemis.cpp b/LunaHook/engine64/Artemis.cpp new file mode 100644 index 0000000..8bf8d70 --- /dev/null +++ b/LunaHook/engine64/Artemis.cpp @@ -0,0 +1,54 @@ +#include"Artemis.h" + +bool InsertArtemisHook() { + + /* + * Sample games: + * https://vndb.org/v45247 + */ + const BYTE bytes[] = { + 0xCC, // int 3 + 0x40, 0x57, // push rdi <- hook here + 0x48, 0x83, 0xEC, 0x40, // sub rsp,40 + 0x48, 0xC7, 0x44, 0x24, 0x30, XX4, // mov qword ptr [rsp+30],FFFFFFFFFFFFFFFE + 0x48, 0x89, 0x5C, 0x24, 0x50 // mov [rsp+50],rbx + }; + + for (auto addr : Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE, processStartAddress, processStopAddress)) { + HookParam hp; + hp.address = addr + 1; + hp.offset=get_reg(regs::rdi); + hp.type = USING_STRING | CODEC_UTF8 | NO_CONTEXT; + ConsoleOutput("INSERT Artemis Hook "); + return NewHook(hp, "Artemis"); + } + + ConsoleOutput("Artemis: pattern not found"); + return false; + } +bool Artemis64() { + + const BYTE BYTES[] = { + 0x48,0x89,0x5C,0x24,0x20,0x55,0x56,0x57,0x41,0x54,0x41,0x55,0x41,0x56,0x41,0x57,0x48,0x83,0xec,0x60 + //__int64 __fastcall sub_14017A760(__int64 a1, char *a2, char **a3) + //FLIP FLOP IO + }; + auto addrs = Util::SearchMemory(BYTES, sizeof(BYTES), PAGE_EXECUTE_READ, processStartAddress, processStopAddress); + for (auto addr : addrs) { + char info[1000] = {}; + ConsoleOutput("InsertArtemis64Hook %p", addr); + HookParam hp; + hp.address = addr; + hp.type = CODEC_UTF8 | USING_STRING|EMBED_ABLE|EMBED_BEFORE_SIMPLE|EMBED_AFTER_NEW; + hp.offset=get_reg(regs::rdx);//rdx + return NewHook(hp, "Artemis64"); + } + + ConsoleOutput("InsertArtemis64Hook failed"); + return false; +} +bool Artemis::attach_function() { + bool b1=Artemis64(); + b1=InsertArtemisHook()||b1; + return b1; +} \ No newline at end of file diff --git a/LunaHook/engine64/Artemis.h b/LunaHook/engine64/Artemis.h new file mode 100644 index 0000000..e738efa --- /dev/null +++ b/LunaHook/engine64/Artemis.h @@ -0,0 +1,11 @@ +#include"engine.h" + +class Artemis:public ENGINE{ + public: + Artemis(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"*.pfs"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine64/CMVS.cpp b/LunaHook/engine64/CMVS.cpp new file mode 100644 index 0000000..2109fba --- /dev/null +++ b/LunaHook/engine64/CMVS.cpp @@ -0,0 +1,57 @@ +#include"CMVS.h" + namespace{ +bool EMbed(){ + //有多个,但是只有最后一个是有效的 + const uint8_t bytes[] = { + 0xB8,0x42,0x81,0x00,0x00, + 0x66,XX2,0x74,XX, + 0xB8,0x76,0x81,0x00,0x00, + 0x66,XX2,0x74,XX, + 0xB8,0x78,0x81,0x00,0x00, + 0x66,XX2,0x74,XX, + }; + bool res=false; + auto addr=processStartAddress; + + std::vectoralready; + + while(addr){ + addr = MemDbg::findBytes(bytes,sizeof(bytes),addr+1,processStopAddress); + if(addr==0)continue; + auto f = MemDbg::findEnclosingAlignedFunction(addr); + if(f==0)continue; + if(std::find(already.begin(),already.end(),f)!=already.end())continue; + already.push_back(f); + + } + if(already.size()){ + HookParam hp; + hp.address = already.back() ; + hp.offset=get_reg(regs::rdx); + + hp.type=EMBED_ABLE|USING_STRING|EMBED_BEFORE_SIMPLE|EMBED_AFTER_NEW|EMBED_DYNA_SJIS; + hp.hook_font=F_GetGlyphOutlineA; + res|=NewHook(hp, "EmbedCMVS"); + } + return res; +} + +bool CMVSh() { + + DWORD align = 0xCCCCCCCC; + auto addr = MemDbg::findCallerAddress((uintptr_t)::GetGlyphOutlineA, align, processStartAddress, processStopAddress); + if (!addr) return false; + + HookParam hp; + hp.address = addr+4; + hp.offset=get_reg(regs::r8); + hp.type = CODEC_ANSI_BE; + + return NewHook(hp, "CMVS"); +} +} +bool CMVS::attach_function(){ + bool b1=CMVSh(); + bool b2=EMbed(); + return b1||b2; +} \ No newline at end of file diff --git a/LunaHook/engine64/CMVS.h b/LunaHook/engine64/CMVS.h new file mode 100644 index 0000000..dba444a --- /dev/null +++ b/LunaHook/engine64/CMVS.h @@ -0,0 +1,18 @@ +#include"engine.h" + +class CMVS:public ENGINE{ + public: + CMVS(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"data\\pack\\*.cpz"; + + + // jichi 8/19/2013: DO NOT WORK for games like「ハピメア」 + //if (wcsstr(str,L"cmvs32") || wcsstr(str,L"cmvs64")) { + // InsertCMVSHook(); + // return true; + //} + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine64/ENTERGRAM.cpp b/LunaHook/engine64/ENTERGRAM.cpp new file mode 100644 index 0000000..38cbdb8 --- /dev/null +++ b/LunaHook/engine64/ENTERGRAM.cpp @@ -0,0 +1,41 @@ +#include"ENTERGRAM.h" + +bool ENTERGRAMfilter(void* data, size_t* size, HookParam* hp) { + + auto text = reinterpret_cast(data); + std::wstring str =std::wstring(text,*size / 2); + std::wregex reg1(L"\\|(.*?)\x300a(.*?)\x300b"); + std::wstring result1 = std::regex_replace(str, reg1, L"$1"); + std::wregex reg2(L"\x3000|\n"); + std::wstring result2 = std::regex_replace(result1, reg2, L""); + + *size = (result2.size()) * 2; + wcscpy(text, result2.c_str()); + return true; +}; +bool InsertENTERGRAM() { + //https://vndb.org/v40521 + //[240125][1208048][エンターグラム] すだまリレイシヨン パッケージ版 (mdf+mds) + + const BYTE BYTES[] = { + 0x48,0x8B,0x43,0x38, + 0x48,0x8D,0x7C,0x24,0x30, + 0x48,0x8B,0x74,0x24,0x20, + 0x48,0x85,0xC0, + 0x48,0x8B,0xCD, + 0x48,0x89,0x6C,0x24,0x40, + 0x48,0x0F,0x45,0xF8, + }; + auto addr=MemDbg::findBytes(BYTES, sizeof(BYTES), processStartAddress, processStopAddress); + if(addr==0)return false; + HookParam hp; + hp.address=addr+14; + hp.type=USING_STRING|CODEC_UTF16|NO_CONTEXT; + hp.filter_fun=ENTERGRAMfilter; + hp.offset=get_reg(regs::rsi); + return NewHook(hp,"ENTERGRAM"); +} +bool ENTERGRAM::attach_function() { + return InsertENTERGRAM(); +} + \ No newline at end of file diff --git a/LunaHook/engine64/ENTERGRAM.h b/LunaHook/engine64/ENTERGRAM.h new file mode 100644 index 0000000..34a9d42 --- /dev/null +++ b/LunaHook/engine64/ENTERGRAM.h @@ -0,0 +1,15 @@ +#include"engine.h" + +class ENTERGRAM:public ENGINE{ + public: + ENTERGRAM(){ + + check_by=CHECK_BY::CUSTOM; + is_engine_certain=false; + check_by_target=[](){ + return GetProcAddress(GetModuleHandleA(0),"agsCheckDriverVersion"); + }; + }; + bool attach_function(); +}; + \ No newline at end of file diff --git a/LunaHook/engine64/Godot.cpp b/LunaHook/engine64/Godot.cpp new file mode 100644 index 0000000..d42b9ab --- /dev/null +++ b/LunaHook/engine64/Godot.cpp @@ -0,0 +1,64 @@ +#include"Godot.h" + +bool InsertGodotHook_X64() { + const BYTE bytes[] = { 0x8B,0x40,0xFC,0x83,0xF8,0x01,0x83,0xD0,0xFF,0x41,0x39,0xC6 }; + + ULONG64 range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + for (auto addr : Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE, processStartAddress, processStartAddress + range)) { + HookParam myhp; + myhp.address = addr; + + myhp.type = USING_STRING | CODEC_UTF16 | NO_CONTEXT; // /HQ 不使用上下文区分 把所有线程的文本都提取 + //myhp.padding = 0xc;//[esp+4]+padding + // data_offset + myhp.offset=get_reg(regs::rax); + myhp.text_fun = [](hook_stack* stack, HookParam *hp, uintptr_t* data, uintptr_t* split, size_t* count) + { + *data=(stack->rax); + int len = *(int*)(*data - 4); + if(len!=wcslen((wchar_t*)*data))return; + *count=len*2; + }; + char nameForUser[HOOK_NAME_SIZE] = "RichTextLabel_add_text"; + + ConsoleOutput("Insert: Godot_add_text_X64 Hook "); + return NewHook(myhp, nameForUser); + } + + ConsoleOutput("Godot_x64: pattern not found"); + return false; +} +bool InsertGodotHook2_X64() { + + /* + * Sample games: + * https://vndb.org/r109138 + */ + const BYTE bytes[] = { + 0x48, 0x8B, 0x94, 0x24, XX4, // mov rdx,[rsp+000001C0] <- hook here + 0x4C, 0x89, 0xE1, // mov rcx,r12 + 0xE8, XX4, // call NULL-Windows.exe+D150 + 0x49, 0x8B, 0x06, // mov rax,[r14] + 0x48, 0x85, 0xC0, // test rax,rax + 0x0F, 0x85, XX4 // jne NULL-Windows.exe+A359D4 + + }; + + ULONG64 range = min(processStopAddress - processStartAddress, X64_MAX_REL_ADDR); + for (auto addr : Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE, processStartAddress, processStartAddress + range)) { + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::rcx); + hp.type = USING_STRING | CODEC_UTF16; + ConsoleOutput("INSERT Godot2_x64 Hook "); + return NewHook(hp, "Godot2_x64"); + } + + ConsoleOutput("Godot2_x64: pattern not found"); + return false; +} +bool Godot::attach_function(){ + auto _= InsertGodotHook_X64(); + _=InsertGodotHook2_X64()||_; + return _; +} \ No newline at end of file diff --git a/LunaHook/engine64/Godot.h b/LunaHook/engine64/Godot.h new file mode 100644 index 0000000..f928dce --- /dev/null +++ b/LunaHook/engine64/Godot.h @@ -0,0 +1,11 @@ +#include"engine.h" + +class Godot:public ENGINE{ + public: + Godot(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"*.pck"; + }; + bool attach_function(); +}; diff --git a/LunaHook/engine64/IG.cpp b/LunaHook/engine64/IG.cpp new file mode 100644 index 0000000..aa1410a --- /dev/null +++ b/LunaHook/engine64/IG.cpp @@ -0,0 +1,73 @@ +#include"IG.h" + +bool InsertIG64Hook() { + //���륿���� FHD.exe + //char __fastcall sub_14004D820(_QWORD *a1, __int16 *a2, size_t a3) + + const BYTE BYTES[] = { + 0x48,0x8b,0x43,0x08, + 0x33,0xc9, + 0x66,0x89,0x08 + }; + auto addrs = Util::SearchMemory(BYTES, sizeof(BYTES), PAGE_EXECUTE, processStartAddress, processStopAddress); + auto suc=false; + for (auto addr : addrs) { + ConsoleOutput("IG64 %p", addr); + const BYTE aligned [] = {0xCC,0xCC}; + addr = reverseFindBytes(aligned, sizeof(aligned), addr-0x1000, addr); + if (addr == 0)continue; + addr += 2; + ConsoleOutput("IG64 %p", addr); + HookParam hp; + hp.address = addr; + hp.type = CODEC_UTF16 | USING_STRING; + hp.offset=get_reg(regs::rdx);//rdx + suc|=NewHook(hp, "IG64"); + } + return suc; +} +bool IG64filter(void* data, size_t* size, HookParam*) { + + auto text = reinterpret_cast(data); + std::wstring str =std::wstring(text,*size / 2); + std::wregex reg1(L"\\$\\[(.*?)\\$/(.*?)\\$\\]"); + std::wstring result1 = std::regex_replace(str, reg1, L"$1"); + + std::wregex reg2(L"@[^@]*@"); + std::wstring result2 = std::regex_replace(result1, reg2, L""); + + *size = (result2.size()) * 2; + wcscpy(text, result2.c_str()); + return true; +}; +bool InsertIG64Hook2() { + //hook1 ��ע�͵�ʱ���Ͽ������hook����Ͽ������ǻᱣ��һЩ@[]֮��Ľű����š� + //���륿���� FHD.exe + + const BYTE BYTES[] = { + 0xBA,0x3F,0xFF,0x00,0x00, + XX,0x8B,XX, + 0xE8,XX2,0x00,0x00 + }; + bool ok=false; + auto addrs = Util::SearchMemory(BYTES, sizeof(BYTES), PAGE_EXECUTE, processStartAddress, processStopAddress); + for (auto addr : addrs) { + ConsoleOutput("IG642 %p", addr); + const BYTE aligned[] = { 0xCC,0xCC }; + addr = reverseFindBytes(aligned, sizeof(aligned), addr - 0x10000, addr); + if (addr == 0)continue; + addr += 2; + ConsoleOutput("IG642 %p", addr); + HookParam hp; + hp.address = addr; + hp.type = CODEC_UTF16 | USING_STRING; + hp.filter_fun = IG64filter; + hp.offset=get_reg(regs::rdx);//rdx + ok|=NewHook(hp, "IG642"); + } + return ok; +} +bool IG::attach_function() { + return InsertIG64Hook2(); +} + \ No newline at end of file diff --git a/LunaHook/engine64/IG.h b/LunaHook/engine64/IG.h new file mode 100644 index 0000000..48c40c0 --- /dev/null +++ b/LunaHook/engine64/IG.h @@ -0,0 +1,13 @@ +#include"engine.h" + +class IG:public ENGINE{ + public: + IG(){ + + check_by=CHECK_BY::FILE; + is_engine_certain=false; + check_by_target=L"files/*.PAK"; + }; + bool attach_function(); +}; + \ No newline at end of file diff --git a/LunaHook/engine64/KiriKiri.cpp b/LunaHook/engine64/KiriKiri.cpp new file mode 100644 index 0000000..546cf14 --- /dev/null +++ b/LunaHook/engine64/KiriKiri.cpp @@ -0,0 +1,68 @@ +#include"KiriKiri.h" +bool InsertKiriKiriZHook() + { + + /* + * Sample games: + * RJ351843 + */ + const BYTE bytes[] = { + 0xCC, // int 3 + 0x4C, 0x89, 0x44, 0x24, 0x18, // mov [rsp+18],r8 <- hook here + 0x48, 0x89, 0x54, 0x24, 0x10, // mov [rsp+10],rdx + 0x53, // push rbx + 0x56, // push rsi + 0x57, // push rdi + 0x41, 0x54, // push r12 + 0x41, 0x55, // push r13 + 0x41, 0x56, // push r14 + 0x41, 0x57, // push r15 + 0x48, 0x83, 0xEC, 0x40, // sub rsp,40 + 0x48, 0xC7, 0x44, 0x24, 0x30, 0xFE, 0xFF, 0xFF, 0xFF // mov qword ptr [rsp+30],FFFFFFFFFFFFFFFE + }; + + ULONG64 range = min(processStopAddress - processStartAddress, X64_MAX_REL_ADDR); + for (auto addr : Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE, processStartAddress, processStartAddress + range)) { + HookParam hp; + hp.address = addr + 1; + hp.offset=get_reg(regs::rcx); + hp.index = 0x18; + hp.type = CODEC_UTF16 | DATA_INDIRECT; + return NewHook(hp, "KiriKiriZ"); + } + return false; + } +bool Insertkrkrz64Hook() +{ + const BYTE BYTES[] = { + 0x41,0x0F,0xB7,0x44,0x24,0x04, + 0x89,0x43,0x20, + 0x41,0x0F,0xB7,0x44,0x24,0x06, + 0x89,0x43,0x24, + 0x41,0x0F,0xBF,0x44,0x24,0x0C, + 0x89,0x43,0x14 + }; + auto addrs = Util::SearchMemory(BYTES, sizeof(BYTES), PAGE_EXECUTE_READ, processStartAddress, processStopAddress); + ConsoleOutput("%p %p", processStartAddress, processStopAddress); + for (auto addr : addrs) { + ConsoleOutput("krkrz64 %p", addr); + const BYTE funcstart[] = { 0xcc,0xcc,0xcc,0xcc }; + addr = reverseFindBytes(funcstart, sizeof(funcstart), addr - 0x1000, addr); + if (addr == 0)continue; + addr += 4; + HookParam hp; + hp.address = addr; + hp.type = CODEC_UTF16| DATA_INDIRECT; + hp.offset=get_reg(regs::rcx); + hp.index = 0x18; + ConsoleOutput("krkrz64 %p %x", addr); + return NewHook(hp, "krkrz64"); + } + + ConsoleOutput("krkrz64 failed"); + return false; +} +bool KiriKiri::attach_function() { + return Insertkrkrz64Hook()||InsertKiriKiriZHook(); +} + \ No newline at end of file diff --git a/LunaHook/engine64/KiriKiri.h b/LunaHook/engine64/KiriKiri.h new file mode 100644 index 0000000..1888623 --- /dev/null +++ b/LunaHook/engine64/KiriKiri.h @@ -0,0 +1,15 @@ +#include"engine.h" + +class KiriKiri:public ENGINE{ + public: + KiriKiri(){ + + check_by=CHECK_BY::CUSTOM; + is_engine_certain=false; + check_by_target=[](){ + return Util::CheckFile(L"*.xp3") || Util::SearchResourceString(L"TVP(KIRIKIRI)"); + }; + }; + bool attach_function(); +}; + \ No newline at end of file diff --git a/LunaHook/engine64/LightVN.cpp b/LunaHook/engine64/LightVN.cpp new file mode 100644 index 0000000..7310b3e --- /dev/null +++ b/LunaHook/engine64/LightVN.cpp @@ -0,0 +1,103 @@ +#include"LightVN.h" +namespace{ +bool _1() { + //void __fastcall sub_1404B7960(void **Src) + //HQ-1C*0@4B7960:LightApp.exe + const BYTE BYTES[] = { + 0x90, + XX4, + XX4, + 0x48,0x8b,0xce, + 0xe8,XX4, + 0x90, + 0x48,0x8b,XX2, + 0x48,0x83,0xfa,0x08, + 0x72,0x36, + 0x48,0x8D,0x14,0x55,0x02,0x00,0x00,0x00, + 0x48,0x8b,XX2, + 0x48,0x8b,0xc1, + 0x48,0x81,0xFA,0x00,0x10,0x00,0x00, + 0x72,0x19, + 0x48,0x83,0xC2,0x27, + 0x48,0x8b,XX2, + 0x48,0x2b,0xc1, + 0x48,0x83,0xC0,0xF8, + 0x48,0x83,0xF8,0x1F , + 0x0f,0x87,XX4, + 0xe8,XX4 + + + }; + auto suc=false; + auto addrs = Util::SearchMemory(BYTES, sizeof(BYTES), PAGE_EXECUTE, processStartAddress, processStopAddress); + for (auto addr : addrs) { + ConsoleOutput("LightVN %p", addr); + const BYTE aligned[] = { 0xCC,0xCC,0xCC,0xCC }; + addr = reverseFindBytes(aligned, sizeof(aligned), addr - 0x100, addr); + if (addr == 0)continue; + addr += 4; + ConsoleOutput("LightVN %p", addr); + HookParam hp; + hp.address = addr; + hp.type = CODEC_UTF16 | USING_STRING|DATA_INDIRECT; + hp.index = 0; + hp.offset=get_reg(regs::rcx); + hp.filter_fun = [](void* data, size_t* len, HookParam* hp) { + std::wstring s((wchar_t*)data, *len / 2); + if (s.substr(s.size() - 2, 2) == L"\\w") + *len -= 4; + return true; + }; + suc|=NewHook(hp, "LightVN"); + } + return suc; +} +bool _2(){ + //https://vndb.org/r86006 + //ファーストキス(体験版) + //https://vndb.org/r85992 + //フサの大正女中ぐらし + + BYTE sig[]={ + 0x48,XX,0xFE,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0x7F, +0x48,0x3B,0xC3, +0x76,XX, +0x48,XX,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0x7F, + }; + auto addr=MemDbg::findBytes(sig, sizeof(sig), processStartAddress, processStopAddress); + if(addr==0)return 0; + addr=MemDbg::findEnclosingAlignedFunction(addr); + if(addr==0)return 0; + HookParam hp; + hp.address = addr; + hp.type = CODEC_UTF16|USING_STRING; + hp.offset =get_stack(6); + hp.filter_fun = [](void* data, size_t* len, HookParam* hp) + { + if(all_ascii((wchar_t*)data,*len))return false; + //高架下に広がる[瀟洒]<しょうしゃ>な店内には、あたしたちのような学生の他に、 + auto str=std::wstring(reinterpret_cast(data),*len/2); + auto filterpath={ + L".rpy",L".rpa",L".py",L".pyc",L".txt", + L".png",L".jpg",L".bmp", + L".mp3",L".ogg", + L".webm",L".mp4", + L".otf",L".ttf",L"Data/" + }; + for(auto _ :filterpath) + if(str.find(_)!=str.npos) + return false; + str = std::regex_replace(str, std::wregex(L"\\[(.*?)\\]<(.*?)>"), L"$1"); + wcscpy((wchar_t*)data,str.c_str()); + *len=str.size()*2; + return true; + }; + return NewHook(hp, "LightVN2"); +} +} + +bool LightVN::attach_function() { + bool ok=_1(); + ok=_2()||ok; + return ok; +} \ No newline at end of file diff --git a/LunaHook/engine64/LightVN.h b/LunaHook/engine64/LightVN.h new file mode 100644 index 0000000..3ee2f9c --- /dev/null +++ b/LunaHook/engine64/LightVN.h @@ -0,0 +1,13 @@ +#include"engine.h" + +class LightVN:public ENGINE{ + public: + LightVN(){ + + check_by=CHECK_BY::FILE_ANY; + is_engine_certain=false; + check_by_target=check_by_list{L"Data/Scripts/title.txt",L"Data/data*.vndat"}; + }; + bool attach_function(); +}; + \ No newline at end of file diff --git a/LunaHook/engine64/PPSSPP.cpp b/LunaHook/engine64/PPSSPP.cpp new file mode 100644 index 0000000..78fee28 --- /dev/null +++ b/LunaHook/engine64/PPSSPP.cpp @@ -0,0 +1,44 @@ +#include"PPSSPP.h" + +/** Artikash 6/7/2019 +* PPSSPP JIT code has pointers, but they are all added to an offset before being used. + Find that offset so that hook searching works properly. + To find the offset, find a page of mapped memory with size 0x1f00000, read and write permissions, take its address and subtract 0x8000000. + The above is useful for emulating PSP hardware, so unlikely to change between versions. +*/ +bool PPSSPP::attach_function() +{ + bool found = false; + SYSTEM_INFO systemInfo; + GetNativeSystemInfo(&systemInfo); + for (BYTE* probe = NULL; probe < systemInfo.lpMaximumApplicationAddress;) + { + MEMORY_BASIC_INFORMATION info; + if (!VirtualQuery(probe, &info, sizeof(info))) + { + probe += systemInfo.dwPageSize; + } + else + { + if (info.RegionSize == 0x1f00000 && info.Protect == PAGE_READWRITE && info.Type == MEM_MAPPED) + { + found = true; + ConsoleOutput("PPSSPP memory found: searching for hooks should yield working hook codes"); + // PPSSPP 1.8.0 compiles jal to sub dword ptr [r14+0x360],?? + memcpy(spDefault.pattern, Array{ 0x41, 0x83, 0xae, 0x60, 0x03, 0x00, 0x00 }, spDefault.length = 7); + spDefault.offset = 0; + spDefault.minAddress = 0; + spDefault.maxAddress = -1ULL; + spDefault.padding = (uintptr_t)probe - 0x8000000; + spDefault.hookPostProcessor = [](HookParam& hp) + { + hp.type |= NO_CONTEXT | USING_SPLIT | SPLIT_INDIRECT; + hp.split = get_reg(regs::r14); + hp.split_index = -8; // this is where PPSSPP 1.8.0 stores its return address stack + }; + } + probe += info.RegionSize; + } + } + return found; +} \ No newline at end of file diff --git a/LunaHook/engine64/PPSSPP.h b/LunaHook/engine64/PPSSPP.h new file mode 100644 index 0000000..4eeebd2 --- /dev/null +++ b/LunaHook/engine64/PPSSPP.h @@ -0,0 +1,12 @@ +#include"engine.h" + +class PPSSPP:public ENGINE{ + public: + PPSSPP(){ + + check_by=CHECK_BY::FILE; + is_engine_certain=false; + check_by_target=L"PPSSPP*.exe"; + }; + bool attach_function(); +}; diff --git a/LunaHook/engine64/Renpy.cpp b/LunaHook/engine64/Renpy.cpp new file mode 100644 index 0000000..91dcef8 --- /dev/null +++ b/LunaHook/engine64/Renpy.cpp @@ -0,0 +1,7 @@ +#include"Renpy.h" + +#include"python/python.h" + +bool Renpy::attach_function() { + return InsertRenpyHook()||InsertRenpy3Hook(); +} \ No newline at end of file diff --git a/LunaHook/engine64/Renpy.h b/LunaHook/engine64/Renpy.h new file mode 100644 index 0000000..73dd12e --- /dev/null +++ b/LunaHook/engine64/Renpy.h @@ -0,0 +1,14 @@ +#include"engine.h" + +class Renpy:public ENGINE{ + public: + Renpy(){ + + check_by=CHECK_BY::CUSTOM; + check_by_target=[](){ + //Renpy - sample game https://vndb.org/v19843 + return Util::CheckFile(L"*.py")|| GetModuleHandleW(L"librenpython.dll"); + }; + }; + bool attach_function(); +}; diff --git a/LunaHook/engine64/Suika2.cpp b/LunaHook/engine64/Suika2.cpp new file mode 100644 index 0000000..4798206 --- /dev/null +++ b/LunaHook/engine64/Suika2.cpp @@ -0,0 +1,18 @@ +#include"Suika2.h" + +bool Suika2_msvcrt() { + auto msvcrt=GetModuleHandle(L"msvcrt.dll"); + if(msvcrt==0)return 0; + auto _strdup=GetProcAddress(msvcrt,"_strdup"); + if(_strdup==0)return 0; + HookParam hp; + hp.address=(uintptr_t)_strdup; + hp.type=USING_STRING|CODEC_UTF8; + hp.offset=get_reg(regs::rcx); + return NewHook(hp,"Suika2_msvcrt"); + +} +bool Suika2::attach_function() { + auto _1=Suika2_msvcrt(); + return _1 ; +} \ No newline at end of file diff --git a/LunaHook/engine64/Suika2.h b/LunaHook/engine64/Suika2.h new file mode 100644 index 0000000..bb75e2d --- /dev/null +++ b/LunaHook/engine64/Suika2.h @@ -0,0 +1,11 @@ +#include"engine.h" + +class Suika2:public ENGINE{ + public: + Suika2(){ + is_engine_certain=false; + check_by=CHECK_BY::FILE_ANY; + check_by_target=check_by_list{L"suika.exe",L"conf/config.txt"}; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/LunaHook/engine64/TYPEMOON.cpp b/LunaHook/engine64/TYPEMOON.cpp new file mode 100644 index 0000000..b06b05d --- /dev/null +++ b/LunaHook/engine64/TYPEMOON.cpp @@ -0,0 +1,25 @@ +#include"TYPEMOON.h" +namespace{ +bool _h() { + //TYPE-MOON 魔法使いの夜 多国語版 中文-英文-日文 + BYTE bytes[]={ + 0xBA,0x08,0xFF,0x00,0x00, + 0x41,0xB8,0x1C,0x20,0x00,0x00, + 0x66,0x90 + }; + auto addr=MemDbg::findBytes(bytes,sizeof(bytes),processStartAddress, processStopAddress); + ConsoleOutput("%p",addr); + if(addr==0)return false; + addr=MemDbg::findEnclosingAlignedFunction(addr);ConsoleOutput("%p",addr); + if(addr==0)return false; + HookParam hp; + hp.address=addr; + hp.type=CODEC_UTF16|USING_STRING|EMBED_ABLE|EMBED_AFTER_NEW|EMBED_BEFORE_SIMPLE; + hp.offset=get_reg(regs::r8); + return NewHook(hp,"typemoon"); +} +} +bool TYPEMOON::attach_function() { + return _h(); +} + \ No newline at end of file diff --git a/LunaHook/engine64/TYPEMOON.h b/LunaHook/engine64/TYPEMOON.h new file mode 100644 index 0000000..170b50e --- /dev/null +++ b/LunaHook/engine64/TYPEMOON.h @@ -0,0 +1,13 @@ +#include"engine.h" + +class TYPEMOON:public ENGINE{ + public: + TYPEMOON(){ + + check_by=CHECK_BY::FILE; + is_engine_certain=false; + check_by_target=L"data*.hfa"; + }; + bool attach_function(); +}; + \ No newline at end of file diff --git a/LunaHook/engine64/V8.cpp b/LunaHook/engine64/V8.cpp new file mode 100644 index 0000000..f9bb215 --- /dev/null +++ b/LunaHook/engine64/V8.cpp @@ -0,0 +1,276 @@ +#include"V8.h" + + +// Artikash 6/23/2019: V8 (JavaScript runtime) has rcx = string** at v8::String::Write +// sample game https://www.freem.ne.jp/dl/win/18963 +bool InsertV8Hook(HMODULE module) +{ + uint64_t addr1 = (uint64_t)GetProcAddress(module, "?Write@String@v8@@QEBAHPEAGHHH@Z"), + // Artikash 6/7/2021: Add new hook for new version of V8 used by RPG Maker MZ + addr2 = (uint64_t)GetProcAddress(module, "??$WriteToFlat@G@String@internal@v8@@SAXV012@PEAGHH@Z"); + + if (addr1 || addr2) + { + std::tie(spDefault.minAddress, spDefault.maxAddress) = Util::QueryModuleLimits(module); + spDefault.maxRecords = Util::SearchMemory(spDefault.pattern, spDefault.length, PAGE_EXECUTE, spDefault.minAddress, spDefault.maxAddress).size() * 20; + ConsoleOutput("JavaScript hook is known to be low quality: try searching for hooks if you don't like it"); + } + auto succ=false; + if (addr1) + { + HookParam hp; + hp.type = USING_STRING | CODEC_UTF16; + hp.address = addr1; + hp.text_fun = [](hook_stack* stack, HookParam *hp, uintptr_t* data, uintptr_t* split, size_t* count) + { + *data=(*(uintptr_t*)(stack->rcx))+23; + int len = *(int*)(*data - 4); + if(len!=wcslen((wchar_t*)*data))return; + *count=len*2; + }; + succ|=NewHook(hp, "JavaScript"); + } + if (addr2) + { + HookParam hp; + hp.type = USING_STRING | CODEC_UTF16; + hp.address = addr2; + hp.text_fun = [](hook_stack* stack, HookParam *hp, uintptr_t* data, uintptr_t* split, size_t* count) + { + *data=(stack->rcx)+11; + int len = *(int*)(*data - 4); + if(len!=wcslen((wchar_t*)*data))return; + *count=len*2; + }; + succ|=NewHook(hp, "JavaScript"); + } + return succ; +} + +bool hookv8exports(HMODULE module) { + enum { rcx=-0x1c }; + auto addr = GetProcAddress(module, "?Write@String@v8@@QEBAHPEAVIsolate@2@PEAGHHH@Z"); + if (addr == 0)return false; + HookParam hp; + hp.address = (uint64_t)addr ; + hp.type = USING_STRING | CODEC_UTF16 |NO_CONTEXT; + + hp.text_fun = [](hook_stack* stack, HookParam *hp, uintptr_t* data, uintptr_t* split, size_t* count) + { + *data=*(uintptr_t*)(stack->rcx)+0xf; + int len = *(uintptr_t*)((uintptr_t)*data - 4); + + if(strlen((char*)*data)==len){ + *count = len; + hp->type=USING_STRING|CODEC_UTF8| DATA_INDIRECT|NO_CONTEXT; + *split = (strchr((char*)*data, '<') != nullptr)&&(strchr((char*)*data, '>') != nullptr); + *split+=0x10; + + } + else if((wcslen((wchar_t*)*data)==len)){ + *count = len*2; + *split = (wcschr((wchar_t*)*data, L'<') != nullptr)&&(wcschr((wchar_t*)*data, L'>') != nullptr); + hp->type=USING_STRING|CODEC_UTF16| DATA_INDIRECT|NO_CONTEXT; + } + else{ + //ConsoleOutput("%d %d %d",len,strlen((char*)*data),wcslen((wchar_t*)*data)); + return; + } + + }; + // hp.filter_fun=[](void* data, uintptr_t* size, HookParam*) { + + // auto text = reinterpret_cast(data); + // std::wstring str = text; + // str = str.substr(0, *size / 2); + // std::wregex reg1(L"(.*?)"); + // std::wstring result2 = std::regex_replace(str, reg1, L""); + // std::wregex reg12(L"(.*?)"); + // result2 = std::regex_replace(result2, reg12, L""); + // std::wregex reg2(L"<(.*?)>"); + // result2 = std::regex_replace(result2, reg2, L""); + // std::wregex reg22(L"\n"); + // result2 = std::regex_replace(result2, reg22, L""); + // *size = (result2.size()) * 2; + // wcscpy(text, result2.c_str()); + // return true; + // }; + + return NewHook(hp, "Write@String@v8"); +} +namespace{ + uintptr_t forwardsearch(BYTE* b,int size,uintptr_t addr,int range){ + for(int i=0;i hookw(HMODULE module){ + const BYTE BYTES[] = { + 0x81,XX,0x00,0xf8,0x00,0x00 + }; + std::vectorsave; + auto addrs = Util::SearchMemory(BYTES, sizeof(BYTES), PAGE_EXECUTE, processStartAddress, processStopAddress); + for(auto addr:addrs){ + auto addrsave=addr; + BYTE sig1[]={0x81,XX,0x00,0xD8,0x00,0x00}; + BYTE sig2[]={0x81,XX,0x00,0xFC,0x00,0x00}; + BYTE sig3[]={0x81,XX,0x00,0xDC,0x00,0x00}; + BYTE sig4[]={XX,0x00,0x24,0xA0,0xFC}; + + addr=forwardsearch(sig1,sizeof(sig1),addr,0x20); + if(addr==0)continue; + + addr=forwardsearch(sig2,sizeof(sig2),addr,0x100); + if(addr==0)continue; + + addr=forwardsearch(sig3,sizeof(sig3),addr,0x20); + if(addr==0)continue; + + addr=forwardsearch(sig4,sizeof(sig4),addr,0x20); + if(addr==0)continue; + auto off=andregimm((BYTE*)addrsave); + if(off==regs::invalid)continue; + HookParam hp; + hp.address = (uint64_t)addrsave ; + hp.type = CODEC_UTF16|NO_CONTEXT ; + hp.offset =get_reg(off); + save.push_back(hp); + + } + return save; + } + std::vector v8hook1(HMODULE module) { + + const BYTE BYTES[] = { + 0x81,0xE1,0x00,0xF8,0x00,0x00, + 0x41,0xBE,0x01,0x00,0x00,0x00, + 0x81,0xF9,0x00,0xD8,0x00,0x00 + }; + auto addrs = Util::SearchMemory(BYTES, sizeof(BYTES), PAGE_EXECUTE, processStartAddress, processStopAddress); + if (addrs.size() != 1)return {}; + auto addr = (uint64_t)addrs[0]; + const BYTE start[] = { + 0xCC + }; + const BYTE start2[] = { + 0x41,0x57,0x41,0x56,0x41,0x55,0x41,0x54 + }; + addr=reverseFindBytes(start, sizeof(start), addr - 0x1000, addr); + if (addr == 0)return {}; + addr += 1; + addrs = findxref_reverse(addr, addr - 0x10000, addr + 0x10000); + if (addrs.size() != 1)return {}; + addr = addrs[0]; + + addr = reverseFindBytes(start2, sizeof(start2), addr - 0x1000, addr); + if (addr == 0)return {}; + addrs = findxref_reverse(addr, addr - 0x10000, addr + 0x10000); + std::vector save; + for (auto addr : addrs) { + addr = reverseFindBytes(start2, sizeof(start2), addr - 0x1000, addr); + if (addr == 0)continue; + HookParam hp; + hp.address = (uint64_t)addr; + hp.type = USING_STRING | CODEC_UTF16 | DATA_INDIRECT; + hp.offset=get_reg(regs::rcx); + hp.padding = 0xC; + hp.index = 0; + + save.push_back(hp); + } + return save; + } + bool innerHTML(HMODULE module) { + //花葬 + //result = sub_142DF3CA0(a2, v5, 1u, (__int64)"innerHTML", a3); + //r10当全为ascii是普通string,否则为wchar_t + //a3是一个callback,并不是字符串。 + char innerHTML[]="innerHTML"; + auto addr = MemDbg::findBytes(innerHTML, sizeof(innerHTML), processStartAddress, processStopAddress); + ConsoleOutput("%x",addr); + if(addr==0)return false; + bool ok=false; + for(auto _addr=processStartAddress+4;_addrr10; + if(strlen((char*) text)>1){ + hp->type=USING_STRING|CODEC_UTF8|NO_CONTEXT; + *split=0x1; + *len=strrchr((char*)text,'>')+1-(char*)text; + } + else{ + hp->type=USING_STRING|CODEC_UTF16|NO_CONTEXT; + *split=0x10; + *len=wcsrchr((wchar_t*)text,L'>')+1-(wchar_t*)text; + *len*=2; + } + }; + ok|=NewHook(hp,"innerHTML"); + } + } + } + } + return ok; + } + bool addhooks(HMODULE module){ + if (GetProcAddress(module, "?Write@String@v8@@QEBAHPEAVIsolate@2@PEAGHHH@Z") == 0)return false; + bool success=false; + for(auto h:v8hook1(module)){ + success|=NewHook(h,"electronQ"); + } + for(auto h:hookw(module)){ + success|=NewHook(h,"electronW"); + } + return innerHTML(module)|| success; + } +} +bool V8::attach_function() { + bool allok=false; + for (const wchar_t* moduleName : { (const wchar_t*)NULL, L"node.dll", L"nw.dll" }) { + bool ok=InsertV8Hook(GetModuleHandleW(moduleName)); + ok= hookv8exports(GetModuleHandleW(moduleName))||ok; + if(ok){ + allok=true; + break; + } + } + + allok=addhooks((HMODULE)processStartAddress)||allok; + return allok; +} + diff --git a/LunaHook/engine64/V8.h b/LunaHook/engine64/V8.h new file mode 100644 index 0000000..1d660c6 --- /dev/null +++ b/LunaHook/engine64/V8.h @@ -0,0 +1,11 @@ +#include"engine.h" + +class V8:public ENGINE{ + public: + V8(){ + + check_by=CHECK_BY::ALL_TRUE; + }; + bool attach_function(); +}; + diff --git a/LunaHook/engine64/YOX.cpp b/LunaHook/engine64/YOX.cpp new file mode 100644 index 0000000..537a992 --- /dev/null +++ b/LunaHook/engine64/YOX.cpp @@ -0,0 +1,21 @@ +#include"YOX.h" +bool YOX::attach_function() +{ + const BYTE BYTES[] = { + 0x48,0x8B,0x0F, + 0x48,0x8d,0x54,0x24,0x50 + }; + auto addrs = Util::SearchMemory(BYTES, sizeof(BYTES), PAGE_EXECUTE_READ, processStartAddress, processStopAddress); + ConsoleOutput("%p %p", processStartAddress, processStopAddress); + for (auto addr : addrs) { + if (addr == 0)continue; + HookParam hp; + hp.address = addr; + hp.type = USING_STRING ; + hp.offset = get_stack(26); + ConsoleOutput("yox64 %p", addr); + return NewHook(hp, "yox64"); + } + ConsoleOutput("yox64 failed"); + return false; +} \ No newline at end of file diff --git a/LunaHook/engine64/YOX.h b/LunaHook/engine64/YOX.h new file mode 100644 index 0000000..9899280 --- /dev/null +++ b/LunaHook/engine64/YOX.h @@ -0,0 +1,13 @@ +#include"engine.h" + +class YOX:public ENGINE{ + public: + YOX(){ + + check_by=CHECK_BY::FILE; + is_engine_certain=false; + check_by_target=L"base/*.dat"; + }; + bool attach_function(); +}; + \ No newline at end of file diff --git a/LunaHook/engine64/mono.cpp b/LunaHook/engine64/mono.cpp new file mode 100644 index 0000000..3f0c57e --- /dev/null +++ b/LunaHook/engine64/mono.cpp @@ -0,0 +1,86 @@ +#include"mono.h" +#include "mono/monoobject.h" +#include"mono/monocommon.hpp" + +namespace{ + bool monobdwgc() { + + HMODULE module = GetModuleHandleW(L"mono-2.0-bdwgc.dll"); + if (module == 0)return false; + auto [minAddress, maxAddress] = Util::QueryModuleLimits(module); + BYTE bytes[] = { + 0x81,0xF9,0x80,0x00,0x00,0x00, + 0x73,0x05, + 0x49,0x8B,0xCC + /* +_BYTE *__fastcall sub_18005B290( + _WORD *a1, + int a2, + __int64 a3, + _DWORD *a4, + __int64 (__fastcall *a5)(__int64, __int64), + __int64 a6, + __int64 a7) + + if ( (_DWORD)v26 ) + { + if ( (unsigned int)v26 >= 0x80 ) + { + if ( (unsigned int)v26 >= 0x800 ) + { + if ( (unsigned int)v26 >= 0x10000 ) + { + if ( (unsigned int)v26 >= 0x200000 ) + { + if ( (unsigned int)v26 >= 0x4000000 ) + { + v17 = 6i64; + if ( (unsigned int)v26 >= 0x80000000 ) + */ + }; + auto addrs =Util::SearchMemory(bytes, sizeof(bytes),PAGE_EXECUTE, minAddress, maxAddress); + auto suc=false; + for (auto addr : addrs) { + const BYTE align[]={0xCC,0xCC,0xCC,0xCC}; + addr=reverseFindBytes(align,sizeof(align),addr-0x100,addr); + if(addr==0)continue; + + ConsoleOutput("monobdwgcdll %p", addr); + HookParam hp; + hp.address = addr+4; + hp.offset=get_reg(regs::rcx); + hp.type = CODEC_UTF16|USING_STRING; + hp.text_fun=[](auto, HookParam* hp, uintptr_t* data, uintptr_t* split, size_t* len){ + + std::wstring str = std::wstring((LPWSTR)*data ); + *split=str.find(L"OnShowComplete")!=str.npos; + + *len = wcslen((wchar_t*)*data) * 2 ; + }; + hp.filter_fun=[](void* data, size_t* len, HookParam* hp){ + std::wstring str = std::wstring((LPWSTR)data ,*len/2); + if(str.find(L"OnShowComplete")!=str.npos){ + str = std::regex_replace(str, std::wregex(L"\n"), L""); + std::wregex reg1(L"\\((.*?)\\)"); + std::wsmatch match; + std::regex_search(str, match,reg1 ); + auto result1= match[1].str(); + + std::regex_search(str, match,std::wregex(L" Text:(.*?)Next:(.*?)") ); + result1= match[1].str(); + *len = (result1.size()) * 2; + wcscpy((LPWSTR)data, result1.c_str()); + } + return true; + }; + suc|=NewHook(hp, "monobdwgcdll"); + } + return suc; + } +} +bool mono::attach_function(){ + bool il2=monocommon::il2cpp(); + bool bmonobdwgc=monobdwgc(); + bool mono=monocommon::hook_mono(); + return il2||bmonobdwgc||mono; +} \ No newline at end of file diff --git a/LunaHook/engine64/mono.h b/LunaHook/engine64/mono.h new file mode 100644 index 0000000..118bbf7 --- /dev/null +++ b/LunaHook/engine64/mono.h @@ -0,0 +1,10 @@ +#include"engine.h" + +class mono:public ENGINE{ + public: + mono(){ + + check_by=CHECK_BY::ALL_TRUE; + }; + bool attach_function(); +}; diff --git a/LunaHook/engine64/pchooks.cpp b/LunaHook/engine64/pchooks.cpp new file mode 100644 index 0000000..0d6c1f7 --- /dev/null +++ b/LunaHook/engine64/pchooks.cpp @@ -0,0 +1,12 @@ +#include"pchooks.h" + +bool pchooks::attach_function() { + for (std::wstring DXVersion : { L"d3dx9", L"d3dx10" }) + if (HMODULE module = GetModuleHandleW(DXVersion.c_str())) PcHooks::hookD3DXFunctions(module); + else for (int i = 0; i < 50; ++i) + if (HMODULE module = GetModuleHandleW((DXVersion + L"_" + std::to_wstring(i)).c_str())) PcHooks::hookD3DXFunctions(module); + + PcHooks::hookGDIFunctions(); + PcHooks::hookGDIPlusFunctions(); + return true; +} \ No newline at end of file diff --git a/LunaHook/engine64/pchooks.h b/LunaHook/engine64/pchooks.h new file mode 100644 index 0000000..1990171 --- /dev/null +++ b/LunaHook/engine64/pchooks.h @@ -0,0 +1,11 @@ +#include"engine.h" + +class pchooks:public ENGINE{ + public: + pchooks(){ + + check_by=CHECK_BY::ALL_TRUE; + dontstop=true; + }; + bool attach_function(); +}; diff --git a/LunaHook/enginecollection32.cpp b/LunaHook/enginecollection32.cpp new file mode 100644 index 0000000..a6b25b9 --- /dev/null +++ b/LunaHook/enginecollection32.cpp @@ -0,0 +1,356 @@ +#include"engine32/PPSSPP.h" +#include"engine32/LovaGame.h" +#include"engine32/PCSX2.h" +#include"engine32/VanillawareGC.h" +#include"engine32/V8.h" +#include"engine32/cef.h" +#include"engine32/KISS.h" +#include"engine32/mono.h" +#include"engine32/Tarte.h" +#include"engine32/sakanagl.h" +#include"engine32/LCScript.h" +#include"engine32/ONScripterru.h" +#include"engine32/pchooks.h" +#include"engine32/Sprite.h" +#include"engine32/PONScripter.h" +#include"engine32/Ruf.h" +#include"engine32/SYSD.h" +#include"engine32/Renpy.h" +#include"engine32/RPGMakerRGSS3.h" +#include"engine32/RUNE.h" +#include"engine32/Lightvn.h" +#include"engine32/KiriKiri.h" +#include"engine32/Bishop.h" +#include"engine32/HXP.h" +#include"engine32/morning.h" +#include"engine32/IGScript.h" +#include"engine32/TSSystem.h" +#include"engine32/ScrPlayer.h" +#include"engine32/utawarerumono.h" +#include"engine32/SideB.h" +#include"engine32/BGI.h" +#include"engine32/Bootup.h" +#include"engine32/Troy.h" +#include"engine32/Tomato.h" +#include"engine32/shyakunage.h" +#include"engine32/Eushully.h" +#include"engine32/Majiro.h" +#include"engine32/Elf.h" +#include"engine32/Silkys.h" +#include"engine32/Speed.h" +#include"engine32/FVP.h" +#include"engine32/Interlude.h" +#include"engine32/CMVS.h" +#include"engine32/Wolf.h" +#include"engine32/Circus1.h" +#include"engine32/Circus2.h" +#include"engine32/Cotopha.h" +#include"engine32/Xbangbang.h" +#include"engine32/Unknown.h" +#include"engine32/Artemis.h" +#include"engine32/CatSystem.h" +#include"engine32/Atelier.h" +#include"engine32/BKEngine.h" +#include"engine32/VitaminSoft.h" +#include"engine32/Abalone.h" +#include"engine32/Tenco.h" +#include"engine32/QLIE.h" +#include"engine32/sakusesu.h" +#include"engine32/Anisetta.h" +#include"engine32/Regista.h" +#include"engine32/Pal.h" +#include"engine32/Footy2.h" +#include"engine32/NeXAS.h" +#include"engine32/Interheart.h" +#include"engine32/LunaSoft.h" +#include"engine32/Unicorn.h" +#include"engine32/Rejet.h" +#include"engine32/AdobeAir.h" +#include"engine32/Retouch.h" +#include"engine32/Malie.h" +#include"engine32/Live.h" +#include"engine32/Jellyfish.h" +#include"engine32/Nexton.h" +#include"engine32/Lucifen.h" +#include"engine32/Waffle.h" +#include"engine32/Sakuradog.h" +#include"engine32/TinkerBell.h" +#include"engine32/Jisatu101.h" +#include"engine32/TerraLunar.h" +#include"engine32/Palette.h" +#include"engine32/SystemAoi.h" +#include"engine32/Nijyuei.h" +#include"engine32/MBLMED.h" +#include"engine32/NNNConfig.h" +#include"engine32/Yuris.h" +#include"engine32/Nitroplus.h" +#include"engine32/Bruns.h" +#include"engine32/XUSE.h" +#include"engine32/EME.h" +#include"engine32/RRE.h" +#include"engine32/Candy.h" +#include"engine32/AIL2.h" +#include"engine32/ApricoT.h" +#include"engine32/Triangle.h" +#include"engine32/AB2Try.h" +#include"engine32/UnisonShift2.h" +#include"engine32/GameMaker.h" +#include"engine32/DxLib.h" +#include"engine32/CodeX.h" +#include"engine32/Purple.h" +#include"engine32/Minori.h" +#include"engine32/SRPGStudio.h" +#include"engine32/RpgmXP.h" +#include"engine32/littlecheese.h" +#include"engine32/Eagls.h" +#include"engine32/Debonosu.h" +#include"engine32/C4.h" +#include"engine32/WillPlus.h" +#include"engine32/Tanuki.h" +#include"engine32/hibiki.h" +#include"engine32/GXP.h" +#include"engine32/Giga.h" +#include"engine32/AOS.h" +#include"engine32/Mink.h" +#include"engine32/AGS.h" +#include"engine32/YukaSystem2.h" +#include"engine32/Exp.h" +#include"engine32/Syuntada.h" +#include"engine32/Pensil.h" +#include"engine32/Anim.h" +#include"engine32/Nitroplus2.h" +#include"engine32/Reallive.h" +#include"engine32/jukujojidai.h" +#include"engine32/Siglus.h" +#include"engine32/Taskforce2.h" +#include"engine32/RUGP.h" +#include"engine32/IronGameSystem.h" +#include"engine32/Anex86.h" +#include"engine32/ShinyDaysGame.h" +#include"engine32/MarineHeart.h" +#include"engine32/ShinaRio.h" +#include"engine32/CaramelBox.h" +#include"engine32/Escude.h" +#include"engine32/Ryokucha.h" +#include"engine32/Alice.h" +#include"engine32/System4x.h" +#include"engine32/Abel.h" +#include"engine32/5pb.h" +#include"engine32/HorkEye.h" +#include"engine32/Ohgetsu.h" +#include"engine32/OVERDRIVE.h" +#include"engine32/Leaf.h" +#include"engine32/Nekopack.h" +#include"engine32/AdobeFlash10.h" +#include"engine32/FocasLens.h" +#include"engine32/Tamamo.h" +#include"engine32/Suika2.h" +#include"engine32/Overflow.h" +#include"engine32/Ages3ResT.h" +#include"engine32/AXL.h" +#include"engine32/lua51.h" +#include"engine32/UnisonShift.h" +#include"NoEngine.h" +#include"engine32/EntisGLS.h" +#include"engine32/Ciel.h" +#include"engine32/ACTGS.h" +std::vector check_engines(){ + return { + new LovaGame, + new PPSSPP, + new PCSX2, + new VanillawareGC, + new V8, + new cef, + new mono, + new sakanagl, + new pchooks, + new PONScripter, + new Renpy, + new Lightvn, + new KiriKiri, + new morning, + new utawarerumono, + new SideB, + new BGI, + new Bootup, + new shyakunage, + new Eushully, + new Majiro, + new Elf, + new Elf2, + new Silkys, + new SilkysOld, + new CMVS, + new Wolf, + new Circus1, + new Circus2, + new Cotopha, + new Artemis, + new CatSystem, + new Atelier, + new Atelier2, + new Tenco, + new QLIE, + new sakusesu, + new Regista, + new Pal, + new Footy2, + new NeXAS, + new LunaSoft, + new Unicorn, + new Unicorn_Anesen, + new Rejet, + new AdobeAir, + new Retouch, + new Malie, + new Live, + new Nexton, + new Lucifen, + new Waffle, + new TinkerBell, + new TinkerBellold, + new SystemAoi, + new MBLMED, + new NNNConfig, + new Yuris, + new Nitroplus, + new Bruns, + new XUSE, + new EME, + new RRE, + new Candy, + new WillowSoft, + new AIL2, + new ApricoT, + new Triangle2, + new Triangle, + new AB2Try, + new UnisonShift2, + new GameMaker, + new DxLib, + new CodeX, + new _5pb_2, + new Minori, + new RpgmXP, + new littlecheese, + new Eagls, + new Debonosu, + new C4, + new WillPlus, + new Tanuki, + new GXP, + new AOS, + new Mink, + new Mink2, + new YukaSystem2, + new Exp, + new Syuntada, + new Pensil, + new Anim, + new Nitroplus2, + new Reallive, + new Siglus, + new Taskforce2, + new RUGP, + new IronGameSystem, + new Anex86, + new ShinyDaysGame, + new MarineHeart, + new CaramelBox, + new CaramelBoxMilkAji, + new Escude, + new Ryokucha, + new Ryokucha2, + new Ryokuchaold, + new Alice, + new System4x, + new Ages3ResT, + new AXL, + new lua51, + new Ciel, + new ACTGS, + new Nijyuei, + new Xbangbang, + new Unknown, + new TSSystem, + new Troy, + new Tomato, + new TerraLunar, + new Tarte, + new Bishop, + new Bishop2, + new Sprite, + new Speed, + new FVP, + new RUNE, + new Ruf, + new Purple, + new Purple2, + new OVERDRIVE, + new Ohgetsu, + new HXP, + new ONScripterru, + new TriangleM, + new SRPGStudio, + new Overflow, + new BKEngine, + new Nitroplusplus, + new Jellyfish, + new SYSD, + new IGScript, + new ScrPlayer, + }; + +} + +std::vector ignore_engines(){ + return{ + + new oldSystem40ini, + new AdvPlayerHD, + new DPM, + new Escude_ignore, + new Chartreux, + }; +} +std::vector unsafe_check_atlast(){ + // Put the patterns that might break other games at last + + return{ + new UnisonShift, + new Interheart, + new Abalone, + new Jisatu101, + new AGS, + new hibiki, + new Tanuki_last, + new Abel, + new _5pb, + new ScenarioPlayer_last, + new HorkEye, + new Nexton1, + new ApricoTlast, + new Leaf, + new Nekopack, + new AdobeFlash10, + new Giga, + new FocasLens, + new Tamamo, + new jukujojidai, + new Anisetta, + new VitaminSoft, + new Interlude, + new Sakuradog, + new Palette, + new LCScript, + new RPGMakerRGSS3, + new Reallive_old, + new avg3216d, + new ShinaRio, + new Suika2, + new KISS, + new EntisGLS, + }; + +} \ No newline at end of file diff --git a/LunaHook/enginecollection64.cpp b/LunaHook/enginecollection64.cpp new file mode 100644 index 0000000..7350700 --- /dev/null +++ b/LunaHook/enginecollection64.cpp @@ -0,0 +1,42 @@ +#include"engine64/PPSSPP.h" +#include"engine64/Godot.h" +#include"engine64/V8.h" +#include"engine64/Renpy.h" +#include"engine64/mono.h" +#include"engine64/AGES7.h" +#include"engine64/pchooks.h" +#include"engine64/Artemis.h" +#include"engine64/KiriKiri.h" +#include"engine64/YOX.h" +#include"engine64/Suika2.h" +#include"engine64/CMVS.h" +#include"engine64/5pb.h" +#include"engine64/IG.h" +#include"engine64/ENTERGRAM.h" +#include"engine64/TYPEMOON.h" +#include"engine64/LightVN.h" +std::vector ignore_engines(){ return{ }; } +std::vector unsafe_check_atlast(){ return{ }; } + +std::vector check_engines(){ + return { + new PPSSPP, + new Godot, + new V8, + new Renpy, + new mono, + new pchooks, + new Artemis, + new KiriKiri, + new YOX, + new IG, + new LightVN, + new CMVS, + new Suika2, + new AGES7, + new _5pb, + new TYPEMOON, + new ENTERGRAM + }; + +} diff --git a/LunaHook/enginecontrol.cpp b/LunaHook/enginecontrol.cpp new file mode 100644 index 0000000..fb6fac0 --- /dev/null +++ b/LunaHook/enginecontrol.cpp @@ -0,0 +1,141 @@ + +#include "util/util.h" +#include"engine.h" +#include"Lang/Lang.h" +WCHAR* processName, // cached +processPath[MAX_PATH]; // cached +WCHAR processName_lower[MAX_PATH]; +uintptr_t processStartAddress, processStopAddress; + + + +std::vector check_engines(); +std::vector ignore_engines(); +std::vector unsafe_check_atlast(); + +bool ENGINE::check_function(){ + switch (check_by) + { + case CHECK_BY::ALL_TRUE:{ + is_engine_certain=false; + return true; + } + case CHECK_BY::FILE:{ + return (Util::CheckFile(std::get(check_by_target))) ; + + } + case CHECK_BY::FILE_ALL:{ + auto _list=std::get(check_by_target); + return std::all_of(_list.begin(),_list.end(),Util::CheckFile); + + } + case CHECK_BY::FILE_ANY:{ + auto _list=std::get(check_by_target); + return std::any_of(_list.begin(),_list.end(),Util::CheckFile); + + } + case CHECK_BY::RESOURCE_STR:{ + return (Util::SearchResourceString(std::get(check_by_target))) ; + } + + case CHECK_BY::CUSTOM:{ + return std::get(check_by_target)(); + } + default: + return false; + } +} +bool safematch(ENGINE* m){ + bool matched=false; + __try { + matched=m->check_function(); + } + __except (EXCEPTION_EXECUTE_HANDLER) { + ConsoleOutput(Match_Error,m->getenginename()); + //ConsoleOutput("match ERROR"); + } + return matched; +} +bool safeattach(ENGINE* m){ + bool attached=false; + __try { + attached=m->attach_function(); + } + __except (EXCEPTION_EXECUTE_HANDLER) { + ConsoleOutput(Attach_Error,m->getenginename()); + //ConsoleOutput("attach ERROR"); + } + return attached; +} +bool checkengine(){ + + auto engines=check_engines(); + auto engineatlast=unsafe_check_atlast(); + auto engineignore=ignore_engines(); + std::vector infomations={ + "match failed", + "attach failed", + "attach success" + }; + auto allengines={engines,engineignore,engineatlast}; + int total=[allengines](){int _=0;for(auto eng:allengines)_+=eng.size();return _;}(); + int current=0; + for(auto eng:allengines){ + for(auto m:eng) { + current+=1; + + bool matched=safematch(m); + bool attached=matched&&safeattach(m); + + //ConsoleOutput("Progress %d/%d, checked engine %s, %s",current,total,m->getenginename(),infomations[matched+attached]); + //ConsoleOutput("Progress %d/%d, %s",current,total,infomations[matched+attached]); + if(matched==false)continue; + ConsoleOutput(MatchedEngine,m->getenginename()); + if(m->dontstop){ + ConsoleOutput(Attach_Continue,m->getenginename()); + continue; + } + + if(m->is_engine_certain){ + ConsoleOutput(ConfirmStop,m->getenginename()); + return attached; + } + + if(attached){ + ConsoleOutput(Attach_Stop,m->getenginename()); + return true; + } + } + } + + return false; +} +void Hijack(){ + static bool once = false; + if(once)return; + once=true; + GetModuleFileNameW(nullptr, processPath, MAX_PATH); + processName = wcsrchr(processPath, L'\\') + 1; + + wcscpy_s(processName_lower, processName); + _wcslwr_s(processName_lower); // lower case + + + std::tie(processStartAddress,processStopAddress)=Util::QueryModuleLimits(GetModuleHandleW(nullptr),0,1+PAGE_NOACCESS); + spDefault.minAddress = processStartAddress; + spDefault.maxAddress = processStopAddress; + ConsoleOutput(ProcessRange, processStartAddress, processStopAddress); + + if (processStartAddress + 0x40000 > processStopAddress) ConsoleOutput(WarningDummy); + + bool result=false; + __try { + result = checkengine(); + } + __except (EXCEPTION_EXECUTE_HANDLER) { ConsoleOutput(HijackERROR); } + + + if(result==false){ + PcHooks::hookOtherPcFunctions(); + } +} \ No newline at end of file diff --git a/LunaHook/engines/CMakeLists.txt b/LunaHook/engines/CMakeLists.txt new file mode 100644 index 0000000..fcd571c --- /dev/null +++ b/LunaHook/engines/CMakeLists.txt @@ -0,0 +1,4 @@ + +add_library(commonengine python/python2.cpp python/python3.cpp pchooks/pchooks.cpp) +target_precompile_headers(commonengine REUSE_FROM pch) + diff --git a/LunaHook/engines/mages/mages.hpp b/LunaHook/engines/mages/mages.hpp new file mode 100644 index 0000000..ac8ea59 --- /dev/null +++ b/LunaHook/engines/mages/mages.hpp @@ -0,0 +1,334 @@ +#include"engine.h" +namespace mages{ + + regs reg=regs::invalid; + int gametype=0; + std::map createTable() { + + auto compound_charsA=LoadResData(std::vector{ + L"compound_chars_default", + L"compound_chars_Robotics_Notes_Elite", + L"compound_chars_Robotics_Notes_Dash" + }[gametype],L"COMPOUND_CHARS"); + auto charsetA=LoadResData(std::vector{ + L"charset_default", + L"charset_Robotics_Notes_Elite", + L"charset_Robotics_Notes_Dash" + }[gametype],L"CHARSET"); + + + auto compound_chars=StringToWideString(compound_charsA); + auto charset=StringToWideString(charsetA); + + std::map table = {}; + + for (auto line : strSplit(compound_chars, L"\n")) { + auto pair = strSplit(line, L"="); + if (pair.size() != 2) continue; + auto key = pair[0].substr(1, pair[0].size() - 2); + auto val = pair[1]; + auto keys = strSplit(key, L"-"); + if (keys.size() == 1)keys.push_back(key); + size_t _; + auto start = std::stoi(keys[0], &_, 16); + auto end = std::stoi(keys[1], &_, 16); + for (auto i = start; i <= end; i++) { + auto charCode = ((i & 0xFF) << 8) | i >> 8; // swap endian + table[charCode] = val; + } + } + + + WORD charCode; + for (auto i = 0; i < charset.size(); i++) { + charCode = 0x8000 + i; + charCode = ((charCode & 0xFF) << 8) | charCode >> 8; // swap endian (0x8001 -> 0x0180) + table[charCode] = charset[i]; + } + return table; + } + +std::wstring mages_decode(WORD charCode) { + static auto table = createTable(); + if (table.find(charCode) == table.end()) { + std::wstringstream _; + _ << std::hex << charCode; + return L"[" + _.str() + L"]"; + } + else { + return table[charCode]; + } +} +template +void SpecialHookMAGES(hook_stack* stack, HookParam*, uintptr_t* data, uintptr_t* split, size_t* len) +{ + auto edx = regof(reg,stack);//regof(edx, esp_base); + std::wstring s = L"", bottom = L""; + while (1) { + auto c = *(BYTE*)edx; + if (c == 0xff)break; // terminated + if (c >= 0xb0) {// b4: next page? + edx += 1; + continue; + } + if (c >= 0x80) {// readChar + auto charCode = *(WORD*)edx; + edx += 2; + s += mages_decode(charCode); + } + else {// readControl + edx += 1; + if (c == 0) { + s += L' '; + } + else if (c == 1) {// speaker + bottom = L""; + while (1) + { + auto c2 = *(BYTE*)edx; + if (c2 == 2) { + edx += 1; break; + } + else if (c2 < 0x20)edx += 1; + else { + auto charCode = *(WORD*)edx; + edx += 2; + bottom += mages_decode(charCode); + } + } + if(bottom.size()) s = s + bottom + L": "; + } + else if (c == 2) { // line + // do nothing -> back to readChar + } + else if (c == 4 || c == 0x15) { // SetColor, EvaluateExpression => SKIP + ////if (c !== 4) console.warn('Warning: ', c, hexdump(address)); + // https://github.com/CommitteeOfZero/SciAdv.Net/blob/32489cd21921079975291dbdce9151ad66f1b06a/src/SciAdvNet.SC3/Text/SC3StringDecoder.cs#L98 + // https://github.com/CommitteeOfZero/SciAdv.Net/blob/32489cd21921079975291dbdce9151ad66f1b06a/src/SciAdvNet.SC3/Text/StringSegmentCodes.cs#L3 + // https://github.com/shiiion/steinsgate_textractor/blob/master/steinsgatetextractor/sg_text_extractor.cpp#L46 + auto token = *(BYTE*)edx; // BYTE token = read_single(cur_index); + if (!token) { + edx +=1; // return cur_index + 1; + } + else { + do { + if (token & 0x80) { + switch (token & 0x60) { + case 0: + edx +=2 ; //cur_index += 2; + break; + case 0x20: + edx +=3; //cur_index += 3; + break; + case 0x40: + edx +=4; //cur_index += 4; + break; + case 0x60: + edx +=5; //cur_index += 5; + break; + default: + // impossible + break; + } + } else { + edx +=2; //cur_index += 2; + } + token = *(BYTE*)edx; //token = read_single(cur_index); + } while (token); + } + } + else if (c == 0x0C // SetFontSize + || c == 0x11 // SetTopMargin + || c == 0x12 // SetLeftMargin + || c == 0x13 // STT_GetHardcodedValue: https://github.com/CommitteeOfZero/impacto/blob/master/src/text.cpp#L43 + ) { + edx+=2; + } + else if (c == 9) { // ruby (09_text_0A_rubi_0B) + std::wstring rubi = L""; + bottom = L""; + while (true) { + auto c2 = *(BYTE*)edx; + if (c2 == 0x0A) { // rubi + edx+=1; + while (true) { + c2 = *(BYTE*)edx; + if (c2 == 0x0B) { // end rubi + // address = address.add(1); + break; // break lv2 loop + } + else if (c2 < 0x20) { // another control + edx+=1; + } + else { // rubi + auto charCode = *(WORD*)edx; + edx+=2; + + rubi += mages_decode(charCode); + } + } // end while + } + else if (c2 == 0x0B) { // end rubi + edx+=1; + break; // break lv1 loop + } + else if (c2 < 0x20) { // another control (color?) + edx+=1; + } + else { // char (text) + auto charCode = *(WORD*)edx; + edx+=2; + + auto cc = mages_decode(charCode); + bottom += cc; + s += cc; + } + } + if (rubi != L"") { + //console.log('rubi: ', rubi); + //console.log('char: ', bottom); + } + } + else { + // do nothing (one byte control) + } + } +} + if(filter){ + static std::wstring last=L""; + if(last==s)return; + last=s; + } + + wchar_t* _data=new wchar_t[s.size()+1]; + wcscpy(_data,s.c_str()); + *data=(uintptr_t)_data; + *len=s.size()*2; +} +#ifndef _WIN64 +bool MAGES() { + auto dialogSigOffset = 2; + BYTE dialogSig1 []={ + 0x85,XX,0x74,XX,0x83,XX,0x01,0x74,XX,0x83,XX,0x04,0x74,XX,0xc7,0x05,XX,XX,XX,XX,0x01,0x00,0x00,0x00 + }; + auto addr=MemDbg::findBytes(dialogSig1,sizeof(dialogSig1),processStartAddress,processStopAddress); + if(addr==0){ + dialogSigOffset = 3; + BYTE dialogSig2 []={ + 0x57,0x85,XX,0x74,XX,0x83,XX,0x01,0x74,XX,0x83,XX,0x04 + }; + addr=MemDbg::findBytes(dialogSig2,sizeof(dialogSig2),processStartAddress,processStopAddress); + + } + if(addr==0)return false; + auto pos = addr+dialogSigOffset; + //.text:00431D3F 74 16 jz short loc_431D57 + auto jzoff=*(BYTE*)(pos+1); + pos+=jzoff+2; + auto hookaddr=pos; + for(int i=0;i<0x200;i++){ + if(((*(BYTE*)(pos))==0x8a)){ + + switch(((*(BYTE*)(pos+1)))){ + // case 0:reg=pusha_eax_off;break; + //YU-NO + //.text:00431D63 89 0D 20 A9 BF 00 mov dword_BFA920, ecx + //在加载到内存后,有时变成89 0d 20 a9 8a 00,导致崩溃,且这个没有遇到过,故注释掉。 + // case 3:reg=pusha_ebx_off;break; + // case 1:reg=pusha_ecx_off;break; + // case 2:reg=pusha_edx_off;break; + // case 6:reg=pusha_ebp_off;break; + // case 7:reg=pusha_edi_off;break; + case 3:reg=regs::ebx;break; + case 1:reg=regs::ecx;break; + case 2:reg=regs::edx;break; + case 6:reg=regs::ebp;break; + case 7:reg=regs::edi;break; + default:reg=regs::invalid; + } + if(reg!=regs::invalid)break; + } + pos+=1; + } + if(reg==regs::invalid)return false; + switch(pos-processStartAddress){ + case 0x9f723: + //Robotics;Notes-Elite + gametype=1; + break; + case 0xf70a6: + //Robotics;Notes-Dash + gametype=2; + break; + + default: + //YU-NO + //测试无效: + //Steins;Gate-0 + //Steins;Gate + //未测试: + //Steins;Gate-Elite + //Chaos;Child + //CHAOS;HEAD_NOAH + //Memories_Off_-Innocent_Fille + //Memories_Off_-Innocent_Fille-_for_Dearest + gametype=0; + } + //ConsoleOutput("%x",pos-processStartAddress); + HookParam hp; + //hp.address = hookaddr; + hp.address=hookaddr; + //想い出にかわる君 ~メモリーズオフ~ 想君:秋之回忆3在hookaddr上无法正确读取。 + //hookaddr上是没有重复的,pos上是都能读到但有重复。 + hp.text_fun = SpecialHookMAGES<0>; + hp.type = CODEC_UTF16 | USING_STRING|NO_CONTEXT; + auto _=NewHook(hp, "5pb_MAGES"); + hp.address=pos; + hp.text_fun = SpecialHookMAGES<1>; + _|=NewHook(hp, "5pb_MAGES"); + return _; +} + +#else + +bool MAGES() { + auto dialogSigOffset = 2; + BYTE dialogSig1 []={ + 0x85,XX,0x74,XX,0x41,0x83,XX,0x01,0x74,XX,0x41,0x83,XX,0x04,0x74,XX,0x41 + }; + auto addr=MemDbg::findBytes(dialogSig1,sizeof(dialogSig1),processStartAddress,processStopAddress); + ConsoleOutput("%p",addr); + if(addr==0)return false; + auto pos = addr+dialogSigOffset; + auto jzoff=*(BYTE*)(pos+1); + pos+=jzoff+2; + auto hookaddr=pos; + // + for(int i=0;i<0x200;i++){ + //.text:000000014004116B 0F B6 13 movzx edx, byte ptr [rbx] + //->rbx + if((((*(DWORD*)(pos))&0xffffff)==0x13b60f)){ + reg=regs::rbx;//rbx + //ConsoleOutput("%p",pos-processStartAddress); + break; + } + pos+=1; + } + if(reg==regs::invalid)return false; + switch(pos-processStartAddress){ + + default: + //CHAOS;HEAD_NOAH + gametype=0; + } + HookParam hp; + hp.address=hookaddr; + hp.text_fun = SpecialHookMAGES<0>; + hp.type = CODEC_UTF16 | USING_STRING|NO_CONTEXT; + return NewHook(hp, "5pb_MAGES"); +} + +#endif + + +} \ No newline at end of file diff --git a/LunaHook/engines/mono/il2cpp.hpp b/LunaHook/engines/mono/il2cpp.hpp new file mode 100644 index 0000000..b109943 --- /dev/null +++ b/LunaHook/engines/mono/il2cpp.hpp @@ -0,0 +1,646 @@ +#pragma once + +#if _MSC_VER +typedef wchar_t Il2CppChar; +#elif __has_feature(cxx_unicode_literals) +typedef char16_t Il2CppChar; +#else +typedef uint16_t Il2CppChar; +#endif + +struct Int32Object; + +struct Boolean +{ + bool m_value; +}; + +struct Byte +{ + uint8_t m_value; +}; + +// UnityEngine.Color +struct Color_t +{ +public: + // System.Single UnityEngine.Color::r + float r; + // System.Single UnityEngine.Color::g + float g; + // System.Single UnityEngine.Color::b + float b; + // System.Single UnityEngine.Color::a + float a; +}; + +// UnityEngine.Color32 +struct Color32_t +{ +public: + // System.Single UnityEngine.Color32::rgba + unsigned int rgba; +}; + + +// UnityEngine.ScreenOrientation +enum class ScreenOrientation { + Unknown, + Portrait, + PortraitUpsideDown, + LandscapeLeft, + LandscapeRight, + AutoRotation, + Landscape = 3 +}; + +// UnityEngine.Vector2 +struct Vector2_t +{ +public: + // System.Single UnityEngine.Vector2::x + float x; + // System.Single UnityEngine.Vector2::y + float y; +}; + +// UnityEngine.Vector2Int +struct Vector2Int_t +{ +public: + // System.Int32 UnityEngine.Vector2Int::m_X + int x; + // System.Int32 UnityEngine.Vector2Int::m_Y + int y; +}; + +// UnityEngine.Vector3 +struct Vector3_t +{ +public: + // System.Single UnityEngine.Vector3::x + float x; + // System.Single UnityEngine.Vector3::y + float y; + // System.Single UnityEngine.Vector3::z + float z; +}; + +// UnityEngine.Vector4 +struct Vector4_t +{ +public: + // System.Single UnityEngine.Vector4::x + float x; + // System.Single UnityEngine.Vector4::y + float y; + // System.Single UnityEngine.Vector4::z + float z; + // System.Single UnityEngine.Vector4::w + float w; +}; + +struct Rect_t +{ +public: + short x; + short y; + short width; + short height; +}; + +struct Resolution_t +{ +public: + int width; + int height; + int herz; +}; + +// UnityEngine.TextGenerationSettings +struct TextGenerationSettings_t +{ +public: + // UnityEngine.Font UnityEngine.TextGenerationSettings::font + void* font; + // UnityEngine.Color UnityEngine.TextGenerationSettings::color + Color_t color; + // System.Int32 UnityEngine.TextGenerationSettings::fontSize + int32_t fontSize; + // System.Single UnityEngine.TextGenerationSettings::lineSpacing + float lineSpacing; + // System.Boolean UnityEngine.TextGenerationSettings::richText + bool richText; + // System.Single UnityEngine.TextGenerationSettings::scaleFactor + float scaleFactor; + // UnityEngine.FontStyle UnityEngine.TextGenerationSettings::fontStyle + int32_t fontStyle; + // UnityEngine.TextAnchor UnityEngine.TextGenerationSettings::textAnchor + int32_t textAnchor; + // System.Boolean UnityEngine.TextGenerationSettings::alignByGeometry + bool alignByGeometry; + // System.Boolean UnityEngine.TextGenerationSettings::resizeTextForBestFit + bool resizeTextForBestFit; + // System.Int32 UnityEngine.TextGenerationSettings::resizeTextMinSize + int32_t resizeTextMinSize; + // System.Int32 UnityEngine.TextGenerationSettings::resizeTextMaxSize + int32_t resizeTextMaxSize; + // System.Boolean UnityEngine.TextGenerationSettings::updateBounds + bool updateBounds; + // UnityEngine.VerticalWrapMode UnityEngine.TextGenerationSettings::verticalOverflow + int32_t verticalOverflow; + // UnityEngine.HorizontalWrapMode UnityEngine.TextGenerationSettings::horizontalOverflow + int32_t horizontalOverflow; + // UnityEngine.Vector2 UnityEngine.TextGenerationSettings::generationExtents + Vector2_t generationExtents; + // UnityEngine.Vector2 UnityEngine.TextGenerationSettings::pivot + Vector2_t pivot; + // System.Boolean UnityEngine.TextGenerationSettings::generateOutOfBounds + bool generateOutOfBounds; +}; + +enum Il2CppTypeEnum +{ + IL2CPP_TYPE_END = 0x00, /* End of List */ + IL2CPP_TYPE_VOID = 0x01, + IL2CPP_TYPE_BOOLEAN = 0x02, + IL2CPP_TYPE_CHAR = 0x03, + IL2CPP_TYPE_I1 = 0x04, + IL2CPP_TYPE_U1 = 0x05, + IL2CPP_TYPE_I2 = 0x06, + IL2CPP_TYPE_U2 = 0x07, + IL2CPP_TYPE_I4 = 0x08, + IL2CPP_TYPE_U4 = 0x09, + IL2CPP_TYPE_I8 = 0x0a, + IL2CPP_TYPE_U8 = 0x0b, + IL2CPP_TYPE_R4 = 0x0c, + IL2CPP_TYPE_R8 = 0x0d, + IL2CPP_TYPE_STRING = 0x0e, + IL2CPP_TYPE_PTR = 0x0f, + IL2CPP_TYPE_BYREF = 0x10, + IL2CPP_TYPE_VALUETYPE = 0x11, + IL2CPP_TYPE_CLASS = 0x12, + IL2CPP_TYPE_VAR = 0x13, + IL2CPP_TYPE_ARRAY = 0x14, + IL2CPP_TYPE_GENERICINST = 0x15, + IL2CPP_TYPE_TYPEDBYREF = 0x16, + IL2CPP_TYPE_I = 0x18, + IL2CPP_TYPE_U = 0x19, + IL2CPP_TYPE_FNPTR = 0x1b, + IL2CPP_TYPE_OBJECT = 0x1c, + IL2CPP_TYPE_SZARRAY = 0x1d, + IL2CPP_TYPE_MVAR = 0x1e, + IL2CPP_TYPE_CMOD_REQD = 0x1f, + IL2CPP_TYPE_CMOD_OPT = 0x20, + IL2CPP_TYPE_INTERNAL = 0x21, + + IL2CPP_TYPE_MODIFIER = 0x40, + IL2CPP_TYPE_SENTINEL = 0x41, + IL2CPP_TYPE_PINNED = 0x45, + + IL2CPP_TYPE_ENUM = 0x55 +}; + +typedef struct Il2CppType +{ + void* dummy; + unsigned int attrs : 16; + Il2CppTypeEnum type : 8; + unsigned int num_mods : 6; + unsigned int byref : 1; + unsigned int pinned : 1; +} Il2CppType; + +typedef struct FieldInfo +{ + const char* name; + const Il2CppType* type; + void* parent; + int32_t offset; // If offset is -1, then it's thread static + uint32_t token; +} FieldInfo; + +struct MethodInfo; + +typedef struct Il2CppClass +{ + // The following fields are always valid for a Il2CppClass structure + const void* image; + void* gc_desc; + const char* name; + const char* namespaze; + Il2CppType byval_arg; + Il2CppType this_arg; + Il2CppClass* element_class; + Il2CppClass* castClass; + Il2CppClass* declaringType; + Il2CppClass* parent; + void* generic_class; + void* typeMetadataHandle; // non-NULL for Il2CppClass's constructed from type defintions + const void* interopData; + Il2CppClass* klass; // hack to pretend we are a MonoVTable. Points to ourself + // End always valid fields + + // The following fields need initialized before access. This can be done per field or as an aggregate via a call to Class::Init + FieldInfo* fields; // Initialized in SetupFields + const void* events; // Initialized in SetupEvents + const void* properties; // Initialized in SetupProperties + const MethodInfo** methods; // Initialized in SetupMethods + Il2CppClass** nestedTypes; // Initialized in SetupNestedTypes + Il2CppClass** implementedInterfaces; // Initialized in SetupInterfaces + void* interfaceOffsets; // Initialized in Init + void* static_fields; // Initialized in Init + const void* rgctx_data; // Initialized in Init + // used for fast parent checks + Il2CppClass** typeHierarchy; // Initialized in SetupTypeHierachy + // End initialization required fields + + void* unity_user_data; + + uint32_t initializationExceptionGCHandle; + + uint32_t cctor_started; + uint32_t cctor_finished; + size_t cctor_thread; + + // Remaining fields are always valid except where noted + void* genericContainerHandle; + uint32_t instance_size; // valid when size_inited is true + uint32_t actualSize; + uint32_t element_size; + int32_t native_size; + uint32_t static_fields_size; + uint32_t thread_static_fields_size; + int32_t thread_static_fields_offset; + uint32_t flags; + uint32_t token; + + uint16_t method_count; // lazily calculated for arrays, i.e. when rank > 0 + uint16_t property_count; + uint16_t field_count; + uint16_t event_count; + uint16_t nested_type_count; + uint16_t vtable_count; // lazily calculated for arrays, i.e. when rank > 0 + uint16_t interfaces_count; + uint16_t interface_offsets_count; // lazily calculated for arrays, i.e. when rank > 0 + + uint8_t typeHierarchyDepth; // Initialized in SetupTypeHierachy + uint8_t genericRecursionDepth; + uint8_t rank; + uint8_t minimumAlignment; // Alignment of this type + uint8_t naturalAligment; // Alignment of this type without accounting for packing + uint8_t packingSize; + + // this is critical for performance of Class::InitFromCodegen. Equals to initialized && !has_initialization_error at all times. + // Use Class::UpdateInitializedAndNoError to update + uint8_t initialized_and_no_error : 1; + + uint8_t valuetype : 1; + uint8_t initialized : 1; + uint8_t enumtype : 1; + uint8_t is_generic : 1; + uint8_t has_references : 1; // valid when size_inited is true + uint8_t init_pending : 1; + uint8_t size_init_pending : 1; + uint8_t size_inited : 1; + uint8_t has_finalize : 1; + uint8_t has_cctor : 1; + uint8_t is_blittable : 1; + uint8_t is_import_or_windows_runtime : 1; + uint8_t is_vtable_initialized : 1; + uint8_t has_initialization_error : 1; + void* vtable[0]; +} Il2CppClass; + +struct ParameterInfo +{ + const char* name; + int32_t position; + uint32_t token; + const Il2CppType* parameter_type; +}; + +typedef struct Il2CppGenericContainer +{ + /* index of the generic type definition or the generic method definition corresponding to this container */ + int32_t ownerIndex; // either index into Il2CppClass metadata array or Il2CppMethodDefinition array + int32_t type_argc; + /* If true, we're a generic method, otherwise a generic type definition. */ + int32_t is_method; + /* Our type parameters. */ + int32_t genericParameterStart; +} Il2CppGenericContainer; + +struct MethodInfo +{ + uintptr_t methodPointer; + uintptr_t invoker_method; + const char* name; + Il2CppClass* klass; + const Il2CppType* return_type; + const ParameterInfo* parameters; + union + { + uintptr_t rgctx_data; + uintptr_t methodDefinition; + }; + union + { + uintptr_t genericMethod; + Il2CppGenericContainer* genericContainer; + }; + uint32_t token; + uint16_t flags; + uint16_t iflags; + uint16_t slot; + uint8_t parameters_count; + uint8_t is_generic : 1; + uint8_t is_inflated : 1; + uint8_t wrapper_type : 1; + uint8_t is_marshaled_from_native : 1; +}; + +struct Il2CppObject +{ + union + { + Il2CppClass* klass; + void* vtable; + }; + void* monitor; +}; + +// not real Il2CppString class +struct Il2CppString +{ + Il2CppObject object; + int32_t length; ///< Length of string *excluding* the trailing null (which is included in 'chars'). + Il2CppChar start_char[0]; +}; + +typedef struct PropertyInfo { + Il2CppClass* parent; + const char* name; + const MethodInfo* get; + const MethodInfo* set; + uint32_t attrs; + uint32_t token; +} PropertyInfo; + +typedef struct Il2CppArraySize +{ + Il2CppObject obj; + void* bounds; + uintptr_t max_length; + alignas(8) + void* vector[0]; +} Il2CppArraySize; + +static const size_t kIl2CppSizeOfArray = (offsetof(Il2CppArraySize, vector)); + +struct CourseBaseObjectContext +{ + Il2CppObject* coursePrefab; + Il2CppObject* courseGrassFurPrefab; + Il2CppObject* monitorRenderTexture; + Il2CppArraySize* swapTextures; + Il2CppArraySize* swapSubTextures; + Il2CppObject* postFilmSetGroup; + Il2CppObject* grassParam; +}; + +struct RaceLoaderManagerCourceContext +{ + int courseId; + int timeEnum; + int seasonEnum; + int turfGoalGate; + int turfGoalFlower; + int dirtGoalGate; + int dirtGoalFlower; + int skydomeCourseId; + int skydomeSeasonEnum; + int skydomeWeatherEnum; + int skydomeTimeEnum; + int audienceEnum; + int audienceWeatherEnum; + int audienceSeasonEnum; + int treeWeaterEnum; + int treeTimeEnum; + int RotationCategoryEnum; + int lightProbeId; + Il2CppArraySize* materialTeturePairs; + Il2CppArraySize* materialSubTexturePairs; + bool halfStartGate; + int CourseStartGateBaseId; +}; + +struct CriAtomExPlayback +{ + uint32_t id; +}; + +struct AudioPlayback +{ + CriAtomExPlayback criAtomExPlayback; + bool isError; + int soundGroup; +}; + +typedef struct Il2CppReflectionMethod Il2CppReflectionMethod; + +typedef void (*Il2CppMethodPointer)(); + +typedef void* (*InvokerMethod)(Il2CppMethodPointer, const MethodInfo*, void*, void**); + +typedef struct Il2CppDelegate +{ + Il2CppObject object; + /* The compiled code of the target method */ + Il2CppMethodPointer method_ptr; + /* The invoke code */ + InvokerMethod invoke_impl; + Il2CppObject* target; + const MethodInfo* method; + + void* delegate_trampoline; + + intptr_t extraArg; + + /* + * If non-NULL, this points to a memory location which stores the address of + * the compiled code of the method, or NULL if it is not yet compiled. + */ + uint8_t** method_code; + Il2CppReflectionMethod* method_info; + Il2CppReflectionMethod* original_method_info; + Il2CppObject* data; + + bool method_is_virtual; +} Il2CppDelegate; + +typedef struct MulticastDelegate : Il2CppDelegate { + Il2CppArraySize* delegates; +} MulticastDelegate; + +// function types +typedef Il2CppString* (*il2cpp_string_new_utf16_t)(const wchar_t* str, unsigned int len); +typedef Il2CppString* (*il2cpp_string_new_t)(const char* str); +typedef void* (*il2cpp_domain_get_t)(); +typedef void** (*il2cpp_domain_get_assemblies_t)(void* domain, std::size_t* size); +typedef void* (*il2cpp_domain_assembly_open_t)(void* domain, const char* name); +typedef void* (*il2cpp_assembly_get_image_t)(void* assembly); +typedef Il2CppClass* (*il2cpp_class_from_name_t)(void* image, const char* namespaze, const char* name); +typedef MethodInfo* (*il2cpp_class_get_methods_t)(Il2CppClass* klass, void** iter); +typedef MethodInfo* (*il2cpp_class_get_method_from_name_t)(Il2CppClass* klass, const char* name, int argsCount); +typedef MethodInfo* (*il2cpp_method_get_from_reflection_t)(Il2CppObject* ref); +typedef const Il2CppType* (*il2cpp_method_get_param_t)(const MethodInfo* method, uint32_t index); +typedef Il2CppObject* (*il2cpp_object_new_t)(Il2CppClass* klass); +typedef void (*il2cpp_add_internal_call_t)(const char* name, uintptr_t pointer); +typedef void* (*il2cpp_resolve_icall_t)(const char* name); +typedef Il2CppArraySize* (*il2cpp_array_new_t)(Il2CppClass* klass, uintptr_t count); +typedef void* (*il2cpp_thread_attach_t)(void* domain); +typedef void (*il2cpp_thread_detach_t)(void* thread); +typedef const Il2CppType* (*il2cpp_class_get_type_t)(Il2CppClass* klass); +typedef uint32_t(*il2cpp_class_get_type_token_t)(Il2CppClass* klass); +typedef FieldInfo* (*il2cpp_class_get_field_from_name_t)(Il2CppClass* klass, const char* name); +typedef void (*il2cpp_field_get_value_t)(Il2CppObject* obj, FieldInfo* field, void* value); +typedef void (*il2cpp_field_set_value_t)(Il2CppObject* obj, FieldInfo* field, void* value); +typedef void (*il2cpp_field_static_get_value_t)(FieldInfo* field, void* value); +typedef void (*il2cpp_field_static_set_value_t)(FieldInfo* field, void* value); +typedef const Il2CppType* (*il2cpp_field_get_type_t)(FieldInfo* field); +typedef Il2CppObject* (*il2cpp_type_get_object_t)(const Il2CppType* type); +typedef const char* (*il2cpp_image_get_name_t)(void* image); +typedef size_t(*il2cpp_image_get_class_count_t)(void* image); +typedef const Il2CppClass* (*il2cpp_image_get_class_t)(void* image, size_t index); +typedef bool (*il2cpp_type_is_byref_t)(const Il2CppType* type); +typedef uint32_t(*il2cpp_method_get_flags_t)(const MethodInfo* mehod, uint32_t* iflags); +typedef const Il2CppType* (*il2cpp_method_get_return_type_t)(const MethodInfo* method); +typedef Il2CppClass* (*il2cpp_class_from_type_t)(const Il2CppType* type); +typedef const char* (*il2cpp_class_get_name_t)(Il2CppClass* klass); +typedef const PropertyInfo* (*il2cpp_class_get_properties_t)(Il2CppClass* klass, void** iter); +typedef bool (*il2cpp_class_is_enum_t)(const Il2CppClass* klass); +typedef FieldInfo* (*il2cpp_class_get_fields_t)(Il2CppClass* klass, void** iter); +typedef const char* (*il2cpp_method_get_name_t)(const MethodInfo* method); +typedef uint32_t(*il2cpp_method_get_param_count_t)(const MethodInfo* method); +typedef const char* (*il2cpp_method_get_param_name_t)(const MethodInfo* method, uint32_t index); +typedef Il2CppClass* (*il2cpp_class_get_parent_t)(Il2CppClass* klass); +typedef Il2CppClass* (*il2cpp_class_get_interfaces_t)(Il2CppClass* klass, void** iter); +typedef const char* (*il2cpp_class_get_namespace_t)(Il2CppClass* klass); +typedef int (*il2cpp_class_get_flags_t)(const Il2CppClass* klass); +typedef bool (*il2cpp_class_is_valuetype_t)(const Il2CppClass* klass); +typedef uint32_t(*il2cpp_property_get_flags_t) (PropertyInfo* prop); +typedef const MethodInfo* (*il2cpp_property_get_get_method_t) (const PropertyInfo* prop); +typedef const MethodInfo* (*il2cpp_property_get_set_method_t) (const PropertyInfo* prop); +typedef const char* (*il2cpp_property_get_name_t) (const PropertyInfo* prop); +typedef Il2CppClass* (*il2cpp_property_get_parent_t) (const PropertyInfo* prop); +typedef int (*il2cpp_field_get_flags_t)(FieldInfo* field); +typedef const char* (*il2cpp_field_get_name_t)(FieldInfo* field); +typedef Il2CppClass* (*il2cpp_field_get_parent_t)(FieldInfo* field); +typedef size_t (*il2cpp_field_get_offset_t)(FieldInfo* field); +typedef const PropertyInfo* (*il2cpp_class_get_property_from_name_t)(Il2CppClass* klass, const char* name); +typedef void (*il2cpp_runtime_object_init_t)(Il2CppObject* obj); +typedef Il2CppObject* (*il2cpp_value_box_t)(Il2CppClass* klass, void* data); +typedef void* (*il2cpp_object_unbox_t)(Il2CppObject* obj); + +char* il2cpp_array_addr_with_size(void* arr, int32_t size, uintptr_t idx); + +// array macro +#define il2cpp_array_addr(array, type, index) ((type*)(void*) il2cpp_array_addr_with_size (array, sizeof (type), index)) + +#define il2cpp_array_setref(array, index, value) \ + do { \ + void* *__p = (void* *) il2cpp_array_addr ((array), void*, (index)); \ + *__p = (value); \ + } while (0) + +namespace il2cpp_symbols +{ + inline void* il2cpp_domain = nullptr; + + void init(HMODULE game_module); + uintptr_t get_method_pointer(const char* assemblyName, const char* namespaze, + const char* klassName, const char* name, int argsCount); + + Il2CppClass* get_class(const char* assemblyName, const char* namespaze, const char* klassName); + + MethodInfo* get_method(const char* assemblyName, const char* namespaze, + const char* klassName, const char* name, int argsCount); + + Il2CppClass* find_class(const char* assemblyName, const char* namespaze, std::function predict); + + uintptr_t find_method(const char* assemblyName, const char* namespaze, + const char* klassName, std::function predict); +} + +// UnityEngine.Quaternion +struct Quaternion_t +{ +public: + float w; + float x; + float y; + float z; +}; + + +template +struct TypedField +{ + FieldInfo* Field; + + constexpr FieldInfo* operator->() const noexcept + { + return Field; + } +}; + + +struct Il2CppClassHead +{ + const void* image; + void* gc_desc; + const char* name; + const char* namespaze; +}; + +struct Il2CppReflectionType +{ + Il2CppObject object; + const Il2CppType* type; +}; + + +// function types +typedef Il2CppString* (*il2cpp_string_new_utf16_t)(const wchar_t* str, unsigned int len); +typedef Il2CppString* (*il2cpp_string_new_t)(const char* str); +typedef void* (*il2cpp_domain_get_t)(); +typedef void* (*il2cpp_domain_assembly_open_t)(void* domain, const char* name); +typedef void* (*il2cpp_assembly_get_image_t)(void* assembly); + + + + + +typedef void* (*il2cpp_resolve_icall_t)(const char* name); + +typedef void* (*il2cpp_thread_attach_t)(void* domain); +typedef void (*il2cpp_thread_detach_t)(void* thread); + +typedef bool (*il2cpp_class_is_assignable_from_t)(void* klass, void* oklass); +typedef void (*il2cpp_class_for_each_t)(void(*klassReportFunc)(Il2CppClass* klass, void* userData), void* userData); +typedef void* (*il2cpp_class_get_nested_types_t)(void* klass, void** iter); + + +typedef uint32_t(*il2cpp_gchandle_new_t)(void* obj, bool pinned); +typedef void (*il2cpp_gchandle_free_t)(uint32_t gchandle); +typedef void* (*il2cpp_gchandle_get_target_t)(uint32_t gchandle); + +typedef void (*il2cpp_runtime_class_init_t)(void* klass); +typedef void* (*il2cpp_runtime_invoke_t)(MethodInfo* method, void* obj, void** params, Il2CppObject** exc); + +char* il2cpp_array_addr_with_size(void* arr, int32_t size, uintptr_t idx); + +// array macro +#define il2cpp_array_addr(array, type, index) ((type*)(void*) il2cpp_array_addr_with_size (array, sizeof (type), index)) + \ No newline at end of file diff --git a/LunaHook/engines/mono/monocommon.hpp b/LunaHook/engines/mono/monocommon.hpp new file mode 100644 index 0000000..7166563 --- /dev/null +++ b/LunaHook/engines/mono/monocommon.hpp @@ -0,0 +1,308 @@ + +#include"il2cpp.hpp" +#include "main.h" +#include "monoobject.h" +#include"monofuncinfo.h" +namespace { + +#define GetProcAddressXX(mm, func) auto func=(func##_t)GetProcAddress((mm), #func); +std::mutex mutex; +std::unordered_setinserted_addr; +void NewHook_check(HookParam& hp,LPCSTR n){ + std::lock_guard _(mutex); + if(inserted_addr.find(hp.address)==inserted_addr.end()){ + NewHook(hp,n); + inserted_addr.insert(hp.address); + } +} +auto mscorlib_system_string_funcs={ + "ToCharArray", + "Replace", + "ToString", + "IndexOf", + "Substring", + "op_Inequality",//[230901] [ILLGAMES] ハニカム + "InternalSubString", //[1000-REKA] 早咲きのくろゆり + //https://learn.microsoft.com/zh-cn/dotnet/api/system.string.join?view=net-7.0 + // "Join", "IndexOfAnyUnchecked", "LastIndexOfAny", "Split", "IndexOfAny", "Compare", "Concat", "TrimEnd", "op_Inequality", "InternalSplitKeepEmptyEntries", "CreateString", "FormatHelper", "FastAllocateString", "EndsWith", "ReplaceInternal", "CopyTo", "IndexOfUnchecked", "ConcatArray", "Trim", "ToLower", "MakeSeparatorList", ".ctor", "SplitInternal", "CharCopy", "LastIndexOfAnyUnchecked", "IsNullOrWhiteSpace", "CtorCharPtrStartLength", "FillStringChecked", "op_Equality", "StartsWith", "Contains", "ToLowerInvariant", "TrimHelper", "Equals", "wstrcpy", "CtorCharArrayStartLength", "ReplaceUnchecked", "InternalSplitOmitEmptyEntries", "LastIndexOf", "Format" + //String还有其他函数,但一般这几个就可以了 + }; +std::vector> unity_ui_text={ + {"TMPro","TMP_Text"}, + {"UnityEngine.UI","Text"}, + {"","UILabel"}, + {"UnityEngine","GUIText"}, + {"UnityEngine","TextMesh"}, + {"UnityEngine.UIElements","TextElement"}, + {"UnityEngine.UIElements","TextField","value"} + }; +void commonsolemonostring(uintptr_t offset,uintptr_t *data, size_t*len){ + MonoString* string = (MonoString*)offset; + if(string==0)return; + *data = (uintptr_t)string->chars; + if(wcslen((wchar_t*)string->chars)!=string->length)return; + *len = string->length * 2; +} +void mscorlib_system_string_hook_fun(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) +{ + #ifdef _WIN64 + uintptr_t offset=stack->rcx; + #else + uintptr_t offset=stack->stack[1]; + #endif + commonsolemonostring(offset,data,len); +} +void unity_ui_string_hook_fun(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) +{ + #ifdef _WIN64 + uintptr_t offset=stack->rdx; + #else + uintptr_t offset=stack->stack[2]; + #endif + commonsolemonostring(offset,data,len); +} +template +void MONO_IL2CPP_NEW_HOOK(uintptr_t addr,const char*name){ + if(addr==0)return; + HookParam hp; + hp.address = addr; + hp.type = USING_STRING | CODEC_UTF16|FULL_STRING; + hp.text_fun =(decltype(hp.text_fun))text_fun; + + NewHook_check(hp, name); +} +auto unity_ui_string_hook=MONO_IL2CPP_NEW_HOOK; +auto mscorlib_system_string_hook=MONO_IL2CPP_NEW_HOOK; + + +/** jichi 12/26/2014 Mono + * Sample game: [141226] ハ�レ�めいと + */ +void SpecialHookMonoString(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) +{ + mscorlib_system_string_hook_fun(stack,hp,data,split,len); + + #ifndef _WIN64 + auto s = stack->ecx; + for (int i = 0; i < 0x10; i++) // traverse pointers until a non-readable address is met + if (s && !::IsBadReadPtr((LPCVOID)s, sizeof(DWORD))) + s = *(DWORD *)s; + else + break; + if (!s) + s = hp->address; + if (hp->type & USING_SPLIT) *split = s; + #endif + +} +} +namespace il2cpp_func{ + void insertsystemstringfunc(Il2CppClass*klass,HMODULE module){ + GetProcAddressXX(module,il2cpp_class_get_method_from_name); + if(il2cpp_class_get_method_from_name==0)return ; + for(auto func:mscorlib_system_string_funcs){ + auto ToCharArray= il2cpp_class_get_method_from_name(klass,func,-1); + if(ToCharArray==0)continue; + mscorlib_system_string_hook(ToCharArray->methodPointer,func); + } + + } + bool withimage(HMODULE module){ + GetProcAddressXX(module,il2cpp_domain_get); + GetProcAddressXX(module,il2cpp_thread_attach); + GetProcAddressXX(module,il2cpp_domain_get_assemblies); + GetProcAddressXX(module,il2cpp_assembly_get_image); + GetProcAddressXX(module,il2cpp_class_from_name); + GetProcAddressXX(module,il2cpp_class_get_method_from_name); + + if (!(il2cpp_domain_get && il2cpp_thread_attach && il2cpp_assembly_get_image && il2cpp_domain_get_assemblies && il2cpp_class_from_name && il2cpp_class_get_method_from_name))return false; + + auto domain = il2cpp_domain_get(); + il2cpp_thread_attach(domain); + int _ = 0; + size_t sz = 0; + auto assemblies = il2cpp_domain_get_assemblies(domain, &sz); + for (auto i = 0; i < sz; i++, assemblies++) { + auto image = il2cpp_assembly_get_image(*assemblies); + + do{ + auto cls = il2cpp_class_from_name(image, "System", "String"); + if (cls==0)break; + il2cpp_func::insertsystemstringfunc(cls,module); + }while(0); + + for(auto _:unity_ui_text){ + auto cls = il2cpp_class_from_name(image, _[0], _[1]); + if (cls == 0) continue; + auto method = il2cpp_class_get_method_from_name(cls, "set_text", 1); + if (method == 0) continue; + unity_ui_string_hook(method->methodPointer,_[1]); + } + } + return true; + + } + void foreach_func(Il2CppClass* klass, void* userData){ + HMODULE module = GetModuleHandleW(L"GameAssembly.dll"); + + GetProcAddressXX(module,il2cpp_class_get_name); + GetProcAddressXX(module,il2cpp_method_get_name); + GetProcAddressXX(module,il2cpp_class_get_methods); + GetProcAddressXX(module,il2cpp_class_get_namespace); + GetProcAddressXX(module,il2cpp_class_get_method_from_name); + + if (!(il2cpp_class_get_name ))return; + auto classname = il2cpp_class_get_name(klass); + std::string cln = classname; + + do{ + if(!(il2cpp_class_get_namespace && il2cpp_class_get_method_from_name))break; + std::string names=il2cpp_class_get_namespace(klass); + if(cln=="String" && names=="System"){ + il2cpp_func::insertsystemstringfunc(klass,module); + } + }while(0); + + + do{ + if (!( il2cpp_class_get_methods && il2cpp_method_get_name))break; + if (!(cln.size() >= 4 && (cln.substr(cln.size() - 4, 4) == "Text" || cln.substr(0, 4) == "Text"))) break; + + void* iter = 0; + while (true) { + auto methods = il2cpp_class_get_methods(klass, &iter); + if (methods == 0)break; + auto methodname = il2cpp_method_get_name(methods); + if (std::string(methodname) == "set_text") { + unity_ui_string_hook(methods->methodPointer,classname); + + } + } + }while(0); + + } + bool foreach(HMODULE module){ + + GetProcAddressXX(module,il2cpp_class_for_each); + if (il2cpp_class_for_each==0)return false; + il2cpp_class_for_each(foreach_func, 0); + return true; + } +} + + +namespace{ +HMODULE monodllhandle=0; + +void MonoCallBack(uintptr_t assembly, void* userData) { + GetProcAddressXX(monodllhandle,mono_get_root_domain); + GetProcAddressXX(monodllhandle,mono_thread_attach); + GetProcAddressXX(monodllhandle,mono_assembly_get_image); + GetProcAddressXX(monodllhandle,mono_class_get_property_from_name); + GetProcAddressXX(monodllhandle,mono_class_from_name); + GetProcAddressXX(monodllhandle,mono_property_get_set_method); + GetProcAddressXX(monodllhandle,mono_compile_method); + GetProcAddressXX(monodllhandle,mono_image_get_name); + GetProcAddressXX(monodllhandle,mono_image_get_table_info); + GetProcAddressXX(monodllhandle,mono_table_info_get_rows); + GetProcAddressXX(monodllhandle,mono_class_get); + GetProcAddressXX(monodllhandle,mono_class_get_name); + GetProcAddressXX(monodllhandle,mono_class_get_method_from_name); + if(mono_assembly_get_image==0)return ; + uintptr_t image = mono_assembly_get_image(assembly); + + if(!(mono_thread_attach&&mono_get_root_domain&&mono_compile_method))return ; + + if((mono_class_from_name&&mono_class_get_property_from_name&&mono_property_get_set_method)) + for(auto _:unity_ui_text){ + auto mono_class=mono_class_from_name(image,_[0],_[1]); + if(mono_class==0)continue; + uintptr_t mono_property=mono_class_get_property_from_name(mono_class,_.size()==3?_[2] :"text"); + if (mono_property == 0)continue; + auto mono_set_method = mono_property_get_set_method(mono_property); + mono_thread_attach(mono_get_root_domain()); + if(mono_set_method==0)continue; + uint64_t* method_pointer = mono_compile_method(mono_set_method); + if (method_pointer==0)continue; + unity_ui_string_hook((uintptr_t)method_pointer,_[1]); + + } + if((mono_image_get_name&&mono_image_get_table_info&&mono_table_info_get_rows&&mono_class_get&&mono_class_get_name&&mono_class_get_method_from_name)){ + //遍历image中的类,根据类名判断。 + //x86下遍历mono_class_get会中途卡死,故放弃,仅保留预设。 + //这个仅用于hook String + std::string mscorlib=mono_image_get_name(image); + if(mscorlib=="mscorlib"){ + auto _1=mono_image_get_table_info((void*)image,MONO_TABLE_TYPEDEF); + auto tdefcount=mono_table_info_get_rows(_1); + for (int i = 0; i < tdefcount; i++) + { + void *klass = mono_class_get((void*)image, MONO_TOKEN_TYPE_DEF | i+1); + char *name=mono_class_get_name(klass); + std::string cln = name; + if(cln=="String"){ + for(auto func:mscorlib_system_string_funcs){ + auto ToCharArray= mono_class_get_method_from_name(klass,func,-1); + if(ToCharArray==0)continue; + auto ToCharArrayAddr=mono_compile_method((uintptr_t)ToCharArray); + mscorlib_system_string_hook((uint64_t)ToCharArrayAddr,func); + } + + } + + } + } + } + + + +} + +bool InsertMonoHooksByAssembly(HMODULE module) { + monodllhandle=module; + GetProcAddressXX(monodllhandle,mono_assembly_foreach); + if(mono_assembly_foreach==0)return false; + mono_assembly_foreach(MonoCallBack, NULL); + return true; +} +} +namespace { + bool monodllhook(HMODULE module) { + HookParam hp; + const MonoFunction funcs[] = { MONO_FUNCTIONS_INITIALIZER }; + for (auto func : funcs) { + if (FARPROC addr = GetProcAddress(module, func.functionName)) { + hp.address =(uintptr_t) addr; + hp.type =USING_STRING| func.hookType; + hp.filter_fun =all_ascii_Filter; + hp.offset = func.textIndex * 4; + hp.length_offset = func.lengthIndex * 4; + hp.text_fun = (decltype(hp.text_fun))func.text_fun; + ConsoleOutput("Mono: INSERT"); + NewHook_check(hp, func.functionName); + } + } + return true; + } +} + +namespace monocommon{ + bool il2cpp() { + + HMODULE module = GetModuleHandleW(L"GameAssembly.dll"); + if (module == 0)return false; + bool _1=il2cpp_func::withimage(module); + bool _2=il2cpp_func::foreach(module); + return _1||_2; + } + + bool hook_mono(){ + for (const wchar_t* monoName : { L"mono.dll", L"mono-2.0-bdwgc.dll",L"GameAssembly.dll" }) + if (HMODULE module = GetModuleHandleW(monoName)) { + bool b1=InsertMonoHooksByAssembly(module); + bool b2=monodllhook(module); + if(b1||b2)return true; + } + return false; + } +} \ No newline at end of file diff --git a/LunaHook/engines/mono/monofuncinfo.h b/LunaHook/engines/mono/monofuncinfo.h new file mode 100644 index 0000000..744cf1a --- /dev/null +++ b/LunaHook/engines/mono/monofuncinfo.h @@ -0,0 +1,70 @@ +#pragma once + +// mono/funcinfo.h +// 12/26/2014 +// https://github.com/mono/mono/blob/master/mono/metadata/object.h +// http://api.xamarin.com/index.aspx?link=xhtml%3Adeploy%2Fmono-api-string.html +// http://docs.go-mono.com/index.aspx?link=xhtml%3Adeploy%2Fmono-api-string.html + +//#include "ith/import/mono/types.h" + +// MonoString* mono_string_new (MonoDomain *domain, +// const char *text); +// MonoString* mono_string_new_len (MonoDomain *domain, +// const char *text, +// guint length); +// MonoString* mono_string_new_size (MonoDomain *domain, +// gint32 len); +// MonoString* mono_string_new_utf16 (MonoDomain *domain, +// const guint16 *text, +// gint32 len); +// MonoString* mono_string_from_utf16 (gunichar2 *data); +// mono_unichar2* mono_string_to_utf16 (MonoString *s); +// char* mono_string_to_utf8 (MonoString *s); +// gboolean mono_string_equal (MonoString *s1, +// MonoString *s2); +// guint mono_string_hash (MonoString *s); +// MonoString* mono_string_intern (MonoString *str); +// MonoString* mono_string_is_interned (MonoString *o); +// MonoString* mono_string_new_wrapper (const char *text); +// gunichar2* mono_string_chars (MonoString *s); +// int mono_string_length (MonoString *s); +// gunichar2* mono_unicode_from_external (const gchar *in, gsize *bytes); +// gchar* mono_unicode_to_external (const gunichar2 *uni); +// gchar* mono_utf8_from_external (const gchar *in); + +struct MonoFunction { // argument indices start from 0 for SpecialHookMonoString, otherwise 1 + const char *functionName; + size_t textIndex; // argument index + short lengthIndex; // argument index + unsigned long hookType; // HookParam type + void *text_fun;// HookParam::text_fun_t +}; + +#ifndef _WIN64 + +#define MONO_FUNCTIONS_INITIALIZER \ + { "mono_string_to_utf8", 0, 0, CODEC_UTF16|NO_CONTEXT, SpecialHookMonoString } \ + , { "mono_string_to_utf8_checked", 0, 0, CODEC_UTF16|NO_CONTEXT, SpecialHookMonoString } \ + , { "mono_string_to_utf16", 0, 0, CODEC_UTF16|NO_CONTEXT, SpecialHookMonoString } \ + , { "mono_string_intern", 0, 0, CODEC_UTF16|NO_CONTEXT, SpecialHookMonoString } \ + , { "mono_string_is_interned", 0, 0, CODEC_UTF16|NO_CONTEXT, SpecialHookMonoString } \ + , { "mono_marshal_string_to_utf16", 0, 0, CODEC_UTF16|NO_CONTEXT, SpecialHookMonoString } \ + , { "mono_string_hash", 0, 0, CODEC_UTF16, SpecialHookMonoString } \ + , { "mono_string_chars", 0, 0, CODEC_UTF16, SpecialHookMonoString } \ + , { "mono_string_length", 0, 0, CODEC_UTF16, SpecialHookMonoString } \ + , { "mono_utf8_from_external", 1, 0, USING_STRING|CODEC_UTF8, nullptr } \ + , { "mono_string_from_utf16", 1, 0, CODEC_UTF16, nullptr } \ + , { "mono_unicode_from_external", 1, 0, CODEC_UTF16, nullptr } \ + , { "mono_unicode_to_external", 1, 0, CODEC_UTF16, nullptr } \ + , { "mono_string_new", 2, 0, USING_STRING|CODEC_UTF8, nullptr } \ + , { "mono_string_new_wrapper", 1, 0, USING_STRING|CODEC_UTF8, nullptr } + // , { "mono_string_new_len", 2, 3, USING_STRING | CODEC_UTF8, nullptr } \ + // , { "mono_string_new_utf16", 2, 3, CODEC_UTF16, nullptr } \ +// EOF +#else + +#define MONO_FUNCTIONS_INITIALIZER \ + { "mono_string_to_utf8", 0, 0, USING_STRING|CODEC_UTF16|NO_CONTEXT, SpecialHookMonoString } \ + , { "mono_string_to_utf16", 0, 0, USING_STRING|CODEC_UTF16|NO_CONTEXT, SpecialHookMonoString } +#endif \ No newline at end of file diff --git a/LunaHook/engines/mono/monoobject.h b/LunaHook/engines/mono/monoobject.h new file mode 100644 index 0000000..5d424c6 --- /dev/null +++ b/LunaHook/engines/mono/monoobject.h @@ -0,0 +1,64 @@ +#ifndef MONOOBJECT_H +#define MONOOBJECT_H + +// monoobject.h +// 12/26/2014 jichi +// https://github.com/mono/mono/blob/master/mono/metadata/object.h +// https://github.com/mono/mono/blob/master/mono/metadata/object-internals.h +// https://github.com/mono/mono/blob/master/mono/util/mono-publib.h + +#include + +#define MONO_ZERO_LEN_ARRAY 1 + +// mono/io-layer/uglify.h +//typedef int8_t gint8; +//typedef int32_t gint32; +//typedef wchar_t gunichar2; // either char or wchar_t, depending on how mono is compiled + +typedef int32_t mono_bool; +typedef uint8_t mono_byte; +typedef uint16_t mono_unichar2; +typedef uint32_t mono_unichar4; + +// mono/metadata/object.h + +typedef mono_bool MonoBoolean; + +struct MonoArray; +struct MonoDelegate; +struct MonoDomain; +struct MonoException; +struct MonoString; +struct MonoThreadsSync; +struct MonoThread; +struct MonoVTable; + +struct MonoObject { + MonoVTable *vtable; + MonoThreadsSync *synchronisation; +}; + +struct MonoString { + MonoObject object; + int32_t length; + mono_unichar2 chars[MONO_ZERO_LEN_ARRAY]; +}; +#define MONO_TOKEN_TYPE_DEF 0x02000000 +#define MONO_TABLE_TYPEDEF 0x2 +typedef void (*mono_assembly_foreach_callback_t)(uintptr_t, void*); +typedef void (*mono_assembly_foreach_t)(mono_assembly_foreach_callback_t, uintptr_t); +typedef uintptr_t(*mono_assembly_get_image_t)(uintptr_t); +typedef char* (*mono_image_get_name_t)(uintptr_t); +typedef uintptr_t(*mono_class_from_name_t)(uintptr_t, char*, char*); +typedef uintptr_t(*mono_class_get_property_from_name_t)(uintptr_t, char*); +typedef uintptr_t(*mono_property_get_set_method_t)(uintptr_t); +typedef uint64_t* (*mono_compile_method_t)(uintptr_t); +typedef MonoDomain*(*mono_get_root_domain_t)(); +typedef void (*mono_thread_attach_t)(MonoDomain*); +typedef void* (*mono_class_get_t)(void* image, uint32_t type_token); +typedef int (*mono_table_info_get_rows_t)(void*); +typedef void*(*mono_image_get_table_info_t)(void*,uint32_t); +typedef char*(*mono_class_get_name_t)(void*); +typedef void* (*mono_class_get_method_from_name_t)(void *klass, const char *name, int param_count); +#endif // MONOOBJECT_H diff --git a/LunaHook/engines/mono/monotype.h b/LunaHook/engines/mono/monotype.h new file mode 100644 index 0000000..df3d6af --- /dev/null +++ b/LunaHook/engines/mono/monotype.h @@ -0,0 +1,17 @@ +#ifndef MONOTYPE_H +#define MONOTYPE_H + +// monotype.h +// 12/26/2014 jichi +// https://github.com/mono/mono/blob/master/mono/metadata/object.h + +#include "mono/monoobject.h" + +// Function typedefs +typedef MonoDomain *(* mono_object_get_domain_fun_t)(MonoObject *obj); + +typedef MonoString *(* mono_string_new_utf16_fun_t)(MonoDomain *domain, const mono_unichar2 *text, int32_t len); + +typedef char * (* mono_string_to_utf8_fun_t)(MonoString *string_obj); + +#endif // MONOTYPE_H diff --git a/LunaHook/engines/mono/types.h b/LunaHook/engines/mono/types.h new file mode 100644 index 0000000..7f7d9b7 --- /dev/null +++ b/LunaHook/engines/mono/types.h @@ -0,0 +1,41 @@ +#pragma once + +// mono/types.h +// 12/26/2014 +// https://github.com/mono/mono/blob/master/mono/metadata/object.h +// http://api.xamarin.com/index.aspx?link=xhtml%3Adeploy%2Fmono-api-string.html + +#include + +// mono/io-layer/uglify.h +typedef int8_t gint8; +typedef int32_t gint32; +typedef wchar_t gunichar2; // either char or wchar_t, depending on how mono is compiled + +typedef gint8 mono_byte; +typedef gunichar2 mono_unichar2; + +// mono/metadata/object.h + +typedef mono_byte MonoBoolean; + +struct MonoArray; +struct MonoDelegate; +struct MonoException; +struct MonoString; +struct MonoThreadsSync; +struct MonoThread; +struct MonoVTable; + +struct MonoObject { + MonoVTable *vtable; + MonoThreadsSync *synchronisation; +}; + +struct MonoString { + MonoObject object; + gint32 length; + gunichar2 chars[0]; +}; + +// EOF diff --git a/LunaHook/engines/pchooks/pchooks.cpp b/LunaHook/engines/pchooks/pchooks.cpp new file mode 100644 index 0000000..da73707 --- /dev/null +++ b/LunaHook/engines/pchooks/pchooks.cpp @@ -0,0 +1,317 @@ +// pchooks.cc +// 8/1/2014 jichi + +#include "pchooks.h" +#include "main.h" +//#include + + +// 8/1/2014 jichi: Split is not used. +// Although split is specified, USING_SPLIT is not assigned. + +// Use LPASTE to convert to wchar_t +// http://bytes.com/topic/c/answers/135834-defining-wide-character-strings-macros +//#define LPASTE(s) L##s +//#define L(s) LPASTE(s) +#define NEW_HOOK(_dll, _fun, _data, _data_ind, _split_off, _split_ind, _type, _len_off) \ + { \ + HookParam hp; \ + wcsncpy_s(hp.module, _dll, MAX_MODULE_SIZE - 1); \ + strncpy_s(hp.function, #_fun, MAX_MODULE_SIZE - 1); \ + hp.offset = _data; \ + hp.index = _data_ind; \ + hp.split = _split_off; \ + hp.split_index = _split_ind; \ + hp.type = _type | MODULE_OFFSET | FUNCTION_OFFSET; \ + hp.length_offset = _len_off; \ + NewHook(hp, #_fun); \ + } + +#define NEW_MODULE_HOOK(_module, _fun, _data, _data_ind, _split_off, _split_ind, _type, _len_off) \ + { \ + HookParam hp; \ + wchar_t path[MAX_PATH]; \ + if (GetModuleFileNameW(_module, path, MAX_PATH)) \ + wcsncpy_s(hp.module, wcsrchr(path, L'\\') + 1, MAX_MODULE_SIZE - 1); \ + strncpy_s(hp.function, #_fun, MAX_MODULE_SIZE - 1); \ + hp.offset = _data; \ + hp.index = _data_ind; \ + hp.split = _split_off; \ + hp.split_index = _split_ind; \ + hp.type = _type | MODULE_OFFSET | FUNCTION_OFFSET; \ + hp.length_offset = _len_off; \ + NewHook(hp, #_fun); \ + } + +#ifndef _WIN64 +enum args { + s_retaddr = 0 + , s_arg1 = 4 * 1 // 0x4 + , s_arg2 = 4 * 2 // 0x8 + , s_arg3 = 4 * 3 // 0xc + , s_arg4 = 4 * 4 // 0x10 + , s_arg5 = 4 * 5 // 0x14 + , s_arg6 = 4 * 6 // 0x18 + , s_arg7 = 4 * 7 +}; +#else // _WIN32 +enum args { + s_retaddr = 0x0, + s_arg1 = -0x20, + s_arg2 = -0x28, + s_arg3 = -0x50, + s_arg4 = -0x58, + s_arg5 = 0x8, + s_arg6 = 0x10, + s_arg7 = 0x18 +}; +#endif // _WIN64 + +constexpr short arg_sz = (short)sizeof(void*); + +// jichi 7/17/2014: Renamed from InitDefaultHook +void PcHooks::hookGDIFunctions() +{ + // int TextHook::InitHook(LPVOID addr, DWORD data, DWORD data_ind, DWORD split_off, DWORD split_ind, WORD type, DWORD len_off) + // + // jichi 9/8/2013: Guessed meaning + // - data(off): 4 * the n-th (base 1) parameter representing the data of the string + // - len_off: + // - the n-th (base 1) parameter representing the length of the string + // - or 1 if is char + // - or 0 if detect on run time + // - type: USING_STRING if len_off != 1 else CODEC_ANSI_BE or CODEC_UTF16 + // + // Examples: + // int WINAPI lstrlenA(LPCSTR lpString) + // - data: 4 * 1 = 4, as lpString is the first + // - len_off: 0, as no parameter representing string length + // - type: CODEC_ANSI_BE, since len_off == 1 + // BOOL GetTextExtentPoint32(HDC hdc, LPCTSTR lpString, int c, LPSIZE lpSize); + // - data: 4 * 2 = 0x8, as lpString is the second + // - len_off: 3, as nCount is the 3rd parameter + // - type: USING_STRING, since len_off != 1 + // + // Note: All functions does not have NO_CONTEXT attribute and will be filtered. + + +//#define _(Name, ...) \ +// hookman[HF_##Name].InitHook(Name, __VA_ARGS__); \ +// hookman[HF_##Name].SetHookName(names[HF_##Name]); + + // Always use s_arg1 = hDC as split_off + // 7/26/2014 jichi: Why there is no USING_SPLIT type? + + // gdi32.dll + NEW_HOOK(L"gdi32.dll", GetTextExtentPoint32A, s_arg2, 0,s_arg1,0, USING_STRING, s_arg3 / arg_sz) // BOOL GetTextExtentPoint32(HDC hdc, LPCTSTR lpString, int c, LPSIZE lpSize); + NEW_HOOK(L"gdi32.dll", GetTextExtentExPointA, s_arg2, 0,s_arg1,0, USING_STRING, s_arg3 / arg_sz) // BOOL GetTextExtentExPoint(HDC hdc, LPCTSTR lpszStr, int cchString, int nMaxExtent, LPINT lpnFit, LPINT alpDx, LPSIZE lpSize); + NEW_HOOK(L"gdi32.dll", GetCharacterPlacementA, s_arg2, 0,s_arg1,0, USING_STRING, s_arg3 / arg_sz) // DWORD GetCharacterPlacement(HDC hdc, LPCTSTR lpString, int nCount, int nMaxExtent, LPGCP_RESULTS lpResults, DWORD dwFlags); + NEW_HOOK(L"gdi32.dll", GetGlyphIndicesA, s_arg2, 0,s_arg1,0, USING_STRING, s_arg3 / arg_sz) // DWORD GetGlyphIndices( HDC hdc, LPCTSTR lpstr, int c, LPWORD pgi, DWORD fl); + NEW_HOOK(L"gdi32.dll", GetGlyphOutlineA, s_arg2, 0,s_arg1,0, CODEC_ANSI_BE, 0) // DWORD GetGlyphOutline(HDC hdc, UINT uChar, UINT uFormat, LPGLYPHMETRICS lpgm, DWORD cbBuffer, LPVOID lpvBuffer, const MAT2 *lpmat2); + NEW_HOOK(L"gdi32.dll", ExtTextOutA, s_arg6, 0,s_arg1,0, USING_STRING, s_arg7 / arg_sz) // BOOL ExtTextOut(HDC hdc, int X, int Y, UINT fuOptions, const RECT *lprc, LPCTSTR lpString, UINT cbCount, const INT *lpDx); + NEW_HOOK(L"gdi32.dll", TextOutA, s_arg4, 0,s_arg1,0, USING_STRING, s_arg5 / arg_sz) // BOOL TextOut(HDC hdc, int nXStart, int nYStart, LPCTSTR lpString, int cchString); + NEW_HOOK(L"gdi32.dll", GetCharABCWidthsA, s_arg2, 0,s_arg1,0, CODEC_ANSI_BE, 0) // BOOL GetCharABCWidths(HDC hdc, UINT uFirstChar, UINT uLastChar, LPABC lpabc); + NEW_HOOK(L"gdi32.dll", GetCharABCWidthsFloatA, s_arg2, 0,s_arg1,0, CODEC_ANSI_BE, 0) // BOOL GetCharABCWidthsFloat(HDC hdc, UINT iFirstChar, UINT iLastChar, LPABCFLOAT lpABCF); + NEW_HOOK(L"gdi32.dll", GetCharWidth32A, s_arg2, 0,s_arg1,0, CODEC_ANSI_BE, 0) // BOOL GetCharWidth32(HDC hdc, UINT iFirstChar, UINT iLastChar, LPINT lpBuffer); + NEW_HOOK(L"gdi32.dll", GetCharWidthFloatA, s_arg2, 0,s_arg1,0, CODEC_ANSI_BE, 0) // BOOL GetCharWidthFloat(HDC hdc, UINT iFirstChar, UINT iLastChar, PFLOAT pxBuffer); + + NEW_HOOK(L"gdi32.dll", GetTextExtentPoint32W, s_arg2, 0,s_arg1,0, CODEC_UTF16|USING_STRING, s_arg3 / arg_sz) + NEW_HOOK(L"gdi32.dll", GetTextExtentExPointW, s_arg2, 0,s_arg1,0, CODEC_UTF16|USING_STRING, s_arg3 / arg_sz) + NEW_HOOK(L"gdi32.dll", GetCharacterPlacementW, s_arg2, 0,s_arg1,0, CODEC_UTF16|USING_STRING, s_arg3 / arg_sz) + NEW_HOOK(L"gdi32.dll", GetGlyphIndicesW, s_arg2, 0,s_arg1,0, CODEC_UTF16|USING_STRING, s_arg3 / arg_sz) + NEW_HOOK(L"gdi32.dll", GetGlyphOutlineW, s_arg2, 0,s_arg1,0, CODEC_UTF16, 0) + //ExtTextOutW全是乱码,没卵用 + //NEW_HOOK(L"gdi32.dll", ExtTextOutW, s_arg6, 0,s_arg1,0, CODEC_UTF16|USING_STRING, s_arg7 / arg_sz) + NEW_HOOK(L"gdi32.dll", TextOutW, s_arg4, 0,s_arg1,0, CODEC_UTF16|USING_STRING, s_arg5 / arg_sz) + NEW_HOOK(L"gdi32.dll", GetCharABCWidthsW, s_arg2, 0,s_arg1,0, CODEC_UTF16, 0) + NEW_HOOK(L"gdi32.dll", GetCharABCWidthsFloatW, s_arg2, 0,s_arg1,0, CODEC_UTF16, 0) + NEW_HOOK(L"gdi32.dll", GetCharWidth32W, s_arg2, 0,s_arg1,0, CODEC_UTF16, 0) + NEW_HOOK(L"gdi32.dll", GetCharWidthFloatW, s_arg2, 0,s_arg1,0, CODEC_UTF16, 0) + + // user32.dll + NEW_HOOK(L"user32.dll", DrawTextA, s_arg2, 0,s_arg1,0, USING_STRING, s_arg3 / arg_sz) // int DrawText(HDC hDC, LPCTSTR lpchText, int nCount, LPRECT lpRect, UINT uFormat); + NEW_HOOK(L"user32.dll", DrawTextExA, s_arg2, 0,s_arg1,0, USING_STRING, s_arg3 / arg_sz) // int DrawTextEx(HDC hdc, LPTSTR lpchText,int cchText, LPRECT lprc, UINT dwDTFormat, LPDRAWTEXTPARAMS lpDTParams);NEW_HOOK(L"gdi32.dll", GetTabbedTextExtentA, s_arg2, 0,s_arg1,0, USING_STRING, s_arg3 / arg_sz) // DWORD GetTabbedTextExtent(HDC hDC, LPCTSTR lpString, int nCount, int nTabPositions, const LPINT lpnTabStopPositions); + NEW_HOOK(L"user32.dll", TabbedTextOutA, s_arg4, 0, s_arg1, 0, USING_STRING, s_arg5 / arg_sz) // LONG TabbedTextOut(HDC hDC, int X, int Y, LPCTSTR lpString, int nCount, int nTabPositions, const LPINT lpnTabStopPositions, int nTabOrigin); + NEW_HOOK(L"user32.dll", GetTabbedTextExtentA, s_arg2, 0, s_arg1, 0, USING_STRING, s_arg3 / arg_sz) // DWORD GetTabbedTextExtent(HDC hDC, LPCTSTR lpString, int nCount, int nTabPositions, const LPINT lpnTabStopPositions); + + NEW_HOOK(L"user32.dll", DrawTextW, s_arg2, 0,s_arg1,0, CODEC_UTF16|USING_STRING, s_arg3 / arg_sz) + NEW_HOOK(L"user32.dll", DrawTextExW, s_arg2, 0,s_arg1,0, CODEC_UTF16|USING_STRING, s_arg3 / arg_sz) + NEW_HOOK(L"user32.dll", TabbedTextOutW, s_arg4, 0, s_arg1, 0, CODEC_UTF16|USING_STRING, s_arg5 / arg_sz) + NEW_HOOK(L"user32.dll", GetTabbedTextExtentW, s_arg2, 0, s_arg1, 0, CODEC_UTF16|USING_STRING, s_arg3 / arg_sz) +} + +// jichi 6/18/2015: GDI+ functions +void PcHooks::hookGDIPlusFunctions() +{ + HMODULE hModule = ::GetModuleHandleA("gdiplus.dll"); + if (!hModule) return; + + // gdiplus.dll + // https://msdn.microsoft.com/en-us/library/windows/desktop/ms534053%28v=vs.85%29.aspx + // https://msdn.microsoft.com/en-us/library/windows/desktop/ms534052%28v=vs.85%29.aspx + // https://msdn.microsoft.com/en-us/library/windows/desktop/ms534039%28v=vs.85%29.aspx + // Use arg1 pionter to GpGraphics as split + //using namespace Gdiplus::DllExports; + // Use arg5 style as split + NEW_MODULE_HOOK(hModule, GdipAddPathString, s_arg2, 0,s_arg5,0, CODEC_UTF16|USING_STRING, s_arg3 / arg_sz) // GpStatus WINGDIPAPI GdipAddPathString(GpPath *path, GDIPCONST WCHAR *string, INT length, GDIPCONST GpFontFamily *family, INT style, REAL emSize, GDIPCONST RectF *layoutRect, GDIPCONST GpStringFormat *format) + NEW_MODULE_HOOK(hModule, GdipAddPathStringI, s_arg2, 0,s_arg5,0, CODEC_UTF16|USING_STRING, s_arg3 / arg_sz) // GpStatus WINGDIPAPI GdipAddPathStringI(GpPath *path, GDIPCONST WCHAR *string, INT length, GDIPCONST GpFontFamily *family, INT style, REAL emSize, GDIPCONST Rect *layoutRect, GDIPCONST GpStringFormat *format) + NEW_MODULE_HOOK(hModule, GdipMeasureCharacterRanges, s_arg2, 0,s_arg1,0, CODEC_UTF16|USING_STRING, s_arg3 / arg_sz) // GpStatus WINGDIPAPI GdipMeasureCharacterRanges(GpGraphics *graphics, GDIPCONST WCHAR *string, INT length, GDIPCONST GpFont *font, GDIPCONST RectF &layoutRect, GDIPCONST GpStringFormat *stringFormat, INT regionCount, GpRegion **regions) + NEW_MODULE_HOOK(hModule, GdipDrawString, s_arg2, 0,s_arg1,0, CODEC_UTF16|USING_STRING, s_arg3 / arg_sz) // GpStatus WINGDIPAPI GdipDrawString(GpGraphics *graphics, GDIPCONST WCHAR *string, INT length, GDIPCONST GpFont *font, GDIPCONST RectF *layoutRect, GDIPCONST GpStringFormat *stringFormat, GDIPCONST GpBrush *brush); + NEW_MODULE_HOOK(hModule, GdipMeasureString, s_arg2, 0,s_arg1,0, CODEC_UTF16|USING_STRING, s_arg3 / arg_sz) // GpStatus WINGDIPAPI GdipMeasureString(GpGraphics *graphics, GDIPCONST WCHAR *string, INT length, GDIPCONST GpFont *font, GDIPCONST RectF *layoutRect, GDIPCONST GpStringFormat *stringFormat, RectF *boundingBox, INT *codepointsFitted, INT *linesFilled ) + NEW_MODULE_HOOK(hModule, GdipDrawDriverString, s_arg1, 0,s_arg3,0, CODEC_UTF16|USING_STRING, s_arg2 / arg_sz) + NEW_MODULE_HOOK(hModule, GdipMeasureDriverString, s_arg1, 0,s_arg3,0, CODEC_UTF16|USING_STRING, s_arg2 / arg_sz) +} + + +bool PcHooks::hookD3DXFunctions(HMODULE d3dxModule) +{ + if (GetProcAddress(d3dxModule, "D3DXCreateTextA")) + { + NEW_MODULE_HOOK(d3dxModule, D3DXCreateTextA, s_arg3, 0, 0, 0, USING_STRING, 0) + NEW_MODULE_HOOK(d3dxModule, D3DXCreateTextW, s_arg3, 0, 0, 0, USING_STRING|CODEC_UTF16, 0) + } + + // Second call in D3DX(10)CreateFontIndirect is D3DXFont constructor, which sets up the vtable + // Call it to set up the vtable then extract the function addresses from that vtable + uintptr_t createFont = (uintptr_t)GetProcAddress(d3dxModule, "D3DXCreateFontIndirectA"); + if (!createFont) createFont = (uintptr_t)GetProcAddress(d3dxModule, "D3DX10CreateFontIndirectA"); + if (!createFont) { + ConsoleOutput("D3DX failed: couldn't find entry function"); + return false; + } + + struct D3DXFont + { + uintptr_t(*vtable)[20]; + DWORD data[2000]; + } font; + for (int i = 0, calls = 0; i < 100; ++i) + { + if (*(BYTE*)(createFont + i) == 0xe8) ++calls; + if (calls == 2) + { + union + { + void(D3DXFont::*ctor)(); + uintptr_t addr; + } fuckTheTypeSystem; + fuckTheTypeSystem.addr = *(DWORD*)(createFont + i + 1) + createFont + i + 5; + (font.*(fuckTheTypeSystem.ctor))(); + + HookParam hp; + hp.address = (*font.vtable)[14]; + hp.offset = s_arg3; + hp.length_offset = s_arg4 / arg_sz; + hp.type = USING_STRING; + auto suc=NewHook(hp, "ID3DXFont::DrawTextA"); + hp.address = (*font.vtable)[15]; + hp.type = USING_STRING | CODEC_UTF16; + suc|=NewHook(hp, "ID3DXFont::DrawTextW"); + return suc; + } + } + ConsoleOutput("D3DX failed: couldn't find vtable"); + return false; +} + +// jichi 10/2/2013 +// Note: All functions does not have NO_CONTEXT attribute and will be filtered. +void PcHooks::hookOtherPcFunctions() +{ + // int TextHook::InitHook(LPVOID addr, DWORD data, DWORD data_ind, DWORD split_off, DWORD split_ind, WORD type, DWORD len_off) + + // http://msdn.microsoft.com/en-us/library/78zh94ax.aspx + // int WINAPI lstrlen(LPCTSTR lpString); + // Lstr functions usually extracts rubbish, and might crash certain games like 「Magical Marriage Lunatics!!」 + // Needed by Gift + // Use arg1 address for both split and data + NEW_HOOK(L"kernel32.dll", lstrlenA, s_arg1, 0,s_arg1,0, USING_STRING, 0) // 9/8/2013 jichi: int WINAPI lstrlen(LPCTSTR lpString); + NEW_HOOK(L"kernel32.dll", lstrcpyA, s_arg2, 0,0,0, USING_STRING, 0) + NEW_HOOK(L"kernel32.dll", lstrcpynA, s_arg2, 0,0,0, USING_STRING, 0) + + NEW_HOOK(L"kernel32.dll", lstrlenW, s_arg1, 0,s_arg1,0, CODEC_UTF16|USING_STRING, 0) // 9/8/2013 jichi: add lstrlen + NEW_HOOK(L"kernel32.dll", lstrcpyW, s_arg2, 0,0,0, CODEC_UTF16|USING_STRING, 0) + NEW_HOOK(L"kernel32.dll", lstrcpynW, s_arg2, 0,0,0, CODEC_UTF16|USING_STRING, 0) + + // size_t strlen(const char *str); + // size_t strlen_l(const char *str, _locale_t locale); + // size_t wcslen(const wchar_t *str); + // size_t wcslen_l(const wchar_t *str, _locale_t locale); + // size_t _mbslen(const unsigned char *str); + // size_t _mbslen_l(const unsigned char *str, _locale_t locale); + // size_t _mbstrlen(const char *str); + // size_t _mbstrlen_l(const char *str, _locale_t locale); + + // http://msdn.microsoft.com/en-us/library/ex0hs2ad.aspx + // Needed by 娘姉妹 + // + // + // char *_strinc(const char *current, _locale_t locale); + // wchar_t *_wcsinc(const wchar_t *current, _locale_t locale); + // + // unsigned char *_mbsinc(const unsigned char *current); + // unsigned char *_mbsinc_l(const unsigned char *current, _locale_t locale); + //_(L"_strinc", _strinc, 4, 0,4,0, USING_STRING, 0) // 12/13/2013 jichi + //_(L"_wcsinc", _wcsinc, 4, 0,4,0, CODEC_UTF16|USING_STRING, 0) + + // 12/1/2013 jichi: + // AlterEgo + // http://tieba.baidu.com/p/2736475133 + // http://www.hongfire.com/forum/showthread.php/36807-AGTH-text-extraction-tool-for-games-translation/page355 + // + // MultiByteToWideChar + // http://blgames.proboards.com/thread/265 + // + // WideCharToMultiByte + // http://www.hongfire.com/forum/showthread.php/36807-AGTH-text-extraction-tool-for-games-translation/page156 + // + // int MultiByteToWideChar( + // _In_ UINT CodePage, + // _In_ DWORD dwFlags, + // _In_ LPCSTR lpMultiByteStr, // hook here + // _In_ int cbMultiByte, + // _Out_opt_ LPWSTR lpWideCharStr, + // _In_ int cchWideChar + // ); + // int WideCharToMultiByte( + // _In_ UINT CodePage, + // _In_ DWORD dwFlags, + // _In_ LPCWSTR lpWideCharStr, + // _In_ int cchWideChar, + // _Out_opt_ LPSTR lpMultiByteStr, + // _In_ int cbMultiByte, + // _In_opt_ LPCSTR lpDefaultChar, + // _Out_opt_ LPBOOL lpUsedDefaultChar + // ); + + // 2/29/2020 Artikash: TODO: Sort out what to do for string comparison functions + // http://sakuradite.com/topic/159 + NEW_HOOK(L"kernel32.dll", MultiByteToWideChar, s_arg3, 0,4,0, USING_STRING, s_arg4 / arg_sz) + NEW_HOOK(L"kernel32.dll", WideCharToMultiByte, s_arg3, 0,4,0, CODEC_UTF16|USING_STRING, s_arg4 / arg_sz) + + NEW_HOOK(L"kernel32.dll", GetStringTypeA, s_arg3, 0, 0, 0, USING_STRING, s_arg4 / arg_sz) + NEW_HOOK(L"kernel32.dll", GetStringTypeExA, s_arg3, 0, 0, 0, USING_STRING, s_arg4 / arg_sz) + NEW_HOOK(L"kernel32.dll", FoldStringA, s_arg2, 0, 0, 0, USING_STRING, s_arg3 / arg_sz) + NEW_HOOK(L"kernel32.dll", GetStringTypeW, s_arg2, 0, 0, 0, CODEC_UTF16|USING_STRING, s_arg3 / arg_sz) + NEW_HOOK(L"kernel32.dll", GetStringTypeExW, s_arg3, 0, 0, 0, CODEC_UTF16|USING_STRING, s_arg4 / arg_sz) + NEW_HOOK(L"kernel32.dll", FoldStringW, s_arg2, 0, 0, 0, CODEC_UTF16|USING_STRING, s_arg3 / arg_sz) + + NEW_HOOK(L"user32.dll", CharNextA, s_arg1, 0,0,0, DATA_INDIRECT, 0) // LPTSTR WINAPI CharNext(_In_ LPCTSTR lpsz); + NEW_HOOK(L"user32.dll", CharNextW, s_arg1, 0,0,0, CODEC_UTF16|DATA_INDIRECT, 0) + NEW_HOOK(L"user32.dll", CharPrevA, s_arg1, 0,0,0, DATA_INDIRECT, 0) // LPTSTR WINAPI CharPrev(_In_ LPCTSTR lpszStart, _In_ LPCTSTR lpszCurrent); + NEW_HOOK(L"user32.dll", CharPrevW, s_arg1, 0,0,0, CODEC_UTF16|DATA_INDIRECT, 0) + NEW_HOOK(L"user32.dll", CharNextExA, s_arg2, 0,0,0, DATA_INDIRECT, 0) // LPSTR WINAPI CharNextExA(_In_ WORD CodePage, _In_ LPCSTR lpCurrentChar, _In_ DWORD dwFlags); + NEW_HOOK(L"user32.dll", CharPrevExA, s_arg2, 0,0,0, CODEC_UTF16|DATA_INDIRECT, 0) + + //トキノ戦華 + NEW_HOOK(L"user32.dll", wvsprintfA, s_arg2, 0,0,0, USING_STRING, 0) + NEW_HOOK(L"user32.dll", wvsprintfW, s_arg2, 0,0,0, CODEC_UTF16|USING_STRING, 0) + + if (HMODULE module = GetModuleHandleW(L"OLEAUT32.dll")) + { + NEW_MODULE_HOOK(module, SysAllocString, s_arg1, 0, 0, 0, CODEC_UTF16|USING_STRING, 0) + NEW_MODULE_HOOK(module, SysAllocStringLen, s_arg1, 0, 0, 0, CODEC_UTF16|USING_STRING|KNOWN_UNSTABLE, s_arg2 / arg_sz) + } +} + +// EOF diff --git a/LunaHook/engines/pchooks/pchooks.h b/LunaHook/engines/pchooks/pchooks.h new file mode 100644 index 0000000..8a66d6f --- /dev/null +++ b/LunaHook/engines/pchooks/pchooks.h @@ -0,0 +1,17 @@ +#pragma once + +// pchooks.h +// 8/1/2014 jichi + +#include + +namespace PcHooks { + +void hookGDIFunctions(); +void hookGDIPlusFunctions(); +bool hookD3DXFunctions(HMODULE d3dxModule); +void hookOtherPcFunctions(); + +} // namespace PcHooks + +// EOF diff --git a/LunaHook/engines/ppsspp/funcinfo.h b/LunaHook/engines/ppsspp/funcinfo.h new file mode 100644 index 0000000..d074163 --- /dev/null +++ b/LunaHook/engines/ppsspp/funcinfo.h @@ -0,0 +1,105 @@ +#pragma once + +// ppsspp/funcinfo.h +// 12/26/2014 +// See: https://github.com/hrydgard/ppsspp + +// Core/HLE (High Level Emulator) +// - sceCcc +// #void sceCccSetTable(u32 jis2ucs, u32 ucs2jis) +// int sceCccUTF8toUTF16(u32 dstAddr, u32 dstSize, u32 srcAddr) +// int sceCccUTF8toSJIS(u32 dstAddr, u32 dstSize, u32 srcAddr) +// int sceCccUTF16toUTF8(u32 dstAddr, u32 dstSize, u32 srcAddr) +// int sceCccUTF16toSJIS(u32 dstAddr, u32 dstSize, u32 srcAddr) +// int sceCccSJIStoUTF8(u32 dstAddr, u32 dstSize, u32 srcAddr) +// int sceCccSJIStoUTF16(u32 dstAddr, u32 dstSize, u32 srcAddr) +// int sceCccStrlenUTF8(u32 strAddr) +// int sceCccStrlenUTF16(u32 strAddr) +// int sceCccStrlenSJIS(u32 strAddr) +// u32 sceCccEncodeUTF8(u32 dstAddrAddr, u32 ucs) +// void sceCccEncodeUTF16(u32 dstAddrAddr, u32 ucs) +// u32 sceCccEncodeSJIS(u32 dstAddrAddr, u32 jis) +// u32 sceCccDecodeUTF8(u32 dstAddrAddr) +// u32 sceCccDecodeUTF16(u32 dstAddrAddr) +// u32 sceCccDecodeSJIS(u32 dstAddrAddr) +// int sceCccIsValidUTF8(u32 c) +// int sceCccIsValidUTF16(u32 c) +// int sceCccIsValidSJIS(u32 c) +// int sceCccIsValidUCS2(u32 c) +// int sceCccIsValidUCS4(u32 c) +// int sceCccIsValidJIS(u32 c) +// int sceCccIsValidUnicode(u32 c) +// #u32 sceCccSetErrorCharUTF8(u32 c) +// #u32 sceCccSetErrorCharUTF16(u32 c) +// #u32 sceCccSetErrorCharSJIS(u32 c) +// u32 sceCccUCStoJIS(u32 c, u32 alt) +// u32 sceCccJIStoUCS(u32 c, u32 alt) +// - sceFont: search charCode +// int sceFontGetCharInfo(u32 fontHandle, u32 charCode, u32 charInfoPtr) +// int sceFontGetShadowInfo(u32 fontHandle, u32 charCode, u32 charInfoPtr) +// int sceFontGetCharImageRect(u32 fontHandle, u32 charCode, u32 charRectPtr) +// int sceFontGetShadowImageRect(u32 fontHandle, u32 charCode, u32 charRectPtr) +// int sceFontGetCharGlyphImage(u32 fontHandle, u32 charCode, u32 glyphImagePtr) +// int sceFontGetCharGlyphImage_Clip(u32 fontHandle, u32 charCode, u32 glyphImagePtr, int clipXPos, int clipYPos, int clipWidth, int clipHeight) +// #int sceFontSetAltCharacterCode(u32 fontLibHandle, u32 charCode) +// int sceFontGetShadowGlyphImage(u32 fontHandle, u32 charCode, u32 glyphImagePtr) +// int sceFontGetShadowGlyphImage_Clip(u32 fontHandle, u32 charCode, u32 glyphImagePtr, int clipXPos, int clipYPos, int clipWidth, int clipHeight) +// - sceKernelInterrupt +// u32 sysclib_strcat(u32 dst, u32 src) +// int sysclib_strcmp(u32 dst, u32 src) +// u32 sysclib_strcpy(u32 dst, u32 src) +// u32 sysclib_strlen(u32 src) +// +// Sample debug string: +// 006EFD8E PUSH PPSSPPWi.00832188 ASCII "sceCccEncodeSJIS(%08x, U+%04x)" +// Corresponding source code in sceCcc: +// ERROR_LOG(HLE, "sceCccEncodeSJIS(%08x, U+%04x): invalid pointer", dstAddrAddr, jis); + +struct PPSSPPFunction +{ + const char *hookName; // hook name + size_t argIndex; // argument index + unsigned long hookType; // hook parameter type + unsigned long hookSplit; // hook parameter split, positive: stack, negative: registers + const char *pattern; // debug string used within the function +}; + +// jichi 7/14/2014: UTF-8 is treated as STRING +// http://867258173.diandian.com/post/2014-06-26/40062099618 +// sceFontGetCharGlyphImage_Clip +// Sample game: [KID] Monochrome: sceFontGetCharInfo, sceFontGetCharGlyphImage_Clip +// +// Example: { L"sceFontGetCharInfo", 2, CODEC_UTF16, 4, "sceFontGetCharInfo(" } +// Text is at arg2, using arg1 as split +#define PPSSPP_FUNCTIONS_INITIALIZER \ + { "sceCccStrlenSJIS", 1, USING_STRING, 0, "sceCccStrlenSJIS(" } \ + , { "sceCccStrlenUTF8", 1, CODEC_UTF8, 0, "sceCccStrlenUTF8(" } \ + , { "sceCccStrlenUTF16", 1, CODEC_UTF16, 0, "sceCccStrlenUTF16(" } \ +\ + , { "sceCccSJIStoUTF8", 3, CODEC_UTF8, 0, "sceCccSJIStoUTF8(" } \ + , { "sceCccSJIStoUTF16", 3, USING_STRING, 0, "sceCccSJIStoUTF16(" } \ + , { "sceCccUTF8toSJIS", 3, CODEC_UTF8, 0, "sceCccUTF8toSJIS(" } \ + , { "sceCccUTF8toUTF16", 3, CODEC_UTF8, 0, "sceCccUTF8toUTF16(" } \ + , { "sceCccUTF16toSJIS", 3, CODEC_UTF16, 0, "sceCccUTF16toSJIS(" } \ + , { "sceCccUTF16toUTF8", 3, CODEC_UTF16, 0, "sceCccUTF16toUTF8(" } \ +\ + , { "sceFontGetCharInfo", 2, CODEC_UTF16, 4, "sceFontGetCharInfo(" } \ + , { "sceFontGetShadowInfo", 2, CODEC_UTF16, 4, "sceFontGetShadowInfo("} \ + , { "sceFontGetCharImageRect", 2, CODEC_UTF16, 4, "sceFontGetCharImageRect(" } \ + , { "sceFontGetShadowImageRect", 2, CODEC_UTF16, 4, "sceFontGetShadowImageRect(" } \ + , { "sceFontGetCharGlyphImage", 2, CODEC_UTF16, 4, "sceFontGetCharGlyphImage(" } \ + , { "sceFontGetCharGlyphImage_Clip", 2, CODEC_UTF16, 4, "sceFontGetCharGlyphImage_Clip(" } \ + , { "sceFontGetShadowGlyphImage", 2, CODEC_UTF16, 4, "sceFontGetShadowGlyphImage(" } \ + , { "sceFontGetShadowGlyphImage_Clip", 2, CODEC_UTF16, 4, "sceFontGetShadowGlyphImage_Clip(" } \ +\ + , { "sysclib_strcat", 2, USING_STRING, 0, "Untested sysclib_strcat(" } \ + , { "sysclib_strcpy", 2, USING_STRING, 0, "Untested sysclib_strcpy(" } \ + , { "sysclib_strlen", 1, USING_STRING, 0, "Untested sysclib_strlen(" } + + // Disabled as I am not sure how to deal with the source string + //, { "sceCccEncodeSJIS", 2, USING_STRING, 0, "sceCccEncodeSJIS(" } + //, { "sceCccEncodeUTF8", 2, CODEC_UTF8, 0, "sceCccEncodeUTF8(" } + //, { "sceCccEncodeUTF16", 2, CODEC_UTF16, 0, "sceCccEncodeUTF16(" } + //, { "sysclib_strcmp", 2, USING_STRING, 0, "Untested sysclib_strcmp(" } + +// EOF diff --git a/LunaHook/engines/ppsspp/psputils.hpp b/LunaHook/engines/ppsspp/psputils.hpp new file mode 100644 index 0000000..59db375 --- /dev/null +++ b/LunaHook/engines/ppsspp/psputils.hpp @@ -0,0 +1,42 @@ +#ifndef __LUNA_PSPUILTS_H +#define __LUNA_PSPUILTS_H + +namespace{ +int PPSSPP_VERSION[4] = { 0, 9, 8, 0 }; // 0.9.8 by default + +enum : DWORD { + PPSSPP_MEMORY_SEARCH_STEP_98 = 0x01000000 + , PPSSPP_MEMORY_SEARCH_STEP_99 = 0x00050000 + //, step = 0x1000 // step must be at least 0x1000 (offset in SearchPattern) + //, step = 0x00010000 // crash otoboku PSP on 0.9.9 since 5pb is wrongly inserted +}; + + + +ULONG SafeMatchBytesInPSPMemory(LPCVOID pattern, DWORD patternSize, DWORD start = MemDbg::MappedMemoryStartAddress, DWORD stop = MemDbg::MemoryStopAddress) +{ + + ULONG step = PPSSPP_VERSION[1] == 9 && PPSSPP_VERSION[2] == 8 ? PPSSPP_MEMORY_SEARCH_STEP_98 : PPSSPP_MEMORY_SEARCH_STEP_99; + return _SafeMatchBytesInMappedMemory(pattern, patternSize, XX, start, stop, step); +} + + + + +ULONG SafeMatchBytesInPS2Memory(LPCVOID pattern, DWORD patternSize) +{ + // PCSX2 memory range + // ds: begin from 0x20000000 + // cs: begin from 0x30000000 + enum : ULONG { + //start = MemDbg::MappedMemoryStartAddress // 0x01000000 + start = 0x30000000 // larger than PSP to skip the garbage memory + , stop = 0x40000000 // larger than PSP as PS2 has larger memory + , step = 0x00010000 // smaller than PPS + //, step = 0x00050000 // the same as PPS + //, step = 0x1000 // step must be at least 0x1000 (offset in SearchPattern) + }; + return _SafeMatchBytesInMappedMemory(pattern, patternSize, XX, start, stop, step); +} +} +#endif \ No newline at end of file diff --git a/LunaHook/engines/python/python.h b/LunaHook/engines/python/python.h new file mode 100644 index 0000000..c431d2d --- /dev/null +++ b/LunaHook/engines/python/python.h @@ -0,0 +1,4 @@ + + +bool InsertRenpy3Hook(); +bool InsertRenpyHook(); \ No newline at end of file diff --git a/LunaHook/engines/python/python2.cpp b/LunaHook/engines/python/python2.cpp new file mode 100644 index 0000000..6072343 --- /dev/null +++ b/LunaHook/engines/python/python2.cpp @@ -0,0 +1,136 @@ +#include"types.h" +#include"main.h" +namespace { + typedef wchar_t Py_UNICODE ; + typedef size_t Py_ssize_t; + typedef void PyObject ; + typedef PyObject* (*PyUnicode_FromObject_t)( PyObject *obj ); + #ifdef Py_TRACE_REFS + /* Define pointers to support a doubly-linked list of all live heap objects. */ + #define _PyObject_HEAD_EXTRA \ + struct _object *_ob_next; \ + struct _object *_ob_prev; + + #define _PyObject_EXTRA_INIT 0, 0, + + #else + #define _PyObject_HEAD_EXTRA + #define _PyObject_EXTRA_INIT + #endif + #define PyObject_HEAD \ + _PyObject_HEAD_EXTRA \ + Py_ssize_t ob_refcnt; \ + struct _typeobject *ob_type; + typedef struct { + PyObject_HEAD + Py_ssize_t length; /* Length of raw Unicode data in buffer */ + Py_UNICODE *str; /* Raw Unicode buffer */ + long hash; /* Hash value; -1 if not set */ + PyObject *defenc; /* (Default) Encoded version as Python + string, or NULL; this is used for + implementing the buffer protocol */ + } PyUnicodeObject; + #define PyUnicode_AS_UNICODE(op) \ + (((PyUnicodeObject *)(op))->str) + #define PyUnicode_GET_SIZE(op) \ + (((PyUnicodeObject *)(op))->length) + + PyUnicode_FromObject_t PyUnicode_FromObject; + + inline std::pair GetPyUnicodeString(PyObject *object){ + if(PyUnicode_FromObject==NULL) + return {}; + if (object == NULL) + return {}; + + auto uformat = PyUnicode_FromObject(object); + + if (uformat == NULL){ + return {}; + } + + auto fmt = PyUnicode_AS_UNICODE(uformat); + auto fmtcnt = PyUnicode_GET_SIZE(uformat); + return {fmt,fmtcnt}; + } +} + +bool InsertRenpyHook(){ + wchar_t python[] = L"python2X.dll", libpython[] = L"libpython2.X.dll"; + for (wchar_t* name : { python, libpython }) + { + wchar_t* pos = wcschr(name, L'X'); + for (int pythonMinorVersion = 0; pythonMinorVersion <= 8; ++pythonMinorVersion) + { + *pos = L'0' + pythonMinorVersion; + if (HMODULE module = GetModuleHandleW(name)) + { + PyUnicode_FromObject=(PyUnicode_FromObject_t)GetProcAddress(module, "PyUnicodeUCS2_FromObject"); + auto f1=[=](){ + HookParam hp; + hp.address = (uintptr_t)GetProcAddress(module, "PyUnicodeUCS2_Format"); + if (!hp.address) return false; + + hp.text_fun = [](hook_stack* stack, HookParam* hp, uintptr_t* data, uintptr_t* split, size_t* len) + { + #ifndef _WIN64 + auto format=(PyObject *)stack->stack[1]; + #else + auto format=(PyObject *)stack->rcx; + #endif + auto [strptr,strlen]=GetPyUnicodeString(format); + *data=(uintptr_t)strptr; + *len=0; + + if(wcschr(strptr, L'%') == nullptr) + *len=sizeof(wchar_t)*strlen; + + }; + hp.type = USING_STRING | CODEC_UTF16 | NO_CONTEXT; + return NewHook(hp, "Ren'py"); + }(); + + #ifndef _WIN64 + auto f2=[=](){ + HookParam hp; + hp.address = (uintptr_t)GetProcAddress(module, "PyUnicodeUCS2_Concat"); + if (!hp.address) return false; + hp.text_fun = [](hook_stack* stack, HookParam* hp, uintptr_t* data, uintptr_t* split, size_t* len) + { + auto left=(PyObject *)stack->stack[1]; + auto right=(PyObject *)stack->stack[2]; + + auto [strptr,strlen]=GetPyUnicodeString(right); + *data=(uintptr_t)strptr; + *len=sizeof(wchar_t)*strlen; + }; + hp.filter_fun = [](void* data, size_t* len, HookParam* hp) + { + auto str=std::wstring(reinterpret_cast(data),*len/2); + auto filterpath={ + L".rpy",L".rpa",L".py",L".pyc",L".txt", + L".png",L".jpg",L".bmp", + L".mp3",L".ogg", + L".webm",L".mp4", + L".otf",L".ttf" + }; + for(auto _ :filterpath) + if(str.find(_)!=str.npos) + return false; + return true; + }; + hp.type = USING_STRING | CODEC_UTF16; + //hp.filter_fun = [](void* str, auto, auto, auto) { return *(wchar_t*)str != L'%'; }; + return NewHook(hp, "Ren'py"); + }(); + #else + auto f2=false; + #endif + return f1||f2; + } + } + } + ConsoleOutput("Ren'py failed: failed to find python2X.dll"); + return false; +} + \ No newline at end of file diff --git a/LunaHook/engines/python/python3.cpp b/LunaHook/engines/python/python3.cpp new file mode 100644 index 0000000..5700b7e --- /dev/null +++ b/LunaHook/engines/python/python3.cpp @@ -0,0 +1,195 @@ +#include"types.h" +#include"main.h" +namespace { + #ifdef Py_TRACE_REFS +/* Define pointers to support a doubly-linked list of all live heap objects. */ +#define _PyObject_HEAD_EXTRA \ + struct _object *_ob_next; \ + struct _object *_ob_prev; + +#define _PyObject_EXTRA_INIT 0, 0, + +#else +#define _PyObject_HEAD_EXTRA +#define _PyObject_EXTRA_INIT +#endif + typedef size_t Py_ssize_t; + typedef struct _object { + _PyObject_HEAD_EXTRA + Py_ssize_t ob_refcnt; + struct _typeobject *ob_type; + } PyObject; +#define PyObject_HEAD PyObject ob_base; +typedef Py_ssize_t Py_hash_t; +typedef struct { + PyObject_HEAD + Py_ssize_t length; /* Number of code points in the string */ + Py_hash_t hash; /* Hash value; -1 if not set */ + struct { + unsigned int interned:2; + unsigned int kind:3; + unsigned int compact:1; + unsigned int ascii:1; + unsigned int ready:1; + unsigned int :24; + } state; + wchar_t *wstr; /* wchar_t representation (null-terminated) */ +} PyASCIIObject; +typedef struct { + PyASCIIObject _base; + Py_ssize_t utf8_length; /* Number of bytes in utf8, excluding the + * terminating \0. */ + char *utf8; /* UTF-8 representation (null-terminated) */ + Py_ssize_t wstr_length; /* Number of code points in wstr, possible + * surrogates count as two code points. */ +} PyCompactUnicodeObject; +/* Return one of the PyUnicode_*_KIND values defined above. */ +#define PyUnicode_KIND(op) \ + (assert(PyUnicode_Check(op)), \ + assert(PyUnicode_IS_READY(op)), \ + ((PyASCIIObject *)(op))->state.kind) + +typedef uint32_t Py_UCS4; +typedef uint16_t Py_UCS2; +typedef uint8_t Py_UCS1; +typedef struct { + PyCompactUnicodeObject _base; + union { + void *any; + Py_UCS1 *latin1; + Py_UCS2 *ucs2; + Py_UCS4 *ucs4; + } data; /* Canonical, smallest-form Unicode buffer */ +} PyUnicodeObject; +#define PyUnicode_IS_COMPACT(op) \ + (((PyASCIIObject*)(op))->state.compact) +#define PyUnicode_IS_ASCII(op) \ + (assert(PyUnicode_Check(op)), \ + assert(PyUnicode_IS_READY(op)), \ + ((PyASCIIObject*)op)->state.ascii) +#define _PyUnicode_COMPACT_DATA(op) \ + (PyUnicode_IS_ASCII(op) ? \ + ((void*)((PyASCIIObject*)(op) + 1)) : \ + ((void*)((PyCompactUnicodeObject*)(op) + 1))) + +#define _PyUnicode_NONCOMPACT_DATA(op) \ + (assert(((PyUnicodeObject*)(op))->data.any), \ + ((((PyUnicodeObject *)(op))->data.any))) + +#define PyUnicode_DATA(op) \ + (assert(PyUnicode_Check(op)), \ + PyUnicode_IS_COMPACT(op) ? _PyUnicode_COMPACT_DATA(op) : \ + _PyUnicode_NONCOMPACT_DATA(op)) +#define PyUnicode_GET_LENGTH(op) \ + (assert(PyUnicode_Check(op)), \ + assert(PyUnicode_IS_READY(op)), \ + ((PyASCIIObject *)(op))->length) +enum PyUnicode_Kind { +/* String contains only wstr byte characters. This is only possible + when the string was created with a legacy API and _PyUnicode_Ready() + has not been called yet. */ + PyUnicode_WCHAR_KIND = 0, +/* Return values of the PyUnicode_KIND() macro: */ + PyUnicode_1BYTE_KIND = 1, + PyUnicode_2BYTE_KIND = 2, + PyUnicode_4BYTE_KIND = 4 +}; +#define PyUnicode_READ(kind, data, index) \ + ((Py_UCS4) \ + ((kind) == PyUnicode_1BYTE_KIND ? \ + ((const Py_UCS1 *)(data))[(index)] : \ + ((kind) == PyUnicode_2BYTE_KIND ? \ + ((const Py_UCS2 *)(data))[(index)] : \ + ((const Py_UCS4 *)(data))[(index)] \ + ) \ + )) + + +} + #ifdef _WIN64 + +bool InsertRenpy3Hook() +{ + wchar_t pythonf[] = L"python3%d.dll", libpython[] = L"libpython3.%d.dll"; + wchar_t python[64] = { 0 }; + for (wchar_t* pythonff : { python, libpython }) + { + for (int pythonMinorVersion = 0; pythonMinorVersion <= 20; ++pythonMinorVersion) + { + wsprintf(python, pythonff, pythonMinorVersion); + if (HMODULE module = GetModuleHandleW(python)) + { + auto succ=false; + uintptr_t addr = (uintptr_t)GetProcAddress(module, "PyUnicode_Format"); + if (addr) { + HookParam hp; + hp.address = addr; + hp.text_fun = [](hook_stack* stack, HookParam* hp, uintptr_t* data, uintptr_t* split, size_t* len) + { + auto format=(PyObject *)stack->rcx; + if (format == NULL ) + return ; + + auto fmtstr=format; + auto fmtdata = PyUnicode_DATA(fmtstr); + auto fmtkind = PyUnicode_KIND(fmtstr); + auto fmtcnt = PyUnicode_GET_LENGTH(fmtstr); + + for(auto i=0;itype=CODEC_UTF16|USING_STRING|NO_CONTEXT; + *len=fmtcnt*sizeof(Py_UCS2); + break; + case PyUnicode_1BYTE_KIND: + hp->type=CODEC_UTF8|USING_STRING|NO_CONTEXT; + *len=fmtcnt*sizeof(Py_UCS1); + break; + case PyUnicode_4BYTE_KIND://Py_UCS4,utf32 + hp->type=CODEC_UTF32|USING_STRING|NO_CONTEXT; + *len=fmtcnt*sizeof(Py_UCS4); + } + }; + succ|=NewHook(hp, "python3"); + } +#if 0 + addr = (uintptr_t)GetProcAddress(module, "PyUnicode_FromWideChar"); + if (addr) { + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::rcx); + hp.type = USING_STRING | CODEC_UTF16 | NO_CONTEXT; + succ|=NewHook(hp, "python3"); + } + addr = (uintptr_t)GetProcAddress(module, "PyUnicode_FromFormatV"); //ansi + if (addr) { + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::rcx); + hp.type = USING_STRING | NO_CONTEXT; + succ|=NewHook(hp, "python3"); + } + addr = (uintptr_t)GetProcAddress(module, "PyUnicode_FromFormat"); + if (addr) { + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::rcx); + hp.type = USING_STRING | NO_CONTEXT; + succ|=NewHook(hp, "python3"); + } +#endif + return succ; + } + } + } + return false; +} + +#endif \ No newline at end of file diff --git a/LunaHook/hijackfuns.cc b/LunaHook/hijackfuns.cc new file mode 100644 index 0000000..a92eccd --- /dev/null +++ b/LunaHook/hijackfuns.cc @@ -0,0 +1,634 @@ +// hijackfuns.cc +// 6/3/2015 jichi +#include "hijackfuns.h" +#include"embed_util.h" +//#define DEBUG "hijackfuns" +#include"dyncodec/dynsjis.h" +//#include "sakurakit/skdebug.h" +#pragma intrinsic(_ReturnAddress) + +// Disable only for debugging purpose +//#define HIJACK_GDI_FONT +//#define HIJACK_GDI_TEXT + +#define DEF_FUN(_f) Hijack::_f##_fun_t Hijack::old##_f = ::_f; + DEF_FUN(CreateFontA) + DEF_FUN(CreateFontW) + DEF_FUN(CreateFontIndirectA) + DEF_FUN(CreateFontIndirectW) + DEF_FUN(GetGlyphOutlineA) + DEF_FUN(GetGlyphOutlineW) + DEF_FUN(GetTextExtentPoint32A) + DEF_FUN(GetTextExtentPoint32W) + DEF_FUN(GetTextExtentExPointA) + DEF_FUN(GetTextExtentExPointW) + DEF_FUN(GetCharABCWidthsA) + DEF_FUN(GetCharABCWidthsW) + DEF_FUN(TextOutA) + DEF_FUN(TextOutW) + DEF_FUN(ExtTextOutA) + DEF_FUN(ExtTextOutW) + DEF_FUN(DrawTextA) + DEF_FUN(DrawTextW) + DEF_FUN(DrawTextExA) + DEF_FUN(DrawTextExW) + DEF_FUN(CharNextA) + //DEF_FUN(CharNextW) + //DEF_FUN(CharNextExA) + //DEF_FUN(CharNextExW) + DEF_FUN(CharPrevA) + //DEF_FUN(CharPrevW) + DEF_FUN(MultiByteToWideChar) + DEF_FUN(WideCharToMultiByte) +#undef DEF_FUN + +/** Helper */ + +namespace { // unnamed +UINT8 systemCharSet(){ + enum CodePage { + NullCodePage = 0 + , Utf8CodePage = 65001 // UTF-8 + , Utf16CodePage = 1200 // UTF-16 + , SjisCodePage = 932 // SHIFT-JIS + , GbkCodePage = 936 // GB2312 + , KscCodePage = 949 // EUC-KR + , Big5CodePage = 950 // BIG5 + , TisCodePage = 874 // TIS-620 + , Koi8CodePage = 866 // KOI8-R +}; + auto systemCodePage = ::GetACP(); + switch (systemCodePage) { + case TisCodePage: return THAI_CHARSET; + case Koi8CodePage: return RUSSIAN_CHARSET; + case SjisCodePage: return SHIFTJIS_CHARSET; + case GbkCodePage: return GB2312_CHARSET; + case Big5CodePage: return CHINESEBIG5_CHARSET; + + case KscCodePage: return HANGUL_CHARSET; + case 1361: return JOHAB_CHARSET; // alternative Korean character set + + case 1250: return EASTEUROPE_CHARSET; + case 1251: return RUSSIAN_CHARSET; // cyrillic + case 1253: return GREEK_CHARSET; + case 1254: return TURKISH_CHARSET; + + case 862: return HEBREW_CHARSET; // obsolete + case 1255: return HEBREW_CHARSET; + + case 1256: return ARABIC_CHARSET; + case 1257: return BALTIC_CHARSET; + case 1258: return VIETNAMESE_CHARSET; + + //default: return DEFAULT_CHARSET; + default: return 0; + } +} +void customizeLogFontA(LOGFONTA *lplf) +{ + + if (embedsharedmem->fontCharSetEnabled) { + auto charSet = embedsharedmem->fontCharSet; + if (!charSet) + charSet = systemCharSet(); + if (charSet) + lplf->lfCharSet = charSet; + } + /* + if (s->fontWeight) + lplf->lfWeight = s->fontWeight; + if (s->isFontScaled()) { + lplf->lfWidth *= s->fontScale; + lplf->lfHeight *= s->fontScale; + } + */ +} + +void customizeLogFontW(LOGFONTW *lplf) +{ + customizeLogFontA((LOGFONTA *)lplf); + + std::wstring s=embedsharedmem->fontFamily; + if (! s.empty()) { + lplf->lfFaceName[s.size()] = 0; + //s->fontFamily.toWCharArray(lplf->lfFaceName); + memcpy(lplf->lfFaceName, s.c_str(), s.size()); + } +} + +// LogFont manager + +class LogFontManager +{ + typedef std::pair font_pair; + std::list fonts_; + + static bool eq(const LOGFONTW &x, const LOGFONTW&y); + +public: + HFONT get(const LOGFONTW &lf) const; + void add(HFONT hf, const LOGFONTW &lf); + void remove(HFONT hf); + void remove(const LOGFONTW &lf); +}; + +bool LogFontManager::eq(const LOGFONTW &x, const LOGFONTW &y) +{ // I assume there is no padding + return ::wcscmp(x.lfFaceName, y.lfFaceName) == 0 + && ::memcmp(&x, &y, sizeof(x) - sizeof(x.lfFaceName)) == 0; +} + +void LogFontManager::add(HFONT hf, const LOGFONTW &lf) +{ fonts_.push_back(std::make_pair(hf, lf)); } + +void LogFontManager::remove(HFONT hf) +{ + auto _=std::remove_if(fonts_.begin(), fonts_.end(), [&hf](const font_pair &it) { + return it.first == hf; + }); +} + +void LogFontManager::remove(const LOGFONTW &lf) +{ + auto _=std::remove_if(fonts_.begin(), fonts_.end(), [&lf](const font_pair &it) { + return eq(it.second, lf); + }); +} + +HFONT LogFontManager::get(const LOGFONTW &lf) const +{ + for each (const font_pair &it in fonts_) + if (eq(it.second, lf)) + return it.first; + return nullptr; +} + +// GDI font switcher + +class DCFontSwitcher +{ + static LogFontManager fonts_; + + HDC hdc_; + HFONT oldFont_, + newFont_; +std::wstring newfontname; +public: + explicit DCFontSwitcher(HDC hdc); // pass 0 to disable this class + ~DCFontSwitcher(); +}; + +LogFontManager DCFontSwitcher::fonts_; + +DCFontSwitcher::~DCFontSwitcher() +{ + // No idea why selecting old font will crash Mogeko Castle + //if (oldFont_ && oldFont_ != HGDI_ERROR) + // ::SelectObject(hdc_, oldFont_); + + // Never delete new font but cache them + // This could result in bad font after game is reset and deleted my font + //if (newFont_) + // ::DeleteObject(newFont_); +} +bool isFontCustomized(){ + return embedsharedmem->fontCharSetEnabled||wcslen(embedsharedmem->fontFamily); +} +DCFontSwitcher::DCFontSwitcher(HDC hdc) + : hdc_(hdc), oldFont_(nullptr), newFont_(nullptr),newfontname(L"") +{ + if (!hdc_) + return; + /* + auto p = HijackHelper::instance(); + if (!p) + return; + auto s = p->settings(); + if (!s->deviceContextFontEnabled || !s->isFontCustomized()) + return; +*/ + TEXTMETRICW tm; + if (!::GetTextMetricsW(hdc, &tm)) + return; + + LOGFONTW lf = {}; + lf.lfHeight = tm.tmHeight; + lf.lfWeight = tm.tmWeight; + lf.lfItalic = tm.tmItalic; + lf.lfUnderline = tm.tmUnderlined; + lf.lfStrikeOut = tm.tmStruckOut; + lf.lfCharSet = tm.tmCharSet; + lf.lfPitchAndFamily = tm.tmPitchAndFamily; + + customizeLogFontW(&lf); + + if (std::wstring(embedsharedmem->fontFamily).empty()) + ::GetTextFaceW(hdc_, LF_FACESIZE, lf.lfFaceName); + else{ + wcscpy(lf.lfFaceName,embedsharedmem->fontFamily); + } + newFont_ = fonts_.get(lf); + if ((!newFont_ )||(newfontname!=std::wstring(embedsharedmem->fontFamily))) { + newFont_ = Hijack::oldCreateFontIndirectW(&lf); + fonts_.add(newFont_, lf); + newfontname=std::wstring(embedsharedmem->fontFamily); + } + oldFont_ = (HFONT)SelectObject(hdc_, newFont_); + +} + +} // unnamed namespace + +/** Fonts */ + +// http://forums.codeguru.com/showthread.php?500522-Need-clarification-about-CreateFontIndirect +// The font creation functions will never fail +HFONT WINAPI Hijack::newCreateFontIndirectA(const LOGFONTA *lplf) +{ + + //DOUT("width:" << lplf->lfWidth << ", height:" << lplf->lfHeight << ", weight:" << lplf->lfWeight); + // if (auto p = HijackHelper::instance()) { + // auto s = p->settings(); + std::wstring fontFamily=embedsharedmem->fontFamily; + if (lplf && isFontCustomized()) { + union { + LOGFONTA a; + LOGFONTW w; + } lf = {*lplf}; // only initialize the first member of LOGFONTA + customizeLogFontA(&lf.a); + if (!fontFamily.empty()) { + if (all_ascii(fontFamily.c_str(),fontFamily.size())) + ::strcpy(lf.a.lfFaceName, WideStringToString(fontFamily,CP_ACP).c_str()); + else { + lf.w.lfFaceName[fontFamily.size()] = 0; + //s->fontFamily.toWCharArray(lf.w.lfFaceName); + memcpy(lf.w.lfFaceName, fontFamily.c_str(), fontFamily.size()); + return oldCreateFontIndirectW(&lf.w); + } + } + return oldCreateFontIndirectA(&lf.a); + } + //} + return oldCreateFontIndirectA(lplf); +} + +HFONT WINAPI Hijack::newCreateFontIndirectW(const LOGFONTW *lplf) +{ + + //DOUT("width:" << lplf->lfWidth << ", height:" << lplf->lfHeight << ", weight:" << lplf->lfWeight); + // if (auto p = HijackHelper::instance()) { + // auto s = p->settings(); + if (lplf && isFontCustomized()) { + LOGFONTW lf(*lplf); + customizeLogFontW(&lf); + return oldCreateFontIndirectW(&lf); + } + // } + return oldCreateFontIndirectW(lplf); +} + +#define CREATE_FONT_ARGS nHeight, nWidth, nEscapement, nOrientation, fnWeight, fdwItalic, fdwUnderline, fdwStrikeOut, fdwCharSet, fdwOutputPrecision, fdwClipPrecision, fdwQuality, fdwPitchAndFamily, lpszFace +HFONT WINAPI Hijack::newCreateFontA(int nHeight, int nWidth, int nEscapement, int nOrientation, int fnWeight, DWORD fdwItalic, DWORD fdwUnderline, DWORD fdwStrikeOut, DWORD fdwCharSet, DWORD fdwOutputPrecision, DWORD fdwClipPrecision, DWORD fdwQuality, DWORD fdwPitchAndFamily, LPCSTR lpszFace) +{ + + + + if ( isFontCustomized()) { + if (embedsharedmem->fontCharSetEnabled) { + auto charSet = embedsharedmem->fontCharSet; + if (!charSet) + charSet = systemCharSet(); + if (charSet) + fdwCharSet = charSet; + } + /* + if (s->fontWeight) + fnWeight = s->fontWeight; + if (s->isFontScaled()) { + nWidth *= s->fontScale; + nHeight *= s->fontScale; + } + */ + std::wstring fontFamily=embedsharedmem->fontFamily; + if (!fontFamily.empty()) { + if (all_ascii(fontFamily.c_str(),fontFamily.size())) { + lpszFace =WideStringToString(fontFamily,CP_ACP).c_str(); + return oldCreateFontA(CREATE_FONT_ARGS); + } else { + auto lpszFace = (LPCWSTR)fontFamily.c_str(); + return oldCreateFontW(CREATE_FONT_ARGS); + } + } + } + return oldCreateFontA(CREATE_FONT_ARGS); +} + +HFONT WINAPI Hijack::newCreateFontW(int nHeight, int nWidth, int nEscapement, int nOrientation, int fnWeight, DWORD fdwItalic, DWORD fdwUnderline, DWORD fdwStrikeOut, DWORD fdwCharSet, DWORD fdwOutputPrecision, DWORD fdwClipPrecision, DWORD fdwQuality, DWORD fdwPitchAndFamily, LPCWSTR lpszFace) +{ + + + if (isFontCustomized()) { + if (embedsharedmem->fontCharSetEnabled) { + auto charSet = embedsharedmem->fontCharSet; + if (!charSet) + charSet = systemCharSet(); + if (charSet) + fdwCharSet = charSet; + } + /* + if (s->fontWeight) + fnWeight = s->fontWeight; + if (s->isFontScaled()) { + nWidth *= s->fontScale; + nHeight *= s->fontScale; + }*/ + if (!std::wstring(embedsharedmem->fontFamily).empty()) + lpszFace = (LPCWSTR)embedsharedmem; + } + return oldCreateFontW(CREATE_FONT_ARGS); +} +#undef CREATE_FONT_ARGS + +/** Encoding */ + +LPSTR WINAPI Hijack::newCharNextA(LPCSTR lpString) +{ + + //if (::GetACP() == 932) + return const_cast(dynsjis::nextchar(lpString)); + //return oldCharNextA(lpString); +} + +LPSTR WINAPI Hijack::newCharPrevA(LPCSTR lpStart, LPCSTR lpCurrent) +{ + + //if (::GetACP() == 932) + return const_cast(dynsjis::prevchar(lpCurrent, lpStart)); + //return oldCharNextA(lpStart, lpCurrent); +} +extern DynamicShiftJISCodec *dynamiccodec ; +int WINAPI Hijack::newMultiByteToWideChar(UINT CodePage, DWORD dwFlags, LPCSTR lpMultiByteStr, int cbMultiByte, LPWSTR lpWideCharStr, int cchWideChar) +{ + // + /* if (auto p = HijackHelper::instance()) + if (p->settings()->localeEmulationEnabled) + if (CodePage == CP_THREAD_ACP || CodePage == CP_OEMCP) + CodePage = CP_ACP; + */ + if (CodePage == CP_THREAD_ACP || CodePage == CP_OEMCP) + CodePage = CP_ACP; + // CP_ACP(0), CP_MACCP(1), CP_OEMCP(2), CP_THREAD_ACP(3) + if ((CodePage <= 3 || CodePage == 932) && cchWideChar > 0 && cbMultiByte > 1) { + bool dynamic; + std::string data(lpMultiByteStr, cbMultiByte); + auto text = dynamiccodec->decode(data, &dynamic); + if (dynamic && !text.empty()) { + int size = min(text.size() + 1, cchWideChar); + ::memcpy(lpWideCharStr, text.c_str(), size * 2); + //lpWideCharStr[size - 1] = 0; // enforce trailing zero + return size - 1; + } + } + return oldMultiByteToWideChar(CodePage, dwFlags, lpMultiByteStr, cbMultiByte, lpWideCharStr, cchWideChar); +} + +int WINAPI Hijack::newWideCharToMultiByte(UINT CodePage, DWORD dwFlags, LPCWSTR lpWideCharStr, int cchWideChar, LPSTR lpMultiByteStr, int cbMultiByte, LPCSTR lpDefaultChar, LPBOOL lpUsedDefaultChar) +{ + // + if (CodePage == CP_THREAD_ACP || CodePage == CP_OEMCP) + CodePage = CP_ACP; + + if ((CodePage <= 3 || CodePage == 932) && cchWideChar > 0 && cbMultiByte >= 0) { + bool dynamic; + auto text = std::wstring(lpWideCharStr, cchWideChar); + auto data = dynamiccodec->encodeSTD(text, &dynamic); + if (dynamic && !data.empty()) { + + int size = data.size() + 1; + if (cbMultiByte && cbMultiByte < size) + size = cbMultiByte; + ::memcpy(lpMultiByteStr, data.c_str(), size); + //lpMultiByteStr[size - 1] = 0; // enforce trailing zero + return size - 1; + } + } + return oldWideCharToMultiByte(CodePage, dwFlags, lpWideCharStr, cchWideChar, lpMultiByteStr, cbMultiByte, lpDefaultChar, lpUsedDefaultChar); +} + +/** Text */ +UINT decodeChar(UINT ch, bool *dynamic) +{ + if (dynamic) + *dynamic = false; + if (ch > 0xff) { + bool t; + char data[3] = {(BYTE)(ch>>8)&0xff, (BYTE)ch&0xff, 0}; + auto text = dynamiccodec->decode(data, &t); + if (t && text.size() == 1) { + if (dynamic) + *dynamic= true; + return text[0] ; + } + } + return ch; +} +#define DECODE_CHAR(uChar, ...) \ +{ \ + if (uChar > 0xff) \ + if (1) { \ + bool dynamic; \ + UINT ch = decodeChar(uChar, &dynamic); \ + if (dynamic && ch) { \ + uChar = ch; \ + return (__VA_ARGS__); \ + } \ + } \ +} + +#define DECODE_TEXT(lpString, cchString, ...) \ +{ \ + if(cchString == -1 || cchString > 1) \ + if (1) { \ + bool dynamic; \ + auto data = std::string(lpString, cchString == -1 ? ::strlen(lpString) : cchString); \ + if (data.size() > 1) { \ + auto text = dynamiccodec->decode(data, &dynamic); \ + if (dynamic && !text.empty()) { \ + LPCWSTR lpString = (LPCWSTR)text.c_str(); \ + cchString = text.size(); \ + return (__VA_ARGS__); \ + } \ + } \ + } \ +} +#include +#define TRANSLATE_TEXT_A(lpString, cchString, ...) \ +{ \ + if (auto q = EngineController::instance()) { \ + auto data = std::string(lpString, cchString == -1 ? ::strlen(lpString) : cchString); \ + std::wstring oldText = q->decode(data); \ + if (!oldText.empty()) { \ + enum { role = Engine::OtherRole }; \ + ULONG split = (ULONG)_ReturnAddress(); \ + auto sig = Engine::hashThreadSignature(role, split); \ + auto newText = q->dispatchTextWSTD(oldText, role, sig); \ + if (newText != oldText) { \ + LPCWSTR lpString = (LPCWSTR)newText.c_str(); \ + cchString = newText.size(); \ + return (__VA_ARGS__); \ + } \ + } \ + } \ +} + +#define TRANSLATE_TEXT_W(lpString, cchString, ...) \ +{ \ + if (auto q = EngineController::instance()) { \ + auto text = std::wstring(lpString, cchString); \ + if (!text.empty()) { \ + enum { role = Engine::OtherRole }; \ + ULONG split = (ULONG)_ReturnAddress(); \ + auto sig = Engine::hashThreadSignature(role, split); \ + text = q->dispatchTextWSTD(text, role, sig); \ + LPCWSTR lpString = (LPCWSTR)text.c_str(); \ + cchString = text.size(); \ + return (__VA_ARGS__); \ + } \ + } \ +} + +DWORD WINAPI Hijack::newGetGlyphOutlineA(HDC hdc, UINT uChar, UINT uFormat, LPGLYPHMETRICS lpgm, DWORD cbBuffer, LPVOID lpvBuffer, const MAT2 *lpmat2) +{ + DCFontSwitcher fs(hdc); + + DECODE_CHAR(uChar, oldGetGlyphOutlineW(hdc, ch, uFormat, lpgm, cbBuffer, lpvBuffer, lpmat2)) + return oldGetGlyphOutlineA(hdc, uChar, uFormat, lpgm, cbBuffer, lpvBuffer, lpmat2); +} + +DWORD WINAPI Hijack::newGetGlyphOutlineW(HDC hdc, UINT uChar, UINT uFormat, LPGLYPHMETRICS lpgm, DWORD cbBuffer, LPVOID lpvBuffer, const MAT2 *lpmat2) +{ + + DCFontSwitcher fs(hdc); + return oldGetGlyphOutlineW(hdc, uChar, uFormat, lpgm, cbBuffer, lpvBuffer, lpmat2); +} + +BOOL WINAPI Hijack::newGetTextExtentPoint32A(HDC hdc, LPCSTR lpString, int cchString, LPSIZE lpSize) +{ + + + DCFontSwitcher fs(hdc); + //TRANSLATE_TEXT_A(lpString, cchString, oldGetTextExtentPoint32W(hdc, lpString, cchString, lpSize)) + DECODE_TEXT(lpString, cchString, oldGetTextExtentPoint32W(hdc, lpString, cchString, lpSize)) + return oldGetTextExtentPoint32A(hdc, lpString, cchString, lpSize); +} + +BOOL WINAPI Hijack::newGetTextExtentPoint32W(HDC hdc, LPCWSTR lpString, int cchString, LPSIZE lpSize) +{ + + DCFontSwitcher fs(hdc); + //TRANSLATE_TEXT_W(lpString, cchString, oldGetTextExtentPoint32W(hdc, lpString, cchString, lpSize)) + return oldGetTextExtentPoint32W(hdc, lpString, cchString, lpSize); +} + +BOOL WINAPI Hijack::newGetTextExtentExPointA(HDC hdc, LPCSTR lpString, int cchString, int nMaxExtent, LPINT lpnFit, LPINT alpDx, LPSIZE lpSize) +{ + + // DCFontSwitcher fs(hdc); + //TRANSLATE_TEXT_A(lpString, cchString, oldGetTextExtentExPointW(hdc, lpString, cchString, nMaxExtent, lpnFit, alpDx, lpSize)) + DECODE_TEXT(lpString, cchString, oldGetTextExtentExPointW(hdc, lpString, cchString, nMaxExtent, lpnFit, alpDx, lpSize)) + return oldGetTextExtentExPointA(hdc, lpString, cchString, nMaxExtent, lpnFit, alpDx, lpSize); +} + +BOOL WINAPI Hijack::newGetTextExtentExPointW(HDC hdc, LPCWSTR lpString, int cchString, int nMaxExtent, LPINT lpnFit, LPINT alpDx, LPSIZE lpSize) +{ + + DCFontSwitcher fs(hdc); + //TRANSLATE_TEXT_W(lpString, cchString, oldGetTextExtentExPointW(hdc, lpString, cchString, nMaxExtent, lpnFit, alpDx, lpSize)) + return oldGetTextExtentExPointW(hdc, lpString, cchString, nMaxExtent, lpnFit, alpDx, lpSize); +} + +int WINAPI Hijack::newDrawTextA(HDC hdc, LPCSTR lpString, int cchString, LPRECT lpRect, UINT uFormat) +{ + + DCFontSwitcher fs(hdc); + // if (HijackManager::instance()->isFunctionTranslated((uintptr_t)::DrawTextA)) + // TRANSLATE_TEXT_A(lpString, cchString, oldDrawTextW(hdc, lpString, cchString, lpRect, uFormat)) + // else + DECODE_TEXT(lpString, cchString, oldDrawTextW(hdc, lpString, cchString, lpRect, uFormat)) + return oldDrawTextA(hdc, lpString, cchString, lpRect, uFormat); +} + +int WINAPI Hijack::newDrawTextW(HDC hdc, LPCWSTR lpString, int cchString, LPRECT lpRect, UINT uFormat) +{ + + DCFontSwitcher fs(hdc); + // if (HijackManager::instance()->isFunctionTranslated((ULONG)::DrawTextW)) + // TRANSLATE_TEXT_W(lpString, cchString, oldDrawTextW(hdc, lpString, cchString, lpRect, uFormat)) + return oldDrawTextW(hdc, lpString, cchString, lpRect, uFormat); +} + +int WINAPI Hijack::newDrawTextExA(HDC hdc, LPSTR lpString, int cchString, LPRECT lpRect, UINT dwDTFormat, LPDRAWTEXTPARAMS lpDTParams) +{ + + DCFontSwitcher fs(hdc); + if (!(dwDTFormat & DT_MODIFYSTRING)) { + // if (HijackManager::instance()->isFunctionTranslated((uintptr_t)::DrawTextExA)) + // TRANSLATE_TEXT_A(lpString, cchString, oldDrawTextExW(hdc, const_cast(lpString), cchString, lpRect, dwDTFormat, lpDTParams)) + // else + DECODE_TEXT(lpString, cchString, oldDrawTextExW(hdc, const_cast(lpString), cchString, lpRect, dwDTFormat, lpDTParams)) + } + return oldDrawTextExA(hdc, lpString, cchString, lpRect, dwDTFormat, lpDTParams); +} + +int WINAPI Hijack::newDrawTextExW(HDC hdc, LPWSTR lpString, int cchString, LPRECT lpRect, UINT dwDTFormat, LPDRAWTEXTPARAMS lpDTParams) +{ + + DCFontSwitcher fs(hdc); + // if (!(dwDTFormat & DT_MODIFYSTRING) && HijackManager::instance()->isFunctionTranslated((ULONG)::DrawTextExW)) + // TRANSLATE_TEXT_W(lpString, cchString, oldDrawTextExW(hdc, const_cast(lpString), cchString, lpRect, dwDTFormat, lpDTParams)) + return oldDrawTextExW(hdc, lpString, cchString, lpRect, dwDTFormat, lpDTParams); +} + +BOOL WINAPI Hijack::newTextOutA(HDC hdc, int nXStart, int nYStart, LPCSTR lpString, int cchString) +{ + + DCFontSwitcher fs(hdc); + // if (HijackManager::instance()->isFunctionTranslated((uintptr_t)::TextOutA)) + // TRANSLATE_TEXT_A(lpString, cchString, oldTextOutW(hdc, nXStart, nYStart, lpString, cchString)) + // else + DECODE_TEXT(lpString, cchString, oldTextOutW(hdc, nXStart, nYStart, lpString, cchString)) + return oldTextOutA(hdc, nXStart, nYStart, lpString, cchString); +} + +BOOL WINAPI Hijack::newTextOutW(HDC hdc, int nXStart, int nYStart, LPCWSTR lpString, int cchString) +{ + + DCFontSwitcher fs(hdc); + // if (HijackManager::instance()->isFunctionTranslated((ULONG)::TextOutW)) + // TRANSLATE_TEXT_W(lpString, cchString, oldTextOutW(hdc, nXStart, nYStart, lpString, cchString)) + return oldTextOutW(hdc, nXStart, nYStart, lpString, cchString); +} + +BOOL WINAPI Hijack::newExtTextOutA(HDC hdc, int X, int Y, UINT fuOptions, const RECT *lprc, LPCSTR lpString, UINT cchString, const INT *lpDx) +{ + + DCFontSwitcher fs(hdc); + // if (HijackManager::instance()->isFunctionTranslated((uintptr_t)::ExtTextOutA)) + // TRANSLATE_TEXT_A(lpString, cchString, oldExtTextOutW(hdc, X, Y, fuOptions, lprc, lpString, cchString, lpDx)) + // else + DECODE_TEXT(lpString, cchString, oldExtTextOutW(hdc, X, Y, fuOptions, lprc, lpString, cchString, lpDx)) + return oldExtTextOutA(hdc, X, Y, fuOptions, lprc, lpString, cchString, lpDx); +} + +BOOL WINAPI Hijack::newExtTextOutW(HDC hdc, int X, int Y, UINT fuOptions, const RECT *lprc, LPCWSTR lpString, UINT cchString, const INT *lpDx) +{ + + DCFontSwitcher fs(hdc); + // if (HijackManager::instance()->isFunctionTranslated((ULONG)::ExtTextOutW)) + // TRANSLATE_TEXT_W(lpString, cchString, oldExtTextOutW(hdc, X, Y, fuOptions, lprc, lpString, cchString, lpDx)) + return oldExtTextOutW(hdc, X, Y, fuOptions, lprc, lpString, cchString, lpDx); +} + + + +// EOF diff --git a/LunaHook/hijackfuns.h b/LunaHook/hijackfuns.h new file mode 100644 index 0000000..1ac7945 --- /dev/null +++ b/LunaHook/hijackfuns.h @@ -0,0 +1,61 @@ +#pragma once + +// hijackfuns.h +// 6/3/2015 jichi + +#include + +namespace Hijack { + +#define DEF_FUN(_fun, _return, ...) \ + typedef _return (WINAPI *_fun##_fun_t)(__VA_ARGS__); \ + extern _fun##_fun_t old##_fun; \ + _return WINAPI new##_fun(__VA_ARGS__); + + DEF_FUN(MultiByteToWideChar, int, UINT CodePage, DWORD dwFlags, LPCSTR lpMultiByteStr, int cbMultiByte, LPWSTR lpWideCharStr, int cchWideChar) + DEF_FUN(WideCharToMultiByte, int, UINT CodePage, DWORD dwFlags, LPCWSTR lpWideCharStr, int cchWideChar, LPSTR lpMultiByteStr, int cbMultiByte, LPCSTR lpDefaultChar, LPBOOL lpUsedDefaultChar) + + DEF_FUN(CreateFontIndirectA, HFONT, const LOGFONTA *lplf) + DEF_FUN(CreateFontIndirectW, HFONT, const LOGFONTW *lplf) + + DEF_FUN(CreateFontA, HFONT, int nHeight, int nWidth, int nEscapement, int nOrientation, int fnWeight, DWORD fdwItalic, DWORD fdwUnderline, DWORD fdwStrikeOut, DWORD fdwCharSet, DWORD fdwOutputPrecision, DWORD fdwClipPrecision, DWORD fdwQuality, DWORD fdwPitchAndFamily, LPCSTR lpszFace) + DEF_FUN(CreateFontW, HFONT, int nHeight, int nWidth, int nEscapement, int nOrientation, int fnWeight, DWORD fdwItalic, DWORD fdwUnderline, DWORD fdwStrikeOut, DWORD fdwCharSet, DWORD fdwOutputPrecision, DWORD fdwClipPrecision, DWORD fdwQuality, DWORD fdwPitchAndFamily, LPCWSTR lpszFace) + + DEF_FUN(GetGlyphOutlineA, DWORD, HDC hdc, UINT uChar, UINT uFormat, LPGLYPHMETRICS lpgm, DWORD cbBuffer, LPVOID lpvBuffer, const MAT2 *lpmat2) + DEF_FUN(GetGlyphOutlineW, DWORD, HDC hdc, UINT uChar, UINT uFormat, LPGLYPHMETRICS lpgm, DWORD cbBuffer, LPVOID lpvBuffer, const MAT2 *lpmat2) + + DEF_FUN(GetTextExtentPoint32A, BOOL, HDC hdc, LPCSTR lpString, int cchString, LPSIZE lpSize) + DEF_FUN(GetTextExtentPoint32W, BOOL, HDC hdc, LPCWSTR lpString, int cchString, LPSIZE lpSize) + + DEF_FUN(GetTextExtentExPointA, BOOL, HDC hdc, LPCSTR lpszStr, int cchString, int nMaxExtent, LPINT lpnFit, LPINT alpDx, LPSIZE lpSize) + DEF_FUN(GetTextExtentExPointW, BOOL, HDC hdc, LPCWSTR lpszStr, int cchString, int nMaxExtent, LPINT lpnFit, LPINT alpDx, LPSIZE lpSize) + + DEF_FUN(GetCharABCWidthsA, BOOL, HDC hdc, UINT uFirstChar, UINT uLastChar, LPABC lpabc) + DEF_FUN(GetCharABCWidthsW, BOOL, HDC hdc, UINT uFirstChar, UINT uLastChar, LPABC lpabc) + + DEF_FUN(TextOutA, BOOL, HDC hdc, int nXStart, int nYStart, LPCSTR lpString, int cchString) + DEF_FUN(TextOutW, BOOL, HDC hdc, int nXStart, int nYStart, LPCWSTR lpString, int cchString) + + DEF_FUN(ExtTextOutA, BOOL, HDC hdc, int X, int Y, UINT fuOptions, const RECT *lprc, LPCSTR lpString, UINT cbCount, const INT *lpDx) + DEF_FUN(ExtTextOutW, BOOL, HDC hdc, int X, int Y, UINT fuOptions, const RECT *lprc, LPCWSTR lpString, UINT cbCount, const INT *lpDx) + + + DEF_FUN(DrawTextA, int, HDC hdc, LPCSTR lpString, int nCount, LPRECT lpRect, UINT uFormat) + DEF_FUN(DrawTextW, int, HDC hdc, LPCWSTR lpString, int nCount, LPRECT lpRect, UINT uFormat) + + DEF_FUN(DrawTextExA, int, HDC hdc, LPSTR lpString, int nCount, LPRECT lpRect, UINT dwDTFormat, LPDRAWTEXTPARAMS lpDTParams) + DEF_FUN(DrawTextExW, int, HDC hdc, LPWSTR lpString, int nCount, LPRECT lpRect, UINT dwDTFormat, LPDRAWTEXTPARAMS lpDTParams) + + DEF_FUN(CharNextA, LPSTR, LPCSTR lpString) + //DEF_FUN(CharNextW, LPWSTR, LPCWSTR lpString) + //DEF_FUN(CharNextExA, LPSTR, WORD COdePage, LPCSTR lpString, DWORD dwFlags) + //DEF_FUN(CharNextExW, LPWSTR, WORD COdePage, LPCWSTR lpString, DWORD dwFlags) + DEF_FUN(CharPrevA, LPSTR, LPCSTR lpStart, LPCSTR lpCurrent) + //DEF_FUN(CharNextW, LPWSTR, LPCWSTR lpStart, LPCWSTR lpCurrent) +#undef DEF_FUN + +// Global variables + +} // namespace Hijack + +// EOF diff --git a/LunaHook/hookfinder.cc b/LunaHook/hookfinder.cc new file mode 100644 index 0000000..8c20867 --- /dev/null +++ b/LunaHook/hookfinder.cc @@ -0,0 +1,340 @@ +#include "hookfinder.h" +#include "defs.h" +#include "main.h" +#include "util.h" +#include "MinHook.h" +#include"Lang/Lang.h" +namespace +{ + SearchParam sp; + + constexpr int MAX_STRING_SIZE = 500, CACHE_SIZE = 749993, GOOD_PAGE = -1; + struct HookRecord + { + uint64_t address = 0; + uintptr_t padding = 0; + int offset = 0; + char text[MAX_STRING_SIZE] = {}; + }; + std::unique_ptr records; + long recordsAvailable; + uint64_t signatureCache[CACHE_SIZE] = {}; + long sumCache[CACHE_SIZE] = {}; + uintptr_t pageCache[CACHE_SIZE] = {}; + +#ifndef _WIN64 + BYTE trampoline[] = + { + 0x9c, // pushfd + 0x60, // pushad + 0x68, 0,0,0,0, // push @addr ; after this a total of 0x28 bytes are pushed + 0x8d, 0x44, 0x24, 0x28, // lea eax,[esp+0x28] + 0x50, // push eax ; stack + 0xbb, 0,0,0,0, // mov ebx,@Send + 0xff, 0xd3, // call ebx + 0x83, 0xc4, 0x08, // add esp, 0x8 ; doesn't matter which register + 0x61, // popad + 0x9d, // popfd + 0x68, 0,0,0,0, // push @original + 0xc3 // ret ; basically absolute jmp to @original + }; + constexpr int addr_offset = 3, send_offset = 13, original_offset = 25, registers = 8; +#else + BYTE trampoline[] = { + 0x9c, // push rflags + 0x50, // push rax + 0x53, // push rbx + 0x51, // push rcx + 0x52, // push rdx + 0x54, // push rsp + 0x55, // push rbp + 0x56, // push rsi + 0x57, // push rdi + 0x41, 0x50, // push r8 + 0x41, 0x51, // push r9 + 0x41, 0x52, // push r10 + 0x41, 0x53, // push r11 + 0x41, 0x54, // push r12 + 0x41, 0x55, // push r13 + 0x41, 0x56, // push r14 + 0x41, 0x57, // push r15 + // https://docs.microsoft.com/en-us/cpp/build/x64-calling-convention + // https://stackoverflow.com/questions/43358429/save-value-of-xmm-registers + 0x48, 0x83, 0xec, 0x20, // sub rsp,0x20 + 0xf3, 0x0f, 0x7f, 0x24, 0x24, // movdqu [rsp],xmm4 + 0xf3, 0x0f, 0x7f, 0x6c, 0x24, 0x10, // movdqu [rsp+0x10],xmm5 + 0x48, 0x8d, 0x8c, 0x24, 0xa8, 0x00, 0x00, 0x00, // lea rcx,[rsp+0xa8] + 0x48, 0xba, 0,0,0,0,0,0,0,0, // mov rcx,@addr + 0x48, 0xb8, 0,0,0,0,0,0,0,0, // mov rax,@Send + 0x48, 0x89, 0xe3, // mov rbx,rsp + 0x48, 0x83, 0xe4, 0xf0, // and rsp,0xfffffffffffffff0 ; align stack + 0xff, 0xd0, // call rax + 0x48, 0x89, 0xdc, // mov rsp,rbx + 0xf3, 0x0f, 0x6f, 0x6c, 0x24, 0x10, // movdqu xmm5,XMMWORD PTR[rsp + 0x10] + 0xf3, 0x0f, 0x6f, 0x24, 0x24, // movdqu xmm4,XMMWORD PTR[rsp] + 0x48, 0x83, 0xc4, 0x20, // add rsp,0x20 + 0x41, 0x5f, // pop r15 + 0x41, 0x5e, // pop r14 + 0x41, 0x5d, // pop r13 + 0x41, 0x5c, // pop r12 + 0x41, 0x5b, // pop r11 + 0x41, 0x5a, // pop r10 + 0x41, 0x59, // pop r9 + 0x41, 0x58, // pop r8 + 0x5f, // pop rdi + 0x5e, // pop rsi + 0x5d, // pop rbp + 0x5c, // pop rsp + 0x5a, // pop rdx + 0x59, // pop rcx + 0x5b, // pop rbx + 0x58, // pop rax + 0x9d, // pop rflags + 0xff, 0x25, 0x00, 0x00, 0x00, 0x00, // jmp qword ptr [rip] + 0,0,0,0,0,0,0,0 // @original + }; + constexpr int addr_offset = 50, send_offset = 60, original_offset = 126, registers = 16; +#endif +} + +bool IsBadReadPtr(void* data) +{ + if (data > records.get() && data < records.get() + sp.maxRecords) return true; + uintptr_t BAD_PAGE = (uintptr_t)data >> 12; + auto& cacheEntry = pageCache[BAD_PAGE % CACHE_SIZE]; + if (cacheEntry == BAD_PAGE) return true; + if (cacheEntry == GOOD_PAGE) return false; + + __try + { + volatile char _ = *(char*)data; + cacheEntry = GOOD_PAGE; + } + __except (EXCEPTION_EXECUTE_HANDLER) + { + if (GetExceptionCode() == EXCEPTION_GUARD_PAGE) + { + MEMORY_BASIC_INFORMATION info; + VirtualQuery(data, &info, sizeof(info)); + VirtualProtect(data, 1, info.Protect | PAGE_GUARD, DUMMY); + } + cacheEntry = BAD_PAGE; + } + return cacheEntry == BAD_PAGE; +} + +void Send(char** stack, uintptr_t address) +{ + // it is unsafe to call ANY external functions from this, as they may have been hooked (if called the hook would call this function making an infinite loop) + // the exceptions are compiler intrinsics like _InterlockedDecrement + if (recordsAvailable <= 0) return; + for (int i = -registers; i < 10; ++i) for (auto padding : { uintptr_t{}, sp.padding }) + { + char* str = stack[i] + padding; + if (IsBadReadPtr(str) || IsBadReadPtr(str + MAX_STRING_SIZE)) continue; + __try + { + int length = 0, sum = 0; + for (; (str[length] || str[length + 1]) && length < MAX_STRING_SIZE; length += 2) sum += *(uint16_t*)(str + length); + if (length > STRING && length < MAX_STRING_SIZE - 1) + { + // many duplicate results with same address, offset, and third/fourth character will be found: filter them out + uint64_t signature = ((uint64_t)i << 56) | ((uint64_t)(str[2] + str[3]) << 48) | address; + if (signatureCache[signature % CACHE_SIZE] == signature) continue; + signatureCache[signature % CACHE_SIZE] = signature; + // if there are huge amount of strings that are the same, it's probably garbage: filter them out + // can't store all the strings, so use sum as heuristic instead + if (_InterlockedIncrement(sumCache + (sum % CACHE_SIZE)) > 25) continue; + long n = sp.maxRecords - _InterlockedDecrement(&recordsAvailable); + if (n < sp.maxRecords) + { + records[n].address = address; + records[n].padding = padding; + records[n].offset = i * sizeof(char*); + for (int j = 0; j < length; ++j) records[n].text[j] = str[j]; + records[n].text[length] = 0; + } + if (n == sp.maxRecords) + { + spDefault.maxRecords = sp.maxRecords * 2; + ConsoleOutput(OUT_OF_RECORDS_RETRY); + } + } + } + __except (EXCEPTION_EXECUTE_HANDLER) {} + } +} + +std::vector GetFunctions(uintptr_t module) +{ + if (!module) return {}; + IMAGE_DOS_HEADER* dosHeader = (IMAGE_DOS_HEADER*)module; + if (dosHeader->e_magic != IMAGE_DOS_SIGNATURE) return {}; + IMAGE_NT_HEADERS* ntHeader = (IMAGE_NT_HEADERS*)(module + dosHeader->e_lfanew); + if (ntHeader->Signature != IMAGE_NT_SIGNATURE) return {}; + DWORD exportAddress = ntHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress; + if (!exportAddress) return {}; + IMAGE_EXPORT_DIRECTORY* exportDirectory = (IMAGE_EXPORT_DIRECTORY*)(module + exportAddress); + std::vector functions; + for (int i = 0; i < exportDirectory->NumberOfNames; ++i) + //char* funcName = (char*)(module + *(DWORD*)(module + exportDirectory->AddressOfNames + i * sizeof(DWORD))); + functions.push_back(module + *(DWORD*)(module + exportDirectory->AddressOfFunctions + + sizeof(DWORD) * *(WORD*)(module + exportDirectory->AddressOfNameOrdinals + i * sizeof(WORD)))); + return functions; +} +void mergevector(std::vector &v1,std::vector &v2){ + for(auto addr:v2){ + auto it = std::find(v1.begin(), v1.end(), addr); + if (it == v1.end()) { + v1.push_back(addr); + } + } +} +void SearchForHooks(SearchParam spUser) +{ + std::thread([=] + { + static std::mutex m; + std::scoped_lock lock(m); + *(void**)(trampoline + send_offset) = Send; + + sp = spUser.length == 0 ? spDefault : spUser; + sp.codepage=spUser.codepage; + ConsoleOutput(HOOK_SEARCH_INITIALIZING, 0.); + do + try { records = std::make_unique(recordsAvailable = sp.maxRecords); } + catch (std::bad_alloc) { ConsoleOutput(SearchForHooks_ERROR, sp.maxRecords /= 2); } + while (!records && sp.maxRecords); + + std::vector addresses; + if (*sp.boundaryModule) { + auto [minaddr,maxaddr]=Util::QueryModuleLimits(GetModuleHandleW(sp.boundaryModule)); + if(sp.address_method==0){ + sp.minAddress=min(max(minaddr,sp.minAddress),maxaddr); + sp.maxAddress=max(min(maxaddr,sp.maxAddress),minaddr); + } + else if(sp.address_method==1){ + auto maxoff=maxaddr-minaddr; + sp.minAddress=minaddr+min(sp.minAddress,maxoff); + sp.maxAddress=minaddr+min(sp.maxAddress,maxoff); + } + //std::tie(sp.minAddress, sp.maxAddress) = Util::QueryModuleLimits(GetModuleHandleW(sp.boundaryModule)); + } + if (*sp.exportModule) addresses = GetFunctions((uintptr_t)GetModuleHandleW(sp.exportModule)); + if (*sp.boundaryModule){ + auto _addresses = GetFunctions((uintptr_t)GetModuleHandleW(sp.boundaryModule)); + mergevector(addresses,_addresses); + } + std::vector addresses1; + if(sp.search_method==0){ + for (auto& addr : addresses1 = Util::SearchMemory(sp.pattern, sp.length, PAGE_EXECUTE, sp.minAddress, sp.maxAddress)) + addr += sp.offset; + } + else if(sp.search_method==1){ + for(uintptr_t addr=sp.minAddress;addrfuncaddr){ + auto it = std::find(addresses1.begin(), addresses1.end(), funcaddr); + addresses1.push_back(funcaddr); + } + } + } + } + mergevector(addresses,addresses1); + + auto limits = Util::QueryModuleLimits(GetModuleHandleW(LUNA_HOOK_DLL)); + addresses.erase(std::remove_if(addresses.begin(), addresses.end(), [&](uint64_t addr) { return addr > limits.first && addr < limits.second; }), addresses.end()); + + auto trampolines = (decltype(trampoline)*)VirtualAlloc(NULL, sizeof(trampoline) * addresses.size(), MEM_COMMIT, PAGE_READWRITE); + VirtualProtect(trampolines, addresses.size() * sizeof(trampoline), PAGE_EXECUTE_READWRITE, DUMMY); + std::vectormherroridx; + for (int i = 0; i < addresses.size(); ++i) + { + void* original; + //避免MH_RemoveHook时移除原本已有hook + if(MH_CreateHook((void*)addresses[i], trampolines[i], &original)!=MH_OK){ + mherroridx.push_back(i); + } + MH_QueueEnableHook((void*)addresses[i]); + memcpy(trampolines[i], trampoline, sizeof(trampoline)); + *(uintptr_t*)(trampolines[i] + addr_offset) = addresses[i]; + *(void**)(trampolines[i] + original_offset) = original; + if (i % 2500 == 0) ConsoleOutput(HOOK_SEARCH_INITIALIZING, 1 + 98. * i / addresses.size()); + } + //避免MH_RemoveHook时移除原本已有hook + for(int i=0;i addresses, HookParamType type) + { + for (auto addr : addresses) + { + if (abs((long long)(utf8Text - addr)) < 20000) continue; // don't add read code if text is on this thread's stack + found = true; + HookParam hp; + hp.type = DIRECT_READ | type; + hp.address = addr; + hp.codepage = codepage; + NewHook(hp, "Search"); + } + }; + GenerateHooks(Util::SearchMemory(utf8Text, strlen(utf8Text), PAGE_READWRITE), CODEC_UTF8); + if(codepage!=CP_UTF8) + GenerateHooks(Util::SearchMemory(codepageText, strlen(codepageText), PAGE_READWRITE), USING_STRING); + GenerateHooks(Util::SearchMemory(text, wcslen(text) * sizeof(wchar_t), PAGE_READWRITE), CODEC_UTF16); + if (!found) ConsoleOutput(COULD_NOT_FIND); +} diff --git a/LunaHook/hookfinder.h b/LunaHook/hookfinder.h new file mode 100644 index 0000000..17f36f5 --- /dev/null +++ b/LunaHook/hookfinder.h @@ -0,0 +1,6 @@ +#pragma once + +#include "types.h" + +void SearchForText(wchar_t* text, UINT codepage); +void SearchForHooks(SearchParam sp); diff --git a/LunaHook/main.cc b/LunaHook/main.cc new file mode 100644 index 0000000..852b50f --- /dev/null +++ b/LunaHook/main.cc @@ -0,0 +1,211 @@ +// main.cc +// 8/24/2013 jichi +// Branch: LUNA_HOOK_DLL/main.cpp, rev 128 +// 8/24/2013 TODO: Clean up this file + +#include "main.h" +#include "defs.h" +#include "texthook.h" +#include "hookfinder.h" +#include "util.h" +#include "MinHook.h" +#include"hookcode.h" +#include"Lang/Lang.h" +void Hijack(); +void detachall(); +HMODULE hLUNAHOOKDLL; +WinMutex viewMutex; +EmbedSharedMem *embedsharedmem; +namespace +{ + AutoHandle<> hookPipe = INVALID_HANDLE_VALUE, + mappedFile = INVALID_HANDLE_VALUE, + mappedFile3=INVALID_HANDLE_VALUE; + TextHook(*hooks)[MAX_HOOK]; + int currentHook = 0; +} +bool DetourAttachedUserAddr=false; +bool hostconnected=false; +DWORD WINAPI Pipe(LPVOID) +{ + for (bool running = true; running; hookPipe = INVALID_HANDLE_VALUE) + { + DWORD count = 0; + BYTE buffer[PIPE_BUFFER_SIZE] = {}; + AutoHandle<> hostPipe = INVALID_HANDLE_VALUE; + + while (!hostPipe || !hookPipe) + { + // WinMutex connectionMutex(CONNECTING_MUTEX, &allAccess); + // std::scoped_lock lock(connectionMutex); + WaitForSingleObject(AutoHandle<>(CreateEventW(&allAccess, FALSE, FALSE, (std::wstring(PIPE_AVAILABLE_EVENT)+std::to_wstring(GetCurrentProcessId())).c_str())), INFINITE); + hostPipe = CreateFileW((std::wstring(HOST_PIPE)+std::to_wstring(GetCurrentProcessId())).c_str(), GENERIC_READ | FILE_WRITE_ATTRIBUTES, FILE_SHARE_READ, nullptr, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, nullptr); + hookPipe = CreateFileW((std::wstring(HOOK_PIPE)+std::to_wstring(GetCurrentProcessId())).c_str(), GENERIC_WRITE, FILE_SHARE_READ, nullptr, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, nullptr); + } + DWORD mode = PIPE_READMODE_MESSAGE; + SetNamedPipeHandleState(hostPipe, &mode, NULL, NULL); + + *(DWORD*)buffer = GetCurrentProcessId(); + WriteFile(hookPipe, buffer, sizeof(DWORD), &count, nullptr); + + ConsoleOutput(PIPE_CONNECTED); + Hijack(); + hostconnected=true; + while (running && ReadFile(hostPipe, buffer, PIPE_BUFFER_SIZE, &count, nullptr)) + switch (*(HostCommandType*)buffer) + { + case HOST_COMMAND_NEW_HOOK: + { + auto info = *(InsertHookCmd*)buffer; + static int userHooks = 0; + NewHook(info.hp, ("UserHook" + std::to_string(userHooks += 1)).c_str()); + } + break; + case HOST_COMMAND_REMOVE_HOOK: + { + auto info = *(RemoveHookCmd*)buffer; + RemoveHook(info.address, 0); + } + break; + case HOST_COMMAND_FIND_HOOK: + { + auto info = *(FindHookCmd*)buffer; + if (*info.sp.text) SearchForText(info.sp.text, info.sp.codepage); + else SearchForHooks(info.sp); + } + break; + case HOST_COMMAND_DETACH: + { + running = false; + } + break; + } + } + + if(DetourAttachedUserAddr){ + hostconnected=false; + return Pipe(0); + }else{ + + MH_Uninitialize(); + for (auto& hook : *hooks) hook.Clear(); + FreeLibraryAndExitThread(GetModuleHandleW(LUNA_HOOK_DLL), 0); + } +} + +void TextOutput(ThreadParam tp, TextOutput_T*buffer, int len) +{ + if (len < 0 || len > PIPE_BUFFER_SIZE - sizeof(tp)) ConsoleOutput(InvalidLength, len, tp.addr); + buffer->tp=tp; + WriteFile(hookPipe, buffer, sizeof(TextOutput_T) + len, DUMMY, nullptr); +} + +void ConsoleOutput(LPCSTR text, ...) +{ + ConsoleOutputNotif buffer; + va_list args; + va_start(args, text); + vsnprintf(buffer.message, MESSAGE_SIZE, text, args); + WriteFile(hookPipe, &buffer, sizeof(buffer), DUMMY, nullptr); +} + +void NotifyHookFound(HookParam hp,wchar_t*text) +{ + wcscpy_s(hp.hookcode,HOOKCODE_LEN, HookCode::Generate(hp, GetCurrentProcessId()).c_str()); + HookFoundNotif buffer(hp, text); + WriteFile(hookPipe, &buffer, sizeof(buffer), DUMMY, nullptr); +} +void NotifyHookRemove(uint64_t addr, LPCSTR name) +{ + if (name) ConsoleOutput(REMOVING_HOOK, name); + HookRemovedNotif buffer(addr); + WriteFile(hookPipe, &buffer, sizeof(buffer), DUMMY, nullptr); +} +void NotifyHookInserting(uint64_t addr) +{ + HookInsertingNotif buffer(addr); + WriteFile(hookPipe, &buffer, sizeof(buffer), DUMMY, nullptr); +} +BOOL WINAPI DllMain(HINSTANCE hModule, DWORD fdwReason, LPVOID) +{ + switch (fdwReason) + { + case DLL_PROCESS_ATTACH: + { + hLUNAHOOKDLL=hModule; + viewMutex = WinMutex(ITH_HOOKMAN_MUTEX_ + std::to_wstring(GetCurrentProcessId()), &allAccess); + if (GetLastError() == ERROR_ALREADY_EXISTS) return FALSE; + DisableThreadLibraryCalls(hModule); + + auto createfm=[](AutoHandle<> &handle,void**ptr,DWORD sz,std::wstring&name ){ + handle=CreateFileMappingW(INVALID_HANDLE_VALUE, &allAccess, PAGE_EXECUTE_READWRITE, 0, sz, (name).c_str()); + *ptr=MapViewOfFile(handle, FILE_MAP_ALL_ACCESS | FILE_MAP_EXECUTE, 0, 0, sz); + memset(*ptr, 0, sz); + }; + createfm(mappedFile,(void**)&hooks,MAX_HOOK * sizeof(TextHook),ITH_SECTION_ + std::to_wstring(GetCurrentProcessId())); + createfm(mappedFile3,(void**)&embedsharedmem, sizeof(EmbedSharedMem),EMBED_SHARED_MEM + std::to_wstring(GetCurrentProcessId())); + + + MH_Initialize(); + + CloseHandle(CreateThread(nullptr, 0, Pipe, nullptr, 0, nullptr)); // Using std::thread here = deadlock + } + break; + case DLL_PROCESS_DETACH: + { + MH_Uninitialize(); + detachall( ); + UnmapViewOfFile(hooks); + UnmapViewOfFile(embedsharedmem); + } + break; + } + return TRUE; +} +bool NewHook(HookParam hp, LPCSTR lpname) +{ + if (++currentHook >= MAX_HOOK){ + ConsoleOutput(TOO_MANY_HOOKS); + return false; + } + if (lpname && *lpname) strncpy_s(hp.name, lpname, HOOK_NAME_SIZE - 1); + ConsoleOutput(INSERTING_HOOK, hp.name); + RemoveHook(hp.address, 0); + + if (hp.type & CODEC_UTF8) hp.codepage = CP_UTF8; + wcscpy_s(hp.hookcode,HOOKCODE_LEN,HookCode::Generate(hp, GetCurrentProcessId()).c_str()); + if (!(*hooks)[currentHook].Insert(hp)) + { + ConsoleOutput(InsertHookFailed,WideStringToString(hp.hookcode).c_str()); + (*hooks)[currentHook].Clear(); + return false; + } + else{ + NotifyHookInserting(hp.address); + return true; + } +} + +void RemoveHook(uint64_t addr, int maxOffset) +{ + for (auto& hook : *hooks) if (abs((long long)(hook.address - addr)) <= maxOffset) return hook.Clear(); +} +std::string LoadResData(LPCWSTR pszResID,LPCWSTR _type) +{ + HMODULE hModule=hLUNAHOOKDLL; + HRSRC hRsrc = ::FindResourceW (hModule, pszResID,_type); + if (!hRsrc) + return 0; + DWORD len = SizeofResource(hModule, hRsrc); + BYTE* lpRsrc = (BYTE*)LoadResource(hModule, hRsrc); + if (!lpRsrc) + return 0; + HGLOBAL m_hMem = GlobalAlloc(GMEM_FIXED, len); + BYTE* pmem = (BYTE*)GlobalLock(m_hMem); + memcpy(pmem,lpRsrc,len); + auto data=std::string((char*)pmem,len); + GlobalUnlock(m_hMem); + GlobalFree(m_hMem); + FreeResource(lpRsrc); + return data; +} \ No newline at end of file diff --git a/LunaHook/main.h b/LunaHook/main.h new file mode 100644 index 0000000..54a3a85 --- /dev/null +++ b/LunaHook/main.h @@ -0,0 +1,18 @@ +#pragma once + +// main.h +// 8/23/2013 jichi +// Branch: ITH/IHF_DLL.h, rev 66 + +#include "types.h" + +void TextOutput(ThreadParam tp, TextOutput_T (*buffer), int len); +void ConsoleOutput(LPCSTR text, ...); +void NotifyHookFound(HookParam hp, wchar_t* text); +void NotifyHookRemove(uint64_t addr, LPCSTR name); +bool NewHook(HookParam hp, LPCSTR name); +void RemoveHook(uint64_t addr, int maxOffset = 9); +std::string LoadResData(LPCWSTR pszResID,LPCWSTR _type); +inline SearchParam spDefault; + +// EOF diff --git a/LunaHook/resource.rc b/LunaHook/resource.rc new file mode 100644 index 0000000..d6af7f4 --- /dev/null +++ b/LunaHook/resource.rc @@ -0,0 +1,6 @@ +charset_default CHARSET "resource/charset_default.txt" +charset_Robotics_Notes_Dash CHARSET "resource/charset_Robotics_Notes_Dash.txt" +charset_Robotics_Notes_Elite CHARSET "resource/charset_Robotics_Notes_Elite.txt" +compound_chars_default COMPOUND_CHARS "resource/compound_chars_default.txt" +compound_chars_Robotics_Notes_Elite COMPOUND_CHARS "resource/compound_chars_Robotics_Notes_Elite.txt" +compound_chars_Robotics_Notes_Dash COMPOUND_CHARS "resource/compound_chars_Robotics_Notes_Dash.txt" \ No newline at end of file diff --git a/LunaHook/resource/charset_Robotics_Notes_Dash.txt b/LunaHook/resource/charset_Robotics_Notes_Dash.txt new file mode 100644 index 0000000..e33d804 --- /dev/null +++ b/LunaHook/resource/charset_Robotics_Notes_Dash.txt @@ -0,0 +1 @@ + 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz /:-;!?′.@#%~*_`()゚^>+<ノキリッ$&\",[]=\0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz、。,.:;?!゛゜‘’“”()〔〕[]{}〈〉《》“”‘’【】<>【】・…~ー♪─ぁぃぅぇぉっゃゅょゎァィゥェォッャュョヮヵヶ①②―――___éàå²ö゚&⑯⑰⑱⑲⑳%–—_/•①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①…①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①あいうえおかがきぎくぐけげこごさざしじすずせぜそぞただちぢつづてでとどなにぬねのはばぱひびぴふぶぷへべぺほぼぽまみむめもやゆよらりるれろわゐゑをんアイウエオカガキギクグケゲコゴサザシジスズセゼソゾタダチヂツヅテデトドナニヌネノハバパヒビピフブプヘベペホボポマミムメモヤユヨラリルレロワヰヱヲンヴ☆★◎○●△▲□■▽▼◇◆※→←+-×÷=≧≦\〓&〆追加新項目敗北勝利入力失成功分岐先指定海翔世界救戦誰言前全人類希望俺興味穂所詮自中衝動満最強丁寧不謹慎構事国位倒頂点一昴立完了求淳和電源積込英雄軍主公供給開始喋感度良好員押忍体風吹確実続誤差以下正常起済安充率連稼働限時間忘各種異有夫僕思悪後輩対応座標固待調整変葉遣減断解除回認居左右周辺範囲地形判用問題締上愛理本日年月天予報伝鹿児島県子屋久方東南晴波高温低降水貴重情部集合暇行初今終必戻格闘発進名八汐央校普科組出席号績活研究属詳得意野隠示画面内消小息薄暗室外夏爽駆抜狭熱違汗引心身浴景色期台多柄空碧隈半遺産横住火縄銃射場白真昔学舞話慢試遠呼声聞我長帰還娘現瀬乃宮捉同幼頃腐縁程仲遊付呑持口頑張状況隣具倉庫察来使想二物置端灯個当然春秋暑冬寒環境芝生雨答額滲的迎考恐教頭会議忙相手側費止粘交渉取原因去無茶要悲壮笑浮焦偉少覚称歴史遡女徒姉設果昇足盛近京優経験証拠数知洗脳作効古西矢逆派結何花落評舎技術準備陽陰十伊達金字塔登在駄向習怒削命令飽料特未練木腰放課決流万牙城崩悔材昨神品崇説奥深々素奇跡噛怪由切者様謎包才噂光栄揚並拝式基操撃繋簡単読潰裏仕掛局選択他機性能極到注退離油禁徴早精視反平均可処絞値導訳魅激狙皆絡論柔攻書法弊害礼苦労癖送疑傷返信嘘痕触別愚痴伸眺揺覆庭姿運歩距総園鳥鳴渡草静残寄独浸哲尊敬眼突途宣表聴衆造卒業絶僻存就職肢旅暮願漠夢浪萎観測走夕根唱諦叶将路錯馳態停投専保管緒従負舌打念着含腕適弱髪両容赦関義肩犬勇旧港閉鎖廃墟訪割雑広遮裾死駐滑幅道比車寝掲堂直鍵元防燃補踏埃窓涙晶鎮巨略超際乗縦算誇創計図描許町工譲提企段代受継社務妹巡凡胸吐首振頬叩弾幕拳隅棚缶携帯移替欠過例幽霊刻嫌這警告抵抗殺百虚#難若憧黄昏識微妙擬似量背痛配膝隙潜勢奪制服汚短更衣皮肉勲章疲質虐輝握男士友納協街夜黒改装家唯営忌明週照臭腹遅呆盗買食晩儀休憩転故幸軽羽織宅軒脱挨拶影響角染血美緯太山勘慣慨繰像澄青越迫匂緑丸毎堅禮商店瑞榎怠醸級化粧飾随械助支障売介護厳密田辞践鼻蓄飲次蒸器冗談文袋土船便届育師顧彦扱豪語頼条件怖殊急門輪殿慌骨折損欄販破紹円速秒垂跳緊約承兼演躍訴騙猫泣震珍映宿嬉担三賛殴菓勉困泥川掃捨橋句箱煙詰敵勧誘辛辣淡履靴団彼価参壊修即噴醜肝健懲印象烈嘲永遇既権益努官僚縮疾涛復暴叫案奮収懸机絵枚巻宝紀及記録媒黙昭鉄型狂寸騒係溢析挑幻王邪楽鑑賞唇尖曲宇宙音吸換虫耳径泉冥沈漏暦片溶細朝鈴傘館扉童雰非徳凛漂捌蹴鋭遂拭濡恥弟尽快袖冷昼弁板委臼井至戸惑浜峰喜飯批撤咎省留顛末赴任壇善欲請余裕瞬筋博展秀般抱援剰再曜催競獲検討咳払姑束守伐厄晦甘廊蛙延午授罠粒砂仁嘆仰母玉借資貯毛誉焼董劇梅干酸荷探屈散豆把彰写溜募荒模索申逃貫孤役班貶胃増遭避憶抹君臓針刺涼第瞳炎尚稚系互坊魂魔推芙歳父農畑挟階玄尻舐釈七壁貼与吟斎親寂悟惚綿掴剥歪酷膚拗湿冊危純池床混懇私卓窺伏採迷己毒看圧建舗塞洋客藤治偏添沙汰促劣製賢貧乏香軸紙裂財貿易畳凶獄窒液嚥喉潤契愉脅傑肌層粉謝律翌孫族祖甲斐諸刃剣茨都妄蓋覗規驚招姓戚典乱怯罪拒否布札税漱石千侮辱盤鉢責掘四股擦渋節施概芻棒餅閃棄纏漁御順序紛老婆忠歯闇没懐則崖凍蒼据披露湯徹底揉熟編颯撼複璧摘威兆候脂徐藍稀弄症群医病療耗策傾貸預丘錆敷郷埋聖滅融踊芸馬星紅侵儚厚綴築溝訝揃尾仮潮誓膳贈籠眠票鬼湧昂泊憑清硬之市煌茫奢詞爆祈苛漬鬱陶恨架湾岸惜区駅朽森歌虎克耐睡抑雲剤寡列帳躊躇覧襲争志津也搭載繊歓匠酔餌煽氏挙嬢吠審胆俯瞰軌鍛旋鈍浅逸胴祭猛翼矯俄覇辿該凝褒革晒凄魚控彗祝福臨陣尋牽穴穏植捕険球杭遥如武氷五拡沸騰診肺緩洪唐炸讃澤斬囚撫透爪陸垢茂励偽賄賂罵往妥粗泳憎免詭等戒拘統陥呪愁筆犯共哀飼為Ⅱ暖閑恒拍塊詩杯頻郎淫靡筑粋浦齢伺罰屁贄棺桶穫宏柱醤呂沖韓鼓渇渦拾襖堵腋燥箸郡儲縛乙萌裸鏡慮訊桁億排蔵隔訂洞鎧却瞥嵐叔襟依刑箒斉査岩季窟亡骸政匹惨奄湖蛍秘謀雪汲嬌貢献婚松葬兄甥戯顎扇嗅蔑祥符仇羨航監狩撲悶峙双磁須曰寿仏偶林枝網錠執華詐欺被勃述累曖昧民閣府藪蛇括株享奴巧兵蔽圏域胡瓶房江頓羅牛些彩撮版倫莉栖院竹崎司棟龍雌汎敏薫寺綯睨糸雀衛舶´ゝ`厨恋滴塵喧α屑哭劫黎曙封楼螺焉阿剛浩吉麻俊償榊@β繁殖濃牧併ΜⅤ俗祉維九州桜薩摩浄暁伴癒娯亀玩燦枕銅康隷籍綻喩顕著遍誌亜℃蝕熊漫阪致災乾釣鐘薬砲銀誕岳肘隊雇奈箇衰村匿米稽稿賑迅雷鳳凰栗痩線赤接趣通倍気顔見番飛大丈占芳捗橙征羊捧盾卑麦滞謡六媚洩迂闊轄簿汁煮挫恰詛倣盟拷邁繕誠馴嫉妬怨潔陵鋼梳傍唾督捜睦庁粛措訟呈轟遙朗賭眩喝噤憫膨乳塗拉舟炭酪菌刊坂淵Ⅰ副脛曇腫漢旬穿釘寮孝慧芽幌梨富岡狼悠竦柵較擁芯奏悸恩署冒那垣拮刀縫裁芒谷鎌喫刷麗葛銭宛里漕沿串阻酒咲領嫁禿踪猿脆弛薦悩筒雫$*佐揮宴恵紺拙嗤隕吊枠皺核妨扁鉱枯盆宗莫樹竿淀乞茜託杞憂湊蚊岬貞惹豊妻尺叉瞑瓜墓逡憲糖皿軟喘鷹党彷彿吻膜弓奨沼賽河恍狗醒脚泡逢幹閲峯杖貨餓炉僅掌諜畜奉搾秩煎峡鮮堪飢泌裔脇塩翻遽紐朴欧殻冑錬丹患濁磨疎摯邂逅勤蛾冴朔某凹愕碑眈孕氾濫雅隆碗驕婿養爺噌鶏酢慶棘巾椅紋凸逞套誹謗嘔啖呵椀紫脊髄沢諭挿斜痺綜糾躁蹂躙砕饐瀉蝋槽甚慰蛮綺霞犠牲悦痙攣痍憤詫播婦訓揶揄贅虹溺旗菜仙又鵜凌墜憔悴煩駕旺爛蔦獣楚憐姫胞蘇羞偵搬擢填軋謙刹需窮叱抽秤抉俵腱鷲慟澹升弔栓棲慈卵賠召滝冠蜘蛛脈柳涯郭霧洲囁弧挺噪嚇蠢棋朱戮猶瓦礫胎ω|憾狐乖蜃Ⅳ肯培炙臣忽駒荘闖肥咆哮鶴轢敢堕絆喰嗚咽騎毅炊撒喪埒蜂巣幾槍豚囮嚢餐坦膠凪渾煤榴臆輸拓榜皇邸郊箔厭邦租帝杉蜜肖鉛稲賀惰^丼賃兎炒艦鍾ΣД濯緖錦桐祐彙沌鍋墨撰焚芋酎糞褐鱗砦ヽ゜刮肪徘徊暫逝弩涜條禄零券彫埼笛撥殲竜毀逮讐槌妊傭伎僧綱矛呟曽紳聡〝礎講頷滾苗飴宵陳劈犇屹朧惧韻腺睥遜眉瞼掻旨捩翳腔暢帽鍔佇疇且姦簀沫髭紡捻徨哉貰枢礁腑逐姻飄咥妖燈酬唖跨簾縋筵尿麓憬倦旦購i喚虜恭冤膏燻Ⅲ掬奔瞭捲傀儡廉濤佳唸逗v蹲祀嘗憮貪咀嚼剖弥寛巷⇒咄嗟寓云瘴蔓勿嘩閂貌盲埠憚姜窘堤碍醍醐∀齟齬麺啜踵詠粟宜慕朦賦遷藁躓顰楔攪拌畏糧琥珀灌迦聘鋳蝙吾-啓蒙桟摂拐帆斥薙痒掠叡智囃槊鋏賜謳椎茸庵葱苔嗜灰梗昆堯叙藩猟蝶寵磯貝珠巫俳郁曹曾洒祟阜祓裳銘漆戴ε≡冲津塚菊-―ガクフル゚キヤーヘヒクンéàå²ö \ No newline at end of file diff --git a/LunaHook/resource/charset_Robotics_Notes_Elite.txt b/LunaHook/resource/charset_Robotics_Notes_Elite.txt new file mode 100644 index 0000000..cb12d6d --- /dev/null +++ b/LunaHook/resource/charset_Robotics_Notes_Elite.txt @@ -0,0 +1 @@ + 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz /:-;!?′.@#%~*_`()゚^>+<ノキリッ$&\",[]=0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz、。,.:;?!゛゜‘’“”()〔〕[]{}〈〉《》“”‘’【】<>【】・…~ー♪―ぁぃぅぇぉっゃゅょゎァィゥェォッャュョヮヵヶ①②③④⑤⑥⑦⑧⑨⑩⑪ïâàé²♥©⑲⑳%–—_/•①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①あいうえおかがきぎくぐけげこごさざしじすずせぜそぞただちぢつづてでとどなにぬねのはばぱひびぴふぶぷへべぺほぼぽまみむめもやゆよらりるれろわゐゑをんアイウエオカガキギクグケゲコゴサザシジスズセゼソゾタダチヂツヅテデトドナニヌネノハバパヒビピフブプヘベペホボポマミムメモヤユヨラリルレロワヰヱヲンヴ☆★◎○●△▲□■▽▼◇◆※→←+-×÷=≧≦\〓&〆追加新項目敗北勝利入力失成功分岐先指定海翔世界救戦誰言前全人類希望俺興味穂所詮自中衝動満最強丁寧不謹慎構事国位倒頂点一昴立完了求淳和電源積込英雄軍主公供給開始喋感度良好員押忍体風吹確実続誤差以下正常起済安充率連稼働限時間忘各種異有夫僕思悪後輩対応座標固待調整変葉遣減断解除回認居左右周辺範囲地形判用問題締上愛理本日年月天予報伝鹿児島県子屋久方東南晴波高温低降水貴重情部集合暇行初今終必戻格闘発進名八汐央校普科組出席号績活研究属詳得意野隠示画面内消小息薄暗室外夏爽駆抜狭熱違汗引心身浴景色期台多柄空碧隈半遺産横住火縄銃射場白真昔学舞話慢試遠呼声聞我長帰還娘現瀬乃宮捉同幼頃腐縁程仲遊付呑持口頑張状況隣具倉庫察来使想二物置端灯個当然春秋暑冬寒環境芝生雨答額滲的迎考恐教頭会議忙相手側費止粘交渉取原因去無茶要悲壮笑浮焦偉少覚称歴史遡女徒姉設果昇足盛近京優経験証拠数知洗脳作効古西矢逆派結何花落評舎技術準備陽陰十伊達金字塔登在駄向習怒削命令飽料特未練木腰放課決流万牙城崩悔材昨神品崇説奥深々素奇跡噛怪由切者様謎包才噂光栄揚並拝式基操撃繋簡単読潰裏仕掛局選択他機性能極到注退離油禁徴早精視反平均可処絞値導訳魅激狙皆絡論柔攻書法弊害礼苦労癖送疑傷返信嘘痕触別愚痴伸眺揺覆庭姿運歩距総園鳥鳴渡草静残寄独浸哲尊敬眼突途宣表聴衆造卒業絶僻存就職肢旅暮願漠夢浪萎観測走夕根唱諦叶将路錯馳態停投専保管緒従負舌打念着含腕適弱髪両容赦関義肩犬勇旧港閉鎖廃墟訪割雑広遮裾死駐滑幅道比車寝掲堂直鍵元防燃補踏埃窓涙晶鎮巨略超際乗縦算誇創計図描許町工譲提企段代受継社務妹巡凡胸吐首振頬叩弾幕拳隅棚缶携帯移替欠過例幽霊刻嫌這警告抵抗殺百虚#難若憧黄昏識微妙擬似量背痛配膝隙潜勢奪制服汚短更衣皮肉勲章疲質虐輝握男士友納協街夜黒改装家唯営忌明週照臭腹遅呆盗買食晩儀休憩転故幸軽羽織宅軒脱挨拶影響角染血美緯太山勘慣慨繰像澄青越迫匂緑丸毎堅禮商店瑞榎怠醸級化粧飾随械助支障売介護厳密田辞践鼻蓄飲次蒸器冗談文袋土船便届育師顧彦扱豪語頼条件怖殊急門輪殿慌骨折損欄販破紹円速秒垂跳緊約承兼演躍訴騙猫泣震珍映宿嬉担三賛殴菓勉困泥川掃捨橋句箱煙詰敵勧誘辛辣淡履靴団彼価参壊修即噴醜肝健懲印象烈嘲永遇既権益努官僚縮疾涛復暴叫案奮収懸机絵枚巻宝紀及記録媒黙昭鉄型狂寸騒係溢析挑幻王邪楽鑑賞唇尖曲宇宙音吸換虫耳径泉冥沈漏暦片溶細朝鈴傘館扉童雰非徳凛漂捌蹴鋭遂拭濡恥弟尽快袖冷昼弁板委臼井至戸惑浜峰喜飯批撤咎省留顛末赴任壇善欲請余裕瞬筋博展秀般抱援剰再曜催競獲検討咳払姑束守伐厄晦甘廊蛙延午授罠粒砂仁嘆仰母玉借資貯毛誉焼董劇梅干酸荷探屈散豆把彰写溜募荒模索申逃貫孤役班貶胃増遭避憶抹君臓針刺涼第瞳炎尚稚系互坊魂魔推芙歳父農畑挟階玄尻舐釈七壁貼与吟斎親寂悟惚綿掴剥歪酷膚拗湿冊危純池床混懇私卓窺伏採迷己毒看圧建舗塞洋客藤治偏添沙汰促劣製賢貧乏香軸紙裂財貿易畳凶獄窒液嚥喉潤契愉脅傑肌層粉謝律翌孫族祖甲斐諸刃剣茨都妄蓋覗規驚招姓戚典乱怯罪拒否布札税漱石千侮辱盤鉢責掘四股擦渋節施概芻棒餅閃棄纏漁御順序紛老婆忠歯闇没懐則崖凍蒼据披露湯徹底揉熟編颯撼複璧摘威兆候脂徐藍稀弄症群医病療耗策傾貸預丘錆敷郷埋聖滅融踊芸馬星紅侵儚厚綴築溝訝揃尾仮潮誓膳贈籠眠票鬼湧昂泊憑清硬之市煌茫奢詞爆祈苛漬鬱陶恨架湾岸惜区駅朽森歌虎克耐睡抑雲剤寡列帳躊躇覧襲争志津也搭載繊歓匠酔餌煽氏挙嬢吠審胆俯瞰軌鍛旋鈍浅逸胴祭猛翼矯俄覇辿該凝褒革晒凄魚控彗祝福臨陣尋牽穴穏植捕険球杭遥如武氷五拡沸騰診肺緩洪唐炸讃澤斬囚撫透爪陸垢茂励偽賄賂罵往妥粗泳憎免詭等戒拘統陥呪愁筆犯共哀飼為Ⅱ暖閑恒拍塊詩杯頻郎淫靡筑粋浦齢伺罰屁贄棺桶穫宏柱醤呂沖韓鼓渇渦拾襖堵腋燥箸郡儲縛乙萌裸鏡慮訊桁億排蔵隔訂洞鎧却瞥嵐叔襟依刑箒斉査岩季窟亡骸政匹惨奄湖蛍秘謀雪汲嬌貢献婚松葬兄甥戯顎扇嗅蔑祥符仇羨航監狩撲悶峙双磁須曰寿仏偶林枝網錠執華詐欺被勃述累曖昧民閣府藪蛇括株享奴巧兵蔽圏域胡瓶房江頓羅牛些彩撮版倫莉栖院竹崎司棟龍雌汎敏薫寺綯睨糸雀衛舶´ゝ`厨恋滴塵喧α屑哭劫黎曙封楼螺焉阿剛浩吉麻俊償榊@β繁殖濃牧併ΜⅤ俗祉維九州桜薩摩浄暁伴癒娯亀玩燦枕銅康隷籍綻喩顕著遍誌亜℃蝕熊漫阪致災乾釣鐘薬砲銀誕岳肘隊雇奈箇衰村匿米稽稿賑迅雷鳳凰栗痩線赤接趣通倍気顔見番飛大丈占芳捗橙征羊捧盾卑麦滞謡六媚洩迂闊轄簿汁煮挫恰詛倣盟拷邁繕誠馴嫉妬怨潔陵鋼梳傍唾督捜睦庁粛措訟呈轟遙朗賭眩喝噤憫膨乳塗拉舟炭酪菌刊坂淵Ⅰ副脛曇腫漢旬穿釘寮孝慧芽幌梨富岡狼悠竦柵較擁芯奏悸恩署冒那垣拮刀縫裁芒谷鎌喫刷麗葛銭宛里漕沿串阻酒咲領嫁禿踪猿脆弛薦悩筒雫$*佐揮宴恵紺拙嗤隕吊枠皺核妨扁鉱枯盆宗莫樹竿淀乞茜託杞憂湊蚊岬貞惹豊妻尺叉瞑瓜墓逡憲糖皿軟喘鷹党彷彿吻膜弓奨沼賽河恍狗醒脚泡逢幹閲峯杖貨餓炉僅掌諜畜奉搾秩煎峡鮮堪飢泌裔脇塩翻遽紐朴欧殻冑錬丹患濁磨疎摯邂逅勤蛾冴朔某凹愕碑眈孕氾濫雅隆碗驕婿養爺噌鶏酢慶棘巾椅紋凸逞套誹謗嘔啖呵椀紫脊髄沢諭挿斜痺綜糾躁蹂躙砕饐瀉蝋槽甚慰蛮綺霞犠牲悦痙攣痍憤詫播婦訓揶揄贅虹溺旗菜仙又鵜凌墜憔悴煩駕旺爛蔦獣楚憐姫胞蘇羞偵搬擢填軋謙刹需窮叱抽秤抉俵腱鷲慟澹升弔栓棲慈卵賠召滝冠蜘蛛脈柳涯郭霧洲囁弧挺噪嚇蠢棋朱戮猶瓦礫胎ω|憾狐乖蜃Ⅳ肯培炙臣忽駒荘闖肥咆哮鶴轢敢堕絆喰嗚咽騎毅炊撒喪埒蜂巣幾槍豚囮嚢餐坦膠凪渾煤榴臆輸拓榜皇邸郊箔厭邦租帝杉蜜肖鉛稲賀惰^丼賃兎炒艦鍾ΣД濯緖錦桐祐彙沌鍋墨撰焚芋酎糞褐鱗砦ヽ゜刮肪徘徊暫逝弩涜條禄零券彫埼笛撥殲竜毀逮讐槌妊傭伎僧綱矛 \ No newline at end of file diff --git a/LunaHook/resource/charset_default.txt b/LunaHook/resource/charset_default.txt new file mode 100644 index 0000000..90107a5 --- /dev/null +++ b/LunaHook/resource/charset_default.txt @@ -0,0 +1 @@ + 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz /:-;!?′.@#%~*&`()°^>+<ノ・=″$′,[\]_{|}0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz、。,.:;?!