Public-Mirror/LunaHook-mirror
1
0
Fork 0
mirror of https://github.com/HIllya51/LunaHook.git synced 2024-10-22 23:18:16 +08:00
Code Issues Projects Releases Wiki Activity
main
LunaHook-mirror/LunaHook/engine32/MarineHeart.cpp
恍兮惚兮 d458abbd3f Initial commit
2024-02-07 20:59:24 +08:00

127 lines
7.4 KiB
C++
Raw Permalink Blame History

#include"MarineHeart.h"
/**
* jichi 4/19/2014: Marine Heart
* See: http://blgames.proboards.com/post/1984
* http://www.yaoiotaku.com/forums/threads/11440-huge-bl-game-torrent
*
* Issue: The extracted text someitems has limited repetition
* TODO: It might be better to use FindCallAndEntryAbs for gdi32.CreateFontA?
* See how FindCallAndEntryAbs is used in Majiro.
*
* 妖恋愛奭<E6849B>神サマ<E382B5>堕し方/HS4*0@40D160
* - addr: 4247904 = 0x40d160
* - off: 4
* - type: 9
*
* Function starts
* 0040d160 /$ 55 push ebp ; jichi: hook here
* 0040d161 |. 8bec mov ebp,esp
* 0040d163 |. 83c4 90 add esp,-0x70
* 0040d166 |. 33c0 xor eax,eax
* 0040d168 |. 53 push ebx
* 0040d169 |. 56 push esi
* 0040d16a |. 57 push edi
* 0040d16b |. 8b75 08 mov esi,dword ptr ss:[ebp+0x8]
* 0040d16e |. c745 cc 281e4800 mov dword ptr ss:[ebp-0x34],saisys.00481>
* 0040d175 |. 8965 d0 mov dword ptr ss:[ebp-0x30],esp
* 0040d178 |. c745 c8 d0d14700 mov dword ptr ss:[ebp-0x38],<jmp.&cp3245>
* 0040d17f |. 66:c745 d4 0000 mov word ptr ss:[ebp-0x2c],0x0
* 0040d185 |. 8945 e0 mov dword ptr ss:[ebp-0x20],eax
* 0040d188 |. 64:8b15 00000000 mov edx,dword ptr fs:[0]
* 0040d18f |. 8955 c4 mov dword ptr ss:[ebp-0x3c],edx
* 0040d192 |. 8d4d c4 lea ecx,dword ptr ss:[ebp-0x3c]
* 0040d195 |. 64:890d 00000000 mov dword ptr fs:[0],ecx
* 0040d19c |. 8b05 741c4800 mov eax,dword ptr ds:[0x481c74]
* 0040d1a2 |. 8945 bc mov dword ptr ss:[ebp-0x44],eax
* 0040d1a5 |. 8b05 781c4800 mov eax,dword ptr ds:[0x481c78]
* 0040d1ab |. 8945 c0 mov dword ptr ss:[ebp-0x40],eax
* 0040d1ae |. 8d46 24 lea eax,dword ptr ds:[esi+0x24]
* 0040d1b1 |. 8b56 14 mov edx,dword ptr ds:[esi+0x14]
* 0040d1b4 |. 8955 bc mov dword ptr ss:[ebp-0x44],edx
* 0040d1b7 |. 8b10 mov edx,dword ptr ds:[eax]
* 0040d1b9 |. 85d2 test edx,edx
* 0040d1bb |. 74 04 je short saisys.0040d1c1
* 0040d1bd |. 8b08 mov ecx,dword ptr ds:[eax]
* 0040d1bf |. eb 05 jmp short saisys.0040d1c6
* 0040d1c1 |> b9 9b1c4800 mov ecx,saisys.00481c9b
* 0040d1c6 |> 51 push ecx ; /facename
* 0040d1c7 |. 6a 01 push 0x1 ; |pitchandfamily = fixed_pitch|ff_dontcare
* 0040d1c9 |. 6a 03 push 0x3 ; |quality = 3.
* 0040d1cb |. 6a 00 push 0x0 ; |clipprecision = clip_default_precis
* 0040d1cd |. 6a 00 push 0x0 ; |outputprecision = out_default_precis
* 0040d1cf |. 68 80000000 push 0x80 ; |charset = 128.
