#include"Kincaid.h"
namespace{
  bool _1(){
//     .text:0000000140230D80                 mov     rsi, rax
// .text:0000000140230D83                 mov     edx, 1
// .text:0000000140230D88                 mov     rcx, rdi
// .text:0000000140230D8B                 call    sub_1402B35B0
// .text:0000000140230D90                 lea     ebx, [rax-1]
// .text:0000000140230D93                 mov     edx, 2
// .text:0000000140230D98                 mov     rcx, rdi
// .text:0000000140230D9B                 call    sub_1402B35B0
    BYTE b1[]={
      0x48,0x8b,0xf0,
      0xba,0x01,0x00,0x00,0x00,
      0x48,0x8b,0xcf,
      0xe8,XX4,
      0x8d,0x58,0xff,
      0xba,0x02,0x00,0x00,0x00,
      0x48,0x8b,0xcf,
      0xe8,XX4
    };
    auto addr=MemDbg::findBytes(b1,sizeof(b1),processStartAddress,processStopAddress);
    if(addr==0)return false;
    HookParam hp;
    hp.address=addr;
    hp.type=USING_STRING|CODEC_UTF8;
    hp.offset=get_reg(regs::rax);
    hp.text_fun=[](hook_stack* stack, HookParam* hp, uintptr_t* data, uintptr_t* split, size_t* len){
      *data=stack->rax;
      if(stack->retaddr==(DWORD)-1)
        *len=strlen((char*)*data);
    };
    return NewHook(hp,"Kincaid");
  }
}
bool Kincaid::attach_function(){ 
  return _1();
}