71 lines
2.0 KiB
C++
Raw Normal View History

2024-10-03 14:53:59 +08:00
#include "KiriKiri.h"
2024-02-07 20:59:24 +08:00
bool InsertKiriKiriZHook()
2024-10-03 14:53:59 +08:00
{
/*
* Sample games:
* RJ351843
*/
const BYTE bytes[] = {
0xCC, // int 3
0x4C, 0x89, 0x44, 0x24, 0x18, // mov [rsp+18],r8 <- hook here
0x48, 0x89, 0x54, 0x24, 0x10, // mov [rsp+10],rdx
0x53, // push rbx
0x56, // push rsi
0x57, // push rdi
0x41, 0x54, // push r12
0x41, 0x55, // push r13
0x41, 0x56, // push r14
0x41, 0x57, // push r15
0x48, 0x83, 0xEC, 0x40, // sub rsp,40
0x48, 0xC7, 0x44, 0x24, 0x30, 0xFE, 0xFF, 0xFF, 0xFF // mov qword ptr [rsp+30],FFFFFFFFFFFFFFFE
};
2024-02-07 20:59:24 +08:00
2024-10-03 14:53:59 +08:00
ULONG64 range = min(processStopAddress - processStartAddress, X64_MAX_REL_ADDR);
for (auto addr : Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE, processStartAddress, processStartAddress + range))
{
HookParam hp;
hp.address = addr + 1;
hp.offset = get_reg(regs::rcx);
hp.index = 0x18;
hp.type = CODEC_UTF16 | DATA_INDIRECT;
return NewHook(hp, "KiriKiriZ");
2024-02-07 20:59:24 +08:00
}
2024-10-03 14:53:59 +08:00
return false;
}
2024-02-07 20:59:24 +08:00
bool Insertkrkrz64Hook()
{
2024-10-03 14:53:59 +08:00
const BYTE BYTES[] = {
0x41, 0x0F, 0xB7, 0x44, 0x24, 0x04,
0x89, 0x43, 0x20,
0x41, 0x0F, 0xB7, 0x44, 0x24, 0x06,
0x89, 0x43, 0x24,
0x41, 0x0F, 0xBF, 0x44, 0x24, 0x0C,
0x89, 0x43, 0x14};
auto addrs = Util::SearchMemory(BYTES, sizeof(BYTES), PAGE_EXECUTE_READ, processStartAddress, processStopAddress);
ConsoleOutput("%p %p", processStartAddress, processStopAddress);
for (auto addr : addrs)
{
ConsoleOutput("krkrz64 %p", addr);
const BYTE funcstart[] = {0xcc, 0xcc, 0xcc, 0xcc};
addr = reverseFindBytes(funcstart, sizeof(funcstart), addr - 0x1000, addr);
if (addr == 0)
continue;
addr += 4;
HookParam hp;
hp.address = addr;
hp.type = CODEC_UTF16 | DATA_INDIRECT;
hp.offset = get_reg(regs::rcx);
hp.index = 0x18;
ConsoleOutput("krkrz64 %p %x", addr);
return NewHook(hp, "krkrz64");
}
2024-02-07 20:59:24 +08:00
2024-10-03 14:53:59 +08:00
ConsoleOutput("krkrz64 failed");
return false;
}
bool KiriKiri::attach_function()
{
return Insertkrkrz64Hook() || InsertKiriKiriZHook();
2024-02-07 20:59:24 +08:00
}