* 0040d1d4 |. 6a 00 push 0x0 ; |strikeout = false
* 0040d1d6 |. 6a 00 push 0x0 ; |underline = false
* 0040d1d8 |. 6a 00 push 0x0 ; |italic = false
* 0040d1da |. 68 90010000 push 0x190 ; |weight = fw_normal
* 0040d1df |. 6a 00 push 0x0 ; |orientation = 0x0
* 0040d1e1 |. 6a 00 push 0x0 ; |escapement = 0x0
* 0040d1e3 |. 6a 00 push 0x0 ; |width = 0x0
* 0040d1e5 |. 8b46 04 mov eax,dword ptr ds:[esi+0x4] ; |
* 0040d1e8 |. 50 push eax ; |height
* 0040d1e9 |. e8 00fa0600 call <jmp.&gdi32.CreateFontA> ; \createfonta
* 0040d1ee |. 8945 b8 mov dword ptr ss:[ebp-0x48],eax
* 0040d1f1 |. 8b55 b8 mov edx,dword ptr ss:[ebp-0x48]
* 0040d1f4 |. 85d2 test edx,edx
* 0040d1f6 |. 75 14 jnz short saisys.0040d20c
*/
bool InsertMarineHeartHook()
{
// FIXME: Why this does not work?!
// jichi 6/3/2014: CreateFontA is only called once in this function
// 0040d160 /$ 55 push ebp ; jichi: hook here
// 0040d161 |. 8bec mov ebp,esp
//ULONG addr = Util::FindCallAndEntryAbs((DWORD)CreateFontA, processStopAddress - processStartAddress, processStartAddress, 0xec8b);
const BYTE bytes[] = {
0x51, // 0040d1c6 |> 51 push ecx ; /facename
0x6a, 0x01, // 0040d1c7 |. 6a 01 push 0x1 ; |pitchandfamily = fixed_pitch|ff_dontcare
0x6a, 0x03, // 0040d1c9 |. 6a 03 push 0x3 ; |quality = 3.
0x6a, 0x00, // 0040d1cb |. 6a 00 push 0x0 ; |clipprecision = clip_default_precis
0x6a, 0x00, // 0040d1cd |. 6a 00 push 0x0 ; |outputprecision = out_default_precis
0x68, 0x80,0x00,0x00,0x00, // 0040d1cf |. 68 80000000 push 0x80 ; |charset = 128.
0x6a, 0x00, // 0040d1d4 |. 6a 00 push 0x0 ; |strikeout = false
0x6a, 0x00, // 0040d1d6 |. 6a 00 push 0x0 ; |underline = false
0x6a, 0x00, // 0040d1d8 |. 6a 00 push 0x0 ; |italic = false
0x68, 0x90,0x01,0x00,0x00, // 0040d1da |. 68 90010000 push 0x190 ; |weight = fw_normal
0x6a, 0x00, // 0040d1df |. 6a 00 push 0x0 ; |orientation = 0x0
0x6a, 0x00, // 0040d1e1 |. 6a 00 push 0x0 ; |escapement = 0x0
0x6a, 0x00, // 0040d1e3 |. 6a 00 push 0x0 ; |width = 0x0 0x8b,0x46, 0x04,
0x8b,0x46, 0x04, // 0040d1e5 |. 8b46 04 mov eax,dword ptr ds:[esi+0x4] ; |
0x50, // 0040d1e8 |. 50 push eax ; |height
0xe8//, 0x00,0xfa,0x06,0x00 // 0040d1e9 |. e8 00fa0600 call <jmp.&gdi32.CreateFontA> ; \createfonta
};
enum { addr_offset = 0x0040d160 - 0x0040d1c6 }; // distance to the beginning of the function
ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR);
ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range);
//GROWL_DWORD(reladdr);
if (!addr) {
ConsoleOutput("MarineHeart: pattern not found");
return false;
}
addr += addr_offset;
//addr = 0x40d160;
//GROWL_DWORD(addr);
enum : BYTE { push_ebp = 0x55 }; // 011d4c80 /$ 55 push ebp
if (*(BYTE *)addr != push_ebp) {
ConsoleOutput("MarineHeart: pattern found but the function offset is invalid");
return false;
}
HookParam hp;
hp.address = addr;
hp.offset=get_stack(1);
hp.type = USING_STRING|DATA_INDIRECT; // = 9
ConsoleOutput("INSERT MarineHeart");
return NewHook(hp, "MarineHeart");
}
bool MarineHeart::attach_function() {
return InsertMarineHeartHook();
}
Reference in New Issue View Git Blame Copy Permalink