mirror of
https://github.com/HIllya51/LunaHook.git
synced 2024-12-05 03:25:37 +08:00
101 lines
2.7 KiB
C++
101 lines
2.7 KiB
C++
#include"Nitroplus.h"
|
|
|
|
|
|
bool InsertNitroplusHook()
|
|
{
|
|
const BYTE bytes[] = {0xb0, 0x74, 0x53};
|
|
DWORD addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress);
|
|
if (!addr) {
|
|
ConsoleOutput("Nitroplus: pattern not exist");
|
|
return false;
|
|
}
|
|
enum : WORD { sub_esp = 0xec83 }; // caller pattern: sub esp = 0x83,0xec
|
|
BYTE b = *(BYTE *)(addr + 3) & 3;
|
|
while (*(WORD *)addr != sub_esp)
|
|
addr--;
|
|
HookParam hp;
|
|
hp.address = addr;
|
|
hp.offset = -0x14+ (b << 2);
|
|
hp.type = CODEC_ANSI_BE;
|
|
ConsoleOutput("INSERT Nitroplus");
|
|
return NewHook(hp, "Nitroplus");
|
|
//RegisterEngineType(ENGINE_Nitroplus);
|
|
}
|
|
bool InsertNitroplus2Hook() {
|
|
|
|
/*
|
|
* Sample games:
|
|
* https://vndb.org/v428
|
|
*/
|
|
BYTE bytes[] = {
|
|
0x8D, 0xB4, 0x29, XX4, // lea esi,[ecx+ebp+0000415C]
|
|
0x74, 0x20, // je Django.exe+6126E
|
|
0x8D, 0xBC, 0xBD, XX4, // lea edi,[ebp+edi*4+0006410C]
|
|
0x8B, 0x56, 0xB0, // mov edx,[esi-50]
|
|
0xE8, XX4 // call Django.exe+51150 << hook here
|
|
};
|
|
enum { addr_offset = sizeof(bytes) - 5 };
|
|
ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress);
|
|
if (!addr) {
|
|
ConsoleOutput("Nitroplus2: pattern not found");
|
|
return false;
|
|
}
|
|
HookParam hp;
|
|
hp.address = addr + addr_offset;
|
|
hp.offset=get_reg(regs::edx);
|
|
hp.type = CODEC_ANSI_BE;
|
|
return NewHook(hp, "Nitroplus2");
|
|
}
|
|
bool Nitroplus::attach_function() {
|
|
|
|
return InsertNitroplusHook()||InsertNitroplus2Hook();
|
|
}
|
|
|
|
bool NitroplusSysFilter(LPVOID data, size_t *size, HookParam *)
|
|
{
|
|
auto text = reinterpret_cast<LPSTR>(data);
|
|
auto len = reinterpret_cast<size_t *>(size);
|
|
|
|
if (*len <= 2) return false;
|
|
|
|
StringFilter(text, len, "\x81@", 2);
|
|
CharReplacer(text, len, '\r', ' ');
|
|
if (cpp_strnstr(text, "<", *len)) {
|
|
StringFilterBetween(text, len, "<", 1, ">", 1);
|
|
}
|
|
while (*len>1 && ::isspace(*text)) {
|
|
::memmove(text, text+1, --(*len));
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
bool InsertNitroplusSysHook() {
|
|
|
|
/*
|
|
* Sample games:
|
|
* https://vndb.org/r76679
|
|
*/
|
|
const BYTE bytes[] = {
|
|
0x0F, 0x84, XX4, // je system.dll+5B8CA <- hook here
|
|
0xEB, 0x04, // jmp system.dll+5A791
|
|
0x8B, 0x44, 0x24, 0x20, // mov eax,[esp+20]
|
|
0x8B, 0x4C, 0x24, 0x24 // mov ecx,[esp+24]
|
|
};
|
|
|
|
HMODULE module = GetModuleHandleW(L"system.dll");
|
|
auto [minAddress, maxAddress] = Util::QueryModuleLimits(module);
|
|
ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), minAddress, maxAddress);
|
|
if (!addr)
|
|
return false;
|
|
|
|
HookParam hp;
|
|
hp.address = addr;
|
|
hp.offset=get_reg(regs::eax);
|
|
hp.type = USING_STRING;
|
|
hp.filter_fun = NitroplusSysFilter;
|
|
return NewHook(hp, "NitroplusSystem");
|
|
}
|
|
bool Nitroplusplus::attach_function(){
|
|
return InsertNitroplusSysHook();
|
|
} |