恍兮惚兮 163835bec9 some
2024-10-04 14:37:06 +08:00

97 lines
2.5 KiB
C++

#include "AGES7.h"
namespace
{
// Muv-Luv Alternative - Total Eclipse
// https://vndb.org/v7052
bool _1()
{
// HSN65001#-44@234699:te-win64vc14-release.exe
BYTE b1[] = {
//clang-format off
0x48, XX2, 0xb0, 0xfe, 0xff, 0xff,
0x4c, XX2, 0xb8, 0x01, 0x00, 0x00,
//clang-format on
};
auto addr = MemDbg::findBytes(b1, sizeof(b1), processStartAddress, processStopAddress);
if (addr == 0)
return false;
HookParam hp;
hp.address = addr;
hp.type = USING_STRING | CODEC_UTF8 | NO_CONTEXT;
hp.offset = get_reg(regs::rdi);
auto succ = NewHook(hp, "Ages7_1");
if (addr = MemDbg::findEnclosingAlignedFunction(addr))
{
hp.address = addr;
hp.type = USING_STRING | CODEC_UTF8 | NO_CONTEXT;
hp.offset = get_reg(regs::rbx);
succ |= NewHook(hp, "Ages7_3");
}
return succ;
}
bool _2()
{
// HSN65001#-44@2346AC:te-win64vc14-release.exe
BYTE b1[] = {
//clang-format off
0x48, XX2, 0x10,
0x48, XX2, 0xb0, 0x01, 0x00, 0x00,
XX2, 0xc0, 0x08, 0x00, 0x00
//clang-format on
};
auto addr = MemDbg::findBytes(b1, sizeof(b1), processStartAddress, processStopAddress);
if (addr == 0)
return false;
HookParam hp;
hp.address = addr;
hp.type = USING_STRING | CODEC_UTF8 | NO_CONTEXT;
hp.offset = get_reg(regs::rdi);
auto suc = NewHook(hp, "Ages7_2");
if (addr = MemDbg::findEnclosingAlignedFunction(addr))
{
hp.address = addr;
hp.type = USING_STRING | CODEC_UTF8 | NO_CONTEXT;
hp.offset = get_reg(regs::rbx);
suc |= NewHook(hp, "Ages7_3");
}
return suc;
}
bool _3()
{
// HSN65001#-14@3D9814:te-win64vc14-release.exe
BYTE b1[] = {
//clang-format off
0x48, 0x8b, 0x1b,
0x48, 0x8b, 0x01,
0x48, 0x8b, 0xd3,
0xff, 0x10,
0x48, 0x8b, 0x45, 0xc8,
0x48, 0x8b, 0x4d, 0xc0,
0x48, 0x2b, 0xc1,
0x48, 0xc1, 0xf8, 0x03,
0x48, 0x85, 0xc0,
//clang-format on
};
auto addr = MemDbg::findBytes(b1, sizeof(b1), processStartAddress, processStopAddress);
if (addr == 0)
return false;
HookParam hp;
hp.address = addr + 3;
hp.type = USING_STRING | CODEC_UTF8 | NO_CONTEXT;
hp.offset = get_reg(regs::rbx);
return NewHook(hp, "Ages7_4");
}
bool all()
{
auto _ = _1();
_ = _2() || _;
_ = _3() || _;
return _;
}
}
bool AGES7::attach_function()
{
return all();
}