#include"CMVS.h" namespace { // unnamed /******************************************************************************************** CMVS hook: Process name is cmvs.exe or cnvs.exe or cmvs*.exe. Used by PurpleSoftware games. Font caching issue. Find call to GetGlyphOutlineA and the function entry. ********************************************************************************************/ // jichi 3/6/2014: This is the original CMVS hook in ITH // It does not work for パ�プルソフトウェア games after しあわせ家族部 (2012) bool InsertCMVS1Hook() { const DWORD funcs[] = { 0xec83, // caller pattern: sub esp = 0x83,0xec 0xec8b55, }; enum { FunctionCount = sizeof(funcs) / sizeof(*funcs) }; ULONG addr = MemDbg::findMultiCallerAddress((ULONG)::GetGlyphOutlineA, funcs, FunctionCount, processStartAddress, processStopAddress); //初恋サクラメント //夏に奏でる僕らの詩 if (!addr) { //例外: //みはる -あるとアナザーストーリー- auto entry=Util::FindImportEntry(processStartAddress,(DWORD)GetGlyphOutlineA); if(entry==0)return false; BYTE bytes2[]={0x8b,XX,XX4}; memcpy(bytes2+2,&entry,4); addr = MemDbg::findBytes(bytes2, sizeof(bytes2), processStartAddress, processStopAddress); if (addr == 0)return false; addr = MemDbg::findEnclosingAlignedFunction(addr); if (addr == 0)return false; } //クロノクロック //会提前停止 if(((*(DWORD*)(addr-3))&0xffffff)==0xec8b55 )addr-=3; HookParam hp; hp.address = addr; if(*(BYTE*)addr==0x8b){ //みはる -あるとアナザーストーリー- //stdcall , mov edx, [esp+arg_0] hp.offset=get_stack(3); } else hp.offset=get_stack(2); hp.split =get_reg(regs::esp); hp.type = CODEC_ANSI_BE|USING_SPLIT; ConsoleOutput("INSERT CMVS1"); //RegisterEngineType(ENGINE_CMVS); return NewHook(hp, "CMVS"); } /** * CMSV * Sample games: * ハピメア: /HAC@48FF3:cmvs32.exe * ハピメアFD: /HB-1C*0@44EE95 * * Optional: ハピメアFD: /HB-1C*0@44EE95 * This hook has issue that the text will be split to a large amount of threads * - length_offset: 1 * - off: 4294967264 = 0xffffffe0 = -0x20 * - type: 8 * * ハピメア: /HAC@48FF3:cmvs32.exe * base: 0x400000 * - length_offset: 1 * - off: 12 = 0xc * - type: 68 = 0x44 * * 00448fee cc int3 * 00448fef cc int3 * 00448ff0 /$ 55 push ebp * 00448ff1 |. 8bec mov ebp,esp * 00448ff3 |. 83ec 68 sub esp,0x68 ; jichi: hook here, it is actually tagTEXTMETRICA * 00448ff6 |. 8b01 mov eax,dword ptr ds:[ecx] * 00448ff8 |. 56 push esi * 00448ff9 |. 33f6 xor esi,esi * 00448ffb |. 33d2 xor edx,edx * 00448ffd |. 57 push edi * 00448ffe |. 894d fc mov dword ptr ss:[ebp-0x4],ecx * 00449001 |. 3bc6 cmp eax,esi * 00449003 |. 74 37 je short cmvs32.0044903c * 00449005 |> 66:8b78 08 /mov di,word ptr ds:[eax+0x8] * 00449009 |. 66:3b7d 0c |cmp di,word ptr ss:[ebp+0xc] * 0044900d |. 75 0a |jnz short cmvs32.00449019 * 0044900f |. 66:8b7d 10 |mov di,word ptr ss:[ebp+0x10] * 00449013 |. 66:3978 0a |cmp word ptr ds:[eax+0xa],di * 00449017 |. 74 0a |je short cmvs32.00449023 * 00449019 |> 8bd0 |mov edx,eax * 0044901b |. 8b00 |mov eax,dword ptr ds:[eax] * 0044901d |. 3bc6 |cmp eax,esi * 0044901f |.^75 e4 \jnz short cmvs32.00449005 * 00449021 |. eb 19 jmp short cmvs32.0044903c * 00449023 |> 3bd6 cmp edx,esi * 00449025 |. 74 0a je short cmvs32.00449031 * 00449027 |. 8b38 mov edi,dword ptr ds:[eax] * 00449029 |. 893a mov dword ptr ds:[edx],edi * 0044902b |. 8b11 mov edx,dword ptr ds:[ecx] * 0044902d |. 8910 mov dword ptr ds:[eax],edx * 0044902f |. 8901 mov dword ptr ds:[ecx],eax * 00449031 |> 8b40 04 mov eax,dword ptr ds:[eax+0x4] * 00449034 |. 3bc6 cmp eax,esi * 00449036 |. 0f85 64010000 jnz cmvs32.004491a0 * 0044903c |> 8b55 08 mov edx,dword ptr ss:[ebp+0x8] * 0044903f |. 53 push ebx * 00449040 |. 0fb75d 0c movzx ebx,word ptr ss:[ebp+0xc] * 00449044 |. b8 00000100 mov eax,0x10000 * 00449049 |. 8945 e4 mov dword ptr ss:[ebp-0x1c],eax * 0044904c |. 8945 f0 mov dword ptr ss:[ebp-0x10],eax * 0044904f |. 8d45 e4 lea eax,dword ptr ss:[ebp-0x1c] * 00449052 |. 50 push eax ; /pMat2 * 00449053 |. 56 push esi ; |Buffer * 00449054 |. 56 push esi ; |BufSize * 00449055 |. 8d4d d0 lea ecx,dword ptr ss:[ebp-0x30] ; | * 00449058 |. 51 push ecx ; |pMetrics * 00449059 |. 6a 05 push 0x5 ; |Format = GGO_GRAY4_BITMAP * 0044905b |. 53 push ebx ; |Char * 0044905c |. 52 push edx ; |hDC * 0044905d |. 8975 e8 mov dword ptr ss:[ebp-0x18],esi ; | * 00449060 |. 8975 ec mov dword ptr ss:[ebp-0x14],esi ; | * 00449063 |. ff15 5cf05300 call dword ptr ds:[<&gdi32.getglyphoutli>; \GetGlyphOutlineA * 00449069 |. 8b75 10 mov esi,dword ptr ss:[ebp+0x10] * 0044906c |. 0faff6 imul esi,esi * 0044906f |. 8bf8 mov edi,eax * 00449071 |. 8d04bd 0000000>lea eax,dword ptr ds:[edi*4] * 00449078 |. 3bc6 cmp eax,esi * 0044907a |. 76 02 jbe short cmvs32.0044907e * 0044907c |. 8bf0 mov esi,eax * 0044907e |> 56 push esi ; /Size * 0044907f |. 6a 00 push 0x0 ; |Flags = LMEM_FIXED * 00449081 |. ff15 34f25300 call dword ptr ds:[<&kernel32.localalloc>; \LocalAlloc */ bool InsertCMVS2Hook() { // There are multiple functions satisfy the pattern below. // Hook to any one of them is OK. const BYTE bytes[] = { // function begin 0x55, // 00448ff0 /$ 55 push ebp 0x8b,0xec, // 00448ff1 |. 8bec mov ebp,esp 0x83,0xec, 0x68, // 00448ff3 |. 83ec 68 sub esp,0x68 ; jichi: hook here 0x8b,0x01, // 00448ff6 |. 8b01 mov eax,dword ptr ds:[ecx] 0x56, // 00448ff8 |. 56 push esi 0x33,0xf6, // 00448ff9 |. 33f6 xor esi,esi 0x33,0xd2, // 00448ffb |. 33d2 xor edx,edx 0x57, // 00448ffd |. 57 push edi 0x89,0x4d, 0xfc, // 00448ffe |. 894d fc mov dword ptr ss:[ebp-0x4],ecx 0x3b,0xc6, // 00449001 |. 3bc6 cmp eax,esi 0x74, 0x37 // 00449003 |. 74 37 je short cmvs32.0044903c }; enum { addr_offset = 3 }; // offset from the beginning of the function ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); // Artikash 11/9/2018: Not sure, but isn't findCallerAddress a better way to do this? if (!addr) addr = MemDbg::findCallerAddressAfterInt3((DWORD)GetGlyphOutlineA, processStartAddress, processStopAddress); if (!addr) { ConsoleOutput("CMVS2: pattern not found"); return false; } //reladdr = 0x48ff0; //reladdr = 0x48ff3; HookParam hp; hp.address = addr + addr_offset; hp.offset=get_stack(3); hp.type = CODEC_ANSI_BE; ConsoleOutput("INSERT CMVS2"); return NewHook(hp, "CMVS2"); } } // unnamed namespace // jichi 3/7/2014: Insert the old hook first since GetGlyphOutlineA can NOT be found in new games bool InsertCMVSHook() { // Both CMVS1 and CMVS2 exists in new games. // Insert the CMVS2 first. Since CMVS1 could break CMVS2 // And the CMVS1 games do not have CMVS2 patterns. //return InsertCMVS2Hook() || InsertCMVS1Hook(); //初恋サクラメント //夏に奏でる僕らの詩 //まじぷり\Wonder Cradle //等等一堆游戏,都能搜索到2,但没文字。 // bool b2=InsertCMVS2Hook(); // //先插入1会崩溃。 // bool b1=InsertCMVS1Hook(); //return b1||b2; return InsertCMVS1Hook(); } /** * Sample game: クロノクロック (CMVS2) * * This function is found by back-tracking GetGlyphOutlineA * Until I found a function with GetDC. * * 0045111B CC INT3 * 0045111C CC INT3 * 0045111D CC INT3 * 0045111E CC INT3 * 0045111F CC INT3 * 00451120 55 PUSH EBP * 00451121 8BEC MOV EBP,ESP * 00451123 83EC 58 SUB ESP,0x58 * 00451126 53 PUSH EBX * 00451127 33C0 XOR EAX,EAX * 00451129 56 PUSH ESI * 0045112A 8BF1 MOV ESI,ECX * 0045112C 57 PUSH EDI * 0045112D 8B7D 08 MOV EDI,DWORD PTR SS:[EBP+0x8] * 00451130 8945 FC MOV DWORD PTR SS:[EBP-0x4],EAX * 00451133 8945 F4 MOV DWORD PTR SS:[EBP-0xC],EAX * 00451136 8945 E8 MOV DWORD PTR SS:[EBP-0x18],EAX * 00451139 8B86 58010000 MOV EAX,DWORD PTR DS:[ESI+0x158] * 0045113F 50 PUSH EAX * 00451140 FF15 C0735400 CALL DWORD PTR DS:[0x5473C0] ; user32.GetDC * 00451146 68 80000000 PUSH 0x80 * 0045114B 8D9E B8000000 LEA EBX,DWORD PTR DS:[ESI+0xB8] * 00451151 6A 00 PUSH 0x0 * 00451153 53 PUSH EBX * 00451154 8945 E4 MOV DWORD PTR SS:[EBP-0x1C],EAX * 00451157 E8 C4A00D00 CALL .0052B220 * 0045115C 83C4 0C ADD ESP,0xC * 0045115F 83BE A4000000 00 CMP DWORD PTR DS:[ESI+0xA4],0x0 * 00451166 74 29 JE SHORT .00451191 * 00451168 6A 00 PUSH 0x0 * 0045116A 6A 00 PUSH 0x0 * 0045116C 53 PUSH EBX * 0045116D 8BCF MOV ECX,EDI * 0045116F 51 PUSH ECX * 00451170 8BCE MOV ECX,ESI * 00451172 E8 29F8FFFF CALL .004509A0 * 00451177 833B 00 CMP DWORD PTR DS:[EBX],0x0 * 0045117A 77 09 JA SHORT .00451185 * 0045117C 83BE AC000000 00 CMP DWORD PTR DS:[ESI+0xAC],0x0 * 00451183 74 0C JE SHORT .00451191 * 00451185 8B96 B0000000 MOV EDX,DWORD PTR DS:[ESI+0xB0] * 0045118B 0196 9C000000 ADD DWORD PTR DS:[ESI+0x9C],EDX * 00451191 8B4E 7C MOV ECX,DWORD PTR DS:[ESI+0x7C] * 00451194 8B56 70 MOV EDX,DWORD PTR DS:[ESI+0x70] * 00451197 B8 28000000 MOV EAX,0x28 * 0045119C 66:8945 A8 MOV WORD PTR SS:[EBP-0x58],AX * 004511A0 8B46 74 MOV EAX,DWORD PTR DS:[ESI+0x74] * 004511A3 894D CC MOV DWORD PTR SS:[EBP-0x34],ECX * 004511A6 8B4E 1C MOV ECX,DWORD PTR DS:[ESI+0x1C] * 004511A9 8945 C4 MOV DWORD PTR SS:[EBP-0x3C],EAX * 004511AC 8B86 80000000 MOV EAX,DWORD PTR DS:[ESI+0x80] * 004511B2 894D BC MOV DWORD PTR SS:[EBP-0x44],ECX * 004511B5 33C9 XOR ECX,ECX * 004511B7 48 DEC EAX * 004511B8 8955 C0 MOV DWORD PTR SS:[EBP-0x40],EDX * 004511BB 894D B0 MOV DWORD PTR SS:[EBP-0x50],ECX * 004511BE 74 18 JE SHORT .004511D8 * 004511C0 48 DEC EAX * 004511C1 74 0C JE SHORT .004511CF * 004511C3 48 DEC EAX * 004511C4 75 19 JNZ SHORT .004511DF * 004511C6 C745 B0 03000000 MOV DWORD PTR SS:[EBP-0x50],0x3 * 004511CD EB 10 JMP SHORT .004511DF * 004511CF C745 B0 02000000 MOV DWORD PTR SS:[EBP-0x50],0x2 * 004511D6 EB 07 JMP SHORT .004511DF * 004511D8 C745 B0 01000000 MOV DWORD PTR SS:[EBP-0x50],0x1 * 004511DF 8B45 0C MOV EAX,DWORD PTR SS:[EBP+0xC] * 004511E2 3BC1 CMP EAX,ECX * 004511E4 74 1B JE SHORT .00451201 * 004511E6 8B50 0C MOV EDX,DWORD PTR DS:[EAX+0xC] * 004511E9 8955 C8 MOV DWORD PTR SS:[EBP-0x38],EDX * 004511EC 3948 10 CMP DWORD PTR DS:[EAX+0x10],ECX * 004511EF 74 05 JE SHORT .004511F6 * 004511F1 894D F0 MOV DWORD PTR SS:[EBP-0x10],ECX * 004511F4 EB 26 JMP SHORT .0045121C * 004511F6 8B96 8C000000 MOV EDX,DWORD PTR DS:[ESI+0x8C] * 004511FC 0FAF10 IMUL EDX,DWORD PTR DS:[EAX] * 004511FF EB 0E JMP SHORT .0045120F * 00451201 8B46 78 MOV EAX,DWORD PTR DS:[ESI+0x78] * 00451204 8B96 8C000000 MOV EDX,DWORD PTR DS:[ESI+0x8C] * 0045120A 8945 C8 MOV DWORD PTR SS:[EBP-0x38],EAX * 0045120D 03D2 ADD EDX,EDX * 0045120F B8 CDCCCCCC MOV EAX,0xCCCCCCCD * 00451214 F7E2 MUL EDX * 00451216 C1EA 03 SHR EDX,0x3 * 00451219 8955 F0 MOV DWORD PTR SS:[EBP-0x10],EDX * 0045121C 8BC7 MOV EAX,EDI * 0045121E 3808 CMP BYTE PTR DS:[EAX],CL * 00451220 0F84 5A040000 JE .00451680 * 00451226 EB 02 JMP SHORT .0045122A * 00451228 33C9 XOR ECX,ECX * 0045122A 0FB607 MOVZX EAX,BYTE PTR DS:[EDI] * 0045122D 3C 5C CMP AL,0x5C * 0045122F 0F84 AE030000 JE .004515E3 * 00451235 3C 7B CMP AL,0x7B * 00451237 0F84 65010000 JE .004513A2 * 0045123D 50 PUSH EAX * 0045123E E8 DD59FBFF CALL .00406C20 * 00451243 Hook 85C0 TEST EAX,EAX * 00451245 0F84 A6000000 JE .004512F1 * 0045124B 66:0FBE47 01 MOVSX AX,BYTE PTR DS:[EDI+0x1] * 00451250 66:0FBE17 MOVSX DX,BYTE PTR DS:[EDI] * 00451254 B9 FF000000 MOV ECX,0xFF * 00451259 66:23C1 AND AX,CX * 0045125C 66:C1E2 08 SHL DX,0x8 * 00451260 66:0BC2 OR AX,DX * 00451263 B9 4A810000 MOV ECX,0x814A * 00451268 83C7 02 ADD EDI,0x2 * 0045126B 33DB XOR EBX,EBX * 0045126D 66:8945 AA MOV WORD PTR SS:[EBP-0x56],AX * 00451271 66:3BC1 CMP AX,CX * 00451274 75 05 JNZ SHORT .0045127B * 00451276 BB 01000000 MOV EBX,0x1 * 0045127B 8B45 AA MOV EAX,DWORD PTR SS:[EBP-0x56] * 0045127E 8D55 F4 LEA EDX,DWORD PTR SS:[EBP-0xC] * 00451281 52 PUSH EDX * 00451282 50 PUSH EAX * 00451283 6A 00 PUSH 0x0 * 00451285 8BCE MOV ECX,ESI * 00451287 E8 44F9FFFF CALL .00450BD0 * 0045128C 8B8E 98000000 MOV ECX,DWORD PTR DS:[ESI+0x98] * 00451292 8B96 9C000000 MOV EDX,DWORD PTR DS:[ESI+0x9C] * 00451298 894D B4 MOV DWORD PTR SS:[EBP-0x4C],ECX * 0045129B 8955 B8 MOV DWORD PTR SS:[EBP-0x48],EDX * 0045129E 85DB TEST EBX,EBX * 004512A0 74 0E JE SHORT .004512B0 * 004512A2 B8 CDCCCCCC MOV EAX,0xCCCCCCCD * 004512A7 F766 1C MUL DWORD PTR DS:[ESI+0x1C] * 004512AA C1EA 02 SHR EDX,0x2 * 004512AD 2955 B4 SUB DWORD PTR SS:[EBP-0x4C],EDX * 004512B0 8B55 E4 MOV EDX,DWORD PTR SS:[EBP-0x1C] * 004512B3 8D45 DC LEA EAX,DWORD PTR SS:[EBP-0x24] * 004512B6 50 PUSH EAX * 004512B7 8D4D A8 LEA ECX,DWORD PTR SS:[EBP-0x58] * 004512BA 51 PUSH ECX * 004512BB 52 PUSH EDX * 004512BC 8BCE MOV ECX,ESI * 004512BE E8 EDEEFFFF CALL .004501B0 * 004512C3 8945 F8 MOV DWORD PTR SS:[EBP-0x8],EAX * 004512C6 85DB TEST EBX,EBX * 004512C8 75 11 JNZ SHORT .004512DB * 004512CA 8B46 20 MOV EAX,DWORD PTR DS:[ESI+0x20] * 004512CD 0346 1C ADD EAX,DWORD PTR DS:[ESI+0x1C] * 004512D0 0186 98000000 ADD DWORD PTR DS:[ESI+0x98],EAX * 004512D6 E9 A4000000 JMP .0045137F * 004512DB 8B4E 1C MOV ECX,DWORD PTR DS:[ESI+0x1C] * 004512DE B8 CDCCCCCC MOV EAX,0xCCCCCCCD * 004512E3 F7E1 MUL ECX * 004512E5 C1EA 02 SHR EDX,0x2 * 004512E8 D1E9 SHR ECX,1 * 004512EA 2BCA SUB ECX,EDX * 004512EC E9 85000000 JMP .00451376 * 004512F1 66:0FBE0F MOVSX CX,BYTE PTR DS:[EDI] * 004512F5 8B46 1C MOV EAX,DWORD PTR DS:[ESI+0x1C] * 004512F8 8B56 14 MOV EDX,DWORD PTR DS:[ESI+0x14] * 004512FB 2BD0 SUB EDX,EAX * 004512FD 2B56 20 SUB EDX,DWORD PTR DS:[ESI+0x20] * 00451300 66:894D AA MOV WORD PTR SS:[EBP-0x56],CX * 00451304 8B4E 0C MOV ECX,DWORD PTR DS:[ESI+0xC] * 00451307 03D1 ADD EDX,ECX * 00451309 47 INC EDI * 0045130A 3996 98000000 CMP DWORD PTR DS:[ESI+0x98],EDX * 00451310 72 37 JB SHORT .00451349 * 00451312 8B55 F4 MOV EDX,DWORD PTR SS:[EBP-0xC] * 00451315 42 INC EDX * 00451316 83BC96 B8000000 >CMP DWORD PTR DS:[ESI+EDX*4+0xB8],0x0 * 0045131E 8955 F4 MOV DWORD PTR SS:[EBP-0xC],EDX * 00451321 77 09 JA SHORT .0045132C * 00451323 83BE AC000000 00 CMP DWORD PTR DS:[ESI+0xAC],0x0 * 0045132A 74 0C JE SHORT .00451338 * 0045132C 8B96 B0000000 MOV EDX,DWORD PTR DS:[ESI+0xB0] * 00451332 0196 9C000000 ADD DWORD PTR DS:[ESI+0x9C],EDX * 00451338 898E 98000000 MOV DWORD PTR DS:[ESI+0x98],ECX * 0045133E 8B4E 24 MOV ECX,DWORD PTR DS:[ESI+0x24] * 00451341 03C8 ADD ECX,EAX * 00451343 018E 9C000000 ADD DWORD PTR DS:[ESI+0x9C],ECX * 00451349 8B96 98000000 MOV EDX,DWORD PTR DS:[ESI+0x98] * 0045134F 8B86 9C000000 MOV EAX,DWORD PTR DS:[ESI+0x9C] * 00451355 8D4D DC LEA ECX,DWORD PTR SS:[EBP-0x24] * 00451358 51 PUSH ECX * 00451359 8955 B4 MOV DWORD PTR SS:[EBP-0x4C],EDX * 0045135C 8D55 A8 LEA EDX,DWORD PTR SS:[EBP-0x58] * 0045135F 8945 B8 MOV DWORD PTR SS:[EBP-0x48],EAX * 00451362 8B45 E4 MOV EAX,DWORD PTR SS:[EBP-0x1C] * 00451365 52 PUSH EDX * 00451366 50 PUSH EAX * 00451367 8BCE MOV ECX,ESI * 00451369 E8 42EEFFFF CALL .004501B0 * 0045136E 8B4E 1C MOV ECX,DWORD PTR DS:[ESI+0x1C] * 00451371 8945 F8 MOV DWORD PTR SS:[EBP-0x8],EAX * 00451374 D1E9 SHR ECX,1 * 00451376 034E 20 ADD ECX,DWORD PTR DS:[ESI+0x20] * 00451379 018E 98000000 ADD DWORD PTR DS:[ESI+0x98],ECX * 0045137F 8B55 F0 MOV EDX,DWORD PTR SS:[EBP-0x10] * 