mirror of
https://github.com/HIllya51/LunaHook.git
synced 2024-11-30 17:15:38 +08:00
80 lines
2.2 KiB
C++
80 lines
2.2 KiB
C++
|
#include"RUNE.h"
|
|||
|
|
|||
|
|
|||
|
bool RUNE1() {
|
|||
|
const BYTE bytes[] = {
|
|||
|
//Ricotte~アルペンブルの歌姫~
|
|||
|
//初恋
|
|||
|
//思春期
|
|||
|
//Fifth
|
|||
|
//unsigned __int8 *__cdecl _mbsinc(const unsigned __int8 *Ptr)
|
|||
|
0x8B,0x44,0x24,0x04,
|
|||
|
0x0F,0xB6,0x08,
|
|||
|
0x8A,0x89,XX4,
|
|||
|
0x80,0xE1,0x04,
|
|||
|
0x40,
|
|||
|
0x84,0xC9,
|
|||
|
0x74,XX
|
|||
|
};
|
|||
|
ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress);
|
|||
|
|
|||
|
if (addr == 0)return false;
|
|||
|
HookParam hp;
|
|||
|
hp.address = addr;
|
|||
|
hp.offset=get_reg(regs::eax);
|
|||
|
hp.type = CODEC_ANSI_BE;
|
|||
|
return NewHook(hp, "RUNE");
|
|||
|
}
|
|||
|
bool RUNE2(){
|
|||
|
//ANGEL CORE
|
|||
|
auto entry=Util::FindImportEntry(processStartAddress,(DWORD)GetGlyphOutlineA);
|
|||
|
if(entry==0)return false;
|
|||
|
BYTE bytes2[]={0xff,0x15,XX4};
|
|||
|
memcpy(bytes2+2,&entry,4);
|
|||
|
auto addr = MemDbg::findBytes(bytes2, sizeof(bytes2), processStartAddress, processStopAddress);
|
|||
|
if (addr == 0)return false;
|
|||
|
BYTE sig1[]={ 0x81,0xe1,0x01,0x00,0x00,0x80,XX2,0x49,0x83,0xc9,0xfe,0x41 };
|
|||
|
auto _=MemDbg::findBytes(sig1, sizeof(sig1), addr, addr+0x100);
|
|||
|
if (_ == 0)return false;
|
|||
|
addr = MemDbg::findEnclosingAlignedFunction(addr);
|
|||
|
if (addr == 0)return false;
|
|||
|
HookParam hp;
|
|||
|
hp.address = addr;
|
|||
|
hp.offset=get_stack(1);
|
|||
|
hp.type = CODEC_ANSI_BE ;
|
|||
|
return NewHook(hp, "RUNE");
|
|||
|
}
|
|||
|
bool RUNE3(){
|
|||
|
//雪のち、ふるるっ!~ところにより、恋もよう~
|
|||
|
const BYTE bytes[] = {
|
|||
|
0x6a,0x05,0x6a,0x01
|
|||
|
};
|
|||
|
for (auto addr : Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE_READWRITE))
|
|||
|
{
|
|||
|
auto start= MemDbg::findEnclosingAlignedFunction(addr);
|
|||
|
if(start==0)continue;
|
|||
|
BYTE sig1[]={ 0x6a,0x00,0x6a,0x01,0x50 };
|
|||
|
BYTE sig2[]={ 0x6a,0x34,0xe8 };
|
|||
|
BYTE sig3[]={ 0xc1,0xe2,0x10,0x0b,0xc2 };
|
|||
|
bool ok=true;
|
|||
|
for(auto p:std::vector<std::pair<BYTE*,int>>{{sig1,sizeof(sig1)},{sig2,sizeof(sig2)},{sig3,sizeof(sig3)}}){
|
|||
|
auto _=MemDbg::findBytes(p.first, p.second, start, addr);
|
|||
|
|
|||
|
if(_==0)ok=ok&false;
|
|||
|
}
|
|||
|
|
|||
|
if(ok) {
|
|||
|
HookParam hp;
|
|||
|
hp.address = start;
|
|||
|
hp.offset=get_stack(1);
|
|||
|
hp.type = CODEC_ANSI_BE;
|
|||
|
return NewHook(hp, "RUNE");
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
return false;
|
|||
|
}
|
|||
|
bool RUNE::attach_function(){
|
|||
|
return RUNE1()||RUNE2()||RUNE3();
|
|||
|
}
|