恍兮惚兮 edc5efec99 format
2024-11-02 15:49:09 +08:00

88 lines
2.3 KiB
C++

#include "AGES7.h"
namespace
{
// Muv-Luv Alternative - Total Eclipse
// https://vndb.org/v7052
bool _1()
{
// HSN65001#-44@234699:te-win64vc14-release.exe
BYTE b1[] = {
0x48, XX2, 0xb0, 0xfe, 0xff, 0xff,
0x4c, XX2, 0xb8, 0x01, 0x00, 0x00
};
auto addr = MemDbg::findBytes(b1, sizeof(b1), processStartAddress, processStopAddress);
if (addr == 0)
return false;
HookParam hp;
hp.address = addr;
hp.type = USING_STRING | CODEC_UTF8 | NO_CONTEXT;
hp.offset = get_reg(regs::rdi);
auto succ = NewHook(hp, "Ages7_1");
if (addr = MemDbg::findEnclosingAlignedFunction(addr))
{
hp.address = addr;
hp.type = USING_STRING | CODEC_UTF8 | NO_CONTEXT;
hp.offset = get_reg(regs::rbx);
succ |= NewHook(hp, "Ages7_3");
}
return succ;
}
bool _2()
{
// HSN65001#-44@2346AC:te-win64vc14-release.exe
BYTE b1[] = {
0x48, XX2, 0x10,
0x48, XX2, 0xb0, 0x01, 0x00, 0x00,
XX2, 0xc0, 0x08, 0x00, 0x00};
auto addr = MemDbg::findBytes(b1, sizeof(b1), processStartAddress, processStopAddress);
if (addr == 0)
return false;
HookParam hp;
hp.address = addr;
hp.type = USING_STRING | CODEC_UTF8 | NO_CONTEXT;
hp.offset = get_reg(regs::rdi);
auto suc = NewHook(hp, "Ages7_2");
if (addr = MemDbg::findEnclosingAlignedFunction(addr))
{
hp.address = addr;
hp.type = USING_STRING | CODEC_UTF8 | NO_CONTEXT;
hp.offset = get_reg(regs::rbx);
suc |= NewHook(hp, "Ages7_3");
}
return suc;
}
bool _3()
{
// HSN65001#-14@3D9814:te-win64vc14-release.exe
BYTE b1[] = {
0x48, 0x8b, 0x1b,
0x48, 0x8b, 0x01,
0x48, 0x8b, 0xd3,
0xff, 0x10,
0x48, 0x8b, 0x45, 0xc8,
0x48, 0x8b, 0x4d, 0xc0,
0x48, 0x2b, 0xc1,
0x48, 0xc1, 0xf8, 0x03,
0x48, 0x85, 0xc0};
auto addr = MemDbg::findBytes(b1, sizeof(b1), processStartAddress, processStopAddress);
if (addr == 0)
return false;
HookParam hp;
hp.address = addr + 3;
hp.type = USING_STRING | CODEC_UTF8 | NO_CONTEXT;
hp.offset = get_reg(regs::rbx);
return NewHook(hp, "Ages7_4");
}
bool all()
{
auto _ = _1();
_ = _2() || _;
_ = _3() || _;
return _;
}
}
bool AGES7::attach_function()
{
return all();
}