00451382 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-0x18] * 00451385 8B4D FC MOV ECX,DWORD PTR SS:[EBP-0x4] * 00451388 52 PUSH EDX * 00451389 8B55 0C MOV EDX,DWORD PTR SS:[EBP+0xC] * 0045138C 50 PUSH EAX * 0045138D 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-0x8] * 00451390 51 PUSH ECX * 00451391 52 PUSH EDX * 00451392 50 PUSH EAX * 00451393 8BCE MOV ECX,ESI * 00451395 E8 36F9FFFF CALL .00450CD0 * 0045139A 8945 FC MOV DWORD PTR SS:[EBP-0x4],EAX * 0045139D E9 D5020000 JMP .00451677 * 004513A2 8D55 F4 LEA EDX,DWORD PTR SS:[EBP-0xC] * 004513A5 52 PUSH EDX * 004513A6 51 PUSH ECX * 004513A7 51 PUSH ECX * 004513A8 8BCE MOV ECX,ESI * 004513AA E8 21F8FFFF CALL .00450BD0 * 004513AF 8B86 98000000 MOV EAX,DWORD PTR DS:[ESI+0x98] * 004513B5 8B4D FC MOV ECX,DWORD PTR SS:[EBP-0x4] * 004513B8 8B55 BC MOV EDX,DWORD PTR SS:[EBP-0x44] * 004513BB 8945 08 MOV DWORD PTR SS:[EBP+0x8],EAX * 004513BE 8B86 9C000000 MOV EAX,DWORD PTR DS:[ESI+0x9C] * 004513C4 2B86 B0000000 SUB EAX,DWORD PTR DS:[ESI+0xB0] * 004513CA 894D D8 MOV DWORD PTR SS:[EBP-0x28],ECX * 004513CD 8945 D4 MOV DWORD PTR SS:[EBP-0x2C],EAX * 004513D0 BB 01000000 MOV EBX,0x1 * 004513D5 Hook 47 INC EDI * 004513D6 8955 D0 MOV DWORD PTR SS:[EBP-0x30],EDX * 004513D9 8DA424 00000000 LEA ESP,DWORD PTR SS:[ESP] * 004513E0 0FB607 MOVZX EAX,BYTE PTR DS:[EDI] * 004513E3 50 PUSH EAX * 004513E4 E8 3758FBFF CALL .00406C20 * 004513E9 85C0 TEST EAX,EAX * 004513EB 74 55 JE SHORT .00451442 * 004513ED 66:0FBE4F 01 MOVSX CX,BYTE PTR DS:[EDI+0x1] * 004513F2 66:0FBE07 MOVSX AX,BYTE PTR DS:[EDI] * 004513F6 BA FF000000 MOV EDX,0xFF * 004513FB 66:23CA AND CX,DX * 004513FE 8B96 9C000000 MOV EDX,DWORD PTR DS:[ESI+0x9C] * 00451404 66:C1E0 08 SHL AX,0x8 * 00451408 66:0BC8 OR CX,AX * 0045140B 66:894D AA MOV WORD PTR SS:[EBP-0x56],CX * 0045140F 8B8E 98000000 MOV ECX,DWORD PTR DS:[ESI+0x98] * 00451415 894D B4 MOV DWORD PTR SS:[EBP-0x4C],ECX * 00451418 8D45 DC LEA EAX,DWORD PTR SS:[EBP-0x24] * 0045141B 50 PUSH EAX * 0045141C 8D4D A8 LEA ECX,DWORD PTR SS:[EBP-0x58] * 0045141F 8955 B8 MOV DWORD PTR SS:[EBP-0x48],EDX * 00451422 8B55 E4 MOV EDX,DWORD PTR SS:[EBP-0x1C] * 00451425 51 PUSH ECX * 00451426 52 PUSH EDX * 00451427 8BCE MOV ECX,ESI * 00451429 83C7 02 ADD EDI,0x2 * 0045142C E8 7FEDFFFF CALL .004501B0 * 00451431 8945 F8 MOV DWORD PTR SS:[EBP-0x8],EAX * 00451434 8B46 20 MOV EAX,DWORD PTR DS:[ESI+0x20] * 00451437 0346 1C ADD EAX,DWORD PTR DS:[ESI+0x1C] * 0045143A 0186 98000000 ADD DWORD PTR DS:[ESI+0x98],EAX * 00451440 EB 08 JMP SHORT .0045144A * 00451442 803F 2F CMP BYTE PTR DS:[EDI],0x2F * 00451445 75 02 JNZ SHORT .00451449 * 00451447 33DB XOR EBX,EBX * 00451449 47 INC EDI * 0045144A 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-0x10] * 0045144D 8B55 E8 MOV EDX,DWORD PTR SS:[EBP-0x18] * 00451450 8B45 FC MOV EAX,DWORD PTR SS:[EBP-0x4] * 00451453 51 PUSH ECX * 00451454 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+0xC] * 00451457 52 PUSH EDX * 00451458 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-0x8] * 0045145B 50 PUSH EAX * 0045145C 51 PUSH ECX * 0045145D 52 PUSH EDX * 0045145E 8BCE MOV ECX,ESI * 00451460 E8 6BF8FFFF CALL .00450CD0 * 00451465 8945 FC MOV DWORD PTR SS:[EBP-0x4],EAX * 00451468 85DB TEST EBX,EBX * 0045146A ^0F85 70FFFFFF JNZ .004513E0 * 00451470 399E A4000000 CMP DWORD PTR DS:[ESI+0xA4],EBX * 00451476 0F84 3F010000 JE .004515BB * 0045147C 8BDF MOV EBX,EDI * 0045147E C745 E0 00000000 MOV DWORD PTR SS:[EBP-0x20],0x0 * 00451485 C745 EC 01000000 MOV DWORD PTR SS:[EBP-0x14],0x1 * 0045148C 8D6424 00 LEA ESP,DWORD PTR SS:[ESP] * 00451490 0FB603 MOVZX EAX,BYTE PTR DS:[EBX] * 00451493 50 PUSH EAX * 00451494 E8 8757FBFF CALL .00406C20 * 00451499 85C0 TEST EAX,EAX * 0045149B 74 08 JE SHORT .004514A5 * 0045149D FF45 E0 INC DWORD PTR SS:[EBP-0x20] * 004514A0 83C3 02 ADD EBX,0x2 * 004514A3 EB 0D JMP SHORT .004514B2 * 004514A5 803B 7D CMP BYTE PTR DS:[EBX],0x7D * 004514A8 75 07 JNZ SHORT .004514B1 * 004514AA C745 EC 00000000 MOV DWORD PTR SS:[EBP-0x14],0x0 * 004514B1 43 INC EBX * 004514B2 837D EC 00 CMP DWORD PTR SS:[EBP-0x14],0x0 * 004514B6 ^75 D8 JNZ SHORT .00451490 * 004514B8 8B9E B0000000 MOV EBX,DWORD PTR DS:[ESI+0xB0] * 004514BE 8B4D E0 MOV ECX,DWORD PTR SS:[EBP-0x20] * 004514C1 8B55 08 MOV EDX,DWORD PTR SS:[EBP+0x8] * 004514C4 8BC3 MOV EAX,EBX * 004514C6 0FAFC1 IMUL EAX,ECX * 004514C9 03C9 ADD ECX,ECX * 004514CB 894D E0 MOV DWORD PTR SS:[EBP-0x20],ECX * 004514CE 8B8E 98000000 MOV ECX,DWORD PTR DS:[ESI+0x98] * 004514D4 2BCA SUB ECX,EDX * 004514D6 C1E0 0A SHL EAX,0xA * 004514D9 C1E1 0A SHL ECX,0xA * 004514DC C1E2 0A SHL EDX,0xA * 004514DF 895D BC MOV DWORD PTR SS:[EBP-0x44],EBX * 004514E2 C745 EC 01000000 MOV DWORD PTR SS:[EBP-0x14],0x1 * 004514E9 8955 08 MOV DWORD PTR SS:[EBP+0x8],EDX * 004514EC 3BC1 CMP EAX,ECX * 004514EE 76 0F JBE SHORT .004514FF * 004514F0 2BC1 SUB EAX,ECX * 004514F2 D1E8 SHR EAX,1 * 004514F4 2945 08 SUB DWORD PTR SS:[EBP+0x8],EAX * 004514F7 C1E3 0A SHL EBX,0xA * 004514FA 895D E0 MOV DWORD PTR SS:[EBP-0x20],EBX * 004514FD EB 21 JMP SHORT .00451520 * 004514FF 2BC8 SUB ECX,EAX * 00451501 33D2 XOR EDX,EDX * 00451503 8BC1 MOV EAX,ECX * 00451505 F775 E0 DIV DWORD PTR SS:[EBP-0x20] * 00451508 8B96 B4000000 MOV EDX,DWORD PTR DS:[ESI+0xB4] * 0045150E C1E3 09 SHL EBX,0x9 * 00451511 0145 08 ADD DWORD PTR SS:[EBP+0x8],EAX * 00451514 03D8 ADD EBX,EAX * 00451516 8D045A LEA EAX,DWORD PTR DS:[EDX+EBX*2] * 00451519 8945 E0 MOV DWORD PTR SS:[EBP-0x20],EAX * 0045151C 8D6424 00 LEA ESP,DWORD PTR SS:[ESP] * 00451520 0FB60F MOVZX ECX,BYTE PTR DS:[EDI] * 00451523 51 PUSH ECX * 00451524 E8 F756FBFF CALL .00406C20 * 00451529 85C0 TEST EAX,EAX * 0045152B 74 4E JE SHORT .0045157B * 0045152D 66:0FBE57 01 MOVSX DX,BYTE PTR DS:[EDI+0x1] * 00451532 66:0FBE0F MOVSX CX,BYTE PTR DS:[EDI] * 00451536 8B5D 08 MOV EBX,DWORD PTR SS:[EBP+0x8] * 00451539 B8 FF000000 MOV EAX,0xFF * 0045153E 66:23D0 AND DX,AX * 00451541 8B45 D4 MOV EAX,DWORD PTR SS:[EBP-0x2C] * 00451544 66:C1E1 08 SHL CX,0x8 * 00451548 66:0BD1 OR DX,CX * 0045154B 66:8955 AA MOV WORD PTR SS:[EBP-0x56],DX * 0045154F 8BD3 MOV EDX,EBX * 00451551 C1EA 0A SHR EDX,0xA * 00451554 8D4D DC LEA ECX,DWORD PTR SS:[EBP-0x24] * 00451557 51 PUSH ECX * 00451558 8955 B4 MOV DWORD PTR SS:[EBP-0x4C],EDX * 0045155B 8D55 A8 LEA EDX,DWORD PTR SS:[EBP-0x58] * 0045155E 8945 B8 MOV DWORD PTR SS:[EBP-0x48],EAX * 00451561 8B45 E4 MOV EAX,DWORD PTR SS:[EBP-0x1C] * 00451564 52 PUSH EDX * 00451565 50 PUSH EAX * 00451566 8BCE MOV ECX,ESI * 00451568 83C7 02 ADD EDI,0x2 * 0045156B E8 40ECFFFF CALL .004501B0 * 00451570 035D E0 ADD EBX,DWORD PTR SS:[EBP-0x20] * 00451573 8945 F8 MOV DWORD PTR SS:[EBP-0x8],EAX * 00451576 895D 08 MOV DWORD PTR SS:[EBP+0x8],EBX * 00451579 EB 0D JMP SHORT .00451588 * 0045157B 803F 7D CMP BYTE PTR DS:[EDI],0x7D * 0045157E 75 07 JNZ SHORT .00451587 * 00451580 C745 EC 00000000 MOV DWORD PTR SS:[EBP-0x14],0x0 * 00451587 47 INC EDI * 00451588 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-0x10] * 0045158B 8B55 E8 MOV EDX,DWORD PTR SS:[EBP-0x18] * 0045158E 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-0x28] * 00451591 51 PUSH ECX * 00451592 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+0xC] * 00451595 52 PUSH EDX * 00451596 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-0x8] * 00451599 50 PUSH EAX * 0045159A 51 PUSH ECX * 0045159B 52 PUSH EDX * 0045159C 8BCE MOV ECX,ESI * 0045159E E8 2DF7FFFF CALL .00450CD0 * 004515A3 837D EC 00 CMP DWORD PTR SS:[EBP-0x14],0x0 * 004515A7 8945 D8 MOV DWORD PTR SS:[EBP-0x28],EAX * 004515AA ^0F85 70FFFFFF JNZ .00451520 * 004515B0 8B45 D0 MOV EAX,DWORD PTR SS:[EBP-0x30] * 004515B3 8945 BC MOV DWORD PTR SS:[EBP-0x44],EAX * 004515B6 E9 BC000000 JMP .00451677 * 004515BB BB 01000000 MOV EBX,0x1 * 004515C0 0FB60F MOVZX ECX,BYTE PTR DS:[EDI] * 004515C3 51 PUSH ECX * 004515C4 E8 5756FBFF CALL .00406C20 * 004515C9 85C0 TEST EAX,EAX * 004515CB 74 05 JE SHORT .004515D2 * 004515CD 83C7 02 ADD EDI,0x2 * 004515D0 EB 08 JMP SHORT .004515DA * 004515D2 803F 7D CMP BYTE PTR DS:[EDI],0x7D * 004515D5 75 02 JNZ SHORT .004515D9 * 004515D7 33DB XOR EBX,EBX * 004515D9 47 INC EDI * 004515DA 85DB TEST EBX,EBX * 004515DC ^75 E2 JNZ SHORT .004515C0 * 004515DE E9 94000000 JMP .00451677 * 004515E3 0FBE47 01 MOVSX EAX,BYTE PTR DS:[EDI+0x1] * 004515E7 83C0 9D ADD EAX,-0x63 * 004515EA 83F8 14 CMP EAX,0x14 * 004515ED 0F87 84000000 JA .00451677 * 004515F3 0FB690 B4164500 MOVZX EDX,BYTE PTR DS:[EAX+0x4516B4] * 004515FA FF2495 A0164500 JMP DWORD PTR DS:[EDX*4+0x4516A0] * 00451601 8B46 0C MOV EAX,DWORD PTR DS:[ESI+0xC] * 00451604 8B4E 24 MOV ECX,DWORD PTR DS:[ESI+0x24] * 00451607 034E 1C ADD ECX,DWORD PTR DS:[ESI+0x1C] * 0045160A 8986 98000000 MOV DWORD PTR DS:[ESI+0x98],EAX * 00451610 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-0xC] * 00451613 018E 9C000000 ADD DWORD PTR DS:[ESI+0x9C],ECX * 00451619 8B8E 9C000000 MOV ECX,DWORD PTR DS:[ESI+0x9C] * 0045161F 40 INC EAX * 00451620 83BC86 B8000000 >CMP DWORD PTR DS:[ESI+EAX*4+0xB8],0x0 * 00451628 8945 F4 MOV DWORD PTR SS:[EBP-0xC],EAX * 0045162B 77 09 JA SHORT .00451636 * 0045162D 83BE AC000000 00 CMP DWORD PTR DS:[ESI+0xAC],0x0 * 00451634 74 3E JE SHORT .00451674 * 00451636 8B96 B0000000 MOV EDX,DWORD PTR DS:[ESI+0xB0] * 0045163C 03D1 ADD EDX,ECX * 0045163E 8996 9C000000 MOV DWORD PTR DS:[ESI+0x9C],EDX * 00451644 EB 2E JMP SHORT .00451674 * 00451646 8BCE MOV ECX,ESI * 00451648 E8 53F0FFFF CALL .004506A0 * 0045164D EB 25 JMP SHORT .00451674 * 0045164F 8A47 02 MOV AL,BYTE PTR DS:[EDI+0x2] * 00451652 3C 63 CMP AL,0x63 * 00451654 74 0C JE SHORT .00451662 * 00451656 3C 73 CMP AL,0x73 * 00451658 75 12 JNZ SHORT .0045166C * 0045165A 894D E8 MOV DWORD PTR SS:[EBP-0x18],ECX * 0045165D 83C7 03 ADD EDI,0x3 * 00451660 EB 15 JMP SHORT .00451677 * 00451662 C745 E8 01000000 MOV DWORD PTR SS:[EBP-0x18],0x1 * 00451669 894D FC MOV DWORD PTR SS:[EBP-0x4],ECX * 0045166C 83C7 03 ADD EDI,0x3 * 0045166F EB 06 JMP SHORT .00451677 * 00451671 894D FC MOV DWORD PTR SS:[EBP-0x4],ECX * 00451674 83C7 02 ADD EDI,0x2 * 00451677 803F 00 CMP BYTE PTR DS:[EDI],0x0 * 0045167A ^0F85 A8FBFFFF JNZ .00451228 * 00451680 8B45 E4 MOV EAX,DWORD PTR SS:[EBP-0x1C] * 00451683 8B8E 58010000 MOV ECX,DWORD PTR DS:[ESI+0x158] * 00451689 50 PUSH EAX * 0045168A 51 PUSH ECX * 0045168B FF15 C4735400 CALL DWORD PTR DS:[0x5473C4] ; user32.ReleaseDC * 00451691 5F POP EDI * 00451692 5E POP ESI * 00451693 B8 01000000 MOV EAX,0x1 * 00451698 5B POP EBX * 00451699 8BE5 MOV ESP,EBP * 0045169B 5D POP EBP * 0045169C C2 0800 RETN 0x8 * 0045169F 90 NOP * 004516A0 46 INC ESI * 004516A1 16 PUSH SS * 004516A2 45 INC EBP * 004516A3 0001 ADD BYTE PTR DS:[ECX],AL * 004516A5 16 PUSH SS * 004516A6 45 INC EBP * 004516A7 0071 16 ADD BYTE PTR DS:[ECX+0x16],DH * 004516AA 45 INC EBP * 004516AB 004F 16 ADD BYTE PTR DS:[EDI+0x16],CL * 004516AE 45 INC EBP * 004516AF 0077 16 ADD BYTE PTR DS:[EDI+0x16],DH * 004516B2 45 INC EBP * 004516B3 0000 ADD BYTE PTR DS:[EAX],AL * 004516B5 04 04 ADD AL,0x4 * 004516B7 04 04 ADD AL,0x4 * 004516B9 04 04 ADD AL,0x4 * 004516BB 04 04 ADD AL,0x4 * 004516BD 04 04 ADD AL,0x4 * 004516BF 010404 ADD DWORD PTR SS:[ESP+EAX],EAX * 004516C2 04 04 ADD AL,0x4 * 004516C4 04 02 ADD AL,0x2 * 004516C6 04 04 ADD AL,0x4 * 004516C8 03CC ADD ECX,ESP * 004516CA CC INT3 * 004516CB CC INT3 * 004516CC CC INT3 * 004516CD CC INT3 * 004516CE CC INT3 * * EAX 080E2FFA * ECX 015A74A0 * EDX 0012FDB4 * EBX 015A78D8 * ESP 0012FD98 * EBP 0012FDCC * ESI 014F05E8 * EDI 01504BD0 * EIP 00451120 .00451120 * * 0012FD98 00452439 RETURN to .00452439 from .00451120 * 0012FD9C 080E2FFA ; jichi: text here * 0012FDA0 0012FDB4 * 0012FDA4 00002004 * 0012FDA8 014F05E8 * 0012FDAC 00000000 * 0012FDB0 00000000 * 0012FDB4 00000002 * 0012FDB8 00000001 * 0012FDBC 00000001 * 0012FDC0 00000001 * 0012FDC4 00000000 * * Sample game: 未来ノスタルジア (CMVS1) * 004425DC CC INT3 * 004425DD CC INT3 * 004425DE CC INT3 * 004425DF CC INT3 * 004425E0 83EC 58 SUB ESP,0x58 * 004425E3 53 PUSH EBX * 004425E4 55 PUSH EBP * 004425E5 56 PUSH ESI * 004425E6 8BF1 MOV ESI,ECX * 004425E8 8B86 58010000 MOV EAX,DWORD PTR DS:[ESI+0x158] * 004425EE 57 PUSH EDI * 004425EF 8B7C24 6C MOV EDI,DWORD PTR SS:[ESP+0x6C] * 004425F3 33ED XOR EBP,EBP * 004425F5 50 PUSH EAX * 004425F6 896C24 70 MOV DWORD PTR SS:[ESP+0x70],EBP * 004425FA 896C24 18 MOV DWORD PTR SS:[ESP+0x18],EBP * 004425FE Hook 896C24 24 MOV DWORD PTR SS:[ESP+0x24],EBP * 00442602 FF15 D8335200 CALL DWORD PTR DS:[0x5233D8] ; user32.GetDC * 00442608 68 80000000 PUSH 0x80 * 0044260D 8D9E B8000000 LEA EBX,DWORD PTR DS:[ESI+0xB8] * 00442613 55 PUSH EBP * 00442614 53 PUSH EBX * 00442615 894424 30 MOV DWORD PTR SS:[ESP+0x30],EAX * 00442619 E8 82340C00 CALL .00505AA0 * 0044261E 83C4 0C ADD ESP,0xC * 00442621 39AE A4000000 CMP DWORD PTR DS:[ESI+0xA4],EBP * 00442627 74 23 JE SHORT .0044264C * 00442629 55 PUSH EBP * 0044262A 55 PUSH EBP * 0044262B 53 PUSH EBX * 0044262C 57 PUSH EDI * 0044262D 8BCE MOV ECX,ESI * 0044262F E8 FCF7FFFF CALL .00441E30 * 00442634 392B CMP DWORD PTR DS:[EBX],EBP * 00442636 77 08 JA SHORT .00442640 * 00442638 39AE AC000000 CMP DWORD PTR DS:[ESI+0xAC],EBP * 0044263E 74 0C JE SHORT .0044264C * 00442640 8B8E B0000000 MOV ECX,DWORD PTR DS:[ESI+0xB0] * 00442646 018E 9C000000 ADD DWORD PTR DS:[ESI+0x9C],ECX * 0044264C 8B46 7C MOV EAX,DWORD PTR DS:[ESI+0x7C] * 0044264F 8B4E 70 MOV ECX,DWORD PTR DS:[ESI+0x70] * 00442652 894424 64 MOV DWORD PTR SS:[ESP+0x64],EAX * 00442656 8B46 1C MOV EAX,DWORD PTR DS:[ESI+0x1C] * 00442659 BA 28000000 MOV EDX,0x28 * 0044265E 894424 54 MOV DWORD PTR SS:[ESP+0x54],EAX * 00442662 8B86 80000000 MOV EAX,DWORD PTR DS:[ESI+0x80] * 00442668 83E8 01 SUB EAX,0x1 * 0044266B 66:895424 40 MOV WORD PTR SS:[ESP+0x40],DX * 00442670 8B56 74 MOV EDX,DWORD PTR DS:[ESI+0x74] * 00442673 894C24 58 MOV DWORD PTR SS:[ESP+0x58],ECX * 00442677 895424 5C MOV DWORD PTR SS:[ESP+0x5C],EDX * 0044267B 896C24 48 MOV DWORD PTR SS:[ESP+0x48],EBP * 0044267F 74 1E JE SHORT .0044269F * 00442681 83E8 01 SUB EAX,0x1 * 00442684 74 0F JE SHORT .00442695 * 00442686 83E8 01 SUB EAX,0x1 * 00442689 75 1C JNZ SHORT .004426A7 * 0044268B C74424 48 030000>MOV DWORD PTR SS:[ESP+0x48],0x3 * 00442693 EB 12 JMP SHORT .004426A7 * 00442695 C74424 48 020000>MOV DWORD PTR SS:[ESP+0x48],0x2 * 0044269D EB 08 JMP SHORT .004426A7 * 0044269F C74424 48 010000>MOV DWORD PTR SS:[ESP+0x48],0x1 * 004426A7 8B6C24 70 MOV EBP,DWORD PTR SS:[ESP+0x70] * 004426AB 33DB XOR EBX,EBX * 004426AD 3BEB CMP EBP,EBX * 004426AF 74 25 JE SHORT .004426D6 * 004426B1 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+0xC] * 004426B4 894C24 60 MOV DWORD PTR SS:[ESP+0x60],ECX * 004426B8 395D 10 CMP DWORD PTR SS:[EBP+0x10],EBX * 004426BB 