゛゜‘’“”()〔〕[]{}〈〉《》「」『』【】<>〖〗・…〜ー♪―ぁぃぅぇぉっゃゅょゎァィゥェォッャュョヮヵヶ①②③④⑤⑥⑦⑧⑨⑩⑪⑫⑬ⁿ²%–—_/•‥βγζημξρστυφχψωÅ√◯´`∣¯Д∥αδεθικλνοπヽヾゝゞ〃仝々〆〇\+-±×÷=≠<>≦≧∞∴♂♀℃¥$¢£%#&*@§☆★○●◎◇◆□■△▲▽▼※〒→←↑↓〓∈∋⊆⊇⊂⊃∪∩∧∨¬⇒⇔∀∃∠⊥⌒∂∇≡≒≪≫∽∝∵∫∬‰♯♭♪†‡¶あいうえおかがきぎくぐけげこごさざしじすずせぜそぞただちぢつづてでとどなにぬねのはばぱひびぴふぶぷへべぺほぼぽまみむめもやゆよらりるれろわゐゑをんアイウエオカガキギクグケゲコゴサザシジスズセゼソゾタダチヂツヅテデトドナニヌネノハバパヒビピフブプヘベペホボポマミムメモヤユヨラリルレロヮワヰヱヲンヴΑΒΓΔΕΖΗΘΙΚΛΜΝΞΟΠΡΣΤΥΦΧΨΩⅠⅡⅢⅣⅤⅥⅦⅧⅨⅩ∮∑∟⊿亜唖娃阿哀愛挨姶逢葵茜穐悪握渥旭葦芦鯵梓圧斡扱宛姐虻飴絢綾鮎或粟袷安庵按暗案闇鞍杏以伊位依偉囲霻夷委威尉惟意慰易椅為畏異移維緯胃萎衣謂違遺医井亥域育郁磯一壱溢逸稲茨芋鰯允印咽員因姻引飲淫胤蔭院陰隠韻吋右宇烏羽迂渦嘘唄欝蔚鰻姥厩浦瓜閏噂云運雲荏餌叡営嬰影映曳栄永泳洩瑛盈穎頴英衛詠鋭液疫益駅悦謁越閲榎厭円園堰奄宴延怨掩援沿演炎焔煙燕猿縁艶苑薗遠鉛鴛塩於汚甥凹央奥往応押旺横欧殴王翁襖鴬鴎黄岡沖荻億屋憶臆桶牡乙俺卸恩温穏音下化仮何伽価佳加可嘉夏嫁家寡科暇果架歌河火珂禍禾稼箇花苛茄荷華菓蝦課嘩貨迦過霞蚊俄峨我牙画臥芽蛾賀雅餓駕介会解回塊壊廻快怪悔恢懐戒拐改魁晦械海灰界皆絵芥蟹開階貝凱劾外咳害崖慨概涯碍蓋街該鎧骸浬馨蛙垣柿蛎鈎劃嚇各廓拡撹格核殻獲確穫覚角赫較郭閣隔革学岳楽額顎掛笠樫橿梶鰍潟割喝恰括活渇滑葛褐轄且鰹叶椛樺鞄株兜竃蒲釜鎌噛鴨栢茅萱粥刈苅瓦乾侃冠寒刊勘勧巻喚堪姦完官寛干幹患感慣憾換敢柑桓棺款歓汗漢澗潅環甘監看竿管簡緩缶翰肝艦莞観諌貫還鑑間閑関陥韓館舘丸含岸巌玩癌眼岩翫贋雁頑顔願企伎危喜器基奇嬉寄岐希幾忌揮机旗既期棋棄機帰毅気汽畿祈季稀紀徽規記貴起軌輝飢騎鬼亀偽儀妓宜戯技擬欺犠疑祇義蟻誼議掬菊鞠吉吃喫桔橘詰砧杵黍却客脚虐逆丘久仇休及吸宮弓急救朽求汲泣灸球究窮笈級糾給旧牛去居巨拒拠挙渠虚許距鋸漁禦魚亨享京供侠僑兇競共凶協匡卿叫喬境峡強彊怯恐恭挟教橋況狂狭矯胸脅興蕎郷鏡響饗驚仰凝尭暁業局曲極玉桐粁僅勤均巾錦斤欣欽琴禁禽筋緊芹菌衿襟謹近金吟銀九倶句区狗玖矩苦躯駆駈駒具愚虞喰空偶寓遇隅串櫛釧屑屈掘窟沓靴轡窪熊隈粂栗繰桑鍬勲君薫訓群軍郡卦袈祁係傾刑兄啓圭珪型契形径恵慶慧憩掲携敬景桂渓畦稽系経継繋罫茎荊蛍計詣警軽頚鶏芸迎鯨劇戟撃激隙桁傑欠決潔穴結血訣月件倹倦健兼券剣喧圏堅嫌建憲懸拳捲検権牽犬献研硯絹県肩見謙賢軒遣鍵険顕験鹸元原厳幻弦減源玄現絃舷言諺限乎個古呼固姑孤己庫弧戸故枯湖狐糊袴股胡菰虎誇跨鈷雇顧鼓五互伍午呉吾娯後御悟梧檎瑚碁語誤護醐乞鯉交佼侯候倖光公功効勾厚口向后喉坑垢好孔孝宏工巧巷幸広庚康弘恒慌抗拘控攻昂晃更杭校梗構江洪浩港溝甲皇硬稿糠紅紘絞綱耕考肯肱腔膏航荒行衡講貢購郊酵鉱砿鋼閤降項香高鴻剛劫号合壕拷濠豪轟麹克刻告国穀酷鵠黒獄漉腰甑忽惚骨狛込此頃今困坤墾婚恨懇昏昆根梱混痕紺艮魂些佐叉唆嵯左差査沙瑳砂詐鎖裟坐座挫債催再最哉塞妻宰彩才採栽歳済災采犀砕砦祭斎細菜裁載際剤在材罪財冴坂阪堺榊肴咲崎埼碕鷺作削咋搾昨朔柵窄策索錯桜鮭笹匙冊刷察拶撮擦札殺薩雑皐鯖捌錆鮫皿晒三傘参山惨撒散桟燦珊産算纂蚕讃賛酸餐斬暫残仕仔伺使刺司史嗣四士始姉姿子屍市師志思指支孜斯施旨枝止死氏獅祉私糸紙紫肢脂至視詞詩試誌諮資賜雌飼歯事似侍児字寺慈持時次滋治爾璽痔磁示而耳自蒔辞汐鹿式識鴫竺軸宍雫七叱執失嫉室悉湿漆疾質実蔀篠偲柴芝屡蕊縞舎写射捨赦斜煮社紗者謝車遮蛇邪借勺尺杓灼爵酌釈錫若寂弱惹主取守手朱殊狩珠種腫趣酒首儒受呪寿授樹綬需囚収周宗就州修愁拾洲秀秋終繍習臭舟蒐衆襲讐蹴輯週酋酬集醜什住充十従戎柔汁渋獣縦重銃叔夙宿淑祝縮粛塾熟出術述俊峻春瞬竣舜駿准循旬楯殉淳準潤盾純巡遵醇順処初所暑曙渚庶緒署書薯藷諸助叙女序徐恕鋤除傷償勝匠升召哨商唱嘗奨妾娼宵将小少尚庄床廠彰承抄招掌捷昇昌昭晶松梢樟樵沼消渉湘焼焦照症省硝礁祥称章笑粧紹肖菖蒋蕉衝裳訟証詔詳象賞醤鉦鍾鐘障鞘上丈丞乗冗剰城場壌嬢常情擾条杖浄状畳穣蒸譲醸錠嘱埴飾拭植殖燭織職色触食蝕辱尻伸信侵唇娠寝審心慎振新晋森榛浸深申疹真神秦紳臣芯薪親診身辛進針震人仁刃塵壬尋甚尽腎訊迅陣靭笥諏須酢図厨逗吹垂帥推水炊睡粋翠衰遂酔錐錘随瑞髄崇嵩数枢趨雛据杉椙菅頗雀裾澄摺寸世瀬畝是凄制勢姓征性成政整星晴棲栖正清牲生盛精聖声製西誠誓請逝醒青静斉税脆隻席惜戚斥昔析石積籍績脊責赤跡蹟碩切拙接摂折設窃節説雪絶舌蝉仙先千占宣専尖川戦扇撰栓栴泉浅洗染潜煎煽旋穿箭線繊羨腺舛船薦詮賎践選遷銭銑閃鮮前善漸然全禅繕膳糎噌塑岨措曾曽楚狙疏疎礎祖租粗素組蘇訴阻遡鼠僧創双叢倉喪壮奏爽宋層匝惣想捜掃挿掻操早曹巣槍槽漕燥争痩相窓糟総綜聡草荘葬蒼藻装走送遭鎗霜騒像増憎臓蔵贈造促側則即息捉束測足速俗属賊族続卒袖其揃存孫尊損村遜他多太汰詑唾堕妥惰打柁舵楕陀駄騨体堆対耐岱帯待怠態戴替泰滞胎腿苔袋貸退逮隊黛鯛代台大第醍題鷹滝瀧卓啄宅托択拓沢濯琢託鐸濁諾茸凧蛸只叩但達辰奪脱巽竪辿棚谷狸鱈樽誰丹単嘆坦担探旦歎淡湛炭短端箪綻耽胆蛋誕鍛団壇倭和話歪賄脇惑枠鷲亙亘鰐詫藁蕨椀弾断暖檀段男談値知地弛恥智池痴稚置致蜘遅馳築畜竹筑蓄逐秩窒茶嫡着中仲宙忠抽昼柱注虫衷註酎鋳駐樗瀦猪苧著貯丁兆凋喋寵帖帳庁弔張彫徴懲挑暢朝潮牒町眺聴脹腸蝶調諜超跳銚長頂鳥勅捗直朕沈珍賃鎮陳津墜椎槌追鎚痛通塚栂掴槻佃漬柘辻蔦綴鍔椿潰坪壷嬬紬爪吊釣鶴亭低停偵剃貞呈堤定帝底庭廷弟悌抵挺提梯汀碇禎程締艇訂諦蹄逓邸鄭釘鼎泥摘擢敵滴的笛適鏑溺哲徹撤轍迭鉄典填天展店添纏甜貼転顛点伝殿澱田電兎吐堵塗妬屠徒斗杜渡登菟賭途都鍍砥砺努度土奴怒倒党冬凍刀唐塔塘套宕島嶋悼投搭東桃梼棟盗淘湯涛灯燈当痘祷等答筒糖統到董蕩藤討謄豆踏逃透鐙陶頭騰闘働動同堂導憧撞洞瞳童胴萄道銅峠鴇匿得徳涜特督禿篤毒独読栃橡凸突椴届鳶苫寅酉瀞噸屯惇敦沌豚遁頓呑曇鈍奈那内乍凪薙謎灘捺鍋楢馴縄畷南楠軟難汝二尼弐迩匂賑肉虹廿日乳入如尿韮任妊忍認濡禰祢寧葱猫熱年念捻撚燃粘乃廼之埜嚢悩濃納能脳膿農覗蚤巴把播覇杷波派琶破婆罵芭馬俳廃拝排敗杯盃牌背肺輩配倍培媒梅楳煤狽買売賠陪這蝿秤矧萩伯剥博拍柏泊白箔粕舶薄迫曝漠爆縛莫駁麦函箱硲箸肇筈櫨幡肌畑畠八鉢溌発醗髪伐罰抜筏閥鳩噺塙蛤隼伴判半反叛帆搬斑板氾汎版犯班畔繁般藩販範釆煩頒飯挽晩番盤磐蕃蛮匪卑否妃庇彼悲扉批披斐比泌疲皮碑秘緋罷肥被誹費避非飛樋簸備尾微枇毘琵眉美鼻柊稗匹疋髭彦膝菱肘弼必畢筆逼桧姫媛紐百謬俵彪標氷漂瓢票表評豹廟描病秒苗錨鋲蒜蛭鰭品彬斌浜瀕貧賓頻敏瓶不付埠夫婦富冨布府怖扶敷斧普浮父符腐膚芙譜負賦赴阜附侮撫武舞葡蕪部封楓風葺蕗伏副復幅服福腹複覆淵弗払沸仏物鮒分吻噴墳憤扮焚奮粉糞紛雰文聞丙併兵塀幣平弊柄並蔽閉陛米頁僻壁癖碧別瞥蔑箆偏変片篇編辺返遍便勉娩弁鞭保舗鋪圃捕歩甫補輔穂募墓慕戊暮母簿菩倣俸包呆報奉宝峰峯崩庖抱捧放方朋法泡烹砲縫胞芳萌蓬蜂褒訪豊邦鋒飽鳳鵬乏亡傍剖坊妨帽忘忙房暴望某棒冒紡肪膨謀貌貿鉾防吠頬北僕卜墨撲朴牧睦穆釦勃没殆堀幌奔本翻凡盆摩磨魔麻埋妹昧枚毎哩槙幕膜枕鮪柾鱒桝亦俣又抹末沫迄侭繭麿万慢満漫蔓味未魅巳箕岬密蜜湊蓑稔脈妙粍民眠務夢無牟矛霧鵡椋婿娘冥名命明盟迷銘鳴姪牝滅免棉綿緬面麺摸模茂妄孟毛猛盲網耗蒙儲木黙目杢勿餅尤戻籾貰問悶紋門匁也冶夜爺耶野弥矢厄役約薬訳躍靖柳薮鑓愉愈油癒諭輸唯佑優勇友宥幽悠憂揖有柚湧涌猶猷由祐裕誘遊邑郵雄融夕予余与誉輿預傭幼妖容庸揚揺擁曜楊様洋溶熔用窯羊耀葉蓉要謡踊遥陽養慾抑欲沃浴翌翼淀羅螺裸来莱頼雷洛絡落酪乱卵嵐欄濫藍蘭覧利吏履李梨理璃痢裏裡里離陸律率立葎掠略劉流溜琉留硫粒隆竜龍侶慮旅虜了亮僚両凌寮料梁涼猟療瞭稜糧良諒遼量陵領力緑倫厘林淋燐琳臨輪隣鱗麟瑠塁涙累類令伶例冷励嶺怜玲礼苓鈴隷零霊麗齢暦歴列劣烈裂廉恋憐漣煉簾練聯蓮連錬呂魯櫓炉賂路露労婁廊弄朗楼榔浪漏牢狼篭老聾蝋郎六麓禄肋録論湾碗腕靕顗顥飯飼餧館馞驎髙髜魵魲鮏鮱鮻鰀鵰鵫鶴鸙黑靃靍靏靑弌丐丕个丱丶丼丿乂乖乘亂亅豫亊舒弍于亞亟亠亢亰亳亶从仍仄仆仂仗仞仭仟价伉佚估佛佝佗佇佶侈侏侘佻佩佰侑佯來侖儘俔俟俎俘俛俑俚俐俤俥倚倨倔倪倥倅伜俶倡倩倬俾俯們倆偃假會偕偐偈做偖偬偸傀傚傅傴傲僉僊傳僂僖僞僥僭僣僮價僵儉儁儂儖儕儔儚儡儺儷儼儻儿兀兒兌兔兢竸兩兪兮冀冂囘册冉冏冑冓冕冖冤冦冢冩冪冫决冱冲冰况冽凅凉凛几處凩凭凰凵凾刄刋刔刎刧刪刮刳刹剏剄剋剌剞剔剪剴剩剳剿剽劍劔劒剱劈劑辨辧劬劭劼劵勁勍勗勞勣勦飭勠勳勵勸勹匆匈甸匍匐匏匕匚匣匯匱匳匸區卆卅丗卉卍凖卞卩卮夘卻卷厂厖厠厦厥厮厰厶參簒雙叟曼燮叮叨叭叺吁吽呀听吭吼吮雨卯鵜窺丑碓臼吶吩吝呎咏呵咎呟呱呷呰咒呻咀呶咄咐咆哇咢咸咥咬哄哈咨咫哂咤咾咼哘哥哦唏唔哽哮哭哺哢唹啀啣啌售啜啅啖啗唸唳啝喙喀咯喊喃喩喇喨嗚嗅嗟嗄嗜嗤嗔嘔嗷嘖嗾嗽嘛嗹噎噐營嘴嘶嘲嘸噫噤嘯噬噪嚆嚀嚊嚠嚔嚏嚥嚮嚶嚴囂嚼囁囃囀囈囎囑囓囗囮囹圀囿圄圉圈國圍圓團圖嗇圜圦圷圸坎圻址坏坩埀垈坡坿垉垓垠垳垤垪垰埃埆埔埒埓堊埖埣堋堙堝塲堡塢塋塰毀塒堽塹墅墹墟墫墺壞墻墸墮壅壓壑壗壙壘壥壜壤壟壯壺壹壻壼壽夂夊夐夛梦夥夬夭夲夸夾竒奕奐奎奚奘奢奠奧奬奩奸妁妝佞侫妣妲姆姨姜妍姙姚娥娟娑娜娉娚婀婬婉娵娶婢婪媚媼媾嫋嫂媽嫣嫗嫦嫩嫖嫺嫻嬌嬋嬖嬲嫐嬪嬶嬾孃孅孀孑孕孚孛孥孩孰孳孵學斈孺宀它宦宸寃寇寉寔寐寤實寢寞寥寫寰寶寳尅將專對尓尠尢尨尸尹屁屆屎屓屐屏孱屬屮乢屶屹岌岑岔妛岫岻岶岼岷峅岾峇峙峩峽峺峭嶌峪崋崕崗嵜崟崛崑崔崢崚崙崘嵌嵒嵎嵋嵬嵳嵶嶇嶄嶂嶢嶝嶬嶮嶽嶐嶷嶼巉巍巓巒巖巛巫已巵帋帚帙帑帛帶帷幄幃幀幎幗幔幟幢幤幇幵并幺麼广庠廁廂廈廐廏廖廣廝廚廛廢廡廨廩廬廱廳廰廴廸廾弃弉彝彜弋弑弖弩弭弸彁彈彌彎弯彑彖彗彙彡彭彳彷徃徂彿徊很徑徇從徙徘徠徨徭徼忖忻忤忸忱忝悳忿怡恠怙怐怩怎怱怛怕怫怦怏怺恚恁恪恷恟恊恆恍恣恃恤恂恬恫恙悁悍惧悃悚悄悛悖悗悒悧悋惡悸惠惓悴忰悽惆悵惘慍愕愆惶惷愀惴惺愃愡惻惱愍愎慇愾愨愧慊愿愼愬愴愽慂慄慳慷慘慙慚慫慴慯慥慱慟慝慓慵憙憖憇憬憔憚憊憑憫憮懌懊應懷懈懃懆憺懋罹懍懦懣懶懺懴懿懽懼懾戀戈戉戍戌戔戛戞戡截戮戰戲戳扁扎扞扣扛扠扨扼抂抉找抒抓抖拔抃抔拗拑抻拏拿拆擔拈拜拌拊拂拇抛拉挌拮拱挧挂挈拯拵捐挾捍搜捏掖掎掀掫捶掣掏掉掟掵捫捩掾揩揀揆揣揉插揶揄搖搴搆搓搦搶攝搗搨搏摧摯摶摎攪撕撓撥撩撈撼據擒擅擇撻擘擂擱擧舉擠擡抬擣擯攬擶擴擲擺攀擽攘攜攅攤攣攫攴攵攷收攸畋效敖敕敍敘敞敝敲數斂斃變斛斟斫斷旃旆旁旄旌旒旛旙无旡旱杲昊昃旻杳昵昶昴昜晏晄晉晁晞晝晤晧晨晟晢晰暃暈暎暉暄暘暝曁暹曉暾暼曄暸曖曚曠昿曦曩曰曵曷朏朖朞朦朧霸朮朿朶杁朸朷杆杞杠杙杣杤枉杰枩杼杪枌枋枦枡枅枷柯枴柬枳柩枸柤柞柝柢柮枹柎柆柧檜栞框栩桀桍栲桎梳栫桙档桷桿梟梏梭梔條梛梃檮梹桴梵梠梺椏梍桾椁棊椈棘椢椦棡椌棍棔棧棕椶椒椄棗棣椥棹棠棯椨椪椚椣椡棆楹楷楜楸楫楔楾楮椹楴椽楙椰楡楞楝榁楪榲榮槐榿槁槓榾槎寨槊槝榻槃榧樮榑榠榜榕榴槞槨樂樛槿權槹槲槧樅榱樞槭樔槫樊樒櫁樣樓橄樌橲樶橸橇橢橙橦橈樸樢檐檍檠檄檢檣檗蘗檻櫃櫂檸檳檬櫞櫑櫟檪櫚櫪櫻欅蘖櫺欒欖鬱欟欸欷盜欹飮歇歃歉歐歙歔歛歟歡歸歹歿殀殄殃殍殘殕殞殤殪殫殯殲殱殳殷殼毆毋毓毟毬毫毳毯麾氈氓气氛氤氣汞汕汢汪沂沍沚沁沛汾汨汳沒沐泄泱泓沽泗泅泝沮沱沾沺泛泯泙泪洟衍洶洫洽洸洙洵洳洒洌浣涓浤浚浹浙涎涕濤涅淹渕渊涵淇淦涸淆淬淞淌淨淒淅淺淙淤淕淪淮渭湮渮渙湲湟渾渣湫渫湶湍渟湃渺湎渤滿渝游溂溪溘滉溷滓溽溯滄溲滔滕溏溥滂溟潁漑灌滬滸滾漿滲漱滯漲滌漾漓滷澆潺潸澁澀潯潛濳潭澂潼潘澎澑濂潦澳澣澡澤澹濆澪濟濕濬濔濘濱濮濛瀉瀋濺瀑瀁瀏濾瀛瀚潴瀝瀘瀟瀰瀾瀲灑灣炙炒炯烱炬炸炳炮烟烋烝烙焉烽焜焙煥煕熈煦煢煌煖煬熏燻熄熕熨熬燗熹熾燒燉燔燎燠燬燧燵燼燹燿爍爐爛爨爭爬爰爲爻爼爿牀牆牋牘牴牾犂犁犇犒犖犢犧犹犲狃狆狄狎狒狢狠狡狹狷倏猗猊猜猖猝猴猯猩猥猾獎獏默獗獪獨獰獸獵獻獺珈玳珎玻珀珥珮珞璢琅瑯琥珸琲琺瑕琿瑟瑙瑁瑜瑩瑰瑣瑪瑶瑾璋璞璧瓊瓏瓔珱瓠瓣瓧瓩瓮瓲瓰瓱瓸瓷甄甃甅甌甎甍甕甓甞甦甬甼畄畍畊畉畛畆畚畩畤畧畫畭畸當疆疇畴疊疉疂疔疚疝疥疣痂疳痃疵疽疸疼疱痍痊痒痙痣痞痾痿痼瘁痰痺痲痳瘋瘍瘉瘟瘧瘠瘡瘢瘤瘴瘰瘻癇癈癆癜癘癡癢癨癩癪癧癬癰癲癶癸發皀皃皈皋皎皖皓皙皚皰皴皸皹皺盂盍盖盒盞盡盥盧盪蘯盻眈眇眄眩眤眞眥眦眛眷眸睇睚睨睫睛睥睿睾睹瞎瞋瞑瞠瞞瞰瞶瞹瞿瞼瞽瞻矇矍矗矚矜矣矮矼砌砒礦砠礪硅碎硴碆硼碚碌碣碵碪碯磑磆磋磔碾碼磅磊磬磧磚磽磴礇礒礑礙礬礫祀祠祗祟祚祕祓祺祿禊禝禧齋禪禮禳禹禺秉秕秧秬秡秣稈稍稘稙稠稟禀稱稻稾稷穃穗穉穡穢穩龝穰穹穽窈窗窕窘窖窩竈窰窶竅竄窿邃竇竊竍竏竕竓站竚竝竡竢竦竭竰笂笏笊笆笳笘笙笞笵笨笶筐筺笄筍笋筌筅筵筥筴筧筰筱筬筮箝箘箟箍箜箚箋箒箏筝箙篋篁篌篏箴篆篝篩簑簔篦篥籠簀簇簓篳篷簗簍篶簣簧簪簟簷簫簽籌籃籔籏籀籐籘籟籤籖籥籬籵粃粐粤粭粢粫粡粨粳粲粱粮粹粽糀糅糂糘糒糜糢鬻糯糲糴糶糺紆紂紜紕紊絅絋紮紲紿紵絆絳絖絎絲絨絮絏絣經綉絛綏絽綛綺綮綣綵緇綽綫總綢綯緜綸綟綰緘緝緤緞緻緲緡縅縊縣縡縒縱縟縉縋縢繆繦縻縵縹繃縷縲縺繧繝繖繞繙繚繹繪繩繼繻纃緕繽辮繿纈纉續纒纐纓纔纖纎纛纜缸缺罅罌罍罎罐网罕罔罘罟罠罨罩罧罸羂羆羃羈羇羌羔羞羝羚羣羯羲羹羮羶羸譱翅翆翊翕翔翡翦翩翳翹飜耆耄耋耒耘耙耜耡耨耿耻聊聆聒聘聚聟聢聨聳聲聰聶聹聽聿肄肆肅肛肓肚肭冐肬胛胥胙胝胄胚胖脉胯胱脛脩脣脯腋隋腆脾腓腑胼腱腮腥腦腴膃膈膊膀膂膠膕膤膣腟膓膩膰膵膾膸膽臀臂膺臉臍臑臙臘臈臚臟臠臧臺臻臾舁舂舅與舊舍舐舖舩舫舸舳艀艙艘艝艚艟艤艢艨艪艫舮艱艷艸艾芍芒芫芟芻芬苡苣苟苒苴苳苺莓范苻苹苞茆苜茉苙茵茴茖茲茱荀茹荐荅茯茫茗茘莅莚莪莟莢莖茣莎莇莊荼莵荳荵莠莉莨菴萓菫菎菽萃菘萋菁菷萇菠菲萍萢萠莽萸蔆菻葭萪萼蕚蒄葷葫蒭葮蒂葩葆萬葯葹萵蓊葢蒹蒿蒟蓙蓍蒻蓚蓐蓁蓆蓖蒡蔡蓿蓴蔗蔘蔬蔟蔕蔔蓼蕀蕣蕘蕈蕁蘂蕋蕕薀薤薈薑薊薨蕭薔薛藪薇薜蕷蕾薐藉薺藏薹藐藕藝藥藜藹蘊蘓蘋藾藺蘆蘢蘚蘰蘿虍乕虔號虧虱蚓蚣蚩蚪蚋蚌蚶蚯蛄蛆蚰蛉蠣蚫蛔蛞蛩蛬蛟蛛蛯蜒蜆蜈蜀蜃蛻蜑蜉蜍蛹蜊蜴蜿蜷蜻蜥蜩蜚蝠蝟蝸蝌蝎蝴蝗蝨蝮蝙蝓蝣蝪蠅螢螟螂螯蟋螽蟀蟐雖螫蟄螳蟇蟆螻蟯蟲蟠蠏蠍蟾蟶蟷蠎蟒蠑蠖蠕蠢蠡蠱蠶蠹蠧蠻衄衂衒衙衞衢衫袁衾袞衵衽袵衲袂袗袒袮袙袢袍袤袰袿袱裃裄裔裘裙裝裹褂裼裴裨裲褄褌褊褓襃褞褥褪褫襁襄褻褶褸襌褝襠襞襦襤襭襪襯襴襷襾覃覈覊覓覘覡覩覦覬覯覲覺覽覿觀觚觜觝觧觴觸訃訖訐訌訛訝訥訶詁詛詒詆詈詼詭詬詢誅誂誄誨誡誑誥誦誚誣諄諍諂諚諫諳諧諤諱謔諠諢諷諞諛謌謇謚諡謖謐謗謠謳鞫謦謫謾謨譁譌譏譎證譖譛譚譫譟譬譯譴譽讀讌讎讒讓讖讙讚谺豁谿豈豌豎豐豕豢豬豸豺貂貉貅貊貍貎貔豼貘戝貭貪貽貲貳貮貶賈賁賤賣賚賽賺賻贄贅贊贇贏贍贐齎贓賍贔贖赧赭赱赳趁趙跂趾趺跏跚跖跌跛跋跪跫跟跣跼踈踉跿踝踞踐踟蹂踵踰踴蹊蹇蹉蹌蹐蹈蹙蹤蹠踪蹣蹕蹶蹲蹼躁躇躅躄躋躊躓躑躔躙躪躡躬躰軆躱躾軅軈軋軛軣軼軻軫軾輊輅輕輒輙輓輜輟輛輌輦輳輻輹轅轂輾轌轉轆轎轗轜轢轣轤辜辟辣辭辯辷迚迥迢迪迯邇迴逅迹迺逑逕逡逍逞逖逋逧逶逵逹迸遏遐遑遒逎遉逾遖遘遞遨遯遶隨遲邂遽邁邀邊邉邏邨邯邱邵郢郤扈郛鄂鄒鄙鄲鄰酊酖酘酣酥酩酳酲醋醉醂醢醫醯醪醵醴醺釀釁釉釋釐釖釟釡釛釼釵釶鈞釿鈔鈬鈕鈑鉞鉗鉅鉉鉤鉈銕鈿鉋鉐銜銖銓銛鉚鋏銹銷鋩錏鋺鍄錮錙錢錚錣錺錵錻鍜鍠鍼鍮鍖鎰鎬鎭鎔鎹鏖鏗鏨鏥鏘鏃鏝鏐鏈鏤鐚鐔鐓鐃鐇鐐鐶鐫鐵鐡鐺鑁鑒鑄鑛鑠鑢鑞鑪鈩鑰鑵鑷鑽鑚鑼鑾钁鑿閂閇閊閔閖閘閙閠閨閧閭閼閻閹閾闊濶闃闍闌闕闔闖關闡闥闢阡阨阮阯陂陌陏陋陷陜陞陝陟陦陲陬隍隘隕隗險隧隱隲隰隴隶隸隹雎雋雉雍襍雜霍雕雹霄霆霈霓霎霑霏霖霙霤霪霰霹霽霾靄靆靈靂靉靜靠靤靦靨勒靫靱靹鞅靼鞁靺鞆鞋鞏鞐鞜鞨鞦鞣鞳鞴韃韆韈韋韜韭齏韲竟韶韵頏頌頸頤頡頷頽顆顏顋顫顯顰顱顴顳颪颯颱颶飄飃飆飩飫餃餉餒餔餘餡餝餞餤餠餬餮餽餾饂饉饅饐饋饑饒饌饕馗馘馥馭馮馼駟駛駝駘駑駭駮駱駲駻駸騁騏騅駢騙騫騷驅驂驀驃騾驕驍驛驗驟驢驥驤驩驫驪骭骰骼髀髏髑髓體髞髟髢髣髦髯髫髮髴髱髷髻鬆鬘鬚鬟鬢鬣鬥鬧鬨鬩鬪鬮鬯鬲魄魃魏魍魎魑魘魴鮓鮃鮑鮖鮗鮟鮠鮨鮴鯀鯊鮹鯆鯏鯑鯒鯣鯢鯤鯔鯡鰺鯲鯱鯰鰕鰔鰉鰓鰌鰆鰈鰒鰊鰄鰮鰛鰥鰤鰡鰰鱇鰲鱆鰾鱚鱠鱧鱶鱸鳧鳬鳰鴉鴈鳫鴃鴆鴪鴦鶯鴣鴟鵄鴕鴒鵁鴿鴾鵆鵈鵝鵞鵤鵑鵐鵙鵲鶉鶇鶫鵯鵺鶚鶤鶩鶲鷄鷁鶻鶸鶺鷆鷏鷂鷙鷓鷸鷦鷭鷯鷽鸚鸛鸞鹵鹹鹽麁麈麋麌麒麕麑麝麥麩麸麪麭靡黌黎黏黐黔黜點黝黠黥黨黯黴黶黷黹黻黼黽鼇鼈皷鼕鼡鼬鼾齊齒齔齣齟齠齡齦齧齬齪齷齲齶龕龜龠堯槇遙瑤凜熙纊褜鍈銈蓜俉炻昱棈鋹曻彅丨仡仼伀伃伹佖侒侊侚侔俍偀倢俿倞偆偰偂傔僴僘兊兤冝冾凬刕劜劦勀勛匀匇匤卲厓厲叝﨎咜咊咩哿喆坙坥垬埈埇﨏塚增墲夋奓奛奝奣妤妺孖寀甯寘寬尞岦岺峵崧嵓﨑嵂嵭嶸嶹巐弡弴彧德忞恝悅悊惞惕愠惲愑愷愰憘戓抦揵摠撝擎敎昀昕昻昉昮昞昤晥晗晙晴晳暙暠暲暿曺朎朗杦枻桒柀栁桄棏﨓楨﨔榘槢樰橫橆橳橾櫢櫤毖氿汜沆汯泚洄涇浯涖涬淏淸淲淼渹湜渧渼溿澈澵濵瀅瀇瀨炅炫焏焄煜煆煇凞燁燾犱犾猤猪獷玽珉珖珣珒琇珵琦琪琩琮瑢璉璟甁畯皂皜皞皛皦益睆劯砡硎硤硺礰礼神祥禔福禛竑竧靖竫箞精絈絜綷綠緖繒罇羡羽茁荢荿菇菶葈蒴蕓蕙蕫﨟薰蘒﨡蠇裵訒訷詹誧誾諟諸諶譓譿賰賴贒赶﨣軏﨤逸遧郞都鄕鄧釚釗釞釭釮釤釥鈆鈐鈊鈺鉀鈼鉎鉙鉑鈹鉧銧鉷鉸鋧鋗鋙鋐﨧鋕鋠鋓錥錡鋻﨨錞鋿錝錂鍰鍗鎤鏆鏞鏸鐱鑅鑈閒隆﨩隝隯霳喟啻啾喘喞單啼Я‐ёд㍉☒…ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \ No newline at end of file diff --git a/LunaHook/resource/compound_chars_Robotics_Notes_Dash.txt b/LunaHook/resource/compound_chars_Robotics_Notes_Dash.txt new file mode 100644 index 0000000..eeb863f --- /dev/null +++ b/LunaHook/resource/compound_chars_Robotics_Notes_Dash.txt @@ -0,0 +1,4 @@ +[E001-E01E]= +[E01F]=ガ +[E020]=タツ +[E021-E23A]= \ No newline at end of file diff --git a/LunaHook/resource/compound_chars_Robotics_Notes_Elite.txt b/LunaHook/resource/compound_chars_Robotics_Notes_Elite.txt new file mode 100644 index 0000000..77d7a04 --- /dev/null +++ b/LunaHook/resource/compound_chars_Robotics_Notes_Elite.txt @@ -0,0 +1,4 @@ +[E001-E01E]= +[E01F]=ガ +[E020]=タツ +[E021-E1B7]= \ No newline at end of file diff --git a/LunaHook/resource/compound_chars_default.txt b/LunaHook/resource/compound_chars_default.txt new file mode 100644 index 0000000..326c7fa --- /dev/null +++ b/LunaHook/resource/compound_chars_default.txt @@ -0,0 +1,24 @@ +[E000-E01B]= +[E01C]=¹⁸ +[E01D]=ü +[E01E]=ë +[E01F]=キタ +[E020]=ー +[E021-E067]=① +[E068]=,_ +[E069-E093]= +[E094]=ギ +[E095]=ョエ +[E096]=カエ +[E097]=レ +[E098]=八八 +[E099]=アッ +[E09A]=ー +[E09B]=マダ +[E09C]=ー +[E09D]=チン +[E09E]=オワ +[E09F]=タ +[E0A0]=キリ +[E0A1]=ッ +[E0A2]= ̑ \ No newline at end of file diff --git a/LunaHook/stackoffset.hpp b/LunaHook/stackoffset.hpp new file mode 100644 index 0000000..1856586 --- /dev/null +++ b/LunaHook/stackoffset.hpp @@ -0,0 +1,84 @@ +#include"texthook.h" +enum class regs +{ + _flags, +#ifndef _WIN64 + eax, + ecx, + edx, + ebx, + esp, + ebp, + esi, + edi, + flags, +#else + rax, + rbx, + rcx, + rdx, + rsp, + rbp, + rsi, + rdi, + r8, + r9, + r10, + r11, + r12, + r13, + r14, + r15, +#endif + invalid +}; + +inline int get_stack(int s){ + #ifdef _WIN64 + return s*8; + #else + return s*4; + #endif +} +inline int get_reg(regs reg){ + #ifdef _WIN64 + return -8*(int)reg-8; + #else + return -4-(int)reg*4; + #endif +} + + +inline uintptr_t regof(regs reg,hook_stack* stack){ + switch (reg) + { + #ifndef _WIN64 + case regs::eax:return stack->eax; + case regs::ecx:return stack->ecx; + case regs::edx:return stack->edx; + case regs::ebx:return stack->ebx; + case regs::esp:return stack->esp; + case regs::ebp:return stack->ebp; + case regs::esi:return stack->esi; + case regs::edi:return stack->edi; + #else + case regs::rax:return stack->rax; + case regs::rbx:return stack->rbx; + case regs::rcx:return stack->rcx; + case regs::rdx:return stack->rdx; + case regs::rsp:return stack->rsp; + case regs::rbp:return stack->rbp; + case regs::rsi:return stack->rsi; + case regs::rdi:return stack->rdi; + case regs::r8:return stack->r8; + case regs::r9:return stack->r9; + case regs::r10:return stack->r10; + case regs::r11:return stack->r11; + case regs::r12:return stack->r12; + case regs::r13:return stack->r13; + case regs::r14:return stack->r14; + case regs::r15:return stack->r15; + #endif + } + return 0; +} diff --git a/LunaHook/texthook.cc b/LunaHook/texthook.cc new file mode 100644 index 0000000..ad16a9c --- /dev/null +++ b/LunaHook/texthook.cc @@ -0,0 +1,380 @@ +// texthook.cc +// 8/24/2013 jichi +// Branch: LUNA_HOOK_DLL/texthook.cpp, rev 128 +// 8/24/2013 TODO: Clean up this file +#include"embed_util.h" +#include "texthook.h" +#include "main.h" +#include "ithsys/ithsys.h" +#include "MinHook.h" +#include"Lang/Lang.h" +extern WinMutex viewMutex; + +// - Unnamed helpers - + +namespace { // unnamed +#ifndef _WIN64 + BYTE common_hook[] = { + 0x9c, // pushfd + 0x60, // pushad + 0x9c, // pushfd ; Artikash 11/4/2018: not sure why pushfd happens twice. Anyway, after this a total of 0x28 bytes are pushed + 0x8d, 0x44, 0x24, 0x28, // lea eax,[esp+0x28] + 0x50, // push eax ; lpDatabase + 0xb9, 0,0,0,0, // mov ecx,@this + 0xbb, 0,0,0,0, // mov ebx,@TextHook::Send + 0xff, 0xd3, // call ebx + 0x9d, // popfd + 0x61, // popad + 0x9d, // popfd + 0x68, 0,0,0,0, // push @original + 0xc3 // ret ; basically absolute jmp to @original + }; + int this_offset = 9, send_offset = 14, original_offset = 24; +#else + BYTE common_hook[] = { + 0x9c, // push rflags + 0x50, // push rax + 0x53, // push rbx + 0x51, // push rcx + 0x52, // push rdx + 0x54, // push rsp + 0x55, // push rbp + 0x56, // push rsi + 0x57, // push rdi + 0x41, 0x50, // push r8 + 0x41, 0x51, // push r9 + 0x41, 0x52, // push r10 + 0x41, 0x53, // push r11 + 0x41, 0x54, // push r12 + 0x41, 0x55, // push r13 + 0x41, 0x56, // push r14 + 0x41, 0x57, // push r15 + // https://docs.microsoft.com/en-us/cpp/build/x64-calling-convention + // https://stackoverflow.com/questions/43358429/save-value-of-xmm-registers + 0x48, 0x83, 0xec, 0x20, // sub rsp,0x20 + 0xf3, 0x0f, 0x7f, 0x24, 0x24, // movdqu [rsp],xmm4 + 0xf3, 0x0f, 0x7f, 0x6c, 0x24, 0x10, // movdqu [rsp+0x10],xmm5 + 0x48, 0x8d, 0x94, 0x24, 0xa8, 0x00, 0x00, 0x00, // lea rdx,[rsp+0xa8] + 0x48, 0xb9, 0,0,0,0,0,0,0,0, // mov rcx,@this + 0x48, 0xb8, 0,0,0,0,0,0,0,0, // mov rax,@TextHook::Send + 0x48, 0x89, 0xe3, // mov rbx,rsp + 0x48, 0x83, 0xe4, 0xf0, // and rsp,0xfffffffffffffff0 ; align stack + 0xff, 0xd0, // call rax + 0x48, 0x89, 0xdc, // mov rsp,rbx + 0xf3, 0x0f, 0x6f, 0x6c, 0x24, 0x10, // movdqu xmm5,XMMWORD PTR[rsp + 0x10] + 0xf3, 0x0f, 0x6f, 0x24, 0x24, // movdqu xmm4,XMMWORD PTR[rsp] + 0x48, 0x83, 0xc4, 0x20, // add rsp,0x20 + 0x41, 0x5f, // pop r15 + 0x41, 0x5e, // pop r14 + 0x41, 0x5d, // pop r13 + 0x41, 0x5c, // pop r12 + 0x41, 0x5b, // pop r11 + 0x41, 0x5a, // pop r10 + 0x41, 0x59, // pop r9 + 0x41, 0x58, // pop r8 + 0x5f, // pop rdi + 0x5e, // pop rsi + 0x5d, // pop rbp + 0x5c, // pop rsp + 0x5a, // pop rdx + 0x59, // pop rcx + 0x5b, // pop rbx + 0x58, // pop rax + 0x9d, // pop rflags + 0xff, 0x25, 0x00, 0x00, 0x00, 0x00, // jmp qword ptr [rip] + 0,0,0,0,0,0,0,0 // @original + }; + int this_offset = 50, send_offset = 60, original_offset = 126; +#endif + + //thread_local BYTE buffer[PIPE_BUFFER_SIZE]; + //thread_local will crush on windowsxp + enum { TEXT_BUFFER_SIZE = PIPE_BUFFER_SIZE - sizeof(TextOutput_T) }; +} // unnamed namespace + +// - TextHook methods - + +bool TextHook::Insert(HookParam hp) +{ + local_buffer=new BYTE[PIPE_BUFFER_SIZE]; + { + std::scoped_lock lock(viewMutex); + if (hp.type & CODEC_UTF8) hp.codepage = CP_UTF8; + this->hp = hp; + address = hp.address; + } + if (hp.type & DIRECT_READ) return InsertReadCode(); + return InsertHookCode(); +} + +void TextHook::Send(uintptr_t lpDataBase) +{ + auto buffer =(TextOutput_T*) local_buffer; + auto pbData = buffer->data; + _InterlockedIncrement((long*)&useCount); + __try + { + auto stack=(hook_stack*)(lpDataBase-sizeof(hook_stack)+sizeof(uintptr_t)); + + #ifndef _WIN64 + if (auto current_trigger_fun = trigger_fun.exchange(nullptr)) + if (!current_trigger_fun(location, stack->ebp, stack->esp)) trigger_fun = current_trigger_fun; + #endif + + size_t lpCount = 0; + uintptr_t lpSplit = 0, + lpRetn = stack->retaddr, + plpdatain=(lpDataBase + hp.offset), + lpDataIn=*(uintptr_t*)plpdatain; + + buffer->type=hp.type; + bool isstring=false; + if((hp.type&EMBED_ABLE)&&!(hp.type&EMBED_BEFORE_SIMPLE) ) + { + isstring=true; + lpRetn=0; + lpSplit=Engine::ScenarioRole; + if(hp.hook_before(stack,pbData,&lpCount,&lpSplit)==false)__leave; + if (hp.filter_fun && !hp.filter_fun(pbData, &lpCount, &hp) || lpCount <= 0) __leave; + + } + else + { + // jichi 10/24/2014: generic hook function + if (hp.hook_fun && !hp.hook_fun(stack, &hp)) hp.hook_fun = nullptr; + + if (hp.type & HOOK_EMPTY) __leave; // jichi 10/24/2014: dummy hook only for dynamic hook + + if (hp.text_fun) { + isstring=true; + hp.text_fun(stack, &hp, &lpDataIn, &lpSplit, &lpCount); + } + else { + if (hp.type & FIXING_SPLIT) lpSplit = FIXED_SPLIT_VALUE; // fuse all threads, and prevent floating + else if (hp.type & USING_SPLIT) { + lpSplit = *(uintptr_t *)(lpDataBase + hp.split); + if (hp.type & SPLIT_INDIRECT) lpSplit = *(uintptr_t *)(lpSplit + hp.split_index); + } + if (hp.type & DATA_INDIRECT) { + plpdatain=(lpDataIn + hp.index); + lpDataIn = *(uintptr_t *)plpdatain; + } + lpDataIn += hp.padding; + lpCount = GetLength(stack, lpDataIn); + } + + //hook_fun&&text_fun change hookparam.type + buffer->type=hp.type; + + if (lpCount <= 0) __leave; + if (lpCount > TEXT_BUFFER_SIZE) lpCount = TEXT_BUFFER_SIZE; + if ((!(hp.type&USING_CHAR))&&(isstring||(hp.type&USING_STRING))) + { + if(lpDataIn == 0)__leave; + ::memcpy(pbData, (void*)lpDataIn, lpCount); + } + else{ + if(hp.type &CODEC_UTF32) + { + *(uint32_t*)pbData=lpDataIn&0xffffffff; + } + else + {//CHAR_LITTEL_ENDIAN,CODEC_ANSI_BE,CODEC_UTF16 + lpDataIn &= 0xffff; + if ((hp.type & CODEC_ANSI_BE) && (lpDataIn >> 8)) lpDataIn = _byteswap_ushort(lpDataIn & 0xffff); + if (lpCount == 1) lpDataIn &= 0xff; + *(WORD*)pbData = lpDataIn & 0xffff; + } + } + + if (hp.filter_fun && !hp.filter_fun(pbData, &lpCount, &hp) || lpCount <= 0) __leave; + + if (hp.type & (NO_CONTEXT | FIXING_SPLIT)) lpRetn = 0; + } + + ThreadParam tp{ GetCurrentProcessId(), address, lpRetn, lpSplit }; + if((hp.type&EMBED_ABLE)&&(check_embed_able(tp))) + { + auto lpCountsave=lpCount; + if(waitfornotify(buffer,pbData,&lpCount,tp)) + { + if(hp.type&EMBED_AFTER_NEW) + { + auto _ = new char[max(lpCountsave,lpCount)+10]; + memcpy(_,pbData,lpCount); + for(int i=lpCount;idata; + buffer->type=hp.type; + __try + { + while (WaitForSingleObject(readerEvent, 500) == WAIT_TIMEOUT) if (location&&(memcmp(pbData, location, dataLen) != 0)) if (int currentLen = HookStrlen((BYTE*)location)) + { + dataLen = min(currentLen, TEXT_BUFFER_SIZE); + memcpy(pbData, location, dataLen); + if (hp.filter_fun && !hp.filter_fun(pbData, &dataLen, &hp) || dataLen <= 0) continue; + TextOutput({ GetCurrentProcessId(), address, 0, 0 }, buffer, dataLen); + memcpy(pbData, location, dataLen); + } + } + __except (EXCEPTION_EXECUTE_HANDLER) + { + ConsoleOutput(READ_ERROR, hp.name); + Clear(); + } +} + +bool TextHook::InsertReadCode() +{ + readerThread = CreateThread(nullptr, 0, [](void* This) { ((TextHook*)This)->Read(); return 0UL; }, this, 0, nullptr); + readerEvent = CreateEventW(nullptr, FALSE, FALSE, NULL); + return true; +} + +void TextHook::RemoveHookCode() +{ + MH_DisableHook(location); + while (useCount != 0); + MH_RemoveHook(location); +} + +void TextHook::RemoveReadCode() +{ + SetEvent(readerEvent); + if (GetThreadId(readerThread) != GetCurrentThreadId()) WaitForSingleObject(readerThread, 1000); + CloseHandle(readerEvent); + CloseHandle(readerThread); +} + +void TextHook::Clear() +{ + if (address == 0) return; + if (hp.type & DIRECT_READ) RemoveReadCode(); + else RemoveHookCode(); + NotifyHookRemove(address, hp.name); + std::scoped_lock lock(viewMutex); + memset(&hp, 0, sizeof(HookParam)); + address = 0; + if(local_buffer)delete []local_buffer; +} + +int TextHook::GetLength(hook_stack* stack, uintptr_t in) +{ + int len; + if(hp.type&USING_STRING) + { + if(hp.length_offset) + { + len = *((uintptr_t*)stack->base + hp.length_offset); + if (len >= 0) + { + if (hp.type & CODEC_UTF16) + len <<= 1; + else if(hp.type & CODEC_UTF32) + len <<= 2; + + } + else if (len != -1) + { + + } + else + {//len==-1 + len = HookStrlen((BYTE*)in); + } + } + else + { + len = HookStrlen((BYTE*)in); + } + } + else + { + if (hp.type & CODEC_UTF16) + len = 2; + else if(hp.type&CODEC_UTF32) + len = 4; + else + { //CODEC_ANSI_BE,CHAR_LITTLE_ENDIAN + if (hp.type & CODEC_ANSI_BE) + in >>= 8; + len = !!IsDBCSLeadByteEx(hp.codepage, in & 0xff) + 1; + } + } + return max(0, len); +} + +int TextHook::HookStrlen(BYTE* data) +{ + if(data==0)return 0; + + if(hp.type&CODEC_UTF16) + return wcslen((wchar_t*)data)*2; + else if(hp.type&CODEC_UTF32) + return u32strlen((uint32_t*)data)*4; + else + return strlen((char*)data); + +} + +// EOF diff --git a/LunaHook/util/CMakeLists.txt b/LunaHook/util/CMakeLists.txt new file mode 100644 index 0000000..b6185eb --- /dev/null +++ b/LunaHook/util/CMakeLists.txt @@ -0,0 +1,18 @@ + + +set(utils_src_common +dyncodec/dynsjiscodec.cc +dyncodec/dynsjis.cc +ithsys/ithsys.cc + memdbg/memsearch.cc + stringfilters.cpp + util.cc +) +if(${CMAKE_SIZEOF_VOID_P} EQUAL 8) + add_library(utils ${utils_src_common} ) +else() + add_library(utils ${utils_src_common} disasm/disasm.cc) +endif() + +target_precompile_headers(utils REUSE_FROM pch) + diff --git a/LunaHook/util/cpputil/cppcstring.h b/LunaHook/util/cpputil/cppcstring.h new file mode 100644 index 0000000..38fd4a9 --- /dev/null +++ b/LunaHook/util/cpputil/cppcstring.h @@ -0,0 +1,111 @@ +#ifndef CPPCSTRING_H +#define CPPCSTRING_H + +// cppcstring.h +// 10/12/2014 jichi + +#include // for size_t +#include +//#include // for std::min + +// strlen + +template +inline size_t cpp_basic_strlen(const charT *s) +{ + const charT *p = s; + while (*p) p++; + return p - s; +} + +inline size_t cpp_strlen(const char *s) { return cpp_basic_strlen(s); } +inline size_t cpp_wstrlen(const wchar_t *s) { return cpp_basic_strlen(s); } + +template +inline size_t cpp_basic_strnlen(const charT *s, size_t n) +{ + const charT *p = s; + while (*p && n) p++, n--; + return p - s; +} + +inline size_t cpp_strnlen(const char *s, size_t n) { return cpp_basic_strnlen(s, n); } +inline size_t cpp_wstrnlen(const wchar_t *s, size_t n) { return cpp_basic_strnlen(s, n); } + +// strnchr + +#define cpp_basic_strnchr_(s, c, n) \ + { \ + while (*s && n) { \ + if (*s == c) \ + return s; \ + s++, n--; \ + } \ + return nullptr; \ + } +template +inline charT *cpp_basic_strnchr(charT *s, charT c, size_t n) cpp_basic_strnchr_(s, c, n) +template +inline const charT *cpp_basic_strnchr(const charT *s, charT c, size_t n) cpp_basic_strnchr_(s, c, n) + +// The same as memchr +inline char *cpp_strnchr(char *s, char c, size_t n) { return cpp_basic_strnchr(s, c, n); } +inline const char *cpp_strnchr(const char *s, char c, size_t n) { return cpp_basic_strnchr(s, c, n); } +inline wchar_t *cpp_wcsnchr(wchar_t *s, wchar_t c, size_t n) { return cpp_basic_strnchr(s, c, n); } +inline const wchar_t *cpp_wcsnchr(const wchar_t *s, wchar_t c, size_t n) { return cpp_basic_strnchr(s, c, n); } + +// strnstr + +#define cpp_basic_strnstr_(s, slen, r, rlen, ncmp) \ + { \ + while (*s && slen >= rlen) { \ + if (ncmp(s, r, slen < rlen ? slen : rlen) == 0) \ + return s; \ + s++, slen--; \ + } \ + return nullptr; \ + } + +template +inline charT *cpp_basic_strnstr(charT *s, const charT *r, size_t n) cpp_basic_strnstr_(s, n, r, ::strlen(r), ::strncmp) +template +inline const charT *cpp_basic_strnstr(const charT *s, const charT *r, size_t n) cpp_basic_strnstr_(s, n, r, ::strlen(r), ::strncmp) + +template <> +inline wchar_t *cpp_basic_strnstr(wchar_t *s, const wchar_t *r, size_t n) cpp_basic_strnstr_(s, n, r, ::wcslen(r), ::wcsncmp) +template <> +inline const wchar_t *cpp_basic_strnstr(const wchar_t *s, const wchar_t *r, size_t n) cpp_basic_strnstr_(s, n, r, ::wcslen(r), ::wcsncmp) + +inline char *cpp_strnstr(char *s, const char *r, size_t n) { return cpp_basic_strnstr(s, r, n); } +inline const char *cpp_strnstr(const char *s, const char *r, size_t n) { return cpp_basic_strnstr(s, r, n); } +inline wchar_t *cpp_wcsnstr(wchar_t *s, const wchar_t *r, size_t n) { return cpp_basic_strnstr(s, r, n); } +inline const wchar_t *cpp_wcsnstr(const wchar_t *s, const wchar_t *r, size_t n) { return cpp_basic_strnstr(s, r, n); } + +// strnpbrk + +// it might be faster to use strchr functions, which is not portable though +#define cpp_basic_strnpbrk_(s, sep, n) \ + { \ + while (*s && n) { \ + for (auto p = sep; *p; p++) \ + if (*s == *p) \ + return s; \ + s++, n--; \ + } \ + return nullptr; \ + } + +template +inline charT *cpp_basic_strnpbrk(charT *dest, const char2T *breakset, size_t n) +cpp_basic_strnpbrk_(dest, breakset, n) + +template +inline const charT *cpp_basic_strnpbrk(const charT *dest, const char2T *breakset, size_t n) +cpp_basic_strnpbrk_(dest, breakset, n) + +inline char *cpp_strnpbrk(char *dest, const char *breakset, size_t n) { return cpp_basic_strnpbrk(dest, breakset, n); } +inline const char *cpp_strnpbrk(const char *dest, const char *breakset, size_t n) { return cpp_basic_strnpbrk(dest, breakset, n); } +inline wchar_t *cpp_wcsnpbrk(wchar_t *dest, const wchar_t *breakset, size_t n) { return cpp_basic_strnpbrk(dest, breakset, n); } +inline const wchar_t *cpp_wcsnpbrk(const wchar_t *dest, const wchar_t *breakset, size_t n) { return cpp_basic_strnpbrk(dest, breakset, n); } + +#endif // CPPCSTRING_H diff --git a/LunaHook/util/disasm/disasm.cc b/LunaHook/util/disasm/disasm.cc new file mode 100644 index 0000000..d038c32 --- /dev/null +++ b/LunaHook/util/disasm/disasm.cc @@ -0,0 +1,265 @@ +// disasm.cc +// 1/27/2013 jichi +// Original source: http://hack-expo.void.ru/groups/blt/text/disasm.txt +// +// 7/19/2014 jichi: Need to add SSE instruction support for PCSX2 +// Sample problematic input from Fate/Stay night PS2: +// 3024b80c -0f88 ae58dbd2 js pcsx2.030010c0 +// 3024b812 0f1201 movlps xmm0,qword ptr ds:[ecx] ; jichi: hook here +// 3024b815 0f1302 movlps qword ptr ds:[edx],xmm0 + +#include "disasm.h" +#include + +// disasm_flag values: +enum : unsigned { + C_66 = 0x00000001 // 66-prefix + , C_67 = 0x00000002 // 67-prefix + , C_LOCK = 0x00000004 // lock + , C_REP = 0x00000008 // repz/repnz + , C_SEG = 0x00000010 // seg-prefix + , C_OPCODE2 = 0x00000020 // 2nd opcode present (1st==0f) + , C_MODRM = 0x00000040 // modrm present + , C_SIB = 0x00000080 // sib present + , C_ANYPREFIX = (C_66|C_67|C_LOCK|C_REP|C_SEG) +}; + +DISASM_BEGIN_NAMESPACE + +// These values are served as the output of disasm +// But the are currently unused and could make disasm thread-unsafe +namespace { // unnamed + +BYTE disasm_seg // CS DS ES SS FS GS + , disasm_rep // REPZ/REPNZ + , disasm_opcode // opcode + , disasm_opcode2 // used when opcode==0f + , disasm_modrm // modxxxrm + , disasm_sib // scale-index-base + , disasm_mem[8] // mem addr value + , disasm_data[8] // data value + ; + +} // unnamed namespace + +// return: length if success, 0 if error +size_t disasm(const void *opcode0) +{ + const BYTE *opcode = (const BYTE *)opcode0; + + DWORD disasm_len = 0, // 0 if error + disasm_flag = 0, // C_xxx + disasm_memsize = 0, // value = disasm_mem + disasm_datasize = 0, // value = disasm_data + disasm_defdata = 4, // == C_66 ? 2 : 4 + disasm_defmem = 4; // == C_67 ? 2 : 4 + +retry: + disasm_opcode = *opcode++; + + switch (disasm_opcode) { + case 0x99: // 7/20/2014 jichi: CDQ, size = 1 + break; + + case 0x00: case 0x01: case 0x02: case 0x03: + case 0x08: case 0x09: case 0x0a: case 0x0b: + case 0x10: case 0x11: case 0x12: case 0x13: + case 0x18: case 0x19: case 0x1a: case 0x1b: + case 0x20: case 0x21: case 0x22: case 0x23: + case 0x28: case 0x29: case 0x2a: case 0x2b: + case 0x30: case 0x31: case 0x32: case 0x33: + case 0x38: case 0x39: case 0x3a: case 0x3b: + case 0x62: case 0x63: + case 0x84: case 0x85: case 0x86: case 0x87: + case 0x88: case 0x89: case 0x8a: case 0x8b: + case 0x8c: case 0x8d: case 0x8e: case 0x8f: + case 0xc4: case 0xc5: + case 0xd0: case 0xd1: case 0xd2: case 0xd3: + case 0xd8: case 0xd9: case 0xda: case 0xdb: + case 0xdc: case 0xdd: case 0xde: case 0xdf: + case 0xfe: case 0xff: + disasm_flag |= C_MODRM; + break; + case 0xcd: disasm_datasize += *opcode==0x20 ? 1+4 : 1; + break; + case 0xf6: + case 0xf7: disasm_flag |= C_MODRM; + if (*opcode & 0x38) break; + // continue if + case 0x04: case 0x05: case 0x0c: case 0x0d: + case 0x14: case 0x15: case 0x1c: case 0x1d: + case 0x24: case 0x25: case 0x2c: case 0x2d: + case 0x34: case 0x35: case 0x3c: case 0x3d: + if (disasm_opcode & 1) + disasm_datasize += disasm_defdata; + else + disasm_datasize++; + break; + case 0x6a: + case 0xa8: + case 0xb0: case 0xb1: case 0xb2: case 0xb3: + case 0xb4: case 0xb5: case 0xb6: case 0xb7: + case 0xd4: case 0xd5: + case 0xe4: case 0xe5: case 0xe6: case 0xe7: + case 0x70: case 0x71: case 0x72: case 0x73: + case 0x74: case 0x75: case 0x76: case 0x77: + case 0x78: case 0x79: case 0x7a: case 0x7b: + case 0x7c: case 0x7d: case 0x7e: case 0x7f: + case 0xeb: + case 0xe0: case 0xe1: case 0xe2: case 0xe3: + disasm_datasize++; + break; + case 0x26: case 0x2e: case 0x36: case 0x3e: + case 0x64: case 0x65: + if (disasm_flag & C_SEG) return 0; + disasm_flag |= C_SEG; + disasm_seg = disasm_opcode; + goto retry; + case 0xf0: + if (disasm_flag & C_LOCK) return 0; + disasm_flag |= C_LOCK; + goto retry; + case 0xf2: case 0xf3: + if (disasm_flag & C_REP) return 0; + disasm_flag |= C_REP; + disasm_rep = disasm_opcode; + goto retry; + case 0x66: + if (disasm_flag & C_66) return 0; + disasm_flag |= C_66; + disasm_defdata = 2; + goto retry; + case 0x67: + if (disasm_flag & C_67) return 0; + disasm_flag |= C_67; + disasm_defmem = 2; + goto retry; + case 0x6b: + case 0x80: + case 0x82: + case 0x83: + case 0xc0: + case 0xc1: + case 0xc6: disasm_datasize++; + disasm_flag |= C_MODRM; + break; + case 0x69: + case 0x81: + case 0xc7: + disasm_datasize += disasm_defdata; + disasm_flag |= C_MODRM; + break; + case 0x9a: + case 0xea: disasm_datasize += 2 + disasm_defdata; + break; + case 0xa0: + case 0xa1: + case 0xa2: + case 0xa3: disasm_memsize += disasm_defmem; + break; + case 0x68: + case 0xa9: + case 0xb8: case 0xb9: case 0xba: case 0xbb: + case 0xbc: case 0xbd: case 0xbe: case 0xbf: + case 0xe8: + case 0xe9: + disasm_datasize += disasm_defdata; + break; + case 0xc2: + case 0xca: disasm_datasize += 2; + break; + case 0xc8: + disasm_datasize += 3; + break; + case 0xf1: + return 0; + case 0x0f: + // 7/19/2014 jichi: 0x0f1201 = movlps xmm0,qword ptr ds:[ecx] + // Given 0x0f1201, 0x0f will be strip off here and left 0x1201 + disasm_flag |= C_OPCODE2; + disasm_opcode2 = *opcode++; + switch (disasm_opcode2) { + case 0x00: case 0x01: case 0x02: case 0x03: + case 0x90: case 0x91: case 0x92: case 0x93: + case 0x94: case 0x95: case 0x96: case 0x97: + case 0x98: case 0x99: case 0x9a: case 0x9b: + case 0x9c: case 0x9d: case 0x9e: case 0x9f: + case 0xa3: + case 0xa5: + case 0xab: + case 0xad: + case 0xaf: + case 0xb0: case 0xb1: case 0xb2: case 0xb3: + case 0xb4: case 0xb5: case 0xb6: case 0xb7: + case 0xbb: + case 0xbc: case 0xbd: case 0xbe: case 0xbf: + case 0xc0: + case 0xc1: + // 7/19/2014 jichi: Add more cases for SSE instructions + // Sample instructions I need to consider + // 0f1201 movlps xmm0,qword ptr ds:[ecx] ; jichi: hook here + // 0f1302 movlps qword ptr ds:[edx],xmm0 + case 0x12: + case 0x13: + disasm_flag |= C_MODRM; + break; + case 0x06: + case 0x08: case 0x09: case 0x0a: case 0x0b: + case 0xa0: case 0xa1: case 0xa2: case 0xa8: + case 0xa9: + case 0xaa: + case 0xc8: case 0xc9: case 0xca: case 0xcb: + case 0xcc: case 0xcd: case 0xce: case 0xcf: + break; + case 0x80: case 0x81: case 0x82: case 0x83: + case 0x84: case 0x85: case 0x86: case 0x87: + case 0x88: case 0x89: case 0x8a: case 0x8b: + case 0x8c: case 0x8d: case 0x8e: case 0x8f: + disasm_datasize += disasm_defdata; + break; + case 0xa4: + case 0xac: + case 0xba: + default: return 0; // 7/19/2014 jichi: error + } // 0F-switch + break; + + } // switch + + if (disasm_flag & C_MODRM) { + disasm_modrm = *opcode++; + BYTE mod = disasm_modrm & 0xc0; + BYTE rm = disasm_modrm & 0x07; + if (mod != 0xc0) { + if (mod == 0x40) + disasm_memsize++; + if (mod == 0x80) + disasm_memsize += disasm_defmem; + if (disasm_defmem == 2) { // modrm16 + if (mod == 0x00 && rm == 0x06) + disasm_memsize += 2; + } else { // modrm32 + if (rm == 0x04) { + disasm_flag |= C_SIB; + disasm_sib = *opcode++; + rm = disasm_sib & 0x07; + } + if (rm == 0x05 && mod == 0x00) + disasm_memsize += 4; + } + } + } // C_MODRM + + for (DWORD i = 0; i < disasm_memsize; i++) + disasm_mem[i] = *opcode++; + for (DWORD i = 0; i < disasm_datasize; i++) + disasm_data[i] = *opcode++; + + disasm_len = opcode - (const BYTE *)opcode0; + + return disasm_len; +} // disasm + +DISASM_END_NAMESPACE + +// EOF diff --git a/LunaHook/util/disasm/disasm.h b/LunaHook/util/disasm/disasm.h new file mode 100644 index 0000000..f7ba7ff --- /dev/null +++ b/LunaHook/util/disasm/disasm.h @@ -0,0 +1,32 @@ +#pragma once +// disasm.h +// 1/27/2013 jichi + +// Include typedef of BYTE +//#include +//#include + +//#ifdef QT_CORE_LIB +//# include +//#else +//# include +//#endif + +#ifndef DISASM_BEGIN_NAMESPACE +# define DISASM_BEGIN_NAMESPACE +#endif +#ifndef DISASM_END_NAMESPACE +# define DISASM_END_NAMESPACE +#endif + +DISASM_BEGIN_NAMESPACE +/** + * This function can do more, but currently only used to estimate the length of an instruction. + * Warning: The current implementation is stateful and hence not thread-safe. + * @param address of the instruction to look at + * @return length of the instruction at the address or 0 if failed + */ +size_t disasm(const void *address); +DISASM_END_NAMESPACE + +// EOF diff --git a/LunaHook/util/dyncodec/dynsjis.cc b/LunaHook/util/dyncodec/dynsjis.cc new file mode 100644 index 0000000..bc5c8c5 --- /dev/null +++ b/LunaHook/util/dyncodec/dynsjis.cc @@ -0,0 +1,40 @@ +// dynsjis.cc +// 6/11/2015 jichi +// http://en.wikipedia.org/wiki/Shift_JIS +#include "dyncodec/dynsjis.h" + +const char *dynsjis::nextchar(const char *s) +{ + if (!s || !s[0]) + return s; + if (!s[1]) + return s + 1; + if (!isleadbyte(s[0])) + return s + 1; + return s + 2; // unused byte treated as two-byte character +} + +const char *dynsjis::prevchar(const char *s, const char *begin) +{ + if (!s || s <= begin) + return s; + if (!*s || s == begin + 1) + return s - 1; + if (isleadbyte(s[0])) + return s - 2; + if (!isleadbyte(s[-1])) + return s - 1; + // 0 is single-width + // -1 is double-width + if (!isleadbyte(s[-3])) + return s - 2; + const char *p = s - 1; + while (p != begin && isleadbyte(*p)) + p--; + size_t dist = s - p; + if (!isleadbyte(*p)) + dist++; + return s - 2 + (dist % 2); +} + +// EOF diff --git a/LunaHook/util/dyncodec/dynsjis.h b/LunaHook/util/dyncodec/dynsjis.h new file mode 100644 index 0000000..f017b61 --- /dev/null +++ b/LunaHook/util/dyncodec/dynsjis.h @@ -0,0 +1,28 @@ +#ifndef DYNSJIS_H +#define DYNSJIS_H + +// dynsjis.h +// 6/11/2015 jichi + +namespace dynsjis { + +inline bool isleadbyte(unsigned char ch) +{ return ch > 127 && (ch < 0xa1 || ch > 0xdf); } + +inline bool isleadchar(unsigned int ch) +{ return isleadbyte((ch >> 8) & 0xff); } + +const char *nextchar(const char *s); +inline char *nextchar(char *s) +{ return const_cast(nextchar(static_cast(s))); } + +inline bool isleadstr(const char *s) // return true if the first character of the string is widechar +{ return nextchar(s) - s == 2; } + +const char *prevchar(const char *s, const char *begin = nullptr); +inline char *prevchar(char *s, const char *begin = nullptr) +{ return const_cast(prevchar(static_cast(s), begin)); } + +} // namespace dynsjis + +#endif // DYNSJIS_H diff --git a/LunaHook/util/dyncodec/dynsjiscodec.cc b/LunaHook/util/dyncodec/dynsjiscodec.cc new file mode 100644 index 0000000..04d9f14 --- /dev/null +++ b/LunaHook/util/dyncodec/dynsjiscodec.cc @@ -0,0 +1,262 @@ +// qtdynsjis.cc +// 6/3/2015 jichi +// http://en.wikipedia.org/wiki/Shift_JIS +#include "dynsjiscodec.h" +#ifdef __clang__ +# pragma GCC diagnostic ignored "-Wlogical-op-parentheses" +#endif // __clang__ + +//#ifdef _MSC_VER +//# pragma warning(disable:4018) // C4018: signed/unsigned mismatch +//#endif // _MSC_VER + +//#define SK_NO_QT +//#define DEBUG "dynsjis.cc" +//#include "sakurakit/skdebug.h" + +/** Private class */ + +// See also LeadByte table for Windows: +// +// BYTE LeadByteTable[0x100] = { +// 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1, +// 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1, +// 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1, +// 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1, +// 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1, +// 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1, +// 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1, +// 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1, +// 1,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2, +// 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2, +// 2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1, +// 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1, +// 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1, +// 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1, +// 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2, +// 2,2,2,2,2,2,2,2,2,2,2,2,2,1,1,1 +// }; +// +// -2: 0x00 and 0xff are skipped + +class DynamicShiftJISCodecPrivate +{ +public: + UINT codepage; + std::wstring text; // already saved characters + + UINT minimumSecondByte; + + explicit DynamicShiftJISCodecPrivate(UINT codepage_) + : codepage(932) + , minimumSecondByte(0) + { + codepage = codepage_; + } + + size_t capacity() const + { + // See: http://en.wikipedia.org/wiki/Shift_JIS + return // = 7739 + (3 * 16 - 1) * (4 * 16 + 4 - 1 - minimumSecondByte) // = 3149, 0x00 are skipped + + (16 + 2) * (256 - 1 - minimumSecondByte) // = 4590, first/last byte unused + ; + } + bool isFull() const { return text.size() >= capacity(); } + std::string encodeSTD(const wchar_t* text, size_t length, bool* dynamic); + + std::string encode(const wchar_t *text, size_t length, bool *dynamic); + std::wstring decode (const char* data, size_t length, bool* dynamic) const; + +private: + std::string encodeCharSTD(wchar_t ch); + wchar_t decodeChar(UINT8 ch1, UINT8 ch2) const; +}; + +// Encode +std::string DynamicShiftJISCodecPrivate::encodeSTD(const wchar_t* text, size_t length, bool* dynamic) +{ + std::string ret; + for (size_t i = 0; i < length; i++) { + wchar_t ch = text[i]; + if (ch <= 127) + ret.push_back(ch); + else { + std::wstring ws; + ws.push_back(ch); + std::string data = WideStringToString(ws, codepage); + if (StringToWideString(WideStringToString(ws, codepage),codepage)!=ws) { // failed to decode + data = encodeCharSTD(ch); + if (!data.empty() && dynamic) + *dynamic = true; + } + ret.append(data); + } + } + return ret; +} +std::string DynamicShiftJISCodecPrivate::encodeCharSTD(wchar_t ch) +{ + std::string ret; + size_t i = text.find(ch); + if (i == std::wstring::npos) { + if (isFull()) + return ret; + i = text.size(); + text.push_back(ch); + } + if (i < 31 * (4 * 16 + 4 - 1 - minimumSecondByte)) { + int v1 = i / (4 * 16 + 4 - 1 - minimumSecondByte) + 0x81, + v2 = i % (4 * 16 + 4 - 1 - minimumSecondByte) + 1 + minimumSecondByte; + if (v2 == 0x40) + v2 = 0x7f; + else if (v2 >= 0x41) + v2 += 0xfd - 0x41; + ret.push_back(v1); + ret.push_back(v2); + return ret; + } + i -= 31 * (4 * 16 + 4 - 1 - minimumSecondByte); + if (i < 16 * (4 * 16 + 4 - 1 - minimumSecondByte)) { + int v1 = i / (4 * 16 + 4 - 1 - minimumSecondByte) + 0xe0, + v2 = i % (4 * 16 + 4 - 1 - minimumSecondByte) + 1 + minimumSecondByte; + if (v2 == 0x40) + v2 = 0x7f; + else if (v2 >= 0x41) + v2 += 0xfd - 0x41; + ret.push_back(v1); + ret.push_back(v2); + return ret; + } + i -= 16 * (4 * 16 + 4 - 1 - minimumSecondByte); + if (i < 256 - 1 - minimumSecondByte) { + int v1 = 0x80, + v2 = i % (256 - 1 - minimumSecondByte) + 1 + minimumSecondByte; + ret.push_back(v1); + ret.push_back(v2); + return ret; + } + i -= 256 - 1 - minimumSecondByte; + if (i < 256 - 1 - minimumSecondByte) { + int v1 = 0xa0, + v2 = i % (256 - 1 - minimumSecondByte) + 1 + minimumSecondByte; + ret.push_back(v1); + ret.push_back(v2); + return ret; + } + i -= 256 - 1 - minimumSecondByte; + if (i < 16 * (256 - 1 - minimumSecondByte)) { + int v1 = i / (256 - 1 - minimumSecondByte) + 0xf0, + v2 = i % (256 - 1 - minimumSecondByte) + 1 + minimumSecondByte; + ret.push_back(v1); + ret.push_back(v2); + return ret; + } + // This return should be unreachable + return ret; +} +// Decode + +std::wstring DynamicShiftJISCodecPrivate::decode(const char* data, size_t length, bool* dynamic) const +{ + std::wstring ret; + for (size_t i = 0; i < length; i++) { + UINT8 ch = (UINT8)data[i]; + if (ch <= 127) + ret.push_back(ch); + else if (ch >= 0xa1 && ch <= 0xdf) // size == 1 + ret.append(StringToWideString(std::string(data + 1, 1), codepage).value()); + else { + if (i + 1 == length) // no enough character + return ret; + UINT8 ch2 = (UINT8)data[++i]; + if ((ch >= 0x81 && ch <= 0x9f || ch >= 0xe0 && ch <= 0xef) + && (ch2 != 0x7f && ch2 >= 0x40 && ch2 <= 0xfc)) + ret.append(StringToWideString(std::string(data + i - 1, 2), codepage).value()); + else if (wchar_t c = decodeChar(ch, ch2)) { + ret.push_back(c); + if (dynamic) + *dynamic = true; + } + else + ret.push_back(ch + (wchar_t(ch2) << 8)); // preserve the original character + } + } + return ret; +} +wchar_t DynamicShiftJISCodecPrivate::decodeChar(UINT8 ch1, UINT8 ch2) const +{ + if (text.empty()) + return 0; + if (minimumSecondByte && ch2 < minimumSecondByte) + return 0; + size_t i = std::wstring::npos; + if (ch1 >= 0x81 && ch1 <= 0x9f) { + if (ch2 == 0x7f) + ch2 = 0x40; + else if (ch2 >= 0xfd) + ch2 += 0x41 - 0xfd; + i = (ch1 - 0x81) * (4 * 16 + 4 - 1 - minimumSecondByte) + ch2 - 1 - minimumSecondByte; + } else if (ch1 >= 0xe0 && ch1 <= 0xef) { + if (ch2 == 0x7f) + ch2 = 0x40; + else if (ch2 >= 0xfd) + ch2 += 0x41 - 0xfd; + i = (ch1 - 0xe0) * (4 * 16 + 4 - 1 - minimumSecondByte) + ch2 - 1 - minimumSecondByte + + 31 * (4 * 16 + 4 - 1 - minimumSecondByte); + } else if (ch1 == 0x80) + i = ch2 - 1 - minimumSecondByte + + 47 * (4 * 16 + 4 - 1 - minimumSecondByte); + else if (ch1 == 0xa0) + i = ch2 - 1 - minimumSecondByte + + 47 * (4 * 16 + 4 - 1 - minimumSecondByte) + + (256 - 1 - minimumSecondByte); + else if (ch1 >= 0xf0 && ch1 <= 0xff) // 0xff is skipped + i = (ch1 - 0xf0) * (256 - 1 - minimumSecondByte) + ch2 - 1 - minimumSecondByte + + 47 * (4 * 16 + 4 - 1 - minimumSecondByte) + + (256 - 1 - minimumSecondByte) * 2; + if (i != std::wstring::npos && i < text.size()) + return text[i]; + return 0; +} + +/** Public class */ + +DynamicShiftJISCodec::DynamicShiftJISCodec(UINT codec) : d_(new D(codec)) {} + +DynamicShiftJISCodec::~DynamicShiftJISCodec() { delete d_; } + +int DynamicShiftJISCodec::capacity() const { return d_->capacity(); } + +int DynamicShiftJISCodec::size() const { return d_->text.size(); } + +bool DynamicShiftJISCodec::isEmpty() const { return d_->text.empty(); } + +bool DynamicShiftJISCodec::isFull() const { return d_->isFull(); } + +void DynamicShiftJISCodec::clear() { d_->text.clear(); } + +int DynamicShiftJISCodec::minimumSecondByte() const { return d_->minimumSecondByte; } + +void DynamicShiftJISCodec::setMinimumSecondByte(int v) { d_->minimumSecondByte = v; } + +std::string DynamicShiftJISCodec::encodeSTD(const std::wstring& text, bool* dynamic) const +{ + if (dynamic) + *dynamic = false; + if (!d_->codepage) + return WideStringToString(text,GetACP()); + return d_->encodeSTD(reinterpret_cast(text.c_str()), text.size(), dynamic); +} +std::wstring DynamicShiftJISCodec::decode(const std::string&data, bool *dynamic) const +{ + if (dynamic) + *dynamic = false; + if (!d_->codepage) + return (StringToWideString(data , CP_ACP).value() ); + if (d_->text.empty()) + return (StringToWideString(data , d_->codepage).value() ); + return d_->decode(data.c_str(), data.size(), dynamic); +} + +// EOF diff --git a/LunaHook/util/dyncodec/dynsjiscodec.h b/LunaHook/util/dyncodec/dynsjiscodec.h new file mode 100644 index 0000000..7cbeec9 --- /dev/null +++ b/LunaHook/util/dyncodec/dynsjiscodec.h @@ -0,0 +1,59 @@ +#ifndef QTDYNCODEC_DYNSJIS_H +#define QTDYNCODEC_DYNSJIS_H + + +#define SK_DECLARE_PRIVATE(_class) \ + friend class _class; \ + typedef _class D; \ + D *const d_; + +# define SK_DISABLE_COPY(_class) \ + _class(const _class &); \ + _class &operator=(const _class &); + +#define SK_CLASS(_self) \ + typedef _self Self; \ + Self *self() const { return const_cast(this); } + +class DynamicShiftJISCodecPrivate; +class DynamicShiftJISCodec +{ + SK_CLASS(DynamicShiftJISCodec) + SK_DISABLE_COPY(DynamicShiftJISCodec) + SK_DECLARE_PRIVATE(DynamicShiftJISCodecPrivate) + + // - Construction - +public: + explicit DynamicShiftJISCodec(UINT codepag); + ~DynamicShiftJISCodec(); + + int capacity() const; // maximum allowed number of characters + + // Minimum value for the second byte, must be larger than 0 and smaller than 0x40 + int minimumSecondByte() const; + void setMinimumSecondByte(int v); + + /// Return the number of current characters + int size() const; + bool isEmpty() const; + bool isFull() const; + + // Clear cached codec + void clear(); + + /** + * @param text + * @param* dynamic whether there are unencodable character + * @return data + */ + std::string encodeSTD(const std::wstring& text, bool* dynamic = nullptr) const; + + /** + * @param data + * @param* dynamic whether there are undecodable character + * @return text + */ + std::wstring decode(const std::string&data, bool *dynamic = nullptr) const; +}; + +#endif // QTDYNCODEC_DYNSJIS_H diff --git a/LunaHook/util/ithsys/ithsys.cc b/LunaHook/util/ithsys/ithsys.cc new file mode 100644 index 0000000..f55f208 --- /dev/null +++ b/LunaHook/util/ithsys/ithsys.cc @@ -0,0 +1,68 @@ +// ithsys.cc +// 8/21/2013 jichi +// Branch: ITH_SYS/SYS.cpp, rev 126 +// +// 8/24/2013 TODO: +// - Clean up the code +// - Move my old create remote thread for ITH2 here + +#include "ithsys/ithsys.h" +#include "const.h" + +/** +* Return the address of the first matched pattern. +* Artikash 7/14/2018: changed implementation, hopefully it behaves the same +* Return 0 if failed. The return result is ambiguous if the pattern address is 0. +* +* @param startAddress search start address +* @param range search range +* @param pattern array of bytes to match +* @param patternSize size of the pattern array +* @return relative offset from the startAddress +*/ +uintptr_t SearchPattern(uintptr_t base, uintptr_t base_length, LPCVOID search, uintptr_t search_length) +{ + // Artikash 7/14/2018: not sure, but I think this could throw read access violation if I dont subtract search_length + for (int i = 0; i < base_length - search_length; ++i) + for (int j = 0; j <= search_length; ++j) + if (j == search_length) return i; // not sure about this algorithm... + else if (*((BYTE*)base + i + j) != *((BYTE*)search + j) && *((BYTE*)search + j) != XX) break; + //if (memcmp((void*)(base + i), search, search_length) == 0) + //return i; + + return 0; +} + +uintptr_t IthGetMemoryRange(LPCVOID mem, uintptr_t *base, size_t *size) +{ + MEMORY_BASIC_INFORMATION info = {}; + VirtualQuery(mem, &info, sizeof(info)); + if (base) + *base = (uintptr_t)info.BaseAddress; + if (size) + *size = info.RegionSize; + return info.Protect > PAGE_NOACCESS; +} + +// jichi 6/12/2015: https://en.wikipedia.org/wiki/Shift_JIS +// Leading table for SHIFT-JIS encoding +BYTE LeadByteTable[0x100] = { + 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1, + 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1, + 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1, + 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1, + 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1, + 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1, + 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1, + 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1, + 1,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2, + 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2, + 2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1, + 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1, + 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1, + 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1, + 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2, + 2,2,2,2,2,2,2,2,2,2,2,2,2,1,1,1 +}; + +// EOF \ No newline at end of file diff --git a/LunaHook/util/ithsys/ithsys.h b/LunaHook/util/ithsys/ithsys.h new file mode 100644 index 0000000..7408922 --- /dev/null +++ b/LunaHook/util/ithsys/ithsys.h @@ -0,0 +1,20 @@ +#pragma once + +// ithsys.h +// 8/23/2013 jichi +// Branch: ITH/IHF_SYS.h, rev 111 + +#ifdef _MSC_VER +# pragma warning(disable:4800) // C4800: forcing value to bool +#endif // _MSC_VER +//#include "ntdll/ntdll.h" +#include + +// jichi 10/1/2013: Return 0 if failed. So, it is ambiguous if the search pattern starts at 0 +uintptr_t SearchPattern(uintptr_t base, uintptr_t base_length, LPCVOID search, uintptr_t search_length); // KMP + +uintptr_t IthGetMemoryRange(LPCVOID mem, uintptr_t *base, size_t *size); + +extern BYTE LeadByteTable[]; + +// EOF diff --git a/LunaHook/util/memdbg/memdbg.h b/LunaHook/util/memdbg/memdbg.h new file mode 100644 index 0000000..70fbe13 --- /dev/null +++ b/LunaHook/util/memdbg/memdbg.h @@ -0,0 +1,25 @@ +#ifndef _MEMDBG_H +#define _MEMDBG_H + +// memdbg.h +// 4/20/2014 jichi + +#ifndef MEMDBG_BEGIN_NAMESPACE +# define MEMDBG_BEGIN_NAMESPACE namespace MemDbg { +#endif +#ifndef MEMDBG_END_NAMESPACE +# define MEMDBG_END_NAMESPACE } // MemDbg +#endif + +MEMDBG_BEGIN_NAMESPACE + +typedef unsigned char byte_t; +typedef unsigned long dword_t; + +//typedef void *address_t; // LPVOID +//typedef const void *const_address_t; // LPCVOID + +MEMDBG_END_NAMESPACE + + +#endif // _MEMDBG_H diff --git a/LunaHook/util/memdbg/memsearch.cc b/LunaHook/util/memdbg/memsearch.cc new file mode 100644 index 0000000..d32834c --- /dev/null +++ b/LunaHook/util/memdbg/memsearch.cc @@ -0,0 +1,646 @@ +// memsearch.cc +// 4/20/2014 jichi +#include "memdbg/memsearch.h" +#include "ithsys/ithsys.h" +#include + +// Helpers + +namespace { // unnamed + +enum : BYTE { byte_nop = 0x90 }; +enum : BYTE { byte_int3 = 0xcc }; +enum : WORD { word_2int3 = 0xcccc }; + +// jichi 4/19/2014: Return the integer that can mask the signature +// Artikash 8/4/2018: change implementation +DWORD sigMask(DWORD sig) +{ + DWORD count = 0; + while (sig) + { + sig >>= 8; + ++count; + } + count -= 4; + count = -count; + return 0xffffffff >> (count << 3); +} + +// Modified from ITH findCallOrJmpAbs +// Example call: +// 00449063 |. ff15 5cf05300 call dword ptr ds:[<&gdi32.getglyphoutli>; \GetGlyphOutlineA +enum : WORD { + word_jmp = 0x25ff // long jump + , word_call = 0x15ff // far call +}; + +// Modified from ITH findCallOrJmpAbs +enum : BYTE { + byte_jmp = 0xe9 // long call + , byte_call = 0xe8 // near call + , byte_push_small = 0x6a // push byte operand + , byte_push_large = 0x68 // push operand > 0xff +}; +} +MEMDBG_BEGIN_NAMESPACE +#ifndef _WIN64 +/*** + * Return the absolute address of op. Op takes 1 parameter. + * DWORD call with absolute address. + * + * @param op first half of the operator + * @param arg1 the function address + * @param start address + * @param stop address + * @param offset search after start address + * @param range search size + * @return absolute address or 0 + */ +DWORD findWordCall(WORD op, DWORD arg1, DWORD start, DWORD stop, DWORD offset, DWORD range) +{ + typedef WORD optype; + typedef DWORD argtype; + + for (DWORD i = offset; i < offset + range - sizeof(argtype); i++) + if (op == *(optype *)(start + i)) { + DWORD t = *(DWORD *)(start + i + sizeof(optype)); + if (t > start && t < stop) { + if (arg1 == *(argtype *)t) // absolute address + return start + i; + //i += sizeof(optype) + sizeof(argtype) - 1; // == 5 + } + } + return 0; +} + +DWORD findLastWordCall(WORD op, DWORD arg1, DWORD start, DWORD stop, DWORD offset, DWORD range) +{ + typedef WORD optype; + typedef DWORD argtype; + DWORD ret = 0; + + for (DWORD i = offset; i < offset + range - sizeof(argtype); i++) + if (op == *(optype *)(start + i)) { + DWORD t = *(DWORD *)(start + i + sizeof(optype)); + if (t > start && t < stop) { + if (arg1 == *(argtype *)t) // absolute address + ret = start + i; + //i += sizeof(optype) + sizeof(argtype) - 1; // == 5 + } + } + return ret; +} + + +/*** + * Return the absolute address of op. Op takes 1 address parameter. + * BYTE call with relative address. + * + * @param op first half of the operator + * @param arg1 the function address + * @param start address + * @param offset search after start address + * @param range search size + * @return absolute address or 0 + */ +DWORD findByteCall(BYTE op, DWORD arg1, DWORD start, DWORD offset, DWORD range) +{ + typedef BYTE optype; + typedef DWORD argtype; + + for (DWORD i = offset; i < offset + range - sizeof(argtype); i++) + if (op == *(optype *)(start + i)) { + DWORD t = *(argtype *)(start + i + sizeof(optype)); + //if (t > start && t < stop) { + if (arg1 == t + start + i + sizeof(optype) + sizeof(argtype)) // relative address + return start + i; + //i += sizeof(optype) + sizeof(argtype) - 1; // == 4 + //} + } + return 0; +} + +DWORD findLastByteCall(BYTE op, DWORD arg1, DWORD start, DWORD offset, DWORD range) +{ + typedef BYTE optype; + typedef DWORD argtype; + DWORD ret = 0; + for (DWORD i = offset; i < offset + range - sizeof(argtype); i++) + if (op == *(optype *)(start + i)) { + DWORD t = *(argtype *)(start + i + sizeof(optype)); + //if (t > start && t < stop) { + if (arg1 == t + start + i + sizeof(optype) + sizeof(argtype)) // relative address + ret = start + i; + //i += sizeof(optype) + sizeof(argtype) - 1; // == 4 + //} + } + return ret; +} + +/*** + * Return the absolute address of op. Op takes 1 parameter. + * + * @param op first half of the operator + * @param arg1 the first operand + * @param start address + * @param search range + * @return absolute address or 0 + */ +//DWORD findByteOp1(BYTE op, DWORD arg1, DWORD start, DWORD size, DWORD offset) +//{ +// typedef BYTE optype; +// typedef DWORD argtype; +// +// for (DWORD i = offset; i < size - sizeof(argtype); i++) +// if (op == *(optype *)(start + i)) { +// DWORD t = *(DWORD *)(start + i + sizeof(optype)); +// if (t == arg1) { +// return start + i; +// else +// i += sizeof(optype) + sizeof(argtype) - 1; // == 4 +// } +// } +// return 0; +//} + + // namespace unnamed + + +DWORD findLongJumpAddress(DWORD funcAddr, DWORD lowerBound, DWORD upperBound, DWORD offset, DWORD range) +{ return findWordCall(word_jmp, funcAddr, lowerBound, upperBound, offset, range ? range : (upperBound - lowerBound - offset)); } + +DWORD findShortJumpAddress(DWORD funcAddr, DWORD lowerBound, DWORD upperBound, DWORD offset, DWORD range) +{ return findByteCall(byte_jmp, funcAddr, lowerBound, offset, range ? range : (upperBound - lowerBound - offset)); } + +DWORD findFarCallAddress(DWORD funcAddr, DWORD lowerBound, DWORD upperBound, DWORD offset, DWORD range) +{ return findWordCall(word_call, funcAddr, lowerBound, upperBound, offset, range ? range : (upperBound - lowerBound - offset)); } + +DWORD findNearCallAddress(DWORD funcAddr, DWORD lowerBound, DWORD upperBound, DWORD offset, DWORD range) +{ return findByteCall(byte_call, funcAddr, lowerBound, offset, range ? range : (upperBound - lowerBound - offset)); } + +DWORD findLastLongJumpAddress(DWORD funcAddr, DWORD lowerBound, DWORD upperBound, DWORD offset, DWORD range) +{ return findLastWordCall(word_jmp, funcAddr, lowerBound, upperBound, offset, range ? range : (upperBound - lowerBound - offset)); } + +DWORD findLastShortJumpAddress(DWORD funcAddr, DWORD lowerBound, DWORD upperBound, DWORD offset, DWORD range) +{ return findLastByteCall(byte_jmp, funcAddr, lowerBound, offset, range ? range : (upperBound - lowerBound - offset)); } + +DWORD findLastFarCallAddress(DWORD funcAddr, DWORD lowerBound, DWORD upperBound, DWORD offset, DWORD range) +{ return findLastWordCall(word_call, funcAddr, lowerBound, upperBound, offset, range ? range : (upperBound - lowerBound - offset)); } + +DWORD findLastNearCallAddress(DWORD funcAddr, DWORD lowerBound, DWORD upperBound, DWORD offset, DWORD range) +{ return findLastByteCall(byte_call, funcAddr, lowerBound, offset, range ? range : (upperBound - lowerBound - offset)); } + +DWORD findPushDwordAddress(DWORD value, DWORD lowerBound, DWORD upperBound) +{ + //value = _byteswap_ulong(value); // swap to bigendian + const BYTE *p = (BYTE *)&value; + const BYTE bytes[] = {byte_push_large, p[0], p[1], p[2], p[3]}; + return findBytes(bytes, sizeof(bytes), lowerBound, upperBound); +} + +DWORD findPushByteAddress(BYTE value, DWORD lowerBound, DWORD upperBound) +{ + const BYTE bytes[] = {byte_push_small, value}; + return findBytes(bytes, sizeof(bytes), lowerBound, upperBound); +} + +#ifndef MEMDBG_NO_STL + +bool iterFindBytes(const address_fun_t &fun, const void *pattern, DWORD patternSize, DWORD lowerBound, DWORD upperBound) +{ + for (DWORD addr = lowerBound; addr < upperBound - patternSize; addr += patternSize) { + addr = findBytes(pattern, patternSize, addr, upperBound); + if (!addr || !fun(addr)) + return false; + } + return true; +} + +bool iterMatchBytes(const address_fun_t &fun, const void *pattern, DWORD patternSize, DWORD lowerBound, DWORD upperBound) +{ + for (DWORD addr = lowerBound; addr < upperBound - patternSize; addr += patternSize) { ; + addr = findBytes(pattern, patternSize, addr, upperBound); + if (!addr || !fun(addr)) + return false; + } + return true; +} + +bool iterWordCall(const address_fun_t &callback, WORD op, DWORD arg1, DWORD start, DWORD stop, DWORD offset, DWORD range) +{ + typedef WORD optype; + typedef DWORD argtype; + + for (DWORD i = offset; i < offset + range - sizeof(argtype); i++) + if (op == *(optype *)(start + i)) { + DWORD t = *(DWORD *)(start + i + sizeof(optype)); + if (t > start && t < stop) { + if (arg1 == *(argtype *)t // absolute address + && !callback(start + i)) + return false; + //i += sizeof(optype) + sizeof(argtype) - 1; // == 5 + } + } + return true; +} + +bool iterByteCall(const address_fun_t &callback, BYTE op, DWORD arg1, DWORD start, DWORD offset, DWORD range) +{ + typedef BYTE optype; + typedef DWORD argtype; + + for (DWORD i = offset; i < offset + range - sizeof(argtype); i++) + if (op == *(optype *)(start + i)) { + DWORD t = *(argtype *)(start + i + sizeof(optype)); + //if (t > start && t < stop) { + if (arg1 == t + start + i + sizeof(optype) + sizeof(argtype) // relative address + && !callback(start + i)) + return false; + //i += sizeof(optype) + sizeof(argtype) - 1; // == 4 + //} + } + return true; +} + +bool iterCallerAddress(const address2_fun_t &callback, DWORD funcAddr, DWORD sig, DWORD lowerBound, DWORD upperBound, DWORD reverseLength, DWORD offset) +{ + enum { PatternSize = 4 }; + const DWORD size = upperBound - lowerBound - PatternSize; + const DWORD fun = (DWORD)funcAddr; + // Example function call: + // 00449063 |. ff15 5cf05300 call dword ptr ds:[<&gdi32.getglyphoutli>; \GetGlyphOutlineA + //WCHAR str[0x40]; + const DWORD mask = sigMask(sig); + for (DWORD i = offset; i < size; i++) + if (*(WORD *)(lowerBound + i) == word_call) { + DWORD t = *(DWORD *)(lowerBound + i + 2); // 2 = sizeof(word) + if (t >= lowerBound && t <= upperBound - PatternSize) { + if (*(DWORD *)t == fun) + //swprintf(str,L"CALL addr: 0x%.8X",lowerBound + i); + //OutputConsole(str); + for (DWORD j = i ; j > i - reverseLength; j--) + if ((*(DWORD *)(lowerBound + j) & mask) == sig) { + if (!callback(lowerBound + j, lowerBound + i)) + return false; + break; + } + + } else + i += 6; + } + //OutputConsole(L"Find call and entry failed."); + return true; +} + +bool iterCallerAddressAfterInt3(const address2_fun_t &fun, dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t callerSearchSize, dword_t offset) +{ + auto callback = [&fun](dword_t addr, dword_t call) -> bool { + while (byte_int3 == *(BYTE *)++addr); // skip leading int3 + return fun(addr, call); + }; + return iterCallerAddress(callback, funcAddr, word_2int3, lowerBound, upperBound, callerSearchSize, offset); +} + +bool iterUniqueCallerAddress(const address_fun_t &fun, dword_t funcAddr, dword_t funcInst, dword_t lowerBound, dword_t upperBound, dword_t callerSearchSize, dword_t offset) +{ + dword_t prevAddr = 0; + auto callback = [&fun, &prevAddr](dword_t addr, dword_t) -> bool { + if (prevAddr == addr) + return true; + prevAddr = addr; + return fun(addr); + }; + return iterCallerAddress(callback, funcAddr, funcInst, lowerBound, upperBound, callerSearchSize, offset); +} + +bool iterUniqueCallerAddressAfterInt3(const address_fun_t &fun, dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t callerSearchSize, dword_t offset) +{ + auto callback = [&fun](dword_t addr) -> bool { + while (byte_int3 == *(BYTE *)++addr); // skip leading int3 + return fun(addr); + }; + return iterUniqueCallerAddress(callback, funcAddr, word_2int3, lowerBound, upperBound, callerSearchSize, offset); +} + +bool iterLongJumpAddress(const address_fun_t &fun, DWORD funcAddr, DWORD lowerBound, DWORD upperBound, DWORD offset, DWORD range) +{ return iterWordCall(fun, word_jmp, funcAddr, lowerBound, upperBound, offset, range ? range : (upperBound - lowerBound - offset)); } + +bool iterShortJumpAddress(const address_fun_t &fun, DWORD funcAddr, DWORD lowerBound, DWORD upperBound, DWORD offset, DWORD range) +{ return iterByteCall(fun, byte_jmp, funcAddr, lowerBound, offset, range ? range : (upperBound - lowerBound - offset)); } + +bool iterFarCallAddress(const address_fun_t &fun, DWORD funcAddr, DWORD lowerBound, DWORD upperBound, DWORD offset, DWORD range) +{ return iterWordCall(fun, word_call, funcAddr, lowerBound, upperBound, offset, range ? range : (upperBound - lowerBound - offset)); } + +bool iterNearCallAddress(const address_fun_t &fun, DWORD funcAddr, DWORD lowerBound, DWORD upperBound, DWORD offset, DWORD range) +{ return iterByteCall(fun, byte_call, funcAddr, lowerBound, offset, range ? range : (upperBound - lowerBound - offset)); } + +bool iterAlignedNearCallerAddress(const address_fun_t &fun, dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t callerSearchSize, dword_t offset) +{ + dword_t prevAddr = 0; + auto callback = [&fun, &prevAddr, callerSearchSize](dword_t addr) -> bool { + if ((addr = findEnclosingAlignedFunction(addr, callerSearchSize)) + && prevAddr != addr) { + prevAddr = addr; + return fun(addr); + } + return true; + }; + return iterNearCallAddress(callback, funcAddr, lowerBound, upperBound, offset); +} + +#endif // MEMDBG_NO_STL + +DWORD findMultiCallerAddress(DWORD funcAddr, const DWORD sigs[], DWORD sigCount, DWORD lowerBound, DWORD upperBound, DWORD reverseLength, DWORD offset) +{ + enum { PatternSize = 4 }; + const DWORD size = upperBound - lowerBound - PatternSize; + const DWORD fun = (DWORD)funcAddr; + // Example function call: + // 00449063 |. ff15 5cf05300 call dword ptr ds:[<&gdi32.getglyphoutli>; \GetGlyphOutlineA + //WCHAR str[0x40]; + + enum { MaxSigCount = 0x10 }; // mast be larger than maximum sigCount + DWORD masks[MaxSigCount]; + for (DWORD k = 0; k < sigCount; k++) + masks[k] = sigMask(sigs[k]); + + for (DWORD i = offset; i < size; i++) + if ((*(WORD *)(lowerBound + i) == word_call)|| + (*(WORD *)(lowerBound + i) ==0x3d8b)) { + //8B 3D 24 F0 45 00 mov edi, ds:TextOutA ,call edi + //MOON CHILDe + //https://vndb.org/v1568 + DWORD t = *(DWORD *)(lowerBound + i + 2); // 2 = sizeof(word) + if (t >= lowerBound && t <= upperBound - PatternSize) { + if (*(DWORD *)t == fun) + //swprintf(str,L"CALL addr: 0x%.8X",lowerBound + i); + //OutputConsole(str); + for (DWORD j = i ; j > i - reverseLength; j--) { + DWORD ret = lowerBound + j, + inst = *(DWORD *)ret; + for (DWORD k = 0; k < sigCount; k++) + if ((inst & masks[k]) == sigs[k]) // Fun entry 1. + //swprintf(str,L"Entry: 0x%.8X",lowerBound + j); + //OutputConsole(str); + return ret; + } + + } else + i += 6; + } + //OutputConsole(L"Find call and entry failed."); + return 0; +} + +DWORD findLastCallerAddress(DWORD funcAddr, DWORD sig, DWORD lowerBound, DWORD upperBound, DWORD reverseLength, DWORD offset) +{ + enum { PatternSize = 4 }; + const DWORD size = upperBound - lowerBound - PatternSize; + const DWORD fun = (DWORD)funcAddr; + //WCHAR str[0x40]; + DWORD ret = 0; + const DWORD mask = sigMask(sig); + for (DWORD i = offset; i < size; i++) + if (*(WORD *)(lowerBound + i) == word_call) { + DWORD t = *(DWORD *)(lowerBound + i + 2); + if (t >= lowerBound && t <= upperBound - PatternSize) { + if (*(DWORD *)t == fun) + //swprintf(str,L"CALL addr: 0x%.8X",lowerBound + i); + //OutputConsole(str); + for (DWORD j = i ; j > i - reverseLength; j--) + if ((*(DWORD *)(lowerBound + j) & mask) == sig) { // Fun entry 1. + //swprintf(str,L"Entry: 0x%.8X",lowerBound + j); + //OutputConsole(str); + ret = lowerBound + j; + break; + } + + } else + i += 6; + } + //OutputConsole(L"Find call and entry failed."); + return ret; +} + +DWORD findCallerAddressAfterInt3(dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t callerSearchSize, dword_t offset) +{ + DWORD addr = findCallerAddress(funcAddr, word_2int3, lowerBound, upperBound, callerSearchSize, offset); + if (addr) + while (byte_int3 == *(BYTE *)++addr); + return addr; +} + +DWORD findLastCallerAddressAfterInt3(dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t callerSearchSize, dword_t offset) +{ + DWORD addr = findLastCallerAddress(funcAddr, word_2int3, lowerBound, upperBound, callerSearchSize, offset); + if (addr) + while (byte_int3 == *(BYTE *)++addr); + return addr; +} + +DWORD findAlignedNearCallerAddress(dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t callerSearchSize, dword_t offset) +{ + if (DWORD addr = findNearCallAddress(funcAddr, lowerBound, upperBound, offset)) + return findEnclosingAlignedFunction(addr, callerSearchSize); + return 0; +} + +DWORD findLastAlignedNearCallerAddress(dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t callerSearchSize, dword_t offset) +{ + if (DWORD addr = findLastCallerAddressAfterInt3(funcAddr, lowerBound, upperBound, callerSearchSize, offset)) + return findEnclosingAlignedFunction(addr, callerSearchSize); + return 0; +} + +DWORD findEnclosingFunctionAfterDword(DWORD sig, DWORD start, DWORD back_range, DWORD step) +{ + start &= ~0xf; + for (DWORD i = start, j = start - back_range; i > j; i-=step) { // 0x10 is aligned + DWORD k = *(DWORD *)(i-4); // 4 = sizeof(DWORD) + if (k == sig) + return i; + } + return 0; +} + +DWORD findEnclosingFunctionBeforeDword(DWORD sig, DWORD start, DWORD back_range,DWORD step) +{ + DWORD addr = findEnclosingFunctionAfterDword(sig, start, back_range, step); + if (addr) + addr -= sizeof(DWORD); + return addr; +} + +DWORD findEnclosingFunctionAfterInt3(DWORD start, DWORD back_range, DWORD step) +{ return findEnclosingFunctionAfterDword(0xcccccccc, start, back_range, step); } + +DWORD findEnclosingFunctionAfterNop(DWORD start, DWORD back_range, DWORD step) +{ return findEnclosingFunctionAfterDword(0x90909090,start, back_range, step); } + +#endif + +uintptr_t findCallerAddress(uintptr_t funcAddr, DWORD sig, uintptr_t lowerBound, uintptr_t upperBound, uintptr_t reverseLength,uintptr_t offset) +{ + enum { PatternSize = 4 }; + const uintptr_t size = upperBound - lowerBound - PatternSize; + const uintptr_t fun = (uintptr_t)funcAddr; + // Example function call: + // 00449063 |. ff15 5cf05300 call dword ptr ds:[<&gdi32.getglyphoutli>; \GetGlyphOutlineA + //WCHAR str[0x40]; + const DWORD mask = sigMask(sig); + for (uintptr_t i = offset; i < size; i++) + if (*(WORD *)(lowerBound + i) == word_call) { + #ifdef _WIN64 + uintptr_t t = lowerBound+i+6+*(DWORD *)(lowerBound + i + 2); // 2 = sizeof(word) + #else + DWORD t = *(DWORD *)(lowerBound + i + 2); + #endif + + if (t >= lowerBound && t <= upperBound - PatternSize) { + if (*(uintptr_t *)t == fun) + //swprintf(str,L"CALL addr: 0x%.8X",lowerBound + i); + //OutputConsole(str); + for (uintptr_t j = i ; j > i - reverseLength; j--) + if ((*(uintptr_t *)(lowerBound + j) & mask) == sig) // Fun entry 1. + //swprintf(str,L"Entry: 0x%.8X",lowerBound + j); + //OutputConsole(str); + return lowerBound + j; + + } else + i += 6; + } + //OutputConsole(L"Find call and entry failed."); + return 0; +} + +uintptr_t findEnclosingAlignedFunction(uintptr_t start, uintptr_t back_range) +{ + start &= ~0xf; + for (uintptr_t i = start, j = start - back_range; i > j; i-=0x10) { + DWORD k = *(DWORD *)(i-4); + if (k == 0xcccccccc + || k == 0x90909090 + || k == 0xccccccc3 + || k == 0x909090c3 + ) + return i; + DWORD t = k & 0xff0000ff; + if (t == 0xcc0000c2 || t == 0x900000c2) + return i; + k >>= 8; + if (k == 0xccccc3 || k == 0x9090c3) + return i; + t = k & 0xff; + if (t == 0xc2) + return i; + k >>= 8; + if (k == 0xccc3 || k == 0x90c3) + return i; + k >>= 8; + if (k == 0xc3) + return i; + } + return 0; +} + +uintptr_t findEnclosingAlignedFunction_strict(uintptr_t start, uintptr_t back_range) +{ + start &= ~0xf; + for (uintptr_t i = start, j = start - back_range; i > j; i-=0x10) { + DWORD k = *(DWORD *)(i-4); + if (k == 0xcccccccc + || k == 0x90909090 + || k == 0xccccccc3 + || k == 0x909090c3 + ) + return i; + } + return 0; +} +uintptr_t findBytes(const void *pattern, uintptr_t patternSize, uintptr_t lowerBound, uintptr_t upperBound) +{ + uintptr_t reladdr = SearchPattern(lowerBound, upperBound - lowerBound, pattern, patternSize); + return reladdr ? lowerBound + reladdr : 0; +} + +//DWORD reverseFindBytes(const void *pattern, DWORD patternSize, DWORD lowerBound, DWORD upperBound) +//{ +// DWORD reladdr = reverseSearchPattern(lowerBound, upperBound - lowerBound, pattern, patternSize); +// return reladdr ? lowerBound + reladdr : 0; +//} + +#if 0 // not used +DWORD findBytesInPages(const void *pattern, DWORD patternSize, DWORD lowerBound, DWORD upperBound, SearchType search) +{ + //enum { MinPageSize = 4 * 1024 }; // 4k + DWORD ret = 0; + DWORD start = lowerBound, + stop = start; + MEMORY_BASIC_INFORMATION mbi = {}; + + //lowerBound = 0x10000000; + //upperBound = 0x14000000; + //SIZE_T ok = ::VirtualQuery((LPCVOID)lowerBound, &mbi, sizeof(mbi)); + //ITH_GROWL_DWORD7(1, start, stop, mbi.RegionSize, mbi.Protect, mbi.Type, mbi.State); + //return findBytes(pattern, patternSize, lowerBound, upperBound, wildcard); + while (stop < upperBound) { + SIZE_T ok = ::VirtualQuery((LPCVOID)start, &mbi, sizeof(mbi)); + if (!mbi.RegionSize) + break; + // Only visit readable and committed region + // Protect could be zero if not allowed to query + if (!ok || !mbi.Protect || mbi.Protect&PAGE_NOACCESS) { + if (stop > start && (ret = findBytes(pattern, patternSize, lowerBound, upperBound))) + return ret; + if (search != SearchAll) + return 0; + stop += mbi.RegionSize; + start = stop; + } else + stop += mbi.RegionSize; + } + if (stop > start) + ret = findBytes(pattern, patternSize, start, min(upperBound, stop)); + return ret; +} + +DWORD matchBytesInPages(const void *pattern, DWORD patternSize, DWORD lowerBound, DWORD upperBound, BYTE wildcard, SearchType search) +{ + //enum { MinPageSize = 4 * 1024 }; // 4k + DWORD ret = 0; + DWORD start = lowerBound, + stop = start; + MEMORY_BASIC_INFORMATION mbi = {}; + + //lowerBound = 0x10000000; + //upperBound = 0x14000000; + //SIZE_T ok = ::VirtualQuery((LPCVOID)lowerBound, &mbi, sizeof(mbi)); + //ITH_GROWL_DWORD7(1, start, stop, mbi.RegionSize, mbi.Protect, mbi.Type, mbi.State); + //return findBytes(pattern, patternSize, lowerBound, upperBound, wildcard); + while (stop < upperBound) { + SIZE_T ok = ::VirtualQuery((LPCVOID)start, &mbi, sizeof(mbi)); + if (!mbi.RegionSize) + break; + // Only visit readable and committed region + // Protect could be zero if not allowed to query + if (!ok || !mbi.Protect || mbi.Protect&PAGE_NOACCESS) { + if (stop > start && (ret = findBytes(pattern, patternSize, lowerBound, upperBound, wildcard))) + return ret; + if (search != SearchAll) + return 0; + stop += mbi.RegionSize; + start = stop; + } else + stop += mbi.RegionSize; + } + if (stop > start) + ret = findBytes(pattern, patternSize, start, min(upperBound, stop), wildcard); + return ret; +} + +#endif // 0 + +MEMDBG_END_NAMESPACE + +// EOF diff --git a/LunaHook/util/memdbg/memsearch.h b/LunaHook/util/memdbg/memsearch.h new file mode 100644 index 0000000..931d2b0 --- /dev/null +++ b/LunaHook/util/memdbg/memsearch.h @@ -0,0 +1,208 @@ +#ifndef _MEMDBG_MEMSEARCH_H +#define _MEMDBG_MEMSEARCH_H + +// memsearch.h +// 4/20/2014 jichi + +#include "memdbg/memdbg.h" +#ifndef MEMDBG_NO_STL +# include +#endif // MEMDBG_NO_STL + +MEMDBG_BEGIN_NAMESPACE + +/// Estimated maximum size of the caller function, the same as ITH FindCallAndEntryAbs +enum { MaximumFunctionSize = 0x800 }; + +/// Offset added to the beginning of the searched address +enum { MemoryPaddingOffset = 0x1000 }; + +enum { MemoryAlignedStep = 0x10 }; + +#ifndef MEMDBG_NO_STL +/// Iterate address and return false if abort iteration. +typedef std::function address_fun_t; +typedef std::function address2_fun_t; + +/** + * Iterate all call and caller addresses + * @param fun the first parameter is the address of the caller, and the second parameter is the address of the call itself + * @return false if return early, and true if iterate all elements + */ +bool iterCallerAddress(const address2_fun_t &fun, dword_t funcAddr, dword_t funcInst, dword_t lowerBound, dword_t upperBound, dword_t callerSearchSize = MaximumFunctionSize, dword_t offset = MemoryPaddingOffset); +bool iterCallerAddressAfterInt3(const address2_fun_t &fun, dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t callerSearchSize = MaximumFunctionSize, dword_t offset = MemoryPaddingOffset); +bool iterUniqueCallerAddress(const address_fun_t &fun, dword_t funcAddr, dword_t funcInst, dword_t lowerBound, dword_t upperBound, dword_t callerSearchSize = MaximumFunctionSize, dword_t offset = MemoryPaddingOffset); +bool iterUniqueCallerAddressAfterInt3(const address_fun_t &fun, dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t callerSearchSize = MaximumFunctionSize, dword_t offset = MemoryPaddingOffset); + +/** + * Iterate all call and caller addresses + * @param fun the parameter is the address of the call + * @return false if return early, and true if iterate all elements + */ +bool iterFarCallAddress(const address_fun_t &fun, dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t offset = MemoryPaddingOffset, dword_t range = 0); +bool iterNearCallAddress(const address_fun_t &fun, dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t offset = MemoryPaddingOffset, dword_t range = 0); +bool iterLongJumpAddress(const address_fun_t &fun, dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t offset = MemoryPaddingOffset, dword_t range = 0); +bool iterShortJumpAddress(const address_fun_t &fun, dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t offset = MemoryPaddingOffset, dword_t range = 0); + +bool iterAlignedNearCallerAddress(const address_fun_t &fun, dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t callerSearchSize = MaximumFunctionSize, dword_t offset = MemoryPaddingOffset); + +bool iterFindBytes(const address_fun_t &fun, const void *pattern, dword_t patternSize, dword_t lowerBound, dword_t upperBound); +bool iterMatchBytes(const address_fun_t &fun, const void *pattern, dword_t patternSize, dword_t lowerBound, dword_t upperBound); +#endif // MEMDBG_NO_STL + +/** + * Return the absolute address of the far caller function + * The same as ITH FindCallAndEntryAbs(). + * + * @param funcAddr callee function address + * @param funcInst the machine code where the caller function starts + * @param lowerBound the lower memory address to search + * @param upperBound the upper memory address to search + * @param* callerSearchSize the maximum size of caller + * @return the caller absolute address if succeed or 0 if fail + * + * Example funcInst: + * 0x55: push ebp + * 0x81,0xec: sub esp XXOO (0xec81) + * 0x83,0xec: sub esp XXOO (0xec83) + */ +uintptr_t findCallerAddress(uintptr_t funcAddr, dword_t funcInst, uintptr_t lowerBound, uintptr_t upperBound, uintptr_t callerSearchSize = MaximumFunctionSize, uintptr_t offset = MemoryPaddingOffset); +dword_t findCallerAddressAfterInt3(dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t callerSearchSize = MaximumFunctionSize, dword_t offset = MemoryPaddingOffset); +dword_t findLastCallerAddress(dword_t funcAddr, dword_t funcInst, dword_t lowerBound, dword_t upperBound, dword_t callerSearchSize = MaximumFunctionSize, dword_t offset = MemoryPaddingOffset); +dword_t findLastCallerAddressAfterInt3(dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t callerSearchSize = MaximumFunctionSize, dword_t offset = MemoryPaddingOffset); + +dword_t findMultiCallerAddress(dword_t funcAddr, const dword_t funcInsts[], dword_t funcInstCount, dword_t lowerBound, dword_t upperBound, dword_t callerSearchSize = MaximumFunctionSize, dword_t offset = MemoryPaddingOffset); + +dword_t findAlignedNearCallerAddress(dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t callerSearchSize = MaximumFunctionSize, dword_t offset = MemoryPaddingOffset); +dword_t findLastAlignedNearCallerAddress(dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t callerSearchSize = MaximumFunctionSize, dword_t offset = MemoryPaddingOffset); + +/** + * Return the absolute address of the long jump (not short jump) instruction address. + * The same as ITH FindCallOrJmpAbs(false). + * + * @param funcAddr callee function address + * @param lowerBound the lower memory address to search + * @param upperBound the upper memory address to search + * @param* offset the relative address to search from the lowerBound + * @param* range the relative size to search, use lowerBound - upperBound when zero + * @return the call instruction address if succeed or 0 if fail + */ +dword_t findLongJumpAddress(dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t offset = MemoryPaddingOffset, dword_t range = 0); +dword_t findShortJumpAddress(dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t offset = MemoryPaddingOffset, dword_t range = 0); +dword_t findLastLongJumpAddress(dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t offset = MemoryPaddingOffset, dword_t range = 0); +dword_t findLastShortJumpAddress(dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t offset = MemoryPaddingOffset, dword_t range = 0); + +/** + * Return the absolute address of the far call (inter-module) instruction address. + * The same as ITH FindCallOrJmpAbs(true). + * + * @param funcAddr callee function address + * @param lowerBound the lower memory address to search + * @param upperBound the upper memory address to search + * @param* offset the relative address to search from the lowerBound + * @param* range the relative size to search, use lowerBound - upperBound when zero + * @return the call instruction address if succeed or 0 if fail + */ +dword_t findFarCallAddress(dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t offset = MemoryPaddingOffset, dword_t range = 0); +dword_t findLastFarCallAddress(dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t offset = MemoryPaddingOffset, dword_t range = 0); + +/// Near call (intra-module) +dword_t findNearCallAddress(dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t offset = MemoryPaddingOffset, dword_t range = 0); +dword_t findLastNearCallAddress(dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t offset = MemoryPaddingOffset, dword_t range = 0); + +/// Default to far call, for backward compatibility +inline dword_t findCallAddress(dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t offset = MemoryPaddingOffset, dword_t range = 0) +{ return findFarCallAddress(funcAddr, lowerBound, upperBound, offset, range); } +inline dword_t findLastCallAddress(dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t offset = MemoryPaddingOffset, dword_t range = 0) +{ return findLastFarCallAddress(funcAddr, lowerBound, upperBound, offset, range); } + +/// Default to long jump, for backward compatibility +inline dword_t findJumpAddress(dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t offset = MemoryPaddingOffset, dword_t range = 0) +{ return findLongJumpAddress(funcAddr, lowerBound, upperBound, offset, range); } +inline dword_t findLastJumpAddress(dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t offset = MemoryPaddingOffset, dword_t range = 0) +{ return findLastLongJumpAddress(funcAddr, lowerBound, upperBound, offset, range); } + +/// Push value >= 0xff +dword_t findPushDwordAddress(dword_t value, dword_t lowerBound, dword_t upperBound); + +/// Push value <= 0xff +dword_t findPushByteAddress(byte_t value, dword_t lowerBound, dword_t upperBound); + +/// Default to push DWORD +inline dword_t findPushAddress(dword_t value, dword_t lowerBound, dword_t upperBound) +{ return findPushDwordAddress(value, lowerBound, upperBound); } + +/** + * Return the enclosing function address outside the given address. + * The same as ITH FindEntryAligned(). + * "Aligned" here means the function must be after in3 (0xcc) or nop (0x90). + * + * If the function does NOT exist, this function might raise without admin privilege. + * It is safer to wrap this function within SEH. + * + * @param addr address within th function + * @param searchSize max backward search size + * @return beginning address of the function + * @exception illegal memory access + */ +uintptr_t findEnclosingAlignedFunction(uintptr_t addr, uintptr_t searchSize = MaximumFunctionSize); +uintptr_t findEnclosingAlignedFunction_strict(uintptr_t addr, uintptr_t searchSize = MaximumFunctionSize); +dword_t findEnclosingFunctionBeforeDword(dword_t sig, dword_t addr, dword_t searchSize = MaximumFunctionSize, dword_t step = MemoryAlignedStep); +dword_t findEnclosingFunctionAfterDword(dword_t sig, dword_t addr, dword_t searchSize = MaximumFunctionSize, dword_t step = MemoryAlignedStep); +dword_t findEnclosingFunctionAfterInt3(dword_t addr, dword_t searchSize = MaximumFunctionSize, dword_t step = MemoryAlignedStep); +dword_t findEnclosingFunctionAfterNop(dword_t addr, dword_t searchSize = MaximumFunctionSize, dword_t step = MemoryAlignedStep); + +/** + * Return the address of the first matched pattern. + * Return 0 if failed. The return result is ambiguous if the pattern address is 0. + * This function simpily traverse all bytes in memory range and would raise + * if no access to the region. + * + * @param pattern array of bytes to match + * @param patternSize size of the pattern array + * @param lowerBound search start address + * @param upperBound search stop address + * @return absolute address + * @exception illegal memory access + */ +uintptr_t findBytes(const void *pattern, uintptr_t patternSize, uintptr_t lowerBound, uintptr_t upperBound); + +// User space: 0 - 2G (0 - 0x7ffeffff) +// Kernel space: 2G - 4G (0x80000000 - 0xffffffff) +// +// http://msdn.microsoft.com/en-us/library/windows/hardware/ff560042%28v=vs.85%29.aspx +// http://codesequoia.wordpress.com/2008/11/28/understand-process-address-space-usage/ +// http://stackoverflow.com/questions/17244912/open-process-with-debug-privileges-and-read-write-memory +enum MemoryRange : dword_t { + UserMemoryStartAddress = 0, UserMemoryStopAddress = 0x7ffeffff + , KernelMemoryStartAddress = 0x80000000, KernelMemoryStopAddress = 0xffffffff + , MappedMemoryStartAddress = 0x01000000 + + , MemoryStartAddress = UserMemoryStartAddress, MemoryStopAddress = UserMemoryStopAddress +}; + +#if 0 // not used +/** + * Traverse memory continues pages and return the address of the first matched pattern. + * + * @param pattern array of bytes to match + * @param patternSize size of the pattern array + * @param lowerBound search start address + * @param upperBound search stop address + * @param* search search all pages (SearchAll) or stop on first illegal access (SearchFirst) + * @return absolute address + */ +enum SearchType : byte_t { SearchAll = 0 , SearchFirst }; + +dword_t findBytesInPages(const void *pattern, dword_t patternSize, + dword_t lowerBound = MemoryStartAddress, dword_t upperBound = MemoryStopAddress, + SearchType search = SearchAll); +dword_t matchBytesInPages(const void *pattern, dword_t patternSize, + dword_t lowerBound = MemoryStartAddress, dword_t upperBound = MemoryStopAddress, + byte_t wildcard = WidecardByte, SearchType search = SearchAll); + +#endif // 0 + +MEMDBG_END_NAMESPACE + +#endif // _MEMDBG_MEMSEARCH_H diff --git a/LunaHook/util/ntxpundef.h b/LunaHook/util/ntxpundef.h new file mode 100644 index 0000000..807e4fe --- /dev/null +++ b/LunaHook/util/ntxpundef.h @@ -0,0 +1,19 @@ +#if (_WIN32_WINNT <= _WIN32_WINNT_WIN7) +typedef +__drv_sameIRQL +__drv_functionClass(EXCEPTION_ROUTINE) +EXCEPTION_DISPOSITION +NTAPI +EXCEPTION_ROUTINE( + __inout struct _EXCEPTION_RECORD* ExceptionRecord, + __in PVOID EstablisherFrame, + __inout struct _CONTEXT* ContextRecord, + __in PVOID DispatcherContext +); +typedef EXCEPTION_ROUTINE* PEXCEPTION_ROUTINE; +typedef struct _EXCEPTION_REGISTRATION_RECORD { + struct _EXCEPTION_REGISTRATION_RECORD* Next; + PEXCEPTION_ROUTINE Handler; +} EXCEPTION_REGISTRATION_RECORD; + +#endif // !EXCEPTION_REGISTRATION_RECORD \ No newline at end of file diff --git a/LunaHook/util/stringfilters.cpp b/LunaHook/util/stringfilters.cpp new file mode 100644 index 0000000..bafa055 --- /dev/null +++ b/LunaHook/util/stringfilters.cpp @@ -0,0 +1,186 @@ +#include"stringfilters.h" +#include"stringutils.h" + +inline char* str_chr(char *s, char c, size_t n){return (char*)::memchr(s, c, n);} +inline wchar_t* str_chr(wchar_t *s, wchar_t c, size_t n){return cpp_wcsnchr(s, c, n);} + +inline char *str_npbrk(char *dest, const char *breakset, size_t n){return cpp_strnpbrk(dest, breakset, n);} +inline wchar_t *str_npbrk(wchar_t *dest, const wchar_t *breakset, size_t n){return cpp_wcsnpbrk(dest, breakset, n);} + +inline char *str_nstr(char *s, const char *r, size_t n){return cpp_strnstr(s,r,n);} +inline wchar_t *str_nstr(wchar_t *s, const wchar_t *r, size_t n){return cpp_wcsnstr(s,r,n);} + +template +inline void CharReplacer_impl(CharT *str, size_t *size, CharT fr, CharT to) +{ + size_t len = *size; + for (size_t i = 0; i < len; i++) + if (str[i] == fr) + str[i] = to; +} + +template +inline void CharFilter_impl(CharT *str, size_t *size, CharT ch) +{ + size_t len = *size/sizeof(CharT), + curlen; + for (CharT *cur = str_chr(str, ch, len); + (cur && --len && (curlen = len - (cur - str))); + cur = str_chr(cur, ch, curlen)) + ::memmove(cur, cur + 1, curlen*sizeof(CharT)); + *size = len*sizeof(CharT); +} + +template +inline void CharsFilter_impl(CharT *str, size_t *size, const CharT *chars){ + size_t len = *size/sizeof(CharT), + curlen; + for (CharT *cur = str_npbrk(str, chars, len); + (cur && --len && (curlen = len - (cur - str))); + cur = str_npbrk(cur, chars, curlen)) + ::memmove(cur, cur + 1, curlen*sizeof(CharT)); + *size = len*sizeof(CharT); +} + +template +inline void StringFilter_impl(CharT *str, size_t *size, const CharT *remove, size_t removelen){ + size_t len = *size/sizeof(CharT), + curlen; + for (CharT *cur = str_nstr(str, remove, len); + (cur && (len -= removelen) && (curlen = len - (cur - str))); + cur = str_nstr(cur, remove, curlen)) + ::memmove(cur, cur + removelen, curlen*sizeof(CharT)); + *size = len*sizeof(CharT); +} + +template +inline void StringFilterBetween_impl(CharT *str, size_t *size, const CharT *fr, size_t frlen, const CharT *to, size_t tolen) +{ + size_t len = *size / sizeof(CharT), + curlen; + for (CharT *cur = str_nstr(str, fr, len); + cur; + cur = str_nstr(cur, fr, curlen)) { + curlen = (len - frlen) - (cur - str); + auto end = str_nstr(cur + frlen, to, curlen); + if (!end) + break; + curlen = len - (end - str) - tolen; + ::memmove(cur, end + tolen, curlen*sizeof(CharT)); + len -= tolen + (end - cur); + } + *size = len * sizeof(CharT); +} + +template +inline void StringCharReplacer_impl(CharT *str, size_t *size, const CharT *src, size_t srclen, CharT ch) +{ + size_t len = *size / sizeof(CharT), + curlen; + for (CharT *cur = str_nstr(str, src, len); + cur && len; + cur = str_nstr(cur, src, curlen)) { + *cur++ = ch; + len -= srclen - 1; + curlen = len - (cur - str); + if (curlen == 0) + break; + ::memmove(cur, cur + srclen-1, sizeof(CharT) * curlen); + } + *size = len * sizeof(CharT); +} + +template +inline void StringReplacer_impl(CharT *str, size_t *size, const CharT *src, size_t srclen, const CharT *dst, size_t dstlen) +{ + size_t len = *size / sizeof(CharT), + curlen; + for (CharT *cur = str_nstr(str, src, len); + cur && len; + cur = str_nstr(cur, src, curlen)) { + ::memcpy(cur, dst, sizeof(CharT) * dstlen); + cur += dstlen; + len -= srclen - dstlen; + curlen = len - (cur - str); + if (curlen == 0) + break; + if (srclen > dstlen) + ::memmove(cur, cur + srclen - dstlen, sizeof(CharT) * curlen); + } + *size = len * sizeof(CharT); +} + +bool NewLineCharFilterA(LPVOID data, size_t *size, HookParam *) +{ + CharFilter(reinterpret_cast(data), reinterpret_cast(size), + '\n'); + return true; +} +bool NewLineCharFilterW(LPVOID data, size_t *size, HookParam *) +{ + CharFilter(reinterpret_cast(data), reinterpret_cast(size), + L'\n'); + return true; +} +bool NewLineStringFilterA(LPVOID data, size_t *size, HookParam *) +{ + StringFilter(reinterpret_cast(data), reinterpret_cast(size), + "\\n", 2); + return true; +} +bool NewLineStringFilterW(LPVOID data, size_t *size, HookParam *) +{ + StringFilter(reinterpret_cast(data), reinterpret_cast(size), + L"\\n", 2); + return true; +} +bool NewLineCharToSpaceFilterA(LPVOID data, size_t *size, HookParam *) +{ + CharReplacer(reinterpret_cast(data), reinterpret_cast(size), '\n', ' '); + return true; +} +bool NewLineCharToSpaceFilterW(LPVOID data, size_t *size, HookParam *) +{ + CharReplacer(reinterpret_cast(data), reinterpret_cast(size), L'\n', L' '); + return true; +} + +// Remove every characters <= 0x1f (i.e. before space ' ') except 0xa and 0xd. +bool IllegalCharsFilterA(LPVOID data, size_t *size, HookParam *) +{ + CharsFilter(reinterpret_cast(data), reinterpret_cast(size), + "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0b\x0c\x0e\x0f\x10\x11\x12\x12\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"); + return true; +} +bool IllegalCharsFilterW(LPVOID data, size_t *size, HookParam *) +{ + CharsFilter(reinterpret_cast(data), reinterpret_cast(size), + L"\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0b\x0c\x0e\x0f\x10\x11\x12\x12\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"); + return true; +} +bool all_ascii_Filter(LPVOID data, size_t *size, HookParam *){ + return ! all_ascii((char*)data,*size); +} + + +void CharReplacer(char *str, size_t *size, char fr, char to){CharReplacer_impl(str,size,fr,to);} +void CharReplacer(wchar_t *str, size_t *size, wchar_t fr, wchar_t to){CharReplacer_impl(str,size,fr,to);} + +void CharFilter(char *str, size_t *size, char ch){CharFilter_impl(str,size,ch);} +void CharFilter(wchar_t *str, size_t *size, wchar_t ch){CharFilter_impl(str,size,ch);} + +void CharsFilter(char *str, size_t *size, const char *chars){CharsFilter_impl(str,size,chars);} +void CharsFilter(wchar_t *str, size_t *size, const wchar_t *chars){CharsFilter_impl(str,size,chars);} + +void StringFilter(char *str, size_t *size, const char *remove, size_t removelen){StringFilter_impl(str,size,remove,removelen);} +void StringFilter(wchar_t *str, size_t *size, const wchar_t *remove, size_t removelen){StringFilter_impl(str,size,remove,removelen);} + +void StringFilterBetween(char *str, size_t *size, const char *fr, size_t frlen, const char *to, size_t tolen){StringFilterBetween_impl(str,size,fr,frlen,to,tolen);} +void StringFilterBetween(wchar_t *str, size_t *size, const wchar_t *fr, size_t frlen, const wchar_t *to, size_t tolen) +{StringFilterBetween_impl(str,size,fr,frlen,to,tolen);} + +void StringCharReplacer(char *str, size_t *size, const char *src, size_t srclen, char ch){StringCharReplacer_impl(str,size,src,srclen,ch);} +void StringCharReplacer(wchar_t *str, size_t *size, const wchar_t *src, size_t srclen, wchar_t ch){StringCharReplacer_impl(str,size,src,srclen,ch);} + +void StringReplacer(char *str, size_t *size, const char *src, size_t srclen, const char *dst, size_t dstlen){StringReplacer_impl(str,size,src,srclen,dst,dstlen);} +void StringReplacer(wchar_t *str, size_t *size, const wchar_t *src, size_t srclen, const wchar_t *dst, size_t dstlen){StringReplacer_impl(str,size,src,srclen,dst,dstlen);} \ No newline at end of file diff --git a/LunaHook/util/stringfilters.h b/LunaHook/util/stringfilters.h new file mode 100644 index 0000000..0b4e910 --- /dev/null +++ b/LunaHook/util/stringfilters.h @@ -0,0 +1,34 @@ +#include "texthook.h" +#include "cpputil/cppcstring.h" +void CharReplacer(char *str, size_t *size, char fr, char to); +void CharReplacer(wchar_t *str, size_t *size, wchar_t fr, wchar_t to); + +void CharFilter(char *str, size_t *size, char ch); +void CharFilter(wchar_t *str, size_t *size, wchar_t ch); + +void CharsFilter(char *str, size_t *size, const char *chars); +void CharsFilter(wchar_t *str, size_t *size, const wchar_t *chars); + +void StringFilter(char *str, size_t *size, const char *remove, size_t removelen); +void StringFilter(wchar_t *str, size_t *size, const wchar_t *remove, size_t removelen); + +void StringFilterBetween(char *str, size_t *size, const char *fr, size_t frlen, const char *to, size_t tolen); +void StringFilterBetween(wchar_t *str, size_t *size, const wchar_t *fr, size_t frlen, const wchar_t *to, size_t tolen); + +void StringCharReplacer(char *str, size_t *size, const char *src, size_t srclen, char ch); +void StringCharReplacer(wchar_t *str, size_t *size, const wchar_t *src, size_t srclen, wchar_t ch); + +void StringReplacer(char *str, size_t *size, const char *src, size_t srclen, const char *dst, size_t dstlen); +void StringReplacer(wchar_t *str, size_t *size, const wchar_t *src, size_t srclen, const wchar_t *dst, size_t dstlen); + +bool NewLineCharFilterA(LPVOID data, size_t *size, HookParam *); +bool NewLineCharFilterW(LPVOID data, size_t *size, HookParam *); +bool NewLineStringFilterA(LPVOID data, size_t *size, HookParam *); +bool NewLineStringFilterW(LPVOID data, size_t *size, HookParam *); +bool NewLineCharToSpaceFilterA(LPVOID data, size_t *size, HookParam *); +bool NewLineCharToSpaceFilterW(LPVOID data, size_t *size, HookParam *); +bool IllegalCharsFilterA(LPVOID data, size_t *size, HookParam *); +bool IllegalCharsFilterW(LPVOID data, size_t *size, HookParam *); + +bool all_ascii_Filter(LPVOID data, size_t *size, HookParam *); + diff --git a/LunaHook/util/textunion.h b/LunaHook/util/textunion.h new file mode 100644 index 0000000..70b6f86 --- /dev/null +++ b/LunaHook/util/textunion.h @@ -0,0 +1,55 @@ +#pragma once + +#include"embed_util.h" + +inline size_t str_len(const char *s){return strlen(s);} +inline size_t str_len(const wchar_t *s){return wcslen(s);} + +template +struct TextUnion +{ + enum { ShortTextCapacity = 0x10/sizeof(CharT) }; + + union { + const CharT *text; // 0x0 + CharT chars[ShortTextCapacity]; + }; + int size, // 0x10 + capacity; + + bool isValid() const + { + if (size <= 0 || size > capacity) + return false; + const CharT *t = getText(); + return Engine::isAddressWritable(t, size) && str_len(t) == size; + } + + const CharT *getText() const + { return size < ShortTextCapacity ? chars : text; } + + void setText(const CharT *_text, int _size) + { + if (_size < ShortTextCapacity) + ::memcpy(chars, _text, (_size + 1) * sizeof(CharT)); + else + text = _text; + capacity = size = _size; + } + + void setLongText(const CharT *_text, int _size) + { + text = _text; + size = _size; + capacity = max(ShortTextCapacity, _size); + } + + void setText(const std::basic_string &text) + { setText((const CharT *)text.c_str(), text.size()); } + void setLongText(const std::basic_string &text) + { setLongText((const CharT *)text.c_str(), text.size()); } +}; + +using TextUnionA=TextUnion; +using TextUnionW=TextUnion; +// EOF diff --git a/LunaHook/util/util.cc b/LunaHook/util/util.cc new file mode 100644 index 0000000..b166a27 --- /dev/null +++ b/LunaHook/util/util.cc @@ -0,0 +1,581 @@ +// util/util.cc +// 8/23/2013 jichi +// Branch: ITH_Engine/engine.cpp, revision 133 +// See: http://ja.wikipedia.org/wiki/プロジェクト:美少女ゲーム系/ゲームエンジン + +#include "util/util.h" +#include "ithsys/ithsys.h" +#include "main.h" +#include + +namespace { // unnamed + +// jichi 4/19/2014: Return the integer that can mask the signature +// Artikash 8/4/2018: change implementation +DWORD SigMask(DWORD sig) +{ + DWORD count = 0; + while (sig) + { + sig >>= 8; + ++count; + } + count -= 4; + count = -count; + return 0xffffffff >> (count << 3); +} + +uint64_t SafeSearchMemory(uint64_t startAddr, uint64_t endAddr, const BYTE* bytes, short length) +{ + __try + { + for (int i = 0; i < endAddr - startAddr - length; ++i) + for (int j = 0; j <= length; ++j) + if (j == length) return startAddr + i; // not sure about this algorithm... + else if (*((BYTE*)startAddr + i + j) != *(bytes + j) && *(bytes + j) != XX) break; + } + __except (EXCEPTION_EXECUTE_HANDLER) + { + ConsoleOutput("SearchMemory ERROR"); + } + return 0; +} + +} // namespace unnamed + +namespace Util +{ + +#ifndef _WIN64 +// jichi 8/24/2013: binary search? +DWORD GetCodeRange(DWORD hModule,DWORD *low, DWORD *high) +{ + IMAGE_DOS_HEADER *DosHdr; + IMAGE_NT_HEADERS *NtHdr; + DWORD dwReadAddr; + IMAGE_SECTION_HEADER *shdr; + DosHdr = (IMAGE_DOS_HEADER *)hModule; + if (IMAGE_DOS_SIGNATURE == DosHdr->e_magic) { + dwReadAddr = hModule + DosHdr->e_lfanew; + NtHdr = (IMAGE_NT_HEADERS *)dwReadAddr; + if (IMAGE_NT_SIGNATURE == NtHdr->Signature) { + shdr = (PIMAGE_SECTION_HEADER)((DWORD)(&NtHdr->OptionalHeader) + NtHdr->FileHeader.SizeOfOptionalHeader); + while ((shdr->Characteristics & IMAGE_SCN_CNT_CODE) == 0) + shdr++; + *low = hModule + shdr->VirtualAddress; + *high = *low + (shdr->Misc.VirtualSize & 0xfffff000) + 0x1000; + } + } + return 0; +} + +DWORD FindCallAndEntryBoth(DWORD fun, DWORD size, DWORD pt, DWORD sig) +{ + //WCHAR str[0x40]; + enum { reverse_length = 0x800 }; + DWORD t, l; + DWORD mask = SigMask(sig); + bool flag2; + for (DWORD i = 0x1000; i < size-4; i++) { + bool flag1 = false; + if (*(BYTE *)(pt + i) == 0xe8) { + flag1 = flag2 = true; + t = *(DWORD *)(pt + i + 1); + } else if (*(WORD *)(pt + i) == 0x15ff) { + flag1 = true; + flag2 = false; + t = *(DWORD *)(pt + i + 2); + } + if (flag1) { + if (flag2) { + flag1 = (pt + i + 5 + t == fun); + l = 5; + } else if (t >= pt && t <= pt + size - 4) { + flag1 = fun == *(DWORD *)t; + l = 6; + } else + flag1 = false; + if (flag1) + //swprintf(str,L"CALL addr: 0x%.8X",pt + i); + //OutputConsole(str); + for (DWORD j = i; j > i - reverse_length; j--) + if ((*(WORD *)(pt + j)) == (sig & mask)) //Fun entry 1. + //swprintf(str,L"Entry: 0x%.8X",pt + j); + //OutputConsole(str); + return pt + j; + else + i += l; + } + } + //OutputConsole(L"Find call and entry failed."); + return 0; +} + +DWORD FindCallOrJmpRel(DWORD fun, DWORD size, DWORD pt, bool jmp) +{ + BYTE sig = (jmp) ? 0xe9 : 0xe8; + for (DWORD i = 0x1000; i < size - 4; i++) + if (sig == *(BYTE *)(pt + i)) { + DWORD t = *(DWORD *)(pt + i + 1); + if(fun == pt + i + 5 + t) + //OutputDWORD(pt + i); + return pt + i; + else + i += 5; + } + return 0; +} + +DWORD FindCallOrJmpAbs(DWORD fun, DWORD size, DWORD pt, bool jmp) +{ + WORD sig = jmp ? 0x25ff : 0x15ff; + for (DWORD i = 0x1000; i < size - 4; i++) + if (sig == *(WORD *)(pt + i)) { + DWORD t = *(DWORD *)(pt + i + 2); + if (t > pt && t < pt + size) { + if (fun == *(DWORD *)t) + return pt + i; + else + i += 5; + } + } + return 0; +} + +DWORD FindCallBoth(DWORD fun, DWORD size, DWORD pt) +{ + for (DWORD i = 0x1000; i < size - 4; i++) { + if (*(BYTE *)(pt + i) == 0xe8) { + DWORD t = *(DWORD *)(pt + i + 1) + pt + i + 5; + if (t == fun) + return i; + } + if (*(WORD *)(pt + i) == 0x15ff) { + DWORD t = *(DWORD *)(pt + i + 2); + if (t >= pt && t <= pt + size - 4) { + if (*(DWORD *)t == fun) + return i; + else + i += 6; + } + } + } + return 0; +} + +DWORD FindCallAndEntryAbs(DWORD fun, DWORD size, DWORD pt, DWORD sig) +{ + //WCHAR str[0x40]; + enum { reverse_length = 0x800 }; + DWORD mask = SigMask(sig); + for (DWORD i = 0x1000; i < size - 4; i++) + if (*(WORD *)(pt + i) == 0x15ff) { + DWORD t = *(DWORD *)(pt + i + 2); + if (t >= pt && t <= pt + size - 4) { + if (*(DWORD *)t == fun) + //swprintf(str,L"CALL addr: 0x%.8X",pt + i); + //OutputConsole(str); + for (DWORD j = i ; j > i - reverse_length; j--) + if ((*(DWORD *)(pt + j) & mask) == sig) // Fun entry 1. + //swprintf(str,L"Entry: 0x%.8X",pt + j); + //OutputConsole(str); + return pt + j; + + } else + i += 6; + } + //OutputConsole(L"Find call and entry failed."); + return 0; +} + +DWORD FindCallAndEntryRel(DWORD fun, DWORD size, DWORD pt, DWORD sig) +{ + //WCHAR str[0x40]; + enum { reverse_length = 0x800 }; + if (DWORD i = FindCallOrJmpRel(fun, size, pt, false)) { + DWORD mask = SigMask(sig); + for (DWORD j = i; j > i - reverse_length; j--) + if (((*(DWORD *)j) & mask) == sig) //Fun entry 1. + //swprintf(str,L"Entry: 0x%.8X",j); + //OutputConsole(str); + return j; + //OutputConsole(L"Find call and entry failed."); + } + return 0; +} + +DWORD FindImportEntry(DWORD hModule, DWORD fun) +{ + IMAGE_DOS_HEADER *DosHdr; + IMAGE_NT_HEADERS *NtHdr; + DWORD IAT, end, pt, addr; + DosHdr = (IMAGE_DOS_HEADER *)hModule; + if (IMAGE_DOS_SIGNATURE == DosHdr->e_magic) { + NtHdr = (IMAGE_NT_HEADERS *)(hModule + DosHdr->e_lfanew); + if (IMAGE_NT_SIGNATURE == NtHdr->Signature) { + IAT = NtHdr->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IAT].VirtualAddress; + end = NtHdr->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IAT].Size; + IAT += hModule; + end += IAT; + for (pt = IAT; pt < end; pt += 4) { + addr = *(DWORD *)pt; + if (addr == fun) + return pt; + } + } + } + return 0; +} +#endif + +bool CheckFile(LPCWSTR name) +{ + WIN32_FIND_DATAW unused; + HANDLE file = FindFirstFileW(name, &unused); + if (file != INVALID_HANDLE_VALUE) + { + FindClose(file); + return true; + } + wchar_t path[MAX_PATH * 2]; + wchar_t* end = path + GetModuleFileNameW(nullptr, path, MAX_PATH); + while (*(--end) != L'\\'); + wcscpy_s(end + 1, MAX_PATH, name); + file = FindFirstFileW(path, &unused); + if (file != INVALID_HANDLE_VALUE) + { + FindClose(file); + return true; + } + return false; +} + +// Search string in rsrc section. This section usually contains version and copyright info. +bool SearchResourceString(LPCWSTR str) +{ + uintptr_t hModule = (uintptr_t)GetModuleHandleW(nullptr); + IMAGE_DOS_HEADER *DosHdr; + IMAGE_NT_HEADERS *NtHdr; + DosHdr = (IMAGE_DOS_HEADER *)hModule; + uintptr_t rsrc, size; + if (IMAGE_DOS_SIGNATURE == DosHdr->e_magic) { + NtHdr = (IMAGE_NT_HEADERS *)(hModule + DosHdr->e_lfanew); + if (IMAGE_NT_SIGNATURE == NtHdr->Signature) { + rsrc = NtHdr->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_RESOURCE].VirtualAddress; + if (rsrc) { + rsrc += hModule; + if (IthGetMemoryRange((LPVOID)rsrc, &rsrc ,&size) && + SearchPattern(rsrc, size - 4, str, wcslen(str) << 1)) + return true; + } + } + } + return false; +} + +std::pair QueryModuleLimits(HMODULE module,uintptr_t addition,DWORD protect) +{ + uintptr_t moduleStartAddress = (uintptr_t)module + addition; + uintptr_t moduleStopAddress = moduleStartAddress; + MEMORY_BASIC_INFORMATION info; + do + { + VirtualQuery((void*)moduleStopAddress, &info, sizeof(info)); + moduleStopAddress = (uintptr_t)info.BaseAddress + info.RegionSize; + } while (info.Protect>=protect); + moduleStopAddress -= info.RegionSize; + return { moduleStartAddress, moduleStopAddress }; +} + +std::vector SearchMemory(const void* bytes, short length, DWORD protect, uintptr_t minAddr, uintptr_t maxAddr) +{ + SYSTEM_INFO systemInfo; + GetNativeSystemInfo(&systemInfo); + std::vector> validMemory; + for (BYTE* probe = NULL; probe < systemInfo.lpMaximumApplicationAddress;) + { + MEMORY_BASIC_INFORMATION info = {}; + if (!VirtualQuery(probe, &info, sizeof(info))) + { + probe += systemInfo.dwPageSize; + continue; + } + else + { + if ((uint64_t)info.BaseAddress + info.RegionSize >= minAddr && info.Protect >= protect && !(info.Protect & PAGE_GUARD)) + validMemory.push_back({ (uint64_t)info.BaseAddress, info.RegionSize }); + probe += info.RegionSize; + } + } + + std::vector ret; + for (auto memory : validMemory) + for (uint64_t addr = max(memory.first, minAddr); true;) + if (addr < maxAddr && (addr = SafeSearchMemory(addr, memory.first + memory.second, (const BYTE*)bytes, length))) + ret.push_back(addr++); + else break; + + return ret; +} + +uintptr_t FindFunction(const char* function) +{ + static HMODULE modules[300] = {}; + static auto _ = EnumProcessModules(GetCurrentProcess(), modules, sizeof(modules), DUMMY); + for (auto module : modules) if (auto addr = GetProcAddress(module, function)) return (uintptr_t)addr; + return 0; +} + +} + +#ifndef _WIN64 + +ULONG SafeFindEnclosingAlignedFunction(DWORD addr, DWORD range) +{ + ULONG r = 0; + __try{ + r = MemDbg::findEnclosingAlignedFunction(addr, range); // this function might raise if failed + }__except(EXCEPTION_EXECUTE_HANDLER) {} + return r; +} + +ULONG SafeFindBytes(LPCVOID pattern, DWORD patternSize, DWORD lowerBound, DWORD upperBound) +{ + ULONG r = 0; + __try{ + r = MemDbg::findBytes(pattern, patternSize, lowerBound, upperBound); + }__except(EXCEPTION_EXECUTE_HANDLER) {} + return r; +} +// jichi 7/17/2014: Search mapped memory for emulators +ULONG _SafeMatchBytesInMappedMemory(LPCVOID pattern, DWORD patternSize, BYTE wildcard, + ULONG start, ULONG stop, ULONG step) +{ + for (ULONG i = start; i < stop; i += step) // + patternSize to avoid overlap + if (ULONG r = SafeFindBytes(pattern, patternSize, i, i + step + patternSize + 1)) + return r; + return 0; +} +ULONG SafeMatchBytesInGCMemory(LPCVOID pattern, DWORD patternSize) +{ + enum : ULONG { + start = MemDbg::MappedMemoryStartAddress // 0x01000000 + , stop = MemDbg::MemoryStopAddress // 0x7ffeffff + , step = start + }; + return _SafeMatchBytesInMappedMemory(pattern, patternSize, XX, start, stop, step); +} +#endif + + +#ifndef _WIN64 + +std::vector findrelativecall(const BYTE* pattern ,int length,DWORD calladdress,DWORD start, DWORD end) +{ + std::vector save; + for (; start < end;start+=1 ) { + DWORD addr=MemDbg::findBytes(pattern, length, start, end); + start = addr; + if (!addr)return save; + + BYTE callop = 0xE8; + + union little { + DWORD _dw; + BYTE _bytes[4]; + }relative; + relative._dw = (calladdress - addr -length- 5); + DWORD calladdr = addr + length; + if (*((BYTE*)calladdr) == callop) { + + calladdr += 1; + BYTE* _b = (BYTE*)calladdr; + BYTE* _a = relative._bytes; + /*ConsoleOutput("%p", addr); + ConsoleOutput("%p %x", calladdress, relative._dw); + ConsoleOutput("%02x%02x%02x%02x %02x%02x%02x%02x", _a[0], _a[1], _a[2], _a[3], _b[0], _b[1], _b[2], _b[3]);*/ + if ((_a[0] == _b[0]) && (_a[1] == _b[1]) && (_a[2] == _b[2]) && (_a[3] == _b[3])) { + save.push_back(start); + } + } + } + return save; +} +std::vector findxref_reverse_checkcallop(DWORD addr, DWORD from, DWORD to,BYTE op) { + //op可以为E8 call E9 jump + //上面的版本其实就应该checkcallop的,之前忘了,但不敢乱改破坏之前的了,不然还要重新测试。 + std::vector res; + if (addr == 0)return res; + DWORD now = to; + while (now > from) { + DWORD calladdr = now - 5; + if(IsBadReadPtr((LPVOID)(calladdr + 1),4)==0){ + DWORD relative = *(DWORD*)(calladdr + 1); + if (now + relative == addr) { + if(*(BYTE*)calladdr==op) + res.push_back(calladdr); + } + } + + now -= 1; + } + return res; +} +uintptr_t finddllfunctioncall(uintptr_t funcptr,uintptr_t start, uintptr_t end,WORD sig,bool reverse){ + auto entry=Util::FindImportEntry(start,funcptr); + if(entry==0)return 0; + BYTE bytes[]={0xFF,0x15,XX4}; + memcpy(bytes+2,&entry,4); + memcpy(bytes,&sig,2); + if(reverse) + return reverseFindBytes(bytes,sizeof(bytes),start,end); + else + return MemDbg::findBytes(bytes,sizeof(bytes),start,end); +} +uintptr_t findfuncstart(uintptr_t addr,uintptr_t range){ + const BYTE funcstart[] = { + 0x55,0x8b,0xec + }; + addr = reverseFindBytes(funcstart, sizeof(funcstart), addr-range, addr); + return addr; +} + +#endif + + +uintptr_t reverseFindBytes(const BYTE* pattern, int length, uintptr_t start, uintptr_t end) { + for (end -= length; end >= start; end -= 1) { + bool success=true; + for(int i=0;i findxref_reverse(uintptr_t addr, uintptr_t from, uintptr_t to) { + std::vector res; + if (addr == 0)return res; + uintptr_t now = to; + while (now > from) { + uintptr_t calladdr = now - 5; + uintptr_t relative = *(int*)(calladdr + 1); + if (now + relative == addr) { + res.push_back(calladdr); + } + now -= 1; + } + return res; +} +int hexCharToValue(char c) { + if (c >= '0' && c <= '9') { + return c - '0'; + } else if (c >= 'A' && c <= 'F') { + return c - 'A' + 10; + } else if (c >= 'a' && c <= 'f') { + return c - 'a' + 10; + } else if(c=='?'){ + return -1; + } + else{ + return -2; + } +} +uintptr_t find_pattern(const char* pattern,uintptr_t start,uintptr_t end){ + std::vector check; + bool ignore=false; + for(int i=0;i_type,_pattern; + for(int j=0;j QueryModuleLimits(HMODULE module,uintptr_t addition=0x1000,DWORD protect=PAGE_EXECUTE); +std::vector SearchMemory(const void* bytes, short length, DWORD protect = PAGE_EXECUTE, uintptr_t minAddr = 0, uintptr_t maxAddr = -1ULL); +uintptr_t FindFunction(const char* function); + +} // namespace Util + + +#ifndef _WIN64 + +ULONG SafeFindEnclosingAlignedFunction(DWORD addr, DWORD range); +ULONG SafeFindBytes(LPCVOID pattern, DWORD patternSize, DWORD lowerBound, DWORD upperBound); +ULONG _SafeMatchBytesInMappedMemory(LPCVOID pattern, DWORD patternSize, BYTE wildcard, + ULONG start, ULONG stop, ULONG step); +ULONG SafeMatchBytesInGCMemory(LPCVOID pattern, DWORD patternSize); + +std::vector findrelativecall(const BYTE* pattern ,int length,DWORD calladdress,DWORD start, DWORD end); +std::vector findxref_reverse_checkcallop(DWORD addr, DWORD from, DWORD to,BYTE op) ; +uintptr_t finddllfunctioncall(uintptr_t funcptr,uintptr_t start, uintptr_t end,WORD sig=0x15ff,bool reverse=false); +uintptr_t findfuncstart(uintptr_t addr,uintptr_t range=0x100); +#endif + +uintptr_t find_pattern(const char* pattern,uintptr_t start,uintptr_t end); +uintptr_t reverseFindBytes(const BYTE* pattern, int length, uintptr_t start, uintptr_t end); +std::vector findxref_reverse(uintptr_t addr, uintptr_t from, uintptr_t to); + + +namespace Engine{ +bool isAddressReadable(const uintptr_t *p); +bool isAddressReadable(const char *p, size_t count = 1); +bool isAddressReadable(const wchar_t *p, size_t count = 1); +bool isAddressWritable(const uintptr_t *p); +bool isAddressWritable(const char *p, size_t count = 1); +bool isAddressWritable(const wchar_t *p, size_t count = 1); +inline bool isAddressReadable(const void *addr) { return isAddressReadable((const uintptr_t *)addr); } +inline bool isAddressReadable(uintptr_t addr) { return isAddressReadable((const void *)addr); } +inline bool isAddressWritable(const void *addr) { return isAddressWritable((const uintptr_t *)addr); } +inline bool isAddressWritable(uintptr_t addr) { return isAddressWritable((const void *)addr); } +} + diff --git a/LunaHost/CMakeLists.txt b/LunaHost/CMakeLists.txt new file mode 100644 index 0000000..e146951 --- /dev/null +++ b/LunaHost/CMakeLists.txt @@ -0,0 +1,19 @@ +add_library(host + host.cpp + textthread.cpp +) +target_precompile_headers(host REUSE_FROM pch) + +include_directories(.) + +add_executable(LunaHostCLI LunaHostCLI.cpp) +target_precompile_headers(LunaHostCLI REUSE_FROM pch) + +add_library(LunaHostDll MODULE LunaHostDll.cpp) +target_precompile_headers(LunaHostDll REUSE_FROM pch) + +set_target_properties(LunaHostCLI PROPERTIES OUTPUT_NAME "LunaHostCLI${bitappendix}") +set_target_properties(LunaHostDll PROPERTIES OUTPUT_NAME "LunaHost${bitappendix}") +target_link_libraries(LunaHostCLI pch host ${YY_Thunks_for_WinXP}) +target_link_libraries(LunaHostDll pch host ${YY_Thunks_for_WinXP}) +add_subdirectory(GUI) \ No newline at end of file diff --git a/LunaHost/GUI/CMakeLists.txt b/LunaHost/GUI/CMakeLists.txt new file mode 100644 index 0000000..b57fbbc --- /dev/null +++ b/LunaHost/GUI/CMakeLists.txt @@ -0,0 +1,5 @@ +add_executable(LunaHost WIN32 controls.cpp main.cpp processlistwindow.cpp LunaHost.cpp window.cpp luna.rc) +target_precompile_headers(LunaHost REUSE_FROM pch) +set_target_properties(LunaHost PROPERTIES OUTPUT_NAME "LunaHost${bitappendix}") + +target_link_libraries(LunaHost pch host ${YY_Thunks_for_WinXP}) diff --git a/LunaHost/GUI/LunaHost.cpp b/LunaHost/GUI/LunaHost.cpp new file mode 100644 index 0000000..03ee943 --- /dev/null +++ b/LunaHost/GUI/LunaHost.cpp @@ -0,0 +1,173 @@ + +#include +#include +#include + +#include"host.h" +#include"hookcode.h" +#include"textthread.h" +#include"LunaHost.h" +#include"processlistwindow.h" +#include"Lang/Lang.h" + +void LunaHost::toclipboard(std::wstring& sentence){ + + for (int loop = 0; loop < 10; loop++) { + if (OpenClipboard(winId)) { + HGLOBAL hMem = GlobalAlloc(GMEM_MOVEABLE, (sentence.size() + 2) * sizeof(wchar_t)); + memcpy(GlobalLock(hMem), sentence.c_str(), (sentence.size() + 2) * sizeof(wchar_t)); + EmptyClipboard(); + SetClipboardData(CF_UNICODETEXT, hMem); + GlobalUnlock(hMem); + CloseClipboard(); + break; + } + std::this_thread::sleep_for(std::chrono::milliseconds(50)); + } +} +void LunaHost::on_close(){ + for(auto pid:attachedprocess){ + Host::DetachProcess(pid); + } +} +void LunaHost::on_size(int w,int h){ + int height = h-140; + g_hListBox_listtext->setgeo(10, 110, w - 20, height/2); + g_showtexts->setgeo(10, 120+height/2, w - 20, height/2); +} + +LunaHost::LunaHost(){ + settext(WndLunaHostGui); + g_selectprocessbutton =new button(this,BtnSelectProcess,780, 10, 200, 40) ; + + g_hEdit_userhook = new textedit(this,L"",10, 60, 600, 40,ES_AUTOHSCROLL); + + g_hButton_insert = new button(this,BtnInsertUserHook,610, 60, 200, 40) ; + + g_selectprocessbutton->onclick=[&](){ + if(_processlistwindow==0) _processlistwindow=new processlistwindow(this); + _processlistwindow->show(); + }; + g_hButton_insert->onclick=[&](){ + auto hp = HookCode::Parse(std::move(g_hEdit_userhook->text())); + if(hp){ + for(auto _:attachedprocess){ + Host::InsertHook(_,hp.value()); + } + } + else{ + g_showtexts->appendtext(NotifyInvalidHookCode); + } + }; + g_check_clipboard =new checkbox(this,BtnToClipboard,550, 10, 200, 40) ; + g_check_clipboard->onclick=[&](){ + check_toclipboard=g_check_clipboard->ischecked(); + }; + new label(this,LblFlushDelay,10, 10, 150, 40); + new label(this,LblCodePage,270, 10, 150, 40); + + g_timeout = new textedit(this,std::to_wstring(TextThread::flushDelay).c_str(),160, 10, 100, 40) ; + g_codepage = new textedit(this,L"932",420, 10, 100, 40) ; + + g_timeout->ontextchange=[&](const std::wstring &text){ + TextThread::flushDelay=std::stoi(text); + }; + g_codepage->ontextchange=[&](const std::wstring &text){ + try { + auto cp=std::stoi(text); + if(IsValidCodePage(cp)) + Host::defaultCodepage= cp; + } + catch (const std::invalid_argument& e) { + } + }; + + g_hListBox_listtext = new listbox(this,10, 120, 200, 200); + g_hListBox_listtext->oncurrentchange=[&](int idx){ + uint64_t handle = g_hListBox_listtext->getdata(idx); + std::wstring get; + for(auto& _:savetext.at(handle)){ + get+=_; + get+=L"\r\n"; + } + currentselect=handle; + g_showtexts->settext(get); + g_showtexts->scrolltoend(); + }; + +#define IDM_REMOVE_HOOK 1001 +#define IDM_DETACH_PROCESS 1002 +#define IDM_COPY_HOOKCODE 1003 + g_hListBox_listtext->oncontextmenu=[](){ + HMENU hMenu = CreatePopupMenu(); + AppendMenu(hMenu, MF_STRING, IDM_COPY_HOOKCODE, MenuCopyHookCode); + AppendMenu(hMenu, MF_STRING, IDM_REMOVE_HOOK, MenuRemoveHook); + AppendMenu(hMenu, MF_STRING, IDM_DETACH_PROCESS, MenuDetachProcess); + return hMenu; + }; + g_hListBox_listtext->oncontextmenucallback=[&](WPARAM wparam){ + + int handle = g_hListBox_listtext->getdata(g_hListBox_listtext->currentidx()); + switch (LOWORD(wparam)) { + + case IDM_COPY_HOOKCODE: + toclipboard(std::wstring(savehooks[handle]->hp.hookcode)); + break; + case IDM_DETACH_PROCESS: + Host::DetachProcess(savehooks[handle]->tp.processId); + break; + case IDM_REMOVE_HOOK: + Host::RemoveHook(savehooks[handle]->tp.processId,savehooks[handle]->tp.addr); + break; + } + }; + g_showtexts = new textedit(this,L"",10, 330, 200, 200,ES_READONLY|ES_MULTILINE |ES_AUTOVSCROLL| WS_VSCROLL); + + Host::Start( + [&](DWORD pid) {attachedprocess.push_back(pid);}, + [&](DWORD pid) { + attachedprocess.erase(std::remove(attachedprocess.begin(), attachedprocess.end(), pid), attachedprocess.end()); + }, + [&](TextThread& thread) { + wchar_t buff[65535]; + swprintf_s(buff,L"[%I64X:%I32X:%I64X:%I64X:%I64X:%s:%s]", + thread.handle, + thread.tp.processId, + thread.tp.addr, + thread.tp.ctx, + thread.tp.ctx2, + thread.name.c_str(), + thread.hp.hookcode + ); + savetext.insert({thread.handle,{}}); + int index=g_hListBox_listtext->additem(buff); + g_hListBox_listtext->setdata(index,thread.handle); + savehooks.insert(std::make_pair(thread.handle,&thread)); + }, + [&](TextThread& thread) { + int count = g_hListBox_listtext->count(); + for (int i = 0; i < count; i++) { + uint64_t handle = g_hListBox_listtext->getdata(i); + + if (handle== thread.handle) { + g_hListBox_listtext->deleteitem(i); + break; + } + } + }, + [&](TextThread& thread, std::wstring& output) + { + std::lock_guard _(settextmutex); + std::wstring lfoutput=output; + strReplace(lfoutput,L"\n",L"\r\n"); + savetext.at(thread.handle).push_back(lfoutput); + if(currentselect==thread.handle){ + g_showtexts->scrolltoend(); + g_showtexts->appendtext(lfoutput); + if(check_toclipboard) + toclipboard(output); + } + return false; + } + ); +} \ No newline at end of file diff --git a/LunaHost/GUI/LunaHost.h b/LunaHost/GUI/LunaHost.h new file mode 100644 index 0000000..5452ef1 --- /dev/null +++ b/LunaHost/GUI/LunaHost.h @@ -0,0 +1,27 @@ +#include"window.h" +#include"controls.h" +#include"processlistwindow.h" +#include"textthread.h" +class LunaHost:public mainwindow{ + + int64_t currentselect=0; + std::map>savetext; + std::vectorattachedprocess; + bool check_toclipboard=false; + std::mapsavehooks; + std::mutex settextmutex; + textedit* g_hEdit_userhook; + button* g_hButton_insert; + listbox* g_hListBox_listtext; + textedit* g_showtexts; + button* g_selectprocessbutton; + textedit* g_timeout; + textedit* g_codepage; + checkbox* g_check_clipboard; + void toclipboard(std::wstring& sentence); + processlistwindow *_processlistwindow=0; +public: + void on_size(int w,int h); + void on_close(); + LunaHost(); +}; \ No newline at end of file diff --git a/LunaHost/GUI/controls.cpp b/LunaHost/GUI/controls.cpp new file mode 100644 index 0000000..5c6aefd --- /dev/null +++ b/LunaHost/GUI/controls.cpp @@ -0,0 +1,85 @@ +#include"controls.h" +#include"window.h" +control::control(mainwindow*_parent){ + parent=_parent; + parent->controls.push_back(this); +} +void control::dispatch(WPARAM){} + +button::button(mainwindow* parent,LPCWSTR text,int x,int y,int w,int h,DWORD style):control(parent){ + winId=CreateWindowEx(0, L"BUTTON", text, WS_CHILD | WS_VISIBLE |style , + x, y, w, h, parent->winId , NULL, NULL, NULL); +} +void button::dispatch(WPARAM wparam){ + if(wparam==BN_CLICKED){ + onclick(); + } +} +bool checkbox::ischecked(){ + int state = SendMessage(winId, BM_GETCHECK, 0, 0); + return (state == BST_CHECKED); +} +checkbox::checkbox(mainwindow* parent,LPCWSTR text,int x,int y,int w,int h):button(parent,text,x,y,w,h,BS_AUTOCHECKBOX){ +} +textedit::textedit(mainwindow* parent,LPCWSTR text,int x,int y,int w,int h,DWORD stype):control(parent){ + winId=CreateWindowEx(0, L"EDIT", text, WS_CHILD | WS_VISIBLE | WS_BORDER|stype , + x, y, w, h, parent->winId, NULL, NULL, NULL); +} +void textedit::scrolltoend(){ + int textLength = GetWindowTextLength(winId); + SendMessage(winId, EM_SETSEL, (WPARAM)textLength, (LPARAM)textLength); + SendMessage(winId, EM_SCROLLCARET, 0, 0); +} +void textedit::appendtext(const std::wstring& text){ + auto _=std::wstring(L"\r\n")+text; + SendMessage(winId, EM_REPLACESEL, 0, (LPARAM)_.c_str()); +} + +void textedit::dispatch(WPARAM wparam){ + if(HIWORD(wparam)==EN_CHANGE){ + ontextchange(text()); + } +} +label::label(mainwindow* parent,LPCWSTR text,int x,int y,int w,int h):control(parent){ + winId=CreateWindowEx(0, L"STATIC", text, WS_CHILD | WS_VISIBLE, + x, y, w, h, parent->winId , NULL, NULL, NULL); +} + +listbox::listbox(mainwindow* parent,int x,int y,int w,int h):control(parent){ + + winId=CreateWindowEx(WS_EX_CLIENTEDGE, L"LISTBOX", L"", WS_CHILD | WS_VISIBLE | WS_VSCROLL | LBS_NOTIFY|LBS_NOINTEGRALHEIGHT, + x, y, w, h, parent->winId , NULL, NULL, NULL); +} +void listbox::dispatch(WPARAM wparam){ + if(HIWORD(wparam) == LBN_SELCHANGE){ + oncurrentchange(currentidx()); + } +} + +int listbox::currentidx(){ + return SendMessage(winId, LB_GETCURSEL, 0, 0); +} +std::wstring listbox::text(int idx){ + int textLength = SendMessage(winId, LB_GETTEXTLEN, idx,0); + std::vector buffer(textLength + 1); + SendMessage(winId, LB_GETTEXT, idx, (LPARAM)buffer.data()); + return buffer.data(); +} +void listbox::clear(){ + SendMessage(winId, LB_RESETCONTENT, 0, 0); +} +int listbox::additem(LPCWSTR text){ + return SendMessage(winId, LB_ADDSTRING, 0, (LPARAM)text); +} +void listbox::deleteitem(int i){ + SendMessage(winId, LB_DELETESTRING, (WPARAM)i, (LPARAM)i); +} +void listbox::setdata(int idx,LONG_PTR data){ + SendMessage(winId, LB_SETITEMDATA, idx, (LPARAM)data); +} +LONG_PTR listbox::getdata(int idx){ + return SendMessage(winId, LB_GETITEMDATA, idx, 0); +} +int listbox::count(){ + return SendMessage(winId, LB_GETCOUNT, 0, 0); +} \ No newline at end of file diff --git a/LunaHost/GUI/controls.h b/LunaHost/GUI/controls.h new file mode 100644 index 0000000..fe20466 --- /dev/null +++ b/LunaHost/GUI/controls.h @@ -0,0 +1,53 @@ +#ifndef LUNA_BASE_CONTROLS_H +#define LUNA_BASE_CONTROLS_H +#include"window.h" +class control:public basewindow{ + public: + mainwindow* parent; + control(mainwindow*); + virtual void dispatch(WPARAM); + + std::functiononcontextmenu=[](){return (HMENU)nullptr;}; + std::functiononcontextmenucallback=[](WPARAM){}; +}; + +class button:public control{ +public: + button(mainwindow*,LPCWSTR,int,int,int,int,DWORD=BS_PUSHBUTTON); + void dispatch(WPARAM); + std::function onclick=[](){}; +}; +class checkbox:public button{ +public: + checkbox(mainwindow*,LPCWSTR,int,int,int,int); + bool ischecked(); +}; +class textedit:public control{ +public: + textedit(mainwindow*,LPCWSTR,int,int,int,int,DWORD stype=0); + void dispatch(WPARAM); + std::function ontextchange=[&](const std::wstring &text){}; + void appendtext(const std::wstring&); + void scrolltoend(); +}; + +class label:public control{ +public: + label(mainwindow*,LPCWSTR,int,int,int,int); +}; + +class listbox:public control{ +public: + listbox(mainwindow*,int,int,int,int); + void dispatch(WPARAM); + int currentidx(); + std::wstring text(int); + std::function oncurrentchange=[](int){}; + void clear(); + int additem(LPCWSTR); + void deleteitem(int); + void setdata(int,LONG_PTR); + LONG_PTR getdata(int); + int count(); +}; +#endif \ No newline at end of file diff --git a/LunaHost/GUI/luna.ico b/LunaHost/GUI/luna.ico new file mode 100644 index 0000000000000000000000000000000000000000..dde58a1c2a759b7cae90d4736aef429465c95c4d GIT binary patch literal 195962 zcmXV11yGw^)5YD3ySux)yB2pS6nA%bmzLt*;;tbDiWe^~DNc$6cgW8>-=CRGvU%o_ zJF|Dsp0g(~Ft9L4F#o+^VW?p+0$^c2y?>90_+QM70t@5y{+qP)|Hra0Fa;5CFx=e# zi)$HRV1|a^V5q78KgNN9aXN;B!Fm7u?|P01Ffe$Ja4?D5no5{xq-gJ###B+3*ZuG4 ze{YokZf)jO`+m;|7!`RL{ebn;*T801)4c82*TX{RhAp8QsiV85+250sPL=;y)Zo6y zAac@2QnROI;*6H(!u&F%x?Kef@X7aqh`T*wH57er?*sJ4IwvXy6iaP$=E~%O0Ra z)$-f)QIpFu*uUo6DY8wKWK~Ar5OGdyCCHll-v_3ouqL@2`BDVgh+IN8X&TsMLL_#S z6AM!mSV9~)XIR*CqCH9_7&ta|LUiRyPi$v)N15E*ePfvcmao%!_y)0rcV$U`W>Y)k zpu>&}PZefp5mk*Pf6?0Qi*543uK&LAB~Uj3(vnNz-<$Z) z$Cfdh#?!DoM_v^buD;7USpfwm5@*@mj>ZG3;&A%b?6}D{46K57{d`1PeEGy7t6WcD zRDX>f(NP@+xL99Mt;E%@`Xr$Bb^6FekwI3j*G~W^;x7IeJ`qzSKaz z@bwZ8UDW1CIvY7Sr7~&|f;zMP#vWzu-8y5m;it^-vE3DxWsW33dXdD~?v%jOy>D25>BKb$Y<}%}g*gB=Up$Iyq+)iE`*a+fg-Lk7 zU?tcjXAFJomHCrDMYhA&bVTWUuS#QbADWQuk@v#(LU^Z$FelmW@j3cJbBr{)nb5XW z9rNTGvqo#S*-`a}Z`aDB>gOBKSM|;?C+@RX?7jKpAZYg1Ke_>RV0F5?XhhTH zo1eyINfxa>Y&pOjk7oZmKMr%_l@D?^h*C;XCN2FT2G$yJlr%rYC=x;b`}c*UTUz@T zGo9ml*3>{f(>IeQ(DTIEa1ocE*u)8~?#TRD5Y?^yi-32?B5X)%+M-Z{uvE`eu;I#- zlv(bG`$j?9AD>`ZAZSoIdZavL#!Vr0Xz8)*89F_6YfYpzM-26*>c3RmgK@c5ocS`s zhs7w5(a=}ammwZJdo87ZeJ>DaC6~2O`2j9+&T2C0)@j(qZ`!7_l>IEfL|g*Ox5fPQ zJNo$^I^+LZoSsXyMey3;`QMY|rgMdUdb_&%_f*1swHv;1;%6zjS(LQhyyq1d;>H=0 z;4Iwsx>6kdj-b()0MDCf@PiLK{kX%JEBGL^gZOsR@(&GD@`6uZr~ zA2LiO+xmy4&iDfRgWk5Go5MD45rIRUFmf`l*TYyeAt?)!u#&&goRKfo@pq`IJgv_S zT=YJ9l*~p6mZlEkGbGoEK!Ep>TAEsQQwO_hfG{Xfa&-ebb$`AMees8;84iFk!f^k4 zx~ARB?W6qp+mT(WZT1ytP1xr1Ip8(%SR;rSm0FzJ0ms*s0)KKX%F*H9C}bwfZ?d5{ z5n~8VXjT~J^Y`d0#(K8}loQ)fbQHR|j>sNTU{02DWX^dY4O+L3;CTTrf9<- zy4bL_^?3g}H$?^ReF%~q0KSS}o2tIdk9}z-Db-gwV#V|B9bf}oP0S<)vK(scufwv=6 z5Al+h)3txU{#QB-J^J6kZ54HOYf>PCODQ2@j4r>f>R*ZSY7{>pvw!}=el{y~rT2w9 z$5t9ZFD)4{io`{#S6p2W$1#$EJ1hQ-xQrI#00*AbCSb7t&T^IYdR+x+EU~rR1dOKBZIg(+uXwjM7}{s}e&pHDi+$Hw+_|L~S@0bJh>KF& z_eXP3ap)iCqmzS&YWN3xa!APC)AqsAlGF#1$N0|9>gb(i91_$F&X`U(+PZGs;FZD+ zoTnr*te+B9)|sHMtZR(%U3Oi>qJ~}u& z2Ox+4TS^b#1-)uWy-;AoN?rr|*#?e;fEOpcqW`UsfxHQNe0j$>^=7OGmg)ueiJfZ2 zjgObdj7&<85Gco>hj#cn0$a*p-ZqP<#HR^2*j;RYI!^k|jEoQjmhmjNwnm)|1*crap_kMZjr zSuB5DZfi9Lt<=?lY}KB}YW8+~dikP^sAD$DsGtZ`iml8$GFOW z&p$0mljUK69J!$p>#JRrJA<3hx}R+MBI1{R_izV!8l_e}IZ%2kPo zNgkp%h08Q8gVP7Rpr&tA;F-aaMNg^Mb5PL93c>Zo`)-7I^&28x(*KZHI>Af%UmmO|4+sxyYEwR>w4v;Fguw4=J^aVwCCqIi7q~W^}S5@)k*FkG|d$cz4^j5aEWC6IqYgA z-{N&|@AA&_rI9L#<+XNYd*$DM37xU`I?L7Pz~m6lu5(G%?+wu&DXKMAKI2_RP8)qV ziM^xwCH$FV$b_|YNY=VL%xBaFuz#2ApU_8P`GS257b(+6F-u(EsUJ9TdYY6y#>Ae_ zmZh2BaAqz~{+tBA?Pvy{*=&_U!=`&BUh|t*-B>4=!6^BZ{`5UNz;~IQpP{Ms=-Bo1 z;(^z$#EczN3 zaHT^>OT42R1RQPWO@b+5QB+cuh&^<^G;jwFin#-)$=nB0k8hw0Q(S<%@RvcVx8=q3 zAj~k1wD$yeNV^siNT&oqu?zYiX3w{J04o&tGNi~!G%snaCW>1b`sd6(7TFF2vdsFlB#<=XG|}2x6?iufgvyKW zdW&cJ`6#J?uY}^>A>4S}`s<~2Xm#dj)VcDk2QUUyzQ!lwvIce`kI7Bf$CnfRQbljc z*cKrNz=w0Hrw$F~r)qdd3d^_4#nwbB&LMd9f$eSD zg{}o>+3zMey-%Av1r`)@{p3ov^S&ZcZSU7EeT9+P*WX70w?ZLF`M}$~+S;}0*j!BydDBUa3GgCctAR?*1{01jIn#^!#jQY$tJTf2;X2Q<}An!SF1actLJw1?I+~r?okOK2sC+bj3T5Y@4L2NIe7jlz2kCx1(^F! zZU`sEkm=b1jIH@Ys%=%`g053^=lW7<8(M?+WNT$Td9@vy5<*s3e736YzR1C+k&X8> z^x?1KBe#jI%=XdN*)L36n(0A_)y-p01YX!B-}UJ5YD?;n!wBBAQbFjaPu1 z9foh`$+3@|@p3V?j+OSc(a(zTI+8X4R|t#^@mC%0U)pYmKI}KhgkL>}Jwu*@!%izK zDlAj?Rsiq;uY6-g8U=680Jo#`ZPC?a{oM~APd@hvR@S8PIHZmcr*cP$w~?0=mkW`w zs%lTh{>#*_O)FpYyq{2}wolQXjCO4#cc@o%Ol?%1?6+%M_we)_bn2`eM{Do6>6K8d zz}2aVZq6%bX7-5{$m`y)=ceQ?P9w(X)8v+)Ea0}2fMY?MzP%)YNQR92xPPk%zE|!w zrzHtIkE+90Cik9aiTvzRB@zZjg$!J048PLp-QLw{qxU5tfm7@&rki$%;rSH+MOuMPbevq9Z$ z0)xt+h&^v}D!Jv&zzT|nPTsuR+k&YYhf~lx6A7cyZoy1bOw(^;t^y_#z+>5YYSXQ) z*+U}8G?%4(6##e}y*w>;) z2G{k|$i+Bw#;{OA;_&n|>c2$l@l^(%_{)F`5?quyWM9SE0w3;^&Nh8Ep9GK_>?ilczaT0Mbibk+7|Z6`{=bS~y>U zCiLff(^yjQ-Zb7Do@i6uB0toomAr01UfgX+p#J`D6rnEM=eAY1v}9LE3_{ILDV|-e z^}=G3_JI<6%dZ>bGP_rf^NfohQBs%&{$x=KZ38tH2KC}|a8Ot>JY)Wi-YCMyMdPaA z@txkc7^oDujVEKUAhITc{d#@MztGMa%^b3SLPvnB(l`HfeWoxjOq=$BmcZN7Po~$b zB9#X0gR>ACZz47)T1m-3a)*2@zBiw(loDrKBe$wLg$$4!V;XZgbNS$(Rd7Z`9-9|6 z-g{4#qF5*?Qnm=DwpG|n-15Hzy{_#&sw!@t5-Hk_)wq;XZ5n&pu!FUcGHKilsjBa94>0h9`+}?*l6BHu`m)87 z9(>ry?`W!e^WgihZd!@is~k5A9Cxg2-zV`*Nm$MCP!sdGx7R*7yOZTA6Q!;oeQM6N z5Az(^yQlOF^__00*ccyIfZJ9#YWSEVd(8p5Y>?kdFbeRTe$YNXL}7gJhp7bsA{>=i#n&l5fIg*gw4IHz@~ z5S*x~%nnzS+y8nVoPVwHqy>cs-akV((u2&Qs_B-k@By9Hdt~5%>$dc}sdrrO>go!6 zb`&3dn(6n8RvEwMz&aj2N}o!0ZY(b5TU)ErjpChUPC_dpI#!j#f26R)VTr{-v*lOF z)2r?|y6e-{54O@qi&UqTr`O3W|G?zaYaSF$siUNGAkwy0xa1S5(t*|>JLxkd} z)}&T}pfiTX&j=Z#R`rXceCyhI1if>1-%@Tr$?4?foM1u#*Mb#;I5Y&*VBcQ)Ei7G@ zde8c{A3lA~C?(kz`OIDdcOK_v_x+IGYXhXc?>`KTGwnszb9{PHE38Z0R$vWa)#X(y z6S#8^c3<#{h?pzPQ>CVx@$@T+-BZ7wpU#1A6Zd{)TBa~+d0+9{c5IiX!tN|!*H`^O zTe!`NetyrO^PX{pl?Pka;gL&{y2mV~cN~0}_;9`nNQV7UZnsLsOQP95qZhV!A4a6Y zG^ngB&x|R|#yhHOBo{dF7hURF!3}r=C)Ra$d_zlnP)E}02{&4zc1?r((>oa!mONzH z)F{%^HABDG%D2O+ZN2+g9xZ5(=GB@?=bCg#48?Hmr%q)9m3|sa9Ee_+!`G z4CEp1l>240W!LiXa^|Qwp`INoEd_pi?(5qyr_De3rhUbe=he_7EM^NZYuT=s+4D30 zo{)`TZ63@<`)9*kWR{xzpBshTj7?$%N^?%ta~GTEj$i1GmpAe}nM>8g0%p|=_%_(5 zmm;o$XBhmY`$MoqWSjyFrO_X5V8Qi8gFjBL;t5=pm9s-Sc!qNL5(k$}p1dbxSrvp- zIUj57DdE6lY18hGOo%qd%=@L)uG5TrYh&l`^_f2N$^Q9zU{;HXF_aHlH2 z+ZReXM5?Kk_P9VaFn$-13<$mt1m_a9w0J#~UnNGh_!5jbPVEV8GnqS_0t4bN?=p;7 z3<>o$&bL`#!~b^6^am}=Y##q|p@lyI4~{xbmhV5kz!mkKNsr)GH1O!G80eA4Rs32^ zFmb2G{n%_$A8>Se8E$L;5*&Uabu;l&VF3aD*;{Fc54d{D?d|S;0-mc^Lr3kL*<-X^ zQu8=52%~&D_xHgp*_R0xKzNj^1>e=&uT6Vo=!#w3k=190MluFD$}Gnz!6{5~ll=BQ zt5ywiyLGg-9VR@*>e48!v}4Cv7EIRSU%9`esRWtpS33PwM-j&q^6A}4REnB*nK%l6 z^2R`xyTg7bVWSvG@Gg~3Ug=X+3e&21gz5$@M(jqv36EuMQ`>M>YSP`M{Ai#y9kl-# z`){t)=m7|kWvlyz#b!2FNk3LE9G>4sJJPV>PyLbD+MHF}B&ps`z%sMy zI~VjF0LoJ3?sIYU?Nth@Fcje#H$IGt>E+t^WF}B;Or9<8)v3H_gj4j zidG2*RlKe#H6oQ5UTbfA3~QYHrL_4@QNZp_AEY(h=jU4kozf>%Op&4aWOoab9Vw-e z5J86yBOA0c{HT;NR=%XxQf9PD{2L^?EMXZd;~Hl#^UId>@D#f_Sl4dx9%|4&vFmCj z8z<4q%P8d4V%IIDl`u2^<(JlrFyN99bY~8XR93_~z=kP7Y~au(V|DHhfqc1cW25Z9 z!vlOyHyRx``s0l$*=!YC&&E7U$(Un!5?s8;Y?2uvNNB$Qo0D@w=xg#Z?TC+q?52)# ztONQJKTChQhfZnVN3_JsdREGkV)C)A{gQXVBKSf`>fbFiSt3kBG(sr+A0Sk3U8)Vx zaeIG{B+=edd4dUMq)QC;d7}7uO#-$Vd@I^8I(S}ZlglJ>$sXo$8ZCSbqEj_!7<=-!YwciE?Xro`%KeUbFMjs88XYjBET6-u#yrvIr##`9d4$V zk*s4JYBCrej-9#=_#?jUpDuHoPJm|aDx7oiZA3Zkz%&J;M z?#npK1CewpiQRuMg*poky}&7-aO7Nhl(Iq{6vF`wcwxAzB}a|CPrsXv*c&-}#HH+u z8jpR0FpzDZUSaW=ud`ZNGgWb!D0VevQM?hO4n9p(j|YGc@^y4u3TJt8kt}%vL#|@- zrS5qAu4GW9RJ@2cC{v}B#z{N!B8kH|p!L>0l^+O+W45e;Wf})A5Hc{HY zVJZscJMEzrrh-L3I;9CJ;*1;K+K$q;m$nx0&KjGUWmbtSqwQ+`atv0+N9K&gK>Pld z4q&Z-p~(?5)a{0R-vNU?-RPl1%XiD+K}Q{DP0ma>ualO$Cr1H$W7}aWL`xviO%TwW zbo$_uN0!;ozY|QKRNiW4Y1Yy`u)7`o{6*QSt=S@(RNO@`8weUFCakfBu!XZyu>DjtIgO|D z>0dc2Js*E*eA z(dz;tKliZ~xmtClEtA;|B>AtM?5Seo+eG-Bj}^DiJm<9N{nZd~9Js7;Y=N z)f*ZVrpS(9Dz+iNg@C$W^~o=6;&u)3-ZBi9jmEU9{z&adza7BDGc;7Cl74T3IFfdX zcljH`mRo$qu-ptM=P_1LN@w-yDP#eB`|o9AcW7eGWmF6sWXnzJc^~`yYnW0o@RoXK zNJ)u5cVJ|dEsmOdv~()zx{WVvcd_Jfs|zG!GWB-OsZ!Y7Ay8F|#?@0LeVkWY!`1>W z-#y*WnSH&{x?bLJ_w)>#sl&F|7YZ5kZ*FTF_7Igra;BKDbWW@dEy>cEv6HoT8@3;;Kf5+@cBE$=GZ$6Vp22!u>H8SR3Z!zhMwOB-Zo*} zl^-a%(#=W;{l`$3ga=;qAduGIZ)q_rs-IWisRQ46@0^k8RlQxH;NHXhbN@}^3eHxH zOHu3B2Ij@W#q6os8tCXIIByo}x;%t_^$V@btF;?XC%v z9el6k+qhZi?^)^;`}+&QVB}yQyLh)k;80T&^3+zcGyOij2>6!4mI zJxBnr{k@+Lh{!dJh$}r$fBJNM5-4fwFK(G!RwkjbS7!p_DxfuB=JL?D(0yPb==!(c z>6WZ{T?k(0G({Hs^@=q~OgZqz7=M4huu(u;>47mQy(K_sO}=ccI&2vB=6l}%gcrT@ zvkJYz>#sL;BsMva+O&CzOdC`qAtmFyJjGy0l#gPoLou?vOiUmo0q1Kl5?WqOC5uwu zM667Mt6H{;lDz-#1&<;T`uX1D$lvvh!O~w<4s?O_w+0$61?ubXeVbZ5zku|GJ`+ZR z=eRW0bV!#!&m0B~j=Za40T&UDyjFnCj2R*`b2Dvy#J)w;VQ^0OhHaa1OLqZ}>F=+a zH7@S%m-}EnQO|r~FgG#g*K>C|+k?I%vl)whf|BP`Ew8)%FJ}|@xxZ?KZT!R22R;7& z9Hv)H8i!RZ4(itw>W98P_rKnm{%&-*slY0#jfUA3w&tg71_H-s?gZEK#3dy@b(&=T z;_2H6c5!w04htMSX#&o8N!Dc3`($&f4&SLv%Cys{Q?{N{b8cBay}VA0zDg09m<@jM{+_(LK9e=%IHK}fhQ+LK zSkUBD$rC-RuBNQIzy~BJ`1ZKlgTlJCq&}|g+aZdxALCr&)u%*WFlR?G$3sq_L2C?y zOi$k+nXd;4M%-UhlzTJP3=mNC)jo0vS8H?TP#bJ%MKVR8A~@t5cJe++4fvk?wIqj( zjVQVDo$Zk=!xjR4XCAW`Atg;h(7SWHli>SwEN+!kI2YTwT>DS}y?NtTb2HwpBJOPv zgQ*>RV`I<2fSvF^Zy%qCQ+gv7mXBnFD=UTO=Dfw~t6yENA1*)i7ID%hC1xeOzDkG= zr%gSJm(?<(Nxp(-FIJ$3Aggt5EN*#2h6NkF&7b`V!_5mF2&NYzRMwB;|wQmX1S0uF;;LGchZqZ z5>m)_U;HW$tI`~0upjg%B|RProd~eMmGJG`Mm%zOGmwi*(&-s>OsEn*;NAiBwf<;I zidNw!{vPWt`>hnB?<2m_KhF9wnPJUqdN)Y3X=Uf{w(DUs!^+r^W1UEU=(vX{3`ou0&*4NcHi?FkI-_1Oc?q5psw!(t7KW0XpI;YlrcdcNfta++SLz^LP7tJg>sb9uH8u}?5oglzZ7k%C~1(lY~L zs_$=6DFUTu9*{0;rEaky%-2Uz^C>giNl9_@lE2`S+_Y|R^ zlXWCwTwtx*#Bax1uDo#K>)hHe)A!Nz>;kg^vzMQp2z}S0q+-M0$kM_aV0N+I6`sV5 zw>s`GN$c!@$4K0e-ei{)KSh-fv$F+6j z)N^=siMlr*5iJ%!E-!+Y21|ok-C9^!%w3?lR-hShvyZB>&|u&b+v@X7k>WzAYmoDD zM)hpke|u5{0$3c_ll|>ag(k3eC{^s#`lQISY%r4&v zfp1Z}(fVtJA33ev>r5EsxYBj(=(ul+$|`klB!JJA3pp(+`v6mFN2;F60VK*2H zDVM(*E&*tKn*}r+({bU34a>tcg+JY%O*6h`n{Mq$wFW;Y2q(4-m8RB#KgKeeyBcu{ zHOg^u2?NCUmJBWJb8Ft=z#DR$u-?jK%U@s=3 z_FHp!Gi1n2rL)$Gzlp@bkDbP3$i;Q*>LSbi#PWEEps~CQxp6 zih$8soGTkmkz%BPzQRmMi3%KG+E(e9^TZ`J{|!B#(n3@Ia~49ss*<{sGzH8 zwYARVSi#?VG29^rf8^`_;v-bW+Vt#CWZP!Zf8u|a*OaCH{XV$)SgWWyon4rbrL1a~ zmEqHuFg_bs&u?r|o~nQvJD1m1S641}{5E`VvGvSG)nOjGB^L4cjc9lN@)Bf8@(S5n z7Yhn(7Pu0>r@pnDSd5ysk?Wn|&K=D`d@sF$7eny8<~o%mU2at6ND}&IBU@$?dL+e? zL8|ur*_Sc?prCKo{xGr`M2O#9rWvx`%LQTOjqNM@)aI4qLC{c9faKnmglG|#=eJVb^uKsQ zbp|s16@)^bKAWxV%vUMm8X^)>2m4o1BVL0xE!E8YMcvUkxS87f#+o{IFNahwGQF>y zC~Du;ezbZd_1ddg5Gq$4E8@Nm=FB*zv=)p!ig-3@Wghll6@g}~#Oaf0%jX^)7)*o_ zeOxhI(9%HRLudJx(m|ncCQoow13qWdppqS|@d6s+AlXTi(XL1uyx{y4Gw+!DBjg=bo}1Rg$y606h%||7F&GQ1Nvri8tpkZ zF@m!zeWQ8~uf7rL$&{KgE#t!iKr|iFD`%!IB}4wKaPASpUWK@qgfBcZg)+WWyur`QblvS3$5n zbjVbt5m%0g%*@Q**A2#wUF7`bi`qN810VLCeA-yy{E1PMuIvZD$umisY`09)y08PT z|6I@E&CAVew5bws@9*2+WUAcM(5?TZotInpsmWa}@^gwXkcac`^{=1l{-rCQas`WA zO>Eme@wZ0`P5s?IU_YhQ=oxA?3e>YN7_r)RclS#ZG3ctkEm*#(*-Z%mG_eU3c$rj^L^}w&gY=OpN_nj{V@K*wlQG+po&6wNehh|Gh<_$h zAF8rXoRF!_Ck;M|d~`O9ZQkx-&fgdxes&n*2$Pw%-~4ol)kKvXWs(g@^2$u{9yH6{=beTuO+ zY3=iu?^-EaQP~VQhslf`9|EdV7_170H}AmW+fOiZ%&!Y0AC_1U6s+AwW$%6XbWQS& z_eco(7kdHhm)T;|D^axqp-qu-5Scp2dJIu4CPZON$i`C1iO47{p==Ak=X~e=sCY8< z<%$HWR7j16rOW4s^S(gs#^h8sc( zBa2Gu<84_x9@1S7=H`~dB-e9`*0J#1sU7+Q^1&6M!pi(=VCKII*ND4VI{2PJL2-n4 zP5l=`fN;D1Zz0pS2m_7sGE~qPIsq}@L)X*mAn?7?M^`SMEyHA(ri4X>g;8(X&?DYg%FNc@@K6_i#+A*Pe+oHk=>txUSq7)B zScJyD?;SpJ%)}h&ARVmF93xIMM^aF|{-=eh(^INQFQ56JuGrt)zIbqWib<1;Ow{2F z3P18B=PamLPapyEhiDl%4KBFIektV6VeRDOR_sKqohG?teQRHy{fDmmDT~?bKqLCnJQD3Y?R!GJpYr2}5qrKe%WAQvL^CR25U2c0?P8f2 zc?+Oz_MC?+2gF6frGs&PoGo!-4NX4p~g)1B3Jf|gmo65%;Rd$`hUEX{Cgo9NHcm6c;Hto?@c7zoM;A*8r9NA7P6_no=;2{ZY9=6fMJOTm>86e5J1xq; z*j8&L)yfoQ@7nfc$H^b^fjo1}H`gnVjnKPU=_j;Eek3v$i?B;r%a`5!wR&XY9mTBl zICI+1C%R=f>u?=EOKzhoavAV=6ObZ1=y_#TWeQZT7HlfXG-+{f;^ip&J*aXH8vM7d z!u{hXeB#T;RfL=s_cGaPj13F%S#AED@vN;49w*UG8FPKK17}^=>ACs3_l2S0dIkG8 zHn=x~)0qk_rGBl;5vfY~kJ~JMcYh)Gu?DPL_sJW62-qCI)9w=DEluY{(_JretfL3K zq0r1Q*A@P{OZdrxqlBktP|D_Gu*`=rG~OkB@79C}k5$uLpiAukS|3?CwKG!|;PrH4 z832!9)_dxnH_oSmNx!S>&0TRuvf8ic={Z}r_H50`zYb4gF@>}*s!`aBcVG5XPf z18nazvh+y86~1dbJ{})9`tD_~n{sY!Y@Ab2M4o!*R!2*Q30cH-FN*=2S=tmY2zuFdcHz8@=TvT z<*IIR2_-6uEu3}7nWATQ9eNUsUi>=5*M{%ONT#%nvtshXLL9)gc8k5q8k&0DRyWaB zVr1@Tkx1ICUn)aZ+|*ONPmH4`v5iBV?sJMl{Qoj|Wu|cXyR$KuNY4`J8GpM-mzHB? zUj{%Pz?ab1fAr9rPHZttzRdY_enf6IGN^4h6!Lba`UB|Wada0}1M-%*EjJi*TXOO> zZv8ULa=m~qY82D(WtvkZ>&sTK|De;tL18wNmT>qLLUxTyI`XND7R5<}l(gbxV#FVs zVAEl#o78yY0L^Z_e33P$!R@mRWrDs76EvuQCy!aU-cYypzyRvX0V8$RkQT0&JoSov z)Q2~hxc$ulz=b4@S-#{M&H~;DZYED*QON>T%6Kv!4!ugu3dQATN8)ktkXaSJLh({A z>Pi{=SLxBPvk*cSSU+gAItQSmMacCvzq&R z8A&jTntwoB%Wq#Yx|uRqrUQoCf< z)s|Mup`$T&{W{%vd@q4z9bH{!D~+@j$4!^z(2ji4u}w<7@jKNgmz}M2<1DjrQOm;I z68aMUQt}#a`DU{ASBVgIzfD|JO!850Yv-5>5bD#H&UDo7v7P7dJAUufL950$w#HBB z%*txsS~weUkZUL${E#v2C4;BJxM6zgMiF&`NxozAByL2%G;tN=zF{K`Y+yOV6Q^N)`{d5izO;Fwl1 z_amN>p^Nuwo6q<|lw;R~THo z?|}}jN)re%@+9F89PSTnOwQ-X$V%UMp+9_#!-2l>dW?k2(^(m@&*x%d8}o~Md*Sz~ zO@(i(&P|ksp&X|dbe=GN_I*t0C2xteT;ZSwv96Oa_njrL;ji^#ohdYGLiL7fE(SVZ zO9S+H`-BfqUwE=r($Bzz!S`-r)g=xfM6LSN(JwzNLPkC+a z2P1bb+NIljE~qe&~v(>FJ4n|Yn)Lvn3HbqkF`Fr???E^x6cdjL#axS>=f67 z`sHP}6$Sg2@(oB95u)cGK$+-`%&@x;vXfhRr^TkgZ!4Fd9M&?#kqUB|+4Sb4(K~>t zF{bdR-Orc9eO*~iy&2;x;)u=HUKbC5cxYtfZ-`X4_cLQld8q6#UOSs7UfWv!5?SAh9DH`4j%^M8n9pN)m1*rj>?UbpCz0qm9ftTDdTt63c%ecmczJQmti!JO?5=l#1_@LleCl5y%f?|0D)m zjeZ~dWic|i&QiE&+23W#hy@7*fNZ|uUYXw&Yj1-AJ&R#;lawpdx0-I#k}l3#Wt@F@!PL1{J->B$FTHW`vm0F93`C@$ zRV4=qw&YQ<`$Pkc0K zGsej;s299kH!AMxH>BhExIZ=UJ6|HUySFSILHRUbKhYe6M1ghp?anut&RY^${GV+l z9P)HA)vQqWip;R3rO#3Nr>?HaT~rb;be2yq+0e@mAiusBr}h06b~x^y+_l@?^b*OS zr}V9`OGKLT(R-8=@Ygu9;w56a0hOKx-ez=9UJSweX}&F_FS_iX3bfz(D2AJu)48xShiorR-hwTnbqzXjB{%*f0*(_{*GO@gMyrH;kxU(C z&?_5H0rxcwLW0(MK?9^t!%tp|(rkkK36*GT;4DJD|0-65rK?c+jhulle*;|xxH4uk zd<1;pW3~q0J#l=hbj|fKS7wLFp*F8SP91xt91ZDZdr21}6kCL~ zn-qQ`lZkekzHVPWI;H3S+WOKu4ly&cczZ{`Oz4f8rAFUNfjkUjm;Tg?7?o7m)hy*U zkgc3v#*|bRVH(w2Uwig;R!#GL3VkxASG`B$FM0XHc@NVn&v(>RsOLc>%((hHtNYJ| zmh)YsvT~%eyOR1eUE86+%r7+@;i{R|g9k3y3x6hdT7yi*XNxQDA%ENo=YPQaE{-eo=HE#IbMgM&@DaDEgV@oZt1m1A1c79dbi(BwB~G=LfUbM z@LH#}{9k>&yE=@tucd^i`n_11V5AW;xzFy?CiLuv=q(hQ7#?*hmZAy=45&S60n;4?#=Jaa| zStH`e(pe_YsR?pE=~N_-J2s?a=N=PVeVZ56TCc4uJi$sXrfFo9Px89+(;AWE=Y?Xb zaXXO#=KUWRX&or!lj>i~vH_{neFXwWqRteU$j6_cNhEK5%?%iugv!6MM3C!6srze; zxDQ#C!$E-khyAFTSJUxdWorvcqC+Yd3se}ZE{)7rQ5Ib%DY6Kt?8vo&x$vF-jKmnp zkE8_t%^zuPM|K8XMYkxKYR2BP?dpS+?~sS^z7-_m-Ju?|CCRLmNU%_z730D)_K`s_ z4Ye?qln++wn;Z`%rm>mj;>j84xU5#_di{ZH5ZmEJ!wrOV9^-H*@Gav|F^$VbgNo`7 zS=@Zata6bR(g8x22A!H>nHESn5ADG&dy{VFdvC_VEPm8iNISh_CoUcmyFmK{Fm6lj01X>;%RPLdvv zjixn%`&RiMBeq}LVXMAg&bb{^V&zKeu@Ait{!bxeuEvN(Qux5?&`N2FJ5^}^RGr$> zt7P=x&#v1^GMaYN7@^NUI^ZufXvHCqx|<;sH2;p+Sa@i1T+^SNs$etF?-2%IgQ^D&PCswl=`ez8ocH4*T@Ege^qNDncY%%Yxd6fPFM*!^bnQKOp zGMaYhp%RRdH5g^$0F0Qu)ez)Y!d11>kF%1p=tu<pT9M}!py~D$y~8OnB*_h9ZRg}|;|>cby4wH02Bl@Yk8@L0TlAtdN-5`A)}V#a5DyO z3o7o({% zS!2-J5rVX7M-TqBaY8Ng`P_lXQGBBkU|P|IX&HFH5S)y=XfP08W(Y2zb`~w76X3KK z5y|=GeE-k<7yt2p`_-_~Uxe85ufPFR_WPc`_0GS%zq2buH$hs*sh7d(0lv849G0j3vJcHO&Sen_Dcon0p|h<0yHrT2oIt3Gz2Pgz zt(OX?k{2O_KR3eHFr~s5+}-n~LdIS0-MhlH`LaktwvkpKSSl- z%SRWs6_GTNh!?L7dWinHCVbwqqN)l;;}J3TAN{$XeD}dOlmoD9(_5Th{d+}Oc6Sc< zkvIs(cw-MV+d6i_Kv{Bn@|0V*jGhrHhU>Bu zK4NHwO$wi{=c%SFDw0GtXmZU32z+uwCy5a%O!D#Vpf$g?b@RYnJ(Y%bNEiHkK(2kb z-nuzx+Zm&inerqW(L@Q@@cf(o=vGK9>c;1hKEjyn?$b>obdl2O_K1|^{Nj@H%Nf=x zAC^jgQwWhDl9s&*bw3Q#ML^CebjKqOjt*F+OUhCc_xi+1Qg<{esZfzZ z#xec=fc^agKK9zHymivz z@pcYh8@~;=pdINPitz?(jCP@UZ~$R<58Zq|z36q^%n0XPw9`zm);SdGgj$XDt32Qe z=(_xL7E<*n~H zym!|ry7)f$*0UPq6xY17xV)gBC{)J{oO-H!m*GI>Rei7y6fF#dthqFzAp( zs_rqDEddFEaQ)cUHR7aMK_^Lw}4hbph9&{_fDus~}Ed^Q%jFdiXbhr9oldP3|d4^2hZaSHbfdqc~)Pkr(pQDwcJp1WCL5ehopF0a1)GIwts^2Im4KoZ9spBz(Vx#QVuFHP=m7=y+lqZnP} z6swI>S2nud;hR*_>lxI><)R3yL%I;;&)dM^Gt~3e?j3F_iqKY5RTbJ=s=A6r<21tB ze1=~VWJKF#gYY>TBp~1g?lG-PbXhQ%j8MAx2Ns*<$G;&Q0EXZ5^zoBFxPN#^Z#)Ks z8w1rMw}$$B2(wI)GrK%xZ*R*1K*q4ztcl`?*o#kwTsegDMQK>9myCuzhW!qa5;Zu~ zl*(G+H$IlTy*0ZqXlfD6$ou zPLFP=5jUzp)e>fh8cm3kWqw)V)r+IP>RE&LsTM} z&u64*MsF~nKN+=f9O@;GggEK&+AA+3gyGTC_sBMD7FXAlRfW-&W9RwsUR$S7tgWR# z7%;z{VXF$GU0C0Q_x|6;HamU`AZ&-<)|h8@b86R%4v3jgw(-370kwOnYFvqAW5jhQqxbu1-$=`LBBiU@|Mto}TId`5;t8o-E5GNq}%PbkMNoosL3CL(rzbf#O@I8gzYqNq;bWCS+H&GYL20Rbp*xp|q<0wIkBr z0T>}L^$zZCH%ffoIY>X3URZyV&4gWd^#Ze~ad5SB@ZT#E3OYSL{;l82YIzMxF&U3Y zqKJo&9U+_m8ReA)d+XZ^b?MRvB^@P zVlwKZBGm%uWc}=#aw!EG!Fp3rlocwLj@Bz^&6ID#Ky4sRGpv!s-GR^XBR7LUwr(D6 z*WSq)chwQK0ZLq<#l=3_7|&erkxT$ZjX_vlFETA}*8GhSSgA0=4b-#(r(M?~1X*D{ zI4NokL?K-VoI;X}CJd$%)~h*Dr^|3SVzr+0`026JM~;=-(NzSoA8yg>a&UOWVv`be zyF^Js9QROh7ov{iUQ{KfsxY2*9rya&y?2{*HRI}H#(I+x_qwPg@u;_RHWrPsB^E<} zFyf^LFB2)j-}qntI;+K+veM|F`QQ;cg9GM-ioj~td5Wn_y~_(@5ZXHmV|>;fc3F?+ z+pzEY$BkEq#z$wKY8_s)UZ?)(cYCbUO;c3}P=S9ZMs;Z=_ zN=jW(8cktb8dK_$+?152qSBgNSL9k#XhW7|6fW}VJ$&@eANkd^*g0 z-N|UE;$gogN3^H22I5ZOWE-uyK7PW^&K62SQ57sV3wEYcl#+F0M&NF{+z2*l&U7+# zW0*Y6v^}Y%DFM4OVV0My(+#eR~&G(W%+z$0^TYuMfXcZhn_|=8>Hd4I$>TCSu zXMTdgaKvCZWVr0|@bP=xfAK!C>iQ~V=z?+IwHHY)7LS2#;<$_PoOx3@5H9SH0nZUq zFgZA2balb?^`+zT@9om*b}5TFR?8X>sVgQ@u(!LEaq=3wnbI)*9xEIa`x4QLLI>(5twHuB!EB{siGO&7~m91sSWFOPNg;d zPE0$a2cOCzLo5kz-9;oxweJWYvvL$)T{yz}G{PmWJ{ zZTc|>0ffdB>y(qxFzEL=Jw9P~_pttME(8vxTvO-CSb{!Z+MN9MnKf*aO>zcv(=oFE@C*$Gh(eC#4Tb-oyrGB^jaA$jabFeoNqi**mZSkw+0LoSRiPJ|<|LEPj_s~&< zF!Bb#5e|W^5n8Pat}jm6J=g|ext=fRL>=NJajdu2at<9+rG~6X+1{G^=LB2uYPdqy zJ7PeA*PE0qFP-RR+%)r0@BA(Y%<}?)VmO>oRRt>QflTVW|3*nqhQIYOO@-5$5Ba8# z0_s(6tz(<%3PoJ+;=*`?GT~f#bs_D(6O9tNGXxvVyg7^rc|j8$xLJP|>s5%50+KHG zUwn<9{mIX<)gLezP8oJC`0`s{;qD6$7!92GMOA6n9HZULzm7_{xIU%d9U+s*4_Cp} z&wU+3)P@3RLDU;?=iWWO{Q8?9Bv(q(@Ap6yo^l(mldYXqe=y{w`ww{Q@gpkzU5?8j z1u{@+TT5BS3AQp+M$-i<r``46e!g45y>5>*<uX_m?-; zk)<-0C#NU;&A;=beBq7PQ9=<%2~sA_+(xPV&=^AY;LAac8}@$I-_SIKirmQ_r* z$Dksz<&310xWNxJ&Z23|X)mA#5E8~Uxj2xk+2Slk7ZcVq@SuR=3FWB1IMVSD=-aO}4TDrZ2)#93Hy5m!Y_Ghp)?>_vUuuU4# z4*i=JU_bOVSo<@jJ%oGB;b6>cK12Hu&cKnK3lH67-s}-yDdQU2`C#C$Z zrzcN%^PMi;PM<&dBmd>kbvm7Q#>3Iy8V?75`?vnU_k8YG#R05m^FOq>y8eNeKK3zJ zPi`)2+f6uay>PC$%uHsT+3j%c9BEmw;bTU*=2iJJ+SWf@7*ap8Fw1y}olra=Zm zPrh>iGK9tUX7poy*qj#yaUeo@U*dy*w61{Im5HpY%|`)u5VA>!pSMd9KA(R+0T7H_ zUx3Fej8xpYbB~|-%xBp;?9=NH*cwgv!k50l*7i2z!N9dV2Lg_@2yN&MhFrb>7(LxW z_(?<`dieKJO7Y;Om-(sBeug4d%moaGLx-i<5B|NoOLDNY$NA|A)9DnW99|<^uN}lR zws&?pzrJET*`}82y5XFkN!3~@S0HBHXb$ohx$OYjuN6|BZnw+oWX)(x*PW}SuK40t z-r)cH-~Sahc}5&}Jk?t`K8BFBV|GBcGj%s>BJ`(J-Z3dK&ZjA@iJSIFgb8X#zHb5R zHylS-)>79*xNx&NCC@XKtNEv-l%G;c{mvwg?SJ&={`~S++zViq)hkaQKl-zK+q+43 zG_Fz9))j4#+(6JUn$^_>!WxoZm&?lwrlTowuU|9SgeQOt;dObeWwl(<>v!pNyEmI* zL>qN?R%MJO%L>-(6pJD8U4cQ!(}8bLmT+;kq}%VYy|e2^egPL}Ck&@sbh`bzH@=Y$ z6E|{lHybaf%v0a{-?S`;L6p`Ss=TB!mZaCO$v$C0>aw6LbEJ?Mi|3>V-oL6zMec+K zH{`x6L{UsP?(+WA_n3^vOok(W&0OtTTZ1$f zEhHw-$g-5A+ie6iTg#aRl&*WF-k=k8^}!`#D}bKekE2B7Z+z79vve5 zb3foPtc#4!&QF<4rhdejxVh=vaFTUP&W)-7o&#d*4Z(8|T5Gs*5*FSP(`^uz^9SDJwUKaxxw|my@CHG@P-~448Y`{ua4S8>KXR%^&t5HWL~d}1bBIz1PYRNL5^zD~ON_2&EkGOg z?jG^xm)~W3_mEzv&+cT(JMX^D!QMW-Ue5!IZe^AJeD$Xz9>4n@z2V5~GWcdn!lhP^MzJ znG*@X7?$e=d;3S&x?3+K+h9=`=@#u~wWdEBBI1tM{R{DP>!SLTt*s@`ORAzm;7(dI zQMdtXbY_{)<{aI-O_X#T)6GIvI_)~CWc?nEoRw&H44R-MCC|89%efa1<=_DPJL7xC(w>$i52Vnh) z@Z*u@S66ILr(9fJGMQ{4{Va7M+t3nqs9lwsQX59Sfn&Zs6FLg%#W1{KmsQ1TlVXe; zqoouM+`^|L21*UH*%BE^2E$QZPQ+TWETumfqT=|5Q@S~sw!Mh(%q`!bWW9mbr^321 zTs{&g@`AY2L;L!j^P4V2tct?%AFP`xn3E$^Od=&{AJT_1y$|<|HI5Q%P0cl^%W|}k z@EbH(!QuV^v#U!c+dCxP9tS(Sy#N0D9PI5A#f^Sn9o}2RWIE;P$qBvj6qKpakQ>pP zHz6Uw2&bbz9*^1E-{b83lA#dHmy)f?PMzvKb5R2Yo{0qpW_v z&(p`p?Ck8^0BSw}KHqc&H&$qS(FIwtfT>vjOQY%&U}nL8{uh1(ArpFo37x?ZmH0s; z!AS+A!Rp2_d2y1es@%x+ylhy9p^aQd2qj$um2|0`Qi^WZ@dCP?m`=At6vxD!7^U5F zte24sk${y3X%t3Uq!vhJ90S$JT9)pY?Esd`)!&*#-(ZDAyTit)VJPq{>`*$k)TYqP5TIy@Z%)4E#pV zc{>I3wAm01>>nI*ae9W)8X+T&_Kx_{TW@lGb;-`oZVi?iYaD>94Khm5x?;7M(H#zn zr0{g=dh3M{t_N`opBCM|b(_a0CzNH5wSqYAFdPhP18Z|R;wY&{j>XZ)H5A>bez@1} z#0hAZw<{I3xmiu+re)x5GLip~HC7-z9w4L}B-^U9)SoR}@#%D%qoX6P=4ylnh0)emm>Mw{p(I8bq*55Iy_0vGfjlcvaZIcP zaU9d{_vsD#^tv6AICeDcdi=b^DvLCx0R)Z2D1i>0vVK25L} zAWRdA-^i(2^;ctE@Al&QiX@I$E*Bge-9jZ%&D{rD-qVNkenjjs9n za-NSGLLYhPhWmipO(^5FdGe-icF|t^bUweNC=E&CMt02?*DN)SXVQ#T@s&^6cs5T(!Ot$b}xzxuwfFK52 zJE*!0+-emznxZVpvz)3bofAjY-P?hK5_%t+U8uDi*)ViP4;$LsK03u za9X7mOT93))-2}>dYy#9U`!Mz^|x>5P60u;#GlUM?{B+xzaHE>H#6h%te`9_ zgf(?Py0b7xzctp7=OwGff|p)<&A0N3I^5IRV9Ju=cwBe&;ky~F4eo~4Uf|Lew;MP0 z5;pDoZE5WfjJ1s@#x8xr#zt?L>UX4fc#x3xOa?8!MKA(SY6M$6O(4p}1-JZfO3`z=my*?M`=kzuu zgY7A!$&|^~7S~sol$)G1P02PnRjKPpAfy*sSd_G0=FO#bGIAm|p@QQ&IvWmzsViv` zp$$;E#<^6u5_4HFsQUE#JyaxJ?jI!PjA@jnLr;rRzw~Axy~-!o*Vq5#?!lhxPP6R* zsaXIum)f?b>nxX`UE{-acgvSPS~-0?wD)c-FA4_3VeJXqftm3q(^zL*T5Hzp4VA9k zC~V~xVdFUsRi(*`f=EU5M`MSW)08T8r76pte!t@vhBt6ua}7U3nFir{04lAi41Py$ zr9#f@+?XS`UauUFK9olVeq^;Hc4T>8@20}@1JX@So@Z!XIW-)=3mEO%MuRGj))m_L zo33uE%=q7R5YE6d9F71>RTf|ky-uG&zt4M*-lHr_Y^9qX2IHzY7QtvR;_CAJrhrFX z5~KzmjqkLx*5$vQq{o9h_gSvySfk0()OFX{5d1e%;z_sX2sgTF6n@&Goj&dCcDpR+ z^9FRQ%g(Kh$Zr+Rtr_f6M+G;qmA2|+bE~5TVR`kHm)K+(`6gp=J>&BHk|HfA))|+_ zXRNMQlzD-zD)21P&;@9GN1z9ZHmLMbO-AIA}K>?px;6ggp>u&?>ltn|^q zaE`2XhtNzG?*7ol0~CipTBOxij!b5V&cTv;mw*@Ez_NC-hB5>ws#MSXr@ z#~a(u);2pkJ8U*T(B->y^D%Kv1Vo5p)RaIcMc9V&M z!9PP*5>~Xrk*3hs6rO}9<%pVO=7aBWBK`B-E_(OYEvz+U*@j-CDApUUR%_DDhBVy} zMO~n!NEI5-r2N2o4&ZF1H8K)N;RI8KU;AyKwN^B=)|HK|r7|&S5G7>7*BFc;iesY4 zAe5pq&0GUzJWc$UV*JI`X1Yn!KeDs8U+4nUQY)q8CG**wXwauK8Ul(in#Tqq z4(duG##%O;6@yU#i9&|f+-gM~BhcEAW|;$%gst`e8-fQ^8nR5gaa3EobuU49KVzIH zwZ@IdzQOl;X>Wg*L3Vpdw{HtTc+)=6Kj z*XyQ7o`3~80gkKLrJK@I=dbR4q`%fOf+QA{Wg4!g5BF~Zd3b}ack>&8K8>-4;jDrh z$!qjm8l8!QgMCyIQRt!`T)SMa$#qH8jTugd$c`k_Iaygy=&B`kcJrsJPAY<81qYu0G6x8|D&69 zUW)tOmc&u0Vt&wtGJf=arnL;jF5XbeS`yD~@8A*hL2+boO* z<#vzh%7ru`s|(e_+HqLO3(fU>!Pf2$Hc|}&?=NyVIi)d3 zQn4$YHpB};d-aXH-+ANODYZ#SO*CMMvA7}|L9^fZE<}T+*NsTm3%b2tlW2=p2p={P(d_(f!xvt+!XO(5P;X03 zRYm&EM+(8t);6QjfLxVCogTgZfVkUpGZtf)#~b4qtc&Y8tHlaaSr@`v{4598K8$fa z1w#9n!?C;Q$SyJpEL2;syRhk6>j=fcp}C5UYv-uS(%Gi5*eJr<$V;v_8}={S0pzpQ z-P6ZLvCdaqaqOG-R8Mvdlpn&+9hm(&f`-SyJYO^Y}`G$4KzbB#t6x^BJA4 zD<=ioZCPqo>orN-q0HX< zlGvBIgii~Tq)%0xQWhmDdPcRmwd#h0KC|VLZM*B{B7`<-{HX8%2G*NMXdP?lw?PZC zW)yn#{6@4O0vAEhNjmIqZ?lkV;{K4R+eOA5L==H?yS9uhAMmKui_wX3tf{g!_g;LFdP+wfp4&PE2dHrEs76RS zovs7muyyFw7RW$&NXJ?>>kU;^Vyz$Y5l3~I&02vrhBDo-ySqbY*heLi>+M!i?NPOM z##n0vB5s8KVS;fzOv0pmNd;-rH;# z+XuIK^WC>SaAayn*)ZfR)6s<4?8+h;@aJcOxlz@xgu95Tu;@cxOyuEApyz z*V)UQ>&jrt3SE}uX-c-*G$1IUjfpy42}pln0@ea1KDBW2=as+ddR=Hgob(qw$}E3i zjQOL}?Hyb}0rI5FCs||Al^b_m6a`tHQxqOyttub>Td(J4F_rOJdD^MbYE$RX#u$nsr>Yzd;8i3E z`%qC;Xe?>A_Kh6WVQpDftk)aLqVQ3NZE46oqi5gJzH4jX1%y5@G%b#2Fd7bAUXBaZ zr{gJQS+ZI$++NY*d$`?Dvc0v%<>d)wS+q8T7EhyIE3GwR1KO^*d+U}P%3++&|7yMR zj+pv&`rRJ0*)?eG?y1YpLEYD&ROG4~xka52bKazSwR3vrR&T;#?fNQ!s~$C4hrgf$Fu7&ET>MMD!JsE2 z-=jNX-#1@B~V${t6do<_Gq!>MNX0D6h%?1+J^Jj z@At{_9Hk=C^#-d2+DMFb6#%OZn{>l!v+=u*t*0v6HmDQ`K;hOR2;I0|EvDe%?jG0k zYlk2UL8M}Kwzhcq_)+~gwMBc6l_VXiB6npy3qm*yAp{CHOhBXI~?P z)6xmI?C1Wr2+9gw zxiwa%8Ozz6^=b{;*3p%1+1ay>;MvW%Sr@wAtgN-aFb1$*t@bSZ@5ke@16(S zJC&jSOS4$4VYR&C@cvz75>f|uQB{;6P1GzZf2wtwlEg7GQjXn6gp$wn*3%>%MUj!` z*^SV$({(-lRp}aH3T>IK)(nPIK%(=)>k#s1NNH}I@OmLw>oq7; zU2n%4jBw#~o4E#-%J=wN<3OOIEXj+4uC7p05%Tz6(%~vg84M>Z7Hfth&qWT@VqqwX ziuGzkzuPD2#5Wc~QwnUj2siAHP}1{;WEyV8pg-~xcB;CUeRq40*WZ4FG~3YY_FGl7 zu*)lUws*O>ykIikCF&&3km@&c1e}nsO8-IJ^mR9V_x9l-S64HPc7&P5YC*r>BZ?A` zhA8fm5Nhhi^AFvI6qunOJOa$@ zDg*a!-*%2kSCqCuubiQEx?NNpqa%x|=Qn!&3en``*4u-KEu)tk7D&yqjlr&8p z1w2wj+OV1}5mqvo^j)1Lg#0agXq=sR?k8`T&Rtpc7dX-^`vd)6Z$~PLt&9sze0fUy z9MzEwOp}8eC)HF{1?%;iojZ51R=R1_IIX$L8;$!MjbEP4ujvm5lvPEkOBb>{8^(rR zwk%mMR}^JgKORTUcsJ`6n@!3lOFSYCVb8?g34nBEig_9>D!yDdbE}G=>bAeR<4_{(ryTaGfMYZ zV0Eq24V!dRONrI5-zMU;LgZ#Hp3|pqX5=-_RjHUkzfYQ_1h6iOVzws}j?YeR(4gDg zt=;WiuIJaaBX;?-s(0LGQ9iRs{X!k}hwN-^QC1lULseC5($ww7o**TJBF!_J3Q)`V zagkrY*JHieG`&UPv$nk-_)@W-an#}kh*}>2q!Q1GA;QZv=U``hi#T@DWmtnQD)QBa z&2mM)*`Ra3n``~dwejLOKC7}`;$6jx!PbBWFWqPVXdf*s`6j1GbF%e@*~KNB#R~Mz zD4@MTg(=e^O}TmAn~1^k3q%0v^>S;yN<6VBn0pa19J$p|?@x`n91BHHuA2x7$Z_ zI+)7TB!s-kea*R93f5XoSumenF_}!AK3{|N-Czj@KtyZJYOzF@jeK+x$7ESXnmbNF zr43b~$+Hc^;lRxp3`CC_Id}Z;sw~-TQk3jqN`o<_lbEj0n{A&)_frUOq`GDuT5G7R zyy=C*#%!FhWR~aNk(xTJwAO)_+5>U@o|{SE?+C;s-5!Q&Mt31e4G2X@1SH<6Kui;8zmidRkB#l==FO} zb=kLZ2Xwu4C2xSZLP%5uw+;_Dzq+hz{Arpp=nsjNqdkv@W3J~5CgahK1sy(v6;7+~ z;_BLQ5v(H-J^u*r?@E?3FgksD;^r`ZuM*1Ig6 zcx|WCfjD+UZ=?tXnj6Dc1G`iJB8k~P*kv>wb9r{f<;4Z023=KLT^OVg48|k(X6k0h zUw5z84R%ens7`zQ@pp9qn>_mmd!6o)5Yp$Xx*o;ciO(g%W`&wlu%R^2+va%t;OpdKw#Kac|p2y)L*NO>%=pbO_8}#QXc$B z(=|yi#whEA5^nSpSgfr)Dz8~@GEmAJb?M)@DJiw(&8+}sr9;V$LCK)*Yi`hpZ-O!q zsfem7YLy=8>%w6-HdbS>BuR(mazVd8tT#0!B~hfD+EJRa$udTRKH@n6>y3JUYw_PC zH8xx~u#CrJ=5K!4MG4Xk8Hr=JfG@7j+27r7ib@{1l}L8CwmH8zV|#mtZnsm5c-ZIe zqs?auq41#JV=@}BSZBmSlI1yBo)IN|q!5gU6V9)$xO@Akse_AV#}n3RK5AVMa0VMn zkToSSIA!mYd`Z)BK>~Y_8e@7kmxh~bG01p#dL7nT$#^oQ(op0%RZ%*LuB@cWOR^{> z>2`>ch$xO+`)(NO5~RE8lM>exs^eb5!QFkPTO*!6c}lvct1DIyC##EXj%Q03HbrN5n z*A6HtD@?6A>rh+QACR%UK4&tX)YD)CIHzkA)2A9*V{}1TY$!@ym&7cFtSDSQZz@O7 z(Xd!AIXb-M9FD1+(vEdMjd3Nqs&pyIa=mmJdq`1?%kQiyKXAi1C*fYFfXX{Y(@cZ0 zVRn5hH4s8j=#ol9RW-vZ!q~4QO2As8IA)V&RJw9?bOcr?;wVN4OP*z{)+tpLO0v}0 zi@PRG0j@~}f(H#QrD!V)J5{eI6O|F)sM-afd^`%fN$HMIkArsZuz zcS?UcA{q1%vBMHWLCCF1WA0W9aUf4tZ0ym*won;I&Z#Qb2i+E|FrGMK%7QE}h@y^vyz(k6t&TS= zZZw!fywfbNu?LB32`;M=K|sSDUXT?zThlFP%z;nP&Ye7-P?jZS=>$1+{W>^aK#2T8 z9v>Eo^)>aXbhG@dMGMzK$1|aClcz(LrC{(}fG}>%8Ed!O^CTx{)T_;!(I~D{mq;m8 z6p`mS>&=?sU`P~o{l(U;TK%&-*oTG0?r`nDlEb|NE-$YbjkbLlEa@aYK(gL!7!F7E z_jfp&WH20}l;C=H!DKukj(Vsla+`;35rSyGS9^CBQZbosv$wrXmY0B{EOLq>Lv?!& z`_P&qFG!+ZJ<+Mz&;$rYCr(K7lwN;WM@8+hxc$4ksGgHz-SE;HJbca|+WK!=UPnm5 z?#@0x`*U9=w{r@u**`d-Kj>ozmLlu2S#2n@99dSB+E5yUF&UPWD2hnp$O(HSF)DHq zLKMZsNsI~uV1$}?0#gZiPOVh?tcGE1c1u+6Rs6A=LHRs^S560DrgAhiDD2!?5 zuvKN{99UIR6=hv7Z9u-J>&^zy&I5u@ETg(nXV>@+MS^U$^zFhv^peUszDn14O32Zq zlzzcUrsE0g&AM5PKAcM;=eyG^Wu2~^M0I-_@(04#HgNahjz9{*-qsG+i@1)k@ z1P2HEXlvN4R$O0PbNu+2Jk3D~I>R25ohjq(F>x<;+7~z?owPxqMmv^hS=Hs`qHw|? zrRSIg=B<^2xR-F}-W?vi@BoY9{Op{|^K)!j`mCsRg8X@|4PG?!Go_HvcK~IU|Kmxw z`zlsoipq^CHf6o=tu{~vgLFm`CbOaq*Yj&8yF0ESq$n`{OEpa?4QIgm0g#Ku+*5z~ zKs~!Xq%jy^Rk?uv#?D~rN8ir`dyWMHsP!%>$Y1pQu*G|TEL zL)b~TV0k8YZEQ@m*TZwkBVkAGcDhI@NwdruD{i#~$fzuQMw6{ak(b-#Hi zhuy4=*Bwr#!svpa!ck;HzTQ^4amJk$ z1!dKckgRRG@!WF+x~e!kKV^Hm<$@0F+IF4SZD_I%Lnz5}r|J{>;H~x@Y|l=K4d=qR zh6{s1TkUr(=h?%0YR*y9>E<*9@csM7VJkkBz*^#@i}qCop<FoC1_;l8(20MMJh>^7cQLFO-QYu+10htY}QLUe$L+qUpu4uPAckz0%c&^OJMRb?*A2ghj-X;dn%E z(DV9z66v-4MEe{OIAl#ETFyTyUwlAOmK+~Hp~$jU!`@9SAiRf^ z&!hn5DwRc1{B!-mpy9Z;2rq3_n_73y5BhL9amDQFl7szy%A!P9h36j!qYl064t>|& zpl8=tbo~^bP#zSaVa3`T{N+G4D$1e}wg{%xD%D^ud65!Dif*UdGGKetn0**-u@q%_ zqny@+-KO64u|ZL%;aCgL1-Mamt82v#&=vet$OD5@(mo}Tfy|`baFR&5mgV7K$b32H zM&Zn-0m`@Grkjlq*`*ut-I_)tTk_%Ua*$KQX&ixjjzW2MUr`opvW;iGIo4ksb(oAN zELTeekq43_($~)K+`2Ti!^=>OCbmf_lSiuo)o~sF-9p z;KdgoFzgRFJv$*?ZvyDlA_a-ons_Dx$g<6EjFkKVsg#!!s(cG;EBtMj{aRua+EnN~ zbvhs2geou4bvWCkkN=>&=?U zXxua(eV}w{>!`$a+NCHdNjDqcNfmbbkP2wuJ?9@oqiyB9bStzB@>ap%+qHP>bL#fI zKW%iYEy`UmB}JVp#(rvS=}AmsnMo<>_j*VKRavo|FT8SZR1cwa&LS9pYr&vshMwN+ zwUAN~#|h)XfW>0g?0&)_?OT%x7guNQJ9;{c+x--~yL;$Lvs})Y&u8RCi4cBQRH_L- z>v?~oew|>eLMe8)cRVWZ*1~490Sihh=8Hug1q7C;3oBfopGEkY2sdM|=4eK$-{jPX zbi&?n0Ck%+0%Ke%;8F_*%5}Rv2E%^MjS&`CNQ1kw7Orb#9J(0cIKR7!>Fbl5*UWNT}ivx_sbG_83*Z30$s3bg~UX(qEx z@vrxK1L?Zna!grL>CzdutuR)5qxN)C+ftn|j`%a&+NLZurYikoe%NH_daLhqmXW0! z*Q2ar*AeEOMA-H5EtWy&&1z9=o!!uWYgcD1R8_%zIb-BC?`}pb{uXoqy^@aBt`)ad z*)^fV@22x|f9Km>L%XhoN|%H=g>{WvxPc(1KGp8xmD=+Z2!bNk3B~#u>l+;}PV1xneYSXcWlqeZ79gkTo z=M-h$WANEaKI_6g|pd&HfNZ%J*`C?9%WwqVQmY%?kZotKQeGmA}aonLQN>`GoO0Q^R zK6tCeEaA-mPx^^rO6M!A=+QOCedT77iz{H^ENZ zdXI(}(tv#~MexrN&4Oc8#^9m=A5zxSb?dU7Xg(LTLe85=@y^x`n=JLc0ro~Zu`}J}^!${12&oi) zDve@ixK+9fc!%3Y;7T~qWn(?qCWbEfwz=wO%gw=PH1gPzTOR^P`5tDo%1z1n z$pxGF$`yraL7JyTUYjC}V@KE-7}w4Kboj%dh1p_tH6%c|-GFx%F7 zI$his@QJM$zmLt5IH4$uCnaA7XB?e@sH@5uL+Et#1$ZAgRFC0WKuJjwr!;LtQ5N0% zhKbJ73@HRnQ*&`~;qF7aDl#d3tvjj%ju6|iVDA<9FaVHJFrCc2J3q%5FP7nft~?)c zxtRNLf?;*w?VGo$n;KffqsNa}uHEUam2Y;zd4Rk++!G*ty0kHLbm$DpqN5iVi0LDqJn9ZiNw(fHFU8>EW z;P`N}T$fxNUsA0~0JJYz*E)D@eRy=Ww0C&Of#uo|UPih`zYx|7(EfxIg&oB(9own!CJWhK+` zjPvJg7U~yhXK;Qf7Ft)$?EI@c#;hUi%$kH*B(Zul#Dxc-> z0i{x!G)b8+mV*e)ExLn)n@ANCMG?oRCtS|w6lFQUGoHS{hc3C&n(1_gwJp-Zs#rTN zg$Hc6fL3pWtWYSWov3D~lVG=&aKDK{iZEaTvip6v4hF9Oa2V|by@|n+k#v6du`d77%?_r%jyi>n%wAesWaHrUId8y;DyLjKW4M~)EW?SQ8 zq2b9J!hvo?1y#8ri(`7_7~!)F!_9BHP3?F_j+xj^y|n{p$W2Gv)|6FA9HlO<>NdZ7 zzadoL>&-h1z~ZR4!Sxpboa(@)D+|?c;5^H`q7W`F8z|=l!x6k60aRtde11X4Chq<5 zj(t}*^*|X`F`dkqFBVwa&=;;a_S<+oa_?JL9G{#}H!V_YhrVAW{D42{ue<$2v{)*| zC>v3hC5!pIA2%UEDE4N%Ja}|}Ya=?qFDA<}K%kZ8@zEj6)f!_hN-4BAOvAD40kac*l-95C90BGvQg#k&zdb8Ow_=9&sO63Z~wnm?=b+nZt93BuIx4?F}^RW5N;Qhka z!0Q|38Bz*I-toO5gaGY3`-TLS!?6tIx?piJch#Uu5Jj#RfXfJUG19eAZR@b($&aCd z?+m|EjPenAnsI)4$ya{rEBu3B_=m`9Q)=6q|H~*JQP-7o-#ya~>j)=3fyBoG0|1bw zWpR1w^R})R*>)OtF9}z`aI)m%y z<2vde9N9sLIXomB1rp;=+}7V;D@5l6cSg?&CX*=&1p*pVJNBMy{o7$bezL&gq|h%H z)J5rIbEiSjb-upxv{yI(AiWeYho?W>Zv$4bGn?`D{r6a`H^^#Td=mJQ5~|aHw@pn| z7QU^P?T}b8=wuQuK(vO-^9v@Uu?MmS>akm|={vGG54z=Yamjd;;n?z~@5N?&FJq{G z)*<#!y20S40ju>It+eYo=Ls=x4~i~y2=6)M1xRmsuab+d4&{@;GbOdlTVsZC!oVsk zLPJroOtQ?8eL|=++IW!Pb2yW~jAP^Mgrc1?j=b{ko?(A}Qd3p`S-{0G3y;-BALLzx| z_>kplgKaHZMQE*icHq{+4&Igk<3PpT-CdM+&AB$4k|avFn9qB!E_}A91S_SSK&-J_ zC-*SZF$Dd((10-aeMsQnwzEyPztO=$fSu_KfLKLHp=eD*<0ZO&!WOEtg(o<`U1P34nuF#6Cq#EQZhZmktrnsIz`%)k8C{|Z^G*Z)%z$I7%$ zj1be(HWf`>IRqNmZUEW4=U8a#il(WEqNH2&HYlrHc?{#Hx~bR{Ytl4vQyAhdYrU}< zq+jEJo#4!IZuPmmkCk=GM6jn;clL<;|>ZW2opZoi=p35T~N$K*`rE3TC zw7a+G)tq6J<{Ta$GG8ny3Wp_V-}*{i^8mI%JBuLC$7G`sLRi|m!nT&OEUzv8U=E~| zv`x!U$h0&1_+FBo;R!B%SlfeZ@f&B@Vx$8F2X#coIvoW+G-%;cu(s_r35;zA*XfOo zf%RfdT{s;=UzlcKfCtPj+eeRS z6tgqVv8L^CfY56YDN#|3@m`4#nkb5Uz(^}j&Q1x{Yyl=nVjp{3!)mqisITa#xIrd; z82@)O6Bv48_;&)WT^nj^VX<6NZK?k{WS_QWvtDhDbrQ#nMkB0sE!vcnJUTpNx!TaS z#`6Mn$AQ1bd_j0cA%Tt}c6auWQelOoY)k1VzgsW#ZPvG#nVn&{=93Y62M;}jCrOy} z#>4-AkcSWJGtDwAwwr4$HA?tGC*{Z6+I|gre4(xyF3vBV-l1PtUCFM`xP;bXQas^A z`fyWl&B*n4FP)*%iQ32FOIDnMRpl6XdU*N=Cg3pj z7nJhp7P#;YR`>Vz5yI6wTrTF$JsyM#JL4TLF1%_lPU1{S!Dy6In;IbnqcrE}OnW1}3KxXyM4xmcF4agbb6*3RIhtPzH?@eP>`P zu6Y8;rxjIQu~>tZ8=9bohYag?lw`9jr0T=X3Hb^=PXZT)EFTcnm-eVwk`^7`|J-7u~;>s}+%ool73YcwE?9;4pLj zJNSMu4z%$TZ5r2yj{ve=xi8^68i&aV=5dsdSS%L4+>z8Rt32r^f>$5}V1jE$V1`bER2a!hk$dxAp z<;L~BAH+fkrD)rlVzch9#|pu0wu8ZTT!So5IXXV%Vt&bHM@WfQ zirwjqNb8PV)^QNrB=(-37Z)*|LZ@%>P6s#BSka5NSSQ@FwF2#69Bh9y^&x2q${)`foq1aa7@|D7P#4!k9=II+J!|B%heU>E3Z`y>HLyw(*d5 zz|9YxZ?J~g_YfPR_k9}Bjr!%q89TG-b~8wL@`Xu!ezO-C&63o66aI-sVhAN2?)wlH z%Ykb;B(mT<2w||aELRK0`Ix40J@&Rm5W}_gTIxa5&KiRf?z>1TglYSM4u3gtnZtdC z%mD}@9XlB;|Jtso!~Z)_Lb0xPAkkpz4Z;aT)90SuwXK&64j(p3%3b_8!8mD z$&{nhqdqfAE0CYDLpFzI;|~$y8mt0{`~eMyDUurl?P~h04444-$Q!1=;XT`Kq}BuI)fc)PwN(*HMtFJ zyELN2w6IxkycgAD34JA}baUt{Hn*z=|CTek^{1}tQMOIx#VuVgvbt(qMXAEIQwkf= z+P-*GSZHh7wj@hq*AX^6yZ&ln1BCi&w|T6U)J1`k9vm5f(BZ_zi$_`?2L`vN&%ItT zGS&%C(zcYFf>Aa?X@wRMj{fS(NW1e+gfp*a=~>}O8^Tz!C?>WI!bfgHS8SLC5*Dv? z;|+q8jMBsjpj3)HPa!4y;|cG-`@L>?D>R#uU1@~U$EX(SX|mp1$9aR zLfZanM4yg}bmU5JrF;MNX60)(B*A%h`i%l%BkIp5@*u1P1l>eX)21cAWf2MmPL4QFD#X^Du|QVtH08_u29w9{?fN(8lKLCG@x?=1%^D< z9e+WH!MzPX8|gh0)rBe+=Pox*%`li0-dePSx&znH5o}vy>at@i2FO7O$*qHZA{we< z;Z6nVXunC4lBYR|jyXJh>;+j|)iq@LCEjd1ZOkJ0rYD(AE>Th>!I3Vz) z=bz*J{1{~%^K&s@;xnfXQC1OBIKF^?8A62dXu5Gz(uFZ^z5gzY#e$}BT!)YmkXPDw z2d1VAH6){Kgw`D8oZ#v~M7Q6w_ zN+TnMij+%vYG2toc-=P3)-{z4rRYOXVGFei-tW^V?E3x-R^SN_8MN=3y6ynLG>Hi) zFtlA>K3ux6mep#-Xfz(g_)j>QyHD})i+6+8n-#*VomyXtYPM1`!Dj4o`{jPKv$NxIk^Xbi#EHcoogA@Vud&u+0eYZNbfu|B*f2@r(u+a}BBj`D z%AU*|_2Ot89+UH8IHVd`D<^0ky zvXr9oQdSINI&sC*7=DH^)=P`GjI)?XS--%yW33^V-deg8mc@ZNX*OcHTwU`TAb@~D zG{P;OX_jD{8W*Oz)GD|xN=X!PFwSV#7l@{GA(?PWK-p+aJ|2;0DQ~~`HeMa0yT&Mr z*q!d6rJ^cI4iArMjYX?%X|Cadep+=U2xgNJ&)>O4Td$DRGQDCXsev@{uAC`Y#EeLYq-()=YXNmX()=S zJM09GXe6I7Cc`!PV>h7Xinn9^sJ1nxv6M~g$UwA6-~U@&SrF1%guzw(nHC+Xfu`Fq zW*Xd{5Fiy&Y7m0DE?95YBx%;2R{eE~tqmQDU|gfdK7Dh|{TBvnYSx=Iv*{EeT#vvm zG?6|~6Hfec7{_<|>C&H|0@75oGfFV!%4fB4*D%=pAs_3~Z*B>;bwiSRa?gN1;w2=I zv|YmvS6MLx)&!h8WI4u@ z32BmoF?{gwKC7ZcDDBj0xQ2CYFDBs(nzZioc6ayK8^_$*8Pk?46fMie+|^I`FiS-V zb?db6!+%K<6UW*MUrMBM&ooUCQt;sM5$mFK2Dk$Rg$KHNe8oN7I?A&VaU2sT8Rwpt zAS~V3g2OnBHBKm%K=gTXP;fmA=+~pA=WAN=1e%af9flr;T_Ka!u0yqQ<-#(Oj_WVB zc`1EP4MHK@dbM#xJMaxm>BGZooBIm2`zbb{Ggw_2zZ1EUrnOFcylJVLn(-*}?tCEr z_-80tYn?n(mJLsTapk#vfx;ua#u&<~X1;Vi0D8BuN9XZ$*p8LvLAG#0U5my21h;L= z%K}*HOL{;yKIVgm_gO3#l$B%kMM|M%@5+jBG!7PW9LMCN5jxUN zlfW2XN$UQ>`Z4c$2|xaERTJQ8KYQxV!g(Db{EQ-(6_CEfS8MGx9=C4niOko!s+=05QxCO(E4ZMY(?dnSDo1jKz{Q1}VrWi$0bmW;Zki){5Z~~WQNj@44j*zSQ z#_+A|TzD%aP1CX|3d*V`(h;2$l?YT+!8R3JbSV!<4r;prxVm7AvS77dk!P9TJOfE* z(WACv!0sES=;FwgC0o;wr!k{cQ*P$YHGe|2mGH1~mzF_vI*I$cyOdSAm6i&YKBRd< z<(X2r1}m)xvrO;E#&L|2l2}4+mei{=1O_Rb(B^0~VKN?*Mlo-_{X^Qi^hO|LWrXX} z6Gb$2!|~A(Ro!&nSl^hkUsxTc13f;`cRzUFDgPSNc?o`M{2Xl~;z&uBWyFyapmAl`+lyUm z<>#(vHeOTqeIo6=FCE{0jleNF`)9xfto7?aNvv?n#8L}{7AWPO&ht@z46buiu3U&$ zG;+m6PXq9tjB9M)Pf)5VtJ14Gl~h&T^|O?wHI!wAG1k}6YXULd`gBhCcPo7Szg!VV z$(7A7uMDX4)n(FY{^5Afn{`1PB}6(N5FM-5yOesr*pza7S>UsvsjbGimF(8)t>8K2i`4|($QXpmrb(9urr#_))j%`?! zn_st{Fi0hc6<$OopwP|$sF2GB4kih!M?XRumtl~iMaP;uH*Qgu1*_$PAHDNdS4A0; z9(k6zjDVEfzki=%T{^Etsjf}h7Kel001XSYtc(zGinTRwyzmT>DG>FBwpvrHmp*)v zWZ8)IYJq7(Il1&KKusFOemq?d1%+fbns9#RWWc)#z zMv-IEb*F0>E+1Hn5YzkodAOM6$}MW?_~(I#))8{NQRpLrU;z5L*mj9r3U9Sq0urI! z`)Z{LP13HP-aQx?gcOyOARGvoB@vOd2vdS>`USY`tcq z(I5XI#ur(IiTh4Z1f(no0AQI}jCQ_DgrKN|aQLvy^w=eTVh3plzHkqgG*~ z__+#)5dtA0iXzf92h&nj#ddv&^{TvLAQyJUL%3=LdQuO;{B3RjzCzJ0J@McWTk>}k)GB)j0Wx1Yki{8u-)&mmZol4E|x4;Ys$j$3)*(j zG}iO^WL4F)ZA(=*4uuuh2P$x$!MWN=oG`2}-!_GUj*Nila-*hgU6+@Y>i{Ig_Kgn* zV(V*10&et+B6Sk{|0lhMTE4X&m-)L;iUKcp+g09fknjP#s!NfIfPkZ26HsXFh^ zSC-NxD?R%zG!sEe7V8x{PN}MjQ2iBFkWdQYvnT?I5-xWb5~git%LPQl^a~ z)DRa@gZ0>PDsPDtj* zKJ4JU>FFGU-#x*j@ZOH_3_#}@`d$d$3lLg%>zN_IDf-S#Qi@JK{Yj4})l3X$EVNTQ zzqnw%S$jHp>lvutvqyA%2U!#)#yF|%*voSbH-6u>#>JZ z1#NmMg(u25A1hB2WO+hUEHHo+F4lei`4_0$nwOq=mLI+KeUxcjeSzOFN@;d?cZs8j z$45u3mg_zqw}WuX3LvmK!}W!QCdfwF}`XkRF%QIB7X1$ox)Xw{uPNpnY zi!OzhWg{m|Z6Qq}MtM%t))?D(a!|xa;3<-3xKNDT^wL}=*gTBR!?$&!@G zXv};u?=vXY8%?RY`RJRkdXJ#R72XW0{Dx_=Uchy`LbaD42@9c%OuI0^iEikQGt%)` z2D*%hp%I`vH~VG3jd2Yt5U-y8!+l^{!+N#m{QQEdEW1uZy?&tg&IcAlI?)NJiVfo| z>k?L-I0e0uift{MqI9lTw?x9DFL$If2BORVH%&vaDOhbb?&J)4e7TK^c4v<0fw~X@ z1h@U_%~y5BrYJlS!>3`CaO@G zOd$pP`!~3A`!)x=Gh%7EI6Xv~7GZpw3?Z3KCgf?tYIVu!`6<>|kH&9jd&Gbgd==W& zapvf?!WoZo7V*iKp2I93BdR6EYJspVX&n33R4ocY5+|-q+6!flM!F%1rkLT zySkA349qG z^=8AmELaupcU4_?8|CU_$o;vhJ-E#T=tBr0TqWYRvaj?E&0!;!zS`0qlzlcVloPY{ z34?2*zorhLZ(HUUmt34*U@E7`JkTy1?5p8^6Ue4@?qbtaUdJ4)m5yI+71lcbKKOol z#zLff%NJ6246RdNm=ZQxT{RR%L0z?s$I~r9?&_nK5%3WM#+MV+3$ z>?yf}*N9-LJ8SEPS4p?|WM?*GKEK>@ zuceT#v88Vb9c;4J8ZF%E;%X=8yp7hAgq(?O$OBi8EF@{X`3-K+oI!}97^PwYUqfrjog2H{ z$R+LSjB>r8sY|rf(6qEw<#_T@gc3dJMr*}vI(6-{3de#J!ZklRIXz}Rzhtv1d}}&O zSyZgo1?%;i`TUa0#RZp(3zn-njcHk~S1guumg@zp^^&64xMr%xVA?@HM~gQqu2ft{ zkx$b-rLwNW1-3ndCvyS(!J?#Z^f4@{?hiQCZEn$xb64RfJy&4xv#s?m1lKSOYcX}h z<@p86`2tfr@O4P36}sC%RNec4SgQ|eRs11cgTeL^Woom6J1mlP1BI3DZx?GI&#|ZS1h{&wA|~4 z+OAqk7blqpAr)F!vLwM&8@KU0Lvn4E_(^nsp@d>ntemF47a4JXW>7*>7G>AwSt^0X z)h8s1o*^jw^;v;dvNvLY5|-P$ITwd-yQ)K+`+jiqHgTGfh{fe8!n4VwaGid3 zclXJXlt+&qvRtoyoa)+C2R)o^ErTF^?o)bNQPhH_bqyt?Feq*L)a$P>(-jn#lKLyprDMVjekOi?V@tS>1x8>*tlHip0X&R_HJ@gWzNbIPK?ni^?a zl=LA)mN3c3>`bTJx^bJyc)~c(*_ln5%_dAH6Go#E<55PQXQX*bnkK|iM5H5h6nT{- z)y3@yam5JqSXfvs-S2Q@Gac_cC7s3#_6r@J@vKWiBzBb)iBwvKv2_y9Jx3!k}4I-IP3oYr3cgyf;e&RZklFZK5I}N>5o)v40Sl!U8qQ`lxwHf zr2)NxHGW|Ui}j)(<2+^})>O+AcdgQ*qlDLAeUsMK*tVkHtT1)qi*i6H809&$>6Fc8 z$;t7dTTnqYd4K`*EwZ{$)(^WPPBN;h^)q7;!VtxlH=nnTC!i74eV2U>ga5+RV%k|&mGv+#<= zeV>D1@47y4zLT#~+V!!s(sd{&JC;~4+qCD9| zD9zp75ykO)h^BT{UJ9Oh_65e%DaWVB?2j`xi&F$ORx}_TV7R}#N2(Pkr%p>i`^DFt z_SSj)VzAL`r&v<;}o&O4`Fieor$;!uZOrGXsag3G%Yg+dAc9Bvls;Wdsk#BlvyI9S2 zVD+$&rw+z(>V*@;^+D+Xj(&3mQ?{E49`gjUCa29N`%-2&ts2AJBTMlk(Q)$7u=_>opgrXOznoP3fw5+s11R z_)twL4{#3)At0m!E&0fAsUegf<2m(=tsm=K>DB0MV0x+NMIr5g;+X zW_w_t=+L9>od(ubI8{|i+qOhL1~S2g+_J=d{3MYb_-0`sF1pQ*a5rzr;v6Lu2!*h% zYr(7(Ovj5RgPM zMX_c&+vUN-_ZUs~KvqpUib*_{qQ?{|LyPd`YSJUc6ma6kogRaB280n9o*pfhu`P&{EXS; z8H8y3xSF2eWCFVF7rJqatRdpP2M;+vGgQkZ>tfDyJV6P~bh5{nKmTbSoL*9{PT3jX zAc+&ActnTE>x^5_|lGf8$mFz9rkMqK=T2W_I`UtJ6YnrC@0uTW|b0xr12so9HwFRL)m>i}sm4YP2v@JKYl8cl3` zaq}i8XJ-y)(h*tivI3JlK}DXu=nn#?uItWe9ckLywWAL>OWQQPM>(h^xK0Lg4M)Nn zbL-1t8<0-?we|uL z?%u7>@w#`6bj;bs8A=MWIH7H8v`i4v66vUGNGdvyM-WE}iE-_~LUzJh-#BG(iuuAS z;slzO{T<8c{X;1B5$O~}#BUSal~p}(&GBtD*;+dR1^{Eq;KG1Ev8AS?!Cy3n=?jAgJ?P;xD^5o$Vl_?H(urB z>wnJX@`SzJ8)!gb&_28f91L&&NR&oSM_AjioS(6`e-oAEtX6X_7Yk%GBTbx&lIySN z7?K9Zu(bGA?#>7BS`D&0&4OHcI6uPt^_z9D&<40uUlg=m6LQszSZlrR!GOl@)7RGa z-He@6(x>-2oJ&cMb+|U_;Cd7YToc{8D7iSjpjubdO^sBNJkQBTIZ2Wb#gT6-W--!o z_tq`meC0Ln+_*^+$3)6Wuq)q%7%4DKgKmu>Nu2xGZMxx2S_kv3Rx1wn4;))>>(0gX z(FnFx2x?=f>xNC~+I7`ZqCC07cz~&&h;7UIB-YbaB1Bb|)K$&yY}UQdRdE|^Q&O#0 z9Xk88Ym~zEd{atdZQG;n-oHv?&BggK`*$YZMY>|DtarhbqHPUAD1%1iEK6ByHY!{Vb`Av^EJNR5m$%Bo>+tay0;N9;fMCRS>M zOnBzr3;e~mzQw2Bc%6qwhcptTNU4qE7AR{uIeE;*`3W!Fdj>tqT$&2$(t-kd=A|DC zV^Apa)X|ESwEi`N4djRotutZAyUwm8zM1tOwn#mdv8ibF={fQE!SL} z9kX|EhiRU3esRudH1;`syuKbC5QvmyN#aOUUdyI!UCoM{ul{thgA;qOWqERLF<9wU@WS-LJSVHfg|niPib#o2EPv;k#ZY9iXw)MQmnPqWySgFDeL9h z;c#ifWHuqrQrG?t!R5sTS)B06Pkow?yz&aWvl(feqJ$z++BGWieHfG{=T(~;?T|wV z%_91NGES{@Fjz8*FcuWDQ(D~u*o*|}3QB}@@nqA~&ZVqcqBy3kUDckj4iQIPh1ae; z!mkFk02Y^@ves$%TiXyP5mq__)=GhBElOEzx%9R6(l2D;uHO@G5CUl(mMxS*+7L>J z4m7#BH|4J%zRTY27jQ|K5Kqc3L!v^#2MtyVk|<%mTr!!A`QX9(jK)(>x3x5NNmVZ? z%bLx4k8uh=r(!V@%g3!9RY#WC-`_cq6m-lHu`-alUQsm~RRckiGL z>>k|U2j8yv{yRV7)#qNMT%VKe-D8qWP&(qqjXPAfqN*#RG;u6M-*hFo=W^TJV!cpI zI+{?o1#N0kRsunNDUe$Lt(e}r&8&Qkv^7#2-hJ;|Om`=wN$&IIy(C*WwN;vOk*BO$ACl^)o`gR!NDegBmS9&+S@2FXrz%8g#iXjmgmeDm+b94=Q=GJx4QB)15+Xq9G)C=Au5*ZIZfO0!}~{kB)>&& zB#{)9t255te~0=q!xU?d&X0NL@G;A(=HSK+Zr#4i7e4m|MsY@6*4%%*WOsiD8I6%x zzWC*z<>5Qu<;54DXR|I@5fkMj5E^4FcW>U~?EHkLu88BwevAyQ*7Z++f*u=h=sp5pOR~ z+X?FiaB&L+l)~>F(_MlISs~994CsF+a3jE!HRp%NtS&Bz6CdZtF*Jtx{DSp*tMc3F@IzEI%ZFLyxiAEM(Rux&EU3354=65J)+cXF%F-Vw0yS%hj?&XNP_Mh6YFsHhGwoAp^?+kO6pU90@3neOd_cpw%di z$RdHM*Jzz?xmEqT5S@!1$1$3SF2f-#Sc6uQa&bmeF3{0`cdNX)F}qxV!3v`zP2(~v~)>a+KF z;n_PJoqvE94WsEUmOkI@&Jc-_Fv=su-h`9$3wHKyFv?<9%Q;CBdj;OssT()WgG-`_ zvMw3<5UTY(2Yzg--wv`vqVLRu2yuHK3O{Z010L&Yx87GtpHcI8m{oL#stn9PPaJaW zL^l@JT1;7S{OE}J#U)9a5~m4OS+SWfDas0POw~xpuKp&{n(u$_`$Q_@mw)~jo!E?z zlePnQ0amkFZqUp1%H?6NJcQ|8pR%b*Qs2kVyTy(l{`B}?;JTl-ZA6hD1s)4 zcZ76}OW*BHavnZ>k7r-KF^Ka*yD0}2#gVt*65=Gmn3~mQ<2Ks-jAWLOB`H;1pq27g zTA*cu)G!-YTpHD@8r6FoeC)H_*~uM1s6Zq+YBa&>7@;J}T1V_4MPgV#yrf=VlIFWa zI^yM5Kgtij`6t}HvCFNUgo|o{juViel7v}4;_~v6{oN@_TJQD-wIE0N0_#0O=e4Og zv|gu+uSNL3?_v|cy(rSGmK(A(Wp_3s&of?1Q;siB*ibQ=?jvN>q3=H0b}BmK2~8_l zFE5zRcB$%$YO^9z5*ZDJWCd}gnXi^0jIY_a;_ZD%q}g?3>QQV*w>8^+D4({@0cxM# zHCJ^1L)aSFcqZUoKKzi<<^Of0J$=E_)(wx|`+&M^NaB>HHY_#^+P3vM{s`@vtF7og zSa5YE-}&D6QBv{CzwnD_snDv&tvUh~E%l~A)=iDlkt_HST^kUBqL0N=Z8om`x9!He zL+FA)!u1U*oCaBKsf&^%iYd#QG)ZVo+x1Cv9bgCfRS{yX(8y_!o)H7&)Cx?~1_dmn zjGPC6MF`hED%FOlz|g-{@*MJKV#yL({_=VCfS(sQ?OaDMW@ zr2{+T0YZ3opt0ykx|7Meg|Ro?=lt*?X`HetHon*>axSZqZc}-ke(8Dc7)Q%?gc3+% zg^09^eWS=pO({p`4DO>)${B_<5La%d4M8Xh>hDfwT5zvHYs$u^8=@nc~KUZ>9qBL3(hj0B73-fMs25sGF9)$w>ca0(^lF z0~VkYLy=1L<-^u7{N8{29ahUVZEaXwE?F;K4+hsv)d{%_TbT!7F%%%hTJhcQeUE?t z+rLdy)wEXy4Lm-gG|0xZ17@D+{>Epw2>tjHFSYfgjeh-S_!C45O>3B+O z{RZsBiO~1|dZIZUAk)pTI!qaNQaJXz>jTDwVj%mGOOi`6IPw*x}0gO_SE2QxJ zx1Ks`+1uG+v%aLQL;t%0GK>R*w2~xo?13FYp68TRLEZY!KW$5_6m3)aet3O42w_MQ z1*Rf&ShCg-MXG1NDdA+MeJtnt7>HhbFG*4PnA^Jda=NomRYW# zJRxdoBGs}pozPYVb-6|oHoifL7A-@Spywb--y25?&=IW=2xmPz*S`n8{7It(v9c)9 z`j}KYf;O`jrYHom#Nc+TkUw zVR^aW!Mh)@zFgDPEoEI1B@tOZ>hOVZ9YIp;I?L6q=Ol{x?hn4tfB3!Mr73I2^ALS2 zbk`wDJJjZC6NUl10W2)mYv%!QHJ0eXziXRH3Qr<&xq77(>rFwLq%47nZe08gQGRLo%!R9Hll@su=D zT%I2~u7TZdmlir1$3fd(xqNt*rzD9cjbqNwPe^>Zahk*)KkJ!@N=2B~QGq3{HM^5H zw;jFNfos0ui47i+BbCcYBeRsrIAt0)6pKTYX^=YR+2>y7{a6uY^`)*GZWWU=7( z?v%~)!lm{^>z>jey>^}Sv}l1v3kQ}aX-w5Lgw|j-q$&{@DZ9lcq-*%$GB=9a3R)v* ztfE#4B954ia*Fu{=f{WC#Tx1w)3n&OK?*~prK=pQ))?#5kSb3r?-q!JIElN0nAWrd zw%^r?m8U#JSP#;Zcg(fZe>3Sb8HDW9@ZjSgSOT-t+6T^L`cD^ zITz1TRW-4WuMgOj4;+GH0^#eq9XKL|ps5>@>D2XgCxCcQD)PB*4W6WuVm$X*dqtk% zg_*YYg*}#3wro~Qw2G+8qLU=MIx$v+-UFc-iRtbpiXv|9?Q?qcnB5yMf-n8-`O5Cp zjdq^k6!2Qr-vqNS|K4x?vm* z+7UOTwWLbXwj~Bvfoc8e*@?**myX2>s@77sP}G(*adT5Oma?)e=5vl8A9DEkkc-8F zR>B(}{Wy2;Jma|hO1pNk-h(K_fqhCaBov0|Kvh+akM9+DBx>+6!h?Q2dp48=1FYu@9)572YEz-(lvqW+ zjhJT*il_CTW`RmA~`T$V51viLWuy7O@mk?p$Lwh5xKU z`B*jlTp)OIdZdGb5JLJ1si~Wm)u!yEz}H3T6mN}7;|-D6{(X8cM0SAA0HGGW`mJeA z7mGS4paIho`8a!jlJanS;Twt085o>}d$@Y=p*Ml%%Kt(BaSz?89!ZX5U2}}#7u^4TrO@%3I9z1-65Rz|v z?JxMz58mSR=$NyUbBgtbrfM*C+ZA-hS;FuA<{$F0Pkw^0{=J`J@Agg7JSR^wq}EKv zmSWQor>QTR@mN)3DC@$Ju9N~LJZa5#8>Me_(|ZQP0-)}v0%#1Tbt?pWH53@EQcnf1 ztJ;00Uyr?LXs`j^2>8)dQXs5hd9mdFyYJC91|289ot^B5U5M_Cah_rC2@3?mh<**& zAQ)ntkdOadtt9{XYhPnJo$P$~)XxZuDg@y5i{cn8@ zxsa~5ys6uck+oPZNwW+grIUy9rfDUCCyTs=6Mh1dI=O{a|JHLLjrX*TX_?Zc|D1}&Y7 z?}95QZfR>*47I}DQ}Q&TD%a%km<~AG zLcnduf)fZt9J5&)G9w9soUIYGt>x_Gm><6L9^d``5BcE_e#qm)$Nc=y{w)9D|NGk< zJ~&1j53Ne=#9@p?*#u)PMcuHzob#WK{*bSI?JxN9SN{&5`qZaLMj6Q{C(TBraZUq_ zl}73q6-7v`8I5w36lkAfL-a*Cmc9V2mzL*$48u=o*|4NiV{y(=02OP#@R`rLP(TWFq@zp-{bVHHf^EI4Dth_jkT&V*(>;eESe+0T8RJMY zb<;4;on%*CJ7iJ_mtr)g7vva<7z`&%4hFMV2{MBrq4UjL#;PUKF3yg$Ml@@zsSzF_ z)=G6Ru~wjjp!Hb~r^y}@N_#D?%yT*&Gs#xWFV8r*aR<6~VctzN7Oez{R+Me+(O=7C zl(AY~vOAmc;DeUQC}oyw7V}GPAI!+Kc&vF70daGZ~gUm_~SqO27mK6-(j;@L+hBNjWs-e=P_(R*UD{vp-@62 zJatbAixR%Q7lzhAb6)Zv|IKgn=YRGMe&%O?nipPr0UK$AicmTt%ctz_-DEPGk;DmF zN|)M762@5&uI-m)7=W?Dp5yQhWDe8U7)96VL@W-t7+^ro+!d8L>MnoN@b)fB1*YCOf?O z+8gLtq6JcQ`TY>f`P13g*5HaP`xEi%*lk;>-ZgSo)U8hA8HWZ-Q`auEP@#?1Rj{Q` z3--bWV&DPLg&{+RQz)zn3sr@pBPrOQBoyVEG>)h?OOnL35LdX|Yb2qp3RbHHj}PaJ zpSy=uqH__AfF#dI@|0vFsn$!<$*fy6!RSa_6O6icX&osfqkP2i=`nhDkLfgLes-U9 zbc1`hZgKqJea6$2-J3VqQJUF~VbL_$wq&t91}=M% zSW`57_wDcSJO9Uj;;;VlTU;ESql`otNkr5cRE^@~=$ytF3V%9jDbUuUtcz8HjzrL! zcAu*ew&C*88Nczr{%f9l={bJ#%RkADJGW`0nzAUFU(V5S%w#fVvsqJR1$%op2px!m z%j%syf4V*$5DW)h+inYMYy-pFo6}lXD?{rt2W451wVBV=`qvtejpgk0oTEpNFbyc_ zdH>zzgoD<02QZ?S9|<1BHMB2eEgUE#?AD$ zNJlvNs-||v;3=+uhY1XS5mJE0VB40>W<#1}o|fqPpx0H6REoNBRN*L!2FT{N)wMyZ z4tn>O5yUk|J{rm4>iVgSQ z`61QnlDoGKnC|To#ZJatN!Rvysz=P{XJq4vHz7k{$PmRERXEpJ0!l>WiKePI+`f66 z_kQ#@C@qN7gy&y+p0m?KjvhT?|K9Utqm*iGNn^#$n>!rrO;Fkal~#txA$ABPCNIogz=EiIbGs?jFmvt5ujyr<`BRu`;HrYIGbSj4Ng`#yC+ksZqY< zx-1J$kB|7x-~12!@4x)>1VaPKyPL#gg@=bN4g-*~)9vd}-a%;5!Cp@Yjkk87_saTH|4QDY0}5TpP`8%<<=6ie|L1@H-=ots z%ca=vo@1>=7wXv>U%TQp9aRB$aDj)zru+LRiCMx#02RhwSg} zF;4b*@%D`8Z%$dQE;&4W%w#lXd?Uq138PU;v5}lFR)hi_am8baBSoYYrt#f!uuR7z zHp@#6_7B+G*$pHMP>LJ3?yz1jxxAb+-MxvRMky(y7h^8P0(7j%7S(7^e}{V zai6bow;-)>Mk-ForZd*76;cY4Jfmnzin1b062{|}!^30NqY?3V?BvLVE45WhVU1u@ z6r7!%b8>vdYH>liuBn%1D?F>)256mHkd#O*8I5!9-n@ma8k*gPG|IX{D%YmU(6ntQ z@4nisSXXOT?=BUQR8C7lXk=@7@Pl`G??>P?!u@r6M#0?GVh z&cpXUpe$>oi25e8e$qO9jX@|K9>!a&p*Tp`&>>U~6d4D5*#4aEtX;qT5l(@~Soq)m z?Y}`sDpGwjj^W00|2L)~iKE^CJOu#kKERb0y3^kQ#?*B~5@-JOa)^CZmrUdYAzhF6 z*>w73Q|B$33=KwXFW}$|gLDFj#`va|j)~^R$+sL62B|bjBrt73KFX%)@$0Pp{)($(U=Aht)a03V_T$<%tkr0$&4%;q2mat1hess#bimPDjX?ZfRGNb z^C4R(IkwhNmK!dXb1vqWYzjx6j+90V*C#=?E$@H(`@H@AAM)}Wuk*z(eV%+YVzpQi z#STzgoF7t_Yi2t)*xA`9&qvshUVFmP>O251#9`VG2^6;X2-dPGHm=_ypbS(+MWjk+ zFb^MNjcb6?wLK4WC5B$bHha(v4LhM9g{xfcfNxJd-;y8q0H`BMSvq-r(Uab!RIJt; zv<#$@!B_|(Fz%D6>k6sFKrQ7-12M2%0if$xeuCwC#VDH)RD^^SoL!!AVNjdYb$1CS)B4keNHtgV5h*r3sZkZ$-6_NN@K*G#7qR`UxQQ`0sT_wL<6 zY00K^>OD$ow{4Xx)7-y(o3Ry~U0l$%uqhgD%%0)l=^=YNQ-n|`;mc=*bHkEY`DPz3 zGcK%PG|pJB7rgYsiyVINLlD+$zqw7VquAB?OV?*0(#p5gmTuunM;W!!q3Gs{y_DfV z!Xk~KE(@BvCe3mOSRzo_nAA!Ziv?LaBF`th``+6mqm&zW?oyU`DRL;+C5K0cT%2Ff zl%9BFT*q38Vw6ulw&cAv-0M==%#0crB{yNZd=1JBqfHF3gfbqMel0 z)f)_8lEt)!IElLpw844}SWuy$CbZ%V2tA&W71(Y8UD8ss**M;InkJn47SnMu9H2pr z)e$t@$aKiRZvbL!OViX04WJX#3;?KO&t*wWIbX7yjd|zr5zkIuWPfkpaqW#ER+750 z5NTS|l6Zq6q#{WYZcleuT`YL`==X(i^mPI!hD2*xt+2kemq3u_2^XiQ z?9UDuPiMYx#H;Oia8D@-9!%7cZz3V&008VIrverdy3*}L~BZ9_7eQL|!GY$%J0!-o$!KR-i@prH^V7gtJ}rWw!N z++#N#Gs>rE6+35Ds2-oeG4dv(sS8JJ-v}1`c!>aB_2GsvWUNuKbB4ZFW%pad{dSj25KKd&8WWscJpESvclt!Q^)@u-o#4Y^J?e7ghXk_c~ zE9l+n?PKZ60cDJ9eddebigHa^I>xCAJun6|-v0CYuR|3oE1a-r6lt_}Rf3_Hfzk@8 zU5&pIJ)=-|+6tm;Lq^wQKzYw&n?+zP&I1VU&{khSA5+`51?v`&8Quu4tH>}a4|gOG zPWi@IicQHd&OtcTzN{;-kftd`xuGfxvLx|!=pm+d*JZ4yrAqH2dXGSQS18ts)-(v5 zh>61GJ;SC6S146PE*s8HA26GYNVLQ&bAu9SC8&&Z*G|s?mhdw(|W_}{NZ4eSi2HeVI5sr3utpmU2Paor>xfnNixQI)>dfOtrSQa zV&%dE=?z%x8(9RGQ22be18Ieuv$mx!Hh?4<=a_K+#yFLvx@Iw-bMp8BclLLQl!SBy z>ox1;n$=>?>hPGNs3PC!P*atfYJb&*QWFrw)A+72Fsc<;7UXMPG zB40o%k;WOdYe%Z+jhY#x(X9XT$#l%i>5IJo?t5Mb(iu-9l`C!%il(W#b^8vlzV>nQ z@yziI!hl&PcV}$t1YoQj;1~Y$g~HgTyAStT+d($?+jCxv%f6VVVLo3_RwYGUV_Hk3 z5~nXQ44s|HbKI72zrK!2MvfL7#W7K$$+CZ?Htck=UPCvFPSQ(B&olR~Wr%z7Ebr5ZKK&CKBZQH&#!#=+gS$Tl)v7N!}^` zNNbVO5NqKov5e!>ODmX;#++VWvcEIqa&?KYPO#L5Y8&A=2?B>(AUfgrzGmZ!A?{8T zV_aKqsnKanD|8nQ&@>dAg=6ovExUJ~WjdSDRyEaPg%xmqbi&vE?2jnQhL67fF@%L; zwV@l4NKdQx+xGxRzhBQqX#rzJok%w^&^(YC~O>&>Ez5ooTMEHam!mtqsav z-U9^VJtY}M+_YzIX@-Nx|- zXjo+S6t+O`30O;QS}qostcwj&M8rC#m#4pity$NMMQMeKB9bg3%~PTzA&O&kq`OmH z$o|mmv@-nX4!ywPCk#7lZSPaxld=O2Ll_`}qjPma{PwonZp*dJ9~elTXVJ$|7R$wa zPNbub)9!fDin1(SV+y6o(u~5l@w!T%41*RZyIs8Gr$&m<2(;-sp@tg%aFxbd&MwdS z<3IgTX9=st1&`l*o8s)8_uu{z zc+G~QD*2h0CK4+xMz*Lt;^UwAs22*=y+`WZ3M)e8 zVz~a{TBG}!GXUGU|LdE>{mcMmTT`so2q7K0$u|QH<+;N~wDBlm_h5&Ey9eBT{tmaF zy~FO!eMYkpQ5Jbmz^9x;F9?Dne82&Gxx3vvRP$JHMX z4a3j|+Ri22daWzdPxbA%8~Cllt&`Stf0l7T$%F$7JN2R57z zf8j8PwjEr%rD-icdiw{w_11U!;+MY6!QE#_^8{&Hb|w=x%ee#Ne29@GuJ=LRTJOGl zAFT^toNF~6#gxs4+qZ5|RRz)*%FP%zyr9wQ-~ zLanbM7jE-=SMW)b-f_j1Mn*9R?M~FTp;)gd>xwiRqjXAH8b-5SOze%DRn&FGAN|g6 z@tgnp|HH+}DfbR;QdboQ!OreJKl7EJWxTUPgQ2R+VCj*b8{v8i`ch%xYV?DugcgG7 zbV^y4Xd#KfJ%vj%x+mS&SXg3ViG&~)f>^k}jR{Xd8pqtawGWBl&5yo;PzIp|pZe^l zc=6>IeILny^!J;!Yq9MO*R}!Zy(-hT1d02nOM>-b&Za16+SYY$60VLjAo9{1N2w&! zohkR8zsJGd8_f21i1HY;baf}8KcH|Rsml)0Q#^cqXvY^E5bu86W4jD0)cClk79w;{ z*}lM8Zr!*=o+UhdyrDG~ zsRTV2-CwTpHyzfjz*{ec5)o;d(zFfQIteln#|SLT<$`Z~^IP2BoAUY3ehD?*1*sX2 za*pRKcE&q=@ZcTByAza%utJbVk|ixhN*aqxJB3tL=U!Rj@tAgX!FW6-i4;{`FdmI4 zHcN!eT&G=v^pmT=l7NwdB#qhJKcm>+1td*Vxvs=QIU^}t?|?+bNHkVzjCTt|?B9>E zacfx#gmv`|)>zuApxmrU(-bipL)%c7EApKQHj0rLj1_E_m;Byu{yIPW&R-$xmJi8^ zAyL9~ibLCrIA8$-<{CZg1Hekj$3FcD?!Ejx@6S&d&&GV~Ti--#!B>9qXK9t7t=a+L zB|VNXOmkh~ns^+=`UbCEQ`aYDygE3+{a;#GFE<$D8p8^&+hD@UZ=HxjK1tcXyYH2M z`fOO(Yg>k8V2r|#uI$eKdY(W}CR}>JRISC@)*s^1Z+_R`v2VX~W%Gy0Fs9iai6567 z9oQLn0{gn`9^gd?L6&7)T%Kc0OP=MFb;YJwf9QJ#(aivUI6y-ZX+=|4D4<-=F;&6g z(L=uX)_3{%8*lRF8=pkSStqQaM>)1`K!d0^w2MoGZBSUJhpz>Z(iEH8Nq%+IOp7oU z+Zd$O5Gjnc?C`ZVQA6R7Z?2TfBX${ zTXJXbmhZZ&vDJo)^D}l1ZZMussk~_D`}g0YT(3L4M+!-zBj^5mTCWxsEkO%Q?7vP& zBQ}dUnUdrZa$((9Y5l(~BVieZ-w8`5-Ot09e0aE|Be|*>#_EhHHeeVQ!=sW=5`6Tp$3xIa}uB)DeAmEB6Go+Gpa1KYrH z7=Tl5tQ~(`Sl208MG6(gw9@Gn)58i&)RS2@e zD%T2ryt4yRQdA{%Q}gaS?_f6-pZ&}iUA?+>UVx(YF26(xS86J7-l5Twy*%cmE|^M7 zWUZ6&8Uk3}tLyUML32OIuKN(Q^E(K&WAmLOkt*dh}7szukp|kq*|SHLVl>2r=rw>Pabmzd%<9 zzBk+9x!}{*c5A;rbZ_*c9da^u;TcgnM|gn zamqB#`Tlpl&C$dA2xENa$e?fvLP{BwYDt747lvFL_C_(fDTtebv1}QsmXWedlx3_e zxiVy;B@^yzDqB)%NTvU|H14Skxw4Fep*TO~M}Pg-oIJSC;_{qyn(^ho^A)1VwGZFf z+3hxT=p=k~{cUY9aoqrH*F%2D=ChWwi;KZd>>pZ3?B6^f&J$3glUDojTS$E9=D#LQ z_B4>b`|$t=>3(AUKE%sCbrpf#m>?}kr5vpngSC$5jXx1PF$|A-yG7~i_l@f((1GZK zo9iaQ7*?w_AlaGCD9R$VYV50n-yiTMp#Rt6Y8=d%SPnm2~}%Q zN$gr(c@>+!fsxCjtH|}3H%c>_q*Ti}wyCigM}w_PY~4`QbysL%joYABK$K5&tT*U12N|OfU|Ndxoc+7^7~gt<2k-s>tt?;o>0iRe z5h{V%jaz*56Q8E>g+M|@s4Qc)yNf6)-u~`)Fs8+5OB6Y}gib66_ippt8!w_0ORk*T zzLQ2&=clBmCKHB{go%bpESScEOj}azHh8Ms#!rPI71louiD*fMA@jx|!;)dhq-DLH z^Ww`dbMNJsT>S@-XESdo&0sZeufP8L{;R-|%39li58*<)yZ|6>3)8rNFP961^@>u$ zVOG{cKF!Fdqi(LeDB_k;x@tH6wx|A+=)+qE;_BaD`F;4hRbtb#ga!i>{@0ZiK0Rd^ zUSPb7VT|d775n^SU(u#@1Zz6)iR!ief|4R#;l1C}BLAlI1y3 zl2F$TMOl)>X_pZQ#YleU`U)wJC}w$1QCFxarEOZ)>owL$5HYjKl)BnbtyXwCy^}XX z(Bj=wCCPWj)YQbeW@jho^yJVBir9{{Aw=l7+;7;-yQxW%pp zAOG~{neN|qNVxUxy%1!1h7v7j7bn9PVbmKZ}US`zOuSE3a=ffTNS+j%*~XaH`FT zW@mo~HPH0Cz7<34|6kx?|Cq@?%*8mT4gqF^%3S+@-;mbA9*1T+z@0%}-#Dw5b)Z6z_ZT+Yv2{uqf)GcJ!GQPu_X z%Z1Ajj7DU$9i&c>IzlT!BqdE%k|jBl>4Zn`-)FNdnM{-Z#PH~AaK*X~%f5TdXq;1B zUb3EF5Q!bvMqMWe6?q&W@cyqG=YY3xziIk*~8#gIjo;o$IFPia6(H$Ljz%VtU z2d<1q-do!;on)+bMtt(~pLb0)tm~4aLyK1CY)9)JPe;UQd_84*^@GLJw&sU#@T*O90uIm@gN3*4vAdqC(|eCj3P|)` zfE%#T5*f5oU15YZ#+^z}dGxg4UQ%is@!U27k&d~%JfSrPsUzYxL zfbcvCVt-tF|vMwayL`yQBaO0I%xOwjxR}*6J9%jEr`?dTb`Fz`Nq_%DQ zzaPBpDqv{*^)#)aDr#cVcZZ*QL;{OG&9 z^xVrhin5`rfA`3$2-*Y!UnwVCyJRU@ZB|$z$VVeu)-)Cx>*SB?x}_>>HdRYqHMC{H za=u`*UbCFfiHza!=#VJQ`SfQ#$0*OJ8%f(rR+|lXZr@?5chGT4)wFD?HKMJF;)J~$ z2P{udP!cASF=xjgP!tu}DD`P=(YfmQMWW+~pv>AzNjjP^HZ2d|dYc>1+(l^7v;V@_ zUUQ`e;~y-6X&shfEjr1(hCrAb3(_DP3re$p?<1fiq^Vf1FL~~@Pw>n~K7q_LRO0|# ztnr0d?i%0x+?ROnjZe}ljcO`H?63^7oH);j{Ti~?VyXs-LVEzyTBusfx88oAWl{3# z^UtuK`a&h;T8nq+ra!h_<5ttjlnDzhhFUa?_olq|=Esp~>Z?U9o1$VT)MfZ_7s3^{ zSwbJm>)9-KDjF{vFMO)?x+Z`f{MX{b)8%U8yY#w4D~dH~mUfkm!Atww#`jOy=3Ms@ zuKz47fljE}9|ppx9<`7b*;?N{3A8o#ntRimJ(ugPE7x$LH6ECg!IbnVkKkr?TJ<=q z*EdSo<~0i;Xd6osr`&(^klAcPp5;zT+_q?6?G>)Zm=Km_de0<0^zxfS5_VG_3J{z%j>xLujWC`PZgffPvDp_yVES3wfihMF=c^+|bc1)f< z!%*bW3el;*2&rgsm0A|CQjt%0I^-SS!MK|hIiQ6Nrhe#@3cq06wk8{m@y+1|qv)?e zDYDr<2u16?g>*FLxsQB;XgZ_yZNtoB>A+s;>dHl&@RhIp0_k{%x-P&}D5VinVb)7l zCr3mGYTIC2gGM@O_RhOBtTrX5i#6-U@Zjv6@tvE*QhJ_*?1*Kq)tlF6Y~B5u0STw3 zB^u?t@bYVpXl9*&C&q8)D)%j#zb-CJOIBR%-~S$4NtGL8Q%ZNk1&3IMc9xA4kdQsa|Zj*1|pI`7z@g}9vsqQ zl`~!fC!p$1hNrkFN-CPxv4)&Z8r{i1L`3_W7~JMC1w-!v1cPI&A&nDGPEN4qRg}`~ z%y!vqHjGE{Hd5+Ay&!&IeP|$sq%{VuBNodA>-8D|TrL;vj5O1|1Eh{PU#|K3*ZzX9 z{ii?SgLfaWx>#UK>zc#>>(hcrXPiHN%S>xb|0H{bX+|L!;cJ$Ijf zmY@9USNPQDKFefxAE6`SOfyLm(kSBig9l8~j4aNeF4(NrWaAk|Ia=&+*Gi$h?6kih z=}0~K?u@E-m6XDG#+-+0`!OGEdjEdG&9fLs2Uf8!F53QJ_j!>&;RK?s*_11uedSG} zgIfq0p|Pker%o0$McFsDL^B!hV-ZAci=z{@v~9urU;87f$B$gCx&e}UE_Y^ae5d&`UR5Dr^V%8-vo+&H+w&UD7X?k-uHqJJFMSu0l??}QIr zI?j46vnL=LTg)S^REH___0HRdCeabg<&wItNs^eG`!_kgIAfg8TnpvS0Jsw*u=%VJ zNZ}CjqH-0=MOK$E?$wyP9Y`Fj6gx~(H-{Bj7`gK;9D%LQwwEh$Q<{z$d>CyhH zo6m{Zw*4mSEWvgLrbD`n;r_!1-RUl+a<%($LW}cgLVwG!q3z)H9|rzy`5AWbGhbaA zq~ifvTRGB^lq7LVo@b0lV|HgdOvV#N`H0zUhcroCVV+i=uqDw3lC8fP4y2GIQA|}-oL^jU`_^qH<0+4h9y=g$5VwW&qUx&A zdPQJ_U_2VrwiS!Tf`i$F&0@{J{dfPCZ~V#EsOKfZDzwrVB~VuRGDvS7g$pB=^92e` zUDbT!&;OcyH0IS8Ug6LF^Ph9E-k`A9vf=UOKEM6JzveIg^B?fjKliiz)R(`){;fOc z$%OMqkGQeB%X+gwO2J}&&SZDbm-spZD6Dh+tE%c4aMH1|(34#vrC45^qMI6FTBPz_ zU_&NhKnCijL4ZJcUAk@xx>>pUiY^RpCGmKM)rq@5kL?I$iL(^Z)(%HNV~i!%8nw9O zPyf~b%BQS2D6e=@IjXr`YO-}`1Qt)Qt~s{CMYm%W`` zCX+GyJG)HA6OuR~PMnT_>zL)dWF;J(Tng#KXa|<+x~ZH1f^b3_L#~k9&k`-25iqT5 z^kJGT!BhRLuML-zQ5XRoU>~TklcL8>DeSlrj!@H2!+5bZMoMmg&w8Bc1Tz{zH;9 zVVsP3`$z9^@77&jeEtOvA3UTgDs1h@I%U;zS{?Cwzy6!F7fZhQ)t_eX#tp_vMpM@$ z<0+Yd^?FG@8KdIVkC11msfe=Kkb6U9j6o(bD$TG;lkEuVay52APhMDP1qdsN(;R6XNeMsa#tOdhrJv;AedAA>$*wuAZ7p@xvRQ9ft_xPS<(1EVfpR=% z@%SOdTR)&VTVwY3_{2|r6&)v7sgRzMTNDLKC!Ji{aPwY|--F{|J8hD-4ZQ$7zhY}J z2P15Q2%hBfa^8h5QcBV^MJw&+VcYcx0xlnx3)t?*;Ek2bg<@JmT~+Mt%=qGGKFh5e zH(Yn&AwyL3>RVy+ODTMnp&m%+yS<}}y0Rm@Y~Juf!~R#&F91txO&245*bQ{rWlA|E zm@NYlVj>6d#E~YJF{kHeK9-l4Ccm(=}5l%7XQL!Qt^CyOS}W zdi^!3IHjuGz&S|GZye!9w5CDkF`xL%c zX&=P{H(t1!Z{<{#tQ3^3A)bz~I>t(k$~A3WV5&W}LGSUua4yV%}6n)dg8ULboOiUwCMv>fjhI_BR$?`A1Nn{ktNH2fxH-Zl}l(HmQ zL_SU#O>>ewMyC-kk@1M*#$BdM2X_|Cq4r|^)np3^CSNJ5C3=W z+`P-^=3T6p^$MG9U6w@Y%!O0~E=yP2e`PQC8LChPXs-SKsahD;$%dVsUwX-{pwXwC z9sxgQr$6=4*AaBme67!PDZx*D@ryk7+_SC`ic(ICVL%k~rA=GpF*zXM$w7lsDFnK1 z>e^ZxcM?Zi0}x=QUSy!EDX zZtmaWa(>R~*&!dicLKlv=U5c~;Me{MagwoGFNw4Zfi~-csH$9xb#H`(az+5$LUQe` z+~&8^ZJ}tkN3&d@>jt5$BgBMwC?MT~4ISp}YKU-UeRbAB3??w7*bK&@{(#Zig-23B zg$v1y^#_GY9ny^b)N_1kapgWvpr zQN8p!Z~XFq&1ioQAxnZx`2P?d`pWhUvqwrm3mRntQkI@Y*Xc@yd%Yqr4`hlFEBq z{)7*@0t_~P;C}dZCPXhN6E?qa9zbI{R;vwGCj(+o4|IeDoh2!!XGhrfC6JO#$1InZjAy&3;D;E8)JiXZECs08xq*)k zAMro`Z~v0h;}gE~z3=n#bI-7IaCguc3wD=YHi^ z*))zxHvy7JvRYm;p6(!obQ*V3V+{_-@|0gIWf!gpBqGVNLen;G{6(B%>0Rgll83z# z7jGwlD`)~8=&;Jra z&YbbLp`E)$n1)2Ah{&&%tEY|aolo1P=7ON6W4W5v^|H9u7g6*`lnWOG)+*M^g6U+3 z$NCh3I~ca`n7>sN;L~>2?Xyl5%xAy&N$%abOH~#mQG~#4{-FqH@A~%!ZJ4#_ z|0Z|>AzkQtcIv8bwu7T>ZmEyWEUV3$JfBcE4uO=muO8fvL0!7e8mG!K%5xTr)pk0X z-a;$o8$Bq+V!dIx-Y^?am`$dfo*y%r?sNd4w8AN`sNS+EB#$3G=3o7r-{9o<1O?oG z{FufV%BJG=kG;Wz_umHzU;VkC;S*o@EGmk+fw4f6ggMcxKv%Nv{OiK z8?Q<4wFq!*y>v2Vl)(K*kNCl#ew|5{@P)5_l`P9Bs|}-3M!j0oRs|wS9cURvF10B_ zY#%Zn(&+*C%0-zbPz!8RB5Hw%1Ws7%NgMq70`rH0A9eY}-}e{`UJ2QsNZ!y(>8l%! zA~YM?f9Xx`eD)_;f9+3*O%0JIo93jmG1vigv@N1FoyTa!l{*}`{ad{( zy$4XYO^*Q#4zl5a)oEaRPQ%H?IaxX*j#C=jp!If-jSmI;?BE?O2;;(QB^96i*hl%q zn;&yhdRW@JcBj8rr&3oo{}AZx?m2AqQ0^yW$0Hg3oz^;1!?-8tqIW~*->9fIOeZs{ zx}>Trv`#zfU&n8-Jzij%nx?54=Ofzo&?g87x@*QbV8d@hDKuJX-oO6=AA9{{B-x1i z@k2~&w%n>7&~dp?)71RQ*Z&M_3_tPtFY<}kUg!Mcl+~u9Doe7-nDPFMqAvLR|L`B6 z(!}xb{i$HF*tYE$RSwJoVJ)$g#42(Eox*h)Hf>E}B^s|3=)EK(1Uk)l;ocqAn+5NF z>ujkL=>ZxMym)*OV_&&y3hdM)yUy81`)flYuXlRn!ZoK zm5C2auQz2O4f{mlH-;X-Py^So6Me3^Bk+Kgl2!;rD`~SCpZ}$Q!f$@_FPRh-tJQ+N z=zw^4io9_HGnAQ61_jmwg-%YuRe;*6pv9v14lvVwR5rzyYpRPQ>h(Fx z*$zMT3%`QU3L*O3y1@0HXu8m}kAnxvj=`E{u=#E0ez(RrzKgwn`VSu_6uMzqt~X?< z(^_nrwO1kjaIdUa_w|%{$MgPP(fia0tu=k|?zv~A0#*pO$*U=gwP`jB5=trm>(++hGu zeDqy@lu%?z#>2;tc2uOR z5I^igCWjo_M5Egv(boEuV&Izx-uqxqtk|BPYs4UDT!z1=n|IlLFS>SY#uIup%1RIk zvlm|Fji38P9{s!DAlfXLUtX~D%8RHhN9^9jPIpjg3YRCCwu0J%Xff7_r&`lEeY!{y zjrJhjK}5Ox{LKn;e9W>b_}s7lH^evYB1G#q{gCBgDas9*SCi_0{^LR<+quSV<67Bw zbX&H(`74{)t-+#j<>zUVQ`Q^TQA&s>zOdV4HjKOjJQs^4)5(ON{HZVV>dPM?jv^o9 zySXxcz4p0#wl@B->^ZP5Lnts@8-6ieBQ!}VRU2IFZKV-`V=+02<;`Z<#S+Wa!VQtM zYzZuiQ1oL^k>K4Aenh1D*5aZY0k@3OBpr;G>z%eKOU^IPkk&HW+2!oy7~eJnfs4_d zH8+&inuGltJons-j3zTDcBy0Xe2k1DZr-@f{RfZ1K-0GT;731j6x(hyxCCLIj}TrN zSPO%e5KBlTq(YD>OQvC@1+ye#q6K4R7-_>;w~Vx96v0>vo;|q5>(9Q(?rfjeUwxg2 z@4iJfzob|#oRNtVvhmpU9gxr(w%u~!Sbs)JjC9mjhYcv_nnW6OgjKy#u>%jiaEMji zQ+Sv0$qF+eD3;q#(T7(dpKN7#f|V_j7Nd-785ie#^5=gQ`ONdwZOz%yLz>MJBYg9X zY=)fPfZdzO@f4LtE(B20wO@}kVl+nY?89UaIi7;BnB^Jf=#a%`&V28HXFm7SNa28C zVVp5?<+yGwG{xE#KZP0<`hu4*tb=9R|J;WWZ5xvR!d20AM8LixAfN!&XUERZ=4hP| zXPL`%g*uhNV=KLGEYeq`Rz=C#`30}N`Vs!gulx#czV;efoDeHbq?7~5l|m^=(>e{x z9>5!%?oxy$Gf-_bn9^g2AqNL+@0?5;PE4jfIQFLX;BwmoD*6c4q%KROGb=GV@EjB z+BeXUNUbqeaPQt-p1F6I`|rQU!Dzzo{qFBj7lq?z2?5eE0;kh4SstTk&=?Z%LKKEn zv`*eiSVqb)j$jf?#tQQAJ88&-B@-g4$u?Cgr zh$MBj?GpMJiYq6GbekLB7f@)B5vT|uA_qDRvH^h$zO~`6tjMk^QC=s;3?JLC_wJ^2 zr#G@e;Cdh^C6PO~`0PLa7px{R)CCvsyoEV`3>QbV%QI}8Aa-tHrnj)89rSdHn(QDa zd+6x_Om1TGT|_d%SVLQF;QWa8@|^pdC2#)1KZkUTH5JO%uBO1Y2-~8pMYNX9W<#X) zmWT7>&VL7{`Cb5C1}v<};lXxooGcgvm-8i295EStr6dRE&Q7K;Vr@rYmh z)&GiL_{!g9XEG($ahDYfr+uix45h?F)ZcLqL`RL^HVks>9tU>d`u$6(q_wTT;qYwf zBPbV-Dk*79O_oNKWkFe$y{G9p0oE@VN6b?cWyxy2W-=Z-fMt-iYMQnygy{(jk~B^^ zJv*juDy&rO?Ch{yUAlG~))8H-6=>~*AB0p+4_`VI)=P*u&HZA--~H;(5N9#I&UB{(YmiR zw2N~d{_uNbRmnTw{A;Fnp5g8buVI8@yQ6p%a(52Sg{KS`d^=E&HwUn6k zocgUFAkH2l<|o+Y0x1-FG==FN?PL!--N%e}5R+Y^oda|}!PXUWet|qWq&>gn{>cfu zZ+waIy;rfOa7|on6VgFooqoSGPEAQ(*?`vyY(f>QXa9xPa+a2+t-G~66wTb)_ucmr zV=Q&kqLd=bGgsfC)pdi5i}P*UQkErUS@7jAeu;nnkNz>wKl2Px6cH6opa9Iia{sjO#Y(xd%P9EZX8vZ|})b?_tnWpJmQ7)RaIByobZmicON zC9dg#3D^EeGntGzK0RS)GNUMcLkYjxThm@U{iQGO6~NKS2?oJrw##C*q%qFvYiTjU zwFX1>{N@f6@wh^gW*l9dbN7X3`Dg#^pOK|0QET{*|KYb-TwI2b$Z?6Hh|hoSb4b~u zRD(<`QDlf?xb@;aW;gfH(#caLqHkUi3qy<{vy^k)004KpNklMAJ2(-w;dBLh24QiH633LzSZGG6|>zlwP71(xd-=KPZSgZr?UBZ>v>0tm`32?e=Xw5%e;?Bp*!3xb+8s^SfX_5p z+aRp#v=r%Rz(o1+4|jUHQgaiez&i@z)-LW?sNqpn4MkD86n2_9cRc`iLj_(O!DzKy zk;MtW_K*H6KL44|kfkY!ib!OHmU63s=hZ_oT#!5QolLy+o`4#N#dfd3Rb(pbrRYCo zIAmFsKX8>rE}rViKn`dL?VYkDWj?=j#0RN3J2`dLT6ivXpjqKM>PQ(e%BLKip0G2X z(zMN1afAal)V0MYg=CzLc<251XpBM11Y=;eTyPzH1IitIK{Oo`K-|@yT{9V%hDbK(7 zJa_NhcGv(0B}~_?CKA4dlXP{}N`R6UEiI9dkSwZ_#4 zNR1U;lWaHgU9L7L?}iQU`viudZwu*{TmN<&{zIJLtLSkj;r3xK^U$eq9-_51f)Z%3 z$`b9| z(wMf($RGl{@TxKNmDv{7tAeU@U7X{{_acbY)`rChC|k-+!RJ5y8UDpT{ja%q=Ps#E zyvrYUPy89 zV%y)fv4&VjTrTG9&i2t-vo6-oBT#XNE(dOPh*zeg3FqeyFihiQ%QIC{xh^SPt-DW) zNQu@lC#Q#8F6Qjbb~xBQ;OO|2(K!GAwf3JumL*w!C-!sqE1rlKI(1fNWtOh4u4;)M zEr7uQ7yyG^0&8m^xm?1?52W$iep=fvG%BNU&B!&_QtTQRzybp-fB^=;U>LciV@5m{pR%3fu}i}&vH>+a|H5&!c)u>-A* zF$YKK8E|6DBX12PNzUHEHe0(}{Iy^B1*X$I{_wZ{4R8P8I~@JgPqT9V5=JRV4Egd3 z*Pj0@7dFoG*w6l1W{Kt5FMf${{*zx}cIy_2btHI;!JER`M`yJlNqk3J@2hFUP}kgf z{YTiMBpD3QNy=~|r8qo5l?CK|LBABaMb2-LCUcSj$x6??`U;QMHhrGW52R7f` z7=}Iz;Qu5!c;|(t22aa2xcn%e|4;uj-u%`7n)3$-te8Y-!IU3IyFRgO%i$Be9<5A|eLXUURed#J_%Suf4R^LD8peif0Zus}&9kz0T-Q0f{ zL082hpr&}I9SZN{6umWYczontP)*+NlO!n$1FH7LJ5WsLU>tw-&;Lapd-PF{EeVx* zrqkJXk#a1Y_!b+pXiEFA^+&FGW5slUdLccmTns!X&bcGO_b+Y+S?RFJ(>!DE=n$<9 zNs=&|)f|t<0&i`d8W9Jrr2EhD@tocLJ@P!4a^CPBZ}Nu?7bEjd7Qp()Y#!bvH;IK$Mr9NiMMWjNaEXBg+`BBL1HvnDt>%j z+s4XK3T>qG&2(>nYdTzP6-tT0W&ZnV0@Z;s3aQ zKf~9JS(|v4v@OKuHLz$^;t)Q9r5n%j^xyi=dHpy39`D_Hhl}G))+TGDy*}C`R6gBS zlyeTpQ;v&*Z2cS;KJ#PTxbZwL9rEDTyG-_ObMeVXQLLg&A6p#Y$^w=5QO3wNu+scg zB~n`uMr{>MyRwD*YR{hos;VON0u1j~tXnZ#wk zbN?U|hwLBj;yhu8NqgwTV2x&N{USHcKY|{v;nD#| zJG;F9>K{-Sdpz^P^CamKE*YRrj_;zY;mVJ9*^k_`qE@`(c(V?4iKW{fp)B& z0uTOv5JweH(k9NeySGQ4W|C6V2BQ*OX({WP*?h*ubC-DJk*kb`OJpV`^(j3Q1z6KL zn-?hgq~%>oo@V4(=6MRv*aO}g(@K-2DZ{~#EbaNAcuSuB-m=d5xCbP&+3a>zl+hFk zrB%_;)N-N;WY;pCP07+enaQ|y_ZCk*_9SVVdIh6>;|yVc84gD5?;TUynqJeG`# z^072p<=)mEE?>UHx4-jU{`{Z&IsU?b_#g9o|NQUs>Pz3|r!QPXXVQKv(Fwi&5-3MW zg0UsX4;}~sN(APF%_9U5wNkux=MJTV$1h%DkQgC`>>DtaLSavqRF<_>Ej)YDMi7#dJoJt@~iKhcUH?Zi98{ED-<@q2Sh0RTk$Ak;*;@f4ex& zU(I^%!P%@J@uzGr?J?*rakMvPFdFjwGoNE=d4y6mMhP#1F@{8&Xh{eXFrXR2c*Hc% z(u}p$H3t0wT4~;S_Z?ic3dB-~?w~(-((lS|y$p2Sp|;zQD2;W(FOg`i-vCuB zB+T5|W_~|uBMFB=FXwo2%u;`u<22>=-P;@-9k8*s0anGHZsC#VIkmGaFD-F+eAM8! zl@je4`lz20#4uVj94zr*XPa_9$D}D2&Yfp_XPYaRuHrl@N^8Y%IACpMm80B7+ za7tm)oWWp)c_AHhUwiW{UU=>)e)gCD24DN#-(_d#E*Gyofk{$~N}#T}{l?3zudXqy zEIU7X15-;%E;Ptc3XBmyu5@rXowGZhaA|XsrD0BzB#f3BuwL+6 zeG{D*Am^}@;0kaFm6H6to6abw$Bg$6xOeM)4z@pJvVWI@gB>1y>}jq)@d8gg`xO1r zGGw_>f!R6r!9I4jk4b?vrBePotpcYhXLHikUJL$w@>YrGOEw$inFVM__iG z&j4AsP8x?C93GPxAXe2&EKNCGm;6uKiwctyqoRR-R>y21AlW2tTa%_B&H>hWnT-4Tni>>-Jwx_=H9& z%A#O2T;kwxpY@duj7i9J!kxQ!SYKJg>O>;hu9?1me?U=H40|d2hXdk0V-dW(VQYJfYgZm&Wo3i+ZhxN(=gyI4(pkqSO`hkht*tV-_kgl0Wl@5* zREqQGFLVF?Egrjmg*V=Kiz`>JapCDN@DsM?gLmKH@*|H)V^Eaw%U%Sb97k$RXR8`j}JV76Rs{D6N&cG3fvfc`83%iRvbm7!@w(eK~Dw2LS zKSK?!BykSPl6roKnUCow6CS;ikz9EaoqPtHq?q0alaC-tvCg83V_Y?-uBPBBREh^r zX_DFsH-b}8Yo^mFtD9-u*fC1cisW|yu6T&I^PPaa(rr)4!rPl4eExr4l=Oza@1!t1Bz?^PH-#D2l2x4r`qd@)BVkUidY= ze88aJLmS<-R^rXHppflAC^3_u4wa&gOgn9)aS<-INxFg1Qi>(r--6?}}x36>l0 zUrIE;CH%fM71o1v`5xf)g1)U_Zc8@~Sq<=0?& z<0I4ni22`Q+dcgXtrr#3nUutb_VhZ^pJiyBVN~i1&f59?5H||FI3dq+E^MCX!sdB~ zy@BvK+R&V&A>mO#S=G^nQ5y0rWp!nR(Qp(iYJ=Mntv9+B-YL_7R!YB96y>3_{>!5O z*|a%QT49oeG|4$0A7fojp7rVX2EyMq9!G5((hJTxdRgwV_nJYkj{(NxW9q8*9av>E zE8UbT`j3nZNWu|KCEA6L{d2_ML*`X`oSgACvb%pA_U% zQqpG%^hd`EVuwWktM_^1#tCM;2sOSTD%Pj^Y!zR39*HN`Kox}@Ti{$F|Jpgu&4D?N z3a6~cqYD+fQ%$bgQKEE-$~5$Qkf*pbp-v>fFMfSZt)x*1)-sz;z?lXR)ymnm^A%kw zZcuVvVe494s%>jKVjaoe!M-QwFg^h23w025UgEKQp{;p4XD@Lz&2TW}!sZ25mPVvW z8UvDbZK*3sDO*pjCjB@NGLXcuJQ{NT+&MY;TJ46NN6L0E`Q2S~V!!CW{x|;yb#2E4 z)=?TEYz|~i*3X334wy{G`)U3C!BL+SuP!LkVxs$aEbd{_nFUU z0)LI*gl4jJPzFY!jA-^@f54mXyh&LU^ajfe^8vdLcBw0wm^{sevkt|DbLSb)rW9q- zn8H3SG8(NgnU{M@jV1$eF&>TQ!@lf32YpDySh z_1am&-)xd5=tn&LYX928iSNYZw^fO&D<24yVjSYLQ39&=u7RsW3Dn+&2pNQsv+g{- zLQ+c1Xfhv1@YSdhirdPQ`%g}$6MDk|vF?3wpP!;LLlDq8K>&u__?bO2{P$ZY*6jAq zE?JT{ZeeTBdKvEg8#w!nR*Z&1;hm)ki|N0Z9qEMdT(na9d5_iQ6_S7+)PWwZyRQBw zAL7O=D1doUyj_Qy{Rqo#rMtW-V3L$HN!i`s!z6}&zmL`iTh$yN9d)iBCN$48oU1(m zLUZ}@Wp)n_;O$_h!MDCRSkS2pMmhfHT;&Kd!(soL;>g|T)B9O zgQE}+@EmtqlV&;E>8}n*mU|-j!#-}FJL6S8`=RO*JKez^-@=U_plvCur$FHYjD*;PSnJ1=8EJpW$y;})+^FADet*|> z9f?3sBmZcprrQzxo!vc*FV8)7&l2+OR+y%gxX`2FkoA=n(!_9@W(wW1P7_^go$T>e zz`RWW8V2gx18Cic@`@@Rtc`eqG3xEQsy+EdH)p6k8cF%6e3oTQXA=nu_J*X!(9d%2 zZ{6#VDLBMuT3eBJ*IG5c&+5twv)L>T{Im%Sev?sB{NOa)c=QI7<9(7|O6?ryHqWuW zvkgl5oGC0VEwOj7$NI_&D@#ip9PG&{h2ZM77CgOD2^ZHd@<)ICCzSIFrxHjEiMF6E z%A}|)jQLkb9#q#qOEHmH*nDf3~*xWDyf>Q3S2e8*)sb5in=ogaRWOj=M~1} zrwaRN>QD|eiN(~lZN;Ka2F|)4l+RXG&1_mm7;q=5-ujL(0Bs~*v@{s7;)TCiCLa@M zeYzpf3D;HLx)#PF>p@EG0-#U{)=3!$mzpN?a8ki}1#n?)t)J+om_>&^=gyORDg|Xl zqBUujk|zm=<0I)pl4YbO;lsPPna-xM&%1LDXJObMNc-;KA8E~Kd6|Rpkq2&^+{9hY zs!1P@HM+aU3 zG+-X53|c3YlR2;a=trJp#7XyD?Yw24Vpcc!%3uGVa+D_=%_kIfh3Vxa8=DLsxei$( z?8QbyqJT=`3BzRx;3&&*c^P7@x@-E#cLcYISHuW^$QYcVBtOn0@-DQ4e?G$RoYYr3 z*PP6P_!BeURfYKRN?vQC`W3iR%5$qyPJV0A&dJ})!u#mHeYv$_DY#H(-i$|6p?yUk zwghU=hv-0spS%19LJu$d)7l(G-ZGk72T(Vr*I2fp5lB`0{VMrahmC8qs7jPq5cBz* zvaFh303o^`1+o=aQF3bc^Byas6@d<;I3RCP_LK{(3-P%UBT^#+ipoWFJrSJk9xLOGvt?&1X| z$H!u}Cka|9Rz@TCj}CbCt=G78;T)T*YfL9&54w?^p)qKcu(rI(tFQcs!~Mg^2&5H&fZoE|~HhaRot`a@I& zuHPdY^qU%pxCRS5t%bo@WTySJz2z4bM!R<-9#ErNNIz^a`+c>Y3VHNUe=qKVDr+b! zY+1cXXL&@*I!3n zS7;+Hg7)djx|U+Msw%wFZUq~al6CY|j2>>;U4!;bEIc$on)TjkZ@AKo z&B(Hh{lh(shUMjDYHP`}jJx;m;sS6)$)@S|dR`ec#R^6n&aG{*e{gWZ;9BGezz27< zHW-s((wwW0TxWWG#QJE&{d;#<9u9cz%^&&G-H@1+XPKATWi zh4`DU_9>f$VLIT&?|c_qH=W-V6-`F#N>omQQ3;Rn)?I8U*B1Y6S!JHUXh<51R-0MZYsfP z&wJqU8}X^aR+XoW%QBr#FlmZ2jY|*&xXEU<=dB^hwANC3BGLBVJN?mUfP;f0!Hg_m zW*XnRB|FN|@AW)dunUswJ{m<>RTU;Q)dkO+C zJ~0WSC7~Fv%JQLUtU%(D=tKf!I;FR<%G&u&;c}lBZ0$c_|7ee$2V01FWa#&XTz}*m zNs{njcZa)M_c6wBaCE?QK8_5qN*M-e&epvx?%usCWua6!Dxi|MfidXy3;c!u_5Y5& zLB{shE%vwXfmN8L4eHSvdhG&w;~aW*12#5_lPKD}BC!XBS_x4jN_DaA%tQc6Hsty>?kZK{)~2*nnASz4f#?3?H|S+xPB~q`s+)6af2} znTxd|v=osb|6CBY)7QyAt*58g-mDLC32SSySc)RPM>t{R`W@m zM+5Zo-nOmWu~sd%krqr>IPncQe4Vi-O%nDF4@gYH>dG3{TJkjK@ZgZiWYR=ywPJO& zOkMjRoM$^xS~KWNC*87a_}ETtUL~)mSrSu%XpK%Yu08e`)2iahn@`{@tSybWw{?$$ z!#(L5lxAGNc7y4BjspgRA!{qET)uFLwbfPT#hkr^eRg*CaJ6H1=YaR$eII32jAMwP z)+hxw?Q`i1Kh5XsYCbWAVYM~(ry%<{<*`U*by7Zju+3Q?1Z&r+dkStWs;;5*sY0W0Nd_npe&buF z;TegoH10@}9PLka9X6Yl7V|pIqK@Rl9EoxDmkBtEE`C`h!hAo~nX085pXBh51c z8}-L|Xs;-$D&+seWOQ;e3lk;pE6R!wZ{I$})K?A8-w^|x3Ke@=gta^yYv8DDC4C~b ziPnrl#ddsU>0=hohxfEXFKnELk${Hlb>;)$(lbxY)4X>WA+OOS_f~*bBwAC|RYS(9 zqz-#L8M8WCrmAZ(r?Woqe(<3LeEonn*VdWNXPrR?qJzziO|~Cw$9m`PU_&4hdU=j& zVXsM2lEIMcHy>xPw9Jj`Hz~`KjpY^I|L}bdJX~`ySmN;;Pq2G*2w1dMq*=Mir?E3Z+^N-v)lMTw)tQIOyu8F2F}zrYv&qyH7}?rgL3qn9bR zw$O*WRQubwqdoNT9(Ma4fAS}P$m$bcqw)2CsM{xreA(>BD( zJr@8lzN*hRmuv%Rl@H|EszzF>Yn10Ptn12CS7)F+B^MT}6gtU0-C65oa=s0^5oTkj z4OSbJ@l8$=gEK~6R|cmNoKC!JAU|6zv4Ywvl&Auef-Dq@t9&> z;tf%ejaI-=LKiN?^l`Qp&OX;QLgL{+dT;Bb%W&;z11NTnP`X=zautKc-F;fQa&%LdC^z#9Enz6I9BTX@v zg)Vt@Wrdkn0D1xC*6;Pml9cIW%F<}*lw7680ZEz*dP^&e$4OhQ$VNkKmT)wk(a-yo zRmJ*fmDk^R4Xrhso9EbA-{5BXDDS=h9_QE3H$Bq*cW5oW|BP}J^BFI{`Wm16+;f;j zw7(9KZ);FaV~ytGXMdLA(kd_hi~oj44v)Be?Haw&3Qj8y4)*xrt1mHp{PTR}m;aaI z(|IP_W~sDy2_zX7NxIJhqkM|T$Fm~jtkT|8BnFL?=ZW;LfkA{+C4vI1<|v~;=R$Ap zG|u^$Ng`%{NWq1kca|EH`JM(Lz^huD)5o3K2T&ZP)A2NL;QjXulp*w)eCS<<>{g%w ztE6s0?oV;@)NiE~edXct@t8~}KDkDa(q^3^@(-wmsK&Ig0t*9bGCn>AQ&uJYUfz7S zk`7vuMN|G~pSD$aaF0PzEnHfi9Rs1O1R4b}n~l}dNI)`xM?S|-r6xf+@!zvFqn^*n zvy9!t18zQY9c@BCJ3~Ls`SAApEH8Zqt0C_XNE6v0&Na-Z0m!hiw!xjPdkhBy62Cbt z&E~B!m?Xz(O@aaCtHQ82lalC!?cHs9CZ(8F3@DRRRL6 zsmki4d*pn{Z2Y|TRkXFQdAZ+e&!s(%zJ(jm4ZIpGS)Pdy2kb|Ou(Z{tRY`euF)c7A zX~yo|0$Z18Cs~WCs(psQ%a4|rnT<2h!WsDBqtd~;7WYTHphi`r0F>6_Pz{J`K?MRL zFOh(d){0)9Gd(_*U`1`2Os9;NMpRWLC9+x0_RcN`M~5sgFQb%VeQk~Td`90SC#--p zO;}rAVRvtja~m5CNk~g&rD+luE97z8{>;kqD&@3bIvaCvc*MnX=Q+2!!3Q6HNbM|F zFJI;6wVP-(+Yh!`9xnN|&Nfb5(5Q(@`2I`Z?dswi>5xQ_8A+Q&86| z;76TqAEgAEM0fj0m6JIxcngfAqCFyj6Bjm&Pf6hfbAi%=-V148->)#5#SRH#DTU5b zU((#>Icyq)%4yodt%a7^ArloqV-|3h{ljAh!?hTU3j{zeY?@P!zz{L7tWbA#PWe;k zuKAmDu)DWMzt?Xp$N(&g8lVX(I_JppEWWpM-Ok$hx(0vJ4|**t*a@08O+-w?du*r| z2t`J5&6?{r%Izc$qWy@HsFUP7Hd-`Mk4E5zPIM&f$kG&TJhZnz;O_ll>D5ql7Fwq+%*N2p1N`^8UZRa=Zn z7!H@Yc;ONb#VfDB&i2kOOM@X>TU)&O&YKiP!DH8Na_Pba_74vvnjMcr9V5G3 zn{YgtljVcRj-ei+B-_DkP?TjwUAq>408wbWk0uLatz~!r0HZ@^=`(zBzp<^eQE=t@ z3q?Pz#SsNiF`v&dKBghD7#Dj-DkTkMs;Y|o8$r>w>l7B(xvQMI^PyDB1xT{&yJcOI zsf5@T$+h-~Zcc?P_1a%4k~CpFo$$z&Ytb|TMV|E-PY&7L-(z!qgLCVf{+k-0P#2;B zo9i3gxqpv-uSb%lkuKRfCk;s!PW|B5g+?UWrDVN?#~*u~`Q;hA2fN(e+NRgfscgmW z-Y)0XH+l5xb@C+V?f2egZDmzXGrtLh`YUCa^!fe|U*+7npGNCSHoX%x*OhCR>8J4K zJ3rv~+$!}!!b@NOJ#JjT%#Fuxf*GK-SQbI4Dktc!SQ8WAr7p~K;&-96CPk$PbL$+X z{FDDspMMV<4xRY8fW_4UkkUyS6@hZXqwhTV1<^P5#Xmk}8^B!6 z$?r}5ci%rHTlN7u{y*tJg-BfeUsB#%Gq`MYNvmTbCf>+uZ@WZ9|(D_Nlbj-yeJ}tc^iiO z@Nba6NlLK$YE%H#bhaa!AxERI%C+{42$->wp2$)ugs>h+qgBGe!2!emklNNHX^M6U z{oa7L-hG?3diV2 zzf5$>{o8kV?X@@f>=W0a*u^+OR%xBHe)$@oyKtR+yyA)o7%$Au3ZV;rO@hz|e5{YZG`xo%7TZdGp_=POM7$45 zR#k;ca==8w4eP%vmeVfIlk!{>PE(cz4Gnm+$D{qba56dTxWBbcmS&Xm!n+dPQg(46 zWyCd5+nRpAM7%TZbEJ>(HdPloV8>g$Rkxs(ChWMyM32S=P$DLU|UXat;tMIIWG9% z&MmGza*Zn&FY(G7ud|W$n~6~^rKF(O%K^t^I%7EKOU_xjXd1=02Ib@&wb#tjlQ1lX zC<(1K%Sl4$N|Ywh%X*Y$$?@cvmYr_3?B-m}u3whJGWvVCp#^iTA=E%oSTJAxc4eVX3_DY8v0O6`>bb%3rH} z>U*C*W;;}4F@`l;j7Nk^E3fdisu>?oA}1uR4SsT_+qW+1WsbV!zD%#Ebv0v5j$1Blj~{IIsV(#dk1yt+pK)|T;PLYif=7vkK&WHM=`E5#kI zYjFV@n!0Y>=99#XqEs!7M)!;P_ygckxtMLuj3P0bx-JCmqz$P_D9Yf1x#&a1pofx3 z?qD$F{ad%#T;E`IWsNk=sBJ}}Q#laYrlEiIdp+i5NmbV*o*2{^bLvDY=dhLF)~$~& zhr)YhJwnX+=sSV960$sDGs{_DUZbpPsSq9C)A0wCs(#Y*<+xVp#(;o$m!|l$7$i?^Cq(k<5MNp&SAdC zC{sv9QTi!Q|FZ=mc2RPTDS*mUG~;c(jB{x+t)5{{`Pi(I|NjV2OWU z2tu|6zjX-77Ia``XHLcwdigLS6>R&IJp*tPjOxmB00{GuX`e$aOlETm8R6W95YJ zUyS#4zxYg@5FM1u&plPn=d&WLS$ne?B>;y!OFg#RkR&N4HuljBdIKKp?ve*BhMWYc zGAs{=y#DrEC~Y{mzR7epZKhk%Is=*s>}Ap}Ic^)>HKCe{N=Ish(_f;8#K0Db2BT3e z6j}Tk6-$ECEMqua;=;KLY^-mR<-yc7j0VfR`TE=J9G6u25>9JeJ%RBqOm|QmK`Oa( zlMc~IU(!ZZ<;gWH3X6?pv~?uOzy$*51`R0pXi>^So|3ODgZH`r{~-1!l!&C;bO`iF zYEDbgE%q2R3C{S}v~=KUBlAMA&eJ7JHoznN1m!2~&6Pq`9pB+ZC%8Glc+`3z$c@8>(pvY=_^t74PThqntm zd-rtman`!~+WSKZ$_svzVo0)t+SXtcS!P8I<#hRLVnUAT zY$mt@l|b;ooirdh8jtDac?_~vRqc5U#Z?ee5*^3fv65A5eY@fn@4KS_bdtVmalZYw zYZV3gOk*O%1Slt|K#$E2ft*2q$aFemR?MSb4jpYb);8Hc*yngM;o9X#IG!96lJ~p-89Xn7WRY+%CdPuDT7LKv=J~#XiV`*9;dlX z&62AokcAg~r6rH=1ziL@i57vR>jby2R4V`K%nQ30el4F-CW+UKsXvU*E-Z984wi=s z8IS~N1dxIfSg`UIKryeVgrreyr&H2jZK00gNhSV#kEg`zOr7zK%h8cB5eR zc9flJ_F4S>Avgd4XX}^Cvc#YwKp|X4DMv3&p{~&i@+=|HTsshmZX(@oCgU;1d={;7 zr4)%tSXo}-&G+76ZF!X}NwEQe7ruW1x*D!+OyW1k;${YAh1#jj#@ddGHiurT!mu4d zJ%w3S7-xcUF6g$6rB%NE;&`*AqTK<>IxhbIgi)3%ahT ztD2&yJqvc@rko_y>D<|wd#4M@b8fe;s#Xtj7Xc4idn?-tvrC#LB+(C&n{--}=RIs) zbNBAu7;p>bc#_i!ja@tM9#dNW6!uRSK|8H~gCbZE{KkAwn!g31R|4h{lRpT1 z`x(lGL*BgI5XIlWKaKbI4;U=1e4GXCtgAu*K!H@_ck;7FXpVSEc<=|XG4@6FrUwH7Lp|Me1C20)-s*Wr1;IRSM9Bs5Lk}YyAS!EhwY1w z0!VxLo0U5uYw;va5+h&;6sa-3Epq2vMQg*Q3zs+=kJ;bbZ8o4+0{uK^I2iEZ?GKra z#}xDV85_0%w7fz#Ns@}Ey}PGg*K;8|ydFhjTID8OAiQE%OhCH&mlyq_le|1fJ|k%KTA z%i$zzKcnymf4#8=PJ4Dg(^d@LD$qJA7!mq}$cfj=8Z@^al)8|3%x6>5cEQX?PDB$e zFNzXtJp$039#iTh6P02%FDME@qM{UembF}f1_z)5&zrJL=QB3e)*{83?A74Itrku?OT;690)=Y2@aGZ z%W^r1loMQl@l8BBc?M0A_PBoS2Cu*UHpRSX$(dZM*Xz;GdmJ4farf>mY*j?4Ow*ji zH)F(N(r`j`hpwHXE=y_Dp=g*7A0{xJQ?Loif%esID&}3oU!318TBl^mkU#wDpJ0(hw27~9(g(~S(lF05X^Yb!6?^jpPJ6!d#Ivs;HT|s zLQqgUTv-cCbW53jlrj(ipw!dj7J{&?hl^XMK^5%o@1d2(=tNxKJa3)+jfLFK0uq9tZ~$ye6*oKlf6)uCADv9E^}ogk#FPcH;LDW z0ZBUwU@7mmYrJ>sgA=v>4o8}0T)uFL z@npjHe)t1{LN>ts5G4UDp?b8l&|WI4VoGXSgbW|4^SVNC(uBj)Vg<4YB`uni#$i|; zuJPWxAMoz>KF$uP>Kbb@p%qse>nf>aOnd&M^fd;a;YNf)Y8gAgmsb0+Phj7EqQ~ho zqhrNK^z~Z4ZEU#{Pds0O>IGYbTAsM@3}vdOCGa7Qry7A*i`PEst2XDQV>&)2NqZ3# zbh;RKV@YyLl07JjvPFY-N*{p5>sZ*`-y=yf-*l#qefYZg|F)$f>GGA46q|*{A&cMQ zoMSehQj{fm)@#~?8>xbHz~S-HLNHVQKQ9W(svr3ug5b_KFj**8ZZ6m zWr+zyz^hK`rNDze(DU{;q2EA;6!UA+;3(VIAQJ8{|`%{U7V08f(C{gc{$6uC0(_=c1S< z)KNjWwh*^C`{WtEBfMwf?=iI(Y6w2Yy;_(Y9g$>%xPMMlm8Y5YS}Dq^k`BABtyE6V zP26KnD7yCc_J!9{8ER|&&)vXV;|eIMx@2>G&1V2k&(DXx2)p~cRCO6QZCMr=-6RwD z4))1Cl{l_B+KRGl6$!O4GHOvi9zL%pVgMUY-eg?N4{eLMqV4A-M&arjNFm zN_2OeXWjP4Q3N6XdP0%F=dUojB(>+~1c9z&3>9 z%!MSve3kd*Ykzn>^kDQSxx+D?&Nw_i_GGmFU^Axa3f#Is+3!$RB^S@1qoL+jUB%)b z*4BLYmG3i|jOF05LdhnK!*Xv2hX?f1ELs;~*hN{21<>M*4C8zFY@Yo438uo?bpEQV z1Gm3?f%M7ntTEP-_<72b%=4FN+ELY@^%bCvW^-eM(b5u?tvu8fjMmYIQChLSzRAr; zZ=w|(9v(8CPJOo--!4fB8qwl=#d(_Qs+#+pz7ei8k4$a+o|6VxccSXf-(A}ZuuV~P zIHlz@%eZ{;27mAeU*+EJ5!Q_4^fVbxr*hhxfQCyOA!t?2HEFOA-_YQLVSyIhqOp8B z0cy8{4uv3%G1)}M&r$?2IN6QJHI_lUuVMQc(zTyP=-Y>h)6Jl)LRB@zq(moq%#tW2 z91-mUA>KbBN-mboyeOOUU*#>j_};kF2OS(Xw>8y>)LB-|>VKa4ab}=1uS`BqD%{pde6dbRt&=?H; z!7^)0oBZ}~{w@=%Dbo>7_dz9CkA@2=uJ{b6zK6z&@(VfnZaXm58t12bw0zw#>#k97 zr^+7-^VL#Xp7XYwK8rrQ>I(1Tzl5kez6C+(N<{Zsr;W>xcQ&0<;Q>kQBBqacD5Y_} z2S8)iiF$olPXLEvYj=k%&3zQ!TL8ZKj8<)nM{ZI04i)RGt1Sy*Vf{R7^7hUayL1&XYwfK?HCKsfn@{ zs?v8CZUueA&mHC4ymoZ3Pnr+JN(uh3<4k21#;lbV|KGRVwoc)!I^)0!c_9(9{li0y zNeS7KEYDEdp#sIbYHTX7%!&zDFI^-tnkM}you;IFkI=9?XZhgP2doX3SsDyQ0XRpN zX5IyG%%&5e{|alQgNr6X>Uk__ZVSJ9=v8=K$ctOW?9YTxs{6$oqt zA;UDDy(fc-=UR;rPYgGvpqx{rCL?U!R&QS~8so{7sBm7e)p_WADKfzP0vJkbM1csr)nq0u{IK0AN&i+SSe zPOJUe>9=EHhzd93&2+7CRqemjk){EK*Nz#SzH?$(Cy@H!MiAC`3X4sHSP$MJFd0s{ z?umhAKAq6dGg(eYv>^OidB3N1vc^5$4OsaeNMgk}>q#7GrK*B|F5PX!Xwf7|&g$w0 znHlo;{@y>}s8BdF#Oa(mP+qHG?uYt=ApA{6fcD8sVAjzOHP;{Za88PoR9*W{K34jA z+CWgEVmfSb%XCU&A7UAtaIYSs2&{9caz-^fg!v5SW2*T)z&X2?zdxaI71#n-Rn*gC z_I3_2Sx#43e#FCj6| zwz1~<34L=<7sl(q*E(+By+xuDl+H-fTn;l^k)=H;1-2Di+gtSWKDu+PdLgz@%!=57 zIfQE>7`E+tp-z+?20Fz|4D9d-+0@L>C(kzP=QCcaV37~cAe!Rso#W<@3po$5kqPx2&oG`y4NnsD0=-R&Yi!?_VzCS z@}K@IX5>_Qh}E95IskqmI3~D756xFJ-~S1%0OtdsuC^RKxXbZ}Z&2KSpKAX;#ojjM z;equ3^Ly$9%~}BCe2Pcp7-%Uj2{Z}ojV@*~hn4gfBoU%MU zN6p7mj9O{mgjVqXF~f7pxVv+xc(AuemgQ(A?8jwU`dHMW!W7!{$!x-vOP4!b0nN|N z+SFCWy{#?sypOYvBr($Q*IBYm`YkA@I66L-z0HZQ#5ut<1d8yGcKJ@>NUJppAj@;gs*E?5X9>oH4cm3IA2t}RbtGmu5hv+hqyvSF-F1N3bWED) zi0+~-xIuV)&47lEnG_y``N)PAe>PJvH+`Ul#taBoY?>zMuuDj$(9ZIJetnH?WUbz;n= zwH0?06Ob`=t$~mGI0>*(5)`cqv@Nhz(W;>H?+L;mTo+rzd`7u@pKpKt-?Kbgi6(Tr z{{LZPkoy11@3S@qSod?$o$-+E`MhBNKcx92%7U`2{M8#&WB|mS+#Bx1zCJYz z0HC$LU6oZ+W~f3MP)T5}6}?Z>B<3!|a(}E%0!(JpkJMPw3oVYi^#_NoEAN^F;XZw% zb}I~93Swb`3eQ5cIO8F7VcYlU19wUrmPX6ybigB5Zt~B6^*NdmNIZB1^LrF zELKva%2Djz!zqi-^2p(*g4JN<^rx0K<8F70*IxW8%36k_HLMFz<*vVes{ijTzj;wK zQI0dFvYQ%HZ0$VoEx?oLyHBQ*NZ8rD7jTxMn6bIO%4lgR{w;K{3ULUW;P~Hs=Pis6 zp5|GOc8d9YPQN!0pdD~B(oWxYQx z>)JZkV68)LIx$IPRMA?ICb|;{jHmFzIJyJy0vH#>pLnYENiU$nl$ylczMKLMTb0u4 zTY37j=&^QT$6~F7odsA`UAwM9K?PJqL`4(~Is~LaFac?hZUs^4?i2*1ySri0-5{~( z?(RmqbDXj8`~Ux(eeJ!E*Y~&<3;ixx_xn8WJLZ~m%$Tt@4;)oRe))dJgLNAgm0MPW zoD2~&gqmhyi-eZh{1Zf5^r9v4Dt@iAZD3rMY&>u~ zvmXpM-LPU0c?nm-nr1%VWPVuT}H!s{i7b)0-^k z58j(0uCM#GlQGE~cBwFPh-+kiA;HH?(Aew6cV-3a!Q0aWW5dJG7;D4(R}X5gt#%r) zyAO^Hk0ymI6u9w^8mBvy<=x?3euoyvP8CTJt@^`96e~Il?fC257+7> z?enV6cd>q4<;)*$rY*?(W@t>4dH?zq$|(Q&XVIlc@+zktLZ{HWAiD01BSuMK~Rc|fnSoMC0xu4RFXd zw{6uD4PKm!KIoJ$sjd|9$FR!zYO}_#+~2lftdGv@Wl_FW;$s(yKzsh`WDYNt#Kkx-Qm9y<8U}OeOGT5iIg|ZGrwXzUu3%9&PbotBA+wnBe+agCLXgA7f5lXISJoj z%<9GLfPxf9-MZdZ%|UfdsY**rkHdHZR$UDuBcF>fT4!PUiE%9hI2eYOzuJX~SeM@!)xy0fo|y*I%bEe^M(unsV_c z;>g78Y39y}Me4v0blN5x+aJ(jy-fR%zg(v){8jSU$xiCS))yZ2Yq)!=vkOMk?Q}R( zCOgG7%^uc?lJ6#3ZC7_N60DUt&4b3SAJPL7`-oSEB;co7R;te1dFBBsEub&#_xxtM z*Nk?%syGHk;A`uvR%BBJ_GT5aKJ*RtBkT1z9$oD-Slfc(KEe276WlyDN4%_8u!MwK z*{|o{-kxruc%T@XvTQR@(HM0eCQ9caX=Aa-T3Ny0o7`rx8^80_v_w=yqC@V%?vR}F zTFEWJ^qW_HmxUkj*u=aSQmlADx#CXSN!UqFdn1G_Y>9T1Yg9^ujCO!}mypL&pS>}I z(tvd#LlmR%RmZF_W^BRn*T>+R$>@{3*e z)yQ2&%X2|XG`+^}Rdm=6x8x6$-jT*B&v~-7PbotYc``c6wY!bJriE-7sJ-*3%a*vl zs4^e97-OyC=tTLzj2NH5!PFa`u6I(b@0Uz?7>#8rjpjXV;8roX{h z8Y8>)_?2<2i$p2F=Ese$YS?IoFu%YQ1?rRY>W;aGUc!m^_ zH~Ib4KxV>BZ6c8|mjR|-<(;Mqy%J)rxN%Y2XsLba);l`V>2!Jx-qt_ZvbjfSF@A-A z62ie6CVsowewX$qDPwI|?B&krHv#_Pc!Ts4QxmSEr}uy>U;;CP_7P{5RQZB(NFBPP z<%UNJw@L=6?s`OhKfjUI(Q9*@uXc6DEb_KJ2Z4n7$TLcWtNb;b?&D2+8k6M#8FA5^ za>X&rBWqfs_MBIw%x3HlIzMdViQq|}RMmF!u=aj@ub{cWJ8elR^^lKW{z&DD8n=S# zNwt{tpa{CJ>g0$5yfXG<*IjMxg&iy(rKCv)`OSVJi9jrT9}J`| z#?4+(NQr>w$a@zZ+x8Kb(gKSxzvD`nnS*L z*~aBYW*f&Dv*&$WearFEYGmxI_i2eiAC22Q!V3I1IY8NSINQ#Zev8HvJPtNZ3w$ad z?0J3<83|7ze!_x|q{L21r4A0}qrJgD#av{j!#$+N8u8iYICpKousCW-8ENyp{&5^N zL(lWn;OpG=FJ9tbMKf4lPVq@^siHGZPr#ao|3}FdE#m6e@bf3JXJ3zLjo&#NDOZOT z^uTLnkAz>Eo}FBBdpB0pA<_0V(ar76T_Ulc18b@4KHr?LUK%gb)!of^q#vJDbZ=zI z){u9(saY&4^JZ4cMZiU=bdz#1gnocKu{-kuhjBh>ghubw7MZqm4oU~`o%?4-JdWHy8Y2}7 z3n9~e#nIU#N8c4ay3bylcAuC}dj-L9aM#wn=26qnBFxV=7O&|=$}PuxYi+vuc$i+? zzw9tj$eB(jY+~LS86 z$GGx>F~9s}!3xwZ(vi{<) zR_%osQ6gFdce$^iap%=b69>t{YuS64r;qz-dQ7u4X4xP7DmV6?-C``>7$;+-YPh%0 z{*YJNVCVQoFh7l*exE0Wx|#Wbt)Z{xoh~ezGKqG0UD~pa=%+Es5^v0|8}eMDqusdD zXbp+gs#aRstF}+QZa;qa$mX-pHQ|C!`-%=RU;kw77+a7wyf4d^biRREg>{L!{kHq8 z+u@f9&*B<;o*NiSWTmN%tvYOLPB_FS{#%aC_i4Q zlHlIyrssv+)ipFNPyG6l z8aK)sejca!tuD*gqBfHWY*n4ky@LrSlnX=6=)KnZ#;Za4xr~1p?>|4(?{MT1oW=9`wyA3`onRFqbXZi$uz&0gH_~+@`$f*n_~>8<@@7 z+$V*|VRw1Ph1MARAIu`0wF$TGF^GJLEHtgyZ_xe@FH&kZu0I>*8k%S76@acjEKFu)WyGFW<9>%I@NAL|Q3q^sQ9U5-{`;{`oNT{)fkJz|!1qWrw)`O$)- z7&l7=Qd>S2l;iyn`}i(6xlNG9Mpt*|W7@zOb2gE#&6~>~)yFS={K?PYddZ-+G+cmD zL&G%67bxxqyi1hf8PsXyt){H#?8m9e3Elf%)cTGDC)p&NJTYy{cC37oYNjWV=!