From 3d05e89edda03704bdd23546aa4cef6b38782209 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=81=8D=E5=85=AE=E6=83=9A=E5=85=AE?= <101191390+HIllya51@users.noreply.github.com> Date: Mon, 4 Mar 2024 13:30:31 +0800 Subject: [PATCH] selen --- LunaHook/engine32/Sprite.cpp | 35 +++++++++++++++++++++++++++++++++-- LunaHook/hookfinder.cc | 16 ++++++++-------- LunaHook/util/util.cc | 14 +++++++------- LunaHook/util/util.h | 4 ++-- 4 files changed, 50 insertions(+), 19 deletions(-) diff --git a/LunaHook/engine32/Sprite.cpp b/LunaHook/engine32/Sprite.cpp index f930ab4..c85cfa0 100644 --- a/LunaHook/engine32/Sprite.cpp +++ b/LunaHook/engine32/Sprite.cpp @@ -1,6 +1,6 @@ #include"Sprite.h" -bool Sprite::attach_function() { +bool Sprite_attach_function() { //恋と選挙とチョコレート auto m=GetModuleHandle(L"dirapi.dll"); auto [minAddress, maxAddress] = Util::QueryModuleLimits(m); @@ -31,4 +31,35 @@ bool Sprite::attach_function() { hp.offset=get_reg(regs::eax); hp.type = USING_STRING; return NewHook(hp, "Sprite"); -} \ No newline at end of file +} +namespace{ + bool _h1(){ + //https://vndb.org/v1714 + //[Selen]はらみこ + auto FlashAssetx32=GetModuleHandleW(L"Flash Asset.x32"); + if(FlashAssetx32==0)return false; + auto [s,e]=Util::QueryModuleLimits(FlashAssetx32); + const BYTE bytes[] = { + 0x56,0x57,0x6a,0xff, + 0xff,0x75,0x08,//ebp+8 + 0x53, + 0x68,0xe4,0x04,0x00,0x00, + 0xff,0x15,XX4//MultiByteToWideChar + }; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), s, e); + if(addr==0)return false; + HookParam hp; + hp.address = addr+sizeof(bytes);//不知道从哪jump到call MultiByteToWideChar的 + hp.offset=get_stack(5); + hp.type = USING_STRING; + hp.filter_fun=[](LPVOID data, size_t *size, HookParam *)->bool + { + static int idx=0; + return (idx++)%2; + }; + return NewHook(hp, "Selen"); + } +} +bool Sprite::attach_function() { + return Sprite_attach_function()|_h1(); +} \ No newline at end of file diff --git a/LunaHook/hookfinder.cc b/LunaHook/hookfinder.cc index 8c20867..e48e00b 100644 --- a/LunaHook/hookfinder.cc +++ b/LunaHook/hookfinder.cc @@ -165,7 +165,7 @@ void Send(char** stack, uintptr_t address) } } -std::vector GetFunctions(uintptr_t module) +std::vector GetFunctions(uintptr_t module) { if (!module) return {}; IMAGE_DOS_HEADER* dosHeader = (IMAGE_DOS_HEADER*)module; @@ -175,14 +175,14 @@ std::vector GetFunctions(uintptr_t module) DWORD exportAddress = ntHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress; if (!exportAddress) return {}; IMAGE_EXPORT_DIRECTORY* exportDirectory = (IMAGE_EXPORT_DIRECTORY*)(module + exportAddress); - std::vector functions; + std::vector functions; for (int i = 0; i < exportDirectory->NumberOfNames; ++i) //char* funcName = (char*)(module + *(DWORD*)(module + exportDirectory->AddressOfNames + i * sizeof(DWORD))); functions.push_back(module + *(DWORD*)(module + exportDirectory->AddressOfFunctions + sizeof(DWORD) * *(WORD*)(module + exportDirectory->AddressOfNameOrdinals + i * sizeof(WORD)))); return functions; } -void mergevector(std::vector &v1,std::vector &v2){ +void mergevector(std::vector &v1,std::vector &v2){ for(auto addr:v2){ auto it = std::find(v1.begin(), v1.end(), addr); if (it == v1.end()) { @@ -206,7 +206,7 @@ void SearchForHooks(SearchParam spUser) catch (std::bad_alloc) { ConsoleOutput(SearchForHooks_ERROR, sp.maxRecords /= 2); } while (!records && sp.maxRecords); - std::vector addresses; + std::vector addresses; if (*sp.boundaryModule) { auto [minaddr,maxaddr]=Util::QueryModuleLimits(GetModuleHandleW(sp.boundaryModule)); if(sp.address_method==0){ @@ -225,7 +225,7 @@ void SearchForHooks(SearchParam spUser) auto _addresses = GetFunctions((uintptr_t)GetModuleHandleW(sp.boundaryModule)); mergevector(addresses,_addresses); } - std::vector addresses1; + std::vector addresses1; if(sp.search_method==0){ for (auto& addr : addresses1 = Util::SearchMemory(sp.pattern, sp.length, PAGE_EXECUTE, sp.minAddress, sp.maxAddress)) addr += sp.offset; @@ -254,11 +254,11 @@ void SearchForHooks(SearchParam spUser) mergevector(addresses,addresses1); auto limits = Util::QueryModuleLimits(GetModuleHandleW(LUNA_HOOK_DLL)); - addresses.erase(std::remove_if(addresses.begin(), addresses.end(), [&](uint64_t addr) { return addr > limits.first && addr < limits.second; }), addresses.end()); + addresses.erase(std::remove_if(addresses.begin(), addresses.end(), [&](auto addr) { return addr > limits.first && addr < limits.second; }), addresses.end()); auto trampolines = (decltype(trampoline)*)VirtualAlloc(NULL, sizeof(trampoline) * addresses.size(), MEM_COMMIT, PAGE_READWRITE); VirtualProtect(trampolines, addresses.size() * sizeof(trampoline), PAGE_EXECUTE_READWRITE, DUMMY); - std::vectormherroridx; + std::vectormherroridx; for (int i = 0; i < addresses.size(); ++i) { void* original; @@ -319,7 +319,7 @@ void SearchForText(wchar_t* text, UINT codepage) if (strlen(utf8Text) < 4 || ((codepage!=CP_UTF8)&&(strlen(codepageText) < 4)) || wcslen(text) < 4) return ConsoleOutput(NOT_ENOUGH_TEXT); ConsoleOutput(HOOK_SEARCH_STARTING); - auto GenerateHooks = [&](std::vector addresses, HookParamType type) + auto GenerateHooks = [&](std::vector addresses, HookParamType type) { for (auto addr : addresses) { diff --git a/LunaHook/util/util.cc b/LunaHook/util/util.cc index b166a27..907a6f8 100644 --- a/LunaHook/util/util.cc +++ b/LunaHook/util/util.cc @@ -273,7 +273,7 @@ bool SearchResourceString(LPCWSTR str) return false; } -std::pair QueryModuleLimits(HMODULE module,uintptr_t addition,DWORD protect) +std::pair QueryModuleLimits(HMODULE module,uintptr_t addition,DWORD protect) { uintptr_t moduleStartAddress = (uintptr_t)module + addition; uintptr_t moduleStopAddress = moduleStartAddress; @@ -287,11 +287,11 @@ std::pair QueryModuleLimits(HMODULE module,uintptr_t additio return { moduleStartAddress, moduleStopAddress }; } -std::vector SearchMemory(const void* bytes, short length, DWORD protect, uintptr_t minAddr, uintptr_t maxAddr) +std::vector SearchMemory(const void* bytes, short length, DWORD protect, uintptr_t minAddr, uintptr_t maxAddr) { SYSTEM_INFO systemInfo; GetNativeSystemInfo(&systemInfo); - std::vector> validMemory; + std::vector> validMemory; for (BYTE* probe = NULL; probe < systemInfo.lpMaximumApplicationAddress;) { MEMORY_BASIC_INFORMATION info = {}; @@ -302,15 +302,15 @@ std::vector SearchMemory(const void* bytes, short length, DWORD protec } else { - if ((uint64_t)info.BaseAddress + info.RegionSize >= minAddr && info.Protect >= protect && !(info.Protect & PAGE_GUARD)) - validMemory.push_back({ (uint64_t)info.BaseAddress, info.RegionSize }); + if ((uintptr_t)info.BaseAddress + info.RegionSize >= minAddr && info.Protect >= protect && !(info.Protect & PAGE_GUARD)) + validMemory.push_back({ (uintptr_t)info.BaseAddress, info.RegionSize }); probe += info.RegionSize; } } - std::vector ret; + std::vector ret; for (auto memory : validMemory) - for (uint64_t addr = max(memory.first, minAddr); true;) + for (uintptr_t addr = max(memory.first, minAddr); true;) if (addr < maxAddr && (addr = SafeSearchMemory(addr, memory.first + memory.second, (const BYTE*)bytes, length))) ret.push_back(addr++); else break; diff --git a/LunaHook/util/util.h b/LunaHook/util/util.h index 75dd91b..c3d3754 100644 --- a/LunaHook/util/util.h +++ b/LunaHook/util/util.h @@ -38,8 +38,8 @@ bool CheckFile(LPCWSTR name); bool SearchResourceString(LPCWSTR str); -std::pair QueryModuleLimits(HMODULE module,uintptr_t addition=0x1000,DWORD protect=PAGE_EXECUTE); -std::vector SearchMemory(const void* bytes, short length, DWORD protect = PAGE_EXECUTE, uintptr_t minAddr = 0, uintptr_t maxAddr = -1ULL); +std::pair QueryModuleLimits(HMODULE module,uintptr_t addition=0x1000,DWORD protect=PAGE_EXECUTE); +std::vector SearchMemory(const void* bytes, short length, DWORD protect = PAGE_EXECUTE, uintptr_t minAddr = 0, uintptr_t maxAddr = -1ULL); uintptr_t FindFunction(const char* function); } // namespace Util