74 06 JE SHORT .004426C3 * 004426BD 895C24 18 MOV DWORD PTR SS:[ESP+0x18],EBX * 004426C1 EB 30 JMP SHORT .004426F3 * 004426C3 8B96 8C000000 MOV EDX,DWORD PTR DS:[ESI+0x8C] * 004426C9 0FAF55 00 IMUL EDX,DWORD PTR SS:[EBP] * 004426CD B8 CDCCCCCC MOV EAX,0xCCCCCCCD * 004426D2 F7E2 MUL EDX * 004426D4 EB 16 JMP SHORT .004426EC * 004426D6 8B46 78 MOV EAX,DWORD PTR DS:[ESI+0x78] * 004426D9 8B8E 8C000000 MOV ECX,DWORD PTR DS:[ESI+0x8C] * 004426DF 894424 60 MOV DWORD PTR SS:[ESP+0x60],EAX * 004426E3 03C9 ADD ECX,ECX * 004426E5 B8 CDCCCCCC MOV EAX,0xCCCCCCCD * 004426EA F7E1 MUL ECX * 004426EC C1EA 03 SHR EDX,0x3 * 004426EF 895424 18 MOV DWORD PTR SS:[ESP+0x18],EDX * 004426F3 381F CMP BYTE PTR DS:[EDI],BL * 004426F5 0F84 79040000 JE .00442B74 * 004426FB EB 05 JMP SHORT .00442702 * 004426FD 8D49 00 LEA ECX,DWORD PTR DS:[ECX] * 00442700 33DB XOR EBX,EBX * 00442702 0FB607 MOVZX EAX,BYTE PTR DS:[EDI] * 00442705 3C 5C CMP AL,0x5C * 00442707 0F84 C6030000 JE .00442AD3 * 0044270D 3C 7B CMP AL,0x7B * 0044270F 0F84 70010000 JE .00442885 * 00442715 50 PUSH EAX * 00442716 E8 A50EFCFF CALL .004035C0 * 0044271B 85C0 TEST EAX,EAX * 0044271D 0F84 A8000000 JE .004427CB * 00442723 66:0FBE47 01 MOVSX AX,BYTE PTR DS:[EDI+0x1] * 00442728 66:0FBE0F MOVSX CX,BYTE PTR DS:[EDI] * 0044272C BA FF000000 MOV EDX,0xFF * 00442731 66:23C2 AND AX,DX * 00442734 66:C1E1 08 SHL CX,0x8 * 00442738 66:0BC1 OR AX,CX * 0044273B BA 4A810000 MOV EDX,0x814A * 00442740 83C7 02 ADD EDI,0x2 * 00442743 66:894424 42 MOV WORD PTR SS:[ESP+0x42],AX * 00442748 66:3BC2 CMP AX,DX * 0044274B 75 05 JNZ SHORT .00442752 * 0044274D BB 01000000 MOV EBX,0x1 * 00442752 8B4C24 42 MOV ECX,DWORD PTR SS:[ESP+0x42] * 00442756 8D4424 14 LEA EAX,DWORD PTR SS:[ESP+0x14] * 0044275A 50 PUSH EAX * 0044275B 51 PUSH ECX * 0044275C 6A 00 PUSH 0x0 * 0044275E 8BCE MOV ECX,ESI * 00442760 E8 1BF9FFFF CALL .00442080 * 00442765 8B96 98000000 MOV EDX,DWORD PTR DS:[ESI+0x98] * 0044276B 8B86 9C000000 MOV EAX,DWORD PTR DS:[ESI+0x9C] * 00442771 895424 4C MOV DWORD PTR SS:[ESP+0x4C],EDX * 00442775 894424 50 MOV DWORD PTR SS:[ESP+0x50],EAX * 00442779 85DB TEST EBX,EBX * 0044277B 74 0F JE SHORT .0044278C * 0044277D B8 CDCCCCCC MOV EAX,0xCCCCCCCD * 00442782 F766 1C MUL DWORD PTR DS:[ESI+0x1C] * 00442785 C1EA 02 SHR EDX,0x2 * 00442788 295424 4C SUB DWORD PTR SS:[ESP+0x4C],EDX * 0044278C 8B4424 24 MOV EAX,DWORD PTR SS:[ESP+0x24] * 00442790 8D4C24 28 LEA ECX,DWORD PTR SS:[ESP+0x28] * 00442794 51 PUSH ECX * 00442795 8D5424 44 LEA EDX,DWORD PTR SS:[ESP+0x44] * 00442799 52 PUSH EDX * 0044279A 50 PUSH EAX * 0044279B 8BCE MOV ECX,ESI * 0044279D E8 0EEFFFFF CALL .004416B0 * 004427A2 894424 10 MOV DWORD PTR SS:[ESP+0x10],EAX * 004427A6 85DB TEST EBX,EBX * 004427A8 75 0B JNZ SHORT .004427B5 * 004427AA 8B4E 20 MOV ECX,DWORD PTR DS:[ESI+0x20] * 004427AD 034E 1C ADD ECX,DWORD PTR DS:[ESI+0x1C] * 004427B0 E9 A5000000 JMP .0044285A * 004427B5 8B4E 1C MOV ECX,DWORD PTR DS:[ESI+0x1C] * 004427B8 B8 CDCCCCCC MOV EAX,0xCCCCCCCD * 004427BD F7E1 MUL ECX * 004427BF C1EA 02 SHR EDX,0x2 * 004427C2 D1E9 SHR ECX,1 * 004427C4 2BCA SUB ECX,EDX * 004427C6 E9 8C000000 JMP .00442857 * 004427CB Hook 66:0FBE17 MOVSX DX,BYTE PTR DS:[EDI] * 004427CF 8B46 1C MOV EAX,DWORD PTR DS:[ESI+0x1C] * 004427D2 8B4E 0C MOV ECX,DWORD PTR DS:[ESI+0xC] * 004427D5 66:895424 42 MOV WORD PTR SS:[ESP+0x42],DX * 004427DA 8B56 14 MOV EDX,DWORD PTR DS:[ESI+0x14] * 004427DD 2BD0 SUB EDX,EAX * 004427DF 2B56 20 SUB EDX,DWORD PTR DS:[ESI+0x20] * 004427E2 47 INC EDI * 004427E3 03D1 ADD EDX,ECX * 004427E5 3996 98000000 CMP DWORD PTR DS:[ESI+0x98],EDX * 004427EB 72 37 JB SHORT .00442824 * 004427ED 8B5424 14 MOV EDX,DWORD PTR SS:[ESP+0x14] * 004427F1 42 INC EDX * 004427F2 895424 14 MOV DWORD PTR SS:[ESP+0x14],EDX * 004427F6 399C96 B8000000 CMP DWORD PTR DS:[ESI+EDX*4+0xB8],EBX * 004427FD 77 08 JA SHORT .00442807 * 004427FF 399E AC000000 CMP DWORD PTR DS:[ESI+0xAC],EBX * 00442805 74 0C JE SHORT .00442813 * 00442807 8B96 B0000000 MOV EDX,DWORD PTR DS:[ESI+0xB0] * 0044280D 0196 9C000000 ADD DWORD PTR DS:[ESI+0x9C],EDX * 00442813 898E 98000000 MOV DWORD PTR DS:[ESI+0x98],ECX * 00442819 8B4E 24 MOV ECX,DWORD PTR DS:[ESI+0x24] * 0044281C 03C8 ADD ECX,EAX * 0044281E 018E 9C000000 ADD DWORD PTR DS:[ESI+0x9C],ECX * 00442824 8B96 98000000 MOV EDX,DWORD PTR DS:[ESI+0x98] * 0044282A 8B86 9C000000 MOV EAX,DWORD PTR DS:[ESI+0x9C] * 00442830 8D4C24 28 LEA ECX,DWORD PTR SS:[ESP+0x28] * 00442834 51 PUSH ECX * 00442835 895424 50 MOV DWORD PTR SS:[ESP+0x50],EDX * 00442839 8D5424 44 LEA EDX,DWORD PTR SS:[ESP+0x44] * 0044283D 894424 54 MOV DWORD PTR SS:[ESP+0x54],EAX * 00442841 8B4424 28 MOV EAX,DWORD PTR SS:[ESP+0x28] * 00442845 52 PUSH EDX * 00442846 50 PUSH EAX * 00442847 8BCE MOV ECX,ESI * 00442849 E8 62EEFFFF CALL .004416B0 * 0044284E 8B4E 1C MOV ECX,DWORD PTR DS:[ESI+0x1C] * 00442851 894424 10 MOV DWORD PTR SS:[ESP+0x10],EAX * 00442855 D1E9 SHR ECX,1 * 00442857 034E 20 ADD ECX,DWORD PTR DS:[ESI+0x20] * 0044285A 8B5424 18 MOV EDX,DWORD PTR SS:[ESP+0x18] * 0044285E 018E 98000000 ADD DWORD PTR DS:[ESI+0x98],ECX * 00442864 8B4424 20 MOV EAX,DWORD PTR SS:[ESP+0x20] * 00442868 8B4C24 6C MOV ECX,DWORD PTR SS:[ESP+0x6C] * 0044286C 52 PUSH EDX * 0044286D 8B5424 14 MOV EDX,DWORD PTR SS:[ESP+0x14] * 00442871 50 PUSH EAX * 00442872 51 PUSH ECX * 00442873 55 PUSH EBP * 00442874 52 PUSH EDX * 00442875 8BCE MOV ECX,ESI * 00442877 E8 F4F8FFFF CALL .00442170 * 0044287C 894424 6C MOV DWORD PTR SS:[ESP+0x6C],EAX * 00442880 E9 E6020000 JMP .00442B6B * 00442885 8D4424 14 LEA EAX,DWORD PTR SS:[ESP+0x14] * 00442889 50 PUSH EAX * 0044288A 53 PUSH EBX * 0044288B 53 PUSH EBX * 0044288C 8BCE MOV ECX,ESI * 0044288E E8 EDF7FFFF CALL .00442080 * 00442893 8B86 9C000000 MOV EAX,DWORD PTR DS:[ESI+0x9C] * 00442899 2B86 B0000000 SUB EAX,DWORD PTR DS:[ESI+0xB0] * 0044289F 8B8E 98000000 MOV ECX,DWORD PTR DS:[ESI+0x98] * 004428A5 8B5424 6C MOV EDX,DWORD PTR SS:[ESP+0x6C] * 004428A9 894424 38 MOV DWORD PTR SS:[ESP+0x38],EAX * 004428AD 8B4424 54 MOV EAX,DWORD PTR SS:[ESP+0x54] * 004428B1 894C24 30 MOV DWORD PTR SS:[ESP+0x30],ECX * 004428B5 895424 2C MOV DWORD PTR SS:[ESP+0x2C],EDX * 004428B9 BB 01000000 MOV EBX,0x1 * 004428BE 47 INC EDI * 004428BF 894424 3C MOV DWORD PTR SS:[ESP+0x3C],EAX * 004428C3 0FB60F MOVZX ECX,BYTE PTR DS:[EDI] * 004428C6 51 PUSH ECX * 004428C7 E8 F40CFCFF CALL .004035C0 * 004428CC 85C0 TEST EAX,EAX * 004428CE 74 5C JE SHORT .0044292C * 004428D0 66:0FBE57 01 MOVSX DX,BYTE PTR DS:[EDI+0x1] * 004428D5 66:0FBE0F MOVSX CX,BYTE PTR DS:[EDI] * 004428D9 B8 FF000000 MOV EAX,0xFF * 004428DE 66:23D0 AND DX,AX * 004428E1 8B86 9C000000 MOV EAX,DWORD PTR DS:[ESI+0x9C] * 004428E7 66:C1E1 08 SHL CX,0x8 * 004428EB 66:0BD1 OR DX,CX * 004428EE 66:895424 42 MOV WORD PTR SS:[ESP+0x42],DX * 004428F3 8B96 98000000 MOV EDX,DWORD PTR DS:[ESI+0x98] * 004428F9 8D4C24 28 LEA ECX,DWORD PTR SS:[ESP+0x28] * 004428FD 51 PUSH ECX * 004428FE 895424 50 MOV DWORD PTR SS:[ESP+0x50],EDX * 00442902 8D5424 44 LEA EDX,DWORD PTR SS:[ESP+0x44] * 00442906 894424 54 MOV DWORD PTR SS:[ESP+0x54],EAX * 0044290A 8B4424 28 MOV EAX,DWORD PTR SS:[ESP+0x28] * 0044290E 52 PUSH EDX * 0044290F 50 PUSH EAX * 00442910 8BCE MOV ECX,ESI * 00442912 83C7 02 ADD EDI,0x2 * 00442915 E8 96EDFFFF CALL .004416B0 * 0044291A 8B4E 20 MOV ECX,DWORD PTR DS:[ESI+0x20] * 0044291D 034E 1C ADD ECX,DWORD PTR