+E9 znT;1QLH7BkY1K*P#`YLf=VrjGJ^aY(907XiM1=*)-54K@H1Ccl-Bf-zH2e2EaE*&T zncAM3#Bj|IVhYu2zIFW)C!21dfgbR#!F=-TYLskAUar8%s$@dF^0kqc;oHXRtipt!7CL-}yvNNyZ%E=GEtl3k=h~|+sw5aF|@>rB7^is>N zD#2u4dVj=Y=Y8gMxrpQsLz4^f;jArCYnWxzH<}*fP_>>4^=v#{YG*5{uncoiUV4IV zx;f0zk8P$UQD0`uP`F=P%Y&s2#4#C^6wW{KL{%gN+6f-fuqXXo%+ertZTc1-zU0bo zzAsYnB-xYzn?->Xn;FPd8Sw6hZLSTP&W}3BR9Qx4%lz~e;oxQ%>S8*HCzWb^VL+!+ z?6YfI7h9v4uaPafqWIZ^%F}1ae#4Y_ z%qk##vD0tP_H(e2sSqA#B8bvZB4X`PxyLv>@(Qmw?qLV^5B}g3sU)~tv0-XTM3pZ3 z(bT@~Tbd&@Qk*#|q>W3rcrX)R9Z!tqb{f9!NWsBb0O?+RX|U|1g;#Vj<=hFKsj?9} z&lH9IDNXco>*v+*jf!3FZRUG|IhZOqb%JOI0Z;J1QF)9e=2lxPVl_))vq+wqnx<DK#X_V?TIGQ|FuG;INdFX|+;GB^9sEE%3=PYe`Y`G<;-FWD@j>=yDDe#bY z;Qe-7|80h(qFG-^N&3^Gm*$`9PUn%;|*#yaQTcjXX^uxS2~G<;9LpPi!~lHE)np-8#-y zTw*ni=kqR?XOjZ+TM>1tV5_m%E97>|hs{T!chQ6vYQAHgOCuu(C#;;3R7esEV48bd zGA0dnmRO!i1k%UE+{07_`yLt3v;D$_UtB`uj=a6mh{c;6`It8FeA<2xcI>4 zLxWXLu&Rz~?)}n3G?l^P4J&a|Uv*ZicLMRBA^2TxL1`w*- z2r>qKWM$?T9U_2cq7FGMol z{*bwD#j#^KJ<4usn|FBDeJ1xu?~mG`MkIN+i$t_Iap%!s_14A`{hr0Nap%sg>haUn z^mje=SQ-(ym#EgtX0a%uPnJxNhJ0kOl`=4Ck}CQiveAUDkIh=!pO!}|wv<@zT=_Bo z0h9M$?fopOdW3dk8+pcFaB7ey)nm)*MErT#RTfY|d;f+jJQ6{zC?qxZ=JmL9C#!te z*HaRkL!L$1!4GQMhsg*N{S9;tmc?!y*%HGu1u4X5f;!Fg!g|{~-m;T6BJrGj*9;!r zUBxEPe`dE%VedlQIhUR}U&uD8roZ7pb1&N}x@lj9lUGGyb@^0|qBpGIxq0LSWdX}n z@4)FZg5RHps&%zbq*wbosY!1vWfWjVcsFj5N(z!c>HPS02f^XTrTL6McKRlPv}O2< zEgkyLwolW3;AHx8|42;d;CcCJuSG*31-VqbI%Y6P!mYgd)}hM^UB`Ax_#U~=uIoZ) z0vVd7zdt$EKuDt5-L8lZY3V2l{%N`&`KO05 zN4E#Flpc${?G*Lu{UM*GNknjPE`MuAvg-%M9hJa1m+yBLNs+R5;jWX`8>bE%_KWE@ z%iSp)#YNtGA}XY}iP!1cGM`0u&BB9C{BqCaus4SZMrBjUM^mGUrl&=m(9_Io0D^@ zqjEIkda%0gt0J{;_7M?26Q49RkSPV9wY5F6?cuijl_p+&i4)&cnRkc=59=S)7v@Iq zbg3yV-OrFXd=Mc=H)NwigC7;@BZW2?W7$%5oVj6dt}$oF%JM{v{L9sVWzQrQ)%-sX z`QBxR7&1rCC^4vxyy3oU=fW%!MzZ!yswrF#f9zH$UVagRI*vl@W9N06By!*~BH#+A^=XPCTMD;Y1)4{? zR_HycUUikD8a9i?tCKUGcFP{LN6aKyyA;)8J`H!i=4_C%=H=Tr^{hxbyy=hTiX-cN zUXSft0ZdqvVh&QZX)>#o%g?@kFC3TAismC`=NwYgrCK~33g|#M2&8em97BHG`UY=D zZFQz1RpVEt*!)JLpy9hyy0+b6ODipI$On^^@q7HzAxfO~Kkh}_ic+>msdI*HQcPO; zc`QEnP43Ya=eIg^zAi1~X1X8y5l@dXTA1|a*I$e|R|GyVgHi2_vq&4-+whz&yTS|v zd1vaK5jIT2j^cV5?DU74^zR7qiF8>pS$HhFx3-)g7Gyc+%H$6jHbfkliZ~}lcD&Ip z2=KzY_WrGGe@TQwv%bW6Tu-bfD_&dohkFFE`QH*h5jW5oxLAnKe#q-fc@c5ws-A7cS4( z*BAMBk`fRYViH$>OVX62ysbU;9C5fA92;e}_d{NBpsyFJ@haD8&Bpo7>K#Sk5(8Sq z7$0W*VEWacQm-ZHkjJhOQAP5LPB&`)6Wq)&Q!QxKM7n6g$5dAhmqIhguDVf&hyN|d zh?wGcb8^XVl~04F68NMsk-NU{xvT`9``Nr6b~oZ#a2nm%6tZ8xHzcRp_o5;OW5r3Z)osn;vMeioWDyb;nWSBF31 z3BM)@e#%>ihnwB_kbm%yzmcEuG49PI-9Qpe${yx>$_09_dM=?cG@Kg9+)=Dku~VTE z(Y^kFf1VlxFR&qiNsP(AuSt#l=>SL+%lbV$G}w03*Zy>Dz(R%Db$)5dciLdc(6`pS zeznY*N$1UxY2MXBuTradGNvxi7!CBF+BT6DmZPQ{#NJD-0#;2a$)68#E{(W*3 zp~N?P)m8Jw_l9MN^=d}v_4N-T6)^BVR|o%Wh;V%6iZd(EzwGp@M%->cpe z*+1AXDX}C>Vp_gYnnN#*qlnk=Cvt;-it*tLqRH-&m<=xa1`|smSNlor$a7*j5+U?2 z@;uS)UneuBv&mcDxBDj(N=pY2eWsUa@gv33RHO6=x2o9)qSqHCWZZZZhD(V^WVEk+ zt*fk_Io0a196CS!__^-TwW!BaR6M6@*kq@Q*89UHd;K%{Zl7tx&vk3$Z0PFmy*)As zP7c&aXREwtsIBc!iWiM^&H62nKZcp!C~(}RfXT{B<0^BT;(jvA!NwnWBKBm~np76|n%kIw$!>sBsZE%|k90bEc%v$t&6*RXavPCNbm}j9Qmy>5QTF9q8IMov zXP7d+zKHrLMRqyly|=KYN{@1<7y$-`#avoM#c3wVsh#{tb$H^B!3kgT%L}|BukM)< zd65ew1`X0aZj_?-xa61`j2D%g&Dl#-gE!G8bn*ZT4$^Zgrm zVlvK@81u7CFVvPpBN3kc=MEzsM-4GHKByz`zao5878mVSC@hcNDC8767)Gqpf9u!Z z;&Ze6nl9u|Fj*chGF(-OoIK$Nm-VX+J%m;VoBYv{TYd(M&H>mW*G?OV511*!V#qR_ zuDYtrkc{6l`J}ymkM4=4=M&y9^1*r52JfX=l2x6m0y%!WNRGxSx5FD%8znC#gZBYM%4i^cYr@x?NO>ydqJqd)(ocJODp_z zI)qWhu2YD`h7)dy-TZ@*1CKyq8GK=-vBA$iER;i6o|9$c9K4p6ZChZ9TtzZ!6Aa{W z_?F@7bJ*>Q2Jla8oF!OFoKEg!=qF;OkZ<6^eTljI3q39ce&Y~q=f$^7l+9{r^c{G%8{g_JOQ-aZ)iuzI0S(kfA zm*68#Ebm8;h;#Dtgyn_qKEB2$D=|dAN6~eyAd{W5qEk|qwJS?a-`vOJUMEvjyPUlI z!f;B=ljgkOOW1!(Go6HJa)PZ7*2V8KS#g)Draask_IxR1v64&CE#RImq;gzyU~!UJ zTxzyVEl76mur<5=;#N=y_NDdeR|?&S8~QX?k6tS)k_S)?WPY%g*GK;#;p@FT7qH&l zSb&BWZL!{bb)#at!G|yFK&i=iv62|>@M`zlX#0ES@;sqHJksPK#m#FWKsfOxCU#3# zr&ZuQ-XZzbEa}d0(kp8Z8yop49*|({RFBixO7s?vwOiyJp``<*gdail^M4G|F?Z!( z-cZsjxQJ9*W)1Qo&GV&$r0-BKefo z!lA+Ojs2kkd-P1k0%_?Vsx$J8gmABA`1xqeiwKdL_Amne-C&u+Ki{J3zR2fSsoXBa zac_zkELu1p;5H+E`N^`taVyMa*rp{Ta&uPokgA6{?)kUVsrikqbL$PGy;|M^R=L4> zBGM9MO&0&yrNuy#+VyMTQdV8{piFSHi6D;XwE9bx&&ZW-B=anVI2sx+<4Lh;4ov05JHWjfX9Z&aFUsnmE3i?7v@lURPj1gFgW!HMUUFFqvv)_h~!XX>0z-2gB9 ze4ZT{cv(NXfmemyE26#Y@vP(Iu*^f{YWvT#kyh=!HE(oPoIaIdi7NT3jVKg+>|<}3 zWh7c9+Sco@OzBW-9MwKa^x}Q2E!njp6jN$eRZ*%F>vq@qsZI@60_`^{#W*9(jmko# z5dGO@cdZ74(5*iKVw=O?Vy0V;MBu$%+c!>YNH&j&HViFi@uIE&v{Lrh`PDa7V5npc~zw+3R-y zf{_{)B1zt>UbUS>k}|j|d56jFaNB&StQv{*GFCaFMt}H5{k$>Z)fX43K-~FDoN*HI z)9miLDv$2NJ0fsuO?76<*zrg_Klq7OGa@*LPvwB1tzwE1A++jXg%`_`2D}buRYCjN zNZ*RTpn+#_&Hu$#k`8CI0#7&sAA$IDMfcQ*C`r6Xjg$MU@tzug)BD4u#GUsQ#gC-D z9>*>pzm`KSW=6% znvC^;gO)EMV2f*m!i=0E97$}MdcB1#kyE2|@*9+| zqz#F4FHCqb-r(*0G!?lXLw?XDMbYjyImL%hvl{ ztN_1fnEDFC<)p}VoPZsovU zpEb-o#6{>`(r>LT`jzPjawEEcl=)CT*v=Z(N2{TluV5yJmIlm-()GH z;T$2GO3Lvha)9#-=F7(=}PNh*W&R$8ws} zJcYr567X_r`MbN;mG@1IGra~mY8*Y5M2;+;{@e`&(TJ=$PLIcA^y1I`qgK72b|111 ziY7#1;0B4xE4RoK>TM1^3r1uy2qu_18b3%Ec1jbsz=^&45%-3Z-K72u6RW?wmQWk0 zdv@$3UBF6QIaGrC$a(rZ%YciS7RlF`)5DmtBb66Fg9L5hOSlW@|?68vvbXlo4=YH zrMGpWW&EPqVZq9;&TyY(Lm;W!OAyP%FqcrL>Dnzh;_yKA9G&nJ9ktsEgq^r@GfHn? z+i8ur+hMH6=1RPZyJWGOA2V#b6ES&a`)!S$2HvrVi!VVtDtv0UGw3Rj z55l#WYj5x@u18KSe8ab@v};6T#!k+sa?_(O9C7^0-J#+@g|ls^Hpx=|Kw7!s27YX# zVET~K6Sd0#6>0U8jGc5T`H(#+AJBWd2sD{j<#*J zw(h0Qx4p}8w-&=19=N$Tn>G-J|2)q5JVvZA_=VcX&)QJ8-XABk5+hN{npetKBe^t7 zD^p0WJlLo}G~fKC`dLqa(Ob*;E|t31d(t6fri|ZqR-_y9;UsRh$c61(Ek-7jVumg2 zC7@KZ{V8a4^q^$tQ;TzY=O+>JSeDmmQw4{eAAj982%l{xHeavyNyl#JCEQVS?{8)kK$M@ zN8a6{BaWpqQ=;14#&77%F0CjW~r??KBH}}pm z7hJ%jKiX5*Htu89n-G88H-2mTdk(96**v%!@G3U<5+%htyi?G9(Zc7pWLfy$fCq zpg~);)3-6P8B!&tbGr3Ytv*9)ME}Fpk^5Gbd=edGmmS;{Xr2f2^@Rtl)F#YgCy{FQ zy)1mAkjO4oD0>&r*-8(kJY*y z)niYkW!r4k(Ae+py;6#nwWn+S=qX?zQ_|~oGt%L<^Pj!rhawGIQa9uszfW7LBIVIf z?<8&F9-m4Jmy4v}=Z!5YC=xOFTe1^$Cgg}jJkIe@rT&^1i=!Ebk5v80h&eQ|!k9Ff zhtc7FgBiUR`8qD;M7*U}s2^_M=4CyK8`|FT!2)kdR(FvrTrIdLz58_R;iRr{cB%bF zN(?(qr(J!%@|)QvwiL0(q<24D*V!>OlzTR;UkmQWImJ5na?I^cPdIT8WT{+L;KopQ zU@y7vop5$lM=xVG5T4_}Ka{P_->6`%*f{5=p>OX2Z(>n7O~9uel4@GVlM%ItM&?Y@ z_=iN7iN>3wI=4Zxv+B2j=?#sKlQfSpJe57w4{wPipgFSee^=Z%2&Z_7G#||qoGnme zf3O|4$Wzzr^Qy*U^899Y)iGy6l88x_C;85LoW~8TyV53dx(Up#{H}dPPkHa>2kGs< zALP}2zUxMS_S;b6G-|86TeX#y?X|Xx(-UcVwVrw$Pd<6LYbU7yrS??>pY~$=@l@B$ z+P$lHHJ9Z2d)UUCPT=S1W2HOy-`biQ?+hS55M{;d4!>rZz0QkZ9F{A>#t7G~>CSZf z_()T+07I0ixz1c+@H{J7O8(@!D`WUbkW!h+4=%+6(#Hs?487~&XQY*B_Z}`jsPU;T z_B1NI4|bOm2LwtFb2{iEaeg?8bh9#v29Ff+Emo}bbX=~v)6`ju0d7BT8t#G#Zk-4a`QjlDqU62x7nTC6TJx>>1 ziHi!yO3vkEVLsSaq~|KtDSyh`{st%k-fJ1+H3W5 z?dC;9gFViCs9;(XpQlVoS$9QutFrht>T5w-!iT@?nB5aY@{6j-1w~CU(=7F`9Xqd@ z?3{o8(BAy+&-4;~-|eqLpD0x7XJd2krwCqM?PxWS zn{WPjp?WK`I^ObGL$>tCqO!_LJ<%_)(DaMH|Wp8tL3_M)to;pg2`KGCh zU$EWGCO#rD>_2-pI#)W|5HL9W(%y|W#4dpJZo{zd}SEJcmc+Fd=kPd<0{GX z6%NroEPoK~Dm*t~F4oi>I6Rb_|Lx&JQGHrFZNhm*fi!WEg!{21bt+qvc}msZu(G8} zxsIpuh%>anh6?QDOfDWC4n=$+*7@R@h%Pp4hj+Ehjjn+0=U`x#W{~dcb2Q4Fn~kCj zYn{#x(SSpVLR_bDe>96RzqWYQS-W60pI)iz1J56c{MU;Q7vn9f^>X{D`w@~$732qT zl~k#U>K<6AL%#(xMLkfq^oUg6taetZ4#?c4BXh(Yhc#-p~SY?a+F zGwu!r9=NNaZRD|!>VgQ|PD5A+2x+~!u2t{X)R%>d_Y(*uuuwgd^-X;+7Fbuu6}ZEt zWPgem4YtJ$jz-jXUEcXKlZi+g1^9k<+Unc;jC)dmSA|acWOBiV{zIno(5T(ZK}1# zvXMIdDRB0vBt6SMFh4L5Rre3vGI=1@##e%IH~fC@R<8P7gRGB}HtjzqvaiQ^12At%-H_3Cqy;RXM@o+htjO%ts3S5~K)I zK`t#t!>t*z54VN=;|sUG1aeZp9d{EbXyxj(bGgrN)1JcYb};OaVe&`1i$LpD=GN~e z>bK@IXYE=|{VipW1qz_`Ulcu?Yq$15%#;W+RQe6+QDeM~62ql7Ssof0Sr~KnxFby` z!VsCni44=cN|?kYft>E<(bgtfB6V|QBHS=!uIij`)qZ(^%r=-l7BQ(7^CuM6>LN_7 z$EF=yB4^3Kq$VE8@OVsw{##SRNI~Er24ijQ5;|2O)>o$+@z-|l4B$*ke-KKq48p74 zZM6^U_K%~y`5ygn!B8TsJa}g3WN&jRM*6@vm7?uvws%>1p($+`7XrsojU&kG~(` zwfu5EVXQ}}oi!j?>dwQ2J~ymoYHaa_AGx1w{=6-B7P#s0bRnMnmKOUPlj#zJ^Ou4G zhQ7XZT(^_LQwE|Z>0d_Cw_z1@-uRSuqcEsi5pSQhSWW!;w5^HQrQRylSC%!2K2br1 z_6d3_9dD-a?#iPmeZk{u0g8TcuG!8_n zR&fp6<`i5f?3n@qo=0O&+HV7SPa5JZy;(;VMZwtl`D@WqCU?!g%y84j)4wWA6yIApM!J6)xHkDIVzg;^rbEd`PHo9 z$=j#M0M!#(#}&%UlaHGFnZFnDy{SJrkoh6eBl%igAh51pn}yM($VkS+c%<~zQC4im zicyDi`<@JEVRu7ZKkK!WxphP2%E;GU#5>W+<31JXAe}WmLp^n;Jjzgle96|tQT5)5 z7Nep$1Dm#$l?MuhD{2i}-E_qE$9U0J=lNfR(n&Q%{k8nxf4BXs|=HR7iw&`s&+N}15p5ATljKp;HUYkzYbZS;DwJ$?WK_HDrI{ypyg zT%m#1RFK@F)Gx7nsy?+tMg${;xQybWqA;#)uCEh>vI-HZ(#9o2E7pQ@H6$hzb8!YC6t!u zwY+ASn{r4F44E{n#!^c6p z(BH5B_um_?e;by+8x3Q{9ce> z;BI6I+zc&%n*o%*Ig}arrE3aYbxeSZmN9VpW&{irbU;LA3&`x)1?e3}AieV#q&M$@ zw7gEx);J8>QEC_h#RW*vj2r@$C5@oGsQy9~#SNeweqB)12oTw|0FmDaDte~D$i_aH z+&uwP2WMdB@Ept@fq!&<@%7Z<85ln}2NUpn(?{oE4n9sojqaa;q1|&Zuzd#lH_t)e z#yRL+KLg!sr=a`KF=(3H0@l8%z$+jP1o)?bK;J~*=@A8z5fz}de+jg7OoPVyet@j$ z0gb=A!T(kPt;iwk<(VzWaUQbY28&ahps!;R)KqkVsX{RpJCAA{7^LlBwM3tAdRKzq|D=x7=NO*I4XJ!psi=mHnq|EYm;SOaCn zO&|qP1qzFsL2gMC$g1uF9W!fSeDeTIz&e=RKZUh$exb>I$Q^2YAAm{t+6v^p1#4gx z*2LuAIT+f8{2})~$h~L%FZZsMBhWIp2Rvg-frnoz2=q?|LB2^Kz&jrN`V|Ta%32}+ zMbO+j4jSwFKx0ieX!>9HcejpU4EN7X%}#ED$>Eg?@6U~|gO>U}P+i&zf4&w_{*SUV zYd~&R9jJnNkeiGAxBtfm7s2nsI_Q1K9>pJ}jIs;<*@?LzAvpemXJ%|VWSrO zeGfg4fPPPden%-aG8v>sB!QIh1dtRK4-z2%$bcYFl$j0uom?)s2mf#eLD2JoDE2n? zz}LzadLJ@3vjRV~^r7D^q2K??%gEw_y~hQ6lMDVR-@ECWfM1ZkEA+h!Wbgdl5c1ap zHlGZEgGUlbYuN_LZAVZiAi4DjM3&Bj%Bmsg|1rpa6xP8Af{sGtEPB*XeIZ-HtD8HJ4?2YRt{W*v;JAA-@XV=%sR3dW#Dch0~t)EM;o0`&am z!O4YY;P(bM|Hb_TbgdqN&gBEpJiQIvq6&eVchX<>euU8VBNoqCkMFCrAm40RbrPFz-?917P0!LH0iX zu=g^D`3|`|eAfl;#?a$Xp8xnB#r|Kq@IQ(_^gfC|D)&*||I1$=*g^j0_F*8kX&WRp zAA*FIQ;^sSYoKu-BE981%<5C@blN?{VKn29y=l!S|^i@<)PFm;+Jq z`5-zO_QA4dPzpU+43!A`LRw`9s2yGa{i}Om2-d>T#t|6WJcc>}!&|3da{CxeZJ%7c z*0+8FdSKRfEgypR#eGl#^VvBh9e8-dI|e}RA$|!U#5WFv_`vtaGXi*fhl7@$8PM80 z2WxW()I;w#{D1iOch7|^FYJQ;o>?#l*`sm*mHkyPyDA{-vV53nu%65Fn?Q0>2`GiN zPyy>AJ}wXRc1=P4t6+S18PvmCFG?>4g@~dHp`I6Il!5~Ibpqs{5EKhi!xLe@PlN1J zVdnqe+>@a16G8GnzE2E|1&P5iAU+@r1UY*EcPsmgJ|Af32-!Pa_#VaH2m0Q}!W#B^ z%M0fA-*teS5zKZd48kv0_&g!q~_LvsI1>0rnn9=odg|oTcCSs5A-hYgFaXnD0MIIf{w*q z&#x~&0)dwmI;9Qdjf2O=TPzoPQa_T{1 zT>jr$fIY4xzYfksgJ66F`XBN~R<%RlL;h+1;g8AyR1KhJxwrs0n}o!Hbm;g0*Yp3$ zdsOD5e4iK+4HAPQK&)>N2y}D>wlLTIpyyG&{vz{XzxT0(xo=?uyrK6!P2p?@{r-RR z_k{dW@-Q@qf}V%7-!FX&;H+l`>>+z=O#>)H_;(C|BYbrHW^lpZ%-9bkA-6zW!x4yU zJOOb{um+lrL0HKgD6iMH9Bd`XBK^t-aRFt-X2AH!Ium_;{mq4NTm%^_T(rZCX z$v6m1tObQIKg&v?cgkR%!g?tyZv`oEK5`F91wVt5fkR+2NQ6DbKdl(J#peR|m~8L^ zzGm(g2JGD$Mn_U5N#t z9A*J(=BX^Hhx`XF*rWJ2)pY&!e`+Bp`gaYKz%@V_M}ow_a1iO?3j*w&fxVU<@Uw;)fa>> zcZb~FA#V@Z|J~r+?*gAYLGN4Z8G-NWUx4~o4Pa_x3)D6Bz$XQDVD-%y*nc$wwrVE8 zNY4W#)^GoZKdJ^$s^0@CIc;zT7`$MQ;@=4~wz3>%0DP>5{jVJ5|NPp&bpYp~eE434 zWp;qb;t62p7z&CC;hcc_bER-?fU1M?W;m~xfxr+12nx>v{$c5$2KqK2Is^PbG53xI zem-$~CjSjOQT*G+U|;G6Na+1W z=*uQ}S?GV)|HlVsESKhY!PNN11^?->EilwG4{A`}&w;xPWLI6N6xKj)dIiWzDTcFn zJ*bA?uPv_!oh|?2-&)`MH~S&~LX=<)6v6B-h8d6@mjz<{!eItPz$}QrsDb}C@BhO- z9_D@m^gb&4Ltys%**XGOl$W8;QSATK^S#YcGoKA`hqJ!hKm47v4WQ3q|3`6$%$=d^ zq4)JQwScReD@e`D0lhP`U}AF@Oz!N1;k8|mR{9&LXy^hRHGN>EZUzkXJV8SJ4&;9f zVlQ+8AEA&i1F{A$)&U(&L$C(mJlHe{GoT+-SG0q=>UP*K;S7M{|4$8+!g(Mnxf;Zk zO@XgEuE5JZ5|k9dKT`s;0t&TWEQfUv7oP({f|H?AKv)z4G&c2v5a<~fmtZ*8MS&pi zXxQf=?+Zo2#|RMa6At-@LGOovV2>ck-w*tTdEeE)09s&eHp1tP@ZW^u-wgF%`A-bb zqD_r1HZ7pCAFdaN24Ei_-GEF-FV^zqFq=?9t>MbDssJLP02II)sLX@wahUye=2r7?lAZt3X9=%|#8=RUpCa z_$=sZAHU$=)jIl@Kb-gTp$ee>RRe|aIja9h`-Xw|z^K1H9@XcePj z{5gMl!5QBXuJ0Tmce{%oaKZk+;qL~I@%)6`t@RCorKt%B2nho9ZS7!Ya|g`tAAxzu zdJe9u=Z~RIPy+DzU!h)~hTk87YqCtZMw2n}0I`sNH1s}-`@h(u_(%Re04aIBpta@i zI^d!Qz&dD!>`}*Ae#05K4CemD90>WBK%r)V=%jMU-v@Zuc>zZ&XW#?5mHty7Wks;h zmcTg>_5^>wC=lWw3%opnL3UONXm0KS0RfS~)7cMZeDHg# z;9L+6I=iPpXYcIA{D#W>hN`yzh5wk;{Ok^xnA!m??Q>voWD^Vyt$}Jd+m~d(V|VZv z-o>#zSOdiw6(AuJaghb6zJRKM`bs2NTUZ6HFbhXv|L=x%fbxER3SytqkIol_g9g%#~?gw05rEufDU+kr2}RqO6^UVt#hxMnzrKa z3yI^vya#{B2Jm?}`k#$2$l*2SCgt(GW!k@e7w?8 zQT)G#zr_KLkN=t8J9eLZKX9q9{N~}$zMF`z=k(w`?UOI?1Mqx&J_ma+gOA5y=V#2A zuJpVdt>3d(8xI}Dt{>N?<0l<_4eQ?6dt|_o17yJDz#|Kr_*t_BtKi*gx1P}4F7aI!_-7FVO~wq|`ZSzmwj72IYzKa)?qfL%pS$_lFGOMJ9=&T=gQ>qYauh&Sr7D@@aj|2{$K#0w=P#JA;))7w!p3hrjJ_W|aT<4zZg1()`R(Am?IbpUv;CC&aqB6` zjz2PBGQJl4bFc$Nxn(NJt00zJ=-BkRybnybX7c?t3E>OZfSWlzcT4``2QJD=qIc{5h4bs$bw=U$^RpRcrSD zxMuw!wRP-MS=D;AwC^HcXhrw4u-EW+pC^V zIkdnzxbaVN%RrADm<$;HiPU=n7OjvUovaoM1T7`jJL7;qU$^fs7&q0ye=agG7tH5; zH9<3Z{O*gdwS2`2IF43r{^6iD6VGiXp4)uvl;hhS+iv!qP za71wLrxaehPxG_(JMo{{0H4BR@=t10&1w8stKRVit5kz8tTIjj4$z4K9sCQ)nF^Ja zl&>lL4~r&HyO=af)8MFQVBdU+cO3kY0ato~s)}mCJXQ;*EzsiW3pJe>xGcW{`%b>n`PtIKjFJy6$E8FUV?p)ApfD8S15f^&l z*XAMHODE3I41Cvu@26-oF-%fa3bq0tz$r)nE0KZuvleN|w1t{Gah3wS1K}MS6yz6% zTr8C7y!m}Q%V&cBtc9u~XKXe6kwMG%9Q%(981_HMzom8S+%+2yt9#8M>V*7G(+)K> zZ&P++5xNS0*K-^hh{;gAQ@4ftgUic~%OXF>aqvI7XP*x2*r#e@;1)RNWb(g6!=0aZ z%Ypd<4z|GXH@)|rzg&UHfd_xXJrG&2*gjCSAlF>V7VIVR+GnL z|H(xvE$;8}{r?XCwzlm>tI_|?RR>j8O%8_*sHxlN#C@p|?eQmtsXUQKzUmKxtPW08Zu#eVj20I_rnJs4b#!S6OZF<)=|d&hrWZCifT-mzofs$&^uJ+{D!{Y2|I218+kj&a(Ii| zET@m8MxW8c^L|U)o2#@&lopTiNs^21vT_!lxWVRIa*E}X!tKf|KlT*)!x3D*Fs!k zu|L@VC;X{ZJhN);L3ORB=F_>4dIR}O(>ABpZ*iU*e`59?9>?&H*& zUY)=%ukXf(@IEB+vkAocZu~vHKGyGJCs8p0vGSQu%>q8t@b`DH57J8N8gnNu)_ec> zlHLV;>h`0m-*r+g`{3nxzpXdMZ15TS|8MNPBLnDdH*!<4@d)*G`YZMybK~EGw+D9z zdm$S=y6<`P$du`SAC^Kl<{ zuU|Yi!SMH^Zn=V91s`e}zToahJ$w1w0R8j5@05;wS8YC`QXFs9_EW0cP5%?|_o_q0 z;`Bysfva)5dGCJ}rAr ziwErQn=M#FzeX-SAdL+hiTUuMr+ol6p$;CFm@t?6PA+kOZyvz%fQ3`%Yc@H~zOqfb-dx|EI=VZjDlZSzG5B~XZ!(V(hjvgpDIs8MN#Q<}cg8w4&0Pvr&fL^px zIJhn3ADs^0R|5WK1I!QnJpQYz-xy}P-+}FKZr!8867yplu=C`3J@{MBmSnkGkNuAh zh$b&|*YivcQps0x({j-NeLDHW0Ug}651z6`iP)idY()Znoe3cvr`OB+z2X$hG5iA- z2ZKK~ta<*_u&86xw>E9!63tr{q2jeil(Y7PTpLfRWXma40Y>AVAJvZjt?9AB=95h~ ze~J5~f4_#OAh_BY(}V|K^5K_?cpuX+3nGErEI?l)|Z z>3eS~;-54o()Z#5w&4{*l-hJPS^5Yw;$lMH`q981R2%ZNXiNiOKO$lHklYls2s z%bKV!HtKu)Lo9lkO6*;W{s;O{C&KP~V*{4K6PFj)I`+SYT9k3VKjH7z|H{0d^8d!B z&GlWY55V{Dr&h2-c}3)lmBfA#>EKVE#@{jQV}j!q3GT+>n(n3&3x>hrMq&%nz&|@B zi}=s*|G|j?s||m0y?FY0t;frH{M@If&lj194UDCyE0p?$)vl>ygZ<*Uf%@#*IVx)3 ztN4x+O6oqPw6&+?+H^{#TYpr|PI}<>{irVD@AcRK(`&>37qK7Md1S&9@9*rT^QQmK z0e{2#H2(+oo59p`dgJ_`J~kV$nb%U@zJt68?0@D18jKI2SF4DcK(_S;_SA(f7IeW2 zBoil%rypS=eJJz38c&ULvb)X+*D)J;aHYCbL;PP4_I8$24-NK>REptWQb!%0e#of{ zsD7%iT$RH5|oq(`Tb2d2>vlm`BLb?U$YV!$8NP}Q!4@Fd02 z%kA#*vpzpN*6Zm$hJVQN2>d-h0NwY(_D`7XrO3=WCA1t>Z2L(?w4G2QGLV4`oyxa%_P0NpG@x&HrHoJUovZbGPl^-V1lb)$rbAww$w(=iES?XlJ7x^xeL0f9Le! z=RNXZzQBAy>()amsvzb!{qGeAn*KKt16p6mFJb_T1IYuY!f{OcCw++I0G=AhTx`O3 z^f2cp=Qufl2mj)naz*eSrYB^piW-3{Enjmd%#b(ypzp%v)LuH(+Pq#>#Z9Mm-{QY= zSEVX*D^K%3wKd%rgTFe+`;70esHT=t(xC!+yc4ngiJ{;ZoS-?#R-ENRbR8wLK@{RJUf z%(4Eb%+|w-YC56F){}~CLk4(EUVT!T_<>?#VAdLPzuQZXHN zPAR_Yq|(=)QUP&5rNsgC!FzmwVd2Df{~-=A{5{8fg4z1b{Oks>Gt5_GySuR^oyb!M z^}hCAr-QHA*X`KP*w5NAc`*B6f7{MRzP5(kB)6RUZ~f2kCkM0`&^XaNdIECc0X#9F ztH%fUFZI_r`p(C_^N};7GVcrenLhhY6PZWwU%WyUd6f?S4a5NT*!3jh?yMvi_>vn^ z3z!N1%fLUm69ZT-xQ_SU$p`-f{+>9%9xa|TTW>mSdfmnExAQzLVAu2m&r5#MfNk-dCO&T_ z-n8$x@^kjHCL>)xlLzxf#s%cmZ6XHPpnCBBc?{T2FIF-6n9~>J#DM6&;ZF>hOs@PD zJ;&d^`9A$>-#Rl&b9l7=)TPtsQokz$_XZjM4a8P?J#j-Rv3^}?J-pByEuA(`@u9Km zYTKaZnr?DGIAZL+;a>{=_Sjqht14H2+ztL6ojcV+&sSbf6TL#6#CvJr1wZ4Dexjoe z_QV?na99?1SpJ?uZ0Es02|FJf7VXr3&Ho<*|IVg%xD9%{10tPcGd&h7hQl3&Q#%e> z5vhQs%yiM~>a!$5Gv@lMsCA#R+K#Ds)p2DJ`xUJ}sY>)c9p9h6;goVVoy7jT^8kwh zJHf%`q+0f!RO?=PJJ9FeSpVYV9-nRg-1Odbx(&=4d9K<$r&L3JU$qPSLX2t0KCb52 z*K3itI*!SOM>i zol8$%3i!jnP=m49znGrV(wm$(3*pL*3 z5$i=TrxS;K=2OQCW^T*4ycA-)l!zn;+oUjZ`H)EM-?q)||G|G%YdiTuxT0;22OARP z6|4Y`FTMZ1^tH{OwnTp9enHElw0L1KxjwTKT}PDHaa2VeN7S(Hh%!5mD-WBWi{H-$ z`=TvBs$v^hfk`XxwavuYeB4$ZJ9i(33;ZeO{{{A@`@Qft8{P(H^>9ixT*TkAua)xsa^jB4T|cS{d8k2N>hMAJ9FrfD$0j~Do+-1CUO;R>gXR6i z{vH`aie0f!A0t)>^_A5HIWxMK%mgQK*QURo#r!~d^o z?@%Z+96k$tHS_z~^rJ6RAT^Ej1ZE(>KX_#nwx9gZH%5WP8l77YsC(NHrPc3ewxL#a zt=pAMO|5+GQI%q_E&neEhg$TqnfKXzzuA4`;dY_-RtNe|Jg`R=Jn^3CzS(cnU(@?? zur;i6$uF|WGwq~rJgF>XE{DJEemtc-UPA%$U_a}Yho9LA4>Sy(*Wx!n* zZX_?Tx_EvM59HYX9{eo^oIiQ4K7IKuX9jWhN6aT82R4^7j(LYt>#wE;VD`VUycu86 zObn0>H&o2m8p+RAI`|i47OA6k13Uq_AGY74`yTt>JN|E|U02tQ?eA#Y?(h>?%%v65 ze;kV6kB9sB_l{5?@p&>_V?%X^e5otN82%2YPdux#91M#6T+OlSij)VOXc%Zc% zomxt5f6k-@S_Z!tjZMkRDACHLLBx|$j(mk8Ti(c4L;G5F?K-OFEk{+2{amx@pwh~= z>dWQzni)#=m5(!#3zH8QvSRXJcA^-WC_yI5OfL9(Y{6>! zLC`^XwE9}J0dD*)9_VP>szPQxECzIZfZ2caKaUu|f3d&bf8npr44TcO*<9i@;=gbI z@lWi0G4lmK>A!J7SFM!akIk-$(yTz_gT{(PF^f_*0kK z(AB%$C{2V9p1M`2lwn&TVor)8%n>r4}Kty7^jGt1^T&=DZ}6NKY){vnn$nRL9N|; zRO@#h)w-=mwIXG$UYpse=?RB5BjJEvoK~fz+U;t>?sgK38TP07e{lUzbzYC&+oPw3 zZ~6Qh`g_|Bo$9gurpv@_;O}4#?yEox=7iw^Py2u#`)^#^-=F=nroPMEF|%m1 zz~NZgdE5JThE*q+^^M&+nU!=E2>v9c$@z(2LCdC zwj#&yub}^{g87d1zp1NUbF`D$;P&P%Y9?OEv^bQ0uRw6I*$!V~vqa`~>T9}`Mn6Ib z^Eoz?A59Dx?B$Oih=U_E{4GC-Ra--|4(!^=%ox32)CA|yha8N5$U&x7(C_9&O?UC^ z71S%3<3TRGsQ-3u*shKHk7z6N&|7yN#`d@Bl}Sz9XG#8FL;laq?SibM`ea3&+R^>h z=&j{ip4yM;_5UyYJ^F9>V>c{@H{V}{KR5fI55a5sWh|H*?va**cAjuf1RR9rpNZff zM=okPsc}+fA5zzzRGQfcj{UyzRAD7sR9dk?#-pEsKQ#c$0jwY2MJ=c|{#FmpPRi3i zUwKVa=m(ww?lU>l-~C8m{_XE7NY8U{{z(St>CK}*i}%^$!Z2niR?J!A^oq2Q`D9AY&n9eCCiWy6&Mz7{4D^Yj_nbBM`2AXJe>8k=DD#Bj zE5qPxmpi)e#y=hzu$oS+8Y-%_W79TfjhOv{)AFW=CygE<%OU5^T*j;tGinRz?}794 z@g{C?71NV{NZa-w)vi5<6_>S2qh3nW(&PgQDLU z=k$GmsiWJ}X8xND*!Mj4-}s(&$bk8O%j+!0FT?&95?f}Y!^z-h7{_;>a=1ssI+|k~ zR4h4Z9AA%gcuDu?3CKYrd8*?p%wOxc!L>#6%88^!2*F?wH2FL{Zh|MZW$${qb@#$=TBCmHrF^oTbQm!`!R${(yuUzaXm zJ`;YffnFXvVetR9yCaC69dG*9jMFpxJtr29r;HwrYF=X@f1?P#B8|SFcyg4*)OUTB z2FnjFDcC!V{E^jsQijg z>Rm5hBRaYkyL}peC+7RV<36{Hxc$HJb;jYXG9N$;Y5AP#e<8f0`E!c{%)Te~=zDBC z@f?_&Ohkiw3^HIRg0Guhh($IM_*us{;4>U~;A`=j%z^wH{H+(jPM*bpP7cru|FizTvM=Hq%tA4BM)Zm4KhQw{T8 zaJ?mlJF`TkobsRHA08U>h~e7SKy89!vny%D=F5pe3b0MHrY%B#s(7w$Y{M$~W5+|; z+hTpFAx4`F9R03084T;zX&78B6x zQ&Q8Yb-NE}$L>SgzT=?2o?fU?e{kv5kJst#X}k4B;BifiJErfVumPFJ_3Eq+)vQ0p zd=~Xw;y1JZ*5~Qz^|aXkzuAB@WB~j>upn&=Ic^dcnJDT?P`V2XMQb(e(P)i$Bu@|hv09J(wMlQ! z*sqVhkLlwT$22wSs6JiTs;13HwFdkx=ePbJdt6U1*f#L|Z}mUJ-s2~>ASY%6jQ=wZ zpc8vyexQ!JawT@a>Pw}>@x}q<65C}F`)807q!Ry`ZMS-)$w2}#U~*A~&nV#gNqo(| z=N#}4&R(mk)A+*$_2A!VIRNt!C3*GAKLdYc04zh8dHnJ(Z)nQj-$e%g;o$!*{y*Hy zhk9x}xk9e$=>;$us4HnuKC?pgrPOQ4zap$J7>=+G8&O8QUkvVsy>rMP%E%!ra?2e1 zpBR@qxv8#;-44hkryAZTEHKHbEBoV{gW+czt2)#O{#Hj`G;aknNAwu;X!ytAZyXu0 z-3|1l_$~2;ld4t>{BR9EDxbd}h`m@mV-Y-`^>xzIGj)k(6Zcin)00@-rS?@j)wO1y zUU@G`Lmo)ckTKaB_E4TiKV7b|FIDLe@3!iN&o(mueo%A5yVbVim@|{*?8`CxP5ib7 z8}7~l&*c98lP&mp9Iy%*uvoAa8E|+&a*Qf?9+QI-e1h47e9QNU>oeEj-wl88O+@#T z@e8TQfPHMouusJY7-t=pOAbIi&7A{+zs(1r|5gjO9I_sIGId-UJ>fLz#ri={sK z(<_?z<~y4Dch1}I>RbGO$Wm|WK-AI01vmr-B(Ve`3CLdb#J$T1sD8nHtUagMTrz z{0s5n%jwe#VsA$vwF;ZrH{9)n5fesX2P)}v&LSVJFK`NBMWh!69r*4MXirk5s9 zS*j@F+@;Y~iq0U9fp^F+U#*&w7K~;99F~M}YMLSnik13?;|(KZ|(oL+~H>>RbBox#z+DP2&H* zF$d*E9fo~5q1apOXFT;5SGx6w!~c>0Cx*v6bJU5*Pa^qPI=unL4VEx7Xt>*P+kZFy zN%3h3Rwr(*#lI5=meHHw4Yt|5j+M)URgca$;`^LKotHER- z66{yPJ(T7$=a^LB^eNV%|8dj@W>22y^zi%A*Z18wvo+5vOtw$$Z(j$>MW1OgIdXgV zHm%$EgI@nIUjs%ZYryCX4Sq0JgC5FI{|6E@?C}B(|6_^Xm{h8^T_@RtL*8z<0CpL+ zcNO;AU5ovx9`C`|9z8Mvj6e1A@UeXlH}CL4R@b$hup3`uHH9{0tC_g45gBN}Cp3Y7 zUdv%c6z*1J!5+mF?@@O3K^0W*mQQ@QqRRHL(+ds}?9;IU`S^^~`aN=$&`am!fMy45 zM$mGAHBKGSaslIkojPC-{?_lGL+{?d{`xn4@zP&4^0r&`=#W8r`%ljiKP^&ZV2GlF zvAe;M9CVKp6B5Pm*gTf)$qRGhaqF{+gO5pwNOWYX3>#41gTFnN(NC71lHJf)+tGu6 zH@RXBu|NDQ`kz2QNC5Xa z1D=n8@uxnY9{e2{zz*1RSS@K4GSJO)8pqg0OwdfS@czQpdVbP+ed0%)8hTit1s>4b zi#F>spDl_j{XwY}`@#N%ir1e|KHOmmPnu6HBQ1xS04E3Ng+Kb=1lMMKn+v_l!5&(^ zW%_S3KRMXV?}+(6dEw6*apx@>eQ$q_9CW9?_~<cTNhAmP_R46mNC(zs~f(8#}@N8FIWh@-?gT)MNYE z1xGK*YW5GL@VBGbD`CDrh<-gUXMdON@G{;phnU0#w_6MM)KJxi&*;D(#M9Hkd>4Ly z;rsy2U6KgC|Io9qO;Bn<2d7J~f8eL5UhvkF&j#t0H#0SOWVj;({YNJ2?op|_`~EcD z{Xm-Tc!c<}koT(_UbyX`!?9<;%atPs4*uZg*Z^>}{N8=|8umP=(EHK8XFqGP zpz(rMPgo27j6rEVHed|{C4ZaLs23*wplR{Udls_yrR;=4D^6-f!3j-IKCXZH{h*mq zTU7_{76+E|2PzS?a+(X`vurM~CkE)54>TKKJ>sqKE)EY&4w&P_0N@YycBZkr<{wWz ztAV#&uTdlK*630Fb?>md^zxschC^9|zLA^zA_smU)Kra=3n3?84F0xH%la*>*W%0* zPkxYq??@(wNX2)Q=9eF7t*1|@4*w7Smg_}_(%(UEM{RklJMYH^*!+?=y*?q-1bpCb zg7FbHZ*Duh?BkX6Ce%@juo?FTeyb9-P72BM+Xw9nbfj-{mhT~HZz`- zZ@sj=@W=MMV?Z|#SV|6HyHif%@92LnGjCJ%*M}cf-|Mde|GpZ1e}B#Z-G?oB@cyA1 z_x0!UUk(PyL6{HwQ;>z_^A=+NgW-X~@CD)U^!N#6!F)v=ej=XO!NH$AAw43N{G4;2!9NHN$MCmV-GC*2aQhMT zCe%1QqZ2b&EQvhKoyBgl>C3ffuD`}l@YcYgFX@?AzEPs9Mag;X3W_RM|GQt;$bnzz zzJcHCzQL1q@8B64+<&Hq+_O+ahAq?J5ng)xUuAmkqc}|rZB$e>yU*H=DjnV>js76R z-{t{UQ~$Mo;8nzMR)@E`u4-wyp_COei>tmpT)kzelq0UO@5 zS3{o5)L+MKP!#$eTYE|~(oSeX0^Ah5#J8MT@DhO~C$%{9g#I*ntqPb4Y}#>>9ewl( zY(K8_67p&X|DGC<`G3m+cxH#Q*01v$3V7%TEm*p+47KsZsa3@qb|S z07nk)zi)ts5ACZzJ@*7V-e$q4tZ?LD+1v$iv&e!Eb^$psn-CQc=J*JU72=VD#87H^ z*nrgVXcfE44!1YJsn)|uf|>0rbLP^BM;j}C!oQiCWqxj*yxBuz_y;bre*NY2ZTo8( zJfP*6S?qwSrQT?}Z<=^Mdz>buej_cCFZrrH@rv# z`@N=-{XW)x{Xf@;exGY--_Lc=U0-U%!0{S3aH9GS7^ll`|3H8HK2iR8_}Yd;N^Ux; z)RyDme^M3XWj2p%b2)Yz_K?dHyRQaE>&I~)WW(_7Ij8M}$wv?F&d(z^8}`E`>|g(|1nv`^0Q#q62Cclh;n@C{(yXd6;xp=Q$pH!~a z?I+Z-o7X|Cl2N)A``@bv0PO48579up-3IS!`|>OYaN|!NK<;EQK(M#J?(1`xZoTSq z-8Z7I4Ex^4Y{6*cV9cn&`t*Z$sQoTtN5mX@DSY7Q{LhpFd_;7B`Gs)mb`i|t!S94c zsU*Mha67v1!9ORp6fCVyRH-KLZ)Ass>3=Kr>SB79EdM`^Kl^HY*g3U=-3+zxkU7+i z>ahK`1FH!x(fo%mx&Ldgex!keAJ#YH{dMt$V|3ncM(f>wEmaJAql02Ab$8#Fb#K29 zG^Eda8g}=G8r0`~4e$3U*nh4&`+T5_uXtH6e(a}!ob`$*+ojm5AC!gNkE=iI)_?j! zTH)^6z^#^iy>2J@!2!z&tWE^K;~e{#bC}OLW+$v?%sJSJ)#MMI$WS|&b#6PVu1!Z2 zSFlNUKbD}8Pgm&aH@o%J`y2Jw$%o*hj_d2-;~E!%4S<&%hdjK$?5JkoAEpH!)+2Ah z#j`)9br&+QLPxxa4$N>}R=f3UgYjwl# zF4ai<{sZ9s!03Ue&lu!k44*$ZdXUD99H6Hjdq7`*@*#4tSpG|wD;PNlS>Z>$Cg8Lz zL?H)p#El8T^zb1Al_mA3+8eM#aDOfM|BNK|jpSCVhT3Ekw%_n??2*$VzP^C|4F`Yp z-g}N0GdkYH3UL0^nTn_}*3)ldbH9dvRY|jamWS(;k0xl^bU(fR)^wfo>-%)x*<*F# zZy(hCV?WTunX!7}$#2xJ&);-Uzkg`#=&v=X|NFY@wl{UfWzXr{i=WaT-&-!<%q|7F zHY>bruQHmCDHFRNT?78@wwDXLHpy!S?W7Bll&uJLmny7J&#oA(bw1N#jp42Z_^L!ow>*K z-lAjV1;_O6oMZa)=i4>In>--@pq7L;(FcA6{OM&P#xE^nF5Ix^*lw75Fn9Y^-gjcF zLh1l{DLp+v*k0=cONmR@4Od*LYc9E1!|&>O>P5d5yH&haD#Y6tj>b3}c>915B_ab2=xS%f8aMvDuJpu0XHP%_ zJYaJr*!RNUY8AF~%8&dnXpx^Yv%6s0LV6Yo*ipnBGXCE1Z!o@qe4&Dw(;#{~W=?0f zLr{iZe|L_~K6jMPJ$sBUKJO7-a{i;b__vSfnk%2y1;2Sv*WdWO?!EsLoqg5=I_sP< zy70QE^y(KY6<@ZITKZ=BWNuJ&`5tA#uVl~@99eNt>DYmExR+AnXgiOp2K_fa(D3ve zn-%kXY;s|9L-uI)qG>l=5B{QMH}U$$qsnaDuk8B0@=sf(5idt$`%^XG!F2T>ouhlk z6lvJQH1F{-``Cr37EiqGl@93i|FT6m5``!98{0BO^ z@4vQdrcPm_2|F#gU^|=fL$HF3LvLjIcK@Ed&Xvwk`r>MOJV!L z-*#Qp@q5N41^LG5yYJ>GC9Ot_Lkcz1w@^>MGEvvu@|-Tb@F87z{=>TN+CS=oiyqb+ zAFk9@w?D6|?|eajdT$mO)F|KPf68|#BxjSBr>$2Ox^MWWH5>ki!2X1Te^BXeWs?gU zCuDeOU%5ec&+O8lR%t zP3%!ygU!locJ?TF_JetL#hPvHY}rJQ4)Ys5Ie_^A+xwH2l!ZMUqu-r>zWUsJjUE_< z?RWIw{b;t|gTLDbm>n<~Fk67HAU1elByuuxkRBUzub%(Iqx#!RFX+?v{;nD0zlAH9 zr#5iv##X!SKlroftA$)ru%%~_&@Xi*}T3vQ z!5`fxmT4weu$?!>xwQ)ROVE_bOO%n-pp~)gJk4CIki0bt%WBcL^AhyucjxJ;zs=Tb zA0tZvW%_hhqN33CtmZvRZP=ycy4?zPfql{{#aGf7+yb|X?x!|Udj zoK}3mPIYtV#bW(EUlzxu!T0A;yU5qT`?A$< zWQOh>k))x|`YV$iI@RpYPRg!lKj3P5DA)&sUpY6aUa{7)zLx&>KG!~WN?E5v-i$Nrn2YHJ36II2057qF{irGx)+{C^C*QWmjF z9(95$`aP;lcIbDty=R44>^ApLrvJxRNh#F|OeNpv4uy=CgDS$u7If@aRN*H1rma>| z$u_M_Tc?Ey-CCZ$PT|Fy>Gj&Bn6hn(E8Y&j+M!Hh{%o+%ME6q~Pbvh?Eun#3oOwGq z+m%V}#q#dDohQ_QzMCzuQ^&Dfyns2<8tS|DaV3R;Xk;s^{h&VdD%JeNHaNU(j_d`c zcVXKXDz|#8Dwu`*YFZ(B9*OQpYsly%4ZJs1!ynAo&@uTA_Wg##QDYkh-kYug*opol zlCc%>>i6JEP4UfE_1Zm3$!#PCga<~a>d31-J0ct4*1Fp^JMUZG&+0&#$u9ODe4q>e z_t&}-8!)*4?QlTE{2n_%4DjFs|K0`|{vNq__`!Sh$k?HJ?BU^h^6`;+_NmeO^K)bM z+KZ2?6>g`C*ssIz2j_I+KeORYe7za})L=e}*VqpJ)~h&o@_h839DqDvAvL`MY75cy zeVXsDL;r2}wdFR2%#NkA8#=(7nZyO*>^rRj|2D?+yR^!GDZi zeep51Rkl0Wx7U)35Vxl#7Ge9_)k4kJI6RYsCLTMn{{`syeEh%pecQ>ikXiF8`2H|v zx#}(NSFYxFx2y5XT|n&4Zeh}?DD zpOdARKJeG{#g)2e#3T*sH%UVVPS-ty=IZI^LNs*5G7TE!%L(i`0UC6VzXlKS(>+6d z;5xi@?|t67|B*Sm_wg^;3&*bCNM`S~Me}}jG_7;utOEKaY>%?-Q8gc6 z_|Kj(Pv@imzx&O3*nsoYzt2q?bssz+cEFtj3~=<^qw8nH0S^B6=qLO~=noG5qrm?` zNB`UC5i#9&@aMIp+TF0Ggz;wXB?GT3=utEnsUG(CcuwfaMHwH#6kem*>7wF>L^DXCzy0<$+N zrk31}p3D5Mqe`jX0Y|h}DFwuRRn*a%iO-n_O|3tn*owoNAG<~&Mf>=9d;-29y7I8H zsl``7?pD#qXUFD-4EGZ7cda_=$UzQvrFi{uYBlteE-lhck51PWL%!5kiwYD%e6lR2 zi9D`cGnQ0p=&&GSuC1u=CEoQel~2Y+Otjr^<4a=>&rfL{39{y!gjInMvz zvvk?n=j!rv&($>-UWgyK&20zZgMXO^o@oPm+y37_3jR;rr{|u&UoSoXkY0P~akZeg zr}5{txbg2GFL2v`ivvv#I_M3wy}=8nF4T%ylFispOj1Ovto;i>UJt2dzAumx6{@1 zeMle{3r(Q6sbZ^28V{fVD$Gndi`7W(Wb7|9RDiKSX`!i z27eA0^#%BUu3>#Y)BVH0(UXsY`Q7l7cYotPeS04JeXSAwzd|0q(2)KgYwXx>b=5V` z=*kZUg7bCv?Kfx`oWT9qg8N7Hb8&=&+P&0kK9{gLuKLh*U0*S{|+p+1kGkgiSdrxN<@$@CkfwLEanP1x}>cQXY zgth#BNp2N=pZUao^sB_WoS8zyKb)8?mOAO8&@#oOG^nHs{3|yrn%FQHOv9_-^;_@( zA|L0|pJiBE zEKrUuu#a=Q>Cd1?y98Nq(U+4zyb)BmU9mh@VD2`3wlGhVR#fWK+1Z+8y1%kgQx+Cu z-#nAeD_I=aT)SG`lue2#K`(Pwac@bD zs;jxT%65@9?^a&PTICe3Q!M#eKy0&Y-)dyVF$EXzCr{W#9zmRqJQycXNWX3|wf9o6 zckDkt!DJ#2+mMBP#8e$3hCG5jI-q4~mm4**VtK&{D_=dT`)%yE4;rf5S9j!k{MNjJ5YyPNFqd(K#cfN^C{GD3G8|ru4tGead7x?}oI_Io=;WzKs`R9z* zC6|uXV^4mp&%a%%cRrlO-E1LB!oF6J8`pxp-5F>2o4+&;$mTSA<8K^bYGRi9_w9#F zU9N$5->zG4yqb96SEuFRa%{m>=bfvoe|x^Jx#+jL_Tuw(-6a?5`b#d-jla7@H(ha= zZn^pj^||31^}qdk=jj~VEU$l zi09LY2dmkUV0Wj*CsgX&1*uw`yh*_&2bID-n<4RaDxf}GTTSnr&C=IzQx2bJySkK+ z)}ralvg8%dj6l*B`4{X}40XYfq}AxMaRMjMbNckK_tuM3vd(m#o^E6!oBsVMc;nRi zqY5qDk3Bjh|LpDLqQ}WC;1wH)35YT5%n7a6fH9xz><{_|*Dkl{b{o}s$w+N(5TL_dwB&eQ*{TXZS5;3DMUcfUCs z{Lz160yq8_=(>vy|4Ve^rI+cZ%YWB{|JC4sBfjhwYV3V9hI-Q6N#ku6^N7`btoGXk z&UU9;gK@v)svaNUJmRB_4~__kXGhI6&6_;e!QbWynvE~$!Qb)(yI-aVUuO7E_<9C$ zApK1I?_QDB)Ns(##CkrjbvQz2H$JhU-JcK)79pia6jQQCexb$42R5ggni=9p+F@zNER4BG(QNn7y@l}Y1J@zkMcI#90 zrhcgZIqN=T0le|==btkcogc09&L5>w552GNW=3g|U#5bih>h8uo|ajw%&a_(WWa+z9N^e7V|3?jH|W0m203T=@V*)XhSy(tsV+I^ z*Sh@t-{`6f&UNel#lLmy|D~7e#>>DTyKyW119#qZtp?n26LIUU^pW+^_%A+TR}V6o zoPXSS|2D%H%w611T2GA90@f|?RSx!i-Fp99$x)(%lj!}QNe}p9@UK)YGHdyw;cxMO zSF<}$aPEEN&VUJDPsjh$&&1tuUJ;dAnY>nMY20<_vb%G+H;I@yE2Bo<;2&6YNI^y1 zuaUf3kumfVAdkkEvztt%?9_9?p~fdwC_1)6Q)WbKX@tcL*z1x*+@;wC$GX~yFT$&+ z4}rDWdeiwr!=4;5lK3L2Xd6A}yA;sb`?@XDj<)rliMQ$etG*8T7H}v zw4>bpc^KY#KXJk)EsUtr`;(*f(m$8#(LYbofcrnt{ZBEkwJ=2?+zA|wd`2d5w;eic*j@iw6=4SoxpnZkEe`hfxyJ@rjM9#7Cq`yy<^=BGneD|M zL3R-#vxdC~|L&Ic&b)aceSldBE{*?kD!u60%FQU(ittkTk^>axHNX$Iu(OgqGu(}m zo?5Bp2_5ux9aLb!K~425QC?mX`a!O2uYn$!f;{dYO0QB}Y>9${^Qb9uFH)o%|6p`D zCbd zAJDT;KTVI!9prg#{D%YE`GT`9v(#tQtOi#p};C~PLKTv}Q-OlH?YVd$t9T^xsx*zgztFFHEd}_tS zgBOw$T>4vG@8EyAZbtw6+y(+>!JW&kn(JSz zVD482GAFmFY}la+>W$?M?Cq)Fr3~u8E3$Snb4rhA33q+s2Qsk@iA5W= zAgq%4bmEZwHOeU=F5$R}R}+^qf5U4_Nn^jJ#jW)G)l{xxpF*WG>z$ftyBqBP!UlNs zpZBaDuDuD~ti93tK+2d0GEU9#FL3n#_1E6epaFL|`fu^y0D1xX-*q#2!A;1)EgCuE zE@Fg%8Zqn+@`MX@>kU_M=o`8GB0eVuxaJDI@bvGQ<6p|YKK3<)Fmp}sXI>IJyXe`o z_t$z*nwd#!s9KG!rpF%KTRiylvGo904XBD<#YO19_4C$}_nX~!u-dqe3jkt z(=PuA?mfk~=jQWw(epg|m{U?~6d950{C{QScXbWSeA4e_@xH~rb;xs?qyJ~(Z+yA+ z*c<*9J6qhGpGFMOqyL$yF1^kC*TDYRdipx=2ZhP~4RLX2WP!OP~@445zYHUFgh;BTDaY5aNp#$|fX_n{v#%$aeE z3T1~eeT7zEtgqnCTmoDZgX1)cH^uOJ`YrsX*YwbFHj8LtBx=f(YZ z*^NrT2j%9}DKEFdIT_f?(2z7G$K|6>rD_0s+xb*S{A_+KC#}rEKOOwt`tP>=miN_z ze_ah65cpdi&~~&G;yW!4w7b8uQrQLZ!AI)f?{>%b8~%Nm2e|d7tDSTEE!Q9e*J&i& zpYgrM0S|@mvE1M~^#4wHpy9*|4~`zJzx??rO&k9mc&wlwI9T}^_+{e#ic)Miy9%4x zSJA70GU7tVhtbaz2=>10 z`msHA(cx+M`+5g=!{6k<`d<82Bx(V>qE)@gEBr@jqr*EqixeKXDb{qyjcOUv&B!Y9{fM~7{00Rt#1799f0272p@0-cHMmY74U;s>7Ic% zJAALzdmI@cKD_Cg-|6}*E_LGnLFE0`2lUJnWAw&fU(l3s-zX(MTKULv5qCT^H_)rb zzW0VY`e6VfqTf7IW<2|?C-??)!h4w{kNSHhQIYQ zhO^sy3B5uV&&EWgv%lQ>1Ppt({uf~nRxFLB_oqt!S$h;5OYbRi;l>{x3Y$|%Jee4s z%`O=icjlEco0hK`6IW_B`WTo^92QEya-rehsU>mDspKA%kBbwBZ7=OoF5Kf+6MYpB zLT??qYIjx7M}CXgjbP7j|C{Nmomx&6yu*svR`mXmR`Oi)Lff>`KU+}|IrK}@(-_2_ zOI|}#e1QV};^}cpVrGin=g34Gxr+5nIX)h&v+=LCd%qT$HvexqkKM&oiygIlp{!4? z4*tbIT#MSDH%@|6|X#IiDKl2bW@H~CFf9EdnW^7qKvuN!8 z;WWUtR93Q|Hix-#W|r!mpYj*)InXwf6&wLR2?>Y6AZBG1OL0;g||M>6} z?x6LO?YN5}4>$vVatG^s^nw?kQ?xjN_52hgV}%Z$NuMK5>v%-*D$+?Y(Bwu zQq7s_r#Z`93dr0eU$~-ja@Jz*;9VHATFbK!XlW967htQav29D1Mrp#703{|+Ur#S5 zht1Ml_>1-i{2F>^{Hxm*!^we5MQOK|#&yUC?3c!G(wxQkNpiOYVh`Jk7#o%4(eiEJNes4bl*6@yY9Gw{O)4%{R_$SFQiBKV%>4` zRm=$B1Hk^_u~zp(4v>Wh;QRaEbt8QPaDM}D*BJT&pMGK#wf`se{@X8+mvUEmHuHMi z^-<5MWA}GW?MArD24)u7T?GDhaB%LK)z#`~-RQ{Z{OL=a-ExjUGrTw^2VKqV8;1Wg z4#Q4rY_?|7GiLMcaqI-J8iLJ;*zVdoJ~p0c`NA;GTArtcQSEZU3)NNF3<=K({#H-S z1M>{>)QHd&XTH$*g!!`q!9Q0kQ?{}o?8UBydq<_CeCN~VQ{)L+meY4m(dp= z7nw;6Qsm6S#f7Fhy9;eET6f1*r%uvHPfa7bZ+u<|I~47)n%9?r%_t{+wmYFKkxTQt zPCb}h%fTPrDxt<+ztc7kujR`}FFcAJ=_$p(?qD+CZ9S4UL+R#1+8sR!4^H5JY2~%Fl5duv^VBquH|qoK zeGLCD+X+XFz0h(1E z$L_bB&5S?_@mnmr!yH{e2HZN)!2emoE;v8UpcmLHf_q-Djm``i&t-YB#R55SlqvCf zN~WG*JCYM3vzaLk*G%xAAJXW~ulc(=;b!4AH*r`dd$%{Zka3#R{(=yg<3 zJhSp)PX6ZTzHxXKvm!@LJdfSmoIr1s`7+y`l8WuIzG$=eW>1}7V2eFC_2ju-?ck4$ zIry6m$Yhs-ga7Bc96o>GfIGMKvtTl$K+yZ5THtV^ZT;hN}owmZM-8n?q;t|vEc zck*J}Uu5_jm*wm(gQqaNmQR1T_4(SVvV#mX*V5xwOnoPb8Aks9%)~rq1_PbCf$a{q zy9n$aYP*lj_R?Ekuwdp2O`jP-UR}=f&?oQl5xkET{Ji;*Xl%d9lEsnn5n1?*DD*#1 zi-KyL+Jfyl&CY4iVt9mf_&19&tzUWK_p^|f3`fpf)G8Naw~`_gsJF9+oxKMw%&9k% zi`Z$bLgv6NEUrpZ=W?Igf*^KTxSTjVDTdg-ya`>;RG5F9qKIpQd?Sbpavi(h-poEP z(|u&t@UKT6Ban~uM7S*E%6ei_(f=C!y*uV}oUgS*8*&S6&s`fT`5p2SXx z@O+++9vSr3@e}BZy&r|>UnFsq$&}?3iRj;oC9#_8l_#&@3MW3a{^Lw|izWWdFX0PJ zhJt*fi9NmHQi}02CEP=jsyW!AdT?wd_G_u}=)PM94F6i>V8P-TUXQnPx4p$-Y5Wg4 z)M6UgXA|tl&e|39H2Or!e?_PhpPcsl{O@M_n>d!&_;`g9&(&Zb(0RU>o{aumO{+)e zoky^@y|9hMx!vGzJ3$Ni-8_7NgMVg$-ucG|%u3PQanp6WjXK`t^nqSV|BnZMv;Tc> zzt-vZH~n|pfS>w)o_Op&x$&pxAN=2Z{dv9rkH6~EPu|qlE!_9nX1f}(f!y_Lr?J@` z2WDooUz|IjtGLs)ik!f~A6~#_7cD1GApa@j_sWr-avlwT+Ywt^3SWcnXT)$Q-g!#i_>jJNXc{Ff7>cXEzSE zASo(KKFi`Y7yIuWSb)8(aO5Q+mihDmW^V8=)_=BmfuFO(+W54*v_knU34)IZR5vlI z`F+!Uv;C*_ztVhIGx7EmdYiq;GqZ^|+_t~En4Rn3@6FtEFncR~*?EuyPrHiV?pAV0 zXGaRSTMtD8a%=ljS0MA|6D`NDA-+s=^xtxRx9-=P9KgBObL_4tlcQ34tQ`EQtLJ62 zAB7z)e|_~0ddV&z-@B4?g)Tbl*XaK_r}4l3cNb~I&^}Jy-@E_UY=HHB|NhaDdg@8H z{eSt-ztyKclB<30PhF;U)x%@sfiun4R8S#Pg^YP#(fR_%j^e(&#onJ zwHPpte5SOh70leHlpM@_fZ?Bs?%U4Kw74905aklDt)x#pQN{EH+bIJ3BJxDjt3@-H zYvQ+aoxG|PxiHzNKu)TOo9wOu7dd~hUyOsl}zkiQFu ziR{Eiregb>u`Bgjwum|8<>3nO33G7oYA0{D-U*)1`d{qPIPx&KrI3I)#~zx$H~f>~ ztxf+8_gZwm#tzum!Mip#ZtTIo5l)7kfb8sau{$j@t4M$P^UJ#M9Qwa6x>Q%u|9kPT zZ63gl|CRXv+i$#z+`qqL`;GhY%mte)*xZNpeg5GI!~Y?@ww@vT8 z_db)H=Y4*YAt9^lv#aa>+5cl+uWxRd+rGckKj(bUd4QRUkIGBGds2o6rlhNF1RDU( z!>XYVa252|`E?F(pR7#IEg5t_LVxgVJM}^3*tBTkXbW+T#@@Otz4^D4Hd^tW-%5|TJ0r5Kau1vEE=-E~yZA6#))SBKOg z|3&al0hnkWwH3+(8Jw@V^UizZO{i}a`NSkIKu?f1rD;b)cKMpZK1NeHneAJ@f*GAGJqa zMjADEC5z`)ly^0sQHFj~d@eCA7k%YI?=R9{c|iR&2Q{VI!yqL(;}iO85BYuj!v6&Q z&CEaNoD?x)CUL$=^#b%)J}AK#&>oWNduz;>$@gVK|1@rcsi%JrOi#}kDTb^zBPovf zocHNDih%uL#2nO}!(Zx)?4wszQUvn_@cR|3H1G;^v-Z$-qRX7{fvyOAwryaW+0a^L zKN9@P24=1OtitGt~#$>pX&W3+@KQQPvh2b`sHe!R1$ov*q-9bR($Lv z@>+IcXd^EO?d{Os0p6x_HY;3RhX1GZH^IO8$^-Cq1~I^Gw|!qu`rH>e2lhpDKg&1| zqUQllr0($R;KF()Xt{AF;5uqTu3dErX9bsm^<4gm{NMez6 zRf^xGeSkDhPr(Kzvr@1DQK2cw>wfAuj>^B%S$%Y!BlgF)*MZZL`&gnsf785=&dCfp z7>_N-8A^Oo^YZO|7#t{b{t;+ZQ9f9&5ahm>Z(Khfmd;|+IVpb}7V`M2Mnpgt5XJR9i{^0=$ z`0{(P^ZC%9&!eU&J_h>$#urbHP~|TR-K{)ukRBvDbIRi&HbLjxH9k19%DL60n1j~0 zZ=zRyY7{s#v`>u6FlsOruhRMHn?BxU%&pNrsa~)i&EYJa<gQ>WOYKe^ScgSF z7uuJxO!!hc^t-Xq2hgBBGH-|O4#iyEy++(^^n=BZHsv{~f1(x?`lqA+FS>Y{e2FuF zs{2pI_J2j||4%#-9EiR^$o?vD{;R=$u3qt7qaH--f|MV$FUX?*w`l+GzvmWt=tp6C^l?2)IPb3ZNU;|l6iTR5ZCXyBWg zt2X+9qes)Ahn`(jd!S42SK>$8psn_#Pvu;AD*j&zYa6yR3z;Z}uEyeetAFReCqzDY zcOx`(VE2_T7MIdL8=Da57h}*r4Skx<_oc<Jx=abbxQ-48M8TXCF^O|Sax@k8)hW6hpAg2>=U=$i#rt$d0 z_qQ4TY7N(=f@@&paa0%L+Zp{1p!WfEM+Evm7R;ec?Ik+33_mJI^V8G<+R*oQ@+@{& zH>*eN(B47J?IiZDM*hv@q6^5!<-yOnV8JQObvf&-bL3>se=XAgbMiIny}w1?=W6J@ z61r;*$d#9$FDuanOFW?Rf6JPy7SDa&z8d`Rdb#(mo8;~v+-R&P9(zchdg^Be{d+qH zuN$N9et+k%w9|*Pt*%>IYrB};(;@X~i`Uwa6!Jtt&_4qnQGF4mw%9*{-vhn* zPK`fxX?&q)RCO)!LJWR}&Na(P)bGj$>q#fCpl8~h5lrwnV!66X zz;nTMG&jAUm@f^T7Y#;XNB5WELzNOgC*wyKD~6(S5ADm2(B7_i8@QXRhWSh2zh+`- zJtvgUo^r8;@x&{qe)UxO3clZ$IsbFY312Yqzm+R5g7)8)i!M0Jr~$bg9$0}NxbiBk z3%t3qmx}P{B1AU{hM-YBMCN=b$Q!2(sRJ)=* zw~O!-brq|ffd|xY+|L{moxz*Q?+p!%HgGsAI?4haHf`L)cW050q)vd?L2DFrsXfs; zeywBn!@pHqqj5tLeu>h)3_s5beioNjE+uOBk$t6o8FF6+?H$m*qI!V2yDa=JGv~rg zU9VKHf(A390C`p?k+i=QX&e;PT!WwQF(<#NHfXOS18w(tBi>7mD2AJqZm zc+>|_THg%)Z@OuvtXZ={E+q$e<8_zI{ha;!>5mlyd=MXSQU28ipaXt1Gde3HJ@n#l z8u2Z+{0Q~KlHrT3>&PdgM>MW9?8p&&QpB~7!Jele^9KDn zKa-BnA9*lY{C${3$hi`YKeDJ}iH{^7>&Hww@Bzi0;zE;*IfFLND64O(F@^e^OH1QS zBi4W))aTve^$bK#K_uz9I^v4It<9t{SvFxsW z!Eyp;|4+j2JBvK;YW(`u*J=*u) zuDDpvg-5O>clbl{e(D3L5BS)l56II`JYvYd(tl!f>Yqjj#>;1!!7|o0DnspqGSD_4 z{Vn~{+t@3ewVm{dX_TQ39=E7&=)gvFNON_&kq2r-FEqmw&DCx2MvF9hIMWWcmO~t+ z@o+YNTqZbdcnIeOsdw@y{#v1R#kGcy?z7bw9YVbqIT`Io?;=ij5vOYmsCZ8bbWh=I zQYsi~8n+QaDMsE^Wmz$&3~K9>qVvhe(AN@Oq4W>;k46Wi!(;A6*@xbWIhg;%Qu_Jr zqwg`a4~6zg_zwD7<%=NVk0@qXXl_Vpul%NGxJt=;+BDy?rIRkd4oB`(d^;0N{d422EtoK1cIJ8nf;P z*UzJ7OK}**;`U(Eb%vVSq+`OhJ2fP?hDR46P-?9P4dC26BO^c8SGE{173OA1#&v||5^ih{i@}1`^_um zj@uULfA8Hl$%FUbZukI?|Ki7=qW}2t^ykI~#;X@5=4A#RnCcyuiJmc;faYWHLLWS! zKEU+g1T$X8WTpN^+_xGqm?>BbO@^oA5$^k%(N2D2~lsCVF!~cr6wcA@Ue}!1OGdb znMIKy)Q95(s(%n0!c1b~w{m=lGU%o~R@F}^!q%$~uw)C=256tE0M0e0;4f(J+5nM`)+!}d29Q?5_=6y&`iBrfkA)HMG-^&j2S>@eEke+IloR# z@0sX%&hStNu;>FUGh+W6!2WKeu50zxm&$qQ2|W+??K4g_Xn)&HS0VfKeo^|92fF9Z z8|6p$-3I;dl*jP_RPK-c*W2FvMqP zj3ZCp*WQEg*@f@ffqiKw4gnL#rzju>%)!oQXH~MCoTIaY3F+Ad&aN1^M7>dW9Tq}e z4z@vk#5iQI7%WI@l2kuv-In?Q$_FLzf%^Xz_&{?|xzz0)Jb&r)H4o>DJlJ< z&IPjhyk_W!`HtIj_lH=uH z`Cw{z=7fQ+p+=dbN&fVL93GpKh2dG51tXm78<+OlZtQXs^Zh1dpmS9EJ4TrGHX&Zi5H?&42k9q`SmR^a7onmMPvUnQ#p5z{Ab~FDkiUSsn%i| zJ|%qMfDaV=(RwV+F0h)4(vPokW+HJ3GPls6zzzv11D=JU!y{_9FYe#gR2?!9Y`Jp91-<(H4#_wVfgk{;-2>VA3} z**`QrFNcny|8)PPj6n0ev@#h)<_9~+pw}4m9+hr#NZP}ow|x|v4spvOj_7Ve$0752 zO^exAA-rvZmf6(FtFO@2)I*HfVf4NlfaXg7er(5J=K%U;M7o=)MLF``a%N_glu)nF zHHr=+rXzlAs%n=iXEX7ZRgx2_%cs^?dzjkLH%3om1GCce3);(2>-?zAAZFA05XJly z`%!!$4cYf4Kdg9^6}zi-IEn|wqL;LuP3!(t|Ld~CJ6iXUK|Rmztq170AI({s0^__x zL~t@O0=4s+KjGY}=5^B0TTX6uwzkKst6RKPT&E^z7gH-~Oh2yY7vs+iVPg8 z9h^dO>om?@736}QQ3GVowu4PH^ZBg?Zdv1MHu{%%Kj8)93vjARV$C9Ke`FB&0=20D z_p0NGbRB?=5l^Cn*C z?IDlqc6N}*t1#-qHNN+<^tPH+qYJ#X7OYk4Dm6z`h)q!pFkksHDn&l`d2)SU{<3_H z9n2Ip(_ul4Vdbi!VerocUFNHgB7)n zLF)+?wxMN|eY8ub(j9&0E-=sl}6XSgcn)T9c?}R&}L= zJ8Ld59{Z4o?aBv-R4h7!d{!0wsPj~-J?MODCbcf6hI0W*Z+%|#hM!(~_J*EmoKw*{ zEHk{7kH4`FEc)b=PA1m>w&C}kbH?d%I=z5S|JQ#tdIEnFzBuR9Q{_T>LtIX8hn1Y| zUwy@eobSJoTh5Dv4c`j=@5J}}>4V>sCm(x2o_*>k^4v4Okl#J`xcvUbr~fSd4^JKb zTuXJkWe)v+2>PoJVCaDUDPq8JYA4ZeoN;V#9)sQ!ta0gRMK`#+rKNF5I^YLm!5 z!%{0r|Sdk^BFwq!zw(mg~8rYU3`azJ98lOMiz8zX|?BUD)NE3s}i{ zztv#DH-H1*4i4}j_Wtol?=@<@pMUme^3rp^l2>2+wY>4_v-0*EFZ@~hs~%{n?Y_F3 zYj}7JKVV4*49wsMPJ;bl*XhesO}%h?v(kQoH7?Cfqu?0G9lX$H@C16HX-t}Vy&b(~ z;ha_pc(|U8E~fuaQNG)tVI$Y16u$3mCZ0S(|30-LEkop5sFfgwuGBm!waI0+4s5XE z(L=etIjLI-R${_w}KfY)$@vDJZ;8V7NVVZMn;5|9i zl7wM@ioh^AvK!10iVTKM|6_n=~_onf}T@c!KeX%{x7`pjx1Zw%%4>&puOU_ zE5UPDQ0KD}+s=K?gI>Q9Jn$-dL4XV0g5Li=w*EeFzDFLoU7q;)ee#=MKO`?aL#@wq zj~R4-^Y_olJAZgi-h1a|`ZB-vAJSiD4}S*R9X~xdD~Cts(E)QZ$Nic98FauDI<$+t zF!{pT5okOvEzJ|s)JQ!kbgHQxmS%KAE4R)uXQkz5!Rqi0}fY)@Dm0?%WKV9%zd*djzYUEGh0S|oFR*&Dw zd-||J{oMAq4a*>(H{3NQV_@5gUk!Hh9j$$$XE^ea-vA$G5EExA?$Cf<&>C)y5v#zV zsx{A{cs4YuQ%n;*<-addQi<^kQmI$bMb5bZOe!0ks|8eUMaMt((;v#Oe|eug`{W|sfB*br^2W4q^jpKY)WZ*r4fuu)qtr?cqXU>pY$gv2{fs;)JWzrxH&t`~zNnsf zk=#R@(tg}nUFZ=n^~e?FJ@`%JNU8?mg)V6TJL%?cs#`psA>(gNwak%j86)l>E@2Ju zIR+2F2LtfK5Ii*wrZqJLpW#jxSZ(K!Ox0*iQ)b!p# zP0w97%frO;KL^u)98C9_#~zaBe@$)Iv%h2($dmFmbYJ`SbDV*AS=N30nrzwhw(Q&c z@kF5iR%=Mm?)6IJzw{3s@OVFdoXYG)=yB^ zs&%9TQd2k1<8i6eRf~T}-m92gcxkEPW4*-5dWx|wKrrbadL8kg>y!Q_>&gSw@`yl9%b+D1M=X5KVlXXdf>)u<%hT4AoqOlW}~nF zqd&Sw9)ILP`OV|#`ez=OKfL_x;q@Q9I=Xe!n-zO@evst1f78dof!lv#%1OAOyQASR zk^EDCpPfAPxkgue(JXSW@~>--`!jvB(o;7A{@+iWL;i~XNHw)nEatdZjiKk;#an|< z2yLos$HBRfW$0I-KD?RQ2z0vAUuj#84#~@@#YY-6WV!>ocVJJ{uGFJ9oR$6HB%@Nx zsz&FiP3gqvXm6Ur-<-q;ndI>#d^1T*dgK;f=)ouHK~F3$^(hsnppOkXB0a}!D=33s zz^bq{{qRNuI81-nI5_46xF-CA530UI8#1lu&b4+>XZ98&pJuQIGq_~no(Sgfg-IXz z5Y3bH6SMTe10HaO0r+UJ1x&n|c!v9Z@IkNgNIiN&c|iRF;^RuK3&hX0Tk&<_f%q8h z{R8H0*4ZCsRGsoT2JKw~rY*z+0tso?coUz^EA93&K%M6v#f;L#|q@cNj`*SDg+}f@0KQXMGN*s>8h(9`F6Vc!OEBw zUONUKj8L-)$_^4ZBl;%KZpnT1{J zeWlS^FQe4ZX})Y2+^Z8jw}qHz6dY`n=SGNShly}gc#<5((fvZTt^m|W;S`REbNS)UDxwydOlS9v1^}23x2HjVse=Ar5w~F z=h^e73BVRZ?@WVeNalz z&ax8vA-M6=p}X5N!Wzb3Bd&+u4m;g*89d<-l4K#PU2KY>5 zAKuc(O${pdx~Aa;YS)ge7WksAN%g^$p%Xf=4;}a*>L<2x*3AKqkQqy^@F3?z3fJgP4ui9Bkq_2FVpA7d2STlGlCr*BBom6gC6umlj4G4n=bGzjj5IX ziLspjr4NVZJ&fE3c1C;i<*`io9)+wTaPeaLMU;ROJHQJ(7PmB4g0-gPy#DV9_&0cB zVf^ry>m04ka|5$-Xb4{r9WV?1r-%hSR&sUBN~}i4UG8Dz99gGluj+u}Jp3AF;HjRk zgpN*nx$3R@^fu0zI-q+wJmBE9x%t$Z8Tw)rc~@Nm*1)X`{&9PWA@n(HNiFDGf{!MNK_N&Fu1Ycfiv^5AX~#>x91nx&P!x47H8j z*k08$tA602L2`tu1A1p=3|}jse%|FJ;G3=?dY}x7o27DIPP|^4OFe{H&pt38RrvsY zUqR2U@-k{6OFQ5Nc%YmfdRfem()Xe#)K)AlrN8PAAs*wmvg$nDT;mF{ z(z`PsTO7PEPPTmDBYW5TN$i0{DNM8&YoM_kIT(lb69&ykq47}TfXEm*G~%Yi*vz?p z@~H5^OwXiDV^=0S$*qH%4}+7okOQtGH&o5}s~U0!W@-fr$#t2zW@a#LGrgt?(K+TU z_>bRH%qqbimC`H0PEM*4+E?S3v>^NToT7jGlZ5*lJ*k*Ldv*6qL+Hju9WZbB0W-bR z>}NtM=$(|G%o!kh;kl7%#b#U%bUZeojO%ZsN0S4YuYeDn`2S95Ua33*A5;+6Wo449 z z(MA_g^I2ukTH^^1e=8~FyOIB@YCfMB(+S4l0iUpfF9K} zGsuXy_KSZbQvcbHkxBV%i@VEb5+B*v7qOt)ftlVJ86gMYp$|`fyp7sF^plC2acJYk zzjs?(r9%CF{_ZGhBtNVD5_ldA$qA-Y$tvRYh56*qunh)(D31_dII#_S>(cwgn#O`3 z^m#`ypUWHpm+BpCj)z$Ri?`fY-a!W?#!){&ufP1%GGZ0z>lwrkML)r3>T|fUM{a6! zoK9-8iA7bbZ%M`K03~|F0dawuF z_YibG1V*v|jTaY>v75>Zg6%vEZyX+-myzyi@B;izbU-J*NGrCW2>;SX4=NjYNGUbr zrQoDC&JUEr3pRMdLGGmjoX|-PS{3zY4b-BylyeRx+kE?BSD)LzxOZM=Q_ z(0u=_EMN!b;ely{@$xWFK_mgq0O!$E%ALA{6roYX<>kb}I2qX^pxKa}GeI*AWm zP&^u{#O$oh?eSaqZ~I22VLvx9GA_ zix2&k&z$r*DCas`kZTLJzL0)T{#$}1FDhTE$xHNs;|zcS=<2Hn7gB!>9v{Pxn}YUA z|0%GhcCf5@Z2VmJq|A2d?UZqUhT9pQn^V3}9so~2g#6=AQC~|vC2P19+!X!pBtPN> z^LF!DPVyub!~_-O%qoaooWzG7u%c?>&_?R1x)qx&tLmyQE<5!7AM&y6#2@C%!igP;um~> z=RxsU}LesL)}+DZRSFLp)w!=rhDBg+Y&RPcOaIJAeJ zm1gB9bPum{!AJUcr_vt&(C5q1v1;qB^lB}NzAXhC$5v^rX37{7Rw9M3SAOC!8o1g`b|%OA`7S2sz})=;rv zpS`Nzz(7+X>Ftne7dQ0wU@tuAz6$&x8+0#Aqh}R3vX|$p;E5{ii1*0SSkzVA1jc6- z6FS^U&O!Og!|RT|hWnOgK9jRNd}cA2kU5^(@`Icg`@m1Ozp+iMyw^kA=O!OxrN65w zrWm^8^GAWZ#1zU1Sl%Qty+MCsx=!@S6#2_p{Q9}hqdc(03rn|#PC!qptsDmH9tO)C z1)r`*#+}&sDrCQ&oJS-6NDFm>t@wp4)QvThTWVyyb$S;k6H#U~JV&(?M{^|dS zNdL_*YOuHc6L$Z#zM8(NX>`COa?l43)_~rx#0Rh?+og^i*C5#VD0!YCaIhLMavK;| z?Cw|zLgw~;euw-=RupIYqNx9k0uKWdD&xI=coMRFs^)z&wVND{#o#dZq(C2f|e*yY0 zt$FUx9itN#bpiF1*!~gl=@Ia=k){!Gp)0HSZ8hXi8=!wPxso<$--BKm$99b4Uyk8p zjDRJNw^ClnDZ+Qt!R-NG3u2l~DS|J8$z>jLW- z#EuTYAC=%LPU2e&{&{I)iPYfR_JPaRP-n60{T-4Lm?EA6=9G~et377bP)AnHszSai zbLg?Aer78DLy%P`x#TKpX^ll*rHWZI)nMzoyzqo0+a+mXd6GuWxD9-@II&o=L$f8- zFID1nR!eXewm(mb5|~2*A32EyEzGGgM;1y6yfq4btA5@L`hN|F86) zLk}w5=ecj(9=Wf7o8@oQtO;H_hWw8cOZOn#m3&7%pVR09JBIe{$b2UlRWH8b7}s&0 z8oVj;*HgqBz23H#{<^lW{-=racX~rpW%K9I1<$uvw2e-p8z=B>JJJ6YDdp0RFW^k8 zFnoh<_T5H(M`0XuXRzs3Zk^zs{Z&0OjIY&T^~&bgKay>4Y?e^^M5YANXE`8AVtk_| zYHy^3Yzvks>~yMMvXmv28vIp#N=J87D~^w$GL|1rPk|j_;^OR3 zKXzStu-i*+9t_?KpB2SXM;cXV_$@^VrD932i51%0;VUnE){6Ynb7qF-VdLE3eqijX+g<==^vf7RDm67#RFH`PumJtwpt1E0y6>XbfkE^iijl*nSK zq}OOg8t0vZbHxE)SYwN&37H)s?>d5xXawJg*~R=s`a3k2Qujl>Z!bPsALr$o;E&9p zMA`L+EwcOd?GpH*zeI!0rU%n^k25^AMQ%wAh)1`7Bs<>NDtq4EE!%i)8*x)F{z)74 z*&eW#5@Pv${M2mX#GFui3ZUn$@IeW5FJ@+eCzIcd?R90kWt`tM1wSk8ry9va6Q2xF z+cJX>H)qKIv9w>juQWe)shyaH{!{4vVd(7UbL+5YO7~7Mpl;;8ht*fxFGJK%j)D_U zlTR3^Y8&iw*IoQq5#{gv<|a$+9bJyLnQqQRj8Nw@!oC`?1H)YZR`%@R8k^|jR7jkb z6PP2GXmT6q*$(0!<_ zBk0-zjz{A+`AcH%n`@+h6f6R^Tf)Gg<|m9CiG%IIhb~QV-s?j&J2+j zaFHQm$Wi>raq7({@h^1g{cdpmQs`Dqj5b6)`Z#=|-!aDDMtFT!c?)`^SW^7bB-uAb zQufp1BQPJEZk1BLKOfpxgRgqQuF4d{`%%(YoUGW$O8Lm1N(s|44sc|Q2$^?7k=M#6TUzGeRXz~)a6u3x0^Fj(0%}!*EJ07 z$N0^Y#7v!K^{ytX`x{Hw^MB%PgVlZUP<3~+#z&Lnktc|E+wsYV@O1{kUE8>h)yd`J z0ynOREtPWoEL%h|*Tw^{5O+flbC5|24sy00T2*n)I_Xb4j6NBqzI2q&Q+qK8-D}7> zmhhT(eDXnLO0T8zi>^M^`5E-Lj>E1;63c~gUL+Qs6Je4@V$WWD5@!nbAS7RE3f$7o z>ob`-rFP$teQ2+Gdz5@)IrEH0>6ti7oyr`vURp}`rTeqgBg|5(vb1Je@c(%IBsu0* zFbX&G!dk&L`q;-H`xs^^ua08>#@S12u{);4T6xOfljb6Su{7|%^mAHDs=m?h>L{8= zC(h%~%yKPz$$K{H?(|}HKqDJ-n#x#}Jg$f-6(_TPD!6Y6 zE0U5Zt5hV~r4}rx73{17J=#eO?M%g|2sBGp0C8hNxirFS{lr#%8e5TnaPVE_EIWKs z99e{aie5qIc7VSW^0`r4!G7V3j04$H3YIWVo@TO1X-^)PT7p_;!8GUAK*wSBf!;T0 zuCzY7R3|LaU0*XpjoJ*fpQ0vmfIL%m7BLNZv3`8MA%pIN(7hkKg59Sspf=mS)03F< zcaQJ?yXdb>(^b**g${e;&Z&l>!-qQ2m+-+H{?M%9PYp>Y_)T*jeja#_-nPOU&BXjI zdDPYu<9X2$?u0UNC6-AQeHH4#Z#u9EUD#(A@n2D}+0YT$zB!Wbhi-?KWs&F;-cz0B zmf9?jRKhRzXncBjsfM^?2ux)}buRw4H`62OKJ+S&qW(XYI=`R-_@=|q_fudslhm^I zQ>WyLvdgfmTc&w#k;Y4OKPv0S^GbJUzO<&X6=T#)Hx^Rs!aUO+>ZnKP0Wku9sU92W zcl6qu=PDD5e%Fv)_IJhf|4TysUwl(*vFCx&>aMW`bb<1~0(L?DXN{wV;r&+Rd6c}t z6t;c>-8hbHj-ki(`sf;iRwL;45p44i^3w*sr!+J9 zwn<@Nt`zL2NB_YBaYWE}51LnDPdf22hpDa5>pBFVv|s~lF*fXOqro?$@Q~`-QS59N zzJwXyvr_E~w#CUT8nr{?&`0S$L9Ngj{#s3fTN;v`GKT)1Mvp6PmDZo)0eyUo+^dez zrJpm%``W0F=;8d#i1GdSF8sc3c+nbRG8YD?o$)`4h=1je?X}c=zQa`YhcQpr+#$tI zp#MDfU>>|+jy%#VHJdZK@ZqQNzh{X1^mZDV9Re$BAa?2}J{UqrkDxb3p|f7kQRI3Q z-7$oY_GZ%iA(VcuyHmu1eJI18*J3xi@fG^0{qPchoA5iFN_*(;jIm4H`UL65pO}CT zmGVUx62N%@IS) zfWJ)P_jjNhy1){~dGDm!2I$^S?WxML#XnCfLW`uD`?|cyzX$#92qVViZzlW%Taa12 z`0^fIQRR}cJwsZ^F^oearT-|gSr_v{+f!UJfUhwL?@fdG&)^TvfZuEEuS@S6OP@bt z^N-5@FuzN6Jhq14ISik=@ja4#VoQ>Chpza$U-176zi`6V@=tBq6+h{-)Ys2o>*tYw z)dLHxL-+-{ln)lvUJ!%nnuiXv#P}oh+G%43WGA%)ZLALR#~s9oP0VC&#FjV2mPtLd zuSdS?xUFT?=)!)~KzCj42>LEFf404_-oW!GsRbP+X6VKK^yJpc2(wUB@8G*0q5bG5 zw4Wv4VJzhXgZ|V6Ib5q}LLiIFf)y9Y?C$Rlf z;C#~t?MIOFqqJYTueVD3Y4nonhbexOewO;H{b1fD!I?&+Fov&w~Tb^Y>ZR2|S)r zTJfG~XfTZrKZX6B#EwtkHz-X!8A*ns8)rg`5aKK(fHMk6`>9KYo818cYXhOXOvc~xTZKWO`(yaEd~ou6q* zw_nqp?Ft*P)KAUe->JMWaIJOCv6SAk=mO(*>9N5Fi@Y!kO?Az29z>VkpE2|^xg6-F zG+*-PmTb4ub4izfa(f)jm%h*NMfjWv>WJIP2bPAJhLX2MLm}OHLDzZp+qnH? z9q-2(f8#yK_UtF}tul{JfX@s&fIXP3;ye$vt6k=XiKZ-fR(WL6`)M1(mg7(S{}#LX zGo<;uK7F{Z=QG{8&T|`+OMly)=`I*3uA3RhMyPI>#qO(5_{lQ(W6>_Cu27o(#l`Dp z&>se!)s7fE1)mWMj!-Y!l3Y3B4JnRrg%`bA6IXKmpsnc(f7c7}k1zYw6&SVD|7%l{ z^{&SFk`LO`%aglvJ$=2LN9iXv9HWME8oNKMH9E-bJi1~In$F@EsJ_tq^MBTPS8(G(UViv(VXn?Z-}$rJ8G%@zpnP`Qy1j_;KAYJUUU58h2#GImmbd? z_xiu|c;vX(|7Rb!9QXde_Hn^+pZB+Zy!N=y|Nr{&aX;rD5C3rm{-3%6YmeLQUwT|{ z-0P2j+;ZICkAM7^^xI$3mw!qB9f|) z9)D_sU;OuvKefS=MLxA59)IcwpFoe=VOpK1YNTy+?Pr#&~@63*Y6{$LwJ7>yCcm;@2Jh!o{yU z`UU40Z$J74YmPi#xxu?Q_}z9%;^D)^%Db{d(xtlS+L!uWjP2 zSPrvF)1oq%LqJb)|0s!|$6Q>n?mbeX*muPKPzm=9mf*egaPc`HyWaaqcE9_+?0D;4 z+49C)^3e;g$VT?PiR-ZO#ox<@-@VHIe=i^Z=4JWtnHOd46Tg!k;UyAUHYdTw6U>Xz z9>?{Zb)>$Ty4P%agk+{!B#arIX_+=jFQWG~=T&Oy<57mDW?Z|>SIlpTo z_qs1KS9VZiy=PkxbCC8+DK(RpVx5Uu`N{sh?v~HCH4is8kiV#*jxUFPBw0zt%ywbk za~iXFv&*EB+NInS=Cnkm!2|SFW^P^x{WYTlBIuRNd?fZB#@<7G0wrjduWb6mTG{c= zAC0|lW$&9`{eyh)+)J|lrQfsvSJ^*%|J`fy;d8&2wa>mN?;Y9yW`DCBw9ZLT$(+Pz zb2gImklL5moKK(dRNX%{JaL6`kUW28W-0U6N+g0_N@4W)O`|5{JevQBXRdN7A_`hjHA^D{Gnp5KvK?75hJ zj}D`kyUsOFWe!9d*B~h@Ne=GZe}v{C61p#Fk?wo^IAgd|HoW>KHOX(wR@Ro+-ja>K z|ATz^{LAd0eZTm+tW{q4Xq^OvM@UFws=WUCALWfFUY3pfm~Cd6lR)dd1ZHs-wnTZL z#^_I;mjPYq7nDJNLcc_}tlJn!?|kZ;*?VYsy6pCel304*ZQL3lJ6U__W$LrdU-oU? zFMBsJ`A}yesQorZ?FeZ_B3F-j)r>{Cmv2|LCoE zBs?lgoK4hp(Tlo+p5z^~hootIR(vDUo7u)$^s1mI zC!bToTB3hT(@>7i$@YTrY5%x%)p0S|%ot387xL*ZTg&FtaI;Uo(6Iyr9A2#;fvv62?4=t`9Zo7G`*P(;!V(Xldy{2*T zEu518WT4#6Oh(SeI?&rXzatwN$YJf>yjOOvT_+#D_6~Dm;MFwd`$eb7wvV=|+1BWcRx5=zY!;(eKT|K5V%*WB)E!$LhwGDSEm0(EGgx-bTOCH#!;qPNDB} zHnW48y>-~X4*1W`{u2$^Pl69r|NC$Ag$I})$_m)&CtKh7NY?RtHhs9BeY>P%MjMvFHB7^2yT2dOh@SdW~EI3v!@nLVU7^>8;BC^%}strTqSE=CkSk$nLZFrlh9FR9G+gNq2= zI-s9@FE03j{V!dErl~{X9#p-EA46Y(`20HhWN^-kT2{Ty#~vFp!2S=wf9rn#mh5~N zAM5=M^pP?#V~v@YA8bV@&}S0AZ14IV5{zy3aK6R@4s(bGtfa>SJfO>p-=lUwc_11; zSq$$l?cd{U|1AB2hFsnO zdbHQT)5+{DQ6li|l>Q;ieM=5!zHp^m=0?Zp)l|g(qYa-=eO}$a{|@|%tp{b}wh&3K znwI$bLz35VNE`!)q(ON=WnTII$Wj_F(Y^OD{6X-sr2n~e#_RPxo$!r5ud9~6Gi988 zsf6~G4thv1dsuxT<$H!#hFNxgu!VV@X~rzu zVtC(*?o<9RvDTiVeX$(cYdfzJzD{J$?Lq8bB7Lxzh)QLaOQp<@jnSiue#i&$ zF}MaX2cz+OW9XR`Cfm0hlvsK#MR*n@vU)*Mnh%MkcaaC$X^WvWU)sOkF7o-}9$TSx zBX+MI|Gk!_xB9pR-f!b?oxH!5>sVaISpnTY^mo#OPv^Jk{&k-F#y7Ep_|lt^gYECF z7rWU(Uq2V~B{S%uXOpe(ZQyzo7_;cKubved)%};2)L&5x?r*a-(~GN=xsvh5oX;5c z9fO>wL@;kCB8mPC_Qm~YnUMJieBMZSBvL|sBiVn1_=Vvo*3C**!-8b8_q5hSQVe0e z$Up5``7zQ*CzH@HGWtsN8p#C#Z@tUSe&EiKAx{;-*w1=#xrK}+7+BxQ61o> zPk_!OUebX+8}}Ig^TwCnkPYyG&BTlx`o?7@=FxM*Cfh#POushjqKoKpi4SARS=_&~ zy!CFKQ3oF|bCdatf$;nR=4{fRHX7beLKe?PO)b_O#e zElTXPrxp-^h zaWOii6dBU%Qo+i@KPhMaQU(04d|=EGr$2WtJP^!0$hV*Tt!#YZReArpmyhh9d8^2) z+QXgL{xWnzsfqp+#{M~j0{va(Ex)a$rc7u0#$)%xp?^H_T}oUgd>%tA8-_kiU{*zu zOpgpR>n@7X>hwa~tuy&uo}N_*9b z%HK-k5}bgH_613VZxR|=O@}0jmDX}dvd|-XT?$xf^h&c+ORD=<9#DTU2OX$=>XXpZ zum1ekvYt5dou{8ScwXsm$)o2@jujtpH+^;JH4tr8p%%?#`$*}ctAc5mJ<{{B(YI!I4P>ULh( z%$!{O)qQ4Sw?fXhAjduG^BgDpOZ!*3_Zs^@BstJM4!s#wGtXL(nA!!2<~Fu&L6W#8 zs!!rPlTu7gN4cIi#usv;2XxM~&UDU!U*CH2H?r=T7v!BMpTWQ3+_A+)Uuycf(gQw- zzN*eLdTv4U!YnKM=Nw=z^Q$bLK(CYDK*akop~=i1j5K<-2Qx2rKYoMi`grU{Qgkx& zMd{m#Jq_3!!fc>}%moY2e_e$iqANI&wQM0lxWlnsuI0H4UzK>pmBmNI` zU(x}3O;p#bt}930&E1D2yZw+PH!es*9eb@kWL$$NbZI=-B7tk8&u0}vcg{mp*y)== zucAD#0NsBszw2Xcz(-I0M&5nmX=0Xi^dIxhi{N+sp(wvldZRE)gMAm%U(}k-*_&Ku z;+V^`JoK{8PPIt*LG&HIuFmk>vt_^d5HqQ+Qyz%H)~nBzj4!y4n96snpBzL-IylRe zmfIjJZ%LIk_m#>|UT>3E_KZoSiL>s=b_=?zLv`Pu-~sjVlm}D?sLoTLL9as&*CD+b zd0@YZ>^-Mx@qQB5Agz$Ss|;WZbpM55B039R_rLYc_vHO2pJxA0fz1RX7dcYSY|oOs z5{dR_7C?@L*p`(^JfBr)?B8N8bLyM|)%o=SuT9-(`X)*W8sZSKg8>7hM}JH$9C1olL(6bh;fI*aD4J*LNRT zN_!*T!S1V#S3RIQUTsCiAo>v9ms2$*L3#ZWlG`JRr6brD>}_u^aJ8@%YdC4|M`=Yxe(m(t_h^$%0%*g95HReX%^@E#b z{rm4R!_Hs)clm(Ph2Yl zNp{al9{Q{rU&e`zuSM4@jdkg@Xi*=JTfIIF!wcf2zJATa`SQfOz4F{%XdgW%Z$-|@ zhcR>V>ksMm(=#U)d=&>h$aL?O#KKNTBfbCB1{PogljWi_&opLauetFu<|?pmxLlt4 zTj;s`N9`t=J2C?=fRY=Rfb>=p%kxe2JMtm>F2g zb>R0Vrw_6Tu#{S{^6ksoP z-k#1+*tXeU!oXcW*q<*C{Nf{7as6-Pp(nP=kDlHtKGfJI-~$F`5l4H#t;%O4#WN>S zcKSRI93qxKEN=WbJACZoemVP2s~Qng{g}iRcS|aLy8>ey=Uvi#7ccs1VU9W+z zn|XZm4Ohqyn6dE4kM3fY!jn>i>{qdLwwRm!FYeO?maW~jFT$CCFw~UlG`Dnxt$W2j~#T4NQ}8l5-fv~;a-p^+mwV`$0WuMwgL!H4i7lk zdkKoL6oZgeHz^-RdFA7<3JFTDm*?M$mzUp7m+Nnjkdl;=$w_b%3+DkZj!8u2}yGqOMB64Lv3yzzu>)n;_EJ`1>%0^+ z&q)S6|KJ-5a_2LF?8_x@Zpf1rSH2@Fm%k^s+_ICom^);}WxIH8r(As{Joe*2dGwhr z5|?TP2dp(Pakbq#?=c6gU-y6S5ATuFPW)$C{@rggD}6b0HQ<4pj$VV?ZeAhZzx^7y z=dSDJ(I4L~RqWZzH7LgaGxo376gr!!A z$;SS(+a$gcUN40Q@*1Sb#r~mr2=+U^Vonn5Q`mw9^Z+q2y1BzoGKHh6(zc0x(m%J#q-te}pTJ{pU^%Yrt=_|5o`HOPNg-^&=zxqA#4M;;rLnm?_ zs;_kBVJ`buKj7z&{6fC+g)ho!U;2`K=bNX=<;%{M>sIO9NO*tE<#PKiE98#bS20`W zM)}1kS>CGqLt=@WGyhGY6xHUV7}G>!h)U-`;SEf&W7a=($aA zmkfHq9ZYYLAk%z^wxkrnmS5ouaBp{_38JGbV7?ecUycDVpC(be9+vU~c+m}s< zf8Kz^6c3|2>gDxKnes0ueNVpi&4-zV`&+r{lBZ?G#ZSsb=RU%$)E~;fe(5GzdG)X4 zrPp^b7qS>%O=o&RFMglKK)V0ufAc%$BcI9~y)VgEnXP{MKYvNi{PIc6)cT5Cc-HC6 z(L7tOT6Uh?c+E2T;hHO@tgv$4!!<0 z@S#udxDtx2*gzD44Ymv;l);*-%V(bi!}&8e3I zu^vguVAd#o@k^Y;Qsf+!2=k!$6=65g86jCs5}4jBX+`alVQ!K{`X%aoOcOk(^A#)j zE@S`DUgwt;XdIkslJy^NhW5*4<%)}$BYU2#y864!4L?`TJe9fO$iTPG_`3Z3p$CWu zg2-_tfag~lvoS36RdeA}x#0y5K1D(V`H!d!dbiTo4d2IU(BCZk@%@vcbBTqSo58h7 zg%|fGx5MMiPt@OpJfue{L93@)uW z;Px%MWF@oHu7JNU{0?)qFFG3=aG6|n*>~hS=X_n3Uwp1S|IFjW@4F=}Cf2|_-8#RF zeshk}Mq+=kHTXXdpDGzVNcZp7{g*2J%|^_h5~uSc-NsDG_{bdD9oHl&!~!~xxQuI( z983Q>^2h7g|A7R0VUoYxo7yk_S&Jo zQ{TF*7(6U2#jt&b{U`QQ`SY{ zF7`M-*Fg>!ennrGBd=Z;HU~^QPjkQQ|AO<*k&DrBr!iOdjFV52OD{Z&{a+=wv*#at zf0f+%1DzLtgFNxe`{|X=dqs;px;knKG%tJdAZ0`z&_?H z;-`fNL>aSMJ;;@dYnzf%!rZzLt_}Uda*z!^S24H>d=tf|R0pSWT`lD9OwX- z*jsvjGJ~~{>z)g)wSD_uIr|%5N6(!mr=EDCvHz=C~to?-}vAU=lI-oAjVXuei~xF0O5m zUo_9hN@_g11>A1`t|0VCmef$IqV~NKc@O394(=Bi`=`GedoM>XRMC6SOf5q$aoYOz zTjjKqPl5LTV(kB{uYK9@gO}oK(*bmXnQLKzC(^)ClA|)&C;Q(Xy*Ss1 zy<3Pc!pW6toT4$c*MZ-Hu5?-H^UVtI2_g5I%M2$Id6;6^w=)o(r}~(_=qevv*C_B= z2fkWvP9<_mPY`ke4s^Gd9*^ey3Tl)}W$oIJ<;!0h_i5arc^_k41j6BP8p;{H5rh{~*;e2@dZ<>4Hyxqw^;GVlud zualT9t^5B5vcDSNf7R6&8GgVG=stt~cikk9Jani0;q~XFuWM+P&cV`ImW@@~mz;j8 z&L;YlH{uV}vVVGZas4aNQ)Yf!Dm)n$#B5})wH5uBh>ld;xETId`o~i@lgj?n;;CWU z&m3K1^Yj#}#Dt|9^Oz&aAK-J7hjFp!9n5V(W{E@v#i3U-m>uO5KXj}Ez2HzChfh(& z>q3#U9BRGFpnER%w2XYE9lh}9z5{tr=OEkPWY0XdeWD$0q4nO%f3w< zc|Jbjg|g=Q%h>-l=z!I7@0~ZvQ&0R0`EiR|CCfYPCmmGc!KhjG5AQ zi<|4w$U@%0($kU8RCJrpgD%&YfS4!_n%d!IJ8_uW{nWSu_HROe#gbQ`eln4Iwcr%; z(wUMR$=rEtWFfLsh#VL3o7K*wab1&e4?Nf4fi*W?fnRtD za|V~oj~~#v(GMH-FT;JKcT5jX88glXTl?uv+{QdbW}P+AtCzj&{M1(FYBsojx!s6LR@GPde0_B$cgF>Gket) ziCjmKcg}$i;@}^X!CUB^|6SgBK*w2K``#q?KJt>AUI;B1)4RdoM(-togpfceA&}re zVnX7?CV&IBu_?B(al=iPt=@a@8kHH1q|uC|(MY42QSZH3R<*F^PO*>bN2oh)}CUXM}O)q8VgIg_hroaJWGRd-yP`nRH3irLjR`#ZP*;f z=Z<@RAeUXdKrUQxww!zRY3%>z%d*9n%Js{x;CpAv;;S!~d+%Bx$Hu^s{ zG;zwY;bZpcLG?k$8?F;gM#f*Ub-HC_j03MR+VQ-_qW!&d{+SuNJ?=$nFw6L6c z18>aD+F9rThi2oVo&+9G&!@5AFH`ZQOC@$_ZbkPl7VedqdtXRgj0#R--A|_9mqfvdqPy3iS^!DqLC{c8@tbM1A@nv3z6We;GS|8JEiAN!Hff5pJ{w)a1D;uzjvBlte` z9|P~uj8EdI;n&;dL%XsK|J^q5fmKb$nqXqz=;ofcdGR=-uGrUxA0l(6hL};zy(r`v z%>*~;u5OkD^w%?(59P!M_1V>!re`PJL#tPBbWjp!mm;H{ox%E`anwRzirF_D-WN(O zE06uM1wTR7d2*kX)GM9DJQv!tZuF!pS+@$nZe%l_3(i|WzUUI>|HX2_{4?cy-~Ogt zaMo$El;`1g&ii+g|Iz+GY|Q_MKj{Cl!Rb>*dPhsO|LX76+k{^nYho9=HR>7I+<-23 z8@|Mhg@tw%n>n}SgY6<_)K+-tzxvvPo#iZ|KG;_7Q%RwdnA(Z|B|7xPXZ4=-xmxi> zX3ehD_&T$vi2-M#Yd{Wbg+5O@E*0Q&W5Hf3{w|leUqs((>9_iz8y@tmSL!>je)ARV zgNk_mqlq8i{>InkEF=H%Uxt^wp7*c0WC4ECm&lDg2X_zy9(m|adG=S2$nRG^{XzeA z4m8)b-!ehp)f4_$?>K&`_^QLLRsZjL=2{#2J?(I$t2wV&IJXty0pMeATEiYx{g~C? z+sj&PgOg_iOI6MDs@{uM^t(Ll(R%Rw?!_aovjN|B;;f5t(=}1+a_ZS$%pRtS^PJ9+ zQetG7e+>THcw@4j=sfZq3u}JsP6t<;3nKl_=V|49C@@=1B=Pt*zjvg$+q7d)`Kn+6iz$HPPYFuNP^rNfg} zy$9>jb#uE1r3rqy4}7MTIbP25sJ@;x)T6qai5Yl)HBg_ZszTQmEMXIzL=V4HOPua% zR-altAjHWJs^?^wu37LjkyByO6s%+lM4-U8=5^;y-c%ZuMGbEt{=XJ@~v z-m1y*#fG11JZGkt|GZXKt^A#={nKjMykP@*i=DD{(<}RSy}RzI0RQbv@yq>KAI-Mf zt{0E>pz+#2E$V@3_};1SA-Q^S3(!W6@QcTH6dkh; zbk>P=Gk%kUGT21CAr`gry=w3fHfw{VCE+8Qt{j0^H>(ev`hV4x(`WVn#D}c{Prq`*^O3y=^FhbMZts;6>eA}tsUCjn=U0m_ zth;{3tIu7hzMuFx?RstFFS&j`5oDH|u4Og1@28A-8<0FylSej~|m>jKguR-sVwa0iIXfe=GaK64qTSx|*f%MeM}HTFx2X zGFLJFai8hlpFA$@b)6TCw2aiK|I-+;zm|Akkch?>`!75EYbRQ(PVf&kcz>C5>WF8Y zqt(la@lgM8_35z}P@}BCze&Bhm?y>PI2ELTP2=ZPcsf-Weqi`U;}ww=kt+qU;N!_Z zcCohkc&^8Ym+HeZ1m|D!4Lb9{t3KHda>{Uomu^>XZ%X|dyLHWBKjLGZ@u6qtLD#sEy;3)8L~CXJ z#($>2AN5|Jt#w|DqvhG*=HZb(&KlL3RcP*d(6UC4nf7MV_RP>sJiBZXe>e%veQJrO z8pFfGT}(|04pRktpwcYj5beZU49^yFjErR-x%9~QqU6vfKgkNo#+!rvA6^kAG{T2i z6V!`gfIg|t_MG2_;la~EOlW7X&iro#yIIekqY1s~PR3%q8&4Jdz5CtmG5Dx_{-gTz zuY9kju=ebBM{CI-`ek13b3OOCj?0Rd1Ui4xOCF{|^Ax+o@xB3H#(pl7b6?bsaLJDV zhpBOyTyD(XD2dxoZ3PaS`pK%NUNO4#1=MyecoVpY4NZ94s27212@auEHBJBjrazCy z4PQ^NmX1*muSHL_mHd@z%=faMsCU(nx6_1|#Fzh-ety#Lp!xre?#lL3)%fpX-DxLh zZller@n3O3~`3>o_B{LTn}zu(oK zfS&%xupB?Wcfim;{)Z?11ikYw(YN@?X67dOmzDzRP-vRl(6d%8^D2A}t!P^7Ydw1P zt;D2m{6ExVq&lNUS~(x|bHAL_PfPKjuoE{r@leQTEFAb`)Upm7WA8b@8NY+Q)pQH} zZk^K|pV6IGt?@DRX6sp#RM*_l7AHP+m3w!fDgH0%&VAPY>rkNe{J8;V`^!@;BPWit z?;T^W+rgaeQn^?0{E3*zg zzf#7m0v$)y%pIq1jc9U?qucfO`m3tpq#9oBti_$2GxQl5sP33?!x$Fkau=aDwMiwQfh4|AXWt=PnQan02XWlxv@hh?yFj3q4YX7e)gyL}QyTpIjhX z=hk4f%F)9=3J0$xryea*G;ipup+U?2Rt-}9TD7c($$j)zqHWFCc}%WGON43ZzrVL1 z{R!xMesQRx`OS&?-eZQoCox;~U5~RaPZ6K`$yN5F!P~_-uok~oHyWL)(da_c*^Zub zjcRzK(dT0hs3vc3aia{duQ0S2dGy(Z>J8v7s2MGc$a@Qo&HwQ@_t8E5 z>N4KfbIK8EsY7?Bd^gY2O*U3GVesb@z$h@)k!;V)m`f+1GPswIR-#mCd+$c4x9~R@Gvi%>02_QHfJz$oR$2%aHMlr_L_r z=kU6oPrR8|{e^YB@|GqXF@km1`y1HZEb{p~}&JC?K&dmu)~dDi95g$x52S; z4Zjc06#NXiupK+YWY3;ZDP=ENLj8#D8UMBT`q6k8AZJFtn7UL_d?ET4X7YC3MxI%9 z4dQ~~fcb?QnhuKp52x*_X>efcPT2##Xs2p9ytEcA2e|r%j=_wM!&}dS*`9AO9iCXeq+0=(sLnM*kH&gFdjDuphQmCaV_c&nJA-D&DM%$HFerVes zv=r9M7WnkrUV2qFYx~hvh-6NwjzGuM34=4*LJi}v*50#v4gCQBoB{H5;5w+!DPK-` z^KsxyUjGZegUrz^Fe8CSVk9&qj=DD71~@MV;4`aMKqmE0%|okJfVRJ(q5s#a4`2fy zq8ccw5ug|$3$=V7Ib7ur%xMD{x&X9$juXEJ{^54`@SD+r*!A{1lAf0@jl-h`AHECz zgK|QY9|9~GZopr~M9z7C;W0T-Fe!QH+}Wu~Td6~5G5*=~;hptcWb@jMk{pvx-Jk%z z%06%>sj>&2x54#??`x)JZDsD1Qo}XIzi}kEvZl|#W291ZOySb`Qj%?!wuUZhwPxlH z-1hKf3EdYYf$%>9!NB^%0oeM=2HCQ1ljIiR!8SfQt6lInZdb2zTDg?NuH2SR`ef^x zM!x_)tf|f5t7u(4A54LA7K0e;cln!pH}B-WnK^#%aS@3IS6jL2=n@zj4W)3l z;JcjS@r~3~kXz5;8Bvb9>JTV5xdbjxZ(9%Tx6E+U=|dR2-NWz~l#{-5;|@7+AV9nW zqteOPp3Fs>~M)?FQFGIVUB|2j!fm5GS_&d7Z&IQtcN@ zekpwWo#b8%&>7feaI&i%yq~dGo}taw_!YNzWTK3HUMl#guIEhC4i!ClrJBQu0tglDCNp(`yGzfE9*RP z#5vC;QnOLcweq8*sORUW=EyX2S?j>c6;(Z)sKe24!~($d1WJN)R5IZ*+WO(aFs3K- z!Hs#txGVR&YmNuaGoZX6ZM!}X${#DE#;1IrO8TL^-yGVn{FE)L*K!|T1OI5^`740K zlp&#hAz)XdjrzQ{U*}J?v+KcHYB8p~Dg)OV3brT`zE=|Z3HeD`aJxsCmpSm7qYPei z6nKOEJAx$wZ=&eh6A}miO1WwE@NiX|LFb5G+WsEetsExhEZ4IhDW6UGT>7>0np(Na zs8MVCmAkK49i2mph1mGJ)x_Xe3~rY4l`|5^57GA2XfOplzsl3q_Pc7jfA0e4kj>nW z02>uUEj^a`qukWAnBkd>Ea;Y>cqJytxJa*hbp6_^^1e zGP&S8$a7OC*Y;Dp+@^KvL}F&x;W%o;Ec>9o{=cIhv4?Vx!1LcT2X=4HRCk5WMa%WSRZ|VG7`NRgd(mg_*LAkSF zroeU?yjj|??l*swx1ax$1nxXwv|sTz$?%9wnZ<@qf*GD{X)fL&_NK^6TO;uajxe~q z95{r*`-2QlneysV1dA{D0eD3-6U<)Q2+8CoUy!Vc{iQfA@f4{pmTG_h%>Zb zdC=PaB6xq=cICa!U32``gt|$dy_0ya>?Kr-Y1_*if4Zmv1Y!c|QBsf(K{J*D6#f{2TXHH_gt z`0qSq=uX8FGmDvH0jw#zw;qt)0clc1&S}khi!6eZx#+GmdG>Yu!Pp;G4`{rc;bPA5 zFlV^vV)UT~u9}UxU)%~0**YST=0Qn!O-VX^$R&sGAm>?4EGh!Gk;51&=WykN56Rmv zy)3aI@aE&w!GD4KV@_lzfmfvc)*Sj(QgzhKK1gva%A*Sd^KqEO+IFBXdeNCyq%(@t9cny?km_26tN5F*INlix+kK1?Uqg_Z_^0VsaIaoDiNMi!ZqVzSmW9(~S$|*{7d?m%g1i2u}eH za7-Zl{g6oNQT2aSyjcbPR-C&&2mbH+fjx;8D{;yW-fGk9yXD54eUz37j7g!Qd`O8nrlTys~B-15^Jd2DT; z{BqNXJo{RQycdby9C(!(9V5j&D`x{8FYf*MXP-I4S5vMMe64%$SSEk|{qyJy?0~cA zCo$X;H~0W6n4v1pE!FT9B8WkUwjCrMB^j6^-)am9qMc2>Ia?Z_CQpB4t-p znM4QJT0m%qntcDvA!IFdLlK;WLuv^=X&LhT~%`V(j>X)sxZ0c zraU-!xpM8@v697E%0^Ai!5*TTy@6`)WP#zn@}i4mIeeOv`F6L_m)mc;20qp;@|&lB zCUq6?92kGa@hZL}Iw&4~*$- z%Wgg-ukT5a68OS)@FF$r&GJ=0g=hHsMT_AWodrJhDmYRf=8D~S&ocShk8d+LQl;RM zlq2S3{>QWa`m_Jg^`gq=0e@aDpa-QzF{Vq6fUzCgHpAJv%Lb-)!LFbX;oqqt<`|+RL1;)7cuiAct z-^BWt5|t^z#2eMY(fg6lo+^}cToAmbM7T>yaGCtFx+FT2^DBO4xy7v#kmQBedsL## zBb-m*a-s8)Ph3o>I3|Jl0}@r#FK_vm%2&U3pPV=UF)-*)%Ej{^m9tK}AFk{VGX_BgIjPo zvs*d~YYkxru? zUu5F%Sv^J!F9DCQoU7+nJS)qWU1jiX&VXlh*4O__zW2?q%lT)07wpkRvU~H}oFkp= z=iuw{yW0Lj&Z42{>nOj-Mf;V*90;yB9RD&K*sla?VSZWtV4aCs%-00!;=A`}!l!AX zk8U}T)h=;xiDJ^-5}Uzz6jOt*9;F{ca>R06k}5{UKdniUi`pb5m%2T*>LO~g#d*rp zP#gpI6|8M8`?XastO6&v5YEi`22S?eGrkU2=<9O9IcLgiFRtN?h+it)U*#Mt=T7gP z#@}dSPz}#>Ezh>LKLi}Ka(|Q;6iGeLKTYvbb?^t6PjUIO3*Jj`N+TT6W(g@8lW_dj zcKBsUFmu96P2FN?AphZ&ohkhilI)bUbep85mWkp?b>C)T?we=Z?_kU-z~n3E<)t+| zBTKIY-+7i?dD(me=Y7$FGvvC37t2elo+s7>fe(Y*4PMI(PSVg$;Q5IUN#=gQZvuO! z?GNS5lE-tPe9EA}ObJU9j6Y4N@LzCi75*m=-Q{^6w;Uy-Ftu8?z1|CXG4 z=C^476$W4P%1h5RvfwK8NY3FNdC+k9kSD7i(n_`tmCeacGAhc}Q+|EyeSsB!+!OvodTkT%N$ zad98a@F}8M6Vce>=bEch?u+t|b-z+UdkergSFi`NQ%l!5q&WO%SFDt8f9cEetuK5* zE`{@^oM*l6xpSHP^r5?C<#SKK^BA=%m!uZW6vb8RT-BJQSlcq%pU-FNT!@1Ar(BM} zgW>Sc3Jt8bp4pVoap=7W?l*Zyv|;1Pzr=C=w6b5f6R#ZHr(|*>X`C&JXj7nHxWS<^ zIBW0{;=!<&vv(+@-m5rfJKl|oTg~TZk3aU5eDyz1mDAuWEit$Xm!RQrxq;LF$%A(i zpMC{TWAyQ^=6-1c)1rJ&#n3v5J0)P-D$5n~R1WU|taMZcbE?|dA8D>hISGl;@K)lL zbCf{-sT@vK9$FD#>dA8{$3yp3x;NB&lEVI6IS&aj8OEMadFHWcL78dwi~DVrV^U8r&J?x$Y;@$fcK)57544f&)zh+Zh=IR+jh|6^ce5ZBi{d zOa(6W$qMSQQ)J3qG;8 z1)MMQM(0kwlXU{!9gov%a0e{pJ2Ery-HggMxMZ;rXw5LE${BkLc!t44H52~|SRd?Qe5$CC)>8K_C5GgJal7`~#RleoF>PK3&i8USKbK#0 zj)8T*|K1zqiAU}?+TYdO^QFm=iIx+?Q!)VGqrE|K?cfL+`=uLvyXrtF=3Zl_&k4@f z+iqa~l@D(Q+mM?HZjEO!J%yYGF-qrQC2Og!7wOEeMCO#P>zaqueii20(TIyNxIhlh zygGlJ@aT}}bsQ)XottAT*kO?v_H8QT3@IK+f+&Zww^kJ2h6z} z+_42s@Cb6q7o0brz23R9;Pmgnu|LDWTi=2P$-_UqO;-N;QCaiHXN~dK95nde&yRGD zIZq5Kb`e}C9!rg2suf$^Ol`js{79({zi*x`FPQOOuqAF+FZny_{a_{Byx#{Fy%&tr zK$~KzhiN}LXylt3T&#=4dN=n@`;ZosBPL?4gMT;I!SMn^-U8353GBH3yOe!sN>Y)m z1Sfp!&G3S5Un&pWb0c`^yJh7wkI2h^S|J=tuY0^oJsD&}_Yog!0rxX0Q4;@p*yk@dL${-#e@e7lUuWgif z(OVBbfd2CKEqnIt+;Dqj*uK-c+I@3PH(uqKoYL*>->=x#0Weeswij%(;+Yk{>ah2) z#(+mH>ol<5wcvLZ+w1inl}66tjo_RW+uXu^v%{4v1as^qKUhs%Z195pWiM1rZ7>d8 zWEpj?2{<(aO?dTz+Z}7i0~{Vev*HL@OLO4S=d!QP&wv+1O{K<| z)_!M$+jD}wwL8G!QX8q@IadsBDtN{cp7TyH_KLrq=sGHjJwDz)Dbsz_KN{dVI6GNC z>)4l4<3b0*#@V2b=cc}->bVaM_{V$!zV_RrEu(o;-ILN(&b$Zn=_W>3f~|Fc6*91) z)DNq{87r>Vfj4#~*cd1Gr;7Vy!t=7CST&Hk*weScuW?I8ShiGveePhb_YrT#iEqQc zesHs3$hyFgfn|PwXqvf%PkkkS7d}}fc(f|KZ{4;AX?A$cuENs){Fo;H!?#^#U& zeVa#`hmY6u`3>xgdbzhLLDV6Sq)I_@i4>=nga1TFf-$NE_u}HRg4K4IIQy_4RE%sv zqE*7t)`{2^Ddt3e2Rvjwv3LTmz%ZB@#e7cB;$J7}$1wO1H*?R&p12+Sa}Ry&_jL6& z+v_g*hem$NH@Ii>njNjndtF^kEsU9$JxVPYYHNa3+SqI5z~d^0!)9mikP`;hHITI{ zy?~^qdx&>?8*@jom#ws)n4$Q+POwP* z{EcCEcVCaQ`T9?6-0Tl2^?c&nda7E!JKivmGv39ju??Lu<3( zz_1^7(TDOdi*$f}8zLrk64MO)AH145&w2Hk?{P5h;75H0wb72a!f*VO&HK!6?=A6O zb=1|BJ>4|;{&C`kdNwOQX^{PUKXIdh9FaHPW_T@E({9D_HKO$~$~xW8bFH4ba~|4? z=~A!NLE2rDQ|U5=Wk2LhD*CtkDE3Nfd zVg&7T^?_G>;Uw);PuMvOntI3f+FHBoGVLMB`y%g(+;Zq&!q67_w=eSM|g+Fl5zTlY`|g8J+o_7aB6E7g+-yQRKkjw*$N$f~{Cz)7vpt)8ZJzzwcx9vwT-R6U%`;$Gyc)2qbLP!6 z@LV_J(zBjlST}E8lZjVCqQbLI(N_bW#Vfz?RsEW49hc&?=5yV`^#M-nYafl%s;_Cg zthE6h=3Myd>|v_Nb!2ijPSBdMq1nwk3$7{ZNQms+_!fAk^j2t1&Q;gC^H}Ni;y|wb- z9psm@;&TjajQT}{Q=eBn)m}V8cCKBAcK=$mYgfzL_`z(aJ#VjjQ#P$TV0ge}7bvd@ zt#{6c5%4TxVsj;0Yv<&I4wApyy%T?j?S~|leAS$vi^tP%D<@Bx!Tvv$v%d?Db~ZU7 z#TEtanepmS&yJn1zAjr|1V6BLy+lUfN7B?{;6vIb(Ws)|2a6^p!o*&fGoFbYS}LFW z*1Bz+PqQV6JWVKAhrRFMF|zeNbbY}5=h>vHy6tN&_uvT=XT?;`gX!cWd@eNcsFNtJ zCRlwkz|^Q8!&dZalT$OLaR?p*HDIkrDt<=s1d5Tcv{6sWr*6$Ty_6h_;(lg)Ja)jB zrhdEgpae0V`|vifvG24}1FduS-&Tc|y>crR2bK|y=e@Vt&;d`tvq5wIhj*dXPwl9( z6~4f1Jz76oJy`lr!oX-fuB>B93fW7j9!w5n9zp$8F(X>v48!Xwp8C_FcMll3K%>s@ z9{io^QYc15adhev(bJ5l2s(<23kjt@{@(TgYEkeesk0jOe521ZSPBEXV)TCo2c@;m zDi6FX@|~LJQ2m9?FTN^%@9Z}49;x6x6yK)$JKF!+y8ay&&UF#wa-;ct)o<@^Y&L4L z>Q5B{mL@E;*WvWgW_RY>ZzAfqYge4DdFTetZ*Jfz&6@? zPZ<5zu~#gB;z}xq@qeLR>C{QHc`afx6u_U=yrbq_wPv_${Z@Gc%z|qC7lWNs-Ba~5 zu~P4^b~KfyqXnosEWrmu4ee@6KAa@52?x0EwrY=T@o$iK(UvuFo;$ggub;2F^I2`o zf9m$C!L7KL1P>af@YyxzoD2T!2={yAir?ZNV-?lb*E+Z2B&^`z?4`A>s%K%Lrn>)K zKchaMjW%--c&t79&`p6Wxcr_Rx&Jx1U$w);l9_owSBr0=4qVL`Sh~SNI477VXepwX zR|H?K3ha;Sz=VToT>a?d%%@1h>mrF7unFvs>KQvqUDN60RV~zo{C6Lr1{^_-uS)jq z43Iy*dPr8SiI62X1j*vNxj&WMSLUGBp6BZ6`l`6E1Ic~zPTC~eyWnTgYP2w?HD|0G zb;W1hwq&8Kc=~Y(z}qJDU?7;CNJ&CZ*I8cwSJk@F8sow3e(0#B&?dM1VbvS5?E2@( zEvt^>ujLo3Lcp}3XHE^RW{7#nIH*@d{V4a{-Y2&{QYuex8j$DT9hDtn@Mnmpil0;6 zrA#nFS6y-*`nC(@`*&Xt$9a_;d2c^hnqcazXmXI_)|~pjEqlq;n&`hv4hK>njVPBj zZzjr)C~}49vnNrDj6tVX$3S&SOFNHCps5vKDVIF?Th$(olWWjjz53=Dbhq)KqVB7; zDXp0JI>*VK;{J^M_+Q=(w&U*jWebj51m(<(?L(n}c=tS?YLy{e% zl2OtlF&1=RD<-5Eyol;TX1R~ab8ltI8~ZKPKwp*{mb@X0ui7NnFWDf!TfN7qdum=v zaSPX7ag|ZC)mnpo{$1o+AAayQ>YR0dwXt5PmhBNV+EuSZ^N+zHnRto$B$|3zWDfca zaBD*7XJ}rZq}LvoLUb7u?Z+evjk-hBs4idhTUoH+XL9ywKa|Bwo{?8K_%o+nM!rvL ze)r#dubgw*H|6v%e@V{$&Nt<<^UjtZ-F>4`kEtNz3ZO=TcBX%Bk0h54N+flqoU&fDL#d6GgPlzFpqE!J>6{Vra;V#pi&lM} zywpN@@`=aLa=C=O+nI9qx4(*}<;7qz_LJkIu1B8F$y`;fDy_Gdur8^uf#zF7;wmMN zb9VuA)Zaf%;xc@4IJ;j0I5&loJ1FD)8=uoCyW<)ph1^m?ESf`{ZB-v%=d@}vnaDf; z>X%Q;r5DYYtI^oG7JZ!?moAhoudg$FG*tV-uDNlZRn?8w{znGQXk7RQ<`JuzL#!o1 z0qK%NtvNi+CjtKPMvbSM{9SY!dEcmfLq|=qeyWF&O}$5TsWk?fsM-AD$tS59e^)L* z-|mjv78!FubuCoStPHME8F`c<_A6F=92N9ysX z`A@}8IjJKBQ?ttl-xYQwhFlAnRobBWXw_S*MuWgaoPFp=KauZ#<;!yEd1o2gVn4X= z23hgThslZccB&qk`XySatCa98sy1CjP@=JZ1v4j#O%Cb|=*=Hd-IEeS*DNVA)p%wq zEokbYg`+xXs<*HCX4Pglv!lfwHF(;lJDPhy*&HOqcYet zx~|RJZPZ8HRgF9|Xt!Ca!HH*r`>il^rAisk6!r%(sMCym<5>UE zvB6gIF=(Q+lDq5#TU^ZgQ~}1R3||&+4Vu-N=)}dMxz0W*F_K&x_eSdghJF(9TXE(V z?w!_+@@a#a991QG{~9nfdE~ekU2`?Hmh)uM)fdW@X#CuM%eC^epWMq%dEUJ7q4Bq- zhbGzgzz5cRYRlk^t~K@d2J}Ky$H%UQ>1jufJgaS=4GzlMBx}U2Y`Teczo+$GYU-8j*%|j-YCo#W{`|(|}`u9(xE%@S?_Fw<&YZ`n?^V7cCA@spiuVRQj z1lla*MH|5Jy2(fT(A{n&kE{9UE^<1G4^b^NJv(^$JaabV&U{d(bU`8M=Zld0W+>8(~QWf9zT<=~Sqwvdmh zCdaDzRL!B*pt0?N!+eyz-!XEKQ{+#NllSdwWIUORF0iCtu)NI<&&m&f>W9Db!JY4| z@BKNP=8+~VIXQG(?c`^(sex7Ikb8@x-c5egOrBIQB(A=Phao5kX zvoAJBfgd0Ts2p_7p$(E>oo>~<-%*)B3#FCVK0xhlz}3DJj`c_K@ILDEbyVOBpEJ=o zXda_a1H`f(c*0F^r=3Z5@v_FbGRQlE4NwknC;P;1?#(2e&$-;!0C}38%8rS4tM}P| zmFEjr^>bs+j$coD`kIuVY49=0qjZpSZ%%iL7oEyB_!gr)m*cc^hL?zLPgTdHJKq^> z3d_0R!*}>!`wEWa=ZDG~9~gIbg^s(rJ16u$H!#o0-zXG2IaI^SzC)&Deh zO8}?+PycT{Z<)J3{oSAa9dm!v#IJCDzIoofQ^|3hnnRi*Z{ECfj5LMm6oXHu4V};R zL7swa+28vPrn@E2=gYiu@auIN<)Wd3TXc;)x4%?#Gs56`ju-@)jVvhkH3y0iEG}nA%!m{~vdD%FaY|iok8EHu9afERl_CUxAwu0*(~DD9&lc>IqWfU^d8 zqIkw26Au}lAJs5Vu?taLWx#@h13&{N($0Gk(em8I2N7{LL#sTP2SB&c0LkUZuS6j$3a6Pkg@o?4f(v=XFk%uqQIJ z7fNFh%7XasAbSs#rNwuP%+n~TAN|-sNN7u*)u=-@O^024F$HbH>t0p_QZa! zq`=PK$me&^TB8Q8elY4Ynn~WP6m1dJ9$a{ZVj?b(2kyIB#`?!D9PSvMZXt%K7f~xU zSv#@R$r;s0ZCpK5bPu6d9kn*~OLCv&^_^fTqj7y6+uUTfH(K3s#$ +#include +#include"host.h" +#include"processlistwindow.h" +#include"Lang/Lang.h" +std::unordered_map> getprocesslist() +{ + std::unordered_map>exe_pid; + AutoHandle<> hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); + if (hSnapshot == INVALID_HANDLE_VALUE) + return {}; + + PROCESSENTRY32 pe32; + pe32.dwSize = sizeof(PROCESSENTRY32); + wchar_t buff[65535]; + if (Process32First(hSnapshot, &pe32)) + { + do + { + auto PROCESS_INJECT_ACCESS = ( + PROCESS_CREATE_THREAD | + PROCESS_QUERY_INFORMATION | + PROCESS_VM_OPERATION | + PROCESS_VM_WRITE | + PROCESS_VM_READ); + AutoHandle<> handle = OpenProcess(PROCESS_INJECT_ACCESS, 0, pe32.th32ProcessID); + if (handle == 0)continue; + DWORD sz = 65535; + QueryFullProcessImageNameW(handle, 0, buff, &sz); + + auto buffs=std::wstring(buff); + auto str=std::wstring(buff); + std::transform(str.begin(), str.end(), str.begin(), [](wchar_t ch){ return std::tolower(ch, std::locale());}); + if(str.find(L"\\windows\\")!=str.npos || str.find(L"\\microsoft")!=str.npos|| str.find(L"\\windowsapps")!=str.npos)continue; + + + if(exe_pid.find(buffs)==exe_pid.end()){ + exe_pid.insert({buffs,{}}); + } + exe_pid[buffs].push_back(pe32.th32ProcessID); + } while (Process32Next(hSnapshot, &pe32)); + } + return exe_pid; +} +void processlistwindow::PopulateProcessList(listbox* _listbox,std::unordered_map>&exe_pid){ + _listbox->clear(); + for(auto& exe:exe_pid){ + _listbox->additem(exe.first.c_str()); + } +} + +processlistwindow::processlistwindow(mainwindow* parent):mainwindow(parent){ + settext(WndSelectProcess); + g_hEdit = new textedit(this,L"",10, 10, 400, 40,ES_AUTOHSCROLL); + g_hButton=new button(this,BtnAttach,420, 10, 100, 40); + g_refreshbutton =new button(this,BtnRefresh,530, 10, 100, 40); + g_hButton->onclick=[&](){ + auto str=g_hEdit->text(); + if(str.size()){ + close(); + for(auto _s:strSplit(str,L",")){ + Host::InjectProcess(std::stoi(_s)); + } + } + }; + g_refreshbutton->onclick=[&](){ + g_exe_pid=getprocesslist(); + PopulateProcessList(g_hListBox,g_exe_pid); + }; + g_hListBox = new listbox(this,10, 60, 310, 200); + g_hListBox->oncurrentchange=[&](int idx){ + auto pids=g_exe_pid[g_hListBox->text(idx)]; + + std::wstring _; + bool _1=false; + for(auto &p:pids){ + if(_1)_+=L","; + _+=std::to_wstring(p); + _1=true; + } + g_hEdit->settext(_); + }; +} +void processlistwindow::on_show(){ + g_hEdit->settext(L""); + g_exe_pid=getprocesslist(); + PopulateProcessList(g_hListBox,g_exe_pid); +} +void processlistwindow::on_size(int w,int h){ + g_hListBox->setgeo(10,60,w-20,h-70); +} \ No newline at end of file diff --git a/LunaHost/GUI/processlistwindow.h b/LunaHost/GUI/processlistwindow.h new file mode 100644 index 0000000..b03606e --- /dev/null +++ b/LunaHost/GUI/processlistwindow.h @@ -0,0 +1,18 @@ +#ifndef LUNA_PROCLIST_WIN_H +#define LUNA_PROCLIST_WIN_H +#include"window.h" +#include"controls.h" +class processlistwindow:public mainwindow{ + textedit* g_hEdit; + button* g_hButton; + listbox* g_hListBox; + button* g_refreshbutton; + std::unordered_map> g_exe_pid; + void PopulateProcessList(listbox*,std::unordered_map>&); +public: + processlistwindow(mainwindow* parent=0); + void on_size(int w,int h); + void on_show(); +}; + +#endif \ No newline at end of file diff --git a/LunaHost/GUI/window.cpp b/LunaHost/GUI/window.cpp new file mode 100644 index 0000000..49658f4 --- /dev/null +++ b/LunaHost/GUI/window.cpp @@ -0,0 +1,145 @@ +#include"window.h" +#include"controls.h" +#include"Lang/Lang.h" +void SetDefaultFont(HWND hwnd) +{ + EnumChildWindows(hwnd, [](HWND hwndChild, LPARAM lParam) + { + static auto fnt=CreateFont(28, 0, 0, 0, FW_NORMAL, FALSE, FALSE, FALSE, + ANSI_CHARSET, OUT_DEFAULT_PRECIS, + CLIP_DEFAULT_PRECIS, DEFAULT_QUALITY, + DEFAULT_PITCH | FF_DONTCARE, DefaultFont); + SendMessage(hwndChild, WM_SETFONT, (WPARAM)fnt, TRUE); + return TRUE; + }, 0); +} + +std::wstring basewindow::text(){ + int textLength = GetWindowTextLength(winId); + std::vector buffer(textLength + 1); + GetWindowText(winId, buffer.data(), buffer.size()); + return buffer.data(); +} +void basewindow::settext(const std::wstring& text){ + SetWindowText(winId,text.c_str()); +} + +void basewindow::setgeo(int x,int y,int w,int h){ + MoveWindow(winId,x,y,w,h,TRUE); +} +RECT basewindow::getgeo(){ + RECT rect; + GetWindowRect(winId,&rect); + return rect; +} + +LRESULT mainwindow::wndproc(UINT message, WPARAM wParam, LPARAM lParam){ + switch (message) + { + case WM_SHOWWINDOW: + { + on_show(); + SetDefaultFont(winId); + break; + } + case WM_SIZE: + { + int width = LOWORD(lParam); + int height = HIWORD(lParam); + on_size(width,height); + break; + } + case WM_COMMAND: + { + if(lParam==0){ + for(auto ctl:controls){ + if(lastcontexthwnd==ctl->winId){ + ctl->oncontextmenucallback(wParam);break; + } + } + } + else + for(auto ctl:controls){ + if((HWND)lParam==ctl->winId){ + ctl->dispatch(wParam);break; + } + } + break; + } + case WM_CONTEXTMENU: + { + bool succ=false;lastcontexthwnd=0; + for(auto ctl:controls){ + if((HWND)wParam==ctl->winId){ + auto hm=ctl->oncontextmenu(); + if(hm){ + int xPos = LOWORD(lParam); + int yPos = HIWORD(lParam); + TrackPopupMenu(hm, TPM_LEFTALIGN | TPM_TOPALIGN | TPM_RIGHTBUTTON, + xPos, yPos, 0, winId, NULL); + lastcontexthwnd=ctl->winId; + succ=true; + } + break; + } + } + if(succ==false)return DefWindowProc(winId, message, wParam, lParam); + break; + } + case WM_CLOSE: + { + on_close(); + if(parent==0)PostQuitMessage(0); + else ShowWindow(winId,SW_HIDE); + break; + } + default: + return DefWindowProc(winId, message, wParam, lParam); + } + + return 0; +} + +mainwindow::mainwindow(mainwindow* _parent){ + const wchar_t CLASS_NAME[] = L"LunaHostWindow"; + + WNDCLASS wc = {}; + wc.lpfnWndProc = [](HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam) + { + mainwindow* _window = reinterpret_cast(GetWindowLongPtrW(hWnd, GWLP_USERDATA)); + if ((!_window)||(_window->winId!=hWnd)) return DefWindowProc(hWnd, message, wParam, lParam); + return _window->wndproc(message,wParam,lParam); + }; + wc.hInstance = GetModuleHandle(0); + wc.lpszClassName = CLASS_NAME; + wc.hbrBackground = (HBRUSH)(COLOR_WINDOW ); + wc.hIcon=LoadIconW(GetModuleHandle(0),L"IDI_ICON1"); + static auto _=RegisterClass(&wc); + HWND hWnd = CreateWindowEx( + WS_EX_CLIENTEDGE,CLASS_NAME,CLASS_NAME,WS_OVERLAPPEDWINDOW, + CW_USEDEFAULT, CW_USEDEFAULT, CW_USEDEFAULT, CW_USEDEFAULT, + _parent?_parent->winId:NULL,NULL,GetModuleHandle(0),this + ); + winId = hWnd; + parent=_parent; + SetWindowLongPtrW(hWnd, GWLP_USERDATA, (LONG_PTR)this); +} +void mainwindow::show(){ + ShowWindow(winId, SW_SHOW); + SetForegroundWindow(winId); +} +void mainwindow::close(){ + ShowWindow(winId, SW_HIDE); +} +void mainwindow::run(){ + MSG msg = {}; + while (GetMessage(&msg, NULL, 0, 0)) + { + TranslateMessage(&msg); + DispatchMessage(&msg); + } +} + +void mainwindow::on_close(){} +void mainwindow::on_show(){} +void mainwindow::on_size(int w,int h){} \ No newline at end of file diff --git a/LunaHost/GUI/window.h b/LunaHost/GUI/window.h new file mode 100644 index 0000000..8d7f429 --- /dev/null +++ b/LunaHost/GUI/window.h @@ -0,0 +1,27 @@ +#ifndef LUNA_BASE_WINDOW_H +#define LUNA_BASE_WINDOW_H +class control; +class basewindow{ +public: + HWND winId; + void setgeo(int,int,int,int); + RECT getgeo(); + std::wstring text(); + void settext(const std::wstring&); + operator HWND(){return winId;} +}; +class mainwindow:public basewindow{ +public: + std::vectorcontrols; + mainwindow* parent; + HWND lastcontexthwnd; + virtual void on_show(); + virtual void on_close(); + virtual void on_size(int w,int h); + mainwindow(mainwindow* _parent=0); + LRESULT wndproc(UINT message, WPARAM wParam, LPARAM lParam); + static void run(); + void show(); + void close(); +}; +#endif \ No newline at end of file diff --git a/LunaHost/LunaHostCLI.cpp b/LunaHost/LunaHostCLI.cpp new file mode 100644 index 0000000..8a48f40 --- /dev/null +++ b/LunaHost/LunaHostCLI.cpp @@ -0,0 +1,111 @@ +#include "host.h" +#include "hookcode.h" +#include +#include + + +int main() +{ + _setmode(_fileno(stdout), _O_U16TEXT); + _setmode(_fileno(stdin), _O_U16TEXT); + wprintf_s(L"Usage: {'attach'|'detach'|hookcode} -Pprocessid\n"); + fflush(stdout); + Host::Start([](auto) {}, [](auto) {}, [](auto&) {}, [](auto&) {}, [](TextThread& thread, std::wstring& output) + { + wprintf_s(L"[%I64X:%I32X:%I64X:%I64X:%I64X:%s:%s] %s\n", + thread.handle, + thread.tp.processId, + thread.tp.addr, + thread.tp.ctx, + thread.tp.ctx2, + thread.name.c_str(), + thread.hp.hookcode, + output.c_str() + ); + fflush(stdout); + return false; + }); + wchar_t input[500] = {}; + SearchParam sp = {}; + sp.codepage = Host::defaultCodepage; + sp.length = 0; + while (fgetws(input, 500, stdin)) + { + if(wcslen(input)<=1)continue;//\r\n,第二行会直接只有一个\n + wchar_t command[500] = {}; + DWORD processId = 0; + + int split; + for (split = wcslen(input) - 1; split >= 1; split--) { + if (input[split] == L'P' && input[split-1]=='-') { + processId = _wtoi(input + split + 1); + break; + } + } + if (split == 1)continue;// ExitProcess(0); + split -= 2; + while (split > 0 && input[split] == L' ')split -= 1; + if (split == 0)continue;//ExitProcess(0); + input[split + 1] = 0; + wcscpy(command, input); + //if (swscanf(input, L"%500s -P%d", command, &processId) != 2) ExitProcess(0); + if (_wcsicmp(command, L"attach") == 0) Host::InjectProcess(processId); + else if (_wcsicmp(command, L"detach") == 0) { Host::DetachProcess(processId); } + else if (_wcsicmp(command, L"find") == 0) { + std::shared_ptr> hooks = std::make_shared>(); + + try + { + Host::FindHooks(processId, sp, + [hooks](HookParam hp, std::wstring text) { + //if (std::regex_search(text, std::wregex(L"[\u3000-\ua000]"))) { + if (std::regex_search(text, std::wregex(L"[\u3000-\ua000]"))) { + hooks->push_back(std::wstring(hp.hookcode) + L"=>" + text + L"\n"); + + + // *hooks << sanitize(S(HookCode::Generate(hp) + L" => " + text)); + } + }); + } + catch (wchar_t c) { std::wcout << c; } + std::thread([hooks] + { + for (int lastSize = 0; hooks->size() == 0 || hooks->size() != lastSize; Sleep(2000)) lastSize = hooks->size(); + + FILE* out = fopen("hook.txt", "a+,ccs=UTF-8"); + for (auto& hook : *hooks) { + + fwrite(hook.c_str(), wcslen(hook.c_str()) * sizeof(wchar_t), 1, out); + } + fclose(out); + }).detach(); + + } + + else { + if (command[0] == L'-') { + try + { + unsigned long long address; + swscanf_s(command, L"-%llu", &address); + Host::RemoveHook(processId, address); + + } + catch (std::out_of_range) {} + } + else if (command[0] == L'=') { + int codepage; + swscanf_s(command, L"=%d", &codepage); + Host::defaultCodepage = codepage; + } + else if (command[0] == L'+') { + int flushDelay; + swscanf_s(command, L"+%d", &flushDelay); + TextThread::flushDelay = flushDelay; + } + else if (auto hp = HookCode::Parse(command)) Host::InsertHook(processId, hp.value()); + else ExitProcess(0); + } + } + ExitProcess(0); +} diff --git a/LunaHost/LunaHostDll.cpp b/LunaHost/LunaHostDll.cpp new file mode 100644 index 0000000..8a81c3e --- /dev/null +++ b/LunaHost/LunaHostDll.cpp @@ -0,0 +1,208 @@ +#include"host.h" +#include"hookcode.h" +#include"defs.h" +#include"winevent.hpp" +#define C_LUNA_API extern "C" __declspec(dllexport) +BOOL APIENTRY DllMain(HMODULE hModule, + DWORD ul_reason_for_call, + LPVOID lpReserved +) +{ + switch (ul_reason_for_call) + { + case DLL_PROCESS_ATTACH: + case DLL_THREAD_ATTACH: + case DLL_THREAD_DETACH: + case DLL_PROCESS_DETACH: + break; + } + return TRUE; +} + +static HANDLE HostMessageSender; + +struct messagelist{ + bool read; + int type; + DWORD pid; + char name[HOOK_NAME_SIZE]; + wchar_t hookcode[HOOKCODE_LEN]; + ThreadParam tp; + wchar_t* stringptr; + uint64_t addr; + messagelist(int _t):read(false),type(_t),pid(0),tp({}),stringptr(nullptr),addr(0){}; + void sethp(const HookParam& hp){ + wcscpy_s(hookcode,HOOKCODE_LEN,hp.hookcode); + strcpy_s(name,HOOK_NAME_SIZE,hp.name); + } + void setstring(const std::wstring& s){ + stringptr=new wchar_t[s.size()+1]; + wcscpy(stringptr,s.c_str()); + } + ~messagelist(){ + DWORD _; + WriteFile(HostMessageSender,this,sizeof(messagelist),&_,NULL); + } +}; +C_LUNA_API void Luna_Start( HANDLE* hRead ){ + CreatePipe(hRead,&HostMessageSender,NULL,0); + Host::StartEx( + [](DWORD pid){ + messagelist message(0); + message.pid=pid; + }, + [](DWORD pid){ + messagelist message(1); + message.pid=pid; + }, + [](TextThread& thread) { + messagelist message(2); + message.sethp(thread.hp); + message.tp=thread.tp; + }, + [](TextThread& thread) { + messagelist message(3); + message.sethp(thread.hp); + message.tp=thread.tp; + }, + [](TextThread& thread, std::wstring& output){ + messagelist message(4); + message.sethp(thread.hp); + message.tp=thread.tp; + message.setstring(output); + return true; + }, + [](std::wstring& output){ + messagelist message(5); + message.setstring(output); + }, + [](uint64_t addr,std::wstring& output){ + messagelist message(6); + message.setstring(output); + message.addr=addr; + }, + [](std::wstring& output,ThreadParam& tp){ + messagelist message(7); + message.setstring(output); + message.tp=tp; + }); +} +C_LUNA_API void Luna_Inject(DWORD pid,LPCWSTR basepath){ + Host::InjectProcess(pid,basepath); +} +C_LUNA_API bool Luna_CreatePipeAndCheck(DWORD pid){ + return Host::CreatePipeAndCheck(pid); +} +C_LUNA_API void Luna_Detach(DWORD pid){ + Host::DetachProcess(pid); +} + +C_LUNA_API void Luna_cfree(void* ptr){ + delete ptr; +} + +C_LUNA_API void Luna_Settings(int flushDelay,bool filterRepetition,int defaultCodepage,int maxBufferSize){ + TextThread::flushDelay=flushDelay; + TextThread::filterRepetition=filterRepetition; + Host::defaultCodepage=defaultCodepage; + TextThread::maxBufferSize=maxBufferSize; +} + +C_LUNA_API bool Luna_InsertHookCode(DWORD pid,LPCWSTR hookcode){ + auto hp = HookCode::Parse(hookcode); + if(hp) + Host::InsertHook(pid, hp.value()); + return hp.has_value(); +} + +C_LUNA_API void Luna_RemoveHook(DWORD pid,uint64_t addr){ + Host::RemoveHook(pid,addr); +} +struct simplehooks{ + wchar_t hookcode[HOOKCODE_LEN]; + wchar_t *text; + simplehooks():text(0){}; +}; +C_LUNA_API void Luna_FindHooks(DWORD pid,SearchParam sp,HANDLE* hRead,int** pc){ + + auto count=new int{0}; + *pc=count; + HANDLE hWrite; + CreatePipe(hRead,&hWrite,NULL,0); + Host::FindHooks(pid,sp,[=](HookParam hp, std::wstring text) { + //if (std::regex_search(text, std::wregex(L"[\u3000-\ua000]"))) { + simplehooks sh; + wcscpy_s(sh.hookcode,HOOKCODE_LEN, hp.hookcode); + sh.text=new wchar_t[text.size()+1]; + wcscpy(sh.text, text.c_str()); + *count+=1; + if(0==WriteFile(hWrite,&sh,sizeof(sh),NULL,NULL)) + CloseHandle(hWrite); + }); +} +C_LUNA_API void Luna_FindHooks_waiting(int* count){ + for (int lastSize = 0; *count == 0 || *count != lastSize; Sleep(2000)) lastSize = *count; + delete count; +} +C_LUNA_API void Luna_EmbedSettings(DWORD pid,UINT32 waittime,UINT8 fontCharSet,bool fontCharSetEnabled,wchar_t *fontFamily,UINT32 spaceadjustpolicy,UINT32 keeprawtext){ + auto sm=Host::GetEmbedSharedMem(pid); + if(!sm)return; + sm->waittime=waittime; + sm->fontCharSet=fontCharSet; + sm->fontCharSetEnabled=fontCharSetEnabled; + wcscpy_s(sm->fontFamily,100,fontFamily); + sm->spaceadjustpolicy=spaceadjustpolicy; + sm->keeprawtext=keeprawtext; +} +C_LUNA_API bool Luna_checkisusingembed(DWORD pid,uint64_t address,uint64_t ctx1,uint64_t ctx2){ + auto sm=Host::GetEmbedSharedMem(pid); + if(!sm)return false; + for(int i=0;i<10;i++){ + if(sm->use[i]){ + if((sm->addr[i]==address)&&(sm->ctx1[i]==ctx1)&&(sm->ctx2[i]==ctx2))return true; + } + } + return false; +} +C_LUNA_API void Luna_useembed(DWORD pid,uint64_t address,uint64_t ctx1,uint64_t ctx2,bool use){ + auto sm=Host::GetEmbedSharedMem(pid); + if(!sm)return ; + sm->codepage=Host::defaultCodepage; + for(int i=0;i<10;i++){ + if(sm->use[i]){ + if((sm->addr[i]==address)&&(sm->ctx1[i]==ctx1)&&(sm->ctx2[i]==ctx2)){ + if(use==false){ + sm->addr[i]=sm->ctx1[i]=sm->ctx2[i]=sm->use[i]=0; + } + } + } + } + if(use){ + for(int i=0;i<10;i++){ + if(sm->use[i]==0){ + sm->use[i]=1; + sm->addr[i]=address; + sm->ctx1[i]=ctx1; + sm->ctx2[i]=ctx2; + } + } + } +} + +inline UINT64 djb2_n2(const unsigned char * str, size_t len, UINT64 hash = 5381) +{ + int i=0; + while (len--){ + hash = ((hash << 5) + hash) + (*str++); // hash * 33 + c + } + return hash; +} +C_LUNA_API void Luna_embedcallback(DWORD pid,LPCWSTR text,LPCWSTR trans){ + auto sm=Host::GetEmbedSharedMem(pid); + if(!sm)return; + wcscpy_s(sm->text,1000,trans); + char eventname[1000]; + sprintf(eventname,LUNA_EMBED_notify_event,pid,djb2_n2((const unsigned char*)(text),wcslen(text)*2)); + win_event event1(eventname); + event1.signal(true); +} \ No newline at end of file diff --git a/LunaHost/host.cpp b/LunaHost/host.cpp new file mode 100644 index 0000000..3e8f67c --- /dev/null +++ b/LunaHost/host.cpp @@ -0,0 +1,355 @@ +#include "host.h" +#include "defs.h" +#include "hookcode.h" +#include "texthook.h" +typedef LONG NTSTATUS; +#include"yapi.hpp" +#include"Lang/Lang.h" +namespace +{ + class ProcessRecord + { + public: + ProcessRecord(DWORD processId, HANDLE pipe) : + pipe(pipe), + mappedFile(OpenFileMappingW(FILE_MAP_READ, FALSE, (ITH_SECTION_ + std::to_wstring(processId)).c_str())), + mappedFile2(OpenFileMappingW(FILE_MAP_READ|FILE_MAP_WRITE, FALSE, (EMBED_SHARED_MEM + std::to_wstring(processId)).c_str())), + view(*(const TextHook(*)[MAX_HOOK])MapViewOfFile(mappedFile, FILE_MAP_READ, 0, 0, MAX_HOOK * sizeof(TextHook))), // jichi 1/16/2015: Changed to half to hook section sizem + viewMutex(ITH_HOOKMAN_MUTEX_ + std::to_wstring(processId)) + + { + embedsharedmem=(EmbedSharedMem*)MapViewOfFile(mappedFile2, FILE_MAP_READ|FILE_MAP_WRITE, 0, 0, sizeof(EmbedSharedMem)); + //放到构造表里就不行,不知道为何。 + } + + ~ProcessRecord() + { + UnmapViewOfFile(view); + UnmapViewOfFile(embedsharedmem); + } + + TextHook GetHook(uint64_t addr) + { + if (!view) return {}; + std::scoped_lock lock(viewMutex); + for (auto hook : view) if (hook.address == addr) return hook; + return {}; + } + + template + void Send(T data) + { + static_assert(sizeof(data) < PIPE_BUFFER_SIZE); + std::thread([=] + { + WriteFile(pipe, &data, sizeof(data), DUMMY, nullptr); + }).detach(); + } + + Host::HookEventHandler OnHookFound = [](HookParam hp, std::wstring text) + { + Host::AddConsoleOutput(std::wstring(hp.hookcode) + L": " + text); + }; + + + EmbedSharedMem *embedsharedmem; + private: + HANDLE pipe; + AutoHandle<> mappedFile; + AutoHandle<> mappedFile2; + const TextHook(&view)[MAX_HOOK]; + WinMutex viewMutex; + }; + + size_t HashThreadParam(ThreadParam tp) { return std::hash()(tp.processId + tp.addr) + std::hash()(tp.ctx + tp.ctx2); } + Synchronized>> textThreadsByParams; + Synchronized> processRecordsByIds; + + Host::ProcessEventHandler OnConnect, OnDisconnect; + Host::ThreadEventHandler OnCreate, OnDestroy; + Host::ConsoleHandler OnConsole=0; + Host::HookInsertHandler HookInsert=0; + Host::EmbedCallback embedcallback=0; + void RemoveThreads(std::function removeIf) + { + std::vector threadsToRemove; + for (auto& [tp, thread] : textThreadsByParams.Acquire().contents) if (removeIf(tp)) threadsToRemove.push_back(&thread); + for (auto thread : threadsToRemove) + { + OnDestroy(*thread); + textThreadsByParams->erase(thread->tp); + } + } + BOOL Is64BitProcess(HANDLE ph) + { + BOOL f64bitProc = FALSE; + if (detail::Is64BitOS()) + { + f64bitProc = !(IsWow64Process(ph, &f64bitProc) && f64bitProc); + } + return f64bitProc; + } + void CreatePipe(int pid) + { + HANDLE + hookPipe = CreateNamedPipeW((std::wstring(HOOK_PIPE)+std::to_wstring(pid)).c_str(), PIPE_ACCESS_INBOUND, PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE, PIPE_UNLIMITED_INSTANCES, 0, PIPE_BUFFER_SIZE, MAXDWORD, &allAccess), + hostPipe = CreateNamedPipeW((std::wstring(HOST_PIPE)+std::to_wstring(pid)).c_str(), PIPE_ACCESS_OUTBOUND, PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE, PIPE_UNLIMITED_INSTANCES, PIPE_BUFFER_SIZE, 0, MAXDWORD, &allAccess); + HANDLE pipeAvailableEvent = CreateEventW(&allAccess, FALSE, FALSE, (std::wstring(PIPE_AVAILABLE_EVENT)+std::to_wstring(pid)).c_str()); + + Host::AddConsoleOutput((std::wstring(PIPE_AVAILABLE_EVENT)+std::to_wstring(pid))); + SetEvent(pipeAvailableEvent); + std::thread([hookPipe,hostPipe,pipeAvailableEvent] + { + ConnectNamedPipe(hookPipe, nullptr); + CloseHandle(pipeAvailableEvent); + BYTE buffer[PIPE_BUFFER_SIZE] = {}; + DWORD bytesRead, processId; + ReadFile(hookPipe, &processId, sizeof(processId), &bytesRead, nullptr); + processRecordsByIds->try_emplace(processId, processId, hostPipe); + OnConnect(processId); + + //CreatePipe(); + + while (ReadFile(hookPipe, buffer, PIPE_BUFFER_SIZE, &bytesRead, nullptr)) + switch (*(HostNotificationType*)buffer) + { + case HOST_NOTIFICATION_FOUND_HOOK: + { + auto info = *(HookFoundNotif*)buffer; + auto OnHookFound = processRecordsByIds->at(processId).OnHookFound; + std::wstring wide = info.text; + if (wide.size() > STRING) OnHookFound(info.hp, std::move(info.text)); + info.hp.type &= ~CODEC_UTF16; + if (auto converted = StringToWideString((char*)info.text, info.hp.codepage)) + if (converted->size() > STRING) + { + //wcscpy_s(info.hp.hookcode,HOOKCODE_LEN, HookCode::Generate(info.hp, GetCurrentProcessId()).c_str()); + OnHookFound(info.hp, std::move(converted.value())); + } + if (auto converted = StringToWideString((char*)info.text, info.hp.codepage = CP_UTF8)) + if (converted->size() > STRING) + { + //wcscpy_s(info.hp.hookcode,HOOKCODE_LEN, HookCode::Generate(info.hp, GetCurrentProcessId()).c_str()); + OnHookFound(info.hp, std::move(converted.value())); + } + } + break; + case HOST_NOTIFICATION_RMVHOOK: + { + auto info = *(HookRemovedNotif*)buffer; + RemoveThreads([&](ThreadParam tp) { return tp.processId == processId && tp.addr == info.address; }); + } + break; + case HOST_NOTIFICATION_INSERTING_HOOK: + { + if(HookInsert){ + auto info = *(HookInsertingNotif*)buffer; + auto addr=info.addr; + std::wstring hc=processRecordsByIds->at(processId).GetHook(addr).hp.hookcode; + HookInsert(addr,hc); + } + } + break; + case HOST_NOTIFICATION_TEXT: + { + auto info = *(ConsoleOutputNotif*)buffer; + Host::AddConsoleOutput(StringToWideString(info.message)); + } + break; + default: + { + auto data=(TextOutput_T*)buffer; + auto length= bytesRead - sizeof(TextOutput_T); + auto tp = data->tp; + auto textThreadsByParams = ::textThreadsByParams.Acquire(); + auto thread = textThreadsByParams->find(tp); + if (thread == textThreadsByParams->end()) + { + try { thread = textThreadsByParams->try_emplace(tp, tp, processRecordsByIds->at(tp.processId).GetHook(tp.addr).hp).first; } + catch (std::out_of_range) { continue; } // probably garbage data in pipe, try again + OnCreate(thread->second); + } + thread->second.hp.type=data->type; + thread->second.Push(data->data, length); + + if(embedcallback){ + auto & hp=thread->second.hp; + if(hp.type&EMBED_ABLE){ + std::wstring text; + if (hp.type & CODEC_UTF16)text=(std::wstring((wchar_t*)data->data, length / sizeof(wchar_t))); + else if (auto converted = StringToWideString(std::string((char*)data->data, length), hp.codepage ? hp.codepage : Host::defaultCodepage))text=(converted.value()); + else text=L""; + if(text.size()){ + embedcallback(text,tp); + } + + } + + } + } + break; + } + + RemoveThreads([&](ThreadParam tp) { return tp.processId == processId; }); + OnDisconnect(processId); + processRecordsByIds->erase(processId); + }).detach(); + } +} + +namespace Host +{ + void Start(ProcessEventHandler Connect, ProcessEventHandler Disconnect, ThreadEventHandler Create, ThreadEventHandler Destroy, TextThread::OutputCallback Output,bool createconsole) + { + OnConnect = Connect; + OnDisconnect = Disconnect; + OnCreate = [Create](TextThread& thread) { Create(thread); thread.Start(); }; + OnDestroy = [Destroy](TextThread& thread) { thread.Stop(); Destroy(thread); }; + TextThread::Output = Output; + + textThreadsByParams->try_emplace(console, console, HookParam{}, CONSOLE); + + if(createconsole) + OnCreate(GetThread(console)); + + //CreatePipe(); + + } + void StartEx(ProcessEventHandler Connect, ProcessEventHandler Disconnect, ThreadEventHandler Create, ThreadEventHandler Destroy, TextThread::OutputCallback Output,ConsoleHandler console,HookInsertHandler hookinsert,EmbedCallback embed){ + Start(Connect,Disconnect,Create,Destroy,Output,false); + + OnConsole=console; + HookInsert=hookinsert; + embedcallback=embed; + } + constexpr auto PROCESS_INJECT_ACCESS=( + PROCESS_CREATE_THREAD | + PROCESS_QUERY_INFORMATION | + PROCESS_VM_OPERATION | + PROCESS_VM_WRITE | + PROCESS_VM_READ); + bool SafeInject(HANDLE process,const std::wstring &location){ +//#ifdef _WIN64 +#if 0 + BOOL invalidProcess = FALSE; + IsWow64Process(process, &invalidProcess); + if (invalidProcess) return AddConsoleOutput(NEED_32_BIT); +#endif + bool succ=false; + if (LPVOID remoteData = VirtualAllocEx(process, nullptr, (location.size() + 1) * sizeof(wchar_t), MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE)) + { + WriteProcessMemory(process, remoteData, location.c_str(), (location.size() + 1) * sizeof(wchar_t), nullptr); + if (AutoHandle<> thread = CreateRemoteThread(process, nullptr, 0, (LPTHREAD_START_ROUTINE)LoadLibraryW, remoteData, 0, nullptr)){ + WaitForSingleObject(thread, INFINITE); + succ=true; + } + else if (GetLastError() == ERROR_ACCESS_DENIED){ + AddConsoleOutput(NEED_64_BIT); // https://stackoverflow.com/questions/16091141/createremotethread-access-denied + succ=false; + } + VirtualFreeEx(process, remoteData, 0, MEM_RELEASE); + + } + return succ; + } + bool UnSafeInject(HANDLE process,const std::wstring &location){ + + DWORD64 injectedDll; + yapi::YAPICall LoadLibraryW(process, _T("kernel32.dll"), "LoadLibraryW"); + if(x64)injectedDll = LoadLibraryW.Dw64()(location.c_str()); + else injectedDll = LoadLibraryW(location.c_str()); + if(injectedDll)return true; + return false; + + } + bool CheckProcess(DWORD processId){ + if (processId == GetCurrentProcessId()) return false; + + WinMutex(ITH_HOOKMAN_MUTEX_ + std::to_wstring(processId)); + if (GetLastError() == ERROR_ALREADY_EXISTS){AddConsoleOutput(ALREADY_INJECTED); return false;} + return true; + } + bool InjectDll(DWORD processId,const std::wstring locationX){ + AutoHandle<> process = OpenProcess(PROCESS_INJECT_ACCESS, FALSE, processId); + if(!process)return false; + bool proc64=Is64BitProcess(process); + auto dllname=proc64?LUNA_HOOK_DLL_64:LUNA_HOOK_DLL_32; + std::wstring location =locationX.size()?(locationX+L"\\"+dllname): std::filesystem::path(GetModuleFilename().value()).replace_filename(dllname); + AddConsoleOutput(location); + if(proc64==x64){ + return (SafeInject(process,location)); + } + else{ + return (UnSafeInject(process,location)); + } + } + bool CreatePipeAndCheck(DWORD processId){ + CreatePipe(processId); + return CheckProcess(processId); + } + void InjectProcess(DWORD processId,const std::wstring locationX) + { + CreatePipe(processId); + std::thread([processId,locationX] + { + if(CheckProcess(processId)==false)return; + + if(InjectDll(processId,locationX))return ; + AddConsoleOutput(INJECT_FAILED); + + + }).detach(); + } + + void DetachProcess(DWORD processId) + { + auto &prs=processRecordsByIds.Acquire().contents; + if(prs.find(processId)==prs.end())return; + prs.at(processId).Send(HOST_COMMAND_DETACH); + } + + void InsertHook(DWORD processId, HookParam hp) + { + auto &prs=processRecordsByIds.Acquire().contents; + if(prs.find(processId)==prs.end())return; + prs.at(processId).Send(InsertHookCmd(hp)); + } + + void RemoveHook(DWORD processId, uint64_t address) + { + auto &prs=processRecordsByIds.Acquire().contents; + if(prs.find(processId)==prs.end())return; + prs.at(processId).Send(RemoveHookCmd(address)); + } + + void FindHooks(DWORD processId, SearchParam sp, HookEventHandler HookFound) + { + auto &prs=processRecordsByIds.Acquire().contents; + if(prs.find(processId)==prs.end())return; + if (HookFound) prs.at(processId).OnHookFound = HookFound; + prs.at(processId).Send(FindHookCmd(sp)); + } + + TextThread& GetThread(ThreadParam tp) + { + return textThreadsByParams->at(tp); + } + + TextThread* GetThread(int64_t handle) + { + for (auto& [tp, thread] : textThreadsByParams.Acquire().contents) if (thread.handle == handle) return &thread; + return nullptr; + } + EmbedSharedMem* GetEmbedSharedMem(DWORD processId){ + auto &prs=processRecordsByIds.Acquire().contents; + if(prs.find(processId)==prs.end())return 0; + return prs.at(processId).embedsharedmem; + } + void AddConsoleOutput(std::wstring text) + { + if(OnConsole) + OnConsole(std::move(text)); + else + GetThread(console).AddSentence(std::move(text)); + } +} diff --git a/LunaHost/host.h b/LunaHost/host.h new file mode 100644 index 0000000..a9ca963 --- /dev/null +++ b/LunaHost/host.h @@ -0,0 +1,32 @@ +#pragma once + +#include "textthread.h" +#include"texthook.h" +namespace Host +{ + using ConsoleHandler =std::function; + using ProcessEventHandler = std::function; + using ThreadEventHandler = std::function; + using HookEventHandler = std::function; + using HookInsertHandler= std::function; + using EmbedCallback= std::function; + void Start(ProcessEventHandler Connect, ProcessEventHandler Disconnect, ThreadEventHandler Create, ThreadEventHandler Destroy, TextThread::OutputCallback Output,bool createconsole=true); + void StartEx(ProcessEventHandler Connect, ProcessEventHandler Disconnect, ThreadEventHandler Create, ThreadEventHandler Destroy, TextThread::OutputCallback Output,ConsoleHandler console,HookInsertHandler hookinsert,EmbedCallback embed); + void InjectProcess(DWORD processId,const std::wstring locationX=L""); + bool CreatePipeAndCheck(DWORD processId); + + void DetachProcess(DWORD processId); + + void InsertHook(DWORD processId, HookParam hp); + void RemoveHook(DWORD processId, uint64_t address); + void FindHooks(DWORD processId, SearchParam sp, HookEventHandler HookFound = {}); + EmbedSharedMem* GetEmbedSharedMem(DWORD pid); + TextThread* GetThread(int64_t handle); + TextThread& GetThread(ThreadParam tp); + + void AddConsoleOutput(std::wstring text); + + inline int defaultCodepage = SHIFT_JIS; + + constexpr ThreadParam console{ 0, -1LL, -1LL, -1LL }; +} diff --git a/LunaHost/textthread.cpp b/LunaHost/textthread.cpp new file mode 100644 index 0000000..b0912b9 --- /dev/null +++ b/LunaHost/textthread.cpp @@ -0,0 +1,118 @@ +#include "textthread.h" +#include "host.h" +#include"Lang/Lang.h" + +// return true if repetition found (see https://github.com/Artikash/Textractor/issues/40) +static bool RemoveRepetition(std::wstring& text) +{ + wchar_t* end = text.data() + text.size(); + for (int length = text.size() / 3; length > 6; --length) + if (memcmp(end - length * 3, end - length * 2, length * sizeof(wchar_t)) == 0 && memcmp(end - length * 3, end - length * 1, length * sizeof(wchar_t)) == 0) + return RemoveRepetition(text = std::wstring(end - length, length)), true; + return false; +} + +TextThread::TextThread(ThreadParam tp, HookParam hp, std::optional name) : + handle(threadCounter++), + name(name.value_or(StringToWideString(hp.name))), + tp(tp), + hp(hp) +{} + +void TextThread::Start() +{ + CreateTimerQueueTimer(&timer, NULL, [](void* This, auto) { ((TextThread*)This)->Flush(); }, this, 10, 10, WT_EXECUTELONGFUNCTION); +} + +void TextThread::Stop() +{ + timer = NULL; +} + +void TextThread::AddSentence(std::wstring sentence) +{ + queuedSentences->emplace_back(std::move(sentence)); +} + +void TextThread::Push(BYTE* data, int length) +{ + if (length < 0) return; + std::scoped_lock lock(bufferMutex); + + BYTE doubleByteChar[2]; + if (length == 1) // doublebyte characters must be processed as pairs + { + if (leadByte) + { + doubleByteChar[0] = leadByte; + doubleByteChar[1] = data[0]; + data = doubleByteChar; + length = 2; + leadByte = 0; + } + else if (IsDBCSLeadByteEx(hp.codepage ? hp.codepage : Host::defaultCodepage, data[0])) + { + leadByte = data[0]; + length = 0; + } + } + + if (hp.type & HEX_DUMP) for (int i = 0; i < length; i += sizeof(short)) buffer.append(FormatString(L"%04hX ", *(short*)(data + i))); + else if (hp.type & CODEC_UTF16) buffer.append((wchar_t*)data, length / sizeof(wchar_t)); + else if(hp.type&CODEC_UTF32)buffer.append(std::move(utf32_to_utf16(data,length))); + else if (auto converted = StringToWideString(std::string((char*)data, length), hp.codepage ? hp.codepage : Host::defaultCodepage)) buffer.append(converted.value()); + else Host::AddConsoleOutput(INVALID_CODEPAGE); + if (hp.type & FULL_STRING) buffer.push_back(L'\n'); + lastPushTime = GetTickCount64(); + + if (filterRepetition) + { + if (std::all_of(buffer.begin(), buffer.end(), [&](wchar_t ch) { return repeatingChars.find(ch) != repeatingChars.end(); })) buffer.clear(); + if (RemoveRepetition(buffer)) // sentence repetition detected, which means the entire sentence has already been received + { + repeatingChars = std::unordered_set(buffer.begin(), buffer.end()); + AddSentence(std::move(buffer)); + buffer.clear(); + } + } + + if (flushDelay == 0 && hp.type & FULL_STRING) + { + AddSentence(std::move(buffer)); + buffer.clear(); + } +} + +void TextThread::Push(const wchar_t* data) +{ + std::scoped_lock lock(bufferMutex); + // not sure if this should filter repetition + lastPushTime = GetTickCount64(); + buffer += data; +} + +void TextThread::Flush() +{ + { + auto storage = this->storage.Acquire(); + if (storage->size() > maxHistorySize) storage->erase(0, storage->size() - maxHistorySize); // https://github.com/Artikash/Textractor/issues/127#issuecomment-486882983 + } + + std::vector sentences; + queuedSentences->swap(sentences); + int totalSize = 0; + for (auto& sentence : sentences) + { + totalSize += sentence.size(); + sentence.erase(std::remove(sentence.begin(), sentence.end(), 0), sentence.end()); + if (Output(*this, sentence)) storage->append(sentence); + } + + std::scoped_lock lock(bufferMutex); + if (buffer.empty()) return; + if (buffer.size() > maxBufferSize || GetTickCount64() - lastPushTime > flushDelay) + { + AddSentence(std::move(buffer)); + buffer.clear(); + } +} diff --git a/LunaHost/textthread.h b/LunaHost/textthread.h new file mode 100644 index 0000000..25cf075 --- /dev/null +++ b/LunaHost/textthread.h @@ -0,0 +1,43 @@ +#pragma once + +#include "types.h" + +class TextThread +{ +public: + using OutputCallback = std::function; + inline static OutputCallback Output; + + inline static bool filterRepetition = false; + inline static int flushDelay = 100; + inline static int maxBufferSize = 3000; + inline static int maxHistorySize = 10'000'000; + + TextThread(ThreadParam tp, HookParam hp, std::optional name = {}); + + void Start(); + void Stop(); + void AddSentence(std::wstring sentence); + void Push(BYTE* data, int length); + void Push(const wchar_t* data); + + Synchronized storage; + const int64_t handle; + const std::wstring name; + const ThreadParam tp; + HookParam hp; + +private: + inline static int threadCounter = 0; + + void Flush(); + + std::wstring buffer; + BYTE leadByte = 0; + std::unordered_set repeatingChars; + std::mutex bufferMutex; + DWORD64 lastPushTime = 0; + Synchronized> queuedSentences; + struct TimerDeleter { void operator()(HANDLE h) { DeleteTimerQueueTimer(NULL, h, INVALID_HANDLE_VALUE); } }; + AutoHandle timer = NULL; +}; diff --git a/include/CMakeLists.txt b/include/CMakeLists.txt new file mode 100644 index 0000000..1772ed5 --- /dev/null +++ b/include/CMakeLists.txt @@ -0,0 +1,4 @@ + + +add_library(pch hookcode.cpp common.cpp stringutils.cpp) +target_precompile_headers(pch PUBLIC common.h) diff --git a/include/common.cpp b/include/common.cpp new file mode 100644 index 0000000..e69de29 diff --git a/include/common.h b/include/common.h new file mode 100644 index 0000000..a2d7c18 --- /dev/null +++ b/include/common.h @@ -0,0 +1,126 @@ +#pragma once + +#define WIN32_LEAN_AND_MEAN +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include"stringutils.h" +#ifdef _WIN64 +constexpr bool x64 = true; +#else +constexpr bool x64 = false; +#endif + +template struct ArrayImpl { using Type = std::tuple[]; }; +template struct ArrayImpl { using Type = T[]; }; +template using Array = typename ArrayImpl::Type; + +template using Functor = std::integral_constant, F>; // shouldn't need remove_reference_t but MSVC is bugged + +struct PermissivePointer +{ + template operator T*() { return (T*)p; } + void* p; +}; + +template > +class AutoHandle +{ +public: + AutoHandle(HANDLE h) : h(h) {} + operator HANDLE() { return h.get(); } + PHANDLE operator&() { static_assert(sizeof(*this) == sizeof(HANDLE)); assert(!h); return (PHANDLE)this; } + operator bool() { return h.get() != NULL && h.get() != INVALID_HANDLE_VALUE; } + +private: + struct HandleCleaner { void operator()(void* h) { if (h != INVALID_HANDLE_VALUE) HandleCloser()(PermissivePointer{ h }); } }; + std::unique_ptr h; +}; + +template +class Synchronized +{ +public: + template + Synchronized(Args&&... args) : contents(std::forward(args)...) {} + + struct Locker + { + T* operator->() { return &contents; } + std::unique_lock lock; + T& contents; + }; + + Locker Acquire() { return { std::unique_lock(m), contents }; } + Locker operator->() { return Acquire(); } + T Copy() { return Acquire().contents; } + +private: + T contents; + M m; +}; + +template +void SpawnThread(const F& f) // works in DllMain unlike std thread +{ + F* copy = new F(f); + CloseHandle(CreateThread(nullptr, 0, [](void* copy) + { + (*(F*)copy)(); + delete (F*)copy; + return 0UL; + }, copy, 0, nullptr)); +} + +inline struct // should be inline but MSVC (linker) is bugged +{ + inline static BYTE DUMMY[100]; + template operator T*() { static_assert(sizeof(T) < sizeof(DUMMY)); return (T*)DUMMY; } +} DUMMY; + +inline auto Swallow = [](auto&&...) {}; + +template std::optional> Copy(T* ptr) { if (ptr) return *ptr; return {}; } + + + +inline std::optional GetModuleFilename(DWORD processId, HMODULE module = NULL) +{ + std::vector buffer(MAX_PATH); + if (AutoHandle<> process = OpenProcess(PROCESS_VM_READ | PROCESS_QUERY_INFORMATION, FALSE, processId)) + if (GetModuleFileNameExW(process, module, buffer.data(), MAX_PATH)) return buffer.data(); + return {}; +} + +inline std::optional GetModuleFilename(HMODULE module = NULL) +{ + std::vector buffer(MAX_PATH); + if (GetModuleFileNameW(module, buffer.data(), MAX_PATH)) return buffer.data(); + return {}; +} + \ No newline at end of file diff --git a/include/const.h b/include/const.h new file mode 100644 index 0000000..c6ebcc2 --- /dev/null +++ b/include/const.h @@ -0,0 +1,92 @@ +#pragma once + +// texthook/const.h +// 8/23/2013 jichi +// Branch: ITH/common.h, rev 128 + +enum { STRING = 12, MESSAGE_SIZE = 500, PIPE_BUFFER_SIZE = 50000, SHIFT_JIS = 932, MAX_MODULE_SIZE = 120, PATTERN_SIZE = 30, HOOK_NAME_SIZE = 60, FIXED_SPLIT_VALUE = 0x10001 , +HOOKCODE_LEN=500}; +enum WildcardByte { XX = 0x11 }; + +enum HostCommandType { + HOST_COMMAND_NEW_HOOK, + HOST_COMMAND_REMOVE_HOOK, + HOST_COMMAND_FIND_HOOK, + HOST_COMMAND_MODIFY_HOOK, + HOST_COMMAND_HIJACK_PROCESS, + HOST_COMMAND_DETACH +}; + +enum HostNotificationType { + HOST_NOTIFICATION_TEXT, + HOST_NOTIFICATION_NEWHOOK, + HOST_NOTIFICATION_FOUND_HOOK, + HOST_NOTIFICATION_RMVHOOK, + HOST_NOTIFICATION_INSERTING_HOOK, + HOST_SETTEXTTHREADTYPE +}; + +enum HookParamType : unsigned +{ + //默认为CODEC_ANSI_LE&USING_CHAR + //若使用了text_fun|hook_before,会改为默认USING_STRING,这时若其实是USING_CHAR,需标明USING_STRING + CODEC_ANSI_LE = 0, + CODEC_ANSI_BE = 0x4, + CODEC_UTF8 = 0x100, + CODEC_UTF16 = 0x2, + CODEC_UTF32=0x1000000, + + USING_CHAR =0x2000000,//text_fun!=nullptr && (CODE_ANSI_BE||CODE_UTF16) + USING_STRING = 0x1, + + DATA_INDIRECT = 0x8, + USING_SPLIT = 0x10, // use ctx2 or not + SPLIT_INDIRECT = 0x20, + MODULE_OFFSET = 0x40, // address is relative to module + FUNCTION_OFFSET = 0x80, // address is relative to function + NO_CONTEXT = 0x200, + HOOK_EMPTY = 0x400, + FIXING_SPLIT = 0x800, + DIRECT_READ = 0x1000, // /R read code instead of classic /H hook code + FULL_STRING = 0x2000, + HEX_DUMP = 0x4000, + KNOWN_UNSTABLE = 0x20000, + EMBED_ABLE=0x40000, + EMBED_DYNA_SJIS=0x80000, + EMBED_BEFORE_SIMPLE=0x200000, + EMBED_AFTER_NEW=0x400000, + EMBED_AFTER_OVERWRITE=0x800000, +}; + + +enum HookFontType : unsigned +{ + F_CreateFontA=0x1, + F_CreateFontW=0x2, + F_CreateFontIndirectA=0x4, + F_CreateFontIndirectW=0x8, + F_GetGlyphOutlineA=0x10, + F_GetGlyphOutlineW=0x20, + F_GetTextExtentPoint32A=0x40, + F_GetTextExtentPoint32W=0x80, + F_GetTextExtentExPointA=0x100, + F_GetTextExtentExPointW=0x200, + //F_GetCharABCWidthsA=0x + //F_GetCharABCWidthsW=0x + F_TextOutA=0x400, + F_TextOutW=0x800, + F_ExtTextOutA=0x1000, + F_ExtTextOutW=0x2000, + F_DrawTextA=0x4000, + F_DrawTextW=0x8000, + F_DrawTextExA=0x10000, + F_DrawTextExW=0x20000, + F_CharNextA=0x40000, + //F_CharNextW=0x + //F_CharNextExA=0x + //F_CharNextExW=0x + F_CharPrevA=0x80000, + //F_CharPrevW=0x + F_MultiByteToWideChar=0x100000, + F_WideCharToMultiByte=0x200000 +}; \ No newline at end of file diff --git a/include/defs.h b/include/defs.h new file mode 100644 index 0000000..0a4f0dd --- /dev/null +++ b/include/defs.h @@ -0,0 +1,36 @@ +#pragma once + +// texthook/defs.h +// 8/23/2013 jichi + +// Pipes + +constexpr auto HOOK_PIPE = L"\\\\.\\pipe\\LUNA_HOOK"; +constexpr auto HOST_PIPE = L"\\\\.\\pipe\\LUNA_HOST"; + +// Sections + +constexpr auto ITH_SECTION_ = L"LUNA_VNR_SECTION_"; // _%d +constexpr auto EMBED_SHARED_MEM = L"EMBED_SHARED_MEM"; // _%d + +// Mutexes + +constexpr auto ITH_HOOKMAN_MUTEX_ = L"LUNA_VNR_HOOKMAN_"; // ITH_HOOKMAN_%d +constexpr auto CONNECTING_MUTEX = L"LUNA_CONNECTING_PIPES"; + +// Events +constexpr auto LUNA_EMBED_notify_event="LUNA_NOTIFY.%d.%llu"; + +constexpr auto PIPE_AVAILABLE_EVENT = L"LUNA_PIPE_AVAILABLE"; + +// Files +constexpr auto LUNA_HOOK_DLL_64=L"LunaHook64"; +constexpr auto LUNA_HOOK_DLL_32=L"LunaHook32"; + +#ifdef _WIN64 +constexpr auto LUNA_HOOK_DLL = LUNA_HOOK_DLL_64; // .dll but LoadLibrary automatically adds that +#else +constexpr auto LUNA_HOOK_DLL = LUNA_HOOK_DLL_32; // .dll but LoadLibrary automatically adds that +#endif + +// EOF diff --git a/include/hookcode.cpp b/include/hookcode.cpp new file mode 100644 index 0000000..4133fc2 --- /dev/null +++ b/include/hookcode.cpp @@ -0,0 +1,342 @@ +#include "hookcode.h" + +namespace +{ + std::optional ParseRCode(std::wstring RCode) + { + std::wsmatch match; + HookParam hp; + hp.type |= DIRECT_READ; + + // {S|Q|V|M} + switch (RCode[0]) + { + case L'S': + break; + case L'Q': + hp.type |= CODEC_UTF16; + break; + case L'U': + hp.type |= CODEC_UTF32; + break; + case L'V': + hp.type |= CODEC_UTF8; + break; + case L'M': + hp.type |= CODEC_UTF16 | HEX_DUMP; + break; + default: + return {}; + } + RCode.erase(0, 1); + + // [codepage#] + if (std::regex_search(RCode, match, std::wregex(L"^([0-9]+)#"))) + { + hp.codepage = std::stoi(match[1]); + RCode.erase(0, match[0].length()); + } + + // @addr + if (!std::regex_match(RCode, match, std::wregex(L"@([[:xdigit:]]+)"))) return {}; + hp.address = std::stoull(match[1], nullptr, 16); + return hp; + } + + std::optional ParseHCode(std::wstring HCode) + { + std::wsmatch match; + HookParam hp; + + // {A|B|W|H|S|Q|V|M} + switch (HCode[0]) + { + case L'A': + hp.type |= CODEC_ANSI_BE; + break; + case L'B': + //ANSI LE + break; + case L'W': + hp.type |= CODEC_UTF16; + break; + case L'I': + hp.type |= CODEC_UTF32; + break; + case L'H': + hp.type |= CODEC_UTF16 | HEX_DUMP; + break; + case L'S': + hp.type |= USING_STRING; + break; + case L'Q': + hp.type |= USING_STRING | CODEC_UTF16; + break; + case L'U': + hp.type |= USING_STRING | CODEC_UTF32; + break; + case L'V': + hp.type |= USING_STRING | CODEC_UTF8; + break; + case L'M': + hp.type |= USING_STRING | CODEC_UTF16 | HEX_DUMP; + break; + default: + return {}; + } + HCode.erase(0, 1); + + if (hp.type & USING_STRING) + { + if (HCode[0] == L'F') + { + hp.type |= FULL_STRING; + HCode.erase(0, 1); + } + + } + + // [N] + if (HCode[0] == L'N') + { + hp.type |= NO_CONTEXT; + HCode.erase(0, 1); + } + + // [codepage#] + if (std::regex_search(HCode, match, std::wregex(L"^([0-9]+)#"))) + { + hp.codepage = std::stoi(match[1]); + HCode.erase(0, match[0].length()); + } + + // [padding+] + if (std::regex_search(HCode, match, std::wregex(L"^([[:xdigit:]]+)\\+"))) + { + hp.padding = std::stoull(match[1], nullptr, 16); + HCode.erase(0, match[0].length()); + } + + auto ConsumeHexInt = [&HCode] + { + size_t size = 0; + int value = 0; + try { value = std::stoi(HCode, &size, 16); } catch (std::invalid_argument) {} + HCode.erase(0, size); + return value; + }; + + // data_offset + hp.offset = ConsumeHexInt(); + + // [*deref_offset1] + if (HCode[0] == L'*') + { + hp.type |= DATA_INDIRECT; + HCode.erase(0, 1); + hp.index = ConsumeHexInt(); + } + + // [:split_offset[*deref_offset2]] + if (HCode[0] == L':') + { + hp.type |= USING_SPLIT; + HCode.erase(0, 1); + hp.split = ConsumeHexInt(); + + if (HCode[0] == L'*') + { + hp.type |= SPLIT_INDIRECT; + HCode.erase(0, 1); + hp.split_index = ConsumeHexInt(); + } + } + + // @addr[:module[:func]] + if (!std::regex_match(HCode, match, std::wregex(L"^@([[:xdigit:]]+)(:.+?)?(:.+)?"))) return {}; + hp.address = std::stoull(match[1], nullptr, 16); + if (match[2].matched) + { + hp.type |= MODULE_OFFSET; + wcsncpy_s(hp.module, match[2].str().erase(0, 1).c_str(), MAX_MODULE_SIZE - 1); + } + if (match[3].matched) + { + hp.type |= FUNCTION_OFFSET; + std::wstring func = match[3]; + strncpy_s(hp.function, std::string(func.begin(), func.end()).erase(0, 1).c_str(), MAX_MODULE_SIZE - 1); + } + + // ITH has registers offset by 4 vs AGTH: need this to correct + if (hp.offset < 0) hp.offset -= 4; + if (hp.split < 0) hp.split -= 4; + + return hp; + } + + std::optional ParseECode(std::wstring code) + { + auto idx=code.find(L'H'); + if(idx==code.npos)return {}; + auto hpo=ParseHCode(code.substr(idx+1)); + code=code.substr(0,idx); + if(hpo.has_value()==false)return {}; + auto hp=hpo.value(); + hp.type|=EMBED_ABLE; + + if(code[0]==L'D') + { + hp.type|=EMBED_DYNA_SJIS; + code.erase(0,1); + } + if(code[0]==L'S') + { + code.erase(0,1); + hp.type|=EMBED_BEFORE_SIMPLE; + + if(code[0]==L'N') + hp.type|=EMBED_AFTER_NEW; + else if(code[0]==L'O') + hp.type|=EMBED_AFTER_OVERWRITE; + else + return {}; + code.erase(0,1); + } + if(code.size())return {}; + return hp; + + } + std::wstring HexString(int64_t num) + { + if (num < 0) return FormatString(L"-%I64X", -num); + return FormatString(L"%I64X", num); + } + + std::wstring GenerateRCode(HookParam hp) + { + std::wstring RCode = L"R"; + + if (hp.type & CODEC_UTF16||hp.type & CODEC_UTF32) + { + if (hp.type & HEX_DUMP) RCode += L'M'; + else if (hp.type&CODEC_UTF16)RCode += L'Q'; + else if (hp.type&CODEC_UTF32)RCode += L'U'; + } + else + { + RCode += L'S'; + if (hp.codepage != 0) RCode += std::to_wstring(hp.codepage) + L'#'; + } + + RCode += L'@' + HexString(hp.address); + + return RCode; + } + + std::wstring GenerateHCode(HookParam hp, DWORD processId) + { + std::wstring HCode; + if(hp.type&EMBED_ABLE) + { + HCode +=L"E"; + + if (hp.hook_before || hp.hook_after) + HCode += L'X'; + else + { + if(hp.type&EMBED_DYNA_SJIS) + HCode+=L"D"; + if(hp.type&EMBED_BEFORE_SIMPLE) + HCode+=L"S"; + if(hp.type&EMBED_AFTER_NEW) + HCode+=L"N"; + else if(hp.type&EMBED_AFTER_OVERWRITE) + HCode+=L"O"; + } + + } + HCode += L"H"; + + if (hp.type & CODEC_UTF16||hp.type & CODEC_UTF32) + { + if (hp.type & HEX_DUMP) + { + if (hp.type & USING_STRING) HCode += L'M'; + else HCode += L'H'; + } + else + { + if(hp.type&CODEC_UTF16){ + + if (hp.type & USING_STRING) HCode += L'Q'; + else HCode += L'W'; + } + else if(hp.type&CODEC_UTF32){ + if (hp.type & USING_STRING) HCode += L'U'; + else HCode += L'I'; + } + } + } + else + { + if (hp.type & USING_STRING) HCode += L'S'; + else if (hp.type & CODEC_ANSI_BE) HCode += L'A'; + else HCode += L'B'; + } + + if (hp.type & FULL_STRING) HCode += L'F'; + + if (hp.type & NO_CONTEXT) HCode += L'N'; + if (hp.text_fun || hp.filter_fun || hp.hook_fun) HCode += L'X'; // no AGTH equivalent + + if (hp.codepage != 0 && !(hp.type & CODEC_UTF16||hp.type & CODEC_UTF32)) HCode += std::to_wstring(hp.codepage) + L'#'; + + if (hp.padding) HCode += HexString(hp.padding) + L'+'; + + if (hp.offset < 0) hp.offset += 4; + if (hp.split < 0) hp.split += 4; + + HCode += HexString(hp.offset); + if (hp.type & DATA_INDIRECT) HCode += L'*' + HexString(hp.index); + if (hp.type & USING_SPLIT) HCode += L':' + HexString(hp.split); + if (hp.type & SPLIT_INDIRECT) HCode += L'*' + HexString(hp.split_index); + + // Attempt to make the address relative + if (processId && !(hp.type & MODULE_OFFSET)) + if (AutoHandle<> process = OpenProcess(PROCESS_VM_READ | PROCESS_QUERY_INFORMATION, FALSE, processId)) + if (MEMORY_BASIC_INFORMATION info = {}; VirtualQueryEx(process, (LPCVOID)hp.address, &info, sizeof(info))) + if (auto moduleName = GetModuleFilename(processId, (HMODULE)info.AllocationBase)) + { + hp.type |= MODULE_OFFSET; + hp.address -= (uint64_t)info.AllocationBase; + wcsncpy_s(hp.module, moduleName->c_str() + moduleName->rfind(L'\\') + 1, MAX_MODULE_SIZE - 1); + } + + HCode += L'@' + HexString(hp.address); + if (hp.type & MODULE_OFFSET) HCode += L':' + std::wstring(hp.module); + if (hp.type & FUNCTION_OFFSET) HCode += L':' + StringToWideString(hp.function); + + return HCode; + } +} + +namespace HookCode +{ + std::optional Parse(std::wstring code) + { + if (code[0] == L'/') code.erase(0, 1); + code.erase(std::find(code.begin(), code.end(), L'/'), code.end()); // legacy/AGTH compatibility + Trim(code); + if (code[0] == L'R') return ParseRCode(code.erase(0, 1)); + else if (code[0] == L'H') return ParseHCode(code.erase(0, 1)); + else if (code[0] == L'E') return ParseECode(code.erase(0, 1)); + return {}; + } + + std::wstring Generate(HookParam hp, DWORD processId) + { + std::wstring HCode =L""; + return HCode+=(hp.type & DIRECT_READ ? GenerateRCode(hp) : GenerateHCode(hp, processId)); + } + +} diff --git a/include/hookcode.h b/include/hookcode.h new file mode 100644 index 0000000..2e5a1f3 --- /dev/null +++ b/include/hookcode.h @@ -0,0 +1,9 @@ +#pragma once + +#include "types.h" + +namespace HookCode +{ + std::optional Parse(std::wstring code); + std::wstring Generate(HookParam hp, DWORD processId = 0); +} diff --git a/include/stringutils.cpp b/include/stringutils.cpp new file mode 100644 index 0000000..33062e5 --- /dev/null +++ b/include/stringutils.cpp @@ -0,0 +1,172 @@ + +LPCSTR reverse_search_begin(const char *s, int maxsize ) +{ + if (*s) + for (int i = 0; i < maxsize; i++, s--) + if (!*s) + return s + 1; + return nullptr; +} + +template +inline bool all_ascii_impl(const CharT* s,int maxsize){ + if (s) + for (int i = 0; i < maxsize && *s; i++, s++) + if ((unsigned)*s > 127) + return false; + return true; +} + +template +inline void strReplace_impl(StringT& str, const StringT& oldStr, const StringT& newStr){ + size_t pos = 0; + while ((pos = str.find(oldStr, pos)) != StringT::npos) { + str.replace(pos, oldStr.length(), newStr); + pos += newStr.length(); + } +} + + +template +inline std::vector strSplit_impl(const StringT& s, const StringT& delim){ + StringT item; + std::vector tokens; + + StringT str = s; + + size_t pos = 0; + while ((pos = str.find(delim)) != StringT::npos) { + item = str.substr(0, pos); + tokens.push_back(item); + str.erase(0, pos + delim.length()); + } + tokens.push_back(str); + return tokens; +} + +template +inline bool endWith_impl(const StringT& s,const StringT& s2) { + if ((s.size() > s2.size()) && (s.substr(s.size() - s2.size(), s2.size()) == s2)) { + return true; + } + return false; +} + +template +inline bool startWith_impl(const StringT& s,const StringT& s2) { + if ((s.size() > s2.size()) && (s.substr(0, s2.size()) == s2)) { + return true; + } + return false; +} + + +bool all_ascii(const char *s, int maxsize ){return all_ascii_impl(s,maxsize);} +bool all_ascii(const wchar_t *s, int maxsize ){return all_ascii_impl(s,maxsize);} + +void strReplace(std::string& str, const std::string& oldStr, const std::string& newStr){strReplace_impl(str,oldStr,newStr);} +void strReplace(std::wstring& str, const std::wstring& oldStr, const std::wstring& newStr){strReplace_impl(str,oldStr,newStr);} +std::vector strSplit(const std::string& s, const std::string& delim){return strSplit_impl(s,delim);} +std::vector strSplit(const std::wstring& s, const std::wstring& delim){return strSplit_impl(s,delim);} +bool startWith(const std::string& s,const std::string& s2){return startWith_impl(s,s2);} +bool startWith(const std::wstring& s,const std::wstring& s2){return startWith_impl(s,s2);} +bool endWith(const std::string& s,const std::string& s2){return endWith_impl(s,s2);} +bool endWith(const std::wstring& s,const std::wstring& s2){return endWith_impl(s,s2);} + +typedef HRESULT(WINAPI* CONVERTINETMULTIBYTETOUNICODE)( + LPDWORD lpdwMode, + DWORD dwSrcEncoding, + LPCSTR lpSrcStr, + LPINT lpnMultiCharCount, + LPWSTR lpDstStr, + LPINT lpnWideCharCount + ); +typedef HRESULT(WINAPI* CONVERTINETUNICODETOMULTIBYTE)( + LPDWORD lpdwMode, + DWORD dwEncoding, + LPCWSTR lpSrcStr, + LPINT lpnWideCharCount, + LPSTR lpDstStr, + LPINT lpnMultiCharCount + ); + +std::optional StringToWideString(const std::string& text, UINT encoding) +{ + std::vector buffer(text.size() + 1); + if(disable_mbwc){ + int _s = text.size(); int _s2 = buffer.size(); + auto h=LoadLibrary(TEXT("mlang.dll")); + if(h==0)return {}; + auto ConvertINetMultiByteToUnicode = (CONVERTINETMULTIBYTETOUNICODE)GetProcAddress(h, "ConvertINetMultiByteToUnicode"); + if(ConvertINetMultiByteToUnicode==0)return {}; + auto hr=ConvertINetMultiByteToUnicode(0, encoding, text.c_str(), &_s, buffer.data(), &_s2); + if(SUCCEEDED(hr)){ + return std::wstring(buffer.data(), _s2 ); + } + else return{}; + } + else{ + if (int length = MultiByteToWideChar(encoding, 0, text.c_str(), text.size() + 1, buffer.data(), buffer.size())) + return std::wstring(buffer.data(), length - 1); + return {}; + } +} + +std::wstring StringToWideString(const std::string& text) +{ + return StringToWideString(text,CP_UTF8).value(); +} + +std::string WideStringToString(const std::wstring& text,UINT cp) +{ + std::vector buffer((text.size() + 1) * 4); + if(disable_wcmb){ + int _s = text.size(); int _s2 = buffer.size(); + auto h=LoadLibrary(TEXT("mlang.dll")); + if(h==0)return {}; + auto ConvertINetUnicodeToMultiByte = (CONVERTINETUNICODETOMULTIBYTE)GetProcAddress(h, "ConvertINetUnicodeToMultiByte"); + if(ConvertINetUnicodeToMultiByte==0)return {}; + auto hr=ConvertINetUnicodeToMultiByte(0, cp, text.c_str(), &_s, buffer.data(), &_s2); + if(SUCCEEDED(hr)){ + return std::string(buffer.data(), _s2 ); + } + else return{}; + } + else{ + WideCharToMultiByte(cp, 0, text.c_str(), -1, buffer.data(), buffer.size(), nullptr, nullptr); + return buffer.data(); + } +} +inline unsigned int convertUTF32ToUTF16(unsigned int cUTF32, unsigned int& h, unsigned int& l) +{ + if (cUTF32 < 0x10000) + { + h = 0; + l = cUTF32; + return cUTF32; + } + unsigned int t = cUTF32 - 0x10000; + h = (((t << 12) >> 22) + 0xD800); + l = (((t << 22) >> 22) + 0xDC00); + unsigned int ret = ((h << 16) | (l & 0x0000FFFF)); + return ret; +} +std::wstring utf32_to_utf16(void* data,size_t size){ + std::wstring u16str; + auto u32str=(uint32_t*)data; + for(auto i=0;i strSplit(const std::string& s, const std::string& delim); +std::vector strSplit(const std::wstring& s, const std::wstring& delim); +bool startWith(const std::string& s,const std::string& s2); +bool startWith(const std::wstring& s,const std::wstring &s2); +bool endWith(const std::string& s,const std::string& s2); +bool endWith(const std::wstring& s,const std::wstring& s2); + +std::wstring utf32_to_utf16(void* data,size_t size); +std::string WideStringToString(const std::wstring& text,UINT cp=CP_UTF8); +std::wstring StringToWideString(const std::string& text); +std::optional StringToWideString(const std::string& text, UINT encoding); + +size_t u32strlen(uint32_t* data); +inline bool disable_mbwc=false; +inline bool disable_wcmb=false; + +inline void Trim(std::wstring& text) +{ + text.erase(text.begin(), std::find_if_not(text.begin(), text.end(), iswspace)); + text.erase(std::find_if_not(text.rbegin(), text.rend(), iswspace).base(), text.end()); +} + +template inline auto FormatArg(T arg) { return arg; } +template inline auto FormatArg(const std::basic_string& arg) { return arg.c_str(); } + +#pragma warning(push) +#pragma warning(disable: 4996) +template +inline std::string FormatString(const char* format, const Args&... args) +{ + std::string buffer(snprintf(nullptr, 0, format, FormatArg(args)...), '\0'); + sprintf(buffer.data(), format, FormatArg(args)...); + return buffer; +} + +template +inline std::wstring FormatString(const wchar_t* format, const Args&... args) +{ + std::wstring buffer(_snwprintf(nullptr, 0, format, FormatArg(args)...), L'\0'); + _swprintf(buffer.data(), format, FormatArg(args)...); + return buffer; +} +#pragma warning(pop) +#endif \ No newline at end of file diff --git a/include/texthook.h b/include/texthook.h new file mode 100644 index 0000000..2758dd9 --- /dev/null +++ b/include/texthook.h @@ -0,0 +1,68 @@ +#pragma once + +// texthook.h +// 8/24/2013 jichi +// Branch: IHF_DLL/IHF_CLIENT.h, rev 133 +// +// 8/24/2013 TODO: +// - Clean up this file +// - Reduce global variables. Use namespaces or singleton classes instead. +#include "types.h" + +// Artikash 6/17/2019 TODO: These have the wrong values on x64 +/** jichi 12/24/2014 + * @param addr function address + * @param frame real address of the function, supposed to be the same as addr + * @param stack address of current stack - 4 + * @return If success, which is reverted + */ +#ifndef _WIN64 +inline std::atomic trigger_fun = nullptr; +#endif +// jichi 9/25/2013: This class will be used by NtMapViewOfSectionfor +// interprocedure communication, where constructor/destructor will NOT work. +struct EmbedSharedMem{ + uint64_t use[10]; + uint64_t addr[10]; + uint64_t ctx1[10]; + uint64_t ctx2[10]; + UINT32 waittime; + UINT32 spaceadjustpolicy; + UINT32 keeprawtext; + uint64_t hash; + wchar_t text[1000]; + bool fontCharSetEnabled; + UINT8 fontCharSet; + wchar_t fontFamily[100]; + UINT codepage; +}; +class TextHook +{ +public: + HookParam hp; + ALIGNPTR(uint64_t address,void* location); + + bool Insert(HookParam hp); + void Clear(); + +private: + void Read(); + bool InsertHookCode(); + bool InsertReadCode(); + void Send(uintptr_t dwDatabase); + int GetLength(hook_stack* stack, uintptr_t in); // jichi 12/25/2013: Return 0 if failed + int HookStrlen(BYTE* data); + void RemoveHookCode(); + void RemoveReadCode(); + bool waitfornotify(TextOutput_T* buffer,void*data ,size_t*len,ThreadParam tp); + volatile DWORD useCount; + ALIGNPTR(uint64_t __1,HANDLE readerThread); + ALIGNPTR(uint64_t __2,HANDLE readerEvent); + bool err; + ALIGNPTR(BYTE __4[ 140],BYTE trampoline[x64 ? 140 : 40]); + ALIGNPTR(uint64_t __3,BYTE* local_buffer); +}; + +enum { MAX_HOOK = 2500}; + +// EOF diff --git a/include/types.h b/include/types.h new file mode 100644 index 0000000..2831bdb --- /dev/null +++ b/include/types.h @@ -0,0 +1,189 @@ +#pragma once + +#include "const.h" + +class WinMutex // Like CMutex but works with scoped_lock +{ +public: + WinMutex(std::wstring name = L"", LPSECURITY_ATTRIBUTES sa = nullptr) : m(CreateMutexW(sa, FALSE, name.empty() ? NULL : name.c_str())) {} + void lock() { if (m) WaitForSingleObject(m, INFINITE); } + void unlock() { if (m) ReleaseMutex(m); } + +private: + AutoHandle<> m; +}; + +inline SECURITY_ATTRIBUTES allAccess = std::invoke([] // allows non-admin processes to access kernel objects made by admin processes +{ + static SECURITY_DESCRIPTOR sd = {}; + InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION); + SetSecurityDescriptorDacl(&sd, TRUE, NULL, FALSE); + return SECURITY_ATTRIBUTES{ sizeof(SECURITY_ATTRIBUTES), &sd, FALSE }; +}); + + +struct hook_stack +{ + +#ifndef _WIN64 + uintptr_t _eflags; //pushfd + uintptr_t edi, // pushad + esi, + ebp, + esp, + ebx, + edx, + ecx, // this + eax; // 0x28 + +#else + uintptr_t r15, + r14, + r13, + r12, + r11, + r10, + r9, + r8, + rdi, + rsi, + rbp, + rsp, + rdx, + rcx, + rbx, + rax; +#endif + uintptr_t eflags; // pushaf + union + { + uintptr_t stack[1]; // beginning of the runtime stack + uintptr_t retaddr; + BYTE base[1]; + }; + +}; +// jichi 3/7/2014: Add guessed comment + +#define ALIGNPTR(Y,X) union { \ + ##Y; \ + ##X; \ +}; +struct HookParam +{ + uint64_t address; // absolute or relative address + int offset, // offset of the data in the memory + index, // deref_offset1 + split, // offset of the split character + split_index; // deref_offset2 + + wchar_t module[MAX_MODULE_SIZE]; + + char function[MAX_MODULE_SIZE]; + DWORD type; // flags + UINT codepage; // text encoding + short length_offset; // index of the string length + ALIGNPTR(uint64_t __1,uintptr_t padding); // padding before string + DWORD user_value; // 7/20/2014: jichi additional parameters for PSP games + ALIGNPTR(uint64_t __2,void(*text_fun)(hook_stack* stack, HookParam* hp, uintptr_t* data, uintptr_t* split, size_t* len)) + ALIGNPTR(uint64_t __3,bool(*filter_fun)(void* data, size_t* len, HookParam* hp)); // jichi 10/24/2014: Add filter function. Return false to skip the text + ALIGNPTR(uint64_t __4,bool(*hook_fun)(hook_stack* stack, HookParam* hp)); // jichi 10/24/2014: Add generic hook function, return false if stop execution. + ALIGNPTR(uint64_t __6,bool (*hook_before)(hook_stack* stack,void* data, size_t* len,uintptr_t*role)); + ALIGNPTR(uint64_t __7,void (*hook_after)(hook_stack* stack,void* data, size_t len)); + ALIGNPTR(uint64_t __8,uintptr_t hook_font); + ALIGNPTR(uint64_t __9,const wchar_t* newlineseperator); + char name[HOOK_NAME_SIZE]; + wchar_t hookcode[HOOKCODE_LEN]; + HookParam(){ + ZeroMemory(this,sizeof(HookParam)); + } +}; + +struct ThreadParam +{ + bool operator==(ThreadParam other) const { return processId == other.processId && addr == other.addr && ctx == other.ctx && ctx2 == other.ctx2; } + DWORD processId; + uint64_t addr; + uint64_t ctx; // The context of the hook: by default the first value on stack, usually the return address + uint64_t ctx2; // The subcontext of the hook: 0 by default, generated in a method specific to the hook +}; + +struct SearchParam +{ + BYTE pattern[PATTERN_SIZE] = { x64 ? 0xcc : 0x55, x64 ? 0xcc : 0x8b, x64 ? 0x48 : 0xec, 0x89 }; // pattern in memory to search for + int address_method=0; + int search_method=0; + int length = x64 ? 4 : 3, // length of pattern (zero means this SearchParam is invalid and the default should be used) + offset = x64 ? 2 : 0, // offset from start of pattern to add hook + searchTime = 30000, // ms + maxRecords = 100000, + codepage = SHIFT_JIS; + //uintptr_t padding = 0, // same as hook param padding + // minAddress = 0, maxAddress = (uintptr_t)-1; // hook all functions between these addresses (used only if both modules empty) + ALIGNPTR(uint64_t __1,uintptr_t padding = 0); + ALIGNPTR(uint64_t __2,uintptr_t minAddress = 0); + ALIGNPTR(uint64_t __3,uintptr_t maxAddress = (uintptr_t)-1); + wchar_t boundaryModule[MAX_MODULE_SIZE] = {}; // hook all functions within this module (middle priority) + wchar_t exportModule[MAX_MODULE_SIZE] = {}; // hook the exports of this module (highest priority) + wchar_t text[PATTERN_SIZE] = {}; // text to search for + #ifndef _WIN64 + uint32_t __useless; + #endif + void(*hookPostProcessor)(HookParam&) = nullptr; +}; + +struct InsertHookCmd // From host +{ + InsertHookCmd(HookParam hp) : hp(hp) {} + HostCommandType command = HOST_COMMAND_NEW_HOOK; + HookParam hp; +}; +struct RemoveHookCmd // From host +{ + RemoveHookCmd(uint64_t address) : address(address) {} + HostCommandType command = HOST_COMMAND_REMOVE_HOOK; + uint64_t address; +}; + +struct FindHookCmd // From host +{ + FindHookCmd(SearchParam sp) : sp(sp) {} + HostCommandType command = HOST_COMMAND_FIND_HOOK; + SearchParam sp; +}; + +struct ConsoleOutputNotif // From dll +{ + ConsoleOutputNotif(std::string message = "") { strncpy_s(this->message, message.c_str(), MESSAGE_SIZE - 1); } + HostNotificationType command = HOST_NOTIFICATION_TEXT; + char message[MESSAGE_SIZE] = {}; +}; + +struct HookFoundNotif // From dll +{ + HookFoundNotif(HookParam hp, wchar_t* text) : hp(hp) { wcsncpy_s(this->text, text, MESSAGE_SIZE - 1); } + HostNotificationType command = HOST_NOTIFICATION_FOUND_HOOK; + HookParam hp; + wchar_t text[MESSAGE_SIZE] = {}; // though type is wchar_t, may not be encoded in UTF-16 (it's just convenient to use wcs* functions) +}; + +struct HookRemovedNotif // From dll +{ + HookRemovedNotif(uint64_t address) : address(address) {}; + HostNotificationType command = HOST_NOTIFICATION_RMVHOOK; + uint64_t address; +}; + +struct HookInsertingNotif // From dll +{ + HookInsertingNotif(uint64_t addr1):addr(addr1){} + HostNotificationType command = HOST_NOTIFICATION_INSERTING_HOOK; + uint64_t addr; +}; + +struct TextOutput_T +{ + ThreadParam tp; + DWORD type; + BYTE data[0]; +}; \ No newline at end of file diff --git a/include/winevent.hpp b/include/winevent.hpp new file mode 100644 index 0000000..e7dc80b --- /dev/null +++ b/include/winevent.hpp @@ -0,0 +1,38 @@ +#include +class win_event +{ + typedef win_event _Self; + typedef HANDLE __native_handle_type; + typedef const char * __native_string_type; + + __native_handle_type _M_handle; + __native_string_type _M_name; + + win_event(const _Self&); + _Self &operator=(const _Self&); +public: + typedef __native_handle_type native_handle_type; + typedef __native_string_type native_string_type; + + explicit win_event(native_string_type name, bool create = true) + : _M_name(name) + { + _M_handle = create ? // lpEventAttributes, bManualReset, bInitialState, lpName + ::CreateEventA(nullptr, TRUE, FALSE, name) : + ::OpenEventA(EVENT_ALL_ACCESS, FALSE, name); // dwDesiredAccess, bInheritHandle, lpName + } + + ~win_event() { ::CloseHandle(_M_handle); } + + native_handle_type native_handle() const { return _M_handle; } + native_string_type native_name() const { return _M_name; } + + bool valid() const { return _M_handle; } + + bool signal(bool t) + { return t ? ::SetEvent(_M_handle) : ::ResetEvent(_M_handle); } + + /// Return true only if when it is wake up by notify instead of timeout + bool wait(DWORD msec = INFINITE) + { return WAIT_OBJECT_0 == ::WaitForSingleObject(_M_handle, msec); } +}; diff --git a/libs/Detours-4.0.1/include/detours.h b/libs/Detours-4.0.1/include/detours.h new file mode 100644 index 0000000..fe7acf1 --- /dev/null +++ b/libs/Detours-4.0.1/include/detours.h @@ -0,0 +1,1059 @@ +///////////////////////////////////////////////////////////////////////////// +// +// Core Detours Functionality (detours.h of detours.lib) +// +// Microsoft Research Detours Package, Version 4.0.1 +// +// Copyright (c) Microsoft Corporation. All rights reserved. +// + +#pragma once +#ifndef _DETOURS_H_ +#define _DETOURS_H_ + +#define DETOURS_VERSION 0x4c0c1 // 0xMAJORcMINORcPATCH + +////////////////////////////////////////////////////////////////////////////// +// + +#undef DETOURS_X64 +#undef DETOURS_X86 +#undef DETOURS_IA64 +#undef DETOURS_ARM +#undef DETOURS_ARM64 +#undef DETOURS_BITS +#undef DETOURS_32BIT +#undef DETOURS_64BIT + +#if defined(_X86_) +#define DETOURS_X86 +#define DETOURS_OPTION_BITS 64 + +#elif defined(_AMD64_) +#define DETOURS_X64 +#define DETOURS_OPTION_BITS 32 + +#elif defined(_IA64_) +#define DETOURS_IA64 +#define DETOURS_OPTION_BITS 32 + +#elif defined(_ARM_) +#define DETOURS_ARM + +#elif defined(_ARM64_) +#define DETOURS_ARM64 + +#else +#error Unknown architecture (x86, amd64, ia64, arm, arm64) +#endif + +#ifdef _WIN64 +#undef DETOURS_32BIT +#define DETOURS_64BIT 1 +#define DETOURS_BITS 64 +// If all 64bit kernels can run one and only one 32bit architecture. +//#define DETOURS_OPTION_BITS 32 +#else +#define DETOURS_32BIT 1 +#undef DETOURS_64BIT +#define DETOURS_BITS 32 +// If all 64bit kernels can run one and only one 32bit architecture. +//#define DETOURS_OPTION_BITS 32 +#endif + +#define VER_DETOURS_BITS DETOUR_STRINGIFY(DETOURS_BITS) + +////////////////////////////////////////////////////////////////////////////// +// + +#if (_MSC_VER < 1299) +typedef LONG LONG_PTR; +typedef ULONG ULONG_PTR; +#endif + +///////////////////////////////////////////////// SAL 2.0 Annotations w/o SAL. +// +// These definitions are include so that Detours will build even if the +// compiler doesn't have full SAL 2.0 support. +// +#ifndef DETOURS_DONT_REMOVE_SAL_20 + +#ifdef DETOURS_TEST_REMOVE_SAL_20 +#undef _Analysis_assume_ +#undef _Benign_race_begin_ +#undef _Benign_race_end_ +#undef _Field_range_ +#undef _Field_size_ +#undef _In_ +#undef _In_bytecount_ +#undef _In_count_ +#undef _In_opt_ +#undef _In_opt_bytecount_ +#undef _In_opt_count_ +#undef _In_opt_z_ +#undef _In_range_ +#undef _In_reads_ +#undef _In_reads_bytes_ +#undef _In_reads_opt_ +#undef _In_reads_opt_bytes_ +#undef _In_reads_or_z_ +#undef _In_z_ +#undef _Inout_ +#undef _Inout_opt_ +#undef _Inout_z_count_ +#undef _Out_ +#undef _Out_opt_ +#undef _Out_writes_ +#undef _Outptr_result_maybenull_ +#undef _Readable_bytes_ +#undef _Success_ +#undef _Writable_bytes_ +#undef _Pre_notnull_ +#endif + +#if defined(_Deref_out_opt_z_) && !defined(_Outptr_result_maybenull_) +#define _Outptr_result_maybenull_ _Deref_out_opt_z_ +#endif + +#if defined(_In_count_) && !defined(_In_reads_) +#define _In_reads_(x) _In_count_(x) +#endif + +#if defined(_In_opt_count_) && !defined(_In_reads_opt_) +#define _In_reads_opt_(x) _In_opt_count_(x) +#endif + +#if defined(_In_opt_bytecount_) && !defined(_In_reads_opt_bytes_) +#define _In_reads_opt_bytes_(x) _In_opt_bytecount_(x) +#endif + +#if defined(_In_bytecount_) && !defined(_In_reads_bytes_) +#define _In_reads_bytes_(x) _In_bytecount_(x) +#endif + +#ifndef _In_ +#define _In_ +#endif + +#ifndef _In_bytecount_ +#define _In_bytecount_(x) +#endif + +#ifndef _In_count_ +#define _In_count_(x) +#endif + +#ifndef _In_opt_ +#define _In_opt_ +#endif + +#ifndef _In_opt_bytecount_ +#define _In_opt_bytecount_(x) +#endif + +#ifndef _In_opt_count_ +#define _In_opt_count_(x) +#endif + +#ifndef _In_opt_z_ +#define _In_opt_z_ +#endif + +#ifndef _In_range_ +#define _In_range_(x,y) +#endif + +#ifndef _In_reads_ +#define _In_reads_(x) +#endif + +#ifndef _In_reads_bytes_ +#define _In_reads_bytes_(x) +#endif + +#ifndef _In_reads_opt_ +#define _In_reads_opt_(x) +#endif + +#ifndef _In_reads_opt_bytes_ +#define _In_reads_opt_bytes_(x) +#endif + +#ifndef _In_reads_or_z_ +#define _In_reads_or_z_ +#endif + +#ifndef _In_z_ +#define _In_z_ +#endif + +#ifndef _Inout_ +#define _Inout_ +#endif + +#ifndef _Inout_opt_ +#define _Inout_opt_ +#endif + +#ifndef _Inout_z_count_ +#define _Inout_z_count_(x) +#endif + +#ifndef _Out_ +#define _Out_ +#endif + +#ifndef _Out_opt_ +#define _Out_opt_ +#endif + +#ifndef _Out_writes_ +#define _Out_writes_(x) +#endif + +#ifndef _Outptr_result_maybenull_ +#define _Outptr_result_maybenull_ +#endif + +#ifndef _Writable_bytes_ +#define _Writable_bytes_(x) +#endif + +#ifndef _Readable_bytes_ +#define _Readable_bytes_(x) +#endif + +#ifndef _Success_ +#define _Success_(x) +#endif + +#ifndef _Pre_notnull_ +#define _Pre_notnull_ +#endif + +#ifdef DETOURS_INTERNAL + +#pragma warning(disable:4615) // unknown warning type (suppress with older compilers) + +#ifndef _Benign_race_begin_ +#define _Benign_race_begin_ +#endif + +#ifndef _Benign_race_end_ +#define _Benign_race_end_ +#endif + +#ifndef _Field_size_ +#define _Field_size_(x) +#endif + +#ifndef _Field_range_ +#define _Field_range_(x,y) +#endif + +#ifndef _Analysis_assume_ +#define _Analysis_assume_(x) +#endif + +#endif // DETOURS_INTERNAL +#endif // DETOURS_DONT_REMOVE_SAL_20 + +////////////////////////////////////////////////////////////////////////////// +// +#ifndef GUID_DEFINED +#define GUID_DEFINED +typedef struct _GUID +{ + DWORD Data1; + WORD Data2; + WORD Data3; + BYTE Data4[ 8 ]; +} GUID; + +#ifdef INITGUID +#define DEFINE_GUID(name, l, w1, w2, b1, b2, b3, b4, b5, b6, b7, b8) \ + const GUID name \ + = { l, w1, w2, { b1, b2, b3, b4, b5, b6, b7, b8 } } +#else +#define DEFINE_GUID(name, l, w1, w2, b1, b2, b3, b4, b5, b6, b7, b8) \ + const GUID name +#endif // INITGUID +#endif // !GUID_DEFINED + +#if defined(__cplusplus) +#ifndef _REFGUID_DEFINED +#define _REFGUID_DEFINED +#define REFGUID const GUID & +#endif // !_REFGUID_DEFINED +#else // !__cplusplus +#ifndef _REFGUID_DEFINED +#define _REFGUID_DEFINED +#define REFGUID const GUID * const +#endif // !_REFGUID_DEFINED +#endif // !__cplusplus + +#ifndef ARRAYSIZE +#define ARRAYSIZE(x) (sizeof(x)/sizeof(x[0])) +#endif + +// +////////////////////////////////////////////////////////////////////////////// + +#ifdef __cplusplus +extern "C" { +#endif // __cplusplus + +/////////////////////////////////////////////////// Instruction Target Macros. +// +#define DETOUR_INSTRUCTION_TARGET_NONE ((PVOID)0) +#define DETOUR_INSTRUCTION_TARGET_DYNAMIC ((PVOID)(LONG_PTR)-1) +#define DETOUR_SECTION_HEADER_SIGNATURE 0x00727444 // "Dtr\0" + +extern const GUID DETOUR_EXE_RESTORE_GUID; +extern const GUID DETOUR_EXE_HELPER_GUID; + +#define DETOUR_TRAMPOLINE_SIGNATURE 0x21727444 // Dtr! +typedef struct _DETOUR_TRAMPOLINE DETOUR_TRAMPOLINE, *PDETOUR_TRAMPOLINE; + +/////////////////////////////////////////////////////////// Binary Structures. +// +#pragma pack(push, 8) +typedef struct _DETOUR_SECTION_HEADER +{ + DWORD cbHeaderSize; + DWORD nSignature; + DWORD nDataOffset; + DWORD cbDataSize; + + DWORD nOriginalImportVirtualAddress; + DWORD nOriginalImportSize; + DWORD nOriginalBoundImportVirtualAddress; + DWORD nOriginalBoundImportSize; + + DWORD nOriginalIatVirtualAddress; + DWORD nOriginalIatSize; + DWORD nOriginalSizeOfImage; + DWORD cbPrePE; + + DWORD nOriginalClrFlags; + DWORD reserved1; + DWORD reserved2; + DWORD reserved3; + + // Followed by cbPrePE bytes of data. +} DETOUR_SECTION_HEADER, *PDETOUR_SECTION_HEADER; + +typedef struct _DETOUR_SECTION_RECORD +{ + DWORD cbBytes; + DWORD nReserved; + GUID guid; +} DETOUR_SECTION_RECORD, *PDETOUR_SECTION_RECORD; + +typedef struct _DETOUR_CLR_HEADER +{ + // Header versioning + ULONG cb; + USHORT MajorRuntimeVersion; + USHORT MinorRuntimeVersion; + + // Symbol table and startup information + IMAGE_DATA_DIRECTORY MetaData; + ULONG Flags; + + // Followed by the rest of the IMAGE_COR20_HEADER +} DETOUR_CLR_HEADER, *PDETOUR_CLR_HEADER; + +typedef struct _DETOUR_EXE_RESTORE +{ + DWORD cb; + DWORD cbidh; + DWORD cbinh; + DWORD cbclr; + + PBYTE pidh; + PBYTE pinh; + PBYTE pclr; + + IMAGE_DOS_HEADER idh; + union { + IMAGE_NT_HEADERS inh; + IMAGE_NT_HEADERS32 inh32; + IMAGE_NT_HEADERS64 inh64; + BYTE raw[sizeof(IMAGE_NT_HEADERS64) + + sizeof(IMAGE_SECTION_HEADER) * 32]; + }; + DETOUR_CLR_HEADER clr; + +} DETOUR_EXE_RESTORE, *PDETOUR_EXE_RESTORE; + +typedef struct _DETOUR_EXE_HELPER +{ + DWORD cb; + DWORD pid; + DWORD nDlls; + CHAR rDlls[4]; +} DETOUR_EXE_HELPER, *PDETOUR_EXE_HELPER; + +#pragma pack(pop) + +#define DETOUR_SECTION_HEADER_DECLARE(cbSectionSize) \ +{ \ + sizeof(DETOUR_SECTION_HEADER),\ + DETOUR_SECTION_HEADER_SIGNATURE,\ + sizeof(DETOUR_SECTION_HEADER),\ + (cbSectionSize),\ + \ + 0,\ + 0,\ + 0,\ + 0,\ + \ + 0,\ + 0,\ + 0,\ + 0,\ +} + +/////////////////////////////////////////////////////////////// Helper Macros. +// +#define DETOURS_STRINGIFY(x) DETOURS_STRINGIFY_(x) +#define DETOURS_STRINGIFY_(x) #x + +///////////////////////////////////////////////////////////// Binary Typedefs. +// +typedef BOOL (CALLBACK *PF_DETOUR_BINARY_BYWAY_CALLBACK)( + _In_opt_ PVOID pContext, + _In_opt_ LPCSTR pszFile, + _Outptr_result_maybenull_ LPCSTR *ppszOutFile); + +typedef BOOL (CALLBACK *PF_DETOUR_BINARY_FILE_CALLBACK)( + _In_opt_ PVOID pContext, + _In_ LPCSTR pszOrigFile, + _In_ LPCSTR pszFile, + _Outptr_result_maybenull_ LPCSTR *ppszOutFile); + +typedef BOOL (CALLBACK *PF_DETOUR_BINARY_SYMBOL_CALLBACK)( + _In_opt_ PVOID pContext, + _In_ ULONG nOrigOrdinal, + _In_ ULONG nOrdinal, + _Out_ ULONG *pnOutOrdinal, + _In_opt_ LPCSTR pszOrigSymbol, + _In_opt_ LPCSTR pszSymbol, + _Outptr_result_maybenull_ LPCSTR *ppszOutSymbol); + +typedef BOOL (CALLBACK *PF_DETOUR_BINARY_COMMIT_CALLBACK)( + _In_opt_ PVOID pContext); + +typedef BOOL (CALLBACK *PF_DETOUR_ENUMERATE_EXPORT_CALLBACK)(_In_opt_ PVOID pContext, + _In_ ULONG nOrdinal, + _In_opt_ LPCSTR pszName, + _In_opt_ PVOID pCode); + +typedef BOOL (CALLBACK *PF_DETOUR_IMPORT_FILE_CALLBACK)(_In_opt_ PVOID pContext, + _In_opt_ HMODULE hModule, + _In_opt_ LPCSTR pszFile); + +typedef BOOL (CALLBACK *PF_DETOUR_IMPORT_FUNC_CALLBACK)(_In_opt_ PVOID pContext, + _In_ DWORD nOrdinal, + _In_opt_ LPCSTR pszFunc, + _In_opt_ PVOID pvFunc); + +// Same as PF_DETOUR_IMPORT_FUNC_CALLBACK but extra indirection on last parameter. +typedef BOOL (CALLBACK *PF_DETOUR_IMPORT_FUNC_CALLBACK_EX)(_In_opt_ PVOID pContext, + _In_ DWORD nOrdinal, + _In_opt_ LPCSTR pszFunc, + _In_opt_ PVOID* ppvFunc); + +typedef VOID * PDETOUR_BINARY; +typedef VOID * PDETOUR_LOADED_BINARY; + +//////////////////////////////////////////////////////////// Transaction APIs. +// +LONG WINAPI DetourTransactionBegin(VOID); +LONG WINAPI DetourTransactionAbort(VOID); +LONG WINAPI DetourTransactionCommit(VOID); +LONG WINAPI DetourTransactionCommitEx(_Out_opt_ PVOID **pppFailedPointer); + +LONG WINAPI DetourUpdateThread(_In_ HANDLE hThread); + +LONG WINAPI DetourAttach(_Inout_ PVOID *ppPointer, + _In_ PVOID pDetour); + +LONG WINAPI DetourAttachEx(_Inout_ PVOID *ppPointer, + _In_ PVOID pDetour, + _Out_opt_ PDETOUR_TRAMPOLINE *ppRealTrampoline, + _Out_opt_ PVOID *ppRealTarget, + _Out_opt_ PVOID *ppRealDetour); + +LONG WINAPI DetourDetach(_Inout_ PVOID *ppPointer, + _In_ PVOID pDetour); + +BOOL WINAPI DetourSetIgnoreTooSmall(_In_ BOOL fIgnore); +BOOL WINAPI DetourSetRetainRegions(_In_ BOOL fRetain); +PVOID WINAPI DetourSetSystemRegionLowerBound(_In_ PVOID pSystemRegionLowerBound); +PVOID WINAPI DetourSetSystemRegionUpperBound(_In_ PVOID pSystemRegionUpperBound); + +////////////////////////////////////////////////////////////// Code Functions. +// +PVOID WINAPI DetourFindFunction(_In_ LPCSTR pszModule, + _In_ LPCSTR pszFunction); +PVOID WINAPI DetourCodeFromPointer(_In_ PVOID pPointer, + _Out_opt_ PVOID *ppGlobals); +PVOID WINAPI DetourCopyInstruction(_In_opt_ PVOID pDst, + _Inout_opt_ PVOID *ppDstPool, + _In_ PVOID pSrc, + _Out_opt_ PVOID *ppTarget, + _Out_opt_ LONG *plExtra); +BOOL WINAPI DetourSetCodeModule(_In_ HMODULE hModule, + _In_ BOOL fLimitReferencesToModule); + +///////////////////////////////////////////////////// Loaded Binary Functions. +// +HMODULE WINAPI DetourGetContainingModule(_In_ PVOID pvAddr); +HMODULE WINAPI DetourEnumerateModules(_In_opt_ HMODULE hModuleLast); +PVOID WINAPI DetourGetEntryPoint(_In_opt_ HMODULE hModule); +ULONG WINAPI DetourGetModuleSize(_In_opt_ HMODULE hModule); +BOOL WINAPI DetourEnumerateExports(_In_ HMODULE hModule, + _In_opt_ PVOID pContext, + _In_ PF_DETOUR_ENUMERATE_EXPORT_CALLBACK pfExport); +BOOL WINAPI DetourEnumerateImports(_In_opt_ HMODULE hModule, + _In_opt_ PVOID pContext, + _In_opt_ PF_DETOUR_IMPORT_FILE_CALLBACK pfImportFile, + _In_opt_ PF_DETOUR_IMPORT_FUNC_CALLBACK pfImportFunc); + +BOOL WINAPI DetourEnumerateImportsEx(_In_opt_ HMODULE hModule, + _In_opt_ PVOID pContext, + _In_opt_ PF_DETOUR_IMPORT_FILE_CALLBACK pfImportFile, + _In_opt_ PF_DETOUR_IMPORT_FUNC_CALLBACK_EX pfImportFuncEx); + +_Writable_bytes_(*pcbData) +_Readable_bytes_(*pcbData) +_Success_(return != NULL) +PVOID WINAPI DetourFindPayload(_In_opt_ HMODULE hModule, + _In_ REFGUID rguid, + _Out_ DWORD *pcbData); + +_Writable_bytes_(*pcbData) +_Readable_bytes_(*pcbData) +_Success_(return != NULL) +PVOID WINAPI DetourFindPayloadEx(_In_ REFGUID rguid, + _Out_ DWORD * pcbData); + +DWORD WINAPI DetourGetSizeOfPayloads(_In_opt_ HMODULE hModule); + +///////////////////////////////////////////////// Persistent Binary Functions. +// + +PDETOUR_BINARY WINAPI DetourBinaryOpen(_In_ HANDLE hFile); + +_Writable_bytes_(*pcbData) +_Readable_bytes_(*pcbData) +_Success_(return != NULL) +PVOID WINAPI DetourBinaryEnumeratePayloads(_In_ PDETOUR_BINARY pBinary, + _Out_opt_ GUID *pGuid, + _Out_ DWORD *pcbData, + _Inout_ DWORD *pnIterator); + +_Writable_bytes_(*pcbData) +_Readable_bytes_(*pcbData) +_Success_(return != NULL) +PVOID WINAPI DetourBinaryFindPayload(_In_ PDETOUR_BINARY pBinary, + _In_ REFGUID rguid, + _Out_ DWORD *pcbData); + +PVOID WINAPI DetourBinarySetPayload(_In_ PDETOUR_BINARY pBinary, + _In_ REFGUID rguid, + _In_reads_opt_(cbData) PVOID pData, + _In_ DWORD cbData); +BOOL WINAPI DetourBinaryDeletePayload(_In_ PDETOUR_BINARY pBinary, _In_ REFGUID rguid); +BOOL WINAPI DetourBinaryPurgePayloads(_In_ PDETOUR_BINARY pBinary); +BOOL WINAPI DetourBinaryResetImports(_In_ PDETOUR_BINARY pBinary); +BOOL WINAPI DetourBinaryEditImports(_In_ PDETOUR_BINARY pBinary, + _In_opt_ PVOID pContext, + _In_opt_ PF_DETOUR_BINARY_BYWAY_CALLBACK pfByway, + _In_opt_ PF_DETOUR_BINARY_FILE_CALLBACK pfFile, + _In_opt_ PF_DETOUR_BINARY_SYMBOL_CALLBACK pfSymbol, + _In_opt_ PF_DETOUR_BINARY_COMMIT_CALLBACK pfCommit); +BOOL WINAPI DetourBinaryWrite(_In_ PDETOUR_BINARY pBinary, _In_ HANDLE hFile); +BOOL WINAPI DetourBinaryClose(_In_ PDETOUR_BINARY pBinary); + +/////////////////////////////////////////////////// Create Process & Load Dll. +// +typedef BOOL (WINAPI *PDETOUR_CREATE_PROCESS_ROUTINEA)( + _In_opt_ LPCSTR lpApplicationName, + _Inout_opt_ LPSTR lpCommandLine, + _In_opt_ LPSECURITY_ATTRIBUTES lpProcessAttributes, + _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes, + _In_ BOOL bInheritHandles, + _In_ DWORD dwCreationFlags, + _In_opt_ LPVOID lpEnvironment, + _In_opt_ LPCSTR lpCurrentDirectory, + _In_ LPSTARTUPINFOA lpStartupInfo, + _Out_ LPPROCESS_INFORMATION lpProcessInformation); + +typedef BOOL (WINAPI *PDETOUR_CREATE_PROCESS_ROUTINEW)( + _In_opt_ LPCWSTR lpApplicationName, + _Inout_opt_ LPWSTR lpCommandLine, + _In_opt_ LPSECURITY_ATTRIBUTES lpProcessAttributes, + _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes, + _In_ BOOL bInheritHandles, + _In_ DWORD dwCreationFlags, + _In_opt_ LPVOID lpEnvironment, + _In_opt_ LPCWSTR lpCurrentDirectory, + _In_ LPSTARTUPINFOW lpStartupInfo, + _Out_ LPPROCESS_INFORMATION lpProcessInformation); + +BOOL WINAPI DetourCreateProcessWithDllA(_In_opt_ LPCSTR lpApplicationName, + _Inout_opt_ LPSTR lpCommandLine, + _In_opt_ LPSECURITY_ATTRIBUTES lpProcessAttributes, + _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes, + _In_ BOOL bInheritHandles, + _In_ DWORD dwCreationFlags, + _In_opt_ LPVOID lpEnvironment, + _In_opt_ LPCSTR lpCurrentDirectory, + _In_ LPSTARTUPINFOA lpStartupInfo, + _Out_ LPPROCESS_INFORMATION lpProcessInformation, + _In_ LPCSTR lpDllName, + _In_opt_ PDETOUR_CREATE_PROCESS_ROUTINEA pfCreateProcessA); + +BOOL WINAPI DetourCreateProcessWithDllW(_In_opt_ LPCWSTR lpApplicationName, + _Inout_opt_ LPWSTR lpCommandLine, + _In_opt_ LPSECURITY_ATTRIBUTES lpProcessAttributes, + _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes, + _In_ BOOL bInheritHandles, + _In_ DWORD dwCreationFlags, + _In_opt_ LPVOID lpEnvironment, + _In_opt_ LPCWSTR lpCurrentDirectory, + _In_ LPSTARTUPINFOW lpStartupInfo, + _Out_ LPPROCESS_INFORMATION lpProcessInformation, + _In_ LPCSTR lpDllName, + _In_opt_ PDETOUR_CREATE_PROCESS_ROUTINEW pfCreateProcessW); + +#ifdef UNICODE +#define DetourCreateProcessWithDll DetourCreateProcessWithDllW +#define PDETOUR_CREATE_PROCESS_ROUTINE PDETOUR_CREATE_PROCESS_ROUTINEW +#else +#define DetourCreateProcessWithDll DetourCreateProcessWithDllA +#define PDETOUR_CREATE_PROCESS_ROUTINE PDETOUR_CREATE_PROCESS_ROUTINEA +#endif // !UNICODE + +BOOL WINAPI DetourCreateProcessWithDllExA(_In_opt_ LPCSTR lpApplicationName, + _Inout_opt_ LPSTR lpCommandLine, + _In_opt_ LPSECURITY_ATTRIBUTES lpProcessAttributes, + _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes, + _In_ BOOL bInheritHandles, + _In_ DWORD dwCreationFlags, + _In_opt_ LPVOID lpEnvironment, + _In_opt_ LPCSTR lpCurrentDirectory, + _In_ LPSTARTUPINFOA lpStartupInfo, + _Out_ LPPROCESS_INFORMATION lpProcessInformation, + _In_ LPCSTR lpDllName, + _In_opt_ PDETOUR_CREATE_PROCESS_ROUTINEA pfCreateProcessA); + +BOOL WINAPI DetourCreateProcessWithDllExW(_In_opt_ LPCWSTR lpApplicationName, + _Inout_opt_ LPWSTR lpCommandLine, + _In_opt_ LPSECURITY_ATTRIBUTES lpProcessAttributes, + _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes, + _In_ BOOL bInheritHandles, + _In_ DWORD dwCreationFlags, + _In_opt_ LPVOID lpEnvironment, + _In_opt_ LPCWSTR lpCurrentDirectory, + _In_ LPSTARTUPINFOW lpStartupInfo, + _Out_ LPPROCESS_INFORMATION lpProcessInformation, + _In_ LPCSTR lpDllName, + _In_opt_ PDETOUR_CREATE_PROCESS_ROUTINEW pfCreateProcessW); + +#ifdef UNICODE +#define DetourCreateProcessWithDllEx DetourCreateProcessWithDllExW +#else +#define DetourCreateProcessWithDllEx DetourCreateProcessWithDllExA +#endif // !UNICODE + +BOOL WINAPI DetourCreateProcessWithDllsA(_In_opt_ LPCSTR lpApplicationName, + _Inout_opt_ LPSTR lpCommandLine, + _In_opt_ LPSECURITY_ATTRIBUTES lpProcessAttributes, + _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes, + _In_ BOOL bInheritHandles, + _In_ DWORD dwCreationFlags, + _In_opt_ LPVOID lpEnvironment, + _In_opt_ LPCSTR lpCurrentDirectory, + _In_ LPSTARTUPINFOA lpStartupInfo, + _Out_ LPPROCESS_INFORMATION lpProcessInformation, + _In_ DWORD nDlls, + _In_reads_(nDlls) LPCSTR *rlpDlls, + _In_opt_ PDETOUR_CREATE_PROCESS_ROUTINEA pfCreateProcessA); + +BOOL WINAPI DetourCreateProcessWithDllsW(_In_opt_ LPCWSTR lpApplicationName, + _Inout_opt_ LPWSTR lpCommandLine, + _In_opt_ LPSECURITY_ATTRIBUTES lpProcessAttributes, + _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes, + _In_ BOOL bInheritHandles, + _In_ DWORD dwCreationFlags, + _In_opt_ LPVOID lpEnvironment, + _In_opt_ LPCWSTR lpCurrentDirectory, + _In_ LPSTARTUPINFOW lpStartupInfo, + _Out_ LPPROCESS_INFORMATION lpProcessInformation, + _In_ DWORD nDlls, + _In_reads_(nDlls) LPCSTR *rlpDlls, + _In_opt_ PDETOUR_CREATE_PROCESS_ROUTINEW pfCreateProcessW); + +#ifdef UNICODE +#define DetourCreateProcessWithDlls DetourCreateProcessWithDllsW +#else +#define DetourCreateProcessWithDlls DetourCreateProcessWithDllsA +#endif // !UNICODE + +BOOL WINAPI DetourProcessViaHelperA(_In_ DWORD dwTargetPid, + _In_ LPCSTR lpDllName, + _In_ PDETOUR_CREATE_PROCESS_ROUTINEA pfCreateProcessA); + +BOOL WINAPI DetourProcessViaHelperW(_In_ DWORD dwTargetPid, + _In_ LPCSTR lpDllName, + _In_ PDETOUR_CREATE_PROCESS_ROUTINEW pfCreateProcessW); + +#ifdef UNICODE +#define DetourProcessViaHelper DetourProcessViaHelperW +#else +#define DetourProcessViaHelper DetourProcessViaHelperA +#endif // !UNICODE + +BOOL WINAPI DetourProcessViaHelperDllsA(_In_ DWORD dwTargetPid, + _In_ DWORD nDlls, + _In_reads_(nDlls) LPCSTR *rlpDlls, + _In_ PDETOUR_CREATE_PROCESS_ROUTINEA pfCreateProcessA); + +BOOL WINAPI DetourProcessViaHelperDllsW(_In_ DWORD dwTargetPid, + _In_ DWORD nDlls, + _In_reads_(nDlls) LPCSTR *rlpDlls, + _In_ PDETOUR_CREATE_PROCESS_ROUTINEW pfCreateProcessW); + +#ifdef UNICODE +#define DetourProcessViaHelperDlls DetourProcessViaHelperDllsW +#else +#define DetourProcessViaHelperDlls DetourProcessViaHelperDllsA +#endif // !UNICODE + +BOOL WINAPI DetourUpdateProcessWithDll(_In_ HANDLE hProcess, + _In_reads_(nDlls) LPCSTR *rlpDlls, + _In_ DWORD nDlls); + +BOOL WINAPI DetourUpdateProcessWithDllEx(_In_ HANDLE hProcess, + _In_ HMODULE hImage, + _In_ BOOL bIs32Bit, + _In_reads_(nDlls) LPCSTR *rlpDlls, + _In_ DWORD nDlls); + +BOOL WINAPI DetourCopyPayloadToProcess(_In_ HANDLE hProcess, + _In_ REFGUID rguid, + _In_reads_bytes_(cbData) PVOID pvData, + _In_ DWORD cbData); +BOOL WINAPI DetourRestoreAfterWith(VOID); +BOOL WINAPI DetourRestoreAfterWithEx(_In_reads_bytes_(cbData) PVOID pvData, + _In_ DWORD cbData); +BOOL WINAPI DetourIsHelperProcess(VOID); +VOID CALLBACK DetourFinishHelperProcess(_In_ HWND, + _In_ HINSTANCE, + _In_ LPSTR, + _In_ INT); + +// +////////////////////////////////////////////////////////////////////////////// +#ifdef __cplusplus +} +#endif // __cplusplus + +//////////////////////////////////////////////// Detours Internal Definitions. +// +#ifdef __cplusplus +#ifdef DETOURS_INTERNAL + +#define NOTHROW +// #define NOTHROW (nothrow) + +////////////////////////////////////////////////////////////////////////////// +// +#if (_MSC_VER < 1299) +#include +typedef IMAGEHLP_MODULE IMAGEHLP_MODULE64; +typedef PIMAGEHLP_MODULE PIMAGEHLP_MODULE64; +typedef IMAGEHLP_SYMBOL SYMBOL_INFO; +typedef PIMAGEHLP_SYMBOL PSYMBOL_INFO; + +static inline +LONG InterlockedCompareExchange(_Inout_ LONG *ptr, _In_ LONG nval, _In_ LONG oval) +{ + return (LONG)::InterlockedCompareExchange((PVOID*)ptr, (PVOID)nval, (PVOID)oval); +} +#else +#pragma warning(push) +#pragma warning(disable:4091) // empty typedef +#include +#pragma warning(pop) +#endif + +#ifdef IMAGEAPI // defined by DBGHELP.H +typedef LPAPI_VERSION (NTAPI *PF_ImagehlpApiVersionEx)(_In_ LPAPI_VERSION AppVersion); + +typedef BOOL (NTAPI *PF_SymInitialize)(_In_ HANDLE hProcess, + _In_opt_ LPCSTR UserSearchPath, + _In_ BOOL fInvadeProcess); +typedef DWORD (NTAPI *PF_SymSetOptions)(_In_ DWORD SymOptions); +typedef DWORD (NTAPI *PF_SymGetOptions)(VOID); +typedef DWORD64 (NTAPI *PF_SymLoadModule64)(_In_ HANDLE hProcess, + _In_opt_ HANDLE hFile, + _In_ LPSTR ImageName, + _In_opt_ LPSTR ModuleName, + _In_ DWORD64 BaseOfDll, + _In_opt_ DWORD SizeOfDll); +typedef BOOL (NTAPI *PF_SymGetModuleInfo64)(_In_ HANDLE hProcess, + _In_ DWORD64 qwAddr, + _Out_ PIMAGEHLP_MODULE64 ModuleInfo); +typedef BOOL (NTAPI *PF_SymFromName)(_In_ HANDLE hProcess, + _In_ LPSTR Name, + _Out_ PSYMBOL_INFO Symbol); + +typedef struct _DETOUR_SYM_INFO +{ + HANDLE hProcess; + HMODULE hDbgHelp; + PF_ImagehlpApiVersionEx pfImagehlpApiVersionEx; + PF_SymInitialize pfSymInitialize; + PF_SymSetOptions pfSymSetOptions; + PF_SymGetOptions pfSymGetOptions; + PF_SymLoadModule64 pfSymLoadModule64; + PF_SymGetModuleInfo64 pfSymGetModuleInfo64; + PF_SymFromName pfSymFromName; +} DETOUR_SYM_INFO, *PDETOUR_SYM_INFO; + +PDETOUR_SYM_INFO DetourLoadImageHlp(VOID); + +#endif // IMAGEAPI + +#if defined(_INC_STDIO) && !defined(_CRT_STDIO_ARBITRARY_WIDE_SPECIFIERS) +#error detours.h must be included before stdio.h (or at least define _CRT_STDIO_ARBITRARY_WIDE_SPECIFIERS earlier) +#endif +#define _CRT_STDIO_ARBITRARY_WIDE_SPECIFIERS 1 + +#ifndef DETOUR_TRACE +#if DETOUR_DEBUG +#define DETOUR_TRACE(x) printf x +#define DETOUR_BREAK() __debugbreak() +#include +#include +#else +#define DETOUR_TRACE(x) +#define DETOUR_BREAK() +#endif +#endif + +#if 1 || defined(DETOURS_IA64) + +// +// IA64 instructions are 41 bits, 3 per bundle, plus 5 bit bundle template => 128 bits per bundle. +// + +#define DETOUR_IA64_INSTRUCTIONS_PER_BUNDLE (3) + +#define DETOUR_IA64_TEMPLATE_OFFSET (0) +#define DETOUR_IA64_TEMPLATE_SIZE (5) + +#define DETOUR_IA64_INSTRUCTION_SIZE (41) +#define DETOUR_IA64_INSTRUCTION0_OFFSET (DETOUR_IA64_TEMPLATE_SIZE) +#define DETOUR_IA64_INSTRUCTION1_OFFSET (DETOUR_IA64_TEMPLATE_SIZE + DETOUR_IA64_INSTRUCTION_SIZE) +#define DETOUR_IA64_INSTRUCTION2_OFFSET (DETOUR_IA64_TEMPLATE_SIZE + DETOUR_IA64_INSTRUCTION_SIZE + DETOUR_IA64_INSTRUCTION_SIZE) + +C_ASSERT(DETOUR_IA64_TEMPLATE_SIZE + DETOUR_IA64_INSTRUCTIONS_PER_BUNDLE * DETOUR_IA64_INSTRUCTION_SIZE == 128); + +__declspec(align(16)) struct DETOUR_IA64_BUNDLE +{ + public: + union + { + BYTE data[16]; + UINT64 wide[2]; + }; + + enum { + A_UNIT = 1u, + I_UNIT = 2u, + M_UNIT = 3u, + B_UNIT = 4u, + F_UNIT = 5u, + L_UNIT = 6u, + X_UNIT = 7u, + }; + struct DETOUR_IA64_METADATA + { + ULONG nTemplate : 8; // Instruction template. + ULONG nUnit0 : 4; // Unit for slot 0 + ULONG nUnit1 : 4; // Unit for slot 1 + ULONG nUnit2 : 4; // Unit for slot 2 + }; + + protected: + static const DETOUR_IA64_METADATA s_rceCopyTable[33]; + + UINT RelocateBundle(_Inout_ DETOUR_IA64_BUNDLE* pDst, _Inout_opt_ DETOUR_IA64_BUNDLE* pBundleExtra) const; + + bool RelocateInstruction(_Inout_ DETOUR_IA64_BUNDLE* pDst, + _In_ BYTE slot, + _Inout_opt_ DETOUR_IA64_BUNDLE* pBundleExtra) const; + + // 120 112 104 96 88 80 72 64 56 48 40 32 24 16 8 0 + // f. e. d. c. b. a. 9. 8. 7. 6. 5. 4. 3. 2. 1. 0. + + // 00 + // f.e. d.c. b.a. 9.8. 7.6. 5.4. 3.2. 1.0. + // 0000 0000 0000 0000 0000 0000 0000 001f : Template [4..0] + // 0000 0000 0000 0000 0000 03ff ffff ffe0 : Zero [ 41.. 5] + // 0000 0000 0000 0000 0000 3c00 0000 0000 : Zero [ 45.. 42] + // 0000 0000 0007 ffff ffff c000 0000 0000 : One [ 82.. 46] + // 0000 0000 0078 0000 0000 0000 0000 0000 : One [ 86.. 83] + // 0fff ffff ff80 0000 0000 0000 0000 0000 : Two [123.. 87] + // f000 0000 0000 0000 0000 0000 0000 0000 : Two [127..124] + BYTE GetTemplate() const; + // Get 4 bit opcodes. + BYTE GetInst0() const; + BYTE GetInst1() const; + BYTE GetInst2() const; + BYTE GetUnit(BYTE slot) const; + BYTE GetUnit0() const; + BYTE GetUnit1() const; + BYTE GetUnit2() const; + // Get 37 bit data. + UINT64 GetData0() const; + UINT64 GetData1() const; + UINT64 GetData2() const; + + // Get/set the full 41 bit instructions. + UINT64 GetInstruction(BYTE slot) const; + UINT64 GetInstruction0() const; + UINT64 GetInstruction1() const; + UINT64 GetInstruction2() const; + void SetInstruction(BYTE slot, UINT64 instruction); + void SetInstruction0(UINT64 instruction); + void SetInstruction1(UINT64 instruction); + void SetInstruction2(UINT64 instruction); + + // Get/set bitfields. + static UINT64 GetBits(UINT64 Value, UINT64 Offset, UINT64 Count); + static UINT64 SetBits(UINT64 Value, UINT64 Offset, UINT64 Count, UINT64 Field); + + // Get specific read-only fields. + static UINT64 GetOpcode(UINT64 instruction); // 4bit opcode + static UINT64 GetX(UINT64 instruction); // 1bit opcode extension + static UINT64 GetX3(UINT64 instruction); // 3bit opcode extension + static UINT64 GetX6(UINT64 instruction); // 6bit opcode extension + + // Get/set specific fields. + static UINT64 GetImm7a(UINT64 instruction); + static UINT64 SetImm7a(UINT64 instruction, UINT64 imm7a); + static UINT64 GetImm13c(UINT64 instruction); + static UINT64 SetImm13c(UINT64 instruction, UINT64 imm13c); + static UINT64 GetSignBit(UINT64 instruction); + static UINT64 SetSignBit(UINT64 instruction, UINT64 signBit); + static UINT64 GetImm20a(UINT64 instruction); + static UINT64 SetImm20a(UINT64 instruction, UINT64 imm20a); + static UINT64 GetImm20b(UINT64 instruction); + static UINT64 SetImm20b(UINT64 instruction, UINT64 imm20b); + + static UINT64 SignExtend(UINT64 Value, UINT64 Offset); + + BOOL IsMovlGp() const; + + VOID SetInst(BYTE Slot, BYTE nInst); + VOID SetInst0(BYTE nInst); + VOID SetInst1(BYTE nInst); + VOID SetInst2(BYTE nInst); + VOID SetData(BYTE Slot, UINT64 nData); + VOID SetData0(UINT64 nData); + VOID SetData1(UINT64 nData); + VOID SetData2(UINT64 nData); + BOOL SetNop(BYTE Slot); + BOOL SetNop0(); + BOOL SetNop1(); + BOOL SetNop2(); + + public: + BOOL IsBrl() const; + VOID SetBrl(); + VOID SetBrl(UINT64 target); + UINT64 GetBrlTarget() const; + VOID SetBrlTarget(UINT64 target); + VOID SetBrlImm(UINT64 imm); + UINT64 GetBrlImm() const; + + UINT64 GetMovlGp() const; + VOID SetMovlGp(UINT64 gp); + + VOID SetStop(); + + UINT Copy(_Out_ DETOUR_IA64_BUNDLE *pDst, _Inout_opt_ DETOUR_IA64_BUNDLE* pBundleExtra = NULL) const; +}; +#endif // DETOURS_IA64 + +#ifdef DETOURS_ARM + +#define DETOURS_PFUNC_TO_PBYTE(p) ((PBYTE)(((ULONG_PTR)(p)) & ~(ULONG_PTR)1)) +#define DETOURS_PBYTE_TO_PFUNC(p) ((PBYTE)(((ULONG_PTR)(p)) | (ULONG_PTR)1)) + +#endif // DETOURS_ARM + +////////////////////////////////////////////////////////////////////////////// + +#ifdef __cplusplus +extern "C" { +#endif // __cplusplus + +#define DETOUR_OFFLINE_LIBRARY(x) \ +PVOID WINAPI DetourCopyInstruction##x(_In_opt_ PVOID pDst, \ + _Inout_opt_ PVOID *ppDstPool, \ + _In_ PVOID pSrc, \ + _Out_opt_ PVOID *ppTarget, \ + _Out_opt_ LONG *plExtra); \ + \ +BOOL WINAPI DetourSetCodeModule##x(_In_ HMODULE hModule, \ + _In_ BOOL fLimitReferencesToModule); \ + +DETOUR_OFFLINE_LIBRARY(X86) +DETOUR_OFFLINE_LIBRARY(X64) +DETOUR_OFFLINE_LIBRARY(ARM) +DETOUR_OFFLINE_LIBRARY(ARM64) +DETOUR_OFFLINE_LIBRARY(IA64) + +#undef DETOUR_OFFLINE_LIBRARY + +////////////////////////////////////////////////////////////////////////////// +// +// Helpers for manipulating page protection. +// + +_Success_(return != FALSE) +BOOL WINAPI DetourVirtualProtectSameExecuteEx(_In_ HANDLE hProcess, + _In_ PVOID pAddress, + _In_ SIZE_T nSize, + _In_ DWORD dwNewProtect, + _Out_ PDWORD pdwOldProtect); + +_Success_(return != FALSE) +BOOL WINAPI DetourVirtualProtectSameExecute(_In_ PVOID pAddress, + _In_ SIZE_T nSize, + _In_ DWORD dwNewProtect, + _Out_ PDWORD pdwOldProtect); +#ifdef __cplusplus +} +#endif // __cplusplus + +////////////////////////////////////////////////////////////////////////////// + +#define MM_ALLOCATION_GRANULARITY 0x10000 + +////////////////////////////////////////////////////////////////////////////// + +#endif // DETOURS_INTERNAL +#endif // __cplusplus + +#endif // _DETOURS_H_ +// +//////////////////////////////////////////////////////////////// End of File. diff --git a/libs/Detours-4.0.1/include/detver.h b/libs/Detours-4.0.1/include/detver.h new file mode 100644 index 0000000..f0aae9b --- /dev/null +++ b/libs/Detours-4.0.1/include/detver.h @@ -0,0 +1,27 @@ +////////////////////////////////////////////////////////////////////////////// +// +// Common version parameters. +// +// Microsoft Research Detours Package, Version 4.0.1 +// +// Copyright (c) Microsoft Corporation. All rights reserved. +// + +#define _USING_V110_SDK71_ 1 +#include "winver.h" +#if 0 +#include +#include +#else +#ifndef DETOURS_STRINGIFY +#define DETOURS_STRINGIFY(x) DETOURS_STRINGIFY_(x) +#define DETOURS_STRINGIFY_(x) #x +#endif + +#define VER_FILEFLAGSMASK 0x3fL +#define VER_FILEFLAGS 0x0L +#define VER_FILEOS 0x00040004L +#define VER_FILETYPE 0x00000002L +#define VER_FILESUBTYPE 0x00000000L +#endif +#define VER_DETOURS_BITS DETOUR_STRINGIFY(DETOURS_BITS) diff --git a/libs/Detours-4.0.1/include/syelog.h b/libs/Detours-4.0.1/include/syelog.h new file mode 100644 index 0000000..7cfa9f3 --- /dev/null +++ b/libs/Detours-4.0.1/include/syelog.h @@ -0,0 +1,89 @@ +////////////////////////////////////////////////////////////////////////////// +// +// Detours Test Program (syelog.h of syelog.lib) +// +// Microsoft Research Detours Package +// +// Copyright (c) Microsoft Corporation. All rights reserved. +// +#pragma once +#ifndef _SYELOGD_H_ +#define _SYELOGD_H_ +#include + +#pragma pack(push, 1) +#pragma warning(push) +#pragma warning(disable: 4200) + +////////////////////////////////////////////////////////////////////////////// +// +// +#define SYELOG_PIPE_NAMEA "\\\\.\\pipe\\syelog" +#define SYELOG_PIPE_NAMEW L"\\\\.\\pipe\\syelog" +#ifdef UNICODE +#define SYELOG_PIPE_NAME SYELOG_PIPE_NAMEW +#else +#define SYELOG_PIPE_NAME SYELOG_PIPE_NAMEA +#endif + +////////////////////////////////////////////////////////////////////////////// +// +#define SYELOG_MAXIMUM_MESSAGE 4086 // 4096 - sizeof(header stuff) + +typedef struct _SYELOG_MESSAGE +{ + USHORT nBytes; + BYTE nFacility; + BYTE nSeverity; + DWORD nProcessId; + FILETIME ftOccurance; + BOOL fTerminate; + CHAR szMessage[SYELOG_MAXIMUM_MESSAGE]; +} SYELOG_MESSAGE, *PSYELOG_MESSAGE; + + +// Facility Codes. +// +#define SYELOG_FACILITY_KERNEL 0x10 // OS Kernel +#define SYELOG_FACILITY_SECURITY 0x20 // OS Security +#define SYELOG_FACILITY_LOGGING 0x30 // OS Logging-internal +#define SYELOG_FACILITY_SERVICE 0x40 // User-mode system daemon +#define SYELOG_FACILITY_APPLICATION 0x50 // User-mode application +#define SYELOG_FACILITY_USER 0x60 // User self-generated. +#define SYELOG_FACILITY_LOCAL0 0x70 // Locally defined. +#define SYELOG_FACILITY_LOCAL1 0x71 // Locally defined. +#define SYELOG_FACILITY_LOCAL2 0x72 // Locally defined. +#define SYELOG_FACILITY_LOCAL3 0x73 // Locally defined. +#define SYELOG_FACILITY_LOCAL4 0x74 // Locally defined. +#define SYELOG_FACILITY_LOCAL5 0x75 // Locally defined. +#define SYELOG_FACILITY_LOCAL6 0x76 // Locally defined. +#define SYELOG_FACILITY_LOCAL7 0x77 // Locally defined. +#define SYELOG_FACILITY_LOCAL8 0x78 // Locally defined. +#define SYELOG_FACILITY_LOCAL9 0x79 // Locally defined. + +// Severity Codes. +// +#define SYELOG_SEVERITY_FATAL 0x00 // System is dead. +#define SYELOG_SEVERITY_ALERT 0x10 // Take action immediately. +#define SYELOG_SEVERITY_CRITICAL 0x20 // Critical condition. +#define SYELOG_SEVERITY_ERROR 0x30 // Error +#define SYELOG_SEVERITY_WARNING 0x40 // Warning +#define SYELOG_SEVERITY_NOTICE 0x50 // Significant condition. +#define SYELOG_SEVERITY_INFORMATION 0x60 // Informational +#define SYELOG_SEVERITY_AUDIT_FAIL 0x66 // Audit Failed +#define SYELOG_SEVERITY_AUDIT_PASS 0x67 // Audit Succeeeded +#define SYELOG_SEVERITY_DEBUG 0x70 // Debugging + +// Logging Functions. +// +VOID SyelogOpen(PCSTR pszIdentifier, BYTE nFacility); +VOID Syelog(BYTE nSeverity, PCSTR pszMsgf, ...); +VOID SyelogV(BYTE nSeverity, PCSTR pszMsgf, va_list args); +VOID SyelogClose(BOOL fTerminate); + +#pragma warning(pop) +#pragma pack(pop) + +#endif // _SYELOGD_H_ +// +///////////////////////////////////////////////////////////////// End of File. diff --git a/libs/Detours-4.0.1/lib.X64/detours.lib b/libs/Detours-4.0.1/lib.X64/detours.lib new file mode 100644 index 0000000000000000000000000000000000000000..0804617395af9b4b9ae5db9c1a819826b4bdf008 GIT binary patch literal 664644 zcmeEv34B!5_5YhBKnPpHBB%%h1PzFgkPyNqGf9R_NJv65fgsUINQNYm&6x=VTmS=# zM%>rB<5IOQSa)qJ2r5|X-nzHZss*JMtyWZ&|M%Q`-g z)n&kzxeM6g(!zsjGc2(4HOTB>b#qPq)J$`*7MrtdjiuHCEwr#UIIp!R(9(=pTScUx zKob*)6gGtI2C$%IWtv5#$s8KZKEyl2Jb{2}A`UyJPwn2?YW42gAOtM!ty3RtwGGa8 zMa>+I;_R9l7fvhdX|X{lHaCYlU9j*96vn8A*5R9ByB^_tsDF(ed`?U2YRVHsP02^C z@|1Yoo>W#m2$yXS1>@S$hWcR(m){%;2it1G4K2+^Jk@=QB#S8igq!6cMVVKVK(M;e zC~J~Jl>KgTo~DLy)HpG{ZWb3_wMYUPjmjOUZKw_hEP@as9zQd9UZDF>3Mjc$s-W7c zqAc`eyXRBuNEnMkuf12}sv<%a zpA`vDdrf_Hb6ub~m|GpLE(x~O1VW*P<~n`PVo0~5p*XmpAygA+Y^-h$w6ulv`DrGY z)6!hqKy|;mk;kGqSRAeo1nmT>Dg=6isM`$~hS@O<|B7+Yxl*f9*iv0w~|MkO8 zo*(MusK8MaQ?J1XSZ3MFJBvII4oVY&qgfN}1Qqf;R=!yeCU-`qXud)y>rqO&9F`oA z(vhiUEsDKfR+V;hL&-5^Esz|dO3Kt?=0YuX4K>w`W%Uiq!-aw6;cj9WF=Sy&b6u3O zFOmdvRw(gH6qAk#hP+}LQ$p5tc0nPrG!;h-x9PQ8i?92;+Q8#khL^QzI9`H z4;O3hu8QXI*?>m{G_Rv#+MofNR#E_26;&fmtEfrPrUgUbFqk59caufRa7rF zIE#|SdKJonkUv<%Mlh^d)#r5D!tC;#;*uqvB46neSDGu^avWnZiowtV{emmk<0~#N z_2;`YGyK`*MY)9@8p~w6^AV5oG#48uz!2FD;gBh|!0j*a7o;k zYnyn4k*VZbn?#MWwul-fCREk|E199HGu9C>Lt9703~g#pUMg4zhYZ3LsxhzC6iCHf z(OTR}4VNiSli_6;-J>#e5A+3^T4~&FiljKomMw2?u#uO9vNok!m$eDiDC=m+ma9lN z#b~Tik!b_d4J1E=#=sOq8RTWN&`^|YBwI36X`r#C1{Tk5Yp%uk)~sP6th!~BMO5Y0 zQqEt*n?yc$!lbakh*w_Z(&2yh5287`1&>W1}^&dYn}e)Z?rQ zp&n;pZNS8e1`^$ETP)kT+s0S}jMf^ffKi)c1sA0~rnFFRK`DvSAnRaJ45-!?#eQm7 zH!Zh1S5#HOPG+m%QKGDrOBFmy)D?J?YEP5#NO>=6X|?K>+`M&w`2n&{5^F*@$T}e^ zkY)6}vf;b$D&*pWfwol_g+#Iz0^JT)fCA06rs0ZFn8~owtQDlOqnf|K<8$Y_eQxVv zBn=PE#*vJ#Sq!UCZmyuUq_HecHh*;2p57J;8&;YaUcEY&nxCIf>7dbR>O2fABNJI2 zRyzQuu+k!e)72yUo(LXhc-e;+UZ(m6i~VS3PCu+@X0HwhLWeIozpbhD@TE(Ff#nVD zhc91ReFVZ~fx4zZvwDfszOm=2SCD%kmVQ`iop*R8V&37Eh4(zhhra(_q>c)AT#`#SX7TX!{-8p;`1hByX$Vu^o`U-|2~< zvENZkN9}jiz!Hx|Lld>%Ar0O2I|4(kWKa4X5{usNFa)WM+VAL4CjAaWbl>j?m~I_B zO21<+VBYU!Wt#RoV9zZJ2XPBEr=~uqI_!42mbmGbdafUL0y2BP*~Ec^QxGk|}w z7JkStIG1aNE5l#lmc$&=gS8s3r?A9R>d!0B&lP5)VP8r0 z>PFnO_O*!n{<2pvfMq(tTig(?&uwgkHui*Gj)|YAJ-YAWD6-M~LebQQWXX9A%?+V? zZ=kU?5Y(n4KV-%gm_-fM+*b}n&qtz_2$=cF;p_cmetB!H!HU8VW?r6lDO#pV{*|F- zp3f?$zmZ+6Qh5kBd}#cY-$W&bXPxRH7}+PMzB-8eMl5F|!?Q&~EX_qX&sbTO1!yhO zfcI!1`Ax03mpQM2mUz{QX_-V;!!bqGO;Iqu`nKj3_9B;NnNHzjj5dpn@QoT{4aOqI zeh-g;MY3ST3btl4*Pmw+Q=_*bx<-gaoK-+C8omm;_7|j;WYULxK-^D@3azt${ok|I^ErB3ddD01(6bB&7{rL;rc^<#d zTV7P)r$sVa-=daWtE9Ls+}eia1#Nwh=NAf`O%}OnLq&l=Z2%K8qX=0++)~YHYzg5} z9W922I&3A9+SqQ*$sZ@oX$xXTDaWuUiItN|d4`9|0`w@NNqpQGuCVss<)REEw5PcZ z(@7&18fg?H!zlo^az`>~Z4EY&hjywU)RDpsb+kby;V>JKQY`D5`BOZ!I(bW@NhQf^ z8XB)kgi`9kqh=yY%>rRX8ui1Q%8M*23XKvNCk@Y3a905B?$f3mLL_`SOsl z07WdxfQ#^~r8dbTmdZT}_AqicnGz|ehDgJ3riHbvVNHOyKG|){v20`(4KE)r0_kfp z%RP!J$1D!w5k|cV*51e&#}H%|J&GwI6!M@#Y4J`81ep<8dQ2?D%uUhbeR+06b9Hbv zYxOi7UM0nNQsbklepdo=6%Oq-;uSR-^37sF$Mb%Ba_&?8+QQwrf_PY=&dL{A6$K$z~9` zg(v$`hE=DCXtX7#2nx-%W+jE1BsMIIw%*k3ViN<9svfK~b+gO_Z&Da-jY$JBE-=Bn z+tnq8(HO*V7evz%+Pt43dJ6Ork$Xb)bUD49NKaFN|Evgn?N=|(;N=2E@{C!R)ohfG`@-O*l1_Du0KXkOz%Xv zm*a_aT22yhJsUBZTgwdXpIW!fU%jklWq`~~53tfeUgft8kCLr2@vChKg#7fNpdU|S z_?HVa5Rk?(?7TLCux)+ob7v>k?v0GNzgm_(` z*}p8fg2aRrf9y=mL`_ffuN9pTtos@BfqX0`RQwEDQl{3Y!o2y zOMz=>rWXjXTp3~WyRV#G*s>}R%qE+g`RYCbq$hUy~3RBZOHmXS>j zZi5M&^OY3ywK!ir)-~lQEoumc+o~I}uop&_lwp<1(;ld43(Mu)(jQ7o!a-k4c_W@n zmwLYcMP~YRzBNWw0ye;q=5LUsxTy|l=g1hTwO6ck<$JNxR}aTYe>~7jdh)V9lCLga zs+!qXTH}zUc*!BfNO4jxsZTe*c!r8mp&XFy?iT~?^ds$DL-hYxp^-~P$5PCrBPdKc zeMBQab6K?wB3N?uk^174c}88b566<8*lvCf_{Uga)K=vwjAa^m{9;&|YGjLhL7 z%W~btL+ejEdaHhPO`HV7FS_O9kv1w-v5@V{WVt5oe*$7osflG+b+{B_U(Jv7@LvQ+ z*J=&=SQ1j^MWi$j7?{u1u;9!aJ(HaUbbdmCSf*B_*uxMs!=|MX(bltRpjy0w?p#@b zw5tvbq+SX)E}c?9|678O>;N(M|I`w^`D2*sX#mFR;u*}IKC@|sr_w8y!}wf8)^F=w z>HqV04gR-93EgzzyRh&TGI`GyJRh!q-7W(C-xejR{cgy58rxxilKn}V8EpPtL~ zB#x?}dJ@CKS#3|9r;+MOEVY8RbNsN@_tlHT_T#7t%DyEvZ&}!^IU1QB#8AD0Z9j&l zF9Ydc-=+%v@7b-1?}sooLsgEke-5`~WKo*p$C3Y*&0>z^{*NkQ_VZdFp#AJ-l1FgQ zNhjLFDC?zd*K`)`Bf8&Z5bj~rjq*K<{Ndkk(@OR*+B)H$#rd%B^s($RO7}4CCJJoF z-|jANh8=`@u+P(B-OoI{mzXp`*{|*M4(INvTE>2kX@crO4AtGS%?|Q#-)~a~)q@zS z`&GL!RLk_hh8i*3W&LpOLu+Ju5JSydTlQnv-2^Hv@z*y5N%gL^`?Ykf~Vf3L7Cv0;7lii z|8aXP_U!R+exuL!qdouB$I0=$!hhf9kmkL)7)H?g9F=qwcRosCn<%QbX;nA(O3@V( zd}m!61?Z&Idwp~x^xwIiB<{Olv!xzvOic#--yW1Gj6K|gQh5l^?6G~-;PYSf1_++i z>vq>OsxO55-%gP7ewvys^VlY3(e@q__5&{J)?+d(%FbhvJqD?bOfy|9R_{beD674% zw7R<4PfWG1qN;Vaj)1ZYqY7;u5i_)EAy(D$D^D+?JgQV%8p2<|o^=GeCmX*49(A8G zl{Nmi%Osw2WkpUl^uKJE$^Yt)9T>MTvN3fv3TdWWmhS_Y$l02>+S=&T&KrhNYMZhd zsP_Fr7axVwLnIgp{%hYuWP3Pwx3FWiDKtIJ!p5*PUt`;8Ss_hu%3HC9mkHUcn%%zv z`LEni^(TJaGRoduk#|<2fLK+KH&Tg)qoOb4@H97`O#dgm<7s2qCGREq|M_OKk+)t{ zT{g2IE8%P#G|kH~Dwv!nHjpA$G)Sri)|-SX@9BmKXEjz)?>S01t5J#`XEEde?0@^* zn(RPNO`c}g+$i>ABMEwG1f$n(#--|9QNitGwhC@1&sFd!QUBjQx5^g>kTvwwI_;Tj zZ=c(r_PuxYmQDJNlxU`<_BZaLq($I9LR1z1f-Rl?eXsE!{%%t0_wWAqZXUnmNd>Ex zzp{9w@8)4!G#i_X;w?nJv#1R$>yCQ>r#?CA{&Dc84qN+Tuf45Jbto2;QI~cDRMX(J z5T3;D6tUY*s;EbQ;kdhPR*n8FH9y4*%ZIUTt5!tB%eq3ST%qWuiomo zC@hv9nev{&IvLeA_BtPwBy(-3+bR$7;`x8}hK4YG^lat5a?K=JfHk~G1<|vWvaaz^RSpe5QZ=+}rDA~n-}l14*mYCv zPAcqcv9Bg?%l>&U`v1iHb|y@j;?x{znVDHxnNz1_@XY}fzf|FxnwlwGRS7N2PM?et zQCZs%YH6$vHf3f^220Yjjm(B>GibXhGb>XgUqgGst_s&{m<{wui-vh~6b4iKWlf!}baB@?#j2jNe3CZ#m zr_RKZD!sm)@H!c|nDHDF2jWUJ>U#kEi2}osl4Pc@1nGMlxCtjj*LM}X7Ya-?eaX=G z32+G$qU)=G_f&z2rY{cqE(Gr4iP8042Jc4&CYrts=*v4%lFpnIUEh=NzD;1F>GMM0 zsV7O&9h0N$y9wUE6PRfFa-na<6iIp@HM+ig;Qgk+MAJw4yFN{lUY#0U-!I_(t-wUn zR|tK#r%TfQjOhBZ;5}lRB$eQ#17fD-Z$J2_05d<6P}sEur&)O(1AY*gD+JC;-!9;8 z1ST*Y4jfkcP=%z;z&t2$(eyn9Oa~9|=OV->#~czXnfBhB^ggXbpT!n336BeUHA%|&PQ{lFbxE=fl%j;`-%;7$hShYF7CW1(*-(vh=7k`^!JII^=@eyj!V3Sb7G z#&OZ?cOft0gg)mF|*$uq+{H2 zN$S@S!I`CZB)nS$h9k}Oy#>!s;A&3iD69CP36eSmCYru&@O%!q^Hy+_mA+%)eZRnP zq7)2v z16*E9_xf4{CYnBq--W1(gWO=MY8k`m#33Ygyt9HN1CBh@vz zRg3En{_lbLK;USe!Eh^E8pF#_ki>y%DIF3RnI{d#{6iNmwTq561;HFv;r0b?n7}IG zn&?Znsc#l=c{cO~Z0c(QZnX`4*Vxo|GjPAKp>MZMeXj!dz72if+te4kQj!MYq$65> zoFp(DX#-9dIEV`YyAn?>gY_u%T~8O?}S-_o@wjf3vCY8{lHwyU&j? z0@Gc7OaN}04Si)c^(_Ui&W65?HuY@=?m8R#99=ZZ>RSQaDjWK)vZ?Pz;O@4e z?|Ga0UIy-68~VPrsn4+n^H7|0DEVe$zY_(9Bdzvw`<6Cmeu=Q_98VX)L`^uP_+Z){K za3l67O-{nc*mzooVZ3&t)FTqTI##xjwISl8}juDwA85Q{wlz^Q2S(?-Lci$X%G9>z`NX z&MT89LgHe53i69h6EIC+H3`sT%Y2BuyRf*(<6l%v@10gxdqkj4NYxL zC@_7J&V^Tulv7;lU*st*%ZKCw_k6mVDvgJCm`VCdpsKJi+nrP3FDcD0F3tBX!A9`R zj?zdep27TPC}|*k$Dym=!}Jm zT$W1mOrpq@d5cSZQj+jQ-iZ8Fa)jX_PdVg-e0Fhhp~qds^u>~fMaB4zBKgwXEf5Sg zw;=y0v@>wMn3Ep+QaD^zwty&8N5QxHD72`&*_3xdM){6U$}{q3&cp@|X&KTKco$oG&zw2C zt+^T7qSu}jUfmivDReT^ce0rP+X0m6n_=l~qHjDRkZLA?y*uW$76n?G@&4TmX*ysh zbqh1m?}Xs77J}HoBW(tn$3VbgCXgMJCc*E= zVTPQYIWs$GqKVS`xjDMJxu$+q9IJQQhMJrm8q!_>HW~s+d|)NGXZRmC-l8$ z>20EqQvI~K06yf=ls1*6`iW==6RlLU(GW?z8KIgzgz6tPd7{mrnl0B)YG_+=%^C&J zuW-`sJQ{*0I^rtF?YQ~&aV6Kynt1o3+rB~bQO@|~YnQ%t@3&ULP(+)f>NuM$PLnpUB@7Vulddo}u9)0`zbx&X^9|0sfO1^kC z{k^`|zk7$Y^}EY!PQ$I4vl;)>n?nyj_wtY*4kjcleeI+fXqt91{%dExzWdPEmwdIl zbM)|sE?SCo4aOQ(qNC>QYu3#^xXFD_N=$pk&LOFiw3P9K^G?0)m96h=?0xKW-+h1n zq#rOuX8aetp94^h973<-E-fa{l1l?a~c2U_JNzH&MZ!U{J9ZjJ9g(`efmYl?|02HpYCcq zXV1QjHL-DL&6+Pse}^4L(O?pTM?4%-7p!h_(r3^@&Xo47%n6l?@xhOlRUv0VLm1=A z)XIkDn#Q);0Gu?CoRON5HaWGjttJ?*tiiV}K>baDrkd8({?O$5Bh%SbxvHUgS#>CI zgo;A=SZkoRk~D=wwMVF|t*NqhSsjgMk6aOw*M_mvPok(fe1vL*mGG_!zH?aDe1zI~ zfuLUQ2o;HF!BiM7v>d6egtof2hT7V|avrrF%$UTJI5n-UM^>`cwPh77jycp3nu*!_ zr_-dW$}Pdwh?~UbnzWqWTPjQ%gZ9UJL1A*dw=)-i&w~vHxp&CZ(zC&tC*@IluN=eS z>V*?Mvows_dVc7}STkqp7?=)VY2W^wIUveU| zN5{SqFhfd5*XYjv$sHeb_1o3C{erk;@KV9s-qj22^&gBrc<4~XCu{s6+;3rj+q)7N z;85%~6~NWe6}!FbDDHD;uHqAyJpRz3L+b`0LPKC%ZZsYvCR$}0Kg^os%N<~LKe_ar^p>AxMOh^J7{!` zp?FeKioy!kG6v-n#{`=(ElWzuQWyx&m}NXz5{*=l@qwmRp7E6J zRpcQKN*iT+Uz|R{8$M84N9jEpbRy_6pt+#Og3>+Vk)Ufqj|05~bQI{%K}UmaM=W=Wu~!B`R~o2evFpv8{bKqGDrnul+n955=-P0qUTfC%nRTP=y`Zg9=LpPhVjv?)`C=;f#&a zmWrLsG7mGG8XKBdu*ydj)+|?Oa-_}`s(fCY@j(bHM8>*k#~R>vIv#K2b7{O@9wF=S-T~<~91JHq7#tY;TsgG$mK(E$dJz zL*;|gL7A(raGl6BO50{oYFRG^r3!ZmXf^1ipl5(y26_SL<)CDTD?lfKZpFznn_LOf zdkU{hxT0kC;dH!aeQq3be$P=Nm$&bUVcqI*ULb~R3&b`m5Ob6Q!JFeztm>n!o*Myc z`rsEKRHW;Jp9GIA_Xy5}D5XNPl=IV-4tyezdgfGw9;G9eTVq;eQk4y=_VqaBgVI7J zBLQcnVEzU%@U9#i-HJQau$kpi*3tJ~7>J4omo zcv`n0Yh8!4Z}if@7T%7eAPhmiQ$x)2eR*p$)(Q26A$n6mYl5oc09{lfs&L8&rH4v{ zdK7j$a+1<`Cn%MOpMz3caTh3!)b0jt1ic6JEYM$oUJZILDB0ycP$~&jI(SJSSAss^^g+p^Vm4twU`Ohv~G;ttle<5<+RymyoxR!<624K&gbh z3px+x;-Qz$25xpN%CS2Z zM^Z$z^Ek7?g?1jd3}2O%=W&A(BmDrM?yIN@h`xAGy7a~40J4|T`W+}0kMBXL0XYa- z1NsB#nV>&{c7h%Py$uwN+d8t3L(KN6yW+)zTnW-X{Bs_K$a$u-{jAR1fcAVU@X=qxXCI?e=_rYiLjkG<%8m+x6W)~9kK?u z4!O8>IFGEuc^A+UWXHY~eR&xK1fe436pEkdO#9w&99arDOzLzOd5p|iWOh}klR zdHJ9?=q*quEN~zExCO|SAYF@p&bvXlH06U99qof-Ts&7Z3dO6|6>sw6= zzVS}`&#}%U1$=e2ljkFJJ5|?tl&G{q$$8-glOdpG9&`>x3U}E~s zQ0mcD<{a>-=$?$TS2WY(p0>PDi+kU+kZx^u>Li>{D4MxuW#x@-rK@ZU2vuYc-Z%T!H)7WZNuA z8V|V(aluRJLTG427UT@MzojC}Ija6v-)d4k$=K8j$ldKEtmlmS&&AI1A1n`e`x`vc^M>SW zf$~zb=^ zq##vM09dN`M49g*U8&yfd-{_M3t{`-{@xRrkk`BZtYjC8$f2`l3TL8p_7o93EyrVq z)VYfVn%lX}yV;kFxLuUI4nZ^KUaBf2=_MtDE+P+c2}NxhMc!zND3a{HDobT&-;NJP z)AY>QIk@A)(Xd*UCw(_!(D^EWSW2b!7jrq`;yfQ*w=-UY!n+i%UoqZRxVXN7sNr0899&#>K3p6Z z2lN*>F9QB#T|Z4PkB@*~HPI+FoVLP}CwJ|@n;hZ>^*VT|9v>KrzL|2+iQ!DKqqU4Z zM$bl{RMG`EHxLRV8c9i1*~a25b~HqGYL$k;Cxv{tj@%I2#})lGA7d>)iUeu{^iiT( zfMcoMXU77hIFCCCoC>E1(N`U;3q+PsDCP3xlSa&5T&s8`*hU8T!+UF#Q~A6O0pK9z z6`)$>qzJ{$R1wW!Xe{y;PWhm`*pG`5IA0XZO;}W+>kB}~gI)+qW2()dl(I`emxEpk zdJgDipx1+53Hl)D)u8W!UIW?%`ZLh)KyLs|M&xepj4Kg0;R#ruW|C$ms|h*!Xsip9v-Th`))W__O;ESP80b<%lIp!6o{MN( z

