73 lines
2.2 KiB
C++
Raw Normal View History

2024-02-07 20:59:24 +08:00
#include"IG.h"
bool InsertIG64Hook() {
//<2F><><EFBFBD>륿<EFBFBD><EBA5BF><EFBFBD><EFBFBD> FHD.exe
//char __fastcall sub_14004D820(_QWORD *a1, __int16 *a2, size_t a3)
const BYTE BYTES[] = {
0x48,0x8b,0x43,0x08,
0x33,0xc9,
0x66,0x89,0x08
};
auto addrs = Util::SearchMemory(BYTES, sizeof(BYTES), PAGE_EXECUTE, processStartAddress, processStopAddress);
auto suc=false;
for (auto addr : addrs) {
ConsoleOutput("IG64 %p", addr);
const BYTE aligned [] = {0xCC,0xCC};
addr = reverseFindBytes(aligned, sizeof(aligned), addr-0x1000, addr);
if (addr == 0)continue;
addr += 2;
ConsoleOutput("IG64 %p", addr);
HookParam hp;
hp.address = addr;
hp.type = CODEC_UTF16 | USING_STRING;
hp.offset=get_reg(regs::rdx);//rdx
suc|=NewHook(hp, "IG64");
}
return suc;
}
bool IG64filter(void* data, size_t* size, HookParam*) {
auto text = reinterpret_cast<LPWSTR>(data);
std::wstring str =std::wstring(text,*size / 2);
std::wregex reg1(L"\\$\\[(.*?)\\$/(.*?)\\$\\]");
std::wstring result1 = std::regex_replace(str, reg1, L"$1");
std::wregex reg2(L"@[^@]*@");
std::wstring result2 = std::regex_replace(result1, reg2, L"");
*size = (result2.size()) * 2;
wcscpy(text, result2.c_str());
return true;
};
bool InsertIG64Hook2() {
//hook1 <20><>ע<EFBFBD>͵<EFBFBD>ʱ<EFBFBD><CAB1><EFBFBD>Ͽ<EFBFBD><CFBF><EFBFBD><EFBFBD><EFBFBD><EFBFBD>hook<6F><6B><EFBFBD><EFBFBD>Ͽ<EFBFBD><CFBF><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ǻᱣ<C7BB><E1B1A3>һЩ@[]֮<><D6AE>Ľű<C4BD><C5B1><EFBFBD><EFBFBD>š<EFBFBD>
//<2F><><EFBFBD>륿<EFBFBD><EBA5BF><EFBFBD><EFBFBD> FHD.exe
const BYTE BYTES[] = {
0xBA,0x3F,0xFF,0x00,0x00,
XX,0x8B,XX,
0xE8,XX2,0x00,0x00
};
bool ok=false;
auto addrs = Util::SearchMemory(BYTES, sizeof(BYTES), PAGE_EXECUTE, processStartAddress, processStopAddress);
for (auto addr : addrs) {
ConsoleOutput("IG642 %p", addr);
const BYTE aligned[] = { 0xCC,0xCC };
addr = reverseFindBytes(aligned, sizeof(aligned), addr - 0x10000, addr);
if (addr == 0)continue;
addr += 2;
ConsoleOutput("IG642 %p", addr);
HookParam hp;
hp.address = addr;
hp.type = CODEC_UTF16 | USING_STRING;
hp.filter_fun = IG64filter;
hp.offset=get_reg(regs::rdx);//rdx
ok|=NewHook(hp, "IG642");
}
return ok;
}
bool IG::attach_function() {
return InsertIG64Hook2();
}