DS:[ESI+0x1C] * 00442920 894424 10 MOV DWORD PTR SS:[ESP+0x10],EAX * 00442924 018E 98000000 ADD DWORD PTR DS:[ESI+0x98],ECX * 0044292A EB 08 JMP SHORT .00442934 * 0044292C 803F 2F CMP BYTE PTR DS:[EDI],0x2F * 0044292F 75 02 JNZ SHORT .00442933 * 00442931 33DB XOR EBX,EBX * 00442933 47 INC EDI * 00442934 8B5424 18 MOV EDX,DWORD PTR SS:[ESP+0x18] * 00442938 8B4424 20 MOV EAX,DWORD PTR SS:[ESP+0x20] * 0044293C 8B4C24 6C MOV ECX,DWORD PTR SS:[ESP+0x6C] * 00442940 52 PUSH EDX * 00442941 8B5424 14 MOV EDX,DWORD PTR SS:[ESP+0x14] * 00442945 50 PUSH EAX * 00442946 51 PUSH ECX * 00442947 55 PUSH EBP * 00442948 52 PUSH EDX * 00442949 8BCE MOV ECX,ESI * 0044294B E8 20F8FFFF CALL .00442170 * 00442950 894424 6C MOV DWORD PTR SS:[ESP+0x6C],EAX * 00442954 85DB TEST EBX,EBX * 00442956 ^0F85 67FFFFFF JNZ .004428C3 * 0044295C 399E A4000000 CMP DWORD PTR DS:[ESI+0xA4],EBX * 00442962 0F84 42010000 JE .00442AAA * 00442968 8BDF MOV EBX,EDI * 0044296A 33ED XOR EBP,EBP * 0044296C C74424 1C 010000>MOV DWORD PTR SS:[ESP+0x1C],0x1 * 00442974 0FB603 MOVZX EAX,BYTE PTR DS:[EBX] * 00442977 50 PUSH EAX * 00442978 E8 430CFCFF CALL .004035C0 * 0044297D 85C0 TEST EAX,EAX * 0044297F 74 06 JE SHORT .00442987 * 00442981 45 INC EBP * 00442982 83C3 02 ADD EBX,0x2 * 00442985 EB 0E JMP SHORT .00442995 * 00442987 803B 7D CMP BYTE PTR DS:[EBX],0x7D * 0044298A 75 08 JNZ SHORT .00442994 * 0044298C C74424 1C 000000>MOV DWORD PTR SS:[ESP+0x1C],0x0 * 00442994 43 INC EBX * 00442995 837C24 1C 00 CMP DWORD PTR SS:[ESP+0x1C],0x0 * 0044299A ^75 D8 JNZ SHORT .00442974 * 0044299C 8B9E B0000000 MOV EBX,DWORD PTR DS:[ESI+0xB0] * 004429A2 8BC3 MOV EAX,EBX * 004429A4 0FAFC5 IMUL EAX,EBP * 004429A7 8D4C2D 00 LEA ECX,DWORD PTR SS:[EBP+EBP] * 004429AB 8B6C24 30 MOV EBP,DWORD PTR SS:[ESP+0x30] * 004429AF 894C24 34 MOV DWORD PTR SS:[ESP+0x34],ECX * 004429B3 8B8E 98000000 MOV ECX,DWORD PTR DS:[ESI+0x98] * 004429B9 2BCD SUB ECX,EBP * 004429BB C1E0 0A SHL EAX,0xA * 004429BE C1E1 0A SHL ECX,0xA * 004429C1 C1E5 0A SHL EBP,0xA * 004429C4 895C24 54 MOV DWORD PTR SS:[ESP+0x54],EBX * 004429C8 C74424 1C 010000>MOV DWORD PTR SS:[ESP+0x1C],0x1 * 004429D0 3BC1 CMP EAX,ECX * 004429D2 76 0B JBE SHORT .004429DF * 004429D4 2BC1 SUB EAX,ECX * 004429D6 D1E8 SHR EAX,1 * 004429D8 2BE8 SUB EBP,EAX * 004429DA C1E3 0A SHL EBX,0xA * 004429DD EB 21 JMP SHORT .00442A00 * 004429DF 2BC8 SUB ECX,EAX * 004429E1 33D2 XOR EDX,EDX * 004429E3 8BC1 MOV EAX,ECX * 004429E5 F77424 34 DIV DWORD PTR SS:[ESP+0x34] * 004429E9 8B96 B4000000 MOV EDX,DWORD PTR DS:[ESI+0xB4] * 004429EF C1E3 09 SHL EBX,0x9 * 004429F2 03E8 ADD EBP,EAX * 004429F4 03D8 ADD EBX,EAX * 004429F6 8D1C5A LEA EBX,DWORD PTR DS:[EDX+EBX*2] * 004429F9 8DA424 00000000 LEA ESP,DWORD PTR SS:[ESP] * 00442A00 0FB607 MOVZX EAX,BYTE PTR DS:[EDI] * 00442A03 50 PUSH EAX * 00442A04 E8 B70BFCFF CALL .004035C0 * 00442A09 85C0 TEST EAX,EAX * 00442A0B 74 4F JE SHORT .00442A5C * 00442A0D 66:0FBE4F 01 MOVSX CX,BYTE PTR DS:[EDI+0x1] * 00442A12 66:0FBE07 MOVSX AX,BYTE PTR DS:[EDI] * 00442A16 BA FF000000 MOV EDX,0xFF * 00442A1B 66:23CA AND CX,DX * 00442A1E 8B5424 38 MOV EDX,DWORD PTR SS:[ESP+0x38] * 00442A22 66:C1E0 08 SHL AX,0x8 * 00442A26 66:0BC8 OR CX,AX * 00442A29 66:894C24 42 MOV WORD PTR SS:[ESP+0x42],CX * 00442A2E 8BCD MOV ECX,EBP * 00442A30 C1E9 0A SHR ECX,0xA * 00442A33 894C24 4C MOV DWORD PTR SS:[ESP+0x4C],ECX * 00442A37 8D4424 28 LEA EAX,DWORD PTR SS:[ESP+0x28] * 00442A3B 50 PUSH EAX * 00442A3C 8D4C24 44 LEA ECX,DWORD PTR SS:[ESP+0x44] * 00442A40 895424 54 MOV DWORD PTR SS:[ESP+0x54],EDX * 00442A44 8B5424 28 MOV EDX,DWORD PTR SS:[ESP+0x28] * 00442A48 51 PUSH ECX * 00442A49 52 PUSH EDX * 00442A4A 8BCE MOV ECX,ESI * 00442A4C 83C7 02 ADD EDI,0x2 * 00442A4F E8 5CECFFFF CALL .004416B0 * 00442A54 894424 10 MOV DWORD PTR SS:[ESP+0x10],EAX * 00442A58 03EB ADD EBP,EBX * 00442A5A EB 0E JMP SHORT .00442A6A * 00442A5C 803F 7D CMP BYTE PTR DS:[EDI],0x7D * 00442A5F 75 08 JNZ SHORT .00442A69 * 00442A61 C74424 1C 000000>MOV DWORD PTR SS:[ESP+0x1C],0x0 * 00442A69 47 INC EDI * 00442A6A 8B4424 18 MOV EAX,DWORD PTR SS:[ESP+0x18] * 00442A6E 8B4C24 20 MOV ECX,DWORD PTR SS:[ESP+0x20] * 00442A72 8B5424 2C MOV EDX,DWORD PTR SS:[ESP+0x2C] * 00442A76 50 PUSH EAX * 00442A77 8B4424 74 MOV EAX,DWORD PTR SS:[ESP+0x74] * 00442A7B 51 PUSH ECX * 00442A7C 8B4C24 18 MOV ECX,DWORD PTR SS:[ESP+0x18] * 00442A80 52 PUSH EDX * 00442A81 50 PUSH EAX * 00442A82 51 PUSH ECX * 00442A83 8BCE MOV ECX,ESI * 00442A85 E8 E6F6FFFF CALL .00442170 * 00442A8A 837C24 1C 00 CMP DWORD PTR SS:[ESP+0x1C],0x0 * 00442A8F 894424 2C MOV DWORD PTR SS:[ESP+0x2C],EAX * 00442A93 ^0F85 67FFFFFF JNZ .00442A00 * 00442A99 8B5424 3C MOV EDX,DWORD PTR SS:[ESP+0x3C] * 00442A9D 8B6C24 70 MOV EBP,DWORD PTR SS:[ESP+0x70] * 00442AA1 895424 54 MOV DWORD PTR SS:[ESP+0x54],EDX * 00442AA5 E9 C1000000 JMP .00442B6B * 00442AAA BB 01000000 MOV EBX,0x1 * 00442AAF 90 NOP * 00442AB0 0FB607 MOVZX EAX,BYTE PTR DS:[EDI] * 00442AB3 50 PUSH EAX * 00442AB4 E8 070BFCFF CALL .004035C0 * 00442AB9 85C0 TEST EAX,EAX * 00442ABB 74 05 JE SHORT .00442AC2 * 00442ABD 83C7 02 ADD EDI,0x2 * 00442AC0 EB 08 JMP SHORT .00442ACA * 00442AC2 803F 7D CMP BYTE PTR DS:[EDI],0x7D * 00442AC5 75 02 JNZ SHORT .00442AC9 * 00442AC7 33DB XOR EBX,EBX * 00442AC9 47 INC EDI * 00442ACA 85DB TEST EBX,EBX * 00442ACC ^75 E2 JNZ SHORT .00442AB0 * 00442ACE E9 98000000 JMP .00442B6B * 00442AD3 0FBE47 01 MOVSX EAX,BYTE PTR DS:[EDI+0x1] * 00442AD7 83C0 9D ADD EAX,-0x63 * 00442ADA 83F8 14 CMP EAX,0x14 * 00442ADD 0F87 88000000 JA .00442B6B * 00442AE3 0FB688 AC2B4400 MOVZX ECX,BYTE PTR DS:[EAX+0x442BAC] * 00442AEA FF248D 982B4400 JMP DWORD PTR DS:[ECX*4+0x442B98] * 00442AF1 8B46 24 MOV EAX,DWORD PTR DS:[ESI+0x24] * 00442AF4 0346 1C ADD EAX,DWORD PTR DS:[ESI+0x1C] * 00442AF7 8B4C24 14 MOV ECX,DWORD PTR SS:[ESP+0x14] * 00442AFB 8B56 0C MOV EDX,DWORD PTR DS:[ESI+0xC] * 00442AFE 0186 9C000000 ADD DWORD PTR DS:[ESI+0x9C],EAX * 00442B04 8B86 9C000000 MOV EAX,DWORD PTR DS:[ESI+0x9C] * 00442B0A 41 INC ECX * 00442B0B 8996 98000000 MOV DWORD PTR DS:[ESI+0x98],EDX * 00442B11 894C24 14 MOV DWORD PTR SS:[ESP+0x14],ECX * 00442B15 399C8E B8000000 CMP DWORD PTR DS:[ESI+ECX*4+0xB8],EBX * 00442B1C 77 08 JA SHORT .00442B26 * 00442B1E 399E AC000000 CMP DWORD PTR DS:[ESI+0xAC],EBX * 00442B24 74 42 JE SHORT .00442B68 * 00442B26 8B8E B0000000 MOV ECX,DWORD PTR DS:[ESI+0xB0] * 00442B2C 03C8 ADD ECX,EAX * 00442B2E 898E 9C000000 MOV DWORD PTR DS:[ESI+0x9C],ECX * 00442B34 EB 32 JMP SHORT .00442B68 * 00442B36 8BCE MOV ECX,ESI * 00442B38 E8 03F0FFFF CALL .00441B40 * 00442B3D EB 29 JMP SHORT .00442B68 * 00442B3F 8A47 02 MOV AL,BYTE PTR DS:[EDI+0x2] * 00442B42 3C 63 CMP AL,0x63 * 00442B44 74 0D JE SHORT .00442B53 * 00442B46 3C 73 CMP AL,0x73 * 00442B48 75 15 JNZ SHORT .00442B5F * 00442B4A 895C24 20 MOV DWORD PTR SS:[ESP+0x20],EBX * 00442B4E 83C7 03 ADD EDI,0x3 * 00442B51 EB 18 JMP SHORT .00442B6B * 00442B53 C74424 20 010000>MOV DWORD PTR SS:[ESP+0x20],0x1 * 00442B5B 895C24 6C MOV DWORD PTR SS:[ESP+0x6C],EBX * 00442B5F 83C7 03 ADD EDI,0x3 * 00442B62 EB 07 JMP SHORT .00442B6B * 00442B64 895C24 6C MOV DWORD PTR SS:[ESP+0x6C],EBX * 00442B68 83C7 02 ADD EDI,0x2 * 00442B6B 803F 00 CMP BYTE PTR DS:[EDI],0x0 * 00442B6E ^0F85 8CFBFFFF JNZ .00442700 * 00442B74 8B5424 24 MOV EDX,DWORD PTR SS:[ESP+0x24] * 00442B78 8B86 58010000 MOV EAX,DWORD PTR DS:[ESI+0x158] * 