w@dPX12A*0`QC6WzS)nAp8m6kEqNp^GQBhV< zgalR6Gm0w$Re2>K2C&=gCQhp=!ixe}c>CY=IEGatMCesJL zAIA12tt_ulOQ%*RYfcyOY-3DTpaQQ!a(!kzDQRZ%q>R+DDY=s~Qj>EhC(Sb1Tpz4< zur(p=C;0Zq8%LXI1HuWp#vtFA zEPQ@7wYsRFDo|vM$y}V5T)3dBGN9F@imHiIk|(6*rle=(`csorQZtj1q>$Soitx1g+SVR4ZW zo0nf!5s1Y~bZk}W61=f9wwY~CtSrhko7=6t$(G8kxoOrW)HdC?HQ~u$2)ey&M(gPI zsyPBdUNqXQ25D}bFH~XJW;j$|cs8w0RTJmi=MAkPoQq2+OeJy4hGqCG6=s!ig(8e5 zi_fLdYAtkqcLylcwMk*i3sp^;Zc)str??PcyM1s6BFM=V0+(A@@56HhE3q4(5Wk&H zjf*wrw=HdPxRh8aY<9`6Yz%d6QrPk$Z2AZF2k!K@d@{!X;lp9Mh7X55QfN{feS6cs z+r83X=&@q#3Xh|ka%ZQ@p)nClr!y5Dl9qd83K+dcWJ6+(;_2?;+@fKeUA~66TY+;1 zpm8pjvfv?@J1C*9O$rAmLa?|aCH~!Uo=)6eYnd79G4)4#8Q@0T+bS7Ygy zj|wtu6y7evV+SyOafJ&XPgZ)9@p7VZ!X_sT!=)cjgicCPJm!BmeOsjPTyhh)r05NNlG8rF2jW{1N2^#@x}pMG!P4`?6jV{YZ#Gnx`p!d?MhZnRuls zw@qOh)AtqJmV>8MFCRlJZ2sPY@>~s`uH3GK>4eKJFI;_BhV}Oa&12FezK&;JNZ*F5 z%^ccn6E0nrB0x{g!KbU)5W+N84!C=@1Uw&WKE^kkKBkMe0B^u3q&9V$-;RemA58i) z;OkI?Z*l*@x!{9lITXit)aD~&C1NznAIjZ^C&xQ*h`$6vlJSoix!8E21 zO}OzIcp^%K&45@~eS1M~51uzQUt{H<0}}Rk@U&%th3SqfT=)vX*A1IU%eV;wa~!U4 z@$C(I>P2V|aM3gtzBk}@K6p}>3R|P)bSlz$5qKWsMg|PaU%2p%Lc*3U#|itD!X{5F zgbQCEI8UxcxyMBV^kX*59D`-0g;4-_D2g^o^)@xMFTZE8>BRhUFk! z_yW+k8$82r7dCmyK3w>`aK1$ID9-Tum>*YwZ^Rvni~fo}$7xr(MB&QQJiMn#>X?w^ zJO@fzJ6y%!tJ1s?CZFRZA^8vuVL!PiCeHkBVknyGIT z`22sN&xfGR1`4Nj$>o)FpcRu34C#y zx2g0S-%Nc|!8fZJ`l_3$uLgV@nxXIBX6kzYd`~t*-v`aqcL;o6H$z{CdmNboYh(G* z1$@0VZ&Ue^)J%PT@MSkcUqv(ZT?oE4&Cqv8Gxco--}Ywcd#joHJ_O&9X6TE$w|V)| z5qu|U-lpe+W=qqWaz5w`YnxXHeX6m~Wd=E53-z&}3_YU|DHA7#E`^v!LizEbdA*bIHwHdEg%;M*Lm&wh+d5{=`|=YsVaNp;S% zm1NY*zanG))sW9|o{{v~xZVrVhy4J@nMU#*!vJ;IX4)Lai@Al*$D!*txax5E4NnZ< z-*~lFWktd4vit?E*K6V47-@`(@yy{D?>ieO8@q8b*2F2r1r=qLWpe|*xXk{(^zuOQ zqT&m2;?Oq^ujj!wPz4q(VqE_1#lKIABV>(v49dAGry>$yr{xS#RGpad4Up4 z&thXL1BDWg58Cjd)YdVVBCS2fr1Y`5>0>9Qj?2!Snwp)PnVg-PJ1%`{c4m57ZtB$J zv1zHsAkEyON#-fZIk{t#r>2}eF(uoN=U|lwkxj~^WR1(n%}$n7P}B&SVG z$sM1TJRu9Oo@pI(S#S&{riYEdP|fR#KrkEd*w!%@qOe66 z8D&d~D)=V1DS6e!i>el(ytIy438xmuxb)228L63B6CpVzc@pmi;cXc0V)#yFWh!&A z2U!^?T9jEd4@dsesBCOm6~6D?B;WLM6eY!X9K5TBcP)*qiL+93)5qsdnv#JXi`Fp# z314;w0-TmMHhJ9S+>FeL>6sI=XX4nS4;ESaaXaf z#497hI^ZGUb}<2y->A%;tKRyYT~?O0D6gahX&vOAS;P;anreH(nQKwXROXgu6qOdD zvS!b(D8jkWLOjeIo6tUp24zhgC#P;1GnNU4cQJfXaT`A| zEmg-3tJ6_2zd=@?u}#iS&P|z^iM9}m@PeMGm_CSiMJ2vak{iIQX``ggY^udnZ4*=T zTLvjiYBDfkQ`(izxf$7+l3onJbf&sc+CiA_r_UJYPtL@eR8-7VdLyUod*bex?P+=j z432C0Bo$UceHbc47vrx;D$7N5P!RnoX6aJ|< zA}oRE#2`u0pdUW?F?MElDyo(WkxGTo0Cj_V2S@JPRa(NzY9&fps+dbUIaA!(#L_YV zTGT;3tK{RIP%8VR&C13L6{4ig%q%J|$-{#M=i0EQ)!n?x^^vBSO~MZYcwq z6fm>t+FWrMc%TkO1h_~r==!O75~@;WXwp%0~mB=8&_0OQCfzQ%xIpE z`?IZLB7>= z3MBQ1txG2=R8O(!{)E9}+o8*zv+-a&7(6IP<7BG#V-$fg6Wcng?n)^(%cE{hC=I=a zDnU%t-UtbrMk~iUGfyb0^Os3zMuZ_R$Gv1AHTNd7Dz@K)&h0-gMR)W}Uw+OzoBMP= zdh38zM-TUWA4|HEgg$<1!HJ*be1BS-@{&) z=s9w8KR`XijdhL;! z*KJ*O@79;FFUq459X&m+Dcrr{`)R9wA2s3L`|oV~GmaKTkbZM@hmC_qrVrl!OxLX4 z`zByN1s^#8z3nw89@$%U@!_LGE{up=dL|O*d7($n?z8*mJNjf?cjl@0%((rh^KsM# z>Clst0lZfij}FbN$XnzakMVe=FRnUqSpV5)feEvVOAAV>3X5Qk zPlz8lB4NnD_=MS2i)Q0Qe|}zNQT+V>N>Szfyo#d2+0+!MEc`E(AykF=^EiD_ikkV_ zV9sp{^(%u5%FF+&_^5=b!YKE@j|)<`H1J=l(dmnKaOIU0&nx{ewN({V1ZEcmE-3#W zWjkVs#=PvmO)DMAc~!-Qg++7!Cvn6VQxMnOB}h07gZ~#Q|96@Sbl~u+wX%u}{ug0$ zXvFK>ax0-z=GakaCR!P3F^{25-+^}NW3+K?jVH9tYaE2_6QS|NsI=j`h-h~{6WR`K z^BOO~_PNkr(>Aa18Eiau)z&zoZC;}l+NFA-d9}@J^o8w+(E4ke*BB35gU}{vo7X6W z?WoY^Yn#`oh3yNWU7~GX<9688iwE!0Hm|{tR;^PXXz$9e6!rZY5yw}RT0IjP>uHF@ zzY)DHGIniBYzuxd$#ic0OiHZB)6kLt2K<8~f|eE#?n_I=>bk0vC{ueNdgp;iex7W_ zLA-MK&$c`HrNf4J&0S@32ZURE*m*dFpPKLqrLMaXbjhLDfWe=}djK?U^xlta4suQ# zHN?okBYyhvQ}vXd`P?2qRo2zybt67<)J=bds5e~FJ%vlsOA5`0Sm_i8vgtInXo>06 z6;3D^##{^$@L?kenZD5l*>1W(#&l61O8ypZD1??_ocy@3mL-c}bnvz@Y8cP9zyZK^ zz$w5Ez+7N7@B&~AkmqhX0ePOHGmz`iU4TrZ6M&}yKf%r#I=q*<@%-^2fA|SPAGGwrmF~&Yj{}<@VoCtjH1v-t$<#+E#S|bO z3_}rcAg~z76nP$(N)g(;#wv@pR@*{T(oPLU{lSnc0Tk>vRf^E2Qbf_1B8ukx1YTDu3TUmO5c5ClP(1tvOoC%km4n5G z7Qu%$z>^f)I(l2(nW*1YUEL0Kha+Np!mS~);jzJWuJZIG{2U$hVa$Bc+T%JG*Q}7# zlTkqKTs$zF8_27ehc|ULUakz3E7nsVG;wZ&uZCq~v{+tNf^J(rGZqJzPPo!NW%=1k z-SI{QSe4;HR0aj61N0CTcPZBVTH#6ujWs=kPTDa1ET64$rDz&nq*g;k4*}`t!@y+V zHXu%Q8ry;A0CxZx??-_wzaQdKxkZ~-K0BdkTePd!c*EkuWI!am##;0TR!whq4w@Mi zy$!AWnLDdGx$`l$HFI!~I|rYEpJSWI!I@3wpq(54X)c<^B<{MX!04#PvKtU zA&Bx}`8Xrcn%>7X475Ulm@oznT}ep{6Sw-F7;Q+qF@N{T@Z(Kfk@7l5j^-i_ranh* zk@C4U_KT6mTKw}!a->m*{|Ci}DX5l>gzXz#JcOSdRCf751rO!n>s>}#n6g_^R*+jE zEBLArnqMpp(0qu5F=&ABlO+N!?Vth5Pb(8rHMmWZzZlJmYNkw5Hr|`zEWa;+ogE)c zN3b%#xH^>XS(IPwVoZX|-MC<)!59bRN(+2mtlO+sh~J2qHNt|8RA}KnTVk5-Xwl4G zcdH`FKhwnz8&^N>(Dbt-jT)v^4)7GTn21`@YDcX16KfuFkSIfHCh&uUdYYu_T#Q6a-u zPgdCfta@JXzo?$WRP{tC%<6eEDf0F61b@U{|N5P-_NV?tyN(`*pfi$@@)}%KM@Qpc z)lrPhtY}QBWN%Df|DWjIBp3R3KZ=cpw8g5I7My7|4EW2$22O zaNr_fB5*Bm1n^SeSRlik0;~i2fqQ`yfiD9m13v<$0S^MF0{;Nw0Ci0S!Zi)Z{K^Ef zj=qgc)lu419aS{eQAInTZEfX)tBS@ts`yw(6^(UN(O5?njdfJfSVtAj8WE||-IpKE z@vq}(c2ukpIL?m|uJm^P0aC!tj+Nj1wI{4sAy5;7I*qeHYlABh*TlvOB=>rAu`*ej z8z|FV$X|?I!*vRz!52MG!iQ%n^3*t#!%$|vX&5Hnqw$wFK9k-FiO+Bz2kZ(w9@rDu z1vnVk705Vr12U7?)v8RQ%_|*?qHWf$&gl~x2%kSFQTuF{CS(9o7RedKgvTF72D%Xm zpT;|(JvAte(?Da`+1*cSGL5Us|K};}?20)coZOIcKkQKETa4fJ7ka3R%GH=*Ss=T4iD~+n6-LGA}(n%>A zhn9-ZtOPk}8&hJFIK;!}!_#8t90rHs#|N_$#8S)hgLC#>{n{4jVD?(;)M!%EqgP!E zKGUtXx+A{+&B299f$l{A2!F?lfP<1m%94DGl7!g`d}i?gGi(*@Xa^hYi(3z_tG}&< zOC?w*`u*$t9h0}ufoG4tAU>MISIQ>TmpMdKm>V$oRe|TX%-!(_jI&}o+~i_x0{zW9 zD<&s6C@Ll`>j$C(Y`E1|974~*ebQp-VdroF zY$W;l?QtZW$`mAx9zIva`%$5cBzX2G(`HVkmSU_Rm5n5G%nMAZMt#Xf;KK0#g)b5| zU0@txLjx-M!i8Jh5H_oz*>cgV_8{=gvN$tKR3<%Z@TiKJ*3TwMr8jTaw}%i~Z$Fw7 zm8Cj6k-)5CP^gP(-5e=f{1p7%C=m@__~iR@F9P609{4;LV;zGn*FrENd?;Dj80f6a z_V|P7YS;rgf5YRZb_hr@tRMKho}}dL?grmq!4)a*r{}V9OL=cU7nNJew~lFxloo)l zk;Y_jD?WC`inh?QEwgNV_({2PxUOsmV7mubq)cg)=3|zt2l^EspGZ|Ue6Ce&Esc{c zTR+Q{PaG@036`w@w!6fSf5P^T*bc$QZZ*<44ymealVDS>b1mCS%k^g1l;%4v+k=*E zmu1@rn~KL97VUkD#_td)EfcWXE+~shb3nD`Z)!1#`4_39HQdZZ-U6wC&>Ld7;WbcKq2 zJsS%>fy)n`6tdpvkC>2^#a{c**Dt!Jg;U|iFFwI=CCdloo_V^b*ib83=4zJoS!SJQGJgkd0A2^Y0eC&|A>a)_4)bmT za`1?!@oEkMZvlP@yaRY5{JIl31Bi`|nsb2n0M7;f6L>LjEASHFBfx(Ew*wymJ_dXR z_&AW;Cr<$pPooZaG7!5DHN${=fLXwOz;l4l0oiN32wVbu3Ai5kDv$~N8t``D>%gr* zd?BUgDd3yHSAlN8e!Hm`iqMDbx%D-vGg6!0k8soLh1uRJSSjzyC(!FJpl zXa&)7VkZgPMV_-7KnW}h<4{kB!Y~d8=rB2q!!9}u3gfVw4&A~yuuHFs7KeI2!d9P* zzc75?kuT14@YtcJW>Z0HD!^nmoC2m-)hVG0YLE3b#rJ}xekcA+E<2HGkDU^z3`dR+ z%nnB$7Dx?89vz4eM=lJU5RP0_HQXdSA}kTWE)$-R;;JBd8 z9BwSK-(;;x4QVY4%Ze)TcErM>T%4}Vom*8ZZ?BYD3}nI>?(CR@WV2};2YFP+^cc=q z);fgfH(L!(R~a^%JswOOf%|~h1D^+O0=@ve7x*HOW80U2p8;P6vecsX*K~)zSAl(j z_!?D>)BzxSuJ?i5fZY#dTt5V|roDjAs zoUkx=0p5C?&(6A1N~#~+p~ft!8E|ryRBlXiK+pyqKUPu8<>0n#SI%)z<(RgtxUzHa zgDc&GrC~1bBv=HjLpdjsQ{a$?3nqA`kL_gXmxI~&+3ZY4GoU8B+K`eie5>M=f2I** z&2+j$({Dk6=lyNK-oV>|1A%t|8K}E~D}na{F9Y5Oyb-t=cry?K!J2;p{{^I94+0sw zhk!?b+kig;(H+aW56YUX)jkUBg77>A>;tR=GVgW*Spi?cr79q8UgLd>_K~)E4X$%3 zz7E>vH4-h_D2rxJbuq!^T(U1el`Qo~O&YP`ffAZ@76z0orAZURc9GzczEwz2s(m+1;f|?><0W2H~@$bywz~x|22@|{|3lhc@LM$ z723Q~iWKc`?TUq<+M|j7jclx?5k%u**|CDg!v=xblERYUIA0=rKwwjej`?^LwvTFL zBZ{;?j~7+XiWXWMumZt6sjUOAZk-@5zWEw%kSuBqJ~ek>;a0X&VPi3hG`K18u-Ine zpL2&OD=W8xGC3$KR|~JfKp7d~v$CobXXOeVIjWcTR9n+{&W6uFb2qcIZfsPxj>X|Z z^ok>5n3XiKa5j6;8lk8^hL>5*xiN?LH0@e)p9C}@qku2=)tm(E2#f{B00#j(0mlK4 z1I_>*56lC00Tuwe0?!AY2)r2B9asZA3CJSCURV_o+PubQi^h~yv^^GWuSIioq{!Wl z?A4+wvBCm)#&|){|7RUDJgQ;8+*$*eS|}M3)E^86&5Mgs8XJ;j^NLDy^D7qqCnFYS z812bKUC=0!jz=S#R$ za?<8CuC-`4Xd9Pao!k6o-d%+y_|NQjeQ+?7 zRz`@&BfaAs#7T?F@xE)BXj6yD3vyOPfyxK9;Ofi?hBG)P&PEC|>^Z>hz?r}V;4EM^ z5ED(=5t$8SPP~9ip-`UVmI)9g7bD0?aqFh;Qy zS8~`&AlZW_q;N{KsS`Af=1v!#JAXhsM@9L~&Ylc}$utZnvxlvAiYDeF*%|gZKxR)K zklB+DOa&GIi-Cne#;*v-Y1=bGLSvBCU$~XD#a3S5(OsXqbR`R)mWd*jCJFu)R_4`psOkF{N-P~AUqgP+y zaB>8A6$4yts&fU{iiRt|Ry14zwxZz*uoVp){m~Up3SbnY(WQ}S%#B|CtRt+>G)Hzg zV`xVMmB1ZCJ0fSfW9W*D6+>5CtQflDV#UxE7b}KQ?ig}}UC%cPnknndD8%sNMq(Hg zd1nlRB5%hqB=U9~gCg&WrWJWtG_AIh^e1t8}R{eR8Ehu1R&Jz(kYkN`b*9)s+G#n^dne zU0QE%i?B5GHXZE}aTZ4x;g;z*kUul1gTEgQ7F*HH!0{bnQAUryiuEEL-oDM(6mUz! zsNUgET`0nRk0*hjQ=an9ZJ(a zXu=WC^&7m5mOo;rUu&q0-0EqFYM`$zgp4_^7fj4U?%Wm zASNraYlezea~St1RI>DT4)7b?zkn;;NhOqX^DHTBV&;TqP`{BQ=M2Q3dWFAamrrvO zqAYvIm7RjKYfvyD!IghgaST?P8E5{H7%u;&$`MyHjeVB4l8%zb9?*`{bgW!R1>T2y zRe@>q%A+{PgjRxo+Puad{42h_+U7MPp-jW8jfK*%VG>FY>oPdUj zy;@tNyS90aIM{v`+G*P6#o1L;c9phyjil*VKJ)q4AMvl7g5}CoT*i81U25$5)Y!Ao zfYnvCc{Y{a8x5^t0UGO5u@tt)ckb>N%ymvIhT+`HibNip2=LI%)nF4Eo1c!fb>w3{ z>P%->^%ry}dUkMXg%-t- zr>oej$swn};50l~;7i`_10Nb+KD&UPPU*msuMo1q&0bAW8y=BOBeqoc;fj>UZq#b- zB-}qFv^n^HKy2vo<@5_rw)lg3q=mwP!{vj4sV~ zM2DS`8OY;f)IC?dXimVrwLqDnX!6fAp-^jFDMG^2ZC>Mgi*~cNd5ygm?FEa*YOiF!vuJ->vu-VH@N)B$e}?Kp=Utjm@QD{zq zSUt>k-5Q(ZfXLTEafNe2Nm+hgNu{f)XT8W%dV-g$!#quR0ywW#+^pe=u$n&F8@R1p z9XrVelRSo7cgeiWU}h8m`#W|mU>5+)gRN53Dgyr_RuKDB#UW#K9C(y z1&|$30N58;1!Svr0g$P15pX3Cr^IR)&t^QnIINTU#UEqG5wT^UbknvI+XvJz{^|BPPMC;2sf+V^O*n zjBMB`556VtW=pO5zcH{qge%gRh<|qQ_KfT(?t=Tj9O1wVZh#X|mbK9}WC=cd+Eo9S zX!5&J`akkErt2(j*erOIN`O*bYmSIx1wpxj%|XvHM;1I?OWVuXc~cWWhrKA zrQo9ZB|`OUzX9p(A3*B)6POP4pdXtCYyo5%Md*I*b=Xzup-nv~t!Qg;uW0|$wzjgX ztZ468H12sS+F^^v98xrldc@XN<{XOV>cbLwR@?`EBX#h;RFng>%YKfL^oa$YNMMAX z!etkMRk#}z)JU?DvLdrmoNE_>6xppy4g~TF=1U9NcxH2=mIP_DG0Z3{E)8Is%-r^a zt_DHnN~4T9m^BHwOv5k;CoonMe{7{1n4f?Q+cAw#!mg5@HnsPuXx#f$v^2cOz!!WH zYsJyK!GL5-0-)1>JhqOO0M10M607d|>9W^$q1EB?itR$H!(}^NutCFtT|F1RR6QL5 z8+`F@-;cztpN~89nTfWlDX7l|jh=2LBNT98TR(wt z8j3Ezd3&$5pX{7{lbKL0RE|GxZ@BkilWwe1=d)f~eA5 zAFQqG!SL2V3w&XSiF1(EL}|>xH;2!|MAx=P+d;AU6j`fS$|>UC$mhU0Kt!97CL9~D zj;)~!lF_g8LcCXkB+u8!0SfTUsy~7cG(_y>1D;SLfy;0(ftCQZDSSmhLd`*}j^p_u zy#Ap@QtUDBPAE$e%Gwlfl8Pa{Rr=`|+q3QfmhD9*&6@-T-o4S=+;UWp7fs-wHoj@1 zq6ME0-ykuSC}3ROqM>Dd!ykYC2_8w5%CQnkafWOFITkSRwE6%(#DPbT7)>i$lKR2X zYIw-hRl!F@#OK8)Gt1i`{mgpNy1oEUdcgBc0E>?#F0#eH*dwP^Fvho{Ol#uW8GjB!5!~6vQ?SHl?o+ws(d0 z0BrY&Z5Y~=XTh&#y(F}au&JRR z_wCit?;F^#ivkG)MMT+PmkARexCuTV#SepZhkGmFc^zR<#yJ*9t(MUM!x6?{=;vIV z=ND03gvvl!xh$VEqr;6C*w47f3nya~Q3tAd#5S`iuf*}979NV*>rf`n>iHTvy%OZ4 z2O(U0%YhT$%ZnF-$g*A{?n9ULctAY`F1>N3drFh}o;jIAWq=Sghazu{gPc)TRw8TL zb3jxI3i2maVajPv!c3x`gmD^|1l~@#(mnF>IC(dfANQ7D_TxxoXVp_$tIbUm%x^TqykWqs-GZs&pVUIz+$8Z^a0-DO7|4tO^e)9 zG?${*kOhV#@(#v%G55f47UVd&9}%O*KlTXz|4>|M%n`ggtE>Vm4lJKci%MK~X!@TR z7qZM^Twl`%&;l3_i~w?q&=N?QRzMETqJa6pHo)_NZGqf`X%A$8I|8o;b^_i6>;k+C z*cJEyusiSx;K{&efjxn50)4>!z+S-5fxUr00{a3vX^aDMxvD>~EAUicFW?B^AmB(K zC%9vPIlv@f9xxe*V@$?a;5=X|a3OFakQ3iYz%{@$ASb?4fLzte0PY4(1LDC4BNO;G zFdKLfcs8&em;?L{I1~6Aa2Bw23!HQVVh7YX57+~k3p@)r2RI&>51bAx0Gst=|4tO(= z1^5~XM}c1gu?t{)4g4ASJrKurjURx$ zfjy&)nlpjDfHQ!-fs25{fZX*S4rGN(1l|lB3A_V14T$#=8JWPHz%1a)z--`t;B;U; za0c)g@N8ft>g7xz`;A#Z&eu5eRP!|2@CHNta}l$xY`4+oHLCE>NpD-@0&Vje5y)dD z%TlOhS>6&9||UC<}U{fea@mppuVI!>;m?Hg&pR z(eB2*qPfy(J_dw7IE9`6a`V$1Et~US<})Wz)z<78Cp?5wZcT?jAq9iNa+wSFqZcS^ z9CP~Aa8Ef}Gc{lRzaZh9W9s>e9JWZHcL_$-H0p_R>k*egZ|X~sHFP~gw5H3Dk+cl) zaSVLqY>uH^A9a{XKn00vvR!Qvs>#B^_h`7{jd}c&Q8?dPV7*-=2?4>2N7^d)+G9Or zy5VzAH>UE%0xj#$;*66@sR!>8@@E7%Hwj|yrII$nG zuXC!S#_LRRHC`W~ZR#CCYUI8iG&R0vkG%<3q`|&fxiaDJ6x#3jSA54K0xY|c@))eL zVJTaWv~RL(ufwKB)g0lgQ8f?ksj>7p%Z3J6M%8n{6}-a6&)Kr}PXy)$*M77C<_g<< z@PsizV`>>fhYYe=|H~n4)_=2I;2Io@nSAM=0=cs?*5I2Sk^I1e}$xB$paau9eX@MGWv;2|LE!>4pdyz6kOUWPWWk&pkcgvL~-%`2n+FNL-Q|Fn4x zj-2a+HcZ>R##oCs-lAn%v>6sH-=eYBQj1q!VxaWZSTyscxN5qxE;1G^o$htkN83jieU^|2i9>PoH!A~ zdx({+%(BU^sTmbTi;K&uDls|JM@*9Fstv=#s>5b@h^D1r0KhP&0x@AT#sfLgngC?D zaac&QZYS(2>u6I01Vy_W_lnlcB;WZBGw7!5|Clf0v-p%R!WTzI339NVB#YQyc>3vz_h97e-y0__lov! zB{0XMkyr^c-(1+-1fKpE3GDcy*MFSA4jun>0?$MOGJ$6SnZV}&eZbj3Ch)mHmf$_O zR07kc5?Imdv@6a;*B+f8ZcnTq($Xr_*1@poRaZfhB^(p4B)mmBX|(K%bBGz2vOYPE z3(Vr^@2a%QZ7q7|S!_cP{KAYsTZ`3YXlH%il-5T*HS|S+6!ms)~ z4z%rujcGcYJA)iHZ>;YXyqYXk;V%AtCeWp-zl``@K3%d*NzTVnZ&^#85AHBV zCcE}Ag8RV2`Ub<{YaGxVzB<=8*;Nc7lVVE(Dz;Kt8uj76H!gD|Y94!Ws+bP5BC#i#Fe)@c@sxdeK@o^c!-lZ7rXFqfBZC*I}K=_jUBYVz3jb zxdu7vb9k#XC3^WnwI{VW!ojM}D%TQ&5wp_w(ll&I!KNxR3y7+uS+E_2M3j6;f>Vr0 z8BD9G@O<1W8;j33xXN(_SK;$Pqk9Ri8BJ7S9BwWyl`5PF&M*d5m{Yyuw39h?`xf`~ z*EIBxF=&gcP!s2%h%gKVKqhM;ka~)NgMkZxBY{}blmpJCKvuyr;5onw;9Ot;$aqu% zS>!kwQ$>z8uf$Q&7$QYmW$~@GXvq4w!TS#5UM>8!hUIZw_QGEt?t;hpOgzSdG0WkN zGHT(^(HP>Zv3y|wyZktl$&E-#wU!sMm`Alty$D>fTIdeMmi}%6((gNU>>q<&#hx}* z;S`M(PSMmjXvNVS6hpIH9=wN#36e;`!3N|F61EdJxM{T)bHerRLl6$L&UBRYQ{&hA z?r^|5R04Ea{-E>oHMD0B>9dZLqD%GRwV}@o8ywif2U0bU8W^w-g}_9gwQG*;ana%L zs-kAD(2awTD(L>lPi%fR{S;yr&^2;vr58< zWTdWA8ZONBs~B&s6wiNX@6R_$GSss*nc1Z z{`B|}sfP@-@&$RWiXJxzOy8}6Xp;D04@7;)6~{mnx2kN)Ar48w41^qGJ$taKvf>P- zS_Z3qv^Rcxu8l^=9<-_t6B=X zma*b)KAj;WSx14Re`Z0QuWsPS9BU*y$MPJn$JY2ljiexc2V?O$Sh61ES;_Nhht0k->u#yw0W zI~ul!gq9E617f=bw)e!g3pO71P+>M~YCMl`DCl+ZTG-S8;VRfZ5q+@8P=V)J#sn=M+zdyqWLyF~hdq%p zjdXDO@CfrUj2Rb$9%*C@Gd&$^pgj072lm7m-j|n`kH=|}qC#_Jn`3Stw3w3sb5dXq z)w%AR0QUectcu~yT7`1#!jF5kDiQXvoW*c%zy-tO930sAFbYEe^5x_|Ck)QXLLRbV zBQ6*|SXvI`7f^8+qB?-ZK=px9^|{il+|-HqlKMK!hLUC z&RL5y5S)tO(Hk0y&j&iEA{>LADX!*n`-qr3RhW&*2rS)aA#-VR^!+D6_uP7?F&`@$ zr9x{h&(G2Ke5{E2PEf%y%xMioIqXBsEyJ?I+~6?wdmWr7Fi>H6dJ@P5pE@9ez6&@J zxEshJE+)mYF24_$hx_M%9Ok_OWRAZMydL-lkmdeOAZy1#U_Gz_$ZSSQsA&(sv4bsd znrjKLxDq%AxC&SV zTm!roxE}Z>@Je7k@c)2c0w$LwuLW)b z-U7TEct7wS;4?rx$6oUa@IK(1Ks?W0a{#yn$kPv7fj3G9xsmC6oUMvzrgFl6vW(OK@*rgj`T60Htf4_3h$M@1Z#sadFFno45B z1P)&Gan9Ofe^#|qA%Zer!_9hFpiXE;={uPXW1Ovr3DW4x5|)2=TX>~9=i{_3Qa+oo z8F!J!aQtr)8@p-MZCwhR>X@#8P0euW@=sim(&64Kwpa1b?k&v54jLlUTgUMOQjx2X&GQg|*8m%N;FXaPQCtT)< zKQ^By1$i_&zWn_yO=D;C|pL;735N!yN!#2mBbw zWt>le4CrS-&a@8$9|JZ3S;mh7-vNFBJOum-$b9)4$VTG{T&mHaO+B}NSZHkeX;Yt0 zQ+$u$Uh(bLwzhI8K+(7|qWIpn_&%{{EGdfbH;aZzn5N0&B`GNRnCCcNvX^L%?9=#o z0p@!ttT8-j@8{7WOc?Yzf3EDD2)*~=io{_dG>c+0%jx^L3*Mzk0j(=8cJ=we<#a}I zMW8CLM1PnxD{oPe`MpsVT8?4D7+GIcyZfq)mYZ)_;LwR>r4KHgdCe-mut<)fvN-n^ zTHz8rlxThj^+Y{l>D`L#<*v`CvMe*$G%U;3?qhBL zNFd9=UR%qa~S%WJN>8g!twi+!Cdi*`#WOt)35apoiM$3L~-F1q@Sx#!e z9b8VBG>w##%jp!RoN(;SWVc_+!ji*`rKu&k*} zA6=B5mKbLxd%;j|Xu_;lbp$}Bz+Jdh3ecvO2^DRrcJ&&bNRJW8)*t441@eCg z{}Cv?IO8EUh6}8q4G@uCxQF4khG{;9MTsaIMK~yrP@arce0I91-dag~CbE>^0#}65 z4QG|xdDyZVMiSDLE+6A!wB=h8g8cg&m(rnZ@`hu1QsQsY?O#o5;zUn-E+J!@@TthzJNtZC>tf>Z9jG?J|1^6 z&DXFf31y?i5G4`iF`{}aKGsvyd;^P;P&P_%B@t=fhy)9il2A5Ea0>+zOe^h2e^5>H z9V|*h*(fo-NeQ;sN}iPPJcug-iv#N21ra!| zW7=3958#SG^)_j+$Z;nk%|2YpZ)KxKZcQPyt+0wPs6__3&f=do2Y^aK*(k9vK*Zd4M=MhPCM zLw-;~`?1g=@rEU#Y?Q#;2q@vm4`&X(X-Oy>C2k3kNCVY0Z^5EMrEHYov>1LcKXxfT zFDRzrs8>lS8znY}NI=*!?^qJbMu`WM1mkg=V&oF0Y2JlJ`Jrr-*ltVYD?TZ}TI4-T zLfI(sq%AR4v2D}b1djTYAIe6FJxaongR9A^%?Cgwp=^|RPD!BCY2RD1>A=a&eoI2x zDDg^@5+7O;%0`K|ltep^(N6pE0H~(n;7^50*(mXWNWfCAxoU`!xMmo~AK&ep*UtQ7 z>7KMldQ`nK{NSlv(=f)3oISm=sG@TAz=6XD51(CGR#j0@G`pgxysUDz8XH!gJ|sRN ze&Fnq;{5oWVMAsY%5(me@#Tg2#<$;i?_YM;viLV|*ggO3(xo3fyS(+0Q@rQx`eNlr z&qVk6;N&HLF6e$-#bu`zeS61wt2e(XU~hUb=H{<*I*- zx#-(7A`ZO#$O{{>Qy^qBYTh)cbn zcY5ILC8-0S{CsKBg7=qw^T(M>J#mE(-`)3{)h~Q|-JKchk3TjndwaL{4{aOu>ER3N zqVMbf#h}rpqlcHD^Yo#u+nzWu^y|kfH*UG>$J%~7ULJnaoO5pJTYCDJcgI9tJZ0?@ zXD%Of-i@oO`(F3qke74s82TCX~K)M&$C;9f_S5-Cy>r zKl_o*Pn>q?Pl=zm{`RxmJ1^g{;_$>Zn-0fB930r@+>D2>N?vw*m&Cqbr)Hma*|MYA zbL$6B@3i2ThHcL;KO_2zFVZ6Ccm4a_dy6(qi+^jh@1;%+?fmQZ-rjZB*e)Ob;maA) z^XOLZb)CDv^VW^~zklMY)7Q@XI_|rhen|bX?vESh+?98R(IU6Bp>#^}ugec^oAr;s zos}};p|ZBmo^Z~jnyAyupMLwqU(VWYoc_;$b}qi+wI3cg?z{c+cW+zuX~ojanCU&g z$lUetknw$fJFv0t{yk@`xNOaXo<$p5&wTaPb6@}Js+Fhz{o#rE!ve*xmo8p3p&YWZ(h>A^X13dlw2QCxBrg6{~X=vGvAlF7v8bqW#6u! zOYVw$W6P|roMICtF!hO+;{D3^-C_8w&j7= zTL%7-ccptzu@o;9Phd0%&QCDHPf%A=d`mR@;fg&c=GXjx1(3lv=x58y2CiOplnfjd~xCKs+Jyp_&35xnp>0?h)+nk+~cXyl*MHw z@rw$L77$XD_(HxRe{m7Du=S1Lo?eiNFD%NhnirczG9@ECNf-)tadE{5@TuO|MWrNC zLxjid8Ro5C`-#%+)WaSi!jl0nX`_jd>7!E*ras^qCa&1F$iA^a`R~-jDMy6oA^e+q zT88Lp?b5Sg#3{9*de~RF^|TJr(?)pAUbXY`16UwrnmNP6DQbi#7G!fW)FwnvTbG{s zE3R4*s;8asa5`@4X&a)4i_;Mt92tz^pMk`uLiKbI9`?f2NYg$<54WQuJRDh3&$G8z z*M#aphJ(kc2dl-PIrA$r-$&Q=rH33d)mSA>M1;f=?GJG z_UDU2=$lF>S4As*cE)krjSbBPe=;*3#1_L{DGg;cLNZ&gfLTH&o9laEb6#JM{Do(bG?OzQRA)j5E4-$MBdo zXZeW}o?B3?SVL&~IrLNuh3gU#9Fz#$+Xif{!6Ax;HhcjH(n5%Dl>i5tzJVSVR z{KRad;zRT#2u}|GakWi84NX;Wcm@g&`xH}8LWrJ0!b466`n%)z}AXpNQfTxZV?`qYKEdq;3_B%4$pAmc?17u-5D05 zCsBB~p2qTXVNx}wtHF9k2oFy^ur;Si4AC4b?MIcrw7l-i5{=qGuAQ5uOJ8 zbCfgs?58$|>X|G&dk{>s-Ix@jCrx-#@Xvhz$ES0TgzA|hJU-|#((tSQ4R%GH{p$_8V4ucl13cwW$yG>dXnQ~H4tK_R2P0*w95F!$G#mKG&dQ+ipH zQcdY&QEt$bo)+aXO^LTC2Q{UeMe*s1ae_seq$zzZN{OZSwK`cxu%>zAf7Q=CigwUdJ1mdP}Ea9dkg-|#i6CMUk40{l_ z6#FKj;Il1ikF1|XNq~(#dVh<;bfH#@V&x9AP4rk47A&`4y+SB`Op2AK>;Y7G=sQg} zT&gJH6es!-){Y}lb$bO?H3y;gMT#+*U`Xp=KL|f_sEhRiIzvhUP z>DNg^-Ixnit}iEp?%m5+0Xd^Id)&oxJ4@HM65%*J>%@arss3 z@@v@zBR;dG>a>*bxcpiW;+LBJ(XY?7l<>IxS{UM&EfwvhEMCNeE5hYh2`N_F`|Fyh zJ!(cz?qOO=cwBxh5-Bsk1{7sIW=myjDdBPXRqFEVg;B}bYIZ}v&eu}HbY%}-iN zcwBx}!__W_^h@oYQ0hb$G#KG=`E>!Pb{f(zTWYkH5+0Xd7mAdbhVM`LXoFh0r5|}( zN_bp;UF7oX`-7X4Y^f`?l<>IxS{mY)THU2zyR?+>xcpk?@~iUiAN97Sj%g|3art$z z%df{e-ZfpVUed4Au^K}oJTAYMgKDQ?Wa^VA+EV9eDdBPXRU=Yn8vc~O{~NVC0J5=G zO9_w5uN5N22yjGn|BP7+ZK;>Fl<>IxS}9VdUmPE*)l`s;<2&#lXPI!h>sKu)R{g3x zynBr;<=0ZeITF)=iWPW&z*B}jGt|PF&G17Qru8vcsmr9W}SZ&xiBmYe0g2Ij+Uq{@9x(QCZZO0SFs4gw7wvgUaxz<{J#pu#YQe!=x~Eu#K||?3u;BKVmJ`jvfXwjUm++l9a$Ya8zt24; z7YRc@XTXAfVoMt=7)5M(8!SkSEmvXjDP}nU%d^aK8!X3|*K7hH2)RZaCPg`Ga9Uq=BlYVSH9kQB=>GO1B%dxJh@0l8Op9 z1HH~U>|*HkcezP1p>Gc35)zE^wM}EJ7&+=r!Ys$rN|@EiG8y*BKkMlz!D{X&b0LC* z5l5|+Wy$d>BRe02F*0Wi2bfxJjAkdx?eVg;wYO{RG!O(1(@1wil)~McBptk)(WGn(G1@3Qpz?xALkzg@7tc+hK{C)LFcwW z1oYiDzHw&a0E=)V97H$!9TQ|mtEW9Q%cYaL;bf!jyA)hA2z_^eV65U88vI)qazq2M zwo-X%dFeuJvFbRd47wY5YMObdo?;{PsV1S9IrL&6`E>M%Sg;T|v(OQ|9`A{q30r9m z3}^$Zu;}C32{+jB#V}BFyCM=pu);72VXr70M#u_$u>r%oi*BGi(}py6iE?dVx7zvG zVKfPd!lmvJYYlJ=48fTgN-CA_A#*}y6vUmlt`32f>TGRk(Qyn0359+*@LWSrPo0Yn z>TFNIlqzx)@!)U|qy}dmKMkCaMX_mYYIHxJ#hk||WyN1^YM!O}p8orBjp$IX%IwyZmZ+Wc_7zUsN zGb`>2XjfVt(F%f2+k;0&bS%nEJvnu%G#UCkPzxtzxQPZ}l5WgomS&M>~zj1JXNrwHwD zG)~1=9`p30w&U0|E$7N~CoP-NuJa%%ZtTP-#Z3ZYxrtJrtQ^VmIU1iOkegd&spOL^ zsr<~#k{AKDTpu!BvosIu#R{fC!e$8hsaGo{8xyB^9J4~_2e@f~MEg2X`H`4Bh?>Y`EeKY(;e-lMxWC_o)8cI_I%EA^J*gFb|B^r~6bQmKYLNeLB(hUQ>?F zmiY=$)$N6?Yi z6Orp&KDe?X?(#b<>&wV}d4=IT2KcRsb(Q@cZK*a_%K8<}JgFyhEtKE#`zuqOYf}}g z-H-#1x2(VRTGrUl8QCuZ%9B4;oFAiCXB~xAR&II~2z(W}=WW@sTx)vE z2L`-x{pcn4NL#U?%IxA<5`Wqq*^=lFIc<-G6Vd@OYlIx_(Z1@Of!djln6(P(`W!in zQ413}F&JtHv_=w<#=3b&4Gwm7RCaeQKWdlkhCpMav7xCk-V{jGhvyxYtZzvq}bpm(spy>n@QXJ7BY(qLzb%Yo@LE2}E2mkzY8?(6OxuzSwZ zJRNDCb#ht3GRxX#?PnckJuzsx*woeD-#gH|B2_-M<+$=_U#e?$*9BcYE6eM9SNC;w zclKNRS`}r<o&L;OWzE+* zLFys(oWS`M=cgtrOa7RtK!$5;vbFETup5v?)RkF>SY>4~n113$3;G5wXzb|hNp-F0 zqPzzZwwSPT&S*hTLtA@ScUS6s>j10BEyJ0F9mUD9AL3KNzR`A4p`H$9mV24e!IV`< z#rCo0mhDe~9KR(wxqir8T7Tra(27bXZ*it=wt&=kh*RpE;*{g(g;rXwUjPpQe+f#N zeg#&7zXtu_i{KLQH=xA*EqD>Q9sC&hd+@8^A3-U~%b@7>PvD#2XE>+j=syJSAWlE$ zXL9wgx}QTxo&(*Be*FZMbE4mP=bFxb(eM87rN!JfX&P9$!YYF+l19C4{VNB&I`R|Z z98#ts&QY9B4?eNTN=rGb!6U&L;B2r4^n)`&spFNL({t)L9p1j2(zsi4>$p%WDM5J- zyOLD|m2>7+QdBdtl76@&Dk*j#$vB6UX^69kvw~BOURFmOR)b)RZgbh?q#IizkwT9SG)10|B)&@_~TE_W_took!zfs{DvM^JfU16~c zZ+)daL!93Fo0cB-^<($!icI;rZ#}@8F z&^e^+LtIE3f8OTP&S|L+^-tG;OF=()7ASf>8$>_SzUk#4`c0n)LZ`0)+reAF4)A`k z6Z{sq0(=@=3BCZX0$&6_3cd=S1MUR7!Tk#?Yc+Tr$e5Ns73>A;!9Fkno(pz>{a_c! z(4AfbGSH+qfos5wgo56QL#*XxO z8jwDfJ`&sl)`Fh_7l2oSG4Lu-8v1JReDE6ZO7OGb7r|@6N5JdA-+|YIe+NGY{u8_b zoLo$MgVo>{zy|O}Z~(jsybin>{0evr_;v7B@TcHy;H%*6;7;%kaM~!#x)WRiei8f_ zco%pTcsFSD=cMdI@LD*XKKB51l|J_% zD1GiB&<`@+XrDs|+UFhx+u^g$PGis3w?XVj(o54m)^|YCvK|K?0iOV$0iOha0X_x( z2K+Ag8c2UkGn-q;qz?p{`_dBk+9idGJ%390iOqVfcXCw<4yWs;4oN5`=N{UG2oxUlfc(O z>1%%hTfsL#X=m&)y&0rU(|3Y@1-}Kp4Q>Pf2EGga9h^Ylcn91Ud>5<%{{e=<_rSBj ze}bFAe}Ufw{|!D1{s;UaxD$K}v2t0!3bCcUIZ3{w}Yd=hd_Ll^tV8K zmGq+^+idA?gX6&+;6C8%U@7=_a3UyusSK1p_Z)S|^|61xzw|?F54=3n=R7-u>db7T zS)HTAAuPY`KMoNp{^LYzRGA%E5oxZTH7l1>Ta(L~HJ2`5R<@lK+&Pe?l&+*+foY~t zT}g?5`G(748C*BGVg*a!1K^91721<56mVJ+(FNUdTKTviszFk@^F zb`5m(8tG+jz={a^&iMFt{m<;|@6}`(&N6Kk=wF$&*YIr`;ytl#v)8Z@EMjQHms=B* z%|r28y!saT=Mk{wx4fVH69|0PSfEsKF_#b9I!kow8X`OW=Schcu}F!1m?gWZPmiit z(x4k!-}0s*f_@@Q;fxln(FIR#x$k70d0-*}CfyD&H{CSpK9Za6S_E^`%}x80$jscI zKSqaX&^2ObYerU}j91pXWB6kq(wB#z8F#GLZ2rOYed*tafG2^hYjn<;41SdBBS4vJ z%E4Q}BSGdPYYO-jSOGFmSVw~|fX9H_!DGQ!z^ULHAU<81anCv)WSp{?Z_$m!56_f;H%(V@NIA&_#f~jQ0ADE!Tmsd$@C=9 z4^9OG;3vU4@CzV5X8I;D1j-yjp6OS?`QU3{BPbgcr-S=}3&6v{2v`X=fm^_4@HQ|C z-T|HgJ_WXbZ-8;|EpQQ7NIzH%`atTIJ`6k)JPP~>I0IY?&I8W^o4~WdD3}DV0+)d| zf^DGqYaQUr;3`o189s8llQEuoJG~ZM4PFBFfR};&;FaJ2_!Te(ejOYHhrl)9ufX%b zo#6T4A@rFGz{%i+;1uv8@HFsZFaTZxo&~1CB=~Xg0&pF8Be(&42)qn@4BQAxKffG2 z1>4*N#=yh5D1@K_-CU6#bGdLT(6>I@-1J{6efS&=s2+H_!4|q5DW$*yTkFS7!@T=ew@Luq2 z@av$AFZYAL1|I-}K72l~0el#|8+;Ue2z(5D4*WLw9ykP!9fywx9tA!D9t%DR&IX?X zPY1VxYr*e=mw``%H-pcDcYxmm9|E5Pp98-S{sjC1_&e~2;CmnwdHP@AkHDhwjE&$p z@W)^U_*3v0@Mqw3@aNzx@CC3L{1tc+_-k-I_#${Y_#5zg@VDTX!R_EL!QX+u2Y(O# z3H$^24)_x2n}AOT&H-Nr{opHL6x;!>0*ArX;A`N;;Ge-Q;OpRH;9tP4;G5u2!MDKI zLB@*oU%|hFqxZpQ1NQ;n1rG)P0nP;918c#5f~SE00z=@x!Lz}g;4+YjE4>md0DHkg za3jdtGJQWd8hi{K3vLBjYo@n@btJeiI0ZZy ztN@P#j{z5e$AZg1#?bU~@HnswJRbZw$eKBQBUlOE2A&AYJU9b9g2`?sSOc;?P4KJW|RxuE#!1K^vOCH1%bIqT>H;4{>+c+EPNd7S!V=gnJI&7T!r-KmNy zb@9tR!VG-&G4bR3=DO^)Rk@s5bJQ`U&#PnDEcd8#o%rU05l+0y<#FPh^E>e>p6kRb z)7f6TokFKLn+x)I>o7-p>o7-p>oD_r>+nZ<>&^MRbtFf4>zZn=x87VZ!dr(m(p!g_ z-&>cQMtJKmM|kV1DDl?C<=u#q#4U&ExaHi*dkbzkr*nuM4RO+}-0w2SrHqIFExW7U zOS_wyYj?FX{(rmEWzCmq9NX~!KW%qgDCY;WyIX9#8!KbXhaB%_?48}ss?D{#Su_9N zw>!_h_j1!U^>4mDD|3tV*)MVCKAW%#-a(x0oS$SKw~x$&VXCV+4nG_1TgQI5?gG^_ zo`>NxwX#;q+LVdG@{^U`-*Kjia+sdI9<7~>N6R>!L&`eDiJL9=bo97@x=Hyj0*?eQ z2Iqkv1M9&w7zHl{mx3P$&j#0lQs?!c=;lt&IXQN<5T4ATXK-%H=*B#-$^ zR`Z02JijpssgXxHI&z*0c)Uz2y&_eutf@%5tQpvtxhsgXfNBO25{{(kaAsJU`_6q5 zU>{P>Ax_+Sxj&=FXQ-Ey{Yvmq@G9_Fkb4<=-}$rPT&}MLWnbVrumNP>HQfY$4ivq8 z9+djC5373G41H3Lo{okmZBoH`MXsI#9UV9)Q2^^)~6ZVoLis9 z0r!cW#gg#IgKEeeyNnRG8j;@YZL&%NFEmj_)(>ea*l}J{Z$~E$oxP290s;jThePCp z;0SqnXrV(zSpK0uxxU7}{;_@iP5b(1_Vued@}dqoMBeR#4;r5S72OO$i9aB-jvQaL zb^A3?Z1rC7Fz_4T4DdcsZ0!N?T<~E~D*r8T9ry^y{VD5F@NV!sAooD5Cqeewt?z6|f!n~7z#oAT@W-IE-A}+biGL~di8;@fVBhS8>v&*&I@8AHnJgZ! z)h@j@6M(3D*t_1#2$fxL*;P$L%LJVDl!@#B%YCeJ4ak0WNS@L0YXZhsHqQ=S2gfrC zN>f)6*&STP`;}B>JT~p$zI+kSBc<5!l_!#7@c%*6MGKlb2L{^M#C5F8O@i@RE#p)~ z<#+{gu@p8W^l%=BVS%j2n|62+3X|g{`GtW zhCmsYf;RtE+N_%E*FdqE*FmxNzko6xy#byHz6q`X-vax|)k_qU1GencB-a zbDtIy0~~4ABIz+}8CYa)_j5Xjly!)cElBryxY^WA%0Cw@2j_ue`P|D(OPx*zrS5;I zlIL^Al*#@;fmI)Enjfi4h8EX{Vu{9Rb21ohjwX`fKyxq>N;U)%fd~darfeG0h1SAE zvT=rcU8L8t&M@I6a$Ofsw9vZ@XRL67jq#W~7|S$nxIW>AT3VtlbU4ErFRX=umc~GH z!e#P|b|Tr@yr4O{sM*bQqA(k)-Ru4JdJe9WNvT4vTSE2GmLSb(c!g=URfHQ4wJZz; zxur6uY+owGk}k@#xsA;W1ChoIyTGtRkx)~J;v8g47aDdTk!WeGYfXeSOG&241SCR> z6V{=&aIxXl2hm_M9;z4JT8G<#qwEZt6OD-_6ssZB5^AmwsoEsL(cW+-WmDQQh8t^% z)`#Np#^(7H9A&qfw4FMY*cnHgwD6(=Nph@V2cz|^%6H1?%jPE&OJX7G2s_faoWO>b zzJ5;|$w0kyr(_@! zVdyteOT6`Y|EP?b@n}OLSs#dTw{lF`MB25$s%vZxQo2NIJlOzAQ!@TUTgg|)0TC+n z3ekMcGEOwl*ZwErMc(k1P_U74O$Cm&b1C);)P?4g4`XE{8VJg`;}&L=SIm(hqb#A( zUZGHP(2-Liu{ScQ(s)gyVFEjiXJ>B-w8>L}Ld z6>XJaus%>94h8F@u_btUCg*Wpp*RU5))G3SH55K1Q=3-frb2(Lwk>- z;R#+TXOzf@i9JhV`*_8)K+f=xkv+ziE%nN(4&zIjDSn7fAhU#w_mbvBuN-yAmU8q_ z=9SXaT4SyO9BC)DuUE)~JI(Ki?B^9BH%}@~R{MKJ7~~Ss`e?+~9PW`R^#NWXX0@p3 zUI!Mb(}CX5g$!`~Bqlggt&Rm9y5IUY$tgogG~RLt)udTy`iEV$|SiO zH>XAYAt~M=UO5?0v1b{dqwz**8m4}1&9(1Cz0$Nd<8(_X7Hvs56~b3HN}24H)JctD zUV8*C0Asi1nA>4q!A9Hn$(WEh5K_*=y<%oqkm1H1IF9g!w*(fs1#&t_xmSRuT)ZS0 zO4x%-xt+<8UKtrBV~LhP^ZZcU&E_btM13^6pphRsiOb{+7gMqYnqmPatXMSCSTAl* zeW+2qF{kbo*}^8Z)>w>TGme;J6G!J0W1N-Y+_;L4){ohxq^XVDJjd=*uq7mOtSdNm zmxAc9DVDGtgF9}Qf{{=l9@cqK8uIvE%E|CMza5SB~ypr*Fq;+w!Ik2#fL23b&mc^E|Uu~9@tVCLpPRGoo=}6Dc zl5TEnXb1)IhjXSWr$5i}O7rX;evNpc(sk5xmHe}0NGRbN&RlP7XO)z!a>M844X<{? zPs$rU!wo+&l5de7_Zm!GvZwXN-1J-AvIR+R+t97AJFwhXs?u>*LYFKk<5uJ>VrbAt5F=JTV6)92?erP*V#L1!9q(Y~c)l~!YR)T#{ zlfx(tWBnax=R!RhDjT4G8TVo+!a)kUKT^?g%>@RUY>m-K!HZFUy|b#c~3 zGCQ_3YHNthKG`y@?29mBv3Qb|zX+6O3xuOoQrE|#84=hwTi{Gwe{ITdyCu*#&Xg=G zdkHGgXc`o3j%y1GyD-CUj4hn$@{6+gwYsGCX)qNb|R{I33gUh8XUppX=T;!hB}KW4HeC);=~V?xXvm{Lt~8Ai)158 zb}%H=Sw5M#fn=<4aVQdZlXezNPB88@dt|bOBaxj&l7>d(+WUp?tcXl3X-e5-Fbf?C zcNRk$ZtKHw%#AN6QqFQnrEqwinO^Nm1e}#nMnLzrWCqhMGLdnXL8d6ERJKzjz*+NX zKqH$Y;-g7`v&hi^*&|3w%Zk05?G0TGiJ-I2G1(_tjGX%DZ1sp^EK<%wN2L}ATi8Zv zWL50ihO^4iaA$?f?qpakUs7-uIV#aY$6}vJtwSbz5pWhbD$vLdLSrDp3g6xgk_lO) zoP~}`se_$#ZN-ssRyQ6Q*J5NGlXRSQjmprfp_W)nW1Kxpv%e%F&f-QzoYKnX(}4sQ zSg}A0@~k(a&5iZ!bDn9MO9Bh+z=oDaR(z2q+P@@#!B}Ilamld3C?eg%NwU}uw3TD_ z6Q!Xg<|sSR-JO%3F9D`*mhr>x^`rfwIv=ytKlPH@=lH#7xw zn_AfWIP69ia!wMZHZvG)!UxrUAhHu}w!3~6!Ec0?z=eeH0&>axM!%iTko zH{P1GUss{M;207su-NKoS;DS^$`W2^hs%_cj5Z|28BEr*7-pE089-!; zY#DnM%&wxnrWP|0f#MtiogQSYlE6`RAj=c{$*@ja!XNGOnI-AzA+;(A8RH}uXcp(W zalRDT$*aT;qzlDm!;?XEft%)7I}qD3TS3~}B~4!@#NK`i;U*+n%tnz&jLS%vxC|J{ zra&x)DVv3T^DRVp zEWWd!7bgVz`ntQ?+fwqA6ETAYau?ZZ?C9={uNq8s^q$wlyfUFoZeE+CrL(O&S>NBu zZ}uB_J;x%{H=#`KFnWUJ{-=gw3=_)acBCh;p?h#(l|(gIeJ#c>zeQzqg&cyp0{&OC+O0Hy!Ex z=9ZV_BVAI$i?YMxvIdiIsgv9X&dw%&{y?g8wLIVw7!VZ-rIVK=RqQ6UNVjP5+2Y(q z(mOYC+`|cFa^u&NU}FzIe`@RQx}dY32Ez)v8;VMI1Ge8|})~vE8+>G1?M$i#5g#!?~7i&t%gA@f>wykDNvnE7X(f?B7+1O5D_B zbc-};vxSnf3YM8xoggXESXa)OUgQQuzU(5MZEHp-K$ho{jL%KRQ6@`)1UpKL?Y{1+ zYMd*nw<2V#$QfaDrf^g`-j#DxlzH886SNOY&J$cY_SxA&@n~J9b`jaf6>-#=(Zh+h zOsOjqP9$QkdysT|09oWu)!vEV8*In zz+)XoXkS-oJ~xkKVq~^aA4aE8W?&iY?fn`_bw4*kB2ZVynxn2Ix=8lk)j1W3{ap#& z|IiIC;UD1g9TT%vFMChi4q;ncmq#Ld;0W1BXnugLLRnGKB(jKe8}%Sp*xbvZDR6vo z9nC!#9ik=CNv<3>BSq1=ktiVtyCF`|5}}CPO>>&et=u85WCIJXO#eC5}Yhc_}e1t@_QUV>N`*+II_v?nDAVP%ww z#2SQ1GFh&cCyJaP)|akpAooHg(9KK&!wVu!w9xpnKe(gMK(c*6hHe^ke3?9aYL0>A zD&-yw_b7*H4J3Pn8|v@xm3J$RFMHCH&Wcn^XR7~v>N38p+#AJx>ypHHNEIZ(14;W; zO*BkyChpiRX8wfgOswB*-;3iBr=l@@SPXZGI%dylx`_p{mr7f z?2@tnqFhfYjzXB9O3Jvqu(2i4N`b|N6gDo4uw!^NPLNob1mT595UVpMM0|S*!T-=P zoO>IM^=grmH3uG(NwT+NZXaQhQhEs~up~r=Kg2~&SCqk8J#Yyt&V)5K#n?Y)+UD6d!x^z`ZzuJ#lx*?BpCTRZVMkBk}sgV&jR4qqTTWEt{QkuY;veiQ2W;mS~*`t3+p> zmPCYCCbE%2Y29a~L|VF^)By8csL{ow92+(1Q8Kv)ri;&gh$5zfL23F2+3Dv^TZUwb zrIHhntNG7?J%eYaZPt4Pw<*~aYyT}ooqY{0@Xm<}7 znMZk~^fJN_U3IuW*Rmy%q)co|h%e5JCVG=X@r2HN%~ix?*9s|_!etqR8|jp;)s>Sr z5Jv|&+tXnISfYFTNw#x?kz`{%&we-d45WA^M6#-?s+yI0Ntrx38B=viPIBMN%}Jic zQEiGNByO)bW%xm=iPuqlBo@U`BWC$84SXae*9~0Jw^&5dV-iwkc_~gL#y+jA=U7sg zl>Lr$V)-l@52dbkzRJ8RDeXq)SkjTFq&$r<;wdD3oa%4{pQVbrcrcw#`nWjDctRmn z$iAWwQL8FhJT&$6W$#CgL=?8BEy-^VQfk!Y)VXd6!;o|esb8#qkyK9fK~~z53^FA; z07-W>JA@4H+-8wyB*e34O&*dBb&98Yb;aDLC*#`7*q6Fv_`LQ;fHaC0SK`Lm;Y=p9xB)J8<7*0WWy)yj?CWl08=$_oKitvZ zJh+^?S9JC8vlOYXW^Ou=7?ZfV+F?|aepQC(LPX0%uW|M=P51xxuG(GeDG4z) z*prnO?p)&Q!?H3A%21ql?2y18N}J`=pmf1$vR6symT^q#rAmu(TilpWIYF)3pTq#99+7&6KS^4GWY7o&n$@=MGo8&m zyQyhOX01j?(w}9xp!J*)Lo_T)jM&1couZVZv%kNmmjO#c&*gfNW-eFdBCDn;-BEt; zob>e9gW*Xd&>eH<5*dJH^G!@gcSfW7tg{YI(hT%_(}88iko!^22qSmW7+K_zXJh=# zHF0J?9Oe>Thd6@lGu3tVbeR1tGZ=|3F*)ro=w3!6nMo-^W-8T6icZzwH5XAC3epKp zG%hO9ky+A{!s3a_WFgg+-9pmyY!tfliajuC&pigwdk~e`Z8uMv8XG6O2A+^IMlI{Y zyaQD}Q>xJkY+q9*HWZo}p0zwOP)bM7^z%t@v~S@K^BiU{-lT&U^M$BMd?Qhl>-=aJ zl9?T@Gr3Ef%4CVZo;6!KYKp|P?lS*4om%G~2^XV_7^@RY5@(x~UBAQ;A%7l%$Jr{; z)l2r;g{`F4Q1-l~gREpIgRDEIiA|-*!7&xvrmD4r>?aLs#v931N@~y7-icEaK8)}x zQ_}g7XdTbI#&Ax;JT*^2wEvaY#J{gyH)uO z&FzQ$Ve#A3#`aC#e#xwN`GM76lz-FOeKyaS7p-}4>!kP-&&;2!@7f{#an~O5>eGWC zd*!v67Zep=bkgbi&KCH^OQ$?>)9q7Y*PnF!-3xDf=Ujc~2mH{lDg#5aUi{Hj7vBHl zE1&Q`t?z_@|Lns1ezUOh?$2F(@`R0F`t<8P`WsF7C!RRr&i2P2efZ(=!CR`&-m+7F z_XYnSiypq`oqzQI@xg6ZOl`gIn#=V!Ht=I_{;1~HV{iD?9oD_?UDlA`|M?4l{LIe3efsV5Hyv@%H?H^y%6?7xuii9p-_{@Q z_wRrCd>?s!`drj5?{J$~(0=i?>68DpF>ue+!nHG>+^>q?lq$dVl8?Obibg74h&&nHj4IP}J=r~h&8 zi$DD5!HoCH|8{KlN%d#>{#`ih#ZyN;dFy$+Ls9v^{Na`he;GUdpW{0IHm~A@U%pKH zQdabK@#vMKZ@KQ(CD-4({+@e(z>f`^m48CTYY(lTvia7xU+Q`68^OkYeP5k*En)H! zb#4l*>~C9LE*tg(!~L zEgfv{Pc3cl<&|LlsieGak=LSEuKG|(4y@t_vK>p$!xxeLwEs?O@=D{>K*xtnOl$jJ zsbrSkR(G!M?LYs&Q8uR~NU^=|{N%ugO>_0qKC|VRTE*?Oj)Atmt`DE2sji#U2YZ3P z`8joEdtcv&GB&$KJNT}_hp!kWJ2=q!VJ&uWwb*`FZ+oiyLl(*INf<15&{p<*$ka@^ zdQu-Y867cFtouJ~LaHa}*dIP2th}$QQ=!-0`^4vdpGoGRtBcrTsJ zTkG<8=bFv?AD72_)NI~&TpsTxvw6IgOevqd_d(wOP9D7BK`Ed7=GW%2Noeyrpl~IS zTV+!|YrD&P$>q&q&X=D|kF!p;DWCNTm-k7R_gRvzk^@caqrhL{^SivD%jMZ3wY*RifaikM> zu}%4`&qIY&?q-|vSye|lyqPxTvmS(MP`O8J%4dbAIJ}5W(Uws2RqiF5!X_&m-cpye!c6j4#%4f}Xc_+ENkGQ;~%R9&A^}4(ZUEU=wZJ;oAO!fp+2L$jW*@8ZiBi~d0(_CpY;^fRmywDrhL|nkiKJ|d~0pWXI&2^ zFG?9_eZi)D)~isTRo?41<+CouAg@*42AlF(Z$MqAyti%2XRTtbe1r13ZOUg|0(GPE z*4Y&826dD2uD2=d6zXQ>-Dgui>uIQ4l=qxX`K;eV-KxBoZOUi82X&kB{$o=RlVnxlV0cA_D;SN*4r~r zvdAirTrcHcC1;=2#n}lpz_%zmt!}<-vGTtV-qLyQAYUAjZjijwfU*TUh=6Qnph50Jm%br)5{tklx*=23cid9b3~p+~XNVuj&Mjcf{5 z#KM~r6;s2TA{FJYxS|m|TArXVai(tNwX9Y0auX|j&XA^66~6Q$ULy%>pm2DUNy$kh zQc<GKUlGNqn5`M@^VwQbx($$cutS-M+ zsV{x)I&uhaGRmuYGJN^^iZq<>7FV1N43}&wuGsnX<;4~2POh*nI&0JVihE&;`buh^ z4|92!T%w1P@H=mYH$5J1A72sPbalmpuuJbRF5DO#U+#%CF+0*kiA0W)$nZ7f3EFuM zk!QG_bKSdV4@?xQ^s!)Z`MP(j1`CIOW6I@`Ne)a^=}lKu+)Nr+M{)Va0x6(ehIbB0 zHbM?>b(ol)Lxzc#CNNy{oN0wipA@xZw_>LKjp}IkNu`fj8-`M|#f&G0=c1H>6ND}i zjZ7-Nf9ysmxs?2sE!sC1lZGGFFf9gQ*_mN9dGmWf@|)wyZ`%9kw{ECVa-TH($Zj*t z&2QanlSIBs>sY$}c1%RBr%FA`OV?d(UrYG9cTXO?Py*>;L&f2fkXkcpN53Os*SJb0 zwpzy+Nu!2xo7tU@naamJDT}#7zIY)VQ;t*fl;hQ6TVhYju`(-lz1V8)NjWZYa#4L8 zQ@TOi43pTpp;3-b&UU2sq%3Xu%Cb5ivo9YrM^V2i@+#`6(hYZb3OL#+;G>Szo)qxh zeAy1>WA^4_?ulBbI^|Kd9=nTD^BOH<1bb5IylTy>!Mvp&$XAsdUH2DybzNS%d5+7t z-`dEiCI;)2m2t9S-MhYv&o>D>J?OkHz1~HCnUYlsN#c5WAH4O>KQ=wSZiueN+$IB{ z^vUd=mQz&TY%e1Q@jLnu_CT{BoE6Mwo=tC6ykCaNHpYjS#U%L4xP9Yh9 zj4hX5HstX3LWLc~dFLN{Rq(wM-n+&bE*!2JKF%~E4O->SC|Pal8q$u)dw2oTH6>4oniiW2Kebt zHd>HV2S*lUq9d_K1^K`u{O!)ztp#C(mqnwa6?cSR=Sb~QVe*beA9#o_bn?~`GQ{8M zDWN;W|IQsO_oUta4~+5h;kt~eF~;XDHlKRk3v*#GVzf3-WNOAjf(s4P>5OG-Z# z@r16p+!^v6jh8-P#{3*(KF_#8dp2N^L}u(MeQap2hW#(eu&;$+*jJxkrwYeaDZT9T zj_K@mVfLg@lJ%a*Y4_S{<;+>HQ#MJ#9{gW)is~8spK*A5QT*J&f7d$o7JpBw;g#R? z_^#8>fz%xNT&5&&H|2Y?KpaO(}1%aeJ&^~;+#ogQTWo=wqY6B3&J7gtgm=O zkd;JvxP5)ayUM)6FgFJac1nn68PAeRe1doBKyDemxod6*7MJ=WK?8 z-5f00wyVUxkrlbJbi-TZ?C?Cfq6)DKQH2w#+3%eeWaQivEr=Xi5TM`@Cr3|thWA7Z zkvv++n^?9MRt=Vm?R)F$$$7_?Tpe@|9)|p~UC0l&JH=OpH4es|4L#N%P8$^$tb4b1 zaIOn{6@CfuToi8hobwfo?Z_CPJAjK-m(~&w;`)6IZmu^^FoYRg2r5m0kakc2_ zBE36{4sT+xTVL@s1sY~c^L>PENs*Hn5_6+Rg&x(i|F_CYm54GCphG>PlGb3kXQPxs zg3ZQ#L)5{vCPQ=5Esekj2|^gSuAUw*LU_x((IrS-Xm)w5uZRy2ZZUjw$WFT}5&a+f_yP zx?N3CK2W=wsJm*{U54&eyY5}_c07?^v3oHA-AoF5GW3d^GYsKpm`&r2k>bT+hM*S+ z)FFtTDRg1xCInU>oUOs)#a3i9cOc|`M{dv9v4V{lF&Hrr9S%EE9a-01DR<7(@ZMA~ zD|~HgX4duMoUv|s&R92Cy5UEo`3T7)#&=15bgxFZ?bK+`dV)x5!2}tW{KM^g(KvTW zK6~IDh#cAz&`h#av39V>x%TwEoDqe)IpNJ$R7fknLMoPX5kBENlzN)Eopq$#*794a zgTplB3GQ&UExb8WF;%1OxK@{(o`zife=>L8;h$qhr5m)ZbL)Vx}n?CH&3{ zMsK^S*Ki9p@3vA?Otdw-*1)jbt?IK9&AuLQ1dLZ3{5@soTC|R_;(fIM|%0 zejhM(`9gw|n(1hRYn*G3_T1D<_NMH6Y(;0}mSXwtOMy!ET!VXDitqj3WjR<-m>OBb zK1`mrq+f@_?fjA3gi~3u6b`@4c&LlQ()FK25>17z)NwLw(@#bY+ma4W*R-OiH|Z!5 z*}PsykbJV5>om=E8u1d`5}S6hZpl~aqITdQdnI3PmhJWq{O~h7Dli7hb+45DgOzKK z^JZT1?EViwv%3oIxWd)Y#9T$}afZ2-H5xy7mm1$~fsV`_{rXBb+(p;etEo+f@jaW` zL{f$ZMT}{!jE!q|rp7D&r*y*?Yyo#t?;Fgw_;JSI>*JW61O zBUDg&f23m0#w%3PVX~FZR*U3@oe27~{14&SY0KutG#M>+yd>iGw4eiB-{3jUb-saa zqRJv}gq+E=gCfDw6njGdvm6;>|*R!I+9a2&?$qwy*9n$MNyuJP+WOm=r zJG}jTkIg$@e^Pbj8BB&d^XSB7%{3cJ1AghD_K1PUC%u)$@`F?`-<=+N7s~8DiO}#@ zhfnpSFvCq@JB^q>1qt!A(vG&*GIxw<#CHka`E>X?DTcFqw?l4oV3I?C)Ij)RqG|hD za4S!GZr0s8d$csqQy8nVWr;e3=%yiex)oPp(>BQ~4V5MQzNty9At_1bk&SI!CY`%o z_VW|+43Ivqk@ft~V)2j4gIGa0g4Sttd8S>t| zW7pQL3Wb^&?i!lNgOgI`l5i1wEP|I8WNQE1bI!9|i^J>e$B2BI_>O8(+h+4*7x9*9 zoi_|!Jf>!7#{m*X^{b@%;8YvS8I7$_%`>5zA^H3j&fNqFv7Zlfp1rd3sU)Ib#w8OW zyji?K??X%I(=N*$NIkr5j11Pj@{iA9ynsbi(%RE%arCP@XxWwD9Ig#bTp5`b3%# ztZ`Xpx4WhEezsj;v)datPi7&I2ybSbvmN{O6-x-03(tgKDN= zM4>H+N0$w6w$nKQW^mKfc3-%?g}T3rfW^4ykE&-t1W-m6eJV$jcl)z?RKn>zxpazXwT3d19J>_=Km! zo4&Jx+Q+giP1{1NDEGi`q;*Ok5E8WI~Or7Y_i?Dsx-c&QqH9rnWm zYMDOAGgO{PVeiv=Sb?2$YU-Zmnq7FBNDRv}28spRW}0Q1d4@mt@yD1vy(n6;O~k1? zib9t+w_|*!$4NxY%&p=TycsILpXB{N3KNMa!lwYY$Q2fdS-sfE2olx9= zgZCJeN$**x{gw9%SMEPh^~#$($^4Y3*g77Hst|WBlwYY36or6y7L-Y^3ySFQ*1B>> z@Z)AjNETsDu_}HuMSmASGfd~;dMjF_il@=OQB49TcA!<-mR|O!%(KLjz)Pw z4gEFLjZmYkH=u4--g{6DN>!oIDy3?nKBd$tP!fZ2$fibFZ7y#m)KwaKDO9ymmqE!- zM~bccp=K!c2$V_h2`H1^voZ?%K zY23%4O#2pNa*fLKxAI(md3e*S#`{?JWcgW7Jh$h}f(ZrIgpafPe-NMHT@LPBVC`E6 zmK0be;K9=itwRfBXtb;}X91sh-S4Oj9$Z;uO)i*c9ndEd^6ogxx@;7ylF@ppm>gqS zvrEji;71{+%gAb@{0_BXG#_l9Q5YM6PPz6eu=bIB`F!!%TPas{p>;%oeE-$5#33j+ zu)sQSx#{@L@QU;|d{Lzm{7ovg*rk?2El}Pvm)GG^t6ZuZD#BT0Nd-+RDVJL7QWrrr zaq>Y`mp24u$^v0MD}U@G>LXn0*rgo zk?#dNM}tFvEu2LdwnIr{bt+FL?YL4X*`_4ZF6GHICECRXT&f&O+@K;I)LWIB%3njt z5V%@-Rs5BqtVkUkL(Sp3S9vG%w@xX)O9i1s_eI)m>XnkVF;om{jq;>K`Py4rtH@f$ zUpb2`X>UV`?$#-rhWGFJSKBl}${5AG0Eo-Q9s5GZ3t&}h(37>5paKJHN@&C`{Ib$OqzwoJ^ z?{#ml7n|c8I1(&t_~YV53ce(~MQp8sNH z&s*Di|9;}t`~R!q(fz-Fi*NPl*N2;u`~Bd=|M~tGUOexv9giMz{k*~lduy$d8=raS zvwiI+9lN^p6t_?Gu6wNf^iNNE?c#%O8+ht(OGTr4_}hC|_f>XvJTW+`VCPP$rhf(R z&9AJg+EP%EwmEBhyDL|BSkjLSr?P_=zNFSjZ?UA-MFrB(*+*qZ=kmdo71ED1CZ2u= z&6*`t+27HY66@h8lC$7fk{n0mAKlVdI4a`v=hn=rnk}@-*qj=9|4ufic6=^p_QYJy zoQfRI%<8GRoEeg}H?NsB({ebos)D(k8e>ip)0BDE%vi3>EL4z{@~kCw;J8FMG*aB8aml@qIG#?)Mynd5Ug zv;Dc8Ik8;MT)F#`$$e&3_1tASoEbIgT+Ym!b2u}rPtN94SI-!7IhCo-wW*5LJyb#` zv7&+l@sGa5RXqHH-M@{@S`on)rc4DgoXRmdc;E?!lE1|+S+0H6tbZJ)^n2ss3bHz} zWlrZx+C9TLo2zn4nBklUXIU2K3OL(sj_Am;?%^zllvsxI6r3$toZpKe#mvb32gdfX zUe07veWTQHOqu7w*;e7@EP>-kJDGIW!?`(&Bl`v0vN%73Q-v2Tu}sQui45~rhBMX# zpl7ERwQyvL%5d7@&`2K67CROiuv5Mzi<3;YuR3QSbq-tcx?8S#YG_9!{-%uhGk?g=1RT&P!`yTG`26)M47o<``{g zdkLpi~^Hk12wI48r&)IyviX|IgT8aUxB znH%8vvt+&lCy^!dG8~!XOgdi8)8)~81%HK_JnQh~fPEY)hQpyUN=4ypfy$I;Jsi<| zM&>~{*Ja848IEY)$T-@V2q&YBBT4e+tXN?<%iv_R(F5nMESX#2i0(5oKZbK}mds8# zYqMmINBqGonPxcaT^Xl@FgztZ7n!HCVr_vV+5qe}{i=}mVa)d1BRD@8!Fg!}=Wio8 zV?|Y2DIYU}bJ_^b(h-~sM{usm;#4jl7;y6OK@=7E8PP@_U$bMWj8&QG%DQh`R3L3F z$NaDRWz}FGKec0x#W{e)Bw{Akv2grZGIQZf%i=_wBET)A zgz7&_w@`a6D(Db0>!_5;fj5)NF@dwFV3pF|KWCF_GTGnR*UK9k``da}cDAqTY(Hm3 zTUYmBe}9FLGpIV+_2;#J035) z7!l~C*}3bO3*&7oI%B-FGPObrDcMP(s!!J{WCc0}KHaIhc?DrT3n*S#DWAC-kTk+) zgaWPZo5lV9DoM$R20A*Ly1IG6cqi{(>riQwne6k2OEAJ+De z5_-e5N+w8}YDHIfs-nt&TGeT%?XKSbnc;vfT)j8KGxkh4nVcUtuZQlh7emAXvl+bM zI}8&g=?5KffRN&Cb-m|w@gcFn9$t>vQL!r)v6y^52S(H?e?tc>odk?*+|P=v&EGaPVUc`6oGbD7-hDvA4!o8T2}H7xZqA5baEF zm;7g=hSVK!jnp0HWV>h41d=3zW`~hPv}0zf2o}st64?xysUnyZous7M?`6}WKSWd> z)ZZiRJ}FHtBFBKS>3VdTH<;5{<1K8gX|D6i$cdVD)G&=1b-vmLi@D3nLZeFcqS&*& zwY~!H)7VhsW3R5PlO-tj7YCPk{at5hYIUm=40|BVL3&1s%Mb^KNm_$~ z#>$$mvoH~NT@$i&HPn;^8~xtG=DMJ-2^xprrDfLQ>4rzNCq!pXSq5Qa&Jw2icBzF4 zx$AnAS7II{#oHC<3h1__MWXZ1^;V;UN#+?D4(w+M!)7KMn;sjPlg`eX?Q-Q&aAt-R zV&XTk3o277I%9i*R2MfH5gVBl= z5?VoHLv3Wm7L_P*%{K}K>L_MIAG~J@jisc?-c%C@1u`mPWKy=I(I0sbmwj0jY^Gi; zVKR)ii6&sTOw-Usmzyak=57<6W1mwK_%J%BP6s;C=gfpoea<0Yr^Z)gnCno!(Hlgc z?dY?D=*CE=a#kLF3=Mev)nbYv?4q?%Gv;JhNt9B%lm1VC$9Y8lW zy)s6+s+j05jD;Q684(5IR`Q_AMwEw{D55ybL~2wkz4c9;Q9Dwigt|;C8hl+hA&DXi z(ab5L@XSOJi=@kJ{y0aHFhR`EjDe;LlKcSrz9S8qCQqyh15w%!QWQj`-nzzWh&sEu zp$4;2Co2L{lMT}om{c@UDo>FxeR4U2^;ws;PZ&QEMyi?1J)bq}fwN_3%lmL6-OW5_4F`}t&=A5_Fvw9E^;U9{{~L2uyL zQq5|vZ#uS=C4TQ>-^yc4TUvRH3Cp~-_1*@v-!L|z&Mv2zVA3_~2A2^)B}My$$dzmp4ksyfsxu zo{M(5sY*t}X8SFcHQ+K*X5H+#WF|2_GP0N)$do#Fiw?WW9VpWWsUdDcEKGlUFvjlJQAGYqbJqG)10FuDXOfG zOj5q2xnWrhrOJp@ITc|mt|*6!j8@bz66d0N+%j|L>flMNupQGqGwo%xMOw>gBXBNj zh%68Ga6W(Lmt#gx({bZv@rPag7oVvyUwxxtqU}hthfL!!;Av(DsE~nX#m7iX+*ej?6#HPUx zDKB@@*-PTet`Gx3RuN)$95k}Bz*>01NDr%OlY*SRg?O8af~U5L+y_-Rf}oOrXnvy&#JkxV@kE01A8iJN#@MFbZVkY%mu{H z3~Vg8ScGO%2SPt(x1g-BGs+OHwG56zW21|XV=V`CO}4m6qz)WI^-^NZ54h`_f~yoe zYYHLQ{J>o4%Ls4RGVG_Biz=#a8cyZN2;1$lSFNbjGcyD(`iV04CL06Ra$aR_c1Omg z-byDm(k)2o^2+i?O0IbE;(%R44ABX?x!4UDUQtoJ`9f*RykbLa^cDyyp|!A%idg2m z!Yl1ZcJpF5Y8LA*+!BW-HS#egwlW_na*OXspTmegEVhwFc(M?i*T|r9 zUKh#-5n<01VoG817sW&$<}8XKMVO~37J9SeAO?D?k0{n876(zR$!y-CSQCc3hGI=+ z_Y1|4GR!Fy3%%JR6brrC9TW?FH=8uf5flS|XD?6;E}$5ATl_z8}8=)&8BXpUp%=LO-e9utAx&x6P=ojigjW)F`OwX=ICl5dBO9l1{A zzFsl-=hZdQfx=mnP%_z>|yKXv?9+6UaS$T1(JIp0w3|;P(T!~`jGFIkB zls?pi7W~#ItjHZAMr*G{W%|%2sSl<69n_z=Wa2jApTYoW%&sz51@j*g;K4P?q5)vBrq9O|KDa zchA_`Do7vrsdK)}d{$)~8jQ(wkBwwGtcifrG zr;54QS67F*A8Qz1z`!zJ6AKth&a!c3td!gp3|3Yz3ALsCt-Lw8LWF!=IK$sqFIo_} z810Veu(X)xO$>`s8Ue-8n~4mUc|5%`Mgrb6f~~z`m-s`h$IzF z@S<5r%JDi(pi)k+tI%gc%3+ET?*ci-(C%VSqoGlzL^28jF*I6w$I6$$GifU1T%SMK zTv-RVTM*OyGPs7^E4|gtm{5m$VMH1!@9v+UFk#ZT3F`a=9H5}RzE;!D?GvZvJ`<;% zu(F5t`YG{R$8+)8mll-=RqiGbd1bdPuEpB!sE%Kx9J~$6O(B97hUcNs2O!C z9x3~Zl#);Q-$d0q@q*TzEA#6c_K$qzzYraN%l4HVtYsvn#D&s?y+vqWVMTc}-4Z3! zDsQl~ka(M2Y~#RM84e9G0ElIqIVGPC*>;TSK54_5K@Mg|v&~-#{$IPc|Bt)2owpGh z^L$Ll)gHnKZUNJlBIsgQ#MDdSq!M!wopaZ3*8czIf&cn|3hsH8XK+ZTlzw6d_AguC z^9qs5DYqfK2yc_Cqdmg-etkfNaVQET{9k!M#edb?_uM+EmepUz6E@4{Zo|k%^THm} zcJS~-CUYJwr|$cE!%~=sn3%H>Qy?|eL`&3N&$5X=)^eGX#3-@u`mfVxgr$hJWZ{Wo zDqFWb2eBDQu6+t(k1_J`5OSSquBIJQzbzFq>KqUq&0J`nk;Pt}nx#g83t z(n}nFBBW-xhFC61_mv;}ajefuOx204MXedd)~F)YF+P{EBmK{4B_p zup7m-r;WY9$My^=JXJS}YDpM-Igjb7muM1u%5Id`A#qG)j_oWh+X*i*pSjcR=Xu?K z4<;;&*m~=X?mjg%)5q2-VOhjjD)XQi!*F#h?>?Ech_O`W5iXWendxJcRalak^tQXt zS;OdKELGTxJ+YN4`ffnAr4551A*AucSl`QWVo-XpiVK6a3G?e@W3OoTlH zW(yocf48KFt#4Tq#niiwX+J~vEw?3`*sLTHb-i;!3D`zxl3CbP+li^EI3e1vH_3_v z7tNbP^-Z#Th92dhH1iQ{Y6WC|A6{PpIgmLml>VE}nhV<&ZQbZ;**`3wF~z#M~#QZ=8+iJaDQZ9nL9nLY$l{h$H1p2T+=Av#y)QfpTJ7h$V&j{Dde8{;wRR2QM`a zrHS?IT*~U}!}rW*^f{@EaYo<&hVA~?wAJPDPn@8V?(3uPu-_}}z%X%OQ?zrKl;}Vg z^%y3dEb=K#p~KZ^?IN596iyW3K%j7<=!Ywr4wEw(*@(FtC(oIPBbLI6*yLOcnQwjn z8&uH5*U{@6c1m9CM_Y=Wi(en9XF0(yl7!{iuaMbScBJ0_(R0@AXTo%`JhUe;t#l%6 z7I#R~<>D}wGYn&RODxJEX!vaE)m-AwnFX>0*{VzT) z)A78h@K-~yzuS>YZwczWI8`blp=t^HIR^OEwO# z`7b;+=c|9G`q)qE`TCV9e3{M@`IRZ06BWaehS0=l#t0hr zdSxufFZ#j!O($QccyweM^F}$?+^^p?B zTg(yO-sJO8^8_e#be$zeI@h8_n_i8!q_v!@ZHcA%i^!Ks7apnJ3I4x(Oq}(FTH}@O z|B@HM@qT!eWA5Mt{0d$Z|6g~Qp7rhY&|AjV81de^>bBwQWaE|VFtqHL5#vHHYKNs# z$JsmO!~W>Zj-AmQ^Z(C#-s&7hb@Zg^C!|=<4;Cr z=ERAaV>2dX7$^})S3k$5XR6Sm#Kx+nW1t}mYkYymx=Me2=J+u{X;!oy>8o@iUFnFN zm>HJ7ng@ff2rdaj`gl%c7zRbE4Ah6A>c!VZ17WxtangarU7%M{)i07HGSbsCGa-a= zQs{fKOExBZom0u^K2A-yAU*P7|3wKts zo!_m%r=L!W(B;Ih38x6W2)eODC0!(bYY|QufO@Y@8s;pau?cO#(zG?Bqw}MxJO-NA z6&;dkPW4Si#17DOj)~5X{o{-aG;IQIUXl16MBH@HT#zovBK8mRs|3wTMHh|VHK6fl zMCUgM(f5PqDMc5FUkB*gL38ie==^9vey3<8rL+7dBBQg%p)ZY(&Tk5$Z&5VS_^~~H z4Z1&1h|Z6uB_$Jf5jU?$_3ep>iJ+N!p`?psU&yZkG;NA58o%#==8lP7^ZPYu_A0t) z{5}HBKPGj}@7&3n=Elt{8oy%Dlu_WgBGvczU~nC1F1|?8afop0AGh?t7zCQCEJ@cF zz{%b}3jFh+@wp^jZvZELn~?91LF3Jlbdkze1iITn^Osyn7pZ(bQNByv=u0!B^ZPFN z-3FTT^1J4DFKB)|J37BL;P(z_$_pi30)SI}lTp6=LGxsBbbgD#?|(ouV~(Wj6M^3- z@Vf~#Ppc80bWZK@Eckr^nx`uyzi9GHpQ~x(=S#Xs?Qu4u7b_Y`>0IA5K(3b4$-lYunwn04Nt+h zD`Z{HNzk;BTA!2~k~u`rD$e#4XU}rylzWQY<(^Vkx!aRdjBiXA7kJ!7uIvK0HdYb$ zh)P`On(xVW73I#$&n?f>MyoVEqo&C%%PH}cyJl+Xio8!$^0}^p{9MnB0@utk?R=!T z$y$T_V#f+hP_$tcu+o;5qwubR;v%J^hs$% zR1YnuxYRS(U0Rlpl!dNY{54h^f#@2Mvb+SW3JS7aIkP<_rTN9B`Q;06Jg1POcAAzT z$UII|+6jn-R%-qL&aLzWwf^{hIl4nh#k{ieQte#)qyj}#AK6d?KsgYMAlaFo5+qFq z;w&I43``O*P2`=E=aTVLkRmU?h;5SN*7_m-Or)4sT$-z$gCA^oQ_eQQ3Jo~}gcP8s zq70v6apjcf&t>&X@Sw#_uFQ2Hb7eV19%;xUdqKI(P%ksOTSCfwb9p=-Astc1!s6Tt zbP-Bxm|iEC7D|hCEX%(bA4SlH;U^oc)Qc}g;{$U!jsCnEe-XF3`>J#Cxy1%_VWts0 z@{7vBg2f|?Tv2OArm(POdBvsWT8fH9)2Ze+iXiBbo<&MS`t0K30=KJ3@QWvhxyAS> z4P%3d_4@q{jc8uxb~%2}6HUNhw0$K)8lKqKt<$&ch*JV_EGg9k5u+XWoq`1K zIVH&UYoidi!#U1@6YIOpnYyx}ddb*KQQz&+C>*%5z8f9WR9CC|J|8hU0>As565x~- z#qW`b(GL7r>pPqi;QZx!oR-X1zAYMs16Ou#*dk3@5_axE?2xKA)7Ca2R@edU5JDxG zzTv-?9QW#)-nG5&{oeiscWk)!p$)HN2~{NUPfTmt8h7xWagDEcZhZI7wa;K#EbwRC zUbA`Kp*h!nK6U0pk3P`vUz)aG;7dMyW8BWZcfR*yZNsOxR$qpt`#5Bf9C!E16V{KN zTs-dSmxq*Xer4uqSW*dmzuQmQzpeSIy`AH)i0`?2$}CO$t-$wOIBfIX_YW(%W6JqI zoqOLuVZVl9DwiDRpK<9O+c*5-y56V0{OM=ckNRBGE*JRycL$z)`L}~UKa!Yu$(y4m z!KOVe@YQQ>Upw{44X%gI?XhzFmO<&LZ#?9sI;im%v|8EbtXq zU$WzoVS_sF9of5c@6h+|*R<~m{AZ>2{P2@2m%Unhc~zfFj{F>!>f3Z$$JG-K|4P$7h8%tbsdF-k2QRh$%K9{Za3YX)?#hXo=PjIv^OhS|1kz^vf|zHf zFZ4B3*EQF85#+>jQu_FeG3g5f_#BkCW?^l!ucpSk7%PwCVb)x~u%@b(Q^@0GRP7Hg ztj6KUfSwfr@g=z9Wm&&)g|DF*Goa&T#Ik)kMKag2-do@3U-e~_O_v)uRyVEk1dfxZ z(hvv_<9y?BOHVXIL-05Y)htBEk@q+msoJ4E@!_4?hU4Uh4gfh-RR&bCy0OMn&)%w= znvSars`{`9!9WeFGrT-KZMe6pDeWQvUsD=?k53z!c9}o`PlWstkUu6O_M)_7PM9`) z>^Par#I(_ZGfdQnxUpo!BC;T*KWth>Tj!kC!Xs_&BU^!mJKBAu?Jt*ZrZxKn_i*CW zH5ib1{W=3b`rrp~WP2s<8QM&aM#jZ7q~Sa;j(@}zXPE&`o@_y2IWsWXoR^*w@S1_z z0Igrjk)ubCj>2p!xWpI0+Nn52`v{S+_Qu7$(=fEaY8&-9Z-BOzHbPR1PJkqkOqu(})up+r-_t5s;y&%F7Ls7hb zFSbIMg{kXy9UTClqWIgsE3vKO$hzG}<2N1c_eN_41V5yuBfh=kBya-B(dkDOGZGy= zx^~^G$TdX}CbV?KwTmoCc=T#X7`eS}MM}yr6*n)o7k~3+d;J!7zNNkNG~Yzr|6oX! zm%Y94R=t?BOrETtks77R(o~aC@3;u!`T*;WekqhZ5&jzSlMNz%Hef~5FNNjiPhWjK z)*k&*hN$0xCBDT$LkBpe!gs@)LOQSrbo#~mPzU+~mMi4o6STFI!O4I~tepZl67W<& zIM}t*0IL8`2Mhw90oVpO6p(UB17ykX!!31&A*nMAC1SE6WBY0J=1E*6ooWBH2V1(2 zCjaXC14p&eAE6dUJJ!7d*2%h_#kcH^Z{K}7RSl|ew<1kw*%jBmYpB#PYKYXZh&_5O zSW*(K4KJ&PJPMq(N3R8rX;$Oj7ga+rOFky`;9z1^54JzmgBjL%>w=X=`*VsOYJW{w z0rq44T8jWRfXY{(kYmw;tiyOfYQO}*3js3$^8qgeqy|g`Tm?7@koBDmNLf9ATedty zvgH{{)DEiHeqypMajNCp5BFeO#fy#(vLj&~y+w5N)MM)Ch2X~Ou!_8_&3G?x){d^H zVRio=r5V)$Cz;38l6Ag@Wuog+X!fS#8qnHwd7#uUmXS@@8*r*ZErif`X_hOS4`bv=qS8@m&UqbbOXh%d5??s}Tr5%-TM3KHhm`f?P-Pp7lA z;b$RtzkP_;Cw26+8EPW!`4XhiFV=yIf=4=HmPY&wXmHA66Cf3(9grjXi-2yx&449< zTL6~=z65v$;LCvD2HXlrnQQ~3;yi&{Dh@+ZaTrR}xVuB*5>)7zjD{T3kBHGcsbzOu z`|eZJQ2trisJ~T=`a=X=f*A78P;}EJUF6x{H7IX1{n(6n>!6^gxe9TgMAr`-p?8eK zyRacC&;?4Gy0EyZ0WQ>V^@wIi=qe2<2o1?1-1@~jP(S(t>NCFk(XN!m1Ax?zp8(R3 zJO~JXmG)D>GQfub@u*pQ7?7)(M*t~{M*&&dpW~K#!I0DohNNCd9Q8utq(QL{CY>(D29Lxcr5QCWby&9>s|4%mvd1BI=?fCEEux^5`$R)(UxtAiU+ZpwtVnwNEe zc^x?G0Hde*2IBrXkg0gtR|mq+e(ZLGmOxhyV=|bGoTx2WE5yDy;8TE*s))JaBJj{J z*2k(VJJ8mY%O3!#EAIi00o(~lTk=Q13cx=B)&c$*um!LKkaF1t$ihE~Tj~l!Qdby~ zs{@JS>OkTm=*kc|@tAH>m&3Zcq_*rD+P-U$(t|#_x?oj`RpJn}oILtP*er9Mm}O=j z(=7956h4~5yoPwI!suzZeEK|!!iWbw$F4BuwWNJUVpf+bpR_DoOR_xSYY9GtGSuZG zL@&avU#yE&Sq`JIDU(kDsVtuX(y$x>g(^ipG+U8CuSt=&6TFaKyOE;quV$GQ z%|p0l<1r)~kD){{Zb@9HqSG7iNJ~dYD?RA&onWTZOU!hHV_ms5M;wK&_J?EkZIVS^ z3QYlH7Fw5_wUJs8=e8IUJ%ey}a0M1&GY!qosklFjB5cdL z0zdJ6u`UdcWp=^IAdAMyhCZFprx)hwgl#^-GO`iy-g8O&MbV|E#Y4A9~JIjlyILigv*c=E<;kd5=Y@m z9E97_Icjce;i2{J&tNH=g4TAB(WQA$8cy~gp`(T^<;7E7U z9j)#?trdIQ3Jy9qyC9NXjhM2 zEfL9D;GDL?Juvgg2hTl91oM_H2_@?b56@{UJS2Ya`!;fHS<`WJwV#Z33P!a+XjfN~ z5fETBx2<9)R-;GSIAG5SF{(IRsxw-O4F(5C@Od}}mm_T{aIV`@B$uo=r8saJQjB|L zPKi;%u!4OP1#4?gX#ZQ1A((^h|C7|(+}T#q2{~Zp*1k7s9SJ}5%F3|u_g_IqkT9US{>+&O(p$O4ujoUOr0AL zM<-)}A@_!4oy5g0Kjlz^1$8`EG~zk|H91EHNqP|JMNZ|F{#vhe4($Psb(L#l&Z>8s zF(r6gAG-~Dhq0v|P6lgSWZP+BOD1nQG6^lccZk&T59Q9;#t{5`P2q2Vvxsfc3P^F> z2#88*>j7D#n*k>P-U65n_$|QsfZqnZ0`R+lcLClGcrW1h0XGBQ1^5@h9{>(Uo<9UU z8Sp;934lKaWYr!5BYB9H!+of=2mVN7 zxwo~Vvt>=^(bX5y5Rme)e-sef)o0TX5Rni#wXJZkZp3=3{x41Mfl=VZ{=YOungxko znj-RS*#c_!VcIwGTiOF@4)_w-!?;s55B_q^nyNM8?-miF`&f4K^$2k$o~r!-e`PF` z+}5SZfhwYRX->BJ;Dfa6(qG`7YU$EULmC>R-d%KQxvFOl4wvfCVH>fIuR}96?Sr{P zM(pJ5xw)oJP7lLga~G34g2Y6At*Q8|Kf6|cz@Wl+Kt(B&U4R&ywB3Lw0`37E2KX01 zn)3evoCvrN@M6FNfC0cxz-GV?0dEBS2=HFOPXHVzQO(mu1SSB=BRvhH)WI)ToI6b94L9zEeF;YACy`Q3tsTz$TT@I-l+e-E> z{*^dP0~GF$2vJ*7wZ9rTJ^+?|l%`UqI0qrgWeh^H-%c}d?2Fc+xCpUnz(?x09Qv(8 zG1E{-^8kBw)o+!rhP?-&;3JEzv9u&v@3jYH7 z8s+pWK=$QLfb7dJ0oq%ksKLWCyU%)NY6|(cAYA#SVp1HMU`L?mmQw!{Yb8KcfP|CWv)G2Ywy)V_g87Al3y$Bn0N71BXra z+xOvFcO315%8kn#y<;PX!b4bj$Q;@#I`phLtcJ2aP>bcxxHn7Zz*d;h$B~tJ{H{2J zC5tM7m^FmPZ<@hW?N5r5bP2Y-XG@Sa48$Y`S+JJop+j!bM)toAZ&^s z!G>@mGNb!8M92~HFx!xSq0drIp90c`dniPT#d4h+(!pftx=-;pxp^p- z@aW+Q^5L?g8?bRxtNYMCy!Ay7#JXKrfE-=NU*({$ID)xD0@8%|4%oQ8wc^meS4fXd z$^fe`!k<)77akE#Wvt8%J2GG+cF-T%cPFV;X|58b8Q+ZMf27hJXb?p~qN_wvGC>@% zC1{7x%bH{@i2eJ?kYrmzYhufqR4v#KQ1Et5huye}5@LEAf|xK2_`><|HpwdmDc@i4a%*?IOf!#ET*{1EJ?c$jJoo zg*vJQ8be&x=|86()-4%KL)BgZ*rN**U^-}3m;&9@$lQ#-PNsl+coIM%SMgZH>zjH6 zqRd|{R_`qM$N1CKq?X^b0jWUpRqm!b_e#7Cgk`p}0l>r0;Pcj$@dW~U1=!`!0@_?q zxu6!)eh%0A#d@dV9sehNL-QC{ZJKiJPiIYDzJ@weVoXDFx;e^j%@mu(P!S zjzjqS#Kd8zhFxl$IKba0CJsQPiHU>B--oV8Pvt45iNhJ#vZ#;V`ouvl%=fWtpa-_4 zwC_I!(~IV&0rNI39x%wg2fef{p?%*OExY1d3p;}+V73w$9E`s`f@dBW*@ih!5BT!n z?=0L4*C2nk&4N)Azv27DZ`~W}-V6I;@@&d!h0OoJ43O$84bCe>q|PPeokE&4m!R6 zS^GIB6xIirOhetin6Qg}9{SR<=;qAI;Zoh4Q}r)##ODOUy56^q_%sXb>$5Dw`%d6k zH|eP}yZIV`{h_P`9Rqafao}EFS=TI`cQg}RPCPA%#9zuR4L2>&BMN^JhF;2X8X#@N zbU;o8T!7@54VVt-1}p`f33wA=9^khCX9Kbzg@6wL76G!QO8|cdI0x{3z*4}!1C|4F z(^m!H34j*^a*A*XAQuXk0kTa!fYgTYG9G)UnrIubLCPa4KIGpHkKOg`v&nLfwi*@;Zj4HfT36;=njNbIN(B4@_qkA z1;w)Cs*o!pAeJ5VAy-5dT@k{VM9iw?qZo3txGO?ylLG77$Px0OIPO=-Q_pt4wF(bC2oQ6qPs03;WgiT92H+6DG{BS9yl)G_Qtk{%xichpQ%PJW zeoLIN@AL1)Z*AO5t!}(^vIFn9wN<1(p1zkzys4&X&-6rS*&Fe#xhGv`W2AkKV@U zw!*jK3%AD?z7}7ICGCTXI^L)k_-)Y>uz6&5Z|qtJsfdb$V3SU;i3GZM*FjP`1s{Kj z`p|Ccl7;X>Jf7Am#QdhMVoQ9*rud5I<13zSt$3u({m2yegI6J|C&`h5d6JCU3ZHB( z-0-sdK-^aMo_HV*^lih#gZ**h5yBpAz)f6>wqcT9a9t;M7vOpSl!^__CvoH*aNYM2 zH(;atz;&AjT>DMIt)rzquC=gZz{ZLL*S#6MWZjw#q5|iG17_Dd*L}#Ja}b@R&#uv` z!jT|b^}tzj0>85qe3ME-El=l!YI&4a16{=)OdEDa(U5&(F$IL0w0HEt#D3gwq}qt3 zI=dRZGrcju;H5C!soG>C#D$;4Q9ZcKOVv8?m#v3|Jk)KY2yH}2;$B6FW;Rv(gMs@9 zAvQ&-)&qi-bb}FkN#J_ouXR8@6S4DwPsYuQMvsF6X=(JR12Zkp_Lzn=DS+`&22>h7 z?4H9b{PMf!Vq|4z4p+-S*p5CpcmvAID$ednX|X|$$3Z?zYT|Inj*c5M!qxCSFBlu0c9aa>Mib6v1R(39r@ zM5KdgvCpq|4?L)Hxx(vj^a#cQ;Ximp;TPl5@#Y-g0hjT}6&DRXR}n0%;D7_)!b(Ri zC<)PWX>t}&)y;lcGVT}%-E#4vv6rfgZO4J&bo@S~a1}84Y{q$j8G!QvivSk@)&X7& zxEAmd!0Q1o17tZC0qy~;1pF&t6(A*73%DA2ECC#dvibni0ha=@p34APhkC$^0UH2U z0yY7z1H2rt6)*sJD_}F=vw+J1p9fq8_$R@;2?N~Qvy>i#@Y$FBb6PFH!thVgLclk@@5*E6wc7Th%)oQmt~G);=v_x0&+-0(e$k|()GoL zruyp_%R|M2yp0)q3IxwG4g_R52dReGjIeA7hGau9B;QGpxVP|I;>64%fp4eEbyhDP zOoA=-yLzY<(CIkaggfu)SZeR+*M7JkMD2LE%!Ode>gbo%#qkY9xGdI=X*ew&hkI`n zL5l<1CQpX76L!v=4N|JhJiEIKA`$1xaJR77VFV&34+%I;PY1|yP{8;PODC^%wFi)! zwWL59k^*HYQQL;U632Ok#2HiMBW+sy-d>nW@dbtcQRK$yp{|?=+7xs-a8|i74IBRy z+?`S6hBprQ0)j3#b2dn+F0BVL3#jAkLwJ4X~iw7g_Z_$M0muD7sM^5eGauS1Dnkbq4 zqxV>|LS3c=#m7lfPz*^yF(gkalDJLyEpcW+eKiX8Q50F>kz)50>QCW<`Uv$(!>wOV z3e~FQ^caYwoEVaFVn`~K#8IIn?#q{xlTMjC-k~UR($D?uj!qp67nMz?oMiPQC9B5` zSurGK#gNn~iQ9zV5@(aubS(cm2DTqgj@18{x7m7F`(IZ^>PQq>saJ<%H&Umbq>Ov) zM(Q6*PV}`&onlDJi6N;|5=WhqI73d@nw-#<(wZF2#c?u{QAGOSWEIg}h_l*prlB1d z6a6T&{gP(Cmm74|>m25mKx+MR@@_ayGC0HLoJ~wT#Qt0gl3jD6&I*uaqpfFVqZIy3 zHR(7DFa@|_fGqZKHTifBVJTjQq<9%h)OO;p#C52UdYqMaFMdn6#`?mi_wol$RKwyj z6|UuE@l@KthpqZjh2-R_k7G9Zq>7UMNQ5%+_azZx4L-p=9JhXDA&`e#AMM#%T;GuP zL)`D<&awa5*f>s5v|mnqDZe;9?`qM~+Rz zlr%QhiM1PxAjtG*u&je5Gd+VH0;KsFEF1l4475DHIS{N2@)?Rca?jlASx9DW^;$R! zndwqMvRwv988j*<;@t?#R%b}IIzx%taOjW3ovT8k)rD*0(ifdwg{(9$N`n_$CLU04 znL81-?yO@P(lAXwYs-Xvg)r1EAa%OXiS$0h6UCPlim$d|-7EV{5NRTPU^ygFN=Ls~ zHcFJ`8?KPekQ{$s2gowFDoNghu#_Z2Qj!eG{v&Z6_{~tF)<3;J`~;NCT6>1gLF+bRoX`%CO*36Cu_$1{;nTQ9rKMB z=G;*7X|FMV{NP_#-;{=EAMtz3in2-ud7Z@0fQQ9v$oI^XOA6c7Nyd zqK#L+@ot~nRy_3hpT_T>|MR~+dTYh+J{d9Xv=t8~K2bdRq^ePWuDRATdd>&$YJE@f zt$pl_jahGQe(LvY2Nykd>!93+YbQ^5>&`!4_;|_rEko7}{o=rfXFYyL#^KL*zE%8q zu=9-a`1gNt!&Mz`-;`4R*LTP5t{L9zt+Cg(Pxxcq-c4;syr=(S$;N)aE7Qr`_`6U^~#^0IDNx_H!gklTW9V_D!B6Z8>YY2@3DeUKRmpC&B-78*Y25l z{oc#A&OLBp;G*d_JkdAr_P;$}aq6e3r}n?-u`h0E8-8C|*$&vz%T{KNTGMHm15@~UxfJlENK z;2WcVa^efFTjL-8PHK7jh7Bu5Ov(OduU-efTlMzN%l5qT#czlGrfTWz2P$^YKD2jx zL*nwpl$}4h^=HNDw`@H9r&}-l{nYr*irQZc8KuWR(B3fZga;q(q5tmRH{s~SxHEor z@Z3MVTKSJ956ro5=Qpa>p8DzG_#und!`tGjwMqk-Ww=I}ZF|2vdD}_l9KmE@|1D|=}Z+HFqTc6O# ziz}-dAKe(^tJ&P#D~_JWcr9x&KF2sFJ^fp8acdO@pC=hpUxUtw#|DDN{2@g4iugG8 zz3|KY(L$z-kK<<$!!Pp(5Xm7vj!O$({>&#Zz>&9^4|`^OTqpka!p$pQgv@*x6CZc0 zh{d$yil=7tI}+i1dJCE+u-EzYvhm?8B0g>{{_;9=+zZ?7e8l(?muKSB$Hu2GQpd*? z3NARF>%3=H*!d(1no%Y`eQkXD2^vlddHuNGv>H1fVYTDRO?>*<`1D8W_&C~pUe{mt z?JPT=6A%+0S7+kW-^PcH86S5I{_=XWVm4-YRylKwi;t@@@fl#_!&y&!+>K;{>$GvN zZnN{@TsJ<>++Ha*J{+Xt<8CGsT&o{#f7Q;1<9c|#2HE&v%>bIA_={p|zr5zET00+% z_@GHO)$2qXA8NAHXY$$d`;VIJd^q;U#~s99T@MG__;A)3;?py6HC7x}In!$q&gWzs zpHl@5rNr{o-S~EvozH24rUQTV@|c{&J;8(73($Sz1^6YTIF+=py_EU&zUwp!@~GXSn@!t zoeyUl@o{E8!)$y;gz@?0sdMw}e9pG<8DZmdP8gpTdIZn4^8w0Io^xz`&J#3zd5+fM ziYevr&r(umyL!H$xdmdQwc>T2jn7D6*5H#EhnSjvJ{0m@0 z@FPq95cdc7{P@tH1YXsLMh4?cU1olh2G;^TJUug+(>jgL#v==D0M?wo(x`D6(4C2gxmRi8y}b(&}88+XMs6aee#~2Pl2FWXwskAHa>-dhJB0I6$9Ms?0kw4 z6Camk;!`O2Fa>kxHCsy)`YWH{5>seks9U_^4a~(7p=B7DZz)VK1G7nCPBbtdE6ha( z=A<}@>SJKC6lSo2;k=F4$p+>Qg_&+(o>!RD4a{DJaT%Bs*gbLeH87JE=2Qc-SYd`5 znDq*iV_-HYOg{tjp2D~djJ|*vU|=qQ#o^W8z*H$rih=p2!VEJoFDT3i1M@e9Imf`z z|H11_15>0hGY!n;3Ny&S{6Jyy4a`dlGs(dGQ(?|CFsCcSG1|c7D9lI$Q>!o+7?|}6 zGr_<-p)lhNOozfuF);l&Fyp$=z)V&c&A?QIVay+%#Bc?jR}G`>Dq3-y>^mN;{;>EH zm!JvzTxE$!rK+v1c<9-Q((;>A2^x{!W8_X-qGllFjG80(EEH7cKVwXvvMd!eoTY?c zesJ|f_8Df4P1mFCj;pMR+Vtt^mQQVDWzBK9v*ur{O}F?Uvz!P^TyFeNFL8;$tSltc zKLC-XpZ;i1Smv57E;G3}8M5m%Oak9N2yy12o%5V*_bis(R0u~pQG&4If?*`4B(~Bv zbxF)piYKOBml9-=NR7M&JN0a_YmQm^iF|fagQG5^?C8W{HP7~g*qNu^GUB10oy68M z5$HtANO7~u`lGKH7)B;F@zg6##-VTZ*}2Okv&|ZsC5{`5NE${9Qk<3*J%yP!=`+W7 ziymhhb&DQHqjgPBk&7p2_G;Q1Fan*DoKTz4lO{XAe3x6;4vN9L|IC@%1uHY#?Gb{e zablOX86};qLB-A$162$((AXHLAeI=Yq_TSPajPzf!*>Na63>S5)um{9Xyi!i7DA+O zvOJ!E7rW7X!Bw8>CEn^~p6bTNWj=4#c+KO%2D-Yy5quaoV?jOK^4>aE#Cg~#ay9&{N0?oqVl8zG!Cw|$$UkjR- z6&=OrM0ZLL98Lh5{bx&lT)GOn8u2uyT4J%}2ZK6zTIgKim4-V@%gVCKh0c#B=}9qN zieFfJ97g<~LH7C<1w9H7SrX#kFL^Lpu3FT7F?0| z4MyB8ibfFPj}yOS@cRkqo}y<4S0sL$5w{OCkI*}V%g{fI{5rw!2x#`w`-02hXQ889 zPJ!d1;X(_YMb49;fA@gqU3yP&vAvz@u`(WKPr-XKV45Hk?l++?mVCL9)CZaoE=foC zk&|Bi2KZ&5nV2oAz;7XFCSM}+jl_?xhg{HXP%F7e z{Q84#H)#HTX>@+qg6?0SS>us(k@zwCG5k4UQFMM;;5P&`^D8A?Bz~0Nji7l)(IJ_m zzVH#pF3_B;MwCeW+(5%{-2^LTBD&Z&Rg1%B^?=4xMv&WYa=L_e-*B&D!nm%=s z4&A`9J<`GNRM5<>kIs(+;u_E#P;~K8`1J+xq{is{PDZ}VKyz)Ar0W@h-~FI_1T-c7 z==`2S^fjQF6p(b0%E$JY2bzzA(fK`x=n>7D)`6Q>r1Gr>zl7ze#|lXoNnbd<*$A2r zMTcaL?ZHh-`$02sRdjwih|X0slG2&qDDb-;bWdCno!|En{TI+&eWj#}B)^s5_XE(J zxF$Nka}hmL(MU??@(l;SM$p~H2`#Qj^1B{!FM+1uYC$IE`%e9BKKLyK&5LU#T_k=m z&DtSFBPpHBR|9@U>u?goHPQKffapDnCK|tM!SB~CIP3np=={zG-8w}Rjo&?>`^h&T z>l>o;gNkaa6iqaK9FP7Ex=U`1&X4k2uV|w2qx?Pq-Rzs9^Giqc8buS0p9X%9g6`4v z7Jim-pY!KGgXZIJTIej}^vQ@GakHMIgid-ze$zl#dP{VEnEGkgf@Yhdi)1$zg5N>V z6x(KjWf+bc+G7y?6VFFebxTPK;zF_^$OyxgnWT zh*`zip5p9T?woQ@k-OYe>MD18a*B(}ON$FU?jl!qfm<7^h? z=V_x=nx0Y9c*A_}ah2dfUZ0euP`G%lq;ZAUPn9dITR(qbLU@-KFK%CSW{K{Rfux2dkO+8fAe z^yk(1@sh3A@2k%BF7`E`!?Qe0lPju84k;{MSzd8zIX+q>Bhgk$H;g<5J@RB3(vUv8 zxVXUWDiUR&)G8zgvgeNIlDWnCxq_HeO|ReI(1_+`?B)19Pc#94(N2~KX{6%UQ7BcI zI%#JEJNQHkcJk!1V58p)&%1mLI%BNRltFg7g2q~3b!A-{zjt2XT^z*w8>fO}vYk?X zW{r_O?U5qAb|xbEs%KaUCr=i7E*~DjcqOD=UDXy0(GIO3sNC8UsR%rirraYR}-BQd+QTYF0<39$7WElOk6S}Q;80BL8N$HG^e9N=SL(GJVr!{o}das9z!D% zX+sfxtvx!YxMYDF0fC-Z$=#8JvAXny_R#?wh#4~3YM@cpYx1B7uKmTGQ6JgYS%Me7$qyyLYaA2CgfC zKjZeA&Fc=$x%Ts^Gaq{NfqwtOQc~bcK73=`&c1iP_hW6tr?*yLb`f^bA%o<&yH}pD ze(dDpaZkTIq-^smGf%@5T;TiNe#-uB%~$R19DhZ8&(%|AY1(fEzURVWoA17VSjinz z&j0D$`~C?#HVpI0unz9KU5yI_isQWOCe_SN`smqo3S-XjR+L!B58-okmlhML9|fwbAa zU|?ZJ`a)krbzO6f7r`;t?( zZmbJye1Xb9{g~>ersL{@sy-}2Fi?Z)3@=Yl8}6-YO1lWa*ObQJA#N-)vGgoR*$$hz2R8Ez{O+giRUz>PqdW$U zuLUn|OIeH;gM07(xZ5OQz;n&FL8@o z-N>=<@O7^QaSm$IVjSDCxV6WI9{b)!C2+hm4v)o=hpiPjKvoYi!+Wp58KO&IW0iV;KJ_%2GT8{etg%X427TXs)x+1(?EW2p9w0)HMuwPy@7 za_?#BnBLxzCCE?lf{oTW@vm)H+a+jfF>B_VvI! z*EkT^%-N0R(s`ofNhNG9ne%|Bwo#X6vAIl5A|qv!j75px6T)=kuWXV<2+1blOm8P{ zc?7=<@!6ehoFfSFmpuJaHqNB*#^G0kq&Rp&jp?%?)KMX2%1M4nM2Ja!Mu^9pi_=K; zD9R2};rG%c3aZ!&glLk3V;R&<4s^+7g6XUP)n77gvHbCL9CkdN$9G6HAo zY|To5`OuL5Lh@|B05Y}EggS#!0wk230UcP%^As@oqmapH{FU;|LrBW=5`?70zKPKL zxKqVPg8n8#zs6rFS#pr_6e92PZ_wK)sr*dxj|0e=sQ&@}v&^{PgQ zQ|MG_Rplu~RDIdj>vpd_D!SoJmU!c`pT(ytjFvRp;mEMs{-^9~WqXD$-=kP&(w zp?5^=9}#*>guXChlVKTT3PgwtQR1S>;DvRSxOytsOF^vB#MMVZPF#3V(|O@hfVlc8 zn51BT1u=k$3(6#}WCbY+UIQf%`+*otRlng25Z6fx4pwl8f+s6TYsKqS3E+&C*XatL zq2N#jb-;SE4!z+z&_m2y;>bmYh8v+#Mrgbdnreh{5n|aesl#8EzPDD6zmm&BBUEFA z>Wom(2(30k*BYUljL^4@&|OC8ek1gV5qc7#B;38ladtAa#fW{)2)%_6+oiV{A!TR} zezQ$_3+qj(_7+YH89IXBGGv@v1DnVT-E6C?rwCOX*_tiX1f2wGznR!ia1Up!x<&#D zYW16Mpisq#qkX^=axL3(HVV^_<{aF=*7ZgUKdg81|ed;80y@qPqImA(&^TqUFL(_ z45{%`J8bYYq-mO~4$oHyzoeTIvkVj@ZOw3nf32?+ycqCCz{>#d23!RA5TFl`c4Haf?*SVCIdAd<9s&#i_Cgtg zfczf8a=>ALR{(Nn^lCuv+&~krtp~go@G8J>0R9m020$^Z0elg^Zw7n=@LPcI1AYha zBf#$h@+IFp0og`(0a9CNlccsVB(;U1M8kIV(+(>-btn{;saQcLkL0BE2$m)ZlM0V4 zKLN)K^LqdzU&K0;OHC%yxWZ*`Omft-$)I2vc=NLA*?Yj{Sb8JVuzhGwUWlk?IhA$Q z&2>0ONq*vnCq3zzAf5SAs>V-Z7^=q8Z>gDSxC7#=xdq;a+TaolPL{K|%7T^tAVy$$ z{H{<<9@*t?sDb?qeLtrLIA23$(AU_YI5{5g#JW)*+0RDd=5<0psgDByS>0qn);$G~ zRqDho+m9jHehejwuM$Wcc}koy_J|KD6()?_*48fPSIpBo)X*#wulG``wY(Q`)^p*R zhSo9__m8`7pCa#yTyI^lGRkn{XgI^HfqGEld~zDf@e%HH-1@~bQYL0=`nIyB?*Ovw zJCrqLS}9+KquF7X2G(2R>8iZ1p6i+%l$hgSPmpounbATGL)!w z;IG8(Q6Xh`PLmD=Ec%Q!{d#;vINY_MoCT3w3&O=lFAqO;sI!4jh-`SqdFaE!uw%l* zkZSc9Z0LDlG}Esy#F|=P$kIng|4UCDBm6H%=zmd4kb=s{70hsicH>SJN87Thsp2Sd z>X7_k@%til1O7_y0B5ZS1ny_}%f6f{l*ig*HzVdW+~yujYe_|8KJ;l?k2z!-()<$l zmdHwlL0f-XD>^H)ak!l3hS4-C4Ml4*K0~e_25cU>^^?I_v4<|J;B3OUc~vO!JFh@>5_A#QxTz)^s|2PEy=fNTY}xNHT6WGgU~D82_IammO-;)DlpqVV8_d{xq6 z2iMAW;m?AfWWaUYq$r)9(&>Ru#PNFz(v7a8;30-9uoIu8RgVg2$Ao8eFG`>ZU-Ayv zvCx;CkX6f?Lt1cf$X-ci8+z`$4Ozln?Cdtg1Wz|`$_vBi65Ab~OUP*9tA2~7JM?(s zEm%hxEBv)!x!v$qhpeSe0dMtTVJ-K4in<{C5tPqG^x--@$zjz8R%-LqvczH--rXguO+orCX9?rGT;2j_ol zoQyA7dV&~hRQe?cXJVHxKkTaz(xHv#B^UtoDnVSrq1yAn`Dhe)2VrvHYrFYRA4l;H z%IR2Wu$X{qb>NmCx|D;355KA0sTvK*E)n_;{>s6E%MLlvJYmGXY{dQrAvu)9LjnGT zU#Z#%ggQltFHz8xq-xh7BnPSQASCnU$xk1M*#AN3?;>;)xSB^Q z^QSG?p-0PHPsV72mOq+?pLLB5wQ?90AKB#Sv;$GBTiDpf&sz`~HnwrV>vC*6A1t?n zPz-n#4b_beH9jspD(hsvrZ<|!!sRW{a-UO`I1C{p14ChNEObJj1!2ExLTzxdxUV^t zj9>1smW%_eZPeWcqCD~LckWlBEVL_5<@6x7{RDwiSCJS9Mzyeh#KVY`;>#L4b1sDUo@A zlK|%f762{)EC;*kMH$X>w-yzCVW$zH)wqLv6Mi6bA0>ojl& z4V;+DVRmtZU;7T8+=6}{93=ksr?fU zpYg`Q>+uzbS}T&p_puZ4Wo*Xd{QH(QL-@UH_YnS`lRyN@2n2S*0MU~l(B?M;UX&Xz z&OkoBHK(DPMWE19ar3ec)fAM~HNiAgjIFp|i`ucx3fZ+|j?P@8C)>Vy%@1F(r1B%z z)^pfJw=$o@Zu=HC2NLr+?94zP*|}{Mo)-Cqn$3_!le;14Uxke&lTy|p9k1&!aLT3Q zNBH%iz{x+92Rjc%ahJkB0-q~o^e7;GtUm)h8}Kne+Ox+2GXQ@McoE<)0NIJ20^|_( zG+-;>vw*h({u1zefG+_42yhc1%g_$Uso!S6X8^YVvIB1gWczFbq}1NPEjtB6vQsdW zsAZz$634AK5?5m2I7yT^C+)ck94OZW+`O#X!(qtkHDnq}W+m2FO-Np;W6g zBwL-KM2*uHi7QYc<#>}jdDI>h!{-GD8H|&$mxIe%;Z+N{-b^mGgX^)p<1Q%fr0L}T zv?Od8!+t036;qo*3X?__?rqtJ50;w!W*mP0iaQnWd*Dr65#msDP=vDa_d^k4o%f57 zlU81Xm}pwr8#T6SCDTyy9JpSNRV&q^Bf3_GS+(PLkHw^wv~ASN%hANt%7{uSmX>C% zq#UeT`4dbxDVqlYsg*wk#~6LDVhCT?dJ>FJ1}f|$)yABCeL(ZOn+wK5H9sEXU7 zD*^=TYN!#fAQj@PiN2;fFMpSoMR~%ZDO+_6S`iw2(or`3VtLtM@qoh>vIBx<9d-k< z9`7r`zk{$8JVR3O3?+&VCUJ-GTjKOtkeZ(8&J^xI6MKcY0ZDA447t1ZJ&DvReyG^M zHPmU-6=#Ez>R=N$T^$5fg>;+zKjN+gpo*&d&*P!u0~Hk4T%L+cX{O@7B-?WZK?Rpm zQ2`Z2Ar`fg)W{OavVGt8veY(Pv_vhNp?wLF1oV(23=HwDCQ6ixyIx~fyvNyGN!JJe!vk=`Mbhofl)+-Go^#g1xkUEQT zqmv2057tg5oW)2?+}Z8;UI7-TSu$=NiMb3plzx>2jE)$py<^Zy4a{5ha|&1K=4P*B z@gXn0jw3gtEbmH8L!J|e+iUD~<1pANwpLa*<@q;f*Y)m^xn(pD7xYAKmm(st!4wTC zp3?Yuv;0OUN89;)kCIOX{!OpNCGAc{djnod9lQz1D)k*e4$p1|><73Nkk!n4fKvf? z0A>Py2)Gn*7vPP69|7JE_%R?$_-??L0Y3%Y2KYJPr-1ta_XF++q~5;G~YV_Jn+Zvti^J|vcA{)M3g0oINWj?ETZSD+jG2U@)Z~x}E2Kv>0WR*{EjGD2h zF1lEa^|37BfBK7fr4AdLL34+V0&SB-6^<%Ab)S3y@k<-fQ|Xbr6g?E(E83+oAX}hj zfPCoYfb68S0A#&!5#SWSR)Fl(w+37e=muN`*beX>!1jO-1NH=b5-=Q)o%%k29L*gF zcmQw^;1R&VfbEc{%K^IrMgk54i~<}5I214ia0K8iz&Jqq&}cwxqnSTRiq z2_0eof`blzfx8?RKw!66{AJD<(-!=VRLw)JXe<0D{fEkiYq@f;Qy7f1afuxwyQ1-2X*@(#X-fU)-ys%yi11Ec!iBxi zvSw`uspdMGRVK*gZqRd5va$bMe6^c3;WE^sxjdsmP8whsLw-x#T5Gb!s5DZ^3ZB(4 z@0FFAWv;ec;1X+IaValnw)t8`KQ;oo)B|xg#sSs=oCW9thJdVp z8v$};vKioKfXxBV0=58TL)RLx2Vi?ZPRw@#Oatr;$npP+0T%&w0pvWuWq^+X_5^$z zun*uK!2W=r0}cQz1sn+YC*UB!deF-dz_x%QYZP z1M*I{0Ja6Z6|fiJYQRB&w*&I^`3}G|z&ioywRZ#N0p0_6HQ)n)O8_4PybJIlzy|;y z0ek`QF~HXV9|z=+;M0JtSJwdU23!ls!IO1>tPx)UqzzvMq&G2-(wm4$ZzAT>I2b5t ztcfK}e@i^Q$`gQ5qB;I^v{i9sV@i=gE7%sqM$)eXzP+u9pS_rN$4(Oml*x~o^K0kD zC85POHe=Wx=7(WoA*5F_zpHb*r3h6(qhP@i+=BC7qR)tA>+BmvgwxnD}L$=|r^w z=@<;XT+)ep12(|l{Q%nl_6NKia1bD$aWEit^fjV1A~9)1Vsfpoq@7iKrnSC*&xo{f zacMAinu^V)oP$88sX>{tvAo=(pu~ayFt@y1{!^vP_4LcwN5s_S=PF$e)Gs$umw(eQ zmlYoiMXxFsGahC5fO#9Oo~D(Q7h)C$|7+k?-#`oJ>s3rcuVU4@u0~#kk4gMwTmoLHo=|arx;bj4DHi2Nl zh2mq);DX^hf7^?{iw`uBuJ~?wU@`p=Z%OF-*9QlOwD5MLWana+ose1XShf>d_)EwY zP8(27RmfEdR4}U@25VKwUW>IVWEvWqlQJ*Y%xUE&7v9KAP>pnTRiVCAyChU!fT>Tk zO|ZK$&kZuW@hRMQsp;N)20AgyxR$HvOWGGEkI#4t5S3W#0+5Dm1=t3#H6Y7$TR=WvJ3#8^D@18PV$y)bqyZ(3 z29&g#H8i+yhjRRgMnW_7SZiW94{lbK;oih`>u@jA@S%qwzFv*t%yZ*C&)0l>Nzyy4 z=9eT^%~j#eg*8Hb5HjJwWzrw*&H7 zcK}jX-y=#R5|c(G<`O&hBu&FTB&}vfL~>CIi%T#Ng~r~A=R2R8l#W`J9pAw9VU`zT zrr~o(A--C3JDztbtj>%)($8W>eVKx>6w_P~iCb;>ENsJPc@B^^TmwiOz6eO$tp((B zt^=f=4k1b#5|cJ0<`O##C9O>HRjfF`$ra7;@+gLTCv2YCppgedk)GiD3Q8Ij9Ml3m zr5wV=p*0xAWoN43ptER8_$LJ=PF!7IyA<*&F(GZJO1nP5c2#xV{0a`#DJrIvI+PM* z`0v85rNxCGAsSa%9pU*crqy zL_P3Ttr;SEPa;@*dLbwfms=c=X=pU|Zl3n(fc$clJnfQiCcK9|=o|7l_+iWzao8jP zy!(+SW3G>N2OYqTn3>gs1B@gE8>F5(iBCeV)SO&>7?L+9DTn8CM$XI3o1cpVE@aJ9 z3tlYfSdAqY8Ytui5%1X4<1o)B;s^0UoX|vi5t2yS5RN6?!tc6UHBTX5%|6V z+zwa*NF5#kRF>2-9p_tjg!k0qqo|TRb55@|*vhKlP8r=iltkMH~9c0Uz zgm?84yv=FY9fD5I+_ad%hQaY)G`oDz)CWn>QKeWdGeuI`2?Z5);FWQ3QW2vrAVv+ZsprWIbjwCUY2eK zYlXy(D%Mq*OhXrK1h}C}7q!0+@m^kns)jfhWOQik)exsP^=e3Vq0vzksKE4w)NFy)$1Dm~;qRI17{DrzPkq4Ttc!Qk>n0O`75~IhiG^)7}8- z(p6ss=DY3OfU9mqU#`l1Bpyqjn`!8(oP>I;j#4XVvkSt90E z_Eh%z$ydo!>ApMyzQR+5t0tJ9Kz()Z$ z0#b*Y0IC1Oh|)!gNf#w1T~yNOqLL2tzVR;g};@)2- zE0~a0e-SlaCM&LrYP$HSkC#akU(yM_F2)}d+kJTQ1eZ%yxM?tk>viXxZeWE5MwR%k zTi?c2_QUnY*jl%q!!_%YQ>LLoUPFAQYKOIdJc0c@?;U^rjj__SK(%j-IoT=t>!GMy zktfsZA@Afyw7wqFk1Jje`8votn4fuT6#1V*k;Ip$Xtp(Ui5f9-dkNWr? z5RJ5U81N~;Qb6kHC?Fm3G@^7!V$varxwJu$C}|N2Q+1|1n@Stop$hEEiR_;xiG*0(B)p+x;ANM{Z;>%nvR5cR~b ze`F=fiEj4dVVQC_=wh#x7)7L2%-wkAmsUYSqZ@w?)c~L2Pr$Z-e*yA&%2oAn9JsUw zF=-8Aa^P3eXcI|8^`H)n#&k6d!6Tz_6e?OXtT)8F7T1{L4;=IxB+f-PU07Ge`93VV z%(SjI8i#csX+I-Ak7yn2Wg7CZhyPf$#xbv-V%ei)d(g`s%Z1Uo@mlscbVwt$Lo|;7 zo7QHT#51onjJdeHi{iliZw924V!(lbTLAe?TLF0oR$9_P#H4|Uxx^YgNjs_dRB;I! zCl{8A)tLUGV~v%Tr^QN3bh3kaVl|gxa@8Y`#i-bSAdbwA3*uT+4=-XF<&riHUZ28) zw7L1HVu@;l*Y`NTTrs8mc&jQeqjX*=dl7uLBZzV|@2J3Tz;CI*Xpb|9VTgLT9|$$T z$S?s+Tzy4edc|%;t5-0M3-J!bx2p9DQ>WK91;D$gP_uGdMMr`~n$>d6iu7##zJPol zdJdmyvZ8;FqRYPz19k#D3K#|W1K=pYp8yj9PXb;A_%mP*;4gry0e=Iee$E0?x5p5r zhY^z=M$Cn8X~?UA8rQE$no$M#D(C8eXX?*t(axZe?yH=?fNLWx{X(W;Ibj)jyh@9X zo1K}R`)?KWwz$2mpj#_o=9SjsGj>H}cpv4M`QHxc2HXM2XZb*tZ}y_4_K8XD6O-jz z(pbJFP4v$yjgoD^P`#LD^FB`Idw|90l=&K9+3ah8C0MjN@$UdOYiQ*|A09+6l5E4?7Qkt2TaLGN>g z;%|CL=FFM+3IrZf4!SjEPl{Qq=tY^^Yd)XVT~5F)_{={5vhe;0$mjn_xeJSwbQfaM zU5L4aBuNW%$fBn=2WSD7VS78CcyV1I95=ttKYa7?-eR>{8O}GCZ<$4YdrK>p8j8+6 z4&p&Fe(|78EWDXnG9^kZ$z9%p(kZ7TS~dibZ6I zKqbrPivqj|FdC4LM198T$rN+MAfPH!(SgE@`Z$B~4Th z+zdi{V^B=m8)IhI)d}Bx^j)MoZL*OTy%Uo0<*`#mX)G zFFw!$!*E=(iWP`~;_L=-Diqc?Hq;m7)Kjii{;kQi#C;lJjTinGAH+!v@;<+TMZZs3 zk>=a^j^N>_u=8;~rlD~TAg-^G^PT@P#J}ZymIaD*zA=rB$!Np*79rny;Iq*AsDlhe z%zzW|`Q`)C`7!}n2(ke?1LgpB1Iz;)1GoS%7jPlq-GGY#xzOTj!2N*N0#a9t0eK(d z(m9Dq=OiYbQ_|?1l2+L{HQhPOrE~s;bbr%1<>;9FHM^)*X1EU4)?(#seckciwK^V` z9}357p*tSkS9d(IRIw?%Tex;{X$wdT-=P*O)>HmYXRhS$O~55?SbVGnWQT82DFv`j-Y$pDmm;Yi_GW` zfY$&%0(ckTqkwM!J_dLc@NvM4aE~Ved9SAcX@l<&rQZ{ieoss`!ji^DSker?=NU7L zYvXr`XnrSnarXkToUypXseGgkbYb|2s3L3Yp2{zUh^qKcu;`vzHnXZaasl$l{QIgS zcjB6LStHX>r&);4*T|2~ds*XoxsmQPmIaS=nod@yIfXn=L(~JGg?8lgu#sh`3!C!q zKtQC|f&iNXHUMNp9Sq2Zx*^~&z(#;`02>2RCrtpU(=QRFPY{znK}^<#lE%7F(hQ$q zLyfGN;i}U^hNrCqUK}odId@E`YRmS3q{mx&g9d)*X;O(*uz9W_u{@O-$OGn6$T~(cY2< zdvoB7AFkBq?%>YZ1{?fc#U;USl2Uv?Qi5D)LBy5|Z{6$e;3S=q!8%H|8Z_%tI;N?E zcnRX8KCL(`EjJd2EndL8Ghd8YtGJQ5EOihzyD2Pz%!3|?vjjQ;!xZr?yxK62Zv!%) z8`Z1M55T2{iAfC;bBXU=NZM!kThgeNGl;rWpc?H;y1BmNok-&g$^D2!EaMGKLmt)z z8+~dlAun5en_F$eqd+e~4IEV(PV}ZJ{VhajPaN=EF^<^JB$s)k_ISIlitdM9XUwk? zuo0j?AoE^J?M9=IOD&38PK+WEa|zFsv=aO+Y06KJdg}s);JOQtc@I?T{RFsFFEQz)#H4y9tptBdnyB^@9>d>S z_kw$wtE37_!B_t;B!DW z03Rbt%M+89C+5=F^^>&D3KJtSZ{QD&OVFrot7RyW!CY0blGH78AMinzs)}jI!!#dT zEi*1Hmm?f;nW=d=R!P|fjNSt3DZN@62syK5B7AaNnj;r!&|}AP*Rg3c)3Vd%r=;a1 zW-2CGQ;8|;?k3sH8#QXK=<|ZHiURcIfXs6tAo+G9N=*`znj|L6kffF1Z%M1yi#i#v zHEujLX3g|pTQ(VW=b+`Uw77lCCh8YoX0G8UU^CKZbeq_(&*W6$$T{7zQfFwVes;Z> z|4e?j|2#PSnsa@7JojCf>*L}M6xSd2__e#6X|LYA{j%YMKFC}%`@V$6L2oran7;e9 z-IMO>**AOZ%l(#*4F7WA&%sg6r+)R}mIe*lBu!bddU;8m(F^X|A2z!0rF|YB_4r=Zt&~IM6!`<`Xrs$H5KV0S9Y6AC9k>?gGN4tMU~5Pf*|w@KEUM zXx^=8z<)<}JowH-vknZsZ{N`QPYn6gZ^u0k|5AMTjn5YBz3Lt9#x46|gUjEUG&lME zLrbpo1g!r2x@nhAuKU1@$vMffiPvuHcyiW|wZqmvG-l%~7u}PzWBG(93JQbVi{iG2 z^f@y-@F~Cc$$vz@U-$mrS4_RdmELbjz=k!~%zwE5x%+qdw|{E*+ADvYb6LwJr4d^_ z>+X2=^gHFxM1QdE_DdU$`F`Qh^e;MH5xe;68J#}f`<-^Ied(B+v!fq5QhQ#PhV|F& zY<~Q^%WhkL%fsQbUrg`&{f}LK>Q+AN;Nm|=4*0H5(21T?{JuHTH2LYk20Q*J^6NS0 zgVHbi|K4W6Wt&#I@4mgIr>JvTcEc}jioeR;==;Kg<*yd4z5nBVZ{L4xd#k8{mv8@Z zP^Xs{L_D#vVfMlMGM=12IQ!9`7Iz9s+q^V1_2aLnz3#ke*Ten4{O#bB*`p_I&zPF= z@m*8z?xe+^3HoXG($S5JGcLd8T+6Rxk`ImGbWZ;laEsk!#BkY6RP40cUv);aEY*^@r zHw}36ogW|k_O>%0p=gN^k&-ztt6O^N*1TFc2#n=BVrJU(+-}{w-{x>ERg?vp8Qtck zqO!$2v*78570D^N3(_cprPRqUwOc~B)U+9Sv%Y@CFjAVC=f?&jaT>q6oO)7@$;aSa;3-2Ebe_7ldx>s`gMBK7U!SYL!k%aL z3Y`uf?V!sEw#i}R3_Vi_LhN1FLmBjObDsG`P6sDibvX@fazX`9Q~WagFljcrtX4Vf z{5u_d_0;8r+T=75JX`Tgzd5#(Ya{W$Qhsa42 zISU3|PD|UpS___arf08XyB7xwoQ~`9OFge&(hIK5yP9q4#@|kdSxy_9oVJ38xnk-! zi}#+i%V{Tg+@}1rwaIBOcuwJ$`FW~Kw=%n&Fu}72a`b0!FXfnQ+ClIG!(WCWkeT)A5ax<6822kzGz#!INQ<)5Rv|Qo+NG^vuuTqp5HfVrIK{6FfJV`^&DxF6D@e&#xL`8eS_Ctu-gl+iDzGI%1^XS4n5H6V2K8s z_GSKeH`wztRPgZaS}*S&o19^Shq+>ycl!N$_WaOGosO<1Im2vnMhKq!`HMJaXy9^t zentwOMJ72TY;r~kp3eAXsB`iOsLJZkvAE)Ngqh@wvdLjdcRFt3FXDvLd8_PlMhl*a zCOL67Iq`z$3j8u$-M=3OfRLb4`AWdwPDiRqPP|Rd7{PM{zYLGx`SN(XoUyp#blhN) zGsY%ooZ#WK9>XPPZ|!22lZY!$$D<}W<7{%01kVBrL0J0k#n;>AAd8S=uIH0%awZ5K zT|bA%ytUIVXQJRS>t}*Z4&M))4%Xxh1IBNdYquBgg8e0?=b9wtnA+tl1&_IZ=(OEy zvfyEli{aKw?q6un^AudE+|QhBlQUKDu(Yx)f3$G}sy!OUT!*veayllP@;uchXPV$) zub$zW2A*YhIn!~)=?F5(nI_~U&r6%f#Z)r5MOncT0q`+Q)pW}9iZachY*Um#gYvba zv@|G59_apxmn{Z4AnLiqhVo{H7>v4N4CdRD_NOWwN4NW>BtI zlq7@loTBtFD7zJ9fP=KQ&GAYl)DvWj6r!vQ7$zorHV4n zpoFN(x3@tVq$uGAWwxS38kGAKWr#ufP*DaO6#v@tDFzyp!HP1%pj@RW9)t3Tq68b1 zor*Hap!}vN!wgF2I`Uql49XRXQqQ2|D@v$Ad0tT(8kEl!rLRG81W3uz2Boi}#2J*i zilPZha`Nfkev?YUfS7}E$);hE*U%+ZV^H72<%2fGV2>v za#?|DDTpY!g3J8VEoJuHoIdR1VKE${)8SVBB}n4uK1dx>G5Zw}E$0DZ(sMAz91$@h z(&I^p^mLE7LL0)l0n54C)v?=-ximgxRb5K2M`Tu)$h7{uN1y7L<)(e#-|Va^z3E%- zRk7tHXQzm1MRClnm9xi~sHEulgh`&!iDM^4^oWSkl6_6WL|~nox@esTi0G#c8PeTi zwlR^Oh>6N%rs*7O4!{QEivKinkA%pPG_>vx;XSPhtnMIn*t1v7_-vmjtS*_!p4I0i z*7W%a`5}O6#hX%8{$NFQDNV-~SH)^RMzgmU#*w3_ZjWg(tT(Puk;AQ8_R0x~ zf>G+(3->UieX_55@xngJtli3MWV~?8 zoXb)Qb69tz_)Ia34;q<~K5M?Ws!>$9Lh;7a$w_Z7@+7Y)ItKG-^(AmG>?6T18f)V) zBQH$K9v+Wj{8-zL)~b@}Ruo_QG5n?~2lY@P5y{CpX(@Tx>A6=Yr_4@EnVX!FnK?H- zEuxo}Y`!Fjn(MM&z1-%|qfeiH{rdFm(YuG4>UQ_&-n~zsK5lofetrANOVeDjjvKY@ zdlsbxK7f544%yo=&smYeu8=m4bdLcp7tP2Z7Jw zEq|Rr9|oTJijU^-Chr93i@=kLaRLTk@-D@-yTP+n@%fU+{CxzT*Sb=gZ+SG}5%7$p zU<6T)c!{ufi_%;P^<%9Vf z0KRq{07vkZKe|aGcnTDsFa4ba-zxCr51=&P@~*+PwcxpUpkNdArnmfs;YP#2Gna$r z2)^>iYVRTN6f3@}^7kQl-sS*1f-iZoxb_2h`g4#S!HMWCe;i$&0G=frXh-lRuRr+K zgXdU;U=uTI-sEZE>mG^73K+qcJeJ=X;90Hskj!iTSbpyZ&(qPAR<*o+;He!W`Kpo^ z44#%A$>%G7t#Em?;*p%*^T+ymF8C%4ty&(d`9ko#qWFB}kN&&~JWma)Uf$>6aSWGy zRmlqk&o7G4*Yh%e9WV(H&xrtps^m=qPvl6+=SvDUOq^5>5WY2ZnZlYGANM|lr`=L5x8mAp^E^ZDrN<<*VXw7!T8zU1*jBzPh@ z>44xXf2?0}6pvuUkGJx62=pJow|9)>@+GeTmz`rJkN)dT9{uk|@Xc2}Jzw(j!S^V5 zS|v(pzMl6^T<8Rzx056vhY!8=hx++LXPB_)e}&{@|HxbZ*1?h9#Uw!{2j&qjLi8qY z2I%?IaO@%?gD?N%?9rdoaGWC(AozOTNL;%~@d!rzc*`H#j~(E9BSmuglE-G_7r1+4`t32lK zNAT26uUa1GkotjVwc_(7uMB+mgXiu!Rm-~27GqiT6maQS)g z)R`yws>)vocskL~%D;3>FD z^7-;V%6knw#}!{y^3H&#RZjKt;=!|A@l_@7R`6`dtzO}L z@ZH1)0>PKO3Apwqc!IALY(DEh`d>HjT(Ma4`I5(G@@DXSq4<2+gYO^Tf#*0I2n1j9 z-omw3*P&fSWbjo!7D3(_@XT8(*nG-k{vH9(3B^}c{(c3|U(1jH!B_sK;ad0WQC}f4 z_{v{D+~_6n94?T2zT{!vTWfX${9w7{s{`Q8Us#_`2hY_vRxPhFF24Yt&594nyvk#H zz7sqz-&DQ4L*V&c@l_?yxdQe@WbpO8%wMZQe8disp(=TUz!SDo^7)eYBrcB!&mW2} z5Py5qAN^%^k*1a0EalY$@YX+I{WoKkrrnFk;46QuPag-*&RZm(ul#kv^255sq z9BwW;ZKSo*w&rmuu!M2xDcPAhnKN_UoyT76j?c=)E~9JkRc?1Qwi%>nq-A4cQdmfG z@`9A)>AAVt=`-?j({iv+EG%SpT1Hk{wwYQR)akhy*ccZUl9QW?yz^N`!=7EVIw329 z>B=MHqmtvJMtY(XlSg|JlgCCTdXl5#F`*hCo9r1K85Qf%dMakWDw*RVCniTlj*giy zA|`RTcBx9^UuBw@anT9MiIKywT~FqxPL=HABV$LzBoB>^95xR7ck6`QY<+?e@m?RG zx8kkz09M{{iO76pZ2V|X^7#1Jq&Sb(UnQ&b4Ax{rp2Ya1vB@JM`}9hVN*Wy#>lrYh^6Wcy9t4EIQ?;ZKqZ6^IF+kiT+1ov| zAY5$(R&ZkZM17Son;1(ZeIhLWuz(Yw?Wsr^Dk1glzD7X}|z8dz>dRGA1%HQrwH10f&zm zO<#%j2!*u8-6zD4jnO(m9v#y36gGnk&utAx8a6p;oM$YYCUL}gnk8YZXPk#p`2^gv znZRcf_i*DLQIito4fW?oJrEEw(VU;;WT9!1$GG^IBotk0zP+v=Sc00TzQ&EX!jqhc z{fq&^k;bNFWlYB&#^}uK;i=i9^X8>xr>DfE%}k$1Lsv<$i6U!sGinN=^{feR5SpVX-bfhFP=rt{b53toK1tWoMTzSa1}kau z!FcCJx>0Z|mW3=_71@%9v~s!$|8Yj(&ivZ5YCm@Gu}Sx>yW#nDAESL9E$FXYp0(X^ z^7HV_k59b*#REJ@=pI3DeNXDvWv9p7@aLdm&%gL|;O}_d7xaXm_lEDU`@mOEY3u&D zJ!R@(G^4mdu;Y3v7cu$LCJMyk8J<;nLr~l%CBe6kL z(ETU3-}=at?Gx@Bc*%3)pZE>>Z0|=o*+Zw?w`bj#%WGfs{vYRV>iVaqT_xzp9?5z2 z{oRfJEOWW8{N&R9&^V822zI38-?Ma3*^0>LJNqr_wXIQiJg<}VPp+jIlHOH=N^hyFvs0_QNKPHPo9uI zKQ(hl67@*&IQU;9s=c|-pRaR?Flo?&%MA*^Yqa zDlSkO3IO!PvmT|O8g4FUUpO^AXL`=OZYfz=7gPk*^Dqm!IjP7+SYmf~SlWy%_h5kZ zEI0q|hw@TnO#wzElVXp_d@^=&2|dF1tq`tMH!P z|1sfu#xFdZ;s4+h>!K>usq5gv^Jys05Dt?`>s1n-*n_^bsKS?en0;xHI}8jaU+UqO zz9jrl{P1EWiRa^zhG+G#o4<$g2;x010L@};EjDBY+UG-PpX=i9K&@0^cz;DB??CiJ zbRznvV9O>VnrAU38xZcN)kSn61|kNH^V8}f)(@|xH9!n*@2`a*HjMVy8X=;uEY1LG z663EmMQj%CuQf+(0s2LVEyww5tq@xSZ-dAnj&}(dKY=GbF~4(nXm1I)h37jJ<&_l; zs$Uda-@kB>Utz4DzqnR>P!qhxCHPRLy^}m;I#s`rV+gKjfEfU~(&g7}`*i23g@hdT*+8ki~j!CG-!P3hGhM_PmQedlr zMF|XDK-)jTMSxva1%_*xVt%alo$dd_ju3 znj;FPQ%pF%qzC5P4NdU=v5J@)pe^OI%m%y+Fdc9l;5@*YfSG{T17-o<377-O=gtM> z*wApulc${!lc${!lb=$Ov@*q~fB#_o1fHv(gwJuy!itE!++TUd=^G4+ETQ4y<3=$#x$x4d{M>3$@4P=r!;cl z$w0}8N`t3A1_kr$>r1qv#9)6)FJ9kSNVM}6;Dk9a;W%d)6@2~%U(x$TpG!yKK&^C? zBm?7Ig>;#x49uJJY`|60^}w_G>zbTr5iVFyC}kSf;_DG}t9PF43@jZL?qj|Yokaz2 zH3MDX6t3gt%?P|N4TYC5R)sajFg!77cw#Q?4RA@?MumyODh&_g z+()zO)v@zrqdzJX-B=~?eo}fTTs1$TRh68!vVP}_X_)=Chzn|>N_A+K^-~x%(5CIA zC*Iqt&gM`b^V0&5dAdlclkJNvN5rH$iMcc?QPMUmOsdn=l=7Tie^)_CNl~H;p3E;| zt*<5g7|q+(4oD`wm&!YX7>1~aOM#e`YCSt~A+B3bK4ludj9-ixTdh)Krsq!YZgWp0 z)q^khv?-MLwJLO3ZF$Py^?=Mz0U#Tb#)d+PNre)V{wZlxt)x}1n9w`XRf@`iD%CcZ zm#^<8RSNH|=$Eikg2r)jJZrE5R3@yx8VXKUHWj{2Z;)mf1I%}8lY*;egIK-Xn?aa{ zUNr?Vu0{swVKd0z@o?VPYLFXY0OsW;K<1}V8Kj9}5Mt6G#H2wajRui48btSSqn%(S zy|i356*#-DfzY-5*dQI9ZI*9G?}e*oz1GChnTC$eN^*3K^eVrYZoUta>Y>Jt&ih*R zdNcIMysQFber{2EZEEP1nA9sVsaHv(UL{R-#OG*p>LG^eeQ4pX1>2gT4_%151U+f| zLZeMpKD^h*-Efs&qk9fDS{r}!>De#39nspfF%5YxL7ZK!M$xYI2v4!~jF46jP^td0 z^7f#aKSaXwka-9$yFTeskoSHM^F(bk-+I3%3e6q!84VZ)7z4;WdjMIzbT+h3OlqB& zOZ!Y+4b=82Oz*2w)2l`w0@=1`edc`DN5^I4XqQC zS|=v8E@{-dq#3?Wt=Iei)%yIJX??~&rS%!-q4k+c>$8;BXDh9zE3J1kv`$QFotV_R zq*3dVW@x?6zwhg-aaU{S#9YJ7tclk9{#{q+E19W+fgHV4-4FTFgSXnHkJ5NwrSX1B zTZV8T?!!cld5zV zZ0L@d)EzOYJ4vJNBu(iK)#Js8we$f|_PJtQ{s~1vt}%LtjEZFUgBkJO3FAOpRVu|g zNZaSbn1(9lxCU1a$l!I*5rb2vV-NmbdA7aB@%~oT?p3P&6p;D)OsTfHp;}^6wZvT7 zW^hT`HifB&0Z`N-4L-`mCDAO9eA1|%F$^xm=qiAKc*-&c&u&| zudjC;9Fta>YGAX0#rm`y2bkHF)Wa(E~e#F~pZ>3l3F>l5?s^jUtTnnU=l@Kv$ZDKC%kh+SQ4TTxQAaC+fiut7o4ukN8U44O`rH74!@0Y?b zT!q?=U~LAyl^&*H>2V`oaXvQqd-am7^zi=FuM?0s!?(~M^K<~v4R}!Lli%o(`Xnax zNlca=N!tc~Nkhd{aDtx{Ug-%~;VD~+kFMv|$FC!|A%6XGn;gfK%311PJKo&D@ZDiW ztFg&(KHWNY81M@@M@HvPxyboJ2kJ|zHj=BSo zBUv8+_65XIOiLpHcL7ELegw$p`4}(=kjuNJ4T(t`5|f=lNn>YF(u56V4On@Us$!5G zjv_`*!h|J_L3UN!1qE{yOAU#a)xnT>7r|H6(0PfIL+q`piQd}Df$b1e{W7!_y(qV~7hb89Hb|96c?NXR&Y{Vb!ZioNhxAYm+ zYC1lP-`lLF_Nd8-RHhVE^RbbO@NUQvsg{6YfUN*IBGnp@MsH_motV@*G5MA*X?#nU zG+EU{;||2Ie^={w;;u24FLapS(&tpG^>J9PggMf`sdj$BLw`@tQIcx~26O&q(G-_SaRL}nnFvyQxsWIfe#j$sx-O~*R4ZJOv5MW zh&ZBJjV8@c|Az)XcwehFvz0b;0GXd$rOk$hHi=1X5|gi>lEzn1NvmF)LH`qNj;xV3 z|CzxMZ`xd_w7E!W^J=BdMus+tNo^97+LSbEQ_`x}Ccd)zKk&^_HPYtadkr~-r!|*! zZ`xd}w3)B8d7aW`sG&__Qk%r2HYJVPlr(6w#&01_jdu@xI$6DiICu5jT=5PccdwZ(ikmlX^mor=_IEio~?8aw#v#?>?RCl-aD$3)A;sxxtk>P&P| zor$ihGZAKJo0!x#F_%UiOWGcVnL5t3q3w(Qf3=-fy|(-O6WZ=`9@_4%wB18#yQk82 zxYBk9L)*lpwuwn?OB%H;X@+mJ!~8G%_6pq9x=_^Y+bPv+`)?{c$n4r)UkI5G)-tRi zyCO2QQ<`qCG##ci-9c%(y`gDhQq#m_Eh1_3a7h!IZl*8(Fs;RDT@>r$5}QKL$-=nP z1^Fla^M(}UpVspF>+6N((m$~1;}=>Z5IfRR^4U>3a z5=Y*U$|hNMK;z0CF{;!cKm#+avJ6&%H|d6%c3y@lKvJ{LtcLN{k!KnzWC`Nc)fvV# zsA9eklIp>iZEQofye|ul**IM=TEe_s2FU#MP@^Y3z$cAEOd5xn>?}zdJ4=!#3QKTd z+)3rh?|aI%;{hu@<^GNpp7I8-$CVfS?#z$F3hA*8UiXx9@%xyfxRcbohGp{0Kgshu zzL%e0&qbj)joXMqahjJgI96QZUlbSAWk+FL5XQ+0wgeX@ojv}zEG_t4XFqTSA&vLG zR6ec-BeFljU^UQj(5&OROhcv6cvn?zps{HgnJIX2m5bO#5#rsv1Z5^HF1C;7{{4mV zjWuV8ezQ~{>gMdc;YQ_dkkmkNZP{qC#Lh<41D};n;R2kjh+nG``wbukehb(Mumms~ z@Bp9(@H@bCz(au9fZqeMCOQmA-5mi80_3I!=}g3=GZAy)2zz-oP^+UbmsmC<`MMi4 z;b2*uQ9B6-;smlysjkBb0}}5UGk%aNlzAe9u4$7nb*~R_1?my z2MhA=4af^F$bV4Fa~=HwVvm;Mr|0IQ6HxF9@=F|fmlxz8((?Khc~0O#O7&@0Epo&{&)a%Um6!Boxs?lmyg{ioKNoRBFhi~5Q5u;s&o{h%?8cf(cvq2-z z8%1#&;Wcj{3uRqAXNyY%!#^04fFxa#&K4i@58s>shpCi{;IVpEO<194Phrw$M@R56 zWAGy$%#ua(gIS)rs@%tw4UA*%KiTeC2gzDt(yK=9*A;nQh4ZY#6VxcfDw~hfhaSSu zzmv^pWj5Cs*?hLhvj*9G_WZJ0kRPn&UQ*=w3`zHlQDrwkI)~?E_ysFZ zVu9TOtc$=l0F(D91}5cw0<5dJS^`YUJ7!$%jwL2CglLSUVNjR96$>k2GEU_8ENtibpk=y-tvu`T`L zv58rr>o!}DSq1aDgN}HnILnwa({Rd1q^()IY+5!V8fV^84*@zNCZ_6XK}Ji83k|ed z`k!I3qkHtX68hk92s1}t%iq1QP{Fv4t-;AN(8I=;M|GiC3*58&3^S8h9h}_P#xz~* zpR2mx!1kV+bR&xPo;&Q=bbH-lSBjp2SdWawaoKq(x#^knv2QXkWDn@=k%(KgtZSG{ zR2ns7#8ro7AaNB2zWJLy9giOvvO@{LqlirF>oii+u<6g-Rbij)KZpn%$G}Xh$dDMv zs9lLO0W91dp*Z(d=Byb1A1-+WBmIMY8jeg4QuIRfMd&*#0b2tW0rmpC8E^pLD!>T9 zTLI}Lw*$Tbcn9DXz`Fq10^bkFoIe1_zT<;{?8Q6;$T@>F z7XUK=Ujn=va4q2dfa?Jt1AHCuO~4I+TLIq$+zI$L;9kIDz&XI0o=Tzy|<#0saWM2k1$ zrM-x&tTh9*^$L?O1uXS}Vxtf-mqu-|b_moyQkYBo5*X`=KvBCAbBWVMSWg6MKjJDe zm-Yv+@q+f3!dzkoCP~mj@Jr04amss~pt1HQ=F)oNH&M{~D9oibfo9}$@MFsIIU)>N zj6s`i&@v2~e7PAv!M>qWZ-3N=g}k%B{kJH;?6=R`=LNLS4=VDwi;}{0p7x%z?UTyb z+!yAZEX+S$7Mf}0a{xnM9#BB;}+gW1i1c-wr8dptRn*Vf@W1X)6_-mjkvJJ3g=zC z1aAuGLPutZ8qA%ZJqsUJG%t){gQ_nUh%kv{zO26AS`F#60c^$VfE@ta0y6*Y0GYE0 zXh<4{m^2JAm)J5SY5NtQT;*7?X}oJnA(R;LAX#*Lh`bM8g^Ej z_EVd$K$vLjN^MO_aB=JV|dMCcTB296gsb@=IDZ#n@Z%y;vpoUTDK{H3(5xx3$ndjBD0i*G$7l z;#A|JnyA~f>zeoS5-y9a7o%B zh50PB1&7WkAj2pq;_g!_qN=*?Y-3M1&2BE-8q?vt5p?^LgvrXqA?9^m4KL7 zt*yLo=GJ`!BD~qj++CSZ38F>?^C`schw!8)|C0uVD{j z(jLU*^qr*b0l%b)4utvm87>w#D$yaL5~VTZ9`Aw@4b>dpjl3JfUWJ|&Rj4wk-2L5w zo5E3tQiSh{@Dk)u+H*cIS^d$1)=KYQ(9YMgOhe7BMog-aW$g=XF2u6^a9=$zFV+(G zwzBL-z&Kpr1jxL;qb%IdurM)cVPew4l12+lT4f6tqpd<$h7FuJ2ShY*;615qB-bFL z*<4!A?fc~osy0)1B=ueFrr_%N8i#3UoFv5YH8PHU-Ohy=hfkyj=EYjLD1Bf!4tbwkTbEC3^|c+P7mG^7KSZuhu%~*j?C> z0?ZnfiY^`nar91KTx=b^s~96QSB1iyt45bMgWpF5|Ga`O1;W)d|FzD zn6wNrmv$0dl6G2QUMwSz9r%B>%)FXd=E9C0FjWB$@I z#H3}2Ny|tYEhA~NJ~WjXc{IWQt7S54W|<2)nxK+pX8c2z$xxP=rz|sHSte6ihVv-W zGQ^~1h)K&x8Z9GfHp|H43;tEhtij!_-EnhmHmfF<>3bo^7nlqKIn|YzQ^;?1HQ69# zmBGp?mn*9bQC8uco3sisX%%8F?F6Jt8tXJkW2cV8eqg9{w82)aYzZhn;8$>9P+;*} z;_6Nwe6RxhKgIS#R<71QbbruDXJlaG!e*0yvvDazw3>ry$ip|rgzC+49%mjHZNL6@ z)s+pKnGcnmsle9hHm$b@it~dwb zCaGp;!GT4FntAnKRr8n{soDOjf~V0#RWG4#FrBxWA5&_6T&ej9rRH9Snu$p@6O(F| zG^$zBDy!KzG@$|CKZHMHH64B5&^1}A)b-`yK3|t+8oCTi^4J>b+WzK&qb*-l0aw|jWn`$y3kTEig<}k2e2q->kG*iXaZ6kA zNB~g}%o|Nc7m88D+h8K*_jW+`jqe2P33wM^B;ehElyNU0pXolpAV5wS%36w;G$}Fp z!XarTicgKHi3tk62?p?$LmZ$XMpx7>VjK)Sw#eUMyncvTp}8MuIAXZazkXq2eK8$` zISUS?`F;=Ka0JVhZZzxE(A~IZJ)41P$UhWua*d3pRsh&f)!?mF@K(HhZA_?m-{`I< z2V}miW$Y&yfO$O$$o&4S4AROl2r+38Vsd6e()cbYX`+m^ zJ`ct-Nb7U7AP!F$DpqUz_K3H@*Ah|ph$}Ez=z@>XRO~#IAX+_wX}G%c6~rm$;}NoP zbrP%Sr{PI_<}-jH zfWHDZ1N;q;73EpL0>Iw^9{~IVkoq|X$SQ#=zGRg^OnM+Om$;LpaUGbXu|=i-nLLhF zLQ~U#Ymw#n7PsM4|Jy2I>iIZ;y~X{T4p8$d;V&3KI5#@#tP&im!`{X)2r+38VzNq* zG*$_c=DXSb=LY;(`N#o3I)NPUl4VrZs`ZUn=0lzEH$8Hzg z46|xyPQ?h5X^~ik9nEbq^T`5eZi~N%9hvvTfRu6skb{4vfWrWf0&?*0I3NfAP5|qch_dj>G3z8O=|XDdxb7wo82u+w30 zjKN<}lEu9Rm~5^%k7U`$xRHAqkJ^|x-%rYNts=aRjs; z7;+D2)=^NV;VQdxh}Tx@vZlQ)ypbOC8{%(o{SGb|Bn#bYR#v5D68iZeVoEOp*Y&`B z(M8c*8mB>x#FQ%YIts8UU>qP_a||H!KMj!C8j5t%C5cIwBqpmKNn_O`X>1G76wKko zkMISq`>BV^1CYdf-Ow0UO%NPU11<)P0n7*F zYsqzh$$(1%xtd}b;1a;=0eQeVlM4bT&3j$g+7V7 zv=>05^#ZlE3Ug_11EZA#wRaWf(tZFY<^8NMmlgmXNefb#m&rPLBGbP*@vsg#im|K% zGEY3rt=4lc{6wZ;-~ z(ZPkD{RP(s;G14Wqpxe#h$;MTc%DBRH{ZypVF8hzvRR>D5i+(Jj#w7{kq`|hD*EoqEuon8#ONIEU0XCjmjesc z7K0Wku-Acchf}EbA+S*bqwiQt`##Vj5b2i;I96L!Z@Qm#MM~>A5llmWU_%ZUQNayessHuHbZhY1aTLL+#1(J%bLLt(vh~`MC0w*C!oJCMbrazMStfDU9KWNff|YW zdm8X!z-IuX0iOfpnzrWwX9BJP%m925a1r23fb3GP1-uDxJ>Y7 zjlg|nIUy#?2{D(JfnQ0>QkZDaMMcM*5wyP5Qz(%kKmt)CIf0XxHPZcvgDs6S(~yU0 z3ap-jPJc8GrHso=&C5tL`~;ld0{o2UAyN=O5I$R`f*Z%P@aohzxnb*qaBq9FVsv1SH=`@JUS)lbR$ZCwwHWMDe*a_j}aI zc&%~csWEG&|Jt(2s5=KOf2GCkTQ(sHKOI}cZ_Z|<&*(O>U!TdTqG088%SxT0o%-4J zV*WGv-Tw1nQ0BXzM!mB4ShM&23$N+>eTRaIP&rhd)E&9WoZAgeuI`z`6lX*Td!PDH|5!eCvLm( z%la>EnEp*dMu)QrIR%ZKZJIpZ^_54am;4%%J#bLW>0>SD7vb*0-sv;K!S+;QaA%UkVx>Ah=@Exml{sr8#$KYw+? zGs(}-Zc_WDAwRpHo}Khizfa4?HR|%;eJc*%a^sli4-{o@?D92|Gl1!ujJc5>Sm|5hJ_zFacm(jWi(Z|*L z20eOU%DV&RG(NcE;v*i+D&33i!aN?!AH_czacKyEPXCl7u z{q^x@oCh-69@(?C)B2yU>N6)eb>5V?k~{bRa{I$m$L4k2)#`&zTbk867xL8TKbueb zs_*ApYF!@?=REdpe6QZ$oSFD$`L3svUz$5)&LuD3aQK_WdpB?T&%I^OE)RbFn-i;l z{B!VMtKXj8{PUuvKXsi`7{7UJ=f16()i*x&_?MZ@UwU}=?s>=VdLrvUOvz)*nygv-&CZD1FI)XY z=M$Odc8)&v>{lIwPHD-pGm{SQeQ)*W8+JB-yWPAOYt?J=>adLV+ov9^b+UDxOMmr4dbKN(toWFl-##q1c#oPXT>cx?_aW|Yih@1n|7^zFYBjseb?m8T$H}P{N@KPb{*KcY1xpmpM~!FvnZr| zrQeI!b{{n;r){@()3>+&<*rWmT=n(BCMyr+Hf!QHJud3mQ?+t~&-A_~u+g{0aYx+y zI=-?YA>cnpmyLaEP@||{7oE;d+d8Pl)K^>0+`j!l(sS2barZ}2-wbR#c~Q{Dt|RNz z|D{Q%7AYH6Z9Y~1&zHac@v2V-4(Zh5==M8yK31pcs7p@mo8W)lzy-TMZ1LthKR)>F zZD&40RU<+~O6I(*Zt1C8^J+P`?aHY|%uJh}+pT-|+Z>Liin1Uxquabxv|#)|C3(7~ z;>+&23(_cpwU*Ptda-iomYOyrZ&nzmB1KB4r&ieI1PY!L_|@gOY;r^!>$p_O`Dp&N=z>`D!`?^b`~=zLz;xiDp{SoO zAAVY9m(#!|2O}$>ne{CCWR6~-G8bc>t8>UMheIco^Miv9EOOXga5}o-mvU}-q|pa< zIgJEQ5Eyj*G_=VMfG^r$K=iH~z=dkLTvjR?sIX_Koa@Z5C zc&@MdxiJ1_mD61CaM(qEu4Xnl?EgC*Zu~L~D!dP>vdXy#S1Rkdg-uRN!Q;j+!!J9= z47bZ^g)5ciw6w`-EqK~d2*SG;^~5FzYku0`N@Y2%ZF1a#2Z=@Meua1ZX_wPh@Sp&T z)Bu{>CWkq3IVwhqC5}ZxxuqGRf&|lXHpS(aTrS zh6hmKta3QMQrVv`vB~LLNzT5RJ9paUuy(2}r>jj4bK-Q+(-K4x9TU{Ca0%O4r@ZEL(fm{&6mLZ zRynayXtQ%R3P5-N1W) zx62tKc+emjaxS;Yi4Z&m_+@yn$yzAPnx9Bqsa%gm*yKbBo_zc=_0y}*y>FKjEqLw( z1Isc)lub?ys7?n@sA28!#GJ18*yVTx&pJ2;YkYjQk|ns`5=j~c_L zLyoz>G1Vq#n&4p#%+w`Tg`N!DFt+vTSm)1rOhh znEJV=Cat&2$q_u}epI$iPHrVRT^H|$!mRnpv&qS|$yrcI&cWbXd+l--+T<*-$yp?L zp2Tk;;^?<7J7AY{wcw%M>j7g}WRnB6!WMcxHmpn1CcB(#1&_Hue~nGfV!_h|zYJ}* zZF$cwCm&ZT_cs>Xl_+N!u2p)6!y3QtNso>d%U;2E#6?eg*toB+a zcus(?64qWu>CT7?drF z(#@b8Q2i1k&M)l!8AliEM~AIP$X8CTp*IoED06KD=Zl&k}p{jCX$iVl)$VMNgPX7h@^-m z*Nf!WEGZDlJ1p@L$#*Q7C6W;8e!*NKl0=roh-5iSri-M8B{N0xEK5d<&}%BKd?R-Xb}{k_wTWXVSiJ6v=d!7)oNb<`fi^uAtjLj3XAAy>ze; zY!tes#ziQvi9jy{5)!C)_9XEk$uyF@g+nBfbYCg(aF$R{ZmUReVq6Qq-tQ&JhlJMl z)b5au9THmAvq!QX5?a?&{33^qS{&-mNZ}#R4H}amNlyr=_o^k6@V>ylR7brEQZEl~ zdW>I>xcz2*FR(%fuN0I~I*Qf6cZb0^zkY*YA;~Q`ygaBk-rG#dU2#JxCJ~Ui6^EBc zgtt0z`g<6zUR7!>$<3qb2bP?r1$nW3=b6UFM$V7Va+arv!vDQoK1SJuWLUHX`=w9t%!$Ao{aqO;y&+${u#CcI;`_ zpT2n!+~=LGBL<@sIT)qMCsU%0;ri7vQ=AbdwR>E@S{!gvI%$|l>7-#&>v{F(opm1j zM_T>**GsEk4@GM*`8mcxdnW|TXZPaaq&mroLAOs{ZKcAr*p=0#@fJj%k}+WiC? z>h84r33Wf({RCUIQJ82cS+@b67iXPkofn}h3_^TTJx9&b+n)~LB$whvgHVYYgwE8H z>tI2jX*nlRqf9x8nj?mKeV{?Phvk0;&~rG*Gi3+R*e6m zK{_~)o^p^Pf(c)k6FGp3N;9cce~9E(54VFk)c$ada<4-bPc;^-)qjO^*6P2aIcxP_ z!5muDF7_WTsp11PvQk?S{sCH9SGE3wCZ6Iukp6-;#}R(|I;meJPJ8I|n_Q0kp>IwG zbVqG-UPcCC8EcYsiJqKnW6&-VG^-2o#ghltR#iOO}ac&?@=TwKIs7~%(6g};E zzj_Xzp*BFdM~X-Q2T~JXQFJmf6TIKBQDmt*=U&0N(}g};KT}U*Cr22372frpZWue= zh_zZv^K#2d^6hJ_xhwK=Z?NVT72S}Z7aNVpC z(0d6wT_@2ChDXO)2Ue7E7rv3WGGZ(%Fu2pBcuauat*q;Tb9Z_)$a^<*K4U$4=y9ia z3FL>MbM810nEu?OLB9#mNgssX)zGyIi;H{Hy|C>DbiBBxQuTD_9$h|$zjXD$tfK4Iy<+%l zgH9{G*MsrHq1%T*Pp+>2>5%@ z`It*kf9}P?-(h)}O216IC+Xr6z6j{u1)bNIYrX#53y0nz=$w~7upY%X4LU{FpImP% zbavb@uwE71`wlv*3$Il2XxL_rSo2~ld8|a4#z6+f$8GrThI_ft`L0T-sTZ6oot=gw9rkD3qIKkdgz68;WMq=li1X#p zOJH3%k9>=8+&^+jhYabZKqqSudRFKxAB5hG&{;bOy-MiR3_|ah(E0Ts^qzpuvxCrk z1v)zhq4y4SJ{*MJXVCfQAoTtNogW6F=Yg@{VK~SPly4)UbM7GYCP3%XzIrsl9d}Y~ z=r%NsbsRF)e|8$8Cix;1;QL(k@U4)6EMrfTkz{zF1M_pf2r4bf%`RGcz5XgF zzqF`e&D7{g5EwI!m>`c(dgVXTIM3LH_vsEy$*P3Ium*g)kv*(rKGr6#!6?p~4c_q$Lyb1`)u@}%QfuK^m zjlxcG!CG0yL}O^sra;PyxoPp%wD`H^1dBD*Y_Vp>7ilG`A6$!n(a8;HsNxLEz(((^AdW1!>7yDQ05^Tk91ES8KD*b94*5e;OhHPR6PKZ` z(|4wGl2WM}Cz#QP^$i*e8w=Ai5-}6kSG5&R0q#>5Rikn~6sgWxvog&YsLz(91yp0w zGt8N0a+Q3g&yv$A9LkSS_z}O@qCIp(6>YR{&?4vXSgk5iRTxv!60^{%QX-Fc#0f7< zDUm6TnMqfhtrmPL>#OQ`MqY724nB`fC@Ps_D@iRY%qz*yP0U-CzY^^}g@^1Us%Vl6 zK@_^oIcXUdd~vNWB8$0+5I>bZ{G>31!hU>OTCzDVRk=qWXs0hoOG;E%sV3!>l&ma5 zF(BV=#Q8#%=5$82H(f=aT%zdDK~iNUTU2bQ1)zk2M~;B13{(k64wJX)5}lw}Mom^Z zDXF4TnPNrdmdhd)DTl-AIyp@hS4Wz{G18Gk@R-U$F|Mj0W2g!=9sLjLf&_ZJz0PO3 z&(;UNS-j=Bs;8fO7mv)TO8&x?#k)NYejHWwZs)eYK2-6FVcf6e=ihJJwV`W%)v=h_ zPe1cpzaR0vf|92ndOxad*h7DN+<5Njy}8$6T#Od)4fJ?q%^7!0o|zW)@|&YGcfB<` z1dGThx!?Wge6y$Q<^!G4H+gxNUp^O)uS)KnJ$~0C_2bjGTz<(@3m*FcX+0iYlR%G> zS=Vma``o9u_?-LZ(VuP$KZafFmHeAWN*mvNZ{)FVlj)idE}en&e_6?M*WF(c)4eI~ z>5DwqL^qF&KzzN(oezHT;aevT-_^CYX3SYHY`zBlfHWn~T7S(a4dX|4Zk_1Ud0@=n z>am2blK+(P=);G9al_loZ(KU`n(pV3?C&f2tkm3dzF5>1KCC!o-})&>UPl)n>ClN} zr_ZI+ONy44r(T@BFn^`3Xmx4mJiIE*j*Q68UzuA_X3GPe6fr4s zMnrVvq=@X&6*(n&w(R9)`8HeLvPmmW%dxV;Y}?Z1)G0b$hjL5o*||mdzOuw_U5yQO z(HlEmCkwMz=dUco9sP72qOkpUg5(^_!o0$wlC}ShusPBVF6I`mwU(Zyn_NPWcxaP~ zPCNBfHmtOtW}wPc(%IJ*=bffQ96RJ^P61wSo~CQ407$2$Ii(z|L9Svz&n&k5(wx%5 zNx8+vr&R?xJ`@CdsSVKyvqXf3<5;aj2~HM zGERWKtFF>5Uh547Bbmvdy`o8GG6KNfS9)|K)p}>K%w(J`dSk%eQF`OSq7=K3WhUcd zmYIypz}`?-qrh-8LTXH7naP;JGLvx?7!Be18402{n`I^=N%YddaLa*SCfKElEo7O= zSj;k$VFlZ%uI7p!&1fZ=$;cPIBCsZX8vDGXy8EaW)GS-8kD*%5hMejD2nT%@D zy9?|ErFS3L1B%_xGLx}|WhUbhux;wz}ixztU`}$?B}!?`a=H3*D~qrlporTGUcYHCYFEsU>rJ$DEp!u1d@; zwU1Z&zV=~QHwl3-oEA_z;AP&671ldKNOuOgl+{w5wWq_U#(bdKyr(7wOEtFFWMK(* ztof?~8?1tWt+kI#%)(M#pH!~fX9V2(C7i{6ZeHenxBG5N!8R9JCvM*enX$=y9LqT# zhb6C+BUttkSB_Wi545jj?KvKsQjS4*taAU*%A-Td=3z<46BD+>W|<$hfveo%4NDzU z$iWT!NnCj}7FWziDz|%JRk4n9;rfXUpVO5MKUUzsY#6O9xzk&P_{c;oCuaVnW3CQE zs6CDod9+I8w#s#F-esdX?t$3xxbh}nqYUdywRyrRwUm@MLNO7kaB#Qz6G}X|j*ZXs z&UFWHZd5k=SFSr~*srL``UF=FVo566ebup(U6)dV7d7)kXmu({#4>;QR}&wyn;gL! zbDfo+d)r4SS!j*#4}aCH8hMK=9(K{jB1+g&6iIyqOIu-YJaV5}Gaut^^kMG=3pV}( zMm^?WgBG__J8DCMt#yo774Aed{A;*(lB3t6 zy$JiouuLx-bvS!jMo_#>mHT|{CV03z&X-*6&lzg^#F@&@VC0qx#g2W3ml;cyb?!EI zLxmDK;I$yEFNb{$)Va9}E7sj%@j$*DteF#19VE$<0{??OHXQAMUfJB9IQhTnZTh;$ zajaL@jpUh#b?P_ds3sfU zs(_b0S>nIRKTv7C|G5{I-$vqR`A^IWL+D^wUO_fJP##mTb*PSL`YCq}6j{Y*#I=q=ar4udM)uYJ_L zS~Kb=(S6v*Fbm^?^5689x*ghE&B)t5;;m-tc8EHQJB-eHj>8chH&oxA+JN>Xknb;* zM@QL*(cPl*$b_=>sBi(>=8vvCYP09z?hvqT&gjY?^X!Y2)%W+q=^Fn)v2cNkq*aJ~UbD$e?&-vHO3gFy^Ti^+GGgUK;#UBUTG`RCh$==_`O%~r~ zynV2}m55Z+KA{30QkUci)ry`*0JUT~5zuZ$l5xI&DPC80Sc zFTyPy6Js2?i-8wLPew0B?{Vs~F=UEHjKwH3l+l;HgzcZl_NiM+W{d_Sl=a3kj$<6p7{>M| zuzhM!$y}(xxQO*GX1s)PB4aq)zm)AyVtbb{MzCHa<7CDt#%Q)bh3!*6g3L4x#&p)3 z!8nuga>f|8e+Ap8E)bckG#IgrRF%lYYfzPpXd<6e^G9Zu24gnk9L6L@j1ej`k1?4s zg)x;;y_*M5ry)_8`HUHinT!_3EXDN`5appNRss7{$heY`UW<__)?nPoSi)G!NF&Z< z$~35LnTW3D^EHfX8E;~wPlU-(gGpwc2IFSN^^6r9&J7&?jV!NZc@?L_EsVD^-p06z zv6}IA#u~=WjCU~J$#@sz-JA~hFy6~}A7d@!FByNuct7It2jKE_zjdXF>ymhlP3Cpo{L;&Sjb%YVn%!1xT~?-`$Ee2(q^f$@39 z7Z@8EUu4|I_!8sGQ;Z4<|0|5IGX9aViSbX2uQ9&PxSjKP2jfn9NPyYJ;cM2XYG8!u zo2<8+%gY{aAl_pAx1;cC1m>L}jV+9S9;eUWrHe4{v3xI=gZCLfVEmAg28_sjq`~+L z|G~I#Twp9Y`8nf$#xEG#Ii3H>_$A|4j0dt*bd9eW z=|u|}dLSax$>IDLswH{&tJ z;~ei3Y+r!o{q_S`aR|HP!#I@DmvI=QiS_;XoE|913}=7NV0i$Sr<3;sRC8*KV*6(@ zp2c|bet@=r9_ydaIEL}0{Qw<&Oc~JT=l27&|Ch3VlNc{!jNtT$WSqlkllT+dj+?bimzjf|CyRgAYV-pY6z<0i&x#@iY3z)i)>*vxnb;|q+9j4v{7V|RdRK+uv%et!s>-J2x|n>?llQ(ma8qoT7|Uqs6*7{e)SBWec+jD-dQERxYec*k)n1!s>+83u_S8D6C0Xv#=In ztzbI7Z6a$I)+ww@Shp~5ycE&#^%oW_EJRqCuyA3~!eWFa3QHDd5tc2?Cagf1U0AuW zDq)+2)e5Tu?gtZE56V@)QQ&^X zSgWu$VeP^?g>?z*7Uqo?GhF_J1q%xi7A7oQShTPhVTr<$g<)Soj$1aEZq00RwLq9% zSh=t&Fn`_tiL4gvLM5vMyF{^ix!NGC5$sZRwFxXjv1Ym2BCJ(do3M6aox-|=b%W8s zC+@nwj`Rx_79uQ6SU8x@-)ND=2ul=}EX*P-8%*1^iL5|mc9E3}!(N@7tDA+@3ab-V zFRVdWqp&7n&B9uQwF+w!)-J45SeLMFVcsZmT-J2x}D91g68>EV341t#Y+ZWbGpB6xJoITbMV7 zOSQ}XU=Sm|!NNj>g$WB67A-7BSfa3GVHRQ8!fe6{gwfJ|It1mys)TJ8Rx7MdSiP_Y zVU5C?gf$Cm5!NcKO<23IPGMcbx`lcBIl}BOELd2GurOia!lH%62ul=}EX*P-TbNB) zfiSzUa$!}%HVdm2Rwt}pSc9-eVNJrCg|&duJ8d7MRb*{ox-_*5>y)cq!n%cdqe<3z z?k_A@SctGNVd27}g~bR<6qYQ^A}m{&O;~|2yRdR$Rl+t4s})u!tX^1yuts4`!kUG( z2x}GACahgpr?4(z-NL+wOZo{578W8bOjx+EXkjtJ5``rTvk1!;W)oH*%r2~4Se3BN z!fJ)p39A>@AgobXldxuCEy7yCbg63-S-Y@KVO_$yg?VFI2$w%$!NNj>g$biIhqR4o zVKKrIg(VBK2+I~`6ILM1F05Qwm9WjiYK7Gas~6TFtWj8#ux4Q`!div332PVDDXdFa zw=i!!%5wS%3lhKjO?dQvLGIx`JW)kj>!?PY( zR`>3B^nbu;cBFdAp{@qYRkRM6_KfY=FqRrr9k%QF=Z z3i%-%TXDp@?5Rq2Naqn87tjclG9JA?fW@b-&R<`v4R}>79qK)}aRi1}{L}`#g-8ic!`Jkqq6)YecsKBBU>)!pAo+724!uV! zF}+7CF}*9amK|U{-o8Ez8NA!v2_XuHua`Mk&3?u%&s~@nS^13z^0#tb*U;6oFp2U+ z*eyygr90p?k1g0Px;krL#}wpx!0Vol(+g0V8|bd0&Tbz{2gz z0!EtKP>8%z0=-h&s#7}Q??kiz7Hs)EaZinT-?=;SeL}VQKurolL6bXGC=Oym{?LHi zURU8f$RW9%K4j?LWU5?u;6(YE>wPNMwO5p!fit5#Se>n3<*(*=VhS}zjf}4=@V5-# zJ|K|Gssoj^koChhtZO&03uH-HT+XO@i8h;;(o0d z4IV$N*e0;wDn`S|RA+pQyG2$j>;YjkwEU>jdlc+9iqRnRV~RZq_Jm?I++45Nb0TXL zMpHYr9t}ZLeehAW`Y>1+4u{!}t90&25!V*rD_oCrX#vO%)g;18`)vW@Y}c2S+PUtA z7$X9my>)mGL<2C~@aMOCO73zRU^wQI(AwZwP_efla+<3k+EoyVFTb7LnBj6h-Q|3m z%lTB*L>)nEFHMwVUwZmrT<^$D5^4vug!bd6c8%KmG90-}(~7YIhM(FWTnlv4q%B*9 zuL&_t)lcma?tCc|ixr@0)}M!4Fn;0})Q&KWgmWuX^H#G>64OrLN}N_;WAR9cJ0aG= z;cOsZx*_zUP_NR$IGe2m3vZ+asa8}?#D@oDD1Sq7i~;usk~xmnj`IElkm81=$|}wV znt;=R{y;NuIB+&F0B8XQ0v7;B0G9%>3x#S`&jgm>{4AgycrLIUI0m>07z(6XGY+^D z7zTVBI05)2@B$#U{ucphs?#Mvnov0rI35@dybL%ANING+0A~OrfoQpn$-w2nXkb2Y z8gMl*33wB5E|7BdejK`WC#G9>VkTAhw<;OcGGZq6B?Yw(enunyiQ!8}{F8>C`gVYr z$!NiUy^`%^W->klqq^>Ae9p{d{2Po~0zZ{U#PIba{vTB`+G~dxzH|hm)bcY%GBX)t zz^E>0L7$v-!>*cbt_YfT z^#P6JlZ+$j)EMJ-7Vmvxub!+w9{SsGU_2K8FDQo6*k`-WWl(s!`NYvZJlET9*}-6y_9QuA+0TPb{@73Du0A zc3=dWH(CuunaUMi|LDa_F3e{rsN_)v#G($6j=CQp>h@HASRM{Mc z;!PEm(veb?Ofd>BrNwF>je4&EQo5|=0{sBEF3`kufhJ}$zQRA{i=UdCNX%sXgn!C4 zKUM6AnT+$`qqaMinaP+gvKW!M%Uue|K)FkW+ckH|4#kL?m57t%?zHKH$X#j)Pd|4@ z_R7gsh1j{lW}MSYh|Q!+ZnWmF#QF&K8&y72!E(uGGonRC@|l{o=}M&kDE_Xwd>wL= z(&Tzz1h4=|=~D=#^gSPk&Shdcmx<|Ien!bU@K4NSP#u0w$qeKkF_Up2n6^8SnaPM1 zS)$0?<#G;OAi1Ls(?`wpAVM;Fym$%6v6t&Lv_d;~#w0&-j9w$v7f1$}g?wcml=ee)xnrSbYfO(ln#AI z6r7`JVLmFun-rrIrKXmG?=VzS2dcc^|ALn-c&3o9m7c#rX1N$X|Vx#5pW}r(xsA%!xnH|9Ej=S zKulL!$`{=<6Ehh{@lUztXB=l{GR}vO+AhuB(srq7)-r0Ewai`aUIJH0?x?hM;~mN} zsXT+w6Nna|HVoxJzD47pm4h8#;r(o3j1w9x^Hg+Qaq|T zH^zeN+#sfNgP2KuDXwLmIM*^tIoJ9!5i*khoD?NH6sie0q6bdVY5z~AD23BCMK^Pb z-T|cNx;udskGnWUDRp&<64NP4OsA-pQHpArH<)XRrlN;R`RbgaRHI0j$|#;v@D2ZL z@>~qrA)PtEiv~>5__eeIB|Wk_mmP6PJ+jiXU9TqS6z?r(!X0|3D}(bZmB+L4*W}sM z^I!|)VJMO-m581Ou`L%p?j3Yk!0u2^k9(i6IM*>^M&oGo45%F`$XQMs)+iVDIiy&T z(CInyfI}=kO3T+1KsewfDND~_AM2!{6gUnCK0@Lyodw@Ym1Rh@NUxFTY`Fjyhajt9 zC_RrkG&A#;qO0rE%cD3bm1|u}GkW4xLDCPg@j1CSC@W-5_maPbg-5jo@<44WKqWO2 zoW@VL`F3D4um<>NAjX0!DAn!+?g!ol{15ORAl@E$rizb&F9Lr8z6A6|y?O;041{h)2=Fx^p1f%!p<*g< z2QVJE3rO{_8Ax@Q>ZNWGi0KxAn2AEFuKF3jWrj|X$i5JnA6(ORG2);Yx~U>d6q&o$ zBp9yX;i})(#243HN5RPs`F92|{N%04+_J)A)uNC;ZVcb}sA9_#$tkud)IiWyfYePs4D14a52V_31W0-KBargzD3D4Wg;|$6V!G53GZ}L@Mt(*zGn2Zv z9LCi!91fEMLM6&^A98)b*^X<8F83j_Lk|V?0C4fiOHO(Tmd0Gu=N3=CviUD|n%q6< zP>#ns`~p(=DaVHZqglS2QW$&>kkaQZAoY#k22woV0a6;#p;MfgPH|%T&aY*itY=b- zT56d${L^|AZ`WKPpPX~Swa5A_uDgz5lO5_`O~WzqDuX(_!3Y!6^?HNzXOb z;XIJS>zeAVNL7l%M?iWE{0oroUY`IdUVjBrs!{ZGsuRO2po%?tcW=drW zKsblsU8Ew#<2@jy@?Idt3HL#jx_CFtsY^_!E-{lzQ!P7!b1ie1x~KbmFlE5hoi+LA zrs*l(c%MKHAVmd{M=@iv6N>MFyS4PutmE@E^WL(== zYN1_61<1}&97#B)4V#gJ4TtHYN6!^>cchXugMtw$w8%cx{%8I=qzqmrRz?n=fXxQc4htIeS20@9^xm%_Gd zn?Z8Y>A*qje{18e*D!0AYK6%IH-`HPz24cM;(cv69+B|iqz5q~)%(4k7wc(d_P&jU zbJ3v(n`?Cd>8Xky!Fo??qEOLupB+j?dNP2cu{oO~)-$}U#+RRDF#)9)=Rt_#u$mmydvE;3q%|(%*rFz<&U50)7Fc=c_M)j|0B~J^}m&*a++d(rCuN zfz;+41U3T?0o#Dz0S^EV11bN$2U2O(Jwdwr5YwfV81CH&`8!JH%S^vk)Ouqf(|TFV z{Al(S%Zf#27nynu;*0kjG@A}9m(sGP;nikenmkwLfBo`|! zu)dtr8l9MJ=Z|&WeDQXq8|x*~!jo!sPCbW?Qu8hx`orBA#oU$rCAi|t2cXZ(>%EY< zJ{K;5jB<^hmo6NzDzIYQp%CKTM>8Cq$Hr0&0XqlhunnY6&$qvh&Jx-5J+9!Q+KW) z|MS#McLWKz9S5Z@-P03skQs&4qwt>xq_TcKFdjGtm<=2Yyc>80km88d)m3WG0N1Ha zOs6(6o!VMPsjX$ICBy=qSoiVB?pS|>!MHsIOG$TCtn2cykHWvF{Sy3p*)MfW;+gm= zY2ARejP?4ccX)qG^hiIUenon9dnVQea&%H2R6thGo}}J!rV0zyH=_fq5FgncN3~E^A;wHiYIUi_?U^n_t*Ku94LoF2D-)5eybYTm#!lIR` z4JLow7XG5Oe7@dw1g%S2KRbuNm{uI+bP&^%Xgkul$$pz zYPuU)oO%i4raj*dFUa(CF22RtCMDBy%JI2=f|9s3KYzC{p_lI1}hy3`ZXrJk6{ z_$U6UWcV3hGt<+QsATAAO2qV>I4UE0P8>0lF&VMa?oDN8QX{=umM$`PrHW!ra_3S- z^_yhWW<7}`#$_yw?2yiI9FzJjRgR4PnL}Ww*sZ1E8p`nq91cU_q#XAGhOsaOIZk1p z52WyC04eTt-_|)pOy>+SeGk^MPS$hGBy=<*=$Un^1?Rgrtm`)5Vd;3(epx7;8m$`N z4WFNY^%*JMc5n39iaOqT)feYG_WM@8N@;B<@uERGNfTpSoeXjBZNVi6BU?Ok` zFbg;oxEN>xQi%M38-T-s_W%QczXS#W?+1xaN zJ)y{!r}ryVZu*)lGg#G0L^WIKpr^Oe{z-4k{aDD2FK>9XU+5KG%sZv5=7trQC#`9M&IX(d1{R z=SOUfsdAV6aAPV*AWdef*5gb}tDs35ln-9;zL@4Z(})Ho=py)6Op^4Xq5`Ex0Z?kx zf1y`l6a%fs-y+cGT$EYPpL30d>~6Fxw4-8?d_jh-o8UPAam_ykR8%V!f};r#%DU$Xh*h_4{i)9HRTTZO;1=WxEY{IOg8K| z`mMxN_bHJ=sf;Y8x=#|iwP*>o56j}9bMdYx>!(V3!Z zxRcKJyxd}sJC23_dL%#aQp`@0J|R5OM>4&SWM&_~nkm3Awwn6UQR*=6`?=_uA`=*ypDz+^(zCC1mX5AC(CVf;_J@T8s zB|f&H<#51x^Xh#r`P6>S+|kcn+tRi6v)8tne>dly+lD?o`S{3p7o9)ZV?xQ(Pn|v2 z>$=w`WUc(fp;vb2hp$bW`|rKqZ}j<>=Y97+@X@%Hv&X#rWY`bW|2{qHoL^k>yJ;<7 z248&lw%nUOjo9^g^hO6p&bx5px8Lr0I_H9o-o9_VbosfXs;%eN&H4VZ^XiKarx=a5 zAO7Ry_PhSjc-6-4obQ`1O)7|5cI92$wgh=jEf{j;M{%z&xFbFP`Ih~ceK~9Wl<&UX z`Dy$eft6?3XFhh;s9$9Vesb^A)elsidFzqCkJ+={{Mx*|yS_bS9rMt_2WGBHSyA=$ zZR37?I_jHIKQ38wS>e53C*AV*xIbLH@>bu@)X7`7t$VN_@=x)5{=PEgThm8nV?Nro zYV52P*~^#Rx+-F^|4%#i3@Q3LJnN-l`L{Ly;?wkZ_6H<~UA`*hiT0^u^X|Vg+P~`6 zKiA*2@SNG7y&kotE2`n0tVefLZ2z+5ow=c%mCMH2ZrT%6zHfZF$0bjFfAsPR4+aO# zfAaj*>6bk7$4{T|j(%lB^s5{0e)qALznze69`W&>KYchZ;pul?e*RDGfm_CX7`P+( ziC4b7EcUjx)ccpTW&F@kv?Z{!XiY=$FK+Zrxb)+rZ``+dO4j(Y_Tyiq?y*_!*s?JF ziA`TE+VA(=`Oke|ecg2UwttQK+e$lBc{uuB==Cd7P$v$0sU!1@6vO|CW z)#tzSe)EHn=O6qyIHqCDr1zpMKVAFD;@K;Iy8oOno@qLA=3`#F%}>5{!$aQpmfk#a zygq zs;FR6p$*Lvef~|7NjB`HX<0dtP-<*vmjf$P1mT7k?}G@;g+*4y5i-LgMSLgwI4K~p(93SrUuw{ zwM8R;ULH~SC*ANr%y_ZK)+)9&q>nAS&v<#zgAm!ebE9o-kF6KjmQNpB)D`mbP$NKK z8|Rl-_SouVTSNQUqWh4S2R)mTS#j=cSJtW zV+(WGl=1Ili|%SYw%&eYF9OTT>Ki_?HoT856gMYZcP>jq);etAGZbac=wpjI)m|QS zpQW;O$@kt!9*3=q7L_G0kL~y;Ti3_z`hAZrJUl2fQrohrTTd>Ds2}0w z5l8_=c&`3o2&lMR36CuD)h4l zHKYGgT;WMayF3FD681>0#VOSiEpcuWkQ{LNar~3{-)NMw$ho7SP~;Mx{o{52lMjC#6QL5rPTC~`?^D2LNAYE z_(k=K%sJW}r&g36rMx`WIO&-B=+I-dm&bJIP`g8BSfB9FTPH6MGyW+&-_IH8COl)5 zj&pd<@8egf(g}rMjx_Y^qcgUTj(;DWaY|<&($EoiuRc2Cl@86fcK9{4k4~77K8`dD(mGCe*l?w@1pk!pJHC1*wr@GS6jyXPq>=!g?;^sRys{^#}W6aKJH9WIx6H~du#kY>+8-`r9<;X9A#`u zA9toHoml)+c+Q!3?byEVOjkNKCwHdxac73op}Q63=}i?Mzt-0s>IZpw+zodeZNd!Y zj#Y2yjjLorl?(Vzg95~c+{Bj?B5~-@ezjz#iLJk|WQIr%vgAyW1aWeNi{wg{M2Tb> zOQwkAE|!cINfS%X5y>HzoG+3KsIvwWA(9N1=$O)~8kFA^9{TCci`Lnoj8j7`)bjg~ zgtAF}d@T~n6k`Dnkx&*GHfPCXDkYCPyBta7c&D>YB>DbBF9~@T$+nd5Sogy)@|`7- zB(Xc&noOmCwdhPjU){d605Y0qMES1s5MLssuD(x~A1idwomWQbP-{c?mG-wo@AcTCrCrG=onE$Rz`Mtm=hVVq_1N;{ z!m4z7*}AHit%|L8eBWbh4%<>Xy==wyvenzKJJ^=e>18Xfm#w_LPd?J)7cHeqM(Omj z6%T1oyv|zm0t$>HAI_$vg;6@aY$ZV2W9zdoZ+g1N*41oF>GZOd*vnSgMNc{9*F$Ve z>GZN??qw_C%e~8b{GugJ$tay(wq`-v6TMwe1(Nd&jluj>ONs#u0@Xtw|$9rsj!?u);vOgJpdxyburS5B4 zNHP}(`iG8-f|GJr+)#=EWHR$`czG;xB!H69pBb)RMT5?2l7DQkWx--&lj6+j_{C=> zq@^!5r&=-=$416N5*d57lP&!T%&FPs&k9b>GQRpaHH-AQ*Uz%auYP})9legpDOi~{ z{byU6I`!vUnf9}-%$of3twjBND?dLjvrZu{vwn8KXg1iXSo(QMP--p7&7-no$yr*E z=jvbN{N9x@-ngo_g@``!a&Lvk?=uSBIB!-?7W4Q%UI+BiK?4v+-a2&f5}{w6{@z3M zu`nkNi}vIf7F(@&6Ox=$YB!gZ6qUqA8&>_EX?C7nzviIttb4?L-Jk- zH?F!W!ljLyA7@6BM$KH@Tt~C!^ajo~pio!3<_J>m^RC}jJu`03BGPkyyW>U&PDacj z2c1`CbJgS47^+E0Nsge>N=f}F_AV*#LYnP}S@A!=jY09(6RO;MN6A8I5^J@V=H-@^ zU=D;emnK12bBl^@$frEJO0T{XdsXCB>YfuZYfw$yWWMFZMrTD$jz#h8wO-F@yQUU= za&l!*>Debtv_#ZtJEB)JadKu**>tk7oSGxKh)%T5r&)t(k^6*#9N>&Tbq5?F7)%2{ zU$j@e#%0r| zg*uzasZ*yXbUa zvY~S?93lS1oQx^Z(Fvx}N@Zd&iarK<*U%^?OfrsGBQV~1pp@kFmNOHhkAXCD2t)3N z2Bt4@)ysi=5_IljJy>(AM*}unpwn^^J$kY77uJClW!(8Y5?8(n)z=;W?(`^p$DnuJ zSgqAx_$Yx^K3s;DabX}Z{po#y zYjdG<=>(;w2Cm$>_b@J7p>vG&JaO($?=8rKE-;KwagY%`ry&rM(<_gEL+7{}0@8}H zMr(T3oH=vVrz19l= zxbv6v{sEobf`RqAq4y(n4zJXDQm$OmZwW5v79q|!$T-zsnQlOGDpwyvXZDSBrib+1 zh3^6AZH3N^QmrTcy5z^B(0c+pv&&rcT*9{pmtTa=x>Z`w8{n><(<_a~p|f_4)}z-O z?!q@3dOtyDefC*|J7JsN19z7F>|9Ar>k z+{S}mbKDA@cW+i|J>}2Ey;!=u9&yA$roZsf>y8!BX{k_Z{koTi%g3RUvO(+hR}Sum zdpXcKv{CCxy>uEVrz>QCTBX*J{}HM`BtzpQ_r);-dU31^=aFv_j{8C`>5w74dC|fst2KWA9NlXgx=%Od1erLFG1(^LFl~&o%aW!_c!Q#F$leX zLFe!w^iDu$XqCzyW1xHsg3j54&>Ih(iG$Fa0-Y-cp*I^kX?^vmT~mY76mlApUd%c= zCMbW@A9osA6H7~Svx}BqujeS{mlhSQ znLc$A1ek6W6XX#}clwc-&A$t6paWC#b4!X!itT{82c#B zFTm2!BaE;ht94bbHOFo*$zNJVixCDxwj!^fIIqN6iWg%+Iraj2Jr`7Jw^7(BF21PO z6OExkn*!;UIyWuenifCToM5r0nl09hIE&eukcP4Lv}CI}H7-8cY)ocl&jFQF;ucxs z<5CkBCM8KDhg>`#Hz*RTXg22Zmr=^;$3(}IaQq1^NQhU)W4zAW_rDY_Tty!r_7HeEWf;ltO z8kd}m_gvbluXB7(ZZ$2{nwd7sVoiuk$0V7dLD!?ec^TxN3L!-8WkOjR@m2##KnO9`paVb3g1PK^?ZNq*Mz&`tVgn$m*^HA*r-# zNht=yt#-^e@eR5WO=Wu4!c0qsaS=|baT%y-(Umv=nlxbywQjaG9aaM&7)OB+i9aO8 zbhX)P!M9JosxoKf6&K{>=9MNCmCUh~q?Q%tmE`9pVs*cjXy7S4 zWG7KYlUxX*&}Gg^%dlYDqrQl|;D6A-H7vrD$VJPs%g54KDk8EpM#{zO17xjP*tadf=7;ksti;KM-G#>DsLqn zRJu|;sK{|KqSD}SN?j+%s7~r=lFuU@c>=G3ah{9zt5?f~-AH_cmb*%^;gsVIvI2=Z@Z+dmWx*qu@cH z$0KXbxMT9nw5XTg9G$uAt=S=J#aPJw?my?7J!Ll^=#0L}%e(yYxoR~z$i1`2?|P(u zeEOElFL`RgV?Q8E#-pne=utB3+AVvZ`}7u{bKgAr({16$uu`p(fAdIbs|OqYK-@QV-MI&t`}uC+B|&U#_TJAY+vL76QNbW+5m$QcpQk&_~_OIPHSM-MYFIeXy0wPuI!9?A7@z%W#K3U56-a|D7N?#}bp@ib~f0H^Syf zH$9!sT6&spatT4=q3J3*?bK7*u+n~-fhto;XJ1>KcbX1y?2w;W&|&$?({v3L0O_pDUAqs4#x=K9(tv3{mWF})6%dkQQ*c(cZ?!H>@ES8y!vqf(V z*gHyZJXnlk7qZM`T+A};E(P|kx*7#WQ$qcWX)H4t^z{PCOvY7UxRu~)0@zf=X0yy> zB(cn7q=Dg<482USD8*}Vi(V1f3repP3^z--yqaYu zV=c=}#(J=A>T0Fv-NrJLQ7w9Rfjy`6?gOK~s-JN`%S^@=mYIx4z@AZ89}~SNSY|Sw z61``^o=|!(fSs$@ODr=PudvKyybkuXy1GmBcC*Z6yd`??fo)ZKAA+5)*vBk08GmIN z)>Q|qS69DanV<0$%S^`CEaOk2BWRaOvu};>j<2!&PXKKtndMvKx#K`c<-P#5gQRaw z(2j3>EB6Or|4G*LSDO23vJO=4_q2~uo7H%$ZB6%K-^mW28tha_n>At!%GQn$Y#dfO zgRW-ntIqlaSF!1(`IDNIPpVT|YqDCav44#YK(KNa+f^Q!n02r^Yj5ScP9xw}D#%!$ z$jjV$I~G1V5wI=m#O)g)Gd7uz2W(3@4ohAsNATG;t{ku2A80RN?KvKsQjS4*taAU* z%A-Td<^^mspO~;6Hp~35I#J~gZ&>P>LJn@&PvXj>vA9Bu&3Vx7t>?n^6B|CKD;s{S zz&}=^%Q{lI6B}{T$|e)d2dm9{;SfF#*Sql?fR2Gr#Ib0SVGpZG*^4U&vHBdgPfOvg z)Ka>X678inKcw0d`&m}*^R|yr=b<&8KOk9fC6upt*s*&iY3}yK_tdmXlNVN0!Dxed%=y=oH^mUKp{kGc=9T?Da%IjqXYOE=czsWyPX}$ls z7j5#3T}%BZW(A_uAoLS=s%`ZkJ5n8_;($$6Q6JemowS^wIv09G|MTpOML1M;sy&eZ z%UcCf`=+-Fq!zKq8x)rAN_^a37K9>#R)Y2-RC(QjCCYTBBdxN~L{MYyL;IwzrqLyCoq(%1zDenmPZuK-ORU6Al^e*P1(3fIPb%gB1 zdQ+9`-_lsOmI6=3lKMXPXZYl(Ca@B)E!d-S|Maraj&xsvU{NhTp*~~85^&t)^_J`G z2!kr!mwnV~!8`zAXs zhAE%-MN}RMv}2{yloOSoM^ye8TBdhN4%v;5*y;XoQ0D-R`%sU}NA)^1qj%8M1NAX( z!hfP-x8R?8s$3s^(Z(EcDFyn@xZ&t_sM$ju4YSn7UW==Cq&pg3X_wvHZ+bjX_oCo4 zHwAmB#?DjUay;i>?}3C-_Y1z;TmsLjC+cI|hkxo2@U7#tL;QzFjg_HW?aL#mXVrVGMJ>IOgZB^MxJOwlS!1pZeXeb z*udf6$mf-eRh$mDFy6{|8{;O%YR20cYZx~(-obb$<6Vq*b2{9^crW99jJ1rvWc(H5 z{frMVZee_Ip1n9~hr!bj(m~3u70DuUVg};U1!IvfgekFMH_z4)Yf4za6F1|D7O>EsTF2r_bNz^Y<9{ zayfXP@dL&W8CyA?A2I$#duM#i{(ZuFe`WlX@o$W6jGr<7o$()x`^E*vl9Qh^?q~dh zv7P<>C*zllUojq-5~xD-HRCs2{^;?LOecr)UyT1|{14+nt!5nJ^!S#~zhmrTy~B*( zv-}6fBP{=s@hIa@jNOdK7>{$jPq2Mg=(iuhibL3)KK%fe4`Vd3z8{~{;|ZDJ?Ee`o z58(22@_vBsr;K9zXEL6}c=CRLwtpV$pU*gk@#OsgZGVD}hH(MgyO7UM-Vf0BFJ*g^ z7%yXt;Pi-OoXi--7|l3^u}?oB%2S1828U;6qNnokaz2k?)Q<_Y2BbDuF~)K@;uzx@ z6BrX2&5W}cXEV-WOk$kNIFB)zF@-UeF^w^uaXw=PVlm$!OBiz)`}6}?p2xV1aXI4(#(c)>8E;@LU@T-@$ymf#%=O?##uCO-Mmy`3 zF|J}<&E-M*0W9y+4`BH^#+w<}Ggff>wSjRXVI!ypOS#@t2IhV!WU60mdzi4>CT)SjYHl#)lanVSJR+aVz6*7$4*7 z^_&ln^Z9QXpJ05F^`BytegI!@VEfPT`R^H@WqgkD4~)+rWb9Qe(;}?wWjQ?c(lJP6X1B_oYe#6+o z*va@W#(y*Zhw&ieA;xbRzhmrTJk0n#;}48S7=L6u%J>swH{&tJ?z* z7Dj{4I?VpUXn0u5LWG40qi=BZ)o3sp7s6&qB1;sOEX*P-TbNB)fiOFmcCTDyRl+t4 zs})u!tX^1yutqTLUX#e0g|!H471k!KU0A2EE->w0x5&KFjpOta7A%am$ktcGgoO)> z78WBcQCPAti?D2AHem(A?83^0RSDZHtX5c^uzFz)!WxA&32PSCBCJ(do3M6aox-|= zbqm9GB98PEMiVQz{0R#K(`g?rEE+6Kmp?G-+4~rYVA?Ky^QM_a7%ly%Wj0|2!tBDz zg;jykpt+B+Sy-*GI$`y~8iX|pYZBHhtVLL>ur^`s!a9X@3F{W-?d^z>zp!9oA;Q9h zg$s)o79%WCSh6sSuxw#AVFkkM!penJ3EM2JR#=^|dSMO18ih3pYZlfbtW{W>uy$dc z!n%ZY3-cZ#=_f2$SctGNVd27}g~bR<6qYQ^A}m{&O;~|2yRdR$Rl+t4s})u!tX^1y zuts4`!kUG(2x}GACahgpr?4(z-NLYQ2iGWnVc3O(Wg)`Cz+zNA3J0U7ULPY`uEq#U z6qYQ^A}m{&O;~|2yRdR$Rl+t4s})u!tX^1yutu;^Dx^&!YZlfbtW{W>uy$dc!n%ZY z3-cc8NGpF~!NNj>g$WB67A-7BSfa3GVHRQ8V7fK4iL5}FU0AuWDlmWD{)wy>j9$F? z7T48m<>V-83YZTTbtXWu# zuvTGh!rFy(3hNTqEzBDUrPIn^Sg^1VVPV3;g++tu)QAyTqR5g(W)YSx%qFZrm|a-8 zuqt7jh1CkH6IL&*L0F@(CNLe+W|6fBYn7{QB5M~}r?4(z-NI;@Z0)i?7{n-v!NNj> zg$WB67A-7BSfa3GVHRQ8!fe6{gxQ6a3#$^gSy-*GI$`y~8iX|pYZBHhtVLL>ur^`s z!a9X@3F{W-?dM1}e__GGLWG403l|nGEJj$Ouw-EtVcEiL!U}}hg_R4d61G`bt*|;_ z^}-s2H41AI)-0?Aj3#LM7_A~}1Jk9cU0A1F?Gn~4%o|OzE_MFGf`!paH~MOruyA3~ z!eWFa3QHDd5tc2?Cagf1U0AuWDq)+2)e5Tu?gtZE56V@)QQ&^X< zZeiZT9Vz55ELd2GurOia!lH%62ul=}EX*P-TbNB)fiSzUa$!}%HVdm2Rwt}pSc9-e zVNJrCg|&c<)#VRNm%28&+Age9SeLMFVcus*`Uwjb79uQ67;T54%Ve}LT5U@AgobXldxuCEy7xbwFzq%)+ww@Shp~5Jj!zY z6&5TkL|B-xaADEHVuU3MOBQAkmMzRCtU#DuSh=t&VVi~33ab-VFRVdWqp&7n&B9uQ zwF+w!)-J45SeLMFVcvL&tIIBmvYO#WsOImfnYAqq#<1ft7JW?GWLK}_aI!)m1!u71~%AH|q z7Aj^6cU8{`rCHALn02RI#l+6}p}R5Gp?swoc)n^Wki!s!k(ABjK=NIM4@i4~QSqRV zAHuN}hwDDJWQTMf!7+sT^vXEzl1v|g_x`ey_8nERbg1{>#t|4^(HnbZAW7^i@@Y*1 zy+v5>?d)meFml9sTQ{f8+Z->p$Y}~=D2B>Ny?_KTsUCWN*)$*p8{ckLgaGFQF92fF zdIdc+WCCXbEx<(J0-z1J5Lg9V47?k7HLwnN4Uqh)#i950BBuBCB4#q$`6|BVVa8uN zgjA;-*lniEC>*|C=3q4!d$eQ2<1^HT$0PCYZ6Do%96l28nkTk|qwg1v1iVhu&^s_^ z8ylKZnZWGiF6B~|zgJeE+AR*>JNQmC(}ewrd(^z|(bZX<_=Lg34yQY@O*8(z?Wr9l zaOC!s?oHUuzPqB_2mkAD#x%|YGWWa#^B|8bLlIk69Yp)8V#}iPVIU{gW1lljH$6}@ z2h+x>ymefFV4|c~dy<}ERA{{uC&@#sXTxwtWqj_??y?R6!zYYlJ+B{qD)o13`g$Lv|=p9 zpf@Pg0=+?D+OlQ%jLkR;muRfs`4TM=i`uBaleVC#(KUnOvobYrHQOXHZD*&%X$3YG z(=K=I5Yrde#Y=fJMDm69$nzrMDlLq&*-EeiL>j$P`xeJR91cV2NL7bE4pJo(cpOEX z()I+9Vu#hbD$WL)fb?|j4~zj02hx0j0N`w3ATS9y0yrNy5|{}*7kKsmVeehwt0>O@ z{|yNto`5706%jSu6csT7a`lox4iHQrghWu$7?L1?ki_If&_WxGX^k;Tt<-C4v9?;Z zt(ST&Di;;JqxD{F@lp#0Em~Aml>hrPv%5JtISHV)-{1fB>LhzUv(G*=J3I5tGtbP< z&VWaNbHP+F1oj8700)9U2M2*SgGYjY00)D2fyaOkgU5o;ff)icmk+8 zF${EgrYunMF$GkWy^h0HS@~?0l`r623YVp6^xx9Rz;?T6>S+{{4!KB4mBKwaLQ)k* zxtYU})S;x>HMrB#jFfuO6C&KXQYumKrBp&7b$$kwr?7BtW%a_M@(4loL{~*=WksT^ zO~3W^yLD!1S(XO~r)i;BNLHTa!&()r2vuLm8USOGPjkb~gB&JVqrLb*J$EX(seByb z(yJ&5<;5aU<0`D9SEqcr&@CZJp)Dc#YzfI1aQ?~ft%la(`s^m%w;P(?R>~J}4&#nC zY(Li*a7O#IlYCmV(p5@2D_z|svUC+jPbB&8xrfpnHF_^fS6g0w_tNdvrX=lZ#%z8R zUc7DACN||P!HOv7Ade;Im$URocq!}oBTM-lx0L6DXXbLVIczD(XG=*wKJRp|COYrBzJRmSr>VRw zpB`KqQFrm21gf(-_8HeB>zKl*j-AS3RulpGGNFyli3!R|^ja=_FY4I$qd}u+%eK|d zE|T4m3iW2(`GwbRPhvf{N>BMXM30PHLg^?kmVtx8i$Uc}y<2Mi@Y_<8&z72ewr;64 zO>|VZXzEaZZ1uAOBy_~ zZYhj-267zGY26w*vR&OGjOV_`x@B6lNKL17MwZ5p$#tduC!m_wOF=zHqgxvC+tQHF zmWF%*(>1WPZJb+L9KOi53opSYuY$WAH=Z$9p9uvbhkIFU|VLg;h9@)R6ulZUNNCdGeR^zVc z_YUh-4tzrduaLQOCUUnL6BvpmnLR+-1TH7w8#b_dVPAWkGs@;*k!q`Nce`)Z<8;c+ zb1F+oouq1nOFuuxwM)T+p)Uq?{X%d!coCQZE&;Q^rJ#B;KLqE2KL#%W8^O!K%fM^F zCU7N4ucA&*dIfktcqOC|0a_dOaT(G2}hxJ|luFHp~{67LF*aOvxn!}vFV1Hq?2*_=;F+XXoI&^Rtozd0eqr^pP9tDG4aw@Z{nF2y1BstBVG z4JyImg&Ap3{*mjELxT#_jbju?V9$lg-fZnkl8~N@R+8U((8V__)4k|Hr8lzhUZ!yL z46lG1&Uh76gY-J6=XwKFuBnl+g(sgaJoy48L4QM|DEOVy<87QR2PL& z>W<^sZ_hdGZk_kv&*jmi&vQz%a#_zh#3epYF6ud60F}!dK|RxpZtn6P$jx2(Z0^bz zaFnN(w$t@RS4J{%JImc$xgOaeQW&L5<(<-L?oJ%GuX*|{+b>^k!*f*WjLgxiFw>Rx zpMkRTm;!9%b_FPTwVl0LuFvMEXja+Cm*{MBul{Fp^uW$@bol>kIeM*|qu04PdcB*Y zH@G<}d9@lqKAWTR*&MYr<*21a(*V=B+L??>(MQUt!l<0HI1cJONB>)$_MUA}c8(WJ}r z4e@Ddt}ozZ`ZO6;mhV3y83%VR8UL-phjt|%-U`Vcx&XDE!iAa8N>?p!h^8ZE3FL~*V~rvB7-?U(hSPen9# zjNt_H-b~%SR35o%&a~Q4du0(WI#Wp8Y@0xJ&NQmrb_#>1Sq^cZqU})cuUx7?d83js zZKg|q5{XcLy$JRP{{pH+UIByPo1kw0Hdqe63pRo8gV%un1l2YB0Q@bu4ZIEf2>cVc z9h83g7_VOkO{Jx-ReYz?9kyqy5p(Y@1Ppi4#C&h&B*?_m=t0=~B(-L#ZrqoWwvM`#=Z4*1 zeo3UBDc_}^gI%n1N~})SZxJZ{Sqy40p%gq4oD0g9D+kqzE(Db?6`&+)1&5U=`K(0A zXKfZs+vf7wS4)<*%cmugGE387hYcG|PyLb*%3s}8ZY4~zE5)k;wy!xNUpFaCfJ1fY z&`wKI`z*IBLPhPmXhry~`;Kj2*cX>(XU=G2;-qrZqwI~Nh=8YxR2*`xs>r-{QhVb$ zJ-CIwFs>%K~X!svC@DAsybe4WR6eqP zwUGvCUn>prS!s~ZO2adT*21rRRvIjyq`~q@8Z1rHU}=&DOOrHMTG&#HJJ+XohwfaK z!y>*r>Xz<^2_48U)8hDz4ISsMEZB1F!{S=7)>{s;IqntCoyOpqd+{_R+AGGCIJ%y%Hav7tj-2DJ2Jp4|E_ikYP=gQP`z%V}YNZ0Gt6X)}L-j3G0% zUR-DzAGdp>T~ATDyn!R$te}`~e0lsTSL2z_=?bHg zSNwEXG%1V>C{(hkIpeXze-`Ev(@$4iBT%K zL}xd@^078MPaqjdbb7hIfHMrAjc=su3pm+6E!U?-lPW#6=;2b;&84Yjy^Z6fh;c)O z5l;^t9ZHo~u$o02rbY?lyJ&;5-(hG=C7$L-t}WJViN}HiU3v~BuCz}FmHs?X&we0> zEgAW2$;fAI8B5#d^11VXyL)N`3wM`U>U)=F&yw9W1E~GJF{?Gcn-Z42twJ1=vnv#b z608=WdR}Iuw%`MHOYC3n$DgEnYC= z!kSR&LZg7f??rIWAu!T6s{j3=RkX33`a#iwlMtz68D>1oatiPDi8ExF4YzuI5!@Or zl}M=ycuvnGC8Ec<(ItM>)v42S@|Cj@sjorB{tYOF&yCIe+AiRDPUFB#uq#*qb_34< z1E5lr2rdJAfIkI$f-AseP{!B+pwg5A-U%KIDvx`E%D10$SW%YGin4qGGuU8ht2wu{ z4_sfO^N~+eqh|SfyFMfGbjrpB6KW*CN6)v>v@dT58Ej03W_PP|jddhe< zuk#iM9)xeAp-FB&W%faB zd8v^v*rPe*t8L#*ThXxa)8ZAYnfk0`GG0Pv(H~{#Ebdn&N^WIkxnWZR44bB0tLrD}wruW%eSPMl!V3S) zr8l(Y=#^r)D{X=^&Bi+1+@Hlinn0dQ$0O-behhJm7{PVA{Uk6IWI(Sj4a@?S*sC~f z>C0zJU%r5&fk8{tz@VksZ=T#0@o8*G-EQ*@)1iEHl52{YPgPX8v0Dog%=aknV2sS! zoq2|ZttsqC%n{s3Dk_DFX$3L*`(N2mN^Am$Tx9d{A+$&0SmB>*Sv1I* zrr`w(p#4fedWgAoN>m+{ZA~YI_c!MW3GOE?4hAPQ+nTZ_Om-KeCyHs zgLh1R=I~)LgQ{=;-62zA&v|T6LB;Fd_4g$Gv#-`uy1-jKkElSSkiL*HP2js`iplBuX^i?Q?9#d_0~h;E}wW~ z!4(G_wPbvc7xQ0yY}989ve)&En_HiM*56)S{>H&qrf2qe?v^WO_L=n7V}YC2T--4K z-+9Y6Km515XZ-Yw<5Hf_owDxd$1T}BU`fm|zxynC%pv11?X&6d;Rmd_`SwTS4~-k~ z(6SK^FI&E9*hyJO)~{In+J;B|(tpD3&t!l4(^2Q$c=C}+YqD>B=>6lyoxrF1~YWar&22wggu_@v}2dEErJx-Z$?~-B6O>eBI34TQB|RtalRcI{dDe z3Lgu6`jZb2{Obb?_J6}WfBBQg-~XcLy)*vUGB7)S$Hx1n&pH0%zy18}JK~;vsqa14 zzm{^+okt9PVR-&mXTN^Nq>8Vu>GSUISM5CL*Rkt^w>`DshPbP0e%R~cV=G6Uy1w6y zI}T6%;F;H7nCgt%@xWuJJoM;CH~#&npFW3(8kb(orqe^qO4ikOjoD3qCDuuwTUrzv znwIv{m>51EG!!<6AG)vvHKtE#MHyPc-iV@dP3{$TFQ%m$$NTJv@>1Ir8*>c5VkuoR z^Xk@nG4;^6?(IVLfF2v8aT>AwvgL$pTSFbGN5%DM7YcC;3-$C98+ke(jL6?3N{5MC%Ixf|EBT_|HO#;8S?L>}{59GU8cddv-#)Gkyqys;gG`os;D+%A+% zqu7{t`IQ_O#tzGCz1JXB9^3)#LP-K+WAu(d5ieeljq&QGkPe7(z1oG6?GYRE6u%1f z$c;JMT0=Fvp;Bz964QVcDV2?edmCtZE;REVP|;k7}CSe(iYFAtRnJoR=WwWP@0Hk&N0xtVOe*ns z&)&TqPii}!9_@Jg86Ms<8Jm(5w7Oyp&*%PzhtHS&d&Rfo8DMzQ!=5Y7@`SZ10}ao~ z{KDp3adF9o?aN}2;gJRGJ=ef?_magO8>8-($J4bPj|SV?=Fk4^cm}uQ>Di9wXv1>} z_mU=(OKQg>{TUk*&Xe4ZN7^zrW*6~z@^gUY3CkZ<%h;H6`6a8JHUIp5di(r2jw@C+ z)VjzGX?HITPQ=Ds8+NZ=?RbtiJiiL#NokiJb#r55Ht?%j+biZrue49k35Mro;!&$0 zm)7oH!=T2-^oGYPuWs$`HQeyr$FJ^{o%Oec?e8_h@T?*p@7ag9i|0hcV^WT9V^iW= z?c*6~cr-J|OV5ez;u&Rl()m?-`kZ!lzxMHH=pZ(xBrKj$?cy0@c+?W9OfRZ??a}t} z$TEtJSx!8jP8eh2DYTn5b5$eM!&>Q**?)*5QE8_Mvs36s7Y-?y?*cMPqcq8+Ju_iCRAnM;UBby((;FLhNn%a zEU2w1d@gI-H?5&Qa6=iMHle1p3H8=JSD`b#=Ng8^D`$AxggOms>%Au2GkRrfsKst5 z!(+lf>QZz4#Z$ZsS>1w-JM{LYIFHt_qrXL<@%tWVVRPMF@d_KtT>Z5tr1-E&0`qJjIog;AmpnkcK>fqmWs zwBtczWazdY4{r}Tgvks^bt;>eK9hrG-O{j z=v(nta{Cu$>BG{zFp)1)(nmX|o|+b+6sKnd(Sg#78B;tx820KdGNG^=-e8)T+r8wE zWS@~Sd6xLXU+YBSAorlaoH8VEC|fq^-?L zKi@evvs6@AEPJK5+oeg1OMT}^>;fxc(d?CG-&0z?T_nXk&Insh6Zb~Jwo8Q~a0~j| zN8qJkZ}fGiDfrG2v{RE&YFCsLFniC>hP|snh70S0yO?Gfb zcxv{hxr&lA%=ZqDWp7%_$XE))b&b(7&haOtjZO`7CyX39di2O)C!Baf7!mIYX=x)z zj!aD*Ic(VQQRdRQf$W(1&iajui~s%-voF+p#f87p(RnP#EgIDhcY!3&AlEwv<8C~N z)q&ufaFjh)pD5i)8b7qUq$pHmY5IMf<7Y09M@@Iq(!+;NMgIY&`^>?P^U^VvOMT+h zq}+4EhX-|Ka2yjm8RHtMaV6Y=9O+5iH*9!I^gB2b7@fISBQ!WYSG4#v$nzpR%^Ewx zb>oN@-zMmPf#;7JKf-C`AzFOr@*Ho&lQGh;nZdkh@hSPQ!4t3XADoIKT72|Yog{d6 zxqP~BwD@*FAIdmUe~km-)R&7E-$|rz2|N#KWCN$M`e^a#CCVI)V}!YA@x9FTD)=%r zdV%XGeTwe_m&Y*j6D_{ipuY>jK+I*RWDGVBU?7N;Aw4$C8j=e-@CN5@+}4IV~& z-oJ{j(StA-Eq&SC_fWe1sml4m{dGI*X) zuO8P?`p)Ls=kVm`7&fP)^j%7P^WfR81mL=HL@VDy=p!kV6)G59XYu_Go)eToxQ^mu zoXc6{@)$;bqRGo<(svMr_nE6XJ9^$<6MnE6?(kykIKF4#yMrM!xsKwi&@S$y3PhNFr)kMC$MpW*UY&gkjW3#5zTyJt@4@oCuaJ$Q~OwtOAQUkUM@ z0?*AQdyemAc>0v?IliIrTs61z`1HJwyF8Y&xuAh*p0`#WIKZLgvaYv3yA##CI2bU%_)no#pEVM2qh==w-{ecCqD? z+(%2FURYMc^Js(RO9Z0Dmq57<`7x{c{KWDx?ie+`eB!$no^6*|zK+tT_-=1Pt}gF9 zzFguvsF~Tx%R7&6BbNvMl=YoB!t!lX?uX|aDPUYj@m)avt@;&fOW$nR%*Q~{$~T4dJqpiDzp;GD zK(z9$hrZ;uOoZZ)OW=qWpI-J&yOk-jw;8q$^|Ph|JO$6YE+4_7#@Ck%AHuVr6dX?F z7A<|}c45*hJU85F*qERYJwELzxa{}riEy{&>!`l5_OH`)59@yY$@2B?AiizHw}san zFF$1Y`T^0>r{_KV&#XnvA=laSj)&)*RhF-#=RKVWmc#S@BbE;}5;gx=(8KBfsN+1j z+VXWI&-W7Fh&6nKzt-}}UX511JBhDm9p4*1Y56*m7uAOY*Yimwhg?U`yMt>-!*kdM z!`7j_p>isQ=VF(yqxd8*m&0@0Q#QVi@-LUmZ^CoT)0U6Niu$~=cTa)mvS&JvPw86) z&tF}>&eHb}cw(OGJU*pwI6U<(Uq|W7gY%9~omLep zTUd5cS;cv&j0abhm6ujCt!`j)Vc`YEg+-xIb=jQSP^or78JIk;w7jacI-D90wJ221 zRPuqzH6aW%`z#OjU^@h-Tk@qzQUz0{jW3)weoAmce&N($eqmllez0)DG~Pc>%PtH~ z%^05@bcVUiT{>mX$(U6*K4WU;%&g4($t)RVZxGjMn9Layatre_CNW3CvUls0{q&6N ztjxlR*%^~&uo_sm7mdNE4EiPMFyU^*!$IKxWr*Sofb7zzmRr3O%WMXCYWFrPlF6^G%H>H)O z%B3Ghtd+#t#hEZIukiF>-i$16nv*d_XTw-Gu3K`6xoLhbsmRVApE2RI!rZ*9X?a=s zXB1{lHAUbIbb2J8M&?_W8O)znkXIO-6)emP&d8sZ7c87qkd?_7YaMV+4rb>D^DI*$ zJD4EDT$(R%@ zoS2mzESwz7$PDJO7Fa^^$Aq<4GBffs3Ny2amj^$?Pe*kPufhto?@K~*e;&`It1ve| zk11mb$>*b2atmh8;PfC)(})fKjEsrF!rTc{&zw17vNIUEYG`Nm)7AuK+RyZ;HbGPK z-Gt6yK0;5famhifCz-o@=_&9j-C?OxdL~TH$V0m%BtNZ;2^F1}k(o((&fp`e1XJ3! zzd7mP zeUfRpDzc1h_j!1n17V0aw`p^CJ(Rw(nw&LNwRl3%2-4pbQ+wGoHM@z$v5k%Bp3x1R)FmkfYD@!!>Ed0STKW1 zk%63^uDX^>-Usz8%6@&}m#ZQ(0;b}+ps29CjPD1PB`0&+aQQ)e4up@xS$jk^S{2C^+=!YaNt_j4sD*{Jk_pLuD7vuZ&NMk zW&zFBsW82w{G^er4iy&FpgBW@vEjDL+()XJnljEX+6g@u8o!5&41Y834OfY+h+qc~Nm`%>=o8gm?1H zshOtG`oof)YgDaYh~~^KM45BhxkmC;ZKQ=;V>H@0069cadyUb%JX&s~UL_M%*;C<@ z$OkiQ<0MVtK39aQI05djI=VV`>`Ap16-5h6OO6X&SXFvlPFYRyDW-^32McTwOI-9V zaPH~TXjpZ3rLwfTx}uUS*VXemr`>r78-A5=N6mafBwZW0WC+lT5>Sg2a%7I#%8 zI-<0?#;Z0wq%#@CRgj%;+Su2We;wXhX}g&qZVtDX1_?T%WSTEm{fFy1w>o%r$<$XP z70Mi=jid&n)dQ1-(%wX23Vys8_aPUgGdzu9@f2foNHMrV5TO}Nojd|@4R4dIC1ftC z36GRCS8gS!*|{d2YDyD{r1PdU!^n>WCfiDk^g-XSV6xTRd#e`7mNO=sRPwVVB*JQP zn>@uLo5+2@aHB{irTb0Bh(-siMfO#wX}1(sEpn6wIno63%0zL>G;~cV*)pCmm?)K4 z*?19&bxk};1!;9`1yYsiZ_C@SLcLT;6cgDjdr=SW6;4DAR_di1y~`6?b)z)Nfn=?8 zl5Y{sG-6oA?foh#{blu*(!IarBw9@}B_~DZ>M>=)AflI&qXoq6;MfpjhjEf(4qm!! z+JN8P{nXHyT}NJa?ZiuYmB#g?m^CZEdi<27!R;SR`Nx>IUij(|`=xwR%wxHu#!Wao z@O76H-#Vr1<2N(Zz18r)`NHxayqP=YtHhE|#|}L9&G&h2%srA~?meYyea!aPhF3nn z?fy4zsAFjDGDClQY5aNdE3f_FjO*^YO`k6#?VX}=r(`Wxr2FRv;-hu5vF zcMJbbi}!CHHg?+Z2cPUcW8G7e`ZD}y=!w_#`Cvos54UU^aZzmCl5tba`f>2b%^tAs zrdtN&UN`QT-<|&J&(G%@J-YQtG1U{#zHZ}PZ#Kjq`s9~i{bb1340jv)2RGIH>B$#* zeZ4CXIP0b3#!$Ay$@HX{;-%NrowV!HjN1oySv=zLUTF-q8v08=_{&qfKfQ9tg-u5s zeDCFFF~;|_p%?t@x&}-YuW8=4NIpVLk(3NMLD=8-b)sKGq!^H>JT>a_Gn_oEp z7rb7dYUmTE7Wa8~){Y_jRrTHcqZ4;N#@dlbeEUfvCak?@==3%i_e&^gX#ZVFYj)^jryjUjZcZ{f2^%RwtomcT4 zW3xgwr>MqF);`poTBayhR)=bae%HF=K9Ld;swv@t2Ii-w4lJEhm3lHzR+Xyr5vj+f zo?{5mMX)C|_GC0yPfq>T0aFJK8}8oaI1@3=!^a#NB9C{nlXqj;uwJ|~iZ(aVx!Lsv zoHh9Loo%A?gzF1vB~7zgRiZP%^#!yRt9f0S=w!LRfJ3)NQ|t6~nKLtMDq~sLkon=Yj*~&$MeqZw-jED?cn*L>mumQ9RmeeM|kC7pQfDGS<$FDGZ3TA+yB5yo%L&yrknWd zACGGcKHF6AEK5$seqHG!=k63JGjmvAgW*qoijHuKw>3fMqArK$UJ zt=DvH!H&G9;5IK0HrFrRtUS0^A^*TnbIztt*fhyt>rZrpoJ}UTw`&jk?e!nTH1f-u zs22o@JT|z!=cALquK!|q?TDs=ZLtNMj{l~9=djvAO*z|Qb2y#8yZ+0ewXB#b<|os? z9%(N;neoktmM$%KHWh5*DM>#Cx?}4Gc93K3DYG4UtN4%;h|ex3bcnJ(XG2rL25&K{ zIG3v___CIzN^;WSeT5_5xs2a0IZ~Vl`F+;-t{|#Ujqg5u_G$?trdNv5m#@++)X`i; ztc<$>^HEl!BvPs%jq4+vi70|rr!eBF1=X9iE+(U#?s{->srwET_>9{N zIib9?sG_!tL1DX+)sgf=ycY@DK(IS8^yes9WEUjMEwf8iDaoQ&WR{oLn9u|?yZuy` zR~eetO4Rm)A?SIfHMQk-hjguRrGUlykc5=jb+FWNb(5}?`0HEw8wj>;3wRcR3pj9E zvr(H6nuIV++RAh)S1Szb1zF;wPK9wA_&%5evRl0~ z6+8-@1|AKvcU&F2&O2v-qro%5lfl_w5Ih^q2G0R!fJLB|gqZ^_0E@wDuoP5%o(rnN zrEpKXteSjwSvC0rrX&wFw5#EhFW}_xYx$5hW(RIlYCg(8$RtVpEiJ$ z*!c9UmT$68)ALx`ET1;pr&am1kWVuWb}9`T+AT&4WzX+Bp9W&H*CckA^4}a=u#HA> ze&6QcX4Z|=qJRl`wy|zlUE8JQY;^pf-90Hg{XocW%Gn&7vu#|?u9_|_r!HH%U0SrZ zH%->EcXpFE^*Q{UIq38QNeXXKvafND-2ZCP2_wjSOESIoC((PKL=a}mVj6eW|PTAP*%j{;EiB2 zxDvb){542A>XgSn1yw#hV!Uc4pRHE%+0_aytt;o2rm0Pqmg>`tC=WLBi#;e4$sC?ux6s%zh{KPAtJ$ zk8#M|o}^~9?AP+x*2xsHk^Xhu*Oh(3y1q&HHgm)~)A@bb_%x&LZ^nnPv|DU<6STn` z%5S;I`k)C^Cr8u=g;9NYo#Rajh;cC!85GOlUzQEEVk#3L#?xIhwL!Ot;yS7gl5eFb z)yTJrMRq_Er2ZVmbIeUlHE3Of)2{|H7rbf^-e%uU(4#nTs#dM*d1~ub)!T69qv86k z;WZ|REF7B}duz`GQ8f!%Hb>P==hNKt1oxZ)TH`)psN8GvH@Y-|@^d-I!5ois$X!bv zP##|o9t2Wf>iU8V-kQA{ZURSf{wq-TTM3>C-VDwLNqXHmAobfc^>>2jbAC5?5qJ-{ z1iTNt0(=70<30(l1vh{k&eI@=^D6iP_!{^kNZFeWVbPby1b7oviS3WP*rrfETW967 zy9-&GCNEps39c{EInk%h@@cbu+B~0D?$cx-*!Y(CwBs}Hil4UGNU7C-TqNo?R)=D{;%K1W2X{vPT z2a*f6=;X6SCttupcpOW+%k{bIN0+SR+*?1odt>my`lSy#wLQIV`|#CUCHvNXxY4&C zP_G3yqFU|NPQH5W2D|!c^PTzW%>}DqcrZ*CVpV9t@$#Mz6s%hIWe&1lyFXpo+ z*f@Tp>?IH&QunIm2esPne*UB~Y$#;1(1G^&tG`vBiT#24LE*}>Hk4pl2T z$yySqvXrc45HeCVD~x#F<9NMQ*0L*$N<8CXVs+(0&+3q&qFY39^=%i)j%u_>ES0)2 zqoo6bMZq8RRj9iNvP_m$5H`i8sZAjms1vtdXE$TepI zI0MWCrItx{T?otu7lXOrRUkZdsB|s#Y)qk<;2O?R-E~iZMc_to4)|BF82mdp7gQOa z2dV^Q@Y=d7pRK#{1)M|pwY0-rU%)xqryb|hB-fVjWS^Gh({g;;89wc7pH}A67W%YH zeA=Zx4OJ{nygIgi^RBbk#gXn$Ih22%+u!x*nw(@l7Sy?9p6AC@YCFQBFyc`@{Iyl) zbBjvyD>D~WR+ktHgo{yJD#}#@4hdZA&r!0-N`>@lS{T3XA(_y9y!5_B-s>FW%9H`+ zVo+PN*s_q%mW6x)=N7mv?Kaov?x#SWbgSRI^V{VKve2&03D1*F(eflWRQ)Zo#cVFN zr+j(G&6juG{CLkrjbz$#SsJo3Z*ja@19oHb8f#4Vr1dc(Gt6p+ zTp55(TAvY@PB^t2kn7j>rRhj&nyl_)Sf5nQ%az>DUV|}q$}IeilT%C-3B64eig$bh z?M_ntn%P9aSxVbhNbyWkJOxQT9~fT+XU_+w&sp&F;O6{<-ik0c0ot+)6B0<~1>#l} zEzG8{(m1M7lV!mm6jxYn;-% zC7<9uADA3k_C;bBVhx&IXBMnwD4AGeC?dt$mbk^n8b)M~kJzgXvw6d&+1=`36&7m-=!COGhx3VrKuauXKCD>*RgNArh-bqDqI_kkhYZ}$w zC2@}(v{mZGtG$}+-qdTqq-5m0bD0Qo-uWx;W9ruN!CSKamC0pLmy+of(5$k?9gEHJ)h zItdK3*6H5;z^}lgKrMYc7#t2B4^9O!|LbzWVPGN1wYo-dEO-mZ7-8M-!BauKu1N>~ z4o(2y1t)_lJK8Cuc}bV6VdS$KM!taAdd|{ht67@bQ%h5eYH2M#?O#4kPhk1TKbKD< zYL?d9^%+fmy0$hAWtyEdPT^ga6B@0tJ7>WLQ>h<~3owW^=pm8Tyd6e5z>r>iTQ%P@ z1s=o{aJJU*({cc{xqd6}M7pEU>euqpMO&zLsV-@aJ3+zfcb-~1wKZ~|HrCMCUe)Ih zCN$M1U6yjtr6~!9wq~>4`_3fFT#JjpG%mn9nM;PRJ|}v!r0kRPD%{I7)!KSJ?>7uhO=hBax%TP{@DBcAXFlGl2dPIE!mMUtKjw9Hv72 z8@!)$gud=25am?&GWa=2&)N9`)H8nxD!-DE0NWJGX9ZQhfEf$0w9PJ`+to^#hh_Yu z=HO0RBWc$J`_`+GEys8pwxr)Y-j@9cwVaCv&gp(^&Q9^D*JIQ;Y>YkGLDSwu%!6Rx zp31L^DtiB88dnlHyaJX+MV~uf0sk5Q@QA&>6h=HU(|0J}jfo>p(tca zRuQ*%`%S#lcHQRKWj(!M(y9tx9(?9z(!Li1WR=j5<7DD84eKX$!w zM+EFJ%m7dtb1*mvJO-Qyo&f4uS?1Cd>}U9G!OCX~RzAD6x1~v2Tbdc3+(W?*j8?F0 zC700LJ=gZABg=L>_p=-ENW`O;Z5~(lwQLned6Uhd$^6!}DchN**6z7%HG7uY*kP^p z%2v~XRcpU<*(&XF;bl9HGSm5~pvpEARM}1hRi-(ho^>jyIzVN1%T_*Hw({AswKSEj zrD@p7R9SDFV+*W$n_{Z#VYXBYlJaCQ*?|y`p{2W8kqhFfzfX4Is#|RjAh@i<6e?Y3 z)pj~pRYk+AtyoDTsfgUmUp)3frz-V`nR+AUi7Y|+XW zFas%;rsAE)Tbh=p(zLWNB^+53O;tU*xgdpiM2t03uu0R^k?T&M#@{7vm%EFa zUu|;|o{VvecU=m%v6Xf#KFov;iur7=D6_*Wt#p%DXUPQX$z-O%si$aktZukq7qexai4xEfIHN-O3imK1c)<<%!JD`06N0s5TKYA{? zM2-^UV@r=-R##sK9t!OSP?6sR>P9QU4DeP^qHr6i-sJDVT<{L?bnp+L^6QVF@_HwS zZLj6Cq9R|wR7p!yPr%Z8qunh{FB>iGdlR4ijn+>X{uFwDZX>V4r5}s{DFG>F-y-bG z4g{!>EBh)y3L^nJi{rHp1?c-~(>(!l+w}jS0O`5p!UgCd3S7^+3X}jn3QB<1f)b#| zK?%^)pakd{Py+NUC;@sNoCUrJD!*O=B|upAt^mnr1xP+CK$fQRvor~irAdG+%?eQK zR*Wz+!HsTYR{c`ORwgisujiu)4Nrx}AQ+rnmT+kRpX~>7Zsrv-hUIq=dz*QA3`Mz{ z5x3l}=xUiSmtcC43CyZ6EYe&T(Q2X0p42_*u4?Ft%Z?Wl;ZpTejBuH&$aHsEnQ69fBVW@Yt)((3O^UGX6lC|l!P_i$T z_^`f%#IrXfw|UF2)KbZOIca+oF12keYUiZZlofP0TFsW*Ab3vCEhqEsM&sk9>ycI% z?+1H8djM2&{tO-iJ_1ez9|hGbc?^{BtpSU`wO}#$I9LX*2dlvi;19s3!HdD?z)Qgw zz$?HP!JmUKgDQttKnd~3999d;XN6e4fSI^#X(u7Dme!%bo@NA=sh}x6ACSO~vjRJ} z$>=kQY!`+ujL3FrWNKV_pWwAZ zE1wlw`K-`dnuONUJfYnM2gVuis&^VCdpL5`^U>snmqM8CyoO;8I6BbPr7fF`7KWved=;#5gRC&cfD)!I zpiKTaZ~zz&4gtG?CxQv!C@=t?4E6vs!6Z=4^Z}rn=@d}S^MT;mU~h0P*cVhD9tJA^ z)#0+jBcBx>`Rp_mOG}_gEv-}Gd7xEz&}#p$3eRVq3D2JNmnS@~=K1zr!S6?Sj-(J( zDUJdqJcB_A&oQ8cX9y_aIS!QY3I4I#62}*cIgA$&xpoC`}DB(E;l<#!~1{+IfFl zbhZBRB%_{oI!kEyc8)99b;02%r&yXe$(QL~Vxtx8AX3?HErZNNm|e98b1_z5MG(v# zJ7Nl9OFW;n@IggbTe(AR<#ub}4dsp>a6}&{{1sOuI@0uVkxEN5>LW+_e+8e)M_Rje ziodJ0PPg6CaINKwCj6~#U&fR=Z#dOTD*bJ{uIiM^;0y1R%G}dTzo_P(_KBCdr$(zR zuhe#aHSu3c9s5s4rAD9Kz^xilEzoKX&;82v90>l&_4lAvQ=aV)N~V)Rr8xyW3_KJZ z4W@z<(%O!^*yVR`%r!IOie>mR92W+&35BRrUv{E1Z+ioRWd{=oxS~~niAHN-n&}xPo5)sEx4U4`&tVWMkRU+M_i=s*rpa(^}FXC%f z?cjOf9iTM#o#6T4AHk*IU0?%v57-3W3pRuIgFgcw0@XqKGq@6b6jV7r2C5e9;IOqo zK3faqv$ep|R0}MP7GS#jX_~P)=>l~h7fiaqvnwUv^tHR2(Y{ZKW*~>>j>Z$mq1(zy z0qb1H#~inEL|Tnr7&V4p_;TebU_J?E6NXZChxarFEa{MTb2aB4-`5P}X2o`FxT8Vf z$wcQlrBhBtt^r-SH8iq%wzXg)_&9h7_#~JLJ_YKzo(7dCA9C2Dkk1x{d;v#osikdm zeMTWM8CWxVqP#=pyTtZ`_gME4L-t8%dT&(sSbVY(qpJ;xsGh|ug2=LahHK*^EPgLc zI@iAR0(#>lr-zqaMakX`gd=B+_ME6jl3um74czd@rivo>cAU zR4EnBPB0Pt5|pal1*U?#L8)5DEecfuTNLuyqL9z3T1%6vwKR%i*|rUo%t}c18-eu= zxy(}0>H3D{zVB++r%{=P%Q=~!&i97RH{$a@8E9T{38#5{7|T?}h-tfrjnG(A2EkHRs3lZd@@L-};6seif#rXOr=3 z{K|N^=Q~^*(=3jj_4mOue=rYL@N(o+%^%#H^RoXuigtmCVQ}omJgn~N{)4&MJD8_Z z5x6PuUcbtwymp#NxMq-D-9yhZu3&TZxCf>B*KB4=5+8rQH|BD~TQkrL47t(LS}E^A z(SvV2njb@6^N!PGGh_Hm52X;{=N~sVXadE8f|QiT6`3Z@I!}ph&`D!MI=@ZL`t{4Z zvEf`13sTm+6BoNe{>Bw2iPE6o#)eDfZ`N;Pvt)C9!?pZ!GiB}y`Sr%dc$&mg8cLpf{S|mIsPl{H*R7+!R@#&j z&FE^@MK4@;D}9YC${{v2=r^_@f!vC1*lGN`%r74u@?81iX%^48X8CIfE%ZX0J6ML+ zS!H}A+1M}}uKGvx>yVz?=-PVKsSa9Gv#uO#>S1GZ2><$qS>nZcrB=V{KqJ+mJhuuh zXg0+(T?H4rLeb>;5@KSCwbIbGV)tBNN;_qYsfWm4U((X1d`u~5WeQsyrj*7Nr1Y$R zl`3b8OE0!kmgU(jJ=PRATI6by5Nk@^W^Q9c36%Or^y@6`y7iu~cJH32M`~K3j5>CO z1cXRTI2*|pT{aokHs~UPTJc!(c9$k2am{g;H8w0Eh9;9?vCZ-?FsV&xYEX7Gc2DvW zrE87Ni}`(6N_xRsq(Eou<6?NIIzv>=Xs|@n_C($<^Rk3J-7q`pJKb@C$?=pXQ<&>B z1I8>_U@AyTQ?njveP)c5068cji8VRchM_S(2ARB;i&)xPuf)yKhNzVF)5nNY}m=E1-J7;Tjo0bIj5wN?T zvF)kdfjb`V=H^)@7gh+6QzeD0xjahNyvA6TZIBTsXX^$|89f>PoXLGnJqSP^!?k!v zcKiz*DJ0pOgMTf)=L~HfzxJwZu(vtl9lhRu#rUqnXRkhm&tAQ>3wjZeMh6tnE#e&%jlp=tVTiZhPp+{Qc! zpN)A5zIO~?VmAyJ!#5V6rOoqw*WmlR;d=-lv)qYKf*sj6U&B>dIHvA#UH!XWpm^0c zzkpPq7}38|81dYzd#EF6Tuecg`s7)5wJer>((GqN9mPd_nU~bMI1K9;m(|Q8dfRJ{ zB^~|(1L_6Jo(}(3Pc)@{zXKQsb(eujf~GdMKZji`MiePOQHtmA3f$a4irnx_D=+ca zk5My|%3Z7Gm~XbVGK%W8;WMB2ZQ@Lezm`?ZGvlSIRk~W)8lcK0m65H9$tU>?+=R8$ z6O*M=ZdQWJ%1TU1B;59RNR*OAd@dO(Ew=07Nb}pfDJK-yxqe8tpf*o+iAyP-lgD}uCXrH3ey}W3uDNr$ z5JTKy?u^>v;?mNR(h?IqKa6*=z3XH*#*#%dN{h{1(_KpC915V#m+N;C<8muHdU5kI zDnRQXOENU+DtwOCi?B6HS|!7Y$!fr)tLIf~cw5r3#Jx*}yReV9s?9tTruDNF^|s}_ z&s5w+cHC8O#w6RR)PayqT^U?f?U>x@(4)gsB{o6WC0ZIo`!3=N^7z9Uy6T#EK zEN~9UJ?m7G)4*SWGr%{&GeCU@b1vAo3$+p)3YLKB;9OAa*(?N$!3t12HdTUkU=_Fm zJRiIjtOoA|Yrw}qWU}rbU@dq6d36D(ov?WJx)Z@A;3?n_!3kg;|7U?0gXe+uU=w&L zcpcaX{swFYp8&4_p9hzNe*u36{vBj)O5MjGFCOZ?0vUp>>k;QJZUElGc_DZkD6u8a z>;4Qflw9{XcqjN2NDZj_47?ZI4c-UFp_?BB`+^UFqrr#4Dd3;MLU0ur0v`pN!NxCv|o{{h|rz7O67{u6ux z`~Z9tYytlT{tN7d+uv#Q>FWLf z@_lce+8uq@rM93KGGsgS^4Si(d;v4zMRhpQ^xowQm_>js-#y5N<$J^RB|2~UwEZbL z%O}~fe24qA{yuG}PaEdbBvm%-c%L@ar{(#yb9~wypH|`1s(soIecHu7?FyfEl~4Pn zPrKQt$>y+WS>@BrpvJRg$4au#TlgTwe973@Fal+%wOo=gcAIr#CJTF?pf)y)hE)HE zew|u<7y2q$)?}!*$GYBhMHR6f0Xa!_ zgG~x1`Y9kX_x2i!YFI*U`zcs&PSZ)m`e0oqw!-@0B|2-$NvU5mt1;)&W;3o}#;Qy} zcOZgS^8Nx@ZOi0&g*J(+U!876VSaD!oAX}lGZv)OukGDf@SeNyC1Yhx30mYaH;yG3 zntzj4H?v2l(2-{X77(BAcFnM7l07vZy=fJ^Wxrg*0r zpK>k5QK!Q4?eh6Dka0^pAD<1o%BSt}eaBI)J2vjMrKoB;wb{5xxV)ws_zE4XSxX>QSl<*db#Um3mvhwc)^McDaKt$JB)(&X8svRVsV8v{~FmhoS8 zL8f+F_h!5Hhg>|zCrJ^dip$#GvK6HPJo8-Vs}Ow8c9c1&3TtDTDU;Y(wkmxaja_ll z*xOP@p1rMr(uOu*er2er-0-M!Xnp?@3{%}qOEzlnfRY;fX*AZ8aauM>HsBrZxn~oO zceBkq_iRk>{M0TsfOr0I#QB$D=V4RVWN3L#<++>_8G~9;NNz@~H5%!hni=F6K4#|l z+29ne7lPA48YVM~XdZYT=kvjfzy;us!E#V>F9b0-oGK6l!lCgp-;Rbr3<9SX+yT;= ztaC`iB9MmMSq#dUybv4+UIfkpmw@`1nx?Pre6S8&1}+2j3^aswzXj{TKY~97-vloO z-v%!Ow}Y31v1Cy**aM{5tkZVsSAvIv%fW%*&%iuz1*pXmuL0+Q7=Cq&!Rx_g;0>TU z{x^a*gTDZu18)Lf1XqHa!C!+t$#)FKx?bR|V1MuqQ1$9gP$G|U;~FpWS>r{%fU|;M zOVi+krTxaI{m!S|=hGhYX;1hxX%-t+-`v~y-tcMv@M&9p+NVD43!j$66WOrJI~yNH zME$mbO~JnP8(3bLSzK!Fn14UQsok%shy0B>Bbo~~(ToqK%^b*}Rx17-_`TU;t?#LK z7mP5I#fCVc1Lh|+2RFer#BVoP8Hx9~DEis{1cWpv)Qj0OO~JIr%oW?v)MiCr)-B$Z z*USpREb(hYGhmf8pP}tdZmUHk2P@5+<7xwp+q*9Yth#6RLK-_JvHl82yi>xjRnIr; zoXkkkf@9{h?|50ovWVeB`Lr8Tc@5e?jx-KAsa;HA!}~EPQOk%>y9y(o7dhTZ=Et}g zSM6$-$5L0{&MXVfV<5rKd(ds7IKD2|Oqv8PY2HJ5RYp}+c^OOE@p1Z8HU%=@6-xp& zbF93IT_6`0@h+Z~Te>roq zD(0~}RcJDCv+)Fd(!}Jx(ED?gESjK)B0Uq!i_WVt2}*??YZ4T!xS*`MvSMLrMTk`( z5|j0q_CY4pR+A6VGpLKAQ>m*YuPdDRSU##LLDRWY}cu5V)U5UywkIsZv? zMW20fV>3dcGO{s~rzUGOfo=p;?T1q}*QCqZ7_OWsej#sIz$l(@pN{7zxvZu}g?)j7M`7uaK>v+L~ zE>$3zTFyZLe-)^$d@d?E`vB|-ZUY%Za6ST6Hva+#fuDdgz^_62>drUd0x$;Ebw1by zq;KuSgG<0};Kg79xB^TBZwDEtFv|+`03YT&30w;%gU^DfN3$3oeRHD{cR{oLIr*$g zlrP|%*~PAooamh6`U1{;pH|`1F7jzV^l4Z7v}=8uQDG@YWhJcS4t&@=qJHTRr}m)c zoNbLcL*^&xW#cx#H_;Rvf@T?vCL4$*OU2)}{;4=ldvmJkI9ja7epZP>L-nYyLiZm_ zGOaOZ*Zi1fvl8r(rUYL(O=v0@LEtn34{4h2E{8zKV^LZ`G1@nmO$9@my11`r4QE`d zJ{#xivmR|OpasVShv<8$Ax+6Hvtpba*IwsITU(uXG(Kx;szj~MyBc2?qy2u1?{(3Q z9{h{(F}mPbpRQPqxXq{0w|B2nsoQBuH6)Tu)j+vuT5>{!mQ)x?uTu2k-e}3-Vyh>0 zqbTlwdh$P{Cq0!W)yg6XjC;$1m*SHioKsZ1fCb>C)y{HD#nW=PxaXdh^R(V&G)Llp z#J%pFzv`Y#3+lSeO*!xS=l0Z`w`$4NE>$3zl9oJ><4+>s(z{wMnE|Sq91lu_CW3vy zNnk2C8I=5<2F?Ksz%pXSCtD;QgEzf$P9I;CiqWRLz?UZUW1|_rUq! zc5ng62$@p>O7<&3rRy6Gt1acT+ETuN(+53gX@|SMfWs03E=?n?mT#<2JH@9>@o7_i znzXNtPukapmG-qXXzY6Ij5D|KcxUF*$d zwhFn8>Qxj{o&Ryw%R2yPHHYV-Y2Kx1Hns3SbT!malEsoli*j&}Y}0AszJD`5vpIK08ak|Cjpg2b1eogPx7g_StX1 zXYE&wxLK=p4L)n3qD|UaqZ^?O zE&J?IwV?)Y)jtoB>EV5LW()1^53OX;_ts~h=$5OeQh(>3d)Dk@?s?lj`&}+oAemau zfw}A4!XY<+zOm$NAlMUR2(eDq>R|A2@K`V#90}%u4EffTfMdb=;5e`XJQY-*Jstc3 zm;qh^W`e&4gWw;*iQv5;o4D2e8Jq%YST`G#tmlBzfzpfC`jpS=K>2K6-O^+&TAHjy zOOv%|X|fhAP1d5NNmE&xtVK&RIxDGu>1e0c>#L9U`s&;LzWVlW*H<6iwy#bvUY+vr ze)^=Qg3*vhpb68sJVeXuZs9>4x33=2%MS0ikB@UZ?urm&|3TIasM%EF^T((;E;>djf1tx;_d1zwW5ZT6~bh zbDp&*Yw%8&_-Cv!X+~zY7>)D@sOxJ$S&M7IRB#=rYgnCWhHI}r6KjQ%W6pZtcH}&T8Wk> zE78(qC0d%SL`##EXlb$%ElpOUrO8UPG+Bw3CM(g>WF=aftVBzbm1t?Q5-m+uqNPdq zTH60KuKMRz<67&owSV4L<94My|1IPC#S<0gaBxCevMxV=GX+(STV+&-W*?qQ%bE?d|ejoS~D#_bPE;|>6&aR-6Y zxJQE0xcacfYFzoO#+A=%TuYP2wKQp5OOwX6G-+H*lg70)XHvzyP~>A8H(=Wir#@ZPiY z8lTN}-)rPUep#7LQ*!+WNsR@Y{cV7i>)Ne2xZNxcN4OE-z) zXau5c-Rn){8c5YIEHrP_%gszGRY858(T1qBYob9LqLfC6!zW4$dR_9c&3m;WWPkYV z=Dl8D-cZ~L{i5mhdANnE1a5&A%WeJdN5VfFSVEM)`l#XY-`lJI zT%H1ffMym?jORssyctV9#fEbF@tE2&S0;l#7EsqkW3BTk8oB;lH?O6ndy`zE zE~pHbgGX?vPbYUD{ce@({h;dT1E8|;A@DHp&!A+7xxRHn!N%m5F19%Pi6sSCT8q{My1FGNuEcg%bIj{wM9#nc?06zm?0yTN|FJN!*Wv~zUDtIFJ z2B>B1-UQRZP2eQ(?_dtN8Ps&Ix52sKd!UhBPy!WzW_7xJR;SAsa5T<$h@su&`T|Dk zEni4HhHr)IOLVUDY0vny7kt`ZeVV>auwh$#+P{2S99rAnBf<5#3k7v|HFoH5&!cs< z3Fk;b?E+aiYgbF&`mXYd-pr(^c{QP$x%4%ez!0X2*)$DJB zD*zm3>bAE2TPHyrMWpf6Sx@City$Vh_%y5(?_}`%6-SD5HosOi75hF76%73A(xFPF>IQ>{hw)goVT zfVWNL)~|?o>u3CgFTm4mg84&*fvuW`xpgBy^Q6<8n|Cs&c=|lu!P+E^4O_TR{UiEy zv<`zjVyzBrmFC*2*{_D*MzBH=SlMW7*k*$2*I63aI$!Li{5;5EcJEoCXTYfHZuO0u zgdGq)8!#y{l0k|jl^-)1YQ;u){V~@0nfk8aa!6s{73egR`!zRT4Saqi~#brbece19=MHGw56(v4dYJFrP*Q%6;$b0>`i@1Ed5~8#yVOiUR9mG+-Y8Ec@_J!DTu0I zPu;w%jd80ww~Ru=$y%0JE2fe~ZjwAxcC=x!+l|U}Rih?1geY|`OI6OB!KDfLa^5h- zD)-zQrg$piTod=@yct|u-Sc5?{N3C#9qyi|xaVGc{r*4R&IGWk;`;wLBti_)1dWJ_ z8W9yYWETQzRyGp|Az@K4KoTHqiCGX-Y%oNLk5sg#YHQuw*<6 zDi~B$RH~@|&v)kD`(EA>ZSC(r@baB|=FGXXo;i1B?%a@T-;^Hf3Xx#7rM2L({A7m8 ztze8$`??5}>D&k&2VM#e16PBx;dw>VjQ#DKh{5>eM z^%3wD@NsY}$g_Qe%+x1A?ciSr>dl9zz(c|Hpe8+@1_ywfz#-r>;OXFBL2dtf5mevX z466NW465fB3Y2`Lqvw+UGv)E1wom zN^D#;27BKFecHi3O}feQDUX(Kuus#(j-}=Jv@t$yvQN{*j^!)!Y4dzqtxwa$j^$h9 z(=@STX-wy=+<757?k0-GvnO8TKowoKHEnl&vFr&wSL{%}JK7V97Gh7lOA+mOi$9@* zc?Wx9D-jyk>94UT3H_UHWO8UWlx+Z_8R^K?Fl6&!k*X( zF~pweC}fa?XcENQ6VJjMW>2hw6k<>4GMD7Fw1^jbLWD4TLU+WTP|_#4_Jmfc1FcG* zu_xs5?1|t#J$phF-=5HgH$l|;0vDb=aen)v#)a`= z(sYm;!rDP*<2uFjjSICF%8JZy*R8hW;$`ELaiPZ@Yg~MV&l(pR z+N^P*-P`|r<3ifqni+fWSu;b%g*7wOfvuS#+Go&{9AZCeYW~f1inHlPthwA1X%?x$L5Hmv!T#|mYnUUcR`<|KMt%m$mGeaYe zoM(1?>0Wzghi7JZW=E)*A+twYsO4ma_-03;D?|ZmTQWOjR^+<$w-`><-u?;7?D!X` z@DD(l9os>f9Xr6WU^`e2?gV9ad;-es*ahAQehSL$;G_s+c6PNllft38ip;co9jz*4)kdU z`!s1U%cs2BxPyJ#sXi^or;YJx(sDMg@^9lx-&xu`pH}PB&hu%FKJ8MUcAZbV(WhaO zbTX-=JN@5GDz*QRX0=+C`itiN>q(`kYVyZUD*cTfq)Dc~gFV52fNF{Hl#*?U^4XRs zpPf{)v|TQrJE^2;{hJ_pM&K?U26friwA=UT0nyTQrFP=64NI$)8nH#2XcJ41Ea`*O^t z;j$l9hpW|ay(})JR9ri%%sova>r>{x#Sm)^9cG{BG_Et*s84Qd+Uw?`y?^66lS_|i zZgohDVPF%Tw?PgIOjF!Pa`+@mdwfE)MG`o&!AxuEOj2v}gr4cf6lfAj8iB~J&IEk> z;Y%|+fbFCTU+{MR1-+}2jjx*t&F61y%V7$kswCB~T=)cqrqaTXNl+YV^3mYd@b+y_ zLUX51-S>6PacH_r6c=VVc&lsim>K@!l~%cwz|eUIjrlTn`tY-}6MDr~WvDTK&bZpa zgR(2@yj8w~2~(|@u(7jihYcZ6uVzV%+LJj~Eq^v&HWaIB)nhesGkXvl>pPm-@|?A{?R1IV zcpp{ep9E?o?G9=r4!@w@2AMJ0B zJQxn@6u=DdXplVy4ab3uf(>d*OsW|@(-ptfGxAwIBVUqJ#$QXD=lYVIi+$Q9K21}A zmhYE7?QWlTzfUs{s%yJ-)KS%}#FBc)9QNOf*-h%4jvI2~Jbm|o4w_(xs>xL{r+F&J z92?Ac)KDf835O9G9#ws|rF9t`Ru7;dOwZ@gAnv0VX;qfy>o3OyU$_lP4d0t_88^e& zp0c2;r=WH`rI_p1Dnlu&WIQcMYiZh|{InFfI|;ZAAE{}4_d9d=OdYI+OjmRGr(y+l zudA-kWg$?Wu0VZ?ZnQCx#TTP1snHaul%KK`u7Z0(3#wpEC0A3Sp%SDzr4QAOJbkEZ zRs7rN!E&Z*L)EC7>8Jc~V$)8BpTkzR$R6vcW~Cbjk9G8vYo?;$Jmso&1v&5fANJC} z&ZD&DyaQ&IxYr#IAq*Y1Ox+UWNPe10k}E)IsqUCDG|HIu0Hb^{Wz9EErhx^7&j9Cw z=YZ892Ci8%EeBU}T>-8J7lFS8d4w{LHZ7oCy9AoD6ONmw_9>3&B^xUx9xIwT|){sP@T`aYjkY zxUfoEKC7hVOLC?w#L#BCz9i@8K280|@=2=YyV(d_eX@B%-Py4jL`m~pQ+IF9| z)2E@}AEPjwnHx22F&KLEV@qUKg*x?GnZSyr(p<$ayw@s@coO+NuYO}(R%z*?sI&q~- zYnRx9{ec3N)>08<6Sp+Ge(qd!jqE!WN8cbVr>cI5Jup@G$Wws(ePfxUQhR0#SC;?n z>xn4o@TyQ+r42)?qLF8KU9SR_2fewedwbElo2vmS$!rI`3HT6FGV{{ZPl!boaopY6|UGuXL=Y^Zuir zrPtHLdsaO+bZH%XmbTLWaL4eQ;QfDUR2%UP|S{IMcD*8vD^b>r|qL*I7($I84m0 zHvGvwi!`ft!#mdiXrZ0!7-~~_Jr-2wIssJYI?=6V^#xnY^4VIJFUd@TT3T;9m!+j* zo25E4`HhZC#l}wMCDQ%2rE-M3?m5Ld=%90Q@1Ff-@1AE~HLB^ML$7>#9Z{W}j2R`h z6*aXp1`a%R@ToIutLkgYDrVGFR9Dr`uqTt%o;;-gfc^t#EUKK-f7I)ywYtdSUAqsXd>%YW({robyTIzt$|e z@_{cd+j2(b`LFGHXm`KAtm*dWm;SNtZx;?9y5P%Ga*t?uYV)~!7FPfJ^J6ES+wkj` zUrxJe?&Ci{YR%@e2c{Gczq#j-CsH0b`?bEiuDWR4cZ)y1H|g$nXUw5bU43=?l;h7o zrmTG6aZ@k5JO9?=9!p#DXN;Np=!c&TDy>=7HR=3;kKa4sXW9GSI`+d0if?~?U+;S0 zKR?+v?VkG%_4pSTy*B-j#`)*fR6g`>*_&rn4PUpU@0;^h?RQ_z+K-ywd3?~6HShjy z?Y8gseeja~y1d?eUH5K%zRP+hr{ujMUo1O#-0??W-mUG*@>9EQ{?5C;Xk^CNUH`iL zma=ay+i+!O>!fWtTN)D2{!7ozzdE<)!6WahNPFy^c^kj`ZjE<6xb>FlP4oYFX2p(~ zUq98e_wLJX`u(+czTW-7t18Z!^}EYzKY#O*nxaP^TRVH_pj9i5{b1q1JC|Ser}vir zEc?*qhi5);+UXD7JMq4OJ^%E1+}}=ax%c&5hxPi^sn>tGy+7eBUt_-}3u2?m6Yb-dDW)(bMnk7k|XL*B*7#W52rb>USpOymL?M zTVp<)Q#^6%!Z&|&*!hR8?(=r>twkq2f8Xz}fARc{8>b)f^oXPrZojFk7k+KY_uB@Q zOiK2`|FHJWLsp*f%}dXmeZnUnPoCFz+D#W0_ITs{pWpE8v)3Mc#h0f&_s+=T`+w1T z)64y&KRv!r zmT#=zCr1KGIq>|*5>lz_PbrK)9g}=JP?SHIq zj+C>n;h9C6wZt!%7$GMKYJA)&{8gLi*DJF!Qcicnvy;ENmt0bW98-&Ny9v`>*PZwC z^^tP+BP2d<6zSoa!MNlIIr|$P{gwN3?K%cXwZzbJR&L_sUgfWsp8X@_FjT|i$%(u6 zm|G&{C>8N>uZ76r3nW~H*4F`s=R*odAz#1x4RTacq3O|_M|@lw$y5&I4v3JG1~oqJ zO%uu->*J@=1j6&BRudnmMG7xpX%TYtU>P4bk-v&Pf8M6$k#Y_;JX+B8@1`l&}>6e;JB2synXr6XJf5NoPtVbW#K&z7sjof}a{3yc-%1GXl}%0WM9MjakdAWt zM#wqV@Ki|%Zr`()u8Nd%93g1_kn|iIAxDZnKF*Uf?RgGdipbaT5pw!P$kAhWeB6!v z<#x_Lx1M=wq?{8CPddfswdWHeQ%0uJ~h>$bL@N_O`aD<#e5psqY zp3d_%)bNDnYepnsP6pKYxPS0hZKL-EqpA1s^o%q-99zTlk#!jnaz+^*t!ijQ zZ0$Y>k>PSqGd#s1=@}Iv2en0dI+t^X;VBG}b9#iFOvAI8zslFhOOHT7hNmaX@Z^T% zD>Fh)w&C&8^Ub~oJr*e^$MB2|Nl$i!oZKHFCoe)yZiF1Qn@ zGYyZPqCGj|Bjn^8o>_Eu8lbcG{F~=R$|*2BuaYmXU*t!~nP7OdX-p$@@|(q&c;Wfd z=pP@)n`+Kc_~a%;$YHpGr}KPi)Q*n}%~xTB99anQaaz-*J3AluKRh8aJ$hV-kGq95 zd;O~@LQb*ac?dbG_kqXEM6reEtHki^L5^4N#SwC*7#{Ue#V#+p@!UwgI@R#(<}Yf> zxG52GXm+Go^&mMXI!QAko#azab}5HKu}M4ArS$YE^Ib|W zpK_^7Il`yh?o!fy%5yHIw@+aMuj{;fc^xgo=Sg=vVWv;XbSa~J3I{|Rce+nu8O^wC zpK_~9$@M85b7kCkpYpCtDfB5E*kWA1PvNK)<0kl&(_KoDPnqdbihasOE@ik+`Hf2% z>r)b`a<$?(|9%yE@?SD$jFOG)%8Pq>u*eaee2CDo_A?^4oyN|Hh&87}tjjJxZKWOGLt`194zbEQ#5#KQkelsj9vaK=bcm&-2lJKr z@ZS!!Hh*X=!_y&Fg^5K$8F$jO=MJzlOQEq0Pls4@O)QnI+?X?37c{MdvHJJlE>g0;LAl2ucI=ixtWxC0gOXe-Am^fzv z)83iGy(oFh{H?G->BSW_iz}A|KduvGSB8j@Q&sML{UsQtb@Ig(_S-i>SsgzWlR3ms zY=?lUApsMsE0(ysb3=+@N+qALnY}1$5qoIzmSqm|<+uUF(5HN(1x>22s98?Hz+qml z_4Qu&76lcH`Cv|nys3Pf$IDzq;JDhURp$*G;w4YT*x9BYLhWWBmM9iiEn#O3FE1j^tD8Tys%BwDO;%>+^fBWLvvbE4 zW|;;W$uiYtDV^GpXUgnFmHKLRZbfZfP)vxB4h(!E$=o)`$qi#Lhukp+N0uipgtenQ zeQvKq7PCwil~eUYo6R7TD<{ilvM?JAvP~&8yRf2*8xVspQet6NZjd*pY`*U97Kaj- z9Tqyx#l3c%uiX(9DMpe9b|Owq6eVE>0)$Se zm|df9(yPT6X62cb<(;Yf7V2}Hx#v~Ylq>AaFj`?JBuc8jQgSAOAGtWHJ#8X;F*HoxBgRv;o7_nf_WW1r~8TXc#md&py zTUc6FRkg6PfI9{b?I&KY65R5Q;Qh>g_A zXqlNgB6CRTnOQX7puy!9pKEc|md>3_eUr#?EE+F+gU4n$XVjKf``0nDisaConmjs5 zrwkl4B0ar~O zczBTu-B_S&*_3sfy$p3psU4OG6ttF^((~Z!Ho!8vqLu+C`3zohq*kumdkVo zWQH!&inf;Dh%mnN)WTVzOB3Q7Lb{)W@7sa8vXfw$soXbYnO^is{7zw-vO#MwIAu4Q zJWViP2G7e{hr#KII+{E!VGBvx{zQ{E9C_Q} zOFz|e#geC`iz1h&GkLv`w-&xT+!?)C^7Jh720Z<>j)Nmw)b!;OFdUv$8HO!pel<1u z2s|&le6i&1gl`Kx&uZNV7b|_U2>TkIvqp)_KCneAzrNgP2|QP7{RbCI-m8Rdg6A3) zBuOMEZ^ODOKD}C$Xdk>ylbMfHf`9+i0ANodkK6UwG$=d|q zK6&(EesZ13`v9JUG{b_6B~ST19-c2;zF6|4S`Hi|NkJE_{B{wX1K;4WmQUpzEx&3` z6)unEj9wp-cQbrfj2wi(31_#gZ2wERMCWHT>if_(jWaIqmOZ zczS7l3)hWbwER8;{Tz7uY7Pt+t3IAY-f(z!Yn=-hD}4_Uc5ET9;qa4-CGSS$eFRTS zk>!gePm3B)xjdFLdVY<*V$Exn6dW#=ysHR%1fKCFhRw9oXyvzz^v#E7tJbz~vC8if z_>P^*p-|H-U#$8_rUAbS&(^aoUw0r{ee^`$1ZIiKrD$-G@Dmb~5YRl+lKe&_O(-^<}y@AAcxcM<{5!}Dcj=ko3%xF7S7FKaFm zr*er_zpo)LVIgC>o%xR0KdvW!pT(q)pIldd(d0dbyuI)|TxHnIqIIHpS!JFXu zz~v)aRC#-#e+tiz20S>GbF}n*hk(OYa+*t{VRK^1+fBgH@EqJ^`C{n<^|y0f9?Ka$ zeXkMtEBI>|c?&%KR$FcD}CDu`yQST?lo*N({~WThumj*yuZ=X*NYqV zhi~-#oy$ujc$v%7nLO#!HSj(5KpGXG`_{r!^+(IsHHN(P$om~U3)fq| zSp8Sod>x)EHdww`@-%+@1)g&^TE1B2H;Lds!_#|{<%=~Q~{Hx7PUSk?>l(1+d7vgHBjgBSkCD3wj%GqXVKBmbuO=p;A5WmBw38s{;osbRqzdX zp>ui16FkS|@uWtRC;Kk|-xGi7TwWg(>PPUTykq$afN1i{_hW+`gGl|SmTxE!P5&JO z{nF2|$N9;TjHvQv5%35+J-;w)G3~3n37!E@;+K{$K8Cz4$U7FEE_*CrtoEn&G6SBw zT)tT8Q@?x|o=yL@^7a9u<#z`3FX1Wr+VaIp-*Dtr!*jL5|c^W@HgJ*eskS|($9!v1=;Q2hk^2KT|CnB$4pEze3Ke<@x zOCxv65%{c&6yV(B+HP{!|~U;d#pCiVf zqNeiq-7r4p<=4CO?Zt+PKkApCMes4-9X zyfX1< zd~@=8D77op*>#I}F74Zc?GDO=^7Q`x+JD@w$7;$m&KW;3yL4jq_`ICr(g}IRrA1lA zd8IiMClnV=%rDKGkd>XE$2k+0xl5*NettOW#0jO7Cyp*I z&B-cs4nf2M8eY6pSan`Sjb4Z^n7yoWas6T^owI6o9;o`1v+W`yqqekWPHt7Lb`H_5 zy7j0cau+9OVo~W7R*J_VyC7@4t_C^B5L|9#7Z-A~{QT^!oHI)ci^feX8dp5Mble0} z(!3Fn*h7ad7TRU!+=-Ljb!UzdNi+gVqs8ZKgTx-wNS~LooN?*|c2RaT?U}qK_Q;Q5 z$kl7U2N85bM38eR)-A7Aw9|=pSF~smdL<)c>A=$2i|Q0HnBvjIzxBV5pON9FLpi_sN6M+MrC9}& zkWJL<|Es7O8AcSvZ~`)Z9Zg2v{2DfDpp=96I~CrmejG2^^Wt+8HHIsqMVvivUQNY3 zx`FmE`i(&~dfAU=_e=5=qFov-nr(8toL^D7lwEB8eUzVz{(}hqosJ{o1<@idt}3q& z&B=Z+>eQOTlBtu6i=3WZ>RcN9le0$Wl@{hqIBROoSUx_hD2M#QiRj4utir;)T&8CedmM#` zsp|gHEq~$;wv&6h!PNj#9d8od-IkM^mt8U@Oa~}?g*i66DkcqCA=!!;63p0k1dLMs zr6rTu3Y&#Knj*Da$X1O!HUpVV9H1;IlSY}|=_j#xY{`T(OLNgig9jNcq`WVkUAm}} z^Hrr>^(Cy(0;jwWhWrlX2sN*wNT(>Wrx)iLo&O@abw`771%(rfic7PnmrlrHuvFEm z)Xrmf9Qsa0^CF2Vba$F~CFg2Y3HIvE2!6`c0$e3#1j;HdE*h6zQk*y0QKx zmF#g7vWli-r4$q}>UzVM5hH!<)ka5!tO4XUCCFwnqL_{*?WWPNUs-ukBbq$!th~}< z_Jbt$_{cAwiG>;-vhv+wfKon|@WyB<%$`0qi*&lj?yW6NtMXzx~K zS#AZJd@$wIKy~k2)BJSnTl~6pi##`Pa!%2>LdF@BQdMYvVU9YK65c}%WAa$)hPT?R zECy-U1Tc+7Cqdd$2yP@J8yb|?gj88hevvoS$q-Nj@rpKR2q;8HM7q@+7DsoA*t2H( z)JDpyG+K4bc2JJpXpvb?gF$WDYs2}4%DD`Zmn73>EUa;AH10#3{6br-x>kjoD=J+5 zLV77E)95F$rNfpzabkX6)&$cOo1<0qc#@Zfd;7@2ZV~gnkn%G$UhF z{gNdZCgmqqc>xqZd!Xr|K}rLSU8RU3U6 zt&^CfNTVadG!SVyX$Ci!VXDCheUc6@tI-&eQ5BHswJO4VTVK+R8lucA5URWv$ZVJz zbz73Utc+9l{-M^XnuLUo<*A0dYh3hIoEbL42VXBwiYUv~HC#2qdWC7?soc1wW1E`k zS++z>W7GA4YB1uZ@Kr)ezo)yyx`Hww_2C7F=nthsg;!cxHK%?qk1UBjE+HWi!+^=O z-}6*>)uhg}UZ#fe-p><0|2b;?`4wH~b-n4D52s&y|Ejz0|LZjSc2sKI+^Ik7^Y#td zA70<`&3BhRa3xc_TJcMbJL2l{jVpIgTJ`OyF?Zc_TX&}VUN`i@PhT3mW#3=Fd8>2( z*H@OEa~jLG+#ogXhGqM=49b`|__1etP2Tw2nBJTyYv|ptKJ>$9>o3~AbIAGe2^WqW z&&jWbo-pI+jW^tKbm6rlPq=f+Z@)U1H^Z27NsX%+J@eYl_rKB9^{{8Y{^rt?n3|hq z=pWut`|vX_9{BCvq@=T7K6wP?cDtdMt+={j)ZW!uclGPCY{;eq2e6!G=r3RJ%5&d; zary4$fg=xoXwBKo-=EGLWolf>&(41B?xPRfdDDqqcWyuO&0CnZHS~j5teklCoew@s0QS=76D(o=|q^zozXzY2WJJTYolm&r_Vy z$J|kB+(V~Vx5e%H$Ka~J?tJ9+UpG9?)H>z-h31u*bYWZcyqejI)Ai(7o8E8P@L|W# zn93IAs`F~o&#bKDl(+#iDwmWksxPm=t7G9t3>Y%7|9}~_JRMe)&zM(VSzcZ-xBvYA za0bWD+>}*U|D;6Jm(|qGU|(|uSb82WD)R_olk#8ZtA6netgLz_1b(U@rR{%{q|jXQ zel{=s{4dhxl^YUy2fVcQC(3ji1ck?FSM`%i&s4*bx}TUR+dwqd|3pD(ce%bKZSSw+WY7py ze4gb3J0~?4?B%QHZBE=DwtUAa%xzf`=>$slwq++9AAt>g72Y^8tla8dz;iL5*tQ{J z+v{CO4x^csbFo>x(1mys44n&!O7t%B_Uaqyx?(NU>C4Y^Yw@^ThBT8APn#J;`;;FB zfio)XELz18&l-Neq-3m%>p0b#kzuD?vHcH74ZVZM4|3+YzT~Pyn9swms+(U~%XG0$ z*EZ+GHiWS1p1t_74(xxw{E&F3LFqUYOa*&`hk}QL%HxsXKrkKD!dD;gOz>zB!^=4a zoC6*QYN5Ozcp-QK*bJTss*)B^>-M}^`RsYK@+CPByP@5k$6TK|uG_73zV_3cXsX&) zI<-)c+&q>KZtQJ*+B?O2Z(!f;#8s1M&Q9PXRn%NyQfhN5)k&p2oy<|dydux-q8}za ziBJ`#`>ZKs7-QMyWgj*+0s zPywm%$}GwM$X_Nj&nbPX44KG7T;jcPwlerap{Wd>dm6;^04RA6f|6~%5#da8eYWsL zOLDgQv~8|0wD8-YS>2YU;s)P_rVp4Zkvg!UX~u_Y%v3^*Ud&22KIvedkD$d? zkMjsNcM=~iyyBXm6^2!u;&kIz#;+k(#RXTQyy^>5eq<#UdX*TWGOM|#=adfRxjVmd zmsmpuC~dW%%BT*M%3KQe1PczIb%|F~uDZSkRMM^m4+DP%9u58)JQ-x)R)h9n z{03AR&GYL)K3fm+*?O=v)q|x44U``qsy1xx!uKbBc(fXZ^w^_SF`=p_Q=edXfBFNo zv0?p5aa0!CJ9T-ida_HcULCm$ud(YVbiA7H)lZc1>Yxy1xWr2BY``*ROK9CH?csI1 zmJvw#(WiVgV*LWth;| zTw;GrHl^bfP-Qy+6c49hn=)KTuB|C2pDjcAtSM({kHK$g_5%?z;e(~vxGd4B-&g91 zXcQ;5T!vG3xWu-1jyc-DMyYsI%8LT}|o1VcQ0s_>%lkg8dvOb>QWZO1q$|< ze$t$`tG!!W-Y#N>^qGRajms0Ax)D@gAUm-+Z+GL0-HH|;DA?^r+o@t;rbf@k}-FH%YbIJAqU(qvB8#h@iGTrdeoX+npKHAe*61*)?vaLgd%2cyAy;z3f zT+?P$E|tc2H9p&pnAvoF(OT52gc?Dhob+&Li_+xtq_7sHIO5sNZ)L0&6|`df-X0_w z!zT2$Nb+1r>k2b$)VkJsY@pJi)}{Wvil5xYvSAk>t6Mst>c3RQ1z5Hc;tM)hF`H=O=d~ zRiU)q1Ren13?2vm790rP3d+R04V(zx4k{maf=bYQzY68ERVbgWLQ8wW+1?=Gs1ek;%G!YmtW(Lsrp$SjCl*F{`$0_M+K8sgOF(n5iYB1l=N%&lZtXs4)*%KS2t&z6yVvCF7$ z%rcUC|EXnk1!)TJa-n5(ajY^5j;jBY))Y48nl2~f!ge|NY+1=?%ZjPWX4F$bYU7T$ zX8!WU!KFQTj{LqPjZe16mn1irB(}ey9+zrbNw`rvfSjxKn1K$IGV)r}r(8eEFDI<^ zcyUf3?EYZMcq*riZ*01%CY|&BIF9Ovb&ftVtKlS`dzZ5LMAvF4_53(U$XqLl_IioA zPUHH|JT;b<&gFVU56`3#%~-?|Fw8GK`E2RQm*l+dhIV)U<@&r5O-{KlFEu_73p0^| zm7!3Q+W28yGkrG=TyS9_1C&MuXuxs{Qtak z=Y*8*AU7SN+2;)vuf{;zIOVg&D_@fHPdBu?^RDYN#mj_kj zdPDS85lywosbR>eZN`HtP_<2&j)R@iei3oWmNLtuNBIl=5dVQIOADfA{1bDe)A*O{ zwnfbX%*MVAPQ+>_jGKAcM8iYk>%Ovyl(v&xdN#I=(wpPjIJuzGmFHe#9=nAnpDjH3 zlFT}Wr9BD1r3D{@^-w~y_^`?}LD|H!;OO9%4> zaYp4m=F{T#)8UPKzBiu)H_y;xQ%`gQJ>l){hro>;bU2A(?h&=CR>ABezO(U>Q5Nd- z9K6iXR2bn3N5hdSRAF-AhVR4B!WE9<$hd6ccY9=|+Ubmp3{$z<9P%GLL;K@*YKR7! zZ{AJl1w~(ORXbRs!(K%-%OcV?GG67LaQlNAM75#VKT5M2M0bAWmgIEj(}~IlHjy!s z_Xm&TIt3gBvSZWC^RlJae6E`PQw@rn2F?e2f(_sypvvM@!iK{{+;yKE63`56uKCI=*0!*W&265ciJEN?y7jnvo?R z+~D=?7lbXFjZK&vC`q2%+(Vz8CqiISGGCyl?ItvC=wj_b_Zfag0?|jA=9$pAzKhYU zuqVXpiEM9kp&rcxlNinHC3=_3RPT~CxBEvZGWjw>vHNF+N4-rd;Vmz zM~I<0sDYM@Wmh%3R6|$lbh@NzmSWsZgO!N+HAQ?GLCP!Gg!wQ+aHi-+n-23=c~e_e zwyrW1&g@{mQ~CW6lyYka)mA?Ohl3x3Ss;h(H{^kzfra4bpdJvv0Hq1O1RKDwz*XSa z;977ms0Fug!F$2)z;z%RzF|GUHv&!DW-h>O+w$4AEnkw;o4=Np?)uCK)3`IT9W&tk zP&-cc+wpwHDBHrc{2SJEBipT=j!O718*O4pqb(!b1!N`qgz!Uzsx7H@<-!~7v(UmD zt>UN>@8S20|F4bKpR%X_RWJEZo2ZoOHT*oMe5iraFU)=i(O;y&C~uoVHPDwpHPBZ; zHPBbVEbwoj8t7}F8tCib0`N_+8r%Zbfp3E=z<0nk;Je_j!GD2wf$xDT$M-?i1Cv#5 z!<5f9O!<mjCR5YehoZ(+m^gA$a_yuJO%2tU*tj7MJ=i?nOgfBBZQPJx zF3moKvG^0EPNhRVZH&T{dTh>OqI*w!cQmfokfjr&FN7~A`D#Y7n$pdLg)f9Fj*45F zRj({r7pDKb^`8z3(7THl$6}}g^w)m8LD&qrW)zRnj)Hn@eu!A5QOzWD#+wa8rkUIh z9!wY?4l(OHY#%ZcQ@;ZYoX^DI-eX&YM#&~poMvW|M&s-1NHd>dX!O^J@ls=g zYSF97aMh#nBfPyRj@rx5`P~q!y~t+cka^A)o>*U3U0-JgOz$p440R#%lfKdBtre=h zl-XSpF&d0GH4>&vA6ZUWaaHaeRv+L!)r8w|%7@xis2z75W0Ugs8&F|4fLaH>3Csm= z24x@K0xkw`1@+{58>lvVCn)>ycc9AWZcuIO0&2k8aq`)=C0~;Bu^ZamtZiDF)Qshm znz1y~-qM>3wz{hzZF#$i>9pnTwXjPN$lDrNEdv}K($3bXJpoKEvj&s0>R?1+@v%A* zoZv3l+fp3I#8kZ+HbqBFbLmV39?#8EK+Py=gc;kv)PW@48a$|e* zkg+F_o$i^HiB0S4w6>#2ZF$@I>$J0yw;j#bT(DiddD};3C)X}tSg@Trj6Lz=QJdR5 zf!hLOlM%R04?ZR?^RpoW18^>9O20q-qw(o3Ce1`i^`;-COP1V6^>%74hZnf^sU_OCt@V|9jnC*q8DcO#1?o7K{6+{2;mf>uZTxk{+r(>R$K?aHbpSgCfiqKRT9ALPXQ+1B*K zF*Ykb;Z&!ed?3jUPSs&Q2iboK>wT785B}S|v~*xnN?r)c+y+xgP^MW~>4Fvw{wDU2 z9_dF?Jf}L6u28CFxyqI9WA(@^P=z%c)EG4fJOV5Om6Zx`FgO>KDKj5D2do5T$}9vm zMlAwmb1w!P!6o2ouo}DrtOb?VdQjO}3ce051OE+P06L`YB5+^uXW#)~19&315>)Xv zf|($nf@)wg!?^^U0A31C1y_SJz-Ca>vjK21xCX2TTR`?OIhTWKvui=McloXUlh5iu z`I5|5HA|bxwWY0gecg?*Woh^LG&Z}reA|55cAsYSWG{CO@G(anu`b(;zw-Zx73l^O zhiF7^+ag5$wA z!85_n!F)}XPU=qi`UsTRk3r?}6Sq#!^XpVTTc`3RISKr=G}(ccMqRm^-q9v; zOAn-GOf{u8qkr}WvJ&)sm>Bwem|#*9K0l_EDwRezfvTZy?)9gjT66eRgW`xssb3qb zhP>y)ocfv?PCGF@*}DnxLR{3xL)rFfIo7D~Cl$=Yph~+iM1WV?N>i>&=QENGy8aEQ z(!L(l)WHql(cn#>YUXB8`S>lU2GC3i+nyz#tp)j#%q|>Dd)4K$i%9OsvMj+dljnu=ZQtelce717rOLBI(q20~;f~AG(Bey4@ll1(S=&l6# zy&=)GSs9JddxK09RgAj7TzJJ?3oX226i1m-mH(>qiqV&j{@aQP_JwE_V`r)&dWg~% zUI{ZPWTp2UP?f-!XiX)|29<|7peo^9zY^rLl^~y8?y1M1w1_B0zV8_^~ z$BojMrGG4;Dt*s|mwp`qXM}YN#ZhiFEdHkR(l4y9nfD*7BF}8gM84;A&+t;Mr__{= zrJzdnJWvl=%R!~>d{CvzOBkegn(MQrDw^GtET4V9%+jJX?H|@VdUlE4ywxXFz_Iks zU4(`2_EsEaO#M?QRaqBd6G_?gwaTB~x@G4med$s$R_lnQGIdQKz4~O^yGG+oex6fW z!z-qOf>-+If)X+hl+LLHm8S)u?pNbijC{6YXFg z+1?S7ROMH#j}g?l&ZUpWwo@650aXO!K=F(RWtioIgTMlCI5+{!1Sf*IU=dgV@{wfo zE>;Ox%Jmem2Al>;E%FI;GY4}vcs18E!5hGHK$U+fs8%jR(5fH#Y%7;9$vKF>mUf8i zOL7MIv>`stJgI4`hg08e@cJE>B2=w?zLTz5ibQYa(oFQONM0~Cw7qNk)1N6|_dPAT znK=ozJJBD+9c#F0;C2Sq?LsSh(#A~>+38DSB_duOfw_gFNRH-+?4A+Z#EO1-%4V5gExlc;^46%rm|Ox);_1Et=upRL_al@gBS@77l5Q0<%fz6O==Tu|-$ z66)8sYx!)umM_V9%MI=ByyNwOc`uv1pCqRT=B({3}`@?Pa8beC5PwJ$1h()T6FP3!BEcI3pf z6GCU@G_H8nsT&d~d9^4|u*+!j=DeMaD|Xtxb_5&@3+ezoaqq^fRe_z%|Fy3{|7%V# zW!1~vLAOg;wGp4Y^wGi#C}u24H;*gceR)sX+3}1?-*%^Nj5tcRkDQcVmtn>gR(Li+ z@cWr=oRuCZ*%YK`MlszX3k?!=0e{*jG6|{itBaWq@ZX$jE_t?b#k21FH_y6xTdx;s z){{>1wJWe%6P)ZY4V3I^zD)id53(S#;|gk_aRtjQ%iHp{iMJ(hTQE0_e_H!VEc(7A z)fDEJu0d|@IZdt2TXaku4d7PJ&> z(cm30yXjc`N-k>2+e}XI>PdxFtOPeFX(lHp>GsE&+i!8|SjA`UcFV}Isdc$XY0FlJ zr`(9fHoeCJC0l~k!Zs@H(R(aNVdagNP^hSX5NU@RN&BgdD>gfI19ktB&CQe83t)Kk z-V!O|MU{sGc@Kw_${zP6-5qggAK4pfg62)Qy*u{(_WSQmBcI%s_kz;ZQu2aX8D0>^eZ`>@ev@On)QrkNR!(G*)(XCWzBi7(AOE~*2kIbHdCsqu~B z?_A@1j=whaO?)<#=^K~EBE3ud6rUX|m^O7Kuf;c-SY6Ga5NBTMfOs1b^U5ph+;ui%cI!4#9G27m&OV-)xw9)5nGIVqi6U0q z;^}nNIaN#arBKe)vzB-x3cY%6_VV*)FVC61XwjV6Wec4{2$MCfBhsqpYBJOhI*cIY zRwox$&z-z{@tmqf9Rf9m=!DJcxtuq?m~YQ}LbZ^l^FbmP((LNpbVaK6_DFVEI@8EL zk{?bM+^a}&M@+NHGIS|!2s~wm(~Om}0nH6f26?cs3v8h=Ho|?cjUnM$yo)7VW83>d z)=fcHB|ED0<*;8!`@u=NR{c7Y{zQ=V$slV?>C#!>+bCLi)H-V)?zE&s>Aedjou-ZR z7Bj;a9+k8$!TXuTNG-{3_5@C>;k4q}i#o{7MPQSatN4!v<9A4}$~?5ZClf85wvSV^ z7lP3uDsvz_tZ>NbDe*N}qg190oWl(htA@q^8qve+Eo$8g-{gjS*Vo!YGc8=nrMFsYz1EiWnlds zyaoIRsJ8za_jq5 zICwdDB*;tsPCCdYFy|=n5%6g6DX=fdu{F+dpv~o) zw3h*3H*g5JA2<{|2pk4-Hj*;}RNu(}j{`@7EEzhZK$Z%f(?NBZOmGsI1u_lmWP@je zd0-hh8e9mD0hv2@#)7rrnILmrPCm#Smooue0Zs&0gN5K4uo%1wECGKFP6IWbO$U={ zAN7>AHQ42|2D^Mo&Tk04%Fu3deMx5XzvWY%TRzpcrQPe(w)nKIKCK(2XZgCjz9c8Z zr=9N8Dtua{Pg4!rxGd_p_g&}HHuyBvfaT+yDwmIiRF}rmsY_FdS-uN=no7meZt`jO z__POn+B%=M!KeMjr@iFU-tuYh__U9F+NVD4Tb~xksIL?xIs3W3?s`eUrSWR?S*+dVthjF@x~(Dm))mr)TE4f-m6btkZK=(%p*YKrevPp zXUZzZ>`RT;mMOz_q#kIV#wJY+B=NK}KB1X?sqE1jn;0lcZZ1qVqW3fQXX6fTnB1IX z?Bl&BYB4gNi&UZ^Y<(}gTD%_#;3*PAEDzrq#z%f4X1X4NCd*olR4&|Ldk$Los-)sb zY2U*y;8|Kun89Xey0kWDF*M!_(dC{Px!Do$2@51bn@)r*(d;5ULfr;SB;J%=q?&)CW4U=S0m!h8$en+NIxW5}s#W)gBhNMxl$)fdmNuS-XVG$?Hkf=b^*po;Y(ip&

dBxyyTYW6E21a;Lm`BF@{*J3D3?dl%CaBPS)KG)gt=(LT}4 zYcsu|c>z7g!m$UArTgp%z{1HKy=uF(uTy_!Hv!w$d!#fiHgWf+JgQUl5>p<{P8j)Y zN|THOp3qYsowPs7fxxaKUrK4pg8B!3&cdfn=p)5(sphG0;j`R7G3Al`#6 zco+I!=&7l}Yxs&&6GuLu()1~!O#GL&>Sn$;UBZjzxDVwywimufS#0U;+bouE-7*3hWekmIoPMeEf+q!PcR4dXS+OI!+5%e z@SN)MbPMC@7Q%BN<pOU*Fg$%0t~9$79=>j>I8rKmz%{XYj8&Tcx~c9F#kn0ukF*i`vh#IQDMqPTb*r*D z*~|5HtI$W07fGBNIZmwp9@2?(=W;%32i7}b9T8-WRJY#FP0qah48A)oulcL8&}~r9 z{?fsbC_j}C)~HdseL(RX4eCC9!CdfIP|Ef=a4Ogj)Z_38;2iKoupB%URCcg^8r}f0 zW{o9$8u$U%XMi7pnV{y-vO(2N4k&HG)U2y5ZY36kJjvtC)jIpVhwM0OQD5Nt|*R*^%#E3J8yR5 zYV#IX*DW`bE1|a`rt7@@Lmfuy;M!!m#|P@Zsy^k-n+(F#HAOoMqE*E5*`k%tzM^Ys zPZH14D6&b$M(Rm_ZkEQ}yK;oioUKPu>}^k4(A8UWQMsv`#-5(i+`LLwKRK14cP$+# zYao0@*o$)lVXd)BFe77J?Gz4%{-OO2>QyS+cxxOSv56PDAZJ)N=r|t1+rbC#OWsKM1O#GW+ zsJ(<*)}jJyW=y%t#Kk0Lp;#+udg*Xv!Oq%~(CKDUc6a0OUbTALm8sm_=KTp>9AMTA z_QY!dZhygujn%QvB{^Or#T(JFzJeCsu@pxgYcW54KFYeNMsR4;2)&IL2@J7;I;iyE zl5HMqyRwR;_0!dQ=44mQ>(F*I8K;WJsqLtfT1IVL>cFXL9c37OHQ&)x4%6LhEwA~j ze5+}t@LOdlyw1w9l*)n`2BW)og5voEOb2&?O4(0i)nOFudT8&eCoXMLh^d>8;x_7C>Tz=6nnlGnFl^=2iz6ddANaD)Z$dha zvGZddJ07Z_D|J+9hdEBjs^$P!vOxD#)r1<%r%{|r`{|(4!qcKDUQIsO;+4-9uY7j% zj-@>YzonU;%M=g)$kn+1hij7 z=eOn<9iPqo+)`F;$l8oum}3browbzq3GMmROk1WgmlQY4^fD7!dDWQOmT79ngsPBu zt6*2)VzUCbo_)N#n$7D5Ft!g=lIo5pb~EoLu^4I3(A()|V7oG4{O*8lO~wRAQq`Q& zoOFEU#+QlDjz(qp?2^kn_~x2Wm3g>n=@6ncD@-nYjDHbYxM`_4>V9AI`(0!^@)l4g zRGeog{ne;UxxgRh&_h4Cdg6^??zFv`8;`Y?p|$t!<{tYv6A!dg#izUX>@a#g8=4Te z3^W+Z4v=eQf>U|?B{&Sc8k8!z2FwMo1(gIfxiZC2X6)M0Ph3u0ylxb1D^x$1yu+4fuDl+gL}XSL6!eQpjyI8@?iUpe75h% zmt^)yv>KXr7|568eBj3D?zFqUBu9gejr)yH(^J2trMbS)=l`}$(`snrrhWQD-a*8l z4S)2!7{rD$|L4%F?(yG7OH7nOXrsN_pBuk2Xb{qS2FMYVG0UM_Fq=M4T68ojw? z8J0&|QyPCoY-{S}`mo}^uTKfu>pOby$A(0s+TEQbCTjD_?IbMFDlv_JkpFwL_v&N% zm5$iqUzaGcvJ%}W=ev8g{utzU79<3kB#*-YCb{=A@|&}hZGhesGj~}{tbj=eI~JN- zM=4U1{-!*dxboixXVD=Jn7@I1c~2cXrYMGyW*GxxM>Suz#m_?9#hX>mI6pYJ8^b2z z;#b9O6KHR}R`Ew(q0FC`?uM)uZRG}O8+*HvmnnQ{SaRCXw+k}8>?T{*_{)@tNp4=( z_wt%{@_ZxC%dZWOH+L_xrO>!xnwMNx*2?pz73P^@c#5R>#W0ck+W5>;EoyqM{($-G zL&Hx|xGkoOP3f4MGO@L&B{#K~y;-yQM2O{L2JD>1J*i}`gP84fMaxXoa~3|`uh6e8 zFZEl=s+;X$ah?9M-7(NAw&qq# zl;5e_*9#4+;jWDHZB2#Z!BG{)ub0P-XJLzi(yYYBQAtjH+CmeM7HE;+#tY-vJk_QB zS=)?OJ}oue+}f8QTjp&I-gwt$iq_oah=8eAy_s%2uK1_ZnoY_BhI6F3PfFvR=y!WF zqa(_VX#MS2GWkl)I{kI(4+?3;JNi(g_QTtr)Yc?a zVgoJmHMdmrw{e~RI`s$mCiI^e5O=KSPr%Ky7}#ZG*qd8SIk?@>Gk;A_bS>akr8l^d z%Ern{544)Q$>2`fF-NzUsarIO>J~+h=EBqt1U6L_rgfwwHW&7?6we?xH)zX3hbqMq z=e@pbTh`drku7SvH3Mvwu$^pVliF(Skv2g|w`7WLx(6!;hO2R%7rVvegVJm@u}x^lmX<*5wx(&i8?JGkq&aoR(05uy zG_6{mK&$!Nr0~X3Yt>EOa=BAhX`Q}toe`3<>On4SW^J72NoXvEH8&06@8IVG2LGTZ zt*_oqS-at@*SkMEcs)n!q+GfFtJk`3@QbXuDOYz}r@v0!s6dN6fmTUr?lE8KwW10+ zAJ~K;!|K97tBLt^LUU_xxYY%OHi~U{y4E78+d3KfgB{^X`u&ba`SX|(sg)7KrK2xe z77?$lX{;-){fL0^8yzEJz%Vp!NVA-QRuM;Un;ZaWJ!hZjXuY8y= zedxob+vn0&!<20sy18AT#ngJ*%4X9v15M@J@bjQp3GeTY7bQM!?>N7iz`&vzH8Q!*ww~-6E5T(!1Qm4FXXpzT`U$QGkm_a?I zF-hIP8fL2{V3IqGcN|Es>Y+i|#&*Y3PlLKfX|uV#Y3&`NwpZq2>xHD(i^leVRr+#6lZefEs{#e9Pb^r~+|rB7PVJ6(ai#e=4_u)< z7P+@xXa>T5uFbZpi^-!Y%=lGFvKhQCo@mq7yi&0(``keGIdeIa)P~G$&N}B0iIlyT zA#G_EtZ818D#Ie2z83nc9)01{-K~T`$yLqP5HZ%t!e_g?$;!K?c~z45AD8@vFS&MA zpy0Yt`3s+R%P&xJBXY#=*#df&k@N0zOY;?X=+Y#!twGVAbGo3HM7-} zN~txj(_g3VsDLTzNr6_CB}0tJhPAmV8Lu>#P?6pIx9D1%JWPRVFMEBWH-wu9_jc{? zE!aEwFGh}5B@=iCV?u+}bmeK%n^@BPX||y?;2UFnkKp6^4!&>k*$F63P3f5}%^d7u zX<9gC@(-F;#H=rY7H>mYadUkOeIEyXxqRQ_(}YY{M|*%Wjg$g>R*H7pTxe(qQGnK0 zfX_-k82ic62I8}{Y9e2vp|9h+#K?P`Vb;cd1)q((1D_4e!6>nzD}7(@ zMDK+dY3O-K>FP|!H_XVp8lRQ&3$kP5Zp3Hhji$>sI}F9ma!10q=;MTks|Xiz;T@^(x7a;u;SicNu08sweZw(Iy6^S|c`X#FHd@+N;(f z)FslPxNkRV!a};X4>w$5wr0=g>SmULD=W*ZoxTJQaD!`>&YoCPIZyj+%_sJ9EBVeZ z=U!`xl4Z0YS6HYH=#=`G&?*VlJ8^v>gzcz47;<`0iaiiX>nuukp&PJ7dsyrd6;h{4 zc3JT4@KKQ7VtlX8t*RYMak9`Nsl&sihOgD!j+lP*5u9FVdJ=wp$Gdz!<=k<1FcX!| z*Q#vx6TvwnDA}C*VDct2LLWb`)`_J-vc_sd&abLkXvvzp&4=v1F6GbNRznNlhb~?j z7RoYJVR%(C(_GpTQ9AA)kk$AW9S^4&;YDzU@2n2pZtx1N{z>{DPR&9VhHf^u!(x>z zoF-`+?YZdQqZp=}~Eg{z9c|9GylV#HoxmHine3)=`I=z~Cn7vF`Oc&v)f=rtS3I$X1-p~JOyUdnm#&$RXIU!OwV2g7-b&0Gg( z(mDDmBz#1Vm(YW9R^B;14l`xDk5lZXx7C)lAHK^Nqx(3c-0+F$3opJm1866_0RgU5qRqB$pkmEehBHP|0)0Z#$1 z1qXmPf`h@0;1Ey~??XY&y<~vzfg`~$!BJow<$oHemA*5;!@*4OWH1Xn6U+fM4vq%b zf@45g^y9$|-~{kva3c6ESO~K5&zS_KfRn+)!D5iTCr$}?3OE(ybyepaupBG}tH4>{ zQg9A;v8pvRmAF0A#nf z^B~BsZRa8IZ1DHs3h*)TGVpQmYVZ%>b>KSicOZFd*a$uaz5uQV{{e0Q-vKv*{{}aK z`=Ijv1g3z`f`^08fyaW+gG0d=zyk0u;Mw3`!E*3Luoip?41lkIt>CNR_2A#Y4dCCw zjo|B`RO}nzPVi0eQu_54@E71);IF}dg13V2fYP!50{4L1z~1qQIgOc>CNrZ& z6BXtAJZpXTVsp;H{MEdl_m6k+IXut)?(h2Ub>D06y)F*|zXxsu)&oBV{s8}7zTVAcn0tgumi9+?gr?4mhrA|Ht;%NXJ9q(Jm4)rl-;uXfL(!a0=ogvKs$-D zTy`0E`2^4MhL8>{DPO@Ca}ukY6;CfN^M7 zM*~xUV}R+v6krB0707-utw#2Wk?k@vz75ycU>m5ze89-~e5z%~jI7?sEVN?UZ=f)@6>4PRMiyyg zQAQSRWHCk-Yh(#VmTF{aMmEF9a*V9V$UH_?W@HschE`X?%(hv_jpJ9;fVnfwfI0iy zLLf&#@pJGHlm`EwgClVkrqmDMGmxbavLRmIG9w|QAHIlP;rqNX0n1%vl{gmwpt2vQ zMjz+_ax%C8ojVynI?$mX3C?~9&Gf>LF3+V0vCIXcx^ow-GKL3fqUz0ch_S9WWV+sv zxh=i{&@%S#veQ#-=bMrX zi*n?8n$J7sNDV0Zb4V+D;n)BK%uHitubqK$PO4;IoOVv}Z zyq;kFxp*;<=CNm_`fQAkt?GEaNnSFYykvUYYb`qje_E!JH=GM`2dkGIEp4O}4j*)O zB6z1RGtB$LI{h$p>E{Kn)Mc#A{M$c}xJ*b#;_~TKB_tD_*Yi$vhQ(i^e+RiU#i{3= z;$@QJ6+qmFtkpnX<622^c3yRXCetZSruQPzvIgjDnIpxk(j%)9J5{!ll#lRRu32^H zZ1hg~09CPx2(wC8g*)4nTy1x$H+3NEVw6Gl$xdAZbPs^T#O zOSfTJ5L=rY&@h0KRWzi-hW4m?^^ zBq#A0rdAEP1xQ`If>L#e53D*z$#jmAxvd2J*D}7=(=y~}c^!8wl5uF9k%IYOdKK;l z^%6V1v1H1;#Ks<6;h@Hq0k0S@YYWor?N7fPWsBjC^~D!qxZ{wNVG4wInP zU7Ka~u9ue+3$rGAvWh*3U(-5E3$ysvNWX``?Mlsen4!I@|BM?mn(<3h63j#n&;!~& z0`f8+0|x@pZz)R#{uP)3{2P!1*8UD$0sIWeG{O)HRcMwWKXjoX(}jjiF9oAzUqD~W zB5+2_B84^0bix`&_?=v0c-rBbB2+eIoC+rTsgRH!c|ELbdQDJWQB zQn0E|R5tW@GV6l(uI#q7d|q#wHsPm_Kq;UvYeJ3GqPxC zYgvpi=ZMCtH5;J$KcCT938UVNAzuJlYy3Lnw~^_poEeO5zcZKh@|%X{*=?NdLr@x@ zMzk8H@nMr;8XvW}lp_nH9R?T{W+88;Q6hg9NzU*+2V@wxNfxX?vgs@!(^){~R%`2P z*$2?qGW({%Su}@fnZq0n#}cnfsE2N21awtAmIrF6P7CgY6`HgMEJnkH&~_-lj=33F z9H)V^kFlU1Ry3-&2XS!M2acl0WR6hv$vP0L|KP)QRZ>VLCpu!)Gpq@COijZZfG#%z z!=+4*nNORLVRO9_7;fl^@L}Lz`muoYP;>rhC+>5;5YIXdYMH5Hb`)UTgx`gkf3oG7 z#9B6$z=O36jaA=EkZ$4X-k`sfU4gSRmF!Wl%N1jB9;Vn=hOsl$@&MaVoDGF8J1=zJ zcSG9oZnWr!71j;BzNONr2iV%nQ1TLfoTDI`;k9-_Y?>^{_xcQ9B#Lv(%TU_)LFZ%< z`aFhGEgNgp%=ON$-f?c9G9)r5mekAft}Asj9@!0`|i3 z9N-8b-kz()0`q}a;&?ugjaC7$2#B|@s?k~iybZ_2z`KDZz^8y%&!X%FU@7n;;3D8& z;1VEvC|KvBtPZ#w$WOOrz}5)wN+9!P6_9Cm6}YZ}WV!~Dxz$z`TGk84TGmtpF_}c| zF*F2IY}IhWmAL;R{Yx;xKoPZ~uT(p3Z`3p*88a)ej|!H~RO=36Os!c>@W_n_5lX(j zbAehAOkD=G3R@mEpiSW#T+M2Ul5&B<6jOV+r^{|7hdoZ9KppO>?XU`BDojJbszw@< z7DMgsh6!2r229YeRQl>MLw~>K_kiU{iEs=kx4+3w1=HU_*(zVI&Ta(LZzz~Ay0)>M z^?vwngp9?W=jgm^);}N{;q`5leps{k&EW2qYS!Sv6R|6)-aaY5bk;0<*8BZ_L9@1= z)gl;|;H^B{{$AL$LCRktJ{LbYRw~vORe|&+RacTzC)fb-St1hu`9W$j58=$z34Qy& zR|)k$#*a0MQLE7+YX$BVjB^=~S6vB=03UQCT1$3xK9te7$I;L|KaM`S^U3)geA~+3_DBz8Ti$Ta2MVH zGCr>Z8J*q02;iH*Zoqed{6e`07zcb8m;`(em;(F|$lCA`umFg!)@6%;dx2Fztg}?c znzj$fYkmrR0Qed3G2lOdOv}%KtOe{*=vqLgYXOdIoKd4=Bg|v|*a+N*UyN4~v;B<0x$jv%m2>GOVuxqX z8ICPS;#9Gs6<^1hFKjp2!tzx)-f1S-Jr9PX6u<23IZDRT#!J|*b&9jqZ~(T}^o})T zbuXMnX$F3_V;I@Au;|zi?fCFp#t=mU*V^L4E0=ND*ouW*HDI#Uy6h;{-n6^S(v(%| zIhD)Wt2K)7PDtKj^A@i1^&;3EjcfUT{XZ6G8N-%x^M0Hg;FX)UAI5ZX82%~Ol$*)9 z1+zVKelI`m-RdQua0Am_QproshUGXOW@Ra}9Qmsa`^`@8++-NNb92T8IybX{d>YOL zo&%f(WCM{0j0WZdnX3iBMBoA-<5~=4I*m2CNv3m?Oy{PSF*mhL-I{{U0_v>GmU{e2 zQj2~LuSyJW|5EVkw>;Pb7k$3)wZUuLU~2VM9;;V;e0PqeV=Ghel+&sFTWk@?Cmj9u z@92{>S9&%Y0j0tlj#6pFMXyGw!QJN#UK7(Ka1XM#*;5-?`Y#msAc(>Eg)^*htl~jH z78F)--s8Pr!_yCSZpY8%Qz%fsCl?ma%PrQWg2sK_|D~35M3}Q^;1t z0esubJB1Xlv_iHy=#%N!fg){g#cS#5re@<|N7xx}7BuG_=$USM+3071yu&{SWN=;t z@*cMXI0E<*a2)Vu;1u9aU>5LIU^Z|UFb}vJSPXm#r|` zagt(rbiXQuT-AgPl`3ozoLRjT+nYD^U3sWl~TdzRi1;8L+FJNn6e_$~1GN2oHIj}7-0T>D#4Lk#w3JeEc z2|N?XPJbuhEMNqXY1kRa^yj@p7alTQc*ykbSz5*cSX#zziM&l#g$6BH$dJU)g?7O> zX}0rL#p2-1b{_M`cIP4dytCc*!=(7hJKNO~Em)0?O~dcqkL>=1v>CtKzlg%ca8F`x zvZ3(qU+{)B3P0O1oXlDlQQlnWb|Q%xw^xB}fV+U~X1oE61il4iyxs;fP1rrtSwW_= zg3PTpOV+YF(No=sm328dy%8ckS9j86J=@J^X6^wrUsY-bg1xMQnhYQ-E9_p)p{2C4 zTTMpNj3Z{rs&6KnP_5@FRaa9Nlbtx|_b|^_s;QTHCNH1B^bFGS20hDnmbr4(n$6Hw zZ~U-cc$0s519>?V%XbXqMN2#Cuwq4Vbp_6%*a^Sd)9#g=ZptEFrRQ?W^iu|?Y5FOT z?CGcEVo^=HtsI@!QgENct*u&3G)u*#TNOyG2&vv!`v#fo#MsKAa}Xdb-iB@de4;iJ zdPkl$0WN<5AB(W!O2z#Y$xIa$Mm62DQcc%&hF8ZE6KM0Rlkw_P#kz9s0T^lSo9R-S zYR3()mzrnAXDHD+a8>F;n6;y>x`x4NA&L*tPqQF06V=Q>`rRF?`Vju3Jr90&s~Lsx z!ik@HRu|{sa(uEji^;{9gUjRgQXXk%Yw@i&B?&%X+~JUMO~QFjOND9wW`x=?AJOWb9PWQ={dXSiXaYmS=R; z&6GIvt5VJEF5kgf6{2xBel6^XA-h4}Ewm33^iRPOFx zc?_IRVy{~n>;|!xWB7I_);iANyA^i|zSl0m91U2R_{wfIbC`O&SMOth6tfs-#TrF6 zPu;XI`;#*(=Eff8SrtJkhMSFIA#}}*-m362(Rq z)7t0!mZtN}0h~{5=D)V-Jfma>3bW^s@{UAmHq}@KsuKcLr51hYsZy;nu~v%M_`s^f z+JJbx_q}&+Y;{TvChsvZ?To}cLRAyj=!i>!#4JKe16J}5n5w4*d;5@3N$Cvat70_+ z+RoUJ>gq_?!1b8j&4Zs0N%;=`*Nc&G;I$nP_IfMT3I|6~|K~u5GsTJJJNO^{gSSzO z<_6;XjGB0Cmo+ph%I>S!yi?}XM

9qUzK32V0q9tn82P#4ok_8jAxh&vY?72iGZc zWUGCF&@XFDlS~9`mxmo`}-Cz0O z>0E|D-L!{{$Nn@o!KS{U%F+-4alw_V)0lEdmFfuE(Js|$bp_aTOZ8Ybknq?31aXiqh_yi%>z(5!%~vaA-NVNXfpoh6H-2c#J2S1 z)Y?zdxe5}0(w(c0K&F)M7>fUBeA^>zpR0R>Z#>0`hE0#1VaDg@ygZ5VEv@!hoxwUQY*=x_Y99B0-mAK=Q*^f zddFhW?;nsln!Z6Y9PjEj=mf1y+#scYZbY@3xvuJnZ&Pw_D?GrJ`SeLuceOeOSCNiz zJGqvglV5pr9b!IECbtX`pluT&g~A{|GTPRBLW zYYjh_;q5@;A}fP2NL&NVzu9fjcberp20vzRXfmsV#wR_!b{Fl-DqX&p;9%4#b6x5R zrY+VMDp&4PRYisG1@aSW>?$5zR4VGay@78ZdfuQ^mArBT`8K46l{p|?E4aSB)oa^XW`Yg{ZRI&~De>Z+XYSjiUyAUN%>rDgG zR&D`XqI`rPaQf_cFnzWLtX!S_9*pDo!a1u}WMd4&j8d_(0ZfMqvmYfMn6D=zY1-ok zq{q~pjT=4(Uxr(g!1%^7$SMZo2gq=12-<|zicL4H*syC2yVbCV4P$%4F&W`jcrfOs zDwbr}3a~Xwc8_5%gH~~F7^~>#pTQ`#kfU&C1lr5d7YV1Sdgm*8SwqJ@|l)3lS@JH3VgoR zvN@#%^GYykSTFkEfz4TCb8~a_yagF8j3R}pCE_I~cV_8q4lh%Ncz09R%P&?kh9T89 zK73AAaf$NGJ_gm4XB8*sICH*14hSkb~YtQAI{YnePT7;akRi z@*_K+%Sw=SGr6U-*5o&h8feNA3Jhm2vAHmdOJ885d((Om1$NA-muxPe^f=asZ-bc4 zbBZTmUkOgu;e$V8C@W1g1uxoMg=3CX1ow;X!mQNdT&zXOX<2;7z#!*it&7qk?VX9i zH(t&Jrfif6koHd*AG_{Dkto74Bnc=CocCkNr4gq1rj+0};#fIT;7ClBe@tt>1Cgk3 zWhD!9lx25D4I^Yz;=f&z9*qvOZPz0kWJ zdUK#=FNWbX`xENcb7&&rm{NSS_g?G6sXi5Y!_g|ju`KXmU1F0oyP&W*SI=~D`ryO+ z#wH(8k~l1D;=`%UFVjD0Z3ZU|+9z8iBnj$gp`nFi3FA{YgHwP^^1B2GQ^0vScEyX( z#KJLA+1vdTIZ%YvWRyX6nw7!C0#9)s>Nf+$e!3DmrW!eoX3-j2W;o^m`^}%hXbx=p z%K`RR-`DC4Lpan;#`1FPt$JUMb`L|*nX?=NdV#vC9t6i@`+M<=xIT|ZN=s@VU(iZ> zu#es7M9|sCTclmL7a$)n z7s&Eg0K6Yq2z&&%0JsN;-cQ-bz)~Q?wFt-pv>4a}xD?2K$a3HW;0oYW;7TBSW~+eL z0xN+0I<*@3IPf~)(?F~^QT7I~3W)K5);eGyGH3%3+ksg(0eb^$fc=5D05Klk!U`2- zTrH*+xEy#FunKrL@NVEezz2YvfLvwd0pMSO4+8%M{0oq~_B{fO0B#0O1wH|s0elL$ z3HSoA9}2`y;B???zy-ivK)eC8-T-2S5$jDL?>KJ*u@Z;%4)9sv9w1iGu&@$M*;l~5 zK&${^eFE%=egjs}DC-Q|2aE##9XJ$-d@f4^{u7uFJP51+eg)*JAm0GD0>1@f4^XQP zh`l(ie*=F49s{!FJPy17_#LnpupWrL8m<2Vu{WdjGZ1-b{Q^YZSdGASz~6vKJImD? ztFr)G0p9`!06zy}g^x0X#R>w#rqvpVb5;njEfBx5vw-b@U4U2#q^u_}6gUug25=|v zY~Y)~2;fIRtQ1nVA9x<{YvB37W57t@&p_BJ3&f4`0$_Jw6tFk2J1_&-1DFlOwaUtY zy@2-vF9E&=ycBpG7!7Oy_5-%Ytsn+?HV`Y5l=TJ<0L}nj23!Li1bhgHXMnOTz@b3i zLgIk$0ONsQ0~3Hh0TY3I*FFMxA#fz{GGG#r_mX7bG~ieuSMeARTmzf{tOZU4@(wZ? z$W=S00AB}A1M*&h6;sOE;3jYtkT(N7k(6}-&H#=CW&>vcv7$=ZOyDeFIWP~n1~?a3 z3(N;T3Y-tz0xST&2E=ns*%v^p#8TD)xhPzCxK;e1{I3CyloC5p>xER<7 zTmk$IxE0t6Q@6JPPXq1+1_8eWwg!F!JRR5u_p>%YJ`05aQ9P^ywEcSI4w)XgL*`c7 z^=a8lIMy=E(@?ApXK0A*5hHut$UZf)e;8RXT3>B1L>SieGqNj;Y>tuT8yVJi62Dl* zNv``hBg4u=BEyf zi~EO?9S0u6&wCdS`k~JG_-#UE(9Zuux?1LfbD($;Kh81D@FWlC?7*}5cSRM?FOr#6 zkr3io&&eNKI)7$v@wi!PZ^E=f{eqwiG{UKYi{}?LQ=x(@ny#nb;FD4!QG^4D^Co0eOw zR(Md4`z&(2jvpsQt^vx+?Bx~!AwvQDPg?$NSC(AP3I&S+UXVS1}eElV{rHfm_Yu#K8}FF#n#U&^)_?xf>*!dX=y*qUhohLU;azuSe#`Aah66N^T*b2Iesx-tJTuI+ezmH@WE2_nQJP#MFV4rHO7 z1VrOuO#$*F-&EiQK-^r_V{QhJdeMZDZ{hrss^cl*5>+jWrhR ziLvSizyRxP<4v-p#mu@CXPHqgRkT{1^X_KYelEf}4wu$Wx*0mN60ky?CpR@~Nq%8g z&PnQ=)k3E6l`_+)`GN+1a*SPqQ4#_I!^R9_1`WlJ4$sx95?%#FPr{lGWY;1S*cmtz z$hc$!dC`d`W5{&IkhxWMXxRbLJ9)-LRHa0q?}x=Uoc%yYMs-ppOJ`Jnm@I8EqlV!u zGm4R;W3A#be{2!|ji2|T6Skj0IJd)pMkVItdGssql0T45cK1)!x8a2ap4`QHwFp+x za-?+;`hAPCmZ(OQcl~RXO!YnKmyxMdB3Xiq!UzbflyG?A{P}tMGmf9E*DbI!^BG_7 z%zpxz$~4*ngi-5BAT$3dAT$3NAkzoq7jz44GJlfEd@|i9)H3!7wM_1be%oD4=?h2Z zha&SiKUbD#QCBNoAo>@~zzo>xw)@EV7chfWT*Zev&lyULS z(Ei9MrpW*xGxRbbGjt%389D^WxDN%gHnRhxn^`hlo5|c(2>xqXsIZgQ=1}t_=g7vL zhSxj85|9y$cOsA(HUh{D8wq5FjRrD)V}MMX@kl|PVPrbP$lU6gSIg=}Px?OLbNDXg zFoe4Eqt<-*-Cb&(YeEcCGgu^F@l4kZb8OWzM#p5k*kj5%1`Tn$*g9SbPhkNv+bvLK z>OhtCkvKJ1u~;xY<|GwtzLL!aYq{%m9nP|uWOC7Ycb)Em%zLsn{qSzL5NjbxN;j;#k6gMPiPGg23>xNZ_Tfm4P2! z2V^zFjIktY^Vg0*-mT99CICADM*+_TP60*$uLgDovg;oSWPG~-S!6hvN*5V2U1Z4I z)^l>UjrF21y_A{OWBaM~4j8>dMs~8s-K_PYd&x}=dKY--vukoVV@6VW~Cu@ zbY_w1%p%hZoN3tyqIdEJ`P{j>q^aVj{^9M5qiqg!w9S#Qcmu8yWHBro6uTH~y<#z7 zE%&`x#!r@Ol{oLchqLWxAkJ;~pKEG;;6L8^YBAG%T4jdCJJ;?&ZZJ-F0-0;IK<3(A zK<3)LK!*JRAagAp>7;XwOy?Sz&NVG#u4&oHs?I6*i;7|1e>JlEIJ{5Mc~_&CAsc#< ze$li3GXyKI{V(sN%pitP^^O;+w_g;of!D93jL559emnc?p-^FkytFWn8u z%;*keX7m6uGkO9U{$4<4#$=?B&I~f08DwsY^+?P13d6$n*!(HfI-^6o^IvFZZ9VNPVqS5Qb>^AV6EH^}8&i zq_DI&J2#^^x2UirLyu=Gxg@4{bniYH`FS&YPZ>BMBPZ7brIOx7IWw*Aj=LXQ_RzB4 zpVV$R*8iCw-m$7m_m{1kK4aXEp8r1IDqz#A-Q0UU^G@${;KUDAU8Dcie$LLJ3&&?g zR=2(T`gJRUCOq)-=g)lD>4yAYxAmSK{a|$dZ#T6bGU}Y$lUK~iD@$5+L&G~qc2-?5 zzg@>2v)Zm3cT;e$DN%ntH+ac&Pi=nVt-Wo2dhd}h6Yjs@g~IyIb3ZsRyhrTIcc%Q( z;hDtL@XJSC+4<&=%2Fp>RI#q$t9?)2`ANa9YkQ17QoS&0*avUC^>#q+o}Bt^ufOoj zjyE>OkaKKg#I zBlpxUzHag)PyLqC&fA}SG3ce6cLlt-{D~{Cu&)2|=EXzflN-M6u)Y1masPUA$LO!_ zx$4}8_wRqP*SQ_5XAfC_?Prrt^cg!U>9)n2D<1uH`bYi0SbSZ@!dZ8(ANF3)L(lKL z`0ac4jd^bO#@-*qT$Yvi@UT8PvksTM-?k+ChfnfOe`1nn_SR=l&-&!2OI*cOm0#>T z>#++vEWUr^wz@GLGY;k~>b`m7os(+czrJ|*C%@dg_^&C!hu!zz68gi--*o@aTO-={ z{Nkpk8^fk=zwA(Ma$5bRy*8iyPN&qiug;GDxaP?G@?AfixTEp$QTZR;Jo)X||E>?* z6jzk|$-cMFdLZgh*WE!uk5;TKJ9EhB%uTJ&jP=ZJv*bU+)Pazzh>Ft zLl0#h88>^&L-FrEv|(1w9Ubp`a(>66*XyTTyfQrXl{f!2sCaE{!k)NAQ_f#;*Ui&f z_r9`Ee(<=@Uwos>)qn5RdHVkNF8{f??(^;^zHfiqs29IpG4|2t_H6&-z00-nk%p*)uaP8MJQg->-V9q;cBrZXKRHCw%9y_?r;W~ey>Vy4lsEQ%ax~+c_a7;Gzx$#1S>tyvUwCBU+cif9|9IpR_v3eLKDP3M zx$htQ%`>^{`jD#seA+kfsvS#SsBfPc@a*8!FQ%P!)(yw|B;VhycKh6RfoDH=y{qqA zL3h5>uJC}n-y3I)zM-;k!17~v)ONn&P}HxU4FxM&@BjXvgO=U=)v%u~9{T2isaeM# z?i_M?})$Th8K%|`o7!v1!Z?m8k2nSCTr;PVGFC1 zGe%B+E^Bj4<%^ZQ?n*dg@`9y*|MbO0sSQ_z4;tp`@nyT%u+~eWAG>1o(ZYW`{!Ev( z?XAbdKPas%?(^~m0k59%%kvF|r_~(}e(&*ukIF86fBu5&4}QDpkxM_Zo_HdrYktF# z^Fk)9S@FxA|Gn|m!W)i%8~W>K!5z|mxOs24PZk`zGqn2Qr=Gs;o4)V89ul(u+R3|K zy)O2wmA{@jc1LMm@_m=SHz;mF%7}G~(?9+4!<$zBSaa;iF9QarJTiIlk#A<*@_Dz0 z>w2I6=A@__o{9Gi8MO7*hmQYu-Su+V3m!T{?DH?Y+}} zdEsEc#4RsHPWp7o&-LkT{^@Gp>B)DVf9c<~|GeRcchNK|7n@x;zo>U!&TFNoxiC=# z-w|VHVPSsn`5YpN?=ecJcMf;0TbN4|Y-Iyn{QlV7^;YA0qb5>H zp8>87XKB`?*Sk1}<6o7dg#g!ia&mv|P~{U}H7AaY>EE}1U!G7pA{mIcAI&8F`}9{` z4JC!IeuMfBie{hB`06*PUvv!Lt!YVbzN?FxUjTvX+aiRda3j;Z?b0!G#^N-b32?`et6Yw08?W&hLub6& z;yA$7$zdnN$4)z?lZOBF{n?hvvA*fkUg;z|>|mQl$eih{a@xhbq@Bv;EAR6S4?9T# zt~&g;;}z;-=M1GY1OHh@KR*1=BffUnlL>G|Il^;>j~(`C1Jow0?2T**_k8PXhhItp z)bba0c*1?`bW}Q5;XlK3{NLZ^_}W1=f*ohRcl5EN%Drn5G5do6hW+1-SO` zKYnzbeC(V9X@H9zXoe>`@8apccKGEd!1W6M<41Rnj~!L(T)lCQcAozCIfcG<*h36( zq2d`k5k7XcfDoeOZLxt*>)cA}IHQ<5$<{8AJ;rj)aOU5Ml6cA|XjbW=K2_|I~9 zqRq}ve9KRFrIUm5%$A6*n~$9ykOsKkz<-7!{IdQjzTsg{KESozQ7?M<*x~zy0N2xE z=icW(9qDU_tz3ZXUWc8FeeCp7I!o}MZto8x@AkFBH>d$FXS>nM#|}$ifUAc8@w+x{ z=U;r&hfg*EuEmb@>Fr~OB`3heVbM(I&o;m(GEL(qS#5ou8_I8s-}w zh+wB4|7|;0_}Gb6IxHcy<3C<;N~f12Jh47@;+4)L_|I!?@7fKG4J|tJeYn!u2eDn> z<9+NTC>>NP^&-9N^WnHzdD}@;I@=(&%X5N{oe@gsew6tTu)FS`a)YlOGyzB-4D+^_ zA9N#p?C?!PQ@io-i~so8*G`hs*@W=e={(BE&S<5BL{YK1@2Lsb``Q_!bQhwY&qo>U(@6O_&Z{HGh-vwNPeoryRT;Cj)$8lJnU;{s?u@R($Bmm8%~Y z8s}>#OX+lidE3qmA3HOZPPjH>oz?m>^nbj=ldW`|?bu8oJ2^@xLhL+q^9?9J-ga`8 zPK6^pIX-q~DV^)YPSNzphkWhKRys>z2ThQ2vwZB#Q98HE`I?mOM}6&}svy7ag&n(o z&GE4_SLxX8PoEC${IoywlnxS3`37M50j9X~zMPNa02e>f2ZP1#dCgDxnXhz?InpQJ z$4-IL;kAPBTlnK~G&AtftQ?|ij%&RFv0c9keC!k{oo)C}JA0xNP~5!juvH0gv3<7F zr^v@nvC?5n#aeY_&Axkm>sN`=Nq`-@92Wc7@hBa(t_(%(tP0$yz3XYIj~$PXorOy0 z9{i_kziKps=51#Y&IGs)IKs2g$IfD3XaDDFA3IBx4yPgVF17Ft*Mq+KwM^;cppEJeMz_?*4sLr0&xQEUbdImO zRG70JTcLDjK*6qG%YE#WDV@#ykKg8H2}oyJblO>|boN7Rm!C2pJFAqAo$o)ly%7=h z&aZN%!@6UapH)6~kUfZ32LIzXby4^c-|(zfIs+YcDtzo*t8|zu48?n6?s&r2&UH#B z%3`VE`mFV_ zvrg&s6FUpfzo*XEPPNi;rq4PbJ81rp&P)MbtMx_y!3_-;ZkF%sl@8yJ+4+9GkDU!l zrzie1UTrfMf8%TC2Bj13h}Q-mJ2xsFG#2X2z-!v!1&nuiZt}5nqmP{$rE~IhzFFxo zUUoXy_}IBc>72a$@UGPSJ=-nDVj#}ZMdFVsqc?veb~Tb19x7++#MuI)GtNiC-ida$ zFW$GBB$@Mb=VxQN`R0=Oh59WqL)6Nm4mJdK>R?QI_I%z==#&m5`53IDoqa8~gSON0 zVkxnmmON}90<~njkK{ui2?~yJ+E<{<2*l2LK9b8svKV1zi-BpKBDvZ~xR49oLL<3X zB*l>EYjHvxoySN%7s>TT@|{T58cDeJjP=uPJJ^Loxf&xGBa&;41e=U0x4}qOi{wTl z*(j1VMzTXBw;0JsBB?NvZ$uJoB*8jSFe1_p;e{d@WhB!?l58Z{lu5aKBiSaBcq2I^ zk|{=VniTr6M$$th6O4pQ3egoANr6ZrjAXq?+(yEshUmhLizS!yJzLxwQ-HImNkqQMO|k`$2)H4;wY zql-0?M@2HwNHEb|xhssMK_nxLB&D_1S#BhYMG|8q8%0uPByWkNn~@wBNr91^!;UXp zZzI7dO6BGl3C3M1H_J#ih-9>pVAQj6bB*M0B8fJVAi42OGLkDqa*mN)DUviubdf9) zNtBUXCz5GKvQZ=nM)JByrW?suB54PSu2@_Gif(|BOcY5kBdHNdkdeG9l8cSxKO*U2 zB%P&;zX}o^i_1hZ!$__Y$xI{RG<3QgBjLnz?HJ~$Sy_4cQJ3}0Kwpx5svwc{?|&yQ zGQuJ0)AubL@u@$^>W%M=o|$~o!8U971z^&bb`4i7c)1K0K;L(C}=fjasj?e+s>1+r1<4x&s28K3|)dT8OFiSJS9}Cv{XG zl1ELhclMllB?I(bw-#bNJJ=C3NfqQ}h4y!l0$nIm&OoRh!>e_{vPLW~BZFtsqR z0OQtU`wXy8sF6lI727x3mZ{lEqp}KeAdRtwu#lWp;z=wnE-Y@64ll+x=3M$u$to(! zE0{ewwy*I5(WJcGMdN1ieBxrqne>AB&U3IgOmDB%Z0nO)B-QBD_=Kd?IF&G3rP($a zM#Z7Py>evp6n#2QS)d^%nzk}r_VH@ch)-yCR)-|cTtJ5*Qx7%L6N5MunMvW4C3;Us zP-*SdaEx(}?bElp@1{X}KHi$mLSn``Z8jS->m4NL&`j@hjwv%Ldz?m9(eS>KDjUqN zVbOZmVUGKY)!t%b$Hyhcrp6_XQH8Tl3kp+^2_~6h{VTypYFv8e$n>OySXdm>hZdP~ zE$hd{JM>jn=6X&|TZdOCa0@<0HCd-=mEJ9>GJZ)ViSvs*OHQt$O7h86SclUJ{b?k{ zC63amoH??k6qMFP@=1@)RW;q2TMX8aVEJrJrPasq&|I7&ZaPPCt$reNpquuf;~!3>uR9`=ZJ}CIVu{>aB3X>#ZFU)eUR>&jTyswZVvVRvg!8ZWs((uCgZ2j8{^JqpT(O2 z^-ciM9-|bUQ}|m_q(QZf`tMkz9&4#{H(q}>)rHk&)3{w~Wj|_cIwdv}7G|XtPVyHK z#9CQX8VugJS+h!f^Bhsu(WQ!tik}N=4d=G;Eh-J4lbbzHSI82sA(`t_M|2{OiAGn) z8ivj3)NDyV_E6b$W;)suR6c$G9cDK)&hmvQt6Mj=uQKAPabtAob=>SW&4|aBX65*v zV$c#wi}Lfbkq^2j;IPQDse>^AbAGc*d^J$uR5!uC`=zNBHjN2=|C8v&_KCG~b9iZS zac+TKFMU1nUYC>-H!?9ZZB+W$F_{T*X>tAfsyiP;Y!@6!%v1MoU*8U{TC?+aL+f=p zA5S`&q@bRfvK^2TwQzw6!PK}>Fs2HO>ZPb6GdwFle`Z$pJa)Zw9k*Kyw#_K&EYW_H z`bfJXT6z|)x1MTcaLvB9a%^U1Np5y2R%%(2nawhunT=&J^VstpR+3qal~zlJ7v?nG z$NI6|MW@)|OX*wgOZ&uJ7U^((1`HTDa6sQa{rfnCpnamF2Mibx85t8jD5jq}HN&0k zO0jl-usHjzYcVE9o+X@PGb!RzOGJpAw80%}Ke9MJuFHqF zZzJ`2`@cUuhVNJCP4A+$S_&T%XbyB<6g@tX`?JUID(^!lqN}#ol3pTCM?pmX>X^uB{m=L>ZBPG+w=bSC_c9^VjWK<81><0GxVbfMnI(CHeb zuiKK|mpDBdI+t9i_4s1TpS`;w&xFpeqSvYgJ-$~6>xShR@uM?(IckDOww9tChhcmG zbbjN@dpan_TCuTsvgbsQ94*x2S$-R1A8CxWqF?bY_YdHdo0Z4mR6HExp?N9|8Sn)3 z0{HO?j`58R^{sE*6u!UcC`J79XU~IhUxCDa3SZLbj6JXG=EL40=%h-`$BPGjT`xTk z^j?Ba-*jb8eG69M^U{lf-o4P-%a=HCd~xSbkJshsiEF1QwHEC~K(8J;q0_WpOYxvy zJandW_yt@`dZPj`{tP<%@TG~4FW3BqkJ~8p&BR;METz_>y;xi~A3B?7YCRKQ$7ph% zxg5XmpmV8|GhwSm2enqf% zCv@5@P--paZw>UY_>uJ!haA9}>w1;vTIkI#LA@;X((?-6n>f7yI)fH!y+DA!dieqD zWkILUVy%Z)qJGn_6ZD>j&O7o6&6ESL>plbjze4A!tF^tBuDc!f{tlg6mTEmy?!D|q z`w==PPC@VVa)c2-x|7*E7djW5g5D+2>3<4(!=N+r6!gYJXX+{FWkYA)Dd?3# zXW1#}T?d`@r=WK`bT*!X-lNcY`V{nbK(-eFQ9Ye6!gA_&M&@t*hC>p zeMw;X$iVNk3bH1r`s0qT2|UBEx>;U&oXw0!1XjJ{_`QtZNZGOe)F;H26lZ4?&YY_! z#pab{mCWyrLwrRX8s>`ReZGU$*?J8vpp7Yc*~Nt=g|j@7JtkZfIj+c)H$U%cyxfn( zB1T1c_$tQN;Ha?7%!S#RSstuQKeN<>rRl>Vo0FSglw0hS;)_vOmM7mLmUwb>JVH>X zds?l-*5F%>%Nji{K670B=)~b^nPU^vGAG2PC1wsEH#Tj;xa7>lv2pRqiTDPpm0O)u zIVEmNW_;Y(gvm(>X`?VES^Eh*sh@<2!&5WU;znXPr&e!$QuRr3$w>*BBa-7rPP8tD zk9FQLNE+ui0{um|Sp>XwC#E6ramnMxCT30=mzdrjJcZ z%ZwX7JaOX0%(&!aD^9!yJLB{FUdN5ioH%YoTITS$RO@V*m>b4BNowJu++xnZ#w(b- z`K9wwU|NS2;#4bZ__zs~lM*LPOoGppxY0c7i*+elhvg`rX{j)koE#rFd`xEQgrsp3 zlG3JTCXH3;Xmz*RhH)sHcEj~coP@lR!GrPWot?{9dU_*@i%wB7dIW~Yv<DCNu^bbOYp8W(}Ts!gTuJ; ze`@;ViD?t89ynxEa5!BBV}8oR~Am7UgH5Kn^b~#vU$MxHz{sFFPT3R$c)bbB2e05>zy4A&jA$IBML4 zG%R_hPa?0R=9_COeO&V#sN9V#NrleDq?FWTH0ja|DBVcdjvqHJIWcamx>f+KPa2n$ zpw6-`0p zDhl18+EiCn5$xAYG6P8*lq|>g`)99@+999-;ZxAk_8CgnRG);hK4G z&t5RI^_7hr+;E+eKYc~fZr8ED^(%a@?%7Z8EPLKki*AIv&bu||wUzbbD}Eh1@{z|L zZ1WSkqPRe)EA{w?{q~=J=VuRCTYkPVdpe$P`A8q?x@U2_>b`@=_1pGFr-`qte1B2wXa3G`iI2s)V`%GcI`To=q2|-ah2wzf8LSM`Tilk{6G- z>h=$|{C#!Mxo`aZ%XPhe#Y+E5{_Q;_Ti^5Q_mv-AG6)%WT*+?2VUg&Jyn^if(wtmSt|T%jI;KzW=!_Ci zNm1^fG$gS@erDz8%`W(p)=&YEPBZaU?oS$$V9}DNBnQT#(xM}ya%UDrUJl4BisW%j zWY5UyN&qtV1FO14>; z+v0v7?1 zaaNu9;VvfMUe5iyNz`T z*Z{@)h|FzqKPt-H)*vw4dZBkYSU<($MCP`Ji_C2$fo)f3Q;gntk-4pjMsF(E(@O6u zFx(VjIZI@2D_dl4D-Y~hb#}hdTOcyGRbup(fNfEF%fPxQwo+tnt6XGms}k%nb++2* z-5@fzb(7J%9qb{ccNf^Xift5`+qz$5ZtE{#kEpYc8NDY(=C+qC*bt&c?}i>XFerqpAl@v7jRM?%ZLXpfC4u#az5tDT1< z$`7=!OgxO0Qmevtej8kVuzh9ve$fn3ng^=V50@WoEf9%8B;Rrk_~53NmX=;&1JrP5BL;0#X{V&^^xl zR(>$llP}t%Tx(K(h49z%gRRSdKCN_2`)3nRT=)unmSQ7~hVq?(@N~344X!*$arw`& zIFr~={)($IvEk^suzq6Y7d*4_r!xF6J)Jv7zZ$4Q+|V=eSY_e|Fl3f}J`5c!NgGnW z4C}~7Ri%7@GsmzXbORQImR(^|>Xj0bq-uObWvi;h!{rA8J!h!n$f{O9B3W=IQqH(M zSb2|{yIW!T`V%T%4P1jXL{$(rMnP&Jzx80@Y6IEZ72}GGldw(5HWv=(y{Wb(vgW;N zVP~4E($KXb?bd{}dV%M59%S0Ke>NnvI{aN6Tb0QD#89LF!W>e*(}gHtLuwR|l*X#m zz!M)$*OzCFW}6vg@luW}VI^JoUmFsyePvX)dJOv8quKm0>Clj8_Wc5bj#}^HHdk zj<%zX=)Mu?KGI|ydw(|~UOiJn%XbD;rPufTP~|0L4V5UL$ExBZcdO3=Dh*m4o&UT_ zzz=b0SPE_5bg0q{MQ`O>Ww>NhT869%2~}Djei4uof`maBdZve>)FAXdUq!iMN~Skd zhN(D2?slO*G7rjMX{D1^5>)3xlj#5T?2JV?RCbovA>8$LqDj)09~@Zzb95;;_<$aE z;Ii|GTiPH__O3@L>!{BtwDEx_KG31R0Qzj-f~;Qn&la)iGAJyK<%>hD(l8_oS_xi2 z1E-Dzo^wt(v~33&1BDr*KPcO@gzIkf(5W z47-f#dh8YQGojCxK1j8;yf>Kgj&Sc*Poqsy4@L-^)_o7LBB5`JIqL}h#0IiNwd|>j zUr(Wb#8deH(UWhEmv*w#eGY=f)pk#u$>Msnqn&KcEp-?STT+J(YD-5YE%R?t6EjMj-usvoQzUeJ`i2r5b6oxeX0D5=<=T; zOG8-O;v;r*uVdUF)HW_5cn79?WI?Le!M<4#cFwk^qg)M^pk%A@pFLHnF2QJH8oWw@ zzB8`;`4y;nB2A^YYhxp7BU?{(Z#bH&Jpa!9rs)FeUKHMOO}GmQhW1b2a$1d_>w-mf zpOm}J#ke?oz(Lkc_|Fc3+&cbrh_CshAy)oAJRnWI+*bpG)&#myj&XBAOBGW7YQTi1 z*s42J`N8ui_=y}J1A?rVOysPtth;#KCD=+ZKrpbYI&GcSUtLl91>J&e z1VhAsTk+pc{I%C+tWePl6Fft(gJ8J$KU4g3b9=h81Ure|*@EW?o-1gN9P2Fp&l7*= z3r31w7s0NA7YIhl^)D3vZ1?H9i~k;?cah-5f;|O$iT_K)e{b#Gx>Wo}i(VhWzJmP( zW5j=d@z3rM-DTo`py&+}94t6QaH#mdT>M|5y<5Y?f2?4fV7%aP!34oX!4ZNZ1xE=c z362&VBbY3hA~;qMn<6QfDmY$nf*?2Rq)QV_7n~$GS#XNrRKaP2R|;~oPr9oFrwe8Z z&JfHJoGIy+EtsRdTe*U>1ZNA*k#x-)p}JSrTuJYF{amVI<%`|rYpt!CD|# zELb9Ff66MAFyT1NATYMRwU&c1@9BQU(nv~@&VC*Q1Btahb6!NBIV!_kv}T9S@1Ez#|57d z+#>#;6nsk19-+Ebj-L^HR`5B&ZF1e`1z!++QEPmzuix#|2ttC_Xxh*RUf}6$L|Y%Am!jg!H)z#7ThcG z{6z4t`f}FaJIU zwLUIJs0e;5<&TetbafKWe+m9u@IQjbw3>BX(&IZh{$8+N^nMWhugHHCY!LZRg50c_ z?iayE!CwV`lX#!dYCiv4><5VEX=2BxA0YD61>K_GMvnP-Lf2NV-%jN1r9Az9KS1|W z&J_P01{UMd(Z>Cs29 zuV6pH7{UI6KK+1xtyD+`Nq7b)v{DxwBF94o^N$n{>7 z^V<2_6^xPVjrddchwA|10>TV1wXKf z*2}OM!-g7`U|6zYX@+r-n7&$$Vflu63|negg<#`#f?>&qr5ToCSdL-&hItHIYFLF~>kO+gtk$qi zhHW-%t6|#>+hy1u!}c1s->^f5)frZASfgQqr`f3%VpzCg5r#z>*2}OM!-g7`U|6zY zX@+GOmSb4HVIISl8dhQ0I>TxVt2JzsVVe!xYS?zeb{V$Eu)T)uH|&sMb%xa&)@WE@ zkV!wo!VQZsEDCI>sz<%R_|zL@#h9~04NEXA*|0RjG7QTxEZ;DXVO+^i*M$nh))`h~ zSgm234BKqjRI(|35F#bmS$K6m~NYLj4ajBixX>kHNcsDikOu%sWh2^JP*79Q7LSh!&khD90H%di+Qof<=pEWyZ#OqRRIRp%1 zltivisab?!QHJ$0EXJ^*h9wx5Y*?CM8HVK;mT#EHu%(7o7`D!^8pCQ0+ho{g!?qf> z-LPGT?J;bxVfzg`WLTYH^@cSX7TCs4s}RG&4T~@=%CKIB#TYi!umr=B4NEgD!>}B~ z@(uGCw$!i+!`2yAV_2+_JirtbjYwebGF{FM#BQp zB#1k4cl+nA;annt2eCCu)wx<3WXRJZdin2QHJ$0EXJ^*h9wx5Y*?CM zTme?+2lo}wEZ;DXVM`6GFl?P+HHOt1w#l%~hHW)$yJ5Qw+XL1`mp?FF>h_znhYYJT ztlqFj!vfpc@dz<2+^`74q73V0Sd3v@ZAqs_f?>&qr5ToCSdL-&hItHIYFLF~>kO+g ztk$qihHW-%t6|#>+hy1u!}c1s->^f5)frZASfgQqc$C#K4>2shSeIj$*|3aZ8dDWVY>|5W7uB9_8WG{usXx) z4Qn(k5Mu^(*+o%SBix8;{GJ+F%ORL_7?-#^4$pdE>5aSN(fHbI zK`>{tECM(l*bO)V$cKfAz`?*YU;=OwFb9Z@(90@-Q-K?R(}1(xAm;GT&bsNeHVHQu{Z zWqKW^E-2G=tvnZl2YSXHEryY`DUEA_%a=8lEe*o|70WSv^RO9neiY*$8)l(s&8iGr zxvbH`p2SN}2RX6AvY?5%7^5&;oaO9jHxB#6$m>?rv#c_$cj5#srW|$@$3rZR;eLxF zSKDINgfl*H-o-H<=dZBr5oKD3ewe-3x6HD~e0deexSYAAB_1hDERej0A14L!u(Lph zN`d73<)WDhB_51UX%ohL*OH0F*{T$?UYFvRJ#$e>MSVEnr zxELv_pq>_;hW15Q3KrG^tjQ@pDXvG*lz3czj)*%zdFP?Rt1Fq?;v0W0TO-Wvx0EtAw8S5s zcPV9~G}x<@(hpNJ1wVV_p;sy8!Wq#cqN7it$z(AwO(qKfo6L?Kuu?(htis~?S@~Xt z)GoHn$EIR?h7}UVx%1i;dgfq_n6PHDx$}#1A<|`OAXJMI3p~Y3Fx`Jp*ckB_1F>q0 zRjC?in*&b7kEIG_P))M{SVhPMro$p2-=i!BGEJ69?yv;v+#%DsL*`cH@*yQVjQ?bA zs{#KXQ8G3;WNzym}3N_ zA!nQ24F7P>c4(H13+H3O{~WCD;LL7pzFxc_Gp_*izdZ|79n&^F6uE>mXJYNk0vTrJ%xU<=;72zZIl#+J0Y(9*0y)ZS8jx|j z63BF+Kb=ElI)}(~hepc|;8@Gp)@oUUkul!hb&F-`WOeI%ocFF<^uw~mv1j%;ZNDiW ze=2qBf75FEX(5|ex1z$L>;g|q&89u9&dxZWR+DjNdNK`r;YYU=Im2{V3G4w}1!S6( zOOAB`*EvR}bBs*aDc(KXScmbS%x!T*=wnLui!ir!uFIZYe7-QU*Z zbwJ)t*8mxZO34XwofBj_C&+Y8Xc==t%L2i?>q$?@DF45tCjBr}7vg8nU+|Zjm;Ha3 znhc|NYOa&itOoK)@_HcSuwGKLJGf3wGM$=aIyJS7si|fDQj_at^Dg8}P1YppvTVMI z^FzGad-|cyb3l8xiJ#PrU&00S_&C7}_;FG^n>9Osu*vU;JH=kypZU~Kpe{TjZ!y-a zWk3G_c-(c>Gj* z=KF$QZOw^!Gtu)5lAo@>y!+dZ`N$H-62%@M-2#{NKY?fAcrlRYmjL?#uLi~emjaW3 z%Yb}ZSq_{7ycSpitOTwFt_9u(tO9NXVysXZBYHjXS>Sr$Yrq?T9{_IxGA=d1uYk7z zSq^UnvUhnK@HB+=c3^AZ9l(yjJArJOYk^&WcLDnW?*_8(vk{mGd($0pZtr1^57PC-6z&Ye1HFj8ZCNU19mxHIGc!JTkX+545!Geqrbr7})_M z<8o744^N7U`M-OF!$&wQw^T!!8pFJ5DE-iOJD@$^tECz`y7d2H?o9xrDAM=g9tJ{~ z1V|(ZB1(X$pcoUveNK)E1QHT*a40(D7)XE|CKE122LoyhC@NknyMp44E-ES_YB&^7 zRCG~MQBhen26xp3M8)O*JXO^_-7^#L+TZt8((_cm_11m8^>%eNK5)ri%1A;O)l1n~ zj3w3Y?4|5*m|B8h>yB)=SxkiVmCl=_WvfD{2vHHDM`uYjTx@IBC7Dk(FVYE54vEY)l zOl1q*atgt1o+$%m`4`}x9ME#;Cma{$UHuKhmRe3uHO|$WA2ek$N@e~;0VI@Ak66CP zn88iPI)aoHmEXkx0^-l+A%c z(P^!fO(-v|2W#L3;?|D31L0o0Vhn{h>lq5~D7=9knG<-#28UNh5?b}g1e+@}P>5Uy z_dwMj{j|k37?=L~XG@itTNqrE@TQwkHTk=j-?}jA)I$d{t$`J{7Zt3twej1!EkIND^z(dN(&Dc1Y4;{$#cE!bf_QOT<21<~5coWDH-UDQQ-clut=Q^rnX_F;O zn?sbRq;W8lG=}_Vi|hJp#vw{Jz5j15&)+$3>Fw2AnxVw?Ta>tds}k3-omaHi+myI2 z7j;umO0>z+q)m$Jl16b|(*75vslTipsx*`Se^#1zs?xkmmF8bmY2K|$lkHUYdfH@Z z(k4q&(pZ|37OFI};YvEk5SqX-)rR3ZaA8hA>@gX*rW^9R_30iz+V+37Fz;y5S{8dO z%L;aPc59d*KCTQnsj?x{P~pP+RC#OYG;td^$+8R>w0V;Ko2spQfsAr3kR#6HK$g|t zfh^|)T(Z_^leI>hLpy+9E(vg^pR!5yrsVqtG|9(F^eMp?scbm+4mQbmma;jtz6R|= zgO+B{C`8Hd{ueDnKLjCEKl{H@G6dDQdCmBL*fO3(&9lcm17yqC2xQCH3S`UJ24u@1 zO|}f$WXqsUwv5e!#+E^wY#EY|Ekp9LWjrVN*fMC7Ekp9LWk^1@3`t|lkTkXoNn^{9 zv`{UBB777s^O(^N_vGb5wF`U)jv4ero{w-9on*{N7b7r34`Gyi!1dD~U5B;D8VbQk zeL|vm7RKdWEb>rQgbz6e4;JR8GY*NHCKJfT7}Yn{-3a=~a)!!^rlTdRFiyss3!SF zD_ew?YS5+_v}p!SY>vTBg=5^|g7XS_m|?$q7xo-PYPFHG+MnR+RZD7YPIwM}wAtch zJInEZ*Z~uXjR@g5z{qmAlib(BQe1%xFN5KiYVk19S_37u>2TpPi5E@aW82q33tTQv z2aUDGWt4sZO^7isqXOsU))srqDl0@2*Q0~`UJ}#QeAPe(;I*@X1A&@-9Kq?MAz;l5!fRxpV_H7P!akfSB-M}x*A%_`BDM)(7y#p3Jm7i+B@@NY9fIhiC%&FvPl` zF@_-_&rFd-@yookMwzEfLBVRzuK8FVE+FGb2U0CG1~>*d4p_Vu&wFS@*bG#K7 zKXW2YkYtM%AXf_ipR@qipVtDW>sbUc?}7ckGis9M(G|!Ra0ZYqpc{}a;4C0pz}Y~y zfF8iRfFpq{!%;xC1dh70CD0~Y0&TJ-ye4R0;g>eq5+om6g5+aMkTkXgNn=ZpG`0ju zGaZw7Y=@IFkaj~B4&XiPTXfjw?TlY+ZNsnKd!c?N=mnd|HQP9jb$RP|aIe+7jyFf? zJo>qzYWm@sww!+IKDFx`@}k6syw3Qwd(Uj{-P{v<-FCEM$T)V=g|u+I(wdHs68m3)>-(v}EzTD8zi&h)8LSfspIE>jg>vupHP6I^eoelC+;853y`;#I6t1tJVt0C8HfU z0N5JH^eO1()nCw8`E= zn?w5yzf56-_Jy*^4NmkOp&iFBZ4Qm?p6w$7U)zv2hjtNcGCV#MlHpO#m$XcS7OF)t z*Q7IbG=W-z`#~ETpc|y0wz%5knjE@C>6OYyFAP3}38fPJ11c=Uz#305#l&>7#_hP` z6g>+y&a_ViGX1$qBJK>ktQp#5&Cuo$TPGy#5bh;SZu!=S5JJjy3H2y+Et5NJ~9I;RVA+#D%0u zV5YQWUgeR~E0_g0S9t;4a#N#dQV&T+@yk51NkQn=RtXBuP-~<4m`}W&ESl6WKt}Li zAP0NIE%wN^0;b@$H82g>23P=W3!Dmc0GX%=;9_8V;LX5}z}tY)Knh`}0hy*4;5uLz zAj`NbkVSVpF4>f6lTDd6hfo?w+6#)$p?#@r5n8iB z#pz0QP8zylTG@8k?=ux~5+(+we=;xvh|hP3W!NP^@=gP?EnN!i3v>gS*Xcl(6WfEV zYuaR8(XB|&^UAl-} z`y4pm#1)2aDwP^B;$aJ0XN*t`+%0UOYS#&uD&dMB7}hR}QLo)EU=Q4j;{=U73Ap%a zGHGn`{Sxk&4qSRy={#1fI}HUgOs=A_VTAigSP6E-T}2UvnjV(s6vRE!os&d%m3_Mg#_?-cIQX+6s&*{9IY3@iq*;;)%%l(hMi6A-HtogoR(|R*5S@X2Xny1a7^+BJNw0_E_YCck(V2?=#i8~?Q zIXV-spyY@u#w#Z5)R0vR!o_a&!nbZ%49D}K7<6u-Y)>X>2NzFTtR-Pngfe84MdH(-@}BPvgCrvN4DU6t-NGuMj)~Mb9?z992ig`Qy?L zFY{A=P{+xdC_%BG2%-!Lq6`a)YdaGR!;m?h;mC*}UoQty$URBx-1)M!b%jT}pFV!& zh^0?;yJai(TZs?Y@$;+rN?qdMq`}i__Ce&OwfFG@!Hm9see(Bf4 zuVB~2SCtfL-+$+LY|(>@;@?@d`N$>BM`tf-95M1!+sb{z&h&O0*LD4+yALn;=*4GT zkB)uq?EbcMsvmjyjB)nMUOK0sVxR8*Mf%kP|MUIU4{C4x$BTo<{cF$8t6eXS-?Q!e zqt}Fe)9Th+?tG_L#h4x&ABy{7$j3vHx?OSpql0&U5z}|YGsO!(NZ5A&fNOL-^Yy=G zw|%{NrTxie3txEd>8ZC}+~xB-IySBO`L8n;4Sr+zFE<={zW>3Sp4c$@n&X8>H(!|X z$)M!3BmVVq&HEF2bZGbWqwdv@y?yPIl~+Z27i@oh%X=SgT=sa(>>CGMyXw{xC7UkD zU6MKbCEtk0Utby3`raqT_uTeYT#s)S*xtX?Gv>3$Dq=2uxx)2Jy)mWDMTr}pU43)n*Eg3v{K%@q<1)) zdD%6+4?eJ@N5p$q9_W3g?fi$2&bs~MvRPT1UYxusW=)6lH_d51;JL*EHZ5K;;)mz1 zwH5wr$$L9r_(!kQM_$|7r|V~{w&ab7+LHO;b6;HKJaop(op#=Gez$d%cSRkloWJgh z+mDQi@0&e{mR?jpZv>vF(cOXh<`IF|L05h zO&wG5^Bvtje{A!y)95f;e*N0MHz#Pr4?p|T zsOMh%*Q!r$KJq%6s4&iAd?Gr&tYlkl8`}x2QS6#?hNsXQpOA2~&4yS01O*>*k1sF5 zD8|=bNr^AP=Lo%XJq&`a-EN~8V>R(59)4Ckk5u}!+eTpVooQi;H+{mMA=qu~Jha`I z?fF55O%Lp8G~HzBn)0Z9?Az+cguftn>SNMEME}@pf5#)<=lihYce#zpwa`H-lT>F%-$RJ;w3GFuOX2|ll=EOVwzPQWAYUCVzHXe6J=gE6RQc){3YT-fa) zOjM9B3OFtK+Npd+2l+Zp`1%~bY{zbU|6G4u$CR(rf_$+B+HHIuK$iKlGa-8DDeS{8 z2h%CY7iAB-Z5Mv&>xETWhy1=SR=#4SuM#nV6@yL8p>|sovj=bPYuooDRhnhW7w1`- z*iE2>qrv+rUxN~bB9#=3B%B&c=>K$Fb{ks}&F!%tQO%`HTQy9OM~2)76cYWE4BWDB zNs4(S=>n?Vc0Yb;ZoBTbQkhfpI7VsBZp%lpvE*sG2%9;aGeEW5+Nq*l(fs)4;BY9( z*==4VQV-`08IEbpq+DsY%|STqX*BJEc(@QlI3^xP5DypNcH02(a3rD$58^o+RBK!j zK|GZD?Y8a+M^AHP5Kn9nPx~OAo`PpAYM7%HjXj8`7pXS(Y(1{9AfDcW$7#w}Ysq7p zQ{n{ANc@6LyYZTm1;KT3j^LpLtj84>6c;6KyNydLou^F@&v}B!Ts|Fwc=`nKbPVF@ zD|nV5E{;SrQ9(Q$KkYU%PjnCuM@zfy7{bxp&uNm!R6gvMcH4CPqNuekUq0pxE}skG zVz*Tx9KF8!1;s_Bgx$8%6j!Gpo{I#}DicpkP|}3q-QvO?cyX0-hMh^ z-mS7!-Qa=PD~#ZQ-0Pp?Mu3hn3cog7122E=kSuYsLzyd#;Ia7PSmgJW{o!|S`h87M zz66iO*C>mxR)flK_xrj_`4T)9U!yI)d~22;_50$Xku-wG;>!uDKZVw~&Q{Gu@K}5$ zTYP!;Jamsgt|H}2@K}7MSbTMv^3){1FCOklBX}&nQbF~n@S`slKH~TFnerugEWXk# zzH0kCY^twVRwInyvG{U<>W?e+i#;>^ab2c-2_B2Dbc?T}zYN4MBYO@W94KFc$Kq>@ z#n-;4CcW(U^?~vwcr3ogT6|SHHeKQOb(R{o1dqj6hQ-(G8HfJs_cdMl5qNSH1*~#n*U?uhb`ptnvH$O8F8z;KLyw4gul^Ydt9uHU8rf6{N{|BdNS|E=jy|842vPPpIf<2U5F#tmgCn_qrm(HxH@ro@TXewd<- zwsI#}^Aeh$y7%1jz<^yMuqvgPhaTU`fG(fR*mMS{{zEgg^xV(NJvJFf@|2ZVx!rhd zky%*dbyZhaRyzl1ZmItbc!K5ZpP;)~9&v=TKNgfYe908VsR!7g)bOmPKNf;KxWp93sfXZGrQ&yl zP>fs*khPM2${{f*e)?8*`a6B=ai4N{J!#y3%(r!T3(;*t#Es2zM%I5t??5Z|i#nn? zbH82k9}7YkKlCd2o$1JQ<(boQ%1I?eX<#e0IfzrvWPw4r&0~icH8jUXiGv2knhb7- z3>nlvabTi}2y0?O!XR=E7??0bI!$+E+Qw-+_RKFnf<>FI7BoLVp^$3F#dDo4#u259 zztrdpGYwkG2f=6WE$^w~c4|>6@zo`T-a<*^?_OLtDIT5b)DoO#MJ4H6CKbo&91>%r za;BS=o}^B(Y1#we`|mlDhpQ}S6yh~0ljt%CtAVt0p?2sa`BDI(!t)`+9WH=Mj+!GF zSVM+KHT?+aR=m{cz(nE-6&}BJatJ&R4H9e`lPS_Cmk(TP2?L$7)(u*e^QlRJLAFB1 z+Zpr$iidnOq2fIbdItDh)Vjd5!4;}psE(Njo>vqfvK2Bss)#-S&)L*Bz_b+JM7ZUE zXN}@JS$I!_=SONHU|I?ft99)H>K#lbRDKU2eXoM=5$X+KS_-ccZu=FFV8leD?xbw1y7Mn1lMAC zzaW5>;JKMAZ5Xz*Q0e3MV-hno?UyXUrZHbFwbMJ$XdYz4fk84twkvj@C&2TG;%g}% z*gvHG2Ry^sa9~<0my7J!#toiTV!9lXel3=Sg}u2tM-=i zQ3Qt>;MsYp43Fsx74H&c@F(zGHC^(tpSBclPNAkv$3@dpybgpn3q0Op$=A~Og00-z zA@CfZA^D;Kq53(tgliAX#A$1@BwsinR6cURr_Dwmu8@3Z0b0sObtN7)RUO zcp(-SO-uP$iu!mRJh@j$KF)8U^06B6ehi+gu9ke~0a}W;^X_yMBgf-JXv_>fG7D^@D+gP@?XKX6g+Ew1>e))dFxm3{S!R4m8Z@} zXYeEj@)gz8NT2c-qF<2lMI|)G2k^1p0?lvYGpTzS4yO&5N}C?8kaufDL(oa0y{rk~ z(^@5HX4Np6b5No82lAn@LUd=+zr)ptYpiDD2(P6MoAxVr@zqopPpd4NC3fH9tVW1Xz=V0GrTy%}MMC4;C#?A}0 zw$ax^7O`pLvQymIDdSwJ`R)m>e0OegzRR7O4P|$BrrR|kIVIDj^;gWTPRg8>JjI=o zJRxmzMq2(@96%x?Xnj&YX?dwR?)>C2cv36b+n$ttQgUWSnmau+c}yP8i)kCZEHDQd z*&#D9Q1Mza5XhUCkHjZuW>0XrCuL_AWVx^fSw>;WL!h_x?A%nByI?{_zB@TJ)s>g$ zPR`8Kl9ktRbAC?kHG6_PFFQTootm73^Wxh^&q8CfYdMwkJk@M&S%ve<%4^HfPTEFS z!l{*(nw{&OUeifZbo))M*dWH#spE0 zTAbECdOYP(VbWar*#)_7*A$mK*Oix_o$GRsDac5}dvS9Sl;51{zAKKbUvL^0KUv9R zTw^nH+*#Ra1(_~9g`vwwh%ZMtxzn=q++$tIX|7znHV`fn><*P)>~;u`_9Dc*safv) zsW~oWKRo&^5Zo%wd1$;WfLs@fBTa-h0nRz;?z{!%hH^BcVn!uW(FvY&=!)P{(8e<+ zq-W#2=|6+sz8nKiPQm27{9J5C3Xe{J zU)b}K(_QYI)Cm_)P92N35gwgkWHGa{utX|=k-t80V$VKVzm`3y8#r%8Aa0qm3Hd6; zd8)2HM<}X5{BEK);7LPA8RO1D8lwFV9&otBpTz7OmUVKbN+{CF$hnb!Y{mrk-&7ZN+=oYhLNCD$8v9+s zqkAH$li5sI^eo$)R9V*N;hqDEso;V-tQdLNSlBV$1$nMqbo%^^N$gfR=r%5r;h>D86x6AH^cBHpzi%M@p1$+5tdmztZAgV8`FlYwN)P}q)2!JeL+o0FTJDx9NP z{dr?Ch=|afGLnq)!kM1ZIaSG3Ws~p*01gIm&BtIJ9{refS1ne>D8>+d^v3&$G9MTr z)p(DW+rpza!l%*FCt%VN^S2Bk&n;UUXLHw-d{Gtq8B>U!!2#t&g6x z5+vg?Qy{6Cx%xoI@ty5dZ!G?XN|zhqNktsshw%oDL73meqgOMc^x*ud@!2RG4il^~ z6-scG#eji5P48KmIjnzntO9yd>EZ+VP9XqaS7muZnR3Wc)D3Z927hiiYh zV%TOOjVHfoLY7I8!&AtCRgDL+h&ClVJJXdsK{TDe`m+@@E3tRJ?046vK{cr+!u98t zT!#%CQCm@g)?RX9F|p+v5db2j65QHYOaKL$ z`9fHD4{_(T7&-gAwQcKtzF|6pX$Q_9YJg&)8xypc z16d_(WTI3KuVn)7srJFDVNn_5U2s`(l-8Y1!!%303h@}-mV>DrM48`Sj6}|` zU^@gZIp4jNw7=cmAKtI6|LKh9W4ep8r$CRmqubXzYp?q1(13;Z)>jT6hxNPQZ#}K|wtLq0 z&be#&`43OJ?+1)VF|8O*b^4`u?OFf9(y%jM`RV8D`uzgczMy}7PtAr`-t6?tafjoQ zw=blW`mmrEFS^4w;`sH+kMwCZf57%m33z>1(BHn|AG=N*x#{qNh8|s>T6Reo)J{-I zM%fCkzGUCJ-klDuxghM&S3N#li#IX_z00D-*}WfrVpqKF__;USnGRLnyMn%D&ClCM zEpmPP^|*fy{pih~q1WqyQjW5{lrwmE>ZOifS`GYYRGaPhLcPlMLX_=;H&x>Jv+*nH7I9G}*|C3TytnWYrYT_@jY| z!h-s+tn!a$&)i_qE&t>YMS$4QRWYONkM?#|t*i-eP01h4cKNiDqM6jrBA~eZgxEMw zQB~|nKv`8R?+3(Q5PO**fKGzEsgXBB;5st)cYBPD>yH=_DBwa7GAK!sGQdw6ASpu> z#S&e9f20+uL6Y+mW86vR z;OhmO4Re2lcCNv9zM?s_eg*6_O@3)@#cZgbPK#nRAq)=k;P;Q{N+EtyWm!pTWd$ET zLc=Q$^XLV)itOr=vWmhv8c+RTYN@!Xs#%y`TTv`%F`&tVTjmNHJ@ZJ9O%U{|^bmQF z>Tod9JP!wPYRC7u86rsXhxzM@i)GMHlC=9;$wNEt2l7ez13>2gL3RHy?D8-U+T>vz zv^g{$*(Yfc%7z!M4H`vX$tRB-t7D+ptk5>8v8g*cl78=4Lvm9)kY>frLfeMvrspZzgq2_9o%w(2SoRFk&kCQVEiX81oO-j7shEKia_UBg!=`!T>PCt(@Sa&WQe@YATHQ#I zTW`C%k+I~dZPWA!K6SM`>o9UiUmc$PCu^ z^d{D^2_vpPCpweD^P2Eo@K2A4Z#o}e{Az1#c|iYWw?5ICtg-^>M+D3>-xx24#4yof zIf(Lj0y%VsVVIGFZJ3q>8#f@tXe02;EdgQZ*Sag#RO0o=Ff9kRTZC(Y;d+T-D}hbM zR$k4=w*yEP>r_i4yfb%Kq%7Q)2A{F25VEBVeb z_|Au|gWyXrXoC&D5e6+8wvK`?-JoR|e7Oc~GHg+T?^1)tz9i!D?W zn3GVs@(?GgXbR_|PecmssPs@nVPHljba0X4QI@1u2^j%oeht)Xgg>JY%jy#F`ag!( z2aZ1@H!zGxKh3aY9wr<4%?iGnOVbXi;)FCo-f9;kIlR9@-CwHiKT!9x)ctn>_ncv9 zbax)&ZoVHFa6dlaz9`^+v$}Wc@vD12SYrBA?ldaWd4Cq_hlW~R{an2H$`9$RM~D2QUTL7w7`AymElB^Q+V1EX90a5$-1e=Kv=IYk^aM zi-Fj*C=S-Y1b7?nrvdK)UJB%Vdl~R4pd0uCa5``Yun_nL5F?%Vg5ONwaom>yc__#lY8q*8ukbmjVw0 z(XV|?z#D)pXN=Uo)+j%WqrUdQn}KHlR|9(kG3)y-1g-_LpWF{*Pj~>Alt*Zj@(67X z@u`A$1no}z(&o@M;+NxGg!nuKZ4Qm4AcgX`l}#S?E(P!=&}f5@k6#%_n6gRvM$+O8 z8plXU<3SZNEi6GvOEYLW1})#9O*d#I2Cd4Vc@3J+pe-?ID-7C7gSOhBtu<)t4cZ2S z)@abS8?-$JZLdK)V9*X4v~LaCVS~owE@XZql}()7H|xKpC{8J>l&qmOr*3;=-lWOG zp6EK3^m5K}*S94?#H;swB~}6Z#0M85W@%E6s(0snv1cZcgB*_v^(?m=;~?m@V9e0E~k z(1L><>+XP)D3RH&gMI9-z4H9Ry6xeRp%%=}I@qV7U~k=(j!4bhfgBB4xU)rRwXK?` z&o02dYcF$@85LQd)!0zbSYL3U!F8Z+h_gDfA?v{61+CM()ta|eb5cXWfx3nGYDEN` z;eypv4&*{vSRmEAHXCKNx%rBw9F&?RtL!%Z;@sHG(|uXA&DjlEhZ>?ATGhKYEMBys zjixo$w%g%i%h9-6+e3d1u07itJYQJ?Tu%oh&h=ttC+aHe+Y)&i>s0q;m+*+j)?#Kn z2KF!^`>YeTv+&FQ7$)BOxJl4v;1{C_Xn!+ouNpQUph4j?Oru(X}EO5cQ`OYYjmTz6Io7zECb-@@5E;g%o%r0^FL^-oFKPzBbCeIlOE1{1=O`}#C4uEG z&rxm!Q!J{jswj4F5|MRHw)(8dhJvnjU&E;@s#<=cqxlK( z>A5p-*12E_#|L@@%W*`yP;2YMc>4e-&^KdaAoSACx6xK&{wnBbYmu|V}| zjtES=X+)r;*%c%;1msuptP*@}RVu6$)fx&15k631QD6}9H?)U9&<*p=hQHB2e2Br6A1l^_A2li z;OoHafo}qD1il4iSKkX{J-h>CgC$KiSlVQRrOlxYLCPhK+FMD}8|-m#aJZ?*7Y;dZ zpN$6A@x|z+Z+m0VqD0$6b5hN+dB13cd@?r~O-?kn?qcw2k7sfh6hvY|s*l3*H!F&= z3d!Ex3jTG(h?x4-4!_;HV_q#jk6E9Z>CzTs0o?JryQI zwGq6@BE$top|?KO>;h(;GgSLg9}5Lf9NCy`KsKgU zKuQp;fxUrYz<$8Cz=6PU;9#HwI1<<%m$Z2<0aki&?EPpm}E)f>i1tGzFLv5FZj4aXhc z>(%}s?19y;`(aW17+CF-_#G}hn&r^&YiA@??WdGB;t&}I9@b_+y^G5I9_bm2OE*j> ztCmfalMKxk6fyI*6&L~B4&=o23NRM93&?!E3S^nA#3ieOHdz(4$xk{-+9Aa!s{->$ zXekljd5a2ip>`^YN@1gWMxpiVg2V-|vARQl7$Y4n%!^(Hfpzy9+)@I%tnSANx1V&6 z`kY~@yNVLo#r~{HWY=VbdIt_Mcl?U_<(RD-=7sgkkt0(PKR~^)Og;i~?)e0GHtzg+D(KJbmLY$I@aXX}5b@eIqss{u0ss~jE zZpb>=l3sNKQsLLzZD=ZM#U=xt=0TxX-3xtXNWJQMi@)_vT#-V18B(vh&ceH{sSS9= zC&p&;^M`vI@@@06>*JuIE3JphbI}1UKs)=8C6tGnUP5_2$4U|(=7rw$0Q9C;)@QAS zZnPn#JNm@IiC@tVw6FE9-GUk$K;15=aRJoTJ6!we5xuBjzYyQ{L#GNg@9?oP9qaZo z$VIy~@0oCgD!L(Z1=eK;^#}5ZYbUjzI~hWQYiGS{&komSag()Yc-Dcr9UBVv3@=z) zqia)lxc1SNU3QFL12_AGVylu^e=`Q%MCleof9yjQ zpAKq({&-LzVQ3&>Z~!4GA%M_-ps~O=>yPy|!F3X_)>buk7f^Tm1K}nu{oO0S4*Lkwwit~FhT0}7!+XJAA+~gxmECWG zO4T3?mp6O#gcR{xaH1$TgQRpN;%z`?VwE1AzMIS(OTNo=?_YZPR4C+RTj#WTAug|?e-6DG+y6n}P~bm- zqk&%lDgEM6vrvj-zD$>78YM6Fcx?@kUEdK zKs-wKT?M4><7VJFK#n=*0=EPE0N(`m1%9U7Ii_5IdyZFpv?i76v`M8pZ4ROAy0gf z7O89wZ6RzjEmtXio4BFcU4G%q(UzU!H_X~rD zM-hs4)Sz*1u;dFjb>+Ik@KyFv9HDvhLIPn#6%X>$m< zL(({UNLovR{ks2wU@t^YL+0AtbT``XuMzBp5NG(?*it9 zT-Wqh<+)XW-+fX(4xsK9-#r$qlidw5HvO^8LqZt_eeE9bKZKk`=1LK|P1AEC3u4t! zw`dt@5kZ+B7NP68#M2N9WIWM$nj1BSg_>-!u;aTaOa~+&LHr6X7vTz zo4Xsdx~;7Og#MjkOFce%iwJfvZ+!!jwi8L)4z|dg69q9!!mmaT5S;C~yBAL%@WctO zO}F70lgJjfN|17x9H5;V{P11$N6jBs=}_ip7O4+!Oy70)CM! z21B5KTitUGW_%P!X;?|TzbWAUes!<&KcepS1;Wp!d;bDqpNfScv)yxQ=5)=SBQ(%B zi3LJ`AQuQpz|p_~z;QrKMq+_56zInNFyJiUaG(!33b+jD1ag6Z{S#t=kOJf+mrfs=uk0wKivN`X^>6l|vfxnJ!v z;KM-d%kXjh#Dwd61y};a<^#b|YJl7YG7oqO5X&?lE)9D>d<%hB1953S;8NgX;4Q!Gy92?OuZhK~nKOY0zFYXk4mD zzi$|{w+-6I28~M<$@edV_Ps&-uR-HdMe=n}wg~acqNJT|(705Qw0MKYrHZ7DGH59V z4PS#7t`K<*nm(&((s1M#JYvxjQlq{7q=Ii7tirK%;=ru#c;zW;gRaeuq+WJ|UF?pX z)qS~Z14Nz!>Q$|!jq}0_7gs=MClf zf%>e2(BO7_w$(`PJg&tv`hyJ1$ zE*>Iw9peM$!o8^wgELs_v#?WG?N;8~oTd97*`RAs_bgtt2N@I^RKCU{#3ms?LfE6& zqz4#<0Cjt7*pnI?TG&(jIYJ37D~*B6b+}^iVyW1X55Cs01R5Vhi zuqqn$8N66!|9ynb8S#7E@6n3{$TH=8*ag>iMaMWM=EIJ_QJ~?S58njf>ALX;64*L6v(zP3>XRjcjJ=t0Bv#}piL^E7?V^$(Iyp8&j=dFcG{!@>S;lH zAHTFo1r(R3QUOJqR6so?Xg}kZHmQJmQqZV?qRpXAhfSu1s{@&qRR(RfLEB)^HX1a& zmmnY-F$OXOF$OL^)EZBR*U%y9<$Bj~vE*`vtG8I|mxdp~V(bO}YPEcgb{m2fTLW(+ zO}%znzqGYrjqHVZMM27{qjCW%96K`W}%4~AfTfTG!!{I(Ycs>3LysGR(itO-LTSV^1 z!ClInO5WSZt5)bs19`6j8`r_72)1=nWAnwO)UqN&x5XeT{b?RD#M>zdXUEbKrh(}b zv>cVppp3v4r?ALCb!-{@sxJ6ep!H7tkIFzqtf?u0Ey;~G}l{tlb;!4y9#Tsf+9#E-+J8wXt3 zD8m(jioZ^k&@i+l}-?o}b_r891V+*vf7YcjF%7n}^cv^v)#U(IJz zrmzPjSBC$1Pphf>(bI(!VsSslH~mjL`ba4_&mAZHJZlD^46jG(?E;3gnv zk>`PPfk>Ng5pWxj>D&(73ETmE6Zi)3pFr5fY=K!!yle0eAZ8%$sP}Ql+Iv735F@yl zB|ZdlwS=+3cR3I}z&9Uw0LWF-r$CO$m=$~+k(+?e0Gol0z;A%B0>201Q4kLV^Bo3; zVb)>0#e)Yi``m@JNd+!#Qh`gGL%SYalD16Q92!SiNn_lS?;(S>&Y*EVkbIjB+D?PE z+o0_;X!{KsQ!D*4y)urL6vsPTmY>xg2BF)76szwB%2JO9@X{R>m16u|iS_{r6S;;0 za9`+m&a7|M30Xu5rBH`9_jZBYzXo4u2ReaB}q!^6opQs>+9nF#xt%%~{gPuznqKPr6qs~wki z2A}Z%)&WLl1jk!&rP;!V@9DUdq7K!8*luEHN{!HFZ?!YY&!n{qXPVLQCEu1$TX9kG zOqwG~_!IX`og;ksmX1sB0iVi68%wmacee58qV@{K6BfV|X5yKwc-jW=v^DW0iH2|? zQq<6@?yIiYy;*P5)x03qZN{R z-2+!a2auM*0h(KenFN2-jC2h(XR22N#gxgwbrYpq43#bQiKl}au)O(m7C>UsL*V8~ zPk(tP6KSdDsd{2+WWsu(_^OKK3wXL>GnO>}J9%8>h%F!~*fLwaz_Lslg2E`1`C}Z^ zYf9hTia`pssgi;ZVv1O~2s6LpXI^#jbv(>BG}N7P)%7N(ME%7>%#Hq60k4;QhE9{h zAC0b)gm%kv|E}p?pJSugtd(K?a*pkRtF@xzQLtE%bpZ|oy(`cOJOh{k#PLwR0^nJ| zOMpFqML=j{#Kzs;z)IZ50qcP00dEBM0j>pJ09+5m@ln3bK)i*q&6CO8PExw3rqt-+o!pJ(C%sJK~}fO~=Cf%}1YaP9lI za%a1qfP40tHMr!8jyAcXqs_s0{KY#u5#r<^_G5?k5`HNuL{NqhHiua2vL++Mx8i7X zaK;yJ@u1oM1})8?=_3e&qzUH_!`C0}V<036`>W-u3hP8} zzxVbOD?z*@W^%!P{$rXK^Tn~|$mZ8)T_wk7Xo$o*18rZdUSq`LY{n5I)){g%L^lmu z4dj5v1c^ie1GfP{s=~hQF~<0XTk-ZZ)_dAGTxS?AYNHw@WHqv>$5DFF^lCB?+u7mi zY8__Spv=RJxx=$lF=`k-;o(|BAGa*y3_B$+7>-ih4PfUeHCMbjY#tU;B$pTlsyv6g&Nki+P~J9 z4HYWbtkrnp9Io^eP{CS{ZrF#!`KR}NP2-S=#f#P}^{i{dIVa#=cgzM|M%ISKpK5Rp zIQ&6~4TgZQw+X^Kgvhm0i0t@m_~IW!oEWjk678NQtT^C_Vy8W21hmRf8ZRCi;=~A! zC;sH_Zn|6eJHS&QpszT)v=R5Z9JCX5Kkv@wYD1)=2G}G|nID|%8sNsoiyCzaiQ<2d z2H0|t1qXP4RGUvCB()ZO;sDq~3rQp3aviQ19znz7S-|JPuN)R0G;I3~TMSYsU7d#Q z62tbWVbh0{H2BobM{u2v8@kb$g{g&bqcAlcm+l@YOi__BI$+3QnCxD=fKh=%4vtyi znRz&s5a;chj#pqLx{1;)hETNvV?qd_D)2OgAT@Jh;Asj$YUacwG3an)vm=vLbNOT# z>vp+aHI(-FJYRL~v+GSiO(F9V|9g%GqJ zcs1^^xc99FVx{JL6o@sIZwn9$Y~K#x3&3}PF9Ht$@p^!dLcvxb7YEyc?SU@?y8>SU zLWQkiS?(JOL|gKu0iiSyk8QC?7l$6a0i*)rO(5GV#0KA5;M+j9&3^z9hj3?m#B1|n zDE|xMmO>D1QV62WL6wVkK+v90HaWcWE<%Vdv^m641nUKjJ&`sC)g0omg9s`(gw3J- z1l!}dBE+Fbv^lg0q=fNAXdRW!p^b-4rX^e19NKjTt-+w(VbJb2Xb&1R)Rzdwp*?HR zo;PSa4BBf3jgL@eydN60FAZ9=LHog={cO;pTIqiIXj_(_K58I)H0)TyrRB$rr#g@b zyV7`;jy`x}a?pjaER6f14dXpK2(kJz;a{Rd_h@!|}h5r%wmCUAN|I~LlBPzMqP zOfOB#!K?H-2p%(1*O3t*)ecwh!9YuLu-y##BOsJ- zZHkGhZgbT2%%k^0D{+}1b~ObxPRQRNp1?H#!{mg_ zoj@HzOvtVZZ}ozlN_-Yd=r4ITZ&z&+Q+y;p~)WAter#N_|ABuM_Ys zL@~*7Ha*GvCsf`}lquzu%ne-p0#Q}!oN9H}5T|5n9IR8ad9{)U|2H5U7_L^R7!j#J z7#7t;vS5LXh6p%)m#BMvI$jlUFGdN_boZNN9EN|Y#c6bR%z(n^j~hM-aK}a_VT|cq zuGw=G8{JsnoY2`;IBC+1#Kgxo0BJ$2dGL~i*pCH~QB3TqKo+43=mw?(X933meLyS= z#D1(y;2pTn0^SS6vtqFy3-OER(G!7hfSwCH2*gVmzGmPg;E%w`z_XAhNGU!(ExQ!R zbTn;4^s+jopg@}x6lim358{_2NrZTQN1H?2 zf?qs)0qtdFb7*hFwn@<5RW=8oi)haY+Ly}a5FbU^C}I}pF@m7l6IRxds^8dgu+{GQ5cdmh(wC^zCmLNO1>t8cEq6lXwcfAq$FQE zWpije8%few-ZGAJ3|e1<#-CtS z0tAX*@h0v*Mr%x3`N9Xs#Ga;r=LCr@&VeDeDVgUlt|!zSc=GjUvdY)*oxnJD(dZM_Ae5+n zFO_oN<5sj~>A)( z8Z_it(VjGD&lof=t7W{e7&I!%B<+Af(|aruOC!c_^0YjD??37It?S+8%S!s5BaDm; z9g7{gU9@f(Pi1u-Ts&W%%6g{%fo8x^Zcz(1@S(VQZ>Z_nslGTl<=#+#Q~}G$Q;xA* z4TK(Jhrs0#TroTmT8*7t>&a1czhUE;7`UeBfVvm}x;|c-$J56_=Xh#%4;)W3;D2O* zl8<4s|NexlONjB5BWd;w^>9IM9Ay-`2_927haOV{R}G0lI=@qox}i@{<+D_-D}>rF z#N*Fgq%}{bm#iFq&5t(q&7hSkOZsrg3Zc>OKajWL-t^33wIUN(mR*4?#+4+%{Lo5{ zkH>%<7k>o0fOs3jmkGo!avxK70yq_@;Tc6a0ay!c4ZI#023!Gb3%nl~4rHCT1F|DT z01p5of&T&0opp*G>0-RQ4|X};(I&?`+8jdaWlM_?iZ0q5Lh9WsXuI%Bn?sz+`42&3 zQPAelILc8jju7X2(&iAO+*^Xio=lrV<0!|OBto3;Nt;9LRF-MUg{w@<<;oVJ)fzNN z^ukp>Rg`=;8#K%t%I`XZw%(xWy#f)^h%t*H=uZKc6-!&+&$vy$E=C zPLvnhZ4M(8Z8=WXndPL@#MXRv+%PsuZmnI~*l`Kfhsz5N<${4O{O%G0ijgxQ87SHK z{nj<|TpffIWo(f3`>WeJO@<$1ys3fE>J}n>rFDxAYqdo<30_YMzw?9$yXr~7@rjI? z@Ae*Fyrl$rkV)xkJZ@Z`^%Y3pN`E{ql{wZw0OUHxtaA1f7Rh@^@*0_vr7PVIO1IWB zoG2BJI!rNKywfhb2~}?o;))R(cxmHsa;>2K+pu**0;KD3*re;luyG0vqcEy$6n-SF zHC#BT#o^M;-{IOFH+mNd?0`jZ4}2+VWDgJmUyqR2O9Ib|g(lg7c}T*ObK&yZ74GBj;b zI&`Pn$9xYF+_?8IFus*U@yjyiU~(p|gNj~)!GY!OQG>)xU{Bna0{a2WfJwkPKn^P9 zz+_+ra4fJ2m<_xfI0;w-tO3piE(9(B^5OFpz|Fv`fbRpZ1|9`222y=<4X_t*2`~k? z6bNOPb}i5YydF3ccmuEkxD0p$@J1j7@D)I|otuHIW=<4xu%k^5cC#t@ zm!vUlNn2>ppafGi#whu2G-y}?DcVB@EehMp`QZRWsPUmJQNO1>1{Wt!`Prx^giUu} z+XDYn2LCe_erlRQ2nv6r!B16NnBmSxRF8M0iB&~Dj%hJ{r9_@bm z_?07;KGp4(tuLTbf5W$T=ad!2PZ=_3T8YP7SzBEbUsY11egEA$gyDE>(SwWP-&r;4 z^8+8fGOXA7tCFwjvL7$KCP#j}>!qJ(q;357@J;u0Zgt(!=;k-C{c`JD(eK`^HBK0x zaIo93tNP#aN|*Elj?6a(J^bEKTWV?fpbu~S_Zr_7kA^4hY@YJ;x_7?6Ji5!i)Sr$F zdbX-V*rM!FcO7l=uBf=W?f(CKvj6?7wmXdeCgkCKe_tEKUNPJy~ed`L!0i7etrM`*2wmEp7-r_Y1du+)*ItGocBZVcIVkS zFRx#7?#SGEqxSDBe(JK=E1!Dzy|nT1Zw%TrY0lOQuC&_@w{5$t{LXhv93`v&d)kni zQQk8X7pAT1{8pE*A4|vzdusb#58ZlY#rAg|DOj@hqUXN<+lVm>&%5=Xp1-_ySFb74 z9~^y8pHI%-_I1_qudB8ky6%_To%x*xd6ztRQNhgT_w@Tm(aZxcta;{e{QG&X1v&l3 zwJVz2wci(CeQ^4qA-`1bdv?#~hi+~a_RG`bJg4dWXd)rab1(jD)h9O}dHu%bc^3@W z@;nD!VVuR4NqSaI?*ZPAe#LE9bmSbf-T$5x0?e@e2J&1c4k~2$@FQrO@o}-!NL_^jft^Pk{E*B#$HEr!G)Phf{n`? zGho2Lp#w=3Jer~m;VfjK3{9|71|=jo11X6N*5qqYLjUQ3l%%Ra%77&Sl!5(MSSf=O z2dxaG3}KHo#WgfBiQ}n3NgCRJXu^e7N>ajrMuP&2P$X$Xx*|?LLbLYtP3n60!rl%cT?6%Da=NtwC6E4G%ttFil2QE841tfiwqIgVs=hDt@ z>r6+Ob(4}Hqp_8l^UhS*ZO8G;9MePurMW$*b{l06`YxTheL-+IY_oP-8nU8?(>^Gi zj)G^R3a9D%eXE1RVUDcfKpzd7xh_y-;JF9CG##%Qhady<1*s1_2TbXS4hpA};HhLF zFzqgxiv}DR4(CU^ZIvmUPC? zpUmpi7#xo1&$bd%I9-CmIYWfQ<7QZz-hzY4!ELOY;Mt89p{M%{8IGxqQF^tuF~wtQ zV_X^7ZSnYJnm6riLgPi^EN$#8!86vB=I%jhK3nkc;11UA_f^Y=2Zz%`@Fbu)Tm&1< z*+FTJ1=X5n#bZiyPr<{r5nERK^LJGT$JI;lEJ3F9{?jukuHHd$DIQZ?ae~KzaM;uS zJ@2ZkgX20!hNJS18?5mH+x)qLhp!EA1Sv{?5YMm!%lSOPlLH=>IL*01Y3>86wR{wh zDa~vVc3TdAaXqrcmm3_{`GN-zKQLZM(>Ey190lz*J_KjpM~Q> ziGqhK88mjyITwc;1;y20@T^06*lKAKgW^g8)f$)LF~v1N@N__2oL$aXmV&_;H$Sn*aD{8P@l`_3E;K_$IPP*!c`-iFAWbYr6;kj;do!iRTU}gUWunlkw|UwT zEDXz6H45AzkqHu>PO(!i@^flv)Wf*mI z3Lm1;bTKGgCDTM36g(sprXwgaJzEr|y+Qd{QQ{1W(D%XL1qLNrde(XxlnWFk-k_u? zN}@rTswig|6tALmHz@icPiGqx_6?eI4a!zU>1$BlSCjz;<*=d*HYj*7Ak0vMa=xO3 z85F!=p^RQWixedSJkt7*qO>+B`xGVIpmboz5JnHDuZ4n7>|y`5Ce9?~=!bJOL1CYv zj>Au3k6mq{uhw=c@pW14_t||G?)u3h2dOi;bHk$DI8DZ%{(|p8VY&D z#W7EW%wgC{>Cc=tntA#&r&bEnv&F*0`q~W&WfB=OQ)s0yE*_!e=V1yh6cN{d%skj# zf%y~^&gQb5SuPfesKGrJ9>!&%h#Gv$%#%o-$8oXVWI3~ZtQ4kjuZ4%)RtnSej==+q zHXJRy2pA?VengUSy@R@-BqDRcxU3Y$#eLa+9>!&*Fs|bUPdrx8-l936Ax>O&o8GlX zRb=gw5|JA`SY!($c(nNWTph>FCusyOyNwblibmUXu=Q3cC*VeNslWt}#n(u<`hC5A z_#bnn6h~j>%9r4=_!?#LwX(;kAyQ7DuUnKa!DI0?+T!agcjw#Xj89)1lrO;Ia5hw)pZ^AO22C!t`}q`4T)9Unv$}=kEIF{Zc-puQ*QhFoMV8 zD-~3K8D3ofMue0u$n8?T1dqj6n#C8(P_AL=Yqs(wc(nMUni^7RT)6DEIAPa+Sl=}3 zlrOuDty0T$g)H zK}MS9c9)e`x!riti3d@+s;eujoe4TM&rBVlQ~6RMbXRG!?#bm{{wnUf@jZuancOJ)X?6qH4U%?KFok_qUBLtSFh|nQU=klzi!l z(GJmr$;5YXRWPpk$)@lv4wLCHT7GNL^64k1bLyCJIVouwImsE$i***ur)CV6mKcn0 z(HNWv%*4zOi>WV7NseR@9b@%JnTjtU@-umUj+8X3E545y;OGuMK86J&sUhB9V`)l9 zS4C~Pry9@IWNFvC{U>i~mOEoYdbZO! zL5{_}Hin$;H4jvXaNR+-cc)?y;`qG*_2}v3b=76w1@7Wf zPw{Mbab@M~G7k&Q?U`Tfsq(r@MaQcipv4syRaSfBM2D^MlzIz`=6K>%3AWI-5W1Dm zXdb3!7Q__P;zDs)8($EI5s|qaw#=oPq-u9Te5S@G2b92kA<4nb&L7P0tDVs}+9?AE zMma|(j{a?}(K(=?zcX1Itsg`6dqO~S5n;^uf3=+nd{xES|4#^nc!?${aYqS=D@xf! z5SJw6LVyH9NDvSWfrK5BCN}~qB{X7*ky@?V`f4kv)oSa~x>Q@WAS!6pYSl_#tp$rp z46WFrMU49Y{$}Q!dvos%cKN^ax##}oJoC)HJ+qvdDo(+#{!d&e%BK{O2z~)GMav6) zeaOfWxiM-xic`wHtuL>b`|yn{p14je zcKJjkjm3uha|Mpa3uXD;>{Oqm`NOl|J4=!|>Ij}ZFRLJS0$KF$@$~lRW<)^cW|hv4 zog5b}f`ED_e8=?Do1HSu%Sv=l6Klne$1w7j%)K4ZBk+~?w_K7vx^nMI$74CWcJDs; zzH`FC-7Cg;ljAvMFk1V73IF&m3QO-jlhv0ryT| zl(t1u_XRnQJ$gq5#R77A-g-OIsXB0QBESE0HJ-y+Peh3B&vzGUI!J1_5yJofYF z%eAh<*AKHlJ08QxUo!X7aZe+vbd8TtU4>8Cb++R%jQk~YPgAqsfbS-aoKRi4_eTtV z>v$|@a`*1Qy*n6p6sZA0b>-ez_%4NKQ;Fs4Dt|S2*$vOgQp9SRB3e0?SAAlZH>caeS#=xVHj-KZIw#8+CT&-Z9v3 zgD3SO>o3-lhHo$QL*e<{@pV-W`jKE?znHzXbF6#EcH!OvhO8IQ7M*BeNd zAG4t!x{9eg9;riklDU_QzgyvX|C@%b%YG&U<1<#XJjEl0wWRL727L@XM>e5Bb(Oz! zsUPE;CI zReN;;#$)KL=kZ8&mA~ruFNNpH?^?dD+S5vmyI;#@d>$#Hl{9?U<6bK~eZObe?9!^_ z?3ig`-~LL+V>$W%T5hL_MbZ24tb*?*$E$ecW##1!iteToo0*`#H_p90Z}6trDM#@s zpW;=M_+qB{WKL7+J)Gbk@raq~6Q9x{`+DhORJXyMru$^Ffq)+#&le&Mb93dyM?9N& zioBF;;NRFk*-$@sR_&Zco%T@j?w#$Olbw<)!KOEBs#|Chd@NZwx4yQac3vd+l(JKE zC)Y(5E?syjrzYi&VSgOM$$CB&9gtmFdCA<$sz{`M;T$GN8rWevAbUa0lDeAuSSsrV z*;SDxp0FWOZQ}7G>gqstU9Y3>Pw^&9E~uPbFd;mqymC^wys|96JX|?u@}%;z$;Fl7 zN%;lEVQ;8o?sib-lKknF1^JT-FBo4~Uc{x5)`RW`wNp5COlf6#{y1;2WAAxT_G$UW z;|nXt7Uz$f>Yav-tK(xZesawsJyADHXbBwvHq3-c%i_FLRUUW#MrO@zn9-Cgqn` zl!e*7;d7}>#&gXK69~(&KGhkPm*tm~PA(olDLl2ZG+f49yqrXi$;j@8cUBQ88=VFw zD3ThmvY3%g{~lPFXFqHxudSWBv}(x`(mKwZ)54pCsm!$&@O48Ez(LqmPEA zRFyhBz1%wn!e8*R)XtqwDtA+-Q@Ks-D9m);iZhGOs}hZLQ>H4D6)8p$)|2AEmmDa= z@z$U2rRI*COVW9CpFuBaig# zkFe{eeDllmD+|Y$(Qe@oyOGkfC3)31@cn6Jgz1I!>~B!EODiszT3*J7L+PfuJ6L09 zn-%$=G<6txq???kg&0>^ild5jfBdWnC>c<6LvZPsqWm&;W2I+LRAkNaP%qy4!F|Ex zvO+dSrJKepCOip^gK6cChf$3{WyMs=c>b93@zYd=OIdjeGZSt6_?moF7?@;8&(6h< zf*Ivu+7C{qkI8{(g)w|8w8oNhR_W@`rFTx)BQQN4SL}>>P_9gZONKF#XW2{%uEa1^ zznof?p8eM#vnH1+Z}W>?R#MPTz+5d@Sxw!NDptP6)YcbO*H6+i%EGyYHS-oOqf1i) z%FRNPX381GC!ziuzq6GHQ;Q~-mBVALQBqygXv+LjrN!9d$&@oPaBBXvaAkg3INy}G zoiXtb))I`#`%#lTvv2vs2os=`wjBf0KBt5~~C>ks|^1p38f|g$))QofZm-{Ad%prlDmDK#127c*6|F6)>aQ}!28iYkiB zO|5(b3#DD!Q114|h6)T}^)tp~zKP_gvYwbTDv%1cB4y&BMDx?^I1E)rT)~SgB#1*~ zBkZ>1+4j_AwNjL+$a*CwlD5r}M z0}y&tyMqF5DvB7?#<(U%?SY>r#$3+fk!MSx61hJ?qe%>Mu($HarJ;ge2e-*UQ+s4+ zi@LcO!PAs3Kklr3epTB1w2eRbV8%@kTyf6>FHL9q*3hp%>EvnW+`6uL_20Meyy(DR zw)0h)p+9(D-PV-7Zw#w_Y0o2nyt(Ny`&o5X%JJW?-m+%jlq)_zXWTva-r4I@#BDst zN-6#5m0@oka`T%%_8vHJ-Q0`MWmsqEx2`yB{m`=~4}0|4qo!_oZXB}yFAcrd_mBBt zTjMu(?-_n+YWK@WPhj|m_?(r}ebxzEZoT7#(wjz~cK5W~|M?A$c{23+u@~L+@&o_7 zHtpDF4}A9R(?93x6GQ*t)`o|k{ax?RJ3^rge}9Iq{?N{ztdzN{zTb3C$GZG`PU*H{ z_|v@yvr{Ei^xt3h>T_Rye9gX_iP-Pwr6+WH}Bvh zb3-3HY3?z9nZEDzL+bkMSbgUH-*DeJ>2r+6jAPE8#RB;J`l_Y5x&X2v_mmYQN1QtA z0!~J*UEYv8abcuk){w!o7A~8+q_MgN?V!PfhKw3Ke8`}|vlUoyW9!hal}#<}&8S#$ZC6Rcd$u21Bb|JKQ+vz9Mh z)`-md-#VnQ{r?G4Y%JOAT3f&J|3}#Tbh8_3D;xexH(l8x@o4I6|LfE<*|03~Uk1t+ zkjToqn*Y)v7d!H^YRSU+%l=E(r~stXoT`TZPr;H)k%nqQHK2TO?tq#(b-CvP3+r*U;1=OUET}=sq&E51cOKrP2BQ-Oxf# z7xGR-r}ny+r`^BOg}kxo_8Hm)rwe)2=sq^I1x^?8n$dk?Xy10akas(}e;V3dP8aex z0AdQqKb)wLMbe%Pf0@$WoqzADk}uble9jFrYu@pVzA#2#cvpqLSQqZde5B;_wa-QR zWj<2TvG(_kM{}u5^N!5TJGyfpz?z+WoA_m~%`M@K_S0ba9ESdxkAyq8sO=bIE;l!~ zbvN!C-sf9NIJGE)8v?cvwuA!+z6VWoWs6i_Ui7Xfh)r%V0uVy#eFwXm0mRwDuIELUzKJHf-`twvTpS+~nxnT@6g=-Ba)hzc7 zbXOSne|* zdYle$C?yD)V*hGR5iv(Sq5o0`X>^gBr(ny^J+ukA$#MuM!i?*bo4%a^nB_-v)5;Q+ zL+8(_WP=f3!FHX0x#XXJkBqXZ%I^JR5@|9%sqzix@s<2jic>>_IoY{HR^grxDjX~+ znUs49y-hjkY|2R&GKX_m+C#isnyQ>hx&5mzQOcdsIpxwhCh`9)pMVMWfkh-Rqubfw3yR?#SXg;48bzMF^%BNZd`L5w)T{*&eUF{MiA;yCCtP@5E zUhSN6>s0J1hy@rZ=%@_WvWRyXrCYZP*}Gaxjk*0(xK+Njo>FK@-h(}C`F;pwtm8cl z4hA0q#q%gQ7JLj;e18S1<#>(9=Av{q7o`iCQ?D%T4aaBCyRx*7fOe3aJvA{G>3cFp zZ*Dx4+dWb%I<6`hIiM#QyKSg0m`R$k6Y=O^8M_Jdg1C(J?To{0=0P(ynoa*%=BiUs zGUoD-xl!k0GdLf^e=CC({`d^On+%g9_khaapMoPm_OqMY4(EM3TZ)0y`2{_J#gQ7P6&FLULT>_?=9PD0 zpVN~@9}ar;$P*o-HBR-GAEvXH+R$<1TSxoL=DwGTw}O+Nbl3J09q?t4B?lHP2`L}kJ9Ut=y;PI7`Oz&z5 zq|^>E);Ib85vb2J^W%!E?1<-gJS9nr>yp~JmGx$2!!}0?7Mi9g)>~})il#`1fhz#H zc+TC@wT57dsUZ|CWQNF!FqWe{?iRJ%uzQkqPq&J^MY<)sRpjfie9N*O3S0CNB-e7K zF>Mw-Y}~&)~Qw?`vQ2elt%7N{W32G0TKfJNY3 zZ~{0F)b^M8pkxxn>!v!8iS;IhxdFTxTn=soSAchdmx4bBF9RP0SApBWCh$dY4XAwj z7N`_`iN{ti>1_3qF68~mnfCH_I$g+AD$A!mU6$`8r|adN7SKinw6g=6rqrz6@_^=7 z&Gdv?nUUG7r0cp?ZpQTAsFgGSqgr_qwUU+~h2sW0+P}t)ov9qTwi}yvPU|S_0L1*n!z7wjXD(e6q)d;D7rAo?< zs^nH4-5zFDiW6B`TZ^lbOKSg*tK_YOpq~xJS5?VXmhB)_5>d`5ze=um?^y`b$*ZK& zBfd(WN)=EVod&Aq9|S6hL%_2@&Jr;_({NBd(^+5zI1)ts_C|q=!2(cWE(C7`i@;mJ z@!&>qBKR|~7`zXh1a1OL!DqlJpz^5<%m7tQZIzVHR!Qk>m9(^-j?Y#}OH-A!e5#U` zrYdP^s*;wbDrsq|l9r|_X=xING%D8#Ka~2&A;>@jOFCLg(xG-GJ~%hHvLM%qDbIM70QB$*l0Q%1Ev2Lrg*SJ(6cJioV0YGcOmGIwYEvL0{1yMo!JC zud-!Cqb{|$zEXHpL{ucyB1^HnN5e_A1vA0JLCTnS1gKX0C{W=)8dTP)nAxn8&Ssr- z_Wnjoll*CEru9>@28o@+azTn`l6$|AF!#4q94y@j;g*^OKRM!?hF@bAj!SphF~uI# z`i)g_O@m4I#=5vv_gf&}lEZ&7)ni4<9IUE)MENJ2DtoHTe2D9Q85%2(O2y=q!X7VJ z_95*RpW{L04QbFMrzrqtZlWJ}GVdpVr-1`N<<$#3Hm{_!c_m%Qd&QadGBXdB))COi zAY<3eLp1L>YJGT5>H3nr9GjUQ2!?K?*nBRwI4-BR(?miW^?tkld{U(KQ1iMnokKxe zjRe|SkUl!Rw|=HIX`PZjx?<1rVq=v9Ns&a=D^~2Sr(|@D4)3|7=dev}+OzHWbqr`; zOMd#Iq6G@O#M9lzi>I09>S!wvr}3x7{I?(GT<+dtLt+CRIm-{>>6W|sQbL&PhhlWe z-um7#!QHdGN83y~!}ed$UaZ-v)`J8Y_zLBh6G)BsT+G?no6?TJyw?vAhrb#j7z55+ zm7xo&Z;*M#cTF7j+rU{Lw|3Kh788`Md8SahsM}~w>28cnGH(qV2VEj>E+X|f1(pLJ zJ%;fW`zLaksvpBr3h{S5G*xgc|lBc)Sa7Rmccl#TD!tQRFlHL~K>_97p ztCT&Du)SL`&1L>V3WYUWHBmgrpvu$p(qE&fcad5;-g ztCI?b8>W+rZ5+RgH;af1N{l-9)%dFKj5#$W)ej$=1MR9XpqZC_FhfL0gK zA^{C4;Za_^#oN@PWs3x8$EPtoo}&PiEwV28+s z@oqdN>YxNSwupRWf*a~c8Z(U>Z71SE+wuIxJNXYWooJlgyfX-_T=cD~^=bPHe+mB5 zUwDlt7=Jgv<439a(-VE056I@-{KW;W`M^n$>bQV3?;jK?jq{=T(-Dz#66~HAIVHhv zbtEUjZcXEmxS*~1)P(pLLw@BQmj?=PPvc^Hw_%%-PY6D){6WRGaCArJ{Uh*Fo-uJN z5V9j4`8GD8g{!WuY2f?k>Y7USKUU6bTsBwR4~?9Rog_-j5fZzi?b#S?(=7O_5$j?s z$!|56hw)tQ=wxA&!m}G}1K*R%!* z2u(ld{Q#)sL)vOmTt5d@+cZ3~wM{x(+oTJbzR=P(@os5Gu13}ggb9Y~`>77T(823I zlW&V-YKbaOW1h*o%{x?iT60oxVtsK|4`1R+Z^%Y~@+B0x(rzvuAQjw%075(d?r-VV zT9Soy(UPqJQ!h+6^W?A<&Mw5{c(ViDH_%yA6^Qum@ET}J06kLi0{(l@;;$c&9n+M9 z;e^7%_P*-MMVyu~N4=Z9CB%0f3o)vTQlfP%SvY{xb#-R1vRT`bPnKr(C9|i?_DKDq zGvntE=k>~LLu@ye2Wd19s`I=aYm=@k^9$w*%Vz!+PZdlBW{IJgftBgT5M9ie9$}_w z0A>h9P4ePZa4JY)Y`PHq1GoreiJ(bt{1Lnid>d>A>9R}#-vP=W6>3`$rLzT5x{!*h zG4180P;f2n6sPOuogUEq@wLv-Z3%ZQDq5t%<`>Njns~~X#QX_)i20PjmI5>ER!leW zXk8|iG` zNEb50HA~aKrP;x^8=Gu|tl188naISL5mR@z4V=QoA|_9|w}cjWO}d~pI*GrvhpbAu zWkK84>~GC(spx3GU-kbG3_s-2bh59@MfVC%4oy94AUtW_c>ebqonjr|5~!4>^Y|*h zC6F5v<8oMbl%n%^reyJFlrI?1Qw}$3qgZuJM!Q)S+c3m>=vxQL@MIaQ#Ux3!5}@l` zZWpkx$4sN=JNvr0$X^s}ig8n6RSD1-R6?v&25UeH|DmAhhk=KKS>Ul?HmH*DHBieR zIp8?(aBvEE1gP466gUfH_hC~tcr2(i=>w|d&^ox1Bb_Zd(uK_OqNQzjd?7QVYiY_Y z%SUOVsAUonw zMHrKirSof+RnDnj{O@=Dexsg?->kUs)l``vXwP{WOoQsM6WwmM-LN;@{HrZ)vW1>8b7xH%SZ)v-n&P;p73C-tz7sJMop|-JtA1~fFe>$(RpOLttvi+J*ouzKrZCj0{ zIFYRRKxX6M77@sg$8;<&VH{xq}k0z-=#dGu{8bfHXjNfY&c^A03ZKe>)`iPR(3 zdo{CdpOTIVW1q~-wM`f%1fg%^lFmU`^Qrh6r^SVW46@16DG)Yi7jKIRgr5Uxu{qEa zC)=tBmvhx0)>1k$*V6FV9N%mtcE5zI?wkv24qTydEp*Y2$%tvLXvAd17#IH@(LfA# zUZ*7{Vb9nkRIAeV2*o)e3Fl?5y&ps4PP7J)iXO8jwhvR1)Fq;^6+@S3{s6yuzl)xs$J8leM~m;LhF`Cm zKkXY6z0L1*a|ylXQ=3aJv3o>A=|?Xun%I8yddBC{=68I5sK3WKx3q*6G!-F5PkRYn zqIHVKc0at)`3n=hO+Gy)dc^u}pS<`L-&>QZ*Ftxh?MIJjH?E3{o6FI8E+jGWo9c>C zO#JekgT6<^?~KIw9pl{M8a30h(c1KURDE)LZd|Ec^XUtazjC%hXQ)WgFc}puqtrtk z9Ves6j#}h5z;Ov(=0Z1DF>m1#eNU~~SnG8Be;55_be3Xoj1BpzZct+3E}x!a<&tjT z(a@OZZaM+%0Zszb!08|hr%l&^hk&<$y}%E^L&1F@rKPEY5|a&bSGvc%Wz%cm;h>J3 zJ_=kyy*~!L1Y~Zk=|~cwFW3(}0el1=l`UC4XLnf5YwnOhq2)1ogHV4(d+Y#rXH|I+5C zw{?BvtM)ZL$}&y5+t=h@^jh(F3%6qHChhb!pO(x-Q1AV0_z0OZY9eOspAI8n&G8MLFMV(=_R?()nBbR0dpFN-a-WF{&b?e#E1Oyp6H&TXLu{ zwBj*Cc}0w=h1r*nLe9>5HvDc10n<%RSB2kgFLwI&d{&ZLyS1`T_S%|NuaRt<8V}hT z-cCN5+wfGynP1$#rL|`Fv*BIQAnj_0%{a$qzLLGwcEM>z<;53j5U2ieH;=t3_6?&u zj{p5ecRv638lCEihHiyCz8Z_)MZ72yQqy4?##9GkGh*k-V63^ygr-6iWQnDd(2R^5 z+R06caFiAA{GbB)Lp$mi2cmN5VNJEEU~=780kfCKI4CO zl6gj5Q>SvAOFZl5xN}g=+R3AYB-u`_AHhArM&NKP?|@C8O4k+EHWcxxH_eFL)IKkL zKU_B{;;8g<4AXF`2sNDYFr)VlNEMn~Ipyb6dq*#ZR!wP8!b@Jf*U1R7@Rpn<8tL)#M(+JHo5Kq^NmVvnykTJmfYLm?*R6!%X++4(1^shb0!`smLx!x1D!qcMK|bDT2qP%HV!e60Y zzz0QhIjXu-K^cR+OlvpUTwv_{{wc8OL1}(pMX*15^AQuxv6iXrR$E0x>JXx+t+$%n zkm~8)T^E2Gelwo1LrCeNve=WSkVh(wvL&Z`f(mj7RCqE#^$drCrQl(p(lHZM$~@0w z%b0Ywj7ewj+_tpm9AC&x-CEkdfQE!u@icSo!~C1}bF&?ZKj|-?b+e0S%*z?$m__U_ zvC=rvj7l~KtHsUxPi#EP(9B4ywR?zFw$_q;vAe4n*lc22p1t||%q%-|^DW`@_A`yO z#c}K5jmO7Cop>@XT3;BlQ;9K~8s`z1O*}c~a9*pURZWQt(*FwKN8l#}jLvp%XQPwL$-B2AO#FI- zHlgn9h8Eww$xa%Nn)0HAy0e_~-w)Qk#rlQ=zM^}JEuZH=mmjFF>dE@S)7NmCGOrFY zc~3UTG6g-?NcYY$I%WW(TrG7pf#Rt$9@}jlNVVm>1C*yCG^Gq!(qPz!~L2wf|G_GZp9q}B&b8)nE6q-Xm z@*|O|xeE?5zvNL4)P~AO+lH3bE?gF2FzK&`k)n(-jcY-!skHk_{wvoMh5?TFNt&H> z`X{Jx?FUus)m++Kk`*S zdaXEWYd8Cvp{1A$(6_xpz-+x8)k9{H(4!hQx9N-ke|K+aqfFZF6iISL=uy>$wi|iZ zKx?Ge*pFa{)>^XLZNjZcw_Ar>!@JwK!(EJ;Z`tPtWLv{~<))U&_t`DcbmF!^?3MxF z=JO@~=#qWWjnQfCCG8VwT+VAh$3!o^wIZiAysxF3iCubY$x-aAX~|x6lySg(eDic` z_-VwF=2d%{+b4+1#vq7BbnmZadf$QzTS8jy^&-a_(Pq;k{Mh94vuoKzf~eiDFe|Fx zB7r4~_)fOi4Fj59GQPJr8P^FrgV>IiZi~{1w1%c5eJf09?Q5ynWh54MB<*kBe0)pE z_O0PP@?vZFE#=bI@D9B(i#599t<2^-r4R3F3BSBG{F)5bm%KJbNxQ3TeRw-HY`=B9 zCA1esD_%>j;JX3#EbJOc5{CC&RkEjPCrcF_sTDi)#p?dhW`dPkvSVHTNTj=g z6&-w`yh$_X9jW0RR~3zfJM_HeUpHYSb8zNs=N-+fcBI#LYd^BJOfO%a`;a84n?X ze#z|FHiF4L96t#lo}){)U!sL|1(=|&D?OfATvf4W-INiyLrO?W>}Y-}*U!U@M~}z3 zf#J7Cu}MC|mEyMT9EkvLYRMkBwaZ2e$Qdm~g}i1yQgFQ4^iAe42+T9XJD1(sk=|Oe z9Y6N_9*DFxyv^iFcpLp@YY89EQ0Q%?quV^pA7Acnn=OCCd$;DPMWbBoMHFQ}IVAjQ zDMB)3W@BGV0d)hTZ7ox%0DJAu^A?KKUR&i%=lfKS=9DDh&~cUV{|}?9=6|2jEeUj* zX0^22(0y!7f6KoFoE&X;a=H)DeZ-TdS!^TM<(R#}*6u`TFB=<|q5F~1tw(3w`w_a| z8QLr8HW=L?>I#Ape%yvm4Ofo2f=-E*<9z|m`gT6e2Z9?kP26lTx((>m6k-FN6)k>? zZX>ibjo!@c6w+v*Lz5t?_k);cT;UHDFRCvm3<P? z=NooLx|GAb=mv6bAc=i%h}6~*tADl2ITlU@!tSaotEpNNvxQunZE`TQJ(n@Gd(vf~ zPAO{OdN9rBNUYbPm0fR5*L3uMTapv_{Y~u>2+T=K<_HrBQ`WJVSc-L-e!1CA(0l~v_g1J50f{w0Eg$|6#O*~HNe z)G#L%>;v`ym8@ytKrkH~0v-ZN5bp)%fro+$a27Zn{2Dk1JOW${9tAdn$AXuE$AN3X zzTkQ=7rY+q2WptqA5^DwB6uHo3MjGeR8TekH1KI~6!?4aY;Xs7KB%TN5Bvzs2i1NQ zfSPR%gP(!pL2aR&0J0+I6@!^z33wz}3bJzMO#ugkWgshLUOAWtUI1z~e>$k)*9=g@ z$eEy4?=A!vfER@%#a5=aOybSy+xC-0{eiQr*Tn%=k%-ssA=xzXWz>VOs;E%yG!Mnji@E))P z{3*B){26#PcrSPZct3bE_yG7r@Imli@FDPi@DcDK@G($j{a4^`!C!;AaPx8SRq!|9 zTi_<}U2rq_KKKXlWAKk)2l&5W56bMDpf2xz3)I0>e+IL`zko-ByTD_>_ra6E-JmW* zZv)4Id%&sS-@uvRUa%6}2QCIb1|wkKbgyX*coO)1@MQ2Fa0K{s@GMXjj++*nbnw;L z;2Yo+a3@#>>hP^k#tS4`zZA^bBwfh#hW~45cknM=$UBr&vvzeEv9((q&~$r}KNzlc8mKitovyK(BKizZ^0C^Hm`J5tFkLGt7>w1fLLa{= zKz78VCaf&JYt`omV>zkDAAoheDL{iZbt>}O49|Qk$!Ei&i+zK!;46hCe%y903kwS0 zd7#30KB!cXpk%XKI-A|n*mF*nFW|bN*Y`zY7S|uOecQZ8 zhhoclj}FBcPfB{+pD+~L-==lq*bx%r48{#+8Kbd)Fe%Lfn`VS`tVH079gKX!JA9d) zkxvJVaHcyy!u#9)0YQU~^ww^ckCB%KHyQrmgOSZ%q~{T4x^^$3^FWPs_V8sTXS?x# zyu|zcoyGf=bgzi_3jv9`MTMhFG9rm=WtOb~K!#V))>rH4>b5x;*SJNJa%%iL>#moW98EWJxO&`xDQS{pR|ISV@$W z)ESjSeaW;xY*yUVGSs0iV!pW7Y~G{dUWBxf^2NPxx_4jP`#WZv98G*mQ#C(l@;v0| z7t^~aohw24SEXJDoCBT+&I2{6I3FAdE&|U37lTFMQg9Nu43v~t2hIk+0nP{O!8))3 zTnRRUYrqwtq&q%8H(ze?k$2NZ-Y*C50at?$fKA}j;2Q9^U^Dm{cm?mBWdjizd;get=@He2QuQ!33G~5gh0qJv^hJnw3Bf;muG2rvy1n{@uRPY6GI`|?u z6MPwzRQDP<4}2X|`o96HA^jtGHTV{&9SVN}Zw225CDr{I{5iM-)JoA#@M-WJ@I`PJ zsIvbqsP5pGJhnTK&UOdVg}m?ZuaxNJUFUQmQ_D5M+RLm7OBXVA+1k}ay|p{b>3Vsy z1KN^+Ru|ATp>OS~_FKEx2ecmqGg z=H1f1I=$5fq?z4CR;MtiWo8Hpd^p?)1x1}k)E$yq*yB%Je-d6XYr1$N( z5k5%yu1J#JUEJex@PzLlE6{e~g1SkSdn@$*+vUEDbXFQnb?IFWDjzC9<-;^b{}pLm2TM~vSQ`1zyr)mH@rL9|zb7yvfBpKBU79CvEyzK7 zW|BKgV!PF5xQT0o;$}WYY3vU}^GX(AdEq83qH>oZIyE}y46#KM<;+A|E zNJ`Y^+_ZJkZzL6BcT5c%PMSFpCNf0(OA5NXO;ij|w5MaYKB5lqS;WH69)GC;;e9u& z8tu{979z2Bx2)v%V!O-aYA-`@rF=_=#vuR>e2#vLkUY71TtoRc<1h z`O#$!RpulAeBEqrCZuD1@cBUm@Ywm$CP?ZsP@SdeSf)BmPd7Y<$)7V`X4bql_Zk(C z{kZ`8V(*G15XbP9+@O^-*J%o!&z`G>}K-VbI4?@`&~t%X3)-s0X*!)A1( zzr#@lN=H?zqj@B*O0A%ZDQ#DRIpC$B(&U?CK=zt6RXofUSyx@qWakG813FXG0Uu#XJ`rq<*tKcj3WK@=*QO5Vbe%NW~60 z<*%=1qftHR#Z%2AHCyEgoa@R{H7Iu$f~SFtz#-sLa5T6K41=|x>PI~|1B`%*MEH4_6woLii_E@u&whCEASTIYBIRGKickA04C99= zvZHv1cxGhrXH;U_%9W4$3|b1;i=G}U8EBW>2~+0Xp#Mo8YUXXs(IZzIx6n=lR)t;Oxt>b&RUNQ$Fh z=`u}?F%Gn`o5wlQ-EcbZ?T59l6|%Ksy|DQS{d<{L+%HDM(#&zQkui>~ z2uWhfh_c|Vd2{X*%hpQp>Zfzszu}oZB)}DeDqP1R#oNe zWYjMVT$9ijxH8JP67P2g8-Rnn2xPx>-&WQ^{chXMrj54i^mUfnV6SCuA4S9JJ15gC z7_VQOj&Ts#oMf7E@%~?~4W@sxwW6J`T0zx0?Z^ z`C%`b@YwkwHBS3^(u}BRyTy}uzr)Z@=l>r@cOL(?gB*)aU3(5kkodIO=xjHuF}vO4 z@i%l^cyjbjrQ747wOiW>Yj4S2n5KCW8mwKdkiKecoJ^bd6JvTQy4MU%Yg?A~AiCR( z>2J_kyD2nnR^Zoq*C1_gr}E=D5Sj zI&amGOez@^rBfHx0OsTK+!YaaleoJp&1HmBE5qZt=y(QSp=z`eJ5qT8%YU%xpwO$9 zD=v1RqXwxz4AIY2Vy#MG)M_$HR#op5aXWsIL^i;fS&2;VD{WZ4bK%mvGE!=sd*2xM z{&V;4e+%=ad-oR^23XJW+q&28-lJn7QPZ{?NBiG-4Kc=kB@69^$HJ5PcdBy9o} z^ryg~AhL9m_-R6n@b?@zf%oUZa`0tP!r!alw?RI*ZTcR_cgsziz(0YitL>mNw^y3o z<&gnu)BK^J1{&qy2=D?>**XJU05*W%1|#78U?ccz@Dgwbcp0eO65j#`f>(fNfLDUE zz*g|P;C0|#;0@rG+yXuTZUY|zUj%;%svJEAegys+lt}hC$jQdu6W}S} zli+FKZ$J(t_cnp&flq;jARj0n&S=y0K7xMB0 zS~#Gs4QSdOW9@DVXj&_=v_A#3odHezU92A;1+>otS_T|%?VCAf6zE$m!`X$rCi&ssNJ`^W6_Bz&C`P64|#ITIMa4hb-Y`?OVHWQ zsRiASdF(YI8;wpK=O;$@aG;}HC3IMup~-KVNyX1@?SM8iuEUa@G#*V}UL?y#xelwM zu9|a{+?}%;d<6_Xqs7ik%k#9=(qAt!U5s-uBl8a64lt>VAVzIGaIZ*w$(;-`l82%g7zq@JfjD$Xx~nc(k0`THt30DKJ`2)+TH z2W|%o!9Ri$s@?>rfNy~{;Ge)H;Ge+=xC8tq_zu_%z6&ax?}0aiY~eTC_u4^;E_=YA zgMS4jpnV7`KlXxZI3D7$4Tp5L;gBw5HaBfIv>)&|$ zO|wvzPqR?gZf-yu5YVWstzk`CXEA@BVLnx~wZ+Q67d@3l=k7~^ssvB+B%d}o0TU^| zXvI$(yoy=;%8%@%^5|2XxxPiu720VF>m!X-OWe(SQ>&KN_?PM(eEOi%Rwn->1nojl z7WC&?HkC`&&Hh+Wrk~o2Z=j#zacx+DugZotMFeWd9VW zqj(fA6+)@A4zbe|BSFRWY*3;34Ua7l(%AwbUC8^)nf5XtPg+_I*=G5Uayqv;s*kxu zDf)>(28WH96^Ym!W#_y;%0HR!KFDiEgM5|dnqM6sA7218Y{@a(bT$wadjpFmDbjRQ zgUA*$hDK5)v|^Re`tT?%rQ%z$5Rn)c*NVxGYV-`AIsbBjaN@T-OQLAhVv9r| zCyS^|P|H>qTTc8^5iKXCIKY}vPL$Ef%8A`i?H{|La^n|;>8`z->OwlxFGohSEOJzV z(n9VlJvepr|YWccz^%s4crLbyXvl0gI>So zl(UY$dF0Ez|FC+|#{ZrA+n2XJK4)B?vnMP(qAB~j9sipX+JEn`-+%d+NqwiUxZ=uH zBbTS_I_a-JeA~Nv+OhvA9C+Q^tAF!Fdq#TdSnu~^SHFGX(AO^rkLsv9@aVTre(9Mr zU)=Fp%4yfud*8fo_@unNlNJsC{et~3jvUzfvm>v+;+ewcH}8M+$Q3z5TIQ{;=%o>mI!S%tcwhcyM^t6C0kK^x7$( zU474&n`Ue+ygcQC2R29EdiJtc7Tj{iu30Zmd3o&Yd1v&l=>FY*?7H*eV~fIb{^4Es z&JV+v+_U?I1wSq7`1Lne^m+UKh0lKS#Fq2FyYhx17d*7@vcHcUx-#>QF}MHZwgu!_gcQ*4?(hHbph$C% zb-7=^=H-Vsd~f>3^zL_c8+*$e@70~OV)3x0Kf3s$#?1$=IOqGv&D_>FY}WP}@4otn zyKj2_^Pjvl?AXt?6(6id{+L(Wb)#(y7kT%U*29(-oL|DLnFqh{jHv#$8T<$rwr{ln^4 zT)Xa)AHDPTz$>e-yyjP{j$1zJ{h9lZNZr{tyz8ix?(dy?$!pn_gVL_8c{CdPaZgLf5!s;!JJyKM2QoX!+HC2&8g9l%mlG5ZTm((s9 zw6vQ31*zHa465cf^T;I3`#b<)z~b|t#=HB3@dBxd;e zm7U;DZ^NVBN9xlNPkor^j(URB6!jr~`t(k4M*^k|b1u3CR~$#su+S;LREkqmwAo&{ zB6WCzJ4ZrIO?g~aQF~`D-&OImG=fM?xrTq0{)?BqPp5~+ox*dB z;n{#Ye!PxOa7W^DYRX9d6{PKX&#?|GU2Hj&$dZ~O!OjoQu?g-RXLuIzFPcTO-oe{>!d+!($g(VYQ?=Z+Y6PDpU)M8l&UAIh)D>bd;$(kY!!GCcYW zM5RsYMC*=iqsEGIGEZuXYLIM8Ii8p{Q>{~K$~t4phTc~%p#g~Z>r}(D0kU5Y#MdsqN2NT^n)9`fg?}ul2f;%G& zk2aaBWxVw9eRn3hqZ&avlYnYrrA8#Uqt+lbMYUD=)ooekf<$*l86J(>{qT%TaOdoQ z!JW|w?wpZ*V6&~&ANKMh4fghf865KiOUvTIA1b5C$a3|03Xor!?*j@epOvUA; zQ(ewCJeqn`4v2bUAysVLkxsU($~7U0)*a6irE+P_(z$gjV|YYqsENc-q*dSME5*ou z2-2BS>c4`PM}4ZVEagi76|@x1_4>+EXhH&IDK7@^zODBYC@RywvbK&-plI3FSC*$F zfl{47S)D-nfuj_7N<*n%I7(hXdBIT%1Iqi3GB%)ex0b!4fO3qZ3=Sx#Im*z0qQwKL z5dlR@2T~&gifXUa*#Sidfk>SbP=4$v=LM8)jxs!;>~s`cT4et-M=1_?`l(ApO$aDq zM>!FS)z&yl&wyvOqx1+UH#thbfU?O^`UaFgIm+n)MGH?-M+cPAuFxMDP^ul}gn+Wv zQ3gS=4m{u}rv;QZ9VI)Ugj@sEJD{B9D47AJ%25stDD1g3>hOT_w4)pwP!2fCDFJ0* znzeOYKw){&s9pi(Mn^d$pfE#kRBAvm-(DJ;Usikj%?&)=ya8H;7%7(1<|xBP zs5oEPPh zRMD9-1d2vWmWLO8%FoKRl}%VRVniRAvqT2w-s;p8mw8_H58rv#w)2(nFzAo+c!O53 zY*RI0g-DZmQd2ZuPys*bxp#kTrBhzK5iZ3H4}B$;L`JF2L!LK!)+6RF%5hqt%GokJ zhTIHA;j)xLb2y&TsVN{bfdASF`Iz1)!(((?ojXwqAEujiwJ1fe>Q|$bBcWt@=NolkI$RQ%P?N1ySGXmDP37Pt|n4k z)es5S*VoqP4fdkcF^%>0HOnIItk7gec15mhlkwG2v#E^@b=+p>tPJ=4DXVE{T|Bs*8aEAoa0De3$*HZYLS_WYKZUH@iRu+l2Q#C#8s z)Wq&)J%|yWk)YPa*frQF)gFMO#I;=hfjB1gmc&2l7-dQL;xFnNMx8!R>tvGrBd9J} zqTlC4S>nzVh=yrQZQaV4jE@O@m#cU#hin|XL z1d5R+08dKuD=G`kma59~viy?L$;IO*h4b=;#Mn)K6Q!Ie!igBh&X+)lVPa>7gB zxTi;x@*syCo507gR;e~u)+f1DUYsVDv7wA*kG%~2V9adTuU%F-kHah~m(*HDC0}gb zJ7;4!7c4v&XC%10*m5P!hR(@n?sn^Jk5DAF*g02Xk0h6GmXU``<&;MeUg>wZIJT^9{o-Y_a*zIT2cM@+jG!(mT)Z^#oVK69)amZNJ1_c3*O zZSB;hltvhfjKz7KTV$WStdy>J;j;O*E2W#x8#cl4`vz7T@Tqlmj^8JnCdP)WlS_US iOq1!l`n*njlj~~gt8|-fC)R+P2X|#`_L+?HLjMn@+R&W< literal 0 HcmV?d00001 diff --git a/libs/Detours-4.0.1/lib.X86/syelog.lib b/libs/Detours-4.0.1/lib.X86/syelog.lib new file mode 100644 index 0000000000000000000000000000000000000000..c94661cd06601afdc08060398eca980801f53545 GIT binary patch literal 44410 zcmeIbdwf*Y)jqy+B}@WIB;HXXLtJS{NYOB?HYq3}@U~5~{_O12O+N!M>v}&<}qI{oc?Q_mt5|FC@{63%G zfyuMZ+H2p|-h1t}_qm-mzp1-<&AGO-3lophii+8@D`u3=oRP>cF-~X9s4%D%Hl35#LX;sME-P#dZRav>r?zPw8{{nAS&H3l6^ZXk^ZJn#hU+PF;RkwA9L&C4G zwB#J?H78Njv3_xkjkII(o~}@b1R-fhjIG6)h#|c=v4~4`Na+GZ`LDH8I@{7t3ensUxK@(X@@ajhbdK4VR@gdMUR1nvcE$3rG<`8nmF;Y^a~WcXORuz~q@n`d zue_{c&Mc8#VRNPAs9n3)H$Ql@QiISqkK&f@P;+E$NS`TnEr@+=j`+it2f5J7p4CNu zlkI9&Y7<&)w-NId1XQZLs^adJrbv@1rPOms>)MXkIjKrjQdt}ct&bG7TOk)tQmVO2 zsmHI^vX1}?m3M`aZ>{DkRRZFpZz?tITbh#wkbKv6wnbL9nPMX6G-NDhYKbad&+-+m zH+khCHbCwkLpBrVm8!C`cx5jb>0s@z_jSY4F?{+^_KQD4Z3{sK&kM+<&$ z50iub!csty;h%K;d}yzPgY{@$b8)zWrPs#_z~W>%SRFL|*)@(@d!sAha#qcq*wfS6 zQry23}! z?+$f!hL_ibA~+3CFE1`BE?pjOYVT?bg^dxhe1riqSIy5)DO75d8mCTCPxL4Y-L1{t zo#D<^k-{mysfC`dNNaoRrL7&S3#&WZyIR{q-Rc-slphSPZ4Nd?BHgVkdm^E*DgbXy zsI4p19nZ}Kw<*%5h~Ws^@_qb@@H3CCAad}7(U;>!bS(BQv;MDxE>U$-e=VUD<51=X z{_;$2injc;&}zIoCXcC(a9nweIzeUUGrw~Xw<~<9vnA9KXt7%DO)fWSkd(EYFL;Q-Lo5PY1pXoDcj9 zkb~*3!1IBx0G9**4!i>RI*>*A2ax*wCos8<&H|t95#L5U=kHzo2Jky8sg2AyQxJAz zavMqeF!l%s+J~*cybAH_@Q2ohy4ecH7;R&;nmfFDmC6Or)OS<&>af-%^;n6Yd9W8K;PYS);laL2yK3s;YS7b@^uRcjISIdS zBA=mhNes{*0!_STN3NJxgx1h9CRL&wCp-q zndgg*bINn5Q7>x@9)V@0Uf2&65;n%UasjVl3tg`c2ydJWum;(pp2{3lPU%!BnQ!EY>nml@0orJ}6bY#?pg9N-in z^eZ-O9*~aEd|(&w9N-qHd`NeS~I+n@`vbOxT>MIxJm!!8H$-qXfTE_@Rz+)T53p zn-h2}Z~?FsxDZ$dbOE7Xr>&1-Yh0tJv zUP7i`7=45T^T22AEb)%Z{V7Uak}B!vpjTml9xB9HGkR2}^eU~tJGF?&vCJi)peuE= z!9O4RU_rkGJQcVcI2CvSupD?HkosEz#Q0N9KlHQxgGciAnZZ(RUp!gz5(n4{u_7+@DpG+Fb!3Qfr{n; zdw?ec*8{it_RiwHvpFaF9j|Kei^tLcp0!8xDmJxcsVc%jN<<_z$<{?0bU8b z2Z%aFe-7LP{0*=V_yX{&z`p{&27D6;yApjLh_Mv?5C~r?ng(584Lk;j^=I@nAaoNg z0bT<<4|pxG0eBto0^rwyD}mPo*~~WpuLN!ZegpUo;2l8N$>;+>_?FRUfY5dH72r34 z@C6l?TG0c*n}JzrN_`u6JP>UWoe#VPxD5DR;2Pkqz;@tmz^j4Z1AYs5JMb>x9l+lM zzYp98L|aDl)0MgtSP1+9a3b)Bz#`y1z{$WL1FL}d0qcMmQ&BhYejvxt1Hj~Qxek2% zKkT?fTveQ8!_7EhMEsw`acLPWra8j#Uk}Wf!HOT4>>Zau<2X1l>CU3_#t+Q*a2h`@ zS?1(%`4IHMay|?^75E5{+b|A;)PkTb^f zarsvu$K@+Pj?2FRsrkPHIWAFF8JDjCIWAuZa$Noc$Z?4}$hh1CT7})9ao`q! zi!Q2~R~k(EVke;84N-H~r!dCik}BT7Ux3!cw9A8$x1*y(K(DGOuWHqcuU#gqs;#Nx zVv)MnWa&i}3;49j@^*$>BdyqrW^%htuD`vhtxZ_tQI>0vY53CmP*V%^o}K@5Q_2-u zrSm*!a=e{A*tw!g3J{Ma>u_NUjcM;QWIC3#wnWyTQrY>+l<{Ieyfxg~sU=@AQ*%L| zdinUU$vQvO-6_fa0UV+$+ES8b4x5fwVMOhBqYC9*3QYL z{W;9{YhxvU3crN>Max!-MTq|0#1!{KXktQ&$*Eq7&}Q~bU8{Ex!RV6auA}TKzK8JH zSt2HXXzxlu!QQL04E~9**|dcx0jq$Rhoe5=cwiIoRNxxm1mI?1A&?#VG~j)}NkI4) zst8CQ;B+A7cQqM^`B|L-d=-dm15wP6YAO)(n!-FE#eAfu0kc^i;IY8zK;)&0frz6@ zfTh40z%pP3a6WJ*Fbtdp{2_2Q@F5`lhUgQ(xxn88=K)^?B2M&m;JHA~@s&W%@phmM zjZ_632doAj3v>Xd0c(K^fptJP&~|a09RjcqyUD`fR_Uw07ikF*RKHX0A30FC$JZogJInVoDO7o zIq+-1Il#?84*P!K1;7E|D&Qcn6Zk*C4Z!PwQQ+5s{lM#icL8qz{usCg_%q-)fG+`W z1g5}1+ytBm{3fsn_$}ac;LSiU@Y_Hi@D^YX@Vh|zAGZR(2D}Y;C-8f~-vaLdzHNlR z5By)8(-7SS`0;DN=5V#A7z8(Ds@L}K^z(;`@7{l9u zdBDejCjx%~TnO9_TnT&}xDkjk5xo-lBybS;E8sVPJAk`@JAr=%?gD-Y{59|p@HfD* zqv6W~j|cu1I1Tta-~u4VSTqFO4O|U;2G|9B7I-D_IpDW}e+1qF{6FBGz&`;W1wIe_ zBM@UWI?4tg9+(e&8F(D0Q?W|O5g{; zZvgiLe+oPR+ztE?_$=@v;ETY6z_)-O1G94An*(h?%x}?gz!c!=z*Jx*Fay{P%miKr z91Z*`5Vk7%17HsDhrqGGhk?1k$ANjk*MRxJ{{Ugrq9=~QelxHZ2-_CD5O^GL1@L%a z2zUap8+an{%fOR>-vOQsycc*1@MYks!1sX@fFA%0fhS>tI}JDiI0-lfSOlC4oD5tI zJOg++a0>7W;8fsMz%zmO0M7#M1{MSV2s|6eiE{?<0I(eB%7y(0E&z7CuZ{1@;X;65PMXVF8zN?;b;Jv*=hSOu&HRs)-X4qyma2kZdW18)X8fj~U<&5*Mqm+eF|Y!NIV0K(Tn79y@Ohm<|_U6>uuB6<7?s2sjIfIVoxfwgKrXv;*6K9l#!7 zC-57 z9pS((i+Me8xOa}uJ={BI4oS}b$kzy0#AU}amf#07qyh&2Qq-TN!n$3q5pD!d#Q9f% zQ-M)n8So0=eBhP9bAi1;)^!swS%1sHX8~bW<>0j+{1=_R3;Yg#vy=9y7>6=T@w+aj zKYhCkugW)dhXSqbxC+nf-j)EQV@DzMNFSg1ejk0OYgL5HExish7&EYT(wDU1B&r?= z@cbQkr}}(`(if`VLugklX}M-rf^(QQ?(52N9qP_9e;rr=ydFs1Z2^`8;SY(=c_VNh z&bI>Hz?*>7|2Kh)fj0wL@9zMUbvXfi9`U+_dt&LbAN0H=T`~@3PQmZ%ma0;;F6}KX z?$)-p)^Mn~v!g|;6LKRQR40|gtnbq5l-ml}Az96igmmJr?^93a!Lsn28Vd@g1@dv8QwNG4iU7d+5 zxHBPsfsR5+jyNi!Wu3dTC4`QXxXL;MK~Kb_c^gHNG%w^jwS>A48s>S}IDg1Ezs@*+ z)Hwffk~|k5JSZR61`lhl{H0#l2JEAE8~h(Z=hW4YftW7Ty}%QJ_XCT84*+KZ9|E$k zJ_=;je+Fd#|2c3Ya2xPzz{i2#0zL`EeyrLFWaW1Oe+_&J_$u(%z&C-rfgc00KOfCS z`JMx^-TnYf9s{sJYCPK0Y*O}x;}MsA<6ZnNLA5gR9UM$GW}NjM9MnB+yKKeC^8a7fVwU?WOzkzW*h89E zF2UU(5o}QKevo&-{R3q$-aC!lzZZjuagWJQ0`&JQ;W*5c}Ct_=xHhUKk=9$$?*&fuj+ zF}ITIclZ`NYA}dL<$oKp@O+l>j>TZL%kQj#iO}p6lU?g{IUGv^nCNsssu|#Rx*dUK zUWXNuW`-~d?`V{~nMb-A;`MpzkjcqLS{WAKUcJy>rz4di@Onf_RW(k(*JWQ;?P;iW z)&>35_6C=;!4X8Q96o15UC`MOaQIyIYSd;LB5g*irlTzjb$4Nh8oEm?%HyE(jp%u0Gs3VFm zw!54)!CIHS&aciy4Bk7DPy^gnI#LB@8nOu$NS5^nP+w}Pf{hK%K+s-Y?eP19c9%=pji_1i_4)Luo`#^`QyU0Y+r7BaXjK0Du&pVo%GpqZ z(ghm*!CH`LO7u!kBl1@dz-|>LBVNpuKt>5dnejr7h8j~&gxK>~tx@qp2^m&<++MUoL%^@57{Xcc z!p;UL!-cM07biK@kQ^N^8JBmQsHs?6ylA7J>DjC69W~V+?=twOx|rGVLVhF&F`r{m zqr)G7+0ZgM@iNseyB~(Zz8H5t%jhvRJSJYsGzKv-_Gjv4Y`mBh$TSZz*~x}%ZoI7M z(7&t!#dly3I6Vzk0rTSJP=`b*Qy=;9Qj%Ju*XjVL8Cf0^FQmiG<~K#g#fu=fxKzxn z3gSgz;W)`i9W8;M!s26oFhJ|`ME@wtuNkgZvj-g?FRpXa-N@ys z*2*%oJt1DQ29tthYpVRj_)uyGWn!-NFdi<454XSR!k-i`M|+C?O#AHdJJ~e$KmdKs z>fa~FOQXGEr+p5u#}_aw1eZvsJ3d}grXZMk84(QuCv3MeyW1)8g3iW zeIzm1S({XJtf0@qIo1-Ka#%s=(CrNysV+bdY_}#noiD25GeBo>m7*ivsz<%e7GN4MVE%xAd0qHqu6Nu z;&@@$Cco3q(J)NjoEgrJmrqPwCRfiAw4vFxO5%mZTpG>`99lhMN)sf8jYQMBDsu*z z5ic*@9qt_bDrbZF7>m_5W$~ik#wwT7Uk}@BnSQgQmB-5&UK$;~n4~$C%#4@x`(2Go zgBY|`Fj5OqY16n=BuLRe^##p=8B5cYo|Pco;H<56)WCa9nx@S0JUd<*SKr~+&xomcYW11!h?QlB7%p{hKravr0Y~Lvblt+ z#pD#gJykk~3<(SP8vOz00Cz?E9gsBKT?}CuQn)xYge+91L~$(TROqV3G*?Hj(xsL3KP`b@AvxR+`84J2To>x*bAj%r^{wqa z?Xsl)7fhMCx{?L5p5^>9xiHXNRY{

