mirror of
https://github.com/HIllya51/LunaHook.git
synced 2025-01-15 06:13:56 +08:00
45 lines
1.8 KiB
C++
45 lines
1.8 KiB
C++
|
#include"Circus1.h"
|
||
|
/********************************************************************************************
|
||
|
CIRCUS hook:
|
||
|
Game folder contains advdata folder. Used by CIRCUS games.
|
||
|
Usually has font caching issues. But trace back from GetGlyphOutline gives a hook
|
||
|
which generate repetition.
|
||
|
If we study circus engine follow Freaka's video, we can easily discover that
|
||
|
in the game main module there is a static buffer, which is filled by new text before
|
||
|
it's drawing to screen. By setting a hardware breakpoint there we can locate the
|
||
|
function filling the buffer. But we don't have to set hardware breakpoint to search
|
||
|
the hook address if we know some characteristic instruction(cmp al,0x24) around there.
|
||
|
********************************************************************************************/
|
||
|
bool InsertCircusHook1() // jichi 10/2/2013: Change return type to bool
|
||
|
{
|
||
|
for (DWORD i = processStartAddress + 0x1000; i < processStopAddress - 4; i++)
|
||
|
if (*(WORD *)i == 0xa3c) //cmp al, 0xA; je
|
||
|
for (DWORD j = i; j < i + 0x100; j++) {
|
||
|
BYTE c = *(BYTE *)j;
|
||
|
if (c == 0xc3)
|
||
|
break;
|
||
|
if (c == 0xe8) {
|
||
|
DWORD k = *(DWORD *)(j+1)+j+5;
|
||
|
if (k > processStartAddress && k < processStopAddress) {
|
||
|
HookParam hp;
|
||
|
hp.address = k;
|
||
|
hp.offset=get_stack(3);
|
||
|
hp.split =get_reg(regs::esp);
|
||
|
hp.type = DATA_INDIRECT|USING_SPLIT;
|
||
|
ConsoleOutput("INSERT CIRCUS#1");
|
||
|
|
||
|
//RegisterEngineType(ENGINE_CIRCUS);
|
||
|
return NewHook(hp, "Circus1");
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
//break;
|
||
|
//ConsoleOutput("Unknown CIRCUS engine");
|
||
|
ConsoleOutput("CIRCUS1: failed");
|
||
|
return false;
|
||
|
}
|
||
|
|
||
|
bool Circus1::attach_function() {
|
||
|
|
||
|
return InsertCircusHook1();
|
||
|
}
|