53 lines
1.7 KiB
C++
Raw Normal View History

2024-04-24 15:45:46 +08:00
#include"solfasys.h"
2024-04-25 18:09:46 +08:00
bool solfasys1() {
2024-04-24 15:45:46 +08:00
auto addr=MemDbg::findCallerAddressAfterInt3((DWORD)GetGlyphOutlineA,processStartAddress,processStopAddress);
ConsoleOutput("%p",addr);
if(!addr)return false;
addr=MemDbg::findShortJumpAddress(addr,processStartAddress,processStopAddress);
ConsoleOutput("%p",addr);
if(!addr)return false;
addr=MemDbg::findEnclosingAlignedFunction(addr,0x10);//actually only 2
ConsoleOutput("%p",addr);
if(!addr)return false;
auto addrs=findxref_reverse_checkcallop(addr,processStartAddress,processStopAddress,0xe8);
if(addrs.size()!=2)return false;
addr=addrs[0];
ConsoleOutput("%p",addr);
addr=MemDbg::findEnclosingAlignedFunction(addr);
ConsoleOutput("%p",addr);
if(!addr)return false;
HookParam hp;
hp.address=addr;
hp.type=CODEC_ANSI_BE|USING_CHAR;
hp.offset=get_stack(1);
return NewHook(hp,"solfasys");
2024-04-25 18:09:46 +08:00
}
bool solfasys2() {
//https://vndb.org/v5173
//Princess Fortissimo
auto addr=findiatcallormov((DWORD)GetGlyphOutlineA,processStartAddress,processStartAddress,processStopAddress);
ConsoleOutput("%p",addr);
if(!addr)return false;
addr=MemDbg::findEnclosingAlignedFunction(addr);
ConsoleOutput("%p",addr);
if(!addr)return false;
auto addrs=findxref_reverse_checkcallop(addr,processStartAddress,processStopAddress,0xe8);
if(addrs.size()!=2)return false;
addr=addrs[1];//仅这作是第一个,其他作都是第二个
ConsoleOutput("%p",addr);
addr=MemDbg::findEnclosingAlignedFunction(addr);
ConsoleOutput("%p",addr);
if(!addr)return false;
HookParam hp;
hp.address=addr;
hp.type=CODEC_ANSI_BE|USING_CHAR;
hp.offset=get_stack(1);
return NewHook(hp,"solfasys");
}
bool solfasys::attach_function() {
return solfasys1()||solfasys2();
2024-04-24 15:45:46 +08:00
}