BY|au`@m@pAzP}N+d8(`0P-eOB#j2=Bi49 zU2u6Cv1+$M&Bc_2QmLX-`k{<#uA(H=3v0cE+Y@HS=JH9$wFkY`Y;`H?aNWhTn>p89A0y#mo7&E zb0riL;L1=mEBh&wF_%HQC{QUkS{Puic_hGz%@KOW3@{ft62LuzARSo_1--o?t04-S z>l~eZz^CQJN5{Sm9b-zF3muVKTI0huiW941t8bXA90@m9xL!N9J~$|tg1N{M2_ME> zji*|A2Pb<9mcaAF6+X?J0TZ)^r}LZ+0t&=Dzdu!B}#F=fovO`MF?V`$=-j=8Q8 z8MLay=k+=Lj-au>L=kgwBO+#Lx%u=F0#lUN?t?tm8=eLjFPHOthqMX(VUU(Ut=_r#EpSeg`S&xZDm!YCJgBfXT zTnOfN>F?y{#wS(}&%onbRx9p_cs#d51b5Gcy76SNy{oIOwYe$68&TN}N_jC!Ia}I7 z{xv<3md6EZFDUhN}0Z!sUhs&{8@1L;$Q6SY4;7AC{ z#t0KI!_yMO{albRoK}(X)2;9&vI)s8_<#?t6xNu2S$a__BPIoZrW#uT-bSz6-hc^9 ztOy+s%4J$|RoJ6h?DY8jR!*a=FgT0cs|&gp(i4*1C@ZHdONv9y{xNJ5s*k%Qr^?@rIz_!IwqeEF4W?Pc7-_899vm1*!;?4k5%(3LG6ghdA zbCGlu%8jw)u$hZ>dYqOxe^6wsC1O@TR==|inOsYzJ`nI)b5PKnXy|dvhNqcmo)tlS zQqIN!k1-c>Baj*ATQZFe)j_` zQ-GA#W%Zzp?Yp`V9yR)|@&fWyU0 zHfEEFd&e|RvLtKa@W=Z5$rfKW6mUJr+bGeo-=v+u`w$xo0-sC9w)A&&7a9QVt}`4y zxe<=*N!Z47=v4-T;FlXgvd%FqA4A}o$0EVeMWj>In0(%|pbuZDsV!LD9m3=5wRnHV z5*X|;`Mh)-7tD*=5{l_(O#X|BfwgTt;Wdn^A3+F9`bjeKNPT@%2Mix9`*((8>_%tL z$-gr$omCNEDAK(F11KlIFg}X)h7!iO4aL((IB2}o1haE;CRT&dG5e`R2`uDd!qL#^ zmKl^xT=EsBap9N~E7`cpc+$ z!|O{7b}X@?!lzFNgH3Ze-Lk}FRCx9Y!8Ja6Z9pa+hQhT^2!*XNcM;jUC;|sRK?GMN zX%%!Jocx49pJTBTWuv3cxN!Cpf|0nV7PHBy{NtfG?DXLJJg(iiq_N1t22XX+jmyn; zED2n4<=dXvbhhYd@E}33&ZNphDJu*ddSZwzNvF)QTAE8IG^bAQ+4B^ZKao!|BW~wmZ#ACac z)93*-18&p7GD12jvUP~#Nq$O<&zvbFHDDO-Q!wKo7YU-X#-OxV5bXx%QSrbTmL3ap zy1m$1a|YmC!<~=?2eQ`?}|zI9RY6S=y{i+=uiov=89JP%^VJtLjQ_M zVcP{8eJ*jD8Hj!s3v@P^j-gdV^tV{JCi&_u%)lH_OJJ^1L@Y?my-l}$0ncVgi?xcW z$7IsOcL>=#Iy*MBclLzEPyW8#VgY}TJ-G_Eoxt6I6U~*pVM=(>jZ!dhBS{&B6~izF zHNhR^9`1Ei*|C@4#+$^P0bF{*)g`@?lS@rRMH?=EbzrG>lIa8E<#pHx<+TpE4st96 z(J&r&ovRAVQ(jY~j|K=eyLvs&8^WT$F2 zF4X#*RoD=fF2#T}9T4D6K5RSk(lxJI_Oamp%hh)-co>*rWPl5_&>GgU4j*Ph2b^ww z_YnqGAn4?M#rix=&dbGYFn(ryd}$PNM`e51Y2eIpn{G7>_(PODi9Bndu?nhLIKp z%Fhyy$QN+o^?29?#85*|*9}Q&&K(?nu)T{VI_;rpM1?^gi5GBX=VUCR(9Xf~N&3ed z>5rH;{S3wu$uW?`x!g#GZNYq;J`3A`%bI8}+3jF)D532iWU|5N0izLq4H_;>OhIrY zOMpouOLiV2O{>jqhrkB7ek|`LNW#N)pPidzS^2zQ)xXT)^3(-kN&Vb4KL%`S0?{pH zkjEN;XH_BxJQ_3<2(L6`;w)cx7=Cjwf=M7tJjxpGrU!8!0=i&UK62yi#@-ji)e#rg z%qSDwQE%fCcK9hc-)&md5-zTOu`4X#vi;y%t0fvBAbAKfE(jjkw#aP6|OW z?!ZEdzB4yGuq9#^w$YMflia5(Y%HkICA0GR@-Q!zj(Y+c8oj|fpQq7_VG2z^IEbzF z8duO+jhoD!9pMNbfex0Gl$2uBW##jpVz20(W#H9as|>v3Ow>+ypX+X}3gPXG%ASLy z%j70#xAIrXU`Oh{$Ltgbu2fVZvY^(zTO5MExKuB}oei@#8tit8xmWfp!-s~zJ2EE^g1j?WYe*-TOXUWzF zd!j5tun0G{^4LgHT-p&o_Vt4Ssfrz^vfVogap^?(LS1c5Sj<*;cGtIbH}tgQt%J=q zp;fINc&>)^mCW_XqwbiVj5O(Lyrtb+&4#BaUvT5~V+UW`jqQhPcc~{6LjN}07bzTv zr_4sQpL9S*G&&5tpKUgh202*SCK#-;vg7$gB^o;@-P=1 zIlM0zEvIijmW)`EMy)`a1zH^ln1+Yy=Yrb1*kfeJLWa7#J33(o8F~rMmq^JtTA!zq z;)e5y;IU0GT9fA_8glMHvnR>+zejv8v1)7;m<2t)IrH#(t!aRGr5T2Yu8tlHn6vzF z0pT2G<#Xr26vXC9Rcl9!-eS?VimF8ql;MM>ps}Jmi6X@ONvRf9Ed5_{p^~5ynHbps zR6?SK*D7Fjxn+*@;&#ie`N^TWuQ|f))>4>CWLJyZ1a%+hzQ>4mYowl4 zCKDmuER+cwo(-_xQXcjOj{DfK=M*4A4QoQ&j9lY)i!DRXp_;gUpqi`&f{ZA72;iDd z0^5|6E*7l`vo6)H+f?e#iHmP4WjFPj6D7NuOZT%g5zZ&Zg4MXs0h_c)9*dHqOkeIw$D1HgA&>EfzbL5QX^3qPzFwogV`j)@R?q?ZAQ4inC z#OJBuk^@s3FaOf>cTXC(_tt5dd*7Jw;_aA+h5ziApL^=i``7H-Ffifx`>*~Io|3%aWqb6S>6Sv$x$$QhhGk>u7dmmhacSs2T@moK7^4yJ%civp^ z`ka@4{}CR(dqViX@Xnf7eSz)c)R`}zoAKmr>u^;A56I-Dyzu*Lzx;xC!AIFG@6Roo z_QF5#th4aHdeV=lS3mRO?h|i0KkwNKeusYZknp|lK2!G6=x@Dvhr0K}uQy+K4jKh* zmX~s1$)k6DaG?A3hj(8+rSX9+cz|?)@M{~IPkMFfzOzPmjeq6xnfres@9k1w$2%DK zQf};mukLPYFXRq)xNyq)*%eclFM*BkTo*1}h_|FJFD+T#+R@zB(-H#77j(}lDK9N9 zS>DsWd|hh?U*KB2=5r+!UV}$~TbAQZlGsFF-Jw(aZ0`y;UZUUJ)%8V`Xf$;uco9-}B*?b~;w|Z)H_7(poo%6} zo=E5CPY5dG#hJ(&TzYB=H+8js{v@Hej>zXtMzj{e^7xBL=!?;Md_%T}+B>^9eBQFP zFW2dO0cuYwTyxikVEFSEk7?qC{H>q6o5dFnL*NTeQ4$Q|VfgJEG(LV9FZtsx}*$FndX$oIOUo%+u$T*7np&vqBJOSptP{KyU8Eo_k?g6 zx;ql9M`>amSU;&jsnicOQ1aX_-&ByPT=^Hl#d`%b-!UcAeT=x+R5y5d>xY^zx$QQnY(BX!Je#V4Kg7^%zA@h5@x8fp zK}Mtv7O%zPt+9B20Ck>}pb#Dsscgk}W|6X~=Plk#7HIP6%65|zv%2ux#lub3_p=pL@ zt7Qg-JS<++;+=(e8dXaw>kTSfU1m@=^|r-(&*Bw~)iJWw2?k|TPh#;?BdK(u50c7O z5reX+8$q=T?^_0CQ;&mMBs}gElCr7YpnSsngF)HkH3X}L_gC;p+0JBan02tJg)jk+0-OZ&B8mwploU;sFlLwYJikY)q!df-a>=2sb!#62=4-e zvZ;$f1%=mXP&Ty@)P=&k!k}#G8c-Jqk9!WJZ0c4}%Y}D`LD>|yF~20dhYZT5eg*1$ z;XP$gHuWb^%Y^r$LD|$EP)mgOmOh6N%QYyBBTxb16&jRH zO$X%{Ua3LZ)VZMeUIyGlZcsM$dr-Q~pED?%`geiJ`@o=V>a=4`-suKqQyz=ww|E;Z z-W3+__ZIIti+4KSL96qfYEZbf*Wv{%-nFO7cMxDfUNWd`^@>5+)S3x8G+VV96nY}4 zTGVos8ega>*cXGcsoO2yofdEWX?PcbVvIEgh4c){re3mmuUNc-iP#^J7%L1aTeTRJ zP5sp3J!0`*wRr!uco~y)D%onZLD|%?7Vkuhce=%!YVl@Tyg3%nVey<6Z-vEcv3P|= z*eaFMw;5En>M|&sa-Xh4aW}0&+0+FVugT)ITf9pw-bRaeg~c1Rc-L9HZ(F=uE#5sA z?>>vS%i=w4@e0q-yBVWYn?a%U24z$GE#5(k_p56C9;j^fltJ0lYoIQH4zkr724zzz z=#bsQ%P=ULIvrG4cvB4ub0esT@ahf9rdEOK5#B`xWmDIIS}VLQ24zzZgTi(I^8L9% z+0?6`)(h{S24z!u4td8vr}JVe1o#7pM%;cyzK^MQ_q2l3hz$_1^WW( z3gNwFP&Sp0VREJLvJ48g1XQo^3JuDpDnM-#-duyiMQTue!t)svrX?Kn8}Pi>x%wL| zC8aaU%4b&0nmxx}g&R;Hr}@)?BZZM~#zzt(%8-Ag__1`GRyJcr4{=oj<;M82vXsCW zGOcO&6;jSB@5nSn({-%bmyZ;cdob`&=ABb3E(MF#fv?#)?)jMO36 zZuAYjpflpw={U%fosRv700WLJ?|^&%qJhSPzBkD4eKM!taZq9nIQAp#;G#JGK;!-$ zscPtSzJf_!pji__~9?5~%FL>f<<3RZq z4Lb6W8#5Vb%<<(uh|*ld_u#V}c}7XiIFKK3o;nm4jX8)u*GRmwU!l}H9a}Gi{;I;v#e5xi_}FaKCh4ijavuYCtQ`DvbpBin@5uEcjWXp z<_-M->9ZtAzj15tFH`#QcjMLz!@0;V_c2$-&AkUodQyk}o){hsACD#-aBsaTFy`jX zd7yi@qi9(}FATV|@Df%DJXrQyU6i=ikouv_xsPS_Jr$We(3mx^F(-Vg$md;!%lB4N z1Ma-u$5Z;Fz6Km3C)kLa2&l2AAk5pG|v*=^9pPfdT#Dx`Mn<&<_`Xpr;faOIi1@p4ImO}~z6 z8>aY4R*vym95$F~#F&ZQ$YMx4!w%jrlt{iui(kffYEi31TPT^UcGWAo!0LeIh=k{AsxrwN>6Lp1d8O)eySW zv7e6RYyQPcyn~K+TE0ht{?HrfOZ|QP_zS#6bfm!=+oAqGejnx$G_bn(8QQKL>3MMJ z#j{6$!7SJJZ0@Fqu{k#&G3SYVZZF@$tiyXhJUzEBh|}*fm(6|SkzUzTtNI5|0kL^- z0{-so<(_l-#EV7Dra6N( zdApP2?K0yP_pG&2+u27=vqWa-NCjX^T2T&P0E#6PATgd*fHghG?(Ac`O1`G+GZZq5 z(8h4Kc4D~040ra-m2Uj_-*l-+BcJ{HWSjnXI(-Y9$A{;r% z)Ltk8+pD`pb8g>%WNtEqa{KsF-eE1m4*^*U>D?xMG=e6zx~PMfU{vom3aXyTGI|HL zZ~*%B=+X;2uAF7C?b!kGE3`P4#^F{SV~{Zx4Qwf7#5W)!Yi)@k0vF{C^f8N@eBQ)l z3v{xdn#$0k-fdFo$mu#I@4ylA9GY|#LWW5hS|fqKUL`S zG@x0R&(nZI-58_hay$oq4t6(U(^k$^^#?a!eJnqhwX^R@{M7@ERBCKPX$#MHY!Wdw z*hlFjDrV1Du^=;zKue_7v=Xfmu8L&^*cstkO(u`^7%hewSsF7VD`RG)C%5moQS3f6 zKPplPOWym-tbW*YN6tX~{sHg7{y~17tA9%#{tlf2wyq~E&A_6AW!w9=NN^v6%>u0N z=|%zc-i$f=2PpspL22J$A3p+ST9$&rL7q-~yuXiMQ0v_$Gj3$67S5KOBPUBjgMAYi zad40`x-~ZU@S{prJ(0O-sm;tK3D`4cj>yc-j9f6dMKb?oa^@nOE%h=p7sp}I;1*_X z8M!@rS)%pblG~TXQEYaL-fgV5y1eeP(Y@Q4y9&?O#rWX)0Z~csGwOps_e*B|!qD~H zGJ$yvisxeLDQBpocN^zx6*=2Tc%7N-T0=i07ICPeciS$BH~nz&M%1fTpKaji)fe-n z_N25baiS4I%Ol6I!)>jaf#-~Sob)!*58i0$**D? z8$)a*ieWalu3PHBXQ^AP7&1nVrrW3e|6Prq#?HQUbRJSexdTGe^awF9$e`TEZWzNc z+xKiFb?D{ZZS;Rt?xuSXqj#Icjm$KL+L4@!0WnW$lCZWGhABCczl0(UidDm|vJeAX zcsg$jmmeFa#IIn&CuyH!M@pe~q&T(6{515lJr|>`d$-XO|3XUsnTl01tXPI2Ka$q= z+!v?jV}|SSGnHhxg3N}TbQBGFG^NHj6s#fMmD~527#_@x>E_&siE%$#V_*yaavr=L z*xz?2d4r@U4U+CXa41q76S`T1zRQ4Zq(8~+`>E)MtV6kdcjCmHM!R}&^~IP*O}7G` zLJR>s_uKA!K`B$60t?7DO}_xv%ToU5#IY73Y*AiCj|qQO39 zVoqVO>^x1L>Wg}}u{z3}Xh)v?T9V9to~c%^PbV8Ur%NtLb9!8F%fat5A78U9Kr3^BR@?N?H4P6EVRo*dqv%9TQP5NAF_jS zkikDsR%0*@vI5zmO0<>Wbst%x4E=0y3#$wNhKn#vsUs|0hJ4l}HPH75q(0A)6+Tys z&Xa{y*cjb97}pLk?=vCG203g?IxeE=& zd9fw4zrXPyU3h)=PJiP*q(9HG@ACZ1Z~=AyJoh`{QN6nk4NZVc-*|9dY_CMrBtPe#$8W0Q#%v-r_rI{Ag`v& z1%IEGgl3G~u7b##-B`@TrGrqEX?DydNcx_oL*XU9*N69Nag7K_oYC zW#VZ_eG6D7p10IDTV<-#ENTX*O8g4s2J13VnesrN=JEElITCsq{%*oAQ*O=b6>0!~ zc@tWux)y(V1t(MS<8HhGut2?PQ6GXT$1hWHxwAk*vqACZvP}6L-v*(M2QMnr1dEys ziZ{+>%8lzfvDsByyE1WKp(bx^op7jf^f z?=saiP?f^t&C|H&7CbK~ogN?CJzjX1SaMH-(tT~O#k&gy zIYH!hfYNdQ4eCVUWui!xpbFF(pxC?dq9jmSt_#%3!t1rcyC+0aVYR9!kY}L z5>$a&2*gcz?2Zd8q7Z!aEC;mTLwzQFv=XRe~x|H-efZ zy!$P=H$fE%?_*1@7K%Duc*{Ulf+|p70X128*IB#=L1Au(4xX}j&w!dDythEV5b9=7exbe#YKc&{gIX%oi=b*i6{xKfOiObYs4FG(eo(a%`bSVD zItHjNpwQ1ueJ6;xDsw}84ts2_luE7XrbT_My17WGR|QQ`f@ zqMij67T)s~?+s8oj~omv9b+6QoyQ5F^bBz-s7od86i~XCxIpQ7%MI%T6Js7(+tR5I z>&W8g?&HrHQiIOjU@#=L=PYzZVF_F&7kyeRZW!%%2Zc;mMR^kG=Jup4n}0 z`Wz1~ym5BM@lD(Z=M&JM?J4Tcl@}G`t!~TLHWzobtdz<0Yg^8pJN~igC0DJ!=(?O= zKk9n+vZ}P`(lb6P|Nh@j{#nOQ9?w7FCs$Op?!9ip9V>F~D14}`Z~gW2e>7A}`yt1u zU;o>FZ_AUD|Ll7Gr0LVIE}J^b_3eQS2p8I(8aASPxNG@P;F_dauwb=TU=6d zT}n#S;H>RzD{gO5XbUKxGQ}-;d^xf<#8g=0w3KT}CLF~rp_M(Wi)bk%W?G7?S*ceN zWx89MB2Ai=21rYJj>+LTIsMePG*#rUn^QJ(_AH)>j1o>oX&Kuffm1;zA%R0bAdxeh zjTL;>;=CpUjzYFp)E>WDbXBT$|1+E#=p16F4&plR4%5vTcIQtl7z&+59qZ zg3KImB4>6%2jlCbP{yiu(M%r4y;2p%X}U6H+~9l{zZho)&UPno zI5n~bV=`CcjQSx*m*juJ;aveS&M&~>ZGJJ%pTW5|f%6_Xd86WG#vs*evo%MTneRv0 z4u>R`y91oO3GuNy!Rboi@Y&vL6F9#B=ib8jbp8xZ3G^LH`Cs7ZgZc>u@lv_=9u8$3 zrp9c#SaF8q9t<5%dzZBkeP`B zC34C!FZmN>%F*q{V$!#2QCfk#5;^5aXIz5JOjIn9Q;t#>B*;)5FT-(;OBuN*a;T1f zCCUurlp(KoESX}=m64UY+3E7=5eGu~Yj1j!2>n6^(<$0lyG58!*K-~$TF+2)X~crE z#AP}q?~EJB)dxoj50SCbfx<*K&Eil-awnmdSp7#Cqq}t&XTvbgwZk~K4ddWj_ST`v zKMv#IyX4lPNqh<1Iy7hcFiw2}r+8&JY(~ifk(M&W8f_+@*lffS8CXBdxsXkWv=rJv z9>*GX)C=N^K5H5@xWSDE>QB1Re*JJU>!7nXk1<8aXAJKxrV0Wmi6EB|W zZt7SaYF-m+zIatrYgV@yzR4Dr1HAJs)?$l?mjT8kbj5+ep4m`e;XlL{Rs&SHPls*o4&-ifS|QXvz*yl{b(I3Y-vZ-G%s{i364IL&x> z5yucch3fdVjMCrV^HB?#7xv8hEt)+FXL3M}PLFvaH zgKOk#5Z#mtht@=zROeFE}93A;QL&8zjXVBSrI@4LU`P{8)F8j-YJ+ E559{8CjbBd literal 0 HcmV?d00001 diff --git a/libs/VC-LTL helper for cmake.cmake b/libs/VC-LTL helper for cmake.cmake new file mode 100644 index 0000000..e5eac93 --- /dev/null +++ b/libs/VC-LTL helper for cmake.cmake @@ -0,0 +1,88 @@ +cmake_minimum_required(VERSION 3.5.2) + +# +# VC-LTL自动化加载配置,建议你将此文件单独复制到你的工程再使用,该文件能自动识别当前环境是否存在VC-LTL,并且自动应用。 +# +# 使用方法: +# 1. 在“CMakeLists.txt” 添加 “include("VC-LTL helper for cmake.cmake")”。 +# +# VC-LTL默认搜索顺序 +# 1. “VC-LTL helper for cmake.cmake”所在根目录,即 ${CMAKE_CURRENT_LIST_DIR} +# 2. 当前CMake根目录,即 ${CMAKE_CURRENT_SOURCE_DIR}/VC-LTL +# 3. 当前项目根目录,即 ${PROJECT_SOURCE_DIR}/VC-LTL +# 4. 当前CMake父目录,即 ${CMAKE_CURRENT_SOURCE_DIR}/../VC-LTL +# 5. 当前项目根目录,即 ${PROJECT_SOURCE_DIR}/../VC-LTL +# 6. 注册表HKEY_CURRENT_USER\Code\VC-LTL@Root +# +# 把VC-LTL放在其中一个位置即可,VC-LTL就能被自动引用。 +# +# 如果你对默认搜索顺序不满,你可以修改此文件。你也可以直接指定${VC_LTL_Root}宏更加任性的去加载VC-LTL。 +# + + + + +#####################################################################VC-LTL设置##################################################################### + +#控制TargetPlatform版本,目前可用版本为5.1.2600.0 6.0.6000.0(默认) 6.2.9200.0 10.0.10240.0 10.0.19041.0 +#set(WindowsTargetPlatformMinVersion "10.0.10240.0") + +#启用干净的导入表,消除 ucrt apiset(如:api-ms-win-crt-time-l1-1-0.dll),满足强迫症患者。 +#set(CleanImport "true") + +#################################################################################################################################################### + +if(NOT VC_LTL_Root) + if(EXISTS ${CMAKE_CURRENT_LIST_DIR}/_msvcrt.h) + set(VC_LTL_Root ${CMAKE_CURRENT_LIST_DIR}) + endif() +endif() + +if(NOT VC_LTL_Root) + if(EXISTS ${CMAKE_CURRENT_SOURCE_DIR}/VC-LTL/_msvcrt.h) + set(VC_LTL_Root ${CMAKE_CURRENT_SOURCE_DIR}/VC-LTL) + endif() +endif() + +if(NOT VC_LTL_Root) + if(EXISTS ${PROJECT_SOURCE_DIR}/VC-LTL/_msvcrt.h) + set(VC_LTL_Root ${PROJECT_SOURCE_DIR}/VC-LTL) + endif() +endif() + +if(NOT VC_LTL_Root) + if(EXISTS ${CMAKE_CURRENT_SOURCE_DIR}/../VC-LTL/_msvcrt.h) + set(VC_LTL_Root ${CMAKE_CURRENT_SOURCE_DIR}/../VC-LTL) + endif() +endif() + +if(NOT VC_LTL_Root) + if(EXISTS ${PROJECT_SOURCE_DIR}/../VC-LTL/_msvcrt.h) + set(VC_LTL_Root ${PROJECT_SOURCE_DIR}/../VC-LTL) + endif() +endif() + +if(NOT VC_LTL_Root) + EXECUTE_PROCESS(COMMAND reg query "HKEY_CURRENT_USER\\Code\\VC-LTL" -v "Root" + OUTPUT_VARIABLE FOUND_FILE + ERROR_VARIABLE ERROR_INFO + ) + + string(REGEX MATCH "[a-zA-Z]:\\\\.+\\\\" + FOUND_LTL + ${FOUND_FILE}) + if (NOT ${FOUND_LTL} STREQUAL "") + set(VC_LTL_Root ${FOUND_LTL}) + endif() + + if(NOT DEFINED VC_LTL_Root) + string(REGEX MATCH "\\\\\\\\.+\\\\" FOUND_LTL ${FOUND_FILE}) + if (NOT ${FOUND_LTL} STREQUAL "") + set(VC_LTL_Root ${FOUND_LTL}) + endif() + endif() +endif() + +if(VC_LTL_Root) + include("${VC_LTL_Root}\\config\\config.cmake") +endif() diff --git a/libs/YY-Thunks-1.0.7-Binary/LICENSE b/libs/YY-Thunks-1.0.7-Binary/LICENSE new file mode 100644 index 0000000..c9b6ac2 --- /dev/null +++ b/libs/YY-Thunks-1.0.7-Binary/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2018 Chuyu-Team + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/libs/YY-Thunks-1.0.7-Binary/ReadMe.md b/libs/YY-Thunks-1.0.7-Binary/ReadMe.md new file mode 100644 index 0000000..bf9b864 --- /dev/null +++ b/libs/YY-Thunks-1.0.7-Binary/ReadMe.md @@ -0,0 +1,80 @@ +# YY-Thunks - 让兼容 Windows 更轻松 +![license](https://img.shields.io/github/license/Chuyu-Team/YY-Thunks) +![downloads](https://img.shields.io/github/downloads/Chuyu-Team/YY-Thunks/total) +![contributors](https://img.shields.io/github/contributors-anon/Chuyu-Team/YY-Thunks) +![release](https://img.shields.io/github/v/release/Chuyu-Team/YY-Thunks?include_prereleases) +![nuget](https://img.shields.io/nuget/vpre/YY-Thunks) +[![Build&Test](https://github.com/Chuyu-Team/YY-Thunks/actions/workflows/Build&Test.yml/badge.svg)](https://github.com/Chuyu-Team/YY-Thunks/actions/workflows/Build&Test.yml) + +## 关于 YY-Thunks + +众所周知,从 Windows 的每次更新又会新增大量 API,这使得兼容不同版本的 Windows +需要花费很大精力。导致现在大量开源项目已经不再兼容一些早期的 Windows 版本,比如 +Windows XP RTM。 + +难道就没有一种快速高效的方案解决无法定位程序输入点的问题吗? + +YY-Thunks(鸭船),存在的目的就是抹平不同系统的差异,编译时单纯添加一个 obj +即可自动解决这些兼容性问题。让你兼容旧版本 Windows 更轻松! + +[ [鸭船交流群 633710173](https://shang.qq.com/wpa/qunwpa?idkey=21d51d8ad1d77b99ea9544b399e080ec347ca6a1bc04267fb59cebf22644a42a) ] + +### 原理 + +使用 `LoadLibrary` 以及 `GetProcAddress` 动态加载 API,不存在时做出补偿措施, +最大限度模拟原始 API 行为,让你的程序正常运行。 + +### 亮点 + +* 更快!更安全!`鸭船`内建2级缓存以及按需加载机制,同时自动加密所有函数指针, + 防止内存爆破攻击。最大程度减少不需要和不必要的 `LoadLibrary` 以及 + `GetProcAddress` 调用以及潜在安全风险。 +* 轻松兼容 Windows XP,让你安心专注于业务逻辑。 +* 完全开源且广泛接受用户意见,希望大家能踊跃的创建 PR,为`鸭船`添砖加瓦。 + +## 使用方法 + +大家可以在以下方案中任选一种,但是我们优先推荐 NuGet 方案。 + +### NuGet(推荐) + +1. 项目右键 “管理 NuGet 程序包”。 +2. NuGet搜索框中输入:`YY-Thunks`,搜索后点击安装。 +3. 项目右键 - 属性 - YY-Thunks 中,自行调整YY-Thunks等级,允许 Windows 2000, + Windows XP 以及 Windows Vista(默认)。 +4. 重新编译代码 + +### 手工配置 + +1. 下载 [YY-Thunks-Binary](https://github.com/Chuyu-Team/YY-Thunks/releases), + 然后解压到你的工程目录。 +2. 【链接器】-【输入】-【附加依赖项】,添加 + `objs\$(PlatformShortName)\YY_Thunks_for_WinXP.obj`。 +3. 重新编译代码。 + +> 温馨提示:如果需要兼容 Vista,请选择 + `objs\$(PlatformShortName)\YY_Thunks_for_Vista.obj`。 + +## 兼容性 + +### 支持的编译器 + +全平台ABI兼容。 + +* 所有Visual Studio版本均支持 + (比如:VC6.0、VS2008、VS2010、VS2015、VS2017、VS2019等等)。 +* 所有运行库模式均支持(比如:`/MD`、`/MT`、`/MDd`、`/MTd`)。 + +### SDK版本要求 +至少需要SDK 6.0(VS2008默认附带) + +> 温馨提示:VC6.0、VS2005用户请注意,由于这些编译器默认附带的SDK版本太低。请先将SDK升级到6.0或者更高版本,然后再使用YY-Thunks,否则将发生链接失败! +高版本的SDK不影响对老系统的兼容性,请坐和放宽,安心升级。 + +### Thunks 清单 + +请参阅 [ThunksList.md](ThunksList.md) + +## 更新日志 + +请参阅 [Changelog.md](https://github.com/Chuyu-Team/YY-Thunks/wiki) diff --git a/libs/YY-Thunks-1.0.7-Binary/ThunksList.md b/libs/YY-Thunks-1.0.7-Binary/ThunksList.md new file mode 100644 index 0000000..eb74999 --- /dev/null +++ b/libs/YY-Thunks-1.0.7-Binary/ThunksList.md @@ -0,0 +1,395 @@ +# YY-Thunks Thunks 清单 + +此表展示了YY-Thunks(鸭船)可以解决的函数不存在问题,欢迎大家扩充! + +> 开头带`*`的函数并不建议使用,仅用于编译通过处理,如果使用可能导致老版本系统无法充分发挥性能。 + +## api-ms-win-core-path-l1-1-0.dll +| 函数 | Fallback +| ---- | ----------- +| PathIsUNCEx | 内部实现。 +| PathCchIsRoot | 内部实现。 +| PathCchAddBackslashEx | 内部实现。 +| PathCchAddBackslash | 调用PathCchAddBackslashEx。 +| PathCchRemoveBackslashEx | 内部实现。 +| PathCchRemoveBackslash | 调用PathCchRemoveBackslashEx。 +| PathCchSkipRoot | 内部实现。 +| PathCchStripToRoot | 内部实现。 +| PathCchRemoveFileSpec | 内部实现。 +| PathCchFindExtension | 内部实现。 +| PathCchAddExtension | 调用PathCchFindExtension。 +| PathCchRenameExtension | 调用PathCchFindExtension。 +| PathCchRemoveExtension | 调用PathCchFindExtension。 +| PathCchCanonicalizeEx | 不存在时,内部实现。 +| PathCchCanonicalize | 调用PathCchCanonicalizeEx。 +| PathCchCombineEx | 内部实现。 +| PathCchCombine | 调用PathCchCombineEx。 +| PathCchAppendEx | 调用PathCchCombineEx。 +| PathCchAppend | 调用PathCchAppendEx。 +| PathCchStripPrefix | 内部实现。 +| PathAllocCombine | 不存在时,调用PathCchCombineEx。 +| PathAllocCanonicalize | 不存在时,调用PathCchCanonicalizeEx。 + +## api-ms-win-core-winrt-l1-1-0.dll +| 函数 | Fallback +| ---- | ----------- +| RoInitialize | 不存在时,调用 CoInitializeEx。 +| RoUninitialize | 不存在时,调用 CoUninitialize。 +| RoActivateInstance | 不存在时,返回 E_NOTIMPL。 +| RoRegisterActivationFactories | 不存在时,返回 E_NOTIMPL。 +| RoRevokeActivationFactories | 不存在时,什么也不做。 +| RoGetActivationFactory | 不存在时,返回 E_NOTIMPL。 +| RoRegisterForApartmentShutdown | 不存在时,返回 E_NOTIMPL。 +| RoUnregisterForApartmentShutdown | 不存在时,返回 E_NOTIMPL。 +| RoGetApartmentIdentifier | 不存在时,返回 E_NOTIMPL。 + +## api-ms-win-core-winrt-error-l1-1-0.dll +| 函数 | Fallback +| ---- | ----------- +| RoOriginateError | 不存在时,返回 FALSE. +| RoOriginateErrorW | 不存在时,返回 FALSE. + +## api-ms-win-core-winrt-string-l1-1-0.dll +| 函数 | Fallback +| ---- | ----------- +| WindowsCreateString | 不存在时,返回 E_NOTIMPL。 +| WindowsCreateStringReference | 不存在时,返回 E_NOTIMPL。 +| WindowsDeleteString | 不存在时,返回 E_NOTIMPL。 +| WindowsDuplicateString | 不存在时,返回 E_NOTIMPL。 +| WindowsGetStringLen | 不存在时,返回 E_NOTIMPL。 +| WindowsGetStringRawBuffer | 不存在时,返回 E_NOTIMPL。 +| WindowsIsStringEmpty | 不存在时,返回 E_NOTIMPL。 +| WindowsStringHasEmbeddedNull | 不存在时,返回 E_NOTIMPL。 +| WindowsCompareStringOrdinal | 不存在时,返回 E_NOTIMPL。 + +## advapi32.dll +| 函数 | Fallback +| ---- | ----------- +| RegDeleteKeyExW(A) | 不存在时,调用RegDeleteKeyW(A)。 +| RegSetKeyValueW(A) | 调用RegCreateKeyExW(A)以及RegSetValueExW(A)。 +| RegDeleteKeyValueW(A) | 调用RegOpenKeyExW(A)以及RegDeleteValueW(A)。 +| RegDeleteTreeW(A) | 调用SHDeleteKeyW(A)。 +| RegGetValueW(A) | 不存在时,调用RegQueryValueExW(A)。 +| RegCopyTreeW(A) | 不存在时,调用SHCopyKeyW(A)。 +| EventSetInformation | 不存在时,返回ERROR_NOT_SUPPORTED。 + +## bcrypt.dll +| 函数 | Fallback +| ---- | ----------- +| BCryptOpenAlgorithmProvider | 内部实现。 +| BCryptCloseAlgorithmProvider | 内部实现。 +| BCryptGenRandom | 不存在时调用,RtlGenRandom。 + +## bluetoothapis.dll +| 函数 | Fallback +| ---- | ----------- +| BluetoothGATTGetCharacteristicValue | 不存在时,返回ERROR_NOT_SUPPORTED。 +| BluetoothGATTGetCharacteristics | 不存在时,返回ERROR_NOT_SUPPORTED。 +| BluetoothGATTGetDescriptors | 不存在时,返回ERROR_NOT_SUPPORTED。 +| BluetoothGATTGetServices | 不存在时,返回ERROR_NOT_SUPPORTED。 +| BluetoothGATTRegisterEvent | 不存在时,返回ERROR_NOT_SUPPORTED。 +| BluetoothGATTSetCharacteristicValue | 不存在时,返回ERROR_NOT_SUPPORTED。 +| BluetoothGATTSetDescriptorValue | 不存在时,返回ERROR_NOT_SUPPORTED。 + +## iphlpapi.dll +| 函数 | Fallback +| ---- | ----------- +| GetIfTable2 | 不存在时调用,GetIfTable,并使用HeapAlloc申请内存。 +| GetIfTable2Ex | 不存在时调用,GetIfTable,并使用HeapAlloc申请内存。 +| GetIfEntry2 | 不存在时调用,GetIfEntry。 +| GetIfEntry2Ex | 不存在时调用,GetIfEntry2。 +| FreeMibTable | 不存在时调用,HeapFree。 + +## kernel32.dll +| 函数 | Fallback +| ---- | ----------- +| DecodePointer | 不存在时,返回指针本身。 +| EncodePointer | 不存在时,返回指针本身。 +| Wow64DisableWow64FsRedirection | 不存在时,返回FALSE,并设置 LastError = ERROR_INVALID_FUNCTION。 +| Wow64RevertWow64FsRedirection | 不存在时,返回FALSE,并设置 LastError = ERROR_INVALID_FUNCTION。 +| Wow64EnableWow64FsRedirection | 不存在时,返回FALSE,并设置 LastError = ERROR_INVALID_FUNCTION。 +| IsWow64Process2 | 不存在时,调用IsWow64Process。 +| IsWow64GuestMachineSupported | 不存在时,调用GetNativeSystemInfo。 +| GetTickCount64 | 不存在时,调用GetTickCount。 +| GetSystemTimePreciseAsFileTime | 不存在时,调用GetSystemTimeAsFileTime。 +| InitializeCriticalSectionEx | 不存在时,调用InitializeCriticalSectionAndSpinCount。 +| InitOnceInitialize | 初始化为 INIT_ONCE_STATIC_INIT。 +| InitOnceBeginInitialize | 不存在时,调用NtWaitForKeyedEvent。 +| InitOnceComplete | 不存在时,调用NtReleaseKeyedEvent。 +| InitOnceExecuteOnce | 不存在时,调用NtWaitForKeyedEvent以及NtReleaseKeyedEvent。 +| LocaleNameToLCID | 不存在时,查LocaleNameToLcidTable。 +| LCIDToLocaleName | 不存在时,查LcidToLocaleNameTable。 +| GetLocaleInfoEx | 不存在时,调用GetLocaleInfoW。 +| GetDateFormatEx | 不存在时,调用GetDateFormatW。 +| GetTimeFormatEx | 不存在时,调用GetTimeFormatW。 +| GetNumberFormatEx | 不存在时,调用GetNumberFormatW。 +| GetCurrencyFormatEx | 不存在时,调用GetCurrencyFormatW。 +| GetUserDefaultLocaleName | 不存在时,调用LCIDToLocaleName。 +| GetSystemDefaultLocaleName | 不存在时,调用LCIDToLocaleName。 +| EnumCalendarInfoExEx | 不存在时,调用EnumCalendarInfoExW。 +| EnumDateFormatsExEx | 不存在时,调用EnumDateFormatsExW。 +| LCMapStringEx | 不存在时,调用LCMapStringW。 +| GetFileInformationByHandleEx | 不存在时,调用NtQueryInformationFile 或者 NtQueryDirectoryFile。 +| SetFileInformationByHandle | 不存在时,调用NtSetInformationFile。 +| GetFinalPathNameByHandleW(A) | 不存在时,调用NtQueryObject以及NtQueryInformationFile。 +| GetLogicalProcessorInformation | 不存在时,返回FALSE,并设置 LastError = ERROR_INVALID_FUNCTION。 +| GetLogicalProcessorInformationEx | 不存在时,调用GetLogicalProcessorInformation。 +| GetNumaHighestNodeNumber | 不存在时,返回0。 +| RaiseFailFastException | 不存在时,调用TerminateProcess。 +| GetThreadId | 不存在时,调用NtQueryInformationThread。 +| GetProcessIdOfThread | 不存在时,调用NtQueryInformationThread。 +| GetProcessId | 不存在时,调用NtQueryInformationProcess。 +| QueryThreadCycleTime | 不存在时,调用GetThreadTimes。 +| QueryProcessCycleTime | 不存在时,调用GetProcessTimes。 +| K32EnumProcessModules | 调用EnumProcessModules。 +| K32EnumProcessModulesEx | 调用EnumProcessModulesEx。 +| K32GetModuleBaseNameW(A) | 调用GetModuleBaseNameW(A)。 +| K32GetModuleFileNameExW(A) | 调用K32GetModuleFileNameExW(A)。 +| K32EmptyWorkingSet | 调用EmptyWorkingSet。 +| K32QueryWorkingSet | 调用QueryWorkingSet。 +| K32QueryWorkingSetEx | 调用QueryWorkingSetEx。 +| K32InitializeProcessForWsWatch | 调用InitializeProcessForWsWatch。 +| K32GetWsChanges | 调用GetWsChanges。 +| K32GetWsChangesEx | 调用GetWsChangesEx。 +| K32GetMappedFileNameW(A) | 调用GetMappedFileNameW(A)。 +| K32EnumDeviceDrivers | 调用EnumDeviceDrivers。 +| K32GetDeviceDriverBaseNameW(A) | 调用GetDeviceDriverBaseNameW(A)。 +| K32GetDeviceDriverFileNameW(A) | 调用GetDeviceDriverFileNameW(A)。 +| K32GetPerformanceInfo | 调用GetPerformanceInfo。 +| K32EnumPageFilesW(A) | 调用EnumPageFilesW(A)。 +| K32GetProcessImageFileNameW(A) | 调用GetProcessImageFileNameW(A)。 +| QueryFullProcessImageNameW(A) | 不存在时,调用GetProcessImageFileNameW(A) 或者 GetModuleFileNameExW(A)。 +| CreateFile2 | 不存在时,调用CreateFileW。 +| CreateEventExW(A) | 不存在时,调用CreateEventW(A)。 +| CreateMutexExW(A) | 不存在时,调用CreateMutexW(A)。 +| CreateSemaphoreExW | 不存在时,调用CreateSemaphoreW。 +| CreateWaitableTimerExW | 不存在时,调用CreateWaitableTimerW。 +| InterlockedCompareExchange64 | 调用内部函数_InterlockedCompareExchange64。 +| SetThreadErrorMode | 不存在时,调用SetErrorMode。 +| GetThreadErrorMode | 不存在时,调用GetErrorMode。 +| GetErrorMode | 不存在时,调用NtQueryInformationProcess。 +| InitializeSRWLock | 初始化为 RTL_SRWLOCK_INIT。 +| AcquireSRWLockExclusive | 不存在时,调用NtWaitForKeyedEvent。 +| TryAcquireSRWLockExclusive | 不存在时,调用InterlockedBitTestAndSet(64)。 +| ReleaseSRWLockExclusive | 不存在时,调用NtReleaseKeyedEvent。 +| AcquireSRWLockShared | 不存在时,调用NtWaitForKeyedEvent。 +| TryAcquireSRWLockShared | 不存在时,调用InterlockedCompareExchange。 +| ReleaseSRWLockShared | 不存在时,调用NtReleaseKeyedEvent。 +| InitializeConditionVariable | 初始化为 CONDITION_VARIABLE_INIT。 +| SleepConditionVariableCS | 不存在时,调用NtWaitForKeyedEvent。 +| SleepConditionVariableSRW | 不存在时,调用NtWaitForKeyedEvent。 +| WakeConditionVariable | 不存在时,调用NtReleaseKeyedEvent。 +| WakeAllConditionVariable | 不存在时,调用NtReleaseKeyedEvent。 +| InitializeSynchronizationBarrier | 不存在时,调用CreateEvent。 +| EnterSynchronizationBarrier | 不存在时,调用WaitForSingleObject。 +| DeleteSynchronizationBarrier | 不存在时,调用CloseHandle。 +| WaitOnAddress | 不存在时,调用NtWaitForKeyedEvent。警告,此函数请勿跨模块使用!!! +| WakeByAddressSingle | 不存在时,调用NtReleaseKeyedEvent。警告,此函数请勿跨模块使用!!! +| WakeByAddressAll | 不存在时,调用NtReleaseKeyedEvent。警告,此函数请勿跨模块使用!!! +| *GetCurrentProcessorNumber | 不存在时,返回0。 +| *GetCurrentProcessorNumberEx | 不存在时,调用GetCurrentProcessorNumber。 +| *GetNumaNodeProcessorMask | 不存在时,假定所有CPU都在当前Numa。 +| *GetNumaNodeProcessorMaskEx | 不存在时,调用GetNumaNodeProcessorMask。 +| *SetThreadGroupAffinity | 不存在时,调用SetThreadAffinityMask。 +| *CancelIoEx | 不存在时,调用CancelIo(会把此句柄的所有IO操作取消掉!)。 +| OpenFileById | 不存在时,调用NtCreateFile。 +| CreateSymbolicLinkW(A) | 不存在时,返回FALSE,并设置 LastError = ERROR_INVALID_FUNCTION。 +| ReOpenFile | 不存在时,调用NtCreateFile。 +| CompareStringEx | 不存在时,调用CompareStringW。 +| CompareStringOrdinal | 不存在时,使用内置UnicodeCaseTableData实现。 +| SetFilePointerEx | 不存在时,调用SetFilePointer。 +| GetModuleHandleExW(A) | 不存在时,调用GetModuleHandleW(A)。 +| WTSGetActiveConsoleSessionId | 不存在时,直接返回 0。 +| GetNativeSystemInfo | 不存在时,调用GetSystemInfo。 +| InitializeSListHead | 直接初始化为 0。 +| InterlockedFlushSList | 不存在时,调用lock cmpxchg8b指令。 +| QueryDepthSList | 不存在时,直接返回Depth。 +| InterlockedPushEntrySList | 不存在时,调用lock cmpxchg8b指令。 +| InterlockedPopEntrySList | 不存在时,调用lock cmpxchg8b指令。 +| GetNumaProximityNodeEx | 不存在时,调用GetNumaProximityNode。 +| GetNumaProcessorNode | 不存在时,假定所有CPU都在节点 0。 +| GetNumaNodeNumberFromHandle | 不存在时,假定所有CPU都在节点 0。 +| GetNumaProcessorNodeEx | 不存在时,调用 GetNumaProcessorNode 。 +| GetNumaAvailableMemoryNode | 不存在时,假定所有内存都属于节点0 。 +| GetNumaAvailableMemoryNodeEx | 不存在时,调用 GetNumaAvailableMemoryNode 。 +| GetNumaProximityNode | 不存在时,假定都是节点0 。 +| AllocateUserPhysicalPagesNuma | 不存在时,调用 AllocateUserPhysicalPages 。 +| MapViewOfFileExNuma | 不存在时,调用 MapViewOfFileEx。 +| VirtualAllocExNuma | 不存在时,调用 VirtualAllocEx 。 +| CreateFileMappingNumaW(A) | 不存在时,调用 CreateFileMappingW(A) 。 +| GetMaximumProcessorCount | 不存在时,调用 GetSystemInfo 。 +| GetActiveProcessorCount | 不存在时,调用 GetSystemInfo 。 +| GetActiveProcessorGroupCount | 不存在时,假定为1 。 +| GetMaximumProcessorGroupCount | 不存在时,假定为1 。 +| GetMemoryErrorHandlingCapabilities | 不存在时,直接报告不支持任何特性。 +| VirtualAllocFromApp | 不存在时,调用 VirtualAlloc 。 +| VirtualAlloc2 | 不存在时,调用 VirtualAllocExNuma 以及 VirtualAllocEx 。 +| VirtualAlloc2FromApp | 不存在时,调用 VirtualAllocExNuma 以及 VirtualAllocEx 。 +| CreateFileMappingFromApp | 不存在时,调用 CreateFileMappingW 。 +| CreateFileMapping2 | 不存在时,调用 CreateFileMappingNumaW 以及 CreateFileMappingW 。 +| MapViewOfFileFromApp | 不存在时,调用 MapViewOfFile 。 +| UnmapViewOfFileEx | 不存在时,调用 UnmapViewOfFile 。 +| VirtualProtectFromApp | 不存在时,调用 VirtualProtect 。 +| OpenFileMappingFromApp | 不存在时,调用 OpenFileMappingW 。 +| CreateThreadpoolWork | 不存在时,内部实现。警告,此函数请勿跨模块使用!!! +| CloseThreadpoolWork | 不存在时,内部实现。警告,此函数请勿跨模块使用!!! +| SubmitThreadpoolWork | 不存在时,调用QueueUserWorkItem。警告,此函数请勿跨模块使用!!! +| WaitForThreadpoolWorkCallbacks | 不存在时,内部实现。警告,此函数请勿跨模块使用!!! +| CreateThreadpoolTimer | 不存在时,内部实现。警告,此函数请勿跨模块使用!!! +| CloseThreadpoolTimer | 不存在时,内部实现。警告,此函数请勿跨模块使用!!! +| SetThreadpoolTimer | 不存在时,调用QueueTimer。警告,此函数请勿跨模块使用!!! +| SetEventWhenCallbackReturns | 不存在时,内部实现。警告,此函数请勿跨模块使用!!! +| ReleaseSemaphoreWhenCallbackReturns | 不存在时,内部实现。警告,此函数请勿跨模块使用!!! +| ReleaseMutexWhenCallbackReturns | 不存在时,内部实现。警告,此函数请勿跨模块使用!!! +| LeaveCriticalSectionWhenCallbackReturns | 不存在时,内部实现。警告,此函数请勿跨模块使用!!! +| FreeLibraryWhenCallbackReturns | 不存在时,内部实现。警告,此函数请勿跨模块使用!!! +| WaitForThreadpoolTimerCallbacks | 不存在时,内部实现。警告,此函数请勿跨模块使用!!! +| TrySubmitThreadpoolCallback | 不存在时,内部实现。警告,此函数请勿跨模块使用!!! +| CreateThreadpoolWait | 不存在时,内部实现。警告,此函数请勿跨模块使用!!! +| CloseThreadpoolWait | 不存在时,内部实现。警告,此函数请勿跨模块使用!!! +| SetThreadpoolWait | 不存在时,调用RegisterWaitForSingleObject。警告,此函数请勿跨模块使用!!! +| WaitForThreadpoolWaitCallbacks | 不存在时,内部实现。警告,此函数请勿跨模块使用!!! +| FlushProcessWriteBuffers | 不存在时,调用VirtualProtect。 +| FlsAlloc | 不存在时,使用Tls实现。警告,此函数请勿跨模块使用!!! +| FlsFree | 不存在时,使用Tls实现。警告,此函数请勿跨模块使用!!! +| FlsGetValue | 不存在时,使用Tls实现。警告,此函数请勿跨模块使用!!! +| FlsSetValue | 不存在时,使用Tls实现。警告,此函数请勿跨模块使用!!! +| IsThreadAFiber | 不存在时,调用 GetCurrentFiber。 +| ConvertThreadToFiberEx | 不存在时,调用 ConvertThreadToFiber。 +| GetDynamicTimeZoneInformation | 不存在时,调用 GetTimeZoneInformation。 +| SetDynamicTimeZoneInformation | 不存在时,调用 SetTimeZoneInformation。 +| GetProductInfo | 不存在时,调用 GetVersionExW。 +| EnumSystemLocalesEx | 不存在时,调用 EnumSystemLocalesW。 +| GetThreadPreferredUILanguages | 不存在时,调用 GetThreadLocale、GetUserDefaultLangID以及GetSystemDefaultLangID。 +| GetThreadUILanguage | 不存在时,调用 GetThreadLocale。 +| ResolveLocaleName | 不存在时,调用 LocaleNameToLCID以及LCIDToLocaleName。 +| InitializeProcThreadAttributeList | 不存在时,内部实现。 +| DeleteProcThreadAttributeList | 不存在时,内部实现。 +| UpdateProcThreadAttribute | 不存在时,内部实现。PROC_THREAD_ATTRIBUTE_PARENT_PROCESS与PROC_THREAD_ATTRIBUTE_HANDLE_LIST特性会被忽略处理。 +| GetLargePageMinimum | 不存在时,假定为0 。 +| SetThreadStackGuarantee | 不存在时,调用VirtualAlloc。 +| SetCoalescableTimer | 不存在时,调用SetTimer。 +| EnumResourceLanguagesExW(A) | 不存在时,调用EnumResourceLanguagesW(A)。 +| DiscardVirtualMemory | 不存在时,调用VirtualAlloc MEM_RESET。 +| OfferVirtualMemory | 不存在时,返回ERROR_SUCCESS。 +| ReclaimVirtualMemory | 不存在时,返回ERROR_SUCCESS。 +| PrefetchVirtualMemory | 不存在时,返回ERROR_SUCCESS。 +| GetProcessMitigationPolicy | 不存在时,调用NtQueryInformationProcess。 +| SetProcessMitigationPolicy | 不存在时,调用NtSetInformationProcess。 +| SetProcessInformation | 不存在时,调用NtSetInformationProcess。 +| SetThreadInformation | 不存在时,调用NtSetInformationThread。 +| PowerCreateRequest | 不存在时,内部实现。 +| PowerSetRequest | 不存在时,调用 SetThreadExecutionState。 +| PowerClearRequest | 不存在时,调用 SetThreadExecutionState。 + +## mfplat.dll +| 函数 | Fallback +| ---- | ----------- +| MFCreateDXGIDeviceManager | 不存在时,返回E_NOTIMPL。 +| MFCreateDXGISurfaceBuffer | 不存在时,返回E_NOTIMPL。 +| MFLockDXGIDeviceManager | 不存在时,返回E_NOTIMPL。 +| MFUnlockDXGIDeviceManager | 不存在时,返回E_NOTIMPL。 + +## netapi32.dll +| 函数 | Fallback +| ---- | ----------- +| NetGetAadJoinInformation | 不存在时,始终认为没有加入 Azure AD 帐户 账号。 +| NetFreeAadJoinInformation | 不存在时,什么也不做。 + +## ole32.dll +| 函数 | Fallback +| ---- | ----------- +| CoGetApartmentType | 不存在时,调用IComThreadingInfo。 + +## pdh.dll +| 函数 | Fallback +| ---- | ----------- +| PdhAddEnglishCounterW(A) | 不存在时,调用PdhAddCounterW(A)。 + +## powrprof.dll +| 函数 | Fallback +| ---- | ----------- +| PowerDeterminePlatformRole | 不存在时,返回PlatformRoleDesktop。 +| PowerDeterminePlatformRoleEx | 不存在时,调用PlatformRoleDesktop。 +| PowerRegisterSuspendResumeNotification | 不存在时,使用窗口模拟。 +| PowerUnregisterSuspendResumeNotification | 内部实现。 + +## psapi.dll +| 函数 | Fallback +| ---- | ----------- +| EnumProcessModulesEx | 不存在时,调用EnumProcessModules。 +| GetWsChangesEx | 不存在时,调用GetWsChanges。 +| *QueryWorkingSetEx | 不存在时,返回FALSE,并设置 LastError = ERROR_INVALID_FUNCTION。 + +## setupapi.dll +| 函数 | Fallback +| ---- | ----------- +| SetupDiGetDevicePropertyW | 不存在时,调用SetupDiGetDeviceRegistryPropertyW。 +| SetupDiSetDevicePropertyW | 不存在时,调用SetupDiSetDeviceRegistryPropertyW。 +| SetupDiGetClassPropertyW | 不存在时,调用SetupDiGetClassRegistryPropertyW。 +| SetupDiGetClassPropertyExW | 不存在时,调用SetupDiGetClassRegistryPropertyW。 +| SetupDiSetClassPropertyW | 不存在时,调用SetupDiSetClassRegistryPropertyW。 +| SetupDiSetClassPropertyExW | 不存在时,调用SetupDiSetClassRegistryPropertyW。 + +## shcore.dll +| 函数 | Fallback +| ---- | ----------- +| GetDpiForMonitor | 不存在时,调用GetDeviceCaps。 +| SetProcessDpiAwareness | 不存在时,调用SetProcessDPIAware。 +| SetProcessDPIAware | 不存在时,直接返回 TRUE。 + +## shell32.dll +| 函数 | Fallback +| ---- | ----------- +| SHGetKnownFolderPath | 不存在时,调用SHGetFolderPathW。 +| SHSetKnownFolderPath | 不存在时,调用SHSetFolderPathW。 +| SHGetKnownFolderIDList | 不存在时,调用SHGetFolderLocation。 +| SHBindToFolderIDListParent | 不存在时,调用IShellFolder。 +| SHBindToFolderIDListParentEx | 不存在时,调用IShellFolder。 +| SHBindToObject | 不存在时,调用IShellFolder。 +| SHCreateItemFromIDList | 不存在时,调用IShellItem。 +| SHCreateItemWithParent | 不存在时,调用IShellItem。 +| SHCreateItemFromRelativeName | 不存在时,调用IShellItem。 +| SHGetNameFromIDList | 不存在时,调用IShellItem。 +| SHCreateShellItem | 不存在时,调用IShellItem。 +| SHCreateItemFromParsingName | 不存在时,调用SHParseDisplayName。 + +## shlwapi.dll +| 函数 | Fallback +| ---- | ----------- +| StrToInt64ExW(A) | 不存在时,手工解析字符串。 + +## user32.dll +| 函数 | Fallback +| ---- | ----------- +| IsWow64Process | 不存在时,返回TRUE,并设置 `*Wow64Process = FALSE`。 +| SetProcessDpiAwarenessContext | 不存在时,调用SetProcessDpiAwareness。 +| GetDpiForSystem | 不存在时,调用GetDeviceCaps。 +| GetDpiForWindow | 不存在时,调用GetDpiForMonitor。 +| GetSystemMetricsForDpi | 不存在时,调用GetSystemMetrics。 +| AdjustWindowRectExForDpi | 不存在时,调用AdjustWindowRectEx。 +| SystemParametersInfoForDpi | 不存在时,调用SystemParametersInfoW。 +| RegisterSuspendResumeNotification | 不存在时,使用窗口模拟。 +| UnregisterSuspendResumeNotification | 不存在时,内部实现。 + +## userenv.dll +| 函数 | Fallback +| ---- | ----------- +| CreateAppContainerProfile | 不存在时,返回E_NOTIMPL。 +| DeleteAppContainerProfile | 不存在时,返回E_NOTIMPL。 +| DeriveAppContainerSidFromAppContainerName | 不存在时,返回E_NOTIMPL。 +| GetAppContainerFolderPath | 不存在时,返回E_NOTIMPL。 +| GetAppContainerRegistryLocation | 不存在时,返回E_NOTIMPL。 + +## version.dll +| 函数 | Fallback +| ---- | ----------- +| GetFileVersionInfoExW(A) | 不存在时,调用GetFileVersionInfoW(A)。 +| GetFileVersionInfoSizeExW(A) | 不存在时,调用GetFileVersionInfoSizeW(A)。 + +## ws2_32.dll +| 函数 | Fallback +| ---- | ----------- +| InetPtonW(inet_pton) | 不存在时,类似于sscanf手工分析字符串。 +| InetNtopW(inet_ntop) | 不存在时,类似于sprintf手工生成字符串。 +| WSAPoll | 不存在时,调用select。 diff --git a/libs/YY-Thunks-1.0.7-Binary/objs/x86/YY_Thunks_for_WinXP.obj b/libs/YY-Thunks-1.0.7-Binary/objs/x86/YY_Thunks_for_WinXP.obj new file mode 100644 index 0000000000000000000000000000000000000000..c31ab5b5ba0b91026c2d9604ec1b41498d2aba95 GIT binary patch literal 1664803 zcma&v37C%6`v>rY*|#Ryvy6SoGG-^qzJ(-P8X6jsgqS4RLbfC%Nl1Q@gd_<`l1fYn zAxSDEX`&E?{@?pOr}@u&_UF3JTs7}!zV|uLbDrfrGiKTsx*GRHc$4fZU);iG*JOdM zZuYQ#59W;M$N!J9^@SO`)(syDZc*{9Zg#)Ek3Ur9-v2(`;?+WI?R|yW#VbVupK2e) zSQ8fCtnRSvJ~@5Bi9$pZ^7> zc{X=p2A7S`kAwNi;kv?A=oi9r&}gHNfx4RUE`(VkoN2t3@%1ZVzAWHOd52-XE#P$X zl#a(Km`eqmZoia*`xmBUe?AV=JfOVWU~U(V#-Yo*9WS(m8UGN^%iqtM{jvpSn{cN6 zaw|Ht3+B|rJTKFy9X5uIzt#()=rlfIo+Xu&BqRx{}Mr z*H3^sEgW4{O~)-{SO|+iqs`R6ad@F9%l^-n}o9+ zk1t_iqWd^5~Vqq(~oR=5A?y0Ho73*k)j3UE7`4r}maHhI+A3OmQF_!0<_A||cvM}|8v*k5_>En_2ILuT> z-pi;v2j;eMynlFH)9z=Q&(FiG7S1$|nQ$M&+&!M>g&OjTFE%53mR>vc~uLqm4j(5T>kY`IzQ<7svpb>;qvQBt~=a5nCcUFU6Z4{yJ6-y zTmsx?n4`kw&jZbQeiG(P0jIkTRYKk$FvTYF{^jpyOIBkaxgbN!}DzS^C>XT3YTA3%DaTT7h$GP zmhvP=$G7m55Y`fnHu|W$UR}lKABE{ZmAhzztArhU5a#l;+?lR__3`yfX5c=JMqB=V zmik9ue+uTZhl_eHgx!i}%R7!2>%qj%_0TxO#6>q9hjC5cN^S& zFq0gP^5(;=bvVk~0rR`VQC^WbI6u&6Gwqk#@mf`wEa6P!9RQaDbIjpd!JUUmd%?c{ z=E1dtIU$_s__l$&0n=)(eIBI3Wy8EIoM{|o;8w$YE}Ut<(Ej@h<`+j^54h_vU0<~K zkIu{CFw=xH^{*e?BACMScpiP!U7snh7EBZ2OnG(Ty1+~j&a|JC;FiGb7tXX_=sI)^ z=B&ff{<{bh^AaD2DUa?8C16?$XX;-ixPCBG9C>tp%!b(_oN2%GhT8{IcfS3&QQh`1 zgM~AV<9@i2Fb5oYRp2hb6n~l5HT93`)`YoBI8)u~c%duI=mk8__C8=c%mLv{c{H!S zgZb0p==ffTDgKIm9JDT46Q;9prn+?B&xCo@!#x2rRd$-^usJaE3OL& z+JBn7u`m;aqj8wtH_m{WB|GUkq6xl!0nAb1sJiL>Lg7VN7eJ#ezpj)=>yz;?slw&Y zE6q6C!gP@HG_E_${j!tl=AdprVW@w!>8@7^==e8qR~Oso%QN`;*jKp;gc+Oy|)`xHXQvP;_V`%!kX|`{i4h?}f`Bht$7lyzmRm z#n*WrebmjDOnkoV@(?x>jW*l)I|F8xaHhIl@kVC>%gpUlPu>pmv~caABf{m+15MsJnDcU;#{CU*Lv~VKngi&zmufZ(Y#Ovbn#m_fQ-hP-v!rAJcfH^5UsqRM9$%9$Gnb)O{f%9Bb zcMr^d;qvQBd0F`SV=#?AaOY*i3=qzg_ayR$!Tc(mZNHS;62dB?(Pqkf9IxF5vqZT3 z@k--JgWCynL%96wu4ccK{V;?jpwVWkOW*&f1=CPC+dSN0C|}(FA8Vt-@7pH zJMyT1AH#eloUMPSV19Ar-Gsb9VG3{k|NWx7f6)7*7?@PyY<1hhbSRLgyB<*8?lAoe zIMaL{3X@a7>GJ6NA7f!&5YE=WH(=g!2$PZ|f+eHP}B>@?^3S(rTGOm*pgeg$UU$9x>N>(x$}T;WW46_9rb=8|x>{Svty z>-=c6ney(#Yb9ZZ3YUL;HRGKLGslrf{aXn0fpE6|?S(nu$ZLzd?_jEZ;@*EfU^0a> zjduw0`onxJ9HpAB2iIW=?Xd4ZdTxq_86cc3Zx+m4N8V86EryBvl-JGAljbQsH>JU} z5RS%c8b?Q%&IO$Ax<=ox&4hVbxcqq_)urp{`!Jss$TQX52XnB1)77Q*lH)L)KjY&y z)usLog;^~-%{<)=vsbwMd7yFMzrO!I*1&VyN4AkTC>mcy(p;B<8_BX2#qozn5p?7y8bxx(e|XKBCu zg&lSX=F8nY&-Q*MG8fk?G}=sgZ{oF*Fx!MP?U$cX_YBP5z3#fv`|y2dG+W)LkyjdK z!G3q%A(*4WnZ{8C#ZJOR9N>ATdG$D6C<`E^kG~T-qFbQVwaVbxlFRfAcH<*+kxU=0a`@;+rF2Am(e>pHCJ=_GC z$sTSN%v=w*7-p%5TLrULcG7-H$MM|^b3r)lCVst_Ty1By)4;Utxata93fjd${nE__<~@+D!AFu9L-u2|#?%T_?#^^>nG8uBE5z>goD)WhwCIpE>GgZaV3{R;EDhr0@M-NS{S!aPNz z&9+~P!<6=Lm0_xTxcV@u9_~(<<{qvC%sn3NewYV5+`}-BdblTGp7Lc5aweKw;N`!hx-QRI}i6W%q63kT(SL8JQ9RZqaKHm&e+{0CX zsqEqEz|{9}x5M1&;o8D<@NnH>?)Py0U>^2x!(pEAa8JWL*4N&>F(kB!1VKQLtut`xG^wKd$?y|p7(Gs!z}V}Z@|3e;ogJUO z1@pCs`yS>e5BD3)1rPTR%)cHk@(kAN&|KH?k}$V=xT-KUJzO$Ox`%5D)6&D;4Rf!D z>jl%t!#x5s#KS!aGseSBfq7PT(z*|=kG}}Bzkmy@151v+zj_QN^q2oXZaPPKH^H=b zIQlu&ZZHoyTxqz+V5SR~zb+;9kKRWuhFRlq^mA_8VN%cXapbR0N_i#W?u8jBoT+Xd zxUn#A$xgE#_7Th{!r7k3zl8b9!+i_$z3ilMR6_rLfrug<2@m%)%rhSDd6*YG+#;CQJltC_Z+o~+ zFdurj&tZ0ZxUXTp@o+!E{OsW_z+Cch|H2eG_y62~4@^G~Hw0$5hZ_U)w1;~Z=6MhIGRz_m_Xf;c9_~GuO&;zOn9n`j zS1@0DxbIWTRmJ=n3^6g87AGsHHB&E;qHdH z*TeOK>Eq!Zff?fAo`f0W;ikYm>)~F6dD+AL59SRI_YTZ^vXk!9^m9fZ!5kDW|9L}m z|2+e9&Li(KOmrTfSGK$gFqMVNpMO&S=;t@;z%(l0Og}Hs3Z`8FXS$Aef$8Dl`oi>g zIC}mYDh&QJu<7cO8}I36dAcQ@Zmp-==IQo%x)Yx6yr*No^EoAUv+?^H@t!Wh(51>x6jj^@O0-r9Xszi|2$oSr%Uv7O*~yEPnYHC zhI+d3o^F<>TjJ@~db(|%Zl9++;o)dTork+9Z2o;vy8qJs9%^hJ)Z8kr_1wnH#}Y3AD;8i)7ABKjXhmQPuJVi z4fb?nJ>5(XM|*fN+)`m}*Ns&kd34>_;^}fd-7!yh&eL7vcAl=MryJxna;NiBx?C@}VVD@{sV=yN?+*z1B4|fITnuiO!g5S%IMw{(; z6oV<{;VQvY^KgkUDITsdOf%U@-=Cp>=hYr&qHy^?*CMT7(I{VodEJrsGj_z=F!TQA z`y~QjXZn86X_&LZ+4kQ>m@6Kx@IUxHZD_RR=SkzGe=i;nQ%|`3?{7(te!q2dVJMF_ z-OnvG!{Y4=VHlW`|!Z*r`Gq~hLnoWEoS5)KVzwbi7*R%xO zSYheswlIz+vZLS6Jo36UUd`Wu*$g)cuJH|SP5+*=DBMtC@SlNA_kBOAJHf-zJfG>| z=(%p5hok;2_i*&{R~tRuXF4a%Q~LLu2g&`*_h0_`AzcrsZZTo-pMg!c|7g6GJRIdE zc{s{z;^Aojb@Fg@eEWJh${XzAXs?Zjn)0NJk9Y~47W>I+wnNA%aiKT z-x)dQ;b^=OjLx3_-*m^9Tp1775U#d|qu)2&UvW*8>p?5HH99BlziMz7;mQ=^V=?W& z47j?&;6DSKZoD*({yL|ry9Dktxvu1@BJU{7zYa&^xTSC?Yk)>u{y3yOx^Hz5CIIol zbpP!RcfYWvc}nxSAI!tDlj=4{z;KuiMR@<{qp9v0m~+DA*Ol@T@b#BrN`&w{a=QC( z5BfaJNa6DDztX&?am<5RP#`aGe5JaLP-q#=TlhHWexlpY7xDR?#X?!f;@p|`Uw61cFrNr#I=+qIeub%C!oL6L_uAhMGs59$ zywhQp3Wvj}9S1$Bu7df&kw;IemtbxyX&*1`ueLDv31^xI^mF=;!Ypv)(R1uZn1oXH zy2Ica!>o0{ zm2js0(jIObOiWpxXL6L60Mpyy=$*qbm^U4+E8K@LMa%KJk(5t==dpR`E>(K8ZGry{ zY_uN+!3-6S=2hT*g>*fj{*8j!D4b~=)8TSqx|Qd3P3IB4L(74A!{O+<`zcJh3Ovtr z+{VDQgxM}!{&=Nv9EK~K5X$~Uqs`=|;mr zj!mr`%7$05*QI&-B}}=h+?mEp_qUcXGplhIi?7r5kFKZj)k9fDG}=tZjh;_aVOk4E z^FWtJ?jD#29j*%8qcF3DGu0*cI?NXiS03&=n14LnO*KMU9W>fZbqC_LrZ8^_XWGwM za0g(LYub-TFSz?*Hp))(e02imq;P@rP4oVo>gK_8tR>ae%S*#b`YeunyU5$1}AD_lF2g`v@A+b{7j#XMYjm`Wb5HcX<2YY5ZW!?l5F@8P<^ z^pu@+eChY7XTyvYF8{og{@!sGcGw)4KkD%P7mcrL5|6)kEalO2XI9-%_Ba}Cro55J zn+8)TkvqEH>+(wC^Y_CH6V8;Ei@eD&os;bSqvz^vFrN!Y^B^$)r15sa3tz!hP2qX; zb-Mo1=O2L?CY&j6Azl~_Q!33qUdkH=^Q3U5yzzKpB21ACdtN2v^%4gE8Q65=ZGs&; z4(_9dJdf^Ay7AKb=EJv#vI%Ik*^b9Nn7(&#XPPfG-hD8Kg)@z}4PN*GrskbI&vZQM zB5#N=)IZvE;~jvGFMd>%fNdBcXLD zOGTs2G+sKscfx$shC6zW(DjdwZ_~E8@1xOXIvyc-;R%?h?&8jLzER%SFn`hg3=_^Y-jjG?G)z_}o@Y89wElM)rszHP@vcB#HJCk}xiif_`h25% zxxs%1Hr?^vhP>8r;a%N%j|*eV+lajJa2eh0dGzXXVQhJs$a@Pe{63y%I==L3A7N~H zbp7iOx4EY~uh{+E*z(#VuQXi0OnV;n`y*j&d9=>86E37T&of;QD6gF`w!94F-3#~Z z1NOX@2>A-8L>70Z^CJP*gIX}{9^|eZzD{@k()-Xs*?2xhqs^4p2zj|M5d-XbG@old z%uOH=A9VA1D8`!#_xeC?P4k7`SNtoCEpH3*Zhj<`eL0Bdna;N`gxvmUC~JyF8@^22 zzZ!VqE|}qixicMK%G(6JMSx)!@}9}et;=H!ku?NOdsJ)d0BYj5t!Xixbtov z8Olnc(Pqk{<69Btz9-#zufn`8oGFiv@7plnkFw{{^KR9rLRmvJ+Dzx~4CHl$IXap< z)A>;w8EwXJ69~iy-T9k>LOF0N#&K)9U()k)3Gn5c@U=gV(v`yr2#TNg}EV| zY5$EzUfEai{hlQ}&vbtLgS@cUaGhNG|8;fyj~0?A!c1Jw-EH_f-TtHdO8phw;6DSK zF7F&($$+c!Cby>h5v`vN6o#kikMA<<*hO$nSMfYLPj&q(f&Ef_btt=I&HvZc^=})E z7pD2U+|@Va{ff`mc@OVHH*iPyeO(?+(P1!QTez!f$h#AtU-BWYlW4S|yV|^w81FAI zeYSCT3!HAe_3-%$A7gzDjW*MKIgdhvU@|}9&UF2&f{Z_4O6;)rZx!+qU~)g@&NTn1 z-wi**{TGck)A=z8d3|6`eQwXA_4|8wVm%g(Hq&@%|Gf=UeK&We`9gmOFg6$8??$7| z)IYkujDb0|hda~xOV^i&_Tu>kjW$|u)6JJ7$oq%fe(p@ytG4+1*AIlUJT%%&?X*3Q=5yIQ~3sWrt2U5{LpNe z-NKR9jrSVzuEShq^bQR_`-7$%FTMJHp)mF#8f~WjMc{?cVfGg0&UC)f_pyr?31ef> zYUNl&!r{yG^ADfj53}c1o@Y89biFTDHjK4Jqs`R6 zB`DMj=6X5qOy>u^`bhaO_81y%rvA}aHc#uzD25svFIB1JbJ%%56nQ}O!JSPC&$7RuEq0A&ubNtH%XYl4#WrD^@Y}l zUWfbUHhcf7 z&*^z`JWQKp?o8_uYv7utgt7B!+?lSYxhPaAJ&ffwwC7bppU&JK#$pP=431GO!p&t9%|e=jBP=q&2&5#;(n9|Grc``ruPf9A69k1 zIM8S_oo^%2zwcqX-_4zAy!3pv2<9!}OyffIB@#-q_@>faW; zFc+p%7w$~Y&&`lgscRU^MziJ7dg4f!Ro%HWegF48gmmkH>)L(XnZ`R6$D=sRqF&t5 zJk!m;O8ETn2g2BkXtbH~w&8_WVIJtio#}e;HZs118Qs^OcOK`*WS9~Cxig&~|3luY zhr-z11MGRU-gzI)n~!j3dY)X2y!Qu%v96DDhuyBd9?Zi2dl=^GW89gZubSZN-xwao zenz9swEs$>e-~gPpWx1P{p)~?A|o-c&}@0v(D9xy-JY`N(a$Y)8Xd-#q1p0i{a_8u z|3dIWktJa)d>MBY z;dK2=$9V5~J&a9VZqFNp3-Vf+vTL}baq04o;PX-Mgs~sdXfusBlWr{Q!dT|}+%>@e z>hiwE=jUz0e%Z{O>3pk!yvJb{eZ(C-N9pq3#OEu29EQJR%$@1}M*nQ}2F&HpxHDZ( z$0ILyXBcb$1$UH0@MH(dBY z80(2fo2h?U=-*(NJ%_k6U7zb9BjiXJtB+>OtAau;VIDrpo$3BI93i)S%S|8<9}?*2 zv!$O8JBPfFHsgFj-YYPl{J`B!u)6v306u@;kM8~@V*hP~ zJ9En3zvigB=X4mm`4{dIkgpr>F*+~LhT->xb7y*fq37`_!r(sxn=Wq#>V5^+>vx`K zy1v|pd0+25t_K&nqxDZ+9$lX|UdH+RH+QDvQ3_w*>>qA;@AP@O7;jIwYS+0n9gkKB z*#cAe26v|8OXo)n%n?RUlK5E|G~Mz244>a$D4fkN%pIlb#!DC4gD?lfxHDZ}=zQxL z5zf}3(T3fm&D)8N?}M2i#hvN>M=rj;OmsLqjYeDkzw40Bj{)dkT1+@w9M7HU`Q;8| zv@aUYrlHY>-K6c`TJ&!bOow9j{=I>(-wQLMxIK^FzfFhfR+>B0^{P4Yvde_CH_&J^ z9bfu>$~!Qn%W-F#FSNhj7A6pg54z)m&A zyQ^?#y57@y-LD!q_|L$m>t81NHyCbLb$kEl`}-L+!dYiD+D!Y8#+wPVrKUZP_Cu{& ze*H^@n|+%-kNWp7OzGP0{#AyVSjV16=hp>c@SlNAxBqB;=px*;x;&3Q>W(kvHLJ%B zPt(trc;vN&>zZiKtA&tPU_KSjbUcn>KJSHjE1Bn+uFrFkHzp;V-JHrDrkQp=)6ZKp zfGOU9JJa(s&A;@9+~7Y0n{NNn{A&WY@OExZ=La3%s7B$e3L0&u@zVUO3p4W$dtNnU zToWb`h!48{(Rxm$#^LObJMDQ-0RzLfX1Fs{5G;Vuug=h1#`^cXj`yiVv}Yq*z&aZA?`UH>TWf-tVUYjEvz z?0G2&SuTt%kDd>X!Zmw>=b6?cX#cU1?(ufPcw^!EJZbMA<$WNGt$%cUcfuVT#q;Q+ zZvWBqeWji>O46)oSi|V4VN2j z-TBCCKP8-&mKN1JXxx4<~A!rd{0+x&4z|1Rr(eEnO(1i}n?Lvh0h zdk)Xfvv^)bINdy;`~0@q?*1Kw+W|L!4!3lD*5#GQ=Xb%JDd2SDZG!QZc_EzjoXhh} z=Q-uAhuJTj>ApZeHyrX}IBPV|oi`6=y>O;HI*(4n{QZ(Uugm;!HVln6Qyv}PWiV%6 zcIP!)5YDpDYnk|p6yR%?UEOO^HTpZ4NpxN?jAa6R%x>wzK zF-yW(Ei_wRd*o%pta#0xS9obSOF*;bWh1XM%!dED^Wv9S zaF&Q>%cJr3g<124J1=5IIID(c%cJ?%17_iy?!3z|#a7z$sDG_s=Dg+3I|mcB%AQBZ zqY=!K)$Y8%VM?vB=h5+K2eb5TciuIaGHdO5bbhplS@@1S?=noWb@sfnwEtlGzU$80 z0&`S2)Afa}e=+OBS&R4Fd5dAT2xrPmL0%qArT5)=qhS^ZXUoeav&o&;6K14vw!D=v z$2Yt4GCsii5Ss1$pzGCCn6+Enc~KvRvl?i&JUSjdVdiXg=beLz`pBL~_sd2wqqn*9 z4#8X$&b0s9Ag|iT;cW1Bciv8z)54kZX#bV^B%C$b;m%tCvr#x(-dUKUpSkk}!Auv< zlt<^=7MLTSyYrHEhOzuH17_r2ciw)O^TL^q2hEpC`@&hfuiSadV73cq%ex3u_JBKY1k7CF zOnG#CKZE)EpgXV2*LeOzvmIZ`TLyFFkUKBwFy1$paXB2K&W`ofGC&Xh;b zL+fA)pK<49!i*Bmls6K2t6-{}b?1$RSty(-kLJrBn6Pv1yeycp!kO~u_^yRH_?tVg zZXVW~&}`=$JwK0y+4Z|SugZC>H=)_`XuLTvt1h_n!v4U1MziJ7^{N}p^grEsCt(U- zwC7R(QeXyMa_4;pb5c0d@u2%lAY<*Q&VlcEX$% z&Xh;*KT1`NU|p)Y^VY!R3TMl^0n@OCJ8v$`I^j%tbiSR0sa?yRHyLJ`aJIZdFy(8z z^G3qV6V8^m6DGc{J8vM&RN-uSn_&tky7Mw&MhR!iqx<;!^B+)W0S$nW^r)4KN3VGmV$}7nT;mYNfmLCc!Kf&Xh;@kApA~4cvKs zVa5w*$_rfoV2(C)=cU|^>mQo!c+mZF63nqi?!2@+aGs;t@-mS(8Ro~v?z~2KMzEe} zwmf=Xn*p=0i94@W(+JiE&6Y>k=TR_wnz{38G>>4d&}@0x$QucBtc5!-ttIv!nk|p+ z=aXUfw{qvzZXLneq1p22dOsQ_w~afmTH6TL0?n33$72M{=63G9Vt3&=0?n33*>zRf*C8EDUY77*23(&-QGGSIc z;Latx76c!E*{~|TL80BI8$CJyVVg;^(@DUY5{Pr{^3bLY*3StXn)kNS5UChS>v zUKY$);cR(pVUEmj=OsNC!8)PY<}>wg0?f*p?!1uau|9-m%cJw73(WXg?!2QgSA;W- zw+ixV&5mFl=eYA$z!HgBolt<4)Yhf;~ zbmw(^D}oI|v(4ui-zb9eh*SYfs!b}y;lt=S#GfdvQ?z}eZBUpbl+y0~X)AM0=zUR)Xv;oht zXtum~pHh11xn23+kBhp zI8z=S-*qs@zi{Ve?22IB&}_$-`ZpD3$8L9C`CPnzLv!T~hFSTgJ1=Ap_A{C*uM5nq zz3#lTFcJIgd33#M2s7|2cis+|AB8g=51P-#_G4Y|fIDv~%r@andF_$+2TbFy-Ffq2 zHV9|R>x8^BFd2v4d2?Xa3TMh2io73TI)CHNTLrUAI8$B?EX+dTOnEuT z+XK_=J9pkfn9ahO^630H2UFvFcise;CBm8V==ko3DgT2zZzRk-;cR(3VT%3a&KnFf zLpW0&jdv@|-zVL9T~0-?VQ9AVm!40T!5lm7&P)3l&)I0UJUV|T!)!R?&Wrygg4IQ{ z<cV5IrtpB08@_N9GzvRw43Ufs` z+jwhT#`jJCa_23B*)E(d?;=dGtM0tPFf)WR-AM0Vx1^(i&{pUqn6^dlpXtw#1jl6jtZv`_w%AI!-rf{@9kFHlKFkNEYd23*Dg)_|;dVanEQ!CD$Hwk8`aHc#u zz6W7K;@x?@VMYsQ%Iku>H86#Xy7Mw&MhR!iqw{waOh_?zUT>Ju!kO~u`DG2v-^JZ| zT}t5mK(oz1y528?$t~&5t5zzKwLr7wWg>3`%>L5uyxL_VSvxda9-SYfVYb}r&MQ$i zlBJ;8^62@hKg`l{?!0R-Wy;(0Xg#7m%+Lz%yj?J7gfksqIv!;bB3ZMF?!1LCn}svw z(f&IJQ@gS|Z!*j>;Y@in{|>=as_M=g4YNQvQ(h$lGgmlM9__!+VDf6X z^V-ymWc|@>^M&@`e3&D(+<8g2MY2w4wmjN@6JYk#cIVZo6Ukbk+45-rjfB}**PU0X zULU zza*qavL0#fymc`9gfr#Q^FiVCNS2o2&YK0ZMmSR*_3s2ssfO;nVKB3VGv!hLw!>V$ z-JRE|Q6w9TW;?!gzgz-y@eX%h$HtLt5SlHI&X2_~XYX|9wP+H_`l7k==E9t4>dtG} z4D$fZmPh+z&NiQGw~u659o%`FVU7rA%A?~E)e+An zcf0eJ!E6`Klt<_9MVQ+6xbr5%EECR@NBuhlQ{rBC-cXpC!kO}DK5v7$*u|aKu`AAB zG~0Zk>-}PwJ>A@SHM-;ehGxs7`7#n_M-O*i`THVSBQ#qcy+0ZZv#zH*FXn#S-_UG% zZIG7!b&Z{vD*B3Nf9$l|S!mJqX&MTaQ`!AX;FB^HCVKzMO z&Wj%r$?Brn@@PJ1!K`?~omY4y`iExAt3v&Q8S$h$Zy!vaaHjbeczzy*=ccFJdFx>I z31`Zq`%&T1cy1cw&YK0ZMmSsE37BHz+qvxTmFn^DC=XH4+>n~`w;}MU% zWiaa}xbxyB;yD7%me&J$yxO2_qy9~W+48bGufzhZPomlK=ziHBX89}bJhl+; z-_UG%)W1$JlNP!2j>B9N&U8HJepGic&W~5!dHZ1Ugfry@?jK8V|9H)vw+?2XaHc#u zzJ-@Yvd;f==dFU-C7dabuBX>vy1eerTLY6ToGGsh@@~L%e#4!&3TBsZw!CXFo!+$P zjm0Ec2~%Swcc#B{F$jgSVfMYv-EH_f)9;fR`wqTug=U+7r7+$-FsIkq`$xZTxXHVb ztT&n~Zx+mo_4Yja{nmxwi)1&W(PsKR{wMKTJ(ycIa7VvwM>k%|yANi7aHhN~aFb!i zzVFW40dqh&TiykjUpBh)>TQZ-jnQZ`|(1IW3$i?+o%nK8j@L&}g&Gm!xfxtSK68 zrabE312D}$cIQolnJ=6zZv)JN?e4r2Fux0D%ZvRal3hTf%{Jcj9eBTmMw=}!8>Y>t z?!1{Wi-a@foj|P*U|#vmo%aLGdEsn%ai8P9g+`lgyeT_z+|X#V<@JGS`h`1h3d}s= zOnEe4*2B!-<<2_}^P6y{yc5Wa-W|z)MWf9&-uk)t{t+5&rabCjZ(58_qg-EhshJpmKU=Z^8k%D+j!IVMY5J?wAu0=glYYiJMTG|g~HkLHp495@6J03 z^QUmOyqgb1vP)>R*~WYOL9BbD(PqmV0Mq_!dmjCrhdD5B2#4E__U|v8!3*!eynLAF znf|UI-G7@O!E+NDZKk{gy1&7U{)RjH7`UHHf0tro2-eYIW*+A*|2ao;xp0k6M6!re z+|@MXUBeDrdK$;=EO%86ZY2JGMf^FukILgN|L>Scb@yQ$t$xQk{{`;o?~v%m(Fk?t z!yLTGUH;$glk%FtZN7wciz{}w9`3|de4qU~clm#3Ps$q!H}eMG=M|>E)WMjkZZ_OG zm`-7KcLn<;Ej)_Vjp8oqfC{4YvAROOZn2Z+OnfA+2?3eN_qu9*W+?nPJxvVx(Y+pOOyMnq) z?}}mz?&i)kUiv%fCp$&4@m=k173%Kl7R5%~XRk}=N1L8eY*jDrOvjhp^4?J_s;}K; zp>D{7Q7pS3ccytyu2TOfHerC>(cf8a@^BPuKZrZi@u0tdp7dxG>pz4$(|JTLerObH zG0g7Tpl%*a+6eCQ|9-7BueRZM40%>N3j(X zxijrQS{LX)DT-}wHW#k;WSk#U>~1Pt-KkM*!!*02c~xaP=JO2h^8XH?v|pOQ z{qbBBOPa-<>3q9_x;tUE&Ed{;+-ST5Ux;Gc=i2+%1P>UAFGjJU3%R?;a6CrCEqFDG zm3V`@mIikM3l%%x#PL|m9sRvi-Su<^#vAo+6r1-Rcc$Y;f7iFmhA1{^6L+TbjojGH zQEbhJc6SZ^Td_5YE&G(ariT7aMgQvV#PQw5ooPQuU_NK zfIHK9ITv*&9gJe74%^)}xEnBAkJ{Zb^l#a>QLN1g?kXC_+X8uWeu!d+e&Wt_zHP+3 zT5&RpWu4~EG*3suU4|KahC9>wM(f$fU`n0kj-Fz4^CbfP8wNA#oV{*YxcJ|2efiz) z=z6ssChAY_Y=4)m)J1O4wZN93`TN*g@Ja=^Z-u4xKixP|Fy7cpQLO1@o@pBIPPkWK z9=yVx>G>rG<2VI#AN|2cY^LkW3GA1ru1B%^8664p^B;Y`yJ?|l)~hggrvBAN-uo~= zg>Yw@FZ(e6-V2Rp&qQ%o6SZ~wB@=lSVxrkoaom}%2kmkGHn<6S#kn)xKj`|>x@0sv zP}-hHZg!byR<4}g(Y*Q==C2CendUvY=MtjXo0aSif3lw4Svi`8*W&JO!+x0*k7HUV zn!R=hcOMuW-KT$V5zQ*M=FYVLR^a&l05h#EccytY04};+G#h>wcl1$r+yZ$p(>mDm zYEWLsXqJ38ccyu@jP@T){m$H(u9N4GSMuIyR-`L;rsI)~LNCKy@6BB=!#GAG@72E1 z?AC1V=%a4DbiJAe^JzcsOygJxSD}A2``{saUMGyV=74DS~(YDcEh~%7aH{ESf!>WA9%NxayBbvvE&wXS!cz(0E5ivp%Ej zZUtQQQ_<|*G2EH%`#Uj?)nlXCN&e>fg48inbB;@3*6N+%)i=jyyzT z*++}GGwqj?=wH*t(X8rg+?n<>o#z#nMzhcVXV0VW@3&nR%^rQ7JJb0=^XhY$k}J3~ z?LT__{~D(2yWBl&7;hr#4tYPCy}FS*`lvg9$;EDpW_N71yV{rsZ^0b?kUP^nIEcJc zTcg>gZQPmm^ITl-Z~r)&?fslP)AKX^GvcRrMYDbfxa)2hM;o}^hoadn-*ea1;OKhV z@5g8sd5SyJer`j@1LmeP+?mebGuSViU|u`NooT)l!+v??w`lfu9(Vccn9_Mf$Kw)A z)${D?>02d+f3Ay@5nS0L{_m|oZId2~Pe;6^li zgT>%T;M!m~9^>JP7m8so7Ph-C7;ljxF|2zicc$wVt)Kn|6C2K*>3qvY-a|0SQQVp4 z!4~9QfLR^GooPN##eS(58^hj@=dPk*yk+tHSEy(VD_6qq=z8!_N#vEb_isMxK3)dn zEpN{|631Bg3Nfr+UG5ec`WJ)#-IEf-dS!5DnlJRc`$2;k_VexBna+=MaI+i5urYUX zXL>HC=fu04#IQ%2+4C}JzBG?v9a?Z_I=*x~-hipshC9=FISF-Zw#D(ii#yXi7>&A* zw8wZmaA%s&^jy-lV+^~e6L@dmfEpNkh0Z9pAY)zB6DFhI41SAI(Dl>gL3-ts}X+%}{p<>JAze z!(v8rXF9$$uwO>OEFH^T{_&Nr241UgtJJb6QI&N#1#js+_ zxicNNWvDwCrszt0-G!)|@Ky}lvYI>7`Fjp|8`j`>tmDo!|8g)78m*6EYd3Odng^qi z*L!meJNhAaruBnH=-;)iF)ZU_?o7vno+mfMEZ)JLY5$$a{+sk^49of4o|lQd%P^gH zac4R&$z6l#@ul5e!*~ntiD5Us;;yP;zO+Z)&;vLgUvp;~M7f{Q{4jT>c|hk| z#*r9y{II4UX!w#O{uCieqw4alHjA4~d+UpKQ-C1OQ z=FYUA>HfA7X5LxuOxIm<1AdKRUGnU1CtS7PV_4n=d)*yy^Z$rpnV0PD3dS3D8OQf8 zyK92H6<1=|nZLO+-3Qy?{;~WY^sf-jc)XW0?B^`xWfX~J^Fz5a<A7ht++di??{jB5KMtaQ*&Ab7#s}P)p6}`U z+-eK*KH|>wygLc=s?^7^Y~iQenVu7ip>Evgv8>V;+?md!6>ukDrsi^Ix{jYj{|0}F z=Yy~8{Y!z%*&oYRe9fKddY^^om*aUVb9x${c`l*ST?5!7J#ss z_DdJ!?F@-yWh1#W9p8<3A3rlHjfJc$;u%I)AUg&1f3OCbhJ? z^XT95RyZDQxig)Y^n5?MT^u{so;%b2Be$Rf#(THjZNt3U*eQ;U?8aTP;rP<~+7UhC z*#4gOJbG@Qb$=W?)64FT!7c9{$0qdQ&UD{O!THgpZycN2pF7ieNv_g>IM!_tca;s} zp!JgVkH)c5L%1`|(*bakVe*FB-CT?#^RYN~emHlg;}HV4CMS-q8^N7vo|c7c^90V1 zC%H4t`_XW5qi}wVw$~kmakLo|$JUSK&NN>7K3%18m@nh){iD2DPsg!q6Wn` z5yqBB^FC}|92@)+&&z)vlJbfoWT!B;yeh~$3U_0^JFmyf+}QGJBX1zwyan8vzMoec z9X|#Wv5dPu2-VG(7I=TY|BX0SVl8)F|8paT49e*{=)bNo>}EFL-QfPQGV%C545}OG z;V=v~$iq?HM?D>@g2V%NtK9E4b`N8{b>;b z-7ZhJ+tcNGIGTT7dN>;IUQf5r!{Kq4eWf_{dO&r*R-FENaLB{acn^EJZ#><%I@fpj zaFoj5=sqKF<5}XidiB%Nlj~>XzeM}xJ1MV8yl_bkg4_=#my#IdPMKV4{UG;?$)zO) zx!+7Ko!))%jmB}ocFg2sOFn;NuZ#a;d?`Bi7{7f{(||CYK(3Jc^rKM)2_{ZE_8Qk4HI!OHB+u9u-Zl ze(>?AYH~@z$D^jnB?ljmIwqGAd_3x#Tw3t)NHw|i;N#K2s^I)@@r_`nKZdDzxn;tx0 z4!|AO)y)W=FF&YxO5GBudrEb@ZiC=?^$*;?n!4$U!SgEeJ@vXKA7A>tGqI`*)J?A+ zJg;tpt0!#1`JA2jIM54@Vt6n%~R^qk$6FMylzJDym}4pbzR*C!Sm{EHBYHq8g<`QU7&78V(`4m zh1;j8n^8Y_UL95Ql)7~O9#_0&9Nyrob#S#`W_TJXHO3+`@R-Spsjb)TB2)V #R4sZ4f-K2Ez^0 z)NPO$Jg-Kpc}m@4s5@SDfw~Rq2hXdyaPxI_lY-~fQZ-Loce(0#-Q?hTwHa=!u5L>3 zyxOVeDRt>OnX5WpH#K-(orTNO)lCbYS69?Lr7o>^UQ=BY`8rPLdHDOv`N8{_9z6dN z;Hn5)aNak_2%dj+)jXwt@u-`mI;xwIm>4|&n!&YF>t-a@51xOW)I6nbQPl0CI$k#^ zc>eW=8>p+B96bMW)I6o`EvP$Eb-Zp$@cerg?s;9^)ZqE|vYMx@yGV7sZd&mCTMM^d zS2sO){%uwBl)7|$x2ulV%?O@X`{54h>NW_TS0~gwr7j)cld22UtzSQQUR{R!TT{1w zQt-SA*{GZ!N?p3HMW~L~O%9${W#JNpEpQ%X)K3YXSGCkUr7k@W)m0s@n;JZ??t;5p zS2rzqUfrkWDRt@R4SK1L*G&(eSCinT>gr|$&#O6Vo>G^-|2a=}yl#WwdG!(8Cz`rR ziNW*gOEpiaTNZV{QeB{KQd01|`VH=au5NPhy!uDYQ|i+3{a1CoZi+OoHep_&(N=I? zC8bL9N|*q|2U@p~?+bMP)>R#^n-)B;8pAcy)lCncSMAk2rEV3}?W8(hHzRmn<-m>9 z)oljJd9@sFrKWCj{or}EUd>bL(!AQJI$k$9cwQZZJEE(b z5UiDM;Cb~gT#?P{yh=_Bo>#HLAUd$=<`w-s*v+crb<>0ARc*LL zUEPe}dDT$OQ^rg4sG^t8_QM4>q_gppTK>tt1GSVex>Fqbt|Fn*Q(=nrFG!H;QrComDYhnKXBiF z>G(#fj@Omei|fGE7q;MaGDTW1zFo~z#!L78J5?8`n<}j<-wW4WQ#VywSMHz zOY~D6uPd!TKL+=>uCBEHJWkD1>e7*zs5)L(TBn{3_oA+@v`+o1ny1vI@%~SBysosK z{WjdYy1LSO_J?YoQkTa2vFdnTY2AA-+yPD9G-=)YJ2g+KOY62js4h@9O7 z<|%bcVYoe1$LmV#@ZVKU@+;Lmr7qp~ z*Qk!ymDc4yhuf{IE3M0at>!6pX}sU4j@Ome<^P2HOIKG~moN08GEbGdB~Uk1b-b>$ zE`KXr1z`)$=X7aZzNVU|ty@QRysoq^-yE*Brf!C`E`N`jr_`nAtFEdG)WsW2yvjHF zKIc%l99>;$U4E>Zr_>G1XVvk#(z^UYxFx!}(z^UgHBVc2jp}$^X=mk-&BpTk3=t>C=Mkk;jk3KM|%pnHC%{aiwIfw~Q(b@@cN6iwX* z(z<+OHBT9D0_rwX9j_~`%lC!rud6Gq%MVral)CgjG)Hy3uCy*c32v&cuCy*cN6pjL zou@ipS6Y`}4!2TQS6Y`}ujVOrOJckmRmbZ}>+*Zy4ybh-BueY@->G>@U0R>~L3LCY z%lyIb2QR{1(bbjKUdpg zT|NV@k*=<^F5gPcQ|i*s6Sq?xuPd#$-wW4WS65nZ@1y1^bp!7gR2QgQUs`W}4DNAF z-TKmc`#3dETX&-BcwK3|{du?-bakcm_C;!*QkQ;S>NVBzy3%_4n{cajb*1(8_tiY5 zF8#ZP4^+qNO6%>r;P&Y1O6%=M)I6mwT{n)Yj@Ome+y8|7OIKG~Z!fgXeg4uqL#XNk zb(5s^_DXQoge`dfCQ0kFP@B?eD31N?p2cY*HPsE3LPG3ipMkZnCuA zen8Dr>eBW3u<8PJlcn|clW=Erb*1(8Kh!*>F0JQWRvoV^t+z*g9LM6&Xe&6Mlcn|c zQo;lvKIoq7sBT%+@w(D_dm>zluCBD+-dN33#!KHPZl*e3S6XlH0C$hBuC(5MznZ75 z`+({KbyKAE_JMGNHFZ;@_4bi!o>G^t&!bhx>q_hG&%!;gt1GRyzpUnI>n>6quPd#$ zuYy~vt1GRyZ&ve^y7Yd3tLk`NX}$e0+_$>A(t7(THBVdj7uE5)(t3O0?Qtv&jkbd4 zQL41w9xqG);)Cuyx*4A@rn*4gRB64vDqKxnU1_~NS*`AD z?cLNor7pcc>Zv+jS6Xi$2sc<)S6Xi$spctli=ysm)$zL0dizYcIl8*idiz2(PpM1S z$t9`_)J>Dt+t+O5t4(RGi>+RpEc}iUx?+>cub*1(8OK?|pb*1(8 zB0Kn;M|5D*&1bq^g{v-5H$z%)FAY~t*n;O#hP2*ZUCmR*TN!n4Qys4>t+#iC>#VCQ zt+!{Yc}iV6zFDf{b*1(8v2YV~b*1(88ET$VmyYi&)$zL0diyfC6}r08diy#xPpM1m zNE=kg>q_hGU%-8-soOwWZ$GT&DRpV)eXF`a-3HQn`!8_6>FP@B?SH9xN?p1>|D!ry zS6Xk6|1^#jL!+(Wd~P7Ex0e?t0P#V09??2OCDrk|(t3LXxI1)prSUdpg zy?q_r23=igy?vXSr_`l+wL^8huC(6%4cvFSy3%_4&uX4hm#)vhs*cx{*4wYc75Yq` z&)Cn>dV91mhz@MJ`Apv*yh(MuuC(4>6|SbHZhdLJJz33D#!K@#U3G!F^`-Upj&PlI zb*1(8Of^rbOV{Tt)$zL0dV3DsNL^iNy?uh3r_`l+HCc7MuC(6%3f!x@y3%_4n`)j? zm(HWrs^fK~_4aLWJ9KrW_4Yk#o>G^_yI*yIx=GS{`_FK{YU(CQ>+P4+Jf$wp=c}sY zb*1(8n?8?Yx1iDX|M!LT#3X6Gy__%sh!3XosG{n4U1_~N9qx8rU1`0&rJARVm)>`` zRUNM@t+)4t>#eIRt+x+Q^OU-@p9iUq*Ok`WC%{eC)s@!UXQ_EgU0Q#htGYnlWNE#9 z4ct0S-DGLKeT$l>)TN(O-KIKTS6XjB26sYNS6XjBtL7$-u^e-4P9Mn zy**+lpYwUdpgz5P|V|LN*V>+P%6 zJf&{n{jchHU1`02FWdoLU1`1jJ2g+KOXu$os^fK~_4a?@{?*l$*4rb$aL;G@Ik#BV z1?r|s>+MzHY6@F$KBr3S?a6AMGG1E0N>?4PE3LP8hU=!QE3LO@sd?JE*{b7prSPqYF;k*3ibF}JsU1`0&GF)|G3(n^>X}!I^nx~AH zzTcgyI$l>=Z|@A(O;=Z1Z_iTml)7}i%2pk(E3LOrfSatVE3LQBQuCC$bpFm&U7&8d zwBG(U+`F2(>C$@phiaa-?#HU*b*1(8V{j*Qb*1(8vud7Fm(HU+)$zL0dV7)GaV#8- zwu192U0QFyS(pIC2i@}qT{nuWj@Ome+i!!br>iTiw>MDpl=0H{kM2+%uPd#$cYwP` zQ#V6eZ@*v7)7E`Jb%DAW(t7(4xZ%3G(t7(CHBYHa&sR^Yj@Ome+h@Yf(bbjK+ZU>N z+PX_r$LmV#?W^J5(bbjK+dokAv~@pH9j_~`x97s`)76#M+mEVw+PcS8*F^qzhV=Wi ze$_ZyU&9af;Z?rT&ny21cR|>K=UW45UH%_6Pw5}c`+rpz*e?yFb@`ie@je-iwxGJw zx_mid0uUc`=Q&+pDyojxmDc6c;2P@cO6&41)I4Rp^!}}l>UdpgT|OIbfUd5zE&9Yo>%X{y{D@yt;>I; z<|%b)eeDy~@w(Ew{9(9nb#=moE)hPS^tHQT;?|UB0@SrycKYsteSuFRjZrglnv+TVGn2Z=>dE>$X=NuPd#~ z-w*eIuCBB$|FD{;)TMRIM^(q`O6&6D;U?+oO6&47)jXvxty9lY9j_~`%fAV?T31(E zmw#W)Q|i)n;{(<4y3)G*0l34Ox=GTy{10lLQkR~0PpK|YH%VHTXM5sU2pVk#=W~*@ zE*~dM0OEu0zChzGsybd*T9>Z{S65e8T9?mI^OW(@{iu=ZcwK2-{vNoly1LT3`~zy9 zQkTa2pz3&CX^7}m;YAHQ|i)s)Ay?5b)|Lrt8mwKb)|Lr@V)N)0==J!RvoV^t;<)0 zt14{4^C($bm#?ShDdVO6oUA%tS6Y{E57$XoS6Y|vspctlE23_1)dlLNNbBJgBT9uR31?whLPb)|Lrop8Cjy3)G*AvI5_OV^E~steRjlh)<`f%{ie zH%(fXkNnDgeWv3Zt2$m+T9+>immqAx>vNj4E?-N{Q^rfz=enxnb)|Lr)^K;}>PqYK zUDZ6LEy=+t;ZVKU@;l*jb#Mm3hzW zO6&5a;K~YHa6YF?>+;pqJf$w(7iy`F*Ok`g8^blz)s@!e+pBp>T^esE)dlKiNbBeBn}eX8SirFHqA;C|NCmDc4isCi1=1k}BxI$l>=moI)Gj+I8Et>AoaAg#++ z7A64kLHC?P^QyY)0(Bcm>++4@n&|3E>+eBCx8m&5BS6Y`}0=G<8S6Y`}qvk1f6Hs@Z>UdpgU4B2@AzfW*UH*icr_`;1x+hgf zb@5|q!Rw+i2l4Mo&}b_#udu9=8u%Q2p!L`?!ueBsa z+5fTk?%`2YSO55M4~j|@D=OBgsAvTVHzT6WWM-0#Ofuulgb<}2Lo$$P$i!sArDDa3 z6+FFbC`}wSW&Y3gkoXpwp^ZuUa z_YdIK|iDZ+{-Rm%R8o{Ozy1 z>3Q;f(~VPn9sc%DfE)A&w>(dA_}dROFes9IyyTgF!b99R#n<6)KLxmn9(<=d{OxDB z>AA{FzGt~{!gs2}-`)gVix*#qzrD>(&&8L1m4$Ac;_L9YF9mM77hi|J{i|+zF22;0 zUvuLWUx&Ya9dPTt_&WUUKXTJ^@#VO1uN$ZMI{fXw1nwy>z7Bu;4mUj)U-}7mx^cpH zn#14zK5!p;@SW!Hw}0xU=i7w^suf_TuaCw>P@!x%jfYNjFaMb@|p;cx#LaF2NKo$m0r|H@6z#h3E@j2ox;I{fW# z0r##KUx&Z_pKf|CzO-XMcH-DdhZ`q+XE^-r zmjZXW7hi|J{Teqt7hl?S*ST?uufyMd7jXA^@pbsyf99s=;!C-D#EnyY9sc&0fcujd zUx&Z_O*cIkU+T$s+&IP8;cp-O67C1Vmmj-4&v5wLM;jOc;vX-0=6qp{8z+3vaQNG& z0(XW7-!mNk_Mn@dtGvg7Z^VsLd>#Jw1;Ab8#n<6)&%5cl_|gx&)QwYo9sc$kfVH%{?&_}hO8+*4kB9sc$mZh9`h>_j9yF6Dp{Oyz7^jv(YC#Sh_im$`p9s;h;i?74qex942 zi!b+2Ho0+%ufyM-1+LSJufyNo=cec4%kg)K8>jd>{OxOiTkFNw;cvgyP0z)b_Qnt0 zIN^Jy!{7ceaF2TMJ=5WDf7(sY#h3c|SvOAcb@7nPK2+=%UGApm;!C+&;l`0KrqeSJt3LFz-U!@xz4$u(?YFt&y#P~jZ=Ib{`Sj(yV8rV!{2_Lo1Tj=?VKCjIK|iD zZ~qZ+_j>Vl_}e$T>ACn)Uu|*Y6kmtG{RQA&_TW3k;ctJ#P0z)b<$c?Y6TVX%{`SFt zg8hsyKX!SZ;_$bRHZTIjKVI_8@{V!is-5RLXdj&JfumlV;_%CV9=MQ!Ey|z6FW=y% z=c*U#m-E~>RWA;|`~u)E^5X08%jeznJozql;}l+s9J@22PC%W?WcH%{?& z_~j3M1$GI({MhAcs>3f|VPFJ^f4t_=XU;1|yK%yIy2CGj8gP?6_)d5D+s93aMN?~r9Wb&8>jd>{PMQ~_d_qf4!`{U zZh9`h9Dg^taf+|QFaHE^+r0QX{PMqZ)AQu}2RBam&T#nU{{q}!J^0RW_~k!v({u5q zp8Uv-Q+yqM`9pT&JSV>V*vEw#4!`^{21bDR$EzRF4m-|`Q+yqM`I*3-wxIg}`0x#n<7N?|0L4@jU>1m$`9@ufs2YC2&`J@WshqP*ESwYj1GV z^W=M@8z+3RbIBwp`;l%2?lv#J4!`_8ZhD@4A8_LoUx#1*Vc;J1;_L9sKkcUH$@f_| zPVsg4_vH{)$LPVsg4<=+SHLodD#zx=0edM>_Pk00`y>XT+; zqQ42>Du-Ww3~*x&tiAtMIsEd+yXm?3Qg58(##KA#Gt}c}d*SBy^_ltQU*^a8SuuLF zi|klu4% z<>+m1&9@df(cXAL14ldTA6_^|c>}`>w9WrXIYP28&=Q}iTtdaXPaLnH$8aU?faSa^lJ*R=={;=mYaO}VD zXy8ciKN>jFEC08@ys#X{Y2a8dCu`tHZ>k24^v=}4kzPatM|!h0aHQ9)fg`;yXy8b% zQv*kOISm}?U8;d2y(=_ul!NOuaFna>Yv4%lK@A+~J+6Ucd0*1NvAnNp;7IQs4IJsc zuYn`IPc(3(H{@fz{&t84j`R-Kz%hTvY2ZljWDOkYP1V4W-kBOW>hXvMjy2byfn)wI z(7-W&tr|GeTcm*_y*>>b>0PdYBfYCMaHMyG29ET;qk$v6+ca>bcc%u9^nRj&BfW<; zaHRJu4IJq`tAQiEmo#vs_o@bt^8Ahlj`I8u4IJ|~=s*5?gZUewfg`=cG;pMMqy~=k zPSn7W-sd!Mq<4k}j`Ysfz>!{514nvs4IJrRpn)U3Rt+5GWswGs640-KWB#txz%hT< zXy7=W->8A(cz(MEj`@371IPS5rhy~9XEku7_j?T->Ak9fBfU2?aBScAHE?X-e{0~F zzY+WN^ua+IIMO>(1IO|ntAQiE&uQRDuTld?dS`3kNH3&;BfYo=j`W%|aHQ9&fg`TMy z_oN1n^nR;>BfS?iaHRLT29EUJ*1(b8hZ;E2`;P{W`gz2E{q+lRM`+-v$4}P4v0t98 zfn&}h8aUQVN(0AwY0(fH8aUFsUIRyZH)-HV?-mUl z>D{A&BfSSTaHRLB29ETe)WDJ6Z#8g~(-$;wl+#x=aOC@*29D+UhX#)HKGndH-mp*o z`#I^AYv4%l2n`(RouGjuy;C%BY>(+0IF|Hm4IJ|~TLZ`Zou`2#y)S6sNUu!;$MWVh za4hc<4IJrRrGX>8>ojmI?@bywmiHD79O>Pofg`;KHE^W&s0NPop47mR-fuN(hD8aTG^hZ;Dx?^14nw( zHE^UC)WDHmod%BWk(hN8aUFsS_4OVH)`NW@B11!w#Qu> zIJUL<2`V_Hhjy?c$d-aHRLP29EST)xfbFhYZr|mxpWMNbfie9P9aH4IJfQ zss@g7aFzy+`HO1cn7_CNj`S|jz>!|729E8vNCQVXxJ(1b{C!IU$NYU)14nwdYv4%l zE)5*%J*0sny+<@~r1!K2j`W_>z>(g|8aUE>O#{dM^6zQjc)$Fo8aU?fh{1aO_ZSTv z>7Am1V|h>4z>(fr8aUDmYT!t(K?BGBkNKh z--#Ny#DVa819!#2DvuWpupg83ZXf4g4xX=lKm$j8^^69N`(FQ~fn)yO*Tj9Ii5q#0 ze|gFGa82BCnz)IYxHC0z5e*#m(0Lj-mUp2hu1^zpxhC%G8aUc(-_gKPu5Q=BvAjRi z#678r`>iJKPZ~J3+uIsAmg7?m9P97E&+5tjk(#&@HF1@ixU)5JQB7QvCazTj$NF2O zfn$4Is)@T=6Zb7m+|8P}yEJhRY2qHʠpds!3rrUs7v=pPz5w(rPe_4>yVnz$1* zai?qGSdOzaaFoCEG;v?h#C2-o`ZaK@=PNXDEXVblxSKR_cWB}s)WkiiiF-y9_ksqF za`3taj`jC%P28{wJ-IK}z%hTvXyBN?shYUYYvN{W;+i#aZJM~8Chk&A+|`=6Z)xIg z*2LYViF-&B_qZnRIZfQlnz%PLasSZ3iC;wn$NA9_$NBdo;wm+9vo P2A<0xbJG> z9@NA=tBHG46F2C1y?Q=c1IKytbl|Rkn$NPPT z&2sbQy+T!vdo+&%?z0AVpmU!Co||=?`wZZr>Ip8sIQQv1m&ymN9UrgrwLGXk;T&f< z+~-K?SD8?ANT3Q|eynr2#m8&q-1{70&NpyId0ppMNv|E4yav5*0`qMrJrBO?f!W~1 zIqHvm?*--;#W>fwS+>VEV7B|mRitXFa>mF*ARS8n`vUebI&U zZnwX?aBjXl7d<%apTEs$(9Z(*hls+SfplKwWjXfM`O_nARJ|Td~WXCOL4k5WWhSCwy?E_aZQ(qpHjU(W?e-JTUD( zIPzTz%qAZk>1_k1?A+3PnZI$sq8ovAt#FzA9z^u@~tpR46503S+3z&+A(tL@V2Fy|o+_k{$ z@WHVhdw?0+Seh@}_cUNSd~nskEeB?c503P905dA?&$j}Yc^bGLVD9$8v3<7!^N|K_ zRN|087+-z{k^|D43(RUC9NTRJFmL(bSTFm4sXEV}Zw#1~J~;AS3(PJb9Lup6mm>oq zDh=E^V0LQY-U6ngsWe}fV;V3^eQ+$twZLrG!0iU6VoqtklgSsDb`9K8U^e>TD9>Af z`A7pds`-#WJ-+-5)ZeNRHxHO~8o2v`+3SO&{u??M{S9A!2I5OOhyk-w1Gg5K9X_~f z(Axvd_!fV@RlxN4;8@Qqf!XSVV>xyLGwS@(d`YhYn0Y=p((3_cqYthcxGli!)4+|s z0OLNs{0!6{l+$)#*7)Gqz8itr<%456_5w3uUTMDUm$QIb;e)FNZVfOyeQ>Pjw}2V{ z1%JL(z%19mtp;YN4^H?3GyaPje1Tc+gJXGD1G7T|w+EQv&jd? z{A~lK?84G~DF@?#N&DbPuLGEkJ~-C%7GOT|!I9pm)0=6qrpuIF@4@FlE`&eCfX$2TZ*Wj`cSWm^B)>jlk^o!Lb}405f?( z>HJj#7Y1gf25v1dFZ$ppFYf|Vv9L5>=5HD>JsP-`z-;xwu^c;r8PidkFY9>%Fc)gz z^1$5fgCpOq#B`SC%X%3DOuY|IG%;byw^A`qYsSl3rb}ca5 zd~htsE?~x7T$(TGO#r6d2UiW;QeZaw;Alr|2WFoSj`u(+~t2J;N zfO*je$Naqu%(z9R`7(c#f$8wUk=}A(?)Je|1Gkl!?$UfYFB=2Qg&Md#Fk5|a%->F6 zhUQB1Wj&7tCgy`;tB{zcgRga~hac zKDcV&)&aB22gma61?IHHrTH>{)xfOu!Lht+f!XbYV?X);nA4V&=1aX%4NQ*)ZY40A zG;rI1`A7pdYANIoUw#G}7nr{UFe`j;tmier?C`-=1Gfj5@ykl{CA}(O@*22Rz&xRW zdl8s1U-IWW0ho3T+)`jRY2da2GxXBZd|5AJftjm;>jLI(9~|p%D=_GMxe%CjKDcV& z?gwVC4~~3?UXAv^m!E;!gSZ4Rt9)>*zjeUu@WGMZ9$?0;D$SSU!en6bJ~+}_1+$>=7J~-CPDqyzw;8>0wz>K=C zG+*K>fSKomWBz)8*{Ffr0?Y>*xUz3x-h(ec1GNYFrh&QE2gh=(2WFQKj{1HtFcsIA z=1bf(VA_3fC(Wh0A`a0ZW}QBd~lSj(cgt19bbM1Y7gdb9x$tYaHO{Zm|Z?N(%TEn z`0x4itpcXY2S>gufZ6PWBj4@B+*Fz`>5Ty<=7Zxr^g>{+)xfO>X1fM%H!!2tmChge zRsa+8!Lff_2+V399O-QUW`_oD4=|&@Upjx}J06&{2Cf5`wLUoJ?`~jT^udwuyTFY5 zfq(uc19PDdj`ETRW}^mf3ov^%a6@m#yc=JBO7*uGFe`j;Ebkg%p76o394`VhYP~<- z3SiP2xDH^}`QVtp`+?c*gJb?a0A|81{`s2)Opgza^0E?``!#S+0JB#EH}qEc*YM?M zpmt+b<%``}oA zyMY;XZ)v`yR{>1I2giDD2WFiQj^(%?m_0r?^8E;y3HSNuZx%3JJ~)*uK?MA+7U{?9yD5vXy z+3AC$9J~e0*sZ1cQa_&tOotDSe3t{W$p=Sz+khGRm_OgKz@&X})u7h_%tj5|7GU;i z;70!va*8iM1GPsr;@W}P;DckmYzAhp25#u%(D(TAGZ0_OK?0bS8o0H6? z{(L6@GtURd^7a6;Q3JOHm=An#EN|J9s26f!XDQV?FN$X2P#Z=dT*LS->p!!I9o-V7B?-*nf8cGj>~PzAVRS zz+C8qBi}qQcl+Q-Z!0h#XyD48hP>d*Pf2+JW~ByhEil`Ca4g4eV8;HsG+)uDz;yWF zSl;Ep-0y=Uy(fryrZnGb;Kl%x_Q8=}2QVAFacM-$XTw!P0-Ftt8CD&@JuGb<7x&Fz z?$u}864+tq9cKPie-A*Psi-(T9H|X9#nQ28&CKKb`#akwb#=}^e!$>G+1`cOnUh*t z(jEP0PvUh$6{p+6de5FDR|{2~UK@AtvcVnePyd-mdN z@65?dCr_VTIT;@ZzhL{~)}GF(Q#`Vg>gZa6IFFd-z9|{cBw*Fond|mQlIzNPrs(U) zc6E8i^z?Z%uWR?tZc|^j*OSmdtP{BM^}$`&Jyh%9<=-$+AbFV zKW8?T&G#2dHx$zQKE4Uuxl|n(R8CYKN;Y6gNbO8hbla=n@6 z&hEL1Nr(*049qI$ZCoP)hXsxg{AxMg@izW8bhh>8`f>~M6%&%DRK$Door^lZ)Y-kT zB9vRy)7h2n4ICO6U!KVxp~JVkn~a>- z6lqKgKi!Pd# z2ZaAqpmc-*7$SgVw%de^Ga`mcM7XoBC)d|W`4Iv~8?nPAHrUmbYZKv;$fJzN;Sw3? zZjUcuh9%DAH$vi4`QB{nB8f2hl}QA9KyS8>T2*2xE-c4L#n0>w>DGl39gy-|hw@Yy zzykyrZLi7YJHnm4*|vPHcbQ-*Q6zPs7b2PM%eVIC1;}P3aFhb(61|58dPsH= z;2;4cvx{>1EHrCA*Ou!tvL*TY9P)K2i2YfHN3>fu-P_-n53q3`3tCGNKRS?V%k^Yq z?4}{;ggoLXU)}h!z|Tt_lX3J%bb?g0u`U*|MEtV`U{JsW6iX^Id?}a=!WBZb=}b71 zj)c;ZHHHpWp^2pQU4!qvxX|!mB>S=e=A<*xDc0{H0sfw5{T{~O$tsjV;mi2DCY4S~ zoshyvhM>14Xc6EYG=)2Wp^;=Vo`mXEL8BNnCzy-|p#{vqgBaM6C=1nrRNIQc3P~)wGaUFF!oLENg97KqYclbga{(BqFvS25E(vZ3&dt;W8^g`faJoJ)(MU72WSVd)l*pumb%DtSd_+n3oM0>(&eX<& zbt#dUt55>CLRwOZNXV!J>JA1EGJ|WQu}EZYT7;VsgUyJBXhS63l89I_L(CW^X$&?* zr1qF*s2PJER)?CVW@Gp;D?AvQ9jsG{PDSJ@$$_nEqjArgoo--@YSxKOrBSQFSiCWk znG=sSAzx=2$%-o1nXERR3`HQS9H&B|NGg>H#$tFcPvx%6UeW$Z&u37tQjb%wX6$&Q&0_I*q6X3>gBAgUO@aoXCK(TgL%|db z71D~~dm?Df2NbuJD&FBJv<52@hEQXec1?6nMCyI1ux!Y-ceaLd-Q5@hVH)JK#{aYJ zLUTGOO$E)bOZTDbj0Iazp4w<#CKU=c#-b2SD5XdeLjeYbbR-!IhNO6so-;u9%U)p? zT@Z&|N;ds{O+C_Zj2IlSN6<`^w3CqbG^D*=dQ>RhP#3GoMCOJf2`NuF-WX43>d`@9 zI@Jc#kd#0X&u=0fUZoDzH$@vz@u}JActUtGVvrdTZD@!jQ>>Ktf#&?3a(kns4bDkr zYMWxPK$DS3VSkxs z@g|Hw9N`&;%ph!bq@^Yvgo4M1wCGc!62D1OHHPE13^4o$5+0mm4`;fQ@ueKxg80FK zhU}uq(tNhNJ=+d50_GdcZmWL?pPPZ_ps+!5l1OD5g2~wtDBE~46R)k6CJxTQY#OtG zSTx-NBSL`(2LNXMWH4wWQ42aajNyiifyVf8ya63bC~A>I40Wubm!ceFSl{GbCYV^f zDJ%#`S}0N>a+txO5te-m2ISgEGSV1|NSiZ$xIJDp z0YgWqP|jeWj8#uTRW&KvY_mnSvXvPbh(j__2sSl|j8wtlcnISF!p;01P#m6-fsHza zi4Jr`)+U2>k{bNT_fC9iTHggMb_z7aSaqae)gfmOj2%=ID>Y^&99$HIjw&2zlQZFv zqF5{Yv^W_(v^Y8)mR4iTu%ehmlsROcsgo!N_X300>SRD^NWcz_NKqI(NP?SS@nGKA zlx~bfI77pS=_~N%nDWeM{3j4hq*>ncnqXkmMlnb=Vzd?9Jj7Dei5u?5p8ZC7NZ z_Y#>{q!uHKq6_z()cGc%TLYz!xnO&?7sCXz&)`7;2G{4{?LsIs!O+1H8tTgRA&{cX zz#$TdN#ml-}l>fyquA&i+pZ7r3+oCp!* z&U#*eFYR2^SfG7qOUule%F!`%rs>z1IkUMTlWc;elZ5F6^NR-GLn!2kKtt`E&h~6B zN)Jd^Yg;zc(77~=3AynzPXF6NncgnW8vNK#Id}az2$Y)y(!H(SeYO4FZJEl+nO^u+ z*ya8P^9+V@2WHOg(EXU!niEq|#*Bu6EYZRFeYq|;jY2*BE)48m!EmD5yGX3AP*-bT zUqkCs={%1hBcsfWAoZfw-p*_v)OsXE{;VU@kFyofp(Zrexv(P-CsqbNh>I2OkHAhq z&L0PEn2D3JEy(sZw8FEsG*gqFGI`46Oy!io3?QGfQw(+V<`%W4`seqxF6!wb>3Yn= zzm)6F!>P0^6QW-NVl>T2hY?X#zdPNWET-9QMX9QdR8S}yse)ad3%j%JigKc>wHyAp zfYb%&_|zrLxg`MZ9GIDvG}TB$J@vFv+Q!_XPB_ext=$W=nHkei8D~iRU!}zj1J=>x zYzHJ4gO9ia0tU{jU4bM1Xnd*lwA_b8J*~P$c8bC_uyEaOxWqtYVB8w2K zf`r%<4nmFTR7gx75<%~_5eY77T}FSuMTUKZWGDv?G6|TFG*}ot#2p=;6V3=H>Jf4> zD#s{zWNEgopB^xa6%8BGqVPLdkrvspPZL79cR>VU5*hA^uu4uM6f6gkAZjL)3Qwz= z+!QbHE z7puk%bx=&9y#qq81%E03O!bPSg0OVAVKR{G?`_Mbb3M7P+`?r|J#a!J70rG^gM%6( z!T$EnoWUisw5_YZuXAyhO&Z5Y(+fpv^56h(CagokP-{=Vzc*`7pQ60=raJob@O*d6 z&_y=i0y>eyc(V+ie#!4P(4tMu*r9_PBFzoqWJ5B$*zjYDD?8WPPCsN9ENV4`5j+=Q zrMn>GP2CrFlMiK%kuCPf#w>MyPk&xIF{977N7uJ5&c^%mjHd`N{sMb^xVN>l+vFeM zkVVKmJEQ?B7OMno&kB4$8#t)EAAi*+lj(!J(qWlt%jGWa%nI&U_}e&Bc^A({@*2}0;#FDR#Pw8ac8dmFJs6*kzE zu7|y3T2;y?$7Ud=Okom1n04VyxG923R0fp|3mpA2l5UPCXG@zA3_m9GUJSCL)w;+;s7qu~e#zRsQgTf8UI! zW@fzdVLROXCWx&_&|#9tVsF2Rp|SZAOB`6#m#fJx?Cch?X0kDotY{s;Ol4;8GXg0r z2bl3@_QpxPV^zQe(H}!TC#dW>76(ie{r*IqC@7DW0TU?wB!PlZpEAYgR0`JufSJI= zogp~)I)I5|KRq5_jtOD-%`mRQ-9_^&iS^H>?!KOETjzpKQL4m#7GJh5u^2gR*l@P* z;(V?L@x&d6FXw|Vqx$y-?6zu0vU_1YmV>&ofC$#KQ?A29N<&rzRt#Q|iq?hcw-WbB zuqFjJWIBSyFHU1sni@RD%!c?A=wlKPg_A`2`D*cBppubPya^6T(Q^c0PEY`u&M{D9 zCK-?EK_MQ!Te+|RpjU$c%o7TLnn)dfz$YJrH;j{ZD>K9FFcX0c6@iA^L2!|oH~~@j zkl_eBsE8qEy9rDfF%CEWk#?kww+(7m>;ZOY6DvOy4An=% zp?IQ2j26;6&<>)%PikK&67~XOM%gi;SP=e*a6vJdHGGgAWxC4?FzR>`JJ=4B44Dq} z0+!-W>>+ln)M2Wn5!p8!z2Yn(ZnPbTG8CiC`Y5-fgj!R=5&&vok~-85Qt@Wt3dajQxx~77N()G=$yN%2^QMN7&(t z6DRpG_}Z1j!D2hsjtpacNZ6WHexyB?wSzp7t8$tq#abf2qwF|z$TZ}czTS8$Dn9sh z8nR}|_tADV+8ZNqGLnd6Iow=Up)MueadxDvRKaB|JpzL~T!B`HKE@7=8f$C?5#lgF zdY`q!lv zuTsB)CH&d+EHhg~aAH)9Q09--a3^|k5>n=>rrB^O4Tw|~BKs~_(vt@SCL>%}w15)^ z1fm%l5_B|itU7j(8dpjClmU~(BEeL>*kr_=Iv|d^ye^5|8CKJM&W=^~S_T_9YOS&9 zv?9RNM5dm*JCat@PPE6vcuUd!XUKrDx)KgdGDK;T9SlX6iozoWqtb~thndsu_+sL+ zgcon77nAjL9_q;y*va-(qJ-Inv50Hsqp}F$>fff$7K4~II>nBcP6P)z{PEF7b32_F zKZH)TLlaFkv1qCu8okKUC2pD>XRIS}p|yZC2dL?GWGWSFnwx>;Tm#jIMF~q~%_u_2 zuAq$B-3v519VGWNiqMTwxb(tUHFgYsh75iYb!#e&Dtp2i(`vAy3VEeTlal!{i5Fo& zGi?denfBC3!)%5#ldbrfp7E7d{8^syQ>^$|p7B$y__ICZr&;mmc*ak+;y>>hKf{Wz z_Ka6vDb`HTGrr2G=Rv4vQ?u82BG0tqL!R+LD?aQQUt`5bJmW)Fe644E*ov?7j4zn9 z^`7yymfnea##c^8RY-qciNEIXa;`VF(gMu(228O4F>k$tVO*{moU!Uq*iFTCJQeelp)Jl zIMN71PG+)xgH8K4DaiBU!@CK)bCB6De@#A;!G)NvG2yDKtjm~8Q;wAhmb zj}UNEV=7oH{uQhgCDjHR#+Ip^!Gi-bHSu^_^yHg}2?UyYJEcwgBEes08=U;@a8BV_qai`!*gYA7OVq<$}pS6i)4i@Kf zy>;2{{!VO=%wuT?AEr4I2O+rH_JO2PvuN?%DKjS}Mg=3yIl4qDqff@ylz60wFlXt4 zfPIh*qP1fpNsKn<=*lw)1G)*jq^wwTYA&&q1Q7&!Gnm$#lS^y@qcnVbYJ)9f&B?e* z8_Xo4b0e{oMcSNxo6(r88N1<_*qm}pY&<0u&2V#mty0kg$4y;nnUyl$oLWn~Q6J_s zPt6R7GAGx9!t}{B^`xH=V9u)x0NG|h%SG0`i7_YDDl4c`ZlGa=IfIsnC^n<9^%-GK znI(dIiX?Nsc0@NRe=EabWC$MyzyVGp}fRqxf=Q!3;jg z42JKnL2dFNiG$7HXgVVMEEtH>geucH`QeA6CtrrBouB#?C6TjO+*b_0h&r}=wkfffQqL9fn8$Qnnq;@#}br0 zYn_-O2FCCxVNbE)pQ0ELFw_B%!JY;fBZnE0n4M$lR4>ylh7Y&GVe>%GMMSC?Gr}Yn zY~++NTE`5VyvmG7XpNM$T*M_#rW|QRLUxo}RXRCi4k*MJu3Ri%VRo&Yu0$MIK&Z4( zm)Jrlt{L`0Vn*4S3(6|aL51YfRn*pFCOX&_19ME|o#BVriPgiHizi!Z)jl~IN-#I@ zQ7fIn9_)xvM=wOIhDcl#4u5M6l=U-Qf|L2KL~Fi-CX2an$u7o7?2|1-hI_F9tG2!_ zR$7dZVRncWOHmjp)N8T#uPF&xQ5()#3G}*|0PIUL0JQ43`wS;|;9HSFi4?F)$pEmQ zsePX$K!IgEwk+A>Q=H^8p1PRvSU@x4n`OBG7A&^l!L|mIl$dBlVI9px!N3h+`7hCw zXb3jK7?4eEtYG4BcE!Nez?(WJ8c(JyPB^<_#9{Uz2YVW3(=-;pvBe1oSqv0Aa;!n> zBZ8gOq1hZq#mpintlJqlQa^nb~gIrb%nV~N-dZ-~!f6Htms8H~yAECTiEbiy(p zut=;7OiuRX&;#>JYFL#vGsDe(%#GSYnzAxA+M+2lCYoL8xM6g0{eT%Sw=hkO*o+Z` z4~P|t5g;^Mnwh+Y6?mC7&Ad~389lrZox*Cn^c}U`8Y|yc2@kb6)nWHHM=J~gVoS-m zhGCH!7!y{mDwFJp0$Ipls40d%2d=bmm~$-X8V!~X*3@9uhaKn5vhYVGO$63%4TN~= zMB9=u7VFKbv({b2Var5^TZzmLVhAE-32TK|^AVXLp^*hbg@UvCQZm6MIV=tvc`(Vv zB6Yz~3uey^;zg$#VaFxC0}AxQP%=_nQ}U0n2&n@UkWx$oU`VU=OpC^W1sd4i8Ejyc z(U2hhQH3}V!O>&kz`nt(jc>Y~F=ipskr?;zo5C*rjx>(4khPeI7u3$t zR=D^|AsyKH%H;5_tNJ_yso6WZc~`VVybKqQ*a|5X9TdE0-KhGoN$G9xXfjI5s>!{%6~Z^f6x&R37be~fL8 zE)$*%2pDSsicD)N2u2=hL$kRjAnF7 zwWt1ADG*I{V}GW(RRJ6Kv)y^ah8KlSC`@lRR4wPnI&prG{C|!w?bPFibb24mNd z)r+_?0tcleA`};YyX?7Q_;4c}(}`fp3LRmD;_MPSZ9vMvwGJw*laLB~BBJ4jRMhB_ z787wC|x)i#MWv`5o0kKDvFh(&T5H)Qb-7Q|7QDibQCyJt&%rQMGiiSpr*Rm!lA19%1xix1J=)kjyqjZ=e#Y7Ak1czoQ z(}0tDLCmLOvNOyIHo_<|41;46(4YyW&@mX!OpJMH98SRsw_oEGcrbbOg|n()F2(F`1(YDF8Jf#qP#pa5eyYA_+w zjlq}u>KHp%VlgSgN)hACebQ%09J-<97;Xrj%U@FzjhVo5jyzL%*I?g<9J<6P1)WKS zb~Yk#cm$5Xs>xF_m6dRYchJ+&oCr=uTJpLMU$#QE(4h90&M5{Qhe(Fwc&-`F3g8c^ zNXFrit{I0SN|c#wNFj>ajf1Zk5==I<5EsQ!jc6#EhD8NC3E7c+U4g%pq>$tbTWV66 zd14-m2^_1N!C2mAFrD%6M1&%$bs2-Lyo^zym^dKHOoY9wjDqJIi_vnRfrASZVN-4) z2L7#j>#PH|rAv>mmAn+Hvl-gDo30Xd<{>K4wH#w{CXO}$1&5)OHk=zkA7vp**p0+WU zPxbfot{*`P9@yj#9PC%`6yGRujSs-7$k1Q{@a-983unH+71{ zaT_|%UNar+c*H>+AdGymolJU1N@&8tXBr4bJp5GB{*1>t7@R*gPhF_==AQI9Dt%gv zTB!prvM3CPbM_BnKtl{*%X%{S9D~19s>I-A4UVv<)jbYPYQHC~rl!&?I8o5a1r)s8SPW99Y#9mNT!=Kz z*U^s>kb2==7-nXntqVx?U*5R`Wkiv0#p(s5z}RCPU4(<5eYtLR#fYMn$2#MQfl=ib zfUEjsGQ1_F9_u%d9kD!A`#`)0f);AR#vqL7@!9 zqNlwBqB2k{W)!@=qeK>3jXRj27Y8CTzpZy!Prd{I>vXvNs03h%+}TtjpTI@>8<0wn=rk^1Dv=LXMz(vg^y7O6al9F*UKcIE5uSYD zqyYi*yZW>F9PUoRl}}u%7>H1JHV*_^U|>iO?wjhteN#9eHxLz&$Sms1Ea~jVQH93(%Qmfp9!sS()Lf3Eaa_7te^HN0(76qAQ?e+E7o6)VZxpPfm^|X8Jlh z7v!m9I4++I9ZZWTD>@jv6zT4OX-eA#<0{Q4Mqyk^)2&^IF%w}t!tEhAh+l}J9oMPo z#STN@>Nj78!q_#E0V`8N*a53AYX{8AgqgC@z2-b!L|JphAQ#uWYd{ zB*R3g7H4=Pb1@T^3-F{CauU;?%R_8>IxtSa*Pp?icydaKj@CW^U^6R`i54AckgW`~ z?-mP@#B839R}17V7-Qf_NXS7~&V1o^f=isMe#QiyGb5(MoEz!5ID#ROo6VUNUInkD z=HY&hV#|aliz{E{ctzDg8Qq}}3@lE>~NVrvug-&u{6z0!rskQ+r7fLeTreD*3@RM{-69YYE){3~QhB$cSu*B0?@gaw1aZ z-d^)23+2fq9@mt(DT*)By7mI6YuRrz_;S}MQ{jdZcPcJ(@oW@sHHtRY#^shBg3G+X zW|oRl2p`(Il*G%C6g#34^eh+~CqvR78G#;cM4&^~VKqwS@$?*>_KPi>hZOez-d`V- z1M{_cG z`u)ja-?+=9<*xw)a_lJTs>>nTY_lN!cVSj%p)WH7!u)jYPq+$Q~u)ja-?+^R? zL!k!t_lN!cp&$+W$A|s>VSj(v-yaG!u)ja-?+*oOaE}j%1j^(r9S@T6Pzx@vD3c?A zJmQCKuyZ7UN5sr?WjIk#R{k$+8q9>Sxfe(FaHV93Z)4$9C-yOxBlaPjP|CM11xCygf2t!x2sj)8 zER@tFPYS8*9Ee~ZAZbD-vGusD{42;?J*pV{mCMS9;H*`1kWb?9ZkHq*id%Zwg4ifq zR(>VGF+MmN!ciT*eOq`}3%B~?Oe3>V1tJOT>Lnp;m@O+m2Jh+M4v|KAWUjw2oeSss zhfI#^EO4 z$x~+tmkEgdDq@k3FrPugb1GS6gO{H0el>1z&NK;f6p&W~Ss#UrVheUz`6~QMNF7lE zD^Sgl957`aNj|P2fE&AUDop}b;>=sL25&5f@=K+$zXn8eW0*CEt+Qq2AD~L2xU*gz z_Qs(Ec@&lc_jMp+2{a@2(o#IInRhOZ?Uj}DlyQ8)0=#mA)A?O^e@WfJh#l%>at%E0 zE8*RPIFOj;?E@KH0?SjWW#!j0cMZ`RK1YZ<9H!t9L0S12h(-<04&XU9UTl%U$w^#J zE8T;_ya9L3*dAfyj`%drnlUAx5y|kekyd$2*!HLkPM1Q2z>OW$cxOX)jPsMw$SY2fC9zSxto$sT9y70s5y54H^Ew5dN|3IH1gR)58A#WPfEVGbtRW4`?_J~BdUb5fB+y79FsChn*$;&Vh&WpZ;1|NO0KL;gM!Hh3JdF9<# zXek_7Hg-8vuK5BmucHutnVJ^!K|*!d{ZJryh8dM%DLjTzaUjgn9TJ9o^1=rwEZhk& z7w09EoEh&}iJ&p_QKS`)O)1<;qne9y--a`bI6jw3HuDY{>3Qt#xMPGB%vy-yiWs~} zEfqWk6^wqsyE2=)JKJzd7_TevU<|t>TfgnFK%g!eZ%SZuJFf-7apn4GLaOOHR(c>txBpzn$35rWWf0b3Y-unDq|2;=JgCpL~2C2T|}L% zx+~N>_(&N|ab@Q$Lq70`RiUr(mH-q$I_GMsPo=^{gHlo5KnC^{>>D`Df#c>W94l9+ zR78*b02(lw;_FM@JQkr|$&mK=E!wbN$+vlr^(2t~jVpNO%vt^2JQ&zMF%K;`5${~f z%S`8pDC|ZfD8*vDN}`00itu=xR!lUh=U?$$F;&f8>b(@6pzl&DN~)T}4G#Q$DVxd5 zc>Ov=LNvhuV+fTD-!bJ)UDR2HXH2C}a^T|=6?lOfuTw}S`9P`xHZErsBr|yqq989& zJP8hR)UbzBzu@g#)%r$1VeY@lYFCO9ciupIjz%CYhp-&M!CmlDNKoV{e!dT#!9}RN zF#$s@8zRAjjeQvA_;k6X=A-ab0P@(obO;{9!PPuGyal;bwaFq~BDEGf*zeI z8uB7@n`I2<)1SPO$h`ekj%C>U4i&{PG#eUUE+$HZ8qaUWtsG`)W}63eq&8+jAmmmu zbSrfq46fIs5b~X9+f&A@-=bHd)qBhwAHT&SC8D)+q`7&`0jfvrBI>3!_-(zfhs*io z4PY55S#MKtDm|+1I0<&QNAc*F^xZn--);|B*DO#tnviAOV}i$rsKbj?6q|9OG7;q( z%sB7A8G}IHc9%g*;J!O`aTQJ=mC4h>F}&?esA2e4qw##B@cI#QEqCr_!Y#ZwD3p;qbL@i~1@;=i(m0qjhZanqh&Qh+ zK-O^yS(DsJrfxJ43vfNOk6{q9l-~w2mQdD-(zOib#g<6V3NZ#eYO&)W#=&&F0oSUR zm4AmNG}5^%#GXfL=C4Bwd-aooGN8di)nOPVF5U4NRV3q%A8GRQA@PlQJQCbpIQ1+e z(nQc&3w#jzJO3m>SldWi&vr&X@Z9ES^z2y=LIpCi52xQ zIzKNntZjhJ10j-DN6%u0IqWHDu?VopAEPjaMs8{{tj)!0)a6xC6l>bMhBl$xQ-q6b zT1$p0F1JIA#1c5!h!>2dAJRVZG>@o&AfKYqXddx0<_zxR4aYLDAltLX5%SFB$&)KZ zCT@pJ812m7*+a!5#ub&{cTtgz`4ALTKFjNerG_cvpGU9Bl#p=>(x2>tMAKBvW8No` zsbi%udwiu5=AjIv=0lFAF)rEr7JB@GcDz8A7c=KbWQf<5u`{4Kr7pgQu!K`XvlW_9 zYiYi#8B>ar8e|cNlUOhbd&ro0;jn*M`9-c^=Rnu5M!1{E%($7*dL=le%y^qpm%JYZ zqMQh1GE&x)AWWFmWb?Kc6|G984p;};#vm+1$G;$9Q8XA{bIS7u5DEM~K(Pc~WySN^ za&shGje}-?2B&sKo*%JQs`cQeB&J-N#)SyxDMeTC)-3HbC=Xr)N&)1I z!ZD$s0P;qjjM$&*MjknfVnMDaTU@g;b&6?6%9}F=2i8j~I3$b-H>?)8 zMxf7d^0Rm`2o8xA8ZQfM%I*RScyPBx@c%(<4)%muw|T)7a?Jq8`yzp zabl>WvfvcUoRHb)SZ00F%Tgc0{hgSkidem=G_G+YEw0Ws-n0BY518A@5+Y;0+1I)^=d!}KZK=}|7_V3T6e=#`qL$WpC7i7Z-&>%|RWJbH%9 zc%XFAFQ{464d%GY0)B-!T^6{gR9!U2df`>-MLNrf<6zN)juwq{_b*cJ6%jMaUXA7E zH9SU=n;%JMuo&7*5q70{R2=phQG|EaAuDsH;(UKu`J92{oufbOo*JY`{cln@Y4n{V zjdll(M%)~0H@-MjZ*Ye@DIgbAw|Ak`qRjDJIxcB6G}j3n@QTT@^;mfc+ znIYdNVIjGTgy1P2c~P@Zj%>vP8}-;qvaP{;F7?PC^O1+XjMBZHj?3>8&_$%{&zL5a zMN3;;k?P8CR0KN`CkUx}_(E#M)EP(h-dH0td>W%w#F zKj|^Td(XYCZE&hXLw2^Qt7FdzWI_4F|088}lX)?HTuHm2b76n4+~lFy9QS`@6YA=O z|EwgNc9iCr|0|oKdWtN~b8EA z*L17l#Y(wsjgvkKos6N9O*JM$G7ayuWOXbR0InwSnxK<3voag5y@(i&RH@1;puhA? zPTti*0k0jxZNi49n|yiah`Mn^dh}zQVmKB{s40S=FK-rb)ryyECbPKKsx8|W%JtT_ z_crz~g0!~bX%4KW^htrFuc0>3)u{dHtug&HG#uQ{8df21Rq?ohrQjN4ImLS@D(e9S z_o@^Qbw5UQA_P-HGQ?jo^^>~c5d6dg)-rtZ_k;Ld8^jAHSW)6&_JlF#f#ArR9a#DmolSggQaF{1TE(*(d43Wk%q4*{$5X7axGbmH2VR)$~BZIQ@$Wkuus{OXe8nnJ;R)J{6w{S4er0f zE%sQguq_LkG9})~ezdhr(yWy2VAS&qR^bJEgK+nB=&Y-?At zwR@rRg7i{^OuCg*s${?$B67vO0Osl{Nzj4s^bT=6y%EyV**zoE+TPxaTjyZJ+5+q? z!a)o62NltDVT<>1)yXc1x~%+l@NQGf%U670d(hz_PI{DDqb4GP(TCSU#}sev=&!l4Dw`arEI;ysWA( zBMiO;j%CsbuPjWZp#sFucBVA5v3^dmeF!yQkAjQVOrU!d#)Bdq!CW50-Xl|Lw=07! zycx8D?VJHyUMiUmP(bMPEaCIy;6a%lV6{rQfSBLMs93ln$ZGixGh}(6SOuJMbFGXo(bPD$ImT-oYyH^Df_$ch+eYL;YsP1Km~Vdhlz4T>Er z@H&hi`OZbz#d!OQzbVgBov;Boy3=Ddpu@_vyrXJQ5iPeZWWi?TLV%?+S<_1kmK5D1 zL8`Mx=nk>Al>h$$)JSct1%5ql;RvZGXQ&1^Plos>(1$R^3G;>6GPx_d$hnAHrA^a~ zIirgtmJlZb`@kbc&QiRQk*|3v8$r4k`_BN~hpOQhOj_hEp)-%OdvTG8i2$EY(e$1y zIjS4RTanaIwi8Bm#IR_Pi75{oS1oV@rCjeXn=;sFGU20VK^~lvl7CT_iSWo!7EdlX zR*IP9Q_xoKNAZntyqJR`;GLIv2=9)=)RdJJw%4haev_v>)IJVz>2TOA=tFU&(2JZ$ zQ$U@IB7O+%WqMut%wjLiOL^OkjYd1ibPI@~^LYezI|7|Ul8{*dGFS=4I+(G+N1lW` zM?BY$vMo}0nG_o!*vt8TphR@3m8j4h`yv#JxRogi%G2;_v3(vxjK@|l(NEX2?M(ed zj}hh9^!|7WFh%m0AP8rkr>)F*)o{(N*wB&dbu^qPJoY~2VwM(SkKBdMo~{qeZ?@z& zQR$ITMxOI*it?UlwE^pK@UAy@?}%|D_J17v2O|YD(Ar?cd6JA6UK1tJtjJ0V-Yo7f zVjp-yiiV5pxzS9fTU7cqH)A2#kxWv7A9k1IlSm>fkfu3q_-kZ}$7@wFvKM^sQb6j{ zt5871q+3$BMPIE}AhV9?V6&8o?5Xa^9u_TzC_EY zorv(4+~H3Bkc7(1b)OTc1^f@%a3>XPe{99VZ~HkSw^V7_-rnvU+^{UxCHRdg0k-1t zm-4jJ70s+u;#7Td!mdVZ3hghTF3hb)8QJUbG^=A^!-_J$Bvg48L@7H^d)L-^2IyZWd%sug0J%!GY~d|+KorsIYYHpP=;!Uo3s@5 z6L*zlpdh`rm9U99TFCswK3LFLxsN?G;arRoQ;-`}v0Fh&5-x33^G%&@DxH!>8{c|m z*SZ&)0b6ph%H5QpXTu!rY5Dyc)g4QilPBAxjGAFO@}ReM0_GIW9`0xxa6=m@E?`aR z6oTzc!Qsn=bX>_Ou6m-3GvY}w1~X~8*HK`#6II4H)pYDe9FVa_j_aU}O;|LKMTeXA zF;O?E8B+qgt@u2(>ZG1CT4T;4rVIqm)OK!pGnGRuBub7yxgr7EiaWnJIK-4T5qDl* z3;-IqmqJDj-VfmzHHAP!nf62U6~gX7}b}SSIVbY@U0h)zb!Qjg)os8`2w40GaX5P4Q&vW12W=JfyFJK;O?v0LiV_LMZH`~`I6H?l1+>K{g z&9-h#sY3+pfW|swDWC^UC?*7#B(R(w5zWXMyHW$L2|HCBcUBuqy{;V=Trjq;WE!qV zRuY{Z;_2Xg_&K%?=L@oT!mKW9?L}<~;z%J27qWOxHKtZ9DF4uB%*zha@m`t`-9QrX zNvr+P6tid8Pw_-A{8!d!&hUp&;l(>8`IHyNYcjx`JQKr9ewL;D4Dw>^%H#d;>Vyc} z?RS9FM*-=N;U!xZOwAH$D8W>auFKlsh-q#6{5_f2JuXv3?{^_s?qC-SmEDHLF|1ou z0F@QJRnf*78EzjFi;OxBPhD~Br6}wqX~PIFSW=X_Yf%%*lE*H#W?5|J)YV>@m~zQx zj!ZM0LzwUxJ&?KsPdiX@Y|q2W?rIu=&m*cn91;ikAIRQLvLKJf(h<#G(}_s6d=h?t z9b#$h=LXN(Xk7*mddbsk*xnuHb6IstB+Sm#kn8TmgCk;XRHG0w>laymoJz{Ek*uK= z8`YOe6|+KTTN_U}yq}E<_1s$_lk=LBZf)pY2B;@h$_`^(g~fR+Ld%b|MgPAT&--uB&T7yBK3%#!oqRVyp+!FJ?9! zMZypwZhjA^8jNQgMOgMgk6~?~rf9icn7#<6*?+>+_Mfmz*gG+`3#!66NFV}2H*>+q%$irmmUunLx*bwz+Lpqa{e`^PIvMVYXTUBL zhUzLoyNFb1+{F?yL!#Pb(Z%yfFeqX!#Tf*a6J^>VV6H{**PlR3HlGNgSMV!_jZJX1 z)3V}D2=FoImT+}i8zDHS;Ol*m4C~M#CH^2Zp1l@qs>~{o-6th{-lzVN9Zkj{2Y(|D zNrkbaj1tHV0fo(iBFEf`TD)n2YUxs{#7J!rr*F8tP#6fsG=7z29MeGx>2d5d#{8T{ z(O*H^9Bip%i~}ZyH=YLL>kwm{0Wv(T>fs7GRmK|Spr!f}y9(vT=%JX3inV99m|+-` zAUC8WEJa~c0#rp+P$Gt#S3MsmCJa@_Nm4QPhdSj^6_GVrWTh1&dzqLOF5o)WZ^@fe zwL-PqW@_xPUqeaVE@siEoc57)>qVEosu)_G1}bd!tfhf8bdG*w1N88o6nWeNILS>c~Fk!F*VS zC*OqLpBbuZ#~KRRIy8`rd@W)jGluq$$*EufQBJvA*V}u?UdIz=e4))4BJF-gis#?R z(D0SJE0N0Xb)ynxEGpC*6K_Hf!Nca*|E$~?wLI!Wb4OGX}U>{NQt*x5;OEaM>0G1J<%#adyZN}M5}JHRv=%|l7d?@<`q z&9hU+4&!k;gk|PKt{A2u z_TdyPbh?q5)yZgysNE)}OGEiHn5q-~0Lx~0+L2yp(H7KUJcwFYsCAu0Wsy&pBKNfR z<`-eBlQ{#GoL$O?3FO)v)UOeRvVEc}!>p2mj*bUkcOwE?z`Y$M% z+SMj1|0@vG7`6|~zBM7(z%nLr<`73t)!31ivk;U-$QnHFbV{?y-!W$A#a1mPt%5jn zZ>C`)XK)aR7Y)>@bpht@P2?q(zz$-#j$*aSQ$JWT6cWRP(s&rf#gG=J;p{4dY5x3d z?}A17W|0bd#H~TXy?LE;fO{obSD*2?VQ2S(oRncLYBv&w+pZ42E4)FR5rcISQqYa2 z>qTSTfB_fRvE)I!wpFzntjSP%uE^zV_CDw85T%9+&J@F1oIH!QNJFuIVNq;07Nt30 zPGpyMpZzLYyrVJo7V5NUV(73bshzmlz-k_w{MxPG!)G$q{M50f`mJ%|L~{Kpee4gkTo=eav|?CLPo>;tg+-2|BBl z2Ou0{FXe|DSxj@8`&d}KZzBvFiQzd8waA>E9*5V^f|%gKkqi5;!SJV3lt@&2*_g6zp*>i?T2p$n_1zR3vlWVkpdCS|WmJJ&+2t@&ytK<9 zcsTkYyAge2h0}0vvv-Dy+^#h4c%IrY7aYf_IXCNpCJ?cvtWsNGcr*7KOc6u#UzAl0 z5^!duBF0>rI*CJ`+Au`XuLg5~IK2`rM^(TBm#~p(6xw#BDA$^Jyv{#g%wQIY-6Yf2 z-;1Y8+m?y)rFr<0>L=XHV0M*AWHzr0z@ZZ9m}0T0jWF!l);!{;m02uR8m0{~dGGLkp)qI%ZYvYd1eL{pn%3gEo9+$IsRW z0)PVd(5TNnb=iaen)TfLvlBo6-B+>?cHVRNQIk?t|GYJO`J27Jm;(os;2!wJOSgaR zjW18Ed}rl%7rp!6^Oyem#rJ-7%eaI8{{0`H_Q14L&k6)y5M0?K>rR>X_NRaR_1LCE zZ+&p=rk<1UKdyPxH%He@{-15f{pVKTPDBPPhAe#PwXZ(=)2~jt?2uu1^#5n;t@-CK zp7`;^?s3i6Job$P?wAJUniJgXKZrkY+byc{eN9Jr1{`vY~H$cT}Ni0Z2aUi z6&IrX_Y3Z|_-j8M`C;{@+dg;2zizl_@9fI$^Mc3UcGuQ9fy>@l)OQ?Vi?Oe_zL}pH%ig6z{$D;^DV<-4_UaQE>m= zcH$)mhp(8pdg|JvS9aa;PSg37D}M8}6$`ig=xev%@WJ^IhK+)|>V$iyYIKBPuy_o^?&*6_}{H3j**0N9Elo5uE?{q;px|N7JQ&;RV0d$y0CF!Ay0&aOP~uQ#8u z>FTD_M|?35_?qB`KXcd2#9_lfdFhCY0vpe{;AfLIyztdopDbu=%1=M}x$nOBR3Pws z!L5o^ec`p+9{bA2f$1Yp{B_@(zwEiY`R30z9s2%*<#)ez>q)5Ral^>>mIEKHUHIUS z{#bRu#VcOD>hm{0vTN2;H~hM}>ZY?6w!DAj8yI@K1^2x_d}H~Dk$;FyIBV5?m3My9 z@{`{VtLu0+_N5OGKW}qQII$-X*d(~+Pv6%2QxKBc-8GMZJ2cDOLt9N{l@tq?mPd!`jcNQTOSCVF@k(A3HGd+vF2Mnqh7!2_0!q{lm2ktpL%}s z!oObp;Xh+P_}<7fUk(JW6x`KSk01K&)8`)X(Y_ncdw0wFN$Vb5i2j{ManH&%V~p057c2mbyG?_3cGjD;*z z3|W3f)uwX>Up;>JCu7d~^SbI+E|`{X`rU_%&Ny_!5$z*; zS8aK=|C$XyIrr&fp7`~Zkuw5;(Id(Co`nw{b=D2PdGz{2et7?5m!&_y>g^A|^u!&{ z9`yL^@BaL`H{QEG5IA3OS3lNvz@wKv@!qnfe}CfTyFVEF&n^Fs{jB!SOP=XXEIDvz z4RqCy1^3hAe;j*cW6dpnomc3iYUpD zqEIxeG^tZ6QwU`qLL`!qDO1Q0WlWMOgb;*!V^l9sIbf8PPqBKi8vKJ*!D6nIq5lGVeI@vj4$>#XB{pPQB|Y8FTgBX!wBW z$_rg~x$RN#@0h>qv6-4js9Ha})()NL7gj{xX@75jU-<71(GA<)ZDMqTVjru*~Z&r`wM^=Af9xFrDhM^&3>*IMeXy_J!x}m>l0z=iQg2^H;KWExX>s z>b+=D!RH1&7$!`r3swtk{G{zNC({m#>*-lVWxW_M=+@mON+YMwAJuVZ z`*R2L7p5)R+n#mb>GFT)qX|@k+ zb%&TIjz1n1**&ecD05P6NsKtq_31~O(k-Z81Gavp#}g|LIDgou7}fM+YQo5T#Vg(` zVj7Pq?G+ckz1gG=It=4YbfY94Rkh}JeO&6 zn8QRjb>hK7>vN~Ia#v;+FD_nvq(Y{6ulRg)Nz~*i8yb`*q0bdHWXnCSyQ^T;n1t># zcB@oO?$KXvZcbZWyNzWB-}TP)%$2({1>5sPcW=vl?YvW))2CCu=ae1 zVdB%{Ta7ns&K~4iLv-?a8Hp<QeT?JhvZJpS7RKKwDwz=yZ*kc@5&a9= zB9?JhE*(&((G&GmdoAVU?48=y>udRYjUnRmjyy`qOZz_)Fe;kD)S>^D>--g@_Wjn3vSPfIN(SYH+oJ$Qy;&Jta@Mw4y#2gQ|I6{N>? zsJLT#r&&hEa=j22=ia6U?ar!MqkqAEgjmM$P|3Ox$z6wy33!us)>|w4!j{{qo1e`L zh<)O-AY^ea=BIs$&ag5)zedNrq+yTbmPYJX)*hayzT>`JUA>2kW0-&;8b=sr5z#4@ zt9DLQ7I%C!*mOnxNryg<@fo#l>Wwg?X7gOT*5A=OnPKvYE~}%iNo=pM$vK)wv_4FW zFt;kmA6mBaK#Klat4D5SyGP(Rv@z!p%cvfxy*sIn%ZiSjvmaL&^c>o3eZ70<>W))d zGqH2mufz8D!HS0Ho{9$#8KSnxRSS=+)MFILZKc4yl;}8o3N}oah$W zHC`Vn^w7M|EAq$$V(lp{lqd0G8LY$9`kITsej2Yg;fSms<5{awT3ZYfrk| zzUL1QYAn}gn1e(&cl4dH54#RN^u=)TsrdX2K`x^7o~lXOV-jp_&o#n6Ds8g&mai~-R#3#m+Pu($oaclyz{ zyI#{WJ$pp0^l{swtqxtLTLw0dLH(u^T~^FH%hQGSW_G0^?>+a{Rj`{}dt2vCxw@^@ zdJa%ql!$@)4AIHfGT5`msl$+Qk5{#svZv>9wPP)|zuY$OLffLDj#IxZRArbZSSgBS zbWulNu2%xSv+$-%Jf3E?lsS)$(&k1@s#ChF;pkh*+b2fuW0=iEck|gL*Vk&jE~`G*ThiS5a!L!EQ9F;+SYLm} zxI;A`zi)y5;5E^irMKFzSgd`xZejm2OLK!c>*PONvrKd7G&5k5e3Oc=7|;7+O(T}s zdQtvZq}+y;jZD?9?R=oUNIb;+YWvO?G_KTd*tUCQFBgVcN_1gGuC3SAt4vrmJm7=! z>VO+M1{(R7W3LBzXZA1($lVr;bp_F#d^h~{n-FH_YNfoieetTY2gX=dyl!G3`?_~% zvjMMPqwgDzEda6104t0BeMc55xh<6UNdIdOUW#PX-d zV|Lxk37$VR@3i_|uQ4<2N5KcZTCwGhSy1~$t?9i~t>cq37VWxcF=(h;XeYB_?XEZ` zDeusFu^;O^qD$9m@L<~V)zg<=T{3J-&!Nw5T$tZyfl;wTdZt;An|kl=V!c3gvinRg z)qNWAKzDOL`N?)8XMPPkx=h2PW}0kp zN0fGM=Gpy7?$DJn5nmD>YRKQZJ0;UQ_q_Zv^rtaI=Y2Tj>5=Cy({A0~w7rw|;B{Tg zp2cr)ubi>9j>GIWCZn-deMWSiS0WcODSGN%_qs;OAemTUsiVe^r(Wkl|7FwyFWwK-?Ib5WD(u%(W~X7ZhwBgqo&h-&DDoWSFIm* zChv80_w#EJ%k|`uUE5ZCG@dm@Rk?5X#}8L0k7b^& zH^O*HbUH>3^IQ2cAB>OQ-Q+kmsxT*hT<+tMW0Xxo<&S)=9e#{q_7h!<8FoyX=bmQ9V)cgEd?)bs(`=-bqkzDYZXi%&2 zP}ZpxLqm>Um~%G?^Kmg-KV7?>^WOEeuXAj$V~ZCJE9VdFuhOSuW~F3$<-@`)$<1al z%rc_8G_g_fhuAeQKfJs#b)5as-j5r;$+bVK)O~P3GbP2;&29|yfavzQUi(n2oBr7Q z!hpSvuYNpbUT?+3LuQlX)i1WLKcM0`#^0_Ot1(WysXR^8(@8Rx&3V!4M#9<0o3t#R ztX8kLprrYS7hfM?4jW2zvlQh#CVfr}DT;YfK<;4+_MeC-!t*Uv18Ncpo0p@k+1I02%i^|G7hPS?L zU!**Crd~-wv82E1;YG3WONK08t<>IXBE|)xyCQSH_lSAtDI?EkG)HD z_oFr+?(2VUVMKIlaNEqYZ(H{pm@auaq4(y2GtJ#|JEA|Rk2R)PCUexNXRaE%-%Ra% z-q$LpC?c^H;u5|9Nm!o4D+7oRxHjs z7&ks;UvYM+NB>!)t~3nQjI6n0tkZ{9qvkFjwAB^;X?wPQXT8%lxhm=Q-n}RO<)B-a zPk(US(^Io-jq1`#9$)gu^f6@^_WeI%nciDuFFgv`baqx=sjZA{+4JDQ9qWqf*_!IN zxc8>`jpJ1Gr$krqqK#3rvq8tqPn}Wg+S)7L#`yTD!Ku-Yp6PB}kyvNyCx&6aIWCsb zwr#M_aa-8gP3L24#c1ENXfS90z=N?h&D9qsCq^jUL0@G@bl%+(2sI%PY^vRadD-Ntr+~1>OsQsJV$MVsSKE|!6&mQI1@5t)v z$q(prbacDqIa+pJ>$+;+QMk}6HK~qFQN>mx4Z9f46o#2Wbdxjewl+Flc*A$XD4R8w z6(3I@-;=P)=AL)QbMK6o?vyoSm^`A}np<>J+~ZlriuarME_OOKxLN*!9`nzQ8RFqL z?aIj8h2ab%r_PqUKfe3nd7r14dNi8qY4W!JkaZKCAz0w z-rm_^|5Qn@!+^xRIcKhTjC465U$Dw>?DBU<@>9*$Fw8=t3)_28z1uj~fTo_ov$w6) z=wYj8y#$D{X$0hc|G?)O_X(0^d_(Ocv^57i&&V2=GnqO&cY zZ+*PCLD@9_1&O+x;zvDNeZ%m3{Jr)?=~B`{3w?i&v`DRI~{5-=Xyi>r0}W_o(>* z?}}lQmT%5UdJh9=tu1=iB}loKc!XT;%iA_PmbWHjYR$DX zI)qH=zSL3k6P`LO?@pgH13uNFch3+REEMSZM{f z_PjA{{DXD+ssY|2+YYz=!h1&-oJ{;s#xSKsXL;p~X6-Z2YPVlLCjNTRuq1umBXTEm z^UE)9PaZq+;pSTm)3ys+Zh87Gk#~&vb+&7{O1nc@6?fJ08)}9{y>WS%rFbm2Fa%#! zC%S;0jXN;LwvwJ{m*ce`FFa6CG3eg$b}|YE-S&7qKHO$G=J!Nrwczx&(o+R_RtD{H1>1)d{XW<8xKZ?EY)W{*0Q37}l8M35~p=527q|3#o zyRNyloM)G4u9kV{s?SwzRWgPH(bJ%EI&t>d|ZjzeL zZysf0TsTH_B?>;1oy>LXJIQL-^lg46VE5#N7oP&h=g&yo@9n>76XrPb=qtrCW0yuK zzihE5c;l*^kzeJ*OnJy-Kp6su{oIQl--d$<#IH%67w__^8JO{j=ve>y( z(PS(4ZYiI)HjIfHF4rC7CDFa?s()v}t}};BFVQ(FU+P5BhTuJ)$XMid=PuemH(fQDY8#aFpn7`Hs2N$ou(=ik$a77jAm~e(v%b*YJaMz%?PB{gg9`<^7c^mfi zi0)2mc~a_@ef5WyjxsWRw=B%bC*;6Q`)5|#&(9VlsH~SmUWiV{>fAN?+4)zEXDQT6 z318Pp)O%RFgUtp!pXw}Mk#Mx)9@f7^*Epv0(t8UsPgJZ{zdbF-(>LXWlXkoO@MQ)` z$5xIvyt9#Ej1AcOUENf2{PV|c+fAaz*J|5oVE^So=js^;1dod7SljDih9Bm-vxu(0 z+@``)WhyO`>o@B+tB+Frl8%#4hM2YL7#ev**7(7oO?ci&bT=Q@oUd=bGiJ9+?GV|Z z5&18V`zAL{ax$v3<0FPCC%RgdO)u!5d?9ZfyYaZ;*Rn1V zTN5tMm$W_-cdlkd;>Fx4Sf9iDVj0Ek;j+!`md-lbZLMh0h*1i+9fBvxjafdbMV~WA z`;Qvo#4t%j=j1U=Ni@Av6ScBg`NP#?H&>LkjS5wr(r92O%|@bn?{=dfut)u^DhZ!Q;MzM+7!v7e}A=2C3= zN?FUe=iv_PgHNyPBH4NU*o~{PSFgp%#mG&=>j;T1rr)BEvD3GyG7TrJJKw0O!smu( zJw6XScXdxp3%kz?x^8EfJw#_a_~6abC(pbOJ+WTp?z?XE^m$ji%SO*XSMRgAMn=gA zT#uJTS21{cR=_Ev=clIGEio#dXw+G9f2`rT3n>}r1_r(yvS#X+-x-=kug&i(dZ8tMfMc%=9nYk~%h+$3>UE#-d)QU#aZBGJ?K&-b5hq{!)xZ}%D|W^|FRnk6 zVVWAV<#wx-J=}fUMH8zut*?hR&e7jrbG5(Rni_3Wo?0(`SEhz>+L7pX?(~}6tyBJk z9p!F^w5>~L)oz_N`ugSWp>KxeS(k*C9%7gsMCU4*b$7jrW-pU-9woQ7zGyek%t$m%o_WSzrajK6}qs>R}WKO`D zK%yIPXr#f1Qc0z+kdpR*iZ6Ikjak$G0$Jc`ZaXk zKSZ&H=y?rahH2KDt)HA&)b?o;^F!fF-#mz3dg8A67@3RFHAW=e?Nw(<;z7m(^K7D< zB587OSl0tjjq0tuajv{pVq#;bxD{!YsghbIAEIxb%EfbgqPx%~&s9C3{PFE9gYq|{ z=Pb8sI=AK5=#RVWnNHtbw(2=d z@kyowt>w?}?p)Dw=aJS9T?aCZiV0ipu50_}^c}nH?dRNd)%iy|?TH(JQN4xwn2grJwxDD~%_GHj%ZGf4*y$Rzc3S2!=U8bZ)u@ zku9v6T)P@FXx3-Twx?6B&i9_RcI6Dc=ZVW26xT#vDv3_KF0As%zB&^n4My#~rRg*0 z!ITE^mpZ>(d$etkf4W+Sop?ts*2-d;%CKfW`X_Im3*J(Y-dMZi1Ix^$Esir{FZRp4 zu-PuWO>2f(PIU9m+}L*b%a|Tx?cZ(;2sF8Q;MT$C2Y8d${cT8G}_OPubEbRmF7K zrJ_lyr7jtJuBv{FIlgk(E?2C3h%Q!XyoRirS&sGAQH~CdJyqjADx`R?UBAZp{nUXM zM^A@G9}`{A9kVl=p4;zSbAnX_ZDF+Hq}oqs`s=JfGn|49{_hZp4ExlVihYz1$<~k@z;UaanB( z8J8V7_vcogP~Fwd-N~6@P7+)&7W9uu(x`N7aG_BNZ=1y3Bpje@^W7 zFX->FrWVT-UK?2V&DoyyPd_mqus6U;!>{tSZLj-k19`lDYXx@)!LYs}BO zHSKuY^^s{A=DEilzN&6K;jqVE;liA$+rNy$z7Nse?HUrRb93+rEybA&n%h5XpU|Yy z>6)eoG9Jd6EqQal4E^6bqGPfohh}V0(<*v)qP6!EZ?7BM0z5Ql)_e7N`^BfT<7A3( zOshXzKb0nxx4LZU`C#sLE5%2#OMQ{3@!K-hmMG0JbZV5RdI0wa(Y0x9crkqY%f3h6 z$Q*lFckNvx)qaedS^AY1<|BO#Z2OkuxjoT27T#Kt9pTU^twXmX5hQAvxpGd;QzjGuQiw{y-IDuvliu+>O0#TMP@b(HPlt-Nt)?Az^Y^?OFv+ zPVahc$-bdW(T*UZlc??JJ?GMdm04*fg>g|SM;|K6)>dhMFR6D!T_#}scB~oGiLP~! zl}d;9#VwO;!~KT3g-0!n7~JK{yO%v?XX&);tFjjJY>@?9?xHb!9~SJ*OJC{T;k}!= zzvm1KuW1kN_ZKG=h&2a7Yr4kR|WeB>IRZK^U~CbH|tR&8BZij7;l z$jlC8m_(vG)Uf-e!3U$7q&g%Xe>Cm0^XAdBdn_@X-&gidnoF;=DJj@TCpwKgPF;%P zL%YP(jZwdrQDL-g?E;N62vu<)No9vq140hGr zwyb~3_1M!|h8Eh-=N_nm9M2%S%7WqcJ9fQadtg=iF1ga+5p`mFFEdcQv8QxzvB=Q0 zs}jRpBD%fnVqWQ9zGmt4OiL;F@`bC>{mQq8jIQC@H{Zu_r#K=CyC zdMX<}xtKoQzS+6U46}gf8rO(XY+Uo%kf~RbbRBAZ9T9LSY=qkW&};YSRVU4 zc}}9F%l(~>E%#5!PqR;NT6`o&<=E407~hDl)XH~l)MH77m2;z>x~Btd4>sAmW6RQ) z8ZIScO~)B+L4UfN=*+svhuvH8d|^gONT-@t4O=R;zc*FqxrU74t&uVE^9Q|Sm=8oZ zq^SAcD?|EUJbl&S(LM{k1B3J{*BGss;&Ed{o%dJMKEek*F@}g``m~w$^3#=oWpf8+ ztzS%_{*ANTdK z`${GAbOv2Ft!>|{hTC$zLen^pcAba1?JFNsk70HZU2@@jMmcm)kDFgot(%YV()i(~ z9lCoKrzp)FynAlJ)YC4Phd;^L9@lAl%4?i!CA#KQpXh4j6@2QkQs+|p^ivfw=d%np z+|~>@m!s`hr=+J2&L<9I%RNy(`P|a%MRl!m{M`>Vv$A{KtZC+%>+2V#4;O5md^G$_ab_Y<=S@o&OK)@O)I(GciQJk_t1xbBDxC+ZlkgdJr$YU zv9SR?J#4Hb$uisAJLetktS@(`{|od7W31V7TW?K#sNw%6c4wHZbG@^T)U&tl2{c+` zw|1+jN&Qwz&zs=f1JRAY_W6B}%np+sPn|kbtNXRU#05RZ`vhl2H@%(H!AvF){h!uw zHlDcdz!R^oOgOt$EB=#l`)Iw`YWMR|k>=qyhIa3LBzA1_^p6vgX3N|!YF=kdG@c(3 z-GdG>)^*QzDf%?#$rTOdsVy(peK|jT$f<}96LW7h)t0TvFq??Z{n$(YI-gJ7>tk#) z>z0PW<~e(o^qKKB?3MqZT?6J-lw&@5o#;MooUYQ)baPO}f`VIDcP&*mYI4jmEbfbO z`SuPfgrBWbkqa_Y?UJ-CNf>S}JbRadoU##NinDZxGQ< zKlwUsa`B0$+tVtJ+PQt`;m`-y?tjmb5G}M3mimZLproEdn&frXDfr??XzE)aBmn&5x z0=s_Egh!VW-5%2$b=qdDet7M4*Ix12AsHuwo1u#4PXfD&mnYvl-Lf6dsS@41i-l)5 z_82_+LHj-v$A9eHAaLQ+Ipw<1xlgXmIyI)n7(a$-Y0uVgS*c=Wgxl?}V=U7f_V+)t zU{&C8*HzZNXS$BcxVmzaIaBcSBcj7g&*eTzN9QM;?6kebna-+qE#6P^$2DsVb+URThTug-BPbvU*rsr)a#ew)L?M~WB1G% z9jC^a+zriE)61M>`W5TnT|`%QqIZ+$&EE~%wQ{dx`}AgOjO7QoPt0E3d3}51ZoZeF zEk%Dtbe8*P_Z-)?cg(f9I;M+;Ph67w?&akxL!1K74bRq^+s0=B&gG6~>sMlSHqfVU zknabx{`*|53u-)w%XvA~?x}e3r1wfmC-xxTUZTtWWHW>*nc4ovOwp;)xoQ2T+LV9o zxm4!m#kD#Q`WRg5f%O*Ag)VFoT%S2%vHR=stFO0BiY}dDtYc^z-DXy%#Kzgy`W3^t zjbY2ZIwq)m_KjClD?3&^4C&Icp7IKfw)aIw{g3XuJg44x<0jb8A-dr!+uYwUv?xN( z^Zb)uLuY9xPU!o7`L<(vwLTv^D&Jsc0?xk>-I6tT28xqhSCr%*^nAkfm~;Q}W$mFC zE86!dnCUoVWA_tyuIs>-JLj@tQ1@MvmY<&0p{;!8^@*mvH(h`Fb=0&P&O0YK4bdw^ ze@b+LHyT+*Mh=h-vMF}oWO_fMbN@zXw+x(Jd~=nyY?)Kn9hlz}-InKdQ@qCx$WyKu znCuu{EA;99(d}mKOkON=VcP1$Hm5P4>;UhJWg4hlyW1r^vD56x-Ob)Oi1*ZP)&H%{ zm%2v>%Q_n68@OuVxgXKhHoofkQF-?6PPHwMwY+X{b9Rx!xuBj-FBc@|E}s&6{Tlj7 zqI=lnvbvMjB46wN{!LWZ&)BUx?{d~tpEaipYZ-ZLxl(U2${fpVtio#w@(@S9jzE< zHE=4$xYd}0z}ny)RdBAA;y~bZig&ce^8$)bv|$(-{2i;mjXKl@R!2YatUbmwifeYj z`h()S!1XC^58R02uE0$xHU?Ip*c`Y8#ZkaY6fXx>p*R7!9k4y-Q*o$&dy4l0t5bXw zxHHAL9T;$~FxX+Y;YpCKpe+`Urz;!A9gg++pGfh1;0M6v$Vn$)7hDr{{I|Ib+DNfJa8otp4KdEvWSE`6 zv8ene==M;Ip^KcQVEI9)TMgue%`>LBj4Z`xf#oQ^04$>TDsX+^P+f+>)P-pb%;qo_ zxY>8OB{19GF5p$Z!)<}9%4$zB8?)1QxC_O1z-xbp-{Q}`w&P!BJsg}JMvc;xe(&-- z6cp&{KuP=vTyOw>AX3XSAmEQa;2hwk=^LbpuMKLt;&ttsL1BKbp5)X0dN`2xf;sz& z*`HGjav1F88t5P7?;#P7^a=`g_7U4ig5A9Q9dxyIbshS%U$qRtPj9$8jO^!N>+kP_ z57+?e=xgcW|2jr`dJbNGu0FwT?hfw0cFRdV)zQ*+2=;XdB0m|7R^W&H1c=6_55W-WPqO`U^4M?xhx_}v zS3motHP!yOhZnvr9`s*dy-K#6)EHE1Xq8*Ab-4$IlxQz4=-Pk zr_UsEv2m~PwIS;oH+K)7&7diPse_z7ewPygZ^G}c;-7du7(d6Xhs^TLm202`H!b=N zo~gpUZ&P*s_+34=Mr_}Q|Bjm^P}Q760)^;~JlUVZ#tqG{fxZst-h*771Ks#X^6_%< z!4LVl2a+3yZ@paoeSKXefj)fe_5CFzS8yD91N=M_&$#q^vh#}LexlUNjrZN}>mZHef}dje zjsO0#PUKY`KK`x~+}))1s7}&--F@*YC*C=yora4m`-T<%O>^^iMW(9hqktfi4!+~R zuS0O4kFP)9sXxt3fPX*$UeWT0O&aF*`=!m_ID{6=-Q?AA$G0AXw?oi_2e7T;H4@V{ z`T7RB3p!*9b3@{H0X&`k+*ME+-wx;BI=BH- zJwG1-ri}D<=jAI@$IV%SrunkVGM*-7ogV1#fvpJsv8uA}<`v}N@8QADXa$;1xzX(d zJ|1P$=H~9pcU+{6l!W*P3ov$IY5k|`YFwWmW+1R+phQ!;Q}f#nPrw{M$C7cB9D8UB7pFMxgLm!`BC{Ksv~nAuSL?>_cU_Me2^LVv#d zCDJ~@6+c}d9a5!J6uy0yC)y}fE8PPHa1olxuHe}v27hCd9p2wJPr&;St8nK)fhH4v z5;r$Lbk%74pUk%KnmXxjINw~cOE9zpTONEPu|rpoC*NL}cIdEzbf@u8lJRq2jGOMe z+vT^taW!VcZtfug6Wp=h;dkqiHE*EA&4sUVg1=uq`{F&0{;oXhMsttn7F_!I4DmD^ zn>YOK_U|{21-u(WTmyss*lE}}Kle%F+}vG)d1u%cd!|(z?!x3YAjp$l%jpOcEhxa< zRXXMP`+mdqH-n{sSK}X_eF<2`4_939jE-Y7>&mx3!>~5g#oOIgVj39e{JYLWz)!G*$gnpcnf>Y4(PbS16_A!-CvG#<~5_I015xDti4xpZ+%nL1VpqeR?jk$ zKa!ubuX_;sXkpd>bSdu<=6a> zAZGyvgKwL;7!w3|@WW25d|jOd7+mp_eq@+-ck3S*=pV?w$DIF-;U0>W7<;$=$td9K z5#YnN$_oR<=gbC$=oh8h9symRv96}@p@2kg;`2OK# zM8m6YVRA?eANG+x0OWZqBDJJ5z-=SJ_C8N{(ie z;lTbYz@MBC`ICFd_PgH};F%zHGT`a+7x(Ya7e2sQ!v6^xd(jccl|5(3Z@&P~68$Fl zO{%Vq>2IX`arg9dHn6MU?Bf+qe!PeGJxT3G93t%@unmc)RD5&v{Z0r@H{sBwK(|?d zs~5X>f%^T4i-SDbp5u>Gjpt#=wovEIxKj&4?dAoA1xeg}CI0x)O#kuhfe*e{i9O8b zj-TXZ4dpkU9N_)KwBl1jq{-L8$Jg7R_laEUV)zUV8PE42KY9wB@x$G~KfUa5#U9NS zty5Dy}~{V{j(a-ASl3#A9= zdHVAE$*+Lh)_!og07nd9uJLXHOz|+VkY}$#P8)G7hyO$b9XZ+SH4b40e?S2wI|9sbV1&Xq6R!8Z__cuW@j`0i!WK8K7P5*>k_I@|d; z``Oa(?EJ~H_-8Y)PYeEdk^J+A$rP&UsH_lUp;v%==wIwq{al|PSII(Dh4FenJ7PCE`0i@4D-iVR!kiona>q|udP%TL5r7jL5@&XI6jl5a zcYZta|0n8!0iHh6b8|d*g}5+eWn%z3S7;8pGFYhcyTHFqwC?~ z6YMVW_m_C0aCFE#(~P!Iqw#kvdQoiIP2#)Ip;sOoi;_S=X1iR*$f z87ag4_=k7m&t20tIWSC@=lw@7AU!|#yJ!M#{e3%FCgj5eA75M_zPBejG<-i4Uv!qf0)Wq=n+@ga zg+M$n4dVEOV-kh$FY$~-FEXlxho!E_mH_8@@MV>8Zb8n%)XXcu%R`upXy@f;gH5yF z8ToIXxgz&f52~eEFn2%Q4R9CYLXy*U|JXCeT_8!GwEA734O-&20kC9pEbdrCZ%Ya8wQ( zk(zL92&QQW@xM-0*+^foGlB0JQhJ@;L;NIc;leo3PZA_?#(BWM&jdMw#J)d<|M~|b z4f~cUo-O)e;|*Vs3l!pHi@&QNGhbiVP$61}gA;=F7wG%Z3wt>GdinhB(Enc!@rdT- z??Du1EYF4P+Rc#Hi6B_=FM$b#W!!F1f zSoSNgsM7Ca2{@r~4|Nsd%^J8ig1tL|y2kJ~t`V@|+&bG7&Hfzdr#kU;&u9Vf!@@^VG2aysYqlc{`GTO$x!WL^5~(lNpSi zjqW&M&ZqeabkG1#5WJlEpDCk0CFeD{gQR~nsjE63^uH%?^rfEY2Y*kXI{JGF@@fxh4L!L%uRrnr&({rKBoA~B z43oY;kN5PIHWC#J@^uyB)qaR1U77G%_R?D6To_*JDZoYnY7~g~+X^#CP4wqI)n~UD zd2BZj8}YvMWWgcG*V?7F4iw;N7QOIZ|8Po4!0`uPiu}iKQ2))$McQ`uy&CvBjglijX?snk=+9Kl^*Nhf3uL2D#ENgxitQA+XpMfC^ zlKz26#k@W&R@2odfpxlf6Kj(2LdQc9XdLRUW2pWAR|HDcqowNqQYxFn9}_Ii{{PJI zUw-gg({=gQ;nz^#TKMag<6X~RgM*Pe1y}QDqg1;%0c&0rimUm5QO{q4e@hE*n<13+ zMnR&5$}kt|Tg?ssKZ0{<(G$-3x&qd`DioKN|DvA12LG0pD!YE`ZL50|>FNC!vA)$^ zU%31ITUCD({#$PJh4Vj`8?HdEIb3-H7AIWAt0Hmru5v7Y!~A1tE+aa^-L%40yDAcw zk^i8UzsCNS6Cv(0IwjE-q${Jrgt%5eh59cVEl39|t!I^i`P>RWMnZ$7LvNMI{=?AU zk}KSmtI7x$Tex-@219Yp@`lfz%X+-Kx^b#{~jTmVXMxnU$N|30TixgM*Rg zMGzyuLRBO##lq#_A478~5#;{(F(X{;AKIZ6=xjp{ zGLfAMy2}1x+k)NG=q25@_){^LGM%4>PCfw;R98$kCbWMXoP-X_B}zw|n~xIT|9=#O z!ljo@N1L1aR=4mfoALepcbTu2ckp?-rKDX|rQd`ECGEI$el&kIvi^6apkSJEogXHR ze_!wq-B|TM{w+BI)#ulMT(W=Mb`i49zZL;Tn&=-#LV*jVMf|V~{%?!;*3v5DRr8Lk z@(&kKC`0}l5R9}p70>|m_N_AQuSI|n$N+q=Zq?_xI_mKD#^;om}{6ngV< zv+HVJ(7!B&y97Ev&f)($V?4Vd?&Dm(dD`w@0&>abc{Bf25nQ5q&V6-twE5lg-v#)V zYfM(Ze@yZBSN~hBei!sx#@Pq1-#u*k|0sydye{8~DPK!g<@j5QcqZeY19BPXYq!5C zg3C0|Wfzy{UlaAMh^o0(_4>)bD&ku*tHv_^h0@_$I0O6?@V`jZ|15&LUVIJEjq6*h zndxr1%-mz+;!0*#sjfJVqFX2E)UBz>cvZ}RzPyi&-1oPYs`nMu! z0sQ7fe^J13t`US+{j^kcYhmy~CUs%%tE zM^t^B%bz~a2LE$FuE_=hHTl;%|5^kXY2pod-a6m4OX@`d6ZKQTZ*>+fQU9|DE}1+N zWxx&L)pO*x&wr~C&pE)qhD0gS+!*kj`TT7u->x!GCw1euL&bfZtI&@pME-gT_%8vu zOWKWJFY{MLa96lHzuQTuk8?@*@kA&jEk>xZw5qH6R%2gq+(V<=NyvDFPa4=BvGWktT{?nyWs|rGVc>|Hp7# zMyfqh|Jd4J>icT}V162cs&`fYtxdE5enZk<6!5K;RlQ;L+Eneukn}2WALr`BP1||a z=huK>q&H`^*Dn9F&c7A`MtW(hy_%60%I|Kf`ZQNRo;S}w$K%>t?a7ez8VU7ru0GYC zH2hSbUju^q-M54PVoh9)B2cK*7}cIMNDCF}<6IJ|J@WljpI-xVO|JGhSB)Z2sPz7= z_CB7p(5kNaZ+o>LKg}hj>IM`z9GBv1_YeQ0zP}d0C79JF~|yG=ih z-rrhT-NE&jBIzJf&6%(?oI$n6pr1d_<pCJ}!8DehtW_8DmQImbCw~&c7A` zMry`t5B1VQh59&`mTJ!weyY!}0l6epd!|s0BDg$%KU2^V|1b@-)fS7@Y<2MRC`~bL zH52kpO!5LLDJT6lCi!Zn&i8MWV*i%?YG&1?))MZXlBx1@tGt6x<%T-V$VzT-&%$YVUmqU?= zvF*<=adIqYPmze34784L(wz{9ZX-n^CKD)$aHlB}F;9WE5bh;KBBt2@hS^5A zmK2GY-atDE*Owv@;{xPO+TlTwh=~H4K)3}IiI}}WDde*UC=xMOfc6sZIz=Mp9nc}d zeWVC=F=v=`!nLGG#OMKK60SQ%B4z~8X~K=7NW_E!og>^7ibTw6pbLbHr%1#c2D(hR zV-$&)+d%n*yGN0TsRSw@Tn!5;5;3iT3JIr5k%%z?Dk7X2MIy!(sDyCiDH1WWfSwa> zE=3|{Gtg_oZKFuUTmt$)xIBtPOexS8!o8zN#Izj9Fg4{_Z>UftVtNAACY%XHB4!+r zh;XhHiI|l@4G6b}A`z1Z)P!*P6p5I|mJHLJaLp(ZG3G!jgd0Q=azB`1_7QFhMIuIf zD8uNqXX~dARDnC9E@MbJ5z~Wm$RCgv(U}3gCprtti5N@DiI`zP>O^M?ltFa%loK(d zDJNo_fbNRf(%gW05}haIM2t7(L`(oscM?wmG_4u?iBQUkm~hI8mI~Fq9`X~ z=5e|uK+PS8OCFFXX>UH|M9eM9iI_ql6Vl!ypan!%LOJvxloK(pfu!{-1Cr*ioN^-O z6Xiq<={Wc!GAzCRM>1p0v%UiQ55CiKgx-iB|u-4*}sk9bg`6! z|2SO&&^w|_0y;+GB~uRmqnwD@4OC8ashlp2a_}Fg%K&;#bfKr%#E#_7r_2mf(8#+qR&mDqT)Kr=`@ zdCI|ml!O0(J`tS)r&FXH{Kx6UK&3>d1{6W!sZ$RAqa6GPR7Q0AoX(JP=>IsK36O1T zwti+nk4QWV%E5n>ga3f+h|ZSN*;5Yw<8)3yLx|1|sEEY#q#XQ5IrM)(gNRPT=|U+7 z|8cqqpiM*<3G|Z0i=rI-M>+TpD4FPDI9)8|;6F~60JN6ql7L>2c*&H5|0oCl0j(#x zR8E&hIrxv$WdJQFx>G>UNxUq|!GDy4|A1B!T^^^)ryTsp=?a175nU0`GZL?aa_}GJ z;6I>+L|4Y?$|(o`aXMx=Tt{@WKu<|LdCI|ml!O0(B8g6c(K!HSO%jxVX2mf(8Cm=7P za|0?S@jNL9|4|P91M(m`38xFC9Q?=WB7hu;E)wW5i5EpV_>Xe%ACME##c;Y<%E5n} zE&=Ex(Io+WAn}qZ2metH{sVeXbg7&!jdJiGr^^6(O?0Q&za{aqCDk8cfpm!u*3FY8F%E5m?#Y9)e>B=bw|8Y9T25SwXlLaax@#HB7|4|P9 z1G-Ce3Y<=na_}Fg69Zi%IyIoTB%V6u;6KX2e?V7=PM^~mQV#y(bS6OOh|Ub?4T)z# zIrxuq@E=eP(b;l3d&v+<8*~UyIPR(7pOIfS3)`Xk8(2 z<8Pc17zNr1k{bpJCi8~|4|P91KLM)shlp2a_}Fg%K+L&bf+Tp$d2gBC|8#$ryTsp>6j6i4-uU# zkgft7Po8q{ALZabAZwyi;B<Xe%A5b5nv*mR5l!N~`ofA+uqH_c4O5%A^4*sJY{0F2*bP`S% zN;&wC(?tL+B)Ui-BN8u)a_}GJ;6I=xL>I&9Vkrmzak>PcNTN#uG9>YmDF^>i4*mn0 zOLVE6E{$^VAE(Oz`byRTr-0Uxcv+N#|0oCl0o9bQKR8`J<={U~R|xb`y8Zx)C-F)s z2metH{sVe1U4L-8a>~JfoQ@fZQG@7Yf!30E@|1)BCa?xfr^Mu z4JeMpQ>PsKM>+TpsF>*VIh`Tp;6F}h0(6(?%z)OAcovj{|0oCl0o^7#TTW+BIrxv$ zIRRZEIya!zB%UYb;6KX2e?ZrWPQvLzDF^>?x(J}9(*6&q6^R!`Irxuq@E=f&wEyFD zv6O@VI9&pe8_^{JDUf){l!N~$2mb+$C%RNlmqt1GkJDuUb(QviKpmU0{Yw_*;6KX2 ze?VQN{U4{xryTsp=?a0`5nT~b2NJJ@a_}GJ;6D}-T^XkhVx`L>I&9Vkrmzak>Pc*F={DBqs5aDF^>i4*mmrL3F8{ zE{$^VAE(OzDki#9Ky668EXu)ul!O0(iij?c)8$hR{^N9oKzE6*2&grQS3)`Xk8BK74*sJY_WywDD6+apAa!Z~M>+V9a_}EeZADfW zLpjXCz|%|8cquAPu5B1yo4lWl;|Pqa6GP)RE}&I9)#F;6F}R2$V#|k0Ky_ zY5zw#_>Xe%AJ7J(E8}$Kl!N~`9WxrUG@_FQ(v$Xol!N~$2mb-Z5}g94Q=}aH$LYjC zi-}GRNLSkbQ4ap29Q+5gjOg?^ogwAmKTc-?G>7QSfOJSa3(CQNl!O0(qKVFy)7euF z{^N8`KoLae2Bb~mc~TDkqa6GPG?nNioGz4d@E@m(06I$g@kpS?BwiHd;6KX2e?Z5H zE{4;^QV#y(bO}KFh%O1J5s8;fIrxuq@E_0tqD$p;X_SNiI9&$NHljNP)R4r>q8$83 zIrtA~C(-3`x_rvPf1IumXams|0W~1;N+<{aQ4anCN+P;4PFGGj_>a>uW8goclLe|z z;>lAE{-YfH2NX+m3Y<=na_}Fg69X+HIyInrB%V6u;6KX2e?W_gPM^~mQV#y(bS6NP z71?pd45&M~e=R5n|4|P91DZy3ww%tMa_}Fga{>w^IyazhB%UYb;6KX2e?Y-RC*gFV zl!N~`T?CL9(M19oka$s)ga0T8{{i_BT@0s-r5yan=@NjPh%O08pTtY19Q;Q)_z%dH z=u$ad8s*?WPL~0cNOY%wdXacpl!N~$2mb-BC%QaNmrptPkJA+btt7f4pq?aN3FY8F z%E5m?tBJ0R)0I;W{^N9v1D>jq`&<^NtJHs#ga0T8{{cyePJz=YQV#y(bYdVsqEiFX zlKPKw@E_&iKcERjr_bpODF^>?IujrlqB8^1B=IaL2metH{sVF+I$KU>PdWIH(>Vc+ zB04vqE+n2O<={Wc!GAywL?_{Np_GIFI9&wLFrteD>P+HAQ4ap29Q+4lLv%5mE|zle zAE!$IvLw1BAPo{PnR4(S<={UcbD~S-bZL}>|2SO+kSWof0_sHKWl;|Pqa6GP)SKw? zI9)#F;6F}R2xLHXML_B#UJ2#kKgz*>K!!wD#_7r_2mf(8#u2R~K9vRPLi{XGIrxuq z@E?#S(J62`Masc{oK6hXmgv-gI+J+nl!N~$2mb-75uHA#Go&2+$LUOfS`nQYkOqlo zK{@!3a_}FJBGK7$I(y2&f1J(<=o-G~JfoQ@fb`4t%lWr5^~pXDhB|4|P91Bxa(1x}|(Irxv$iGijPof=SW5>K6S@E_&i zKcEPr)8}-Cl!N~`oe7YH=*)m>k$4uAga0T8{{c-RI$KU>PdWIH(>Ve85uF>5EQ#ky zIrxuq@E_0wqLXmCP|Cr7oGt>$o#-NgWJtUy%E5n>ga3eBh%ScH#ZnIb<8%o?4n&s( zRFlL@rX2i7IrtA~6w#$}x-`ncf1EA@Xc*C*0;)mcWl;|Pqa6GPWJ7d$oGzbo@E@lu z1TrVOA|QsuE1?|xM>+Tp$dc&FI9)mA;6F~sjKf_u2metH{sZdWhMk8g zP!7-ECKn87Coj&F8{Ec$(ALVfV52!;MGXDdr zAn`0H2metH{sU^)hSk|p4$t2x2metH=dXa2+ORq|pwA?pC*|Nj%E5m?Ds5PugmTz_ zp&a~2IqbgxDYRjAkwBkFyeP`Sf0Tp&fEu@9bupB~{tM;cKgwbM1xUUPt4jjK+TA*jMJ4<4*uhGj1yKxL?;V$hs2Yo9Q;Q)_z$Qa z(J62`Masc{oK6f>o9NVl3P?P4%E5n>ga3eJh)$o=8Bz}Z<8&rKl`3pr%z$o_covj{ z|0oCl0evDmTTW+BIrxv$IRTXsog2_C63>%z@E_&iKcG^glW@9F%E5n}E&}Ko(M1B? zB=Mps_kX;-3w%`7z4kvzCdmMii89EbQKO6+1r<$N69;L41W-Z4EeUe1VoFDA6=on> z(9lUVVRzbdda$LZ{kQZj9yzt`X?v)kwl-W1azsE>s=d%kE$OJmiV$z){r-My&B{gW zY0r5-|9l|x%(I`puFqO~?X}k4!GD&+f1o3(TjO+VEr-v*qxg)3t+MRNZ#aOB!B>#`jFb2{IrS+`f6AM}ET7qA@uvmE{dZC72$>B5%7e@<5ndP;Q> z&;bpv#B%u0a`+GQr0U9?uH16?&*>^bKT};5=y?rqvgPofdLjboG|Qe@?d$ z^aIr`0`1rE7F!PgSq}e!{#|u(r)#tv{&Tt}&^pyMgZ627t(L=omcxIb@2PH$)2+1} z{&Tu@ps%ZLJ!r3nx50Aw&vN(=^slPh=yaPchyR?e9n_+_?VvpxUWeuIpXKl$s8w|b zobI6I@SoEi0^P5=!=Pt1yd##wf0o04pcSe+=5$?_!+%cayM^^e)%iisXm|n3;Xlja zKhURD7jn9=)W;XkKa2pXxnMWF2(-eSw)Kg;1i(B-O&J6)sY@SoE)frhKD8MIZy zYqcEyvmE{d6{&8G)2+1}{&Tu@paVtH->(Nfq2Xg6(x3p{`PpCRS=w}*Uz;gJ{a`+GQi0VR47q%S!bGl;CmsA%4{Zzv%u^j%h9R35fsjkfF z$}NZgoURh|vg)cpPilCRErv1o z2g6(xMe)=oNgg#gX$K6)@XQ(ErTpx&AucTFc=-r&|XKYrN}0%^KbY%i%xE;Xlw&)opaT&6dM|PS*}f zsct*ypEbM=%i%xE;Xlx7)g5rUgOR*# zPFHR@{O5F)pzo-z3iK};-ek++Kg;1i(6>}K)9LChhyR>zA?SCSk42!B8s1{d;Xlja zKhPgk7k9cw%i%w#YXZHfx@OP{4X@R5_|J0q5A-Y5t#P`wmcxHew+{3p&BuDsLmJ)& z%i%xE;Xlw%RJYOTHd_w=IbAzwug1F_^aTyC!*ck~a`+GQtm+Op-9gLYKc_ncI>+>X zpnucwj#v)=Sq}e!icSCLbX}Iie@^H745M(3*AKc^!wXmr|5*K1_-HN3@^!+(~;f1sbKF79-VmcxHe*95xI^najj8eXgA@So-IALs(p z|2f@S%i%w#TL)UF@va9g)9^M}4*yvW|AD@zx{Xe^*>d>L>DobGSKW3{Lc{B@9R9N$ z{saB1>JB*FLCfJkr#l4tXVo1B#WlPmmcxIR!+)SJtL~W7by*JoIh}7YtyXn@&=L(V zU^)C}Is6B@Uv(j;3tJBVIbAVmnd%~-yEVKL%i%xE;Xlw))s;D2x#jSm(^Z1bSD#ja zS~R@LmcxIR!+)T2RX5Y=>Me)=oNgiLYpPoW`l^Pv*mC&Ka`+GQFRF_>U8CjjpVKvg zVw#U;&|Ml{tL5;Yp?%%@HSWu|5*o$s?g-$aeq54uCc3s?^SSq}e!u2Wse>B5%7e@<5ns#IMBbi0OEVmbV0 zIs6B@R&`}gS8h4{=X8~zk*cc#eOAMpY&raAIs6B@Ty-;@uHJI^&*>I|eyHWL2=thS zx7c#{&vN(=^kdb4aW;B*HqhyR@J z5a{G^8Lu4%Ez2&p$!+%b<5cIO@7J(LOc#AEE|15|9K)+F4-02!EhyR?e2{c1}+6?-EhSzF2 z{AW4*2dY)w8mC)pIsE5z>p%~wZawHfHM|X$!+(~;f1t0bZllv}wjBO*x^~d3s@o3w zxrWzaIs9ii{0DkXbqAd8pylwN(;Wg8s;>@%8Z^8kmcxIR!+)S5#(z%NWjXxkbiUh} z@6>YkgBECb0n6b(%i%xJKGlVsE^Imc=XAxO-KvX#=4*H*mcxIR!+)R-)s;D2x#jSm z(^Z06G#^!Sj7!z2)$q(=7xo({b1$(0^%oi!F!$EQkLEJG`tSW;XljaKhWdGe@=JMa`?~b4uKxgcn^ba*6@y4 z4*yvW|AE%4?wHecSq}d>o$n52CAHrCpye7~z;gJ{a`+GQ1J#9`E^Imc=XAxOIjW0* z?$q!~EQkLrhyOtJsw;E4a?9aAr>g|bGvhzdmo&V|mcxIR!+)TKX8h-L^_IhbPPY(r zo$(*&X$^0&TR@t@N*S`Pm?T@&cD8gDZwrQx+&4*yvW|A87*x5nw#S`Pm? z-8#^>jsHNiHM|X$!+(~;f1qy~|2f@e%i%w#YX^N*b=yJp8eWIx@So-IALt>~9dNpX zmcxHecL+2@%jGa=i-vc^a`?}3_zzU5x?@h)WjXxkbiU6~s~WE#RHxwuEQkLrhyOrr zstY+?*mC&K>54&R#($ughF4-a{AW4*2fEt$&*{o7hyR?e5;Vs657esRO|~5VvmE{d zRT%#{UA^V-pVKV_-K+Un1e&GcEw&u~vmE{dEmvLK=^8DE|D3J~bf@Z?K{GYHR?Fc( z%i%xJ-KtyTbZae#|D0|e=r+}@2hGs%Hdqe-Sq}e!7OQTf(`~jK{&Tu^&|KAR2Tj-T zIxL6(EQkL<3siT&=?+>B|2f?u&AEb3|D4WuC->9p zQ$OfA4KH9h{AW4*2l}$=LQWU99R72ERCmnjx-5tPoX+=o*1J&~+MK ziRJL0^b?WX?&eO<$wY&raAIs6COX8J#;tG68fbGn6~Y>jsj zXtIX4*mC&Ka`+FFtGc+;HChh;Ib9RzPrA>y8C0#|wOS7USq}e!{;aw+PPf)__|NIq zfj+PKSP%NLhPT0T_|J0q541#e8=Y>mg6(xiTw}yAba`?}3_zx5_*I%dWvK;<%I^SJ9@2v6qK@&B+faUO?TL@t@O`TMqv@T_xxp)m4FR)$k@;4*yvW z|AD$xH`D3rErU=`>#!XDvmE{dy=(mEbO$Ym|D5g+=zcAi!=T|B-Vw{;Kg;1i&=*yA%;~x;hyR?; zcQ>mFs`G=w8eYJ1_|J0q5422mA*Tyl4*xk_G3X*Kmk4NzhF4-a{AW4*2f9RcWlmRa zIsE5zm7t5v^%wMrhBw)A_|J0q4|IvS{yJT~0$Dhvo2}r{8l>AEb3|D4XZg!y9C`9XymUchqr&vN(=bgk+_P8YTu{&Tuw(ABDo zfPxxciRJL0z zA?PovTLjA2@D^JR|5*p-t+yz4=E8r}xW;XljaKhSHc+vs$gEr#`jFb2{HrdQpwn4=T{`0+z#n zmcxIbBGrYQE^Imc=XAxO0~&7x@EQkLrhyOtPR9EJ7<(9*LPFD#k)Of2vgEYL! zmcxIR!+)S5s+;L_^_IhbPPY)$q46#Pd>L>Doaj zRks~9K*Q^>9R9N${sU!c`VKhVLCfJkr#l3CT*EsoM>V`7mcxIR!+)U1RCmnjx-5tP zoX!_#mR)sz(7QvVrwLdN|5*K0oL|5*JEVZs=9-g!+)0J`6JN1syhsNO?5{shyN^x|3D9@?ilFLs_U{G{$Of4*yvW|AD@#x)A6s)rBpG|15|9K+9DZ0sT>RC6>c~mcxIbr0U8*ovJIh9R9N$ z{sXO5T@~o4>Lyzb|5*p zSPuVL4*!9ssBRd>La`+E4QFYrvUmq&E4$I*`%i%vzz3L8tel%2c2Q7#H zEQkL<(^YpE^vF=r9kCq#vmE{d-K4r>pzjV9U6Me)=EQkLn2KKd1XAkomg+Ye44j0<5(h{<9qYALv>QZ#}3<# zhyN^x|3HV;_uE0AQC)}S@So-IAL#e0I{>;(bq6hn|15|9KrgHAFle6Yj#v)=Sq}e! z_NeX{s7`fVmcxIR!+*;e=cvvPnx?vdw6w=_=5-(Ps*76M6ZyQ)F25-qNEZ7xXI1)|=4}o8{D|bC`;afA z&+a~?N4NTYSsaun{QDgAsv?0?1hzGxa(Tf3|Lo5sO-!$l|Mto9wu7FNum8tRo}ef9 z%XrM!oe0?Y69uulZt8=5-RaA@9z&m<=Zk{YEBaqYWlCSBI6pqBhcznV)SszZB$;nDrzjvlHSYI(>D|J0&^d z6q)-C`3gW4{O61PnW4#~w5DaE^LOvvwJq~yRLmFir>1@|EmlBk_qMb*p6*qDupuj+ zn>=)K*S2Iw)~;<{hpN+oSYxIJcWuih{OdH%GeB~u74lVr%Bi-H?|P7_u}nl_Y)IdX zS+&6@ihaKjtc3SYU94b^aErdnjG51?9PKrRy)%z*%}NZ3<;?cB9u59vaCB?@3~w*# zdL!rURVQ(RFY)X2<%_we@WlewSQLJk;tRFi=r7&XHZd^n!NDWn@pgXW#QW)BY5RkD zv4BZ_vZH&!{CRV16O%;(Q*gg67K=$5q)W>4F(2c5MbRwBvD4ExRx9BvppRsc7Ur+L zwuwVaKXLoff>k>~K5vf}LUVik{JPTay6$DBP0XGx{e#!&x5vGw7o-RFG?Mu?eK%tb1%M0s5#t2>_W&5RVb)n$^_(!C&_ ziyuj!EyL3G`PQ5=DH!sdDt%YE^i6i@yZOIKU*z_^1*^6q@_AQzJJZ3`jRoFL3@|Xd zGk&IbG?G6iE1vFKNZvDAypp`5(h_9VtapMw<)WMdGQ|YYpW1*_w4P68;L%0jE#v@r z(6v7Hr^WpQyREc+n*=P&d;GIMv-_V~+HOnau%^SU8;<^Usf!)TbxJisr`()5pE%lAQzMSIHS8 z=mX&@$P9y}b z6VvoWdZ;s#-T8@vig{g${MbdEpYHDNmbxEcyQ$Ll1@q_Z+FIz#Cs0{24*A+Zrcp?b zBeM`8-)o?$TKMmPa+JHAG@1SjN`K}C#2?Am!?j*KQj*D4hzcE5E5G#r-p;>pq8{}2 zw#}sf-k%84q%>Ql?VbBLYWlXTcFmYoM+etBB~s=s4%1tVZo4B=m^|VOHs6aXc_b&^ zm^_jdUo5{C$gi5@k-S7>az&)v9~(I*_{F=CwH%K(B**5g{PYasACszzl+@M;>fYb9 zB2wn_y5a+CW4>7?0WICZ)(MK=zXShU9$(*Th>)c8};s8~JE?BiQ_7%B-b5*t~(y()OAf z_+tJ?NMUhJY9g2U7w7~Z4Q{$463+R{EQSa1NZ6#(>u8%2DR0@87-qj8<)m;;_smFH zZD%7@ygIKn%bVzL8|M#h;z--LfPPB8i&NtYc2-5kWYuVDgpVY*7f@s6TnFxmlsB|Z z8C~GQ^C4Uaf-vMO2N}CP4ysg>ophYE*?iR%fn*9gJ;_I6&$C@cB%$P|%a)jVg_ zFbBM5J$FX(P=4tvBe%uR6C0i-zlKhh-@#0GfVKaW!~Lzs>NzWvh!wVRK& zb0ftKIAOB)yuHZ34;A5mnE&Op2tLaAUr6&Q@+OBj7m_p_5%P|5+9r^wG3OD66ezJMp6Am>3;(i zd1-HMBvg7l7Ff{vDzcXLdkSr5;&plH&Mk15rlhpJw&j(0Xoh;uC8EMRm>w!rk#+9D zmREw!4{%OwKIXu^o3q&a%Uj@V=*FeriT;ZB|QrIXi5Grzl+b(KW`X0=y-EvA?j>zx}P$Qq{d}a zoTH@@E|6cv@jU3V^k=NjpO|S;R%&KsGKE(h4_P}U&alxhprI(2{xkWSTzZ^VTNNow zP0McZvXWb}8=^ZC?~HtA-@B=TsWg}FbZ!GRS1u9TzyraSfw#ZOG24NFjMxuIn8t)-KD7s{u=Q|&JM$PIka@L5zg7M??~zX+G!1Kp>fmF zB|=4aF1aFgS60gZ$(m`nQ2HY0i*>cy|Jhp`BHYvYGos6B&v|y_4vM5CxT!sz6Wo+T zK%>D@DU^uB0xYa(j?AV0mJh6yZ=J7wNcUqJ^(>+(uhpUgjUuh(H7Wn)HnsSa^p>_a zwE6Gs+$d)mml=zT-RU0&)MP9LL1FYFTDlYY-VO!{fdzHx?4GOGyg3Wzui7r%jP3Pg z^I6C@-t}v&!Ps8!e$W6t`T)pWT91N0rTv zkV(rVhvtDye?QILWaTEe2V^uUcN6BCU)uePLWH$mz4Up7DLOJ>!{Z>@GZ#dsvtay;0)njoU@EIZ$OGyS8UP%t@xNIee#l=3F!;CbQW`CDA#8l=R}O!ig)@;eMH8= z%*A_K`fK>B&_p8X@QxZ>+qr~(fO6Emk0IZ+AXCgYf=qSX3Tohg$d}}|DO?X^iu7Bc ztF=0Q2HK$L4-UNzGG}CA5@U$doL&0O5qMK+7vA1l?mRpzctwh)DULC!Z?fd1S@ zX8YVoe&o!$erNWIg&HWJ<>w^r)S$fsd`-_tzFwY@(y5epADUr?dD1f^hHa*8wcDIa zUdd`X&7Ia*j^}TtY}?b@y{)lq>U#Ewj^vig z6I;oQ)ab5&LaEVReuahcyj8ojN=1{c-zuq7`6hL`tJvGhL^G8pIv=%G`;^w_i`3^H zOi#o}{qX`0Yn98qRp}d;N(|INh>{b=Ixm?z3PxRE9^}zoZ-zYsPz(oqrs;K&z~bbP{tkD zb#qpwugT6E9qAL$of=Rk*t_*xuM=rqcK*@MP|Vh|Wrkv$c4WP@QVhLQZqMlK6JNYf ze9QIQs@F&JIYWc;4pQFXmRAyIXwPLjRBkB#i!x9FF%&UwuH=ki>Z;fSH0%r5)|`s$t;=|Y#ze7C$<$F>h2DKl$84L0vVlSyoD zUH9H}wztFEv+DO4TW?2}lr?W8qth^JRZZp+&UGNze7*$zo`e-l z4h07{O_^EgZHdjr@8SA}Xh*!v+d^w7zJl{(a~XHeZive5z&UcZ-2DVMRm~iGy%}QA zY{L!FEs0-`_nvF0xFUW|Cg>*++A)7y)y&HA4HcIpUX?*7Ur1D?9renb&Vba4NM+~u zI6<>W`YGS|Vv}}L?_NjCu3&Qml2z}Tq~8pV&8=^!sG3q4FCIs@Q!3Np%+WC#dw%k1 z`V0vEHf%0pZ88|?#-Ff2sVF}GVz{96(Yo7 z^9#r{&D3{U^sQiWJ4A33^D9IfucRG>lI_`TE4YLj6HPRymL&Gb*z9Yl(G*gMWev<< zUrJ${vM!dx%Qdj7_}Cl0u3llFO#CVqmFshSd~#=YI#-iGK;eIvnvc&NxkpNPTFQSH z7xPf2`Xyfxf}}DFgUPc%lVfvpj?PY>9=n2i-y0t)k;-2hzmXay^?RjaU+oo>i9#yp z^375UBX`P>AS50mE_WXjY?iru6U~2ua*k@f6QY#dm~@U*3l-8evWpIRRPs+J`6y~2 zi{+_FQely6ydB54WyJ@@ba+9YeD%k-6~+hXP=Mn_&9B_U7hjW%Uy8Km7_uFY4O@uS(gr-n7b;L4SW1$l1p>!bV9VNEW5?dLE!?l)uT2>iWZI@1u zD>}dR0mG24E11#4C2&Ku-+U1y+w(%co2jCN_PK9@N)-*IkZx5ZcRPk#36c$VA; zxjCa9WOP?kfwG-5gEh=E#B*j7~WcNDRm< zR2`i$tMrv$d=`7wrTinkJ>M9))$7{V9h>EaK9oQ*@tk!}ZtC;h>73Mptmtp9=&B=M7kyKco&aA!y7xImU`>7tC09vef{fj^)s{1U+ z=#n5)<6m}1Gl`HGaziF{?!+0NrdngW9N{d2CwhLPQjs(*njzQ{-$;;b(Fpm*flMhZ1(_L&FM>?o z`wckfb#g@7rT$%Fv-~t&gXt&a*8bGX_AJ%+U$8fW)`ePf(igV#zxRUuC;0w-tucW9 z+#8TO?N=MVL~g9EK3yo|P*a#4`e7T~xf;H-W7(<^@{Ish{Xyeuav|DweezZau}h0GE;fFs5>;dvvAc(F>B(Fn=j1vwKG#tD62MqW$nb5c-^ZG zJncKmVYWgXmI^sfqaOy^Q!J%(K4=t?8pj*1U-TbaN&ihwZ~2=!{ekARSLM*n`!AEE zGIi8`VSoy@&9zv=;eh_E76kW+&g27J|<&H&6v%l?*aX$ z=b3A)O!5b2v9yplBUU%xCZ6?mb|{3+99&q{42I;6@fB~k48ZUX%i>eHLrBOBPUK19 zz9(i%Ul;Q)mK&DX@X|LjHwVn`v7Q=8f2S^%H(NdHz5n*Z>p8QeZ9*0wp|%NyjADvw zV#TrHb~bVW^;gV)nWQS}nW6NT9#7k=0~hx<;`yb!9-Qh+4_@qRB2qV%c|6#11;s7v zj-&ac(Dj8iW@+B^P;wK}&i{~aEWdwWEGC)``W$UL&sXO--ml#~5XD)@ZFVM0d(y#1g(p2l(3_vM-nJ0hwl!ag1 ztMG5g6#lS}7XG*EV!5{PsWGX5hKJXi;t#h?7)EF;ca$|XOxOI6o-|Ju+(zdRkZCpj#;7sGXDY=LVt4t*iB~OwtpLe9?4Q*gw zaaH`GX2@?UA{7)`gx=hAe+1Dg3X8Uo5vzDjNFy(ldnGS2a%Z&w4)NT8jv;O%^WD*)zCJT z>5=Rud2$0dJ$PjJQY>c0`(KN3>m|Fe+%!R8-O`raBX^V^@!t!&G# zprDuL$L{T%i9<^FGszJeedSf9e1^+D@yVyS!tRV%bp`s zMx$8(I8x9Me5%SHqE>wJHIS1|9t!s5{K_SN-;2&ki=;qL%Smgc`f}3aqc0`?&3x(n zsic(!(A%G$RT5%Vj$K_K&KUSS=2r;@5Afvn1annFQQC)-M zKIe1~IxazrFt-PffXq$7F^7Wmc&3-=*JUQVvXcPCbKCmNYu z?ffx^W;`h)n_8AWGWVzTrN@Jt{L35YRfaLUlxUxb5fZQWy4k!(C#VwbF<+{>-OLam z4o0^nBIyA)HY8Uh+AoXeaWnjOdXV%-Qxffb*@xzm=(hNUUZRm+A>UiMf>`OJOPNfr zt7S6J1r+2IkzEY66!<_*#RUvn-?feh< zHu768rF~`|@NH(U#mw-Vf%IEif|-KizE-Y$$zn!^nTd)!RMGD;%u)hbbBj%x(eGbR zrR|xX(W_iWD-Y&}d^~^eyQ{wotWVxPRcP~!MP!hAryf58WG+R0b8)KGuw$nR@na@k z%uU_r^^9WTi1kk;C3UJe-qAC9rKR_R%JEYrz?)UXNMk?yqgEF4{@BuP@2}o-O=Gj; zk#XDvMyD1h{(8zZ(r2*QJ!e;U{Fy*MfkvPHt(4MT8l?=-Ob%`ZT|z_e5Api#2Fx96b<$;jUHP@QvumFFaS<;_?;u7Q-g zyb+wc!|64*x;K4&s`>-=Fa*?GdNKWEa^(lU_;7D(!R9Ggs-Z2*t1cuB=RUsZ0S3h( zuev}w!+>D}j~h|I+bZ2zE-`+fabEzsUM)%7$=4&9#xu|+cW?R<6MnQhkQkb({&nWE zxvQaK>aQ8fF#)%WxY`1x?Yo#;kn5+scQE9Wi_C3WjG00rbr*CeMs+7jx)a>l7oVc$ z_ol~rvq~~ea#WutInp%AQPLzM^n#o|sG5>3reJ!CR$69>kHa~;mA*>AsD({s}bhZy#My5e1QL|QNa@1qi z$xTczu~U9bs(Sm=)$Ns>5c8P}J!3!_KbX`I!`UR#o4VJVb)YTKRwEAz^q#cMcsWZG zD-#{hDH;P>phYwX^xq}>9+&JpPF1X%Wu>{HqB^i-aL;&0im7L=SN`T_NFHUdaY?JX zJ>$?!{!JB$g>r41mm$IcrrrEYWS|hcsy_3$+6DcsU>}Zt?Xy8R8-HaA40-0OWOarhr?p60>qF16v==uG$ zr|3OMA)8L@Q)u$nT+LMTotd&vzHVlNh^wCP39$_&uWaNpnoKrtZ0*BwYE!VkG22T zi8P(_N{vKnz$9|?$0gD&7Gy3vnZ8H#we1U9gf-|l#MilcIBWfL*O?DS*yvf%y zyOMcAZF{KS7Ry(D=_{5kmW#u3N6D7Pp*h`kGkP9{XphTo?GQT@Gcz!{SzGSZ>f~7p zbFWF=xu+14C-04K>TE&~8$3UKf69NJ_jdH)(t_kzwooN^Rz{C5Ifm0mk9>Q}$sF&^ zEr0ZTfz+(Rw!-K$OLJrQ&QDjBc60YIf}K~Rl3NQr|NGvQ_x;IRKJX`aSBLQ&y+FCX%q_A zXXz&8uO)}{X+X2%@&-7w<8mSBpcZ`$WE>{ja?MW4VW5u;%HD7}sTQJ0U@nbwne zc=IByr%Z)vGtYG3Buqlc*M#+q{d%>_{)-ppI+oL`DPR1N;IFE;DJwbEA=80eqKAlE zf4&ruxiO;U*{MuI^LT2AO9tx=*@*>qL($5BJd9W$mixX~UAi(>=w`QdL&9ZVzIT(q zmPZZSZY+3uqF$RcJi8&UnYno$#Ie)4vBC8<=^;GSHcS>Z*prtVZNg3X7UphbBH$kd$&GIa;gpRZ_MGvB_d-!gf&w~Y9`_rtm8 zUMmTUhs;&aW<~nfn)EAT12a+{sVS5tD-&M{$fQfIb!Krc6YE17Yp-gSX5PDdFb2u= z52G|_na=#Cc7vH<)@m@BZ{O5!Oy|hsvN_4~Wv`9DHa2&DL&fMsZ9~Of*@>ElWTXF6 zi6~$45)*=(Y68jkX3=lFmq>hqZv&I>-6-GgWLUDPrXcy=1o?JrVmSK2i6P1MLS}^9 z{RD5G#+9XFS*>Q4lhyOWI@wSolQ+RlgS{;cvW4kg5*NE>UTp3HnQt4%H=fJ8`R0ZS zHtH?q1~yd8&oi648lunX*X&^P!vvtS zm1ZXebx=lrL*DbjOJF#+3R3?(DHz!GrD!zpwzhU#D=peY|HX9NZ>#= z4p-b)kjNu}gX6>O{3cIvoesS)F$nsW1oIu0QaC!p?)Sw>)eg!f3-%%vfGAHfUp8lj zqoa)@qM|ZomTI>qRtWj|b|0I4SHHc&cjT*lQsiOfhZ^cwNnbs8383AO zh+y+?z-=Y!H`gnEl6ndSH|43@WZpJ5*Xx**{4hJ1T+g?L=q1o*Ceiq6{L$}RrzI6_H-#s~N0h=MiSR$N|Kw+{F&CaoqfEg+K@S#B~&Gs3SQYF;wm9y2+U&NW2m8lRWE zNY)7oY5LQtMHv-df30S3LaJz7>3-?sx=31_N2$8#5H3r07sm%ByDyKQhaKi7vP<`y zo=}YWYwj|$y?t#wEy$z7`_g~Rlstoy%+JqF0?c|mEj`$*?ITXn($!1*VApOF_I_|5 zSh_Rk>R|IzLhU}nZy!6;L%)y#6$5}g9?!|9gTRG6bft%BY^@K8n$m4ZUgL|)NUk#p z6Wo+93pAI@L3(9iB9HBq!A(IfFY!64qNUO2myQrer>He#%WqY=Wf=b8}^Z+%QRtZ|KAnc(?n+0W9VGyGpN(+yjk+N(RemiH_@|P zqXxk?gEotQqI>bqUg>S7XQuTUi`YFRb1CrwnJf>K%dbg>j2~rM-c(o_sBeXJXoc}S zyS*NdvWASyBkkpx|FYOJf+;@Ab+jzV(Xp@;9&8>6Cy@rzEJp;J-}m$6ooNq8flp|P zw=N$LJ2{)3$)g$TW*+|Bl9kBwwn|W`QIkq{N#}%urz?omJHfqLvG*%Y36jX;QqZz4 zIhW+~Su~DMiSM8Iq|J=x%^>l)sY!(#E6;~=E;#Dm!O8W z!8z~5K2;x^#ez)EJN2;}m9bwYm{0w!yfmA<^v_b0{Lvi}-jaOpSDo95LPj2K`5K^H z#{_7d|?Do&-g0@+gcF@oR*(&)m1iN2OLt-AP{??O1++TF*NO%+_Kp;{k5Y^-joD zO%_n)`Q+C9G#wcg1vgboEtT0$ODgKi1XkJ|+_Z}mx$HDltdzDtD%kuyB?jFPmB))O zq(|m08)$8ae&W5@r@4#3)N$^1wk9s($Oki3a5A00xj`rPFEIm@`a`+RnSqm%r+-$L5UB<61UO_ND8PNc|Iy)O+c zah5&@`mXeF>3q{4cO-J3l*@s)t=DiTsc(XiVMLSOxqb~~#+G7h(-pr!>dmMCqcp={V5aN^FH(@E9U~{?oR%E_i z%EuFu`ieCXp@I*JOnQEnDgRRO^T=qvCWd>>kum^A9{39x0d%e<)!y&YSFsgG6sa4y zoaV4gq9OV;m(ySEdq4W}l7YXFV(66p2k!j%Sv&~Qb0Z|;xAvXn4#=P0=bhjpo3ry; zso$l;*`!m%rmIoJAW_Tn^D{cjIF!RnvntJOfIi>&@-GHUG~wZ)=0Jz4#4qh2!8FDrk;$weN9Dk?E2#?mgMp#4jdTdE%pA z(74!pTOKnbHe8jSi%oeNYHzSbhO~0ST9Ff9nVQ(G*EKF_ne(-tWJ6fvG#Sc{+^EI4 z@1$h2Z|aGHkQwSquNtO@TYi#;(^jy2A_bB1FP~vXB{`<8x4dyr5rthsdi2ttzEWR2 zU`m2;2wMzL+Foa4;T-_WEzG2eD>+x+qG(q<-#-1aV7|9w-W+S^Rolf-JXCm)EZ(ED zFCT)8OY5lxgT4+jqx&ZvCr{~{qxl43&`6MRsubeA8lHMuh8ym`@pYk(!@eQtbas&$ zb$J9Q60?tyV9&6deb9!>=G%zTU7@Vo-;J(s?M+=qI-Swq?~@AcpTye67g@<*r`yk?Cv zr^PS!o=+{w47#{qM7%$qJD$fQUrLn?d|dhfT61nJdwzOw^sQwBkK@QJ z=J0mr(Zq@(S((k+AKXWeuqAqwLGV$rdY`T#f3tKA>8o%Odz1NP=W^wa{GI{U-02*0 z$bEK!8N~M*tDDK}Ra!*PkwRnk*FnaDGL>fx+i%{I2XGnxBnImJW9K?#(x1k%+oJO; zRtDlxnG4VtqU7w64)b_Vxh=7`5}%{!LgT!*R=q1Fv24Kc>H>0~x;u}>p}v{d%i-V7 zKa1e9x_ipZlO}JcPA-@gfiG%q#la@G8$hOc{tRSt+siI?WiP2`A<&`vL zPis6?Uc;%WM?NO6U8jomK^JSm$L2M2+enYIUG}@rdXi$`@=;s&3kB`LCr0@6K?3h+ z^11HliTG_a%_*|Kc{H1TW!=)Qczb(G+hxRVPgvLcd^czLG4^-dzOTR=o!na7R>&PSRdOaH zl{0uTz+``0VOtIV>;l`pJv%-1vcg!+*QNz7t1^98TYl3gF^BY9CM9&hcI{-fo}EeZ ztE$pwl#$9q7pMGR%bmHb&v7*>^q%3xGNs*#>NM3mPfZcWhR2*b%`(WES+ySE3xx&Uh3d$*~g+LcWS=GW4F%_ z6ePEWa()}#ml(v=Ad-C7A77UK_Nw=?sHDVAmP(|&I}3RRWPtY@29=)+q;uQm7nZ(3 zKVIzl{#_o*q};>l*(R1el-YxJXw31;7#x+fT`ohU^!cma%O?JWTz4XJ$t~r~<6Clq zEwaa5LTj5K6R`u^hP2(_@17VKFjlU81uP6^_7mw#*;u-l839iVcnk&Aw|ZXFqSjug zxYydBZH%`uajZ3fA9S0kcg!nqlhr?6;F!4T>2CJmZ1xp10{D~fXm@wCi#y~l`l#wd zJ?s8)CTI@x(gBWhKO+q&dUR>1XM0BKwgYs@yRbscKcmiV7l{8+c4#e@D?)~pUAQL> zruPgaM_C~J<>yOMY>jG%c3yb={TJmKi zEZMAN@+a85g)d%$k;{-^QZ5zNrx@$1&PVu8mrZvkGJW^bpymleoysZ>#e%91*7+n{RRSD7ee z%Y{8oHN^+naV7Wv{x-Ux1#{dbp-9`MY|?vNku2Unqjx;BL1)6{>1(cbD+i@NGM)92 zgiCSGh}ZB=%8GdfODAVaG^!B5L5I0#=jJ$CWv=?WXdt9Yx%gn(A>IYLO(|fLT>9!k;oKbSUG_H zY~XjF(WET6$dsV(pEW%)sd9gxGsKY}DX>$diM@|z<0HckTZ5Too!c*2R}$nfxSl5c z6OANO?p(NCvcCE;$=cNa47!|cl8=AU6Z(~*+vY1HTj?b;+BfvUr#ek;O{5vg1I~qU_L7;D(wWMTJX1jV z`mlp;kI0nqLz<)uh~;JKKjf3De@T(1kzb)x#n+R}^IbB3-lq`GI@M|a<79r#CG%G< znJ+5pS7SX1yTB#vmwggeoJm;n_2Nvy^lZMnoSwNRRehBINBDn;uEp*TWaN1|qf(Ea zn;qC6@Pb>aHM4v4>zY0(y!oW6$DkKwBFn@i!`z-Uj&Nz*qKM4=zf6_k--IoLeS8v^_P-<*~rvDnRLs`Is zS&>=O<*kfCTJu|;#6gBFY+2)#{1vU;*opMU-T)SPhItt`eXQLGF2ZI4uc+w&Fy-$Z{ zu0j`Ssz!bwJ8SKk{gV zcE+yGiIxkKMlNIH^cbmj#>TuZJKsE{p~FT^m{$BSlZp?tAbFp9CaI?0&5J=U))Fiu z%CkXvzKI}H?=sZy>*JbCk|;L{?S>}Sk|)X>7R6TgKP@*&OnR6rUb#GwMO$*2f_uUh z+>U+)CuT96=8|M_(Y5nWC7L$``ZFVw`f0UNT1+X}OQ@|ssb1`0p=QhNuLzRLkE2>!}KzKdDGd5WY_!gbCX>s&Hdt;$*vFM1Cw1J z@S5hj+38Qlvg_p%X@*Gh$}=-IzgXUN$!+qP-WHZd>5sb4yOuq&y!`TUd8em++qHXe z>QYUM+_5CMUkdqd2f1XdEdpgA1`WJ*7C5_ZX%HVCQBJc&eJE3^KNr_LmA5keo}RrmYrO*zNO{z z0?1SzK!5Jl66*EWC`QP2_hbL>?c7R*%LRIr?ED|&=(EXrp8 znmSN1FNZh#Sju|31K#C(^3UWTv4qK`aPr-JUS!4eS!%pL&0Js>+lTa;ynb<={1`A9e!4`S&n>37;UXjP6w#ZxgtrL&nvvyL-d-;RSau1^5 zM;Y+2f}HrsGT8D8WV%zn6vzJ{W`71k z_CRdqQ#Rccuut&*)}m`9SL3~B_I2{7ImTzR5i?fWE-RAx<2vO=yrE+5O()~0Q@|X$ zi4ybQ#J03_BSpJpsT}+ueup{lDp@!1-;|!qkoWmREyNsbzKsb#N_`sr_*AL~6H_A- zB>G{|7nbBdB~_W`)$Xl+lMbm9NlU6|02>V|s-h?3gH7lMH1z1Wlz)I!8pX;Vn4nI; zZCSR8i{ry7>Y+qDe;@D$M-?owXw*9`_Czw z12WfTRnDWk=R#3TM7bE3-0=!&%1=#}l9nIckkm(g<0`flP=n)=Irze=@q1p z;9FMuPVwKZu17f1H#$i-F`4e?V`5?_p_n#4Sb~(;$bVt_Ecxv{FW>16%F+Y%=*#kM zc=BDO`98Bx$KcNG-8q!@>m2lN$>>$;@9Y~!P|^|UA5LGz9%6Y6lb4!F*N`5r{X*i5 z^ik~-5=Baj-1LaS<|oKjTe$N-`Cw@%B!^Ptv!XkK4}J-%b=dgy*i^waP4{&B_{&^+ zP0+D~&3@X+=3vKBZCCWJOD2?UOtrxD00YR;x3mX{gUnb-I@)d82xQ~o9!0mf9^k-7dVsHJ z50Ggn3~|Ng0l9SzbDiYHq5R6c=ZAfCHxWSc!}E9r@Q0U?#}6+Fwp2i6UI5P9`la;; zn=dfB1YKFMc_?4#06uB@inhE?zaG6TQ7=bNh+XnhwE^!k((dCy#J$T;L%z)4{Q?^Y z<-lP6QcunvcF7Kaze;H3?hr2c;9~?J`a(HS*!c)wHDTWdNCf)U+q~3`JrQ*DiGTw{ zU!V~e5YUwx0Sxqwh4NtJa-lWe0vJ(;`l<_IL>=y{4#9{z-d7!l5p`o;?b**K-v6Vv zod7aD`(lvk*=4TZAhE1L0R4H05c6c!BjaY7fwH%KJvXrP*sdm{%l}UsP7!FI#>Q+E z`_M9{254o;?Zv#ngngd6<3?=GHAVmU!DZrK-s(gPZzcd%XnBeI>fyXDW=zhXy|>0U zvu$M!scCxu^7!b~guP=11RreXJCE15XAKCFi{piFb zzp^>8tn@g6@TTO^-dk*zmg@o+7KX}vgb5}d)66Xo1fP04`C2et%$A@rx#sJeb?MVn z6Mi`+H~3(iD@6MC_?=X4KkrU)D8jSh+EaV9IzAddq3_tE-38 zW%HfW>8iRDXGD+6U(e&2Sq8WA7;AbC-Rn>u_2T=!PVa@cA0D!+;q8Z|n!Ue{D0bboAsT=03;DKEu9DCcEw&v^C&GkzD7bv4KXELWx` z@qTWuqu+xIK9-aGQxGfXJbkV4a7sM5CA*bBA7mbZN$iU52{tbiv3>9_ep>48Y%%j% z;z+WK%H3S&m0Ww`FxcDgmyDjK`FpmcP$}?xl!=m z6~93h#;yr&>fmXvuK3c}0CKHQ9_EtY^o6n9)THm|cQ(~^C;w8%rr$}wVp8<21Ep7uL5!Z6v8Qs#-KEr~CZfe<$gm8*a6olu{XxGdSh zCl9kphT_9w*RZ+!rfmGaoWTq47N;edlECMzB@U17;0>7VonMqZ%S+CghgQ4a%=zUE zOow>8g~QHWVpi{YF})ambj~{%K9m|$^Nka& z+pko&|Fd&@^7Ta-%d#J65gqQ#$Q`mFSa&ueW4mh;`H-D}_w%*1o$a&5^4>Vi(U|SM zA6qorI|>)E?~p5zcgXGJzU@}}tD@E^k;~){a9qy&a0J4i8xPRIjP z#W`DfG^cTqbW%&tB30yj;w$9vpF)Eas z&~v?QoeNFtX{7ax7ie;Pxydnqo2Ib4^!P-tL!P-Db$ud_xB`h|-oBB0=EG_u;Ov)NMb>G%s1?HY&qiR zc%(IF&WPQss|uu`CZ<30cz2NABD%%vSbj0D|1%1C6QF<2h;1SyME_XToAOMT@zTH^ zSpb<8=~*Lo+wZ9DS=q^*Iix<=+)As`EOibc8=JKwmv>|I?C#Mq!XmqFeU%z}GKFn6 z8vo2$oNVcjj7Q}UBmS6g8PD^+O8JWI*F>~RL#bRs!h_!#ot$1<_X1+x1e<}87swLR+2hPMyd-+IyC=DPUsf=Cj z?Us-RLN1^o&G5p?v8%&}F?&;@ZMD9)a@DpOB8qIU2^8UJ_3D#tC|493k4Okcp0di*G)j zN}iw1zJE$f%D~&!&^BiN1k+N+OG`P}xn8pN^T>8SF#qGm{F2|xmj)!aGOVEijHUs2 z+h_s}6-6J{0C?r3GyoHqw1IsToyPmTHiIHAt>p`72J#@2{s}dj!c3Y%K(0lSGW(gc zcS0<_eGk?M-k+_zxFbMmD?OLRi|zFv*#N*Ys-P@Ber5l?|+wA_(3s80vm(n{p|41!w>-MdLFNeNEkz)sv@znNcoH5&r5ox45RMLu@ zqmU<)d8h2>Fq;$b>8VQ z0JxJMK1{EGjAYyx;YTk&2O{xq3mn)k>K1$OjiUfv+fSbof*^v>>>b2mlbpk;$njP3 zf=Cu^lrgIcdSLl{8YqXDe07Pp_ihm#+&YmB>R^d$gQ(`$ShwQxVAXZ!aDNbyJ7m=@ z{N12yvm#euQMa0+W&uc^Rp9AqrKj_YXz9xjYQQ%TzIgo9`Mr$tbHtit6r zDd1HU-batXJ}n5`{3!FQ45-AY57%bC^ASn~^p0tOD7*~;p6`D4!mPkeD`phd}bCavqhedu8T}A zN)NYRACv1<69JPGS;dq%%H`nlozlIObK`eM;7Ef%#I(IIW^Gp`KU|HJE731-3{E?~L8<1>?si`Q^^u6=`yHGP$~#Tu~+$SBTyDMVnl)CKnG-xkC;zxh^-khL~LGCKu1qxKo*Ea$R9^ z%`mx&Os?4`SEZa0zqsnl{s_Ys>bBBVXBi5nfe916)3cZVR_D+A z!1~ot$V;>#ElwVZ)drx>%3m9AlmE+oDAnHY^ziU%Bk~RLB@3uzorvhv!1DKP}!Y8t#Jj zFISEwc!#}Z=(+=u%Z^}bq*Yd}#@G#-W}q8xCBdqdt8p7f?ch4XB_c;22bwYks>OJW zh10_Rq8QnL`T&xr#wU9h8eb^S-|BRU5s|_Wi2}@|i4$u#P|Bshk|}EjdhO~K=&v{H z6%;EHxEKjYRdN7?;X;9%r#L2eyZnXAs2%bYPIh7&SLXzOaDvj|nJCit2&?CtB=CA> zTCgeoaFdG{pWJzOG`YH&T-1^64jE%|C7N7R*6R*Q-4kxtXp<|)+X18m%$@R9$^{&bFfywoe$@PWF^{vTu+~lH48F%h~ zm|Q-l(VxZS;#E_3yfBlC6GOKjU+i?d+L>I`WZ?GeY;tiU)a{3tw>(^&Xu19Rnp{*U z;Py)pE-w-1K3qLWFf0$y4>Ymvz^0>JrlKXAqFpAUd9({`WeA~`VhWaFDk67=-387T zt~Y-OKDcJ8|A-fow{`FI*n<<6I;*W`Ub{4XW%DKbZz)>(jD7K=qeI46M%;5v>iUBr zDWhsfKC^to3sW;5i`akf4{>wz`;0le@cBdS(x1*x_*YKAvXy6CMMKAIe|f~cd+du= ze6V73;@~c!@4a-}$k*0h@^=PShaKTYqo1&E&27{%&lS5PtqY-Wn9vC+w3y?fV~i@6TJiy_oU*hSHV8{bujVJH4pw^TjufUiGi&%~O7l{dB^% z=ia*hNSDEt+6^=3@7Pmb^)LG!2lmwrer5VgmuEjS`PZX&#ymZy=;Ps!E&1H>h<~%w z1OEHe@^?ObYuG(Kk4)=#)tGr>{*&Z$uH@$tH{5pFi+jJV+tO}Q`0BogI*xdD>35@C zU#*|jJnq>yLx0X6{^E~kuKW4ht=*STdv50TKWj#>{WP$7#}U)+{Vrk1tLr8W8+!Y= z^*5Ks960@A)bQ`W{$x%1vM9|wwzvPzciNcEX?y$)(IN*_9sGvn<^(f@jV z>fWvy8~VJS^Re}tHVb|lQ`Tqok7FObcvFiN^S6$@c1+^_nyvQ^yEWqNCwjhe$HuGP zKRl}4-1mmRaqp0>wxAY6J3e?{jnm_23F6SPY+yM8ue%Yn4! zr+>Wcll@&UyNs z+x8ut9eZ~3*at#t*Pl4MVbBu`KmYvF-T9+$E6GV)mtMYdT~XQR_B&<`ugXq7l=s=H zKKH-t|KuendyR0lzi#30_Z|BBst@x%dwsg^*eBPPF0Y(E)pFaHqZ2M~S(tu%LDHLd zOwYLH!OViowsejj`(XO11>JI&R9gmiy!N%vS`WT^U%#Fo^|XD|<;3doj%(Hqe{{~M zRZoPye(S{Hi*w%I*(+n&>>IzzTDN6+-}q_IoXy%ic3tl^Z#>&S?aqnwlCF8{5pC!j z)~MyRFSNfnzWcV%)*P9Vx#@|)={F23`ET9}WBm`0UNx*@Q!`)No13+|n5mf$zqWqp z#tnVSz8UlE>h`_g+I!i?PsZHw!JNJ~ZNDonvc>WH?z5$hz9FsX-aA`Au`J{3m>>4` z-#T*H*r#d_{yBI07w^BiZSBs?)R$j=VeY0EM-(p&efJli5&s@}!|?b2Gs^Pgt7=>C`n0+C(r2sVd$*jtYSgyA|FH zUuu5M!H4b~d2ejSzbk$FF10?_vP;SCb7P+@ZhmauFrU7UzHr;xg%bsUq3u-%cHGAd~eLl{^Y5Yi&kyCVc3Qr z|JAW3=7kr6&wMm|-?wAN;yLu$hsS)i;<>w%9(ky9tFc=y8UFI9(yQ$AyKj8`)RG@E zH+TOe?rYyaGhTY^W^F@uPUe<1qrZOn{`cM}eQ~+vr=YmZn{PXE-5yt`wpCfHI_;=D zG32J}3a$vv+B^A2|NNha&we%aSEiL`PXd8eeTPp&at;o%MQxeGvS(yt-YQ)ax8b~DzFHAN7N&SquTY0OMm#YlA^2r*m7=TyL)4Y-F(;ZyLKEtef6hlPd}3WbIqZO zPtv#j*m>cjy}pYMFTQT!+at<{tlDAwCHqLwm76ZhZ2qKQzl_Je4Z0(9@W%g~o0EUt z+Rvwt-jMUbEBB2%yw>r#t=C7Ll2R+~OtNfP4wduF7*%=mf@)v+~Tu{$&aYNfZX1dYjy36Ex zz~p+;h`6#&UAf_IcJ?RpS>SGtua@Ws&#nkwgXg8Y{gg~Q#`2J zfl51^y2U{fF68kP1vgH4yb-%}9e4o72^e~YDjz_m;^b2q5g#wHV-Id+5#efkPOo#J zn>!?gZth!@{HeYB1Z>O6Q^eVXLN^~4qhhfKcX&};=<=?JR>ZRj-!RdgzO~y!m-E^x zPqeH!K-?~DC_|@R3moCV#`VH4O8kz!20ZpLBC@LH_^1;*i!a58M$|^3KsIq=zQJ(u~RP8+G|dv zLx)%(UV07DYOh#!j*R7)!7B~C+t8s74Gu|m!d{@S>vA^R*n=`E?`tkez)7=^+HS-{ zftBS7Q3P?5Gw=;0R9)K!=RZOqGVbgd4enX-1>~J^qKu1>S`1#L zm8q4ZL@cdQUb^#9t}T$+8QJ>t58Y}AaufBtHWxZbL_m_i{=bg(Jacxr!l9}G$07g8HVFF+Bl z9XOqY^C@(6z+OZLpN0O;y}?l5x!2FN*R>Pc=R%Wr+5>;N?buvI#-X+lyse~b))$|F zh;p<`De4H#!g-crtXoveLoKgr7JLYbyvCP_IFI=_enQ?hd~38%sIwi?gdC=@jikcy zh`K|^{DDK(JDhubMD9Br%b^DKn`szmgy7rOi^_i&kW=*P?*UpSpicmW3g4dqNx2I^ zm}^CEX4Jdf46&dPJy_wV4!5s9XB_f)Nu=Nrasn^Vh2V_!iO}txPu2K1!dYU|SDvcz zwcAeBSR5CP!lkhq=UxlWPoeM$)A5e2QCqoJ>YFMriySURxnvo~0$MJCQ1uV z_GTF9qyWPh)d8NtG1TxWtS0en2*U`y8?7s|N z0Urgi6YlF~BYEc4`K@H26XX$J=er&Z6ja-s4CFdN7IMDp=X%$*L#NfXV38o`zjqz- zViNff#f39Tc^^*(iL5(R+W|+psvUk+Bg4QVM#iBlzQsn~FSohc9y<+yobrmO=N*6~ zr|beGIb}Z}$tj$yNGfdYdwpEnQ4MX9x7!0yk`}dl*ZUZ{HaFB`E9Qb%JWIkSBTftIz6zH&)S>NxY!*6c zk~fn%y5RYbQ71|umQGxOc}C4e2fG~*Io8;7T!+!dK0j3xWbf#D+j-;!E?_rHT4J&P z<{DwaRSW0#5HPThqp#r5FHeD8?N&W*``YHckPVbg+{R^r~&?yGiNd^ z$kmvbiuMpwv8Pa)Xd$S|(_PtNm?=sPp;>%`z6ZsX7;U<6e}_A-4jbgCP3L;#5uPQ_ z_Zi`0Pr1wauH?2;i<`^1e3e>%rHPU*L`b?#qQZIfAwzUCJRW|7kP~+SlAQc7Aj!!a z07=3eAtb_a3wV`)x&cZTsay(3O{;`_@gPl zL+7WDb4QRaItdGZ4J!kr%F1SSGmI((T>Z4*q2PmuKU3C83rrg z@NXRQd@6D-phUq0c0h6&$fLsL0|Tcq+&aUSEc=+|XwA9+#hGvCSAMus z9%*p|EPInreee!t@#m=(Z~f+JAq<86?+b zh^FED@roljGb6+Rp~5oNXhg4z>^Zt0FEZ#0NYYvKxo1rC3U4vaM_6!9+IcQ0bX6@P zat-(^*mxgd<<8KR94kUrvx9@ydC(qmyaRqV{GuS+c~)H>vx4H9&=ohqMGZEKs7l9P zh~rkV)mSEA**`eOu=ywiaNSjS9Pb_DW~oiScd zGWt}G3vn4w^^3uJzvu@Y%D4bAlwAolVuU0I)k4==P?2yH!DWT(Ci)Bv!lPMuoaqsj zCc9LVVp+F{{g?$}dTlE9VC)`sOzjPk zav0*?A!2wi0vhMD^{59K481ON_2}6jQieD2-g`V23^oEmIPgSY&{~O)Df{CJFB5gDfvw3 zD(*A%+Euj(>aGQsPMvc4CtiBxt-Xm@3=F$W=+>|#1vsw9Q;|nCdn+jGfo=!t>FA8~ z066kWdQbK{j949#Ys)5PRrOAW$`es`q|(FrW=Lha#T8JQ4jm3mp{> zDy?qHu-urACX-rJncm5j0lhCamH>Mmkt~gKXC!9H*k=gCRt$s&*FK4tCB(ZG7ROR& zO(u%qfMlLrlIi!0@eBuUgl1SWkx%Nb08G0z6bTPbS@GjcuD32;k=UTnO_@=bRb~vw zV-7b(tVB@UV@``o@r|e=?CVBduERH_MWx=D)8)ntmSrk3?ok<;{OQ89lBWBX z(1F^^aZlyg7C3W?BN3-+IB&247g8LF)kclp~_rQ^i1yZo32g@kU(t}ChxXUYAM!5$Hvr-`lxFV!nK zCg!f}psLZFp6j(h#eHF>y*b(7_KK7^`gmB>Zf`*KCJw3(d|QO(63nySeIO(q&$YKb zJs9%=Kh4o%*%CHr&EYRfpnvzjRlzevE99u_iF!$4?tn?k_|rpVQX`gKEt5(`hlC}l zDCio!y1OGKpBjp|Swb_up3-*oMyf~DSBllWDdzQTgf)U+${QEk9C zA$oc2eRIa?0|7ZL3B>TEy=$1owXZI$HXLsa)PlK&(23xmv4b~Z~ z6Bz6&oxy62C1iIgb)MU=cutlt9{Eb18v&?ZzG7~Hk@KX}8K9?+<`}c=I@t))Uxq>$ zQ9|g>p{iyJWKqWCs*KV}tAg;D46l+*;)6D#j=7$;JpjLym36tO%nXa`T~?;P((Nv$ zF&#M|%4tKHWI5RvuNC#kzF5}OVnFpuOaXv*#vuYwCeDFFsh!oDG%m>DUpY9aHgx=W z6ZQ0ZIVkc=P$||E!b}QlG9gI0z4Ny^+&<0@L)&ZNTpXt1)rsMFGA5#d?=htEdm{Zb zmA)5k8!T}MOB~WziT~qOV$T#wje{sKwMp`!*`TB_ho!R7kAGhz6|D;A0zLTF2}};} zEoqekF^R()4XZJIDubNW7CiBI`VC@S0fI^QL*)w|qyMRxI8mA@xwzO;Bf`}3(33W+ z4Y?jm7TP2D6CmDSe_TLdeQl2LWzY4Dz>(&w1#~%})+l6v#v1H_z!4hxK>7j@W_=Jt zc-BK>ykKF?S{kd_LtZsYY3zR8!`(xc3JtMn9aH7=9@)+ob?Ee=xLXaN7H2@SVpaCp z@uE_wvO65-Rr+I8l_T_bV+Z}L>+m>Nc-?rYFE!pJkjdv-?fQqg?DZF;KVryK>p5f6P;O5qzZY4n#Oz z!=62K^fcsa+_n8G=TSdrfNNMJbo@E5!$>Dkm-Ki`uT?#Xjdd?P zgn}Ui8~9;SVPgQvY0v^dV+C_M0A&j3dO#0~%HbEv>COFsB+qRG^pNn~3#guWH#($T zqeIFuI;7E_9n!c4JETaRS!8d7UOiCnh%TUG`cQnK4P}#G1s`$MYqx!hZ(B|ZFON1WN%e9rcP~?x5h$Nwc~rEL16`t zyy`sX<4AVy;Tr15NXJEj*y9^u^;%nr))3y^a@ZKwad6tcQP%GdU&-cE0ZEo#q;Sgt zN!E7(lB~~Tpc40_!mR-$Q+XcHSV3_NGvx>mf`dy%9n?=gd`99&LK#Eoic^RqIKWQ} zUCDWY&IO?>xk-=lxlMCKVT75Xk1#&~Rwur`)V#9#*wa9wgN(w~I~Hv%u0Lw8$aeL_ z8qx?0mPc&K`>qeg@bky=W)sBda~vMUeJgmooyukL+$%~fmVs<|@i=m6XN)`1ZWp%g zg};+7!WxbkcV_A9H)p1yVnLmN5~vgxuVPP#`- zv2|kG79Fx0enNd>h(3h>NKh>WC6nCADTU-oE>g(h=lg)L;N4IV zU&i3}TRkr3@CpNpe?AcXSd_Fg@|7iRXdsIIXW8*g6oUoj?h*Q4o@e0=Pw4I8@q|;w zT#eIrgHaF06HSLf=H$at$qx<<-&K9%DzbG|dQetzJBTVtgks373Q0*GXZ|;GDXzeu zs+Aicck!53R*ulxF5cx3(WDRO#YQy8BmGyr^|B!=N2hlK zPZB_Ax1$c8^q={vH3N$eoiYWV+7nYC3>~Ui5K*SoaZupwnX%NCjWK8HvR&(#;YNm? z^2<}IaIPBtu{kTeKM@t)8<1Q-VTG>{B%cQ8N+FubnNq#=qY8Qvkc_b#&~y>*03fOS zn$1nBy#57HZ=@HYaiOVNq&x^vy@wUttID5>B5`cFQUo{1tRJ7zC+nYyP!0QiF8t~Z zeB4^KMKt3s`WGTJR~fd5f}U@@BP!nJhU2Lf4r93grHIi6Ic+-67+d5FyMcklx1sx}{k+a$lW%cgb&p2^+`MYvgO~Wwe6b1>#bqxn z8rj5xXNZu$tQjfK*{f|9I1aOegpBa2E$6kidL>E}C9;W1ckRYB$tcsOu5?>+dIZ+` zn%5qXg~NGKchRQlTGpF4T8_ymhqa+{U`|$*Ewf}Lgo;X#jT6J?Ua@<|A*T*f(>fPO zRKvA@fzry#u<4c2K~zQyQ3w)mi-5Q~B&%fzpk|^F0ED?!%ul?krs*Q}t#kCKb3~~^ z2`afu^=Z9Q$*UZpjg~4MB{7%k4pAz-h}zwama&5erMxQ6=1T97oF0ai+~&3a<)BZm zK~;gqF~=~ka`iyAvbHh-1)FN?K2y0i{+)7l^(>dDMld_uyXX01$<*PEmW%^bbIJbW zT^4L{x}^v|dOsGXV3>TPljFu9UVE}quV zXS%Lb&c~XALOvyU#2%lF?F)!qeZWQcT@WY%g0oM;6@{N++8cmw&*pd?hNIA*2q2+Z zS_U@}l`-P917=AV16?twG;i+Ag1p@L{&5L2qw^E`7Y#^&g2aNEN&N>T4k$_}OpG5; zSU4atW#B*~=}9j(&BAx2g|mz;wRE;+!Im;-AFY)Kx6DL& z0{lW+o(HvCfZD94SVUp8i?nc&1@mw1oj=)uWTklpAKnl_AAe10k!nAE71gKRP7IEO8{W3^!Sa5Le+O={biKKNdj49FSji#75$i*(JovJBeQu zeulv!fiSYg)F(dAad{Kph(ms#idvIK5kD@mC?TdWHgRTLesp1C(SW$5g!}>d{qy2y z&WtTeD4N+6@h?JyHi(~=XD`f{Up6<-eqIca63(LdXhXp<^9u6HMx+Uj;fEOr^Oua(4MF8f@!nO7+9NCEtlV*+1PMXHHZzD=KtZQ$E z`YAv%)Kwt1WGF(Cp$J(uvXR6c)*-9L)0q<2Ooyx*6|qU&JqpK(k;HK>MaYV$mc(uw zhMU@xKtwdyeW2G9hHOUTEk}ML&P$FMacKYAjj?DHD-DR9Idf)0Y)pQBVoXA8et!Ri z{P+O_it-BM2jmTii7#l1mD+=q{7@Fkk%`4+g?R;8d1ZNX3+;tvO^OnufB6N)X}YiI zq|=_cP+EBBLIHuV@g^z1bu#{-c9o3yLhmwGqjn`p2}zO?vTE-kw8VX&LspGX5lCF3 z4w*=`;V(&LGzf1}B_p|}NHtK25Jjr^f~1&)y#8@9h5Zu~W8#t$i~7gLClr8WF@-U4 z`3X&tD#C+Q=SQS=h+#uL_-GSn&n+w)TQ(_gwmoBZSz$qwjozSb63X8+Z6m#C>n>JD zy+Jek*7dU&L_Z&rPtjX3ms}*t2}zO@vTE-j2Z=kNLsrcK%1B(04q3IO3Rj_U9xe8z zzs&|biqsSvbg9n<2?GkF^NQl~3X}5V`^O~a<;V7qk1t3ljE2B>JqT`Pe0f|Wog?R(wqvK)|qZ4N)L=Q;HPsAu-W?WHp zVst`MlOiA#v`iKQr`!dT=9kS;LwWR!FxDnTHm3m&g!0jH9iz+TNU^bgKg=C=k)Wxs31W38m9h!A!gf{ArVLaz7x1fFknu|G0OK3a$t8s-f?_ji6It#Ks zT5EcJwAA^J-wCAn&IsUGS{y;yzJ0iY|$x=#p`%k5A&_6>f&Yk;i4YAn>;g z$J^2pXH&Q+h4YvQg^5;x5_*k?NzNlSj*KmUPU7d;EQ~5@tY>U!JZ!`PxwJ`L@kbcd zEb!K&ER1_Z+@yr`91rIp9>&9ME^s`|XkB#PHD*u^6uPy}$t;|EL@Z|8Mq_#cM3SSY zpApE0pJ791lwz z$HNlm(Yt0KgTFT({su*vtqtQ4Q5lX6X=u;yB0&66tW*#alb;Y1Q<#KNRdiBpY<&NM zg1ChE{KEK|G4b&+g-!LY7e2@`MoaThkiR=xl2mMP44jIZLyam)b6l4+!+@7$BqYg5 zNDhc3jsqfz;}VI)afw9Y#No3LSD-5zd(`2sP(CTgyT#$STio1rA}Vl@kNsE-HcM;P z`_%qsh=Bs5x?%U#VfxXqcl3o#H_O}uKN`b-ZhLT zH5X!@j7z&UHddsmm@;MHz=_3V4&%N zL4mIj5-hgS!5N>xn7uugS%T4i1A6-T1`iJi@v{Vv;@^Ode!f_w^9=~-6k_o=BoHo< zW9D{2F8E$67)ct7^%EhZ9A)I*A2<(a;^NI-Yv zwcB`d!1t!@I1PDa4LRr}eyi~_Ouh~n+{Fe)>d=kyYI$D%+i##ykfB+@xnBNt@R#~+ zr0|^L( z{zdUgMTz~B;xH6QEXto*kWgSW(Bo(vo(+@>+8kEM26`n}c1XBUWn|cf8fmmgBlYQu zxJe-v-{61%t6va)0m1$7H!#5B*A^|-8W0fTkBzjHaIALVRX5}l3I>1JaXQXZFp!vZlb0wc$WIg$GLls&K%($73~E9cRw9k} z{FO?}#(9mdj5zE57fBiP9n<>eO+8ZmVKT)C)+{f7}4 zcBkNsYD##q;5>Wr>~ge6x#7eTa>J;p<%(cLJq=#;(H1Na0aaCeNCwm4*&jsMogGIBTx?z1Rj^WJ+cimQk5$SysY}OObZ3)I4 zjlgnLMo5mz2wAl!5K7{n)*-9LQ@#?nL*c$txLSo904m9FNjhZJvJ`Hj!sTFRzMVKa z99zvx;5hYWb?vMa2jr&L@LVw))e##dWu$^wO(*e7!_P2X4M4ZaH^@d~SlTxHJPk*7 z#yE~01IzTF*T{`&GHw_A+PV3v;gQ?KvL)Eonv;=NZchW#l@=~6EH#E2gERpZ%4iR+_qT#%5s z^$PbmI9hWZz{8?DoJTspx4Q;D`V9&;(3AK@;b)j|1JG>>K{hmorI4G6=)=4iig6ew z3_pvTp>lKc%j~&DkY>3!xG}$=Fn7UxF-;w`aQ^H9+odV^vXt-_5DWdD5HoE2(gZ58 z!-QD}o&&z_a=_=Wg)|HF6i3}8-nRvpeQyv6FBFqYqcaW`iTNY(lyDZ;M=LL$U1V38 zV`v8Bhh9<65_@P9#PV@5ClvvZyoLFWvf1_}x%uA8Ej{>?0$kqpF*r4ifpmj@#AH0@iR|*xa!iKZ zwXepMBqwvJ*_)G@CdXU6$r0Ece}t*<;N-%2jdJpa201xMum&d|av*2sAee^+(tJ)iEh>x zwxs(CF7E_WZYtfD^)no4Y+oP6HWZw zllVp9XBgSojS*V?dB9jCbd8rNGve^WqP-bF2rsU#6&64M%w3RIR+wA37(=jmv)r<6 z_=qtRCJr7mG(9)BHwJ102hMYpmM*Ykl;-73!D?CpCmG3e9`Pv{g+Y$MW<7tUGtMrwSSh9mNijvpN*2>3?w}4?MQ0>&q`M5) z1r(LI?mA@EZd16s6z(4~&Tu4TZ-Q}p|1HL0r|88ZUQWp|&kAZc!7N=ASUkPQ@^UB*PHG5+_(f;@;LFtM*@o`$6H_gOV~_ zCmphCH!9rC3b!iUwL>jddde6ILQmtp)^H4-`ChDI#G%aU*%Yf7Bvj)jPub!Db0|ew z@{FKrgPb9UJZnS%_mIfV7XE)RV4+}O@`}t@&av5loMD5L@NFwp?t;oV9ugbaV8OO&mIkR$^ktM)Kbmbk}t z$f^aQ@+FQ0k>Rjk`Ww{LaxFSRC=(2>%JAV^x!rcwb{{YA-3aB=&2aN{RUodOg|33) z7<-_uN`@*}Yi!73F|rNN1_81Qh+XAL{0i_hOu7N+Hd`3O@rM%WyJ)&6EY5-bgs(hM zFxc%SARb2W)hDW4?cug?f)`sbPo|%S-=9(VBTR+8Y)LNWFu8N*7dT1_2lY?E`btXp zQ-TK;j21|>%p#*$gc}QQdVwy7a7hXG7cpcix$|%;+iS`brMrE!AtD(+H0PA?HHd{r z6bcvRVm4M#DkE{yeX$7CK}6z?pN!;-6geqMetCUjo$T8Ma&7Zi_cGy_DuU=c4I z`K1cCuSw=mu3^U=gZoSEai+l^ z&R&@Rvjj|&(J9Wt(3D6jtOw|%iU5YBXr-A+krd8lbebn1{7=i@o<5VqDRnD0=a{#5t4@}2+3o#5{GpP;cL}6T#&fW70w6EM&fuYLdNB_ zFNvc9PKk?GxPb~s9mg^pm)&K!c?wsiaMvl^a)oZ~Nx z`NX4yVvoYMA=kuxum(!=PbCzk3S?S~j@}Z=5MBMfJq*zWjXCv4UjG}>1xY8&lMq!D zU4wPEA-dq?;K5URk(Vw+dXbuxUj1QHdd0)0^rDoc^h$+I>BU;7^dkQo((7v_y$DI^ zMMz37iKFzAI7%;xqx6zEN-v3{^pZGAFNve{k~m5)iKFzAI7%;xqx6zEN-v3{^pZGA zFNve{k~m5)iKFzAI7%;xqx6!v$I)6P?kOFzYA-3=Muq#g!tGZ$F4|S%VT-@H+S>w! zxY}zd!!C)2+!oSRfcT@%)c)n!N%s}yzYHplhn&TT1dF}K@euZW(gch3n=gd-pb_@M zxhel(5w|(IZsvq>F>^BR3^4W9nx48`t|7DA^dit=eMF+3@ShVsVSWdbqW9MFF&U8~ zV?uIdOh_`P#F05A4jsIJg4wm}xGW?q!||kq45t$nH&dWz4YUmsg8L-mD7g*Ts3=1! zcuyp!B0X=~8gW7q-?u((|MJ+Ko3?)$RM7U5#%SB}!f4AAcSj^6lrAuiMo4zx=U@1# zAhH7s*AzRn(~k);WAKP)#>SA&hRhAay7lIhAJK5gCo>eE5R!aCNb-rqkxwL!d?In= z6N&2uYD!!`9kOZh5+O+?LRM`j zYeeAo>X4l0N*w38GMu~ic@g;U)&Bd)!P!LZPpe=1=W&JnJZj&3TuRd7vwuPhM)ssd z{ky#lQNy^dU4|NzvXzje1|fM}TjCC*t|X2vPvS6u&~a{RtVX=QM-A?>Ep37tC%Ykl zFsg?hgyQdA%$sX$2HE|Itc_)ISkNjC`S# zFm8muq9{Q~Qi71Agv5~&5=Tl%94R4jZc6Z0?B8n>ezGF?%$@``=Cfu;iQ~9R;@s32hIoIk4asqp`8F?mLmJL8 z7IYCH{-`!|9=CZFHB43B__%8FKk42X*+hnh`V{Zp{kT3O9ImK9NK%2299Kyk$5j%? zah1eTrb(Q~-TnXbO3W@oHdlIyIFwG9miSBUU(zV@T)-5thin9mPV`zrHH7;j|9NXQ zYx)?Uu~W@^7G5*O3)W*+Z#$KB!v^OE+vtZmtz;cRAAbew%$R1DBd~0Mge2(+S+#Wt zC2{L@$jSqOI_?{VPvgB$aj~Z-VDEhjqb7`C z-uo1zP*QI$W1bfLX!Dk_G>Xgqa!qmIKtl-VT=sio9iIiQSKjAle#U+7CT?NNmA1xj zVTU(;3tR4B(53rG(b^O*$CsNDBmmP6mdM6t{$=xRp4HTZyBPmAGRH z*9H`qxb`}POCkz)zrw9oxD5&i<;KqAk$7Oy5j3f4dV$MtjgO;4NkD9M)wM^b{PLVD zV@B2Jqpm}BVX%%ON6nQ};M!4j^|@MqJixj5oNFJ>%mm}Ln4eDX;%gR;W_1gT<#x2v z#jjps;5({#>cqkuf7+e+#t3Z^Ao=_$8~sWAR^Vrtg#aS)qaRIB9Hw_V*(@pkRP}@84mj{9sdP7AJ#Fp zQ!Bvc+7{TIVQ+=q6ZY${Nz-cBajbJ8m#J`B3O7UH z3KXtV;i?pll1Jw8u)?9lI_?vNTZ~pF!!6Yz9Ozd#9+{D4=8+j0jz?xBZoR_s$c)5E zIrYC(o&6i?*1L}ddkE7Ge;0Sr9q!rT1+4e#a-q?+U3o9yLKI~i?Q0Rr)pW1PVVlRg zFdG160*#?F8z2XAiNxuK-_DsNC2wyX$8}djj?__Qt;+vU6kC5#5 zB#!-_#Qj@^+pln+DBKqc$J<0QE^iabxPuffRpC7QJ=J5e18n8m>)KIkaqY(w2S?61 zxBKe-+YjzeF?3UU2oHyL_eFA9Idu!;s?v{U)#XHAcpoXA@CXvJLp}#S1z#e2Mkk=g zd&XPfODRbyL*v~uGPb9`ch9)Y%ip_aTl0|8t?GKpxZL zS+Z543IfHQzzgU)nPf{u?I5CeLV|wyl*YSQF>2Aena-=~U96=8Pii&P_s;moeXqx! zMH^G!>n6xWz_ZqD_|;SG+h~`};~z9e7tAh?<|))OB@&sJhW_$UjF3o_7KR}&vR5W$ zR_jRamyo1AVMEYpypBp!oCjnB-rE(WB+CY3L|@ILb8`8BztLzV=panF*+2i z#VZ_-fyr<@1}4K@t8mK{jz_*^I3D?u;V>rAac?LbCeJ$VPlfA(7BAy=*CE{JRJfB0 z=i_ID^VcD(7Orru6|T3!MJwDtk;?yMs!~r3bFd}FupLn2V)%OadWu#j;;S^xm=%#xX_^qZ_1_X0CZ1=9fhsfC|K*DaQ_>1BFG?H-Pcqy}g$qU7lDJkn zgtwg(uD8OCgErP8B6f<>54zXC@Jxm=eq0d zuYH6C(FTuYaT!IbV`YB4=XM^7Q(K6jX&7L|VWi?#oXXWdXh#yG7b;FYi={?6BOEX0 zs@>olq=_(a($0F^y&Hnq|X%_}dQm^ZVuQ0Q%y zt67w}(fApLb#VeeKm4L}BvuA02tpoH55$Urmh;UtGyx8Nl3TF}gaO)SBgB2z9RlhE=pNyl z4d^}rfjoM+8v)%fa1Q}`TtF`ZO2xMah#fk)+_V?C+l4Q>QSA-^anJuw0gAl8JZQ0Zr9{r4*ziRtt^?QeedP}Cj7%N5~5)~ zpWx@2{w255CyakY-Yd}+Ug@R7n`LHPe#^Wr_#=#J<`;0LQlAtydSr5n7#nd?DAzLD zH?fBhiBdcuN|KE)Z~UE7Dth$Zhl@bGTSQ!`hB*Q`vSwL_R5$(zKUd2&9=3WN14YW8 z8wGk%zR2$|kW8D)hX^}!ysl@Eqs(^&t~n@2UFAMnwQ%=GqwgW)6DeRAS@(4DFeds?@^Ww0-NydFZr%Na9-fRy^R(_}*GcmX+#dS{TO?Ne zB_FZ{l6pq=$023N_iw<);8?4HeKG8JV9$ZQ4>oz}AZ$|nJ=pw||G>Tn_958hA`Dfv5ixZf4- zoWfbr>ScN@bjYd|0@`L{nP=+|boHokyl^hd^1Q%aji;cvI(h$XK{`PIaD1~bDJ`T&M0 zwMI&!>5u_!MwYNymMvg9&|5SfdJWMT^m?==ITj%#$0CHRS|vhBT$K)4wSOzzeucx* z$fkg|;FW7EWTTSDvy57bQguwuh!B?{u6js*Jd5y-!`BTnX{Gi(Y_43=^vZ z?6+xH$soJNN@v0Q;YVZmZ+x71NfL(ZBYfTd-tRxvAd%5t$I+Q5<5G~OchwWn8hQU| za6v&PG}4Ypn>c@nqo@e7mTM7RPy!!Ko-fzYT(ST;bQ3H3uzSN8Oa>S_-!V_>q-|vc zg4i~;M0yJx^>n9%Ka5TeM=e!&IKeA4J)7j25X5~%#KloBk#aEN$n}qlL`>GAF?u#? zlzEXW9n1jlq_ISdBTLy@ck@Xq8sB;&ZFf2vda~B&$yhlp&6Pv_N34uirpn+`izFpK z7!TBm4-Ny4N%BKlYy1$!+%teS3~9*O92c`D>c~g^mR1wF8IJ+`LbHz-9t5aH~J<3)aTs6!G>DiEXq-z)S z=>tai$O*2`@zm95&GpBXcqah#H8XcF7KlJwg^R$5cKiGVpQis&iNn*QUqCN5A?SKf3m13d|9x#|UsQ z&JqY{JfIXbg#fYCmIYjZctduG@TJI26~2M^w4nmWk3EUsYWxht)c{XJDTgeD9Ao$c z_(A$AbK*X>G*NBh1-x}${{8M}P&O0F1Y8io&oh37@Fy>8*my+?z|YhFE8&m!2=fzu zXTTXFy}B}%nPsGXZ5M{5F-gg+`HKq6#ur}Yz{_!bQDxvjNXzksMPfAVgQnNutUf>t zkkNKU@|cGB?8B#WFW4VZg76+3-o`3~tZc8Z;xb<;=PThI2Ng>x!jDv99bLiz+TBPt z4zfNCvlg!Y$||=DzwVG?!2-`&2IEM47lEflw*FFe^#oh6^kNm>%{A|25JKiyG9=Z}k z)>2MW(s1TLiM3m}$3VKpBFvERGbn|WByyS>7{8aMYJHj0)#`nL;wQf zO|DBsSfgUz6y71g$&dfl<3o*)=Tf=x@!Y2qGij85A})}svi27Vy{Fxa`U&?~A@_sG z4G9>`W$u>s&=p_G!%tTT`M(J4H5b3D@GHZQgC9?Jm5j=KI9W0l5t#uePGmHFVTV(i zEKwd!dkC>wXw!9ffc878p8h9v|3~4^u7z!wH{T6IeqY>9(>QuNt0TK^RuNV1ui~CU`vTsc0*!y6kEEVs=o(=m$*ppy?3401` zO3W)@pMsqW`%l<;utV|P`LHQ9#Smi zw@~43Q8@N-GCiJ!l6mkfl*F-TlQ{Nl5_eGH4k_G8h2u#n8LpYH5x2PxSv9`PDAP++ zIQEnh$DUHgovd(E748~^yI$dLRk%A9?iq!9PT^itxNQozPvPEExDyKZtHM=a)*{Qd zLWiJ_U*YajxW^O@BOd)bwkX`|3MbBVMc{_XPq<(b;%epmz0MJ=cjY-DwI@~{bR;fyf(tjBp zQ6oNEYe;N}gg7c*UnBuK0kpG-ksx@Txs~U~+}t1M?W0tbY%pgaOIQ zV}<65>P*vuMD?CO`wbkJn_JqyKc8qOZ;Diy8Ec*d$u-E4kEHEDTxinqZWVQZxwb6^ z5<&{0Hios71B+C^G|wV)&w+@swt9{9)}Gh>AJW|~>FzDM`xV_S_G^GM)>643N#j1~ z_cL6abQ*?jI~B$14BMjPZ$Xz%nQ<#@wxK&=v*dTfz6ka`usPJZ7q$)d{jj58qjX|Y z{4nfTxL<%h0``lr*_<(4sJIe#6l{tgoZ6|NaK8k03G5!QOJQ$9c(Om_k~ms@8um?a z{|1}9{Riw+Wmddg_o>8=!DW3O7UH3KR|}F7@=z>5!GDDs@~79kOce6|R%QU8-<> z6>gxyr6}A;g&U)AS18D|5Q^)oKO1MMc38xk6ss^oLyDr?EnsxrT&~;nqv0%@-6`Fu zagMr$G5oofXgqbzneG5De{ZD&*C7$_mu{IS^B9C5r!LZ%X35Z|qrW9DMVCjnDkf5# z&^6kx28m8F63H?b&MexX-(pY3i5x~vFg^_*qGZS8F9IZpK8l~snH}m+REhBNhzuFJ zfL*0Xo!ziagpf+xd2Cze=8qD%yCVI`QeRt$uZ10mai5Jt4DU5;`2|eWa~j7K>UAP= zUC?wwQf?1XEAOb)tZ9HtqW-S{wMcowGHrTnayTYCZJ4$z7 z47(8SOJV21j)RScU6BZT0&McmY}m|)>pXIOkdRy-BxL1&k?;)`D}@rr63cL>bV$BH zDRDetA;Up%>ftz_lDMG?H%#FQ6pn&NhO;Z&Vui!#Nly=i(Zf-#$I3c;Ckk4vE`HKc z+Eb=rb3M$tGi=$pXgD3;aX-DrwX^m&F0Q_722m2n|jhM}9hqUjcrG>1P1C z%_hij{GnuGu}b$67Mq~w3ksM}n~Zl8g!IQ?GD8fNjDXCO>C=9&i-9#Y!68G-mMpLj zE}b=^VB&lM&mWvMBCBlv!ih^36pC@=<6$geZu!+BlxPFw9cjE3e)Pf$09AaagimBE z(+17NM(n(lsLW{5T#0KgVs?en1wWA(hrvArj#s6xV27h!-o2?tqG6+l55}=%E!`z+ zi7nu4kt&kHkmlxus#;x8`$hJbzFN*>hM5ws33j-Y?d?uHk%0DYzkm^ zaUB|BO`H=%GZ3sl32ZJ|pO9pILROw2)Fkeh4p{|vNE~{5;cI38tcUBWLsl(D;o=pJ zX93@}F%PE>K{LM!_mB$5XD=~tweV@`lDgs(*z$(jeZko1M0Qr@Sf2bEuD?` zRp-wuaO)2cVZo8!f|*~cn;|~PJV0dLQf1y27}i27?}XLXOqLNJ_WwuTn}A1Io$teM zl1UgQfg}(RaSIUK7bGA{00V?g0mGUgJ0zIIki=w$MNx+i6w@(PYu#(BEp2UW`?HJH z+C?CWYu&B5v~_6}MJr+vtk(SR`+3ee^Ufq7?eF_v-*;W#fyr~;`z-Hy&+?q-JZIy# zU)7WKL>HaV=^@k~CKZyM)VrOalu9AtNxga$6axzHaZu)&#YanhBg3anZ@;81F6+0ELQGXap7=L9Bo9Zx5g8eK0vZ|MI?`uit2J>hCF~6fFP+HefQ5Q7J z)Rr!R4y@b4j=^}Bm$7YCYX*)~X=g5skeb70@k6nl4V$h}V-4Al-zNO58D}kqvNo|P z+1f-&({Hwa)z(YqGY_LmHlJL@9M(c*6C`{0n@O#Vn|Z3Wk-FJsDYcPlVj9Ncw|D^l zh&fDcY#KSCHasWXT-$Kb+(y>G+LdNirGn@l$K{_P9ImO%h@325HQj{072ts{^}KWN zQCUdhxcndGNtJHqY9`eci3fZjpZno~m5DrvDwQI<0HP1pa+WW@s9LMTH8vIWpjnvPsn%;INeJ}K6k7QSxaEg|bMVOI_4ejS@!vpF#^@%uj=|>wXrL34RXrOwd0nqf4u%yQU~JhO=o^gEsrsXIs{SA=8?3@%tWoNZGurC! zCWqbTu)jF$O^5x%Vf!5Rg~QTO;WfT~#)b`a4ugJs*23t}bhAnO+^ncyuPN0-N02xO(PX+N3F*CCzbWSb*g2 zg1SricDwJ1LYIY3^nfZ<>4CVhw4Pz z7cIxaHIao#vBMIGIQ7sv=rgGgH8d>0j&TH zfU>-MfHGglO6#RyM4R@1wCP!_itRG4sAs4}iXk4cg+y_vSb@VnaQ;4WSP->W{V~&N z3waygX9bRL$1b|}a_`G)yYTpppAlJ;Q)iZa<08JX^DFAQEtuWW6u@fjVShkkyf&=B z`1t$f(hOq{v(ehQao`LiTp0u>BD! zDexAc140k%%&xZnLHac2y=>R=2ljLewR zFQG;2{mHP6=A+O3264|LD(fzOif^w>Y28dS-%yPotGk-R^|h{bPnkEZ>~M{mg9i3* z`T?h*QR}6FiJmtojg`$M%{2(d+GQJOlh$volwc7_>dF{Xutw4g`G{ z^kmTYK~Dqy0FbTB`nj?yyPV1&U2Gwvac^VGA7AA&@ao%vS8b!V0rOl z@mC}}XX)S8T$QxBm~362_@rRPobq_EBR{?ucG_kIm&SK4S-2SLU}o*ZCy*gf@>>V# zHp?3TTYqFtVyLzWh&9uU#nvWv$7~UN=5Kt8`zaSulcT;VS*EI(vCbY%ASj`-@V6u- z{8MnxHjU&XxIKjoOubT>X<`~C;rE*&{1J1A?tJ2$n(F#`p5DH6BId!u)$YVR3cUT% zG}64LmP;p2pJN)Wwme3eD?)djcxkS!)y7FVMvbmTWn*PxI3lCKeX+*av__gPvzf9e z#!JZj&Z=atRnp9$pTQEtRVWN7qFQPZLfH?cRI-F_BDQOY!GaYbv&NYiYIJ!N1&Ncy z@wmgu1#AJdM`1|?Q2*YO% zfoK}>oDkY86_md$&zq5KX2f)Z_e8hN`oUQ(W?*kneia04VF1u;Mn~ZJXwXv7V?kLT zpe>7%0sH|eRAHSq71n9PC>=FQF}y=;A&>J_ik;!GQ4SmHFpB8vZ=u63c37jsE^`>Q za{As|97dL*7#W4eM@FI8;|^opSL__H0`-U63Jo^dVdpt)zQZnb7#WI&B}38pcv40c z8foMLtRoGSOfSlbOe)@1{M@Kn!Q30RwFQ`y(NVKmf}Z)njwbL1`XK< z8~=yMfaxjAGHe+399Is&A2CV2edkq{6PMT5uUNkFViDUr9iG7!kNybe@YmjPi9-aw zp!JT}Jx{E&wqet*hB`s#cdZ;`1OBR~u36u#rGDQ`1!AsO-*z}rE?&AzXl9cQZL^GF zs8(05wKU?+EVaBtWCcuc2l4HUl>4lPOQa{FF{oPo3gly|!b-fzAI?4fUpsMxT<7_K}NKWQUrJ#W*FQq8ek(xYSIba|3q9;G`DeT^*ZS*FM)3~nw2$Dx3v*4 zg5ig$&)juE-4nxxB&=^Zx{jfZVY(=&vI^82ED!w)t@)s~U&_TZ)ICwQN%l|2fU5uOj*T+^h+O(?ChGVdeYqqRVR&1BUUNg3kH(&QH z7k?5D{JbP^U*v?zu`dFVeer2|vF#tkKFwO&GahJzZ?84IZG8S7aP|(&UP2V~E`m&< zJK^iZX3MvVzKuD@S`20Rq854di(2Q@(#Ba-_x|liY?gkLy8Va(_=PF;gYV=!hU0fz zkqv#Q`cc2Ur3Dj}*gzIue}47)xsCQgW-fWy=7fBv)xz+TQh9W_02jWqq?jkN{0^U( z2qlq`pC;tNb2`tMUrru!}V; z#et!wHB_NpI5s-f`U17(Mwx1i!DoTJF<)1J4g{?Q<>2aKP=0w8DC;KbzSPb8Q4e)4 zlQx~pq%9=QO;6-n_y$j%l57^Hf*4Tjdd{FyVKZ0JW$%i z_o%UTuImF#T_2wp+xA85VA0yVc+O^|$cug25e~G5{Iz|#)N%ars>Fse5N?LAc4nlr zsU@|x+g!EYI8o)V?aV#DNv-Xd<4aOci{Lw1DwJ+-DYBstQQOO^*VL}8w$Yv6{_%K;muL1=l@&h9y8+8};eWW%E3De0NS@9|2)V)*msiMY_G?TurnItFauU=R za%j_*LtDuE*tlkU2aGMmm3Qg@YaEnC0SJgNBO{0`@T|k4A|ZyCO#( z%`Hi>EAqT>&pNMTO+m++JPom=of$G&Mh7gOu-Mo&>RAz^U^`zhWS)1P*lg1*17gh_ zYcZ5flbsm-;)}5EEZMMW`WGQ&!_%ykj)rkEj@kI}{C+h_O>eRpNsJy{)>u(f-C#!+ zIMyK2+|YtC^|<_ppt(x(pUj`U5`n!2q+NLvMn|1`4Sst$YOYvJfBZC&vq>=xe1MZK3^Zboe1wbjCBSiVP5bEOqNzX0hl{botZz#$|#%1 z_dxMJk-z(b-i7BAK<@@c-4gkm&Ep&gpw8dn;DqFfLkE ztjS?i&%Ipy$%FfllD5Ez_!GCBw&U4@r{z41XD?i^`LXqxZRIc8j80uwG={^C ztHlFb9;!9WaI`7wAuJm*DLvVNHv}~p|D5;g+N!GhY6McH94kD>KF1)7?7&*zoYARC zD=q=hq^W>sPT4Kr-~qw>Hl)1k75InGw9#DVKXmly=__liY?fl4A}9Y^W`!6F%h^oY z+O^w@8V@8aNA3^r0jik>j*NE6tj5}oDD!NZ8Kler<)CLK=y9OspltW^K*=`I9f`KS z5|jev`JkL(UkF+Z%5|nCpo>A7H5W;{zu(wYSw}3y**kH~mIddE9p^9%n#48aakNa= zY>&Ep^~Xg^iY;?k)L|la$~!1xsz1&hYuI}o_8W&$ga5ZezJnTk+OV+_HVs>EY$4C` z0<3=hFL^;`k>v$y`~M;@cm!XUs+jllg7E`UoMOI=7qIEiZB#ZObIJdIWdk$825$Ls zHjtWMeh!e7j|0I4zU8<88HC^2#|_wPMYXWxZ&$n^J6(CfS2L6sYyoB4jf0XGTn$QI z@O4n~g6l!a3$V*lc)^XJKp9`H;{~)SFQ6?XdyW;u9KZMr z$?=_vVFJKl=NMbIH`-zBz11Ihknwk!!>FX!cYMoXcR1`GhyBW7=c2WaRcc_^+->c3M+w!ln%wKrAjrLZYx8N^l~)=aY&Ln$m|!A`&U4vt-t421=I z;TX~{vul129dHl$garz4elv3mg$V8G_>S>@N7(-d?&(I={}G-u@siYKb4)YSh>ph_ zHxPfsd>I3oSse*CFR#bCxu)uswX14Z`gjR7H+MotE!O#;dd5BSPxQ# zk>wB;SUmedna`hqG8_H{%1`|alzIDaP%;{1uS^D{feyuE2Iz3mgK*~{vm2f%v|@3b z%p79bjxeAaFdJPuK$|Wdpe^K$LbFk9tg(eC5*Z9ak=R1sMGoWKpoXPxOT$u4uh>r< zMi!&kHiuE)rPvz|`@6%q+(_d?ei(n>MvHo?ZH`l{II zMd5BGk2il@ysbUHqusKQB4mj*`06A>7D7Y6Y{DPnSCKM?wqe*_?ih$aVh+)SC)YMq zl{Z6&)fj1+fcd!=C~s>j8k;Z1Q6JRQ+Lp`ZZCDiBoVu)EZ|(5=n$(awP2ZG7dA_)#qGL^PHzSaJP?@o9fh{A=*+AGTl~K|0V)1jaojDu7AUBQN z#_nrJj&uyK6q3WvK+r|_ngW^ITPU_mfT^pkhg*SIgZvbuoeTO_Up-{Lx1_kUE7Mx4 zt1lQkjSbJP%ra{#QX2UPW8K-6*(a9UYCghPcXnlV)|&0$D;b@2NjA-w(QDW3zzyt1 zkDgrL;-0KZNqUhC?KEg90H_xtK-qP40o|!*((wKHN)GOIr$FP6C zx_J%Oo*iz6nsdy5l3vKSb<6fnWWOjCnTVdu3XMxEeP5v`)2oK+4DUEpWA=r8@m=B< zXZLr5x`|6+xHnxfUY=u52dHmi_AC$UA*Ae3rt%$Lk;KDoof>8pT4*J@#&P-2NlF>a z49%@RP?gb~1LyoMTbX}nfBs<9&-9#Oy-xCN*i1v=WsS<{l@-cJ&&tWj1kK3`WaMY% zkEZPH^DeAO2S!Ou&_kKf+c952U8*T+}s zIQ!4K18=}h<>~{F4MIJ;N>l}b;yq-)Uzg#kcGneMB#5(zB#smK(wh-bs-yC2@Nyc~ zIGw@Who^Od=^wVie&ByhX1&251dpY)9kd%L^odax$J3ybLD8P0tX?03R)Bs2%DVC| z(3PP72E7RM3(z`HhG!d3hZw>4ECD}L@qsoKA7~4C)Hy0P!q`IIGKW<;>>7t%?=X%$ zH0=Ejd)Z-scGw3Fqky3Ag#cv2Qsh=_u*0~GUNLT?*LQFmy<$AgM=_q}qZoA_igBEy z7|$wI>_vzD-C^%K>{Qe&^~Y`W8n(<~QysSb-OShmP_H++fJ~!8Y~P7zF0z zH$!!=<`Bu!Mj?~4Bdu3Ze*4MzF)vTYkEU;i7bQI!lxaE!lzD^8m84c*Ew!3*4{a)u z&=#U@-(bHowvhLX!(MP$9_k~@Fx%tmdD=qW7}zwvQez8oZh_? zWKmF8S)p@C6?I;GuUeP34rc%?aBW8v-g>De%;?*Dv%VC1-2hQg-)m;?Lq ztHRHkR2{j$Hc?hM%X&2QUP&-x;jb%-> z*#0_aJx;P-?Rcxyv9JVgfQL${gX{-S5iAe2$7s6)4Q1uiCN5uDli1;vY5Z{9TaDfU zgN7>IGRE#!dQ%*Tms(5NCm4efCXd?I_Y?EKV^n^w@wN(alXo9)o@>mrrV*3=cuw$g z);DXIN90C)=X3)i)+nuLX|fmx>5Q^=L)4H(ILCl8I}xeqoS>JIp!cp~ivaw~$H7<&AGM4o#+q=-%LSCKo*I;ZRk88*^zAGH| zHHUrOVOt$`m&5KysywOjZxkMiFDh@LM>YPMOul#%eyMvYY#7!D-Z`S?&^2)~cF?*S zXhl9bYACg?*tkH!(T+x4`6{cHn52Milr_XUgEC#IcaaQ0Dbfqrw~Vq-(o(9`QmU*w zv?;HmEhM*xzfnl+cW|XG*v(BRLD*B9l?H{2$^EB@KDAI9FfvTYbTe{l2t zSc1QERKM_9<73-`8$XQ#i|mbJr;Zoyk3rQFa{gOS?1}3=A+|HP@n7O$w_du?-j;Jz zd}plcj{$GbhvX-VgeL`H+mGK?{H&=l7Td~LezemsDuV8{0k!TN_1M!{&`{jb2G*UU zo-E^=lFw}XXskO&JzN=Qv2w8`+*3zA+&4HSg_G5o_(&;}s!6IpuDXmK%~?Pr*>lMW zrFJYiG0^zt=H=_z}nWf-;4F^ z=Dkyz8zVZGNVcbp>I5)1J(z7QFdko-hip3*9Xt2p=|N;wYt6xI=De*cNqYf&=Si4K z?|h_+2S+QD58vY0%bIE~$%yASrO1kpb= zAe6?*p*I-(YP4B~gPbQyylX)V@%#-?v}f;|peLK>VW79+xdilfP-fE|pp!tq3reLS zac0GjLCFE`23-XDeNfhH>K#-%r%k1E+Cp4_DXzL-SF!O9n`CSu?-GYa9CnMtZg<#^ z9QIR(QBK$QQl+Qw__xC-rz^%&H`N~pcZ!|iu(KUD-eHp*_K?G<`qQwlIqY?Z-H+VR z9^{q6|F#FAbe?)vyuSzG_)^W`Ie^H-TESAQsf_>>-3I5iUt+Tqg9hsh>63O@JFQ`Q zSnD!CS)*wF2epCpm!RzFer0OMVyPXhH?(QbL0gC`SwugT?fu-?RLWI59s_8KgDhKE3EX z#=B%e-D-k$m357z4V884Nt>|wdjnsMn~)@a+U62lMB6gjknZV4HFTAaYO0%rKxIYE z*ymbQw?^#Yx(1=^xQ)E5XhYp}dCcPjx4aGkE#P%VpoR2PUvz2l2RtmjA2JwE$KK7C zthxJcc1kKYbnD=-;?m;v}D-l;e$1NpsNn$ZcTANV=Z0CSXKPLImJCH?%LH;6y(r9buyo6Vj8Gs z7<~job!E6thYQIZkE3MW&63OR=T8E98X-RfD>Np9~Yva%9Vt3fA0ZP{9FGS6LegapA z+oM8xNH^o)8;(P7%M4=v_3;v)VzTxqI5UfwcYXYM$IFeFNz6CgcEWrk#0+Ad;g$#< zVZc6nth^qYJw(B0Rx}#sA)oIy&({5M^PD(RQ`8H0NFe>gdc!W8gYa(}d_5Q}t?2fn zWXODG-QqI_Yu**0CxS-tpUnF!pu<38pc6qigN{VJSAn*HQf&Ax=+{Ai4tgCZ7o=Pd z`V8nzpf7<^TwwkE7AUiOqcHgUjZKFE#IQjhzG%z#HXB>WYeTD0>^fu9t9=x^(_ue# z{!r!;BINOEAN9B0VY?j04wXKL+W-tP-W%Oc_y7R>H zKFIUR1^nkWBFVbTY#QP?O!w}SLNCRO`k<>X7pA~BUbJ+<0?rGHk^#egV=h{Xvmq~N zSXu4y5ZmYB-LH23l7xxcd1ONCe9qa!MywdJa>UuIhL0FIYI)U)QD+YyIegWK>XGLR zudW_Gava#h1+3K+Y^T~JfHIFtr6dwdFu#+gHU4{`tm)qeg%|IKpoO5QwNd8jFF;u{ zr@>LD{Ag3rgSL?O7+hJV*}SYvY$5M;*jNj)dC`{GAbOzmG;EEr@!FDpymhE(b4Mgt zS5f)ydtJz+l9 zkuzrIq8EP{vx-Y&5B1v-1ee5O5$S>#z;-5Be3th^*ec<(z(evg)-CaFoHAx>K*y6K^l*0}*U2BPEgzlIu&9dp&wxeOOM zb?E6t4y8A%?ZpV#?)=y##w$Z__NG$3>hl!$qc$VLgq;k+H{FI~C9C^v9(9@ERD>my|h{~hqIa-_p?H9nv{Wc`nkII4+jrKu%VH zUzYeS%A9^rxfzttTS1{Ji;|gs4fIJ+jD+RhkZVBMF0Tb;`WAo(slI_W)i=-< z;&I>Ns+wcPraP?M*g{^t!t@ z3wcEjJK13)9X7^ciyXGhVHB4%z8f4yaY?c7J8UdDz2wVyV+(mR95%~giygMyVXGZ> ziNh{;*hYu7IqW)z-Q_UcXeKF8-LRMYK%pp!RWULG99ku=(P9grK=t$NUv#8Ai*J5yb2zfR9*i)I5z^u0D5yzJhU}zcE=CR! z2}cPw)P}o=hf9Pv9c`1adTCP^ew;$y@&J10HylI_XP%r+0Ok}_deSpMyMvw$%5NMB z%EoX7idtnH+Em7&EhI`6=61GsFZ|KQd!aDy6pRguwvZP1OOQz1_j9!m1f zLJWSBT1r>LadJvGYr|y1EjGZ0PAVmIv;MOtbV}_oA})%i5E;(PsMK7vv~zf7H(B8j z>j{);;UNg9t*-WgRYvhB3lNybCrmESa=A>K<}z&|?+5f%NbJYPrZ-ipzh{7{Ke^_n zXjSZT?Cm@1{*DeDH#TZgFq~6oCPc7%sYlzS*X-Qvq`i;r2%tuygYC_vo(kJCv9WUO z$FB%KYlg$ZXS&e@m+R;8`6K-DP_U_IyD|*302RthAA~<*k`DZFLXNf=l@}VD^@>C; zC1eSvd7|8(8Ckso3kaH|-4V@!Pn4i#v!KpfZaS|S* z;0yh)>jRvj8Lcl;cAlcJfOnq!%IA|!%%8!ltq$b|BVm3Np2)_OI4~FuGRi#41MLTj zU$hVuaYvb06o_n9?E}huL~kjL@=5^OC~4E`LR&~GiDEy4f5q5qDR#QCg**<-72|xq z`eXm4*j$I*k64tk&PHSIdWgy|@SD_zdNUm79Hyau>S{+)Lrr3*bDNsx)UIx-ua;}s z=1-0^tZexbhI#^8Z7Xt64INOD2hX!FdX;~%kiY zh%`wPm{H9ZcSKozCbIfUe^!4W}qW{Uvh#g8w?_Z$xaV;;)~h?EMdN-d8OTFJm1Mw?4Amz0u?@CQu}IG1Du#d#B4? z+BA1*Q&E=rrJ^itTCdd~>$UnzGrzQ6)28)W{jpxFzxn>FD!chEhX}w+FGQtxLA|PZ)kA6wr;0bn`d++35y6OOeNtu?y>=`G+_QUU|Mff8oNr*{I z7EGHyvA(eZC*aGS%A9}vF%pY~Nwrn=5YPRGd8oo~5j9XAS`b2s2PQEjujtuHu+)Uo zu@J*Sp0~-^aRjHvJ}MvD5iy@ZLg!$>Y7732XWJc5HGW9=Z9F}bY;_C)nD3)F`Mo~? zWkR41k8&h_7bxB)%VU@qTpq)b`2zs;atPY=;0@YByiP(~v%NnUn~u!YA4lfuuK=%8 zte>$#h2$^}8`K|%2skWJNOWNoyavt(|$c zA3s-eun)k`Z&F7JKZoOjlxkqZ6vFLWT`OLE)u3h4x^Oj4)T)|Z-EdL328W=V)0VIu zOtj2*Vyq>H$8v*MO3fJ1so;Hyg^HF-x*1;1UX}3L<%<@y)aRFJ=KeCa(qRT)gJPp~ zEhuL{E(1N@JQtd07VD)5r(-+Xv^CSF>sb_IJ}E}oRx$EQ#a6{W9nzeIzoXXl!Qb&> zpS-3!PXmk{%v^hz0y+ti_)Tg7-3rI)DFtN1oCvq;zr28O3Se37MYUnGV~|JTUV@M~ zEjzV1PWqDK$VPE6Xox`*!dEFEYnZmwg6Lri0&Ocwj?Y0jD=DA(4SZ%ntZ@ZFn-&CZ zAtU)m}xjSt+DhO3*-T(YWUXCx!GJ-zKZB-z{3 zU!B8m01xNK4i<)UVh6Fu6F#ub^Ua~S@5wf#GQ?}mWNR@rmEZdP(o0wTHg)L2IMKXi z5BaTMUXIu_Ra+&kt);fH!IUPaQd|pzV@d;?Eb}q*r8mIw#qcm=xt`v_!K1#jNW$;0p+b8%>JnmwkPrK0&l#-SOAQ2D}L6TXDx=ZMh0Q0U*@vE z_oJ88h0m!q+Q0BQ1OCex$Y;3lIn!hQ>N}Y8e#3>&0V>vDKEm%>BqDWC!!$FE)A0Lo z5&nodgoJT^1I|I3+*n^#-P|G8McS^7HYQG_QG;Ic&U_jRY{Gfeyv0}>mI@w2C$Qy_nqu7bYrg!)$c8M$-iR*WkVHSF&lw%uWWaoC#<`-j7LX^@6JEnVAfws)4Xg}idu^c{1JO^-X;P*hOE z)f;u5S=hR$=-A?Ib(hVF$JsS)d;@xKFL&#s{kFf+uXReGHFs4!7J$R5)+t%>7`?Pk z(LLp{hYH#%a^jEfMt*wn7}UMR1y@H>#))u(6VzYtwO) zUE3D!MRblq_=jWbmMV#j32xm|L;Ll#FOL1IA6B>IFTncH$BMVLUeg38V0CFYL%sO1 z($+2O0JL7SK|&WI#D%flfpGWJc7!wQ(ku4_TW`9WPCHt+Y!WZW$_se+Z|hBW2$Cbn zT|}<=i4VC)kY5SH>DksT_Y3knK~5KBn;;JfGDMI^1$j~stY}22X9Rgc5Kiv4ZrLTs zYl4gsngIUBV`YK_1<4U)svvoS z6bLe1kbZ(3D+p^Gic^pxK{V!*1vy>*4w1jZvBdnkMO zB%OYo;{M5145zU%p1V@qc@UrSG8xOs;fzG=`+p$r%0<~jZABu^OOdUaX2#9cid;gX zCaH&-F>S)qX_IGPP_cAw<5GQCil?FA-{bPPfSY3BP}A(jwZhNY+i(mC{+WKbWkl?C z)+fR;GF|@CO#*L~!2A$9A7?*`uj87VyV&dDoNin>SKYEwFS%gHSVI_Mh20jjN}h9& z(R!W_x6(8VrYGN14%FvqV99zszg>>Q_%@2)(ULxf)$W8R2IwC9QG+3&eI$mGte zmsxMa?BdEAW|!SR&ulQ*P$X05d23Ks*07ACg`P~IE;2Zh7G=4isz#aTsHjoORFEg- zK6&(v(FQz2u8cCt$AiW}3qjGtaiARiE$BedU7$sv?||ZKq922z=Zj*B7kip;XbIkV zI%oiNC}FEtVLLQwRCQ7%@Q0?G}IQ$Z;yK_Zg1x@d3F zU*Y+D(4C;uL3e@90DTYi0?^Mv%Rz(4hgqQH*t0=T1f2s)9yJ$~H(tyGCI6?a-2hq% z8U+t=Nke3xkuG(O&IB=7rF?q%r~Kf-z_u97vL- zB;D`IfgcUu>r?hD6Hxy!KT#A?Q88 znXmN6dOt$yJvjtzI(DQ@FMw6-VdJVd11t8T!$K%Q#kc`l!_IRUTZLjx4huUBYf5k( zRolE{=XXR35y)doEerrLF=zNsP@( zE*|0Fg}G09qPPk#6x%g*Bw9ACgRh}Iq>kJeC&LcG??D!Tn54xei8=_Sa7%SrZA(-A z^7Y(AF|nq$z6vaPT>d^}C6s}3+msINq$6QTWl4;Ms12PjfU*ltIQSa|&uL!GS{yZH zz54q?dSyX!;P)?{eGpyUGa|7q6DL=tjQ*@L(jQ3RdLtie3BvgP7!E+@jzjhnq*0}-N zlyA@$;>t5|&Gw!$wh$+h4ECnOx`PX7SoQ%LmWSae#=~$Fqa>sl|M`@r1*% z4^ng1;d(_(b|uuSCb;&3`w+U+L_xxIrYhRw=)~xDHRx%eUk5$iJo9__%*wjKRaV-x zveFikwGN6sV*KfevWn%Pf~Y?;8MQ_xqndOws#YeWR_5L}J{UVVKa9d$6PbsnQ0(9Z zd}@qL!4tIY)A>{%8HJ~wv4ivY6p5UMr@Yv~8GKqDISx;~Vh1PjsXCGy+g>1o*rsi^ zIL>73MXdrs%nKgsSmF&3D;h zSsItp!(<@Kb=%jCcw;KV6)*Y+($b;k!cr>+zazC`j4>61qm#?w4(=Ca3iuo~&#V~h zq+(PWo6f)x(^avw>8e=8e(n4{U~F1h)E_I0`jg{*HxwO<(}`-#*6)*e&SF72wp7Jy z`bB1A|5CrruZGX7%d7L|b>KBnOmJ&epsweh5%G-p`GNVZlY^}@a~_#2tye08QGcOM zWVMdKYTI1weKLXfJc4~(=19e}5t(j$nhD!nM4ly@0qz1TkmErnimd^zrM>COSM0}c zD}L5!d0Fj(>N4n$KYXZnsqx5Mq@gY&LtNSCB($#9o!a(vpDtsKgi6HkKW2pQ2&cHG z9y2l;d^Pn#Z>E`HFT<~GfQbNiw=EbwdTvdm;o_Fjqs_wVi)wL5QuCZh3-$t6;gC99 z={>VC%tL~~*cuz$vSCz0-Jk;%$EwNo%P(p{b{%?e6ju~;g*|-N%*LU^O|{tZEbNf| z|A~^KnG!<~_O7J4;}OH#(x8?$Aqu9mS(0Qn_gXCp!=uNSxR}K@E}PvQ6t77<3{D%PTcOR(q~*8g2d3h9vMTE*jGg^dIuq6 z*mfSpfCoaX+n(2TNQ?+*$Vg5k2>dxRnqSrPK0+`fvgSmrIKgPse2 z=!&Cdps+_*fQ|>P0-XR_13C$`8FVrz+x>Zcr^2VpBYqmGZ z*z}xb^>?wuV$R2#xfvrrD9c>tnK)x}6p=dfY+<6Vn!pe?_f{tmJz#_-w;#VE z{H*C|ErzC+>Q8~Ep4Mf<^nlyEu1htc`k1}EwxwD%aME#*KcsmEV9!E8O^+`rk1o|? zc1XjcCVZta#6}9r^in;Bw&A}0LF6_by=|cUj_oG*N4eamO>>{NkasJ5DfVq+3&}2V z#a?#UUgz(h4#UZC@8U*>%e{Cc0HLp_ZD|LN(0(HRrvon^^Vp!LaA5WfPfpDKQ#dbv zFuo6~bzU<9Tl?n6B0Z$Z&NpoqlHJ?m5w$j2=*d$W?N%Vx%(50kS-h+U{Gq;3E1zUi zrL>VruAb+Y()^X%dZUzPWwtEXhFS+hQ>C;^k%;qCu4-nQnLg4h2AF_dFpb&Omqg_L zrB#iiM`Or|!>g-BzmtZ33DQbUtsdi?s9*tzLAn}(@pBI09Ml-N56#_E^&DT zbEcQ(Okxlnr4M76=iD*KCJ{DRy{B8mR)g}RG181OYV^QS3=h0bphcix1w9?~D$rq| z2rs?;^`IDU$soKG^y_%$CtL$M1N0l9jF%UFYcEcl_TseZ42xog$SB25H@0kVh{Gxz zw$NdX4r_53mgh?>+1{-V`S$Y< z6VKSw-HhR;V9h}IV@#hMkE8R$NAJzuUOY4QMOq|Rcy?aLT5}^J=bTy87s~jHt@H-5 zvF7Z@4|(p)1ZPtV+c?`M{UV88DSm##HXaaH9f^(eJHpOcW&ibVEIYs9tg`=lw_?0x zR!SRYnwW<1_+2ugYl!iu06TlQ{;^2f3Mi)4`DRVFfD5>HBYpEJGD0}!JgRpTiv8HkP z7hq2T|KYP`rT4;{G`@X^YMF_Tgn3qq`c8&3mjKLAXjA!xBSCXPOF-d;M<7S}^~5PW zi~}7EIvJF*{WMU1-b_%YdIADo?=z3a}%UrOc{ z^^5F+Lmv9zQm9u>YWoh$B7UIcv+yxEE+&ts%w)%SS7|2iDt!^>u$Furc~^BbJU+T~ zNJo=7OJ?c9C5y4lr~OAr%c0dI_rle0*f`lSvT^eFQ~VOu3e#^lGDUP@fyp#olKY2n zw+lGVgl!{!{_v$Y(Or?@u&sAb#BukgxNFbw5uT5NP?S2o$}}^LKgaKr0r(>(sqs1m zh-cs}UFl zqC|zIDVBE4rGZe`!L*=NH=--`U*W);AM|iYhGkAuJe7kr%nK_xFX7RJP-pbxi9($B8%I4 z8!G(iGPhF%aD~83h)9X=p|&R{iz_me9sBFL)?#@l*l~a8hsY`!6~Blf`MJyyjvQDc zv2DWE$Wi%_Kg6&qkU{^@JUbl-8T35{Bw@Sghi_!|Y$X80Wg={+i$Ga7mxF@A%Skhw zUgvWm=t|Hc&<4;mK*0uNKYcUkSUg8St3gr5(bb@+9??rcp{k5-1ic*eYS1e|uQNEy ze-oZL9@z}av{LwD9`Sx06{cuYVTv|Au~xCcY3eWJoo#H{9+&K>KdMgDA5|xcRXL24 zZi;cTUj40e*c}er>ad3$_L#$7cG#aCMgdFXqkyIF;35^p($X!4J@E#kT2TF+;jptE zhGUG4zwr)R<}faL(XdSp3p?zu4tvXCA3N-T!@7ZsYWlK`E##fxut5&{ABX+YVGla2 z-C?^N_L{@uWkmr9js>_SXgBchrLX$%t!H%?R{mnqQ(y-amq>l6{ zM$b(V<7^n}GdRLflhhL&T8vxWxTadv!yFy?Bsq@3$UoE!g!V8XT}BDo4Oa?s>PUDT z+NDWtchO@rI;pPyo^sgR&fj|uYeFfjKek(q4~uMO&56I#I^*;C6$jeM zs&hAE=G1GO*s-}icXJfh_}THDMHyq#Bi-62eZHmNo*AFCr-i%Sk0`e7sfoRn9{()% zbQ%t*e?248H$LO@_)GDfkl6Aeu=T$`1HSf5 zn&5I38u-la;RpEn-AihStM6>MK_X0Y-wbyvaIsi!PjP=k-07lI=wAg>NIesmX=3Ma zH-43a@JGxc)(T-^nK_+u0(7Dc({KV)EjBvgP&mph*~pbN$Ss8B1WU>fiPjX7hQcCD zOiWd+)rl$kWW`gXXTXzXu(EOwDBC5)ijDGoDzp*3@NZoH?P!O5<;2E@aJAV`#iqGQ z{AG99B&mdDWv4Wu3vsCz;TtH3O_GpH@J_yin0@QXf-vn7@sm);<}2JCqw`ygmr?YF z%)-*{ay1{{zr(m+MbpBo!`0smhgCbQ)?r*>r2bAfwh)eIeIL5#PY>+)R5<%)WMbQd zj?FtFSHx!opMCGZbMbw#x6`pvG;i}K;ml9AXMnMPM6SCs-YxdV=dF{1*-wG7$9AWM zPnycVhVPesvLh`r8oV2vKKHaq!2`RF**17M1D*<(aN(BR))~R*8yV40(;_)-GjyX4 z*n7_Xs2>TQzIaE#YekyAhC)n8E>%FRVKtz!ZHFwKOpDL_-G(2Hb?5R;yVM{P_$}g^ zaKH0nj>xCqV0DjBK5+kR6m#jzX#5{2<*q6ElS>O`;jt<`5g0{cvEMd zY~?ucDwt(pkDO~}ZpvK3?e5p4tg6qGFUb5K@{ zS3o%?%tLsx%s5(>-d9DN-d9CiNX|-C>|Nt8BGblL2`XFBm1S;>z`wrVK^i9c=~}|@yCzZcHo&okF-w75n(nPn)?7m)@O_V z^vRC&@Jxn_z4>|k@z|v~UZiJydwg1;6)XML=Xl|L@$otFFJkYcwNA*1KONu6X}$x` z4tgA%(nhlbI>^w{CGp1>GV9$Yv(mwAHa7xkLkT7L;U;=AhGpwFsS1Bv53Qe6h5xPA z!O&ENzcQDEr&NXixD3u-PlmveFiaD9?d|y0qp7Mn#7Ge$ZWFE~wF&>cEw!&Pjgsk;AZXnZO|&J-^*yh7;iI3I8cTOXE4Pp)ll(Km@#3cdWH ztAuoy>DX?frIU?O?L|QeN_I&AwT+r{ocyo?sugP~Soag(XCX%2>r6(iF{EQeso#am zsBmGmM9BP;1R_y=e1hc)WM6i5Rv@Qa@QChf?CO$8#@$1bleoH8lM+DUlI2ySGVFaS z9ZG!(sY61t(le$*H<+G1DSHC0vCYaJm^~<~M@ILoUKts<&bD7x-<5je zfu00f19~bbPB<3bVhiYaJYNAi5%fyXNuX;$r-QBoy%sbI`VI5^P4j$%d8Uj-cYgFW z;7lrl)21RgZ6VpLrC2`ruwusxKL7Sgb< zJM7;MOUtlf(c2q;`3^hVVZ$AEfy3rF4A&``uqz$*y2JkFFv$J?iXVu*y%${-X0;+c z;ydEKS|+Mlx(6O zs-lZArPg97`=J2r{2_bI{Hk#Tx%bY5T#gJeLSe$4cb@v?at?`7m++RtJL5kWzv+YU zN6caRnG2f2wX2~$f%c*bnv}+d`OBMYdA`5va(MaA321j|UMD}oiO5yd=*rf_U3(c` zA;L!B*hN_15+^olH35l{jh7$6d28~q24#MZkI_GMQ9KiyeH(e7`X7UaH&i-F6DGk| zY@fxMJFHZa7qQRMfZ79TAgn}9a70ZTM-r+@(Ox|d1(A*SB-9;7tC3aY7s{ui1X9^z zP~Iv2Sw%f-T*xw^lzX=pl^ecf9?i76Lb&g5KzoVh$`em z(6M;_7?k|*tB6G9YuZ%4rY+=k7}sns0}Vp4Tw_D_I*fBI8kTb{>Tj0AxLH!MOB@ER zvB4-yYgo$C>hH%6;?FNp z*%xbFCL^Q1f-LKr(NMqSH~vX+2WlMDr3tJ7sgn3CkGD_s1H<~>A`dOS4W$)>~( zvh+V;G;?NGa28yoS;|5ep>bouqoUF(6AVR9A)utGt#%T4rmnA#083gXsqGY~mmzJH z0zn2Ju~U8mzLuJRRl-Lqupb~;2%&@35VqP%4S+ISC0Jy{TNyU7fUhBrc(G9D{N z_Q%We4;uj`++~u0BnkIed3S=ph!2R|hvF}1`T5JZ|A@a(Im+C|_Gy#bocCo;_O=U7 z6HJ5xk2Nf7GLc;THW@G-jhls%3CjHH2FilV2IV*O0Ohy!1U&&1I!6({(5Ph<9EQwt z`cFSlcB2?L%UbsnK+Etv2$Vt?pILwTOlA^8D^O-an=%vHLf$*ZHQU=`Y$5M}!#;D^ zv8c@&w$Ru@a?P}2LmW2O`J?Ei@2GMZCwLXR&S4ywEB1Yd{m5a@IP3+7fyJ7%fVrBm z^a7PvjR!s+`E>cPCG= z3v=j)W#=~>MB90yOxPy+9bxyM#qtrJ@4`zKrwpQ*CZ=HyejGojIRfE^Qoscb7*aRm zx+5pp*dZ{+(*7Z^)%0oXx*RUSO{N@XI83D$rkI6SbU9#SZ%cN}S5Rot02~e5!B~?M za@d&IYae>BrUTZ*V2z19++gi2Ggz}*2v;EsQ>7C&F=L?px6%m*ZGFHis4&1_&7WIV z>F4JcET>d{F${wvmOBLZC_j6Y87!56@-uO1jSS)@g7U-4K#vBU1UeA(T+qRwQ$Zx&vjTejEV*h1ck4m;IhQyn(l zVYLoh?XdL@yWC;7IP7+ZQB|k!{jI~Ov{Q^qJ5AqIw0^~=8=ETV{uTcyp8Lu6v~X?l zs}tkfW3Q)U2TLAyuykLNws(=@JeQ*5PMA7D*tqxOw+TOMV#Y!@8ZrwOGN181vY`;f$lAKuQMXN!Y3M3EzdM;lrkR0YgU6~L zF*bfOi-4zfmCRy0UQ&_5ESM&yfwXK8{)jmYvzQgBj>xFT=-d*Wq>ezqCMGo2uTx`m!7>dzL3g04m~!4;G=4#OW(MlX~lIDP_u&}^c( z!7PAqVZ;q?K4cN{6Z=?HK2hZkIi>d=Ns|6y*^!Yj-?l15y}B?EG*B76oDRxQLB}np z_6`Lt#B(tyUo;Gqqm)sgLqW%ajs!gybPVW3P>z-{vXF^dOn=Hm?KDtk&kWENpcrq+ z#4JV|QP#%=pjU#<24zj$1XiM2AKH}B&=&GSsGW*I7!n&qO@|%tuu_MWIjr1a6h}0^ zuR82&4r6zz@1U+n{r%Bl&pM3jxzt~cv4y-@vfug@tOm~8jSunSyOkWo{g$cMXk(RC zURxL|f#3dj>?xeb5XaQ#=eXN4FTO*R_d6mzxl~{7h@RK+61HMLs#Bcd=efOlK|8Z* zBeI2c4iY8$tO6DlJ?Ds!sxW z)8QU8%!PP$iuVx4b`$2o^)8289Mjt* zjvr07Kq*2wSrw-&&5dV=xQ3bm*jsA~DsgG(xcns)|2jAK1b`dQ+ti&D7M*0QYe5>}VCFzsx^stT z>P|PiMTj?XuZNIBcIU4vTFUYUusb`0%2@acayXU{6gH-W?4p$3{zWNVJbR+V0oI4y z;`0LY%*^sJzdH;}!a79eN9OiT{Ad

XP+p5h(L~F(@+=Q^CUgmV%y+=Zip@jVnQ! zL1^r<-+|A}K&*`rsfqacc*Y6|VR{&Q$mw@D`7OE_IF@?K#g1!0S(n#>vITQ}nJ%BD zO_$HorV^B5l%NzFZEQF_$YJL>Y^KB3I_xrsZE;xKVO&w7@8F6OeaAZvgF4D!Sm9{= zp|A}$$YCcrtk_{A9QLxq{_HSJOq=*Va9AM2VnJhrl!jBD;~yy#-DP-b@dxCl^XAp1 z)qn?YGy9#gz&*n~<3r}nE1v^yxf4fN>?5CSXA4v|N#Qt8*yLc?4$USf!qsn5l|bYD zjNb82i0&D`UVXgHh=A8*XLHFl>@dro`_EJGU~X``F}LD3;V!Buq1v2ovz* z0tPil!X_`S9$(LEBcNW!%Vjq7V!b6I!3>p0kfZP&JpNH7wKO@DjLnzRT1Uj=$P{}> zB*T+=oY_~|1&?D8ZdSBsT0lZwj#TRyR8qo*eVX{{hse`0KWe${OspgH`?j2MsQA_q zA9dG5^<5+PXT=xl;8L$D8Ky)P|9w91f|UO zG$`2-*G4HjqD|QmZ6P^wQn4b`KgFoxQEZsQN*zYoOZ`!Yto}H(Q*5ilC~+zFxWk@u z*g=PV?yw-5nZ}o6Y$5M5hh6EgxWle-*j9(#<*?ZM1;S}QZNXaccbW>?cGKy(2QDZA#vjezDKe zb2lA_Z-_r#{2W;mj*@;?g1!=aB0X+AhqE~reFpElZ_lIg_MK%#y)oYWJpO3BCKxXd zVD>D#6}H`&U;AiJ1)bA4z-*ltz`HYB>w@5N%*DOu?X3+taeQ)7TKtLJUq6HOd-3)IuN?E-f#(K2i}&>1a|~j7Ci+Gi zmagRf`my*f-_jIl=Ob@Wp`X8WN$jo97ssD)nPD=foy=OXYjoehQzmp}H2%4pQr*2@#JFJ;%(6!*8_Ze?FKK)&4{ ze%KXkNNiFn1aiv6?|u{9{j%?5ykt?zz?*4i8m|FuubN29BlGfhW9*&uUJ~I}(0BA)gnNQ?A9vqBN@} zOj#*o&p;)Ans>-QzJtZORpP5hY!}JbaE4h^cnidqQ=vLJDkYn5FxgxJiu)Ycr(i_F6ROrr z0kLc~hL_E=O@&^&kfgn3#)6n zK6`lmVC=yYOqb)c2sA10;{#V=mE=^Dkrux}aApo!3D&nvuEklVtUn*3{(MKUe|9zg z>3Jgi|Ng#NYOcJ=%E}lftEX}T-Tzk$sC49&FR5id%#f7y#dmVSP?w9S0+n+l7BGX8$tgGdNb$` zLB9)n7bsirk3m_1G zcYr=Ups#~=2YmxH2lVftd7w;Z0qDD+oHN)1N;a?$bS3BkP|ghSnTryb zFBB*L1$rqc^Ob76&+vS;d1kMB9b^I(WNA}DmbQ>E8O27xzhY2biY?ol;;=amt8m!0 z4*RCVI18ciaTY@3d)i^oI}D3Kj6V+G)ZYPzedaK*8siV^B#pnR4&w}lhF#_`sv;G` z3U?EBgTt@WI&71}?sVAq9rhcC{oY|OISh5syaTn$MzIGL?2?+ zAx5>l3p*WEwVW85V0X=N74a(qZIkor(idzA;$Ww&S+nNP>v%qX0J@XEi(Z66s|wg; zgQ^!92-~6cB2;hr4Mk|AR>Wu2-YzGy{l~vd@dt*TdJ+HeFOyQ-sTZLvK*Q1fv0_X7 zNj>6;b5{#fL};d&X*>@<_C;zAqZdgMp{Y5T)DW(1u9ihMcKI;puj+aJ1f`IKw5)Or z#Wuc?6Z1!;5n=D6A363&G$QOtDGl)uObU`JlG&xll-0F^JX%u64UeiB$>>V1$vui4 zcNaZ+CbqTzrwR|N)MZc3UYzq-W>K=uu2K1gOgW70y~pXJulJU@D^x9KScdGrv+=7k z=m}u=%;iE*X5Ii$=E^`&mcSs;6F~=q^7~H$WxkvOIvVse&{EK|K&OIYJ*>pT0i<>t zv}w0N8`v3YmtvR~6C3VmaTo*{gEcy=#bMue*moU9g{#K5&0$YE>=}nG0FzaJP*IzA zK*?;d)ehU_u&W$4YnC1;GY9METIUu8ajHz)lDycusE2VKQHejYbn%jf3l_AGMZPNsVhQLFe=%&zfv$s%>@TrUZz~XM zzHKdrk{7Wa;5%fj`VG*aaUUV!ALSCZ?^{-1(-21EnAa77HlA@kJ z{5o;ZqbHflVrf*S@FJ#}X}k?T%EoGrm>1QCYv$Iju5OGR(cYCDH$+n2@^u-%4Fa=C z^BBzqh=v0nj?XpOUzZTdT9~x)<~hx5Ys@?{c18{~Q9kWdc>$-)l=D|4v$w7%wa5); zO7Qb#^^dYw-x6oWzgj$;hVhaey3c8!qwS7KC^SZ=K6 zzNDw}K{7B-e9caEFhicq2pxK1$OGZQ8;#=RtXBglXTJPZLvvT&4lZGLZ}7F2QFb}h z;glGQtGBPXM&&P*coOWh);x3Y!@<#2zGu6jXq&-ESO-tW4-L!v6@D}!h|s96UJfV| z&Sxf?&+K!1f-*NTpBF6x?F)JqXn#=V>T#fBKnp=x(gQ$QgabimgAM{+4muc=C3g}i znwxhDDChl81HBsbbkMJZo&|aXXffz5pu<2}iK*sO-b|bFX4*m?hk%N4=%5%@B^Zpt zy<*E9R_!njDl{yI73z;GofV_nPO)D&?AH$4;joJUmxD8wV4RKhR!=^ec_I{q|y7$Fj-i=K45}NJ~So=Zs zn_E$lG`EH>Ag>K)ma!|?(-{8(=bpXOEn`Db5iY{+w9})ksG#KF+Qdf2iajOq*@4)l zK`%V8v~`{r8|cN~!;1>y6R>i-b$lRJ=wT@Y1HH26v66#p9!AH+BR#l%aYcMDPFlml z2y74EJEmJCR=jOX23B9SPV(YdV}YIIOL%@g4pcifKB{ee9y+igY0agv^#xw|OfIm9 zm*&Oi7UgZxu2|5&xrc{>8a zxV5uFjWgmh1q$t~GEvlA4AOOH#c?K$c0anPi^2?_`8xydY;e|n+oi1N`a~h;v=sLa zxM!K}hhqFGDemQ$Q3O@K-wp03rMUkR?p#Rjwv((~O%fjlDS11O5A@3CU=X-fH-Z;TO z6+yymW73g`&5JVea5la==dgLfnG0P&gG;;MnQc|RT~%}B6^UIBv*ej- z<7{NzxcpkFISu~fbmHPA$LB2jDELl(47Ghcpz9oI0J`5<>uUvKx8JL;Sxm`>(MQ%6 zXzk)nnXGlp^gi5JYbNebm!u?QumMt2eG2G(@UYB)^h;h!q3aa<<{Er47CVyBEdgaS zS_*nJC`6Pf+3iZup`dl36tXS`WpjrvRMsD1a2YMd^9E2>zbin`2aSTV4txcabt48k z4|Egg5>U)jMpuC{d^6}bLHXf0WhRPl!MhoB11Q#8i*R-;=vVN3Cnzh<_dst0rT^PO ze+YUf=&wM31bQFnPeB>~??E9{MYn^l1toiZ2$Z!60+Z;K9|e62&zSm;<|1!?1KJDp z0nnpBi5~-sp>cE&C+qqbd~Ara~cYs^?XV`LEbSV^ck^VigWs==^cE zSHreB3^`&ju0YqYKXTYl9rk;NZFd+&L5=TIhf&X~81=jwA4NgM#yO0lpkgx}#$mr= zmpE*r!!|qYyAJz-!>Ie!u+;t17V@ifSZ0Rx*WK7cULS`Y?J(>^F!5n0f(bj# zVKW>SaoBo?VOGV2z0P4jbJ#B&hS>_^Z>PidJM2@3^?=Z%-^Mv5{kG8#8|Sc@4x8<; zCWnO`7IoMrhkegsKXe!bM4LW`{mEgkIP5J*TAIFhj4kAS?63n4qsCYLcwZcHoYp#(i#*D?U}RrwUlGl_ zx1E<4Ps47>Gk7>LBycVjnc?A~02?VwTKiHw-jg#3D^lRV&6N}4yY}1x86N9nvM6cS zeb#zmaLL{QLm-2noz^^P&Yam;wTwj|&B3+_MlcUjz$P636PD+R8X9UK?uApynq8GD zqB*=gv?6*JT>Xa1pPm4a%~0}SjtV~xWUZm{CtFmo#G#6hzni763-2L)2=Pb@oQT{N^Oyi6AjT?kNV!lM4w#)rF^`5%BQ&l&N5=;_N z>&!aG_dHD`Su?Hckts3OiF*$xWpQ}G1M|mVKd8o$<~=KzhT+;ceNGoCDgw7d>=sqg znthpy){o-c{o^H4ii8?T;LCML6hoL&@FkcBF)-E5r z-jn_hcW(k%RduxupA3X>ZzKr>MMVt|5$lA2D4@s?CX339R3(NCBp8wy5(Hc8#ef>G z)UmCv)z$%Rt+usQD{ZYtaJE{9zG}5vt*ymkTeL;2wemgBT6?d1@5#;d(!SsK{~K=B zI?o=?IeYEB_S)mYtK)=TI zit*zdG~F$M?wY$5l*Q{d&|=WrK}$ft4a%Z$H|R;AKLDK!dM_w*`hHMK0NE$I=C**+ z{-XaP(4T=W0Y!II>@GZmtOs}vl=jx&K`#W|1=>j0hx{XVXt(_;65z6459{uY!X{vGHx(CwhlfbIaLe%u2}jdt-MZ$FV!`-vQm z6-EvzM!QQf4zwx8fi}fB(54uzE5%MXY=L30a9y|x!(b&k4ECXm+iDnWRflahjEhC} z9WIP!2 z=jm-3IInj)ES4Sb#&HsLOZJ$LcJv*CVtQO$dNzhxOvLYI6)3FE1T@k%~O8HiAKc;{F42-c?xQZe^4#;ds4~%pNYTf z)eqqR1|H&+kkP?sra?nGcR2ot>(1z?tzS`B)r*lk-GRx5pZB6FItp*b$#V9blP1fx z5m)Qr7h)LZ{Z;aA=9#??PMcJTa>ojP>A9%T(RwJ7Hs+aD*b-uzPO}&1Uoi4U}6<7^P~`gPL+V` zV7TokPuU{ZHju-#)(BLFlty&OrZf$Cc4sYo&iGEpaM06CoP5q<;;y%S`7IG__q!Ui z@jGA#`h^xr8@n!p68DbfnhiSh9|IxcKEl8N>&tFXiWBNz&M?CQs~E>2(FnvCXAkI+ zp!krs%w{bF9gFK6(D9(yV<0;tBB0Z7jkCC90U*<3gO3FgGT?#+B(@mWnB$32dPSgL z038f^4(I`(m7qgFIq-52Xf5a=pyz@P1#JLD?#qA-mhr?`iE*<0z2y$vbkc$K(ArZxnbew)g zP_YvYJKMsQ8-`&n7nk#Mn%V7W7;q4vF1M2;|p+*Xy18Q zoKdo5555GrV^q?|pPR=m)?Ib<_P@otB4ly=WA)p(XYB~wX_$-GmW9*w-#qZ6_3wVT z=i`euUD7}38{5(M;Uyqg@Bss0>tI4gW!sSCU64CI5v2@ z@Y{@^cXv8wu%m2<*$gslU;Mu1aPQCUd43l&3+#V|{FArmQDJ;F~r5LxIbsxUuU3R{3)gHiBHyy=;841n@!8|?tI!(qdyIK(^!ZI0%SJ2Hc+Q=UbWIxIs ztx=*uz8C4TL6(Pef08beI^ui+KA->8HA@(#JX{GY#6$>-080!|mKZ`5HA?~@mIOjf zof03U5-$M67olVsijpl92~bi*5|SEUI2j@7Rv|RI`#O+;rQHYW^+NRy{^hP4-E{^Q zsWALS?wa9~42F9gOu~A2J+hMK(Pjd0e+YsY>ARrRAAbbpLvIJ&7xaD5gF*iSdIIQ9 z&{9ws-LV;C6T>ZCJ_a8C!~tLL;TvT*pOahDoso!`RPOjQiX)E}K)uxS&Nb%(^&? zjiX|095ozFCWmFAK~ikEU!Vn4Ev5@cN@0F zum=t656!D_2RJUm1)&aOPg3sa>;P1P-s8zuOkZ8Co8w1X`oSURx zQ`gC75_}7K`tp@k70uEIv^G;TC;MbMlEg@8$V_Vx^d0DtA&mvKUZ}0~ozml7^aGNj zGq^g9P7TQpsB15wBz?=1+)T1ng36N{B{i2mD81BaqRcfWnrJS4pI8&Evzz$*<=gPP z42kCMXt5HwoPznnl_jfds-@Xw-*OtEU@VksAGRMBcbMR8{UWK&rT@B(1~^#)^bdxj z=jnHC`lD9ZwayHV!7tn}C2~YRv7lc?;NzhgLRUO0?G2kCX@L3zV9qdW+4?X5-Lcg_%ukc?#UMq$sb;Hlr9J=zN&dV z(C9#t7=CPVXo6JYNB0n5sGDFLD7&tYfsO@z0(3Gcx>quH{}gB$uAc|31$_au9`q&9 z^Fdz$Wqo)Rl-Wl+S`SVlrw1pIiv*uI-)Qie545xIt8Yk>=gO$06+wh1_FjA17mHqEdz48u|CF0OtR=fZ+b z(+lSQ6uBRad8+j=S{Jaisj&}_PcPWhk}JBpK#=}Gpy>0QR>xIBk)OSl3wN--Li9Ka zR`3ucoEWn7WsJ$s=N~v|v>8Nq17vde|ku|wg<(x)mcBY6s z>P!te&2*-JSLOt#9Z|2HI}q2C3Wq>3P@&KW_RG)oHAkR*>W4O#OAa+2+gona>Cm;H z*f0bJ$Gz@fC`3L6KS3&CotStH>O`tIBBleqQcTf#eBflA$7?>cJ~DL}8-Kc7r{hl2 zOVfcf-F1pit8pL+WlWtG0X>TV90q%0lsnd<#`us&f$|lP0UZj8b)+)PHU@MIu8#wq z0(t@{%i%;&mKh8Si7tB>64%pd$?55|DVYHVO zJIk+%-90b}=dhCvqiw9=Ftq5xRT@@fnA0DF zX&I)|AIH!hoIV)(0$PMBV_u%uB4RF@7D+M(X$?|~tT~i+P}f@I41}X&>q-~aB6Afs z|F9OB6Y>vh5uAk8L5uL7EKLjXd!#p7WC?c3=vavipC`sR9O#XzZ1+&fh8{-{%uEc0 zPt?SOW!J$lR5g{XLH-A(9j8G|P1zZ?v}E)d_z@btkr#+pRScuB8si~(J=Ii$LYm5DCchxa+;K*oL#f56q*Bxx-_6w80EFO! zIJG93!dS%k9*vE73u?Ae0O*RHW}Bv$rrAz)*PUv%GY}xG*{YzCSQe{6DS}#1YPNGh zhk|0LI(8f=dfPH_a2_aCXfr7524=QnEXQj>`Sy>PW+SJXja(%7v-6G0s(i%`f?m;Z zLmd|hW*J6(rs3Gb*KnLkSL`OkZZV7+OT$rPX}CuWd(5ym4f~y891_>K8K|=wcaYJ2=Zs}%|VKi!tt%}nEH zJ`xEp0^>bdl#axY!)@w19R{8~N5=nLJqf8BcKQbRBv6dFP2g<2GR9?Lo0QeNFYR%p zOPy|oV4dM3aQu2m(&(g)LFQ#-Mzf+L(+@-Pj%+ISk?8s8?{qxXHlZhrPf475&BXbo zV^(n-fu;k9Ir6xe;!8a4c=@h6llNnO{tY?ir(=2_!k5*`JLV~?Y+uk)2Yx@$9c@1V zg&iL7nlH_3X23n52Y~(%l(P5{D68hr@O)}?kkhJ3E)x94`9_1c9H-yh&~RChwT8=g zoPKjdF&@jP;aDaVV;4!W?;FO!H^m+@>{o`pY8d8wu%*9w@p^t{^P=-l!w#oxj45HB z=b_I49Pz;spKQwRkExym^B>6Gk8?iJ>bA_*t(mRwWwiVOhXG`@{wZ@z`|e+t9rzSH z*1vrTW^9&iT7LnjYzA!Mlns*ahudV2d9k{!5IqhS`(5}|;^&#RCEb=Uv z!V5U>&kE#?c#f-%z-!R3QTqkl2}~W z=wo$L|EDI_`SIQP(0+P>PlwTeCmf>8VhUl934xzNXVGA0OIT($RR9$L+iCAuCUQ|$ zn8X|hV#Pv?EGNASKqrHq1v(vcnZudeGjP2El#|?iElzIprne%eR1uI}Tkr_^=7erK56W>ri3i@tg=B0@aQcdL4lccud`1D`F#AFWt{<)~=mt!mz zb;GhzG8Dr^nF}}Aupx$>WY`qLo-~XDl6qfG#!Sx}^Psd=f{VZ2=bX2_e}h#qSg7z#pbl3>D;QObd4%o5w;Op2NFYQd>wU(8s``H zB^p_6kPaeH%%P zpKmD}pPw$8q|}JH;^iD85nI2CWzsg2tsnPz-%^hqV~C(XckdeqfH?-$(7^*6v#7x+740r8}Ks)boUt3U_WH#QOl~wHx0<&c$50-c|Y{M zLVUFSrO;VuP0E`hc@-PFa#Q~HU5G63a zX+-|U4D}jmUOSO-2>Uq$eyhNd20W+0(FXjS!1$(7`5W(5uhHgps{&&UxLSd62E-IN z!2!*yaq|iOq8b+``irHwnB*_!;9|1BI2jjH{l#cpl=_Q9aWTVR493MQe-W*2z2KA! zTe9!TShj6+`?77+b!!Gu$qzSfLHlHv+?A!(Iss47;Y5DKVKl6-4Zb$a$L?&b zM>?>xSI=BDyHp!oG|H0-Z$Z115v;xdrY^3N$9wbyT(&8^2RhrCmtb_Z7~HkE*Z<95 zxNTz|Iww8C9C@n&?yVAy&txA8l=9$NHXO5I*``Cek5LwQ=NQ&7P$wK$$u0%j-}FIUVXC7YW!3DE6%5 zB62v0Vs99>%fkJ`Fiyj2xC0!A4Qz&uGi-@rXBx(-42{dF404fxby6|bNyRuos2CTB zDAxM^NS3&9nH&t$Tp&g!TcZ78<^m@K0dBQA~|AoN86j`Z3VQ z6;(@(XI%+;kD_X>@u)39Z%|ZiHlRZU-Jqx%Za|9#tp~dDs57d^PcO*dSgt_^h@Bwb zrz@i7n;<7CqV}60IQNn-p$42F`vcKL56Iuh!^YsPpS}?9Pmr}h)QS^iyCQ1F3G%Wc zYR3ukC=gAwB!459^C5{5i6^~X5jEx{!nKO1H7Ce=Mbw-VqydN~dUXEAX7yqg`}jq&^vGJoSAoW7u>NXcL&LzEP^9gjq` zB!DT3?*uLxgR6a`$yb9DSJ9o-ZRckrgi0IC!6^}o6G7oOEO8|fbAYKt!HkT*+WwB- zG4kqVWx0SUseXBYR5)NJrTXmyNQD9h zhgKv%XMaE{3@|g2{l>IkR+c|`2WCn11h|pg*ngb_GonZ)pOmXKj7nUwuNb%4xStwF zb3?=Z&A2|0xMDP?m193vxmm`2!MHl(zHA)(ZW`kU#&KR(v6qbd(70@rbM@u8ka8o9 zn_wKq#GUUl;~I^-*f@?dYbtjb$3C!P|1vHL9itdkk8(Jk*Kyq2tXQdW^Nl;lxCY}c zG%jx3e;M~}1c%A>9XwX9Q)dFPL55Cip#b{KFGCvWNXFkmZWz9GlI$d|!kkef@}?)QjYMnHg}H=hFxXYb%xz+*k;4-G3-9W-bc>q^X+t; zY!A&H(~g;moQdeRuF)C2q>g9_a=|;+6gt%zsdM_&5FFA8cO-orWLm(9UUjY`xwyQp zwh}9RIbf}G2sZw1Q|*w3b=SzNOE)pk%F1r1hAQf^x5%-69@%JJ&8~WeDN}U33nC(Q zx&a+}f&$AQu5s~m+SU`4_v(61o6jXP-RvX!nnbPR9rKiSC|~qQ2ku6PjqE3&tgWAd zGS9KQUrO@L(3X9JGXRi_%F0}F5!vyo*iFti!gFa{xQ7jU#jw{6%Z9`?Zm#1Z0qcWe zsMW$nc#fdMt~ZRQm7&O?==F(D8A59cU#2(=Vnuv;gFdYAeQJT zayi`QF-@j14ZndU_#-Z*&6`nPSI5H^CQMk^i0@}MRPapoCbXrK3jc^+ITlGYD&mW* zroq!)b*O>qL)%F!c_SLEj9{8eQd+@86E+p68{|tgHd|9A8V?)OFI*y8Lwz$(_v~tk z3%`fC3}q&9lj-$qYMUDB?W|NsOF(@g?ws{6VspW*8TvDc09<5jn+KvEvNmfQw>fhH-vJG4AUj7YV*$*tZOO)UYQF z`;}o_s-|)4GJSgNF(}4U4Bx{khWrpEM`P~5lW%-If5SIP_cZUbd*%>ohy0D30OAMAEVeLCs@(9AV84D4=Pkg4R8X1y(u7)Ay&s;sf z0P%~kvSr}nl>u~5u}cczjuCCkMj?JqeCFV`83nCh#);+rlND_(0X~YMDoM^V$PG%7 z?j)4CoS+`u>_f?|1~)^v3&4E?Pg#UB@KDPo92Or2HwuO_*`aUnI50Y2+1NLr&CjsN z&R{Ekbl#t*8YC}AZ5Q8!fB54%4~6`bKd!?xw}kw|ry5)e`OOUV4fxD_#%=g*AMO%J z?HhE^lbqcU?eK(ClLDk_NnNSRjsa80K3Y*b*C7|7SF7vK*AMUD(z)>G)*nP&^6C*g z|G4#$*{JUE;Nqm!1_@k`D^M-jSh2iHR4&_LwT14JWPI-9{90(P^y`MGA}^4KYqWRc zfGr1iF`+N%@~k1YyKIa2S>v0bkYJNGHSjo~Sykm4iu#g6x6}=M3Eq9GTyMa=`*c*Y z{!K5IK&5!kK4@SPM-b?@E{@{DJ%3=|?;y9|;}_Ps@<5Ud`vb{et@v+*ehoh!(nBFq z54#u5DWs6Fq*sKL@5abg2SX749066oE|bR>>MNmg;GX@1W$rpBSc|l{s-Jp*?pyFT z9qr32Jy;H@qhajuygYHRR7JrjTmX74=!KyF1zHPwBj~xHH-lmn3Od?RSvVeh0ZozyWi`4t89Gy(NboZ5WzDhoO%n9NJLB@Lmq%AiAbU?XLH@ z(y(g{`@Ug6GVCG4wi@=bVXqm+5mLR!Cx+!@dMx5NoLpeoD8sNu)5V=^Sh-yAdf(xO9b*{xYHB!s{zAjeF>Eo;w9SP4x^^Bhj>Ex6L@C^~pUu^B>8<60if}GqU5)VY7ZA&$Gp+GH9u4L$YjZHVg~j3KWC8 z6PG$>n0lUVDg3;n%}(c)5p_SZ(R9DJJG?(_SRa};Yykq#4(Vp5$ut(>msNs4;ySfq z-65({k2%6Z1(p${=r7g9bJ5OqzLq-qSg}Pz(I#f*6=E_saU@BAM+vJM|5|uLs2YDZ zD5F!=P-!p(p9rV3v-zM>;8YgfJJ3M9W?iP^cg1{<%I7O_^3)O3p>qhpodY|Jd4$py zI}j8nQ^ZDsV)wA@RXi7T0VFKNB;$I;#*x@AD;&}`Y(X9?zD&eKZAer z7r=RdV|c?5pPA42Bz~WwGN|jc7B8q>)mT@xuxZ`g25frZ0PLIs)??q(K}|^>faQV1 zdhiqPf&J=fx|ROu<$MY8bF}ull|U}>&a?3)>CU^COn)$fviHRFy@4W^=+R8WhcSFN z)8`u>xHB8-^Ab^QGulv(%5`@()FcU|HWcqNO|IK;?;^R=Fu6{2XlX~#`sBtTc4*JR z0t>zg&#~4!W_Pr`Gyql^NyLs3I@)14$uISz8BSvkh}}aU|7|gEp?wJXQ*|ctNzW9M z`-$rGpHilo=hf#w5R3g|7K8zbg1}BR?J{(k-S`3f#!NbW-^vn^q#>2<7P?mz3pn0I*kyhYU$EhVpED{t$SCfkdC60>(qYN8s*nGnl z8wNYn#f2p*TqL;4uwUKv_MlD25Xdw;9WptX}!G;Yp zY^q_%R~POJhH<7)<9^Ywiwuh!cBNs9viyB{rm@DYGK^;$E5@%#kc$TE4BKc}n_)K_ z#)A?yE}F}K#AoKVwquh#l0b8|BzM#KMVn5^YwI7MTF^FgF#qNvNLyn;O2D#Z+t6+W zr30z5$AOzB9P7(2{3`MDPCIP=N(Uqvjz8qGo5xD{-+v1S8|kaf5Z1A!xIf)SJXbIp zdn{-RL&hHO$rMh+kDWPnoi-CVR<5eNzNK+yQ$tJRl*-Cet5z+?;H6i(=wzGW$Kfq? z*`fle%=KB1?_kI2GfHT&<8s7`MEB5)Hf?5bCMt4|8iLiCj@RjoHojNbXge7lC_cet zPesi_bY>#Og|;LDxHx)Adf|B0K<2e51ji92enX zZ4UdyFjirW%POpK@iY!AHH?OwhNB^;;b30niQV>(F@GNO`t4E}HJPnJ41TC2ce3Zkk!Npbgi9^)~3vxFNJY zZ8K|hxdY~gV1NZvrHEevZeB`Z-wedNZ##w=OGle30!jfD}E%4E(gDx zgiH7*pT&u0K|YnrAU-}vt+Lz|iyM37bl#t%R++G3=vY}k5B(DUBs8Cy&&c<9vzL`c zYs&2U+U8nJY+XP@#P^kaDNi=A{PeQkFbKYm@|H9(MUw$p>s+B!FpdK}-}7vn)-C?+X}#WPy!D^|;0n7!Ui^I6T{ zybG-e^b@A9!TF>Jq*G^C5rZ81K^h$lpML1mcicIyLX&u?(*C4qnlk-itFZUyHA&QL z7dNKFCrBDo@+&d<{)7Dc9|H4+kIwhR(0|AGq(1Vc!Rx2X<#Et4gMDHnPwfsQVOgSr zg8s12sX}?ga4F|T@{WJTH7!b%N16HF1xm%Y8*~Eb$Dorzv3OF>lZ2v)&BpaVL22K7 z3OXP3U!V&?k?-OhH(v@rpGZR zO)rWXtXRI|bQDQ3jv{HecP!i=4f~s6yA9(CM~z$HxJZB#88H}}5o|hdZagRcWb~K( z#!<^h@mDvz*gRzY}2%iGq=$|oq(d1{y@cP@J)79lel}p zf{Ql|rX+iUr<(MWlz4J!*OP;MbQ$Amd&_iANcIFjy^Vm@RH{J?USa@bhUyi1!SR_G zcPcMR_=m1%HiN1`H)e#BFuV>-u2yDLBrC*x`E<`H+$bZMUtYVqYIgOMIvfF3xlXRQ zoM%cQpGw_mcb$Q+;?Qw-pPyH3Xj&nf?N|xJ3bwz5IRt&0#E3V$K^%k{noi|t21%?W zmBT0pn#xJ@N(aG{uQ0H)R~TP-q$Jv*>od#2B+P%R4mN|d+vw(^OTo9tL3Z*nngyVE zngHjC%Y@|KQmP{$jnmgwRkSo$*|-OXLS`4R)Zq)N&E@qKI)sq0Zu?4O%T^|7)Du_E z_3dEndLK}f9rm!9{(waKTrb7+1}4TV`J!~}i%WB&9pX`n%3r=OO9e}T&%3^mHa)Q* zB*uJz1Vs9Gi1g0@LQWTakkdWYihbYt>S}()o;3_jhKq~FLOAW9YB*ZAn%=y5@kiQ< zN-%ety=ZZ3u^&uq)LGe@!AWPwdvkIH>`kof;4G}1OwS=inxHkfxsEFC1IcI1U9g=% z9AB?nJAzT#W{kqN>zw%K2e+M;ItdHkqP9^xA{c%2_j{u3%w=aUT?&JhMMI}!=YTr{ z_G^xOrDKtBX9Lse*!AFOi5JN+?vqnA_Gb8bcdKK(ibx(TBz84^l$H0N^;Jet0prDF z+Bez%Qt>B(1zPx>gzXl-5u>A-%EjUIEQSAfrk ztS42| z_yQzpKx-w>>h?u}iQ@MkTV2Di=`yE=;WxP)W)$5$#t0)HaXHBEC z*vL4lDgEEtE1w9J%Hc%Slw}aA(`Zg%@ z_)gFjpm%}Nxc(k!6X^Fr*Mi;y`eo1`g0gJh3mON#A9NEa7QV|@S$+aaBm8Hee0wfr zQ=^-l8r|e{xv64YUZ)s0NGnD|Trry8ieaR~VO(yi7^b@&)@;~X!!{UpnPJx%cD-R7 zO4RheV;GHd#b}(9iv*t5^#Fp&BX3P8V3=hcpIIMg9P^;8+ql$ZP zwd8hfwdDR=td>6R>AAwr57H%@EPU6n$e%!41b)>YLkC1v@z@4Za^G%#uK5Nw?ZbxEYlBxCWG?YUhLUY1e^L z;oXJo)>X;mRN~|!_@Ju#MgxvcDE3{$Xt*kt1DR^vh~v=pFs#Hdd|J4xYOIC~QgtpY z*d4$ZgnA!74qxmq!+p%o1r_a)Zjux=W4OEqRG{m z?;5VgS7ih--t1~n=D{_f6za_;RB~>qxd`<;&NnIxvFID&vGx)p8a(5;NH7p$)41%Z zYPcf}V>MRnKUIz2z>|cReJ5ArKlN1F|L@jfk?>@^r+4Y9@p>oWi$Ph9VIhd5H-fSn zUkXZzf72vRP9;uGHy0?zeurXrIxZSenJb3jO5vjXz>ULLjWsT-v4-2K-KbrNXsQ%E z+UgV+uD-nayioN`j`Ms^1d7E)e#l^YV{Ki-3cR0<*E?nGpCYT9Y8gTQpJU?~wU%ZR z@jk?Fq>m5E=VO(FU4z8bJr-z{L#2_7|Egs?In8)-5t&<2>^4MI>@CMdgWntWKg`hE zk-*X}GW5kBXDCKn>gHC}SMrEXx8#2H|9-|k?J^dogkvArBPW z?zkw2^&PfYHm`iZzx*)>4ozI!AA4Sk+D<#?i5ZnB)WNc?1=4TlpmX{yET3aUIQCQM zShT6GQFzew>z83c%>Vvd{5W%B+vceuNij{PaTtDFK%%aTmJ3C{$J1K=)9`wWASg!m zSv6TB^(4`J@u2yXX{`VI(^fpu@d`X)MzFAa^|?v&T$F(C)q80$SlaG5hb=hl%+)J? z_X_6|!>u*N=p0(>|DDM!o;$)9;9Cw#eoJq_&-IT4%CbT=#PU+=aJ0oSmOb=9V|+<& z&*b>SXwXAI$AFFi9S6!Xc04HC368Sql1Os8B$8Z2mb)vq&4r5uzjR!bpR|#<5vgAq zZl__i5ftNSwx(BV7-sk##(546hjz_jT-L1Ej|}^zVJ{hW1+=h+yUKBq06SGaShA_U zGQKE?e-huiBRl>)4g>k)XRS|U#yLrJYA|tY%Z@Salesc@&zc&YQ(qY@uEC=RHp4z^ z!KSj$;!nh%(I`(e7i>D?GbH7%x3=umm6~U^^s__~%Z($l+!!k*_Y~vLw$Vs=HpH4E zr~Yh4-sS|8ft@GV`QT;=$6~h&zs>l0cb#V(rKVvx{*V#DH4gXW4A|(&Yg4ZB9*%wu z{(fx=I|o;U{C~oskAUTZohH>ra^e0Qa3h%lx%vQqu~e(WCKEn0pYK}yxCBmJ*P2Y0 zKl0Qf9nf!dJ4O;ct87$r-G|4dgWxMc8(x%(s#&h>YtO9Yr2^?(K8H6o7jy~WF!6J9 z?0#*eb{m%A2zlMo&W(FZCE&!M4=M#Gv0Ox)*_c>&$O^WPgxi2nS;0kk@pNJR;N=_% zTY`bFM6d7wbn-CamAw!9h5L5&=r<>?FIIMSH~;QeVKcd1$n`uon*nPEnYlE`Eqn{+ zp^{Fu=d6(@{7 zeoRHhvBy`8JMOsZ@~Uyil^-{HT;(L_$HZqG9z@CD^(1*ue5nz)qsIw9Z4jobAO6aTPlWa_rgWF;of1V7xTW-upNf|)v)X= zpI)xxB3%y!aKtLvh5Hga;29nY@NshC_eu}dQ16EV{#OU|xL3=n%c!Ib;k$;10{%M) zVhr*!sN?}Ci{bTB49{?!n$g4}!FLS1+i^M+KwljS&~O|IP>jvIVjK!kj6(s6{ofi2 z_(e~p{r~ZyfCrs~e-6r45ldoX5zux}4h3ulrNpl@iIY=_lhdI9#n>BH>`uq&P=I0_ z3ea#I3Q(-rFb)MM#`6RAh1r$A>6F~~RxZk!xV1Si{(MQ_6Em83@Gw*!ippo*g&&o% zcQj3t9cwsrL%^^|J}61{1kWy&UvNW1WDkDfE)~;c8i(Tdx1snWF2xWjZ8*Qau4+wH z9h$|aby!)upa$RVuAI|Qp?h9m#vC73*Uql5tkRW<(cXIO4(75ZPnN~oyndAF&%$<#8 zr9&s9Oz?T9fbxN+fl_7dNQMWB4Yg`mt=UbBpS0p&@% z5#+QRK~4|xRP0d~P7m=^>{o{Ec3hO}=p?-e_jn2y4cIf+^l0LbX>Wac&*V+@c_?Cw zg4T~SnzKi@@2H5Mmb+ld6Empof-$dOdhnP%n`UHRdII(_?U<*w{h0Pkr@O@v+@4-D z7)uuh#K$a1tWbD!<3}xj!Pcw+@#B{y(9ejL-IIaU3){vc^;^VZ{{lE&k-%(MjzZgo z-)8*0Tkjc1!&dx7A^)%ye__Z!*@|c1t}NvLhZ_h`EJ09=-uSizXb%Nt2RG!sfTs*H<-3O_D`eVxG@NY03ziYiiT4 zK0qOs+weGEew~qfgyzewjzaw|fB{$_r+`jmp~OK(emrVUZPM4`50?mwU}{b(99t*> zYnIgO+B6nw7GNx+1jPw6E}_u)mZir+f0Tsh1Nn{KWi{cg-c05+2{&3s8+^K_@n{d) z`+PIh61aj+-;Bc)X(O(55w+8kq3dsu5zLY_eFT1?28)bN!^(_A$3mx@u1iN#~7k(^)lVe|-(muNxa6Bk2I`8`dH!bjl!sIxec z#lkSa7l!eL$IDw{l{H{?6KIss`TatJ=W++t0f zC^Xo@a{4M(#>tjZj-MC9|6)*%gS3Jk0lEQnG$_Z>PXgsQ`czOXg_UjRSAeo$eg%|b zg*`33gR4L*aSf|FRs;G~P)hG>pv|CP2fYCF2GB2qegl*>b2=VcdjsUOH$W~D49`$s ze4yQN5&0yIhCAM{X%=p#VO&F?;no_)^#Y1rZ`h-TJ!u&FKQ7!(!_X;pSfS&v?!hpu z(G*{-R5a`q!xkIHZASWTN22Y~XBp+VNN}QIlMUmhZw)usuu8*f4BLX741U5t`9CcV zFa&dH22ODvh=Vzs``1u+tqk1Gp>24l;CM7yJntAwe}!WUStF{PMP?U%CHQ&AVv+2^ zy^b;@8D2-=<8X-X_rrYb6t$V?cQ2~1#m0oW@iL%3FvtDP&$RPD?ntI)*kJAy!e!s&b=H%w}3G%WdBZEA*H-I;WGVk>9 zh9TqzTA1Qil{Kb$!gPwl#{h+*@FNyf6nqY90H6K8h8i}TW^z(I=I_U-KYc*QI{Y|o zrMS&2MnmfaP^8J>wixAbA}Fieg{WRSvrSIzU~-Y*0p}Z)Q??X)!mwu?hi|Au;w(ea zAm4Ejeiv6tQ#2UwxCoVp+$|c!9Ty31Hf*zDFh?@X9QN;yyE$8toVsw)dmnIkn+&sr zj^*a~^hGbxVlS%45m@KWC|})dCa`Z>XV+IZU{%GW!Zrv2#xDb<__46DSyk63#h~>K z1*F%pq3}`AP+%y-8?=ma02&A04hC(9+p!!_^N&hIm;4!pRs)K_s_ayVnL(z3G7m~Y zDfVg;J2@3QxritZ#eVL>>CzO%*pbz6^YmkVt$PYuCav6osiPvbCi&G~?Dl$YJ7NbL z+FJ&-;)JB2rSF*b_t=YamZ(fO;eJ7|1n-F zf8K*Xxz8WuK8xG3+yNQ{=-@=day#HOdvj`K>vhpTqvj2PV*LAx%2nO7;kpK8Q z=+9CF%K*Qb_$9~xhWP8d z^{B=zPG=S4wyRk=hHb%Z5Vqx1d~}LtBx)D5AKf7tub~3@^N9q)R?0Q_%#oi;lOB|K zBp>Qnc0N9ATD}VHXXhvO^O!s82Hd$W5tO70#XciZ_f4eZh+TPp0*aAh>L0Q;JQTy-SIYQt&= zOsXBvG^Flun5#ZSwL(ZpS50XB_(t^vh=|u{(Znru*Yn)<4Tw&E-|zR~zw7)dV*3Bs zUHksjYwmiH^B*ADhkY3C`e1kM`&+sIX0k&WnL2FpARSU0>u?y+G3vL&K>4=ljmKDj zVS35X(UG9+p&t!83N#MNp5HjoNuU!zXMs)xJp~lKFWE+UGUyUqPX=8I%66UAycCo@ zsTrWu$+JPP2Au=?bFYQa2Ss05H5o67kO;DVYP;>G7QT~UEB)|Ycp(~F4{D9Bg%X*x;?&c8w}>lO7UHh7xOn@_#;^K(bkOo zjTkry;#)u3n%O)s{&ee889G~#zkvf6JM!ayYJD~{{;Zoqh{7suZ+Y^)vl!>u*0(>6 zztFlaFKFo>-x{Bv-8MD1^@6;h`NR19yta9HybaB=_|#mU9XftO{zg7Z{DSPZFO>|L z_(ID`@!c5U?K@^y>$_QF_}PxZ*!K1qZj}#yNc_o(&$cYXJvM%ne_d(GKm;vmU6G6A zc#y-6!EI}^<4xH}9JYU-wi&rQa@ugj!{oe`naeg!Ex2@4>t~tG1sE>w)Aohz_-p79 z6bH=*AmNeR4i|s^y|Zyts$9PJ-mze*VS@N}CD>Hgl0SDYPN+LH)1Od>5$eMD>TDjy zwP4YnSK=I?{%h<@B?E(&xvVg79^mY z3x66o-hVT6XMcCq2lz7~|KDH4al~Bs@X3OJcTbLgT#Uv#m935rV9+ha|9bfQ&cO%Z ze$tnprcd3#%4g;?z5u#rIK$I*Vy-V;S~kDAu5n5Exm8m+ebj{0K+zxeM>$lUKfh{q zRnwZP#8|W@H&)CfnrCALxGe+r16s_63{D_51Iq}OGga*NLyqXqK0Z|tJeENtiB^}o z;jn)ET0Z{-w83caMOLs02ji$%F8iT%1AF4MhWS;i8rEoB1{*5)KzWP|#Pu?dVl#n`n`ifDn8P=$>_q~zT65&ORj}F8#(%E`RJJtpMSB1s}g7R#uylWd}{W}XjWp}CSdqOg4^Wvn&qbT4b8RH z>s&y849@j9>VIT#Hsr~|#00L91n$KP--bt+TDTLE)dE&6HT#kR24LahA~JbOinCCj z`XH+nn#`n(5{R%0wc<7;_%cHO6-KVCd6Q>aj^petiQRJN0rG^*2wJ{S&FBv1VN#dN zw6wx;0-xg%d}4k^MX#r$jP8pty4Tk~F}rLjug^pZ5&aXUf!xt+pGXd_eJ&@84=YcT z+*JF9=_(JUqc`%>VXo9jtp4&!)D>Fg&c(y`M~7{W=)F{Zz~|xpXbQ8#px3?>WCz7b zox$Z$8aX+6*_eCJiRNGituHR3!!fkoB)Q8JxIO6fdZ$%qm9MT@SiW4!s(z^geGgk0 zz-(c@^XNqOE|aI+{1U&}op|J&74E6J7;z4tgi$RWFj}_V^G?k@sUh76yIz z{&Zz!O;ycJ>rm};M2`&!k{Usty3mY30~3u~>bd{E0b}p=OcA0U$-(P-cTFuIa|7Bv zjiDRh9oz1axHuI*>~j-$Vzz#U@gz{Thm%05%z51(l>Tg4dCeAUDkxq_uG#YNn##Ep z^d!(3prxR*KzW~2Ko^0Y2D$`v9w^l{zF8An4!RJO?M^9Z9q8krtYBw?t^qv@lp<@Wtp~jav;p)!(DOjqTr`3H z6to%i5zzBN+3mdm^cB$cps#_pg1!y90rU@`mw>(pdMW5%LEAt-0KEeA@1UDNseHZy z`U&V&pr3(W1Iq64wV+v`Ujxkn{W>U>&No1*_ih4ZclleO2Y}uJdJyQXpof6o4$5JN z?}Bnj{w`3?v|I=}8T5OgY&50%<>pd8P|IpVHgJl6g%0lX@;F`Sh-=V3_H)TjfU~$N=@%}!|pWf4a43x zjNhr#Xa2yj{;-J@8{oJ|z^`8^#_zxBJ(d^-z2Pv_Oc(BQ!%)i{c7tK}8HTd&;y!8^ z%Cp1%Y}f~e^+7jGpQWGUBEkNK9c0*vhD|nXj$v~RyU4Is!>%;!TEo6=*jYRcS|7leX|y%oDoii-wM$f~P(&Yl$)K63iv z!g~!$lw@CA6iz%skBiH-uDD$1ipy7BarufB7jjx$$Z2s=j8>y!EG~+%xG2Wrq8N*d zVll&5TohXre?LCGD86WL{M3R4@w4+5$6IoD=0DMY*_mgXqNzlx-VJd~k)yfgS`ny} z_HjRYdH=&#aGa378jcm8&iiAU8%|N$r?e5nii-DSWjg@BgRJDO?@m!wb|`sXgXrTR zHIy^2ji{(lnUhPN5AL7Y2Ulg}gD1r9!?WV6)8zTC;gXj~v-t8%^p&Hc68Xr z-i;4tN~#DTlO&k9c~akM6g<3R-i4La%_wDAz;6L%p5E$8-IY@6t_MO+k8CCv3EnX5 zZO27|JV;8z6*vxy0u7sN7%f{3*KQcwGu?TaG0Tcs36l1XMTyQ!D%_sk0>6o&_RPm& zhV`>zlA@qWt16nRR&flHgCyFLq4SDO^IbM#Vd3$~)UlP}IkW{AM|zUY+5-IBvRSor@3T4T zvN_LX?>>%RX4yky8PY(~VGy-GuOpJ?6M*@RVW2P&^v0#Bums?|)Wk zTtBa_bD?R)=%LWm%=vc-O)F7IXllmvPH4wCp^b7vJJt#9auXUk6&g7enqm~1VicNU z6q;fbnqm~1Vha{wS!98(>x>@~-xfbVJN`1X+>izFH(<5o$9J4Laa+qDCcfPAb{Raj zEj#;6YhE_1IOOkG$Fr%RW0hpdry9r2g3V^6LskM!W}8``7r6!M)J7#&tZS$v5PK?M>>mcCW-^%1+!eSnC&Q!iP2F2a;g-`MS>d&_t zx1+sJ5@XYZWL8>fa=-teA`OL|38Nx>o;?vv6FxRjlb!NSJcvSvBO1mUsvMHF^b zeMLiMRb^RyOI=-Ka}%_^E@07yrWDIk`RzDez;X=kz>xzU7I&`1Zj|sG8&HG!WVEbB z4$BBMJeNiHlQ`Rw;;@xb{{zuJSEPfP`UoDVGHm8G$?6o5z zpl9e0ejbi&8HrzC3?Fk&^f*ZolUBH)wK+8oBw=2j0f9w8&msVaS*#f8!=TI^%x1-g zf<6YyM|uvF31fCk7V1Lt%R=23L8k(L33M7Lah8RBF@~TYXde4UGYn&!rg7P(X*g^Gbr@&%6#JQBcyEXO%CJ`r zy9G}b#9xR%Ic96?+lRdLB(==S$wy@Beeh#h@4V~Ba_#qk@nLylQ5LdzK)_c`*VkjZEX-M;UIsr3 zf*3A?dqJ6>KLKT-d;|HSEhITr)8ryJI7)q^SRJFBb|p02O@=*Z;a)WCFNS?+*pZO1 z#vSFjNU+whFBx_VVgxw6p!KaoRu(Tk;>nku8za>>{`j(_GKP8+Ds82V=NxR%6vxs= zO@VAfUemxxbyUmA$7HZVhD#&UWEx!ZN!_9@Rwku!x@gtp(s;8Jm5!w`S4tJZci~rwpLdHq<7l|iof7g7 zH@c%k{^3UV>$v;0kS^jq+31pPN|t_Ct?p4tD~s4tM~k_MI43Wf6V1a)s($@)24wY* zj>zeo*Ech-?|waPq)$g9eTY+XzR}$udEZ$heG0U|A)(fk+n>5>q(`75_&;c*nQV>} zPQPtvHk#nDa?_G8Qb1GXPeSmGHgl@S4L9WxZn$4YgUiIRup>t8&1>p9UbEuynzH2e zB+%DDXM_F*^if2jCT*7R~v3}+HjM@$$2O#im^dfj1974Y>*Y3WEh)f#pWBf z*svzU))@9*hTUY?orZnSusw!l!QRz-@S6qtEJF;d!5hg~s^9VtvpHwa^VpY*4GLl~ zi-EmkF!tCs7qm{=)113!oNiui9TBK?{rf$~F%?CV;zYwnxT@?kkn4J$z*|rfJUA6= z#=+&FkYR-rn&ljsTv5yXcwo)qI}_YWvCJu!69k(NPHprh;Jzzy(pg!xZp0B<|8^D0zkT*?veydPGD z#VDGaL7Ba`fgTQe2k6nD7~PQ(rtgAI#5F3IC<%s}j_V(S&I7$4lsWMLD4z>sLGsl? z;*>wu!imxuWL7^pRUYIb!LJcYu{Rv2qgIMBTQ%H4j*A9E4dbk>hC9iyWri&`tlluH z7EO=iR~q+j!|?PD<4Bfx?UVNjM1+iuwVhCw_oy==!}*yNG;)95Go%36Y# z_D&6Rf29K^h$ofx1JGaLH#t<<7>8kK&#~!H2YaldsksaXgp@Z|l{ISjpv+tJ=`DPw z!h5B58!~a-(c*^=a;~dSr*S}(2O_gSF~Is0InsX^==u-70FUwsg7TfhHrO|UAjT)W z5tQ$G6DV7y-{4Wyawn&jJGqFgu2<}9E?gwI)p60_4#Tz@_PAk15TV8$>^OWzGJaM` z?wEFbWEz{SW*za#;`|4)_lrN-+Wv6s$NQh3yJ<>s{sZkhGUJcrKM=`(VCSYOf@ifp zQrx;VGyj1{T6bXgR5ka3RZra6ycK(`9zWudWo2h#DXA|E8}I<$o#`0*(NS}=U(Rbh z6E~`g^ZuMG=qJ8vQ=cC4-~VzJ6tvfHRF160bUuC!{B^WOj~(Y{d&Y$d8=r~Ka0Y(G z$%XCwiq-YC6{{M{%2!v^)KdXlTLAI*Tn7it9=)K!qrk>2W_*;NO!^#YW&fc@*xK(k|#^xgO}Q zc{U$ic2d}C@neH@jQHv2%edD-!yc?VK*SGiQA?ffi=wC2?1f0Iw8IUOyW#htO-467 zdJIoorvk^x2)Z$WnRlcl&FKmqn9|!$#;Xp;e)zvqax@By3pb413kKYBPcTf9dv2AP<&$(aD4^nWYA5ZtOHkqvQ%9I z%5r-xDBt0A6ej(+COQ4MCb@`w9$c}%xNs5K!=l({hDA^f6{7*HaoN3BY?NVh44Z3M zjbU|$Z7}RI!?=1|)4SfVdknkJuy(^9HSBG}{$SWH!~S6yj%joEIKpv};CRC(8diXj z6n&N=$3=LER@$a4QQMGRaLIP(2e_uKaB@hy_&7*Bn4Qorwe@JXYAegC@x5xU`^0ck zJ=TC$)pann5YIWbJW`}S1Te~@pu9)8X_){Ug+Z{kUe+g_=xmmMN(o_^A*W3Xxk#|t zu`e6L?Hr^LRtG*oP^g2$Q%(hIg#FxUqMu6*%F*vm!+IlOWYXREUc5%}l%5Q|7UZZT z=YX<~--8B0jRSHjL2{Ac=kR5YM}tQk7m?l|WuzYgAs3MoQ8n%m)EAB0y`--ZSyIy1 z3zsVCuL`zzlKv&qJ}p##k|lj}ZzQe9*!DuqBT{A8QOqvI!&1Ygk+BPCb+tPQ5ALfH zE(E27?==aNQwfucNL6G`M}vnDj$B0M6)2mioIyh_g1y6HF4$27Hlb(1HI-$ zn$y?LXlN>JtnGzJL;6)k+DWQMq?K(afjh0MXFwGvYvVDlT^;G9eKZChRNCZJ+Tgt5l*KBltNTKB}h)|HRTo!Sg*=KEkYp=s$e0v?Xy228@+DY_M zC()rMQF1C#a*^PEyft$+D#xXgiv+I%qbzh?BDsi|0~$9Q64kifOZ0xkRf+ygxKxR5 z5p3@y`g=UXwfbOJ8eqyx&uf^K269>&$VFrW1f>!Uo<+Wr)A~+1MrA`O zIo-9TaVMiRXx#2g!>H^Y#Nh#g1SMFZA0 za*=>`oW>pNxSrVaze8Lt0o#R3EdhTJZ0|}ycdfv~y(5z z&q=%5N&8TfHaV3xIqkDE*R{`1PW$YXllIxkX`fx=vd^w@yO;Lg5m%-CiEydX-YwYP zN&9VRq44)OlC}I3y^!|&sugJJtD5A9I=pjF75tH@+PZ^+Pfa&e!8ol^_j z_hG4D>7;(KlllmgIysd(IsHBtb3Yn9iu@y|ix?@dsFW~rTE{gm>$t}4Uh4lsT$Os( zU~;Ka=gPwz98tG7GbG(vde8Ji>I?SP((Be_>*NmIS%{rP>#4^7jw=l}xzcc$l?HNJ z8px@oN13UmM=pXxBq1P3DjM{0oLYJsmzJK!?Y=bRh`c$Ak|$hhY3L`|-j#;#EWKa$ zt~4Z?*WTLv-C25&XgKk1Exj~xdRhY7T?zQHD*+>|1d!7bKu#?^N2Odf^B?ZvS6)l7G%g{&15#Ih8y)9lN6hbnK3tj@?maI(A1+$L=&P$L=)lmTo2g z4Tx1Ge~WOGd}6Nrn}Y3~*1ot2mb2A#;=eS4!*$2#joH*t< z9go+z9|P04-AnOi)E<@M9m1tb@ixKsPKv+8({wct-lrG=#HF2QlTmm5icVugL*2sK zRlOQ>PdC4vHpw&-=4r!qT2J}C=41(f0q02awHCPZBwsKIlT!(k(|K^pLFd8AMS^z_ zler(oiPy^MJh;Z?Jh;Z~Uc%c&hHRt%B3!D3cL=t368;6!4u7lHS4|`z3@^qXaXpbR z&*<$%g*`O2N>VY0?J_a*^OI#GqWFaySn;JvB+=a=nAb?OwVo5m)PPqj0IxT_xCmR=R)fdL2tx7!6J5 z{(Gg%1bZS~hU=+x^RiUBeLyMQXH2@}RJ!C;y3A#jE;*Gh<)YFhr_$B9l&;3@Ub?HS zx3yY0O7|}|uHGov-bwcXJzYI`B6WX+6hi}9WEodva@Ntc{Tmz<7tGM9DjDLLH(O}XeEXmToDjZ5h! z;&yF2N3ps|>n=XQ3of}vM&yl(2Q9`dC*l7_ZiK&KlWa|$>MuI!^)%G4scLFgvu0t#jN0WG^z2O!DD|_!vOsuR z`ZPmJiJfLnd;2c5Gq>*~*JXT?EQTxy4hLo1d%8)QoJyKpBzO?M%<*W@?zo7o8l{Y) zvPXcNt`OF^T%D$IyO;D22YX3BARHyV)7swq1lv1FzljtVbkX(>>_*Z}RalWWrLhs> zX)ecd`zEYOs;I`y`fb$p{m+Kic?iToV-5#F;y`Xh_u5hV!`&7a9 zPU1huBh2bT;_+^@w`8_VVN72;r59o@PGf1MrWI!J=*dnec7cGo-lvFjb( zWfCQ)5+xT2?n6xGY*cnG*GC^?lVIh82$T_s8`61;-D zFt?)tXK=}>L^UoYs&TuQXg$QGb+lQyREeG^*xpH$B{IBU-Ya5uhR*aCowUDFuVz3E zkM4yy4^FM1N!3qN3Jp9a^t5_Ykm)q-PCRRJz5JZ(*W!B`(zY%%DUwqul8Xc!du3in zWxXJ|NbmwM=5REijY3XG9X0O9z%*|6Qv5nr3#$}w5-wGWHwcF0_hO$_cm3KIdMd?J z%NrZ9Keji*Oxt6%VqpoU>;85O)kPf*ujf9>t>!=2t>$kr>5^0FlGA=IWuX09auIx0 z4pOfchc={9muo2lp;lqIuOc9 z*MX4Jbs!p-_LIi#zAkS>T$OfQxKwFhCfMFdySpCIQ@xZn_iXgWdP>{R3D;CjG+pN@ zeaK$aYm|lF#<$SN6niKDDK} zYHja&LY>>qmRP5DvxVrQ?uPB=zdO76PtI=so=KFPN|c=1&CGYTo5`u&%-mMHnVj0q z8kcsn#_e9B3lLW&x>UGSi7poGKP%Bqy^v^c>TI_X?V=~-B-&*i4NLSjC(-AfMDI3< zl2eJ2Q;9O)RiflnqRefTC^?m=#-&6xZub(cLR^*Txx%GNv_`PKlW2D~^ff(^=z^+M z<&8BB{8U(Pq}r)*oRZ%EVeU=fUYx8j43#{)iyh!-kqh@vQnsHlh{D2hZ8jDE6U|%j`o# zac&4)I5z~vJ~VC7hi=^0c)JhF2`<>uGk) zYW6NK(xr01wOh|*g3f$HN6$GK4}g7rX7~R05p)0hfVux&Wa&bYE)?f=k;|Odh2p#} zxNu$Y`RA506e&YhqHjws zfkjp44WKH@76hu%Bl0d(MRygUE#{(V8>ak6u_fids7g})lZKU}9GdIhvnD@5U;ecj zdgIy7=z9@awB!@AcJh9Y4o&h;XvIoAutxn8j0 zTrU*odTEQfUfPBU*Tt5E&r_8o+^u07m+)i7{CH8Z#Z`F-BgI^V&IrY#85HcYrzdT1m(s47YLjT%;taA@r6qj?C!edqn=LXpBhIsny#KKO$y<{`7&SKV38Z>91JQP$Uh-5e@L*hz1l#G(dqP8c-b3 zpe;r;Xd5QIgY|;Ie0z)}kBP`X5WVNfaj0Zc z&Txj-&&e3+ZSR$GbJ{t7G~SF)N$%?FT~uN0a+jg7E2V`?KUS>M`> z^w{ad-L)A<7~%&R;wM|;P$Uk;wHe5HuFZhr+6=Jb+6*YJ&7keRLY%g1kd<(tXc_+8 zh(Ft`t#S8v-I?*!U1Q>}QKlGH@ck|F+Fx=a07b^Yv(Gw1_vMTR*Uz?uyV@^mKn=+KwI=yaiTZWmYWte1IhDo-B zK(T~CRU+KSf>bs7l~Ej70o$tX?g>?i<_QVfE;K67UL!w~c`lZaU#Uvg4R>l-xe^k( z4}T<3LYf0z^;Y-k&DP*hy=Qh~MX`-PJ$GqSeJT3x(!3E<>i~B)@(xq`-)d_Ai!5O% z5{BYk8giOmMymDAI&t-yONizB?5A z?%=?_I~4owv_;>YwqcsT)7BbmG9OTtr1=L8D@XG|NjqzYxV71B`LtfyCnTl)%+Ju1pU6O=-{5G9sj|WY{%Ei747)9Ep;eThvMEqV8gwEptv^>h;VNpDDE3V zTkIP`+c5Pl#Q*8TTd7J?uV`2~>Y-Ztaw)TXrTFmBiYfJ;MsIh$HM4iAJT+eEsR>Ul zJ+0T1qOX?rMog`x58E->N1tIvSWYk_EDcK-iiDw9OCzUQOGB}i1{>DWP^_hCi&~nt zVZz&rEeY?aDoJ=d4J$`DG^ce%nDA72VnX(5UQr($C3{MV)X zb3^x5LwBjA3q`t6oYMjW&S^n$P768DIV~vmyl9I#E!u|Z4oaO#x)-Vf-9Ou>VOD8a zIl3YLy{%^4H?0jG!k)aco7Vu(CKJH&YxCZAr}^cGBvTxHM7&i0Jwtv+=RLMms;lwK zWF@}V(3|ZL@4*d4!cg>IaG?J}ai0L>KKBWLqW{ts{!801;qM7P68@p8r2qav!{kqi zIqCbvI%~)Ei^KjqzcJ7^)aq)?s`s8Zg#EXRt^V?@#D#ZylRYqbBgGauC2lJ1D_@nQ zeXp7M_^FxsILG=k6lp_o)h?KD)h<*;S8#$vHF`qw5{j#KX^U06v<=h#rr479cT^>5 z->6~oXCub<&378f|dm z8f_@jrY&gGHcWeOsrgBJe^p7^uh1|_z69-1+k9o1_JU#Apl^koYa_j|VwJa3C)>8! zO);fycBAEOn}^LwCw=CmlVz4J6zM{-Z3Y9j%}{Kck@IYuq1ZOl7HujDAEN3(uE>jcjbIIdAA(h zF9^EH86%*_X8Z2+o`Fd?k)i<7U6W0#I;>4*m*kshckO$r?X3G0`Hp7nY8x|l^;%00 ziu9l=(U;}dBaf@m*Nmz}KNW?Xt?Jk%6z8&Ni|34K8>V-t*pl8+s*?1M&@lN^qUOC; ztS4pAn--)uz11i(I=!=(k0#=vi@EB1X@2LDyVH>Su^~6xl7k{Ss7mxD`Q^yLsy?j< zRf%qwFywhv&mw~2sbREzT;8Q^nB4ASOLF_DN|LK-nEWY0?gp{WdeZd7AUWB5r|3SG zo+nAgyKF+f2T?oU&r9)qL$S+HJk?T!B1I@ZX^PzBlcrD=Jv|EfUyXh(c?4x<6V>)P z38QV8;(lUFiU+GoQanJz zoWr=xi~%f?^MM+Zhn6mF6xvMQbGMS3s_$+kHF9d3>CX1cDE?~v#^+6s=UtXI6lp{8 zZUwo{yA>$jt$-8nR-kydLR;Le&^Ao_XVRM_ZS3vp?u&J&hLxlJH~E!kWVD$()sPQ( z`DsgoIjgy(Rc{S1TGr^5VdI`9^{(af8-qiw-XgonJ8L(ztCO9!vkfs@*lZK!@89LY zU3t5sS$Vs)S$X>#TLPe10-!3)ti7lX} zCF<1i$~P@;S{q&4FG+fmxlcXL)Y>1mq@hR}iYMwK$9bYI6#K?t#1nO)xWbmUSYb=s zHImEOv-F=7Tax~aswCmareybV}b*CPiv&Z`eDD}deUa>dyF$@*5~rhf@G(7y3x zcg@ujL;Ng5e6l4DMdDCgjf56_LpA#5!M2<%25q-ZHd~Rc zPUR=(?Tn{X(kbcs>;II<={350&ppfd^EBhnms;XbBo4(I9b8zWLscT&$AU&x&+>#~ zjZRzC=(G(J-$86id{3(Z z*Vg;(sg@`di9&G)a^yRAAcv|%zZFa5b~XBgQL=bfIMQ~sQF-pSudBsGuU7@4kK2)x zFKJjgqPIwjugw@anYoul(3f}Q1PuC{(j?E8=Vau(P5JeCE9`xe6Hl=>CX;ix$4nC+ zsnxTuzkR2(wo;~TSL3H_WvCuy*JeSHDpW!buq6sbqEIA?d?!&T z5=Cy4C=`j(7DQY?)O`AV&MhkNTQnqAmO z;H+taR#*F8a6#?XO_ddc)EpF(B7RSFu&jF&(fr>#&3?>-QU}G7mDk;5tQ`H&jKxv%?fFWhKdse5v)f&A z#zI=~c1pe(i$sLfwswN__d7|x!H_)D`0-3j5{e|DIAehv<%|UsXDq;gGZs*sv7jwx zENB}h`C73h$$6@hBxh@w{3&to8yd%+7bJ;YzdM|F^6-p$Z+DMuu_wPeZ*R(RElzd95$gX?N4lkX^ zoiv@tAv#z)5z}kxF-~9l2t!$xSt{jqmNFD6Lvi0Ou;9L3P~5i*1h{V(6!-0-E!L3H zHca`IVoS=eQkA59poVQ+$|uweWdG^{sXj+gF0$-BC%X|_7^fD8cze{RL)Vj~}p$3s7g}Cn#i)N zX786@pEV~nttJulmD86OG%u7Iyof)ij9@yYCr;Ntf|(LIzh8G7zdqae^`9+qC=!R_ z2qw621QUuQn4rNCOel_E(so}VPTMeXtWqZN*QiPoKS9IF`StxmGmH4-8hJ}b_;z?2 z>DMGv#J7tOAMsF&zZQ?bM1JC@8sd`;@jqGOP$UjT;^0E!P$Ui-Bo0O5v;}e6hKV-> zCy6gt1>)^Hu4NjwafzQH-=42@;&Q?srkb$@NZe1`AU^I*H_gYrk<*F0J+z;g=a_Cb z&oM2q#GyzWip0T%#GyzWG)NqZ#AyrSv<(w~z1WiY5>-j!i#1ICl<1+|FV&-pKih_nY-&OU?SR`Ia~oi9?Y%xR5v$iGv1-Ly;?pL?#7|WP z;_a1yGc-(+FG2hUvCdkB|M2b-L0@S;K69z;)X*9(azv1`5HRj~*_1r%x25^8Z-b++ zH@3Q#yr=$|si|)>HTB_^A`~e?as4*(n(McrxPBWs%=Oz)95JEobCM^tU4z`o9KW6; zw)ESDs*)66r(xwN;^VV+aCtO0#X>jHz71MBKuKE80EuaXW0Ddf-6vg|^33mQWVMVR z=pED%mL?QwLU9KdO z(+j%L(uE>jD6Yo>1Fpw{;(9FPJlA7EaXl7ou^x-IVYBTmM9d7LUFbb`Oeuw zD9#olw>et~#o0pIjuxV{4HMm2>OK zuq*63W*iCtb{50NUEQq2oe4wJXUei*h3%a&oVQuBPdv%g*vFb0`vSjuCH0B^)jk=eK#a5;`0k9{Qh?D)$sT!fh<)i>Y$OGc%52{L*g7;}yxl(YSe8a3=myQmWg4y*8 z&|KSkpy(4b&Qni@zCTrG04uI7{E<^>yHCo*GmP=xmmjjUp-3BwPqrf0`D7~;pKJvu zKG_PzCtGP-6WX*5`}}9cmbAa1DoOiV4J$|cQK6l+M&!i8v^$mp z`DxrcELi3HeBGtrZ+yLJeEp-AJ{0Lgag7KlaE%BQ@2h>clJsY4SULL73;ow;)c9Ws_Tsobv99mXH3f3?^^|&leMz&YIoNCzdA9i|fBhZ$ zfFqM;ammqLlheOeM*Hvf>BpPWAi1xjC_T0`K(RDHaW4@t<6a_AmFQ*3VUVgun+kcT zN_2uK+MaAwo|=E2cp^)~>8g^YVS$E~D-G-9yDrQq4d1Fs1bwBAY|1kg^+_x1%^p1G zOmcIItsin0+{b>MmasFwW$35H&Y=FTgOk0!PZ{bTHPlDhRf15Y4poV6mK*__sy^cm zRngt{K%}ZW+e2~1J#De#p0?pS;7qY4^~I`^)L*Y*<*0{N7k#^?$mLH#>V4Hm zASGp|!3dO-te&1r9%JA5#Wxx9n^^KtBoD>aMIgY{MNoW77R>mREEHE4(H5(VXd5O! zS9*ygf10W!`S}`Fj{JS{E3}*Rzgy^! zo7&S`Ccmk372&%L?YA1*x7*qsinO8F(*qOs^q{!ECP;99O(^#CXp5d6ZNs!rlJ7;@ zQ&lBtPtve*v>z0dSSpQnQ2^Hku)=c%AryVDl6J8i?%kCYNa>c^={Qh&9E zm7^Z=@%!Z4^Ofb}$ZUH%H@iNtya4iaw;h>kMtv|ca&8}&C7G-78zpzO2lqou8;Z1{ z=;O$B`ZyHt=D>+}b5Qhg+QP?a8>W4t*pl`XRY}?>Ygjqj>*QBv_2BMbKiY*_^7Jm* z2!xWZQz5t>o+xy2EAHQ$$gSCrGt`eT)NixYp-3HyJvih(dvH*d=NN1fk}RC-YVUhYU!xblPNmO zOgl*@Bc}SbTZ>DVeKmg8zJ~CBEMX`ThT=}>$Z76`4#krUz=kIoKyfE@+HNm|X&WYd zirA9yY*k6WeyxU;^Xt3iSI*10Gy6sj`G8k$!i9X=*|I2=oh0h48BZ$?*}m+O?lYv% zGo&NiCx;?wD4q%m9y}Ekil>5t0#5~n;+{pc#hyj94U=9Xwj_<(#`WcfhLs~7^5yT< zKpC$9X&HiT4i0ZfU+zdT+m|~c=Jw@>4B`6?;Y}@JC=!OEFC(Yv%TV-Xu%RzQ(U)lp zU#4xC@EKCmlkmB!lD>SlhLt0Hx3J6d<%i|l^Oc)$Az#jP&^9_rGu!JEQI&JPcKNf0 z^d}AJAKO|Rilm|F%gAy1GE^m!auR`2HNwa>6n&Yt@MYSDN&i_elJq00lB6HfuyUkj zBq2IAqt<>;aCDV7)a$Vy&A!P|(T)mRZqRLd&I9u8y1FwG(faPH+_~~Q&0P7dX0E($ z$wHAVR7KDDMgCW#Z%ZCQRdgo<Js zB%%0hCGwlkRzg+u)JEiTHM&P~8H&$V(iYEF(l+d)uM}I7e3hys$pba49LZ37yLEn& zbC>cY-vUHa+EGi)Ch6~FkBpa_@D~kX)W&0l$U7`yC=!NZdkYS1Z=raK5OSZV2tl#E zr7hZ9+J*@)6X zak$8=IK0&og(6X?N_2zd2=cuefe%zg>u2P4Rrj8Os^~sKw8i=~+J=e#M{tqoXqn@5 z?~F!iSUI90KmKsAH^r@ArZ$$=hk6FN8nEC&%PF3jmayOL(_&{(cY9g~n^XSwHK+V_ zTk24x4n;o(8~QO6XD2~~vy)KtW7@)xX&a`#q!v?OrV4)C-e;(xVdbcY?v`G)mwcqY z((aa+-Lo5mt!CGNbbV#}C;7d3`&=paK)yu%H&(uw8Km9)hyHBZ>HADO{VKT!=7|bW zBn`#8CGgNzXzlohL4CK)Bbt>F(aC17t;0={p39f~CYitA57 zg6mJAxW_)&agTi{u0N$M)*#Y0Tmm)`yet7@R3%HmW*Szm1pGLX6FxH9>?49TJUig+ z-DdLpx$_`E+-|!GI``G4aJaED=uVJQ+&TX|)6ku4=+3Zop-2~s_q||H#m-d`R7LlR zL(W$tsV5>RJ~2RBJTcI=&3+za59!U3?!Ky$bobIQNxsBA^9^F1^^Dfopno%)3*9pN zpV6`jIXBEn>heJV=^OcQ`_))IAU`j<$WVN{r3gieP<%!Uxyfg=p!kdy@}JLWL2(r! zZJ(2LX&d&@gS4NuxmX;oDoODW4J$`6v|jY;oIWZww48U-YIL7A)1J*LKRa);>{QZ8 zaNe|?1w#qX^%~HLee~Vl*cM|*|0Q#-W7E=yB7G>X7X>4(7lo=s&j>A$sp@XqP+Tuc zTdWtQZJ7R%VoM)BPF0frt2L|~{X68lWHgc$eOj&7grbQ*)rke%cu&%}3qclus~34>LrkS)x!R3dN`Nknem-4~kFe zA-DOI9u$ev7DQ>gMshQ|7xj$bqL03yDoOM?4J$|VKKTk+Yc@X^BzoFFqg7@MBxQ}3 zKUx3cFMnM1;5_Z^_Ga{BtQr02vb3Q{8;a|>z=Z3$ptxoeB)Dc1itD*(i}hTz4by(J z)Q6;fsVdO^v)%u1wT4OZCHl-aiFHayA4UTd^kth^vWaK+*WGIeeBDXn;2}S>V2^=vzt z-8>V;?RSaL=aYXuC`s@WW@h0-W@cfcB?v`=P!;Ta5Fsb4(btWt=-Io-`>LMg3dL2n zwEd^VqivYrJH(a*->WJ~@ZB1=aS0wDCOB`fueS)nG)PP*g)iUCPw+Y8gE9`My`sY{ zK`0W0B0=Oc2|`t(pG8rG+^t5xG>Qai3xc!_6WnjNnBc*xK(M_t#Q_>tj^MqLV%7eT*;G|#1?xSs6{BQA-s;t96}5WBA784@05rYV9~G>9zKT6K zJI9>jQ#-3>oyO;+tz>NrMbc0_0T4WR0w7c+dPGtKg{qz=1I00A+G0$ZwqeqTiY~w%TvDws|S$%W3 zp?a;Q3Pq|=JbMDU%d;n-Dta#i9@Xf6$ulUPJwaQn!=Y`M>M>$Vswb&RQaxV7%25rC zLcBd6)oB+rx`qZDa60+1d41P2x)8f=XM(=L3SYduK6|dAyU@`6yrm08x= z0;&={AWXrfsypUFaTJ2K7=@s1nC|XkOS=20O46-qSUI{6%6H9rPH8wymlg69IaeF| zkt}G)d98iDg%(Nr9y|iRw3MBR;n>~NqUWXl$Y_o%J|I_&JzZm|LyT*4#-vGohN>j>X&P3J`m^%u&d%r;@06E1R>^RDf6|~# z`7RL;pVb^Fa$u|TM7gb&2{SEyXZw+42}m>2%H6vQjXT4z+^q9>gIVYCZd($dSQ4Nr z(T^l2!K)hm)Tm1Ik|w^!- z74^YdTMD393ZS?P4QOx|8Yu2U1Ag3v28z4T&=%!^w&D8V7(r~>cvZ<#aJ+_ZVb zmLnff9E%1EjzvRpt`Jio>=)vMuBzlCZB+)}POp-4#mi4e$pPo^}f4(LW^yRgXd+8IotsXV<%yHG3NihWh*aT7!)uYp9)RK>BA^(oRo6>-DVoslGg6+a!4z z{aB5kd!4!8e#w%DB6%q8GXOr^X8?+)n1BjTF@fSf1GL3H1GEj3KdKg!KVB8cx7TnT zqhaO9hkSYWz2qbHl|_DbV_-n`f|TExx2x{=R4qnvVqSMo#K`bvcdgc;hN#?cYwf(h z9YKL2Q7HN{@}0g6#ZgS;Hb*g`=*zT)FVi+mbRQ`V^yLFoC4G564J$|V<|un!>9g|f z`N|?{7Bm;xbJs!I;f*#i=gzy+!)+Wu_1#muKKdp@v}K6CDE`Qi5-1Xd;=B@amh(zb zmFQl{0z4zD+f{e?Hj;H4Xr5M zN8=b7KI#%(Y=|y0L|?E(p-2>pK8k#&k3!K$k=yi9C=#VDh|)Gp^p}Fm^rKZJiT+x{ z$`K8XeZ4Ka2Q_QT%&80e)@zltp_yh}`VPgO~(yJ?stU!oVaR;;u3t^Z_*>g;;| z0=X~lJ+IJsi1X+fk#;8KIH}gUv!-;$pp*J)U6dHO0kCZkXM*4-t7 zzE;bD5sS}j3@)D4-I~=`@1EMzBfl$eE$b|UB%O9b&isMgQu z;<3pITxFN@Lyk+DvQ*@>MWOKd@)=ts?{c0oBba|PBbayFk^#k%0mT_a5aJ9X6rcYE z(`tn0f1xVT3{kY5WmKMVt1k(5mW;2fN|uc4HLP68xJjsIt<_i=sF}s7XEm3!>aF2o zhq^g6uNHu0T27~#oRd*Hd>pfd@e5!1%2y?czSE3YyxELcoNb9hkth^*KprANn z0TvvwfMO4dw&+38Htg$Hi!F&>rz%PGa~dXpO0=~hqOAf%i%j>2h%SnPMB^hEy<<== z(SMsh@sp-ce3m5&MWRq7iku};C=vw=5``jB+JY!;!$fZvTN3@bswB~$YMA^fK{V7S zz9d9crjr_YW>9*@(m$48nzse^^@;TWgpSm_ePTC~daAGHb$e0Y*_6Gg8{~?y;&Uxk zC{l%DpBTBzJ~0&g#Nfd`F%@e554~MdDCAgAH7G1{)O5U;_=F!3M=M*l4@25U1@LWaV1?S%yD1 z;?Fi~YuaOrZjoqFQ*7zSeX5egdo*n05`QK?@dZPzrFB`%GqhBmN7;bHlj#PCCnM)4 zezYNekRg7QB@RX6P$Uj6Bo0O5ph4nLBu-lpr|lXb&LrLvTN1xORg(CShLt0JuY859 zHCz7*5tosS!8(s`&oiWF7}7^u(oiG~#Wh>t!8Kb@T(boV zT(bqmHCwdBnl0L{36j1@Y)SeORY}qpYgjqbq1ya~5b4u;drGqQ*XC*IdVM=Ba(>@l zZiqJw@mE{oP$UjT-v$@@HWYmuH0aw<^ljS0w`sd3NPM}Ba+3HPRe^YWJ!Y?ll_P$K zq?q+o*)27ENxb~+cfJ4gW@FXdrFhtT+6CAUT7GQaj+tjYmyBACNYJ;Q%NH-rpWPh| zH#h4!o;P$y+qohr(uLxBF61)Tb3t)E7r1ae7ZlfX(H85uXd9+`rHqe}?lr2CbpKbw z%Fzw&uyl8JpF5Gs*mHVPe}4hIz8#jlNjiYFPu5uu;*VAb_SM+#xe*Ht;hAPkY^C*I zC=!O^4ol#`9hRWD!xD0zJ1jwQhb7u#hb7vE3BON#pM*c63WT4w{qGNISUJL>8hg`h z!gCsf(_4+kq>#TXuSzsFkQP$Uk; z8XH_#V?(jV1`XEOP^__OiyE7@Yfurc#hYfC?*`vajhpJK9c^hMAKL!QWnUXUNMe3aqEWKL%mE?-*CvB!;l%)nmYEYHv8nHs|Rk1=x6<5_E zzqzUosuE#-g0?b#rYg^P^g%j%q&qdJN>V#S!^%)(X4OmYR;gOoM#YhM4Z9|x3&bKND!)`+>p=J2v6NXRU-68kh@jgr4ovJQ_}WD zd6%|fzx$qg76|@ORg&NjG^`v!j8;z0Ac*ru`0DVx*9|pV!&95G0n%V!Yq+5Q`Fcxp z20cl7dQ0ATg=ubLX+n`ER7Dvg&#TeboK4>N=aLcQqnd|^LDXiE&6j+ zNt!>^uyQo9yV2APnmFZ$FPCOVm#835XCT7Vm&(&k)U$h;A?n6drrhhf7Jp^AX4SHr zTB=Z_3RQ`&7fa-QHM+s5ita^-9IxvBMo_%Fp)KxiXd9-wv-mfu?x`wCbvF$wNA)iG z)>-Q@`twkY*D>X9D82n%I%)^5I9;c+#Aekk1#x8J#T`yf{>85>x??R}DAI-E`V27O z`V1)Uh=QEwjwn!-2=_Cz#rkO4hUso0wxqk2swCZthLxj>)?#{w&z_%$E?1(ML&q`Y`rfrz)f3&_u z+d5iO;clYsKJ6$CD@PVRg5xvDo|j5??vnGRZ7qP)na=IRY0`4KwH^LxA{6(@EiE}H zl7p&5pOasX{H;b`Fsc%vZ9=YA^*L@RKD|xbf6BYG4U;=j*?`;>RY{*bS;NYayIInn zltJ!IK63LLJ&pQ6W4*ezo)N-1gCi4kxSS>c*?8KH79XT-nB*_558k6HN%GekR*qz-e~Z%{`0D5pEokVL%w~wFV1LMA zL`Ur|HcWGG^*s3H{;HBR zU!h^;XkrvUYk$XqFwM9NlE0~RT0i4-Nlx!)rc zPr5*k^P~$X_HSv6{w;08RJRpd_JDR&m880zhLxilx@%bxrdqiFR6sbb-t_69|yA~+kwIIiN*8)YVv;|e#hN&JYwxoKTswCA{Ygjp|H;b=k zwV}g4s*CE)LD{@*!?mF!6LjilLw;nuqW-y!B?(26P;5hyqijQ=*oJ}u+fXRBp|nLC zO4~5W-^jcTN&a3HNVexrf2(2TNWwp}_Dud;_T0-{ta>@U*%}G z(()v@Z*rM2>RnGPZAtwnNVzj>51W~_`_0VSn=D-@(uLwUEEsUlWGLRHAm@3P0!2Ti zE&Q}?n?3TrO3;z+n^h(0UZ`Q^=zdG+X5D`-4$zg+T=bA84;R`r*)s}{fn1xCbGt(B zoe^xW$X!ePqDdkHHvf18pYErNhp$p;{7Ial=quZl?Y=mU{KXPIiWa~OIwWP z(l+d;-7zpljKXRQM_BMvrc_mmye`OUH8kgJMm<6eqZ&qsWDV1QBRwi z60?BMe%ko#<;G`+Eomr{hT=H};K6eYpm>e}DDWHuD6U_kE!Hp5HcWa`+53W|w^Rkv z&)M1V%{8nXX_U&j8TY57Wwi!h-qkGg>VwNB^~egQDfM32yFwNm7u#FRxphHp>rc|b ztX}MoNzAxsb^ZB+G6~x0&sUqBIX_``=6tKA3`NRN6+QP2xm}IEC+R{}bZ;W?sp?u% zD2@!$79)eS4O9NNln_#mBo&SywJE=(@0Oz+T1g(|rQEk-iEL#czcg>F>zPDrV>7Aw zX5&UgO0A_`s&ft1X@=@0mMRpfLUAQIa+fQ~p}3M9Jh+k^iubUz#XT%-!&Ltvwxs$m zRY~9dr-qfI8uHy2vukN&@szG*ot|6hDa$mM9GPZ{mye8?-*>M!ZSggxEnaOYLy
-k9l>$2ia9O*E@k4lwHuPqdVwNEwQhk=vvU z#TpuXSVKdRGHpSbwrhl0cHjA9VoP8Cq^cz4k89Y*rMyLP%0(XH$_sB%l(RgpLphl$UG{xE<8xbkpe=m^i>Fi;hX!_AdnSS&xmMj#>Lh+1U#g=5>q$){vSi{PZ4UKGkG!I#Qu&XrMHnc=~zVQzhs6;fv z^*)K|(!J04?XQjBPOx;LNEeDD8^~pjY(Q0X=T>m3Mt>5ofa1soZ85UZw$1k2YsKeD z_sgn4_n)>6{(^>;qq|O0%sQ2In?UUh7n&+t^0rn;?|EKNeGsdL=l2y_ZRl*;*>+%m z!p@otTPXaoGpOHtaMGtGV^>Rd*p;LwS?W-v4#m?P!G@`?F4I8S``YQ- zWgxk;Hg6j8ON_toX30a5JQVkU0|D*<2UXD;15=?IOnJrn5p;o!)@u4U^xY3aQ$_onH)FZV`dweG6}+?mV6%-%Ws znZ0u^wv?er8H)GiV8Q!xDBhQY0PoA8cwbIi+?UffTnBthN5xUA-(<(f+xO*bHLM)v zb&_^g|9(pL__!`ko<7vmV^-wMTp=5BV5^iO18u(keMZ8b{(VO5jJEuPlChn=yeY=F zk2SviF-ska)S=kF2OIY9q1e9%5%%w)*uSSO`uDUAQ~$Eq(zkC=mGteeYS_l5e)4)! zFEa2}i29 zKNee3|And~^*c1I9Q9C*J|hQp zWhh@^DMOJm6l-*_V2uvN8XW{!qeHPqr!8u9+J-6LEViV4o2n$`TQsa3WjqTpC!<$4 zJqKm3#akc94m$0HDLXewX9*d)dfs@cJ+liO!m%I6&-wnBB@9KvP<)Ob9QYhR6rbZq z?(;c*C_WQGTRam%+c4pGNdA)WdsTsO`?Se-YgjqLp|SLz)#M}fAO#BSUIwH3$?7(M+ay3x#!oL1C8nRX3zBcfNM!Uq#N;4FZqpm$I^Ve z3(s#SE~jj4y9nD`U-5`uc|#V&5G3m3ckYw{ka;lxOL0;{8;T_sW=F zXN~)yA$gx6`DsfMiX@@9vKRTymAz0E-J1cqT#fFLOn~CbUfRAWVYCgCeAbeDQB{)U z^BT5sNxnWe$s%{T*`OB5^24#?HXUt>P}Hye7;16iGsn zByyA_p}0mH47f%ciX>?ZlC%wzyiaWDlj~F^N#3tv0iTNfg+&FN~JVXyMy`g{h^2MWVC?QQC%y{!MI2^l4Q|qEBjAIijI<^Nb)-*?H{rde2ay zcGF+mwo^)}ZQBuYx0_FyS;D`V^EOq%BC&HcWEDgqY+Wsz9=RzTd7IR*ocApJbigdr$U!uQX#DY*~kM z{HmcBNZxngZ}>~8OM7PmW{gkvg(Zu%By4L+!hyCVK(Qo1@$6m@;n}@VJi7=Cg`3pG zP&~VrwkJp!ZPy5e?9qpB3kUl2_f?@Jv}gUkt6}9z0(QVVGh>W+o0>$>SIS+D?$R+^ z&TPJ*+^IN+`@A?iap$yO(__xIN$YXBr{Mg`j9mQGoPzUfTLPe10-!3<4<&a%qN;nc zK+*5Pt{TDbp(@c~!kxB98kJ|{;@!K&CEx?9k|p518dk0Z+$-NOYoGQ{hiY}r@CEZ1 zVP|z2YU~*rXs#^sc$72L$Qr<(=z+;X(n);87f2(GC*nHqd!I7TNChO})kR1zSXOT} zik#!?AEWBzY?AbjQF-E}_Rw6yzc8oM-EK~&`-UY9MZ!=VqXGwxQ9*Hx3c1fQDkzRo z(H3J=v<(yfn$!a%yhc@$@HaH99N`zGY@d@+n{QQ<2>QyZ%@;IQ)ccq9wHoDW^rMo_ z+UeI>A8>TiEaBr>c4_|Z*6d#~HTyNDX8)Bf4Nxo%P~2k+RJg|$6z{UYu^Qnn3#t;K zMW^k_M&+s5Pn6M4mWC;+lBMBf4J%g~LbHQk42?+-^!2Q4NVRT`P?DdTci7T1?>yM{Py7XwYV?5ELUDGG zwwN8HZP?FmmV71I+f;$m zX|5e=>eeIE^F3)Ze`GYm_0nACLOIMdLkd%uR2qZ^w0eS6Ko^`EXWzfbOc4PaSfKfSK| z3d`@!>%2~fj5V-7QQzFJKV|{aA2Ot|q8@(yPfHq#q@g(X3m%;Nh2q>VC~)o6)1#(0 zqx^VM_3d)X!sdyrynQ2~u3xV+w0~!4|I5;bB5f${%8y*XsH;TLR z)3zqGX&a{fW#x$#wl}Cs*4kgyuyV9RBcTH!+VI3?(d|XN<7a&xN%_XlI^WMtQXs9C z?6XhBJz+^gkt7ty&ye37KZD}<8FHE9XHdM4rY(B5v<;IyRcz_EuTuq*|FZ4x91SZ+ zGPIY-jGBC;zEaxXxvl1T&0cAMr?pyrMGmoZrYY#JPHIl)%hcaaq*SWcADnD=W2#aU zYi<0Xr3yu=P~1xdxy!voptzR^cyKQfDDEXfTkIu5+c4FIVoR!LsY+5^q+#W#hWg8= z)(q6Nb~l;DMFzQ@PL&tgqR0X3gC8$=_SL*D*?3lQA4B#pmMj#>Lb1P${AYg|imU06 z>s(C-#r`sF(O;%*nCy?mmSlgSDp~X1p<(67qLo;babNuA5ZQQe+3i*}8%0k3KFoJ( z+n1HL^B^mUXBn`Y<)iPmyLD4rFEaF>vh<-yABv~FgAq@AhpI%+NREO`HG1BtN_4O= zr!B@hX&a{hpz=k#`>3iU{f9NI9R0sZ+Gk|Ye|JqH=qshRjx${L(zN}e19g5VUD$(~PN09qfo#TMw9`oQ;)s>h~ ze9DEkc*=#gVd~!!Th{tFsY+5`t6}A+-z49EMh5kvnj)7!Db!EvZLUv`+gTiB$R!eU zP8eWWNW>`M$8kF@ur9=lh_)V=|1`-f*!7Y_F~7M~_RKkv|((;gFH zX4<|UT&4jXAH-|sSKuOOQcuL&+>(YOX(;yF!GryFD4r}03OrdFilFxy}1-s7myZBnduM9U+6_xEO6QE=JohM8*%hu`` zP02bnuiHx*C(ufZ+11zGSTNXw`lB z3;V>!iVli7vkhKWw!DJD8gRg&mT4J$`9)ZV_uOLS4+s-usb)>~iF)0jRmztOD+T*`b@p{Gn! z+S`n@or>5H&M+uWdYmNm(b*{Q zs_JJ!@jjWhxKE~SnEKzumeikCm8AZphLxip+T-u#nt|@WPfpM7Lay%Vab>3LIC_A* zd==Y9%YCwap~vNtpJvD(Ysl9uc_@;H;vRn>z&-w;xW^xuagRSJ?(s)kjFHkdO#WH1 zCHWUsCCNXpVdco*B)>jugk;mb;*84l_reD(`bJ1%*d{U02#FJ;fG@wn5IxNh-OCb% zB2g%gkRabVLITC!7jm1uFDQ*A=q4Igj_BP2ENkC@EkZ7}GvNRg(0f8di>UXiR(8Vx*;=9*~S6b>&qz=U~ZR9@3w4per4PG46hGJVy zTeQ`*4O1T{w)F3vR3)izuVLk=huZ3Gicy!tPGuj~mAX+|0qp*^H_0)Pv;*E(P7?8R zx7F7hfB&rU_kAsSD3XU_TMa&JtD!0p#*;y%s6?cAF(Cr15_nR@26qqNMi&gYkYgBe54mFYxMM>A(x+;xB2$1 zLx~&Zc6y$5C?g{gZJyeD3sZZ)WXSGk$wHAV6z{K*|GdA3;yM)MI@h5zLj&{od}4TEK_5 zFh2Z}c~*K4OB#x#q3FZNar!V6duL$8-We2qn6~g?+J;I0SZwLTzfhGVeTRmXBOQ9y z>WN~cF^5rrvop+T`dLYOnxtoZd%+A(yxi^aH_X%UUoeDsvxK2Y7>dtYfdiklg5tAQ z$bCL*1;uBrXp3j9Xd5QHi{vi}*Hk45@2+9x2;UJ!(d>+I?(O!H2>MF*W%Rb!>o&`I zyn_8H;pQah;BA)!Cm!(Tsj2^H{P#DerhbK`3q`t6mFPzK<;dk~gfRxFO7wszaH;CK zflzz~gSL1EgSKJ1cS*@0-FsCf>E5kj<>-d|_i6d|e5KHp{S-TD>J8$*o+KT>EC-%= zx&8McVCh4VJ``8{f&y3k zLUHFsaI4}x3?;}FzqG}QU)qN0e_lL`^uMAiN&kx)R?fFWV`E#^6utaOqd#q>%vzOu z{@FJ+CY$W0CF~55#8pCS{8XRcB1!!+^Stw==6UD4EOjVShvL{6a-U;kP#hZrFOH2t zacqpX7#pK)nEC=iO6q5-N>V>v!^%-#Cp@!eFXv0?b>2iPbd@r zO-tA}*_j@juI}}9cjwjb8ehM``1Rf&s!F!wlQc|{FR}CLkHvacMn8Pdy(EIZ(x{tV=cmq_Icb&5R?BZ)&*2hNy}Ri- zjd<+YZnO-#XGk^PS(8sUbYElW9$XuY0TiEw1{XdH4aIhxwrI!O zw%P6Y*Tt4TeWNPSecY}{_@;)HqkFfcm^Gg@J2&0_rqb0}}$2Vfq7>v<%rs*9q z@kh-deW$Dh>Lh)PA$__5DPl{~ zvsESi__Z2Vj&!KUw$J*Ip3>JVJ5v=|e&X-3d4R`Br}Wq|EQtT9D2n!%fAI^Alk4Yo zL;oy8|3FJ0iu9q_V*>^D*r3>B12^{Apx9%hEqZLU4b#6s?juP5VpX8u?yp~@Vdd!G zB`MC$sKpQ6QzGaqP>Xjo-|}C!;W@axx zVB2aaQikG*Bw)c4NuYQl2?+2+5-6TXLR*|jLfbIqKCva`AyrArEe$J2d7Ti<>Y*K! zm-1|R5dJ*98JpMF)9e~9fZFMnJE%t_?C+r&?;a65qh@!hpJ1p@G}Pa3sY8)E6nki3 z!yXzGduSlS9vT#TXtYHSjkaOx&rgV{zpN@r{Y4EcM?KU-J2coY=aDhGEO@r8_bx!& znb0!s>ZX^{Lvy2L&~?wRIKP`?& zrkT=1^L=~<>1FbJI(ukK4Cyls=^t6rP$Uh-9vX6-Jv1ox(7=d2G${7aXp0^iZPy?R zGsn~}kvf2+->E7|`fVCkj&x{Dd}2=0ovmd4CfXS?O>pi^(P^OL`kjUu@>L zR+;&&_gd0WBn`#AK*581fkJVmKPYgeKNNkLw(w=zhDpC)>H(7esH!CC4{2CA(xEo_ zrJSVu`}%r{PJU#y$?fzq+vIk%jGEfr`SCNxkFPL({0mDLigcmaCL@>GCPT4J1{b!; zP;8TFi#EA!n_W}?Lu^U+U#gOH|EXc+=-wuNoV9}Jl{JZ=uk1D%*}SOUEOP(sTN@NR zuuaY>0m(Yr#v)pu-@0V)-i-5FcgR(4uA<*rvQQ)o#T7)zVXh#8;?9p?!kr(XxPpkb zSV2VFu-{%MUPH3is{+}-+3~P1X;?Y3>mSZOTf4DLwUp0lAIo zZ?p#G@RK5&6{Xxkr6ugYgG!5?;m`P4ojtGJ&0Mvdpsm!mv7;kUqz=V9D6ruj6cq2E zK!kTtP`rbpE$*Ob8>W7h*pm9^R3)inSLL#^nfJ*r&)O&Oz8dlduOifoF!$~KCk?ZY z;-biD#ZAlXkE^_WK8|10N&7L=&;EnyXK!t3LyIP@bDhDwnHD(*Cf9mGklYCG79sn3QYZ0C4e>!ke5@r7MdDDE=zC&`oUcZ=7*)~z*uknAJt<*OeD0FA zcA545O|R8Q#?4);&oZ=6Hng|3w4q2FinThJuvUj+tqu~b)uC9c(-yTl zZNs#$5L?p5c^7;#uibO|goc%)9jevu$xGXRVajP$Uk;S{*shS{;hDI#{t*hhnWxTh!{b4HN&;ZZYw%tAc;G=d`ZZuyVvh z{(Y@{d%pa&dQYR#FSCr@GS|`9dwRXq#7e^{3*;B)oz`-IlVMu2KL1XOo9f?~(d=x) zr;Z`*Dwvv1lvGbqxAqJM)4{Tqt@4HEQkDEc>T;or0k)BdK|(!al>DoOiB4J$`G zYXgvHM0pdeTRy57frjB{^wU!rv?HdpG zrRW_G_eD(gX?L_`Z!?azs~JbT!xDxfVJMD=Bd0kY4#n|su;F+(6vxA9i}7&Uh6#7e zjvXX?zA6xIpZR>AhLt0X376Mo+=;zgzCB-dr?~~g19*0Rs8>$d=<7Xf;?V_=dWXeE zq~{x98xg7PueJCq%5@LkYxABsr}6YXq~EAE8FyRy(4Vt(FxnTF4SF7)MfhHXBg^-N>7VV(L#|r6z{H( z`@Fk?;;uH}#a(Tncy~ox++EQ&OntSsxEMuwhpJ@le5rKV~9sJm_QJ#x04WOa0>T+s{rs`Yg!QimdSAh=BBIwIot4l^NaC$*g>ODP6Wa3(Wblw{*-$NT&DLXEXW*{qi8g;iv zcC4BII?T*}-D9akkvbHg@c;{jFCo;HY7qh}<)py=PUg@4mFO#Sn_#MHl{DoOo| z8di>aXlC=b=;G+hOZ~K7Ioj~_W@FXdrFbNx&<16`-r30XJiW7#kyv&6{CR>jiJkY) z7zM@8LA#BbdzB>%MY2$w*+l+xW)q5gBOuqgHv$xAHff8QP1=UZ?lmDM`$|5Gio z&rMt0bJI3Vb3klKb68c9=1L7KM>8}w_Wc4hu|vkB{{8|`J!4}DWO0hVu`zE%MVzO- z{-PoLKZfudEnz4UhB9MglGA2vOq3ZL)3AqxFeq_sjJ6mXqivXQU2IACJXJ};-5OSo zaA*bLxAPO8cEOyX74-sqovxVck|sUh3c^mhCK}z>J9^^!Z^O_%)6ng+bfHKWiYo|_ z%UnSS#TA6$!WD#2l?Z(>+F}J^+cvxXJwt3s_gqy;x@T)xIl6a9`ODhf24~0c>q1$WeLXj>McgH|3b9W3V?rsAv+}#F> zbZHB^v<>_2*Tj}|*QiR;{f35>qkEU2%X-@G54q?{_iC`wH5g}ee!k8l8=c^sG@S~% zqa-*H^S8loH$AG0OpodUOBsrkq4=~NSnz2(C_Zfm0({yIicj0o7EjyJHca`dT1@$K zszCWsyH@mS4J$|aT1jzIMvrRRUJ^lHULRhxV3Iss*CRhLZ;yHBw~F9U7;TjZxwm` z-8trp*aE3L#~f-Y2$-am0C$}02(y>Tfo3n0JFV|Ru>?R>^u#)Fsz&IiKvndlO3b0w4VQp_i!Dn4rqsAvsJ(XNC4IMC3BWvf)|r(D)g*$x@|6Ir;$NQv z;5^;#g_%s-!S63JNfTDy-X54+0#=)uj0?<6#(lN~K(Pcs@ytq);F*=6*;aH0-aB+CmnS_w#`ov#EW zObV2Msiqac^V4I6=g({jfMN-NVhI2VmH;T00I*{TfMN-tElL1w!zJKxnH^yXcuEyY z!1K2KenP{_)d6cI#jFt#tVZT5wGNouJE^<7Rcy->--rlGQ#&osh)6O5ar*k)?tIly zh2z`HpJ5A8FyB<1*k5N(>4liE$18V zSX5u$u+U73p3xIuG~mtSvp+O+zia4z*V2U|T_}!n zYUVYTG88F8aa07k%~27kitgtOK2^P=hT^CQZ80iB+c4$N>iv{Vf=6GlcUI5ZUe&c4 zR*rIL-AG@}K=wa%vq(<3>svK2rEf*Q>=nq9N9VS>o4xfSm9%f&NLI?8bt75P(|lX7 zBvu#v$&6?J){J=m-BO1lbttYI0UNFxf#SLm5aGHJD6Si!E!K_DHcb5-v88W!se*5} zslP$P%25y1+;j6$Z#86Ex$tqb-kRH#qs|n4HMb{PUb-?Awi;zwdRp4sddSj+B3&rf z++e_(8;UhIa-KCe6l-qUqUNS;nC?=sCEXrXNxDr9D@XTX`IV<(Wu@$FHOO9AmVs91zBXIXB>egaLtgH-l>Eb%JQT@8@l+%b z;HgMZJi!pmc!D7mPer2b!9t$4Ve)-qOY%dilH^+&R*rnguNT!6dw~4ZMvpA*-jIHs zNHN{76VdYe^(;eonxXqwOBafCq3G9OK);5fUnA$~*HH9p+QP4C8>V}K*plwWs*-ds z(y(%L?-p)ZdyAc&kM2;v>=C#=6}PiMx6?zXI*B@+vJU5WW2zTN-qB7$k?`YgL;CfG z^dpuu6iGvIZ!z%T-eOQZ^9mGr<`ooI^U@Zpd1)IaeTmqT^gC50Nxx0Q%8?HF@#0*h zWnU9I@vKI#{Mft$BN^>;BE@t+PDIP=$8RxoFEDf;wRE9K7m9ui2J~Yn`Z02zehfuF zrY-!Kwqd&O5nIyzpsFO@_i0!;y7!A8XYFXwRgCWZ`l`u8OQnG>z}UB%&vcpiCD@Q!E{_DJ4#AgoBou{qnFSIA5b1U6hZzq#et^z=7+(pm=@`a-ZktKym#SZL$7~wqe4b6k8JhjH)Ez|Ix5=ghPGq z<+%ux?~MAuv=vJl-QA7uIYWg;J2U#w{-o18>Hhe+$;&*mlK;LT|2In>isYf#=LR44 zxuJLxDX8!yQYiMhX^TELZNubW7F&|vOvbC+x#>+btQ`5!%;e<(@_nn0K5}Yv0J|A1 zf}TDwztJrZ+UXOs^1Jgk+unJ`?8JT3+1VDX+`YZE3EL)nYvWA`5MR@~uIFqCfMN-N z;>;vCab^;#q9@RTPBnT#>JKQ+OwtxJle7(&fN{zgV`w|6g73FiCv2}_|D&vqfxBE4;Q=}$HEPc-!ZZRtaiJ{0%r2LLu!Hs+MLvgQu+8!qKX&a_LMr`T-TdPXauWH!FrT_7ofuAzkf()PESScG1mU918 zn5k)}m6ue5{PYhp^!GLNpSSd(NFR#y!HD#sD*D_V$W(QW5)|pv7W8Sm;Iz{hUH0f@ zzn%E(#G9Yo=BpDglfo87m;U_a%YHHOxl7mW`Kw z^Uf&R45Oj)LMnr*+V)?O_eV!ksmlwyj~pbCj&?>B@tyGSR??bdh zbkexxlGLcEzhCO5cooLh(WG(6M!v>G_`j42^Q8x(t;B4Mn#tjF4Sid(*}OK_{|f;5 zm3R$C+e!4#Y4r0NgNs-6bq~pm;^xuRark-TqiNXd%w`|H%r;`Mss6&=#;V0j`!&UJ z66qxQ7ezHOnlx^lL_F90e>2%9V!So#s&_4GbjNlRBo4j}sO%WcMl$*u{R;Vpn~dFj z+p$}2*%|%{$*(wkyN>w#Fnp8R*78B`(4Vui-ZR9Xj}Ku!Zzf;%q;cRgDjHbUTso*< z9=Tc5j~#FRKPnp1|8FTnDRaif|2jW#6u;n@F`a=2BXG>vF=JwjojbnbDf$&RJ*2wt z=9RHyM(-$J-OjV4Qi&(=undewRw_%!$9#St;LX!eq~PN(P$mG0qPR_Xt@ zNC4X{8m~F5Z^@sI|4beg9TF`YCxc}XJ__Xuc>_q;RUdd!29b&QH6Xh~w7L4@_@qB> zCBg8w?IQKJouYB-I`F9-q7I+hIy!co9O@7CzQX6)q4ZGTgU2nr~uwnPwu;1IT6QyeB_nTx?B|683)os`c8}>#U_IDfh zlnwij4ckN-1*BYwE;OndU2MbNW5eEW!?u=sl;35%QI%*98@9I%yTyk6$cFvOhTUVs z9=Bmn+ORc3Ci`ih57eZV&^rHeRp`;RpA`78hL!8leOXeR;LfS*_b_2y; z8B|4gHbOpE^~p=9O7t_aMDA8~w<9Q?he_Li%Dc1;6MVDSlHjGPk_1<4*v2JzOb&wm zgMCFt&C?iZGO2j=-TVY6NRf-=C3UFQYlm5aP$URNg2+h{gsMcCRY2ZXqdScvLE3^K zZP$w8bMB8ojgo)2ZxJJVv((cZMtM*wkL|TT^^C;W7g5b?n^>4Dy0UnQmupw@Qn{Y! zI9P0h>k;rWec7(0=~>jfSJwNR6Wfn8|3^O8Z5v}_xk_cdy*SU+(kSt@OioNfx6n3G zwfG&m;Vq~=9MWLC+vQ!x^JMF8()iI6uHOLJ z`Z4(^cYd%lTc@OFYkza`ih;$en!Ss=`dW>}{q@0Ri+c`VeE8zSgQ}$LoutNIIoAC;=CSIMO$^oL#xhso~*9ftp552$ZDCo7_qTZXI4+moz(-w zyHRB066H~K%NmpyQzkU2qxfZcdrSVsrtx(KXs7mxX`8CLus%}gQ z#jIw$+vQ!x^JMENTarJ$0kZX7@==pBvh~FDY?aZi!M?u1Wzw~4KaN`_cZ-zRr)<_j zF>9eJ5$*$#Gu7y8M)A36#zSwK@jO}kge|d`Z-A@~^_P!J&Dv)FvYvj)R{1p>pchvp zTc5Dm3dL-NVt*OA!u~Q8ODyA|#4?^ITi4iZeWT6Rb&}}DxeYlaHCvZATD^^)j@yuz z{$JgOVCItbD-^R8irI=>VYWgsTNw}8%6Oh^eaU9)Cv3K^|J_}vemx;ITURXY@2UTv z)UW@r*$TyMg<}1RTw(nR#cX9fWGmx&vURgD@!j238z5UlmB2}<*(&2v|3^2?PupyT zVzxrDv?5nnTA`S&jE8JxJWsZM)t1&?o2~0#39OcnIxeHxdR2P14t94e&M8v^6scDq zuvrSlEQP8>*T^qHj#RPSN)CHAvS8aeSy;wf#n2b_-SZbE`cQ2DK zy#X5kLjBdh*er!&mO@o@${RUSjjom71jQ_6JY*^3d9rj%Tc2LN0kSkypS~tNOZ!%} z`dfWVH%z`3asGeWY=vUBLa{zYuCP9ZVtvYZs81Qslda#eC3SEEWb11As4V9{G(B4f zHdIHoNS6NDW+@c26pGG|9HH|=v7|B{N-E=dvh-n_r61S;SsE&-$E0TI0M4Y`P`O&D z0>Eiu?59F8TcKD|kt-~zP%Np8hmy*8o^1W2&DQsBfNTx*Q(v8)t;;YLf6P|Q{+_EV87?59F8TNw}8%6Oh^z0YRryEj0#zEwWzgp8)@=!|S_^mN`-m1+O^ zL{Uw?OZ>_j27kl;ul>ij8mGO|RjCcBFPrdxhx8FRp$+@?jZWiyJdkd=bm6FWnb_K#z35j2_ z1|spo3WQB1WVHMnCI7@Q@%qM9Sha?Cxk3TUz1&CWktWjEUjAWm9ba~Zg4_{wEv|Ea zvBgVelkUY!o2`Mt#r2i-W)Bwk$1763%T$v~VK>WO`nstuOx;Po0KShL;wu?EDhe&b z+)U$cJz}{8e>L8$$@;tPWDOwJ^o{Ra@aHTH#Ckt|aumhu|FEnNFT4IvTZ$PB)W66- ztggUv-4jgsA+ovxDIF?Td_P&-y&4M{kCrQz1sx?<KD=F2_mzp?|92P5U>0IlN`Go=dGDZPQS9lfcQ5W~E@{PgU@>B&K{x9DqI!(UriP0%o!fao#LBTv;t{>hf4!$JqaI|e@ zY4im7@}nYiZkjIgm1SJfUTVARDBrqtgh_3PQe<9JM(rdib?t)xE*O+knXtp)WI5bn zxsOH46h8x|}RyKMEXK?xW_^8w91^J;@kNmcC8mppRWSu#_?FITR&XTptd&-jvn?}>* z8}6v@#oy){{e~YA2)oOtW4CxYC1TE?*&Vd~4U`h<*FR~JuhnFB5{mo*V@K^MKmQ|g zAPgP`*jwW)=x_E;=^N^8ufzYhhQCTPWW2R~DSB%(ENw{p0fC*wf#pGfF{{6dHRhe~ zoF;`t-q~jLLwIMWkv5xLa>&@xo8iqJr5B3K#2L^hOSwEw{tZjQSR02j9>3Z}Dw@2B z{LE$YNPs*UCo%D1+sle?#6XeV(H7ZVB@`tL#cv0<_@OO8PT_^(hyROf>uYZ*#Q49g zq0<*KoD~FbBTO*fi+xePM6|sLUnslU!q-ldD;j}Ca>Y8_x?B&CYqwkhq(`o=mTRwE zPnPSDT&KzPBDtO^*Nf$Pu3T5kwNI{Zl`G21+vIwgT;CARVN&OtFsyf{?YTB=i4AMnFf^TvhX#|M zfd-Rd-?m}jvtbX~u)o?cDJjNwv{9Al)i&&S8+M8fJJp8C6C}oVl?}VphP~5d;z0rof*@j(W!>+JlpR{4{KoH+o{>85o*?B{a)(B_?wTBDn4g> zg6;|)Eriek6*E0?kxekned(E zoKX1PE^9`%Jn$8E|=>Gaz#sXvRsGd zI$5solIv8tenPG@$7rQD%Y3f+LY@U`EASPx|3Xc<+`(6SIQMnIb9^zz2$nb zTqnx)ZE}@cuILcCqUD(??E_mLD7HLMmFWHE-D>nfCYr&$>n#>|9{-Q37lO;wf4O`6XBcy2@u8r z-JJkIB4mOj3?U;B2oMs6Fd2GE($eWPoemHbJxqd#iYO`y3WyU3q9TeTDqcVl5m7(} zQBZKYVnl^|9lqyZt7@HncAxH`7w`AJZ~gl8s{PckYgetcYSpl7uNPH(ZM>t~13e~0 zo9lN<4V6m8n2l^IL z!~Mt$wZw zZ@*Hbv!n?&%f1+W_DwY~JA)RVok45Z@CHj!&KPqThOW1GDr>}6IM(LaI~{wsW1n{n zeQNpXyPPpUy;~TummT|?W9U=6?_SYY%1&~O_gXE#QF;c8H#+)sw!LGGj!klGvSa!Z zMoc@$vBi!paqLvbPIs)&v2z?lNB&7aS77ot>xWAMfwonGpiloG`huQ#enA_OhB$C+ zcgjH8kWX~#G{)n#O1EV7hIKlcv1>`os*ZKxBY zHOCY%@8LFNO5NJgd(6s^m8Yqv3WItJX^1?K zW(v8KvtiL!%8-7GhxA*1eU9lJ`iSZ5hZt{E^y$P*$HqA}*|F)4sb2d@O`|Ye;=A?=!cu)gN{ou%Ttm)ySh4cZu9j8nLTt*JVy800)_W=c-vvHj(X+C9(4r)U9v<#ga)!Q5 z&oc-^>$TM#;^7N0^w=!_AZe1WS$QfX78sV?+@2?+aJhN5IT405>er*;It7}pAFfZ_ z2322JAq(|IVHBkPtwOz5^anRSrJr#lKI2AwwpGe7MlpuLgN8lo7^f{5woUYvvh|K_ zaO?`l-s2eUg&tm@Uvl)CxX>7)c|Cl9t~HGrTnc~Z>$xN+vs%L}Qi0>h6Ft37zw4Xy zFSzrqnGfseUaHyYwQB}ovcxWS3sP2QiS6wA_;^jd1^L1{ye@(ecn9gCF5Uwm zccr8UetNek&33yeI{zwBti|_>juriY=+2_oio$ju7Tr_yMo~szvOFuah$O5sOY~Es zM~L1c%HZNQQP}%4qTQk&6@`bnANT#WeztUq&z4T{mBLpc4f}kIXXoh}_6x^o1H;Bf zUnx7pF=p^BKW2h09y7s)u{dhjCmd^2Z(-P~=qqK++#1Hrt)*q=)-Yyn4ZFs%>l}k= z{-j@OHhJ~tu(>1xc@2RWOe};KHAJ^^pIgun!IosM@&7){Tq z49I@2Pf7wx$<0;O1*YHimSo+z%5hQE#;T_+cFIRzw5F%4V~v*5TKd>alWy}r*BTRb zmtTjvtg3!_E9*8YgB_&>i)UG**lvveS69J4sEU+&7`9b;_=xF4hm;qN7(S{z zIvIe6?2a;@J?6OWNqtaj$Ewcm*%KB|4%vcPwg-vY*-lKZ%9@fJAyGYArz4pqdCMzS zHWUbhkO!dYY8no6liH+#R;1<`Cy=^{V82EfT&(2^r><^CZ-e9?uv%R9Plr3}YM8~dj>}tn8>ewe8`>SKBo=`rW0vvtiY+J|f zaO_KtJ?I$oQ}!Il8d_q4e#uRZo*g31YYCogb5-@Cf)*eREr4$RNR$2rcmBNeGV5V; zk2_AsW6xjR(%aJ3*U{U#uCKH0gm98ubyT-v^@5JGI@_v~Rg}(LRTI!v|3ln?@~F+u zCA*$RVAR#Dyp*i1wKiQS#)6id`!K2+oL2g-!&9^v=<0DFlWz! zu6>R2YSIJte~yqBWm(#B=6aod+pg}{EDEu`+$hhNe9T$CwAjFgPijx@iCHyHu_vn( zrv^0=RM;zMu2dGQg*v(<77kJvm3mX}9CZgx+OI+PiaLab+eEW9Dk{}M^Az*3 z#+jrTQ~{M9;# z7k#CSSt`SrrNXCg|EcsvZAAm&5_cE1)swo*!h*IUjWP|hPaka}HEt8yYMuJ%H2>u6 zn~aHinu;MyDQb&l9lbT0t)7b79gU!JNF%JT)llnffMh#r(k<&Ls77T`UpdAsTy@k_ zN$AL=lIoXWZd>1aeatNBfLC81O;Qn7yh44n&dX8MMPL5cbP?ktYL!M?(UY2NPodNn zO*3f2G%F%1sGcfI)sIH2DxpCuc~csQYRYM#<+^in@HZNWdRZJnjgo=}(o8_mAoE30 zW(SF4BOM}&2AU&^2AU^IKSn$%rP7cz4nEU3_)6J_VrV(6c^dYBV-H22OkBmbw2YW6 z-Z7406&c2ShsAr3V~m&#W5i_f9&+r*jxi%=@tBdbc*7;?hGDrF*67#-$Nm-V@?G7f zI3jA+6D!l8T|V9U~8|zeutR zYV=9J2(fNArAw$CpTpUdCOJVu1b?3>ie@-n6isrHD4IkzPtYW%iK0muO`%Cn7bX5% zC9P(=;4@8vuf(iR2rUPlV%QHH`%(1ScTX(swn}I5*qLV-JM#>?#Id(I_Cd!!?AU#d zv0`Uw%aUx%Z>#9jmpB~zi({XP>Pa$Bj~izsD@yVYm3mHL#6cQr6^r@irkJoW;#jJAymguz3ETb^ zvpU#_yy<;xz0n5ieA`;@+!1m(ZbMIXHlv;h?_9k@Pe`#ulQV1dvCG~?gU^yOf4f68 z1Xgy>Z|Ul4)k_#&x_Xkzge;49VYVYC(ATT`I?n0yboFGGHT)gpt!iI~umyJ5-duG~ zV_>b2S}bXWMkQs?v%0=ksBMrm=qV01?%AYXU|c~eDqzLx)R?T@ATTuAid>WJ64gP7 z-M?YdvOEpIoQ+pM6RuQ;rAu(CWLE!qd@6H=0co&0H41rY6Ho9&>rs=MSHwg6d3^L;pvUd7QkoP0-xCehB3Y{?EdJpGn)-# zM~}tZJo-u*yCDtJuA`W?$1&y-EG?r7i^r(Ku!kIDRAJaQl4y&!ee{*G|90#jj%}+) zw|F~5U;R0Yz4RQo#Jxog!Vb#f3@d40TraJ9C;vj0D4ST{8}I+$5N+VOfI zsfVQPix9G^8BbX) zZi-U-DbZ$Ke_9lNye;C_OJYo#@tHK^vsp>Qn3Xh)SxLj5bc~q+!*-0m5==7v!zmgx+!L$ z9Xk1mb@5qsoMv;=b!HZsp{Gn<(Bk@7E>Cgf1qtej<7w=x(V_}^tiaFh? zzjP6sDoF)P)kEG)-*pctUB&yR9u-#8vXV>H_Xn4%c~pRXjD^0A{XlWuXvg@*9;0Q! zxd+t{YE0;Dse{@eYXSBV@g&Xq)!#?Nb9p~FN70g_&5IKA4M_yy-xS?k^lnjBEbkG8 zH|`asn(2W|V(^*7;ImyshDqu|Je$Wi42iLL%&HlN>=?#A1jE>eVAy$%o$uJr;(v>` zTlAGOcC8sU(=m9jIPcC=<4i5u7rMA6?jQ6+YK!~VQW|RDGfnyzT&;8*-`!hd2V()! z%wpWtc?)nb`KZsdlr%AIDmD4CgYC@vOj|6>KpgwSO>*o`1&+->%BJ_QQM>{4bv^ET zMBGKyJ}L_L{X`V*6W0XpdrB1U`?%W3xDTIkA3i(e!!YUk5YOH&H%$3O4DK@w?z6P) zTr&)wGmM#B!`|;$J+4Y!c50uZ&YiB*lM7?3lxD0-HL+R$f~(AL>2B-jTC{fIIU3R@ z9$I~9=O#XbhHkxFnt=B%j?wumT`fI5T7re$24WzFUgu)fW<51GwMARgZlhhhb*mE| ze7ED)HN0X)PO6Qfjjb(OezPOR;2K*S_Z3BlaW=|72Ov7?Y~sY)US9QAAy{^O;2OmV zTqCooLfwkT1J_(Fzi|yd;~ISS9+Y8M>e{exL|-}kwqwsZ_8Z3*t7R?ilISaCjOz_M z-7&0p!`Pc^_eh-7uH2HVL=R!OJSV~XX9hIwf6TJaUk_lh=g8NnA1*5*q-eYys(ig-i+O#xe#;75i=eIQuZ&XgIjUv-08CR&f z^sTk65gU_Sj&Bl&DMbS?UkQ*~=EbpW>?rF6J)@p_eAX3y+o;b+Bbwk{@VxFTYZ zihj#Cvy(Y40+2gpSb(!rMbV+J6NPWuM70W^b&5_CJwtSc=o(R~kn4lu^&-(8T`v>u z6{Skoi?)iMEqaD%hba8=22t|AUe&T0`yhj_9QL+@*%yoO+344>=RMwUqffii#hDgw zT=bQA%O+xr91GTT$nPY_UhsG?I;JX%X?geD?#rGdy9axY3~O|3f@9ba7VjX(hN+}j z6YcsXcWLwxhAT?z27_H1i_$u=5MGqlyY)1)3jId9=fz69|Ad%9KWXJSjErw@-VlT} zTw(@bFqo{aA5>O(7y7`uvKq3g71cLOR2LLPm1xJbzCQm7AbiGtyd>s)~P3RDY|1=$P1NQA=a9SW8t&r3R2xcG=Y?}W5}{$e{~F5HjKAe@Rh^9b4eo z;f^7>NVN-+{3ajOJ~S`Y^r6q|SCq<>2D-gxR_sGhT-$p_#=E8O3R2l~wjKRLA?kIQ z2;uM48T9WkLq@e`eOa7ouY3Mp+p>nL3`KDuqv+Huqa*86l(88_fwSQ}9Jft<&P;>C zf1VG{rO1;azQxe2f_F<%(rZPrg5AE2D4g|9wU=35_{{RcR|+Sd7w}P)aYk84UCU==U3iJ^lvz8-t%@aT?`sKstDm=A4bx&`X55GKw zgV+k^%0l?BLO9QDBgzNFYcmTvoHB9mx9IoACjATU{P}CO*>rACOK%_hzT-;B>@oML z(wP96+hbVLf~W)xQHqXPOBjfZUxF0JC*Ng2k zTNA@iiq}7h;qCEyt-@_M&$#Rp5rx3d6V?70?YuJZT&mPJR;G zS0?FN^%459Jwy-I^=m|r7TsHPspvkUr;6??iiJE`6q%eNO24b8sq~5NFM6)%5u)_J zQi9=4>?1{~);rZU_Qo|nd*d2kDf`bDS`H^#88)QBQj~Qxjrr`IOH0c;mlp3Zk9VYF zYaBb%F=nqU?ZuA0%dx8*W7gN=eblkJ|8Q)m^ox~+9UqpKl^?_C=?q)!*mfGQ z7`9XNm9jk?dyQlJJ9dC$hdOqIV<$LvvSU4t@jkYd1&v$mYq4Z-6O8m*m0qvZ`xUe& zX#~^q+4S)-VJ7XlMyj)8S@?RIrcam>xn3;Gl*nSepWW4QG+&?}Ok47LO0zQLn27mn zdh9jQlt8=^T~#x(+&xSkDEF`%Pw^YTbmpoXNr(@#He_vWtHZ|FYJ3$nI*X4!?VtZt z&!2E}7GDAv;@9S1jZe5ai$6{mSQxiSYAOE-c4{vgwRcVJOGiXCXGt4%L0t`1lah34 z$2#p4)_hZ{DAq3*rFdk{NG`~TDXL$Fc}BaMyv8ivWSOL|=qwx}`% zC=EvARGS`@hs?*F8oCE+JRf(e^qDPq(_D2Mi}FyFG)k^XIM#z2rRrnFqx9JvgQL#4 zeyv?*Q*>=gK4`<`5r!alFX%@-ranXcURYy8tHbbUZ?bL_Me9pE!|6*ZSa=V4FHz){ zc*H+XwxrpH_{=uMR|;nm8TQ^7&%Ul{*gcN@G5X5cUmP1R?P&4#j6QpR$uQnu!dJ>J z^mvyz_BF@8>DccbWA)6^GU~AW8lzA16^<=(?0CmGCBxEI9J|Od&I_{q-W7d1E!DB> z9s8nVUvW$=9yIHXqRBm{lH%Yx9HSWeW8xC@Odc6uA^aZ-x35Rn`t0m;h44>@a8q)OqE?EHiZhXvnKC{ry8n22f~(XB^fA5do!#2a-(NLO z2}i0SPltqbEe$i|d$0KG@7ZZFtReeR2piR~nLdyGZCMpBE2o`wOeytZ?zx8Fh&RSG zjMOPGC%cxahBNC|PmRxuMl!iP*U;K9-qV`q0k^cZUB*<+UE9ozY!$iV8!l6sH^wsa z7NnJVi<&a;sxn(`ljgYwPT$+R;q}=E8urZ|P}!3zuEwcX?x{iJ(kdywwGeso-R<<8 zt&3K5>w6jVTh?`inq&YliAdRJ8;;0U>J85UW z$?)tVmGmZ28?ht~`LjxKXZ9`G#@vgRuioo0eOG)$cq-=b?Ouzz+dIw)Wu|v{ZMe@m z_3Sz|P1aR=wz+D^rq!$Yd|pyBBKwWPsG}hyMi~Vb5 zO;6G@tD6k_B(W&^Kh2lp(-5yAJ2<4hNl!Uf(lK4@C?(}P-)Ak*?AV5s3Yn{xx}|QZ zrbaVD^VuQgh)_!EVotbTs8WuP^^@utF8Q)+j{M!v2x%DX*48giNuGCw@J-igsyA5* zs<%`}9}lUULyJ%s)n~I7c}V<{uXR#apYJ0f^;V%~;N4>Cd`fFC?n}&b_2Xl^Z~{Yk zlcU7hcV-i$ZuQJI!FI?{y?l8vhaJ=gIHIl4G$Er)DNmx8KxR(mYpdxBU>*!bB1~|ekaNP&GI@vg&Zp#tu?H*i`Smr z(Hpe?@@(W7(34I&;DF;+ukSu%-2n&G>!1%fV8x2AsRtZzP*=;E*7lYaZSB*iwC^`_ z#^jm%%~;tobymmB8T(J)Z@-nZ_Mbj=>eQJlXNS_z%dQVkmDlm^!uXi z@p^T61`sZ=b|4MeO~l7(T7FhvX?}^ zEc$oRyG2#r3Y_+$=#NC@uP850g{=HZ^lhRqi@sBIh@Rsit);!!vHKl++A(Zai^sZ! zr4{={tTFn^8LNyIZ;4~aId+y~=Q?(!WAAlLNB+ip-0GMP`;FLBjtv`{u#wSM%6NCs z$~V!mIgTxG>@3I5b?i#V-s{+{j(yg#ryTpaV?!j|cHa@vC;P#%T^&2ru_GL7b!??$ z7dZA7$3ErQZI0dL*ximj=-9)KJ@43W9UCbl&&oV1`m|E**f_`LId-UHOC3AGv6YU! z-m$khc9~-zbL=L^?r`i&jy>zx^Nzjf*h`KzYglE^u}AckvZ;>k@7Sr1o$i><%#Ue% z9Mie_5qpngIwL<~pLI;<;79D6jy>SmLyrBYV;ddYQj%?D-a7gu=Z@*z<`7!qgytAe zXER6a^^WPhmI^!pNz-5ZlgnySedC;0_--%e_}4V>K3u1b{%vsP4-Oc$0CIK$ z!BHlzZA7T0dtFz1_c<{Zgu=6%gz`-XkefOrt3aoTlA}(5u9QV}l39g%*ZB^i*Evpp zn~%b0^HKQpo|XO^c4PFF!g{!2>it8gEC}7%uwl_x%2qn|ddJRk>|Dp_e=O~L9IMA= zd+Bbt&`hEuTWm(0xPQ>^KI#8M3S34Ssbbb!vd5eBFSzsPYkyZ?$K0N<4A;`xtrJZ3 zSzNXo^5XPPqj?@qN6JOm#FZ|dYL5^cA2 zD5Ewp_O!Hic6Ii3c2rMTRr#Z{J8i2gHkBi0da(7LXhZEW6~r@V>8NSuEVhp~>si*> zp05*KhA{$ip(t|OXoNgO{(;~4+C%x>vORIb8&Lx`M3OhFwd&b5+YBymn!DybY*Nt} z^%^lPImYmOQxQbvrJ!7c5Jde@@mg}sS9^M!i|XxPxs6IVP9ap{ik^B^h=8Y=X{shS z6Mec8CI>IyHJQ!#CNJPJ{wwe|>x}Tz1W~eLh8msGD5?QLCe{x#(JEp^SeT(kCWucu zex?ENnFhdD!eS1gWo+f(D+T-1;$fd!ye%41JoXtICgm5?vJb{ES_paWifq!wpPx|O2u*eS&PlffbE|zjAKh@%uVq)4XIQ5!4Mfo(W_JQ&OM&Y?8 z9_~_!5CXSR{=)-e|7d60ScaKw7jx_)qwT+$c8`f7ZR{pP+U^l0&Al=FzhqgNRN*tJ z!dK$m%FM72M4zqm7zXaF(_~Txs!!N1whgC)r;4J_s{uQ6ao|&g%$O=afPpMV{31>H6)|tbf79K8m+$rpi#O?h^s2 z5f#d5uG%wgy1Ov8C7q?B{TR1Vfbek>9Vppx)Y|syZWLmet9DD+n<+);VPp+sqODyg z8#i|(>_DB<>q4)aI;V5OU<=FGIz~FjEIUfw7<1lcrKXxs<;Ln|i-=WR>|f?~x97U> zv}Mkc9;vD3;o7prX9;a-XI{7sU-$ACIgabl(Y6|NgqNC#N8{SQj>E$3=>6#7mUXnP z*Zb5P3b&)r#gc;~SQl)Tf?%^xOGp-<*V?vLkBo9Xa!MW3x!Tkm`^atzn$a|c^96k? zZAFa~jRlTIpe-yce4Q+`F=j8-V|cxmBvb)mNt9A3t!MW zSad&KA0mofFh_KO=seNGMCXehA*wxNmD5GZpZj#_XXn%6v-4^3l{gPOgqC?XJNQb> zk4Nm6jxq0RX&L8R+9i%1=hy{~y~VK)IQAjOe&E=T9Q&1HzjKVQ>DYb8MxSP%99!Vn zTF3MbLoA)ucHiAu^X}= z`AO;UAm*wnmhHZGiP`nd-TpctC9J1q!`D-kTSHcB_og(X(!CUenFr*RNdyYskntH2 zO@H+1t(8qF*rXO4viLa^CCKTibiaBUm7ZXHxZhDN=X9=FzozB{U-W=EDxAoUm4c-NFc=pk}QMH4TCGM_HlYenaZt`n8b7}E1@ zkG&Cy&)z4(XP

