#include"KiriKiri.h" bool InsertKiriKiriZHook() { /* * Sample games: * RJ351843 */ const BYTE bytes[] = { 0xCC, // int 3 0x4C, 0x89, 0x44, 0x24, 0x18, // mov [rsp+18],r8 <- hook here 0x48, 0x89, 0x54, 0x24, 0x10, // mov [rsp+10],rdx 0x53, // push rbx 0x56, // push rsi 0x57, // push rdi 0x41, 0x54, // push r12 0x41, 0x55, // push r13 0x41, 0x56, // push r14 0x41, 0x57, // push r15 0x48, 0x83, 0xEC, 0x40, // sub rsp,40 0x48, 0xC7, 0x44, 0x24, 0x30, 0xFE, 0xFF, 0xFF, 0xFF // mov qword ptr [rsp+30],FFFFFFFFFFFFFFFE }; ULONG64 range = min(processStopAddress - processStartAddress, X64_MAX_REL_ADDR); for (auto addr : Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE, processStartAddress, processStartAddress + range)) { HookParam hp; hp.address = addr + 1; hp.offset=get_reg(regs::rcx); hp.index = 0x18; hp.type = CODEC_UTF16 | DATA_INDIRECT; return NewHook(hp, "KiriKiriZ"); } return false; } bool Insertkrkrz64Hook() { const BYTE BYTES[] = { 0x41,0x0F,0xB7,0x44,0x24,0x04, 0x89,0x43,0x20, 0x41,0x0F,0xB7,0x44,0x24,0x06, 0x89,0x43,0x24, 0x41,0x0F,0xBF,0x44,0x24,0x0C, 0x89,0x43,0x14 }; auto addrs = Util::SearchMemory(BYTES, sizeof(BYTES), PAGE_EXECUTE_READ, processStartAddress, processStopAddress); ConsoleOutput("%p %p", processStartAddress, processStopAddress); for (auto addr : addrs) { ConsoleOutput("krkrz64 %p", addr); const BYTE funcstart[] = { 0xcc,0xcc,0xcc,0xcc }; addr = reverseFindBytes(funcstart, sizeof(funcstart), addr - 0x1000, addr); if (addr == 0)continue; addr += 4; HookParam hp; hp.address = addr; hp.type = CODEC_UTF16| DATA_INDIRECT; hp.offset=get_reg(regs::rcx); hp.index = 0x18; ConsoleOutput("krkrz64 %p %x", addr); return NewHook(hp, "krkrz64"); } ConsoleOutput("krkrz64 failed"); return false; } bool KiriKiri::attach_function() { return Insertkrkrz64Hook()||InsertKiriKiriZHook(); }