2024-10-03 14:53:59 +08:00
|
|
|
#include "KiriKiri.h"
|
2024-02-07 20:59:24 +08:00
|
|
|
bool InsertKiriKiriZHook()
|
2024-10-03 14:53:59 +08:00
|
|
|
{
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Sample games:
|
|
|
|
* RJ351843
|
|
|
|
*/
|
|
|
|
const BYTE bytes[] = {
|
|
|
|
0xCC, // int 3
|
|
|
|
0x4C, 0x89, 0x44, 0x24, 0x18, // mov [rsp+18],r8 <- hook here
|
|
|
|
0x48, 0x89, 0x54, 0x24, 0x10, // mov [rsp+10],rdx
|
|
|
|
0x53, // push rbx
|
|
|
|
0x56, // push rsi
|
|
|
|
0x57, // push rdi
|
|
|
|
0x41, 0x54, // push r12
|
|
|
|
0x41, 0x55, // push r13
|
|
|
|
0x41, 0x56, // push r14
|
|
|
|
0x41, 0x57, // push r15
|
|
|
|
0x48, 0x83, 0xEC, 0x40, // sub rsp,40
|
|
|
|
0x48, 0xC7, 0x44, 0x24, 0x30, 0xFE, 0xFF, 0xFF, 0xFF // mov qword ptr [rsp+30],FFFFFFFFFFFFFFFE
|
|
|
|
};
|
2024-02-07 20:59:24 +08:00
|
|
|
|
2024-10-03 14:53:59 +08:00
|
|
|
ULONG64 range = min(processStopAddress - processStartAddress, X64_MAX_REL_ADDR);
|
|
|
|
for (auto addr : Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE, processStartAddress, processStartAddress + range))
|
|
|
|
{
|
|
|
|
HookParam hp;
|
|
|
|
hp.address = addr + 1;
|
|
|
|
hp.offset = get_reg(regs::rcx);
|
|
|
|
hp.index = 0x18;
|
|
|
|
hp.type = CODEC_UTF16 | DATA_INDIRECT;
|
|
|
|
return NewHook(hp, "KiriKiriZ");
|
2024-02-07 20:59:24 +08:00
|
|
|
}
|
2024-10-03 14:53:59 +08:00
|
|
|
return false;
|
|
|
|
}
|
2024-02-07 20:59:24 +08:00
|
|
|
bool Insertkrkrz64Hook()
|
|
|
|
{
|
2024-10-03 14:53:59 +08:00
|
|
|
const BYTE BYTES[] = {
|
|
|
|
0x41, 0x0F, 0xB7, 0x44, 0x24, 0x04,
|
|
|
|
0x89, 0x43, 0x20,
|
|
|
|
0x41, 0x0F, 0xB7, 0x44, 0x24, 0x06,
|
|
|
|
0x89, 0x43, 0x24,
|
|
|
|
0x41, 0x0F, 0xBF, 0x44, 0x24, 0x0C,
|
|
|
|
0x89, 0x43, 0x14};
|
|
|
|
auto addrs = Util::SearchMemory(BYTES, sizeof(BYTES), PAGE_EXECUTE_READ, processStartAddress, processStopAddress);
|
|
|
|
ConsoleOutput("%p %p", processStartAddress, processStopAddress);
|
|
|
|
for (auto addr : addrs)
|
|
|
|
{
|
|
|
|
ConsoleOutput("krkrz64 %p", addr);
|
|
|
|
const BYTE funcstart[] = {0xcc, 0xcc, 0xcc, 0xcc};
|
|
|
|
addr = reverseFindBytes(funcstart, sizeof(funcstart), addr - 0x1000, addr);
|
|
|
|
if (addr == 0)
|
|
|
|
continue;
|
|
|
|
addr += 4;
|
|
|
|
HookParam hp;
|
|
|
|
hp.address = addr;
|
|
|
|
hp.type = CODEC_UTF16 | DATA_INDIRECT;
|
|
|
|
hp.offset = get_reg(regs::rcx);
|
|
|
|
hp.index = 0x18;
|
|
|
|
ConsoleOutput("krkrz64 %p %x", addr);
|
|
|
|
return NewHook(hp, "krkrz64");
|
|
|
|
}
|
2024-02-07 20:59:24 +08:00
|
|
|
|
2024-10-03 14:53:59 +08:00
|
|
|
ConsoleOutput("krkrz64 failed");
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
bool KiriKiri::attach_function()
|
|
|
|
{
|
|
|
|
return Insertkrkrz64Hook() || InsertKiriKiriZHook();
|
2024-02-07 20:59:24 +08:00
|
|
|
}
|