<5Z(7`v(zW<%0FI3>^S z%lmzHU-YD4N z^jl*{S~_Wpyp~5xV`Uf5LObhW+6owNkyF=tu= zAw%VS{a;bmdG%6P@xq7Z>~4tY;M$WI<}3yJcL42~sxRp-Bo*Ctr0K2`I(s=aI0*K_ zbHbOr(iRdPnimrCXX<>fjzt-w*+1zdKAcBNbdptSQc6@_9i^0}U}>&`>Or&cX!SG; z&*7Q{eV~#B$AfWg+F$lr)DIgKI>(}f|L_XhA-{gIrKB4E*-8}KP&1psCLAjYPi-ek zYaJzNvw0qTHcG`;3g1#O?ENvGX#&I01Qw6I3x=T+44dxQOvhF@*5(-d5-jc2j$xG< z#=8)f9};dD5^h+RV?B=5lfJ!GQXJKcD@q@$@WmBA(olPQ>UVCl{sq@x`rxv;|CH>p zT9;;5>F8oVTgMVHrsc*a8MIc~b=Z)t?22}e+XMAvuex&5es-=yJG^sM^)0k|63DTe zJT_zBTsmzk^4rxjlm?svt|z*T0PP+%pM6V;D>YYo{6-ar$~)Ag-DYreHJF+rKM%E= z*w|)r@B0^|oij11RGZt)-742u>E!_)q}n9R3R6FzH5C{to@2SFkba?5FH^=mdTz>? z7aAI4{FBHE8y^mLg4M@5JpuvrXyF#5{um5P{HEBNdic@_^{VQCMFzEXz$U>Np; z#bXDUVb?kKeaC+2n2v{t@wSM*Qnt~tKRY%=k8b%fBW3sC%a?{VI`;3-E||vV>T4IK zR$qC~{{OsosXIOXDr%RxgJ_rHEO%AAeEa`4?UI{Le?{7bYRPMtWQn{o?eb%34GB@$ zVTty5QrBpg$3)RCPl%#jzzNsLBx)CYrd{xvb}0H+4DDhV+Ql%mi(zON!_Y2*r|DBQB%6Rfw%@9*KVt1%@)m9jyz`%2lPXrvziCxB89bNoRDVs1cAco7 z41HhK{gc+3XzM@6HK)IdB3ar;7$obzMVoaEPL+>WD_Osd&m;?Z@R2W~;VmK0hrQdd*R#wf)tO-d|n0 zNr`NffKh2SQuR!8&5^#!PPNxodYVZOAvIM?KgY8dB$)?m)-Nx~Je*;*lkxcxDi6-} z&WekB#{iNH4^GrC-_MO1VUoPHC@rn=Ymnq^MUmv~Md4X+!uL>ZSU-o)BpIK5Mar-n zV!RS>0)-T1-USN2QaDA#;xWH%X{SYBIqX?7ti`bokM};uKIqu@9AoX$(q1D8w0m3^ zeOgg<>^8^lcI;lq>PdWJxg-n4z3j}p7tg^;X~ycw8=LhnxQb1$EZeZAb!}H?+v3jd zGi+mE+Tf>KQ%rm}g0@Je6d$#+pW#ZKXcCuE;I<)muI zy38O4?1jZq>b#uPz6E!f=PV@~a%Ha$07H_1u$l{HPKHI}*7(0+G-Zwqoe>lch4=mn~ z9s8|g^njN3-@)Cx4#wSP@}#N7zCk@2i)t;ls-EFU!yLp1axI2Xx zo^aFLO{xEN?*6{GRxFr3C<=E!Bno%`NEGgVL=^6RR21%Bub*)@KI3kD#@&X&-G;&4 zhCSsN+-(@#ZSmM&XBgaV7~E|b+-(@#Z5Z5b7~E|b+-+Dr?(S6yz>`kHTH~4@RwX^e zfrY(tDNVP+cbTAn!Nrk&@vvT|5wB65HDvmlOP{UTQ-w?ibFjybtk4f~FkM;chpIG6 zf0jqg>+7VQS-pFm*hvxFTG=pXGxEEH`y8$%mFj)c!xEX~*ku@P9KT8g6kFt0fiBwDGpO{g7;r z+!3bRs9r}58M;&X=n^sh%NVZ)~w`f|6OY%vG*K zwC>uZc;KmkY<#Hu1e(wfPhjUHSD$DLu{T*AJtpn1cv;rr(k9zqq2{UQw3eApv*U5n zx+dIUys(8VJ=%iyRqL|dfu^7pLmOfVQr)ymY!zgByLdAyIPIccohtzR$=Q?nT?=oL zq*BZ`i!v5FUzGNFi|BIEOGQr=y-f7o7Ev+iFc=iubh3-u?HM`$gw{;rj?JFb_>a`-9u}s5!>G}_CDBsS>3dFs~mfe zWAAqi&0z7+43?Hro?#=SuaxcX*j|q5ZMYau@59Bk*oKz&e#f46>{-XCeV*?|{gQhm zdXhk5IjT@W`#^tK2><-`0OSPcXW6%dud2QN7{b*Ia@gmLm2oNm?LJby68~nOf7hZ2(62>BUtNxv%S9`6GcI(IH)D`u$T? za96faTo-CXi@v<)a(G7zTRu#)9u{)b%dauF#o_vG%8R4Z(k?AiOFJnIW4fRcbqEl; zWIn>H*BHr<149r9HWQF`=Fa$g;z7%{^Y=KQtTV*tup^5?StmD70MC&)B@2VK5`B=&`CtOb=DRGHS#OG~%{7`1mH&_NXzHuiBZ^CkGpT zw?<9&sKJ*g^jXp3o-|{)a3@**+v%uyID%V{-*1)T1^v=jVPL4SRfbA$#KI_oBcqIq z_CE|!ja+4jS!1wgaMS`?)tXP|Kq$qQ+3VuPI66 zK~B)ZFy8$Da<9{j7qYWLl>4`cBBvdq$m1$ec8RPNJy^6ylxFV}MN6M0N~@kNxS_{g|lUsIPoV^iolD!COV|6n&fM zS4BHTVY915M~Qx0s>RNlz-MPo;487;C4`oSz2b`EbWDkUE~6X8r8nc=q<}G4BaIfJ`2pon24OC#C+co4U3$ zH$4NYdrK*032JnWy4FWrg8uJ`<+AX`5M#UgN_30@EyCzv|DiO0UEiv$IcQuGA-97b z_T=!MbT0(iZ+UBjkQ9vza+YssJ@k0nJoHO(W#=Oqb)91J(!J% z&um0|rR<6rS`NG23`6f&JT#AC&pP(JV=p@Pl4IM7OD*jV(N|(WZp3Ce#@ksIZ;fNW zaqRbwVGmk7>_IEbFx{;vJ$nelB~B|!&qn1~+~YMd_i#=kthR2*%_z zJIT^~e*kln%Y(@hri)LH@I{)M4e@G(=>B(?#n>lPvnCsmXUsW}%+p%7c z$9wd458k701$Ii&6kAN1Nl2 zde+U-czsUD+y3!f*J-fM{ia7;+Ps2Sc6^wD+fEdVQTjY^hgN<9SNz1e0-tdOz7pq~ zWrn>w`byas9s7!7>MUbC_Uu?%w5X*W=UBZ~R4IcSs1>mVi|4DPH0aDHn_>pEVwb*6 zoj)q%m7TAG@xbltDMJnpxovxH!NDN|-=Vg_%c?xvy}JD-=W!e3Dh2z<^o&u{k8yzsLcMv~4Wv zJ>6n`H$ANU{z8(%F&DKVgK+?#|Gs}mZlSM*!e9esU&{j3kCpB`c)uf=XQau~Q#hvb zYYUfeehQN0eO-U}3BK9f0CxG`BQS^sKJfZb(7p2vYk#@CK$7ijM&syCu zTHUZ`qpuvk$z#||wT#7MU!Gx09HadWqg2>E?fNBmRP+#r%WH2+H#?wJuE@_@VN^55 z#ijJc?|JDdv*Oo9(>;$+x=*>?6uD;EhVHi2n(FC1Hyp@6ucfz_kGHUIe|HHNOp`EL z8l8X)Aw`3+4+`XCX7C&P3~--X?%76KpDCh-tTEifW}E2~WP>m4)+cLXgw)*jT^JHb zsO5%A9IY4Ym*C(KVWi(-VYse-vifUv_*LCOa$$PK_?3ErU#s;}?WuTXI5#}H(x&&P z6W6Bid(Dse=D$OEPP&&UZ8lLqc%n-`+>xcM0$nT$XCEy}_;I2;h@L3g7_S*!oT6*^ z+ggUGNaV!RSN??Z|*=ZFTMosntr zCW{X(Eiz)*9LJc!FpS*@7LRd-VP`t_4#%!^jCZOn-VKg1Gi}%lj{Vg!sg8J$QPF4L z_Oko3C&|(_dOU0~!?49H9!yvq#q2H&r%DPgFU_oheOzTYrl7-9nr4Onw8_#19p2k{ zR!uLi1HaCx;v8oI-3^zTy2#b+8!FChr8N5}-DNy- za1|XU($>=39^Z64s$^fadPp8zS0C9b=R~mY~+JbOgpcEg+ip{XoEu5l3vMd6ZdN z{+&Grvwvh3P9U_8dhiT%dPj%IEs8uT7}xCmKrz5Ze6nF^2-jZUKqu-ZVAl2*2ka}l zIp;aq6P*^YXTt=pm%gtnTHCfNoEB=u*mB!6JR!@UiQ7+Twnwi)_O4y8FBydWH9QjF zVgl6U^R#~c1(ggjw<(&5?eN_|7H+It3T%v$N*J!Hf1<251so%L{5Q>vDZvvZY2 zI<(g65N}6SjP0ti3b<71SFPi{>#e|>MSVl2}+Jhsi9dRMomLgFSj95173 zW32Zb{2^?oKx*Y`YO05n+Xpt;JsT!o9*8+<_x?GgXW1*{P#yM}QW#x3PCTo_29~tY zLzGvWXsyK>q88asGEiN^KfWm})^D|Q{tKO7sxyF;%p|7)WZKh2@~yMsRy8u7SM+xD z^{(&M6V@MKriFT*vi_D_I5%%Wu(Zzg8{*y5u=A6J>p#Tnk0`xc!B>PTvk>&$M0xks z@1lr*YxAr^=-r}N!T%wOKD|#=6SdiQMUjUGM5l;8C^}R02cpbxJR-`t^D$Ax@^Mjw z{t3}m(WgY)MSmuGhUhOuVd!6qt`mJ;6b}52D2)Ak(JMqZioRd;MbQt6{#o=|(U(N8 z7kyduqoV&U`Wev%jeF5_dyCTQlSCg8-AD9k(J7+X;8R6mn;D}25S=NC3?3lLUi$+@ zw-DV{bd2bBqFamZD7vla&Z02#E}}b&ju72LbaPSIQ`_t1o%opObjD`!)8QZne%cY#vTHTcba3^YldO3Sz1moGmO!;VYfQ= zS;roC?5B>g7HDbz=-AL93FCwu%Wr$fBt;S1+p&EeJJGRI96R5!iygb#v1=WB(6NUd zd)hH}m|0mys*kcVbDFVXJ2=L>uZA7u*c`_eJGR8JwT`WGO#27pJuYIJgv^w=~ZcJ}HD&!;6+CU*IT? zs8gAt$2Z3eG;!CxevNkN>D;xJUOuF{P%lS^cS&wgL9~NeVF6Y&X6!?7>I<(7xoj4C z(rx9p-l;`q-DvIJ-E7d&_W<9zO-7rQZ$@1+6g!0n2zwbr!NZ-X_++)>H`fr1&9ngT zpM9;}m9oeaRy)|dk*rDx-!^B4fCo*t!Edf17yzm=l`4L-l*lw-ikupgDD0;svL<7r zU5SN)1N{7;)WLo(Tvb($?%Icj~meZ)pvhdeOyuvt;Q-ZD;sb$%!{F#Jw$~#iq5Aj|v82UkGbmw!SSKH=bDG&H!(z8=A#$ zMgF0f;FG~f{6Wa0t3Nx1n^2D@gd8>tIj{-Sa(FBom7O2z)>t-vTbG@l>Z#&WJ)uNf zWo)}|L|U_+LuLF>GV(nWL|gcRV z`{=9Y+K#)c(;YSRz!Aen4cmIu@Xbe*MhzLAx97g3MPY5e-10!|x#G^u8F~^04zGMK zzhCnUmPBYullHe?rTL?JAN{SeDj#0kReLqr)IdJmewyyWotEoId7Gjwh**!UFV;K8 zc_xH~^@!XjsM+y}Oer%3C4HgO7VRr-DTRv{7ABSN@q_py09?Fm=bgnu|*|0rI6 zE?z$pufGwmnT8|&6Y=^nh1;~;Mj@kR-6Y5LWJ#h%0QxSUp^LQp1m6*&lyGs}jj~J> zq5YC*qv)4Kd9bgFP82;!bcX0Dq6dn$iXJPvQWTlv`V>)pGbvcj`c6`1WyDvDa*YgK zDY{-%Ur(x>EqawGebM_xFA=?3^c|uf5WPzDTG5Y*-XMy0_=M>@3I5b?h?7 zSSPZ3-09d?9ec{LpF6hEu|GT3I3$&CLiClgqa0%|tKDO*W1PKf*oBT=;@IaL`+{Tl zIQCt~{^;0W92+V-&+28f=qqJ=IQAOH_IFHYCdaa@c8s%pt$gP=_D09}_OspNddKc^ zj9s#pmR+(Ik6p5c{kLQPaO_*^$M%ux(&-z~r_-zCv$Q(#Bc>f9y=T~n=+i`zW7|2_ z>=<7Zv-@gKS4_(n#SEM0*rARsb?gMkBr!2SBEUB)*}6b)Q{|(G1+0S zhP8N*Iu@Jiw7MbtycPFK-l9%#qt#e(R8`74HDbzI4=z`<;=UQsS}TqPJk%C1YTq1^ z1uL#toymw3OUX^uG-P!bgY`tO%!oTIq`x)TK^Sqe3FHPf;=U51RE;<*@k45xPYi5= zS(zSJDYpui-izwhR3ZIYA(Vthr?)|;CyUH(^Qg*p(LhGrSs@9-0W;$4VIEWTizFg- zjX2D2UfIhVZoBLr47WL(G~DJSBP?&Cx#9L;9(BV_lLKb#CByCgIm6AQIXp!iCI$Z> zhTCb9I?BreG^r6Wtg?C{Hi+d`{{>|%G2`l-CB}Dh|De_@T4Dtb?PrKhpSg0z)Q)L0 zTc@{8?wGl9zv;7PwC&e6rDgxt)@dtetZX$y>@R^YcQPHn)G+a>tu-iG+tK?v2a!->rKg_|FFawMMp*a z`?5^%J}6oeowJ$k7k)_BRO(}*NX5azCy34#-7Cg>t>{k`evs(TMCXV;FM5LLZ$*&} zu1^=;DB3Ezt4~xt&EHcBe$PB|GGwh3weZ?`}F0y#Pa*UZl!^+X8@;SDfV@Ei4 zv}3Pxtkp5zB#LEm>;sN{$T7Wd7vp`yF^%aW_5;T_DbMoLTO7e>-?=r6_dW5Ivgy&M zec_Is=-4Tat#a%P$97fEK1DjDoHa+EEKvFE9>+#sDLc(Ey$2WXyT-9I9Xrpl^BsG; zWAAe8TF0(;OkW3z_x+4x`qoy&?sp7bhtwfC$tAy;3|cpAu{Sq}iv`15BE|VG(x@V` zM*ZHEGRV$Pripfk=u;=_yE;(->3szw7kfdYrthQV{ ze%|z;3qoLcovK;1A!}>(h-ROWb@kPM)1|}J-VYqA4Bj2s1|dUfXYaHAIB8y zOc^a2v!3ZmQhlX+pn@^i4h#Xo{D{w6t&23HV-K=}6sLX0;6EC*^KbV-_Z(a>L{>oV z$naE`oDt09QfJi~<9#ZgiJDQp@c9~w#q;N$p3^xgHnD1+G2cP(JdC6_D$?QlB}cO_ zZ&aTzdQb#qZB*b3btXZZDNbbzT{nud>NH+de)unhzq0{tw_FH5+tYxrlwn32_P*$| z@4y*$k7K{}crQ4%i*m4dP0?4%mN<5tW0yL1xnq;W?Ur_O^p&y&jvelpDzcv>O%#S3 zXQZDbeORfBC-IYp8lyHRH^+n~Nt*CkyS}%rV{uFOs`dI5iG*oxkfw!dS#7K;N(V(U zSCuB_LhW><6?z|NLr?V+Q^tbCx7hGdP3)Risp<(7Yq=F!4=Rd2PN-3dW(M0_Jm5Za zRf$S7v!t*Is-y|(2~%|{dPN#tr06hhK67fE%$r1&IW@MZD%`0((xWyi7F!4^AshCb zQTn>oT`RDBm&Ep+y-6HC_={ReSZSRB-I8nQH@xr_H>{>)mvM+Ca{9N3b_$a z2=nAB%1-sBLQ-|)g_=jtTYVSk+SinqC{c3o=XI||N~?R=9vfm(uCwhcu+bBuFvv5a zNc&TwNc+!4;cIZhzoef@J3f$4UQ z%g3-29lOA>w>Wm2W4Al@d&gK4wfvY9vi!areWi@qA;Xv*vUpEB_N-(74o$I7vmQUV z(C5}+-4p*6O<^lJRmSW;;7`3S!sfAGk)}BB|7K0`hD~XT>M2>KSF4)h-2a)TppvT% zVwxgiHJXCz{kLce9zCxq&iiLHg-!zq_JE`&XbRcyK@;39il)#vbAqP$mMEG698Gb% zex@n#nWn&Jn!+$Ng<;>0zH)}9Fbqv$@z4~8p(zYQQy7M(Fbqv$7@EQ`G=*Vk3d7J8 zhM_48LsJ-rrZ5amVHldiFf@f>XbQv76ow^DaidC{+{@7;HV7`i8V)u+;wiki8a}oV zUR({|rVyTA4JVBGPh85sxEelGV~gVaW-2qZr8y+mzc9bKY{R;~jy1OU#o&OC1${1P zhO{J>#t;g$O=R}gp4L9p`eXE#-I76b!psLN1J~m zK-K9=%l$D)(eRf7;Olt zGtIe(Y0fdWK0SQ1I_uM0EJ{{qdXd?IfbS)$Tg(N64RJEH;I{+r0rdb97i*|IZicJoZT!iUzpvTI;FbIJb7}* z)M>L;wyvDoGI`pxS^KxlTG=wSW4{?wI;KpWHluC2&2CPxwoqHv&Tdi>$ayeTgWKx>2-A^pBz%F=u}gWsm0DME4hcyC_=V9ij(| zzFTyz=vAT%MBgiVsOZ(Ai$p&p`a02%h$5I=uNM8J==<~*MfeN6OO(Z@xf6aAIw zZ$+75`cF}KZHVg0=05S++$X+L#;mbnyrp2+L5|IF>~)T{I@aqLv!Irie%`3{n%*RAuDPz~6VLCG`)*rhL4bwSc5o6b(VQ+SfU5AFf(=m1(8unqwZg%X`j@|7T zv!$e{zWsvaCbviQU`ODJbELyn(?u(YG^&W8q2AU+D%|M%QN zCu#KRyWSttq~hRHEzFjXk}AwsARkoZQK+ao)kHAGr8??VM*e%Qbsst3ukd)b-6*Vb z%~7_=!3US_S$pb*w0syB$t((*PxChw_9N+6X%=ma_-J(#HV(pP;~;#c>?*}F?CR(% zg`*M;d&n`~^)sv-eI=}hh#l(K8y%}S_F8eZrJWLerHmO+!xlRRgR-h{qkhR<8$F46 z^Wzp;`mKfV{J2GyN_I&hJU?z>Tyk+CJU?!kps;m?@Zz{-y-L4N;eD}G<_{?Cu;!S7 zy3($7;j^D%v+JQM94iQEZ|9(c5#;*1AWU(#-cQySJmh82qIApL-rklCAui3u5-HRA+w1tA{s(04joF&Ffp?P3Y8&R} z>hEe#&Kzw4!zz~$vR!W9XABu~)~KPGZ|WpB|vMQ4caBT55L6P+!p)8HzHiRyil%8{b8MUNFF-D#rpMQPN9qS$_ii=HKV zgy=bEV;^_yX2-tZ*q0r9#1 z_f#X;1JPH?ekY&Z_Ycum;@rQ8HK=jQn=dZ6`{Xt$d_iGE(;H}WqSLxnbY>0HEW9gO`q1% z+A(>**)>{=2108ctXtv=TB*m-@E<-wE0smtBmM(PIo^jvQG^eR68^X-?fSH6qv*4u zROnF6=gt?^_$ZuWGeUHcuK%j=C8B>5MQbe7Z?g=&gRh*uG5SiurZDUij@=b~<)AGI zwG+QA-g6!gd)}}S(O2Tj)De?L4Zc#g&atx{yTq}#Io2^GrR|KqQidI2_t@YVV>ZLy z;~4GyC;d`Q%A1|cKRLp1MJY#r<5GBD$|ngI0|uAEi|0#Su98nFXn}Ok6P0pAbIc%U zfx|lb%w7l^B@{Ag=xU5854rBUS@BoWXqQS$2+MZz?95hUylqK&#fPjqk5 ziYQNifhaSG*9;*w#rNVLzPqd)OW{Sy8*jlLUX;AsRHCBfrF*uJZ;j+> zHsDo~yd)!xP?C($XY(AX&rZ*TfFr4YaY^-Z{8N&;e-JYy^@LC><$6+xT`)5QZ|_n# z_tlp|UdreB7}8_lr#i?>C(q0E@=%;w>AWIh5ZVjr#P+!eK<>km8t8SRNaqcrNaszW zRO2n8jiR3xMLIt#dVuKXL}!a??XW`6aEB;*?Te!Dn%;y7Qu%e!*XjB$(bGl0Av#KQ zo_;2!_)JRinUoralp6MI^w~LxhHa}Sv3NX_VFx;Ph-0$nV?1Qj;=SH6X`_g})iG(5 zh%xtR_dpIUE#H$gjI-Meo9q~8w;47}Wu||;QNQFqlsu6lrMg+@4@Zk$9{n-6=G_j| zK6BROn_T|g4$Z)1=j)db&%fKTlfvFy2rs_d!J9qB{alopGG3$K3(fi$oUH8i>(che z6MH-RI_9lkxw4~ooov6^V;*C|1FLy}I7u8wguHgvERl}%4F&Hxrgzm6Z4HYjb7__# zyknWV(n%pfcRoS?*vGBuaZ7x0NH8P3B1!$k3K(3k5m+aTT!L3{`uuFeab3?plNsRC-<26faHt~V|^Tmil zkQGjZWfJyN0CEk|c*xHX(URziqTG3yC^9V@qXJuRBRWlVd(j!9JBz}-+WT2qD%vP| zifEH4^BogJPZ!-obdBgl(KAK&7Ddh{iJ}ko6@}yX7rj(;sVK5cIaJi_VAYq+Z{V}} z4Sd>Pu3{Ueyo0Zl9q*XtOCrYFlf}Etu@5-*A;I819m)z{=N%l$JCi{cJKBM|rP#DdmG>kPTduA0TG!}QZ_O|qH zIB|7HcbewY{)Y9v-Rr_k#Ue>UL$;`UU0+Lgo6V7muR~`qW*BsMgOO!ha2IrS#kHEG zqD@0>6Vme_^^C5GN?5dqav8$Ry_Y~bz6saFCN?T79MH=r=9ozZ{K3gBbSIVxAq2(~U zYS`x;yEFPq*<+49=@^`8`MvCz^g_fm!y0_046DiFX*M-t_c``G#~yR+NylDvjM0mg zZ^9-eWur)#xszd5w^Jni3qO;;7EnxMvjWvaN;jjm&S?s zj1%$Mn+%4%FUBinUyHtS_D#ngaO@$+W~+5Atwc5WO4-qlsc(wdYR5Eh5Ha1nA2+Eg zf+Gx94*C zU#Q^t*NxO|)-zD1wLDf<``UXmGiBloQJDr=A6CWf5a(Gb*4Ub2<@tspz$Y6OYbK?M zj^}RFA})1?4#Le-1wiME!X*nu(N~9y!VS#(88_fFZopT{u8*PR?4!|F3f~yCc#k@U z4Plrpli(|5a~xaXSiM%Z*?MIaU9pwFB)oX;d`iPy)X2eFIh@yMP0hLSFAmgjxp=j$ zH&V4=FHsyA4b)W50#(c9+lM<<<#D6A4#QWy3XE? z_PKW6)nEn)jJ=CA0QSo2JYOBzQQf8RN*Q&MGP`piM(tPLf!KBYCfRl8ngzbX)56Qt zHcths_Is*4&r;gJvv9!jP|x=~>oJZ(+qHwInw}E5N7lmUl5QSqe6oq3i5~V>d z7KLN=T#;k(8OP!?ooLu?F`ik_hCS&RcC%rBb8Ln<$S~#|@#!lrj%mg;Vs|@suVeK% zR()@9a5rvb3)ZIf(~K9d9nybK9%+bkh4$Q{%j7!&G|i zu&y+qqeSMaoATHm~BZII7fr3m)=)q(#ts~t8D`q+|SbJg8??B_XC zWei)D!g0TC8Etd$jugRH}2{o}@CUTd&z21oFJppmqu6>W{64JUR80uO(!43t>1OmTOrz!KFRt zv*Pv5$~xEos2_0$f3j=5BzkH@|D>@lJp1Q3<{du5X2f37H45*qqSW`_MUiH;P6e&d zAi9_6Fj4rOba2+=`dNR3&!ih)DSK}WE$dwyi&x6-cI;lqHahla$289taxQ1QWo7v> z`(^iF_RBEV)eU=_WAssm(MMUlXB=bKj$t2_L|eR1MqerWykmDd_HD=RbL?ryo^`Ap zuF1ZIC>Mv_Oituo(O5f4f%_G@!<1%(!oCiZ1V?vh9MpGcCqtou8M^U^hCE|5#vCBz zJ$Ywj&!$VkzPXz<=w#`1YfyaFp!iB*5yG(R6yLCVPm4jEcg3f@U4cc@G^K&-f7zT; z=bqNbg>eWtUg~9jK@ap5BPDGxJY-lMDvXdY4P0?-w8{6D+y)7QQRk$hiBe`JoXLH9 z#E(*^hxcevI?E-Zn0LpE@@yxHA~sCDS}o(VTEvOgaJpp%4{Yokm$#}*7N1JGH-KVz6x6rk90Gq4HVXR`aS8qYHrwtjD zbZl)&t5ZUh!Zhwil~pb5j(UM3kgo+1#lXkAN)(Rh6s6v~MaPP+6-CkZh*FikF?^pP zX>exAsv2EM#LA4aM7~Kgj zDWjr^^j(#%sKrP_cSD!)izfXG4il+*RMr26d4z2-UhRej!=0VQXbN*?h`@^M^-IRu zE3l53!B5r^d2h-x!my*q50+6)VbqmJSG9@|oKzSsJ=h`2NkCFlkQruFqmsWOGm075 zJyaiNM%A=MlAxjqwa2S(LXDCALxs~av0ah{WhPjxeNLsJZp?zJ)^UyX6l#*AX&M#N zl6!sS4JsacFoWvL`N2`qoN83!yg8+TPcWy{nFgtri4^p_Bs!Q=DoZe@nnjWF38H8T z{en3)Q54xA9ju6mSigYJ`UQNY?8+Eg4u+LscR6-<^l6i^V`y)SH?F~aWfn3cw%D;H zj-Bh+n;g5@F$Psl%2V3Lu}2-#=FAYP5647bDf^*gk2v;>W6wFpF{tER&Nv3u?!j^V zhK-KC>O@$(;wCpEdf+2mUMmIOGT7Iu->I3E)W2;jA45l6N`Jj(T$Bs{!hu!4*Awnv zu+6w9T5XzsFR4k*1+CW8DV{w_AJyzz+Zzh?kgHj-$wJoSCX5X&0)Cf$aJa zZ$WrednY$!p_LN&TW&;nEBl(DotTBUsHs-cM4;92Ug}RcKi#_NMQZXVlu5Chwzwg4 zjnmR;IMi*fW^If{4W|0rDk>Q2Dbx}Gj}ZZ$JvY=+fqhz}C)~{b(cTX#TP(Tuh^xYa zGpJQr^ezrxG)f6a~w^Gq#H|kfkEm9ijvs7_#SfMqnNmtihV8sI04i71-3qiX# z)#t)^3y6%x{1|~7q%p$GTr|qITu;t3)7rRO)#A`ki*7FZ8BsXvc2W9(odX9fk3Q=I zz^o6zXMKQS_j|ktqt7_vNa)91aTC!_{g@fpv>b(3^Hp2QtXWqc;4cU{g?uWU!##Tdn=EJY;5Ex@)HLz%s5C2sNrw#0L0F*o* zez=B$_E~4MEIL%1#m~G`Cd!}}>9Rv65FZz$YeRR-n$EW4I@ffZytX_4nzjl%d(17{ zAW}W`f{_Ti_vVn-sD{+Nr|0f3i;Eh%vLATotU(`4)q3kHLjvQbe8t;qHI<4)uYp_LES6lVuz1sY00rv~QzYes{Bg z;GX1=$>^k8c%2+hquJ{=`Zz_P3aR4$6})pyPO1A0}CM>`6q#^Ad=SN>D<6scOI2gp@ z@i_~_u6OJf$3ElOR~`F?W8ZV^2aY}I*v}mMonwD+Y@}4E-FH;V|R+ zP%0D&b`Op^;+pXnj(XtwaJ%&PRyXSU{SkxE20KXHF~}|lkZY0jQLt7~@^2U2O7whD zI!h@t-@w5`cIjFgBFy(nvco*DG(?C$Q&gHGY(gdd!MZ+2bb;u(qKAsUNmLpj#7F9- zRa9xqqtEOzuu>=?zH)X&47FoV4ZF{=|BAkH_{_4U-Lt`RF0+L_+(Y>}c7Yz< z$#^N(-W^)jd2Y4TsWsBAF#0%*d@{LYtx=DsPt1XWs!ZuI+&${0${H!m zl$?P##3NWnXhf!OzlAumD*IY``4oEsouRi$!Z?rAY0}>ss4(Mli@QY}i@0bqL39Ei^)|QIj@gaE|$` z5BG*@XtK0*t0CE*W>iRvg>t8|ovSkRWSn5MM@=3%RUFyJ^zh5!&O1mPhSkj}y@I?% znscc%=kYo1S#9^k@F6p4&omB&bBtXvCy5VR7V5*85_1x+Ac;0M6j%-G4<3P~Y8Z+Q z4s-*J3dlD%TOw!)TB){;P|Gs7f}@SNwssW@s$1gv$1$9C;QHBkJw9Hu+=Zi#^Y&ka z2|~tSP^F=XzY_7irD>7-Nup@=&JkT9dVpxFDE45xs8ms9mFN+oOiCXq+9kSJv|E(>UM#9S!eJ>li(aYg zlSHrj|EPNp0K1Cv|NGocA>0jMAfcB{p%+8%F}*+nfzSoRX0u5a(%5XM0+-%90xF$| z2uKqV=~5IG8z3TB01*&Sihw98@8|nGGta$ycQ@eA|Nnh|?<9A>bG~P0&Xi|no+)Pz zcmQ}Q$g?V628ok>^q4qRuI5^L;&mW#vxD{a1;5U<^vQ34dj73oD|kCN3;Y&H94g-d ziGzK7WC8dP*Neet!IQw>gT$@!7I+r;E_e?39(X<|!6mMy&t43E%r$YYXqNIakPYv} zSHVHx72rDHRp4OoYEb&`5>UMnajk3tD*bAczX|pyJkp=^U)fy$m91QSnC>>(Co7!$ zEI!@cmdRGuu{DXC5Zp1r9Ut5+!QBzuE5W@UoL;i>XEZdpjTgC+joH}X#sxPixaQzm zgVQDy5AXiqbcl>|Iz&b`KSaj4Qm@SE$UWz_4Q@hky9T#m@9b{VWGffj2e)%@lY*NP z-2TBG6kJyF-&(AGXf z4XUOahk$a<;diw1J+Hl}Q_Q_RtDVi^IOkXHuU92NsqNohNsr5&TwPw|p2`!kDlzd1 zh|e`KR9(005{!aMhCXCPT5$PP-1Ck&O&lnV%Cov0(~6Cf>&{cYs2@_)omA?zAgsuH zH)Cm311~*WM(N43?6kgNRP6m$cCF1Pr+gGGx!5YT7CV3nhZf&j_wB(ZuEi_Te;_rk zSIg#lwQT;%jdN;koqIgl{5T8e{ubOv;ch4`g8P+*?e4VR>fBzzoe`W~fOmI#Dbw8z zPd5K}h;tKzljy$BFND9wo+U$iwQ@slKTS=V5P@aAx0Cej`#-2jc@x9`FKf~rJ=diA z!}_Z=X{RQXga4`~`8I}5Ire|1CMi9iwkA;_JFRrC!?kMC8ldzf)Tjz6rN!}@^g`4m z*}Nvn<~7MV)gGr94uuSpm3l=|I_@}t_eI=?APt4SJl{lC;N*?|irP@UPQ>X|fQbZ<{$ zpCjJ66Vd9KcOv7O*b@I=iGDYoh&K0FCqgo65>eYjD8jDtOCz1gFB_FfeIL<^#HyU6 z`Ko;9f|Bexpd|ZHP-Q4y_y2?xdmka2OSWwOAqnTuYRz5Q4mxt~=fV9e*%}LJ!tPho z)$UF&XgYUKa1R8hbuD+NbuD*CPIPJe|67UObr^w~>89=Xg8zS|{r?|H?A=S3*!sr0 zDzT%Rc+u>?lGtt<>rWxEitwkG*vUwuBz8)Y$Z4P?c6U$`t1+M?R=gzkm5^B3Tw-N& ziFHmA>)aE`)>uelos-16J4vi_l33>?vCc_ios+~mCy8}V66;)+*d>IU%_`iLQRSA= z?hhK}LT*>#cN{+=9rsUO#D(4U*U`RMcmEN)FCYG0hokH6zuBQX${*L7G}^8We|Ltu z`DxOYenv#<+jzxUaTKmPMDAs@`(%9E{ANB#)-gwGhiqUa#FvmAQbN$gr`{dN;c1?XxT2)2thuS?(Dsp!BY^CIRB z^D?E|-0FH@!)J70Lsk^_qf}R>P_*7t72jO>EL^r)<#R=JXv2W&LCn*q+bR^#^`lQ! zy#}Qz&HSNdRU;kVRxNK9cKvH4l7&Iag)DItj(=>~@8of<6pZC9Dm1JJovwFG*JF{) z<%=(*>%PTd@VY-a-OmR(`*rpH3F*GhlaPBCu<9J=SJM3n>3QGE*Y>>a2fR>st!7Fl zho=cQnbFC=OM~CH?&e)?YFA)3YR5DqIt)Uq!7}XVuQY&9fQ{fPz5I3epK`6L{|j(U z@JUd$ll{JSP~9)VZMkOGuk9&%797VlpOCPX^B2HLT(cM0W>8-SCD3nx^FZdfDr$n+ z4O}@2{0Ddp_z`$4_#Ai|sQ6e$flIh<042V?!3V*9;A0>ktf+h+WKVJBac~9j6_B09 zw(`Cb_&2Txf**nMuMA{{tZE!mVHzBxPgWET_ z&j&XFFPM8@!ju-c4~dsT)~nD&^5_AN{_Eq9pEEa?^g6y*gXyk2)6t>b?LOlW z7MX1~US5vXn1dIU8$LsSqGjQgxVlLcM{iFeHU|~MdH&-RiPXPRv4cI$pROY)pD_Q; z4QmuTHR$P2@bsUW|7&}l#nWrH1J00UpoeP#0R_~Ryx*APqkA2Ki2Q}w>y=8IHcaR> z93@uwOT~}u0ar9|yjjEahE0p}Xp6N~XS64&Q<(B2txJndEP3H_ITrqwWsz^7Jx|#+ z%kF)zVKuUA1ODyLHt8dZ@ePXTM(AJtioKfKXZuRF<82bPYm8!Vgq^Un%dy&^; zC=aiBw;Hd5u*G?O)BY&kRlwVMWYZ$I7lXw}3g0PmS3J|}UNZSvR>fbW%l<_#J;2pv zFW}{^fVJ1aW4X_Qxr^tu?v_h)jFp@UXKh84=dMg?{G8HQqRZlmUc-9rReYNgQ4rhc zxr`1x5N!js3i2V&wN11(AJTJtrN(nYPdVJ4vOG^2H(;B^ql%aDDy@J6cY9sLQzQ$o z!AWyqSAMUrz-g~W9+ymBFrVX5)3DACT($HL!0}#|aepI|U$e@fOxE^ZE$*t4Y=Ug4 zl1LnPHE~>-*lRO-gNdmM;Bs@{*P`(_(U2m;l1HyAiN+`I7+BA8o~bO8m3tcYBJ`Qa z=9eggf6#SJE0s$7HcU4e)quujwA9d-p~+UojN%&3rc?$z%ahNwC%@FIt+XzcjJ*Z-0hYf2F)uHkIOsNHLq@G1vDxkG#%%V^|=c(M{{~j5(c2JF}Mw;BWA*snV&I zOFfQ8_f6%m?RYX1h;JV@OD#jpa}K8gT+ZMPEpa-a8TDL=FK%Xn1f^Suq@FV!YooR6BvoDKlKL`(9Gfl8mG&ObsN;E z^|aCEZSqAiOpRXG7#?L0)2MdqRF6u96kfgx1Ght`X1G(e_eO?euB|?oN@Hjam4cqc zS|`E{vFvD>(X|ezjZfaP4>tK4Lh_ceAk~_?{2bJ<5@XaY*c7&~^eR~sLAK2KgfR7G zJZ*Mpuq>_ZA*RzqteI-xkBauv3B}NcZLD-Wy6wL0KKFYa7SQ&TPE!==!IlSo?Y)`m z{6TGulGCENz`QqF8?FMac7p>`x(+U$Ar33n9KNjacK^N=4uIWlz(!2%FH1`HW~4V8 zUVDwE4)$L&*phy-YcxO7qGtIXsvTE#qxqW8DlwWrvaN&X_dJ+a693D=yygYe$Ed>? zRCMZ+bW8n-x|%_qyPCDQrM|&^d3RgW&B&)30+kyx3bpOV>fBOYP(9%o)J_}HH1OZl zbEr`Jq3e<9I&XGDSvHfe|B|lr#Dib=Ew(3o`EMw>gFNxz*VX%4J(E%YF87Plbq>$3 z`xYb8{Zs40^XuyU>(hO0wo-U6rt3Tr;SyS%h+xjZOrDr{tL}Pz6I0H;K|$BVieFbJ zPR>gAbA0`}df&TI_WY*!Y-QbTbz(%LIhh>4&!=nUZ*?BtwI+9|v4CbqG--Bodir4{ z{{(qEC69%g7<^} z1|I_ZQ(_N;>K^FSE9!S>94f=XpMsk0zkwN#-N2u7y(jo2`1!=o0)NM~jvRaeRKt!G zRE`B-1*O`)2A%-E0iFx~8B}BcH&DF}?+aA)R@X-$akfwT5NCVtgCO%7l}A8|s6rfz zZ-81;xDk94EQ5OIpg%|$c3*QL%y?Av-oZdn^B_tG^N$7Z9aL5V`HVniYj7QKdvGwg zBRB-qF0Bo~eZh^v13^9aP;e`7A*k@$LHtytU+x5c8I=Dk!I9u?;CS#Ma2HTDU^2)o zS+N_axsyFW)r4svvrZPS=1+L5uQCXkI|yX9tC$XM4jv3{4JtnR_}3h87qAUH5Ih7t z6r2yL-ym+4FM>yc$Ad?M>JW|rzXZzNrQivmY7l9w+ytHusxF)j-UD6$YLsvZ_!M{< z_#5zY@I{bg(kdEnUju#!UI&(`KVJizRF5dfp&&g znaC3uO7+fW|lY@IOxJQC}D!5+-w-WlbKX;X6D;Mhrw{dU>26u393xn$j?yJFF z72Hk1-5T81W#;s3hI{*DD;Ha^;Nx-GCfWGZZ*b#-+cUU*f}0WCtl-*%J3P1(gF7|2 z3xm5PxNC#EKDaxAyDPYdgZqAPPX_l)a4!Y-N^tK6_d#$C%nW-T^i8&Mv0`v52R9_R z^@7_XxNU+P9o+cf_6%;H;AR9jE4cRH4iE0c;7$$h!r(3m?%Lq45AKfO?h5XS;C>z) z4V=yBj|H)YQHM+xKLVuKAAdVn5S-**G)#jI-_D`etEU~ zRib(?iPQL48I(=VNUl$;zMrGCdP=n~T2EGVQe-sNqRN_4WOO|(U0;kdjb+~DI*%W9 zOL<&rl0HNk@RRu|l=A&&pr){X0jdn222~8d1lI$f1t)`yGAhck=fQ)(-+?OL--9Z< z7eIukc!4ze`E|1S`E|0Di|f+e#^USA#(G+Cn)Y;eF9r8Xa7vMf_d#%5mom3~vT;^r za90O+b8xo>C!Nj1dptNI*=0|ii2*!KwVC?!X*8}Mc89vhrI+76*CFXN76 zW@N;Gizz;2x^;5v;jME`$`pm}q`AHZENugj-VMBrkh@4JPtBr_c7RzSJ(60TK1bllgJe)841?5js4zew5N&%>8q_Bs+@&s1FONc;%3TGD!Mw7O^fge>#kHVHdI_kKrfsMwKW+e3($Dc!FKOAlq-FDxc1|Vj-2KVcSbQ%yy%y;1 zR!TNLffd{)!4YVeQq8rYr~0qA%j)ZY_9Oh>VE&k?E!9;2&-8Nr6!pI+DNwYs6yzvM zR@4TZ+np42X#=W}@h2>Hqn@fdkE)~v6Dx6cTckTzlsn$D38puKh_BTl#}?SVj-X`ol)49kMY;?o&x04(_=pIOh;*{TI0~pkjY~@ zz2m1mbmK25Ds@sGI>3CAZ1s)6oOaz)H=#Z=$AsC(?#|b5Ds;ZS*3!?A9%vhDJ0(8L zmNzifj^i|B>%TZ#U%IUlr%Xy&l;3euR@7vKzb&W)x3tXZ@^YYJEg@cq`!adKWJ|v+ zzP@TryE7+|0+oIJG5NRl@qPBUfr{MyprrW@a0T$&placFK-$aVyWqOuJ>Z7meV}AX z{^b7&elGp8x%A8CXZksJNpk0UigRkQ+}&T2t_YO$PS zeIkX&N_XOPUaNFN^nDiTR%8vxs$t*!F5*?$#F9-F zBgVC@wqmDi$*D}|6|IR*+F#}IRH8>yo(^+keU2VgH^+c#$H#$c$MIKDvL}HmlU>06 zUiI&YJS~efwIj8ZRbI&H5&%`^oBBk%{R!+9E*3A-kTySRwr`|41QD;VN+>gp^iYldz*|y=> zVwcj>rJV`E_g`FRNw}C-SP!GhuT=m=p^; zHBGkRNBJ|)0^7dfbWVQ#6_L;be_r!Ib^3nJV#|z_)haIye$<5!ZbL(9DodH$nAgYg zsxC{y+jV!A3Q3*)Mdo5B+r^?igr2(L+VsdisXn}%a$`vmd798#&FwA?8xfI1Ro7GB z-(%Vlw!A6DtHK&w_puF0DJQDieR6Afhdrd9MM$%39-&Pd`tdH?LB(yQ^%{DcdX=-@ zb7JpBtuslrr->;ijNklR8@GSpX8S-scx1G% z=(ALBO({oQ_)xV|`Dv@o(yFLF=b;=^_71Ae-qrd3 z`|Vbagi?%d>#$Ey+EfPRx4rFS)E(6ZT}!2t$vWi}zl`g%(ska{a&x-Qn^gRoy_PAw z`_uir$;Gd$_qA*+^AQo(^UtxetZrJ-Qm#yN@$YhRa3Xa>eTaH^dhKGb#2-laqkiQe zP}w^jl(O6ct`E`-R6YyN0@XLRfof>z$0`#++Of(sa6Whdco=vv*bb_%Lou(Y!9_MJ zs@?o5%9x|UOTjOKSA)laH-HuXt5rAwybC-Dyc;|jyazl3{2@pfm7jp;ffC}47*YNb zB+SaM!7qa^fLDO8CB6?Ccs19b0hfUIu{ne-LCqm-3qA;r0lx=M0Urjnx8+e#qy5Lh z!$IO;ds!5|Iu4#y`4;#x$mq9t1-u93*%kGTuY*4V-vVC*-v<8(z6ZVyHWGi;Y2sE{ zm$E^Nuc$F-0=EQ*fIEZhf;y$(7W}b)#Lf%f75oL)>=!AX1hqHiDUf|3He=rkk~g+T z1@~BR>?TTn z-w94*84pim8Gi=5coL`lcJ6b*jR{WG%l%#+96M4HcV}=<1^27q-U#lk;FhD>d3Xbo zjeRJ=Y1664Mf)h+o%T^Uw>Y??g1a)fYlGA73HN(PaN3dM+#iE`C%E^6Q$y?S)=Rc> zF(EkZ$MLvm=Z(A5t~uw93GVpdt_tqD;BF1>TfsdW+;4)@?g@X!O379()(K8KD*U;p zWBcVG$=}(@#+zhl(__{Zw{5bOi(RpKc)KTCx%hl=+U?-s9U7c=J2-btaK{ICR&eJ9 z_toI83ht)hZVgU5AUrM)2KVFOeiq#G!TmnCH-dXBxZca;@cJcN_vg>%{+diSQ$Hu! zK&=^3HwwvqguRC*k2VgU(tM<*B175zpMI%Zo2cJiQ6Xz8v-?n`%t%9_h%wbk>TT$_ z8i>`>$J77Wr@DF1lV@yaPx3!Xd((P89^54H8`Fx)%C(J?Hv=2F-W*h~%8of&$NiGc z$Hn5x47mJmqkZGeIofFR(P(FZJEy)%w#H(!WaHeY;3fvA(tMxaFn-yrkSz)8OZq)ZR93}@jPA+Qm&!nVPpqqd*$+)zF?Wc0#VQ%)iPj(ZAM;jd)D_(x2ufNQHd|?<-B*;NH9+Oz znxIO374q8ar)*y8vXynNq}^>SZcnyy@kVfO1-BEf-S5a`<6WTO_6tr4t*@W0a3lGl zE}7BVgi<57@9?`G-y`cJL4M>0r^Ok=_+v(E6MROodDP*}ZF8Gv%x!hC*i9#9==)Ah zxGEKP*LR0(LhmH5#;U0%n!abgIS;s_^+*f$A%<;v;`BRBE>|Pvud89lO#akL6L&4i`6xmq ztuA3&Z&2uZWO|@vPckB-bm)2qzbqb0*ZZgI7;;%}F(v9Brat6Kl;c_}|C%y< z+$31dXAkmEJaV1#FmyDFpO$uSlh^E}G@dm=u9SR|kV}G>vz%cZnHC{ZLN(;)lEIgwTeaVHUxhON^*H)CP}Vr zF1fP#NmR~#HM#S%)13QxaQ$)Z93yA5m3e6{a~i38cqayTYH%7qy5FmV>rNtbud919 z^*wbN-}Rbu_M;Z$(N6l4Bw=FP>^U5Ct^(sypKR8q4DX-2-dkEHEq%G#Np~N1mN4l< z%G=z8{^1j~t+hLK&0S;GUH|MF^F(`=|50Ad;aO_)c1rx2NPw(ofs(9qK=lC^fa;+y z0+n|cgOZd}sUF_O$>x$GTUo88-EHJ0U$>Qu-vswUa9dDH?suDHV=sAdQ-kYH0wl{a zJkU(N1dPUa{r8ZwpH=X2%CO|obTySywdlvUFPN9kzWq08P7bZU=!h(qn*swynEH+_;G*WEjsnrv03DW-$0fl4v0l^n&&Hvd@fIWcDys615L zQ!6=pBN1}44=Bmm50vB_2%_&5UjUWo^pGYw(^U=Di%3jwfbyoGp7gF_B z;ZV4|)iN`GDc`y=H9cVyxAkyN^zuC*2S1W@x# z$)wsG86`&7Iji%e`>uXFCfVQRdQRd5DkrsdWe|xpgH%>jc7$!cBhqR59@1_49?q>- z91M=a9nZ9rur>hq;F=!O=GZp|)fOI$;J8G~<`ONN?{9PN(&VmeyIP&2*EYZ9;#bMm zs2$sh)BZ~)44}PePcD;CRbz6%?Ky^arBT94aFefwE`4I}FXKMAN>E9t& zYAU2aR^w>?@}HV&GZ?N@wNVyy%0))ajrM#+uS?`qS=9W>DCM!6^I)U=kIGH8L+$on ziQf^aR#|edqM4WxpfrXtpprBW+yG?ESs4ya0=EXKi4~Rqo}g+)g*1Atkj-m_Y(5Hd zPNN{_9!s`Ht>h%`*TMZZIMoIByGF8cmQZlb!TmnCKLqz-aQ_TWQe9sICc-JDMAl4w ze{ep&cc>fx%a7WWvHVVwXEV7!h;p+M)dt}v?$-!(H0Fwr8y8;1K@D;fH#(^nOKbg? z+JfsFLEq`5chtwu6^=%WhF5~z>VLDz#Wxb@QO$o5Uws8$amHa)T4`y$=~pV01xe}n z6z#rZDp6i5JtMdKl3bZQPO5MBRUY-@{7n%Zl@TK-Yxj{}Yxf!3S5$|PURzt;0o;OX z)r4)qQQ&BhpN;>=f|Bt4kpq`-*<8Y9D@#kZyN$(V$>v}Aa(9w&cegsOom)HE%7xa` zoYQ#7-AMy+?&jd`4(`6-)b6`GwfpXuEbk)W`@zYmq-5&H^jZnssZPS>rx!o96Q_j$ zbSvT3l#Uqip}epS8=WHgR-AN_&X0nn@4V^YTNty^uU8irv*jbu>S&uYomD=xG|{ z!KP0d+2$ofC18-MNF*SSZ=1-|9>=$eR8K1x^`l#4r@~Wg--xuN*SS`8dka)M_BN>e zMl&`E*4|i`VA))PWh)m~;>x*eldWvqy_|b0xR1kKFZ{XRImy;o%nhy*oW{BCt~*Im z{S%)hNo~EZ^^-n-4ZiE!`s`770DaO=pcp?bxT*XnIhw zJ!&iV*cMAXQP4kDXYdHayXtT_ghsWYM)g-2XVpKq+OMJ^t3IjKuBOHu=09jY`i!3P zSV9@0Q>U`-(@neWQR}YVR>vcwNc&WbwbN6bwZAGO>F&#bV-tTpQm7by9aQ`L4R96k zo1pUQ7I1y=Hc(}IC#ZJ!3?lAQE1OHLY-l6tZewwIvXxCkcXvMtj(T9BG-?Nx**J*+ z$#Qq&lMTPY{Uo@TgVPw*pQ}{7&uc=X?n4=fW)xA&eo)mM|wT${lp`M7kY zNT08iPh}ym8`;ZI>BQOUt4Y;z@Q={AW6y29ucVAnu121!(kiveyV{(S3Z_&mhgw?Z zr2MJXsFX}yQv=ONqtdm{&QbLUwx;IJNzMe4$@+Jhe!)9PlG7*CyGSpBs=-f#(y*Qd zR|B5|H5U2}xGwlxa6|9~P%){|5i43W9Sg`*9Vm$IXg6ErAI18 ziL1s()yLz(R|!(}+9ZXYzXm=!T~`M%@4_ssiGj-LL#lvsZ)W0|U$v3{v!H6zb0GCq z>ryu3`vR!Mz65Roz6`1&{}J2~{1Z45{0le{L~pWMrZd01mdWO|Ot!K{IE8cPCR@4C z*u=R9g8OT5e+y18D!9APB^$e)g40UBKSL}1?(X5>w9@aKR{GtYdR6B%^Xr`C@qK>7 z_+_J^GxePymlla_c!^0wUtAo zhi)oI1eRsAwvuSo<4lwFh3QCa$+r#?1Is~}3Z?vGASs#Xxw96zasNJCUP z-U6zI+y<(K+ySbKy9?Y5yc<*vL6)tC+zYCPJP3{i9|cuIegLW;+LqejHAFVAA+nY2 zD?`qGDYZbe!u2dd;jt_2)pYq&e0Bay8o)(mya|SLj|Z`ThTN1 zjF0&JLk}@iQ^TgPqj0u~_|ye++ggsI;my6!^f|fVU0PL>*7oX(s(jNq!k|lF{$`Yh z3k8GNv23EvfqBHmSJhl8u3pKfFRXbdQQgFPa>*MI*}LS!jeA$FD(*@oapAQgf8#g1 z&$+I=T}ypr!Sl}ziUg7^CT~Te$E29lEcw==9Nnw z_^u|Rq%l6GA4{Sm20RntRXhA{^Gc(SvU${r*p zcuYfG&~jJS1lC`tvnEiL1{ZP*+Rn<#6Pl8Xsz|OyOD7SK=yfA_`FsKMltoD)sn{hV zRRNI}FIM?Fy(U-n?PA4PshDnQPz%YB+Kh@+*R#{LL`K)o*Im=uo2hG2n`kMrQ5}`e zF&G?}_@6fTI@-^`<>7w;4h7LsttEX9+=1)ggOb1(K#dGu0>^=W0Htfb0;-pN4crg> z3#h{8%@z9&)4Sk8uKx-i4eGl`=YSu85(0f+>3XmicoWzMyd7)=9|ZNirSF0I&JwM5 zu`>80P~UBmc&rM(2(Avk0T<%wIbh+PKgZox+4+i&0aDNQ$Pr*^r zDZIZ2_iK6(f5vZ9F{IUqsEA9l5@FD zR?oOBoZN26Pm)!8e~K)YeZem&UXrwq7le{W0xlzw_KaFF* zqUJN=`0$sUSEX}?o{`}Oqm6N+tA$Knu=by4E@dUZcoN3hm{`h0*_bL`d zuE&_K!ri^i&H2_T>y2!NWSC_bzKF8c-vZAA zzYU%b-UnU?Y6N}}_z-w8sP>7z!ro=R6#OyQ^ca;V!K=ZiK~_pC&w$s0zXQJsz69O? zO1$p?C7ySJZ-d_kB`HTEOWp&@<~^WnWt+cp?$^m(x#&-6IQN-kD;Hyen-Cnin%t3( zW-Iggp3G^NmOtYM!TmV6zXzvvOLwQ$N`J0aE1er0+`7SS9o+W8%?s|Z;EoOMgy6m& z9B0d?XIxCn?$5m}*~-O|;BE-+zTh4Tj=Iui7GnsU3>j>ue&uvOQd~dA%6@1WifQ@6 z_6GZQ#IdcjnitPa$Bfymvz80;gnP|ov|2Yss=J;=(|sM>vl;g~KZ z)kT|7?q+YK&cW_=RLS<1{hYc%&}%KxoF)tW!^^O*zLeC9y5 za`Clvw^8d`=B{ibZ+9o1)!j*#bWXaYbF?vuqg6@VWx-t@T$ZevgqF<*$&w35Iu4>} zT8tX~m+J1HcZdjukYVNt5-tO}LXx>UuV)>qY7MX>b77%8wPn7eGd%);FyTDqrMYvZUuJX`2!W z@0(=vzDYLUo8a72$z53|{F;wO=2_h4-|BF8glTvAmP4{Na->t{_6hEQ;OMDSc=XN5 z@6Ey87TkToJrvw(&&Cq+R z-n%{~S06RL4D&<({VA<%eN`|g{)Zl6XnM^^kyMXReM(IvYukTCNY`q|Wj4ZN?hm$e z%Kj>!q;)EfH%a_PWSFcQgX#}91r^S4P!f6=)ztd|*}NZ+4Q(ggZM2igol`6C?%qi@ zpDlK7GG*xQqy;#4U~mhAL!(XZ6w`W1QT?nn^^$TUH@B;kls>*W z(iBjoG!;}SZOP9|Nj5Jf*?b3ybC)M~WxaoBJ{t7~qS?xJUaY%&JGkz0e>d)`+t583 z^}>BYU8~HmqU`F=?v@|9Ar-~zL-=Dxy{P9eOSkI7dJzU2Jbkq)cX;_Zxx-VhA?>fa zI2B?1FJ6=CPkH|DS(B2)E%ZXLzbc>lHQSSrES1^G;0oZW;L70Xp!CGE!Og&P!7ae^ z!R^5dz#YLafg{1MfD=JRjwY#F(F?ew%I1nI4SoZ*})~v-^^9pQq3qW3B(|?7nKeuV^vr-06P*6LrU9quO}h zGF{IyQJfXW)xcRp-KlB9ln9b_B=k*j8d9RTRfK?KhBJ2zpd8IfGZ$InUVH!JkG1A_sXcco>DWObp`U?1Vbf>ChwxgTx3#5WhA2KUIHvYeZirJ-$i)Cv9=vN=W^5(&h2i3Snx-=)nl@!2Qcz%#rXnI!t zu}q`g?;kPh5}=eG4KXDb3Xq8}%t@uEcwuF6U0~YGC9P3Y%smy99m$zHJ!Zi$J2ATT z&+GG0FpFUP`sd#h@pSo7RCim>RfsJ$r*uY>3D(bi)yjI0e z*pqz}_oT+E+sUTdLTOiV{;mZMNlD)Hxn`QIQu{clSXfu3o4Bi%)MvT6Yn$al&q@Bf z$_gdR2Zj+=HEV;cwyJMZv!?UE)j)WR>K^?WZc4@_^@9pY{rWH}B9)~+Vw{DtOIg;= zFsN15^<61buA+s~wYJ5`+({Fu>)q?Fm$L@B=A9pDU&9;BkNr`9tXaA-Tn$TnzkaTL zEelHfdIKB;Hi9bbl|YRdRtMEguL14>4gvQChk^%!!@wEf2B4&7ICvts9e4@I7yE2( ze-wBn*Au{-z=@z*+sU93yc?(nb$9R=;2z*J;56`$;NIXr!Ow%rkb^+ApI-o*z-I8X zU<;_(iP@ksstr`LcnEk1I1fAuTmYUAE(Wgvj{$E4j|Ww8UjwDfodRkf(dnQxwX?ww z!E?a=mpuRIR%KRBgNwJRZCmR7JZ5 zyav1tvR6XaEx9)Dk;54h{+@#>91lJzi;lZ64+^NCc8r-*ndoZ|1f_po-_kz;^ z!Q_wwr=KI!1JtGZ7>Btfy4;@THPwSEA2zWkvR{)HQ`Uci($N16DjYOG zYe}W8`#gkfJ`W+Ae{0D(^@z^>JlPs`f^_0u2=3+JJ`7I1q5JKwbfoUqn)=eYg`4&J zZL%Nf=64RwzO8iHS`M`nX1CeOHfG$+d~g~-*4*i-On$_4&ZjREgBv^rJd@pRw72}7`+jgg zO184iY`Wj)f_ppMy%$_}r89=RGKia*e$CaD#&=*&qIaqPI+pyXb ztq)HC*99kn8-lxnp9AGjA~cMj*G$>GX3FMg1UPp|a#t=MO14HOg4}P}R{hXQ3i zla|-HreyQe=$xAxoOazfr(HMh_qyOT2cWZEu z2KRVyy@~z%DFuL;Aqiau8Q&~)LT;7Xy@*ZyS!UUfihGZIVe_$k*`@vev%N2Ro2R<> zrTeJlDyJsCcIV6aRJs3kJ6{H|vqjNd8I(rADaqFNtO+Xb*8(NsFY|K=m(3+yHveju zb6-#H{OmC2wC?Zj)bBgDLb8>$>n?GX;4}f~?k)?iH=#(Xmhj7FeeTLAb~2JG)oHm^ z^Rg`W=~3hUl4H5ByWV&%Q+NLlcHd=Gs)F>>TL1lzmw$hn+Je9HtG&O#?yCWGsa`}x z>a`WcS#i{^go}omQ~pR>*>};HIZV~IF5gy`;s*Jh=B`o(_vb!lUGsp+#h>1F& zeVaR4=4i($!AK6JKHO&xd)c)z=FjQc=H#&FFmv@(NR8@tcnF=;4D+Zi=Q8uSzV%JY zhwL$zfShZF{c6jE^hV3X)@GeQ<4X)1SO_0-Hp}M;b@YHYc@bh0<36&}bbf)VLnjug zutzJCC5p7~B?a%TLCcJ)D+RBVd5*q~I;8!;;!3vBMccjCAmgiVs?>hUT~kNiB9(29 zRI|_?sdtO92>2fKEBh7grbJFuWNhDCZGq()?>V@FjRWeFvR7;SyterqQ$5oXrH7uZ zuqeLjcbRGuHSWkgTMt{z0kGy=<*4eVsX1RkDcP}n>Vmc*Wh05BI&k0Dgt6&rkCCcNOuSc7Ib6QU3udc8KmaAn!8# zVG}t+EtPs>MP}aeBA{I`XIuLLszFSDs#a;eeNYhAG*RbGkn%-Opci^6TpTIqANJ6bi3_rbFf`Dw(ba zrR#VTNczvgiIhXNIr}yF8xQJfWwxQwQ9DHBtabkisEBV5s$`@WsR~FB8V-&Fw*aLF zsnm#MWfZtOh#T8+fg7DXYBR2Tfhx(*gG#_bpsLt(P&2O0;L)J;sAIv&pqkG^L5b;H zP_<(ocrmyLl=ydm-vAE>zX=`*-Uc28-T@v5N@gqk*ZAiIP@^Bhv>j-tg70yCI`{#2 zHu!H)>-GJ}n+w4H;6)(2*6jS)f#9WFYX}^ke=LN?;^TeGQ+_k}7AKc@?JrUe*f_ou2mY`C2eUhzQtRLLQ z!R;8F-YxR9X%5oUrrBZVw8z@H#ld|&IBAdW?wR0t*DP_GgLJ=|<#l(OjdV`4k;NA-Equ@RcuCY&!i@tZ{&s`%peecM*t%BPwI0EUSMeRx|WoS*z zNQ>%=O>WoWH-^;O9-Tet_ z7Shw+!M23hf3|Mln&PZDjt1WwCigOxN%J{WtYg8#eQnT8Q$YtdzIk5T+@nlmQHrw0 zBD;@aZol82>Y%VFgrR0z@m=uj~GP8((W{KyACgkU(is-d)B zmx`_JdKuHt`sq2v!fH-uPnty34wCF?3-i>=Je{U_jPz0By;?a0P&rmX^Xt0meju!( zraaR!uqV`%11T4D7noNYMwZ6elccHnla|NL=m8ygA7yUJy}nc|fXfT`ES#pWhLFsG zxN+s<{f382+Z3gSUD(I5V{vA~p2dp|%UKC&tz8Q>bb_Vzia+qaSRX!sH=v7BqFlU0 z&Uoug;vu!EA59y|e`zHapp?iaT^4NLu~;k6YmIT8T)N%Y>{?p}d<(%id$Kkyj2^Hr zsk+MU-`wyRD%vHK?b!`_KRT;N2eh^?@V)gO0}i1v|E;_}zD>l+Q?qkvO=6|oT1dEO zn7fBd*RnC8b9nx7E?3Lgg<$SxGT)?c$@<#*S;l!uXkUScueZHN57>{e)dA^6s_BGX zugXcuILGe$-W2)&gnI z-Wc%8{e8Q)9~F4hRN-@}jVZ0mq{L9-ycK<R4K`|d=<$D?({&MDjA71p= zQzchgNY(UiezR{B-lc`!COVmFP1MeT{PAwJSc7tlrGxU-imGK|RZ`BxY#=AhS%ie!m3Vo@>^QE2F^M z!4ttdK{T}DF7QI|yPzt>{h%t&1E2=E-vb{99|ooMJpyX5%i440WAF!{v^-|3DrN8q zaBYya=*rfh-i}wr`vrIq_%t{j{3SROM0csQgKWvEXy$^o>&nUC3!o~}%b*1F6;J~E z8hAPQI(RksCU`BVx8wIsFoho3A()khLM zxVX6P{t4XAp-G)Sq3-_6cHg^NjU)~x<@F;8#aUr%_tM+Lu$Zxt#MF)j^Sc>I=n$OV z*&)jIXyy#w=B@3lWLNL`#O&%sfRV+bqt%1gsGw43m0I3BZ#a=uUR(?<{)*Dk(9pM7 zxnYmkpnI>m`CVz%VyDvQOB?dO`Od}TB~1d>o=1Ld!|QzYdF6&VC^%hD`>f6R^Z4bzLqqZ)E&}pa+4m|VnMpPdh zoY}A)6SL13S6IMO_{P}7dYOVIouhW2Ei+4)lS4Ukx6>Q?7Y~)5D$OZIvbkCc>nWCr zlcp+rIq%REW|hHc^M7!|1?1b)xF3akDT*g0_gNX2%C?KS)re=r0F@W>SRKvnKJhB$ zb2qzxv<VF!>hY(YLl-)S2{+HSlk2igsk?@*Ov<3-MA_tHgnkx7P3*s? z+Z+;j9x?1LYZb<=7RCw|hAQ!o?RsOz89saOVO(EYftapW((%2^GVC6}sG^Z06qNGO zc6MX!v$SOH;*^R*2~*&jb<;WTn-{&9(bQ2O{t!>_StR(x8d*HVGDL&3o#d?;&5-Mg z;wdu9X9%itP%D#4=&4o|)d7_1`Y0>n1&K+0;KJ$rlvOh?7frpQ z5@24oqMC>1Ryi141)K{qziKCZtPY;YbrX02xFPsua5L~aaC7h`@J#SF5RJd`D7ZcN zQ*cM{DUexOJ4s^<_%_#LL5bIRkV4Zre-)lt>s(Xw=xObAJja2GpNx;3pfL0gkhtMR&W8=v%$sS9PkLR4Lk`v6x3*A5%?t#H@+Jf z`~lY$@MqwuphgR)gPH+Wx?cy+1^)`7u~t3+m9BrM`z6Zg%Uo;pa0RHEaTT~S_%(0{ z$jGHK3}nPo*#x`^)ZFkLptRAuK}ojC^(63NP@{%NK#dxDfsz~Dmssx6D{JerxwbA_ zxo99(&h<^Ua-s2>bIN;nM+y?ROK^t-CvDx`kpsycd5}0#leim$`(bcD3GUay{Wds_ zxjZiK1h*_Hb8fk0V}udh7Qu}VZkOO@1UDmF}P{L?Hk;J;1&gUQgEjQ_ru_R65MZtdoj2^G)W#8o&4qT z8x-7X!L1wIhQUn=Zc1?b2X|0#ZNX^|us`F1;Jy@`_WOEV?g{Rv!95w=UxIr#xV~tc z?zfz5P_z#LL5wQKx(obQ5D8zBw0gXoruSyNl*&txJ!0@rOf)g64&hps@qP;AC5 zn9rx7JHma=gdF@pJWFGc24jj}$6}qC@9ObdMy^9&S1tzQsIt0U z4gt3Y*8|miuMbL=XKnizK_> z4U?^0>=qn7b8>e|aOz1tywzwK-S1k-R<^gDo!c%r)fzo}7{6?`OqMK+^)-w>l!@~R z6iU^|kAy?IPNi!N8?#{E!nv&-|JSRQ>WVbO?&?ZTPOdAeJD*TjKEp7v7aB4ntmp$Kq z{|YXQ@tr7V*WKUpO5OK{b0ci0*WEwK?z=#$&yqG&|E7lGq&VEg@5HE4%;tEXHSWmP zmc<>d>b|T)DbvQ5ihS3mHx%RC56SL^Au;m2d^jIJ-yAEl*|A4l&P#B)Mon#Q=SA2K zKHa^vxf6AT-dp9qO0Jc0IrN-~3f(>et_Kz4j%;bQqnbyx&t5#Qb$*9E<(~}Qy3|qC zIgLWMGmnScjm9&Cfh*XP!ov==6LfssdrenTpHS#gwngc&EvDjZP&6KA5d$uwK7aHYtjO ziX1@s?+uCMpYVhCei?>OIu`FUamlDiG~DTg2B zCo`QIE?H#Ov7#1a1~?dGCbqH_cqq6tI1d~R&IiYW3&6=BZ-3d@S{-0B*SrH(X#tM_ z4+D<^7lU5}j{=Vcj{z&-S>OradEiOl#o)={CE%%`s?xdO&EQ3#>dVET^7Y%+BHf*A zjkbAITv_9FyW3d&JK5MVL=ttkvDi4-%7xygbnf%PslRnj{jG=hqu_oT+~0%yS8zk9 z>F#&EWGffH3+|=hG}>`@8twQqG}>`aqaEj1wMyKY!AUmj`*f9>OqN@UC7jgw*G{{76o;tN6&sbsGhyTyH1OTbk!iYi&{9vnf`&-p6tseXH}`ZgX2DLE3Cv z@eoi)VozJxHa}0Fc3sZMeW|8e-ACsSo#g~7tlX2Xi`!$YrMJObPm%Aeo32ET`>gCy zWW-X$f`QwbY2c=$cTKoXNmjHJ-P+{oV*rvh@t%mp|R=IhN~cou25V{Z%<_ zz)u~vMq4tk_jX;CorNYSS}Nlg;1oaPI5Lou3ly z+^>TxAwkadNw%_mztp+0!95V}9u7`@fV+D#xYvSvGq~KIjOD4>9F#1%*49e4hWF#@ z?$@4ys+Ro525lwkJUUaDlKlPoy{qCeQzQ9$y}{q`9o4~xn;B@9liS#>uM?a8$Yg@X zQ=RW*t!fJkid|Sdpu6@b*NEEl*CV9r7AH+utYtwh{o^M+&$M(`QKUK!A(It-+g+He z#JcvV|O+&q*#zUM0M3rQlmds!@`Ola~ozvqUwc*Tb`6}Jia>-jV)N*|YN%2(y z*B5W+GuZ12Oy3>L6+NE~qxU71Ys&7(?CL~~GE%jFYI=NZ@V9xJ+Y&2~tm>pXrE`f0 z%v@&ICBO61EIa# zb0IhuUaJTbKvp75Z#^4SzAD^(z^{U;LwdgCP4nK%Xy3ls8jCL`Te)~7xE}=fd~m-H zZh6`Qh0>^%AhVU(n3=itf}0wgR$JtwTpShLvB8}a+y%j@4f1E`O-c9rQgE*Xr#(FG zPJ4LV-Ach}&y{nUJ#u$D1vfdksliE`b$71>CvDcb4}#*L(^ZJKa@XaOo#PubK0K!@-FhBRHP9DR<)i!Gitf?sP0;|rF5U8tEVR^ zJa#aqCs=3qE&&erNZ4P+PkkK;FNPVz`XX;B%F1~brb&$jC2gBfS-nq_&HFUj%6g;2 z?lu-*O*YOq4DRLNlpJYNC-ckZ)MUx+XKjC@I=Gw#Yjksadm9rI znygsY3UThj%&8^TsNULA-o@#zICCeZm(J7^(O>Mfprd)NcZvS-r~&Z0r%A&chNn_o zb#`Bi2PurI=9jw%Z@AZv0CJ|}0Mx2VySvJ@yK&6+xA&0N9HhsgYyvz)Q7P(Q2RzhR zy)CbKlTvZKU2EHX{aa^i=&iHdf!x(i2U3l%4)m^l<4kjtii)zon)$23%8xRnbCzmt zK&iDmwHa0IGn5JHGqQx;ND=CKU%biW>x1ozdP7*c@9E`LQNq`Cd%EAb&$%qI0?FG3 z{1l+y`Zt8eNxB1+KxN`B&;3!OUN9iY9qkSFA-Hi-R+NyKv zJ!EUt3Vz~F2u?E_?oMm*?v54o#62C{v%zW2-QE2oxW3eA=gP@eF0Kzw`l&zTuHfzo z?)$<0D7a^WdoH+Ff_ptU^(ZMW!Kp`aZeX%i`<9vHV>W9ii&PjHwSubgYUfny`pM+` z8_w1}Zw2L!EH#twFXDb?-@xih-1mD4ljS9N{8A^b5zD@UcDOP|y_Q_Bp^?XAp> z+UwMu{h|#}gAmhFF_yP!^$IQn)o4yUJ_^R$BgIN{Git|6%ozGx+2K4#Iy?88nw{(6 zt?kY8XNG%K4>umX5?kLBR>M>ap`oG}MY%S@TJF=+6tRd_UhWfFeRy?@I2=A3<=w&L z8HF1CCbhAmYx2{yKx(Dcq;uf>1b*3kB~CVG-uUa>OUYI)mZPMc8<1@NuA_6Kg1ax= zJrtbszka4-C|s?n*IHiTX8oJ>*^h)``H+mtq(y0rHolDytJ4qp)I0+eC-Rs~LZyOV zjsdntaLcLxV-(Zbd+tD3mB;kQeYHDya7~!LjkVpuB(l7|u+69cLG8)ifjq0-T{hj; zNVo?(Z$!MO9 zQsQ*IL3-pzIF-!4%k`XyhBQ?qmc~qa`+h(y>r(mcV#;`!MWcDw+61ATPNAd#iPMJ z9-Mk~cc&g*Hog)N+}puPmg?KJ<>6{geY}NUd{Vs}{cFja;3R|8z?X`20 z)#*;>CaXHvvDV;EYMXj)k4DxcLh;+Lq4RlW^g0ze*&I}hwk0U>-Ud`UC{Zglbwyrk zvU#b==I5C?cQNjr`+l-D7C#E^h2UNeuDhIJRYt@r)R2pfXhLMR(i==H=Ik8z+p$^i&<##1#@M%WsufGntfq5T^@)5U9ic%CU z9$H7$l;rK58nwuW+>Ut{Hju7X8|wX=Uteot@_LvH9I5Ee&|FEwQR0=Gk(X-2ln|x9 zKF3z$o)TsEI_HZ)4^-Onc#Jx zQm%O{uO+g1Es?Ekdn}y0Fu9}6O14I|mFBl>?U1|sdvMa(oRiMx;cXS%cEK?(nA~aa zvAY{eeRsd>CtJDDyq0q#gX_)H>f1omtKj?blc{e5x8N!DZD97Jo=0NjCbxlEMyqeR zgzzkFK1yc}ddJ>LJo3Cou0%PWszj>0w{$1{R*wb{EmsW7l#S0QU(@tSt!&==;QJXO z=KB7f9<3M-Qs=$RRym!u?XqH1)e|S;AsgkHB)BiQQz8#WqGW9bRZUw!waW~=Dl39* zpz`<-P?EO`W#N)1n@gT-WqrrQ?l#&wuyc;y@3tw*f_)5MSS#p6*bMK|tS>F#+wDCbIkmLi^y=BzuEU#-0cotsQu`x=f;dx9!PmvyeT6O?mw4hhNp~)L1)zUJr-4&_pTMR2Wed-pwe>TUzF% z;;H>?ZguHa9fpk3tcqH(tD1A}{i}&LBw8T((mB1#rOQQNwA)8wayTdr>k3do9|@|R zIR@Ma)Gi+tfp+<94QhAK2=H`p0(cgv>^cXW0iFlW0xtmPfER+)_To#RitRG+I8eKZ zDxjXL-1t5}pAV4D=L2Lb^8pFJ+sOA5-BvDs8{CV*m8sY6S7Sx@tNzA0^*7E<3~q98 zhX;3ba9<1V8^L`yxch_qQ*eI{PP>f!x!Psq&(-c<=d}CRIi1e#oK9zV?%TnAH@L@w z`(bb|1ov`qD$)1(4da*1m}JSES~OH(YjM;f9md6$b+cgdBR8MpH+=|y%+MlDX-@ z=h;Cyb>k0e;zGIP3jf@Nd$#gQ<>5>&{1$@5fJJNsxz<}$}!*5GLABOj099lMgKL2^K&`E}fE$9dK-FRSlmCzTxxOWv>szw9 zy<}_D?1=d-^Cr668jJUWTZ=Z%{SHpHaxo>iJ%T$XIO+WU+`EFiC%9LGdn3428}c*s zmZ$q272LSsv~uZjX%Frwnlk5(O}27zMsVi@_vPTO2=30{?hX#A=+eq+4oSxAMAuQr zgQR3iT`QaYY=ytgqMBAFw>BT%TDP%n-#M-G$28BKJEOVfP=?iu+vhK`d4Wk(3hgjo z)X}U>=ecIOlCZ9gsukPZ7Rc_##~PnA?{&|zP$c8t7_4ETC|x;}oJKu*bK0uSe8lo; zUNdF$nkk#lFFJQU?wxxe*%~!}nYh=2do#G+NS*ubmu%%?LU6kV_p9KZ z4^Fkv{i+uFb7{L0*E`v&D|a~uc(~2#OTkc^BO{$d?HZKfQ6g*Z@7|UOKst$Zp!zZT zY48f;Bz~I=;g6XUCNF57Ik{~{dvp6y-*KZBkrRXu7{cx}HF$>w5omy*`2Jx+Ps}n?p^%UP-h-a(nfrzFO^B$mof6 zG0E~7pmOmnP_qZ;fQr)Bz+vEpAYO}0Kt<&WPz8M@I1juUoDW_DD(9Dgsvq*N9J+;{ z?}d}i_rl3m=EI+kcQ+z9nqIrhI$m&R1$Sw1Uk&cJ z!MzyVzk_R_-up9_Pc|l-gS$Vt?*;dh;5bt)`TcEhF9!GL;5Z8{x%*deCHi)MuHM~{ zt+CL%8_r2wHL6;|FPndh#N=A9Sw{5(qJ?^6dpP2o?{Dx$$RzFU*iNjw-)8qE??@}Z zO5Obj?7oL4DLSt1{`$wtCshTb7IX^YRo{Xt&WhXnpz5NVN~acdUu!}0kgKL8vKp?Y zOe-0hhg3tOMY-VI z*#=t1#hk6<=Ma^OK2$pvA2(Q?1UQ9(w1QE3sVi-P%(RFR_!X(wvpi! zG5OOG9;)nm*gHH-LZZ5|>dtH2(ey@T^^didcO%2|ZDYS=SE|Kb<)9{?X9QXIg;47> z@oXirMkom#+$uS#w6=vO=#hH!M3Pt1Q73s-`p{E4bUQ1Tll-v56JvF|=%@NA`qZ-u z>@s=C{?=_e!-(zqp!26_LI-ubnlh@C$#ooObtO9>dLf-PrBfN-G~shyc=iOUw3c;E zhpUXUjtBlFS^Bl$Zc^>pNdA{;(r?sE3DZvYIz+Px!1OH$CF+1sTI&!c6HQaX^$j(R zSpx?l)iMm3;tK_2NR*%wFOnTc1=kyfCLp!)%y7LX$$dZTjc?6(b@^y{)~Sw?4fbJd zCX_;%Y+1WE=WM@?(3xJdd)A*95z~jWJ3`uas_n(wrhC?Go&BI@T(&tms+J(B`t1y?d7_w0LP&0q8t>%x=ojWNNKcxv8-ra&ii0%$=j<|5 zFQw~4L#1LVGhSmxVl1pb82EGi^0`k9tqe1OdU@j!* z89K`)UmqL~YF=|PxD9wTNSNU)HT-19aIKlmh2RXZ8EgkxNy@JPPXVt5mx6bJtUBj+ zgJ*#EgJ*&|L+xDfdGPa~W?U`+-v;M0fO@7LI_XQ{=_KWUg8PA_Ems$Ta*<2e zGoO^}q^}a#3Nrr7PX%d4xz70708}R+{sM3l@G@{y@GIZ|@T(v@NAjD&EkH?Q_K)OG zfZKtR#)HAnt$JBtHQ>0z3sg3Oo&*0jl3+MKC`X+y*=!+?M>h z7#sv%2CCkF1yuczwm%P)HopLrj?VmduBP1zs!urdx~bf@_Pi(k)ZEAh#N#GUKhCC**p+*h6ZrgJ}c?g{5!bnbV~b*IMI zb9LId#aZt*7`MK2Y6-^a%sX>8-Z`CqXPj!dxx3i8cb)sdIn_{ew_3EZPs+Jr&P{M` zvU9D@X$z1&H+SyS&Z+j=3IBWQj1IPXe(vAIJbv$qn$gzxy8;M@7!t5 zea5+)oV(4rd!2j0x#yjG$vG`|S^T<3TPfSdx$T|X)48F}&30~{bM4NZ;M~i7(lh=L zZR|I6?p^14Fym!$=@V^yBg?rBoZG^=t)1J&xjmd4?c4#*O>yop=bD_G?_7s-Cpve! zb7whsp>tn$?i%NAaPC{q-QnDW&i%-_$DMoHxtE>$gL7{=_pWnmvP@<9w@$Q`*LIfE zf|B`iv`|37RPL`-kMh~br~BW!N(9Xxb0EKif~~w#`qyyZT0(UPUWYJ4=S%`N3=5k)h(PEnR?4aeK%G2??$Vb~`%d17EjRIInmY-w+AvCsNw zrc%1Hz7ni$Z>NQ!WX0Z_n2I#E?-AT?!9Yh_=lpT(Tqz&Xt?}}r=x#$w$p+wj04i|Z zDk8FI{%mb4u?avs5t(Ktqp$7l(yy1q>*8oB(gM{%?e9=A-z@_3-ELVfWbhYO zi|++h(;o!&$RC0mgFgcG$Vb3k!JmS|z{fzf7ryr%Mp1`=D!D1(RB$S&(mfQ^=;;V> zF?b|+0!VKg&h(lDp2~G2_!&@ViG2<{47>=O1u9+ZB-WbXQ)gIRd`iivR>IJb#&TRXR%bEBNw-#G~qtuYPc zm&`uVlEg-(qz#ge)a_f?QweUv+Qb_s1V@9?$@oCsmhwgX4sHWrQ&*J@#W)^ze zsE$l#@${N(dTWPvo3&4FSdU^~{5>9)entSky~xU($paLCtAiakNcNrTy^b)9v5rLey9^!(T*An(R`d`xg?e zDJ;cIiP616Vk#wrB3ZHGJFns)DuWqotLBtI*nNbTKNy&v@;+E}qx%MVQ@ zqd8`e4B$^NODe0!q>i>ZjT{@@F=r07TD|KrbTQOOq<&X*R`pp$tzE23&1EZ{Nesrl z$cY)-FQUBH8=IQ{CGd_(9W(hVNJ~fCtfthd+IeDfXvRFMztbj9TEAXI^Ss zmiF?yCU330Z7tR7ShiGlX9%Rv&b{y4_S7m1Z%DM! z&pF4Oc(_~2ZgWnvh!z(j)Ts|bYE+qGEmjPReNgfvvGvmd$vd@pO7p@l>#@Y`W$VeI zsWK~aS6zYX$Ub|u@4Z!4pvtEmZAqL-ja8!pF2l>Atfj)V}no=T0m(dZJ^S( z7*q*AN#f0zoV(w90(X%#7oB$iW1#?KjXVtdo#$t|SQy~?SX zvPK}~-?Bx=LoIGf-#ANYTR(Y;T7*hR3X?sqxq0@4wkFgqGQ}U03NU3yJzf;UN5cYZ zYgdJn8i3{GX5Ikq$L~rcDEfxf2>DVP!qRkg!KPQc72RU-=`cm*rrj&&b|@ryRDKn2 zswkwJC|~Se7a6XNtI7pMsybVx4%J7mRhg%TEPX>p8KvtaVt&T84K$?5>>u3NAJzXe z2UWj;+l%!fwF&lnhZej#sE|vbG#N(cx!Q|(RYARTZ7p0jYvHn$!X6XjmPL1^?B~%| zmp$PeE4U#PK2;oTrEFj4Mml$rbJA1n8Q*m77Uy1Y?q%on_J_qqZ-1Cyz7-p}4Wo^( zn>wd8NOL#LIgPuGQ%f(7w$;PQq;^sqmuScPo`uo2{19k(Ni|o62&P&BjcIFHG`zL- z(bNczv_!B4qndlT(S^k__D59y*tCvlLnCbexf18u%LgwZTZj#X_t zB|9ly*0{Gud}y1u^>B|f(*3s@csj~XF|U@+dRI%$TbWRi1rivk@ph3=wYwmv@TElQ zI`vGGxK=wVZZY!^(=<(9kl^=?hW{o^rsyR;jhGAFGS4byOx!ca)_{M3{c;vL;o*N9j%j>J8y2USKCQK)J9;+)kq*{r6?W;M+?)imQCincnPoE5oO zoO{hV_Hl)~b=l_8#ygqLo#Whc=dO2d_Ei$$_Y;Rs6_b_eDpMTTP37*8Ld8sekl~qj zLz>CQwU6vTvu$pl+%$6~y;S{yHL+d4iO2frTcB_Ulgq^0m5N_aw@lrU0hwj0Y?i6A z*~iI@y9|HErIe0>Nrpjq7%cUTgwz$KKyHVW;6sE#p z;GdnH+H1Ci(Mwa?)cI}g9gPbQZd%mRc48Rd*uY^rgRO8UjUCi5)O_msNn=XNgCb_8 zJi1Enp@*4NedRAXRt2tftW-$y-)GIcX+qol7GB{z(LJPOCe=iJzxG=n6I7Gwe!ksH z9NDxP{9NN%W9TAvNn}XiY6z&4rjpL`r`R1RZ<8q}O)s%&WTE&ge>&w(I{ibr%fzSB zoKzL1ZF)Inddp3*RSGQr>P}SiWfXs1OP7~vj@QyIWJVB}PY28hl>Jc|OI@j){(J>> zMCJYmP-5~`P<7}{PyzlG+yi_I9078?MOa?cCO_4c4?q>b8Pq9z-Ap!n-Ap!HfH3Zk z=*|xIFzzSL{XN?1!pDHj@0NsM?zWA#lD1Pu?iA~TIf8m_* zw9Jx%u%zm~y_coyDGQ^apmKweBVwoVHYkGvroDO(TBN)DaGLI8_+1za}&MJG- z^DV0sN)2LiXurc^68OAKhXjg$Rbg?6x<)+7Yvt&ta?T~}^%&kfyTYsDPr%s~dJu0| zrWKeJRH{CTg~Xcnso zq5Y zUekCvaMNLWA~d^r38xg*DAt?FCC!+IDg2#cM0gngI0#61n0zU;_08a-KDCaaeX543-`=WDSa_&0kzUJK1&i%%@b!t<1n!vO8v4K85V?XDnJ2%U@ zdz`!9x!*hYs&j8U_nvc`G52EW*gV=w*-p-B6Sl?WQ0J(3k)wu1ztpM7-Q*nQ7P*I< z`>}JI(9PO&2Si&b+s?Tio!iH`;m)x|EBa+~R(yt}x-^i1{E`Vh1sAF7>)mKmkaGJ5 zKW&%VyD-9$A0ml_MYn0-PcTc86pfSSX~u3<^No6vnX)1;Kkbk@i)LOE9ckeZs>*I( z9hYLSlVUeS9`cza-tYBpHYH3qRP^IM(eeboA}W!nh|5gp+C<=+TQb z3f#K*Bsn=?(q~U2A2?Gb20y;Tj;K_}$Xo&D#+9}jJ@44iTFV<` zOhdmQ_}(_?e0mT1o^V|gRIrXWEW;~z1qNB!MS2WQnR6GkxdRz}GX5Roq_JV37H-TG#yrhzk1aAWm0>1@L1aAkYf_H+` z!23WoqX$9d=8wP}d>H&R_y~9g_$a7K_A~He@G(&B^%tOu_Hj_{`$_N)@G0;v@YmpX z!QX(P4T4Gsuk#`0ZjUzm@Qye;dRn%+?A>^`6s8o7)7*i%)61I1N$)aFnwD|%ojcDt zX+Gu-nH=4H#kn6k_lR@9cJ4XnUUlv-&Pgw_=SnZKXYA-4uOvopxO1bO<3+ycmsj|r zyEB~A%Wf8)K1XcN=oxLCU+bI}Pt9F}b6Pw#PA_hn-(8&>>)ZtAx|8G5PnPpbW&=_w zquM4@IRmSbl(sCB?tfp^CC-qjruHt}|5vzgtyvn!l4q9`AdD3{%gy%Ay>4szq*mNtc8$JlHW zoIFFkw+%{;(w9Q0>7zWG*>fla#6yLMjP$H7o8i9uL0l z=oxhx8tur3^2EE0*a>PxuCm%W`l+RS*I?td@r?Kbe;bQit=aX+XFb)!@O)BfhAx{C zVjq0lghfp_&R7!<(mCCi?Ev-8N;2;A;VB!F$98hGPH_1~;O64He&wCh_k+U~bWU%E zo8`kAEHCUV>Ku7p)j4_Hv3?2V9YMJB)lw#fST@`1WFD}16e%D4hQSOqrf5H3~($s6Fd}b0*?ge zfJcGzz!Sk^z|+A+pk@G?!L#H2bHQV|Rt;GUN>e@#l*V{GsGjNs@T=g-plZ#j;P=5C zd=Oj${t!G3d>lL-d>T9hd>%X#RQf*){vA9U`~W-${12jOm=4l#)C&U8+%Wt(5=_ZFV?d*dE< z?osDnbMAHL-gl117X8*oTU|ELx!s-P1^ei3rgL+gQ{QHBImtP_s%_lW&fVhNx1Ia7 zbI&>Vj&tuj*PEWe!s{DtrEF*Cc6V-n=hO$v2Osiu?j`45ckXY_sbjNebdNSZ3+UWB z&TZw~Am^}j8vRT4mq~p@W$&uqO~2wc$>gUW_ik?BPcWf(8#!wp%XT9;RCe*g#>Mko z{4?gT5l!fv6p_?f$Zp0u3kl%xm4Kkyt7}nk8u{h#+mmAIFGU$Of2PdBJ>IXkn_^HiDMTM$odwS7`z# z$zYt?yt#YCIn7=gCuwKylz_MRE$5evwXrTJr6(8eOE=P+rZRelG7Ewv18GapX%n zi8)nkV$-6=`OWMQ4q-@{uts!D2t(PI!bn*upJg?sd2CbjT!y-7++2?jsy1rOmXWK` zyCs-|sColC4}qool!AkkJ2jT_BR^_mNjgBew^uf4s$XGtkbIh3Rr1Rt&wE2`?2qb% zS{MJb+akXUtx5G{S8#QZd81sR?g6S0=$XPclfA*gT+`0O%LI(U^5ISln`z?mSuTHXXQdmWBMrEkmIxt;-@0I~%s92BJRRd?rrDsYX~tUr~_ z`cv6T*&6&cZtZB}6;bDQaE_QocN$ZgUyUEluNFRx`@tQqjgmYt@`=xVFIj7PpN~j(@O(r!BNhmcqxz#Og;gd=C zC82tSyEcpYp56BQl@h8K_uehsuar=FPSPM#_(cizJh3nKZ;G@0N}GD1AwIxHZzDth zHu{A2rsl=^CTnN;lm=uyg1>k9M%IzE&=H~kv7ma?jN#pt)ZUd5X3Fio-2X}9l%>VX zQF_$q6fBH}AtT~cm#%x%H1fO@vXWq?Caj(Mz>(;?C>s=9%=eMhh2grDvCPKVY(`Qm z8y#vgPFDJ7WO8{)Se+>S_HNn>cx`l(0+PL9>qLNsoJ~etqzS+Cda_#Nq?tdN^AZdcfINeJ-KyT*mKSenkaE zk}Mho*GExMbh3eJvyaA<>*?*TDh)?BByTlpcs)H0RQ)c_^ZkV5o1n8t!M#9^C(4!Y zPlA%7yvCkS0iOkx-L#t^C0_;?bNvb^ZQ(WWJn&DT>eB0=MnkNsh0)MIz^l0C#rOOg zkk@eXuYsr~;n+21nZkUXu9c@81(yE^M5E4s3a$>m0ImoA7VHm7=5z-o3mzjpjfOVm zTDin=VNp8EX3|+U`vkCY{kS%6K(y6mTR2C56Ykb!TI)1-M>sd#xdqO(ICrvhr#h!u zK!w7Ko6gQ0ID)Qaecrk6 zICqzGKXmR9=P3Oc7s@?8SK}j#A7vW3WzklbEq6|WL?t6))n$Kmu9Z?WckR(uJ}77uu9C5Spgh{>-DrA*ib}ts(P5IU=V?J9 z>Jl2qo=)h+Po^qN`5nPeMPMeZ&#A8uwWZ5(NLTeF)rzFIm;3SLy0TABwW4!FWcBbuesFl_UwdX_YX z7pJ&%@S7FK&EoV#)wuHHbk$pL3mfMy4jmHCR11gkOGf3OS}3(?=ScpQLt+$}zk$Rv zdmG#VX)lUS zQfm}XpQ6zXO;zhzF5lup!3t(?x{`6*PiOmF&tFbe~(MKs&Bdr!FDy4%^=jBGp3c^_KyyP6^49z9FQjW=pL$c^h+VEiZB$xfw+ zmep* zH=;jIt*Oms*YwJ6WykJ=e2HaCqP1)7Xpdsm{t%^KJ>!Mpp*MH`e9d~Cb^K`U_2iY+ zhGHqF@nm^z%O<^SUh-2RoL{hCrB61868u`$5XPkXI>F=NUiXkkuTx9E7_RT@ek;$? z_tLHHbSzBYX!MUSsQO+IGOI2GrUL8}3Po#twk!F$aNkxYH6qn$K$>2O2&6(eQ&jeo z?%(5q+W2xp7=(w7FK9cJ{Ru5qsn>(8)HbH&_Fz;zwBLy~a-TA8WC&N^EWaXz`4cJbujN_fB5dX21S$|?Jenh|52wS5^ zj+>@7oL2L7d}}Qd^I;8qeUemqEb83Fz*5kM$%c(qEA5+u7>jY<0 zo$n+aza|FnWTSXt(LUy&9Mrx9NmrfyWL35D!wesUyF2*IiPl*-Zn>rdJ@hZ6pz<48 z%Nm%?s_onTw6*K@s~g#~Pv7o6)SF&K*4D&%i8Ldj2C#Mrdb5vR!F8bjhD<_8V7JJnS6ETKi6$* zxS~k#G)h06cA56XN3|e{i8XL6S*jnK=-Uw8MwstH^O2^YYUG+itdd%O9zX~(Y6caW z!}_5l?UwpB>7_ZBeIw6t;JJFLTR@2p?Y-U#{0^vHm)d(h9DJ&~?SZ#1Dd3r+{W z56%Pc167mn2Q_!X4&Xcobr_>s)X%`Xz@LK;fKPzG0G|RSO6m#!S@0RIUjTmtYJBx9 zDE<0*@E_m{U@x?e7r}MF--6O^S!v8S1%C(DgMR?G1z!cX178D&fE;I@?*+0RnGXj! z);u2rvMQNN4}Kfe%=LSq)`n>rx#l}iSn{P{H}KP7cknu}1l|OapSf0sR|oF}S;x#D z1p9$M1X<0@e+KpkHIuzA_$zQd@FkFP%6Y>q9K5UtS1D+n)exFL?_%3RHZ?f;o5?xD?dB@-x6z zkmKER-ap7b2VMkz0lW$1ovr*<@FI}9mwgFj|34qOvLo!T2B~8q{8zwr(R|+ozY70% z@J6tfx~};32JZyxK#u0lDGNGu_WXhOfE$C~2g!5PD)#Y$%DK`0)P%H2K{mhJI;XcBjT`CQe$F*Hr+(MmX?D@V zTjHGN8I99Cqq)1mxoRCOy}C1LsrE2 zsm0iHzvkS-&OPefo6gZrqF-uy^t)EHany}-jEtkZ$Cck6XI?EPPzp6NX8sOTu=X@Hq> zp>i^(s|mxDX7E2cnUl0aSKWLPTiVUwipQ!9igVa}ydjs9=RlRs^HF-Qi^Q<`9ocMt zM>acT(6~!+Z`?!CX2(w$_l|S#ySq_qD@2-9P*s$Z%IXj~Ol$?q3q_OFgzvO6%?QO8tnsjkU(u&$r=gAsnfI>(uFO{@f-o^|R zch%rI(;O%BBzl#3{;YUHt$e=ofxXLotSU^Jq{rdpMfM#44fXcat*oxLYL9aaQ10~U zI<=B71a~uP`egI?4Aoh#xK1W79986ioh;BtKmdY3R+p`?C2 zgm6jCG-7cZcYnp4nLa-F8reNA_~~0yPx0Ksy?^3HB3_~@6v4!nmUa#4HH+~&9;CIQ zF;iPs&u+%?dKI7HyPEdH?7+TDdiU)>;i#XV!W=<70iEr zNM0>`C6ZM+c~r$fy&hJTP}Q`5m(^5T!jugf?p99ZtLkYyuX_?$VLY#gR5=dCrKE}V z2&F96Nd5`@%A}W{?7F;>d}z$Qw2?flKWS{4jO3Ymkli38w`GRWV@Sr01a}4x1l5iX z235@u0Vja^*ufMKZ7G~yG7UVQYjmbCu1D+1Pv=@6N08i~4qgw=1hpevyeivV@MiEB z@OE$!sA_x?crS=`z0Dli22fhZL3ce050ksmb6zm3`2KENe z0QUpW1P_eYs@S?d68tRK44wmOB=ULiv*3l`<={o&Rp6!IH^IxmAAmQ3kAt^>PlLCD z8n=HN{5|*`@Xz4gpyY}2=bzv`AT2+;3hV*i53UYA0PYC>5Y%}6A#fDE$|W8Bu!R>!n=;xvn4?zF?*+$rV8o$K7!ozr}Vxl`>i zck1=`vKGBR#% zE8qY7nOeCvjf(+Be9NeOf3#j0iK}dHU{mWT9{s5}$!{yadmH!@Owy>v%x|6@_R9IT zL&-s3?4?(+H>9*Oz@ZuOn$wBHbzRU$loLtAkljpI+gp-?W@DSRgKwoS`L>kGzxm$C z;=+oE_MFMLbP35$@;3NZPAA_f*X3Iq?7Y)Vp4Z0lHuB3{lCG%9!3c=sZm1(n;TmaF=$z{)@~LCqvz3Tlt@<=_?|s~BNM`759@;u=sr&~@Nm;8($eKt3!OKGUQ7 zhjM*8I0L*BoDJR#&H;I=C090F2{wawfl9zz)I)m(%C+L|H^o_gwP!`kJ!X;=IbgArrl1Q~iw|k$ zYO)eQWNOV>Sv}3Qa@TTw&7ka6Z^9`_YQkw>NaccG5+K)w@cQ7!#8V!wwf>=8E=CZg71PCf$xD=fx7?AczqLCSCi!rf#@ejGV4T(N9uopEjM^oE6PH* z7LOSsGnjN=GPqB;YjSX9Z@B60V4HSGvt6w15n$R6rRSVz!N=J!rW(Qn?P;`IeO?(Q zWj|FEH;S|Tp2<(;W@ZJor_0Tyl4I-QZPVa&ZqT5V;-o>zZl){kO~O_x)R5q0T($-I zp?M;;fD}S%4N9%1MmoRfruu*qjX7GP!^Yl^w* zGH)q_*8e1tvwlQ2>qlg>^-trp{%PFy(N>oYac+WhlbvgIuH89O7(%HFr;u5A#42*P zxVtBulO!>BZ#wsP=QN3C@moLIO4(M&~ei7W*5U+%)OK?M@$_ zd4|{&`y2U@MtCT{hZ^`3OxlHR{Y~}gPnEPh`b+ASjkqRK@i+2zrZ}3Bs#dv0@kq{V z-YB$wwLRYl9JMID0wuGphg2yuBu~@;(z=$5ay19&MbO=-h73H9Obl95OKaMe4=4Am1W~WQ&~M8?k59 zM_YOK{c>WG%(7@nb+|Z|yR2}(IF`GlaKAW~ySQ+_IF|cD;eJt%IF{HK_f;>$kK(Hr z6z^`}PcYSbgf>7%8fa(IM+d)b#1}AcT9C$c*Ja}}xuM9qk>r+8yW%5shp9D2=dMbDhcp9i&n+~cy zo(@XN>Af4%M`Sa7L^gW^-?+88HcnE>I7ubrB#VsO%eljxJIcBF&Mk6oiF2nrhlUly zL$`|0__lL*I;YhVd+x)|NrN%&S?8p|821n7w8zCbt&zx9%Cs}fxSgCE>74dxnY&5O zO>=Ipa|@ii$hk|LyVf~oA!B$t<;I@7d$e^eh3kl=j7m+WD1|i-A(QS`N@3|XTE&t{ z_lu_i{L60p{mRjt1e4y(kxBlGQux=TsHmGM&hpzE{6RzT&Y!XrZsx4nRq19DoHmyF zS9Ue3Ns><%S{(-h+yVDtMX`jsiQ-p-G|`x-d&rrxnw3IsHnp{tgq`f^59Q6uM zRnlzU@K6M|Kjls=VNzjMZ98*4z30@y0mkTEdB<<0{wwEg;?=3r5c6xy24}+)> z^pV+C1g+52GbGbWVD!g(tn$o}oE;u1}ckcJj zz3SY1&T03%LSbHze!;?97HwVk5Go^?B&*azNIBI{xB3?DtB0sO(W+FqU)e+OU_T8s zg?`oj5I5Vk-n6zMi>k3v~lFYTp)Yc?%WdW>Nvvc+{ z7v6e+89SDdDW%oRI^`Uw(2FZ2rOLP{DW76KOc}}^m+%QxW_I$exqc3m9{dtG75p7| z1o#T5frWTUOj>kUjYV?`lJc+M+3>7L21$w57uJK`2Ooz27Z{{8daop9E%+MP1N<|H zG|1lu+0Pl?`{B*wT#bfP*z)cmnq{u`!CsCaDWAt~l2SI4l(LnwKKwOKb=o*qmm;UN zMdNmKZWrgKId_C}$2)hjbC)`&(Y%HCHRtq3gK?6NvejkxIQLWMe&O72os-NozrBz> z=C>}|N}1kmFm5B~mOFR7b82vJ@%uEtWNwR=)QlvZdcn!9^t-PY?n^r9tXi3#{Jt7& zW$C7UBQ;UhDV*yI_lx^RHYR1oZ>%X!@_RGCUp2%4TtDTF#rduJsPg=-4%16YjK%P# z>=a@vB~RB$WY|50+tt*7LXeiHA3L|$8ME?_A*Mzxb!ZlnsyNc^8^Q^HKIWQMUJfCg zC0Cq#tM8cwCj-DOaXSzk3~mW(6wBKM;Uw}MK+TE|0kulB54aTE1-ug64O|ZH1>OKQ zfZB*EcS^-()Fj(mA)D>3kgb%d%^LT5v@xwf$r>j~W9~F_Zrl*(#yL09xx1aa*EyA1 zvG%sX$)wubyU}W;-0F9XZer5?t>>0&uWI+aaJPJ4-$zKbSG9Xi;ePS^2wx#~#oDVl z$!{~iI~!sES(^C{wRduhcb}anxTLxE3EpOPS!2`S!9s519pGUrnDN%IW6j`fs)v+v zLg`F{pQ=?S^;sH@Z52G)Zl&@Pm4;*K)!}jvlUAyB2!6I>gwu;?m4|Mh2>e(gsyEPA zJvmg-WInFz`Td1h^}B5V$)y0o((e0`3J)1KF?}=7#nKXL3CjRQ=*$hJ0bX zR>J99V=I%*TA6It%8XMhGmc^mwz@DxGfwTz+-X!`+^){;>D+K{&`|WKt~wA+0+cmZ ze-+!7ZY_STAppfZ1&~sqR#@yW%ujfFMSoGfgGY0q3Ztw9R&L=@Z9g*vV1JYks_m6 z2=-i*3>q!U}p0q&oJI}d= z&M8mTcMRm03>gxPYL|@q4vnYe_6>f&#CLK1LVn~%_~Zco1hZtqY@HE3x_R!x`HSa; zeOyg#!^8YhH$r2-<{=$Td=WO4zMf#lWU%soL#ojYL`8=ujOkdoFoqJgY$ktlXQnK> zRsB@8by(Jv#Z7Ia8rvKFLCSbD<jA5`fU*ke-ZBb*sFXhqhdB~45gSWJ341Z`V_1ZU6Eu7e??bG zD<@1ZQmh6mqeQ4PQ0v$~F!o1f*}IqZ*?UKRXKJm=d6!swk@va6*$tFn(6usa&v^fH zJyg37g^|rxC1opxw~vgwDBdk)8u=LasB`Z*_b=zRr3RY29ipwoDKLpsJ-25tnu_j7 zVC1wf!2D`ofVoq>dyC&de#t2HGO6f4YAbkrfcekRaJr}-(>{7DNJohLU)Kt*S#c|v z7KZxjHj1sF7p-9Aztako9sj{rphSGwR3 zX7hw(z8x)Adeu8BC5qItWzzjh?L%^5YPegz|HrSCU8^tAy3%e1?Ib-@c-DXz0NP2* z@l98>0LkINg93|^Vrq2s^(~XslYqf{%c?yTmhBrm`lTU25DJqRHR9CeV zMqwybUG*_Km*}$KaC*mtww75aeHnV)TrlS8N;HqcHU4)u>CIsOV9OERrGE4BVowy-am)miZg__syF(R7VP_7#OE;tcng*xm2nhDO} z`m>-kPS&f#xTzI9j%&s%;hg3Z!OwI3N$@)GOz>t<{?wKqAuD_FKC{{Cvdf~als)U* zi_S^Il#jYh8m4TVKIYsfoZH{IvCioY5%YVbbHpxk#4m>TdFL*4?hfa^>)cPAd(62H zoYPu_#gEz2_>6we{oJ`HoO{u^-#PcDbANYEC;eDDdPbXlC(XEZog3utSaFMSQKgp7 zF^XR@lBVMIlabDmt{b?f%k*pA-+!V0n(H^PDZh%dE-B2(+&_JQ+{-L6Nf5s1ousBj z%(EsLTSvAuw>MR6?^FGjR<{muND?u{GAYGsiIT2rs_3kf8{6hKrEj@Pn(Fj8Da~~u zu(CKRM8dWVso|(m_My*8r;A>IOppXAKR6{mI7VqsGaX9CbWeo7(yE6CRk|u#5&}34 zM$yvs;COvGH*~#I;d2W7IE3HMKXjE#iB96BahM&uM8}G_i%x-ET>) z{c3fs?b=~=Z`#{y?i#e*V&9h@435xAeC6&+kE*CS!zx@V?oSP}6$r*+!B9(bSs1Z| z{s!NlHB|RZL%>F1p9xAEC%6-H!l%(!1 z03{$7fhy@%5S2z>{tkPL>GgBv;|ZWj{(gQo3YX1FUba$r2hzCfqq~wMPw-Kf{nk0H z`I);tqOByoC32IUQ;8SbDD^TJ#YCn!lGdE)*g|cPpKknw7Y*P~FxG2LY??cNG0k*R z$6_7u&k3p>i<-u@w9lWz$CcaDr&^Tl==gK&>$)rJv!u{&@oq*qKk-IXONL-e^}MNbKzP8w3O>){nmC9mtmss5^il2JlJ{e6>*{R3rxRBo!h zS~u7`@@G*SRi>YfweoyW0i6v>uIXBjJ}=(?5q7J!vRSQ_&1$W2s! z;?RCogK~M0EFBqw-!Mc$8~wB*6%NSFR;wBm_oNBxykGX-Ru78fjb8id#=3MJl8qPR zT7%+Gk_j3V7aMM>MK}#gfgR7QpiaZ}e|0cCgJ;U5!LQ|SCp}gzE*aHB>9NYM%OY9B zXj0Z%un*WhjxJe;3Zq~8{-DpU4sOBywZR?04L}w1hTuNn#-Pez6L3Ee?KG?&Hh?ON ztwH)heG4{>cDDmnsQp1jofY-a_uWU9+Nf4G8`a8I;=C(XV*>Ylw9&$A64yK0N?E;g z1DzY=+=0$9evjcD?%avaebTveoYQ#C;-VEoi;H?g;~sHNdti)v&AHc|)BK+KmCQ1C z+P`O<_U{?@6Xzat?l;c8;M|{_d&9Zj2yP3nZ?u)A;XraPnQfv)bzP=X8cH8$P9hsu z=`e#rz}=(unq}H0+`Xu;hooh=6qBmx3Hnm<#Jd^QcrV zl`wVA>YImEgsS{j->lfDF~pT*xST8l)oQN>rCDABs$8xG)tmjCpY_SIS)VLhDZ4A) zW$#wBmBLr`%$;V7%-zM&MoV<=Cg*N*PBrK)ewDRL{iTfcL7i*YpYUB=nM{5(5<0&j zc;`>9eNs*Bv*t~m-`3vIxbR@!^A8J=<*F1Xc0)&}$RveOb~80$aZ+KT2zHF?STwV# zZTy_k&FsT!TD;N@awF>9kJd5;GRA;)(l+Liqeta+dZ6rPY*$u%VAO0?y_Fxyb;=tB z-oRtpkoEf6ZGuk_6%x2tInv?Y-PDSil-)%?5XrC$5@(08WbI-`^E2NY0qSFoZm!>CM38p4n*gE=z^eKqW z-$zLeLh58gbU*ue|GtK#eUSK^GLRmZaz%m5yK+p5VMB;S^qkI+{6ru(p#GJZZ|sJE z8rtt4RAoB1m1IroGAw1=&`2~cvmIX}H_NgyTV&Z3e#PFPoNpN;xwRRcDFkJ5MHbso zPO(kjQ_w`HQl$(lXP3MyZOWE~t)406@to4(OR_97|)FbHH$G0RHlsww*n`EL%=DZCR3+@yMxS%2F>qCa2VGLPp$H+Sm?TJN;~e(SX@o#pD7nx6{Uj5R-H z!~bOKeR~zHcN#6##-Uxc-eI)fU1_-!|MRU^8CK4&RkmKG<3qPzWMF8$jL1VP+Ywaj z)!qip#*nJedIx}Ny$zsRFR2Wz7kg;EXp^D!ZVPJM##k;N1}Z!i?2XiXYrV2r>y^z~ zuW@R<#;Nrhr`BtnTCZ_xy~e5a8mHE4oLaAOYQ4s(^%|$vYn)oIacaHBsr4GC)@z(v zuW@R<#--Lfkk}=25SDs=Ryk~b6H%GT?Hl~mhZnU{`H>rBWwutKb;ho9K&hFDNW7OZjU};e!Jh&_t?s}wC&Dsy~8c-$unOEHMKQ2E%clELY9^WKd5Ml zow6Y{!aBtY0ns;f!H4&w5VQTMuIf7Lb*r(nBk5~{AVIvdqjD#^;Oa%S-wY)Gl% zTa^WBhDxVyc;ZDWg(5xK+L5P}iL6Ml6j{xW$|%9Q9%Pr<2T`$olWY1zH>xiu&~+;X zVnEfC|S##01oB)5O5SY2~>TX3@W{v4=`<4Hq&-xD`j7fck6=Q zYutm*X-3t!r=9zabDyR-EIjrXM0eWZY#e*LBX_8CM>?l=X71XZqfk1H1C<-~{8GhL ze_7e$2I0GS=BoUp7Pn@h#Z8_^9iLq;dsTkblbX!#{D0Zrw1`pJ-in#9vgS5smCa4f zCpEXKO#FYfwW+^U{ZW6Z)~0?^t!*GEEp}^Atxf%*S{p4ow6^U)wYCSSlh)c~v(_e? zeT%}lOQX9|SXVRdht542ZFPLX&cfphD6}zicY3syvQdO;oZ6jirEIcuYInw|e=~P# zcgA(q+DLIQN`*{uPOq6K7x(ZbKaz77l0|0nFhH8t(zalJ^IRtBS!Y#mVNK1)GwNd$ zkJLTMZl;EOOU_%5qdBj5i=G@d;ESWKW(J3feF`z9M7K2+^SBmEN*gEL#~vq3AG9-?G>A}i6jx5mpBZ`s%~8lGUg{mBm&ug3 zl&F8$KXCR(`F&`;Nw~D$_H}BW?tTMQh&O_D;H{vx9o`12e7+4T3Rh5$Rzqd88Y-K< zabb6D_T0GdJExw(xIa4gXXm87S$NXk%-tEzvG*);7ddx{bD9@4znT{`zsl6N_zmQj z%vRB&RLB%-==bnlJnJL*L7&b3Fd%s2Pd>46{^BNm`EU&928}*pR#R(OQQm-BGMK)a zWhWv^QA-Ahjn2u7k%AV#bDkt_7YhBa7 z1oK_Qu1)m4$@MTJ!(Wx(`Z((W?i~4bDL`2zt5xHX&!NU|0;-%zT&U^DXvzjiO zX+FkX&b4uOM4Qbr7^nJe?i4TMSh0#+eYBOban9)-PILE!bH8%#ch3FMIT9Yj>mF_8 zxxeK+HJLBsLnh50sP=c`S}ld_q{Orc(!!tptFiW&%E(% z^XJZQZd@36)m#)|zMn30c+JY1nhuax;CcsWRMX=5ZB4U>&(dyf>X^OEskCvD!%Djn z?GH(zOq$o&)^u>o?536WDO!ySVe+vLI}ccRzzD)H1HXKli9(^q^4ONZS&htJcJb#VEi1t zY&UX@wzg{L4Mg4Z_DsTR?3?O}A)6z)ss6peC)IgteQ3KhX>h&db| zB(m)dP|h45+|HpHPay~GRGy`Q`zK7#;J<%()&VV+ha(oY%vum~{g=cg&B87~I*g~S zOdMb$aQ6^~{VA7-<_)#&T#1T(dsX$^n0v}-#aN%Wt*&-Dqe2ZQ-7Qxqt?lV4=}s5b zM(;MNh*Wm{E6YwISp}nVOE)UYZ3}LzFjQv!vlW)vS~yeL#8idyP)e0Y%D?_ub^b|A zTc5}B68CleDVnp4%GPJ1&X1&SsJ*{VM(==KBSo2>-EAhS7pTm+3RJ*-Ks6Kg`{t?; znv+z1>CZVDa>)`LfZ1HkFvwqQHB9jMAQ z7(5l^dycs((k|dQ9iaB< zeF{7T%)ui-zQ-EA&3hpzed|l0@_7kAI}=1UI}=1Uv;kZhr}Zr3KH;36Y1{%Q$Inveji*JNFak9&_#w&S@ogiN&Qh`PJEX#_jFgFz0^noK7b)clx-tY<1as z(N@Z~bZ%Sc&Z9M(yDvstDZA3SuQ+$Rb9^5+J_Adq`TQf`Hs)s%7i=ugPpBsEQ@B6s z7>L*-tH->urt|!T!qoV48ozTJ_!G<$bjO8_^A}YwV@rtFB2BbEv3hmYJ3a&*W>4>P zlngWFImEOCrq%7RewI3@lrB9%B3-pfqW%~ZF6!w4&2#Jw@RtxB>Mf2no;Bz$qgy@G z&_Ao3*n0zEA%#@gnM^sZS`*tS&NL{&osz4!XcaqUSWLv4P>Pr$Yf+Wt(m+T?QPuT8 zyUd#7_4e^vuMW9nn-NKY%17(Y(mN-Mz^qnla|YDhAko$YRsQRM3Xm1wFn7Q?HR1Hk zjlfCpoOBybM&Lw{&{EH)KG+<(Y&M53TPgbvu8q4Z+Dh3Y&i&N6cbt3Qxq}G7{Em;d zQuagV9&zqT=YH*+c1)VzSDll-YMk^{*~ZC#%dqWY@(tBD7DuY6(a zq>h>R@V3xZ^_KH;;PmR{9l|LcsWqq@mx8m6idvdjMI5VjvGvIzn^2g+NMvPggoT6(SXd9C$A()XdjFh5HJqJ{#Ga*Ms5}vvD}KIR)8lq$OKPyMV*px=h0nkI{_=WIylN@uSH@Z@o7Ga;td<(5T56nXsd1{M#;KMXr&?;9YN>ImrN*h2 z8mC%noNB3Ys-?!MmKvv8YFt;flmZDx4PK@wOYg>aare0VD0epEx9;Zr2}ZSaRMSG< ze?k*ZIF`G2& zW;=gU!jtgT)PU5VZeFdc5>+jK*LL|kVU;y|4aBNCh9p+QUK~ZXO88bD!cmbp)po^9 ziSQ&;%49`X*GUbjVc^r1Ojg+yWin%*P}>KCiqNj0YWomSwVg3huCf-d`^fNE+hw!b zE}PYM<5b&?Q*Ad+wcWTsI`?Pi*uNd!X^dj-#yY2wf^ole?kVS9a_$x9-gi!Vh57w& zw19P1)B>h`)E4j&_F@O?{yQJ%}g44cvzUIOoBh9CJBCZ1R4QQ zZ7}HtBFX#pxR(6W{C^rFphHKcU*iG294_r!IhIU?9qs$WNq@amr+8SGP#I@?0X_5` z@wuw&n%$CFC)WKf>@t(|*L@^ z=IS@7$KhKJcY^c<;bbzE@AtS?Zmxw=V53agY?LWmNh^rqZe2Ke)VODydp_DqnP!X3 zujZ@F-R{oq?cAfz{oJ`{oqN%_KRfrPbG>N`_Kd#KRvu-h93Vm=XHh;X#;Nwd#cv?LWHgqSktQosTq%DIZs)?>OY$S! z#%n!mby2af*_T2;AhD_lBylafnVPPqUec^ga-QNR>AsSAkr4{a7Goq^*=V789PPbO z020If%R^4p9gjqXe!W#9L8VdhluQgWxVrT`H9`17tPz?)wmA*iOnZ>6lzkpo#$6a~ zrR-kk9&m0Q%FW!ZA8jSQ#~8W6&MDLW(F7w9;VI2IVgO^iHNEPrARxb#kV=VN9nlfmhuh7w#+X?Yy#ir z_iL}0PjVWg`Pb!$$>RL0;;b0F0B&DZgZ67`4nruxlzis&Y+An4Y)pk|y)bmwo zkiJ@xTwAW_iIwlxm3OAtTKfn&V9rEMLiv<@Tb}7&^iA5>AvF7VKT%Es=L~9tB(8jG z5+M1O-Ha{sYvC2&$AyzhrMNPDiGup+T76|f*JjG!U@LP~QJ6K;Ls1mo4pCSG1=u!E zNd05EqUI6=-SrZ7HSAd;gB3+pyA;J#1r@Qh8l;zuLi#>IVA8f9P*{A);8140+i62r z6X_i&xua_K&0eS}g+R48x_pG4#cmAe)TgDNcS9JxiApV#Bo@h^1@3&J)|c8jm6H;> z^A=FgY$+$G%ilUg>aQVTe_}G`*6^Ia@tm&p9c9A_@hNFka9g$+jJ-3!O zSJ5;k)RvPR^D{+Plh@korRb)T(Uc3v@)Ow5ew(7Y*wlZyc_hE)ZkKE`23R&7Rg)bo z=TxvXFTjEMIuE^h?!oh$J&(?#oEVLf%O%>UZ6W!ID89$lgLS91dDBYU8crskzRd3v zltC-Gx3s2Tc3+MBsWzuPyBimcoFFqgREo8o{~O^<4E)_Z=j9beN-@{)g;yvswT#|% zodQ=NQwij-5I|bwI5bW%lp9?VI|@TPD+-;t#K;Od^R$&L_3=Rl@jhM`yC?#y#@0Xs zV^3PFzWSz;T955_h|Nv`sM1HLvDoEQHMoI0+SC!Mzg~Y;bu+SDrBk?-e9&9B!MBVm zhjfuPyY$iD*W-14yuWU!+r%Ya&xqG)H25a&2Z!u8kCM^ST}E;_F!HpITs;Ej0%wp9q$~lR?s$Edg1b)w*-ODR>&VC3rf>+r`=Ez+J#|KsAkXLC&?$XuJ71@bjSF zHTn{$o!E-k43K+y3pf!x6`TSRMuwXlKiN^BzRNcqyatrN8^I>jHrx9lTPf>BE*MuAZAcsEc6IJ(=Vm&0oO35Rx7@kw zo%?}v4?FjwbH8(rS{dV_vatA3lOi|JIZ_|F(as&>9C;c2l3UT;eCIyn9Ay{XQ99Ax zrOw^&obuP=@{)6}IJXtKX!)m8AI+Wq8aK?j8P3gi?p)`-;M^6?UG3aAox8=kC!PDX zbFVu07w6bL72~pAw6Q0~Irc)uIFEIXeM*s=;oNNJE^zK*=f3XTP0qdG+{@0r;oMu! z^<@ZVd9`M=m9mYUt9NdYbAz4R+qq%RjdgBe)dx2W9uNLs)@n zj=L)jJnbj`aqznbs+>NJdMKkY(>1k<=`-BJl8LfJo>{CSTIVz5lB5h6D`FfqS^Wq!c`(zCj+WFYargq@X5cTlk5(Ks>Vcp%>Q8{usJ91s zHY4vWZvfHR!meP2yEE7Pa?Lf%{|InT@W6OI1sulpTyQjaJh&ftDv0)->n+2Bz`MYQ zKxu94-_3ss-UmJhqSFPbX;6X$)A7un_D z8sL>6ql)YrP#X5N;O5|UAftxt25?94MvzfKb~CsKcni1}cq_Oc_$^QxH*wA;S(G(zoPj z-@*TV;G?_V)=iCF%Deui4y+HKaJ=#k8(sAVWbZ(4ue9t)g z<;%s<-Qmvhb>hf1JNG%~&U5ZN&fVqQBhLNQIo^MW;nhW3N$)O1ZZqeGIXB8V>FAa( zlbxI4oV0bzgI4EwYanu8cJ6ZLZgB1!&fSf+Y0tPf+Dh4vo%@+{&p7wIbFVq~x^wS4 zNADctvQD(sg}u}kXCe?Z^VwiBtl$%iu>mDObRPo$Zyll`4f!x&G9NT>rS1g!698eRLsn*V&9xiIg<~VIp`tVc@UL~ zwWh!&F3hy@Rl@C<=PFEhuX4jgn&8w6a$!;{DYME$GZtIv`*M6SH*^43)z`Fi(~LP* zp_D_8%3TUMm6*awN^aNsrPN`YGuyh0eH$qQtnc5S;u|^ouVq6 zy$3FveY49rR@s8PQfRHlXUQ zjUaMAcaB~*a_>8r5nuBwy+XD+%|}M=N#}m;-0z)JPi=ms3!2~eoa;pv8&?-?rL5k$ zfzC+=yv1)ezhqjXCAAAlvR-g3w<#(m*=!olpbsI*T99Oef+S191+n`7izM4>m6B{flE3c9m1N2@ z-(tU_eK-F#NmeRIvR*5YWT{H)ewUI=^|L6+4nz{skaYS{uJQIHP?8L36(rd-a1__f zN(D)FBsiJtaiHq?(V!%mbZwJlvY8~4%_Ny|l4QoIwHhZ$W}GCMagt=lNs<{SNoJfR znQ@Y2#z~SHCrM_UB$;uNWX4I787E0*oFtiXl4Qn7k{KsSW}GCMagt=lNs<{SNoJfR znQ@Y2#z~SHCrM_UB$;uNWX4JUC~rQ^FPV#@CH1{r;kq&O)K7x24vKnx(0q+7)&B&17qBi6k8Sn+iP&B;g*4-6rdKOU{* znJFuGQfe9?38C;2ij+Y~1yZ%#9@p*Cc*0S=tBzkfjkHc)nB`iRihmOILNU}L?^%KG z$5+9o^&1hB625b%IO*EDs=a~-O$1sTORV~qEm$QcbJbyww|Cw-pzdE}ijSjSsC10;wj-deB<7}xf76Hg6 z3vMfECfca9VX)B-5Rwzwk>%mS(Lz=%juUnYRqo+^^<9Lr)3hQWE5AqhPGMO%Uicy5 zenN6Ydfe@oYtVc*N1uH^8?KbS<(y`%Lbww9@&}*Zopx@jbDAZJ;Xdr#xz1hb9JS#Vw0rJQt(>)1xaaHA)bl)=znkmKEU-5VK#Ppm-U$|V| za+o#>S-WIqOZ)W3wzlPsO(!mB>F()jUmaFX%~5l!$>y}L?rv;vvM*QCBW^-gWIZsd zBA02zh2I>XnM!IcTp@@e<6*Tyxy?gd?jpracf=gn{amLHk zD08??bfH}07ms1t!O%^1t(5mo>if!jh--f|ftfbOCwkg!i-OTM6{%p@(SjR5j}On% z4d>t4;${%@ePYUEli0o_Vtyn6>gp&N%-GB`Amn~IBrAjW3pWxzC`1`QCfq^zJ0Z9G zTOoCQQ{Q_7Gnw`=mk{cX{-c!uKVO`?hlrc({k1BgYo*HRpCyt21uT z=qqIhI)^NCR(s7kcZYMDt&DLWbdEVcOOH7}i%Z)o+5tz2!*LE*DGlhMIf2d3-+mT^ zg+?zPTsXhgMKOt3FN>JwL#{x2Bq=Zn(+`NH|v&W6zC%?UzxrPneHnCemukUfKcXMA&|B{7 zBr=ohR+y@ot6d4_vHcif==57dn)IkP+R%WvuO0{rR-G>j1U+E&HC{IAt|6i+t11x} zh17>h&sfB%;dqT2^9UI~kv$^ZPWW5l zZo(&o8U?YzU(XcPf&Yqa&PlElwuw_+a=gN+*mVaWT zf)+(_u^&MiWsn1N`Sb}&&n95}Dy|c3w6eR$S26U8&mFRd_gEo&Muf~x@95EIJ<*$( zMu-PP>Xe04C`7=vlPc09rO9=>XpB%{q78JzNo`whG=i?sO39eo7xj`>?QC4%*I43e z(P>hna*)Fw5+uza$A>s+H*HEPFDEwN<_5U`!rkZF0C8uSRMX<+k^%~nv@DVUZGh1a zn#MYWEYrHqFdO?-Aw~BCAsXoGLTs<^2zM9WF5FA_eIc_c-xbal5}tUU*B#kt2%n9H z@RfKUGo00)anV=GzUJIFoqNo=C!9lvT6&CzEWI(3KjXHGzEZZ2bNe~RysU*QJE!TW z$c>J^5-Zmux4UyQoSW?&Z5v5EQ@`ZM^L6@B0=TP|nxC+6cj;Go{x>?GES??Y`%2;b z?#o0(8wq`Xt$vm9&tE1YUJXf~B9Sic*iD|e_JjJJFjjwplccZiXgj$@!=uJF`{ojx zs-|Z%JeFD15yME9Y<83epanUabluwJt21!?VF)lYyz15M++#spPtyJKaJk}QB#G^H zSqM5&E!vh&GJW{Vz*%y`<8`|HNo`Vk|FxH zwX`1c%=by{I)nXI@-*}7oEqZt=P}LgB~z@eskJ#6E+{>kKj!NoP0+npMV(&9SswV4 zv~=*@T3Rqzm!4d=ThMSC7#0gZP5W*UBJH4SttTaxPy5=4Z;0e44MAJOeNcvW?#OUq z%J008#tcc_SgrQlRAZ*eb?*!pp4PKsMN600(`{Oy7s9G>5XcI;OW$2?Glk0S-5f%& z-Kq^ze;AHODJQJ-q@?U)SJ!Q;5x&~j9Q_z6(oU13{Y59`$5yIbipDlV&7yZ>+e&At z2^tM&D=L&-OQ{edk0?|&Z|877+~|lb-Y9BNre1IqJ;!^-1k@I2w6!b^pR39-Kp7k)uFUx@v+ zNO-gGNZ~EQCBp9siATM@OL({N-NJi?%Y+XK8->&%BUrQ7@R_}auavzU&(>ytiM|pm zB0~&4If%XzUwe(*IOk?LcZhRZy%)nB=UlsUUCy2E+*!_j(K*J&mcQ>ir}d1H;|ZMI z$HUJ3$+_p8V>P3N(-0`e9pl_~&an#7!X4vWyK`O6eZ)DQY+3$zW5D8G?%W;D-R0cV z&OPJY>(0I5+_mZnEWPWZuaw>F+%3-C>D=AU{nokPIVWN4V|Pm6gHyL2T;+_wi(-yc z2^ROCNpZH;`PK%DmubGPV`@`(>&cDXEp7p!E^n7bSCci`smA4PEz{c?SFfJaJm65B zcaZ-cBDSUp<7B~E2WGFslIvt7raRzje0KUgvZwjGzPU;%X^ER$zQ6t{^#huG(`uwY zY%Yv@8eZ+5(hHH~eRx)p_k3cTeC5xd=7&7kAIkM+O>)Vc^O@{fDp<}QEX2l}BV;Cf zu29$D<5m90;&(8LC)4`R(ygX5#I|8ff)swQ-T zI=7mvRdxcSj{X`O&yr6JAy>qUrUq8oRJp~}RMYK}dc9(QGBwqzw~$gRHrEf<|J%)V zQ?+MqiyKvQ)s3bX47j1;S$;!#`z5oqU;5bj`XyJb^`5WR$oWqQX}uQ;X}y;SX}#*_ zLhJpMkTTHxLukF*tKO~k;moA2Br=X8^Odec3{;W&pY);_jparcfCM>m|cG=ymS zquQU--rC)&Z#TTBB|KQZU&SJ2Br+}rwiSG)WBB@!y%NTylb%W0AR+^-b5hk;B;C8Z z^UiQ}{kp0~*yGd?jtg?Uqa9}F#yT(R4$7d|^J&yrCYpM;P~#(o)VPu; zZz0r#ZqOO^LdtH8kQTuFthE4q)&lUAvJb_xwb}oQKGP=_4t-+b?(uNvR7TPL(dPN_L9akR?1st+ae#;^#|p2!>+yc$3U%#^4uo2o+IS9)`QPl557`ZrDmLZ zFTUF-?)%YKn_)p2_ndRIa^vQyHZAUg=+oq(b8XHI)KZesP;4nDD0XqasIsLT(SJ)} z!_l|jRG3}p(Jh53n!_5|?PXx2Xq2*1lcl;NH208{Q@S6*V5Qwry1TTg(S>^n(OvrpX>AjP-2W2& zthM2@)`qWyr4-KAVj~5gwKfY!YqM}Kc(_-bW4)_|V_wz5o$uU5&hf;=!rkCpwH7#5 zDdSW)!4;oP@J8A6g03Qt2A<)`*ooc(Pg|h*NL$@mG}T-6?IjGGpQxa#4Hx;QkZq$# z7R}`kB*rP`aPO$24p;MV7hE;aTNv=5{c*kR)Ti!X`%@7VX}zsD*R>1|faN z*M#&PHwx(@zbQmAz9pn&z9Z!NyQ+yzl%H}j7t)pJGVyy$8wGMox z?234{HoGSJO5r)9g?q%gu?lS*V-tL(>;UJcI7hBt)vrOnkF+_aEO8I1kFQ=U|y6#aPAf7s?`eG1jjjC zu~tgT$*h9hr8t`^{OaDdBGnh(+o`Ia=?L~!Q?IGekORrz&I*4;UateD-Mgmq8LM;a z*HzQ#Ztk9(^{2bZMPB1m6goM|f*PmG86U~JVvXM&Yy4+I+RnW~%IrQNHP4zSt9g7@ z^Z2x)DW0tjs|1YuopVn|pY8i*ahb8QaC4)tHe<%hIPR|~k2{IO>9&I_TJ*0d_LM@+ z69S$|j>6$ZRuG+x-#x6}(YP>MH?xo?>dFSdC3pzUT zuX2$mbGZr6lld=N=+@>oSITt0l|d;yf}Wt#RAXY!I_Ymtnah_6F^zAN^PT#jcM3^O zREDG+XraHb>vt*xEavp^shqeZtyXhU(r=UNW@*|$b0GtiL28?J8}E=VIY#eJW!c~B z)uXEvi|esTFS_vFlr1Zw6jK@UraX5_S&>l-2j= zt1%YEaUaP(nQc_~OPyb`r51t;4~V?>c?p)g*4TuWyr+=u`qISa>(n{mj2ac4RA5$Cqi)h%3o z^p!HKcjK_$Ep9c*Q4t15dE$zaLpsw6l0zIM2fXX;NY2c)|FyF7N3{+KW#{tzD}2>t zrynt^COp-}teV&iBxb2llb9i0+e^&m;2B8FRA9XYZDSX-x9b1X1&!hhg@@#EkG&+1 zo2ZmL^4`DXack8ikG4{jyjhYc+R?#LvJMj>d3x_INFK*jjz*n9^1h(9XnhPmlRSL( zHj{CeE4*<(ioV*g#hY<2IQNQ&+gfsDaajjq;dpjt+#Kh6oa4O*3wNV)-*WC)<;dbL zi#}U%YaAOD98t>FqigsnCH2$=&G{)gD4H~T*`Y!JW$b-3msox^eD0}}M zqKBG;qD*YKlr}xTjJY z?0fEWx?5Jw>grf!c3m*Ms@Q1#iA5C~&Fml*RkWnYYxT|}-9-vXy|Gy0@YI5<=CHq( zyuldFl&rHQ(=f?lFWZWY^wRL;Bx(4{mP*dvZcBZSS|Ba;y|E?A*b6Q7eL^P2IOaO1 z#q-}&&09;wXDt<H{-YpM2ImgigIp)V)*Z$F;&R2fzjJ28j7S5mFCL%r~eNnz0bjQV+pmfcn zb^cckgvV)I(z|_VOtM;g_J_S{7?{|@sm|5!ncvvGazF)NU29is$o&{h)mn1zHczX? zZWtT#KHjsF$|=bJ{TvrLHgtHw`e!)8CY`mSEl(?X0&FX@Cx!GzhuN&-s>@Afx!60b z_A&tv+BZ{kP6L*$$K(P;btadW18p{a2$|ANWsCNw2r9KdH`Yt0xS=FdNFlexU50x^ z$an~V<2E?fR7!Bm;_>0}xJJhaVR%zwWh4RG2^LjJcr1jRzVlP&X0$JOkiMOTw8Pzm zG$rjZP^Jv`6iyau&%5#=!hM8`g?jg=OuO4p$StyKi|t>7&-SmuSIT}B&(>!27{(2j zELpe>qOZhGp^@9mIo6z5xTBn-$1twVIi%D$q!eE%d&IflIM<;w7H)O)l`{6VH|`AQ zKIR;IYg&5OI(MCOl;ErSU87%e*p;}@P=&3Xv|-Z(I}3Ffv_d*R>=Pmaqj?MYPAHt8 z8_ru}+e7E5S+1MncU_!A1;3oe#?bB%&} zFI0+Mlxd4hDUFgwD5%Y(Ax{cHMoHP_FU#Jly4O}bbJrg-c$@Wy3|((XpSV^eD?;3f zlJkPs$?O?xK&eQyuL5blh_^SWAF5MKWp$!?5iJ}w!SQrE z%s!;x95=<|>*Mj6@fgj_`Sas(hc4)vx-*gha)_p8-n1D)?yItckWIdwfd>DEaIEk< zLYmBXg>!|s3#ro|3r`c?A^cy${}5g%{HYN6{+SSYxldZmcJ#$(JNn`)vFCF*TbnV% zWZZb?COWs=xfRZx;~X}W#l6Wn?Rp%!`y zG=`dQ_&N}!F3AZtqhu+J*f=IXmkBv9jT1*~_-w?6uasRJ&(`vt(-5u{X1gt%o*+ez z*>2-rbB?uL#<8}`(mT|-!=3w}b02nYtgdcxw~szO!F6tmbJZkhj&guYji@L=Kh{-> zs}PApiOtmS!M+j{`jt>A|I>u$!>WHIVs)$AFPrHeWdCc`F@v1`mv^y}@m;+|B)`wz z(os@E_S)r^V{B}dY=LmCzJLDHB!v45cULJ5v&OPVcOU^L^XX!BmXX#awlKqqeTz^vXgitm0ns zO)Z=se(TEAYJcW5>)5;XhRH?jvHyOV<(1kqR9vBBvsq7s ziYB&s$o+B``Bc!AV$7bqCrL6S2;7vvoNp7C2Za>ItN9g%!bs23aB_3WihUQhD;zVm z*jqE$`LzAZq(0%Ik-e;Vvm#b*iak zb2F1HqbBwZSJGr*JYEuy_m9WT@%RX(=HucUA_>su&>~dVH4t*&tT8R3(PhvEzZ9ZH z^n5i~qqhjD;_nJa32zl{C%j$AJlqe2$bjs(GL@)ZCd<=>cM1;?{)dqIyGz(4{HYM} z`I)d?c(1Tis68peu2Wo}ay>;dW4jFCvt0)8m9ppK+1jw*fN@y077nY{xI>(q=N!+J zEga93Egbf(apyY6Slc+p+7?bZi`+xb{m!|konzIi#iiG`xLY_k(zzMV&35iC=k9Ut z5$As692SIK<9X-)?%Z3>$x4dhMn+$*AyacvafYw`A)Bd1qaiuw$09oBuq)43K6gQ& zCKS#WpS!%J(%G-Ds^#byXR+}92K@=nG$6B2|Jq|ihQ;R&NAav~J-)d;Ok*WWq}s5! zw^j?mQ3DM7Mu!aT?OH7rPSR>D^ zb+dm&$ci?PirNRE$DOA@Xsda4nDv^aTNz1!`bQg;gvUb2{Z=*!?d)+OTIfk3rSf|r z)uDDDY?o(+`{`J%Kg`~}C_F;PuLu_lUlmeaNQ^yC!Dr7?@RhQk#j~~9FQTuMz3JQ_ zwO0$bQ}oqlyE%8Db5osbc8(`278iYD*FDcU>C?#F=A72!MDEb&D`iWZdzW)sbr8dy z=v>*kGo7OZU)9frN`531N9E!wZ6L-y4=6W98-+Mh8@zp%{m2uOgz`zGd}Q%I$VTb) zG$iCJ$$q-;B)s&vMf)L18G?!4V`PENFgXckmHX~(Gi>5R@|Ww)W;j}%<$ulCg4rqV zqW7cH+-xA%)yL!1YjHI32lczuwfeCjIj;(lz&{BYO*|{4T%H$F94`vT311P?J_wJ* z$qi-qu)*Z3GOtto#`FgW^Hv7@6s)5 zU8Ri}Xn^DEXp&1;F44BAsj-q3bNOhTj;%+e!nV(uG4o^=NT=}qb!;(w&&;;Q&ebg* zyjn-ba!pS^8D7KitfMVg;kiF!z@>~PF;P+Yr?X^zzL z#K71e%IHr0xSd^%Vos!tSI?-!`(P`Dq@$^g(CQvk6SY={&srV6QubAaGVaFcE3vyu zu}wO=XD{)(}q zCq^p?3ihAa`F1m>gCBi(G?IRCBhbDT58TIab!TKmU@w9bo#I|%iy(=shtUq20d zE?zD~S6-vWVXYRQwOV|o?4o$KHmu$;?rY9{Gx|zlv|w=`aE>-@9Fk>m(VE6Ff-r6$ z=k{}s`2`E7nUxq$b0v|x$2n#iEF3cpmR^#AYjoA*ww5Nvr4Ab@AYA&@={$W|I)B&| zItXX&-TFI~dgb|Z!g&>u++q6hoUZcxudmiXSo8@@(sfYK$~ItvM@->}iVg@3%}JiRpVikjD|noacS>apP(Rz!A< z#hOM-eMrvR8Yu3cCoVQYx{%$Q$YQE5ve;U~C++(_Lu88eiV$#qS4We!;|X8%8l}w1 zwg_L(kVRT^l_o8IklmD>S+jvs;apAjH}aKjRkN}7C>o}#J+0CHvcP?(h7r*ARC(4p zuUmCe(P4(NAFDLfA;q5K{+dlCVeikzX@tFT_H1^0c0;@l-zKo@4AWNfZ>bKa)jgx@ z>=CZ>=NjHFu*z>*epqXJ#r>nu$iQzx$PH8#9M^=MO*Fryn1^QV*%MiZu0(BHipytp zwX{^LDYdfjv3Djvmnx%QQAU5Jp~!hLql2nslv-LGF8^cI>E!Tr25rjS-Pqm3V=>Dg zJ)ahs)@+mQuTr!;Zo<_x9$@>d;h_}gbXc@$ZTc!rXt}Se6nGo(Fgg)U0QKMQ(+HK3 z89P{QuK6Vvwe4>8v!J_eM#pN#z0BJz>X@fDDb2rhaja{#A4w?v{eIcmRqLO6z%JI> zsWtj)M4=vNNk@hhPW9MtgwR{o=<8oK+~=+#H;TKUMW$8|;1HJE<2fn2P!7{lGRlZC z<+lSjR%OI-s@GF%#%rk{^{TCWL;JVujMjCQXFt@Al~lyeWGI^#Cd@)%zM#US$?oMv zLOal#-A($k#=`C{t>IP!GMT@WxY_Bt&~CcWJF-J+)|aYE&9E(2Z^|Z<$8_>k0@<|e zY!z<1?^o`ovruo8MlN*23uLSxCBwZ@zh?awjIkazenyZ54!eYti~@EtctVQG{-IZ;ity%d|>btiHL`tHrYM0EJA+4^JhJ znW=jWj%Lj9gm}!R${b%Ck5MKZ-xQD22llKyHL!`{=Y;asa^4vJ-SIemu+NUy&vuCC zSH<(w;`Mo;h@&NNJw1x(b^P~u%=LYg#+-d}^h+=3uCNl{h=DbJ3Zt{zgxJmB7j7ri zdV(@~=MLd`;ZKAI2>(MkUHDVs9O2J}M+tu+JYA@@1mUY16NEI!`NA&>7YM&Dltos0@e-*N7Nb*odFKFhp+$tO_ zq(ascA~;I3%ucTx2|pk#3C|R6B0O8Tsqmx1I^jh^?XX$CUN~IHxN$4tkA%ugShbAz3JQpX;HhkNzqrz z4smXtb8DSD)w#2s(+DJ9;~UQ1?A)Es-R;~%&OPef3(mdb+*EZKmcNJ>g*SXQojdN~y=k|8)Am^q#$Cpd&evfrd1=(kAz((de5nXX^;B(@OyOgIm z!*uSq4Jjt0l4xDem_KLg8tqh}`Tfat8>^Es+pTyO^MRg1l_Zz%YdLz%x<=V_S{sE} zdeEr!^V$3PEbRx*7LvjtLdM5O2)UmHLbRJ!-^KATJ{u3?v%M9J zyDWyYXJ*E!_X=@K?4KKawlkW=tyTlODjbe;xMB^^2NhSgr8qn3+~2C!Kxb>Hfp(2` z)WuJ(+iCS=mMyS}B%he{^b{bhJw`RP+CCd4~yurXKz zrGa-i#`32q_102_Yqu?j_v zP{ZNtf9Wbi)eKnKZjDBq_Yi(SxR>xf!hMAA749okdkJd-P8Uwq@tHzNL3Wl<`Y-#4aDng~;UeKjg~|)- zgv(Uur-jN3Zx4kxfIcHcf;N$~*qk9glOTMy$EtCc#&9Ke)eA9d!?R5bhdplLe&gX} zUq|kF=diCWoUHrcD`iuilLZ?&Y)cEb*tt`kD?4|Nb02r^Vdt=#Eq{8(8`FEvxgn}O zy9TzUg&U%rzN%k?e#tG1o=qbbpOF4YvG*^m{2`7CFs%A`b8L*LH)C8AS4=TU8q&O* zf2dxZO@5IfbNO>pwy6J;#7WOdTcTpGNG{F!S$q>gQn2_`Hxo!ULBF)KZ+yQrLCslI z?w?C@JGyk!^1gB7TwdRKyR_0dS3pZEW|puWr0wN4l|&C#>FWj&m~3h1iuU4^T)b>h zBE+mGpjL25@}suUH}e9wVaV^Zo>KMVPa4LG%Dy&?hDm9pR}gj|EeY0KMVi?Nm+1RP z58ZhpOKKEyUZo9UDO0Mh|B4%}P?U6tTdjIXW(x(N8v3sUl-R}!fujI8R>v9~MawZN z0+&7sCGSi6T?-f8GU4mWw6Yw(VW#g-54NYc7Yn(cTZLTeQX!quWx}n6R|)HdR|}D+ zFA8@S>PtOA%Y98qt$$lMMfe>d+U&c+xx()W=Lx?loG-jdNS$0RB$CRQv==_p zUieIV8Fy(6S7P)WV$_EB%`Kcp=8h)7zJkyVtp2JNLMAS|1j}X=PYUPj8$=ZfNx7Ya!3neJ6LbJhV?r4~It6 zP$om!fY-z6m(EYs`DEeL%l8TWD$k!2&coQ6kn;-X{}|3&YA@>C-<9Ly6B6>owZEa? z8)Nk+xC)JVm^QRLK0L&p-_h3EWZ$j%gBm7ku+Pafqq$2+hKbz%^(hM^2kYLIP-kJ$ zHtm*vG)1?2gv-?_>YEG)ojA9p{rK*Dvy4=NoMlQj^%Q6rU|wTJm;nw%dJreu*Z ziF83PUKrSaMlW*fC5OxIgX<}f%Ix}_=ZBf|0Vy7|rZ+QEiOadO?0mK}OA zHG&yoVm7JWT?%S9uY$aRDoLr`cSN;Iqo~p(SP?^gP}N@1sA}ujf;NrSHzKm!S>=7P z_=ZVi^1C$T7CowQYj6}Q$A||m>De#XVXkLi67h5-0op!Vc9if@2)P5L-H?aLLbU1> z;TYj`;f}&NLTtl%LTdVO;S}K!!fC<hS>fqITG*k&uL$P~k>xXml=`YcXld>g zpRIPsSJHE`#A!w~oYl8yqpvpG(z(gbO><6j$T2-;W-Yzbojc1p*6`SMnR&Hvw>kGi z=lR1oeWgr~J|cIpbF62zaPM;NH0M6(+jp43vPEEXz9lM=4ToRz-NR{5LI75`;j8(ipj|tKBhmq={m0c~3 z&Eab*hw(x8TnmP0YJnSQl}HG$Y_bsP@V4d<9_4}-lpM(o{QWxO_k?iGYbxW{i5njH zp<&i)YEY}pffRFWsw~Y~ZK{&AHF&#gh&J#jGHo$Isqk1y&jCaJ;VIp*x-V8Q<@w5I zxyTPn0-46$ssUs^!aT~z@Rzb5Ddk6sb0fdI3LoztLPnT-2~p3|1ZD1ef>0(ZyF`W6 z_jL zbbZqr`9}jDSCRuriMr#o(G}&FN^fNBgS&Oj-uGD_yIjhmzmmv@G~^j6V)g}ho4U?i ziq;w#{!-s7l~>BEE%Hs02HHS#l#2HV8NsX&BA1%|3DR?-kS5Y8WaQE%+*P<*xTjG1 zCp-yNzZvFdNQdj3p~A8e2|klDeD;MT<1UHeN?~21ad$hXN)4&hW<#Q{6uuj2;YK<~ zpJ*I?BEC{K&pCQWD>B*Qe1jC3#T_`V|t^U+rzo>&e8f`)o+G=$*DAgqb1@h zr4f7d-GQZ*n%n7kkd$nV>$jD9@%;?aq^3?H5LFReF0B>w9-07kGd?x9BzSfa;^x9S zM!}zxY%qMVhF_7`x+hV1B4V0hX=k7414=0u9viZv;d`H`|Hc%`{7^VHRN!krFNc1# z+7yaiRk^geRV&!(S|XCqphyF37NG57)$1`wb_;~uy@O5j{6dJP7^GF3TG}UlkrI{D*Ln@J->-LWx^>nV?3v zT=-Y<%|bmzE>m5<5^`tci~N0H5Sk2qimx_1HTrC)SL1GS?j;ZRnse9z77jZAUnx7$ zxen)8C1Bw$b&gdK#{I&%C!Avqgr&!71`D@U^l85(=XP@L3Fm(A+)K{A=G>scDZTZh zuas@$T)lHNTC`w;e#zY+PrZJe!+l%Dx{-Pxj$hP|vB80b*<#{g&4I6v)t}&UEvG4g zrV|hDY1Hc{-7PILkEKAAUJa}BnodMx%xRx?O1C}_mL%G8q;D}xdk&-ov7+lkRy(yI zkxTH3j%kI?kc)B3`%np_=`4*a^$ClP_MoMB0yR>BXqf6YbTMtJrRqigS-klEzzX}xn0)X%Ert-;XwEsM51J1g2`WNSva zyQQf+oaQY~bk=<#Qf~Jb$}rvJuyFlhD*i#bx(xuvMboA}oU=a&gSi^%CtjC9KT!*P z>VVBW$t2k()4X&;uBg~v*+q>EkExPfjv12U+T-!bcIYd{&W*?Sso)8JRXo05$H4$X z1}}*u5ZaV-zp4D^L|(EIMh|77lqnjwOmUqn93%XgkQStsF=dT7GL2KqdkZfTP841$ zoGjGW+{=dx+1F{A@Jm8k&6kDU!mkL?7`F(|7HU;ZnSw+H%s#?r_7OfCg&22v3|Hdo zP9a7u-*pN;`zo!4d%`)^bQxD0eWh%)bK{)TdZ`#rE2Uz3?{ZG7q9XSL=k9Qhalc)I zaX-FNw$M3d0E}yL?s(^z>9x3PoIAt04>_mZv0}I@oI^y>G}q{t-1f>9j+(_Wo+n)T zZKLy)b~=Bue~_BTcb+JG--%?B}h8yRMTzfs!v!i$I@ff0%@pZK~xhD_XQO2BTLb2Y(`92f`?T!QxMF-`%YIE0_S|b?W7FPyPMFZVZ_6HgEN^LQY?&}wFW1!7(Y9!H zTI^j>$(*68sKnvDDv`d9i7gzhjpNVQVYahwmg5KG@#uK|rFgteJl;@B2lwPC3(wRt zZmh(`CJ%xQ|AMjMFZzlVcuFDrUF5HpjZCRuBgA(9oDhBaCE;A*SB2QzUl%qBd4Aa< z{GL!V3fb+#cHxhNtA#%nBB*x?%fh>a9}+SK__*+=!cPhrJA797fbi?WhlGd?;T{ui zCY${U;TFO_3r7f%j;)30@@<98u-6NR3csv)^}?|n>-?vr18p5JK3fNjuN1!OZ5;88 zYluGWt?Jwy=U63d;aD4NaakK|+y%~E;vDOMEgb8BE!@-2J>%T#&hbRm!i^r3;*N{H zQns&i`#X2IbM)C3_Y=-t?A-0nv9`m)J?`97&XoqI>uN8*7;cnv+d9|cT&r`eC?n=ftLTQ6}NMPDf!?%Y<+ZRgxh&h6vee$LHwZjN({ojcmOPUpIvqlFhO4rZHhNmCUq zj`2Frxpe;bYY0tB_FQ;G;rw=MIio_5LxOk?Um5@8aNbfoL+6jyuk!q_!g=dfU(~sq zbgAMFo8*}sOcYLRkSDm_7RQpt*6z?FUnNaalZ8Y28)g@`3*k4b;SDvr6Nt$*AI;{u zHIVZ)nqy7#Lh(hufh-MrS2I=UsXBVh5TKh2C8uE*vAN}BLs(&ug__Eqn=Ds+r55el zkA?Af;;Plz0H`KBX=50sCvBng9UIO!uQ{x>t*v!+OH)UC^J;ZKHqtAHlQ&9Rt|wEJ z4SH;(w~q>!9I>_MVsvG}76>KEJ8iisu&YXRJ-wthT5qGC=DE3#xXKHwfO_}W6?d3S zfg?g-d;6EwgqDkqLQR^n6#9Q2MoYs7_rdUYx~?}pB4rcU=^XtG8>BRJlXcHQl`3aejweRM-`6jWqOU zjT}CZHS$)$8rh-V=JoT2wk~VrnQ>bG)}Z%V)Ok~O2+?p8qVy&C!QzK!Q6SQnR+xS8-#;nu<@ zg`Ke=%h6U3atStIb9@ zx4m=v?n?|e$+^kSebBiNJ9nXTS{WGQz9mIqRgj^Yn?mQIc2ZUjP5dVxCVn>&$X~RG&i3WSFFFLIMy*fna;eF}se^mgv2`&EucoOxtR_8_Z)YI;E4125ewGKSUV#0W)24eXk_qdbwntm@P(1c3mbYFbc*7Cgrr^ zh3gbC&19sABNZXf@Pd|;dRn_$ntMGQBZxV>mIlYVnRKn*+c|U2T#dp^tE*3kT60B7 z+NZ7#YiwHC+Md2zV+#iJkaiU+Gk?;!pk;MS*U2qRnp<$M>sSCg#^5#!mkL0^%@)!~ zRBm^j9TLnI%1Lj;TD@2{Eyyf2KP`$@?_#!9f6a*6#K^J+z~el7J>oa@8d@lG13$7) z3zun#c{5}+9O{_nmhOPY#>6%it^uU;A?sV|1QkkCNfBa0VT~RY$Bp(r73!8GsVkD~ zRq3p}tB>)lYRQ#uC~OW_S#dl&q|~uFyn5K*F-4E1n?K^CRO!=64VT`|o^FTPA9TKA zexMv_U|ICj8+S+lwl(&QPjkBCp|>6*+(cnCr%`pyn`Pdka>UdpsY_sV2Y!)4#&7vE3c?@UoJsJ0N=jfx2qnEb0dRsYi z^w7r5aBjA9?{n@n=WcNB8_v;B+BJUb9Q~wmFE}@1P~t{KUn!gE+#KgRo$GdvF}$V6 z7~b;y6X$;FoSv4(a4$w*i6^9yt5JioxEn`bZH7T>+>Xxe>YO}%dW*EmA!(e-RS@(R z3w6E8h39|75go?2S2oBK9MAu%iTVG4zJlh-upntYnxi>Wl4ynhC;JLC|A4A|*LAD% z=~8}^>z*1=l`oM(s;{%gA zR!JBd00cezL2>o!jbMvu9@+f zX2xgl92<983|C_Rj1Z$X?AUAJ{_5O6JRCzxi(40cB_0k$ZkBWJb&gSurFXq^UvrN4 zCuLg-vq+e5Z_BQ)W~ApC?q%Yo&Ls7mX(&*yYxQT>bIu%Z zqfc`aj;~|xuDReU`Z_7r-9x;FsAzdT2e*FF3{R=r>G_i3S}jDJT=z&(e-~R!GV!gF zcTo0hWeih?=~~G;zqeiw@ze|lw$52ROKMoQd5fYIVsO(mXl?nK(ALtcEY*y6YPG8I zPOa7JDyczL81K~1Sp9mRa^t<8(~8-vW-;D%cOjk`@96x*^s&b&T6DgZQf`l%)u9Jo zI$vRrU!s(gOS*tYeoiFMl-5SpKPaS-t`X8J=owqk`X3Rp3`gOE_UAl#`-G52a-nd% z@M7V9LR~NHxcDjI5*^FN4zq1n2%B_#wQz-ybhzF#sx!0G@mX(xuf+S<;cRVoW%SwZ zix%zy=Y~iZ8^zby?L)tyn>jnpyrs1?X3r@vV z=__oJ33?efp+DQ6)26Hr$e5;isaM}ntqr732zAcGz0?u>x&FVxhZ8;%p3s+h;Z=Men2iDLk}44}@`PHfF9JX3zK5 z{^dvmNq#GBe!bNew7;z4ppCUJSZUPyQ9x`p)rm*7z@W^KjV06VI0pzj9ca0 zNzSom+QNO>xi2{PW#{g5?m_1UNyl1T-UzX4@T|f(o>dq(-?>H3o#os|oI6kI(Bkq0 zz~Wx%+-IHps&h9wceistcdnYIUZk?ZC52J6`TwHa6lYn8qeR0Jz|XEzQ~w{EWl@fD zr5mK-|870KPBl7y-D-4_G|S|=X9rZH{ZElRRsVmf62&U+S1(c;)%4;aYCt&Gi^Z9c zBrBC#@i1vEWMN*^Ud=+z&lfUBy;w+2mI%iPj~1d835QnHGt{6JmkQB}%Y$RDc8!aj<5{k8 zpLgy{&i#jTKXdL`=U#MfjI@g7WxMFp+w0B^R)N|z*h|R5ZSLG?=f*iV(YXVhtETOi zsSI$`2(GB@SV2~t;aH|{qQeu&&s5WP#qsL@^cfD_OFw#2CP#E;%*mVyGa3Whvjj3{ zk?2YO64S>Hr39%c6MXvGq-Fz<$8X13fd_%)GllmG4;KDHI7fKD@K_<~poyRNSqOZliSgMigmG8Ka5f8J zoZ^SL+DS-y&^TrxEG}~o#_jK1n{%DcebzawQj2@9bN4&{#QlV~xX(H4Z!0xLcgN&ADn? ze2(sjkp#7YTl7WhVZ)5D%u~;nr)aYhr&i~t3a=O^PjII#Y-?%h)Xs~|+7qdx{m90y zR=&73eWBFA#j`<^=#=*V!5tNjk)*T2@hwtNeYZ%08=>#+B%juwrMp&OLO=Di+??1THVjJ2=+3hI`l_(> zX41mW*7oTgJ^Bh;>Xg14t~D+m*MtqiSrW@SW>(y)QEMIZ;abPcy5)zI{mm;@s&4s? z@OI3GD_E#nWeMvhy1wtmuk)`DF7MD$< zs8`lWv@o6-KnNs5uR-;ZjBRwDCP%B*`9iC%d`D(PvBh$d_Cw3@zMHvf@3gh^cczjVj{#ra{c_`;!h{rS-jz>x#;L`D!cuagcrI&PWkH`@Y zJ+h+^719v-nH$>PF|&kNL$ieq!Xtz@IWZ^2|2ZWtM&An$`Ld~^jCkv6+H9}hbTHzOj?-AZCe82F! z!m{v3LhV>lzFT;f5Ft2Q_$%Q#!qhA1{kU)&;dw%>&B-nl?jXEa_)g)aLiFn= zg|veCYAQC9gU@=XVUDd9kC&g1+Imb#Ii>ueqV%*y3E9sj%iQ{b=3wMZf?4@tq ziOzL6_ZjC{r)uGt*T+|zF|TjjgU&tT+#j6#vvc)Q?H0Eo`t-!vx$(|Tac+il^POAd z+%o5yo$GY2+qtuyWAA&*vpjvC6I`H@MEjT;?c0;<+gyFdW5l5+r)I7~41?>ZCttW= z$vV68IwjB?5=rl2*yC)v_SBD(d2@L`syd18f*SPp$Y3t$igWo`Pl}m`%3~rN<}Ubm zyYLJ2^`K+}m@UqQC#XxM&pReuWm5RU5VyH=IIj21rE<4nmDv|)Fmsl<0ekyCohcpT zNJW2VNMdQt#88N4L+l;6#+t9|`>s6sy;M4uMVM7>Flw%MFFQ)dwvT}u3?T%4_X#2C zwNf{1WNqKvSsA!NdNJm0*f@8qv>pi&zV&tt3QVHkhv3(TKHG8>UzQEIQe((02MhFa z4lQe19Tzc<4JP`x4&DqYj|u7UK8_}bzN{XRV!mET&TkMhdia)b zlJGmigM_yTX9#Z<&KCYah-L62VWaR)Ar0uK!ZpHsgr^Jd6@Ex~pAbvnm%?*|4+<|3 zJ}jiqeN=db@Co5n!Y75-2%i#OFZ{jmM&Z-KZwvn|J*;w4TD`U8lMlTklHhg!~!rks1mXLAxJBJly z+~1vh%Q;r~+BG(hzEb$cfpJruoA2QkIoIvnTIbGm4*SEddx>+GId`3NH#qm4b1yl^ z^C-&;&!a3oM)bxVJ7p*)GoQ z?%e*)9pv1F>U}NG`bK9=@3YQ*!MPiq`<8P*a_%S2{nokPIVVpa>tr`^IL_gU`+Q&}zf)6N`g@*M`5!(s-Nfge{+ zhD6E*;o0l(S*aj;&uS^t1=8QIM-aVvYsWRQ|L5Be_AN+Mh%gyu$5lee2DD>cFH8LU#0u$*k6 z&CW}k+&1go%KqQ*&absXJ9Erww;iy^X}VUWDU4uR&YE?rT!+d$l#FEW4AePx-ri?>zLC=mbruB zdG%muQJ{&oLQLitMJsuZMGH%!7B&?bvd_&LYekdGKDUj@B$X1}>G60)Jbqt1zNm2g z<-+lg3&(#c91oN9;Zl0r6^;)m94{;!pHMhHt#C|_TbVxVyep6IDI7mvINl`6U&`O^ zg=1FsRi?-2KOLtTr#oYs@W>|L$C)7iEs>X9S>{}e5Y2hK5DlPv3%eWY$!&R>j%rwH4Htm#=TJXN?>_m!Z4-0=TWUWt_K@vW$TjbnP&NVx?(z$Nu);f2lb7wnufpeEQca3w`I`<9dZg%d6 z&fV$UFP(eHx!*bWv~#aG_quaKq<>@iMW6O5c8+zoRxS zEptwuK6Y=tI2`A2l@<&Z#NYHQS`hW(aLmVFFfMrYr@W}^l&MYOmE$%KUki|>Kdfq6~?HnM@-W_Yc$M$9Fl!~2Z%A-)7COsbaOOEvTAx`4apP^rI zTs^mKrv%Ra)C+dh4{Lk8ez=FU^8)xQAt^i}WCq}IA!YQW5Y4c^x@4Op$7ePzzEXBY zJX;&AOXIL#E!@M=R|;R0HEw%JvW24$G;WG>sitQrW^(U}9?sz^Ynt564Q$>LZoCr0 zLI+z?sTcQPO=%vbke?i&B`jRos294;KpT=R3Nc5tjG?VLuQglwv2{2x zC1V%U{@PB=Mel~QaoDES($!E{^o=sy2Ej1oOZC&j@nA*DH?WHna2to6?W&yE zXd2URY3I7Ds#K!={_&qNBBkIe!{N`4-$S|ND161JY0B-@Ce~|g$sqZ3b8$I7Sbke6O#VH zq2*(3;Ikc(@s+~tjBz){vn9TX9mC!09Cv5oUULp>(72tVPhaeHZk}_;ICq?LzjN+s z=iYEm!XHx3zXa8wt0uR1^l)dm;>xn`DV?c>cjt(s4nPZ-G}iURPLqBs4(g{jwzVzS z4#i>EHCKY6B?E~{!;m3L#hk6fQc+e6n)IwTeEc$n=BzmjO}<%=a9pp%XSSc*+EuY0 zA>ADrKwBfC46QZ`Nu^I=rfGZh9Ov1CYCDA*9|RKp-S7P+IkfBz*BHxoJm0!rFO5o> z%pWtLB0oLf@tjhsD5Ly~MX4l4X^klP=Z;grbie5Rjmf+mxz6?eN+ZKx>W?{%lJMBb zPg>7bC+#n!wB`y)=|CY;H&sZvXqT0;?j_UCa$!BF_LU2k`yoQw1M!Hj8R6JJ;IsY# zpRI;B?(!JUzJOrd-Oe!|Yuq5UL5sU%^wnm&I){a6;jl0*-0z+HlXJ*{g&Pum)g@x2 zu8UJ9oex zEmNDDyZEf{Kn6tGc)KPGso7HlB9OmoQW3Ub+loAN_Pu^;r#8WsfAZ#6+YZ=1rO4Ty z3sJQJcV+I=mZRMF@XB0PS|N*-BaUfHxFtHyTj!L(*&oVsk~WP;IJ-)SuI~_H zm1qoArpy^9((0D0ZpZnsCq1iL=5=(puF%4)uqZ2k3u@`gxH>9nI;)L$r~#G+Y=nEL*`Cbv%J4nTw{y|n z4XqS9027R*N!_L()&*^##?0g|^FX*Al%dhROq26<+v{&QbmQ&Qw9*<8tM#k2NFI@r z8rWh^7759vDJN^xUObfzm)qvpa%FELS;Gx`#g;>6?avg!Y;`H<&2FQ@SIO~e5-zmd z!-TZl`NGYG3xp)SQi!#(Sh&6L-9ifHIN`p+X5mC(i*S-~nUJUxxJlZ?WbKs^9M05vlPbt#JQh3hoxfq z!&0$uNkXnsPLi9Wvp7w?1&4${5f+?TIA3Ys@1ygZ7S6wXrO2q!nU6|yaVh<26ir4s z+IOLb7UEwW&a1m*v7!;7Yj8CLhI}9CpP{F4QfMnE3(ZOkyIRxo@aiC2iDGwM$$7n7y@AU8IQ_UJ zv$QD@{O0I<@=K;~L)oQKA{5nMLQpFvdXSV#>Y2%IzU@F;r}kX$>9Vg_aA6ukijo>d zx>qu*#~WHV+TF7{lvJILR|Pg-J;{_8BFF-fdt&$7Z`D%zgjd~hK32>MDg*c@e42GXu20UO0M1fu$0$r(l z<=H?@W*2%(7y5G;JK6>GLA|cytsxO`gd*J$B2JX9T`xo)p~&^&mK&5a%-58=@HIS( zoHYC|L*!jTL^Qlb+)9zwQxVuVH%3eQ6%}{hju=X^ND~Es%`FUZNP;;u`8=!v?mUXO(4Lgu)HXwZS zb93RRMQ9}#M~lbT&r`kZ9|L_Zy3k8=Q;NU=f3RRgU&tT z-0RLU17LaK4GGIjee{(m!N{@3)557#BDcc13!T$9Ut+kMocoS*cQ|*Kb8k4ubb(!C zi|DJ(Mmjg!IejxWhFj&_NzT2`xzn8coOAlRc#Ny>i3eXTJMKsBN$2zht;oIX++Upg zwdB~!>hb8)E)&kZ=-h@9M+-MJ`ts3av)V&)t_4m#Tsr@;6FAakmn$zz~#*?pXA>l;=2Je4QTDRcQuO#U`V$Xgh-^m-3E?*}Xr z1(Qdb-*`Os6(4}Ad_78*;R{cdpW{q*o_6-6bE_QF^CB{(P7Q|oOFMc(6l#f6ln-U*@l-p^_SZ2(u$Oe)899LV&ddSht7ZtfGh~7z z3ug*xdoqB+yw+JlM!z2ss`SF%KNPLj;golZ$9oAc((xQ2@ica0Ryw4!m$d5!;X7OS zYQviW_)5H=7v4{<<;}d{(;kz~)hLXGV=l|$(gPXyZs!`EJKwpBoV&w0Sp+feZ=6%_ zAGs|CrE83gKHF2%uFIa9c3t&*!B?BLIyYa%X5kh^Ux{yrN3Pkqwa%UDoLWg# z!%#b5l8XOqO}M_UUR>2iix3^IeezhYj_a)nXLWU~n%dd<|0~4*9)-w~z-kIHRm;Dl z7jOUnre4(ANVW2HX~r*0lOY?|M~!xy5RH3-5Y6}vA)4`X2fUj6dU(I3}^2Y8@HjtSU4IgZ?2bSo4Iyg&#J~S^Gf$#ldVj>elk$Vj5)Jvuosve zvfvtF$LA9%d~Q!zc&a;}-)Ua6PD?L*xKxq!X<)NM-=3|P&seQ!iXGXa}D!5OHkxH_=@^bMF)D@-I-B(&v+$qP%H!fLJ zra5LC8UF65zt~jz@9UpeNYZJ0$47}@B}8+mw+))3O-TEO=QbH>+fx~QHaCs0l${sP z*0RT92v^E(ckV~dJ?9*n&EoRJ+|uK(af_Wh+PSlxezrx6kIFu~dIW|V@ZLg$$ao`ad88Vkk zc0VJsYC@e4Z3?!2(gaj%W%}G?ngR@)v=m2UsT7jT(W-d?enMZFOLy2?=!Ut_-Ly`j zV^qU!Az#H&4LPS|eN;ovAPRRnyh8LUMwgXRMBX`0_r@oA^JkisQbc_grRWez2X%dD zl#&HPr06gq{V&I)d_+9Y{FO-&K9eGRr64=TU8?ZL-4=bd*$D(Ymf`wz8Vd*jJWE_q0Uy+Xe2at|4sj}cwpBF1BwVwPb zMX?wAH)SKu!`Eb5VpY*H1`>@BN7t=kxmT4qsRdO^2d{q~(@Q!Eci5kN{Cb`8Q8^Qk zN{11DFWF$T;UpWq@02s4SJEBzzMo3zAn%pZ;UB0D*6F&WdRmgYo*bbMHd zbZ|`Wq|?KBtU{9xd?p?EO6=mB8OOs9v2d?BhjbW+bXeS_&NVrQbXYi~ z!@?mQ#vvWXAsxmc9mXZ;xJFk^PV?HqB{j?QPkLa&?yBErI?w!RI)51*X*g>iV;@#H z|7bXGntr@Ou3tF6`}xGT)b^K;yjP}wVK{HC^hKS2LD$}`Af4oyJZjE9d#yp9;L1xD zPMzP;))t1>!=wjg`ZZ7O>S{bC+de$((vpG@@IgHb8YM-%bv8wFTPyUc*oSnh-xSi$ zw^W!PD^pB;4)i3HH(2VZyLON=N%O<#rB z6j6$u3O~jEgzU%-v#yrLX0FZGmJt%%p5gC%vyEgDk^5KlHF#EKSd2B=ZloneA-lM} z!{49CdcPq=dHo-6y@eTUQCikEwRCo;ILV$pFvQtJZ_WQT#ChXQwqKcC_pvbLvUI7w z4{YCKFz&d8%pLP z)z>Q3(zLp#75KWqeJZ5)k&s?zY658}&-@(y+}5gcdlFisx9xEgYc|OKt{pH&NpAD0 z&(r`WgfJ8I-AH>;{_Jq6uW3V_F16jXpmym}d-Z8EgKB%eMv}7y<2r|&jIn-b3lA0z7!J9)@J12I7S&3Za3# z!LBbB?h@xNbM6M`zTuoaeQewL;&7>ZDX#DPfl7a7q4!L2Wc_Ci4I#Szl;gHwwsgq9 zxSp2%(!*&x5~=c|V+)NJ^Vbd*kHIJzT6aL@TE3e40cTgFQPVzOMBhNA z#ts|Q2t{K1ZFT8Vre95)_H&ykyp0qQ$1QO@-VU>?N7?bg@wnF)Tdh~HGt?pLswuCz zG4S3)vNB%1>lD`iO%T%m9UxT4k{@)Ku$0HR zPsMPhj2_Ln?>P60bFVwc46B7>hSk#JNs@8*ILEpI<9NDc;r{I0^Uk3&EgX9_S~%*V zIOe|QjBNx4M`7epZ zF7^M6SUfYX>W7*CX{q3b{?nx5wDnCYP8T9}X9|&u4-1is^Mpvn#X_Xwe+iL_ONB_q zy)G5_Oe*l%T!?YZg&22Z^wqKlYvdU1S-97n+f}X4xILn;l-=PR@?q(*?#99)AI8z6 z8i#xsC*2!4VZv9TX|tuX^me4M{_E?krC{!In#mEeGah5Zw2q2u{teQSp9N zmrH}|B~Zf#_$4;5=}iz!oV@CGfx5 zdmA{b%4&an9~j;SR4_ccxIhJb{ktQHfAs^5SL8K0T9_=e!ehE^`}O z`c^Z~n3tmhpO@^LilB;tStG}i;$D8w`&CMQZM$M_?=k$C$?LUDf$IB~2Im_dcXSjQ`JJUpL_T$SV9?s&@` zFXecv9q;{)_l)B`=XjrSyh8M)8W*mo5ETYoX;9t;jt9?f!{fS=%Fzo$ zbp{m%HI9d;n7NkzX?ks|nM5m+eQ8!Qyy z6^VIRgzt4?;Ee1OW^LpwG=h0}IO&V!&*G86ebLupV3|Dx)!HNX4h=zhW2)j_=&Wtr z3w>0Mz0ku$O_m*xTSOUZFA9an_nTwCo#-FI*>AWctfLe07w*k(#_pG31-F25?70M# zqoSpttU=2`k*uHv^kUEzpi@9sf^t|M2b}@h209zG9rP`rypHXV$82*+P*#KvP?m5C z^j6R`=pCSIKv^{1pe(YxLDzxa1G*j*k?UdGdKi=~^=33@UEL+p)mNSSb5w@Q{}oGk1Mpw;|i_HafMcST%lFo4URX@@z^7)9D8JyV?E3sUylNh zf#(>)Ju;uszro+ktnszIhVmwzVp+Et8KG+wBcBd_?Qp5D{*L|TN3>U9-bHDZw6CT*NR(I%}Wh;bR^hHl}O$NPF;63)bIU>e!7m_L&Y^CuX0 z5dIXDE$c8STh=RPJc6C~&3J@J$0J0A^l#_B{NVkEL50Cfj`wB9I~(;(<=$*iq3pq+ zJdWK|A7k}r{1xNR20kGec#a{vM2~})?FnVCA>Em$L>sYE-KHBdz4k(-(^0NMHOex} z^(LB`<&cpl$*+Ne5i6POXW>>JX@+2xYCBj2IMML_L}U88SME_J>`$sj<-O2 zwug_^xd7+4WtRHuAJ*{EGo1ItAg!-vo_kn>r=uCx%tj@ky&N_c(N-YCkJfu{n)cqK~or98ksUedb$x?`BD` z{;+H&;*VLnQCY#IctR3h2FiYCl6hiI0p$~Y8Ystc(?Jo9U?ylW=xk7~Y|a6_67+gd zKH*D2x!zj_S^~=JtITmVXa$a02sNOrV+&Eo2g#Zjk?zGrR46OG%KN;LE94ik$EUj9quR;UI^Ge-JL-6+91jI=u4P$e_mix03``kA zc0YMP^knbFWUpbVG&5@@^kB2tmgJgFGyQMGmIH~E^HVVGMfD;0MO+sNI)#7bX5J#8r6PYpfPvjC!vHVII6lU&N^GXo(@Z=Ftwv7J* zQn{iqpjA)hu6DeS zI37oodXGJhx7YEI{$4c`9)%KY>1Ef9I{6ktGZY9{=o(lM==$nWb% z?A02X>`FCTc3+(~7wWp86q``Q5-ZcKr>&J=RsB-qr9&Tqt990^dr#!6r5rGHX4cYh z+%s#Z-@0*r(dlX@w+>)tGv%nA;gqv7vRN^O*i}GNXlp1_Vrw%};tkh~rLUp&xYhTHF>ovZCj=}r7ysm`t1gIC9*EipQOXoqZDDPzEEm|or>XA|IKnvWcNvCSNN zF$bm>#wS(+;d-GP58v11QY+ zGNGC?(mu`ri-Ae7BO5!?Bwy+US_h+DO9sMKsO>EG>893S2TDCNLD_3u1Im%jwV-G@ z7|-e3a+G6yxz4Mtgh*QnQK9TVro3m2obE)Xy#0=c!V@h+#k)?grRSK+(Q{0B*EwFP zfZucD#v>m#gI)-&1upccfD(bTiV!+J)l?e=w3o`mw-qrW7C2|A(k+h-) z@usLT66#PB2`i*5$%GAl<`bTaFQ@1t%ldPDVtMleP|AIjlK`{yzvWc!_Z z$l4(JnDtbSp;qwx3Q*RXR#4WOHc-~Gc2M>^Nl>P<1C+IhHAHI>k=7z2-T6>??>BOV ze0Nu_7#h6nct3W$pE=$cD1E(lgh7QthvTIkZ-e7)bi7=(Z8$VD@Ek*SZOhe<*lXDP z-rB3S&5fnCn$*S;@{oI7{m8u;RV71LW<42b0s)!r(BhqfrAFelyP_BMN;+fTtVCAL<*~*nbsWtBf zWvzJG?$0_jJd0%iU`4a$DxqxjQWM5MKdNJsa|gRIDDKcYPLBP#b}gN6p|N0c`l zrLS@$4bpx@dF)42j{S)8*pDa=xzX#X#km^;&oN}zwqxLB?*(G7ITPoW7V|0wJ07X& z)NZ7*y(8WI`YIZCuy{bqz%FBCD$A@Uz9(5(^oFWQxJK}{wnmgNIVMP2v-*)|kyxI7 z4wU`Kr$C2-?gC|=ya37?@Jak>4It7QK%}e6%6p%YE96({<%*%Q)49sAj8%^7%gSRv zqCEB^%F9)T&ts%8E!gsDUKcDuuWMAo^$A_o zYBg#^2j^CdXRd(=r%VrJREpg3$gCWGxVoz74OI@VDKJX9ij@)DaJ^y7azBA2FSBaS z*HAN{lOs;4Io|+f&DjsiJpVQ*YtCozr!|L2YYvgFWhw6iMo#?!m3PqbhM{zo#~wqk zO*!6b$7AoHa+@44S8Za?#=vt7+5H4-YPM&ry=D~T*Mw?Qa?Q-?74gpK^0wF_;;PPu zSW7%*b{*sEbEARd)+oNH zYj;fbBU46!^@8IFh6^yXwEao7vgDU}LNxkQ1&OdRB8nbm-2)e3(7p? zIudIK*Ko9U5NYioDhyaBl=oqS3gy|MyjL8LeTeedhv>CjjaOcY<25ks=9#v@l{xdfMg zG*nsg-X~vOc^_`xw?XyLT+ZeF$TetM2sPLnK%2sYI>7y@D!G)*jS0 zsXeuz?1MOKW**mrvi4M5x5ltqsx%p(bPiSysVDKUV~mY_$>NT4LwV15^eEBtOj32Nnsz) zRk0Rh3ik0e z)#Mln^KvSxWPecG>Qd)xHR}Xr9 z^~itUI{W3WU(Wu1*Uy*Y#LKtecB`vh+i*7hWtXd!-$@Bo-V9|nV8d=!=E<_}?x(wORK~cdEBbr(nOQVNTFHXI2k<>mW+SWc|4SZ7+%>f5P0_{T2#`X*tu}I*k zhF&*)jpym`$?FGmAcZ^l%^f&*VsA&@IY7KCC22EKUPO2r%R#-`0V|&dwgbBe&4l6& zR!t~hYh`Xx?I@Fg+{1U~D{J}yP+Ko{T%a|3CnzKP9O&hsp8~xK^wZ}26sT7>MiEKLnK*_7@uJSh1Ro)KD{8(nX%E?k;7K1~iT_sVWtlTK? z6XtAT@B=6JW5?rDR^|AV)ob}QeYEro51c&r(bA&T{T}&Z&N4k4Iv8vl&o0wvaBfCc znc8dkICw5prc0xp&GGosbh0hE22akRC=c3*Bf-*g>0@}E-sj9d`91R|=h!c3&D;NgBtgOA~J(Z81tgPCRrC7OYhiQpRR#N_nI%Xl2vFk&?FW3(tb zn6XxeW-`x3WS=EgMi|)}ODj{UWJ=P-e&J)tWe)LlrWXmGmE%DY{{hq=boiXN(?Lz> zW$vO+$VL1}C>AuOk*YDKDTWtc*cf-?6+n)TJ|(fLj;$5$4sbc4U_QYa<1S60Xl3Op zB^RI5&>>tT(7T+06xvsenwwkAHJ2ebIIzM}0Ybdrjlp~vC1+s*Hv^xXF2P5zuf+#W zuEfVk%H#t&=O9*79Fr5xaM<9LMra*VbtCU%ww&yU3MqdblCe4UB0e@u?= zMclPOd@P4TMk~1toUwu00o<86!Ips6Wn!sh4Zc;d*2S8mA$}o^?+53LH5<+r6oO6B z3^a%PvAtHNUj1N!EqiWELvJ4*GtPI*afzgX-|bOd8?ilCGGZI1*MF<%59hLd2lh$P zb2d`WcXjpku64q@2+lYCLM3yDOXIzA{yLFo8daW8&Fdgz^Tx-YW$+HU=A4i|Eoq+H zCFhPyp3#@v#yh*D$3fPYG@H>M5ZcsJ8Npfw6BM=7mBs_jjItui&xY|y_ zI}DF7a?k?UGet{JWaoezpVvU<2ibRX!gpm;Z{ zX9ege&<@aZK)KF{DNIi{Xb~tY_;}DBQ21r_aLM3eP%aq2JFDm4K`#S+7bx~3>)8y- z?<;KqoeIiEb|vUmP<~g5dm&KoM?kLuq<+3yK~wr~~C5lGq=thi{wR1Ue410Tgiy8bPlBZ34wNodUec z+avFtfpYJKTR@kB;+4jpC@65x9iYoVyFr(OazEx~&?i7wfIbPj5_CIgJ18F+4}-n{ zx&ibHpsYWvNBm-iPGyO7Doa!tur!r7(4fNL0>>Ngc-K1~+M`@i7~Jl7%N;M_cqzww z$noCpc%0PgeLvxN-*UX~I^JI$kNK@}eiKrr*P`AS-b}}1{;FJ+rT)|=jLS4T{BO`*JM{aS0#y zXZ_`Hz@7`rL7kuJboKjwaCXLh{W+a@^hZR@Y>RUsjvIMPc1au*a015BzRrot``sQH z5_~l>AowZh$;eEM?aE~MLTR{o_bY{Kzn$aQ0^|)i_jpxiaXMj}09)=B;4wJRja~Kn2XXy`;L_k0DJfRELvr1FB6meJW1f(N_>AF%@HmE$ zv_7#$W9X3RgjrMPFC6 z9wf)i3A(fCqj$D=f+z_ z?~yFM;%X@OF~!0}F`LUpaVdJBGcZxt_dr>;VTHb4-XWR6dWp9P5JvVZz%DT#MJBOM zaMDsL{LK2vL_H+MV81@6_Z}gQa56HKpMKMXV4Q|97D*h1YN6ASS>tp%QY5Ep=+8hu56YH+yy!Uw z`X$g4pkD^%tYaT2W^m$n#-|lJt)6M12SHhrS&j=qe*ub_MDPmeZJ-lCSxVmIv!^Ynhwqy z^d3KSyq`GUZyoOsjyDROl3shRL50CZj(4f!&2YSH9Iw*xY8)@_ci*|vj^C8yxAZ;NgS`t@fsX&q2m<{wAT(cs4y7mc>Ge0 z=IJEIo9cMOh7TKl+e1%YU3BH#<|m*2`$BxY{dZW0y=l_)&)?9nWW~RR4}bHy4`K(% z_XdaY738AgrFfJ1ncygVvQA))y|Gx>?%}|Ew=*-jQ@|tf|99xXo z&@XiQrmk43yFwg5ld0|uvHsa&HHj6;RJ*v~WC#|71RG-*CFK?y;KUlzZS(NL3%^9) zl&na0>Vm(G-oUV21>UbqwPS%FV)fB<>%3@tj9=AVipP-&gEHhpV##@Fdr3%qa9F%5 z6^kuM#G8{X_C+tNb%+z2mzGSLzx)n($=cIFVfOh@vUQ_#Cpt7FnwdXYg2O_Ba?g-X zd^ShEZ)~-m5t7YRnk{)|NOFEhED_p4%qlx8B*HBatCFc4Qo}=1y>}zCx@b2*GebZz zhdfF%JdG>ybT{E_Ctur=s!c{)D&W|TOFr1CCoXyvbdK*$hNo z6}AGwNGH+Q-Ib;ne&`XvI(#8DqjnW^IidW#pYBTQ~Z>dz9_GBV=T2g zj^=G+5?q{H)Rvvp4kvs`Zei4(zEV3e?^QnTnfY^R?kjw~$c)xyPTWTO^i}S1ca7J2 z`l}|ntC;3wv<;b0C-x?M1IX91DNYLYpk_rAC8oJdoSN%ws1;qAdA>4{PIddMr{y{u zy80@2o==>*_;R_syZLl?x~@w5mx{%6Ybs)_6m`)AJ`L}aF(apJV^?ZLv^l1BFsFBB zNVXP!w)wSQ9gC`xvR>hZx+UtBLfKukm5h~S`6tPft*E>N(jsxsagDUH;#uF~%v3`>iM{M(myI3|j zVbP5ZwCu>(YWD4`@wBqOjWs!0KhN;J;sSS;&ws|Tth=VgMQWittrs_Tw=Yj(*M-`6 zVwI21qCTX2L>4=#hM2vXyV1?=WVw7Fs3sZ8_FLRZ4nAw+%Tv)*cja0ifm?G6_+z=C;2Y(*4b+RG8GmawRf&+`k% zoG|mZ9C?vwiKa9ep@gi+5c5463Lqr4(n-~p*F}x9N$7m5JI|YG)HDIm!!J zpxqa`7u2|-ck*}imiJ;#YL$~>C2Ct8%aLoNyQ2D;bNf+RE0)YDWj;1;g*tKy z`99*#+~>3Jm2zUfqe1b(lD3jD_pP`~b9b#}Rw`KM#OANSW?{L7?r}m5vF5gDygj$ry-rM;PrA7^w_J~x!>Fgc zxfLCG66-e6w)kD)x$b=#a#GpxQq^*d;#~Ca&mj_0=Hwo5a>z5YRXoapi!jL)>Rk94 zzy9>Hq2hfoEUleK=&ATn_^i2MP0RchD(Is3a85CIdV@P%)z;P7YV<7PM_P4`;OCle zbD}i~bQ_YTl-C=Urm=s~@~(8O7Bgn2{_XA>9RiunX!=j~Fv05#eCABV7@|}H1&P^q|Fkk3Oq^;iI z@vwMy9CFA%;pAm0vI_f6m?+n@qx0Z!#P_=II=!&(dEcEWtl3uH-K-OK7vasBV&>+( z<=*4uFxS!Qh{enBsOvxSNcbqdH!OiNlF`3U-j-aa{nhUapDs^!bT?s!;IDo%*J*z> zUWjl4<~3M#ehGCMAIL3XH^a4g_CY7+n{qkYJUhxp-Qyvo^g|ia^Rek;85a03kGH*m zRU2&YCCP|#?>i^*;a(z@Yh%smH>lT1eZ)!WV_a5@!bSDb+yXwgc4P_E;T9O*`P}|k zZUL|1<5>cYF+7J`lPNq$yp~U732{~2Eh&WscRIn+<~zG!NNH?Xgkjq%%z@GIqV>A8 zf6_@drMgci{Hzl;EA4sJKIbGebv9z9Gv+5-&pWYRch8dil#|T7b(YwtomgXAEXKu& z7Sx+$Vqr8DXHJzjx|DzBG@?kGlilTH`L%*xTAkbr8FF~i=NJ8~6ZKWQu{+V+n!*s` zE_qgzMN_GGXwv>UcL^5yuvXr;^ovf~Y~t9r_~)HCYnA`lmQCA#hR%mR*kJbdw^Coo zErp!062WdKf-bEo-n>el2s5WUfiH#ybgsj79*o7Bv7A%d$pI`G?t+)X7t|(K%Jjhw zigG<5Uw(}jgu10Y;Y-l#w{$g&P0>Z-OJM~(_3S4N;ZzOoh8AjTtWWcbx=QN$CEe`up{=;mK@g4#3cQ;{D_ z=BFWTdV;TeF&atoNbPe{ja|!evpizoaAL;jmnnytcH43cy!=q{o9=?_NMIdoY)V&SXRvoOZ~`6Wt4n|rXM?*UIkBvji4{0L+%2!w~ForUaD+nk>8T!9wIBO zQ-X`?Pnf|e8bOo?)!CQqtbLT4)xy~PU=Mg{lnG0j7PCN>AiON6Qe%_~? zAEErB4>`X46dr%Pa#~rh_lT2iNX}2iG1kLWEYtbomw82eGXBfSh8H#>es!bvNp!Gg1^ZYM9Ju=np>>e@ZWi*{Qj6$_E@%T=KhFQ?6=us zde`io`>goyvc)rI0NLaF-#h6ByiD0^n0`ET8eT2E1^y5ckhvwwAFj=5u8P|j1%C_) zS<9^vMxCyL^&DpW(Bk5sGUQh$@r682TV-6;Tlz#u8fB6#>L0Ry4hh<5V9D9}XjtbE z7w^A>F7VdlJ}>!e=n_W8`hV24!21FY5up*`Nhc~kE&2D*v+?;`<^_3ou(I-h&y>%* zJ(`vOhm)`Alqi`IkUbxq$|K;HEdQA;F_%6qbChD7Urro(#bJ*d zb8#%=?)z%Cm>(8#T~ZBMP8z<_#$70v($D}2p6{80rK@3X z)$nX##37GfI?byenMqo(|FT6j)?ZwWsNa}?7g-Lg z`S~F+sLv;MK}al9TTMmAvgm~&!7_Xz21Z^n)vH)NCgh<7xuVw~94hK@y~MLT632%G zbR<_pw>LDotXNLSDYyu(Sy?eG&M8QZ7%HQGUoESEHqV2LLgL6Kt`O$9`^6zCjb>wO ztgVf4b(${eC1aC<7Fyl%`M?6bU#pnm&baKX!}1Kq8dh&G(}{$NF;qgq z68w7${^sJ9xcNa@Pzu@rG(Tv9lAG~wDNrk3HA&!glujHi!s{q0V4?(HU3o*{+ePfE z_`1;nLHG%NAgF;mBI2kDuh-P$qZwCX$B&so1yCtsrspc~Y7JvriH$Zb50^-|U6Nb? zT!2m=?@;0ODZB~_iuV)b%_O`L5ES6JU>#l!1s#CnfuQU<2Z0U(9Sq91oQ8l70WAbA z1RV-G6m%FUUoklY^bF85LC*x`>&1N4XgDZS$31NL_S)H?XM^&k<2Qkh1RaU{^Q8nt zICwKC-;g^8^c>L9prb+gs=~RTV?gm5Q*a*Wd7xuK@fuTbKIr+N7l2*>%2$~$1T6wB z0v!iB4s<-|c+d%;6F`eWi$VDU#6_SNgI)}J3FsxD6G0~;ewTt?isQ>bF9W?C^m5Qi zpp%fllR+or_zKV~K&OCC0i6cQQPXtL>7ab6Vg~3;P&yM|4SF@`EYMk?eAVI_&}%{Q znpMEpuV;f^4|+W)U&4M1XbETuXelUXX=R{gpyiGMiKyLuO5%fmTTF_e1I?y`Md7$$^=Y!4%tp}|~x^Du->s~4GggFXQI0O)$q^`H-eJ_z~{=tH1<<^5sM4WM|PEZ7LT5%e+8$3XG& zue76ofwDbB(6}O?1)vZK27$8O4FQ$*2Fms}43zC`I4IlGn?R-gfR02$-VDliGX``F z5_mo++ruQ#NqF*H0eS@zI2)ApX%6Td(Ca~2ugXEop{EkG636wR^^m^}^fu6?pi4pd zkz3~TtB4%qjcr{t{-Eqf27yZaK_&j65`R$q560kUOdH|=%6O~-rM?IfCHVj<`2Z?< zKt&Iz=mEtg0l$;Qeqc7}Y}_|8(p(QJ@c@}}} zc~FrDWxmb^oxK*aV~sqh$b(XT45*|JROE_`9H_{FiX7;e7RZ3kPD7^H$bpI+sK|lJ zeL-jA{*j4B4pihoMGlnrjZ8A!~f>M|K`B| z=D-`tf!`EyjLu%?w}J)(9TzkV=ud)%1N}wNNT9z78Vz(x&{&{X1>q;?H;(#>fd&X- zKRH+sd)A?XrUIQQ2oHo{grHeKBL&TIawS0L2(JQYjG$_u^99uc6$xVBJ3$aS{NQ3i zi-9f`v;=69pk+W)1hoK76U6>`hM+beZr?DFpMeWz3&MjT;0|*GWqemEh#hW)pdO&P zg4P4wAZPhlWXa`WMpq)Ug z1U(Ow5VQ;EPC+jMr3LK0Iso*Lpo2hf6Lbh@qoBh; z|0d`N(7y{h3iO1aV?dh)9S3@^pc6n(3OWh&l%P{U+XUgU7<@<&9)!V11PuoIn4n=m zI|U5~dQQ+tpic`L4fKMbu|O{hDgyd~pkknx1Wg3`lAuXIdj(Ae`nsU$K;INJ3+UT| z<^UZKR08w^K@~th5>yTJ6G62=hXvIGy&|Xy=)VLl2Ku$2B|ygnEd%s)7DPP%Y5= z1l0p=71RXujG)Cp9~86%=);1R0qqdf0`v(%tw7HTY6JR|pbns2g3>^r6SNlSKLxD= z`l6s7pgn@t1ARr%2B5DA+6bijHUWJ@c#i|^7ql7ZyMnd=eP7U4pdSj_26RZ!cA%dL z+5z+nK|6tdDd>5iqk?t;{kNbOfqo}wH_#sh?EyL=XfM!T1?>a+yP*9*{}glph)X#G zgM&c*1swt!DCjWI5J5+Ph6y?fbe5oFKxYd&4m3*8382w}P6C}L=oHWeg0P`&FisE# z`a!Xv!9bS?8U}Qkpy5E11&sunDrhv&Rf5I>%@kAwbd8{5pgDpj0=-4hB%m@uQ-LZ4 zO$VwLGz;iPL34oS2`T})Nl*n)lb~v#MS^O9ZV^-ubekYkD`-8?eS$UstrxTr=wU&dfZi_X zaiB*9Z3fyTXbaFg1#Ja-m!NGx?-8^eXp5j7K<^i{6X0zEHiAJAt6?Fag-paVdk7jzJ4x1d8nFAF*h^kqRufW9i|D9}DZ$AG>i z=s3`K1f2l-o}iOJ2L+u1QaKL$ek?ppEQ6m48VvMvL6~F)M+9-*^;d$p!ulIQTuc3} zAg-Do7gPlFCqczPe-Shh=x>510i6;w73ft#T*>TL%=Q-L#zyix8Ebl_g1P1v#md`c ztRgiDPMP1yvU1I{DOr(IIvKO}T9Kg7P82Kald&GjmBy&7%kg(IB%(nYS53xUxO%AE za%}LFlGVP<<4h@gE!PvHxR$@NA)erv`JIf_)0+jaG{5A`70mU+<#Kn8*>YJ)3466iV8Iw5i*Ty@BQY1eu9NsU+&Aa5+%B+xB@|QJ%npa@Ia{Xm$YYc94 zbTU?Qs^y3)yemwuaFu$6lnZ}tKCO^k;qPRW9BbZ6xgURdKgMY#azTG>&aITx^4G?4 zB~rCUq)4sym696%+FINydTohvZHf1>$BYB(SSxZse|a5a)hcP`uh+yn)+%YKmV9Y7 zWu?@X6>U_MV;rhc62z{Pp)^KhrLCpiX+sc1at583U#* zAvwZdriAS)?s+8>6XKut3y&*CiUY^)O7NcvaT`hJi5zK z_TWr^3OS~~%vsjJl%$Ejd={w;+ignP54LL+%pN8s{Y!&b&pIVV{Iw|}X1OV~&$Uj; zZ~of6?3CKYU)DF)rB10`{Nto3L)c*QLlM;>~ z$Rnj3#{g+bGkpAQxeVo$LbK2v{s0%lUCYDWFT2zyids=dxzm#EL%yEtW z+Pa;VIPsSne*hVmAcGdn-|?8!(Y~9 zJ}d8%v(+daeZuImj>E#|m}B;sDY^@3(qF4Pf@20u?j-a#6a!od0}LH#=paJ}8#=^L z+OZghDiM1j;Th)mOheBybhx3k|1zAdMC`eQBhB$BL*H!ZIfjll^jt&77;txSsWRAxfI^IwW?aZcRvk2!;~*ReuP=GILyRD91Sr?86w?(=)JEF|c1| zV9&?E7R(louTx9V4(ezp+|nz4}$Q1 zbNqmz>kWO-(1#3t*w77zZZz~ULn8$W`Wf2aP|j=_1{g}8BnJ8t=iK%XQA`Xn(7 zHI%bp2Kpp1&?kw3K1mFm8#CDNYSAZ&fj&tLoG~-dCy9YRNeuK!V&FWQfj&tL^hsi% zPZ9%X*9`PYVxUhF1AUShIOk>3^BCO&|!wsCy9YR zNeuK!VxUhFLxG`#3>{)|I>yl1hDM6@{18J64IN|X zY(wdj#4yCrLPN(GN}nV-Z)l;RV+^HFlAJfR(9ki4My8wdh87x1pCktQBr!zhC@nNJ zQliI03@x+XK1>Ys<71%T8Uy`38R)OaKz}_3`ZO`nr-^|+ zO$_vDVxUhG1AUqp=+h*0xS=BrE$FZOf&!uRX%e|%hMET^kN#4`mEmDP6UGsZ1X6qZ zSRk{~45YSoRsgl0PX~(06?1^p0$u@hkMLL^4+v@kQakk$ppOZ!1?VS&SRj8E#H?5Q zDHDJ0c*bQtklH{u0;yH92U zE%!YDbdB&10o^9(2$0%FjsdB);slV|9!>$Ng@DBnk(dqxQcJ=}pz}rZSRl0u6$8CZ zc$0wC$~hgVU9O!2^n{$P08(2)Es$ELn}F1}V+oLY2DAXFjk^sc0I0vj z^bpWD#`B6JKsZMiY?QN|ylrQ?6(MQafuKkXo|RKx!La2c#Y%>w*3z zIkXW-eTE(fQZJq@K!b}Jt8GB)v9kkcxy0akAoav~5lH=N_5i6j%|4)^a_s>i^?o@7 zq`oXifYfW`7?ApVoB&djP#xF`LIV<>-pkg4kfKLKadp5`7 zYMq_~q&DdaAhkr-0;xX=$FOQ8UIL_c+ZLd%2~2q#(0c@>fz+bOQKZ@(*8`~+%0{4< zMecE+BFUjGKxM+)2Bh9YJAl-8;&~wTtauSfZLfQP)O%-0IB!OAt3b~I|8Jh zN5_EFhvo#({gNA}fIcAiEx`CwEtSK7`V})pBY}P^Wj+>2eN>8p)bnT(koxXS2U72d zIY4S}uK@b6+@lugT0u=f>Rqw~NNv(BKx!rC$IH~tng&wq?>eAKl0)l(ej!>m0;#{z z<3Q^5umwnM*V}*|l@#p&Qa_mIfz*@aMW6wqZx7HjqHiCN`Vt%fQty&OK+{C-2#|W4 z9RpHdn-f6l{c;LOeWdtN3-zWM26UgqfFHF`PlK^QxKbS7bVndTGr8 zQooA|AocpH1ycXCCLr~yS^}gtHVa*r2*)OTkOkb0r)15&@e13>B>b_nP)x#9>=Am|v- z1%gfhsipiBkouk!V1e%?x!W+HGqwH!jSw^zXr!QGAhncF0y;-{(}6fH9vI94I$ux) zP?4Zopb3JSfG!ra1W5gFT7WJUUK`LPL1~~Vg4O|zkXWq;QqRGSK-1*x<3Q?3w*_d1 z@U{VcPg1!9XqNDv2U2gO7l9^9?(P9nZ-#w99L*054gg&*=nzn;pd&!)1#k?gLU<>D z<_bCmr2dDTFWw+L&J61WaV}UdXe>~ppkknff;bbrSvnXt|(TpqQX0 zpjJUkfK~}=0ZIsJ1G-aC8YnGj9ncy<>w)ePv=QhYL5~BeXXq9n^`Y4Y)FWqi06ie+ zd7y^`y$JL+L3@BU3fc$sZ-Nd0{kxz;Ku-ud0<>AsF`)MfIsv3!Jg0!36kY-5uTKdY z2DDAkNTBPb^v43J?@lq$hve)eppOWe4)ifWbAZ$*rvgYlfNFtu%GoBM=L9VQ`m~@H zAoc8N1A0MtX`mMctpoakp!Gm63EBwsB|(n^?G>~I=<9;E0ew@@4xn!fdLHP2pcjFD zAZQQJj|A-l`iY(W3YJzi$Unvt0W;korEo2&A6Gdw|sc zYaft$3LOAa|HDH-7s)-20IC1dF(CDhJpoi8DL(}?NKnC0^vZ&U0i7XeB+zg{V}afz zs2J$Yf+hi-D`+~)=EnI46q(#wMH)#=6tEk$<%fu?6-a=(Tg~VK~XnaSvcgna%uj!~1JA|gARPL|o zC>2|<#$CN9vhANXUW|*zORdnfd`Cbi@is$yuo1l1uP8Z?ahK!W-8wIrRB<| zk=7yAq}FAXDicepO_wjF8zep|(`0IadLb~cveR1^ibJi~yY$LiGTImGU3Ln?SKer( z*=p32%ErCc#l6&|ka1ZcHA&M{CRQ_>4qDHZe^W*o(o&`}>JOo@RR0m>H;PqE`C2=b zUv0{b_nl|z5pliL9hFgUv$f#XK+96tz34wcPpbs(>%H5SqCaUxe?mW$OV5QCm`UsMn&_Zd#j{B2U?C(Mu=>ZN6pYKEoD~`wV+S#*MlXuu?PDs!h*m z&!~3``$H`?eWpF5*Hpt^nfr{!AX6J|*{uWJ5pryl^AO8H_;qpt$`s@tkl{o?=o`M9$ROQC#jfQhn<8G z7K2@Xon+*!eYD*i<3TH7f;sMIj{BKowo(RbkEk?!YwxvoCu={ob{n^DTqKwK_2ZFx z++Ru1-{^b596w-=2bkjl=9oPJgSBsQdc!c#oX3D%g0*{C`^_MGzCcUT+9Rx8!>%h^ zy9{eJL(E)fveDaL^>i?#Sb?>#SUZ5VlUTcvwPOq^G4e%*Rv2pXW5{%K%!dxb5L2K- zOgyZ8V~DX2U;rb*+7${*%(2m9?H1PFV(lW<&S339g+{-%>lB*%TYDGZRc5eu7;EP! zw043y=DbNyVUsyF?WM3tk1tZ*X)bN&o-Z2dj1F~?)fd23f2WB6AX{uSoKve@G%^hFwPtsbB(vZ zn)B8UdzLvq%g7Hm$JX9C-0-d4#@dao{l(fTN0{qI7eskY8ueu~(AP#7NVQMjE*`OO4$9=J6xY-`fXYJ`fMX-?f%y9=~lx(&s=|=IW9KG z#r8T=F4pdC?b_BJYVGgVj&AL;vyCEam$i0oGrVwqJJ#OH{V*7;{oMKqSi7{fZ*xxy zkuw=*{T-}*dyKiS^~bY*5a*lplT;k6DAC2&7i? zsX#v}<`uJmbQP=wC?ULRpi)8gKqCb$2GaGqWk9;p)(Z3`IokoWP|#YS9zi`oy4tt_ zNLST10sXCr_uUMn>x5f@bRBa$(1+yOoj__8+y$g-^}B)k;lVmE*bAg~jr~AsV?GF^ zYh;IkbQSw3kgkj!2T}{sNg%aQ1`%sF7z}j2XdVuvHmcD;6NFa;q!z%5Kx+S;3N%Y% zItxf`HYGr6rL6{1drCc!S~3>{seNG?kgor=0_lot2TR|CxzR1c(U$curN3U3(@`?-NZE6@XiI)HvHXf4oFf_i{{FK7eM8bO>8U4o7S zZ5DJA=<9+4G;OtJ39T3zCq-)$AKx(U83-l8?+XJMw{0%^_2yYXRT9G#c{aScifm(}MpSJ@Y6W&fB z^^@5Jq;~AxK!29Adx1_0+7G1b=m&w+@8&R&+Qp9oMaEO}aUiwFp9E4Li~y5;wTuo1 zQg4jmKx!i$4WwR8ML_C*FcIin(Ki)nLNPVZ0#cuZ5+JoNR0FB~w;o6>1B-#w7Pt&Z zeWO}|)Qh15NLTXL0$nNh=mAnI{01Pk5o`id@14y+YG>aHr2Zw_fz;}|6G**db^)m! zdpA&xXxYa5ENc|`d11%7_qd;cQ2q5(pItip!eI(v^xC{nTyYp}$^~D(t zq*n7HpmxzW5lB57rUI!q)hr<>N&L=Xoi&eUZ4-l zJ@x~s*VREF^@=zQq&B6aK zy`Bj4H90#K=o^A&0jVEA36OdNRRgKDz8>g@BDWYwy(g9d{Y-eRK)(>w0rX2jYk`gm z>H$)}pbbE3x8DTx2RXYLNPQQ!0{vBZ+kw=_W+%|4lA>KeXA0U4G(z(a=z2l>fz&hU zAdq?v90uw?fojmmDI2uTOdy0TYiQGgW z_41htq<&DdfYeW+1ZbSdRRgJy2Rv`5@+zzCEK|6uelDP}$-$dVTAhl!f1yXC|exOxy_8^ej z)DHvQB=$PETk|EA$U&B7ZE6c{=l8u<8L)ufz>N>OZsz zNWJ+s1KlU_+X|%KhTDPEFK8!_`W@~9QV*fsKx)_B3#5Kk`+?L;^dQiCMBiZ`^?^JJ zq~1!$fu5GLCxO(5ikm8`U+G{V^#B_Vq`s1)fj+7E2c$OPi9qTFG8IU@`DOvBw@nGq zZn>fw=w(6mKwlQL80f2lmI3V()C#0l?hYXJLs<)?_URrV^|0Ci^kcbV6Oek3Z3g-v1fGm=>N8sn z)KBEb;XTL6^3EwOS+q}aw}UR&y7>;ZTD+s6F?2qy_`?fcucnKK^N$m+;MM&v4b~H2 z4dY)HTjU+HfY(U42P;pQjz)?iQzIpj`pB|K@VfqWM0z5daK%=+YG>B9yCeIvIImCp z|BcdzBgg-5OLIR~g^2m%0Wm56`sX;de4b-n%9hVQpM7kv*QCr^9r){JXEm~j-=^wEqnACsd-xJ^{S5oQq_N*dsVvIH(Taky&G zS%MpbtiVHa3C_mhHqnCPHQ*M(J);TSay(R1_(!*rG+aYsz}y0ZZWc=*5r=a}4AQp< zht4Dz#zV3NblycvwvGMSKj-xnt^9V?_WHv#s-0b=f3G6&n3RE-#!OP?vdD%gdBQK! z>nZDaz%)S7xI`X}h2eAkhx=p4FVg!x^4PfYC;xKB+zk-O4R)(?hDl*lqQ;b?Pg4VvaK7;k`eEWs#Cf;BiXo($uZ zh}#q)Yb?VIB>_ga5~dnz4aa;EF4l8$s z;a_T~jn~EI*ct{|J`5P?Nnkx-V2fn1hRHE{h{2wQB12K(C9sEJxJ*fK7BXa@wB5@D zp-Ke*4W$Dm=NAdD2s|#043uro=LnDab%CH+K%bMdB|sk*R1Gv*&ej9X6SNrU7jkwP zP_^({fxalb4xoX;TMHBy)C0ujoPogxpkE5w1oT5en}Pa^+*Y8Q1Z@ZUzMS0&)GWMR zKwS1280-eRN_cyLt`W2!=ovYC5NL?-4g-Bfct?S@3OWunQ_h|Q`iAiMxci-;!9af( zG#sc*8XP(9Ekf))e)r^qb> z;tL*F5C{62pbnt-30e#ET|qrSO>*r9puY-l6VM+7Z3co0{ND=nGvRFq`ki7Kcw%>f`;b}9!NxcZW zSC*zltWjZ zk4RIU=wmBTeMDYgzPQ&JSiI z#ne^pbP;)7>|H14(Ut3?+O|yS#-VW|^7>}sXl4$5zD#m|OWWq-ZB8$d*PE}b`}jO} z3FE@FH#?m~UguRfx-v&x`}&BtO@GqqB=S1hIydFMzugVc0 z=;`Ad<5T5QO+@eeon9iZH(#AbeEZN_xz^U{r=4CRulHgc73a*FZy z^4w)%zH}P?YP(PG-<&=ouPC9kF29 za#W$Zh`g?R&)@8?gj;3Q^_%R2=-svau`t#NQs#Gji8(*G^rn>W~m3aTr=_T@duR^?YjY}}*&Tgi*RY@ygUYv9~ ziM-C&+#g|_V*8_iIbB3vSHAX?Rae<0%CMUTu>Mn{%DMKf2uMCGvWwBaYK@#1YTKita?TJ>JY_c}p^ZZ>g_HrrPDp z=SVrzeWlY$bb6gg_i1&OIGsdZCs&5X=ZI%TteHcAWE>x`O__L=I~_!)*HM}1t)s^2 zAo4o$_20;^s(4#$AwETm7RS88C!BS7BY9Qp^bx%=eWf9N4Nf1C*Vo7RCM$l8@w;M- zqpy35olc@RuCp|x^LD3`$m`5EZf{7=PsLZp6VY_6GL=fESc6&DqD~Ky*ORY}W$Ov2 zbEVTo&n-za_DM^t%%{{+08LNp_$eWr<2I* z%-1&=on~sM@#FoeYqirw6l5b8w0O%`iQ)~)5HzULp9aL60YBT z(CH%bx;Q7uwN7E;=5#eg*OYawK<1&6Fs+X`eMDa0Y09;xQ=?Yd-jVKRh5pKh=W9(dO#kR;QE5 z>*PxExE%duL(;ES*tCAo=^*kt^391Gk_!@Xe7-s!Z9^a8=fpdl9wM(Ne;X~u_+&L| zSxurd9c2q}_3T-vi^%KB_Z)0UHpEuOJMj=OI?)SPMVs-7?Rcy+v?j63=_T@d^NlO1 zcXe`AESFYP6{#y)r445_!F}Cd|lLR~95vCRcN6Hf`nmPA`$yn{OVg>9_H$X+dP;E8_C_ zmi#>A^bvV|`O1D#a?Q-?74gpK^0t`Zs?LU3OFX5cU+Hc{?=PHQBCnU_m}?9qx={SF zR63_xmKB|~b?is<8g*7C@eG}`GS z^7{H1uQ9!)tE2HYR+hS0dotB+Q?32ZIH!}y>&#a!CXP9DYD}5#%bZRkuk-Zf;@6OD zxlDDsh)%DoF50m$9$Pbi1xKotYnlF%Y3A8E)9E7ey7JBaDidApra{zUxv?$Qi8Nxh zk!gI3(?#TU^|5BTsI$B^npi1X-1=Rm(?jI-0BCUw6jyH1=v;+NA_o9-kSnWmUGN+U1HS6RwElVd$L3K7eokU(| zzA>ARXL(z+v(rZtDw*yTP9Krim#^*S(Z`9*ReU~DXWZ!|@;XlwN2tz@qt0{NoIWD2 z?=*4D)+ce~HH>4@=_K+x`D)}?Jd5qC@OUAiwy~ySX=7`wt*s^+`jT z#%ffR8xt50R3+P5VyXIQy4B7%?smF}UW+ayEsw5yoh~A;E8kcsJ6<&vwHU?uwaWXP zJ|eF#Z{Amz#S<+}Nlm3{tH|*Et<|n`<1YTs)4h&O#+}`f=5P3cM^G~OxtQvfb+5EHh>`|wW==JGa6i>Hi=iMf!kI3uGpLdz@ z!@4JykXFa$McZSxKYpjvN#u3rd*(=;p@OUgvt7N*=_2yF^7YA$)n;06+gE6=@E)g& z$m`1Ye6_l4Ss?E^(bY>*Y58XSwm6+cUgv4Xc6Au^L|2C9TJLvyh`gS>>5Qe# zrgRNjgrB!P?Q{`&U3tsY>*|P$t^}e7e*~;$b5)e-{D9L*xGsMr2tv~Mc5qW+2^1oc>e0I*$ z)ZG!9>wePdBJ#TOJ+Dez?&#`FYXTe4dsMD9u`}bF=bb(xuP<+(*^PN~J8CPM6eiG} zT)p%fwcdWl=_K+x$02Vo%rSSwm_NO=Bb_wUPpK21bvlT=j(mAmpIj45Y4dD|-O1U6 zpUZvT=_2yF^3^ZVg~ygv!~qTK#crpE$m^Mia~J1Gm&U0r7EO6g)bp~_L*(`3%byzL zPd&0Hye|1=r-R7r$kz{w!3${$ugue+&iH)Q=_2yF^2JBWE0Ioig!;dIP6v_Kk+1)g zys2OnYKOXdbo47=F=$9~Fwc@>yuRgh5_z5Z>{+7IF6}gSb#}xOEe)~GuJ+ixBv%cv zMv0XkzsB($r=Q5{=ax0s$eEG_9o`-A=`#v3XI*7auTj%`P zudZro+09LrjZF=erFBc^H`L6nnYVOaXE`-M zWQ*wfsnbQ|b=l`qK3x?H8cLgL=FhWwe(v-Tc|CS5D4(9%(#EExb@MA~s%k1LmNwNO zi4w0PP9Krice*szRLx&nRa0BJbU{OnjoYuBE+VhXj+yhtt)g~b>C*a!`J%6;LgMus zr;Etzvg_dabX8VWRhBo^EM&xLP2T_3=_2yF>^e<8T}=(8^BT+NS5#JLULALOh`b)# z?|VHur>Ltc>y{P%Sd??+wcRrP(N)uK6SqG(okU(|zCNI=Jk{Nio{wf)+O`slujy8* zULD7jLwXkW0e^8iiC(KtvB36LYSst-=5!Kyoi-1%{Y5pNb7P4HtotO}UEEGNJw#p) zx1c#cNB^;?v9vykC4TD%@T$9>$X}n&$DpjOE0#_s)2(w$o0>2P!ZJe&%hs_JWzlHTgF*&u84Iur{Z|nr@YR=PA8Gq znQu&!9oNQKipv^MsB1PuojxM3&(`f;R zpO>1WrVWm9I*Gi_d}C}R)6Pjk^9Vo2xVD({Kg4y-smSRi@_PC9 z!>k-_+$T4`W;9W$QxlwSBCk8&7>?B_8O8EsGgo=l1&u_! z1&Owt8nrJjb^3_BK0C(C?t|vV(x_IY(Uu$FrW2m5n0|xXxM}=|yuN(#gFY5*PKE5- z<~n^uUSGa`sJ^AOw56pov9c}R*;=0LqAO8&ynchzNA$+@!6$~x)6z%OIekQ4U%on% ze_rL+aO#~-qSNctT3y=F!DX8$rfVs5#VcTUkx_xhv(f1!`hS>v6TrHT>U{j_NtPYQ zNknjr2_Y!XLNJMO91~1{U~RTvq7CWEj)NN^OV5^KNl(#}yo61pVN2P|PD_DOb|_E? zg#u+MOWDg-C_9wBEDl?N0{`zjbI#1%_wId`!TtaGV&%@Ane)w=nKNh3EO#bg=GBYa zfRcsj=7e^8Jh}qjc9hFC8TzanR?y*cj5j)cp4#j2=?eIH{8A{R0*EHY z9o{~VM_0hhTZgZ~bKTMWF*Hs$NM*l8`5g7QbOqczTNSw7*d&1|8En7fl(V**{T_#| zW#O=c2{`Dq$WPhh&=qj<^v%%NRJFVV3zIv>s^Dk5JeMAWPkKDM0-lZ8YV`y9K(}dJ zc6?#EE}9!VFEmed3`D9!G^N|QC-5r5syLFvM^A@4#Q;d7LP$!z_9hF+ByOs)VbcSc(kXd zE703~K`ni;>Z+w<#}pRagWg*5ICKS^JY5ZS#r+r#49h%369YlZ=FdGIT>+0}m$kNo z!sTjn)GKu!b6Wv`3YE<|e}c!PD`4i0Jy6&=n648b=94`pT>&$%4-h`F@r&zrRC&f_ z+)q8lW774*3#0W+`7xPFD%-y(}z%+Iu$zOuc)1t5Hx^;H zV;cyzWxM|U^&XF|KN=6)vK`(VJsw>FFRx#xVK6N#p`}W1SFxKV&wT!a$Du3Wg|g`zB2@AO!71+2Vw z46Lrjd2WwBmO^7W{jEzftC4~#8NYgW~K6yDzF@#qS84Ro?wBg{l} z`Tc;$q$^p6|nO9 z@7^x#&eDC-N8MH%DYNf;9J&HdBc5ELIZ@-bESuZ0x2?zP1iLZh-Ua(f{qS=n7bQZGrk{`fxdJoHQGRuittsx&qb% z5&nRT@eufO+W^HX6)OeX3%bVU#`aH5V>>oxOMN^0y~n02VCR*k7^xU!uz?It9;@>6 zu|eufwB)g`b5aP#VW_tgBt;@Gsn>(I^DcZ&@2|5)gFhgfRoo=Q#h7E?GMiISab!fym3{qozT|ixN`($FTIuH zthb6bczOM49e+N*ZhXJa3`^7_+}*_rfCRGkOCm&c(i;N*=}R5mcNvVdJ0##ERG+Tii%3V3<) zVV0vxhX`o`$JYSA=}9B`J-3@Y7F_`=k1yGD`4f-r*tz5 z=vXiTacs#lSUS9nvPcfd)-*%5hSHQ~CIf^xe?eB-n zHS963T^^6FfOmqt*5C3`@^oRU%s7x9o-2#ADGFu<~@F&*Lm6L(*`9cfH4>E8s0lE&`sn3m)$A=vp=&hSgYig)Jo? z+eUWOjUJD#fOmqji}C!PgE5aqSHQ~a-?Z#7cd#E5|7hyE#y;V3=n6O|kbT8*nWJ1B z^f+_{oV;-F(0q0_*k!91RaNL$Kk%bwLLs!6APFtkTpNi&0<~$Z% z0jp72i}4$k63eLSap(#-jpWneL=qL{@vz6EE8yknRrLLCTy0D6_@qk4?63gH-!YFz zSHR1g^UTFVeQpIFF(2hI=?a*6{Ub2l_zu&6hVfXBL07=YYd65qJqE>zfddYXVC3gk zk40C&%A4Dau?*u$9)qrckv9jiV|uYVsT}RW_9$Kbt+;- z-molm0Q3Cm@_w_&p)25=AaC4WJiQQ#N%Hnqk40C&GQFRXHw-3Fsz(XMd?4~>FEme4f4=k8OQebs2)G# zG3Z(r#*VSW+?-qXvhaD2L07<6@L|PTv8YKU10YlIeK)rpKWx;55`h#PJg9aK7zv=n6OubYjGh zlT_-&?|B@$0?x(x`5Ii@50&U!tmB8LGP^cUSHLlwCqv#fM_5T1a~MDN7<2`U6Xq$Z zE#`?Q2s>WrS{9DxDYO9M{M_Tv6>u8V)ldaTTg@KC_8*rm(I>z1ICKRZn|sM98=2QP z6!P*Lk3m3E^J-LSp|-sr*S)ax&nOz{pyy7lz*P3?da(W^bPciqrZNe-*3m$ zupI_n0i!_~=y5(S4?Nx6(bKgodbF7Xn0RsYJhj`=(-r9R<~IC(DCnf|LpvAoMF0%9 zu=nO1k4IO)Ye$*o^_#Gb7Uxl^lu@3k?)afA&^M4#)d8GLs!GWchbMbG9J&IIjbSs| zON`_6TvSgy3Ett+74VkJ*Hv3xd0*gh=n6O|#~0BY-bEgdu7KA-FU0wjGUw^*E^l-N zj0U!UjN!^k`QaJ+4vVgU)xZ{&Wj$v*NgWDLmwOz#0*=XLM*Y>|r1;wG@#qS8Honim z>zIHVE>$YiG(;#u8Z#(j%e^#rN#!E^l`Jzasm zf!^AUkDMx&58iL!=;;dd4fNI!IwX7%8f=+|dJMV(#wFm9XDervr|TaFt+l(n@FoGr z3ta)HQJ*iigO&)(llKTX47vhFqc$KIS}MfgZ4C~Cu7J^~eG5iZGQ_#g}Yay!t|$K7cr zH@s=V;m{Ru8pusocjw|f4rDusq$F>=Z^L2G6)+mqm9}g4S+0+`!DG-BFdFcI4}Onf z2Ynb{{+Y+1D_}IJ@8L1n^Zaz!kXTob@Hlh@oCfvna3cBTEgr5+=n5DO<};yxdDc`P zc2*pe4cz$9Z)zOpw9&92Uk5xUT>O zU^FPB!O6-(rDJ;kB8JnFpNhwzD_}Ixc~0MGdCYryx&pneQ)TEYcdC+Gjnn?l$={;K zqAOrE>PzP4-0Y&YrK28$u7Gh#e*Iu=s=s{1bK=V7ksgPxfYYEYbmO3%X>5liD^j+P z@fdUkj0SDN#yTE}GWR%-Ls!6QFfJIziO>_nII#f30?*HF9*3@g(?DJxwm3C@sCR5} zc6`$1>4_eLu7J@FK6C6)`PyV0DuQ{r-P6+*=o`sB`q=$rIK60IF`nu%=n5FN9*`k( z_=toUx@pfr2|v&9Sab!f6V}mAtU;D=`GB^gzw|hC1)K)*5+S&IBJ{>Ed_6)+m*!(ns{cR@xd zCol6DbOnqC`LHfk=>N{s(-r6&@WB4C>MUi)!>c?7T>;|~@Ry_O1;g!!mf^JU@>-8W zSHNk&i)*^ODl;6^vpnA5G3W{ym*n%Jhbm7OXSkQJW6>3`8t4Pow%i(ms*-%Y-(%1fFdFo&9zz#;DUX8nL61dOz-pi~_0!k# z!WfqC#)dJ!qjMYo>apkwSPk;#O2;(`;pbx>gRX$lsP1K45FxQ$eA4646>u7~EwOv2 zu)Z>(<@{-nL07kl4_u7K5`z75Mac=A+OX=6FM0#1WI%y3e3SSvgZT>+=ToTK5?)%_}u zMOVOT#FGp;{Az$JqtiVOT>-06 z-Z-Z6m8SK-*5l9>a2n_zvDppB*rE*F&12COuo|@2A@t5u)7{u9tNfhnG3W{y4aW1X zpI7>OdV0D7eFJ$0eR;Yv$K~lT&)n{D=n6OuYy@{KYW2!)up({iLXSaLz-XWYq1*9o zj9c~)j7vNQT>;|~q>*F8%bZ`_&{;S4@i=q^oCfkDI9AV=r^`GJT>+;-o&?7xn#s%k zJO*6>qk)_VhA9eSZ1EU$1&kAyi=Ud1^1Z*up)24tC>OJt@yVMk0SL}Ek3(0$X^2c@^I1Ty++$Fccvph=th?6g@nop!Ky@GLK95OP zz}yPVti7Tcc}{_{97jDST>&%Cev|X^ci;jYwc^Ai<_Eia=m9bJdrZ3i1WY~jfS6^E zNmszM@o{ba2%k=Ry13(yhph065@JnyEV=?#o*W96<~If-)*+8YSHQYA!m{qb#Q`*K z3-5L1WAZ^h7A}Z0>v8BhSsYhT#JSny(6uZaG+QtuN0H#e#;uN@1&>45$>QLHM#VYe zap(#-rqgQcEiNBr$$w{di^rntkHCt~Em-ncbOkKy7jyY4VGy?`e4F$Hk3-i<;&cR@ zCwm;a0*>kH41UnOtc)8_a2X~fOjdvvd-Z)JeJ`!j+|yDiPLhL$pc*hCr@`9PS4RY=IzSNu2>PoTIsRq z3Rq@C)|Qw1o>`8>G<7RHo#AolI!TZ04Jm!*-pnoW!yf<;=1^&tuUQu<~pohsDcI{kfT`Jl@OW(G~C-$&Z`!iusx4P++Ptrd z^MlJ1`wlKn;ikv~n2DdBsLfctzTUpb+afxxX+;4U6 zvwfVVwz~qOAazz~Tbtv*&iexgnRoc<`n!7+=UjDPn_W+(!O^ac-rmlRuIom7`ga$H z2Kq;LU+HQtI}CNXDHm&SV4&9%^98XfgN3$xDj(P6(suRsbo7r5j_w>97#Z{+DPN#n zl}$fX>K$b}9_YHxkwzZE!`UitEVCpTT$l%6#A-s3UjW|h*OH7zq}f>gr$C+-XZ9Vz zTGj$2N#tk)c(@RMe|J6Z6il^^xy_U{Yb!0u+*W&UNBmVub^Zu-Ao9aF%-@=1uFK-^ zy)Bu$VzY*CKt|W%eQWf-9`D@UX(aQX6u$@%iw#2j|DZkn8%b9HeE__#Oz)`J`YV-wgSMfqcu$fY)7Z8t{RiJ$l1_PN8U@JR z{Ur|Lu|16j%#1Xs^RGgDwpE^x_ybLc{Z^9jt{^A>d@m$o`Bdh47DfqI1;9F=C?6F* zwg?|J_P@3#=3!N$6ANtHRel^C+Fn~Chi%IokhSv-NN;VzEnAq*$GHzKFzAi-D1)(s zRo|zcm(AO*se_X~&iP5v-}lONSm!V@3fsV+{o0+rtd*T**E!4cfxu&V9)|9t%wGXF z+uQA0whxl@y36|)4{`!g_&Xa6v?MGXms9FK`mIVZO}!`=yQj*B?R8BuaD;nr-Skh; zQ*DCdZC$~49Y)}_oeTt)t;_ivox;O>rP;>-?$AJ%;Wvwj{A)w-fR1fYZ(V|uhX~(l2+K$Pbvr_ zX+DB|cJ8qc-o zLGd5NjzFkPs6x|^4|D$5-+(Vrp=X)@=44f2Nc>&?Vf+0*%|CU+F!-Tvc)^W08%p!a zGGQM^{oRII>qmIHU{U;PBQgvpmL!y;W_&$1g7=fi*GbC}dESjQ$n*2S^Bcf(0V$&| zjD{A2Lq%MORoXkctGIJl!tkc-@cx0JzK&kh591WF`f=H_rd$BqzjkS%`VQlU4&v|Uk3j*DSsR%gj0XH__`nFgw;3oNn0`m+XDJg z)7S*swMn?NUaW$n3!)c$5e8de3dd7V-6DIbJmPW6Rv*ICvIXU$vc<6Tl10H`e%lkH z#pmJtMEzK>Q7%e`@%c@1oa4^ZleWUc5#N57rb{{KnR*Qy!cfpG=Y7DTtUaCO483_C z+|;ogdoLmZ8$XXm{%k+yKNk6O?cV&y)jxY|TO64^#QS)KL3;s5cOGv=%FW5hAbC09 zu?uZwy3rBT&IwGxf1~gl#_u++xCvp0@ON%DJJo#(I7=%y8VZK5f ztQBb-@BC89 z7$P3|rrrJ|e65L< zXXIIY6gcu5&$9wv-Y-CUEJMEAxcF&!NfO>E=ydke*J*HiJH*MBjLErD&bfIjKj@=m`vpQ7U}(mScxy|{Tt_XYun%8(dH*dzYUyVP;eJ!5s*IvgsHF=QyJi+<@J;TA1kE8x? zs`XcXtSs0LRw53|`7V%q(ldR_UpxGG`Zu2KTv0|F{M)BSkxy^qTaxV7u(jPhoOS~0!v}^fW9{QA6K!N=?Gpx$7-X7AV6A(IZE-x%4)9{@k23Z*8ozHJxXbBgq4W&cf6 z6EJdpANE0{`yu?@jE~4zk9=o6ZiJmJWnp|jYy^fsE~OnB?H}mx(Q$^d7{ZEugT2MB zBCfDSX^`HRMTmn-WU&&$2(@KX8;8ZLaauC?5S&zsuB=z&#kHbW%+~sN=x)Kkn?z>n zQgntTap|y)QwBMw z@&(W>H}7m#H4}6B)r>TlmoEaJdASSna)Z|O2C|i;=Mw1G63q*J8Z_zrYEo$blm~`e zoijgdk1eo+z65{!aZY$oCp^pgD9m#lDbEj;Z(b}{7jWu4 zj(b3T^#T``W^A%s~MAL$zCKUA&gzpsJM z(ZPW|=qHAH9yWq2+uil*ZkDG$0NO$7;MzRhiYlX>ph&8y^#{kU(v3zxVLtIn_WW`0kh-CjOCyD*3Hf#L4t`&;1UKk@fh zDmS!&C^wWLbFYJ~#isaO#G?(%Kgv7%7fyhzgyeq@ex&(6pP;vS6k?>~7Lp%o-2c+J zhR?X|8b3|blKfa{exfu?>oj%4*2x+Vcb0aI;v#!q5I)+qt78c3x;XQ880)Gm>ygp? za1=WCBP8`>Y^53TTWTT?P~Ca_hIHQ;1=ng`*%zACFS>y3#vjuHG~|loD(a34Q0CB! z{AP9pdtgL=vMkvD%pMdk;e+GGU%(&w@s#p$ifqfyg~{F?oF?IA@t5HBSNNNUEMBX5 zZD+QUVm0LUPMI71IpU@DtClCqiDks_mPGudE}NlSe+@tTVcsDslaxScfxGtc8_>DDLylxd}O{4(s^Buy*aNBHfCa~{f~a~>z8 zjN=YbZsF7ZgkkqY7iIRmaPh zWdFh%^auYF)z3w~e*U=j%RcdUT6a%xa=PhGyi+&b*syJ9q&JF1j1k?-p;D6@3r#hi z_d(LfFHu?EfHH9V>)d=i%cTheVzMznfH}Z-eLb_ zBvYSVWlYj%y|2WHHIF&_?&37Mdxo)nVz4wYRG&-;LrT9yKHYdX-DWeyTkVc? zJRUJ%mIGI$+}O8kdJ5~L>6lnCIxux`5wqGBuUX2qJb$8iEj9YYT?FXHs4Hs1Iu0J3 zFXOl_z2#W=X-&EoaU|)C@mZNqugV$^WRr43+wCmi+OIt?=O>UG=Cw`p`YM&r)A7zW$o@S`rlcQ0c4rTkC&Z*g zJKKSJ0J+q|T|u9!2WLcbLW~4ns-=pJt+9jG#IM|>k(QnMHk&n5 za6+1B1_4QKPZfGCf5=tXKhch|rHzC2E$K<+ev6)2_MNhS$okJF#OYW(iaQI(=FxBZ z4w>aszS_BHvbpo;6(a1QxHx_bdr)#XX`HR zr|Q~YE>)a)QJq&Xgt=G^c=+~i#y`PUUB2b z5q#X|-dXqS6MnEgJjaa@X1AQ@?H1S8Sxze;50^&ru=!7ths^wEh(Kn%lP)LL`+cB@L+Z~ z>v02ewoAU5N{<11#ZTt?WNqlaz_H(8<2sf4Igz!&vc3$M>`UK>vZmd3F5aEpnPs=_ z+SA`{+nmKIHp@DdZLWLAdz?3lZb}N9Bfhc6ITPbl%pd7DV18pW^LGW(-hw}Vf6V;d zPxEKxi-bi`PhtVp&g-2;`5`wKFB|U_0lg!I5q1gBv?e8g#_F`gnw09R% zD#acW-^~%#jX5H^*o5Yog7f@YeTw*RuSr1mS6>KD)+0}=vDaGM>w~*(Gxx)~xs+Wf zL+*a7$~uM9Uq$i5RYJX(0d}9VNMCZT_!ke@n3wtB-sg_%S%$%W;wLJ{S@)R#Z5@DLI`7$a zPnjM>T&8~*D4fr`8P5&)D-_&5u6BLL^Y}Z!pBuNAM*91EdSz^|E!Q(~~&ts?xw#H*a%B%D*_=QR)~pnln>jSnTNO9pQenlxU8U0C zFl292G@nyKexp=bID5869%vXcUofI&^G+!b%X|OCRJE@>F||0eZS$7VD}l{2X-d-m z_gDWyrF-;e3S!)4aQ6;~MM zU83;bN@dRWu9NocC~VJEU&r;z-(4gB;-E`sZRCelPMmAB@|<&YE@}^CW3<1!I6T_d z(_I|tb3zpRK#E`spThoVc41-ys|{7Zj&wbE*o(h^$L5z`7Gn7voIHlRO2($0oQ}*^ zaltc|FEGu*GH|k*j$?J+tFq|iHXWynGc{ZWpK;~mWH=oMmj=w@UeQ^u*Dx(7(=~Cp zLLbF(vYn38J=`n2wn`nO!*)#VpD)8S7l}X_GaV=I>3Ff6Ihjv~Tb@nMT^mTp$&xSE z9@6nTp{y5h#X8rU$&YIr={Qcl_m7!;yS9>!1DS-R#cd`XKC-7%%Eh&tbXcs9T-&J+ zH@)QAP&zzr+pZ0z!&zPvdpi29ow>G@5yv%rDF@fC(s2eBCS~t5%gME|ba+(e_aD{% z;G7IOU`g>?8f;>h`QeBAHaWO!@34GUT;Dirf=t)%)3)>*w52y_KZkY#^9iO}M^{(R z@bGBwz`!6+EwKEfjikamhXy*jyE=wTT7PICsqn#pBDO-52CxqV4%ddzKC>2gqja2s{@%SJr@o9rxYA1$kr7``A&zBD=KnD@FZDYX0#PB`!$c>MIN6fwt1c18`;F*SQT*{8qL0%YxmzOlipbp>xmVtK{L^Y%mQe;6nUBp+92uL(x8cg9 zjOh+4{X9#iYnFl2dYjnJ7wla@v&#Qi3XHvp2h1;=+mW@xrF^`L`M(p${3u9L_ zrt}D;?Rt}h4UXCO!}L2Oez@jPwpKZeY4PisosiEi0%xqlRj~PIB%JwT`Nd`X|8E_h z%D%pgRZyH8;rseohCRd1aRb-dnjQl~{4h&+G95xx3 zMs%}S+Ap-{dBmsA>cu<{=OWpkczx8--B*OZ5}45uKX&l?C>7p4u&3Y3$aG{(U&4O9 zV*gI$nf(p++>1V1K-x0GWET-dH(OA(a1;`FUsT>Vp+0Z&`ZjJP)GuYL2+@;GNnLno zP+H!F`Z(AGIqupm+FgId|B;A)c9b3558aQ!nG~C?scLy-M6kZ&sOIIT$jcLI>p>ye zd2}NU>>G1C44yuC0y+-<5oa-e#S89E~*VjS(BDw-7WY=9c>pX zx(3AQS>jK$^erqZ4c{kQWQIjBI3AvEaU(ICcOf>%A#*Jvo8nDB+EWXj7ltj)#5A-w zj<$4+^9HrppMCVBT5xfmyU|>N_>I*B{A=ex@;g|UAJQzf_&TcZw>6*CBe%5#O-jAQ zJg|*EsYNc1be+A%r@TMKkurw4AxQXR*gqnF1K1scox9%eJ@6ahzPZ6e z@OF7&+z-RQKLq&rpMpP?1dIaN|4V)u{|oT%nV+xBN7!E{w)-#{JKGj;pJl-R9>bWf zGGsVEg@51TH0^@Au>VGwU;C?}OI8dl)?%%qUq&9<=pSXy(q2!0pSi$mJN-3t7WYz* zt&FG~uq-w+tTq!-_%?>uW+V#V&hUq!v7)@Lg59za`!pX7nXuok6|vpI9%Ll;*v>g& z+OUrS4efvzf{^odJ#e#~?pl%feY1SWi4BW0J+lkkKw|e$M;3xVp2GO;L7ARb^ZRROzdqjI^vkC3n~|y}L&a zj>Ep8c>di5Y}Yx!+d;>C?uCtEd%fwG&Ql?I3jCO-r}DYv+^ietcIEJNyvOD645fLd z#^XGAR1U1YV{tiXo+JP4JhNW8ZuOVIwXDhcRatqC0xZwZ1|9RfCdxDY()<^a=faP9 zejcBa=k&LVtWnnY3pCyfL%h_ttlWD=`s}@##l9Wg*Y7Oq4O3&YI1zqc+DBFZvcPdq zq3y*?3u`d^hM(Vt@%?Y`M}GM2B!9LCjOpJ5zeD(|kKdfU6m`n{;*~w-*WyP!s=<7l2<5=$=R*ohih#0aSO?-YT`1DY+eew`uqnx ztqz$MG2RM4&mZd0_{$2jwC#+BI~4bAcyjGMS=%hm2U5w;d#JQd85y0aW!34fmD2diQ>1&Ka^ zn6F0oc?jof*MbrnFYWN>=q$#2E#hAU{}Egp>Qe$1&xm*n!m=6z^*+yw_(z0SqVpnF zqjXm%BmBu(RA=DKh_@pSfA7E(XC$0-n>!WjV>nA<<^aCLh3UshZt3s-3H-bhe?LZH znoLkv(EV=s)1AG}iadx(+PQe(K+qVGm)8~VAr5o}G279Oh-tdveF)nCKmJkHs7o0C zz4+rk(f8xYUwv4Rb8Bna7){9s6~o8N#A`}E?Bf;M$iwYR zi;w0q!%5G!>+ZA&v}}u?Mp%vHNgMn;{A=6bDrtl6o5<7A2LBy#`1=B$(gq`8wH`0> z68WVq_C>^J8(ELaxALY8)BPp*(|wK1ciO%Hro!K7_wZ29&e3ZzA1$BgIlHsQQ_>mo zwuuWJ>A$WYlO{sSvZmeAl(;Z#$iVj#F38zx&VSFq&~<~o9Tp_thl6FYRlW*7V{W3s zdBl#+SR=juQ?Sni`eu6OCLHAgWy5m(8hH3R{yI@Iw9zqoEJ!i=|BZI_4B;cYf&NmD zouV51prp1mpyNl7u7rh%uTr+z`U_{H?!^ZhxG8tEvv;6V2~&Qc-iUhP_+^9eIKE%5 z-9h=#kGc$J_j*6G`M-@k+7J5#mX*#a((l;EG(LZ9jz!3_Zz z<)YlkLjf}RgQ$$wXc=Xuu?!w4TR+r%?!du7JPRg6wssVIdrHMV{r<|{kO%wL$kp)# zj$S^3YL;tc{G3xuGI50G6!`$;h3POaKaTQ(`Zi?8xxFDB^7#|Q?SjHQ3wk`;9(QeE zaHJClLX2W_SEM*ZtZPDm+ep4gJ8>vRjeL7Q(AwUh4I;3O<=fi9s$_gb4khj62hC2u zQqTM>DhFSuCrF=V@^h`bt5J8>-o7tb9n%MS2HoV0)We(jMS zSlqaL0W%u=VabVZWBISanF$AHu?ja|4i%xgk96y?ue`bl3ibOD{Mr+&QFN9M@PcCE z)9+IHbsT^SaM+~XoZ!m?TB492#ybwbZRY2z*zLPwIO~2;)58vDoIU_8qviaa&yW0@ydf0Cz-7gCm*+P;ZAHKDF3S1S;9LYrp9ewgpmKua5C7mAB{U8#A!R@)G57|dqCsF4~J*=Mf=6ELH(i@o~m~^%ka*QBFAT-)Jx! z%R@P&RD?fb;{5;WEqxQ1vYf|-!n_}JWZupeWq7-Wm#~6S9XNm#(&4xpKxu1b4gBqg?+qe5G_gU86YLVW`+Sf^|qI9`*i6+4?48V)Qa) zb-4j=I48=!MHV}U=@pR2yGD70ZBUQfAU(?CTF~=+k}qB2@^*Gc-Zp0DZ5M3^JziX# zQg$cWcYpVYU+lZj#2{biA|CCSUm@=-^Ysy5=c#*3CSRk&dxuLseZdk7@8IyosuM0? z5hq9X;_hLQA-)%qBYijwU+!t4T+y#3fvt9I;J}`8*`J?F|5ovLZIJJ)k|Vn+ivepj zu%>2lsxtn7iBPy#R8HulLmsp~eIAh~mRCFC z^IV-9fJuFNKHg2AZqV}DfVl>A-TqvZ3*pZ*QrJFeJJ8MfZMs+Dzl%tRvcFjA&j&qB zs9gF$+nU^4X)jgUobhYV^<6!Kyf^}<>U0eZ>4~7VzQ`l_*r-@sH`xF_`1fG!Yko~? z42AoS%5&~IgNgV|EAQ_P#n!&@zQDwp@J8eAtJOMVJ6sdObivluIn%}-Jh5n^5s2u+ z%YeBy&`~GpjiZV5At=Mb<%nayL7cL)+;U)DZvrjb>{~B(^<(9dGcHMY#cu4266Icq zOr5o(cK`>)_3s=V?%3Tk+JU2;oXpkx1BG?bj*PH822mHbPl@kn!DvqC59El@U@x^K zZaG%GwH_FsYg-3v;-dVyf~kkQ1`OP1LH}WFbmo30X~V==E8i#8p9Q<#eamFgrJk-t zIi80Z+=D#!eZFJ9JQnJ9I>9$>^X1L#_gPN7!(wYxXRzDq%cEgAwXVCr)?0Hs+gT_# zD4yeQNZHUVxAM^iC#k|K^M>!q=Ht6?a6Z8N6)LL?UxW88(R&--xxbydOv`5es^}eM zGXDU5-y&tPW4bc7z&p!*c|HZRXa{$?eGSBT2H$st_h<9HC%iwO@7>}3uaX{Ynh!j@ zB0pMKM!nQ~zK31riT8i2l+wB9j{x55H z?e+@1(~hvY>dkn65dO#$bt!C3XyNAM!Hfs}_YjS5>r0HsIq9Hx3&}$@?sgy7)@{QX zqn%OMqNEYRx;2dH*?M2Vck#aI_p0+sw9YYXRTsO<%^}hc?R$0t+Y!WD<`xS$KOU>X zu%v@uv-l0c5LI8aHDcg=I>e=!S*hY8$;zydxUdxxhU>s_f}symx>gCpKEr_n1n@kq z6n~spSRR`ZPmRAy{AqD=BThP<(_A`cb3ri$zE?|FaiSC3#obPq%KWj2$J4XIu~4)y zrUNQXe~pV*v6Jw3O~D}Nmp~eRhJ+85XDSQ48hW8JUYU-=&y;Xppq%D{Wq4M7Sj>Tx zbDPA`Te>6u?;`%#&vbB>hP;Fj^K9`ix>{8p@2Y-iAromXTz#$03XeHaoO2{zO`Z3+ z?_}0VSdbHV3;%Z$|E{rWdAK}FNjV(qoc9&jE(BaEFySRn)4My*z2g<$CMliA+?rw6 z^jH=9Ww_7oT(oc6Lc7o=WY*0cgV%{GDPYs%$hP=EJkG;qhHv+0#}t7>8;##1#cR>@ zr>$Y_-q~L*$#ratXotOgE~RN`vq}307TYJ?Jm0QgX$CTAIA@ea^Dw0uQkomH?Sd{? z0;L}2bBmj%!hXQfL7Z3D*Mo1kbYOFWNZV<5v2TO_hl)*CyvM$)=1m(!nt6IWi;aRVXHLEbz*^L4g4*y539Is?Kc0j z7wNV|Wl@XEvRa!=mdZH56cYZp^pUgLuYUmMm+VLyH$lL2IvoS zEGg7Kg%`@}O~B?@t^)C}^Ej5n8~4;sf;PRUHr%_zFz!C0PT?J~yv1Z}!sUzgvI5^3 zPa{rke)8&tyv``EH-Xoj^;HwIE4FOY!H{%|I8S`bHmTou+=FZ%w{v9Xgx~btflQ+b za(%OeNhYAjymU86qjlZ9^16GQ+n;Z`6+4kr`j+zA65YXg5bw?|#MG$jWbO&Z{UX{< zUH?&$cP=2U|o-VR`z3WxWV`wxi3?j;N3J!%aPAwm)_DQ@~fS%?rs< z#zEX;8rO6l&-|v|;~(do5FF91NFJ$lkIJBXHE8&kMfVt`d#utKZ>D2|T~bIMr*Uu9 zxMu%Q)@}ZY?vS6B(&Wq$&dS6Mj;+|^#5BA^N^jTxnPVf_ zhub}MkSmdtA^PDCNt|AaN$4BO^A#O?(tlMVmvQl<9OXvYwuSu=;vxO`b^_$m+9{Hb!P$w@^T5HesaSO>`Yup!WTx-va z%XZ8sg21QEC$}UoQJR-3jmgW)@NR9|o@v_FR33$GOw^7=OZ+)crVs_I?jGM&cSvjC#Y_+HDE1n|J4-8WHosKI!$ym;E4PX`XZP zK{sa{*pF}x!rgb{_CBWPu$q#$D%~AQcP;o& zyd7yd=cYAMs9|z&f$9Xzb>G0yievJ%btaGQJXaS2RM9j=@x>eZ%lV zQWGA9HP?o9mZvL6^eYIZ$9d;zd=2Keq$oxi$GjK34(!;0HU9L4nrS~&DKJmbSY`$j zZS%+6Xi~^mLZokCXz%DyM?VHQ@F04- zE?Pfkj8LruJe0v?3j6p{@o_Rs4uO+Fv^9<2Jpi_FFqYf`TfCtMb2U5rPzl5Gol%>Q zhiz3OLl}P!2d&ZD)4vm!FA&N2Xs?Z58tN$a%4!&Hzi{`^ZufDzI&f(e52}!K837CY z@=Y}Rbj~q-1Z8QQ4#-NUeiU8f36VHeay&P-FgZRx3BwI?#QOaxc=#Cp?goBx)?u|a z25<}3NMC1<49`cbj=V3Jyjt}n^*DA=&sP?m?b?nvd=Kn)c&Yr-uNmuWraPH7hK_|# zf*1SYp5bMu&AfaHwA5+G&DW zVV{q}9G&$~g|;tf7<5cVA0)hwmUdxQEZXBS+KbyeT+3tLvcpl9yH5r)QY+b@5&@{( zrxeeN`q@6erq_Z!U-6uy>zAhI+=*p!=8@FXmyvh-VGguGvW+qu__A?H_tpEx_U+w! zd1(??k5(gBb$)!GdO{6fK2yCMW01?ovDfc%oaDz(jTa`dh%Jyzr(!$2i$B6clh-=tQxV@ zx_br(E7McsxNF(<@9N(%+&iQJu3xwK$FL+fHQt4zqGGz{M8kRc*SJoacTJYZ4{0p4 zd*VQsyL8>vOkKEs8Vfu8Dl{E$g~jW`+6@Q2mDvH=xl!#Ks~&Q^wptu1Xd2yOV`bv4 zw79zM0IS(Yb}nKWGRhTzXIeP6irINu#cBm} z_yLLaahAoC{d1FJ6O|)ap!KyT`9eSG@Q3iJzkR$vk82g8^zLGDh@+-1kBreMf^)XT z8SdFNU{a@YaaYb=YciqAl^Sul=C)S*&F?^#t!KbDu%#l7<>xk`!2xVrmjg-h*)LlV z4|b{xhZ+PP+sJo;!~Wt&n=#iP>=~EWKC$@B$`yN|$@q6+Jx3>Typ3OIHv3mI(J?pY zqRA4eu;+`F0^^ zt8y4uNFR*wz5Ii{1&$0WSQ9&3POTYx`NtF%7ss$0O&Fw{c-ik88=u6elcOLBRQ`hO zhaF9_T*`yIwEm!n#qRljTz}kdIn?JWFkUmY`l}0f^>@RmS)-V9m91SzWZ(Y)JpK@W zkA@BYLLK{H>?d7Jjc7>SHfdPLel#*{?dzIbOvz3`!@KL$r<0pz4X>?!r!!r;EN|T` z=8N`Pvl-zfini=FrI6bPdgaE6uN!#^$4#&V{MCh2*yy z_kU{Qo`-kN_mCGjVG|aT-@{>84CnlI9L^4vd2fNgvn|tZIUg8h!Z@2X&ZhKQ*HEc< zbZDd>7s9%Wh)Sce4=UnpwMUqjBpF=boB=T~1Z!Q1^kEmr6s*}g4C=R4h)ezUwPD9k zD|uJm%x&{Ds}aWZ)@y!U-83g_NQ1nbp|nuba7R}j8 zb62IY`9G$EfAVK@bLsS2lXH}Iozjxub}f68;q?d;9)U&M|L%Cto;#AV#lFaHbS&sp zc6SUFIofn)EX%z=0D3foYj1Vw{u&(ox4T+ElVx4w{_ixS_a=9c4g3xcPGXOS)#u>#p)YB_n|L`sx%Sjl@gz8FvWze6nt`PJ&EFsJ%U6IUFEErtjO??DYQKcZ=>= zRoIMt+7IU+E(h`dM4qUxuFyLATh!4V(!T2UZk&Srn4D%+j}QAJYvxYB2f^t?wnbp_ zOGUH^=81RNY>ny&`u+cWo>({c*SdKH>LzF2udAbLS5NIWrqNno$S?QWQLkW6KlKv6 zf|TQ^)h-sl;w*--i!$smT_*nWNjqtq9W8GUA7MhX@3% z9D+82?J~w>IM9K0y4WZlnyZk$3CkX(OyShx1hrg}?pKcP~fg zPpY3}S!_od)bW3VvS6QnU%ay)H~YL3@9FhH+^EPnh}*4kXGQNU6^vK+To%7r3s^qO zhzyat^LUO;8ALSh%p81n7|`PVP-{{DIcv^4hXzIlM>}@xDE1didLK*LPq8?T+kijR zAJ!q_d0;oEMwwuomT2z&T9hMg0-N6?4`}Iy>)>xc$ap$Em#?&+@X)%h7j&%C+X_y; zi+CqboQIuFwNEz-YwZ>HO&!3ut+-lr{FvK@?dE59fxZy&XL(rX^57w1eH!}%^BpPK`BQYe=sr>KEQ?sbTiMpm_p@xz&yY8kZF?kdR<@C!|6Z5h zkX;{@?Pb<)#QAjPnwfv<%e`8r@69h$*Cy*R>-|xtIeYPgzH(F?3e{?|5K<$*mq30G zr|L?-wTQYWTU%*IxuRc|Z7emx(w_ee`K@jH8$feuEseBxw|}2D#f|B5{v-0!x^7g< z`co)t>gj!WXWEw`fBQ9mlnb1D>AoeA;a6BUVpu`>jDjRz)M>TtcMN{oPG#DaZH9T- z4}bf0n;u?f{ZeMeK~J6a@5qPg71|LT|GRNxup^ki*!J0pcz({f;=Z#S62G)fu}A!Z zP4RGfcjHm^&$K7X@Uvg<^6ZH}s()sl4F9xrhb0IsZ7PbT@mtCZV&vdsX!}UODHs z0KYU2_M$4zVU52D<($;*lNv1zj`HL#*L?K_EjHJVL6olEo{oMP9IlD)80qiQ&wH}N zfX2KZRX%J!?iRe;983#Z`6HFzM`=9nH=@3LG~RKxQ)zAvAO9Yj+c95u-=8wyIQK&R zxs1r0fO_VprYo{$LR!uNu1c!&I8+IT#yJ~+bU6FM)8R0Q>A^Ct-kCjUAilq2`+AI| zPabH4v%F3||CG7M0_Wb~2eOXxXlgr#cdOIK!R_X!3T^j79J;gjCYP}GxqHXr>^MF$ z#VNw!RqD*-u?UQG`4*DLGY!QG5%9RSPZ0OBlSGNJ{(X1=Z@nUDiQ2BtfS8hdI>;-dq zRr~GF;fJ+%eAP3%IOo)d=*!EH-kOwu7Y_-U_PJ5|Uc}>fjk9CZQ@6<6n~xzllntD7 zaz(sv4`-WPu}x)%`tQ7CarTNX$0OfycFC5_Q8>;j*<$pRze{W6k2E-sWJ^~hkDD>} zb@JgH-R2(K$xc-I$GY@_#;X zy0I6L`-@rbcTGI}sJrd~S$rDe+HYFgVz%yLdwV+KQVy>M zL9BmFZ?cUroo6DR=^=hk{VcpQ{$KLBlzW~V^Z*YL(TR0?+rB-y1nr7vS5n_4QQ1r< zlMh=gFUrAgZav4H(ehl0$GB*PlBaB3=IMEe%RC)LT=MuF<*_zTFMxlXrx!9F;=f4a z(`|F&4f=(SqHa_|_V(Zfxx4dtgZ%9on_6%m!XO@T3#hZdL7Mh+`6E>5Zw#0DdkNw) ze~;1py;%9RH7BdHm%*QM8}f)VnHd-Pdb!eIeK@nfL#2&&@5L@d9B_BTK)?GeSJ$7F zt42|z3~2A&jP%LFcG!FIJCxn=@2GBdI<1peKZsnv61>Uz7V`Z&zdCmQ=Obb_&%F?T zp7Q7XNni5*X`JhEX2mglg*~~D#(BQ?PvgAG`v;s?fuGkUrKy?n4Y=41hg=DiYlH1b z`*lsaT5U-&s_uK?IW;U}j$2+09Q(boNgBqVT*lb{b}GI>TmZ+nAakkjKwkrXUyHxX z!8B#&6>wX>M7Q-&f2q2 zPt)N$b<`ai|7{uZC7qi1Z`b(m(D>PHe%COLp~6O8J+{f-wr|J0f$O80&jdPsv5G_D zR4>y;co%T(hi@c}Qks*01J0?~i;Ycx^9%bXxhZP)pniY!ZlwRu`0ED~EdO_EKFuD& z+Gg@z_=UPEB=2J!#C^ZUwK8YiMf{x$Jrv?MCm+!GAJq7yjo12#PZ`Rdqq9=jg}tEK zX{5bSI(K5+$Zuk8jU*i*Uev*4^W`=pC#xQ%^p~DKYXhSUT5qJIM&dDsm)*7Zl=X8m&itXu0C8o(kj4mce~ zqru^>vdlJV1AEXK$~G(`YbRlR#?u6eZUUzPF=g1Pu)BAIi&x2 z{81LN=irJm`634AjxnC4bWF;u-doBodmlm(Yd^T6bV05r;ix6{5IUCc7g@fyxw1YD zZO`dr?AfJ1%H7&B$K+pzAI}tLTP59p;E!YHui(j_jWPc7Nr9?5}McW=ZG5SQo8|5%?t!P9tUTEsXGKdb-K(c+B1tT0R4 z&YQneaesy^{Zw;Q1fs@k9r%wN%58%FKY#xUCk$pI4fS)t*_XzN2})wp!8Rd>!B8ahZ^Y=F;bhIH5Pz`%7y+n<*i1~ptjojJUu za5v!F4|{6Q6A1!cV53bhaQFpXbn#;E@037toEz5-oAf4k9g8Q zx^{XYGGOh3VfVxz+v)ju^2c(d|Lse3JDPU9*V3?^Uf^k(gvQ$Gh45$FG5U*g=r30K zdhGgkx&d+7PA}2tz40_&nHDkb13$|X^}6ww6=rE$JKd#u4849Y_*1VB;HEoV zNY7qg_Hs~1Uy86|M{O0jHhLMt;x^g}u3OMXS-)(bmm{3NO?a|>)}e^yQ|B%9+ka}t zx|RJmO-)RzU2s3}u^E4>aR{oFFWcg5=DbJ;j_NA$!^qL$T_Yvln3~nZbZEHT$db3b zu_O85*m0|t8_N#o82_*F!S;H8q{a3+kF;1OSF(IiCUieQ-8Rj(qQcM0gJ8QQF)$&hybc>Ngg8e+cUvXE4f_d#qd7Higb8-&hOE&-Y2xE#WM#VE&m*`qjlp)|TJUJU^RT|Ve4b9p zJRmM&Tby$u;=cX54*c}u??(k!hD9wymS;N{jr&@gucLj-K6VgsxjvTEucsDqx_GfW ze5V=SQNo+DX|VTMs9bBYH^k?>GI?P+Lo|+WP+7hJ@2nqdt0nMLNXGUTad$G)C?rjV z5%}4!8Reaq#;KTFz+Fq#$py?x@jxKx56bjzq`wD$j|CHFE8oMy)65|pUhmfz_on#_ z<>g8vyi0ksuDd~Tp9x&n)ezoIhwoE&cHI<*C(F~*#f9>WK!;Z#yKe?=B>io9Yd*!! zso9CHg`NUBwCE_~;qu2Ro{i zm(XUnd!tQJNqq7-r+m^K=EGcB%|~U$csJvZvQ@>CKcl~WiEc-;s5I1JMnl{Gu%~H~ zG|l!u3jd7}{jnVSTa=!4m&OkAY;!tC5SO<9BlYE@|)Iig5n^98cK$TIuz5 zN!h;*aW>=cdTf4Uek*WO22I}i{sjEl*+<0PnAukpV?lFnNKAIWUmPyurXoyJ;dHr3 zJZpVHPoAEvJjFK02Jk_f!}w&J+l9~Og>LEuqFRzYt63UT=RYdj&hwbI}OxYidkLOFghXg&mn9)nJeW%DGwQ;xT!zi%B$ z9fC^4(rDTbcsGiC+gg|7314}nnt&!#uYHBHTp7j{OX6KfXU18suRxr-{N&UN zd3~kw`WW!adVVS1S1*OOeh?cIScb2LzqNJB!b|YS_378($)EK-q_2S zc->CB^7C5P{O%n++mZ2V*stN_kcP9f(Z~buT$9b`XtS(S?$c>YX1LfObxg5L8++hTJvK3#=TZZf%@aj_j`p)8jydRws@ zd%o;D5S9hcbGSpxhPm5CTd+Y{P`2KN_|ze%VdDs8>#caFY}p*~+wq=V4~66%nilCO zAEYxGdnexO>#iwzS42Y@y*;A&XQg4kWAe*>=RKaLNpzg`JMV-4#)$s?IrRUc^yDXv z9c0gJqW2;$`<)Ny^MiPrZe?1;_%QrDf9Q9NzpOAz+xnea(aGjcnBK_V7Ki-SnRhc_hs<^wB-vqyQ@tc{M!Z?HR-VDEs;5UTB zMdsD-E%3V(eiT36l2XBabBs&>%i!0alZC``GjS^JYWbN-;@Q>w{Hd}mm_-e@NeCKSRU{F$sV-uLjw zGd_NZCx66ZTw=xa)ZssZKmW4mf2{P@2NPpKY3k!+{aoW`&y5s&W*28tWB14dE!oZQ z+zAZk-_kT5<1r57{0x7zV}7n_T6cfI;vz#P-loQ>*28}C!H$MLj z-s|a`lHYnB9R2M=?`VFfG;FKJ58LYRJx!COX>B!uEx9qGZ^Ap%tfeo&pTGLBkRR*6 z{(!XDR+~Y?XA7Q|SEfY_?rQV=p{*K!Sz(s8wbhl1y9&>&eHy<&`W!d)bE~|z!C%3T z?RWSPzJON0|Ars_$;>q8s@bOh2Oey{aeu;D-IO$ep8d*c@ULyBwnk5xWIJ7rIQ*TC zC)#Nwf^Jw9d5BE1jjlmlw$a>ID8JqK~>(`ruEd0Hp4+4`U$N{e(tHXw$5jHw{xko(_E3vD$MpPDz${XTxtB{C161Wj%szeJ%X36pna0 zHLU614gTBV&plfhLk%409jh*MO^(gt03FiZ9pT-in}t1Fb$<7N-!AxpzZsl4Igex5 zj|!8TUxxQ0+0u{*xGR}ywIi&Au)#5;6o)D<^L0JKi&b}k zq;+_-gYSc|qIsy!x*UG7&N>?saW}JtX%Az65$7|{f$rLbxcuD@Pv|Z~s+$L=&f1JP z)LA?39r}Fsja>6!yN&zPX}r(ik2b>=O~dp=2y04e$Ln#J=`zYQ(_nj#^~6=ct;Z}R z576{1E_sagR7j(cJg_D%^N|<#K@IW|_t(Ua^~5#GC)={6O+E2Y#e+_l^$F7x9q^C! zL}w0tm(rV_2-x*{VmsnePju_E2TztOX-rS-grCQNo-qE1UmIp=o1WOExJ5jFthRL- zb!K|vO8B$Cw%anT9dCs{qhZ`wIiz~v{_q1^b!~PV{Mm1#%{oQX;q=DU@TcwFj}tCk z6K0ckVGl-FyQ9f$=MOL0Se_R)O82tIOcEG-l z?WjI(AsNny8@I23TS!JUZuY#G*gqJgV0kW>KkgmY5Bc8%`dWLO{dTNB80UKY(H`H6 zCx6Cw2&=cjLs)17KFuXpet!nMxcqL!dlvSnrfc-K3%x7zF{NRfwlvwM_j{Tq$)~mH z3HWb}=*v0u2b7-tq_IPO%myDvT(;?h`kchmcx76|xCwrqKgfjfmlbAdTbn+lxYKw( zA)`&-0RLJW{NeCpdyZ}Jeeh#@=2s?WgFga(wKn(^{9@^0TbqGjZCf+@oAO8ddlqr{ ztKg~jcdq=gZOtJb=OTZBg*U7BAm7*-s(5B=v)yFHtNM6uTpi2DBEm?+Iy7v`$6-&? zBx7-tkE8I9<>Ocm{Vhsgk6kYxM-Z3t@ko6>3Qx)h`7!x;4E#KQkPqXJ__bk{w#mn1 z6?X~Go76Upb^bWgiFLkH+MPH;I|!g=tna2vP-*!IP4d!zjEoqLc?-DZMNMAr~T^tA{Qif z>^#CQLm2y%TDk>YxD9Y_^9;4;xW-3Yt_|(rR>b4) z&+$Y%(5)&?3F`|qu-m6|8{)8kdHsdKmgAV{E~t>&`JWr%KZ-xva!=4SC`a^Pz2s!- zN$_`Wryrk;cWX0&zA3p~>BG6(!^NH5{d!dgZul7N?br(*OWlciP-8yV`A?~9t3n%=WAGkqL|-O=4WgmcR~JBBQ7vMMvKJ4X*#+fU03 z2i8at-=nXDZgk%&Jq2Zs&(%=Olm#3HEpCVcWM}uO*@Il2tjI3pQC`eo-v~Sv={^mA zYhZwz4MM-qLdNQ4qmVoUVfU-E$B|-OO=5@L*FnCohIy*qZ0|-oFffvEGa4$lW^R zC56959R6O8Cv;xJy?*Tb{|@melb1nQIPT&)sMYH$;ji^7`wPwg)$m`vly}~;OLIqM znpZQ5Q7=q5kL}dAtjE_95JR7 zw>$8jh5a^7*XVDLXx^?gw5Kdhw$XQZnkLDo)!94YuXQPBKff!7{@qGXe$v<>KW1K~k^H85SqkO{iV;eiq>uAslu_uq6f#$T;lt2-9)cNYRlY#Mv!hMHt6nY5N4huzQ*A z*Ac!M;TS)1bC%H27WqE>Q@y&5!+r$+SU1*=!?+&EaoCR$kH4SbX*NkC`+z#~r-(}( zIR@D_8DJZ^7MMxh_a@!=xU6FjheW*U2$xEfdaf_&XL>nd&o4pb8|vwD`b*uw*`fN1Ivlgo|^8mnq)t2QL4yV5!0lu`gN2y`F0^AP4fO5<^6@gVLkk}@@{>~ z0{kD3Mq%Fu@tt#&zhgYa|9wV$o+(osAC)2ToA_J`V{qaX5TAG7EW*w2zL*}z-pxwW zl0!pXZZu4jG_6XrQfad5V6HMfePBYW);UoFcjDaXxX(a1+5!6lR&7gyjb5`0a%Q6W zwPK&3^K|>Ipj!*8k*@t#CE4i=otiP|o~hYk>@?eg;isG9I2~!P!CxN^Uu4~!re%qhqAEB=s52 z)?bVCj7hfUa1KqaFIYys<6B6{Vb|6BaN6KOOoO%K4!d%-{nDe`uDZ`Yls&#?ueM(| zwNTx6#pZoev*Xi?6JAhz2Lcyb-)9*Dy_K9A2O7e>2-VO;;@IFxbC z*0`6(GuxM8_ScRuVmtble9FQs#wa9LlsgxdJq_$r+zvP@u=Heq$Pr9|B!VvbBb8Re^HXbanv{w1chg zD04hl;{k~8zOh(hl<2p2@6}hki&U?^T5crAaj5j+<*A$o*V&8MW4p!M?g+Q<-Mbxf zk2%A0k~*6t2OkH2`fo3J3MgN4a9QS8YuQ@aJP7ZUS^inOVxHNzJ(zJp^AM%6GtEeY z9#po5QMRtZJH|K%{y*m41u(9n`X8Tc9xbJi00jyZ2<24@lq7AFwtyr}QW}~jAxU3Q z4V%rTU7BRWZqf&$1SrT;5fFJx0R;s?5di@a6c7*r5fu~>!3PQgMcyL*KcAU7_s+e0 zH!14>=XW8!_s*O-=ggTiXWnN9>c!ovxz82?iXEY03D17Sf1U^Et;RU2?%DfnT~W)N zX)RLM;SXx0>oVmbcU#rt-RNVi>=4?GQw_{iz!FAeCSyyH8OI8g-CU&SkFq<`zEge- zrw$XY0`dHA!XNL?9Uvq4F^)DTDo(~!lzT3Y0@aLg{#-r`en0LZ+t;vVCncq4wOED? zz=1LhxopGAu3W?*;gtsD`y);q7o@VIjUvBSmMq%P@8*R7W8U*Q;BY zLbV9rcCAUrFE;ViTK(Ok6>+0&O ztj6i6zIcCk4|cj&RV8Yws*-anYpN>d&YW3Y+0!$traFNayg|^_AFycSX!7uN`-@S$S=_@^qU&4q#>EM@l;$M{qKhrQ@l%u?# zt@CgCFvlZ~>8T)uOW}|6BWv*FFE`GYjh=r1OdnvGz8_DaF@40mvkc9kZ3Vt%3_k4u&L3>0jzO3xR%(Fjs+q1tPcqT>3AMQlE!9dVo~N#Q zlD%F$aem6dSw1|F#Vyduo^l*ESyeu*%RrV-KVaJ0bgBnWL$k}lDKxV~J?PnjD(nF1 z#vK@;>%x$BVpQ4|+NBQM%yW-}Tj=-3vqOdfL%-L75&A9+>8~D@zCgPSn0?U$4(_q5 zK6x%w8Hd*4Xs>94woz*fvj~@8!4}xc|Ah^r-5mm-w7ai@+5K#L#c@5nmU}+S*;cg! z25l8DE>PE?J&2(itab93x1W*M&Q?lCP2T~+MJDUD1~&uO9?@KT#1Y0Sqo3w?=OTMq zN7prWwJblzv94yUyw2wBTI7cFSSqJ~hq;+$Ee-mr=4HC$?*`P$I@c255j$Foz60N* z=NuMdB+(*+ZSxK+`NrAA!EyFy964f~9f^Zw^;y7ie7zj`q3t=z;Y;45{WC0_-@c?{ zp)h7YbpG=3Mm*&0v>KgmPJUd$7mu*}>l+pg0Bzz*m0UZecH1L$E)t;L|!j2$p62frtx1K{g1>cj^ z>iXeK7Pq??I%gnkidx;BnUCu>R%P@a9;W5kr5t=^Ph6ZF81~P&GJGE$?)%E5Ua@cV zIpC7tG@czDL$Cfz^F!-W^kALw$9rdjkF)T%GxmXT+`Iwr(#JRl??#VJ`*be8*{*Z^ z%69!ceCN??_)}XV>SNxwK(EgSKKXI}C<+Jl=8J%%ULONs>h%}!O+KqJCgfcHRQyr) z{Np?I!~J95@Is`a9>|;|!^WYvd=bKAo|9orCu1(tcPvyF1137(D96Pe-dSk8>N*o$ z#{k>b+SKAr`sxo2zpK@M(&LQ>)G@vnDYzhp{=}d^mw^ZQji>(P!9{sp4p_?TW+WJ} zxS2QD>~%6$U|lOx{mE=Lj@|$M8rXQX&g|+!n=5=wRDFRk${6#>dcQGYE(JZ@C8EzH zQBIh8j9uyQJB9p4$cemO1vu(so7Trz*(G>q*~+-?YJ8J-^2qDq0Mx+AdK|+PTG8u_O}o&b0L}r==k}Isath?;f_Kd zdl@iy;>(O<;Eyv7!aCBCed%uahjv<7JrJ7XkAtc!XVr99Bx)*qXV=V`8}I3!TRD5q z?B1H>oa))hr2{^pwSkHjrT~ z$GeGh#Pr4QL)ez!gt~h31cFn-i1P;y&S#+)TY{6_sxY4tMw~ygI7yFrcjF#(=skq@ zD0;-faM3%ypN)J=U3moGGR9%t!}#O)=TSWQ%Z>B-mGRF{088E;!&B%@A2IJNJM(VZ zmnZN|oR8z_(L+f;iEsXHw&S1g;X6G3xeH;VjeqWO;$<8l<0JOVzwh8I*Q1>9u;&2G ze{7}hb@0fT!yV6X%yXXuBeYx?(z`#3UTCOu0PGKG{?NfEG-Xus3BZu%0}hPPbYV#I z$5Au|NQO5U+i?%fPaS+?R#44nq57GF-yPdLg>d=h8{7P^?F!qTpM%dj{N0R>tkeOq z*W3ffKF==@Pk%xxXKc`ft$fBPVqM1@qvV9v*6MojE8sEp&glLlurt(s(qY^)_#?e% z@#N3Hd!ch-0~e~g<~O(2FItQhnz|z!JM6lc#M$Ktjk$GXMyEN=pazrW*&{Ucjkx2U^sAq{o+605tEz0uuR**ng=gdY{~;pNW% zwx!o4Gwt*xmmQKS-5CxHEDT|dIKnpM!zqhFdM?4mD-i+QTsvdGkAKMC=A~92<{?iC za%A88A9x>+8GOw$3)oz{s^ge$vKkKD3(bD-6lFYP+5*M6%Ip{UP~#ujUy)C?E#m+qanD1cbUzZENXBiY<6>nK_=Nmu(>R8pT&H53&Au(aV3h}RvX z@O>Qq+Xiv&807^^%f!c2sijqBY00=}Z=`<-urhY>c`s7i+cZ1aGP&t2g|}(+^O-$G;`+GB;&KID`w4{Q!%Hz zregNo#GE62`LIl{iOCIm$b6OhLGh-)-M~+Qj763BfO6#J{J5U*3s-uPwx16v4lQ5&u38 zet9SU{qo>v8s zh^OwP0u(TVK@f{x9?1He-#x}b-@zVEq$2Pk=ILon} zA+Vy8)sB+OUF$A89x&lZ#4kNqy%Os+juAzXgJ@!9`fo4MfM>qiW-Lw9gDPSWb$gBk10ME+;t?{Em=dDDMm zwRV1P?f5rkf~x{j3DeYUkZPs7eNhp$M^qni#K$D$b`@6~xoA;a-SRfvDYCrQUFgC+ zi&6bkeMv$+R>fL7n-;9->R2+rqrSaqeq$F7nbs|C>}+he_nh-Gh0)<^YrXk%X}9_G z+wMX&2ePKUoXh73?4<2u&BM3TE7E;drp4V0_Qq%46KUqZ57n@yh_EMaY`(Otw*U_O z|CiQUplg}IOu83~Ek@4{1J8%!??Q|hxpvC2oZEM=LELzrM8HOT^ilM_V(McI&CC%_ zeuH~yKBk&Tza~oU{s;QVzG^M<#`*_0A6hS}@lL&{#(baM1KSrL>P=_*+tYo?CHfvf zblBj<)!PT_#5W|fYs}twrj4mKCvI`N8yj}nRxz$H5XYrz+*`&AzAWCNKz!o>%49H; z$|gIK88}2Tdu)pXFdeN6TWzeRQ4)x+8yxIQ@oKa--hoaY#s%Wx%aGY5ghfLb=!BDp z4!kGze9u;aaJXAc^}{(7?@ja1J=a5)U2Uz)umKpS$~$o|dND5jYSveV;S_X43@QM4 zXSp;WE&VnxY%ukg-y9pz=O63u0+!Q8f4yuf%8&K+Pqu&0Z=MTSNI1YZS$G+91nokB zT4dpxEgZ&*V~nNe*Jm~i4lRxkdfO`lA+AY;T-vRj;rb2Ml~1heTczhUIG$rz5yG&n zyf(#CtdIf2nTPRen86%P>#-igu&)low^i`9Z^p{4;8}jb`WfIz*RViHh)1js>yhV{ zjE}n$%)M^Nba}ObhokXV3PvE~vKG9{n4$yktW%sr;5+kBfjI=0i@wVj<>-#l7*CsB zjwkojE@OJYF6R@lvc|gu@Pw}Fb&cYM^xHR+O(gF zNUPHz?e=--9%s|WZCW`yN1jPj)6U_ySS4(_9-Gb`?@j_Ork`w|yWknj?>N>by8zzcUQw{k=tH*SlW>gJqti@8srD_mqC7f1iB3<4#$&shu5QE&$))q zG5u#CM_i?b9$8CWGeqU)lg0%$Jx?q|h&*B6y0$O>$r+ZcIW~|QO!Z>B3@<)1?Zs!o z+sXK=MgN9nC1nF6w0Q=`x3s69M!Zt%vM1_oGQN#fv7U8J13k(0z$JFK2w~djy0#c$ zi-(NQf7YLg`0f}?>b`)aD??b@>J3@Uzh!W|Lfh<!7|Yc_EnbHYQL3AfDo@SP_7XekHEWI4jnOH1g&vH3m)GG7_%*1^CSuR0?Pg0xhq_BySG2pE$0zV0}mVVhxSspt0&@J+SN1guKTK^ z*|Sb@h~qja?TlZBHuknJb&vOKr5 zX}IpdHt<@T=DLV9U(b`~Yc|dGHVt`gz`MJ*i2a;vRU&-~7}f-~$9dOi zVwmQP6>&1b#2-DJ9*Q@oa4Ccyzq9?v7}UfyrS;kyhxQD|_|t?h?GJ=w+-bt;trPX0 zuo!2WFwjr7Wm0L}i?qS^KQP8LaqV%8PQ6GOUz)gvWcTo@He7yU@L^18!W-8ol7q~M zABSIz8nJnQQ zC_R*{%MR)7BJm5bs%rKzyC9n1T?J-YdR_G_H`?&Eo5VNuqcnI7+U$EK{wWgIyrikY z<1K5Xi?eBj*lm}aVkH?B`6hKG^{o5|``$$}UI=v=k=4AHexn5g+ z2(MKHhwhfQ86NhPG+J&hMni8uiLc*~=t~+OzNEFkgttN59``2AG>PMm_6!y@2h22< zyS_{u2MC@yj?7@7NwgkjKL*f@F`_q{XK6{R>I7DEM#2);?Tp3nKytZ6RagPbSqo+>P z$|XujT9pEa>E$de%Rp`p z99M0}ardEZ>9X6jcs;Q`Q(^~j;o#a@bI$&Lq&X0yw`0)wOTUP18pHY2?IE6Q-_RtY z4J%eZLLB=(5AZp{J@ZlHZg+jdSpi=_o#&X0U03<2^#B4>SFm%w-v+>%fzyIa($tFr z+$U|rmSm|8)-J~U@Fti(J6`r+>xPHY8pl$|4q4M<;2$F|`8l>DHa!;h@Z@3o&CUPj zI+EUx(wpi=Q|`~dJq*4c!5?KmK^1S$??RM2-&r=h7xLZgE$3NfjKz1%ode0AvxfLk zT#AD4c`^lGsO}wm7(?r=+L-Eu%sF18uJ9ZUq@z)ij~Hb81o)L-a1V-C{<23!GH(tdSNNM%;+54iXIJ#ht)83gnO)giJ-2sG z<=k1_v**m|O?3Cv^aMAnj0x>-RzVq2ho1reG6sH@`PyjqH&h@?jQchI+&%cTK@2CH zyq^tO$hhOTh?6}RgnN$Zu^;1kJo#f9%53_Gd1v|aUHbMfAny10%f%5>FIpV3Z{v6P z<~Z&pJcSp*%eGzKQdXczS#x=YPgGe`i3Cx%U4Xe7pNLxJLg6gvq{*F=Y&U zunkVoF&~(}rB6Si-%=C-g|>C#3D;lkjGYj(f8#{ANCZSH}T{xQx%4SlQn# zF3}^>5|nhd6FQ<^z6TzqUcPVnrT(&BGVTNXh3h55rC##gErWmJTj~_!KExmE zmKV^32+Er)-jfQG3wYjOP@Rx1=@@MO}Vo!jR#MxOCRXDcbVVt z^?U;2bIUkZb|mT;!$tq4F8Or@_iiyQ%Bs}j@Z*d>2F5j8Jke((x|&*LEk++(FtfLz zz*^4X&bR#npu;cNFCcG9wWam`G;J@<`YhI0oB_AF?-@E4n*@I4hdm-8a`}0nJURKy zzV{37MXkJIsu zaW{tJsPQ`7OcsUXw$gE&8*pO`y$L$5Jvk7HCC;sNTytt*O>Vl09?rm!T+4AA9Y1>MAT5fVX=Ga!lv_$|IzDjjG%OW?gWjanzAO&=eJa4Dtyy+vCvgU1j8y^s@z1Q@r}6Qp_fYFMr+(V+Vr~YhV*1i4$Mv(rbA!x>P8a(&N{9wH5fo`s8AMkHf-#5&i;t_n5YZyJz>&9wX?4{${lY{gp zt4);)V&pkh!?Yxa)?uy^i;Ph^y0?b$T)lS2^^r1}R5W<@(J-9i;*4i5oqctDQ%_!t zVP&?Th0AMwEZqJY4uh~%4~KombDc}p!cEg~9jh^q8?N|TMh6&rm<;b9G^OC~z;_Xv zd``FUrZt$439B{jyrj;BWZ4~P;beMjAsUJ>%t3~?-c*{N!Lg6a1+e@d?7=Ke_hCBC z1tFaoI-axG(e~*O9WRrBJy|{B5w5kCR)vOb;dC*ksFFQlfstONfie2R73>shVHnWj ztJ1JdJ@%0H`pA~T!p=0XSyOAxL~S^)voy>SdW{IwCh|4g@HN~YZ{dV`jy!f0Fps1&$HIi#iTN7_{(B;f_{#Yl3HG~~HoO)+ z6>#pHXqb+VyIAdGaqnw!=jpTRjKjS&Hb86Pm=0q&6oTM<&I#a&e8sR2X|3(UmgAeJ zzI53)^){}@(IejfA$ulpi)3GXmD#I7nG~t^bQ;%)*gm4SSH$$MsGY{-$~@jQ@bCA9 z)Mn-bYvr*65H7zmTe@48kCL6HBW)6eP_nm?|Nd4+vcAoAUzXQy_DQ*xgBaJh4<;m3a+DdHHHBTfMdvo*lR!>=HfgSp#Hj@U1kg<87DL;&z z@}L=;2J?O>a53-Gkay;1uFcO;(fQFeEIK!lQ93VGHZM~()3klj^~H>jOkPPphP)mT z%xfeOr}Bqc)AX6oTAR-fYYRVN^C@*l%2}SePN3ei?$iU8-{hZrrYj+@{a{16UxWJ* z7+!=!rqoCJMdx#0!0@gorsMZGj>LdR_N&T16s8qlG<+w0pY}Ml5NTvj1>@F10SV`( z^WjU>QOp<0aS@*z%{$XkN9RYEsnwsl&Q2UF!JTCGI7v=$E%ox6Kv@QD9_d8cN!pn4 zj(rdt$vjL{UO(FN)lNKRIK`eA=0*y=?JPBjk-4N}{3I{_Xf7ZQZD{S~uKZL2^@RE4 z+CeMm%5Sn)Pqr+d)R{JfSO7zdQubJxa1q$%Q}0!XInl!}>0~`8rgjK55f@ z%BIP9ZGema7uSGW z6jzx|21wWLtSKG`KDs&@>zA}Qb*|`YT8tgI9jz^e%WtBSv!j>PH8Y2;3y_s|9_BKZ&C6FV0J3G;upXPQhC_@#U5h-LxkIsA z{(iAlfOU1P5wNaLaOwngEk!sx-%nknj+i+3Sw)=8OEPV6e-`dVMZD;m#tj(Sf!i$} zqyI%Jt!c!{2Kj{k3r^OR$pKjGd$+JzK1T@a_w7&^Xfq48XHSLoz^!Y{AM>-;re9}i zi7jTl)VI%oG4jTI?u9?*+1T%KYJ*LGqD?P-g{bs?x?*(_;9Xi$S4T#n^;t{nJu5e}_WG8nK?WO7aFDj>)l;1vprLZm{v_`z06j5BUH9Vf-~Zeh?g!*+8^T z&+;!)+)&2equHm;Bv`NW{NqthY$s0F{E?sVy4?SNazbAYEeq~DpSLo;a>a^+t;==) zEt^TKw1Ht?8{8EnduH?w2gr==)fvdg=kUj|9n0Y~yqosQ_nCLQ(G3=n^NZFEPcPuW zW&s=rcVjZklvi_oQ-fYWtC}~jIg#p-SgkZ}K)RSgtwIKHfZ~+cv*z8UF%hJkQz- z+G3sov}kQ%8@s?bo&^l%z{rDTe!<5n^HKQzzaS6l!-ZBKx-syhK77&9hc8)un1j1I z?)rE1fz`M(?H870nl;!B_o}rU7*v5Us!_^4Sg~QdW(50Tv~KzwFzvi4?>-%-M}~lB zURlBN4p8U%D$Ix;@$1%>#+f3$h{=&XA|~j z{B4a<<1Kjd=f;^3KaPE0<0ICDvEOqmX^i-NcXaVIF2>zv1{8S6cOIK8(A z!XVs_@W*{c58}yRZk#VW*-P{gVA;w1F`h!h*s)j{b->y*eILxD_$JOr@bu_GV}62f z{{Ccr%YF;rvgb$c*7!EUWG|8U2NM5E^k?)PCtiF5Nj&!v-R|HlM|VHqe`#F;r)j%} zTn|gep_1{ZbccgmXuH0WNdJ2djL>&s$iqDmJUIT8@^V3+PTzO%3lHMgNcB9XI zaWV(u()D3*PcmTG=O{;78CU$;;>3MTx(t*W8D)IPGSH)PeT)jXIz%)nv*z^HR3&G^ z2VbHhIj48_thqIb*@?<{b$9p7-kRR-;9klxq1`40`bPer1JBZ?{FZrwEu#%#8^XBf z@fX#GFwXpZo6dA>3;cAxJ#%p~o!EB1GmbWWOVWvrmUOhuQR%2d3>VwXch@%m8Q-MK z0%F{s@JHMHGM<7v80Y6jZ1Z0LOPIgnDfGlPQ_4&1zjttcT-*F&1Z~&uZmDg4DT0SBwatHs;6ZHa$Fa?SjNn1=Y>91t#o=Sj zx@K+j>kduVHot*z`Q_T?|E*o1ZQcz2Xqz`%+kAb5Z5A8(7U0B|x;FA{gmb<{>>{@A zVq8K{n6WqtgP z4cHFXZ$?Y7$Yz-2>}{{8NLJ09+uPk+6|a~%b8dBfZg0FQIlHDZSy?r+CNV2$kH>_L zu*d%duVRlsvU!#MBxNLalyLvTAMe7`7X(6HZX7=G^W#Jw5=L1TqM?%ZR^ExD7~wvC z-|mI+^NfMe7W@)M{No+`@=hERwh%w>y$j=)Fyi0F!7uN`Uz!I$(=cDsCh*;D6ShY> zrl(D3+;;e8o3I0({N={^vXM4n5@4BrM?8g|vdg=C%bG z(s}m|>9zxO^c+Tr-oBRJewH3_>;=A<24@cSe7@{Udv7Z<*LNEjCvVa|v5k@T#m@`& z(puaHIk*MaHyr--7yx{6?@};dMd}cXqr&14nr<4GW)&Kkz%Mes6=W13kO?`(@# z+B?RF(*@I(s2ZDgj!i4;t5Ipmo1s~(<^f*TSEFF>wR+*F8K(}jv<|nl-1P2#9P%h_ zzMK9Co4(ejck>yQ-cMVi<|EB$^xSp=$#k1Jr3F{8i2FoA2{cM^xo5tl?Xv)*iU$JTj zJipnG;`mJbA$D3k(hs@B%EiDHsHKPx^QG}4uRgvawVZfhFIHH5QdbB|TtOKYs$(tu z$~^GYC!c@Z?+Q466QAol=s25R>=Vm?Fg|Qdbz54A5G{fIA|0#i zxVW`_Mc4egj;4BdW2K&G@5&cjTkEa)lRkEw#j{Czdc%1$~Iv%*Vr>Ldc=*eozcEq>i)Vn@}1RMosUo%3reEizCvK(}UYSGl zPSokl*-(c0`dy$-LY&YhO`#j~J5{7UYiXZsX-hqehA&j7Sol*dyp|Ps2=os;ZWGhuR8h5BjsDtowmH!n7>NSQcsoub_Y*|=gG7uZc^JU3~)B{tsQ z>DWnMNAxYXL1>S&FvdqpU4$DX!{c~?TZ^4|ZShp5t35fK)h_8Yt*valKIuhAO!N+e z>XRAr>nZa(!NMJr%%tI7r#{)&r}z48ZNnXJ$N_&z6K#B5e-m9X8lgaUh;thohh2j4 zK6?ZQyE=8;wu09>|1qwVOuAAV2X?`V_75S<>a=BoHw))MSnHw-6VltxhA)KE;02j< zzjjx&%J>gv{Ps3J!p)J!yMxeOmx8ydW__`Zu{4ISNgiGCkOWtkw#;|5aTJ2-En^+7 z&*XI{N$0yd()4z=;l6tzLkG4?dkG1+7qWDAv2k??I?|yv^|V&w+||Z+CcE7&^g3=g zq1T}^xERj0b@-HEcw7Il3E$m@YqwM4_TBQahmFf|`(xwxwDC*&bI*mA3q9Q0i&K5j zjNVkAzVcP+tYVsU4cb7{mV0Gh`1XuQ~q-O$u-l}f(@TK0aJGb;`0Y+HPY z{)a_(#w+V34mv};U^ey@r);qoIub9-?P^UaO3wkg*F z*LdZZ8D$JsW7j);;k;TNF&g>giPW+pzc*NZ?*x6$hg^ei@&Z9^o?7Vc#m|+S;W;-S zI921F(<978rCWIu=-90??$y_hpxNf4oW%NzBE;kDqk z9~V&YXtUe{PM#L3#(}k|OjjYl3yvrpoOuO8K zt#HFuny`9oipVZ^=p5&SuW-V9c+R!YJKy8cTdj=KJ|l8}jMk@cE`42Y9P>VC({!eW zPQIs2nW`Pxgxc#Z;Rf~_D4+Agjc-GCEfRp`zpB9+@%a!Z;@nxX$Br>N25~xE>n`I9Fb5Iu@f>W@D`~5C z(QAEx6DFqSCsFC_aHGddTd3xzh8CofeYSseA!J-=>N*Z8WSip|R{B*?KBHe3nfNR; zgtHmR9_a*H-Tab`*W5I07>M_$5*TD`z+INu9|?Gi=VA@lu_iSLlag2s)_5*rW))n_ zu7jflx;)nQ=*vRSXskz$x_XI?!!0@N`Nv^_yz_XMO1coA&8bzZhb#}5S(s*ANJqm~ z2g+Wj*0G^QYVj}(Z@{jOH!^a2otob(fODd1?#WmhH{;v$CG1?)ME+UcI5RlhZ3bgr z9b~xYlXqbfZhDREZvig&G>OCOXtEm%tMvIRc*=2R5qIwn53K2E#d^PL3%%gdRcjMNUYUY<`n_8G28f3L`htGx{&!=_z zIOy0n!9%F-nIpN+O1X3)0dU1H3<*nPL!XQ<2c4kAg&%PX`%aRDZd_t z8wlX$w6)i&R_N}D)v9I4_!^LBzHN(EbibD4Cs!>(Z3@5>PPdd14nkz7TO z#kTOIY#4u%8_#YD{KHBajp(=ry3{~$Cw#8=(c>PQvFz$Jte?}iZVbQ@O#6_Dggw*C zFM0Ft(KuK7*&+@Tt!2zII$wMRJK-#si`0=lDO2>;Bej_)V?G#viKNrrsAOhgvJb~s zjT|Y1E115a-s|Ad7)ah|Kd#0(CAQz%d^mZ&PPKL{jvt@Sg!&7_c?088137W*$KQmw z`NOHc9+OWkZ-(ED@cNDh!RFbWZy{W6Cv(T-w;6j1W0=+ZMucb5zcUny0z;^^*2V_!ZYrLP#jxSm#3Et20K=#xKT3h z*_&7WG=YBU8wF13Ir)08K+8^_iMG>i0el}8h*Y!LWPdlz7!Jw9!ic@34y%}L@Qi!^ zXoL>UA`4%ai_+7p@iAy9$F-;zi8Z$JTO6!!6JzkTD2;`+%`*{R#&A{=)I;f;kjKdk zcWm}uD6=Vkm}j%8Pm_xPyAT}<V)AmYhC!b+le8GLcr<;ksa6!#XEUY|Vn;QyaTEJC zr>JvqkiO(`cOr|$wNosw!$R?*-#-8k4Mof1siD>Z+exNyOt%1fz#@cK_~uyS8)M8x{s?fmiz9L_l6r!5MEAl5Pj@GV<`^jp!j}c- zSz#`Xycsvi9}{pHAuu6JyV{QYa-Q-5C%^DFVO_=No2bkiT`On$AGEUh9vpPb`q>}t znjiU+xo27X`!QvQ@!G?DZsfaJk7F9W9)~pC=k}OX1dC*GOf&>5$G zYSTaN(TSD)1~kkV(a;R?R-k@n(>!I%9GU=VW7; zlYQLk9P>@zP%sp0F^JN-^9*?4oVdP(0xm3dPr=%}XWckcUA4{swGOwydc4rsKa3kf zIYmId`;CsrN*d;L(96SdeeFA-_}nny2Rv1wk7Nb_2rG_Tn-uScYD*OOe{Hrq6B+BA9QsXJD5 zbT%$_+@LuDT8<;hrR3XH?9ns;aK4oKdlIxPK)&_9-ld!gB;J%40ox2YkGXKe&g{b>uDT z)Ck{=y?!6x)IF?4=r-a5e7kF&)8OCA{qyZ~vHB3OQrD(H|7E`%W$)_qN2H1R`7b`5 z`pGo1=PjJ3U{{kS#;3OX{@EqsDq=YDA^Y#b^otQ6#95+BEY2mMOPtf~-hMZ&-qQ*G znRYzjdGDFDX?TT*uvVZH+jWCpUjlJZ%Gbmk)vGdJ%aTjgL~Km9ld4 zz%+7So8h@wZ5M(SI#IAY09N`2g4Zis@a6Um4E}LyN2Fo7?8GNz>&ifS@;*WXp@&o+2X~wB3mcQL2_|s`e;cw3ne=dA3trE2t;HAwH`33c) zQ0;B`*~jt|u1ADt+4yoQQu~GQl8-RnX%_DR5qJeYjQ2pmiVjLSi(fl=<~!$du%$P{ z(vxx|4gNiB{o~1#`7!;;5>7^^aKDOq*A+p==L$E`ocp z2{#LWJm)eSPyXCE6XM5F9!y8q&UA%31|3FDVA;-Bx}mv`cC$b+A0m@i}J&HLFp|Hj51i8!Wb8%4MU_~SX3g?RFp z8|TYL&bc%Jmg$eeQ|L_}G4Cu-^KR%Z#y4>`#rNWV4@edpXum;+6}&cQA8<;;qleW`a~guV+y`i*($3tW^4cn*D$ zgL};SjXoY}wK}xiGcaukmtXJ<%>UjN{U>*$VTueU)V~|;XymgUfBncT*G7xbp3r7< zZB+UdV*lky+wI%%VzmV6S)Z2jxzTU;7UPT#akb+~c+*cPRLd>=3O+}IbX%~-EA1fL zRsNL&2YqV#IEvIti{q0P$5H5WtK2s+MC<=B3Nx zg?%p@27TTO_bEFDJ`Qn8aW%}$5AeH44W!}yQt#R2*o0x@)d1!d4NM&06IGV$WZs@x z!ZEx|_3AYm=7GMAyAdY8a@7^dsM&QB8Kv{^AL+=3fy8R9B4!+(06#tWs{m6$*}xAt z^o3=Z$5%HPtX~=>`amc+Cf?PcL0o*-cu!S|{zoaNl$MDvbAE?q&ajUwbK*W8>99Tw zJuz#&%nRrA)@YihBuqI3xb})55Q@BT%+-gqlv$mXnVYu(gqwW&cMdYogEpM?kndAT z8uc*0Zr3$5v^REiLcJVEA0X`U(1wZKDp9t~uamE=MC*u}^L<;6eWHWjK3NJID&`Gjqf za|{CS!^YG}fDzlXwZ%t2&R1^d;>1}6i}PfQQ+SXxv{^o0oK>*!r&@TSF#$BT#UJ6r zG&b5ar-#z;d>QR8|Jau&9j51e*5?2#ya*io@;*$VIx7Muh^J7U0~q0vcxboz7sOSh z&LeM-?XJj!k*)YD#(7|dA?|#_Z1nls6X8dIr*Ju4U~ye&;iX^Aa?<>RKKrjVp5pm)5cIJ)qk>Pdq8z7rW z@Js2eMnfm z5uWS)KPVTrHykTZDp<#r%2WdTViId~3F$Qu#_bf0V+nb2lMy$JNoqM`MSSH*vugpT zd3%NvLwb@|uiG$uw*r6en(aEa{>ScttmHQ(R3?qfqqGj8&^wmP_mP(6(vEVGx-WH- z)u%lyeBHs2g$Q$CD)6n~sEX`6%q{MS^T$6~ge@*><%k=DoIkNv|q z*oFvx;yBL1@#Gfb;5>(mBkADyc^(|3MgF9$`F=Kdm-_rme3MtsPcZHm_~ZP>ukhqA zH_p$a%x^pcSf+m#PoXz`#Jp49=H1wj=kQIOzroX^hkX4O-~2sg=Qnil8s^5i+;Y8$sWNA^oREr7zH&;SdIlkG)?z^vA4vc5dT&hn73H@jHae zFF3dHzqb>#u`htX{b37VC@{Kv2JM`+ktf-Av5_}I=C1vfe%c>^gLU9b)<*LEPYfIJ z?dwH|W7I~xv$2vwk@`{Cf)xt@8KsfT@!^YHW7WQ=u zEBs#(;^9)u13Ffk|2HlCRb%>l76Bpw?v~k4wPrUo|e7hN@$97wI5qc6voNBiqJvT09 z<1|jZZwWp61q{=ZFw!dt(R1U*JM^~7LytJfhtwUupAC6Qn==vVTp4VQZ?-wx;K^TZ zoG&|RbG8L6>q9A?LeI1_u`=p_c{lZEd%zIqc6gE(O%EEg1HSot-nKdKAuinJypJ$x zQ)F&g+7#OUe>m|`ZO%sy&T?&9-3fJLYY+0;BKm$cex&~8;1#-Vn?l+J;9qzX+Aa+3 zei2|KPagf8<|fR6nb$9N@Cy&pQb^k~&VdmgTp02&A&Lh9@|&D66WYgXnS*~!%V67| zNe(@>KeS==@wy|znaOBGX(!t$bxwk_-pXZc7L{oueR_k*Q*f6Hb&$~Sf8f? zHP@z@XVZMlcA6V$!_9Pc&)lk-c;&3BWaXSWRkP;K>8+euUDJc{SXHuWR-z`@Opgie zHq&Mtb{Ke-cKUG3x7d2deFA?`?K0!c&u_Pwj_s?T&Tk`JoJ=R}CEs-%@NG#tY4;=@ z+q8>at=Ew86x`HdrZaJVUZlNiLL6a^!c*u;dq-Ki?cHL0 zlU_5P9!^NU1>gKhdv^rBrEL)3=Cw@I7w_-xiFb+3|2XYkorBYBZ@dNM{O#TR2)b@t zwx#V|eH8sIZ0{N(c#vl5PMbe{Kud z-W?6z*xs$cWTn_s+Bn)rwt2p-!)<+lrOtQqiMB=d`Q&T6nAX_h615a*q>Ul|aJ#kK z;$C5Ki@p7(<$-Ms$6Uu+xRn+z&)QgL6D|inrnMz-eX^Nujf|@0+L+8MbIuL^%TjT> zkMw%*P^82sfIgP5=NIq7qJcN6@g{5$z&`5y;7HzI#~0~yQqQqd=`DP0&v93B3Ys&4;v6YZ&hE)TeQaZWXA0 z`%Rstj$F!h58z8%e4^Lfe>M#M90^tCkvG9^V`W_?v&jBAyQ>2D$nqiwp zRRzACKHwYvdAB8!evGEv(3qH2D{VFI1ni@Ml_hk;yLrOa2Vr0(G{9JIBKL zaWS?`UPr}g}WvM$1{0^8`AX>Yl{}{s}|0UlX`P~2uC^65{^&m;@2&XZ+JM24zd1; zP8fPIb(4ktriB$b5|(Qs!F7>Bb&G}nRtPuOg#@?g=dBj@J0V!|S#ISce0s?)F3fsJnUAIE@F*j?TJHccHOpmgKfVUUdHgcweeIae6kOZ(;Pf* z;NvRy)8xcW^U^I%W$1nm?I+jbNUOq2mm4?7i)&mzM5ib{J`CjrKl`!!AWQkxihs^A z13<}lHZQ7?TUC2te^=x~&*8fX{llDc{_lkT^!MEIlPP{FkH=p|g@J`uie(lqz zH(ot!>HXT$bLB)FlFr59ryr-D)BF@{&%F!*y0%P2PHvj#EzRFqnzFA^(lbpl#;|<) z>5A3w9a?3uqhsf9oO;R9`h%qQ6{J9XiW9Cq|>2n|3SpvZenQ zOJDTJ!;@D|CF&KM_SJ~Au8eZ&mZ;Z|#?7miRftw@y7B4_OLMcOc|2@@QX?@Wb$-!z z)Gopq#DN8HDgiGxO+ECx!Xt$_p^?{7a?kWsYh$-V87P(MO<6k%W2uT%BAe>zQ{)HC z#NGmb^5c0%tfbQkOm^Np|DNC+${&*-oEyVx7RD4?a4&F{90O$%eQ$%mcks6j z(z6c#9q&?y-@`l0?@p%={tZZ(I=2#aj&1q}fDt>%Fkc@F)Q37QR`w>+xc2lTgcDBs zb^o&8(uXqX3d**EJf$xmgW(_!se@W45OykHa{E=qst9q>?PwDY&t`FQy{SR_-eA!O zgKA~JV+m<)G;=ZJmEYs|XY-99FYlj3-Z^IzhT9781`g{oct3l@PqQ_?WnM{eb6#np zm!?3c5gBZY@aaza(md(QZ2DZ>{=C$#s$}~@tdnj7SU$J2&+YMK+eLmzi#R6X-Qy2= z7yhE+gtngd0^S`h-ktC~9`!~|f!h^-7^g6@N2$#7q&Y?^|E=tsrB}-6WsR!fLezD1b;cpi_i^5p)=mG1f)(ye)Mv zP(bEf%x-Eb;t38N%!#Ki9*Fp0(HdPm1mR&_#A$~mZH_Kh0EWLxJgJMWg5=W~>S7h( zsf)dHeOXZ#Wej@*;%KwkH#iN<`*yZS%|=?vx0+AbHL=@-Cmhqzw#`Aj*x6a=n+;if zgyWozj}!N305*y??XwS8qz<#R54W_V(om1xG)LGpwKh#Yo`UI$)qKDUtkfrIBc6hM zd>X~7!P027G^F1n>HY$qqSKbBBW>D+Hf@-uo7SayluftDrjz>2dM~tm_(HYV!ncIz zxb`A9U9oDj>5dMiI}>zRKKc0Tu<1H&I+wrmkT$4Sg=(pVUuNN@Y+e4&3dp@kt*~j1 z38l%;7tZe3G@rC-MBb8ydO#iJSi+ZIvFZXm{mbO`4;MDncXjFNrr&C7q045EFm)a? zK?B2CKTdWn0KzWaZN;RA*XRXIcKHN9s16)~?0;3OhFTy|xzPL!;lE zZ-=DTc4d3@MiOrfI)5(c$Zx!g#!J0F4{#H~^KAg8UY$e!Mj($! z{(5^rdq}fqUcsH2JD{AIZ&VZTVEAPiTD_jG1lo^Sc(IEcJU-{)c*F8V|L`VzwA@5^}i%codff^X4V)}I~m$GLWy zZ)d-bYaN#nFX&#*r>>`FzG)Z06Q6-AP*+;Gt30?^SuN_+gfmR~s~J9G(s1ts?aLZF zAMV0kYvD+fV=b`_F3i^)7#*(pvhbGP*FBhmGWOq$oZR;yf8QJv-sD?>cabBpejDj9 z&jV>Fbt~Sxy5iYHD%CZV?n|$O>%1Fp-}Z`uiBGJ-{6PfFIs>$*`v<$#|K{Xc^u5G> z?EpHg!=%M0R9t-*_^U0R+excw0M|(*n|QfIACC7Wdm7hcch>;C?WXm}UDZ#$?$N0y zAN|KSz4|J6gSg?Z5cob}aeprow>=viCh_Pc?+xrSRN3k9zB72oG_mHLPx5{@a8_CT z_eA0s#MQG@^6H&`RyzI9^%|$--}KEz*7pJj`n=Ww`GOSOg{lQ*-`eM@w=ZgrZb!R1 z<^BV_=z1Jo=eux!MQ4+}D#5%1`j|-j(ABuSzEOLd>S}L1vI$Q0>*#t4AN8&6_703u zK{OxK^&cWXtRH8xY{#1-URC$v7Mx!A3DY=Et`r zagi$3!=Nkq1~_el{AKI@(%0nwU{q z#$~gj0;{;XV_O2Bz=x_792X)233_VSLQ;ht1_WmQF0)yhVy^k62HO|D#8 zzp@jXezPkVci^>h){L3>zjE%(nVyfJezcM9mS^e~rR9&V!HI#{GHqdRT7$J@S z3Gj@&2apcJA$|U>w*3*ir{z?I2+p*&w#81y@jeu3`WNndUP z&R{dW$P7j$@Qrc`eD8zrJm=vlzq4-%VLu!SNm7Sj0{_(EJa?XiQ+3t1 zwsbZw?~KMNvA`{L)|83y+ei7E`$-nS?^sfAav|LqpMd)X*#9pB9eFqXBoi)oAP}a&-hrUs?HvgE-QIzq-|byM`rY0Iq~CED zkcWS~^S+hyKEZk4+IgSoyl>;b$F{}$MAPr4J%lC=(P)V+o8sObB9_S3P2TBL9=g+s z`ajM3bZ#F^7~^j1F5?bT<^T%ZD8RkA@kcCZNt1qCE5xt1bFGH<`fc%0Cub?%oTl$l zSsL#f_IwdCZjQNcq_wwo9US0TkK5KcO$jmAeu3b?Y`}1?i zs6qR)pIPNOJhbw78gV!2I4{O)6Yf*XT9-LVm{;=pfZQ#j1>)aP`LJ3r*nw7^*C3#k z!7W?Hc`>?Y8s{%S>oFyCa8rX^Ue`1L_btQp%5EHqTHbyM_=yF^*R!M&-<&7mocYxS zbo5KlSp)NvtK)sWohfvLjn7ez6>li;+C_S!_w?hYTp!fBQFP0c`TSNvh%xd1+~ND~ zzbzk(RPDBerb~Qxjs@%By{Dja{erA-3n=??;J7az4(pOteEj|jvU{KaKFIaeX7IOa z^@RF=T?yPM_XY1Yqi)?)0{HrPVzqZGhph^>JhV(SjJ^`B4L7~%a%K2!et4&Z6X%@_ zcdCz8ON;M0@OV#&)>+F8&beDYe~Y-=#;xiTcd_pM49_EO`PQrY!a6~Ek2&F0PThDC z;qXvRKed_#u@z7I;hugxgD{sK@jizzJK$)qcksTzaBH!NlX~}ut@RCwx(1kvZt5ZL z_IY`0){Iob-hyB}zgc|0L%!Y!#^?Bs|8ScIlpRKVx~6Eg)qKBzv}#-UjPK}6<2ndk zF7$V;N)d*;mDV^mWPIt;o_;3}6H7&ssFN*2Fo7oh?}4+dw4r-d2P(3494t0qa_K@` zv!ZR;VyRm%0)9$qsLohATq~_D)gDjbh!n0`tqxGOZKZJAZ=IQT;!+1Go6b_+$k~_b z*1b=^uerRmacCVqg@^B*D1|O{U@+{!Q#X$*g$~ZA(_!PHi1;5zLG_f{5)EF$=+)Pr z(qM#JmgT_PckqvoYU3%nj93EVUlF1%j+VeLI z;W8c1M)!F*QFauUQ?7$ya zo~{s`f&L9-R%T8$HMUtmtt%X|F4VpMOU;$@dMVXee-R97L>ezeq&ZJ2c%;5ea&E?{(y-(&{9cLRZ1fUKno0uloBs zo?PIPBTJNW|G>}$J+wmlvM9sLKXf>&Av=G@C&-6hSTbX-Gcd6KG&ly?#WIEA-<3dp zxu>*q{XjL$6csiv@Qdtf53~ER?XL^hfz0pHwGuTnIE=wkCo!) zT&RQ{0eg6!qnkby0e^{sBeGd=4Z=Y@-qX1bm4EXF(LYQ0(7rh!Bz$)2uy|Icp^ z{o;G?-s&)AV6qNK{;Q%wRFb zXEN7Jnxsem4c(a9+Mzo!L>DT*nzPL6M_2yi$%(^FuRsohi*le0d|6=MyMwDVAFh#$ z54!e=T_}liPSLe<9uHY281Z7jGCObHH83X4fsU@fE zx#nA?f>Y!Zlu@DD&A~Zk44k$9DER&XpNStUIEx{3{z=}sj#PwwJ$nF;tYPd)oL%b@ zS={2)KWG*_)OpV?K49tK&t^L1cLwlaa>3Ipo^{;I;ccqMlgJEp;etK%ExHEHvPIWg zJu*K2*a>?Vt$O`b=$2Unpl=%P;}<^m(dp~kJG-FW=zhr9?Y7ycUt9X#ga4Ged9~$% zwv9OULps5+zlWo7z{RoQ!b@+vc=N^|3XT$sgKJmBaRAcIv$`-H@3_*ws}I(@3td%C zfOhrbMwKqOtH=JTuAWo|CJX!7)#>w}$S$4soey=MuG6^8x`ycKK^E7lw$WB=%0KzfXVu*iFUn*N%dBFbg;Os$lC$|Gd2Y z(>nmK$Rq;qV9#nb@oRth(M<DcNzU%o{U%AVpyNw1L?^z25!0WC1 z)ZTH%w6~5Oh1c#xX2al+YMs6Q`cEuLcKG!=f(NV&;}S?UYq!(qT^@V+u~A{yWvjXX z+y1Nf%kG>x`H@j!?Y30)uP4`@T>br9zdl;tva1tmTr~0R{m!|&^Q2cXUp7kKFl#(K z$fBrd`{*Y>eERzPM}bZECBg1D@4MrPwLkdE+R=3(HMqJ@c~`1%6ut-3>#$Cg?p3dR=9FWmoOb1&vW6MK3y^m8 zXS=Y#g$4Rdk}ohleU)96T@~u?C-1nRbZzB=1^M$5o!&Sd7Bmx2zwu{(eRujZSU<}v zlW08X{--m7=8S=&;qIDiS8@J#i}Bz}oz;Ti*e55f<6 z-{#ph@=1OLC)=;1fJf}xB8OMOsk(o8ddsG_9-9bWICsBUlIk9>(Pwm3M@ zH_Rl_e(4iNYj%F^6Zao=(^QM6+`-f4;E_6WbO6uM!^zAB?>23XZ$;gzf!*I2I>+MM z*TL5jfv+OV#wGZ{R3~^RrINO=V743Q^NuB)jm+m|C$(>Iz<*>@h?@9-sw7s7U z;%i8vm)#HDus6PQt*3LtV6tn8dNuRNmp49i+zNwthJ&{&0`GAlyy8F8>;E(gPK2g$fF;c{GNq5Un!T>4j$Q0lFG&7l(ZedZhK3`IRy(J zKFac@?{6A0b!3f$Q}Wsuz!}sXi}5Sxcb{_jhfjP%>!Q8`&Egwy@ClFU06v{phetc` zSF>-;u06Z3{brMIegBokd4hvec+3QF26+^Wr_cLU^YS|{`wZ>E3Y?`9ISx7a#9j>t z@U`M@be!G6&Wp7i?(H|__`g2?@TBEdexG!3t&705K7fmJb(r6C(A`!1@;1jky7&b0 z<>ERq0@tSlxNwtp5_j)9xC)>8aM|%2e)1u4WgVUSjDt(++-DtJsKXfiSI;t6xh=pX zvFYr>*fg$JGbj9FR{O?ZK4i*b(7`+6;1#=kih~!oUvn~~0X^TppFHxN6E3eT^x6pS z9lKfk7><>lhBQ(h8y%cdKTdaWVyp*zo_ST{HmA?KW7978GSAD2&+5tN96VC4XF7Py zYSaST8dc1!R!5A#;=Xf#y7#4iU+DX2E4t_se0TtNikh3Qb(e#!|ByajrH)+t;Jf`j z_gu<$isLN)*v5!%o&%ahkr%=Bzxv$8*Hliv3i=dCGist^zqH4jmn~ZV0^3Y;Cd)tZ z#kKzNWlw?!;f4ACJoxy6lmGfOc3#zC`e}%h7&Ncy-P(gXc6$2L-;cye`A%@;djW8{ z_`itn3myDz+&O2O)b`{F!`Ql{Zg03{!)wp&Qk@rnnS=jg2S4@TOZfhB7(c4IAn&>9 zmB~l#x$xyEc`*N%My0Pu4Z_8&hP{2;KUi|e>#sZ)EmP)y2Zz5a9R7&^a(rLu@TZMM z&=jfP92)Cas~^MRq}(zi{sj*Hs~!BTvtPmYCI`Qkuh&wF$LDs8El_1sFMhZBmS-OR z5_BpbttN-obq=lhpmi<2zZ#|`OTZn&Ss26~%nD+mw}t-pQ)UfI9eqUMvxgm7`Lnz< zn;n`rI5gS+ydK|Q57S&SkkPm1V&*n4)&A|KUUpi+3#aGFE9=5vow~qw=tj`F$)PpB zo&!_b`MSPUXbMAFEz3ABFcf9Q>>Y-v;hmbMRx41=Hp|>3((1#q;~0*mTE?eC2+uQwHA!9;w3| zquhq?+g;o;@H?`uvy&S&;dKxzB}we*!^)?b4DMTV&i(`YUUPdsdY^LWeb1psS>1{6 zySA8KRuye(Ijeo=rjmTL;ts9vJG5Bl_u%{9QD`+Jvx!V<5EDFE^^Mcsy(7Enm2vs# z^f+|x57D^~-#;9MPKR+So>iYb=h}nLS&=v?PubHRta9i)7^3q4z8}g*N9wBSu{`nm z^y{j3f9kSG9VVUQ9XgLVbf^;#?IR2S0T8vd?ez)0ajmudGAs z7Y;4T@o9Yj(xD|ql;5y@b=gJ#y!BIWV2@P3ybU|_o(<7^2H(GS==s^nPw|ec&fTT! zpm(aG=+V~A!@RB73$}UB0sn6u8dQgL92bHnI6X*@yfc z@V(&RgxP88)tfk~)a)03p1tC>ckjrD>+=pS+R7J!=cQ;|Xe3Xo`gz&&d!3qymM`;r zfrF2{{SmnS6vo#$fNA3@^^L!DsF~j@zB?apmpHh{+snZ7muOtzZU3qB?%n5e+x6w= z?eY-5SAgqP2OkHei&NcZ`^!N^8;^bICzrl8itb+Q=+f)JBjrrn`5M08aBwePU^;dU z%a3eoz{bY}ZaWyjf_FyU^YFSIe)Pc`7@tSUfwtyShtA(abl$}GTY2bo3}Sk7>mr(*cyI>;)lU4RbND1y+sxdZ1`oPWsY^5^F|hfc9Whhlz1E^`)|AYY*1S)nOg)JoSZXJN+&{jq4p6TZL$h$M=LWXw<3tt7km;Ui)R( z^O~<*zV6W2#-YJ_F%jR}x->ZEiR_cBUrl*?;Zoroap_U4k-JHBtrY}#u6Gn+T%r~6%p?(Pm>v8IK?e{FHIq!sg_zno++aI{5 z1@W=*_V7)b`1iNh|9blG^Wpo1gOBxlI&dB6;A@ZL5YPgw8!X_qX*sT>_Mbl|_S~Zf zM)ymZ?>YxB`x^%X=L`og`Wt2n(%-(AEPnZ-SO0!SCbFIpXMG4~1@KimIH40^oG&fd z^^Iq;-@h*}&PE3(+xD5jH!FzK=kSdipS$+<7cZPVij98F(XATbk+NqWq#ECI9NgH6 zrmu)s`($r8?B#opzhe}o?za-1BSm;ho^jHP$k*wHoGnik+}b?~ClxIpCe3g&Mx`x=4$>m%<> zYyWit_tZqmhc@!)5Iz)E9(-!fxyP-zZe-JjNL=K#&Eb`}JAk`0%qwonmX#RcbeVdu z>2HtizUzHYNApSC9Uf1_uf6Bqj87K;SKKE6hm+WiHbk=fDM?T!k9o%sT zH*Mu{`0jRa8=gBh^mnKGQVDJ(U#1RU+}l zpK|t_*y|MCxBiraKjq-3%va<4cn5!bQlz6^d2-%a=lpiU?<3_x-8eB+etp2x@8GJB z4PTEHziTo7CiY?wINb6}p+RZHk7mcEWCp&ab3eovAzCSZIojSGphW9$2eQ4)@=ApwfJi5aO zJL2GGXR1#h3+zlc*W=_$_DkEJy=wI{pC1M186ljf0^eyaPT&DH53}0+(!p<^a?W<# z>ky^Wz;}j&6ZY94q=kk8K3=uy(a*j(56N=t2=QI$;A6he1g^7!_*#bh zakAIztsQ*+w!b_1;otu}KaW?0aGnEv=LT__0~Lu49@f72=L^?8e)pn$e165jNgew< z@O>eOlRK~*lD+ZaJ}UyrKg?SA=^v*K`DWho z`KrSw+vN*^`yz)=)&=aQ#tKIq+tgV^D5SSP*D-R%vsJ&$!z0V-Mh7p;>0;pgatN>A zNymu^pskyC%2f{yR2?5BQ`(;Qow{`yaJjbUQhZo|V$2L(PTsld`H%_*o_ zqiI76YMKP;{I$cY&u^T8y}m~JYQgc^!11E|SdZt8951$mhql70pZrq0FN!uVwQtQ3 zBmCAJ{uUSf&3N8wfNvfoC!l@l2OsXd>G;x6{*a1WJM7cnpuVB}Y{$vChm(%!wFJnt)rhe;Y!W7_EUpA1=H$fG^S;~>X_>iq+FK9nC1rmu%# zzeiNs*w&Vhz9Kk2KXZJ@CXe9xXnuVBvFN?+njL+fmN!gCG>3nJ!>9Z>j^~pcK5`*0 z#W66dH+A+|8Ycbzd~!tZL+SaXA%^4eE60PFE-l|Kxa3e=Gr;@2Gx*ukDny+%)Ovvldq0GkbR$ z)jx?G{xuGt^mG-^*ExLbK1;*~TUA|3H7>PjanJKa)6w~j)%50g+~jyr8verbEsh8F zY&o)=Ir#Yg`M5@z4_X`AYbJ+(hr_2d+{W`i9KO|&n3|B1=FFk$;hv$J>eyH0W3Sm9 zkNYk>?&0|X$3t%Vv9s5i$@`~jN4EWc##ViHtjw%fV_O`^$@dhr^kZwcp5XZzE;biJV-!Kyc$|=)fgLkg$~>4B z+WeJWyhC*906$|MBRC%aaXcs=U*P$r3lF*N#YUuFSpO>J{(f4j)OKE8J~|%F;d@qh zPJ;)Yy>RhqQ1H1_NK2+YJyWUDflA^uP(54-7=E0bC^PDYYjt%ccALxJAkvBBM~3gd zGrF!Ai}LLkuCGJbMSxwDlhF_x+K%pRxzKU#L*cpt!v2-RrZI%#z+j8hpX=}xOA){+#}TY-_v^zb~`;_bW^2Kht%h0^)pNS&_vHCy#@>Ky}m zO4AuGO{A}~z$?e4DI_&FJ6V-19!r zR=~3l$4A`-3$rI?>bPi5PF6~<+#H8|T9wDPmESHs*f3O__r&iY$FDNSkNTjM@LYxC zr_4PW@oF>U`Pz@x+SeHKI>Pa)%JCu{zKQ2*9Ix2SB=mL#yre(BtGM6qw)wa*pW_^# z8XO<8AzwV#8vrHn+W-EL)y|WPqqxb)@8lbIA88?Jp5dEG{v*OGY_?1(05r#mun1tbYall z$@!GcdoE?OIWSvrxX6o$ghAA$P*s(YrEIz$G_-fU$(1)5wVkAgR_<8xp&PQ9V&^%7 znly1;W9#w?ABk*->W>GUj8x9v0d9b^j4rsLSsA&QS*Fe5-KzhypvZSGXg{wApYYna z4F`B=O{yLlT`E9sMs%0Ze3=C?ZaVPU9dai+2)Lm zA}7x+#!J&0EPcA`XoIZ=x+S@*a@cV$*s*wy7h{{GqamK5Stn-ahh3Y)?&5;o8P8pv zv4b))^I|Z68859pytYI0A|saNBX?I`tgPonw3x6v^i_`;#r14V4zh*{Wow~R#%7cRA33|eDK6}_p zN&+qQ#mL?qJdWZpEMA)bMOxcM-lMNTCinN$mvA~5tq9uw{-*mI`UVeo<@qkw!tt^v zb39Wtp0JA)YUif1!=XQN{@1dARE&I$}NdiCUBU_n4i3KnX2&mTg#Lli9}D@b^d_lqLbGqbZhC&Gke>AOI+q^G)2YCl z=9V6t1EXZg*ho$?y}k0&_nvQfTwI7rwl_nVCfd`dt#>Azuy3EQ-|~ahL5M@`P8G<; z<|{r0CaVXC$4orW;^Z_X_Rq!16EN@f5!Iuvkv&7q_nH!Q2OibN5p@`ud>Up$m?) zKsM|=!Kq9YAJ52}J!-J0LAfKGMFpizg&KdZ>CT&9&cN|;?)53*eBmOGbGlTJIait$ z9Xk2@Km&OwuV--i@D(swUQ<4NiRZ6zu{z(D>TuAS&Lq@g8R>BeSt(>!K{n~@HSLMj9a-wb?9EbWwu|j#C-I!fRlGUCohe0e2eD|oV4lwR+1%+jl#AF0xc2IYeSD&pTl} zXwY91cVG5yYKYyCtM3nS*pycX@qE}BTbXL76}T7_PsGw$6Asx^zZjQh%>BFf&k;Wh zc~QG(=Gr~N{~6dvo$ocvTK z&j9N;XFQr6jijTfn1Uh_vinJEB6f|<-5uK8z=lXSSuWV;fcyI^U_&co+SdrXa`l{X zz7FKDsjfW_+zTAGHnu2_wrB@p?y6qyLH8@q%Lw&B>AwUFm$e3z{;-rj$@oqpHK;@T z`-|Pps@D3`eg^5MdSW-1Z&!fJ@{Q#E6VF#Uc~ORl4|I$HGMpq!oS=u}OFtSF<#o7{ zP+sD3gX3|-g~xR~|Hbi8`oPMdOD4`PrSli1sDGvuKQpzZ(U=SIxW)1Ko8v)s%`H6N z=6TT0UKbXgRcDPXmJlgigG{>k#{~nY=0XK7AmdKXxcMkIH7*~0-{IuE&&f&U{vMtm zaB`|APdGEdLZ{ST@FI~dU79%Ihl>xZRyEZ7J&xBSju)lpUpznNc)99b*$KFIXPdpyz- z)$4dSeaSp@g*BVJYhHY(q<@UsliD0FFW}OT%`JNR;`}*WtUZx;hwC|`q~^l$;cI#= z?_DFG{IAFHC;~kC5f3WYg?%xvhKuolzT}U=_+&>qO9f8!%*{&AmKs0odGB`j4VY?j z?+a6TXvpz-4Vd&}^F+mcake`y#)tKj*@u;g->T^St-CU%D|-`vx7>$m{-Ha zc*SJpxmGvK9He87R^410zt(UaTuY8mRbbMO_)s12rZ48ya4|lvbpVwo>BZdCzq`Jj zGdLfc4&Zpy03Q8_2h{<-z8I6lrSWj7dx^#OyO$JOka;EBC|_bY{5rs*AH%Qhi?K>v z4Bx4akrU8r*zHq8f3o&9?nid!@EZV&euPi?Uf&mUXt)@@TOC6IEH|>HA%i_V_)bD7vqKYHaIUmAuT15s+TS}Mw##Sm27os)#evFqm0v)!twG0 zF8vsSay~Wm$<_-s zD{d&YK#WcFtzGDyPYhkVG;{OdlUtgL>8X#m&ZQp~0K9iOd7x+NtgDWdloiDBQu>9H zg94w-#Cd2UyCmEVF1T%h`Cb9ISU7(s+An-qqQM#$!rjc_QoGO&n5KMjZSvBVc&SCR z=BIA9zYJe5Mlx@6!43j$@GD@Oq-{atQx4rdJI)yU2M(Lceh6?wIc#f2R8|Uxd@-Oe zuZorOrkt7juw0*c26YSRVy_FP1$gcA!Hk!VFIqn#{ExmT#Bx&Gn8n#@1hD8wwn{RG z`{K-LT+CMC)gUQjV75{pUdHQ1Qz{Rxr_FdBrC3b@U3(v zy@Ljn3zeMseS@ff#~bK}cn#us#R8XpEG;pk-f@IaAO&@tO2Eoxou*_^(I4f{ePIs61*(U0({Z1wcTo-15N_|}Ah>iGrrUhcos z)86Qgv0aVk_&9(`Kc=fBU+lfY<-*63t-OLx4p;mY;)tF>i)T$7d(dsC?*T(F8i+nzj=>j9vfi zz~@80GS1IWIbI`xOFx#M!+kM-hKuJlAful{#A*NbKW%S(J?m?u{G7w_83RoE5g)2E zM*CtO4VTUbMcI`}o;0fA*WN$W8oAz3Z=Z2ICIF9qOmE|TC21lqod?q!wnk~^=h>2T zb5OOXO9yJ*IXACK#5zM>3prksfJ;B(MPq3n`eGjzE}fTtYLAfHC-Z(-abTGY2R1_NH;~*Br%?8zww^nGc^YIX*LhNk68; z>Au)wg^Tf#51Uloa>#!>9XTmgGxd1!=aw?{40ZT5$7>dF>Bo3|>I>g6xSV)d9kkb4 zz$(YuJEqL_diktZU&is82VD9wUUPjV=`&nTyp%&U1-$C+{bTo-^a0(B%hXDa*FxaZ zk9bktv%pu9KF7s)S+Zpo>KLUoy~_39&rQ8m*-&R|IP5QgLqCSS*cZOUaEY<~rIbUV zO&WZDT{xaaHuf!t{WWmt$8_|SFMQ+Ra={Lz6Coqu83xOoZE)U_kpxm&x;XFr)B5EV++S)HSp+1 zJgALd*HnC&8l^qGPW?J0M+wx7D;d_Nxl+SxPdA9(Uek`9i z`(ob}E*E(Pd@#zJKKEqs`PqG|=932pI9@w|OFyQY?Y`K9h0BGP(^#_f^4A*aC%>DN z-#V(p9FJYVqaX30_IRf+&hf*=csT9ZQ8$t`FI%Zq+J+X%qWq=rjdv>$qAvFjzLNAK zE`~|_D%A{y?=`rIppBKYVmJKKtk{zJ2D%~KFbaLN-6bDKB{Wf*|(i)LuT(AAc;r|RQ z`Vl_a=Mi7bPvK(tz|74IhS#th#lJp0z0{GAxmd`UR>sD>s`Ki!mszKLEAu$dhD)49q1f=QJKT~!E&^I(MYZ;keBR3w}Yb6HSi_* zuG4*_5_bcC(~rq_)fe+hxC)Su^tP|<%abGj-fX<5vgMmPpTB`gKjK5}*DYVnE#cDm zguw(lq@!QS9Zj`yXtfUm&OXWST#&XLkGsI5ALH?lFMN>W(s@A5t~}a(FlEJG6TeI_ z&@<_)9mnG#@aV^QJn)sIe{tzNoYP?mmN$&dtYIp#<<02T!n`CNW{$@b;L(re$zxxf zy@yNZ5s1+h9Hf(xieq~f4$)XNgjMX{OliAf?an6thJ3;}J}-btKjK5*!Owkh_8zW+ z`JgKNcG!ziy>7KQn2+8%aJ)Qf5GREf)#K#Q&l8s`FVz`9@>t)xn|2=GZJ3To4!aPC zO}6EY=fY0d$}p4#zKy8MqUOoJL0ca-vA%D-kGvztqnHbiqIfQDz#|@~Dy#YN?t|=Q z{~W#)XPAx{jz>w32jxczJeM-yLFvF;5ti%>P#lE6T{CXM)n7a1*UyOOc$MXNQ6HcT zp2@kko*%Gd+H1fmY~HEQJ<@HjeJiSu$cDRc_!V97E8yA3311x=Om?KEQpQNPZiL>; zYxElSKN{h8=kP0Y_|&#m!gCb?KFf3DM>g#SM~bA+&er_5VY>;{MSRFM-vmw=w+B%D z{)oT|5^TVbmOa|rX-^YB@%%CAvYHD$Y8|!f6C7<(d?Ut2z<86)y*;NxfH|2PklKSRiO}#w2 zjlII?6slZmf0xnmcB7-W^QjLRa5Lhh?7AxnnX?8{BRC-gzL4Oxs zwq2MWYVTiG)a`}#8MFj$D-Ijqp*eOO|D7)7B$|5WSz9g<+Xi8I%DWkqdYiD`0Zssi zWdT++pyH)Xd3WlLnKPuZF_to8tz)$TPFoI3mMc9cBUAcs(aPspg+}!@#wzL}*ZaU} z$6=9Nk${SquC)GQ-Tmk}K4L7g-w(Ka2?7QyYx3E9cn;=p<83BvF-(;zURl89mE`2=jc;joe^J`ldaQGcKd@2|1@f^e|^HMg|{0ReD+3)g(uD*<~ZJD_h0@+0^L^iFmV3H&Hr0*6Q!&p*FA zBCBY2fw+XzQN;;_dl$$_PRJu;lv%EBKh3zjK(cKv5QpUR;^af0-Ny#p7+mssoQlsT z>7B^T9zV`~iLL3bYbRXO>ru`Vc(ssL_ANz!lRwCKV3OQ%xOc)ua-&@0FjAUpj>^rE ze!6xoqkJ!~3int4d@@_ZZ>};c5tBh_a&^i6 zA~}6@=`P2vBhOwnjc^u0*D?chgt)C2dPj5mxlE+Z9wFhXN3!PF^;jFB7D znqSnnJZZS*#4GTm^z;&9!uwUYBL^18dK@bFz{frM-EZILgM!mj9N$A8kiS1JN=vSs z77xh*eq;|xxcA0IXZXitggFLD<5yL?ANuF+vIS$80yfzL`5C>d<`dIZ3NWdjNXES{ zE|xu^xhYA~KO6ema<8nvFYCtB=N;%e442Y+P?rFkL;C)@{mDL`id7^fzCGfxA{cX- z(wg%jdpe9wS%JLt^oc`wXI$*ehx!eqJ-xnuc5K{)Eq9x!@piy_oRy{md=sCPp30i0@e2uIXvIo^z4*Aa5(J?x6^%m>)RQnZ^H)l2V|rq z;VvDjxou?7x|plLVDfeVhPq}+T3fU9o+B6bykv0^h(lUpXi4eS4=(uJ=-kRoX(2sC z%5-UPz%EBmc>I&!!0CIs$!Vo{(nCyE9(k=vmnzq^G`x4<;>cI9G0J-@XkpUwcMbJH za*;0saKVH_Q!{!o|JK&rbn;xiJE(?jS&Q`;(;?Y5f_4ioPR}U``-dd#n7;r%CYAWD zh{RUYB;eRxDj5>H|?- zGX%2#47(HfF^ZGEDLL+m&vQ9Ho`9F<>ze&^Y*jw(wJql&o#I$t&1}B>=$-WuI4;uD zhv>XO$Cl$rf2b1B%Vhr`j%bys9uK@Pxn2G z@A+=v&~h6MuqnM`K}-IZ1b&r1n|S<^&2e#nP%bKm<3U@7(V{_N9*I5;GvHDqWangI8M?3TiA!%m0|KZ-(|4C| z!^T>z0tn{^s%9EU7yo_Y@#Np`yM*}}0{u*be#n=StRH=f(9p4muA!{XrePQQBw57y zM(x`SV3Qvz8C!UkJ;pf#_7?sjGkCxy1AC=5ZRY=!hv+lxpZ!jY-^AmMG&efye@wIV zL+y`xEFI`+wC98B#2BQL`fvRzDQ){4@R*A$Q1%A}cTE-yD9L|kn4&Fcn+C{!(suk_ zvE|2MH#-UQhx)Rg0pkYBy@C@Z^ec7v{OuumrVE8dWq|Tw0WfZ97zX~MI~&W>H2MOMyZDn_Okl{4(YC zsg?1~)h^2oY@6g*28=$g7;IU9T;WNJ1LlYHN~-rvXd|TG6~G|BOHOj2o)r00Iydv- zyqta^I8NKWo+kaS0v7pHa>dg1qMWzhyKh91t=;SIF~V5`oJ?07y?#+rb~qrRL+)3N z78~e?(zXsbW#amXu+{@B7g)L&#%M+Doy%8w_<`^|Rcezq z0_z>j3z3>#{S>vha(LN`degrW>4x=nCqRxoTvT_^w-tI8(iUKnO>D+}E3ODjpxqK; zjf%I&WZ0DlJD&WdKQI2!;!LZJ!wvLCeT40x{|NG-PsV&6nFr~Wclxt~j_l!+#b>%v zfBrkrPjIG}{@7RVLZ!+rcZI13l4O4^h zqv{LCLW$Q8pqb@NgT};EZ0`eWtqS$Tyol~6(9H#%lTV}SV-BsGn!RCSe!ve{7?*zGB{laR3!mWZg(F<2g5u3 zuq*8MYN9+M8IFLS{18Qi82J}kw5?6rjVD+4i)A2;qre~^Ly<vThYt zCcnidN7=&SbP&clV302!WdW@SWAW^fod$I|UPg>TeWE{rL4J0E;gRvx{O4pQ)fsL6YyZUXXQV2ihId~m?PZyL2nmw-Y3aa=Hz=795ibA9r=ec$@^ zOo~VrD))Z^rw#^xfTJIsjT+B~&|Mqy=hLWR zOJ<4a$hNM7t}W;c{MC%fSUMr?y(ZrXbw};XU!ZRXdbBUfZZ3Ju4of>6(lqlsUw4}G zjactQdkeHUtc23)O4}(pa&PpenInXJDZRHr8?4ak9K8=0_E>OW8nx4+aWB1D(a+XA zg*>CSttnbI>KESyF3I)}?)PwE>;Xd;%Gn20lSyNC{Wti{br0LV0uR<^^0*Ix`4E@- z{mlXI35@7B?9l^x{J}Mk0|I#2OR3{f$00k(O?>EYYMUPeo7$>JxIe)K-NIcCOesO~ zY5rA-ZVjeXe+AummiZNU4M!^2&w<0nQAjt>@ccr$_mjG0uA{S0u9uv z^e-#5J>7rq{ky_FkwjAjG~_D?G$T3j!J?T`3G|G z`%|Px*Y|4dNL(hQqr58(I`aL4*+r30pZ3;(j)Pi-hYIPbzAOv+aHagx-XU(Ngn7h4 z<+ZI--&M9ojg0oUP@7U-#es4SaHRUB&n8u9+4Fm$EQC=J82EUS%L<(fP)J0Kx`X?@j5W9`Cyo&p&k`GbgMhc!0#T}N@Za51cuVaQgZyIZ?`{ReyrO?Uy)5x z{=ESj^0z}@+(aS!(FwaeuzRhJD|Q&zGL_+~pd(*8>g>CdkDS3hZmz!BPdYE+Nwn2L zOMY_PX|cVRKhAjP2L`!L`0b25b!}+%HtNGG2<(;`X!u%I|Lu)C8K5TZ*IsJUiqy6t1lWxTyWXT%KF~P6b}-wsP?0WAA$1eFYxHVFw<_bK=9dt1XBR z_%+A9B`)P_!I)+3h>;bZM}4(T)IRZPV*CIp^P@Yp zZz{4!p5r55uX%CdlW&FXAib71#lR9mj) zRKmEwhfg$U7bvu1e?$|1eOYYu+9sa))E8DALs^pI?uTee+4A3=42aw;thcDo5Ce=Q zkb~-+AXk4wHLicqC9+Rk6WM+}eOAC;*5Km$IX9c%`hH|Y{j&002E}i}WjL3yF=5J( z|4h4T0WSpoCVGE6hbNfJ7>ITv%bvr}Rw$Dbt?cRZe(0O}g-E}YH=U6#9Of#gOaEw7 z{2kTa^=avIbq~Xpk*Ci&@ITMVfVtb#+xBht{4t`aoFv0^8Q;z_=}oarl%5RWke?*g--QfED@ZWtBAq?m z@M7HhK~DRK81HEF2P?11}itMJM`kpeMgQ?7K?MIVOE*V$9>fpMu1`C`oSi$mvr* zAv61@PZt{I*+-xyKRH7GHzm?WPyA?r-DrP3$vy@20T}X>8q@v)GdSN?3DLEa1=?-sV9$ z4lK;V`dTH$4ZA+LxMY0m!3APb{XI{^l3{RyfpW$;R@9lM6zUCC-9%-z~$ZTGlcqo6z^ z-7Zqopy(E(r}B;m6{u`Czt~Fmvj!Q|C8h8^;)(AL+6(oDDle_uDK`Mj`DRDeF7j{A}tw;`WH?fbk*u zY2O&>U^OtQ9IV29jTm3*zxtEMjb=XSA<_lq_d3vVvRUD~ae#vtZ}8sxr|$hVqn$w> zQTo<9^LN3J9w$5*c5G$5_>5^jJ(Q=E9~*Jsgp2YN`C;pqk}2niedX+%pPw0xX%_eT zm-Mj3Sq`ceGGj7i(!t?@5kF6CeBZGC+~!QHq=5$J=#yQVe)GY~@(b@8oG(-kc1mMi zWT&)lmD#G2PhQe@z$QKI!2Nq%YPzV1Y4wBj&Dit1dY-=Vn}MDg4`v6%OV^#3v>Ujj zgI&1q(RskubQb+XdoFv{w^t*P{z$$booTI(bZlPG$tO45zGLU5*TrXi5&d4!b9Sic zP^Z6Hr}3zoYZ4C_=D~i@lb-%Pk%L%3ZptJluy>z|E3$JmV zf`n&~W9;6^uL9|oF2Hd*E+id60P#7D`_H(ToQelD6y%dPzSE5C!5{K@IGoV7^r7Y~@!?wiKgeE^BCazb)k1I9_^8&iw{dx^IGm^}Q^jvb=9g4*31 zz&OQ!AHz@GH-iiNntrPh8RpvzU8Dp z8cyFie@IC&7WM1y1B?92DeEbWa7rWw#P*(8@w6C+()AEH&%E8P39f6ufL>4ju?0($cKM&(1vQ#W637cGU~o?mTf zhETVJ@eCN`&kZsdVe~BR-{$j%2fT$Cl#Um`AYW}d1~)Y+4Jm$o>HFcI8I%d4e+hc> z!=~whC;wo;@2dw+8C(eVAu8wET!N(d1@fqc`EjLesOe!I(0=)R)?Wip?ltf!M!N9Q zX{$m>(SG<53>Iz)&tdl(&Lo|@ zIC{dH_3sGRRiloV&&_xf>1E%GC?e8qu3v;Ge1{a4DgmGPypDTiT;PLZ1mWam6Y9-!}kXd>@Dqh$kEA8x8Vd{gahI9=;=YffLE&qwmBzcs4zALSJ1*)pt^M&{|0v-9Z z10AY&RSVXIeZQ%lUF-t`J14rgKu7-SI69NmWZ&ya{gyr5pAX&Jpd(*&pwoTKebMh~ zt-&*j&B%w&4|L>bj-xY4rT*KHw6U!1Mm}`SKu3PgoDOe9-^Vt4ac;fEl}sYNP&sY^ zI`U!WM8^(&tdVpz$kJ!9vY*n^#~<&t#Kp~*d_RBMd9RRj`-N=@KOal>LubIS`FX0x zT7&mHxR4>rUN{spN0PkUT|LR`*vxf)`&$pTiQ6h?d}Vy459FioR+%5}w1>0}cu-!x zi+fvK)|}K#@^_*-OOmqwIkP(4^JZyLd&u)3eZ9|NL}li{hr(cnBOk7^qjrgbTbIwc zSP&K~W9g8$66~4k36fda%jqQrf)DA)gnN)GGun(?2c1E1=FN`OjFYUpD))-iD@1XKy zI(2h8MCq0_Tr+G;{pk3KOaC|Cq-R~fo>CYgSA|!mmNpzYiem}d*3Hsg{JNXl8kz)Zk}I!7)=fq9e_n&%{(u$vr{0PkOtEo8-a8=GYeMV(tv zxnepRq}rI5s-qK%?7865U-z|Wj)*(FYdEGxd`)}mMCM`A+wdp{O;H2H5k#jf_)?7jG7* zGmrEh9g)4PsaN31$|aRas=wJ;XI`=$cu6_nMfE^7?zy-+ceb-8NOQR* zS!P=|l`B>KbMOeP!Ag=-RvYgP5HbSL-P+$X5hq zV=!>3%;n)e1Q+2`C8hI`KA%}_=%Iw>6@{`<+J=FS{D(4H*Ba-?PUijDn za^Hi_lM7hA`kQYjv>zr+FVT$yU3phJlT`ZR?~^t=JbD|_O>p9;`QPxHq)ZAEnE7w7KX6w;AyCV|dJlheuX=I#!A_AdRd^nM{N<>^OGvQlxRnvn`f z7U^i=$4Q=*SIiTywIbeAKu(-Li z){5jO9nJ?m`JL4B&#hM`ooY31Td|KO8t$Q62n_PYY3O6~(2Ki&eAnuk(Ha(#V-YaO z&!!lI{AW6fjlAeNZMMOAZKR7Y)U=5Evm>(VoxT;b;1gqAe96(HbK|avhh7c#Y_9a= zrhz`Gz55y%C}cxB`f3&sycgtfzKYQA6A2o z_LowgXbqw2d(wVyS(yzFL;H(lC)%|lTIzK!8c}6pr^%^`uXXoylf2)8mi$hl56JtI z9DAwKFNvcDToRTC($@yikxxm`Da#6}D#Qeli?2xga_gQ?zijljAfC`Go8i z-#YWO=KxsJKO=fG(`qlQAP(^YvaVS|Hjc*pC>;)u)wHX5XSew=${V;QgC2f&z~3j9Uml= zgUa_VU z_z@W7i&4dZ9-MqE*0WEUQuv@(ny_!|JddY*bNv7;zJI?D_{3)~?)z~CXNcUEt@rQI z?Wc}y;Y(Qb9l`UVd_M@Bq0n1QW+p9U$&@#H)hp{6`s;T;&O%xX!YHnOA3FDWJ)|S5 ztcP*`8JCKWCD-zFr8zStHKUK@C9PZiyv#S(3g$!Q@0cqV`lzYVm=ne~I|I&^Di0rd ze9%1y)>IZGJLz^b($2=Ds7##zkCV8NhfF2%xlg&7vO!@TE7r`%h2*9u!ckb7eP>$A zxx)qVp*%YU%<-I_)jlc{TdLS;$ihdj#ReCIMKVw3WG3v>z&_(FGaY-QO8GD(ZEbhPKf}-4Yq&IR>pSRYp={;p=+k(=@ z#?M9kDb2bJg{2GNOYOjU+%GCJko|I8r)`{`IAqi(zZ9HqD*u;(p_T(aE%?k;vRsPq z*ramoi%R~lP$qm(Cdj7tqWpfs=~9>9Te=Ez1DDx6fx6oK!6M6EdJWq)=vA=p0E@G6g5zxbXpu*WNr`v67o69m^ShkRpzr96 z>>TNMpFHce>jPTTzJPtmw}ZI2aqdxV$E{kur~P_)UjW7bjLUFeK;OK}U%WW|S19yP z=iAZy$2h!KI^QnjNTmmf+fuu}LLQR+{;TWSmO=w%ZrXk$eSd9_xPeUz))D31V<&y9 zketRte;>QK*!QDy3d%d(=Dj3;oRLp$&QoAN!xfXM;Nlxi&V!O+SGE`Z*S}f8n93Lr z)e}uo&WH!yY0ULM;8NZ60{53P4}mSKA9PaerYmLEm+eITqJnuU<7_luG6Z}n9UiqY z7l|t-Qw5YuZ@VuqkAIP}@uz|@3Bw!oYP}mY4tR71rX=_<3Pq=;c>| zF)YC8AGKZo`K_6BZel@cCc7#MY_$w4z^;Wjv19qm$;A%SKHq}y$gYY5PcO#`BxhD} zi_iaMpH#JSfmp1qx`uM~8CS=$c@$+#ypU89{7BCwa4&@mZI#Sau5G2aKN#`Zu^*RW zy=ptU#|oe!KikS!lrkx=`OiM~ z-Hu^F*K>@{;ib0F2lV7a+r_W3Y?W(&Z9F}BT1lagS<076Dy^%NTA4U(M&*6=v#uKX zM5gjq1@z<>n;Ib;{NXG->*ZuiA6{toGU3UO;(hQW$D6<*pVzKBP?Xpr^UddR<5E_O zztc$v)j(ev^^Eo%p!=!*FYdQ~wYrqMg1q+hc>o@dadCBg#;{@+=a^?dmFswl$Kj#I zb-ZQ$+;)F%tJ4v7Pka05eQ)q(c-r}z>cNKWgiU^DAMN#PAWgAf4VZD_8}!da-@2sR zT1XT5(00?UtQ1|jojm>u_*D7|%fnpz4HC`^_3)_!9P*FtVjqfX{kE1J-XgY~(VAVV z3+jQMd|yMi@<6HZ>*M^EEbl|NABbe2zD5IJkY8&yrk0<->OP}~{5Z67|h> zkBVjJr+VbyCB|%jYyCM94%MG;0f&55zp4-FJzZZ;o7i#MF%cfg^)~Rx4>f&D<>Oy^ z!1A}-wSUvEpD^D^-+sU$AJb?bU5h2lbm`jeU!Q-tbOnxV5a)R_V37Z4*YZTRB+axA zEqS!du_v%$5j~Zs7N95J&@MJ3ldo+)V%JZ7-|BBf+X}Sg_t~i|%9QQi4?mqce#|ba zcRhXD;GOqzv9g0bsVzV46#e(g>Ye4XNb!NV4EtO0@9k~WsjMfRH9%#N-VfsNUcD@) zFFw)uVtn&=#rmMUZG$v*2DV#SqyUyH*;4s&cQSSkFLY3-SHgJ@INgAQ@63FBHV-@- zF{#{@+XnuN38x)!$VW7EoDa^Buq&Syb9`>F{*v0qK;V%7XJ^08Bm1t{V)2@}MXV2^ z3s&iz{W%AZ@eizXrbvpIj_RTi(5*$gjr7yb1Q)-}lkc5RYIW=08e{q}(62Y3H%Vo? zfBoLze#>4H(^J`M5Bg0)dgh0@{qrexTU3z@_O}v7I54*6gJF^eH!Nm9@>XL5KLk|1 zB7w077;b)*V?U}mcGkTO;rW!!Xwd#7poPz_XwB^NGpkVn9p&kp;B6-{V7*#`xSS`km4I2Bkd?IOO|S#ZiZ$6`#fryO!CWJ;mk_ z$xrsv3AE(bn9;iUEAH4JENNcnmrD%O-v#vKvsk5v87e#P$QSX9xx0qH(fhx~BHonm z-9StJh+S!QKf{^ZzNvh*MAsu?{geDXfI+^7RSahz!od@sp6zsWzK=oPQy%mLJ^2w< z=@sE!{R0m_RPW&8o*mj4;80q60f&49t2n}CVC7GgUSF|v={_QTP#us24D$c$^A6}cj|6rw@Nn#u-CqsclzGhu~$X5MfRM_A5YlaKcL3G1GM}B0T z>HMWq-ADda>f+TSBKsn_M}m%g#Hw^+->=ihoa!@e%ltA1`9XF%8aU+t6*)?CBij6q z?7j3{?WqAXI{a&NW*wE4v7q0g(-RqR=X2lZ2zqXwO5h(=^6Qw{WzajD-xFexK0gEo`C?V|Ai#hmz3cp2 zxK`aOM&Id_mdU^&KdZVv^?4#`(8+dXPd$Bj+8{ru-TWBz(#vc#|zo2Yo2$Av^EuGKLEU~ApQzJX9Y2u!JpK)1jL(5Veo=Kf zoKhAq#a8)#%NXyBiUxK-ax4Z0`8+kip!GpR`hQXA$lSByeaeKf1Q?f`(&8e=;5Gi& zMou-g&PR@~fI&V)RXK2T!XP<1o(gqL-BxG3aEy=7YZ}W_?8!sAjJ1PQR+j?*8(f^L zPVDr9djcCgH%fCH)pk0hjyU(YAUh)LZYVdj7WFCgMrCO^a97~6gyZWv-2n${XtpK) z*Qd8NmGJKHDws-nSXNPzu=hb82d917R326Xmw2qgeGM*Km@}8?GWD$iwSDRqBsXEK z13mfAw1p|YK2^V%mCFtB4eb8U%L3C*WoSJx$loW!aQ7FAy7SZPzkR*=Y1cgDcR_NM zLtWs7w9>xgzPS3~A{{H~_mVb&AKBPO+&AM2vN7k5c4a8UlAfJI=POEE_inY`8}%Td zV4h?TTY*LXK5bztjI$rlKjt(UJ*ryaiUrCKy~=)*?;-D+V-3s=0ybvoJg z0bmqp*IOqaue9cXzfnC#W$X}e1Z8Yb^0La7c5{r+H#!2keC%;-QjO1lKGpStP=3mT zqoB{n299;OKc`Fk7VU-fl>XzOC%>`04NzC~MGH}#0()sjDUmyHyT+#K#g#3x_3h2m}tEM+)fI_M@q}72* zj~iYR*#g<~HPDftR?sPH^ql>#zIWlrOP|}TiGAHte%$~)`Cv8lts2li^tRW+zJD6n zGGW{V2KiT21VByg?l-l|(HY~ajGgQ!Oh2tr_!}7ip>5Fpqi#98e|zQd^C!i+CYn2- zfj4WcFGYsSeo%KWeRIs#g(v?srnw6mZ_w!ePLn1`J)W;Cn-8D+pedsAQT&>o-4Hvo z`My&IeNN2P`aA>;`8H)fOSkPfR&#jm=0cH={f$+$;z|$ zfvegytc}F(pp#<{_Drc5^$CTh&pe`~_YtV8NX6tno&)&FxM)4bYrvylP0amJcnLhq z- z6H^QBZ!z2wIPZI;HH~7w~;Uc1L~R$FI!Ry|q%Gqf4Xx6d+Q zF2}V(#a8MSFR3B$-b22V={6E#Ct@!pzBcV{>6rE1>2)1jhmCSd2jjO2d{*OHqw;$T z*tGAo3CHj4|Bc_BDb449v&659R(DYUX{L&wgTLu)I6q*rde&dYM=KH%j5!lWj+E4) zd)L*)=hM1OCMW4Z{+0qg*$u4;qI3G2gO=5gE$}zm7PVhwNlWPCpm|8@dB#f{(*HPB zdTtc?xMFrf?L&VRkNzeBl( zgRsKk!r-xGx+T~9#YvW9^7xCcKeCPXpkZn1pva<)Z%U>ICw7_#zq^XF2l;FdH7_Y$ zWTz3JYpCXBq=Mm+mo&F*k}NIimhiNF>&5bf^kYVP+-=rdismpoDwxW6Ewfe{;W}M? z*pZy#_1Z%|S4?-kdrLMBGe(SQl0K*%cWX|?skA?g=|%VdrRKFsy4!hADeJMB$r@j> zYf2C4gq_Q&oE_*b#e)~K^-lO({_fX3T*XVhdPsho_r6E#%=mO{WHzhno0Xj|99~!a z?LMY0wXbGvc$6hDVu#RsK>@7rGWIT^Wup))o^LVUI9bZDFQxHQrZ^ zH%FQR!_8vsb~;9g$r2uGHQU3ZLS=n>j+92KvB4Ib3}G_CcICVniEk#Beiff0S)7)S z@GTi(4>pIGV#8w~L1c`%Q;eD}Z(wM7Y6^<6#F>yYom#hKxufQt_`PQS_CQMvdzJCk z>_Ee7*=!Q0>4?e+tsZ3}4 z)*sZmWrJ?&atGfIDLL8Q{F-)4Nl#48O>*GRCQY08`?vJ>Ytpn^Hr8i4lDZAd$;)(P z_e#iiG)YGLRoEv1ynEqF$H5rXU-dx!RD3MeA*^2L5FBI=v6?%^nj>QrJ$XtLW;F*< z2<#yMY4KFk;s92MNR*Xevn?hFwi6mq6m7D` zL?CrBVOFy#*c_~uT^1jKa$|9hLzz)%S*eT)H~R$#o0;vR3@GuoXtO!k9)-%)9)W5P z%E5ZpA{9}M%eK%Da#7~XFYC4-Ka#$z{|~m1o7OF(S6|f#RDGm^ZyK)Zu*aIJJ|tD< zK$FdEcS*B9WQNJeGH38I)5|V$Q_%mT?C9{5>|s&SQPD9rwT|%6!Yx4&(afINyOvNE=B2$C8XC>&7cI;Z9jCSvg|sl6To$O#E3AdZ z1ToqoT3ApZt80sDVP=g-F)hrZg_Y34qGK6eSuHF!n1%UhVHPdy4K2*7g*DK^kPfx( zYovu)qhe#I(pAb_V=X+yY6_(?q3FzC3pd*s|7Kd4DU8{DfEGsj1~;|+cvlOLjEXcX zm~FJMU^JY1o<(Tkk->~UQVX*Lg@<$sj8Nt6qlHIXSXh5OER=<1YhmI3F{&Mm)xyvd zQo~+qVOCST%0u#C_7Y+0q=tEDVXT8;Cjz-$_H>W4MBB_kEG=FJ@lhcma*so9N8R6v zkBn3B3%SRUV0Y`HjAGl6Tt>4|K2)id(y2cDf0awtzGV9+IeM$*G6y_!acxAoJfgKH zwnQvl2zLx{r0PRjimiD{dR%x)x_k~WrQM4Q$Kr8}2rKDE?_a|*C8edLt9em~3%8}@ zIGCP`a^X=~eG<}B24h|)Bb~*U;^LJ<+!Q`#xNzm9&U;wPU8Ewu1!Ub0L>g^DQPJq7 znd8jiihj8O(lNC;gH(MadeWE%YhQzHAu;HT#h8Owz2GUyVbNB(^QFk(rG~`@hFgM= z&Oq?ToUzP*FmTo0oXr$x4v7j6He2;3P#DEz8Uk8sduOG=7lc-K#>Lpp5z#Sdn@Im2 z5}qSt(Q9G(glCJt(zl^FOLL`fMSokBzYEEKx0b^T)89dz<-d#2-@)h?s8~hmIS}0? z^|_cFZ?Q$2VuHfdu;LVEwpydq?~&JJny4ryPYHUCGg&Prr9VP4m!z=RNV(6U=P$y7 z%|Vt3^v2bCs0_Vl@snjME7RaXjVq@-`?Kfr%5!t}TtTK)(pXW6Yt7<(dJFG1rS|rdPZ+6${H*`*P&-iq!a(T6c)<@m2|YDun?Uy6xg1MgPLwLdtZ-{(-1=8 z#K-0RPzn#i?g^wTO#V9@D_oRxTj&{`FB>}NfK#PX((3xBf$1;KJDERb!h7i^W$TXfKU%o_`B|O|5%Dw|-UTR2$$<~4OG39V7yA%lh zQ61h~E$72fR$=Dm$k+&_j!_@}zw2=M8$qqZhlA$`TqY!at5#>V*K}@=G$Xb2jYwZ( z)~Im1^6|#<&Qr?oT{KhnK#V5D!%tzDtSj$)-w(D0McZRcp^C1H-`bz6R$8<(_Kgf9`-3o~I0g*{mN#i_^=B{T(+&B+d2-?PQQ229~7 zk*E^GW06R?>^a$jD@{n0HOPz_o<7%tg3LCX9be)KT~R)F3#N;TwA-T41_zncK40nl z=y|h(Zpp3+sXCkh-Q=SUv01svM+OUx1DpB`6M;!~Rk#_}g{V45YmWvp+|(IGF2oXQ zw*{FZ!%^AWQF)uK=(|HLWOtSj3#t{xjywvaAwxp7WwXSwdK~?b0{EaUFk8b-L3%s$ zztGrYqod7M2pJw6VzKJqPw4BsGGArn#T`Q$`LZAo)q;?QX8uwf^0Ba*j~_zk1rRGG zq=1*G+(iEWe6J70u`o&Odv_A#n~baUYdCXCt80RyB0|Fh?dDEF=4cvvvMWQTTK>Dm z2S-Ilq0b=?=GsF{F=(2Yt>pWz(xzc-z=fX^o++}k6vEZHA46W$FQI6yQP88&p9@2m zEj-q2(<&Q5oL&y5fPOE^L2cS&qovs#6c%ftp-fu`d@!=Q)I(CkEfEpa(!-$T`oxok z+dA7~%n|l*6Z}$zVfYYbjmDB#e|j2tq1FzI!eCyk#U6p-UqwilKvpkK$NSWWetj_3 zZ)&oc;%xR1bee5JR$DiooC~PI-zP6s9QxWlSG`oC}Ods2~m__DUs!TG4`G3uQP~)`fAru8(=DEOm$Q zvY6uBWuY)#7Aq&qd|t?quO)6knnxYn@dP)LZ56_)(Z>YmFK`C5)zZK6il(xBEt9J{sL(x z`(fYmpF__Wmqj%iW5yVEupL9e=yjo)v+G~f`Mkhvc@c1^-7eA!`(w27gu#D#xQpcr zo-sRw&c7Xvk)6hSs2MlKVbaGGXbHFA3tZKSr-XN@I_T$5aeixN&ycvLK!T*RUm5o8XN2Mm~=5U-9HFy5t!hI&_!4(M_i){om#DUUxHR_fXto?lvuu_~xqrp#NIA?LZq~;gaoRb(XNrljS^{HH zyQ%u|Qo`k#EUF{CmFFM~HJC7YgNZCm#%T7X;6`E)AIBG)L(KT53R3h_SfN9OLCRP1 zsfZFr^P<#0LjTGViLb<11yp&bsLC%2O%59)EvAHFP6Az81d?3Eox>EPQssKhB~BZ0 zRpU!2@o2S`%8c5ql4_sjE9eyMYj9Kql~K9yvxy`wOv!`)r#?wq_Mo&>d?w2M)UUyR zDX!@l>)WW=d#8wS$~`JMc9xCI_W3wD+tl`i4@VzE)|^7)CGl~ZT4g$K=eQWw?=9pM z9&KSZP}nIvDu%iNq)%qs%M^VQLn`fh*@u$(Kvv$DtLgs^=?~G;9}$bf78MbV;SsIf zr!X3z!NhiKOe7|Qw6-4gF5+m$SLqW_Sz~>YmB2@51`TR#G!380g)LSsY=Q_T*DBCa z-{dUHTAU_VNVIDi_mB`~3dFn=YuE7{XvVyz@(hm((HPzgVdGcc^lY_+hG9N{+WkVR z9j*btknql!Ls04#Is0TwbPd((gSD!RzmJfl4>cJBQ4_+|VUh#$maIOYurN5nq#(s6 zJS7T~PxMG)c?*vd2*ZYww3O^@ys6X&6c(79gSEtdL8&Q;{Scwm2YQ@87uO!?V&4Sc zLPm^KV6quCcnrR*)P5EQd{MIH1R6%OyjZWM^El>%2Wa(PL`Ympk|RSN3{S=SPJ3*6 zzx0fO=`0`I;^jGDwA?8J)V2+6u`5PMiX$~ifpjDca3saTZ(vqPN)}FsQ}l*5xgeVG zjDgNHXqSaF$}zVx3t87_lk<5`hLzt#o9y~tM9LtCDmPRSmF1S!qV6=|SQM<}F~-?m zj&Q@o_U}YTa6FA{D&ywGR9oGM{II*ejulA`B|n8xEH5{Kc02YudE*ERcf)c8v zCnhT)J)6$ebk0i;_jtdinjO2*`n6W$wEWd^{TZE>k6fI;N~h(Q9@nbrJBnRtd8Ehr zH*czp&uaOi$7NeXarz%>BTfH$oIjJZn0xwgCa~SFX;Xz~adCVzEb5W#@YmeqA+J3< zFHMOr;U4eb)W4}cF$4SG)HIhAzaz_DN)X4^6O|UkHEpfTWt4G`3kz4rAj`VP`8CB_ z_f%D$a_;eBd)4*nWUo{QRZ#793umwL>%CDvVP*0hmRtoflXZ>N>)NfV-By6z-gB*k zqO(%c60&e;gn`}a@%VCZWT9S>^@?^&v3or}ForBmtzR|!<>Q;TYHG)_n!Ieq<}^DN zz7wde0n%(*f6s=QDzjfJ7_Z7tvu&4mWCK^<(QI6Q#~c{j%->I47pB>{9xwB;2Pw9w z*}5Jd7(>>m=DTL=dVHtOU0m#3j|&d6*rS`Nw3?mk@#v-7WL<0at;dP&Nso83Cu*zF z6_Do*w{!NSz3yE1X~C@C+o9UeTd1tbS-PFh(;vfkf1@D#;A^UZYNO4)pwLa#ri#bd%?fcvZ;xP+%Nwz5FIs)z{vOvyQ6iaLYqsf5 z6PA&cG8h{VafEoDJt!j^s}x-7Qg<4hE0#lpB^-rI`O25Zl$z2f-I1ic6P=onjCWo8)w$)VE6Z!N($1wxbAbu<4o$_U20Qd z0&*SrBWF`?WX@*g7R~C!pH#c*0?^`|T}5VKO-e$lH6gu^-m6#bpLFRIADNMrmXNBo zr%rM4_&`we%8d@KXbW}iG1a3^bbc-E{>@s*m{b=y#Winj_iw7KT_8Jkio^0;KmS%T z9odFcoUC!R-cZZ1Q#_|>`krQe?R|=#`BydV@_|gJ`&FIxg-+S}OpG?sCy6|8NF5Ly zFd^FqJfgAi$P8?QQKA$XF>c1R2y5T=jvgU~%E`rE|@ryrRxyrXr6}=M{?AMfDqP(KMmiV1k{!KHL{3)*H&k@QWdOaaMDIts3sb+41IOGn> zCC#_~40`&mD_jEmc}i*Db!PTauC~u+b5>SHmRcrJ?#yf$ULJW<%Q*CJj?738NkBEv zzfa+zj&w&>N@AR!DLpY6NQ9e&a2tKtXQVTBvK}3JcuYoS2Aoag(QYw0uD4qpy6<#g zHVu)ea`e&PLE5vZsgY@u_3-F~TpB4+%1nwLZp+EQ$btHPUp-tMa8cgxr-z#{UZe3% z)x)jW!xWTE6`_iirpMV5vvPacsMU37p3-Fb()D+O5;7BdrKDnR0jcA0GW2&e-Q*7BgWZzq8sgXUh8s+$G zVLVHR(x&I&9Sb~r3`j}J#ng)0r!Z*CFJ02H+j#xHfG}MCLzG57#Nwd>@3k z=nRZ?`8AE0oBky?C|@PqpM4hJ`$cu0TWDf}?P zVPguEnwBF7i_J_z@knwC|5?XYi=e{usE+LveoT8`Ey}76k8AHcho3+=R2|jZ$>J3r zCs~{-5!uZz2#ater6ec?RkpoT8aBC}Qu6p$Jq(j?@?e^r$EUS$=ZqrkGZZK12VYGn zviycPH#u#NJ~Us+?BuLQkL=GvBM&3aMps#@DO6pY)85nh(DbJxo2o>G-|yNxIBX*U z`I5j)N{Ro2;)w>wEoCV}vwBC(MnwuUbBCOYU>?YvRBlI3~_;ilZAlnk}v zh)ke!rj!PW@B&=o<1$in^*0om-*tIMkxFs!%JkaC_b?)P2doi(Y*-OlA5%#5g&FqEV6F}b{>d8ecz9EBug>E9sq zF6mgaY!xFA;b^FHa|olWgYpe9Xu6dD#By3af9!n;SWjK|X!EGi*hGnF)Fhhc zi6+evX)c;HQBmfhln9wABq)?RDRYfo#hwe}wyDi$e9lbwUA=O1)**2Gxkz;qBydM+KD4kyM_?FAcRs3q*L zL6m~qp9|9<_sRam&XVwn73mwmN{lK$O*^DtJRuEIZUqOxA-v(m#5n|_3$iG9)tM;& zTqe#2uKFC~Vi6Lx!8|6;BHA}J0vCsj>&?VdQ#^_{pBYZ%MXgS-v8E?Ysy>&1)+`}5 zkfZ?K{TJ)6ET_FCamb}6iNS-N$t(W99Fm%3`2O3M{+y~FA zfv_uxA?v*saKnr#a=E9*Pbtul<#P=QM3Na;mRXf2%PKkr?Ptk@I?^PH0C~qU>Ks~! z&Y?c`;PuUi`h>;?`Gg07;U$dW7$0@`2mjO1M87nsv*~|K&pNL@pw6o^L8zZf%M)BI zU93n=BVsJD5ikfX+-*T;dX5_?kbvGk7|ehwi=C}KC=-%nVK_RZPl|LDC_)660EcN#}+X*vw5q@7V%O7HR!LK_(4|Gs(6lxg53S2qxa# z&J^_EELg*ZERPVA2HUZ)h={TXGiiuoV8a#`A<9pLNk_C78YEz2$?&Tn%A|oJ52hf? zB*vs6(s6S_Mzzeo5ogknXxzg@nMX45kPjmT0zZn0CydU`9qp(#!hJfLNdwYiN7TU7 z{4s`!bGLLR>^ALhv`NB1lu68c#Az zI$O$!lf@oHn~!JGkRuxnc4FL5VB)|En=S^GzAO_D{pIOJn%|-xLA)oSP(u)#ES zu!b9WvTY|a@#c<>vu%;@8c+kH(w85Mw}*ucFHp$D(h`)@Eimn*!L(#rU>Acdae#`b z>*V2RkZM0|;7XQD;cw~4O5i-F{4JfcCDZP5>fh2qqk+-|PEYY~>Fg{`T}ayjrN5;? zv!%5&c-bJ@UYSWpuGPpa)(YpPG6=8b%Ko(ze$&}7mQOblA- zpjd6|U~lVUPZ&rO{Gr99b3zv4E}+iJ8Zf91+DsbCG6LBLvZzQNn$Dziaj|pr^nq;= z7}=U56IGH%XAlkHC<=D2u)za0-=XQv7)0w}Yh?v{z`t2PW-@7Yw2>zvU^K!gjcAWS zcvyn){!5n`4_(HA>naN$bs~=5usG7*TYp%bCK1nISezDtGaMF2>WUc+izDw~jfchQ z5NVnWizDw~O^3yiceiH4;&h2L&4b2VR4{#Ld~bMhR17Q{OsZJwBCZ<@OUj8-+p+!_ON)wcgO|<`Ne|qfc)S%QhVYi z*w2D`IBU~M?t=#fp}p@vq<-7rqg|omQQu+umC=_ZBeTw$}uOSZF`{zk8 zZ9vRzK`|X2{)l5Anzz888H7<5z801a$f6a6gRdqCcd$fmw_wXeO!bzYFp0a6YbGaw zCk$JL#e=^l6dz_lWVjA?H{fmnrOQo(la9Q|tr&H@r8m_u)e%M@WIj9uy`?AG0oYl= z@{W9eQJYjBqNo$(w7{-KEaz{KTjY3AsN!}*7XBa1{> zuZTi`NeeoY;k)l<)DNT#!PXqaw#2g#VPStt82-Sr`sFR8f%r%s4zDL^y=J%QP&5@o zzM$`5YUTn)+GzLTY)iBm8`~f}oCkqNpx?oX7J+9Uj7M?vgdB+AP>INS*iJB0Q)io-V)NBJ$_ z|1;bNEIvWlVhJw3$aPa-Fb#>K<~YH@IM}ta>OW#I&IQhHz_x^SKhZuygYkrf!q&mc z5x0TxFnA(1mG=-l)qlhSOQbI{I6h$)OBlpZ@rU3EReP%YiTI*}oZ- z_9jEriR5V_+`@sHb2x}H6JdmdFjQWWcX1fG){{I-hFLfawx4PHv)r14q=UHJnyhlS zQ{}FNa+}d}KXMTWuls<%KgtHVkqRa10du@B$i3sj8RW=@726$kLfT$ldU~!Q zaS@AS^z=xhLU61>*mQwe`V6XcggGHI+=Pr`;^hS;1$h|xrmuybx39OCmnw;5`~r8w z-c%rXc2f2K*^PDO;|cm`X z+Guw}nSDUA;)3QP{BJ+ngonfB=W|Ty)Q{}{RDguw3VcLRMU;0!^_6L?%5j4Qco?e7TB*6u!3|L0R zz|)+7@K`oQ;Gxqjonb!>E+(;$94wzA@I%Unk3w5G;*d|eUnBP9@Ps|F z4t$0&LvO%QByy+?3PSS}npeI6E!z7`0)v}J)LjbbmV*0U$iWm0x8bV8&UP*>rvlwl z0%wIB3|QFFvQ*F^CBnh%7`8~TV?v{fYG3ezP2i}eCk=xs95;o7Dh~?hp~6kUTLt!k z#!H0}d<{(pHl+@h4F3{f=S}28i2evXg{AW1r|^h1z`ZN@14e};`&WR%K?sRr@Q)yc zL+5>5rx8>baqy=6iwWT{v{|8K>B2Y+x(vq!+j6p;$TygF_O`S9qP^#p#$jAR&^iHABYBN8w=k0G|kh?*#cN956L`Q9<)1SuY5u zZbjf?5}c0V{k7oGcrY=7e+A;ii|RdsnJ1Ald4>~W#UnZmmtU9>4o5bk?L?Sq*uYs2 zJou6h7s<3lS#ij+6Q=+-(o;9(-~sVI;zLjaC;0Fe#S293z&FkyK4b)9e(0z8VJ7ec z%U27jhGH58#w(-_0#ROeHoH*2Xy51rCIa$Dw&j=?2OvG*cm~BF{{ch7p%f4w&6jX- z$fgc+W}m1fOH^#j2@IZGZ5FGlgif@^8H5V z>l_<~9@|5)|Je5p!ugx}#ejBKEWI!0U}NAdqQOLfrXc1c&Oh+@ML4q0xtMt8NYK(D zbV7n-8Xb)#s@C<_Ha$>L&v)G^@ z+;%)bs|@?cm9Tk!K>Paymy(2&9&#^2j5@SbLO-E#1N}$g(J>4;asc5M zdXz%Z$+-r{C2%fC0*rCsLx4)xgSdJH$p<=n5)(1rr*X4rKrCVo_x#`k+1}Ivc6)?t z0h9+1O=AXkSnjrt&g34Emkx(LH{mMZem2^AyE?+|lIjOOnud75z#eY3&=ozBcca}C zQ3rmS2G8lpXCc}50yGX6o-_;rSrmCMN97|((-96%(B%!D5{Z?UoS$%e&}pHa7v9AY zWf7v&fjdmN-e5EZ(O1GW9#?d5T|{WSjjO8@y>A2FA%z@B{Dzte_q`}hPe`rMZq(J0 z+OncDi_v)Sr3KDOLGq5u46D95t>Yn1(^!MENVKbfg`3z^5*!Q5Gg^RHcPJxidRJ33 zGmwaxIXilwYip`4N6~oVf`Vw5(R3K@YpQvHPr<#P8{7^PbYuRYLryu(y4Ur}?m`aoS^Jz} zka(`(hxlkeyaL{sSL>8$jKh(t0YXsoDIE^i za$cap!~yVoh}ax=K|VIXe1+7J#fB&%2Vyl%c6nJ zyt$hl%w)J+ptpq6rnLa@IN)dDSZO0pr^+S3!dt)uN$a2pvckd1kf}Y&j2!E9Ucg*% znMcGR=UX9G9Mo>$U5#i|;++6ts&55R-{K^w-ozm8zY#!#e7_t7-;peT(=K2w?}?md zq7DPkdFIZxe9s`CmGt^-Z{-2% ziKMok#99S& zKe1R5`~>nyI!UCh01Qv{Ck`j>H0V2AkV~@Y$pJ#pgKUxthxr6OXF}b#v~c2ZX4$~Y zJhew?rSXLL8I_tyPjm{7M}{N6^lHFM_|9T9v<*yA6cO1?EEsx)+G~yhIy4upnh5^y zXr7{?!L18@1f%yX44lnuJM8x#WVB@cP#l}t=5D~-s61HSIS%qcOBCuIAffn%6@YnM zf-28LC=ctt4K0tP77f~lfpP#mQiD{j$hKf7WNJ*jg{2cn4q*ACWe23pj!8q#?1puO8%sE3G|PPhAJ>E z6DfL-k^D&yL6r7B@%8~8Hy|hZlXh05AJK>uFN56VPa5KpbQBKtrb>&}6_BU=NoyJw z#yG?|fy%#ca3GFFt~sK^#ed|5Q*{Fw%%ADI_yz?!Mg>Ly3beEx!MO*h znuqyqdiLaw3e_URi;rHdQz9OHPEt zt`|1eCsA`J$wY(G^IQ9l<9Lbw}R2X{H1kKghr+^&P z3DycU)uOcN#RCVRx%wYk(<6OJJM_lLE*5nf;K+c<}h~-!dW<*GJNk1#t~2Ck!n&zf5ALCC@yF|(>e$+ zHx9x%TOv=v^qe>d2W;nPMfbtrcyNfP{df$d491b(6iFEqUgsx6dkv-{yg!qDHVgvw z-9M!J9u*xKMfM)>B9dDvKv|~1-${57AOi0tRt`8?A-N*j7lRW-G?%imp&$_5B9SIN zK8P^VQ!CXr90VOH{Wb&F`4{K|$bb2DZgv;OG!d z7GSwf?5T%A{DW;06A}hjmr~IDLl#dNh!plLuK0JV%gW%yNM449b_-qoR2O+heFgJz?HJNrDL6ot`&v0BUE% zCu%^4#`zRr1)5LTtdO9?9Xizw*B9htD9j1mTn`EdxflwEb21Jl%L>+qgs=p;aYb+W zpn8HV4299tCMqxH6Lqq@h+xn>hXZhVHK_8=fbz0@q{Aa2NMVT7v!>^1c+&^Mkst$# zK(#*y5e7{{>A`RkFkK{KpN!wo&?3tOi3}%X zCIY;SLfns_c0h0N4Z>+@f*vTcw*l)7YCS@4?G2)_wFB!UGiUIMOpIIf*4`jINEIC& ztkM0Xi>)@^#bb| zAJ97nGbcoc?!#TsZ79LN@U9-wp(raGvq@w5^8HUE~0(W{)g1wqS7YALG*+k zZ6PtR_VJDe)ktCwr~_jNymcVwurcP5(KZ3m;ENr3kFf}ZV-##FNpb(bpkR&18E8Dh z#Z!V4>kbpNhQOMKc!&o?oKPF8TyS2+;pl~4qMqp9ii0YbE;$DvVK};lH;4Osq9ic4 zGQwDS>j6EINAX&-vE|bHCZt0%Q(eNaN#2Q|=VH;@f=_N+b6Zy!=Wv-p%~9MeJlZu7>m3ip>&8%4;A@;P&FDA)YDMfB zOn?sU8T4V}%c>Jt__@GUJ!k}g<^xei(7i@sNY5EmOU&WbKypn2eLNIShEe(~Bo7ne zpkxfQ@E||jjBv^yH=+mMT|_!Iwssc8QiTN1Fs{-56W7U%tP|X$xe?cDWa4zyhJ>^F z%^c#PajZOxjjdpqaqIz7tq5O`&<2oo1&JNae_)dxoj@FpH3rd;x_KmTL41qQ7%~A= z7bcDspC%#Nlhnnd<3PuhygK=qcBj{gT)i= zf6HyVbY?e5CucUK1!J7JVTfh<0Us2E^8Ke|3jPe4f*s^-4}aG{IfV-yz!V*Ycd%GwHL?V{U^RJI~kG1yUo=PWa57^=Js9Jy_$(0FVx@Gh3F#G!@m z-@!NwN>7kzS&9bszJ#I|kvB2KfXS&gfinaPN8LOjl`OY#W+JHS9;5z)&CD+srl7tkU;3y1kbn2mEZCp7*{9VNWm& zp4gfY{mJtO-WeY7BJ<@P7Dpsb#O3<~59QJ#;|`AlQLU>FW8XJS*|b0jgW6*V{EK9p$z{HZ`SvHuHMxK;Cyj`ayAEh2oP zB11vjKiVfIBs3@%+ARXsDG-kl>(oMsYY-O^0dB+sRKbKGT=ieXH6jPYe@+jzhw-KJ zU$B|*^70|ACn$SBUnrj+{Oy4HvF<0~0FU%nU{yp5G6>l5oaBmBC0W7rTmKym))o+V&TTwrtp zTo=I|5ZuB*i;!~PKqyxb{JBG$B-8s=P_gjA#{s%MAPhuKFm;maETVyiAcJrlKp3ch zxVXZ+NXA2Q2PYp8#KWZOOa$XO1chT-MAvP`faMd8T%5hxpi<~PiE7_S6n;-JR&Vn~yqWF2g2 z5b-R^Hw2R_gyREdQ^adNRC}?p4Z-_HB;fU#eJCy{ z1g_i3a&rvD1;o%e@Ekli&(LT;-1_y<)#$gQ5qdVpxdFD8DnvEXd!}@n{7YZ=U322uWhEyjxZ(x?G7M+G`8a*-=*-k847}YQ>B4Yr2z2TBf3wV z9eqHg56dR$>jsXu=%xqnuh`j!!Mk9`F8GaJ@*W)Y&;Lw|P&uU^^QGr*&^7;)78y|> z_i9iYrrj^!aJ0A#gCdZ=z3_cgBGh}BTo_&OcUY1a{)zDc10y=tJ310nfFh$A`gBQ9 zw&m~#EXKBg?hA7#;=NnauLymg#l}X3gSZ~#)Am@$0PZj;dRVBf!GMFBW9e`kM=)+8 zbsq6pNQOMgSma)g{LSM16u_gkfFqdX7g;#RBYr`=GYoe3B(;G74eqp4k%xDKK28|n|jw2br9T>kaG2(83I}4nb3FEgAgXTJ;j#7+p z2?o6e<98Gzuc?eST*&y%%b;&#)aw)Dw;Lm09!9>sj5hqh_|2qoWyC$h_&tWvR%;n$ zC}8{^$)Fj_NdLAptF5Ln!q-r980x!Sj5_8p@=av)^$|v0W;60d=XKl{wu~~=Fw)^* z@Zkc+ZxKem#~J)1%}C#hk#7&9JkJ?*F<|8D$Hk!mE~BlK8R52! za_(jP&SU&mVw7PuBQJi&?@x?0xf%2+jNd#|9Vh;qvnyI>qyOgI=WQSA9~~JJ85Aq) z9vTBqzGYovk?U@6cwbG^+Y+70qrk&^ptrlZw`*i%Sd6#53;fj3R?~w2G<3DJy!}EW zylo<5Vm)W-crSxL|1h<{Wq~lK>;0Q@c{BVFu+G%}pp}RACI7~ULA<|)wz^tWfFD~= z7e%Y;s3EKB7z2NyvZ~fDsXu zp6;XieYk4KP6bv}^aickfXJmWva>^DW4txgadh~prmm)`siUc(rtTdFf~aBJ;=hzg z`2Thir2OnZNCtR7oQ-P?Y?s-(VJ`#*BW$1G?+UcXXZZf>+7i3H{~(ipoeGT7|5`%G zCd$*rVz#%o+Dy6|;!vZx!ssGo+>&gZW4PHmp#~q|uM7S@!rvG8`_yx%IDM(4O0-_$ zCpS-zF6%WfjeU1<9iP_tap}eSvb&FW%e8(wc*f8msc?zInsZJ`BQXB&U|$vXu!ypU zMR%f0#S<#(R$zMkEmqd$aY)}ky*;(kvUfzwyakP^@A&-^*)d)z@_Kl+zJheaSE&Gn z8G+fYtMfb)%R1itEHx1LQq;2Vn|Oz8$qZ>baOX z@7!4xrcM~&taRYlqP(3!Bj=oM9qA-G28Uz#$P+sOH6i24CLhM1xv1KsgYhOQVq1@A zWzWa3x5dK~3zC+L;daI0_>0T^>Acc9#lvmSa5(;E#rDrg-8e>gq)j&iN+N zZT4{bK*lwTFfXe$#XTy!ek}S_>3-t#>Ef{-o(?*V>51ptC(B}ZMDOVdZN7USHl8Zi zYBuAW_$1UwFv9zrLfHMs%OXP)ldm41iDqD6gJe_w-4>kh&wS5X!%(9KxL?17 zd^NV(yCxRH`&`UVIED=HWBPm7H|f2exwr|#HS2CQ^RB$od`D*2MIElab8tBRHkb&j z+8F6f#PE}nxse0>v)X^S2gFRBDK>p))u94~rpl<^$s!>IcT1~Jco~f27r(Kua>>5w z83*kh@%IjIk7JF@1q0lEOMdKH**Zlr4EMtr)zh=aA6vfX>Xmynhfc1s&se^2?Ju^3 z3Aq16V~eD}KVMRaVcbv0*!ic1>h_5Yg#-J2=atFHF2i39_Q2ay!ox;h-MR0mV^7x) z3^)4MP2wF-ht0$}_tzW|z`_ zfASZPwu=7f8LC`eJT|2lFkh5qY$$vwx%3q-w?~I~*fcjjK@3|xxuril!VL|L&@&Z2RJOudd*Jm8daE9JOgj35M}k`J2?m*X&hU z7`}e9-rsYxrU!=cH$|*2vd1(kbzVH@CBIuX>T2uq6dt^i7rTG$LU5^K-Y-mtzqhMX zdX7b?Ru08y>%8cDn=&N~)7?saue0iGd?kjrYUPF8OpT_;KMr^Mq_70 z6;?kVWnwS5?*!j=_T{HGVEnO`Iy2ky>nT4gHrhE~xKzC|PcVO~nw10YSDb#oUP_7J z%9)NBUiHM(dFEyg%a0B@Ay+XnL7v_B$WL_^Wtv>_M(Moue^~zy9L~i7;@ zwms1pz9n>F#CE>*TQU5spupSW#*r6aOt&7>?y!)+;X~Jrw@;tnGG6?l_wVr6xkv4m zur(bOR#P4Nt23n&)8TLoc7Ax!%_ZrXnXJ)81SFFVCjJII34`O{h;H0%r@k_v@j0m znsHq3^BSdDL&I-gT)DB}>vDP@aVzn?#5g%g8a4}5IV60v^?RcE^)!#|Ul!o>MhEpQ z7@eK>4#T~Zi!&ngPu}D2zx$aZJ@pKRry;0vndHcYxLkP>|DVSHf0gc9)%Uz(zjXrE z<&Tn`GrwW2NLcCet=@WB5fjaPmsrgiC7$gty2`t1$B2rWh8wmKzmh!H6!BNJNs$3#@_vZwSE47y~y*#|8zU7vy)n%psjnpW=;IjX(!6&Vp#6eQkR|e zT@gyxR;m=1nU2Hr)v399zFaHQ_pVuKC6*sB$+7qRyZcwJa83EUa-Pxe^LgNCd~E1? z_;>XGKm32D-|;$%+jl5Dbp66~_$%>5OL0$x`)i&RB5chjawpp6@Af<)pu1DmL%cH5 zI9c9xf@*(HM8xLw(PKlucih^w-*~n8_M7u|8K#7lwRMTs?>bVy?7Q?^sj1~|&6>{h z*BWi?c%GW8EHTGmVc6kcaW?stt@j^|xwgXo_S1^o?Y&-O#T;q?N( z;nAFup>bl8GmovP^c)*56YylS>lXbd&dbuhGd-+?z(iZ>JqY-HA*{Wb59ztHh#bTNb5I~3GdeN zIi1z3=@d0kZ=2?rWmGu+fVS(%;?3hy>s+}vtUj^4zV*xwGvjgk?`oEprks5LCUs?y zn0s%*m=Wyj05gS(DCl(ew#EHvJ_>~lkxkKo?=GyDR^{#V!Rn8B^u6_pa% z%Kk3JEfw=eoBzt?-IadXt122Zw_eaPlCt?YE25*fyi0QYs!ij!jt`ie(D&;s-^sgc z$Hn<6n-wiFh^pW-o~DtV?tXBb_tW>P+`QQR;uqdE*BkkY$;?nYUpVT%8PA>)wtKsmoH7hg z_j8<}Yp!}Gq3QfK&+|g-)AvCYjW(R;;V|Qn_gEM{-v<)UhD4`@f}Kn zJku39_N=M-m8eiPHTS{viMw|m$v^OObkf-LvwBPJrMYQjj2n|49g&%Ne{BxaRzQA|Tlc9}!w$6L!MT2q(K?Trd+Krh{!f477y6&SmaeFP^9@rxk|!Z#9);nd-+i%VKTk&) zY_poxr?=uH$JnD~pG+Q3UyxvS!tU^Itpbjr^#2aNlQ(Hh>f)C3@ex=12J)O`Gq+vp zwm)wh-lKnmeH7>Dip2(rtH*4ulyK7;H^MGN^YZeAqcfts1G5&SpDXuh;I;m_y~thl zT!jsP+uKDO>o4XfY?y^sxcYV@|QPsjNjCD zrR*^OmcM?db~=wgb=b7O>=YXgPmMWul>dZ>4Tf>M;&R~c46A$F@2P!H$FRx1H$4uG zUzZ0|pNy^c@J`0z)%s~Emz5G)rfEnoHA~Y_IgxbgrMDKZ0#3K}t&XMeHS;`szb)2R zjm8z%-#z_w-P!u3F6|@k2Gz~<&9QjWbgt)d(hc8Fk5!@`_s_fb$U0azke4&Kd5u)l zUB?I8LY(;7J*u?h3{-Aq&1#&asUq2_kr099ZJM7?zWPua^h~-e?)445bDc?6o2+KY zoJ*+v+18qI%JIXlXwHHF8|gU{!!3<(a3^PAd7PwX{F3&g9zSxHb{xJl?T|O#mnF37 zHqLq2e%C?Syy$27ZKu#3Vbf~n{xcObVeCEpX2c7n#*Ylsav(J626<m%!mkEF0Ewu#W@S#|Fz;m_{eLPrL}^J7o0D5&Eb(bJ%a0L zww&iWwXZ#v-(puc$ZgoRQb$CX^V#f==G`&fOFdL=CRkv2;g|%8pN}3WU|3T*r_0Ua zZ1fQs1*I-Mt@|+=uRYRC+3$|rs}Tc#-UR$Tk=Os~VWFy^U4 z=hRIemfs(4$FOvAUcptJg_ea%?w@gJ}K zHlJI0^od*4uHDbOO)-C!e!nHVMK!~0b$jjCj)JDGmWhY@`y232@UD3X%@5vL3@+A}cjHHaycJwWJRk=5A*Rs{83J>aYsvgsL6vW=3)bje( z-mN!VS|_@>7#2TLJF(#9RZh8huA^siW)xV4*O)Dye(l^Qo%*!9LXH`=KR=${VK19? zwRLly$eA-QT6E>4Kg)}irrLjZu2`&|eNEZA_xQx4B@y4pTP)RW07hV*Y>=7Xo%1C^)-W@eS9vn6KNG{R=N(sV`>W6Aq+8=&_Tx3(`=brpoF~Uuj(zMEzu3?3u|&xgd(2Ns-z?W1 zd-qgkk<0wRQyN=FJ~$V-b%mOr6vjWFv?)PX|Iv|eA*cPnzEHOFZ5^50@8%-)E##M+ z)Jwga3#KXu%YT+E&6cicbhKQh6`?=={+k0KwUb6{Hyb&#piCsCrf|21krz&{h%0U1 z!Z}6PEVQGakLY~Ew{hd?B2~Af4va5e;{Ck#ZtZalUoYNr)I@SuIfj4M&N(e{Mlub< zLE}BRU31FKFzhMVaq!Js-7grvq$<&SpCjiyhTnfRjQRZRjL6uln>SsXW|vvFaqRw0 z8Ci=q+!>$xm#|{t_YHsD8nv(X$J)ri1^N-D5#O(L-6}Jm9CGizO!PSMJ$H6L(){{7 z{ea6=m$GP;bDSwQjn`}5KYJf+D==Y1ws%p&+zVHJoL|v4!7F3cNrmWhUZ!HY+LIbC zB%6M3Tz2b*?2gq&-<3x!G#|A=YV^dWshMvM9ItNueWPyL#fSCx91B*KsZ0}X=jdvQ z(Y)ZNExhML+@aHZcGhO5`YktWh~H4WYuk^zNiT1_y0nZtiS6kGo7ZM{`pr{##|1^m z%YXCwbthPyV^@jtSyzE9gn6dy*f8JBe|2S+j-1@ZoxByVbl1;(ach%#ZEoRicCC6@&1$oeI$!d5s=YXl z@4WqXLfq7#O3_Kuze9Ont~uzpe~m@v&zOwyw;FUc+oxs6?Qbfv-^#JKVUo?EoVA^n zA*ps{x+B?-jQ*xASnPXjq3NU!*$~AK?nw>Yp(DAnwBii2l)K-KDF~~3b1+HZVsUHs zy5@-a*4u-|FFkwPHss>3r&k8=3b-mK%oDIlE7CNn zJi4sXysCZAjs;iWTg1FC$SpCcFRM@1erexQ?YqIHv|B6c%gc&D;bPr3;ebflwdU`a z$@djJm3?mPm+Caz=#xj2VVlkM39h?;IawdRmX$8jzH;8@4;egfv&TI?(^oh4oarqI z<^0$ug$@(z0>76|GjJDK=Ni>^n0r2NPS);+i*Keq4lCl^F!%M7UY!Gn*NX&pKXjM< z?puD9`{vVG-$L}Bhdj!&3$q-zNZ5VM`y(IQs)|*(4R;nsDo$D-@y4EWLCL(uN1WeY zOXy6xaL9A#!14~WC3|FNur+Jn;23XecCvqGM~6kAOcbZ}!F7C}X6!PeX z=kByEZvEPscG11M`A+m$iAic&Dq9w*7(1={xgh-6%R}L}-xiki1hc&q+V8dj;}xdp zjBD7P@xJsXIV%VdmC!^^uDYw3a#i&Y3iRZcfnc z=N$8{ZM8A~S{mcWxvIIuCNuBO{_HB{jeWj5eB_;W$#LE72%O|@c4JjRZoAigwoz{* zXT5B)Pdi%a^y`PIQsU*{t&w7(k4=|Z$ZfS~zL~0LsCM#4#ppwv;|G3gKh+FN#PCXY zj=C`m<)l>RNY*b3xH#4G<|@^T`!7$G(`)=;(4?97BTjKjKyh^rhFAaae4izyYB5Q4 z$=E6HJ}>ZBZT>l(dwmjywNGt5QRXtTVDh-47Tf4kqoaLuBRb{eS}LruQys zNGOfnb6vIYXY!V3Gxv&1EraU(`J1Mkl|rN(Ksaji4P z`?CVu%2D^uh-`F=9xsskGs9>59NX3lW3#dvybE3}8s%Q6Ikhb6f^4VBq}T`VtqycA z|7!8@m8(^=&GRptmnJ;A!NDmhlbN4;E!1gJkNv*cesgE{Jay?(I#G4%?D2bjUpJk` zu!+0$lJT6f0~lWOF0p)+iuoK2iv`@ZD(we1C{%pE+xOd!ygIIqVGV`F1BvtEtuXxL z-HY|sbr)JNY|nG*s>%b0J`68UbrQNIWOoq59{s*&qcS$xV|f3XU8bT5mYo>ZXLH!r zbT4TmhC>C~F6K{Jn~Pzs%U4~tdtQja@ZPFiKc1_vgfKj9Yv_{eKU$qItSamEt?R8oFnpEw`Hk~xRbMgu zGtwkH^P%4o3=bR+5#DSlI1$5o7v-8_S6}>zVas{P9%`Pybri#Yd8g{7Z#V72aC&@= zp^10)C=8!0pLyZ#;ZYJ8zP2MU*eX*>AH(%qdeSfcl`V>4yN%z!*Xtj$!SGV8*jLwP zUDd#_yVThq@3?~-F}#%X$8OQ<7e-=O=|Q2M(q(7fC zXB=*P`G(|bKta(i zgUJ|nx$`ww?<2b~hIvGDUfVqCo{eG4kMrB6rrVsu@Zrqazu3j5?8ERGSIZmh*L3Lo zpB9gs*gsPx1mpL=wK!(wc4GsEPe1%_8fCFE6vMh(_XsyGiGG9OwWk;T<_eok^XL3r zu_aM@yJ-GX`0%RHG|#FQ(+e$$ydE=dg)@c^|6CWw7S$bz;dK&i@y8$cZ^H2JJ1?Y? z4;s$G@M;@|&e_s#bKF`Q z!1{_ER+y?_{07yRclU?&M&xS!CJESl*?*VpLPdCsi?>h%1g({@g=wZK3(I%W`Cn5_6iyPn?uX;g zRP|miHp-fAkBC~fW9x#v>G|j6^u&<`XOcc)dRtq;P3iF_G`}1UuzaY}zta@s`v)vU zat~dhVVBGbi{IW7e__0)jztLXp2yQLoHg!{b#vC)Tnx+c${2qX;@XeldCL}$>sYnJ z6T^u{g71}{Ev471X~jj)*0vL7Yy0?#A+N)?>OiEg$f;;1TdVua?7o5zOy?q{9Z-X zvbq0A4~C8Pc7!&b7j?xjw-NjOgUZ>-7%mgpu%#+mkRD$O<<;GOJofbb#i9BtzGU%J zI{wP`bp9hXX?!?-#pzY)a)Iit7*^Pq-yXU2#%&Cj$EZ5TiH+HT;qN<+=iHR&alKMEj?g# zbml@D<|&`pduz2j^~HcCo2+ zez{sQMp;eE==z5FOnP4)STzaLpNl-(=fG}KfMNebN|zKI3=J@>d%~_?so5+R!*kv} zn$T#%AAn(*Uv1_#(iJrSTsMsUwv?xfUf%>m_%3&M2nAyLknbX!f4|hC=ZoF)%VO7b zX82(I*t>g-AI-W&^Q&k0o#;%vm_r!<%aA+kPl?0LxjlNU0*0Sx8h@-3{i=iEWg&t3s^+H}Fg)9e$8pyt z?~52NzERM2PjitPhO6(7FI+uA+Ze;k6qwnX<#4X4{vXq1`X?ISC0V!U!Gv`{zwsLXC_j6V@^ zAm_1Gmpg|2m(GuS#-aBG!>;Y)Z-^U}AHi^`>6@v7g(izJe9uAnxV-+9IT-fn()^@u z_dN~6my$NDF1q^s9fozaO-4C&iqY*G(`eRXa+XsBr@gbSYIcMdi@ivluA?mj#()?&Ew(8Z$iJ>&VJ@#{s z)8s3u!Sog1V|8B49!c}Z@7exq>UI^jV0=jF11BTr%sLEzJp5Nvg68dK7*@Ngw>UW9 zW;llJ$KG(P*>>Ryh6P^Be|RdPK(7ZnF(brtXT(-wJV*bUnhV^X^m-IDIyt|u{G}7d zU%YqyN4RGFR1DWGKIXhkV#x{&ix&UXS!HKL_pj7pmsyt%)eB?%j>fQoO(Ms-F)SOj zOQGBHh7E>q{i=+)EI*%aU)zaOdf&bpNw0SUk;|m&E{bGe`U!Cd=Q^0(48w4^h(tyg)hr!{L=y+jvoKzvv~Ap zC|--k^!t~XDcHZ1e~w|_9~(z4P})O}XAyhNjqCQ0^~Ly~2K;GOa!EoMPN-DyhTD94 zJ|3uFlG*30-HY*W)+J3_&K5xL57N#qUb_DEWx9NiGQ?l?m$uOR&CR=`yFIds3UU1B zj@{M+?Uf-I7PFE_%$dJF1;aTUE5Gqf*-MwNF}Kic`yFn2{V0*!)Dke=R~yq`V|#W_ zFmN@!zc7hET2$d(P3I?aFT*$bgH$J`-yCP(dtSee-VdZ}?-jgm`uZ2f^S9(TB+Y+u z8pCYe>V2C>OW((^gKln4jEW20-X&UJHofI&r{}}Y^41CWmFCd%N4VuD#qCY}={SC; zzWeFhN%uBjIA7E+(@r9z9K&npu3R~Pz(N4SeXEqXcKkZB7{hn{Q>R_l59Gq|tI(I* zcT{z+!En65MvL6DN}DnK?Nf(l?9MIpes6?JfL`l@npYTqOnUCN`FUlg7-o;>eI^?H zDh|WNxAwnkxO0C3hL`#5IBPI#E8XASQ;)4X))=N zJZkx?xn+@0voT!zq4w^`$$lp>Y%X=qddbh)85r)qmapp0BkHtWPyL8m&BS-hwx4^f zV$`}2<2MU;)+BpIH(_|*iFfOpq<8j)Eq7)sF{;Z@YrwM~A+} zZrlI+8-}?fmaoo!KDz_M-|y@UFjO1mh~Z6l=g#%}Sh5tuiZ@4|6JHqNh2hmvft6AV z*|{++;IW~buV;e*h8IuXkvVDCt+^O>H}a;V}ohD$hazfv(At%TuSzbw9g3V*|g z;pC9T@S4TW7Z`RA@)Lf!&oPsR3pqMV&o7>iVbL<-d6W0c8euqQ=7RaJPv`n!*kH?} z!tTtO#}d`Fx#UW7gjCG$-aoa$tNm5zJJBmVx~-=~{SL1?ScAN60 z7|}EA6UXIezZDCeIMBCFS9tyAX-e^vb{zE6o~<06T9qnvZpqEc`CX691tv?`33eqs z9B0H~{>AysGAo7a+;2U{h7?aqNqshU-`*zejrW=YP9D?}{n+Rtm%X;BqdNA8v8c%s zXYu`SyH=Lu&Hb=uiHN%KtkT;v+}3hI%c;mIdFVGoDC*zWL%WG>CE*`-JS%6SlW zzgE3B^x(O(KU3H)IWAeY=WfpV~q$+$crzbmqZ)4rvQzt88EB;t0RP1#+XosDPy zq{*olqqzmFURBB7-mjgN`oM5*-Pxd~cbku%6LWq!U9Uvu?)u0z=dIsudfAhvy0|xS z`}OD9`x{<=&c7&JR+jIb`|{|ImXT?Xzn`>j-+SQfj-)LwJa38^iVjS$eC-!@_V&*G z;j<=$1HJ#=tAK~4XbF(@_HFvK<%xG!<#p(LW?|ua-jlFt8 zqU)kw&!j1ypV;0hDuf%}3>!H2Tc!VOaL$9zI|R!v%exDfZ@cmlnu=``FC{((4cGyRvwd zS6ybV)|Wjh{&%V*HQw{(`haQ%Z&a4kua)Pm)mr#>U)K1lizkKs<E>y4Py z!1o4xMx3QPk8iVV@U~WOit&73{%FI8=DCLj_H=|iTbmWHB5m4H_|v^GYS)8bZ^v-F z*t1akBA=75>FN{b7n%vg2Q#=ZT5+r%>CrP zC0R!|YSEQwnX_LN5?r{X_q{%~#`wt6Q4cqDHt)-FD__+;#^i_9_6Orv<)>>EG(4^e zIIyThtXJybx%}}3r95BU&KzGq;QyANJHD7(NqUX@a@SHd{S^y~w`?52AvN`I(&Qu! zr4^b5*Np^6=fBs`m(XieNZToSqAt$&ci+KWw-n`f6T31$EFbf@H+bgs@GrVD+oZq0 zImOoVQ*z~Sc@Chw8RW?OU{WZ`NfrMa8AgZu7k+OfUd#4hA4XUyNNy?3UP(z@c1WAEQZ+*ovMVRLn|=j(;S z(^eT|tLr6=e1GgtMSVoj1kN2!rQE#cbNJ?0I?Of^bLjbGvD7G8iho`B-ey)xW96xcZ$Iju5GFr#+T%J>?HeU*5g1Kidnslu0{lbwpYW05ocb9#X zsaV7&Zdqje#w+kqe{7nPnv#>lerct0uL!PJNfjLGc?Q3}n3wJR{Q2^%ZP}}?kLe12 zG~&w1^4^D2r)YD8H1P8Y>~r3I*KzCdhg_+X^g2q}E}T&v7?);JFA~4RiCh2i1dA!3 z+}|Lp9zg)m#oR;GTS*R#(-D-SF;rN2ww;1tLKchdAmc6EP8m?JepD=nC%|V zeY-Y z_`tTaVwQ#C!gt4hC`yj!`YCc{^?I`-c{i1tlWIl|TjTO#{AvHHrM3)BD^gR!I&?R5pQdBu-r4p}3 z{^)Tja}C42?99hV#{CL?d4%oiopBdmZ=0F0(>hE=d~5rQk%@a+rFQYlXK%EP_N)5M zT{m%_iSMQUn&cgvxv(3neCc?heRWu+zVWzkrQ5d(D%I3yXlF07ioUDssBWNFCXq5b zWTukZt$l%OwBHt7`-`(AzUVBU?x~dY(f(Tvm))Ifl`GTyw4hJrfpg-W4vmR(t;THX zwm5O&vC#qxv(cIk6;Cc1Ha41dUTsdaal9gS+m$m@^VJ&;_8x(4?B!z8zpbi26goD% zd%7^X{`BUI$w!xc-V*kOlkJ*Dsa*1+o#)(D73^#bO9%QSUR1d)>fKUdB`<1H7|hjk zXx7FnQtFR|_PF{QR`=N4oL8h1)=^+m)?n4Ob)L+$oJQl7dfpt#t}?sz3fnh+`m7YF zzqfkbQSlN<4VRYj`8)d8u1iSy5)qzo->CiQwz%;N6-O>qPO+Y8_OQa?aFV#g?+LTs zs>WpMs%U-pH2&*VQs(mhq?rp#^?46TcBNPuS?ty9DA@FXU-mKE_wBU@v(&{-?;roV zDfRY&CFvtJuCgy!T$=S)u;eMxNrGDqW*D?e$L9HniX9S&@pcgn(r|5yxjj8R^0a~4 zBSoLhW^e8HZj|6VwoPqmd7Y6=-+;{3%QLHtzs@(UNIUH(HNxVusKAAn`)vx?-5*q4 z{w1(i-`^J<6T#$>+{;peASNW+t&JwkS=_~rr|o(v%AaFaLekC3${N=+i)-` z$6Vu#mRDl(IMa8krX7tjHVN$e+2eKjKVOg9^0ca1cp-06Z=<8IjTOJ$!4C?%ax!#w zK7Gr1e^Yv)+p4Qob2Yti!X0_yY+Xp?lw|q-N+GZ|S);Z}mX4?04ynPEH>k zRZr)3=6JEsY8@Tj9U--`WLbt;#|l?diRH};lCL@sTz6|Pna{U&F8;o`AK5nTeeJF- zr5|+f-CX$0$+S1`rCO+Dyv3PQdw2Bu-QQLetR9m)q5N}?^tlqFDE!6wC(gACw^sZx z>N{IY(825#I#b1xrLCVvyM|}}EW8@iCD@X*XHQ$Rpb-A@Iey?PTUKnZ5mQ|6>07E@4<>gSK1#ZY_IjuO4s@-d-z(-kI9)_;&1Z|w%hi~4scYjk!`89I<)Nf!@fzL z<|jTLh;Gp`_bLAUBuP<9rIZ$_R4URc$^Sfa&-~{e zIvCjRY*YuP;n(&L&|FDw(WpJZ(X6O6?9oPA`4!2nO z!U%86*t?Vd|NFwUlUr9T5#OT3`n|=(`EL8Kng+VkIlAqBG3|ny_N-ERnQqTTg^FqI zfB663Yo`0(wkj{$5Y#S1FVpR`UHYySp=KKNGTol}w{rQ{17}%(ZzI>`SK9cSVXU7M zPLTd}MYky0f%bH3zB(ewTWX$5{fF~fN=Ig_r~BzvaYNJ&)lHwn=w-SU)4k*sGq8Oi zy-c^mU)-yS>njyWFVpR<_x8KjI>-#Am+5xxTiKecm!1Dc|f9SR4!2|M%^fKLw?a*`o@z%4NUZ&eAS%1r}v;}Ram+5wN>ykfv zM)zdZRgW2WH}$;P20BN#b5eS&N;YVjMK9Cs;t6xCT=s7MKrhqnnaQV)9yEFU|G%3- z_wQdlsHx4n#FAd7+f0R5xzhV}Z0TjXwMbp>r+o0!WO|uyQ|q^$y&@a%|KEeA`;W`Y zEE-(pSw}C^?YteY=ecb(dPOhOZGi5>OVj?%y-Y9D?YGv*(w$YB&*){k?LWKe>3~Vg z>*-~>4SG`Ge&(3Sw{8Dz6rkClqDC|`C$>j@K`}zI38_PGiDcR6Dy49Di z*yd;JIGA3h+oM&lu6rL*?nf`vtz5%;-SfX1{{Qy|=>AiqlOl5tU1k0K0@eAk`-V5q z-bv@^wk$OD``p^8z364SefaX5#l(Z^cj#rhofQ8kvLt`v4SJbw+f~8`4BSu{Lod^9 z#OSfPfo&mC^fKL!l)9SsWwa{mxC+_hH*oa+TTAI2-3AVSVPg5$jP-g9+7$I;;e`Pg z=p5aeMD4wkaQ4U=dYNw1rQe(UE!fHW{hy$2eQy1c*jY&D==S@)xvGbHm9k!^!O;%$ zRb=k4&WpUL_4o8E^UY~bw{vRkyIs5-mQF9z?c5phqt4&xeuZA9+nMtsE~L-i#rpk; zVfFhjEdSBMIzMDBJdtoTS1X?Obo2|#IKF!Dq1=j0y_SmA&1rv+&=p5btc(W${ zVDb)edYNw1d<%H18V0D*%XBM#dezNaJ}&R*WxBohCA$9!SrOJaCwcbS*wP{PmCn(v zr=QkriDv0kS)`kvN)=;g@TKW#5GF6dYD`Lw6omMhcqygxWg z(aUrjA6C2RwMqXG^fKLk67QDsPxIjkdYNw5ZQi>pq@uKgUZ&gY$L+V7yV+*b%XC|2 zuWHlI7kNT2)9s$`{Rhv=SA9$`)2)cj9wU{s!L0iWGf^-97oj>?bdGM_j4pXEODJNU zuST99a_ooum#cJ+Zfn_%?evqga^C*5U|rYzYdk$_F8*$!b98(A>Y}@5 zM;Eg0Ym%SO+blgk>@1z5+w{F!bFXw85kN1~?O~nP`BfPWto^y}8v32vUT441Il498 z(|fJ6@*&ps)PDG{jju14{GfAmt2)4WNuRqlL+E9?ZQ0Vp;>bjet@JY8K2>m2f3cl6 zn_i~d++g0gUz7N(^Qza_cpW{diB)utZl$%fQjUJoQKXmYws6%>>AS{rS?8J52Tkw# z502KMb96i9{hX_H5!YYS%XI5Ma@eho`Eyn1Wx8!Qsku}-O!fbN&xP(c(+$Xph>c_& z&!NW`$=z{?9Yp8oHtF*Ux6kHl*3rv!>y^0K_^jPiXL^}#J>)hVPQJ@;rkCmV*ugU; z%M`?Q>1DdTbn1r&Z(}X%ez{Ng;YAM*tU5#I==ONGPif;n7k;Fd>2~*}2D_FMt6k}3 zy1n^j+r2gAx}Nkh-3B@o*~_(UkD{09)=?*+=b_kU2YQ)qJsa;=?it$e8of-nPyQO& z8x8o$dVbCNmm6H0cd?Al(d}iwiZ|iW&+X}Dx>azq8Gd4HIqQ5laOySfy_eU7(>c2J zNV}A-5d7dDy-c^m--ilFYu7s#$T~?j&3VMyb}kD9%cRA8)N%L zio@M_tn;u$n`P~sk_boI)2&#($ko@@ZU^XPy4^YSedG?)1$u{44pj|n*}=Lmcyh@4 zm!@=&n{=LT4R`jsEIYpMLVB5Q-NlNfd+1I$OfS>zmn^Z|)`i|C^fKLw-WcAk+;lSQ zJU8`q>#&&NMhEE}-A0^SVbD0f?LECrx0)vgU2QDhYe6s5?W^*aDMzJW_|nUC>)ATs z=dttZtm}rY%OaOP&Qq7rIl8^yk(2cy?c#ZQnQk55&3$)zW9)KznQjkw+Q}C;r?Ku6 z^$i-T7kRk#pmTJ4Ma8c*vu5ZmdYNwTjC8muefQrMdYNvA?+Wf4d#O(=y-c@WjVC`Y zRN66tUZ&gB)Y9gekJnzHm+AJ?pG}ShTSHjaH{Y*Tk@~9|^64Di?x}A0_jHU4>v=rk z_xk(3$q)9?Il7(Bf1i}!F3TGKnfU8B0yS5&u2)0)-1A85(}#8bJF$Ao9v3Gg33|PB zySG+mm)=w{)_F_Xd)%|vjr;!6Il9f>qOoLIRBR=^Ot)`Weg5n5UE?&p{Qq{;x&^ut zk6Gslv-;gm&kZ)b{eKSs9nXh<^45o5*`nFGKPF??*VzTL13ULmurZM?yyBG8xnD9g zTC;ZHus5Cio$?}|*w#x;qWTKHkT^u+#eh^ zV)blO_1~TQyXo$Aesgix#LoSWE1qi24vwAQxqsu3)g_6V+Qpswzr34W&6_;EqjP_I zN51v0&87=F_pjepz5i430@nGV-wKn@UgN!ccg}CDd-T(1m?UfesCmd5s>W20@0|ap zsy04ojgx5S{?AtbW&}+CZPmHI&)r3vhWt7y+qu6Z%+K-8wv6kY``2hp4fEZ2VO!^Z z`PQ{*lZq2q=gEe!-r5fo#O*rg`?-nArW`bo>)b!-bH|l0GnJ2Z?hiO}udc~b{Xyq` zlUE_q;>$f1I`{V(^<)lu39#??`#RtLwyK4--+Zgrq*(en4(q(0TBRjtR^4cr)Vcrk zb$iQ+BNnsnA7#TvO4mq49qpW-(=YmjsFfLOe@?n1TQIYS*3ZuQ-oLtqE_FSzw{ySt z;wK%d z-a1Gub@H^%`Kys`u0dOJwLACQM4arOzOeuE&ix+KC!wG9sqpLEe`oRDRB6kmlFt2C z{`jUjJLc~1-2Y>N^^5X{?yUEhiRS{(jvW`{-8mm?u;@(8y%g529$2WB1PMe`b-}&Fu7;)Xx11Y3PSJuJ^pxxxaf}%r(7JpIQ6i zX+rhw8nvBG&rr8?*d3-!awbynaQ~N7v@hc4Cdw{*DUc zdzs<#)7v|*=k#;Qge$8?vCg+*3(Hr}o2#bYIe#!bXX*X(Pd<0fCvm; ztn2%Yb^KoVc(T_I$#&NJit#CH6r<{Xu*MsZ(>puoOvcsD^$WUBdB0aT`(fvP$&`jj zgRHHr>+03gXMx?%T`}sMFH=@H9FYB;bwBcW;3Ti%1;woEiNuHJE4OS@W<8(lZv-s% z3|3`bXU3h&*10?O(2LG>?_|gn*^1K*{Ul#_wQPkwO!HFb4cfY4SBcf z852gEcJ8+pvlLm`XKHZg{)ua==19~&W8Fv0ob&W$&5LT*`Ds%7;fW)67<}uzo*qu) z-;3W@Xz1Ku>@i$BV$zM3o%@%a*eNx)CRwL*|Grf&u1CBUvffvx9E_bGfBNt4&iRpj zT%_~9od3Y;_cDw~$Y?M4dtyFs!I_8q>3@gwo6@oDp=8Kmdbx8u@LbT4uyb188FgJwsx3!p^9>PV%|!nxp$%fj=!zO>{ka`RV1=JzX0r+N)$1dO8nzHsar_^A{G3 zn)GeQ19>TxdfVKda+mg=4CuFZS-S5wPz@T%)1UQv<%Q;D6X)mH ze~a}x^Lkw3IK^?cT8|?Q*LUBaIGuOl`1!|6x{2QsuW7ke`{0gybHBwAkN?GQ)pVMC zWBexxE$s%Cs+{E0`|Qm#{G$Ay_8Cz&ZgO$VEQblj$EO|$h@H`19Fq6#hTrmn zH%F8oYOJ~J5cha!M2F1;m5^wc)VW0;ZQca-eOLEA?9T4PnTtOz+nm@KQ!`R(%B#Wk z8jX5)RYXjizdn`>A93!z&S?L5t+8twbmo*x^{ek5YBa@U;kKdTR~DWY-uU-J>Fu|H1M*z0v%DA7%)B05uPmuJr*_HdMI%REm{mJLUB|~|#)(G{ zpWZEWDL>t~xp%1DdLMQ1N8kG%e{@>+TSZeCuk=>yn6HmrHN1-7*NxXJ`J8@dwbtXY0BB(}SK}v&{V!-;0-(tEQRCpMOpAYH z>=pO)dggv=bKf)L%uAnVftCG?^zNpdF6{e#>x&?-zaMHQZI)LqIut%P)@;?^HRso; z%eO5me7E@I>_xXm-7H*`{iR4!KWKfKb@0v`o|fGXrF+k6c_7m>-){7KSN+0%Eob}6 zTJ{StSFKq8P5S+u@So2MKVNP04~{YaZ(8S4wteo`Jx|o{sbz|$g+@v4m)JNUZPMo27Zvk9b~i1)ryc4rVCxwQ9ZxpdNqj^%>!oWi{?%-?Y_(O z)6A;+-t$E)8#N1$chd>(;rC-_dc}v`bvJzb`eZG6VjVwV>5eUDB&u#_Nas7Rza_Hc z>tO4#rCB$YjkERd?HOv{uD{{IkCcth?>DW|k_c^yRr#iVxSv#Me*J@Wqccvu=I`6< zEOxKG+t87xHi>+NQ2Tn0}56Z=u}3(dQwyCTj@ABXzyva(aO&k z&1@a5QGPx;GTKf4yNdqGD~>8_GkfHYzdgo7Wlizm}K|5z~A$tOOf>|JWC z?#JAv^K08nf)=ppwwnPPw~CvlQSzVddwJmcyvF0Y<^qP02^b` zQAvdj$+9_{WGh4Y9S=WRmPH3oEzsZHW6P_umoge}jwUC#kMJ6{*d^dsZE?v3Ytza% zcDtkoi8lYyd=&2C6E$YtA^zzpT`0}SupJ$CK>uGA;)+l(GJ zc||oH9s7LU(f4DfB(M4@@^T>mZsUVuzy4cl7ymKS&Yx9md7eM6$t@<`u-yG^VPft> z)n_$B75&#;=v`nGpOPsu{F_;oUE;*){~C3dYc)G%>q{q^=p5G#tS;RaS~P!N=C_#P zb7l7ToM!WHZ0tVgzzYw{$Gww_EK%Mlx9Uh+$TOQXBip%uHk{Y!IbixV?JpU8mxt5z zKW<$*PJZsg&ACer*BrVo<>e6kI#K^n?U&~EBGsIT>D>*(^h}@TlintylN? zoD|tM(<^`Xu5U|5+BJS$ooUqM@Ln>^vF>Q@{PpJ9(tEC1UhJhUztiu0<>U=JH;yn` zpjv6NduGtewrSgae<%BBiG0#Y^PYD)FJ5ktZNrS(6{_)R`-V^H7~984tjv5t+gFuU zPwR&mUB2c&Gwt&ADGTCFCtE}q{9b2zM{@VDwIv%T{pgooI{V1Me*7@0nR`~(t&a8E z^{_#4Omb?a#*oo%2O1_+#`1-5ZZ1ux6_gl1kDe3eHzUol3Wu=f;O3lh>(l)gmbn|8A}77wea6EisV8sgfRv5zhRWWIIx^%#zcTe9UMssz>zGnH zDEFm&tBZc>>G1<@!w>F(RJZ+PfOlk81rDgn9SUdF~2?(T7G;T^0GSACOm8; zf9aDt zTW$82(JLHB=2l2Gck^^KvhBUu_&{=0OUK)diW|>a_>0YMNcr&o*s!#fgC%TZv@9c5 z&UjE!=Mncl{cuy^T2Oms+tosPxGn4@>{LDd*9lzKgFm>!=?QYe`UkY zzJ1TWzQ&WT3$ZggrtmQYT}KCnAAN$TM7{3+T8v(Ajzv!F22V}IRV z|LJAOP=FF@I8!bIVtk+)* z=FLx+l{^vqQF`gx=-!)ue{kRGx@d>eyKe3w{hvDA@Dsb*O_yIjK{m$M)jYu9%T4oR z`<8a_(pIa?Zc#iDc(nFw*2Pu%xO*wuH= zx)=8kq+JfY61B3izVDCMdc*d+2I>vb$+n1^>@j6%-pcA5hpb}f?R9uwmp67+(e!67 zE+ci`1)(QP$+@!8Q%qedUg|By~p>z?Hl92ZF6ch95?4jc{)%kf4=kh z`>(SeeVF0@ycazpUoyiKW_{~Q@`c1>!F-4_Xy6O&)3+msjo45i1V z=HP9pfB%-^^1C1A&eE6O=Bpcfw7Ajcf}36Wsf90H&&P=P>OE^z`=nIpp=9MA;+i?I z?e?t03q-?YO=_bhht86Fe%Al^%@sZ|PZmmfJv3|ieJyItfEmTo59Af}d5%-B_ZsIG zcgx=CcKNJez3saLItER*n7d-M!n@UT4(mVlnVR)QX4ASI%U|y9u|q#1Z*TR!uU4ab zXz|RhnS>V_h@a~3G23#PMyy-<&Z!j?<$m2-rDb+Tdx>vWykl?ozqOBo{r%o#-5iyv z9?Gw%toeCZt+-a^+|}^mMZdK=0`}cEP#fUU@1$Fy>#Wv=g|&S$??;sU*%4swuyWt4 zXHy0}S}LJ`=f}art|rbu(>2UPJkQ=k+W< zN564BE_I+kTXRZgaAED>ocHzp6*Q0aZaUOrCg*#?=#9$hf=lTo?QYeItNKq>OMEL+ zJlVwlmCob?%g$T4oqAfI**b5O?wnK4?hJ8!eRN*TFTcYcZ_Vp2Pd#sAn3!kb_Ij_^ z*cl7s=Ih<+J@L2LjPV@{5)%W;n;PuTj`OMMf2`^8OqWes{uAYccl8~*XtrUx*y3`|6?pmG5_F{b0*ojq$CZ?FGc^g~VjkGq#fPdiy-ibW1|%V}}@9C~_syqKw_dHhMy^whEm3+77tcwd}YpQ0P>HfrUQ zLje*FeO8TlG<0U>Evp%_gYSJ!k{b4Vy-47Ynf;|_dP)vR?&z~??T3T;KG~(lq6tIK zeUWSQa9SO+b)a5r(7twUe&#b%N5k6X)5BM(n7n=T^7>S9W31Q?7~;;nRbe%C&%qH zy46}$yjm?rPd9J7A)#EZwu7w{1u1Z{IoLW zLfbg4wj?gM;@ z@GK#vNOJwM*tF^Af*M9z6l~~mVddpk&8w+@x=GI)8~;@!!^wP0_zm5g$s%XhcKE(d zeH%Gs_s~V(MSFEDdX;BfmlxvL=W<5C)XRF`wg1hvi#u9A;l}S5&fTqkKEBa2qxko= z=Dk&#L$t;3sTPlYdD{NeRSjOR;xBH=KjaPOJu~zBHMVCGO0+M!CSyyk)v6-4E;(GLviN)~oMN|D+9^6rU z-)7sirXq2JSJLcVe_MVZh)3J5d$q{3Y zt+=StUbwpLa{{`zdVKrs+l7s*-79#XR#>Xv^$=N`S(p7IckrmhQ~JJ_MUFa1oRmqN z|Kv@<__~XO%)j$nHs`!-ohmo;mG$=R;&0X~-{UzY%)9V%(v(#Dp~h#j*Sfv*ZF~`Y zOlG;CbDt$s+{4C<_&GlvtjQ%t?oV~sYApLVHfyTO}bo=aW(@vWAMWsl$IIbG?; zx?>wgCY@ONIJfmp{?!{kwvWG=N1q*J<-9`c@dLZOdpm7j%0FtpZ#8V}s8AP~+63?D z*EeIVb=;DaD)g2d&$m3$y)@9d_s%!D8&#wX*ERR-Wl~zubSdz{k6?*uia4+TmkS%t%IzvZzb-SdKG4uvG^$>4))||a`AOrSc^)@?%eR-SFz{B2-zpxy z^QJ+4N{=I(BxM#T?msiYI&b8J-Bq!Zw$#rviX9gIqU@ZOk%D4@gv2%V(L0JAjH_&o z*81jpWjG)G=NA23Z{odU3la|o>e(-?$x(mJo3m%h>)zWXdT$DO7c%bfviw`=MzKvP zqeH&-RH(|Txl(#6Oly3ZpN`2a`Ri%x7mT!PEzx-CpQ^>19gMs4~xakbqG7L7?azHV$# z|6-x`cQ@DA;v+X#Nvu!HRVf*GZ1V1}8IRP|RCtSR{vO$;UloyMTz|X2x@U+_!LvG# z1{LLVo5nX!kukP$p4X$UH7?LB+bJ@;(p&0K?w1SSYu?rm;vJ|`f2H&Gfx^i(wQEz< z`y?eeT~~i8d&aTcbC<=D^P2BQwR_05Yb*#3t4WW&rhfhO{PZt9jmo@Bq8?^^ew!dI z@xjCMLE_%MyM1!CtW(2Y?2@rIwTW+$zCNy9R_pSqD{Y?*DvG>Tc&A+Q_j{#zO;s&m z|A>WgSNBz4kyI+l88Q3$3#B=IUmCrz%^kG!M$a;T^LV|_Nn461%b2JuitTV%**r=7 zUE8)#k@9_w>}!uk*xY}3re(-ld&NJSJ5K1lOZ#19oO#~NbKS7d{FG3$dnM+ZmnMu< zc;lTr;gaR!Sb*Q5hO;V{)&qCO@ga-~6jd!^X?Y zE^AM#%CbGCEMb4OS7`pq5o4Nq)kdcdTT%Bi#@oYg)K8fW9x3}Qr8Rah)@tW_nZ6A= zJU`ujY}!2Y#(Bjf$L~q#p(0*-%XZVJV(pw`BVYEK&dWIL{4@ODzO_YD<9l5(UZk{b zs7zF|O2&^7`|nJA(=^mOVoHRVY{l&uJ%vjls_Q;nN>{yqWK;R!15x5VPq%k03mz=( zTl@Ifyt8*Uof3b(NTDiCUE)yMi~NZ08+vVv=I8WCZ;4)YBWK*|+qS2!O*)W0pm5^M z-toHW@!vfxf5?Bo<73g!m{;YrElKvt>W0S-q7~vE5gU`Gj#b=IYi_f$^Js4tb4u)2 zpK`pZO+#&Bqy71!5#P@ZfADsVqSc3^la=mB#1u3c91U+i@x?PPVdmg_$EKYyv(+6x z(!Wl6>J_P1`(G4?Ojj2R+#bDQQ^eKLmu_Y$j(D(E-|dZ`ui5D@WB6|GuBSHLycfQD ztNJKIi=V2!ODjEEHrRe2rzmR_H_IW=TEc7iE_35YTgUJ!UJly5Klik(OWg85&DN9L zEgZjFKKy>H;qI8xgKjRJ*6+{>8Q+1kw#ZF3Y#x5yJLr_f3Hb@dpUmIys5kF%ykEmL zr$?>38dBn}p1Dx$w_<4d8pn6H`+nY29%MU)gajN&7Yc8rmCZGJAcWW4LXy6LU1 z-jNH}$vpqqbS&*>nbOCr|IUginr6ROcyQ$SS@nr;C)n2<%U(0(q1PkH((A`oI20`N zv$a3C;pKb(S3eD_%5wd0OuG7bX28M5j_41$!!M5cHc<=V5Kf`;4KGIn}uK%C($N=L>-XmW*?rPTg`D{Sk ziS}gwuODJhf1Uq)Udi#Gi>128`{cF8*#5I|j!>!oIX?GvXp&{zbFc3P{u?qsXd8X_ z*j@DW*-hIv)#g86s^PGC@`&Fx}^Cq&IU)iHG13X9y)FH7dWT-KzUGcYIb-oxI? z=MKz`h+5km67ShEa?s1>IVSZkxV-zT8i-q^YwKn=&8yc%QWWVfQ8Cs6&m> zt~nF-mlYPhkzcs>qILPEyF;oA?)wdPvL5y6)7#BgB%-xazRj_VHVf2SHnTi?tLOk_ zm#x3c*1ulz(=&8Y^2bZzwMFhW?@S^FHU1pr{C@V&)?M$sD_u|3RImEuw&hw;ALE>S zhfiVqwtqN!VuG$?)r#qhCyFc|bL83e;fj-8+!{x0*8h8B+w^FS2P3Q2HD1#+ElLcS z>sl7{qBx>z=-X3++^4Q+q)jwxtzdkM8AlLu<1N!}+$&wYm{@PwkZ*COl zcXaT0qC681_eFu)W5(>~@q=+s&OINus2@G6&d>s8MP4gz$771Lfh31_5Rm(MNo#vgABP{l9cMYRytOatXkbE)%89s!wNEF zEqF@)YrEcICB@ns(v&hsbEr4u&ZR%h-slcH2u;!~1;3am%BPirWX%yqDPh$^poI3J z45hl>E*-2OgSJaZ_2f`vh&#;P|<^`R74P`|scNB?ha9Ok9rZ~6$7(00jEs_VT`gcW4S?Si9Sl<$D%Am2$F zXfd_kVAWSpOK7|LQ7RG5;TScIJ%!E@IL!Nwzv;(P{VC;)=J1-4o|L+lQPifQ-u^5# zfKp4bI-GH#hEcunsbBz04W!g;G>7f_>h6e&M8qg!Z8vrMljS8dyPw+=ud% zQblv9FeFO!3RBApD|uF}L6qvcmNQn6A!{j63XTn^rEC>^i>b8{D+NI+-)L=>(qv64`Y~0&y1EY$t8Z1ykdwvL|y51Xg zSV4x|8_JYYK##*2b<98;?YTo%xz%&IjM_5RnnR}(A9khN4O<&TC4dsF>RuaitI zd#qFhwS@LO92KJcfqcOT4IkV$W0W6Osw_2(QcGcuzKlMcy1}SOtcD4c&_0Co%ztfH z0#<@^k?^$=om`OGf<_2?U#3p}4O6QaD|OZghf|6^q856eIKU|Mhg_&>IBSG({`{{I zHew|>#|n=SuH&Nou4{?HpwXnk8sSLPE6RtX5p5c8)u=O5nGq^rHIk(?DRlr5hAe!`8+cg&TGRMZ(6JLKYdqWwkv8?SHM=2NzAAJcX zde0kS1sQU?#-pD9IyM$#1sQU?^eOcZ6@$Bh-ky$@Ox4|3>9e-WfKv3;VN|zq?utkk8&)(zxU#@@&0Eo$!l)dq3|Y#EQekKg_W)z#_M%%z@Gw2Z%7~?m(W9b#*e1xP zNFLkHs0OTzS!x2M=)137tJTmZ(zQCUn!r*MDMcT>xx4S6+i_Yc!o>+q6Ip5!>J{a8 zU26hXlUQmprRZ7(R>?x|0_I^gnWao96^rI@w|#%#VU(mtxDG25mNKOjoY~;$tEwH{ z%BbB~nX;4_rS_mX?6ALoVplRM11mF@GN%-}d7^6VD(vOTsA8O#|WK`o&x(G1ipxK_duF>TETbjqYhI1;NFtP$E%s_VUBg%xDb z2!;0HOb+FR6=cZma-dWTn!~+l%Yx5~nGx>7%7HaPM@n@)!sA#$hO9M}pw zy$w_dSF%fDYVF2qAxpVXN(C$OuJQs_E-Zyk>!=ne*oOn;P5&^p9%1FmQf`#$iRLiE zWh0ayG3pmqZY;HkQUlN&YBltWKgp;8a3Ms~B9>Z=dYOGl-p^}ewV0)rP-+C4L#@5% ztOJ=^)>tiJDRkKVXDv6Zma>#PrRaMA^7F%OSh=$lI<2ExUNA>rS*b2UXSP#Vd9c(n zj#_zGEn_K9j#`hf@?ht&#}@~0F$YoJbD-jdI#9IX6VY9*yCu&UL} zYi3kARx4R*6{QZr9DP;p6+>@9_~<*B8nIf%QUT~uQN9(-(bw(1nTXIz1TKVV3ScSp zB1CE&n!|S0mz{mbs6ki-veary4MKCMP$aWi=#`>})oPXsq7;1`lJ5{5unJ-+>i&dJ zU5}8z;JQ1T8R0Ul*09uCs@4EBhwUQIY+JEf%Tnto1!oVq4+u=YcblmdkJUPsT2HC2 zYvp0Jo~1TWN*m_r>qy4H2&UFUtTwRJMoQ_TIUjvZU10TqQQxuJ$WogqMPD6?&ONVS zl%foJ5KWs{YBTC(u6q3sWlv$09#)%KY73>{&H=V-S3mVpjIzaQ3rhu4N(IgN=xep% zQ}m*N?_gSjRWM6!MUVd1IVudRtt=HnDeCHszH2>FFZ50-39As6+D56aN0^P(HkR5> zDRdH~_J+6f=&#InRb#cCrFKwi7@EV;Yo_%bealDR!Sn^I9V``!9%Vko8ZmecdMaqu z4W4{7g|bu_>J{Y=M?rX_(5iR!DWisA6~6i}*u z_9GcJ6RU8RLN5$_9KzoCYwm_o7I#Zr;zQRY*T z9e*CFGb$6SNS4}7sM^JMk29(YtK9-6^zLR4rNq#j9+%+xMjgBstRO?a{R?)0l2RUjz!3r|u-Z;deeq#k0 za)gH|1=m@a{M<+0VMf@$x1jg1V1z>Nvf=p^b|q1&>+O1j6=cW}9;H-oG(32| z`l-~^G9&B`r%5y&Wz|YXz5n&9RKyB0WUUlRQFn>xyFG3Ht}(T2uu5UoI>u4U4J*iy zwT@HjD9q89a?n5YR+x{zgDD)VW2GtTeqE2$C2UtOd9N{TSp;HVs zjl7YK4ikEWZCIURjqo(3x_*}X$qLp58M0O?rNq(dVQ*N(+UGO1jIc^&)k2rX|J)l6 zSV4xYl};&XR0~FVE0K@x?$81?t;8x_P)q2%aRxmu%3pxya2!6l*>4h~BC$Hd8es;d zy51Wnv4RXa!c0od78hKJ&gHK|7f*VG*RjfE)jG>j>p51CA#0tZ6n*C~z^J;2snv?r zIo94dPbv5}{O;(x7?VD3jOx=Db)o4zOJ$*6Q9k|d#%pY0G^5n9%3`Stl(K+1`YMmS zDzrBYvAV!g7b(^Cc1^?TB1>JO6j*qc#a|>`Wk%?V)g_k7rj$Hia72X#_e47dEl|^H ztg=}uhf<|z4#&sva4AVfMPQY~Qn{3Zn;57-zT-HKRjxn@odNPF)%9_B4J*iy$Hrw! zsZsqr-paBEEzAf%V0D>Q3%zvz^HnJc7Y#H)hOAY9dPMot(Hus3a#SiR3tI@&XsikZ zwS-=kh3HX6MLd6nPFl2@gjFF+T_F^2R8OIMn>korVJUPdpjvS4lR#fjY<Z(8q?fD`~b-m|9u!0QQ8$#+Dhf2i?GUPrirWCr6pne{2gJi})W`spp6|+Wool;$o z@Eul=AxBukq1v&63^~FZl%kJb^3znM{^&t8-C&InUL*f?)tiJBWXM`KDP_&ad!u~T zab|D0V0DvKtBj-8Myw!1*1AP0IG4h)ab6M5(x@;s9mVPvtJZDw_vKAdI^axwAs$h)}-BSPO2<719iYCaABfN`x{%gC&Vg(s; zgq4(n^BWwCn?ps=;X{wm0jo;Z2=7q}1f7NT3Z|7ZfF zpH-`hQeD@|!U{5Etp}7^hvu;7za>AnWolJo^?+6DA*H&m^&Tt8khLCBYBidJJQ1>d z15-;9oef}mB&a2H7Oh6TqWtkNM_k%4Z1sQULPbk%!>hJuM zpL4N#!m3rnQ7Zr|$dI+3QVN~isqIp-a~{lW*CDK)vT8l!sC6DI$dI+r+Y+=7yWXx! ztZG@co^#ath!teWS}!OCZ;biqE5venII~^71547Q8>`HeGJ z)w627p;XsL?;WflL)LmrsVOi=Ukgsn&+=s`3=hOE_qdPMnM zZ93xzh)koF{8#zXJ5G%-#Bm6`u zbm~O?=qG|ImZ1AjKKc%(%UFG4)%uJc{ja093MplMst1qm*(L|}PN7xhI z^q{GUHNs}p`(Gm*jum9c5q_l<+>63BB_m4zF|#-9vHHrY)k3MRkByaBL58gLjZ#CX ze)LmtL7C`8!beLm#bfo2RqH!?^uM<2ELM;qYyF_qJeZ@eyWgTpm|FL-`oXI8lTux8 z*9WX1L)Q95sjj!Hj{W;rk7YvpFdVBkR;|C3>bh1UR*)fUwNnb-ae(CA_S?ZcUzf0I zXVv;gsjh21!U{5Etqw~0qdCZ%3pbo*YBgciA*dyEj)Fr~l;0Bx^i8Mt%c6>?3nsoY z)Dn9C#ivx)BkYeAWXKVUP--GtAsoF{rYmfi5gKD9BB&)aLQzU}eXVrBN|ZH1F^&;> zVg(s;gw!W&{6IXylIhL+nGuF!CC(b51jlxr!b*ZQ!fqTRyn+>E$UQH~q3W@M47pw1 zDb@Aem#7ljTr_p(D|b>-l!A9`=o?cE~43z!wk)cS{2UqLOQJ>QQ~4S0l$TsER(4|P$K!eBw$kKg&&=ufGx&l{t# zf($vr0hHQ`YxyKEkY;MxVl{wOYamB0Z>%6g){>*tFth=v9B=d4qUTJlZCJ?(Y6@zZwxxzHS3685NC{JWCDYsFi}%AeK^~R0^*3;e?wnQ|kg&3M{2asT)Yaxp(l; zH3JxR4J$=~5_&BwQL5|bs}d{7ko#~jrEF0lsI|T2t}aun5v#$h5e}i0B^n{z1B8#c zCv+UPVl{*{LS>E-io?wdnjnKlD70NeIg|!gkRg={hnj{JWJsmTq5QFe45@~3sDoHR zhE!@CDiGhw{V+&7a7qOspV7Dtkh$IMRHTQRP@chEy{NwP{8Oy8op2{9CLbLn;SKiJ|8b zeS;@jNvR1sAVVrg4mAcV$dGClhnj;GWJooeL-}I`8B)#RP$5`BhE#Jo)H$pmLn;;9SvJY-1a%%N1Vf()tVb0{mUAVaDJ94ZJa$dGCwhdPQCWJu-0q4KeU z45?f>R2^23A(b14;tv<>dB~7z5r-Ou6=X=Ym_yCO3NoZx!lBk+1sPH;Uh)LX0|Ln<#0B{@RyEJKD=-W+NaR*)gpat<{O zE69+_heP>e1sPKLa;PY*AVVrY4s{7D$dGCUhkAq+WJu-Dp?+Wm8B(p}Q1Tjr=L<5V zTE(FzVg(se1#l=gtRO?GKn`^PE69*)HHXT^3NoY$;!rQKf()tFaHv+SAVaFP9IEd~ z!JdZku{DuomkRjCu4&{RtWJtA4Ol^jR3RLy8~XGNCdiO#8;8=y3NobH&Y>K!f()s4 zaHus{L55VJ94a0w$dD?GL!HM8GNjtcp~|p=45`97)H|#oL#hZ4B?cdSq6spj+Qp&d zv4RY#A~}=^R*)gpZVojIE69*)4~O!_3NobH%b`NCf()tlai~KHVv6s6s@0_1t6~|ZZq~a+B7hq6}iiV=|Eqn*l z53J((omB#*x~|n%o5H*VmP({lAM`L($V--NWNK++mB>;@Ch~Xwy3ursuiR;brzzF--q6JgGURrp za;O0X)E}%ML#neJN_GtO zbnzfVs&gDl2P?>s>O6;XzzQ;?%HmJ~SV4wV7dX@*tRO?GiyZ0#R*)gpB@R`E6=X=2 z&7nSH1sPK1a3~oa!Se+fQsr_eZLA_NOg-t zsbB>eQr+fIW>`UnROK9MF;aX^qn5}x!Ltk*veq+7 z^+FG$Z#w;U)iA7{v1-+F)H1^gGUT3r&Y}FUf()r%aHxY=L55T>Db-uB*}V5x?wo>z zV9LV^GNgJ%DA&C<=)D82?qdZRQq>VEPEFd5Q6I5_45?ld>dc2K^vex&Em8EZ{4ha= zRP}_?`PaUHQOa0BhE#6|HR$pxSws3Mu@fuEkm^054irV9x3jc5jum7`^?^`cI?+~)x{4KKNcE9WfvQQy zjCzI@WJuLWr~~h}E@D(8R*)gpCqnre{=LPhcB~*ns?UU~v+0q;s9x{`p=g2(slE^@ za$B^}v#f#@WJuLSC~^0H=--s-JwF~R$dIa;P&Yp3pJ$XMR*)gpS3><%+8MzpC#)bt zsun`6((C2JC?BjKL#l6t%KG~|jZwi^L55V{33X$m8@l77_eK;}kRjC%Ldhw)bTH~9 zR*)gpPeQ%var*+JE@K55QvD*7@2*=YNsq7!E69-QH=*9{Kdi#2Myw!1s#ZcJ*_8_Y zq?5RT;5dW~ss0dZwpipNrj`;`kReqYp=^f3@4wL7rH2({NcERckINdQ88rcbR*)f;BvI?& zJKHtP2?67LG}+zMjgirGNkH3 zs3#JZ=o4wwMNL<*f()r-2qmemBcxtn1sPKHB$QOB?h~fg53C?VD)>K5F|QQqqY_Pw zk~I>H6f&ghO{g3D$KGa?7FLiURUbkP{&s8+qo!j88B)m-YF_tg){I($6=X=&mr%D8 zY}C#SV4wV z0|_v$%8lleEHKsGQ z)UkpLsniMe(0br6Moqv9GNc+#sM|HULibVAu!0P!MiA=8m)3(!Eg!5PLn`<`?=eRd zujbNbMs39kGNc+wC9_pf|pIAYLRHF%HbHQEc{a1JRhjBDPhE!unr8K>g zsilk+WJsk$D5+Bs!x=RRE69*amr$DGN=b}z!U{5^(j!!DvV9q&e6WHHsm2n@x1Xs$ zqqbrN8B&cS)X>ufLU*wHv4RY##uMtU*jSq%tFvWf^o&1ruaQWkINBr=3Dq*x^_~hE$e>DzYfg zW=1#xE69+_iclhXv&Eoiq?*dT8$NCNM%E)zmwM2GHNeYkRg>Vp}r64 zJ(p3(v4RY#>aFUuFh-5V3NoacNvNgXAwus{Y_Nh1sT>G(!T;$urj{#K zkRg>LhgyXdWJooOQeEGR?!XE%q?%3C%9v8KkQrebR*)gp972^C&KJ68E5!;jq?${p zZ-_L~2AJ}w2{NQ|CRBA5|0bifv4RY# z<`e3W3;d-H)J08JSV4wV3kc;K`{fg(mSP1NQY|Eu-?mT5jM|75WJu*gsG-T8qZk#B z6=X=|N~k^kBx4wL4lBrz%8gKJ9g~9@bqy=XkZKX3J{j)W!l+uTAVaFfgtFSTVh*F4 zv4RY#mJn)Ghkpp8B+LZQ8)Qhelu%1{#0j0*hF}F5Qn?eV=B$)9Q%fH!$dJl|Q2ky9 zbTDcfR*)gpGD7WDaTKbx7%Rw-%9BukY|CddwKiY{8B%!>>f5thLZ84KzzQ;?@+Q>Y zelp{kTBoss45^kA>Q9d|Lg$TZSV4wVK7@LsJ#rdT>nT={A(bzo)VI|OeJ=U~E69+_ zk5D&@8-!jdz0Czj6l6%Xf>2)vW()l*j22dqA(cO+x<1cO!3r{@TFIf7Vg(set>RGI zu!0P!0yxwOtRO?GKn_)k6=X=YnnQiU3NoY$;!u632%ayWgj}>G{wV6YSp!X3lK?W(I zpSRgUDSh;qDEcy~T5rev6!#FUwumTqsuj#pOAjl^khQi_3Vymk64lCDEQ3BHLJQPn zkJVOItq_h{URXhf+#B0C)K;t@L#pi@Di$lqklVF`QbW*opl^6yn!^8AqjOm85Nwyw zo)4vzlwk9DgVb&EnZ0ojt5B8-qm&s^qUbBD&xs9%be$E&x$Ox*pqaGM3dn*o5>!G(oByAnqF#?1B zUcQxJ^^g(tO+`JuyIfB+wI0|)n8t{nx<(rw&jqgsGJ^F4qn>^!#~#l?YCTW`CXa-5 z1+?Mu67hNS2#3hFDK+)QSnT;ql_|dLScMPX+23#;ix^Xo;oP zGYUNh$@5DsB$=b-Jzh^N>u8Ci6ulKU3ogH*EAe=3SV0EXiGFj)2L0_i)UvlCo>~w6 z>{Q0?^ra1tXM+?>kP)mW1ogm3+3QK5)@sRa}V{5>2f`Z)OzUg ze4UUsls4$+z3_S}CGSkF;vJ@j~PngDE@pdjjqJwUBL=6uuk;%Yf%rpoY~LC32Hs?s)lKRbQ(J0 z2n>(c7rm>32{M8{FVq7oXRqfZwI2Gpu>ahMR!OfX46g?=g1!>eW8dX^P7&*wwE21| zZO~7<;`KmAu%02)dAwO&uIDth9{i8-Jm0tlA8Etm%|r?&$OzVR5%oBs9`<&nQtN?z z2h+LkGh1kbUORX_kP)nB#tiiTK|ne7deW%%;7c;^!CO@o+MvI}ixfTyFo zcs)W#OFFe4b@Uh{w<<}ZqmDjm6=0X5DV=q+oS_uF8e#h4Fka~2&9$+D46KvK+mCvd zqL#fC8Ps~{y{dTaaVTwgyz6*9kRk6gGbz>enAOoI5-?>7#w@g@XDOwI9z);od>8u& zZK)wvXIbhTM=g7-&au>aN=d;$&_v$TF30LTYp-Tes_XMcFjkNu&l?vw)M2b3L+-D;vd7ank zydC}h?$7JnfWI=oH+M*NEKXRq2 zYh-iV0!Sx-v>|I4H^WSGhZccmTYRsqxV|Tsy+$|R1T+49)2tK|LATND`W{@{$(71b))nVuPP5s(Yc{*K zgKI}<*5ZE2%#$D9wTfLkz_pWH$#~Y`a@XE|UV4X*!@>!$fxEc4&dlKaj+ay`ec|AA`{xy*~5v>*PO zJ%hS;sK~B8;Mz+rdo^jk32IH8vhUHXmh9RKu6^Vx#jau_+wOVf8o;i7;Mz|vyAJI- z7?rWcXOCP{*|i^B2gvmT&$=@H_|QkLmFzkIt{=!{o^Ypi*sXs7b6@P&{C;-*0Iq}N zvfIjh6Wod4&)h|O*F|<61lNz`D!{Xz&6wKUMSIsncKryhL*#1Dt~w_^|Mrn9O?@Mq z+aYirCRca!vsmW8zrUE$`;n^zyAFfv2)S~aQt^yy-s*=7AGzwX>j=1xlFMGi*fZPD zbFw^mAIWs;^fy!v4VmX>eS28s9Hsv^E0{ZTKB!I>TWIBMNH@!;M3&t z>o8WC1>GL`-(%NlXn2NPADHl1=D)fp2B~KhKV#P!aGfRB^Xv*g54nE9H6A@G!f60oSkOde6A*I?PeI{JKZ3EA09eT<6GjlwHlM+%vnQUz`83>m0bw zlWU}L*}eBt{*I>~xzgB^tGS&A*9CH|GC#A|8;Of0SpLXWkX;wR^&7cfGNtTt^~!PW z@*`ITcKrsfi{$$6qp~r(E`sY4x$JdRA~S1A%(*Kb&3czzm%w$IT>pJvIh|dX!F7dP z$;}+QzT5UK)AG@*4eYuCuB%UQ?PJ$faQ#lM9A=LBCb+w=$%~I>oo3hX;JWq%*Ijm9 z1J@tq%EYr$Py2Dgqgg5JPHk>~fb04bT+gxVI=F6-tD{M@XMxM-lP-HS>os=W0N0=7 zYRRtl8}b%<Kf(1Exy)ftvj$#G{>>xTXm6cgSV$wr#@;c~hi) z)G!~r?m)x4PncDeU6u(q{O1X-Hte!YxZyo=*;ANpxazl;%rkrTNVB)W?79aH?>}MI zEOuEYJnI3u>@yX1LZ77#)%N<9T@PT^zfYL;1G_8}UKsc3CFu zit_~5T6S5+xYYAeamn?JS-obX1Z|oP|IK|@ux-26z23}0kBZ_E)6(ob3G8+-x45zF zJ*&=%PfRMK+MHDvpZ*(jo+hS`$+7p9_7)#<5)hNd{LJQL9a_^|UD)q*pM=ENPcrd+ z5uGkLM&Nrk(*TXK#rhCrN~yq{K{D%asIjl10c#PRt;clMHfF z5R=W-4Vv^@v=)~uB{5~q;@W$CdrJX1sfbBuerDIo^^5Nm$DGu}==Gcma?%j<DwtE8n9?feMaU^ZjNcERDK*Jlt3SRUmL#UDTF)gQrxY>vag)8R9{WNb z%&|>k#aM50{Jc_-Q-+v0Cc|Js@|ZVoV$Ms%o_t+biw zbJ+R&o!XF7mzXDCAJ!x0jOpX=m+L}KePVi>F7_z@?Ml0C*rx$8cIo_eLVd_-NX(P3 zpBoX=Q}t;GIgN=KYr2?kf_Ys}{m1ol6Jk!9ujYj&x;2KJro;?1Keah|cV_E{%himS zohqj(+^g|V(e=KKBoob zv?Auo*Q>3G(c8Th8FnA*|I2`cnDYiP z_5prA!`NFp$a#|(e}DV=iDxHcPJ3dm8o%e>gq#k<*ynQXEq=ofO)awkq4nI682kPi zd;Hj22grGgnAFBsUvsmpvJs_tSF}AN=E9s8DHwbfj6EjTZ^n#psh%pz< zv|LTvo%(2h8bDjD3yCAMfu%&U?gEGa2Tapv}W-sWE2&F*{9;zdn2qat0F9!erRxT3jRT z9^8Kh5wpese*FxDoWaDrU^47&*MZ%au+I=;YMIsMkJG`BGnANOCd2kwFnjfG%o#>Z zLIe2ya46&qC&oNzr=0J)pE-j$BZz5aa{O^I9CF?##vGjVTFI3HSLb2QNMh{cL7($J zUL|7|0n7IUf?^_n+5)pTV!@ z==+_q#MrAlzuiBCoR5g{eP_M=-ACAG95EwJ&G=^7?d>DT8Bfdr^D}!~wCf!|3+7B9 zX1xKj8phtnL(W8E5}TjdwUVlJtG6&`5;69ABY_Puw~3JRF)=00&+KE}Ti4T>mnm$b zUO$tGxo>2@-9Lt$PlyRWPI)|M3Ni7F?2n62AZIEu_LX$&ZjooMS;WV4rV(TBo&ELC zRLJ?1m?!s{PK=HBeLjVp8N}GnWwlJvi7obHpP9tiv#UQ&XF$$p#N;#?c0GTwV$PckyZ@}K-02$T%qFI*0rDBf-adz%ImFn$_BhRTwWB#zKfa#l z5>s0BnFBdr5cA~q{3S8w2`^dCUqH@0V(fX<_PKU1&oS&XpO{&ukKdo?LC%5*eHId< z_rnE{vnWE&Vq)~;(?yW8Btp(o=(7ZJzKW2u4ElTpIbTP}Sq^=^hMaFAY$wT+kq2JqYKJIMK-m?9>_-s-o`I~BM4c4F++RAz?--$Tw0VhZuk2j0(P&YrfJ z?z5Aasz&zPYX{`)B4)60TKDRDn?A;z-IC+a^SdDDf5h191iPO5Z9TRGbL<+96=S+- z>aTnM2RVC*vCD1GtG|ry{U6t3`-thImTNEM>?g+D8PjsTb@73@RI*E`*UtfBvKZMf z*M7+Pff)0o5A|7{y~#t|UI&S>?=kk*TR%X~kHnPcoC=5Tn6+S+Q1>}RjC~#{nfZym z{RlaSiCJlWW|t=YbC>$!avdRNq?zFNkHe62l$dOs^Ht@1<`U-dKF5gJYzF!JucMIj z6ERzD+g`8iBvF{AA+r8Zjwz~aJ??2~=(T`7mg`D%m3^h)BTVMRthnRDLn3U$LzkWUs zIlmFp*<_e+f=b;p{>O4%B*tEq`Q!aJ$hkyJ1-F1lTToZpG5ZhmUM35E}PV+`h8BgVeJ$RF>&L(U(>*!|G# zX2JR+v72L#JtEAzM+}hFF!uHb$DiRolc^0v3V-GH3Gh%pzb zv|Lx4FZ_@5>P=#rnG<*kN-@863OTokIc$Dz_rBM@=xi>@?RR=V{F|8ECdXe-+=86j z#4IpQg9RVl>|)+j_;}78V(gjHpT}-P&Rt>#nGAcp7yqYmRm}N^7<+G+$1wJG7jo_q zQ^)+w<_x^KcsS~#~e~D>nzWVdw1IT$uOaabW zefy9(6m2uTp6xCXD@G0@`}>QBkQ0NL9>!^Jn+hx*i8(QevG0NO&nLu)ZMTYkpG+)b z?0#XFCgEGpEyNtVC&!AB+vJ#?f^M-O=P6=Z@Xvc^Xiy$=;t*5VtO4KWDaeUSOa(J5 zi^)0?bKPuQ&+&*kX$r^Zd2t~pJ~8$>)82~y{j}KyOlW95KTXUSBm3h$KI9}Irm^{2 z+_-m5&+$I?Nl1)6ANu7=06B?>No&iPTg!pZnY;SO`y?i2k6A9io)bY%5@PIixZPgW zo4vUM`y_QaCf=V{lR!=~Vz!$MdtUu+|8#@eM7o=Gz>Cp9tc%~yZ_o(gi(5L3qF*tPrqr8!M7 zCoM6{RG&1Ela82qoRhB9sP8f78Di|!uRm|3gPiolR4_Sq?G8RX{y(1A%0NteQ`m3! z^pKO07;_g#w?E4iS%iHu5!2EPO2Ax3$jMC1Z1Z!w-M0?;+T4}dW_r74aed5Je_qWD zIa!JE$6w5PlmFv7AsaExRG+Mnlbsm*dZlgAr%UJmc>X5`F?zYOL(a3r_~qU>?e|K! zTsfi7vyhW3LZ95wCl}<{$8E7<*ki)p3YO0|0sG`7MnC_P2XgX7$jMJkQnLc%x^Y21 z$SFWfUh{Lio^O3JVIuY^NX$vIANuoQ0mvyt%p{Xxz6oZYY1<8R>|a8N6~kWD`|HC( zkn=OE{KVxGMJ6eULQKhHzX3&i9!%Vcl&f{%CMaup-SJ`dpcvlk%e zMPde<47=?YR)6pop681bWB2N;c9^-n2stH)$!C6MbI!g0!Z7Spl9)55k3VmefSgjq z*n53@%QSTJ+t{ZxF?K!s{ihVJ;Unr#!JNPF(;O4G%X0qK+em= z*uUduJAINm;|N@?vc%kfItbq3oR=Y|95Md-=$&2N|G+-wiLvK-zrD&qPK5|L6(Oer znPzB}1`JNBte%vIH=6691N#@|m?D{!ki=2RsnrP^LqAg5Y{oL3;H8st%k=Tbb9Kn686oFY$f*fAuMtz!t>z$Cn;zym;qm>j7BTkz)LdNC z?KQ}$O^jd9v1eDijyZLRsi&5!HssU|s$Z1H7JuXabem|}KP9LX@h?#F>f8J;aIrfS-R*dlbX&=vNLQGd9 z`~9P_%Te#uZ%WJ{)%jFRd*tiKAkBy|CnoxR{A*Q8n9HfhXT46$6qDnxwVFZa=EV4O z*r{*b-|Y)8dkbPJs?NO&@#vZuX`BxE5_iOjmPq&g!tBCFHaw#(be${blKH z;J(p@m_vr}=jhgu)0UV_%v>rz(3}|`Uq9`LDQjeZ47P=wHzMTN->r`o!@if#=ez+q z_6j^!j3@W$K#bkzeNKDG=@=pBEn@8U@;MzLr&ENS&cx_rxfA4ciIDR)G5TEB1#-GZ z$mvE*Zna!pA*XwUoF2r~P&wTpr)PwmUc|IjIXxk#cZ8gGh-sv9dP7d12swR;(aY5b za{5Kcd6yWy|MY{L{t zhMXx8a;8Gg6v&wtA?H(K^l>o_a;8VfnL&)+pQl64%m_K35u?wCGa+YIgq+Wb(c66% zm%fBAVyy&tcRS95pp&W(?_kJjgYfB zLe3Uq^!~FMa<)du`HmR9y|zNmwg@@j6Qi$Jw?WSK2st~5(aW_Ra&|_@*+q;#|LlaE z-4SyB2Yq%!&YlQ4dx_EaJ9{8!Uxb|fkh2eR4n)ZLff&7h4nWSq2suAO&OyjI6d~s@ zF)7t?aR_pbM94WxOj4C|1agi=$oYvFecf^la*jvHIRQDxA?IX-oKwW;{pTd){2U?Y zG%=0T`uQ1h&P2#LOH3A(a|UvLiIDRvG5UVz7sxpmA?G|X`uuzjaxO&3`HdKTzjFa{ zE=I_?M2ud~7a`|zgq$nH=;QP<kkIV0rcB1SJ)PROzEfc?MDhk2k+Zpg_SAtxX7 z$qPC8BjgkyMnA614><)RX&Ix%{=UV)q%5prr0qxYX0kn?JUoYx@dRmiCoA*VJm`u?I8=tpBKAZJa4oNtM#p|<-P$XOd9XB{!MRL)w+Ssx*112J7y&U(n%7$Ij9G5Y#&Bjjw3 zkh6uDo~qAg$k`ep=R0Eb@wF9lwnfPKo*2Eown5JJ2st|-XFKHVjF7X77`u+z5qEF zBjj8nrmb48i;#0ULe3Rp^m*elZ$$b4&?k3A?F@3 z`uO?>a_&dSc|eT5f4>ho|3=7pNQ^$O{tG$wqdESs=fh(V(@d?OAdZO+{a$U%2syEc z(fe~u$cY^x=P6?J^+s&Si4!3wE;0IXZXC#o7a=D;F?v16gPf-$g(h;MVD=p+a6Co!(G5UP?4CG{pkdqPmWPqGZ5ppsUqwn7{K~9zk zIa!I(_orDPCtHM^?9eA0f=S5=ldM*Yz#UtdDAV#m};*e7^LQW}S^zmL2a!NVHKYFWrBA0ej#F?zd~hn$KLaw-v{ujea5PUQ$WRfwso?%yjzPSprG z)rir{RTXkxiI7vB7`vV%T)t%UX76R8uWP;a%x4$sSSNj?g*<8)Ecv(He5vM#yPLjDFnI7INN*kn<)n zdVhWca@t48=|GG=&$ox1juCR+f}D_>q$msz&-65xEgq&WG(-U%fN62}H7`-3%hMYbTa{3aZ?|1q@PQM5_?-G+= zt>=D_(?3Gad&KDdxj*C#h>$ao7`-13fSf@Qat0Hl&+~&IXGnycp~UFr8Ui`PBIFDw zrj}aI!ysowgq-)G&j`pF86jsBG5UUIB;gLq0dO1N=zs7lxjZn6MLHiIn#)F^5@`vN=#a{T+<+DdW4)AkTV@} zW)fpR)6srrY}P#Smg91LM$9?$bN@MsGa+YIgq+WbxubGsLC)+5IddRqHss8Wkn;sG zb~F0rnhQB!M#z~5eZGX8`4Ms!K%e=LvoJ!=B4YIRS_nCdBjhY0=AznOiy>!egq*LS z&r--)79rCg`&fayCcE*#dnwL(bL+Ip0CfR>;{FA?JI@*#cJV=C?5B14Yk(Co=`~ix z{78)b1f)D>g1vnU%pqdzUzvHNjNgC80CR?zLux&L2+UbxRv5;AhW7Ko{6fr5Gs|y_ zW3X@hN{s!R3w}MH2j(0xEzKa~jG_(Biz7&@0Phb`S^A|DpZ>afw>?>ey z5~KhAU>@jm3z%HM{7p<%Gt2*dtHUtsHZk@S{0i_sb`F?3#B@^Y`3GR`64PI;pJl-O zLyUdw>5q#mz}zEdl472M<+@MINX2{)%mZTVzTy9-$#*d8Ut-D{#-9`7K+Z#A?wDEr z{4)?3`w%8p482@eVO9)c%9^jWc|C6hCMGfc&DToI)PY&Ch_Pop^B|aR^?->@jQu-V zeqS99%u~eJzwPCZiDjJN&m5i2U+y(aOpN(Lw-=Tc-H+FPsfk%{2zzB@Z>i!wevOodn4)Ic{dL_M=#!S1 zordw(QEP!oM@&!C*&pu-fO&?PGitl%gl&%e3O<_}I}1+cY8MR3qk)T8A}&d4(AJ>P#i>{5~+%i8*Kf@MJ?~GQoPTK}=P{)Mq9= zFg1y>=P|#Jy${Rvs>?BqKfXo+^BOVsFHrkqXFM>qh)HRd-F!p05x~?Y#%>GGtOur! zV^p8vz|k*Sw&H5U0>Ju|xXrq z&n%ZeZ*&8uF){l2u>iJd6JqwLZQ2!bni8|#^zrB3F2FP+W~5p6th~L-1M@mD8PxT2 zePEgsqmR>*unt=gGeylR2{|o^IhHsGW^kVufoVldLes}@_p-pWCdOXZ`Tcnstiv|M zTs4fp=KmC!w#3-$D4#POn0CYzH|yD7_s#(34Pxwi_Q%d(==>%z!_+qI2~2xp`m23x z9?a@MjK1&w(lP3qzauf`3*By>ulNwJ`QIXDjUnunzP)vXYkvC|(qqN2=N7*Xhd}4f z#MoDUpK~!mPGGtalSQrPe!#p64FVEdZt`F|*Y6S^-QiVse{h_veIffay()eeCJaKg)o5hnN)xXvKY& z0@H_>n~^kcLsz}ROdfZ-tHIR96pkm z8mjXzz>FfMwCU{6hbLgx2gK;(q8u#OXkx0GS^l`F0L&O-mYL4kx%02k=R;!bI`qd* zWyl#zjD0@bufvhRd_;`Czqkaxm`8g}E!+gL@CZ?sz83xQJ#Mt{C-{%?F?o)tC3(QnvDymtxVb(NY z{sQJxV)SFHI52BEFfoCdK}k-@iA7&I^dSXttL>Z!`mDAu;wo*YB&XfmuY%IJMp11ZFWY zlhmw6z$_s~KNe08%u-_X^GF$i`HC33e*CfA9GGRq*vA)sx!MBrH8DNaalQGZi0PyH906uCF)Iw?`%D663o&!ecK6pdm*F_wN{oGe%;)?B%y-1JG#3dic)7B` ztZl^D{m@@a#DeqT_r#1;`(Z9%wi9#6^zqk_PXV)o7<)eS*L6QYpPj@EGy8_WM%oX| zE@D!u^_&!#-Nei{j6c`ygZ1-2V$P{PhaqPVF+~mI&#SwD*-K1IbN~JVujeB$YacO# z4D&KGzX7wK82c9(b1`!Zm;=P5G>qR@{{rR*VwM@kUx(iS<{&XORL(tMek5j%TJ}4@ z93rNk$?@CkPhbwa9P^mbub&OT93iHbSwE$C**5}nlo)$W>+g4d1m+kqIZRFk&PfgX z;ZMZq$M~xt=QuHA)IPQrm=na<^N+tTI19{4V)m%cyDS>7 zU``WbpFi}+*Bii`A?A)^+5>ZznCt4;X#>nJ#OUkQR>1rUOdnv*5wqFs8~%DDGi}&((k}%nMAKMJfWn%2(ZvU8Q zJ1|#>X|I^?fw@Y|B(?0Dfcc%6*oN`P#mlgsuMv~MFn(Xn3(OzH^jEVA0CSy~PO5WZ zU~Uj&U*qt7iURW|@n!?Ps;%FH!;%{(*c;<#H?3LCt&Un zGet2S9iyHbyi1JV4)5&h{s%rc_>au;`_EnX+@Q+2M@&)P2XnRQVV=@88!z-;(EG&b zyPCZO~KWjrYJLD>Y#5m3&9 z630KBFxB0@krkA(pfmxc7bp`zSq#cHP)>ky8c7NsOBK!k|D1$(m49Zeawu5pOl>4Bhdh79}Ck6k9W=pN)b`~o={#CzfJ3c(n%EW8VbsEP*#Gn9h6@|2|Bx_Xc;>T z{Vu$DW|EcWqEuw1p(yQGX)MYJRu07RIXhWdCCW`!UWnzHeDsd?AXp|$6IM2gGJ=&C z#kG-@wZdFvWw$7)-*(G2Q|te_DF3jsRg_%(cxc5_RySd_A?tPtgGR@RF$la((;Im^m?QS$Ml%DJNSWM!5p zt5}&W%3W6WiBhA7YuH-$gs!Yi5oSIs&&w7(&PsMs;_`#zXGJN>N+D6YvNGl=zyF+O zWt=E2dbvImMA^*BbWt+*c1%2JSe=!aq6}drwkSWc5=WF|@3@>PlH7=u$)e0=WtJ$v zu`)@N=li&vnWFS#WvnP0SeY%#zpP9XuLw3qGmCoA>Dm9d}8 zX(mi1R_cq=k(Du`Y++@U%!>c6%h@PO9adI|GJ}TXwZfF^?{e0QGLDtaqMTr* zyX0hj&$+sY(u$R?qD*0>rzm*_I9G2`7O>Jsl-vUy(@&Jatn?SynIoL60WVr^j(o(k04pwrAl6;7B*{?C_+nk`3VkNO8zspKeQ4X>4v?xi3y5xkS zv}5Irbe_aYe_^h$GC-6%!(7fFQRcBSM3ghEd?3p6!<}oSD1%uE0)Njq36y!PEEm@$ zR+fp9cZ5q`Bg%WMOp5K#Eyq10N}BhbYojO~Sh*m|VpcASa+j6sqEsB|a$c3`V_DfJ z%0*U+#qoVIjdHGv!qj5rA4%@d${|sfuyRb46RaE;<>?Px@)1#ru+mm$wPa<2FwQI@juW-NbZJHX0PVUkR7 zIg3T9&dNejMzeBN`fOw6nkcEJx}3`5s=!KdQTnk`Oq2zzoRplith5xS$~2d}R+zc0 zw3f9R_fyA|7Ns03B_(GjD@BF*hm|6t)S2#bN{TX{m1iX9EGxfApL8>v>zpX{S;-)- z39M`v#*ghOe>mhPWoN(nMS*S-BvttY5mESA`kJN-a_DurffDYV(|{k0>)(X)VduS=lCi z%FK7J^`d;hN^i;8#7cirZn4r&l-vtkP7RsWkd^YH%wZ+9D2W$3S6Wd%XQi|#M_9=% zN{U6!l~>?&Y!aKizv5Q=_yM0WzO}pBp+v`nIzZ$+A+(7 zIl;p{ua$^9=5ic*P{H$)lEN`6r`u#!`he_1Ig zO3e)}Ig2P`Sji^JURDZ=^3+D>8YW5wR(8vNIG&X{!dzr!k0_Zoxg7h|-B-Q>N-t18 z2W1Z{m1P|k+w78Sh%$qfilW?MrMxK3wm8=-qO4%0swkvr=opXXx43rw6v;}1# zC^JOy*AmM`@zeK#as`xl-?`42WGQN~l1-G!tYi@7Dk}*^d3~G9Ni51KR+5TR^?S!8 z7i9)3X+?>>-7%>}d7G6iqHJa58BucXaITc13}&Uh>``B_l3$p!tP~cd~YEOiqe;rzM>ptWw0oBSxF$B z3+;6|WsDM&zU{_JXXA3pY*v00i<0i3bEOdFeO9W8a*ma~qU8J0xw?tcgOx3!Y-HtgQBoXot`}r0 z*JkCgFdwlpRg`_Kd@9O4R>q6+++mm8LX@7{fKkb7G)4CB}6&GN;*-R z9CfZwL|M*CDOs+>#~d?Cm};ziD9SiiMvJnGl@6jjWF@mG{eE)EtwdSDN-9xeA9qZ3 zQ7W*KRh0Ft)D`7#RuYI(`Gm`PS(M?dye7&qP0tN?ciEOIX<@ z%sEyzh?4%4Oa4}r#;klK$`n?1h_aWJ5;7~s&n{<Xx!_y{MA^ei8c`Dc=9pxnjASL3C>vP$N@k_G z=v>bV(~Xs{g;~Z*Az{w3QeT)1mt0OFQ980xPLz49WR#p(mz`^YFcn!zCCpc>q!;Bj zD=9=NaK+_h7o`m=izIm?D_Mm}ch$L;2-BFA%)%UFC5b5Ye|N5?;u_0JGEq*kQbm;X z*PN@dDD_xLBFY?ADv5HImEock`orZ66{SBbn?za7%4$(=vhq-rV%J^HT~TJRa$A&i zHyrbxD6LqzC(3eGz859upU(9_lu@jFEXoE}o)aa(U(QuPls2s76J--Cc|?hO)46hy z(xOGHPMz9z=HK!@ zc8`*+t4F(@im~7JGqXmUe^Z+O;#eUVZj=Ktf*_kHe<>Y)>H8U^BWKbq+9zIF~4@dkTOyNC(75|b+y&niE3$;<9{9<_^@kShtf>{_$8 zLKP|ubiW0uUBrZ3Nka|WCS9G;{f?M+5fgGH1DE?PHtixN1h$dxiQtH*b?`KS9)^!z4yr8x}ARn7cn7MhS01!R~k)t5gHN`a%BuH zSDimkzt#?B5fgG{3b{VI*|BRwa1j%7Wd>JVa1j%7WeK^~){Z~*1z0X(Lawaj^6T*Z z0ljV?hFQdfT-idiUihNTrP|;kCgjQT7cn7MPICFRv1e!cjyJ$XOvsfh)Ntfa2S2$5E@DEi+#y&0k>B3`4P3;8 zTzNvS?%m#;{S&x|3AyryT+4q-xcvmUhzYs!gj&G}d3S7j5 zTm?e2+LTH1&mZ6-Cgds@a^+2W_>U{#A|~W2L@sm5L$@8Zlhu3~juc`-uEL>Nw-Uws zumHG-3AvsNx$Hh)2wcR3Tt&#`*Ws-Um5^;@omMkCfa-vA1HB<7YU{ zuZib1LqF=l%8O5M4bTj^wy;wC39dbwAy>k`U7He5aHY`<;q_T5`2<%>&5&z0E2W;` zTA~?pU1z2A6I}N+L$1>HVS>4pd4j8oW{4ii%1cjhP1Fpz4zcp`6I`b?L$0iM=%1kM z6I}TFJF$4dDpxVCGCTygHYh83RRN~RgY>#<^gvpZId|K8_YXog&$ zvr_2^uEm-m*YB)UeuC?cX2@0cANnV#@&s3P%@978m8ws0P1Ov!PO?(%39jEXL#~(Z zxrVPi!BtH&gwJE8`V(BsHAAi>_uZ@-PjEe>8N$1=Qu7I}cQr$hQodd`(>L|J$$rEZS2uLBZ~ATlH+^s9NMo#Fm)r?C(c=*F$z$#%Y=Vbzp6o zg$?s+hVcEY)DahtGynKm$2AjbSeIO>*z(t~nv)*62H2-W%*`?`X&x)}WEM7Dt{L)| z3>;NoTqM&M->{NqLJb>`D-Byd{pQSA-zEt5u*)(o>2FpV$}DUcBZkw6q1@rDG!hp! z9H*I3!^Y(D>#+WXR@;3W^Vu~q-7L$vhNW3)BD1hz70pnUsjM^=7dD)$nNY)KYLT++L+JH zV3%c_Ryek6)KX?)!%~`|+;3TFB`$2ZO*5f}t;v;cGn9Lim5$=Vh7UCpYWNnp z(y=9Zl}YC5Ti3=svm4LNw~W(fveHRrVZ#NQq1;sQ9o1P}*f5J`LJhl+%byQ(*Sea` zw=vIiv&%BB;VM?%mRZB%qi#hT5b-0>cmT}s7 zR=Ue9YE>I;H7v}^SebLrnlBILhr{cnf88j1WIGtSnu|wQhIY0Jo%qR7+%QCLvepY74ENpmO zGgPJJGme@mE^PRgWuwfa^gc^QLt}JYcbL_-n-^N_`vdc2AVV3M})^eGJ4fAP+a*wd`jkvJkSUaJy!xO4Vl_wMtyru&!o84Of%PU%?Kkx?{L+ z69k9YWf|8nMou?tjm*M^2{l7iX0h_ExUk_O&4e1RC0Ba3#Qd$_8@^2typ+q$w~TAp znU!@i3mf*)4CR)}?WpzQ!iJSK6Kc4DT>eOzIsPZ}{J(1x1o85?WXm|MG%Fir7B;M+ z8LD!Jl}+NphOzRxBw|7hHmqbjc;U04NE7;^J}UAHOzIXeQL~Ai4Z=%g0A=QqL`qVwYuH(n3~#lv&ttrDmu~q9TquBra^2 zRx_c7hsovF;rC@Hf9~4^!Q1SzjB7ZSl_N3>8&1^>RY~}~qmGIT8>Z1rsNpek`E__~ z;Dy@0O%RM?mt}YzvhtJ6!iFm~LseoFb<}ZjVZ(%)2{k-HF8_*Z=PX&b`8MY7`LfG0 zuHieZoRnGEaENB8N~{+gbxK^=FtKJr4Syz=fA+g--xAOHHbF3!U6yeT*Ryh3W?{n} znxQI1ci&c`Id1Fo3V0UW?{oOHA7W)vvNUP*zmAsLJfZ-m*2`` z+RZU9$hbB^@L~x!-!e{X$I3;Sg$=uEhN@g;<&wCt;cd-?8eS%szk=b-aeYjrp6B zW!-$sxQ6{%`A249!}m2qRj#pePh8mWu4Y0F?}r*@c=gUJzK!`^pmJ`$Wn9A#S$QC{ zu;CQVP?a3z9rdrcuwfz1gc?31S6;SUT~MQ#ZxaM-*<~5t4_UE)R>r+g4;$Xq4CTI2 z!BH{9g$=uDCe$z{x%^f>SHJNj-^RS}i(Qs+4HHy!vtr3CY?xXzRAnM7vBiZAXKE(Y z@F{X-VN3dU$M*U*LGVl^H{UX@;j65~ky+TVv1TZD8!K_eg$?&>Ce$z-4lab56YF4Y&`a_RgJ=kR#mo$x)`#nS~8gYKBsqvywqvJkI>%XLZm_s9{EO`Nzxi58YI+-Y#dCWn9t^ ztYnf|*zlxgs7kJyj>;@9Y*<7yp@vyP4G-@)rrzn)pIw%54L@ZitIWcNUuuS`Two=e zxUk_3&4e0eCzrY7rCWt9<+}Jb=8@E^ZoXw)!&g|zA+xYyea%qnY*wBX7mqXl_^rG| zGogk#$(4jHA0%3(j^(@TvW!c5<~7$Sm(0S3&uWHpN3xPzT-b1;WTuvYM5A;=+boH4|!>pIrV~;#~QzX7O#zJ3ni?`Id1F z2e48=W?{oonxQJm>Nu*PxUgXc&4d~jBA0&@&~nFwioQ({%wd;hT*HH`6qZ@o@RVk# zO0~L+i4Ble9O3o*;y$ev#?=7%}|xESScwkY`9i4p@yZ%=ZOu@XnXFV07dBj= znNY)ud%OA^p3Y^li**qs?8iWn9BjtkjlS*s!u@sLC!@>WB*)9@0#x zVck%}`n&$#?AruEgBEVSWn9CdtkjcP*l?_7sLDB3>Wd2-{-K#r!v^H??}SfPDTjI< zyJAZ>-!iUY2UZ%&ENs|QGgM^{D~-g34UcLj)Ua`=;e!|2sNY>G*viefjB8kzl_oL^ z8#dPrRawnSQ*mL#t(plnY(_5syiL0!OU>^Cx;EySrPgk~Wt{dBE3eBeY*gGJcY_-je48Ms)7H(mjBD7Bl{PX98xGeDRk^}STXA8-zcmwT*p6KOY%}swa`kw* zX*)OHGOpoBR^E_V*l?m|sLBIY-V_%$jQ561A|}+ZJ-Pg&fRV9#s`uM;W0z%I!&$6! zkXhJpk!Gk$x;GuwQC!$Chh{_#sCE`q%|8xQksf?z$nEaMuUVx_yx!iE<$Lse>ZbW{&6CC9|;MEzMAs4sSWCx45ujPtAlHzC$kmn?a+m|J&NP34-6)Wf|8n zT_-oIkIce`IW$96-esk)xUk^}&4e2EBbQ%?7a!Pn#kn>?aFSh?aa!!ouF<4&P<^?qQNWn9DCtPGG@*f3@nrx8O{`mr)lT-b29 zW#| zmT?UmvGTsm!iH@$Lsho2GE!XFaIa=U4M&m7zn-$7;j@)}8?z3(yZM%J4ePM-fy}~& zuWN>?>}6%NxUk_d&4e0`A(ua6ul)Vdvq(WurH7ku8P~8qD<8@%Y}i9HROJRMW5tCH z?`tO1@FQ~h`{k`A%S`cYf}n3tH{UX@;cQmM$t-NRL^D*Sa4$!V7Z)}xrI}E}3FPw6 z66ZRd^0;pk1RL088Q1V4D-&fFHvCI7RHavMM@h^Qg3~^z@ z=9&pLoJlT!q-37j;l6KU8nVkWydSdinask5e`$uQyz;K2W{C?M*4Ip^;pgP?_sa{* z7MP9S;jRyz{+fyg$++=hN`^O-%)eKg$=7|Ce&~)x%~USp6cJXyKiF}vdc2A z;bB(3kXhL9jAp1xrS}~5rMR$REzN`)&LfvU+q`vav3XGC+62K0c3H-0r&*aVv#{Z1 z%}|wc101zLT-dONWEfyCx zETfrF!zJYMN6M(HSsVK{K`@nFmT?WYva(cWVZ*(ep(@1(IqEBMVZ#cV2{l|sE`PRJ z&}&v~-zEr_u*)*8;UQMOmRZ>Fv}UME>A{X#E-q|XMKhs>-;m3%!#A3~XWq2y+L+h% z*ku`~?O|nw%)*98HA7YE4{_8=abd%jnh7;rMJ|6Vm-y>dbD85Co?@3}oECSeo3&bI zVZ-E_p(^jNvPN9kaEN9?4ZjUF%zyDn3Ew6NF0jiou3^$)uF+bVg$>hdhN|>oWu3UN z;ZV(l8m=doe-5@)xiJNNn;Hp?t*m`*cPr9UfM#Dxvt*G#D4R&x2*m*1xSc`nS~8AYlf=4#mZiBVZ+{<2{qhD zF8>Pnh!;z#-!(B;d9i+!6Q zSi>&MxQ6FhIViKR;dRYWm62l{^`p43;Y7`Z8Xh87HnybeKeUo>69jobbjg-+4V$xa zSY~0v4w|9do2(oW7dCvTnNY){#1NVZ(Kr2{k-JF8_K;;g|n0 zRa~1OC_ll?w~W)ev2s>sVZ;8Kp(?Q^I_ej3VZ+3l2{rsR)G*7#{bhWcAeh81%eaQ$ zv2spkVZ(izp(-^dIqJN)uwg^Zgc@ETm%nn@xjR8F-^To=Kf5gB8ve`5Z!!xT#{bx9 z#88!CtXvcqHvC94p@x^py%r;~JJ=<+{wmh7~nKRhF=FLtNN!jb=g(|0I`x59gajmR9#|f*{LO zH{UX@VQp6al3CcWnP#ZU4pwf83mYEPOsL^4a{2p|Q3pD`;M3pISZL&nX%jrm(r?6Qn&xPq1YG7B4S(hOC}Ji}2B#Dxv>Y9`e1Uvl}g z&6mICDdO9hD+hL2#x-2d%0roj4L4}UHJr)R)Bg9r{-dF0LJeb(%b&3`^hh+?w=ti9 z$}Y>ehAUZ#DYLNQX3bEQET1_lmbkECKFx$0#wM44zsH4|!>DAe%h zGt1QLDc#s*8P{+;D~V+mHk_^*s&b2!B;vw`!5o)FOsHYfP{ZIr{w%&t5HwpDqs@{2FAK%7&J^;Hc;~M_RN+y|w4S&`QRcSQeQJKYs4cllY z)G!OV{8im=sTKVPV&wQI8NVmw% zw~T98j+I<83mewZ3{_dnN^Wss!|yc{YM6&y{+;mq6W28_$hbB^P-L;2ZyBf6V*d4DnGMQP+ZvX zl4e2;3xyhv$vREFZr)(2n{OG{un#MRWfnFZsu`+sot5Xrg$?g%Ce*M)?m6v4}Hms=`sulVA#|XU6yeT7qik*W?{qCnxQIBZ*^2Fabd$$nh7;* zO)mc)=}hYzs@HtqWS3=J!;!4Cky+SqqGqVd@2s>H7dE`3nNY)aK68z_$s4gx|aQmT?UWveHRrVZ#!daSi_; zapwVEMe+Up8+-5mRIFIBAs}Lx^a5!lq1mn>xsWSKZoEl=Sg~Ql-n*h=#a^&??25gM zT`VYeMb!74Gwqx`djr4!|9Ri{K0enl`~A%M?#%4$?Ck7bo6_c~7>8UV9JUj+xkWy_ zewXK*8+ZrT91|Zk#$l^X$@o~>;bg9%eAj-)s5(5Q9d5!k!r@`U;Xz}jUgq2+68BgN zHOAprHYMw0X@@^?4OzMOS)=Ooly>+y*9eDQMD?}Esqd}xmvaMWz2{8Ms4)&_+mvn} zOFMj$Ybf6ho;RvVp3)Atn6l#pa3vJ32A4@x&!8K%Mr5B8< z$5Yzjx?Ce19!``yFF$rt6}wL~#Zss-4zIH*NBCIU;q6>QR(5#NsE+iMcDNhY2!}@z z<*uYg)||b)bCXEiYAMthhacLMqkSyxa6Z?NmByEh>KIRHhpk*A98M+5T`w=1e9N`Y zO(OBRrBGuWuKBWwb*zu29rocGvU0RdInGns;VE1r93D@UtL57ZzIe&Gf!~s_6l#pa zjb1U1PVlj`!>zf7tej|5PV|&^cox?Phtr61Ww`i`-7j=*;FoJGg&N~<|<$%k8urI+3y{ry2Ml3VFlL+hnEtyg+)%>Z;#KM8<^p=6l#paKW)loK9+X4+`A@? zG?ec|n{v6Qw8KeUBOG2qlsi%`*x<(L&JEm?vJ`5J!{y&I(XaHew8OQyhOC@tQ?Bxq zc6cS%2!~e_<*r7*UE%8Eots2r%lA!u)EI|#Hf4s7r5zr`HDu){n{th(w8Ou-MmW5d zsI4us?exA7(zt=QKzv~0qsF8?ZBwrEv9!avTtoRD_@PnF^ptiufop`r>xtUJBKuC5 zb&hkBNc?0e)EI}`eq>_Z;A3fr1G$Fs{oJP9=qc^+2d)tgZz8InMMhlHbC+`i@2Qw) z;-khmeAA}f>|<$%A9D@mJNaXyy2Vr4;c;9e9L^%j_1MQQ=I^ZD@Dr0WYK+6-Hsw|y zOFJCJHDu*)n{u0{w8ND?H93(+IJ})Gccj!EFsakIff1~wP-7f^XjAU+v9!baTtimQ z{miKD^ptjZ1=k3NcM;`!n|Ep#ec{|B66K$poKa&O9%fVS_OZ0XBe{mGd~8$h@sxJ> zE!PN#_Y&pCHV@x&ExRXG{e_8-8sl)1O}Wp<(hiU18nW_}O_}W}?eK4|5f1Ms3T)A5 z+}qR6b8Zrewl7V5)EI~7*pvr+EbZ`euAy8v{K}{v^pp(;|14D zxT{Th%*WCW_v0F}@}f<7+*8`&+gu|YJ|P^gcK84|Xk5uRe`DgK#-v?fQ=as(w8N{p zhOGQ(Q=amacDR^pgu|zaaxH}5;-khmEVL=l`B>Uv71xlJJ8jDIp3)8<<{IJf1)|&- zdsy*ocBJ%OVB(|3I2>+MUi7iF!%j(hg7I8nV*o7o(czDeZ6@t`QDDCd%D4>%0BsgPj|gX}1(=jKeQ& z$|pXScK9RLkd;xt8r7$s(heKBMmYS8C|8E}tTVO8xk)6RwiIfN!v!|wb014P{DW)A z%Avm*)fb-94!gNVIQ)_*H-Fgo{R_@^ZeT@_rBGuWuKl}-^_7pM9d5!kWaU_!GT&3$ z;dHJM4!p=AlSo`(DbyH;b8O0QK9+X)D%X&e z9sV||-#w)r?#4C3;U7e~XGS)tnXsmFlSrIyDbyH;vuw(rK9+Vkn`_9*^8XmsB2Q_D zYjKTm_!m)Ni$14)e#E)XO(JoirBGuW9&J+=`&ioHDO^Lj{%ceI_LL0=|1WY!z0~a zs1XkHh;r9@D;)MoZJ_qX7cRgDHRi82o3f0Lr5#S;8sh)5Da(3_lIhDiTwxjW7iomU z<%n`eO5PPyzHx36iIXjb8pF@FDa-p<+ToL2LoW7R*3c_>N;@p)8sTt7qTE?;(u%F@ z*`>!Vg&Gs%JDakSkEI>{&NXD^*5wSnvZu7e`?*FqT!kn%=aBksAban3W_gn{YRq3V zY|5%WmUcLcYskv*6%4(ar?kUSTq7K=PE=ou%>McIUz{8G9aT%A#>CieMf3kPd@Sv7 z5Z6$?7uu9HJ*6Ga;2Pm@Eu!4r+Z&b}+3egT5-Y4^{Gi7CwX028+sD!l_v0F}a=T4g z$5YzjgIpsVu1l1w<=YQ`af)-3NbIz-@r4@mSJI}e=VNJyhjI;BdB>)#?o}XTfsdsfp3XI7Bplw{ zvQeRP1HUV6DbyJLYMau>$I=dO;Tp2?uT9z5Q`+GwtC`8=~A8`@qW<-sIfC8}ipQzEETSI>M%G>tkt$)3}DL{A^RU^OSb@57!8X z{fKhs2?l};P-C3^Zc}#iv9!Zw);C(xkdUF=%H=j?A5UqAH*k$`xGz!etoOi_ zRep7D5{XSWG=5NH{u*ji_Vcl{!(m)QR%Y0gp`OwXXK{^im`{|OgRT0iXNYqHzt^^r z@r4@m*A6zNz{k=KcjFqe@|;a6^ptk^2G25xNV5>IJ|`*4kLSSlRuvhN#jI5&yJiDu_rX1vBX@@^?4LLkx8$%!LDP4vabB%DAB+9kt?9JCa=-ea{gSRy~qsIKz zWK$0Dv9!Z>t|2QMZ)fO6PicqSa*c2}jwmSJk#Yj6!& zxyYt8drCXJhHHew6j5#jviG%v*i7k8+Z#WqF@IItl<_{6b~u)6$jX~GWrC-)!;iT} zIBX%xwZp#Gum6K{lSmw}gYktL^Vc++lJ>E*!?U@DtZcrcp%3+xcDMuA2!|7e!;R*a zf8g9C68BjOH73TVHl@|a(he7J4OuyHCquV+N;^D@YlOpgqFg&%JYiFIy|dlUCTG-` zzsA^pIw<$;XSlZ#ATtil>2O0WEPico^xkflViYRw)Yp1WfTbvvC zJq1gl#>9BTrX1~KX@~Q;hOCU=)zHUyN;^D^YlOq8M7i1Kh4TiKJ2#2M@0LQ1iLw1) z^Z#RgEbVYG*N~OtZOU<;(hkqy8sYGGqTGnF`KCtpzT6Kig&N~5v77n-2|ku~xGL9> zm6T06(No%C2iFLP(}csS-*>#uyGcA}DbyHe3v9|sK9+X)2iK65(L)Ss>kRr=OggMB*_^p~l4c)~1~5V`+!KaSd6Su)Cp8^OSa&lOtmRzdrCVzjcbI%bBKZ)hkdw4IJ`(WEV-icQ0FF*7;h=mm>9>|l#6{V?eKK2AuAu)luJCN9e%|% z!r`UD;eI8p?5$k8?PGkQ#{4zHrd;M@X@>`L4OzLtrd;kR?eH$H5e}~)Y9)(QeZTVl z&P^imkEKv!9B#O;`TvzZmUg%m*HFHf+LWt2r5(=X8sYG2qSm&^SwFwc?#pbtpYekl z^H-rwnc-t;hgDod`95h=uJM$1_%hcBhu0G2dhDbBT#j9h77aDNP$Oqot|Q8w&G$TU z4m?t3w24H!rBDOZxXw=JXC_f$pD^7~uUHB-GS>A(ZEG{Rt>F{+(@}l$&0naIv2GyB zoy`sGsKYHq8sYFpqHwk+d>r+LrAQ;Fn}~Al(2$PWp}_n_8d35$6Ey(j@FFz(anwnc zB8{MK5wW)V_Z(L8pIHhuvJ7Vt<;K`I^u=i^7i;-K^A~C)bt_Ts>So0gis7{Br~@p8 z8d>tU5tUfM?GygrQI}haG$i=JrWjTKqPm8y$5a;Lziy{|;%D9#S&B5GF76;IzAgqA z86Tt(rFth(7p+K^5;qrr^H1OrDl zfh>J?pS5tOK+UieY9#d#QLesDe|^gb0`-QaP$Q{_iE{Pz>Zaqb4AhU7LXD&z5wTXh zY=>t8wRx#2P1H#0QKHnOq@E)Xbc*t7O;S_(CidRD|* zG$Q+Ii1m}DP$Q}5M6AaCPhSzJEy_*FqefECi&#BR->_Gp_O%phB=v%bwOmEdwt<>x zDbz^nMG>p-=|6S_>SRlyMp7?{Sfz7TIU!K@S_(CidRfF;@Xs~h1?qK6p+-`#5ao`P z<%j&43{+l)DMQpqYA#Xks62hm^e2JZ%TlP3)T<)a)YipE1?qT9p+-`#iC6=MUd7tR zLzY5~q+Tb=9be}xSOg2qUB9vXF!L8`B=rVS?)aK<`F$q_YD-I@MpAEzSXW=N&4NJH zSPC_gdP~H5Z}uoQCBMvY^A~C)^}dL;!-xMulXTPoOQA+mABb3gyz>#e zBUWW8)JW<>5$mX7m$UQN5tc%Yq&^a{?pX7i(%|qSOQA+m^N4b1^O@i8Q68u{mO_oB zJ|@bY%}-hD8P;RZw-jn5^$Ag~&98RnKsNf?xYCp+Y9#e3QLfE@cG+BZH)jt^p+-`l ziCA@SJ-0n7%xAo%P$Q|&MXbxZ6KrPScuS#1QeTKz?{3D&hj&;CHIn*L#A;~dt@mY1 zp+-_)iCCAOeHR-8EVdMCBsE{ex-k7JtFMi!Ou3*&QeTT$Ti)3G5Gu^4%u=Y4)Hfp5 ztizA_C{WFoLXD)p6|u@*eg{VOF4j4gLXD)p6S3xQ^h$A{ZnG3>B(*@q>U-qw2LPMp7 zvAq7HXR>3t(^9CB)K5gYV|o9cacsPCzNJtjsh^2*$MQO>&VM*KeAZH^k<>3lxnud{ z{AsLb`@&MFk<_muR_zIwZXRN-TVu))HIn*G#5(8c>sY@rz*4A@)bAqJh-EK%HpDvE zQmB#CA0pPZm(3j>s3RPpl-AjY9zIYC|8DGwCAzW*BncsMpA!? zSobFHxjMx9$x^71)M62h)ZZf3*vWa#f!fznsFBn^B39eZH86MO zdVu{cg&IlyOO$K#^Q$}9ew}P7)JQ4;#kXvpYxA$)u^k)t-ef7%NGgvgS6`KxwOB9u zp`}nGsbz?QFZxV+wuFr;|FjfpB(*G2Zrt0}|6DNZN@Keb<}cJpYB{3Zxc8BB*4Zym zhgb?Vl3Jc9w_huqnw%e~8!d$zNv%K>e9@~=!54iRhZGG8)LM0>G*Ba{m5Fk(w)o=gZ34BQrBEZORfvKw`YfJLz*4A@ z)T%_ecKG#Q7qUL;6icB-QmYZ=+Tpdw4r&UqZnhL^B(*wGZoe-6uyl5yKC%>QB((-n z@I{|}8qO~Y)L)iDjilBj%EjtC?ksj!ar=5x@~Dy2T13GYeO9?-)o(+rQcIymQfm|C zV$Ip_(Mto>WhvB1Y8|5Bi$3qIeci5sI@?mHk<_|Gxmf+qUgeZPJ!&b`NNPQz;EO(I z?zSbngZY7_P$Q}JiE^OVxm7kygB9tDldXcLL;EQK0LZ9tTZ z_3?kt1u=df!7we?6-ny8V~rXtp9t9>yq zP;Hh%jifdcu@Z|u-z-owErl9MZBCRc!~Gxnb%#LxU@6o{Y73&^i#{to@b_PVT5Xis zFVsk?FHtVmznL5PtcayhBdINkf-m~4SD44{QjNA0Y9zH4Q7+b{XRdcfaCoAnP$Q|W ziGnZsWJX^4dZ1=l3N@12hA0OH&Ameg&Ik1OB8(3r~kCyS--KsQmB#Cc0{>Y zWpj_YImFs{v?+PiNU9%E@I{|}9yovNKQ9tAS8nj&3&#eBn~pIhj~YqsLX_LDGuK*APTF4i40^V-1fQN$p0Ii}lSP6WMurprueFsUbwc7k$>~d*t*G ztJ+eik<{))xmb+@#tjVA5tc%Yr1l^RzUVW1Am>LN>_MpAncT{JLR*$7nBdMW8xmb5!c5Wt6*INoTlFBCv zzUZ^rhO<~d|CFUrBdG$S+!$b`O%DLtmBvq&LXD&f1@&8PJ=|$_)Q$(3zfdEoBBI>L zq3W6g*bGdwrBEZOVxnBnw({E_RfbrzEQK0Ll@R56wsWS;nHZ>7EQK0Ll@jGj{@ktu zy92e%fo8u@BdIc?;EO)(d*8~a%`Jr*NtF}jV*R%6$1jCgRhB}Hq$-GlFZvvE)UGcE z>QGCeMpDCwa}}Uz*LqVdg&IkXAPT%>LW{`Mp6w#xmd@X^5BR-t#+{SiW*6cB+4C?ckOV_j)B_VQmB#CD5Bg^ zx!FCpzZ0n8mO_oBMib>6j{9QZ+&~>|Dbz@63{mh!pEuV(#k*P$Oh_fOQA+mcXLcnr|u8NUBA|T78>I&jo6gMiUh^l1dZh%5c5o zXPz0TeJzC=NgYZQe9>p0A103t)c%%2jie?L#^Um6lx^ZO_bZOgQrxpE8mry%pRgf zQj>^+FZw+8Y~?~!n9sJBLXD&*6Xjxk`OHNx1ggPOsFBnZqTq`@>umO3zd#*kDbz@+ zhbR}TZOyYA19hdPP$Q|siGnZsG#-81M}d0CQmB#C5k$FIZ|q*WI8fhM3N?~Ck|_A1 z&$+V>zaUU6Hk;B!jiinu%C(KN`|JXbmAjJP%~Gh5)X_w_w(-@#?)?Kb+ES>I)G;E~ zS(o>JB2cGV3N@0NDq^km{P{Bib&I7?BdKFWtY=oKtP0dTOQA+m$B9^rO7FTePh)TtuY(@}V07^`NCtBdO^`xzgBW>ZdH$ zFP1`$q)sOazUZ^cvRix?Vy!*F>=$Yzbp}x`*08S*J|a*K03(MpEYx<@W22dE2iWsCkw` zjik;c3clzw|E+1P$6jnH)JW<)qFk&m%ZFbUV(rjkN**kJ5ui3^Lf@|-)bq;Na`Y@+vv0`Mp73O z1z+@e@UGjd1GQe-lm==fbqP@})|*4mJ2Fs(mO_oBE+q=S=yU2HW6udx(o(3A)MZ4u zSYN#|YY9w_PQ7+adQ@&@j`dc1qN**!!}EyMpD-hwV|apO|5o)pl-GlY9w_nQEtDUt>5hLK>cYc)JW<&qTq`@GoPEu z#-jh3Xi5V$lA1}Bi`DVnvuuX5*ixvG)b&Kc7k&PCXVS^RVWXu`BdHsRah)GQI}>8=5lftq3|)JW=9qFk&UM|M3MsK+gZ8cE$o zlq-#qqeilOH;XKV8cE$w6nxR=rP<%GtI-YG%zmLpQg;yLV(s+aI5xLjVky)}>Q18I zi$0^)zw9$qn9n#%p+-`75#?g#*M7#Hk2}j!sFBp&M8Ow*9-BLx6y{&EEQK0L-9wa% zb>M?7HNoNgmO_oB?j;Jo=yTFV3s`;qZYk7A>OP`eEwBI7g^b#!-INPzB!&C2Y#w~k zXaCjrWas6BEoJt#f3~@?3$C;9bH9jn%i{czVZWwZ3NcfFmwkj-!GXDQN% zX9FJ*v0AtL>$VWT#mhv$0-%{2+E-?y(eVB=rPQ@I{|(2Yxgq#Cph5sFBo@f_met6WI*RHqSEmVdk1RAtSLj(Na_U< z>ylj-{2Hh(OQA+mFAD0DJ@4NlP%|ur8cDq*sB^End10XDS_(CidRb5(z4_YEK>cGW z)JWNj0?MWA--G^K$WNzEn79VzLfPh%tVq@_?JsaJ`DFZyiuXZztH)(lIb zMpCZ{>W^EG`zKIyErl9My)LNbk3NE(VgIodY9#fBplWYN2H)8cDrLlxtCc zjk+9qMx#w6_O}#jB=wevb=dk{dj{$nOQA+mZxiL}>(B9T&JWb9mO_oB-Vw15Klyt0 zgxYf5#w%(h^{$|X=YRESh&9MksFBorf+~9Nszrf1#8Rk{)cb;(vpF9vpJ6G~Na_PY zZL{#@i$ko3EQK0LeJH5+K6`O$puVvbY9#fMpuWB3#(9C-V3H|A)JSR`QLerQ?tKXB zdrK^Z8cBUDV*Pnt0h@D}Vky)}>JvfLta|2V!Qo6xp+-`l3aWWf=Ho!UVJXx|>N7!2 z`=EMypq80zN&_{L`dm;yEEv39pmwnoY9#fApsGIl`t?8^WGU20>Ptc0w)LpH0(F|D zP$Q|Y1oivP16hl@-%_ZN)OurAD zVZ&7dRb(mDNa|anTsxfe*i<%GIo(pIk<@oY!54jQn(!T)XM5CAsFBnHL7iW@_PN2~ z0!yJrQr`<|{kp=70=03EDGk&}>Ib4+X$Ry4WuoP+}wNS*`WUunO19gt2P$Q`y z1$FO_Yrhw$$1H^!N&O_KPuBi~jibJ|6lx^(v!J?v?qn;gH#yvt25Kbr3sJ6?pE&PR zHl815Dbz^nR}pL0xUv&bVLnG$3N@1YO;CgP*lzPc-DD}$Na}Y%{k_TbzXJ7+rBEZO zKLoY-r`ef6t#E|#iW*7%DX6WRrdJ1Qu%%EVsYQY+KlOu`12xW4sFBoPg8IC2@u7h_ z%TlP3)MBDs>+N21CpORah^0^?slR2cF^{rXD;{Y|12vNRM^JASH+>l#?q(^}Na|lf zt+d~>8wIM#QmBzsVs*S;cKh}0&@YMub+)BYBdI*1AT#>>_{vdmneN)*dzM0tq?Qp> z&lbnA*@KmiGCXP|wXC3uUi#_65Nn8~P$Q}31a*ApZ*0D|*;1&H)bfIAIqd;97CpyO zsFBnPf?D|QN^Cs;n59r7sTBqFexJ!~j_7+!p+-_G399DH!e>xnKARkE{z8qURu