00442B7E 52 PUSH EDX * 00442B7F 50 PUSH EAX * 00442B80 FF15 DC335200 CALL DWORD PTR DS:[0x5233DC] ; user32.ReleaseDC * 00442B86 5F POP EDI * 00442B87 5E POP ESI * 00442B88 5D POP EBP * 00442B89 B8 01000000 MOV EAX,0x1 * 00442B8E 5B POP EBX * 00442B8F 83C4 58 ADD ESP,0x58 * 00442B92 C2 0800 RETN 0x8 * 00442B95 8D49 00 LEA ECX,DWORD PTR DS:[ECX] * 00442B98 36:2B4400 F1 SUB EAX,DWORD PTR SS:[EAX+EAX-0xF] * 00442B9D 2A4400 64 SUB AL,BYTE PTR DS:[EAX+EAX+0x64] * 00442BA1 2B4400 3F SUB EAX,DWORD PTR DS:[EAX+EAX+0x3F] * 00442BA5 2B4400 6B SUB EAX,DWORD PTR DS:[EAX+EAX+0x6B] * 00442BA9 2B4400 00 SUB EAX,DWORD PTR DS:[EAX+EAX] * 00442BAD 04 04 ADD AL,0x4 * 00442BAF 04 04 ADD AL,0x4 * 00442BB1 04 04 ADD AL,0x4 * 00442BB3 04 04 ADD AL,0x4 * 00442BB5 04 04 ADD AL,0x4 * 00442BB7 010404 ADD DWORD PTR SS:[ESP+EAX],EAX * 00442BBA 04 04 ADD AL,0x4 * 00442BBC 04 02 ADD AL,0x2 * 00442BBE 04 04 ADD AL,0x4 * 00442BC0 03CC ADD ECX,ESP * 00442BC2 CC INT3 * 00442BC3 CC INT3 * 00442BC4 CC INT3 * 00442BC5 CC INT3 * 00442BC6 CC INT3 * 00442BC7 CC INT3 * 00442BC8 CC INT3 * 00442BC9 CC INT3 * 00442BCA CC INT3 */ namespace{ bool attach(const uint8_t pattern[],int patternSize,DWORD startAddress,DWORD stopAddress){ ULONG addr = MemDbg::findBytes(pattern, patternSize, startAddress, stopAddress); if(addr==0)return false; addr = MemDbg::findEnclosingAlignedFunction_strict(addr); if(addr==0)return false; HookParam hp; hp.address = addr ; hp.offset=get_stack(1); hp.type=EMBED_ABLE|USING_STRING|EMBED_BEFORE_SIMPLE|EMBED_AFTER_NEW|EMBED_DYNA_SJIS; hp.hook_font=F_GetGlyphOutlineA; hp.filter_fun=[](void* data, size_t* len, HookParam* hp){ auto text = reinterpret_cast(data); std::string str = text; str = str.substr(0, *len); std::regex reg1("\\{(.*?)/(.*?)\\}"); std::string result1 = std::regex_replace(str, reg1, "$1"); return write_string_overwrite(text,len,result1); }; return NewHook(hp, "EmbedCMVS"); };} bool attachScenarioHook(ULONG startAddress, ULONG stopAddress) { // This pattern is selected by comparing two CMVS games const uint8_t bytes[] = { 0xb8, 0xcd,0xcc,0xcc,0xcc, // 004512de b8 cdcccccc mov eax,0xcccccccd 0xf7,0xe1, // 004512e3 f7e1 mul ecx 0xc1,0xea, 0x02, // 004512e5 c1ea 02 shr edx,0x2 0xd1,0xe9, // 004512e8 d1e9 shr ecx,1 0x2b,0xca // 004512ea 2bca sub ecx,edx }; //const uint8_t bytes[] = { //青春&国记的人名&选择支 // 0xb8, 0xcd,0xcc,0xcc,0xcc, // 004512de b8 cdcccccc mov eax,0xcccccccd // 0xf7,0xe1, // 004512e3 f7e1 mul ecx // 0xd1,0xe9, // 004512e8 d1e9 shr ecx,1 // 0xc1,0xea, 0x02, // 004512e5 c1ea 02 shr edx,0x2 // 0x2b,0xca // 004512ea 2bca sub ecx,edx //}; const uint8_t bytes_kunado_kukoki[] = { 0xf7,0xe1, 0x8b,0x85,0xd8,0xfd,0xff,0xff, 0xd1,0xe9, 0xc1,0xea, 0x02, 0x2b,0xca }; return attach(bytes, sizeof(bytes), startAddress, stopAddress)||attach(bytes_kunado_kukoki, sizeof(bytes_kunado_kukoki), startAddress, stopAddress); } /** * FIXME: This function exists but is not called for クロノクロック when painting backlog. * * Sample bake: ハピメア * * Backlog function, found by tracking all callers of ::GetDC: * * 0044ACAE CC INT3 * 0044ACAF CC INT3 * 0044ACB0 55 PUSH EBP * 0044ACB1 8BEC MOV EBP,ESP * 0044ACB3 83EC 30 SUB ESP,0x30 * 0044ACB6 56 PUSH ESI * 0044ACB7 8BF1 MOV ESI,ECX * 0044ACB9 8B86 58010000 MOV EAX,DWORD PTR DS:[ESI+0x158] * 0044ACBF 57 PUSH EDI * 0044ACC0 8B7D 08 MOV EDI,DWORD PTR SS:[EBP+0x8] * 0044ACC3 50 PUSH EAX * 0044ACC4 C745 08 00000000 MOV DWORD PTR SS:[EBP+0x8],0x0 * 0044ACCB FF15 D4F35300 CALL DWORD PTR DS:[0x53F3D4] ; user32.GetDC * 0044ACD1 68 80000000 PUSH 0x80 * 0044ACD6 8D8E B8000000 LEA ECX,DWORD PTR DS:[ESI+0xB8] * 0044ACDC 6A 00 PUSH 0x0 * 0044ACDE 51 PUSH ECX * 0044ACDF 8945 FC MOV DWORD PTR SS:[EBP-0x4],EAX * 0044ACE2 E8 F9870D00 CALL .005234E0 * 0044ACE7 8B46 7C MOV EAX,DWORD PTR DS:[ESI+0x7C] * 0044ACEA 8B4E 70 MOV ECX,DWORD PTR DS:[ESI+0x70] * 0044ACED 8945 F4 MOV DWORD PTR SS:[EBP-0xC],EAX * 0044ACF0 8B46 1C MOV EAX,DWORD PTR DS:[ESI+0x1C] * 0044ACF3 BA 28000000 MOV EDX,0x28 * 0044ACF8 8945 E4 MOV DWORD PTR SS:[EBP-0x1C],EAX * 0044ACFB 8B86 80000000 MOV EAX,DWORD PTR DS:[ESI+0x80] * 0044AD01 66:8955 D0 MOV WORD PTR SS:[EBP-0x30],DX * 0044AD05 8B56 74 MOV EDX,DWORD PTR DS:[ESI+0x74] * 0044AD08 83C4 0C ADD ESP,0xC * 0044AD0B 48 DEC EAX * 0044AD0C 894D E8 MOV DWORD PTR SS:[EBP-0x18],ECX * 0044AD0F 8955 EC MOV DWORD PTR SS:[EBP-0x14],EDX * 0044AD12 C745 D8 00000000 MOV DWORD PTR SS:[EBP-0x28],0x0 * 0044AD19 74 18 JE SHORT .0044AD33 * 0044AD1B 48 DEC EAX * 0044AD1C 74 0C JE SHORT .0044AD2A * 0044AD1E 48 DEC EAX * 0044AD1F 75 19 JNZ SHORT .0044AD3A * 0044AD21 C745 D8 03000000 MOV DWORD PTR SS:[EBP-0x28],0x3 * 0044AD28 EB 10 JMP SHORT .0044AD3A * 0044AD2A C745 D8 02000000 MOV DWORD PTR SS:[EBP-0x28],0x2 * 0044AD31 EB 07 JMP SHORT .0044AD3A * 0044AD33 C745 D8 01000000 MOV DWORD PTR SS:[EBP-0x28],0x1 * 0044AD3A 8B45 0C MOV EAX,DWORD PTR SS:[EBP+0xC] * 0044AD3D 85C0 TEST EAX,EAX * 0044AD3F 74 08 JE SHORT .0044AD49 * 0044AD41 8B48 0C MOV ECX,DWORD PTR DS:[EAX+0xC] * 0044AD44 894D F0 MOV DWORD PTR SS:[EBP-0x10],ECX * 0044AD47 EB 06 JMP SHORT .0044AD4F * 0044AD49 8B56 78 MOV EDX,DWORD PTR DS:[ESI+0x78] * 0044AD4C 8955 F0 MOV DWORD PTR SS:[EBP-0x10],EDX * 0044AD4F 803F 00 CMP BYTE PTR DS:[EDI],0x0 * 0044AD52 0F84 65020000 JE .0044AFBD * 0044AD58 53 PUSH EBX * 0044AD59 8DA424 00000000 LEA ESP,DWORD PTR SS:[ESP] * 0044AD60 0FB607 MOVZX EAX,BYTE PTR DS:[EDI] * 0044AD63 3C 5C CMP AL,0x5C * 0044AD65 0F84 16020000 JE .0044AF81 * 0044AD6B 3C 7B CMP AL,0x7B * 0044AD6D 0F84 63010000 JE .0044AED6 * 0044AD73 50 PUSH EAX * 0044AD74 E8 778DFBFF CALL .00403AF0 * 0044AD79 85C0 TEST EAX,EAX * 0044AD7B 0F84 AC000000 JE .0044AE2D * 0044AD81 66:0FBE47 01 MOVSX AX,BYTE PTR DS:[EDI+0x1] * 0044AD86 66:0FBE17 MOVSX DX,BYTE PTR DS:[EDI] * 0044AD8A B9 FF000000 MOV ECX,0xFF * 0044AD8F 66:23C1 AND AX,CX * 0044AD92 66:C1E2 08 SHL DX,0x8 * 0044AD96 66:0BC2 OR AX,DX * 0044AD99 B9 4A810000 MOV ECX,0x814A * 0044AD9E 83C7 02 ADD EDI,0x2 * 0044ADA1 33DB XOR EBX,EBX * 0044ADA3 66:8945 D2 MOV WORD PTR SS:[EBP-0x2E],AX * 0044ADA7 66:3BC1 CMP AX,CX * 0044ADAA 75 05 JNZ SHORT .0044ADB1 * 0044ADAC BB 01000000 MOV EBX,0x1 * 0044ADB1 8B45 D2 MOV EAX,DWORD PTR SS:[EBP-0x2E] * 0044ADB4 8D55 08 LEA EDX,DWORD PTR SS:[EBP+0x8] * 0044ADB7 52 PUSH EDX * 0044ADB8 50 PUSH EAX * 0044ADB9 6A 00 PUSH 0x0 * 0044ADBB 8BCE MOV ECX,ESI * 0044ADBD E8 FEFCFFFF CALL .0044AAC0 * 0044ADC2 8B8E 98000000 MOV ECX,DWORD PTR DS:[ESI+0x98] * 0044ADC8 8B96 9C000000 MOV EDX,DWORD PTR DS:[ESI+0x9C] * 0044ADCE 894D DC MOV DWORD PTR SS:[EBP-0x24],ECX * 0044ADD1 8955 E0 MOV DWORD PTR SS:[EBP-0x20],EDX * 0044ADD4 85DB TEST EBX,EBX * 0044ADD6 74 0E JE SHORT .0044ADE6 * 0044ADD8 B8 CDCCCCCC MOV EAX,0xCCCCCCCD * 0044ADDD F766 1C MUL DWORD PTR DS:[ESI+0x1C] * 0044ADE0 C1EA 02 SHR EDX,0x2 * 0044ADE3 2955 DC SUB DWORD PTR SS:[EBP-0x24],EDX * 0044ADE6 8B55 FC MOV EDX,DWORD PTR SS:[EBP-0x4] * 0044ADE9 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-0x8] * 0044ADEC 50 PUSH EAX * 0044ADED 8D4D D0 LEA ECX,DWORD PTR SS:[EBP-0x30] * 0044ADF0 51 PUSH ECX * 0044ADF1 52 PUSH EDX * 0044ADF2 8BCE MOV ECX,ESI * 0044ADF4 E8 87F2FFFF CALL .0044A080 * 0044ADF9 85DB TEST EBX,EBX * 0044ADFB 75 11 JNZ SHORT .0044AE0E * 0044ADFD 8B46 20 MOV EAX,DWORD PTR DS:[ESI+0x20] * 0044AE00 0346 1C ADD EAX,DWORD PTR DS:[ESI+0x1C] * 0044AE03 0186 98000000 ADD