mirror of
https://github.com/HIllya51/LunaHook.git
synced 2024-11-23 13:55:36 +08:00
60 lines
1.8 KiB
C++
60 lines
1.8 KiB
C++
#include"Nekopack.h"
|
|
|
|
|
|
/**
|
|
* mireado 8/01/2016: Add NekoPack hook
|
|
*
|
|
* See: http://sakuradite.com/topic/1470
|
|
* https://arallab.hided.net/board_codetalk/2605967
|
|
*
|
|
* [Pure More] 少女アクティビティ_trial 1.01
|
|
*
|
|
* base: 0x4000000
|
|
* binary pattern :: 558BEC81C4C4FDFFFFB8
|
|
*/
|
|
|
|
bool InsertNekopackHook()
|
|
{
|
|
const BYTE bytes[] = {
|
|
0x55, // 0069637C /$ 55 PUSH EBP
|
|
0x8b,0xec, // 0069637D |. 8BEC MOV EBP,ESP
|
|
0x81,0xc4, 0xC4,0xFD,0xFF,0xFF, // 0069637F |. 81C4 C4FDFFFF ADD ESP,-23C
|
|
0xb8, XX4, // 00696385 |. B8 A8FF7900 MOV EAX,OFFSET 0079FFA8
|
|
0x53, // 0069638A |. 53 PUSH EBX
|
|
0x56, // 0069638B |. 56 PUSH ESI
|
|
0x57, // 0069638C |. 57 PUSH EDI
|
|
0x8b,0x5d, 0x08 // 0069638D |. 8B5D 08 MOV EBX,DWORD PTR SS:[ARG.1]
|
|
};
|
|
ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR);
|
|
ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range);
|
|
enum { addr_offset = 0 }; // distance to the beginning of the function, which is 0x55 (push ebp)
|
|
//GROWL(reladdr);
|
|
if (!addr) {
|
|
ConsoleOutput("NekoPack: pattern not found");
|
|
return false;
|
|
}
|
|
addr += addr_offset;
|
|
//GROWL(addr);
|
|
enum { push_ebp = 0x55 }; // beginning of the function
|
|
if (*(BYTE *)addr != push_ebp) {
|
|
ConsoleOutput("NekoPack: beginning of the function not found");
|
|
return false;
|
|
}
|
|
|
|
HookParam hp;
|
|
hp.address = addr;
|
|
hp.offset=get_stack(2);
|
|
hp.type = USING_STRING;
|
|
|
|
ConsoleOutput("INSERT NekoPack");
|
|
return NewHook(hp, "NekoPack");
|
|
|
|
// Disable GDIHook(um.. ?), which is cached and hence missing characters.
|
|
//ConsoleOutput("NekoPack: disable GDI hooks");
|
|
//
|
|
}
|
|
|
|
bool Nekopack::attach_function() {
|
|
|
|
return InsertNekopackHook();
|
|
}
|