LunaHook-mirror/LunaHook/engine64/Kincaid.cpp

#include "Kincaid.h"
namespace
{
  bool _1()
  {
    //     .text:0000000140230D80                 mov     rsi, rax
    // .text:0000000140230D83                 mov     edx, 1
    // .text:0000000140230D88                 mov     rcx, rdi
    // .text:0000000140230D8B                 call    sub_1402B35B0
    // .text:0000000140230D90                 lea     ebx, [rax-1]
    // .text:0000000140230D93                 mov     edx, 2
    // .text:0000000140230D98                 mov     rcx, rdi
    // .text:0000000140230D9B                 call    sub_1402B35B0
    BYTE b1[] = {
        0x48, 0x8b, 0xf0,
        0xba, 0x01, 0x00, 0x00, 0x00,
        0x48, 0x8b, 0xcf,
        0xe8, XX4,
        0x8d, 0x58, 0xff,
        0xba, 0x02, 0x00, 0x00, 0x00,
        0x48, 0x8b, 0xcf,
        0xe8, XX4};
    auto addr = MemDbg::findBytes(b1, sizeof(b1), processStartAddress, processStopAddress);
    if (addr == 0)
      return false;
    HookParam hp;
    hp.address = addr;
    hp.type = USING_STRING | CODEC_UTF8;
    hp.offset = get_reg(regs::rax);
    hp.text_fun = [](hook_stack *stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t *len)
    {
      *data = stack->rax;
      if (stack->retaddr == (DWORD)-1)
        *len = strlen((char *)*data);
    };
    return NewHook(hp, "Kincaid");
  }
}
bool Kincaid::attach_function()
{
  return _1();
}
some 2024-10-03 14:53:59 +08:00			`#include "Kincaid.h"`
			`namespace`
			`{`
			`bool _1()`
			`{`
			`// .text:0000000140230D80 mov rsi, rax`
			`// .text:0000000140230D83 mov edx, 1`
			`// .text:0000000140230D88 mov rcx, rdi`
			`// .text:0000000140230D8B call sub_1402B35B0`
			`// .text:0000000140230D90 lea ebx, [rax-1]`
			`// .text:0000000140230D93 mov edx, 2`
			`// .text:0000000140230D98 mov rcx, rdi`
			`// .text:0000000140230D9B call sub_1402B35B0`
			`BYTE b1[] = {`
			`0x48, 0x8b, 0xf0,`
			`0xba, 0x01, 0x00, 0x00, 0x00,`
			`0x48, 0x8b, 0xcf,`
			`0xe8, XX4,`
			`0x8d, 0x58, 0xff,`
			`0xba, 0x02, 0x00, 0x00, 0x00,`
			`0x48, 0x8b, 0xcf,`
			`0xe8, XX4};`
			`auto addr = MemDbg::findBytes(b1, sizeof(b1), processStartAddress, processStopAddress);`
			`if (addr == 0)`
			`return false;`
Kincaid 2024-05-12 23:43:56 +08:00			`HookParam hp;`
some 2024-10-03 14:53:59 +08:00			`hp.address = addr;`
			`hp.type = USING_STRING \| CODEC_UTF8;`
			`hp.offset = get_reg(regs::rax);`
			`hp.text_fun = [](hook_stack stack, HookParam hp, uintptr_t data, uintptr_t split, size_t *len)`
			`{`
			`*data = stack->rax;`
			`if (stack->retaddr == (DWORD)-1)`
			`len = strlen((char )*data);`
Kincaid 2024-05-12 23:43:56 +08:00			`};`
some 2024-10-03 14:53:59 +08:00			`return NewHook(hp, "Kincaid");`
Kincaid 2024-05-12 23:43:56 +08:00			`}`
			`}`
some 2024-10-03 14:53:59 +08:00			`bool Kincaid::attach_function()`
			`{`
Kincaid 2024-05-12 23:43:56 +08:00			`return _1();`
			`}`