DWORD PTR DS:[ESI+0x98],EAX * 0044AE09 E9 A5010000 JMP .0044AFB3 * 0044AE0E 8B4E 1C MOV ECX,DWORD PTR DS:[ESI+0x1C] * 0044AE11 B8 CDCCCCCC MOV EAX,0xCCCCCCCD * 0044AE16 F7E1 MUL ECX * 0044AE18 D1E9 SHR ECX,1 * 0044AE1A C1EA 02 SHR EDX,0x2 * 0044AE1D 2BCA SUB ECX,EDX * 0044AE1F 034E 20 ADD ECX,DWORD PTR DS:[ESI+0x20] * 0044AE22 018E 98000000 ADD DWORD PTR DS:[ESI+0x98],ECX * 0044AE28 E9 86010000 JMP .0044AFB3 * 0044AE2D 66:0FBE0F MOVSX CX,BYTE PTR DS:[EDI] * 0044AE31 8B56 14 MOV EDX,DWORD PTR DS:[ESI+0x14] * 0044AE34 2B56 20 SUB EDX,DWORD PTR DS:[ESI+0x20] * 0044AE37 8B46 1C MOV EAX,DWORD PTR DS:[ESI+0x1C] * 0044AE3A 66:894D D2 MOV WORD PTR SS:[EBP-0x2E],CX * 0044AE3E 8B4E 0C MOV ECX,DWORD PTR DS:[ESI+0xC] * 0044AE41 2BD0 SUB EDX,EAX * 0044AE43 03D1 ADD EDX,ECX * 0044AE45 47 INC EDI * 0044AE46 3996 98000000 CMP DWORD PTR DS:[ESI+0x98],EDX * 0044AE4C 72 37 JB SHORT .0044AE85 * 0044AE4E 8B55 08 MOV EDX,DWORD PTR SS:[EBP+0x8] * 0044AE51 42 INC EDX * 0044AE52 83BC96 B8000000 >CMP DWORD PTR DS:[ESI+EDX*4+0xB8],0x0 * 0044AE5A 8955 08 MOV DWORD PTR SS:[EBP+0x8],EDX * 0044AE5D 77 09 JA SHORT .0044AE68 * 0044AE5F 83BE AC000000 00 CMP DWORD PTR DS:[ESI+0xAC],0x0 * 0044AE66 74 0C JE SHORT .0044AE74 * 0044AE68 8B96 B0000000 MOV EDX,DWORD PTR DS:[ESI+0xB0] * 0044AE6E 0196 9C000000 ADD DWORD PTR DS:[ESI+0x9C],EDX * 0044AE74 898E 98000000 MOV DWORD PTR DS:[ESI+0x98],ECX * 0044AE7A 8B4E 24 MOV ECX,DWORD PTR DS:[ESI+0x24] * 0044AE7D 03C8 ADD ECX,EAX * 0044AE7F 018E 9C000000 ADD DWORD PTR DS:[ESI+0x9C],ECX * 0044AE85 8B96 98000000 MOV EDX,DWORD PTR DS:[ESI+0x98] * 0044AE8B 8B86 9C000000 MOV EAX,DWORD PTR DS:[ESI+0x9C] * 0044AE91 8D4D F8 LEA ECX,DWORD PTR SS:[EBP-0x8] * 0044AE94 51 PUSH ECX * 0044AE95 8955 DC MOV DWORD PTR SS:[EBP-0x24],EDX * 0044AE98 8D55 D0 LEA EDX,DWORD PTR SS:[EBP-0x30] * 0044AE9B 8945 E0 MOV DWORD PTR SS:[EBP-0x20],EAX * 0044AE9E 8B45 FC MOV EAX,DWORD PTR SS:[EBP-0x4] * 0044AEA1 52 PUSH EDX * 0044AEA2 50 PUSH EAX * 0044AEA3 8BCE MOV ECX,ESI * 0044AEA5 E8 D6F1FFFF CALL .0044A080 * 0044AEAA 8B46 1C MOV EAX,DWORD PTR DS:[ESI+0x1C] * 0044AEAD 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-0x8] * 0044AEB0 D1E8 SHR EAX,1 * 0044AEB2 3BC8 CMP ECX,EAX * 0044AEB4 77 10 JA SHORT .0044AEC6 * 0044AEB6 8B4E 20 MOV ECX,DWORD PTR DS:[ESI+0x20] * 0044AEB9 03C8 ADD ECX,EAX * 0044AEBB 018E 98000000 ADD DWORD PTR DS:[ESI+0x98],ECX * 0044AEC1 E9 ED000000 JMP .0044AFB3 * 0044AEC6 8B56 20 MOV EDX,DWORD PTR DS:[ESI+0x20] * 0044AEC9 03D1 ADD EDX,ECX * 0044AECB 0196 98000000 ADD DWORD PTR DS:[ESI+0x98],EDX * 0044AED1 E9 DD000000 JMP .0044AFB3 * 0044AED6 47 INC EDI * 0044AED7 BB 01000000 MOV EBX,0x1 * 0044AEDC 8D6424 00 LEA ESP,DWORD PTR SS:[ESP] * 0044AEE0 0FB607 MOVZX EAX,BYTE PTR DS:[EDI] * 0044AEE3 50 PUSH EAX * 0044AEE4 E8 078CFBFF CALL .00403AF0 * 0044AEE9 85C0 TEST EAX,EAX * 0044AEEB 74 63 JE SHORT .0044AF50 * 0044AEED 66:0FBE4F 01 MOVSX CX,BYTE PTR DS:[EDI+0x1] * 0044AEF2 66:0FBE07 MOVSX AX,BYTE PTR DS:[EDI] * 0044AEF6 BA FF000000 MOV EDX,0xFF * 0044AEFB 66:23CA AND CX,DX * 0044AEFE 66:C1E0 08 SHL AX,0x8 * 0044AF02 66:0BC8 OR CX,AX * 0044AF05 66:894D D2 MOV WORD PTR SS:[EBP-0x2E],CX * 0044AF09 8B55 D2 MOV EDX,DWORD PTR SS:[EBP-0x2E] * 0044AF0C 8D4D 08 LEA ECX,DWORD PTR SS:[EBP+0x8] * 0044AF0F 51 PUSH ECX * 0044AF10 52 PUSH EDX * 0044AF11 6A 00 PUSH 0x0 * 0044AF13 8BCE MOV ECX,ESI * 0044AF15 83C7 02 ADD EDI,0x2 * 0044AF18 E8 A3FBFFFF CALL .0044AAC0 * 0044AF1D 8B86 98000000 MOV EAX,DWORD PTR DS:[ESI+0x98] * 0044AF23 8B8E 9C000000 MOV ECX,DWORD PTR DS:[ESI+0x9C] * 0044AF29 8D55 F8 LEA EDX,DWORD PTR SS:[EBP-0x8] * 0044AF2C 8945 DC MOV DWORD PTR SS:[EBP-0x24],EAX * 0044AF2F 52 PUSH EDX * 0044AF30 894D E0 MOV DWORD PTR SS:[EBP-0x20],ECX * 0044AF33 8B4D FC MOV ECX,DWORD PTR SS:[EBP-0x4] * 0044AF36 8D45 D0 LEA EAX,DWORD PTR SS:[EBP-0x30] * 0044AF39 50 PUSH EAX * 0044AF3A 51 PUSH ECX * 0044AF3B 8BCE MOV ECX,ESI * 0044AF3D E8 3EF1FFFF CALL .0044A080 * 0044AF42 8B56 20 MOV EDX,DWORD PTR DS:[ESI+0x20] * 0044AF45 0356 1C ADD EDX,DWORD PTR DS:[ESI+0x1C] * 0044AF48 0196 98000000 ADD DWORD PTR DS:[ESI+0x98],EDX * 0044AF4E EB 08 JMP SHORT .0044AF58 * 0044AF50 803F 2F CMP BYTE PTR DS:[EDI],0x2F * 0044AF53 75 02 JNZ SHORT .0044AF57 * 0044AF55 33DB XOR EBX,EBX * 0044AF57 47 INC EDI * 0044AF58 85DB TEST EBX,EBX * 0044AF5A ^75 84 JNZ SHORT .0044AEE0 * 0044AF5C BB 01000000 MOV EBX,0x1 * 0044AF61 0FB607 MOVZX EAX,BYTE PTR DS:[EDI] * 0044AF64 50 PUSH EAX * 0044AF65 E8 868BFBFF CALL .00403AF0 * 0044AF6A 85C0 TEST EAX,EAX * 0044AF6C 74 05 JE SHORT .0044AF73 * 0044AF6E 83C7 02 ADD EDI,0x2 * 0044AF71 EB 08 JMP SHORT .0044AF7B * 0044AF73 803F 7D CMP BYTE PTR DS:[EDI],0x7D * 0044AF76 75 02 JNZ SHORT .0044AF7A * 0044AF78 33DB XOR EBX,EBX * 0044AF7A 47 INC EDI * 0044AF7B 85DB TEST EBX,EBX * 0044AF7D ^75 E2 JNZ SHORT .0044AF61 * 0044AF7F EB 32 JMP SHORT .0044AFB3 * 0044AF81 0FBE47 01 MOVSX EAX,BYTE PTR DS:[EDI+0x1] * 0044AF85 83C0 9D ADD EAX,-0x63 * 0044AF88 83F8 14 CMP EAX,0x14 * 0044AF8B 77 26 JA SHORT .0044AFB3 * 0044AF8D 0FB688 F0AF4400 MOVZX ECX,BYTE PTR DS:[EAX+0x44AFF0] * 0044AF94 FF248D E0AF4400 JMP DWORD PTR DS:[ECX*4+0x44AFE0] * 0044AF9B 8B46 24 MOV EAX,DWORD PTR DS:[ESI+0x24] * 0044AF9E 0346 1C ADD EAX,DWORD PTR DS:[ESI+0x1C] * 0044AFA1 8B56 0C MOV EDX,DWORD PTR DS:[ESI+0xC] * 0044AFA4 0186 9C000000 ADD DWORD PTR DS:[ESI+0x9C],EAX * 0044AFAA 8996 98000000 MOV DWORD PTR DS:[ESI+0x98],EDX * 0044AFB0 83C7 02 ADD EDI,0x2 * 0044AFB3 803F 00 CMP BYTE PTR DS:[EDI],0x0 * 0044AFB6 ^0F85 A4FDFFFF JNZ .0044AD60 * 0044AFBC 5B POP EBX * 0044AFBD 8B4D FC MOV ECX,DWORD PTR SS:[EBP-0x4] * 0044AFC0 8B96 58010000 MOV EDX,DWORD PTR DS:[ESI+0x158] * 0044AFC6 51 PUSH ECX * 0044AFC7 52 PUSH EDX * 0044AFC8 FF15 D8F35300 CALL DWORD PTR DS:[0x53F3D8] ; user32.ReleaseDC * 0044AFCE 5F POP EDI * 0044AFCF B8 01000000 MOV EAX,0x1 * 0044AFD4 5E POP ESI * 0044AFD5 8BE5 MOV ESP,EBP * 0044AFD7 5D POP EBP * 0044AFD8 C2 0800 RETN 0x8 * 0044AFDB 83C7 03 ADD EDI,0x3 * 0044AFDE ^EB D3 JMP SHORT .0044AFB3 * 0044AFE0 B0 AF MOV AL,0xAF * 0044AFE2 44 INC ESP * 0044AFE3 009B AF4400DB ADD BYTE PTR DS:[EBX+0xDB0044AF],BL * 0044AFE9 AF SCAS DWORD PTR ES:[EDI] * 0044AFEA 44 INC ESP * 0044AFEB 00B3 AF440000 ADD BYTE PTR DS:[EBX+0x44AF],DH * 0044AFF1 0303 ADD EAX,DWORD PTR DS:[EBX] * 0044AFF3 0303 ADD EAX,DWORD PTR DS:[EBX] * 0044AFF5 0303 ADD EAX,DWORD PTR DS:[EBX] * 0044AFF7 0303 ADD EAX,DWORD PTR DS:[EBX] * 0044AFF9 0303 ADD EAX,DWORD PTR DS:[EBX] * 0044AFFB 0103 ADD DWORD PTR DS:[EBX],EAX * 0044AFFD 0303 ADD EAX,DWORD PTR DS:[EBX] * 0044AFFF 0303 ADD EAX,DWORD PTR DS:[EBX] * 0044B001 0003 ADD BYTE PTR DS:[EBX],AL * 0044B003 0302 ADD EAX,DWORD PTR DS:[EDX] * 0044B005 CC INT3 * 0044B006 CC INT3 * 0044B007 CC INT3 * 0044B008 CC INT3 */ bool attachHistoryHook(ULONG startAddress, ULONG stopAddress) { const uint8_t bytes[] = { 0xb8, 0xcd,0xcc,0xcc,0xcc, // 0044ae11 b8 cdcccccc mov eax,0xcccccccd 0xf7,0xe1, // 0044ae16 f7e1 mul ecx 0xd1,0xe9, // 0044ae18 d1e9 shr ecx,1 0xc1,0xea, 0x02, // 0044ae1a c1ea 02 shr edx,0x2 0x2b,0xca // 0044ae1d 2bca sub ecx,edx }; return attach(bytes, sizeof(bytes), startAddress, stopAddress); } bool CMVS::attach_function() { bool embed=attachScenarioHook(processStartAddress,processStopAddress); if(embed)attachHistoryHook(processStartAddress,processStopAddress); return InsertCMVSHook()||embed; }