CHwo0imO_oB))Lfvmrt4z zsOgqMjilBV)M^t~92TetEQK0LtwR(PH+}Y)cn2H7&bJh5B(*M4eJu6tg3GQ7v38qk z$`Cb@T2D|dH(WS9P$yXmHIiCiP$kz-do)n*S_(Ci`j4P?Ic_c+5$$-aaflj8Z6K(x z2Cjcjh;@{uP$Q`g1$E;whqKx5S1g4ZNo^#kBd$Az&Gz&?&NxJkr1}VI`vqPt) zP$Q|01$9o{oYPQYK2KW;HImvyP^YZC!o)yraJ=DBBdJXVb=DeNvtBf9Dbz@6GoswA z$o{lJJ~(C{e-vE!Qpx*7>B5lv9=%zPIdH|zik~G5gl$R(ui1n ziQ2$Y9V^V75@OwADbfgPOQP1d)bjH$922MyEkznqtZ}08ycJO}L79LlSo?AHwGr2d zH^^=6DaV9ZU6vw^aJUUoP(<{ZyTN(K2I@IWkw(PYR#1j@4!4+Q{vwTtwVk1G$KZ2j z{&3dMPqh?j1l5lyoYh~JIQ(+4p0E^Y68*#Ud}4c|;>)n?B*T+N#M+^kSl3vJG$PiH zy~OHwvWZ0+LG9EFb%LcxBOLDR9qP96sijCGsQ$ggN}pmJl15Ow5Y=Hzz4nRKDnrRX zV=2_g<7)s>D_Lsh`v?CUsD7uKSg4WIK%%gg@zeal-$j8MW+~DLhl7YZ&p?U9`g`{a z)SZ?hji7cFv8L`f@ZmshcA9ZW8bJ*v3Qpnlx$@qctpjzUrAQ;F-H4hEl?6995{KXa zZz@m=EkznZ4G|7cIInndpbnmH9HK^+;qHR!dc0^{piZ?EY9zIXptel*V_O^MQMqco+Y8O&n!Q<^f;@cPio$lqgL#X?Qyvt~52I;ccu+X=+tIwMsKWX+|hbozm1RO+9INeVw5+ z4N7yC(u`D^vz2BPX?T5|t2CoY!^`k|r5U4QU7$2$Rjf;uW`C8>WlD1ZX?T5IsWby##`@|meLhmeMQzCmdkNyF>?CZ!ptG_#bZNoj6V znr71QdcR+3Ql#OYA5@z0O7ob~Od!nwR)&u&O^ebzsWfTQ@OJo=(j2NZbChNxY50CU zt2C`j^Ssiuk%srZFDOkrX?UH!q%;|&d0A;Xl%KgubC}BKHKoathL_EfRjgl>=2(@_Z%T67Awt(O7oA>OjEJ)@}gtWlSsqsbUCFtS>>~$(wssXUSBII&8aG%Rh8y6rCCF1 zrjv$yUQ20CSDJN{<_x7-Uun)H4X=w0l;$jz&!$RqHfea<*g|Q}QJTI=b1rFkId7>n z=c#L~e?4vZd zkcPLheU)YwY4|yJKc%@<`5CG-w~>a|MZVJ9t~3QobBFR%s5EyfKSfG&m&&JDY3?Qs zFP{>nxra3T+M!fw?p2yHrMXY}DOZ}=q~T>)p)~iChPRDjO7noqXSmWlNE+S_E0yLU z6{|{V9#)!arFleYYLwlgdwn(mX{Peoh&w zG*6R;U&D@4nmMH5W6{w{^9*VDzK>CwXGz2Bbga@mr}EifX`Uwy_k4iTyg(Z6`9P(4 zkuq^tC zG;b(PN@?Cyn(<2WmeNd6nzu>A%dkah-XRTdV`-&%SLJi4(!8fM6P4zDrD;`~50s`& zX+Bh%cBT19X);PPk2HMWJCx>Qr8!J#K2foso-VTpbnxB;Bc%}JSX--g@UzFxVrTLXK zye_6G&2LI`lG6N68s0WeR+>MQ<`kv*Q^h(}X%>-&m*Htj^OwqJy3#Br4X@MFmF91y zIYVjwAq}thGnM9Fr8!G!5^!g4**xy&Y^A}M$V<&RO0$g8oU1g;l7`pUc}laK(wwg} z%aexh`vpp~0%>@CU8poGs#q5(%}PphvC^ze8eWFiD9tJ=pKFz7RnqXj_d2CnP33cg z(yXpDH!95zLlSxd#bMQPSnnpsM-4rzE9-l{a~s(fx!n)OJ-+s5rm zv%b>Yp)~(dnmd(d1Lfx~rP)wv?pB(ONW=I29;NA{{M@TF8!OFyO0$XbGh1mkRhs*i zW;3OEKxsBtng^9;3)1lVdPr&dl7^oz9#)zymF5wp*-FKFRB5&*4ez5KQ<`m5K94KS zwo3Da(riZ>UhhvTO+V%5DW%z7X`WV^9h7E{((I@-&nOMPZ*18-USH2D&CW{moYM4H zn&*{f7v<*#r5QjPUWP9!%|NAjNofWt&C5!&tJ1upG=oXQ+s|C3*-hp1s?rQ04KL@{ zlxBCOd0lDtAPqkczM(XGl7=5&Zz|1Rq~ZJZmeTC4@_9#T_8|@5ulJN@U()b%(+5hk zA8Gi0eW)};mF6R*$tMkOKl7BPKxsZ!nnI=dL}`jh!^`kfr72eVe5N!dDxc4lrc~wg zh0>HM&6i43u3~+qG!-hJ`ARcP<@2@D3?~i0{`y8~DwXD2rKwVy@06xmX%;9=4Qcps z@x9X2s(gM>nh{E~P-*H^tRI!8UTJ<(ng$i?XQdgb^7%z+Mk&p&N;8@?{Mh+TX~rnc z?@BXPY5q`}{gviVr8$5!yuKDG&4DVPzm(=6rCF>r2P@6rN|RK6{!yAkR6hSIO{3Bz zmWkfW9!DB}?Bpp;lhQ1sG|fu0tkR@N!^?R&r5UgCSzc)-D9s8=(?S}4zF1Ld(kh>o zl;%*<@V2_L(o9sbR#BQ(mCve5)28xSO=;Rm!^?1WrOA+npD)%>nhxb>O{FM>czfPhX^v8{Hc^_RRjf^w<`|{fOlhVn&E`sTtn#yk(j2Gq>8muylZKDk zwp5xERIII(=0p{1Yo(c{G}|c6Nu=Rzbz7x5nKb+u+)imuQL*|d&8ei}{m=GFbDGL$ z2c?;=^4U>oPFI?pl;#W-YiFf7lQg`1`YX*@DxY1H=4{gNG8~{Z=a7b%&p@R)SH&8n zH0LSJu1a%0Y50B(R+KT&nWfOKC1s z`RuJUmn+RaN^^yZwXf1#sq)!RX|7V5p-OW#X?Xj|SDG2hPl3{0qw*wHkc|yf%RGKH1W}MPIrD8QH&C^QLtTb~}td!C`qcr1{ z=2;bMg3>&vG%ZT=yo!}pnio_)hbqmBN;6SuUQ(J?rFmIt+LY!M((q%jU1{c$hPSbd z(!5F<-XC@-&1)*wVM_D5$|tKdZzxTt(!5C;-v4wd&09*-tu${d%_OCHM`eN^EGLBd;Udf zzES!7rZnG@h99TDE6sPL;hz6gnguG>BBl9W<+E66eo&f!lxCsQ{HruSDotY9==|YN zq~Yb9r!+s4hL_JWO7n|~wXD+os`6P*X?`OOuhZp~=699P3S85WfX^SKx%R~HP6|wg zXVRNmCUy?NdQ2q#B+avv=^v4=wXb*2b|ez%yf@e7Z?|yL9ht_c%UMb~@9%zbREyA@ z32z>VdQ2ov5SpPN(3+V{W1>IIQqpAclrspEv^t=N*kf@w_753`hX-a4^4&l8%rV{`tCX-v+2ZZ!YLT2JR~ z5S#NpOk>nFEG3=SCzeVvjiHWaDe1gTW2sA+#!$Dilyu$}vDDK{W2kv7C7ribEVWo@ zu83``>)&MZGvzZnwyh3k8l$dfDe1f&VxxC6jiD}KDe1hOW2q;E=AGDDev4^L&I?#d zI&V;H&MV%`_w@YO(%4jJN@7c6Po^bN@A&ErZLnZEG3;+9!nj=G={p2rKIzQ z$5Ib5jiKhTlyqKoEVcYBqYeADB}+-?jfkZRna1!bmXgkEh^009Mc%;5|)zA%f?do z2+g~(J=>d1V{-n3rKIyF$L74*?M7?*@b_YK-j8XFx{;-%^Nx(o`6Q+>)Kx4cop($u z^$^n->V1}y&O0ua`kQGCwdNh>|7O2VjHR|_8l&EarKIytj-^I3jiEYNN;>bfSZX@c z80u!0lFmCrQ7^&vWHQ~>kxUje9oC)Brt0fPS7w?f*0(ffQ_cB<6Um}%s9?9}@ZLF-Zz(w$w|9@x>wu5_jyGXP03>}P2v+t%1sG9`bI zNoz>Au{78xQ&<)4>8^BRYx?jMlu9%FooOG{m`yj1gJSWb`qoqmOHFPss?Q%dD3Ppd zOn0VA8`G_&jhzs$Db+zva8rG%tDyx-y}2Zt&19=G%~U>MFq%5R*@=$?Rhd6<2<=+P z37FE>&Vts~OcOeVzaisMjji2e9R3N>%|D?4;Gd=06x*fIjT7VdxT4dTD=1BmOJ(!D zGXx-*Dg}&Pm#N97C#2h<*vTJO0|+OjvUX1!GL#$C25gC{Vc(#vz49XwmOVAu)IU+(S)^w!Wktyt{Xr@EbWK-YMHZIeeZmLYT zPc%hkN@8?lx~rzWpt(7l>g;4;xgP95(T+~HH)key+U&Zr>Glbx<)&OnRxDW0g*`Ug zdXSm}AtsNy)c903)!vlKMMHDJ)=_~44Xt!ys<|lB)&boS93?G{?GsW%22=6aylwdy zf54gD#G@tMG_fet-QERyUz(6!-_zNZYQqD&Hk)dKqp+Y8%MTMUZc!t6YpuwbR_B6r zcR*P}L#;P)pr(DC%FG1V)C#>~6BKDC%i3b-nILX2I&7;@;+2`k=F0TAY-6^kWQwUY z8y{^`P#Lr*=9U8?7l*orSK4G$W#_p z6k~?9naQbaF`Q4bZE&8cZEftrqq;6b2Q#=u9jKw#HYBwmf=rJN2WEFC91hK}OWkd$ z>P%O9Jk}a^@wT%tFjkT1AE11p{+hd+x^NRUFUoghdzQ`>z2ywX0I%+b(#eL?2c#Aj zWqUfh@L(xuosh|`{;;G14m zW9LLHNXU6)Cl=-S#_m>Vc)q}vNSjt~oR_8A>!2&mv^lrt$mu0lf95L7X1Y5H#*a_K zd9sJfUYIUVPiRSXcA+ z>M|qSai7iDfKuS-YMqo~b$~6gE>qCdm7WA0N=18T7xp-|+Nx4*894g!#80O&=t+wj zI~vEOTOrd_Cx))exYlm-faYD=*wh6r31dY{f;uGemPPyg#uyS1+&n^3!oS8YD=|u)wgta!MVj8 zl~`u(D2o+E48h3}nsHqQt+)&;nju#>*x|^Es-1u8(K3^V3@%Q0;y7(I{$1KxmuiMl zFBAjx5r9%ElnsnQ;sxO(4UMY`D2Lq}l}=5r8ILDN zA3Ffy;Khw*%!S;@_BKwMLo_ak*<#xbgzth{aB=Lg6^#{4fhvkcBYV?aE}jTFMF<8o*f*TiXf`H5efKyxOX;n_QSJyn6CA8Vmnd_Ab7bqd z#-@p#*toE;GH}v_rU!=zj$yM@XYqS!wquD~lkO~rMPN5V9pc4HMd!%sB6GapKZ}|m zr49}n>?CahjP?uBM{8qe3s$5hLCUwFOA}4)4Mh~YV{OZVHO4~RIygs8O63S0*%+c@ zYr|$Zx+T@_V%DX)y0h(6kanNyC#E}SH@#~&r;vhfttFF9#qn68E&~{*cQj;T^Qh|X zN==F5A(+LDee81UJ5o)-ePya~QmP2Xka#YyH|MJyIhiuV>vnrBkwa%A!Ubt_$&{{C zd#4*Fn+#wkCfbHwvC)BIaj5DzS{+}|k~vnFYKNh}Bt;Q~O}-{*M9hu_%rdkJxNd{1 zdMF*3l(DVR>pIAW|2uxYRT!ZwXg=I(3HK3UIbUs-RPuKo`liIAH|CdFaUFK{1h(V|oZ2=giojcHpiE9G+cc-Y+7QD5Y_C3ou7e!S2e=$&=0pV zS(=K%CTohe*BPAXZd4RUnzE(Ud=A8=%d;>g5Fgfd z?7Q(*3v+Wgyo1eR-*V3V#FUPV;#yxgy0PGL$Hs2jm#n@9r$J{a%v#xoS1bsl&$OiHopqdaXP#b)Y8$FbMxcv|I|<6gn&3A&a^ zRNA8S!Zy-ongsHUoHtH#Uw-lhiJ zzSp;;T3fMNS?i*}z0D0kTST%|c4f%n`^a zaFT*3R#yd+*Kk;bQ}UAL6L?8k)6@cd|6g2NQ7{?$hL9yx8(x{)7M97ni}}#o7k8wI zX$LoOF9^oVG{#f0`035&nrlMB)LvX@=r+um5TZgWG&6(f)`x3=QS|6A3b&c$n3904 zCL_~3W0xf|Dp;C~yeH$PDg|SircQ7NSt}k2QqDm@JaFNfknat0O)nHQAKKm7W$eP7 z0bGvTK-ibFyv!VxDaf322*xn9MQDaFI_tzUDa+1RLv$_y;uK{%dQ4Gc3xaWXR}v;O z?DSyRY%0A1HrK*dGZ-Opdsn7|wS4Nv)FcCP)gUyT{^>FeiTp7XSkU8&!nn0k>zdhL2_k<*RZC3GmVvoIjtx-+Azy3}DfA0Ectv<*tc zZSaS!fnfbeR&A0!j)_5YNste}UI-)LxL%0@^m2ETd510$E?s-O>4^O#1Hx!(DP|RA zM_5&wEF9ZVQr}QlQc#twsjDcfs7_WFRF%Lj0I{j4rn;e|x*^#xwpMK`9$8n=P*GDI zWhx8m80pb>NCxqvmRHPOS)%k%G{`ybcZ(X zE~?@6$w$m=!;zS42HeK)^$v!)2N16eGv>Xi#PokmMy`E^dHom>9320}UVu7y3$ytq zU*9$H6Io2ia2Q0U`yqGNJ+dw^^a^f=avwdup9nE>i}?w=4 ziDoS5i=bkBNjt1si)u|G*W%o7ReBud95SvdHC%m88Jb)q`o^l zzOl*9)Uivqs#3U@J+aqJMz*)cO8f*tb*c+?v!Jng7|i7H9@LjIC~z-&lhiijeTEWP zYLxD5p$UpqmS51vZRgi>x%=aA!D32`FFS;0G#+LP+4Y&ZNR89@IxU8Ki~r?9NGu<= z=8{ck`7(+~OdFP~8hzUd>mzW$#IwMeUKpm^Rgd0sFY6Ocrf^7^*@v*UP-Gif!RYHA zTnECZ@->Mj|H#Tjp9pbH_u!+cRf@S5Bj#RQ=*tObf?0!f%lDwr!b}l3$RT4Q*v;6b ze!PX|((qPlS|G;bivr!eg`th5OW%dDfg0FaBPRQPrN5roju>EyZK%^_^Q%gx^^fHel}zOH0LHt2xl<% zPqRJ#tfd!mg_d9n&s3aS%H_-6bWS-JboF)$%6;`jAAF-(Sf#TZ?cgi(#|Si!I!S zxJ48qE}jtO3JJS8*K!8CImdDZpEun6j;u-$C1&<0W^IDafG;PAD-ph(?(K`*<)VYQ zO>BVSc8D)P5C{w(;jE#fL>40iMlDH*Zi+5UFx%m9Skm%@oDwJ_f4KWD)vPV>ncE9D zxxyfBa32|3c@9Iw>G?3Lw-pLYbDk5;bb)# z7O$BL1Xya}((&#qtbu?f>G+%!+dyNwb{L*UH{gt5HUp2Yw5M9t##(s(184Qs27EHb zUP#7ngVAz#huQ+M#=~L*Z345y<@>E&Iuvw}c&8KYK*#0RZdOHUtQ7XElNA8WGfag0 z04xO-SHOa2o&vQv0d8b)j6_wb_HG7(Be?a=66)cQYsj#K;!G1fiXaV?HcrCF0a847 zsK)Y4rkRmc;*qq5R9gq!P!%LpbX%rf?}AB>*%1arcBi&`98`)fADambG#i;glTVx_ zn@`NH*JWUJQTqhwn>3M}0>v;M&O2_V#$N&JwK+bMT4>|lSz*T(CZ54MWkkNk6mIVAW8f_# z!D|eeb9=8C+el9jn8Sd)_Oi*CWrBicsO1J&RLbkYsA4x&b;Cmnj2{IL$z(WN2aN{q z`N@K$)*4sBv>}?OX_P8wlN^`7yA~}@^X`)xDy-1Lhm7dCsZP1w>}5?!6+U^#ccG}b z5Eh%lez5(tWsI$gOX1O{9+=eL=oL6Iq8lCutZeLtr$4z-e5SccmNPWHagFd`aW*d5Ua3d78b4()cx-@2uz1|K zH1dcWqC)=f`jUdWqVi-_K`q=D2^D5ii|UJ5Vzi}UtDJWLVjvyJf7W-E(bKe4A6=fGJ~O?%2FnLZ0nr?6AFzFGHKaJMrY z0yZn(5@WW-l(lmZJuSHOc-z#G#0(%PJ#Od|ve9jqj{7)k*k`$Pjlok2@CZ~fJoUi# z)HG_DkZR3z;8-(yx;D!pI(LOzp}rKMF~Ea`(Xk1g+~NwBHaLqc8%kHF2}+F?w9Q+0 z+3s-1_3FGKK`RHB@SqY;w1>Ff04X@6)Pq;IA!amcH^q&|?IwGe#SK=mBZ1pzY&2+_ zFS~!huGjr&F@7^#{Vrj}FerLo+p7g}t7>Bc#mQ(5)soiC<`nTuYZ93&;+Qq1wAB_| z%x1W$m1_~G*unz>1BD&8lu~Xn%O6eW!{e~UjL@ZazzRmQTpA`T!s;vqm^&E)aL>Dk zbs?ULEG!i1Y@HyaLw&LJd|{p;@-Pt2HbF0m+iT!);-JIX50_d9>q_8$tA9Qj?`gSh z=p5hWg4y&RJGP;vd+UONg2d2da_rb-L;1++;q|zZVU%R1byL*#*57 zi~@$X(SwvpoH$IjcQwP3!u(xF6edT5k)g?={N%u@{F;J_s*2&2wfRHAU^{+w;a4+$ zwbEC<%x7XM3v)2L4)R&~S}K{6g3(0^s~Gzh8=|l%zpS{bq^PQ3IK`NVnWpe7i(eFy z{z=hx#k4_@kR6?ku)tJXuPQAbRy?eTvh6^y6Tceqi~gC8=F{8~&1Lt}%JShw#ly=& zCba7<5fmP}rf1M1CJGDkhu0QY7gbbMQ3jJRcGx-clg6|Reziw3ZET(dJI0DK6j^a~ zd0A0arLjeOM7Ah@wu6{!Y>|y?!uLBw_qHa#vZ$tfSXpTSxgCdi6Mj)u^x$7qa9t6j z-7pH&Hf!<=i;5}>OKM6ew{FB~k3#{(dYjxiD9LiOPm|NC7+f71nodoA)$rPy;^DQX zbx!sH2H{^x{E7|GiHqD>1XrvD`Ql%Pw5h^sV%G? zUR7l*hAgRAsn)4%Q;`zwY-ybw)2N|66&KaiR8*8!Ml6ysDgjpg(M)kVGcMPn{KA6b zs`BCz)1JsB?K2(gRB=@AxwD4%oah3r$}cUgEvPE3DI~MBx8#%Zj;)$>M@wrCi)Gcr zipq=2P2JEzL!PLDDAy%e#73HGpX6)Eu0dp{DZ0lO8bd|duwlj3#l<;WFYN|(P?I7h z-8LSlIzuRPJJ2>^I^WwcHTe}KwIyYhwWjlH!`3z)zi4M@x2VvgN8C8KiVmu?)5me% ztMbb#i%Khs3)pc?c~Mn{nxz_{FRExNN><0{qcgH+F!`RVPpT*>sI9K9G5u}mw<+sL zuCaCBk(r$BfN4s#J4N}WHAUqmH5H~4rJ^C%)ZXd%p)~r7HjIzB2FuB|&gA5DdlHXQ z{3F|yY#o>!m>dudS3Eqwy12Z$puD1nYCd9p=$=?CR8e%Cn17QKYLv9&CUFVJc)Y1j zxPRC_A&0k;iu|Ios*>u$>i-|s;O#P*Y%XVI`9;;k%Z8QN&iMaXsdd1;s`yEi0}1zfg9vD9ojX>5b~$TLG|y@L?*G zjBh&d?_;oqM?*OCULgC9#c=Br`cL@?jK3&x$>!=pz8VqUhX&78!=y^cNL+r{>lO7% zMZvk(8<^KVicQ9Z$dX^tNHgJukt$x;B!h+Ya7hC91?B4!ao^%!Z)jhn7{AfI`!MGV z3wwJpVX%|qwR?D_1uL0gfqwkk1Yv2SxoXX^9rj7ThcDMF^!S_gU`hlF1g;4qZ?}UK zb5jeKbHY*){a!mz^zsHeT;9>U!d_s42(H$}o6;Z&m;d1NclJUa-dY*nL>9XZa)XF| zPK0J4#QVZ*rm=4dv)dq8c>2v`XbwL!*&tr)5`A|BzU~EER*tu{s8^NX(`4d(3eiaB zB_-G}{7%W2s;Df9ka^~K?+N5c!=4;3@^D9$>x<%KXw2$*dke|Zzh=bD3#9#A0uBf8 zWZXp;$octW3(Cjrj~Dr&-!m`bgK2{yxUB$Y5n=k+PItz6h6WP<1kn;-O@i+cG!^8Y z<$=1UWgJkHE(x=zciXb&;@(mcZ7%LrBb0IE86i>MSj#jKqpBMdL~TPW?){Y)ka6z< z^)?Lkh6{*+lfg0XwusvTV|Q3Ur?>DIQsmldPEcUEmuD#LR@|@16PCELFtFlbM)Php zb1n)UbNuXAjx6vD9A@q?6Fo&10^qi|iL&56>JJ*1#Q9uWWK(1U$L%#_E^;NyaLn3s zFtt;D^`4}E0L5pM!#tyD*!)^a>k>iJ$k%t;c z#AsaK7dL!KHg-0pp-0NJ;$aJA=@TZql#2FNcvO$Aa)%J~qBHx78Gw|;4v3aQ=_I%m z1CASe>w?~CoJdx?e>bGY$$G{kmbZF)$ob`Douk8m54Kfi+9%**Kz#h4ud|0uqcW}d z9#q%>tJlpxs_0fEJa*F+t92Q{%|{E^Z2fZLf@}&67Qi(#JYiSCo|VC~mwgYQKO&0V zt5)oWu!NW%Fo6nwohLBm@yme zK$3SL)E}8Mh)U+olyz&mi=us_sZF=P`2Ka}vkI0Lrr}P9y(!8XgUQ|ZbUZ7wN%V8v z7c^Nr^2I@&d26EC5!fOZ$A%WIHo>}Azka=e-hpgi9tF3=!}9C;$!U1;VnfD^S^{A# z+SKs&kPyXe;z3|r$rKosz`)&dzTRMyNm4u1ni<#FY93*Lr3PKy_~3B8RPp$`=u z^Y*{6yRqAc!dMCBMBoey@9eK=Z_1`{F$!J^4zDd5o{v|9OaK=zK~Pa!RMD#-E(bTf z!U&jw%7F_o1Lc7WlAuTqPv+D>OUxN4G9>gmK9(3vVmnMHwuG;;nsxIlAbzdIfA^1m!f*KwJ2f32gDJu;l6_pUjQ}ucmcNaeBL; z$+vPKu(Tj<#6FIWtWR-z^Xbrdd}Tl`G$y0mOQ!I1YGe~{a>A)l7wCru9D?h`VKi-qD8An<%Gh){OsOyT<;{wfrLtP6 zFV9sNatq%xcn1}{i46*zUtRe`TQ^B~drfIEym~a%751?cetAp09}`3%5SQ#&#r87E zzI~oLRcOO<7>HGe=bD%e#sX~cFOj1j01|A*v_{#DCm|c?9&&7itOnuy^yH>acx^QN z0vgR0!Ku5VycU*k4KU~KWE0%uhU)_8gOeRNYm&+)C(*BEfv}>YoCYn)qPhmS;ltl9 z3|nDs9Q+pqa&p!PMi@a?wkL^?I3!!mum2>+!>J(IN$TQIV`q8b+9 z!OPi`$^3j=X@(&%hY9f7JhvLnEJPbyQ5VtUocz$Or80dNCf=UrO_^niRUjhGN& zjaqyZ86#=em&I#i92MmM_m(g%l{}Nu^8oll!II+(t8#iaH*1PG_wq*+Z~_Ic6KEj-OtY0 zF4go#V`_)Qbg3f>i?M@Dx5Jqs-JBc`51HZb2_-w>@)vF|z>46pxKbMXUe^yfjms9d zLpHJ5W8OozPSUA}&Oqi0JBdFL=}t=dV_Z(f_2!)7i19F&o@}O*lNaN8Nt}R$7=Dlp zW(1ck=3Y|vzKN&k+-G9cq9t~w!}Ao}{h*;Ho~o&MhLjDX<>bTR4414a90qUpOTy3d z)KwIYgqIWM=VNk34X!6|7+IeztgL|<1xRd2RuuBg(L22GkBIgRi&{kkNpF1BQQC(V7S4HnSgx3ld)Pu7UY|i4;bum6TLdO%d zGHm6v>(Oond3gaKGlNM=$jEndHb;o5k2fP0?u zQo|>N(o0$iC;-g`QsSIj!z7 z=M=ZVCz>r512iW%)aq-hlk_^&jta_dX2z4yi3D!Fv?^B(^l~1&+^ZWU{cKJPA+h;jbJfi^>b?3W^%w zjY0Jd6-7{ccqHT&Bu5ogj-*4c?7uS9soEu;Go!KUOX@~d6hZc7(JfJ%wFOIx5BCF_ z+)p3=PYOa=C@!fls;j7NsDUnK$>HnW4<*LMR(bm!UqZ(2I5H>1xUAu*Ff_9T7CG776qM3+&h}%A}+bAmZm`^du`xgC)6iR$u3oUl2s;cgl(=(_tv08 zkCVITBfP7t+;4-9mL?q$(f%PsUiysi1R}c&tk3ArK}N&V9OCHeVw^s#sGuvKiVD~% zvtQxPqJ7J3$%cZ$$`W{}ReEMTjFqBp z@vO#i=+Q=%RN|qzbQ#0?Dtu+O%9hb}HKXHA8Mb#*aK5b@8%+6qjms1-NBn!aqmH1L zj8rCnO{;x}iG5*rl!Zv3t3`?E=8Vn0*ueizL-$FzTCX4&?eEX5I=1c_Zq{|s&Ugf z7cPkD=!-O}xEu;{^~fTKX5a$2yHEK5T_-N6m{2ai$}FUoi)~{ldqD zku1y!h`sk+SuwqE`S6ml*ypRv!Y%cfu8wYo!F0{YWc}FshLS4$4UhbMsDb3@au{Mn ze1#JRpII`a<+yOq?tIO87#Q(sM}aM z6jy|T5?>NETsCPSa!06;TL13*=>84IlQSKFvUvEb@uLjLBj!O3dmTTT!hMY#-|lVt z(TvL@*+yQnujFzc;}+P(G!by4cL2%~XG__n6?-keiVHjp8O%?{;B|1}*kn2M6L2Bq z=hkFtLgD1dULBJ5iv7RHoV>R;!b?@n0)6LPciLDJcvM9P$hmURowmuLIGRD2XxGCa zjEN@-ybK=+x3NnK8cJ~Q1|>_zz>odFujeFd;li=11g;!ms#_METe?a=LJ+M7+8aDT z?T_~)!$2G-=`mb=NfG?$Ps3Q*h07Smy!=IjXegQ%9uR4s8q@^_U~!aVKZ6jBV|EG3 zDq=DG_(7Dw_JVs_GpeMnvY@uM1bQb4vsJ6OoGF?Cz~Xkl8Jt9qaFL1LO`SV#C7zQtT5$A;*S!<&)Sr_-3vsqY$ zONZ@mJw(mYeTK-MRz`mYA_`%r2xqql2FIZZhy74Y*JV$XNXp#@u$rxf%ZU!alPuH% zteP9&22ba}m^&^nxp=Pk+?wcT!<%|~%a5;L%QV5-J1kDs5TR<~%*ds4{~eCaLaz0T z-5F?D)GZExrbT_#py&-J%qWaupwaf4kIN=<*NUxhjK#5+9AHWTkLdQ+PP>LAjZZp2 zU5$xkh_1x)zu0Wu-T^!uhwZBAm~lt!&sfB@TWY#7<1$(q$$qOM%9hE~HTDGZ7c8Ox zHTU>Nv83O(&{;*tTR9(BsD|gviJk z_7XP!gj+BMF=$0qB~|~Yy*F)+<5to}{bT(321#*|BHkF)zI4}SE~0(DbTrA9#4*L@ zG)dcnzXT+vOcO}DhoZ$NliU`ZpHc)4)yVtlRI7J)w_cQdW9NWig>>gaV@;P*!2h>&u~Oc zyDB)*&O&5|u6gB)nfc`*LO8YfB3f_Y;TQeA5sPDB#DP#t>!r`R6UJ?VD{RONjGfU( z6s15M`e3PV_4h(dqnUyAd-zBH$|T+i=ULG}3ByaAA6hKu?yL=Ss81KwMHvjwl)+F8 zzqmAM>QCO*w;R-L2!!@j$!?!*A;tMni75#u^ZMqDx+_dd3bVQ!WIqFBWleUaE~+g3tX2`&kJfZY$Gn6_`F`mgi-LC@B044PzJ1twX z`LQvJwkW&(#~iR|Prz)7Z3hsJ8tOM0CzIh!tYw0&0mHMIhp0-GpxLGZh63BCt>^Cg zEw;70%PzL95sY0Ia!Z>>Fhh3#`=P!4?+3eP_#D;8yQae#asOLH9%3}00pXyJzQ$ux zzMF+i0XMCNvF?L-`R%0m_EQlhS*-Bb%2&DuPA}?uzacaiqdiU-`A&?W0W!BYxD`Y9 zF*O>Ef@Jr2@LU52mBfqYDuNNsQixK>k@JyWd8^Mr6L|vNyYgrm?8Vm1UPkNpZI88ft}DM`C%3 z1h+1Ql4^CIh=1e0DR+!DI?#dzww; z;54n`K9)PRx{A=PVOsmiKg}uhhr>u*9bUgq?cyk_=ZoZZo@4f__WYoxj1C+G4G(PU zEAGrI`U;+EOmXBBHF>`uG0mript`Uf#jd$DdNfHcy{ye~stLR1De zrOc0hUj^UWk3=S_fuqoOBVS>=V~bBPC+rdx9Ul%pSPZu$#2EkuMhw%kn%1$O(SfOm zvgm6I(PIf*OmgFf;AobM&F+;sqdBKen0Ak-q6^ebFrZB%voq278Fz z)ZcLvju0G|bG<=}6-xSRBtdz~y z)PdVlr$qmIYuevk7_|3|`Y@>MuH&qX6@!VW$YW!&Xu+Y5fdbRt9@EZ0RoY@x2MMWE z0`;Xjt6`UXi`RWO3L>^^8l#rE36d=}@`Qdyowu0|ZJCB$jO_l}=PRd-GGF5B`5SGu z72r(U{2JwL`6XX%fNM?L$BklVN0LA9WK};Pr7s7wXtTLXCmi${*<`!gt()R2&Z-4a zuQ8A*`$|8@minZ8?knLSujnjoO30Rd$y)RQ>~#!Q6Z&6^9$o7h`s{{XXD>0ftKNlX zMz4Soa3n*v$qIuR1{idpi|Dt?FY|EmuezeEi8H6*k*8s_JYAs z1!6GVygpsGFWEk=I39P<{4(Cl71#EM(b4ATmgVP+H#7|&zrDX%|M@6J_V(tvX|UW= zg;QoO@gf^skI(7qGd;nC=igimJ9ZiFl=EZ(n}6Mpg8=YWM!SaNhjT2fw_qSMJv;5~ z@t~c*!Hl-m1wJR3VB>e73twNF0IXwhy8N@fonoRTyiJFNx3~2p(^eZ~x?)t~Zx2u3 z2kOu=YpVXl_u29>MsVK^9yYF?EsIUV5wUA)cPjl!O4sJJ!3*K~2D4KwSJ}X(+2!GB zjeZeNEs86JeML_D`Oi#bjf3aYHJ`iTsDK|$w0mw3Lw1cE)DK80MtSAUZuxYLqYb`j z+_J{eVzQ(J!Fa}bXbtnz>InbM*+$@gLX^qnI|&pQs&LsE_X<*+cb~RNKk9m(V<*dm zajacVH zG607dCu+j@-|0DC(>hO)b2{qE8qzG zv0l%?R*hj{`yG+vd&)YB^m*-r17;1kn)jQpO|Wg72mUUDE3}}Y!5&G=&X*~qM8KHS z8q?$4pWAc-j1C69-JM~*qx~8<_QDWH<6ddE%?$XUfali9+VqY#b=h%f%#>R|)HOgA zbNc`wbU7ZKd{7%_ev>03<>JymM?9Q1m$z>taxep(O5=S%%+~@V({5~ zhp`W6(m1+SuUdd-`v4B7G#-+^>k`(sq_oE1*KmfkDz&Mib+APa`0kRZ(!qRY$KDul zlG@;U&L;wI5&7pxy+|t={DS@B2Db)jmyWz;{?6E%P-?xIr1>wyBpAvdwqD^rw1;+1 z#f4?N1qXHu;B7tD)+G{e%Z@V_vr41;Rw(skSk@A52_vw8eUI;sx(m*_;;q}~1-4lc z`q?F=%?sMI>HRm>Ih5iRH^eon)77{2A1m|svkV}s>#k@tUE*G?h_2Xhq!^W+Ww1^E zL}ei7PY`?Z`_uYCP$&&3VXattbu&&~7V>aEt|;aC-SRu%bwQzOJEY~DuDL6@gRXO? zW>{zz7zoh?8$qzF`mTJi0Pc@VY^BB}kF1fJ7JZN`50`a8&ykuY*8uf)z7`e=o&W`t zqM@ZU{X3(lo?DQ)XV6(ID0t$7Kf%SJF*`oXTmmiqFV8qfMUqa$FnmI4tzG1|$=u9d z<8=~EY+KKJT79Egh^xk^rH{bqW_o%1^wn8e2Gc?1?HOpf#gOjUc;=T>tQW!*X#7+N zX9*sw7*iCQ8S&i(Bb+gwfl!vwWMu)Ey5d>RS`&7u%^;)a3r3XuN}_>;B^5mcO{i9J|d*KKvLkfb+t? z^iSgosQ~4L`r$$j6&XF;VhJY>x(BR`%kCYy*j*WtLvq$;r|BbvFNKKqJqL({-~ody zLvW#v)$lC`*Ow6ewETiJ0u#>hFHg~*=j z+3D!=s9+0^LaaQUmDbNs4r)t2OZ;?5DftAGhxfs4yM=nbCc(GY{WPd{EvO0xnQY-Y z9a~hQctw!r*wl4b=iK+%*};2;?0(^?Qmbai51C(!)e~Bk91~v7nDUvOud~%(4)CyA zBzwf3?D;xu2a5_C5;c!@2k&U+Mj~kfzcmxGa=-(}u9WMZ?u`hV`0->zyv|n)rb9)gS`*$-W~7X+#H@9U$2g@4vvoxR{up0AH+2G zCUxak$iIy(*v;bc>E?QQclTeOEZBlwm`ZLRgB?DD7T8M`pHgMPp;LY!Z_;XhZlOoD zfAG#D9twuz{lk;1z3Y?x&qpWkKP+#qKI|X8Kl*&KdVhShS{=O?Fz`oGXNkczGJb0a zY{4n?h4jw+Exuv%DX}^0{WEW_wmbYEBR->~1Inqp{tZ>swqw+^&LG5gr#T1n&vgpc z9f9toZ~Oa1veXEx&^zoJ_lKaAk6C%KMb59h<^6|~)$-_g@9^FGz4uoqdq*Fx-@m^) zygK~6_kQo>!-?<~yImTlt$n6L4I0%J;z9?CLusnfZNXMFy6p_<&{n4n&isllyxVR@ zWN`KGzT{Xthnw%1$zksiW5FMk+8q6yN@9#7;R`{IEmiJXQSmgPq8by~43QsjalV$R z4LMt&&OrnLcBHiA8Kf5E?xxMico6^PQXk8v9TF)1^pV2OZ*D}GIHmCO?2L0BJCH3Z zzrVp?OTCvEJH+#`7=>3iW1nL(dNKGKtqQ+I%crG7Dy`2X1&PFe9@76`R3uz{&It#|&oC!5nYA7NYG*RZjwxh4!N@v+_nzC%v12pH(qy-bzGeC7 zvM6m;9-Xh-h!6V*)N7@4->3V*^sEYcJL;v}c%q$QsDTtpKs0k;Fj{ka)cNx7^dhtTjupd2o>7;GyVeMTH^jO_9)s@PN?BDPU@QAfC3kO{ zwhZ{lZD%G}3qP+Y)|n?}7!60Yp~Vcnq7r^WAOphgy7#RN9eJpe24eI6=9UgiKP@-6 z949xSrS0~jcr}|?O0x%S$%<`2u(Fq+a*bdc0MUGQEg6Ebd!s{mBya4&(cSnqvYc*9 zI%Lqcym>voWzzBp5LkGx?pr$eV8_d3gFT>jok&=A8X+VQ8|8M3;eyiVTKeuTzWoEc zSl$CeTVY2Fz7q=F{Yk`}emx&?4NL;~bKz3jhg4lie}B8d9S!6Lvg^Zb2-V_8(J7q~ z>8>m5MtW6Gtx1m(&&88gnAZ_?+lnSX6wPQ%p}rzGO{Kl|wR5kXHaDqd+E`ll;icI< zDPljhGvkG5LJ3h#+ErH*LketLC)2Q8*`RhPh{5l!vl>&4;%zC&Ou!K z(>{`mpZMYSZvDkR9+7-@##Rt=mtC*!8oULLZbLG7ocI>)KpZ;Y=8SW-_a1A(4HRQp5~>CTGI z8b>>Hoz#h1i_`XZTj@;YU<_ReAiBBT8dvM=^qp?_8#z0%{b9~d%(eQnqixhNP43!; z(yTEk**}twtg2OQksrOgy1F`fcW{0E{@~=@_4WSA^)Y6j%hmDG^622W-LjJ>L6fVi zE!f%4mA3dyEUwhK63jlkr93@9tVUY)FRK&rF}49l>SZQ2Ec=~|-YcT-pSab?)j#xf zc|vOU2i~Sux6#E$@%cmhk-M$a?kX#*90|2RlZDMoTB-POsQgrKKQ$%^zCWs+3hpm+ z3V{{(sE($JF{s5@-YDPVTKi;o%4?+a2Nulw|Ejtb)IysDDA-2eoma~1&Nqy@XWv^OxfFr=7MJ$ya(&^1&alLuM z+rtPs!NmRd)y;x}jk-tZ`?rjcKa!5vdN+^gZTbt5I@`u=@T|S@H5ROHrtOpWFXDT# zk60O}y1$I+d@U{rF9y2*`t#4{_&>q-SF)Ub!5uz3l1@H-40NXbk`~)m#$vIg#np20 zuvuTNe)>6CA}hho&+krtLM_IB-9G)ikGoOyZ;Ge<`Q6b^Ki9a`OGE`ujqiTmKRl%3 z&FX3Me9z^ey}$YSxcmA0&mZ=GS}YciD?EI1`}BQryga8moT?}PZOxZUP`-2d2J8~KLJRClYz{nHJ0`%rJEhMWER zFYge)9e7)_!U4+t>h2vLrhE%-506WPO1}-Oo3C%fsC_@>ZI~@@{(yyV1=rOzh4;LT zX3vkS&0Fd9=i|ZRt$01sJ&CttcD=?Ogg0@pN4i4!X70Ma!;$*iD0chs_3rHyBfnVP z|M51eefx~tY;WYSS9i~=r}g^jE9&6!ZPddhgEwrQ59>cS7(_n5jc!nE@$GT(=j}a) zi_MDufhon^{$hWDdBIzBzIF+ZoK)m*5VWH4^oPoMz=8M=74Z1|{+cBmY*!~6F;YL! ze)OVx5|dZTBh(wTdj)t{1shbnBk?Qt-SB2#FvCS4_2>nT0eEg)FOa(M{NhZV(Vi~~ z{}gYvz&1(VNF#}6=0!zA`EDhcraUX0xXxwL^;NeJypiITzQH2w@6txX zn0Q$}n^$ER07r{H78G$jZMjIND{iL{IErT-UG8Q7@(X8Xncejv$3p z^e<={8V?DCrhGEdEAF2)sFHdR&y^-qX^AxE}NJI0V`a6 zACYSGm9^7Ms=A9O{V2f_pxn#Lq)hy*8aR^_ZH0$kcvVr?h7%cu9U$nHT`T8tObmwo zS}+QClqP||BsPrF+~?V>!P1HVMQb7#gA;^dd8gU0dswIrHU-8Z7_#f5Ff89*oWvmZ z=Citt@(2^(ry)Zt3~iW<6NX{=_Ig>?JwtYV7>4EBi&HSfSv(KxIsptrh87qwi_ubW z_VRxsft9Y|IHl6HJsuvN`2S#$5{}wyLRtq!0nOG%gj#?pZZ^ewc@yE#OGiQbxih&v zUbfEdjl;6BmZGu#F%nx?3NNdZv`7$;p^3ynDQ}nsGcPHUw3_E3PxtTcWCGp%9{uW< z4Q|GG7Q7IW3aq-#vmR(>nLrMG>eL$1{7}cmEORlHc45z?OwxKjt32~li#Z}A5(QP$ zEtI`?$326Fr9wJ7$MLPv;fK0O!%{n2X;SFTVn41bBqSPsYB4HYBdoT|70fY0x_C>m zeuuZ+M8+nj-<->&Me4tPx$uiT;TO5ayxbz>N9!Qr!mKl$=h4jfEJ|45;#3x5gZ*^% zKa`}S=LD8w6E1Rbtocu4{|t});1bb!{40VK#_+Ll)$y?u?=DmUQierUXU*KR@O2@A zxuX*ft;|%5u5G|un)(v2(Vxb@T*PO34tCdimKD?34#3dLUM5na;d^B{k1>ac1R5G+ z7Zeopx^aThD}9-6gL#Cgryng=LK1pmR1~vxhLLpr=W5fl$N~yKYYN=7rAn{K*vd^{ z<_kI}i9b=^bxzycuJxz7RvT~KS#0Gmlr7$xPV$Y})+nK=_D8>KSPh<~qc>lW+@Bt$#KDt$A~q^Rhi;VcWy(khD=!W53Y+n* zhqPZjXhVcN@Z9baNMgltX;?QqmL>3D`-K=eZid;#wEJu1JyyEfn zl`_fyaeIR-0=m{?bf%)>D4)*_MjQAT&o`DW+jHqPO)xK!&1Ouvr8Nt3e*JJ8pd5r2 zq{b)Ye~(y+PUSUGP?fVHY~gX3;lw9h-JdS;0Mj>%@2D~x3Y6o13ujSGh7O|2whG+iN7dco& z7bIyBX8x%kp2w$1Dvp&eJ=-uwfOnsZ3yiOnaA&Lo+eW<}(Em~9$R05E(x#{z#Bq2N z23dQ+QJWt7o;*RjO;w)7r=Ri=mBTOBj#cvOYVSWtb6HWo7e!&6g$cUf2_&~@dw7H3 zdUK0hfSYksb-HaT$ZTtadWzz+@HB7EYkCfL#}=k5GuE5Mz?;-6G;sU1@usuuqVx7qL$=*;qiFD!RQPafp zxb7p}7d(YE7REabr{DR=aeOf`H`1NVp`5dh9Q1#eF>-9cAYRY> zs>HTH&(ntLO%CGtMDh=vZ{P9j>0kw zePf)kC_mNm)M9m_pEC(}ky#%c1i;3K=P?Y4}j zsZEv9&rfyr(@b^1rm3e@kggTNwaT!m{o0#gYwHCRy4!)b4ZW$mNbls{X4{6Rj@~x( z6FNxnVlNDWAS!36H^J2g9$Ig>M!wm{>m}aX6zLmuMQ!D#VtmQBeL@Bq-;h&cFVE2| zM_ZE>Ec9iv@7_#I|J{TFD|8zB_59zs3^%qI*SYET z>%Z?Tr8Tc(R0;!|AE1n1>2{4EN!2vN)^PA955 z)DeOPE{u?)Z}a_N=nw7h1AH_XIOqJdFTACM&JV(*D6?6DNMUm7R>ZiCwrUU`j{5b8Y+23oM8!0Ph$N~Cwxn`*DX^Z*)m$J&4IC^8;Cnr`7Gugp#1KTkrnyMjQZDb2$hN=#@1`=%#O^ z@a&3Mp%af6Oo8X38o);n54mDu%EZN{50Q&%OqhfLAq^Ss&Bk#67+j1jKvc+VjUcn- z&1_BChPykQy>Z-0G|-F=ImHYoIy;Ti#jMUN4htEd>Ny4I06B?XsD*?M5tKm^#ub+D zP7!wGXegP6&Ov2r&7o(zqUPXjz~-RZSp$jK+^d^e(IDuQ5OZ+1K-S!RMJ#8G)Z4d@ zUpZU*YIE81G&_Z! zH3S^d%g}gBfeMVWzzJkF#{s$p4Bxhfa0e~*5uvy?Yt+#I7I&D{SZDoj(nCU5cs1hF z!d%3z*bTL~l9;mk4-fQ=?h>!BZVQ^mz!!zpu!`V z*M;9yf#+ss1!QykM-Py*+Z)OvsAI%0EA{o=_A9IYG?N(Z-XjE>{M)r^p~XW1VO5n` zUFU#yR4-fqN3$@k`HDyG=>mJN`*Tw{0i-u>+;dYmL%kl|RNIMF-dD!)Jcz>?ZMQh= zwRoRFEVjb=xhy;=j908jbREzRG!{FP**yMDJ}K^+$p3rPkp6{x5Jgy(O*{Z^V51#E zJZ8AUMM6C4JlsU;m6;In^TV8Z|LnK3^SGoO$)1PN0q=6-uzb|JdW?;F>Xp4zsPrwI z!ZqOxyX+D9R*$tE4%*Up!O<(*MY9PsdVCEudSx$^slW*H*=!!p*jIX-Enx7g;FRE! z-kyv9x?bVgA){3}NK7?(5flF!#?5(-D>Qh(zCMk_seX5zX7upGAxDSGLGoHvBy^dF z-2^;O@B5xZk_AB=oQNy&oH7(?Is0LcmSR)g4BgNuG8P^>Dwg6Y5z=B@pb273l1iTr zfJ{3q)}noxRJtmbVpEm**c9CI{VUijD~mM1Ze~v1gQ>pVNPA`Cb5&p(hHSv2-J$x@ zFi91Rv22aOar$gNFT#?IQJ-4Oz}vDS@x3mu`_Ys&7f&N#(lyqRb)UbSXKTp&d6gvr z?ml!Z?Ir;8Vc-hB>3%m2nL5(fzcsAbmS<~1>7`Ls*Hx605#7gjJJ7zYc67g+c2Ku4 zIt7Nz?qkD{?)NFCoh7rdL9hYh9d)jDOK8`pH}AqH{M%62ge$#_Q>*g{rbA^NRID;{ zvZ$LsiuUd&w|IN0r?pWuP=2gA8{g{a8%1MmTSFQzoneYK3q9joi#=H6BV}>hiJh<6 zDq~9LATbr8jkJk7&<;+zwGNVLVXf@}#@tyF`%Q$7&2F0o1vE9vG^lM_2j9i3j0P5? zgr<`1z1J@B<0ANNkzxM>HxIfjMq>^=Doh7$l<<{WNnDX@C62QoXlfet+-O7C?3EfxR10q&1hh+6(tOE;;jrMMaHfJ}dP+Qo9XB`%PO#>0f&?6v`BJE01f zAi}n8T5&iHp5z^RfpuG4>{^nK^+Rj)-^~glub|Trx(9o)2$9aV`HNuV=JE)BU@DLC0GI#2;XYGq;Jnw zX7{_7p+3Vl4zr_Ot$qV3%4kY6=li(YXVcbV^yx}^L$85oKbw%ZbHeeyQ~O@8Qtjt$ z*tTXBUR5N1g&lP5dy6gN9oBqp%h;?eC{E?_aYy-nMsdRyhUfUg9Krr8X^m$Zl57 z6T}eV=Acv5_DJ^Y*uikuwfyG|1FTnp)5f9nQhV z?KGM6>@*9vkf1CLqbx$wr^XvtVX+h|9$_YJni!*~SvJt3jktoXV^wOh(JeL0wi6+3 zMP`bso~L1ntun(7yQ$SPJ+h49Z7T#Orp@cnhDgvof%;6HUsKKp?|Z5QahC@TrlV znH>$0u5uC&7ulqSgS|e0>tbeL;v$=rDN!jrY&-{ZES||dTIFi$cu*EVHZz(Btv4k(+=>hlUC>di&oEdYD4 zj8hH(!qk*!r&B>%f1h*-Qti!f;UWskfO_2#`D1V?la(QQqCOF`0f1o}o*m7Y z!t(xcs&4eb;3ko%XtEcxFdVX3&QT|FH~0Cw>i-QSx7gHPm}Nm)y?ohW?quTg^!Rt?c~0P&9*4^cgL-Y4>#&XI~_+c8tt+i zf+j(H16>q`ae;6%L}c4Bv~JW7^p;*bs<|ZE)d3dljbmN^zgZuNC31n!lO{~*4UsOA zr1eK>{5BrhA1nr}T>bW#CkhN-+E-ds7_I3auAxL6V{(-=eu=Y1i;fnoQ5&CbSAW)@ zsT-AbqT6C6uzM`tq8M%6R#tB#OWKb$e>g+N6a;8krCAWTxc{bOU~Gg8OHJFcH8g(C zJ!GNVJS?3OAZ^9UuJSV<0Y^g~7CYN{1}-K);l*}aRof}7>d?-{SO;WhrQ2<%*hZMN zA1;2_yXoCG5CW+`x}D;&|a zp=XAD79_B2E|!}wD_WwKxA(W-p8HwyZRMs?Q`d;zRDiTL#_945H>feF*mSg*8r>p^ z;O3@v60xrDtv0O$17oM!xs{7v)mDNjG1BY=nF*?Sl{UzwWwXa(cl{Z=nQp5s#a3nT zz;cq{6{_YmuPG>VJcP@_RmZ?myt`0|NrViOnDItffm--l5IJ34-z{&yxiPU43>6H< zdweSw9R(}Flo)As;?2`MO@jbW4%+Oo*v%W;PuE}FhTADjm3XY9Y1L(3y*pT7EnXv~ z-l<=u@q*LqO{~N1QgmeO6tC1nBA0r}Y?c?;wD9b5Y|tSGKzRKXVT0>?+S0rI-@)Tk zRti&PoR0vt$z>$nP55!*6cC7o^yi3W_3Q#2K=6KDxc+v96eqnNl(_T?hvs7ey@zQ7 z!7w&t4mkC^TO=W60HFfx5!XyTBFG{Mw$E7lwMmWUn z0)(+}a54p*2?obVw~wvYr;F;M3}QUyG1g4R*z5i>Mz^~f61>uz6k zLnelaLxKq@vJw#{P&V@{!S!#evJ+N2tsS`c7WLN|@nWv6RY-YO6n>89mwHCoHr|uF z=f|(D;7dF;w-V_~`>(_}iA<1x9Xru>a?$J3Ni-%(Rwe@6=V^vO#2S~!9d=nNG{47@ zE>CI*2;s*56Jlkqo}X3)UJ>in$27I6D#y)G&$c+va1l;RW40*pc9^*DHM)~9EmOyE zn)=lmwupxzJPrA|n-cF7jiYFDK9T)v8_>roO>?@T#0B`+pfWB>$9bIcHA+c`MubXT z&1Q9(w3*UeSXsRK;^77d@sK%B>d?BW-bO76@ElQMbvX+w z>>oPuvVe;_*P@>|ds<%qo<8Hn!TTp88HJ0+V!>$Rck$8ja?wo4k}%|6FfWqC$NeZ5 zCkqH_z%0>$e&IA|4c+Ga-gB`LGK+fr;5Yip`0NaC7n~z2HD_^Z>LL%Z>oR`taYU4k z)(F`vHIjf*3eBvUg&8ulbaS8qN)}83KQ&pbEe6!O1tVkw3+SO|H=t7+dLxql7KId| zRgQx+oR5=>x-c3=RLj!Qb5O-krx@S}q%WaCc5Fb(I8>K7+4Lvt^e zf6+-oi}8BHS*Cj)=Oi-K9={&xWTV65BpQ_^5t!kip~{0f;@g~zES>{e|N04eQO7~B z(v0e5yQN{}VnAS}8I>dvKql1`O~>~|%1fJ7TLF-6*3U?d{CwYEP7IOK2u%g2B8Cks zHBRGjXoO=TB_x$s;J%li7o5_^E!2*S**rAihL$6gV`|!bWQ5h*2$k5>xGg+Gx}%a) zfR2c@fb+}qYV$pLzPpp%^S9*}zWLgZ=Nch1VQJ4Q=s|?hIpzpU9i9=gEhS5s3NM=Z zeik&bH^OumjQY`9PNu^ssTLz#)qfd8Z!B0L6ecqyxy3I1h%qjN#E2MvzZTEN^+q3N zXA;=z562YKkeG}H{$dhrAxUC@dtYT0Rx@NQvMTMezHL7v<_{>g&}z`HuucO`0{{jT zTgZ|K;7x}T7e_0<^@0H}3j|2TEVd@*t3d(}v&>WlCv+Dw4K<(BjXHqIO*h>v+ewl% z-}j0fIa82|iQb;2Z02WpJ&rOHSQaY`K~h{>z8gQp=h4kYXQ z>s7G&La)uqqraXr(a$y-i_+(e;ORxRs4KkxN6!+W{Y@O!yZD>ny`c^gH{{(Y^J*4g zXWFI32x#Q4^eT}Rt*&r8m`1}Hq;4Hg8#G4t47zt02VyMP`PcvRe2WFx=_T@={Em015J!e%tll8+qA|7RFeI8^ z6So?fg-3%~U0ijzTr@jLmiQn?H?|h@Srm9Kz7~MaH{V^02Wm^F1dzVE=D}f2kYg*F}ktspJ-L^cP)uB)OqIZ?K)QzW=n`+|tk=p7q8pCy|K^Zy@r<5Irfz@pqs6)7%dVY;efl+OlahwrAuN zt~Wa;(GSp2qCN9waWJcA$;@+#xA>r)79;%@kQ3F5Eb1l_fCDUC zK%Bai)0w!I!%dF3SvwV)g4J7Dw<6!Ya5#z80Zli?LT90|(C~Fckig-!z&eeq5W60u%q_^#^1iNgJ)K!@+DS%^n>gg5SN02J$XbnYRW?F4z&znT z+0=B(V2l$+eQKIg;j2u2Eq7^TfXBd6x}?zbjU@gS3lZjVetZ2pM+6@q_Uto?OzRd? z_r~9XZ);WK;c*Xa<-;gLE4xV|(=Q^`IwHq0TPNWXn7i`MqYmyi^5=8V*xucqY0;_@P6B1+f<2?Doso)#DR2KX{ZS{}1`ukjSF))L?68 zq{HJ>X+oOBVTN~4tEBKt&SGPi=SBj39qu~9YX}RwubU(Tz0li^J_6ZVX!5auV3JIU zk{D#T{*G*NbDXd{gjo;}5eedQ%fotoce&p5`(G=8sS@=w=gs1>KE?4c!oYZY`Gj-xV@P)i2@#aYA`>n8pOz0~tKg1Y66KK;R~J7WsKuB147ELJJbKse<=?@&Tw)_6e^&in#*EGN{kpl9|3w1VIC=9hK~6RWnXqIElVz5n(e?mts)SwktJ zN)jKry2CcKOF64h+)^>!Y=s7$p?Q{Kvr1$iC+h@*iP~Bj-v+gC@3nQA4?^koa^VuB z2)E6P7`JM2HB(dkEeH*qol)AdhIR}4cq$@NE6A<}{coSp;NFTbwtr5By9o}M@N{ZV9$ z&V@`jh3n1p#()}=qI=XB-HWx6D3)G>*j;28tf);o(XoIjBU)r6?-Z!p(C=o>=$dOA zaXQM|(7#+g*_3g95~q0?_+=Ln&)Z?WEn!mN7s6kI+g2?0Z?9AlE?J zNPwLPSbVxzE&o^@$H716zZ+i%`ld0Ab#H&4EiZkv)p{2s-+3i-R#R`AHP_PFViQa>NPPz`Zfy6Ucd3?eu3R_EW#$_S{ex= zR?U^0987!5iZMFVoNRJE@ruooF-7z$7^C}<3d>q4@wn-%isG0;Xq^ySYQ$W?(KNAF z6;=Y%B)Nm-=g4F`Ss%QEg%SAewy^#Km6kPw*l$EOr}MddicT%>7;9Ud^yj3*DzTKC zH6qt{ms}-deZMgSep_i0h1jdZye{(+u>=g zh@;gto&2wFDYUdVV)si-2)QR5jREX`uUA&TWRi1hX6?;`rcBZdSu}e}Tda!jT~_r= zCS?x-()-`*R`p9JId@heCEMK3@j^zQfyFAc9}0l`wAwu4W)Af>=3QJng{cc7@aXkj zbTp$CXlJIIY^T^xoOIsQOJh8qG*37yti`@9f#_c`w`n%K;7&jw)xisJcr$4V2As{M zMT1K%cHOsv;f!C?>fak0vXfM1MF9!;#dN@uQAv{BxMxVJZG=it=3a#qZaI=yT0oHu zcK~Lp)&$F;pAaxpIXzu4zoAS8OIb&VrOi2KuC+F-i4RWK_2w3titv_0yxFY#-Tk1@ ztf-9B8lIh>=2bei>o8!Z`^KPf2T2lw0PoVqY2-(lH(+OR2$QDYLWZS7jrgUxvDyBR z$(YTSOM5d@gtRsE;>u6L9815U5R0*wxA!;eKOe=4Tcm&M4eYjZ(_l_wky8$#i)_0p zw{g`Gu$AvDRYDSbP2Dv099KJRe76JTbcN?US7zEJ3qM8ZQn&*t!<#&OIQ=^0l*9=L z72#W`CgH8T(vMPfdASW<+C|L z!jY@0b&npy5g48y@P-NcTX!>z43Y`$xJix&LP`}4#x__ClAUEsfDrXomPo=qn|A;i ztlb!4;1uW-t9zTP^vX>Q(M5G_Z(=9Bg{8;Nf=RD@dvOv8yr$gLQB)x@sZHP(Fq|&` z6c4A3f}yBP9mO0@N2T%ev60KvQ?VX{M^WvnfP`v}1zjA^XLwuQt%4h{{IN}K`t8Ap zG;X=|2}~{NBFk<=Tc4i=n?Awz0wo}LK+wmmrtlGDCC2bRM>iG%iEQ~8BZTkcd@y8>zr?E2e=hVs_?k0l}W!(&`nHTqTg+W~7Hw^6+nR<-ATY0+fecLy# zS2V`9H3tXQ1sNaYCwXywkbbwA9#XOP1G9Yb0*yABmi<$0#k@ z_XiwIDo$S>TL8NKHc)V$RoOhI^LBMtGRCRl6j;(pWi{?^Lq``ZMut>)gUawbIo zd-QDUfUa937fFxHc$NV1XNB+i?*Yuq%6$IZ2*&#azd`e2$P~Z ztdSL@6c{=Axgd(~xAi6`rKu{y1xNCaF+fgU1Av^Aqf!+-NP7^@XLTUpadNZ3lRvVm zxcN(OCihyGQDmxu)`ZF7=q8E5K{wkdnr7Y_i}l~!4`wrj&>AczjXM~z?qHAtNtl=J zkJWNtgIDvH_33*^+<^e1q%mwfu#Fw966rH;)R)WauebNBv*(A0_2$XQ13XG-R=^Ay z9JZ<3A1qcvQhC`d$Z__CSC53p+67yj0HYY)%5Ob}v3Rg#5dv;LMX?{AFMXDvS~-9SBV^V?(_u(GqjVWpcE zD{;Y|-Ykt|mK&;PD?>LtJ-2WsV4%KHc#bXE2^Jt)I;iRb*+l57?zUMOddw{lnJQY) znU*gB%e*E^8sDFH$xcl6Zmj%2mbZ5_kd~`&>kX%@ur(wb*+A!QQ|8#1SunDZP0Ey* z6y7{5s#)%HG!{9LjonVT*geU@*5*&>ddKJQZIiXL+YX&=Mgq6TlOU%L0z4mT?!5PLc*;{$*kXQ*`CR{>aQ&lZ>dd6?{04`#a^gNMW<83h`(WQZ^V?S|H*FqA4*D zB5DxjZTQfz)CSae>lyOU9c5TLDM30!h&Ai1!Z}PMp5E?RVKEivJwHUZz$9AzaeGa9 z=^n7G|K5+T_ zuR%Ci64^`86cJUUyMQASE#7Kk|8|N=d<(Bh{3;EK%!Mz>bR!IVjM}i6F(ldn-Ca6> zzgrcF;>;_HB*eabhvLxW?J;zCsmXFjXAn4U@1izwTh#3vX(f>@aGg0!!=Nmrf7 zFY(nyI7604t6(cGz5nMfl6bB1igk&?BH{Jch@t!oNoii5v3ThFKh@DejXSKH4f`MJ_<>>iJr< zF+tZL!t&lk&q+2w5QybxUsrc`f~T0b>kz6Y$;X=b6I>jP#u%PuPVs#wbdvo5EhX;g z9P2Rk(+CMF-FohXy|G+$vjySqmQe)}P~p>Gp7)lO@t>r&tewh>a3+=D!u3e)K=G0K z5kr*Gn+Q*9i{7>l#yjGkV4L^TB3)VkfXApF~C=Ud?upSV;p@tG~I#(&uqzaQB-UHEA)G<{fh>6(R4GhbN78rd1o>@7| zQ#`rGv8hv2*`a_wmc#PbC?GM5y(EZcVT9BXJUufoutFtTHczJ5oBDd1rIT6?n>z0vAS^T6LqFW2_W#5Js6X8s7LRE#NJI0s>}CB$$TX0LRa0Q0JXCPp z%7e;MmN#m_=HupONUa9jA7{%KsrXJ-q%wR;}_dOj7muBmMiqu2j9 z$h`!J?7{RE!qU!z}{P#iMUMzcI^9J@c{FV1BH_VU~?CmPYzs z6o*NG4JSIk?CCsambh_fH>)ihNQXaUmsK=X{hbpV`97@gpET&bi(jL2a`0~`8L z3+h*!K$-%MTA@DItx&&i!&I74AX8}6z-`s%7Bg zYP>)gA*v*cypKQo{>KCD@6S=A{wt+_7WAj4KLP#myWdW`0xmuGe)@PNFO#ylA5Z_! z-SXSj&2n*baBzKcaIpHYe{!(*;oZCA{hOP^ljG~v@zufc@xki9JnxqP?|4(U?j0^F zU+Ri}Hx6n%L{lur$1lm&olkGr$4{bpGW$`B$xEBHT~JpA1+-$)h~#OCR$bx^NEa-c(f38#T`@9G5Sm*OY{DYYzOqc5{2shs! zp8UHnIZh|}-)n@7Vrllr`S*ua@6-#K_$~xFKIUyKFr$4}s>5G`3*sHfiaaUm7_aIT z3A-G-PDS;RqAETvLT|Ajl*mFcujexa4O2-%e{%Z69(hLp+NVG7>CZ9!iRcd(uvc2S zA{2R+*0rAr$^6L$eWx5brvD7-PoG0_hxz8s>Mwt@S&FOt0K5NVggA*iT&FaAgu#WQ zNMcX8#$xew_qcd|T;2Tiaj{5>vjyEeFXB&e(Y-&(wSe#Ni2eH7^FDZo-l0hH|Lc6u z`xh!prv2uMq)wQ$T0TB?y7UN~PVD|<;L%C@hTl17Fd>nhES4=^_$$`e%ez$(B3FT3 zC`B@|XB5}BH~t#HfW6NGo($yz2#EN*+6_y@!$`I_T6)H}m z&2+>kL6J9jnRjLo-**(X7Z!0?_>D=Scya?Ox-X8JIB4>!3e*>mU18}3cwjD!@fL7r zD0kVyP;T{AM}3sff~*X2o1`QD->xvg2!S2PSv1#+m0CP}G0so)BM%WmickOjFU815 z99tNbvp}nx|5c3GzVGzkJdoU}4^uD0%c=7Ss!%Zt8~ISN9BNR{!gLnRaw{X#lum=A zJf9T^g%Ai_u@YTji3D=FpC>q^qXJQ?bl@)UqN6^_npu-Y!qJ&_)s?}gaLW`KST#8- z#fhf}zjf3{^9swG2J`by?3b>v^b)-CO-}%8r3NcCG#phJgEAinO&u%cnzWsshj=1K zcrWX$)w1bJxJeKPSt1Z-;>KF`jkAM`((8 z83Iq`b)57%4$+z9m~CpMij`3@N5!nl!m`qc^cA$zq{S%Zu#P4zEF6;i5| zWjniJ6TWvUBk_=*&ziUrAc|6@6;H&2j`}F6OAND_=x=U_PKPRlL!hM!7Z;_96;FWX zid7ZhdVGv@Bt*i*dV?=R%5mE(HCV+RtCK3M6Xe_$XfP{A;4mhGuk;+n&CPxExh#EKO!?bBq(dQ_BcZw;mOtOyYQ4>`d*J4ot z{Dt1}1jW3htOQCwZE#`zYQ-uE=4mx=-H}=K1{X}&n$p))a}O>@7-h4h^0f-kJD#$k zCKL&0WkEd25pKb2v_ffB(dQuD96K}!s3(XTS` zO(&(qn!my$CP=K^iQ%>_bmF$Cb%xCa9zyu&xg*)|?SQmP3O#guDObJ{Gdq5$J-XN%sF8syDrf?D+CERlCI zgr&yZ1v~;=5S+n_m>F+;@N83%n?r4r`|wqExZU=%1>tPI4T>R7EC6VJ037VR+v;^|P7AZ)yl@(yYiMY|M40>K=ee zPlJ}O@zXqj_0wkOMLDl9O%mSB`sqzMZNgw4wW~)_s!Zj@M%nqq5k@G4Pq)OkM5njF z0uQZ(xOB@pi&DjkD7UxbnkTa&%Gxf5<>~_~ zrbs!`nQN@Hft6XQMLXIsMk#Cp;8BK7FRjAa2yW9nWl$QU4dbqOR+Y8rNmz@K50x>@ z((h^u8kFb=ioBiGnT*DIk$4tiA3(24O#|~orv^tU?se25_Wp?Ezv+)YieRgsW{INn z7p02TjQ-hl#vIL?SscOXnH6vD>a1{ZSD@_)#}uWCRZ9QVh9nH9Gs=soSpD9~!R#q3 za6bl@v*{~l#eYQSHm4u8seV#5bvr0J9@if(o&+7pI-crThxTdnUzAA{Tw!SJbyKUx4z!rR?LcQ;%0Uui;da2TihXJht1u3?B!gkrs ztdv6_g%e5xc!d(gbu8Kj@2({iFsupq`jo3m(MkI@wi z?^=_qH=rcT(Y)GiU}nW#xTck2MN>Isp_PeMiTMsp@0A+b!JIHGfPrHYBcu341Sdt(ym}(9k z6=@L8@nS8J@E7_VuEALDgQHfeSecDK$G9F>x^Oj$Vrh{F7=96!(h1_}n^sG|b%q=T zSZ!vAA6LYBGfQ&#VAeK%)>#|(OX9D!v%0D=8);48y3zZQ*spMtO)M%zp|Y={e`+g3 zvvM4AJTK5EX{@wKIJ445&k9SK966gw0&~)vMxG&UVk){AQE2F-jZ*Ur z`|m!U*6cXxEhDHSEOFYiKW4>$1m=}t9!?EX?70cdnNIbRCk2*r*i8`4l?%D{6h-Yd z6n_}u;J8yokSOKNBbiz4WBq`8ghaxQdfmA|=|weC&y=wcDM}Tq!CEh!&+?+(`C($+ zjROq(voZ~oAZ^udx^bE2Ns0Y)CVn81`pjmIMLTw&#AHR3Dy>XbQCv3xMm)tzujeYp zL^)1H(_>az7sxvts-jP3b%i@90xG6u3seKEJtSQ%s!((?8imr17a~cA@DYw&66_ml z@)bKAUL-*pB29zRU2Crx*9QqbU?kl^U$Hc@x%FO*$_$t<;7L9(u2!a*&C!h6Vj; zutExt?#R>+f+D~xszkz$q&KQ6k76H3d0MGrWi%>m6-0S~xsySx4}(F9PA{2@)*_@4 zKVF%O&W};kOvNf1U01uW$6x4udlnYM!!x#lczs0Qd*%(HfBt`_FVx`T-&WNkVstB_pogw_TldE?{L74b6 zJPxRpDy^7R-qqy^c0h5htL*|=D;|SYh1MQ6mXX}0Jyg+145n%kc#>eLQD7`q8ZguU z?!+REa9IU7yw*$*ByOhIv%}=3ofs=M)DVeY6E%;+2dzGsDGzbNRd}e;%+GNB9XvIx z_zTr{Vj5N>WC3$b!x+}U%Jc{^+Bx>hv@iarvm6JlGpJZK;-Hnea0ew=abK)PileZo zkbqmPjF?u9gy=%>*m;hPLu;Xe#vfO1{4EN^^f6^{P%=c%6|t z%4v_H1arq(+c7iNdIyOUZ-imA(|%E^%;Dv(Vs(-v!3=YEF{UxGScPu3YE)Yqq z6juusQGcwTHjPfuU~p+&%rm)4RU^d+U(PZ5w;KJIfjQP-$>Z|D1JD9)&(0gsj^} zz--j$QF_#J^LZ$$LX;Y;w2>Q=h8ZpTl}36OjpcL%oi)_7E}FH{HimJAGYgQnp|ef( zQ!2y}45`-@E7b?UJ`PuH#|>tswHsDSO~;OKe-{H|d*aB% zY9Kf7*MXuFi0J*Ax+kskWtK~F*wk;!PRB?m>F!nZ`rnEG%`1B6ujb&w06G8wr?feHuK zI35vLa~I#6r3Iy*2Z_L1lqwxQ(LdFe(ouxjC{9j9zsz%Bee#Yos5C4~Q4^w6vEmL} zW0hnTu6iRPmq`AiKYGW6UA(ZKwbM{hs#p#BfF!9Az`&e%oY0kuOFTn_6cSpg;=~hL zwG)e4u8In$Fojsav8QNL>5RVQNdxytY955xp&U=`AX<{enBN)g2x8*YkK??Z1DfQ9 z7`+#Y6O7q$yNhG}PHP!Oj>~XpZ*z$kh5nE$-C%_Zw zF$VIaJwV#(YvQBNUvQNlli7AJo)y(PM4rF=()F#hT%BXuhsR)u4O^t`&#^D6Q5`ex zd6||)yMkmwZMfy#1r-Q^SO@Gr;b1@v-6pmr3H(*l1ly!Ojv>XM$$=l5-n_}6=7orH zF48he+Cz3;D{4dRK<}`?X<6&OqQ*$NsN^B*B=NI(yXxb*(pd9|qP9>lXryJ1(LNC# z#I>yHZT7TEEbFM24zLJwxFE&ilxUcbHpMnpTbQNd>=UPHqJL*T_M)5}?)>Z*b5e2!^?9)hT$LJGSmK*cPdf3_o9K};V7y@yu>Ev3TAy62xD|bcUI2Y-F>F!<{@A-c0h6dQX|- zh?|+=c^goKS$m{a8k*fVZt@TT58`1M>Ii*sx*+XpCa z5IXM~hYgXWHuYvrv_1|E9kDS0QQMc(oQ2I~Yj|wY`j>$lAqqIgafr5S%WlLUJKQKn z(mbB4CCT88_PF(Tq<#aSUR=DbhbONjj zQ)(!{b0bC5H=opsm?#nSdIyD}O#k{l~OU)jGmo>W6 zV3s^95sqvH_czi+Q6p%#oZ}?95mjM=yGPUq^yfo2Is)OeN^l{T`J37>VhUhdljEp1 zn2T0z;&Mi;^CL)EQz|jfvT8CIFUt8mP5RfrNW5@S#$4AMw`)@v zDO!h#3%jU3B4du8W=R{-XJX=$7}deR>B0z4Lj-NWkLh&orpIkqRUXCQBY-<-#hTzU zAAP!u#Ew`bwTI58N!*Uq$^#XLi*<MVjb0fJoekLQ6A6R0|QeNu2a1# z=E2Oz?u;ES-hk2lyui)#+D8gx!qMc-eT%L)&akR5ibsY4oi`2=b8MB{2c%y}pgw3I zv=P(EHf+H}(AZ6;Jyu*5${kL@dh2ZnG1NHpbIgml=5@W%387K6$ChU8a8IFPr_c!{ zczL`CgrAstGqpaSLqvI6V$x;pDR_%QA8=-{5QC0=y1$kC& zfRq(DnQRAAbB4u3V@zV0;{*MR`S2b9cf+i%3c~@%s?6gWL4B+qQ}b4y(2;Rvlhp16 zv$*bfGh1zUV(!(=EU9r9kU8?EE88JB^6XgY$X2s@$`~HKdsZV>9J8V}a^9TzbF1en zWgWSTV+ffK^JXPhI*uh`aWlWY`DbzzzSrTn9mf!J>Ikzjw%X*#Erq8LJLs6ATI#sn zWidJO_{EtXR9!2Bxl*_udpIIuscCSX)vBYxk(qJDam{ET=s0435(lz)g_Y3aWrtSR zJR)=RVI8;Q7$H~z;W>63*&lfb*?}WEBpi{oTgoPmM$L@ssBJs0c_Xq*4$v#1bO6X= z@LpW}=M({SOCKAI*t`^%?!DjA`Cwxafv`9`z)GY&SpE2O$o;X_XK*d>;+_8`nv`le zykg)A;JUw~O5vvP@dGN2Q)EQTr=|Ci&W%3OBWy^Vu)4olZYZ-t{1>v5L-7OTUqEgW zYgm60gM)f{RPQaJjsFs_*@qn+-B%X3NK~YKt2P1b6G}--GWCB6}VP3>utd<}{p# zKYa{tpThO?{Zq@9V$3O>MzQ{Ki)0pUM#?oi1Xc3w`o68R15z<3uXuQ%G%^q2-D-LN z{E%+e&kuO+^lG*Flsw;Gix;xNa+1ypGv!!WoHq;Hy6~%uW|5xO_?ui*;hEQFouMoh zlKJ`a@prpet;8uvqmjH(vy%5V2BNmyKse>T+CUPkDen}d(O3-BO54T&)6Z_dJ>0Ec z$Nl{F+iK&+MG2cAblSBYfP%Z#%0ZD+l=iuV5dJ6jDsc2TN30314WmOvH+DvUc$`n@ zUusD8=|4~D56^u>0xBMR_+WvjQ#|(Yd_|q)ouo;Qh}iaqIkV>uoi47St@87SxfoRX z5B1Gg-_O^Qf)g3pI|oFu4cu)gWP2~xTvK5WMZM#w5?4QDb+qY(`dN_73(B zSH}zdV^93Kmj9xk_Vx~sCGGy+$%p0j=j+A6hpU^#{{GFo#rxIX4ZgbGJN$h7{@uyV zk)*wPw>-Q$et)#!KZo!4jusz2+^32k%eb9lSgK>Ek_8$Mv#x=^22#d`1pi zk*L@^%zP=4mEFHyjat%W!S+RRyk|7CK>ah+Q|4(ij_#i=0ez-%`2X!cX+EYI-y-?X zuLC#I{Olie{z2#KKmMRP-G6!wEJ)Qj^iTirPyg_bKm0SRKpx$HW>?+B`yYS!#~&j|U?2>DNs_)m}cPmlQ9KWnFdcHrOy|I7*gnG^goC;0#JoB&5w^LGaniPA$_`6FWz*ac?84gKe1V3kSj;N^H<=yT7 zuG&_D0IbW$%jMJc*A{~b3c-IXA}BFI2MW~TDMrd1gl?`k-?_$>-?!|IGF9sW32SjrvO&Q$B))A24p0w&)M}_l fEPl6s0(-=SjSOi6R|k_Qv#hhn{%I%9#r*#QM&zeF literal 0 HcmV?d00001 diff --git a/libs/libs.cmake b/libs/libs.cmake new file mode 100644 index 0000000..d249f3b --- /dev/null +++ b/libs/libs.cmake @@ -0,0 +1,20 @@ +if(${CMAKE_SIZEOF_VOID_P} EQUAL 8) + set(Detours ${CMAKE_CURRENT_LIST_DIR}/Detours-4.0.1/lib.X64/detours.lib) +else() + set(YY_Thunks_for_WinXP ${CMAKE_CURRENT_LIST_DIR}/YY-Thunks-1.0.7-Binary/objs/X86/YY_Thunks_for_WinXP.obj) + set(Detours ${CMAKE_CURRENT_LIST_DIR}/Detours-4.0.1/lib.X86/detours.lib) +endif() + +add_subdirectory(${CMAKE_CURRENT_LIST_DIR}/minhook) + +include_directories(${CMAKE_CURRENT_LIST_DIR}) +include_directories(${CMAKE_CURRENT_LIST_DIR}/Detours-4.0.1/include) + + + +if(${CMAKE_SIZEOF_VOID_P} EQUAL 4) + set(LTLPlatform "Win32") + set(SupportWinXP "true") +endif() +#https://github.com/Chuyu-Team/VC-LTL5 +include("${CMAKE_CURRENT_LIST_DIR}/VC-LTL helper for cmake.cmake") \ No newline at end of file diff --git a/libs/minhook/.editorconfig b/libs/minhook/.editorconfig new file mode 100644 index 0000000..36c09e6 --- /dev/null +++ b/libs/minhook/.editorconfig @@ -0,0 +1,22 @@ +# EditorConfig is awesome: http://EditorConfig.org + +# top-most EditorConfig file +root = true + +# Windows-style newlines with a newline ending every file +[*] +end_of_line = crlf +insert_final_newline = true + +# 4 space indentation +[*.{c,h,def}] +indent_style = space +indent_size = 4 + +# Trim trailing whitespaces +[*.{c,h,def,txt}] +trim_trailing_whitespace = true + +# UTF-8 with BOM +[*.{c,h,def,txt}] +charset=utf-8-bom diff --git a/libs/minhook/.gitignore b/libs/minhook/.gitignore new file mode 100644 index 0000000..ad165d5 --- /dev/null +++ b/libs/minhook/.gitignore @@ -0,0 +1,44 @@ +#OS junk files +[Tt]humbs.db +*.DS_Store + +#Visual Studio files +*.[Oo]bj +*.user +*.aps +*.pch +*.vspscc +*.vssscc +*_i.c +*_p.c +*.ncb +*.suo +*.tlb +*.tlh +*.bak +*.[Cc]ache +*.ilk +*.log +*.sbr +*.sdf +*.opensdf +*.unsuccessfulbuild +ipch/ +obj/ +[Ll]ib +[Bb]in +[Dd]ebug*/ +[Rr]elease*/ +Ankh.NoLoad +*.VC.db +.vs/ + +#GCC files +*.o +*.d +*.res +*.dll +*.a + +#Visual Studio Code files +.vscode/ diff --git a/libs/minhook/AUTHORS.txt b/libs/minhook/AUTHORS.txt new file mode 100644 index 0000000..ebef1a6 --- /dev/null +++ b/libs/minhook/AUTHORS.txt @@ -0,0 +1,8 @@ +Tsuda Kageyu + Creator, maintainer + +Michael Maltsev + Added "Queue" functions. A lot of bug fixes. + +Andrey Unis + Rewrote the hook engine in plain C. diff --git a/libs/minhook/CMakeLists.txt b/libs/minhook/CMakeLists.txt new file mode 100644 index 0000000..842b1c2 --- /dev/null +++ b/libs/minhook/CMakeLists.txt @@ -0,0 +1,141 @@ +# MinHook - The Minimalistic API Hooking Library for x64/x86 +# Copyright (C) 2009-2017 Tsuda Kageyu. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A +# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER +# OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, +# EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR +# PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF +# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +#cmake_minimum_required(VERSION 3.0) + +project(minhook LANGUAGES C) + +include(CMakePackageConfigHelpers) + +set(MINHOOK_MAJOR_VERSION 1) +set(MINHOOK_MINOR_VERSION 3) +set(MINHOOK_PATCH_VERSION 3) +set(MINHOOK_VERSION ${MINHOOK_MAJOR_VERSION}.${MINHOOK_MINOR_VERSION}.${MINHOOK_PATCH_VERSION}) + +################ +# BUILD # +################ + +option(BUILD_SHARED_LIBS "build shared version" OFF) + +set(SOURCES_MINHOOK + "src/buffer.c" + "src/hook.c" + "src/trampoline.c" +) + +if(CMAKE_SIZEOF_VOID_P EQUAL 8) + set(SOURCES_HDE "src/hde/hde64.c") +else() + set(SOURCES_HDE "src/hde/hde32.c") +endif() + +if(BUILD_SHARED_LIBS) + set(RESOURCES + "dll_resources/minhook.rc" + "dll_resources/minhook.def" + ) +endif() + +add_library(minhook ${SOURCES_MINHOOK} ${SOURCES_HDE} ${RESOURCES}) + +target_include_directories(minhook PUBLIC + $ + $ +) + +target_include_directories(minhook PRIVATE "src/") +target_include_directories(minhook PRIVATE "src/hde/") + +if(WIN32) + set_target_properties(minhook PROPERTIES PREFIX "") + if(CMAKE_SIZEOF_VOID_P EQUAL 8) + set_target_properties(minhook PROPERTIES DEBUG_POSTFIX ".x64d") + set_target_properties(minhook PROPERTIES RELEASE_POSTFIX ".x64") + set_target_properties(minhook PROPERTIES RELWITHDEBINFO_POSTFIX ".x64") + set_target_properties(minhook PROPERTIES MINSIZEREL_POSTFIX ".x64") + else() + set_target_properties(minhook PROPERTIES DEBUG_POSTFIX ".x32d") + set_target_properties(minhook PROPERTIES RELEASE_POSTFIX ".x32") + set_target_properties(minhook PROPERTIES RELWITHDEBINFO_POSTFIX ".x32") + set_target_properties(minhook PROPERTIES MINSIZEREL_POSTFIX ".x64") + endif() +else() + set_target_properties(minhook PROPERTIES PREFIX "lib") + set_target_properties(minhook PROPERTIES POSTFIX "") + set_target_properties(minhook PROPERTIES DEBUG_POSTFIX "d") +endif() + +################ +# CMAKE CONFIG # +################ + +configure_package_config_file( + "cmake/minhook-config.cmake.in" + "minhook-config.cmake" + INSTALL_DESTINATION + "lib/minhook" +) + +write_basic_package_version_file( + "minhook-config-version.cmake" +VERSION + ${MINHOOK_VERSION} +COMPATIBILITY + AnyNewerVersion +) + +install( + FILES + "${CMAKE_CURRENT_BINARY_DIR}/minhook-config.cmake" + "${CMAKE_CURRENT_BINARY_DIR}/minhook-config-version.cmake" + DESTINATION + "lib/minhook" +) + +################### +# INSTALL # +################### + +install(TARGETS minhook + EXPORT minhook-targets + RUNTIME DESTINATION "bin" + ARCHIVE DESTINATION "lib" + LIBRARY DESTINATION "lib" +) + +install( + EXPORT + minhook-targets + NAMESPACE + minhook:: + DESTINATION + "lib/minhook" +) + +install( + DIRECTORY include DESTINATION . +) diff --git a/libs/minhook/LICENSE.txt b/libs/minhook/LICENSE.txt new file mode 100644 index 0000000..74dea27 --- /dev/null +++ b/libs/minhook/LICENSE.txt @@ -0,0 +1,81 @@ +MinHook - The Minimalistic API Hooking Library for x64/x86 +Copyright (C) 2009-2017 Tsuda Kageyu. +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A +PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER +OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, +EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR +PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF +LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +================================================================================ +Portions of this software are Copyright (c) 2008-2009, Vyacheslav Patkov. +================================================================================ +Hacker Disassembler Engine 32 C +Copyright (c) 2008-2009, Vyacheslav Patkov. +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A +PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR +CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, +EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR +PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF +LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +------------------------------------------------------------------------------- +Hacker Disassembler Engine 64 C +Copyright (c) 2008-2009, Vyacheslav Patkov. +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A +PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR +CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, +EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR +PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF +LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/libs/minhook/README.md b/libs/minhook/README.md new file mode 100644 index 0000000..21cc7d5 --- /dev/null +++ b/libs/minhook/README.md @@ -0,0 +1,87 @@ +# MinHook + +[![License](https://img.shields.io/badge/License-BSD%202--Clause-orange.svg)](https://opensource.org/licenses/BSD-2-Clause) + +The Minimalistic x86/x64 API Hooking Library for Windows + +http://www.codeproject.com/KB/winsdk/LibMinHook.aspx + +### Version history + +- **v1.3.3 - 8 Jan 2017** + * Added a helper function ```MH_CreateHookApiEx```. (Thanks to asm256) + * Support Visual Studio 2017 RC. + +- **v1.3.2.1 - 9 Nov 2015** (Nuget package only) + * Fixed an insufficient support for Visual Studio 2015. + +- **v1.3.2 - 1 Nov 2015** + * Support Visual Studio 2015. + * Support MinGW. + +- **v1.3.2-beta3 - 21 Jul 2015** (Nuget package only) + * Support MinGW. (Experimental) + +- **v1.3.2-beta2 - 18 May 2015** + * Fixed some subtle bugs. (Thanks to RaMMicHaeL) + * Added a helper function ```MH_StatusToString```. (Thanks to Jan Klass) + +- **v1.3.2-beta - 12 May 2015** + * Fixed a possible thread deadlock in x64 mode. (Thanks to Aleh Kazakevich) + * Reduced the footprint a little more. + * Support Visual Studio 2015 RC. (Experimental) + +- **v1.3.1.1 - 7 Apr 2015** (Nuget package only) + * Support for WDK8.0 and 8.1. + +- **v1.3.1 - 19 Mar 2015** + * No major changes from v1.3.1-beta. + +- **v1.3.1-beta - 11 Mar 2015** + * Added a helper function ```MH_CreateHookApi```. (Thanks to uniskz). + * Fixed a false memory leak reported by some tools. + * Fixed a degradated compatibility issue. + +- **v1.3 - 13 Sep 2014** + * No major changes from v1.3-beta3. + +- **v1.3-beta3 - 31 Jul 2014** + * Fixed some small bugs. + * Improved the memory management. + +- **v1.3-beta2 - 21 Jul 2014** + * Changed the parameters to Windows-friendly types. (void* to LPVOID) + * Fixed some small bugs. + * Reorganized the source files. + * Reduced the footprint a little more. + +- **v1.3-beta - 17 Jul 2014** + * Rewrote in plain C to reduce the footprint and memory usage. (suggested by Andrey Unis) + * Simplified the overall code base to make it more readable and maintainable. + * Changed the license from 3-clause to 2-clause BSD License. + +- **v1.2 - 28 Sep 2013** + * Removed boost dependency ([jarredholman](https://github.com/jarredholman/minhook)). + * Fixed a small bug in the GetRelativeBranchDestination function ([pillbug99](http://www.codeproject.com/Messages/4058892/Small-Bug-Found.aspx)). + * Added the ```MH_RemoveHook``` function, which removes a hook created with the ```MH_CreateHook``` function. + * Added the following functions to enable or disable multiple hooks in one go: ```MH_QueueEnableHook```, ```MH_QueueDisableHook```, ```MH_ApplyQueued```. This is the preferred way of handling multiple hooks as every call to `MH_EnableHook` or `MH_DisableHook` suspends and resumes all threads. + * Made the functions ```MH_EnableHook``` and ```MH_DisableHook``` enable/disable all created hooks when the ```MH_ALL_HOOKS``` parameter is passed. This, too, is an efficient way of handling multiple hooks. + * If the target function is too small to be patched with a jump, MinHook tries to place the jump above the function. If that fails as well, the ```MH_CreateHook``` function returns ```MH_ERROR_UNSUPPORTED_FUNCTION```. This fixes an issue of hooking the LoadLibraryExW function on Windows 7 x64 ([reported by Obble](http://www.codeproject.com/Messages/4578613/Re-Bug-LoadLibraryExW-hook-fails-on-windows-2008-r.aspx)). + +- **v1.1 - 26 Nov 2009** + * Changed the interface to create a hook and a trampoline function in one go to prevent the detour function from being called before the trampoline function is created. ([reported by xliqz](http://www.codeproject.com/Messages/3280374/Unsafe.aspx)) + * Shortened the function names from ```MinHook_*``` to ```MH_*``` to make them handier. + +- **v1.0 - 22 Nov 2009** + * Initial release. + +### Building MinHook - Using vcpkg + +You can download and install MinHook using the [vcpkg](https://github.com/Microsoft/vcpkg) dependency manager: + + git clone https://github.com/microsoft/vcpkg + .\vcpkg\bootstrap-vcpkg.bat + .\vcpkg\vcpkg integrate install + .\vcpkg\vcpkg install minhook + +The MinHook port in vcpkg is kept up to date by Microsoft team members and community contributors. If the version is out of date, please [create an issue or pull request](https://github.com/Microsoft/vcpkg) on the vcpkg repository. diff --git a/libs/minhook/build/MinGW/Makefile b/libs/minhook/build/MinGW/Makefile new file mode 100644 index 0000000..cc16725 --- /dev/null +++ b/libs/minhook/build/MinGW/Makefile @@ -0,0 +1,33 @@ +WINDRES:=$(CROSS_PREFIX)windres +DLLTOOL:=$(CROSS_PREFIX)dlltool +AR:=$(CROSS_PREFIX)ar +CC:=$(CROSS_PREFIX)gcc +CCLD:=$(CC) +SRCS:=$(wildcard src/*.c src/hde/*.c) +OBJS:=$(SRCS:%.c=%.o) +DEPS:=$(SRCS:%.c=%.d) +INCS:=-Isrc -Iinclude +CFLAGS:=-masm=intel -Wall -Werror -std=c11 +LDFLAGS:=-Wl,-enable-stdcall-fixup -s -static-libgcc + +all: MinHook.dll libMinHook.dll.a libMinHook.a + +-include $(DEPS) + +libMinHook.a: $(OBJS) + $(AR) r $@ $^ +libMinHook.dll.a: MinHook.dll dll_resources/MinHook.def + $(DLLTOOL) --dllname MinHook.dll --def dll_resources/MinHook.def --output-lib $@ +MinHook.dll: $(OBJS) dll_resources/MinHook.res dll_resources/MinHook.def + $(CCLD) -o $@ -shared $(LDFLAGS) $^ + +.rc.res: + $(WINDRES) -o $@ --input-format=rc --output-format=coff $< +.c.o: + $(CC) -o $@ -c -MMD -MP $(INCS) $(CFLAGS) $< + +clean: + rm -f $(OBJS) $(DEPS) MinHook.dll libMinHook.dll.a libMinHook.a dll_resources/MinHook.res + +.PHONY: clean +.SUFFIXES: .rc .res diff --git a/libs/minhook/build/MinGW/make.bat b/libs/minhook/build/MinGW/make.bat new file mode 100644 index 0000000..7671878 --- /dev/null +++ b/libs/minhook/build/MinGW/make.bat @@ -0,0 +1 @@ +windres -i ../../dll_resources/MinHook.rc -o MinHook_rc.o && dllwrap --driver-name g++ -o MinHook.dll -masm=intel --def ../../dll_resources/MinHook.def -Wl,-enable-stdcall-fixup -Wall MinHook_rc.o ../../src/*.c ../../src/HDE/*.c -I../../include -I../../src -Werror -std=c++11 -s -static-libgcc -static-libstdc++|| pause \ No newline at end of file diff --git a/libs/minhook/build/VC10/MinHook.vcxproj b/libs/minhook/build/VC10/MinHook.vcxproj new file mode 100644 index 0000000..3944d80 --- /dev/null +++ b/libs/minhook/build/VC10/MinHook.vcxproj @@ -0,0 +1,189 @@ + + + + + Debug + Win32 + + + Debug + x64 + + + Release + Win32 + + + Release + x64 + + + + {027FAC75-3FDB-4044-8DD0-BC297BD4C461} + MinHook + Win32Proj + + + + DynamicLibrary + Unicode + true + + + DynamicLibrary + Unicode + + + DynamicLibrary + Unicode + true + + + DynamicLibrary + Unicode + + + + + + + + + + + + + + + + + + + <_ProjectFileVersion>10.0.40219.1 + $(SolutionDir)bin\$(Configuration)\ + $(Platform)\$(Configuration)\$(ProjectName)\ + true + $(SolutionDir)bin\$(Configuration)\ + $(Platform)\$(Configuration)\$(ProjectName)\ + true + $(SolutionDir)bin\$(Configuration)\ + $(Platform)\$(Configuration)\$(ProjectName)\ + false + $(SolutionDir)bin\$(Configuration)\ + $(Platform)\$(Configuration)\$(ProjectName)\ + false + $(ProjectName).x86 + $(ProjectName).x86 + $(ProjectName).x64 + $(ProjectName).x64 + + + + Disabled + WIN32;_DEBUG;_WINDOWS;_USRDLL;MINHOOK_EXPORTS;%(PreprocessorDefinitions) + false + EnableFastChecks + MultiThreadedDebug + + + Level3 + + + + + $(SolutionDir)..\..\dll_resources\MinHook.def + false + Windows + MachineX86 + $(SolutionDir)lib\$(Configuration)\libMinHook.x86.lib;%(AdditionalDependencies) + + + + + X64 + + + Disabled + WIN32;_DEBUG;_WINDOWS;_USRDLL;MINHOOK_EXPORTS;%(PreprocessorDefinitions) + false + EnableFastChecks + MultiThreadedDebug + + + Level3 + + + + + $(SolutionDir)..\..\dll_resources\MinHook.def + false + Windows + MachineX64 + $(SolutionDir)lib\$(Configuration)\libMinHook.x64.lib;%(AdditionalDependencies) + + + + + MinSpace + true + WIN32;NDEBUG;_WINDOWS;_USRDLL;MINHOOK_EXPORTS;%(PreprocessorDefinitions) + MultiThreaded + true + + + Level3 + + + false + + + $(SolutionDir)..\..\dll_resources\MinHook.def + false + Windows + true + true + MachineX86 + $(SolutionDir)lib\$(Configuration)\libMinHook.x86.lib;%(AdditionalDependencies) + true + .CRT=.text + + + + + X64 + + + MinSpace + true + WIN32;NDEBUG;_WINDOWS;_USRDLL;MINHOOK_EXPORTS;%(PreprocessorDefinitions) + MultiThreaded + true + + + Level3 + + + false + + + $(SolutionDir)..\..\dll_resources\MinHook.def + false + Windows + true + true + MachineX64 + $(SolutionDir)lib\$(Configuration)\libMinHook.x64.lib;%(AdditionalDependencies) + true + .CRT=.text + + + + + + + + + + + + \ No newline at end of file diff --git a/libs/minhook/build/VC10/MinHookVC10.sln b/libs/minhook/build/VC10/MinHookVC10.sln new file mode 100644 index 0000000..dcc1d5c --- /dev/null +++ b/libs/minhook/build/VC10/MinHookVC10.sln @@ -0,0 +1,39 @@ + +Microsoft Visual Studio Solution File, Format Version 11.00 +# Visual Studio 2010 +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "libMinHook", "libMinHook.vcxproj", "{F142A341-5EE0-442D-A15F-98AE9B48DBAE}" +EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "MinHook", "MinHook.vcxproj", "{027FAC75-3FDB-4044-8DD0-BC297BD4C461}" + ProjectSection(ProjectDependencies) = postProject + {F142A341-5EE0-442D-A15F-98AE9B48DBAE} = {F142A341-5EE0-442D-A15F-98AE9B48DBAE} + EndProjectSection +EndProject +Global + GlobalSection(SolutionConfigurationPlatforms) = preSolution + Debug|Win32 = Debug|Win32 + Debug|x64 = Debug|x64 + Release|Win32 = Release|Win32 + Release|x64 = Release|x64 + EndGlobalSection + GlobalSection(ProjectConfigurationPlatforms) = postSolution + {F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Debug|Win32.ActiveCfg = Debug|Win32 + {F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Debug|Win32.Build.0 = Debug|Win32 + {F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Debug|x64.ActiveCfg = Debug|x64 + {F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Debug|x64.Build.0 = Debug|x64 + {F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Release|Win32.ActiveCfg = Release|Win32 + {F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Release|Win32.Build.0 = Release|Win32 + {F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Release|x64.ActiveCfg = Release|x64 + {F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Release|x64.Build.0 = Release|x64 + {027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Debug|Win32.ActiveCfg = Debug|Win32 + {027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Debug|Win32.Build.0 = Debug|Win32 + {027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Debug|x64.ActiveCfg = Debug|x64 + {027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Debug|x64.Build.0 = Debug|x64 + {027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Release|Win32.ActiveCfg = Release|Win32 + {027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Release|Win32.Build.0 = Release|Win32 + {027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Release|x64.ActiveCfg = Release|x64 + {027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Release|x64.Build.0 = Release|x64 + EndGlobalSection + GlobalSection(SolutionProperties) = preSolution + HideSolutionNode = FALSE + EndGlobalSection +EndGlobal diff --git a/libs/minhook/build/VC10/libMinHook.vcxproj b/libs/minhook/build/VC10/libMinHook.vcxproj new file mode 100644 index 0000000..589ff9a --- /dev/null +++ b/libs/minhook/build/VC10/libMinHook.vcxproj @@ -0,0 +1,172 @@ + + + + + Debug + Win32 + + + Debug + x64 + + + Release + Win32 + + + Release + x64 + + + + {F142A341-5EE0-442D-A15F-98AE9B48DBAE} + libMinHook + Win32Proj + + + + StaticLibrary + Unicode + true + + + StaticLibrary + Unicode + + + StaticLibrary + Unicode + true + + + StaticLibrary + Unicode + + + + + + + + + + + + + + + + + + + <_ProjectFileVersion>10.0.40219.1 + $(SolutionDir)lib\$(Configuration)\ + $(Platform)\$(Configuration)\$(ProjectName)\ + $(SolutionDir)lib\$(Configuration)\ + $(Platform)\$(Configuration)\$(ProjectName)\ + $(SolutionDir)lib\$(Configuration)\ + $(Platform)\$(Configuration)\$(ProjectName)\ + $(SolutionDir)lib\$(Configuration)\ + $(Platform)\$(Configuration)\$(ProjectName)\ + $(ProjectName).x86 + $(ProjectName).x86 + $(ProjectName).x64 + $(ProjectName).x64 + + + + Disabled + %(AdditionalIncludeDirectories) + WIN32;_DEBUG;_LIB;STRICT;%(PreprocessorDefinitions) + false + EnableFastChecks + MultiThreadedDebug + Level3 + + + false + + + + + + X64 + + + Disabled + %(AdditionalIncludeDirectories) + WIN32;_DEBUG;_LIB;STRICT;%(PreprocessorDefinitions) + false + EnableFastChecks + MultiThreadedDebug + Level3 + + + false + + + + + + MinSpace + true + %(AdditionalIncludeDirectories) + WIN32;NDEBUG;_LIB;STRICT;%(PreprocessorDefinitions) + false + MultiThreaded + true + Level3 + + + true + AnySuitable + + + + + + X64 + + + MinSpace + true + %(AdditionalIncludeDirectories) + WIN32;NDEBUG;_LIB;STRICT;%(PreprocessorDefinitions) + false + MultiThreaded + true + Level3 + + + true + AnySuitable + + + + + + + true + true + + + true + true + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/libs/minhook/build/VC10/libMinHook.vcxproj.filters b/libs/minhook/build/VC10/libMinHook.vcxproj.filters new file mode 100644 index 0000000..f2d1d97 --- /dev/null +++ b/libs/minhook/build/VC10/libMinHook.vcxproj.filters @@ -0,0 +1,55 @@ + + + + + Source Files + + + Source Files + + + Source Files + + + HDE + + + HDE + + + + + Header Files + + + Header Files + + + + HDE + + + HDE + + + HDE + + + HDE + + + HDE + + + + + {9d24b740-be2e-4cfd-b9a4-340a50946ee9} + + + {76381bc7-2863-4cc5-aede-926ec2c506e4} + + + {56ddb326-6179-430d-ae19-e13bfd767bfa} + + + \ No newline at end of file diff --git a/libs/minhook/build/VC11/MinHook.vcxproj b/libs/minhook/build/VC11/MinHook.vcxproj new file mode 100644 index 0000000..4c0e212 --- /dev/null +++ b/libs/minhook/build/VC11/MinHook.vcxproj @@ -0,0 +1,189 @@ + + + + + Debug + Win32 + + + Debug + x64 + + + Release + Win32 + + + Release + x64 + + + + {027FAC75-3FDB-4044-8DD0-BC297BD4C461} + MinHook + Win32Proj + + + + DynamicLibrary + Unicode + true + v110_xp + + + DynamicLibrary + Unicode + v110_xp + + + DynamicLibrary + Unicode + true + v110_xp + + + DynamicLibrary + Unicode + v110_xp + + + + + + + + + + + + + + + + + + + <_ProjectFileVersion>10.0.40219.1 + $(SolutionDir)bin\$(Configuration)\ + $(Platform)\$(Configuration)\$(ProjectName)\ + true + $(SolutionDir)bin\$(Configuration)\ + $(Platform)\$(Configuration)\$(ProjectName)\ + true + $(SolutionDir)bin\$(Configuration)\ + $(Platform)\$(Configuration)\$(ProjectName)\ + false + $(SolutionDir)bin\$(Configuration)\ + $(Platform)\$(Configuration)\$(ProjectName)\ + false + $(ProjectName).x86 + $(ProjectName).x86 + $(ProjectName).x64 + $(ProjectName).x64 + + + + Disabled + WIN32;_DEBUG;_WINDOWS;_USRDLL;MINHOOK_EXPORTS;%(PreprocessorDefinitions) + false + EnableFastChecks + MultiThreadedDebug + + + Level3 + None + + + $(SolutionDir)..\..\dll_resources\MinHook.def + false + Windows + MachineX86 + $(SolutionDir)lib\$(Configuration)\libMinHook.x86.lib;%(AdditionalDependencies) + + + + + X64 + + + Disabled + WIN32;_DEBUG;_WINDOWS;_USRDLL;MINHOOK_EXPORTS;%(PreprocessorDefinitions) + false + EnableFastChecks + MultiThreadedDebug + + + Level3 + None + + + $(SolutionDir)..\..\dll_resources\MinHook.def + false + Windows + MachineX64 + $(SolutionDir)lib\$(Configuration)\libMinHook.x64.lib;%(AdditionalDependencies) + + + + + MinSpace + true + WIN32;NDEBUG;_WINDOWS;_USRDLL;MINHOOK_EXPORTS;%(PreprocessorDefinitions) + MultiThreaded + true + + + Level3 + None + false + + + $(SolutionDir)..\..\dll_resources\MinHook.def + false + Windows + true + true + MachineX86 + $(SolutionDir)lib\$(Configuration)\libMinHook.x86.lib;%(AdditionalDependencies) + true + .CRT=.text + + + + + X64 + + + MinSpace + true + WIN32;NDEBUG;_WINDOWS;_USRDLL;MINHOOK_EXPORTS;%(PreprocessorDefinitions) + MultiThreaded + true + + + Level3 + None + false + + + $(SolutionDir)..\..\dll_resources\MinHook.def + false + Windows + true + true + MachineX64 + $(SolutionDir)lib\$(Configuration)\libMinHook.x64.lib;%(AdditionalDependencies) + true + .CRT=.text + + + + + + + + + + + + \ No newline at end of file diff --git a/libs/minhook/build/VC11/MinHookVC11.sln b/libs/minhook/build/VC11/MinHookVC11.sln new file mode 100644 index 0000000..5b56553 --- /dev/null +++ b/libs/minhook/build/VC11/MinHookVC11.sln @@ -0,0 +1,39 @@ + +Microsoft Visual Studio Solution File, Format Version 12.00 +# Visual Studio 2012 +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "libMinHook", "libMinHook.vcxproj", "{F142A341-5EE0-442D-A15F-98AE9B48DBAE}" +EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "MinHook", "MinHook.vcxproj", "{027FAC75-3FDB-4044-8DD0-BC297BD4C461}" + ProjectSection(ProjectDependencies) = postProject + {F142A341-5EE0-442D-A15F-98AE9B48DBAE} = {F142A341-5EE0-442D-A15F-98AE9B48DBAE} + EndProjectSection +EndProject +Global + GlobalSection(SolutionConfigurationPlatforms) = preSolution + Debug|Win32 = Debug|Win32 + Debug|x64 = Debug|x64 + Release|Win32 = Release|Win32 + Release|x64 = Release|x64 + EndGlobalSection + GlobalSection(ProjectConfigurationPlatforms) = postSolution + {F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Debug|Win32.ActiveCfg = Debug|Win32 + {F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Debug|Win32.Build.0 = Debug|Win32 + {F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Debug|x64.ActiveCfg = Debug|x64 + {F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Debug|x64.Build.0 = Debug|x64 + {F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Release|Win32.ActiveCfg = Release|Win32 + {F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Release|Win32.Build.0 = Release|Win32 + {F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Release|x64.ActiveCfg = Release|x64 + {F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Release|x64.Build.0 = Release|x64 + {027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Debug|Win32.ActiveCfg = Debug|Win32 + {027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Debug|Win32.Build.0 = Debug|Win32 + {027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Debug|x64.ActiveCfg = Debug|x64 + {027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Debug|x64.Build.0 = Debug|x64 + {027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Release|Win32.ActiveCfg = Release|Win32 + {027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Release|Win32.Build.0 = Release|Win32 + {027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Release|x64.ActiveCfg = Release|x64 + {027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Release|x64.Build.0 = Release|x64 + EndGlobalSection + GlobalSection(SolutionProperties) = preSolution + HideSolutionNode = FALSE + EndGlobalSection +EndGlobal diff --git a/libs/minhook/build/VC11/libMinHook.vcxproj b/libs/minhook/build/VC11/libMinHook.vcxproj new file mode 100644 index 0000000..1a65499 --- /dev/null +++ b/libs/minhook/build/VC11/libMinHook.vcxproj @@ -0,0 +1,172 @@ + + + + + Debug + Win32 + + + Debug + x64 + + + Release + Win32 + + + Release + x64 + + + + {F142A341-5EE0-442D-A15F-98AE9B48DBAE} + libMinHook + Win32Proj + + + + StaticLibrary + Unicode + true + v110_xp + + + StaticLibrary + Unicode + v110_xp + + + StaticLibrary + Unicode + true + v110_xp + + + StaticLibrary + Unicode + v110_xp + + + + + + + + + + + + + + + + + + + <_ProjectFileVersion>10.0.40219.1 + $(SolutionDir)lib\$(Configuration)\ + $(Platform)\$(Configuration)\$(ProjectName)\ + $(SolutionDir)lib\$(Configuration)\ + $(Platform)\$(Configuration)\$(ProjectName)\ + $(SolutionDir)lib\$(Configuration)\ + $(Platform)\$(Configuration)\$(ProjectName)\ + $(SolutionDir)lib\$(Configuration)\ + $(Platform)\$(Configuration)\$(ProjectName)\ + $(ProjectName).x86 + $(ProjectName).x86 + $(ProjectName).x64 + $(ProjectName).x64 + + + + Disabled + %(AdditionalIncludeDirectories) + WIN32;_DEBUG;_LIB;STRICT;%(PreprocessorDefinitions) + false + EnableFastChecks + MultiThreadedDebug + Level3 + None + NoExtensions + + + + + + X64 + + + Disabled + %(AdditionalIncludeDirectories) + WIN32;_DEBUG;_LIB;STRICT;%(PreprocessorDefinitions) + false + EnableFastChecks + MultiThreadedDebug + Level3 + None + + + + + + MinSpace + true + %(AdditionalIncludeDirectories) + WIN32;NDEBUG;_LIB;STRICT;%(PreprocessorDefinitions) + false + MultiThreaded + true + Level3 + None + true + AnySuitable + NoExtensions + + + + + + X64 + + + MinSpace + true + %(AdditionalIncludeDirectories) + WIN32;NDEBUG;_LIB;STRICT;%(PreprocessorDefinitions) + false + MultiThreaded + true + Level3 + None + true + AnySuitable + + + + + + + true + true + + + true + true + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/libs/minhook/build/VC11/libMinHook.vcxproj.filters b/libs/minhook/build/VC11/libMinHook.vcxproj.filters new file mode 100644 index 0000000..f2d1d97 --- /dev/null +++ b/libs/minhook/build/VC11/libMinHook.vcxproj.filters @@ -0,0 +1,55 @@ + + + + + Source Files + + + Source Files + + + Source Files + + + HDE + + + HDE + + + + + Header Files + + + Header Files + + + + HDE + + + HDE + + + HDE + + + HDE + + + HDE + + + + + {9d24b740-be2e-4cfd-b9a4-340a50946ee9} + + + {76381bc7-2863-4cc5-aede-926ec2c506e4} + + + {56ddb326-6179-430d-ae19-e13bfd767bfa} + + + \ No newline at end of file diff --git a/libs/minhook/build/VC12/MinHook.vcxproj b/libs/minhook/build/VC12/MinHook.vcxproj new file mode 100644 index 0000000..40ec836 --- /dev/null +++ b/libs/minhook/build/VC12/MinHook.vcxproj @@ -0,0 +1,189 @@ + + + + + Debug + Win32 + + + Debug + x64 + + + Release + Win32 + + + Release + x64 + + + + {027FAC75-3FDB-4044-8DD0-BC297BD4C461} + MinHook + Win32Proj + + + + DynamicLibrary + Unicode + true + v120_xp + + + DynamicLibrary + Unicode + v120_xp + + + DynamicLibrary + Unicode + true + v120_xp + + + DynamicLibrary + Unicode + v120_xp + + + + + + + + + + + + + + + + + + + <_ProjectFileVersion>10.0.40219.1 + $(SolutionDir)bin\$(Configuration)\ + $(Platform)\$(Configuration)\$(ProjectName)\ + true + $(SolutionDir)bin\$(Configuration)\ + $(Platform)\$(Configuration)\$(ProjectName)\ + true + $(SolutionDir)bin\$(Configuration)\ + $(Platform)\$(Configuration)\$(ProjectName)\ + false + $(SolutionDir)bin\$(Configuration)\ + $(Platform)\$(Configuration)\$(ProjectName)\ + false + $(ProjectName).x86 + $(ProjectName).x86 + $(ProjectName).x64 + $(ProjectName).x64 + + + + Disabled + WIN32;_DEBUG;_WINDOWS;_USRDLL;MINHOOK_EXPORTS;%(PreprocessorDefinitions) + false + EnableFastChecks + MultiThreadedDebug + + + Level3 + None + + + $(SolutionDir)..\..\dll_resources\MinHook.def + false + Windows + MachineX86 + $(SolutionDir)lib\$(Configuration)\libMinHook.x86.lib;%(AdditionalDependencies) + + + + + X64 + + + Disabled + WIN32;_DEBUG;_WINDOWS;_USRDLL;MINHOOK_EXPORTS;%(PreprocessorDefinitions) + false + EnableFastChecks + MultiThreadedDebug + + + Level3 + None + + + $(SolutionDir)..\..\dll_resources\MinHook.def + false + Windows + MachineX64 + $(SolutionDir)lib\$(Configuration)\libMinHook.x64.lib;%(AdditionalDependencies) + + + + + MinSpace + true + WIN32;NDEBUG;_WINDOWS;_USRDLL;MINHOOK_EXPORTS;%(PreprocessorDefinitions) + MultiThreaded + true + + + Level3 + None + false + + + $(SolutionDir)..\..\dll_resources\MinHook.def + false + Windows + true + true + MachineX86 + $(SolutionDir)lib\$(Configuration)\libMinHook.x86.lib;%(AdditionalDependencies) + true + .CRT=.text + + + + + X64 + + + MinSpace + true + WIN32;NDEBUG;_WINDOWS;_USRDLL;MINHOOK_EXPORTS;%(PreprocessorDefinitions) + MultiThreaded + true + + + Level3 + None + false + + + $(SolutionDir)..\..\dll_resources\MinHook.def + false + Windows + true + true + MachineX64 + $(SolutionDir)lib\$(Configuration)\libMinHook.x64.lib;%(AdditionalDependencies) + true + .CRT=.text + + + + + + + + + + + + \ No newline at end of file diff --git a/libs/minhook/build/VC12/MinHookVC12.sln b/libs/minhook/build/VC12/MinHookVC12.sln new file mode 100644 index 0000000..cfd928b --- /dev/null +++ b/libs/minhook/build/VC12/MinHookVC12.sln @@ -0,0 +1,41 @@ + +Microsoft Visual Studio Solution File, Format Version 12.00 +# Visual Studio 2013 +VisualStudioVersion = 12.0.30501.0 +MinimumVisualStudioVersion = 10.0.40219.1 +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "libMinHook", "libMinHook.vcxproj", "{F142A341-5EE0-442D-A15F-98AE9B48DBAE}" +EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "MinHook", "MinHook.vcxproj", "{027FAC75-3FDB-4044-8DD0-BC297BD4C461}" + ProjectSection(ProjectDependencies) = postProject + {F142A341-5EE0-442D-A15F-98AE9B48DBAE} = {F142A341-5EE0-442D-A15F-98AE9B48DBAE} + EndProjectSection +EndProject +Global + GlobalSection(SolutionConfigurationPlatforms) = preSolution + Debug|Win32 = Debug|Win32 + Debug|x64 = Debug|x64 + Release|Win32 = Release|Win32 + Release|x64 = Release|x64 + EndGlobalSection + GlobalSection(ProjectConfigurationPlatforms) = postSolution + {F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Debug|Win32.ActiveCfg = Debug|Win32 + {F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Debug|Win32.Build.0 = Debug|Win32 + {F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Debug|x64.ActiveCfg = Debug|x64 + {F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Debug|x64.Build.0 = Debug|x64 + {F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Release|Win32.ActiveCfg = Release|Win32 + {F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Release|Win32.Build.0 = Release|Win32 + {F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Release|x64.ActiveCfg = Release|x64 + {F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Release|x64.Build.0 = Release|x64 + {027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Debug|Win32.ActiveCfg = Debug|Win32 + {027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Debug|Win32.Build.0 = Debug|Win32 + {027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Debug|x64.ActiveCfg = Debug|x64 + {027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Debug|x64.Build.0 = Debug|x64 + {027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Release|Win32.ActiveCfg = Release|Win32 + {027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Release|Win32.Build.0 = Release|Win32 + {027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Release|x64.ActiveCfg = Release|x64 + {027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Release|x64.Build.0 = Release|x64 + EndGlobalSection + GlobalSection(SolutionProperties) = preSolution + HideSolutionNode = FALSE + EndGlobalSection +EndGlobal diff --git a/libs/minhook/build/VC12/libMinHook.vcxproj b/libs/minhook/build/VC12/libMinHook.vcxproj new file mode 100644 index 0000000..6b2a190 --- /dev/null +++ b/libs/minhook/build/VC12/libMinHook.vcxproj @@ -0,0 +1,174 @@ + + + + + Debug + Win32 + + + Debug + x64 + + + Release + Win32 + + + Release + x64 + + + + {F142A341-5EE0-442D-A15F-98AE9B48DBAE} + libMinHook + Win32Proj + + + + StaticLibrary + Unicode + true + v120_xp + + + StaticLibrary + Unicode + v120_xp + + + StaticLibrary + Unicode + true + v120_xp + + + StaticLibrary + Unicode + v120_xp + + + + + + + + + + + + + + + + + + + <_ProjectFileVersion>10.0.40219.1 + $(SolutionDir)lib\$(Configuration)\ + $(Platform)\$(Configuration)\$(ProjectName)\ + $(SolutionDir)lib\$(Configuration)\ + $(Platform)\$(Configuration)\$(ProjectName)\ + $(SolutionDir)lib\$(Configuration)\ + $(Platform)\$(Configuration)\$(ProjectName)\ + $(SolutionDir)lib\$(Configuration)\ + $(Platform)\$(Configuration)\$(ProjectName)\ + $(ProjectName).x86 + $(ProjectName).x86 + $(ProjectName).x64 + $(ProjectName).x64 + + + + Disabled + %(AdditionalIncludeDirectories) + WIN32;_DEBUG;_LIB;STRICT;%(PreprocessorDefinitions) + false + EnableFastChecks + MultiThreadedDebug + Level3 + None + NoExtensions + + + + + + X64 + + + Disabled + %(AdditionalIncludeDirectories) + WIN32;_DEBUG;_LIB;STRICT;%(PreprocessorDefinitions) + false + EnableFastChecks + MultiThreadedDebug + Level3 + None + NotSet + + + + + + MinSpace + true + %(AdditionalIncludeDirectories) + WIN32;NDEBUG;_LIB;STRICT;%(PreprocessorDefinitions) + false + MultiThreaded + true + Level3 + None + AnySuitable + CompileAsC + true + NoExtensions + + + + + + X64 + + + MinSpace + true + %(AdditionalIncludeDirectories) + WIN32;NDEBUG;_LIB;STRICT;%(PreprocessorDefinitions) + false + MultiThreaded + true + Level3 + None + true + AnySuitable + + + + + + + true + true + + + true + true + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/libs/minhook/build/VC12/libMinHook.vcxproj.filters b/libs/minhook/build/VC12/libMinHook.vcxproj.filters new file mode 100644 index 0000000..f2d1d97 --- /dev/null +++ b/libs/minhook/build/VC12/libMinHook.vcxproj.filters @@ -0,0 +1,55 @@ + + + + + Source Files + + + Source Files + + + Source Files + + + HDE + + + HDE + + + + + Header Files + + + Header Files + + + + HDE + + + HDE + + + HDE + + + HDE + + + HDE + + + + + {9d24b740-be2e-4cfd-b9a4-340a50946ee9} + + + {76381bc7-2863-4cc5-aede-926ec2c506e4} + + + {56ddb326-6179-430d-ae19-e13bfd767bfa} + + + \ No newline at end of file diff --git a/libs/minhook/build/VC14/MinHook.vcxproj b/libs/minhook/build/VC14/MinHook.vcxproj new file mode 100644 index 0000000..d5ecda2 --- /dev/null +++ b/libs/minhook/build/VC14/MinHook.vcxproj @@ -0,0 +1,189 @@ + + + + + Debug + Win32 + + + Debug + x64 + + + Release + Win32 + + + Release + x64 + + + + {027FAC75-3FDB-4044-8DD0-BC297BD4C461} + MinHook + Win32Proj + + + + DynamicLibrary + Unicode + true + v140_xp + + + DynamicLibrary + Unicode + v140_xp + + + DynamicLibrary + Unicode + true + v140_xp + + + DynamicLibrary + Unicode + v140_xp + + + + + + + + + + + + + + + + + + + <_ProjectFileVersion>10.0.40219.1 + $(SolutionDir)bin\$(Configuration)\ + $(Platform)\$(Configuration)\$(ProjectName)\ + true + $(SolutionDir)bin\$(Configuration)\ + $(Platform)\$(Configuration)\$(ProjectName)\ + true + $(SolutionDir)bin\$(Configuration)\ + $(Platform)\$(Configuration)\$(ProjectName)\ + false + $(SolutionDir)bin\$(Configuration)\ + $(Platform)\$(Configuration)\$(ProjectName)\ + false + $(ProjectName).x86 + $(ProjectName).x86 + $(ProjectName).x64 + $(ProjectName).x64 + + + + Disabled + WIN32;_DEBUG;_WINDOWS;_USRDLL;MINHOOK_EXPORTS;%(PreprocessorDefinitions) + false + EnableFastChecks + MultiThreadedDebug + + + Level3 + None + + + $(SolutionDir)..\..\dll_resources\MinHook.def + false + Windows + MachineX86 + $(SolutionDir)lib\$(Configuration)\libMinHook.x86.lib;%(AdditionalDependencies) + + + + + X64 + + + Disabled + WIN32;_DEBUG;_WINDOWS;_USRDLL;MINHOOK_EXPORTS;%(PreprocessorDefinitions) + false + EnableFastChecks + MultiThreadedDebug + + + Level3 + None + + + $(SolutionDir)..\..\dll_resources\MinHook.def + false + Windows + MachineX64 + $(SolutionDir)lib\$(Configuration)\libMinHook.x64.lib;%(AdditionalDependencies) + + + + + MinSpace + true + WIN32;NDEBUG;_WINDOWS;_USRDLL;MINHOOK_EXPORTS;%(PreprocessorDefinitions) + MultiThreaded + true + + + Level3 + None + false + + + $(SolutionDir)..\..\dll_resources\MinHook.def + false + Windows + true + true + MachineX86 + $(SolutionDir)lib\$(Configuration)\libMinHook.x86.lib;%(AdditionalDependencies) + true + .CRT=.text + + + + + X64 + + + MinSpace + true + WIN32;NDEBUG;_WINDOWS;_USRDLL;MINHOOK_EXPORTS;%(PreprocessorDefinitions) + MultiThreaded + true + + + Level3 + None + false + + + $(SolutionDir)..\..\dll_resources\MinHook.def + false + Windows + true + true + MachineX64 + $(SolutionDir)lib\$(Configuration)\libMinHook.x64.lib;%(AdditionalDependencies) + true + .CRT=.text + + + + + + + + + + + + \ No newline at end of file diff --git a/libs/minhook/build/VC14/MinHookVC14.sln b/libs/minhook/build/VC14/MinHookVC14.sln new file mode 100644 index 0000000..258c192 --- /dev/null +++ b/libs/minhook/build/VC14/MinHookVC14.sln @@ -0,0 +1,41 @@ + +Microsoft Visual Studio Solution File, Format Version 12.00 +# Visual Studio 14 +VisualStudioVersion = 14.0.22823.1 +MinimumVisualStudioVersion = 10.0.40219.1 +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "libMinHook", "libMinHook.vcxproj", "{F142A341-5EE0-442D-A15F-98AE9B48DBAE}" +EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "MinHook", "MinHook.vcxproj", "{027FAC75-3FDB-4044-8DD0-BC297BD4C461}" + ProjectSection(ProjectDependencies) = postProject + {F142A341-5EE0-442D-A15F-98AE9B48DBAE} = {F142A341-5EE0-442D-A15F-98AE9B48DBAE} + EndProjectSection +EndProject +Global + GlobalSection(SolutionConfigurationPlatforms) = preSolution + Debug|Win32 = Debug|Win32 + Debug|x64 = Debug|x64 + Release|Win32 = Release|Win32 + Release|x64 = Release|x64 + EndGlobalSection + GlobalSection(ProjectConfigurationPlatforms) = postSolution + {F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Debug|Win32.ActiveCfg = Debug|Win32 + {F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Debug|Win32.Build.0 = Debug|Win32 + {F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Debug|x64.ActiveCfg = Debug|x64 + {F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Debug|x64.Build.0 = Debug|x64 + {F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Release|Win32.ActiveCfg = Release|Win32 + {F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Release|Win32.Build.0 = Release|Win32 + {F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Release|x64.ActiveCfg = Release|x64 + {F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Release|x64.Build.0 = Release|x64 + {027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Debug|Win32.ActiveCfg = Debug|Win32 + {027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Debug|Win32.Build.0 = Debug|Win32 + {027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Debug|x64.ActiveCfg = Debug|x64 + {027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Debug|x64.Build.0 = Debug|x64 + {027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Release|Win32.ActiveCfg = Release|Win32 + {027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Release|Win32.Build.0 = Release|Win32 + {027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Release|x64.ActiveCfg = Release|x64 + {027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Release|x64.Build.0 = Release|x64 + EndGlobalSection + GlobalSection(SolutionProperties) = preSolution + HideSolutionNode = FALSE + EndGlobalSection +EndGlobal diff --git a/libs/minhook/build/VC14/libMinHook.vcxproj b/libs/minhook/build/VC14/libMinHook.vcxproj new file mode 100644 index 0000000..263b811 --- /dev/null +++ b/libs/minhook/build/VC14/libMinHook.vcxproj @@ -0,0 +1,174 @@ + + + + + Debug + Win32 + + + Debug + x64 + + + Release + Win32 + + + Release + x64 + + + + {F142A341-5EE0-442D-A15F-98AE9B48DBAE} + libMinHook + Win32Proj + + + + StaticLibrary + Unicode + true + v140_xp + + + StaticLibrary + Unicode + v140_xp + + + StaticLibrary + Unicode + true + v140_xp + + + StaticLibrary + Unicode + v140_xp + + + + + + + + + + + + + + + + + + + <_ProjectFileVersion>10.0.40219.1 + $(SolutionDir)lib\$(Configuration)\ + $(Platform)\$(Configuration)\$(ProjectName)\ + $(SolutionDir)lib\$(Configuration)\ + $(Platform)\$(Configuration)\$(ProjectName)\ + $(SolutionDir)lib\$(Configuration)\ + $(Platform)\$(Configuration)\$(ProjectName)\ + $(SolutionDir)lib\$(Configuration)\ + $(Platform)\$(Configuration)\$(ProjectName)\ + $(ProjectName).x86 + $(ProjectName).x86 + $(ProjectName).x64 + $(ProjectName).x64 + + + + Disabled + %(AdditionalIncludeDirectories) + WIN32;_DEBUG;_LIB;STRICT;%(PreprocessorDefinitions) + false + EnableFastChecks + MultiThreadedDebug + Level3 + None + NoExtensions + + + + + + X64 + + + Disabled + %(AdditionalIncludeDirectories) + WIN32;_DEBUG;_LIB;STRICT;%(PreprocessorDefinitions) + false + EnableFastChecks + MultiThreadedDebug + Level3 + None + NotSet + + + + + + MinSpace + true + %(AdditionalIncludeDirectories) + WIN32;NDEBUG;_LIB;STRICT;%(PreprocessorDefinitions) + false + MultiThreaded + true + Level3 + None + AnySuitable + CompileAsC + true + NoExtensions + + + + + + X64 + + + MinSpace + true + %(AdditionalIncludeDirectories) + WIN32;NDEBUG;_LIB;STRICT;%(PreprocessorDefinitions) + false + MultiThreaded + true + Level3 + None + true + AnySuitable + + + + + + + true + true + + + true + true + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/libs/minhook/build/VC14/libMinHook.vcxproj.filters b/libs/minhook/build/VC14/libMinHook.vcxproj.filters new file mode 100644 index 0000000..f2d1d97 --- /dev/null +++ b/libs/minhook/build/VC14/libMinHook.vcxproj.filters @@ -0,0 +1,55 @@ + + + + + Source Files + + + Source Files + + + Source Files + + + HDE + + + HDE + + + + + Header Files + + + Header Files + + + + HDE + + + HDE + + + HDE + + + HDE + + + HDE + + + + + {9d24b740-be2e-4cfd-b9a4-340a50946ee9} + + + {76381bc7-2863-4cc5-aede-926ec2c506e4} + + + {56ddb326-6179-430d-ae19-e13bfd767bfa} + + + \ No newline at end of file diff --git a/libs/minhook/build/VC15/MinHook.vcxproj b/libs/minhook/build/VC15/MinHook.vcxproj new file mode 100644 index 0000000..1d51833 --- /dev/null +++ b/libs/minhook/build/VC15/MinHook.vcxproj @@ -0,0 +1,189 @@ + + + + + Debug + Win32 + + + Debug + x64 + + + Release + Win32 + + + Release + x64 + + + + {027FAC75-3FDB-4044-8DD0-BC297BD4C461} + MinHook + Win32Proj + + + + DynamicLibrary + Unicode + true + v141_xp + + + DynamicLibrary + Unicode + v141_xp + + + DynamicLibrary + Unicode + true + v141_xp + + + DynamicLibrary + Unicode + v141_xp + + + + + + + + + + + + + + + + + + + <_ProjectFileVersion>10.0.40219.1 + $(SolutionDir)bin\$(Configuration)\ + $(Platform)\$(Configuration)\$(ProjectName)\ + true + $(SolutionDir)bin\$(Configuration)\ + $(Platform)\$(Configuration)\$(ProjectName)\ + true + $(SolutionDir)bin\$(Configuration)\ + $(Platform)\$(Configuration)\$(ProjectName)\ + false + $(SolutionDir)bin\$(Configuration)\ + $(Platform)\$(Configuration)\$(ProjectName)\ + false + $(ProjectName).x86 + $(ProjectName).x86 + $(ProjectName).x64 + $(ProjectName).x64 + + + + Disabled + WIN32;_DEBUG;_WINDOWS;_USRDLL;MINHOOK_EXPORTS;%(PreprocessorDefinitions) + false + EnableFastChecks + MultiThreadedDebug + + + Level3 + None + + + $(SolutionDir)..\..\dll_resources\MinHook.def + false + Windows + MachineX86 + $(SolutionDir)lib\$(Configuration)\libMinHook.x86.lib;%(AdditionalDependencies) + + + + + X64 + + + Disabled + WIN32;_DEBUG;_WINDOWS;_USRDLL;MINHOOK_EXPORTS;%(PreprocessorDefinitions) + false + EnableFastChecks + MultiThreadedDebug + + + Level3 + None + + + $(SolutionDir)..\..\dll_resources\MinHook.def + false + Windows + MachineX64 + $(SolutionDir)lib\$(Configuration)\libMinHook.x64.lib;%(AdditionalDependencies) + + + + + MinSpace + true + WIN32;NDEBUG;_WINDOWS;_USRDLL;MINHOOK_EXPORTS;%(PreprocessorDefinitions) + MultiThreaded + true + + + Level3 + None + false + + + $(SolutionDir)..\..\dll_resources\MinHook.def + false + Windows + true + true + MachineX86 + $(SolutionDir)lib\$(Configuration)\libMinHook.x86.lib;%(AdditionalDependencies) + true + .CRT=.text + + + + + X64 + + + MinSpace + true + WIN32;NDEBUG;_WINDOWS;_USRDLL;MINHOOK_EXPORTS;%(PreprocessorDefinitions) + MultiThreaded + true + + + Level3 + None + false + + + $(SolutionDir)..\..\dll_resources\MinHook.def + false + Windows + true + true + MachineX64 + $(SolutionDir)lib\$(Configuration)\libMinHook.x64.lib;%(AdditionalDependencies) + true + .CRT=.text + + + + + + + + + + + + diff --git a/libs/minhook/build/VC15/MinHookVC15.sln b/libs/minhook/build/VC15/MinHookVC15.sln new file mode 100644 index 0000000..946dc70 --- /dev/null +++ b/libs/minhook/build/VC15/MinHookVC15.sln @@ -0,0 +1,41 @@ + +Microsoft Visual Studio Solution File, Format Version 12.00 +# Visual Studio 15 +VisualStudioVersion = 15.0.25123.0 +MinimumVisualStudioVersion = 10.0.40219.1 +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "libMinHook", "libMinHook.vcxproj", "{F142A341-5EE0-442D-A15F-98AE9B48DBAE}" +EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "MinHook", "MinHook.vcxproj", "{027FAC75-3FDB-4044-8DD0-BC297BD4C461}" + ProjectSection(ProjectDependencies) = postProject + {F142A341-5EE0-442D-A15F-98AE9B48DBAE} = {F142A341-5EE0-442D-A15F-98AE9B48DBAE} + EndProjectSection +EndProject +Global + GlobalSection(SolutionConfigurationPlatforms) = preSolution + Debug|Win32 = Debug|Win32 + Debug|x64 = Debug|x64 + Release|Win32 = Release|Win32 + Release|x64 = Release|x64 + EndGlobalSection + GlobalSection(ProjectConfigurationPlatforms) = postSolution + {F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Debug|Win32.ActiveCfg = Debug|Win32 + {F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Debug|Win32.Build.0 = Debug|Win32 + {F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Debug|x64.ActiveCfg = Debug|x64 + {F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Debug|x64.Build.0 = Debug|x64 + {F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Release|Win32.ActiveCfg = Release|Win32 + {F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Release|Win32.Build.0 = Release|Win32 + {F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Release|x64.ActiveCfg = Release|x64 + {F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Release|x64.Build.0 = Release|x64 + {027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Debug|Win32.ActiveCfg = Debug|Win32 + {027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Debug|Win32.Build.0 = Debug|Win32 + {027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Debug|x64.ActiveCfg = Debug|x64 + {027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Debug|x64.Build.0 = Debug|x64 + {027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Release|Win32.ActiveCfg = Release|Win32 + {027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Release|Win32.Build.0 = Release|Win32 + {027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Release|x64.ActiveCfg = Release|x64 + {027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Release|x64.Build.0 = Release|x64 + EndGlobalSection + GlobalSection(SolutionProperties) = preSolution + HideSolutionNode = FALSE + EndGlobalSection +EndGlobal diff --git a/libs/minhook/build/VC15/libMinHook.vcxproj b/libs/minhook/build/VC15/libMinHook.vcxproj new file mode 100644 index 0000000..0d4352e --- /dev/null +++ b/libs/minhook/build/VC15/libMinHook.vcxproj @@ -0,0 +1,174 @@ + + + + + Debug + Win32 + + + Debug + x64 + + + Release + Win32 + + + Release + x64 + + + + {F142A341-5EE0-442D-A15F-98AE9B48DBAE} + libMinHook + Win32Proj + + + + StaticLibrary + Unicode + true + v141_xp + + + StaticLibrary + Unicode + v141_xp + + + StaticLibrary + Unicode + true + v141_xp + + + StaticLibrary + Unicode + v141_xp + + + + + + + + + + + + + + + + + + + <_ProjectFileVersion>10.0.40219.1 + $(SolutionDir)lib\$(Configuration)\ + $(Platform)\$(Configuration)\$(ProjectName)\ + $(SolutionDir)lib\$(Configuration)\ + $(Platform)\$(Configuration)\$(ProjectName)\ + $(SolutionDir)lib\$(Configuration)\ + $(Platform)\$(Configuration)\$(ProjectName)\ + $(SolutionDir)lib\$(Configuration)\ + $(Platform)\$(Configuration)\$(ProjectName)\ + $(ProjectName).x86 + $(ProjectName).x86 + $(ProjectName).x64 + $(ProjectName).x64 + + + + Disabled + %(AdditionalIncludeDirectories) + WIN32;_DEBUG;_LIB;STRICT;%(PreprocessorDefinitions) + false + EnableFastChecks + MultiThreadedDebug + Level3 + None + NoExtensions + + + + + + X64 + + + Disabled + %(AdditionalIncludeDirectories) + WIN32;_DEBUG;_LIB;STRICT;%(PreprocessorDefinitions) + false + EnableFastChecks + MultiThreadedDebug + Level3 + None + NotSet + + + + + + MinSpace + true + %(AdditionalIncludeDirectories) + WIN32;NDEBUG;_LIB;STRICT;%(PreprocessorDefinitions) + false + MultiThreaded + true + Level3 + None + AnySuitable + CompileAsC + true + NoExtensions + + + + + + X64 + + + MinSpace + true + %(AdditionalIncludeDirectories) + WIN32;NDEBUG;_LIB;STRICT;%(PreprocessorDefinitions) + false + MultiThreaded + true + Level3 + None + true + AnySuitable + + + + + + + true + true + + + true + true + + + + + + + + + + + + + + + + + + diff --git a/libs/minhook/build/VC15/libMinHook.vcxproj.filters b/libs/minhook/build/VC15/libMinHook.vcxproj.filters new file mode 100644 index 0000000..f2d1d97 --- /dev/null +++ b/libs/minhook/build/VC15/libMinHook.vcxproj.filters @@ -0,0 +1,55 @@ + + + + + Source Files + + + Source Files + + + Source Files + + + HDE + + + HDE + + + + + Header Files + + + Header Files + + + + HDE + + + HDE + + + HDE + + + HDE + + + HDE + + + + + {9d24b740-be2e-4cfd-b9a4-340a50946ee9} + + + {76381bc7-2863-4cc5-aede-926ec2c506e4} + + + {56ddb326-6179-430d-ae19-e13bfd767bfa} + + + \ No newline at end of file diff --git a/libs/minhook/build/VC16/MinHook.vcxproj b/libs/minhook/build/VC16/MinHook.vcxproj new file mode 100644 index 0000000..23ddafd --- /dev/null +++ b/libs/minhook/build/VC16/MinHook.vcxproj @@ -0,0 +1,189 @@ + + + + + Debug + Win32 + + + Debug + x64 + + + Release + Win32 + + + Release + x64 + + + + {027FAC75-3FDB-4044-8DD0-BC297BD4C461} + MinHook + Win32Proj + + + + DynamicLibrary + Unicode + true + v142 + + + DynamicLibrary + Unicode + v142 + + + DynamicLibrary + Unicode + true + v142 + + + DynamicLibrary + Unicode + v142 + + + + + + + + + + + + + + + + + + + <_ProjectFileVersion>10.0.40219.1 + $(SolutionDir)bin\$(Configuration)\ + $(Platform)\$(Configuration)\$(ProjectName)\ + true + $(SolutionDir)bin\$(Configuration)\ + $(Platform)\$(Configuration)\$(ProjectName)\ + true + $(SolutionDir)bin\$(Configuration)\ + $(Platform)\$(Configuration)\$(ProjectName)\ + false + $(SolutionDir)bin\$(Configuration)\ + $(Platform)\$(Configuration)\$(ProjectName)\ + false + $(ProjectName).x86 + $(ProjectName).x86 + $(ProjectName).x64 + $(ProjectName).x64 + + + + Disabled + WIN32;_DEBUG;_WINDOWS;_USRDLL;MINHOOK_EXPORTS;%(PreprocessorDefinitions) + false + EnableFastChecks + MultiThreadedDebug + + + Level3 + None + + + $(SolutionDir)..\..\dll_resources\MinHook.def + false + Windows + MachineX86 + $(SolutionDir)lib\$(Configuration)\libMinHook.x86.lib;%(AdditionalDependencies) + + + + + X64 + + + Disabled + WIN32;_DEBUG;_WINDOWS;_USRDLL;MINHOOK_EXPORTS;%(PreprocessorDefinitions) + false + EnableFastChecks + MultiThreadedDebug + + + Level3 + None + + + $(SolutionDir)..\..\dll_resources\MinHook.def + false + Windows + MachineX64 + $(SolutionDir)lib\$(Configuration)\libMinHook.x64.lib;%(AdditionalDependencies) + + + + + MinSpace + true + WIN32;NDEBUG;_WINDOWS;_USRDLL;MINHOOK_EXPORTS;%(PreprocessorDefinitions) + MultiThreaded + true + + + Level3 + None + false + + + $(SolutionDir)..\..\dll_resources\MinHook.def + false + Windows + true + true + MachineX86 + $(SolutionDir)lib\$(Configuration)\libMinHook.x86.lib;%(AdditionalDependencies) + true + .CRT=.text + + + + + X64 + + + MinSpace + true + WIN32;NDEBUG;_WINDOWS;_USRDLL;MINHOOK_EXPORTS;%(PreprocessorDefinitions) + MultiThreaded + true + + + Level3 + None + false + + + $(SolutionDir)..\..\dll_resources\MinHook.def + false + Windows + true + true + MachineX64 + $(SolutionDir)lib\$(Configuration)\libMinHook.x64.lib;%(AdditionalDependencies) + true + .CRT=.text + + + + + + + + + + + + diff --git a/libs/minhook/build/VC16/MinHookVC16.sln b/libs/minhook/build/VC16/MinHookVC16.sln new file mode 100644 index 0000000..191b75c --- /dev/null +++ b/libs/minhook/build/VC16/MinHookVC16.sln @@ -0,0 +1,41 @@ + +Microsoft Visual Studio Solution File, Format Version 12.00 +# Visual Studio Version 16 +VisualStudioVersion = 16.0.28803.352 +MinimumVisualStudioVersion = 10.0.40219.1 +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "libMinHook", "libMinHook.vcxproj", "{F142A341-5EE0-442D-A15F-98AE9B48DBAE}" +EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "MinHook", "MinHook.vcxproj", "{027FAC75-3FDB-4044-8DD0-BC297BD4C461}" + ProjectSection(ProjectDependencies) = postProject + {F142A341-5EE0-442D-A15F-98AE9B48DBAE} = {F142A341-5EE0-442D-A15F-98AE9B48DBAE} + EndProjectSection +EndProject +Global + GlobalSection(SolutionConfigurationPlatforms) = preSolution + Debug|Win32 = Debug|Win32 + Debug|x64 = Debug|x64 + Release|Win32 = Release|Win32 + Release|x64 = Release|x64 + EndGlobalSection + GlobalSection(ProjectConfigurationPlatforms) = postSolution + {F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Debug|Win32.ActiveCfg = Debug|Win32 + {F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Debug|Win32.Build.0 = Debug|Win32 + {F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Debug|x64.ActiveCfg = Debug|x64 + {F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Debug|x64.Build.0 = Debug|x64 + {F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Release|Win32.ActiveCfg = Release|Win32 + {F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Release|Win32.Build.0 = Release|Win32 + {F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Release|x64.ActiveCfg = Release|x64 + {F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Release|x64.Build.0 = Release|x64 + {027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Debug|Win32.ActiveCfg = Debug|Win32 + {027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Debug|Win32.Build.0 = Debug|Win32 + {027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Debug|x64.ActiveCfg = Debug|x64 + {027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Debug|x64.Build.0 = Debug|x64 + {027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Release|Win32.ActiveCfg = Release|Win32 + {027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Release|Win32.Build.0 = Release|Win32 + {027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Release|x64.ActiveCfg = Release|x64 + {027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Release|x64.Build.0 = Release|x64 + EndGlobalSection + GlobalSection(SolutionProperties) = preSolution + HideSolutionNode = FALSE + EndGlobalSection +EndGlobal diff --git a/libs/minhook/build/VC16/libMinHook.vcxproj b/libs/minhook/build/VC16/libMinHook.vcxproj new file mode 100644 index 0000000..8ee4414 --- /dev/null +++ b/libs/minhook/build/VC16/libMinHook.vcxproj @@ -0,0 +1,174 @@ + + + + + Debug + Win32 + + + Debug + x64 + + + Release + Win32 + + + Release + x64 + + + + {F142A341-5EE0-442D-A15F-98AE9B48DBAE} + libMinHook + Win32Proj + + + + StaticLibrary + Unicode + true + v142 + + + StaticLibrary + Unicode + v142 + + + StaticLibrary + Unicode + true + v142 + + + StaticLibrary + Unicode + v142 + + + + + + + + + + + + + + + + + + + <_ProjectFileVersion>10.0.40219.1 + $(SolutionDir)lib\$(Configuration)\ + $(Platform)\$(Configuration)\$(ProjectName)\ + $(SolutionDir)lib\$(Configuration)\ + $(Platform)\$(Configuration)\$(ProjectName)\ + $(SolutionDir)lib\$(Configuration)\ + $(Platform)\$(Configuration)\$(ProjectName)\ + $(SolutionDir)lib\$(Configuration)\ + $(Platform)\$(Configuration)\$(ProjectName)\ + $(ProjectName).x86 + $(ProjectName).x86 + $(ProjectName).x64 + $(ProjectName).x64 + + + + Disabled + %(AdditionalIncludeDirectories) + WIN32;_DEBUG;_LIB;STRICT;%(PreprocessorDefinitions) + false + EnableFastChecks + MultiThreadedDebug + Level3 + None + NoExtensions + + + + + + X64 + + + Disabled + %(AdditionalIncludeDirectories) + WIN32;_DEBUG;_LIB;STRICT;%(PreprocessorDefinitions) + false + EnableFastChecks + MultiThreadedDebug + Level3 + None + NotSet + + + + + + MinSpace + true + %(AdditionalIncludeDirectories) + WIN32;NDEBUG;_LIB;STRICT;%(PreprocessorDefinitions) + false + MultiThreaded + true + Level3 + None + AnySuitable + CompileAsC + true + NoExtensions + + + + + + X64 + + + MinSpace + true + %(AdditionalIncludeDirectories) + WIN32;NDEBUG;_LIB;STRICT;%(PreprocessorDefinitions) + false + MultiThreaded + true + Level3 + None + true + AnySuitable + + + + + + + true + true + + + true + true + + + + + + + + + + + + + + + + + + diff --git a/libs/minhook/build/VC16/libMinHook.vcxproj.filters b/libs/minhook/build/VC16/libMinHook.vcxproj.filters new file mode 100644 index 0000000..f2d1d97 --- /dev/null +++ b/libs/minhook/build/VC16/libMinHook.vcxproj.filters @@ -0,0 +1,55 @@ + + + + + Source Files + + + Source Files + + + Source Files + + + HDE + + + HDE + + + + + Header Files + + + Header Files + + + + HDE + + + HDE + + + HDE + + + HDE + + + HDE + + + + + {9d24b740-be2e-4cfd-b9a4-340a50946ee9} + + + {76381bc7-2863-4cc5-aede-926ec2c506e4} + + + {56ddb326-6179-430d-ae19-e13bfd767bfa} + + + \ No newline at end of file diff --git a/libs/minhook/build/VC9/MinHook.vcproj b/libs/minhook/build/VC9/MinHook.vcproj new file mode 100644 index 0000000..4bad257 --- /dev/null +++ b/libs/minhook/build/VC9/MinHook.vcproj @@ -0,0 +1,343 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/libs/minhook/build/VC9/MinHookVC9.sln b/libs/minhook/build/VC9/MinHookVC9.sln new file mode 100644 index 0000000..869f5b6 --- /dev/null +++ b/libs/minhook/build/VC9/MinHookVC9.sln @@ -0,0 +1,39 @@ + +Microsoft Visual Studio Solution File, Format Version 10.00 +# Visual Studio 2008 +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "libMinHook", "libMinHook.vcproj", "{F142A341-5EE0-442D-A15F-98AE9B48DBAE}" +EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "MinHook", "MinHook.vcproj", "{027FAC75-3FDB-4044-8DD0-BC297BD4C461}" + ProjectSection(ProjectDependencies) = postProject + {F142A341-5EE0-442D-A15F-98AE9B48DBAE} = {F142A341-5EE0-442D-A15F-98AE9B48DBAE} + EndProjectSection +EndProject +Global + GlobalSection(SolutionConfigurationPlatforms) = preSolution + Debug|Win32 = Debug|Win32 + Debug|x64 = Debug|x64 + Release|Win32 = Release|Win32 + Release|x64 = Release|x64 + EndGlobalSection + GlobalSection(ProjectConfigurationPlatforms) = postSolution + {F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Debug|Win32.ActiveCfg = Debug|Win32 + {F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Debug|Win32.Build.0 = Debug|Win32 + {F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Debug|x64.ActiveCfg = Debug|x64 + {F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Debug|x64.Build.0 = Debug|x64 + {F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Release|Win32.ActiveCfg = Release|Win32 + {F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Release|Win32.Build.0 = Release|Win32 + {F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Release|x64.ActiveCfg = Release|x64 + {F142A341-5EE0-442D-A15F-98AE9B48DBAE}.Release|x64.Build.0 = Release|x64 + {027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Debug|Win32.ActiveCfg = Debug|Win32 + {027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Debug|Win32.Build.0 = Debug|Win32 + {027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Debug|x64.ActiveCfg = Debug|x64 + {027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Debug|x64.Build.0 = Debug|x64 + {027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Release|Win32.ActiveCfg = Release|Win32 + {027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Release|Win32.Build.0 = Release|Win32 + {027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Release|x64.ActiveCfg = Release|x64 + {027FAC75-3FDB-4044-8DD0-BC297BD4C461}.Release|x64.Build.0 = Release|x64 + EndGlobalSection + GlobalSection(SolutionProperties) = preSolution + HideSolutionNode = FALSE + EndGlobalSection +EndGlobal diff --git a/libs/minhook/build/VC9/libMinHook.vcproj b/libs/minhook/build/VC9/libMinHook.vcproj new file mode 100644 index 0000000..68b0c05 --- /dev/null +++ b/libs/minhook/build/VC9/libMinHook.vcproj @@ -0,0 +1,410 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/libs/minhook/cmake/minhook-config.cmake.in b/libs/minhook/cmake/minhook-config.cmake.in new file mode 100644 index 0000000..14e6463 --- /dev/null +++ b/libs/minhook/cmake/minhook-config.cmake.in @@ -0,0 +1,39 @@ +# MinHook - The Minimalistic API Hooking Library for x64/x86 +# Copyright (C) 2009-2017 Tsuda Kageyu. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A +# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER +# OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, +# EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR +# PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF +# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +set(MINHOOK_MAJOR_VERSION "@MINHOOK_MAJOR_VERSION@") +set(MINHOOK_MINOR_VERSION "@MINHOOK_MINOR_VERSION@") +set(MINHOOK_PATCH_VERSION "@MINHOOK_PATCH_VERSION@") +set(MINHOOK_VERSION "@MINHOOK_VERSION@") + +@PACKAGE_INIT@ + +set(MINHOOK_FOUND ON) + +set_and_check(MINHOOK_INCLUDE_DIRS "${PACKAGE_PREFIX_DIR}/include/") +set_and_check(MINHOOK_LIBRARY_DIRS "${PACKAGE_PREFIX_DIR}/lib") + +include("${PACKAGE_PREFIX_DIR}/lib/minhook/minhook-targets.cmake") diff --git a/libs/minhook/dll_resources/MinHook.def b/libs/minhook/dll_resources/MinHook.def new file mode 100644 index 0000000..c6af698 --- /dev/null +++ b/libs/minhook/dll_resources/MinHook.def @@ -0,0 +1,14 @@ +EXPORTS + MH_Initialize + MH_Uninitialize + + MH_CreateHook + MH_CreateHookApi + MH_CreateHookApiEx + MH_RemoveHook + MH_EnableHook + MH_DisableHook + MH_QueueEnableHook + MH_QueueDisableHook + MH_ApplyQueued + MH_StatusToString diff --git a/libs/minhook/dll_resources/MinHook.rc b/libs/minhook/dll_resources/MinHook.rc new file mode 100644 index 0000000..7cbacb7 --- /dev/null +++ b/libs/minhook/dll_resources/MinHook.rc @@ -0,0 +1,32 @@ +1 VERSIONINFO + FILEVERSION 1,3,3,0 + PRODUCTVERSION 1,3,3,0 + FILEFLAGSMASK 0x17L +#ifdef _DEBUG + FILEFLAGS 0x1L +#else + FILEFLAGS 0x0L +#endif + FILEOS 0x4L + FILETYPE 0x2L + FILESUBTYPE 0x0L +BEGIN + BLOCK "StringFileInfo" + BEGIN + BLOCK "040904b0" + BEGIN + VALUE "CompanyName", "Tsuda Kageyu" + VALUE "FileDescription", "MinHook - The Minimalistic API Hook Library for x64/x86" + VALUE "FileVersion", "1.3.3.0" + VALUE "InternalName", "MinHookD" + VALUE "LegalCopyright", "Copyright (C) 2009-2017 Tsuda Kageyu. All rights reserved." + VALUE "LegalTrademarks", "Tsuda Kageyu" + VALUE "ProductName", "MinHook DLL" + VALUE "ProductVersion", "1.3.3.0" + END + END + BLOCK "VarFileInfo" + BEGIN + VALUE "Translation", 0x409, 1200 + END +END diff --git a/libs/minhook/include/MinHook.h b/libs/minhook/include/MinHook.h new file mode 100644 index 0000000..492d83f --- /dev/null +++ b/libs/minhook/include/MinHook.h @@ -0,0 +1,185 @@ +/* + * MinHook - The Minimalistic API Hooking Library for x64/x86 + * Copyright (C) 2009-2017 Tsuda Kageyu. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER + * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#pragma once + +#if !(defined _M_IX86) && !(defined _M_X64) && !(defined __i386__) && !(defined __x86_64__) + #error MinHook supports only x86 and x64 systems. +#endif + +#include + +// MinHook Error Codes. +typedef enum MH_STATUS +{ + // Unknown error. Should not be returned. + MH_UNKNOWN = -1, + + // Successful. + MH_OK = 0, + + // MinHook is already initialized. + MH_ERROR_ALREADY_INITIALIZED, + + // MinHook is not initialized yet, or already uninitialized. + MH_ERROR_NOT_INITIALIZED, + + // The hook for the specified target function is already created. + MH_ERROR_ALREADY_CREATED, + + // The hook for the specified target function is not created yet. + MH_ERROR_NOT_CREATED, + + // The hook for the specified target function is already enabled. + MH_ERROR_ENABLED, + + // The hook for the specified target function is not enabled yet, or already + // disabled. + MH_ERROR_DISABLED, + + // The specified pointer is invalid. It points the address of non-allocated + // and/or non-executable region. + MH_ERROR_NOT_EXECUTABLE, + + // The specified target function cannot be hooked. + MH_ERROR_UNSUPPORTED_FUNCTION, + + // Failed to allocate memory. + MH_ERROR_MEMORY_ALLOC, + + // Failed to change the memory protection. + MH_ERROR_MEMORY_PROTECT, + + // The specified module is not loaded. + MH_ERROR_MODULE_NOT_FOUND, + + // The specified function is not found. + MH_ERROR_FUNCTION_NOT_FOUND +} +MH_STATUS; + +// Can be passed as a parameter to MH_EnableHook, MH_DisableHook, +// MH_QueueEnableHook or MH_QueueDisableHook. +#define MH_ALL_HOOKS NULL + +#ifdef __cplusplus +extern "C" { +#endif + + // Initialize the MinHook library. You must call this function EXACTLY ONCE + // at the beginning of your program. + MH_STATUS WINAPI MH_Initialize(VOID); + + // Uninitialize the MinHook library. You must call this function EXACTLY + // ONCE at the end of your program. + MH_STATUS WINAPI MH_Uninitialize(VOID); + + // Creates a hook for the specified target function, in disabled state. + // Parameters: + // pTarget [in] A pointer to the target function, which will be + // overridden by the detour function. + // pDetour [in] A pointer to the detour function, which will override + // the target function. + // ppOriginal [out] A pointer to the trampoline function, which will be + // used to call the original target function. + // This parameter can be NULL. + MH_STATUS WINAPI MH_CreateHook(LPVOID pTarget, LPVOID pDetour, LPVOID *ppOriginal); + + // Creates a hook for the specified API function, in disabled state. + // Parameters: + // pszModule [in] A pointer to the loaded module name which contains the + // target function. + // pszProcName [in] A pointer to the target function name, which will be + // overridden by the detour function. + // pDetour [in] A pointer to the detour function, which will override + // the target function. + // ppOriginal [out] A pointer to the trampoline function, which will be + // used to call the original target function. + // This parameter can be NULL. + MH_STATUS WINAPI MH_CreateHookApi( + LPCWSTR pszModule, LPCSTR pszProcName, LPVOID pDetour, LPVOID *ppOriginal); + + // Creates a hook for the specified API function, in disabled state. + // Parameters: + // pszModule [in] A pointer to the loaded module name which contains the + // target function. + // pszProcName [in] A pointer to the target function name, which will be + // overridden by the detour function. + // pDetour [in] A pointer to the detour function, which will override + // the target function. + // ppOriginal [out] A pointer to the trampoline function, which will be + // used to call the original target function. + // This parameter can be NULL. + // ppTarget [out] A pointer to the target function, which will be used + // with other functions. + // This parameter can be NULL. + MH_STATUS WINAPI MH_CreateHookApiEx( + LPCWSTR pszModule, LPCSTR pszProcName, LPVOID pDetour, LPVOID *ppOriginal, LPVOID *ppTarget); + + // Removes an already created hook. + // Parameters: + // pTarget [in] A pointer to the target function. + MH_STATUS WINAPI MH_RemoveHook(LPVOID pTarget); + + // Enables an already created hook. + // Parameters: + // pTarget [in] A pointer to the target function. + // If this parameter is MH_ALL_HOOKS, all created hooks are + // enabled in one go. + MH_STATUS WINAPI MH_EnableHook(LPVOID pTarget); + + // Disables an already created hook. + // Parameters: + // pTarget [in] A pointer to the target function. + // If this parameter is MH_ALL_HOOKS, all created hooks are + // disabled in one go. + MH_STATUS WINAPI MH_DisableHook(LPVOID pTarget); + + // Queues to enable an already created hook. + // Parameters: + // pTarget [in] A pointer to the target function. + // If this parameter is MH_ALL_HOOKS, all created hooks are + // queued to be enabled. + MH_STATUS WINAPI MH_QueueEnableHook(LPVOID pTarget); + + // Queues to disable an already created hook. + // Parameters: + // pTarget [in] A pointer to the target function. + // If this parameter is MH_ALL_HOOKS, all created hooks are + // queued to be disabled. + MH_STATUS WINAPI MH_QueueDisableHook(LPVOID pTarget); + + // Applies all queued changes in one go. + MH_STATUS WINAPI MH_ApplyQueued(VOID); + + // Translates the MH_STATUS to its name as a string. + const char * WINAPI MH_StatusToString(MH_STATUS status); + +#ifdef __cplusplus +} +#endif diff --git a/libs/minhook/src/buffer.c b/libs/minhook/src/buffer.c new file mode 100644 index 0000000..55412b0 --- /dev/null +++ b/libs/minhook/src/buffer.c @@ -0,0 +1,312 @@ +/* + * MinHook - The Minimalistic API Hooking Library for x64/x86 + * Copyright (C) 2009-2017 Tsuda Kageyu. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER + * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include +#include "buffer.h" + +// Size of each memory block. (= page size of VirtualAlloc) +#define MEMORY_BLOCK_SIZE 0x1000 + +// Max range for seeking a memory block. (= 1024MB) +#define MAX_MEMORY_RANGE 0x40000000 + +// Memory protection flags to check the executable address. +#define PAGE_EXECUTE_FLAGS \ + (PAGE_EXECUTE | PAGE_EXECUTE_READ | PAGE_EXECUTE_READWRITE | PAGE_EXECUTE_WRITECOPY) + +// Memory slot. +typedef struct _MEMORY_SLOT +{ + union + { + struct _MEMORY_SLOT *pNext; + UINT8 buffer[MEMORY_SLOT_SIZE]; + }; +} MEMORY_SLOT, *PMEMORY_SLOT; + +// Memory block info. Placed at the head of each block. +typedef struct _MEMORY_BLOCK +{ + struct _MEMORY_BLOCK *pNext; + PMEMORY_SLOT pFree; // First element of the free slot list. + UINT usedCount; +} MEMORY_BLOCK, *PMEMORY_BLOCK; + +//------------------------------------------------------------------------- +// Global Variables: +//------------------------------------------------------------------------- + +// First element of the memory block list. +PMEMORY_BLOCK g_pMemoryBlocks; + +//------------------------------------------------------------------------- +VOID InitializeBuffer(VOID) +{ + // Nothing to do for now. +} + +//------------------------------------------------------------------------- +VOID UninitializeBuffer(VOID) +{ + PMEMORY_BLOCK pBlock = g_pMemoryBlocks; + g_pMemoryBlocks = NULL; + + while (pBlock) + { + PMEMORY_BLOCK pNext = pBlock->pNext; + VirtualFree(pBlock, 0, MEM_RELEASE); + pBlock = pNext; + } +} + +//------------------------------------------------------------------------- +#if defined(_M_X64) || defined(__x86_64__) +static LPVOID FindPrevFreeRegion(LPVOID pAddress, LPVOID pMinAddr, DWORD dwAllocationGranularity) +{ + ULONG_PTR tryAddr = (ULONG_PTR)pAddress; + + // Round down to the allocation granularity. + tryAddr -= tryAddr % dwAllocationGranularity; + + // Start from the previous allocation granularity multiply. + tryAddr -= dwAllocationGranularity; + + while (tryAddr >= (ULONG_PTR)pMinAddr) + { + MEMORY_BASIC_INFORMATION mbi; + if (VirtualQuery((LPVOID)tryAddr, &mbi, sizeof(mbi)) == 0) + break; + + if (mbi.State == MEM_FREE) + return (LPVOID)tryAddr; + + if ((ULONG_PTR)mbi.AllocationBase < dwAllocationGranularity) + break; + + tryAddr = (ULONG_PTR)mbi.AllocationBase - dwAllocationGranularity; + } + + return NULL; +} +#endif + +//------------------------------------------------------------------------- +#if defined(_M_X64) || defined(__x86_64__) +static LPVOID FindNextFreeRegion(LPVOID pAddress, LPVOID pMaxAddr, DWORD dwAllocationGranularity) +{ + ULONG_PTR tryAddr = (ULONG_PTR)pAddress; + + // Round down to the allocation granularity. + tryAddr -= tryAddr % dwAllocationGranularity; + + // Start from the next allocation granularity multiply. + tryAddr += dwAllocationGranularity; + + while (tryAddr <= (ULONG_PTR)pMaxAddr) + { + MEMORY_BASIC_INFORMATION mbi; + if (VirtualQuery((LPVOID)tryAddr, &mbi, sizeof(mbi)) == 0) + break; + + if (mbi.State == MEM_FREE) + return (LPVOID)tryAddr; + + tryAddr = (ULONG_PTR)mbi.BaseAddress + mbi.RegionSize; + + // Round up to the next allocation granularity. + tryAddr += dwAllocationGranularity - 1; + tryAddr -= tryAddr % dwAllocationGranularity; + } + + return NULL; +} +#endif + +//------------------------------------------------------------------------- +static PMEMORY_BLOCK GetMemoryBlock(LPVOID pOrigin) +{ + PMEMORY_BLOCK pBlock; +#if defined(_M_X64) || defined(__x86_64__) + ULONG_PTR minAddr; + ULONG_PTR maxAddr; + + SYSTEM_INFO si; + GetSystemInfo(&si); + minAddr = (ULONG_PTR)si.lpMinimumApplicationAddress; + maxAddr = (ULONG_PTR)si.lpMaximumApplicationAddress; + + // pOrigin ± 512MB + if ((ULONG_PTR)pOrigin > MAX_MEMORY_RANGE && minAddr < (ULONG_PTR)pOrigin - MAX_MEMORY_RANGE) + minAddr = (ULONG_PTR)pOrigin - MAX_MEMORY_RANGE; + + if (maxAddr > (ULONG_PTR)pOrigin + MAX_MEMORY_RANGE) + maxAddr = (ULONG_PTR)pOrigin + MAX_MEMORY_RANGE; + + // Make room for MEMORY_BLOCK_SIZE bytes. + maxAddr -= MEMORY_BLOCK_SIZE - 1; +#endif + + // Look the registered blocks for a reachable one. + for (pBlock = g_pMemoryBlocks; pBlock != NULL; pBlock = pBlock->pNext) + { +#if defined(_M_X64) || defined(__x86_64__) + // Ignore the blocks too far. + if ((ULONG_PTR)pBlock < minAddr || (ULONG_PTR)pBlock >= maxAddr) + continue; +#endif + // The block has at least one unused slot. + if (pBlock->pFree != NULL) + return pBlock; + } + +#if defined(_M_X64) || defined(__x86_64__) + // Alloc a new block above if not found. + { + LPVOID pAlloc = pOrigin; + while ((ULONG_PTR)pAlloc >= minAddr) + { + pAlloc = FindPrevFreeRegion(pAlloc, (LPVOID)minAddr, si.dwAllocationGranularity); + if (pAlloc == NULL) + break; + + pBlock = (PMEMORY_BLOCK)VirtualAlloc( + pAlloc, MEMORY_BLOCK_SIZE, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE); + if (pBlock != NULL) + break; + } + } + + // Alloc a new block below if not found. + if (pBlock == NULL) + { + LPVOID pAlloc = pOrigin; + while ((ULONG_PTR)pAlloc <= maxAddr) + { + pAlloc = FindNextFreeRegion(pAlloc, (LPVOID)maxAddr, si.dwAllocationGranularity); + if (pAlloc == NULL) + break; + + pBlock = (PMEMORY_BLOCK)VirtualAlloc( + pAlloc, MEMORY_BLOCK_SIZE, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE); + if (pBlock != NULL) + break; + } + } +#else + // In x86 mode, a memory block can be placed anywhere. + pBlock = (PMEMORY_BLOCK)VirtualAlloc( + NULL, MEMORY_BLOCK_SIZE, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE); +#endif + + if (pBlock != NULL) + { + // Build a linked list of all the slots. + PMEMORY_SLOT pSlot = (PMEMORY_SLOT)pBlock + 1; + pBlock->pFree = NULL; + pBlock->usedCount = 0; + do + { + pSlot->pNext = pBlock->pFree; + pBlock->pFree = pSlot; + pSlot++; + } while ((ULONG_PTR)pSlot - (ULONG_PTR)pBlock <= MEMORY_BLOCK_SIZE - MEMORY_SLOT_SIZE); + + pBlock->pNext = g_pMemoryBlocks; + g_pMemoryBlocks = pBlock; + } + + return pBlock; +} + +//------------------------------------------------------------------------- +LPVOID AllocateBuffer(LPVOID pOrigin) +{ + PMEMORY_SLOT pSlot; + PMEMORY_BLOCK pBlock = GetMemoryBlock(pOrigin); + if (pBlock == NULL) + return NULL; + + // Remove an unused slot from the list. + pSlot = pBlock->pFree; + pBlock->pFree = pSlot->pNext; + pBlock->usedCount++; +#ifdef _DEBUG + // Fill the slot with INT3 for debugging. + memset(pSlot, 0xCC, sizeof(MEMORY_SLOT)); +#endif + return pSlot; +} + +//------------------------------------------------------------------------- +VOID FreeBuffer(LPVOID pBuffer) +{ + PMEMORY_BLOCK pBlock = g_pMemoryBlocks; + PMEMORY_BLOCK pPrev = NULL; + ULONG_PTR pTargetBlock = ((ULONG_PTR)pBuffer / MEMORY_BLOCK_SIZE) * MEMORY_BLOCK_SIZE; + + while (pBlock != NULL) + { + if ((ULONG_PTR)pBlock == pTargetBlock) + { + PMEMORY_SLOT pSlot = (PMEMORY_SLOT)pBuffer; +#ifdef _DEBUG + // Clear the released slot for debugging. + memset(pSlot, 0x00, sizeof(MEMORY_SLOT)); +#endif + // Restore the released slot to the list. + pSlot->pNext = pBlock->pFree; + pBlock->pFree = pSlot; + pBlock->usedCount--; + + // Free if unused. + if (pBlock->usedCount == 0) + { + if (pPrev) + pPrev->pNext = pBlock->pNext; + else + g_pMemoryBlocks = pBlock->pNext; + + VirtualFree(pBlock, 0, MEM_RELEASE); + } + + break; + } + + pPrev = pBlock; + pBlock = pBlock->pNext; + } +} + +//------------------------------------------------------------------------- +BOOL IsExecutableAddress(LPVOID pAddress) +{ + MEMORY_BASIC_INFORMATION mi; + VirtualQuery(pAddress, &mi, sizeof(mi)); + + return (mi.State == MEM_COMMIT && (mi.Protect & PAGE_EXECUTE_FLAGS)); +} diff --git a/libs/minhook/src/buffer.h b/libs/minhook/src/buffer.h new file mode 100644 index 0000000..204d551 --- /dev/null +++ b/libs/minhook/src/buffer.h @@ -0,0 +1,42 @@ +/* + * MinHook - The Minimalistic API Hooking Library for x64/x86 + * Copyright (C) 2009-2017 Tsuda Kageyu. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER + * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#pragma once + +// Size of each memory slot. +#if defined(_M_X64) || defined(__x86_64__) + #define MEMORY_SLOT_SIZE 64 +#else + #define MEMORY_SLOT_SIZE 32 +#endif + +VOID InitializeBuffer(VOID); +VOID UninitializeBuffer(VOID); +LPVOID AllocateBuffer(LPVOID pOrigin); +VOID FreeBuffer(LPVOID pBuffer); +BOOL IsExecutableAddress(LPVOID pAddress); diff --git a/libs/minhook/src/hde/hde32.c b/libs/minhook/src/hde/hde32.c new file mode 100644 index 0000000..eb6af9b --- /dev/null +++ b/libs/minhook/src/hde/hde32.c @@ -0,0 +1,324 @@ +/* + * Hacker Disassembler Engine 32 C + * Copyright (c) 2008-2009, Vyacheslav Patkov. + * All rights reserved. + * + */ + +#if defined(_M_IX86) || defined(__i386__) + +#include +#include "hde32.h" +#include "table32.h" + +unsigned int hde32_disasm(const void *code, hde32s *hs) +{ + uint8_t x, c, *p = (uint8_t *)code, cflags, opcode, pref = 0; + uint8_t *ht = hde32_table, m_mod, m_reg, m_rm, disp_size = 0; + + memset(hs, 0, sizeof(hde32s)); + + for (x = 16; x; x--) + switch (c = *p++) { + case 0xf3: + hs->p_rep = c; + pref |= PRE_F3; + break; + case 0xf2: + hs->p_rep = c; + pref |= PRE_F2; + break; + case 0xf0: + hs->p_lock = c; + pref |= PRE_LOCK; + break; + case 0x26: case 0x2e: case 0x36: + case 0x3e: case 0x64: case 0x65: + hs->p_seg = c; + pref |= PRE_SEG; + break; + case 0x66: + hs->p_66 = c; + pref |= PRE_66; + break; + case 0x67: + hs->p_67 = c; + pref |= PRE_67; + break; + default: + goto pref_done; + } + pref_done: + + hs->flags = (uint32_t)pref << 23; + + if (!pref) + pref |= PRE_NONE; + + if ((hs->opcode = c) == 0x0f) { + hs->opcode2 = c = *p++; + ht += DELTA_OPCODES; + } else if (c >= 0xa0 && c <= 0xa3) { + if (pref & PRE_67) + pref |= PRE_66; + else + pref &= ~PRE_66; + } + + opcode = c; + cflags = ht[ht[opcode / 4] + (opcode % 4)]; + + if (cflags == C_ERROR) { + hs->flags |= F_ERROR | F_ERROR_OPCODE; + cflags = 0; + if ((opcode & -3) == 0x24) + cflags++; + } + + x = 0; + if (cflags & C_GROUP) { + uint16_t t; + t = *(uint16_t *)(ht + (cflags & 0x7f)); + cflags = (uint8_t)t; + x = (uint8_t)(t >> 8); + } + + if (hs->opcode2) { + ht = hde32_table + DELTA_PREFIXES; + if (ht[ht[opcode / 4] + (opcode % 4)] & pref) + hs->flags |= F_ERROR | F_ERROR_OPCODE; + } + + if (cflags & C_MODRM) { + hs->flags |= F_MODRM; + hs->modrm = c = *p++; + hs->modrm_mod = m_mod = c >> 6; + hs->modrm_rm = m_rm = c & 7; + hs->modrm_reg = m_reg = (c & 0x3f) >> 3; + + if (x && ((x << m_reg) & 0x80)) + hs->flags |= F_ERROR | F_ERROR_OPCODE; + + if (!hs->opcode2 && opcode >= 0xd9 && opcode <= 0xdf) { + uint8_t t = opcode - 0xd9; + if (m_mod == 3) { + ht = hde32_table + DELTA_FPU_MODRM + t*8; + t = ht[m_reg] << m_rm; + } else { + ht = hde32_table + DELTA_FPU_REG; + t = ht[t] << m_reg; + } + if (t & 0x80) + hs->flags |= F_ERROR | F_ERROR_OPCODE; + } + + if (pref & PRE_LOCK) { + if (m_mod == 3) { + hs->flags |= F_ERROR | F_ERROR_LOCK; + } else { + uint8_t *table_end, op = opcode; + if (hs->opcode2) { + ht = hde32_table + DELTA_OP2_LOCK_OK; + table_end = ht + DELTA_OP_ONLY_MEM - DELTA_OP2_LOCK_OK; + } else { + ht = hde32_table + DELTA_OP_LOCK_OK; + table_end = ht + DELTA_OP2_LOCK_OK - DELTA_OP_LOCK_OK; + op &= -2; + } + for (; ht != table_end; ht++) + if (*ht++ == op) { + if (!((*ht << m_reg) & 0x80)) + goto no_lock_error; + else + break; + } + hs->flags |= F_ERROR | F_ERROR_LOCK; + no_lock_error: + ; + } + } + + if (hs->opcode2) { + switch (opcode) { + case 0x20: case 0x22: + m_mod = 3; + if (m_reg > 4 || m_reg == 1) + goto error_operand; + else + goto no_error_operand; + case 0x21: case 0x23: + m_mod = 3; + if (m_reg == 4 || m_reg == 5) + goto error_operand; + else + goto no_error_operand; + } + } else { + switch (opcode) { + case 0x8c: + if (m_reg > 5) + goto error_operand; + else + goto no_error_operand; + case 0x8e: + if (m_reg == 1 || m_reg > 5) + goto error_operand; + else + goto no_error_operand; + } + } + + if (m_mod == 3) { + uint8_t *table_end; + if (hs->opcode2) { + ht = hde32_table + DELTA_OP2_ONLY_MEM; + table_end = ht + sizeof(hde32_table) - DELTA_OP2_ONLY_MEM; + } else { + ht = hde32_table + DELTA_OP_ONLY_MEM; + table_end = ht + DELTA_OP2_ONLY_MEM - DELTA_OP_ONLY_MEM; + } + for (; ht != table_end; ht += 2) + if (*ht++ == opcode) { + if ((*ht++ & pref) && !((*ht << m_reg) & 0x80)) + goto error_operand; + else + break; + } + goto no_error_operand; + } else if (hs->opcode2) { + switch (opcode) { + case 0x50: case 0xd7: case 0xf7: + if (pref & (PRE_NONE | PRE_66)) + goto error_operand; + break; + case 0xd6: + if (pref & (PRE_F2 | PRE_F3)) + goto error_operand; + break; + case 0xc5: + goto error_operand; + } + goto no_error_operand; + } else + goto no_error_operand; + + error_operand: + hs->flags |= F_ERROR | F_ERROR_OPERAND; + no_error_operand: + + c = *p++; + if (m_reg <= 1) { + if (opcode == 0xf6) + cflags |= C_IMM8; + else if (opcode == 0xf7) + cflags |= C_IMM_P66; + } + + switch (m_mod) { + case 0: + if (pref & PRE_67) { + if (m_rm == 6) + disp_size = 2; + } else + if (m_rm == 5) + disp_size = 4; + break; + case 1: + disp_size = 1; + break; + case 2: + disp_size = 2; + if (!(pref & PRE_67)) + disp_size <<= 1; + break; + } + + if (m_mod != 3 && m_rm == 4 && !(pref & PRE_67)) { + hs->flags |= F_SIB; + p++; + hs->sib = c; + hs->sib_scale = c >> 6; + hs->sib_index = (c & 0x3f) >> 3; + if ((hs->sib_base = c & 7) == 5 && !(m_mod & 1)) + disp_size = 4; + } + + p--; + switch (disp_size) { + case 1: + hs->flags |= F_DISP8; + hs->disp.disp8 = *p; + break; + case 2: + hs->flags |= F_DISP16; + hs->disp.disp16 = *(uint16_t *)p; + break; + case 4: + hs->flags |= F_DISP32; + hs->disp.disp32 = *(uint32_t *)p; + break; + } + p += disp_size; + } else if (pref & PRE_LOCK) + hs->flags |= F_ERROR | F_ERROR_LOCK; + + if (cflags & C_IMM_P66) { + if (cflags & C_REL32) { + if (pref & PRE_66) { + hs->flags |= F_IMM16 | F_RELATIVE; + hs->imm.imm16 = *(uint16_t *)p; + p += 2; + goto disasm_done; + } + goto rel32_ok; + } + if (pref & PRE_66) { + hs->flags |= F_IMM16; + hs->imm.imm16 = *(uint16_t *)p; + p += 2; + } else { + hs->flags |= F_IMM32; + hs->imm.imm32 = *(uint32_t *)p; + p += 4; + } + } + + if (cflags & C_IMM16) { + if (hs->flags & F_IMM32) { + hs->flags |= F_IMM16; + hs->disp.disp16 = *(uint16_t *)p; + } else if (hs->flags & F_IMM16) { + hs->flags |= F_2IMM16; + hs->disp.disp16 = *(uint16_t *)p; + } else { + hs->flags |= F_IMM16; + hs->imm.imm16 = *(uint16_t *)p; + } + p += 2; + } + if (cflags & C_IMM8) { + hs->flags |= F_IMM8; + hs->imm.imm8 = *p++; + } + + if (cflags & C_REL32) { + rel32_ok: + hs->flags |= F_IMM32 | F_RELATIVE; + hs->imm.imm32 = *(uint32_t *)p; + p += 4; + } else if (cflags & C_REL8) { + hs->flags |= F_IMM8 | F_RELATIVE; + hs->imm.imm8 = *p++; + } + + disasm_done: + + if ((hs->len = (uint8_t)(p-(uint8_t *)code)) > 15) { + hs->flags |= F_ERROR | F_ERROR_LENGTH; + hs->len = 15; + } + + return (unsigned int)hs->len; +} + +#endif // defined(_M_IX86) || defined(__i386__) diff --git a/libs/minhook/src/hde/hde32.h b/libs/minhook/src/hde/hde32.h new file mode 100644 index 0000000..1112450 --- /dev/null +++ b/libs/minhook/src/hde/hde32.h @@ -0,0 +1,105 @@ +/* + * Hacker Disassembler Engine 32 + * Copyright (c) 2006-2009, Vyacheslav Patkov. + * All rights reserved. + * + * hde32.h: C/C++ header file + * + */ + +#ifndef _HDE32_H_ +#define _HDE32_H_ + +/* stdint.h - C99 standard header + * http://en.wikipedia.org/wiki/stdint.h + * + * if your compiler doesn't contain "stdint.h" header (for + * example, Microsoft Visual C++), you can download file: + * http://www.azillionmonkeys.com/qed/pstdint.h + * and change next line to: + * #include "pstdint.h" + */ +#include "pstdint.h" + +#define F_MODRM 0x00000001 +#define F_SIB 0x00000002 +#define F_IMM8 0x00000004 +#define F_IMM16 0x00000008 +#define F_IMM32 0x00000010 +#define F_DISP8 0x00000020 +#define F_DISP16 0x00000040 +#define F_DISP32 0x00000080 +#define F_RELATIVE 0x00000100 +#define F_2IMM16 0x00000800 +#define F_ERROR 0x00001000 +#define F_ERROR_OPCODE 0x00002000 +#define F_ERROR_LENGTH 0x00004000 +#define F_ERROR_LOCK 0x00008000 +#define F_ERROR_OPERAND 0x00010000 +#define F_PREFIX_REPNZ 0x01000000 +#define F_PREFIX_REPX 0x02000000 +#define F_PREFIX_REP 0x03000000 +#define F_PREFIX_66 0x04000000 +#define F_PREFIX_67 0x08000000 +#define F_PREFIX_LOCK 0x10000000 +#define F_PREFIX_SEG 0x20000000 +#define F_PREFIX_ANY 0x3f000000 + +#define PREFIX_SEGMENT_CS 0x2e +#define PREFIX_SEGMENT_SS 0x36 +#define PREFIX_SEGMENT_DS 0x3e +#define PREFIX_SEGMENT_ES 0x26 +#define PREFIX_SEGMENT_FS 0x64 +#define PREFIX_SEGMENT_GS 0x65 +#define PREFIX_LOCK 0xf0 +#define PREFIX_REPNZ 0xf2 +#define PREFIX_REPX 0xf3 +#define PREFIX_OPERAND_SIZE 0x66 +#define PREFIX_ADDRESS_SIZE 0x67 + +#pragma pack(push,1) + +typedef struct { + uint8_t len; + uint8_t p_rep; + uint8_t p_lock; + uint8_t p_seg; + uint8_t p_66; + uint8_t p_67; + uint8_t opcode; + uint8_t opcode2; + uint8_t modrm; + uint8_t modrm_mod; + uint8_t modrm_reg; + uint8_t modrm_rm; + uint8_t sib; + uint8_t sib_scale; + uint8_t sib_index; + uint8_t sib_base; + union { + uint8_t imm8; + uint16_t imm16; + uint32_t imm32; + } imm; + union { + uint8_t disp8; + uint16_t disp16; + uint32_t disp32; + } disp; + uint32_t flags; +} hde32s; + +#pragma pack(pop) + +#ifdef __cplusplus +extern "C" { +#endif + +/* __cdecl */ +unsigned int hde32_disasm(const void *code, hde32s *hs); + +#ifdef __cplusplus +} +#endif + +#endif /* _HDE32_H_ */ diff --git a/libs/minhook/src/hde/hde64.c b/libs/minhook/src/hde/hde64.c new file mode 100644 index 0000000..55a702e --- /dev/null +++ b/libs/minhook/src/hde/hde64.c @@ -0,0 +1,333 @@ +/* + * Hacker Disassembler Engine 64 C + * Copyright (c) 2008-2009, Vyacheslav Patkov. + * All rights reserved. + * + */ + +#if defined(_M_X64) || defined(__x86_64__) + +#include +#include "hde64.h" +#include "table64.h" + +unsigned int hde64_disasm(const void *code, hde64s *hs) +{ + uint8_t x, c, *p = (uint8_t *)code, cflags, opcode, pref = 0; + uint8_t *ht = hde64_table, m_mod, m_reg, m_rm, disp_size = 0; + uint8_t op64 = 0; + + memset(hs, 0, sizeof(hde64s)); + + for (x = 16; x; x--) + switch (c = *p++) { + case 0xf3: + hs->p_rep = c; + pref |= PRE_F3; + break; + case 0xf2: + hs->p_rep = c; + pref |= PRE_F2; + break; + case 0xf0: + hs->p_lock = c; + pref |= PRE_LOCK; + break; + case 0x26: case 0x2e: case 0x36: + case 0x3e: case 0x64: case 0x65: + hs->p_seg = c; + pref |= PRE_SEG; + break; + case 0x66: + hs->p_66 = c; + pref |= PRE_66; + break; + case 0x67: + hs->p_67 = c; + pref |= PRE_67; + break; + default: + goto pref_done; + } + pref_done: + + hs->flags = (uint32_t)pref << 23; + + if (!pref) + pref |= PRE_NONE; + + if ((c & 0xf0) == 0x40) { + hs->flags |= F_PREFIX_REX; + if ((hs->rex_w = (c & 0xf) >> 3) && (*p & 0xf8) == 0xb8) + op64++; + hs->rex_r = (c & 7) >> 2; + hs->rex_x = (c & 3) >> 1; + hs->rex_b = c & 1; + if (((c = *p++) & 0xf0) == 0x40) { + opcode = c; + goto error_opcode; + } + } + + if ((hs->opcode = c) == 0x0f) { + hs->opcode2 = c = *p++; + ht += DELTA_OPCODES; + } else if (c >= 0xa0 && c <= 0xa3) { + op64++; + if (pref & PRE_67) + pref |= PRE_66; + else + pref &= ~PRE_66; + } + + opcode = c; + cflags = ht[ht[opcode / 4] + (opcode % 4)]; + + if (cflags == C_ERROR) { + error_opcode: + hs->flags |= F_ERROR | F_ERROR_OPCODE; + cflags = 0; + if ((opcode & -3) == 0x24) + cflags++; + } + + x = 0; + if (cflags & C_GROUP) { + uint16_t t; + t = *(uint16_t *)(ht + (cflags & 0x7f)); + cflags = (uint8_t)t; + x = (uint8_t)(t >> 8); + } + + if (hs->opcode2) { + ht = hde64_table + DELTA_PREFIXES; + if (ht[ht[opcode / 4] + (opcode % 4)] & pref) + hs->flags |= F_ERROR | F_ERROR_OPCODE; + } + + if (cflags & C_MODRM) { + hs->flags |= F_MODRM; + hs->modrm = c = *p++; + hs->modrm_mod = m_mod = c >> 6; + hs->modrm_rm = m_rm = c & 7; + hs->modrm_reg = m_reg = (c & 0x3f) >> 3; + + if (x && ((x << m_reg) & 0x80)) + hs->flags |= F_ERROR | F_ERROR_OPCODE; + + if (!hs->opcode2 && opcode >= 0xd9 && opcode <= 0xdf) { + uint8_t t = opcode - 0xd9; + if (m_mod == 3) { + ht = hde64_table + DELTA_FPU_MODRM + t*8; + t = ht[m_reg] << m_rm; + } else { + ht = hde64_table + DELTA_FPU_REG; + t = ht[t] << m_reg; + } + if (t & 0x80) + hs->flags |= F_ERROR | F_ERROR_OPCODE; + } + + if (pref & PRE_LOCK) { + if (m_mod == 3) { + hs->flags |= F_ERROR | F_ERROR_LOCK; + } else { + uint8_t *table_end, op = opcode; + if (hs->opcode2) { + ht = hde64_table + DELTA_OP2_LOCK_OK; + table_end = ht + DELTA_OP_ONLY_MEM - DELTA_OP2_LOCK_OK; + } else { + ht = hde64_table + DELTA_OP_LOCK_OK; + table_end = ht + DELTA_OP2_LOCK_OK - DELTA_OP_LOCK_OK; + op &= -2; + } + for (; ht != table_end; ht++) + if (*ht++ == op) { + if (!((*ht << m_reg) & 0x80)) + goto no_lock_error; + else + break; + } + hs->flags |= F_ERROR | F_ERROR_LOCK; + no_lock_error: + ; + } + } + + if (hs->opcode2) { + switch (opcode) { + case 0x20: case 0x22: + m_mod = 3; + if (m_reg > 4 || m_reg == 1) + goto error_operand; + else + goto no_error_operand; + case 0x21: case 0x23: + m_mod = 3; + if (m_reg == 4 || m_reg == 5) + goto error_operand; + else + goto no_error_operand; + } + } else { + switch (opcode) { + case 0x8c: + if (m_reg > 5) + goto error_operand; + else + goto no_error_operand; + case 0x8e: + if (m_reg == 1 || m_reg > 5) + goto error_operand; + else + goto no_error_operand; + } + } + + if (m_mod == 3) { + uint8_t *table_end; + if (hs->opcode2) { + ht = hde64_table + DELTA_OP2_ONLY_MEM; + table_end = ht + sizeof(hde64_table) - DELTA_OP2_ONLY_MEM; + } else { + ht = hde64_table + DELTA_OP_ONLY_MEM; + table_end = ht + DELTA_OP2_ONLY_MEM - DELTA_OP_ONLY_MEM; + } + for (; ht != table_end; ht += 2) + if (*ht++ == opcode) { + if (*ht++ & pref && !((*ht << m_reg) & 0x80)) + goto error_operand; + else + break; + } + goto no_error_operand; + } else if (hs->opcode2) { + switch (opcode) { + case 0x50: case 0xd7: case 0xf7: + if (pref & (PRE_NONE | PRE_66)) + goto error_operand; + break; + case 0xd6: + if (pref & (PRE_F2 | PRE_F3)) + goto error_operand; + break; + case 0xc5: + goto error_operand; + } + goto no_error_operand; + } else + goto no_error_operand; + + error_operand: + hs->flags |= F_ERROR | F_ERROR_OPERAND; + no_error_operand: + + c = *p++; + if (m_reg <= 1) { + if (opcode == 0xf6) + cflags |= C_IMM8; + else if (opcode == 0xf7) + cflags |= C_IMM_P66; + } + + switch (m_mod) { + case 0: + if (pref & PRE_67) { + if (m_rm == 6) + disp_size = 2; + } else + if (m_rm == 5) + disp_size = 4; + break; + case 1: + disp_size = 1; + break; + case 2: + disp_size = 2; + if (!(pref & PRE_67)) + disp_size <<= 1; + } + + if (m_mod != 3 && m_rm == 4) { + hs->flags |= F_SIB; + p++; + hs->sib = c; + hs->sib_scale = c >> 6; + hs->sib_index = (c & 0x3f) >> 3; + if ((hs->sib_base = c & 7) == 5 && !(m_mod & 1)) + disp_size = 4; + } + + p--; + switch (disp_size) { + case 1: + hs->flags |= F_DISP8; + hs->disp.disp8 = *p; + break; + case 2: + hs->flags |= F_DISP16; + hs->disp.disp16 = *(uint16_t *)p; + break; + case 4: + hs->flags |= F_DISP32; + hs->disp.disp32 = *(uint32_t *)p; + } + p += disp_size; + } else if (pref & PRE_LOCK) + hs->flags |= F_ERROR | F_ERROR_LOCK; + + if (cflags & C_IMM_P66) { + if (cflags & C_REL32) { + if (pref & PRE_66) { + hs->flags |= F_IMM16 | F_RELATIVE; + hs->imm.imm16 = *(uint16_t *)p; + p += 2; + goto disasm_done; + } + goto rel32_ok; + } + if (op64) { + hs->flags |= F_IMM64; + hs->imm.imm64 = *(uint64_t *)p; + p += 8; + } else if (!(pref & PRE_66)) { + hs->flags |= F_IMM32; + hs->imm.imm32 = *(uint32_t *)p; + p += 4; + } else + goto imm16_ok; + } + + + if (cflags & C_IMM16) { + imm16_ok: + hs->flags |= F_IMM16; + hs->imm.imm16 = *(uint16_t *)p; + p += 2; + } + if (cflags & C_IMM8) { + hs->flags |= F_IMM8; + hs->imm.imm8 = *p++; + } + + if (cflags & C_REL32) { + rel32_ok: + hs->flags |= F_IMM32 | F_RELATIVE; + hs->imm.imm32 = *(uint32_t *)p; + p += 4; + } else if (cflags & C_REL8) { + hs->flags |= F_IMM8 | F_RELATIVE; + hs->imm.imm8 = *p++; + } + + disasm_done: + + if ((hs->len = (uint8_t)(p-(uint8_t *)code)) > 15) { + hs->flags |= F_ERROR | F_ERROR_LENGTH; + hs->len = 15; + } + + return (unsigned int)hs->len; +} + +#endif // defined(_M_X64) || defined(__x86_64__) diff --git a/libs/minhook/src/hde/hde64.h b/libs/minhook/src/hde/hde64.h new file mode 100644 index 0000000..ecbf4df --- /dev/null +++ b/libs/minhook/src/hde/hde64.h @@ -0,0 +1,112 @@ +/* + * Hacker Disassembler Engine 64 + * Copyright (c) 2008-2009, Vyacheslav Patkov. + * All rights reserved. + * + * hde64.h: C/C++ header file + * + */ + +#ifndef _HDE64_H_ +#define _HDE64_H_ + +/* stdint.h - C99 standard header + * http://en.wikipedia.org/wiki/stdint.h + * + * if your compiler doesn't contain "stdint.h" header (for + * example, Microsoft Visual C++), you can download file: + * http://www.azillionmonkeys.com/qed/pstdint.h + * and change next line to: + * #include "pstdint.h" + */ +#include "pstdint.h" + +#define F_MODRM 0x00000001 +#define F_SIB 0x00000002 +#define F_IMM8 0x00000004 +#define F_IMM16 0x00000008 +#define F_IMM32 0x00000010 +#define F_IMM64 0x00000020 +#define F_DISP8 0x00000040 +#define F_DISP16 0x00000080 +#define F_DISP32 0x00000100 +#define F_RELATIVE 0x00000200 +#define F_ERROR 0x00001000 +#define F_ERROR_OPCODE 0x00002000 +#define F_ERROR_LENGTH 0x00004000 +#define F_ERROR_LOCK 0x00008000 +#define F_ERROR_OPERAND 0x00010000 +#define F_PREFIX_REPNZ 0x01000000 +#define F_PREFIX_REPX 0x02000000 +#define F_PREFIX_REP 0x03000000 +#define F_PREFIX_66 0x04000000 +#define F_PREFIX_67 0x08000000 +#define F_PREFIX_LOCK 0x10000000 +#define F_PREFIX_SEG 0x20000000 +#define F_PREFIX_REX 0x40000000 +#define F_PREFIX_ANY 0x7f000000 + +#define PREFIX_SEGMENT_CS 0x2e +#define PREFIX_SEGMENT_SS 0x36 +#define PREFIX_SEGMENT_DS 0x3e +#define PREFIX_SEGMENT_ES 0x26 +#define PREFIX_SEGMENT_FS 0x64 +#define PREFIX_SEGMENT_GS 0x65 +#define PREFIX_LOCK 0xf0 +#define PREFIX_REPNZ 0xf2 +#define PREFIX_REPX 0xf3 +#define PREFIX_OPERAND_SIZE 0x66 +#define PREFIX_ADDRESS_SIZE 0x67 + +#pragma pack(push,1) + +typedef struct { + uint8_t len; + uint8_t p_rep; + uint8_t p_lock; + uint8_t p_seg; + uint8_t p_66; + uint8_t p_67; + uint8_t rex; + uint8_t rex_w; + uint8_t rex_r; + uint8_t rex_x; + uint8_t rex_b; + uint8_t opcode; + uint8_t opcode2; + uint8_t modrm; + uint8_t modrm_mod; + uint8_t modrm_reg; + uint8_t modrm_rm; + uint8_t sib; + uint8_t sib_scale; + uint8_t sib_index; + uint8_t sib_base; + union { + uint8_t imm8; + uint16_t imm16; + uint32_t imm32; + uint64_t imm64; + } imm; + union { + uint8_t disp8; + uint16_t disp16; + uint32_t disp32; + } disp; + uint32_t flags; +} hde64s; + +#pragma pack(pop) + +#ifdef __cplusplus +extern "C" { +#endif + +/* __cdecl */ +unsigned int hde64_disasm(const void *code, hde64s *hs); + +#ifdef __cplusplus +} +#endif + +#endif /* _HDE64_H_ */ diff --git a/libs/minhook/src/hde/pstdint.h b/libs/minhook/src/hde/pstdint.h new file mode 100644 index 0000000..84d82a0 --- /dev/null +++ b/libs/minhook/src/hde/pstdint.h @@ -0,0 +1,39 @@ +/* + * MinHook - The Minimalistic API Hooking Library for x64/x86 + * Copyright (C) 2009-2017 Tsuda Kageyu. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#pragma once + +#include + +// Integer types for HDE. +typedef INT8 int8_t; +typedef INT16 int16_t; +typedef INT32 int32_t; +typedef INT64 int64_t; +typedef UINT8 uint8_t; +typedef UINT16 uint16_t; +typedef UINT32 uint32_t; +typedef UINT64 uint64_t; diff --git a/libs/minhook/src/hde/table32.h b/libs/minhook/src/hde/table32.h new file mode 100644 index 0000000..7b3e12e --- /dev/null +++ b/libs/minhook/src/hde/table32.h @@ -0,0 +1,73 @@ +/* + * Hacker Disassembler Engine 32 C + * Copyright (c) 2008-2009, Vyacheslav Patkov. + * All rights reserved. + * + */ + +#define C_NONE 0x00 +#define C_MODRM 0x01 +#define C_IMM8 0x02 +#define C_IMM16 0x04 +#define C_IMM_P66 0x10 +#define C_REL8 0x20 +#define C_REL32 0x40 +#define C_GROUP 0x80 +#define C_ERROR 0xff + +#define PRE_ANY 0x00 +#define PRE_NONE 0x01 +#define PRE_F2 0x02 +#define PRE_F3 0x04 +#define PRE_66 0x08 +#define PRE_67 0x10 +#define PRE_LOCK 0x20 +#define PRE_SEG 0x40 +#define PRE_ALL 0xff + +#define DELTA_OPCODES 0x4a +#define DELTA_FPU_REG 0xf1 +#define DELTA_FPU_MODRM 0xf8 +#define DELTA_PREFIXES 0x130 +#define DELTA_OP_LOCK_OK 0x1a1 +#define DELTA_OP2_LOCK_OK 0x1b9 +#define DELTA_OP_ONLY_MEM 0x1cb +#define DELTA_OP2_ONLY_MEM 0x1da + +unsigned char hde32_table[] = { + 0xa3,0xa8,0xa3,0xa8,0xa3,0xa8,0xa3,0xa8,0xa3,0xa8,0xa3,0xa8,0xa3,0xa8,0xa3, + 0xa8,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xac,0xaa,0xb2,0xaa,0x9f,0x9f, + 0x9f,0x9f,0xb5,0xa3,0xa3,0xa4,0xaa,0xaa,0xba,0xaa,0x96,0xaa,0xa8,0xaa,0xc3, + 0xc3,0x96,0x96,0xb7,0xae,0xd6,0xbd,0xa3,0xc5,0xa3,0xa3,0x9f,0xc3,0x9c,0xaa, + 0xaa,0xac,0xaa,0xbf,0x03,0x7f,0x11,0x7f,0x01,0x7f,0x01,0x3f,0x01,0x01,0x90, + 0x82,0x7d,0x97,0x59,0x59,0x59,0x59,0x59,0x7f,0x59,0x59,0x60,0x7d,0x7f,0x7f, + 0x59,0x59,0x59,0x59,0x59,0x59,0x59,0x59,0x59,0x59,0x59,0x59,0x9a,0x88,0x7d, + 0x59,0x50,0x50,0x50,0x50,0x59,0x59,0x59,0x59,0x61,0x94,0x61,0x9e,0x59,0x59, + 0x85,0x59,0x92,0xa3,0x60,0x60,0x59,0x59,0x59,0x59,0x59,0x59,0x59,0x59,0x59, + 0x59,0x59,0x9f,0x01,0x03,0x01,0x04,0x03,0xd5,0x03,0xcc,0x01,0xbc,0x03,0xf0, + 0x10,0x10,0x10,0x10,0x50,0x50,0x50,0x50,0x14,0x20,0x20,0x20,0x20,0x01,0x01, + 0x01,0x01,0xc4,0x02,0x10,0x00,0x00,0x00,0x00,0x01,0x01,0xc0,0xc2,0x10,0x11, + 0x02,0x03,0x11,0x03,0x03,0x04,0x00,0x00,0x14,0x00,0x02,0x00,0x00,0xc6,0xc8, + 0x02,0x02,0x02,0x02,0x00,0x00,0xff,0xff,0xff,0xff,0x00,0x00,0x00,0xff,0xca, + 0x01,0x01,0x01,0x00,0x06,0x00,0x04,0x00,0xc0,0xc2,0x01,0x01,0x03,0x01,0xff, + 0xff,0x01,0x00,0x03,0xc4,0xc4,0xc6,0x03,0x01,0x01,0x01,0xff,0x03,0x03,0x03, + 0xc8,0x40,0x00,0x0a,0x00,0x04,0x00,0x00,0x00,0x00,0x7f,0x00,0x33,0x01,0x00, + 0x00,0x00,0x00,0x00,0x00,0xff,0xbf,0xff,0xff,0x00,0x00,0x00,0x00,0x07,0x00, + 0x00,0xff,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0xff,0xff,0x00,0x00,0x00,0xbf,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x7f,0x00,0x00,0xff,0x4a,0x4a,0x4a,0x4a,0x4b,0x52,0x4a,0x4a,0x4a,0x4a,0x4f, + 0x4c,0x4a,0x4a,0x4a,0x4a,0x4a,0x4a,0x4a,0x4a,0x55,0x45,0x40,0x4a,0x4a,0x4a, + 0x45,0x59,0x4d,0x46,0x4a,0x5d,0x4a,0x4a,0x4a,0x4a,0x4a,0x4a,0x4a,0x4a,0x4a, + 0x4a,0x4a,0x4a,0x4a,0x4a,0x61,0x63,0x67,0x4e,0x4a,0x4a,0x6b,0x6d,0x4a,0x4a, + 0x45,0x6d,0x4a,0x4a,0x44,0x45,0x4a,0x4a,0x00,0x00,0x00,0x02,0x0d,0x06,0x06, + 0x06,0x06,0x0e,0x00,0x00,0x00,0x00,0x06,0x06,0x06,0x00,0x06,0x06,0x02,0x06, + 0x00,0x0a,0x0a,0x07,0x07,0x06,0x02,0x05,0x05,0x02,0x02,0x00,0x00,0x04,0x04, + 0x04,0x04,0x00,0x00,0x00,0x0e,0x05,0x06,0x06,0x06,0x01,0x06,0x00,0x00,0x08, + 0x00,0x10,0x00,0x18,0x00,0x20,0x00,0x28,0x00,0x30,0x00,0x80,0x01,0x82,0x01, + 0x86,0x00,0xf6,0xcf,0xfe,0x3f,0xab,0x00,0xb0,0x00,0xb1,0x00,0xb3,0x00,0xba, + 0xf8,0xbb,0x00,0xc0,0x00,0xc1,0x00,0xc7,0xbf,0x62,0xff,0x00,0x8d,0xff,0x00, + 0xc4,0xff,0x00,0xc5,0xff,0x00,0xff,0xff,0xeb,0x01,0xff,0x0e,0x12,0x08,0x00, + 0x13,0x09,0x00,0x16,0x08,0x00,0x17,0x09,0x00,0x2b,0x09,0x00,0xae,0xff,0x07, + 0xb2,0xff,0x00,0xb4,0xff,0x00,0xb5,0xff,0x00,0xc3,0x01,0x00,0xc7,0xff,0xbf, + 0xe7,0x08,0x00,0xf0,0x02,0x00 +}; diff --git a/libs/minhook/src/hde/table64.h b/libs/minhook/src/hde/table64.h new file mode 100644 index 0000000..01d4541 --- /dev/null +++ b/libs/minhook/src/hde/table64.h @@ -0,0 +1,74 @@ +/* + * Hacker Disassembler Engine 64 C + * Copyright (c) 2008-2009, Vyacheslav Patkov. + * All rights reserved. + * + */ + +#define C_NONE 0x00 +#define C_MODRM 0x01 +#define C_IMM8 0x02 +#define C_IMM16 0x04 +#define C_IMM_P66 0x10 +#define C_REL8 0x20 +#define C_REL32 0x40 +#define C_GROUP 0x80 +#define C_ERROR 0xff + +#define PRE_ANY 0x00 +#define PRE_NONE 0x01 +#define PRE_F2 0x02 +#define PRE_F3 0x04 +#define PRE_66 0x08 +#define PRE_67 0x10 +#define PRE_LOCK 0x20 +#define PRE_SEG 0x40 +#define PRE_ALL 0xff + +#define DELTA_OPCODES 0x4a +#define DELTA_FPU_REG 0xfd +#define DELTA_FPU_MODRM 0x104 +#define DELTA_PREFIXES 0x13c +#define DELTA_OP_LOCK_OK 0x1ae +#define DELTA_OP2_LOCK_OK 0x1c6 +#define DELTA_OP_ONLY_MEM 0x1d8 +#define DELTA_OP2_ONLY_MEM 0x1e7 + +unsigned char hde64_table[] = { + 0xa5,0xaa,0xa5,0xb8,0xa5,0xaa,0xa5,0xaa,0xa5,0xb8,0xa5,0xb8,0xa5,0xb8,0xa5, + 0xb8,0xc0,0xc0,0xc0,0xc0,0xc0,0xc0,0xc0,0xc0,0xac,0xc0,0xcc,0xc0,0xa1,0xa1, + 0xa1,0xa1,0xb1,0xa5,0xa5,0xa6,0xc0,0xc0,0xd7,0xda,0xe0,0xc0,0xe4,0xc0,0xea, + 0xea,0xe0,0xe0,0x98,0xc8,0xee,0xf1,0xa5,0xd3,0xa5,0xa5,0xa1,0xea,0x9e,0xc0, + 0xc0,0xc2,0xc0,0xe6,0x03,0x7f,0x11,0x7f,0x01,0x7f,0x01,0x3f,0x01,0x01,0xab, + 0x8b,0x90,0x64,0x5b,0x5b,0x5b,0x5b,0x5b,0x92,0x5b,0x5b,0x76,0x90,0x92,0x92, + 0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x6a,0x73,0x90, + 0x5b,0x52,0x52,0x52,0x52,0x5b,0x5b,0x5b,0x5b,0x77,0x7c,0x77,0x85,0x5b,0x5b, + 0x70,0x5b,0x7a,0xaf,0x76,0x76,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b, + 0x5b,0x5b,0x86,0x01,0x03,0x01,0x04,0x03,0xd5,0x03,0xd5,0x03,0xcc,0x01,0xbc, + 0x03,0xf0,0x03,0x03,0x04,0x00,0x50,0x50,0x50,0x50,0xff,0x20,0x20,0x20,0x20, + 0x01,0x01,0x01,0x01,0xc4,0x02,0x10,0xff,0xff,0xff,0x01,0x00,0x03,0x11,0xff, + 0x03,0xc4,0xc6,0xc8,0x02,0x10,0x00,0xff,0xcc,0x01,0x01,0x01,0x00,0x00,0x00, + 0x00,0x01,0x01,0x03,0x01,0xff,0xff,0xc0,0xc2,0x10,0x11,0x02,0x03,0x01,0x01, + 0x01,0xff,0xff,0xff,0x00,0x00,0x00,0xff,0x00,0x00,0xff,0xff,0xff,0xff,0x10, + 0x10,0x10,0x10,0x02,0x10,0x00,0x00,0xc6,0xc8,0x02,0x02,0x02,0x02,0x06,0x00, + 0x04,0x00,0x02,0xff,0x00,0xc0,0xc2,0x01,0x01,0x03,0x03,0x03,0xca,0x40,0x00, + 0x0a,0x00,0x04,0x00,0x00,0x00,0x00,0x7f,0x00,0x33,0x01,0x00,0x00,0x00,0x00, + 0x00,0x00,0xff,0xbf,0xff,0xff,0x00,0x00,0x00,0x00,0x07,0x00,0x00,0xff,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff,0xff, + 0x00,0x00,0x00,0xbf,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x7f,0x00,0x00, + 0xff,0x40,0x40,0x40,0x40,0x41,0x49,0x40,0x40,0x40,0x40,0x4c,0x42,0x40,0x40, + 0x40,0x40,0x40,0x40,0x40,0x40,0x4f,0x44,0x53,0x40,0x40,0x40,0x44,0x57,0x43, + 0x5c,0x40,0x60,0x40,0x40,0x40,0x40,0x40,0x40,0x40,0x40,0x40,0x40,0x40,0x40, + 0x40,0x40,0x64,0x66,0x6e,0x6b,0x40,0x40,0x6a,0x46,0x40,0x40,0x44,0x46,0x40, + 0x40,0x5b,0x44,0x40,0x40,0x00,0x00,0x00,0x00,0x06,0x06,0x06,0x06,0x01,0x06, + 0x06,0x02,0x06,0x06,0x00,0x06,0x00,0x0a,0x0a,0x00,0x00,0x00,0x02,0x07,0x07, + 0x06,0x02,0x0d,0x06,0x06,0x06,0x0e,0x05,0x05,0x02,0x02,0x00,0x00,0x04,0x04, + 0x04,0x04,0x05,0x06,0x06,0x06,0x00,0x00,0x00,0x0e,0x00,0x00,0x08,0x00,0x10, + 0x00,0x18,0x00,0x20,0x00,0x28,0x00,0x30,0x00,0x80,0x01,0x82,0x01,0x86,0x00, + 0xf6,0xcf,0xfe,0x3f,0xab,0x00,0xb0,0x00,0xb1,0x00,0xb3,0x00,0xba,0xf8,0xbb, + 0x00,0xc0,0x00,0xc1,0x00,0xc7,0xbf,0x62,0xff,0x00,0x8d,0xff,0x00,0xc4,0xff, + 0x00,0xc5,0xff,0x00,0xff,0xff,0xeb,0x01,0xff,0x0e,0x12,0x08,0x00,0x13,0x09, + 0x00,0x16,0x08,0x00,0x17,0x09,0x00,0x2b,0x09,0x00,0xae,0xff,0x07,0xb2,0xff, + 0x00,0xb4,0xff,0x00,0xb5,0xff,0x00,0xc3,0x01,0x00,0xc7,0xff,0xbf,0xe7,0x08, + 0x00,0xf0,0x02,0x00 +}; diff --git a/libs/minhook/src/hook.c b/libs/minhook/src/hook.c new file mode 100644 index 0000000..ce65e57 --- /dev/null +++ b/libs/minhook/src/hook.c @@ -0,0 +1,889 @@ +/* + * MinHook - The Minimalistic API Hooking Library for x64/x86 + * Copyright (C) 2009-2017 Tsuda Kageyu. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER + * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include +#include +#include + +#include "../include/MinHook.h" +#include "buffer.h" +#include "trampoline.h" + +#ifndef ARRAYSIZE + #define ARRAYSIZE(A) (sizeof(A)/sizeof((A)[0])) +#endif + +// Initial capacity of the HOOK_ENTRY buffer. +#define INITIAL_HOOK_CAPACITY 32 + +// Initial capacity of the thread IDs buffer. +#define INITIAL_THREAD_CAPACITY 128 + +// Special hook position values. +#define INVALID_HOOK_POS UINT_MAX +#define ALL_HOOKS_POS UINT_MAX + +// Freeze() action argument defines. +#define ACTION_DISABLE 0 +#define ACTION_ENABLE 1 +#define ACTION_APPLY_QUEUED 2 + +// Thread access rights for suspending/resuming threads. +#define THREAD_ACCESS \ + (THREAD_SUSPEND_RESUME | THREAD_GET_CONTEXT | THREAD_QUERY_INFORMATION | THREAD_SET_CONTEXT) + +// Hook information. +typedef struct _HOOK_ENTRY +{ + LPVOID pTarget; // Address of the target function. + LPVOID pDetour; // Address of the detour or relay function. + LPVOID pTrampoline; // Address of the trampoline function. + UINT8 backup[8]; // Original prologue of the target function. + + UINT8 patchAbove : 1; // Uses the hot patch area. + UINT8 isEnabled : 1; // Enabled. + UINT8 queueEnable : 1; // Queued for enabling/disabling when != isEnabled. + + UINT nIP : 4; // Count of the instruction boundaries. + UINT8 oldIPs[8]; // Instruction boundaries of the target function. + UINT8 newIPs[8]; // Instruction boundaries of the trampoline function. +} HOOK_ENTRY, *PHOOK_ENTRY; + +// Suspended threads for Freeze()/Unfreeze(). +typedef struct _FROZEN_THREADS +{ + LPDWORD pItems; // Data heap + UINT capacity; // Size of allocated data heap, items + UINT size; // Actual number of data items +} FROZEN_THREADS, *PFROZEN_THREADS; + +//------------------------------------------------------------------------- +// Global Variables: +//------------------------------------------------------------------------- + +// Spin lock flag for EnterSpinLock()/LeaveSpinLock(). +volatile LONG g_isLocked = FALSE; + +// Private heap handle. If not NULL, this library is initialized. +HANDLE g_hHeap = NULL; + +// Hook entries. +struct +{ + PHOOK_ENTRY pItems; // Data heap + UINT capacity; // Size of allocated data heap, items + UINT size; // Actual number of data items +} g_hooks; + +//------------------------------------------------------------------------- +// Returns INVALID_HOOK_POS if not found. +static UINT FindHookEntry(LPVOID pTarget) +{ + UINT i; + for (i = 0; i < g_hooks.size; ++i) + { + if ((ULONG_PTR)pTarget == (ULONG_PTR)g_hooks.pItems[i].pTarget) + return i; + } + + return INVALID_HOOK_POS; +} + +//------------------------------------------------------------------------- +static PHOOK_ENTRY AddHookEntry() +{ + if (g_hooks.pItems == NULL) + { + g_hooks.capacity = INITIAL_HOOK_CAPACITY; + g_hooks.pItems = (PHOOK_ENTRY)HeapAlloc( + g_hHeap, 0, g_hooks.capacity * sizeof(HOOK_ENTRY)); + if (g_hooks.pItems == NULL) + return NULL; + } + else if (g_hooks.size >= g_hooks.capacity) + { + PHOOK_ENTRY p = (PHOOK_ENTRY)HeapReAlloc( + g_hHeap, 0, g_hooks.pItems, (g_hooks.capacity * 2) * sizeof(HOOK_ENTRY)); + if (p == NULL) + return NULL; + + g_hooks.capacity *= 2; + g_hooks.pItems = p; + } + + return &g_hooks.pItems[g_hooks.size++]; +} + +//------------------------------------------------------------------------- +static void DeleteHookEntry(UINT pos) +{ + if (pos < g_hooks.size - 1) + g_hooks.pItems[pos] = g_hooks.pItems[g_hooks.size - 1]; + + g_hooks.size--; + + if (g_hooks.capacity / 2 >= INITIAL_HOOK_CAPACITY && g_hooks.capacity / 2 >= g_hooks.size) + { + PHOOK_ENTRY p = (PHOOK_ENTRY)HeapReAlloc( + g_hHeap, 0, g_hooks.pItems, (g_hooks.capacity / 2) * sizeof(HOOK_ENTRY)); + if (p == NULL) + return; + + g_hooks.capacity /= 2; + g_hooks.pItems = p; + } +} + +//------------------------------------------------------------------------- +static DWORD_PTR FindOldIP(PHOOK_ENTRY pHook, DWORD_PTR ip) +{ + UINT i; + + if (pHook->patchAbove && ip == ((DWORD_PTR)pHook->pTarget - sizeof(JMP_REL))) + return (DWORD_PTR)pHook->pTarget; + + for (i = 0; i < pHook->nIP; ++i) + { + if (ip == ((DWORD_PTR)pHook->pTrampoline + pHook->newIPs[i])) + return (DWORD_PTR)pHook->pTarget + pHook->oldIPs[i]; + } + +#if defined(_M_X64) || defined(__x86_64__) + // Check relay function. + if (ip == (DWORD_PTR)pHook->pDetour) + return (DWORD_PTR)pHook->pTarget; +#endif + + return 0; +} + +//------------------------------------------------------------------------- +static DWORD_PTR FindNewIP(PHOOK_ENTRY pHook, DWORD_PTR ip) +{ + UINT i; + for (i = 0; i < pHook->nIP; ++i) + { + if (ip == ((DWORD_PTR)pHook->pTarget + pHook->oldIPs[i])) + return (DWORD_PTR)pHook->pTrampoline + pHook->newIPs[i]; + } + + return 0; +} + +//------------------------------------------------------------------------- +static void ProcessThreadIPs(HANDLE hThread, UINT pos, UINT action) +{ + // If the thread suspended in the overwritten area, + // move IP to the proper address. + + CONTEXT c; +#if defined(_M_X64) || defined(__x86_64__) + DWORD64 *pIP = &c.Rip; +#else + DWORD *pIP = &c.Eip; +#endif + UINT count; + + c.ContextFlags = CONTEXT_CONTROL; + if (!GetThreadContext(hThread, &c)) + return; + + if (pos == ALL_HOOKS_POS) + { + pos = 0; + count = g_hooks.size; + } + else + { + count = pos + 1; + } + + for (; pos < count; ++pos) + { + PHOOK_ENTRY pHook = &g_hooks.pItems[pos]; + BOOL enable; + DWORD_PTR ip; + + switch (action) + { + case ACTION_DISABLE: + enable = FALSE; + break; + + case ACTION_ENABLE: + enable = TRUE; + break; + + default: // ACTION_APPLY_QUEUED + enable = pHook->queueEnable; + break; + } + if (pHook->isEnabled == enable) + continue; + + if (enable) + ip = FindNewIP(pHook, *pIP); + else + ip = FindOldIP(pHook, *pIP); + + if (ip != 0) + { + *pIP = ip; + SetThreadContext(hThread, &c); + } + } +} + +//------------------------------------------------------------------------- +static VOID EnumerateThreads(PFROZEN_THREADS pThreads) +{ + HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0); + if (hSnapshot != INVALID_HANDLE_VALUE) + { + THREADENTRY32 te; + te.dwSize = sizeof(THREADENTRY32); + if (Thread32First(hSnapshot, &te)) + { + do + { + if (te.dwSize >= (FIELD_OFFSET(THREADENTRY32, th32OwnerProcessID) + sizeof(DWORD)) + && te.th32OwnerProcessID == GetCurrentProcessId() + && te.th32ThreadID != GetCurrentThreadId()) + { + if (pThreads->pItems == NULL) + { + pThreads->capacity = INITIAL_THREAD_CAPACITY; + pThreads->pItems + = (LPDWORD)HeapAlloc(g_hHeap, 0, pThreads->capacity * sizeof(DWORD)); + if (pThreads->pItems == NULL) + break; + } + else if (pThreads->size >= pThreads->capacity) + { + LPDWORD p = (LPDWORD)HeapReAlloc( + g_hHeap, 0, pThreads->pItems, (pThreads->capacity * 2) * sizeof(DWORD)); + if (p == NULL) + break; + + pThreads->capacity *= 2; + pThreads->pItems = p; + } + pThreads->pItems[pThreads->size++] = te.th32ThreadID; + } + + te.dwSize = sizeof(THREADENTRY32); + } while (Thread32Next(hSnapshot, &te)); + } + CloseHandle(hSnapshot); + } +} + +//------------------------------------------------------------------------- +static VOID Freeze(PFROZEN_THREADS pThreads, UINT pos, UINT action) +{ + pThreads->pItems = NULL; + pThreads->capacity = 0; + pThreads->size = 0; + EnumerateThreads(pThreads); + + if (pThreads->pItems != NULL) + { + UINT i; + for (i = 0; i < pThreads->size; ++i) + { + HANDLE hThread = OpenThread(THREAD_ACCESS, FALSE, pThreads->pItems[i]); + if (hThread != NULL) + { + SuspendThread(hThread); + ProcessThreadIPs(hThread, pos, action); + CloseHandle(hThread); + } + } + } +} + +//------------------------------------------------------------------------- +static VOID Unfreeze(PFROZEN_THREADS pThreads) +{ + if (pThreads->pItems != NULL) + { + UINT i; + for (i = 0; i < pThreads->size; ++i) + { + HANDLE hThread = OpenThread(THREAD_ACCESS, FALSE, pThreads->pItems[i]); + if (hThread != NULL) + { + ResumeThread(hThread); + CloseHandle(hThread); + } + } + + HeapFree(g_hHeap, 0, pThreads->pItems); + } +} + +//------------------------------------------------------------------------- +static MH_STATUS EnableHookLL(UINT pos, BOOL enable) +{ + PHOOK_ENTRY pHook = &g_hooks.pItems[pos]; + DWORD oldProtect; + SIZE_T patchSize = sizeof(JMP_REL); + LPBYTE pPatchTarget = (LPBYTE)pHook->pTarget; + + if (pHook->patchAbove) + { + pPatchTarget -= sizeof(JMP_REL); + patchSize += sizeof(JMP_REL_SHORT); + } + + if (!VirtualProtect(pPatchTarget, patchSize, PAGE_EXECUTE_READWRITE, &oldProtect)) + return MH_ERROR_MEMORY_PROTECT; + + if (enable) + { + PJMP_REL pJmp = (PJMP_REL)pPatchTarget; + pJmp->opcode = 0xE9; + pJmp->operand = (UINT32)((LPBYTE)pHook->pDetour - (pPatchTarget + sizeof(JMP_REL))); + + if (pHook->patchAbove) + { + PJMP_REL_SHORT pShortJmp = (PJMP_REL_SHORT)pHook->pTarget; + pShortJmp->opcode = 0xEB; + pShortJmp->operand = (UINT8)(0 - (sizeof(JMP_REL_SHORT) + sizeof(JMP_REL))); + } + } + else + { + if (pHook->patchAbove) + memcpy(pPatchTarget, pHook->backup, sizeof(JMP_REL) + sizeof(JMP_REL_SHORT)); + else + memcpy(pPatchTarget, pHook->backup, sizeof(JMP_REL)); + } + + VirtualProtect(pPatchTarget, patchSize, oldProtect, &oldProtect); + + // Just-in-case measure. + FlushInstructionCache(GetCurrentProcess(), pPatchTarget, patchSize); + + pHook->isEnabled = enable; + pHook->queueEnable = enable; + + return MH_OK; +} + +//------------------------------------------------------------------------- +static MH_STATUS EnableAllHooksLL(BOOL enable) +{ + MH_STATUS status = MH_OK; + UINT i, first = INVALID_HOOK_POS; + + for (i = 0; i < g_hooks.size; ++i) + { + if (g_hooks.pItems[i].isEnabled != enable) + { + first = i; + break; + } + } + + if (first != INVALID_HOOK_POS) + { + FROZEN_THREADS threads; + Freeze(&threads, ALL_HOOKS_POS, enable ? ACTION_ENABLE : ACTION_DISABLE); + + for (i = first; i < g_hooks.size; ++i) + { + if (g_hooks.pItems[i].isEnabled != enable) + { + status = EnableHookLL(i, enable); + if (status != MH_OK) + break; + } + } + + Unfreeze(&threads); + } + + return status; +} + +//------------------------------------------------------------------------- +static VOID EnterSpinLock(VOID) +{ + SIZE_T spinCount = 0; + + // Wait until the flag is FALSE. + while (InterlockedCompareExchange(&g_isLocked, TRUE, FALSE) != FALSE) + { + // No need to generate a memory barrier here, since InterlockedCompareExchange() + // generates a full memory barrier itself. + + // Prevent the loop from being too busy. + if (spinCount < 32) + Sleep(0); + else + Sleep(1); + + spinCount++; + } +} + +//------------------------------------------------------------------------- +static VOID LeaveSpinLock(VOID) +{ + // No need to generate a memory barrier here, since InterlockedExchange() + // generates a full memory barrier itself. + + InterlockedExchange(&g_isLocked, FALSE); +} + +//------------------------------------------------------------------------- +MH_STATUS WINAPI MH_Initialize(VOID) +{ + MH_STATUS status = MH_OK; + + EnterSpinLock(); + + if (g_hHeap == NULL) + { + g_hHeap = HeapCreate(0, 0, 0); + if (g_hHeap != NULL) + { + // Initialize the internal function buffer. + InitializeBuffer(); + } + else + { + status = MH_ERROR_MEMORY_ALLOC; + } + } + else + { + status = MH_ERROR_ALREADY_INITIALIZED; + } + + LeaveSpinLock(); + + return status; +} + +//------------------------------------------------------------------------- +MH_STATUS WINAPI MH_Uninitialize(VOID) +{ + MH_STATUS status = MH_OK; + + EnterSpinLock(); + + if (g_hHeap != NULL) + { + status = EnableAllHooksLL(FALSE); + if (status == MH_OK) + { + // Free the internal function buffer. + + // HeapFree is actually not required, but some tools detect a false + // memory leak without HeapFree. + + UninitializeBuffer(); + + HeapFree(g_hHeap, 0, g_hooks.pItems); + HeapDestroy(g_hHeap); + + g_hHeap = NULL; + + g_hooks.pItems = NULL; + g_hooks.capacity = 0; + g_hooks.size = 0; + } + } + else + { + status = MH_ERROR_NOT_INITIALIZED; + } + + LeaveSpinLock(); + + return status; +} + +//------------------------------------------------------------------------- +MH_STATUS WINAPI MH_CreateHook(LPVOID pTarget, LPVOID pDetour, LPVOID *ppOriginal) +{ + MH_STATUS status = MH_OK; + + EnterSpinLock(); + + if (g_hHeap != NULL) + { + if (IsExecutableAddress(pTarget) && IsExecutableAddress(pDetour)) + { + UINT pos = FindHookEntry(pTarget); + if (pos == INVALID_HOOK_POS) + { + LPVOID pBuffer = AllocateBuffer(pTarget); + if (pBuffer != NULL) + { + TRAMPOLINE ct; + + ct.pTarget = pTarget; + ct.pDetour = pDetour; + ct.pTrampoline = pBuffer; + if (CreateTrampolineFunction(&ct)) + { + PHOOK_ENTRY pHook = AddHookEntry(); + if (pHook != NULL) + { + pHook->pTarget = ct.pTarget; +#if defined(_M_X64) || defined(__x86_64__) + pHook->pDetour = ct.pRelay; +#else + pHook->pDetour = ct.pDetour; +#endif + pHook->pTrampoline = ct.pTrampoline; + pHook->patchAbove = ct.patchAbove; + pHook->isEnabled = FALSE; + pHook->queueEnable = FALSE; + pHook->nIP = ct.nIP; + memcpy(pHook->oldIPs, ct.oldIPs, ARRAYSIZE(ct.oldIPs)); + memcpy(pHook->newIPs, ct.newIPs, ARRAYSIZE(ct.newIPs)); + + // Back up the target function. + + if (ct.patchAbove) + { + memcpy( + pHook->backup, + (LPBYTE)pTarget - sizeof(JMP_REL), + sizeof(JMP_REL) + sizeof(JMP_REL_SHORT)); + } + else + { + memcpy(pHook->backup, pTarget, sizeof(JMP_REL)); + } + + if (ppOriginal != NULL) + *ppOriginal = pHook->pTrampoline; + } + else + { + status = MH_ERROR_MEMORY_ALLOC; + } + } + else + { + status = MH_ERROR_UNSUPPORTED_FUNCTION; + } + + if (status != MH_OK) + { + FreeBuffer(pBuffer); + } + } + else + { + status = MH_ERROR_MEMORY_ALLOC; + } + } + else + { + status = MH_ERROR_ALREADY_CREATED; + } + } + else + { + status = MH_ERROR_NOT_EXECUTABLE; + } + } + else + { + status = MH_ERROR_NOT_INITIALIZED; + } + + LeaveSpinLock(); + + return status; +} + +//------------------------------------------------------------------------- +MH_STATUS WINAPI MH_RemoveHook(LPVOID pTarget) +{ + MH_STATUS status = MH_OK; + + EnterSpinLock(); + + if (g_hHeap != NULL) + { + UINT pos = FindHookEntry(pTarget); + if (pos != INVALID_HOOK_POS) + { + if (g_hooks.pItems[pos].isEnabled) + { + FROZEN_THREADS threads; + Freeze(&threads, pos, ACTION_DISABLE); + + status = EnableHookLL(pos, FALSE); + + Unfreeze(&threads); + } + + if (status == MH_OK) + { + FreeBuffer(g_hooks.pItems[pos].pTrampoline); + DeleteHookEntry(pos); + } + } + else + { + status = MH_ERROR_NOT_CREATED; + } + } + else + { + status = MH_ERROR_NOT_INITIALIZED; + } + + LeaveSpinLock(); + + return status; +} + +//------------------------------------------------------------------------- +static MH_STATUS EnableHook(LPVOID pTarget, BOOL enable) +{ + MH_STATUS status = MH_OK; + + EnterSpinLock(); + + if (g_hHeap != NULL) + { + if (pTarget == MH_ALL_HOOKS) + { + status = EnableAllHooksLL(enable); + } + else + { + FROZEN_THREADS threads; + UINT pos = FindHookEntry(pTarget); + if (pos != INVALID_HOOK_POS) + { + if (g_hooks.pItems[pos].isEnabled != enable) + { + Freeze(&threads, pos, ACTION_ENABLE); + + status = EnableHookLL(pos, enable); + + Unfreeze(&threads); + } + else + { + status = enable ? MH_ERROR_ENABLED : MH_ERROR_DISABLED; + } + } + else + { + status = MH_ERROR_NOT_CREATED; + } + } + } + else + { + status = MH_ERROR_NOT_INITIALIZED; + } + + LeaveSpinLock(); + + return status; +} + +//------------------------------------------------------------------------- +MH_STATUS WINAPI MH_EnableHook(LPVOID pTarget) +{ + return EnableHook(pTarget, TRUE); +} + +//------------------------------------------------------------------------- +MH_STATUS WINAPI MH_DisableHook(LPVOID pTarget) +{ + return EnableHook(pTarget, FALSE); +} + +//------------------------------------------------------------------------- +static MH_STATUS QueueHook(LPVOID pTarget, BOOL queueEnable) +{ + MH_STATUS status = MH_OK; + + EnterSpinLock(); + + if (g_hHeap != NULL) + { + if (pTarget == MH_ALL_HOOKS) + { + UINT i; + for (i = 0; i < g_hooks.size; ++i) + g_hooks.pItems[i].queueEnable = queueEnable; + } + else + { + UINT pos = FindHookEntry(pTarget); + if (pos != INVALID_HOOK_POS) + { + g_hooks.pItems[pos].queueEnable = queueEnable; + } + else + { + status = MH_ERROR_NOT_CREATED; + } + } + } + else + { + status = MH_ERROR_NOT_INITIALIZED; + } + + LeaveSpinLock(); + + return status; +} + +//------------------------------------------------------------------------- +MH_STATUS WINAPI MH_QueueEnableHook(LPVOID pTarget) +{ + return QueueHook(pTarget, TRUE); +} + +//------------------------------------------------------------------------- +MH_STATUS WINAPI MH_QueueDisableHook(LPVOID pTarget) +{ + return QueueHook(pTarget, FALSE); +} + +//------------------------------------------------------------------------- +MH_STATUS WINAPI MH_ApplyQueued(VOID) +{ + MH_STATUS status = MH_OK; + UINT i, first = INVALID_HOOK_POS; + + EnterSpinLock(); + + if (g_hHeap != NULL) + { + for (i = 0; i < g_hooks.size; ++i) + { + if (g_hooks.pItems[i].isEnabled != g_hooks.pItems[i].queueEnable) + { + first = i; + break; + } + } + + if (first != INVALID_HOOK_POS) + { + FROZEN_THREADS threads; + Freeze(&threads, ALL_HOOKS_POS, ACTION_APPLY_QUEUED); + + for (i = first; i < g_hooks.size; ++i) + { + PHOOK_ENTRY pHook = &g_hooks.pItems[i]; + if (pHook->isEnabled != pHook->queueEnable) + { + status = EnableHookLL(i, pHook->queueEnable); + if (status != MH_OK) + break; + } + } + + Unfreeze(&threads); + } + } + else + { + status = MH_ERROR_NOT_INITIALIZED; + } + + LeaveSpinLock(); + + return status; +} + +//------------------------------------------------------------------------- +MH_STATUS WINAPI MH_CreateHookApiEx( + LPCWSTR pszModule, LPCSTR pszProcName, LPVOID pDetour, + LPVOID *ppOriginal, LPVOID *ppTarget) +{ + HMODULE hModule; + LPVOID pTarget; + + hModule = GetModuleHandleW(pszModule); + if (hModule == NULL) + return MH_ERROR_MODULE_NOT_FOUND; + + pTarget = (LPVOID)GetProcAddress(hModule, pszProcName); + if (pTarget == NULL) + return MH_ERROR_FUNCTION_NOT_FOUND; + + if(ppTarget != NULL) + *ppTarget = pTarget; + + return MH_CreateHook(pTarget, pDetour, ppOriginal); +} + +//------------------------------------------------------------------------- +MH_STATUS WINAPI MH_CreateHookApi( + LPCWSTR pszModule, LPCSTR pszProcName, LPVOID pDetour, LPVOID *ppOriginal) +{ + return MH_CreateHookApiEx(pszModule, pszProcName, pDetour, ppOriginal, NULL); +} + +//------------------------------------------------------------------------- +const char * WINAPI MH_StatusToString(MH_STATUS status) +{ +#define MH_ST2STR(x) \ + case x: \ + return #x; + + switch (status) { + MH_ST2STR(MH_UNKNOWN) + MH_ST2STR(MH_OK) + MH_ST2STR(MH_ERROR_ALREADY_INITIALIZED) + MH_ST2STR(MH_ERROR_NOT_INITIALIZED) + MH_ST2STR(MH_ERROR_ALREADY_CREATED) + MH_ST2STR(MH_ERROR_NOT_CREATED) + MH_ST2STR(MH_ERROR_ENABLED) + MH_ST2STR(MH_ERROR_DISABLED) + MH_ST2STR(MH_ERROR_NOT_EXECUTABLE) + MH_ST2STR(MH_ERROR_UNSUPPORTED_FUNCTION) + MH_ST2STR(MH_ERROR_MEMORY_ALLOC) + MH_ST2STR(MH_ERROR_MEMORY_PROTECT) + MH_ST2STR(MH_ERROR_MODULE_NOT_FOUND) + MH_ST2STR(MH_ERROR_FUNCTION_NOT_FOUND) + } + +#undef MH_ST2STR + + return "(unknown)"; +} diff --git a/libs/minhook/src/trampoline.c b/libs/minhook/src/trampoline.c new file mode 100644 index 0000000..c267088 --- /dev/null +++ b/libs/minhook/src/trampoline.c @@ -0,0 +1,320 @@ +/* + * MinHook - The Minimalistic API Hooking Library for x64/x86 + * Copyright (C) 2009-2017 Tsuda Kageyu. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER + * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include + +#ifdef _MSC_VER + #include +#endif + +#ifndef ARRAYSIZE + #define ARRAYSIZE(A) (sizeof(A)/sizeof((A)[0])) +#endif + +#if defined(_M_X64) || defined(__x86_64__) + #include "./hde/hde64.h" + typedef hde64s HDE; + #define HDE_DISASM(code, hs) hde64_disasm(code, hs) +#else + #include "./hde/hde32.h" + typedef hde32s HDE; + #define HDE_DISASM(code, hs) hde32_disasm(code, hs) +#endif + +#include "trampoline.h" +#include "buffer.h" + +// Maximum size of a trampoline function. +#if defined(_M_X64) || defined(__x86_64__) + #define TRAMPOLINE_MAX_SIZE (MEMORY_SLOT_SIZE - sizeof(JMP_ABS)) +#else + #define TRAMPOLINE_MAX_SIZE MEMORY_SLOT_SIZE +#endif + +//------------------------------------------------------------------------- +static BOOL IsCodePadding(LPBYTE pInst, UINT size) +{ + UINT i; + + if (pInst[0] != 0x00 && pInst[0] != 0x90 && pInst[0] != 0xCC) + return FALSE; + + for (i = 1; i < size; ++i) + { + if (pInst[i] != pInst[0]) + return FALSE; + } + return TRUE; +} + +//------------------------------------------------------------------------- +BOOL CreateTrampolineFunction(PTRAMPOLINE ct) +{ +#if defined(_M_X64) || defined(__x86_64__) + CALL_ABS call = { + 0xFF, 0x15, 0x00000002, // FF15 00000002: CALL [RIP+8] + 0xEB, 0x08, // EB 08: JMP +10 + 0x0000000000000000ULL // Absolute destination address + }; + JMP_ABS jmp = { + 0xFF, 0x25, 0x00000000, // FF25 00000000: JMP [RIP+6] + 0x0000000000000000ULL // Absolute destination address + }; + JCC_ABS jcc = { + 0x70, 0x0E, // 7* 0E: J** +16 + 0xFF, 0x25, 0x00000000, // FF25 00000000: JMP [RIP+6] + 0x0000000000000000ULL // Absolute destination address + }; +#else + CALL_REL call = { + 0xE8, // E8 xxxxxxxx: CALL +5+xxxxxxxx + 0x00000000 // Relative destination address + }; + JMP_REL jmp = { + 0xE9, // E9 xxxxxxxx: JMP +5+xxxxxxxx + 0x00000000 // Relative destination address + }; + JCC_REL jcc = { + 0x0F, 0x80, // 0F8* xxxxxxxx: J** +6+xxxxxxxx + 0x00000000 // Relative destination address + }; +#endif + + UINT8 oldPos = 0; + UINT8 newPos = 0; + ULONG_PTR jmpDest = 0; // Destination address of an internal jump. + BOOL finished = FALSE; // Is the function completed? +#if defined(_M_X64) || defined(__x86_64__) + UINT8 instBuf[16]; +#endif + + ct->patchAbove = FALSE; + ct->nIP = 0; + + do + { + HDE hs; + UINT copySize; + LPVOID pCopySrc; + ULONG_PTR pOldInst = (ULONG_PTR)ct->pTarget + oldPos; + ULONG_PTR pNewInst = (ULONG_PTR)ct->pTrampoline + newPos; + + copySize = HDE_DISASM((LPVOID)pOldInst, &hs); + if (hs.flags & F_ERROR) + return FALSE; + + pCopySrc = (LPVOID)pOldInst; + if (oldPos >= sizeof(JMP_REL)) + { + // The trampoline function is long enough. + // Complete the function with the jump to the target function. +#if defined(_M_X64) || defined(__x86_64__) + jmp.address = pOldInst; +#else + jmp.operand = (UINT32)(pOldInst - (pNewInst + sizeof(jmp))); +#endif + pCopySrc = &jmp; + copySize = sizeof(jmp); + + finished = TRUE; + } +#if defined(_M_X64) || defined(__x86_64__) + else if ((hs.modrm & 0xC7) == 0x05) + { + // Instructions using RIP relative addressing. (ModR/M = 00???101B) + + // Modify the RIP relative address. + PUINT32 pRelAddr; + + // Avoid using memcpy to reduce the footprint. +#ifndef _MSC_VER + memcpy(instBuf, (LPBYTE)pOldInst, copySize); +#else + __movsb(instBuf, (LPBYTE)pOldInst, copySize); +#endif + pCopySrc = instBuf; + + // Relative address is stored at (instruction length - immediate value length - 4). + pRelAddr = (PUINT32)(instBuf + hs.len - ((hs.flags & 0x3C) >> 2) - 4); + *pRelAddr + = (UINT32)((pOldInst + hs.len + (INT32)hs.disp.disp32) - (pNewInst + hs.len)); + + // Complete the function if JMP (FF /4). + if (hs.opcode == 0xFF && hs.modrm_reg == 4) + finished = TRUE; + } +#endif + else if (hs.opcode == 0xE8) + { + // Direct relative CALL + ULONG_PTR dest = pOldInst + hs.len + (INT32)hs.imm.imm32; +#if defined(_M_X64) || defined(__x86_64__) + call.address = dest; +#else + call.operand = (UINT32)(dest - (pNewInst + sizeof(call))); +#endif + pCopySrc = &call; + copySize = sizeof(call); + } + else if ((hs.opcode & 0xFD) == 0xE9) + { + // Direct relative JMP (EB or E9) + ULONG_PTR dest = pOldInst + hs.len; + + if (hs.opcode == 0xEB) // isShort jmp + dest += (INT8)hs.imm.imm8; + else + dest += (INT32)hs.imm.imm32; + + // Simply copy an internal jump. + if ((ULONG_PTR)ct->pTarget <= dest + && dest < ((ULONG_PTR)ct->pTarget + sizeof(JMP_REL))) + { + if (jmpDest < dest) + jmpDest = dest; + } + else + { +#if defined(_M_X64) || defined(__x86_64__) + jmp.address = dest; +#else + jmp.operand = (UINT32)(dest - (pNewInst + sizeof(jmp))); +#endif + pCopySrc = &jmp; + copySize = sizeof(jmp); + + // Exit the function If it is not in the branch + finished = (pOldInst >= jmpDest); + } + } + else if ((hs.opcode & 0xF0) == 0x70 + || (hs.opcode & 0xFC) == 0xE0 + || (hs.opcode2 & 0xF0) == 0x80) + { + // Direct relative Jcc + ULONG_PTR dest = pOldInst + hs.len; + + if ((hs.opcode & 0xF0) == 0x70 // Jcc + || (hs.opcode & 0xFC) == 0xE0) // LOOPNZ/LOOPZ/LOOP/JECXZ + dest += (INT8)hs.imm.imm8; + else + dest += (INT32)hs.imm.imm32; + + // Simply copy an internal jump. + if ((ULONG_PTR)ct->pTarget <= dest + && dest < ((ULONG_PTR)ct->pTarget + sizeof(JMP_REL))) + { + if (jmpDest < dest) + jmpDest = dest; + } + else if ((hs.opcode & 0xFC) == 0xE0) + { + // LOOPNZ/LOOPZ/LOOP/JCXZ/JECXZ to the outside are not supported. + return FALSE; + } + else + { + UINT8 cond = ((hs.opcode != 0x0F ? hs.opcode : hs.opcode2) & 0x0F); +#if defined(_M_X64) || defined(__x86_64__) + // Invert the condition in x64 mode to simplify the conditional jump logic. + jcc.opcode = 0x71 ^ cond; + jcc.address = dest; +#else + jcc.opcode1 = 0x80 | cond; + jcc.operand = (UINT32)(dest - (pNewInst + sizeof(jcc))); +#endif + pCopySrc = &jcc; + copySize = sizeof(jcc); + } + } + else if ((hs.opcode & 0xFE) == 0xC2) + { + // RET (C2 or C3) + + // Complete the function if not in a branch. + finished = (pOldInst >= jmpDest); + } + + // Can't alter the instruction length in a branch. + if (pOldInst < jmpDest && copySize != hs.len) + return FALSE; + + // Trampoline function is too large. + if ((newPos + copySize) > TRAMPOLINE_MAX_SIZE) + return FALSE; + + // Trampoline function has too many instructions. + if (ct->nIP >= ARRAYSIZE(ct->oldIPs)) + return FALSE; + + ct->oldIPs[ct->nIP] = oldPos; + ct->newIPs[ct->nIP] = newPos; + ct->nIP++; + + // Avoid using memcpy to reduce the footprint. +#ifndef _MSC_VER + memcpy((LPBYTE)ct->pTrampoline + newPos, pCopySrc, copySize); +#else + __movsb((LPBYTE)ct->pTrampoline + newPos, pCopySrc, copySize); +#endif + newPos += copySize; + oldPos += hs.len; + } + while (!finished); + + // Is there enough place for a long jump? + if (oldPos < sizeof(JMP_REL) + && !IsCodePadding((LPBYTE)ct->pTarget + oldPos, sizeof(JMP_REL) - oldPos)) + { + // Is there enough place for a short jump? + if (oldPos < sizeof(JMP_REL_SHORT) + && !IsCodePadding((LPBYTE)ct->pTarget + oldPos, sizeof(JMP_REL_SHORT) - oldPos)) + { + return FALSE; + } + + // Can we place the long jump above the function? + if (!IsExecutableAddress((LPBYTE)ct->pTarget - sizeof(JMP_REL))) + return FALSE; + + if (!IsCodePadding((LPBYTE)ct->pTarget - sizeof(JMP_REL), sizeof(JMP_REL))) + return FALSE; + + ct->patchAbove = TRUE; + } + +#if defined(_M_X64) || defined(__x86_64__) + // Create a relay function. + jmp.address = (ULONG_PTR)ct->pDetour; + + ct->pRelay = (LPBYTE)ct->pTrampoline + newPos; + memcpy(ct->pRelay, &jmp, sizeof(jmp)); +#endif + + return TRUE; +} diff --git a/libs/minhook/src/trampoline.h b/libs/minhook/src/trampoline.h new file mode 100644 index 0000000..bdffdac --- /dev/null +++ b/libs/minhook/src/trampoline.h @@ -0,0 +1,105 @@ +/* + * MinHook - The Minimalistic API Hooking Library for x64/x86 + * Copyright (C) 2009-2017 Tsuda Kageyu. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER + * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#pragma once + +#pragma pack(push, 1) + +// Structs for writing x86/x64 instructions. + +// 8-bit relative jump. +typedef struct _JMP_REL_SHORT +{ + UINT8 opcode; // EB xx: JMP +2+xx + UINT8 operand; +} JMP_REL_SHORT, *PJMP_REL_SHORT; + +// 32-bit direct relative jump/call. +typedef struct _JMP_REL +{ + UINT8 opcode; // E9/E8 xxxxxxxx: JMP/CALL +5+xxxxxxxx + UINT32 operand; // Relative destination address +} JMP_REL, *PJMP_REL, CALL_REL; + +// 64-bit indirect absolute jump. +typedef struct _JMP_ABS +{ + UINT8 opcode0; // FF25 00000000: JMP [+6] + UINT8 opcode1; + UINT32 dummy; + UINT64 address; // Absolute destination address +} JMP_ABS, *PJMP_ABS; + +// 64-bit indirect absolute call. +typedef struct _CALL_ABS +{ + UINT8 opcode0; // FF15 00000002: CALL [+6] + UINT8 opcode1; + UINT32 dummy0; + UINT8 dummy1; // EB 08: JMP +10 + UINT8 dummy2; + UINT64 address; // Absolute destination address +} CALL_ABS; + +// 32-bit direct relative conditional jumps. +typedef struct _JCC_REL +{ + UINT8 opcode0; // 0F8* xxxxxxxx: J** +6+xxxxxxxx + UINT8 opcode1; + UINT32 operand; // Relative destination address +} JCC_REL; + +// 64bit indirect absolute conditional jumps that x64 lacks. +typedef struct _JCC_ABS +{ + UINT8 opcode; // 7* 0E: J** +16 + UINT8 dummy0; + UINT8 dummy1; // FF25 00000000: JMP [+6] + UINT8 dummy2; + UINT32 dummy3; + UINT64 address; // Absolute destination address +} JCC_ABS; + +#pragma pack(pop) + +typedef struct _TRAMPOLINE +{ + LPVOID pTarget; // [In] Address of the target function. + LPVOID pDetour; // [In] Address of the detour function. + LPVOID pTrampoline; // [In] Buffer address for the trampoline and relay function. + +#if defined(_M_X64) || defined(__x86_64__) + LPVOID pRelay; // [Out] Address of the relay function. +#endif + BOOL patchAbove; // [Out] Should use the hot patch area? + UINT nIP; // [Out] Number of the instruction boundaries. + UINT8 oldIPs[8]; // [Out] Instruction boundaries of the target function. + UINT8 newIPs[8]; // [Out] Instruction boundaries of the trampoline function. +} TRAMPOLINE, *PTRAMPOLINE; + +BOOL CreateTrampolineFunction(PTRAMPOLINE ct); diff --git a/libs/yapi.hpp b/libs/yapi.hpp new file mode 100644 index 0000000..235fd31 --- /dev/null +++ b/libs/yapi.hpp @@ -0,0 +1,912 @@ +/* + yapi -- Yet Another Process Injector / Your API + A fusion library that reduce differences between x64, wow64 and x86 processes based on rewolf-wow64ext. + + Copyright (c) 2010-2018 + This library is released under the MIT License. + + Please see LICENSE file or visit https://github.com/ez8-co/yapi for details. +*/ +#pragma once + +#include +#include +#include +#include + +#ifndef NT_SUCCESS +#define NT_SUCCESS(Status) (((NTSTATUS)(Status)) >= 0) +#endif + +#include + +namespace detail { + static HMODULE hNtDll = LoadLibrary(_T("ntdll.dll")); + static HANDLE hCurProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, GetCurrentProcessId()); + + BOOL Is64BitOS() + { + SYSTEM_INFO systemInfo = { 0 }; + GetNativeSystemInfo(&systemInfo); + return systemInfo.wProcessorArchitecture == PROCESSOR_ARCHITECTURE_AMD64 + || systemInfo.wProcessorArchitecture == PROCESSOR_ARCHITECTURE_IA64; + } + static const BOOL is64BitOS = Is64BitOS(); + + struct GCBase + { + virtual DWORD64 toDWORD64() = 0; + virtual void gc() = 0; + }; + struct GCHelper + { + ~GCHelper() { + for (size_t i = 0; i < _ptrs.size(); i++) { + _ptrs[i]->gc(); + delete _ptrs[i]; + } + } + DWORD64 add(GCBase* ptr) { _ptrs.push_back(ptr); return ptr->toDWORD64(); } + private: + std::vector _ptrs; + }; +} + +namespace yapi { + + typedef std::basic_string, std::allocator > tstring; + + #ifndef UNICODE + static std::string _W2T(const wchar_t* wcs) + { + int len = ::WideCharToMultiByte(CP_ACP, 0, wcs, -1, NULL, 0, 0, 0); + std::string ret(len, 0); + VERIFY(0 != ::WideCharToMultiByte(CP_ACP, 0, wcs, -1, &ret[0], len, 0, 0)); + ret.resize(len - 1); + return ret; + } + #else + #define _W2T(str) std::wstring(str) + #endif + + #define REPEAT_0(macro) + #define REPEAT_1(macro) REPEAT_0(macro) + #define REPEAT_2(macro) REPEAT_1(macro) macro(1) + #define REPEAT_3(macro) REPEAT_2(macro) macro(2) + #define REPEAT_4(macro) REPEAT_3(macro) macro(3) + #define REPEAT_5(macro) REPEAT_4(macro) macro(4) + #define REPEAT_6(macro) REPEAT_5(macro) macro(5) + #define REPEAT_7(macro) REPEAT_6(macro) macro(6) + #define REPEAT_8(macro) REPEAT_7(macro) macro(7) + #define REPEAT_9(macro) REPEAT_8(macro) macro(8) + #define REPEAT_10(macro) REPEAT_9(macro) macro(9) + #define REPEAT_11(macro) REPEAT_10(macro) macro(10) + #define REPEAT_12(macro) REPEAT_11(macro) macro(11) + #define REPEAT_13(macro) REPEAT_12(macro) macro(12) + #define REPEAT_14(macro) REPEAT_13(macro) macro(13) + #define REPEAT_15(macro) REPEAT_14(macro) macro(14) + #define REPEAT_16(macro) REPEAT_15(macro) macro(15) + #define REPEAT_17(macro) REPEAT_16(macro) macro(16) + #define REPEAT_18(macro) REPEAT_17(macro) macro(17) + #define REPEAT_19(macro) REPEAT_18(macro) macro(18) + #define REPEAT_20(macro) REPEAT_19(macro) macro(19) + + #define END_MACRO_0(macro) + #define END_MACRO_1(macro) macro(1) + #define END_MACRO_2(macro) macro(2) + #define END_MACRO_3(macro) macro(3) + #define END_MACRO_4(macro) macro(4) + #define END_MACRO_5(macro) macro(5) + #define END_MACRO_6(macro) macro(6) + #define END_MACRO_7(macro) macro(7) + #define END_MACRO_8(macro) macro(8) + #define END_MACRO_9(macro) macro(9) + #define END_MACRO_10(macro) macro(10) + #define END_MACRO_11(macro) macro(11) + #define END_MACRO_12(macro) macro(12) + #define END_MACRO_13(macro) macro(13) + #define END_MACRO_14(macro) macro(14) + #define END_MACRO_15(macro) macro(15) + #define END_MACRO_16(macro) macro(16) + #define END_MACRO_17(macro) macro(17) + #define END_MACRO_18(macro) macro(18) + #define END_MACRO_19(macro) macro(19) + #define END_MACRO_20(macro) macro(20) + + #define REPEAT(n, macro, end_macro) REPEAT_##n (macro) END_MACRO_##n(end_macro) + + #define __ARG(n) P ## n + #define __PARAM(n) p ## n + #define __ARG_DECL(n) __ARG(n) __PARAM(n) + + #define TEMPLATE_ARG(n) typename __ARG(n) + #define VOID_TEMPLATE_ARGS(n) typename __ARG(n), + + #define ARG_DECL(n) __ARG_DECL(n) , + #define END_ARG_DECL(n) __ARG_DECL(n) + + #define DECL_VOID_TEMPLATE_ARGS(n) REPEAT(n, VOID_TEMPLATE_ARGS, TEMPLATE_ARG) + #define DECL_PARAMS_LIST(n) REPEAT(n, ARG_DECL, END_ARG_DECL) + + namespace { + template + struct _UNICODE_STRING_T { + union { + struct { + WORD Length; + WORD MaximumLength; + }; + T dummy; + }; + T Buffer; + }; + + template + struct _LIST_ENTRY_T { + T Flink; + T Blink; + }; + + template + struct _PEB_T { + T dummy01; + T Mutant; + T ImageBaseAddress; + T Ldr; + // omit unused fields + }; + + typedef _PEB_T PEB32; + typedef _PEB_T PEB64; + + typedef struct _PROCESS_BASIC_INFORMATION32 { + NTSTATUS ExitStatus; + UINT32 PebBaseAddress; + UINT32 AffinityMask; + UINT32 BasePriority; + UINT32 UniqueProcessId; + UINT32 InheritedFromUniqueProcessId; + } PROCESS_BASIC_INFORMATION32; + + typedef struct _PROCESS_BASIC_INFORMATION64 { + NTSTATUS ExitStatus; + UINT32 Reserved0; + UINT64 PebBaseAddress; + UINT64 AffinityMask; + UINT32 BasePriority; + UINT32 Reserved1; + UINT64 UniqueProcessId; + UINT64 InheritedFromUniqueProcessId; + } PROCESS_BASIC_INFORMATION64; + + template + struct _PEB_LDR_DATA_T { + DWORD Length; + DWORD Initialized; + T SsHandle; + _LIST_ENTRY_T InLoadOrderModuleList; + // omit unused fields + }; + + typedef _PEB_LDR_DATA_T PEB_LDR_DATA32; + typedef _PEB_LDR_DATA_T PEB_LDR_DATA64; + + template + struct _LDR_DATA_TABLE_ENTRY_T { + _LIST_ENTRY_T InLoadOrderLinks; + _LIST_ENTRY_T InMemoryOrderLinks; + _LIST_ENTRY_T InInitializationOrderLinks; + T DllBase; + T EntryPoint; + union { + DWORD SizeOfImage; + T dummy01; + }; + _UNICODE_STRING_T FullDllName; + _UNICODE_STRING_T BaseDllName; + // omit unused fields + }; + + typedef _LDR_DATA_TABLE_ENTRY_T LDR_DATA_TABLE_ENTRY32; + typedef _LDR_DATA_TABLE_ENTRY_T LDR_DATA_TABLE_ENTRY64; + + size_t tcslen(const char* str) { return strlen(str); } + size_t tcslen(const wchar_t* str) { return wcslen(str); } + } + + DWORD64 WINAPI GetProcAddress(HANDLE hProcess, DWORD64 hModule, const char* funcName); + + #ifdef _WIN64 + typedef NTSTATUS(WINAPI *NT_QUERY_INFORMATION_PROCESS)( + HANDLE ProcessHandle, ULONG ProcessInformationClass, + PVOID ProcessInformation, UINT32 ProcessInformationLength, + UINT32 * ReturnLength); + + static NT_QUERY_INFORMATION_PROCESS NtWow64QueryInformationProcess64 = (NT_QUERY_INFORMATION_PROCESS)GetProcAddress((HMODULE)detail::hNtDll, "NtQueryInformationProcess"); + #define NtWow64ReadVirtualMemory64 ReadProcessMemory + + #else + + namespace { + typedef NTSTATUS(WINAPI *NT_WOW64_QUERY_INFORMATION_PROCESS64)( + HANDLE ProcessHandle, UINT32 ProcessInformationClass, + PVOID ProcessInformation, UINT32 ProcessInformationLength, + UINT32* ReturnLength); + + typedef NTSTATUS(WINAPI *NT_WOW64_READ_VIRTUAL_MEMORY64)( + HANDLE ProcessHandle, PVOID64 BaseAddress, + PVOID BufferData, UINT64 BufferLength, + PUINT64 ReturnLength); + + static NT_WOW64_QUERY_INFORMATION_PROCESS64 NtWow64QueryInformationProcess64 = (NT_WOW64_QUERY_INFORMATION_PROCESS64)GetProcAddress((HMODULE)detail::hNtDll, "NtWow64QueryInformationProcess64"); + static NT_WOW64_READ_VIRTUAL_MEMORY64 NtWow64ReadVirtualMemory64 = (NT_WOW64_READ_VIRTUAL_MEMORY64)GetProcAddress((HMODULE)detail::hNtDll, "NtWow64ReadVirtualMemory64"); + } + + #endif + + DWORD64 WINAPI GetModuleHandle(HANDLE hProcess, const TCHAR* moduleName) + { + if (!moduleName) return 0; + if (!hProcess) hProcess = detail::hCurProcess; + + HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, GetProcessId(hProcess)); + if (hSnap == INVALID_HANDLE_VALUE) return 0; + MODULEENTRY32 mod = { sizeof(mod) }; + if (Module32First(hSnap, &mod)) { + do { + if (!_tcsicmp(mod.szModule, moduleName)) { + CloseHandle(hSnap); + return (DWORD64)mod.hModule; + } + } while (Module32Next(hSnap, &mod)); + } + CloseHandle(hSnap); + return 0; + } + + DWORD64 WINAPI GetProcAddress(HANDLE hProcess, DWORD64 hModule, const char* funcName) + { + if (!hModule || !funcName) return 0; + if (!hProcess) hProcess = detail::hCurProcess; + + IMAGE_DOS_HEADER idh; + NTSTATUS status = ReadProcessMemory(hProcess, (PVOID)hModule, (PVOID)&idh, sizeof(idh), NULL); + if (!NT_SUCCESS(status)) return 0; + + IMAGE_NT_HEADERS32 inh; + status = ReadProcessMemory(hProcess, (PVOID)(hModule + idh.e_lfanew), (PVOID)&inh, sizeof(inh), NULL); + if (!NT_SUCCESS(status)) return 0; + + IMAGE_DATA_DIRECTORY& idd = inh.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT]; + if (!idd.VirtualAddress)return 0; + + IMAGE_EXPORT_DIRECTORY ied; + status = ReadProcessMemory(hProcess, (PVOID)(hModule + idd.VirtualAddress), (PVOID)&ied, sizeof(ied), NULL); + if (!NT_SUCCESS(status)) return 0; + + std::vector nameTable(ied.NumberOfNames); + status = ReadProcessMemory(hProcess, (PVOID)(hModule + ied.AddressOfNames), (PVOID)&nameTable[0], sizeof(DWORD) * ied.NumberOfNames, NULL); + if (!NT_SUCCESS(status)) return 0; + + for (DWORD i = 0; i < ied.NumberOfNames; ++i) { + std::string func(strlen(funcName), 0); + status = ReadProcessMemory(hProcess, (PVOID)(hModule + nameTable[i]), (PVOID)&func[0], strlen(funcName), NULL); + if (!NT_SUCCESS(status)) continue; + + if (func == funcName) { + WORD ord = 0; + status = ReadProcessMemory(hProcess, (PVOID)(hModule + ied.AddressOfNameOrdinals + i * sizeof(WORD)), (PVOID)&ord, sizeof(WORD), NULL); + if (!NT_SUCCESS(status)) continue; + + DWORD rva = 0; + status = ReadProcessMemory(hProcess, (PVOID)(hModule + ied.AddressOfFunctions + ord * sizeof(DWORD)), (PVOID)&rva, sizeof(DWORD), NULL); + if (!NT_SUCCESS(status)) continue; + + return hModule + rva; + } + } + return 0; + } + + DWORD64 WINAPI GetModuleHandle64(HANDLE hProcess, const TCHAR* moduleName) + { + if (!moduleName) return 0; + if (!hProcess) hProcess = detail::hCurProcess; + + #ifndef _WIN64 + if (!NtWow64QueryInformationProcess64 || !NtWow64ReadVirtualMemory64) return 0; + #endif + + PROCESS_BASIC_INFORMATION64 pbi = { 0 }; + const int ProcessBasicInformation = 0; + NTSTATUS status = NtWow64QueryInformationProcess64(hProcess, ProcessBasicInformation, &pbi, sizeof(pbi), NULL); + if (!NT_SUCCESS(status)) return 0; + + PEB64 peb; + status = NtWow64ReadVirtualMemory64(hProcess, (PVOID64)pbi.PebBaseAddress, &peb, sizeof(peb), NULL); + if (!NT_SUCCESS(status)) return 0; + + PEB_LDR_DATA64 ldr; + status = NtWow64ReadVirtualMemory64(hProcess, (PVOID64)peb.Ldr, (PVOID)&ldr, sizeof(ldr), NULL); + if (!NT_SUCCESS(status)) return 0; + + DWORD64 LastEntry = peb.Ldr + offsetof(PEB_LDR_DATA64, InLoadOrderModuleList); + + LDR_DATA_TABLE_ENTRY64 head; + head.InLoadOrderLinks.Flink = ldr.InLoadOrderModuleList.Flink; + do { + status = NtWow64ReadVirtualMemory64(hProcess, (PVOID64)head.InLoadOrderLinks.Flink, (PVOID)&head, sizeof(head), NULL); + if (!NT_SUCCESS(status)) continue; + + std::wstring modName((size_t)head.BaseDllName.MaximumLength, 0); + status = NtWow64ReadVirtualMemory64(hProcess, (PVOID64)head.BaseDllName.Buffer, (PVOID)&modName[0], head.BaseDllName.MaximumLength, NULL); + if (!NT_SUCCESS(status)) continue; + + if (!_tcsicmp(moduleName, _W2T(modName).c_str())) + return head.DllBase; + } while (head.InLoadOrderLinks.Flink != LastEntry); + return 0; + } + + DWORD64 WINAPI GetProcAddress64(HANDLE hProcess, DWORD64 hModule, const char* funcName) + { + if (!hModule || !funcName) return 0; + if (!hProcess) hProcess = detail::hCurProcess; + +#ifndef _WIN64 + if (!NtWow64ReadVirtualMemory64) return 0; +#endif + + IMAGE_DOS_HEADER idh; + NTSTATUS status = NtWow64ReadVirtualMemory64(hProcess, (PVOID64)hModule, (PVOID)&idh, sizeof(idh), NULL); + if (!NT_SUCCESS(status)) return 0; + + IMAGE_NT_HEADERS64 inh; + status = NtWow64ReadVirtualMemory64(hProcess, (PVOID64)(hModule + idh.e_lfanew), (PVOID)&inh, sizeof(inh), NULL); + if (!NT_SUCCESS(status)) return 0; + + IMAGE_DATA_DIRECTORY& idd = inh.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT]; + if (!idd.VirtualAddress)return 0; + + IMAGE_EXPORT_DIRECTORY ied; + status = NtWow64ReadVirtualMemory64(hProcess, (PVOID64)(hModule + idd.VirtualAddress), (PVOID)&ied, sizeof(ied), NULL); + if (!NT_SUCCESS(status)) return 0; + + std::vector nameTable(ied.NumberOfNames); + status = NtWow64ReadVirtualMemory64(hProcess, (PVOID64)(hModule + ied.AddressOfNames), (PVOID)&nameTable[0], sizeof(DWORD) * ied.NumberOfNames, NULL); + if (!NT_SUCCESS(status)) return 0; + + for (DWORD i = 0; i < ied.NumberOfNames; ++i) { + std::string func(strlen(funcName), 0); + status = NtWow64ReadVirtualMemory64(hProcess, (PVOID64)(hModule + nameTable[i]), (PVOID)&func[0], strlen(funcName), NULL); + if (!NT_SUCCESS(status)) continue; + + if (func == funcName) { + WORD ord = 0; + status = NtWow64ReadVirtualMemory64(hProcess, (PVOID64)(hModule + ied.AddressOfNameOrdinals + i * sizeof(WORD)), (PVOID)&ord, sizeof(WORD), NULL); + if (!NT_SUCCESS(status)) continue; + + DWORD rva = 0; + status = NtWow64ReadVirtualMemory64(hProcess, (PVOID64)(hModule + ied.AddressOfFunctions + ord * sizeof(DWORD)), (PVOID)&rva, sizeof(DWORD), NULL); + if (!NT_SUCCESS(status)) continue; + + return hModule + rva; + } + } + return 0; + } + + DWORD64 GetNtDll64() + { + static DWORD64 hNtdll64 = 0; + if(hNtdll64) return hNtdll64; + hNtdll64 = GetModuleHandle64(detail::hCurProcess, _T("ntdll.dll")); + return hNtdll64; + } + + #ifdef _WIN64 + + #define SetLastError64 SetLastError + #define VirtualQueryEx64 VirtualQueryEx + #define VirtualAllocEx64 VirtualAllocEx + #define VirtualFreeEx64 VirtualFreeEx + #define VirtualProtectEx64 VirtualProtectEx + #define ReadProcessMemory64 ReadProcessMemory + #define WriteProcessMemory64 WriteProcessMemory + #define LoadLibrary64 LoadLibrary + #define CreateRemoteThread64 CreateRemoteThread + + #else + + namespace { + #define _(x) __asm __emit (x) + __declspec(naked) DWORD64 x64Call(DWORD64 func, int argC, ...) + { + // see X64Call_disassemble for details + _(0x55)_(0x8b)_(0xec)_(0x8b)_(0x4d)_(0x10)_(0x8d)_(0x55)_(0x14)_(0x83)_(0xec)_(0x40)_(0x53)_(0x56)_(0x57)_(0x85) + _(0xc9)_(0x7e)_(0x15)_(0x8b)_(0x45)_(0x14)_(0x8d)_(0x55)_(0x1c)_(0x49)_(0x89)_(0x45)_(0xf0)_(0x8b)_(0x45)_(0x18) + _(0x89)_(0x4d)_(0x10)_(0x89)_(0x45)_(0xf4)_(0xeb)_(0x08)_(0x0f)_(0x57)_(0xc0)_(0x66)_(0x0f)_(0x13)_(0x45)_(0xf0) + _(0x85)_(0xc9)_(0x7e)_(0x15)_(0x49)_(0x83)_(0xc2)_(0x08)_(0x89)_(0x4d)_(0x10)_(0x8b)_(0x42)_(0xf8)_(0x89)_(0x45) + _(0xe8)_(0x8b)_(0x42)_(0xfc)_(0x89)_(0x45)_(0xec)_(0xeb)_(0x08)_(0x0f)_(0x57)_(0xc0)_(0x66)_(0x0f)_(0x13)_(0x45) + _(0xe8)_(0x85)_(0xc9)_(0x7e)_(0x15)_(0x49)_(0x83)_(0xc2)_(0x08)_(0x89)_(0x4d)_(0x10)_(0x8b)_(0x42)_(0xf8)_(0x89) + _(0x45)_(0xe0)_(0x8b)_(0x42)_(0xfc)_(0x89)_(0x45)_(0xe4)_(0xeb)_(0x08)_(0x0f)_(0x57)_(0xc0)_(0x66)_(0x0f)_(0x13) + _(0x45)_(0xe0)_(0x85)_(0xc9)_(0x7e)_(0x15)_(0x49)_(0x83)_(0xc2)_(0x08)_(0x89)_(0x4d)_(0x10)_(0x8b)_(0x42)_(0xf8) + _(0x89)_(0x45)_(0xd8)_(0x8b)_(0x42)_(0xfc)_(0x89)_(0x45)_(0xdc)_(0xeb)_(0x08)_(0x0f)_(0x57)_(0xc0)_(0x66)_(0x0f) + _(0x13)_(0x45)_(0xd8)_(0x8b)_(0xc2)_(0xc7)_(0x45)_(0xfc)_(0x00)_(0x00)_(0x00)_(0x00)_(0x99)_(0x0f)_(0x57)_(0xc0) + _(0x89)_(0x45)_(0xc0)_(0x8b)_(0xc1)_(0x89)_(0x55)_(0xc4)_(0x99)_(0x66)_(0x0f)_(0x13)_(0x45)_(0xc8)_(0x89)_(0x45) + _(0xd0)_(0x89)_(0x55)_(0xd4)_(0xc7)_(0x45)_(0xf8)_(0x00)_(0x00)_(0x00)_(0x00)_(0x66)_(0x8c)_(0x65)_(0xf8)_(0xb8) + _(0x2b)_(0x00)_(0x00)_(0x00)_(0x66)_(0x8e)_(0xe0)_(0x89)_(0x65)_(0xfc)_(0x83)_(0xe4)_(0xf0)_(0x6a)_(0x33)_(0xe8) + _(0x00)_(0x00)_(0x00)_(0x00)_(0x83)_(0x04)_(0x24)_(0x05)_(0xcb)_(0x48)_(0x8b)_(0x4d)_(0xf0)_(0x48)_(0x8b)_(0x55) + _(0xe8)_(0xff)_(0x75)_(0xe0)_(0x49)_(0x58)_(0xff)_(0x75)_(0xd8)_(0x49)_(0x59)_(0x48)_(0x8b)_(0x45)_(0xd0)_(0xa8) + _(0x01)_(0x75)_(0x03)_(0x83)_(0xec)_(0x08)_(0x57)_(0x48)_(0x8b)_(0x7d)_(0xc0)_(0x48)_(0x85)_(0xc0)_(0x74)_(0x16) + _(0x48)_(0x8d)_(0x7c)_(0xc7)_(0xf8)_(0x48)_(0x85)_(0xc0)_(0x74)_(0x0c)_(0xff)_(0x37)_(0x48)_(0x83)_(0xef)_(0x08) + _(0x48)_(0x83)_(0xe8)_(0x01)_(0xeb)_(0xef)_(0x48)_(0x83)_(0xec)_(0x20)_(0xff)_(0x55)_(0x08)_(0x48)_(0x8b)_(0x4d) + _(0xd0)_(0x48)_(0x8d)_(0x64)_(0xcc)_(0x20)_(0x5f)_(0x48)_(0x89)_(0x45)_(0xc8)_(0xe8)_(0x00)_(0x00)_(0x00)_(0x00) + _(0xc7)_(0x44)_(0x24)_(0x04)_(0x23)_(0x00)_(0x00)_(0x00)_(0x83)_(0x04)_(0x24)_(0x0d)_(0xcb)_(0x66)_(0x8c)_(0xd8) + _(0x66)_(0x8e)_(0xd0)_(0x8b)_(0x65)_(0xfc)_(0x66)_(0x8b)_(0x45)_(0xf8)_(0x66)_(0x8e)_(0xe0)_(0x8b)_(0x45)_(0xc8) + _(0x8b)_(0x55)_(0xcc)_(0x5f)_(0x5e)_(0x5b)_(0x8b)_(0xe5)_(0x5d)_(0xc3) + } + #undef _ + } + + class X64Call + { + template + struct StringHelper : detail::GCBase + { + StringHelper(const char_t* v) : name(0) { + name = new _UNICODE_STRING_T; + name->Buffer = (DWORD64)v; + name->Length = (WORD)tcslen(v) * sizeof(char_t); + name->MaximumLength = name->Length; + } + virtual void gc() { delete name; } + virtual DWORD64 toDWORD64() { return (DWORD64)name; } + private: + _UNICODE_STRING_T* name; + }; + template + DWORD64 ToDWORD64(T v, detail::GCHelper*) { + return DWORD64(v); + } + template<> DWORD64 ToDWORD64(const char* v, detail::GCHelper* helper) { return helper->add(new StringHelper(v)); } + template<> DWORD64 ToDWORD64(const wchar_t* v, detail::GCHelper* helper) { return helper->add(new StringHelper(v)); } + template<> DWORD64 ToDWORD64(char* v, detail::GCHelper* helper) { return helper->add(new StringHelper(v)); } + template<> DWORD64 ToDWORD64(wchar_t* v, detail::GCHelper* helper) { return helper->add(new StringHelper(v)); } + + private: + DWORD64 func; + + public: + X64Call(const char* funcName) : func(GetProcAddress64(0, GetNtDll64(), funcName)) {} + X64Call(DWORD64 module, const char* funcName) : func(GetProcAddress64(0, module, funcName)) {} + + operator DWORD64() { return func; } + + DWORD64 operator()() { return func && x64Call(func, 0); } + + #define __TO_DWORD64_DECL(n) ToDWORD64(__PARAM(n), &helper) + #define TO_DWORD64_DECL(n) __TO_DWORD64_DECL(n) , + #define END_TO_DWORD64_DECL(n) __TO_DWORD64_DECL(n) + #define CALLERS(n) template DWORD64 operator()(DECL_PARAMS_LIST(n)) { detail::GCHelper helper; return func && x64Call(func, n, REPEAT(n, TO_DWORD64_DECL, END_TO_DWORD64_DECL)); } + CALLERS( 1) CALLERS( 2) CALLERS( 3) CALLERS( 4) CALLERS( 5) CALLERS( 6) CALLERS( 7) CALLERS( 8) CALLERS( 9) CALLERS(10) + CALLERS(11) CALLERS(12) CALLERS(13) CALLERS(14) CALLERS(15) CALLERS(16) CALLERS(17) CALLERS(18) CALLERS(19) CALLERS(20) + #undef CALLERS + #undef END_TO_DWORD64_DECL + #undef TO_DWORD64_DECL + #undef __TO_DWORD64_DECL + }; + + VOID WINAPI SetLastError64(DWORD64 status) + { + typedef ULONG (WINAPI *RTL_NTSTATUS_TO_DOS_ERROR)(NTSTATUS Status); + typedef ULONG (WINAPI *RTL_SET_LAST_WIN32_ERROR)(NTSTATUS Status); + + static RTL_NTSTATUS_TO_DOS_ERROR RtlNtStatusToDosError = (RTL_NTSTATUS_TO_DOS_ERROR)GetProcAddress(detail::hNtDll, "RtlNtStatusToDosError"); + static RTL_SET_LAST_WIN32_ERROR RtlSetLastWin32Error = (RTL_SET_LAST_WIN32_ERROR)GetProcAddress(detail::hNtDll, "RtlSetLastWin32Error"); + + if (RtlNtStatusToDosError && RtlSetLastWin32Error) + RtlSetLastWin32Error(RtlNtStatusToDosError((DWORD)status)); + } + + SIZE_T WINAPI VirtualQueryEx64(HANDLE hProcess, DWORD64 lpAddress, MEMORY_BASIC_INFORMATION64* lpBuffer, SIZE_T dwLength) + { + static X64Call NtQueryVirtualMemory("NtQueryVirtualMemory"); + if (!NtQueryVirtualMemory) return 0; + + DWORD64 ret = 0; + DWORD64 status = NtQueryVirtualMemory(hProcess, lpAddress, 0, lpBuffer, dwLength, &ret); + if (!status) return (SIZE_T)ret; + + SetLastError64(ret); + return FALSE; + } + + DWORD64 WINAPI VirtualAllocEx64(HANDLE hProcess, DWORD64 lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect) + { + static X64Call NtAllocateVirtualMemory("NtAllocateVirtualMemory"); + if (!NtAllocateVirtualMemory) return 0; + + DWORD64 tmpAddr = lpAddress; + DWORD64 tmpSize = dwSize; + DWORD64 ret = NtAllocateVirtualMemory(hProcess, &tmpAddr, 0, &tmpSize, flAllocationType, flProtect); + if (!ret) return tmpAddr; + + SetLastError64(ret); + return FALSE; + } + + BOOL WINAPI VirtualFreeEx64(HANDLE hProcess, DWORD64 lpAddress, SIZE_T dwSize, DWORD dwFreeType) + { + static X64Call NtFreeVirtualMemory("NtFreeVirtualMemory"); + if (!NtFreeVirtualMemory) return 0; + + DWORD64 tmpAddr = lpAddress; + DWORD64 tmpSize = dwSize; + DWORD64 ret = NtFreeVirtualMemory(hProcess, &tmpAddr, &tmpSize, dwFreeType); + if (!ret) return TRUE; + + SetLastError64(ret); + return FALSE; + } + + BOOL WINAPI VirtualProtectEx64(HANDLE hProcess, DWORD64 lpAddress, SIZE_T dwSize, DWORD flNewProtect, DWORD* lpflOldProtect) + { + static X64Call NtProtectVirtualMemory("NtProtectVirtualMemory"); + if (!NtProtectVirtualMemory) return 0; + + DWORD64 tmpAddr = lpAddress; + DWORD64 tmpSize = dwSize; + DWORD64 ret = NtProtectVirtualMemory(hProcess, &tmpAddr, &tmpSize, flNewProtect, lpflOldProtect); + if (!ret) return TRUE; + + SetLastError64(ret); + return FALSE; + } + + BOOL WINAPI ReadProcessMemory64(HANDLE hProcess, DWORD64 lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T* lpNumberOfBytesRead) + { + static X64Call NtReadVirtualMemory("NtReadVirtualMemory"); + if (!NtReadVirtualMemory) return 0; + + DWORD64 read = 0; + DWORD64 ret = NtReadVirtualMemory(hProcess, lpBaseAddress, lpBuffer, nSize, &read); + if (!ret) { + if (lpNumberOfBytesRead) *lpNumberOfBytesRead = (SIZE_T)read; + return TRUE; + } + + SetLastError64(ret); + return FALSE; + } + + BOOL WINAPI WriteProcessMemory64(HANDLE hProcess, DWORD64 lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T* lpNumberOfBytesWritten) + { + static X64Call NtWriteVirtualMemory("NtWriteVirtualMemory"); + if (!NtWriteVirtualMemory) return 0; + + DWORD64 written = 0; + DWORD64 ret = NtWriteVirtualMemory(hProcess, lpBaseAddress, lpBuffer, nSize, &written); + if (!ret) { + if (lpNumberOfBytesWritten) *lpNumberOfBytesWritten = (SIZE_T)written; + return TRUE; + } + + SetLastError64(ret); + return FALSE; + } + + HANDLE WINAPI CreateRemoteThread64(HANDLE hProcess, + LPSECURITY_ATTRIBUTES lpThreadAttributes, + SIZE_T dwStackSize, + DWORD64 lpStartAddress, + DWORD64 lpParameter, + DWORD dwCreationFlags, + LPDWORD lpThreadId) + { + static X64Call RtlCreateUserThread("RtlCreateUserThread"); + if (!RtlCreateUserThread) return 0; + + BOOLEAN createSuspended = dwCreationFlags & CREATE_SUSPENDED; + ULONG stackSize = dwStackSize; + DWORD64 handle = 0; + DWORD64 status = RtlCreateUserThread(hProcess, lpThreadAttributes, createSuspended, 0, (dwCreationFlags & STACK_SIZE_PARAM_IS_A_RESERVATION) ? &stackSize : NULL, &stackSize, lpStartAddress, lpParameter, &handle, NULL); + if (!status) return (HANDLE)handle; + + SetLastError64(status); + return NULL; + } + + #endif + + class ProcessWriter + { + public: + template + ProcessWriter(HANDLE hProcess, T content, SIZE_T dwSize, DWORD flProtect = PAGE_READWRITE) + : _autoRelease(TRUE) + , _hProcess(hProcess) + , _dw64Address(0) + , _dwSize(dwSize) + { + if (!(_dw64Address = VirtualAllocEx64(hProcess, NULL, dwSize, MEM_COMMIT | MEM_RESERVE, flProtect))) + return; + SIZE_T written = 0; + if (!WriteProcessMemory64(hProcess, _dw64Address, (PVOID)content, dwSize, &written) || written != dwSize) { + VirtualFreeEx64(hProcess, _dw64Address, _dwSize, MEM_DECOMMIT); + _dw64Address = 0; + } + } + ~ProcessWriter() { + if (_dw64Address && _autoRelease) + VirtualFreeEx64(_hProcess, _dw64Address, _dwSize, MEM_DECOMMIT); + } + void SetDontRelese() { + _autoRelease = FALSE; + } + operator DWORD64() { + return (DWORD64)_dw64Address; + } + #ifdef _WIN64 + template + operator T*() { + return (T*)_dw64Address; + } + #endif + + private: + BOOL _autoRelease; + HANDLE _hProcess; + #ifdef _WIN64 + LPVOID _dw64Address; + #else + DWORD64 _dw64Address; + #endif + SIZE_T _dwSize; + }; + + namespace { + + std::string makeShellCode(int cnt, bool is64Bit) + { + if(is64Bit) { + // see X64Delegator_disassemble for details + static const unsigned char kTmpl_x64[] = { 0x40, 0x53, 0x48, 0x83, 0xec, 0x20, 0x48, 0x8b, 0xd9, 0x48, 0x85, 0xc9, 0x74, 0x1d, 0x48, 0x83, + 0x39, 0x00, 0x48, 0x8b, 0x41, 0x08, 0x74, 0x0b, 0xff, 0xd0, 0x48, 0x89, 0x03, 0x48, 0x83, 0xc4, + 0x20, 0x5b, 0xc3, 0x48, 0x83, 0xc4, 0x20, 0x5b, 0x48, 0xff, 0xe0, 0x33, 0xc0, 0x48, 0x83, 0xc4, + 0x20, 0x5b, 0xc3 }; + + std::string templ_x64((const char*)kTmpl_x64, sizeof(kTmpl_x64)); + if(!cnt) return templ_x64; + + templ_x64[13] += (cnt <= 4) ? cnt * 4 : (cnt - 4) * 9 + 16; + if(cnt >= 1) + templ_x64[16] = 0x3b; + + if(cnt < 3) { + if(cnt >= 1) { + templ_x64.insert(22, "\x48\x8b\x49\x10", 4); + } + if(cnt >= 2) { + templ_x64.insert(22, "\x48\x8b\x51\x18", 4); + } + } + else { + templ_x64[20] = 0x49; + templ_x64[21] = 0x10; + templ_x64.insert(22, "\x48\x8B\x53\x18", 4); + templ_x64.insert(22, "\x4c\x8b\x43\x20", 4); + templ_x64.insert(22, "\x48\x8b\x43\x08", 4); + if(cnt >= 4) { + templ_x64.insert(26, "\x4c\x8b\x4b\x28", 4); + } + if(cnt >= 5) { + templ_x64.insert(18, "\x4c\x8B\x53\x30", 4); + templ_x64.insert(42, "\x4c\x89\x54\x24\x20", 5); + } + if(cnt >= 6) { + templ_x64[21] = 0x38; + templ_x64.insert(22, "\x4c\x8b\x5b\x30", 4); + templ_x64[50] = 0x28; + templ_x64.insert(51, "\x4c\x89\x5c\x24\x20", 5); + } + // TODO + } + return templ_x64; + } + // see X86Delegator_disassemble for details + static const unsigned char kTmpl_x86[] = { 0x55, 0x8b, 0xec, 0x51, 0x83, 0x7d, 0x08, 0x00, 0x74, 0x0c, 0x8b ,0x45, 0x08, 0x8b, 0x08, 0xff, + 0xd0, 0x89, 0x45, 0xfc, 0xeb, 0x07, 0xc7, 0x45, 0xfc, 0x00, 0x00, 0x00, 0x00, 0x8b, 0x45, 0xfc, + 0x8b, 0xe5, 0x5d, 0xc3 }; + std::string templ_x86((const char*)kTmpl_x86, sizeof(kTmpl_x86)); + // je distance + templ_x86[9] += cnt * 7; + templ_x86[16] += ((1 - cnt) % 3 + 3) % 3; + int pos = 13; + for(int i = 0; i < cnt; ++i) { + switch(i % 3) { + case 0: + templ_x86.insert(pos, "\x8b\x48\xcc\x51\x8b\x55\x08", 7); + break; + case 1: + templ_x86.insert(pos, "\x8b\x42\xcc\x50\x8b\x4d\x08", 7); + break; + case 2: + templ_x86.insert(pos, "\x8b\x51\xcc\x52\x8b\x45\x08", 7); + break; + } + templ_x86[pos + 2] = (cnt - i) << 2; + pos += 7; + } + switch(cnt % 3) { + case 0: + templ_x86[pos + 1] = 0x08; + break; + case 1: + templ_x86[pos + 1] = 0x02; + break; + case 2: + templ_x86[pos + 1] = 0x11; + break; + } + return templ_x86; + } + + template + const std::string& shellCode() { + static std::string kCode = makeShellCode(argCnt, is64Bit); + return kCode; + } + + } + + class YAPICall + { + template + DWORD64 ToDWORD64(T v, HANDLE hProcess, detail::GCHelper*) { + return DWORD64(v); + } + template + struct StringHelper : detail::GCBase + { + StringHelper(HANDLE hProcess, const char_t* v) : name(0) { + name = new ProcessWriter(hProcess, v, (tcslen(v) + 1) * sizeof(char_t)); + } + virtual void gc() { delete name; } + virtual DWORD64 toDWORD64() { return (DWORD64)*name; } + private: + ProcessWriter* name; + }; + template<> DWORD64 ToDWORD64(const char* v, HANDLE hProcess, detail::GCHelper* helper) { return helper->add(new StringHelper(hProcess, v)); } + template<> DWORD64 ToDWORD64(const wchar_t* v, HANDLE hProcess, detail::GCHelper* helper) { return helper->add(new StringHelper(hProcess, v)); } + template<> DWORD64 ToDWORD64(char* v, HANDLE hProcess, detail::GCHelper* helper) { return helper->add(new StringHelper(hProcess, v)); } + template<> DWORD64 ToDWORD64(wchar_t* v, HANDLE hProcess, detail::GCHelper* helper) { return helper->add(new StringHelper(hProcess, v)); } + + private: + HANDLE _hProcess; + ProcessWriter* _sc; + DWORD64 func; + BOOL _dw64Ret; + DWORD _dwTimeout; + BOOL _is64Bit; + + template + bool initShellCoder(ProcessWriter*& sc) { + if(sc) return false; + const std::string& shellcode = _is64Bit ? shellCode() : shellCode(); + sc = new ProcessWriter(_hProcess, shellcode.data(), shellcode.size() + 1, PAGE_EXECUTE_READWRITE); + return true; + } + + template + DWORD64 call(const std::vector& param) { + ProcessWriter p(_hProcess, ¶m[0], sizeof(T) * (param.size())); + if (!p) return -1; + HANDLE hThread = 0; + if (_is64Bit) + hThread = CreateRemoteThread64(_hProcess, NULL, 0, *_sc, p, 0, NULL); + else { +#ifdef _WIN64 + // see X64toX86_disassemble for details + static const unsigned char kTmpl_x64_to_x86[] = { 0x48, 0x89, 0x4c, 0x24, 0x08, 0x48, 0x83, 0xec, 0x28, 0x48, 0x8b, 0x44, 0x24, 0x30, 0x8b, 0x48, + 0x08, 0x48, 0x8b, 0x44, 0x24, 0x30, 0x6a, 0x33, 0xe8, 0x00, 0x00, 0x00, 0x00, 0x83, 0x04, 0x24, + 0x05, 0xcb, 0xff, 0xd0, 0xe8, 0x00, 0x00, 0x00, 0x00, 0xc7, 0x44, 0x24, 0x04, 0x23, 0x00, 0x00, + 0x00, 0x83, 0x04, 0x24, 0x0d, 0xcb, 0x48, 0x83, 0xc4, 0x28, 0xc3 }; + std::string x86_shellcode((char*)kTmpl_x64_to_x86, sizeof(kTmpl_x64_to_x86)); + ProcessWriter* sc = new ProcessWriter(_hProcess, x86_shellcode.data(), x86_shellcode.size() + 1, PAGE_EXECUTE_READWRITE); + sc->SetDontRelese(); + hThread = CreateRemoteThread64(_hProcess, NULL, 0, *_sc, p, 0, NULL); +#else + hThread = CreateRemoteThread(_hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)(DWORD64)*_sc, (PVOID)(DWORD64)p, 0, NULL); +#endif + } + if (!hThread) return -1; + if (WaitForSingleObject(hThread, _dwTimeout) != WAIT_OBJECT_0) { + _sc->SetDontRelese(); + CloseHandle(hThread); + return -1; + } + if (!_is64Bit || !_dw64Ret) { + DWORD ret = 0; + GetExitCodeThread(hThread, &ret); + CloseHandle(hThread); + return ret; + } + DWORD64 ret = 0; + CloseHandle(hThread); + ReadProcessMemory64(_hProcess, p, &ret, sizeof(DWORD64), NULL); + return ret; + } + + public: + YAPICall(HANDLE hProcess, const char* funcName) + : _hProcess(hProcess) + , _sc(0) + , func(GetProcAddress64(hProcess, GetNtDll64(), funcName)) + , _dw64Ret(FALSE) + , _dwTimeout(INFINITE) + , _is64Bit(detail::is64BitOS) + { + } + YAPICall(HANDLE hProcess, DWORD64 moudle, const char* funcName) + : _hProcess(hProcess) + , _sc(0) + , func(GetProcAddress64(hProcess, moudle, funcName)) + , _dw64Ret(FALSE) + , _dwTimeout(INFINITE) + , _is64Bit(detail::is64BitOS) + { + } + YAPICall(HANDLE hProcess, const TCHAR* modName, const char* funcName) + : _hProcess(hProcess) + , _sc(0) + , func(GetProcAddress64(hProcess, GetModuleHandle64(hProcess, modName), funcName)) + , _dw64Ret(FALSE) + , _dwTimeout(INFINITE) + , _is64Bit(detail::is64BitOS) + { + if(!func) { + func = GetProcAddress(hProcess, GetModuleHandle(hProcess, modName), funcName); + _is64Bit = FALSE; + } + } + + ~YAPICall() { if (_sc) delete _sc; } + + operator DWORD64() { return func; } + + YAPICall& Dw64() { _dw64Ret = TRUE; return *this; } + YAPICall& Timeout(DWORD dwTimeout) { _dwTimeout = dwTimeout; return *this; } + + #define TO_DWORD64_ARRAY_DECL(n) param[n + 1] = ToDWORD64(__PARAM(n), _hProcess, &helper); + #define TO_DWORD_ARRAY_DECL(n) param[n] = (DWORD)ToDWORD64(__PARAM(n), _hProcess, &helper); + + #define CALLERSX(n) \ + DWORD64 operator()(DECL_PARAMS_LIST(n)) {\ + bool b = initShellCoder(_sc);\ + if(!b || !func || !_sc || !*_sc) return -1;\ + detail::GCHelper helper;\ + if(_is64Bit) {\ + std::vector param(n + 2, 0);\ + param[0] = _dw64Ret;\ + param[1] = func;\ + REPEAT(n, TO_DWORD64_ARRAY_DECL, TO_DWORD64_ARRAY_DECL)\ + return call(param);\ + }\ + std::vector param(n + 1, 0);\ + param[0] = (DWORD)func;\ + REPEAT(n, TO_DWORD_ARRAY_DECL, TO_DWORD_ARRAY_DECL)\ + return call(param);\ + } + #define CALLERS(n) template CALLERSX(n) + CALLERSX( 0) + CALLERS( 1) CALLERS( 2) CALLERS( 3) CALLERS( 4) CALLERS( 5) CALLERS( 6) /*CALLERS( 7) CALLERS( 8) CALLERS( 9) CALLERS(10) + CALLERS(11) CALLERS(12) CALLERS(13) CALLERS(14) CALLERS(15) CALLERS(16) CALLERS(17) CALLERS(18) CALLERS(19) CALLERS(20)*/ + #undef CALLERSX + #undef CALLERS + #undef TO_DWORD_ARRAY_DECL + #undef TO_DWORD64_ARRAY_DECL + }; + + #define YAPI(h, m, f) YAPICall(h, m, #f) +} diff --git a/scripts/build32.bat b/scripts/build32.bat new file mode 100644 index 0000000..15fc523 --- /dev/null +++ b/scripts/build32.bat @@ -0,0 +1,2 @@ +cmake ../CMakeLists.txt -G "Visual Studio 17 2022" -A win32 -T host=x86 -B ../build/x86 +cmake --build ../build/x86 --config Release --target ALL_BUILD -j 14 diff --git a/scripts/build32xp.bat b/scripts/build32xp.bat new file mode 100644 index 0000000..4c3d8e5 --- /dev/null +++ b/scripts/build32xp.bat @@ -0,0 +1,2 @@ +cmake ../CMakeLists.txt -G "Visual Studio 15 2017" -A win32 -T v141_xp -B ../build/xp +cmake --build ../build/xp --config Release --target ALL_BUILD -j 14 diff --git a/scripts/build64.bat b/scripts/build64.bat new file mode 100644 index 0000000..bf83eee --- /dev/null +++ b/scripts/build64.bat @@ -0,0 +1,2 @@ +cmake ../CMakeLists.txt -G "Visual Studio 17 2022" -A x64 -T host=x64 -B ../build/x64 +cmake --build ../build/x64 --config Release --target ALL_BUILD -j 14

ThsK6aKOL4}ZeH=h3Or>aOous3LaXw3DEtz|361Bi8k0+=sS_mmYJC#PlyMr>9 zR_EfRjrhNhxvs%Kuhd)N;+2}#y=X)q$BGK~l`Hx{m~6JLqJIo56{Iel$8=NC`IOuX zq{$(wITdVOHLn0m)BsgAuZnP$YF-cCSe)8wZeB&H@;eD{to&JEpRTF=v{;Y=uBz^e z2bid`t-~oFWDlxr18{}~vkQfmZ1e#rMejpVh(7`)YkUk^4*Ch`>7aW-*MWWpN|kOO z=#8LXfKs>nCFm=lUxRjm{sWXM#nU)>r65;=L=}f?vgAvX_b}X>fraIIB!{#-Ht_C~*xP`yEfl!{1U1qUvJm)K!iL@Y!ip)XoZ4JMTt>qx?K;J zv2M3UxJun_2hY52r$o@A`?aXsbPLr5u&Nekus${w%z8tGN5ND>)lV#Lg_nGgohXM$ z>+OR18`Ma$-P52H>20EhJ_G8-^$t*~@jF4O#y<<%0lEv6ZkoOTx()QVpwEK71WMiQ zE1#?11ZV;xk8?h$<+t4=gODMUM>bc!yjHLSS1SUa&HnMqOoi_BC|a|K_t7AikB zxQ5BlTKK81!->|yr&LBv77%!6-|c%xbbR2TnL}#l;O(D|?)cDw$pgFPgEc2UeQ;{q z19a;c3wPWmJMsV2m+^3Pio+I@}l zPJ@f{>fqvS)oO)z6V$KY}g=#RJgmLZGOB>~Y&z&^vJ13-l|{ z-k^B5Md}Mm)u|uoGSL2@)Z+{QJr@+uiL)ud5K!8iYba&a9MV}NG}ML=O|xX7b4VzoZESbZ`)sX7 zBGZP%0$E}fg)zd0#IaHALx!)A!ii+~3TA3=XJ2ah!LO3SgTTgv?t9pnu<8Odp)_Tp zR-f*|&p-rr;Ea=&$cpO1Z&t* zLo7r3YX;wCo%_0p>oOQK&(IHvvWSSQO$u; zISMU?YSoo3tRla=BI6aO7_X$z?1qh3QfRz#j2N$^(0FB3$A_^PuOw3iSH>%5BM3f; z*!yQBj)I5I?R$=4YsGDAz0aeygGa!xwQlfHPiGk`bp*r=icVkXBwcLtP-5Jh7WeN;j1NeaNN-3}ns z%bjOK;w_#i`Pr~>xGZ+8tZr=M3z(57Cm!cO_D^=C%0Cq6y@Edn-8IHosv;dSMvjFr1&?3;j2&V*eIOsyq<3US7(?NZp<)G!D zi$PBTZ3bNmdJpJnpp?&kP-;LZEZ%^SD?yq9Kh7g*C=jefOr9=Pu9e$7=w*dYF?lM9OsuMC9#es~=+IfKxzmZ4q?@Tm zx~Sn8BHAODa@)m4jnN29o~Vy^c{(LGZbiA#zR>-^RBD|n_%n8$yK+0Xv*tr{lL(2r zD0v-X$tv{TBAAB)t^()4po?w*kuT#1ZQe|mHsaFprD=3B(A+uWp(9t0Oon!%qm2yW z&Knic%xHc0-Uda~f|ZDgm)83TqM2ogrfzjh8{U-sBMN=Q?<)##YpvZ30UkNFB~iAktA1(V=QTsWmd0l~sXF zi4pg8_zIE>jAlclTA_tn&C1A5)J&4r+i}uyESe*--AGWHpd1HEv$D~kH2!jeR)dZK zT@5-G^eWKtpfnCU0dy#GGX?Z$&=Wyvw0siit)P=Zsd=6Px)U@5^pBv^K)r}hCTJb# z3{c9ynV{4>ZpX=+M{@C58Rxkm&3WwE0o5IERB=oQB$U_@{Kg1f$t%N&-U}RCKWkC|Hx95fAd1SqBFXfbZ38piEPt^`)&IByrO zIgibDb2n)pCs@CaYJj)17yc!0`c4|mwNfi_7hP}Plj>#fNjwopmn(K-IM}~R8`P#7_{`4A0TY=2NoHwp& z8u11_dQtK%Q07VBrWzo2UYUF?nDR3Xd*G&Na>^l^pQr5YKv|VliO>@es|*xQ>9crp zk${X4@gYR2f=E>(96ZK^$Wjn2vt=Dp1VPKGJe1j_gLRLE$r-VD!8{i7IAxEX*AJ79S0Q>h;_q-$+;q~Uc{Bw zRVu-+m;rhYDK4RGVOA^=GW1}d?>Y3t4tOWWlF9^#Bp=!Zk7P_VlBGcx{S9ny4X!(L zH&lT?2?!sQPHG#$5gT^_G3ZgK!6PplX!;0*$Wg%#w__OLV?|{;JSS;N2t8Do+)Wwz zEOpSM81Zo?q!vWT!QVL9toFuebGm~23RqSxE z*7Z`jb*(E^U0v%+kF?$bwi9Qu16vKy^9^_5VjN@Ou}cxSd=oaz_%$tU&HO=&DqPp{ z7P}!(6VNdzv)Hk`At)XjslYW4ZA~E9 z;>S7*HfO_-CMl^>@mY>T_EAro1|rlO5jqa)R+1F~rUiSuY2x`QynhuzQ?J3}S<@Ee zaiqsYA}4>!L*gj|7zdZF3!Jw>;cZfQzf^dSD!e@kj~1u7Y-B7Wx60^$3X>B%;~dJs<#L3qUq=|p zVuQgP=-?>z4BwSgFV&IPYFubDsQA;|Q7}u}2qsVO&6aW3aZ*NlRVFVZEmx+hZjzd3#sC z?FagK)tjAM2xV?v6EzFGzBn^+9vqB6ei&Z-V7sTyoQWoiHBKXBpoYq3bAtQKFskEh z3mSU9n{Z=s7CT5q#AHtL5C_GDOosBnmNJN)Djoy918#02awSN&;Ggqu7p?@Xpvl|t z(4<>7&j6S~DLw4~>rFs8(F^A>IN98QsL4x$cv*wq-H=VdQTl(`1o7~AGhzZt@RwjY zRd@Czo6aY)c32eI+&bt!VoTpCjVPrVY$-wWbZbM-Bd&^KC6@CM-=jdN&}G?%mm1N88(c&!9z zv%`FvZrh!{l04fP|wddB(EdRX62z7OxCv%2U8>5d%h_7aa&j@aTn>HE7y-d0hDv$Jkp2%3lD`{zIWRnLD0x8LGNLx(#gY4N@u!so++#dJ+oL)P)rVswr7G<%80@AE&w`)M2HIY;Zd0bkG%` zWRDh5DlIqTOrJlt>TSf} zfSMhsEmSqAi>J+|iyid~*f&U}@!-P5VlK115PQOhO9RUT!9X)6G`jm5DGl*@1z$$ZXuj-wpXQDZsm0Z!Qe zZstn`fV)V7=1;K_lMrF33(X6P1b30dcU%HDqWX$3W`QFgzlDRxin~aHMw1952~%Yu zag_`QeGw;@;4YHr%_aIfr2g3)I))SW|2zD13GN~ZKq(BBgq(vU@{%IKT_i!b=!Jxc zRTa4M@iH7d4DKQcy1}lMsF2~HuP74SMG~X91ZqpXNXH13#H)$~cacPLL_)+WM4}-f%qKZizJ&{_ABnE87Klwyj3tID# zkN4oTR8G+aOC5UaPV-rizM12 z66bOpwNvu(CpfqScag-I5s7Cw&Z&x3mm3@= zKh_-xa}g&bw?);IQ7HdoRhx%sm3?<744nd zxuVasZK+p0^ZEUb?fLzhFFvFFrf0*a^xAdK8ND|SeBrq7-bnlM&aJ1M@!$m4O?kE7 z)}Ofa^PJarpDSIn=YdUw*I%D>+1SC(iZ#D(xb%*_ljF|4>)IcW-gVx+4PBoWto4ri z{a+_{ZTVsR7q4!157>5z>&68KzxS=)@o?W^H@v=O#@|-o_S$Wyyua<@uYR@ktLqki zyKYsEbn*LBX3Y2ZtG~Qo+XveQzV5r@sevD^F5fxt*z%BX?rooruP^F%`s;sqee?s~ z2WP%~k8?o(ZNt7_Bc0K?wfBON4-IJk?Amh{EZ#Npwu_!h|7!9H=fC^R>P4^3d3j9M z;`5)InNjdWRp|HQQWxBrv3~692Wn~`7;*94d)J)QmVWTnTlZYDZq~-xn^zT|Hg4E; zqv!PbMfv`NzkE5RGQsijf-TQFQ!Z~E_{rVRzW(rIXO6!3li;GyXU31Z`KWJSozi>9 z4L81=yXc(6bEX`7L&D!S-(NiNPYw6wUiSBbreFOm+$a0jkKDO)edWZZJGSlbI6v;v z8G|a@hE-pDVD-{_R&M#rNB+@YPO6#|_s6Hg2^+IsF3tVsgd3e7WglI4(J#-BiGTM% z^YKeUt3q|x1}21B`Z|Aj|A6PNABui+ROv%I)-HF9J^8M8-w#z?bJZ`sjSs#4$&-~i zTlW;?PQHIp+A-;6!=5{TY4hhV9jaVYb@Ls2ymNX#xAM(Dx4RYwKKRYc&o#*YlRmw^ zYiXbPv*hd4eSOFL;Ua0t7cq{K4U?t~cr3H-+3>v+s-AbR`t=|4mwtThh^}3)y?R&u z!7pxqEd2hcH&gdq^}8v@4{L8edDN|cdFkAvH^luT@AbG(@A%z!9|w14PCd23GkWZE z5B&V)X@9)ng`1w~d(8tA&rdwLv-8oZx#KEdKWCLR<+~8pt8zy--1?VW7X0jlAD{T~ zwI2rUc{%+0(w$G=@bHfhWiK1?&BkB-qU^lOhg^KupM%n(#lO91!rH4}xZXGP&V#wv zynMmlZ>OY<|BJUK>#E;=^JV4``TEbD{hDw;GyJsg`lm}rwu~M+>-PJy)~~!>zJ6x+ z#hYe7amII(-yi#E^@c~^x%HH*{;=y{uaB=d_oS;I$zPV)asBCENT0W!FURkD-^c5Q zPkC^=e0~3?j-=Or?fzK4KI8kBx0HRb_;UIBPvallTIi@*ynW@h?pGi2-GAGqZ*SS~ zaqukpIzJ|(E$+M_bL8uz9^BBYaeeWh^w+Y!D}VjT@pb)w^Ve^kx$RHy`|)p&$DJ{# zGcQAWvPJsMp4|nzSEg3QF8li*b)EL$Q);d7wHxIW_fChhv@K-~(Tin`$uw zz$3d1Gr1PK;D=WRNCmZOu?|&7LQEX$&)Sn@tb+}8nVRMI zv9Ay1y48B9WsP<0#6P*{h-Ir@YCXM(>ySsNXTN>J3G}5NZG13;0;U8}m-X~A=;^~S z@|beQKiZEr>Y+A2)9vbJzI^;2(=i!{wjd~Ioh9*L?p1uY>{TN0bg$+GO zgKT}e`ZEmOtCjWiGw2z>F!D$%=KVYj@AY~HG7OD`WIY26dIm9!JjUB~ri5XVUQZ&! zIKfZP0Tp!%&E%C-s*}Cgq3jZNxer$G;q(V-0#}aVOSMg?~Ek z2wwP@F+QW<6YHSIr(`|H8T5>1m>g1qltm(GlpSk#7*hy z``H^?jC#g042^4LJ!1@d#xV@d4oJ@>U2D6HdXgDNt!JD;&v=GGWng;dejWB1^&D@| zGv1&F%@)!wr)%Mg%r>K*6oZ}<40UMP^!_bH5sYRn>f5_x$((GLS5#)-#D=ZU5ia`(Mc&vlgKq&1m{O#t0MmN(sq zHe(Ws3ypoKRKz;y1M_4 z?x9;f^B6`QACEx~%&OAUIehU&#&mfN@yRpj$!8cR{^=O@_@-^f@`ElPVX6Dme1o0> zhB*iSWW(#8t1dL^0SkI)l}NU8fkDp#hN0059e*hN24>Kg=OXyTIzGa`tY-n!LlQEl zKytGFir=asp9Kns>J=Ta3J0A4JJJ-+WrEX7;cOF}VG8H(f-^_q&=dM}^ieo&!5OY_ zXx|Vzj#fB76P&pU=Qo0LoWl83aNG(f3H6zdz6xiK;2f)P8U$yw!nss%aum+Pg40jo z{7G;;3a2;P7di$hoD9Jkpm6F0CrRO4Avog{&JMvDuWBUnqLE%gkoRbtzsoa+JwHz8%YB~K39IE?T49$tOoFoHhoPjgmz&XLd8DroK zQ8+ZJpo4l?7J3?4oDLeZF%EU&?4VH-*!DaIJb1X^F%~yi;!X%X|n3` z;0u|QsQl7}L&p|!DL*h+U|{~gVi-+WOEqC#^<-6DMCx%N#W0$%Dm7s( z@!#|*G6V|R}?@fzH9Y@U!4u;W$bsD&lvO!_-SvH|dgcQSQ!tygI zxoq6qIQ#5~)J7r2Fq*Kcn3PC>wED{Y2l)&dZ0QLh#W0$%sB%VXJ!+KQw-=CMiW+zCaln&9p^=)d_sz0G+|LCkJ#|IeGi?>R~RU)^Mw?{ zXu=9;!n$eVX%9rCo)S_FqX}!dCagIp)V{!14=Ak9g%rbR!m87RHSpQNKaWTqN1X`{ zhS7vo4{jt~)Nb@sMvMhQieWTiH83f;Y_vQ)@y`*dbA%MbXu>+(5Efrm16$fEq!>mM z)(TBnJMK)t8|c)Z)A5OrVi-+Wjquf`i?0Nd)UgzC91Nogs|nmlIc#|$GcO{wNJue^ zCM--Wbz$*UJ__SfA;mD7uv#=><$k|;Rzzy2kYX53Sgo3{zFu*6fUo3GSlLu_1-US9=J(Tu3pDCae&XqNq?0d;Y2CJ0emy2`Prr zgcW8|a$TmdPEd0B_d<$cG-0)A!m2$b{*s8)fPwJD!7!SzR)VWd7hhE)bgqzM7)@BK zn3S9@3M(RYmXKl?O<3)ku&93Vm0JqyAtA*uny^-D!g}ZX6TXQ^VK-@ZFpMUwHB2fI z|1=^xZp8x=`DzBij~PV&cqJ2OtR}28iKC2&*3WbJB2svNfE^5@84;buq{Ku*N(dBQ z%%#*LB8Jh#@N6a}=klaA{Tumu9R+fQ2#aAfF{HV3B!ieWTitz%MhEuM<;$8mMR);367iYVDd~FbH>0TklFq*J7Xu?_>+S?qFdQV6( zj3%s&ny@Ip_<9|M)h~(u@hlilZHYRMI7*2ccKP2vj7Xu8V+X@%!aAQx$u^|?;%kfq zKV3*Mj3!;1n3Qb8r(eGH?ugW_LW*HXjr6AAkUK_R;iO@)bOFv-2aUM2$K;y&6(KzC zNXLaZaraFw^o&P;d!aSTlak!an_cA1cXO;oPw_1#v7kaYY^C=0cSeOD?6g2UL zMk}oZ)?-_{1yeNHYZ5l137i#H37qK*RyWtwPtCNU(j~vPV8kjaWh-Sz2W!%v9R%21 zr<^(L?Exdim^l_emO0$wlxX?sd^;Mgu_~ox4OBuF%ZnD57evxBNV_}p$*~H{u*NVYg$@X zGz6sNw&qn0&9%uVvT(q7TN#h(aHX9T7t?Q3oT25Tc{?%3a+KPxJxUkT3*dXT)L%$Ci*;Q1*s9 zX5rbCGz8lHfXNV=4H11XG@dpFqOly3sRjGfiW?ZDOQZ49~9>g~YQ>g|uz)uGszQjfR!NPEiEbf@}A%goHm%A7ha zV}_dRbf%@IW@ctOotder=^!|&5^B%8Un+mCy(aTMEF#75wIlW8=)|D~^W0;(pYorO zC@)meU0-%=#S(BHaNkVe*QCxRC1$H1Cnuk=IQvZ`SLARemQ?9+KVrT3B;Zb*#BsC; zXNG$WxHEy7I+^48THs~@cM&kpPw7S(cSCGj$P7s$=;?moNqSZN_W8{CKZ&_PivXURK z!1F2KIhE!;nD;6V`t+fusIy1gsan+3~#nGxvUJ-%r5)D-vV71pUi<)`bNY1QGww| zYkj{5Zu{Km`VPW-FEAgwI8G_gI{UqX^iFeQ1Ckt_J{>L*@J3+X z%j38qAZB)F#>Z9xH1zZg73o^wq*+ zH!vqPbDWhvy0u#l%nJf%rEerW-T-EQOLTo?zY(ptWsH*!D}6)Zu@;ys&fqw!_))cZ z3YbK?OOC@zpA#O(05dbhaaQ`MxGw|dNrAJ{N9o-OOjkI%zVG234H83V$FD=4 ztS1zIY~8FqrTiEP%nj#qoRz+};k^@>8!6#9AZ8lBDtP=Hm_8dB%rbt|?M?xvS>UYn z#lfQ;n6v0EFAl5t(e2jT1%?6fXO>>lC!G&Hn>fl!-=E+;37CF#Hx~z*VN-n-&^G~? z^%pXjW&EbY`)+~ZNOOG>^mPH()frviZSao22-}C@q=S-WmfkFQJOa#LH#3-J{HR$O zb}`4u|7QAfq3?X)etSuDeY6S4-vuU`K5CzPU50HSFORNo32>JQOf-G#fcx|c+~&V3 zx;|2MxxhrzNBvRq)p)?`n&|q-epd=iG<`1U>wPWur@k(_K1?a3W`T*O?=5(40dCFD zbozAt{yxG1bMf^$oUUJW!uwHy;YjmxMf&~#+%q?DlvO>VV*DvEZ8t`6X61@rSh*3H zw{MEz%*Kg>;O)4XW8{A`eILOy5xB1eR*7GGs$hE?gR?FS|vBfzvA7(}7zluu8Zl`mPih zsA7kez8h}ACz)~55l!E7w=jtEXQl5Y;NB6~X!;HajI7W~pL8qijgyXO`X&ktM_Su& zDsU&;&{t_wUoCL0HuPO=Q{UCVZLy(mn@xSYfP2G+zAtU+`wqC?Tey{@beA8K zfXlL>Z;?%XrvZ1m4Skzz>bn%U8*J!%(x$#=fP2Y?zI`_JeMPw2y3dbM0@Gc791q-7 z8~RFY>Z<^*)`q@wZR)!axT|gGd)TJFUjetvhQ3d1>iZnH?`-HBal4!ooLaSiPT(d9 zY%HJ*XVTu!x2dlbxYKOtJIkiN4ZvM$L*M;2^*svQGdA>f+0?fOxUX#J8+?bo{5S@< z;{`Tae&pKJR|s5%4Sg$Z>N^Lx3vKAT%cj1q!2QaGzISZu`w+O#ZRqQNr@j0b3Y=45 zqvglRHucQ|uGEIUR-5|Tf!kn1-xizt?g8#m8~Wa`sqa1D_Sn$Z`{(xZV<2$H2yC?c z$g-)=1ze$CAD_>NRb)w``Tps8eRSVS^^i5izO@(jtkvOYhX&k8i-Y$UIJe`>$KHh? zJ=mKr6s)OiS#~<#pROU)(pVjAnhb_CQ<|ORsG@Bvhu}jBJFq4u(*+GR!In_V@~|_d zbb_>-9Bf$D7RIL{hJsfgXlxAx)m*&N znp7Qbq*q&$Lg8A9JEbKL^NJItK1mm1UgMDF7ias6v*&wqeEuSj&tK~HdHgxWMZVJF zLcgcTon7dWrV4OORPX|Kg+JR}l)E@T*XPCVzC3`qs4}@_IVFCdJ5Nd#@IF!Di`<3z zx&C>D?z}R5SENtU#rhQF7n>$vn!sujpvRW^5P5fDagoQrsJO6vfd?-f^B^>7(2LD0 zF3s`y%Zu`Tes@ler>xBHE-b`$)m$`Qou2MRi;Mha#q)gr9Crz}CFqm11_drwDrs32 z2$qKe!3EXr4Ndr>$8qpF7hW+^PI0M!k*BmQACe2)^XY0Tw&CrQ6lRjX5~wOH%y#D# z_)ALji%au;OZ@po%#N_&fTVH5s8rCQc|>;R%#c4=!#2+LRWEC#538MQG!DWr~%-_Oj!;<%tVw;c6n05D{pviws#ejmO! z6VGz5G|<{ujeU`GT7ur%AimTR2sYH@29`H8qefHsV>t>&J{ z43YUt7BDaf|!m1 zEAMF{BBaA(3BtDs;*;(%dgm0EEb*X2UBc=awH#iwGUbInRw?Dy4|P_q^Q`S-Z4OmR zs=*9-2I^p8$>K7!lGJQci&CCn&lO)y>f1W9YwffHPvfg@jQ`Nd ztk_-rJ?NOY8Z@oM^eeXoD_4r%Lmm)D#&2OpVb{7-KVJ^b9u zLw-1zkg)W%lV-rgI~o7AGhg3*=<7?qTHQH%_(K;hMXCnJke-^euUR+y;3oGyDKYIC zJBOs=Ha6o2=bd`pD_h^$*!$S$zWe_CNk8Cr4CB9WcJI30w_f|{lIyl^xM%B2xG(w- z#{a(bmYcplbHxjFXDsWp^x!XHrYRWPCOSr4Q@dmRR|_}%Fgx#_`|j-bExstl_&2u? z+&pz=ar)!WjVRl(J8vZRUuXP&*BtZduC{ab?8{ga8+X>M`M50tJB*^iCpJPZ3AWS) ztDBtjF#HQSQ`)mKCsZ!R8yGFCLe7GQaHujZwX&hPrm?Ly0O#b?$!RlEGtwrfR<_jy z!<98?fkFLEfu@?))&9`r`XkfXREf7gmQ{xWN2n-NUmXn8R+6T0sP+hzwKY}NE~}#v z@R2J*^4c)g`biWuhmTN=uu>?D7laz>nvYN$FA(9?tv^xb!BiMBv>d6eL?Y|j8fx*m zJf21x?xJL;O;4X*8DihttqcZQTSArmwWH8U8C1|KX@*tX5ULI}O|EHeJ+hLmt}Uxz zam>1Y3VZ)_np9P}CAb=Klh}NYZWHyE3X?uUyY~^=rBS%GDmZANz}dJ~=5)TozC*bO;o>{3 z$yxLX%q(xGFS$L!r_ay0NIkwDiw~3Ii{tbSnstyMAbjv4OIg8e77l5dtyUe0)W&V$ z;q;YR5+C$fVX~7YXm2tiB(o{JR0=PZTqWGqu`P!2+2_Z-n|*|k!^MYhlj&=q$sK#* z@Wph3!Vkvio7=gq^VJBDMZ>!pwjo{kem4H-%WDZ8U2{9SVh}g_m}$x+#EpH-G-Wbe z0HwfxdshM}@^UQE}4caDB;m z_u~H@=Ay41QvVz$rNhN}Tj8SHym8XkaP?&_o26->B+bEyNE)<(KA*rMtj=Rt)Ux<6 zQ?ugZ)fFH3$k_-5hg*CoMU)Fv0oYf8BU&lXQ;bE6vMU8;Pg}b96(mebo!6w)p|rT9 zE*L{o`l!@tDu#%IC?yoE%~BGz7-S>S@3IU$1^-_#R|o!iF~Dti={?4yqQYHMk#D>} zoC?<;nJ+zi#0$jza9I@ymVp(pE^OmO;+$mQ61mo=P=$w)eaRIOzEX{0OH>J#@43lU zgkp79kxnM*WUW$E777Vp0d`8^p_DCEas}HOvzH1x<53t{p7h;J!;|<3-~LGW5qTDX zld=y@n;dPDFL~ZYk9td}aM>)Vwi(pEr0SrQSy|*!#p^SVxv0-2ygtWljlriYy*nmA z-TTb2Zv691se_AW$~kaxvu}s%&p6|#_^>Y##Yz2;0X%!gz{NAgST|W#RI!v(8YojD z%`2~v5!34OgxSff2Ju{yn?&RxGLo9a_>QhVtdQmodUPAv0~x0_9kXPW_rzUZG=m*` zSUbl}!OTEUMt#JRhp{pHOjI0O-Q@a`pera67lQ^kJEx$I04qO=boNc${ML(M{9 z#f`>nf5jPx&v{7FYs}T6xbRdM`+ifL)CcC{zWIvlT)60AuQ=&?h4+!-`VOu)nXeP2 z?+xaf2N%~;skq>wIUuGv0Ms0q!fFnhwyKX_>I=9r4c8ofG*@_JQFl$1PkrFdjOOU4 zx#Evusaf)9Q%&7^=R28!JMZ<0#D){}!#9H9~y> z_tCoRV|3TY>aMY@pgE4yT=7|fnl)N|VdAFzpgh1Ap%hn&;>uE7Ud2_Rxat*GyW-je z7in@x*W#b76dG&Dh zhbD*AuDCWSzSkeSjNm1DQaZ>mhf`97(X&qf}0i}9!8z{A4w}Vauy#sU-=qot+7aPgNzkbVkR|;SH ze6=q*k$=tdAUfp#$K00yR8_QLpDR~ITmUsiGrcM%rWx+IB`D}sQBbh3R75}_5r{>x zG%+kStj{)Ww>|4?@oP~tD^S0*veLBeYr|GeE3^8t)&F^B=A3)ZxeFKb`~QD*c;>$6 zop)y5d1pOy&fzc|;qJ~EfuWL>U>^+`+K z0KwNpFUl$?H+|zX7HR5^`8W>G?l4*r_coIsJbweo{JjaJI>;y0!BCiXmqEK%h48&k zggC!>0p9-oR6cpgZf7>|6Tf91jk_3ye8gCN{5B3Td^lwU@wj9vIKS}e21yk>P3*zI z-XkMZJyh}W+bGanpml>!apV_b!=pUAEWfBwGd}bgfySUa=AETxx8qcFy!Wz_<#7Yg z1x^GG2BrX0fN8)?;51+ba5``m@DkvCz*)fOfU|)+fZ4#;f%!mAf#(B%0Tu$8mlEJP zz*6A(z%n48YFh}L3cLbX0$c*D237(e1g-!+3%nM15V#7+7s6KqQCjUEKrR7p1fC1L z6*w5U4wwwQ6UaKd3rIVl%}6_tR=m%k9aJH1-(XuqOl()_?ZaJlEQ+0oSop-rS@UYA z*tCcl>Wp64nhVI7>K4(xv8#YNsZ(q}h;fB?3K4ubWnwN|GMQKh7)}gGB&Rs!E?;tP;k>duBrdhC`|jqprQX4SN&|cRn<6UpC(p0hW;Nx{INFuM}x-UraS!e z_3M9f?xMupf-+eJh~mTf>E3LgxK{VM{C?v41SH3rq%)t?pSjO_7kwP_{vMF|e_!=^ zj4SoVP?*Nqx}?>pP?(koV~z5R1MY17i{RL0b2tr^J%k8}HkGkEVX_>3wzkF}=`2Gb zMn>IaRY^N(ICt;U1*b4mw@A}xx+#tvQ5PnYGpmgGw5x2tQrX);=Kp|F8M}X}GKQqe zB&`O&CCz)uiv_G@=Y)&WWGu;Jta~CL%dHX{yZ1&5yBfJez*UQnEtfut7^}suO&_l` z)TT=m_X_NrCYzi`hfrjI9TL%Gymv_0g}KG2$mLpT5cKgGyc1s+(f3J~B18joYPaL> z=OVNff4>uXLVY;Z zA*SMzsY7IIWS8VU=Fav|>lt&|L9&~YrdX)=3?#F)N^(&_j_fd)BCS)Us9J^I$?}e} z{DeARB_{@d_Sa?bDGq$zyKuf|h+hk$?x?Hd@NADO6tPzeImDj_9!= zf!V-*zy-kmz-xd5fcF6h0yhE&1KD*90oDMA136e;2>cm13dlN&2T~6Q;AIsgEDx8;_Qj&P8z1j$Py4Nwhv7CE>?4#ZSUI5$=91eU3NFBTjq+Z$GNxd=@ zrX4nDY)g{n-8WUZt8a;31qOHZn&?U(qsd)hu~D;++h@$hSIMeWGW#L5`Ujsz1Q zA7a>Z#T$F`+{ME#F@MuGc`=5!LBtP82B%f>KuR9yD^1mhbvF927)#tu&LcUP)cMR) z!d6_-xJ7DB%;iTG``Q@hHBW}rjVk1vWy8j)HEG_f!d-(ntq!ft$6W(#P@2+J+u)R( zr|*ArSJu$W)97xk{QB?JxXt7|!s8Z*j2$&mQP?0a@8;2|k19Db(HdhPt5%q!UK1#) zo1@cgUy2_=EsgN0Sn3G-wJV}4p6r&AjSqn5*M20}93T?l9Q7CG?V{S+!n1y4%6)%Hlt1;JwpDB)lqQZG{YLJFgvSJ}K5Eod= z6o+M;jy1?d=5ab6Wbbi022|TP-3RIBdC1cWvx^FI^0^wyDv&uay&2Y6QSpRbierv= z+cdtg)Ci-)S(>L@G^w*uWpJDxaM+Mpx8yMuWbZt>LAB+PON`kdm%)4H5>4cMLfEex ziqswL;y8YA;=reX>BeAyr>!Kafj$WskKbc~(}3fElZi$*I(S&_C)r^aA$<~b7?v?SG)@79* zs-+os1>L$`Wj1%#Fc%eY^)_QqTd*|aIK=hQMA#U-n@B9EwkE=6oa!Oh(~OzR7;?jl z{>0wK<8i@98#ngo*amdRIy{aa+y~jEh*L1}6MZw#1=>YGYUpC%1Yia*8#o>oQGgaL58ZDbTVOTnjj`3h{Cx_U5KPs zj}KLM!F49yaM0ZIYvgPte6!P0dol#)lIGV$xUX-CYnnS`4{w_z4KYnbLTddF*`S?D z4aH4&Ty=5gA?7@u7#Ym|Y}|S!>ui+=WFJ{t5}l`&VRjboRcjC8Y+Nu5=#kGX1Q@5Bd0AfZ6+e=@!c)Nb(D&g3A^y9aEP zN7@R;q{6b2#W?dcG?D`k-9Itt%8jBE__a~cTs`6VsRpy^Y<_Mq6eKDR)U7(RgS2DA(F^AvJ% z?M56QPK_9;xMUkKGC=YkF=l(H^^O<~*j3?_hsIEiI_GpSD<@7E2*(LM6J^}vHoD|I zT+to%LVMt?t{IBB1zj9k}DM^~q3})(7>YXe#8rwOw@#{SCVgbTC+LdhI;QWu1Q32Taj6CNA+n+sDpCZuC(U zwglN(ArwRL;t){_9B6F7AtJ10AyF(`#cm;WFPA>U5c(2cE}*DYr#Q;Qte>ovH=O|JY7t2b6ER5!ayIKlWqP)p}IDw9^1)DyHgYJEdOi zcKQgWpw!hyAno)~U@Y*Tz|p|Rft2wiumrdXxE}a4@EPEU4S13ZFOnbaTbs5{y*4pHZP+Rk@H*O;n)Y!@@=ae?lb6?doTHvW4UR$ zk?NCvt`Tc|A)2mGGv(*4Hs~&d>$+y6->$kyq5pwiN1A@$yir&LhXi# zv1f5?lABe+ve-pZYbg%PepEb2s*g0?+hPyt#|*`I_CBubj`c!2jDlxBNY@tgCDzqh zKo>9yNCk8NP6u`bmH^KNE(79wxRrMRI|H8sx_~bMy8+(>b_dc9`vYk~1AxB)2LoFp z{oz1vdyN2&1&##X0K5>$C2s#j!`~)~2_!$r%*{!5qO$O3_Tfj^EWhhJ> z`7T^m&phgNQm3&zzEHbK2CM?SeDC2dg5Ney z#j6g553en6$=f5bf7RfQN$k-&+%t*Cy~iVh_&f@z;gn5!_~t$6@zW2~aWvx-IYNe7+@ZmUXev3LAMvRXDx%m>o!A4wv3C&jJj7)DQ1>f}-91jB zOJb4oM3MEI1mZ@Ah*)8cSmB9SdpLs8DooLMrvoSP#WY(?hfEn(<*hyJtf~`x4pN2C zTa1W-fD3V7^%q|-Rh?|Qw4*<)d*%wzS&kj8bKoO6j_a6tM;NlbLD~tPlHI? z<^v(7su0hF$lt4Z|INL87aQEp!T2L*7^Mik4e!)qVZ`z#4mZx_O6CwkUx}+-8_8#i zo!S_LI0tcRGZA9rbZV6d{Ukzs-uXundL5ykMTncpQgQ)8#{^9u$u2?)_MIKRj=UYX zDuEvd9LdbDWZ=#Y3+KbBi81>a+r*gtjOyM^JHGdNsK)v|6|`>f)*W9CC$Z!fS4y)> z@Ztyb^m2@OM2s zt^+m&J_HN{a;n`N2vgNs0QUe}0$&400BL8DKw3p>AP-Qs0dj{Y3OEJW0eBs-Bd`|O z8OWO--GMz|Q9Xed0AqmTfW3g@fxUrQKztp%as{wI@Co2x;9J0#ETM0M3-AVDKj1%r6M$=h7Xxnsa);_>;A-G4z_q}2z`KF#fe!-j z1U?D83&=gxyMg*0rrY*;Xtb*@)kO_iRNxk6-rlxidj)37-L9%UnrkyT_K8 zn_ZNn`YznjZSdZ?KG~L*Ra8uAXa#Z^H&gVEY6ecC3whwXT<{P{0vwT&syBA88| zd1n>D%#6cF1H*X48h6})?SXN?UcjNi$>amFtRsP}rjOxeH8B*1(V*HOS2Bff`=PCxNO)LU>MX4lOKUHd<~mCo z#nMJ+fnm9754Xj2Jk{5lzc4%OLX)UFr5jZP%&9SKo9fqqyMi*O{;_A+oQiyz6JIdo z%bY5hSLK*@no|q-0!7P!nXo+5fi$NXK$_D`AkAqOuoRdHTnC&DWHZYGegw<`egn(} z{sGJbQaAZPnqM8fG(U!<`AHhhPtwHxVMkx!5(k;j^RoWph z)*gwfI^-Bo`^!EMYU|po2<^Qh&?GDfcJER{AKS3FGQWtT!#W*3C?ciBS0L{d^j}}$K#S|qUp06)E|UtB1}}Ch1I*p zrM_%=g&$k4H06Wkp)FG%Ws1HGHpik>0y_b#fPH~0fN8*MfJ=ba0yh9x0@)p|0y-dX zHSjFp8en(e^}s>EwLt3aMj&naGk9s!426luttE|PnWQz;oNEtw0~9jf&* zj%Kh0{I9KRLi?#Y^s>%DQ}NS)Mzs~gzZjG$3_8O-m}N^!9}xLUF-s42 z0{KgY*B$fCD#z?V-$T>>!0~^UJw)inmPyiI_tLT+KoDr6{3 zY*$IzK6UkUMny#Jft?4>$@UGXD)Z#!<)Er6?hIGe6j3X-xeMPQ=T%kp zOfgEYN0y%N%24od|2rsLMAz4L|#wwDuhPJXEr@~o9_`@c& z{E%jwUHYk-S|n)Sgq{W(i<1ifT0K=`zWv_6;T5E>vb!NE>#{{}JA8$rQ6WBVO3GET zJSzwxx?>rR!<*-qHBdjxRSRS_?E&9tEmhCoS#}<7 zBo>RvwRNHPi%LN4;YN5DijdJ1GVl%(YdVxMTgednw&qN1MGlXeVj%y%pW&*)(@`91 zzJvG7p*a3uXfveW!4U=jU-)f)4T&E`maksrD$-n$h^CzW#2g!vY5K(N2G({XVI@3m z#jP%}j+_m$3m&@=#r?ST#-^WVBKFsb#Rf5_v`pWmt1yVAd~s~Tf}-+5`IJ&DuJjh^ zi7U7hEzjxjg|aD*tehNi2+RepA5df*)?)m0ycf@N_QqUB>d0=aA7XH(-aZ1d5BnI{ z6Zi>`v!yy9b$SR$WBn0c8Y@F`XF<}qvmj~q#~-VX#n4W1RxlBd!ox&E5mjs}L{w}0 z4~snoSdu_mMX1MKVSaqcKufMhRy%P6L!8dRYqnZMtJhRvhZ?6J*A$RX;DWh+SuT71rl6BySyO@M0H*-ClbQxx z3QPx557U6G-%sIX{W26L_Q@rUk|oW%ABwYdJa{OjuBoYci+v?_2=YR$JS1xF5LmA< zsO3D=GWxMZ@ftNAuyRw3Jdq*B{}N>4dw5T0P=jCg=P#}VjfGwa|3<(H_V=pf25&O4 zzF8OM`et)Y1t3bX+TOBIX_mIsM$o$(Y@B>wW{{dcx>mLGHzK>J|9!6MJ zAVabOC5;s*Y2q-qcP(bH{Z#0^U|w=HHY)b9MrJdbXi_)^?b5CaW3_O!Jt{)Kyw5Ob z(PG|>AAQ(S_hEyLr_6Y6`(j2eTA_HyBYspJ3h7;ICF^r_!G|MD=;MVt%rZm|uVlq} zdiXf=Y(q>V%okO*Auk5Qi+cYg%Y@9~P!x7#u*btx&5^cZOH3G~BBC_<USAztz>&W}{^qP+8=k{4w1Gq0v6v^YnJ2kB1xaKjEq^6Dd$=(b`( z<}2P!Rxk8sE)#V_vk!$&hNpWS=1qOQ2^oDXltqBaH+1jdmlA z0nvw%(qQ=E0JD(_D^0}(-BCBR(x&iy$KFr=$g1yA_MIn`QPSS4}V!`vfVNWt&{{o&K_ID|Gh_tyCq>Hp0Uo zVl2lnW1MZLQSL*LtsQ1F6xx3BlLkxG@}9yAflbl-^BMn}Wg1?$t*^+0Eh1-l-HB&K zRt$nm5bIl!@gW>?@?#)s{lyP|$n}>TSmJS6chm(UYZ(1VVVoNmNee!mo)Fw;&JR^Fm>DGNUq+KunGGCmN^*@AF+pWiP`n} z5X>7!p4s&l{IcJ!7zG+9XQDT+r$Y5-g&V%H=4(F2gDa^>nV)>Y154`OzW%_H3s=+w zOJYy$1b)ZC>yG)R^3AjA-_ed)mOp`mfPVp5u2ZUg^C@zvbcW#Sf=9ba0ZR@D5hzvXti#{^5M?V zd_aE&F}Nlzd(=Erc33tVRTw-CjP6S`UY7SO;27W$U@q`mU=i?p;9}r$;KRTlfE$57 z0^b4t0;H}^0%?5g5~cAm6eiM>H1@iZHrLh*(8SoD1Geu*#x~WzAZWa84mSieHoC#^ zn*&x`T3%6!*pAfSSa_xzcvob>yMcpf?_-%~R)@KdeFbfp<=71z2;2i?nO;?Go3mM| zUWViYJCe2+za`Dj9LlusgckzN#uj3@T&$YsPHaN@=7rCFYCP}jcW0wUEF^u+hU{BY zcObLuh&+QQhX;G5J^&hR^B(x^fh*Pi(J}vfQhKi)523bRo2}Q@Yjfq73bG3x>?Buz9m^L?wRB9MAX z2C^sp1YXuILvnXn(wLH@`KeuOF{#=`8^5aQfSMz9i1PO;SXe^sVLXtF51rsF96D@i z38zlUQ%JfcC`O)C6Q?{nN=BTB>u5F@#nxJ9YiY2x^ug9fXKQY-H8-<4qd8@)$NKnO z4Qr$&@ZStbXFEcfWU@YW=I#HE^?99#qctr$i)QM5ys|>iJ&@(1O|*b7Q1k*=5sO#| zr1cd6xnwB;azH5s#skZN`M`z1n}Cae&jTxfb-=|yz8~O9AoaEcNb5WVFRhayX`PbB zoJd+C91aMu7ucxV`HL2;k#k~e?_#Gzjl7ed4%{7_k;?;e|63zxw;P9SmBH&T zf6}{MufuaR{A>LfekHEyj%B5}wS=c&x?5nNEdM%SZ{T`hf8ZU!;lMkANx-{-g}{4& zcLFy6Y54a7>wxzG`Lc@pf!t$#5J;Uq1Y`sF99}j6hUDNYX&ihd&D-{|M<1&#X-Zfo zhTZ%?y|O$>C+-2tzP2e|A?L$Po9JfR%&_KWW;XA^`5^LaKTpTzPlLH0{-vNSN1mtq z-x`i?BwlCjXe5*DMsfng+3>n!nP?%+;L{bc8ETNlYYub)TL7bh;Xrng5kSt(TLUwJ zZGhJT&jM06?SQlZE_lf26n;`^O z!zB>Ik}rU-VL-Y71EAdI{=ZYhUPts;!x#Ii;S4?JK$eL$Oy*>Gx*n(@7Oy9egI^4g zQ?K4YPQCg7IrZubZe<8sTA@lwIRwL!(@ zO9WC;w-wY=bowq-EUxH|d7^GZ;Mqdxwqfys-cEY~$h>Y>i;-^;mO5i7OuX1g(jLce zNz*r8?geF(Z3WNCIu@j2`Lxe(`BTeF#3#zt^Ht#Y<;$%=`-#9_3BLB=?AYb_rK7Y3klhE7OHgC40sN%hXI-Y=1OO8Gb~I7qPaDapT7x^~05n zM{sNKgAe6089u(fiD-%|AIfzP*n1ckG(4Bf|zdOwB!E>Ljt#$i#iPF_BQ&u*kKzl!8YAxZTfk zs2xKb#1p6BSj0yn$YOmJT8)P_O}z?@D$-fiJp{HR7S#GGG<{v&Lv+}sW%x#f`OZ!p zBIu6gJq~YfO8fBCCUvkM$ieq*AocMckX`bd@X{<8!jqfOxuk`vkm;bicz>R;UwAhn zjIi}KY&C3&t>8bit2`~Yj9UehigL>F5+9{-F#2+6Hq=Kbu1$lS6i1$nhDUZ~FI$Ey zV#15#lv8u(=9c6ZX6Kfs7b!N=hC-}KKJ!NvnS0*y2)qRpv}=IO_i7+j^A@~R4MVcU zNE+)|(mI^qNITnss)1Vz&;0%up7L=(MEsS1P69$i)yNPz`684Mtw*UN3Lk`;Bl-9s ziSB+yK*o_F#^D*15Y5rXp|#l|`PfW!_ZtE-h72)AU#}QjOfh~pV#p9<@V>E1<7)hb z;{&O>`vU=)h72(VPfb{3Y|+_)e;P4lh%w?lF;vOZO)>s5V#p9<@O2&5G?>2bP9Y$3 zB}0sn?1}N2|iru$Pi;>cw(q>M1!KcMn()7VvJdy z7^5X0txb0!MhqEZj2syQuX%3g5F2V5A7IxVo2)Fk3^B%Ko-|ah_^lw_@j*WsLxvcG z4{t-e*o$bXVwCIbz$Qiv8DfluG6r@@T6dGIH<@B^b3>*fLyWP+D~*|^80>Il3>jjK ztG&`FF~#7mei=iC7-LnyG{TG+GQ=1+1Wbc3Es|--5M$gTW3Ua5mf2Y$LHyDzc-Rv|)gT{&(;Xk#mTAZkV>~Wn zU^(7i)gV{?x{EMk$Pi;ZEn}F?#th%t6~V%#rT(?HQ(TO)=HF~(~$25WGR0+ zI?=N*e9q>&i#L=$w14Hkk(W(4e%o0`Kia$JF8BCH&$}nFNo8I0$&21S9{T0QGcVqG zVnWm6=6|h^JD9L1E&9^)Uw!t*{ri5q?dTO*yM`rqd3V71D~>;P_tl|~&D-+zOAk3K zXB|r)vb)uqS4(!UT5+PsJ5jC&o{WFy=f2~9oWJo%TKurssc(dLJ^0(2$X&bs}TQ_h)}-?aSrxraNvxqiWje?PYGtfkYhD*Sr> z)wdnU$Q<#&v)8QoKK0k?>*ig4bZu?lv5)`t(e}zWTfO7#zaeYg{)+$pW6qLMLtpRw z=(ka`b|3osrkIP)f2C&CLkrhxgxn=@lu^W9MrIHXqY%%BIhE-v4dhz6E!@ z*XxDEakFl{{==s)>pZz|@}&z}PD{9H^NgvX#iPFJvLWw+S3h5{cTr{Ooi}{@#jM5i z!=1JFBxJ3;=kubsU6%d3YZ7e^+BSKQJu zeEH0drETBdcEQGiB`^OpHvFCJXXeJ-GWg;VxveMOzk1=-!!H`Lw8Q=1zV!Y}ldin* z*m-wM7}DX1>pxkQmbb0{Kf^8x+mQL`o6GZFoVhsh&-5-~`v)D!@7A(qQopF`cR%=} z%bG0bmJRb#S5IC1UlsP?UlnJiTzk!b7VlYmVc~_H@B8}At2>;m>2hJqPiMS$V&H?v z4>Z50^exwpUke_IIr!fdyGLv*e|p%V)=Uf(#!-TJCgjDOq~-tRI`N?|DP+@A~fp@e@kR(kCuCyZ-c z^w^OPCg|5UKlW+Cqrbj6xW4Opey;m*-M}k5H0!7H|D3Spx!#Z7aJepT=g92;EYCjY z>-Fz`IP>RDjnX?79mv1!$B)xDIETNoX>j|o2V1>(#jI_}swqV8m*UjCIA+;K(L zFTLmKzn$g3t=xIAMU5W+uU#Rd53CF=)vr%I*6399f*o!>KYIE)|EHVVp8eVDU(eQm z-~L+2zM8D_e$nlv(UJxKxS;Q{@!3TSiu>m0>@08W;Oo{xwD`HX zS!I1=W7j$ym5Q>ksG#oxK7WGKZi1&To$ zm?4f$Shg|baed2jE6So56p}&-A&ze9;%Ae4VL?dQbYk`o4AESWV2;HrAr7vsI6fup z{i~lRmOfv1dd1=V71R^2VF#4LyF{Se1qlbn`Pj>*Qt1y3FFtEbh> zE3F8@qtCti#oqCx)Q>qWuG~T#15I)wyyS4pB*YPozjRk$pFP7n&uwre#BmIN_58H< zlG9f3birS`jJ@|<>Me)67FIcJz2vkLJX~kfZhmgD|}h`ge;yT)A+McUm0y=iF;9)1P^EB~FtC!$m zFU!(A(ees35qr7L6Fgi$>2i8`$>}Y4xISm>=-w5Zz2&eLLL6?BoZen?xa}I^;2NBA zde6Z9P_O*-6+Ag6Ip=%Hxj^u6H->V4jeN4sTMm265C_*&dbuv}l7ns(Ji30yt$L-a zx19chr>#j&KQB201P@p7%+H1|zs4xbklCIG3Lck9&Hyhtg9H!zOvb+InG275%i)n4 zYqFwkh~sx9XZ3;JAiz*8`H2%em8Sd*@scxC@T|aJy67*bp|i1G>JuB_~1fe1^Z2vwzR$KE{I4f~V3XC&5e37{S9m1m@y{x~S*8 z>nl<4%r?mx<0U6a@UV20)4!*4u6Mb{3Ld9PPLh`#Oq)=r7-)s-khXZWcYfT0$1G=@ zmz?o}=TrWLckG$J)jK~E1W$%3KjXdRU}}Z@(5mSMT)(@(J3q;|g8gBWoQYm?CJCMg z@R$18+o2CSW7eFxolX`!aV9yFyyT<^9(~_+Y);;8?{cLIoCqfoPc zF2ZkXKR?Y&&c%X9*H84I1wQ%>_HrSPcvF5Z_L4JQ@UZ8kyS48?^sDyzx&&839Pi_= z-cF}WIi_(L(+lum@H2Qqywakzhd5mLOLx}RRW;sa=SX3dGs8>HEWuNazs%3AyWa2X zEhkg(j4+jbmY1B_f`>D0x_6U*+2k!J3s*uMU*NA^_Sr(tg4_i>60V#}=nVZXs}gRO zrc<6(l-UO5bwz1zP`*@@P6nkbs{n3>LE%ew>Dn2TQbp-tP##y5E(V2P@}%o-P{P?w zz;!h!6BXrLgHoX=7Z{WciZach>{gV12IV_Nx!9nzQ!49aP%c!I6oWEPQHC0nTNI_Y zLD{Y-Qw++NigLa|iR82rF3q3}SCl~pWuBr8FetYuN`gUoRZ&J6lv9c_(x42-m`FF= zpe$09@do87MM*L!hZH5kptNc#sL#u$_v6=jk^*`p|$LHWQ!iB6u(iJ5S0l}$8IIPDRR>m4hF)g~yMh6zXI z3JND(!ck3vVn}9T1V!(r#5&AMX{YmWLM2=W{I$yIqEn0%o!TE9N zn&}iH7H7*MEu&oQ=dG!8CT!(lA8zI8rBe(!90#pDETEtm+Thy3Dw(66m51vBD^HqE zF-pNi1&={tz#1z-r|44!oMW=b;vCW{hqF^bF>0Cf7AsGZPBF?Jp;L_fFi~r)FWMD{}Dpb_C((z+*=Ue;x2i*9KPY<^JQ{A>7_qW(HN??^f8p2MKBbi> zR%@C7oZ!*=Vn?xT4kk=+Iq)G4)$M9o$4_;Yu`B9`8?9?u$jyoQP1nh!gec!ehx9)S=}@L1BCFJkFB{AJF^ zKgiWO+5e?t2_8#YtTj(s8xr?j<%xyIB!v?^mb4a#Smw0k4h-4*HW!h^x!e#-T9{gy z(t7FB0Uvo{<*HbM$C6f&h^41>@zbNwakJN?!|T+A6Fio*ib403Ys8-g`#rI~RIvn) zB`qwj5KB*sI+VL=Or$Rj4NmY_(&8-ClU8HLu8p2pvsEm?V@a!2#M0Ax@6oX5<*pjj zxKYItJeIUL^+VWG$Y`OEs zwEnAN2_8#YS6I^Ou;_y)J+X$hVqAQ+7arDY>P5M?;IWOy;~U>Ecg)DWRK*fJmb8|L zSgaWKq9;}i{+B1#(<+wWv81(B#4_tp?tX);eWhXv9!pwRiCB7C|9$zEa8IoE;f#wN zA9!oImXTuEd|r9fr*apI+~ZU%!DC6QQpD2J`f0-_)l2$dS9y?@Pmb-l9UZ!FR9!t5_h*-L9xT-II&lBre6-)3~(z@P~7Ii3hl9|?F z6-)3~(z?Nt*1pE;zw^Y3YR$Mf*9LEGU;iM*XkXN!++88}I2B9qSkhW6V(I1jY~+#K zJh3WNEWu+b*Nv96uKnbvv2tgdX>C-o1dk=Hn=EPlJ|T9nCzk%9P{CtK>t;(@2iB}g zle;}kE4&T=;&UkQR@=CR6vH;Af8P0+Csu-rC3q}p-6~?~?Ths#ccekqN>nVtV=31< zOIoFecV6p>^{|R1cr0nH_ex9dqBE@zR4l<`N$WOCTKE6?$~m4`t=clKrU@QPTDODh zv5gl0`Y>AV+>(2=iY0g~Y26`W>9*0S+t0P0Sj$u_!DC75PD@(Hep%N^?lv>67gQ|4 zV@c~SOIkOc`edmm)~_m-;IX82w(4@t$RTA*v8PSpZ(Yq>k1W1 z@L1B?AY$pZ!L;PAKGS$n#S%Q0wC)wLbRE8O{jeWAu^jCfSJUo=x3=Z`NHN+n>ubC* z7fn>L1dk=H`$a50txY*2KlQ{~p<)RhOSvAfq{VW{U38GOohp{#v845&C9VAl-_G#F z`cuUcJeIT`vZTefEbo#tt-&J}EWu+*>rtZmX}-7Z*cu_eSVOv{%EGR83mJyeBpCaMRs0R;k?|G zl0@u-q?Q!n>6TJ_inu-rqwy+Ed^fFl@qqq;b5@#Jk}aP36Q2&W^Y)uEdfJ$j)agl+ z)2B|4?-xH>^ZVG8yx{e4&!|zcw%VJ5+KbOn6=!<(%APj)SjozZ`tFCn6IkiGanx5l zsz7S8|3G^J-ex2@Q%Wr66igDPx($lm^f`0+Vd?twmTZb+{RDdbaZR6v49sl)z}X;Q ztP>_u`{tK;_+%S5QPh%ITwHMCe6slv*RNl2@_h3tfqV(S{$h1s;$VF=!Es)N=^yKh z-CH@n`6ha6$G3G(n1~Fx?Hc#Z3!#Ej>fB_IJ~b+{>c!j7XK$g(1!dJIR#%v4v?AZu zNWSI!jOFuv=zbcPs-`48MW1o~beZov`Gq;ren;16aUUeWbtOQ|h5}T4pg~oo@wY^nvtb!U{j@&48qH}pD4sdN z)11_q(>`4h=4>>4erV3YX~Z@sZtA)kpz;R9GAAbcyVIPbnhX8+1bJu4_Yi6HsNPA} z7r{G;hRqVaQ*2;-a|TSc<)`!V)vOv2%aWLB-WkMP)m%{Xlr@;B{*rCLbk|?<4H03^ zMzAwybGkvt(Gv=Gv8E>yG{2sJc^>X_zAk2Xy7(Zub>TrS26XAcvg_i_x$!@h)uji? ztqV72#;0((P|&3Z%dU$z=f?L!#INE5vFqZ^+40TqKl=gsjRYF7J~DLFkT`lmW<~j4 zGx=3iAa-56Sy8_E<&w-OgXJZazUFy~Ur)f2f1fjAV=1Sn(U2&5GL~}qOh&B&^+bY? zpeG@-Wg07dHVYrM5nL3%$@pFw22LkX96cc}59-UBu}a{uiD|o`z0-;7Ct=@t4Kn2* zBb$@d<4=pJ?G6U zZurL)4}a77k{1ejKY{O$ev-$ZJl@HV?k{=tzrN(v;NtV(TRcE=`IFZjm+u45F2#pz z_{`rf(BA~lP4ae`c;dlVd3%9xo8m!GIDh&39DEN9l05$MHy)Q?S3Hu_cm8T{vF%_y z(+yAOPagC4hvE^8_~S2sJ%-@38Sr%e#sfrfbU1e8%W;S7wVEE`ja;le7`DQfAU-q(REaC@)E%3h?l(nm)8l`{!%=G5r2HiWBxjh!RHC! z>HOtyI<7TI#J4Bm=|bRr$z%SOf@f)xVDl@lJ@_6{Jd)G5y!UZ&`&hggZCqe^Y`@#V zb42k$ywCi70s4>Nd5;}BoD<$x|3`VJz|)5v7hE8DgTd2rg5>ij?`&Kit#~A-@BG!^ z;!NWEdkGn! zS4<8pkM?&zcz#!W{_O80_&TKEjd7`g<(-eqL%}mw@%hW&N8l?4Px6%d<&}ZwKE)SE z-ao;!a%%nZo&wKDiqD@swvVsC^HN%1dGpDqcqFH9``eC-Q_|7rPYWz>DJ~CEJb~oZ z;NsKZE4fH=`LpK-arqALTzIkM^H<(7TyTSDdxqp|0`S#-J0hWz;AuTm^0EE->aS8^ zNUm9^<1EP+;YZ$;phwJ+Jo;Z>^7zDaHTZUBOD=!q<#2UW@dT2$3m1FkVEl!r^CvF> z*Urk-w2R>B8o~R@-%p@l2A)}S$>m?(L0r35@d!rz@gvl zqvC^_e9Aix`kmmZ&JQe)ruU5Ek(|Eeu^ge7p&h}~`ODu;yv9aia=yyT{$L&WN(v;S zKY7gG9g0U6=}R8-_dWP_E(k1-Svv}ziwY&5zy6PJ5-0;tMNwdRtdD!a^Pb}KS05TK z90Jdw;`-$^yBuv1o-UBQ3E-JfBKiF3kNGPB&!dVjki2KW^9(0YaDn7~2%gquk}r_F zPT=WOF8Tb)i#`Pu@20-LNRIJWl;KE1vq~odn&!7GxkkAF-8MR#U`ODuo zxI9nsNKW7O_Y*Eoxf*lDs=)F(;_?FUtWLAzp4e#NyXLCV_$zJo!?I}xP3-@w=8CYD~V zU@Y2zjf5l(!aqcLgDDTafa0fbY#9ay2zgfrDepS)tqVflvq8$+4!%7>$onctdEbHW zw;<$2-J;ioM1TE@3w(VPZ=m{}5Tv}R;F}eMyd^=(TLHecLCAYDNO_yVw<8F7bwSEI z48EU&kk|Uw;Oe6z_|8?lf$AeMNO{TN%Lqc=!XV{c1-|Qokhd{Nd7HquJqUUK2~yr? z;QKBJc`eojS08P`=Tf|Z>f^#7<&6d3)F9*)2Pv-td@F*GcYl!b9s}RzAmkkkQr<`4 zI~;_(ChLQ%k5=I8sCWa_M_iEd;=z|3guKgwlve`2tAdbsSCH}^1mC70cBym!I( zSrGEX!_uZI@i%^i-iCXk@N|Ldqrc*joc`x)!@xH-2zfa{$}0e0MG*4V1u5?y@I4lU zygfn6+Xudnf{^!Hkn$Scj_;7c(*>%JK8i6u&d?!yAQ(H(j$g<h1r=|Wo0G#bIQwd zOYvE_=*Ya>g5ul~GZn8Qi_9u3;48@@OUrUpStek;+gocIc^&G-p-o5`otZLvLeiM@ z%*jdVnNt(elQPGo-~rc^ZFG@%rpO`r|IbmFyb{=BfU@yV=6rTkcqqjl3F{8fjxvreW*I}rTJInW|nC&_)Y5zWP7rf!<8IV%ec(c^r>2e5;e`BFsWj+;M6hhgsIS4 zXykh+yLYLfme9zLeO?+i%*;M1DLo-EAw5B)#qTV-$4{nlj7bt2=!$||oH8|0>j`G;T}yog#?c4ySC;8(TnLj2Jw zDalC*lZ8Bf6EyXrl<|pzy9`%zOG*lhU<*v`a{RtnR3Cr2$SX=uyJ6|w(A2c#bdgb7 z6}4f?sIUd0HwtF5g7b37Nlv{u4OT-lqE=W!VMcn9l|eFDRFEdi$Yk3v6Dl3?8&~zn zYzM{oEpm+I9fGMC(>Sa}IGi)O@7(ZU_te{mpZDlR5B!3nO%wEK%PxKY@$PMo-PgOx zvBO#hvPw4LbQUZj}l8GZz-`b{v0iK+&7WHh*v@zZO3b z2}C$jf7n0Zqh@!0_>i{gx0|wO;a<*CLH}k$>9eoA)#lGX!on_n`~0C$+b%(W`^p2a zp8EM8KP|5A(*Bt>m!ep$8&OX7()E=i{#cdpSWKgefxFto;#h>BmyDfx`@T*8xu(h4 zul)A=%07SMR)?U!wzSE-CimU;&Gg$ht$1wHn;Ce4o1p(b_1=4azHLNF7$gZqF-u;-_5mJ z6~bJ;dn3&O-v~Yg-kFV8o5G_z)SAMF4rrt`gAapm4&NfJk=7Ev)quuYIDABRrxpp{ zdW=(R1CMEhb{2fQM5opsK5Bqd>j2MNkvy)`Db1;!1K%0pF7R~8_!4-Odv$trgnM;z zbf~-PSlm|T+daQVdtL@!#mB(Yqut5)E_?j=Y9~G(?hMm;96FD~n}-on1({!Sk3Y=h zkebW$D|~ZJ)yXF1Jv@|aYRcMsez~jn@rPSPg*2DDYFFIO`H<5b!-!K`j8Gd9;*B_d zzs0F>X_X*C42m2Y&ID9_|zn0^=bmqC2K0)P+YQ(3<<8&@7st?G= zgZd2WBE?abmtQKrK<)qQwC)>X2i=7egMEK?qE2rwUbDR2R>6j%hj8CVQ_3|I*`7oR)H>xNmeDfZn%YEQ5>n_&4d&em__kqvc)vvjK+3)UN3j>OF zSHoBBirT5y%{E9*u+l&|47s9uqQLIMp?dgl#+`0Tjf&MLb$vCE{yik5O9(-EQ2vIe;i!v7q0kUFF;ELHUn0M9-%SWBk zwQMTu1@Ex09EIQEK$a~6NFJA=cZR~S5Z7s}0Z9|h)M$QGaj2WR(~jf2e9)@H-F=6< z_OMHDn4g2e13DWS*KRqfa!H&rq27NW7$xOVac{GDev8VM>%n9T?>1T*~$Cv zWOj<0{{g?2!jH8ng?7c^fL-x*!6-$(m__J?#_Gc9wU8@wf639HQRtn>nwxz-tk_wYFDooNW z3PX3K`n5{hP`F27?Sra(=q`Ex2EWfBwjH@nCdq#*WQkbWkHj8AwXiMg?ax}VU=5-8^ z!V`hacM_0|Fvd_JLt)zE25plHg<+l=TYDz0)NUBiMs6t7ztB|I6232@=b_`jx!4t?=eT{gq zQr{4zzBr}6p-O${8tP*xOxp;VlE&sNX+nKlahYq<#$sRy-|Tc$)s3h<*(l&>z)1{; z$8+GP*RLh?U1x4S!L-?>VftgtJTug2FdfJ|U7|*VR)!WBlB0p7vF;_!qJ=P%7Ak5_ zh6JsJOM=qEnVTf|(!xxog;`1qnMw=ch87r-T97nqLDDQ*z^nk>J8hu{HC=ns8Bh-{ z@X#8#^KofVdN^})1Ey`ahB-#ewo(=$+uY*cU9SkioBo`%;#zl#w=~{~0jcF3g1B`ADG--|GZGG`a3~C;& zVR{u~%*_+FGS+~%lR5nwU)`da)NE~CYsSJlS*`x!c5=5xDw_K(R+V$7#jbMh#;|yW z@CzEEa@j`B{VycwPN_T|zfDU)Zgg-F+#`Y$vTW{Y^fP8@CSt53hz?J)eV;%&G*#U(eY@FyigHs=_vi z4d0v??Op}@ty~iA(#j$TjX z;`4K?2&XntCF@x@+ysi-)-y~8jWfS=`1uV{aXs_4NVR$}St&_wB;$flag-Jmm6^;j z14P|1PgHv-e6k|G0yQ(AyMde|?Ewx2z6wkNz6P8E+zXrvd;`cby$Ph5MnNaC?`25N zM#SZ z1e4Rb+MBpQ_M|Ab9CR+PZ9f+!1lab|a|BfzX^Cw=pZmCLpeXyglM7n*a{Qw34fUGO zq@sld_s#k?+ zxRZ;!2&b*Xwy;1Ka?umb5`CAF7VKhavQlA+Qemo6;S{C9^9&U-BvmMBRH38^6>g>W zcmt32Cnm^MbzO|P@e*82vZ;wfRAYE#uLx0Ttqyw3!X{vv2X{dl9IX9Lx&W$C_zY5&9xv%HwpjA7U*B%b7ste!A zi8p&D&+xYxzkDsXnH>%hGwW5)w8H!|xR9g;+tpK|)KjX|Ql^l7mh7h(lIoE(sz=g- zRZol4Q_rlR)N|%mn7-754@(Q{sZeTJtdO^grFs~W>X9_6N78~-PsHh|Co?GZoaV$7 zg*X9kZd|_9vqY(9sZt9*-YOB-JBnRF9;c`MGI-&)k#-D(9xG3pqDsvYy7t z+x+&M#OAr_jG)w8PygP4Nh#G`-<)(F)XQEc56J4s2Xan&888VrAILfB0^n3&Aut_S z1Z0O32@OcAWk^mwB#n~~NfTDfvl|Ip*^O@Nia!mQeB1!`QMMt0S!K@{1FwHO5J6w( zB5?0LV?aGh^*`|lw+xyU15DHXI3%b$-I6)EqFU&BsS)!$HDdNwBW52pVn!RPV<=3c z!X#~@3R&iDygjgu!_gU3-Qs#JGGp+WQr+MNs4iBiuAfp}f2FzsN_9O9)iEShCuvlj zq?xP^JPo!wt`zL2am-e?sD9O*w&q${jn3yv!I#B#Q)=t3)E2GO)y z+McB8YBLs)!rokB*;rNA*v=k9ts@$=AoHvq%tI2>wNGfiQEL4j$o%}E)X5`V zvhQOkOcN#}XlubGY5vr??JwRs#xWa1W$ZerCaTPbf-6sjhibb9RyD65DeIqpju$9+ljaZHe# zskpAag3T%IXmf5FEg-@(UHF+& zY~vc+VH@}j@Ye*cm8rP}McG*A$n$yi^fduy4Z)xMqe8t;{+*?Th>ZSSnn*pXc*&5@V!r+>|nVVH=~ zw&NX^c*yx|l4m>0aM%_Yf_S$fy(2f{kBFd^4>d_f1UJcUXIYfM#$^!#n@9ofrVwz9 z34bjU=J{eJr>#j&)k#OW^Ju@L7a(u<=qyetBfc?YY^00_q>QCt0N+CLdDL86*Vesy zMRX-IYNld4bB(0R8zJCXW#z$jK@r!toh2^rk#$#F=VWze@X%GTxoMRx_~_7 zL_69{1Q9}typCk!R8LTQxH)sPR$LQzywZ7XKaZK#9&x&>5i%?U8IX)1s)VsWnrHk# z4pNVdqz2;f#}rYOnKfjhLY$y9pghH%@)Y|i5AwXvoJe|fu{DEtA>xts)~u)u-fN{I zgM!k43|4qDSOH}0RPZFi?O93gHKIyJmJPb_5 z8ln3U;!c@U<0csg9H;gX{_?1SQ~L#fV?}5tEWf7+6(iJ3gxDy0i_kiRq?E@I;z1dw zwi_WCHxe!Xd_n7skc=?|AsJ&5LVd;6JcMM7rxCh9&|XGJ#yEmdCqZlB)UVxj5Kw9;tib zQXM=Tm$7j?lUABNTl##$wvRb-+Qu zYG5L84UpRm*8^t({{g%gcoT3p@MhqC;H^OF_zqwl@J`_Oz`KB_fOi9%A+3ji%<{uP z7w{1vt#l)B0`Q-}DZnRz`M{@u3xNLumH{^dR{*yFZvZ|IycPHY@Gf92(1|v+19&ZP zCvYwB72rYOZeUNekv+hEz}JE0z`ejdz|Hoxlyeq_ z!o+E9=DWGJ99J0%({4m4RnTr#A-N!)ENB}+V<=49icpH6ZC9Z%?O*sU(|AsW!nBVK z+987$iZV&Q7AnMNEHHq1PrYL}7RI}G*K&a)mOtvDi%|E0I`=PP42ffKHJ-7khL@yR zcXu&`7Go%%=uyvPbZ-%j8;2Z(BPbZN3mjvIhD29$2x#ANyArf0c&;kT19vs}*0k|h zMhw_}IMKaCMzSS!hc`c#5ogd$k7dLgMEO_-8!H=(j660!w;)F}O^{S0T98#bUuy@p z2!q6K!2I-vm@daNigGL?n^t4^fr{1!Cc|>K1&#rp1-u;C4oF?J2hyavqEe+vF%+hq zG-!XQknOO8m|Eb#JQG6<%x~K|EE@po5sy%=_i@drokd`dw+#drf<{3j;aApQJ8EGM zW?v4K!+sbEYrERAa>OG|qB}YP8Y@V5OqUv?jK^=20y*kr24tnMhnA+vP?+|tLEEZAG)?^gif)6teX_s7Q%3kHpI_i6 z6n_h~N4UGox%VOS2?KE{6g`pWkwI3EFlcPJz$A2Gphn;nf_RLn_K=HR66G_6Wvo_1 z{t-Tyq^@ar(7uni|YQG$yz-v#jsZHx!CVTPXmqCkPe?$ud*BR zkd(<-Ii`AywUAO&XXLfh$ox>TA@I@gbenPOih10kZe?v%x3Y#93S~&np(Jf1xFyZM zLPh5@%G3KOh4z&vuf%gzeiW)#jp-}PshFi6#GPSx$yIXs)Qgn$xU^@=_RK^E_k)fXYZ4WpK_=)^*$#+U{%<6 zN;ny11(>@VU!$rUb9;`eX&VaqM$KbJuZYFp3`X_Z|nd=vm0BPtEdVT76x|2&L$eO3@c8MUPU7=8n8n zG(%F+l14>KnlYws1&jTW!JXloG2^Q})Trvv2+Z{)$E$d#5L1#>^~^{(jPmw5m(w}* zE4cwr6PiXted6sxBIts-L+@|m&HNmPH&49p!eGWc-VJ0v?@@!>07G#M$r*{HZ3LI3 zc`45Pl;KLHxR9zt6&}Tbqk)Rc4N7r;V~*@Xc}_!d_bJ8QuN3!yQrtj8aSTbtNg5R= zX_Q^-Xpi}^o87}odyfE_ z&y7lZgADC4B(*1L)Sje?+x~_MIo$hx5d@GO>;dMYxgl_|K zB78fr53oP9Av;-yQ z)`~m^ioGJA0F8=a4{&)yDpC##Zbb9p)HXZYgsmboK=Q6gjs7@_bq61tz1Vf+kihu{ANb_V_eoB%utyaM=t zxO)@0s;Vw*{9G?8UK~J8$xKl(aUu{0oB>gd>H=sV&`z=g5yH7A{BxO?K+55h9G+-<_wZ~FSG2qjksU^M5o-2-GCcGDPOI{r z6*WaIL9}WJqLfzsr^E9v)F$;p4J%6;o;I<<>?~`S5FeggM#GcK{>P_oXingJENW)H z$D)k5_gLGJHT5<}P#TNYfv2BEpjbWBw)gr54Mf@g7PKGecc8TQ zss^RK*Y}{b_c{eid#}@=G(6~*8NT--#2+;0vLhl^86N&L4PutVW%3I4axSQ0OazLH z<%drCJD+I`8N3lJm;a4f$XYO05p^75*2w_`~}@LftPvFgT6vS z@1TH$9_p2n0FuxHyvB=OZIKIcKbv~Z%MfL`E*$)MB=#>iekh_7L|3~kI}sTc5)@2rGg_JvrI| zGFq5lhV7mP>u*wSo~LigFw~wtT4)B;1Eov#V#h|iD+8Gq8^6IdLYEF zuXEXIXmOdWhdnqoj~&84sfT+#sRzCz|65bOr}c1`sE1Xe9#)Hb7$)n15U&R=qk7;n zcRe)v$MvwrlY00sc72}K!@Z&&)`)soE9zmmtOr889=MF^fy+?tc94#~3^tK89QgDwH36qkb1zTq}dD)a52G=I|U$M>Ry9NIc5qgvy#T~bC% zBQ7%?x#$;2;GuzM`2(S0K62O(iTW)6AjoKk)eqaP4K~id@hra+De)bb{w#mPCzL%q z)0u$vCY5C>XkXB2pj58uVjW8N0P_YQ)q+Gw#UB&;cng8$c;P_lXWU zR@Mh0K5=o`YG`qpsq?Wz-*D%pN?sSsng_CbB(YS(eUa?Ahu;i|=Q!~A0uFsog%Sy` z>#j;>A|7w3^+w69$cNfv>83zx<+<4C8z~~x_6#j`SG?>yV@^7oQtIA2>IbB}U%Fpm z9S-MQChnE=;D$%)-+G|DQfoB9MyHM`G#0(I2`Js7+!Qnd)EhJ#v>7Os%>hcSNq4jJ zUQ38CzPap(h^_OURy;^R?XEe)j?kHiWO{;!nwDR9!gB@1U^ExbnJ#6JGTbm%sL%4PX!>q~a@evjapG1#hqb1<;?BNd0)t@>_Ks5>V_tJBY z9#$wL)n&F*EJuuSo0pP_s~zQ)pmRB#R{K)I;rxjfYAlT&k-)83V!!D2ycu!Juohz% z+xXLO$)g2DYP9 z#oE}b@2OW(oow-CB9g`B=F-yyety*6LNz`=4GU{OKdM+=Ropd3FIm|PF@2l}PP6%Y z^Y#1qsQ@@t>K4X9@IhM=rg9+-ASZ<4QG--^AwS6i3^GbyUuzXZt_P~CGhk?+>k`68 zFhx=QJr3F*bPH%I=vGjArfVDML!jG1w}b8geHQddP{d=Liw4hS?mIUj(&P;`beHRJ8}|-{zWgxfHc-mgLPUC{_{WTV4OycmZRM3^EiI3kM@ZqdS~wGe4sqpO3)OAC(3 zVp+Ww3DSZivRK6}n%T5wQQWz)zNShGj>uxI+d|~3fE%*^Y0`otve?KiTHCbN!h%lD z=wZ6F;D{_9;ubA!T1%0u7+oDSQCe_B7F*mFOStL|gT*z{f+Mon;kKwHjccU^M`W>= zTTq*K<<6akG_I2t9FYaB6YQGJ-=_JCH0TikJzKIdefLGEjS{J3-zWkOImP57PdyLU)51p znbLwIvS`XJ>gZQl(t;zhXi;w(v!w+`WYNZL5d{{3)_;1qQCe_B7MHto)s^cl($zt; zr3FW1(V1J+F_+{>3y#R5d%YHOqy_1Oh za6}e^>b00FEjS{J;q_YNOAC(3VwBsWE6a#xoOcVP1xI8tj$0V|RU|iL|1N345n05# z(}?1#biAO4LTSMfSxmL0VI1f4qy45-dn@x0@T$aw$oY4f*T*)*)MW?|gm zw5g9>b?l{YzKK8E`h3;?t8yPs+nadw$?Ib$9vkw|%8Wm!o(?|$ad7LC@B1xoaxiE~ z+XL_28+S#kwBRpBAKnKH`nmCV-{NleF&neqsUE&zcgWdW z9(*_Fxsst#u6{1Z;}>>}e`D2S=L_4Om>BE*N!uyk?r7EHmw~Tb{^X_KJ7&FRYq$B) zsY9o{^+r)rYWqfsj+rxm3CUj;vtr-(r<1zwIbQk1*b(zn0)D>kvFLeYpYA*K$+K7N zy&>SE){U0lyzj>T!{1%IY4NWgeAz0o%e_r*el_jNlrtZVzqoj0>6xYQ(B#&(G*vFemB5RquWG z#k#N~n+ER)>bib@c)ueX^NudDzi{WreOF#Nyya(qls>q(Rls-J@Ee@7p9noNa$bD) z*)FGg-2Hatz+WETF>m+vowuL(xy!6>dxGu=-e5oTZgThgPk(Um+Loi<9kl%ObZi}!bR-1Yvr7eCzb-jazQPaf4h%YNv$Wy|~C7T;m}ebY-$ zv^{%byDMN)_doaC^ORr2wyM`N2QS**BzkAjjw4AgjQ-$_Bfng;?Tr`iSXk6{;-$>U zckj#XKmD1*0p1gDxpb;!)zgu-ujk*`@7-ksUU!2crislO-PEMpZ8vm|>i_+s$8-EzAIf-e=u0~{?0jVFr{iAV z`|bQb4~(2~&yuZgoP1|pe^E3!{V&Kc3^q3_;Ya(U$4kF;BQP4lWN`n|GvcFy= z=$f<-_oY?(=HEW5_=P+7-uc7FVH4E&Jv)-8M?U+hFIYuh)m&)okgA zXLbfhrTYJV+w)Jv-+kZHdnPQc_*ku9mDk%#Z(qH=;y-_VD1{UjF%8 zM`X3_b7z!p@5*{-&b*wlX?na~f4cpL&%HC@`6bKJDxNtpXUf(Gu4>z{=X0?u-e0Kq zzdeyX?|c1X^VKcidhdMjo0r|4F+aIO(DsQ19Zv1*G$(oCU&o&5k}-L))2Z)CBhv7J z_~5Mc!-b7)^rWa=iM5M@QT;S! zI^G69O)P$BC1SU&#Xp73Gk%x|H4vU}WOs6OQDLir44^>t_bh6BxpXL@nbT-Fs8%ItMav%SFh}93B5i8>8&}nLOdv&n*>Bw|+Kb1Y#b+P)n(&DG1#SeL~+XC=Uq3G_` zIC-Pyr!!*A`RQcw6To!nyc$`5_V%D!>KR#tpCkC!>nFhCrz_Jbz(37R@pmjvvF3+H zpWQ|Y>3+Ie`~)%`swD~oHvff=KshtcKi$Eb^Al+Ca~0E}bCNX2RdpHgp4AVX#5U*W zDvO^WrlTLzt$s7Emi*A@v)eEc$Z`c){Pbcv`nV`q|07Q0s^#j1FXlXMf$} z^qK2Y&RhLZD&}#~$KofL=}?cQP!bY|PN(MQYQ&iPPq4)g^&EG8PQG4(rc?cdTKt4q z{9srb`~=Lle{b~@X7SU{;)gCsxbyRfZyTJPRr52z;-|mG&p@W5_n+)uQRv#LA38T+ zx7FZZ@6Q7*e!`iK-tGZW&6isJ3}!l?82p4={9yNBDA(-W3$a5}^E1@qXNbkmFq5B{ zliqJw{S0S1#{N9a;%5ZYxe@;qb~b8_!KCJABx3Bg=kc%C&j^d32&SW-SxegB`qAnq zlIa}8zwRf(;wOsfJc@tHMVmEmVCkXeXB5++^Fy>cp%7*96Ah`|roUV4&;R^bOFfTf zI&qj-XzxoQ+Tv#nq;?x7WftZRv9Gu0XDrhRM}G8jjj{Nl6_njZwN2qcuS7t#T(pWX z&xcNnpYcp568|(mZ-_kometP$rgIMedVa=R{9rgCt#|QH;kMZ?oVNOzh#2#H7-R7> ziRsV?qS9>b*W(4NpID}I2LF0~CRzN%F`cRSr?6?)PM6isWW?}1>we-aex@*;d&mjG z#gQ?qt$wh}haclOonrBmz;yKd6l^Ye(&~p|&G|{N_?gCZXnfKBYv+Qg^Q?ZRGab4M zUN6@)i=RZMqt|nXu8*P%P>mb+r)-up?UxfRey%n73Hzu&j$~9n*D)Ou>-o9X;%A1* z&!4W7=x(Z?>n(m}Sp3{z^7Cql*V9%%NftjhSo|b29h&hdj9uObSy%Iuf*5mqC0qQY zG9BH|w9qSGwfaf3_(`?+NoP7Vn^8#H7L#oClYtm>e$p*|W-=YU|1{ZFe%$J37Sl2I zpP3dvnM{X9J=Mxn+goDbs`Zn_bWY-5Z}&`#pV>@j2mWdP>9l)xC#xTpTU#RB>waci z{A4pfdVbCxy0pdWCx_{r#J}z*+u~;q)6wgv_VJa=bbJl@nPc&j$8>(cKZVYD&tlS2 z>jz6}v==(M%uk-hPd?M3qYSd%|MMygd({uEuFdTt2 zgXzZLXXOXBZB{??Eq>-%{1h>rNAXYl+(Y?aFSPnuz;psoTz$V>Wbtzo)6wU#MMdA% z;)nLOcAK$3-(>LvGwAfeKZRAFZ|`r-&mzQ_>v^HY&n--cYKcO>vLonfYJ1&^7`x4Q ze&ZI4pJJv%*J9{MI=p3+kJZm&rgIQFdVemq_*ueqTH&9<`!T=ovid<+Kz_c)zwT!V z^FtQ2rqKh9P`cv7LzEW4#w_mO5RzyqIV>c>QgT{II!FmFhqBO7N@&GHp_7!*^?wQj zrDUm)gh8pO!Ny2Qh>-M>l0+dHCM7ou zNw}0eC?rFqgxxZQJo`(@4?^b#DQQhz6QQ+~3=xtM;~WQ~wak&@?yBtc5P7Lp<8eYl6|F$bI++&9Y>R}} zKV~Z`rCBn@BI#w346{fmV`e`?EE0cq5fbd9 zj36)_4YzDatJ@&8+nUoqwt3$-4R%|d5mrpcl-BLcN>A&7>0i#`XHFp2dST^5f$5mi zx&u;oT4$Q|zuaw=Ev%T1DXmgwrKgoy=>IuCJ4b2k5LQgbl-4p+T0d52jdxppEUcK0 zDXlv#Y4J13l$JMD5(3jPrL`PVceyAnx77$?#dJ(*tzcGqxn3_W+7uvHaRtJP>6p@5 zX-aER{2RBqt+om)rejL$E>l{4UK#LcSDDsl!iwpb(pqIot6<&dUENk~TObmF>6p@5 z4XL{y-u~ISG5lzYw8sf6rejL$Ze~SUp?>(|^NUxyt=N-dkTM-pTK6z3y$&zj?tO$G zu|llv7ilpaQ(E^jD?P1;Kj?Rh+v-PQ#dJ(*tudwbobQ&Y{HT`F>eiC}@v0JRxC(3- zUu#Js$Jg~gJ44-8*9t49V@hisvoe;8ANfM8trk{H$CTE3Q(9Cmx7AT$#dJ(*m6_67 zKk~7lCbDn*DXf@|DXk5rv=Too!s{NyB2eoq4qup#DXsfVX~pz#?HePlW(X^$V@hkI zDXmvl4ms<#S}ClUjw!88rnIQf_mXM7Agq{$LNpmOo63=nH`g%#5=mFpp9rT2MC z%WZYPuwpus+w#xVa0SzX+2^|%WZW|STP+_T8~=N@|W$^*^g4>&p(*! z@G(fub?CO5B&?W@DXqtum0qqZ4vxOa&nQwF3xyTaF_mkJDXsKty;r%dwhJq!V@j*s zloquYzuHb|eJre)jw!9JrnIQN+*UrV$rfkZv7t5$Yk+Mek!t`dSE8)LA;OC3n9_QJ zS?PU)%H_7YQCKk@Q(D_iX;HcQ$h0;JE2d*gYlkT-R zT@+SK$CTDiQ(9Cmw^eW(vc(yBZ00)LMG{$uR4#s318FA-E2d*gYd5pf>yXOjwpt~u zn2xDjdrWCjxvrIU_@c04I;OPtn$n_jxvhQ@R!ql~)>Edms9f!2TAkY>5`pQM(%J{9 zd3?F8VucmcF{QPiSsBL{Kl4v%+#;-)jw!9DO=(fN+*Uh<71J@LRbfht)&TtM9HsTS zuwpu!D%bO-v}heQQ>Jyluwpu6p@b(UR6Qnbse|is_ir zI$%l5ZPlwCA`zI5DXoK$y6ceE^F=bPYlIckF{O2gS?P61$0=^B+l3X=F{SmADJ@!K z^E2%bYkPzh(=nxW*p${+eQ*BJZS}dZVmhX@j#$#-XX7a?pZ4^RmqB4O@4sFqiChCv zT5hXwVa0SzX}!X%^zlXInkVZpU05+4Q@M^>(sEnfEv%T1DXmIVTGZ!9$h2M%R!ql~ z)-h9B)DPWO)xwJDn9_RHlorj0<7HZ{{Sk@4bWCZz2C2Ia3tk%ZjoT_hSTP+_TCX!J zV;wqVS~6p@b!<5#(jPvu|R-1(t(=ny>rYS8d7rz1yv35dOF&$G{Z<*4f`Ot0E zo}zD@kQ+wB+E5eSTP+_T5mHeeSF;>*6g_3Doa=~9aCB-Olf^Q@$(h@ ziWtONnXqCyrnKHMrL}diZ)>;JF=54YOliGqN{h~Kc*$~|7gkKil-7Huw4&c$V6f`d z0g(ty$CTFlklJm&__tB~x{DWzWm?w?E2d*g>jP$`*Wt5oX4u?T3xyTa(SmX3uq!ni z`nac!S$Q#xW8Aou=eSi8bZ~Pq3rvTh`-LB3aK|sdmpFmA53$*8GYFbOa9ZY#1$g?M z!bjNbw&P70WBA(%uOkbR^3yWtx%q^Y)a;B1>&qS@B0?ueO*P6Vj!uY-j!cM*2#tu+ zl9IA=@{*$I?&hfcjFcO-k>>Bv*6MNG=%~nXaib%rhDL-$T?u9yRU+y;2O?b=OU8zCFmW!FNOX#;XMk+I3V}WMty# zqzTlTX7#!<4*lBH>&kf@>UCvZs-tVs*X(M|^n}Qy2}u(|*ccLDy{lJGA8fICX?W8@ zJ*uKlCwia~=7G+@hIR05i9sn1s8PE#pr)6Qf2zVGfA|VTJ$kxB@oJ}fG)2#8SW$P0 zJmSL)4SQ@*&*U)GLx=V0F^BHA1J&b^X^t!4Z)&VnkM5cN&Fs$Mb@aWWBo%H z1FR08Qjw=$w_+4#VzIxiXDm>~$V}F&Clf|#;_>#gy7Nb=(#o$64bu`Wy3Y42@fakg zyn-hwX>7bRWlnl_M*gVGjIgwV_W3wI|k~Rqct@RUh>y)}U4GiPgO`;j8G{OV*&3o*2!~ z9;}k}R6JGJ-J@|EbWckm-M`2BdIHFhCyR33zo+U3_YJJ&4W1j)G&*fy^>6grkgCyb z0|yL7w+*Qp++z3L&@qO=vnSfRa~k{&I9IxdN9wwJG&l6?KTt9BK2Ozk_dNIYySHZF z1ARRKWT@f8B69&e)7KL~2^uy~ir}Gvo&>Md1`pWG9jIY--92xE`t_9ppi6k5uP31A zzrN!>a}zNC4XNwy_59bTUt9hg)Rzg!m(|v~XcDJF3?-oU#oIUWcH4#w^dvkwj@293 zGiBX1RS!;F)|!)XqiHcghj6-Y548=>Jvn+cc=t%%;J(3wPlNAss7X z3q28@rFswgYgwx{l!`RblR;VPJr=hX#3OaxJxWopzRZs}u=QA9Pr%cof4!wW))xuX zebzvDtXsi&wt$}}a9llbV1O}%4jdRBKCs__{)3IufPm1Dkb$H+U_eMHw@7xR-@Ztj zdZH+86>bZ=g)Z+Q7~k7NydB#naVHJ&EI54i>uvG6D7gim<%Zs+04|9JiO_tbjBiq* znCswhOE+Ax>%sNNe}HdXvZ{AC$)U4b=u!4+)0+tSbI|b)0zjxsFA;IAp)B1CFIR}=^C8Yrbp%I3B6~9Ze97yhu#tB4D8K)H3F&4UnJz?p|f1*)#Wb= zdTXKcfd_hDK&M+Do^E~q`a&nS0lhr9Spc2yg&tkat*soS=hqjXv%p57ESX3)tHI)X%K5eL=&d=hcLD|)OPhIe3*d4J^ZgPFKbCX+Z`FA=`haa0Mt zFrmXWMZGBgN|EmiS$H2xHrJwhuFc0U&1Cl}rv zTgdffy(r}%y(s96m{-5vyO_vkLTAWLT(7QlPoumKK-Xmky%EqEQ(V6um3IzwW-o47?;hyfwWNN%WTd+vI_;Kny_O)g^%v56 z7&?t^uV3#X^zMSrouyn)*0bS_ZxloG!GEALp8!IA{bf0HKDd+Xd4trJKdQeT%ke4j z6Cnktspu*B!|RT<_0W0rF1KE7^T96Yy$+p)tGQltklONh4)Sx*siqwc zg3OX(0S% zLTAM~u2)z779jd5==5Fh)~hXl(eO7FIvdK|dbQ;bQ<`=NI(;{Ay}J5AHvC0GXUBb9 zPmVXkJ>?YRi|u>poELg9Lwkfo7@u?@J!&UA9>r)yk7E$V#`FyLJCU67(^u#a&q8ag zuatDDUtX=~)s^lb=#5g-t;Ju8hyJplSLlJidp-2G5qeuZ@b|KZ{@#GzhaUL*-9vwu zpy#uRH-&7sTI#Q-(BYbO_k&RA4fnv`bsqXlgI=x&{#JVEZ!Pp5^1$B#5B(j5-a8)n zJL{pp^U!O2f5Yw3P3Sb#9=)MA$OC^9-dZ9wMzVR08p}*Vdy+JoNV?^v-+Wul<9bwMS>@^%lDIwZ}LQ{Y{46^&a@U*+YLN&|Bq!za1X>+XuZv zsz2p;koNnZL+2-<$M^dY`te|zUbCck9y-l7b4h)AZJ^W51HHb`8Sa7JSm;dmKraP4 zb3M?z89K{7&|3?g$2`#637rET=pBR3haTvC1)X0!(EAfQEgsTXsINWRL#KxadZEyX zwCd5jtP^-Dnl=Mqg3!@r?0lHv9(0mdV}NZ@^ypw2XYXiL!b@OhWXi&HSM_8M!QlwjAL7!PRvTn&n?KE=?Vy%(la17 z&xNmj-IO(FR=_B{0Xz%$Ea81QfqqFz^U{)1T(11A)IwKA0X`fS=$Dz1otKesl;W)o zekrbOdV7Okfh(QzPG$KO>+0TGQ@=YgPHfuv*r=q~sPUsmB_vH6oscvoGGTPmsMtvf zQ(|M1Mo)^2iW!YBg>vOa^(s%q&BIZVlcJ}Oi%xKAeT9uzy*APDqvDbhBFEx`mOP23 z^{P*cj2Rc5G$tl;Y`oSB7IM#CY>0R{+NQvp=n_ylA=GA4G?=%i_}F;gdw)&>hR zQyEmVF|kudjZT_6Xk5jEJt@A0HGDWPDr1(Xs-yAU&w=pj(w$n1 zRp==jm(l~ScIWX4fGSQ-IHBkGz2o*;6-ii%0u+mAj?EAx|- z#A=b{abj%rR7|5SphLA9KknMmNeTGMtT!9PQ!?O)j2()#0cq1X+n_LxjxPEI-b0BK+OS7JH_<(j>tP|JM%$U?whCgf4H&u z8GZ@D*A{p7?XXXpZT$E#ZPy?7q}?!_e-hKz_QQh(PrdS1n?El)9M_%bI~dh^1bOnc zow)g(W0!tib#B4(&h7WExDMrNjdN4JwzNg-i-%n-jocR0sHp#uHX-~2VZOHfG1qT6 zzU!mgnq2Y99~bWE^CvFTF#T5-HJR1qp|T&Y*|2Nrwq0)~YT9p1eqqYy2Y$Wz##d*} zO>KJJ#XYE~tFiR)wRKvbet7Y@$xHtnHg?;N$9>M@(gKq|Sk!W5zag<<6|eZmA3ip= zBTj=dxzG9zKU5apQhmDrO?Iz^L&swYh;Qv?Sk^l#`K@ zmbW0OAUN}%`OKMt+p<$r3Nrqoqk_zo{EYM&okc6Qf9?pyE5zF1 zUvV_Y^$*>MS}Jhmr)1-1rGMy+cL>*lynm_jP*s@fa{p;vi9*gQ%t}wsn90jX%QN)s z&_Q8?W)#rJax!M*XXND;%;3wag1-H!qtBotg7mC{l!Bb#w7k53*0YVHWj<;gM+yH% zegAu&3`03Le*yBQvEvUqjow6y@uPj?*O-@vf%nm>1#)P&KHBd>=FrXynM1n- zl+X0+nBBM@y*8C(4y~DxIkZ+l^ub3Tt&P-cFJunwa;euDh(4m}qjducW9jw~GKbbv z$Q;_$K=ff!A1w?B6F$%&A#-Shh0LLi1ft6(KH4a$H&)0T+Bm5f3zWw6;(_`yf76A` zpv;{)u&~62y5BK_LB~tGW zA#-TUq~0o^=}hllAY3bg#d;xgXd8sgfln3S@-x$WMCxr3GKaQR>g@!Y%=GpGbz=UW z7BYwSjF36B13(E(@37Q6Dr64rnAD3|hELeX;LG#=PWf?gXUXXz{oC}*wL{guB_~@! zBgQD}$Yl{mnKze38)eP8EE!*`k0?3W=(dBdUKCx7jF%L7X)XsMlHok@ls8Z`A<#rn z=c#nJrnlz0n!E6Z3&+vuz!@llcFLO&fQHB!%VPqg?Ul<9G2ICg?%ye6x>0yW)2B-adbEgR<3j<@cR<{p9y&?+ru_BOKwAFquTWNG)NUQz$bFOSb z`4O^El7+$@xe>5^iROrV$f}gEyxm5B6N?(CJ$<%gUlM~V*9@S~~SOS==v7*&mqXV8Kzl3?vL=iZ zSlW$BBmHA2AC$$2uoEnjHww9phD*9$?V(#%nv#<=%9~U6LXJkz-4R+nDa3l50VkeacbsO#7NEDm(Fue(&Bbs119WoUbnj#`z z@v?odOIYd=dg@+$>LK$8XK&tV4%&HQoJCf=oy)xfq2av@h$ffi5kW`U<$hwF&XR+T z=zalBPlDx!5^ZIYh)QkM>e=e1^c{QZR>%#ym7z1S;?>A0yBC`|Xa=b>7qF(`fivC4(cvE4?jaZsjrxZmcNO8) zu&=?M`tto3eYO2JeCZ>CPXaV)mYfX7j-iu#YH_Z-48>!EDCE**GzFaMSYIsb+%(10 z3e*eNQFKI05?XC~X|p71sGt9z$QP}&dA>NJe9@|!=Zm8{@`dR!|o}PBmr`ozDaEGze%(=|_ zl&@QQRAYL*c&<-|l+^gTTDX~jLW?fhhM)^L4|hj?=-|hT9nf&J2eMJv8f(wvKN6c4 zd#4&5#MM2f^;+;~?{A*UO)CV-8{0kbDW>F5Bfjt7!+KeWdu}L3c4!Y$XO_Zi&r%#E zmuOj#n6gy6P9t3hEu9cphYn>sk-AiO${-d44(yWyP{n-79{|95R0Q+_mPdH|9AX7s z7RmOLiP$l+U1^-NS9!Z4|z(!e6HF?G(Pf!uu=y%eu~1!D|~{&PgVG73O`-p6BYg%g}+weuT%IL3V*%A-=OeG3ZJa-DGHye z@M#L4uJ9QOKU3jnDSW2FXDR$_g}+hZvlTu^;pZrPuEOUj`-8a(pRe!*3hz?<6)OBZ zg`cmC{~~2PE>QGuQsQq`_=Sr8B89(2;cr#=;;FtSkBb$4iNcpC{8EL#P2q1>_&XH7 zRN?pFAF6#ia?U!(AA6@Hz6$<~1X*A*yM5TPsDf-VV{0j>IqQW0g z_=5_6Na0^n(m$-kA5r38R`^#G{-|PKskHAgg@0AyUsL$k75)u{e^cS#QuyOae%@C2 z6AJ&1!oREV?75+Dc|6Sp0 z6#l%z|Do^~6#k;Z|EchQDf}g6ezCBMzD?m9DZE|by}Ft`HXdN+aZ8vfG&ON}1%u+R znZi31-bdk^E9tjT(r>Ax*Gl1i6@PvT-&*0@D12Kb{mYc}+bQX_S9pKL-{lJ5LE*1Z z_>M~YS1Re#odm|v*~kC~DE_)Ad{>3(@Pf~cgsB8>z%KBik!cS57c!f_; z_^Ap%P2s02e4@f%qwv=%{B;UHL*cJi_!|^HN#T=?l>wZh@Tm%)ru4sbB|bypXDU2h zH#3GzrN3s4v6)UW&sO^Pjmr8mTPaVD!p~9oT!qgwW(Ih!!sjb|fx^>$;KopBWPs-> z{CtJCoDWdq8$2JN=r2bFotYOBDSQMSrQ%A8u3l+ZFx}g)de3WeR_% z!Y^0&6$-yn;qOxTRSLga=?`}+{5=YPufnfU__YeZPT|)pe3`;;Pv>SfrW z#6PL2~V75-_3uNa^e>v<>ojKV*w@Xsmy^9uih!oR5S z2NeFGGM*19{7ZDpuOS>(>hFjlj^N7*Z#f^J%rBMEW&_LlfG|8dWe7MQVB&E;z{J1N z)y%(XuqBA|0Ve%_d_F+&|DM9Xukarz_4j}Oe1LC+F^gYxHS=F8{8tM9wbGxzQTT5a z{yT-QR?g3Uukb$@GY3pJ;~B$gr9OXD`2Q&UPYQp==nVL*(m#Gy;_0~|V>qYy`&Hq8 zGb#iBuJARA{&|J}L*Xwd{6&TTQ{n&a`2e~pvl;Se)BGh0k|n9L zwL~=%dE@yDQGXHzNfa)T6G+sbM41v5NmL5N{gp{nE>VR%+x%A~9uNX#!1Rm#{ZiK->4k;ogBC+bh4Ac?{y za!QmaQKm#i5|v6+CQ-RW6%tiSR3%ZhL^Tq5;|3`(G(SreBvH6TPKgpF%9N-`qEd;< zBr2DvLZV8EswAqGs74}hADKUif+Px;$SF~xM41v5NmMFPnMCChRY+7RQI$m164glL zjT^{B{YexgQMg1-i4rBsl&DCeQi;ldc&{s$vI>bRC90CBTA~_>yz!Kg$e%<(5`|0T zlqgZ6Oo@slDwU{AqH>8UB&w9CN}_6sY9#W;33ZV_iGm~wm&hqmqC}Yz6-iVoQJF;L z5>-f4DN&U~)e_Z66kDv7Eks*%VW zM;{`85(P;VE|F8BM2Rvb!Xpa8OQ}R<5|v9-AyK77RT5Q8R0G8Ou0Pg~JbytFg-hg= zC{dzJiHd-@mr{w!WNf)a6%tiSR3%ZhL^VL%pLc7#Sd`CtKq7wp~NK`3Nl|L5s>aEY7}B}$YjQISNY5|v3*E>VRmI;z5Tq38`O9bL| zpD9rhP#50+fC3pR1LB^`C9069Qlct}swJwC$QxM_`2#|=Qu|62E|F8BM2RvbDw3#F zqB4ofC9069Qlct}swJwC$oq0VSN=eveI*J9f-3Utl(IyLG9@aKs8pgdiOMCakf>6k zDv7Eks*%XMgPtpYiGm~wm&hqmqC}Yz6-iVoQJF;L5>){4@>WV&l|afXdpvHGPYErGKtD1s*tEs zqAH21C8`19{lFWCSfYI;3X&*XBBw-&K-@M{q9Tb(rCymt#Nl0V#`h88eRZvUsgKkW zqWth8G(W!pM6E|{#M)e$Sp`} zTzoC)G|)Rh@s5+?r$Mg)r8>jAOp4zJy$-Yw=)Kr{SYIUMU=Kxd*+CKO(4uR97fCoh zj~@UndUZrHJ?H1tAEL*@`jBNV^9n2(7HD&|#eXALC;WT4g7EL{3OzM~n$lN)w%`BM zAi*DCPip(0!h1p}K25N!x8hMx!8W6`S^GdMkaHF29I-7uK08Nfc^qf z$3t``s26&qmkpT%Y2=C~;^mr4#JknfG8FFn&G=)PX|*4{vJ`J+SQzMCypYpdZ)rtw z5$-ntoGReTPeXYo-Vd-C+FJ3YOACD%ymTwRyJWP%sb}rfNM?f^(i;Vsg{Bqj7MCuW zQ-OiT2N^1a4HWitWdz1hgcDEQI`i3JjBqwCh9-H&@H!GM#|Zj@7O9L8{rvr5imP*s zM5fO!EO3dQO+zG{@?s5Qh(sX9Fhp8oC^#Xacl==}q(&FGaIE0x7iW;g=clpJl?YiO zwpd$QYHS`39{v214I-X}*qJl&ax}cS)Xy)|5*d$IN#Y9@{PmCtT6-wboW=*!oJkq; zg*8P`PZANa+36zUGDHL*LeH)!Hl^kZF}>9grI^RXk?HCAd{pC;HHh_hPsJM5Esg5{ zY|VxIFN{A*^%7_oQ13=s@c>W<=rqy;O$TiOIuo=Ns0-8=bRH<)(^p&q+6MGC&~~8r zfVKx+19}DM{h*ye_k#w2(zx#mYDXRdL0f@#2ki`c6=*PM5NHT!FVNwjy+JXzXnjCa zL4!flK|?_4f$C7u+d%t)t^w^2x(;*@=p&#Jpf7@s1Esz-9+c*t_1O5lL&%}!A&$#j z0y*k>6^nfGnLRVjo<_zS14?Q_{-t+4P&3dgpS;*};`EXzFZ}rKh4!bzm7y~qGHS|v zY@=J_j|bEK1iKe}Up{0^NC?}rgzHLXTKlk}en`XS0k*SAN}8FQpOcbp89DlBN`$K3 zWob0E)|#_dpYo(~U72{Lv!6*eJ0~v#-JkEjcCu9RM$d8OFTndc2m9rUJnle*+-(^P zK;@_IO?5;~OCb- z8fZJ#azRk6C5Vw0f+)idipBud4j*Y^4A34b0z!RE>En!sq%NazMq_0eWE5nL{|qLA zBqC7$slIVNQtK~d(?xwJf)0c18qjpmYeA`;*MU;K<7imaJ0ZMgP|B#Lxa?giqZZ(@ zI$k6a&ekm@I4S7*cixe66;h;E?|HG3B{QVAr3OwNhndi)woJn|rh&GM`rnVkTIWdP zRGOEYmo~>$_wY+bxhUwJf%*dVEn_ZB2Eu7<4S?5>Tq2643`X0Q0d&h>tz0 zX&;To9wCQDyLtW!#E%4WXcvLFEwu!KkB+Uky#@~a zACJ9S_e+#twSI3G^?L_sH^i5MQhAn%`t1VD>z9y2JA!{Ms}#r~*8;WG5gm$A9Sz6k ztiO&1{l8F0lwY-uR){)U2^xs_yFjTtt3(}CkrABuCh~R zMd3x&%ukG4j?WPo4pO4s5i)Hy`_PWWm|dLGvim{C!Vnu~9c&1+dkY0Ui%O5RrH(&9oLVnx`*l-xClz8sB?Ks6Z$Dze6plcG}6Ze&Je z$c8ODT-wYNV0P3$&HzzX*9iGsakw-el=g*1pb?-8K&gIj0;TzMA!q^UBG8SX_`)$e z3|b8O1o$PORiGuHG&|l7YC{^!KxtKSC+L-+%R&2st^lRly9+c1bQLJgvUh{JK<@>m z%0WJhH-X~Nr+6#qdeEmq%RpZO-2i$7^ghscKsSPZ3JROz&q418Jp=jx=mpS+Kz&e+ z4};I2LppDAo_!4p6Muv?oFHLHB@S+-gsOt_9r(`aUS~RQv;SYWFG#=`b%^Rq5Eu!IhV|-yw-v4-tt@j)QW(^EB zHg&kqG0;Q+nLL?*S&5xVAi2Lmj+sfGVfY#HgV^*y^+Mz2GHg!?;U{P>vPa)4rg3x< zbTH@_ptP>|5|qZ~*Pu6oeha!3^gGaXptyCj_({<3K~I4G0Qw2&Y0y)kKZ2eI{Tb8; z>Hh*c0Q4N_M9^PBF=n;jKyL=E0mazT&Vy3>{Q*kjnDWf~6CsDz2XR6skb8eidzWZs zUvf8ORL&LHhBw?N;_~sCi=zK=uc+<7fZ8wun;xhf)P~06f}^M-DjQB8u{Fvu&~)&x zf>L>31Eo4_j*ZtLA-+H6GO95yqqgI+lTxOSwWlFbPX{JKMrp@m8`*HZPD%MMDwWP_ zgu{O==QScA4&dk4YdVCl4L}hsol*YpQptPQ;0;TeO2-*jf ziplGdkVAW2%8m=|4eI=TmIVydHiK?6b8fKuPWK9}{W9>Bbg2=TGWWtHH$ zOdp30)zSF+>nQC1)jBE@b+kd$(S4$hHi|l;%UQgR2=O}NGO8mk)9a`?_6q88X&$tw z4QM|$q5eAhUmusYGM%7VV=Rwn=Mad`F!0n#e+C~RWJIVg zsE-==BM*rBe;Aa~dlWPl^hr>vvz?$c=KEsf?LY{hD!@PgG{a$m_<239M|%{m_Z?6g z+Qo-G+(XEr)reRhcIJWWc_W6~QY&&4*`d_v69<(Km zh5ew^))k=C)-QolTjM?VtgStm>Cq~X5N~U) zcTwt5TXPw;HMga<<}zw)F4Nn3I3()09t9bdWd!KN`rCR8oBL?zR7((h(KtjYCkYZE zvYaGHhEQF5WEy0&_GpErO8{izNIH~VjG+?ghOvb%>!3Dv2p5#^z=lxQoddK73q(Ar z#@cfEwN8Cv2qsGe{p2Db%?0Ho6M^dQ3@}yQCLwzT?N4?3HYgnryaP)8<2}$>pjDuh ztIi z?fDxh%{gJ%ct0fM(7wihF5>Zd9)TPh`Q>_aq|Wuo7nf1b;j#oNOO!I}Z7<<;`QAzI zg=d%T>5@6_0>C?&@eK{Fu+=jyklH0W1ku6{o{Fx3C-&6`c8fusUvvndmvXaLCOhfn z$+-7`z8*jq-t`yAhr`b*Y+f3jAsNPy-ubJ*sRuU8AZvqdDYl{YcK&g5@ByX5G*?#c z95xClrCNd*1rdlci~>(D$x~kpfT?M;&<<%JgcKe|9*JMfS=leCQzi=;5h@pTN;(CQ zfQ`ZpSWr?~lR@c{MG9z7Q0z+BB$fe6HHMv0aRex)Cw8(Y2bAh(4k&e|HQ0D(BE%OG zTvjP!9c*dJWmM~2@3cTZEN5J%x6NL}sTVG&4F1?C?YMf|W?Dwkf3bA^w-)#j$e$kc zdN(c%@MSAD8H@*|`kerp3>pJUWt#{}^-68b>y?m0quS)M*9CGf^lPgxFAO58FS=wK z+faS+W$fST#Q*RDxm@hWA%A+HJX1eyiY;0QFGGD$Ij#hy`sxIl4B8o#>Z=RrQPAO_ zR91XLjMX1aw7mWZ@%rO3sy{AsU!*Hdz->>s;|li|o#xl*jz-W<6rV1_JcaKW1r#sD zE7x5ei8OMJBw}}sF?`q}NSU|TEfTeUi6-b&2a}!g^BD3&AD3u06SrB|F;@m+s>DrQ zt%)>p`4h3bI-lyvZ`q3AU%r52nqQAbw56=$yBnPIC5|S`dcU?o6`MHb0U*$2U+WiqBK>=g7x0ZqQ8 zOv3-zo*58NTe12i=>_bGsh;rl8g@mj5ojc_ptLgZ0$l*w7?f59O+fDjZ3arm1rE@c zL480^fHns`3EBdbCRTi0ubA4v50oa8`>^rBK**sT!audOk49by@jE}Lt@)iFgdFVH zf?C~2`w4o4@ZmoEbAQwWxW6DN>my})KiLJ#Vai#XDny743CtB2l|ZfI+68;-WST!KMew?-^`%Y=J^J5p76im<&qgm;y?5 zO=qD*un2?W*sC4`lqi-7TWNoI4`WI=G2*1NL^{M4}AC<(jq@sojOo| zLXG*-tpuOCqOn5rwU?GG5$)yq#Bxj`y_W3W6u2^S*outOuO*Q|;tq+WTWBLbQl5o+yp z<_m7+T$BA%*{DlVu{JRYriI2@F_rfss1N9$pp=`xKnIad6MizV5h$A`Kqo`o7&IHS zDQF(31C(;*1NsPP3(%)PTY*-9;_K4I&w}FiXm)_n7W6~#?Ln!o{XwZKuf@i@G9ia{ zkCd$w$f3O?Wv@sXm5bY+lQR06q4Bed*fn|6eY3s=)U())$GG{NR!Z#VS?rA&hMGS| ztZN`$OzG*CEt+0*3Ho5N3l;Ikco1VeHNzXbG)N2dq zNHn8R57B27`h-2nXe{b7`c{2+$Y=&|VT-lZ`DuE#B;rSuiO|#o<(n#$Qi>5mTpcW? zvP=i1#d{)XXHZ$nkg@oDNm z`sanhjyRVs4crU~eUI=Yi&+y`MRX-TMN&$pEjVoLJbFS zi39tyhNi@838VZ_K|}mDBPtfh!gM+QAh5U-nHC##E};^lEogXp3IVdX+}v!YN<|l{ zv~!_VGu4l-DsFG4=M_#uY<^y$1Ec|v(nF#+7a<>&z;}iDg&6Ctg;ee{*k~Y7LsN*x zks8&-SWxOrPEe|saiFAgH#XiG2szl@(p*NndM-154%JDI0fazRBM?Lnyzm2gS08r3 z&KeV=J%E;n-hsW-S3jni?VwQS{Z~SX-u;250~$LfXIprm-IcHRISP8P%08 zqdCHON{Skw2Q~!i8v&qvzm%3L5|_J>pAnagO%GJ=GuWD8OAx|BUz`d8o)6j%v}?Jm_Ljs=sBRl%;#H@jgMwp?xZ4UkJqe3D={3!u2l4eG*sL z+CxXvHe>U~wh@~h8%8zz=YRKu*jYd2h%{*g+O_T}HmsRjEa7@oN4pn?p=y zYh%;eP{kpfWdHo{K@e`i5m_8%GG>v=wdgoq51RqF1xIA@29w!vcddqpEH@!Vxq1N z`Y4N~G&mxQZg2uEt4P(j6r3FW1@u%BDq%j{7J!}QwX>ddqcH}{%AuRHBbsa+ZLtI_!YD}eum^yr!4X-|$!Bxz8b|G3X~7X$ zjC5OwHmCDTdUy(er@;|fjOG^YZCZO_K?m=8phYFO;D{_HFpHwD1~o`2rWrPyRum0l z2=17QI&Bc+YcMf*tH)-5`3;TkbbeFbO=*a!GY7vb@0)bnsBh+X$6Tt@TX>x@L+Z@i z5n}}aQ#$_GFazU%ns(V`m!CZ`^sj|SVxI0)cznp5cO0L2zDrs`m3)$Bso?76rez zsr$;WrhXFj*@qWm8c)2+)xO1E`wtI~x$4_q<@3%|wXFIg<%UZ&yIWM=bi;2go>}>E zMB6W)+P!L9SZd))T`zCl)~~Xxcjp$BPjwqNJbG`dmkw5MD1B~K*omQUPg-zb zRsU~4+qmW4=Gm#YR6l!Gr%k`mTBN6c@jcY0ryKIF7XoJ=Ed)yIz^UYFvQ#jhnmO9cZig{obR!#&ldgsOPUCGp4-K@sX(? z^=|s|`c`LuDl2`Z^yUZNITzie^^7);&sW+PHhduY1~z z552lyS@yQ=&36^{yKCQtSuZ`XcGQYK&)?ha?KcAc49_ZfcG-Qsjy!Q|@3He%`t|+g z_&YD}@WtOfnLnXd z_k*Q5J#OAw+4b11kK8_Y^wuvbT??uPKe})110qL1vgGuKaRbVxEg9b_tH%LBjO{7qE+!@FOz&kISmr~b0<_0=P$A6d38AZOXQF@7D_ zF79w4;hW<2SMNTg^D%ASeWL66t553uOULdi9rn!JKXm^1kd%=VKka&CXRkYaM=W2y zf9&)31+DI~{7F4t_ov5i>wLEJx1avGKw`#gK=`8NmZ{KT=nhQIW1*Oj{c{H-Ih z+V;6KO6SX)48898lHAuk-<39i|-b6cq=kvesYJP?Gp?1c)h;# z{M@rE;hO>9HGkqv@9^@^()$fcCYq z=RVZF?D^P-atCG}S(*B=?VG~8o{e7K<)LG%hE9Gjb)o%>x38VB{H}y^$DZkuF?q4m zi7A4Gh_u|Cyx^?#!-b7)^t8TRiNagWX1JLqb=N z=)9KurZ}4EDA=_C_%d2ijNL}7B+AF?vSciw2vHcp39MDC#)z@oXpKm^WB0sN>bAN? zST(j-HDOk?P9&=_OMJ0|B}Cx>Ct4GWRa3;+ZTecV_2zydZmWyJs;R|_W_i2qN)aFW zWKE{qif*Z=;BB#@J#AgJL8q}PG_zPaAhp|Q6-X^yb$x!WJFTt4%3-ncVOEj&CzX@; z-HUaCP^Q~^S@6-+nr{xd-4=y^Qu(yzw4s&7efzjkRJB6KFSIH z%b*wBR-1%X8*asy0%_#0Ewc*f0)kR}zGw4|B<0~fSoxv|q{EBYgsKcFxFv(d(B%@$ z3AD&aC;Q8=*=@9vp)h3Sob?>h|243p8YLa>`Bq41Ot>YF3C~<&oD=A1-)=jJe+m^7 zn#J;x8fT>Th_T!HBd@{@PF+zO82wP*>^A+F&FhaEF}E1~T+Vdx7?CDGJ zm1Xj4UyGVI`k_;oc3TYcL!*&G2kyr(i*|(6Zc8-i;GtH?jDBdwu-oWz6wOu?npyJG z2~xWa6AH`ESCdX`u+~p!ren-cCrerZOo!$$y$*dWI$bO}%`G}zna;cDO?uhw7M*TP z=QPTtr`6P=6UcNr8p`fv(do`~nj8EyvFKdIbi55ZjV(Gon2xdREi5`g7M+$Bot{i5 z8EMgMMWK~Nrx&Eydm40nEjqoK&PC|xb?C=+413rW8--diD=%yZ2=})b2Fe zDD<(U6%47}W~`sq7M-h^4o>>W_G)9v4|as`L&ufWrum1v;B){OQ-2O+I=djIJqLvl zOIrOPwcF0&U+){Y0X=d?I&JqU&4`l0lj-X-g9k!eA-sEhO!vBu+^BNJ+7f zgh>g#TbsfFDLEk|{!)T#ek^p5lA%J&ex+9`Y(vRAb0`(du(N$Rcn2G+US@w0AK3p_QIlLSxY^p%t20Lh~7u=ow^}9L*Bi$1{nn zF#gzhxFch1eojkGueYoT6`}o+QxYtFyGaU^l zJfzhyW<{l=c6#p4&U@WfKME_RqXpxb$dyXtj$g;O({qI^^jtjV1h-0p4i1}G7><9t zDTj1)f?1SDYn6}vF^`W*611S^MPNFn9FBz4ZqsvkZeR2rZmT}Ris_irieOfHTI)wX z7Q|OO5NqRw71J@L70Imhv{JesFL7JV7gkKilvWh8($kv0XJjJZgFvi3BCME>DXmea zw9Y=@iuwP@`x3aQsy6OBf;x^HsHIuyq*P=^D2lk0Gsxgz2qU0kQ3C=B$tDbnEr!y9 zne8Rj+rCk6i>VcDZ#J`YrEjm56|H{%=bUrT+CqWplPGu>P=zAFs4}P z0kQb(i((BC6BmXt#iHwUf1j^u-+H;5 zI@@pcxv*jwQ!I}u)*}Uz*YT?WiWN)4ClbS$V$FfpU#`UY69)RN@`V+{m}245S7|Rk z!>1VQg%!h?Vr83RQQz=e?GjcDV~Ukyibdt(S0xl{2sJ(u! zVqp@g^bLNsMX`p^2^ooDOtH>|)?cn`Uujw5x5^e)3}cFQ9(^SA*F2B`mVZ|_}SPPkzF&4if zgIZfFtQf`=tI!$%7h?IXW(q5Y zF~wTMtn_mAd*b65euYReE)!M^V~Vxd6zkcyiY$ z3}cE_3a!6fGzaio;ngFS7{(Oqd}gJWi^dIprAhDxVZ|_}SWB1{4GV-2YrdZ|B`pZ>3qWTQKmHyirhM_B8x<5u8MXO*| zRK*r-rzcNFu6lr@v{b}m7?V{c_WI|&?(skD^IJVHtQf{*Rb{d|VZpP=fgWoBO}CL4 z#$>e=T7RtH55Dk$-zryFF^tKo+GJ&pb+@o$7?V|v$*S$@9XI)7?GsiEW3uv@tg^PH z&GuVO9DF%09D2n`8%zQgZ%=8$v|wg?NIv&<>3uw+RM z-d3b^F}4T`tyX4E7sKmxdc%=@M9E?LAg05S=5jhcE~m@mN}f9-)3d;pk(0H+G0s7{ zagMVMmi((7-M1HCTIjw5eBPq_#`GPUE?bM=8+6%@e`U0rW|NY-Wtf=QJ+n#OGD{ub zJ+p-FnRTyhsogAFYPT{;zcTEuVb`mr#)~&usGsE&EG#Ql1KoYfHDR* zp?6NR%7eIfF_%^1om9NU8i1h@#O0*GIts78cY+G_8hn6>+o^fIrR7y#yvmziP~&q| zS65bRDQwO#v)ISql4akW=DHwnck>+quL4h>9Syk3(b4-Gw5_!9PAV zxqBlL4ha5>zEELt(m@`PL9cgaw!5IBsI0h}{b~n_n&QIRYW#}FTS!0S@fKEAE-5Y6 zVrnavmsS+TglyOtcHz^>ev<=Jjnli}CiB3(!Z@sMB3y-s)g3EcRjoL+Yw0n%YNm$^ zvuEmI!iDSZDO=r|bm#%Q?;s!x-J87xWTcyJ0J_0h* zorzjNPP*kp&q^0ZS3P)F&Gc~8$pcTv{$V`$(5y%8rnNbE*Ut>*@ZGRCXQ1nIUULSz zVQ(~K40Eqf&cUGF%C z%0~veZm(n@%z3#|?l7&U^VKpO)5lF`%^jZ_?(jTbzwP9hFgIbm1DBYlH8zfjN4E5e z!Be>BuE4y}f-OhH5nsZ<;40j+$szO9eMf~T+63NysbLN^fw>_kq7xjR6Fnzkj#{1P z8KY^NPU1N7Z;$fi ztGMf+-vP|RlR1taP6fl^NsCqn%rl3;(d(A%Qx@DE`yb5T@z`_DDFzVOU^vQO9dLcd zaBQgj(L3r*nTjL-^YP zeI78U#dBP!dZt&moxscJUg&e~zfYAj1nnS{n5_`M&gO&RC?lwB+F}ffu8ia*p>tHw!pzGXuDBA{ScTh>FFd=sJQeR zegBpCVap|*~e`s6*Fz2r79G8!{mjUzTYK|KK60H6Rx3mFc{-vGcu;PPu z?q$f|6&xq~fl_~Ku={pkPHN;hbnl?`NBwFFFqe}7QmFRz0k;d7S!+2?##Q>&MZi4< z%$RiwPRSqr9N}tUZo8V}sNI4cm-Lf_t-#b=%W?fcg4N#v==TEiuj@EY_5&sE=h)r* zdVJ9q8>LWj>3lip27IXDMvjy9qWGJM-M<0jyouxF`CO?N`k8_kn1-7!;L#ely9 z6SLlr3sx`mbA@zZuElEtltTHV;j9Iim|GZ33)K(G;4cZ7`)=hpd0ZM^_NF~i*meW6 zU*KSd_K0^FUkD={wbO6F^tz2CK96EJ!wcP{r~JeS49P6v<9o)J%t=S}f0BX=6*msJ zDQaA$9ON%IOn>>nm4)H&$}s(158NGL_F;vjt`EcChA{oL0Jkj+fBz2C-?za1 z9EQIkcZAm-#{m~Bu${F>YMA~qfIB-3e|2H{s|W6?F#J6nroWBA{UZ#2pM>e}3*h#L z;cvj5;kC!nz>N~v&f3Efraw1uIbry#4%6QSz+E1Ozx%@U_Xuz;sz2pAkIwtMfcZ+` z_<7%Xt386E~M2ABz9;LZdlBMe+FFePE&s)1P@2JR|g{uT!A z0brgA1Gfd3cf!DZ1kAT#;0^#2dAG(=XYDZnm=R&%Vu48t1D6a;Rv5TEV9Ek<^jVV} zo@@Sdie&<$>)8D@!wagU@4x}OQ^C>2vfXZ{Df0K&Uc#29;RSo7@W0x$u1c z4X4tY%Cfqo#5gFlDcZDXOFmi*-{U=A+lp&toz5;Ttgfu7T;#LIW}RZstn!tXmtIg> zvDl91995-w7YW~PjfwVpmlb*oe7@?^g|)N}>JaEkip#2stBqRxG&8!uS4Kb4jIQw& zQQoO6KVzPLs@6ODN*s3Epw zuXDx>S9Z47nVzmWg{jq8oJI%&fGW z1>Up_R*$H`{?TiPP_Lk5c*ig)amp0)o0<61K-k#$RAiukv;#M`c?$H*U*ObE0nAPp zjVuMg^fxr=W29k1={v@W@aof@1{N#S8=d&b!!p#FKmGqE_tmV?7>KmFX&E{A(y*0v zA#boAgsQSej|Q~525TI9eOfGJ8cjMIOZZVc5J>76ILu~xJvmvpH^5!Zm70FgRH0XR zX1JYvKYixbot8ld=nNM=_-c(l0WRieW~Jbxv{p6>7$OH8Wo)<@0U#Ys-nrSXEF7sh zY4hk<@MO8NUF4Ob(szwLln)leju^=ca(F=GfaMvZuQj^Hm>;i~RR_!C?97z87%%$+ zL)DX=cDBo#qm710M{8DbRarq{am|d%YIjj}Ms0aW1I71+>!{}rh7POJjUZ-lOOp#9^SxG6kdQ9pq zRghUh@e6IR9t;27R+J?&Z}iqX?;Gv8W$KuR=H2@XYGf|;l%??E_4U*KXmmat+oNv6w!!gu+{X0PspsDE&W4XJ z>vim_zx{s2*gvuOGt<9*aj(U_?r!>a!7UpueR#uLxG#=HwczLXth?}ez$LFQUb?XN zIe%dM8{1?BcsOjl~`v6%Cmk~beO zNLMbev7d#d%=5;@=ap6zmem#&gQX8$PL7{2E-pT=wy@flS6GRMsntF&{{o7)Ca&c0 ze3s|oSO_kW#a%3PHmy|XY+5C_LYBW8a5y0$f6Il= zrmYYZVHp6X|xYvZvrfrwFx53R}xOc&gVE#T3I-B;P z(Al(qfy-gI&n50_p|feO@ z75%s(9WGKDcK5h!i;t~WQ`JxxsrhWs(u$XEtmK6CE{FrAWiN8~GPbHA$&bpBs2rej z2nCu8IzfgT!oy9&j%iplW5TJeYhMB&4~xDzw1Jnui#ozC6yU0uM)0&iCRV76r={xR z#o|vwmqfZGxFa_a+|2}`i@I#fz)R`5HTgQYW$hNl-({tY7-?(ayS7*;f9{Y=pt7Y3-R^^^ zwRCidgD<78ZB0k!;19df(H-D4i7$s5yOpNkbV`WS4w*G!oWo-GXmk#vmwdL%zg$=u;Sl{e{@2p)`!$cojyHZleX z>l$!$bfMS0hWkc()*80-_=bjeJp{`Q1s!P8um;3YIPlr_-g=`WH)wQ2Q?ufAp1sJh zvWKBi)Eu&hej2+qXmg`HcJ!R!JFz~UEPQwPcrvOgv1Sz|3K7RgL%=!nPq z!s~j%l650H*1t4J)P5KUFnSzvCCrKNK&P%qwg45K>_TUS+&UVt%uX#ER~#7Yk5De? z)K4eINcKTII`thg7eh4Pk*R@`5Su0gk=g`sG<^seJC+?7eEm`XAmJZ@{NqFtTy;K9 za955<#AEA~@&PB9FPc||4yN^`9X#URg#W~6s&DD9n zI2R&c=mP06C3ND+cl)cw!>ff3=Xg_vmWYXuon{{PhK{3r0|a;Cz{{>hSn6V)floPx z;WW=yBWFTGM_g^8?uZS=y(J`HoWAHC)+~&zhAAItm^6raHOv?G4)JS{ ze;gxy+-t0R*}TGI#Es#(+a2G~5#{Ue7wokGSaxursoh&oM1JT}B9dJmaE{JGbSc)8 zE%!vHw?Wms4gO&MS(G2+-af1fp9~j8vZ>}pYmZIW3C^% zl8(eTg7_6J%?hycXAC3Vq86kc^be^!G!m&N{X^;w2P^UrMLtTA zk5=TNiabn_k5S~|ihQghAE(I2EAj|M9;wK7MLt21M=A1XMUGKq8itMOBxV1}#+~3} zmHnqE@)$)vRguRk@@a}3r^u%(a=g+%#wqf6MNUxU35q;Xk?Ee6F-=nTCnez0*pO%p zH>N2mJxmAWRO3$YbdS)O_=(xCp&5`d(WS02Ih6WvDsr+S&rswPMRqB2sv^%+WVa%x zDe^2uK1-3)6?wKIXDD)}B6}2hjv{9%a<(GpDDqrIo~Ow36**Ut7bx=CihPbD=PB~J zihQ0TdlflfkqZ=gp&}P5a*-kzEAk>mUaZI^id?G5=PU9OMJ`k1az(CCG0Nm|l_IZJ zx%q_ zBEPA~|5W6+6!~pMen-jA4n^Ln$nPrhdy4$NBJWb<4-~mgkv~-Aj}-Z1MgByQKUL(< z6!~9@yjzj?DDuA*`Ey17LXp2z+j`42_@Q<48tq&9iabp5cZ?zrSL9Xd9)(ODDh8J;?qMEV>(%h zfB5$UjNb7P2_=4ElDj6mUPlxD)&#?*}OOixqjLB447&^-6uNQtE%TvcEx*FIC2)%M|%?MZQ9j z8x?ttB44SlOJ1MZQsyZ&Ku&6?wfPH!1QhihS#Q z_I(T4YPTu-|E9>dEAkzRe5WGcMayj((%p)Dk0Rfz$oDD!?pNdo6!}3#ZdQ)(hm`Rk z;C_H&|A-<#s>qKi^5crUL5cr_B5zdWO^Uo(k)KrLrxf{VMQ%~b`-~z#tH{qO^7D%P zf+GJzkzZ8gEz0ryk|MuMFB==uR;B*78TJwTiXsQx4^YOJ))ccr!2N&(bN|Qv0MiXj z+z&9x{~TqO-%|F!t;mOeKfs*-_m%eDW!|lQpw!?0{rdq?4r3Pgj55prR^-nW`3t4I zUn=rfiu|=Aw=4H&zft6GmGO_>Z#1TTN`3xEk-t;q|0?o+qciZ|EB)gKW&e+gd_eK{ zlOq4D;D1r%4h8?KBLAkyzbo<|iu|V{clCY%eUyyeXSZm>!1ZBVtmKj;=LUBa+nXzO zC6cR?T%+WgB-ad%+qOtutJJkgUAyEuBxmiR=W3YbVkMU(Ik)6;C08Q3I>|Lku1Rvu zl53G%tK`}w*DkpZ$yxDUEU&d;l8cpGlH}Zy%LT`4qeSZJq^?ownk3gOxfaQ_O0G?E z?UL(|oE5Wckw3}BN-jxqZpr0Jt^^#Qx8!mqS0cGO$u&x@Npj7SYmr>5*s$>yVtax6Gg9VkMU(Ik)6;C08Q3I>|Lku1Rvul53G% ztK`}w*DkpZ$yxCxr|5r@iLk|)ZUh^Lnxw87oETpu*DCk6Nv>UT z9g?#mb0U9|iLk}FxhBaqORhz7t&(e#T)X5tBxl77QV?i-mRzjl zk|gJrT(0CwBv&W7M#(ivu32&|l53S*o8;Oh*C9D;UztD2(K^UH&qlfBDp%rHA=2Ya?O%!kzA|f+9cO5xem!$2g>|OE>?0$l5@W~a!Hb-yS038uH;H2S0}kf$u&u?S#m9sYn5D^ zYxtrLIYG&5~=8T&v{TB-bvv4shI`72mYr(S}Jb zR&q&_b4xB)awU?h11It)bxo3MmRyVES|!&expv8QfD`#c=M(vpT&(1hBOGJlebm0XhK+>**s$>yVuF7(G|R z!10{MN-jxqZpr0Ju0(Qml53P)ljNEu*CM%A$+bzYU2+|gvkupDHB54`l1q}DTXMOQ zE0J8C*s$>yVuF zc$q)R#Y!$oa&F1xf}6&UqY`kF8CNIwHcGBZa?O%!kzA|f+9cO5xem!$afv0`S8}nE zOOl*ha=DT#kz5@(45@T}le#9!HA}8Va;=hUlU%#xIwWTuDf1_}Sji`$Vu3d5+lC$CxCQ+kY>4|>uPf3^Q;|{}2ACq7|^|imo z0Q560`)dx|#o<3L1dl6f$zygYd7SelPZgoL@m+&h&DWQF#Jbl+#_a9S+~F5+NhES% zZ9jZX!fhvTyyoji%6R%|qIEC(0V8&7;j)0^=jy<--{sMvAQrlqQCVNOBy;$j~@R2CggjZR;WgTBmFhmRlO(~OzX z+7D3IVbjxYF#EAlwU%L{lwr~8Desw}I9%xKWcAe7@T2N_YVj=4WYBET3{d>Uy8dj? zd7xK-;)mb$PlGN1rMAXT!s~Z|o&!1-^hRubS+69{radopTLfp*Qr4u$*aJIIEPdjD z)e#yKKL}07=NkBDCD5)>(9s7$tY~nn#TP}Shi@p6NZ*LPr%*FT;adrSMD88Ur5Cw$ z6qD9+!HO8HTLSOqKiK3k3e#gE-4QQQAL2h+=NVvMJwR3>+4n~9-2B30jn;-~G4&Vq!v9NF4kUFv?`gRCs_i|S&8hTaT6TtN zyBO3SvKJdybY-2G`ecwKIx+Q3Lnj`D&YA=jeeMsPbzw@4594EWw8Nmwt}bN#-wjbcl}j7*xFbXD(WV52E2?rP0y30Xx}x=T>}yk4lrH4Fw1c8;~1Z1T`Wa{p=r^Dzg8l@05-5E{AQrS2=orvJpr?YyfQ|)C0F48k2pSJM z9dsNheR5$uXg+8fDD|0HpmfCFf{h>X#M!he?BhD0;B5HCEgwzk^l^sL50^tn^-_&3 zCS*V4Yy8H?vp$#vXpkiOpaZ)MeUKWJ`c?xQTfN>zmDS}1Wvm-|pw`=3@0z&=9d*q? zT0iy)NT`w6%8BT%Mjfqzi1Ps-u5V;fs$3Pm>J|7pXT9x>XzzcIp{plI#8;g6{60mU-3F8&Zcd}fByX`8k32$X&->&-`>XI z&ZhN*%x$SvxUF64=m_RI{aAYumQ$5u?KJV+$_0gV=0jeE-q={od9q#qx zj1Ect*rVf&j+HggQIa+O0|WG6FAK_DbYa_E-Req~Noi z!|MM*&kdAcwSF%b^?L>AXzXtUrShy1^&118*DrB4Z5#e`U8~^y<9o0=N(PGR=nQNp zcV0)6{>NiP&^n_0s&#agsH1hDRQ9VusXW(+IyxCVuOs4k9dRAi5!Xe6`ySgj=vikf z<0!^-R!56LkL|RMl2_1z33T;G$4ZbSx>6N(873{%mFl1h7)tA*)Q3%dC~Y+8Xeb>9 z<6P+YY`TJFA+@xwxQNZ0)3N8oC^qwDN}4r~OJuWU>PEsStGLWCDbABS3iazyx;{-Y zxGF1HoQ$t6Gd~W$es-lkxu#jS$G=0yW~0vp>@a2*_k|*&p=0S?{Qrux`XTl`Dm~M( zFcnd2n1gui7fOW8DmOW}0z1c}8IkBpdorlNW|uC+tgM&Va1G7R@eU3q1GXIQe$W%K zO%VE}VlKZN^c3jpK&ODN06h!z0#K?mEHzla81!OLIv3&VJoQ(DUJkkubPedUpjU#v z0lF6SW6-NWsl-=<{swvt=m5mN4wPP4z5$d9bR+02(3?SN*0&y%=H^YHY#t6;4f$5k zRiL+lB8K)i&~>1;%rnNp}SsiHtlVxdsphv9s(CBIRBVMBfWY@2IXbP zBkDyPdFbPDR&9CJ|9I%4-fu-6@Ov-H#VC$OeTV;IlnyZHB z@>28%=(k|g6V(g#-J`H=7D}{dJ=y;YbR6hzP&y*^fX)Q{H>d~n3(zH?Ux8i<`Zegy zpm+jJ)p!71@(s6ej8S-ShEr+{wl~pU) z0O_g5(g=0`<6aSL()$DQ=@6MELgk<~G|qWnLmg4s@RlSy_iqO+g8VutmG=!$s>6QR zcpVbQ&vRTyHO6(+c3ihx>Oy>X&j0yKx;ZAk(`Us;Yb@v=%{qr*hU<><+2L8(QI^AAPN41+!b&@t)61t1|6MZmd4k(pvhp4ZC;CX!!XT#D~ z{P}fXjjrLij{JR(?Qv}Cl|V9dDjgh26J|bwv49>*#vS zW~mG}fX0B{2ukI-36$!Q?(6e9B90&ZTt`Pg*M(b0r*vLN3IDIwQIn{nTSOh*D(dJq zQAelAIwFqO5!X>2ah+aA{V=+z{iq5kY6Ch`j_JIP{?}KO15G!*3X4rsV!BsEXMdys z98HMn%tW&RN_6#4axoW8cLN+kM}+Ev`l#_tb%&_`dq64PeW013kAYI1Jq}8JH69!9 ztHj|;`S?#?Y3%wj8Q#)_#|Mit|KpPsbpZ-^Ey%B9m$HG&f)YdJa)YdP9Qd@5YrM6DM#@m`W z-qvMk0p8Zc@wVnTYHN<8wk~BjYHQ+nTXWnW5=U*#b=20}mfD)@sI9q9Z|hiS)Z_Y8 z=%_3wfsXCGty9_9M<=HsNnGB0uuHkT&xI=B{E!c&dVVM|=xFXS5K|XBbm9_r9D9^O zy;nEPtn~#R)W!}`0Pt#TNTD7x>tjG1hnbG~yM&Gi)zf~^Xlyr<0_jz>Gu7P=P`a{s z7nJ(J`=EpQ^efPRf_@G9Ht4sYpM&lL{Sx#$(4Ro}gZ={gJ!mxI z{|I^l=ue>3URZsK^|M4^ct0b~#-7AgVn0@YflQoD`x6|;Ss-&9^$@P3p22m~q|PCA zfse40=zRn?ee4`hdmVTO!9mZH-K6zswF95&k7x(!VoXcevNxp#p780~EqGvy5Br8( z&%jQf8D^gZ#sljde6Jm%g96ZJhVhs;X=@VvT#GGITY&%58K-ydHc0BF5#47WjO|iv z!#nNVX%$$Xr?${nT3Nw*IYkPRL@#$>m!X%_t$#W!^nR(|uksjl)S+p%WQWdlG|&l$ zs-Dt4$Ro+CxM=E(`9ep8%0-=#ZZ_m#qjVl7j8xWqPP1+Hrqdu?p$$#qog9Jfz!eOb=9PH&su=m6>? zg&n{T!}cb&(>raOdBt^nYTBhnIiin43yafJvQ6^}npKKs3)-yuxN;6~l=LSH>=Ak{ z*RlUp57d@cZ0Ssc+ddI|U~z#`kW^5b7|#UF2b~22y5pqIE_I!?E1im{UCBe-q1u&Cr~j|EtIOQ3 zG!yQ2yXM1KPgD=;F?tl*hw5e+CMpiRHRj z`%Z(7w=Z$Led!hxZ(rhg`*Iw$FUL{)avgc&I%;38qxR)G|80@R94x^xZ#t0(U#j7|>aoiB&sOZf$pEXm&{;zBzxour zceu&UxPphgBXf|>3S!ld2%K|baLS3X_y!T_;TuLI!Z&j7DSO!>O%A>^1swCN5237M zX%H?&k!1e1Jzks>C!JXRq>}V38U0!JLy*TaAAk9q+2NAoJK8!L5s zKiL4wY0BNLzN5=SiCv5rV8t{9cryqi8?$Ryf zKp$`#F0xoPUnFLx6(M8Ahl<5k=7=)HB0neXeX;XEJ^2)vmSdu0h0k2`B}W$&4s4Oy zcFF18`q+qjV3B)g!Z)VE?rNpazl>=iY>;&L{#rT9S-It+~;v}Y7H zye?>(?u>(uF0YZO6H&i1bt0PX7_YqOa*BpVq@bOS@a*0)n-4W}B>PWgqb^0o`Ww?= zSm=pY`oRAI+86XsP|D3;ppyvGi{CWu0m_C6&^b`|1T6#Y4O#_i1EpN`1-%!vKj>!A zfuJp*SR0x>ro=nP_3uL-0{S87P*AGtVW8BNZ^p*EGI2KTdZ{Cs>t2?+SEY{1#cdBr zT?$TO#uv<~E4#6gjxk!VDr9-@yZw9-83=vdTs zw50rr(9y`_!|JCjk>@$~RRgMM}p;X&%OPD$9IOx(Lbz9SM34=&7K2pwwZ` z1$BaYL8*rFL8)QaW8)1=9Dh2&b?=D1w&2U>t=dQZM_(5xVVir+r7?FwL+canW_xao zX(PH0uY|XQVSC6atz5W;sN6$q4c{xBK=efA-j9tA1ZrqXDY)XLx|j({oyiSK^^yik7&@wXXCTg| z(Y%-I=v2>j##Kh$^j?2Fpc*l;^eYm6L&P_h-S}XQiKE?4rz;QLFo_2PiB>z3KLChL zfijnFfUvn}JnsSxSow+adL6b%tq}jITl(Aj7f9-4q71tJ*cM|OKM4PL;?i-|Zj~teWRUFc8_MiW| z6NFoEjx1hdI%ctuqtt4EvQ%P>3%Rg2It6vZp@o=)r7Xz(*tZT#o!!Se9v^o80Q--9+VcGBMUmF%`uE6 zZ-I7@Q-E zfqo0of=+|QBhrF%WN}o0g)n4xk4g*9k;So{TF`4eJXf3}3%ZeRu3ck{$E5}5$l~Mx ziz;aKv;ho{!8x)xty7C9qy^{5BEfI58X^)sc+k^EFgyn5$YQeJVj;)v(BYt)uyG5{ zkp=zO#oXrXj*hU}EG;-k7A|fv)S?X)G3er5Pc*6IF*rvSXEBSqQ3e>aw1-Azi&mEc zVo3fyEg@~NC(2-A@YadVMDu46{c(O)KKN+Z6EX+CC?9e3+o+$r_wP9v(pyrjLWAP8={`bjE5#QdEdeT>8nwRZw8_>3=;OG9& ztozt84I|JKc; z)6PiQH1Opu?YA^OcTK|1sXH=Oym-xouRgo&!5jLOEnM0D?Dsl7@$HL0`)J7a-d{ZZ z(5A0b&bW5@fJGO7xF_SR7f=7kIM>C)I~I=j-8u2$C!Y9l)a$oJu3ptReRrQYd)=r> zm)!9Fz}XX@eERkEk(0^}?z!W-lnmr1#>- z_OC5UxbFGO-if-oyvI);4qEwHOxwz%hd%M{#Ilv2J^AZxAFgOT>+3JaCZB$P(Rl|u zp6K6t!FfAAe{JfmGk;lBeoaQd-ffHf_gP!=Rq5|PE!bYvv&UX|ZLd2v zmgGKNuzON#{NN$KRPMTI<+#(wHwB&?^FLSot7KPN$C~Q1#+)zG-KJ-j%nzwq^h~k$vKAJz@`Rs3> z9~?Px?JJ(4?;Jb+)m7)mUVV!9z-Kp38RUK7w8q8zV}HEkrwhMK&c5e~HzEdoW&h55 z!F^Zd9KR#yQZ0SKnzYpD<8E3t{P&zM>xZ8H#7nxIKKQ-AkNWlW-Makp_NyDGJ+t&T zU4Cau!Svamj@qWn=RNxRx6|%ge~B*Z{vIE5Mbw#V*FN>|$nQsf_3580bor@=|5f(T zuWu#l^6Z&o&UpErQR{U3P=6k56PaS$3NwvJ=f3sv-)mbE_mgIYrgyEs#Er#nl$Ue?bnYzXwQr1Bv1jAJ#;IRyx#sq-Cwa@CIJkfLDqW88?*DpQ;-tGz z-_`v7t4%%k{d{3`UEeX+&5ro}g{EU)PrPQ)(z}N?J)e1ZWn#&;bqhbXd|7+-vngv& zxO@9GQ|G+D@S=!4JI+39?bSI4yajKaS$^f;&&@CRDy{cvAE#`8=7i!otK4o387w&p zE6c0mN{hDE_O#H?=p!`8qT&KyTzves77Kp+%QVX>%i_w5aIuER#7q-cR9#%?TUJai zX!MD&@R>2mdWtJ5URb+0CYxlkjIiYQ_h0&RRGbe#dW$KqAc;IgSm-AV#7(JP-Ohc} zJ{tKbMQC>TGFs7|2n)@$C?D507W%E|RennS0<6$+P_AVBC#z38_TA*S$`Drl1FQy^tS0>Tsw}_N zWx{GefEC@4^2fUQ`J-`5m!eX7URVtbu%f9>gry4qsYkwX`SrM;rCZ@e5SF3>tfHY0 zWi>_|QqcicgP0Y~G^rmSz5GU8n(DC%gw>z`tHI2QW}B3q-q$>hj;>oZ39G>YR=8(_ z9MX)FtcK4Wyx(uNLs$*rR(wKH2pF5=L|E)6fQ8xp>+E!Ziey6tMWNs{58@Rwm8uL8 z{F(~VAaM;w5}K+Mk%sODL|BFqi!^0j#d^-s|EtL}C}Ftg&Ct-1 z#!R{)8evICEIK|Z^$Ebx1Dgm-t^tD|WV=2(3LFe4e} z5B%5j+%EuQ55V*fz?{G^4)h&r8A=fWm{Fv)>_eXQSiJ%;qZx*thwJ5v z?f_s~>gp(5RuN~cpA#8|dbl1dCLq>H3`371bxh9y%*hO6te*h^nAiZ!zyQoC43m#o zG=5Qv3c!qk7Uxp~COQCfD#LsNjNX3+ag3pU#xl$r{HNpPvX`FyEwFx0V;Jg(dV7rx zh!w{$K0~a*0hrSn<{|@TNI-t#8HTP_sh+F1o`9PS5KQegj$t-HP3ICy@d2^MLmOc^ zfd6`X^$v)Yz%ZW+%)>8xF-EDeCNK=0@%6GN1o)ZAFf-{twhOlR*&FC5kzwcsK0QAZ z1N=;47`nGen6IB1mlx6<5;Ab+!l;JB0Yw%n9@}g=64HKXxWFKjp>c zg;kUVmh55_?L$L~NaPa_yro9R#0$+NP1mFe&19*`7n-3`bD7YLm6|7oCP8XG6`F}s zgXe=R#Yjzx&>SN*KB0-1ntS!4O3h}ICMG?Dx&%wq7QHlRr~|M>waPTKizPZ=Fb#D8 zmgs0=nsK@#qD(_mMV6?KFpUmjEos(Jftf}|j|tFF*3F)e(KXUD^;w3IIi&faSwmxk zSwr(WrjdT=I5TT#K4#X?SY_7GJc?;#Dd^m6)?gaIHRE&;&27w>!2y~fx@MeSFsj{N zT3lUGfv*58(o}2_>;{wt+=q{TaVtMkXy2Qn-5Ey14G?KHjagB7shys?a^xnz)qjK) z!)S51Ch{$$qm2JpC&I#y3{5*_Rq9S|9Gn< ze5b*0wOm*+j44(!v(jVD-#9&&pD&=+?iE%HV~RDy6zlsteCd9xkA)S(m|~@vV(pmx z%0NCoQ>;NE3k+k5p7{(MU)fDT^Y0exzZ=qOAg%!h?V$C$g`t-h! z@lKN%(6mj$ieXH#+@@IRC;Oh{a~q0vKv*%1DOQ>(R^{d~pZl$*(V>sTFs4|up!N4d zipA$Pgl-U43}cFQ7PHd(#vmzqFs4|T^c!OBzi-gleyh)g6~mZfc>-eb`8>snr2!R* zVN9{+KVr83}cEl z-xTXVH`jjWx7sDF7{(Nft_b{no?`Lq9g1}{o!pQZ#uRG-wEl7pcy2(1-)g?FVi;4b zvze7%E;_#WbrZ!{FRU2G6zd#QteTf6ed)K_C9D|66bn;EL%Apxzy6|FL+BKZ#4x5< z=R)f**R`*-Eb&`q3oC{(#X65!8Oz15cPPen!ir%`vAhAX{8sM>D~2(}%4b%_Sp2#P zYHa{bG?4PKMVMmIRKQ#=ztwDE#W1E=3z?NM7Qg<2T3aiu7{(N<&>ZVJ&m(@T*M$|s zm}1f7z~2w4z4&z;#j?_L35j7$v5KKJlnb%^Rx^ba!KtHc1aJv)izUm+sFea-ilhp|eo<$DySOaJRj>Iq~tEJHTWBq>cg%A8zxx$KJ zOjgw3+PFYiF^tJ-naS#x)$hOIw|Y@nF^tJ-xyfozYur}9Rpe3FiNr7_t2$`?IecvX z85{goX~K$OOjavQR_||~i3H}fLFea-DO;&5>Z+yUS zWj`7_kr>8gbrH1wa_yh|*Rg)9CBlkfOjZ}0tO}ZMe$sFCq_AQb3aT9x8shORiQjR} zA!#MH2n(Gb%_*+1WJyip1g5+M|0684P?2Wz-9#`_* z8JV61u8f?l1&(nJ(v5SRZLs9ud+ENt_<~0F9neRJx@;|e;?QL~{`u5yn#IR=({NH! zHw}}!XPB7St$2x(x@DF+zI$c~-81W6*;2b%w$yHAl75ofUBj+dON|$=-cZlZDOgxm zti~NT$2RtZ; z6Sq_IdP~czym((Zy`aYDs;;iA)>7D{W@fREzY5I0hs||CUSa1u0^WC?K0RI;Q|Dkz zr2&+WtIk>aFlu-uUd?$To^$w@f?PZ*pL&JbHKCWFELz7>Cv3!c}-!-LcZ^)QVGk zi5{b?W_q|VJDDCPT)6I@vc-CwT8=|?H$7nY9Ry^dd$X5-jC9jYKz6!084Acxcl`up zs2hVqKxVq*BOoK)ndJrKq+3q(taNd#(}Q=_Ob#fFTR_snf*RPTEi5oW$xQ^(`XqVb`Yh%f~bH!z> z_-@%N8R&Y)F;qS>&~xL_D$uX$+piJ$D7>jh3-FB98c?5(Zb{o=py!r|vr{MA0Vj_Dc#8zDC9o;lDl04h{N}j`K)3(r=OKO?6m#N_S-& z^AzSt6|9=@p){kXFmICucrxBf;5QL$r;m$IvK!L4#Kfee#PJg+Og1RNj*E{^OiZ-f zlg1|{j$^y>ZAF)F)#mQ3D}3yrrY#hYD2%^3p?mLi3;wDR=DYBkElR(mpRMnC56>vB z0j`kWz-MoAI<%LQ3e2JWMdNjnHS}@_ zQmFFM`1}Mg_b*{E4cQ3VUn0>^j{~y_ZwpZB%-_eryiG4}Aa&;NLts9o7cY=P`J>ZI zPkPP5kb;c|^b40{;4 zTPym(YAiNN0|OFXVF>DPcQ1TD=_*aT;syp|-)jrzZztv(n{LEAT1^~B=fPn4`x|g4 z-hwa5{Eg!Vfduncf_kaF9sTMKjtg}@a=_m}9Gsc=aGWiKzisfh37F;g`EkMWmjZtu z12eLj<3i<+{Jjgz`iDFBNBR35n5mC-?k^wy{tHaz2966=-X!>21{BeWT-&XiL zely1BC;hl!wTk zkiTYNnqT2K>Q}+ai!P*sC1W2&*VhITCtesf+={=4c7Q){r z@b}I8n)b?v9A^g!=8wwT^J9#Y*eG>Y-ZOzo{Dk8|jn8>-a2_zve#&teMuOHK7GTtV z24>}Mjth1Cz6adDfqCk4j*A8f)}K8nZ~hmWw&81z8v+unyjJMz+BK~n8>LX?Mbm0m z0+aO(gN2+Aor&F71M{Z9h4M%JWfw4SearoYs=r$7{u!7hdpQop4_e-_2y_WBf8W=+ zKg!>`z(oIt<2uXVvA_)eu5*8szp21%5V%nJi$|bsz#RCm;?M9aDB5GicHDlB(f>Q5 z;vL4{J(0d2wiw{z1s2VX_6078zl<>b%>!;>82;+R^w$X7jbZrP7^c5xfqOL!e_w>@ zZy#_SVfZ`xd#Z7N3e_GXfEy#QowbKMOn)BW^1|?UL74tl19x>8{vHX_-)7*pgyHYA zF#UZ6+z(;+i~7Oe7Q}^Wk72;Y2yAEVksPMKS-{N;!=Eoqe-{DQ7>2(G!u0nTaLF*=pz6!%%!YZ(*4J&IfMUA^b%lQ#S&0pTN=l zD%AM=7%jkc}xElnfv$#XBb2D(Q z0^3>Koxpr1aGk~dLtr|KOY>s((N+lx-LI^_;2tkFN-}PcdGUCG;mFYbrT~|E2!GW7 zih%J6Txa#N5|}Ghe?j^|v%u*23)cUrULH|!p^mrBz->|E2C0|N!u0nQa6g3MFN!Yq z3@KFph5;8Nu%X(G>Ny#hEP?B+p7VeyQT+v}=gS2~W--WdPW}E$;O-FE&f+!$vsvI| zIfBI9DKMSIrS{#W;6l~kXTW`{#tqWG)?Z~r#)R@01>A80E6cI4rp9Q^j!UBge0`K- zOPqqEc2iTm2Ats+U9>+B+Y~i_^!(TGt1iM}wFvEI1xKGw!Xs%qWzbc`OW4vhOEgFq zKDb&_U6@z7@O<{s)xv6gTyeRtBn}E~iZ(6Ul8;4%vFOI}+SXcHe1p^3rG?d%HI<8e z_Smdb?3q=*((=*^N-GxI@p4dADPG{m-RGESuXkCYx4`GCE?rpbE3Uy;-(#Xnip#2s ztBqQGO(nX(SBCp5G0`=?BFa0JrLI3dR;=}oz7q9l(Pm{Pdoz<~xn|^eGh8{|EN70( zJ0lanQp-&Dx-y)}=`L-&0Qcw=JlmP;O?GCa%uh?f1K!hwO=PDwDcLhT-W=yle8`FC zr+26DdCv5-6mM#}b7nSH3+^3#wOWF-%%BCBD6pmisMzcrWZs#cnc?!z%S@j;+l6)2 zcnDJ&RI}8~tQjuv+>EpwuXDx>S9Z47nVzmWg{jq8oAm6e@_ptGH`NE)xjX#JxzlleF2+nJ#Z?TDr^Yb~#gAS$Lpijs63+d{2rq$LUQ;gI~1F0zAF4Mvq2C zR@anXQ0(<#7R%+7`3URvwh?BMXcqr37!Ft3=FquKUMbz|+EEkPlIy5VDZcbW;YrZxTxDJ1=GdUGFanK-<9!=ZA!iT1XK>S1w;ND zUU((y{X?|z$w1P$W@wCnaf1zjBLJlF!8Sw)! zsvbu~St*u$p&~mF#@H9o6^25+4{FiFGPCurM+LB>0Lcq-TsYnEw(^>)t3R|t|aPN*CPgRr;8*l1oaPOjEy7n;V9-TACWSnJNtOqq+b9A%%5pX{`=UEUm){U>B2 zDcMgLkHO8#2GXqJsr1)uB~WG-KnF4Jav zGP80pN@UN-O7q|lW;viXN%zb^voH}0U1^?dH-K1-hx@|tCx&gDBCOGmN{9ZV5!s_b zgc?$>B!5fNo@N;72TgjG-o~_t+yxxnY%HO#lIY`|kM-epG?6!03njx5JtYr!Fs89s zABj0VlO42FSt2umwMCtf8r9ed=d-R!{ao+Y=t8JU>Rp+@y60!4u!bK6NV=aJ~XX<+Ikpy^{B%l8iKsrfummTa`Mv{9sHtP%F#a# z=pj_C!N!IuQ>N8cR1}mK7oFx?QB{1}?9!UTGg)@&u$#-f33WMIugNnn6K86QPPr_u zuCA!WK}ma;LdLK!MqnzbhZU5DNjfuyJTZ|o zW@9qh(y32)HlF#^d4*o(`iLqfB$PLr7%6!Z^CD_vWKH9}n7Z01-g>eh52l_~V*B735247|;%ChOqs@E+0KS-#2Yu{5J-d6t%ZYv>nlqF}^ch{|~8(MSYPw(x1 zd+F_oc!iPazrC|&^Q&(U{__u;?VO#bO-6-%#q>Kbe0Tf7pRPHuV(rMGo31(srJI0f z(@~bfi`Umr`=inMaBPpd3EKw8V_7byuTDMpmUlLMbXl)sU;XX(E5`nb&!RK^>lgQ0 z-0SY9Zx`IM;nIgUyp@YfZ`=!rvJAa=Rp#i2p4c8|`QxN3n^GGwUNQYkcmKZa%!^(7 zzn%5v}ALxrq{l7E)opl4&jh~X4(DLfA?5*2p9;azP zF@4|l!@q5{G!UYkL7fnT@%*4AxQI^QO(Od7lZ?xx@sbe0RckeG4NPk4=+pv#r z3V5n37graQ+f#9wUSp4~OG-Q?Z$5raU%9--epaau3$(=Nl~xp%)fN?lr4?Bw$4?j+ z7oS&Ko`*Tp!h)LOxRS$iRD<(qaZw(5^3@b^XJM`lL$@mAEsDabs>8|$FHkKm!49)P za8$H#G2Pkda$#!mF^bA+UrpSRDNKd$FpDDErp8x|Rht)A9HzHgTzuvg(k$RG9f@qA z|6z(ydARK*ye+OREh;KrbY!xI8mlQ-bhzbY6^5H&rIm-7D_--JSOo=_|I3fKN9GWp zLY&kAzD!$Pw~XD5?=3AFr%laU}9)@QBZudu!m6-Sebd%e}Pp=)pLr z-GOt_IoSGY_XrN_iG#~yx>p2e(>lQAGTk47vuQ4ze`wy(S4$I|O~Z7ACGiPAZGKt? z?#jSl&5D}kmCLc!A{LH#{G6 zEitvWZ~l$S`Q}snb7KizQo8XfC=wudfmo{hui_jgmD;kSo|zBj!K3g``{qG1rAB~X zcB>sUiT3QZVQtkUEGmxw@Ol?iSZO(_CX*Iy&4;AX{`7Sao+Y=m5^poK?zR11YNy>W z%xSnNCP%y2_KlOGOv67~#1(6}=C4b!T4;IKy|Gj?udxs`9|z+Sk`^r`3(A2GiF@zPxq^!QFaAI#3G^ zs>lxP|AuBfY!1!%y*>6eKuej= z6}=$lo5g=&{a>^P>$}(!?_Oi2)`&;0S&v5@qQ_HL@Ey;ZnCh^KvRcJ^jShxu4;F!L z1b%Bd{(XoolKs5!FUB3j|92P{jqZqPDE7L*@x2oNgOhVbHH3$19XsOW?tjRkLc*TA7I*hWJmg=%9rlob|J<$5F zWm>X|Yii4U%-l{;rYvM%1|uLXCbzhK8KIYeeV()d2&4f3 zCxLQsg$Xtr`uhk(tEfju=YU$VVUgr&mhpTDqnVOZU~W*lfJDXCT)@IRpfQD~W8WO!SjIKjdtMLx<6&b#MTN**Qf>!m zlcVuNB$n<$BMi{ai>A&+>qXh|->^b^3(pjg^r>J54- zXdh5qFlt!LsonwF50rl2H~@4J=s?h=pi!U~f({0y))@jy)qgbTqoBh;-vK=a^aIf0 zpnE`%2mKy&1SpL)I4{%>LY__l9S%AQGzRoUP+ElbB+z8glR@Wzo&rh@GzOGfU@Yhr zpmCthpr?aw1RW3h7H9%!+y7zjPvEPnuKs`gganBJWe^Y)F+$XcieXR!4%{$#kth*R zs3IhgFi1#Z1_VXD6jTsUv{rFw#d#L$2o4nm6|HsFT8D~LB?Sl6Rvh`gKYQ`>eCpp7+{o4`&~60Js@E3hYcy9}Q-M$ACS+A>i@gP;d-53{;7X z0M7CxH8aCE)(xB(Og?85{(b zfok(pz(dHF&cxMz;99OMb6E5MLz~7^xw5?8{I`5ZI9Habyq0!aK-1{o(p0^ze@_Rr z=K@+s;%)i%a;_}z=zvxb(3DS>Pa4enH!Yy)Lw}Z5h#u_}jawV@x0ud%cGUD^(z4kF zt5q@kyb@hnn3KB+r?*M+=d1ke$KgLRF7*>_@G}0H_z$5BOw#;c zLzC^PUH@AG?dJ`x(3(R@ZJ9k|v1WJ$6A>&()UZ&}u8k@~0~eiuzSdsFBhC7u1brcC z{MnF0ACT9Hjw~OxZ5!i>X1Y;iC)7sEN=n&~Ahn$hT{FqhCmCjGy|ZE;t{I@pm-{Ep{z^bOI)PZ)BlRJ`67 zsRHK96ei}*#8%bsU|YfbZDZ@2*Ec8X^{T$An$x0*t)Y3nqCveUgVQ`J_gU0hu@yy| z>*Jr%{qc3XqLH_nC&m>GB5e$(gB8&==HZb~%xckRZT*#axf%N!p?Is#vw8G2(74=0RhL}Zjj)QqodDjFGm)^6TIAx1X0s;?$;_19zZ z(HxznmP1gsMV=D4)BdQ39N0!-9Xm)%=y8K=5)wV|giDc% zfPPGEq1aAlL0`CF;0Imk_1s?++09A7y z2HyoA0lx!z7E2>uPl3t^v`p+2a056Ad=4xHUj*lYFN5cUZ-7fc?4j7D;G5tTApJv3 z_316}5d4=tWcz-(vP`YCw72%XsY2hj0FL0 zVL*#AV~`o0zXhdZT4TOf+ub@B8!cu!;cRIYqi!N@W`KS$f8Bu)Nw*j8^U&|iX@o~R zM?u?_Uq607wB?_@hEDzZ*(smPV(EeL38;Fgwb@yy#oogi}*o)_)2KDuZ@&MHG$kVEO4 zT+DOR5bYACPSC8o6G&orkZwjoG;;5+!&H#rtXa2L z#zp8uBth%(T0aEK(Z`=+?4kuZGz>3_#Z+|WZs=}vH-B5CruCX9cwoar`A&^ab`MP_ zVS6(vd6)=#8~whdf^+fthbv{lkZqE=+Msc@1y1=Vv^ znULXTH26lS$wr$z$%F1IW@|he#a;zjTSrEwO)s5hC~92szCv1h5ENZ@klDZOTzhK_ zJ3U|N?)RX<=zfd4_xbe+V_p996WqO?Cp68~mdpHCek#Ulf~sk{h?r6E{lUYzKN36| zq#4JeAZ{}_EdWcn9}HstsUE~G28V-dz(Q~>SOk6ojt14yi~;`zjs*`Vd^(L-e-OW7 z!$Eqw*cfm!I1Zcws=TLyhalGmw^a#pWtk}-OZ(A1&GL5TiKXf5rVGGdszp0W z;s-8?AG#!dSmE(Jdj=ow`~TIyz(R?k42< zkEU(p-m5K0p;MaB4+_&4FEIR)jk@8TiP@rp?9Juj(8%DrUxlR!?Tbc2`?`_P#NSY8 zCamcE+1Xz02;+Vx(n=cExEDuSnbbw+J)zmlM#?K&Jn>qg?%MUovh()CGuzQJUUyyT z+ktB=d1<@X#iY}^)Y`Z5Q)hcbk|w$yu05b%3vP`!(@|wC{FP!6GP_*MqM~W3>a`lU z+^{ObqXv4=DCBSts5 zs2ADtv44OaL3IOIrLk;qZ&2feuHZy)KX3{NEj9$Ucl*+&_5}Tjd1Fg4}Dl1CLwV0#5`%ReyvR0)*gH;i;;v#Ar zsNMN7hvC*?L{$e8;gMNEF{?#tMe1Fv`1zOOm&Z*@ex;6BPt#GHH-pnbZ2Op6FDfQ> zC5Rs}Rim#!cvV4Svc&!g(romiXiRx zLGe)LvKGG-_<<}##`V#42N4hDP==;Xl^$Haa#f1^c*n-ekb8}Uq+I9l+a>;FwAt@5 zc=EKtCAGF#r6f}?S$Zm}A|9m{>o}<4V%02GG1Pdm^7%uViYh_X4YM@27X)eYkZfUD z#njqqUVm5+~CbiaTXiBx(cCeh!&^2hSeD~zP-&}2zl-4Qc=UF@ycdmv?GhgKp@oHN}wa}-6 zot33=&seWTY;z}dpQc4drFkQp@JL&VvXRO5&S@{%BCi(XSZvSesoNQZ!5iV`bAIvm zCq|z&grqW}kz+2ovd$bzPmY?c!>ZK+r+cd(XK!xI`-E9!4OWqmftuCvTyW5sK zdGa);K&5T7kq@-3DZb>=Q(TivueiG{y~*GKJTC)#f>S{0@9CgaNja#}tNepczxoD>xrnWlwNrk{W~wEdVnPe51n&gTEU8WH zSQA%llx$ba)Pu`ud+?I#sfBu7(5~2|8eB@Bszyt&l%K9E_V8j#^HpFk@ETA)UIz{W zuLo5HZUw8r+dwIZ+rhKIJHcOr_khZ`m7uE15BzLZkt@qnyR)=EIaijk?k#OwK>M#( zpLR~iXUQ&OzG2Fuw2)2q6;aFZRDl%9rYq1=IFy+S`Te8O3iL~M-F^iMy6*qc3Z(QU zSD-Z%xYGP6s0#E)FduvpR0UcOssizma8rT)1gZi(52^ya04@Mu29HV|a$Pco#lN|;cRh8=oh`D+aaW@g&1f#{xmnoE7uWmoI(NMNxoya@LZbd|?@{Mx6~ zLClP?mDMxKs;w3iW9sGGkJ&s*9UJ6A4LU4iRdz)SsT+y+SSOU7sVA=EQa7h65oo#5 z*q5rgkwmY?ROyc~QI)H3sW@b};|;GN(Ga5eZG_&E4yP|EH_@I~-t z@E!0qP-XHusQN9N(JDx}vb;{j*V43FWobXNE>CxLxkQyFzx6|^%O}|yM+Jhg>l8N2 z@+_N~<7TFZHJtw4PFLqkTy^f|JlhoaEV({gt(uKimCV0YqcsJliuy6X4vp7nt5$bh zqf3o&){^ya?O^UI~5* zUIl&*UJrf=t^~gV9|ivjt^>D$e+It;Uk85xKLEFbDiiNOTcb6uwKZBUTca&aHQLge zP|VcJ++c1E&202(w$;d8Y(=wL*XYea>u!F@RmK)*Pz?xNJv(InQ90gRGlhpw(x1WP z4131YHk!4{6a5cXc$<@$mx}8(48V6+KNuUnRI3QFB{c%88 zt0s&C5Ra?Cy^~eu$m;1+r!%)FZ-PO>a>=+$X;F1*11|B2``bZ68n_pemHSUhV@*A!-!h7ynE3X9cNH{keu8CocGxodQU#KRZ%ne*FoQ z&ws!EtWX+~>dyg`qtbUEsQQx&s{Zrqt;_^%zifc@U_)91N=de8JDwAGvJ(u{6~mOKYS<)nHOlHP&ICaiERH`G%c_ zp;ek?n5Ow8qfP8mZ7|C)w^ekqx>a`9JJJMmLH({4U@ z+1h!s9r-4zx2Vq%Lf>*Mf|_bMj)NMQb%EtrEb1<1=5g}mX<=(mM&dM{2ddHyZ#3?$ zf*v0C%5+re1!06eYs=$o9@p|?yUZxwOp!IIg3mN0-Yt=-nxcuNLSz0@FSURU z;Qfxc8y%tYaCa~pYzt}*qCI#7xHqVppAAj{yMt$gIpBQo08m4$gTUW{JwR#7gTWiY zp5SWmFmNr{3w#dj4L%PZ4!!~AgMR}DfSbXiL6z$fT$+UA zm9bQH`#;c9Xc>ArU};8Fy?;@B7``(tWhaDxUQ1Da#RvI2YAJg**;0PVfxgCA#l&q# zEhXp_{#Un@i>ZlfDVKoR;ANm%%5Oonlxsn?lDJuiY z8pR=l!v<})7*`9gLm8AbJWw_5#IJ?ba>^nNk(Ae<@umRq+)%;#-uK()uo_%JLrA z4}2dS34Q>c2!0I8wA%zKU+O`XvN}^+%5r6yR{<>T3-|QDS;}7#rY&WKzVoHrdZ$X+ zb^`hMoO=1@QiMl=;tm?;|Lan2!}wmMya%XK?f|Nk_XJhSoj{fH-k?gkE2vW57gQD;bt;RWrwC7TgX0ng~$1bU{uP&z!zqlCzOO zLYr0RX7E(+A{egt)=MH1N$^ZDGM*6$c^1)&1u35KA~CN+EXbK9uKC-t&0bU9Vm8DD zMwBjtHOMq}0MU&EyffD3a^IJ(rEd_ZcEA#SB~2mH=QI%FW9h6FlScf;gJLajmMY(B zO<>!ii?^<6Pt?D`*`uG-Zt@m{Xktsh*Fa}iPthvb|k_hRcl8{hT* z5iE0YE|YUXP7HbOF1L3J?A>yEx6s~QYwwoWyPLSvi!96R?QQnqa(j1|y}On>MROIm zQ{Y|U?zPib_cyrv``!Ib?*2h{e~Y`<-Zt^y=I$SM_jhnlq#xy$r+3-Awf1h6y<2bZ z?zeXv?A>ba6tCyGmA{&`)V*F6*Zm(Y_eU+l|~J zy3yW!WbZ!Wj?sG_V9yE3GlylE4Pk9+_M)<|WV2xXCb+Rg7>zG5@3?G!9ie;)kyxc9 zx>P&GG}5x~^tiVtv0rS3GOfw&-JYpkXi7MmtaR2y48SzCoXCgSR7p1vE< zIyd*c4-MZDxHPFAH&!yx7Rmds^~qG#(H`Je@jmdRDh(X;I#ZwCV=6fi$-K=(()_E9 z?_hGxz0Jf^|7|Ae)^v(5;Wc#ik?JJEd$C28V%rbzc&of*@-)sZ^E7*@suSO#t;0#A zOLNeNBhzZiCfC|`RwKw|n}Dh+rm>IP4otck-zvhnE2$w`&q~kay{=lqH3OZ#0e$i$6N;*l&p5K&9;Q+Z?Mw2>giIFtCbo;O zO@y|d{|-i7{#NsU*xTTKJW0^yKmQwbL04BYL-L1H`ib{%C*AK!+3Gr-^7ZGbib<<~ z`E_781f7JTtB!r#suyR08nm4QjsnjGOTqI%jkf6*W4D4Ag7<**Hs&4trQp}x)8)jz z2kC5LyONIIf^9&$8?!(C8n7St*Mi!gejO+^b~88|yal`rycOh`N8e-it=|FO$Nin) z;~>3I>`&m`;2YpQpfvGH@JnzNNaDRefV+cqOEEUAdH4}K7^GW@^#>mShl3A+zXI7| z9h(l)4aMewkAT|x|0sAB_!xLA_($*okhsLwf%HtVm%%5%_rWK@t>8M)qx|TrVy(fa zz^>ra;Gy6%;E^D`S4=08JqwnC&w+D6(il4zd=b0=dKLm$?^gpqwU_Dp?ehOX&eg@tGehxkiZUsLEzXt2UZQxe$TW~+> z*Z1K5;7_1*$#zf%ekbzY+M9A^nYX(w?I!Lmjk0lkl!Bv?e~v~@IT~qowATU}>2Wlb zw)O9efJST`O=WMxl@_#odezC&x&*W#4b5rJ+oD$474~ zL8qc4Qe-L?6|5G`TDyv|>BH!4c{`WKu4k9MsE6vUnX_Dyqc-YyI<@9?f~rVOKh5N` z&(Xb?jol#&N9;oDF_BSt>epgG{kQ1SxCw6G#1e6$SH+BR!;#cfkiKa|IQm)(+Xd>m4`5^27olQ$pn zj6^ARvbag-aww#1oTSW=WA^wlV~1;^j>)ret>4<>?ECR=HUCkYrn(tEDUJBE$<^z>#5}1UmG~f!2fWX% z=jj~S=6Gs)`aG?i@FFXmNR}vMU4P-ei3cz>^P8KG>I%QGXG#bzRWr zERaKB#NuU8sL1%o`fXq94(g*U`lfUGoV?on7`%Oh6a1`EF1v6o{;R=6Y#ZS8lh1$H zzFo}NY7{q~L`>w(LR!LzW25biJ6b8^6)oIKXk6h@6`!^oVYR=qhdzrDC>?CE*)3v-JRSAvrls{C<(A z`8BJy5>bk5ZF^)~p|qE_m~CGoc{mfP=!{p=7GK_8&8rahqQdkihcA9f!+iK;LvK;?7;IWr`y6%U(kwfU~q=GVXZqb;>y5N6&2R%LfbQTolp@6%`yhke_S z2F>-eww2$r-$v;=4iJltiUm>k&spPJe_LQw4{GoZHJu7~6z>kz@Yg{_bjZ1@ACuHZwZ%njf zgrS(%zr?+AUB*hn7**EHx~?$T5$aT2c7%Evu8;X;cx(CpvTpZ4h(Tz@rB zWoz4~O00d_9J{kUbY5k`^_tNaambeqV3F6*_76oy5|0gnz!SU zC6VE+!qvg>?T1NYeeQwF`aA{K-woeSxa_$3D5|)n#RAs@xIQ#|f5X+q_^0NvmEV2D z>F}gwn}5J{D9>I2zf2w@54We1yCJf2wt>qHkyQ*DBDamd-;=|4Wv16mGs9BZRt=1r zWksfrnx#p*nQ?8EJC;*pWc3Q&h``7+dw{2CvP&&(@+5XUn4rc7w2G1CrNOD5>crge zbdouPDtSb$k+}*l7}uInZDHVBWn4^lnhkck86w{l+*eK_Kr+FeOQ+9?upBjgdZ~$7 z5o~@G+}K=8iwhyUg)4mtt8H6Z%JIRv(kYw923R?1RM|`uXnq2XeJW;0@w9*zAJj`e z0^JW;`6OCtz*{+KOvxmZ+A3(>`RPoqQJk1(qJ3LfcsQxiOFA*gwT5@f=(@?1%gRd2 zN{uJ0Lj1Gs`Khu`Z3;@y99=fq#9&20tDHnp5mW@DJur4&!l2nwYIrvCML?g4Zp%2%j%y&x{N2f{3!@&)5QBx?*0aX*OY{g zlZ-!~&~^#U%0IJI&p%gt}+m| z`L%NNjvixd?)L;$F*<<}kad%o=04aU8#@^!3(W4s9PkG2dw_R<2ZQTD#<}jH7;4x$f^Cq$5!3ZdOtN=U>915NR4g=2z3ERwV91p5ESvZTm1&#(a zKKK>b3oHibfs?`IAeA$=5}X3w56%Q%0V}|dz)J8(kO~{yjXXF5JOHc)dx15eP9&v* z#!dm5m5eO_XMvhqVBb;f7H}@8naFcN>Bksl4rh z2DHHeZDc?j9ndBQw8;UjGN9E2wDSVm{D5{zK>JNVyDp&J7|>P*wEF_uhJf~bKx=3Y z$Si;6ll<^3kmd-m($qyqn{Oa58EQnZnIkgwsLGgnsAe5`sp098oFW*ly`~XhRO8sF zXAWaiMwvm19t&W0wLJ2Uo{`|FOaGIAmU(^QwO~8aDw@z$xtB}^PUhQSu2+2fT z&CkS6YZGpX(wfqV@zbo4W?AH4!|^k-OZnn6QS2H-vAJj_o8l8a*u^G>MB8LU2mV`o z-;n*ZF2sxFVFMCWDsT-G|l*M zftluP*t6Yz5#}WFjh9_~3Im}$f3!}nn>wckrUscX(ou_LH7=V-+p$gwt`GQScv^LN z)wnkDAKeU1HP+H%xGYUxTblajEW^j_yZKUAhS!MzEZ+&ZET48GSlW95P2U2rv|k6V z^|->Lk5BM7lJsKvD{vh~sH?$kf$8TBDXXoltJdpqMJ02}IfHOaW#Y+$O1OWi5Z&bl zBFZIytxh^2Y1AS6aGY3>SJ=8_Jm=qfQz8$({-ZQ^PeU{(WPT)WugAf-Ub#a3t#5)EmR$yuFJo_Bk8^m#g+Ix zmT(`uZ?nRADn^yF(%FmO<&Hi&-HWO0$AA&=RPc20G!QG!qt`U6aFf9K+)o3SfTx4k zgN(n;s$4mU739qXzW}R1tO~Ch#Cq@;otv}x>%jfFp9S^?&jbg8v%x}e4)`nZEbuoV zD^jtmK~|(y9hiQWOxu81u{1f zQ#-vFRK22SkJW(7!1F=+_t>N0Z$YiHT?uNH?J7`b^j{5r30?z!2VM)dC0~CB4h69a z%&OY;;8^al4Pwi|n?ZQJTS3_dcYGwk_<`Dgw6OF(1Q&e5bPY+QZ_XdWrHv<7$P&)cHj1_inS zn7<(d#Xl}k{7h1BgY4C{_6;1&3sI!|%_7i;n6|C+g-lb!7hV2qVHBYda#(3rs zS>`qE1`bK7UVF7V+~3TM>6WR!^~EBXtv5xQt1ps&#hMhYGM+Kp*ZyIarkEy!WKA== zuCBz?WYfkBI9i%XRQu5OH1pOk$NzN$`S%{b3^N<{igC#V%Ho${zS+PS0M}UVrBLE~ zF={ERf+S5p4X(Z6DhB_RqUo#4*pcB>{MhNW)0jiCyMq;z1};t$(F*}9cob3DB~xom)L!C=?U~A}hE~j)UR_x+v#g@l1pFq?{A3NTtL7Wb% zjf*XydZo|6qrlI>5g?j2#+cgs5o9dv{RF-XrlB=I0-J%#>RmwPXA4k!K{7#ES}nnz zU@K7bCCpKnFTb<_i?~N~$4&+J0M#bigVM$xZmW&u%JO8vSen_rVrazyt<<@)ysChv z)@NlG2DBvstwHTMf6HuX8P&V6k`zTxRF}QFeWOd!e_B7(y;Wfvy|L7+tdRP>4M6=$ zr-?`F5$M(>Icwbwy49*nJwdm+GqAbIb9!|JoW5RNj$3+lnWWLH3k@#GiGk=<#m?;x zRFNcVYIY@%RYt+0G5yuJOcPB+O603a9KOEfWEJ7X(KbHM(N1*+!ftFE_br(a%?xzx zSh#M(zxhVTwu?u>=doGI(yKzPW5YwE!T1t3LG#zoUUvW@Rx^*oW$p6qxU6RGPQrKL zm*MG{Wvio4!1Wh6GK~JUt_9Gn-o7b#`e5MF_aBwfB9u1-8-KaiJ(q3JGX zwKt&4ht9Uze74UTMyJhVP<^%3kTze)^TxEfYDm-Ce0c&#gW7xr47L0k*5)eAZsuu2 z+I$sH8q?;hdFCgpL2bSkhQ_qHYR3+=xvH=4f1);j6M7@s+*i0(tmZ5&S@=8ntgfC^ zGI<8yS(Da%7Jqd4TKGsxU6-$g3*9{@AQ}D%N%y~Y_tMhx?}nu3_b1%jcW}PM_q7Vb zU8-++xHa!_zoSK(+m|y6!0ylnfxW?DAam3D2C_M8mhZTjxARAUuR%Wvd>b4GZURpM z561tAU;$VRYQnz+ECnZl>PO1JS>P0KAvhhBEqpq78#n{h3VH>oc2NmRpEtv8^|@SG zUKZ`i(zH|0(zKvpX_^PJv>pMiXFwYe(2fac#|5+#0@^77Z9+ghJ)o&Y+b|XcH1!mg z_J93@x|ILl?;kc&_cFY3{BNj#XhB{4W%`F1)SRaJhh{t1KiIdBW)s~8u7v)jc|HJ-au<vsu)b#chV#Mk+%E*xH(Um)Z@2@81-|#z7 zeZ%iT^$pj7>Kj&o>KkqZ)i>M(s&BXzRNrtLsJ?+c9;R=&6I9=D7pT4=9k=Zp|>le_D3~0v&v=ISqY(UdjrEM5f1Daa1rNsi8dI?Kw zuy1H!=EY2OY$Ji;!GtI>dw=eX%NRE@Sc|+rGFXj!$1^VDc5cRH-2ajpmwqH_Bfku@ zJLwhU>Z+Q-FT;Ev(^~T*x!>`OOEFv;>5c=x!S-@j<5s%W!OMNdFec2n_{ypw8~rw< z8q>k6c-FLyu2S_m8nn^Z!cfbvVH;h_u$y_>kd6KlPa3n)-{hH}tOj-PMi?5?!BQ1F zu+hJecpIz26K(Wu&>PXgn(-gUW1HN>8J96o{bc^aGcLE{wJu+s=TUcb`L@1xeCSG? zaZ$1Qm+D*|Hw*>5n;fw_GaIUhIp9IyfnZ-S7aR;84BiVK0X_!y178ORfU57jF%sJd zvWRT7as>Q}`vP!x!W#l=UXnTR*b(3`Z~({~Cb1}Z95@;*1l1Of2c>=4tLC(?Tz00# z(lpazX~oXf($h?frD>+c@@b~U(qundnr2!otwC++W?Gb>MK zO(wq#?@hX<%^Cw!=^$tp!XjunWC&K$9nBESDy&6~H zHUBryV$9?Qb@*Cx@86tf(S(UAd^djn_ERZnRsL=iO#J)tnn&LVwUL<@&9W5nc!#qr z(qOuL%{#)~`?DS6iC-uev7H-JaiFj{XRSs_NgP zpbY89z~0~!pbY6J!Q;SnpbY7!!Pmf-KpE1nf<5q;jcTz7_!f8~_%=8hdcm{53K+9zfXiIBJYqB&M(3U0x+R|h|TiU?^ zO$M~3$$++eGN3JOL_m`PZD}%~EuRc%OH(VhG#SvACIi~i{;x~;|BEhRqpDuQ+)B7h z(3`;joh~6`r@Dmyn_6kQOK8lj*Jz>%v;OCI35^)~JM0pCWBh+bm#_`ht1jVNP+h`z zpt^*gKy?Y*L3Igi&^KKIBQDb=>;|e!XbY-K*b`Kj&2*huotK zG<6A_Fb&_ zMdvGf88x&MH34>V)_6j^D0Gl zcPU#%ilX1VAARNtvvZ_%4Cbu(nQFGadJKOjyv zU*MCuuIgzSC%bomL{&2j8}a@*Dt5YPnxFE-H;z^yq?Hvey+@V{TAwROSNtueGoi~o z;8IW#P+Bv7aG_?^kAjkEsGPuSKVGwonN1%HQCA@ux4So??Jef6xtU7RZ2Jq8nXcn` z?r(t6MpXY&*(!DW@{j9=eRNfq{5!(-Z2-LL98n6%e2zVs;D9BcL?{RPvxE9p* z%ynQjxE`DfJ_Bl_%m(mJ;Ip7I<~dL){}bpD_Vb`L&!54=!52VnPwu=M7?w{PLM`8hfcAVqdo!S^LW7ZoZ^jY@ivS*C`(i3g?%ZV;E+HVv0X8&TY)D<5P(5v4ZfxWFw zjW(BC&TSu*r@&L}}N*+)6JlHNcOrPep!DZE1FGtJt3UKYgFGFv8 z>5Uy+Gx={-k{YUY&3CR$p4(j|i@+n36wy`C^!##u-z6)e;WepBNG-g93ne6_pcZM{ zZ^C}=1O;ICbK4CE<_)`8f?tY@8jdnn>Cm-_ilq2$0Y(25)c)l!!2aM?a3uH@SOR_x zmVw`ZXMo$l82Bx?82k>r1pEWvn(uSq&gpmR@OdwC9~G@zm8tV{+P<%$>J|nQGs}iuPHrSy^`R$;{E5hdC9e zSPu5d+=~3T-f0`X-BHPTQN{HFfJRrK%H!GMz&8pu_ zJnR3?zk=0L-_fO)+v7ZJgSUQSjf^q7hHG`6!IgS1jF8^%XpRtw%6BT1o=~RuSMr{Os(A#(^en^|w=kqUdXQ2P)(lj!` zzUdXiWn_6pNNzpRvLJ^S@cL48sio>BBHPNe^1#S~kgGZjW&_^PKF{idvSf^+6kTeQ z$KJpwxq1HD)(dWfNt&;C$l}aGVRWfAFG-$_8#&!0*d;y9S#Ww9ce=gPnw9--uO{PT-OCo`@Rn^%DIyY z&d1dmFEY$$pjvX5;oZZ3t)pakZ}7jBaVg)wGp@bhmKMwK4#D+gacKvBhL=uOzhn5chv_fI)j4qG;U5(*|stm)ntM_)zYV` z{Jx~y=x)yPD}pi8NMl**P=Ybs*i=+-IJOC)7}BvO)M>`fH-a&U{cTjHhYVV^r`IVV zE?LRrKtESp1pU|Q^+?wZWP^;=yX>tu7H@U`wDl#}SC~c`bon#ht=zpo!>v)fF8}@j zckj=5AK~s#bN*{ToURG({#Qxzr3v@(&P9VO|580u=fY^vEb)kb4xNeW-nn2Oa6Whx zcp*3%TnJ787lA4!-u*Tw^)CUh%qR@ zji5Hy+yo8 zUhF9FQE&+O7^rp7$H9rz6@yp3TVxUla0$R&XwgU zKP*izyjj_90ZsMG(s~Cp)iFyO6wrnRv{3==b&>| zIKzV*`Wb13u;BsS86IM9lWchGPeAqA{4<6JELy_N2W5Bw@vg@h9?G}+t^E5p3=i3# z^$+kb*=SJp-lT{p8Xil;tqH!JG(6CtDSkxd$6)^bzcDb$i^2II2Uh-?sRji^mpYeYKDx-Q0Lt&tmWg{_fUP?D{Yd!VUDxB@ieCxFW?(kBm_ zWR2Jb8RcUGmv4>mv`K4(=iLx*z#0jjBv>P&rCK9UwYHG*y4P5eVXcvJ^Y~|5BeV!# z@)xs4hT5ovtr0b{|I8XGbJl@xjVME8o&2ZPh|aXp4xp@)j-ad)PW(33$=;w=W4eIHf?dIp;J%=&ll?$hC*43< zB{`sa*#kiJu{5@r_Gr=7#V!MTfoiXuyko2st=U>DMJ{Wl^fI)0q*g9#rC2^$DV9%G zilwRkSemR9OOusiX|hr*O;(Df$x5*_^|qGQj5t}^F3x4G6ie$E(7FYD2Lv=(DVFbu zfHo+g4GUb{;!1W)^MKz)x;|)>`(7zg*i+Y`gg5vew05uo&7f@z#3v$3#IJxXxl%+lI zp7OCR>?BSXVIE2^OJ?$kl4_Ib00`^7N*o9Hw5s^dlg1iRlJ`PfajIp8Y z919Z>5wEV<=9BfUgem)b*=GNq`3_^mOv#8o?dXj2x=Vy%oeZ)l_y5 zY}Xh>@+VvN>}=e6{~d1g@hdB0lgMM`QGx-ZOkCHQxYoj3nU(*< zxFS4J$}>Fq5;g|rLP9zjqR%f279=WH{lA0s>@>uT% z%CiWM+)0gvB{j94*j3%)?8Z0ETPQ}VfZ>B36PLx#;^}exxcn1Kg6|m6-PzTzS1m&@ zfzXQN=sK`{e6?$vC7J)qdnK<6zb%eV=MqzSWPy6t5>z5N+&5ML?hYy<%*n<$TFyho z#;U+B;JF~3QEVZ&FZerPPJETCN;(9EzjRS{)oCMzO+=)!Nz+Q-}p4zG4U zo$T}lt4P`@ERvbj1UK=NVNzYYkXoo8juz1Y>6!RuHBNioevJ=K>EsbL)}~wl$@04* zZ}to{7M{)n`v@=4HZ15@<4?9CS~pECjXEfQnW(41E4G#hpR#(&q|kK` zZUvKERJBad{i?SKhXenL6tp4#nDEABb^mRFO9rrVH^UtGYo89_zLTL%=f9<0iEB?o zdzSyNAeG_CkZWydGF$&{Xj5^0Xk0Qyt?ch{=`^Yg?@s*e-ivH?vnS0 zzXsQ#`1UCH&zA*gnP*}E-|Wx-ewplm)mo4 z`|`vF9X}`6?{}scx%kBOElKz7tj9sWG&SiSoo+7w^sF*>uk&0rw7bCFYhpZZNftX_ zB&xDiZ*>sAF^+yb8eiqjQi}Qb9mcy^W*!TcL#GzSYQXW}#UQVK$F2Y;gV%!$Fk^Rt z#3pthSPs4n&II2CG52HjAj7Aa7M{-pRnupK`+{eKgFs>*8xB&3&BnbI;3V#E0B3?s zn#XFvo4{G%t>AUwZQw27A3zn&ec+$L`@z3~4}tX3I;1n!7NlOs27-SCHFfg@s6p{M zP{(G`O3Z<=&x0D4{2A1sguIL4xAz8!pWd6G+Q?tQLr9;jIoo5(m1Pdeu(Sd_F*L>7 z(#{HK7X-A60@@V;?dpK0G+Nm^0@{NC?csp-bU=G9puG{$)Z%Siz6fYv2ehbNj%6#3 z=TZLX3|~_$fRd~!Xl3T2X?yRqaW`IM;>7aG$tC3zYidiUS5B;|o?cNqWnyKOP6^Th zM(qMlU&5lk+1Z8f@pcc$6GvL1(VS0IGPTUq=`VSz8th++LlN;;jB_0E6wiyv$z*m+ zal;ZfCA0~*Eg`wGbY!ndWlK+Hqtct@Eyrc~u63@&wflrY6FX}(3(KiB^joYJYYo^8 zg*cXmzFU6StuBY-_>^BfFYo0pFKLg&G0-~k>(6gnJclOEs;RI!XmU;#X6lvrwbP-< zvWsm{-IOV)F4@vi1P)B34z8@@JSb_;A|6HUBllHnf9b6X#fCQp)l&0hXYCq@(J{!S_V;Z)y z7n6l>xfrUkysi9aaol_bXoJap3dVdmkZlOq7JaqrbaN(LIuOWycXIyvs2Q+{J;NKp z|1HMlSNe_I^-e0NI%rB@6~AxDJ9otkYGS!5DrI}>tS*^&v zX`I}Oq?v-Y6>dfL9p8yN(Tb84nBttD)QF}tnWOwZ9aJNl;U;%B}a0l7v<}okRm+$X-h~DY7m}$YyIi4BI~_R@Nnnkyc`lG;fb? z+;UxK!TkT6|27QklEg_V5-SX^{r3f6C9F#l+Gk6w62dq-L1JqlVO^3aNlAxquS-y+ zYs0WENyt8LJdCdb3G0%C?AUN#C5G{JAYomS&=B8AxV-uZs(<|xhmDnWNn%clgldp~ z{R@Ycur5iQ7ng8luJHX!%Q9BNx+HOalM<@6R>Ha@vDiweJX{#nQ2lE^^HjCOx+HOF zip04-JJ>Cdur5hxyzI)ug)uilqI)1=U6RmLi_2Xnu{c2@Cy=l%N!*wsu{1$q|3JdJ zByqcyP|7D+*75|20|E)_lEg|Yv3E0X@3cJ(Z{j@efq{f|NkY3KNJoN1F%5>mD-}(fJg8~WblEf2DO7sXMtV7v@Uws3AtV^5>4e)1wM%A4U z%b@2u*6Uc+p;!;HdD04u=aCNU_OHVOzpP7sX_7UaW#`rDX&Gr=#w5#ol`jGw5lC5= zq}mxN(<^>pSyjURWlbw-7VDBkCnI6=ud`uX#eY4C$F(lOk2XQ5)+Nra#*b|8v^3Ml zJZZc!hOc$mwI5pxvTmqm-+Lvqb6$qmHSJq(&#I2al2}Cz z376^+>ac&IPMlxXCBFt4zjFClb{f0X_j2hzA)zj4gRzZ)bxCT3kxJV&&D(X7_5CP6 z5OA+R!n!1JqLEPUo$Ph!(0S`CNB%T-ec?l0>t5>jeh*V61`im2QcYQP&G=ru`t|8I zzJ^Z$OfDN=T~<|DGv4m1sX4T7&%Bv5-lSGVk*+q%EIe)ms4`>x-9C(mrZTdP?UZm$?t^+@5%Uk~l| z!W9?Xx%Zw!@?Na0Kj+Dl4}9>|YaTvqpD%AZW%$5;XOuj(XUAvOy_t1K{w*&(`awmD z>=s?FJoV-K?)c4#Q_Bz8e)NO~d$j(cWVb)OR&z(y>bGAgU%P$8y7G)Ck9y~{x!;Um zeCL!^9Y5Hw-GWZ%p7rYEua4+BA%D%Alh$o0dZldk0Shi$nRn|M+saP;;m=(wn%`G= z+@}XTwc9CW_uh0?`ESqNc)>q^sOt2uv%f!K?g^Kk{_;m3t@*>7={GJI@Xm~VR-E+Y zZ^~BOc+S30ZCX)(S=YU;=#slN?~OiH-}dWz%2O3bywI-w!cDOQZdmok8&`a~bkE$Y zCtNi8nM1GrY*p`zy1f48{0jp=FcDQcjfoq9&g;ZON*t`{(AH3>`hPC z)Xlu*_xrWD==tZLYVC|PhI`oxY>id{%-v-@05?8 z8(s8yw?WRh;g$FC0`zj?qlZydh*!p~2d`ksGZ;^lSw!;lW+ zeE#n@A6Zv?@a)f))z@c~y!(gu&U)&nJv%>Nc>A66{<3JFUH@^_jrR;2b>ANKonQZ8 z;$Bs=|2m=TPub&79avfayZ-0x)3?Qar;Z-{2v-=Fj0d0XEZdX<0w zQ{A-n-~6Nh*BNC`&e=NRcayKK{av&BzdiNtcZ%K_-*xvnS6;vPp#tyhYuartx$=Vt zkJ~=;!!tJi>GoqU`Jwe;mo9#0%TLF?`Px&Pwx0I%d-s0xo4w1YKX&-yuO7&}qiy^1 zeEvt;?Ne4*=Pe&}+jAWr?RZ>KWJ;Ir_gyrm`@G_TrQ>S4#Qr|4dAH+BD)%1r_+gu_ z8r0{NH*d|n=&oz}wwiuHx0??ebKk~sA7_1^xBS@NfB#{^veD;nT6opvcb|Ro)_Jr2 z=WpNj+C8WJwb!Zs^EuCd_4kQ4oV)FaHb1;pv)79SR}4M$$a7|VcI3()7q&TO@!|)^ z{ORS2-m6Pa-qG`W?=Bu&@bGsZ?)&k%7tb1T#aRD-=wDV2{o<4U9sTV3$?P}ZO7GhB$(z@FIp?T57y0+?yBze$$R%&g_2bv~gY#zY z`NB8F$@c??512Hv`kc)V-tk`f?ccs|gnvJM=)T>aUU}<_{{2y1Mt(5k>Vwbmg%^l{QE<1eCp3_KL@fX6$}OLG+N(eTUCk^wz)uk6Hm z(WtrMUu1IS%&MN#OV`ykPutGodb$^x!m<24^YWIZrNta&R%Ln5nWZw9JWJ_Ws+0F; z8H1AUjH3_}xROOS%nub297pK9k$Ry#^FuV-!9?An}}6%dS-l%6Ilf|+XXnrRtK@+%h; zb4-RwdRjJKw#TI_gSY14N$^L~>1lSn&DvJ=;A>L-(HcT}+H$-Xx2|1M{4x2MCTmV1 zv^aeCqEvr&1nccl$sy!8#W`=pO%JaJ^z(ky0TLIk&Tv~ zCM#B<{{E7u2vR;K=Fe`1rwj2>nd@qm;*VmQp4Qqt#VVWe43i0}!-@XrX?ogS{P*Lt zdx}4%Rt5fCl6mmiss6|!4*Sz4#h-SDM>eqXdDD-7J1;d|8Z)P-eL-@S3%YpsivNk_ zt{Rb^CW}{BpKnIoni?OP8ax{N`{`<*;!j7zqnQci%80)@w`L8T0*lWx1 zRDbqK@uy3QKV1!vW>plQMIXOEKh>Xo4NoZn`R%J~ia*(gM{_Omr{|>I@YuK#G~|AU zC()nm6o0xIo{#vit7wu&kIDXY=Sh0n+JyY+mf}y2;qhnI(oVXas3-fge~LdjDgGQ_ zc>MX#NP61Css0>jcxETW=YSM{at+T4{_DzadC%La{v5=U^t42Oa#Q^2VR)nu3C`>A z^(vG^a=H#SJQYL)v5jHH;n>6)($Mj+;TP2sMpZgh}*%X$vr>-MX{Kr13{z`qP`K{v2s|^yx4^J_AzxQ4g4&rg=|k?(Z{4 z{3+ERN+aLpJSk=r>(~y@zl4!?$T6$s8a9@Nr=xeDgH!u!k+@eqxksg zilq26$nX@qbhUfE=DXDR3^qJ^d*4sjpcH?G7#_`zis$T0&Y7L+&(OdhKR!cJ{28_r z{v4a)&#)AKqJ~G)EUJeSK6~aLsqvu;A)jU5scz_srucIl)buo&+_I>)-Z1CIRDVVo zo@~PM_0MrB{uCM>X$IK5-9GDGpX$%?hG!f9eSZp5{5iq!Xm(e>W~t0={vQBc#V@9E3X!HE=bkSzcM@<_^&wY8kgeFDNxhX)avEWdmXO2GS#0`4NqeJoRZ?t zc*9f2f0E{ndtq-nE4dQO>omiowFtldj8E}rg5ha8J`)X3Vtgi~_)~0nnvPG2;mJ#g zPqFa_veD{7)h(sNzFKG;hBC8k=H#k5_TKV9sVS>Xq}0?_m-BAFyL^A7@%_vCtg`ek zOPS^0f|jx{g>p>_<(?FZ%HF@MKX3WBprve0p=6OG{$+WzLhfIdq7@eZvXo;}D8EXf zRHRU}GU{K}pQ}?S_oh((ltS6)DC0aopMMN^dES570}7vIHCMNQa-pN- z1QdNKafuFu`2e0fi$A%+)2J zyzeOST>Yn`92M}imEpoQD4-nbD8~d8J|1PRNI;qHC_@6u1&%T-pxo#vg#qOeM;R4R zI3d|wCj^ww9i=Fsv~+58OhDnVOLLtZPzF27fPgZ=QH~2JwT==EC>J|QJbzX>N-KD5 z(f!~ky9AVxEo|tS0p)B***&0K;wWtb$}Nu4KA`;BQQ8HR_Uc%;@&n3nM>!&(T) zkcDRa2`I8{Y^6AWT-D(pvc3#Y@7}m{S&Ce};gM}3%PPzhPL$;`m&oP8`bDHc`$J5I%LQ8?{9S6@1V7}oINkP}!v#cJX@7j?dFhf?};5 z@wNKH+d1)`x&$d*hR0*+F__(*43%-N{`33#x>X;=rOtFxh9?wOsgd$4?p-DQms;xr zvbV%Z8JZioRr}Sg*7DQo7<&8=REk z357K+6qeFutvH4Cj*~Jxp|GZh!cw~8QlC31!xIYY^iWt=4!k+n&cG4+t9?uTx0|ZdLt&i(HD2eB zx_v>%xYP+w%J783sy0%7omaZ-%!$Id&`BAdP*^pgu#~R2)csD%@PxvWi5$;ErOVFt zD6EZ6%J783k|iHbS6pguH9IcD6AEh<)Oc9sTWOVv6l!xIYY*G9_ELxp8mA|QL$I4Q#u3Tu8StoIgd z|2{6I^(kG3CluBKsPS~Eyt)Q?_?eS3JfX18H&TAOmRxn>?s2KktrZfxSou+-68hx} zL@~1vdakgtgRllWDZ>*A>p~;tht+b~F&pAiRZhzAgu+@F3Ty1W1IKjDCzVq5yaj6MT%J783y4Xnh_3)6hT9qFYq-&m& zGCZNME(wJ-XV5j{;!?LdDZ>*AYgtNIksz$+os{7Tg>`94SaGQ@os{7Tg>_j1irX1_|CPgYI5qXMnl!4s=q6Clr=uyyE3GZ0l+F z#id3#DZ}ISWcNtzq;h%ZU2CK=jN9|(X8*LnN=<}^4JPI?JfRr=&Pe$&d?N3Sjm-^UA8Jb!busPP+0ee!jc`;E(q&cCuMj-VLcEE>&So2-Wr$c)RBi=h9?x(gHYpo{+3zu z53(!Z;-2E93{NPmhm4e;t{2YSzF%DGMki%>LZ!UgNcp9FV^#kiRw}WS4NoYBYmAhN zQyO4uyTVyV1iA5^3(N3?V)(F;@?*H_!_T+Jr4HMZhg^my6vIcL#&y)J$1gm~N+rh7 z@PuOcsFCvP;j`D)@ZLys1;BN#3(N3?V)z(O<1J;-bK7@|OFiMF3{NPmKN=}NtV5nY z{HClRtn^L_k#ivUh3%-vMG5Sv-oqxn5|=v4Nf{pYA=T8#4_#~d#p}E%{)!YYOgpKy z0qq_~v0RD%JORnpF+B@kPdh2YV;;Q^Md^!EcI_OOVb7%9A2mj_C;6qPjgLQeuAY;p z&EQNfbGOd$@bRpqYj1oVGIY$ylSWM(I&SF1=+MHVp`#`qd(!YB-oSwqPm27iplE2p zxQQbor|AA7^#T3+)VJ-uRTdD+NGr?cJGF%O*`Kc39` zIHs(6=Jbk^+A{ytvLGPw4z4UsdZ0JxXO`J-N&C^PX49|F=BI3MBGFIK$f~l6a5yJV zudb~tDK9AJ=nT%&v4J}xoV7$fnS5ehS@oQNII66q)OmS)+04r7InIx<)zgDGg&qvA z8C!Yg5q;y)XyVY0iS8^9_Bqe2tl)Ke|84q&H|u#}JK>Jd?eQOhhObt{!^tj{)aYzp7WCFRqZKQ9|n zR#ThkU7}who{CZ%gG6Q%c4HEu&>Lea@VyOjr}#U#vT9B^=>>k$l?%Ppwru+2oW73* zLF!?hI5vUz4K87h*E>q zJDn6Ae!}Q61t$z1I&oqoBErPs#}^zsbm9qP=->*53>`H(5>YiAT7j;wMvoj{Sz1?K zRx{k!-tw&>kBslVn(|T=4YgntJ|3S?R#H8vq^8VyIMl^(sOe9ON=nC64mq>3x>S!x zB+-g$tK;NRWmV-RlgsSENhRg_KwWa9QG!O5O~yBJi*Ag=l}xY==SqQcC86UVHFWft zk)wv%e6e+4_{^%x>RJp4MWbO~NRBj^iMbV0k@V?3rm`uiW19@z^_6Azvr&H7rW6z6 zYYml1WQ4j9#X-p*R$Zp55|>nYH71F`#EHj_w)RK$;Av%(XQ+3hqS3X^nK)U5iIXcU zXG|~ia@>~*b9(n_*v)El&J^?Q!<;^c$65NoURQA@bs{IB6QxVdG0VTn#8lP>7(+hV zUN-DuoR;99B_?|3QykMycGNE7JImd;=e|OxM~HXtjr-m(d)WI>kFSd3j11F#hrMo^ zwFz(i9^Y?$ff2K#Kz1P5c#xr#?;w;0cpLY4N7hRdIp!xO6dnz2;s_hTaG-Ik#?Q4B z`zIXM&ImLXgde2_45!8dX-XsZ!r|QY$+}nnE zQ#@|m%uR`I6Rgf#Yiu=a1v~GWWZ9uNWBp8Q+#6VS=#6aa9mdBn?Sxl55hq#eJB}4r z`wk-|o*l*s3xCHRCC4arG!XKmfybeEBtK7zLIaPR6t`oGCS%}OcIeFxVq!-s;Y@9C z#1e{3!yKWwG{nMiV~5^|C*+a(u9R_5$eV^aLY^d#m_qU?4@0624XZ-p4Kg?{e#z05 z3-lND(vRjZKXCJ7`#<2bAL*YlH1uQhb42`Lewi_#AA?`WH$QT=nf<(xr5}}lOEw(v ze>^%3$K^lw&X3-|Kj`&i^dI=(N8;xWpZ%bJuH3++1E3=Vd$G3A#OczJNdHLRi6fXN zi?3Atf4sd3d{xEy|9=8OVn9h0756JdjTIFOD#Yyu0$enZ2tiTNBoH7}2r&!BJ(#GZ zffg0(QWvx?)YiRKu(k$4!5yt_)z+4_))Jw0|JJrD|MzER&bjB_+#7Fe|G)Ff&1cRt z&pc=5nP-+W+i?RHZmOcOa_%&ST6k%%VP?P|02mo7_D*iBtPk$fjRlO?uzvj2-@f$c z9(D9L$3#Nc(Z?P;di1g1JZ4k^H4-^`#E4^$JytmC*b&DmKvizdRR?5Ef30Qq`^RN@ zHGS=*OZa3EQAFM_-1-IobMySUooPO8GxK{J;k#j+rSt)!Uf$U72_f=1fZvZCkM4Cv zy=XLiK7weg`8}7!7s)HH3h#jvUk+1^=a+Eu1 zC{xKRK;EJ7oI26+X$~}%ydvn0j>mGc3nNARKF9NZ_6iQlP{ zI5GT`-sLH3mph)`WSHM$RZu!#X#~wte37(GA;(V#(4TtYx zc;22G=SyWT^?3KAv^2XClP-Rrz}ErKrDoPNy*=Ly-`((>Jl#H5v)HNPw+j0C@Z_Iv z`SjdW@jD*+!SGat_)^Kc5xypP2A=WN@*?n@9pXzR?-s-?f@i>tuaMHmgP!kFBjn5;CQ}DUN?L{J-c^#hvNOV=O;CmFP*%5@cy0Sv7D*%SM~iBb3E^!xxLGK z4DXlWX`g5L`U0u+SAo1c;rYK>%a=}n@4)xX`FxA#Jj}d;iaiOQW9uwmE|4le zs*raxJpWo``O?(~;u}t7wCsG#my<@Gs;S?>b5w)nBUsA#?T5!0c&0a6zI6F0eRLh5^dy3)y0eKiT5JuWhAY2_)s zC&F{J<4Y$`{i|!>x#{BGScp4x}n?O7A5r*fn;Iv(L2=dK$q zU%L80diccgSkBb(`!Sx8n`n>t=}MR0V*EaV=a`!fo0l$rs-I7WXZH6kU%L3o`%%YZ zIa9}PHS(t1Lj8Pe@A8hsd%|tLB#Wu+EgF9e1q=dlmmXc(#d-WzfthK|Ndic(*y8-sH_d-qD+Q2YJqNrK_KRgZDFzr#E?*An%svIeAEi$d#`A zs{X5m=R1y%U@7zCb?7(3v*0BhTcNd^a}R!s^v>3k0BE8 zoAAtk&GJbvspQ=V-`((>sEBfE*qH-;m!Lmf&Bi_;vB1 z&*6LWZOfJ}KUCem<9K|5spPdFukH7o;`WE$<*9!O|+Vk&v+|5d@a;E$FkUHlH& z6Z?bbiGNr=4RfTDcjGRk^?zMWN5k&GK&Hr%V4+$&2D~4?OPMG;`q{)4@LZ0c%Ib@E?2tv&B5>Q@Jv$# zxYEf}eL4@Gr!=6%l}_Gi`27{0(R=nTZxr68@U*()W7El-h`iPCyzltZ#ZS@iJ0#27 zOP@dBN+<7r{7!~vyW{J}eX9J8Am)I5vb>Y@ISa0I_A(N`@4&Op@uiF3cKCiJKD}si zrHkJT{JP;OcE@X_i=X5*!c(cwPI0A^r~J4Yo;Ms{y7(0$W;;BCmGEBV$^K4&=R(Jq zPTnW*Er(~xK}qsLJH_=J>Gg+>NB6p-c_X6XGh0L($nRnJe(rcxjtpN4dB4q2-k;%n zKLdHY=<`USD_#8dfbSs3+gtoj&QRV&_@-qb@B9qqT?pTm8OZxVhVp&{-{Tp``&EYW z-iEI`19|<2WtJa<;M>>n_Ld)GGL%;g-{cJBotL4!M))qzK;Eqx%DWrBhcl4(N`~@& z1K*!BkY|qf&Y*nk%uDbddJ*R8Ek8y&9$#d-@^(CY6El!ECqsD);kz&cc{gMz?{@fp zl!3hGGL-i!d~atU@8229>&pk$2J!1HKUD7?;ds6(KgPf}{ww6EzMq|;yz}6@;49=Q ze%EIx?+*Cx{|b4E-wPSa`z3sT$Uxo~8OrN-NS2q+Pgif{<0!{t82Oj3d>jYgxD4b~ zXDDwze9aliyDmd{--qws4CFnNp}d#idou%h|Hx3@4)_Kf`qlYynB)1X{5TrE6El!^ zc82n1!?!2{dCN1DcRhS}WFYUU4CQTv@0S_K`!GX!|AeofI;vdh%10i4!{8a|_{5#A ze4Gf+q-1%a^CR>e^{eMO9^IR3w@AVcY0(DrI}g6g9dB>X?SSWc#}}j{#d9BZJm#7D zm*TmquO3h0OPAiK;CmtYxheY3-5JXJ5WX)mkhiZsfEl{d#cvpVM>*a=FDc?TIYW8V z;j7L--sKs}yBfahGLZLhhVs_J_e=)z{+yw_ZSegg19^LVBeVS2AHKsJZ*TcAF++J} z@SUB3ybCjww*{c%|PC7GL-iR__k#rZ|C8e%BoiSSLzK;FCz8m;tb^7l%c#k;JZHqc`sxr@0alXAp?0|WGJuSk-X3F)74vk z9OZcYEKZld$H6x)19{aM%9{^gbF#enQPCzk>Q7#mEYFK}h0lZ$<4k@(=)uSO-O#x( z;`@LO+m0kYO|C^E5p^{`F>A(3%>h;jacISqXDt{~s; zCgWQ?1^Jbgi)U9>H*v(sERF|gq{my3Upr?({hWp{mD9iTtD6=u4_J`T=_Mq^r0Ew- zqaW_|&;K_1%<@ht8(Ud6_LTACDk`Upuc(|_Trs|KT-lV0sb!^=5iYIy_9DDy>*-tMnom5gep|p77G(Mfs zKmR+)DVS82G6Bap-h>1s^XlY;lH$^`DdQ_oFDsosdAv8q1xrXnaZ?(L0;i}F=k%NJcRr$JwOo?P8B ze_``NFX9c%&(~XyxvX6j6*X2i%qm&bsIz^rum1U05V(&wu54=M>74v93E7j2Ptn~s z`M!Do{3av2qMV17mX0kRcWPz%)JbJiCsmwTIcbW~G*QUO*P))tr$}(N(mr^t-;LAi ztzSiK`jk^EONuLs@f(8QR)RUdlCo*;_z7=6eDvJPRFCxz#P`zOIhV6_3JLfob^ z_!3ind=`IRS-I+l;!;-!@X!H-I*5m!p~^xv(VwVGY-QosB(A zW0R?0qdX>@1?0e92;C0Z#ynKhD}52tH}=em@uu4U7!|n&VbbLCvZ)o7W6!LdQcN?u z3#?KF$Hg>Jb4R$Ngrb<)`B z72~IQQr&}!)&##2A3JGE@zgWv|4g1td+s-kMvSU#KMNA;Y{g%7_OwZ7jjycm4&nCR zR8q&Dc}6j^U2E$NgHKJgJK~6TyCGK7FhwUb&7WN|XYTwuI(9O(p~x;Vb|Te071)VW zW6Ahw{k0YPVZN74JS`2;jK|3ppw%2tCO!N3G0$suqT5;7jFQ@h^ zDmtOLu8vl)<_J~4M>HROl4+aof!)uRaivrJ7Ek>F8HumHcz-}Xs|n#wOA@r=g*4 z5v5mQ&*z@%+0~R0Nix;IZutFP5f4?A(yDouGXYxyP4$BUyco69^wJ7bpZ**|VhxgH z`iM5g-ep#}x^gALFHWXrH+8V$uKY1IS*pISiHaH@M3@Yh&8F=6n(`(KDJ?gQYFAV* zOrOO0Yid`dW~H^%Dpoa>ni12ANXuJEU{a;#vRp={-lQ{#aCg!d8sqJSceRAJ%hcq_ zji;Xu1yuB0PgAPl37$0pQy6TbjS=X6cV(nRqF-|lx1Tgs%8I^UktQ0YDI_ZAzIUjg zA56&mWSYs9ut{W4B&4i*9%#&pW&SuHVl;z4FE4BQV9dHZ8;e!q1sAGR^{xo2EH z^bfa>eebsA|Nipohp*kl@=_j#nK|{k_{8fAZ`r zyMOU{ZtmHy9WjOkt~T`7F8<|nJ3jsHCl_`exYwi0&PH$lXXvvpy`lAl&zBb8SJ6fRTX|V~UAm-f*bg6m?#Qgq5Bc_u6PB{<*3j48@$U^MT{`}Q_fGlCn73c~ z_ued9GxVp*k2`+cIk{i-Ip*z?`fa%L0=5_Tm7KR;S#j}O<){36K+UH`1&6=&F57ht zyyY0ikM_$$e zH`J_O^2urKUz{-UzWeVP@K3he8T#!lyDtA`QQ62f&kmWk{<(?!G2Lb818&&oy-m%R zZQVZVqQ2Re9FOvMX02RaR`$$c>uEBbF_|*!4ytgnb%Og zFrrtx#z$h*3(?OpO)UF{0V^^a6|Ch-{A|E`iY(ys4 zhx{1bX6Uyxe+$j}J+vF=Qs)ow?sKkO9kFeKyVBg0Tp&AsKw{Q zzO-^#FKlaNa!dw zp=0K*bJ7qeEY`N6aQ*3UT}&Lajd3W~v_o$~Qm$PBO@>9c#=AS7pNY9soQ;EtdEfY72W>W544W&FOcP@ga6ko{ix^%e{pE>dKC{D>Rr<&tA71Vb1 zJk!4v4{3h@zZyquK)Z@tBdDk~fvW8mgR1Q=0JSCeLU1g25jX{8TVm^3;H98yy~{w= zdY6OBt(qXW6yrU->z5kL*&Vlry&@%QZ@&_A8-f3kpUm)lWo{ zk~e|h4ZW*g6Ge%tH&aKMH8ia$R3ENp6c4GsKfe-wx^6&KirbB#qIMG~)!z&r3Vt6{ z0k{P$25$wW+IfL$<+7@^v{lYG*Zbcz9ArQ=w(gI8)quSEA2uH|iA!Sh@idfJQqi~q znktV=`Q4c=f9x!upEqvKFS7<@Sv+4-HXwT?HXv4Z?=6U_)WUhIG$iNk3Yr9^>ss(& z@H+5la3!cFM9@`NhWc0%*gxLN^6x#74P1({`&q zU4(#m+pV&BVv_QQLED+%0sQVur~IO#%k0#yse}q)O>u>q?4&N2dR(JJA@ocsOXXb& z)^#L3BE{neyDOuVw=NnhbXw@3gKq=9-mVsXLK-q3I)Feb> zZKJ)WVV2xUvr$qIQNTz%V3<49fJFT^xoyMf^-{A2m$FTgj!#hdCHRd`Qn>cCDxs>B zHEZXt#Lkj!rk&D*b~>y>KOE>3AH^AJr&aq)@wNQ?OV5_#bNQ)k>iQ`)isJJaD8;V< zrTDd=D*vB>$AC|QrQpxO8Q@c(8jvnfX;}v~(@e27}7 zpAT)96hyqHJ)b}Xh8<)Ic{F0%&asUE9>(OWLYai9mOQU%ijx(kLse2x7(-a0gz0@p z!U}B;<2Tw0Gm5o=LVf6}P}e|`M|e#K`;zH4%bF7GjF`l`1`5DKg8+pJVEWjxz`hiq z(4?bn!;JN+=I0voS%Pc6ap~LwYf?J`mrBit{Fd@NEy=jFzgU@>2d+$KT=70dP_E-7 zQ^J+MDK2MdRd^+JGh}GWX#Y|?V%(^3v^(Mz7>MH51`ZY-6wj4l1$Z@B1ybp?UJrJF zcY@yr9{`tuPk_t8*TC<9+RwiN+y-6)_T{%^HkFpP%K63(lA1%= z+SW3}WgS@@<-IFa)e!HCC;(<>@>&6$*~Kl*);zA$sY>H8o^10~{inoABUQetfJt{c zC+x=F^VN1?T-9OoHR!{9bp?{thf%(UjY08Hp5^dUWuR*ndRE--0QUgz1djlJ02YCF zgX((S1D*@s3o0Ey1eHIvLH@{P^T*OwIp16_;l&qij&9r1=gO|8iqhqJYo}0CA(VDT zKYJo#?))ava%RDKpkaxf7yT>}YwP08N^ibx-8eRH4J5?cw&rX*%=j5%Joum_!B(2y zkoP6DVw>%a#C4o;orCKH<7x@I9S|X3-AqrLhjbUnga`r#w;ZW6O+ON%~K%pwXl&?h{v#+7va^*{p_1 zRzU}psYxn09-3637mjDrsi3H+s&RJpg6gl8@T6V}&r{N=rd-nH$|&i11WT86HG-*< zzML?p_mcFd(>qKrd-{Ph_^T*l|*+`6qrtqY5AkE zzMEp5>%v)+7Nzc@LM0(hhOApFRJs4dW26b@^vu3%%`sA zRp#^DtBxkM%d#q&{uf0xy87gzG#W~Ih*D=LY6ae>EQ@C@v&m!fPk^FJR5R3|(sOK} zJGpYbp9M6f(9+C%X&QaTVuK!(4yC)0wp5+;s%qD_ipCBPG#uzZN!7m~B4d+Ot&vNq zTJ`n1o~n*ls{fBPeN}>{7Z595qS`?l#b9LBhs?yMZO3;x^uOC+Jo>wa8`P zKP*k}AC{IdkZ${YozV#Dq0mw`JIih1-AVvcvqd|KeV+njR$-q475LZ=`_>Ufr;#zS z$l~buk1-K`87q~Ylov@6eRTjn&r?Vcp za=pg_nzU+Zn*-YG0WHl~8@5$iU|;xlbdkwzU43L_7+IukOO|X!+Q z@!-X~$xLS0F`bcJ-FNdiLoqfOOw~kr<;WTIcxgfTTswad?Tj+n7(Md$bQe3O*;Ac<9PRMy!O8VF691A@H^md!Rx`_fj5DF0Ph9=2>u-W6Zk6lXYeoJ zUqI>fT~MaVaF8=qxpKX&0d2c;spp>DX*czgsoo-;lLn88AmwO|>cG%l7L~Q>hw`h^<1i3%2cI9_O1p73Gli*~Irl zeyjNJcH5sDNvIW7o%Fo?S}}rGXkJ7WS|KF+7Eotef0@z< zXgzAbR3poZrz|8qvdj_|V1>Yu0={4l>q(%Falbqf~F<}1%-%}w>q zO}(_5o*UzhA}`dj3)WIVF3Xy2=l9drHR6uInXp7aeZB8O)O9COwl6ZteLbZ|b` zmFqnp(4=Wgdncf64QOfJUuQ5YA+a7<;4tE_P$&bdigmVXv6L)sw5<&2BidWNM~wCc zwU-hb@!}D)Q+qO*u-QeZpAmhOl6iewYePhG#wl~=)Xb?deE(R*u`&n^bWk1_VuL2{`t3eg)S)j_yY*6W#1D*=b z1#7@sQ171e!E3#v&s}yFQ@Z6wve>8}{{p=C5>|p<-JVYg=Ph znKqqaZ{zhSwa0%lTWsoIqHpThs*SB9REGUq>LjYsvF;J}Re~D9O&}9BLVeW)a!yzp z6N&pdX|W-;J78~Y)|gefO+~&A{N4-oEj^O0an6ki>vu_J#3j=o zSDLY21GpOD&Nd6PW*gV*&?Xs|Uj4=!m+C#)TYMqOwfG&MG{RH`$Ij4Yfj1Uwcj z2af}*z|r6$@ObcI@C5K7@I+AWB~kD>uo!#;91H6GWIXsGI05u{?nH1G@Dxxr$f=+P zWlO<{;AHT0und&W%0ZPXE!nZ9O0HZ_HHW2L;as`icLJJn!t$*SXiBN2m84!e9IT%( zG#w00x_*=tj+YnoS3c?o?vA8j)flMAxp9W3Jox*QT zFUG(ph!aK|m02k+*XSvmLXDnYT4q2Bk2b2gs)FX4tFi?(<%=3kYg8LhXUEs9jtCPM z)%oMlra2gmpMNPmikr%iGD+8VGE8aw8yErq4l2FxyNtXb$Vjj z!9Bp+zyk1g@F?&Oun4>pG-&~q0Ud#I<;peh&Xy+Yx3rLQgXQw7-pvU7?lNxr!s^KS z<4N@V3fCV&_;ZmNH}Fm<(WKf=BOSZ)JDT5v>GWGvq!;NDP0iaXuMqAOmosk}W0HBx z2FuWJSyqEK+}LVPdX4h)FU3WA?ZCatPWosMttd#HD%mNz%d`!8yXcn2uT zGyF@>O;%Pj%1~SugQ{{b0QUng1QoxFKq-q|0Inka^-rP0-7oaOG{|xVxjJuhIHW4 zcvM7Kx?CeINqsuTZQT1!^KNU^*Yt-hyRYL$29Nhvvjnn`8;#Tq@rR-Gtit#z4Kq$u zuF)*$Biu?1oaM|y9&V>O?aX7-o=7Tiliq|1UZ^0KbH`wN&f)7!O3cio-vRYsU1ICi zp|3X9G6t8e)K0@?hfbfxb&~OYH{i?0^&!81@=I>aKY^yk@_l}*(pi;VcNJ>PRjyK8 zp}uNpg_Yk|O|JAJNU(j?*|R1rYNkF_lOvPxsZ&|dmoOgh+hO3L%2OHbdssPoLn?!+ zD?Z+8dbX=A)%;i5l@gjl^BO4P1UgyL$3#$8Ite@oJOw-qECt7clR;Vc6mU9N2F?Vh zg5LtCfvOFsgWm>E2k!@GfU0`W1fK`b2DgCcfbW6lg360ZP^CcKF`C{)mBKJY}yPXTsmm2rmg&9u&u>b z`kD^fWH`;xt%&Tqj2E7y@qROcFe0|2OD%F0bMJ90k3VUMEnX0!^0u$LX1DW!}7I>$Ro58PJrYmZsus!+sXfQqE5-+5QF$ zdh?Hh7=C-f7GXbsHe$xw7VhICPrUe>X^E%`Pn2m1me_c)wkHcdfQ{P~3caztV5x4o zN|#%=X1JCWY=yF8rQyA@t2wv(Cj{<(&`B^snx@7&SDMh`-vYnFm`7HH%Il>HW6O|P ziISrm;zqf3v#ubN?if=5@{8()WKg>Xb3?IJrJ%&u>KQ8kwT72j3fiBZ(e0<`>TO>! zsr8!9bllMqF(yH3n+b)+N zlN_pmon4Bep)D;)YA?7^4?y)o#tAh@%LA90d#APbg4GbW4OEuMrOVIcPBX^I@>Hkj zjwKrN?B0{Pk?#HaSka#;z@YY96bwD7sG+CQf_jru*4C38Q%`B~C{UO}nfzt8-|J>c zfKgbzX9sCXl2urJlENO+Q&3aAQ%y)=@^aLW!kQ(%-bGcTYebderLIjmH+HtF+|2ou zn|RvUs`5c?C%{F-%l+9ZR+ZY>s+f}5qQGEqTO%)8^3sMVC|;8UNnmhaJdEHoQTA_3`#s_4N{hWSco+)xONz^Pde&xZdagT;pP0gQ=Ud zy{BmNs6@QbH`qILG^{>suwJnRXzJWVws=+8NNC=OuicR4LtY9Q>8{n?a6c6g$rjb zT9DwaEYiu3^5%@~h4Y&NZ-1Jv=k%ev(ldDIWj0{FzxFg?!caD+&MKEW(o4Z;o_SE? zMP>nOcoK3dzN^KmF%sM9agR00Wmw2gEQZ6V=^4V0OAn|8(?4J$zBO^?RbggDKjjlt z_@bB?m!43s+q6m06RwXlKNMz8`vldstVz_R$=7mlD8J;%*W+Nz$F8}QD>1O=`dGbJmlQZ4MnmNjq$Z}ozNoSKF=YdLgD#u_k?kq~p`LO2JcpB9xP8*l{}1niN; z=i>XAWmXoqa+@-Xdv;XE7~_H8lmYomAL092t3p!>j?&*Arpd)5=o)~b&98CU>5396U-3vevh1)dE)4XPZh2ldjn z0lW@;2D}yA1j_WE2cHIC0QK_rBKRu!3ix|)Gq??W71WE`YoKQ8ehu!7K7IqLIJ^NK z1il511%C@_<;(9udg9&|P$l7ypk}lG1TF>t3~C1XFW?>EyP#&VyTSXxZ6JG;z3t$0 z;NQTV(Z%1vL&5jK;owK$(cmXw6#NwAMc4ZW*a-d`ycGNryb|02nsT#~*UHK^FAH1? z_5q&-v%%NEejsZay#b(#%s^0OVi!<{{tW`z-0tOp%r$zP_u6_jI0U=~+!wqF+z*ts z?+^YIJP>>qOOTgZqQS!Q;Urz!*3J zoD7Zv&j61BYrtc{`QR8(g{KH?2agBu08apa1fB${yhOoYg2mwP!Li_unZgnmV+mP72tSqI#>$M0M+iD32Kl)He%nZnmRF9h%Enbz{)(wdrzpn9U`>xnDK>k%5$#hJMKJW~$X}97vw1TD! zT3Rq;t9%$-X%S!AnOwc$ zYXn{L|FIUJoAnz6hQFaJ`S)J`c{%N(%}gMCV8U$6k|2bO?2U@1r)Zq}0z z04up42&#CSI_zt))D4p^GZ0e7*$q8G3$Ys}) zTiSNGEG@jSxKOq-qI1Pv_+kyCjeVIJqo)=>|I7>mi`l;v7v%><*^};dJ;^?L% zE+b`DPjcBAV@s1JEUo8^kSWknqa$9oBST;X&9k;?PhtcW7P!4oX8C-SqRv}#!JxMO zRF7~#)ytkOutxcXoo3Wl`QW%Ci~DuIL98S&*7n(u#y;DAAaB^2f9l+MOe|;6m5;z+ zh=U%FawrTQgC3uhef+vXSKb)%VXn{m>?9v0YYjh-VFXj!3kN+`l9jjClAeRa?!7^e zmFDJ%TQA~1Hz!vyy^+8TDa<`I#NDSSH>5DPijFV4Z%=MWVeV%`+>B8q#{^QCTSe5D z%@}ktH>5asbDht*Q%_DvAhHR{)vws6j#HTFV%7ApMKGLlFhOgJtvtE^b&y0W=*IsZ6;ncCAk&F~s# z)f36}u)pNh9f7&pa-09si=s`<9ZUipNWCasML^YPLqSDn7^o)|fV03uz=a@vA+uht z5NzfC8=&evdPc3P_4J-$`MwNj!{K&eohv>uWI7cQvw~&kjoAhGd)xZs0KLv^Hui>g=d?ge z9)D51G>dX5zh%AK)1=1n3+tOMG~+L-{d!*h8mkCiA(PUivflGV_AfnG`K1UCc0}IM zjGn3>T0O~Sr|m6m1)P@VuW=Zy0u}X|4ls47?Fp#}E*Y%@WSc3R+-%!r?M{UBC&Wx~ zI~KwO#K#x%JPsv!w!Rpe)N=yA)#=nzR5Ypabk3W$D@oFqHkE-Wg50pvScV50E=(u` z2jJ_TqBr*lw+RP@YFI#T(WCIt<-bLn=5U6kng5En)SJVv)KKVd(EKSayMTHKU3K$X zod*_j&nuo;ur?Sh;(iZM>E07mb}c|#He2M%^}ZX>u5+$j@6muJZCbt;1KQ?*=4YSn zg6R0HX17A+V&xda*JhA5&)m2!^9a{+8k1)v8|#LZk?8D##%N5&PCqzDv>bJDX*;!W z!weU*EHT?_(ydvcEdS1d1^&E0d)j_#EBH26&-t})7KuzQE#D^rQsMXb=`%;}O4XAM zn}oER;tKV7LZwB09u+U%lGO>FHJ%xD(egsHv2*4n*i8j~C)y{-ZshWVt8<&cdlH_f zSzZ~WEToru*6u4%x$`gSAjWSHzjjA_FUy+NHc+K`JE##GMv{$beE=$cyn&jU_haxZ z?mq?RfxM5J{d1pz8oBu=coFzHC^P#4yaxOdlbD=AG&6l9w1NB%~^N~cF3SkG0?g!{nkXlPYjP68Dl z-qwuf+5*kVW$Rc=Q(jwI!m^whYe(ZD6`GPspT_Jc$TuCLfSi1^-H71bG~zYy5!z7L ztr5-c8zfCC4ow$Em`)-}(8JS_5j!0zRx<;cz3tp>GfmKq(f#1IVm3x2A-8D+op_Cw z224it@~Cq2id}kGm7P>H0k)MWeG$)YQ{drRD*Nzj&)}^fA_o&M zZLEJ#c^FNCviSg}9U0H|X5g}ok4li8O;IO$uHo}*pkL#c-2YQ3Eo>E=Gv zUK!inG*TB`_@4@@P{{w#negQrJ_9K1|g2#dnfg1IA1XMme z3aU0*g4@@%t+%6;~Q{j&LqpZCToifaWUk!Y6VdQLgOmXr~$vtuMy&z}S;4yU-pUl}A` zu3WDbKTB(OF1;572kbA|z8ba|d*QfZBR6On#tKnbU$I3ruF&ciO)SfVcCd;v+*|H$ zqzu|gaO17)LF%%ChhXkll9R2wc5~OZMt3{RDzy^{rS%Dg<}t2H@5IS;P?~mIyN+A`#i6@4AskP@vvbl39ZNNY>a+GsU>z0$TRQc|?JbmES4t5QXlt|Yt8 zvv~@A4(&P*q7_@-o@JiC+!ZUkK=aD3L04`@crtrudzPv%KT*omAR}YTmlc%bX)=`P z>pj`6J)vY@!kyQ2QaXWcT~S|X#}aEd&LWnXpdCwPu_;1JE*+ry6ke@(QT^8U)xv43 ztnS~j9%oGsQ9%g|BD%b3&-wroJgb#v2b+CwYoR=(9IsY!^z^D#=d6}>MC!ejtGi|> zjI`08H$F+WavQA;Ia!4`yY#BcEWN5CcolIohfkGj=~eUKMA9W$>~rn2?IpjM`O6R6 z3zT62bz`tcm#0|c&|5|5I08;tI{Ihy;im=O)f^|o9 ztGjrzEqL7HHI? zO?&)9E-WneiGIzZ1$$b8>{o%h*WC&pveiD(gx9J=)7!QS4L|PBWB$%ROU0ndJ9qAg znfLh7>bA2sKd&Pe33*S->4=%Jfzh#z@qYhkwysLK{6|<=#!Yk9OR3H zaI)%{I})Bb#XOOSzFDT7WG$)XLxXUgZ z+_;W)ZaZRwq8u>V#V4QK?O5g`{q^hZX5pwFbR!|XCQi`>S09a4g73bkV}_|wvs7AtRqGj#abx+lZ2Pr36$UNV*c3#o!3Rs@bMyO zvql2VVLCNNg*B2DC7}`7QB+!?E~pvQb}QO9exa|5M4jE*uZl$7S4ELb~t3P+4GU!(K$B(saFZN%@ zIx!(R+sabaqw!dq8Yg8eO-_?L>WSudv&YHnW+$H4eWG9f{Yt#H`+$F8vzU^)#T#3* zNsF$a_D?vBCb?^%)fJ@NbPdoC_#7Ex`zM|4eQcX=Z~M0As$o^m>Pel~=t+TY{mRu4 zGw*9;hn^ou{))av9#1#*Hid8qZm)S)QZFiHNCfT-EGy6;o7q0qZdS|tDNXkz_Ke%1 zS<)y8T8V(nEj+^y`ae^WpJVE#&9&>xrPjF}#dSUVDJu&i_;su_-IY|{1=jl$V(NRd zs>9{fN^`DJQs}Vv@SdTW-3>yI==toh_o#SiKT#W7yNHP{pMtc};#;bEz$b2O)#vRX zd);R+MQPTI*cKVB%b|MK5Sk7xAy=20uq#c5D1P!X-pZv9xUsdTT)OTsGyyTuxYXT_ z8P^&7w|qLSMQ_a6-ai7`H?e(2NukXRTvy<-A?^xXp9ZdJJl%%S_c%0c!TM-iQ6r@< zy0pHp<5K^a71e?3AQ}fN`E6X*mvwrM#>zT3R(KSy8WVO7E*s);Tvr*|RrDKd*t>99 z-=E>Kz5{Z6-;%)fM_hKt)jmXco{@4CE{$hpdl%xeQWoXm3`VcT$c7v zTpA_L_734S4pv-8;<7qegv;vS0N$7_-y{YEWP3af7dw)0{T!El?yqrOXK1L(%ziJ& zQIxb={7-NV!~c2kXFW$|{L#;;bE@rJoD3$#H7=hR7v;;k%CfRjFBw-Y5E=#542(?E z&fVE_fi=~#1@Zn=i`nCte6o|4pO?d=FNv3B&7WUW?;QfE71B_C9E-5Hx~yUTJgpTr zUjrn7nXq2D7I?R{kFVVI5ThWUoTIaEp#XVG=Igipsi_Wti8p>Wl zh+w;3FqAzSYR{o;@z20VCTB9r@JnB+dTey+L`z)upq}n+IdIrD?(s*-gAs5O5lg0sMr!HdBtxEw47 zwd#Bv_yITp{5Loe>_b+Z0v-!a0lx*7ffs}2;8oyh;Bs&pcq>=|t_G)roPX-E65FgI zKNsZiXRi|cCs+k)xO*1JSt4F7s6I6-wOctf!21@+0S{gs$T^wbB2bma`CxzAgl2FL za50FEy$iq?$P9n$Ip9U0R(oFz-UeO@{s3G8J`J{mZ-ZBXpMgt3%|xnL)_54a3G z7^EF)9S*JlM}gOX^T2CC&cpLof|rBWgV%yLfU3A|1ldvG-2}3--@6%PrM~xlkd^q} zE#S_W?Cs#`;41K3@D6Z3cqiBh-VL^a_kb(Fd%*|5AA%de`@qd0E7@D$0v`ao!3V*A zf)9Z^QxqNsHQw+DI23#oJQDmVI2l|6o&~N2=YkBZx1I<79Bcu90bUC}1>OpFfvdrF z;3MFAa1*!zd>woS{5`k{>;|6$KLDQxKL=j~_o7I?1P%pX1`h*Y0gnM+17;Bas}coH}f90yJU z?*&f*9|KPX*MXD4O<*~w{@-cfaMZGpI?K+w%9ZPBs#6PO2Y6aRB3G_Cztr;mnS0B} zDr^^akaOjF&jz&T0~!a>JHCGhv;(M*th}Mlm8I9IN| zG2v+Y2eiWi+7SV5Oh7v^piK&BlLOkB0qvZCHb0;(3}_byv`Yh8M?hO1(C!Los{@)p zTh1t|Ss`dXB+keavxgesifqL?c(Y~Y?Ljz>$1dX2<>!l%G%NfKXjBK@!Thf6`R*~5 zGt#OX!>3KCPnqIkeUJYQqhLt|{WcxpYF0&rgXx(uek971t?QbfWv9x&1uD#WpyEWH znew0=xwbsWWj`}&Y0KcUwB*(8466)rOK{BlH+8vv3Ht#!I!O^ymll6T_`Mic1c$lI zX-eEOtHmcUrMl39y7ko8{&Glv7p^+p3Kb~F>~GY1lOa%t+Ri>-z2K+~;}cA)hZUzd zCM&Kf$9|!^1=O_rgD`F1wh_(zGDO(o${r(U7MxDb^(BB&tsVlUElU z3QcQ*4&nDwlKPaOU{~;er9J5>L3?_)GFLL%BgilpjNqZz0LSp+Uw5c&gUzkXby=lUyxQQr+Id7yqW6JR|*mpoR7#c zN%na(V(G%0Wfm_dDL83g_J5^fz3fWGL;0~OMGB7Z^$mYS9xuBESRo<`L3fO|wK`1K z_tLk83h@eZMdEBMS$|>=i4Oc6U15|f33=xHLKR6A7XOk?lyUSsgEcqbC4;1=m7o?L zUk@G*eh(Z0-T3i)qo8nCpqc($>6(k(yVmeZN7)6H3!tGqN5;Vjj? z7^h&d&*BrpECig!p|^2d!IfJSe{d}ivgxb-A2u$#KLx?+*amD|Z6 zOH%1daZ%N2q$Yw_Xh2CMWxTT@;JO z|AAHMD3ij5Q)E`g*?4l2EZLRmGVn1fH!~4SwzJM<#?E4gufx<%?`dlPAd1PG3w{HQ zj;vY#_tUR1wbQG6Su^Y(1sFkC3KJU!nTkp#79JCN6!QN3xHRe{Ol5hU(4+FSn|S^c z%hPz2+pAM=C7Az8x6F^15U<8ic+13mq>EpGdxB4aiX7wWtx<42cm}uulo_&*-0aEO z2)@Am3*csueZXe4gubvbN7;cjN4avn+u^Y^b!{x|*?{(ZKpP0R<;!!f9v>2AdaZNC zDnd|A^}2U*IXub7ORI%cHFFTZpQO)w_c4O6T5jkYzzC#;3_zoVrlEkGxP7w6+Hu84 zdD53(0Y6=jp+m*-aZvGG<8*pC8nHT+E7!XVKTBKfT&a)MH2b1sDoIsaVWdn|=nyOa z7DtPrcbNVZi(=ULp%1f}ug(pz2hiD&EGARc@U9VJ8I2r&Z>8EBW@d+oSZFse7lx+M z3uDV$n1X65sP*?p6Mz-%1mM{m2z&`kyqYFKY$>s4h}TQf2opQWrp9P#JXHRWBbwUm z>{9fVBDSfpeC&Awj(p7o*tQSyBHrTN71EFsg_)S^Gk1I+#l*PE9U19s$wX;GEMe!h zMi$RS``M;{X6Lk6u;^)|FWdVyE<69ypZk*yO=E@Dr5TrMLsMb?kl)ARPnv5v9gcmV zmw|VrvrxM{*gvQ=2D^Xd`3`K~Hh@)7LW_fCoVAd`8x1wIu9_lYMn%LHh_-T?ZKopC z2o^$2+`1xGm4P5UCr{GZcD*k=^yMG(C82oDv-IXK_CtoDVJlwF;e`e`XxF4!nu`MW7nq^FhgG$71USun~L_FbXkm91Il1%mG@Lp`2`QGO@SQsf%#g zDNOZ(PBgw7aM=Ncow>J#PU%%q`!l}@NkvVE?5LvsCirl=qE=KijnB;5&tHvgo;#Om zH+4E?t|=~8=F0I3H3%vnGaw}trEs4>Suam6zu364WFJhi(GJ9O%>zT z#Fl{_+%E_32fqt$0#|@vQGGvWEI*`_6#s#^?%(@>W&{vkLq?1}NvliUO=A=`d z%$#^>VhK}1Nos2u=q={#I8&%tjG@*A4%@g{@Xf6FR5i=(a*jgZ7GX#6S&;TMfADAA;%A;qd_XkX6v(-jTZ3Q;^N7G+o{LJd*M zLZQ|v!ZZDrgbh{3?vH^Mw)@k~ecbLfVzS!N1d6}Ro?;Q~OW(jqoznCSxEHt))Ck@t zQ0@8);3V)x@HFrxa3=UNSOvZco(H}LE(L!HUI)Go%5;AXJ_f!4t_R-)Wxl@!HG}vz zD1H7OREwcLgEfD-a?N*UEbSrZYrj-zXNqDyfvR-~;xsvA|c1`7#F{Emid*J1qV zXw0rPRGC*5l=vu4!)!ANKLTQoVXbYjb*AZ+i`Tyt*DiiL^YdTS_otm#{3EWt9}14- zz5vu4(qZ74piVES201Cr^h=HcmF5wka(yzIvbio-u6d57ZE(J+zSrQ7rVohGL(qY> zmoLtxhY&f#>)*P~e7u3Cn)5JJr9`(PNIeC2EcIaJAxrY9KvenIS_UUwbw=T%@Txx( zABF!Blw*@}Zvix=ejdNhczqD$9v>~9*HmlsZ!|nTFXdm)0eIz-%4v{y+NG=2G|J{- zJ1Il!$x$obWM2f2#O(VBN)$cJn9aS};34?U0gnXdf-;EtpyIIrRBqOR zv%&L0rMUrA?&(Brn|pHE+_N<0o~5N6td5V*soW_6OoEuLymN(7Pv@Ajx_QtqJeCD> z!m;v)%p5)Fv7MKi(ih=OaNElhpSxjvR-HdqP?Fz;x{11*sBUr`Th6v??bDhMvXX58 zo?v)P=p06SF2bA)!?QMeBfKX2*;z#;hhgAO1`*prXIo^Wh2)X;cSze1erl!%_plX; z`5B8E&YRO;j+yLGNZUj|UH-T%w=fS7Imp~QrS3tEtuY$h=Uk8;Z zzXD~;selQAo(~QN z)vMnF>;#8^H-P(r(&hf3%twueH6OWhy)6Mv#&2o8n2)XeT&`*;c(HE~$#u+wh)d4g z6QL<{mC%97nQIP(;V?T@0GZY@LFStJ#2@Aea>!7X?aJXp$p+KWP=2MX4or_C2CIK5 zzFquw;&%c+UF%S!((p8>4BP;!O?nnofA=|1>3bfO!qwZd3YRO_+Yrz;IahceGNXP= zwh!r}_lbUZ`#X`bFB+aF3r2%Iwj4jdhuGT-=&N`eqY)Dm+p7p2!M0c3`H%1H&~D?7 z*jJ?Gs=@ImGqlN=r*2jNc>`amF{0JH4 zI(_63tot{iB(|;5c2f3#Jsl$YAv-&?tu(%UTFLzXQzs3Wxt|;4ufGdhk1gpm+qSjq zCSBS_g+j+uAR{sR4}Ehr_Su`9?KH;Nt4eUvN2;xe_?BVb;DRkL{uA4t%xZ;m%uLCAH_+>96!^*}oTgq0LJYAKJWR zvih`$KYr-SX-9FykD8wr(%Yi+HtnD6!{o7iu+IhC3VV32G-~pt_!Yo{9(;BNnt6r= zK5yq~1wEq09JbAz&K23&as710{4q*f&vY!YzUj5~K6Q3?4zIht)f)42|7Be!hG-vJf&{sakZ5|T;z-ew0>V(6u5yj|#J zA#d7k8+DA~11o$*8gCbRCEmWCI!%9-2;CS8!?~G>BH7;VM>g!|2V(aZTb*0Sc+TR?dMo%$SM|C;-t4wr0i*^3QP}dH|=i|FDw$Jb&W~+d7+2rbD zbI^&ORRr0L2p%HvF4a8Q#SFtI%h=eSB~3)>4*1##(mko5W2p{6_B}SX=5eRXr^Hz! z9ZLt}iCLIZn!ppyVFr%~X(H7R+1YBU{Pu!dAQEb+k!zekjyoTUJAdMwB%nz<^Re@p zrUA2Bb$Qiyi4*%e?0)Q+ujd1_IffBFdAY*~)TgEHi^bOcv9Iqfn)ALTg|}$VdzJN` z;fK_{^SaA=&Gfx=FRvtHaINK^29j`Q5n(dNvb-S&7kXK3U5Tf)loVVdvQBU@55TRy zPRkQfQJpG`kE~77WNk*OnJ{hOdHSx2ga;Y2!Zw4}=7YdnTwtMHh;fVwysSXkR6=gV z)W*rYRi$W_$%HNCM!DC6qcF^&OclqBu#A|`;YW=x*06J%M0b|w^hlka7Hmv3sarX~ zn7QU;FLB#VWs_lP2t-Swy8M!9x+64}uQZjM9wd!fP58CGv06V4ogM1a1X1TO5i{J* zwC}QlEy+QZ2>$%AvPr|8FNz-G)aLfaRupioSwdczZPFTbT67mGk(bbw@4E}TSda#77!EVX7EmIC+0)4DOo+Ss|-Fw4erP}yJ+-`j0 zw>ja_sXJJj#E1^zEsyh99!ETS(5CB%NuB+!k~?05j9&o*Tfc{RO=nTyTDj9DbCM5d z1j*K0ahm+}!efM+P#gdS@ot?0U$rzujZ!t=c0aw} zz{fi)_RDTb+qL7~lvDgZLAid=pd&-m`hl{ME0v$Z=<-wYA9URx;kDfl7F+JW&-wXK z(z(p_d2Q-T-JE$ZuQb&NjMtAgJ3BknhwY3;4qr#bQkuFT*(b!`RPt=r1cw`$b|J`Q z2^?dyX7M*kKmr>*H{}^Ua7_ROXCJuCkymmEzvk_{)(Kt;Q%b?|NF!KYUny8!&6I-W zkw&n*x;L8xBCMAD{IQB16Kh(`=%V%Nj5bM%&(TrLh=ujp*xF^RBt`zHd#1Y4H!jX9 zcRA*Kwpq(L{XA0TIJd3?A-F;Xq-i%vHt z5Fs7i`aGMj@bDXgY5|H+Z7M&P85>|BGx)Y>yVQ-2MB(l&>rsPKW9Q^cZGu|S)h6gc zzUU@(zFbNzM}lipo zgQkB2{+khYSsFlKAM;EKJaoKd-iOVkidOmRNN>@ldooufb7q2V0 znsH4ww3;0Mbdu$P>&JoXg~0W0;L2iZ`AQRZUtC&jltf?t8@N8jrS>k{+l$u+ z>(U<9PD48jmkqHVmtCjxW#Af4G%amBF3Wc_E}OO|ajC(}_WBI;yl)%V!GY_9z%?y! zX>VzV;p?{xOSX(_7%m%jdf+-gaD5M#ecG>Z*#&qk#&Np89+#z^GRV)%TX5Oje}*}k zOU*O>ip$!;P7GMuTzDIo_ON;%O&0(Gfd7X|2N{a2=&y=$WVSvGA(E@U*AbS-b7oQO5s3}aMg`( zX=u&wIZYN+?$)dVBX5~y%AhoWddX`Qb(KJ^qM6GSEJFn3@5NZun@t0-I zoib-mjZM2-6>m03EenFx%$e0ZPirKNxD5fFs2i%{Gb5nZjjOG0Xfz_K0-_ON(ivV9 zsnJ+=E9+83>jQRQDVj%J8c;d@#D1#OB+jT|E1nUf+xqxPDutNk4VYM2)~rR%bv2e- zvv{h_gL6?7>y|+F;%c3^Vzy3>3W#;SKE(S*=uw7OdAk{64nKXgd@A2vQLg)TfPh&TmEVYQtFzqkk4lSTvuK z@y?;jnQ`yt+jVbL=*+aG1S`#>|0mvbmoy?Ww|q z`5%GdUdyjYt>Cuz^J-LzUau?7F6CJ?(na`@V~FA!Tct_GpCRE(lOy#U ze`L(ND=u_=9c%NbB^0?Q^E#t5^ELUpgAqiYLK(Y+>6!uLzDits(_m=o^Lw3SbA z5>AZfO_wk4FRpR$?=Q8f3H(nd{bByslkSUYn8N;#gziHdO1IiFVOZ5R#c=60<#&!g zb0@owwGtcwy$U=YWRRhCELa1c2F?MizI2U{syas$7ya)Uh_%iq#@J;Xy@Ewp-Wm?rUAfH>ch4~L) zG59BtJof$qqGRu`AZhj910MyqgRg*p2l;s)fIGks!F{MTKLS;I{(s!P33yG{7dC#b z1QAnAt*HdjhN3|bs+EzeLPCNd8ktB)Br*`KAw`LzMO)I+DmtXCmJT$X6|HEi^N`Lu zr=O-KKC?Y+;s=j?kEx5M}QzURO5DzJ+M;l0NNY0Gw1-&3qUUi?E*R)v@7UD&_K}Xpxr>TL3@DS2pR-> zE9ga_uYm@Gz6*LW=&zuCKs#Yg(HHbG&`Ut)frfz6n_~uot^o}N-32-b^f2gPP}U`WzbQeAA*hsrE^RyXd_JP z<3M|Xjt30~od7x+Gy#;(E0aNUK$AeP0mWN`O6mMD4Rk-~bWl1yTnYL<=nT*%Sh=Tz zUIdx}+6xqK87iFunhkm-=xoqp&>Ya^pt+!BpmRZQ1uX!52DA|L2T)u&mHJ`zKOeLu z=+&U1po>7KfG!4I0=fir4=DOn>8qg2L63v30&R?`bTw!X&>KJ#K-Ys#1>FdGC+JO} z_k-RF`XcBS(9@t>K|2LtoP&-9-3D3&dIuDx*6k1&>+xf zK!<}q3rc6i{h+Hr4}jhddJyzcP>iM0FF{`brF&EG7N^paphrQQ<5co0XdlqmLFq*K z251)Oo1kT&c-vFy4WJl{rT2kWgYE@=5A-R}k3io6{TTFX&|{$OaSHkrv@7V>pqGKx zfTn`tZBeCJpvOTU0zCm*33?jz6VNlDUxEGt+6AYoTF{=Lzk|kt{sEc*`WNUH&<1#s z!8Xu_pf7+n0(}>>G3W=NO+Xvte1`XCmeRFWGtfRbzs$usLEh&^$ls{Ir{MiR@CSyslfwJdv_WlysVZ;(>{&a!M0 z=5HBeszUz8Dwfe5d9rM8vy5hbDf^OT^!_p_JHxVHS=JD9x{T38A%CMC%Q~>EC(C-V zY!J(avMh#WqgghQWm8y|$+B#g6|-z1%dTbFYL?y1vRhcThh>klESheZbH95OZ-vKQ zap)u1=8FxQp}xvaq~{cISAl%uQ9RW^`&!ZHEv}~;euG5+DV}i1+T)*AOOIhhtK{)Y zUtFBilYe2Rnw{eD23p33L#kcjJ0Y@O;nUhZ9=mDJ>q=SkgQ=1a06lKm8OWi?GqVyrgyED5$z2<9@)1N;*UvqtWzThMo{s%#0>s|&h{KUvO@c;J@BaR&zpfmTF=XZ$lCL0qaq(N*~QZ3o{04#ZXFJe#6J@0QhzaZV>4&k ze>ip_4o)OZsY}Dc)J-VL%oh%*2~45bhcYh&`7ZbMWUms{ixdAi#~Uk@>=e2n)fFc4 z(hEUx(@be!P)z5glvBJ)t(0={8|c-b_~M{+Ip|-Y4}qQq-3#jQm5+Zn0DT60L(o@1 z8-czF+8C7D!w-~BLiC-t?DB;C4Z0ALGP0JkuUPgi%lbfD*(zkcDO>(PJ>A2DZ`8s? ze+#EuM#9w(rr@U~)bDZj(jMo+LqYyD_ra-g+|Qf^(M1Erd>0OJIF7kG-ZDr+wO2Hy zLxu&IaV7qra_@MBMFn#+=ZRXpF<7xRgBOBfdy$0Hax6?-kY|~9 z;w`Qy52T6<1|wR@ag|g``I-pY5fo=n@oJgOz3OFK$?KWlP#EL#G@(aiMwn_ zNjcKgpIeG)-2^0skOdzZh#53u)fez6&pNk>GwTh9C z|JU^O~6yXTAKNE`6(=!X@OQ$LS+HcD-dt0MVq$d@e?Q-R*aIia3h-~6sXYF7&{=* z*9VtDM*Wgn`9;r-5smi`7G=h#F3icp266rC19QvO-YB$DOf{;%kRuQ>4=qCHaZ)!E z<&pSC_#du>$*54u_jJ$;Kyj5Vo^(zD?FBv!l**J2N)?~L6;DXMf=|k5-%rZwc&bqw zR%*zICg@88sYDJopnP!_rgd9ZELfc4)sx9;P%Xzp#a$3iHc&E9v8{prfJA>;N+x8~ z<7VKWF40ty3pm;7V=}Ufi~yxY+epD&(>`F zAkoL>D9F&YvHHaf@44AVX3x#|ucuD)%x7;fTA&0XBOcmCZx+h8-Yn6mZYoO*D6MBl zg3_6N6eulFt^lQSjsc|!bv!o7MC(ar0AP2GQw?P6Sv$Zq5 zIEPM$SoIt0(2Vq55Dh*`wioAQNtyVhJUa1@4Pb*#MwHs1c`4s*L22!J9w?2*^Fb$r zwg;UC+6iL&F5C^>ow`5QN|>_&y;oAaa|d60UQtVic( zDRaGdxz4eTUuiVEgjfzyqqcj^XKoRNZt)@S?##$pHBE2MEws3S}#x(&)ZiK`M(R4 zT4y54F9!%A**a22ts`Z1ZWY!!4m!|QkhklT0?`DRp~WTJ5zyiFtWS=3u6Vqu@4r6J zQB%YtH);tpU+fZ*km{YzQS{C|76wA#O{3AYs5jbpGzK*mzOxf+k_6C8z$b#z5S$E3 zvtSY^HQEGjG(z&l08;jaI{Kep#?cnIYu?&~5c)N>^)l`S&kf|dnJWwqJR~d{&9~R6 z8qdfUFaM?5I_DY4wFOJ+X7Y6D))ST30t)y7Rb0AV1lkjPFlaB(i$N)ieL$(QCv#;J zk}r{xvOVgkzu{=_FxsbqMKVuigl~d{59-cDen4*snbl$esj74{TS!C})zYGk!)Qa@ z4v9{AW}^2%$QTll#m8RTM49vL}c-Ww4idR7}S-_6w4M8k;S*J7|WzyfvFC< zi7g}|iyvJUs;+V@7Ms~ZBC_~dTHs}aO?F6CS~QrcoGm0G3%cFG$JQP+;LLOjTS!C} z4H^gws$G>UTA!NfR<@9cEc~Pe)s?ca#@NCZ5|Kpd5GeQY5SS>Oe-)RJVOV$fG!X1bp(Bq9sEQr2wy9a66yw9K@NEhHifyj-@P7!R<8 zL}Y>2&6+XNr00Ay0O*5kArV=Wy2ZHFVzHYoBq9s?88Ov|Bc*B&i^U$ckcceSx-8P9 zYJ|n&A-0f+EH(;@4m}zetsH}dF0E?C5ur^Y`WZJfJ;FXDBF%E)qZ591vO`Z_qm3iV zXqMk}hOoeqW&j)67u^_VrbpSAMC5C`@O1%h>K3DYht!<`O*8FfD~ZVJK4B%!hLKY5 z3R4|)A6rO77JH-xjay|AZn1cbEhHj~ef7quWDAMN;wfoCV^+l&Y>DwWTS!C}2c(5% z%+dnRO!W1J9Dx#%MU}MZ)WGQE=p+>BmIgCD#TF8g#VgXna^49y)j^+T3yH|$EtkbI zsY+{qGtn)BGFK9j#rx8NYIld!`^Z!WeU>dGB8y|vg6b+wsy=A3*v}Rck;PZi!ZMQ# zftHz`V+)DM;)Jwl?J!!a82e0h&;x8C5m}s)7L=>*QuSSn#X+`^h%9QQ1?5UvSj%yU zEhHj~zg!lP(m8G2n2B!0l(j1nS@`;hd4Xbhuy}zjBq9rcX+dqiLwf!KT4urvR#gm% z$Ra>mP|20WNQ=c0wvdP{&U4F^b)J5aEhHj~&eEcp!)VrB=B1w`;&VA$NJJLhrG=lv z@KYt1eO{Vf%N7!m1>H!h=1^6RgHl<1u4D^|$fBRiB2B8&4x*V>v4uor5h^XHc2%yH znd+b~v4uorF-%&}_~95G z7|H?}JShVQ+L<{55CP%wfI%1D@>)o5KZ6+D* z+I2Yj#-)EPIu!d@m*UrkeA@dx3LiBrd17H^L1A+L{zC>1NiNJQE=bQzF38N!D@>MO zAQkov?HAIoe{xQCTEC>hp~)GUMNlg2m!FYloI2_Mz~Xxr_j`Nm4_`02a(K+mHy3|c zy7tN$ald@msMVKuUby$Ck0bX!`N;W~96NJ%!Iw{-in#63x6b(9G5v>qNnKCh<5!yc z@}yx+woSexXM94`+bPEipAS1*cI=ynZ|VHd>g2t5r7r0);;$xe&5s*!rQ@gMBfWNK z9Qm@(_&>)xt{XjxYNzvb@t{r$7GW>D@b)4ov@GRNl>r$*+IAJ|lN<`R;ye zcK52j>D~3&-wg}c;a~LE&mD`R-`jFu-bH&8Zdlc1&;{#fj(j@gtDUEdp1O1I$mm;w z1F!1+@KZ^zb@3f?^)s1a6SusT+;r(R z!rxBq4r<&i=e4qZo8J$ZIpTtiE#|y_Xy0nTx9?ABH#Rt_Hg;pL@vpBL@j^(!Lrw49 zKc)Eg0ZY5>uKxMF?YyY#I<@D_o1eaTe&WULc3!c+ zbK&qNQ$s$xci-t*dGG)9mh+xg_jGU9XG@DCVf~w4HGP8P!F#_RGx~xztD3(Vd-TuL zqladGZ_It*#r^s73PxUgBzE}3)f11r`e(lzNTu@Zp0g_l{8Ik%(3EM}i#v=v{oU((5<~hv@y-LsHvfF&sYdTBjM7!^QMJ7l^J!m>PT$* zw;w;>?e^l=%NLF)_;u{;yc>6X()Yg20Ux)m%6RjYfaC8KJu|56wey<%+Op3dcl6om z`{3ofVtOWQ+VEPb;J z`R>QiFDG5O{oUas`bOV>-GG+UJ6)6J{QB3CH#a)ID*fR#-=1vn+46foo1dS1`L8bw zTUHw~v~%%V=hk<2jl8v6hlGu><3BBp+&cO)pU=$rp(TBH#;$F2-|pV40xn;(X5Tj# zw>kL3XWhq}{C!LWePyF_I*Dse`KYz@o$tK@;cmKb_rceFzrqq(^ z_kFr_IdIqGrxp&sfAxsb!_wjk79Zbt-zPcu{`$(`P6J-JW_IxPy#|#}T6RU3%;(NO z9ydSh(MQvtzV4ChzWrd}7&G4D*Bn(F=S4hc>R;5Yk)ezr9C{8xUNVdk&(g&PN@9@^ORsidfn zU+>fDq7jRFj*m$6-Lp5nDxhFxRH><7KEHrH2t zUSOE@ciW_-p%zu}suXy#L^FLf*9sDqO?o=( z?l)HzrJOzd@cddcKYe#Tf7dTjpZ~ae^vG77Z@#AEBlDMiKE3bSuZE7kY($Iqx+Y#6 z^jP;t9?UqZAK$j1d7JgMO>*8$3~h0syZ>P`ecHX! zv(B{MZ}tb%pV_`^3Q|tJc-JelyS^U2^icWHL)&ib*}5<_G0tr7xBd!F3G)rxZq{$$ zXUj+Ywzc81&F_3L{Y>WuiJz{Y_QlYW9eXMte`D^1dvCvR(q~V#EJ*w9!yE4zyZW=E z2ZoyVW_>PxuG{xd`-EPm^IyKO_tJ}cq)Z#Pbx!)Ljkk?>a(BncT^0v6Tb8__)5BRa zqD_6XJ)ce7^6Z4pd0n^p_vyOy)a>^CKI*3$HtTc$mk%sm`_l3-b9_GZ_7w+CZHw?Vj}Px0_t~6VFJ5f+-*NBk zczxGzxUc{IOr%%)!#J!sa~(<^;{NgHtIy%U>$;%M3ap_h(4-Ys+dHBP6w@Cr}Q z%gyhXopG?Zq2ugXTK$I4%uFrn7ZS4G;V4y-`FT10a_P}X+<7T<`ehVkrWef@TX(eT z@^N6Hrlo%3`QIRM@kf?Ej@NKCPso+}6=cv8u_BQN9|zq=Lg~Y;!_{SDP{OFt(4nF9 z1r>5f|57p}lvao?$)Eut0|Ts*fkQ(>2h&#^tOLp5kj^aWSCm;&6qGv`0}Lf`qt9NL91=D?(jr-4_RibpT5tcR$UA&Ix>)`Dy0nr-jg2hEFQZU-!TIt$Y2n6gt6{{IqcM zBU;*l$`yWAH>5|E^!lMMg?t?Q@oDBKz|Bu)?9JD(~`AI&1bB=p{&KEkT@oDDgJU2h0-#ci} zka}pl+|xI@*E8Mw|xDcbx zVfy)Par}CBKNko;TP=P%yZNE{!H4}^{_GkL`ROWj?y&gj;^rq%=p^Hl(wX-|r@QB; z8;*=v;(PO0#^Y3~=|;6Gwa; zRroaX6XfQHc7uEz4=SCr_YYa=-hU{Hk0TuYkY+1N7rOZghSbMFSM*exy}MUn3en3& z-w^mX==&oxKf!K(Xg9>iL3;^gJ^0g|Xh7Z1#X_gl;-|NppFTq8ZhTT|_^m&t8Qo7` z9Px2j=hZ%Le)>f^vkLd=53hEH*xhErQV zq#b)7M`x91FnE+eAE$$bj`>aDs|o90cdzFmLdQBE4tDbsCUnRfyFo-MK96w6Crf0>y2`9XNp4}Gi9 z3@AQ+S-iU+T18--HpVx#K$J$h`Ef!j+k!^d}!t;-pvoDE%@1jPf9;b z*xudU56voA8(aKLaPyNWbZB;^)cV0)JKW2Kr6>I0gw5qjbn`Pw=+L(Z)Sv$v{lqEv z{7e=)^ev#-4=1_#NfJ7AhJu>$_NLD;856SB^Aw@;GCs|EPIB`zRp`(Phpd|{`{7IX za!nIDd+=%cnd;_;RvJDI`ffA?=*cA^@4Dv)OAzSvL7`~gq?GLD=SoO@9KG>L`RQ@A zCeYnaiqP4QPcuJPy7`$Qbh_b_(%@NhUv>ABiX%Sa?W?Ar8E$^kgpRpx+3>}e@4Nd+ z7dqB?EX~bNhR~riCZ%PAliRra$;1&KM-~ch<|o6=&rG57AUQ!gFKr3d8&p%)cAo{_ z$B_gv&2^M!y7|e1)W?BF5-F_J_vp5|pKPJC2x4=5Wx4s8Ep*KJ=V;E&8{GZO5jt<- z(=69)H$OQ-hwl5JSetV`#mQXHPp;5;4Pw(zj+>vkLWjQlq_Xc_6NAdo{b1@x*~=j| z$JbmpKlwuEb9|DY=T`k#>h5Qr(6QD}zMG!{p+lcE3wC?<1~?{UZ7-Z+k)J?IxeDC; z6bT)wB`Qrs#}ha?=zfab{1mzQnJ;v{z$c~nwAOH<`&ob^xURJ1XTF=C5}~t=oFIk! zIG%9#vk*so#Cw>{_9}7nbCu9B*JEo^e#GKJ&(GCD$9nyKm7AYMLWl0BptID5=M!&r zZ?DBdr@T3>3uRj5=4Xk}3CAbZbB~Eds4zm-_F4+wetogT%}=S&`G`L8zo+G{3U@!( z2%V?k-W*@0Zhn>t9hzY%7c*wJxWK)BmJ6L4e46#V%+1dVp(A<-&?P^QN_5Z9wL+&Y z0-1hRxcONrbf~?kmEM2Dtb#8vv3Y}5PkFkB_Mecsq2_0+wtabBqz0i38 zpAGRpyTKz@xcj+5=ma7^X1ibS=4ZXo8Hi6R*TNQy?{N2nsTTe41U}9BS?}g&qtKz% z0_EqkX@?-t>-k2ZWA(Gq&Cg9j$E@eOo<6zD-OtTJC)iTYH@W%QBy{TUKbwWlX?&XH z+9doyz>+{CP}Gb8DpPls&~=wgrjFATunyITOr}njDPSF%2W29i+|1l`{LZ3XlA9+t zi6K=wg?MA4MF&r(r{~hiL?qIIBnM9kStJB$JeY}ET>b)}U9#I`L8Z>KZj#sCBwx5m z{&bUA?`)8sdpV?13Ccw?n0!Ew=v6E!QabZlLifQ^Du6`gP)Ukd^0|^+&yv$have+P ztVC%oOL{BGO)QB}l9eo(rX=fGQmiB!S#rISl(FP)CE3K1N+nsrk{6Z4k0swJNo$rg zmDPj?5zMkjD@iO%7AQ#$OYT#WNS0J9NfJx&mI#r?v80O{7!z0$sU-ORwmfWHwGg)##Nv>eYmr635B~6>i zSRpJKt|XIKvOq~XvSgEzBtjxP;QdMx#F7I_GLcZ}s)(Lh=nVW>p-9m>;vBH#a*;|_uE``&S^bY}|6pMf1Crq&T$T21CC(@MA z5=bOEV+$+R8D~m3)&x_+wMwU6d$~HBlK%aHD7D4ET?ZG{TCDR-375USDd8Ljm=exm zyp+sL&CUrL5?a+lKFK6v4KdAV=R`_O*K{o-B>e{fQ6g&3;V?JJa5qV~n}jOd?&oqT z5jh+*I2N<*NK98L%k2NL`nM(q&3ha)-mguC8iO+=~Fr6SZG8o&wWe@>ohVY zW)&K}-6X+6(yzpIhd?KT^Gpf-eJw8ROlGEnUn7;xCICB?Ern^fAv?Z z8@Q~lR8~UAu*SmWu@*~yX9uxyjj|Ftwpg@}YKc{T^W8419m-1R*kWz9#o9dLu3)(j zK(P)eE1_eHb(<~L^tANRzk-X>p@$r zPWxm2kb656YoW3dI<{E5ZLw&4xvaJ*E1_eHwZ|5#&kKX@l=~YL>nUX=bZoI6vcSJXkbZoI6w#8a|-n-4^9tg!ctE_~ME!HEpScNqQSGueM1IQLHQHZ6Bq%}`cC$5yU=wpi3&uDz6{%1Y?iVm)Sy zMeXIXx%!I~GmQQCNAI<)H=ZL2uQ$$|ynK+$Dpgqt9b2pe!pbbylL7ZkjO18bl$Fr2#X4w< zMRn-1dR$myxyDieDd;cg29b2rIAa&K@vhFF(T~-5?mC&)p zdRbVRbyzlV;@9%NIErzlvJyJBSVwKKE{?mW+GVv`SqU9mtXFKYXuZ*v>+lg}C3I}D zUbV&gJ+#k8mleHaoRZM7#d-}=R~=HhL zE!G>t%B(}056|Or%~4iD$5yU4ZL!vGh~MS1+N`XEjxE+(wpdiI_8jYgvJyJBSZ~{6 z4Xp@&#%1-BvJyJBSnt?kQJ)XsSUt|eK_sDLi}fy~t~%VC`Rf9gRgAI{I<{EV!pd5Q z@f>TWvJyJBSnt_l6&@J!rORrQvJyJBSnmrfI#D_BzpwMB7s-1ez!=XfE1_eH^#P8$ z$`vu?#SJd2@0FF%G5X=2_M)^La%X%ftb7H=>opJT9WSj?po81qMG`u;9DXFMsB=>e z%acZQUc|L=-uc4F5IVLTek`oaRZ7nT=U?iw3RhM_$CkrSgq4}YuEni?lUCLo3LRSx zj|nTYy=W{C;2dVFSVG5^!%u~knZuU%Z=LV5xQMp`JA1EuKV~bT|i}m|Tze8aht6c{iL=rl-Sl>YE zD%WpQcSO0Y#waVHV~h2zurkX<^Ty>It5jJD9b2s9_E`Co0$o=3DJ!94i*>>lYh(M# zFOB3_Zz?OHV~h2jE!J0W&wI{gHMk=VA_*N^tnVRpom1!^~bIab3?IEW;4Y_U#4>T0i^r|x_d)LdO=X7E)K=So!hkk^MN< zjmk>s*kb)EtjxX<_{l8+E~^)nmC&)p`pp*WgR!5i&Ei>Cxe%XZJ?SW}dh(6Pn((-w=`%Vl+)vJyJBSby1K(c0z;j`f7H z5<0e6XKk@wpVMK4%j!#IC3I}D=)~%3FN!srW3}u8my}4y7Rw>5%=V&KF00FwmC&)p zYG8|X;+IXGLpauKWhHcMv3zW?E(!c@yUU86bf6@3Y_WW8v8GM>Hg^)o`aoF;9b2r1 zwpbtUzjn0Cs!LZHOX%2QHL}H`I_$`?W+*G6V~f?;7K_%{E~{0_O6b^P`PpJEylM19 zi5%+zWhHcMvGDpDOP|lk|Ko(q>P2NGbZoKwZLuym@yN2N9P2A(C3I}Dn%ZJ5?)!Q- zmz7_jtV5w=i`C2)i`G%m9IKbI5<0e6c;SkrTyKT3FxgpMs%TU#tDS0j$~sj?C}wpjG+ zo-5WTE6(B<^UQK}>@LeCbZoKCv&EwQsNQTfL0JhMTdebKv5pS;ajMH|jj|Ftwpi_L zv1n}*%&`tCE1_eH)xj2P(PdGIE~`J4mC&)p>S&8aYk*}OYj6))8$!nxtCKBO(mfeh zx~!%sE1`q?82Jl2qqDH0YduQ)TRz-IBKo{qSqU8>-lQbNG%)XnOeF3C;U}4(E%i&! zno~G9RLHsrogdAUCF@nd>xdC4&hRM_N%1ieNhxFc#}AGm6cRo)d@3CqZ9m2b20$)N zgx)}xnzWl}Kb|tlRFH?6O&J40N=kNae#)rKBKna5@e90Cf_Kf5Bt9>DF5XJ7)WrKu z#jg=aCGi^~&eXXXIhjfWX0fS-MKJ{hc#XYMD!}vInPfFKH9tRl?ySk`0N6>{nG52? z?;FIFDCxwxxmLL`A_2c2J9k!W=G<9DS(Eb$=42K`grh`P#K%NNr;I^Gh;k^kNvS#6 zXz5J6DWk}$X4Q$x%U@`B6k$3dpZ%$tWYDPeEK)WdNwvsmn}W=ksbbBN_4gyhi^#2l z7`NXVupYI((%ve!yaCuMw*P#H^@#mV+SVhsw>Vo5SbyrmDwi*}wMyhq$cz{f5;ZzE zbyj9HMp(E!9v(hECL$snjT1wiY{ZEEb*UubDAz@J9a`iE{}WS2O&lE^PHxADR-$UE z&n6-!(rP2xEwjjb3z>OYyLDMPEkP)NsPQ_LskoyHV{-G07M?>#^yGSVXtXBgc~TjT z%6H0&PZ?ErohFSIZKIk`zR{b;sl5>?%Vzu4t7C?$LkX?sDIopg^tl4op_39L%O(T5 zDY*r#JB<60(S_Cq;NuB2^G@nNfcjt()!qdBqPuDWR-(S|G!?|KsaHb`Baa$X^)#wz zfOt|s43Fc2Y%F8LmNBxibXl;XqmT(^m%5_ZE!4PxiEV7y;^^ao0$9g}U0F;6uHV@4 zlnqg%I7d1|XqHC4iG)uTlKyBBiN??wVT_BHCsRIg>5j!nfd$UNkx9ao8kHt}8VHo< zIxWVCdb9q#UfrtXG$JQ^*4%S?B~2RGam7XX#YOT*9XGb7V&M48PrCIqV^W5l@31>%>IJOxHUCRwKi%4Il>S9#tZVa`&v{zs)3li}FZ z5LsN#Zx%(><$_F#vCPD~j+HeysvN}_Y(xG^cw5s49l zL*+S@vTpV$RkeS|g;`5Rqsx^j*pp95SLDJi28 zzN?2IaeqMlDlRvkFEm^} z>NsvX@NR)_y7N-o?!4Y*z1?&Ds&=uxia!#Z9VG2*na)w!Cq7F;KF{P z<-vuf;K7CMip+xt`*9BrtXFOx>}`iVn9B=14~FW12NQV(=)puCP$qo+AQn{S*;1Ux zu<%pn=TI_Tac@#nzne=;sh$?aW|V(yZ)U)RSF|~%ZoI|)3&9HT!c_`}N zw6q3wokPwM({|>epnucS8q{_ovBjwK=8^e2#rgn{#jU%>blZ z|IViA+6zt7saHFureE)rP1k>So7If+x9!Y;|9qR)4E--Wn3>>pEl*(Tbm@8Z>siZm z=4pG_%&W&^reU3X#in)L3Z@IMHkD0x-YJ`|&$Sb6dOfF}>CoH&_ON|S-<-McT$>U8 zzM&b?oPN|9*F$6k_PqDa8`owo{u5tj#>^tQ?@@bK6<*t!0kzz_+iRQYb(H$tc7Hpd zxf%brBeJ0xvhLk{(|6q(BMMUr(xUSUqw+Fb-#ibD$Je5^J$Jd=?te-D&>?}A)PL~c zu&}`c289l_2m$+tgbW@$I52Qf=->hU#i1Gg87mhX6W=IFzvwQ*Sb`gYC|Q5XfOsGL zZ?)WjL^8uaz`W5YLGbv9ZjPVCh2H0ZQW6akZUjVHe++<*OoPKUxVh-73#A_U4-AN( zq3dmc-1j2GxEcSHD0`mt#zMXgIw#Jdmju0^p))QR0I4p2F{%F(3Av!>79X2W?vb%F1;vZXdQH3>nHW-7DP|}Rzu$4 z67((nQ>v>RbR+T2(77c<)5{RQdzLPxh|vwNI)Ki>@k-Kw`g43ZUN}g@c!2vjs)AmdEU9CDdh)jd z`Tii=Fj8`)7S*#Se+wXA1)aZ?9?WDtYx#2`ZtGmbm^xSb^EdrzdWq0`20E>&p^@s+ zqZ?}Rtf;Yap44ju;wgVr)C17zO#=m~uKdNq-{sJ`u2AaL6_*}t_#Qf66-hm=7p)wm z*P<8?0?)5s?=?(h{h;&LLaA3*+!M%O+Eti`7S->MZt$EBosEm79@mSOKe~bZ73jRP zq<(+Y@Be~MgVOr-sJy+Q)BT!r>s)G<7GjxRJgWI8V5doz7`pc!zS#_P%^8@jeKdQfXq4U8SsaIEj z5jRq=HH`DuX?j}z=vMa;(22d?rRQn2Yt!{L%r}f*-L*Z(3|6hztvv)+W@`Wyzuv= zm;Mey?^Q4SedndWGthI~cJB7*s&vlP9v4Axpcnqed+Bcq^fJBhx7Q=$-MxUz=^-wMQrDU8HpDYmXQ&{f&j*6y2Y8JxJ&M1<+Zg z^yGOz+`Jx4H*-#U8=$k@3%&cH^Q0Gg&qL>JFZ4cv&JSMb{R*8XcgP&qSB^H&>EVT5 zU+7%sh2ALWO!h)A6*}|0(7PHsYrN3A89H})p|=}4&w8PE1Um1z>!lUX3Q9CoN(TL0 z>6kLHA7**@j^s7yz$3Ps8j9kg23vHrgg=S@XYoJEaI~U>-v6F^VL^IwUfOK=o9@|# zsfD@yz#7Ah;jJ7q=tV+p@Z9}DT-lm*Y<7AHL zRD73IV6--ZTBW4SPftlL!b5Lq#YLHgco}X`tE|kN{LBKY6faI~m0FZz5G^dqkmdLY zYwC-Q#;vZy7;zX^#6_mWMP3mTm6$RvCNX6~L}E-zRNT14330J0G2mtb_9#{vvey0!x7x(SKMd_-*AxR{hlaj_G}#u!7DnXL@E*~qvFQ86hK$Bj-* ziHM4dNk~YEh>bNOl&PP!Jm)rz8<&z0H!?9LDk9$K02f!Gv-ueDc?&WNCKhHE;Jc&j z+~Qnxn8vM^;ZOr3DsDo`q?ic_qhUEV;tJvh7(H>gNLVJu!&Pi-WJJ`Ml=umw<0gzw zoRTtnoTx|RBBOb$5!fo0DN5dN8J%4?Y#4UF(=+L-^TgCNJhR!$OU00pMt7)&*X1*9 zY+lBMT)a=Xd8Su-l@gyg0axYH)kKywgCrk~9UtY4kjE#sHVo(JaWvebVhqY> zH@KJ_Hz685(oc+OOJuh(BL;sLDAL$SnV1kW0pl)l^d#!p@e^VaV#q5+ZB0=rA0kE| zVnj|!lmU?gk!Q@Leys|v`AJC;)gkgYHZFQ1X20gpq3TH(Jrz&G7(Kw!*qe}zGK)G={1yy8W1$rBaViK>|x znn$85IpCDvBIaSdq;rsJaG}=tuE3(Xe4raq&}PaJrZxT+c(`*!al_=nK?2 zsNSdtiq1i?$UFFf1GrjMr?Yk?(P*TNYBpq@Q8C(3q3D>ZAS#CGo4Qdxcu@nOr|}<; zH5DzZ0vr>UPOIM4qs@u!7dJXl)AfTp(YJ+s)A`Yo^RdH>o*onH9u_f>uVGz|JZ zlmN$ziyO^qw7vY>DYxudao?U-lCa$*lr#iZe0+`-SxDKQtt?f4`9A;@o6Bnv{lz+WKYDO6ngwD#U|hnHkCCsi-jHUphms zGSX(z8cI5%6E4cof5^Zg$%Xi;DLpf}ATvL&Fj<}`3;Tvrk&G}EpsyMP< ziV^qU7X=kOx9DHGQPqpD$W!T|)PL!%IK7}KIlX9M{(sc!C?O`mynkC)s*tmavokU> zXZ|N;%qz%5SyL9E;;?T2FI@h2p3+t3@UvKX1q=U+yjeWrhqh7*;nNV;OSDzq$cSyV z7}NMM%uB<;H#NRc$lqv!IR;ZDWX%=wH$s6f7qT#g{EZ}_2q8;W$loXhiWIUH3i%rq zKv6=rOCf*bJ)jcItxb)OfM}n+sqv|j`5T`rnZNN3P=V0-`E;EcE_l zJqIojN#<|(08tE-4Jc3OH3u3f;Q=q$`=fkqtCm=;gBBJSFot3R!O<&}5;v7>K?LYHD1gWd6o-CG$5{15Fir z>sW7tlKC4qvfeE~{K#;<6a>8D!i%j0P8)ZWd6n@tQWgFHYhN5 zb#zdB=jz0u04G>K=kgOJ&NVCWws&lE7|+!NEI-x~8nIScXDJJ}%KW4(+A3=%Wi!@9 z2Zb*`*5KOxMZM{8DO@iv@imJ4abO0VCmr_#iY5e_1nNAV;nMUoiY}2Z{NTd>aCA^I zieMb~BLraJVDg&SplF|}HO~p-i`Y2K6(xhCWWXSU6hWP!q1H^dm6;xnW5eMz^kV5W zarvU4Sfl02VW?LeLVc_aq84qr&(~2F9Td`XA3mJxnp1w1tUt;6!yUO%c?(stfNS@+ zTtVLwldrS;*X-B)g^^y^@?(vc*ETGkAe{Hy5A|#J7dMAV=<@x(l=0(3T!)s|h8H)Z zV`uk^L!DiRE-Qs;aZ`&SpsjSrGf5kn4MY`BvDQa>Ss(Ezf4pyT4{Oby$4rTzQB2Jd zkNJ*@6p#E_DsMOrB~qJF4x*{BH;KxlLa&Fo2LA>E3^$6hppuCE2U89~1Ea}LEV>QV zHW`uu8J2}X5O?aU5FbqXj&?$XU+%A@*!E20Psx1zK zS38gqC_131yE%(QB_e&1JD)1&n&+I$50xCG;YU-uuW=o!guZU~H4XyNlH1p)W8ei> z!pd;Y*>5~9!4VWRF(^D1L7WljRYsYwzo~{iGPx|O9fiQ?6tJzuY~M}wSlE3zlLmdCyhjX?CxgB}kqKk6mqs5O##O{*LPHOZkpn01?p>zW<*O8T5b9o zbT_3$=j!MGC-OxrZJ95LC||UymidyXj(lM{j}6MAzB5^>-x`6XwPvnO#etg9RjYJPa7KQ(Y##8u=z`w8fAriWXt9wkF zwcyp+-#(SwRtS_gIsc-x;m+mHHIV22hea<7am@{-$PS%B>daD@=PbojxFoj)i7iW> zbsCsDXz9eDI&`Sblc-Deqzqy);E!{1AgWj{`2zt&j|zug;F@s1rq7AFbajL{PbT5S zC{CsED7nuQWaganhQrKq+koYtbv4&Qs2;O6!VdlpO<5Zhpp{q~{4?r6YCs=I|AhJ? zHKY%ue?lq$|0;E-T5~0b#y8M-AC0F)fHgIwt!+zcr16b4-cRG3Xgt2Dwk7jdu}mSI z@2si0mcJI7zm@|XwgLxe`mHp+wZ^y6__i9~PUFwh`13Wsy~cOY_>LOiN#i?f`~@1{ zMdQ0_e4xg6)A;Th-$Uco(BUSaDbkuQv@*aKX?(Eeub0O6*7%DxzK_QD)%boIe~HGM zzn5latH0J?259_1jStoMK^i~UbgbwQ?ReNgx{P)uT6bB~u;>Q1{(7nPATV9YS(7|z zx+Jt}v8EAL1~^=+j|h#A)c7ckkJk7YjUTD;qcq;B@uM~V3XLD5@v#~|R^!KMe4NI| zYy5bPpP=yx8lR}~6E%L4#!uGxB#ob<@l!Q^n#Lz<{B(`KQsYxJeul=UYJ8f;r)zwM z#%F5$OpTwV@mU(5t?{!pevZcHXnd~5&(-)mjnCK42lF((K;sKFzDV;|tnu?Tet|ar zOSJL0P}9FkJASpsFVgfEYy1+8U#jt?69a4>uhIBr8oylQS7`jT8oyHGS805i#;?}+ z>ok6i#;?`*bsB%Y#^0dv>$UpWpz#|u{zi?zN#k$U_)QwWS>ww!{uYhDRpYm4{8o*> zP2+FZ_-z`0ht?mrYy1w4->KQ(sf~xbwBvVc{5=|9q4~d8`!)MrTKosJ;}2^5 zZjIlg@egVI!y5mH#y_g@do_Na#y_Un1yvDzv@rO10Dy@BwX#9&B|B}YPtno)R{uPaXRpVdN^7FdJzoGGO zYW!Oo|F*`zqw()*e6_~Er}6J={0AEUp~iot@gHmaCmMfD<3H8-&ousXjsHU9zts4z zH2!OiuhIB#H2zzSKd$j7H2yn{|6b#N(D)xU{-nmA()gb={DmHPLu~ zjc=;)&9wNL;tSL+D zuh}CVwk_t_TK}G-tuJ%5^5km#T#e7u_ww!{uYg=Z>_9pi*|gg#^0v# zw`=@1jlW}x5oq{!xwJtMU6Z{xOZO9AuPQ>;G|$e?sG*)cB_~{%MVWM&qB=`2E^= zeoo^L&@I1~bWp3mLzZI%pVxS|{Qzx#sfxB6xa|iF6mLjjCF}>-HZZXtVB?Q=xAU*C zr3Bayu<8Hn{Q%AX+Zz9l#=oo8-~avnfPipo7C-H7=Rec<&o%xFtv`RM@n32D*BW1= z?azLr@!wiA2TV8PSA4|mI<5ITqwzmmm4ScJ z_*zZ>SB?KoE>#A6C~Ye~f||g)wq6 zN@A1+By)v3{FRq7M&*38f@PH~t725msD@E3Bfo~G=k|<(8HF)&GD>2U#i)c)8KZJW z6^tqwRWYh&RKuv2ksmg+RQ)juW)#NA$ta0Y7NZhIWsJ%hRWPb#RK=*8Q4OP7Mt;~} zQ~6^Q%qWbJlTi|*EJh`a${3Y1s$f*fsEScFqZ&rFjQspKe~f||g)wq6N@A472+t&# z{SS!txEw|~%PN4>{KBY;k5)6PVN}b=50$6tk5MqAFh)*BNsO`>l`tw}RL-b^Q6-}) zM%9dJ7}YZJ!wphkXntlC%qWbJlTi|*EJh`a${3Y1s$f*fsEScFqZ&rFjQpB%{ul)_ z3S;DCl*A~DQ3<0mM&*nu7*#T=VpPqjhEXjeKioj3>W@({qcBEJMoEma7?m(8V^j_# zdtC*~Dj8KVs%BKfsFsl*o-$JTV-(CNjFFR35~D0eC5*}#l{2bfRLQ7{Q8l9)MzxIm zu%WK<$0(Rl7$Ya6Bt}_`N*I+fDrZ!|sFG0?qiRMqjA|MAVS``gk5MqAFh)*BNsO`> zl`tw}RL-b^Q6-})M%9dJ7}YZJ!_|k%AERJKVT_!Nk{D$%!XpaGOBthbMiq=I8C5Z= zW>mwd7D)Ep_EmMiiBT4#5=Lc=${AHKs$^8fsG3m? zqgqCO=b5=`52WgkQ5Yj9qa;RIj7k`lF)C+N!Kji^6{BiKHH>N*`Qd9tnXC3dvSor9 zg)wrnUJ{V3`z%H!K;2~j0}2wT97uYuU{uMdicvMA8b-B@{E#J;KOj^qwJ)PEMovaa zjItP&Fe+nI&ZvS>C8H`v)r@Kw)iUzyVCJelkZNB>VL(tto}Da9VwAALL83i*6W8`F%#3+kV38OMb<%}vARRYQKRE>#-vyjMM!}527&#dw0Sy&>G7D(1KqY*%j8QqG3PzQTsu)!> zs$oRCMF0oYmG74rC#>mMi2}s&zF)CqH#(L$9Di~EVs$x{lsD@E3BR|~Mpz_Bk zm{AxbC!-`rS&T{;l`$%3RKchcNR1C5Ih$4U(HcgzjQj#Qe?VC5)BMM>FrbTs%n8(6 zpd=t!qAW%wKz+s0GN2HF%7LU_1*1wvRg9_`)iA1MiN%B_SS> z4LmFq=&`iG!{OM)k&kZypTz%m{0}!qVdd#c#{jXEGCsh6n(K(`ePVcd7{7E7?-pwvK)u65ifo0Kk+o_S zh(o>MFwRkwm0f6@2T?FYf1#S<9QpZaiKzv%GK=sg%vPq=_&3ur04M&bN^|f}X`I6-rF_SMVyMu2#7e1m;X&k5nlUDTMuH}QjswMG$)!_4 zCxNa4#rsW49|N5NO7(^Jn3TQ)It{cB=#BVqD*7QIf1{FRPbuVYM0C6?NSceE=u_5o zfVz=75SNpo4z$C8KpZf$tBOt0FvJad{~<~-Uy36#G78k7rZL?fb!aB4S5a&Tnko5T z7<&}-ENC}SzXnF>AW(nMNu&pw0oojNCTL60BG3TP`Jk;qmxHzey%zL5(2bzygWd$% z3G_D5uAuus13_ubcL()B9)dtyg7yUM3VI=EKhR*%5YXPBmw{dkih0H81DXcf4>SWb z1e6}6?hkq`=m5~0Ktn+{fer!P2^tRi4CrW3>Q`5Q(wwsy|8mYD8MHUCt0 z${y7ZH7lijG%?l30#NG8C7@I{3suvX1Iwl-SD{A!TM;HG)KME6PWE{O97|a?6=}TMY^OpSM*TTf5B9EyzsGFgn_V znOHi^OUa&#H!>E@tGm@^qjZ$aR+Gz&FewzDR1bQ)U5WOgx|t0+9yAA(>M0kL+Lo3c zvfT*Dc9X9O+CNG{E!jA}{BUSmBP zHBwgB)G5{}%dr7i^xwP>=R!oJ*X;Rir~CMe{NIm1 zkMp8+`pnPEPoG;<_pqCRLQyh10wDDT>Re``@>5@+I->Tav>xMA9oRu zQQoMJ=G8s!1`qxpk2_E2BFd{?w<}fMt^)0W<7J>!mes0my8+9(B_!)s%BXIotiJl8 z%Py*)%kZCHPyGz}f1rLSuX_EgRrRwDGziD>8s}0f%MGf2NG9utkgOjmI|N?Je1T5l zA4^W-Qf=O*Uv;JWnFN|qcl|^zq@RqS>xmL5dq`^PF2x~j>Mn!GZR%bRp*c;PQ+K&V zMpJitwX%{I8FNJzMrM~}W{As)8PM*DReqdft`O42ME}9!B7*vlGQtl_Tdoxn`9QjP z?N56G;TBgpsk0*SCTig))+NVp09Y|xC=_N;ukQinM(eDRM&r?mc{ zCtFhi(nca`p%BukPYLBuA6OmGR>2DCfOa>+T)GL_X;}R=vW1(1!yVA#NK}*Ypek$f zdMGkAeU309L$TRGbKxD*KUs-i{H6X#Ii*VnO7qlZ(E?DKA4@>PK^KBj^fL;fB0q7dgzMyMCsq(G|jRm~{ zlxEfqphciJf>PZepQT$tafwrUFX(2_$3V+L4}jhRdIIBJdyQqkvFtCF;ZjlA;^I)*nsY`wXpPY34AiBVGf?M77I$yUYyai- zlo+sA6zAsukEhmp_Yp8-V4#U=ux`y+w{$$+C+e)(-p0P9>@r z8ZYhe|EQ9Ei1s2E=v$>Uj*fv21^pD1))JqA($M?@bPniOpesPX2HgaTTQf@^1pNl| z4bX2vKLkAidK~mS&|g7Mfi^|_pFjtJo(3HYdIl6@*7zCpYS3Cxj4k6=P-;K)2hpD> z&$2%e@;Cb6n35^v&)3+`LnA`#6B{6-a<0XH<~jOAd;xy+qU3+vD?D8YAg?s%h2!5$ zR1RuG>$SjP)De{p+eBh*as)I3{EMJe-j_gWE^LN>S%-xDjptZKH6~@$c2e&c%gnJx zeMaB%OM;AIC*Xh9IqG#n>OZJd+P?^ca}WC$;SlR5X{sAjMki@=okzN6qCD$$_!jDj z%JDX6f6#Y8X&qAyN@aTwv=1mwh^h_=`5RR%ds!h@Kdgi#QtO9fA)`1Hf95&rDUpU5y;@_iN~1U9+2g%342^SG|5Vs=1YZhQd`Wg8DX#JF{`ng5b&#kI{wy64{uc&1G z5R&yHWmG>>X4X#=oCWm$lMgNGKXl$Itfzkd*VmpcZCi5bnYLvyZEE$$Ka!gst%T`3 zF-jg6`vk;iT6nQic0X@WT~PnDo;Pk+^}hp@Lf#1)2l^l=)!A-P8tZ-WFWZ5Tzj)v2 zOw@N%vGYnu?%PSd_mqXd@dZ%2(5q3%-#DX=HWj-I(qBX9NLy+}DGOv-5X-!6>!Nzv z`hR^L?be3Y3#R{JTR)7pq_MCMl-jxyl-l|LD77`-TQAx=1X#8;A=%bBXaU*Qgk)Pw zJ!)&IM{S)g^r)=~$+nhyv;vfR)Yei)Z7pTg)>1}oEoEj~4}(M>*HMsBSuO`HuBWX> z{(roE30zcF`~MvW6$cG)Ni)+?smP2#TyP&`aWDh|+)86tD7IiwOsi2_G_tI$Y`3gT zvr;qDR!l2x&$4|lOT*sGme)5c|KIO9=ia$@Wkfl1W*33>{uckz1*$%ub}Q( zp6>#O1K$I(ZR`Qg0)7N!s=feH=S$#v;J3g%!0&;3fjf`;&_#TE<7rwO<;yB9bh8Ex0l)MEYi7z;a zEd$Mdox#Z$Y>U?)yZIty>?Povnt3B#e;IrN!nqMgh&BzsqXeZld={+#B!)K%y5P79 zM^W<)Kdlm9SE?)WlvP!VD}d1iaq0?i!OL_79Pcf5wnHaWEmsQL;7~B>9zYZ0`2u-r zYLjA8ldsqW=8KJzO9i<&=q|z_l6lPs@|Hva@GKxY6k)(hfGja|KVBCQrb#U9Q~+5% zl|VM8I-}oI2y=&jsddlXkca8k&bGvDWd)CmDuhO^lLKFO+77o=1*K0AL}?uE2g$g*kL21U?QC<$U+>17>a;a!VT%!#N&=HYxG^N|f?Su+}0 z)}*B2k-VMC*P-FVaM9|EN%)XjNEE&@7812!RFsC&tBnUEsNoPB2SXdQ(`o01heUbW z$2achxTfhjK6j?M%NiMg{`sm!^KJOrTL?x{mCeQ#+gx1YBOMW@xERhEO)s__QCm4= zTZGS5MI%A9*CATIL9xe|hGmyQ>CJ?~CWR9aGW zNzU9_Pf3Lsi81mZ4h@F(gFgLm;Fh6fNgxh9P8H$Uh(dvuM&y5Ijk5sSMYy1i&T>QT z5h*BsnJ+gE^W@-2Tg}V7{sjyJ{taYe{s9gHYVG8rUmKt>5y11oZVN02wg*-N9Y7{3 z47du|3AhOu4%`C7=cK*Q0I|tgOe(qpKgM}?Aj`Q2kj?m39I_dca)|M>|GlJbsPP{8>bFOQGER8d1wuB{mOZ^EgLHVgoEbo+xOD^^lZkR@={neF&%byM&FMSV=Ok1;Gl$T3Mv^i68=#FV-BVk18iitaaUgl#8kc0K9z&=3Sz4x9C z#Ai-LW0?VDN#y~V=X@Y5^)?)`Qc1~Gb;)}}`8tAsPjA5iwjKS`K=C`=ORkDq2@by{ z_?7Tk9`zA%DLx~!4}|b}NBJ}o4Ih5tZzVbLZwN{Ef*lNeJ6ro)8!MF+%2pPl&A>0M zMu^x5c(~Q|aO0W(oQ*LDaY>OVoe_~M;gxB#iG9wE zpw&)d4l=lIuoJA+h=mUkfR|NORW3xCZzal3g(GDajxMUUC-ZTGufVoGZqO54C%F88 zI@TSG#~cc3E9BjI(K#hRLU+uw8wbmUl}wk6SsBY=JWw2TNSS3gWJ4h35Cb;J z9I`!- za%i6zJoX8a#{s33V;hmYQ?U2pRGS#eYAYcbii6uc>^N{Wi(mP355O+ksH7;#i_fl| zUSPwRveQB-$6V^}UJz18QqlA^|!f@jv4sEY$16uyi@QqV4_K5ouMHqYIF5EPZ%1KqQ;p48r9(HZaoMYhoq=+PKz2F3=K(9Bi^U6 z5T|fS;OK562pNZ@sKEtmYw4P=+9wSSNl|00Peau?*OPR&351M8Qq)M18r^MLccsC} zt?r%zAvGjLjq`*?eLs^Jxb*3O!=}|I15D26v!z)b_(YggOrf=)GsOBjo*p=0f$=+8>(=d*Uv`iDXa0`# zr+e4EGwkaD*e8NEG-CQBJYi8gJuYro{IKb@RdqE*CDUt4s;g?J%b`H+IfG+jW8$Wl zmleiL9Xfb=aft^)wK3Jjh1#KC9FJYT`tq1PclZA1=fxLXa^A2b>1`*T;pyJ#N&Alv zq@MBpfJbH@{OF{QzAm`v=-~~Wc3yVTADy-?{nXXAqk8 zI3v$_>-taM{3N{ow7(w=o1u+AwDO5Ypk&dh%M_G|YJe@eSFWzE++ zJ##Q+6!5%~`P|Ej6;&tqXb{$=&Pie(r{C`gwYn_aE)| zzjMFR&tKYg!{Sj}Fa1+Le`iF&*omL_+wsJJYa_-qG;ALK+?~*JIDWwBmmcW1RM(%gW=vVvf!B@G&mU4T*by)U7qqqA#Hgk{#E zkKM*m5@naI$j1;$*BS{9T}XgdTX5|*ju9z4e&b7veOmS4(6tTFY6q^}#&IIGQWr*` zgC#|`S%TIsK&w4`>^6O@*m>okSfAEGrPV$_i&oxlJ5Bk=J$|^dsp*PEf+!_9lmPghGWti{PXqMzPJW4(Qustv`zxo7uRjios6lQib9*Iv`z}p z;v$mWR*he_t=F%)8LLUU7Pf~87apL+VM=paZz-*a0If)&#ql0n&VT(oRr2O=(8v&%8|mTINY_(_ zW3r;Wm14JX6NxV42#}%0u-kZBlh%r^LqK}CnrOGdposK*o3Z^$v*3 zDP#`gSI>J`fK1;2nT`Q6{e%qLj-D@jfJ}cOa{%el<7yuu6D4GNnerYIAalBq2{nb& zETS>b8CdV<2pQHpuQs}Y0dd8ED=mp$KAi((&J{Ae*{;iU z2}n<@km0Rv4x5BJHlvlpK3;H)661)-8V*N0f@9>Oi_VGDS+peW zw3zzh0#5-*IF9|%58~H`fy$cx)3m%3R@5C?Ja zX$cuE26G}$A+I}m-`;MM*NUc{wIFr3)XIYlrcFK>OA5z;Z^t$S>2^N!=WKaZ^87&+ zmyoffa4dX%Dg5oJ<%SmJUCEj_N=$37G-M>}9^pDHaOV~HzKXz8UD=;AI^#XjW!NJE*jTj3ut|mbg0o z{@`$**14)egp4IFwch0+o-mblU^aaC;^@U2g4qtX&GmbfMa#3e^N zjO!1jC1fmdoo9(_)Q2lJ`m{#T@W2TfOI+#T`q~EbB}ZSBUZAvuj3qA4(|v8ecHj1E zd|KO;mXNW;l@Sn^95FJk5H&~=GM2b7RWQYM@WIX(__W3=Eg@rxE6Wnsx`N?LLk8B1K4`udfj9N{yrLrP1?SmMgD#KpGZ(~6;ihZ8cE zxN^bu)fe+6XC;&_Q(8jC64xZ5rC-ZSR^0lqPiwW(5;B&!CI`eNXE%)NJEbLLEOAY- z#P!o{b^q~c^wp{3{Rq-RgE`?T&+T0+JW*9Dfi z*yiOdiE(|Rw1kW$t_v-3)xI=ruTSe_cD8Ur#u66>k*0hxE;-wx^!Z9l$XMc- zEqi&(B|fdCN=wLC;<_jxE;$2YTzrE+oshA_l?SfxT4r26tq=|w;Dn4Nu6%HP^~HS2 znG~hRDlH*niHk!4Yg|69c}h#jSmG)aTFUTgj7!eQz}7Y^Eg@rxtH>JHO$Y!GSeja%RW4&I#u)UO9rpZi%ae9AlKS3~~9i%9NInvBWh~XzBUtxZ%?%IYR_n zdr)Z!8B1KVEO9;aR*B80^_9{RGM2bXEpf37{d`*QD=i^oiL2ZaR~K97{&F_Txa8(Z z`NmUgeN|ZED(PJ_+NYJm0WX}8;mnuoV{9l|B@W*R_S|v9A=!o=aQf37LdK$11z(?* zd(fc+KCMO-myoe&Ra>u#kbWGq^>7OjtNc=uLcT;C}zA!E_prc=m6njPXw9)`eZ4bgyHD$&(h@Qjt$K^r<5Nbj_h}943Qss8 zW6|PN-oSYh@{apf__Ur;T0+L6HP528WXi^eeOh7>7yd#9 zh`n3g1c)Ep-;rycxjdbZ!){}rWpyz{rI*wW9W0oap#knppsmV8SoS?FLeZmQ9<7E{msL5B# zv`$q$Q_wmk`MSar(HWM|daa>DPe5l_>vd8Goq$gK3Fw?aeo{{)KdG%x8=nz8A+1)H zLv0?mrLY<078I73SYnJj-+F0|)5cn*W3BlLF3+8#*%kf)r-;C+)wWXXL$wOf3Zx`5 zK3xP`)|(S)ZtuEP-kqrB<&{-b=V1qKdO@uxrKYB;MoSjmz5nKG$+d3PmAvsK9=Q`% zycc@x*jTeoJ0CWU229$u#0k0?GwtiPq>1uMHYJwA0S}B=#B&neQz>NLLF_NU;9}hj z%lwjUiQtwH+`H!$ilXjynNMVmxFQG(vO=NE*_Wmp4AgT~JwE zUQ#2Tq5-3}q^Pb2Pu1iV@v)k`qN=J(%1X4Ty2?3amBmrPt20V0FgE9DQMDAVW>NI> zQfkL;0xFQ>5Y&V8YmSyO@^3SG=&jPxBRZb;rblpGvU{5^^G=kbsn&P#^(GY3-0EAQ`O=ARq~?9vcOuq4go?iD->g)T3>cjvf))uwVb^ zGrYm=sUF{ns9K|Kr6IRQ+*)O8)U6y>TBB~QvNh^fc0|^wTdQo2x|QQ%bHuGxwM5&x zp{OO=R;rq#ZRP0P9Bpe=Ez!1aU~7rCm8zC#TQ^6rMB7SLOSG-5AUVPjbM02nQ1qdb z)U}T2TVt_OTd8W!ZL23c=3;KWvR~A#Y#pYeM%1lT_KRA+X~HtV)63i#1pDRncvQy9 z?>@N3#*G!#8k>4tmUWQ6`r;ZqDSnU(Q#8w`BL01F;?p6fV2-P+2}~8gHuCR7kuTym zg>zh8z%f&Ef}s>4M}uW;r5=yn2uuen<|O9S4NVid*k z%{0;AeT$Hy<@0?jiT^qjeNj)Zm=jEmdD<%{ypD6@h7NU_98MDwh7KAsc({oPGA=fD zC?$u)4<9;Ac;!2auem~-w7b6Oy9dQPz{Q%a`GEp5xR$#^Eq@CE{x~A^rQsZ%mwz%I zVujq910;uc+FV-1xR@H>rXKoygyTsi!*e>9=5m?0`;y0-Z4GCW@;PTjR=#;lB7G8U zn)Wl~&OArTwF9^!5U**wC4ClReZ2@Wd(V|};{d_J!`lh8xr6Y&yCG7JNevd>Zp1rx z7`9dnmvY?w5G=fq5WIgKGHXUlxqg=Lcxym9djHK`MkXi1^UFsR{6}zKk;w&%_kH+Z z1i3*jDTrhQ&BqnsUjUhpaL}Qcg61O%`90vmW^fi9Tyx>^hEW1!)+)K?!gC_L7a;RR zk_fKZ@VO&gHU$sgPL%;R*RJ>w#)XiX z!Mzr6v@gN(u@m{&519=GLJV76gXe?wR#qfs^xt6l-~-eTL++_!Db-v)cEV#9WNzX; zcsSk(4OV`PH-&fHO)glx+{L&Ma*HmOf*k?D@_QI^M0l<>J=`C#&Yh1?9@JB35=LE|k) zInRU44=M@=;KHf*XdmyvsYAF{5XfEE!Yo(0-8!X=E;h6!su*FiU9Uxe|pP?O$ zhfMzlDc1|oT)ZQ%mooZquz1-o)I;tMCClqFSiJb&l-7GG-m!M04DDnekcyj{xi zdK2N9wldQv6vrn@hUavyh*+0-^D=qV{|0jZQL=3JLM}*n9am7p=b8(zE99I?wx#gK z9A|i`kjp-f@T!k9yn4u8bsXV6aGc?-h1}-j2=D#l4DU0@anl4{bLB_-+3pU!av295 znpv~;>x9feC1-?Z+Kx_rw%-X#hUda{c3L(wk>|vb0l7*gOZ(hhJ6H*sbxO{NH%PmB zP01iA;hGDNkDYySjPRTY;V;Pax>JVLQu;C=bAgg;DSh=yMuymYe!Y;p{utpgeQP1} znv!cNeSbkF^e!1|OX)j9$s8+vF_0T^jPRJgsgS8xaxJBAEo3$yBRtxn_m#}C()StU z_8lWUrmx-Iu%|faT1wwk$P_ENmdbCTl93@cU%%Hu?zZCyZ_{yx_Z;MQ9wR&_67@Y~ z+T9~l*HV5HAd{@*TFP&sk~vm>FNWOgV}!@_Er-k|CD&5=zK6`AV}!@{5^=AdGKtOE zgC3BJQnD@OcieG?Hvw{!j}e{|N%BBuxsq!szpp@M_c6j_eh(@cncL>u-(kpwaAFA8 zQhxg>87bL(cmp6e^fzek zSSd@drTQHO8Ml&asXk^Z85v^p^-&4A%lyMDtgY4ch;H+VqP-DWjWK?5Y*+ry8{rC& zW54h3yb-aD<}H=V;2*3C@YD(Q0&1@YTTpNya|n8i{aqxuC$BM!HQZQ*do z|JI?}nxg4dg%^uA4^>nZ*Oiyl#^4<9v>z2|%g2YD@ZQ+dwC$J<>Nv5isHUp6YNp2- zoqd)wv)WTuQFd8b+?2eeOzaZP zOwUWnNF0}*q772QZCVtbm^d|WTw+G@l(ghrH(tOgBM50xCpjl6D=#;3Jf3xy;_X`$ zpPZPUmYkQGo;W@SpCoD@d4qor(lUc)V2F~nWWZlGCl`rNOwY_n$(x*+K51eK9{QD0 zSn}YnmYSKJl#(|oBP};CF)1k}Cnqm4JsnRAO4U$vevYl0nUR;1nVOrIl$eDNo3@YS z3yS_Ok`r?iv4^<_{FcK{c)8QF z@+M{`PfAZwKKqblrInnSljlxJOiszhtDHkcGV_9^5>MKOM&5`JbEZwq%bk{$f}#nH z{0WRamF*lfY!*&-3W_ROgjUAXrRL?#tuS^Ord7_YLMpmI`4ajfxN&IzX&I@RcpG$R zB%bQfla?|yD>FMcFF6e%qA;gnW)T|sJ(8X`F=ZmoaSi08B?;B+iHVF`WSfO3OC&Wd zJw?ylsnGoky3&WGWD58sc=kt$*VN*3wt0NpY-nUWgmZGUa}rZi^0JaLE|`+!MnegW zEH?6#UR6*mw@xBM(eUDB-qJ-bFDF*pA?89RB_mfQF-KL-f8eJo$LA-CA2%g5Ts7nK zvU0PrJSNjT$>4MZry8pVSxN51Y)sojMbnf`kmY?BQl4in@9tpcFgtn;qH0A&^nu4= zUlKF3Sh$JlDxpXxBj-C@-Dw%Tn3Gblx)vIFgb@T@1bEeHXk=fceG1#fnK+>}F%?w6 z)hf&mTLZ7kyh%AJ*|_3!(=lue!X+6B1$MKU)a zh@i=gAEfn%IBi*WNp*QaQAur5RgJs2CZn#Rq^7JW86O9&MCZm*?T0XvMP>1frI?k3 zauj7+X=E+6rm7;NprS;?`=SwV+C+KPrsO1Lr)A-~70F~E=`s}7)FOzdCT3@4XC?`6 zye1u{z>UjYgm!_9B(0)gR!M1jbz*hdWW09}AO1#&+?DqZYVgz3>uv1os2;}k5AX_4IsM`=}+wW2XzY6*7=17;!3q`W9jOV39y)>)7$ zV|A`IwDK&Kz!W)gMU2bLOixM75DoNc$f_I%^iu3bzw!C&-J~B@Jz!!wQxI>pNXGBX(^Z;EHi9+rmDiM{jv* zz^7U^FE5V0RBFwGFFjB<#{HP(ScWd5_x2xf=_SAzzw}j`^=c7mW#ZMSjS1kGS0=!6 z>9cp82QPDDWY`?P`sGFqUs==0j3%!+w#$C9X2jLS^Dewbn0j?ZvGwSs$eLqG8Rjjp zsA!aRZaV+nq0Mp4gir~WpuLv^pOt{igsMZCvE@Shx0{i^NYhw)W!9oYQwUEZzo-R=># z>xT|+Usm@+;d$fsWZpDl%O>19MFbJHtY6-Z|E$AZpFX6m|MTXei$;sD)`9=yeYKlj zdArNse>of%?mlNY^0ijT@1FPGuA{%-_}kouKHZKB5d6+Uy#{<&4yhuw!hA}Zbj;1O}jzxx7~ka$C%4g4*ob{@9@vxK5~kt zeJJ=ZW(^yeG{fAm zcf7OyldIdE`pTb2t{wO{KJhI0uU+15R=fLG{5b87^;fN3|JGF88o)wCgsu1O#oHJB zcK%g=j~c)Bv4_L{hmSN0{(bc)Egdu>Gk(h}J#x118sAIPwhDgO?LB|oS$D<01A{NK zhs+;|!VkmRP=qaHdjIYBJ=j0%j*$b_OkVY0SlVAv{&`$C!s13&P1UTLf(mCU)*EV_ z(e(*K&ze33PySTRsdb)L=E2*RW2cu@7M0f(mw@E!m50X;j*E$%URN<4qMqjfjs;>T5`H=-vhgtl;&kIVp z((^BaQRR!TS7IVCtMXrlR##NxnO?-vOfmJng|1Z*J3K4H0%&SG1Vhxtd-0igV$m!_Kx1!(Zj`J|>c||!iZpV56 z{Zbe|`zOA%5ylVx37&(W`V%~d))~}8LhfWkuBYNTv|ff>KTwYdxibv80gC6)1{!k3 zS|PrtQ>v9{<#-Q947Q1u;}1iKV3S_(G5awsCWv#>cw3xfkxd_ei*w5YRggtEt*;E% zn91W*n}~NdC25&jww8jw7%dr}!%7D~56cB9^(7Mv%CPqePQ6z|JG$z_nBnnDCwQm7 zzoOgNmu~cZ<)0xf>8{x}E z_{K0*8pOx=qV+Efqq`M#yC0aSrE;8RxMEPO<2)Q^`h4Vbv?-Nb?I`e+q*YW`)p%-i zOY15x!OBeMhy)`53xRJI^}uUbTwrokoN1d}RaTr-RmnYqm?X%rWA=kDzHXOUQ(RVA zP>%Zp@*_uF^T4;NYA;KztK=s!f~+1gzc9@EDRdvfOMbH~ z;9FG8s~ZQ)V;~N?RroL>^ZyW#_4_c8Ww9DanKd}%w}(hM#8+!1kEJPj98gLg-&iYo z_=sY{B8>Uq#Fr4ua0R(_2EKjD;f%IF2i(LhOjG=B^<~6;^pKyKR$rP+iElJ~4UbSr zAv}UsSNEz24v`x?PbYUnC;BRlSKFd^g>%2!wug^&`p9S>i9x1tkkxA%q)Tz}VaGcW zmwPGR?g6mGvqZ$xj2Gi=#>?5f7t_^@7Sq{`7t`I0mkVBrTUa-zjTU9)=?zL0il-|mQ6?S-C>J&B+U}qC5576ZppJHO{lczN6X z1@MtI*uX8gs1JsCbt9BgskCUcD0k0LP)-VX1|IE37O!($&CW$%9oETCA!jN+uKA?$-TE@|)rJ_<7{j;Npe`|}8c?#W%{3^!CwdccCHQ?$l@Dsr|8ih&|DK3_v*_yG z<<-aNfbb?ZT|26v5Zx9^SoRuR(#W(G%tq(ZQLG6fHn>_26=qhUf9fdi??`U77(syD z1#FMx;df>MCZ5HRwd;|Hu4EJv4abdFcVk-yck#oyc&2Za3v6%B)l7e*zfLr z4mc0UjpLUCe+7E+&u?oi0EVJmkY;ZuAS|S}KM>cfHyU^ykVOr9=}iSL1>zIV{GOrr zBH&73DR32VHt<0puNUN1j8+~-+U014ltaAX?+d{z$1f@Qtz2H+Vd5*Mq#V>&qxCh4 za%j(ik|Xm*MLEQG0c9MYgD2y_LXVmU{B7{~y*eq!cgssTmZ#*MX7FfZCGQ-AH{9Tj zHh5_UZ=%7YWtF;Y>@torgI8hj<{G@q4c-!ix76U>VesxTcxw#aV+L=l!F%4|?J{_8 z8ocie-adopUXqTF3oklQ@5ZNTy(lh@=3VYZ&xsSQu2cLjeS}9ox_?*r)7t2XXxE<3 zTem?$dSe831p*ZU?jqMHe#+G4w(oQ|Y-5OG`jD_70ox9!_o7)ZRp}*!Kke#@VMyn# zjb?8e76vQ48Ek@kX|fI9M^271rW{QUj!W=aaQy1B?eN89XZWJm5Eec0iEvCq(lH^C ziPDFPJH=4z>c;S^xh>Tqi7$e8)I44Nc@bJ&o2JO-|UF`*J^jBe<##2spsJk^`}?>_}!k+l>}Q@HgM zG3=<{emb&2%M+p{;}_R2sQCuPOiJDnP_%R*cu$_DEf&;$prr3+gL>JZLLkF#;6rfy zXKj24u><_r+RlmuAsuG4Sp{>;(O2f+<50No$Em8^b0IoSn#@4w!mJIiO4WnGJNF00 ziTRfovb>@0`}Ayg^lvV3xg!SiujHy)cS%8UNsXmHT!uu&KnRZCAx;4D)*9q9JW9M5 z`0N{avjTjTTItDqmA=lECGY|cIDQ@73G9c%|Lf>1Xg;w8$FH5EKQO*=o6L91b2=Ff z=Jzr}l??eY+jd4T-Jkk!_d|-k+&FovJ)q7n^E0cfQ?pE_%&F5Oyji z6vY0cRZSaPXG@9p8@^^d;$0ikoNQtknQ_7AX~x9II{d! zFPQIkIELadx%?I`gfmBs$dAL%%(8M1J{rx%45vvo)Sx34cJ{w42Kh5$E!Rng@rh>h zb&_GePE2DZbF9n<>kio!Rsx{?jC^zKv=)c#(@8lv=Fq+pJk}~HhxR;vrQ9|}IWz|X zlRVCNq;8zS8)EQk4c;7sx5(gKYw$Q^l;PcO@K~Rcx7y%6Y4Dylcx?Dm?p1^Lp27Rj z;2kh{2Myj}J02)SuEI1v+DFQvEe7?C;9ajMhjs_3uLbWOMLD$ZKuKM`n^fw$CZPjH zzxAVg$;5njLkbRzx0a-2HKb&XZj0-vuEVP-obqW+?Lh#w2E0;l(GKT~?Qa;1bXb*( z&^(doEF#zyh01=esZD(2cHMA$p?R)fgN*`@7ju6cc>A;NvS$~_mrRNFsB^98gqdc$ zVhathzx=Q_Y^<`4H3h}RHDX*&1LMM>JI2q3hJ0#+74u_!cAaVZ1jsNx1@;Ag4rDsN z0J0%If>ZgDV`d zD92cB{%H2g7`3Fs`)o0a0g3Zme6HR8uDjtiG4{Z6$(3C0%*T3)yWt%p4Cu0c+}qDW zpts@(5ifJTO;CDm(0s)EO*yXsuM3X3INJGYBS);;Cl!?@6?hUwjkqBY=vX8A>Lu?x zqbIAqEV%^R>Gai07GI{VsHjwM*)!#XW2|)M;62lvGP03{3enOUY(q7?oZ)N-cU!~IOv)1x)=#FV^#KCJX7YE&GF#1ftQyKq$z<8WT z0l8*y7H}GH0I&c!5LgC07sx!v0$H24VhK!Oqv<>R|riDm=mc>GF5bZJtm0QI(1Y$?I>Yi$D%2w*h&rz69iz zx&wGG@KqqY-krcLz}J8;0^bC_3Va**Ht<~_tw&tIJTBWx zUJK1wG(5CN%)3Q9#+(n0Q?}n;s+IW~tkFiB-cc>FJ=)t8wl~?%1}+*ErOoe2MTErG zW^`Dw?j^P+%uLx1nK9Tgzh?M4c*Fgg;eFuolIOZrd;exA+r{xU#0XTl6M-0w2f@l& zkI_Q#oQ4=fu*31SLDl#I8qBHw4J@;!Y!>g?F&Jb1vI1f0j(KUs!C}PpID|W0nlu}* zCm3yjG%z7Rw)J+v6kvN`HZT-ObLaq02X+D$0V9By06POO1$G540d@m60DAyw;(7sD zmZt&Pd~U%Zn-3|67%@v88^7eW(0pX0QMHOij_BEXgYd81ClH)}<#J%(1qUua7I^kSLEH#K zEjV%2iTm6^yyaDwrC)XId=}vr7>kB!kTn(jyaKC@rEXl8qB428Ws!@*$50ZTgI~`u6`lcg>I5?s2Nr4MkRLRy zJcV_~d^O^rTsjWAPf%OT>*qi=mM?+BfL{YS*7^o`K5#E^25=vc<+2~hTIM)g)-oxF zcEI2rR8-)2alwH{;K#Mk^+XtD++lrAocOJM3L_oe+}h^_Z5Rr*)!JvYZ|&1X4_END zPmHF79u`%Dt$o_zEp7{A^%8Pue+|oRi$#j{o5V~rMy4Eb_^+ID<<3w0D%?kw)swgH*-vr{nA{*P_>M9pxBatem7h6b9L+B#t zsSRBhn8Qkr%9k5T@)4vcpnT@j%@JU|&Wd#-K=zEMYsEekH)SA8tFDQpM2W>= zB$)Ye^?+zpZ8lE8xn3kZ{OORykw{M62qvynCQf9qG$3)+GI7-mogr2;arI4Ynr>6! zN7xY(cv+krx@jZo#mo_LZGq0wVAXbEmSFYHz*n2;|8VMDlGlM z8jtr`B*gOqcqaol15fw)_-))tsTUh}#3YvS1UeTcv3{$+L&f}+m#B61m%DFRpmu4X z^xZdPH-gRQ3ShTp$~eV1BO2_0wF>j{ZaGpv5<+lX+lU1|C4-TnB$w3)kHzrdqdf?J zj@mfHb>hg#Qh0EeH#~~x@cF7*F@g4i?UZaIAbdeWEJ(ZH=f5C*3WAynz7Z6+8|hEZ z_*SEbq2dZ~z;VUJ3G9ahtI=wEl24R(Y_FA~?2p|LQwb_eswyrKMa+xKm^O%q!&P{17Ac*+rcK*Ur>{|S5fa8GLd>-hGO4XzM_6DjTM)SCm7GYOCu; zE6SmnmfDvtgS@-pY6)V&J+~nx*H~~*Kw*jn_XHpo+!NG-doznvVm-;tfdED{`kmi& z`Ke4fNm!aI2Rm{OA*KW8BIGqVLU562+Dbto{n{@$KE~nS#ioPT1IKtA(amfQdn4S2;sKT4EO^XyI3J2Z`f7w?^Cz9c}wqu8g9Zv#XUn^Yk-j*3}$?uK*9@V)}`#sBI7{M(|FYi|K+3N#76J zJh4EYoQ%WeUNmYO{8z&tI-*r^s!&R0pU^Wrh4Z=_Lbkd4zvRYx@hLuUGEYBxR7~#^ zn#4|55jgmZ8rw9y!xLZTOPP~L7@Q|Y4S|D2Yq>xMT8@J=~180dmbA%=?~059-BgU7ZP#Ne$2yBUMW4Dy*^lP#pd{)f|M`GMLh*uA zvikghDJTWoNP(D+=+giqhw4KZ0-Qb-$d#wYQ2%Tee zd>pdSvFdof!S5V9OoU^t)Bg)~u7`inbS}HGLy#AfcBv?yMskB5jANaOJr2DU+w~wI zTSq)Fo-#lea5#{Ypb@|efFpqgz%jtffG!{>MTx+hf#@B)cL0-toE)V9Hvm(CTYwXQ zylsIi(fb`R3-~keeBd9zTp*jzWZ>DrDZqFjhJao!4om~405LJ}UI@g*z*_@Er{%o? zSOnzovlz&IVkN+5fn~t$z>9%z11|xxm0(Kk#e_$z0BR_~Dj+5nS~YMe@KRs`uoj3k zXmfywL#qeg2%HbR33w&&HlP=HKX3tX3lO#HeI9rHGLholl3`@P=0ha)=w?|tF z`~!%mlD)Js%YYndwMW`g{3a<}cIG5yC=QeJo200bR!aSeOjF`x{ii7j78_-qrsy`x zG)>{iYb6rL*2-y$-=ORfc(I|Iy!>rc;4Fsi*@;7UEC;q{6p=BBX+XJggtiig9DR{; zh_6$>EqFEfCFKxhyHfDN5CkcQmZqpMZKA<@&EUOd@HkPGx|qf)-QETdQ&Gi>F?hJb z6c5*q(&bo6#+zaAvJD>EwvsC}c$EgP#^7CH@D>`p8w}pf2Jc>j_kh8B+~93AcrO^d zmki!V29K>*rg;lGO!m-W+H;C>XtuVfSix(nC_LQ=>K(y5Sy2w{5l~WhouVugpo#U^ zYlK5geL%X6sm~}>ftdP?0%GbjN=<#_4jR9)GlI5>v0ZH9mRN|(Cz#y(sM^$xLqrS# zefw@P2vmY@Oo-g{id8#|uWp>vcKLX5hGzIPq6{Fw(b5h4!@}2R%`W6eJNb*_`#1H zvxi?jR+nt*xIZ5B{uumVr_X{Ni;<-5=irBSIfT3XxicOVDoM=VxWmnV_7)CaNBGm; zIGY{c$lbBEts33L4a2lBGIALLw~TK1RatS*l@;TJJ;M;8P%wFGme)1k=8|cvC@iz= zaV>|>jX2;qq;UcRhBVFXq}BWOsnmx14l(%p%10zq{IWcl2G}U$RzJ$k%QAwWxYgeo z7>Dzdft2kIECTibmI8YNS@KRGQyc|k-*^V_WneV$H6Z#q@jS&jK+X-Z@6dY$I25QM z9T+)y+X9CJSw9%|C?wZ}zxhZW`E*hgy=ys?VH3?9^rf`^fepkUiTN!@jdvf4Hm3>pq$+XgnI3^Z&T zqZhU<8VK8ldB504Y1$&V;K0-{v`qO#tUG>(d&yN%E^v$)SUyh7PetH{kxQ#kV}^kR8*|H0fk(4qF_Eo{lrh0FG99=~@IdJ@T=6u=*GH{KA&J;t#hp&j^hsYT zY2Lj?QCWgaK!^;7ojB#*ht4w`yD>0V2Nf7?IT9YLT~66mLKfXY%c3FijZO2I7nV^= zVNx(VaSKO;vQLqFG*LELv@OWVO2!3mZsp8!FI_HD=9d!}a>9^MSn>`f=j5zScl;Z& z{1@zCb#L#Au(&o7q74Fd6AnBpiQi>{s>AQYg4&MXC4%}EztaA5N&a@h*L>Jq~awr`b{CxTQD0zTv8;i z(-D!(bEeHECYWqS#>`ATj=>IuRbudsu!G($V!yzKa1X3^rj5_YmzRrKCT~Nj;B6FQ+PJbsVI8}%uzr6VHKB>tV1`jFAg3z80KN`<6}TG+o9z7oh|Ab}2>1@L3(|&_ z9&bESi zmId}vS$$zlUt>#vofUTpqDcjRD$MWsINo=Y!Y&vwtU>yQt67RK7jk|4spMzLo(0rY z?vzLfUv#z#DZw{rW`Y+Z!3`aTyFU_`S-TMGa=Fi9bGjpx3am|CL9B6G6~OXSINzkuh6Q0&0LxDS zV?rYad!PbXehNP$`FfH<0u{jWQ{Wg#S7;lk0G6KuhpM_lyFdl7EDCk`x^VkIVX&;i z@xEp$T9=d09PaDEnqp&JV$+w4**cuKHPEAJgdicu;`Ftjg#9o7jfV{}NH8An#HJL> zDT2nshGQVH7DtG-5Wm+63Xf$es)JppdKi@6-SHwF=C=UMFN1YK7*62X!MZ#3ETQP_ z>LD2D0#|-9H)4r;W|rB~cRrn#o$(yJ5L z)R`I3pIJmVV53vW7o0aIV#)X&?aq|N?(HIjbr>&^~JrubzYG25r&_)hVmCH7-> z2lfIFwe39x47k^x&Qgb5CQ!$+3Jj(G=eF;?^smEGL6ls#=6i$ESgD7Y@852EQzd5Wa81 z?~dH>;0*UO$Q*l~grfwhvS_x zC(viYEv7aaUNJb}Xsmgv?DA~U;LSF1h7glBQQA1MJvm>o3CuT>hWU;0Ak-u@dM0Kv zkWozojt5=<%miKtq*0pzq^Z9MSOm-ivi$Oayl5W4Auk$I4zXWB@>VHdhqlX*d(+_2 zAW1pal+@*HMDijO<-mG^dZUARIo7ogI@&VHaxWDVemPQA3lvy;^?RMeTTsA4Y`zwu z7GjGn3$ewgYlsrd4Ss63Lyc|GG|1H#Wd#+HIYrLEdk5%XT@M5;#`Tc(9 zANZZK^P$uA|B zbRceJdM^c{=kU%4V(Q{u1VsNKMkCJy@5VVMklxk67lDrgUjky{t?dB53w#;)8SoY0 zSHPXXpMbl7hk>}&<^2oz1~3HaeG3={+zrGsxAq>8?PL$|7sx${BegZ7kRa{pghnGn z{8yplE$s{ghuHz`%(T{gJR^yBkVhKDJ8?*(NXo(28F8@#yjn#$L^(*gr@@nQ98*Z% ze+`};WhZ%D$d__l^pHHRj7naAgLkIEi#K?~3|^AK8*lJ(4Bixj#|0A^2Q7e%W4^)j z`gm>7=8)Pj-pCe|gRjI8uQv+gOE3iG5HHDoR>*NIOA1dK+I3xyR~d?R6oOS@Y*duX z-cb!HQN}35iRi^B#0kW*x6@emmc4~oG05k-fOwcB-)|S3w8(}b_p|vc5x6kfx-B;z zF5%8N4orgYf-6;ec&sMa(=TcCHkMo%4CH!@=Cx9np>Hz7LIjpX@T#7A%`+^3IUoDX ztW3PBr=BXNBqlVKh(yZJQPy>ntU8OHvn^(^c}55DuNVB&t^9_oguH(=a*^LNLcLd0 z^}Hx@7kylsSf`$1^kMoNij2DmO(P9I7RI9bXsLpyRB+nhLQxy}3VeoS(T=Ix`yjP9 z;*cXj*@4kUOX^mGnu8*SiG|$dprpoaprqVApt=a(M?ftT)JDUX>wHp9?+{mm<3F1hs#AJUeL<3!5S2#$%|0Ex>zL6q6BqzE!_GAIKG0o#m zW+GZf!!9ua zXlJ&$6wLgw1 z#UBl$&AJ-{WIGrOJQe5yvS?C(!+=;x_KpL>YmK{#9%jv!jgwtS3K0G;-N+r4|S$^*BZQA4BqVqZcwNyQZxCg` zE}E1>n+l2p!!T{SqEJ?#whLZ`q8!>LP*Qh`qO6@d=KU!+#J%iRb?Q)3w*ka5L6%>q zj{ZXQsp@rpezUV0;j8!P$2mI_ugz&@cGlP2d*LC>tYCeVJ7^zOixQK43i~2SaYaK? z90pl?99l5{9_M*T(Q0kM(JvA|(#iXY7&6O=SC0JBTjvNGy+9Y(E2>874{y6E)t$K|OwrxDeq{ELCK{7Zn$2CS;E{5Jw=`IiAxfw;1~TyeS;SPsNk!aE0u>r5>C-T_>U zb68<7ySTf6w*xWK5O0FJ56B(>SEF|m@IfH!5#8GfTV7v%pNQp+i}$y@@(qQ0JFr?_ zmJQp%iCW(KkxyFQdvHk0OG;YaR|Joimz1=;QjV5a%6+D&FzqXYcfjBsGhAzE=0JF$o*PFd(GKE8DlnD8A_jetr{B#ni>brN zykoGtXYTFc$jVwAA$+Z{GGWsViWjuitQ`eswBO1SS9@vJ=HeI-#H`VvWzJMLCFHI` zH$($n5YuLD(!Q5&@}5L2LTLWh7ccrK83%>g{;jvP^cAEGDP&ls3;fPGPNbvNG6tw# z!ID4BKQq(`hdx^VFE%K%Ob!Ek0RIPc0*?Ths-wUdpoS&cGy*Ue7y_IM#D_$@`M~zT zi-BRlI$%d2%lRbWFTl+>l3O|8v)0E6nI8X_KE}yO58IG+&}XhEzuP=w$=eAH-Hisp za>R9t4oy1TzZGU@6;7quA>|P7GW$sI*hWb?L|I6=XK*g%K2=nhc%zl%VT*|H4HI{U zB=3m9V+)r&Zj~VwCf=?jc^r5>DR>-sk#cAuFa)0nUZ|oR;&t&K3*ITEK-(tfV{5pUIGBLf(?;E^pmLV0)dD=0!d`*3>ER22Dq#useax3L{J@+~5jHUz#2@IB|;$EIw?=5E|SO`*4ceEa6vS_N$AAQgoodXb(d))F&#o zu^=hiqLUjM-3@qir8!)2)*!bPQK-}^Btw)c%uM)Ii;x&J>nN>mzS8Z;v_$)-Mc$yq z-Ju*^j8{N{d%-roUBViRx|zv@p{HbUvB@}z_7#FtE|sCcINZ>hSagEY({CsZ^eOdF z>uWMxQMw}B!9I})DFO*Dhq||qK;ZI9+X`wmju5fOK~j;3`x?O;YEadnr0?AZ??q78 z3%TD6syl3si2|gL3%=c&;co;h{Wp>WYd= zN{UP58%+lLhgMuFwyVUN_-V5$VUxrPSpwMnQZrWC`0j3fjm?}MuAI@@P?S!e#ypR5 zr0a(AqW>Yk^KK|h-Cv*P9F#2a%Q9yfavJlU;upi#upUZ)w9B)Aw8y1DT02bQ#hs&a z;6$8bDlgswQVE=a^J*Y(`CbaF0M-I;2F?c3O3ekn44emKTCM2~_NtyP$g1&6AnA??Tc4+ z+r^mgdBN*}-}Qo`p5%eh`lt{{OD@YvQVg-Ph~L%@L;FE(vM4p0Kg!7vsUaz9pxTgz z4jtQQ9c|LwF$ym6a70K)w5E0&I5M@8VrsdRVHdfSJe=|YBEv~8|0q?266Eh&b` z{;~P8l_63?Qq&kFQ+sk7Jm}R8=dx@^0{M0!I-)hTZ-OgRD=DUSo!~LGk_SS(myAd! zxr|#<3~^jQYLh6coD7i~lA;C|Gptr8T^9$wg+pGOlA;D~ae&tWM)_1zOLxJC4<^$Q zt@+yxuFRjLn7_vakNJ~45aN+@BAw(iwUT0pwBya!h76G!lA^{1GPSha-{2Gu46&7! zyCvy}*3^Cgu1u|@nA#@c2Xfu z;W%g4-G?A#ZAgk5xbXv?xRMu2Ip!}4hptJq=I>K*Wd0<@{Bag3?T+N(R5M$8$z^IK z#Sm*+%%2RA8j_+0M*t|15StdF^2hmNDt{d1=3-F;MQqtEqt;Lxv zbxE<*9~C^dD#-&OK2t)ZlU$aeq!=O=oLM5xSbG^FH6%q1j^||#CTrcgo$|}>k^ju! zk^Xe=x_5?sJ>X*|7~lRr&W~f4mleiL9Xfb=afzp@uBJAoy0}m~^o!%M%U53>v*+%L z%&Px%DBgU_Eie46JT+;s7ziWQ4K>>WSpr={Ja@4V=`oVzcIw>{pbZ=c(b zXk9*7)vkR;zoi`xzV(5v-?;v7-fEjOsdnQ}llOnV`lQoO{%y$grV)3wk6-)jTW_qJ z{O04YH{3VrmX|l&(K)YILEP+*I$v{P?+ZJ=x2gTmv~QA+Je&9U)ad_S`tHdazs~#W zp7kp(>3cA@wtil5@t%}>+P?WksC(zClh@og>#u%C#_XE=?vO}lkWS+P3qMXqs zclNBDoPO_RQ`ZmHUhHt@_FredaDK_zuhe|t8Z=3lf3B*yA>+l7Lth#F=b3SBrhTdN z|BM@-bmiDfI+cHN@e_|;w`cXoCp~ah=+O3WjQj4ETi1-seRbnw`BM^~`SaU8d#|`* z_IbBW(a+mI5%*8Rj0^sLV!*W#V;UMZj~@5zN2zzUF^#4b{)fQu_3J<%!jAKfQA8fr%Hr+%)fl*tHunY){YLu;QcA zzjAwPcdp+2Ywzw~wW;l%cQE>^xhr<>pELLTCpPNwuKZ-;r)%aWgnia2ZplAa^jz-m z9~QpqyG~bpI&a2f1Hv|}o_4pt{~H}{?sM@Iy(>#MoD%Zjh-DT2{*JdsW?q}>-nPDS zTZ#LFH=fr07u|L7FWP^quhsJ%mukCq*?)$ zUDvI%R=a+fIB9OU?X$bj@b~XhcGK?PpVJ=w@Vv6w?=G6}j6P$^w!?qivPv%}fB8pt zmRx^+%m-s^m6zP!|IQynh9st}T6o~&tk6@ZyI**A+aTTlw_y_p-}KBW4F}Iom@seG z%>&zAf5!0VM`w(CElSIHrPm+doO)p1RWB4>QRW{$OhHh$Yir+<^B1_?x~HqCs-ilk ztay7}TN__9W!GFYOA0(Ov9Zf+Hm~B$t}2hID8^DZR;h(dOff#C?wMV}P-u1RHd6;m zCLBKHTv#_NDu*;R?Y8`rjh)kE!o}2J@?IcmhG4gSBu}&lO72&-J}PJY;K73u;^`q| zG{qT8yKCVLi}mLuxcoW8ISDXp4Uf(D=fqX}a|SK8a^eTaUS;JBjvc(hpEFd>Dj1(g z^U&D1Mzc)(@WF$Jp5wBIkvE^1<~CXkzY!f(QHc}bW49HPgxmD{`ea!f z=8|s%;C_-Ze!m%4phg_(_aq^hpVJ^8@CJ$07cg>ARP8kcH3^m z)dAGK7w<)gY#rwG(8q2IL8khFq6;;JQ!h9U{Mv2$Jniz24=y*$$h?OMnJ6KT)$~ta z+bCO^Ij)XE=6(DkI^n`hamjExfp52Qe1ybm$)7xl;Rh*mI421i&b0J!It7FiE@W!( zOYOcd-iRjTA5Mgjahk%xJ{j=Lb-@{@-S!=R>9PttBM|>^I>X0qYcz!u84ykvA#)!C zfpghy&jg0k6+U(wM{;_;x&(y7d5^Cy8uAW~4GagDHDq{8Ru89JKseon4A()Jn@{2{ zyf!c#aXs6TP2qG82(%j1wmkb9-q#E1Bm0IHon&qVlJIeC;{1BK@a{Igf6`fc~dP`?HV4_^nx z8bUKL#4mQ&wqJ~wlSlbAM0nWtvfViDi;O!${TeDfOW_w=8JZy>ehmZF?U$2B`88a4 zCgY!e-FioxouPgu3J;T(aiKfK(SZHC6w}i3UZ5`2kI7 zZ&5hrpoz68JPJ!Qz@q%ADZMNT7WTx%Ta;5ZWuQeFtts6s%5+UR$)c2KN)L;&T2oH3 zDA#C8e~WUTrVOztyESFFMR`wCMp%^ZG^LeA;d7zNnCUZ4Q`&+@S+VycCeotZp(#-o zGq@ zdk|yBv`+|Sh>L=^RIzao6OI2?1}JQH#Bc;56r7t=Cf1^miMtbQ=WQOg^=z>fg>4hn z+Z47kG`18ezvAkJOG#0Jdiq!twmYO+6g)7Xj3p%$uH>^XPkKt3SLsFLTFPMFB(eESp*QOuOLC|1f_ zQf8LQml%{3Q(*xvmJvl^co;(ZpePIv?`(=$>?|phfL_LwqGlSVf$D?OP@YTmovoQX zbQg-`ySYlKC}w!rM=6RK9z}_-w&&evf+xZgg@2lB#%zjHvjE=B(6vc;3@i~^vvuYx z#{B%pb?%+F{Af$9)>6V_IQ`LV>BJTAX5 zQE~XSId8;9HJhMcUX{3bB9`HI#w&>wD_*1SS=GgsO3_lnwuOL9+zJ!F2BC`d)1e= zR2xq2VT8x!S1PD>e$g*A^CkB{EhRiIzs8G{8L!)F-`inJ&D2uDl_%|2b3NP`6Sb7^xco|o zs~xYd-OgTaOU>6(!sGHQL!_MXvZdB&vhcY4n&$G0@v@~hYboJz`IRYBKKwIYM;>|U zA8NjX8{<_iB|I*_vfygR>+?~kC)iS7Xer@w`IRkF+Sy=!*-}yL8eoLS<=1pjZNC^V zTWWxo5+0XdGepXVf5vNP)X*2y+zL0w6fGq@F2Bx(tL@j~-QP{IrHZwb@VNZS5h-W9 zY^haRN_bp;&2;(2c-c~SX({1x`NjE4gvW<}#%sYRZGTg1GPp7JX({1x`E?Fl?RY)@ z<|o;<)L|_pJTAXxiNG7SJTAY^6DiX#_C#up zh<;4dQo`f%E7#@MZEp{{*p@2SQo`f%YmP|y@Xs`?J}Kf)wMK*+<1#HZ2X=QWnn#M& z>m4}x#Y$UhizPQGgO4L%qK!sCk9JeOaLmn~JH zrG&@j*L;^>-Rn|+Q)^8i8&_&6;c@v@?DDJf@d3%U)IYV9@VNY1AW}a3vut=Se=|<4 zliQo`f%i~X!Ua$wo8rJ~x=N1S-T<<74~q*(dIG_EQP+poty{3&2d1+4eEYO9{IxS}amN{F66v z?9uPl{tj*o3>C!)kISzmpxb`Ed13m;w$#sBN_bp;Rg09fF56Ox9h6_f*|)Ctk*UU*zmOGU~Y!Mdf+ z(^A4CPB&@_Z?K1`c4j#oF_z)Nz8Y!(_D-z!t-^6+&KQWKx;~BcKY