Update Cotopha.cpp

This commit is contained in:
恍兮惚兮 2024-03-11 15:12:32 +08:00
parent e9eb1193ba
commit 2e711d9dc6

View File

@ -648,18 +648,80 @@ bool InsertCotophaHook3() {
HookParam myhp; HookParam myhp;
myhp.address = addr; myhp.address = addr;
myhp.type = CODEC_UTF16 | USING_STRING |EMBED_ABLE|EMBED_BEFORE_SIMPLE|EMBED_AFTER_NEW;
myhp.type = CODEC_UTF16 | USING_STRING | NO_CONTEXT;
myhp.offset=get_reg(regs::eax); myhp.offset=get_reg(regs::eax);
char nameForUser[HOOK_NAME_SIZE] = "Cotopha3_EWideString";
return NewHook(myhp, nameForUser); return NewHook(myhp, "Cotopha3_EWideString");
}
bool InsertCotophaHook4()
{
/*
* https://vndb.org/v32624
*/
const BYTE bytes[] = {
0xCC, // int 3
0x55, // push ebp << hook here
0x8B, 0xEC, // mov ebp,esp
0x51, // push ecx
0x53, // push ebx
0x56, // push esi
0x57, // push edi
0x8B, 0x7D, 0x08, // mov edi,[ebp+08]
0x33, 0xF6, // xor esi,esi
0x8B, 0xD9, // mov ebx,ecx
0x85, 0xFF, // test edi,edi
0x74, 0x0D // je ststeady2.glsGetEnabledProcessorType+643F
};
ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR);
ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range);
if (!addr) {
ConsoleOutput("vnreng:Cotopha4: pattern not found");
return false;
}
HookParam hp = {};
hp.address = addr + 1;
hp.offset = get_stack(1);
hp.type = CODEC_UTF16 | USING_STRING | NO_CONTEXT ;
hp.filter_fun = [](void* data, size_t* size, HookParam*)
{
auto text = reinterpret_cast<LPWSTR>(data);
auto len = reinterpret_cast<size_t *>(size);
if (text[0] != L'\\')
return false;
size_t lenPurged = 0;
for (size_t i = 0; i < *len/2; i++) {
if (text[i] != L'\\')
text[lenPurged++] = text[i];
else {
// start command
wchar_t cmd=text[++i];
if (cmd == 'r') { // ruby
i++; // skip ';' char
while (text[++i] != L':') {
if (text[i] == L';') // when we reach '; ' we have the kanji part
break;
text[lenPurged++] = text[i];
}
}
while (text[++i] != L':')
;
}
}
*len = lenPurged * 2;
return true;
};
NewHook(hp, "Cotopha4");
return true;
} }
bool InsertCotophaHook() bool InsertCotophaHook()
{ {
InsertCotophaHook1(); InsertCotophaHook1();
return InsertCotophaHook3() || InsertCotophaHook2(); return (InsertCotophaHook4()|InsertCotophaHook3()) || InsertCotophaHook2();
} }
bool Cotopha::attach_function() { bool Cotopha::attach_function() {